diff -Nru sudo-1.9.5p2/ChangeLog sudo-1.9.9/ChangeLog --- sudo-1.9.5p2/ChangeLog 2021-01-23 15:46:58.000000000 +0000 +++ sudo-1.9.9/ChangeLog 2022-01-27 21:26:57.000000000 +0000 @@ -1,8 +1,5807 @@ +2022-01-27 Todd C. Miller + + * .hgtags: + Added tag SUDO_1_9_9 for changeset 296f4f986a7a + [cba838829505] [tip] <1.9> + + * NEWS, config.h.in, configure, configure.ac, include/sudo_compat.h, + logsrvd/tls_init.c, plugins/sudoers/regress/fuzz/fuzz_policy.c: + Merge sudo 1.9.9 from tip. + [296f4f986a7a] [SUDO_1_9_9] <1.9> + + * docs/sudoers.ldap.man.in, docs/sudoers.ldap.mdoc.in: + "plain text" -> "plaintext" for consistency. + [6cbefac27286] + +2022-01-25 Todd C. Miller + + * po/ro.mo, po/ro.po: + Updated translations from translationproject.org + [c264de490846] + + * INSTALL.configure: + Sync with autoconf git. + [efd6e2df1b4f] + + * scripts/mkdep.pl: + Fix potential infinite loop when trying to format long lines. + [e17a3b7b657b] + +2022-01-20 Todd C. Miller + + * docs/sudo.man.in, docs/sudo.mdoc.in: + Document how commands are passed to the shell for the -i and -s + options. The concatenation of command and arguments and escaping of + special characters was not documented. Text adapted from GitHub + issue #121 from Kris Rinzwind + [852f803234af] + + * docs/TROUBLESHOOTING.md: + Also mention no_new_privs error in the troubleshooting guide. + [70cc0679098f] + + * INSTALL.md, docs/TROUBLESHOOTING.md, docs/sudo.conf.man.in, + docs/sudo.conf.mdoc.in, docs/sudo.man.in, docs/sudo.mdoc.in, + docs/sudo_plugin.man.in, docs/sudo_plugin.mdoc.in, + docs/sudo_plugin_python.man.in, docs/sudo_plugin_python.mdoc.in, + docs/sudoers.ldap.man.in, docs/sudoers.ldap.mdoc.in, + docs/sudoers.man.in, docs/sudoers.mdoc.in, docs/visudo.man.in, + docs/visudo.mdoc.in: + Replace uid and gid with user-ID and group-ID in more places. + [2b6bc95509fd] + +2022-01-19 Todd C. Miller + + * INSTALL.md: + PAM is enabled on NetBSD by default too. + [3bc31511f687] + + * INSTALL.md, README.LDAP.md, docs/HISTORY.md, + docs/TROUBLESHOOTING.md, docs/UPGRADE.md: + Use the Oxford comma consistently, it is helpful in technical + documents. + [3df4b26d035e] + + * docs/sudo.man.in, docs/sudo.mdoc.in: + Document the error message when no_new_privs is set. + [492a154dec10] + + * docs/sudoers.ldap.man.in, docs/sudoers.ldap.mdoc.in: + Sudo now recovers from sudoers syntax errors. + [77d457c4e722] + + * docs/cvtsudoers.man.in, docs/cvtsudoers.mdoc.in, + docs/sudo.conf.man.in, docs/sudo.conf.mdoc.in, docs/sudo.man.in, + docs/sudo.mdoc.in, docs/sudo_logsrv.proto.man.in, + docs/sudo_logsrv.proto.mdoc.in, docs/sudo_logsrvd.conf.man.in, + docs/sudo_logsrvd.conf.mdoc.in, docs/sudo_plugin.man.in, + docs/sudo_plugin.mdoc.in, docs/sudo_plugin_python.man.in, + docs/sudo_plugin_python.mdoc.in, docs/sudoers.ldap.man.in, + docs/sudoers.ldap.mdoc.in, docs/sudoers.man.in, + docs/sudoers.mdoc.in, docs/sudoreplay.man.in, + docs/sudoreplay.mdoc.in, docs/visudo.man.in, docs/visudo.mdoc.in, + examples/sudo.conf.in, examples/sudo_logsrvd.conf: + Use the Oxford comma consistently, it is helpful in technical + documents. + [e8d29c772963] + + * INSTALL.md: + Mention docker configuration. + [8312350518cb] + + * plugins/sudoers/ldap_util.c: + Quiet a cppcheck false positive. + [023468af3269] + + * docs/CONTRIBUTING.md: + Mention https://www.sudo.ws/security/fuzzing/ in the fuzzing + section. + [87767f7b89ad] + + * plugins/sudoers/sssd.c: + Fix logic inversion when setting negated flag. + [3e4051bc9f30] + + * src/sudo.c: + Quiet a PVS-Studio format string warning. + [77e953f3c46f] + +2022-01-18 Todd C. Miller + + * plugins/sudoers/po/sudoers.pot, po/sudo.pot: + Regen .pot files. + [b999972bc90d] + + * NEWS: + Bug #1016, #1017 and negated sudoUser in LDAP. + [4ec54e728437] + + * plugins/sudoers/defaults.c: + Don't set/run early Defaults if a custom defaults_list is specified. + Defaults settings passed in by the front end are already "early" so + there is no need to treat any of them as special. + + Otherwise, we end up running the early defaults callbacks before + sudoers has been parsed. This means that, for instance, it is not + possible to disable the fqdn flag before its callback is run if sudo + is build with the --with-fqdn option. Bug #1016. + [8c6eaa503793] + + * plugins/sudoers/defaults.c, plugins/sudoers/defaults.h: + Mark is_early_default(), run_early_defaults(), set_early_default() + static. They are not used outside of defaults.c. + [1045e8c7a92e] + + * plugins/sudoers/sssd.c: + Add support in SSSD for negated users. + [bca3d02cdd8b] + + * docs/sudoers.ldap.man.in, docs/sudoers.ldap.mdoc.in, + plugins/sudoers/ldap.c: + Add support in the LDAP filter for negated users. Based on a diff + from Simon Lees + [e1d48d44229e] + +2022-01-12 Todd C. Miller + + * lib/util/mkdir_parents.c: + Use PATH_MAX, not NAME_MAX+1 for the directory entry length. On some + systems, such as Solaris, the max length of a directory entry is + filesystem-dependent. We could use fpathconf() and dynamically + allocate the name but it is simpler to just use PATH_MAX here. + [d1a097783717] + + * plugins/python/python_plugin_common.c: + Only emulate Py_FinalizeEx for Python 3.[0-5]. + [b314942c0f2f] + + * lib/util/getcwd.c, lib/util/mkdir_parents.c: + Use POSIX NAME_MAX, not the obsolete MAXNAMLEN define. Fixes + compilation with musl libc. + [a1609b2d968f] + +2022-01-11 Todd C. Miller + + * src/limits.c: + When applying fallback limits, make sure we don't reduce rlim_max. + Fixes a problem where sudo could reduce the max stack size on some + systems if the original limit was higher than the fallback limit, + but not unlimited/infinity. + [1fef77204f17] + + * src/limits.c: + Don't modify the stack limit if it is >= SUDO_STACK_MIN. + [b9e473780083] + + * plugins/sudoers/Makefile.in: + The pre-install target requires visudo, add an explicit dependency. + [b5b073d2fc9b] + +2022-01-09 Todd C. Miller + + * src/sudo.c: + If sudo is not set-user-ID root, check for the no_new_privs flag on + Linux. This flag disables set-user-ID at execve(2) time and may be + set by default for some containers. GitHub issue #129. + [462249058274] + +2022-01-08 Todd C. Miller + + * docs/sudoers.man.in, docs/sudoers.mdoc.in, + plugins/sudoers/auth/pam.c, plugins/sudoers/def_data.c, + plugins/sudoers/def_data.h, plugins/sudoers/def_data.in, + plugins/sudoers/policy.c, plugins/sudoers/sudoers.h, + src/parse_args.c: + Add pam_askpass_service sudoers setting for "sudo -A". This makes it + possible to use a different PAM configuration for when "sudo -A" is + used. The main use case is to only use PAM modules that can interact + with the askpass program. GitHub issue #112. + [5f59bc3f9d81] + +2022-01-07 Todd C. Miller + + * lib/iolog/iolog_loginfo.c: + Improve debugging info when fdopen() fails. + [0d9711d8564a] + +2022-01-06 Todd C. Miller + + * plugins/sudoers/sssd.c: + sss_sudo_free_values() checks for NULL, no need to do it manually. + [ccf012907a01] + + * plugins/sudoers/getdate.c, plugins/sudoers/getdate.y: + Quiet a clang analyzer false positive. + [90b6791616b0] + +2022-01-05 Todd C. Miller + + * plugins/sudoers/getdate.c, plugins/sudoers/getdate.y: + Quiet a clang analyzer false positive. + [3c66e9be5f24] + + * plugins/sudoers/auth/sudo_auth.c: + Fix return value for non-interactive mode for non-standalone auth + methods. AUTH_NONINTERACTIVE was being stored in the wrong variable. + [199a180e7fab] + + * plugins/sudoers/po/fi.mo, plugins/sudoers/po/fi.po, + plugins/sudoers/po/ja.mo, plugins/sudoers/po/ja.po, + plugins/sudoers/po/ko.mo, plugins/sudoers/po/ko.po, po/fi.mo, + po/fi.po, po/ko.mo, po/ko.po, po/tr.mo, po/tr.po: + Updated translations from translationproject.org + [032877650fe6] + + * plugins/sudoers/cvtsudoers_merge.c: + defaults_var_matches() should return bool, not enum match_result. + Remove enum match_result as it is no longer used. + [6559769ddcd1] + + * plugins/sudoers/audit.c, plugins/sudoers/auth/sudo_auth.c: + Quiet two PVS-studio warnings. + [3a7c89cff3d6] + + * plugins/sudoers/auth/pam.c: + Remove PAM_TTY workaround for old, buggy PAM modules. In the past, + some PAM modules assumed that PAM_TTY was set and would misbehave + (or crash) if not. This was primarily obsolete versions of Linux- + PAM, so it should now be safe to remove this. Setting PAM_TTY to an + empty string can cause its own set of issues. GitHub issue #74 + [491cb67ea43b] + +2022-01-04 Todd C. Miller + + * NEWS: + Mention fix for Bug #956 and GitHub issue #83. + [8692b9985381] + + * plugins/sudoers/auth/API, plugins/sudoers/auth/afs.c, + plugins/sudoers/auth/aix_auth.c, plugins/sudoers/auth/bsdauth.c, + plugins/sudoers/auth/dce.c, plugins/sudoers/auth/fwtk.c, + plugins/sudoers/auth/pam.c, plugins/sudoers/auth/securid5.c, + plugins/sudoers/auth/sia.c, plugins/sudoers/auth/sudo_auth.c, + plugins/sudoers/auth/sudo_auth.h, plugins/sudoers/check.c, + plugins/sudoers/logging.c, plugins/sudoers/sudoers.h: + Push non-interactive mode checking down into the auth methods. For + "sudo -n" we only want to reject a command if user input is actually + required. In the case of PAM at least, we may not need to interact + with the user. Bug #956, GitHub issue #83 + [bc9653ffe82f] + +2022-01-03 Todd C. Miller + + * plugins/sudoers/cvtsudoers_merge.c, + plugins/sudoers/regress/cvtsudoers/sudoers1, + plugins/sudoers/regress/cvtsudoers/sudoers2, + plugins/sudoers/regress/cvtsudoers/sudoers3, + plugins/sudoers/regress/cvtsudoers/test34.out.ok, + plugins/sudoers/regress/cvtsudoers/test35.out.ok, + plugins/sudoers/regress/cvtsudoers/test36.out.ok: + userspec_overridden: fix checks when there is more than one userspec + [199996d29f50] + + * MANIFEST, plugins/sudoers/cvtsudoers_merge.c, + plugins/sudoers/regress/cvtsudoers/test35.out.ok, + plugins/sudoers/regress/cvtsudoers/test36.out.ok, + plugins/sudoers/regress/cvtsudoers/test36.sh: + Fix merging of global/ALL entries when each input file has a host. + If a host is specified for the input file, cvtsudoers will bind + global Defaults to that host and change host "ALL" in a userspec to + the host name. However, if all the input files have matching hosts + we can simplify the merged file by converting back to ALL after + resolving conflicts. + [bfdb2edfca71] + + * LICENSE.md: + Welcome to 2022. + [039e8c0efd7e] + + * docs/Makefile.in: + LICENSE.md moved to the top-level src dir. + [b1c2687eef9d] + +2021-12-22 Todd C. Miller + + * Merge pull request #127 from Tyler887/main + + Typo + [c4780c2a3056] + +2021-12-22 Tyler887 + + * INSTALL.md: + Typo + [b650bec9f275] + +2021-12-22 Todd C. Miller + + * NEWS, docs/UPGRADE.md, plugins/sudoers/policy.c, src/selinux.c, + src/sudo.c: + Back out changes to enable SELinux by default. This may return in a + future release in a different form. + [73e46fbe5c27] + + * LICENSE.md, MANIFEST, README.md, docs/LICENSE.md: + Move LICENSE.md out of docs and back to the top-level. GitHub + expects it to be in the top-level directory. + [3c62dd396aff] + +2021-12-20 Todd C. Miller + + * MANIFEST, plugins/sudoers/cvtsudoers_merge.c, + plugins/sudoers/regress/cvtsudoers/test35.out.ok, + plugins/sudoers/regress/cvtsudoers/test35.sh: + cvtsudoers: fix a regression when merging matching Defaults. If a + host is specified with a sudoers file, we have to treat Defaults as + Defaults@host checking for duplicates. + [9db413953938] + +2021-12-18 Todd C. Miller + + * plugins/sudoers/gram.c, plugins/sudoers/gram.y: + add_defaults: add defs == NULL check to quiet coverity false + positive + [a534eee04069] + +2021-12-17 Todd C. Miller + + * plugins/sudoers/cvtsudoers_merge.c, + plugins/sudoers/regress/cvtsudoers/test34.out.ok, + plugins/sudoers/regress/cvtsudoers/test34.sh: + When merging Defaults, allow a subsequent global Defaults (no + binding) to override a prior Defaults setting with a binding. + [0be52fa6d4d8] + + * plugins/sudoers/gram.c, plugins/sudoers/gram.y: + add_defaults: defs can never be NULL + [9ba97823b757] + + * plugins/sudoers/cvtsudoers_merge.c: + Plug memory leak when making a default host-specific. We don't need + to allocate new space for the binding list, just the members of the + list. + [5667d09136f2] + +2021-12-16 Todd C. Miller + + * MANIFEST, examples/Makefile.in, examples/cvtsudoers.conf: + Add an example cvtsudoers.conf file. + [aa738148e712] + + * docs/cvtsudoers.man.in, docs/cvtsudoers.mdoc.in, + plugins/sudoers/cvtsudoers.c, plugins/sudoers/cvtsudoers.h: + Add group_file, match_local, and passwd_file to cvtsudoers.conf. + Previously, these were only settable via command line options. + [a7a8b0af3c42] + +2021-12-12 Todd C. Miller + + * docs/TROUBLESHOOTING.md: + Remove question about running Solaris 11 binaries on Solaris 10. + Current versions of sudo use many APIs that are not present on + Solaris 10. If you want a sudo Solaris 10 binary, build it on + Solaris 10, not 11. + [0346a46cf595] + + * MANIFEST, plugins/sudoers/regress/cvtsudoers/test34.out.ok, + plugins/sudoers/regress/cvtsudoers/test34.sh: + Add simple test for cvtsudoers merge functionality. + [fda86b17249a] + + * plugins/sudoers/po/cs.mo, plugins/sudoers/po/cs.po, + plugins/sudoers/po/de.mo, plugins/sudoers/po/de.po, + plugins/sudoers/po/eo.mo, plugins/sudoers/po/eo.po, + plugins/sudoers/po/fr.mo, plugins/sudoers/po/fr.po, + plugins/sudoers/po/hr.mo, plugins/sudoers/po/hr.po, + plugins/sudoers/po/pl.mo, plugins/sudoers/po/pl.po, + plugins/sudoers/po/sr.mo, plugins/sudoers/po/sr.po, + plugins/sudoers/po/uk.mo, plugins/sudoers/po/uk.po, + plugins/sudoers/po/zh_CN.mo, plugins/sudoers/po/zh_CN.po, + plugins/sudoers/po/zh_TW.mo, plugins/sudoers/po/zh_TW.po, po/cs.mo, + po/cs.po, po/de.mo, po/de.po, po/eo.mo, po/eo.po, po/fr.mo, + po/fr.po, po/hr.mo, po/hr.po, po/ja.mo, po/ja.po, po/pl.mo, + po/pl.po, po/sr.mo, po/sr.po, po/uk.mo, po/uk.po, po/zh_CN.mo, + po/zh_CN.po, po/zh_TW.mo, po/zh_TW.po: + Updated translations from translationproject.org + [edfdaac9b1e7] + + * MANIFEST, plugins/sudoers/po/es.mo, plugins/sudoers/po/es.po: + Add sudoers Spanish translation from translationproject.org + [502d45c0af5f] + +2021-12-11 Todd C. Miller + + * NEWS: + Bugs #1013 and #1014 + [1a7b533c5829] + + * lib/util/mkdir_parents.c: + sudo_mkdir_parents: make sure the path we created is a directory For + extra paranoia, verify that the directory we created is still a + directory before we fchown() it. + [75c23aaa9fca] + + * docs/sudo.man.in, docs/sudo.mdoc.in: + In SECURITY NOTES, clarify that PATH may be overridden by the + policy. Bug #1014 + [4f7035d6b921] + + * MANIFEST, config.h.in, configure, configure.ac, + include/sudo_compat.h, include/sudo_util.h, lib/util/Makefile.in, + lib/util/mkdir_parents.c, lib/util/mkdirat.c, logsrvd/logsrvd.c, + plugins/sudoers/timestamp.c, scripts/mkdep.pl: + Avoid TOCTOU in sudo_mkdir_parents() using openat(2) and mkdirat(2). + This also allows us to make path const as it should be. + [46db77e4afb8] + + * plugins/sudoers/ldap_conf.c, plugins/sudoers/sudo_ldap_conf.h: + Sudo parsed "deref" and "tls_reqcert" in ldap.conf but didn't set + the options. The switch() in the sudo_ldap_set_options_table() + function needed to be updated to treat CONF_DEREF_VAL and + CONF_REQCERT_VAL data types as int. Fix from Dennis Filder. Bug + #1013. + [5f5bdf9010d7] + +2021-12-10 Todd C. Miller + + * docs/SECURITY.md: + Minor formatting tweak so we can import into the sudo web site. + [220c647b6635] + + * plugins/sudoers/defaults.c, plugins/sudoers/pwutil_impl.c: + Fix CodeQL "Multiplication result converted to larger type" + warnings. + [a17db0b94018] + +2021-12-09 Todd C. Miller + + * docs/SECURITY.md: + Surround email addresses with angle brackets, not square backets. + [b9514c0165f2] + +2021-12-08 Todd C. Miller + + * plugins/sudoers/po/fi.mo, plugins/sudoers/po/fi.po, + plugins/sudoers/po/ja.mo, plugins/sudoers/po/ja.po, + plugins/sudoers/po/sr.mo, plugins/sudoers/po/sr.po, po/fa.mo, + po/fa.po, po/fi.mo, po/fi.po, po/ja.mo, po/ja.po, po/sr.mo, + po/sr.po, po/zh_CN.mo, po/zh_CN.po, po/zh_TW.mo, po/zh_TW.po: + Updated translations from translationproject.org + [b2815226875b] + + * plugins/sudoers/po/sudoers.pot, po/sudo.pot: + Update .pot files for 1.9.9 + [e4e903808160] + +2021-12-06 Todd C. Miller + + * README.LDAP.md, docs/CONTRIBUTING.md, docs/TROUBLESHOOTING.md, + docs/UPGRADE.md: + Minor formatting tweaks. + [eee91b1fc68c] + +2021-12-05 Todd C. Miller + + * INSTALL, INSTALL.md, MANIFEST, README, README.LDAP, README.LDAP.md, + README.md, docs/CONTRIBUTING.md, docs/CONTRIBUTORS, + docs/CONTRIBUTORS.md, docs/HISTORY, docs/HISTORY.md, docs/LICENSE, + docs/LICENSE.md, docs/Makefile.in, docs/TROUBLESHOOTING, + docs/TROUBLESHOOTING.md, docs/UPGRADE, docs/UPGRADE.md, etc/sudo- + logsrvd.pp, etc/sudo-python.pp, etc/sudo.pp: + Convert README and docs files to markdown. This makes things look + better on GitHub and we can use the markdown version directly in the + new sudo web site. + [1cdcbce74a73] + +2021-12-04 Todd C. Miller + + * docs/SECURITY.md: + Policy -> Disclosure Policy + [13f278869e03] + + * Merge pull request #124 from juspence/main + + Allow sudo -g anyone and sudo -u anyone -g anytwo + [1a000f5aaba1] + +2021-12-04 juspence <87657842+juspence@users.noreply.github.com> + + * plugins/sudoers/sudoers.in: + Allow sudo -g anyone and sudo -u anyone -g anytwo + + When only the user (ALL) is specified explicitly, and the group is + implied, only sudo -u works. Specifying both the user and group, + like (ALL:ALL), is required to: + + 1) Use sudo -g by itself (with no -u user) 2) Use sudo -u and -g + together, with a -g group that is different from the -u user's + primary group + [ca31aaa0b074] + +2021-12-02 Todd C. Miller + + * lib/util/Makefile.in: + Add build dir to include search path for mksiglist.h and mksigname.h + Fixes out of tree builds on systems without sys_siglist[] or + sys_signame[]. GitHub issue #123. + [fccd76813052] + +2021-11-29 Todd C. Miller + + * MANIFEST, plugins/sudoers/cvtsudoers_merge.c, + plugins/sudoers/regress/cvtsudoers/sudoers1, + plugins/sudoers/regress/cvtsudoers/sudoers2, + plugins/sudoers/regress/cvtsudoers/sudoers3: + cvtsudoers: better merging of lists that are not exact duplicates + When merging rules, if one list would be overridden by another, + remove the overridden rule and continue merging. + [19dc52bd9c6f] + +2021-11-28 Todd C. Miller + + * NEWS: + Update NEWS with latest changes. + [fafe74e0b20f] + +2021-11-27 Todd C. Miller + + * src/edit_open.c: + dir_is_writable: don't treat EPERM from faccessat() as a fatal + error. We can get EPERM on Linux with SELinux. GitHub issue #122. + [25bbc56b2f6d] + +2021-11-24 Todd C. Miller + + * docs/cvtsudoers.man.in, docs/cvtsudoers.mdoc.in, + plugins/sudoers/cvtsudoers.c, plugins/sudoers/cvtsudoers.h, + plugins/sudoers/cvtsudoers_json.c, + plugins/sudoers/cvtsudoers_merge.c: + cvtsudoers: add -l option to log merge actions The "-l logfile" + option can be used to store a log of what actions cvtsudoers took + when merging multiple files. For example, which aliases were + renamed, which entries were overriden or removed as duplicated. + [fa96976882aa] + + * NEWS, configure, configure.ac: + Sudo 1.9.9 + [dad415a982bc] + +2021-11-21 Todd C. Miller + + * MANIFEST, docs/CONTRIBUTORS, po/fa.mo, po/fa.po: + New Persian (Farsi) translation from translationproject.org + [3665533a7219] + +2021-11-20 Todd C. Miller + + * plugins/sudoers/cvtsudoers_csv.c: + Quiet a PVS Studio warning. The warning that need_comma is always + false is correct but in this case it is better to use a consistent + construct so that if the code is re-ordered no bugs are introduced. + [5109a34444f5] + + * lib/util/getentropy.c: + Pass correct size to free_zero(). Coverity CID 241233 + [2ba51f57deb5] + + * plugins/sudoers/alias.c, plugins/sudoers/cvtsudoers.c, + plugins/sudoers/cvtsudoers_csv.c, plugins/sudoers/cvtsudoers_json.c, + plugins/sudoers/cvtsudoers_merge.c, plugins/sudoers/defaults.c, + plugins/sudoers/fmtsudoers_cvt.c, plugins/sudoers/gram.c, + plugins/sudoers/gram.y, plugins/sudoers/parse.c, + plugins/sudoers/parse.h, plugins/sudoers/parse_ldif.c: + Add reference counting to Defaults bindings. Previously, we checked + that the previous entry's binding pointer was not the same while + freeing. However, to be able to merge Defaults records we cannot + rely on Defaults entries with the same binding being immediately + adjacent. This removes the prev_binding checks in favor of a + reference count which allows us to plug the memory leak in + cvtsudoers when merging Defaults. + [0a789516622b] + +2021-11-19 Todd C. Miller + + * MANIFEST, plugins/sudoers/Makefile.in, plugins/sudoers/alias.c, + plugins/sudoers/cvtsudoers.c, plugins/sudoers/cvtsudoers.h, + plugins/sudoers/cvtsudoers_merge.c, plugins/sudoers/parse.h: + cvtsudoers: merge aliases when multiple sudoers files are specified + Duplicate aliases are remove. If there are conflicting alias names, + the conflicts are renamed by appending a numerical suffix. For + example, if there are two SERVERS Host_Aliases, the second one will + be renamed to SERVERS_1. + [d9b602626b8c] + + * plugins/sudoers/cvtsudoers_merge.c: + cvtsudoers: merge Defaults when multiple sudoers files are specified + If a hostname is specified with the sudoers file, it will be used to + make the Defaults setting host-specific, if possible. Duplicate + Defaults settings are removed and conflicts are warned about. It is + not possible to resolve all conflicts automatically. + [756b05304ccb] + + * plugins/sudoers/cvtsudoers_merge.c: + cvtsudoers: merge userspecs when multiple sudoers files are + specified If a hostname is specified with the sudoers file, it will + be used to make the userspec host-specific, if possible. Duplicate + userspecs are removed but conflicting entries are not currently + pruned. + [643b533bb4f4] + + * docs/cvtsudoers.man.in, docs/cvtsudoers.mdoc.in: + Document how to merge sudoers files with cvtsudoers. + [241c3786f5a8] + + * plugins/sudoers/gram.c, plugins/sudoers/gram.y, + plugins/sudoers/parse.h, + plugins/sudoers/regress/fuzz/fuzz_sudoers.c, plugins/sudoers/sssd.c: + init_parse_tree() now takes ownership of lhost and shost, if any. + This means that lhost and shost in struct sudoers_parse_tree are no + longer const and that free_parse_tree() will free lhost/shost. The + only consumer that passed in lho.st/shost was the SSSD back-end + which has been updated to avoid a double-free. + [650bb75666fb] + + * plugins/sudoers/cvtsudoers.c, plugins/sudoers/cvtsudoers_merge.c: + cvtsudoers: use init_parse_tree() to initialize a parse tree. Also + free the parse tree before exit. + [9d8f8bb88192] + + * MANIFEST, Makefile.in, etc/macos-background.png, etc/sudo- + logsrvd.pp, etc/sudo-python.pp, etc/sudo.pp: + Add a background image for the macOS installer. + [39889307b278] + + * scripts/pp: + Update PolyPkg + [44b1d08be1b0] + +2021-11-18 Todd C. Miller + + * scripts/mkpkg: + mkpkg: handle a macOS SDK that just uses the major version. For + example, MacOSX11.sdk instead of MacOSX11.3.sdk. + [ce41fc5aa672] + + * lib/util/Makefile.in: + Add missing dependencies for timegm. + [b20c4936504b] + +2021-11-16 Todd C. Miller + + * plugins/sudoers/cvtsudoers.c: + Add support for specifying the hostname as a prefix to the sudoers + file. If present, the host name is copied into the struct + sudoers_parse_tree. + [e87e11cccb6e] + +2021-11-11 Todd C. Miller + + * plugins/sudoers/cvtsudoers.c: + cvtsudoers: parse multiple sudoers files and store them in a tail + queue In the future the parsed files will be merged before they are + output. + [89c77b3f4157] + + * plugins/sudoers/cvtsudoers.c, plugins/sudoers/gram.c, + plugins/sudoers/gram.h, plugins/sudoers/gram.y, + plugins/sudoers/parse.h: + Add sudoers_parse_tree_list, a tail queue of struct + sudoers_parse_tree. This will be used to store multiple parse trees + and merge them into a single sudoers_parse_tree. + [073ada18f18b] + + * docs/CONTRIBUTING.md: + Fix formatting of links. + [df50208b3f70] + + * MANIFEST, docs/CONTRIBUTING.md: + Add contributing guide. + [a99f3a0757f6] + + * .github/workflows/codeql-analysis.yml: + Create codeql-analysis.yml + [efab25dab29c] + +2021-11-10 Todd C. Miller + + * MANIFEST, docs/SECURITY.md: + Add security doc, inspired by the Microsoft template. + [0a8012f8ee35] + + * .gitignore, .hgignore, INSTALL, MANIFEST, Makefile.in, README, + configure, configure.ac, doc/CONTRIBUTORS, doc/HISTORY, doc/LICENSE, + doc/Makefile.in, doc/TROUBLESHOOTING, doc/UPGRADE, + doc/cvtsudoers.man.in, doc/cvtsudoers.mdoc.in, doc/fixman.sh, + doc/fixmdoc.sed, doc/schema.ActiveDirectory, doc/schema.OpenLDAP, + doc/schema.iPlanet, doc/schema.olcSudo, doc/sudo.conf.man.in, + doc/sudo.conf.man.in.sed, doc/sudo.conf.mdoc.in, doc/sudo.man.in, + doc/sudo.man.in.sed, doc/sudo.mdoc.in, doc/sudo_logsrv.proto.man.in, + doc/sudo_logsrv.proto.mdoc.in, doc/sudo_logsrvd.conf.man.in, + doc/sudo_logsrvd.conf.mdoc.in, doc/sudo_logsrvd.man.in, + doc/sudo_logsrvd.mdoc.in, doc/sudo_plugin.man.in, + doc/sudo_plugin.mdoc.in, doc/sudo_plugin_python.man.in, + doc/sudo_plugin_python.mdoc.in, doc/sudo_sendlog.man.in, + doc/sudo_sendlog.mdoc.in, doc/sudoers.ldap.man.in, + doc/sudoers.ldap.mdoc.in, doc/sudoers.man.in, + doc/sudoers.man.in.sed, doc/sudoers.mdoc.in, + doc/sudoers_timestamp.man.in, doc/sudoers_timestamp.mdoc.in, + doc/sudoreplay.man.in, doc/sudoreplay.mdoc.in, doc/visudo.man.in, + doc/visudo.mdoc.in, docs/CONTRIBUTORS, docs/HISTORY, docs/LICENSE, + docs/Makefile.in, docs/TROUBLESHOOTING, docs/UPGRADE, + docs/cvtsudoers.man.in, docs/cvtsudoers.mdoc.in, docs/fixman.sh, + docs/fixmdoc.sed, docs/schema.ActiveDirectory, docs/schema.OpenLDAP, + docs/schema.iPlanet, docs/schema.olcSudo, docs/sudo.conf.man.in, + docs/sudo.conf.man.in.sed, docs/sudo.conf.mdoc.in, docs/sudo.man.in, + docs/sudo.man.in.sed, docs/sudo.mdoc.in, + docs/sudo_logsrv.proto.man.in, docs/sudo_logsrv.proto.mdoc.in, + docs/sudo_logsrvd.conf.man.in, docs/sudo_logsrvd.conf.mdoc.in, + docs/sudo_logsrvd.man.in, docs/sudo_logsrvd.mdoc.in, + docs/sudo_plugin.man.in, docs/sudo_plugin.mdoc.in, + docs/sudo_plugin_python.man.in, docs/sudo_plugin_python.mdoc.in, + docs/sudo_sendlog.man.in, docs/sudo_sendlog.mdoc.in, + docs/sudoers.ldap.man.in, docs/sudoers.ldap.mdoc.in, + docs/sudoers.man.in, docs/sudoers.man.in.sed, docs/sudoers.mdoc.in, + docs/sudoers_timestamp.man.in, docs/sudoers_timestamp.mdoc.in, + docs/sudoreplay.man.in, docs/sudoreplay.mdoc.in, docs/visudo.man.in, + docs/visudo.mdoc.in, etc/codespell.skip: + Rename "doc" directory to "docs" for better GitHub compatibility. + [1268c3ae0916] + + * lib/util/Makefile.in: + Use $(SED), not sed, when generating mksiglist.h/mksigname.h + [7a7b636a3f32] + + * configure, configure.ac, lib/iolog/Makefile.in, + lib/util/Makefile.in, logsrvd/Makefile.in, + plugins/sudoers/Makefile.in: + Add configure check for sha1sum and use "openssh dgst -sha1" if + missing. Only needed when building the seed corpus zip files. + [3c74ceba0446] + + * include/sudo_compat.h: + sudo_compat.h: include unistd.h regardless of OS type This helps to + avoid issues with mismatched headers and libraries. + [4a22435a2832] + +2021-11-09 Todd C. Miller + + * plugins/sudoers/visudo.c: + install_sudoers: fix return value when there is no temp file to + install This can happen when no changes were made. Also preserve the + edited temp file on error if we are unable to move it into place. + [01c1052ac874] + + * plugins/python/regress/testdata/check_multiple_approval_plugin_and_a + rguments.stdout: + Bump plugin version in test data to 1.18. + [138b9f6a6143] + + * plugins/sudoers/defaults.c: + free_defs_val: free rlimits like strings (which they are). + [ade32de829cb] + + * plugins/sudoers/visudo.c: + Rename {check,set}_perms variable to {check,set}_mode. Avoids a name + clash with the set_perms() function. + [a2dfa0d36690] + + * src/edit_open.c: + Avoid symbol name clash with is_writable() function variable. Rename + "is_writable" variable to "writable". + [a52bd106933b] + + * doc/sudoers.man.in, doc/sudoers.mdoc.in: + Document new resource limit settings. + [022e51bff860] + + * doc/UPGRADE: + Mention that the core dump size resource limit now defaults to 0. + [22997e8008c9] + + * doc/sudo_plugin.man.in, doc/sudo_plugin.mdoc.in, + include/sudo_plugin.h, src/exec.c: + Document resource limit support in command_info[] and Bump plugin + API minor. This is supported beginning with sudo 1.9.9 and plugin + API 1.17. + [2004a71a11b3] + +2021-11-08 Todd C. Miller + + * config.h.in, configure, configure.ac, plugins/sudoers/defaults.c, + src/limits.c: + Use strtoul() on systems without strtoull(). We can assume that + systems without strtoull() have 32-bit resource limits. + [59c1be5a0387] + + * src/exec.c, src/limits.c, src/sudo.c, src/sudo.h: + Add front-end support for setting resouce limits. The special value + "user" means preserve the invoking user's limit. The value "default" + means don't override the default limit for the user as assigned by + the system (PAM, loging.conf, userdb, etc). + [7ad6961d5d72] + + * plugins/sudoers/def_data.c, plugins/sudoers/def_data.h, + plugins/sudoers/def_data.in, plugins/sudoers/defaults.c, + plugins/sudoers/defaults.h, plugins/sudoers/mkdefaults, + plugins/sudoers/policy.c: + Add basic support for setting resource limits in sudoers. The + default for rlimit_core is "0,0" Resource limits are passed back to + the front-end in command_info[] when set. + [298d5e228635] + + * src/edit_open.c: + switch_user_nonfatal: only define if using faccessat() + [1a6b2c0240f5] + +2021-11-06 Todd C. Miller + + * doc/visudo.man.in, doc/visudo.mdoc.in, plugins/sudoers/visudo.c: + visudo: add -O and -P options to check/set owner and permissions. + This can be used in conjunction with the -c option to check that the + sudoers file ownership and permissions are correct. Bug #1007 + [1f20721148b0] + +2021-11-05 Todd C. Miller + + * doc/UPGRADE: + UPGRADE: mention SELinux behavior change. + [0b8cef633225] + + * src/selinux.c, src/sudo.h, src/sudo_edit.c: + Rename selinux_setcon -> selinux_setexeccon + [50bde2e4d922] + + * src/selinux.c: + In the SELinux role is "unconfined_r", disable SELinux support. We + only want to apply SELinux to confined users. This is a bit of a + hack as unconfined_r is specific to the targeted policy. + [aaa8ee97f31e] + + * src/exec_monitor.c, src/exec_nopty.c, src/selinux.c, src/sudo.c, + src/sudo.h, src/sudo_edit.c: + Separate out the code to compute the context from selinux_setup(). + This makes it possible to determine whether we really need to + execute the command via the sesh helper. What was left of + selinux_setup() is now selinux_relabel_tty() and + selinux_audit_role_change(). + [687a81e59fdd] + + * plugins/sudoers/policy.c, src/selinux.c, src/sudo.c: + Pass status of selinux sudoers setting to front-end as selinux-rbac. + The front-end uses this to decide whether or not to enable SELinux. + If selinux-rbac is true _or_ if it is not present and selinux_role + or selinux_type are set, SELinux support is enabled. Previously, + SELinux support was only enabled if a role was specified. + [2f21ae08ebbd] + + * src/edit_open.c: + dir_is_writable: add fallback if changing UIDs fails The SELinux + policy may not allow uid/gid changes which will break the + writability checks and cause sudoedit to fail. + [5c5928a0c314] + +2021-11-04 Todd C. Miller + + * scripts/mkpkg: + Build python package on Fedora + [7261434fc60c] + +2021-11-01 Todd C. Miller + + * src/selinux.c: + Make get_exec_context static, it is unused outside selinux.c. + [be59f91e53dd] + + * doc/sudo.conf.mdoc.in: + Fix lint warning: skipping paragraph macro: Pp before Bd + [f84297a652d8] + +2021-10-31 Todd C. Miller + + * doc/sudo_plugin.man.in, doc/sudo_plugin.mdoc.in, + doc/sudo_plugin_python.man.in, doc/sudo_plugin_python.mdoc.in: + Escape some minus signs ('-') as required by newer groff. + [4a1a2d6d5c19] + + * MANIFEST, config.h.in, configure, configure.ac, + include/sudo_compat.h, lib/util/timegm.c, + plugins/sudoers/Makefile.in, plugins/sudoers/gentime.c, + plugins/sudoers/gmtoff.c, plugins/sudoers/parse.h, scripts/mkdep.pl: + parse_gentime: use timegm() to generate time since the epoch The + timegm() function is non-standard but widely available. Provide an + implementation for those systems that lack it. Bug #1006 + [3ca20dfdb44c] + + * include/sudo_compat.h, lib/util/Makefile.in, scripts/mkdep.pl: + Fix pasto in gmtime_r and localtime_r macros. Also add missing + Makefile targets for them. + [2310e188fdd4] + + * plugins/sudoers/gmtoff.c: + Take daylight saving time into consideration when computing offset. + Otherwise, the resulting time may be off by and hour, depending on + whether DST is currently active compared to the target time. + [20c60fe8e8fc] + +2021-10-29 Todd C. Miller + + * scripts/mkpkg: + Back out f2d82771e7dd, arm64e on macOS is still in preview state. + Until arm64e on macOS is finalized, continue to build arm64 + packages. + [6c3bbd6ffc3a] + +2021-10-27 Todd C. Miller + + * scripts/mkpkg: + Build arm64e ABI binaries on macOS 11 and above. We originally used + arm64 here but the correct ABI is arm64e. The arm64 arch will be + removed in a future release. + [f2d82771e7dd] + + * logsrvd/logsrvd_local.c: + Use iolog_openat() when opening the log.json file in the I/O log + dir. + [9041b20b8d01] + +2021-10-26 Todd C. Miller + + * logsrvd/tls_init.c: + Use BIO_new_file() not BIO_new_fd() to read dhparams file. Older + versions of OpenSSL and wolfSSL lack BIO_new_fd(). Also explicitly + include openssl/bio.h and openssl/dh.h for wolfSSL. + [8338f58d5ba0] + + * INSTALL, config.h.in, configure, configure.ac: + wolfSSL not WolfSSL + [4ee7f96ef87c] + + * .circleci/config.yml: + Add wolfSSL variant to continuous integration tests. + [dbbab23e069c] + + * docker/debian/latest/Dockerfile, docker/debian/testing/Dockerfile, + docker/ubuntu/devel/Dockerfile, docker/ubuntu/latest/Dockerfile, + docker/ubuntu/rolling/Dockerfile: + Add libwolfssl-dev to Debian and Ubuntu Dockerfiles Fedora does not + appear to have an official wolfssl package. + [12c0feaa0ebb] + + * doc/sudoers.man.in, doc/sudoers.mdoc.in: + White space in an include file path supported by sudo 1.9.1 or + higher. + [9a22034de181] + +2021-10-25 Todd C. Miller + + * INSTALL, config.h.in, configure, configure.ac, + include/sudo_compat.h, lib/iolog/hostcheck.c, + lib/util/digest_openssl.c, lib/util/getentropy.c, logsrvd/logsrvd.c, + logsrvd/logsrvd.h, logsrvd/logsrvd_relay.c, logsrvd/sendlog.c, + logsrvd/sendlog.h, logsrvd/tls_client.c, logsrvd/tls_common.h, + logsrvd/tls_init.c, plugins/sudoers/log_client.c, + plugins/sudoers/log_client.h: + Add support for WolfSSL's OpenSSL compatibility layer. Based on + changes from Hayden Roche + [568557ecb77b] + + * lib/util/Makefile.in, plugins/sudoers/Makefile.in: + regenerate dependencies + [d36bf7724e49] + + * logsrvd/iolog_writer.c, logsrvd/logsrvd.c, logsrvd/logsrvd.h, + logsrvd/logsrvd_conf.c, logsrvd/logsrvd_journal.c, + logsrvd/logsrvd_local.c, logsrvd/logsrvd_queue.c, + logsrvd/logsrvd_relay.c, logsrvd/regress/fuzz/fuzz_logsrvd_conf.c, + logsrvd/sendlog.c, logsrvd/sendlog.h: + Move include of log_server.pb-c.h into logsrvd.h and sendlog.h This + way there is no include file order issue with the + PROTOBUF_C_VERSION_NUMBER check. + [23678487ffaf] + + * docker/debian/latest/Dockerfile, docker/debian/testing/Dockerfile, + docker/fedora/latest/Dockerfile, docker/fedora/rawhide/Dockerfile, + docker/ubuntu/devel/Dockerfile, docker/ubuntu/latest/Dockerfile, + docker/ubuntu/rolling/Dockerfile: + Add pkg-config to all Dockerfile + [63457bb84c4d] + +2021-10-24 Todd C. Miller + + * logsrvd/tls_init.c: + Use SSL_FILETYPE_PEM with SSL_CTX_use_PrivateKey_file, not + X509_FILETYPE_PEM While they are defined to the same value in + OpenSSL one should not rely on this. + [1a1557931dbf] + +2021-10-23 Todd C. Miller + + * configure, configure.ac: + Fix setting _PATH_ASAN_LIB, need to double up the square brackets. + [98143164620a] + + * logsrvd/sendlog.c: + sudo_sendlog: send runenv, rungid and runuid from log.json too With + this change, sudo_sendlog can now round-trip sudo-style I/O logs + that use the newer log.json format without losing any information. + [d9d3dad6cca3] + +2021-10-22 Todd C. Miller + + * config.h.in, configure, configure.ac, lib/util/arc4random.c: + arc4random: need to include sys/random.h on Solaris too. This was + removed when Linux genentropy() was disabled. + [18ea9b386950] + +2021-10-21 Todd C. Miller + + * lib/iolog/hostcheck.c, lib/util/inet_ntop.c, logsrvd/logsrv_util.h, + plugins/sudoers/log_client.h: + Make sure INET_ADDRSTRLEN and INET6_ADDRSTRLEN are defined. + [e347465e0a05] + + * plugins/sudoers/audit.c, plugins/sudoers/iolog.c, + plugins/sudoers/log_client.c, plugins/sudoers/log_client.h, + plugins/sudoers/logging.c, plugins/sudoers/logging.h: + Only include log_client.h if SUDOERS_LOG_CLIENT is defined. + [c318f74cf2a8] + + * Merge pull request #118 from larb0b/main + + Define MAP_FAILED where relevant if undefined + [74f3e9f1a1f4] + +2021-10-21 Larkin Nickle + + * lib/util/getentropy.c, lib/util/regress/mktemp/mktemp_test.c, + lib/util/snprintf.c: + Define MAP_FAILED where relevant if undefined + + On systems such as HP-UX 10.20, MAP_FAILED is not defined. + [9f4976caa567] + +2021-10-20 Todd C. Miller + + * configure, m4/libtool.m4: + Improve macOS version detection to support macOS 11 and simplify + legacy logic From Jeremy Huddleston Sequoia + [f09b45ab460a] + + * logsrvd/sendlog.c: + sudo_sendlog: send multiple I/O log records together if possible Try + to fill the write buffer and then send to the server instead of + sending records one at a time. + [0b084cd75d64] + + * logsrvd/sendlog.c, logsrvd/sendlog.h: + sudo_sendlog: support multiple write buffers like sudo_logsrvd + [a46b88eff200] + + * configure, configure.ac, lib/util/Makefile.in: + Always link libsudo_util.so with libcrypto.so if using OpenSSL. We + may need to use RAND_bytes() in the getentropy() emulation. + [9c805a008d76] + + * config.h.in, configure, configure.ac, lib/util/getentropy.c, + plugins/sudoers/boottime.c: + Add an explicit check for sys/sysctl.h. This test needs to be done + after AC_LANG_WERROR to avoid including sys/sysctl.h on systems + where it is marked as deprecated via a #warning directive. + [d9f1f97b0f37] + + * config.h.in, configure, configure.ac, lib/util/arc4random.c: + Use our own getentropy() by default on Linux. The glibc getentropy() + emulation will fail on older kernels that don't support getrandom(). + Also use sudo_fatal() instead of sending SIGKILL on getentropy() + failure. GitHub issue #117. + [1ca9d10ff780] + + * lib/util/getentropy.c: + Use the OpenSSL RAND_bytes() function if getrandom() fails. + [5f82f6d2ea36] + + * lib/util/Makefile.in, lib/util/arc4random_buf.c, scripts/mkdep.pl: + Fix compilation of standalone arc4random_buf(). Apparently this code + was never compiled anywhere. + [a66c68c3a976] + + * lib/util/uuid.c: + sudo_uuid_create: no longer need a union for the uuid. + [a9277bf0078c] + +2021-10-19 Todd C. Miller + + * lib/eventlog/eventlog_free.c: + eventlog_free: free signal_name too + [1da686483f2a] + + * lib/iolog/regress/fuzz/fuzz_iolog_json.dict: + Add new log.json keywords + [f4a30fc6c4ed] + + * lib/iolog/regress/fuzz/fuzz_iolog_json.c: + fuzz_iolog_json: initialize exit_value to -1 + [bac9826b95a1] + + * logsrvd/logsrvd.c: + Fix potential use-after-free when calling iolog_flush_all(). We need + to call iolog_flush_all() _before_ scheduling the commit point. If + we fail to schedule to commit point, the closure will be freed. + Coverity CID 220557 + [364736f15a06] + + * logsrvd/sendlog.c: + sendlog: use runargv from log.json if available + [88a0f4d7bb94] + + * logsrvd/sendlog.c: + sudo_sendlog: send exit data in eventlog if present + [fdacc0f68c56] + + * include/sudo_eventlog.h, lib/eventlog/eventlog.c, + logsrvd/logsrvd_local.c, plugins/sudoers/logging.c: + No longer need to pass exit params to eventlog_exit(), use struct + eventlog. Now that struct eventlog includes the exit parameters we + can simplify how eventlog_exit() is called. + [8580c0e8334d] + + * include/sudo_eventlog.h, lib/iolog/iolog_json.c, + lib/iolog/iolog_loginfo.c, logsrvd/iolog_writer.c: + Read command run_time, signal and exit_value from I/O log log.json + file. + [05223c4cca0c] + + * logsrvd/logsrvd_local.c: + Log the command run-time and exit status in the I/O log. + [8b02b373f79b] + + * lib/eventlog/eventlog.c: + format_json: fix pasto when setting dumped_core boolean + [ca11285c088a] + +2021-10-18 Todd C. Miller + + * lib/eventlog/eventlog.c, logsrvd/logsrvd_local.c: + Handle a missing run_time in an ExitMessage. It is now possible to + pass a NULL run_time to eventlog_exit(). + [f3e989682931] + +2021-10-16 Todd C. Miller + + * doc/sudo_logsrvd.conf.man.in, doc/sudo_logsrvd.conf.mdoc.in, + logsrvd/logsrvd.c: + No need to flush logs before commit point if we flush after each + write. Also document that logs are flushed before sending a commit + point even when flushing is disabled. + [50323241569d] + +2021-10-15 Todd C. Miller + + * MANIFEST, include/sudo_iolog.h, lib/iolog/Makefile.in, + lib/iolog/iolog_conf.c, lib/iolog/iolog_flush.c, + logsrvd/iolog_writer.c, logsrvd/logsrvd.c, logsrvd/logsrvd.h: + Flush I/O logs before we send a commit point. The commit point + message means we have written the data to disk so we should not be + buffering it any longer. We do not currently fsync(2) the data after + flushing, perhaps we should. + [5233172b7531] + + * logsrvd/logsrv_util.c: + Do not treat a resume point of [0, 0] as an error. If the connecton + is interrupted before sudo sends back a commit_point message, + resuming at [0, 0] is correct. Also add a warning on unexpected EOF + parsing the timing file. + [105f29878ad7] + +2021-10-11 Todd C. Miller + + * plugins/sudoers/sudoers.c: + Display a more helpful message if the user tries to run "sudo cd". + Since "cd" is a shell built-in command it cannot be run directly via + sudo. The user either needs to spawn a shell via "sudo -s" or use + the -D option to run a command in a specific directory. + [4d45797dfb11] + + * configure, configure.ac: + Don't install sudoers.a when configured with --enable-static- + sudoers. We already avoid installing it when --disable-shared-util + is specified. + [0d2022bc07cb] + +2021-10-10 Todd C. Miller + + * scripts/mkpkg: + mkpkg: preserve make exit value on exit Fixes a problem where the + exit value from mkpkg was 0 even on error. + [0d0f15bf10cf] + + * plugins/sudoers/cvtsudoers_csv.c: + Fix typos in SELinux and Solaris priv support. + [16b9a1459f1d] + + * MANIFEST, doc/cvtsudoers.man.in, doc/cvtsudoers.mdoc.in, + plugins/sudoers/Makefile.in, plugins/sudoers/cvtsudoers.c, + plugins/sudoers/cvtsudoers.h, plugins/sudoers/cvtsudoers_csv.c: + cvtsudoers: initial support for CSV output For CSV output we double + quotes strings that contain commas. For each literal double quote + character present inside the string, two double quotes are output. + [8f7763b74563] + + * lib/iolog/Makefile.in, lib/util/Makefile.in, logsrvd/Makefile.in, + plugins/sudoers/Makefile.in: + regenerate dependencies + [09d11b5c7d41] + + * docker/README, etc/codespell.ignore: + Fix typo and avoid a codespell false positive. + [81a365b29c3c] + +2021-10-08 Todd C. Miller + + * .circleci/config.yml: + Add build-nointercept and test-nointercept + [d39877327ccc] + +2021-10-07 Todd C. Miller + + * .circleci/config.yml: + circleci: test multiple build options We now do separate builds with + LDAP/SSSD enabled, logsrv client/server disabled, and static-sudoers + enabled. + [4d8a9b45156c] + + * configure, configure.ac, plugins/sudoers/Makefile.in: + Fix fuzzer build with when --enable-static-sudoers is used. This + introduces a sudoers-specific version of LT_STATIC instead of + appending the --tag=disable-shared to SUDOERS_LDFLAGS. I've also + removed the -static flag as it should not be needed. + [864a2fd4e3f7] + +2021-10-05 Todd C. Miller + + * docker/README: + Mention --security-opt=seccomp=unconfined workaround for bleeding + edge. May be needed for Fedora rawhide and Ubuntu testing, among + others. + [a465fdb0a7de] + + * configure, configure.ac: + Try to handle the case where libasan.so is a linker script. Fixes + check_noexec with ASAN on Fedora where libasan.so just includes the + actual library file. + [f96d1d0cea53] + + * .circleci/config.yml, docker/README, + docker/fedora/latest/Dockerfile, docker/fedora/rawhide/Dockerfile: + Enable address and undefined behavior sanitizers in CI builds. We + need to disable leak sanitizer during "make check" because it uses + ptrace which is not allowed for unprivileged containers. + [9378e3856a60] + +2021-10-04 Todd C. Miller + + * .circleci/config.yml: + Switch to Ubuntu latest for circleci build. + [1270ca1ba47d] + + * .circleci/config.yml, docker/debian/latest/Dockerfile, + docker/debian/testing/Dockerfile, docker/fedora/latest/Dockerfile, + docker/fedora/rawhide/Dockerfile, docker/ubuntu/devel/Dockerfile, + docker/ubuntu/latest/Dockerfile, docker/ubuntu/rolling/Dockerfile: + Add build user for circleci instead of running as root. + [27dcb5218cb2] + + * .circleci/config.yml, MANIFEST, docker/README, + docker/debian/latest/Dockerfile, docker/debian/testing/Dockerfile, + docker/fedora/latest/Dockerfile, docker/fedora/rawhide/Dockerfile, + docker/ubuntu/devel/Dockerfile, docker/ubuntu/latest/Dockerfile, + docker/ubuntu/rolling/Dockerfile: + Use circleci for continuous integegration. Build container + descriptions are in the new docker directory. + [d5b5b16b0624] + +2021-10-03 Todd C. Miller + + * .gitignore, .hgignore: + Update ignore file. + [7fe8afa88e96] + +2021-10-01 Todd C. Miller + + * plugins/sudoers/sudoreplay.c: + Sync "sudo -l" output with normal sudo log format. It now prints + runchroot and runcwd (falling back on cwd). As a result, submithost + is now printed first, matching sudo. Also avoid printing NULL + pointers and skip entries that don't have at least command, + submituser and runuser set. + [0d6b96ec88a1] + + * lib/iolog/iolog_json.c: + iolog_parse_json_object: optimize for large argv + [5fa1929189a3] + +2021-09-29 Todd C. Miller + + * configure, configure.ac: + Add "-fcf-protection" to SSP_CFLAGS and SSP_LDFLAGS if supported. + Can be disabled via --disable-hardening. + [589507ecadf4] + + * configure, configure.ac: + Add "-z now" to hardened link options if supported. Can be disabled + via --disable-hardening. + [11ff1d86440b] + + * doc/sudoers.man.in, doc/sudoers.mdoc.in, plugins/sudoers/editor.c, + plugins/sudoers/regress/editor/check_editor.c, + plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h, + plugins/sudoers/visudo.c: + find_editor: remove the env_error argument There is no case where we + should fail to find an editor just because the values of EDITOR, + VISUAL and SUDO_EDITOR are unavailable. Both sudoedit and the + "env_editor" sudoers setting are documented as falling back on the + hard-coded list of editors in the "editors" sudoers setting. Bug + #1000 + [caa529a0cab6] + + * plugins/sudoers/check_aliases.c: + Use sudo_printf(SUDO_CONV_ERROR_MSG) instead of fprintf(stderr). + Avoids extraneous output in the fuzzer. + [981d3abd96c7] + + * plugins/sudoers/Makefile.in, + plugins/sudoers/regress/fuzz/fuzz_sudoers.c, + plugins/sudoers/regress/fuzz/fuzz_sudoers_ldif.c: + Stub out sudo_printf() and avoid other use of stderr in fuzzers. + This makes it possible to parse sudoers without using quiet mode, + resulting in better coverage. + [3215cad4174f] + +2021-09-28 Todd C. Miller + + * lib/iolog/regress/fuzz/fuzz_iolog_json.c, + lib/iolog/regress/fuzz/fuzz_iolog_legacy.c, + lib/iolog/regress/fuzz/fuzz_iolog_timing.c, + lib/util/regress/fuzz/fuzz_sudo_conf.c, + logsrvd/regress/fuzz/fuzz_logsrvd_conf.c, + plugins/sudoers/regress/fuzz/fuzz_policy.c, + plugins/sudoers/regress/fuzz/fuzz_sudoers.c, + plugins/sudoers/regress/fuzz/fuzz_sudoers_ldif.c: + Use a consistent version of fuzz_conversation() with all fuzzers. + Also undo a change to fuzz_sudoers.c that snuck in to the last + commit. + [8a94b06302b7] + + * lib/iolog/regress/fuzz/fuzz_iolog_json.c, + lib/iolog/regress/fuzz/fuzz_iolog_legacy.c, + lib/iolog/regress/fuzz/fuzz_iolog_timing.c, + lib/util/regress/fuzz/fuzz_sudo_conf.c, + logsrvd/regress/fuzz/fuzz_logsrvd_conf.c, + plugins/sudoers/Makefile.in, + plugins/sudoers/regress/fuzz/fuzz_policy.c, + plugins/sudoers/regress/fuzz/fuzz_sudoers.c: + Fuzzers should not produce output. Excessive output makes the fuzzer + runs much less efficient. + [b9c485009c0f] + + * logsrvd/logsrv_util.c: + expand_buf: fix conditional for when we need to preserve existing + data It is possible for the buffer offset to be zero when the length + is non-zero. The proper value to use is the same as is used for the + memcpy/memmove size. Fixes buffer corruption caused by a very long + command line that usually results in a dropped connection. + [59a4319b3463] + +2021-09-27 Todd C. Miller + + * config.h.in, configure, configure.ac, lib/util/closefrom.c: + Emulate closefrom() on macOS using proc_pidinfo(). This avoids + relying on /dev/fd which may not exist in a chroot jail. Adapted + from a change in OpenSSH by likan_999.student AT sina.com + [2e86d4150ce5] + +2021-09-26 Todd C. Miller + + * src/edit_open.c: + Handle EMLINK and EFTYPE errno values for O_NOFOLLOW failure. + FreeBSD returns EMLINK and NetBSD returns EFTYPE instead of ELOOP. + This is only used to present the user with a more appropriate error + message. + [ca5499c8c40f] + +2021-09-24 Todd C. Miller + + * plugins/sudoers/cvtsudoers.c: + Fix typo in last commit, use boolean AND not bitwise. + [685bd5d9ce6f] + + * doc/cvtsudoers.man.in, doc/cvtsudoers.mdoc.in, + plugins/sudoers/cvtsudoers.c, plugins/sudoers/cvtsudoers.h, + plugins/sudoers/gram.c, plugins/sudoers/gram.y, + plugins/sudoers/parse.h: + Add the ability to filter/match by command via the -m option. For + example "cvtsudoers -m cmd=/bin/ls" would only display entries that + would allow /bin/ls to be allowed or denied. + [3534a0170c59] + +2021-09-23 Todd C. Miller + + * doc/cvtsudoers.man.in, doc/cvtsudoers.mdoc.in, + plugins/sudoers/Makefile.in, plugins/sudoers/cvtsudoers.c, + plugins/sudoers/cvtsudoers.h, plugins/sudoers/pwutil.c: + Add --group-file and --passwd-file options to cvtsudoers. These are + based on the code in testsudoers. + [3286dd5dd0bf] + +2021-09-22 Todd C. Miller + + * lib/util/mkdir_parents.c: + Move cppcheck suppression annotation to where it needs to be. + [17d601bc91f3] + + * lib/util/mksigname.c: + format string fix: print signal number as unsigned. Quiets a + cppcheck warning; mksiglist.c already has this fixed. + [a28b72dceec4] + + * plugins/sudoers/ldap_util.c: + Fix memory leak on error path if snprintf() overflows. Coverity CID + 188804 + [73872d2e2cd0] + +2021-09-21 Todd C. Miller + + * plugins/sudoers/auth/bsdauth.c, plugins/sudoers/auth/fwtk.c, + plugins/sudoers/auth/kerb5.c, plugins/sudoers/auth/passwd.c, + plugins/sudoers/auth/secureware.c, plugins/sudoers/auth/securid5.c: + Avoid reinitializing other auth methods. + [af0495460943] + + * plugins/sudoers/toke.c, plugins/sudoers/toke.l: + expand_include: add bounds checking when expanding %h escape. + [3c0ca1f0d4e5] + + * plugins/sudoers/iolog.c, plugins/sudoers/ldap.c, + plugins/sudoers/toke.c, plugins/sudoers/toke.l: + Check snprintf() return values even if we preallocated the correct + amount. There are no remaining unchecked snprintf() that can + actually overflow. + [0eaf1d4daa84] + + * include/sudo_iolog.h, lib/iolog/iolog_nextid.c: + iolog_nextid(): make iolog_dir argument const. We make a copy of the + directory so there's no real reason that parameter can't be const. + [f278847ca9aa] + + * plugins/sudoers/ldap_util.c: + Amend truncation fix, the real problem was the size passed to + snprintf(). sudo_rcstr_alloc() takes a length (not a size) parameter + so when calling snprintf() we need to add one to the length. + [92f8a8b86d20] + + * plugins/sudoers/ldap_util.c: + Fix truncation of the last char of the sudoRole cn passed to + append_default(). This string is primarily used for warning + messages. Also check the snprintf() return value to avoid silent + truncation. GitHub issue #115 + [22b8d7bc62f8] + +2021-09-20 Todd C. Miller + + * .hgtags: + Added tag SUDO_1_9_8p2 for changeset 9edebc604c58 + [67357c8687d3] <1.9> + + * NEWS, configure, configure.ac: + Sudo 1.9.8p2 + [9edebc604c58] [SUDO_1_9_8p2] <1.9> + + * NEWS, configure, configure.ac: + Sudo 1.9.8p2 + [f29fdeb8ae5b] + + * etc/codespell.exclude: + Standardize on "front-end" not "front end" in the man pages. + [b0ad634852e7] + + * configure, configure.ac: + fix typo + [4d8738449daa] + + * logsrvd/logsrvd_journal.c: + Reuse existing journal file for an accepted/rejected sub-command. + Otherwise we end up with zero-length files in the incoming queue dir + and may end up relaying one of those instead of the actual journal + file. + [4789371a43f3] <1.9> + + * logsrvd/logsrvd_journal.c: + Reuse existing journal file for an accepted/rejected sub-command. + Otherwise we end up with zero-length files in the incoming queue dir + and may end up relaying one of those instead of the actual journal + file. + [545897a2761c] + + * plugins/sudoers/regress/fuzz/fuzz_sudoers.c: + Re-enable error output for the sudoers parser. It is only the alias + and defaults warnings we need to suppress. + [114bd7756a7c] + + * src/exec_intercept.c: + Add intercept_cleanup() stub for when building w/o intercept + support. + [bd6f32a90787] + + * src/exec_intercept.c, src/exec_nopty.c, src/exec_pty.c, + src/sudo_exec.h: + Add intercept_cleanup() to free the closure used by + intercept_accept_cb(). + [55f6aea8b517] + + * plugins/sudoers/auth/pam.c: + Don't re-initialize PAM for sub-commands. + [41d7d61e4ac5] <1.9> + + * plugins/sudoers/auth/pam.c: + Don't re-initialize PAM for sub-commands. + [faa7aec4d145] + + * logsrvd/logsrvd_local.c: + sudo_logsrvd: only send log ID for first command of a session There + is no need to send the log ID for each sub-command. + [e21b40af74f2] <1.9> + + * logsrvd/logsrvd_local.c: + sudo_logsrvd: only send log ID for first command of a session There + is no need to send the log ID for each sub-command. + [625b18c5f821] + + * plugins/sudoers/log_client.c: + Only store the first log id received from the server. Plugs a small + memory leak in intercept mode if the log server sends the log ID + again for sub-commands. + [e20563f3e152] <1.9> + + * plugins/sudoers/log_client.c: + Only store the first log id received from the server. Plugs a small + memory leak in intercept mode if the log server sends the log ID + again for sub-commands. + [ca2ad5b219cd] + +2021-09-19 Todd C. Miller + + * plugins/sudoers/regress/fuzz/fuzz_sudoers.c: + fuzz_sudoers: don't warn about unknown defaults entries Some fuzzing + inputs cause a huge number of warnings and displaying them all can + result in the fuzz run timing out. If we disable the warnings we can + avoid the timeout. + [4823ee305937] + + * plugins/sudoers/defaults.c, plugins/sudoers/gram.c, + plugins/sudoers/gram.h, plugins/sudoers/gram.y, + plugins/sudoers/policy.c: + Limit paths for command, cwd and chroot to PATH_MAX bytes. This + helps prevent the fuzzer from going off the rails. + [9550fa76a645] + + * plugins/sudoers/sudoers.c: + sudo -i: missing NULL terminator when moving argv to make room for + --login Fixes a potential crash for "sudo -i" when the target user + has bash as the shell (which needs the --login option). Bug #998. + [32644aae1eab] <1.9> + + * plugins/sudoers/sudoers.c: + sudo -i: missing NULL terminator when moving argv to make room for + --login Fixes a potential crash for "sudo -i" when the target user + has bash as the shell (which needs the --login option). Bug #998. + [4b297f2ead15] + + * lib/eventlog/eventlog.c: + Only append argv[] to the log line if argv[0] is not NULL. It should + not be possible to reach this point with a command defined but + argv[] empty but it doesn't hurt to check. + [61f9cf744673] + +2021-09-18 Todd C. Miller + + * plugins/sudoers/check_aliases.c: + Only warn about an undefined alias or a cycle a single time. There's + no point in warning about the same problem multiple times. This + implementation assumes a small number of warnings and so just uses a + simple listed link. + [4461f65d1bad] + + * configure, configure.ac: + Remove now-unused CHECK_INTERCEPT variable. + [447dbf8bea48] + + * plugins/sudoers/toke.c, plugins/sudoers/toke.l: + Quiet pvs-studio false positive: V557 Array overrun is possible. + Make the zero length check explicit so as not to confuse static (or + human) analyzers. + [512ab29a9f28] + +2021-09-17 Todd C. Miller + + * MANIFEST, plugins/sudoers/regress/testsudoers/test17.out.ok, + plugins/sudoers/regress/testsudoers/test17.sh: + Test that digest matching works with LDAP sudoCommand: ALL + [f7ec49401d4f] + + * plugins/sudoers/ldap_util.c: + Allow a digest to be specified with the "ALL" command for ldap/sssd + back-ends. This has been possible with sudoers file entries since + sudo 1.9.0 but no corresponding change was made for ldap/sssd. + [89a30bbd7dac] + + * lib/eventlog/eventlog.c: + Use localtime_r() not gmtime_r() when formatting the local time. + This is consistent with how sudo formatted time stamps prior to the + logging code being split off into libeventlog. We only need to use + gmtime_r() for ISO 8601 time. + [aee6e29ba9d6] + + * lib/eventlog/eventlog.c, + lib/iolog/regress/iolog_path/check_iolog_path.c, + lib/util/sudo_debug.c, plugins/audit_json/audit_json.c, + plugins/sudoers/cvtsudoers_json.c, + plugins/sudoers/cvtsudoers_ldif.c, plugins/sudoers/fmtsudoers.c, + plugins/sudoers/ldap.c, plugins/sudoers/parse.c, + plugins/sudoers/timestr.c: + Check strftime(3) return value in all cases. Old versions of + strftime(3) didn't guarantee to NUL-terminate the buffer so we + explicitly clear the last byte of the buffer and check it. + [bc402e4bd4d2] + + * config.h.in, configure, configure.ac, logsrvd/tls_init.c: + tls_init.c: use SSL_CTX_set0_tmp_dh_pkey if present. Fixes a warning + on OpenSSL 3.0 and plugs a memory leak of dhparams on config reload. + [02027ea86d3b] + + * configure, configure.ac, lib/util/digest_openssl.c: + Use the EVP digest routines instead of calling SHA2 functions + directly. Avoids compiler warnings with OpenSSL 3.0. + EVP_MD_CTX_new() is only available for OpenSSL 1.1 and higher--we + will fall back to sudo's SHA2 code if necessary. + [6fbac28175f9] + + * configure, configure.ac: + When using pkg-config, don't assume the names of the ssl and crypto + libs. On the HP-UX build machines these are named libssl_pic.a and + libcrypto_pic.a to avoid conflicting with the system libs. + [a8eb772b3a4d] + + * lib/util/sudo_debug.c: + Store milliseconds in the debug file timestamp. Sometime second + granularity is not enough. + [1df3e75f1133] + + * MANIFEST, config.h.in, configure, configure.ac, + include/sudo_compat.h, lib/util/gmtime_r.c, lib/util/localtime_r.c: + Add gmtime_r and localtime_r tests and compat if missing. + [709671c493a3] + + * lib/eventlog/eventlog.c, lib/iolog/iolog_path.c, + lib/iolog/regress/iolog_path/check_iolog_path.c, + lib/util/sudo_debug.c, plugins/audit_json/audit_json.c, + plugins/sample_approval/sample_approval.c, + plugins/sudoers/cvtsudoers_json.c, + plugins/sudoers/cvtsudoers_ldif.c, plugins/sudoers/fmtsudoers.c, + plugins/sudoers/getdate.c, plugins/sudoers/getdate.y, + plugins/sudoers/gmtoff.c, plugins/sudoers/ldap.c, + plugins/sudoers/parse.c, plugins/sudoers/timestr.c: + Use gmtime_r() and localtime_r() instead of gmtime() and + localtime(). + [5758514b25cb] + + * doc/sudo.conf.man.in, doc/sudo.conf.mdoc.in: + Plugin lines are for approval and audit plugins too. + [67bb7c0687f2] + + * doc/sudo.conf.man.in, doc/sudo.conf.mdoc.in, doc/sudo.man.in, + doc/sudo.mdoc.in, doc/sudo_logsrvd.man.in, doc/sudo_logsrvd.mdoc.in, + doc/sudo_plugin.man.in, doc/sudo_plugin.mdoc.in, + doc/sudo_plugin_python.man.in, doc/sudo_plugin_python.mdoc.in, + doc/sudo_sendlog.man.in, doc/sudo_sendlog.mdoc.in, + doc/sudoers.man.in, doc/sudoers.mdoc.in, doc/visudo.man.in, + doc/visudo.mdoc.in: + Standardize on "front-end" not "front end" in the man pages. + [68748f8cc8a6] + + * MANIFEST, plugins/sudoers/regress/testsudoers/test16.out.ok, + plugins/sudoers/regress/testsudoers/test16.sh: + Add a test to exercise Bug #994 + [eef2ece0e8d4] + + * scripts/mkpkg: + mkpkg: limit the number of cores used to 16 + [5b8f2aa834b8] + +2021-09-16 Todd C. Miller + + * NEWS: + fix typo + [120b1e7d2aca] + + * .hgtags: + Added tag SUDO_1_9_8p1 for changeset feb396a0d60d + [e5f560a935fc] <1.9> + + * configure, configure.ac: + Merge sudo 1.9.8p1 from tip + [feb396a0d60d] [SUDO_1_9_8p1] <1.9> + + * NEWS: + Bug #994. + [14ea3a741b25] + + * plugins/sudoers/ldap_util.c: + Always allocate a struct sudo_command for the command, even for ALL. + This was missed in the previous set of changes, resulting in a crash + for LDAP and SSSD rules that give sudo "ALL" privileges. Bug #994. + [91d0379b068a] + + * plugins/sudoers/Makefile.in: + Add SUDOERS_LDFLAGS to FUZZ_LDFLAGS Fixes a fuzzer link error when + building with ldap if the ldap libs are not in the default library + search path. + [a450881f9763] + + * configure, configure.ac: + Fix the OpenSSL link order for the non-pkg-config case. Since -lssl + depends on -lcrypto, -lcrypto must be listed after -lssl. Fixes + linking of non-dynamic OpenSSL libs. + [787724ab6e87] + +2021-09-15 Todd C. Miller + + * NEWS, configure, configure.ac: + Sudo 1.9.8p1 + [fc8c69d55348] + + * src/sudo_intercept_common.c: + sudo_interposer_init: verify message type from sudo We should only + get a HelloResponse from sudo at this point. + [a021319260b3] + + * include/intercept.pb-c.h, src/exec_intercept.c, + src/intercept.pb-c.c, src/intercept.proto, + src/sudo_intercept_common.c: + Avoid symbol name clash to fix --enable-static-sudoers linking. + [5cc5e415844f] + +2021-09-14 Todd C. Miller + + * plugins/sudoers/defaults.c, plugins/sudoers/policy.c: + append_defaults() should not be passed a value for boolean flags. + The operation should simply be set to true/false. Also treat a NULL + file as coming from the front-end. Bug #993. + [86e69d358916] + +2021-09-13 Todd C. Miller + + * configure, configure.ac, plugins/python/Makefile.in, + scripts/mkdep.pl, src/Makefile.in: + Teach mkdep.pl about --tag=disable-static in LTFLAGS. If static objs + are disabled we need to add explicit dependencies for .o files. The + OpenBSD libtool doesn't use a pic object file when linking + executables so we need to build the non-pic objects too. + [cdefeeb41a64] + + * configure, configure.ac: + Use SUDO_APPEND_LIBPATH when appending to LIBTLS and LIBMD. The + OpenSSL pkgconfig files only include -L paths, not -R paths. Using + SUDO_APPEND_LIBPATH ensures the rpath is set correctly so the + binaries will run (not just link). + [29d051972287] + + * INSTALL, configure, configure.ac: + Add --enable-openssl-pkgconfig-template option. This can be used to + find the correct openssl pkg-config file if it is not named + "openssl" (also libcrypto). + [77cd3463cefa] + + * plugins/sudoers/getdate.c, plugins/sudoers/getdate.y: + Some POSIX yacc fixes for bison 3.8 yyerror() must be extern void + declare tokens with type instead of using separate %type lines + [c4e57f9e7df5] + +2021-09-09 Todd C. Miller + + * .hgtags: + Added tag SUDO_1_9_8 for changeset e25cff5d148b + [4067d7a889fa] <1.9> + + * config.h.in, configure, configure.ac, include/sudo_compat.h, + logsrvd/tls_init.c, plugins/sudoers/regress/fuzz/fuzz_policy.c: + Merge sudo 1.9.8 from tip + [e25cff5d148b] [SUDO_1_9_8] <1.9> + + * .gitignore, .hgignore: + Add src/intercept.exp to ignore files. + [4eaa182a8808] + +2021-09-08 Todd C. Miller + + * plugins/sudoers/po/cs.mo: + regen + [8c168099301b] + + * NEWS: + Mention --enable-static-sudoers fix. + [c93a42253fd0] + + * configure, configure.ac: + Fix typo introduced in 1.9.7 that set SUDO_LDFLAGS to + SUDOERS_LDFLAGS. Copy pasta is not always the best kind of pasta. + [08188442f77b] + + * MANIFEST, configure, configure.ac, m4/sudo.m4, src/Makefile.in, + src/intercept.exp, src/intercept.exp.in, src/sudo_intercept.c: + sudo_intercept.so: only replace execvpe() if it is present. + execvpe() is a GNU extension also found on *BSD (but not macOS). + [26153ad9c6ca] + + * NEWS: + We now intercept more than just execve(). + [33e453f035f8] + +2021-09-07 Todd C. Miller + + * src/sudo_intercept.c: + Implement simple PATH resolution for execvp(). We want to use PATH + from the current value of the environment, not the initial value of + PATH when the policy was opened. This is a little different from how + real execvp() works since we use stat() instead of just execve(). + [fae58e1962cc] + + * doc/sudo.conf.man.in, doc/sudo.conf.mdoc.in, doc/sudoers.man.in, + doc/sudoers.mdoc.in, src/intercept.exp, src/sudo_intercept.c: + Add support for execl, execle, execlp, execvp, and execvpe. + Currently, PATH traversal is handled by sudoers which uses the + original PATH, not the one updated by the shell. + [59dfbbd39bf6] + +2021-09-03 Todd C. Miller + + * plugins/sudoers/gram.c, plugins/sudoers/gram.h, + plugins/sudoers/gram.y: + Remove conditional include of alloca.h, we don't define + HAVE_ALLOCA_H. The configure check for alloca() was removed long ago + but this got missed. + [4c64529df149] + + * doc/sudoers.man.in, doc/sudoers.mdoc.in: + Define RBAC and mention incompatibility with intercept/log_subcmds. + [a44d8f96cad6] + +2021-09-02 Todd C. Miller + + * src/exec_intercept.c: + Fix computation of the token address when handling a partial read. + We want to treat it as an array of bytes, not an array of tokens. + Coverity CID 240011 + [0bb3fb3315ce] + + * plugins/sudoers/parse.c: + Quiet a PVS-Studio format string warning. + [4e445c646dc8] + + * plugins/sudoers/po/sudoers.pot, po/sudo.pot: + Regen .pot files. + [4cec17bc24da] + + * plugins/sudoers/po/cs.po: + Updated translations from translationproject.org + [62fdbab57411] + +2021-09-01 Todd C. Miller + + * src/Makefile.in: + regen + [a2f37ca5473b] + + * configure, configure.ac, lib/util/sudo_conf.c, scripts/mkdep.pl, + src/Makefile.in, src/exec_common.c, src/exec_intercept.c: + Do not compile intercept code if --disable-intercept is specified. + [9d31e2822c24] + + * doc/sudo.conf.man.in, doc/sudo.conf.mdoc.in: + We now intercept execv() too. + [f0eac891cb5c] + + * INSTALL: + INSTALL: --disable-intercept will also disable "log_subcmds" + [55ddfdae455d] + + * doc/sudoers.man.in, doc/sudoers.mdoc.in, plugins/sudoers/parse.c: + Can't use intercept or log_subcmds with SELinux RBAC. SELinux policy + will prevent the inherited socket from sudo from being used and may + also restrict the ability to connect back to the sudo process. + [b73409172859] + + * m4/ax_prog_cc_for_build.m4: + Fix typo in comment. + [3259f09e6952] + + * po/cs.mo, po/cs.po: + Updated translations from translationproject.org + [7543d0d50ee2] + + * include/intercept.pb-c.h, src/exec_intercept.c, + src/intercept.pb-c.c, src/intercept.proto, src/sudo_exec.h, + src/sudo_intercept_common.c: + Switch to a 128-bit token instead of a 64-bit secret. Protobuf + doesn't have a 128-bit type so use two u64s. We now support partial + reads of the token. + [e39ece25fb3b] + +2021-08-31 Todd C. Miller + + * MANIFEST, lib/util/Makefile.in, lib/util/regress/uuid/uuid_test.c, + lib/util/uuid.c: + Fix random uuid generation, no need to convert between byte order. + Also add regression test. + [fd2940acffc2] + + * include/intercept.pb-c.h, src/exec_intercept.c, + src/intercept.pb-c.c, src/intercept.proto, + src/sudo_intercept_common.c: + sudo_intercept.so: send the secret immediately after connecting. + Sending the secret out of band, before the message size is read, + should make it harder to mount a DoS attack. + [4c8b6577bd8c] + + * src/sudo_intercept_common.c: + Handle reading large messages that don't fit in a single recv(). We + know the length of what we are receiving so just loop until we have + it all, get EOF or an error. + [1b8aa927ea83] + + * configure, configure.ac: + Add checks for -fstack-clash-protection and -Wl,-z,noexecstack We + use -Wc,-fstack-clash-protection as the linker flag to prevent + libtool from removing it from the link line. + [7cd701b5039e] + + * src/exec_intercept.c: + Make the sudo side of the intercept socket non-blocking. + [3fe7129ea1f2] + + * src/exec_intercept.c: + Handle partial read/write by dropping back into the event loop. + [fa216d963e18] + + * src/exec_intercept.c: + intercept_check_policy: Fix double free introduced in last commit If + the command is not accepted we don't rebuild command_info[] and must + not free it. It will be freed by the policy instead. + [8bbd2af0924b] + +2021-08-27 Todd C. Miller + + * include/intercept.pb-c.h, src/exec_intercept.c, + src/intercept.pb-c.c, src/intercept.proto, + src/sudo_intercept_common.c: + Update runcwd in command_info[] before passing it to the audit + plugin. Since sudoers does rejected commands itself the runcwd will + still not be correct for those. + [5462a5e1d760] + + * src/exec_preload.c: + Fix LD_PRELOAD formatting when there is an existing LD_PRELOAD var. + [04d8d7750ff6] + +2021-08-26 Todd C. Miller + + * src/exec_intercept.c: + intercept_check_policy: fix potential NUL dereference on the error + path. + [4d1b3f39ccb1] + + * NEWS, doc/sudoers.man.in, doc/sudoers.mdoc.in, + plugins/sudoers/def_data.c, plugins/sudoers/def_data.h, + plugins/sudoers/def_data.in, plugins/sudoers/policy.c, src/exec.c, + src/exec_common.c, src/exec_nopty.c, src/exec_pty.c, src/sudo.c, + src/sudo.h: + Rename log_children -> log_subcmds + [abd73fc939c3] + + * plugins/sudoers/po/de.mo, plugins/sudoers/po/de.po, + plugins/sudoers/po/eo.mo, plugins/sudoers/po/eo.po, + plugins/sudoers/po/fr.mo, plugins/sudoers/po/fr.po, + plugins/sudoers/po/hr.mo, plugins/sudoers/po/hr.po, + plugins/sudoers/po/it.mo, plugins/sudoers/po/it.po, + plugins/sudoers/po/ko.mo, plugins/sudoers/po/ko.po, + plugins/sudoers/po/pl.mo, plugins/sudoers/po/pl.po, + plugins/sudoers/po/pt.mo, plugins/sudoers/po/pt.po, + plugins/sudoers/po/pt_BR.mo, plugins/sudoers/po/pt_BR.po, + plugins/sudoers/po/sr.mo, plugins/sudoers/po/sr.po, + plugins/sudoers/po/uk.mo, plugins/sudoers/po/uk.po, + plugins/sudoers/po/zh_CN.mo, plugins/sudoers/po/zh_CN.po, + plugins/sudoers/po/zh_TW.mo, plugins/sudoers/po/zh_TW.po, po/eo.mo, + po/eo.po, po/fr.mo, po/fr.po, po/hr.mo, po/hr.po, po/ko.mo, + po/ko.po, po/pl.mo, po/pl.po, po/pt.mo, po/pt.po, po/pt_BR.mo, + po/pt_BR.po, po/tr.mo, po/tr.po, po/uk.mo, po/uk.po, po/zh_CN.mo, + po/zh_CN.po, po/zh_TW.mo, po/zh_TW.po: + Updated translations from translationproject.org + [f948528780fb] + + * lib/util/sudo_debug.c: + Add sudo_debug_register_v2() stub for fuzzing build. + [ba522c0c2075] + + * src/exec_intercept.c: + Fix use-after-free on error. Also remove useless free of a ptr that + is always NULL on the error path. + [75200535be80] + + * src/exec_common.c: + No longer need to remap intercept fd but we do need to remap debug + fd. The intercept fd is closed in the ctor but the debug fd will + still be open. + [b48125b884f3] + + * include/sudo_debug.h, lib/util/sudo_debug.c, lib/util/util.exp.in, + logsrvd/logsrvd.c, logsrvd/sendlog.c, + plugins/audit_json/audit_json.c, plugins/python/sudo_python_debug.c, + plugins/sample_approval/sample_approval.c, + plugins/sudoers/sudoers_debug.c, plugins/sudoers/sudoreplay.c, + src/sesh.c, src/sudo.c, src/sudo_intercept_common.c: + sudo_debug_register: add minfd argument to specify lowest fd number + Use this in sudo_intercept.so to avoid allocating a low-numbered fd + which the shell reserves for use by scripts. + [50b23c4d0531] + + * src/exec_intercept.c: + Fix command name of sub-command in logs when log_children is set. + [c1b35686d8b4] + +2021-08-25 Todd C. Miller + + * plugins/sudoers/audit.c, plugins/sudoers/logging.c, + plugins/sudoers/logging.h: + log_allowed: pass struct eventlog * instead of argv[] and envp[]. + This lets us log based on the command_info[] list passed in from the + front-end. Previously, much of the struct eventlog was constructed + from internal sudoers state instead. + [4c4a7ddfeba3] + + * include/sudo_compat.h: + sudo_compat.h: include unistd.h on HP-UX to safely redefine + pread/pwrite HP-UX 11.31 defines static functions for pread() and + pwrite() which will conflict with our macros. + [2dd64cdc261f] + + * config.h.in, configure, configure.ac, include/intercept.pb-c.h, + src/exec_intercept.c, src/exec_nopty.c, src/exec_pty.c, + src/intercept.pb-c.c, src/intercept.proto, src/sudo_exec.h, + src/sudo_intercept_common.c: + Change intercept IPC to use a localhost socket instead of inherited + fd. This allows intercept mode to work with shells that close all + open fds upon startup. The ctor in sudo_intercept.so requests the + port number and secret over the socket inherited from the parent + then closes it. For each policy request, a TCP connection is made to + the sudo parent process to perform the policy check. Child processes + re-use the TCP socket to request the port number and secret just + like the initial process started by sudo does. + [7e7e4a389f11] + + * src/exec_intercept.c: + Add a state variable to intercept_closure, replaces policy_result. + [60fae103a4cd] + + * plugins/sudoers/match_command.c: + command_matches: avoid printf("%s") of NULL in debug for sudo ALL. + [5c81c2c32b4c] + + * Merge pull request #111 from commodo/fix-cflags + + lib/util/Makefile.in: use host CFLAGS and CPPFLAGS for + mksig{name,list} + [ee86d28da792] + +2021-08-25 Alexandru Ardelean + + * lib/util/Makefile.in: + lib: util: Makefile.in: use host CFLAGS and CPPFLAGS for + mksig{name,list} + + When cross-build support was added for mkig{name,list} was added, + the CFLAGS and CPPFLAGS should have been updated to the + HOSTCFLAGS/HOSTCPPFLAGS vars. + + In a cross-build scenario, some of these flags don't match what the + compiler can understand (because they may be architecture specific) + and may fail the build. + + Using the HOSTCFLAGS/HOSTCPPFLAGS works and builds successfully. + Also the output binary works on the target. + + This is in continuation of + - https://github.com/sudo-project/sudo/pull/104 + - https://github.com/sudo-project/sudo/pull/109 + + Signed-off-by: Alexandru Ardelean + [f76870e1a6c5] + +2021-08-24 Todd C. Miller + + * src/exec_intercept.c: + Fold intercept_closure_reset() into intercept_close(). + [ff00ab240672] + + * src/exec_preload.c: + Fix typo that caused SUDO_INTERCEPT_FD to overwrite LD_PRELOAD. + [e4cd1043c7bb] + + * src/exec_preload.c: + Fix off-by-one that could result in duplicate SUDO_INTERCEPT_FD + vars. + [9044d0dff708] + + * src/sudo_intercept.c: + Fix typo in macOS execv change. + [1c637d909382] + +2021-08-21 Todd C. Miller + + * doc/sudo.conf.man.in, doc/sudo.conf.mdoc.in, doc/sudoers.man.in, + doc/sudoers.mdoc.in, src/intercept.exp, src/sudo_intercept.c: + Add execv(3) support to sudo_intercept.so. This allows intercept to + work with csh which uses execv(3) not execve(2). + [690ebf72b6f8] + +2021-08-20 Todd C. Miller + + * doc/sudo.conf.man.in, doc/sudo.conf.mdoc.in, doc/sudoers.man.in, + doc/sudoers.mdoc.in: + Sync the list of functions trapped by sudo_noexec.so. + [b1f7799209ff] + + * doc/sudo.conf.man.in, doc/sudo.conf.mdoc.in: + Add a Debug example for sudo_intercept.so Don't try to enumerate all + the sudo programs that support debugging since all of them do. + [9c1201eaaca2] + + * doc/sudoers.man.in, doc/sudoers.mdoc.in: + Update sudoers Debug example to match the debug changes from sudo + 1.8.12. + [7c831aa9b6d5] + + * doc/sudo.conf.man.in, doc/sudo.conf.mdoc.in: + sudo_intercept.so only intercepts execve(2) for now. + [7314abc72fb9] + + * plugins/sudoers/parse.c: + Fix formatting for bound defaults with multiple entries in the + binding. The entries in the binding were separated with " ," instead + of ", ". + [14442701f793] + + * MANIFEST, src/Makefile.in, src/intercept.exp: + Add exports file for sudo_intercept.so that only exports execve() + [ac97417435ab] + + * src/Makefile.in, src/sudo_intercept.c, src/sudo_intercept_common.c: + Add some debugging to the sudo_intercept.so. + [2dee003b5cc7] + + * config.h.in, configure, configure.ac: + Use AC_FUNC_FSEEKO instead of AC_CHECK_FUNCS_ONCE([fseeko]). This + will define _LARGEFILE_SOURCE, if needed, to make the prototype + visible on older systems. + [3f4314f6a795] + +2021-08-19 Todd C. Miller + + * config.h.in, configure, configure.ac, include/sudo_compat.h: + We still need the pread/pwrite hack for HP-UX 11.11 at least. This + time around, avoid defining _LARGEFILE64_SOURCE and just declare + pread64/pwrite64 ourselves. + [66e01b14a10f] + + * include/sudo_compat.h: + Fix prototypes for sudo_pread() and sudo_pwrite(). + [15acfc576a71] + + * src/exec_intercept.c: + intercept_fd_cb: store the passed fd in newfd, not fd only affects + the old BSD-style fd passing code, not POSIX-style. + [4b13aa4593ba] + + * lib/util/Makefile.in: + Fix mksiglist and mksigname dependencies. + [31519cc5ec2b] + + * doc/sudoers.man.in, doc/sudoers.mdoc.in: + set-user-ID and set-group-ID not set user-ID and set group-ID. + [0ddf5fedc896] + + * NEWS: + The fix for bug #989 will make sudo 1.9.8. Also mention + intercept_authenticate and intercept_allow_setid. + [fa8b7444486b] + + * plugins/sudoers/po/sudoers.pot: + regen + [c8993c070218] + + * .gitignore, .hgignore, MANIFEST, aclocal.m4, configure, + configure.ac, lib/util/Makefile.in, lib/util/mksiglist.c, + lib/util/mksiglist.h, lib/util/mksigname.c, lib/util/mksigname.h, + lib/util/sys_siglist.h, lib/util/sys_signame.h, + m4/ax_prog_cc_for_build.m4: + Cross-build support for mksigname and mksiglist We must build these + with the host C compiler but use the target preprocessor to generate + the output. + [bf2919b63fb9] + +2021-08-19 a1346054 <36859588+a1346054@users.noreply.github.com> + + * .clang-format, INSTALL, MANIFEST, autogen.sh, doc/LICENSE, + etc/sudo.pp, examples/Makefile.in: + Minor cleanup (#110) + + * fix trivial shell script issues + * remove trailing whitespace + [f9d4de3dee50] + +2021-08-19 Todd C. Miller + + * logsrvd/logsrvd_conf.c, plugins/sudoers/check.c, + plugins/sudoers/cvtsudoers.c, plugins/sudoers/exptilde.c, + plugins/sudoers/iolog.c, plugins/sudoers/logging.c, + plugins/sudoers/mkdefaults, plugins/sudoers/policy.c, + plugins/sudoers/regress/fuzz/fuzz_sudoers.c, + plugins/sudoers/sudoers.c, plugins/sudoers/testsudoers.c, + plugins/sudoers/tsdump.c: + Replace messages like "unknown foo: %s" with "unknown foo %s". The + colon really doesn't belong there; we generally use a colon to + separate a message from the warning detail. + [a1b99c8821ae] + + * doc/sudoers.man.in, doc/sudoers.mdoc.in: + log_server_peer_cert and log_server_peer_key are not required by + default. They are only required if sudo_logsrvd has tls_checkpeer + enabled. + [0d9099ce5d74] + + * logsrvd/logsrvd_conf.c: + Sync warning messages with sudoers/logging.c Avoids 3 translation + strings that were effectively duplicated. + [eb058a820998] + +2021-08-18 Todd C. Miller + + * lib/protobuf-c/Makefile.in, src/Makefile.in: + regen + [ab9d4b22d7cb] + + * doc/sudoers.man.in, doc/sudoers.mdoc.in, plugins/sudoers/def_data.c, + plugins/sudoers/def_data.h, plugins/sudoers/def_data.in, + plugins/sudoers/match_command.c, plugins/sudoers/parse.c, + plugins/sudoers/parse.h, + plugins/sudoers/regress/fuzz/fuzz_sudoers.c: + Add intercept_allow_setid sudoers option, disabled by default. With + this change, a shell in intercept mode cannot run a setuid or setgid + binary by default. On most systems, the dynamic loader will ignore + LD_PRELOAD for setuid/setgid binaries such as sudo which would + effectively disable intercept mode. + [cdb876f62882] + + * plugins/sudoers/gram.c, plugins/sudoers/gram.y, + plugins/sudoers/match.c: + Always allocate a struct sudo_command for the command, even for ALL. + Previously we special-cased handling of ALL but this complicates + some upcoming changes. + [d552109d739c] + +2021-08-16 Todd C. Miller + + * etc/codespell.exclude: + Update TAGS_CHANGED macro based on parse.h + [261e4bad3f55] + + * doc/sudo.man.in, doc/sudo.mdoc.in, doc/sudoers.man.in, + doc/sudoers.mdoc.in: + Better document the limitations of intercept mode. Also mention + log_children under "Preventing shell escapes" + [0dfca8d0672d] + + * plugins/sudoers/po/sudoers.pot, po/sudo.pot: + Update .pot files for 1.9.8. + [ed2582c37765] + + * doc/sudoers.man.in, doc/sudoers.mdoc.in: + Try to clarify log_server_peer_key and log_server_peer_cert. These + are client-side not server-side. + [ffa4ee3e2557] + + * logsrvd/logsrvd_conf.c: + Print the section when warning about an illegal key in the conf + file. This should make it easier to tell when a setting is present + in the wrong section. + [8150a7775155] + +2021-08-14 Todd C. Miller + + * lib/eventlog/eventlog.c: + new_logline: limit offset to two significant digits after the + decimal Now instead of TSID=0001L3@5.168230749 we would log + TSID=0001L3@5.16. + [089f7a1285cb] + + * logsrvd/logsrvd.c, logsrvd/logsrvd.h, logsrvd/logsrvd_conf.c, + logsrvd/logsrvd_journal.c: + Set umask to be less restrictive before creating parent directories. + Otherwise we could end up creating them with a more restrictive mode + than indended. Coverity CID 221592 + [1bbb3621106a] + + * lib/eventlog/eventlog.c: + new_logline: handle case where evlog is NULL + [e14ded2179e8] + + * logsrvd/logsrvd_local.c: + store_alert_local: fix memory leak on error path Coverity CID 238642 + [2a3c7fb50c38] + + * plugins/sudoers/audit.c: + log_server_accept: fix memory leak of evlog when logging a sub- + command. Coverity CID 238643 + [36a7325b3dc2] + + * src/exec_intercept.c: + Fix memory leak when client requests secret. Move closure allocation + closer to where it is used. + [773ffe0cb216] + + * logsrvd/logsrvd_local.c: + store_accept_local: fix return value on error + [de0d06a1ade2] + +2021-08-13 Todd C. Miller + + * lib/eventlog/eventlog.c: + Cast iolog_offset.tv_sec to long long for %lld printf format. Quiets + a compiler warning on systems where tv_sec in struct timeval is not + long long. + [54d757357a00] + + * doc/sudoreplay.man.in, doc/sudoreplay.mdoc.in, + lib/iolog/iolog_timing.c, plugins/sudoers/sudoreplay.c: + Add support for an optional offset when parsing the ID to replay. + The offset is a suffix in the form of @sec[.nanosec] + [f8cda41ea0ae] + + * include/sudo_eventlog.h, lib/eventlog/eventlog.c, + logsrvd/logsrvd_local.c, plugins/sudoers/logging.c: + For intercepted commands, log an offset into the current I/O log. + This can be used with sudoreplay to jump to when a specific command + was executed within a session log. + [fd9431d7c878] + + * logsrvd/logsrvd_local.c: + Don't overwrite closure->evlog for sub-commands. + [925c97582b1d] + + * config.h.in, configure, configure.ac, include/sudo_compat.h: + Older Solaris has getusershell() et al but does not declare it. + [df4cd6a5e07f] + + * src/exec_intercept.c, src/exec_nopty.c, src/exec_pty.c, + src/sudo_intercept_common.c: + Add missing stdint.h and sudo_rand.h includes. Needed for + arc4random() and uin64_t. + [47fd965524fe] + + * include/intercept.pb-c.h, src/exec_intercept.c, src/exec_nopty.c, + src/exec_pty.c, src/intercept.pb-c.c, src/intercept.proto, + src/sudo_exec.h, src/sudo_intercept_common.c: + Pass a secret value to sudo_intercept.so and verify after policy + check. The goal is to make it harder for someone to have a fake + policy checker. This will not stop a determined adversary since the + secret is present in the address space of the running process. + [7938c63384df] + +2021-08-11 Todd C. Miller + + * MANIFEST, src/Makefile.in, src/exec.c, src/exec_intercept.c: + Split off intercept code into exec_intercept.c. + [2c05715c4885] + + * scripts/mkpkg: + Add trivial support for FreeBSD packages. The actual FreeBSD port + supports multiple options but this is sufficient for testing + purposes. + [6bb8a1cdf26c] + + * scripts/pp: + FreeBSD: Set default directory and file mode if not specified in + %files Otherwise, a mode of 0 will be used, potentially rendering + the system unusable. + [a3be86a5f85f] + + * plugins/sudoers/logging.c: + Use same check for intercepted commands as log_server_accept(). + Previously, log_server_reject() and log_server_alert() just checked + whether client_closure has been set. + [41177f7c32f4] + + * logsrvd/logsrvd.c, logsrvd/logsrvd_relay.c, logsrvd/sendlog.c, + plugins/sudoers/log_client.c: + Call shutdown() on sockets before closing() if they are connected. + This should ensure that the other side sees any queued data before + the connection is dropped. + [beaafc6c17cf] + + * logsrvd/logsrvd.c, logsrvd/logsrvd_relay.c, logsrvd/sendlog.c, + plugins/sudoers/log_client.c: + If SSL_shutdown() returns 0 it needs to be called one more time. + [52bb0acfb659] + + * plugins/sudoers/editor.c: + resolve_editor: sudoers_gc_remove(editor) before freeing it. + [534cc939264f] + +2021-08-10 Todd C. Miller + + * lib/util/mksigname.h, lib/util/siglist.in: + Sync siglist.in with the generated files. The change to prefer + SIGSYS over SIGUNUSED wasn't made to siglist.in. Also, mksigname.c + doesn't need to explicitly set sudo_sys_signame[0]. + [c331b05f8fc5] + + * plugins/sudoers/Makefile.in, plugins/sudoers/editor.c, + plugins/sudoers/gc.c, plugins/sudoers/sudoers.c, + plugins/sudoers/sudoers.h: + Add garbage collection to resolve_editor(). Fixes a leak when + evaluating the policy multiple times if sudoedit is set. + [ab011d864e87] + +2021-08-09 Todd C. Miller + + * src/exec_common.c: + Fix compilation when configure option --disable-shared is specified. + [98687e01c8e4] + + * doc/sudoers.man.in, doc/sudoers.mdoc.in, plugins/sudoers/check.c, + plugins/sudoers/def_data.c, plugins/sudoers/def_data.h, + plugins/sudoers/def_data.in, plugins/sudoers/policy.c, + plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h: + Add intercept_authenticate sudoers option, defaults to false. By + default, sudoers will not require authentication of commands run via + an intercepted session. To require authenticaton of subsequent + commands, enable intercept_authenticate in sudoers. + [b428c75da1ad] + + * config.h.in, configure, configure.ac, src/exec.c, + src/sudo_intercept_common.c: + If msg_control is not present in struct msghdr use msg_accrights + instead. Fixes building on Solaris and probably others. It is + possible to expose msg_control on Solaris but this requires a + specific set of feature flag defines which can cause other + complications. + [6ee77b869a8c] + + * configure, configure.ac, src/exec_preload.c: + Require that our dso be first in the list to make sure it takes + effect. Otherwise, another dso could take precedence and ours would + not be run. + [58ba4086357c] + + * configure, configure.ac, pathnames.h.in, src/Makefile.in, + src/exec_preload.c: + If building with address sanitizer make sure its DSO is first. + Address sanitizer requires that it be preloaded before any other DSO + in LD_PRELOAD. This should not be required for clang, which links in + asan statically by default. + [a812062f42a8] + + * plugins/sudoers/policy.c, plugins/sudoers/sudoers.c: + Plug some memory leaks when sudoers_policy_main is called multiple + times. These would get cleaned up a policy close time but we don't + want to bloat sudo's memory footprint when running a shell with + multiple commands. + [7fee001ffeae] + + * plugins/sudoers/audit.c, plugins/sudoers/iolog.c, + plugins/sudoers/log_client.c, plugins/sudoers/log_client.h, + plugins/sudoers/logging.c: + Fix logging intercepted commands to a log server in sudoers. Only + available when the server supports the subcommands capability. + [5975770561de] + + * plugins/sudoers/audit.c, plugins/sudoers/logging.c, + plugins/sudoers/logging.h: + Use a separate uuid for intercepted commands. We use the uuid to + match the command with its exit status. + [467f0db6e2c6] + + * plugins/sudoers/policy.c, plugins/sudoers/sudoers.c: + Avoid some double frees in the fuzzer Now that sudoers free old + values of NewArgv and command_info the fuzzer needs to reset those + values. Otherwise we end up with stashed values that have already + been garbage collected. + [2a1b5808d272] + + * NEWS, configure, configure.ac: + Sudo 1.9.8 + [bc96c8f95abf] + + * doc/sudoers.man.in, doc/sudoers.mdoc.in, + plugins/sudoers/cvtsudoers_json.c, + plugins/sudoers/cvtsudoers_ldif.c, plugins/sudoers/def_data.c, + plugins/sudoers/def_data.h, plugins/sudoers/def_data.in, + plugins/sudoers/fmtsudoers.c, plugins/sudoers/gram.c, + plugins/sudoers/gram.h, plugins/sudoers/gram.y, + plugins/sudoers/parse.c, plugins/sudoers/parse.h, + plugins/sudoers/policy.c, plugins/sudoers/toke.c, + plugins/sudoers/toke.l: + Add "intercept" Defaults setting to allow interception of sub- + commands. This causes "intercept" to be set to true in + command_info[] which the sudo front-end will use to determine + whether or not to intercept attempts to run further commands, such + as from a shell. Also add "log_children" which will use the same + mechanism but only log (audit) further commands. + [f42e11c0fde9] + + * INSTALL, configure, configure.ac, doc/sudo.conf.man.in, + doc/sudo.conf.mdoc.in, examples/sudo.conf.in, include/sudo_conf.h, + lib/util/sudo_conf.c, lib/util/util.exp.in, pathnames.h.in, + src/Makefile.in, src/exec.c, src/exec_common.c, src/selinux.c, + src/sesh.c, src/sudo.c, src/sudo.h, src/sudo_exec.h: + Add support for loading the sudo_intercept.so DSO. + [47d84cc8a8ed] + + * include/sudo_compat.h, src/exec.c, src/exec_common.c, + src/exec_monitor.c, src/exec_nopty.c, src/exec_pty.c, src/selinux.c, + src/sesh.c, src/sudo_exec.h: + Allocate a socketpair to communicate with sudo_intercept.so over. + This is used for the intercept and log_children options. + [b40091760952] + + * plugins/sudoers/auth/bsdauth.c, plugins/sudoers/auth/pam.c, + plugins/sudoers/defaults.c, plugins/sudoers/defaults.h, + plugins/sudoers/file.c, plugins/sudoers/ldap.c, + plugins/sudoers/ldap_util.c, plugins/sudoers/policy.c, + plugins/sudoers/regress/fuzz/fuzz_policy.c, plugins/sudoers/sssd.c, + plugins/sudoers/sudo_ldap.h, plugins/sudoers/sudoers.c, + plugins/sudoers/sudoers.h: + Make it possible to call the sudoers policy check function multiple + times. We need to reset the Defaults values to their original state. + [3187e87d7fb6] + + * plugins/sudoers/set_perms.c: + Allow set_perms(PERM_INITIAL) to be called more than once. If the + perm stack depth is non-zero when set_perms(PERM_INITIAL) is called, + rewind it first and re-initialize the stack depth to 0. Fixes a + user-after-free bug if set_perms(PERM_INITIAL) is called multiple + times. + [fdf9a2e07eb1] + + * plugins/sudoers/audit.c, plugins/sudoers/logging.c, + plugins/sudoers/logging.h: + Use run_argv and run_envp passed into the audit plugin for event + logging. Previously we used NewArgv[] and env_get() but now that + logging is performed via an audit plugin we should use the values + passed in. + [d8e031fc2389] + + * doc/sudo_logsrv.proto.man.in, doc/sudo_logsrv.proto.mdoc.in, + include/log_server.pb-c.h, lib/logsrv/log_server.pb-c.c, + lib/logsrv/log_server.proto, logsrvd/logsrvd.c: + Allow multiple accept/reject messages during a logsrv conversation. + The log server now advertises a subcommands flag if it supports + logging subcommands (e.g. commands run from a sudo-spawned program + like a shell). The client should only log additional commands during + a session if this flag is set in the ServerHello message. + [5b88982604e8] + + * MANIFEST, Makefile.in, configure, configure.ac, + lib/logsrv/Makefile.in, lib/logsrv/protobuf-c.c, + lib/protobuf-c/Makefile.in, lib/protobuf-c/protobuf-c.c: + Add separate convenience lib for protobuf-c We need to use it for + sudo <-> sudo_intercept.so communication. + [9529d7f9db18] + + * MANIFEST, include/intercept.pb-c.h, src/Makefile.in, + src/intercept.pb-c.c, src/intercept.proto: + Define protocol for sudo <-> sudo_intercept.so communication. Uses + google protocol buffers. + [139ba292e226] + + * src/exec.c, src/sudo.c, src/sudo.h: + Implement the sudo side of the sudo_intercept.so communication. + [4a7face9ed17] + + * MANIFEST, src/Makefile.in, src/exec.c, src/exec_common.c, + src/sudo_exec.h, src/sudo_intercept.c, src/sudo_intercept_common.c: + Implement sudo_intercept.so. Uses protobuf to talk to main sudo + process over a socketpair. + [fc21ae0f663e] + + * src/sudo.c, src/sudo.h: + Add return values for most of the plugin function wrappers that + returned void. Previously, they would just exit if there was an + error. Now the error is passed back up the stack so we can use them + in sudo_intercept.so. + [87cb4b0e7dff] + + * src/sudo.c: + Reduce the number of function args passed to plugin wrappers. This + makes sudo_settings, user_info, submit_argv, submit_envp and + submit_optind global. This will be required for calling the wrapper + from outside of sudo.c where we may not have access to those + variables. + [525bffcf911c] + + * src/exec.c, src/sudo.c, src/sudo.h: + Call the approval plugin after the policy plugin accepts a command. + Previously, for intercepted commands we only called the policy + plugin. + [4df18aaa8708] + + * src/exec.c: + Take control of the tty and save its settings before doing a policy + check. Otherwise the policy plugin won't be able to read the + password. + [6a422974d472] + + * MANIFEST, src/Makefile.in, src/exec_common.c, src/exec_preload.c, + src/sudo_exec.h, src/sudo_intercept.c, src/sudo_intercept_common.c: + Move preload_dso() to its own file and rename to sudo_preload_dso(). + It now takes an intercept fd as an optional argument instead of a + list of extra variables to add. This lets us check whether it is + already set to the expected value (and add it if not). + sudo_intercept.so now uses sudo_preload_dso() to make sure that + LD_PRELOAD and SUDO_INTERCEPT_FD are set properly before executing. + [447e96378d01] + + * src/exec_preload.c, src/sudo_intercept_common.c: + Add debug support to sudo_intercept.so + [586ea125cebb] + + * src/exec.c, src/exec_nopty.c, src/exec_pty.c: + Make the log_children option only log and not check policy. + [0524c7e87174] + + * plugins/sudoers/prompt.c: + expand_prompt: use correct strlcpy() size parameter The available + size passed to strlcpy() was computed incorrectly. Switch to + updating the length after writing to the new prompt instead of + computing it each time. The actual buffer size is computed and + allocated correctly so there is no real consequence to this bug. + Found by Qualys. + [c03f1c2f8f35] + +2021-08-03 Todd C. Miller + + * doc/sudo_logsrvd.conf.man.in, doc/sudo_logsrvd.conf.mdoc.in, + examples/sudo_logsrvd.conf: + The tls_verify setting only affects server behavior, not the client. + Originally, there was a flag in the ServerHello message to indicate + that the client should verify the server cert, but this was removed + TLS was moved to a separate port. Client validation of the server + certificate is now configured in the sudoers file instead. + [344b51f3eee3] + +2021-08-02 Todd C. Miller + + * scripts/mkpkg: + On macOS, don't disable tty tickets and set password timeout to 0. + This more closely matches the options used by the macOS version of + sudo. + [bd21c492921c] + + * plugins/sudoers/find_path.c: + Add some debugging info to find_path() + [dd7aebb432d6] + +2021-07-30 Todd C. Miller + + * lib/iolog/iolog_mkdtemp.c: + iolog_mkdtemp: umask must not be more restrictive than the file + modes. We need this even though we will be calling mkdtemp() since + the umask affects the mode of any parent directories. + [c545b3369eae] + +2021-07-29 Todd C. Miller + + * plugins/sudoers/visudo.c: + Plug memory leak in error path when sudoers cannot be opened. + [3df6b32149b8] + + * plugins/sudoers/defaults.c: + Trying to use "+=" or "-=" operators on a non-list is an error. + Previously, they were simply treated as "=" for non-lists. + [3e0d47d0b4ea] + + * src/regress/net_ifs/check_net_ifs.c: + Plug a memory leak in check_net_ifs found by address sanitizer. + [bff1ad993476] + + * configure, configure.ac: + Prefix sanitizer and fuzzer options with -XCClinker in ASAN_LDFLAGS. + Otherwise libtool may ignore the options when linking. + [ed1120f3813d] + +2021-07-27 Todd C. Miller + + * logsrvd/tls_init.c: + Display the correct error message if X509_verify_cert() fails. We + must use X509_STORE_CTX_get_error() and + X509_verify_cert_error_string() instead of the generic OpenSSL error + functions. + [778bbbe68e28] + + * lib/eventlog/eventlog.c: + In new_logline check for NULL args->reason for EVLOG_RAW. This can't + happen in practice since we never set EVLOG_RAW without passing in a + reason. Coverity CID 237142 237143 + [83f9038151db] + + * lib/eventlog/eventlog.c: + format_json: don't dereference evlog if it is NULL. Also silence a + PVS Studio false positive. + [150039f65d26] + +2021-07-26 Todd C. Miller + + * .hgtags: + Added tag SUDO_1_9_7p2 for changeset 590e06825ec4 + [cf3865846c94] <1.9> + + * configure, configure.ac: + Bump version to 1.9.7p2 + [590e06825ec4] [SUDO_1_9_7p2] <1.9> + + * configure, configure.ac: + Bump version to 1.9.7p2 + [388bf6af8434] + + * NEWS: + Sudo 1.9.7p2 + [c3bd2eb0d779] <1.9> + + * NEWS: + Sudo 1.9.7p2 + [153a6c96a8ec] + + * config.h.in, configure, configure.ac, include/sudo_compat.h, + logsrvd/tls_client.c, logsrvd/tls_init.c, + plugins/sudoers/log_client.c: + Use TLS_method() instead of TLS_client_method() throughout. OpenSSL + returns an error for SSL_accept() if TLS_client_method() was used to + generate the context (LibreSSL doesn't care). + + Prior to sudo 1.9.7, TLS_client_method() and TLS_server_method() + were used in the TLS client and server initialization code + respectively. This was refactored in sudo 1.9.7 to allow the code to + be shared. Bug #988 + [f2bf4aca30d4] <1.9> + + * config.h.in, configure, configure.ac, include/sudo_compat.h, + logsrvd/tls_client.c, logsrvd/tls_init.c, + plugins/sudoers/log_client.c: + Use TLS_method() instead of TLS_client_method() throughout. OpenSSL + returns an error for SSL_accept() if TLS_client_method() was used to + generate the context (LibreSSL doesn't care). + + Prior to sudo 1.9.7, TLS_client_method() and TLS_server_method() + were used in the TLS client and server initialization code + respectively. This was refactored in sudo 1.9.7 to allow the code to + be shared. Bug #988 + [1ca00726b4d6] + + * plugins/sudoers/regress/fuzz/fuzz_policy.c: + Only replace getaddrinfo for + FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION. This works around an issue + on SCO which uses inline functions in the header files which call + the actual, versioned, library function. + [f010d83f0168] <1.9> + + * plugins/sudoers/regress/fuzz/fuzz_policy.c: + Only replace getaddrinfo for + FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION. This works around an issue + on SCO which uses inline functions in the header files which call + the actual, versioned, library function. + [64cbf884b7f9] + +2021-07-26 MertsA + + * src/utmp.c: + Rewind utmp file pointer after searching for entry (#108) + + getutline() advances the file pointer until it matches or reaches + EOF. pututline() starts from the current position in utmp. This + rewinds the file pointer to the beginning to avoid allocating + additional spurious utmp entries. + [af1463026fd1] <1.9> + + * src/utmp.c: + Rewind utmp file pointer after searching for entry (#108) + + getutline() advances the file pointer until it matches or reaches + EOF. pututline() starts from the current position in utmp. This + rewinds the file pointer to the beginning to avoid allocating + additional spurious utmp entries. + [142555f7a47e] + +2021-07-25 Todd C. Miller + + * configure, configure.ac, m4/sudo.m4: + Use AC_CACHE_CHECK in place of AC_MSG_CHECKING + AC_CACHE_VAL where + possible. + [7b0fb8de8276] + + * config.h.in, configure, configure.ac, include/sudo_compat.h: + Add configure check for va_copy instead of using #ifdef This + prevents the va_copy compat #define from being used if sudo_compat.h + is somehow included before stdarg.h. + [6d283753e47b] <1.9> + + * config.h.in, configure, configure.ac, include/sudo_compat.h: + Add configure check for va_copy instead of using #ifdef This + prevents the va_copy compat #define from being used if sudo_compat.h + is somehow included before stdarg.h. + [fcfd53b859ac] + +2021-07-23 Todd C. Miller + + * src/limits.c: + Avoid using RLIM_INFINITY for the nofile soft limit to prevent + closefrom_fallback() from closing too many file descriptors. + [edbcd5c82d4d] <1.9> + + * src/limits.c: + Avoid using RLIM_INFINITY for the nofile soft limit to prevent + closefrom_fallback() from closing too many file descriptors. + [e807ca9bfb6a] + + * plugins/sudoers/logging.c: + Include signal.h for SIG2STR_MAX and sig2str(). + [ad17a1be07e2] + +2021-07-15 Todd C. Miller + + * include/sudo_eventlog.h, lib/eventlog/eventlog.c, + logsrvd/iolog_writer.c, plugins/sudoers/logging.c, + plugins/sudoers/policy.c, plugins/sudoers/sudoers.h: + Create a UUID and log it in the JSON version of the event log. + [8a1ad98fac51] + + * include/sudo_eventlog.h, lib/eventlog/eventlog.c, + logsrvd/logsrvd_local.c, plugins/sudoers/logging.c: + Remove unused info_cb and info arguments from eventlog_exit() + [c614ef1afa12] + +2021-07-09 Todd C. Miller + + * include/sudo_eventlog.h, lib/eventlog/eventlog.c: + Add support for logging exit status events. For sudo-formatted logs, + this is a record with "EXIT=number" and potentially "SIGNAL=name" + after the command. For JSON-format logs, a new "exit" record is + logged which contains an "exit_value" and potentially "signal" and + "core_dumped". JSON-format logs now incude a UUID to associate the + "exit" record with the "accept" record. + [52e40ae4b79a] + + * doc/sudoers.man.in, doc/sudoers.mdoc.in, plugins/sudoers/def_data.c, + plugins/sudoers/def_data.h, plugins/sudoers/def_data.in, + plugins/sudoers/logging.c, plugins/sudoers/logging.h, + plugins/sudoers/policy.c, + plugins/sudoers/regress/fuzz/fuzz_policy.c: + Add log_exit_status sudoers option to log when a command exits. This + option defaults to off. + [cac3ca7ad193] + + * doc/sudo_logsrvd.conf.man.in, doc/sudo_logsrvd.conf.mdoc.in, + examples/sudo_logsrvd.conf, logsrvd/logsrvd.h, + logsrvd/logsrvd_conf.c, logsrvd/logsrvd_local.c: + Add log_exit setting in the sudo_logsrvd.conf eventlog stanza This + causes sudo_logsrvd to log a record with the exit status or + terminating signal in response to an ExitMessage. + [1a15f676974a] + +2021-07-08 Todd C. Miller + + * plugins/python/python_plugin_common.c: + Check that the python module we actually loaded is what we intended. + This is intended to provide a more useful error message if the user + defines a module which conflicts with a system python module. For + example, a module called test.py would conflicts with the system + python test module. + [345523b6e87d] <1.9> + + * plugins/python/python_plugin_common.c: + Check that the python module we actually loaded is what we intended. + This is intended to provide a more useful error message if the user + defines a module which conflicts with a system python module. For + example, a module called test.py would conflicts with the system + python test module. + [0676191e4741] + +2021-07-02 Todd C. Miller + + * doc/CONTRIBUTORS: + Mention that xkcd inspired the sandwich logo. + [c7839328e21f] + + * doc/HISTORY: + Mention log server and fuzzers under Quest contributions. + [f4a081f75cd0] + +2021-06-26 Todd C. Miller + + * src/sesh.c, src/sudo.c, src/sudo_edit.c: + Don't assume that the number of groups returned by getgroups() is + static. On systems where getgroups() returns results based on more + than just the per-process group vector in the kernel it is possible + for the number of groups to change in between invocations. Based on + GitHub PR #106 from Pierre-Olivier Martel. + [832fa2480024] <1.9> + + * src/sesh.c, src/sudo.c, src/sudo_edit.c: + Don't assume that the number of groups returned by getgroups() is + static. On systems where getgroups() returns results based on more + than just the per-process group vector in the kernel it is possible + for the number of groups to change in between invocations. Based on + GitHub PR #106 from Pierre-Olivier Martel. + [dbc7a173a7b8] + + * doc/Makefile.in: + Use "mandoc -Tlint -Wwarning" instead of -Wstyle. The style checks + now include "referenced manual not found" warnings which is not + helpful. + [251757f22498] + +2021-06-22 Todd C. Miller + + * logsrvd/Makefile.in, src/Makefile.in: + regen + [c6a21b385d57] + +2021-06-21 Todd C. Miller + + * lib/fuzzstub/fuzzstub.c: + Change ms from size_t to long. Avoids a spurious test failure on + Solaris 9 + [5e204b959000] <1.9> + + * lib/fuzzstub/fuzzstub.c: + Change ms from size_t to long. Avoids a spurious test failure on + Solaris 9 + [c26f8d233ea9] + + * plugins/sudoers/interfaces.c, src/net_ifs.c: + Move definition of INADDR_NONE from interfaces.c to net_ifs.c. Fixes + compilation on Solaris 9. + [d05bca21f145] <1.9> + + * plugins/sudoers/interfaces.c, src/net_ifs.c: + Move definition of INADDR_NONE from interfaces.c to net_ifs.c. Fixes + compilation on Solaris 9. + [9da2276cf944] + +2021-06-19 Todd C. Miller + + * logsrvd/logsrvd.c: + Fix dead store found by clang analyzer. + [5c85aeef651e] + + * logsrvd/logsrvd_conf.c: + Fix prefix skipping when the prefix is embedded and not separate. + This doesn't currently matter since the progname and the ": " are + stored in separate messages. Found by clang analyzer. + [321e90e1b347] + + * logsrvd/logsrvd_relay.c: + Remove dead store found by clang analyzer. + [5fd56f26e1ba] + +2021-06-16 Todd C. Miller + + * plugins/audit_json/audit_json.c: + Make sure we store an octal number (like umask) as a string. JSON + doesn't (portably) support octal numbers with a leading zero. + [a0c8392f2f7a] <1.9> + + * plugins/audit_json/audit_json.c: + Make sure we store an octal number (like umask) as a string. JSON + doesn't (portably) support octal numbers with a leading zero. + [3ac37bb42f1e] + + * logsrvd/logsrvd.c, logsrvd/logsrvd.h, logsrvd/logsrvd_conf.c, + logsrvd/regress/fuzz/fuzz_logsrvd_conf.c: + Replace logsrvd_is_early() with logsrvd_warn_stderr(). This is now + defined in logsrvd_conf.c which removes a dependency on another + compilation unit for the fuzzer. + [3594cf3ec397] + +2021-06-15 Todd C. Miller + + * logsrvd/logsrvd_local.c: + Silence a compiler warning on Solaris. + [fd9ba461b601] + + * logsrvd/logsrvd.c: + Reduce scope of errstr variable so it is only declared for OpenSSL. + [eebe09a17f4b] + + * plugins/sudoers/po/sudoers.pot, po/sudo.pot: + regen + [05b8391c6d13] + + * logsrvd/iolog_writer.c, logsrvd/logsrv_util.c, logsrvd/logsrvd.c, + logsrvd/logsrvd_conf.c, logsrvd/logsrvd_journal.c, + logsrvd/logsrvd_local.c, logsrvd/logsrvd_queue.c, + logsrvd/logsrvd_relay.c, logsrvd/sendlog.c, logsrvd/tls_init.c: + Use sudo_warnx?() instead of sudo_debug_printf for errors. We now + hook the warn functions so the messages are logged. The messages + still show up in the debug log too. + [9e25dc71b4cc] + +2021-06-14 Todd C. Miller + + * MANIFEST, config.h.in, configure, configure.ac, + include/sudo_compat.h, lib/util/Makefile.in, + lib/util/regress/vsyslog/vsyslog_test.c, lib/util/vsyslog.c, + scripts/mkdep.pl: + Remove vsyslog(3) emulation, it is no longer used. + [7d1b78c2037a] + +2021-06-13 Todd C. Miller + + * logsrvd/logsrvd_conf.c, logsrvd/regress/fuzz/fuzz_logsrvd_conf.c: + If logsrvd_config not set fall back to using stderr for warnings. + Also fix fuzz_logsrvd_conf link error. + [eeaafe1b3e09] + + * doc/sudo_logsrvd.conf.man.in, doc/sudo_logsrvd.conf.mdoc.in, + examples/sudo_logsrvd.conf, logsrvd/logsrvd.c, logsrvd/logsrvd.h, + logsrvd/logsrvd_conf.c: + Add support for logging server warning/error messages. We can use + sudo_warn_set_conversation() to set a conversation function that + either writes to a log file or calls syslog(). + [5d8e13f053d0] + +2021-06-11 Todd C. Miller + + * .hgtags: + Added tag SUDO_1_9_7p1 for changeset d936a99e842d + [9bc246c519f3] <1.9> + + * Merge sudo 1.9.7p1 from tip + [d936a99e842d] [SUDO_1_9_7p1] <1.9> + + * NEWS, configure, configure.ac: + Sudo 1.9.7p1 + [29f478993ef3] + +2021-06-09 Todd C. Miller + + * plugins/audit_json/audit_json.c: + Check arrays that are passed in for NULL before using them. + [925ba5b0f2cb] + + * configure, configure.ac: + Disable nss_search()-based group lookups on HP-UX for now. There is + a crash when "group: compat" is used in /etc/nsswitch.conf that I + haven't been able to debug. Since HP-UX doesn't ship the appropriate + headers it is likely that there is a mismatch between + include/compat/nss_dbdefs.h and what HP actually uses. + [28b00005c785] + +2021-06-08 Todd C. Miller + + * logsrvd/logsrvd.c, logsrvd/logsrvd.h: + Remove logsrvd closure ERROR state and use a boolean flag instead. + Fixes a bug where we would not insert a journal file that failed to + relay into the queue because its state was changed from CONNECTING + to ERROR after failing to connect. + [638285a4bedb] + + * include/compat/nss_dbdefs.h, lib/util/getgrouplist.c: + Add NSS_TRYAGAIN and correct buflen in struct nss_XbyY_buf_t. Add + some function argument names. Also use struct nss_db_state * instead + of void * in nss_db_root_t. We don't define struct nss_db_state but + since it is a pointer all we need is a forward declaration. + [bc848fb97671] + +2021-06-07 Todd C. Miller + + * lib/fuzzstub/fuzzstub.c, lib/iolog/Makefile.in, + lib/util/Makefile.in, logsrvd/Makefile.in: + Make sure we link with libsudo_util *after* libfuzzstub. This only + affects builds with a static libsudo_util. Also fix a warning on HP- + UX about main not being public. + [18ff1f108c4e] + + * MANIFEST, lib/util/Makefile.in, + lib/util/regress/getgrouplist/getgids.c: + Add getgids utility to simular "id -G" using sudo_getgrouplist2() + [aed11065818d] + + * lib/util/getgrouplist.c: + Make sure we don't read or write past the end of the group buffer. + We need to leave room for the terminating NULL in gr_mem. It is + possible for gbm->numgids > gbm->maxgids if we ran out of room. + [25a3ee849fd4] + +2021-06-04 Todd C. Miller + + * lib/util/getgrouplist.c: + Add some debugging to sudo_getgrouplist2(). + [4d79e92c8ee8] + +2021-06-02 Todd C. Miller + + * src/load_plugins.c: + Fix some debug_decl typos and remove an unneeded cast. + [fafa91ac3def] + + * plugins/sudoers/defaults.h: + T_TIMEOUT is not a bitwise flag so doesn't need to be a power of 2. + [66019af6d642] + +2021-05-28 Todd C. Miller + + * src/load_plugins.c: + sudo_stat_plugin(): set errno but do not warn if plugin path too + long. The caller will display the warning (using errno) so there is + no need to do it twice. + [c8614b374a35] + +2021-05-26 Todd C. Miller + + * doc/sudoreplay.man.in, doc/sudoreplay.mdoc.in: + sudoreplay does not parse sudoers to find the value of iolog_dir. + The default value for the I/O log directory is set at build time. + [3cf72612e992] + + * plugins/sudoers/policy.c: + Fix group list ref leak in sudoers_policy_store_result() on error + path. + [34785448a275] + +2021-05-24 Todd C. Miller + + * plugins/sudoers/policy.c: + Update comment to match reality. + [ec3e0a40d1ec] + +2021-05-13 Todd C. Miller + + * configure, configure.ac, scripts/ltmain.sh, src/Makefile.in: + Build sudo_noexec.so as a module on systems other then Darwin. On + Darwin, shared modules and shared libraries are not interchangable + and since we preload sudo_noexec.so via DYLD_INSERT_LIBRARIES it + must be a library, not a module. We must relax the requirement that + libraries begin with a "lib" prefix to work around this difference. + This does mean you must use sudo's libtool on Darwin (macOS) but + that is already a requirement on other systems (notably HP-UX and + SCO) due to a number of libtool patches we require that haven't be + accepted upstream. This is a different fix for PR #102. + [2e5454c56d3c] + + * configure, configure.ac: + Use -Wno-deprecated-declarations on macOS This quiets warnings about + LDAP and audit libraries being deprecated. We will use them until + they are removed in a future version of macOS. + [6fbdf644865c] + +2021-05-12 Todd C. Miller + + * scripts/mkpkg: + Use /usr/bin/cc on FreeBSD and macOS. + [7d6bcea0e544] + + * plugins/sudoers/log_client.c: + Don't include errno in "unable to connect to log server" message. + There should be a more specific message, usually with an error + string, displayed earlier. + [e599f9b0fd1c] + + * src/ttyname.c: + Fix compiler warning on FreeBSD. + [2c6fc866fb5b] + + * lib/iolog/hostcheck.c: + Explicitly include netinet/in.h for struct sockaddr_in and + sockaddr+_in6. Fixes a compilation problem on FreeBSD. + [2277c8f37c34] + +2021-05-11 Todd C. Miller + + * .hgtags: + Added tag SUDO_1_9_7 for changeset f0ce54d4288c + [58968ec7a457] <1.9> + + * Merge sudo 1.9.7 from tip + [f0ce54d4288c] [SUDO_1_9_7] <1.9> + +2021-05-10 Todd C. Miller + + * plugins/sudoers/po/zh_TW.mo, plugins/sudoers/po/zh_TW.po: + Updated translations from translationproject.org + [3d6d49097b98] + + * plugins/sudoers/log_client.c: + Better warning when close function is passed a non-terminal signal. + [8b8628249e4d] + + * logsrvd/logsrvd_local.c: + Remove line causing store_suspend_local() to return false on + success. This is something that should have been removed as part of + the local I/O logging refactor. + [e8ae1e61b8b2] + + * src/exec_pty.c: + Don't set the command status in the closure when the command is + suspended. This should only be set for signals that terminate the + process. Fixes a bug where the sudo front-end could call the plugin + close function with a non-terminal signal argument. + [a95024bfb6e8] + +2021-05-07 Todd C. Miller + + * plugins/python/pyhelpers.c, plugins/python/python_plugin_policy.c: + Quiet -Wshadow warnings from gcc. + [7ff2985ba650] + + * NEWS, doc/sudoers.man.in, doc/sudoers.mdoc.in: + The -g option may also be used with any group the target user + belongs to. The description in the Runas_Spec section incorrectly + stated that the -g option could not be used if no runas group was + set. Bug #975. + [67d1948d1aa8] + + * configure, configure.ac: + Remove redundant "configuring Sudo version X.YY" line. We now + display this along with the summary info at the end. + [0d7c908f8d4c] + + * configure, configure.ac: + Don't check for -Wl,-z,relro twice. + [a30dce71fb26] + +2021-05-06 Todd C. Miller + + * plugins/sudoers/po/fi.mo, plugins/sudoers/po/fi.po, + plugins/sudoers/po/hr.mo, plugins/sudoers/po/hr.po, + plugins/sudoers/po/ko.mo, plugins/sudoers/po/ko.po, + plugins/sudoers/po/pl.mo, plugins/sudoers/po/pl.po, + plugins/sudoers/po/pt.mo, plugins/sudoers/po/pt.po, + plugins/sudoers/po/sv.mo, plugins/sudoers/po/sv.po, + plugins/sudoers/po/zh_CN.mo, plugins/sudoers/po/zh_CN.po: + Updated translations from translationproject.org + [9303a20fe480] + + * scripts/mkpkg: + Build python plugin for RHEL 6 as well. + [edaa6ec0e255] + + * configure, configure.ac: + Remove shell-style quotes in configure warning/error/notice + messages. Square bracket quotes are used, no need for shell-style + double quotes. + [e6de284df511] + + * NEWS, configure, configure.ac: + Summarize configure settings after all tests have run. This makes it + a lot easier to see what features have been enabled. + [12ea96affed5] + +2021-05-04 Todd C. Miller + + * INSTALL, configure, configure.ac: + Remove --with-efence option, there are better options available. + [78fd5ceb2c52] + + * NEWS: + Move misplaced changes into the 1.9.7 section where they belong. + [1519f7a4669b] + + * lib/util/regress/sudo_conf/conf_test.c: + Awful hack to pass on macOS where group_source=dynamic by default. + [b038bfab8c34] + + * plugins/sudoers/po/ca.mo, plugins/sudoers/po/ca.po, + plugins/sudoers/po/cs.mo, plugins/sudoers/po/cs.po, + plugins/sudoers/po/de.mo, plugins/sudoers/po/de.po, + plugins/sudoers/po/eo.mo, plugins/sudoers/po/eo.po, + plugins/sudoers/po/fr.mo, plugins/sudoers/po/fr.po, + plugins/sudoers/po/it.mo, plugins/sudoers/po/it.po, + plugins/sudoers/po/ja.mo, plugins/sudoers/po/ja.po, + plugins/sudoers/po/sr.mo, plugins/sudoers/po/sr.po, + plugins/sudoers/po/sv.mo, plugins/sudoers/po/sv.po, + plugins/sudoers/po/uk.mo, plugins/sudoers/po/uk.po, po/ca.mo, + po/ca.po, po/it.mo, po/it.po, po/sr.mo, po/sr.po: + Updated translations from translationproject.org + [7b156da85d13] + + * NEWS: + Document late stage 1.9.7 changes. + [28756df7dcb4] + + * doc/sudo_sendlog.man.in, doc/sudo_sendlog.mdoc.in, + logsrvd/sendlog.c, logsrvd/sendlog.h: + sudo_sendlog: rename -m (max-time) to -s (stop-after). + [4f016111b242] + + * logsrvd/logsrv_util.c, logsrvd/logsrvd.c, logsrvd/logsrvd_journal.c: + Update closure->elapsed_time in journal_seek(). Otherwise the commit + point messages won't be accurate when restarting. + [6cd4db44b8ee] + + * doc/sudo_sendlog.man.in, doc/sudo_sendlog.mdoc.in, + logsrvd/sendlog.c, logsrvd/sendlog.h: + Add "-m elapsed" option to specify the max elapsed time of records + to send. Useful for testing the ability of the server to handle + restarted log transfers. + [cd9c9235e320] + +2021-05-03 Todd C. Miller + + * logsrvd/logsrvd.c, logsrvd/logsrvd_relay.c: + Disable reading from client or relay when sending error to client. + We treat an error from the relay as fatal and must stop processing + data from both client and relay to make sure we don't get out of + sync. + [258f9691b3d9] + + * logsrvd/iolog_writer.c, logsrvd/logsrvd.c, logsrvd/logsrvd_local.c: + Fix I/O log restart of locally-store logs. This got broken a while + ago when evlog in struct connection_closure was changed to a + pointer. + [8b59122891f9] + + * scripts/pp: + Fix detection of the volatile flag when other flags are present. + Otherwise flags fields like "volatile,ignore-other" will be ignored + by the Debian and BSD back ends. + [0d120b9eab71] + + * src/limits.c: + Fix debug message when prctl(PR_SET_DUMPABLE, 0, 0, 0, 0) fails. + GitHub issue #101 + [7d266c174457] + + * logsrvd/logsrvd_relay.c, logsrvd/sendlog.c, logsrvd/tls_client.c, + logsrvd/tls_common.h, plugins/sudoers/log_client.c: + Don't hard-code the TLS connect timeout, use normal connect timeout. + For sudo_logsrvd, this is the relay connect_timeout setting. For + sudoers, this is the log_server_timeout setting. + [49e29f187f5a] + +2021-05-02 Todd C. Miller + + * logsrvd/logsrvd_queue.c: + Add missing closedir(3) in logsrvd_queue_scan(). Coverity CID 221591 + [e9745c64a721] + + * NEWS: + Mention "log_server_verify" bug fix. + [a70060c34e7a] + + * configure, configure.ac, doc/sudo_logsrvd.conf.man.in, + doc/sudo_logsrvd.conf.mdoc.in, examples/sudo_logsrvd.conf, + m4/sudo.m4, pathnames.h.in: + Rename logsrvd log dir to /var/log/sudo_logsrvd. + [fb979be9927e] + + * doc/sudo_logsrvd.conf.man.in, doc/sudo_logsrvd.conf.mdoc.in, + examples/sudo_logsrvd.conf, logsrvd/logsrvd.h, + logsrvd/logsrvd_conf.c, logsrvd/logsrvd_queue.c: + Make the failed relay retry interval configurable. This is the + amount of time to wait before trying to resend a journal to the + relay server after a connection error. + [cbc04201a63e] + +2021-05-01 Todd C. Miller + + * MANIFEST, logsrvd/Makefile.in, logsrvd/logsrvd.c, logsrvd/logsrvd.h, + logsrvd/logsrvd_journal.c, logsrvd/logsrvd_queue.c, + logsrvd/logsrvd_relay.c: + Send outgoing messages to the relay server on startup. Also attempt + to retry messages that could not be relayed periodically. + [7ed12983af85] + + * lib/util/fatal.c: + Avoid clobbering errno in warning(). + [3282a7db7f51] + + * logsrvd/logsrvd_relay.c: + Set relay name string to NULL after dropping the reference. + Otherwise it is possible to decrement the reference more than once. + [245d4e60ea21] + +2021-04-30 Todd C. Miller + + * plugins/sudoers/iolog.c: + Fix cut & pasto that prevented the verify_server option from being + set. The "log_server_verify" setting passed from the policy plugin + was applied to the "keepalive" option instead of "verify_server". + From Krisztian Kovacs. + [06f716981ad0] + +2021-04-29 Todd C. Miller + + * doc/sudo_logsrvd.man.in, doc/sudo_logsrvd.mdoc.in, + logsrvd/logsrvd.c: + Write client and server information to debug file on SIGUSR1 This + can be used to debug client problems such as a connection not being + closed as expected. + [e6e3a4ba02f4] + + * doc/sudo_logsrvd.man.in, doc/sudo_logsrvd.mdoc.in: + Document journal file directories in store_first mode. + [a08de0c20127] + + * logsrvd/logsrvd.c, logsrvd/logsrvd.h, logsrvd/logsrvd_journal.c: + Create journal files in an incoming directory, move to outgoing when + complete. This will make it possible to process completed journal + files periodically if the relay server is down. + [5ced00c6eb7e] + + * logsrvd/logsrvd_relay.c: + Add missing connection_close() call for relay-only connections. For + an immediate relay we will close the connection when the client + disconnects (or there is a timeout). However, for store-and-forward + mode the client has already disconnected at the time we are + relaying. + [e51e98489c6d] + +2021-04-27 Todd C. Miller + + * plugins/sudoers/po/sudoers.pot: + regen + [4aa3f848b223] + + * logsrvd/logsrvd_conf.c: + Replace non-ascii characters in warning string. + [5e99ac170a15] + + * lib/util/regress/getgrouplist/getgrouplist_test.c, + lib/util/regress/tailq/hltq_test.c, + plugins/sudoers/regress/check_symbols/check_symbols.c, + plugins/sudoers/regress/editor/check_editor.c, + plugins/sudoers/regress/exptilde/check_exptilde.c, + plugins/sudoers/regress/parser/check_base64.c, + plugins/sudoers/regress/parser/check_fill.c, + plugins/sudoers/regress/parser/check_gentime.c, + plugins/sudoers/regress/parser/check_hexchar.c, + plugins/sudoers/regress/starttime/check_starttime.c, + plugins/sudoers/regress/unescape/check_unesc.c: + Quiet clang analyzer false positive in regress tests. + [190ad1f287d8] + + * MANIFEST, logsrvd/Makefile.in, logsrvd/iolog_writer.c, + logsrvd/logsrvd.c, logsrvd/logsrvd.h, logsrvd/logsrvd_local.c: + Move local iolog log functions to logsrvd_local.c + [e16e2a1d8209] + + * logsrvd/logsrvd_relay.c: + Better client error reporting on relay server connection error. More + detailed error messages may be found in the debug log. + [d0807790327d] + + * logsrvd/logsrvd.c: + Update debug pid string when sudo_logsrvd becomes a daemon. + [33069e2da7d5] + +2021-04-26 Todd C. Miller + + * logsrvd/logsrvd.c: + Must call SSL_shutdown() before closing the underlying socket. This + got broken by some code rearrangement when relay mode was added. + [a3a8c4d10565] + + * logsrvd/logsrvd.c, logsrvd/logsrvd_relay.c: + Recover if the client or relay server closes the TLS connection + uncleanly. The other end of the connection should perform a proper + TLS shutdown but as long as we are in the correct state there is no + need to treat this as a user-visible error. + [90887bc2235f] + + * NEWS, aclocal.m4, configure, configure.ac: + Sudo 1.9.7 + [c1ea457eca11] + + * MANIFEST, plugins/python/Makefile.in, plugins/python/lsan_suppr.txt: + Add a suppression file for the libpython leaks. This is a big hammer + but it seems like the best we can do for now. Allows "make check" to + succeed when address sanitizer is used. + [4500cd1e835e] + +2021-04-25 Todd C. Miller + + * plugins/sudoers/Makefile.in, plugins/sudoers/editor.c, + plugins/sudoers/regress/editor/check_editor.c: + When spliting EDITOR check for escaped quote characters. Also add + check_editor to sudoers "make check". + [0d8001299358] + +2021-04-24 Todd C. Miller + + * MANIFEST, plugins/sudoers/Makefile.in, plugins/sudoers/editor.c, + plugins/sudoers/regress/editor/check_editor.c: + Treat a lone backslash at the end of a string as a literal + backslash. GitHub issue #99 + [40a53e523003] + + * doc/sudo_logsrvd.conf.man.in, doc/sudo_logsrvd.conf.mdoc.in: + Fix typo. + [614379733a17] + +2021-04-23 Todd C. Miller + + * plugins/python/pyhelpers.c: + Avoid a potential NULL dereference when mutating args_str. Coverit + CID 221401 + [69f3c7f8e524] + + * logsrvd/logsrvd_journal.c: + Avoid calling fread() with a NUL buffer if msg_len is 0. Coverity + CID 221399 + [ed605b7a3186] + + * logsrvd/logsrvd.c: + Set a restrictive umask so new files are only read/write by owner. + Coverity CID 221402 + [595465e4baa2] + + * logsrvd/logsrvd.c: + In connection_closure_free() only close sock if it is not -1. When + relaying from a journal there will be no socket. Coverity CID 221403 + [fd4f27067c3f] + + * logsrvd/logsrvd.c: + Avoid potential NULL dereference in get_free_buf(). Coverity CID + 221400 + [6cb5491bf812] + + * logsrvd/logsrvd.c, logsrvd/logsrvd_relay.c: + Remove some now-dead code in the error path. Coverity CID 221397 and + 221398 + [edc860f72f98] + + * logsrvd/logsrvd.c, logsrvd/logsrvd.h, logsrvd/logsrvd_journal.c, + logsrvd/logsrvd_relay.c: + Use function pointers for each client message type instead of + conditionals. This separats out the message handler from the + functions that store or relay the message contents. + [f596480880fa] + + * logsrvd/logsrvd.c, logsrvd/logsrvd.h, logsrvd/logsrvd_relay.c: + Add enqueue_error_message() helper function. Formats and enqueues an + error message and enables the write event. + [122bd89fe5e3] + + * logsrvd/logsrvd.c, logsrvd/logsrvd.h, logsrvd/logsrvd_journal.c, + logsrvd/logsrvd_relay.c: + Forward the journaled entry after it has been stored locally. + [a187d5a7ea28] + + * logsrvd/logsrvd.c, logsrvd/logsrvd.h, logsrvd/logsrvd_journal.c: + Stash the value of the store_first config setting in + connection_closure. If the configuration changes it should not + affect a connection that is already in progress. + [6617c2b7ece5] + + * MANIFEST, logsrvd/Makefile.in, logsrvd/iolog_writer.c, + logsrvd/logsrvd.c, logsrvd/logsrvd.h, logsrvd/logsrvd_conf.c, + logsrvd/logsrvd_journal.c, logsrvd/logsrvd_relay.c: + Journal messages to disk when store_first is set in the relay + section. Instead of forwarding messages immediately, they are + journaled locally in wire format. This will be used to implement + relay store-and-forward mode. + [aa0c537258e7] + + * INSTALL, configure, configure.ac, doc/sudo_logsrvd.conf.man.in, + doc/sudo_logsrvd.conf.mdoc.in, doc/sudo_logsrvd.mdoc.in, + logsrvd/logsrvd.h, logsrvd/logsrvd_conf.c, m4/sudo.m4, + pathnames.h.in: + Add configuration for sudo_logsrvd store-and-forward mode. Adds + "relay_dir" and "store_first" settings to sudo_logsrvd.conf in the + [relay] section. Also adds a --with-relaydir configure argument to + change the default value (usually /var/log/logsrvd-relay. + [6f064ed6d20e] + + * src/signal.c: + Make sure SIGCHLD is not ignored when sudo is executed. If SIGCHLD + is ignored there is a race condition between when the process is + executed and when the SIGCHLD handler is installed. This fixes the + bug described by GitHub PR #98 + [b4c91a0f72e7] + +2021-04-20 Todd C. Miller + + * config.h.in, configure, configure.ac: + Remove the HP-UX 11.0 pread64() hack, it causes problems on modern + HP-UX. + [fea8ebd0b88d] + + * src/limits.c: + Add minimum value to consider when overriding resource limits. + Currently only used for RLIMIT_DATA and RLIMIT_AS. + + This works around a problem on HP-UX where setting RLIMIT_DATA + changes the resource limits for both 32-bit and 64-bit processes. + HP-UX processes start out with RLIMIT_DATA set based on the values + of the maxdsiz and maxdsiz_64bit kernel tunables, depending on + whether they are 32-bit or 64-bit. By default this limit is 1GB for + 32-bit processes and 4GB for 64-bit. However, once RLIMIT_DATA is + changed, it does not appear to be possible to restore the old + values. This can result in a 64-bit process that is executed by a + 32-bit shell getting the 32-bit RLIMIT_DATA instead of the 64-bit + one. Bug #973 + [8778a27abfaf] + +2021-04-19 Todd C. Miller + + * logsrvd/logsrvd_relay.c: + Don't use msg_len as a length after converting it to network byte + order. + [3f2496be1130] + + * logsrvd/logsrvd.c, logsrvd/logsrvd.h, logsrvd/logsrvd_relay.c: + Use the packed message buffer when relaying if possible. There's no + need to rebuild the message buffer for anything but RestartMessage + and ClientHello. + [903fa50f48c9] + +2021-04-18 Todd C. Miller + + * logsrvd/logsrvd.c, logsrvd/logsrvd.h, logsrvd/logsrvd_relay.c: + Allocate the data buffer in get_free_buf() too. We always know the + size of the data buffer we need at allocation time. + [c02dc245aa40] + +2021-04-17 Todd C. Miller + + * logsrvd/logsrvd.c, logsrvd/logsrvd.h, logsrvd/logsrvd_relay.c: + Relay ChangeWindowSize and CommandSuspend events too. + [cb20a1de47e3] + +2021-04-16 Todd C. Miller + + * plugins/python/pyhelpers.c, plugins/python/regress/testdata/check_ex + ample_debugging_c_calls@diag.log, plugins/python/regress/testdata/ch + eck_example_debugging_c_calls@info.log, plugins/python/regress/testd + ata/check_example_group_plugin_is_able_to_debug.log: + Regenerate test output with python 3.10a7 Also adjust debug tests so + they pass on older python versions + [03aeda971872] + + * configure, m4/python.m4: + determine Python (3.10) version number correctly. from upstream + automake + [1f4136509aca] + + * MANIFEST, aclocal.m4, m4/python.m4, m4/runlog.m4: + Move python.m4 and runlog.m4 to the m4 directory. Previously they + were inline in aclocal.m4. + [6ec4c92539a7] + +2021-04-15 Todd C. Miller + + * configure, configure.ac: + Add hiuxmpp where we have hpux for special cases. Also move the HP- + UX 11.00 pread(2) workaround into the section where pread(2) is + tested for, not before it. + [f6cc1820e0fb] + + * etc/sudo-logsrvd.pp, etc/sudo-python.pp: + Only replace the last instance of "sudo" in example and doc dir. + Otherwise we end up with weird paths for a prefix like /opt/sudo. + [113bdf79f00f] + +2021-04-13 Todd C. Miller + + * doc/sudoers.ldap.mdoc.in: + Fix lint warning. + [aa4a4f0b0da1] + + * doc/sudo_logsrvd.man.in, doc/sudo_logsrvd.mdoc.in: + Mention relay mode and update TLS example. + [a50a23542c05] + + * etc/sudo-logsrvd.pp, etc/sudo.pp: + If libssl_dep was not passed in, use ldd to determine its value. + Normally, mkpkg will figure this out, but if the user does "make + package" outside of the mkpkg script, libssl_dep will not be set. + [87329797daca] + +2021-04-12 Todd C. Miller + + * INSTALL, configure, configure.ac, doc/UPGRADE: + Enable the use of OpenSSL if log client/server not disabled. This + adds a dependency on OpenSSL unless it is explicitly disabled + (--disable-openssl) or the sudo log client and server are disabled + (--disable-log-client and --disable-log-server). + [618f504240d2] + +2021-04-09 Todd C. Miller + + * etc/codespell.skip: + configure aux scripts moved to the scripts directory + [1cfcbfd128ed] + + * logsrvd/Makefile.in, logsrvd/logsrvd_conf.c: + Set logsrvd_config to NULL in logsrvd_conf_cleanup() after freeing + it. Fixes a double free in fuzz_logsrvd_conf (but not sudo_logsrvd + itself). Also fix linking fuzz_logsrvd_conf with OpenSSL. + [ad78729467d4] + + * logsrvd/regress/corpus/seed/logsrvd_conf/logsrvd.conf.1, + logsrvd/regress/corpus/seed/logsrvd_conf/logsrvd.conf.2, + logsrvd/regress/corpus/seed/logsrvd_conf/logsrvd.conf.3, + logsrvd/regress/corpus/seed/logsrvd_conf/logsrvd.conf.4, + logsrvd/regress/corpus/seed/logsrvd_conf/logsrvd.conf.5, + logsrvd/regress/corpus/seed/logsrvd_conf/logsrvd.conf.6, + logsrvd/regress/fuzz/fuzz_logsrvd_conf.c, + logsrvd/regress/fuzz/fuzz_logsrvd_conf.dict: + Update sudo_logsrvd.conf fuzzer to match configuration changes. + [85ae32ce6f44] + + * doc/sudo_logsrvd.conf.man.in, doc/sudo_logsrvd.conf.mdoc.in, + examples/sudo_logsrvd.conf: + Document relay configuration changes. + [d66eb842a6ef] + +2021-04-08 Todd C. Miller + + * logsrvd/logsrvd.c, logsrvd/logsrvd.h, logsrvd/logsrvd_conf.c, + logsrvd/logsrvd_relay.c: + Move relay configuration into its own section and add TLS options. + TLS options in the relay section will be used if specified, + otherwise the TLS options from the server section are used. + [0695e9b9b067] + + * logsrvd/logsrvd.c, logsrvd/logsrvd.h, logsrvd/logsrvd_conf.c, + logsrvd/logsrvd_relay.c: + Add "server" and "relay" to getters/callbacks specific to server and + relay. + [618b4fa5325c] + + * logsrvd/logsrvd.c, logsrvd/logsrvd.h, logsrvd/logsrvd_conf.c, + logsrvd/logsrvd_relay.c: + Remove struct logsrvd_tls_config. Now that the SSL context is + initialized in logsrvd_conf.c there's no need to export TLS + configuration other than tls_check_peer. + [4fb0fdc417e1] + + * logsrvd/logsrvd.c, logsrvd/logsrvd.h, logsrvd/logsrvd_conf.c, + logsrvd/logsrvd_relay.c: + No longer need struct logsrvd_tls_runtime, use SSL_CTX instead. + [61e0bdf1499d] + + * logsrvd/logsrvd.c, logsrvd/logsrvd_conf.c: + Move allocation of the TLS context to logsrvd_conf_apply(). This way + we get certificate errors at configuration time, not after. It also + means that a change to the config file that renders the TLS settings + invalid will no longer cause the server to exit. The new config will + just be ignored as if there was a syntax error. + [352ecb58618f] + + * logsrvd/tls_init.c: + Only initialize the SSL library once. + [e17215eec1d6] + +2021-04-07 Todd C. Miller + + * plugins/sudoers/timestamp.c: + Sanity check struct timespec in timestamp file. Coverity CID 220564 + [68dfceeb105e] + + * plugins/sudoers/timestamp.c: + Check lseek(fd, 0, SEEK_CUR) for -1 return value. Not actually + possible in practice. Coverity CID 220568. + [27105922d3be] + + * src/net_ifs.c: + Check for NULL ifa->ifa_addr and ifa->ifa_netmask in both loops. + [373961966099] + +2021-04-07 Radovan Sroka + + * src/sudo_edit.c: + Fixed bad condition for sesh args + + In selinux_edit_copy_tfiles() when there is only one file and the + open() fails then number of arguments is lower than expected. Sudo + should return error with or without "Defaults !sudoedit_checkdir" + set. + + This was found with regression testing of CVE-2021-23240. + + Signed-off-by: Radovan Sroka + [947ce862c0bf] + +2021-04-06 Todd C. Miller + + * src/net_ifs.c: + Plug memory leak on overflow; Coverity CID 220556 + [86b71e5dec5c] + + * logsrvd/logsrvd.c: + In schedule_commit_point() do not free the closure on error. It is + the caller's responsibility to free resources on error. Coverity CID + 220557 + [e6629496ab03] + + * plugins/sudoers/pwutil.c, + plugins/sudoers/regress/fuzz/fuzz_sudoers.c: + Cast NULL terminator argument to char * when calling sudo_mkgrent(). + Avoids a portability issue on systems where NULL is not a pointer. + [cdb9cf0ad2ea] + + * logsrvd/tls_init.c: + Rename LOGSRVD_DEFAULT_CIPHER_LST13 to DEFAULT_CIPHER_LST13 + [a5d7da05cf09] + + * logsrvd/tls_client.c: + Include string.h for strerror(3) prototype. + [57f5cfe43a89] + + * logsrvd/logsrvd_relay.c: + Move connect_relay_tls() so we don't need a prototype for it. Fixes + a warning when sudo is not configured to use OpenSSL. + [0c73cfebf32b] + + * doc/sudo_logsrvd.conf.man.in, doc/sudo_logsrvd.conf.mdoc.in, + examples/sudo_logsrvd.conf: + Document relay and connect_timeout server settings. + [a101d54b451e] + + * MANIFEST, logsrvd/Makefile.in, logsrvd/logsrv_util.h, + logsrvd/sendlog.c, logsrvd/sendlog.h, logsrvd/tls_client.c, + logsrvd/tls_common.h: + Move common TLS client code to tls_client.c and use it in sendlog.c. + [5334b6c4bef8] + + * logsrvd/logsrvd.c, logsrvd/logsrvd.h, logsrvd/logsrvd_conf.c: + Rename listen_address -> server_address and add reference counting. + This will be used by the upcoming relay mode. + [f8ef9c83c3c8] + + * logsrvd/logsrvd.c: + Try to send an error message to client for some client_msg_cb() + failures. + [0805636e8114] + + * logsrvd/logsrvd.c: + Split most of server_commit_cb() out into schedule_commit_point(). + This allows it to be used by the relay code too. + [c985c2f9e5d5] + + * MANIFEST, logsrvd/Makefile.in, logsrvd/logsrvd.c, logsrvd/logsrvd.h, + logsrvd/logsrvd_conf.c, logsrvd/logsrvd_relay.c: + Add a relay mode to sudo_logsrvd where it forwards instead of + stores. Relay hosts are be specified in the server section of + sudo_logsrvd.conf. + [071c231e76a9] + + * logsrvd/Makefile.in, logsrvd/logsrvd.h, logsrvd/logsrvd_relay.c, + logsrvd/sendlog.c, logsrvd/tls_common.h: + Add support for relaying to another sudo_logsrvd via TLS. + [c47397ce4098] + + * MANIFEST, include/sudo_util.h, lib/util/Makefile.in, + lib/util/rcstr.c, lib/util/util.exp.in, plugins/sudoers/Makefile.in, + plugins/sudoers/alias.c, plugins/sudoers/check_aliases.c, + plugins/sudoers/cvtsudoers.c, plugins/sudoers/gram.c, + plugins/sudoers/gram.y, plugins/sudoers/ldap.c, + plugins/sudoers/ldap_util.c, plugins/sudoers/rcstr.c, + plugins/sudoers/sssd.c, plugins/sudoers/sudoers.h, + plugins/sudoers/toke.c, plugins/sudoers/toke.l, + plugins/sudoers/visudo.c: + Move reference-counted string code from sudoers to libsudo_util. It + will be used by sudo_logsrvd too. + [d228aaf9b6fa] + + * logsrvd/logsrvd.h, logsrvd/logsrvd_conf.c, logsrvd/logsrvd_relay.c: + Add sa_host to struct server_address as a ref counted string. Also + convert sa_str to ref counted string. + [4e8abb84c11d] + + * logsrvd/logsrvd_conf.c: + Don't allow a wildcard address for the relay parameter. + [4a80d18d025b] + + * logsrvd/logsrvd.c, logsrvd/logsrvd.h, logsrvd/logsrvd_conf.c: + Add logsrvd_conf_cleanup() to free the conf data structures on exit. + There is no longer a need to do anything in shutdown_cb() other than + break out of the event loop. + [9e4d7456fb7a] + + * src/tgetpass.c: + Set user group list when executing the askpass helper. Under normal + circumstances the existing group list will match the list fetched by + sudo. However, if sudo is executed by a process that has changed the + group list via setgroups(2) and "group_source" in sudo.conf is set + to "dynamic" it is possible for them to be different. + + If group_source in sudo.conf is set to "dynamic" it is possible for + the group list + [2b1d4ffb9cf6] + + * logsrvd/logsrv_util.h, logsrvd/logsrvd.c, logsrvd/logsrvd.h: + Use a tailq of write buffers instead of a single one per connection. + This allows us to queue up multiple messages for writing like the + sudoers client supports. Currently, each connection has its own free + list. In the future we may want a single free list with low and high + water marks. + [b5df1b4d79c7] + + * configure.ac: + Increase autoconf minimum version to 2.70. Some of the macros + deprecated in 2.70 are required by older versions. For example, + AC_PROG_CC now does the work of AC_PROG_CC_STDC. Bug #972 + [223a584b6241] + + * MANIFEST, Makefile.in, config.guess, config.sub, configure, + configure.ac, doc/Makefile.in, examples/Makefile.in, + include/Makefile.in, install-sh, lib/util/Makefile.in, + lib/zlib/Makefile.in, logsrvd/Makefile.in, ltmain.sh, + plugins/audit_json/Makefile.in, plugins/group_file/Makefile.in, + plugins/python/Makefile.in, plugins/sample/Makefile.in, + plugins/sample_approval/Makefile.in, plugins/sudoers/Makefile.in, + plugins/system_group/Makefile.in, scripts/config.guess, + scripts/config.sub, scripts/install-sh, scripts/ltmain.sh, + src/Makefile.in: + Move autoconf auxiliary files to the scripts directory. + [5ea8182c11d9] + +2021-04-05 Todd C. Miller + + * doc/sudoers.ldap.man.in, doc/sudoers.ldap.mdoc.in: + Document SUCCESS=return support in sudoers nsswitch.conf entries. + Based on a patch from Dennis Filder. Bug #971. + [1d631d1b6244] + +2021-04-01 Todd C. Miller + + * plugins/sudoers/audit.c: + Move log_server_accept() out from under the #ifdef + SUDOERS_LOG_CLIENT Fixes a link error when sudo is configured with + --disable-log-client. + [1bb7efdbddd5] + +2021-04-01 Radovan Sroka + + * src/selinux.c: + Removed depricated security_context_t + + Signed-off-by: Radovan Sroka + [14aba55909fc] + +2021-03-31 Todd C. Miller + + * logsrvd/sendlog.c: + Return NULL if init_tls_client_context() fails. Otherwise, we will + call SSL_new with a freed SSL context. Bug #970 + [5fbadce88524] + +2021-03-30 Todd C. Miller + + * src/parse_args.c: + Use separate getopt config for sudoedit. Avoids a problem where the + user gets an exclusive usage error message when using a sudo- + specific option. GitHub issue #95 + [b6207568e50a] + + * src/parse_args.c, src/sudo_usage.h.in: + Add -h and -V to sudoedit usage and customize help output for + sudoedit. Also add missing -B option to usage strings. + [0d8fa214f8c3] + + * src/parse_args.c: + Don't report a usage error for "sudo -V". GitHub issue #95 + [a18573251751] + + * etc/sudo-logsrvd.pp, etc/sudo-python.pp, etc/sudo.pp: + Do not include parent directories in rpm and deb files. Fixes a + directory conflict with the AIX sudo rpm package. Other deb/rpm + packages were not affected because parent dirs are omitted for a + prefix of /usr. + [f7d8db9670bb] + +2021-03-29 Todd C. Miller + + * src/net_ifs.c: + SCO OpenServer uses SIOCGIFANUM, not SIOCGIFNUM. On OpenServer, + SIOCGIFNUM is the number of network interfaces, not the number of + ifreq structs. + [a992ea37b071] + +2021-03-27 Todd C. Miller + + * src/net_ifs.c: + Add support for HP-UX SIOCGLIFNUM and SIOCGLIFCONF ioctls. We need + to use both SIOCGIFCONF and SIOCGLIFCONF since SIOCGLIFCONF only + returns IPv6 addresses. + [7a53304872b9] + +2021-03-24 Todd C. Miller + + * src/net_ifs.c: + Move get_net_ifs stub to the top and remove unused INET_ADDRSTRLEN + def. + [15bb7bc0ecb8] + + * src/net_ifs.c: + No longer need ifr_tmp variable, just reuse ifr. Now that we store + the string version of the address before fetching the netmask we can + just re-use ifr. This simplifies things and is safer since if there + is space for the address there must also be space for the mask. + [89ade84d0a6d] + + * src/net_ifs.c: + SCO OpenServer 5 returns a bogus value for SIOCGIFNUM. Gleaned from + sendmail. + [0616f2103f0b] + + * src/net_ifs.c: + Use SIOCGSIZIFCONF or SIOCGIFNUM where available. Still falls back + to a loop if not but now maxes out at 2048 interfaces instead of + potentially looping forever. + [f19cd2f827d5] + + * configure, configure.ac, src/net_ifs.c: + Remove support for obsolete ISC UNIX and MIPS RISC/OS systems. They + were getting in the way of net_its.c simplification. + [4e2b7ce2fb7b] + +2021-03-22 Todd C. Miller + + * src/net_ifs.c: + Use SIOCGLIFCONF to get interface list where supported (Solaris). + HP-UX has a SIOCGLIFCONF but it is incompatible (and appears to only + return IPv6 addresses). Also add IPv6 support using SIOCGIFCONF + (probably AIX only) and make sure ifr_tmpbuf[] is properly aligned. + [d2eebba41618] + + * MANIFEST, src/Makefile.in, src/regress/net_ifs/check_net_ifs.c: + Add simple regress check to display the network interfaces found. + [6c1a5a50056e] + +2021-03-19 Todd C. Miller + + * INSTALL: + Suggest clang 11 or higher, some fuzzers may hang when used with + clang 10. + [abcf94949ca2] + +2021-03-18 Todd C. Miller + + * MANIFEST, logsrvd/Makefile.in, + logsrvd/regress/fuzz/fuzz_logsrvd_conf.dict: + Add dictionary file for fuzz_logsrvd_conf. + [f9e154751a5f] + + * Makefile.in, doc/Makefile.in, examples/Makefile.in, + include/Makefile.in, lib/eventlog/Makefile.in, + lib/fuzzstub/Makefile.in, lib/iolog/Makefile.in, + lib/logsrv/Makefile.in, lib/util/Makefile.in, lib/zlib/Makefile.in, + logsrvd/Makefile.in, plugins/audit_json/Makefile.in, + plugins/group_file/Makefile.in, plugins/python/Makefile.in, + plugins/sample/Makefile.in, plugins/sample_approval/Makefile.in, + plugins/sudoers/Makefile.in, plugins/system_group/Makefile.in, + src/Makefile.in: + Add a new "fuzz" target that executes the fuzzers for 8192 runs + each. To run indefinately, set FUZZ_RUNS=-1, e.g. "make FUZZ_RUNS=-1 + fuzz" + [5fd3d7e9430f] + + * MANIFEST, lib/iolog/Makefile.in, + lib/iolog/regress/corpus/log_json/id.json, + lib/iolog/regress/corpus/log_json/ls.json, + lib/iolog/regress/corpus/log_json/mailq.json, + lib/iolog/regress/corpus/log_json/make.json, + lib/iolog/regress/corpus/log_json/pkg_add.json, + lib/iolog/regress/corpus/log_json/pkg_delete.json, + lib/iolog/regress/corpus/log_json/printenv.json, + lib/iolog/regress/corpus/log_legacy/id.log, + lib/iolog/regress/corpus/log_legacy/ls.log, + lib/iolog/regress/corpus/log_legacy/mailq.log, + lib/iolog/regress/corpus/log_legacy/make.log, + lib/iolog/regress/corpus/log_legacy/pkg_add.log, + lib/iolog/regress/corpus/log_legacy/pkg_delete.log, + lib/iolog/regress/corpus/log_legacy/printenv.log, + lib/iolog/regress/corpus/seed/log_json/id.json, + lib/iolog/regress/corpus/seed/log_json/ls.json, + lib/iolog/regress/corpus/seed/log_json/mailq.json, + lib/iolog/regress/corpus/seed/log_json/make.json, + lib/iolog/regress/corpus/seed/log_json/pkg_add.json, + lib/iolog/regress/corpus/seed/log_json/pkg_delete.json, + lib/iolog/regress/corpus/seed/log_json/printenv.json, + lib/iolog/regress/corpus/seed/log_legacy/id.log, + lib/iolog/regress/corpus/seed/log_legacy/ls.log, + lib/iolog/regress/corpus/seed/log_legacy/mailq.log, + lib/iolog/regress/corpus/seed/log_legacy/make.log, + lib/iolog/regress/corpus/seed/log_legacy/pkg_add.log, + lib/iolog/regress/corpus/seed/log_legacy/pkg_delete.log, + lib/iolog/regress/corpus/seed/log_legacy/printenv.log, + lib/iolog/regress/corpus/seed/timing/timing.1, + lib/iolog/regress/corpus/seed/timing/timing.2, + lib/iolog/regress/corpus/seed/timing/timing.3, + lib/iolog/regress/corpus/seed/timing/timing.4, + lib/iolog/regress/corpus/timing/timing.1, + lib/iolog/regress/corpus/timing/timing.2, + lib/iolog/regress/corpus/timing/timing.3, + lib/iolog/regress/corpus/timing/timing.4, lib/util/Makefile.in, + lib/util/regress/corpus/seed/sudo_conf/sudo.conf.1, + lib/util/regress/corpus/seed/sudo_conf/sudo.conf.2, + lib/util/regress/corpus/seed/sudo_conf/sudo.conf.3, + lib/util/regress/corpus/sudo_conf/sudo.conf.1, + lib/util/regress/corpus/sudo_conf/sudo.conf.2, + lib/util/regress/corpus/sudo_conf/sudo.conf.3, logsrvd/Makefile.in, + logsrvd/regress/corpus/logsrvd_conf/logsrvd.conf.1, + logsrvd/regress/corpus/logsrvd_conf/logsrvd.conf.2, + logsrvd/regress/corpus/logsrvd_conf/logsrvd.conf.3, + logsrvd/regress/corpus/logsrvd_conf/logsrvd.conf.4, + logsrvd/regress/corpus/logsrvd_conf/logsrvd.conf.5, + logsrvd/regress/corpus/logsrvd_conf/logsrvd.conf.6, + logsrvd/regress/corpus/seed/logsrvd_conf/logsrvd.conf.1, + logsrvd/regress/corpus/seed/logsrvd_conf/logsrvd.conf.2, + logsrvd/regress/corpus/seed/logsrvd_conf/logsrvd.conf.3, + logsrvd/regress/corpus/seed/logsrvd_conf/logsrvd.conf.4, + logsrvd/regress/corpus/seed/logsrvd_conf/logsrvd.conf.5, + logsrvd/regress/corpus/seed/logsrvd_conf/logsrvd.conf.6, + plugins/sudoers/Makefile.in, + plugins/sudoers/regress/corpus/policy/policy.1, + plugins/sudoers/regress/corpus/policy/policy.2, + plugins/sudoers/regress/corpus/policy/policy.3, + plugins/sudoers/regress/corpus/policy/policy.4, + plugins/sudoers/regress/corpus/policy/policy.5, + plugins/sudoers/regress/corpus/seed/policy/policy.1, + plugins/sudoers/regress/corpus/seed/policy/policy.2, + plugins/sudoers/regress/corpus/seed/policy/policy.3, + plugins/sudoers/regress/corpus/seed/policy/policy.4, + plugins/sudoers/regress/corpus/seed/policy/policy.5: + Move corpus files to a seed subdirectory. + [ba6dd7f30d22] + + * lib/fuzzstub/fuzzstub.c: + We can now rely on LLVMFuzzerTestOneInput to flush stdout. + [f20f353eeb87] + + * plugins/sudoers/Makefile.in: + Fix fuzz_sudoers output comparison when fuzzing is enabled. + libFuzzer outputs additional info to stderr that our stub doesn't. + [49434e4eceaa] + + * lib/iolog/regress/fuzz/fuzz_iolog_json.c, + lib/iolog/regress/fuzz/fuzz_iolog_legacy.c, + lib/iolog/regress/fuzz/fuzz_iolog_timing.c, + lib/util/regress/fuzz/fuzz_sudo_conf.c, + logsrvd/regress/fuzz/fuzz_logsrvd_conf.c, + plugins/sudoers/regress/fuzz/fuzz_policy.c, + plugins/sudoers/regress/fuzz/fuzz_sudoers.c, + plugins/sudoers/regress/fuzz/fuzz_sudoers_ldif.c: + Flush stdout before successful return from LLVMFuzzerTestOneInput(). + Fixes a problem with diag lines from libFuzzer being interspersed + with test output. + [f0b701120128] + + * configure, configure.ac: + Use --allow-multiple-definition to work around an issue with ld.lld. + For fuzz_policy we redefine getaddrinfo/freeaddrinfo to work around + a DNS timeout problem with name resolution and CIfuzz. However, this + causes a link failure when sanitizers are enabled on systems that + use ld.lld as their linker. Use a big hammer to avoid the link + error. + [2b9df5329c0e] + + * MANIFEST, plugins/sudoers/Makefile.in, + plugins/sudoers/testsudoers.c, plugins/sudoers/testsudoers_pwutil.c, + plugins/sudoers/tsgetgrpw.c, plugins/sudoers/tsgetgrpw.h: + Do not redefine system group and passwd functions for testsudoers. + Instead, prefix the replacements with "testsudoers_" and use a + custom pwutil backend so they get used. + [6bfd2f8d01c0] + + * Makefile.in, doc/Makefile.in, examples/Makefile.in, + include/Makefile.in, lib/eventlog/Makefile.in, + lib/fuzzstub/Makefile.in, lib/iolog/Makefile.in, + lib/logsrv/Makefile.in, lib/util/Makefile.in, lib/zlib/Makefile.in, + logsrvd/Makefile.in, plugins/audit_json/Makefile.in, + plugins/group_file/Makefile.in, plugins/python/Makefile.in, + plugins/sample/Makefile.in, plugins/sample_approval/Makefile.in, + plugins/sudoers/Makefile.in, plugins/system_group/Makefile.in, + src/Makefile.in: + Rename "fuzz" makefile target to "check-fuzzer". It's purpose is to + run the fuzzers are part of a normal "make check" to avoid bit rot, + not to perform a fuzzer run. The fuzz_logsrvd_conf fuzzer was not + wired up to "make check" previously. + [01c03ccfd3f0] + +2021-03-15 Todd C. Miller + + * .hgtags: + Added tag SUDO_1_9_6p1 for changeset 055f2a618604 + [5376bc9e3b85] <1.9> + + * Merge sudo 1.9.6p1 from tip + [055f2a618604] [SUDO_1_9_6p1] <1.9> + + * NEWS, configure, configure.ac: + Sudo 1.9.6p1 + [93d95d3f23b1] + +2021-03-15 Alexandru Ardelean + + * plugins/sudoers/policy.c: + plugins: sudoers: policy: add MODE_IMPLIED_SHELL to RUN_VALID_FLAGS + + Since this flag isn't set, the sudo_mode variable gets invalidated + and running the 'sudo' command seems to error out with message + 'sudoers_policy_check: invalid mode flags from sudo front end: + 0x80001"' + [b98b418f1997] + +2021-03-13 Todd C. Miller + + * .hgtags: + Added tag SUDO_1_9_6 for changeset e3e96490e48f + [2e377fa2b87c] <1.9> + + * config.guess, config.sub: + Merge sudo 1.9.6 from tip + [e3e96490e48f] [SUDO_1_9_6] <1.9> + + * NEWS: + fix typo + [c7367647bd7c] + +2021-03-10 Todd C. Miller + + * NEWS: + Bug #968 + [e08853fca88e] + + * MANIFEST, logsrvd/Makefile.in, logsrvd/logsrvd.c, logsrvd/logsrvd.h, + logsrvd/sendlog.c, logsrvd/sendlog.h, logsrvd/tls_common.h, + logsrvd/tls_init.c: + Move common TLS initialization code to tls_init.c. + [118c7d41ad48] + + * plugins/sudoers/po/ja.mo, plugins/sudoers/po/ja.po, po/tr.mo, + po/tr.po: + Updated translations from translationproject.org + [cbc05710d6ba] + + * plugins/sudoers/Makefile.in, plugins/sudoers/gram.c: + Use HAVE_STDINT_H instead of trying to guess based on + __STDC_VERSION__. Fixes compilation with pre-C99 headers when the + compiler supports C99. + [05ebf79d02c7] + + * include/sudo_compat.h, lib/util/secure_path.c: + Remove compatibility defines for POSIX sys/stat.h macros. Modern + systems have them and we no longer support pre-POSIX systems. This + fixes potential redefinition of the macros if sys/stat.h is included + after sudo_compat.h. Bug #968. + [d10d0b9b60e1] + + * lib/eventlog/logwrap.c, + plugins/python/python_plugin_approval_multi.inc, + plugins/python/python_plugin_audit_multi.inc, + plugins/python/python_plugin_io_multi.inc, src/get_pty.c: + Quiet a few Solaris Studio compiler warnings. + [1d82509f2e44] + + * configure, configure.ac: + Add -Wno-unknown-pragmas along with -Wall. We don't want warnings + about unknown pragmas in system headers. + [ac15fa0e3d95] + + * scripts/pp: + Solaris 11.4 removed /usr/bin/optisa, use /usr/bin/isainfo instead. + [97d8bb91cf02] + +2021-03-08 Todd C. Miller + + * configure, configure.ac: + Compare OS name against freebsd* and netbsd* not freebsd and netbsd. + Fixes an issue on NetBSD where host_os starts with netbsdelf. + [2e813d52a7d6] + + * plugins/sudoers/Makefile.in: + Add @SUDOERS_LIBS@ to FUZZ_LIBS for -lutil on FreeBSD and NetBSD + [38a7b3a9eb90] + + * lib/util/Makefile.in, plugins/python/Makefile.in, src/Makefile.in: + Set locale for all "make check" targets. + [1a80048486d4] + +2021-03-07 Todd C. Miller + + * configure, configure.ac: + AIX 6.1 may have a broken fmemopen(). We only use it for the fuzzers + so ignore it for AIX < 7.1. + [ad909c1479ff] + +2021-03-06 Todd C. Miller + + * scripts/pp: + Only put specific directories in the ROOT section of the AIX + package. Previously, /usr and /opt were placed in USR and everything + else went in ROOT. Now, only /dev, /etc, /sbin and /var go in ROOT. + [6f1fbe8fea31] + + * plugins/sudoers/po/cs.mo, plugins/sudoers/po/cs.po, + plugins/sudoers/po/de.mo, plugins/sudoers/po/de.po, + plugins/sudoers/po/eo.mo, plugins/sudoers/po/eo.po, + plugins/sudoers/po/fi.mo, plugins/sudoers/po/fi.po, + plugins/sudoers/po/fr.mo, plugins/sudoers/po/fr.po, + plugins/sudoers/po/hr.mo, plugins/sudoers/po/hr.po, + plugins/sudoers/po/ko.mo, plugins/sudoers/po/ko.po, + plugins/sudoers/po/pl.mo, plugins/sudoers/po/pl.po, + plugins/sudoers/po/pt.mo, plugins/sudoers/po/pt.po, + plugins/sudoers/po/pt_BR.mo, plugins/sudoers/po/pt_BR.po, + plugins/sudoers/po/uk.mo, plugins/sudoers/po/uk.po, + plugins/sudoers/po/zh_CN.mo, plugins/sudoers/po/zh_CN.po, + plugins/sudoers/po/zh_TW.mo, plugins/sudoers/po/zh_TW.po, po/cs.mo, + po/cs.po, po/de.mo, po/de.po, po/eo.mo, po/eo.po, po/fi.mo, + po/fi.po, po/fr.mo, po/fr.po, po/hr.mo, po/hr.po, po/ja.mo, + po/ja.po, po/ko.mo, po/ko.po, po/pl.mo, po/pl.po, po/pt.mo, + po/pt.po, po/pt_BR.mo, po/pt_BR.po, po/uk.mo, po/uk.po, po/zh_CN.mo, + po/zh_CN.po, po/zh_TW.mo, po/zh_TW.po: + Updated translations from translationproject.org + [53c17c8d56e9] + +2021-03-05 Todd C. Miller + + * logsrvd/logsrvd.c, logsrvd/logsrvd_conf.c: + Remove unused tls parameter, we now use a per-address tls flag. + [2be727a37b9c] + +2021-03-03 Todd C. Miller + + * doc/sudoers.man.in, doc/sudoers.mdoc.in: + Document double escaping of backslashes. Bug #961. + [ae51e4899555] + + * NEWS, configure, configure.ac: + No longer need to define _DARWIN_UNLIMITED_GETGROUPS on macOS. We + now define _DARWIN_C_SOURCE which accomplishes the same thing. + [c233df4c1ae4] + + * plugins/sudoers/auth/pam.c: + Fix a potential use-after-free in conversation function. The prompt + passed in to sudo_pam_verify() will be freed later by + check_user_interactive() so we need to reset the stashed value. From + Pavel Heimlich. Bug #967. + [86bc6ee3c493] + + * plugins/sudoers/pwutil.c: + No need to update cp after storing gr->gr_name, it is not used, + Coverity CID 219314 + [27bace364dc9] + +2021-03-02 Todd C. Miller + + * NEWS: + Mention GitHub issue #56. + [47b8b9fac52b] + + * plugins/sudoers/po/sudoers.pot: + regen + [923899bcc63d] + + * include/sudo_eventlog.h, lib/eventlog/eventlog.c, + logsrvd/iolog_writer.c, logsrvd/logsrvd.c, logsrvd/logsrvd.h: + Log peer address in sudo_logsrvd JSON-format logs. The peer that + connected to us might not be the same host where the log entry + originated. + [4e2488efaf97] + + * NEWS, doc/sudo.conf.man.in, doc/sudo.conf.mdoc.in, + lib/util/sudo_conf.c: + Make "group_source=dynamic" the default on macOS. Recent versions of + macOS do not reliably return all of a user's non-local groups via + getgroups(2), even when _DARWIN_UNLIMITED_GETGROUPS is defined. Bug + #946. + [491720b06a68] + + * lib/eventlog/Makefile.in, lib/iolog/Makefile.in, + lib/util/Makefile.in, logsrvd/Makefile.in, + plugins/sudoers/Makefile.in: + For regess/fuzz set LC_ALL to C.UTF-8 if possible, falling back on + C. Works around a crash in leak sanitizer when the locale is set to + C and TLS support is enabled. + [4345912b9bd8] + +2021-03-01 Todd C. Miller + + * plugins/sudoers/toke.c, plugins/sudoers/toke.l: + Initialize the lbuf used by sudoers_trace_print() in init_lexer(). + Free the old buffer if there is one, otherwise it would never be + freed. + [1893ecc06718] + + * lib/util/lbuf.c: + In sudo_lbuf_destroy(), reset error, len and size. + [7a6f980c2215] + + * NEWS: + Mention the integer overflow check in store_timespec(). + [f41519e1dae9] + + * plugins/sudoers/regress/fuzz/fuzz_policy.c: + In find_path() stub only make a copy in outfile if returning FOUND. + Fixed a recently-introduced memory leak in the fuzzer. + [2045b1afc0b5] + +2021-02-28 Todd C. Miller + + * lib/util/sudo_debug.c: + Disable debug code for FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION It + will not be used and just confuses the coverage stats. + [3307c855b77d] + + * plugins/sudoers/regress/fuzz/fuzz_policy.c: + Expand stub getaddrinfo() to resolve "localhost". + [e1035616ad99] + + * plugins/sudoers/regress/fuzz/fuzz_policy.c: + Improve fuzz_policy coverage and set defaults in setdefs not parse. + Now exercises session open/close and set additional defaults to + exercise more code paths. + [2843a0b930fd] + + * plugins/sudoers/match_command.c, plugins/sudoers/match_digest.c: + Improve SUDOERS_NAME_MATCH support. Now supports digests and + performs better directory matching. + [2f2d63596256] + + * plugins/sudoers/policy.c: + Add MODE_CHECK to LIST_VALID_FLAGS, fixes "sudo -l command". + [eff4cbe95d75] + +2021-02-26 Todd C. Miller + + * MANIFEST, include/sudo_iolog.h, lib/iolog/Makefile.in, + lib/iolog/iolog_clearerr.c, lib/iolog/iolog_close.c, + lib/iolog/iolog_eof.c, lib/iolog/iolog_fileio.c, + lib/iolog/iolog_gets.c, lib/iolog/iolog_mkdirs.c, + lib/iolog/iolog_mkdtemp.c, lib/iolog/iolog_mkpath.c, + lib/iolog/iolog_nextid.c, lib/iolog/iolog_open.c, + lib/iolog/iolog_openat.c, lib/iolog/iolog_read.c, + lib/iolog/iolog_seek.c, lib/iolog/iolog_swapids.c, + lib/iolog/iolog_util.c, lib/iolog/iolog_write.c, + lib/iolog/regress/fuzz/fuzz_iolog_timing.c, logsrvd/iolog_writer.c, + logsrvd/regress/fuzz/fuzz_logsrvd_conf.c: + Split iolog_fileio.c into multiple files. + [9b7c4f1b781f] + + * plugins/sudoers/defaults.c: + Correct the integer overflow check in store_timespec(). Fixes oss- + fuzz issue #31463 + [3765d5c4ecd3] + + * plugins/sudoers/regress/sudoers/test27.ldif2sudo.ok: + Update file that was missed in test27 changes. + [5824f54afa88] + + * MANIFEST, include/sudo_iolog.h, lib/iolog/Makefile.in, + lib/iolog/iolog_conf.c, lib/iolog/iolog_fileio.c, + lib/iolog/iolog_loginfo.c: + Break out I/O log config handling into iolog_conf.c. + [546f503f9bb4] + + * lib/fuzzstub/Makefile.in, lib/iolog/Makefile.in, + logsrvd/Makefile.in, plugins/sudoers/Makefile.in: + regen Makefile.in + [43c54f94e9c8] + + * examples/Makefile.in, lib/eventlog/Makefile.in, + plugins/sudoers/Makefile.in: + Add some missing files to the clean target + [20754fec5ff1] + + * plugins/sudoers/regress/sudoers/test27.in, + plugins/sudoers/regress/sudoers/test27.json.ok, + plugins/sudoers/regress/sudoers/test27.ldif.ok, + plugins/sudoers/regress/sudoers/test27.ldif2sudo.ok, + plugins/sudoers/regress/sudoers/test27.out.ok, + plugins/sudoers/regress/sudoers/test27.toke.ok: + Add netgroup check to sudoers test27 + [1b45a6794b2d] + + * plugins/sudoers/regress/fuzz/fuzz_sudoers.out.ok: + Sync with fuzz_sudoers changes. + [1481cef048ad] + + * plugins/sudoers/regress/fuzz/fuzz_sudoers.c: + Fuzz with runuser and rungroup specified too. + [2d8ceb465cea] + + * MANIFEST, plugins/sudoers/regress/sudoers/test27.in, + plugins/sudoers/regress/sudoers/test27.json.ok, + plugins/sudoers/regress/sudoers/test27.ldif.ok, + plugins/sudoers/regress/sudoers/test27.ldif2sudo.ok, + plugins/sudoers/regress/sudoers/test27.out.ok, + plugins/sudoers/regress/sudoers/test27.toke.ok: + Add test to exercise RunasSpec without a RunasUser. + [ee22ac488aca] + + * MANIFEST, plugins/sudoers/regress/sudoers/test22.sudo.ok, + plugins/sudoers/regress/sudoers/test23.sudo.ok, + plugins/sudoers/regress/sudoers/test24.sudo.ok, + plugins/sudoers/regress/sudoers/test26.sudo.ok: + Remove unused regress files. + [71d943734bb8] + + * logsrvd/regress/fuzz/fuzz_logsrvd_conf.c: + Don't try to run getters if we failed to parse the config file. + [734bb56c24ed] + +2021-02-25 Todd C. Miller + + * plugins/sudoers/regress/fuzz/fuzz_policy.c: + Add a stub getaddrinfo(3) to avoid a DNS timeout in CIfuzz. + [5f725de1e3ad] + + * plugins/sudoers/regress/fuzz/fuzz_policy.c: + Fix runchroot, runcwd, tty_tickets. Add timestampowner. + [d8a945bea98d] + + * plugins/sudoers/policy.c: + Only add command_info to garbage collector on successful return. + Otherwise it will be freed on failure. + [c3d0461efaa1] + + * plugins/sudoers/regress/fuzz/fuzz_sudoers.c: + Add user millert to group sudo, which is often the exempt group. + [fac833a2cf3b] + + * plugins/sudoers/regress/fuzz/fuzz_policy.c: + Add some defaults settings in sudo_file_parse(). We don't have a + real policy file but we still want to exercise callbacks in + sudoers.c. + [9f3d3f668973] + + * plugins/sudoers/sudoers.c: + Do not free sudo_user.iolog_{file,path} in sudo_user_free(). They + are not dynamically allocated. + [59c102ba67cf] + + * lib/iolog/regress/fuzz/fuzz_iolog_timing.c: + Remove unnecessary warnings, we want to fail silently. + [4b1ee5dd2cb4] + + * logsrvd/regress/fuzz/fuzz_logsrvd_conf.c: + No longer need to stub out eventlog config functions. + [08c40b6a63c9] + + * MANIFEST, logsrvd/Makefile.in, + logsrvd/regress/corpus/logsrvd_conf/logsrvd.conf.4, + logsrvd/regress/corpus/logsrvd_conf/logsrvd.conf.5, + logsrvd/regress/corpus/logsrvd_conf/logsrvd.conf.6, + logsrvd/regress/fuzz/fuzz_logsrvd_conf.c: + Call public getters in logsrvd.conf fuzzer and add to corpus. Now + exercises the syslog config erorr path. + [0b314e4e0696] + + * plugins/sudoers/regress/fuzz/fuzz_policy.c: + Add more passes to policy fuzzer Now execises list, list other user + and show_version. + [21a1cc9665ec] + + * plugins/sudoers/defaults.c, plugins/sudoers/policy.c, + plugins/sudoers/regress/fuzz/fuzz_policy.c: + Implement sudoers_policy_deregister_hooks() Register/deregister + hooks in fuzz_policy and also call show_version(). + [8849644a75de] + + * plugins/sudoers/regress/fuzz/fuzz_policy.c, + plugins/sudoers/regress/fuzz/fuzz_sudoers.c, + plugins/sudoers/regress/fuzz/fuzz_sudoers_ldif.c: + Add sudoers debug register/deregister. + [5fba9b19c6fa] + + * plugins/sudoers/defaults.c: + Remove unnecessary break statement. + [aa18c2957f82] + + * plugins/sudoers/regress/fuzz/fuzz_sudoers.out.ok, + plugins/sudoers/regress/sudoers/test14.in, + plugins/sudoers/regress/sudoers/test14.json.ok, + plugins/sudoers/regress/sudoers/test14.ldif.ok, + plugins/sudoers/regress/sudoers/test14.ldif2sudo.ok, + plugins/sudoers/regress/sudoers/test14.out.ok, + plugins/sudoers/regress/sudoers/test14.toke.ok: + Include a sha384 digest in the test corpus. + [6c405febff10] + + * plugins/sudoers/regress/fuzz/fuzz_sudoers.c: + Parse sudoers file in the C locale. + [82d6afbe499b] + + * MANIFEST, plugins/sudoers/regress/sudoers/test26.in, + plugins/sudoers/regress/sudoers/test26.json.ok, + plugins/sudoers/regress/sudoers/test26.ldif.ok, + plugins/sudoers/regress/sudoers/test26.ldif2sudo.ok, + plugins/sudoers/regress/sudoers/test26.out.ok, + plugins/sudoers/regress/sudoers/test26.sudo.ok, + plugins/sudoers/regress/sudoers/test26.toke.ok: + Add regress test with all current Defaults settings. Currently skips + SELinux and Solaris privilege settings. + [79e82a58ccde] + +2021-02-24 Todd C. Miller + + * MANIFEST, plugins/sudoers/Makefile.in, plugins/sudoers/env.c, + plugins/sudoers/sudoers.h, plugins/sudoers/sudoers_hooks.c: + Move env hooks into sudoers_hooks.c. + [7296d05b9206] + + * plugins/sudoers/regress/fuzz/fuzz_sudoers.c: + No need to call check_defaults() and check_aliases() in quiet mode. + [0d0f93849388] + + * plugins/sudoers/gc.c: + sudoers_gc_init() is not currently used + [e74d2870ae25] + + * MANIFEST, plugins/sudoers/Makefile.in, plugins/sudoers/fmtsudoers.c, + plugins/sudoers/fmtsudoers_cvt.c: + Split fmtsudoers.c into the parts used by sudoers plugin and + cvtsudoers. Only testsudoers and cvtsudoers use the full set of + formatting functions. + [8c57e80ae655] + + * plugins/sudoers/regress/fuzz/fuzz_sudoers.c: + Check defaults settings too. + [7dc7d66f47e7] + + * MANIFEST, plugins/sudoers/Makefile.in, + plugins/sudoers/regress/fuzz/fuzz_policy.c, + plugins/sudoers/regress/fuzz/fuzz_stubs.c, + plugins/sudoers/regress/fuzz/fuzz_sudoers.c, + plugins/sudoers/regress/fuzz/fuzz_sudoers_ldif.c: + Add fuzzer-specific stubs source file. + [815c28958d42] + + * Makefile.in: + Do not overwrite existing ChangeLog file if there is no hg/git dir. + We don't want "make install" from a source tarball to nuke the + ChangeLog. + [f7aba6a01d85] + + * lib/iolog/Makefile.in, lib/util/Makefile.in, logsrvd/Makefile.in, + plugins/sudoers/Makefile.in: + Remove fuzzer targets in "make clean" + [25b068bc254b] + + * .gitignore, .hgignore: + Ignore fuzzer targets + [d920254ce731] + + * lib/iolog/regress/fuzz/fuzz_iolog_json.c, + lib/iolog/regress/fuzz/fuzz_iolog_legacy.c, + lib/iolog/regress/fuzz/fuzz_iolog_timing.c, + lib/util/regress/fuzz/fuzz_sudo_conf.c, + plugins/sudoers/regress/fuzz/fuzz_policy.c, + plugins/sudoers/regress/fuzz/fuzz_sudoers.c, + plugins/sudoers/regress/fuzz/fuzz_sudoers_ldif.c: + Set program name in fuzzers so we get consisten warnings. + [1ee4b5478d1c] + + * plugins/sudoers/Makefile.in, + plugins/sudoers/regress/fuzz/fuzz_policy.c: + Use real eventlog config fuctions instead of stubs. + [eed6fc4df1f6] + + * include/sudo_iolog.h, lib/iolog/iolog_fileio.c, + lib/iolog/iolog_loginfo.c: + Move iolog info log writing to iolog_loginfo.c + [292915dae440] + + * MANIFEST, lib/iolog/Makefile.in, lib/iolog/iolog_loginfo.c, + lib/iolog/iolog_timing.c, lib/iolog/iolog_util.c, + lib/iolog/regress/iolog_timing/check_iolog_timing.c, + lib/iolog/regress/iolog_util/check_iolog_util.c: + Split iolog_util.c into iolog_loginfo.c and iolog_timing.c. Also + rename check_iolog_util -> check_iolog_timing. + [5b5249e4aa96] + + * MANIFEST, lib/iolog/Makefile.in, lib/iolog/iolog_legacy.c, + lib/iolog/iolog_util.c: + Move legacy I/O log info file parsing to iolog_legacy.c + [94b767bb56c7] + + * MANIFEST, include/sudo_eventlog.h, lib/eventlog/Makefile.in, + lib/eventlog/eventlog.c, lib/eventlog/eventlog_conf.c: + Move eventlog config code into eventlog_conf.c + [656d65215e50] + + * MANIFEST, lib/eventlog/Makefile.in, lib/eventlog/eventlog.c, + lib/eventlog/eventlog_free.c: + Move eventlog_free() into its own file. + [a5ff36ac0ebb] + + * logsrvd/regress/fuzz/fuzz_logsrvd_conf.c: + Stub out eventlog and iolog configuration setters. + [cc32ba7436cd] + + * MANIFEST, plugins/sudoers/defaults.c, + plugins/sudoers/regress/fuzz/fuzz_sudoers.c, + plugins/sudoers/regress/fuzz/fuzz_sudoers.out.ok: + Update Defaults settings after parsing sudoers. Also stub out + dump_defaults when fuzzing as it is not used. + [fa1e7c7b42c2] + + * plugins/sudoers/Makefile.in, plugins/sudoers/b64_decode.c, + plugins/sudoers/b64_encode.c, plugins/sudoers/base64.c: + Split base64 encode/decode functions into separate source files. + They are independent functions. + [ab0904c5122c] + + * plugins/sudoers/regress/fuzz/fuzz_policy.c: + fuzz_printf and fuzz_conversation can be stubs. + [9b11c9a3f3c3] + +2021-02-23 Todd C. Miller + + * plugins/sudoers/regress/fuzz/fuzz_sudoers.c: + Exercise tilde expansion if used in runcwd or runchroot. + [a6f0995c6a55] + + * plugins/sudoers/check_aliases.c: + Move alias checking code out of visudo.c and into check_aliases.c. + [5c0a91978441] + + * plugins/sudoers/Makefile.in, + plugins/sudoers/regress/fuzz/fuzz_sudoers.c: + Check aliases in fuzz_sudoers if the policy parsed correctly. + [b272e634f204] + + * MANIFEST, plugins/sudoers/Makefile.in, plugins/sudoers/parse.h, + plugins/sudoers/visudo.c: + Move alias checking code out of visudo.c and into check_aliases.c. + [b9c23c958935] + + * plugins/sudoers/Makefile.in, + plugins/sudoers/regress/fuzz/fuzz_sudoers.c: + We don't need to link fuzz_sudoers with file.c. + [4fcd15e8cdcf] + + * lib/iolog/regress/fuzz/fuzz_iolog_json.dict, + lib/util/regress/fuzz/fuzz_sudo_conf.dict, + plugins/sudoers/regress/fuzz/fuzz_policy.dict, + plugins/sudoers/regress/fuzz/fuzz_sudoers.dict, + plugins/sudoers/regress/fuzz/fuzz_sudoers_ldif.dict: + Strings in dictionary files need to be quoted. + [8a95ea335d2d] + + * MANIFEST, lib/iolog/Makefile.in, + lib/iolog/regress/fuzz/fuzz_iolog_json.dict, lib/util/Makefile.in, + lib/util/regress/fuzz/fuzz_sudo_conf.dict, + plugins/sudoers/Makefile.in, + plugins/sudoers/regress/fuzz/fuzz_policy.dict, + plugins/sudoers/regress/fuzz/fuzz_sudoers.dict, + plugins/sudoers/regress/fuzz/fuzz_sudoers_ldif.dict: + Add dictionary files for fuzzers where possible. + [4d9147fd50fd] + +2021-02-22 Todd C. Miller + + * plugins/sudoers/regress/fuzz/fuzz_sudoers.c: + Also free safe_cmnd so it doesn't leak. + [5071a1ffa5d0] + + * plugins/sudoers/stubs.c, plugins/sudoers/testsudoers.c: + Return NOT_FOUND from the set_cmnd_path() stub since we don't set + user_cmnd. The purpose of set_cmnd_path() is to reset user_cmnd + based on a new runchroot. For the stub version we don't modify + user_cmnd and so must not return a status of FOUND. Fixes oss-fuzz + issue #31250 which only affected the fuzzer and not sudo. + [36fe416668df] + + * plugins/sudoers/Makefile.in, + plugins/sudoers/regress/fuzz/fuzz_sudoers.out.ok: + Fix fuzz_sudoers output matching. + [6cec1e5aa799] + + * lib/fuzzstub/fuzzstub.c: + Print "running" and "executed" lines to stderr like libfuzzer does. + [b76b7a4a6ff3] + + * plugins/sudoers/pwutil_impl.c: + Support passing sudo_make_gidlist_item() an array of gids. The gids + are formatted as strings, not gid_t. + [d1608f63ae91] + + * plugins/sudoers/regress/fuzz/fuzz_sudoers.c, + plugins/sudoers/regress/fuzz/fuzz_sudoers.out.ok: + Prime user/group cached and set the interface list. Also match + parsed policy against multiple users. + [ec19b5658a2a] + + * plugins/sudoers/pwutil.c, plugins/sudoers/sudoers.h: + Add sudo_mkgrent(), to be used to prime the group cache in + tests/fuzzers. + [333f0887abbc] + +2021-02-21 Todd C. Miller + + * plugins/sudoers/Makefile.in, + plugins/sudoers/regress/fuzz/fuzz_sudoers.c: + Perform matching in fuzz_sudoers for inputs that parse correctly. + The fuzzer now exercised the normal match code as well as the + pseudo-command (list, validate, etc) match code. Privileges are also + listed for well-formed sudoers file. + [8caf505d7341] + + * plugins/sudoers/match_command.c, plugins/sudoers/match_digest.c, + plugins/sudoers/parse.h: + Add back SUDOERS_NAME_MATCH and enable it when fuzzing. This avoids + the test environment from influencing sudoers matching. + [496b3a7184a8] + + * plugins/sudoers/match_command.c: + Add missing globfree(3) in command_matches_glob() when matching a + directory. + [1d6d28d6eb61] + +2021-02-19 Todd C. Miller + + * lib/util/sudo_dso.c: + Add support on AIX for loading plugins that are .a (not .so) files. + It is possible to specify the member name in parens after the path, + e.g. sudoers.a(shr.o) for 32-bit or sudoers.a(shr_64.o) for 64-bit. + If no member is specified in the path and dlopen() fails with + ENOEXEC, try again with an explicit member, either shr.o or + shr_64.o. + [90d975989148] + + * Makefile.in, doc/Makefile.in, examples/Makefile.in, + include/Makefile.in, lib/eventlog/Makefile.in, + lib/fuzzstub/Makefile.in, lib/iolog/Makefile.in, + lib/logsrv/Makefile.in, lib/util/Makefile.in, lib/zlib/Makefile.in, + logsrvd/Makefile.in, plugins/audit_json/Makefile.in, + plugins/group_file/Makefile.in, plugins/python/Makefile.in, + plugins/sample/Makefile.in, plugins/sample_approval/Makefile.in, + plugins/sudoers/Makefile.in, plugins/system_group/Makefile.in, + src/Makefile.in: + Add clean rules to .PHONY target. + [dea3468f3f7b] + +2021-02-18 Todd C. Miller + + * Makefile.in, doc/Makefile.in, examples/Makefile.in, + include/Makefile.in, lib/eventlog/Makefile.in, + lib/fuzzstub/Makefile.in, lib/iolog/Makefile.in, + lib/logsrv/Makefile.in, lib/util/Makefile.in, lib/zlib/Makefile.in, + logsrvd/Makefile.in, plugins/audit_json/Makefile.in, + plugins/group_file/Makefile.in, plugins/python/Makefile.in, + plugins/sample/Makefile.in, plugins/sample_approval/Makefile.in, + plugins/sudoers/Makefile.in, plugins/system_group/Makefile.in, + src/Makefile.in: + Add install-fuzz Makefile target to install the fuzzers and seed + corpus. The FUZZ_DESTDIR make variable needs to be set in the + environment or on the command line. + [89c4dc1e8cb0] + + * plugins/sudoers/Makefile.in: + Only display fuzz_policy output if the fuzzer exits with an error. + [c6927227be4a] + + * plugins/sudoers/regress/corpus/policy/policy.1, + plugins/sudoers/regress/fuzz/fuzz_policy.c: + Call list, validate and invalidate entry points too. We need a + separate open/close for each one. + [fbbc5bdb4541] + + * INSTALL, configure, configure.ac: + Add --disable-ssp configure option. This allows for disabling + -fstack-protector without turning off the other hardening options. + [1d9ca18e4fa9] + + * lib/util/regress/getdelim/getdelim_test.c: + Test the error case by closing the underlying fd. Note that we don't + use ferror() here since our getdelim() has no way to set the error + flag if there is a memory allocation error. + [df0464968e2c] + + * lib/util/regress/getdelim/getdelim_test.c: + Test the case where getdelim() must reallocate the buffer. + Reproduces Bug #960. + [df4dbc0830be] + + * lib/eventlog/eventlog.c: + When logging JSON to syslog, wrap the contents in a "sudo" object. + This makes it easier for log parsers to identify what is a sudo log + entry. + [2c96aeaabc8e] + + * plugins/sudoers/regress/fuzz/fuzz_policy.c: + Restore the check for sudoers_policy.close == NULL. The fuzzers run + as part of "make check" too in which case NO_LEAKS won't be defined + and the close function will be set to NULL. + [8418ff5f6dfb] + + * lib/iolog/iolog_json.c: + Use %td when printing the difference of two pointers. + [608de9ab3902] + + * plugins/sudoers/parse.c: + Don't print a NULL as a string if role/type/privs/limitprivs is not + set. We can't rely on printf("%s", NULL) not crashing. + [4a04efbcbff9] + + * plugins/sudoers/sudoers.c: + Fix compilation error on Solaris introduced with sudo_user_free(). + [0ce4e0ac807e] + +2021-02-17 Todd C. Miller + + * NEWS: + Bug #960. + [82303f217d8b] + + * plugins/sudoers/toke.c, plugins/sudoers/toke.l: + Distinguish between EOF and error using feof(3), not ferror(3). Our + getdelim(3) emulation won't set the error flag if the error is due + to an allocation failure. This explains the premature EOF without + error seen in Bug #960. + [5a70875f92fa] + + * lib/util/getdelim.c: + Reset end pointer when reallocing the line buffer in getdelim(). + Fixes excessive memory allocations for long lines. Bug #960. + [d6dd6893b38a] + + * lib/eventlog/Makefile.in, lib/iolog/Makefile.in, + plugins/sudoers/Makefile.in: + Remove duplicated MALLOC_OPTIONS and MALLOC_CONF env variables. + [2f7695aadad9] + + * lib/iolog/iolog_json.c: + On parse error, display line and column instead of the offending + line. + [bbda04a5b05d] + + * logsrvd/Makefile.in, plugins/sudoers/Makefile.in: + regen + [20e093fd76f0] + + * NEWS, configure, configure.ac: + Sudo 1.9.6 + [1c76fe52426f] + +2021-02-16 Todd C. Miller + + * lib/iolog/iolog_json.c, lib/iolog/iolog_util.c: + Pass I/O log memory allocation errors up to the caller. + [4777add71679] + + * INSTALL, config.h.in, configure, configure.ac, doc/sudoers.man.in, + doc/sudoers.mdoc.in, pathnames.h.in, plugins/sudoers/def_data.c, + plugins/sudoers/def_data.h, plugins/sudoers/def_data.in, + plugins/sudoers/defaults.c, plugins/sudoers/timestamp.c: + Add admin_flag sudoers option and make --enable-admin-flag take a + path. It is now possible to disable the Ubuntu admin flag in sudoers + or change its location. GitHub issue #56 + [d77c3876fa95] + + * plugins/sudoers/exptilde.c, + plugins/sudoers/regress/exptilde/check_exptilde.c: + Fix tilde expansion of paths with no user like ~/foo. The '/' + separator was missing in the resulting path. + [dbba61f76d6c] + + * doc/sudo.conf.man.in, doc/sudo.conf.mdoc.in, lib/util/sudo_conf.c, + plugins/sudoers/policy.c: + Limit max_groups in sudo.conf to 1024. The max_groups setting should + no longer be needed anyway. + [aee7843e0c7d] + + * plugins/sudoers/policy.c, plugins/sudoers/sudoers.c: + In sudoers_policy_close() call sudoers_cleanup() instead of + sudo_user_free(). If we didn't call sudoers_policy_main() due to an + early error there may be more things to clean up. + [683d69d84aa6] + + * plugins/sudoers/policy.c: + Check for invalid flag combinations from front-end for all cases. + The checks are now performed in the check_policy, list, validate and + invalidate functions instead of as part of the open function. We + can't perform the checks in open because we don't yet know what + operation is going to be performed. + [b09105b3bb42] + + * plugins/sudoers/policy.c, + plugins/sudoers/regress/fuzz/fuzz_policy.c, + plugins/sudoers/sudoers.c: + Always dynamically allocate user_cmnd, it is freed in + sudo_user_free(). Instead of setting user_cmnd in the policy + functions, always set argv. Calling sudoers_policy_main() with argc + of 0 is no longer allowed. + [820f1f4e5c44] + + * plugins/sudoers/policy.c: + No need for sudoers_cleanup() in sudoers_policy_invalidate(). The + sudoers close() function is now called even for "sudo -k". Also no + need to set user_cmnd, it is not used in this code path. + [c2c9832c32f4] + +2021-02-15 Todd C. Miller + + * MANIFEST, logsrvd/Makefile.in, logsrvd/logsrvd_conf.c, + logsrvd/regress/corpus/logsrvd_conf/logsrvd.conf.1, + logsrvd/regress/corpus/logsrvd_conf/logsrvd.conf.2, + logsrvd/regress/corpus/logsrvd_conf/logsrvd.conf.3, + logsrvd/regress/fuzz/fuzz_logsrvd_conf.c: + Add simple fuzzer for sudo_logsrvd.conf parser. + [8b5cd9e24656] + + * lib/iolog/regress/fuzz/fuzz_iolog_timing.c: + Fix unlinking of timing temp file. + [8b0ce6d777c8] + + * lib/eventlog/Makefile.in, lib/iolog/Makefile.in, + plugins/python/Makefile.in, plugins/sudoers/Makefile.in: + Set MALLOC_OPTIONS and MALLOC_CONF for all regress targets. + [47e8b85d1d9a] + + * MANIFEST, lib/util/Makefile.in, + lib/util/regress/corpus/sudo_conf/sudo.conf.1, + lib/util/regress/corpus/sudo_conf/sudo.conf.2, + lib/util/regress/corpus/sudo_conf/sudo.conf.3, + lib/util/regress/fuzz/fuzz_sudo_conf.c: + Add simple fuzzer for sudo.conf parser. + [8a530402f936] + + * plugins/sudoers/policy.c, + plugins/sudoers/regress/fuzz/fuzz_policy.c, + plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h: + Free struct sudo_user in sudoers_policy_close() and + sudoers_cleanup(). Also, do not NULL out the close function if + NO_LEAKS is defined. + [f3fbf78e6e41] + + * MANIFEST, lib/iolog/Makefile.in, + lib/iolog/regress/corpus/log_legacy/id, + lib/iolog/regress/corpus/log_legacy/id.log, + lib/iolog/regress/corpus/log_legacy/ls, + lib/iolog/regress/corpus/log_legacy/ls.log, + lib/iolog/regress/corpus/log_legacy/mailq, + lib/iolog/regress/corpus/log_legacy/mailq.log, + lib/iolog/regress/corpus/log_legacy/make, + lib/iolog/regress/corpus/log_legacy/make.log, + lib/iolog/regress/corpus/log_legacy/pkg_add, + lib/iolog/regress/corpus/log_legacy/pkg_add.log, + lib/iolog/regress/corpus/log_legacy/pkg_delete, + lib/iolog/regress/corpus/log_legacy/pkg_delete.log, + lib/iolog/regress/corpus/log_legacy/printenv, + lib/iolog/regress/corpus/log_legacy/printenv.log, + plugins/sudoers/Makefile.in: + For "make fuzz" only fuzz the seed corpus. This way we avoid files + generated by the fuzzer itself. + [42ace1dec313] + +2021-02-14 Todd C. Miller + + * plugins/sudoers/env.c, plugins/sudoers/gc.c, + plugins/sudoers/policy.c, + plugins/sudoers/regress/fuzz/fuzz_policy.c, + plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h: + Fix sudoers garbage collection and run it in policy fuzzer. + [c0d572fd9921] + + * .github/workflows/main.yml: + Rename master -> main + [57000edd1aff] + + * plugins/sudoers/policy.c: + Do not include errno string for invalid params from front-end. + [2d0b55b3041f] + + * plugins/sudoers/parse.c, plugins/sudoers/policy.c, + plugins/sudoers/regress/fuzz/fuzz_policy.c: + Always dynamically allocate user_role, user_type, user_privs, + user_limitprivs + [f5992824219d] + + * plugins/sudoers/policy.c: + Remove dead code, front-end does not set runas_privs or + runas_limitprivs + [6ce3da323452] + + * plugins/sudoers/iolog.c: + Plug memory leak if there are duplicate user_info or command_info + entries. + [21865246a4dc] + +2021-02-13 Todd C. Miller + + * .github/workflows/main.yml: + Add CIFuzz workflow to run fuzzers on push or PR. + https://google.github.io/oss-fuzz/getting-started/continuous- + integration/ + [47f1c8015ec5] + + * plugins/sudoers/check.h, plugins/sudoers/regress/fuzz/fuzz_policy.c, + plugins/sudoers/sudoers.c, plugins/sudoers/timestamp.c: + Move create_admin_success_flag() to timestamp.c. + [0675f230288c] + + * configure, configure.ac: + Error out if fuzzer/sanitizer enabled but not supported by the + compiler. + [289afba93f79] + + * plugins/sudoers/regress/fuzz/fuzz_policy.c: + The push() function was not updating the size after reallocating. + [e089aaeee3b2] + + * plugins/sudoers/pwutil_impl.c, src/sudo.c: + If sudo_getgrouplist2() returns -1, clamp ngroups based on + max_groups. The ngroups parameter is an out parameter that is filled + in with the actual number of groups, which may be less than the + static number allocated when max_groups is set in sudo.conf. Fixes a + potential out of bounds read found by LLVM libFuzzer. + [a26461ccf891] + +2021-02-12 Todd C. Miller + + * plugins/sudoers/policy.c: + Reset sudoers path, owner and mode before parsing plugin arguments. + This is only needed when calling sudoers_policy_deserialize_info() + more than once, which is true for the policy fuzzer. + [a25a6210f48c] + + * plugins/sudoers/sudoers.c: + Cleanup sudoers sources on denial and error too. + [454b7adcfa21] + + * plugins/sudoers/pwutil.c: + Fix sudo_getgrgid reference count bug when gid doesn't exist. This + one was missed when the other user/group lookup functions were + fixed. + [20e3fad6768b] + + * plugins/sudoers/policy.c: + Plug memory leak if there are duplicate user_info entries. + [b8ddcfa0a051] + + * MANIFEST, plugins/sudoers/Makefile.in, + plugins/sudoers/regress/corpus/policy/policy.1, + plugins/sudoers/regress/corpus/policy/policy.2, + plugins/sudoers/regress/corpus/policy/policy.3, + plugins/sudoers/regress/corpus/policy/policy.4, + plugins/sudoers/regress/corpus/policy/policy.5, + plugins/sudoers/regress/fuzz/fuzz_policy.c, + plugins/sudoers/sudoers.c: + Fuzz sudoers policy module API. Includes a test case to reproduce + CVE-2021-3156. + [576d065759cf] + + * lib/iolog/Makefile.in, plugins/sudoers/Makefile.in: + Make fuzz targets depend on fuzzer stub library. We really want a + dependency on $(LIB_FUZZING_ENGINE) but that could be a flag like + "-fsanitize=fuzzer" instead of a path. + [0963418f1cf9] + + * lib/util/Makefile.in: + regen + [dd872eceb19e] + + * MANIFEST, plugins/sudoers/Makefile.in: + Move audit.c from libparsesudoers to the sudoers module itself. Now + that audit.c contains the audit module it doesn't belong in + libparsesudoers. + [3df4f6e10f54] + + * configure, configure.ac: + Do not pass AX_APPEND_FLAG more than a single flag. GitHub issue #92 + [ed9ccdd41231] + +2021-02-10 Todd C. Miller + + * lib/eventlog/Makefile.in, lib/iolog/Makefile.in, + logsrvd/Makefile.in, plugins/sudoers/Makefile.in: + Fix up some .la file library dependencies. libsudo_iolog.la already + depends on libsudo_util.la and libsudo_eventlog.la so we don't need + to list those explicitly when libsudo_iolog.la is listed. + [d8b55cf698b5] + + * lib/eventlog/eventlog.c, lib/util/Makefile.in, lib/util/progname.c, + lib/util/regress/progname/progname_test.c, lib/util/sudo_conf.c, + lib/util/util.exp.in, plugins/sudoers/audit.c, + plugins/sudoers/find_path.c, plugins/sudoers/iolog.c, + plugins/sudoers/match_command.c, plugins/sudoers/sudoers.c, + plugins/sudoers/testsudoers.c, plugins/sudoers/visudo.c, + src/sudo_edit.c, src/sudo_noexec.c: + Use sudo_basename() instead of doing the equivalent manually. + [67e2b5d68a73] + + * MANIFEST, include/sudo_util.h, lib/util/Makefile.in, + lib/util/basename.c, lib/util/util.exp.in: + Add a GNU-compatible version of basename(3). Unlike POSIX + basename(3), the GNU variant does not modify its argument. Note that + basename of a path ending in "/" returns an empty string. + [693e1d39718a] + +2021-02-09 Todd C. Miller + + * lib/iolog/iolog_fileio.c: + feof(3) returns non-zero at EOF, not necessarily 1. On Illumos at + least it returns a value other than 1. + [fc2242fe7c6e] + + * plugins/sudoers/toke.c, plugins/sudoers/toke.l: + Portable workaround for getdelim(3) implementations modify buf on + EOF. We should assume that the contents of buf are undefined when + getdelim(3) returns -1. We now peek ahead one char and skip the + getdelim(3) call if EOF is detected. This will preserve the original + value of the last line. + [1e353f05a0fa] + + * plugins/sudoers/toke.c, plugins/sudoers/toke.l: + Some getdelim(3) implementations write a NUL to the buffer on EOF. + AIX and Illumos appear to have this behavior. We now preserve the + first character of the buffer on EOF to work around this. Fixes + reporting of syntax errors on the last line of a file. + [22611c14c1d1] + + * plugins/sudoers/Makefile.in: + Fuzz the example sudoers file, not the default one. The default + sudoers uses @includedir which can result in different output, + depending on the permissions of /etc/sudoers.d. + [1b325a1d0e0a] + + * configure, configure.ac: + illumos has a broken fmemopen(3), don't use it. + [d297ee0339e6] + +2021-02-08 Todd C. Miller + + * config.h.in, configure, configure.ac, include/sudo_compat.h: + Add configure check for SSIZE_MAX + [ca7699154705] + + * lib/iolog/iolog_json.c: + Suppress PVS Studio false positives. + [6d8fcec047e5] + + * src/sesh.c: + Silence a clang analyzer false positive. + [8bc3e89f6fbb] + + * plugins/sudoers/toke_util.c: + Silence a clang analyzer false positive. + [2489166fc372] + + * lib/fuzzstub/fuzzstub.c: + Fix CID 217123, size check always false on 64-bit systems. + [3c018b5d43a8] + + * plugins/sudoers/regress/fuzz/fuzz_sudoers_ldif.c: + Make open_sudoers() always return NULL like fuzz_sudoers.c + [042de90307ae] + + * plugins/sudoers/regress/sudoers/test4.toke.ok, + plugins/sudoers/regress/sudoers/test5.toke.ok, + plugins/sudoers/regress/sudoers/test7.toke.ok, + plugins/sudoers/regress/sudoers/test8.toke.ok: + Update *.toke.ok now that lexer doesn't call sudoerserror() itself. + [d60c0d33b5b4] + + * plugins/sudoers/gram.c, plugins/sudoers/gram.h, + plugins/sudoers/gram.y, plugins/sudoers/toke.c, + plugins/sudoers/toke.h, plugins/sudoers/toke.l: + The lexer now sets an error string before returning ERROR. The + parser will use that when reporting on an ERROR state. This prevents + the lexer from reporting errors about tokens that are not actually + consumed by the parser and we don't have to worry about both the + lexer and the parser reporting errors. It also means we only get one + error per sudoers line. + [7ffb0d28862f] + + * plugins/sudoers/gram.c, plugins/sudoers/gram.h, + plugins/sudoers/gram.y, plugins/sudoers/toke.c, + plugins/sudoers/toke.l: + Go back to storing the last error file/line in sudoerserrorf(). This + is still the best way to avoid displaying more than one error per + line. + [21da59d69c5f] + + * configure, configure.ac: + Add -fsanitize=fuzzer-no-link to ASAN_LDFLAGS too, not just + ASAN_CFLAGS. + [d3c719c72d79] + + * MANIFEST, Makefile.in, doc/Makefile.in, examples/Makefile.in, + include/Makefile.in, lib/eventlog/Makefile.in, + lib/fuzzstub/Makefile.in, lib/iolog/Makefile.in, + lib/logsrv/Makefile.in, lib/util/Makefile.in, lib/zlib/Makefile.in, + logsrvd/Makefile.in, plugins/audit_json/Makefile.in, + plugins/group_file/Makefile.in, plugins/python/Makefile.in, + plugins/sample/Makefile.in, plugins/sample_approval/Makefile.in, + plugins/sudoers/Makefile.in, + plugins/sudoers/regress/fuzz/fuzz_sudoers.out.ok, + plugins/system_group/Makefile.in, src/Makefile.in: + Add fuzz Makefile target and run fuzzer corpus in make check. + [a66085f05dea] + +2021-02-07 Todd C. Miller + + * MANIFEST, Makefile.in, configure, configure.ac, + lib/fuzzstub/Makefile.in, lib/fuzzstub/fuzzstub.c, + lib/iolog/regress/fuzz/fuzz_iolog_json.c, + lib/iolog/regress/fuzz/fuzz_iolog_legacy.c, + lib/iolog/regress/fuzz/fuzz_iolog_timing.c, + plugins/sudoers/regress/fuzz/fuzz_sudoers.c, + plugins/sudoers/regress/fuzz/fuzz_sudoers_ldif.c: + Add stub library that just feeds files to the fuzzing target. This + will allow the fuzzers to be run as part of "make check". + [aa8fda20c3f8] + + * scripts/mkpkg: + Append to CFLAGS and LDFLAGS instead of overriding them when adding + -m64. + [d02cf3c28198] + + * config.h.in, configure, configure.ac, + lib/iolog/regress/fuzz/fuzz_iolog_json.c, + lib/iolog/regress/fuzz/fuzz_iolog_legacy.c, + lib/iolog/regress/fuzz/fuzz_iolog_timing.c, + plugins/sudoers/regress/fuzz/fuzz_sudoers.c, + plugins/sudoers/regress/fuzz/fuzz_sudoers_ldif.c: + Fall back to a temp file if fmemopen() is not available(). + [87f804b98c18] + + * plugins/sudoers/gram.c, plugins/sudoers/gram.y: + Add missing return statement when NO_LEAKS is not defined. + [25b8e1041b62] + + * lib/eventlog/Makefile.in: + Remove remnants of liblogsrv. + [5030114bb12f] + + * INSTALL, configure, configure.ac, lib/iolog/Makefile.in, + plugins/sudoers/Makefile.in: + Add --enable-fuzzer-linker and --enable-fuzzer-engine options. These + will allow the fuzzers to be built as part of oss-fuzz. + [c3176bd8b95b] + +2021-02-06 Todd C. Miller + + * .gitignore, .hgignore: + Sync ignore files. + [ddf136d412f7] + + * plugins/sudoers/Makefile.in: + Fix linking of sudoers fuzzers with static libsudo_util. + [86d07a5a671d] + + * INSTALL, configure, configure.ac, lib/iolog/Makefile.in, + plugins/sudoers/Makefile.in: + Add --enable-fuzzer option to use when building fuzzers + [01e31362c2b0] + + * INSTALL, configure, configure.ac: + Replace --enable-asan with --enable-sanitizer It is not possible to + set the sanitizer flags at configure time. + [115d869e1d55] + +2021-02-06 Anton Bershanskiy <45960703+bershanskiy@users.noreply.github.com> + + * src/copy_file.c: + Fix comment typo in src/copy_file.c + [60dbf6da4712] + +2021-02-06 Todd C. Miller + + * lib/iolog/Makefile.in, lib/iolog/regress/fuzz/fuzz_iolog_json.c, + lib/iolog/regress/fuzz/fuzz_iolog_legacy.c, + lib/iolog/regress/fuzz/fuzz_iolog_timing.c, + plugins/sudoers/Makefile.in, + plugins/sudoers/regress/fuzz/fuzz_sudoers.c, + plugins/sudoers/regress/fuzz/fuzz_sudoers_ldif.c: + Build (but don't run) fuzzers as part of "make check". Uses a stub + to make it possible to link w/o libfuzzer. The goal is to ensure the + fuzzers are always buildable and avoid bit rot. + [9186e252b8bf] + + * lib/iolog/Makefile.in, plugins/sudoers/Makefile.in: + Add libsudo_eventlog.la as a dependency of libsudo_iolog.la No + longer need to link against libsudo_eventlog.la in sudoers. + [508097f86035] + +2021-02-05 Todd C. Miller + + * MANIFEST, lib/iolog/regress/corpus/log_json/id.json, + lib/iolog/regress/corpus/log_json/ls.json, + lib/iolog/regress/corpus/log_json/mailq.json, + lib/iolog/regress/corpus/log_json/make.json, + lib/iolog/regress/corpus/log_json/pkg_add.json, + lib/iolog/regress/corpus/log_json/pkg_delete.json, + lib/iolog/regress/corpus/log_json/printenv.json, + lib/iolog/regress/corpus/log_legacy/id, + lib/iolog/regress/corpus/log_legacy/ls, + lib/iolog/regress/corpus/log_legacy/mailq, + lib/iolog/regress/corpus/log_legacy/make, + lib/iolog/regress/corpus/log_legacy/pkg_add, + lib/iolog/regress/corpus/log_legacy/pkg_delete, + lib/iolog/regress/corpus/log_legacy/printenv, + lib/iolog/regress/corpus/timing/timing.1, + lib/iolog/regress/corpus/timing/timing.2, + lib/iolog/regress/corpus/timing/timing.3, + lib/iolog/regress/corpus/timing/timing.4: + Add more test files for fuzzers. + [22256acfbe23] + +2021-02-05 Daniel Milnes + + * doc/sudo.mdoc.in: + Fix the typo in the mdoc + [e0ad7f93e678] + + * doc/sudo.man.in: + Fix a tiny typo in the Sudo manpage + [d52c308677bf] + +2021-02-04 Todd C. Miller + + * MANIFEST, lib/iolog/regress/fuzz/fuzz_iolog_timing.c: + fuzzer for I/O log timing files + [7b32f8eecfd6] + + * lib/iolog/iolog_json.c: + In JSON, name/value pairs must be separated by a comma. Previously + we didn't require the comma to be there. + [bb70cecf6360] + + * lib/iolog/iolog_json.c: + Detect integer overflow when converting JSON_ARRAY to string vector. + Extremely unlikely to happen but better safe than sorry. + [60a7a4d3a1d8] + +2021-02-03 Todd C. Miller + + * plugins/sudoers/toke.c, plugins/sudoers/toke.l: + Only strip double quotes from an include path if len >= 2. Found + locally using libfuzzer/oss-fuzz. + [274d0a05081b] + + * plugins/sudoers/regress/fuzz/fuzz_sudoers.c: + Don't allow the sudoers fuzzer to open include files. If we allow + the fuzzer to choose include paths it will include random files in + the file system. This leads to bug reports that cannot be + reproduced. + [b8ffce94f30a] + + * plugins/sudoers/toke.c, plugins/sudoers/toke.l: + If getdelim() returns a string with embedded NULs, truncate on first + one. This should avoid some issues with the fuzzer. + [e90e61d4bb0e] + + * plugins/sudoers/toke.c, plugins/sudoers/toke.l: + Reallocate the buffer correctly when appending a newline. Fixes a + potential buffer overflow introduced in the last commit. + [50b0f77aed5f] + + * plugins/sudoers/alias.c, plugins/sudoers/gram.c, + plugins/sudoers/gram.y: + Don't free the alias name in alias_add() if the alias already + exists. We need to be able to display it using alias_error(). Only + free what we actually allocated in alias_add() on error and let the + caller handle cleanup. Note that we cannot completely fill in the + alias until it is inserted. Otherwise, we will have modified the + file and members parameters even if there was an error. As a result, + we have to remove those from the leak list after alias_add(), not + before. + [6a920646d7d1] + + * plugins/sudoers/toke.c, plugins/sudoers/toke.l: + Fix NUL termination when parsing a sudoers file with no ending + newline. oss-fuzz issue #30252 + [5c75d8e15966] + + * plugins/sudoers/toke.c, plugins/sudoers/toke.l: + sudoersrestart() does not reset state to INITIAL, do it in + init_lexer(). Fixes spurious errors from fuzz_sudoers, which calls + the parser multiple times. + [bf2c1c3b82e6] + + * plugins/sudoers/regress/parser/check_fill.c, plugins/sudoers/toke.c, + plugins/sudoers/toke.h, plugins/sudoers/toke.l, + plugins/sudoers/toke_util.c: + Push lexer leak tracking down into check_fill.c. This lets us track + things correctly when buffers are realloc()d. Rewrote fill() and + append() to be more readable. + [a1e61a4a7aad] + + * plugins/sudoers/regress/fuzz/fuzz_sudoers.c, + plugins/sudoers/sudoers.h, plugins/sudoers/visudo.c: + Use sudoersrestart() in fuzz_sudoers.c Since we run the parser + multiple times we need to restart it each time. + [64792d363f62] + + * plugins/sudoers/regress/fuzz/fuzz_sudoers.c: + Parser needs user_shost for the %h escape in @include expansion. + Fixes oss-fuzz issue #30238 + [b043e413be31] + + * INSTALL: + The --disable-leaks option is not recommended for production use. + [cb37a56f4e99] + + * plugins/sudoers/gram.c, plugins/sudoers/gram.y: + Remove options from the leak list before freeing them. Should fix + oss-fuzz issue #30236 + [1ee6dac8c027] + + * MANIFEST, include/sudo_iolog.h, lib/iolog/iolog_util.c, + lib/iolog/regress/fuzz/fuzz_iolog_legacy.c: + Add fuzzer for legacy I/O log info file. + [3f4ed83660ca] + + * doc/Makefile.in, plugins/sudoers/Makefile.in: + Fix uninstall target; there were missing line continuation chars. + GitHub issue #87 + [02cffb51c15c] + +2021-02-02 Todd C. Miller + + * plugins/sudoers/cvtsudoers.c, plugins/sudoers/parse_ldif.c: + Don't close fp in sudoers_parse_ldif() The caller should be the one + to handle this. + [e8d830851379] + + * .gitignore, .hgignore: + Update ignore files. + [0c8245d8097c] + + * plugins/sudoers/alias.c, plugins/sudoers/gram.c, + plugins/sudoers/gram.y: + Got back to calling alias_free() on alias_add() failure. We now need + to remove the name and members from the leak list + *before* calling alias_add() since alias_add() will consume them for + both success and failure. + [65c95a84f8ca] + + * plugins/sudoers/regress/fuzz/fuzz_sudoers.c: + close sudoersin, not fp, and reset it to be safe + [f616d1c7c09a] + + * lib/iolog/regress/fuzz/fuzz_iolog_json.c, + plugins/sudoers/regress/fuzz/fuzz_sudoers.c, + plugins/sudoers/regress/fuzz/fuzz_sudoers_ldif.c: + Add missing fclose(3) of fmemopen(3) stream; it does not modify the + data. + [9207901dcccd] + + * lib/iolog/iolog_json.c: + Check for unexpected value after checking the name, not before. + [6f973cc4378d] + + * lib/util/progname.c: + Allow getprogname() to succeed as long as __progname is present. + Also simplify the progname code so we only need a single + implementation. + [300a29bd117e] + + * lib/iolog/iolog_json.c: + Fix potential leak of evlog->runuser. Also warn if we find an + unexpected JSON type. + [0ec615b3d4e0] + +2021-02-01 Todd C. Miller + + * plugins/sudoers/regress/fuzz/fuzz_sudoers_ldif.c: + Parse into a local parse_tree and add missing cleanup. Since + parsed_policy is for the sudoers parser we should declare our own. + [c418d65e7bb4] + + * plugins/sudoers/regress/fuzz/fuzz_sudoers.c: + Call init_parser() after parsing to clean up completely. + [2063d26ab401] + + * MANIFEST, plugins/sudoers/gram.c, plugins/sudoers/gram.y, + plugins/sudoers/regress/sudoers/test25.in, + plugins/sudoers/regress/sudoers/test25.json.ok, + plugins/sudoers/regress/sudoers/test25.ldif.ok, + plugins/sudoers/regress/sudoers/test25.out.ok, + plugins/sudoers/regress/sudoers/test25.toke.ok, + plugins/sudoers/toke.c, plugins/sudoers/toke.l, + plugins/sudoers/toke_util.c: + Plug a few more parser leaks. + [c9478efdd65d] + + * plugins/sudoers/gram.c, plugins/sudoers/gram.y: + Make parser_leak_remove(type, NULL) a no-op. + [7699e99a028a] + + * MANIFEST, lib/iolog/regress/fuzz/fuzz_iolog_json.c, + plugins/sudoers/regress/fuzz/fuzz_sudoers.c, + plugins/sudoers/regress/fuzz/fuzz_sudoers_ldif.c: + Add initial fuzzers to be used by oss-fuzz. These are not yet hooked + up to the sudo build. + [5593a755f359] + + * plugins/sudoers/gc.c, plugins/sudoers/sudoers.h: + Garbage collect unused gc_remove() function. + [ff561edd846e] + + * plugins/sudoers/Makefile.in, + plugins/sudoers/regress/testsudoers/test11.sh, + plugins/sudoers/regress/testsudoers/test12.sh, + plugins/sudoers/regress/testsudoers/test13.sh, + plugins/sudoers/regress/testsudoers/test4.sh, + plugins/sudoers/regress/testsudoers/test5.sh: + The parser should be leak free, re-enable leak detection in ASAN. + [a89599540a5a] + + * plugins/sudoers/alias.c, plugins/sudoers/gram.c, + plugins/sudoers/gram.h, plugins/sudoers/gram.y, + plugins/sudoers/parse.h, plugins/sudoers/toke.c, + plugins/sudoers/toke.l, plugins/sudoers/toke_util.c: + Add garbage collection to the sudoers parser to clean up on error. + This makes it possible to avoid memory leaks when there is a parse + error. + [ef739da324bb] + +2021-01-31 Todd C. Miller + + * plugins/sudoers/gram.c, plugins/sudoers/gram.y, + plugins/sudoers/ldap.c, plugins/sudoers/ldap_util.c, + plugins/sudoers/parse.h, plugins/sudoers/sssd.c, + plugins/sudoers/sudo_ldap.h: + Move new_member_all to ldap_util.c, it is only used by ldap/sssd. + [9df2efb6956a] + +2021-01-30 Todd C. Miller + + * lib/iolog/iolog_json.c: + Fix crashes trying to parse invalid JSON. Found locally using + libfuzzer/oss-fuzz. + [b74c8c260d60] + + * lib/iolog/iolog_json.c: + Plug memory leak if a key is listed more than once in the log.json + file. + [764ef247f13e] + + * lib/iolog/regress/iolog_json/check_iolog_json.c: + Fix crash when file does not exist. + [55a46b75e6ed] + + * plugins/sudoers/gentime.c: + Strict tz offset parsing. Fixes an out of bounds read found locally + using libfuzzer/oss-fuzz. + [72266f1af75d] + + * plugins/sudoers/ldap_util.c: + Don't leak memory for duplicate command options. The last option + wins but we also now warn about the duplicate. Found locally using + libfuzzer/oss-fuzz. + [f1cd342e62f7] + + * plugins/sudoers/ldap_util.c: + Copy command options when converting a sudoRole with multiple + sudoCommands. A sudoRole with multiple sudoCommands is converted to + a privilege with multiple cmndspecs. However, we were not copying + some of the command options to subsequent cmndspecs in the list. + [d8309574a756] + + * plugins/sudoers/parse_ldif.c: + Fix memory leak if the last line is folded. Fixes issue 30080 by + ClusterFuzz-External + [404f38aa19a6] + + * INSTALL, configure, configure.ac: + Add --disable-leaks configure option. This enables the extra freeing + of memory before exit also enabled by --enable-asan. To be used by + oss-fuzz. + [faddd42273a4] + + * plugins/sudoers/gentime.c: + Stricter parsing of generalized time. Fixes potential out of bounds + read found by libfuzzer/oss-fuzz. + [4548e29ea5e0] + +2021-01-29 Todd C. Miller + + * plugins/sudoers/parse_ldif.c: + Don't bother calling ldif_to_sudoers() if there are no roles to + convert. + [242394d46fb1] + + * lib/iolog/iolog_json.c: + In json_stack_push() treat stack exhaustion like memory allocation + failure. Return NULL instead of treating as a fatal error. This + should make life a little easier for oss-fuzz. + [84c7c3b7971a] + + * plugins/sudoers/sudoers.c: + Update comment about return values for resolve_host(). + [0e92fe582db1] + + * plugins/sudoers/logging.c, plugins/sudoers/policy.c: + Fix NO_ROOT_MAILER, broken by the eventlog refactor in sudo 1.9.4. + init_eventlog_config() is called immediately after initializing the + Defaults settings, which is before struct sudo_user is setup. This + adds a call to eventlog_set_mailuid() if NO_ROOT_MAILER is defined + after the invoking user is determined. Reported by Roman Fiedler. + [e0d4f196ba02] + +2021-01-28 Todd C. Miller + + * MANIFEST: + Add plugins/sudoers/strvec_join.c + [1dfeb8ab9fdb] + + * plugins/sudoers/strvec_join.c, plugins/sudoers/sudoers.c: + Fix compilation on systems without a native strlcpy() function. + [7b28feb4350a] + + * logsrvd/logsrvd.c, logsrvd/sendlog.c: + Break up the long help string into multiple printf() statements. AIX + xlc compiler doesn't like cpp directives in between strings. Also + fixes a complaint from cppcheck and makes translation easier. + [e55b4061f598] + + * plugins/sudoers/regress/unescape/check_unesc.c, + plugins/sudoers/strvec_join.c, plugins/sudoers/sudoers.h: + strvec_join: free result on error and actually use separator char + [801546807a8a] + +2021-01-27 Todd C. Miller + + * plugins/sudoers/Makefile.in, + plugins/sudoers/regress/unescape/check_unesc.c: + Test strvec_join() using strlcpy_unesc(). Emulates an overflow like: + sudoedit -s '\' `perl -e 'print "A" x 65536'` + [8d9a063adde5] + + * plugins/sudoers/Makefile.in, plugins/sudoers/strvec_join.c, + plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h: + Refactor code to flatten an argument vector into a string. This is + used when building up the user_args string. + [a6ae655d91a1] + + * MANIFEST, plugins/sudoers/Makefile.in, + plugins/sudoers/regress/unescape/check_unesc.c, + plugins/sudoers/strlcpy_unesc.c, plugins/sudoers/sudoers.c, + plugins/sudoers/sudoers.h: + Add strlcpy_unescape() function to undo escaping from front-end. + Includes unit test. + [abfaa390d275] + + * plugins/sudoers/parse_ldif.c: + Add missing check for reallocarray() failure. Found by OSS-Fuzz. + [fcda06966ed7] + +2021-01-26 Todd C. Miller + + * plugins/python/pyhelpers.c, plugins/python/pyhelpers.h, + plugins/python/python_convmessage.c, + plugins/python/sudo_python_module.c: + Remove Py_SSIZE2SIZE to quiet cppcheck warnings. Tuple size cannot + be negative and we already handle the case where it is zero. + [d6ec5e558a0e] + + * src/parse_args.c: + The program name may now only be "sudo" or "sudoedit". We no longer + need to check for any string that ends in "edit". + [caed524c6ba0] + 2021-01-23 Todd C. Miller * .hgtags: Added tag SUDO_1_9_5p2 for changeset 83685ffbc4df - [74a2ddc3e4a4] [tip] <1.9> + [74a2ddc3e4a4] <1.9> * Merge sudo 1.9.5p2 from tip [83685ffbc4df] [SUDO_1_9_5p2] <1.9> @@ -448,6 +6247,13 @@ Set sudoers_audit.close to NULL if not using a log server. [231abb92a3b2] +2020-12-08 Todd C. Miller + + * config.guess, config.h.in, config.sub, configure, configure.ac: + Regenerate configure script with autoconf 2.71. Also fix some + warnings from the new version. + [cd1c7615e861] + 2020-12-07 Todd C. Miller * config.h.in, configure, configure.ac, src/sudo.c: diff -Nru sudo-1.9.5p2/INSTALL sudo-1.9.9/INSTALL --- sudo-1.9.5p2/INSTALL 2020-12-17 01:33:43.000000000 +0000 +++ sudo-1.9.9/INSTALL 1970-01-01 00:00:00.000000000 +0000 @@ -1,947 +0,0 @@ -Sudo installation instructions -============================== - -Sudo uses a `configure' script to probe the capabilities and type -of the system in question. In this release, `configure' takes many -more options than it did before. Please read this document fully -before configuring and building sudo. You may also wish to read the -file INSTALL.configure which explains more about the `configure' script. - -System requirements -=================== - -To build sudo from the source distribution you need a POSIX-compliant -operating system (any modern version of BSD, Linux or Unix should work), -an ANSI/ISO C compiler that supports the "long long" type, variadic -macros (a C99 feature) as well as the ar, make and ranlib utilities. - -If you wish to modify the parser then you will need flex version -2.5.2 or later and either bison or byacc (sudo comes with a -pre-generated parser). You'll also have to run configure with the ---with-devel option or pass DEVEL=1 to make. You can get flex from -http://flex.sourceforge.net/. You can get GNU bison from -ftp://ftp.gnu.org/pub/gnu/bison/ or any GNU mirror. - -Simple sudo installation -======================== - -For most systems and configurations it is possible simply to: - - 0) If you are upgrading from a previous version of sudo - please read the info in the doc/UPGRADE file before proceeding. - - 1) Read the `OS dependent notes' section for any particular - "gotchas" relating to your operating system. - - 2) `cd' to the source or build directory and type `./configure' - to generate a Makefile and config.h file suitable for building - sudo. Before you actually run configure you should read the - `Available configure options' section to see if there are - any special options you may want or need. - - 4) Type `make' to compile sudo. If you are building sudo - in a separate build tree (apart from the sudo source) GNU - make will probably be required. If `configure' did its job - properly (and you have a supported configuration) there won't - be any problems. If this doesn't work, take a look at the - doc/TROUBLESHOOTING file for tips on what might have gone - wrong. Please mail us if you have a fix or if you are unable - to come up with a fix (address at EOF). - - 5) Type `make install' (as root) to install sudo, visudo, the - man pages, and a skeleton sudoers file. Note that the install - will not overwrite an existing sudoers file. You can also - install various pieces the package via the install-binaries, - install-doc, and install-sudoers make targets. - - 6) Edit the sudoers file with `visudo' as necessary for your - site. You will probably want to refer the example sudoers - file and sudoers man page included with the sudo package. - - 7) If you want to use syslogd(8) to do the logging, you'll need - to update your /etc/syslog.conf file. See the example syslog.conf - file included in the distribution for an example. - -Available configure options -=========================== - -This section describes flags accepted by the sudo's `configure' script. -Defaults are listed in brackets after the description. - -Configuration: - --cache-file=FILE - Cache test results in FILE - - --config-cache, -C - Alias for `--cache-file=config.cache' - - --help, -h - Print the usage/help info - - --no-create, -n - Do not create output files - - --quiet, --silent, -q - Do not print `checking...' messages - - --srcdir=DIR - Find the sources in DIR [configure dir or `..'] - -Directory and file names: - --prefix=PREFIX - Install architecture-independent files in PREFIX. [/usr/local] - - --exec-prefix=EPREFIX - Install architecture-dependent files in EPREFIX. - This includes the executables and plugins. [same as PREFIX] - - --bindir=DIR - Install `sudo', `sudoedit' and `sudoreplay' in DIR. [EPREFIX/bin] - - --sbindir=DIR - Install `visudo' in DIR. [EPREFIX/sbin] - - --libexecdir=DIR - Install plugins and helper programs in DIR/sudo [PREFIX/libexec/sudo] - - --sysconfdir=DIR - Look for `sudo.conf' and `sudoers' files in DIR. [/etc] - - --includedir=DIR - Install sudo_plugin.h include file in DIR [PREFIX/include] - - --datarootdir=DIR - Root directory for platform-independent data files [PREFIX/share] - - --localedir=DIR - Install sudo and sudoers locale files in DIR [DATAROOTDIR/locale] - - --mandir=DIR - Install man pages in DIR [PREFIX/man] - - --docdir=DIR - Install other sudo documentation in DIR [DATAROOTDIR/doc/sudo] - - --with-exampledir=DIR - Install sudo example files in DIR [DATAROOTDIR/doc/sudo/examples] - - --with-plugindir=DIR - The directory that sudo looks in to find the policy and I/O - logging plugins. Defaults to the LIBEXEC/sudo. - - --with-rundir=DIR - The directory to be used for sudo-specific files that do - not survive a system reboot. This is typically where the - time stamp directory is located. By default, configure - will choose from the following list: - /run/sudo /var/run/sudo, /var/db/sudo, /var/lib/sudo, - /var/adm/sudo, /usr/adm/sudo - This directory should be cleared when the system reboots. - On systems that lack /run or /var/run, the default rundir and - vardir may be the same. In this case, only the ts directory - inside the rundir needs to be cleared at boot time. - - --with-vardir=DIR - The directory to be used for sudo-specific files that survive - a system reboot. This is typically where the lecture status - directory is stored. By default, configure will choose - from the following list: - /var/db/sudo, /var/lib/sudo, /var/adm/sudo, /usr/adm/sudo - This directory should *not* be cleared when the system boots. - - --with-tzdir=DIR - The directory to the system's time zone data files. This - is only used when sanitizing the TZ environment variable - to allow for fully-qualified paths in TZ. By default, - configure will look for an existing "zoneinfo" directory - in the following locations: - /usr/share /usr/share/lib /usr/lib /etc - If no zoneinfo directory is found, the TZ variable may not - contain a fully-qualified path. - -Compilation options: - --disable-hardening - Disable the use of compiler/linker exploit mitigation options - which are enabled by default. This includes compiling with - _FORTIFY_SOURCE defined to 2, building with -fstack-protector - and linking with -zrelro, where supported. - - --enable-asan - Enable the use of AddressSanitizer if supported by the - compiler. This can help detect common problems such as - buffer overflows and user after free bugs as well as behavior - undefined by the C standard. For more information see - https://github.com/google/sanitizers/wiki/AddressSanitizer - The following compiler flag is used: -fsanitize=address,undefined - - This option should only be used for testing and not in a - production environment. Due to AddressSanitizer's unchecked - use of environment variables, it is trivial to exploit a - setuid root executable such as sudo. - - --enable-pie - Build sudo and related programs as as a position independent - executables (PIE). This improves the effectiveness of address - space layout randomization (ASLR) on systems that support it. - Sudo will create PIE binaries by default on Linux systems. - - --disable-pie - Disable the creation of position independent executables (PIE), - even if the compiler creates PIE binaries by default. This - option may be needed on some Linux systems where PIE binaries - are not fully supported. - - --disable-poll - Use select() instead of poll() in the event loop. By default, - sudo will use poll() on systems that support it. Some systems - have a broken poll() implementation and need to use select instead. - On Mac OS X, select() is always used since its poll() doesn't - support devices. - - --disable-rpath - By default, configure will use -Rpath in addition to -Lpath - when passing library paths to the loader. This option will - disable the use of -Rpath. - - --disable-shared - Disable dynamic shared object support. By default, sudo - is built with a plugin API capable of loading arbitrary - policy and I/O logging plugins. If the --disable-shared - option is specified, this support is disabled and the default - sudoers policy and I/O plugins are embedded in the sudo - binary itself. This will also disable the noexec option - as it too relies on dynamic shared object support. - - --disable-shared-libutil - Disable the use of the dynamic libsudo_util library. By - default, sudo, the sudoers plugin and the associated sudo - utilities are linked against a shared version of libsudo_util. - If the --disable-shared-libutil option is specified, a - static version of the libsudo_util library will be used - instead. This option may only be used in conjunction with - the --enable-static-sudoers option. - - --enable-static-sudoers - By default, the sudoers plugin is built and installed as a - dynamic shared object. When the --enable-static-sudoers - option is specified, the sudoers plugin is compiled directly - into the sudo binary. Unlike --disable-shared, this does - not prevent other plugins from being used and the noexec - option will continue to function. - - --enable-tmpfiles.d=DIR - Set the directory to be used when installing the sudo - tmpfiles.d file. This is used to create (or clear) the - sudo time stamp directory on operating systems that use - systemd. If this option is not specified, configure will - use the /usr/lib/tmpfiles.d directory if the file - /usr/lib/tmpfiles.d/systemd.conf exists. - - --enable-zlib[=location] - Enable the use of the zlib compress library when storing - I/O log files. If specified, location is the base directory - containing the zlib include and lib directories. The special - values "system", "builtin", "shared" and "static" can be - used to indicate that the system version of zlib should be - used or that the version of zlib shipped with sudo should - be used instead. If "static" is specified, sudo will - statically link the builtin zlib and not install it. If - this option is not specified, configure will use the system - zlib if it is present, falling back on the sudo version. - - --with-incpath=DIR - Adds the specified directory (or directories) to CPPFLAGS - so configure and the compiler will look there for include - files. Multiple directories may be specified as long as - they are space separated. - E.g. --with-incpath="/usr/local/include /opt/include" - - --with-libpath=DIR - Adds the specified directory (or directories) to LDFLAGS - so configure and the compiler will look there for libraries. - Multiple directories may be specified as with --with-incpath. - - --with-libraries=LIBRARY - Adds the specified library (or libraries) to SUDO_LIBS and - and VISUDO_LIBS so sudo will link against them. If the - library doesn't start with `-l' or end in `.a' or `.o' a - `-l' will be pre-pended to it. Multiple libraries may be - specified as long as they are space separated. - - --with-libtool=PATH - By default, sudo will use the included version of libtool - to build shared libraries. The --with-libtool option can - be used to specify a different version of libtool to use. - The special values "system" and "builtin" can be used in - place of a path to denote the default system libtool (obtained - via the user's PATH) and the default libtool that comes - with sudo. - -Optional features: - --disable-root-mailer - By default sudo will run the mailer as root when tattling - on a user so as to prevent that user from killing the mailer. - With this option, sudo will run the mailer as the invoking - user which some people consider to be safer. - - --enable-nls[=location] - Enable natural language support using the gettext() family - of functions. If specified, location is the base directory - containing the libintl include and lib directories. If - this option is not specified, configure will look for the - gettext() family of functions in the standard C library - first, then check for a standalone libintl (linking with - libiconv as needed). - - --disable-nls - Disable natural language support. By default, sudo will - use the gettext() family of functions, if available, to - implement messages in the invoking user's native language. - Note that translations do not exist for all languages. - - --with-ldap[=DIR] - Enable LDAP support. If specified, DIR is the base directory - containing the LDAP include and lib directories. Please see - README.LDAP for more information. - - --with-ldap-conf-file=PATH - Path to LDAP configuration file. If specified, sudo reads - this file instead of /etc/ldap.conf to locate the LDAP server. - - --with-ldap-secret-file=PATH - Path to LDAP secret password file. If specified, sudo uses - this file instead of /etc/ldap.secret to read the secret password - when rootbinddn is specified in the ldap config file. - - --disable-sasl - Disable SASL authentication for LDAP. By default, sudo - will compile in support for SASL authentication if the - ldap_sasl_interactive_bind_s() function is present in the - LDAP libraries. - - --with-logincap - This adds support for login classes specified in /etc/login.conf. - It is enabled by default on BSD/OS, Darwin, FreeBSD, OpenBSD and - NetBSD (where available). By default, a login class is not applied - unless the 'use_loginclass' option is defined in sudoers or the user - specifies a class on the command line. - - --with-interfaces=no, --without-interfaces - This option keeps sudo from trying to glean the ip address - from each attached network interface. It is only useful - on a machine where sudo's interface reading support does - not work, which may be the case on some SysV-based OS's - using STREAMS. - - --with-noexec[=PATH] - Enable support for the "noexec" functionality which prevents - a dynamically-linked program being run by sudo from executing - another program (think shell escapes). Please see the - "PREVENTING SHELL ESCAPES" section in the sudoers man page - for details. If specified, PATH should be a fully qualified - path name, e.g. /usr/local/libexec/sudo/sudo_noexec.so. If PATH - is "no", noexec support will not be compiled in. The default - is to compile noexec support if libtool supports building - shared objects on your OS. - - --with-selinux - Enable support for role based access control (RBAC) on - systems that support SELinux. - - --with-sssd - Enable support for using the System Security Services Daemon - (SSSD) as a sudoers data source. For more information on - SSD, see http://fedorahosted.org/sssd/ - - --with-sssd-conf=PATH - Specify the path to the SSSD configuration file, if different - from the default value of /etc/sssd/sssd.conf. - - --with-sssd-lib=PATH - Specify the path to the SSSD shared library, which is loaded - at run-time. - - --enable-offensive-insults - Enable potentially offensive sudo insults from the classic - version of sudo. - - --enable-pvs-studio - Generate a sample PVS-Studio.cfg file based on the compiler and - platform type. The "pvs-studio" Makefile target can then be - used if PVS-Studio is installed. - - --enable-python - Enable support for sudo plugins written in Python 3. - This requires a Python 3 development environment (including - Python 3 header files). - - --disable-log-server - Disable building the sudo_logsrvd log server. - - --disable-log-client - Disable sudoers support for using the sudo_logsrvd log server. - -Operating system-specific options: - --disable-setreuid - Disable use of the setreuid() function for operating systems - where it is broken. For instance, 4.4BSD has setreuid() that - is not fully functional. - - --disable-setresuid - Disable use of the setresuid() function for operating systems - where it is broken (none currently known). - - --enable-admin-flag - Enable the creation of an Ubuntu-style admin flag file - the first time sudo is run. - - --enable-devsearch=PATH - Set a system-specific search path of directories to look in - for device nodes. Sudo uses this when mapping the process's - tty device number to a device name. The default value is: - /dev/pts:/dev/vt:/dev/term:/dev/zcons:/dev/pty:/dev - - --with-bsm-audit - Enable support for sudo BSM audit logs on systems that support it. - This includes recent versions of FreeBSD, Mac OS X and Solaris. - - --with-linux-audit - Enable audit support for Linux systems. Audits attempts - to run a command as well as SELinux role changes. - - --with-man - Use the "man" macros for manual pages. By default, mdoc versions - of the manuals are installed if supported. This can be used to - override configure's test for "nroff -mdoc" support. - - --with-mdoc - Use the "mdoc" macros for manual pages. By default, mdoc versions - of the manuals are installed if supported. This can be used to - override configure's test for "nroff -mdoc" support. - - --with-netsvc[=PATH] - Path to netsvc.conf or "no" to disable netsvc.conf support. - If specified, sudo uses this file instead of /etc/netsvc.conf - on AIX systems. If netsvc support is disabled but LDAP is - enabled, sudo will check LDAP first, then the sudoers file. - - --with-nsswitch[=PATH] - Path to nsswitch.conf or "no" to disable nsswitch support. - If specified, sudo uses this file instead of /etc/nsswitch.conf. - If nsswitch support is disabled but LDAP is enabled, sudo will - check LDAP first, then the sudoers file. - - --with-project - Enable support for Solaris project resource limits. - This option is only available on Solaris 9 and above. - -Authentication options: - --with-AFS - Enable AFS support with Kerberos authentication. Should work under - AFS 3.3. If your AFS doesn't have -laudit you should be able to - link without it. - - --with-aixauth - Enable support for the AIX general authentication function. - This will use the authentication scheme specified for the - user on the machine. By default, sudo will use either AIX - authentication or PAM depending on the value of the auth_type - setting in the /etc/security/login.cfg file. - - --with-bsdauth - Enable support for BSD authentication. This is the default - for BSD/OS and OpenBSD systems that support it. - It is not possible to mix BSD authentication with other - authentication methods (and there really should be no need - to do so). Note that only the newer BSD authentication API - is supported. If you don't have /usr/include/bsd_auth.h - then you cannot use this. - - --with-DCE - Enable DCE support for systems without PAM. Known to work on - HP-UX 9.X, 10.X, and 11.0; other systems may require source - code and/or `configure' changes. On systems with PAM support - (such as HP-UX 11.0 and higher, Solaris, FreeBSD and Linux), the - DCE PAM module (usually libpam_dce) should be used instead. - - --with-fwtk[=DIR] - Enable TIS Firewall Toolkit (FWTK) 'authsrv' support. If specified, - DIR is the base directory containing the compiled FWTK package - (or at least the library and header files). - - --with-kerb5[=DIR] - Enable Kerberos V support. If specified, DIR is the base - directory containing the Kerberos V include and lib dirs. - This uses Kerberos pass phrases for authentication but - does not use the Kerberos cookie scheme. Will not work for - Kerberos V older than version 1.1. - - --enable-kerb5-instance=string - By default, the user name is used as the principal name - when authenticating via Kerberos V. If this option is - enabled, the specified instance string will be appended to - the user name (separated by a slash) when creating the - principal name. - - --with-solaris-audit - Enable audit support for Solaris 11 and above. - For older versions of Solaris, use --with-bsm-audit - - --with-opie[=DIR] - Enable NRL OPIE OTP (One Time Password) support. If specified, - DIR should contain include and lib directories with opie.h - and libopie.a respectively. - - --with-otp-only - This option is now just an alias for --without-passwd. - - --with-pam - Enable PAM support. This is on by default for Darwin, FreeBSD, - Linux, Solaris and HP-UX (version 11 and higher). - - NOTE: on RedHat Linux and Fedora you *must* have an /etc/pam.d/sudo - file install. You may either use the example pam.conf file included - with sudo or use /etc/pam.d/su as a reference. The pam.conf file - included with sudo may or may not work with other Linux distributions. - On Solaris and HP-UX 11 systems you should check (and understand) - the contents of /etc/pam.conf. Do a "man pam.conf" for more - information and consider using the "debug" option, if available, - with your PAM libraries in /etc/pam.conf to obtain syslog output - for debugging purposes. - - --with-pam-login - Enable a specific PAM session when sudo is given the -i option. - This changes the PAM service name when sudo is run with the -i - option from "sudo" to "sudo-i", allowing for a separate pam - configuration for sudo's initial login mode. - - --disable-pam-session - Disable sudo's PAM session support. This may be needed on - older PAM implementations or on operating systems where - opening a PAM session changes the utmp or wtmp files. If - PAM session support is disabled, resource limits may not - be updated for the command being run. - - --with-passwd=no, --without-passwd - This option excludes authentication via the passwd (or - shadow) file. It should only be used when another, alternative, - authentication scheme is in use. - - --with-SecurID[=DIR] - Enable SecurID support. If specified, DIR is directory containing - libaceclnt.a, acexport.h, and sdacmvls.h. - - --with-skey[=DIR] - Enable S/Key OTP (One Time Password) support. If specified, - DIR should contain include and lib directories with skey.h - and libskey.a respectively. - - --disable-sia - Disable SIA support. This is the "Security Integration - Architecture" on Digital UNIX. If you disable SIA sudo will - use its own authentication routines. - - --disable-shadow - Disable shadow password support. Normally, sudo will compile - in shadow password support and use a shadow password if it - exists. - - --enable-gss-krb5-ccache-name - Use the gss_krb5_ccache_name() function to set the Kerberos - V credential cache file name. By default, sudo will use - the KRB5CCNAME environment variable to set this. While - gss_krb5_ccache_name() provides a better API to do this it - is not supported by all Kerberos V and SASL combinations. - - --enable-gcrypt[=DIR] - Use GNU crypt's SHA-2 message digest functions instead of the - ones bundled with sudo (or in the system's C library). - If specified, DIR should contain the GNU crypt include and - lib directories. This option is ignored when the - --enable-openssl option is also specified. - - --enable-openssl[=DIR] - Use OpenSSL's TLS and SHA-2 message digest functions. - By default, sudo does not support TLS and will use either its - own SHA-2 functions or the ones in the system's C library. - If specified, DIR should contain the OpenSSL include and - lib directories. - -Development options: - --enable-env-debug - Enable debugging of the environment setting functions. This - enables extra checks to make sure the environment does not - become corrupted. - - --enable-warnings - Enable compiler warnings when building sudo with gcc or clang. - - --enable-werror - Enable the -Werror compiler option when building sudo with - gcc or clang. - - --with-devel - Configure development options. This will enable compiler warnings - and set up the Makefile to be able to regenerate the sudoers parser - as well as the manual pages. - - --with-efence - Link with the "electric fence" debugging malloc. - -Options that set runtime-changeable default values: - --disable-authentication - By default, sudo requires the user to authenticate via a - password or similar means. This options causes sudo to - *not* require authentication. It is possible to turn - authentication back on in sudoers via the PASSWD attribute. - Sudoers option: !authenticate - - --disable-env-reset - Disable environment resetting. This sets the default value - of the "env_reset" Defaults option in sudoers to false. - Sudoers option: !env_reset - - --disable-path-info - Normally, sudo will tell the user when a command could not be found - in their $PATH. Some sites may wish to disable this as it could - be used to gather information on the location of executables that - the normal user does not have access to. The disadvantage is that - if the executable is simply not in the user's path, sudo will tell - the user that they are not allowed to run it, which can be confusing. - Sudoers option: path_info - - --disable-root-sudo - Don't let root run sudo. This can be used to prevent people from - "chaining" sudo commands to get a root shell by doing something - like "sudo sudo /bin/sh". - Sudoers option: !root_sudo - - --disable-zlib - Disable the use of the zlib compress library when storing - I/O log files. - Sudoers option: !compress_io - - --enable-log-host - Log the hostname in the log file. - Sudoers option: log_host - - --enable-noargs-shell - If sudo is invoked with no arguments it acts as if the "-s" flag had - been given. That is, it runs a shell as root (the shell is determined - by the SHELL environment variable, falling back on the shell listed - in the invoking user's /etc/passwd entry). - Sudoers option: shell_noargs - - --enable-shell-sets-home - If sudo is invoked with the "-s" flag the HOME environment variable - will be set to the home directory of the target user (which is root - unless the "-u" option is used). This option effectively makes the - "-s" flag imply "-H". - Sudoers option: set_home - - --enable-timestamp-type=TYPE - Set the default time stamp record type. The TYPE may be "global" - (a single record per user), "ppid" (a single record for process - with the same parent process), or "tty" (a separate record for - each login session). The default is "tty". - Sudoers option: timestamp_type - - --with-all-insults - Include all the insult sets listed below. You must either specify - --with-insults or enable insults in the sudoers file for this to - have any effect. - - --with-askpass=PATH - Set PATH as the "askpass" program to use when no tty is - available. Typically, this is a graphical password prompter, - similar to the one used by ssh. The program must take a - prompt as an argument and print the received password to - the standard output. This value may overridden at run-time - in the sudo.conf file. - - --with-badpass-message="BAD PASSWORD MESSAGE" - Message that is displayed if a user enters an incorrect password. - The default is "Sorry, try again." unless insults are turned on. - Sudoers option: badpass_message - - --with-badpri=PRIORITY - Determines which syslog priority to log unauthenticated - commands and errors. The following priorities are supported: - alert, crit, debug, emerg, err, info, notice, and warning. - Sudoers option: syslog_badpri - - --with-classic-insults - Uses insults from sudo "classic." If you just specify --with-insults - you will get the classic and CSOps insults. This is on by default if - --with-insults is given. - - --with-csops-insults - Insults the user with an extra set of insults (some quotes, some - original) from a sysadmin group at CU (CSOps). You must specify - --with-insults as well for this to have any effect. This is on by - default if --with-insults is given. - - --with-editor=PATH - Specify the default editor path for use by visudo. This may be a - single path name or a colon-separated list of editors. In the latter - case, visudo will choose the editor that matches the user's SUDO_EDITOR, - VISUAL or EDITOR environment variable, or the first editor in the list - that exists. The default is the path to vi on your system. - Sudoers option: editor - - --with-env-editor=no, --without-env-editor - By default, visudo will consult the SUDO_EDITOR, VISUAL and EDITOR - environment variables before falling back on the default editor list - (as specified by --with-editor). visudo is typically run as root so - this option may allow a user with visudo privileges to run arbitrary - commands as root without logging. Some sites may with to disable this - and use a colon-separated list of "safe" editors with the --with-editor - option. visudo will then only use the SUDO_EDITOR, VISUAL or EDITOR - variables if they match a value specified via --with-editor. - Sudoers option: env_editor - - --with-exempt=GROUP - Users in the specified group don't need to enter a password when - running sudo. This may be useful for sites that don't want their - "core" sysadmins to have to enter a password but where Jr. sysadmins - need to. You should probably use NOPASSWD in sudoers instead. - Sudoers option: exempt_group - - --with-fqdn - Define this if you want to put fully qualified host names in the sudoers - file. Ie: instead of myhost you would use myhost.mydomain.edu. You may - still use the short form if you wish (and even mix the two). Beware - that turning FQDN on requires sudo to make DNS lookups which may make - sudo unusable if your DNS is totally hosed. Also note that you must - use the host's official name as DNS knows it. That is, you may not use - a host alias (CNAME entry) due to performance issues and the fact that - there is no way to get all aliases from DNS. - Sudoers option: fqdn - - --with-goodpri=PRIORITY - Determines which syslog priority to log successfully - authenticated commands. The following priorities are - supported: alert, crit, debug, emerg, err, info, notice, - and warning. - Sudoers option: syslog_goodpri - - --with-python-insults - Insults the user with lines from "Monty Python's Flying Circus" when an - incorrect password is entered. You must either specify --with-insults or - enable insults in the sudoers file for this to have any effect. - - --with-goons-insults - Insults the user with lines from the "Goon Show" when an incorrect - password is entered. You must either specify --with-insults or - enable insults in the sudoers file for this to have any effect. - - --with-hal-insults - Uses 2001-like insults when an incorrect password is entered. - You must either specify --with-insults or enable insults in the - sudoers file for this to have any effect. - - --with-ignore-dot - If set, sudo will ignore '.' or '' (current dir) in $PATH. - The $PATH itself is not modified. - Sudoers option: ignore_dot - - --with-insults - Define this if you want to be insulted for typing an incorrect password - just like the original sudo(8). This is off by default. - Sudoers option: insults - - --with-insults=disabled - Include support for insults but disable them unless explicitly - enabled in sudoers. - Sudoers option: !insults - - --with-iologdir[=DIR] - By default, sudo stores I/O log files in either /var/log/sudo-io, - /var/adm/sudo-io, or /usr/log/sudo-io. If this option is - specified, I/O logs will be stored in the indicated directory - instead. - Sudoers option: iolog_dir - - --with-lecture=no, --without-lecture - Don't print the lecture the first time a user runs sudo. - Sudoers option: !lecture - - --with-logfac=FACILITY - Determines which syslog facility to log to. This requires - a 4.3BSD or later version of syslog. You can still set - this for ancient syslogs but it will have no effect. The - following facilities are supported: authpriv (if your OS - supports it), auth, daemon, user, local0, local1, local2, - local3, local4, local5, local6, and local7. - Sudoers option: syslog - - --with-logging=TYPE - How you want to do your logging. You may choose "syslog", - "file", or "both". Setting this to "syslog" is nice because - you can keep all of your sudo logs in one place (see the - example syslog.conf file). The default is "syslog". - Sudoers options: syslog and logfile - - --with-loglen=NUMBER - Number of characters per line for the file log. This is only used if - you are to "file" or "both". This value is used to decide when to wrap - lines for nicer log files. The default is 80. Setting this to 0 - will disable the wrapping. - Sudoers options: loglinelen - - --with-logpath=PATH - Override the default location of the sudo log file and use - "path" instead. By default will use /var/log/sudo.log if - there is a /var/log dir, falling back to /var/adm/sudo.log - or /usr/adm/sudo.log if not. - Sudoers option: logfile - - --with-long-otp-prompt - When validating with a One Time Password scheme (S/Key or - OPIE), a two-line prompt is used to make it easier to cut - and paste the challenge to a local window. It's not as - pretty as the default but some people find it more convenient. - Sudoers option: long_otp_prompt - - --with-mail-if-no-user=no, --without-mail-if-no-user - Normally, sudo will mail to the "alertmail" user if the user invoking - sudo is not in the sudoers file. This option disables that behavior. - Sudoers option: mail_no_user - - --with-mail-if-no-host - Send mail to the "alermail" user if the user exists in the sudoers - file, but is not allowed to run commands on the current host. - Sudoers option: mail_no_host - - --with-mail-if-noperms - Send mail to the "alermail" user if the user is allowed to use sudo but - the command they are trying is not listed in their sudoers file entry. - Sudoers option: mail_no_perms - - --with-mailsubject="SUBJECT OF MAIL" - Subject of the mail sent to the "mailto" user. The token "%h" - will expand to the hostname of the machine. - Default is "*** SECURITY information for %h ***". - Sudoers option: mailsub - - --with-mailto=USER|MAIL_ALIAS - User (or mail alias) that mail from sudo is sent to. - This should go to a sysadmin at your site. The default is "root". - Sudoers option: mailto - - --with-passprompt="PASSWORD PROMPT" - Default prompt to use when asking for a password; can be overridden - via the -p option and the SUDO_PROMPT environment variable. Supports - the "%H", "%h", "%U" and "%u" escapes as documented in the sudo - manual page. The default value is "Password:". - Sudoers option: passprompt - - --with-password-timeout=NUMBER - Number of minutes before the sudo password prompt times out. - The default is 5, set this to 0 for no password timeout. - Sudoers option: passwd_timeout - - --with-passwd-tries=NUMBER - Number of tries a user gets to enter his/her password before sudo logs - the failure and exits. The default is 3. - Sudoers option: passwd_tries - - --with-runas-default=USER - The default user to run commands as if the -u flag is not specified - on the command line. This defaults to "root". - Sudoers option: runas_default - - --with-secure-path[=PATH] - Path used for every command run from sudo(8). If you don't trust - users to have a reasonable PATH environment variable you may want - to use this. Another use is if you want to have the "root path" - be separate from the "user path." You will need to customize the - path for your site. NOTE: this is not applied to users in the group - specified by --with-exemptgroup. If you do not specify a path, - "/bin:/usr/ucb:/usr/bin:/usr/sbin:/sbin:/usr/etc:/etc" is used. - Sudoers option: secure_path - - --with-sendmail=PATH - Override configure's guess as to the location of sendmail. - Sudoers option: mailerpath - - --with-sendmail=no, --without-sendmail - Do not use sendmail to mail messages to the "mailto" user. - Use only if you don't run sendmail or the equivalent. - Sudoers options: !mailerpath or !mailto - - --with-sudoers-mode=MODE - File mode for the sudoers file (octal). Note that if you - wish to NFS-mount the sudoers file this must be group - readable. This value may overridden at run-time in the - sudo.conf file. The default mode is 0440. - - --with-sudoers-uid=UID - User id that "owns" the sudoers file. Note that this is - the numeric id, *not* the symbolic name. This value may - overridden at run-time in the sudo.conf file. The default - is 0. - - --with-sudoers-gid=GID - Group id that "owns" the sudoers file. Note that this is - the numeric id, *not* the symbolic name. This value may - overridden at run-time in the sudo.conf file. The default - is 0. - - --with-timeout=NUMBER - Number of minutes that can elapse before sudo will ask for a passwd - again. The default is 5, set this to 0 to always prompt for a password. - Sudoers option: timestamp_timeout - - --with-umask=MASK - Umask to use when running the root command. The default is 0022. - Sudoers option: umask - - --with-umask=no, --without-umask - Preserves the umask of the user invoking sudo. - Sudoers option: !umask - - --with-umask-override - Use the umask specified in sudoers even if it is less restrictive - than the user's. The default is to use the intersection of the - user's umask and the umask specified in sudoers. - Sudoers option: umask_override - -OS dependent notes -================== - -HP-UX: - The default C compiler shipped with HP-UX is not an ANSI compiler. - You must use either the HP ANSI C compiler or gcc to build sudo. - Binary packages of gcc are available from http://hpux.connect.org.uk/. - - To prevent PAM from overriding the value of umask on HP-UX 11, - you will need to add a line like the following to /etc/pam.conf: - - sudo session required libpam_hpsec.so.1 bypass_umask - -Linux: - PAM and LDAP headers are not installed by default on most Linux - systems. You will need to install the "pam-dev" (rpm) or - libpam0g-dev (deb) package if /usr/include/security/pam_appl.h - is not present on your system. If you wish to build with LDAP - support you will also need the "openldap-devel" (rpm) or - "libldap2-dev" (deb) package. - -Mac OS X: - The pseudo-tty support in the Mac OS X kernel has bugs related - to its handling of the SIGTSTP, SIGTTIN and SIGTTOU signals. - It does not restart reads and writes when those signals are - delivered. This may cause problems for some commands when I/O - logging is enabled. The issue has been reported to Apple and - is bug id #7952709. - -Solaris: - You need to have a C compiler in order to build sudo. Since - Solaris does not come with one by default this means that you - either need to either install the Solaris Studio compiler suite, - available for free from www.oracle.com, or install the GNU C - compiler (gcc) which is can be installed via the pkg utility - on Solaris 11 and higher and is distributed on the Solaris - Companion CD for older Solaris releases. You can also download - gcc packages from http://www.opencsw.org/packages/CSWgcc4core/ diff -Nru sudo-1.9.5p2/INSTALL.configure sudo-1.9.9/INSTALL.configure --- sudo-1.9.5p2/INSTALL.configure 2020-12-17 01:33:43.000000000 +0000 +++ sudo-1.9.9/INSTALL.configure 2022-01-27 21:24:22.000000000 +0000 @@ -1,8 +1,8 @@ Installation Instructions ************************* -Copyright (C) 1994, 1995, 1996, 1999, 2000, 2001, 2002, 2004, 2005, -2006, 2007, 2008, 2009, 2010 Free Software Foundation, Inc. + Copyright (C) 1994-1996, 1999-2002, 2004-2016 Free Software +Foundation, Inc. Copying and distribution of this file, with or without modification, are permitted in any medium without royalty provided the copyright @@ -12,97 +12,96 @@ Basic Installation ================== - Briefly, the shell commands `./configure; make; make install' should -configure, build, and install this package. The following -more-detailed instructions are generic; see the `README' file for + Briefly, the shell command './configure && make && make install' +should configure, build, and install this package. The following +more-detailed instructions are generic; see the 'README' file for instructions specific to this package. Some packages provide this -`INSTALL' file but do not implement all of the features documented +'INSTALL' file but do not implement all of the features documented below. The lack of an optional feature in a given package is not necessarily a bug. More recommendations for GNU packages can be found in *note Makefile Conventions: (standards)Makefile Conventions. - The `configure' shell script attempts to guess correct values for + The 'configure' shell script attempts to guess correct values for various system-dependent variables used during compilation. It uses -those values to create a `Makefile' in each directory of the package. -It may also create one or more `.h' files containing system-dependent -definitions. Finally, it creates a shell script `config.status' that +those values to create a 'Makefile' in each directory of the package. +It may also create one or more '.h' files containing system-dependent +definitions. Finally, it creates a shell script 'config.status' that you can run in the future to recreate the current configuration, and a -file `config.log' containing compiler output (useful mainly for -debugging `configure'). +file 'config.log' containing compiler output (useful mainly for +debugging 'configure'). - It can also use an optional file (typically called `config.cache' -and enabled with `--cache-file=config.cache' or simply `-C') that saves -the results of its tests to speed up reconfiguring. Caching is -disabled by default to prevent problems with accidental use of stale -cache files. + It can also use an optional file (typically called 'config.cache' and +enabled with '--cache-file=config.cache' or simply '-C') that saves the +results of its tests to speed up reconfiguring. Caching is disabled by +default to prevent problems with accidental use of stale cache files. If you need to do unusual things to compile the package, please try -to figure out how `configure' could check whether to do them, and mail -diffs or instructions to the address given in the `README' so they can +to figure out how 'configure' could check whether to do them, and mail +diffs or instructions to the address given in the 'README' so they can be considered for the next release. If you are using the cache, and at -some point `config.cache' contains results you don't want to keep, you +some point 'config.cache' contains results you don't want to keep, you may remove or edit it. - The file `configure.ac' (or `configure.in') is used to create -`configure' by a program called `autoconf'. You need `configure.ac' if -you want to change it or regenerate `configure' using a newer version -of `autoconf'. + The file 'configure.ac' (or 'configure.in') is used to create +'configure' by a program called 'autoconf'. You need 'configure.ac' if +you want to change it or regenerate 'configure' using a newer version of +'autoconf'. The simplest way to compile this package is: - 1. `cd' to the directory containing the package's source code and type - `./configure' to configure the package for your system. + 1. 'cd' to the directory containing the package's source code and type + './configure' to configure the package for your system. - Running `configure' might take a while. While running, it prints + Running 'configure' might take a while. While running, it prints some messages telling which features it is checking for. - 2. Type `make' to compile the package. + 2. Type 'make' to compile the package. - 3. Optionally, type `make check' to run any self-tests that come with + 3. Optionally, type 'make check' to run any self-tests that come with the package, generally using the just-built uninstalled binaries. - 4. Type `make install' to install the programs and any data files and + 4. Type 'make install' to install the programs and any data files and documentation. When installing into a prefix owned by root, it is recommended that the package be configured and built as a regular - user, and only the `make install' phase executed with root + user, and only the 'make install' phase executed with root privileges. - 5. Optionally, type `make installcheck' to repeat any self-tests, but + 5. Optionally, type 'make installcheck' to repeat any self-tests, but this time using the binaries in their final installed location. This target does not install anything. Running this target as a - regular user, particularly if the prior `make install' required + regular user, particularly if the prior 'make install' required root privileges, verifies that the installation completed correctly. 6. You can remove the program binaries and object files from the - source code directory by typing `make clean'. To also remove the - files that `configure' created (so you can compile the package for - a different kind of computer), type `make distclean'. There is - also a `make maintainer-clean' target, but that is intended mainly + source code directory by typing 'make clean'. To also remove the + files that 'configure' created (so you can compile the package for + a different kind of computer), type 'make distclean'. There is + also a 'make maintainer-clean' target, but that is intended mainly for the package's developers. If you use it, you may have to get all sorts of other programs in order to regenerate files that came with the distribution. - 7. Often, you can also type `make uninstall' to remove the installed + 7. Often, you can also type 'make uninstall' to remove the installed files again. In practice, not all packages have tested that uninstallation works correctly, even though it is required by the GNU Coding Standards. - 8. Some packages, particularly those that use Automake, provide `make + 8. Some packages, particularly those that use Automake, provide 'make distcheck', which can by used by developers to test that all other - targets like `make install' and `make uninstall' work correctly. + targets like 'make install' and 'make uninstall' work correctly. This target is generally not run by end users. Compilers and Options ===================== Some systems require unusual options for compilation or linking that -the `configure' script does not know about. Run `./configure --help' +the 'configure' script does not know about. Run './configure --help' for details on some of the pertinent environment variables. - You can give `configure' initial values for configuration parameters -by setting variables in the command line or in the environment. Here -is an example: + You can give 'configure' initial values for configuration parameters +by setting variables in the command line or in the environment. Here is +an example: ./configure CC=c99 CFLAGS=-g LIBS=-lposix @@ -113,21 +112,21 @@ You can compile the package for more than one kind of computer at the same time, by placing the object files for each architecture in their -own directory. To do this, you can use GNU `make'. `cd' to the +own directory. To do this, you can use GNU 'make'. 'cd' to the directory where you want the object files and executables to go and run -the `configure' script. `configure' automatically checks for the -source code in the directory that `configure' is in and in `..'. This -is known as a "VPATH" build. +the 'configure' script. 'configure' automatically checks for the source +code in the directory that 'configure' is in and in '..'. This is known +as a "VPATH" build. - With a non-GNU `make', it is safer to compile the package for one + With a non-GNU 'make', it is safer to compile the package for one architecture at a time in the source code directory. After you have -installed the package for one architecture, use `make distclean' before +installed the package for one architecture, use 'make distclean' before reconfiguring for another architecture. On macOS 10.5 and later systems, you can create libraries and executables that work on multiple system types--known as "fat" or -"universal" binaries--by specifying multiple `-arch' options to the -compiler but only a single `-arch' option to the preprocessor. Like +"universal" binaries--by specifying multiple '-arch' options to the +compiler but only a single '-arch' option to the preprocessor. Like this: ./configure CC="gcc -arch i386 -arch x86_64 -arch ppc -arch ppc64" \ @@ -136,100 +135,104 @@ This is not guaranteed to produce working output in all cases, you may have to build one architecture at a time and combine the results -using the `lipo' tool if you have problems. +using the 'lipo' tool if you have problems. Installation Names ================== - By default, `make install' installs the package's commands under -`/usr/local/bin', include files under `/usr/local/include', etc. You -can specify an installation prefix other than `/usr/local' by giving -`configure' the option `--prefix=PREFIX', where PREFIX must be an + By default, 'make install' installs the package's commands under +'/usr/local/bin', include files under '/usr/local/include', etc. You +can specify an installation prefix other than '/usr/local' by giving +'configure' the option '--prefix=PREFIX', where PREFIX must be an absolute file name. You can specify separate installation prefixes for architecture-specific files and architecture-independent files. If you -pass the option `--exec-prefix=PREFIX' to `configure', the package uses +pass the option '--exec-prefix=PREFIX' to 'configure', the package uses PREFIX as the prefix for installing programs and libraries. Documentation and other data files still use the regular prefix. In addition, if you use an unusual directory layout you can give -options like `--bindir=DIR' to specify different values for particular -kinds of files. Run `configure --help' for a list of the directories -you can set and what kinds of files go in them. In general, the -default for these options is expressed in terms of `${prefix}', so that -specifying just `--prefix' will affect all of the other directory +options like '--bindir=DIR' to specify different values for particular +kinds of files. Run 'configure --help' for a list of the directories +you can set and what kinds of files go in them. In general, the default +for these options is expressed in terms of '${prefix}', so that +specifying just '--prefix' will affect all of the other directory specifications that were not explicitly provided. The most portable way to affect installation locations is to pass the -correct locations to `configure'; however, many packages provide one or +correct locations to 'configure'; however, many packages provide one or both of the following shortcuts of passing variable assignments to the -`make install' command line to change installation locations without +'make install' command line to change installation locations without having to reconfigure or recompile. The first method involves providing an override variable for each -affected directory. For example, `make install +affected directory. For example, 'make install prefix=/alternate/directory' will choose an alternate location for all directory configuration variables that were expressed in terms of -`${prefix}'. Any directories that were specified during `configure', -but not in terms of `${prefix}', must each be overridden at install -time for the entire installation to be relocated. The approach of -makefile variable overrides for each directory variable is required by -the GNU Coding Standards, and ideally causes no recompilation. -However, some platforms have known limitations with the semantics of -shared libraries that end up requiring recompilation when using this -method, particularly noticeable in packages that use GNU Libtool. - - The second method involves providing the `DESTDIR' variable. For -example, `make install DESTDIR=/alternate/directory' will prepend -`/alternate/directory' before all installation names. The approach of -`DESTDIR' overrides is not required by the GNU Coding Standards, and +'${prefix}'. Any directories that were specified during 'configure', +but not in terms of '${prefix}', must each be overridden at install time +for the entire installation to be relocated. The approach of makefile +variable overrides for each directory variable is required by the GNU +Coding Standards, and ideally causes no recompilation. However, some +platforms have known limitations with the semantics of shared libraries +that end up requiring recompilation when using this method, particularly +noticeable in packages that use GNU Libtool. + + The second method involves providing the 'DESTDIR' variable. For +example, 'make install DESTDIR=/alternate/directory' will prepend +'/alternate/directory' before all installation names. The approach of +'DESTDIR' overrides is not required by the GNU Coding Standards, and does not work on platforms that have drive letters. On the other hand, it does better at avoiding recompilation issues, and works well even -when some directory options were not specified in terms of `${prefix}' -at `configure' time. +when some directory options were not specified in terms of '${prefix}' +at 'configure' time. Optional Features ================= If the package supports it, you can cause programs to be installed -with an extra prefix or suffix on their names by giving `configure' the -option `--program-prefix=PREFIX' or `--program-suffix=SUFFIX'. +with an extra prefix or suffix on their names by giving 'configure' the +option '--program-prefix=PREFIX' or '--program-suffix=SUFFIX'. - Some packages pay attention to `--enable-FEATURE' options to -`configure', where FEATURE indicates an optional part of the package. -They may also pay attention to `--with-PACKAGE' options, where PACKAGE -is something like `gnu-as' or `x' (for the X Window System). The -`README' should mention any `--enable-' and `--with-' options that the + Some packages pay attention to '--enable-FEATURE' options to +'configure', where FEATURE indicates an optional part of the package. +They may also pay attention to '--with-PACKAGE' options, where PACKAGE +is something like 'gnu-as' or 'x' (for the X Window System). The +'README' should mention any '--enable-' and '--with-' options that the package recognizes. - For packages that use the X Window System, `configure' can usually + For packages that use the X Window System, 'configure' can usually find the X include and library files automatically, but if it doesn't, -you can use the `configure' options `--x-includes=DIR' and -`--x-libraries=DIR' to specify their locations. +you can use the 'configure' options '--x-includes=DIR' and +'--x-libraries=DIR' to specify their locations. Some packages offer the ability to configure how verbose the -execution of `make' will be. For these packages, running `./configure +execution of 'make' will be. For these packages, running './configure --enable-silent-rules' sets the default to minimal output, which can be -overridden with `make V=1'; while running `./configure +overridden with 'make V=1'; while running './configure --disable-silent-rules' sets the default to verbose, which can be -overridden with `make V=0'. +overridden with 'make V=0'. Particular systems ================== - On HP-UX, the default C compiler is not ANSI C compatible. If GNU -CC is not installed, it is recommended to use the following options in + On HP-UX, the default C compiler is not ANSI C compatible. If GNU CC +is not installed, it is recommended to use the following options in order to use an ANSI C compiler: ./configure CC="cc -Ae -D_XOPEN_SOURCE=500" and if that doesn't work, install pre-built binaries of GCC for HP-UX. + HP-UX 'make' updates targets which have the same time stamps as their +prerequisites, which makes it generally unusable when shipped generated +files such as 'configure' are involved. Use GNU 'make' instead. + On OSF/1 a.k.a. Tru64, some versions of the default C compiler cannot -parse its `' header file. The option `-nodtk' can be used as -a workaround. If GNU CC is not installed, it is therefore recommended -to try +parse its '' header file. The option '-nodtk' can be used as a +workaround. If GNU CC is not installed, it is therefore recommended to +try ./configure CC="cc" @@ -237,26 +240,26 @@ ./configure CC="cc -nodtk" - On Solaris, don't put `/usr/ucb' early in your `PATH'. This + On Solaris, don't put '/usr/ucb' early in your 'PATH'. This directory contains several dysfunctional programs; working variants of -these programs are available in `/usr/bin'. So, if you need `/usr/ucb' -in your `PATH', put it _after_ `/usr/bin'. +these programs are available in '/usr/bin'. So, if you need '/usr/ucb' +in your 'PATH', put it _after_ '/usr/bin'. - On Haiku, software installed for all users goes in `/boot/common', -not `/usr/local'. It is recommended to use the following options: + On Haiku, software installed for all users goes in '/boot/common', +not '/usr/local'. It is recommended to use the following options: ./configure --prefix=/boot/common Specifying the System Type ========================== - There may be some features `configure' cannot figure out + There may be some features 'configure' cannot figure out automatically, but needs to determine by the type of machine the package will run on. Usually, assuming the package is built to be run on the -_same_ architectures, `configure' can figure that out, but if it prints +_same_ architectures, 'configure' can figure that out, but if it prints a message saying it cannot guess the machine type, give it the -`--build=TYPE' option. TYPE can either be a short name for the system -type, such as `sun4', or a canonical name which has the form: +'--build=TYPE' option. TYPE can either be a short name for the system +type, such as 'sun4', or a canonical name which has the form: CPU-COMPANY-SYSTEM @@ -265,101 +268,101 @@ OS KERNEL-OS - See the file `config.sub' for the possible values of each field. If -`config.sub' isn't included in this package, then this package doesn't + See the file 'config.sub' for the possible values of each field. If +'config.sub' isn't included in this package, then this package doesn't need to know the machine type. If you are _building_ compiler tools for cross-compiling, you should -use the option `--target=TYPE' to select the type of system they will +use the option '--target=TYPE' to select the type of system they will produce code for. If you want to _use_ a cross compiler, that generates code for a platform different from the build platform, you should specify the "host" platform (i.e., that on which the generated programs will -eventually be run) with `--host=TYPE'. +eventually be run) with '--host=TYPE'. Sharing Defaults ================ - If you want to set default values for `configure' scripts to share, -you can create a site shell script called `config.site' that gives -default values for variables like `CC', `cache_file', and `prefix'. -`configure' looks for `PREFIX/share/config.site' if it exists, then -`PREFIX/etc/config.site' if it exists. Or, you can set the -`CONFIG_SITE' environment variable to the location of the site script. -A warning: not all `configure' scripts look for a site script. + If you want to set default values for 'configure' scripts to share, +you can create a site shell script called 'config.site' that gives +default values for variables like 'CC', 'cache_file', and 'prefix'. +'configure' looks for 'PREFIX/share/config.site' if it exists, then +'PREFIX/etc/config.site' if it exists. Or, you can set the +'CONFIG_SITE' environment variable to the location of the site script. +A warning: not all 'configure' scripts look for a site script. Defining Variables ================== Variables not defined in a site shell script can be set in the -environment passed to `configure'. However, some packages may run +environment passed to 'configure'. However, some packages may run configure again during the build, and the customized values of these variables may be lost. In order to avoid this problem, you should set -them in the `configure' command line, using `VAR=value'. For example: +them in the 'configure' command line, using 'VAR=value'. For example: ./configure CC=/usr/local2/bin/gcc -causes the specified `gcc' to be used as the C compiler (unless it is +causes the specified 'gcc' to be used as the C compiler (unless it is overridden in the site shell script). -Unfortunately, this technique does not work for `CONFIG_SHELL' due to -an Autoconf bug. Until the bug is fixed you can use this workaround: +Unfortunately, this technique does not work for 'CONFIG_SHELL' due to an +Autoconf limitation. Until the limitation is lifted, you can use this +workaround: - CONFIG_SHELL=/bin/bash /bin/bash ./configure CONFIG_SHELL=/bin/bash + CONFIG_SHELL=/bin/bash ./configure CONFIG_SHELL=/bin/bash -`configure' Invocation +'configure' Invocation ====================== - `configure' recognizes the following options to control how it + 'configure' recognizes the following options to control how it operates. -`--help' -`-h' - Print a summary of all of the options to `configure', and exit. +'--help' +'-h' + Print a summary of all of the options to 'configure', and exit. -`--help=short' -`--help=recursive' +'--help=short' +'--help=recursive' Print a summary of the options unique to this package's - `configure', and exit. The `short' variant lists options used - only in the top level, while the `recursive' variant lists options - also present in any nested packages. - -`--version' -`-V' - Print the version of Autoconf used to generate the `configure' + 'configure', and exit. The 'short' variant lists options used only + in the top level, while the 'recursive' variant lists options also + present in any nested packages. + +'--version' +'-V' + Print the version of Autoconf used to generate the 'configure' script, and exit. -`--cache-file=FILE' +'--cache-file=FILE' Enable the cache: use and save the results of the tests in FILE, - traditionally `config.cache'. FILE defaults to `/dev/null' to + traditionally 'config.cache'. FILE defaults to '/dev/null' to disable caching. -`--config-cache' -`-C' - Alias for `--cache-file=config.cache'. - -`--quiet' -`--silent' -`-q' +'--config-cache' +'-C' + Alias for '--cache-file=config.cache'. + +'--quiet' +'--silent' +'-q' Do not print messages saying which checks are being made. To - suppress all normal output, redirect it to `/dev/null' (any error + suppress all normal output, redirect it to '/dev/null' (any error messages will still be shown). -`--srcdir=DIR' +'--srcdir=DIR' Look for the package's source code in directory DIR. Usually - `configure' can determine that directory automatically. + 'configure' can determine that directory automatically. -`--prefix=DIR' - Use DIR as the installation prefix. *note Installation Names:: - for more details, including other options available for fine-tuning - the installation locations. +'--prefix=DIR' + Use DIR as the installation prefix. *note Installation Names:: for + more details, including other options available for fine-tuning the + installation locations. -`--no-create' -`-n' +'--no-create' +'-n' Run the configure checks, but stop before creating any output files. -`configure' also accepts some other, not widely useful, options. Run -`configure --help' for more details. - +'configure' also accepts some other, not widely useful, options. Run +'configure --help' for more details. diff -Nru sudo-1.9.5p2/INSTALL.md sudo-1.9.9/INSTALL.md --- sudo-1.9.5p2/INSTALL.md 1970-01-01 00:00:00.000000000 +0000 +++ sudo-1.9.9/INSTALL.md 2022-01-27 21:24:22.000000000 +0000 @@ -0,0 +1,1031 @@ +Sudo installation instructions +============================== + +Sudo uses a `configure` script to probe the capabilities and type of the +system in question. Sudo's `configure` script has a large number of options +that control its behavior and enable or disable optional functionality. +Please read this document fully before configuring and building sudo. +You may also wish to read the file INSTALL.configure which explains more +about the `configure` script itself. + +## System requirements + +To build sudo from the source distribution you need a POSIX-compliant +operating system (any modern version of BSD, Linux, or Unix should work), +an ANSI/ISO C compiler that supports the "long long" type, variadic +macros (a C99 feature) as well as the ar, make, and ranlib utilities. + +If you wish to modify the parser then you will need flex version +2.5.2 or later and either bison or byacc (sudo comes with a +pre-generated parser). You'll also have to run configure with the +--with-devel option or pass DEVEL=1 to make. You can get flex from +http://flex.sourceforge.net/. You can get GNU bison from +ftp://ftp.gnu.org/pub/gnu/bison/ or any GNU mirror. + +Some systems will also require that development library packages be +installed. The sudo source distribution includes docker configurations +for common Linux distributions that are used for continuous integration +in the `docker` directory. See the appropriate OS-specific Dockerfile +for a list of packages required to build sudo. + +## Simple sudo installation + +0. If you are upgrading from a previous version of sudo please read + the info in [docs/UPGRADE.md](docs/UPGRADE.md) before proceeding. + +1. Read the "OS dependent notes" section for any particular + "gotchas" relating to your operating system. + +2. `cd` to the source or build directory and type `./configure` + to generate a Makefile and config.h file suitable for building + sudo. Before you actually run configure you should read the + "Available configure options" section to see if there are + any special options you may want or need. + +4. Type `make` to compile sudo. If `configure` did its job properly (and + you have a supported configuration) there won't be any problems. If you + have a problem, check [docs/TROUBLESHOOTING.md](docs/TROUBLESHOOTING.md) + for tips on what might have gone wrong. Please mail us if you have a + fix or if you are unable to come up with a fix (address at EOF). + +5. Type `make install` (as root) to install sudo, visudo, the + man pages, and a skeleton sudoers file. Note that the install + will not overwrite an existing sudoers file. You can also + install various pieces the package via the install-binaries, + install-doc, and install-sudoers make targets. + +6. Edit the sudoers file with `visudo` as necessary for your + site. You will probably want to refer the example sudoers + file and sudoers man page included with the sudo package. + +7. If you want to use syslogd(8) to do the logging, you'll need to + update your `/etc/syslog.conf` file. See the examples/syslog.conf + file included in the distribution for an example. + +## Available configure options + +This section describes flags accepted by the sudo's `configure` script. +Defaults are listed in brackets after the description. + +### Configuration: + + --cache-file=FILE + Cache test results in FILE + + --config-cache, -C + Alias for --cache-file=config.cache + + --help, -h + Print the usage/help info + + --no-create, -n + Do not create output files + + --quiet, --silent, -q + Do not print "checking..." messages + + --srcdir=DIR + Find the sources in DIR [configure dir or ".."] + +### Directory and file names: + + --prefix=PREFIX + Install architecture-independent files in PREFIX. [/usr/local] + + --exec-prefix=EPREFIX + Install architecture-dependent files in EPREFIX. + This includes the executables and plugins. [same as PREFIX] + + --bindir=DIR + Install cvtsudoers, sudo, sudoedit, and sudoreplay in DIR. [EPREFIX/bin] + + --sbindir=DIR + Install sudo_logsrvd, sudo_sendlog, and visudo in DIR. [EPREFIX/sbin] + + --libexecdir=DIR + Install plugins and helper programs in DIR/sudo [PREFIX/libexec/sudo] + + --sysconfdir=DIR + Look for `sudo.conf` and `sudoers` files in DIR. [/etc] + + --includedir=DIR + Install sudo_plugin.h include file in DIR [PREFIX/include] + + --datarootdir=DIR + Root directory for platform-independent data files [PREFIX/share] + + --localedir=DIR + Install sudo and sudoers locale files in DIR [DATAROOTDIR/locale] + + --mandir=DIR + Install man pages in DIR [PREFIX/man] + + --docdir=DIR + Install other sudo documentation in DIR [DATAROOTDIR/doc/sudo] + + --with-exampledir=DIR + Install sudo example files in DIR [DATAROOTDIR/doc/sudo/examples] + + --with-plugindir=DIR + The directory that sudo looks in to find the policy and I/O + logging plugins. Defaults to the LIBEXEC/sudo. + + --with-rundir=DIR + The directory to be used for sudo-specific files that do + not survive a system reboot. This is typically where the + time stamp directory is located. By default, configure + will choose from the following list: + /run/sudo /var/run/sudo, /var/db/sudo, /var/lib/sudo, + /var/adm/sudo, /usr/adm/sudo + This directory should be cleared when the system reboots. + On systems that lack /run or /var/run, the default rundir and + vardir may be the same. In this case, only the ts directory + inside the rundir needs to be cleared at boot time. + + --with-vardir=DIR + The directory to be used for sudo-specific files that survive + a system reboot. This is typically where the lecture status + directory is stored. By default, configure will choose + from the following list: + /var/db/sudo, /var/lib/sudo, /var/adm/sudo, /usr/adm/sudo + This directory should **not** be cleared when the system boots. + + --with-relaydir=DIR + The directory to be used for sudo_logsrvd relay temporary files. + When sudo_logsrvd is configured as a store-and-forward relay, + the journaled data is written to this directory before it is + forwarded to a relay server. + + --with-tzdir=DIR + The directory to the system's time zone data files. This + is only used when sanitizing the TZ environment variable + to allow for fully-qualified paths in TZ. By default, + configure will look for an existing "zoneinfo" directory + in the following locations: + /usr/share /usr/share/lib /usr/lib /etc + If no zoneinfo directory is found, the TZ variable may not + contain a fully-qualified path. + +### Compilation options: + + --enable-sanitizer=[flags] + Enable the use of sanitizers such as AddressSanitizer and + UndefinedBehaviorSanitizer if supported by the compiler. + This can help detect common problems such as buffer overflows + and use after free bugs as well as behavior not defined by + the C standard. For more information see: + https://github.com/google/sanitizers/wiki + + If no flags are specified by the user, a default value of + "-fsanitize=address,undefined" will be used. + + This option should only be used for testing and not in a + production environment. Due to some sanitizers' unchecked + use of environment variables, it is trivial to exploit a + set-user-ID root executable such as sudo. + + --enable-fuzzer + Enable building sudo with the LLVM libFuzzer, see + https://www.llvm.org/docs/LibFuzzer.html for details. + The resulting binaries, beginning with "fuzz_" can be used + to test sudo. To run all the fuzzers for 8192 iterations, + "make fuzz" can be used. This option is generally used in + conjunction with --enable-sanitizer. + + Fuzzing currently requires the clang C compiler--it is not + supported by gcc. For best results, it is suggested to use + clang 11 or higher. Some of the fuzzers are known to hang + when used with earlier versions. + + This option should only be used for testing and not in a + production environment. + + --enable-fuzzer-engine=library + The library to use when linking fuzz targets instead of + LLVM's libFuzzer. It is intended to be set to the path to + an alternate fuzzing library, such as AFL++ or Honggfuzz. + + --enable-fuzzer-linker=command + An alternate linker command to use when building fuzz + targets, instead of clang. It may be necessary to set this + when using the --enable-fuzzer-engine option to link with + a fuzzer engine that requires C++ libraries. For oss-fuzz, + this option is used to cause fuzz targets to be linked with + clang++. + + --disable-hardening + Disable the use of compiler/linker exploit mitigation options + which are enabled by default. This includes compiling with + _FORTIFY_SOURCE defined to 2, building with -fstack-protector + and linking with -zrelro, where supported. + + --disable-ssp + Disable use of the -fstack-protector compiler option. + This does not affect the other hardening options. + + --disable-leaks + Avoid leaking memory even when we are headed for exit, + which helps reduce the noise from static and active analyzers. + This option should only be used for testing and not in a + production environment. + + --enable-pie + Build sudo and related programs as as a position independent + executables (PIE). This improves the effectiveness of address + space layout randomization (ASLR) on systems that support it. + Sudo will create PIE binaries by default on Linux systems. + + --disable-pie + Disable the creation of position independent executables (PIE), + even if the compiler creates PIE binaries by default. This + option may be needed on some Linux systems where PIE binaries + are not fully supported. + + --disable-poll + Use select() instead of poll() in the event loop. By default, + sudo will use poll() on systems that support it. Some systems + have a broken poll() implementation and need to use select instead. + On macOS, select() is always used since its poll() doesn't + support character devices. + + --disable-rpath + By default, configure will use -Rpath in addition to -Lpath + when passing library paths to the loader. This option will + disable the use of -Rpath. + + --disable-shared + Disable dynamic shared object support. By default, sudo + is built with a plugin API capable of loading arbitrary + policy and I/O logging plugins. If the --disable-shared + option is specified, this support is disabled and the default + sudoers policy and I/O plugins are embedded in the sudo + binary itself. This will also disable the intercept and noexec + options as they also rely on dynamic shared object support. + + --disable-shared-libutil + Disable the use of the dynamic libsudo_util library. By + default, sudo, the sudoers plugin and the associated sudo + utilities are linked against a shared version of libsudo_util. + If the --disable-shared-libutil option is specified, a + static version of the libsudo_util library will be used + instead. This option may only be used in conjunction with + the --enable-static-sudoers option. + + --enable-static-sudoers + By default, the sudoers plugin is built and installed as a + dynamic shared object. When the --enable-static-sudoers + option is specified, the sudoers plugin is compiled directly + into the sudo binary. Unlike --disable-shared, this does + not prevent other plugins from being used and the intercept + and noexec options will continue to function. + + --enable-tmpfiles.d=DIR + Set the directory to be used when installing the sudo + tmpfiles.d file. This is used to create (or clear) the + sudo time stamp directory on operating systems that use + systemd. If this option is not specified, configure will + use the /usr/lib/tmpfiles.d directory if the file + /usr/lib/tmpfiles.d/systemd.conf exists. + + --enable-zlib[=location] + Enable the use of the zlib compress library when storing + I/O log files. If specified, location is the base directory + containing the zlib include and lib directories. The special + values "system", "builtin", "shared", and "static" can be + used to indicate that the system version of zlib should be + used or that the version of zlib shipped with sudo should + be used instead. If "static" is specified, sudo will + statically link the builtin zlib and not install it. If + this option is not specified, configure will use the system + zlib if it is present, falling back on the sudo version. + + --with-incpath=DIR + Adds the specified directory (or directories) to CPPFLAGS + so configure and the compiler will look there for include + files. Multiple directories may be specified as long as + they are space separated. + E.g. --with-incpath="/usr/local/include /opt/include" + + --with-libpath=DIR + Adds the specified directory (or directories) to LDFLAGS + so configure and the compiler will look there for libraries. + Multiple directories may be specified as with --with-incpath. + + --with-libraries=LIBRARY + Adds the specified library (or libraries) to SUDO_LIBS and + and VISUDO_LIBS so sudo will link against them. If the + library doesn't start with "-l" or end in ".a" or ".o" a + "-l" will be pre-pended to it. Multiple libraries may be + specified as long as they are space separated. + + --with-libtool=PATH + By default, sudo will use the included version of libtool + to build shared libraries. The --with-libtool option can + be used to specify a different version of libtool to use. + The special values "system" and "builtin" can be used in + place of a path to denote the default system libtool (obtained + via the user's PATH) and the default libtool that comes + with sudo. + +### Optional features: + + --disable-root-mailer + By default sudo will run the mailer as root when tattling + on a user so as to prevent that user from killing the mailer. + With this option, sudo will run the mailer as the invoking + user which some people consider to be safer. + + --enable-nls[=location] + Enable natural language support using the gettext() family + of functions. If specified, location is the base directory + containing the libintl include and lib directories. If + this option is not specified, configure will look for the + gettext() family of functions in the standard C library + first, then check for a standalone libintl (linking with + libiconv as needed). + + --disable-nls + Disable natural language support. By default, sudo will + use the gettext() family of functions, if available, to + implement messages in the invoking user's native language. + Note that translations do not exist for all languages. + + --with-ldap[=DIR] + Enable LDAP support. If specified, DIR is the base directory + containing the LDAP include and lib directories. Please see + [README.LDAP.md](README.LDAP.md) for more information. + + --with-ldap-conf-file=PATH + Path to LDAP configuration file. If specified, sudo reads + this file instead of `/etc/ldap.conf` to locate the LDAP server. + + --with-ldap-secret-file=PATH + Path to LDAP secret password file. If specified, sudo uses + this file instead of `/etc/ldap.secret` to read the secret password + when rootbinddn is specified in the ldap config file. + + --disable-sasl + Disable SASL authentication for LDAP. By default, sudo + will compile in support for SASL authentication if the + ldap_sasl_interactive_bind_s() function is present in the + LDAP libraries. + + --with-logincap + This adds support for login classes specified in `/etc/login.conf`. + It is enabled by default on BSD/OS, Darwin, FreeBSD, OpenBSD, and + NetBSD (where available). By default, a login class is not applied + unless the "use_loginclass" option is defined in sudoers or the user + specifies a class on the command line. + + --with-interfaces=no, --without-interfaces + This option keeps sudo from trying to glean the ip address + from each attached network interface. It is only useful + on a machine where sudo's interface reading support does + not work, which may be the case on some SysV-based OS's + using STREAMS. + + --enable-intercept[=PATH] + Enable support for the "intercept" functionality which + allows sudo to perform a policy check when a dynamically-linked + program run by sudo attempts to execute another program. + This is also used to support the "log_subcmds" sudoers + setting. For example, this means that for a shell run + through sudo, the individual commands run by the shell are + also subject to rules in the sudoers file. Please see the + "Preventing Shell Escapes" section in the sudoers man page + for details. If specified, PATH should be a fully qualified + path name, e.g. /usr/local/libexec/sudo/sudo_intercept.so. + If PATH is "no", intercept support will not be compiled in. + The default is to compile intercept support if libtool + supports building shared objects on your system. + + --with-noexec[=PATH] + Enable support for the "noexec" functionality which prevents + a dynamically-linked program being run by sudo from executing + another program (think shell escapes). Please see the + "Preventing Shell Escapes" section in the sudoers man page + for details. If specified, PATH should be a fully qualified + path name, e.g. /usr/local/libexec/sudo/sudo_noexec.so. If PATH + is "no", noexec support will not be compiled in. The default + is to compile noexec support if libtool supports building + shared objects on your system. + + --with-selinux + Enable support for role based access control (RBAC) on systems + that support SELinux. + + --with-sssd + Enable support for using the System Security Services Daemon + (SSSD) as a sudoers data source. For more information on + SSD, see http://fedorahosted.org/sssd/ + + --with-sssd-conf=PATH + Specify the path to the SSSD configuration file, if different + from the default value of `/etc/sssd/sssd.conf`. + + --with-sssd-lib=PATH + Specify the path to the SSSD shared library, which is loaded + at run-time. + + --enable-offensive-insults + Enable potentially offensive sudo insults from the classic + version of sudo. + + --enable-pvs-studio + Generate a sample PVS-Studio.cfg file based on the compiler and + platform type. The "pvs-studio" Makefile target can then be + used if PVS-Studio is installed. + + --enable-python + Enable support for sudo plugins written in Python 3. + This requires a Python 3 development environment (including + Python 3 header files). + + --disable-log-server + Disable building the sudo_logsrvd log server. + + --disable-log-client + Disable sudoers support for using the sudo_logsrvd log server. + +### Operating system-specific options: + + --disable-setreuid + Disable use of the setreuid() function for operating systems + where it is broken. For instance, 4.4BSD has setreuid() that + is not fully functional. + + --disable-setresuid + Disable use of the setresuid() function for operating systems + where it is broken (none currently known). + + --enable-admin-flag[=PATH] + Enable the creation of an Ubuntu-style admin flag file the + first time sudo is run. If PATH is not specified, the + default value is: + ~/.sudo_as_admin_successful + + --enable-devsearch=PATH + Set a system-specific search path of directories to look in + for device nodes. Sudo uses this when mapping the process's + tty device number to a device name. The default value is: + /dev/pts:/dev/vt:/dev/term:/dev/zcons:/dev/pty:/dev + + --with-bsm-audit + Enable support for sudo BSM audit logs on systems that support it. + This includes recent versions of FreeBSD, macOS and Solaris. + + --with-linux-audit + Enable audit support for Linux systems. Audits attempts + to run a command as well as SELinux role changes. + + --with-man + Use the "man" macros for manual pages. By default, mdoc versions + of the manuals are installed if supported. This can be used to + override configure's test for "nroff -mdoc" support. + + --with-mdoc + Use the "mdoc" macros for manual pages. By default, mdoc versions + of the manuals are installed if supported. This can be used to + override configure's test for "nroff -mdoc" support. + + --with-netsvc[=PATH] + Path to netsvc.conf or "no" to disable netsvc.conf support. + If specified, sudo uses this file instead of /etc/netsvc.conf + on AIX systems. If netsvc support is disabled but LDAP is + enabled, sudo will check LDAP first, then the sudoers file. + + --with-nsswitch[=PATH] + Path to nsswitch.conf or "no" to disable nsswitch support. + If specified, sudo uses this file instead of /etc/nsswitch.conf. + If nsswitch support is disabled but LDAP is enabled, sudo will + check LDAP first, then the sudoers file. + + --with-project + Enable support for Solaris project resource limits. + This option is only available on Solaris 9 and above. + +### Authentication options: + + --with-AFS + Enable AFS support with Kerberos authentication. Should work under + AFS 3.3. If your AFS doesn't have -laudit you should be able to + link without it. + + --with-aixauth + Enable support for the AIX general authentication function. + This will use the authentication scheme specified for the + user on the machine. By default, sudo will use either AIX + authentication or PAM depending on the value of the auth_type + setting in the `/etc/security/login.cfg` file. + + --with-bsdauth + Enable support for BSD authentication. This is the default + for BSD/OS and OpenBSD systems that support it. + It is not possible to mix BSD authentication with other + authentication methods (and there really should be no need + to do so). Note that only the newer BSD authentication API + is supported. If you don't have /usr/include/bsd_auth.h + then you cannot use this. + + --with-DCE + Enable DCE support for systems without PAM. Known to work on + HP-UX 9.X, 10.X, and 11.0; other systems may require source + code and/or `configure` changes. On systems with PAM support + (such as HP-UX 11.0 and higher, Solaris, FreeBSD, and Linux), the + DCE PAM module (usually libpam_dce) should be used instead. + + --with-fwtk[=DIR] + Enable TIS Firewall Toolkit (FWTK) "authsrv" support. If specified, + DIR is the base directory containing the compiled FWTK package + (or at least the library and header files). + + --with-kerb5[=DIR] + Enable Kerberos V support. If specified, DIR is the base + directory containing the Kerberos V include and lib dirs. + This uses Kerberos pass phrases for authentication but + does not use the Kerberos cookie scheme. Will not work for + Kerberos V older than version 1.1. + + --enable-kerb5-instance=string + By default, the user name is used as the principal name + when authenticating via Kerberos V. If this option is + enabled, the specified instance string will be appended to + the user name (separated by a slash) when creating the + principal name. + + --with-solaris-audit + Enable audit support for Solaris 11 and above. + For older versions of Solaris, use --with-bsm-audit + + --with-opie[=DIR] + Enable NRL OPIE OTP (One Time Password) support. If specified, + DIR should contain include and lib directories with opie.h + and libopie.a respectively. + + --with-otp-only + This option is now just an alias for --without-passwd. + + --with-pam + Enable PAM support. This is on by default for Darwin, FreeBSD, + Linux, NetBSD, Solaris, and HP-UX (version 11 and higher). + + NOTE: on RedHat Linux and Fedora you **must** have an `/etc/pam.d/sudo` + file installed. You may either use the example pam.conf file included + with sudo or use `/etc/pam.d/su` as a reference. The pam.conf file + included with sudo may or may not work with other Linux distributions. + On Solaris and HP-UX 11 systems you should check (and understand) + the contents of `/etc/pam.conf`. Do a `man pam.conf` for more + information and consider using the "debug" option, if available, + with your PAM libraries in `/etc/pam.conf` to obtain syslog output + for debugging purposes. + + --with-pam-login + Enable a specific PAM session when sudo is given the -i option. + This changes the PAM service name when sudo is run with the -i + option from "sudo" to "sudo-i", allowing for a separate pam + configuration for sudo's initial login mode. + + --disable-pam-session + Disable sudo's PAM session support. This may be needed on + older PAM implementations or on operating systems where + opening a PAM session changes the utmp or wtmp files. If + PAM session support is disabled, resource limits may not + be updated for the command being run. + + --with-passwd=no, --without-passwd + This option excludes authentication via the passwd (or + shadow) file. It should only be used when another, alternative, + authentication scheme is in use. + + --with-SecurID[=DIR] + Enable SecurID support. If specified, DIR is directory containing + libaceclnt.a, acexport.h, and sdacmvls.h. + + --with-skey[=DIR] + Enable S/Key OTP (One Time Password) support. If specified, + DIR should contain include and lib directories with skey.h + and libskey.a respectively. + + --disable-sia + Disable SIA support. This is the "Security Integration + Architecture" on Digital UNIX. If you disable SIA sudo will + use its own authentication routines. + + --disable-shadow + Disable shadow password support. Normally, sudo will compile + in shadow password support and use a shadow password if it + exists. + + --enable-gss-krb5-ccache-name + Use the gss_krb5_ccache_name() function to set the Kerberos + V credential cache file name. By default, sudo will use + the KRB5CCNAME environment variable to set this. While + gss_krb5_ccache_name() provides a better API to do this it + is not supported by all Kerberos V and SASL combinations. + + --enable-gcrypt[=DIR] + Use GNU crypt's SHA-2 message digest functions instead of + OpenSSL or the ones bundled with sudo (or in the system's + C library). If specified, DIR should contain the GNU crypt + include and lib directories. This option only has an effect + when OpenSSL 1.0.1 or higher is not present on the system + or the --disable-openssl option is also specified. + + --enable-openssl[=DIR] + Use OpenSSL's TLS and SHA-2 message digest functions. If + it is detected, OpenSSL will be used by default unless the + sudo log client and server are disabled via the + --disable-log-client and --disable-log-server options. To + explicitly disable the use of OpenSSL, the --disable-openssl + option can be used. OpenSSL versions prior to 1.0.1 will + not be used as they do not support TLS 1.2. If specified, + DIR should contain the OpenSSL include and lib directories. + + --enable-openssl-pkgconfig-template=template + A printf-style template used to construct the name of the + openssl and libcrypto pkg-config files. For example, a + template of "e%s30" would cause "eopenssl30" and "libecrypto30" + to be used instead. This makes it possible to link with + the OpenSSL 3.0 package on OpenBSD. Defaults to "%s". + + --enable-wolfssl[=DIR] + Use wolfSSL's TLS and SHA-2 message digest functions. If + specified, DIR should contain the OpenSSL include and lib + directories. + +### Development options: + + --enable-env-debug + Enable debugging of the environment setting functions. This + enables extra checks to make sure the environment does not + become corrupted. + + --enable-warnings + Enable compiler warnings when building sudo with gcc or clang. + + --enable-werror + Enable the -Werror compiler option when building sudo with + gcc or clang. + + --with-devel + Configure development options. This will enable compiler warnings + and set up the Makefile to be able to regenerate the sudoers parser + as well as the manual pages. + +### Options that set runtime-changeable default values: + + --disable-authentication + By default, sudo requires the user to authenticate via a + password or similar means. This options causes sudo to + **not** require authentication. It is possible to turn + authentication back on in sudoers via the PASSWD attribute. + Sudoers option: !authenticate + + --disable-env-reset + Disable environment resetting. This sets the default value + of the "env_reset" Defaults option in sudoers to false. + Sudoers option: !env_reset + + --disable-path-info + Normally, sudo will tell the user when a command could not be found + in their $PATH. Some sites may wish to disable this as it could + be used to gather information on the location of executables that + the normal user does not have access to. The disadvantage is that + if the executable is simply not in the user's path, sudo will tell + the user that they are not allowed to run it, which can be confusing. + Sudoers option: path_info + + --disable-root-sudo + Don't let root run sudo. This can be used to prevent people from + "chaining" sudo commands to get a root shell by doing something + like `sudo sudo /bin/sh`. + Sudoers option: !root_sudo + + --disable-zlib + Disable the use of the zlib compress library when storing + I/O log files. + Sudoers option: !compress_io + + --enable-log-host + Log the hostname in the log file. + Sudoers option: log_host + + --enable-noargs-shell + If sudo is invoked with no arguments it acts as if the "-s" flag had + been given. That is, it runs a shell as root (the shell is determined + by the SHELL environment variable, falling back on the shell listed + in the invoking user's `/etc/passwd` entry). + Sudoers option: shell_noargs + + --enable-shell-sets-home + If sudo is invoked with the "-s" flag the HOME environment variable + will be set to the home directory of the target user (which is root + unless the "-u" option is used). This option effectively makes the + "-s" flag imply "-H". + Sudoers option: set_home + + --enable-timestamp-type=TYPE + Set the default time stamp record type. The TYPE may be "global" + (a single record per user), "ppid" (a single record for process + with the same parent process), or "tty" (a separate record for + each login session). The default is "tty". + Sudoers option: timestamp_type + + --with-all-insults + Include all the insult sets listed below. You must either specify + --with-insults or enable insults in the sudoers file for this to + have any effect. + + --with-askpass=PATH + Set PATH as the "askpass" program to use when no tty is + available. Typically, this is a graphical password prompter, + similar to the one used by ssh. The program must take a + prompt as an argument and print the received password to + the standard output. This value may overridden at run-time + in the sudo.conf file. + + --with-badpass-message="BAD PASSWORD MESSAGE" + Message that is displayed if a user enters an incorrect password. + The default is "Sorry, try again." unless insults are turned on. + Sudoers option: badpass_message + + --with-badpri=PRIORITY + Determines which syslog priority to log unauthenticated + commands and errors. The following priorities are supported: + alert, crit, debug, emerg, err, info, notice, and warning. + Sudoers option: syslog_badpri + + --with-classic-insults + Uses insults from sudo "classic." If you just specify --with-insults + you will get the classic and CSOps insults. This is on by default if + --with-insults is given. + + --with-csops-insults + Insults the user with an extra set of insults (some quotes, some + original) from a sysadmin group at CU (CSOps). You must specify + --with-insults as well for this to have any effect. This is on by + default if --with-insults is given. + + --with-editor=PATH + Specify the default editor path for use by visudo. This may be a + single path name or a colon-separated list of editors. In the latter + case, visudo will choose the editor that matches the user's SUDO_EDITOR, + VISUAL or EDITOR environment variable, or the first editor in the list + that exists. The default is the path to vi on your system. + Sudoers option: editor + + --with-env-editor=no, --without-env-editor + By default, visudo will consult the SUDO_EDITOR, VISUAL, and EDITOR + environment variables before falling back on the default editor list + (as specified by --with-editor). visudo is typically run as root so + this option may allow a user with visudo privileges to run arbitrary + commands as root without logging. Some sites may with to disable this + and use a colon-separated list of "safe" editors with the --with-editor + option. visudo will then only use the SUDO_EDITOR, VISUAL, or EDITOR + variables if they match a value specified via --with-editor. + Sudoers option: env_editor + + --with-exempt=GROUP + Users in the specified group don't need to enter a password when + running sudo. This may be useful for sites that don't want their + "core" sysadmins to have to enter a password but where Jr. sysadmins + need to. You should probably use NOPASSWD in sudoers instead. + Sudoers option: exempt_group + + --with-fqdn + Define this if you want to put fully qualified host names in the sudoers + file. Ie: instead of myhost you would use myhost.mydomain.edu. You may + still use the short form if you wish (and even mix the two). Beware + that turning FQDN on requires sudo to make DNS lookups which may make + sudo unusable if your DNS is totally hosed. Also note that you must + use the host's official name as DNS knows it. That is, you may not use + a host alias (CNAME entry) due to performance issues and the fact that + there is no way to get all aliases from DNS. + Sudoers option: fqdn + + --with-goodpri=PRIORITY + Determines which syslog priority to log successfully authenticated + commands. The following priorities are supported: alert, crit, debug, + emerg, err, info, notice, and warning. + Sudoers option: syslog_goodpri + + --with-python-insults + Insults the user with lines from "Monty Python's Flying Circus" when an + incorrect password is entered. You must either specify --with-insults or + enable insults in the sudoers file for this to have any effect. + + --with-goons-insults + Insults the user with lines from the "Goon Show" when an incorrect + password is entered. You must either specify --with-insults or + enable insults in the sudoers file for this to have any effect. + + --with-hal-insults + Uses 2001-like insults when an incorrect password is entered. + You must either specify --with-insults or enable insults in the + sudoers file for this to have any effect. + + --with-ignore-dot + If set, sudo will ignore "." or "" (current dir) in $PATH. + The $PATH itself is not modified. + Sudoers option: ignore_dot + + --with-insults + Define this if you want to be insulted for typing an incorrect password + just like the original sudo(8). This is off by default. + Sudoers option: insults + + --with-insults=disabled + Include support for insults but disable them unless explicitly + enabled in sudoers. + Sudoers option: !insults + + --with-iologdir[=DIR] + By default, sudo stores I/O log files in either /var/log/sudo-io, + /var/adm/sudo-io, or /usr/log/sudo-io. If this option is specified, + I/O logs will be stored in the indicated directory instead. + Sudoers option: iolog_dir + + --with-lecture=no, --without-lecture + Don't print the lecture the first time a user runs sudo. + Sudoers option: !lecture + + --with-logfac=FACILITY + Determines which syslog facility to log to. This requires + a 4.3BSD or later version of syslog. You can still set + this for ancient syslogs but it will have no effect. The + following facilities are supported: authpriv (if your OS + supports it), auth, daemon, user, local0, local1, local2, + local3, local4, local5, local6, and local7. + Sudoers option: syslog + + --with-logging=TYPE + How you want to do your logging. You may choose "syslog", + "file", or "both". Setting this to "syslog" is nice because + you can keep all of your sudo logs in one place (see the + example syslog.conf file). The default is "syslog". + Sudoers options: syslog and logfile + + --with-loglen=NUMBER + Number of characters per line for the file log. This is only used if + you are to "file" or "both". This value is used to decide when to wrap + lines for nicer log files. The default is 80. Setting this to 0 + will disable the wrapping. + Sudoers options: loglinelen + + --with-logpath=PATH + Override the default location of the sudo log file and use + "path" instead. By default will use /var/log/sudo.log if + there is a /var/log dir, falling back to /var/adm/sudo.log + or /usr/adm/sudo.log if not. + Sudoers option: logfile + + --with-long-otp-prompt + When validating with a One Time Password scheme (S/Key or + OPIE), a two-line prompt is used to make it easier to cut + and paste the challenge to a local window. It's not as + pretty as the default but some people find it more convenient. + Sudoers option: long_otp_prompt + + --with-mail-if-no-user=no, --without-mail-if-no-user + Normally, sudo will mail to the "alertmail" user if the user invoking + sudo is not in the sudoers file. This option disables that behavior. + Sudoers option: mail_no_user + + --with-mail-if-no-host + Send mail to the "alermail" user if the user exists in the sudoers + file, but is not allowed to run commands on the current host. + Sudoers option: mail_no_host + + --with-mail-if-noperms + Send mail to the "alermail" user if the user is allowed to use sudo but + the command they are trying is not listed in their sudoers file entry. + Sudoers option: mail_no_perms + + --with-mailsubject="SUBJECT OF MAIL" + Subject of the mail sent to the "mailto" user. The token "%h" + will expand to the hostname of the machine. + The default value is "*** SECURITY information for %h ***". + Sudoers option: mailsub + + --with-mailto=USER|MAIL_ALIAS + User (or mail alias) that mail from sudo is sent to. + This should go to a sysadmin at your site. The default value is "root". + Sudoers option: mailto + + --with-passprompt="PASSWORD PROMPT" + Default prompt to use when asking for a password; can be overridden + via the -p option and the SUDO_PROMPT environment variable. Supports + the "%H", "%h", "%U", and "%u" escapes as documented in the sudo + manual page. The default value is "Password:". + Sudoers option: passprompt + + --with-password-timeout=NUMBER + Number of minutes before the sudo password prompt times out. + The default is 5, set this to 0 for no password timeout. + Sudoers option: passwd_timeout + + --with-passwd-tries=NUMBER + Number of tries a user gets to enter his/her password before sudo logs + the failure and exits. The default is 3. + Sudoers option: passwd_tries + + --with-runas-default=USER + The default user to run commands as if the -u flag is not specified + on the command line. This defaults to "root". + Sudoers option: runas_default + + --with-secure-path[=PATH] + Path used for every command run from sudo(8). If you don't trust + users to have a reasonable PATH environment variable you may want + to use this. Another use is if you want to have the "root path" + be separate from the "user path." You will need to customize the + path for your site. NOTE: this is not applied to users in the group + specified by --with-exemptgroup. If you do not specify a path, + "/bin:/usr/ucb:/usr/bin:/usr/sbin:/sbin:/usr/etc:/etc" is used. + Sudoers option: secure_path + + --with-sendmail=PATH + Override configure's guess as to the location of sendmail. + Sudoers option: mailerpath + + --with-sendmail=no, --without-sendmail + Do not use sendmail to mail messages to the "mailto" user. + Use only if you don't run sendmail or the equivalent. + Sudoers options: !mailerpath or !mailto + + --with-sudoers-mode=MODE + File mode for the sudoers file (octal). Note that if you + wish to NFS-mount the sudoers file this must be group + readable. This value may overridden at run-time in the + sudo.conf file. The default mode is 0440. + + --with-sudoers-uid=UID + User id that "owns" the sudoers file. Note that this is + the numeric id, **not** the symbolic name. This value may + overridden at run-time in the sudo.conf file. The default + is 0. + + --with-sudoers-gid=GID + Group id that "owns" the sudoers file. Note that this is + the numeric id, **not** the symbolic name. This value may + overridden at run-time in the sudo.conf file. The default + is 0. + + --with-timeout=NUMBER + Number of minutes that can elapse before sudo will ask for a passwd + again. The default is 5, set it to 0 to always prompt for a password. + Sudoers option: timestamp_timeout + + --with-umask=MASK + Umask to use when running the root command. The default is 0022. + Sudoers option: umask + + --with-umask=no, --without-umask + Preserves the umask of the user invoking sudo. + Sudoers option: !umask + + --with-umask-override + Use the umask specified in sudoers even if it is less restrictive + than the user's. The default is to use the intersection of the + user's umask and the umask specified in sudoers. + Sudoers option: umask_override + +## OS dependent notes + +#### HP-UX + +The default C compiler shipped with HP-UX is not an ANSI compiler. +You must use either the HP ANSI C compiler or gcc to build sudo. +Binary packages of gcc are available from http://hpux.connect.org.uk/. + +To prevent PAM from overriding the value of umask on HP-UX 11, +you will need to add a line like the following to /etc/pam.conf: + + sudo session required libpam_hpsec.so.1 bypass_umask + +#### Linux + +PAM and LDAP headers are not installed by default on most Linux +systems. You will need to install the "pam-dev" (rpm) or libpam0g-dev +(deb) package if `/usr/include/security/pam_appl.h` is not present +on your system. If you wish to build with LDAP support you will +also need the "openldap-devel" (rpm) or "libldap2-dev" (deb) package. + +#### macOS + +The pseudo-tty support in the Darwin kernel has bugs related to +its handling of the SIGTSTP, SIGTTIN, and SIGTTOU signals. It does +not restart reads and writes when those signals are delivered. This +may cause problems for some commands when I/O logging is enabled. +The issue has been reported to Apple and is bug id #7952709. + +#### Solaris + +You need to have a C compiler in order to build sudo. Since Solaris +does not come with one by default this means that you either need +to either install the Solaris Studio compiler suite, available for +free from www.oracle.com, or install the GNU C compiler (gcc) which +is can be installed via the pkg utility on Solaris 11 and higher +and is distributed on the Solaris Companion CD for older Solaris +releases. You can also download gcc packages from +http://www.opencsw.org/packages/CSWgcc4core/. diff -Nru sudo-1.9.5p2/LICENSE.md sudo-1.9.9/LICENSE.md --- sudo-1.9.5p2/LICENSE.md 1970-01-01 00:00:00.000000000 +0000 +++ sudo-1.9.9/LICENSE.md 2022-01-27 21:24:22.000000000 +0000 @@ -0,0 +1,347 @@ +Sudo is distributed under the following license: + + Copyright (c) 1994-1996, 1998-2022 + Todd C. Miller + + Permission to use, copy, modify, and distribute this software for any + purpose with or without fee is hereby granted, provided that the above + copyright notice and this permission notice appear in all copies. + + THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR + ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN + ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF + OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + + Sponsored in part by the Defense Advanced Research Projects + Agency (DARPA) and Air Force Research Laboratory, Air Force + Materiel Command, USAF, under agreement number F39502-99-1-0512. + +The Python plugin bindings bear the following license: + + Copyright (c) 2019-2020 Robert Manner + + Permission to use, copy, modify, and distribute this software for any + purpose with or without fee is hereby granted, provided that the above + copyright notice and this permission notice appear in all copies. + + THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR + ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN + ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF + OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + +The files hostcheck.c and hostcheck.h bear the following license: + + Copyright (c) 2020 Laszlo Orban + + Permission to use, copy, modify, and distribute this software for any + purpose with or without fee is hereby granted, provided that the above + copyright notice and this permission notice appear in all copies. + + THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR + ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN + ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF + OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + +The file redblack.c bears the following license: + + Copyright (c) 2001 Emin Martinian + + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that neither the name of Emin + Martinian nor the names of any contributors are be used to endorse or + promote products derived from this software without specific prior + written permission. + + THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR + A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT + OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT + LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, + DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY + THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE + OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + +The file sssd.c bears the following license: + + Copyright (c) 2011 Daniel Kopecek + + This code is derived from software contributed by Aaron Spangler. + + Permission to use, copy, modify, and distribute this software for any + purpose with or without fee is hereby granted, provided that the above + copyright notice and this permission notice appear in all copies. + + THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR + ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN + ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF + OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + +The files bsm_audit.c and bsm_audit.h bear the following license: + + Copyright (c) 2009 Christian S.J. Peron + + Permission to use, copy, modify, and distribute this software for any + purpose with or without fee is hereby granted, provided that the above + copyright notice and this permission notice appear in all copies. + + THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR + ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN + ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF + OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + +The files solaris_audit.c and solaris_audit.h bear the following license: + + Copyright (c) 2014, Oracle and/or its affiliates. + + Permission to use, copy, modify, and distribute this software for any + purpose with or without fee is hereby granted, provided that the above + copyright notice and this permission notice appear in all copies. + + THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR + ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN + ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF + OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + +The file reallocarray.c bears the following license: + + Copyright (c) 2008 Otto Moerbeek + + Permission to use, copy, modify, and distribute this software for any + purpose with or without fee is hereby granted, provided that the above + copyright notice and this permission notice appear in all copies. + + THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR + ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN + ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF + OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + +The files getcwd.c, glob.c, glob.h, snprintf.c and sudo_queue.h bear the +following license: + + Copyright (c) 1989, 1990, 1991, 1993 + The Regents of the University of California. All rights reserved. + + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions + are met: + 1. Redistributions of source code must retain the above copyright + notice, this list of conditions and the following disclaimer. + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + 3. Neither the name of the University nor the names of its contributors + may be used to endorse or promote products derived from this software + without specific prior written permission. + + THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND + ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE + FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + SUCH DAMAGE. + +The file fnmatch.c bears the following license: + + Copyright (c) 2011, VMware, Inc. + All rights reserved. + + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions are met: + * Redistributions of source code must retain the above copyright + notice, this list of conditions and the following disclaimer. + * Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + * Neither the name of the VMware, Inc. nor the names of its contributors + may be used to endorse or promote products derived from this software + without specific prior written permission. + + THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" + AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + ARE DISCLAIMED. IN NO EVENT SHALL VMWARE, INC. OR CONTRIBUTORS BE LIABLE FOR + ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES + (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND + ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF + THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + +The file getopt_long.c bears the following license: + + Copyright (c) 2000 The NetBSD Foundation, Inc. + All rights reserved. + + This code is derived from software contributed to The NetBSD Foundation + by Dieter Baron and Thomas Klausner. + + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions + are met: + 1. Redistributions of source code must retain the above copyright + notice, this list of conditions and the following disclaimer. + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + + THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS + ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED + TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS + BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR + CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + POSSIBILITY OF SUCH DAMAGE. + +The file inet_pton.c bears the following license: + + Copyright (c) 1996 by Internet Software Consortium. + + Permission to use, copy, modify, and distribute this software for any + purpose with or without fee is hereby granted, provided that the above + copyright notice and this permission notice appear in all copies. + + THE SOFTWARE IS PROVIDED "AS IS" AND INTERNET SOFTWARE CONSORTIUM DISCLAIMS + ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES + OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL INTERNET SOFTWARE + CONSORTIUM BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL + DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR + PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS + ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS + SOFTWARE. + +The file arc4random.c bears the following license: + + Copyright (c) 1996, David Mazieres + Copyright (c) 2008, Damien Miller + Copyright (c) 2013, Markus Friedl + Copyright (c) 2014, Theo de Raadt + + Permission to use, copy, modify, and distribute this software for any + purpose with or without fee is hereby granted, provided that the above + copyright notice and this permission notice appear in all copies. + + THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR + ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN + ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF + OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + +The file arc4random_uniform.c bears the following license: + + Copyright (c) 2008, Damien Miller + + Permission to use, copy, modify, and distribute this software for any + purpose with or without fee is hereby granted, provided that the above + copyright notice and this permission notice appear in all copies. + + THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR + ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN + ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF + OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + +The file getentropy.c bears the following license: + + Copyright (c) 2014 Theo de Raadt + Copyright (c) 2014 Bob Beck + + Permission to use, copy, modify, and distribute this software for any + purpose with or without fee is hereby granted, provided that the above + copyright notice and this permission notice appear in all copies. + + THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR + ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN + ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF + OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + +The embedded copy of zlib bears the following license: + + Copyright (C) 1995-2017 Jean-loup Gailly and Mark Adler + + This software is provided 'as-is', without any express or implied + warranty. In no event will the authors be held liable for any damages + arising from the use of this software. + + Permission is granted to anyone to use this software for any purpose, + including commercial applications, and to alter it and redistribute it + freely, subject to the following restrictions: + + 1. The origin of this software must not be misrepresented; you must not + claim that you wrote the original software. If you use this software + in a product, an acknowledgment in the product documentation would be + appreciated but is not required. + 2. Altered source versions must be plainly marked as such, and must not be + misrepresented as being the original software. + 3. This notice may not be removed or altered from any source distribution. + + Jean-loup Gailly Mark Adler + jloup@gzip.org madler@alumni.caltech.edu + +The embedded copy of protobuf-c bears the following license: + + Copyright (c) 2008-2018, Dave Benson and the protobuf-c authors. + All rights reserved. + + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions + are met: + + * Redistributions of source code must retain the above copyright + notice, this list of conditions and the following disclaimer. + + * Redistributions in binary form must reproduce the above + copyright notice, this list of conditions and the following + disclaimer in the documentation and/or other materials + provided with the distribution. + + THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR + A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT + OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT + LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, + DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY + THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE + OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. diff -Nru sudo-1.9.5p2/MANIFEST sudo-1.9.9/MANIFEST --- sudo-1.9.5p2/MANIFEST 2021-01-09 20:12:16.000000000 +0000 +++ sudo-1.9.9/MANIFEST 2022-01-27 21:24:22.000000000 +0000 @@ -1,72 +1,82 @@ ABOUT-NLS ChangeLog -INSTALL INSTALL.configure +INSTALL.md +LICENSE.md MANIFEST Makefile.in NEWS -README -README.LDAP +README.LDAP.md +README.md aclocal.m4 autogen.sh -config.guess config.h.in -config.sub configure configure.ac -doc/CONTRIBUTORS -doc/HISTORY -doc/LICENSE -doc/Makefile.in -doc/TROUBLESHOOTING -doc/UPGRADE -doc/cvtsudoers.man.in -doc/cvtsudoers.mdoc.in -doc/fixman.sh -doc/fixmdoc.sed -doc/schema.ActiveDirectory -doc/schema.OpenLDAP -doc/schema.iPlanet -doc/schema.olcSudo -doc/sudo.conf.man.in -doc/sudo.conf.man.in.sed -doc/sudo.conf.mdoc.in -doc/sudo.man.in -doc/sudo.man.in.sed -doc/sudo.mdoc.in -doc/sudo_logsrv.proto.man.in -doc/sudo_logsrv.proto.mdoc.in -doc/sudo_logsrvd.conf.man.in -doc/sudo_logsrvd.conf.mdoc.in -doc/sudo_logsrvd.man.in -doc/sudo_logsrvd.mdoc.in -doc/sudo_plugin.man.in -doc/sudo_plugin.mdoc.in -doc/sudo_plugin_python.man.in -doc/sudo_plugin_python.mdoc.in -doc/sudo_sendlog.man.in -doc/sudo_sendlog.mdoc.in -doc/sudoers.ldap.man.in -doc/sudoers.ldap.mdoc.in -doc/sudoers.man.in -doc/sudoers.man.in.sed -doc/sudoers.mdoc.in -doc/sudoers_timestamp.man.in -doc/sudoers_timestamp.mdoc.in -doc/sudoreplay.man.in -doc/sudoreplay.mdoc.in -doc/visudo.man.in -doc/visudo.mdoc.in +docker/README +docker/debian/latest/Dockerfile +docker/debian/testing/Dockerfile +docker/fedora/latest/Dockerfile +docker/fedora/rawhide/Dockerfile +docker/ubuntu/devel/Dockerfile +docker/ubuntu/latest/Dockerfile +docker/ubuntu/rolling/Dockerfile +docs/CONTRIBUTING.md +docs/CONTRIBUTORS.md +docs/HISTORY.md +docs/Makefile.in +docs/SECURITY.md +docs/TROUBLESHOOTING.md +docs/UPGRADE.md +docs/cvtsudoers.man.in +docs/cvtsudoers.mdoc.in +docs/fixman.sh +docs/fixmdoc.sed +docs/schema.ActiveDirectory +docs/schema.OpenLDAP +docs/schema.iPlanet +docs/schema.olcSudo +docs/sudo.conf.man.in +docs/sudo.conf.man.in.sed +docs/sudo.conf.mdoc.in +docs/sudo.man.in +docs/sudo.man.in.sed +docs/sudo.mdoc.in +docs/sudo_logsrv.proto.man.in +docs/sudo_logsrv.proto.mdoc.in +docs/sudo_logsrvd.conf.man.in +docs/sudo_logsrvd.conf.mdoc.in +docs/sudo_logsrvd.man.in +docs/sudo_logsrvd.mdoc.in +docs/sudo_plugin.man.in +docs/sudo_plugin.mdoc.in +docs/sudo_plugin_python.man.in +docs/sudo_plugin_python.mdoc.in +docs/sudo_sendlog.man.in +docs/sudo_sendlog.mdoc.in +docs/sudoers.ldap.man.in +docs/sudoers.ldap.mdoc.in +docs/sudoers.man.in +docs/sudoers.man.in.sed +docs/sudoers.mdoc.in +docs/sudoers_timestamp.man.in +docs/sudoers_timestamp.mdoc.in +docs/sudoreplay.man.in +docs/sudoreplay.mdoc.in +docs/visudo.man.in +docs/visudo.mdoc.in etc/codespell.exclude etc/codespell.ignore etc/codespell.skip etc/init.d/aix.sh.in etc/init.d/hpux.sh.in etc/init.d/sudo.conf.in +etc/macos-background.png etc/sudo-logsrvd.pp etc/sudo-python.pp etc/sudo.pp examples/Makefile.in +examples/cvtsudoers.conf examples/pam.conf examples/sudo.conf.in examples/sudo_logsrvd.conf @@ -83,6 +93,7 @@ include/compat/sha2.h include/compat/stdbool.h include/hostcheck.h +include/intercept.pb-c.h include/log_server.pb-c.h include/protobuf-c/protobuf-c.h include/sudo_compat.h @@ -101,22 +112,65 @@ include/sudo_queue.h include/sudo_rand.h include/sudo_util.h -install-sh lib/eventlog/Makefile.in lib/eventlog/eventlog.c +lib/eventlog/eventlog_conf.c +lib/eventlog/eventlog_free.c lib/eventlog/logwrap.c lib/eventlog/regress/logwrap/check_wrap.c lib/eventlog/regress/logwrap/check_wrap.in lib/eventlog/regress/logwrap/check_wrap.out.ok +lib/fuzzstub/Makefile.in +lib/fuzzstub/fuzzstub.c lib/iolog/Makefile.in lib/iolog/host_port.c lib/iolog/hostcheck.c -lib/iolog/iolog_fileio.c +lib/iolog/iolog_clearerr.c +lib/iolog/iolog_close.c +lib/iolog/iolog_conf.c +lib/iolog/iolog_eof.c +lib/iolog/iolog_flush.c +lib/iolog/iolog_gets.c lib/iolog/iolog_json.c lib/iolog/iolog_json.h +lib/iolog/iolog_legacy.c +lib/iolog/iolog_loginfo.c +lib/iolog/iolog_mkdirs.c +lib/iolog/iolog_mkdtemp.c +lib/iolog/iolog_mkpath.c +lib/iolog/iolog_nextid.c +lib/iolog/iolog_open.c +lib/iolog/iolog_openat.c lib/iolog/iolog_path.c +lib/iolog/iolog_read.c +lib/iolog/iolog_seek.c +lib/iolog/iolog_swapids.c +lib/iolog/iolog_timing.c lib/iolog/iolog_util.c -lib/iolog/regress/host_port/host_port_test.c +lib/iolog/iolog_write.c +lib/iolog/regress/corpus/seed/log_json/id.json +lib/iolog/regress/corpus/seed/log_json/ls.json +lib/iolog/regress/corpus/seed/log_json/mailq.json +lib/iolog/regress/corpus/seed/log_json/make.json +lib/iolog/regress/corpus/seed/log_json/pkg_add.json +lib/iolog/regress/corpus/seed/log_json/pkg_delete.json +lib/iolog/regress/corpus/seed/log_json/printenv.json +lib/iolog/regress/corpus/seed/log_legacy/id.log +lib/iolog/regress/corpus/seed/log_legacy/ls.log +lib/iolog/regress/corpus/seed/log_legacy/mailq.log +lib/iolog/regress/corpus/seed/log_legacy/make.log +lib/iolog/regress/corpus/seed/log_legacy/pkg_add.log +lib/iolog/regress/corpus/seed/log_legacy/pkg_delete.log +lib/iolog/regress/corpus/seed/log_legacy/printenv.log +lib/iolog/regress/corpus/seed/timing/timing.1 +lib/iolog/regress/corpus/seed/timing/timing.2 +lib/iolog/regress/corpus/seed/timing/timing.3 +lib/iolog/regress/corpus/seed/timing/timing.4 +lib/iolog/regress/fuzz/fuzz_iolog_json.c +lib/iolog/regress/fuzz/fuzz_iolog_json.dict +lib/iolog/regress/fuzz/fuzz_iolog_legacy.c +lib/iolog/regress/fuzz/fuzz_iolog_timing.c +lib/iolog/regress/host_port/host_port_test.c lib/iolog/regress/iolog_json/check_iolog_json.c lib/iolog/regress/iolog_json/test1.in lib/iolog/regress/iolog_json/test2.in @@ -125,16 +179,18 @@ lib/iolog/regress/iolog_mkpath/check_iolog_mkpath.c lib/iolog/regress/iolog_path/check_iolog_path.c lib/iolog/regress/iolog_path/data -lib/iolog/regress/iolog_util/check_iolog_util.c +lib/iolog/regress/iolog_timing/check_iolog_timing.c lib/logsrv/Makefile.in lib/logsrv/log_server.pb-c.c lib/logsrv/log_server.proto -lib/logsrv/protobuf-c.c +lib/protobuf-c/Makefile.in +lib/protobuf-c/protobuf-c.c lib/util/Makefile.in lib/util/aix.c lib/util/arc4random.c lib/util/arc4random_buf.c lib/util/arc4random_uniform.c +lib/util/basename.c lib/util/cfmakeraw.c lib/util/chacha_private.h lib/util/closefrom.c @@ -162,21 +218,22 @@ lib/util/getusershell.c lib/util/gidlist.c lib/util/glob.c +lib/util/gmtime_r.c lib/util/inet_ntop.c lib/util/inet_pton.c lib/util/isblank.c lib/util/json.c lib/util/key_val.c lib/util/lbuf.c +lib/util/localtime_r.c lib/util/locking.c lib/util/logfac.c lib/util/logpri.c lib/util/memrchr.c lib/util/mkdir_parents.c +lib/util/mkdirat.c lib/util/mksiglist.c -lib/util/mksiglist.h lib/util/mksigname.c -lib/util/mksigname.h lib/util/mktemp.c lib/util/nanosleep.c lib/util/openat.c @@ -186,10 +243,17 @@ lib/util/progname.c lib/util/pw_dup.c lib/util/pwrite.c +lib/util/rcstr.c lib/util/reallocarray.c +lib/util/regress/corpus/seed/sudo_conf/sudo.conf.1 +lib/util/regress/corpus/seed/sudo_conf/sudo.conf.2 +lib/util/regress/corpus/seed/sudo_conf/sudo.conf.3 lib/util/regress/fnmatch/fnm_test.c lib/util/regress/fnmatch/fnm_test.in +lib/util/regress/fuzz/fuzz_sudo_conf.c +lib/util/regress/fuzz/fuzz_sudo_conf.dict lib/util/regress/getdelim/getdelim_test.c +lib/util/regress/getgrouplist/getgids.c lib/util/regress/getgrouplist/getgrouplist_test.c lib/util/regress/glob/files lib/util/regress/glob/globtest.c @@ -237,7 +301,7 @@ lib/util/regress/sudo_parseln/test6.in lib/util/regress/sudo_parseln/test6.out.ok lib/util/regress/tailq/hltq_test.c -lib/util/regress/vsyslog/vsyslog_test.c +lib/util/regress/uuid/uuid_test.c lib/util/roundup.c lib/util/secure_path.c lib/util/setgroups.c @@ -259,14 +323,16 @@ lib/util/sudo_conf.c lib/util/sudo_debug.c lib/util/sudo_dso.c +lib/util/sys_siglist.h +lib/util/sys_signame.h lib/util/term.c +lib/util/timegm.c lib/util/ttyname_dev.c lib/util/ttysize.c lib/util/unlinkat.c lib/util/util.exp.in lib/util/utimens.c lib/util/uuid.c -lib/util/vsyslog.c lib/zlib/Makefile.in lib/zlib/adler32.c lib/zlib/compress.c @@ -302,19 +368,36 @@ logsrvd/logsrvd.c logsrvd/logsrvd.h logsrvd/logsrvd_conf.c +logsrvd/logsrvd_journal.c +logsrvd/logsrvd_local.c +logsrvd/logsrvd_queue.c +logsrvd/logsrvd_relay.c +logsrvd/regress/corpus/seed/logsrvd_conf/logsrvd.conf.1 +logsrvd/regress/corpus/seed/logsrvd_conf/logsrvd.conf.2 +logsrvd/regress/corpus/seed/logsrvd_conf/logsrvd.conf.3 +logsrvd/regress/corpus/seed/logsrvd_conf/logsrvd.conf.4 +logsrvd/regress/corpus/seed/logsrvd_conf/logsrvd.conf.5 +logsrvd/regress/corpus/seed/logsrvd_conf/logsrvd.conf.6 +logsrvd/regress/fuzz/fuzz_logsrvd_conf.c +logsrvd/regress/fuzz/fuzz_logsrvd_conf.dict logsrvd/sendlog.c logsrvd/sendlog.h -ltmain.sh +logsrvd/tls_client.c +logsrvd/tls_common.h +logsrvd/tls_init.c m4/ax_append_flag.m4 m4/ax_check_compile_flag.m4 m4/ax_check_link_flag.m4 m4/ax_func_getaddrinfo.m4 m4/ax_func_snprintf.m4 +m4/ax_prog_cc_for_build.m4 m4/libtool.m4 m4/ltoptions.m4 m4/ltsugar.m4 m4/ltversion.m4 m4/lt~obsolete.m4 +m4/python.m4 +m4/runlog.m4 m4/sudo.m4 pathnames.h.in plugins/audit_json/Makefile.in @@ -333,6 +416,7 @@ plugins/python/example_group_plugin.py plugins/python/example_io_plugin.py plugins/python/example_policy_plugin.py +plugins/python/lsan_suppr.txt plugins/python/pyhelpers.c plugins/python/pyhelpers.h plugins/python/pyhelpers_cpychecker.h @@ -459,16 +543,20 @@ plugins/sudoers/auth/sia.c plugins/sudoers/auth/sudo_auth.c plugins/sudoers/auth/sudo_auth.h -plugins/sudoers/base64.c +plugins/sudoers/b64_decode.c +plugins/sudoers/b64_encode.c plugins/sudoers/boottime.c plugins/sudoers/bsm_audit.c plugins/sudoers/bsm_audit.h plugins/sudoers/check.c plugins/sudoers/check.h +plugins/sudoers/check_aliases.c plugins/sudoers/cvtsudoers.c plugins/sudoers/cvtsudoers.h +plugins/sudoers/cvtsudoers_csv.c plugins/sudoers/cvtsudoers_json.c plugins/sudoers/cvtsudoers_ldif.c +plugins/sudoers/cvtsudoers_merge.c plugins/sudoers/cvtsudoers_pwutil.c plugins/sudoers/def_data.c plugins/sudoers/def_data.h @@ -484,12 +572,12 @@ plugins/sudoers/filedigest.c plugins/sudoers/find_path.c plugins/sudoers/fmtsudoers.c +plugins/sudoers/fmtsudoers_cvt.c plugins/sudoers/gc.c plugins/sudoers/gentime.c plugins/sudoers/getdate.c plugins/sudoers/getdate.y plugins/sudoers/getspwuid.c -plugins/sudoers/gmtoff.c plugins/sudoers/goodpath.c plugins/sudoers/gram.c plugins/sudoers/gram.h @@ -539,6 +627,8 @@ plugins/sudoers/po/el.po plugins/sudoers/po/eo.mo plugins/sudoers/po/eo.po +plugins/sudoers/po/es.mo +plugins/sudoers/po/es.po plugins/sudoers/po/eu.mo plugins/sudoers/po/eu.po plugins/sudoers/po/fi.mo @@ -597,12 +687,19 @@ plugins/sudoers/pwutil.c plugins/sudoers/pwutil.h plugins/sudoers/pwutil_impl.c -plugins/sudoers/rcstr.c plugins/sudoers/redblack.c plugins/sudoers/redblack.h plugins/sudoers/regress/check_symbols/check_symbols.c +plugins/sudoers/regress/corpus/seed/policy/policy.1 +plugins/sudoers/regress/corpus/seed/policy/policy.2 +plugins/sudoers/regress/corpus/seed/policy/policy.3 +plugins/sudoers/regress/corpus/seed/policy/policy.4 +plugins/sudoers/regress/corpus/seed/policy/policy.5 plugins/sudoers/regress/cvtsudoers/sudoers plugins/sudoers/regress/cvtsudoers/sudoers.defs +plugins/sudoers/regress/cvtsudoers/sudoers1 +plugins/sudoers/regress/cvtsudoers/sudoers2 +plugins/sudoers/regress/cvtsudoers/sudoers3 plugins/sudoers/regress/cvtsudoers/test1.out.ok plugins/sudoers/regress/cvtsudoers/test1.sh plugins/sudoers/regress/cvtsudoers/test10.out.ok @@ -662,6 +759,12 @@ plugins/sudoers/regress/cvtsudoers/test32.sh plugins/sudoers/regress/cvtsudoers/test33.out.ok plugins/sudoers/regress/cvtsudoers/test33.sh +plugins/sudoers/regress/cvtsudoers/test34.out.ok +plugins/sudoers/regress/cvtsudoers/test34.sh +plugins/sudoers/regress/cvtsudoers/test35.out.ok +plugins/sudoers/regress/cvtsudoers/test35.sh +plugins/sudoers/regress/cvtsudoers/test36.out.ok +plugins/sudoers/regress/cvtsudoers/test36.sh plugins/sudoers/regress/cvtsudoers/test4.out.ok plugins/sudoers/regress/cvtsudoers/test4.sh plugins/sudoers/regress/cvtsudoers/test5.out.ok @@ -674,9 +777,18 @@ plugins/sudoers/regress/cvtsudoers/test8.sh plugins/sudoers/regress/cvtsudoers/test9.out.ok plugins/sudoers/regress/cvtsudoers/test9.sh +plugins/sudoers/regress/editor/check_editor.c plugins/sudoers/regress/env_match/check_env_pattern.c plugins/sudoers/regress/env_match/data plugins/sudoers/regress/exptilde/check_exptilde.c +plugins/sudoers/regress/fuzz/fuzz_policy.c +plugins/sudoers/regress/fuzz/fuzz_policy.dict +plugins/sudoers/regress/fuzz/fuzz_stubs.c +plugins/sudoers/regress/fuzz/fuzz_sudoers.c +plugins/sudoers/regress/fuzz/fuzz_sudoers.dict +plugins/sudoers/regress/fuzz/fuzz_sudoers.out.ok +plugins/sudoers/regress/fuzz/fuzz_sudoers_ldif.c +plugins/sudoers/regress/fuzz/fuzz_sudoers_ldif.dict plugins/sudoers/regress/iolog_plugin/check_iolog_plugin.c plugins/sudoers/regress/parser/check_addr.c plugins/sudoers/regress/parser/check_addr.in @@ -771,22 +883,36 @@ plugins/sudoers/regress/sudoers/test22.ldif.ok plugins/sudoers/regress/sudoers/test22.ldif2sudo.ok plugins/sudoers/regress/sudoers/test22.out.ok -plugins/sudoers/regress/sudoers/test22.sudo.ok plugins/sudoers/regress/sudoers/test22.toke.ok plugins/sudoers/regress/sudoers/test23.in plugins/sudoers/regress/sudoers/test23.json.ok plugins/sudoers/regress/sudoers/test23.ldif.ok plugins/sudoers/regress/sudoers/test23.ldif2sudo.ok plugins/sudoers/regress/sudoers/test23.out.ok -plugins/sudoers/regress/sudoers/test23.sudo.ok plugins/sudoers/regress/sudoers/test23.toke.ok plugins/sudoers/regress/sudoers/test24.in plugins/sudoers/regress/sudoers/test24.json.ok plugins/sudoers/regress/sudoers/test24.ldif.ok plugins/sudoers/regress/sudoers/test24.ldif2sudo.ok plugins/sudoers/regress/sudoers/test24.out.ok -plugins/sudoers/regress/sudoers/test24.sudo.ok plugins/sudoers/regress/sudoers/test24.toke.ok +plugins/sudoers/regress/sudoers/test25.in +plugins/sudoers/regress/sudoers/test25.json.ok +plugins/sudoers/regress/sudoers/test25.ldif.ok +plugins/sudoers/regress/sudoers/test25.out.ok +plugins/sudoers/regress/sudoers/test25.toke.ok +plugins/sudoers/regress/sudoers/test26.in +plugins/sudoers/regress/sudoers/test26.json.ok +plugins/sudoers/regress/sudoers/test26.ldif.ok +plugins/sudoers/regress/sudoers/test26.ldif2sudo.ok +plugins/sudoers/regress/sudoers/test26.out.ok +plugins/sudoers/regress/sudoers/test26.toke.ok +plugins/sudoers/regress/sudoers/test27.in +plugins/sudoers/regress/sudoers/test27.json.ok +plugins/sudoers/regress/sudoers/test27.ldif.ok +plugins/sudoers/regress/sudoers/test27.ldif2sudo.ok +plugins/sudoers/regress/sudoers/test27.out.ok +plugins/sudoers/regress/sudoers/test27.toke.ok plugins/sudoers/regress/sudoers/test3.in plugins/sudoers/regress/sudoers/test3.json.ok plugins/sudoers/regress/sudoers/test3.ldif.ok @@ -839,6 +965,10 @@ plugins/sudoers/regress/testsudoers/test14.sh plugins/sudoers/regress/testsudoers/test15.out.ok plugins/sudoers/regress/testsudoers/test15.sh +plugins/sudoers/regress/testsudoers/test16.out.ok +plugins/sudoers/regress/testsudoers/test16.sh +plugins/sudoers/regress/testsudoers/test17.out.ok +plugins/sudoers/regress/testsudoers/test17.sh plugins/sudoers/regress/testsudoers/test2.inc plugins/sudoers/regress/testsudoers/test2.out.ok plugins/sudoers/regress/testsudoers/test2.sh @@ -856,6 +986,7 @@ plugins/sudoers/regress/testsudoers/test8.sh plugins/sudoers/regress/testsudoers/test9.out.ok plugins/sudoers/regress/testsudoers/test9.sh +plugins/sudoers/regress/unescape/check_unesc.c plugins/sudoers/regress/visudo/test1.out.ok plugins/sudoers/regress/visudo/test1.sh plugins/sudoers/regress/visudo/test10.out.ok @@ -884,8 +1015,10 @@ plugins/sudoers/solaris_audit.h plugins/sudoers/sssd.c plugins/sudoers/starttime.c +plugins/sudoers/strlcpy_unesc.c plugins/sudoers/strlist.c plugins/sudoers/strlist.h +plugins/sudoers/strvec_join.c plugins/sudoers/stubs.c plugins/sudoers/sudo_ldap.h plugins/sudoers/sudo_ldap_conf.h @@ -898,9 +1031,11 @@ plugins/sudoers/sudoers.in plugins/sudoers/sudoers_debug.c plugins/sudoers/sudoers_debug.h +plugins/sudoers/sudoers_hooks.c plugins/sudoers/sudoers_version.h plugins/sudoers/sudoreplay.c plugins/sudoers/testsudoers.c +plugins/sudoers/testsudoers_pwutil.c plugins/sudoers/timeout.c plugins/sudoers/timestamp.c plugins/sudoers/timestr.c @@ -932,6 +1067,8 @@ po/es.po po/eu.mo po/eu.po +po/fa.mo +po/fa.po po/fi.mo po/fi.po po/fr.mo @@ -985,8 +1122,12 @@ po/zh_CN.po po/zh_TW.mo po/zh_TW.po +scripts/config.guess +scripts/config.sub scripts/generate_test_coverage.sh +scripts/install-sh scripts/log2cl.pl +scripts/ltmain.sh scripts/mkdep.pl scripts/mkinstalldirs scripts/mkpkg @@ -999,11 +1140,16 @@ src/env_hooks.c src/exec.c src/exec_common.c +src/exec_intercept.c src/exec_monitor.c src/exec_nopty.c +src/exec_preload.c src/exec_pty.c src/get_pty.c src/hooks.c +src/intercept.exp.in +src/intercept.pb-c.c +src/intercept.proto src/limits.c src/load_plugins.c src/net_ifs.c @@ -1011,6 +1157,7 @@ src/parse_args.c src/preload.c src/preserve_fds.c +src/regress/net_ifs/check_net_ifs.c src/regress/noexec/check_noexec.c src/regress/ttyname/check_ttyname.c src/selinux.c @@ -1022,6 +1169,8 @@ src/sudo_edit.c src/sudo_edit.h src/sudo_exec.h +src/sudo_intercept.c +src/sudo_intercept_common.c src/sudo_noexec.c src/sudo_plugin_int.h src/sudo_usage.h.in diff -Nru sudo-1.9.5p2/Makefile.in sudo-1.9.9/Makefile.in --- sudo-1.9.5p2/Makefile.in 2021-01-09 20:12:16.000000000 +0000 +++ sudo-1.9.9/Makefile.in 2022-01-27 21:24:22.000000000 +0000 @@ -1,7 +1,7 @@ # # SPDX-License-Identifier: ISC # -# Copyright (c) 2010-2015, 2017-2020 Todd C. Miller +# Copyright (c) 2010-2015, 2017-2021 Todd C. Miller # # Permission to use, copy, modify, and distribute this software for any # purpose with or without fee is hereby granted, provided that the above @@ -56,10 +56,10 @@ # Version of python detected by configure (major.minor) python_version = @PYTHON_VERSION@ -SUBDIRS = lib/util @ZLIB_SRC@ lib/eventlog lib/iolog @LOGSRV_SRC@ \ - @LOGSRVD_SRC@ plugins/audit_json plugins/group_file \ - plugins/sample_approval plugins/sudoers plugins/system_group \ - @PYTHON_PLUGIN_SRC@ src include doc examples +SUBDIRS = lib/util @ZLIB_SRC@ lib/eventlog lib/fuzzstub lib/iolog \ + lib/protobuf-c @LOGSRV_SRC@ @LOGSRVD_SRC@ plugins/audit_json \ + plugins/group_file plugins/sample_approval plugins/sudoers \ + plugins/system_group @PYTHON_PLUGIN_SRC@ src include docs examples SAMPLES = plugins/sample @@ -72,7 +72,7 @@ SED = @SED@ -INSTALL = $(SHELL) $(top_srcdir)/install-sh -c +INSTALL = $(SHELL) $(scriptdir)/install-sh -c INSTALL_OWNER = -o $(install_uid) -g $(install_gid) ECHO_N = @ECHO_N@ @@ -110,7 +110,7 @@ exit $$?; \ done -check pre-install: config.status +check check-fuzzer fuzz pre-install: config.status for d in $(SUBDIRS); do \ (cd $$d && exec $(MAKE) $@) && continue; \ exit $$?; \ @@ -174,7 +174,7 @@ fi; \ plog-converter $(PVS_LOG_OPTS) $$files -install-dirs install-binaries install-includes install-plugin: config.status pre-install +install-dirs install-binaries install-fuzzer install-includes install-plugin: config.status pre-install for d in $(SUBDIRS); do \ (cd $$d && exec $(MAKE) "INSTALL_OWNER=$(INSTALL_OWNER)" $@) && continue; \ exit $$?; \ @@ -210,17 +210,20 @@ depend: siglist.c signame.c $(scriptdir)/mkdep.pl \ --srcdir=$(abs_top_srcdir) --builddir=$(abs_top_builddir) \ - lib/util/Makefile.in lib/zlib/Makefile.in lib/eventlog/Makefile.in \ + lib/util/Makefile.in lib/zlib/Makefile.in \ + lib/fuzzstub/Makefile.in lib/eventlog/Makefile.in \ lib/iolog/Makefile.in lib/logsrv/Makefile.in logsrvd/Makefile.in \ - plugins/group_file/Makefile.in plugins/sample/Makefile.in \ - plugins/sudoers/Makefile.in plugins/system_group/Makefile.in \ - plugins/python/Makefile.in \ + lib/protobuf-c/Makefile.in plugins/group_file/Makefile.in \ + plugins/sample/Makefile.in plugins/sudoers/Makefile.in \ + plugins/system_group/Makefile.in plugins/python/Makefile.in \ src/Makefile.in && \ $(top_builddir)/config.status --file $(top_builddir)/lib/util/Makefile \ --file $(top_builddir)/lib/zlib/Makefile \ --file $(top_builddir)/lib/eventlog/Makefile \ + --file $(top_builddir)/lib/fuzzstub/Makefile \ --file $(top_builddir)/lib/iolog/Makefile \ --file $(top_builddir)/lib/logsrv/Makefile \ + --file $(top_builddir)/lib/protobuf-c/Makefile \ --file $(top_builddir)/logsrvd/Makefile \ --file $(top_builddir)/plugins/sample/Makefile \ --file $(top_builddir)/plugins/group_file/Makefile \ @@ -238,7 +241,7 @@ fi; \ elif test -d $(srcdir)/.git; then \ $(scriptdir)/log2cl.pl -R $(srcdir)/.git > $(srcdir)/$@; \ - else \ + elif test ! -f $(srcdir)/$@; then \ echo "ChangeLog data not available" > $(srcdir)/$@; \ fi @@ -381,6 +384,7 @@ $(MAKE) install INSTALL_OWNER= DESTDIR=$$DESTDIR && \ for p in @PPFILES@; do \ $(SHELL) $(scriptdir)/pp $(PPFLAGS) --destdir=$$DESTDIR $$p \ + srcdir=$(top_srcdir) \ prefix=$(prefix) \ bindir=$(bindir) \ sbindir=$(sbindir) \ @@ -435,4 +439,5 @@ echo "What? Make it yourself!"; \ fi -.PHONY: ChangeLog me a sandwhich check-format reformat +.PHONY: clean mostlyclean distclean cleandir clobber realclean ChangeLog \ + me a sandwhich check-format reformat diff -Nru sudo-1.9.5p2/NEWS sudo-1.9.9/NEWS --- sudo-1.9.5p2/NEWS 2021-01-23 15:45:11.000000000 +0000 +++ sudo-1.9.9/NEWS 2022-01-27 21:25:46.000000000 +0000 @@ -1,3 +1,433 @@ +What's new in Sudo 1.9.9 + + * Sudo can now be built with OpenSSL 3.0 without generating warnings + about deprecated OpenSSL APIs. + + * A digest can now be specified along with the "ALL" command in + the LDAP and SSSD back-ends. Sudo 1.9.0 introduced support for + this in the sudoers file but did not include corresponding changes + for the other back-ends. + + * visudo now only warns about an undefined alias or a cycle in an + alias once for each alias. + + * The sudoRole cn was truncated by a single character in warning messages. + GitHub issue #115. + + * The cvtsudoers utility has new --group-file and --passwd-file options + to use a custom passwd or group file when the --match-local option is + also used. + + * The cvtsudoers utility can now filter or match based on a command. + + * The cvtsudoers utility can now produce output in csv (comma-separated + value) format. This can be used to help generate entitlement reports. + + * Fixed a bug in sudo_logsrvd that could result in the connection being + dropped for very long command lines. + + * Fixed a bug where sudo_logsrvd would not accept a restore point + of zero. + + * Fixed a bug in visudo where the value of the "editor" setting was not + used if it did not match the user's EDITOR environment variable. + This was only a problem if the "env_editor" setting was not enabled. + Bug #1000. + + * Sudo now builds with the -fcf-protection compiler option and the + "-z now" linker option if supported. + + * The output of "sudoreplay -l" now more closely matches the + traditional sudo log format. + + * The sudo_sendlog utility will now use the full contents of the log.json + file, if present. This makes it possible to send sudo-format I/O logs + that use the newer log.json format to sudo_logsrvd without losing any + information. + + * Fixed compilation of the arc4random_buf() replacement on systems with + arc4random() but no arc4random_buf(). Bug #1008. + + * Sudo now uses its own getentropy() by default on Linux. The GNU libc + version of getentropy() will fail on older kernels that don't support + the getrandom() system call. + + * It is now possible to build sudo with WolfSSL's OpenSSL compatibility + layer by using the --enable-wolfssl configure option. + + * Fixed a bug related to Daylight Saving Time when parsing timestamps + in Generalized Time format. This affected the NOTBEFORE and + NOTAFTER options in sudoers. Bug #1006 + + * Added the -O and -P options to visudo, which can be used to check + or set the owner and permissions. This can be used in conjunction + with the -c option to check that the sudoers file ownership and + permissions are correct. Bug #1007. + + * It is now possible to set resource limits in the sudoers file itself. + The special values "default" and "user" refer to the default system + limit and invoking user limit respectively. The core dump size limit + is now set to 0 by default unless overridden by the sudoers file. + + * The cvtsudoers utility can now merge multiple sudoers sources into + a single, combined sudoers file. If there are conflicting entries, + cvtsudoers will attempt to resolve them but manual intervention + may be required. The merging of sudoers rules is currently fairly + simplistic but will be improved in a future release. + + * Sudo was parsing but not applying the "deref" and "tls_reqcert" + ldap.conf settings. This meant the options were effectively + ignored which broke dereferencing of aliases in LDAP. Bug #1013. + + * Clarified in the sudo man page that the security policy may + override the user's PATH environment variable. Bug #1014. + + * When sudo is run in non-interactive mode (with the -n option), it + will now attempt PAM authentication and only exit with an error + if user interaction is required. This allows PAM modules that + don't interact with the user to succeed. Previously, sudo + would not attempt authentication if the -n option was specified. + Bug #956 and GitHub issue #83. + + * Fixed a regression introduced in version 1.9.1 when sudo is + built with the --with-fqdn configure option. The local host + name was being resolved before the sudoers file was processed, + making it impossible to disable DNS lookups by negating the + "fqdn" sudoers option. Bug #1016. + + * Added support for negated sudoUser attributes in the LDAP and + SSSD sudoers back ends. A matching sudoUser that is negated + will cause the sudoRole containing it to be ignored. + + * Fixed a bug where the stack resource limit could be set to a + value smaller than that of the invoking user and not be reset + before the command was run. Bug #1017. + +What's new in Sudo 1.9.8p2 + + * Fixed a potential out-of-bounds read with "sudo -i" when the + target user's shell is bash. This is a regression introduced + in sudo 1.9.8. Bug #998. + + * sudo_logsrvd now only sends a log ID for first command of a session. + There is no need to send the log ID for each sub-command. + + * Fixed a few minor memory leaks in intercept mode. + + * Fixed a problem with sudo_logsrvd in relay mode if "store_first" + was enabled when handling sub-commands. A new zero-length journal + file was created for each sub-command instead of simply using + the existing journal file. + + * Fixed a bug where sudoedit would fail if one of the directories + in the path to be edited had the immutable flag set (BSD, Linux + or macOS). GitHub issue #122. + +What's new in Sudo 1.9.8p1 + + * Fixed support for passing a prompt (sudo -p) or a login class + (sudo -c) on the command line. This is a regression introduced + in sudo 1.9.8. Bug #993. + + * Fixed a crash with "sudo ALL" rules in the LDAP and SSSD back-ends. + This is a regression introduced in sudo 1.9.8. Bug #994. + + * Fixed a compilation error when the --enable-static-sudoers configure + option was specified. This is a regression introduced in sudo + 1.9.8 caused by a symbol clash with the intercept and log server + protobuf functions. + +What's new in Sudo 1.9.8 + + * It is now possible to transparently intercepting sub-commands + executed by the original command run via sudo. Intercept support + is implemented using LD_PRELOAD (or the equivalent supported by + the system) and so has some limitations. The two main limitations + are that only dynamic executables are supported and only the + execl, execle, execlp, execv, execve, execvp, and execvpe library + functions are currently intercepted. Its main use case is to + support restricting privileged shells run via sudo. + + To support this, there is a new "intercept" Defaults setting and + an INTERCEPT command tag that can be used in sudoers. For example: + + Cmnd_Alias SHELLS=/bin/bash, /bin/sh, /bin/csh, /bin/ksh, /bin/zsh + Defaults!SHELLS intercept + + would cause sudo to run the listed shells in intercept mode. + This can also be set on a per-rule basis. For example: + + Cmnd_Alias SHELLS=/bin/bash, /bin/sh, /bin/csh, /bin/ksh, /bin/zsh + chuck ALL = INTERCEPT: SHELLS + + would only apply intercept mode to user "chuck" when running one + of the listed shells. + + In intercept mode, sudo will not prompt for a password before + running a sub-command and will not allow a set-user-ID or + set-group-ID program to be run by default. The new + intercept_authenticate and intercept_allow_setid sudoers settings + can be used to change this behavior. + + * The new "log_subcmds" sudoers setting can be used to log additional + commands run in a privileged shell. It uses the same mechanism as + the intercept support described above and has the same limitations. + + * The new "log_exit_status" sudoers setting can be used to log + the exit status commands run via sudo. This is also a corresponding + "log_exit" setting in the sudo_logsrvd.conf eventlog stanza. + + * Support for logging sudo_logsrvd errors via syslog or to a file. + Previously, most sudo_logsrvd errors were only visible in the + debug log. + + * Better diagnostics when there is a TLS certificate validation error. + + * Using the "+=" or "-=" operators in a Defaults setting that takes + a string, not a list, now produces a warning from sudo and a + syntax error from inside visudo. + + * Fixed a bug where the "iolog_mode" setting in sudoers and sudo_logsrvd + had no effect when creating I/O log parent directories if the I/O log + file name ended with the string "XXXXXX". + + * Fixed a bug in the sudoers custom prompt code where the size + parameter that was passed to the strlcpy() function was incorrect. + No overflow was possible since the correct amount of memory was + already pre-allocated. + + * The mksigname and mksiglist helper programs are now built with + the host compiler, not the target compiler, when cross-compiling. + Bug #989. + + * Fixed compilation error when the --enable-static-sudoers configure + option was specified. This was due to a typo introduced in sudo + 1.9.7. GitHub PR #113. + +What's new in Sudo 1.9.7p2 + + * When formatting JSON output, octal numbers are now stored as + strings, not numbers. The JSON spec does not actually support + octal numbers with a '0' prefix. + + * Fixed a compilation issue on Solaris 9. + + * Sudo now can handle the getgroups() function returning a different + number of groups for subsequent invocations. GitHub PR #106. + + * When loading a Python plugin, python_plugin.so now verifies + that the module loaded matches the one we tried to load. This + allows sudo to display a more useful error message when trying + to load a plugin with a name that conflicts with a Python module + installed in the system location. + + * Sudo no longer sets the the open files resource limit to "unlimited" + while it runs. This avoids a problem where sudo's closefrom() + emulation would need to close a very large number of descriptors + on systems without a way to determine which ones are actually open. + + * Sudo now includes a configure check for va_copy or __va_copy and + only defines its own version if the configure test fails. + + * Fixed a bug in sudo's utmp file handling which prevented old + entries from being reused. As a result, the utmp (or utmpx) + file was appended to unnecessarily. GitHub PR #108. + + * Fixed a bug introduced in sudo 1.9.7 that prevented sudo_logsrvd + from accepting TLS connections when OpenSSL is used. Bug #988. + +What's new in Sudo 1.9.7p1 + + * Fixed an SELinux sudoedit bug when the edited temporary file + could not be opened. The sesh helper would still be run even + when there are no temporary files available to install. + + * Fixed a compilation problem on FreeBSD. + + * The sudo_noexec.so file is now built as a module on all systems + other than macOS. This makes it possible to use other libtool + implementations such as slibtool. On macOS shared libraries and + modules are not interchangeable and the version of libtool shipped + with sudo must be used. + + * Fixed a few bugs in the getgrouplist() emulation on Solaris when + reading from the local group file. + + * Fixed a bug in sudo_logsrvd that prevented periodic relay server + connection retries from occurring in "store_first" mode. + + * Disabled the nss_search()-based getgrouplist() emulation on HP-UX + due to a crash when the group source is set to "compat" in + /etc/nsswitch.conf. This is probably due to a mismatch between + include/compat/nss_dbdefs.h and what HP-UX uses internally. On + HP-UX we now just cycle through groups the slow way using + getgrent(). Bug #978. + +What's new in Sudo 1.9.7 + + * The "fuzz" Makefile target now runs all the fuzzers for 8192 + passes (can be overridden via the FUZZ_RUNS variable). This makes + it easier to run the fuzzers in-tree. To run a fuzzer indefinitely, + set FUZZ_RUNS=-1, e.g. "make FUZZ_RUNS=-1 fuzz". + + * Fixed fuzzing on FreeBSD where the ld.lld linker returns an + error by default when a symbol is multiply-defined. + + * Added support for determining local IPv6 addresses on systems + that lack the getifaddrs() function. This now works on AIX, + HP-UX and Solaris (at least). Bug #969. + + * Fixed a bug introduced in sudo 1.9.6 that caused "sudo -V" to + report a usage error. Also, when invoked as sudoedit, sudo now + allows a more restricted set of options that matches the usage + statement and documentation. GitHub issue #95. + + * Fixed a crash in sudo_sendlog when the specified certificate + or key does not exist or is invalid. Bug #970 + + * Fixed a compilation error when sudo is configured with the + --disable-log-client option. + + * Sudo's limited support for SUCCESS=return entries in nsswitch.conf + is now documented. Bug #971. + + * Sudo now requires autoconf 2.70 or higher to regenerate the + configure script. Bug #972. + + * sudo_logsrvd now has a relay mode which can be used to create + a hierarchy of log servers. By default, when a relay server is + defined, messages from the client are forwarded immediately to + the relay. However, if the "store_first" setting is enabled, + the log will be stored locally until the command completes and + then relayed. Bug #965. + + * Sudo now links with OpenSSL by default if it is available unless + the --disable-openssl configure option is used or both the + --disable-log-client and --disable-log-server configure options + are specified. + + * Fixed configure's Python version detection when the version minor + number is more than a single digit, for example Python 3.10. + + * The sudo Python module tests now pass for Python 3.10. + + * Sudo will now avoid changing the datasize resource limit + as long as the existing value is at least 1GB. This works around + a problem on 64-bit HP-UX where it is not possible to exactly + restore the original datasize limit. Bug #973. + + * Fixed a race condition that could result in a hang when sudo is + executed by a process where the SIGCHLD handler is set to SIG_IGN. + This fixes the bug described by GitHub PR #98. + + * Fixed an out-of-bounds read in sudoedit and visudo when the + EDITOR, VISUAL or SUDO_EDITOR environment variables end in an + unescaped backslash. Also fixed the handling of quote characters + that are escaped by a backslash. GitHub issue #99. + + * Fixed a bug that prevented the "log_server_verify" sudoers option + from taking effect. + + * The sudo_sendlog utility has a new -s option to cause it to stop + sending I/O records after a user-specified elapsed time. This + can be used to test the I/O log restart functionality of sudo_logsrvd. + + * Fixed a crash introduced in sudo 1.9.4 in sudo_logsrvd when + attempting to restart an interrupted I/O log transfer. + + * The TLS connection timeout in the sudoers log client was previously + hard-coded to 10 seconds. It now uses the value of log_server_timeout. + + * The configure script now outputs a summary of the user-configurable + options at the end, separate from output of configure script tests. + Bug #820. + + * Corrected the description of which groups may be specified via the + -g option in the Runas_Spec section. Bug #975. + +What's new in Sudo 1.9.6p1 + + * Fixed a regression introduced in sudo 1.9.6 that resulted in an + error message instead of a usage message when sudo is run with + no arguments. + +What's new in Sudo 1.9.6 + + * Fixed a sudo_sendlog compilation problem with the AIX xlC compiler. + + * Fixed a regression introduced in sudo 1.9.4 where the + --disable-root-mailer configure option had no effect. + + * Added a --disable-leaks configure option that avoids some + memory leaks on exit that would otherwise occur. This is intended + to be used with development tools that measure memory leaks. It + is not safe to use in production at this time. + + * Plugged some memory leaks identified by oss-fuzz and ASAN. + + * Fixed the handling of sudoOptions for an LDAP sudoRole that + contains multiple sudoCommands. Previously, some of the options + would only be applied to the first sudoCommand. + + * Fixed a potential out of bounds read in the parsing of NOTBEFORE + and NOTAFTER sudoers command options (and their LDAP equivalents). + + * The parser used for reading I/O log JSON files is now more + resilient when processing invalid JSON. + + * Fixed typos that prevented "make uninstall" from working. + GitHub issue #87. + + * Fixed a regression introduced in sudo 1.9.4 where the last line + in a sudoers file might not have a terminating NUL character + added if no newline was present. + + * Integrated oss-fuzz and LLVM's libFuzzer with sudo. The new + --enable-fuzzer configure option can be combined with the + --enable-sanitizer option to build sudo with fuzzing support. + Multiple fuzz targets are available for fuzzing different parts + of sudo. Fuzzers are built and tested via "make fuzz" or as part + of "make check" (even when sudo is not built with fuzzing support). + Fuzzing support currently requires the LLVM clang compiler (not gcc). + + * Fixed the --enable-static-sudoers configure option. + GitHub issue #92. + + * Fixed a potential out of bounds read sudo when is run by a user + with more groups than the value of "max_groups" in sudo.conf. + + * Added an "admin_flag" sudoers option to make the use of the + ~/.sudo_as_admin_successful file configurable on systems where + sudo is build with the --enable-admin-flag configure option. + This mostly affects Ubuntu and its derivatives. GitHub issue #56. + + * The "max_groups" setting in sudo.conf is now limited to 1024. + This setting is obsolete and should no longer be needed. + + * Fixed a bug in the tilde expansion of "CHROOT=dir" and "CWD=dir" + sudoers command options. A path "~/foo" was expanded to + "/home/userfoo" instead of "/home/user/foo". This also affects + the runchroot and runcwd Defaults settings. + + * Fixed a bug on systems without a native getdelim(3) function + where very long lines could cause parsing of the sudoers file + to end prematurely. Bug #960. + + * Fixed a potential integer overflow when converting the + timestamp_timeout and passwd_timeout sudoers settings to a + timespec struct. + + * The default for the "group_source" setting in sudo.conf is now + "dynamic" on macOS. Recent versions of macOS do not reliably + return all of a user's non-local groups via getgroups(2), even + when _DARWIN_UNLIMITED_GETGROUPS is defined. Bug #946. + + * Fixed a potential use-after-free in the PAM conversation function. + Bug #967. + + * Fixed potential redefinition of sys/stat.h macros in sudo_compat.h. + Bug #968. + What's new in Sudo 1.9.5p2 * Fixed sudo's setprogname(3) emulation on systems that don't @@ -546,7 +976,7 @@ those users. * Fixed a problem restoring the SELinux tty context during reboot - if mctransd is killed before sudo finishes. GitHub Issue #17. + if mctransd is killed before sudo finishes. GitHub issue #17. * Fixed an intermittent warning on NetBSD when sudo restores the initial stack size limit. diff -Nru sudo-1.9.5p2/README sudo-1.9.9/README --- sudo-1.9.5p2/README 2020-12-17 01:33:43.000000000 +0000 +++ sudo-1.9.9/README 1970-01-01 00:00:00.000000000 +0000 @@ -1,84 +0,0 @@ -The sudo philosophy -=================== -Sudo is a program designed to allow a sysadmin to give limited root privileges -to users and log root activity. The basic philosophy is to give as few -privileges as possible but still allow people to get their work done. - -Where to find sudo -================== -Before you try and build sudo, *please* make sure you have the current -version. The latest sudo may always be gotten via anonymous ftp from -ftp.sudo.ws in the directory /pub/sudo/ or from the sudo web site, -https://www.sudo.ws/ - -The distribution is sudo-M.m.tar.gz where `M' is the major version -number and `m' is the minor version number. BETA versions of sudo may -also be available. If you join the `sudo-workers' mailing list you -will get the BETA announcements (see the `Mailing lists' section below). - -What's new -========== -See the NEWS file for a list of major changes in this release. -For a complete list of changes, see the ChangeLog file. For a -summary of major changes to the current stable release, see the web -page, https://www.sudo.ws/stable.html. - -If you are upgrading from an earlier version of Sudo, please see -the UPGRADE file in the doc directory. - -For a history of sudo please see the HISTORY file in the doc directory. -You can find a list of contributors to sudo in the doc/CONTRIBUTORS file. - -Building the release -==================== -Please read the installation guide in the `INSTALL' file before trying to -build sudo. Pay special attention to the "OS dependent notes" section. - -Copyright -========= -Sudo is distributed under an ISC-style license. -Please refer to the `LICENSE' file included with the release for details. - -Mailing lists -============= -sudo-announce This list receives announcements whenever a new version - of sudo is released. - https://www.sudo.ws/mailman/listinfo/sudo-announce - -sudo-blog This list receives a message when a new sudo blog - article is available. - https://www.sudo.ws/mailman/listinfo/sudo-blog - -sudo-commits This list receives a message for each commit made to - the sudo source repository. - https://www.sudo.ws/mailman/listinfo/sudo-commits - -sudo-users This list is for questions and general discussion about sudo. - https://www.sudo.ws/mailman/listinfo/sudo-users - -sudo-workers This list is for people working on and porting sudo. - https://www.sudo.ws/mailman/listinfo/sudo-workers - -To subscribe to a list, visit its url (as listed above) and enter -your email address to subscribe. Digest versions are available but -these are fairly low traffic lists so the digest versions are not -a significant win. - -Mailing list archives are also available. See the mailing list web sites -for the appropriate links. - -Web page -======== -There is a sudo web page at https://www.sudo.ws/ that contains an -overview of sudo, documentation, downloads, a bug tracker, information -about beta versions and other useful info. - -Bug reports -=========== -If you have found what you believe to be a bug, you can file a bug -report in the sudo bug database, on the web at https://bugzilla.sudo.ws/. - -Please read over the `TROUBLESHOOTING' file in the doc directory *before* -submitting a bug report. When reporting bugs, please be sure to include -the version of sudo you are using as well as the platform you are running -it on. diff -Nru sudo-1.9.5p2/README.LDAP sudo-1.9.9/README.LDAP --- sudo-1.9.5p2/README.LDAP 2020-12-17 01:33:43.000000000 +0000 +++ sudo-1.9.9/README.LDAP 1970-01-01 00:00:00.000000000 +0000 @@ -1,205 +0,0 @@ -This file explains how to build the optional LDAP functionality of SUDO to -store /etc/sudoers information. This feature is distinct from LDAP passwords. - -For general sudo LDAP configuration details, see the sudoers.ldap manual that -comes with the sudo distribution. A pre-formatted version of the manual may -be found in the sudoers.ldap.cat file. - -The sudo binary compiled with LDAP support should be totally backward -compatible and be syntactically and source code equivalent to its -non LDAP-enabled build. - -LDAP philosophy -=============== -As times change and servers become cheap, an enterprise can easily have 500+ -UNIX servers. Using LDAP to synchronize Users, Groups, Hosts, Mounts, and -others across an enterprise can greatly reduce the administrative overhead. - -In the past, sudo has used a single local configuration file, /etc/sudoers. -While the same sudoers file can be shared among machines, no built-in -mechanism exists to distribute it. Some have attempted to workaround this -by synchronizing changes via CVS/RSYNC/RDIST/RCP/SCP and even NFS. - -By using LDAP for sudoers we gain a centrally administered, globally -available configuration source for sudo. - -For information on OpenLDAP, please see http://www.openldap.org/. - -Definitions -=========== -Many times the word 'Directory' is used in the document to refer to the LDAP -server, structure and contents. - -Many times 'options' are used in this document to refer to sudoer 'defaults'. -They are one and the same. - -Build instructions -================== -The simplest way to build sudo with LDAP support is to include the -'--with-ldap' option. - - $ ./configure --with-ldap - -If your ldap libraries and headers are in a non-standard place, you will need -to specify them at configure time. E.g. - - $ ./configure --with-ldap=/usr/local/ldapsdk - -Sudo is developed using OpenLDAP but Netscape-based LDAP libraries -(such as those present in Solaris) are also known to work. - -Your mileage may vary. Please let the sudo workers mailing list - know if special configuration was required -to build an LDAP-enabled sudo so we can improve sudo. - -Schema Changes -============== -You must add the appropriate schema to your LDAP server before it -can store sudoers content. - -For OpenLDAP, there are two options, depending on how slapd is configured. - -The first option is to copy the file schema.OpenLDAP to the schema -directory (e.g. /etc/openldap/schema). You must then edit your -slapd.conf and add an include line the new schema, e.g. - - # Sudo LDAP schema - include /etc/openldap/schema/sudo.schema - -In order for sudoRole LDAP queries to be efficient, the server must index -the attribute 'sudoUser', e.g. - - # Indices to maintain - index sudoUser eq - -After making the changes to slapd.conf, restart slapd. - -The second option is only for OpenLDAP 2.3 and higher where slapd.conf -has been configured to use on-line configuration. If your slapd.conf -file includes the line: - - database config - -it should be possible to use the schema.olcSudo file. - -You can apply schema.olcSudo using the ldapadd utility or another -suitable LDAP browser. For example: - - # ldapadd -f schema.olcSudo -H ldap://ldapserver -W -x \ - -D cn=Manager,dc=example,dc=com - -There is no need to restart slapd when updating on-line configuration. - -For Netscape-derived LDAP servers such as SunONE, iPlanet or Fedora Directory, -copy the schema.iPlanet file to the schema directory with the name 99sudo.ldif. - -On Solaris, schemas are stored in /var/Sun/mps/slapd-`hostname`/config/schema/. -For Fedora Directory Server, they are stored in /etc/dirsrv/schema/. - -After copying the schema file to the appropriate directory, restart -the LDAP server. - -Finally, using an LDAP browser/editor, enable indexing by editing the -client profile to provide a Service Search Descriptor (SSD) for sudoers, -replacing example.com with your domain: - - serviceSearchDescriptor: sudoers: ou=sudoers,dc=example,dc=com - -If using an Active Directory server, copy schema.ActiveDirectory -to your Windows domain controller and run the following command: - - ldifde -i -f schema.ActiveDirectory -c dc=X dc=example,dc=com - -Importing /etc/sudoers into LDAP -================================ -Importing sudoers is a two-step process. - -Step 1: -Ask your LDAP Administrator where to create the ou=SUDOers container. - -For instance, if using OpenLDAP: - - dn: ou=SUDOers,dc=example,dc=com - objectClass: top - objectClass: organizationalUnit - ou: SUDOers - -(An example location is shown below). Then use the cvtsudoers utility to -convert your sudoers file into LDIF format. - - # SUDOERS_BASE=ou=SUDOers,dc=example,dc=com - # export SUDOERS_BASE - # cvtsudoers -f ldif -o /tmp/sudoers.ldif /etc/sudoers - -Step 2: -Import into your directory server. The following example is for -OpenLDAP. If you are using another directory, provide the LDIF -file to your LDAP Administrator. - - # ldapadd -f /tmp/sudoers.ldif -H ldap://ldapserver \ - -D cn=Manager,dc=example,dc=com -W -x - -Step 3: -Verify the sudoers LDAP data: - - # ldapsearch -b "$SUDOERS_BASE" -D cn=Manager,dc=example,dc=com -W -x - -Managing LDAP entries -===================== -Doing a one-time bulk load of your ldap entries is fine. However what if you -need to make minor changes on a daily basis? It doesn't make sense to delete -and re-add objects. (You can, but this is tedious). - -I recommend using any of the following LDAP browsers to administer your SUDOers. - * GQ - The gentleman's LDAP client - Open Source - I use this a lot on Linux - and since it is Schema aware, I don't need to create a sudoRole template. - http://sourceforge.net/projects/gqclient/ - - * phpQLAdmin - Open Source - phpQLAdmin is an administration tool, - originally for QmailLDAP, that supports editing sudoRole objects - in version 2.3.2 and higher. - http://phpqladmin.com/ - - * LDAP Browser/Editor - by Jarek Gawor - I use this a lot on Windows - and Solaris. It runs anywhere in a Java Virtual Machine including - web pages. You have to make a template from an existing sudoRole entry. - http://www.iit.edu/~gawojar/ldap - http://www.mcs.anl.gov/~gawor/ldap - http://ldapmanager.com - - * Apache Directory Studio - Open Source - an Eclipse-based LDAP - development platform. Includes an LDAP browser, and LDIF editor, - a schema editor and more. - http://directory.apache.org/studio - - There are dozens of others, some Open Source, some free, some not. - -Configure your /etc/ldap.conf and /etc/nsswitch.conf -==================================================== -The /etc/ldap.conf file is meant to be shared between sudo, pam_ldap, nss_ldap -and other ldap applications and modules. IBM Secureway unfortunately uses -the same file name but has a different syntax. If you need to change where -this file is stored, re-run configure with the --with-ldap-conf-file=PATH -option. - -See the "Configuring ldap.conf" section in the sudoers.ldap manual -for a list of supported ldap.conf parameters and an example ldap.conf - -Make sure you sudoers_base matches the location you specified when you -imported the sudoers ldif data. - -After configuring /etc/ldap.conf, you must add a line in /etc/nsswitch.conf -to tell sudo to look in LDAP for sudoers. See the "Configuring nsswitch.conf" -section in the sudoers.ldap manual for details. Note that sudo will use -/etc/nsswitch.conf even if the underlying operating system does not support it. -To disable nsswitch support, run configure with the --with-nsswitch=no option. -This will cause sudo to consult LDAP first and /etc/sudoers second, unless the -ignore_sudoers_file flag is set in the global LDAP options. - -Debugging your LDAP configuration -================================= -Enable debugging if you believe sudo is not parsing LDAP the way you think it -should. Setting the 'sudoers_debug' parameter to a value of 1 shows moderate -debugging. A value of 2 shows the results of the matches themselves. Make -sure to set the value back to zero so that other users don't get confused by -the debugging messages. diff -Nru sudo-1.9.5p2/README.LDAP.md sudo-1.9.9/README.LDAP.md --- sudo-1.9.5p2/README.LDAP.md 1970-01-01 00:00:00.000000000 +0000 +++ sudo-1.9.9/README.LDAP.md 2022-01-27 21:24:22.000000000 +0000 @@ -0,0 +1,210 @@ +This file explains how to build the optional LDAP functionality of SUDO to +store /etc/sudoers information. This feature is distinct from LDAP passwords. + +For general sudo LDAP configuration details, see the sudoers.ldap manual that +comes with the sudo distribution. A pre-formatted version of the manual may +be found in the sudoers.ldap.cat file. + +The sudo binary compiled with LDAP support should be totally backward +compatible and be syntactically and source code equivalent to its +non LDAP-enabled build. + +## LDAP philosophy + +As times change and servers become cheap, an enterprise can easily have 500+ +UNIX servers. Using LDAP to synchronize Users, Groups, Hosts, Mounts, and +others across an enterprise can greatly reduce the administrative overhead. + +In the past, sudo has used a single local configuration file, /etc/sudoers. +While the same sudoers file can be shared among machines, no built-in +mechanism exists to distribute it. Some have attempted to workaround this +by synchronizing changes via CVS/RSYNC/RDIST/RCP/SCP and even NFS. + +By using LDAP for sudoers we gain a centrally administered, globally +available configuration source for sudo. + +For information on OpenLDAP, please see http://www.openldap.org/. + +## Definitions + +Many times the word 'Directory' is used in the document to refer to the LDAP +server, structure, and contents. + +Many times 'options' are used in this document to refer to sudoer 'defaults'. +They are one and the same. + +## Build instructions + +The simplest way to build sudo with LDAP support is to include the +`--with-ldap` option. + + $ ./configure --with-ldap + +If your ldap libraries and headers are in a non-standard place, you will need +to specify them at configure time. E.g. + + $ ./configure --with-ldap=/usr/local/ldapsdk + +Sudo is developed using OpenLDAP but Netscape-based LDAP libraries +(such as those present in Solaris) are also known to work. + +Your mileage may vary. Please let the sudo workers mailing list +sudo-workers@sudo.ws know if special configuration was required +to build an LDAP-enabled sudo so we can improve sudo. + +## Schema Changes + +You must add the appropriate schema to your LDAP server before it +can store sudoers content. + +For OpenLDAP, there are two options, depending on how slapd is configured. + +The first option is to copy the file schema.OpenLDAP to the schema +directory (e.g. /etc/openldap/schema). You must then edit your +slapd.conf and add an include line the new schema, for example: + + # Sudo LDAP schema + include /etc/openldap/schema/sudo.schema + +In order for sudoRole LDAP queries to be efficient, the server must index +the attribute 'sudoUser', for example: + + # Indices to maintain + index sudoUser eq + +After making the changes to slapd.conf, restart slapd. + +The second option is only for OpenLDAP 2.3 and higher where slapd.conf +has been configured to use on-line configuration. If your slapd.conf +file includes the line: + + database config + +it should be possible to use the schema.olcSudo file. + +You can apply schema.olcSudo using the ldapadd utility or another +suitable LDAP browser. For example: + + # ldapadd -f schema.olcSudo -H ldap://ldapserver -W -x \ + -D cn=Manager,dc=example,dc=com + +There is no need to restart slapd when updating on-line configuration. + +For Netscape-derived LDAP servers such as SunONE, iPlanet, or Fedora Directory, +copy the schema.iPlanet file to the schema directory with the name 99sudo.ldif. + +On Solaris, schemas are stored in /var/Sun/mps/slapd-\`hostname\`/config/schema/. +For Fedora Directory Server, they are stored in /etc/dirsrv/schema/. + +After copying the schema file to the appropriate directory, restart +the LDAP server. + +Finally, using an LDAP browser/editor, enable indexing by editing the +client profile to provide a Service Search Descriptor (SSD) for sudoers, +replacing example.com with your domain: + + serviceSearchDescriptor: sudoers: ou=sudoers,dc=example,dc=com + +If using an Active Directory server, copy schema.ActiveDirectory +to your Windows domain controller and run the following command: + + ldifde -i -f schema.ActiveDirectory -c dc=X dc=example,dc=com + +## Importing /etc/sudoers into LDAP + +Importing sudoers is a two-step process. + +1. Ask your LDAP Administrator where to create the ou=SUDOers container. + For instance, if using OpenLDAP: +``` + dn: ou=SUDOers,dc=example,dc=com + objectClass: top + objectClass: organizationalUnit + ou: SUDOers +``` + +(An example location is shown below). Then use the cvtsudoers utility to +convert your sudoers file into LDIF format. +``` + # SUDOERS_BASE=ou=SUDOers,dc=example,dc=com + # export SUDOERS_BASE + # cvtsudoers -f ldif -o /tmp/sudoers.ldif /etc/sudoers +``` + +2. Import into your directory server. The following example is for + OpenLDAP. If you are using another directory, provide the LDIF + file to your LDAP Administrator. +``` + # ldapadd -f /tmp/sudoers.ldif -H ldap://ldapserver \ + -D cn=Manager,dc=example,dc=com -W -x +``` + +3. Verify the sudoers LDAP data: +``` + # ldapsearch -b "$SUDOERS_BASE" -D cn=Manager,dc=example,dc=com -W -x +``` + +## Managing LDAP entries + +Doing a one-time bulk load of your ldap entries is fine. However what if you +need to make minor changes on a daily basis? It doesn't make sense to delete +and re-add objects. (You can, but this is tedious). + +I recommend using any of the following LDAP browsers to administer your SUDOers. + + * GQ - The gentleman's LDAP client - Open Source - I use this a lot on Linux + and since it is Schema aware, I don't need to create a sudoRole template. + + http://sourceforge.net/projects/gqclient/ + + * phpQLAdmin - Open Source - phpQLAdmin is an administration tool, + originally for QmailLDAP, that supports editing sudoRole objects + in version 2.3.2 and higher. + + http://phpqladmin.com/ + + * LDAP Browser/Editor - by Jarek Gawor - I use this a lot on Windows + and Solaris. It runs anywhere in a Java Virtual Machine including + web pages. You have to make a template from an existing sudoRole entry. + + http://www.iit.edu/~gawojar/ldap + http://www.mcs.anl.gov/~gawor/ldap + http://ldapmanager.com + + * Apache Directory Studio - Open Source - an Eclipse-based LDAP + development platform. Includes an LDAP browser, and LDIF editor, + a schema editor and more. + + http://directory.apache.org/studio + + There are dozens of others, some Open Source, some free, some not. + +## Configure your /etc/ldap.conf and /etc/nsswitch.conf + +The /etc/ldap.conf file is meant to be shared between sudo, pam_ldap, nss_ldap +and other ldap applications and modules. IBM Secureway unfortunately uses +the same file name but has a different syntax. If you need to change where +this file is stored, re-run configure with the `--with-ldap-conf-file=PATH` +option. + +See the "Configuring ldap.conf" section in the sudoers.ldap manual +for a list of supported ldap.conf parameters and an example ldap.conf + +Make sure you sudoers_base matches the location you specified when you +imported the sudoers ldif data. + +After configuring /etc/ldap.conf, you must add a line in /etc/nsswitch.conf +to tell sudo to look in LDAP for sudoers. See the "Configuring nsswitch.conf" +section in the sudoers.ldap manual for details. Note that sudo will use +/etc/nsswitch.conf even if the underlying operating system does not support it. +To disable nsswitch support, run configure with the `--with-nsswitch=no` option. +This will cause sudo to consult LDAP first and /etc/sudoers second, unless the +ignore_sudoers_file flag is set in the global LDAP options. + +## Debugging your LDAP configuration + +Enable debugging if you believe sudo is not parsing LDAP the way you think it +should. Setting the 'sudoers_debug' parameter to a value of 1 shows moderate +debugging. A value of 2 shows the results of the matches themselves. Make +sure to set the value back to zero so that other users don't get confused by +the debugging messages. diff -Nru sudo-1.9.5p2/README.md sudo-1.9.9/README.md --- sudo-1.9.5p2/README.md 1970-01-01 00:00:00.000000000 +0000 +++ sudo-1.9.9/README.md 2022-01-27 21:24:22.000000000 +0000 @@ -0,0 +1,103 @@ +## The sudo philosophy + +Sudo is a program designed to allow a sysadmin to give limited root privileges +to users and log root activity. The basic philosophy is to give as few +privileges as possible but still allow people to get their work done. + +## Where to find sudo + +Before you try and build sudo, *please* make sure you have the current +version. The latest sudo may always be gotten via anonymous ftp from +ftp.sudo.ws in the directory /pub/sudo/ or from the sudo web site, +https://www.sudo.ws/ + +The distribution is sudo-M.m.tar.gz where _M_ is the major version +number and _m_ is the minor version number. Beta versions of sudo may +also be available. If you join the _sudo-workers_ mailing list you +will get the beta announcements (see the Mailing lists section below). + +## What's new + +See the NEWS file for a list of major changes in this release. For +a complete list of changes, see the [ChangeLog](ChangeLog). +For a summary of major changes to the current stable release, see +https://www.sudo.ws/releases/stable/. + +If you are upgrading from an earlier version of Sudo, please read +[docs/UPGRADE.md](docs/UPGRADE.md) for information on changes in +behavior that may affect you. + +For a history of sudo please see [docs/HISTORY.md](docs/HISTORY.md). +You can find a list of contributors to sudo in +[docs/CONTRIBUTORS.md](docs/CONTRIBUTORS.md). + +## Building the release + +Please read the installation guide, [INSTALL.md](INSTALL.md), before +trying to build sudo. Pay special attention to the "OS dependent notes" +section. + +## How to contribute + +See [docs/CONTRIBUTING.md](docs/CONTRIBUTING.md) for information on +how you can help contribute to sudo. + +## Copyright + +Sudo is distributed under an ISC-style license. +Please refer to [LICENSE.md](LICENSE.md) for details. + +## Mailing lists + +#### sudo-announce + +This list receives announcements whenever a new version of sudo is +released. https://www.sudo.ws/mailman/listinfo/sudo-announce + +#### sudo-blog + +This list receives a message when a new sudo blog article is +available. https://www.sudo.ws/mailman/listinfo/sudo-blog + +#### sudo-commits + +This list receives a message for each commit made to the sudo source +repository. https://www.sudo.ws/mailman/listinfo/sudo-commits + +#### sudo-users + +This list is for questions and general discussion about sudo. +https://www.sudo.ws/mailman/listinfo/sudo-users + +#### sudo-workers + +This list is for people working on and porting sudo. +https://www.sudo.ws/mailman/listinfo/sudo-workers + +To subscribe to a list, visit its url (listed above) and enter your +email address to subscribe. Digest versions are available but these are +fairly low traffic lists so the digest versions are not a significant win. + +Mailing list archives are also available. See the mailing list web sites +for the appropriate links. + +## Web page + +There is a sudo web page at https://www.sudo.ws/ that contains an overview +of sudo, documentation, downloads, a bug tracker, the sudo blog, information +about beta versions and other useful info. + +## Bug reports + +If you have found what you believe to be a bug, you can file a bug +report in the sudo bug database, at https://bugzilla.sudo.ws/. +Alternately, you can file a GitHub issue if that is easier for you +at https://github.com/sudo-project/sudo/issues/. + +Please see [docs/SECURITY.md](docs/SECURITY.md) for our security +policy and how to report security issues. + +Please read over [docs/TROUBLESHOOTING.md](docs/TROUBLESHOOTING.md) +*before* submitting a bug report. When reporting bugs, please be +sure to include the version of sudo you are using as well as the +platform you are running it on. diff -Nru sudo-1.9.5p2/aclocal.m4 sudo-1.9.9/aclocal.m4 --- sudo-1.9.5p2/aclocal.m4 2020-12-17 01:33:43.000000000 +0000 +++ sudo-1.9.9/aclocal.m4 2022-01-27 21:24:06.000000000 +0000 @@ -1,4 +1,4 @@ -# generated automatically by aclocal 1.16.2 -*- Autoconf -*- +# generated automatically by aclocal 1.16.3 -*- Autoconf -*- # Copyright (C) 1996-2020 Free Software Foundation, Inc. @@ -12,269 +12,17 @@ # PARTICULAR PURPOSE. m4_ifndef([AC_CONFIG_MACRO_DIRS], [m4_defun([_AM_CONFIG_MACRO_DIRS], [])m4_defun([AC_CONFIG_MACRO_DIRS], [_AM_CONFIG_MACRO_DIRS($@)])]) -# Copyright (C) 1999-2020 Free Software Foundation, Inc. -# -# This file is free software; the Free Software Foundation -# gives unlimited permission to copy and/or distribute it, -# with or without modifications, as long as this notice is preserved. - - -# AM_PATH_PYTHON([MINIMUM-VERSION], [ACTION-IF-FOUND], [ACTION-IF-NOT-FOUND]) -# --------------------------------------------------------------------------- -# Adds support for distributing Python modules and packages. To -# install modules, copy them to $(pythondir), using the python_PYTHON -# automake variable. To install a package with the same name as the -# automake package, install to $(pkgpythondir), or use the -# pkgpython_PYTHON automake variable. -# -# The variables $(pyexecdir) and $(pkgpyexecdir) are provided as -# locations to install python extension modules (shared libraries). -# Another macro is required to find the appropriate flags to compile -# extension modules. -# -# If your package is configured with a different prefix to python, -# users will have to add the install directory to the PYTHONPATH -# environment variable, or create a .pth file (see the python -# documentation for details). -# -# If the MINIMUM-VERSION argument is passed, AM_PATH_PYTHON will -# cause an error if the version of python installed on the system -# doesn't meet the requirement. MINIMUM-VERSION should consist of -# numbers and dots only. -AC_DEFUN([AM_PATH_PYTHON], - [ - dnl Find a Python interpreter. Python versions prior to 2.0 are not - dnl supported. (2.0 was released on October 16, 2000). - m4_define_default([_AM_PYTHON_INTERPRETER_LIST], -[python python2 python3 dnl - python3.9 python3.8 python3.7 python3.6 python3.5 python3.4 python3.3 dnl - python3.2 python3.1 python3.0 dnl - python2.7 python2.6 python2.5 python2.4 python2.3 python2.2 python2.1 dnl - python2.0]) - - AC_ARG_VAR([PYTHON], [the Python interpreter]) - - m4_if([$1],[],[ - dnl No version check is needed. - # Find any Python interpreter. - if test -z "$PYTHON"; then - AC_PATH_PROGS([PYTHON], _AM_PYTHON_INTERPRETER_LIST, :) - fi - am_display_PYTHON=python - ], [ - dnl A version check is needed. - if test -n "$PYTHON"; then - # If the user set $PYTHON, use it and don't search something else. - AC_MSG_CHECKING([whether $PYTHON version is >= $1]) - AM_PYTHON_CHECK_VERSION([$PYTHON], [$1], - [AC_MSG_RESULT([yes])], - [AC_MSG_RESULT([no]) - AC_MSG_ERROR([Python interpreter is too old])]) - am_display_PYTHON=$PYTHON - else - # Otherwise, try each interpreter until we find one that satisfies - # VERSION. - AC_CACHE_CHECK([for a Python interpreter with version >= $1], - [am_cv_pathless_PYTHON],[ - for am_cv_pathless_PYTHON in _AM_PYTHON_INTERPRETER_LIST none; do - test "$am_cv_pathless_PYTHON" = none && break - AM_PYTHON_CHECK_VERSION([$am_cv_pathless_PYTHON], [$1], [break]) - done]) - # Set $PYTHON to the absolute path of $am_cv_pathless_PYTHON. - if test "$am_cv_pathless_PYTHON" = none; then - PYTHON=: - else - AC_PATH_PROG([PYTHON], [$am_cv_pathless_PYTHON]) - fi - am_display_PYTHON=$am_cv_pathless_PYTHON - fi - ]) - - if test "$PYTHON" = :; then - dnl Run any user-specified action, or abort. - m4_default([$3], [AC_MSG_ERROR([no suitable Python interpreter found])]) - else - - dnl Query Python for its version number. Getting [:3] seems to be - dnl the best way to do this; it's what "site.py" does in the standard - dnl library. - - AC_CACHE_CHECK([for $am_display_PYTHON version], [am_cv_python_version], - [am_cv_python_version=`$PYTHON -c "import sys; sys.stdout.write(sys.version[[:3]])"`]) - AC_SUBST([PYTHON_VERSION], [$am_cv_python_version]) - - dnl Use the values of $prefix and $exec_prefix for the corresponding - dnl values of PYTHON_PREFIX and PYTHON_EXEC_PREFIX. These are made - dnl distinct variables so they can be overridden if need be. However, - dnl general consensus is that you shouldn't need this ability. - - AC_SUBST([PYTHON_PREFIX], ['${prefix}']) - AC_SUBST([PYTHON_EXEC_PREFIX], ['${exec_prefix}']) - - dnl At times (like when building shared libraries) you may want - dnl to know which OS platform Python thinks this is. - - AC_CACHE_CHECK([for $am_display_PYTHON platform], [am_cv_python_platform], - [am_cv_python_platform=`$PYTHON -c "import sys; sys.stdout.write(sys.platform)"`]) - AC_SUBST([PYTHON_PLATFORM], [$am_cv_python_platform]) - - # Just factor out some code duplication. - am_python_setup_sysconfig="\ -import sys -# Prefer sysconfig over distutils.sysconfig, for better compatibility -# with python 3.x. See automake bug#10227. -try: - import sysconfig -except ImportError: - can_use_sysconfig = 0 -else: - can_use_sysconfig = 1 -# Can't use sysconfig in CPython 2.7, since it's broken in virtualenvs: -# -try: - from platform import python_implementation - if python_implementation() == 'CPython' and sys.version[[:3]] == '2.7': - can_use_sysconfig = 0 -except ImportError: - pass" - - dnl Set up 4 directories: - - dnl pythondir -- where to install python scripts. This is the - dnl site-packages directory, not the python standard library - dnl directory like in previous automake betas. This behavior - dnl is more consistent with lispdir.m4 for example. - dnl Query distutils for this directory. - AC_CACHE_CHECK([for $am_display_PYTHON script directory], - [am_cv_python_pythondir], - [if test "x$prefix" = xNONE - then - am_py_prefix=$ac_default_prefix - else - am_py_prefix=$prefix - fi - am_cv_python_pythondir=`$PYTHON -c " -$am_python_setup_sysconfig -if can_use_sysconfig: - sitedir = sysconfig.get_path('purelib', vars={'base':'$am_py_prefix'}) -else: - from distutils import sysconfig - sitedir = sysconfig.get_python_lib(0, 0, prefix='$am_py_prefix') -sys.stdout.write(sitedir)"` - case $am_cv_python_pythondir in - $am_py_prefix*) - am__strip_prefix=`echo "$am_py_prefix" | sed 's|.|.|g'` - am_cv_python_pythondir=`echo "$am_cv_python_pythondir" | sed "s,^$am__strip_prefix,$PYTHON_PREFIX,"` - ;; - *) - case $am_py_prefix in - /usr|/System*) ;; - *) - am_cv_python_pythondir=$PYTHON_PREFIX/lib/python$PYTHON_VERSION/site-packages - ;; - esac - ;; - esac - ]) - AC_SUBST([pythondir], [$am_cv_python_pythondir]) - - dnl pkgpythondir -- $PACKAGE directory under pythondir. Was - dnl PYTHON_SITE_PACKAGE in previous betas, but this naming is - dnl more consistent with the rest of automake. - - AC_SUBST([pkgpythondir], [\${pythondir}/$PACKAGE]) - - dnl pyexecdir -- directory for installing python extension modules - dnl (shared libraries) - dnl Query distutils for this directory. - AC_CACHE_CHECK([for $am_display_PYTHON extension module directory], - [am_cv_python_pyexecdir], - [if test "x$exec_prefix" = xNONE - then - am_py_exec_prefix=$am_py_prefix - else - am_py_exec_prefix=$exec_prefix - fi - am_cv_python_pyexecdir=`$PYTHON -c " -$am_python_setup_sysconfig -if can_use_sysconfig: - sitedir = sysconfig.get_path('platlib', vars={'platbase':'$am_py_prefix'}) -else: - from distutils import sysconfig - sitedir = sysconfig.get_python_lib(1, 0, prefix='$am_py_prefix') -sys.stdout.write(sitedir)"` - case $am_cv_python_pyexecdir in - $am_py_exec_prefix*) - am__strip_prefix=`echo "$am_py_exec_prefix" | sed 's|.|.|g'` - am_cv_python_pyexecdir=`echo "$am_cv_python_pyexecdir" | sed "s,^$am__strip_prefix,$PYTHON_EXEC_PREFIX,"` - ;; - *) - case $am_py_exec_prefix in - /usr|/System*) ;; - *) - am_cv_python_pyexecdir=$PYTHON_EXEC_PREFIX/lib/python$PYTHON_VERSION/site-packages - ;; - esac - ;; - esac - ]) - AC_SUBST([pyexecdir], [$am_cv_python_pyexecdir]) - - dnl pkgpyexecdir -- $(pyexecdir)/$(PACKAGE) - - AC_SUBST([pkgpyexecdir], [\${pyexecdir}/$PACKAGE]) - - dnl Run any user-specified action. - $2 - fi - -]) - - -# AM_PYTHON_CHECK_VERSION(PROG, VERSION, [ACTION-IF-TRUE], [ACTION-IF-FALSE]) -# --------------------------------------------------------------------------- -# Run ACTION-IF-TRUE if the Python interpreter PROG has version >= VERSION. -# Run ACTION-IF-FALSE otherwise. -# This test uses sys.hexversion instead of the string equivalent (first -# word of sys.version), in order to cope with versions such as 2.2c1. -# This supports Python 2.0 or higher. (2.0 was released on October 16, 2000). -AC_DEFUN([AM_PYTHON_CHECK_VERSION], - [prog="import sys -# split strings by '.' and convert to numeric. Append some zeros -# because we need at least 4 digits for the hex conversion. -# map returns an iterator in Python 3.0 and a list in 2.x -minver = list(map(int, '$2'.split('.'))) + [[0, 0, 0]] -minverhex = 0 -# xrange is not present in Python 3.0 and range returns an iterator -for i in list(range(0, 4)): minverhex = (minverhex << 8) + minver[[i]] -sys.exit(sys.hexversion < minverhex)" - AS_IF([AM_RUN_LOG([$1 -c "$prog"])], [$3], [$4])]) - -# Copyright (C) 2001-2020 Free Software Foundation, Inc. -# -# This file is free software; the Free Software Foundation -# gives unlimited permission to copy and/or distribute it, -# with or without modifications, as long as this notice is preserved. - -# AM_RUN_LOG(COMMAND) -# ------------------- -# Run COMMAND, save the exit status in ac_status, and log it. -# (This has been adapted from Autoconf's _AC_RUN_LOG macro.) -AC_DEFUN([AM_RUN_LOG], -[{ echo "$as_me:$LINENO: $1" >&AS_MESSAGE_LOG_FD - ($1) >&AS_MESSAGE_LOG_FD 2>&AS_MESSAGE_LOG_FD - ac_status=$? - echo "$as_me:$LINENO: \$? = $ac_status" >&AS_MESSAGE_LOG_FD - (exit $ac_status); }]) - m4_include([m4/ax_append_flag.m4]) m4_include([m4/ax_check_compile_flag.m4]) m4_include([m4/ax_check_link_flag.m4]) m4_include([m4/ax_func_getaddrinfo.m4]) m4_include([m4/ax_func_snprintf.m4]) +m4_include([m4/ax_prog_cc_for_build.m4]) m4_include([m4/libtool.m4]) m4_include([m4/ltoptions.m4]) m4_include([m4/ltsugar.m4]) m4_include([m4/ltversion.m4]) m4_include([m4/lt~obsolete.m4]) +m4_include([m4/python.m4]) +m4_include([m4/runlog.m4]) m4_include([m4/sudo.m4]) diff -Nru sudo-1.9.5p2/autogen.sh sudo-1.9.9/autogen.sh --- sudo-1.9.5p2/autogen.sh 2020-12-17 01:33:43.000000000 +0000 +++ sudo-1.9.9/autogen.sh 2022-01-27 21:24:06.000000000 +0000 @@ -4,10 +4,10 @@ # If the user hasn't chosen one themselves, we do here. if [ "`/usr/bin/uname 2>&1`" = "OpenBSD" ]; then if [ X"$AUTOMAKE_VERSION" = X"" ]; then - AUTOMAKE_VERSION=1.16; export AUTOMAKE_VERSION + AUTOMAKE_VERSION=1.16; export AUTOMAKE_VERSION fi if [ X"$AUTOCONF_VERSION" = X"" ]; then - AUTOCONF_VERSION=2.69; export AUTOCONF_VERSION + AUTOCONF_VERSION=2.69; export AUTOCONF_VERSION fi fi diff -Nru sudo-1.9.5p2/config.guess sudo-1.9.9/config.guess --- sudo-1.9.5p2/config.guess 2020-12-17 01:33:43.000000000 +0000 +++ sudo-1.9.9/config.guess 1970-01-01 00:00:00.000000000 +0000 @@ -1,1462 +0,0 @@ -#! /bin/sh -# Attempt to guess a canonical system name. -# Copyright 1992-2016 Free Software Foundation, Inc. - -timestamp='2016-10-02' - -# This file is free software; you can redistribute it and/or modify it -# under the terms of the GNU General Public License as published by -# the Free Software Foundation; either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, but -# WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU -# General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program; if not, see . -# -# As a special exception to the GNU General Public License, if you -# distribute this file as part of a program that contains a -# configuration script generated by Autoconf, you may include it under -# the same distribution terms that you use for the rest of that -# program. This Exception is an additional permission under section 7 -# of the GNU General Public License, version 3 ("GPLv3"). -# -# Originally written by Per Bothner; maintained since 2000 by Ben Elliston. -# -# You can get the latest version of this script from: -# http://git.savannah.gnu.org/gitweb/?p=config.git;a=blob_plain;f=config.guess -# -# Please send patches to . - - -me=`echo "$0" | sed -e 's,.*/,,'` - -usage="\ -Usage: $0 [OPTION] - -Output the configuration name of the system \`$me' is run on. - -Operation modes: - -h, --help print this help, then exit - -t, --time-stamp print date of last modification, then exit - -v, --version print version number, then exit - -Report bugs and patches to ." - -version="\ -GNU config.guess ($timestamp) - -Originally written by Per Bothner. -Copyright 1992-2016 Free Software Foundation, Inc. - -This is free software; see the source for copying conditions. There is NO -warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE." - -help=" -Try \`$me --help' for more information." - -# Parse command line -while test $# -gt 0 ; do - case $1 in - --time-stamp | --time* | -t ) - echo "$timestamp" ; exit ;; - --version | -v ) - echo "$version" ; exit ;; - --help | --h* | -h ) - echo "$usage"; exit ;; - -- ) # Stop option processing - shift; break ;; - - ) # Use stdin as input. - break ;; - -* ) - echo "$me: invalid option $1$help" >&2 - exit 1 ;; - * ) - break ;; - esac -done - -if test $# != 0; then - echo "$me: too many arguments$help" >&2 - exit 1 -fi - -trap 'exit 1' 1 2 15 - -# CC_FOR_BUILD -- compiler used by this script. Note that the use of a -# compiler to aid in system detection is discouraged as it requires -# temporary files to be created and, as you can see below, it is a -# headache to deal with in a portable fashion. - -# Historically, `CC_FOR_BUILD' used to be named `HOST_CC'. We still -# use `HOST_CC' if defined, but it is deprecated. - -# Portable tmp directory creation inspired by the Autoconf team. - -set_cc_for_build=' -trap "exitcode=\$?; (rm -f \$tmpfiles 2>/dev/null; rmdir \$tmp 2>/dev/null) && exit \$exitcode" 0 ; -trap "rm -f \$tmpfiles 2>/dev/null; rmdir \$tmp 2>/dev/null; exit 1" 1 2 13 15 ; -: ${TMPDIR=/tmp} ; - { tmp=`(umask 077 && mktemp -d "$TMPDIR/cgXXXXXX") 2>/dev/null` && test -n "$tmp" && test -d "$tmp" ; } || - { test -n "$RANDOM" && tmp=$TMPDIR/cg$$-$RANDOM && (umask 077 && mkdir $tmp) ; } || - { tmp=$TMPDIR/cg-$$ && (umask 077 && mkdir $tmp) && echo "Warning: creating insecure temp directory" >&2 ; } || - { echo "$me: cannot create a temporary directory in $TMPDIR" >&2 ; exit 1 ; } ; -dummy=$tmp/dummy ; -tmpfiles="$dummy.c $dummy.o $dummy.rel $dummy" ; -case $CC_FOR_BUILD,$HOST_CC,$CC in - ,,) echo "int x;" > $dummy.c ; - for c in cc gcc c89 c99 ; do - if ($c -c -o $dummy.o $dummy.c) >/dev/null 2>&1 ; then - CC_FOR_BUILD="$c"; break ; - fi ; - done ; - if test x"$CC_FOR_BUILD" = x ; then - CC_FOR_BUILD=no_compiler_found ; - fi - ;; - ,,*) CC_FOR_BUILD=$CC ;; - ,*,*) CC_FOR_BUILD=$HOST_CC ;; -esac ; set_cc_for_build= ;' - -# This is needed to find uname on a Pyramid OSx when run in the BSD universe. -# (ghazi@noc.rutgers.edu 1994-08-24) -if (test -f /.attbin/uname) >/dev/null 2>&1 ; then - PATH=$PATH:/.attbin ; export PATH -fi - -UNAME_MACHINE=`(uname -m) 2>/dev/null` || UNAME_MACHINE=unknown -UNAME_RELEASE=`(uname -r) 2>/dev/null` || UNAME_RELEASE=unknown -UNAME_SYSTEM=`(uname -s) 2>/dev/null` || UNAME_SYSTEM=unknown -UNAME_VERSION=`(uname -v) 2>/dev/null` || UNAME_VERSION=unknown - -case "${UNAME_SYSTEM}" in -Linux|GNU|GNU/*) - # If the system lacks a compiler, then just pick glibc. - # We could probably try harder. - LIBC=gnu - - eval $set_cc_for_build - cat <<-EOF > $dummy.c - #include - #if defined(__UCLIBC__) - LIBC=uclibc - #elif defined(__dietlibc__) - LIBC=dietlibc - #else - LIBC=gnu - #endif - EOF - eval `$CC_FOR_BUILD -E $dummy.c 2>/dev/null | grep '^LIBC' | sed 's, ,,g'` - ;; -esac - -# Note: order is significant - the case branches are not exclusive. - -case "${UNAME_MACHINE}:${UNAME_SYSTEM}:${UNAME_RELEASE}:${UNAME_VERSION}" in - *:NetBSD:*:*) - # NetBSD (nbsd) targets should (where applicable) match one or - # more of the tuples: *-*-netbsdelf*, *-*-netbsdaout*, - # *-*-netbsdecoff* and *-*-netbsd*. For targets that recently - # switched to ELF, *-*-netbsd* would select the old - # object file format. This provides both forward - # compatibility and a consistent mechanism for selecting the - # object file format. - # - # Note: NetBSD doesn't particularly care about the vendor - # portion of the name. We always set it to "unknown". - sysctl="sysctl -n hw.machine_arch" - UNAME_MACHINE_ARCH=`(uname -p 2>/dev/null || \ - /sbin/$sysctl 2>/dev/null || \ - /usr/sbin/$sysctl 2>/dev/null || \ - echo unknown)` - case "${UNAME_MACHINE_ARCH}" in - armeb) machine=armeb-unknown ;; - arm*) machine=arm-unknown ;; - sh3el) machine=shl-unknown ;; - sh3eb) machine=sh-unknown ;; - sh5el) machine=sh5le-unknown ;; - earmv*) - arch=`echo ${UNAME_MACHINE_ARCH} | sed -e 's,^e\(armv[0-9]\).*$,\1,'` - endian=`echo ${UNAME_MACHINE_ARCH} | sed -ne 's,^.*\(eb\)$,\1,p'` - machine=${arch}${endian}-unknown - ;; - *) machine=${UNAME_MACHINE_ARCH}-unknown ;; - esac - # The Operating System including object format, if it has switched - # to ELF recently (or will in the future) and ABI. - case "${UNAME_MACHINE_ARCH}" in - earm*) - os=netbsdelf - ;; - arm*|i386|m68k|ns32k|sh3*|sparc|vax) - eval $set_cc_for_build - if echo __ELF__ | $CC_FOR_BUILD -E - 2>/dev/null \ - | grep -q __ELF__ - then - # Once all utilities can be ECOFF (netbsdecoff) or a.out (netbsdaout). - # Return netbsd for either. FIX? - os=netbsd - else - os=netbsdelf - fi - ;; - *) - os=netbsd - ;; - esac - # Determine ABI tags. - case "${UNAME_MACHINE_ARCH}" in - earm*) - expr='s/^earmv[0-9]/-eabi/;s/eb$//' - abi=`echo ${UNAME_MACHINE_ARCH} | sed -e "$expr"` - ;; - esac - # The OS release - # Debian GNU/NetBSD machines have a different userland, and - # thus, need a distinct triplet. However, they do not need - # kernel version information, so it can be replaced with a - # suitable tag, in the style of linux-gnu. - case "${UNAME_VERSION}" in - Debian*) - release='-gnu' - ;; - *) - release=`echo ${UNAME_RELEASE} | sed -e 's/[-_].*//' | cut -d. -f1,2` - ;; - esac - # Since CPU_TYPE-MANUFACTURER-KERNEL-OPERATING_SYSTEM: - # contains redundant information, the shorter form: - # CPU_TYPE-MANUFACTURER-OPERATING_SYSTEM is used. - echo "${machine}-${os}${release}${abi}" - exit ;; - *:Bitrig:*:*) - UNAME_MACHINE_ARCH=`arch | sed 's/Bitrig.//'` - echo ${UNAME_MACHINE_ARCH}-unknown-bitrig${UNAME_RELEASE} - exit ;; - *:OpenBSD:*:*) - UNAME_MACHINE_ARCH=`arch | sed 's/OpenBSD.//'` - echo ${UNAME_MACHINE_ARCH}-unknown-openbsd${UNAME_RELEASE} - exit ;; - *:LibertyBSD:*:*) - UNAME_MACHINE_ARCH=`arch | sed 's/^.*BSD\.//'` - echo ${UNAME_MACHINE_ARCH}-unknown-libertybsd${UNAME_RELEASE} - exit ;; - *:ekkoBSD:*:*) - echo ${UNAME_MACHINE}-unknown-ekkobsd${UNAME_RELEASE} - exit ;; - *:SolidBSD:*:*) - echo ${UNAME_MACHINE}-unknown-solidbsd${UNAME_RELEASE} - exit ;; - macppc:MirBSD:*:*) - echo powerpc-unknown-mirbsd${UNAME_RELEASE} - exit ;; - *:MirBSD:*:*) - echo ${UNAME_MACHINE}-unknown-mirbsd${UNAME_RELEASE} - exit ;; - *:Sortix:*:*) - echo ${UNAME_MACHINE}-unknown-sortix - exit ;; - alpha:OSF1:*:*) - case $UNAME_RELEASE in - *4.0) - UNAME_RELEASE=`/usr/sbin/sizer -v | awk '{print $3}'` - ;; - *5.*) - UNAME_RELEASE=`/usr/sbin/sizer -v | awk '{print $4}'` - ;; - esac - # According to Compaq, /usr/sbin/psrinfo has been available on - # OSF/1 and Tru64 systems produced since 1995. I hope that - # covers most systems running today. This code pipes the CPU - # types through head -n 1, so we only detect the type of CPU 0. - ALPHA_CPU_TYPE=`/usr/sbin/psrinfo -v | sed -n -e 's/^ The alpha \(.*\) processor.*$/\1/p' | head -n 1` - case "$ALPHA_CPU_TYPE" in - "EV4 (21064)") - UNAME_MACHINE=alpha ;; - "EV4.5 (21064)") - UNAME_MACHINE=alpha ;; - "LCA4 (21066/21068)") - UNAME_MACHINE=alpha ;; - "EV5 (21164)") - UNAME_MACHINE=alphaev5 ;; - "EV5.6 (21164A)") - UNAME_MACHINE=alphaev56 ;; - "EV5.6 (21164PC)") - UNAME_MACHINE=alphapca56 ;; - "EV5.7 (21164PC)") - UNAME_MACHINE=alphapca57 ;; - "EV6 (21264)") - UNAME_MACHINE=alphaev6 ;; - "EV6.7 (21264A)") - UNAME_MACHINE=alphaev67 ;; - "EV6.8CB (21264C)") - UNAME_MACHINE=alphaev68 ;; - "EV6.8AL (21264B)") - UNAME_MACHINE=alphaev68 ;; - "EV6.8CX (21264D)") - UNAME_MACHINE=alphaev68 ;; - "EV6.9A (21264/EV69A)") - UNAME_MACHINE=alphaev69 ;; - "EV7 (21364)") - UNAME_MACHINE=alphaev7 ;; - "EV7.9 (21364A)") - UNAME_MACHINE=alphaev79 ;; - esac - # A Pn.n version is a patched version. - # A Vn.n version is a released version. - # A Tn.n version is a released field test version. - # A Xn.n version is an unreleased experimental baselevel. - # 1.2 uses "1.2" for uname -r. - echo ${UNAME_MACHINE}-dec-osf`echo ${UNAME_RELEASE} | sed -e 's/^[PVTX]//' | tr ABCDEFGHIJKLMNOPQRSTUVWXYZ abcdefghijklmnopqrstuvwxyz` - # Reset EXIT trap before exiting to avoid spurious non-zero exit code. - exitcode=$? - trap '' 0 - exit $exitcode ;; - Alpha\ *:Windows_NT*:*) - # How do we know it's Interix rather than the generic POSIX subsystem? - # Should we change UNAME_MACHINE based on the output of uname instead - # of the specific Alpha model? - echo alpha-pc-interix - exit ;; - 21064:Windows_NT:50:3) - echo alpha-dec-winnt3.5 - exit ;; - Amiga*:UNIX_System_V:4.0:*) - echo m68k-unknown-sysv4 - exit ;; - *:[Aa]miga[Oo][Ss]:*:*) - echo ${UNAME_MACHINE}-unknown-amigaos - exit ;; - *:[Mm]orph[Oo][Ss]:*:*) - echo ${UNAME_MACHINE}-unknown-morphos - exit ;; - *:OS/390:*:*) - echo i370-ibm-openedition - exit ;; - *:z/VM:*:*) - echo s390-ibm-zvmoe - exit ;; - *:OS400:*:*) - echo powerpc-ibm-os400 - exit ;; - arm:RISC*:1.[012]*:*|arm:riscix:1.[012]*:*) - echo arm-acorn-riscix${UNAME_RELEASE} - exit ;; - arm*:riscos:*:*|arm*:RISCOS:*:*) - echo arm-unknown-riscos - exit ;; - SR2?01:HI-UX/MPP:*:* | SR8000:HI-UX/MPP:*:*) - echo hppa1.1-hitachi-hiuxmpp - exit ;; - Pyramid*:OSx*:*:* | MIS*:OSx*:*:* | MIS*:SMP_DC-OSx*:*:*) - # akee@wpdis03.wpafb.af.mil (Earle F. Ake) contributed MIS and NILE. - if test "`(/bin/universe) 2>/dev/null`" = att ; then - echo pyramid-pyramid-sysv3 - else - echo pyramid-pyramid-bsd - fi - exit ;; - NILE*:*:*:dcosx) - echo pyramid-pyramid-svr4 - exit ;; - DRS?6000:unix:4.0:6*) - echo sparc-icl-nx6 - exit ;; - DRS?6000:UNIX_SV:4.2*:7* | DRS?6000:isis:4.2*:7*) - case `/usr/bin/uname -p` in - sparc) echo sparc-icl-nx7; exit ;; - esac ;; - s390x:SunOS:*:*) - echo ${UNAME_MACHINE}-ibm-solaris2`echo ${UNAME_RELEASE}|sed -e 's/[^.]*//'` - exit ;; - sun4H:SunOS:5.*:*) - echo sparc-hal-solaris2`echo ${UNAME_RELEASE}|sed -e 's/[^.]*//'` - exit ;; - sun4*:SunOS:5.*:* | tadpole*:SunOS:5.*:*) - echo sparc-sun-solaris2`echo ${UNAME_RELEASE}|sed -e 's/[^.]*//'` - exit ;; - i86pc:AuroraUX:5.*:* | i86xen:AuroraUX:5.*:*) - echo i386-pc-auroraux${UNAME_RELEASE} - exit ;; - i86pc:SunOS:5.*:* | i86xen:SunOS:5.*:*) - eval $set_cc_for_build - SUN_ARCH=i386 - # If there is a compiler, see if it is configured for 64-bit objects. - # Note that the Sun cc does not turn __LP64__ into 1 like gcc does. - # This test works for both compilers. - if [ "$CC_FOR_BUILD" != no_compiler_found ]; then - if (echo '#ifdef __amd64'; echo IS_64BIT_ARCH; echo '#endif') | \ - (CCOPTS="" $CC_FOR_BUILD -E - 2>/dev/null) | \ - grep IS_64BIT_ARCH >/dev/null - then - SUN_ARCH=x86_64 - fi - fi - echo ${SUN_ARCH}-pc-solaris2`echo ${UNAME_RELEASE}|sed -e 's/[^.]*//'` - exit ;; - sun4*:SunOS:6*:*) - # According to config.sub, this is the proper way to canonicalize - # SunOS6. Hard to guess exactly what SunOS6 will be like, but - # it's likely to be more like Solaris than SunOS4. - echo sparc-sun-solaris3`echo ${UNAME_RELEASE}|sed -e 's/[^.]*//'` - exit ;; - sun4*:SunOS:*:*) - case "`/usr/bin/arch -k`" in - Series*|S4*) - UNAME_RELEASE=`uname -v` - ;; - esac - # Japanese Language versions have a version number like `4.1.3-JL'. - echo sparc-sun-sunos`echo ${UNAME_RELEASE}|sed -e 's/-/_/'` - exit ;; - sun3*:SunOS:*:*) - echo m68k-sun-sunos${UNAME_RELEASE} - exit ;; - sun*:*:4.2BSD:*) - UNAME_RELEASE=`(sed 1q /etc/motd | awk '{print substr($5,1,3)}') 2>/dev/null` - test "x${UNAME_RELEASE}" = x && UNAME_RELEASE=3 - case "`/bin/arch`" in - sun3) - echo m68k-sun-sunos${UNAME_RELEASE} - ;; - sun4) - echo sparc-sun-sunos${UNAME_RELEASE} - ;; - esac - exit ;; - aushp:SunOS:*:*) - echo sparc-auspex-sunos${UNAME_RELEASE} - exit ;; - # The situation for MiNT is a little confusing. The machine name - # can be virtually everything (everything which is not - # "atarist" or "atariste" at least should have a processor - # > m68000). The system name ranges from "MiNT" over "FreeMiNT" - # to the lowercase version "mint" (or "freemint"). Finally - # the system name "TOS" denotes a system which is actually not - # MiNT. But MiNT is downward compatible to TOS, so this should - # be no problem. - atarist[e]:*MiNT:*:* | atarist[e]:*mint:*:* | atarist[e]:*TOS:*:*) - echo m68k-atari-mint${UNAME_RELEASE} - exit ;; - atari*:*MiNT:*:* | atari*:*mint:*:* | atarist[e]:*TOS:*:*) - echo m68k-atari-mint${UNAME_RELEASE} - exit ;; - *falcon*:*MiNT:*:* | *falcon*:*mint:*:* | *falcon*:*TOS:*:*) - echo m68k-atari-mint${UNAME_RELEASE} - exit ;; - milan*:*MiNT:*:* | milan*:*mint:*:* | *milan*:*TOS:*:*) - echo m68k-milan-mint${UNAME_RELEASE} - exit ;; - hades*:*MiNT:*:* | hades*:*mint:*:* | *hades*:*TOS:*:*) - echo m68k-hades-mint${UNAME_RELEASE} - exit ;; - *:*MiNT:*:* | *:*mint:*:* | *:*TOS:*:*) - echo m68k-unknown-mint${UNAME_RELEASE} - exit ;; - m68k:machten:*:*) - echo m68k-apple-machten${UNAME_RELEASE} - exit ;; - powerpc:machten:*:*) - echo powerpc-apple-machten${UNAME_RELEASE} - exit ;; - RISC*:Mach:*:*) - echo mips-dec-mach_bsd4.3 - exit ;; - RISC*:ULTRIX:*:*) - echo mips-dec-ultrix${UNAME_RELEASE} - exit ;; - VAX*:ULTRIX*:*:*) - echo vax-dec-ultrix${UNAME_RELEASE} - exit ;; - 2020:CLIX:*:* | 2430:CLIX:*:*) - echo clipper-intergraph-clix${UNAME_RELEASE} - exit ;; - mips:*:*:UMIPS | mips:*:*:RISCos) - eval $set_cc_for_build - sed 's/^ //' << EOF >$dummy.c -#ifdef __cplusplus -#include /* for printf() prototype */ - int main (int argc, char *argv[]) { -#else - int main (argc, argv) int argc; char *argv[]; { -#endif - #if defined (host_mips) && defined (MIPSEB) - #if defined (SYSTYPE_SYSV) - printf ("mips-mips-riscos%ssysv\n", argv[1]); exit (0); - #endif - #if defined (SYSTYPE_SVR4) - printf ("mips-mips-riscos%ssvr4\n", argv[1]); exit (0); - #endif - #if defined (SYSTYPE_BSD43) || defined(SYSTYPE_BSD) - printf ("mips-mips-riscos%sbsd\n", argv[1]); exit (0); - #endif - #endif - exit (-1); - } -EOF - $CC_FOR_BUILD -o $dummy $dummy.c && - dummyarg=`echo "${UNAME_RELEASE}" | sed -n 's/\([0-9]*\).*/\1/p'` && - SYSTEM_NAME=`$dummy $dummyarg` && - { echo "$SYSTEM_NAME"; exit; } - echo mips-mips-riscos${UNAME_RELEASE} - exit ;; - Motorola:PowerMAX_OS:*:*) - echo powerpc-motorola-powermax - exit ;; - Motorola:*:4.3:PL8-*) - echo powerpc-harris-powermax - exit ;; - Night_Hawk:*:*:PowerMAX_OS | Synergy:PowerMAX_OS:*:*) - echo powerpc-harris-powermax - exit ;; - Night_Hawk:Power_UNIX:*:*) - echo powerpc-harris-powerunix - exit ;; - m88k:CX/UX:7*:*) - echo m88k-harris-cxux7 - exit ;; - m88k:*:4*:R4*) - echo m88k-motorola-sysv4 - exit ;; - m88k:*:3*:R3*) - echo m88k-motorola-sysv3 - exit ;; - AViiON:dgux:*:*) - # DG/UX returns AViiON for all architectures - UNAME_PROCESSOR=`/usr/bin/uname -p` - if [ $UNAME_PROCESSOR = mc88100 ] || [ $UNAME_PROCESSOR = mc88110 ] - then - if [ ${TARGET_BINARY_INTERFACE}x = m88kdguxelfx ] || \ - [ ${TARGET_BINARY_INTERFACE}x = x ] - then - echo m88k-dg-dgux${UNAME_RELEASE} - else - echo m88k-dg-dguxbcs${UNAME_RELEASE} - fi - else - echo i586-dg-dgux${UNAME_RELEASE} - fi - exit ;; - M88*:DolphinOS:*:*) # DolphinOS (SVR3) - echo m88k-dolphin-sysv3 - exit ;; - M88*:*:R3*:*) - # Delta 88k system running SVR3 - echo m88k-motorola-sysv3 - exit ;; - XD88*:*:*:*) # Tektronix XD88 system running UTekV (SVR3) - echo m88k-tektronix-sysv3 - exit ;; - Tek43[0-9][0-9]:UTek:*:*) # Tektronix 4300 system running UTek (BSD) - echo m68k-tektronix-bsd - exit ;; - *:IRIX*:*:*) - echo mips-sgi-irix`echo ${UNAME_RELEASE}|sed -e 's/-/_/g'` - exit ;; - ????????:AIX?:[12].1:2) # AIX 2.2.1 or AIX 2.1.1 is RT/PC AIX. - echo romp-ibm-aix # uname -m gives an 8 hex-code CPU id - exit ;; # Note that: echo "'`uname -s`'" gives 'AIX ' - i*86:AIX:*:*) - echo i386-ibm-aix - exit ;; - ia64:AIX:*:*) - if [ -x /usr/bin/oslevel ] ; then - IBM_REV=`/usr/bin/oslevel` - else - IBM_REV=${UNAME_VERSION}.${UNAME_RELEASE} - fi - echo ${UNAME_MACHINE}-ibm-aix${IBM_REV} - exit ;; - *:AIX:2:3) - if grep bos325 /usr/include/stdio.h >/dev/null 2>&1; then - eval $set_cc_for_build - sed 's/^ //' << EOF >$dummy.c - #include - - main() - { - if (!__power_pc()) - exit(1); - puts("powerpc-ibm-aix3.2.5"); - exit(0); - } -EOF - if $CC_FOR_BUILD -o $dummy $dummy.c && SYSTEM_NAME=`$dummy` - then - echo "$SYSTEM_NAME" - else - echo rs6000-ibm-aix3.2.5 - fi - elif grep bos324 /usr/include/stdio.h >/dev/null 2>&1; then - echo rs6000-ibm-aix3.2.4 - else - echo rs6000-ibm-aix3.2 - fi - exit ;; - *:AIX:*:[4567]) - IBM_CPU_ID=`/usr/sbin/lsdev -C -c processor -S available | sed 1q | awk '{ print $1 }'` - if /usr/sbin/lsattr -El ${IBM_CPU_ID} | grep ' POWER' >/dev/null 2>&1; then - IBM_ARCH=rs6000 - else - IBM_ARCH=powerpc - fi - if [ -x /usr/bin/lslpp ] ; then - IBM_REV=`/usr/bin/lslpp -Lqc bos.rte.libc | - awk -F: '{ print $3 }' | sed s/[0-9]*$/0/` - else - IBM_REV=${UNAME_VERSION}.${UNAME_RELEASE} - fi - echo ${IBM_ARCH}-ibm-aix${IBM_REV} - exit ;; - *:AIX:*:*) - echo rs6000-ibm-aix - exit ;; - ibmrt:4.4BSD:*|romp-ibm:BSD:*) - echo romp-ibm-bsd4.4 - exit ;; - ibmrt:*BSD:*|romp-ibm:BSD:*) # covers RT/PC BSD and - echo romp-ibm-bsd${UNAME_RELEASE} # 4.3 with uname added to - exit ;; # report: romp-ibm BSD 4.3 - *:BOSX:*:*) - echo rs6000-bull-bosx - exit ;; - DPX/2?00:B.O.S.:*:*) - echo m68k-bull-sysv3 - exit ;; - 9000/[34]??:4.3bsd:1.*:*) - echo m68k-hp-bsd - exit ;; - hp300:4.4BSD:*:* | 9000/[34]??:4.3bsd:2.*:*) - echo m68k-hp-bsd4.4 - exit ;; - 9000/[34678]??:HP-UX:*:*) - HPUX_REV=`echo ${UNAME_RELEASE}|sed -e 's/[^.]*.[0B]*//'` - case "${UNAME_MACHINE}" in - 9000/31? ) HP_ARCH=m68000 ;; - 9000/[34]?? ) HP_ARCH=m68k ;; - 9000/[678][0-9][0-9]) - if [ -x /usr/bin/getconf ]; then - sc_cpu_version=`/usr/bin/getconf SC_CPU_VERSION 2>/dev/null` - sc_kernel_bits=`/usr/bin/getconf SC_KERNEL_BITS 2>/dev/null` - case "${sc_cpu_version}" in - 523) HP_ARCH=hppa1.0 ;; # CPU_PA_RISC1_0 - 528) HP_ARCH=hppa1.1 ;; # CPU_PA_RISC1_1 - 532) # CPU_PA_RISC2_0 - case "${sc_kernel_bits}" in - 32) HP_ARCH=hppa2.0n ;; - 64) HP_ARCH=hppa2.0w ;; - '') HP_ARCH=hppa2.0 ;; # HP-UX 10.20 - esac ;; - esac - fi - if [ "${HP_ARCH}" = "" ]; then - eval $set_cc_for_build - sed 's/^ //' << EOF >$dummy.c - - #define _HPUX_SOURCE - #include - #include - - int main () - { - #if defined(_SC_KERNEL_BITS) - long bits = sysconf(_SC_KERNEL_BITS); - #endif - long cpu = sysconf (_SC_CPU_VERSION); - - switch (cpu) - { - case CPU_PA_RISC1_0: puts ("hppa1.0"); break; - case CPU_PA_RISC1_1: puts ("hppa1.1"); break; - case CPU_PA_RISC2_0: - #if defined(_SC_KERNEL_BITS) - switch (bits) - { - case 64: puts ("hppa2.0w"); break; - case 32: puts ("hppa2.0n"); break; - default: puts ("hppa2.0"); break; - } break; - #else /* !defined(_SC_KERNEL_BITS) */ - puts ("hppa2.0"); break; - #endif - default: puts ("hppa1.0"); break; - } - exit (0); - } -EOF - (CCOPTS="" $CC_FOR_BUILD -o $dummy $dummy.c 2>/dev/null) && HP_ARCH=`$dummy` - test -z "$HP_ARCH" && HP_ARCH=hppa - fi ;; - esac - if [ ${HP_ARCH} = hppa2.0w ] - then - eval $set_cc_for_build - - # hppa2.0w-hp-hpux* has a 64-bit kernel and a compiler generating - # 32-bit code. hppa64-hp-hpux* has the same kernel and a compiler - # generating 64-bit code. GNU and HP use different nomenclature: - # - # $ CC_FOR_BUILD=cc ./config.guess - # => hppa2.0w-hp-hpux11.23 - # $ CC_FOR_BUILD="cc +DA2.0w" ./config.guess - # => hppa64-hp-hpux11.23 - - if echo __LP64__ | (CCOPTS="" $CC_FOR_BUILD -E - 2>/dev/null) | - grep -q __LP64__ - then - HP_ARCH=hppa2.0w - else - HP_ARCH=hppa64 - fi - fi - echo ${HP_ARCH}-hp-hpux${HPUX_REV} - exit ;; - ia64:HP-UX:*:*) - HPUX_REV=`echo ${UNAME_RELEASE}|sed -e 's/[^.]*.[0B]*//'` - echo ia64-hp-hpux${HPUX_REV} - exit ;; - 3050*:HI-UX:*:*) - eval $set_cc_for_build - sed 's/^ //' << EOF >$dummy.c - #include - int - main () - { - long cpu = sysconf (_SC_CPU_VERSION); - /* The order matters, because CPU_IS_HP_MC68K erroneously returns - true for CPU_PA_RISC1_0. CPU_IS_PA_RISC returns correct - results, however. */ - if (CPU_IS_PA_RISC (cpu)) - { - switch (cpu) - { - case CPU_PA_RISC1_0: puts ("hppa1.0-hitachi-hiuxwe2"); break; - case CPU_PA_RISC1_1: puts ("hppa1.1-hitachi-hiuxwe2"); break; - case CPU_PA_RISC2_0: puts ("hppa2.0-hitachi-hiuxwe2"); break; - default: puts ("hppa-hitachi-hiuxwe2"); break; - } - } - else if (CPU_IS_HP_MC68K (cpu)) - puts ("m68k-hitachi-hiuxwe2"); - else puts ("unknown-hitachi-hiuxwe2"); - exit (0); - } -EOF - $CC_FOR_BUILD -o $dummy $dummy.c && SYSTEM_NAME=`$dummy` && - { echo "$SYSTEM_NAME"; exit; } - echo unknown-hitachi-hiuxwe2 - exit ;; - 9000/7??:4.3bsd:*:* | 9000/8?[79]:4.3bsd:*:* ) - echo hppa1.1-hp-bsd - exit ;; - 9000/8??:4.3bsd:*:*) - echo hppa1.0-hp-bsd - exit ;; - *9??*:MPE/iX:*:* | *3000*:MPE/iX:*:*) - echo hppa1.0-hp-mpeix - exit ;; - hp7??:OSF1:*:* | hp8?[79]:OSF1:*:* ) - echo hppa1.1-hp-osf - exit ;; - hp8??:OSF1:*:*) - echo hppa1.0-hp-osf - exit ;; - i*86:OSF1:*:*) - if [ -x /usr/sbin/sysversion ] ; then - echo ${UNAME_MACHINE}-unknown-osf1mk - else - echo ${UNAME_MACHINE}-unknown-osf1 - fi - exit ;; - parisc*:Lites*:*:*) - echo hppa1.1-hp-lites - exit ;; - C1*:ConvexOS:*:* | convex:ConvexOS:C1*:*) - echo c1-convex-bsd - exit ;; - C2*:ConvexOS:*:* | convex:ConvexOS:C2*:*) - if getsysinfo -f scalar_acc - then echo c32-convex-bsd - else echo c2-convex-bsd - fi - exit ;; - C34*:ConvexOS:*:* | convex:ConvexOS:C34*:*) - echo c34-convex-bsd - exit ;; - C38*:ConvexOS:*:* | convex:ConvexOS:C38*:*) - echo c38-convex-bsd - exit ;; - C4*:ConvexOS:*:* | convex:ConvexOS:C4*:*) - echo c4-convex-bsd - exit ;; - CRAY*Y-MP:*:*:*) - echo ymp-cray-unicos${UNAME_RELEASE} | sed -e 's/\.[^.]*$/.X/' - exit ;; - CRAY*[A-Z]90:*:*:*) - echo ${UNAME_MACHINE}-cray-unicos${UNAME_RELEASE} \ - | sed -e 's/CRAY.*\([A-Z]90\)/\1/' \ - -e y/ABCDEFGHIJKLMNOPQRSTUVWXYZ/abcdefghijklmnopqrstuvwxyz/ \ - -e 's/\.[^.]*$/.X/' - exit ;; - CRAY*TS:*:*:*) - echo t90-cray-unicos${UNAME_RELEASE} | sed -e 's/\.[^.]*$/.X/' - exit ;; - CRAY*T3E:*:*:*) - echo alphaev5-cray-unicosmk${UNAME_RELEASE} | sed -e 's/\.[^.]*$/.X/' - exit ;; - CRAY*SV1:*:*:*) - echo sv1-cray-unicos${UNAME_RELEASE} | sed -e 's/\.[^.]*$/.X/' - exit ;; - *:UNICOS/mp:*:*) - echo craynv-cray-unicosmp${UNAME_RELEASE} | sed -e 's/\.[^.]*$/.X/' - exit ;; - F30[01]:UNIX_System_V:*:* | F700:UNIX_System_V:*:*) - FUJITSU_PROC=`uname -m | tr ABCDEFGHIJKLMNOPQRSTUVWXYZ abcdefghijklmnopqrstuvwxyz` - FUJITSU_SYS=`uname -p | tr ABCDEFGHIJKLMNOPQRSTUVWXYZ abcdefghijklmnopqrstuvwxyz | sed -e 's/\///'` - FUJITSU_REL=`echo ${UNAME_RELEASE} | sed -e 's/ /_/'` - echo "${FUJITSU_PROC}-fujitsu-${FUJITSU_SYS}${FUJITSU_REL}" - exit ;; - 5000:UNIX_System_V:4.*:*) - FUJITSU_SYS=`uname -p | tr ABCDEFGHIJKLMNOPQRSTUVWXYZ abcdefghijklmnopqrstuvwxyz | sed -e 's/\///'` - FUJITSU_REL=`echo ${UNAME_RELEASE} | tr ABCDEFGHIJKLMNOPQRSTUVWXYZ abcdefghijklmnopqrstuvwxyz | sed -e 's/ /_/'` - echo "sparc-fujitsu-${FUJITSU_SYS}${FUJITSU_REL}" - exit ;; - i*86:BSD/386:*:* | i*86:BSD/OS:*:* | *:Ascend\ Embedded/OS:*:*) - echo ${UNAME_MACHINE}-pc-bsdi${UNAME_RELEASE} - exit ;; - sparc*:BSD/OS:*:*) - echo sparc-unknown-bsdi${UNAME_RELEASE} - exit ;; - *:BSD/OS:*:*) - echo ${UNAME_MACHINE}-unknown-bsdi${UNAME_RELEASE} - exit ;; - *:FreeBSD:*:*) - UNAME_PROCESSOR=`/usr/bin/uname -p` - case ${UNAME_PROCESSOR} in - amd64) - echo x86_64-unknown-freebsd`echo ${UNAME_RELEASE}|sed -e 's/[-(].*//'` ;; - *) - echo ${UNAME_PROCESSOR}-unknown-freebsd`echo ${UNAME_RELEASE}|sed -e 's/[-(].*//'` ;; - esac - exit ;; - i*:CYGWIN*:*) - echo ${UNAME_MACHINE}-pc-cygwin - exit ;; - *:MINGW64*:*) - echo ${UNAME_MACHINE}-pc-mingw64 - exit ;; - *:MINGW*:*) - echo ${UNAME_MACHINE}-pc-mingw32 - exit ;; - *:MSYS*:*) - echo ${UNAME_MACHINE}-pc-msys - exit ;; - i*:windows32*:*) - # uname -m includes "-pc" on this system. - echo ${UNAME_MACHINE}-mingw32 - exit ;; - i*:PW*:*) - echo ${UNAME_MACHINE}-pc-pw32 - exit ;; - *:Interix*:*) - case ${UNAME_MACHINE} in - x86) - echo i586-pc-interix${UNAME_RELEASE} - exit ;; - authenticamd | genuineintel | EM64T) - echo x86_64-unknown-interix${UNAME_RELEASE} - exit ;; - IA64) - echo ia64-unknown-interix${UNAME_RELEASE} - exit ;; - esac ;; - [345]86:Windows_95:* | [345]86:Windows_98:* | [345]86:Windows_NT:*) - echo i${UNAME_MACHINE}-pc-mks - exit ;; - 8664:Windows_NT:*) - echo x86_64-pc-mks - exit ;; - i*:Windows_NT*:* | Pentium*:Windows_NT*:*) - # How do we know it's Interix rather than the generic POSIX subsystem? - # It also conflicts with pre-2.0 versions of AT&T UWIN. Should we - # UNAME_MACHINE based on the output of uname instead of i386? - echo i586-pc-interix - exit ;; - i*:UWIN*:*) - echo ${UNAME_MACHINE}-pc-uwin - exit ;; - amd64:CYGWIN*:*:* | x86_64:CYGWIN*:*:*) - echo x86_64-unknown-cygwin - exit ;; - p*:CYGWIN*:*) - echo powerpcle-unknown-cygwin - exit ;; - prep*:SunOS:5.*:*) - echo powerpcle-unknown-solaris2`echo ${UNAME_RELEASE}|sed -e 's/[^.]*//'` - exit ;; - *:GNU:*:*) - # the GNU system - echo `echo ${UNAME_MACHINE}|sed -e 's,[-/].*$,,'`-unknown-${LIBC}`echo ${UNAME_RELEASE}|sed -e 's,/.*$,,'` - exit ;; - *:GNU/*:*:*) - # other systems with GNU libc and userland - echo ${UNAME_MACHINE}-unknown-`echo ${UNAME_SYSTEM} | sed 's,^[^/]*/,,' | tr "[:upper:]" "[:lower:]"``echo ${UNAME_RELEASE}|sed -e 's/[-(].*//'`-${LIBC} - exit ;; - i*86:Minix:*:*) - echo ${UNAME_MACHINE}-pc-minix - exit ;; - aarch64:Linux:*:*) - echo ${UNAME_MACHINE}-unknown-linux-${LIBC} - exit ;; - aarch64_be:Linux:*:*) - UNAME_MACHINE=aarch64_be - echo ${UNAME_MACHINE}-unknown-linux-${LIBC} - exit ;; - alpha:Linux:*:*) - case `sed -n '/^cpu model/s/^.*: \(.*\)/\1/p' < /proc/cpuinfo` in - EV5) UNAME_MACHINE=alphaev5 ;; - EV56) UNAME_MACHINE=alphaev56 ;; - PCA56) UNAME_MACHINE=alphapca56 ;; - PCA57) UNAME_MACHINE=alphapca56 ;; - EV6) UNAME_MACHINE=alphaev6 ;; - EV67) UNAME_MACHINE=alphaev67 ;; - EV68*) UNAME_MACHINE=alphaev68 ;; - esac - objdump --private-headers /bin/sh | grep -q ld.so.1 - if test "$?" = 0 ; then LIBC=gnulibc1 ; fi - echo ${UNAME_MACHINE}-unknown-linux-${LIBC} - exit ;; - arc:Linux:*:* | arceb:Linux:*:*) - echo ${UNAME_MACHINE}-unknown-linux-${LIBC} - exit ;; - arm*:Linux:*:*) - eval $set_cc_for_build - if echo __ARM_EABI__ | $CC_FOR_BUILD -E - 2>/dev/null \ - | grep -q __ARM_EABI__ - then - echo ${UNAME_MACHINE}-unknown-linux-${LIBC} - else - if echo __ARM_PCS_VFP | $CC_FOR_BUILD -E - 2>/dev/null \ - | grep -q __ARM_PCS_VFP - then - echo ${UNAME_MACHINE}-unknown-linux-${LIBC}eabi - else - echo ${UNAME_MACHINE}-unknown-linux-${LIBC}eabihf - fi - fi - exit ;; - avr32*:Linux:*:*) - echo ${UNAME_MACHINE}-unknown-linux-${LIBC} - exit ;; - cris:Linux:*:*) - echo ${UNAME_MACHINE}-axis-linux-${LIBC} - exit ;; - crisv32:Linux:*:*) - echo ${UNAME_MACHINE}-axis-linux-${LIBC} - exit ;; - e2k:Linux:*:*) - echo ${UNAME_MACHINE}-unknown-linux-${LIBC} - exit ;; - frv:Linux:*:*) - echo ${UNAME_MACHINE}-unknown-linux-${LIBC} - exit ;; - hexagon:Linux:*:*) - echo ${UNAME_MACHINE}-unknown-linux-${LIBC} - exit ;; - i*86:Linux:*:*) - echo ${UNAME_MACHINE}-pc-linux-${LIBC} - exit ;; - ia64:Linux:*:*) - echo ${UNAME_MACHINE}-unknown-linux-${LIBC} - exit ;; - k1om:Linux:*:*) - echo ${UNAME_MACHINE}-unknown-linux-${LIBC} - exit ;; - m32r*:Linux:*:*) - echo ${UNAME_MACHINE}-unknown-linux-${LIBC} - exit ;; - m68*:Linux:*:*) - echo ${UNAME_MACHINE}-unknown-linux-${LIBC} - exit ;; - mips:Linux:*:* | mips64:Linux:*:*) - eval $set_cc_for_build - sed 's/^ //' << EOF >$dummy.c - #undef CPU - #undef ${UNAME_MACHINE} - #undef ${UNAME_MACHINE}el - #if defined(__MIPSEL__) || defined(__MIPSEL) || defined(_MIPSEL) || defined(MIPSEL) - CPU=${UNAME_MACHINE}el - #else - #if defined(__MIPSEB__) || defined(__MIPSEB) || defined(_MIPSEB) || defined(MIPSEB) - CPU=${UNAME_MACHINE} - #else - CPU= - #endif - #endif -EOF - eval `$CC_FOR_BUILD -E $dummy.c 2>/dev/null | grep '^CPU'` - test x"${CPU}" != x && { echo "${CPU}-unknown-linux-${LIBC}"; exit; } - ;; - mips64el:Linux:*:*) - echo ${UNAME_MACHINE}-unknown-linux-${LIBC} - exit ;; - openrisc*:Linux:*:*) - echo or1k-unknown-linux-${LIBC} - exit ;; - or32:Linux:*:* | or1k*:Linux:*:*) - echo ${UNAME_MACHINE}-unknown-linux-${LIBC} - exit ;; - padre:Linux:*:*) - echo sparc-unknown-linux-${LIBC} - exit ;; - parisc64:Linux:*:* | hppa64:Linux:*:*) - echo hppa64-unknown-linux-${LIBC} - exit ;; - parisc:Linux:*:* | hppa:Linux:*:*) - # Look for CPU level - case `grep '^cpu[^a-z]*:' /proc/cpuinfo 2>/dev/null | cut -d' ' -f2` in - PA7*) echo hppa1.1-unknown-linux-${LIBC} ;; - PA8*) echo hppa2.0-unknown-linux-${LIBC} ;; - *) echo hppa-unknown-linux-${LIBC} ;; - esac - exit ;; - ppc64:Linux:*:*) - echo powerpc64-unknown-linux-${LIBC} - exit ;; - ppc:Linux:*:*) - echo powerpc-unknown-linux-${LIBC} - exit ;; - ppc64le:Linux:*:*) - echo powerpc64le-unknown-linux-${LIBC} - exit ;; - ppcle:Linux:*:*) - echo powerpcle-unknown-linux-${LIBC} - exit ;; - riscv32:Linux:*:* | riscv64:Linux:*:*) - echo ${UNAME_MACHINE}-unknown-linux-${LIBC} - exit ;; - s390:Linux:*:* | s390x:Linux:*:*) - echo ${UNAME_MACHINE}-ibm-linux-${LIBC} - exit ;; - sh64*:Linux:*:*) - echo ${UNAME_MACHINE}-unknown-linux-${LIBC} - exit ;; - sh*:Linux:*:*) - echo ${UNAME_MACHINE}-unknown-linux-${LIBC} - exit ;; - sparc:Linux:*:* | sparc64:Linux:*:*) - echo ${UNAME_MACHINE}-unknown-linux-${LIBC} - exit ;; - tile*:Linux:*:*) - echo ${UNAME_MACHINE}-unknown-linux-${LIBC} - exit ;; - vax:Linux:*:*) - echo ${UNAME_MACHINE}-dec-linux-${LIBC} - exit ;; - x86_64:Linux:*:*) - echo ${UNAME_MACHINE}-pc-linux-${LIBC} - exit ;; - xtensa*:Linux:*:*) - echo ${UNAME_MACHINE}-unknown-linux-${LIBC} - exit ;; - i*86:DYNIX/ptx:4*:*) - # ptx 4.0 does uname -s correctly, with DYNIX/ptx in there. - # earlier versions are messed up and put the nodename in both - # sysname and nodename. - echo i386-sequent-sysv4 - exit ;; - i*86:UNIX_SV:4.2MP:2.*) - # Unixware is an offshoot of SVR4, but it has its own version - # number series starting with 2... - # I am not positive that other SVR4 systems won't match this, - # I just have to hope. -- rms. - # Use sysv4.2uw... so that sysv4* matches it. - echo ${UNAME_MACHINE}-pc-sysv4.2uw${UNAME_VERSION} - exit ;; - i*86:OS/2:*:*) - # If we were able to find `uname', then EMX Unix compatibility - # is probably installed. - echo ${UNAME_MACHINE}-pc-os2-emx - exit ;; - i*86:XTS-300:*:STOP) - echo ${UNAME_MACHINE}-unknown-stop - exit ;; - i*86:atheos:*:*) - echo ${UNAME_MACHINE}-unknown-atheos - exit ;; - i*86:syllable:*:*) - echo ${UNAME_MACHINE}-pc-syllable - exit ;; - i*86:LynxOS:2.*:* | i*86:LynxOS:3.[01]*:* | i*86:LynxOS:4.[02]*:*) - echo i386-unknown-lynxos${UNAME_RELEASE} - exit ;; - i*86:*DOS:*:*) - echo ${UNAME_MACHINE}-pc-msdosdjgpp - exit ;; - i*86:*:4.*:* | i*86:SYSTEM_V:4.*:*) - UNAME_REL=`echo ${UNAME_RELEASE} | sed 's/\/MP$//'` - if grep Novell /usr/include/link.h >/dev/null 2>/dev/null; then - echo ${UNAME_MACHINE}-univel-sysv${UNAME_REL} - else - echo ${UNAME_MACHINE}-pc-sysv${UNAME_REL} - fi - exit ;; - i*86:*:5:[678]*) - # UnixWare 7.x, OpenUNIX and OpenServer 6. - case `/bin/uname -X | grep "^Machine"` in - *486*) UNAME_MACHINE=i486 ;; - *Pentium) UNAME_MACHINE=i586 ;; - *Pent*|*Celeron) UNAME_MACHINE=i686 ;; - esac - echo ${UNAME_MACHINE}-unknown-sysv${UNAME_RELEASE}${UNAME_SYSTEM}${UNAME_VERSION} - exit ;; - i*86:*:3.2:*) - if test -f /usr/options/cb.name; then - UNAME_REL=`sed -n 's/.*Version //p' /dev/null >/dev/null ; then - UNAME_REL=`(/bin/uname -X|grep Release|sed -e 's/.*= //')` - (/bin/uname -X|grep i80486 >/dev/null) && UNAME_MACHINE=i486 - (/bin/uname -X|grep '^Machine.*Pentium' >/dev/null) \ - && UNAME_MACHINE=i586 - (/bin/uname -X|grep '^Machine.*Pent *II' >/dev/null) \ - && UNAME_MACHINE=i686 - (/bin/uname -X|grep '^Machine.*Pentium Pro' >/dev/null) \ - && UNAME_MACHINE=i686 - echo ${UNAME_MACHINE}-pc-sco$UNAME_REL - else - echo ${UNAME_MACHINE}-pc-sysv32 - fi - exit ;; - pc:*:*:*) - # Left here for compatibility: - # uname -m prints for DJGPP always 'pc', but it prints nothing about - # the processor, so we play safe by assuming i586. - # Note: whatever this is, it MUST be the same as what config.sub - # prints for the "djgpp" host, or else GDB configure will decide that - # this is a cross-build. - echo i586-pc-msdosdjgpp - exit ;; - Intel:Mach:3*:*) - echo i386-pc-mach3 - exit ;; - paragon:*:*:*) - echo i860-intel-osf1 - exit ;; - i860:*:4.*:*) # i860-SVR4 - if grep Stardent /usr/include/sys/uadmin.h >/dev/null 2>&1 ; then - echo i860-stardent-sysv${UNAME_RELEASE} # Stardent Vistra i860-SVR4 - else # Add other i860-SVR4 vendors below as they are discovered. - echo i860-unknown-sysv${UNAME_RELEASE} # Unknown i860-SVR4 - fi - exit ;; - mini*:CTIX:SYS*5:*) - # "miniframe" - echo m68010-convergent-sysv - exit ;; - mc68k:UNIX:SYSTEM5:3.51m) - echo m68k-convergent-sysv - exit ;; - M680?0:D-NIX:5.3:*) - echo m68k-diab-dnix - exit ;; - M68*:*:R3V[5678]*:*) - test -r /sysV68 && { echo 'm68k-motorola-sysv'; exit; } ;; - 3[345]??:*:4.0:3.0 | 3[34]??A:*:4.0:3.0 | 3[34]??,*:*:4.0:3.0 | 3[34]??/*:*:4.0:3.0 | 4400:*:4.0:3.0 | 4850:*:4.0:3.0 | SKA40:*:4.0:3.0 | SDS2:*:4.0:3.0 | SHG2:*:4.0:3.0 | S7501*:*:4.0:3.0) - OS_REL='' - test -r /etc/.relid \ - && OS_REL=.`sed -n 's/[^ ]* [^ ]* \([0-9][0-9]\).*/\1/p' < /etc/.relid` - /bin/uname -p 2>/dev/null | grep 86 >/dev/null \ - && { echo i486-ncr-sysv4.3${OS_REL}; exit; } - /bin/uname -p 2>/dev/null | /bin/grep entium >/dev/null \ - && { echo i586-ncr-sysv4.3${OS_REL}; exit; } ;; - 3[34]??:*:4.0:* | 3[34]??,*:*:4.0:*) - /bin/uname -p 2>/dev/null | grep 86 >/dev/null \ - && { echo i486-ncr-sysv4; exit; } ;; - NCR*:*:4.2:* | MPRAS*:*:4.2:*) - OS_REL='.3' - test -r /etc/.relid \ - && OS_REL=.`sed -n 's/[^ ]* [^ ]* \([0-9][0-9]\).*/\1/p' < /etc/.relid` - /bin/uname -p 2>/dev/null | grep 86 >/dev/null \ - && { echo i486-ncr-sysv4.3${OS_REL}; exit; } - /bin/uname -p 2>/dev/null | /bin/grep entium >/dev/null \ - && { echo i586-ncr-sysv4.3${OS_REL}; exit; } - /bin/uname -p 2>/dev/null | /bin/grep pteron >/dev/null \ - && { echo i586-ncr-sysv4.3${OS_REL}; exit; } ;; - m68*:LynxOS:2.*:* | m68*:LynxOS:3.0*:*) - echo m68k-unknown-lynxos${UNAME_RELEASE} - exit ;; - mc68030:UNIX_System_V:4.*:*) - echo m68k-atari-sysv4 - exit ;; - TSUNAMI:LynxOS:2.*:*) - echo sparc-unknown-lynxos${UNAME_RELEASE} - exit ;; - rs6000:LynxOS:2.*:*) - echo rs6000-unknown-lynxos${UNAME_RELEASE} - exit ;; - PowerPC:LynxOS:2.*:* | PowerPC:LynxOS:3.[01]*:* | PowerPC:LynxOS:4.[02]*:*) - echo powerpc-unknown-lynxos${UNAME_RELEASE} - exit ;; - SM[BE]S:UNIX_SV:*:*) - echo mips-dde-sysv${UNAME_RELEASE} - exit ;; - RM*:ReliantUNIX-*:*:*) - echo mips-sni-sysv4 - exit ;; - RM*:SINIX-*:*:*) - echo mips-sni-sysv4 - exit ;; - *:SINIX-*:*:*) - if uname -p 2>/dev/null >/dev/null ; then - UNAME_MACHINE=`(uname -p) 2>/dev/null` - echo ${UNAME_MACHINE}-sni-sysv4 - else - echo ns32k-sni-sysv - fi - exit ;; - PENTIUM:*:4.0*:*) # Unisys `ClearPath HMP IX 4000' SVR4/MP effort - # says - echo i586-unisys-sysv4 - exit ;; - *:UNIX_System_V:4*:FTX*) - # From Gerald Hewes . - # How about differentiating between stratus architectures? -djm - echo hppa1.1-stratus-sysv4 - exit ;; - *:*:*:FTX*) - # From seanf@swdc.stratus.com. - echo i860-stratus-sysv4 - exit ;; - i*86:VOS:*:*) - # From Paul.Green@stratus.com. - echo ${UNAME_MACHINE}-stratus-vos - exit ;; - *:VOS:*:*) - # From Paul.Green@stratus.com. - echo hppa1.1-stratus-vos - exit ;; - mc68*:A/UX:*:*) - echo m68k-apple-aux${UNAME_RELEASE} - exit ;; - news*:NEWS-OS:6*:*) - echo mips-sony-newsos6 - exit ;; - R[34]000:*System_V*:*:* | R4000:UNIX_SYSV:*:* | R*000:UNIX_SV:*:*) - if [ -d /usr/nec ]; then - echo mips-nec-sysv${UNAME_RELEASE} - else - echo mips-unknown-sysv${UNAME_RELEASE} - fi - exit ;; - BeBox:BeOS:*:*) # BeOS running on hardware made by Be, PPC only. - echo powerpc-be-beos - exit ;; - BeMac:BeOS:*:*) # BeOS running on Mac or Mac clone, PPC only. - echo powerpc-apple-beos - exit ;; - BePC:BeOS:*:*) # BeOS running on Intel PC compatible. - echo i586-pc-beos - exit ;; - BePC:Haiku:*:*) # Haiku running on Intel PC compatible. - echo i586-pc-haiku - exit ;; - x86_64:Haiku:*:*) - echo x86_64-unknown-haiku - exit ;; - SX-4:SUPER-UX:*:*) - echo sx4-nec-superux${UNAME_RELEASE} - exit ;; - SX-5:SUPER-UX:*:*) - echo sx5-nec-superux${UNAME_RELEASE} - exit ;; - SX-6:SUPER-UX:*:*) - echo sx6-nec-superux${UNAME_RELEASE} - exit ;; - SX-7:SUPER-UX:*:*) - echo sx7-nec-superux${UNAME_RELEASE} - exit ;; - SX-8:SUPER-UX:*:*) - echo sx8-nec-superux${UNAME_RELEASE} - exit ;; - SX-8R:SUPER-UX:*:*) - echo sx8r-nec-superux${UNAME_RELEASE} - exit ;; - SX-ACE:SUPER-UX:*:*) - echo sxace-nec-superux${UNAME_RELEASE} - exit ;; - Power*:Rhapsody:*:*) - echo powerpc-apple-rhapsody${UNAME_RELEASE} - exit ;; - *:Rhapsody:*:*) - echo ${UNAME_MACHINE}-apple-rhapsody${UNAME_RELEASE} - exit ;; - *:Darwin:*:*) - UNAME_PROCESSOR=`uname -p` || UNAME_PROCESSOR=unknown - eval $set_cc_for_build - if test "$UNAME_PROCESSOR" = unknown ; then - UNAME_PROCESSOR=powerpc - fi - if test `echo "$UNAME_RELEASE" | sed -e 's/\..*//'` -le 10 ; then - if [ "$CC_FOR_BUILD" != no_compiler_found ]; then - if (echo '#ifdef __LP64__'; echo IS_64BIT_ARCH; echo '#endif') | \ - (CCOPTS="" $CC_FOR_BUILD -E - 2>/dev/null) | \ - grep IS_64BIT_ARCH >/dev/null - then - case $UNAME_PROCESSOR in - i386) UNAME_PROCESSOR=x86_64 ;; - powerpc) UNAME_PROCESSOR=powerpc64 ;; - esac - fi - fi - elif test "$UNAME_PROCESSOR" = i386 ; then - # Avoid executing cc on OS X 10.9, as it ships with a stub - # that puts up a graphical alert prompting to install - # developer tools. Any system running Mac OS X 10.7 or - # later (Darwin 11 and later) is required to have a 64-bit - # processor. This is not true of the ARM version of Darwin - # that Apple uses in portable devices. - UNAME_PROCESSOR=x86_64 - fi - echo ${UNAME_PROCESSOR}-apple-darwin${UNAME_RELEASE} - exit ;; - *:procnto*:*:* | *:QNX:[0123456789]*:*) - UNAME_PROCESSOR=`uname -p` - if test "$UNAME_PROCESSOR" = x86; then - UNAME_PROCESSOR=i386 - UNAME_MACHINE=pc - fi - echo ${UNAME_PROCESSOR}-${UNAME_MACHINE}-nto-qnx${UNAME_RELEASE} - exit ;; - *:QNX:*:4*) - echo i386-pc-qnx - exit ;; - NEO-?:NONSTOP_KERNEL:*:*) - echo neo-tandem-nsk${UNAME_RELEASE} - exit ;; - NSE-*:NONSTOP_KERNEL:*:*) - echo nse-tandem-nsk${UNAME_RELEASE} - exit ;; - NSR-?:NONSTOP_KERNEL:*:*) - echo nsr-tandem-nsk${UNAME_RELEASE} - exit ;; - *:NonStop-UX:*:*) - echo mips-compaq-nonstopux - exit ;; - BS2000:POSIX*:*:*) - echo bs2000-siemens-sysv - exit ;; - DS/*:UNIX_System_V:*:*) - echo ${UNAME_MACHINE}-${UNAME_SYSTEM}-${UNAME_RELEASE} - exit ;; - *:Plan9:*:*) - # "uname -m" is not consistent, so use $cputype instead. 386 - # is converted to i386 for consistency with other x86 - # operating systems. - if test "$cputype" = 386; then - UNAME_MACHINE=i386 - else - UNAME_MACHINE="$cputype" - fi - echo ${UNAME_MACHINE}-unknown-plan9 - exit ;; - *:TOPS-10:*:*) - echo pdp10-unknown-tops10 - exit ;; - *:TENEX:*:*) - echo pdp10-unknown-tenex - exit ;; - KS10:TOPS-20:*:* | KL10:TOPS-20:*:* | TYPE4:TOPS-20:*:*) - echo pdp10-dec-tops20 - exit ;; - XKL-1:TOPS-20:*:* | TYPE5:TOPS-20:*:*) - echo pdp10-xkl-tops20 - exit ;; - *:TOPS-20:*:*) - echo pdp10-unknown-tops20 - exit ;; - *:ITS:*:*) - echo pdp10-unknown-its - exit ;; - SEI:*:*:SEIUX) - echo mips-sei-seiux${UNAME_RELEASE} - exit ;; - *:DragonFly:*:*) - echo ${UNAME_MACHINE}-unknown-dragonfly`echo ${UNAME_RELEASE}|sed -e 's/[-(].*//'` - exit ;; - *:*VMS:*:*) - UNAME_MACHINE=`(uname -p) 2>/dev/null` - case "${UNAME_MACHINE}" in - A*) echo alpha-dec-vms ; exit ;; - I*) echo ia64-dec-vms ; exit ;; - V*) echo vax-dec-vms ; exit ;; - esac ;; - *:XENIX:*:SysV) - echo i386-pc-xenix - exit ;; - i*86:skyos:*:*) - echo ${UNAME_MACHINE}-pc-skyos`echo ${UNAME_RELEASE} | sed -e 's/ .*$//'` - exit ;; - i*86:rdos:*:*) - echo ${UNAME_MACHINE}-pc-rdos - exit ;; - i*86:AROS:*:*) - echo ${UNAME_MACHINE}-pc-aros - exit ;; - x86_64:VMkernel:*:*) - echo ${UNAME_MACHINE}-unknown-esx - exit ;; - amd64:Isilon\ OneFS:*:*) - echo x86_64-unknown-onefs - exit ;; -esac - -cat >&2 </dev/null || echo unknown` -uname -r = `(uname -r) 2>/dev/null || echo unknown` -uname -s = `(uname -s) 2>/dev/null || echo unknown` -uname -v = `(uname -v) 2>/dev/null || echo unknown` - -/usr/bin/uname -p = `(/usr/bin/uname -p) 2>/dev/null` -/bin/uname -X = `(/bin/uname -X) 2>/dev/null` - -hostinfo = `(hostinfo) 2>/dev/null` -/bin/universe = `(/bin/universe) 2>/dev/null` -/usr/bin/arch -k = `(/usr/bin/arch -k) 2>/dev/null` -/bin/arch = `(/bin/arch) 2>/dev/null` -/usr/bin/oslevel = `(/usr/bin/oslevel) 2>/dev/null` -/usr/convex/getsysinfo = `(/usr/convex/getsysinfo) 2>/dev/null` - -UNAME_MACHINE = ${UNAME_MACHINE} -UNAME_RELEASE = ${UNAME_RELEASE} -UNAME_SYSTEM = ${UNAME_SYSTEM} -UNAME_VERSION = ${UNAME_VERSION} -EOF - -exit 1 - -# Local variables: -# eval: (add-hook 'write-file-hooks 'time-stamp) -# time-stamp-start: "timestamp='" -# time-stamp-format: "%:y-%02m-%02d" -# time-stamp-end: "'" -# End: diff -Nru sudo-1.9.5p2/config.h.in sudo-1.9.9/config.h.in --- sudo-1.9.5p2/config.h.in 2020-12-17 01:34:30.000000000 +0000 +++ sudo-1.9.9/config.h.in 2022-01-27 21:24:22.000000000 +0000 @@ -129,6 +129,10 @@ don't. */ #undef HAVE_DECL_GETRESUID +/* Define to 1 if you have the declaration of `getusershell', and to 0 if you + don't. */ +#undef HAVE_DECL_GETUSERSHELL + /* Define to 1 if you have the declaration of `h_errno', and to 0 if you don't. */ #undef HAVE_DECL_H_ERRNO @@ -149,6 +153,14 @@ don't. */ #undef HAVE_DECL_PATH_MAX +/* Define to 1 if you have the declaration of `pread64', and to 0 if you + don't. */ +#undef HAVE_DECL_PREAD64 + +/* Define to 1 if you have the declaration of `pwrite64', and to 0 if you + don't. */ +#undef HAVE_DECL_PWRITE64 + /* Define to 1 if you have the declaration of `QUAD_MAX', and to 0 if you don't. */ #undef HAVE_DECL_QUAD_MAX @@ -181,6 +193,10 @@ don't. */ #undef HAVE_DECL_SIZE_T_MAX +/* Define to 1 if you have the declaration of `SSIZE_MAX', and to 0 if you + don't. */ +#undef HAVE_DECL_SSIZE_MAX + /* Define to 1 if you have the declaration of `sys_sigabbrev', and to 0 if you don't. */ #undef HAVE_DECL_SYS_SIGABBREV @@ -282,6 +298,9 @@ /* Define to 1 if you have the `fexecve' function. */ #undef HAVE_FEXECVE +/* Define to 1 if you have the `fmemopen' function. */ +#undef HAVE_FMEMOPEN + /* Define to 1 if you have the `fnmatch' function. */ #undef HAVE_FNMATCH @@ -291,7 +310,7 @@ /* Define to 1 if you have the `freezero' function. */ #undef HAVE_FREEZERO -/* Define to 1 if you have the `fseeko' function. */ +/* Define to 1 if fseeko (and presumably ftello) exists and is declared. */ #undef HAVE_FSEEKO /* Define to 1 if you have the `fstatat' function. */ @@ -389,6 +408,9 @@ /* Define to 1 if you have the `glob' function. */ #undef HAVE_GLOB +/* Define to 1 if you have the `gmtime_r' function. */ +#undef HAVE_GMTIME_R + /* Define to 1 if you have the `grantpt' function. */ #undef HAVE_GRANTPT @@ -517,6 +539,9 @@ /* Define to 1 if you have the header file. */ #undef HAVE_LIBINTL_H +/* Define to 1 if you have the header file. */ +#undef HAVE_LIBPROC_H + /* Define to 1 if you have the header file. */ #undef HAVE_LIBUTIL_H @@ -526,6 +551,9 @@ /* Define to 1 if you have the header file. */ #undef HAVE_LINUX_RANDOM_H +/* Define to 1 if you have the `localtime_r' function. */ +#undef HAVE_LOCALTIME_R + /* Define to 1 if you have the `lockf' function. */ #undef HAVE_LOCKF @@ -547,9 +575,6 @@ /* Define to 1 if you have the header file. */ #undef HAVE_MAILLOCK_H -/* Define to 1 if you have the header file. */ -#undef HAVE_MEMORY_H - /* Define to 1 if you have the `memrchr' function. */ #undef HAVE_MEMRCHR @@ -559,6 +584,12 @@ /* Define to 1 if you have the `memset_s' function. */ #undef HAVE_MEMSET_S +/* Define to 1 if you have the header file. */ +#undef HAVE_MINIX_CONFIG_H + +/* Define to 1 if you have the `mkdirat' function. */ +#undef HAVE_MKDIRAT + /* Define to 1 if you have the `mkdtemp' function. */ #undef HAVE_MKDTEMP @@ -649,6 +680,9 @@ /* Define to 1 if you have the header file. */ #undef HAVE_PROCFS_H +/* Define to 1 if you have the `proc_pidinfo' function. */ +#undef HAVE_PROC_PIDINFO + /* Define to 1 if you have the header file. */ #undef HAVE_PROJECT_H @@ -767,6 +801,9 @@ /* Define to 1 if you have the `SSL_CTX_get0_certificate' function. */ #undef HAVE_SSL_CTX_GET0_CERTIFICATE +/* Define to 1 if you have the `SSL_CTX_set0_tmp_dh_pkey' function. */ +#undef HAVE_SSL_CTX_SET0_TMP_DH_PKEY + /* Define to 1 if you have the `SSL_CTX_set_ciphersuites' function or macro. */ #undef HAVE_SSL_CTX_SET_CIPHERSUITES @@ -784,6 +821,9 @@ /* Define to 1 if you have the header file. */ #undef HAVE_STDINT_H +/* Define to 1 if you have the header file. */ +#undef HAVE_STDIO_H + /* Define to 1 if you have the header file. */ #undef HAVE_STDLIB_H @@ -811,6 +851,9 @@ /* Define to 1 if you have the `strsignal' function. */ #undef HAVE_STRSIGNAL +/* Define to 1 if you have the `strtoull' function. */ +#undef HAVE_STRTOULL + /* Define to 1 if `d_namlen' is a member of `struct dirent'. */ #undef HAVE_STRUCT_DIRENT_D_NAMLEN @@ -915,6 +958,9 @@ /* Define to 1 if you have the header file. */ #undef HAVE_SYS_SYSCALL_H +/* Define to 1 if you have the header file. */ +#undef HAVE_SYS_SYSCTL_H + /* Define to 1 if you have the header file. */ #undef HAVE_SYS_SYSMACROS_H @@ -924,11 +970,11 @@ /* Define to 1 if you have the header file. */ #undef HAVE_SYS_TYPES_H -/* Define to 1 if you have the `TLS_client_method' function. */ -#undef HAVE_TLS_CLIENT_METHOD +/* Define to 1 if you have the `timegm' function. */ +#undef HAVE_TIMEGM -/* Define to 1 if you have the `TLS_server_method' function. */ -#undef HAVE_TLS_SERVER_METHOD +/* Define to 1 if you have the `TLS_method' function. */ +#undef HAVE_TLS_METHOD /* Define to 1 if you have the `ttyslot' function. */ #undef HAVE_TTYSLOT @@ -963,11 +1009,17 @@ /* Define to 1 if you have the `vasprintf' function. */ #undef HAVE_VASPRINTF +/* Define to 1 if you have the `va_copy' function. */ +#undef HAVE_VA_COPY + /* Define to 1 if you have the `vsnprintf' function. */ #undef HAVE_VSNPRINTF -/* Define to 1 if you have the `vsyslog' function. */ -#undef HAVE_VSYSLOG +/* Define to 1 if you have the header file. */ +#undef HAVE_WCHAR_H + +/* Define to 1 if you are using wolfSSL's TLS and sha2 functions. */ +#undef HAVE_WOLFSSL /* Define to 1 if you have the `wordexp' function. */ #undef HAVE_WORDEXP @@ -1014,6 +1066,9 @@ /* Define to 1 if your crt0.o defines the __progname symbol for you. */ #undef HAVE___PROGNAME +/* Define to 1 if you have the `__va_copy' function. */ +#undef HAVE___VA_COPY + /* Define to 1 if you want the hostname to be entered into the log file. */ #undef HOST_IN_LOG @@ -1184,7 +1239,9 @@ */ #undef STATIC_SUDOERS_PLUGIN -/* Define to 1 if you have the ANSI C header files. */ +/* Define to 1 if all of the C90 standard headers exist (not just the ones + required in a freestanding environment). This macro is provided for + backward compatibility; new code need not use it. */ #undef STDC_HEADERS /* Define to 1 if the code in interfaces.c does not compile for you. */ @@ -1216,10 +1273,6 @@ /* Define to 1 if the `unsetenv' function returns void instead of `int'. */ #undef UNSETENV_VOID -/* Define to 1 if you want to create ~/.sudo_as_admin_successful if the user - is in the admin group the first time they run sudo. */ -#undef USE_ADMIN_FLAG - /* Define to 1 if you want to insult the user for entering an incorrect password. */ #undef USE_INSULTS @@ -1231,52 +1284,102 @@ #ifndef _ALL_SOURCE # undef _ALL_SOURCE #endif +/* Enable general extensions on macOS. */ +#ifndef _DARWIN_C_SOURCE +# undef _DARWIN_C_SOURCE +#endif +/* Enable general extensions on Solaris. */ +#ifndef __EXTENSIONS__ +# undef __EXTENSIONS__ +#endif /* Enable GNU extensions on systems that have them. */ #ifndef _GNU_SOURCE # undef _GNU_SOURCE #endif -/* Enable threading extensions on Solaris. */ +/* Enable X/Open compliant socket functions that do not require linking + with -lxnet on HP-UX 11.11. */ +#ifndef _HPUX_ALT_XOPEN_SOCKET_API +# undef _HPUX_ALT_XOPEN_SOCKET_API +#endif +/* Identify the host operating system as Minix. + This macro does not affect the system headers' behavior. + A future release of Autoconf may stop defining this macro. */ +#ifndef _MINIX +# undef _MINIX +#endif +/* Enable general extensions on NetBSD. + Enable NetBSD compatibility extensions on Minix. */ +#ifndef _NETBSD_SOURCE +# undef _NETBSD_SOURCE +#endif +/* Enable OpenBSD compatibility extensions on NetBSD. + Oddly enough, this does nothing on OpenBSD. */ +#ifndef _OPENBSD_SOURCE +# undef _OPENBSD_SOURCE +#endif +/* Define to 1 if needed for POSIX-compatible behavior. */ +#ifndef _POSIX_SOURCE +# undef _POSIX_SOURCE +#endif +/* Define to 2 if needed for POSIX-compatible behavior. */ +#ifndef _POSIX_1_SOURCE +# undef _POSIX_1_SOURCE +#endif +/* Enable POSIX-compatible threading on Solaris. */ #ifndef _POSIX_PTHREAD_SEMANTICS # undef _POSIX_PTHREAD_SEMANTICS #endif +/* Enable extensions specified by ISO/IEC TS 18661-5:2014. */ +#ifndef __STDC_WANT_IEC_60559_ATTRIBS_EXT__ +# undef __STDC_WANT_IEC_60559_ATTRIBS_EXT__ +#endif +/* Enable extensions specified by ISO/IEC TS 18661-1:2014. */ +#ifndef __STDC_WANT_IEC_60559_BFP_EXT__ +# undef __STDC_WANT_IEC_60559_BFP_EXT__ +#endif +/* Enable extensions specified by ISO/IEC TS 18661-2:2015. */ +#ifndef __STDC_WANT_IEC_60559_DFP_EXT__ +# undef __STDC_WANT_IEC_60559_DFP_EXT__ +#endif +/* Enable extensions specified by ISO/IEC TS 18661-4:2015. */ +#ifndef __STDC_WANT_IEC_60559_FUNCS_EXT__ +# undef __STDC_WANT_IEC_60559_FUNCS_EXT__ +#endif +/* Enable extensions specified by ISO/IEC TS 18661-3:2015. */ +#ifndef __STDC_WANT_IEC_60559_TYPES_EXT__ +# undef __STDC_WANT_IEC_60559_TYPES_EXT__ +#endif +/* Enable extensions specified by ISO/IEC TR 24731-2:2010. */ +#ifndef __STDC_WANT_LIB_EXT2__ +# undef __STDC_WANT_LIB_EXT2__ +#endif +/* Enable extensions specified by ISO/IEC 24747:2009. */ +#ifndef __STDC_WANT_MATH_SPEC_FUNCS__ +# undef __STDC_WANT_MATH_SPEC_FUNCS__ +#endif /* Enable extensions on HP NonStop. */ #ifndef _TANDEM_SOURCE # undef _TANDEM_SOURCE #endif -/* Enable general extensions on Solaris. */ -#ifndef __EXTENSIONS__ -# undef __EXTENSIONS__ +/* Enable X/Open extensions. Define to 500 only if necessary + to make mbstate_t available. */ +#ifndef _XOPEN_SOURCE +# undef _XOPEN_SOURCE #endif /* Define to avoid using the passwd/shadow file for authentication. */ #undef WITHOUT_PASSWD -/* Enable large inode numbers on Mac OS X 10.5. */ -#ifndef _DARWIN_USE_64_BIT_INODE -# define _DARWIN_USE_64_BIT_INODE 1 -#endif - /* Number of bits in a file offset, on hosts where this is settable. */ #undef _FILE_OFFSET_BITS -/* Define to 1 to enable 64-bit versions of standard C functions on 32-bit - systems. */ -#undef _LARGEFILE64_SOURCE +/* Define to 1 to make fseeko visible on some hosts (e.g. glibc 2.2). */ +#undef _LARGEFILE_SOURCE /* Define for large files, on AIX-style hosts. */ #undef _LARGE_FILES -/* Define to 1 if on MINIX. */ -#undef _MINIX - -/* Define to 2 if the system does not provide POSIX.1 features except with - this defined. */ -#undef _POSIX_1_SOURCE - -/* Define to 1 if you need to in order for `stat' and other things to work. */ -#undef _POSIX_SOURCE - /* Define to __FUNCTION__ if your compiler supports __FUNCTION__ but not __func__ */ #undef __func__ diff -Nru sudo-1.9.5p2/config.sub sudo-1.9.9/config.sub --- sudo-1.9.5p2/config.sub 2020-12-17 01:33:43.000000000 +0000 +++ sudo-1.9.9/config.sub 1970-01-01 00:00:00.000000000 +0000 @@ -1,1827 +0,0 @@ -#! /bin/sh -# Configuration validation subroutine script. -# Copyright 1992-2016 Free Software Foundation, Inc. - -timestamp='2016-09-05' - -# This file is free software; you can redistribute it and/or modify it -# under the terms of the GNU General Public License as published by -# the Free Software Foundation; either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, but -# WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU -# General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program; if not, see . -# -# As a special exception to the GNU General Public License, if you -# distribute this file as part of a program that contains a -# configuration script generated by Autoconf, you may include it under -# the same distribution terms that you use for the rest of that -# program. This Exception is an additional permission under section 7 -# of the GNU General Public License, version 3 ("GPLv3"). - - -# Please send patches to . -# -# Configuration subroutine to validate and canonicalize a configuration type. -# Supply the specified configuration type as an argument. -# If it is invalid, we print an error message on stderr and exit with code 1. -# Otherwise, we print the canonical config type on stdout and succeed. - -# You can get the latest version of this script from: -# http://git.savannah.gnu.org/gitweb/?p=config.git;a=blob_plain;f=config.sub - -# This file is supposed to be the same for all GNU packages -# and recognize all the CPU types, system types and aliases -# that are meaningful with *any* GNU software. -# Each package is responsible for reporting which valid configurations -# it does not support. The user should be able to distinguish -# a failure to support a valid configuration from a meaningless -# configuration. - -# The goal of this file is to map all the various variations of a given -# machine specification into a single specification in the form: -# CPU_TYPE-MANUFACTURER-OPERATING_SYSTEM -# or in some cases, the newer four-part form: -# CPU_TYPE-MANUFACTURER-KERNEL-OPERATING_SYSTEM -# It is wrong to echo any other type of specification. - -me=`echo "$0" | sed -e 's,.*/,,'` - -usage="\ -Usage: $0 [OPTION] CPU-MFR-OPSYS or ALIAS - -Canonicalize a configuration name. - -Operation modes: - -h, --help print this help, then exit - -t, --time-stamp print date of last modification, then exit - -v, --version print version number, then exit - -Report bugs and patches to ." - -version="\ -GNU config.sub ($timestamp) - -Copyright 1992-2016 Free Software Foundation, Inc. - -This is free software; see the source for copying conditions. There is NO -warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE." - -help=" -Try \`$me --help' for more information." - -# Parse command line -while test $# -gt 0 ; do - case $1 in - --time-stamp | --time* | -t ) - echo "$timestamp" ; exit ;; - --version | -v ) - echo "$version" ; exit ;; - --help | --h* | -h ) - echo "$usage"; exit ;; - -- ) # Stop option processing - shift; break ;; - - ) # Use stdin as input. - break ;; - -* ) - echo "$me: invalid option $1$help" - exit 1 ;; - - *local*) - # First pass through any local machine types. - echo $1 - exit ;; - - * ) - break ;; - esac -done - -case $# in - 0) echo "$me: missing argument$help" >&2 - exit 1;; - 1) ;; - *) echo "$me: too many arguments$help" >&2 - exit 1;; -esac - -# Separate what the user gave into CPU-COMPANY and OS or KERNEL-OS (if any). -# Here we must recognize all the valid KERNEL-OS combinations. -maybe_os=`echo $1 | sed 's/^\(.*\)-\([^-]*-[^-]*\)$/\2/'` -case $maybe_os in - nto-qnx* | linux-gnu* | linux-android* | linux-dietlibc | linux-newlib* | \ - linux-musl* | linux-uclibc* | uclinux-uclibc* | uclinux-gnu* | kfreebsd*-gnu* | \ - knetbsd*-gnu* | netbsd*-gnu* | netbsd*-eabi* | \ - kopensolaris*-gnu* | cloudabi*-eabi* | \ - storm-chaos* | os2-emx* | rtmk-nova*) - os=-$maybe_os - basic_machine=`echo $1 | sed 's/^\(.*\)-\([^-]*-[^-]*\)$/\1/'` - ;; - android-linux) - os=-linux-android - basic_machine=`echo $1 | sed 's/^\(.*\)-\([^-]*-[^-]*\)$/\1/'`-unknown - ;; - *) - basic_machine=`echo $1 | sed 's/-[^-]*$//'` - if [ $basic_machine != $1 ] - then os=`echo $1 | sed 's/.*-/-/'` - else os=; fi - ;; -esac - -### Let's recognize common machines as not being operating systems so -### that things like config.sub decstation-3100 work. We also -### recognize some manufacturers as not being operating systems, so we -### can provide default operating systems below. -case $os in - -sun*os*) - # Prevent following clause from handling this invalid input. - ;; - -dec* | -mips* | -sequent* | -encore* | -pc532* | -sgi* | -sony* | \ - -att* | -7300* | -3300* | -delta* | -motorola* | -sun[234]* | \ - -unicom* | -ibm* | -next | -hp | -isi* | -apollo | -altos* | \ - -convergent* | -ncr* | -news | -32* | -3600* | -3100* | -hitachi* |\ - -c[123]* | -convex* | -sun | -crds | -omron* | -dg | -ultra | -tti* | \ - -harris | -dolphin | -highlevel | -gould | -cbm | -ns | -masscomp | \ - -apple | -axis | -knuth | -cray | -microblaze* | -sr2201*) - os= - basic_machine=$1 - ;; - -bluegene*) - os=-cnk - ;; - -sim | -cisco | -oki | -wec | -winbond) - os= - basic_machine=$1 - ;; - -scout) - ;; - -wrs) - os=-vxworks - basic_machine=$1 - ;; - -chorusos*) - os=-chorusos - basic_machine=$1 - ;; - -chorusrdb) - os=-chorusrdb - basic_machine=$1 - ;; - -hiux*) - os=-hiuxwe2 - ;; - -sco6) - os=-sco5v6 - basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'` - ;; - -sco5) - os=-sco3.2v5 - basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'` - ;; - -sco4) - os=-sco3.2v4 - basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'` - ;; - -sco3.2.[4-9]*) - os=`echo $os | sed -e 's/sco3.2./sco3.2v/'` - basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'` - ;; - -sco3.2v[4-9]*) - # Don't forget version if it is 3.2v4 or newer. - basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'` - ;; - -sco5v6*) - # Don't forget version if it is 3.2v4 or newer. - basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'` - ;; - -sco*) - os=-sco3.2v2 - basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'` - ;; - -udk*) - basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'` - ;; - -isc) - os=-isc2.2 - basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'` - ;; - -clix*) - basic_machine=clipper-intergraph - ;; - -isc*) - basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'` - ;; - -lynx*178) - os=-lynxos178 - ;; - -lynx*5) - os=-lynxos5 - ;; - -lynx*) - os=-lynxos - ;; - -ptx*) - basic_machine=`echo $1 | sed -e 's/86-.*/86-sequent/'` - ;; - -windowsnt*) - os=`echo $os | sed -e 's/windowsnt/winnt/'` - ;; - -psos*) - os=-psos - ;; - -mint | -mint[0-9]*) - basic_machine=m68k-atari - os=-mint - ;; -esac - -# Decode aliases for certain CPU-COMPANY combinations. -case $basic_machine in - # Recognize the basic CPU types without company name. - # Some are omitted here because they have special meanings below. - 1750a | 580 \ - | a29k \ - | aarch64 | aarch64_be \ - | alpha | alphaev[4-8] | alphaev56 | alphaev6[78] | alphapca5[67] \ - | alpha64 | alpha64ev[4-8] | alpha64ev56 | alpha64ev6[78] | alpha64pca5[67] \ - | am33_2.0 \ - | arc | arceb \ - | arm | arm[bl]e | arme[lb] | armv[2-8] | armv[3-8][lb] | armv7[arm] \ - | avr | avr32 \ - | ba \ - | be32 | be64 \ - | bfin \ - | c4x | c8051 | clipper \ - | d10v | d30v | dlx | dsp16xx \ - | e2k | epiphany \ - | fido | fr30 | frv | ft32 \ - | h8300 | h8500 | hppa | hppa1.[01] | hppa2.0 | hppa2.0[nw] | hppa64 \ - | hexagon \ - | i370 | i860 | i960 | ia64 \ - | ip2k | iq2000 \ - | k1om \ - | le32 | le64 \ - | lm32 \ - | m32c | m32r | m32rle | m68000 | m68k | m88k \ - | maxq | mb | microblaze | microblazeel | mcore | mep | metag \ - | mips | mipsbe | mipseb | mipsel | mipsle \ - | mips16 \ - | mips64 | mips64el \ - | mips64octeon | mips64octeonel \ - | mips64orion | mips64orionel \ - | mips64r5900 | mips64r5900el \ - | mips64vr | mips64vrel \ - | mips64vr4100 | mips64vr4100el \ - | mips64vr4300 | mips64vr4300el \ - | mips64vr5000 | mips64vr5000el \ - | mips64vr5900 | mips64vr5900el \ - | mipsisa32 | mipsisa32el \ - | mipsisa32r2 | mipsisa32r2el \ - | mipsisa32r6 | mipsisa32r6el \ - | mipsisa64 | mipsisa64el \ - | mipsisa64r2 | mipsisa64r2el \ - | mipsisa64r6 | mipsisa64r6el \ - | mipsisa64sb1 | mipsisa64sb1el \ - | mipsisa64sr71k | mipsisa64sr71kel \ - | mipsr5900 | mipsr5900el \ - | mipstx39 | mipstx39el \ - | mn10200 | mn10300 \ - | moxie \ - | mt \ - | msp430 \ - | nds32 | nds32le | nds32be \ - | nios | nios2 | nios2eb | nios2el \ - | ns16k | ns32k \ - | open8 | or1k | or1knd | or32 \ - | pdp10 | pdp11 | pj | pjl \ - | powerpc | powerpc64 | powerpc64le | powerpcle \ - | pyramid \ - | riscv32 | riscv64 \ - | rl78 | rx \ - | score \ - | sh | sh[1234] | sh[24]a | sh[24]aeb | sh[23]e | sh[234]eb | sheb | shbe | shle | sh[1234]le | sh3ele \ - | sh64 | sh64le \ - | sparc | sparc64 | sparc64b | sparc64v | sparc86x | sparclet | sparclite \ - | sparcv8 | sparcv9 | sparcv9b | sparcv9v \ - | spu \ - | tahoe | tic4x | tic54x | tic55x | tic6x | tic80 | tron \ - | ubicom32 \ - | v850 | v850e | v850e1 | v850e2 | v850es | v850e2v3 \ - | visium \ - | we32k \ - | x86 | xc16x | xstormy16 | xtensa \ - | z8k | z80) - basic_machine=$basic_machine-unknown - ;; - c54x) - basic_machine=tic54x-unknown - ;; - c55x) - basic_machine=tic55x-unknown - ;; - c6x) - basic_machine=tic6x-unknown - ;; - leon|leon[3-9]) - basic_machine=sparc-$basic_machine - ;; - m6811 | m68hc11 | m6812 | m68hc12 | m68hcs12x | nvptx | picochip) - basic_machine=$basic_machine-unknown - os=-none - ;; - m88110 | m680[12346]0 | m683?2 | m68360 | m5200 | v70 | w65 | z8k) - ;; - ms1) - basic_machine=mt-unknown - ;; - - strongarm | thumb | xscale) - basic_machine=arm-unknown - ;; - xgate) - basic_machine=$basic_machine-unknown - os=-none - ;; - xscaleeb) - basic_machine=armeb-unknown - ;; - - xscaleel) - basic_machine=armel-unknown - ;; - - # We use `pc' rather than `unknown' - # because (1) that's what they normally are, and - # (2) the word "unknown" tends to confuse beginning users. - i*86 | x86_64) - basic_machine=$basic_machine-pc - ;; - # Object if more than one company name word. - *-*-*) - echo Invalid configuration \`$1\': machine \`$basic_machine\' not recognized 1>&2 - exit 1 - ;; - # Recognize the basic CPU types with company name. - 580-* \ - | a29k-* \ - | aarch64-* | aarch64_be-* \ - | alpha-* | alphaev[4-8]-* | alphaev56-* | alphaev6[78]-* \ - | alpha64-* | alpha64ev[4-8]-* | alpha64ev56-* | alpha64ev6[78]-* \ - | alphapca5[67]-* | alpha64pca5[67]-* | arc-* | arceb-* \ - | arm-* | armbe-* | armle-* | armeb-* | armv*-* \ - | avr-* | avr32-* \ - | ba-* \ - | be32-* | be64-* \ - | bfin-* | bs2000-* \ - | c[123]* | c30-* | [cjt]90-* | c4x-* \ - | c8051-* | clipper-* | craynv-* | cydra-* \ - | d10v-* | d30v-* | dlx-* \ - | e2k-* | elxsi-* \ - | f30[01]-* | f700-* | fido-* | fr30-* | frv-* | fx80-* \ - | h8300-* | h8500-* \ - | hppa-* | hppa1.[01]-* | hppa2.0-* | hppa2.0[nw]-* | hppa64-* \ - | hexagon-* \ - | i*86-* | i860-* | i960-* | ia64-* \ - | ip2k-* | iq2000-* \ - | k1om-* \ - | le32-* | le64-* \ - | lm32-* \ - | m32c-* | m32r-* | m32rle-* \ - | m68000-* | m680[012346]0-* | m68360-* | m683?2-* | m68k-* \ - | m88110-* | m88k-* | maxq-* | mcore-* | metag-* \ - | microblaze-* | microblazeel-* \ - | mips-* | mipsbe-* | mipseb-* | mipsel-* | mipsle-* \ - | mips16-* \ - | mips64-* | mips64el-* \ - | mips64octeon-* | mips64octeonel-* \ - | mips64orion-* | mips64orionel-* \ - | mips64r5900-* | mips64r5900el-* \ - | mips64vr-* | mips64vrel-* \ - | mips64vr4100-* | mips64vr4100el-* \ - | mips64vr4300-* | mips64vr4300el-* \ - | mips64vr5000-* | mips64vr5000el-* \ - | mips64vr5900-* | mips64vr5900el-* \ - | mipsisa32-* | mipsisa32el-* \ - | mipsisa32r2-* | mipsisa32r2el-* \ - | mipsisa32r6-* | mipsisa32r6el-* \ - | mipsisa64-* | mipsisa64el-* \ - | mipsisa64r2-* | mipsisa64r2el-* \ - | mipsisa64r6-* | mipsisa64r6el-* \ - | mipsisa64sb1-* | mipsisa64sb1el-* \ - | mipsisa64sr71k-* | mipsisa64sr71kel-* \ - | mipsr5900-* | mipsr5900el-* \ - | mipstx39-* | mipstx39el-* \ - | mmix-* \ - | mt-* \ - | msp430-* \ - | nds32-* | nds32le-* | nds32be-* \ - | nios-* | nios2-* | nios2eb-* | nios2el-* \ - | none-* | np1-* | ns16k-* | ns32k-* \ - | open8-* \ - | or1k*-* \ - | orion-* \ - | pdp10-* | pdp11-* | pj-* | pjl-* | pn-* | power-* \ - | powerpc-* | powerpc64-* | powerpc64le-* | powerpcle-* \ - | pyramid-* \ - | riscv32-* | riscv64-* \ - | rl78-* | romp-* | rs6000-* | rx-* \ - | sh-* | sh[1234]-* | sh[24]a-* | sh[24]aeb-* | sh[23]e-* | sh[34]eb-* | sheb-* | shbe-* \ - | shle-* | sh[1234]le-* | sh3ele-* | sh64-* | sh64le-* \ - | sparc-* | sparc64-* | sparc64b-* | sparc64v-* | sparc86x-* | sparclet-* \ - | sparclite-* \ - | sparcv8-* | sparcv9-* | sparcv9b-* | sparcv9v-* | sv1-* | sx*-* \ - | tahoe-* \ - | tic30-* | tic4x-* | tic54x-* | tic55x-* | tic6x-* | tic80-* \ - | tile*-* \ - | tron-* \ - | ubicom32-* \ - | v850-* | v850e-* | v850e1-* | v850es-* | v850e2-* | v850e2v3-* \ - | vax-* \ - | visium-* \ - | we32k-* \ - | x86-* | x86_64-* | xc16x-* | xps100-* \ - | xstormy16-* | xtensa*-* \ - | ymp-* \ - | z8k-* | z80-*) - ;; - # Recognize the basic CPU types without company name, with glob match. - xtensa*) - basic_machine=$basic_machine-unknown - ;; - # Recognize the various machine names and aliases which stand - # for a CPU type and a company and sometimes even an OS. - 386bsd) - basic_machine=i386-unknown - os=-bsd - ;; - 3b1 | 7300 | 7300-att | att-7300 | pc7300 | safari | unixpc) - basic_machine=m68000-att - ;; - 3b*) - basic_machine=we32k-att - ;; - a29khif) - basic_machine=a29k-amd - os=-udi - ;; - abacus) - basic_machine=abacus-unknown - ;; - adobe68k) - basic_machine=m68010-adobe - os=-scout - ;; - alliant | fx80) - basic_machine=fx80-alliant - ;; - altos | altos3068) - basic_machine=m68k-altos - ;; - am29k) - basic_machine=a29k-none - os=-bsd - ;; - amd64) - basic_machine=x86_64-pc - ;; - amd64-*) - basic_machine=x86_64-`echo $basic_machine | sed 's/^[^-]*-//'` - ;; - amdahl) - basic_machine=580-amdahl - os=-sysv - ;; - amiga | amiga-*) - basic_machine=m68k-unknown - ;; - amigaos | amigados) - basic_machine=m68k-unknown - os=-amigaos - ;; - amigaunix | amix) - basic_machine=m68k-unknown - os=-sysv4 - ;; - apollo68) - basic_machine=m68k-apollo - os=-sysv - ;; - apollo68bsd) - basic_machine=m68k-apollo - os=-bsd - ;; - aros) - basic_machine=i386-pc - os=-aros - ;; - asmjs) - basic_machine=asmjs-unknown - ;; - aux) - basic_machine=m68k-apple - os=-aux - ;; - balance) - basic_machine=ns32k-sequent - os=-dynix - ;; - blackfin) - basic_machine=bfin-unknown - os=-linux - ;; - blackfin-*) - basic_machine=bfin-`echo $basic_machine | sed 's/^[^-]*-//'` - os=-linux - ;; - bluegene*) - basic_machine=powerpc-ibm - os=-cnk - ;; - c54x-*) - basic_machine=tic54x-`echo $basic_machine | sed 's/^[^-]*-//'` - ;; - c55x-*) - basic_machine=tic55x-`echo $basic_machine | sed 's/^[^-]*-//'` - ;; - c6x-*) - basic_machine=tic6x-`echo $basic_machine | sed 's/^[^-]*-//'` - ;; - c90) - basic_machine=c90-cray - os=-unicos - ;; - cegcc) - basic_machine=arm-unknown - os=-cegcc - ;; - convex-c1) - basic_machine=c1-convex - os=-bsd - ;; - convex-c2) - basic_machine=c2-convex - os=-bsd - ;; - convex-c32) - basic_machine=c32-convex - os=-bsd - ;; - convex-c34) - basic_machine=c34-convex - os=-bsd - ;; - convex-c38) - basic_machine=c38-convex - os=-bsd - ;; - cray | j90) - basic_machine=j90-cray - os=-unicos - ;; - craynv) - basic_machine=craynv-cray - os=-unicosmp - ;; - cr16 | cr16-*) - basic_machine=cr16-unknown - os=-elf - ;; - crds | unos) - basic_machine=m68k-crds - ;; - crisv32 | crisv32-* | etraxfs*) - basic_machine=crisv32-axis - ;; - cris | cris-* | etrax*) - basic_machine=cris-axis - ;; - crx) - basic_machine=crx-unknown - os=-elf - ;; - da30 | da30-*) - basic_machine=m68k-da30 - ;; - decstation | decstation-3100 | pmax | pmax-* | pmin | dec3100 | decstatn) - basic_machine=mips-dec - ;; - decsystem10* | dec10*) - basic_machine=pdp10-dec - os=-tops10 - ;; - decsystem20* | dec20*) - basic_machine=pdp10-dec - os=-tops20 - ;; - delta | 3300 | motorola-3300 | motorola-delta \ - | 3300-motorola | delta-motorola) - basic_machine=m68k-motorola - ;; - delta88) - basic_machine=m88k-motorola - os=-sysv3 - ;; - dicos) - basic_machine=i686-pc - os=-dicos - ;; - djgpp) - basic_machine=i586-pc - os=-msdosdjgpp - ;; - dpx20 | dpx20-*) - basic_machine=rs6000-bull - os=-bosx - ;; - dpx2* | dpx2*-bull) - basic_machine=m68k-bull - os=-sysv3 - ;; - e500v[12]) - basic_machine=powerpc-unknown - os=$os"spe" - ;; - e500v[12]-*) - basic_machine=powerpc-`echo $basic_machine | sed 's/^[^-]*-//'` - os=$os"spe" - ;; - ebmon29k) - basic_machine=a29k-amd - os=-ebmon - ;; - elxsi) - basic_machine=elxsi-elxsi - os=-bsd - ;; - encore | umax | mmax) - basic_machine=ns32k-encore - ;; - es1800 | OSE68k | ose68k | ose | OSE) - basic_machine=m68k-ericsson - os=-ose - ;; - fx2800) - basic_machine=i860-alliant - ;; - genix) - basic_machine=ns32k-ns - ;; - gmicro) - basic_machine=tron-gmicro - os=-sysv - ;; - go32) - basic_machine=i386-pc - os=-go32 - ;; - h3050r* | hiux*) - basic_machine=hppa1.1-hitachi - os=-hiuxwe2 - ;; - h8300hms) - basic_machine=h8300-hitachi - os=-hms - ;; - h8300xray) - basic_machine=h8300-hitachi - os=-xray - ;; - h8500hms) - basic_machine=h8500-hitachi - os=-hms - ;; - sr2201*) - basic_machine=harp1e-hitachi - os=-hiuxmpp - ;; - harris) - basic_machine=m88k-harris - os=-sysv3 - ;; - hp300-*) - basic_machine=m68k-hp - ;; - hp300bsd) - basic_machine=m68k-hp - os=-bsd - ;; - hp300hpux) - basic_machine=m68k-hp - os=-hpux - ;; - hp3k9[0-9][0-9] | hp9[0-9][0-9]) - basic_machine=hppa1.0-hp - ;; - hp9k2[0-9][0-9] | hp9k31[0-9]) - basic_machine=m68000-hp - ;; - hp9k3[2-9][0-9]) - basic_machine=m68k-hp - ;; - hp9k6[0-9][0-9] | hp6[0-9][0-9]) - basic_machine=hppa1.0-hp - ;; - hp9k7[0-79][0-9] | hp7[0-79][0-9]) - basic_machine=hppa1.1-hp - ;; - hp9k78[0-9] | hp78[0-9]) - # FIXME: really hppa2.0-hp - basic_machine=hppa1.1-hp - ;; - hp9k8[67]1 | hp8[67]1 | hp9k80[24] | hp80[24] | hp9k8[78]9 | hp8[78]9 | hp9k893 | hp893) - # FIXME: really hppa2.0-hp - basic_machine=hppa1.1-hp - ;; - hp9k8[0-9][13679] | hp8[0-9][13679]) - basic_machine=hppa1.1-hp - ;; - hp9k8[0-9][0-9] | hp8[0-9][0-9]) - basic_machine=hppa1.0-hp - ;; - hppa-next) - os=-nextstep3 - ;; - hppaosf) - basic_machine=hppa1.1-hp - os=-osf - ;; - hppro) - basic_machine=hppa1.1-hp - os=-proelf - ;; - i370-ibm* | ibm*) - basic_machine=i370-ibm - ;; - i*86v32) - basic_machine=`echo $1 | sed -e 's/86.*/86-pc/'` - os=-sysv32 - ;; - i*86v4*) - basic_machine=`echo $1 | sed -e 's/86.*/86-pc/'` - os=-sysv4 - ;; - i*86v) - basic_machine=`echo $1 | sed -e 's/86.*/86-pc/'` - os=-sysv - ;; - i*86sol2) - basic_machine=`echo $1 | sed -e 's/86.*/86-pc/'` - os=-solaris2 - ;; - i386mach) - basic_machine=i386-mach - os=-mach - ;; - i386-vsta | vsta) - basic_machine=i386-unknown - os=-vsta - ;; - iris | iris4d) - basic_machine=mips-sgi - case $os in - -irix*) - ;; - *) - os=-irix4 - ;; - esac - ;; - isi68 | isi) - basic_machine=m68k-isi - os=-sysv - ;; - leon-*|leon[3-9]-*) - basic_machine=sparc-`echo $basic_machine | sed 's/-.*//'` - ;; - m68knommu) - basic_machine=m68k-unknown - os=-linux - ;; - m68knommu-*) - basic_machine=m68k-`echo $basic_machine | sed 's/^[^-]*-//'` - os=-linux - ;; - m88k-omron*) - basic_machine=m88k-omron - ;; - magnum | m3230) - basic_machine=mips-mips - os=-sysv - ;; - merlin) - basic_machine=ns32k-utek - os=-sysv - ;; - microblaze*) - basic_machine=microblaze-xilinx - ;; - mingw64) - basic_machine=x86_64-pc - os=-mingw64 - ;; - mingw32) - basic_machine=i686-pc - os=-mingw32 - ;; - mingw32ce) - basic_machine=arm-unknown - os=-mingw32ce - ;; - miniframe) - basic_machine=m68000-convergent - ;; - *mint | -mint[0-9]* | *MiNT | *MiNT[0-9]*) - basic_machine=m68k-atari - os=-mint - ;; - mips3*-*) - basic_machine=`echo $basic_machine | sed -e 's/mips3/mips64/'` - ;; - mips3*) - basic_machine=`echo $basic_machine | sed -e 's/mips3/mips64/'`-unknown - ;; - monitor) - basic_machine=m68k-rom68k - os=-coff - ;; - morphos) - basic_machine=powerpc-unknown - os=-morphos - ;; - moxiebox) - basic_machine=moxie-unknown - os=-moxiebox - ;; - msdos) - basic_machine=i386-pc - os=-msdos - ;; - ms1-*) - basic_machine=`echo $basic_machine | sed -e 's/ms1-/mt-/'` - ;; - msys) - basic_machine=i686-pc - os=-msys - ;; - mvs) - basic_machine=i370-ibm - os=-mvs - ;; - nacl) - basic_machine=le32-unknown - os=-nacl - ;; - ncr3000) - basic_machine=i486-ncr - os=-sysv4 - ;; - netbsd386) - basic_machine=i386-unknown - os=-netbsd - ;; - netwinder) - basic_machine=armv4l-rebel - os=-linux - ;; - news | news700 | news800 | news900) - basic_machine=m68k-sony - os=-newsos - ;; - news1000) - basic_machine=m68030-sony - os=-newsos - ;; - news-3600 | risc-news) - basic_machine=mips-sony - os=-newsos - ;; - necv70) - basic_machine=v70-nec - os=-sysv - ;; - next | m*-next ) - basic_machine=m68k-next - case $os in - -nextstep* ) - ;; - -ns2*) - os=-nextstep2 - ;; - *) - os=-nextstep3 - ;; - esac - ;; - nh3000) - basic_machine=m68k-harris - os=-cxux - ;; - nh[45]000) - basic_machine=m88k-harris - os=-cxux - ;; - nindy960) - basic_machine=i960-intel - os=-nindy - ;; - mon960) - basic_machine=i960-intel - os=-mon960 - ;; - nonstopux) - basic_machine=mips-compaq - os=-nonstopux - ;; - np1) - basic_machine=np1-gould - ;; - neo-tandem) - basic_machine=neo-tandem - ;; - nse-tandem) - basic_machine=nse-tandem - ;; - nsr-tandem) - basic_machine=nsr-tandem - ;; - op50n-* | op60c-*) - basic_machine=hppa1.1-oki - os=-proelf - ;; - openrisc | openrisc-*) - basic_machine=or32-unknown - ;; - os400) - basic_machine=powerpc-ibm - os=-os400 - ;; - OSE68000 | ose68000) - basic_machine=m68000-ericsson - os=-ose - ;; - os68k) - basic_machine=m68k-none - os=-os68k - ;; - pa-hitachi) - basic_machine=hppa1.1-hitachi - os=-hiuxwe2 - ;; - paragon) - basic_machine=i860-intel - os=-osf - ;; - parisc) - basic_machine=hppa-unknown - os=-linux - ;; - parisc-*) - basic_machine=hppa-`echo $basic_machine | sed 's/^[^-]*-//'` - os=-linux - ;; - pbd) - basic_machine=sparc-tti - ;; - pbb) - basic_machine=m68k-tti - ;; - pc532 | pc532-*) - basic_machine=ns32k-pc532 - ;; - pc98) - basic_machine=i386-pc - ;; - pc98-*) - basic_machine=i386-`echo $basic_machine | sed 's/^[^-]*-//'` - ;; - pentium | p5 | k5 | k6 | nexgen | viac3) - basic_machine=i586-pc - ;; - pentiumpro | p6 | 6x86 | athlon | athlon_*) - basic_machine=i686-pc - ;; - pentiumii | pentium2 | pentiumiii | pentium3) - basic_machine=i686-pc - ;; - pentium4) - basic_machine=i786-pc - ;; - pentium-* | p5-* | k5-* | k6-* | nexgen-* | viac3-*) - basic_machine=i586-`echo $basic_machine | sed 's/^[^-]*-//'` - ;; - pentiumpro-* | p6-* | 6x86-* | athlon-*) - basic_machine=i686-`echo $basic_machine | sed 's/^[^-]*-//'` - ;; - pentiumii-* | pentium2-* | pentiumiii-* | pentium3-*) - basic_machine=i686-`echo $basic_machine | sed 's/^[^-]*-//'` - ;; - pentium4-*) - basic_machine=i786-`echo $basic_machine | sed 's/^[^-]*-//'` - ;; - pn) - basic_machine=pn-gould - ;; - power) basic_machine=power-ibm - ;; - ppc | ppcbe) basic_machine=powerpc-unknown - ;; - ppc-* | ppcbe-*) - basic_machine=powerpc-`echo $basic_machine | sed 's/^[^-]*-//'` - ;; - ppcle | powerpclittle) - basic_machine=powerpcle-unknown - ;; - ppcle-* | powerpclittle-*) - basic_machine=powerpcle-`echo $basic_machine | sed 's/^[^-]*-//'` - ;; - ppc64) basic_machine=powerpc64-unknown - ;; - ppc64-*) basic_machine=powerpc64-`echo $basic_machine | sed 's/^[^-]*-//'` - ;; - ppc64le | powerpc64little) - basic_machine=powerpc64le-unknown - ;; - ppc64le-* | powerpc64little-*) - basic_machine=powerpc64le-`echo $basic_machine | sed 's/^[^-]*-//'` - ;; - ps2) - basic_machine=i386-ibm - ;; - pw32) - basic_machine=i586-unknown - os=-pw32 - ;; - rdos | rdos64) - basic_machine=x86_64-pc - os=-rdos - ;; - rdos32) - basic_machine=i386-pc - os=-rdos - ;; - rom68k) - basic_machine=m68k-rom68k - os=-coff - ;; - rm[46]00) - basic_machine=mips-siemens - ;; - rtpc | rtpc-*) - basic_machine=romp-ibm - ;; - s390 | s390-*) - basic_machine=s390-ibm - ;; - s390x | s390x-*) - basic_machine=s390x-ibm - ;; - sa29200) - basic_machine=a29k-amd - os=-udi - ;; - sb1) - basic_machine=mipsisa64sb1-unknown - ;; - sb1el) - basic_machine=mipsisa64sb1el-unknown - ;; - sde) - basic_machine=mipsisa32-sde - os=-elf - ;; - sei) - basic_machine=mips-sei - os=-seiux - ;; - sequent) - basic_machine=i386-sequent - ;; - sh) - basic_machine=sh-hitachi - os=-hms - ;; - sh5el) - basic_machine=sh5le-unknown - ;; - sh64) - basic_machine=sh64-unknown - ;; - sparclite-wrs | simso-wrs) - basic_machine=sparclite-wrs - os=-vxworks - ;; - sps7) - basic_machine=m68k-bull - os=-sysv2 - ;; - spur) - basic_machine=spur-unknown - ;; - st2000) - basic_machine=m68k-tandem - ;; - stratus) - basic_machine=i860-stratus - os=-sysv4 - ;; - strongarm-* | thumb-*) - basic_machine=arm-`echo $basic_machine | sed 's/^[^-]*-//'` - ;; - sun2) - basic_machine=m68000-sun - ;; - sun2os3) - basic_machine=m68000-sun - os=-sunos3 - ;; - sun2os4) - basic_machine=m68000-sun - os=-sunos4 - ;; - sun3os3) - basic_machine=m68k-sun - os=-sunos3 - ;; - sun3os4) - basic_machine=m68k-sun - os=-sunos4 - ;; - sun4os3) - basic_machine=sparc-sun - os=-sunos3 - ;; - sun4os4) - basic_machine=sparc-sun - os=-sunos4 - ;; - sun4sol2) - basic_machine=sparc-sun - os=-solaris2 - ;; - sun3 | sun3-*) - basic_machine=m68k-sun - ;; - sun4) - basic_machine=sparc-sun - ;; - sun386 | sun386i | roadrunner) - basic_machine=i386-sun - ;; - sv1) - basic_machine=sv1-cray - os=-unicos - ;; - symmetry) - basic_machine=i386-sequent - os=-dynix - ;; - t3e) - basic_machine=alphaev5-cray - os=-unicos - ;; - t90) - basic_machine=t90-cray - os=-unicos - ;; - tile*) - basic_machine=$basic_machine-unknown - os=-linux-gnu - ;; - tx39) - basic_machine=mipstx39-unknown - ;; - tx39el) - basic_machine=mipstx39el-unknown - ;; - toad1) - basic_machine=pdp10-xkl - os=-tops20 - ;; - tower | tower-32) - basic_machine=m68k-ncr - ;; - tpf) - basic_machine=s390x-ibm - os=-tpf - ;; - udi29k) - basic_machine=a29k-amd - os=-udi - ;; - ultra3) - basic_machine=a29k-nyu - os=-sym1 - ;; - v810 | necv810) - basic_machine=v810-nec - os=-none - ;; - vaxv) - basic_machine=vax-dec - os=-sysv - ;; - vms) - basic_machine=vax-dec - os=-vms - ;; - vpp*|vx|vx-*) - basic_machine=f301-fujitsu - ;; - vxworks960) - basic_machine=i960-wrs - os=-vxworks - ;; - vxworks68) - basic_machine=m68k-wrs - os=-vxworks - ;; - vxworks29k) - basic_machine=a29k-wrs - os=-vxworks - ;; - w65*) - basic_machine=w65-wdc - os=-none - ;; - w89k-*) - basic_machine=hppa1.1-winbond - os=-proelf - ;; - xbox) - basic_machine=i686-pc - os=-mingw32 - ;; - xps | xps100) - basic_machine=xps100-honeywell - ;; - xscale-* | xscalee[bl]-*) - basic_machine=`echo $basic_machine | sed 's/^xscale/arm/'` - ;; - ymp) - basic_machine=ymp-cray - os=-unicos - ;; - z8k-*-coff) - basic_machine=z8k-unknown - os=-sim - ;; - z80-*-coff) - basic_machine=z80-unknown - os=-sim - ;; - none) - basic_machine=none-none - os=-none - ;; - -# Here we handle the default manufacturer of certain CPU types. It is in -# some cases the only manufacturer, in others, it is the most popular. - w89k) - basic_machine=hppa1.1-winbond - ;; - op50n) - basic_machine=hppa1.1-oki - ;; - op60c) - basic_machine=hppa1.1-oki - ;; - romp) - basic_machine=romp-ibm - ;; - mmix) - basic_machine=mmix-knuth - ;; - rs6000) - basic_machine=rs6000-ibm - ;; - vax) - basic_machine=vax-dec - ;; - pdp10) - # there are many clones, so DEC is not a safe bet - basic_machine=pdp10-unknown - ;; - pdp11) - basic_machine=pdp11-dec - ;; - we32k) - basic_machine=we32k-att - ;; - sh[1234] | sh[24]a | sh[24]aeb | sh[34]eb | sh[1234]le | sh[23]ele) - basic_machine=sh-unknown - ;; - sparc | sparcv8 | sparcv9 | sparcv9b | sparcv9v) - basic_machine=sparc-sun - ;; - cydra) - basic_machine=cydra-cydrome - ;; - orion) - basic_machine=orion-highlevel - ;; - orion105) - basic_machine=clipper-highlevel - ;; - mac | mpw | mac-mpw) - basic_machine=m68k-apple - ;; - pmac | pmac-mpw) - basic_machine=powerpc-apple - ;; - *-unknown) - # Make sure to match an already-canonicalized machine name. - ;; - *) - echo Invalid configuration \`$1\': machine \`$basic_machine\' not recognized 1>&2 - exit 1 - ;; -esac - -# Here we canonicalize certain aliases for manufacturers. -case $basic_machine in - *-digital*) - basic_machine=`echo $basic_machine | sed 's/digital.*/dec/'` - ;; - *-commodore*) - basic_machine=`echo $basic_machine | sed 's/commodore.*/cbm/'` - ;; - *) - ;; -esac - -# Decode manufacturer-specific aliases for certain operating systems. - -if [ x"$os" != x"" ] -then -case $os in - # First match some system type aliases - # that might get confused with valid system types. - # -solaris* is a basic system type, with this one exception. - -auroraux) - os=-auroraux - ;; - -solaris1 | -solaris1.*) - os=`echo $os | sed -e 's|solaris1|sunos4|'` - ;; - -solaris) - os=-solaris2 - ;; - -svr4*) - os=-sysv4 - ;; - -unixware*) - os=-sysv4.2uw - ;; - -gnu/linux*) - os=`echo $os | sed -e 's|gnu/linux|linux-gnu|'` - ;; - # First accept the basic system types. - # The portable systems comes first. - # Each alternative MUST END IN A *, to match a version number. - # -sysv* is not here because it comes later, after sysvr4. - -gnu* | -bsd* | -mach* | -minix* | -genix* | -ultrix* | -irix* \ - | -*vms* | -sco* | -esix* | -isc* | -aix* | -cnk* | -sunos | -sunos[34]*\ - | -hpux* | -unos* | -osf* | -luna* | -dgux* | -auroraux* | -solaris* \ - | -sym* | -kopensolaris* | -plan9* \ - | -amigaos* | -amigados* | -msdos* | -newsos* | -unicos* | -aof* \ - | -aos* | -aros* | -cloudabi* | -sortix* \ - | -nindy* | -vxsim* | -vxworks* | -ebmon* | -hms* | -mvs* \ - | -clix* | -riscos* | -uniplus* | -iris* | -rtu* | -xenix* \ - | -hiux* | -386bsd* | -knetbsd* | -mirbsd* | -netbsd* \ - | -bitrig* | -openbsd* | -solidbsd* | -libertybsd* \ - | -ekkobsd* | -kfreebsd* | -freebsd* | -riscix* | -lynxos* \ - | -bosx* | -nextstep* | -cxux* | -aout* | -elf* | -oabi* \ - | -ptx* | -coff* | -ecoff* | -winnt* | -domain* | -vsta* \ - | -udi* | -eabi* | -lites* | -ieee* | -go32* | -aux* \ - | -chorusos* | -chorusrdb* | -cegcc* \ - | -cygwin* | -msys* | -pe* | -psos* | -moss* | -proelf* | -rtems* \ - | -midipix* | -mingw32* | -mingw64* | -linux-gnu* | -linux-android* \ - | -linux-newlib* | -linux-musl* | -linux-uclibc* \ - | -uxpv* | -beos* | -mpeix* | -udk* | -moxiebox* \ - | -interix* | -uwin* | -mks* | -rhapsody* | -darwin* | -opened* \ - | -openstep* | -oskit* | -conix* | -pw32* | -nonstopux* \ - | -storm-chaos* | -tops10* | -tenex* | -tops20* | -its* \ - | -os2* | -vos* | -palmos* | -uclinux* | -nucleus* \ - | -morphos* | -superux* | -rtmk* | -rtmk-nova* | -windiss* \ - | -powermax* | -dnix* | -nx6 | -nx7 | -sei* | -dragonfly* \ - | -skyos* | -haiku* | -rdos* | -toppers* | -drops* | -es* \ - | -onefs* | -tirtos* | -phoenix*) - # Remember, each alternative MUST END IN *, to match a version number. - ;; - -qnx*) - case $basic_machine in - x86-* | i*86-*) - ;; - *) - os=-nto$os - ;; - esac - ;; - -nto-qnx*) - ;; - -nto*) - os=`echo $os | sed -e 's|nto|nto-qnx|'` - ;; - -sim | -es1800* | -hms* | -xray | -os68k* | -none* | -v88r* \ - | -windows* | -osx | -abug | -netware* | -os9* | -beos* | -haiku* \ - | -macos* | -mpw* | -magic* | -mmixware* | -mon960* | -lnews*) - ;; - -mac*) - os=`echo $os | sed -e 's|mac|macos|'` - ;; - -linux-dietlibc) - os=-linux-dietlibc - ;; - -linux*) - os=`echo $os | sed -e 's|linux|linux-gnu|'` - ;; - -sunos5*) - os=`echo $os | sed -e 's|sunos5|solaris2|'` - ;; - -sunos6*) - os=`echo $os | sed -e 's|sunos6|solaris3|'` - ;; - -opened*) - os=-openedition - ;; - -os400*) - os=-os400 - ;; - -wince*) - os=-wince - ;; - -osfrose*) - os=-osfrose - ;; - -osf*) - os=-osf - ;; - -utek*) - os=-bsd - ;; - -dynix*) - os=-bsd - ;; - -acis*) - os=-aos - ;; - -atheos*) - os=-atheos - ;; - -syllable*) - os=-syllable - ;; - -386bsd) - os=-bsd - ;; - -ctix* | -uts*) - os=-sysv - ;; - -nova*) - os=-rtmk-nova - ;; - -ns2 ) - os=-nextstep2 - ;; - -nsk*) - os=-nsk - ;; - # Preserve the version number of sinix5. - -sinix5.*) - os=`echo $os | sed -e 's|sinix|sysv|'` - ;; - -sinix*) - os=-sysv4 - ;; - -tpf*) - os=-tpf - ;; - -triton*) - os=-sysv3 - ;; - -oss*) - os=-sysv3 - ;; - -svr4) - os=-sysv4 - ;; - -svr3) - os=-sysv3 - ;; - -sysvr4) - os=-sysv4 - ;; - # This must come after -sysvr4. - -sysv*) - ;; - -ose*) - os=-ose - ;; - -es1800*) - os=-ose - ;; - -xenix) - os=-xenix - ;; - -*mint | -mint[0-9]* | -*MiNT | -MiNT[0-9]*) - os=-mint - ;; - -aros*) - os=-aros - ;; - -zvmoe) - os=-zvmoe - ;; - -dicos*) - os=-dicos - ;; - -nacl*) - ;; - -ios) - ;; - -none) - ;; - *) - # Get rid of the `-' at the beginning of $os. - os=`echo $os | sed 's/[^-]*-//'` - echo Invalid configuration \`$1\': system \`$os\' not recognized 1>&2 - exit 1 - ;; -esac -else - -# Here we handle the default operating systems that come with various machines. -# The value should be what the vendor currently ships out the door with their -# machine or put another way, the most popular os provided with the machine. - -# Note that if you're going to try to match "-MANUFACTURER" here (say, -# "-sun"), then you have to tell the case statement up towards the top -# that MANUFACTURER isn't an operating system. Otherwise, code above -# will signal an error saying that MANUFACTURER isn't an operating -# system, and we'll never get to this point. - -case $basic_machine in - score-*) - os=-elf - ;; - spu-*) - os=-elf - ;; - *-acorn) - os=-riscix1.2 - ;; - arm*-rebel) - os=-linux - ;; - arm*-semi) - os=-aout - ;; - c4x-* | tic4x-*) - os=-coff - ;; - c8051-*) - os=-elf - ;; - hexagon-*) - os=-elf - ;; - tic54x-*) - os=-coff - ;; - tic55x-*) - os=-coff - ;; - tic6x-*) - os=-coff - ;; - # This must come before the *-dec entry. - pdp10-*) - os=-tops20 - ;; - pdp11-*) - os=-none - ;; - *-dec | vax-*) - os=-ultrix4.2 - ;; - m68*-apollo) - os=-domain - ;; - i386-sun) - os=-sunos4.0.2 - ;; - m68000-sun) - os=-sunos3 - ;; - m68*-cisco) - os=-aout - ;; - mep-*) - os=-elf - ;; - mips*-cisco) - os=-elf - ;; - mips*-*) - os=-elf - ;; - or32-*) - os=-coff - ;; - *-tti) # must be before sparc entry or we get the wrong os. - os=-sysv3 - ;; - sparc-* | *-sun) - os=-sunos4.1.1 - ;; - *-be) - os=-beos - ;; - *-haiku) - os=-haiku - ;; - *-ibm) - os=-aix - ;; - *-knuth) - os=-mmixware - ;; - *-wec) - os=-proelf - ;; - *-winbond) - os=-proelf - ;; - *-oki) - os=-proelf - ;; - *-hp) - os=-hpux - ;; - *-hitachi) - os=-hiux - ;; - i860-* | *-att | *-ncr | *-altos | *-motorola | *-convergent) - os=-sysv - ;; - *-cbm) - os=-amigaos - ;; - *-dg) - os=-dgux - ;; - *-dolphin) - os=-sysv3 - ;; - m68k-ccur) - os=-rtu - ;; - m88k-omron*) - os=-luna - ;; - *-next ) - os=-nextstep - ;; - *-sequent) - os=-ptx - ;; - *-crds) - os=-unos - ;; - *-ns) - os=-genix - ;; - i370-*) - os=-mvs - ;; - *-next) - os=-nextstep3 - ;; - *-gould) - os=-sysv - ;; - *-highlevel) - os=-bsd - ;; - *-encore) - os=-bsd - ;; - *-sgi) - os=-irix - ;; - *-siemens) - os=-sysv4 - ;; - *-masscomp) - os=-rtu - ;; - f30[01]-fujitsu | f700-fujitsu) - os=-uxpv - ;; - *-rom68k) - os=-coff - ;; - *-*bug) - os=-coff - ;; - *-apple) - os=-macos - ;; - *-atari*) - os=-mint - ;; - *) - os=-none - ;; -esac -fi - -# Here we handle the case where we know the os, and the CPU type, but not the -# manufacturer. We pick the logical manufacturer. -vendor=unknown -case $basic_machine in - *-unknown) - case $os in - -riscix*) - vendor=acorn - ;; - -sunos*) - vendor=sun - ;; - -cnk*|-aix*) - vendor=ibm - ;; - -beos*) - vendor=be - ;; - -hpux*) - vendor=hp - ;; - -mpeix*) - vendor=hp - ;; - -hiux*) - vendor=hitachi - ;; - -unos*) - vendor=crds - ;; - -dgux*) - vendor=dg - ;; - -luna*) - vendor=omron - ;; - -genix*) - vendor=ns - ;; - -mvs* | -opened*) - vendor=ibm - ;; - -os400*) - vendor=ibm - ;; - -ptx*) - vendor=sequent - ;; - -tpf*) - vendor=ibm - ;; - -vxsim* | -vxworks* | -windiss*) - vendor=wrs - ;; - -aux*) - vendor=apple - ;; - -hms*) - vendor=hitachi - ;; - -mpw* | -macos*) - vendor=apple - ;; - -*mint | -mint[0-9]* | -*MiNT | -MiNT[0-9]*) - vendor=atari - ;; - -vos*) - vendor=stratus - ;; - esac - basic_machine=`echo $basic_machine | sed "s/unknown/$vendor/"` - ;; -esac - -echo $basic_machine$os -exit - -# Local variables: -# eval: (add-hook 'write-file-hooks 'time-stamp) -# time-stamp-start: "timestamp='" -# time-stamp-format: "%:y-%02m-%02d" -# time-stamp-end: "'" -# End: diff -Nru sudo-1.9.5p2/configure sudo-1.9.9/configure --- sudo-1.9.5p2/configure 2021-01-23 15:45:11.000000000 +0000 +++ sudo-1.9.9/configure 2022-01-27 21:25:46.000000000 +0000 @@ -1,11 +1,12 @@ #! /bin/sh # Guess values for system-dependent variables and create Makefiles. -# Generated by GNU Autoconf 2.69 for sudo 1.9.5p2. +# Generated by GNU Autoconf 2.71 for sudo 1.9.9. # # Report bugs to . # # -# Copyright (C) 1992-1996, 1998-2012 Free Software Foundation, Inc. +# Copyright (C) 1992-1996, 1998-2017, 2020-2021 Free Software Foundation, +# Inc. # # # This configure script is free software; the Free Software Foundation @@ -16,14 +17,16 @@ # Be more Bourne compatible DUALCASE=1; export DUALCASE # for MKS sh -if test -n "${ZSH_VERSION+set}" && (emulate sh) >/dev/null 2>&1; then : +as_nop=: +if test ${ZSH_VERSION+y} && (emulate sh) >/dev/null 2>&1 +then : emulate sh NULLCMD=: # Pre-4.2 versions of Zsh do word splitting on ${1+"$@"}, which # is contrary to our usage. Disable this feature. alias -g '${1+"$@"}'='"$@"' setopt NO_GLOB_SUBST -else +else $as_nop case `(set -o) 2>/dev/null` in #( *posix*) : set -o posix ;; #( @@ -33,46 +36,46 @@ fi + +# Reset variables that may have inherited troublesome values from +# the environment. + +# IFS needs to be set, to space, tab, and newline, in precisely that order. +# (If _AS_PATH_WALK were called with IFS unset, it would have the +# side effect of setting IFS to empty, thus disabling word splitting.) +# Quoting is to prevent editors from complaining about space-tab. as_nl=' ' export as_nl -# Printing a long string crashes Solaris 7 /usr/bin/printf. -as_echo='\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\' -as_echo=$as_echo$as_echo$as_echo$as_echo$as_echo -as_echo=$as_echo$as_echo$as_echo$as_echo$as_echo$as_echo -# Prefer a ksh shell builtin over an external printf program on Solaris, -# but without wasting forks for bash or zsh. -if test -z "$BASH_VERSION$ZSH_VERSION" \ - && (test "X`print -r -- $as_echo`" = "X$as_echo") 2>/dev/null; then - as_echo='print -r --' - as_echo_n='print -rn --' -elif (test "X`printf %s $as_echo`" = "X$as_echo") 2>/dev/null; then - as_echo='printf %s\n' - as_echo_n='printf %s' -else - if test "X`(/usr/ucb/echo -n -n $as_echo) 2>/dev/null`" = "X-n $as_echo"; then - as_echo_body='eval /usr/ucb/echo -n "$1$as_nl"' - as_echo_n='/usr/ucb/echo -n' - else - as_echo_body='eval expr "X$1" : "X\\(.*\\)"' - as_echo_n_body='eval - arg=$1; - case $arg in #( - *"$as_nl"*) - expr "X$arg" : "X\\(.*\\)$as_nl"; - arg=`expr "X$arg" : ".*$as_nl\\(.*\\)"`;; - esac; - expr "X$arg" : "X\\(.*\\)" | tr -d "$as_nl" - ' - export as_echo_n_body - as_echo_n='sh -c $as_echo_n_body as_echo' - fi - export as_echo_body - as_echo='sh -c $as_echo_body as_echo' -fi +IFS=" "" $as_nl" + +PS1='$ ' +PS2='> ' +PS4='+ ' + +# Ensure predictable behavior from utilities with locale-dependent output. +LC_ALL=C +export LC_ALL +LANGUAGE=C +export LANGUAGE + +# We cannot yet rely on "unset" to work, but we need these variables +# to be unset--not just set to an empty or harmless value--now, to +# avoid bugs in old shells (e.g. pre-3.0 UWIN ksh). This construct +# also avoids known problems related to "unset" and subshell syntax +# in other old shells (e.g. bash 2.01 and pdksh 5.2.14). +for as_var in BASH_ENV ENV MAIL MAILPATH CDPATH +do eval test \${$as_var+y} \ + && ( (unset $as_var) || exit 1) >/dev/null 2>&1 && unset $as_var || : +done + +# Ensure that fds 0, 1, and 2 are open. +if (exec 3>&0) 2>/dev/null; then :; else exec 0&1) 2>/dev/null; then :; else exec 1>/dev/null; fi +if (exec 3>&2) ; then :; else exec 2>/dev/null; fi # The user is always right. -if test "${PATH_SEPARATOR+set}" != set; then +if ${PATH_SEPARATOR+false} :; then PATH_SEPARATOR=: (PATH='/bin;/bin'; FPATH=$PATH; sh -c :) >/dev/null 2>&1 && { (PATH='/bin:/bin'; FPATH=$PATH; sh -c :) >/dev/null 2>&1 || @@ -81,13 +84,6 @@ fi -# IFS -# We need space, tab and new line, in precisely that order. Quoting is -# there to prevent editors from complaining about space-tab. -# (If _AS_PATH_WALK were called with IFS unset, it would disable word -# splitting by setting IFS to empty value.) -IFS=" "" $as_nl" - # Find who we are. Look in the path if we contain no directory separator. as_myself= case $0 in #(( @@ -96,8 +92,12 @@ for as_dir in $PATH do IFS=$as_save_IFS - test -z "$as_dir" && as_dir=. - test -r "$as_dir/$0" && as_myself=$as_dir/$0 && break + case $as_dir in #((( + '') as_dir=./ ;; + */) ;; + *) as_dir=$as_dir/ ;; + esac + test -r "$as_dir$0" && as_myself=$as_dir$0 && break done IFS=$as_save_IFS @@ -109,30 +109,10 @@ as_myself=$0 fi if test ! -f "$as_myself"; then - $as_echo "$as_myself: error: cannot find myself; rerun with an absolute file name" >&2 + printf "%s\n" "$as_myself: error: cannot find myself; rerun with an absolute file name" >&2 exit 1 fi -# Unset variables that we do not need and which cause bugs (e.g. in -# pre-3.0 UWIN ksh). But do not cause bugs in bash 2.01; the "|| exit 1" -# suppresses any "Segmentation fault" message there. '((' could -# trigger a bug in pdksh 5.2.14. -for as_var in BASH_ENV ENV MAIL MAILPATH -do eval test x\${$as_var+set} = xset \ - && ( (unset $as_var) || exit 1) >/dev/null 2>&1 && unset $as_var || : -done -PS1='$ ' -PS2='> ' -PS4='+ ' - -# NLS nuisances. -LC_ALL=C -export LC_ALL -LANGUAGE=C -export LANGUAGE - -# CDPATH. -(unset CDPATH) >/dev/null 2>&1 && unset CDPATH # Use a proper internal environment variable to ensure we don't fall # into an infinite loop, continuously re-executing ourselves. @@ -154,20 +134,22 @@ exec $CONFIG_SHELL $as_opts "$as_myself" ${1+"$@"} # Admittedly, this is quite paranoid, since all the known shells bail # out after a failed `exec'. -$as_echo "$0: could not re-execute with $CONFIG_SHELL" >&2 -as_fn_exit 255 +printf "%s\n" "$0: could not re-execute with $CONFIG_SHELL" >&2 +exit 255 fi # We don't want this to propagate to other subprocesses. { _as_can_reexec=; unset _as_can_reexec;} if test "x$CONFIG_SHELL" = x; then - as_bourne_compatible="if test -n \"\${ZSH_VERSION+set}\" && (emulate sh) >/dev/null 2>&1; then : + as_bourne_compatible="as_nop=: +if test \${ZSH_VERSION+y} && (emulate sh) >/dev/null 2>&1 +then : emulate sh NULLCMD=: # Pre-4.2 versions of Zsh do word splitting on \${1+\"\$@\"}, which # is contrary to our usage. Disable this feature. alias -g '\${1+\"\$@\"}'='\"\$@\"' setopt NO_GLOB_SUBST -else +else \$as_nop case \`(set -o) 2>/dev/null\` in #( *posix*) : set -o posix ;; #( @@ -187,18 +169,20 @@ as_fn_failure && { exitcode=1; echo as_fn_failure succeeded.; } as_fn_ret_success || { exitcode=1; echo as_fn_ret_success failed.; } as_fn_ret_failure && { exitcode=1; echo as_fn_ret_failure succeeded.; } -if ( set x; as_fn_ret_success y && test x = \"\$1\" ); then : +if ( set x; as_fn_ret_success y && test x = \"\$1\" ) +then : -else +else \$as_nop exitcode=1; echo positional parameters were not saved. fi test x\$exitcode = x0 || exit 1 +blah=\$(echo \$(echo blah)) +test x\"\$blah\" = xblah || exit 1 test -x / || exit 1" as_suggested=" as_lineno_1=";as_suggested=$as_suggested$LINENO;as_suggested=$as_suggested" as_lineno_1a=\$LINENO as_lineno_2=";as_suggested=$as_suggested$LINENO;as_suggested=$as_suggested" as_lineno_2a=\$LINENO eval 'test \"x\$as_lineno_1'\$as_run'\" != \"x\$as_lineno_2'\$as_run'\" && test \"x\`expr \$as_lineno_1'\$as_run' + 1\`\" = \"x\$as_lineno_2'\$as_run'\"' || exit 1 -test \$(( 1 + 1 )) = 2 || exit 1 test -n \"\${ZSH_VERSION+set}\${BASH_VERSION+set}\" || ( ECHO='\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\' @@ -206,31 +190,40 @@ ECHO=\$ECHO\$ECHO\$ECHO\$ECHO\$ECHO\$ECHO PATH=/empty FPATH=/empty; export PATH FPATH test \"X\`printf %s \$ECHO\`\" = \"X\$ECHO\" \\ - || test \"X\`print -r -- \$ECHO\`\" = \"X\$ECHO\" ) || exit 1" - if (eval "$as_required") 2>/dev/null; then : + || test \"X\`print -r -- \$ECHO\`\" = \"X\$ECHO\" ) || exit 1 +test \$(( 1 + 1 )) = 2 || exit 1" + if (eval "$as_required") 2>/dev/null +then : as_have_required=yes -else +else $as_nop as_have_required=no fi - if test x$as_have_required = xyes && (eval "$as_suggested") 2>/dev/null; then : + if test x$as_have_required = xyes && (eval "$as_suggested") 2>/dev/null +then : -else +else $as_nop as_save_IFS=$IFS; IFS=$PATH_SEPARATOR as_found=false for as_dir in /bin$PATH_SEPARATOR/usr/bin$PATH_SEPARATOR$PATH do IFS=$as_save_IFS - test -z "$as_dir" && as_dir=. + case $as_dir in #((( + '') as_dir=./ ;; + */) ;; + *) as_dir=$as_dir/ ;; + esac as_found=: case $as_dir in #( /*) for as_base in sh bash ksh sh5; do # Try only shells that exist, to save several forks. - as_shell=$as_dir/$as_base + as_shell=$as_dir$as_base if { test -f "$as_shell" || test -f "$as_shell.exe"; } && - { $as_echo "$as_bourne_compatible""$as_required" | as_run=a "$as_shell"; } 2>/dev/null; then : + as_run=a "$as_shell" -c "$as_bourne_compatible""$as_required" 2>/dev/null +then : CONFIG_SHELL=$as_shell as_have_required=yes - if { $as_echo "$as_bourne_compatible""$as_suggested" | as_run=a "$as_shell"; } 2>/dev/null; then : + if as_run=a "$as_shell" -c "$as_bourne_compatible""$as_suggested" 2>/dev/null +then : break 2 fi fi @@ -238,14 +231,21 @@ esac as_found=false done -$as_found || { if { test -f "$SHELL" || test -f "$SHELL.exe"; } && - { $as_echo "$as_bourne_compatible""$as_required" | as_run=a "$SHELL"; } 2>/dev/null; then : - CONFIG_SHELL=$SHELL as_have_required=yes -fi; } IFS=$as_save_IFS +if $as_found +then : + +else $as_nop + if { test -f "$SHELL" || test -f "$SHELL.exe"; } && + as_run=a "$SHELL" -c "$as_bourne_compatible""$as_required" 2>/dev/null +then : + CONFIG_SHELL=$SHELL as_have_required=yes +fi +fi - if test "x$CONFIG_SHELL" != x; then : + if test "x$CONFIG_SHELL" != x +then : export CONFIG_SHELL # We cannot yet assume a decent shell, so we have to provide a # neutralization value for shells without unset; and this also @@ -263,18 +263,19 @@ exec $CONFIG_SHELL $as_opts "$as_myself" ${1+"$@"} # Admittedly, this is quite paranoid, since all the known shells bail # out after a failed `exec'. -$as_echo "$0: could not re-execute with $CONFIG_SHELL" >&2 +printf "%s\n" "$0: could not re-execute with $CONFIG_SHELL" >&2 exit 255 fi - if test x$as_have_required = xno; then : - $as_echo "$0: This script requires a shell more modern than all" - $as_echo "$0: the shells that I found on your system." - if test x${ZSH_VERSION+set} = xset ; then - $as_echo "$0: In particular, zsh $ZSH_VERSION has bugs and should" - $as_echo "$0: be upgraded to zsh 4.3.4 or later." + if test x$as_have_required = xno +then : + printf "%s\n" "$0: This script requires a shell more modern than all" + printf "%s\n" "$0: the shells that I found on your system." + if test ${ZSH_VERSION+y} ; then + printf "%s\n" "$0: In particular, zsh $ZSH_VERSION has bugs and should" + printf "%s\n" "$0: be upgraded to zsh 4.3.4 or later." else - $as_echo "$0: Please tell bug-autoconf@gnu.org and + printf "%s\n" "$0: Please tell bug-autoconf@gnu.org and $0: https://bugzilla.sudo.ws/ about your system, including $0: any error possibly output before this message. Then $0: install a modern shell, or manually run the script @@ -302,6 +303,7 @@ } as_unset=as_fn_unset + # as_fn_set_status STATUS # ----------------------- # Set $? to STATUS, without forking. @@ -319,6 +321,14 @@ as_fn_set_status $1 exit $1 } # as_fn_exit +# as_fn_nop +# --------- +# Do nothing but, unlike ":", preserve the value of $?. +as_fn_nop () +{ + return $? +} +as_nop=as_fn_nop # as_fn_mkdir_p # ------------- @@ -333,7 +343,7 @@ as_dirs= while :; do case $as_dir in #( - *\'*) as_qdir=`$as_echo "$as_dir" | sed "s/'/'\\\\\\\\''/g"`;; #'( + *\'*) as_qdir=`printf "%s\n" "$as_dir" | sed "s/'/'\\\\\\\\''/g"`;; #'( *) as_qdir=$as_dir;; esac as_dirs="'$as_qdir' $as_dirs" @@ -342,7 +352,7 @@ X"$as_dir" : 'X\(//\)[^/]' \| \ X"$as_dir" : 'X\(//\)$' \| \ X"$as_dir" : 'X\(/\)' \| . 2>/dev/null || -$as_echo X"$as_dir" | +printf "%s\n" X"$as_dir" | sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{ s//\1/ q @@ -381,12 +391,13 @@ # advantage of any shell optimizations that allow amortized linear growth over # repeated appends, instead of the typical quadratic growth present in naive # implementations. -if (eval "as_var=1; as_var+=2; test x\$as_var = x12") 2>/dev/null; then : +if (eval "as_var=1; as_var+=2; test x\$as_var = x12") 2>/dev/null +then : eval 'as_fn_append () { eval $1+=\$2 }' -else +else $as_nop as_fn_append () { eval $1=\$$1\$2 @@ -398,18 +409,27 @@ # Perform arithmetic evaluation on the ARGs, and store the result in the # global $as_val. Take advantage of shells that can avoid forks. The arguments # must be portable across $(()) and expr. -if (eval "test \$(( 1 + 1 )) = 2") 2>/dev/null; then : +if (eval "test \$(( 1 + 1 )) = 2") 2>/dev/null +then : eval 'as_fn_arith () { as_val=$(( $* )) }' -else +else $as_nop as_fn_arith () { as_val=`expr "$@" || test $? -eq 1` } fi # as_fn_arith +# as_fn_nop +# --------- +# Do nothing but, unlike ":", preserve the value of $?. +as_fn_nop () +{ + return $? +} +as_nop=as_fn_nop # as_fn_error STATUS ERROR [LINENO LOG_FD] # ---------------------------------------- @@ -421,9 +441,9 @@ as_status=$1; test $as_status -eq 0 && as_status=1 if test "$4"; then as_lineno=${as_lineno-"$3"} as_lineno_stack=as_lineno_stack=$as_lineno_stack - $as_echo "$as_me:${as_lineno-$LINENO}: error: $2" >&$4 + printf "%s\n" "$as_me:${as_lineno-$LINENO}: error: $2" >&$4 fi - $as_echo "$as_me: error: $2" >&2 + printf "%s\n" "$as_me: error: $2" >&2 as_fn_exit $as_status } # as_fn_error @@ -450,7 +470,7 @@ $as_expr X/"$0" : '.*/\([^/][^/]*\)/*$' \| \ X"$0" : 'X\(//\)$' \| \ X"$0" : 'X\(/\)' \| . 2>/dev/null || -$as_echo X/"$0" | +printf "%s\n" X/"$0" | sed '/^.*\/\([^/][^/]*\)\/*$/{ s//\1/ q @@ -494,7 +514,7 @@ s/-\n.*// ' >$as_me.lineno && chmod +x "$as_me.lineno" || - { $as_echo "$as_me: error: cannot create $as_me.lineno; rerun with a POSIX shell" >&2; as_fn_exit 1; } + { printf "%s\n" "$as_me: error: cannot create $as_me.lineno; rerun with a POSIX shell" >&2; as_fn_exit 1; } # If we had to re-execute with $CONFIG_SHELL, we're ensured to have # already done that, so ensure we don't try to do so again and fall @@ -508,6 +528,10 @@ exit } + +# Determine whether it's possible to make 'echo' print without a newline. +# These variables are no longer used directly by Autoconf, but are AC_SUBSTed +# for compatibility with existing Makefiles. ECHO_C= ECHO_N= ECHO_T= case `echo -n x` in #((((( -n*) @@ -521,6 +545,13 @@ ECHO_N='-n';; esac +# For backward compatibility with old third-party macros, we provide +# the shell variables $as_echo and $as_echo_n. New code should use +# AS_ECHO(["message"]) and AS_ECHO_N(["message"]), respectively. +as_echo='printf %s\n' +as_echo_n='printf %s' + + rm -f conf$$ conf$$.exe conf$$.file if test -d conf$$.dir; then rm -f conf$$.dir/conf$$.file @@ -590,8 +621,8 @@ # Identity of this package. PACKAGE_NAME='sudo' PACKAGE_TARNAME='sudo' -PACKAGE_VERSION='1.9.5p2' -PACKAGE_STRING='sudo 1.9.5p2' +PACKAGE_VERSION='1.9.9' +PACKAGE_STRING='sudo 1.9.9' PACKAGE_BUGREPORT='https://bugzilla.sudo.ws/' PACKAGE_URL='' @@ -599,42 +630,37 @@ ac_config_libobj_dir=lib/util # Factoring default headers for most tests. ac_includes_default="\ -#include -#ifdef HAVE_SYS_TYPES_H -# include -#endif -#ifdef HAVE_SYS_STAT_H -# include +#include +#ifdef HAVE_STDIO_H +# include #endif -#ifdef STDC_HEADERS +#ifdef HAVE_STDLIB_H # include -# include -#else -# ifdef HAVE_STDLIB_H -# include -# endif #endif #ifdef HAVE_STRING_H -# if !defined STDC_HEADERS && defined HAVE_MEMORY_H -# include -# endif # include #endif -#ifdef HAVE_STRINGS_H -# include -#endif #ifdef HAVE_INTTYPES_H # include #endif #ifdef HAVE_STDINT_H # include #endif +#ifdef HAVE_STRINGS_H +# include +#endif +#ifdef HAVE_SYS_TYPES_H +# include +#endif +#ifdef HAVE_SYS_STAT_H +# include +#endif #ifdef HAVE_UNISTD_H # include #endif" -ac_header_list= -ac_func_list= +ac_header_c_list= +ac_func_c_list= ac_c_werror_flag= ac_subst_vars='LTLIBOBJS KRB5CONFIG @@ -658,6 +684,7 @@ MANDOCPROG TRPROG UNAMEPROG +SHA1SUM LT_SYS_LIBRARY_PATH OTOOL64 OTOOL @@ -676,19 +703,27 @@ DUMPBIN LD FGREP +EGREP +GREP SED host_os host_vendor host_cpu host +LDFLAGS_FOR_BUILD +CPPFLAGS_FOR_BUILD +CFLAGS_FOR_BUILD +BUILD_OBJEXT +BUILD_EXEEXT +CPP_FOR_BUILD +ac_ct_CC_FOR_BUILD +CC_FOR_BUILD build_os build_vendor build_cpu build RANLIB AR -EGREP -GREP CPP OBJEXT EXEEXT @@ -733,9 +768,13 @@ timeout vardir rundir +relay_dir logpath log_dir iolog_dir +INTERCEPT_EXP +FUZZ_LD +FUZZ_ENGINE PPFILES LIBLOGSRV LOGSRVD_CONF @@ -767,6 +806,7 @@ LIBPTHREAD LIBTLS LIBMD +LIBCRYPTO LIBINTL LIBRT LIBDL @@ -779,13 +819,17 @@ SELINUX_USAGE BSDAUTH_USAGE DONT_LEAK_PATH_INFO -CHECK_NOEXEC +PRELOAD_MODULE INSTALL_NOEXEC +INSTALL_INTERCEPT INSTALL_BACKUP sesh_file noexec_file NOEXECDIR NOEXECFILE +intercept_file +INTERCEPTDIR +INTERCEPTFILE mansectform mansectsu devdir @@ -813,6 +857,7 @@ SUDO_LIBS SUDO_OBJS SUDOERS_OBJS +SUDOERS_LT_STATIC COMMON_OBJS LT_DEP_LIBS LT_STATIC @@ -890,7 +935,6 @@ with_incpath with_libpath with_libraries -with_efence with_csops with_passwd with_skey @@ -926,6 +970,7 @@ with_rundir with_vardir with_iologdir +with_relaydir with_tzdir with_sendmail with_sudoers_mode @@ -974,11 +1019,14 @@ enable_env_reset enable_warnings enable_werror -enable_openssl -enable_gcrypt +enable_ssp enable_hardening enable_pie -enable_asan +enable_sanitizer +enable_fuzzer +enable_fuzzer_engine +enable_fuzzer_linker +enable_leaks enable_poll enable_admin_flag enable_nls @@ -996,6 +1044,11 @@ enable_pvs_studio enable_log_server enable_log_client +enable_openssl +enable_openssl_pkgconfig_template +enable_wolfssl +enable_gcrypt +enable_python enable_shared enable_static with_pic @@ -1005,11 +1058,11 @@ with_sysroot enable_libtool_lock with_libtool +enable_intercept with_noexec with_netsvc enable_sia enable_largefile -enable_python with_pam_login enable_pam_session enable_kerb5_instance @@ -1102,8 +1155,6 @@ *) ac_optarg=yes ;; esac - # Accept the important Cygnus configure options, so we can diagnose typos. - case $ac_dashdash$ac_option in --) ac_dashdash=yes ;; @@ -1144,9 +1195,9 @@ ac_useropt=`expr "x$ac_option" : 'x-*disable-\(.*\)'` # Reject names that are not valid shell variable names. expr "x$ac_useropt" : ".*[^-+._$as_cr_alnum]" >/dev/null && - as_fn_error $? "invalid feature name: $ac_useropt" + as_fn_error $? "invalid feature name: \`$ac_useropt'" ac_useropt_orig=$ac_useropt - ac_useropt=`$as_echo "$ac_useropt" | sed 's/[-+.]/_/g'` + ac_useropt=`printf "%s\n" "$ac_useropt" | sed 's/[-+.]/_/g'` case $ac_user_opts in *" "enable_$ac_useropt" @@ -1170,9 +1221,9 @@ ac_useropt=`expr "x$ac_option" : 'x-*enable-\([^=]*\)'` # Reject names that are not valid shell variable names. expr "x$ac_useropt" : ".*[^-+._$as_cr_alnum]" >/dev/null && - as_fn_error $? "invalid feature name: $ac_useropt" + as_fn_error $? "invalid feature name: \`$ac_useropt'" ac_useropt_orig=$ac_useropt - ac_useropt=`$as_echo "$ac_useropt" | sed 's/[-+.]/_/g'` + ac_useropt=`printf "%s\n" "$ac_useropt" | sed 's/[-+.]/_/g'` case $ac_user_opts in *" "enable_$ac_useropt" @@ -1383,9 +1434,9 @@ ac_useropt=`expr "x$ac_option" : 'x-*with-\([^=]*\)'` # Reject names that are not valid shell variable names. expr "x$ac_useropt" : ".*[^-+._$as_cr_alnum]" >/dev/null && - as_fn_error $? "invalid package name: $ac_useropt" + as_fn_error $? "invalid package name: \`$ac_useropt'" ac_useropt_orig=$ac_useropt - ac_useropt=`$as_echo "$ac_useropt" | sed 's/[-+.]/_/g'` + ac_useropt=`printf "%s\n" "$ac_useropt" | sed 's/[-+.]/_/g'` case $ac_user_opts in *" "with_$ac_useropt" @@ -1399,9 +1450,9 @@ ac_useropt=`expr "x$ac_option" : 'x-*without-\(.*\)'` # Reject names that are not valid shell variable names. expr "x$ac_useropt" : ".*[^-+._$as_cr_alnum]" >/dev/null && - as_fn_error $? "invalid package name: $ac_useropt" + as_fn_error $? "invalid package name: \`$ac_useropt'" ac_useropt_orig=$ac_useropt - ac_useropt=`$as_echo "$ac_useropt" | sed 's/[-+.]/_/g'` + ac_useropt=`printf "%s\n" "$ac_useropt" | sed 's/[-+.]/_/g'` case $ac_user_opts in *" "with_$ac_useropt" @@ -1445,9 +1496,9 @@ *) # FIXME: should be removed in autoconf 3.0. - $as_echo "$as_me: WARNING: you should use --build, --host, --target" >&2 + printf "%s\n" "$as_me: WARNING: you should use --build, --host, --target" >&2 expr "x$ac_option" : ".*[^-._$as_cr_alnum]" >/dev/null && - $as_echo "$as_me: WARNING: invalid host type: $ac_option" >&2 + printf "%s\n" "$as_me: WARNING: invalid host type: $ac_option" >&2 : "${build_alias=$ac_option} ${host_alias=$ac_option} ${target_alias=$ac_option}" ;; @@ -1463,7 +1514,7 @@ case $enable_option_checking in no) ;; fatal) as_fn_error $? "unrecognized options: $ac_unrecognized_opts" ;; - *) $as_echo "$as_me: WARNING: unrecognized options: $ac_unrecognized_opts" >&2 ;; + *) printf "%s\n" "$as_me: WARNING: unrecognized options: $ac_unrecognized_opts" >&2 ;; esac fi @@ -1527,7 +1578,7 @@ X"$as_myself" : 'X\(//\)[^/]' \| \ X"$as_myself" : 'X\(//\)$' \| \ X"$as_myself" : 'X\(/\)' \| . 2>/dev/null || -$as_echo X"$as_myself" | +printf "%s\n" X"$as_myself" | sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{ s//\1/ q @@ -1584,7 +1635,7 @@ # Omit some internal or obsolete options to make the list less imposing. # This message is too long to be a string in the A/UX 3.1 sh. cat <<_ACEOF -\`configure' configures sudo 1.9.5p2 to adapt to many kinds of systems. +\`configure' configures sudo 1.9.9 to adapt to many kinds of systems. Usage: $0 [OPTION]... [VAR=VALUE]... @@ -1650,7 +1701,7 @@ if test -n "$ac_init_help"; then case $ac_init_help in - short | recursive ) echo "Configuration of sudo 1.9.5p2:";; + short | recursive ) echo "Configuration of sudo 1.9.9:";; esac cat <<\_ACEOF @@ -1675,14 +1726,20 @@ --enable-env-reset Whether to enable environment resetting by default. --enable-warnings Whether to enable compiler warnings --enable-werror Whether to enable the -Werror compiler option - --enable-openssl Use OpenSSL's TLS and sha2 functions - --enable-gcrypt Use GNU crypt's sha2 functions + --disable-ssp Do not compile using the -fstack-protector option. --disable-hardening Do not use compiler/linker exploit mitigation options --enable-pie Build sudo as a position independent executable. - --enable-asan Build sudo with address sanitizer support. + --enable-sanitizer Build sudo with sanitizer support. + --enable-fuzzer Build sudo with LLVM libFuzzer support. + --enable-fuzzer-engine Link fuzz targets with the specified fuzzer engine + instead of the default. + --enable-fuzzer-linker Use the specified linker when building fuzz targets + instead of the default C compiler. + --disable-leaks Prevent some harmless memory leaks. --disable-poll Use select() instead of poll(). - --enable-admin-flag Whether to create a Ubuntu-style admin flag file + --enable-admin-flag[=PATH] + Whether to create a Ubuntu-style admin flag file --disable-nls Disable natural language support using gettext --disable-rpath Disable passing of -Rpath to the linker --enable-static-sudoers Build the sudoers policy module as part of the sudo @@ -1704,14 +1761,21 @@ --disable-log-server Disable building the sudo_logsrvd log server. --disable-log-client Disable sudoers support for using the sudo_logsrvd log server. + --enable-openssl Use OpenSSL's TLS and sha2 functions + --enable-openssl-pkgconfig-template + A printf format string used to construct the OpenSSL + pkg-config name + --enable-wolfssl Use wolfSSL's TLS and sha2 functions + --enable-gcrypt Use GNU crypt's sha2 functions + --enable-python Compile python plugin support --enable-shared[=PKGS] build shared libraries [default=yes] --enable-static[=PKGS] build static libraries [default=yes] --enable-fast-install[=PKGS] optimize for fast installation [default=yes] --disable-libtool-lock avoid locking (might break parallel builds) + --enable-intercept fully qualified pathname of sudo_intercept.so --disable-sia Disable SIA on Digital UNIX --disable-largefile omit support for large files - --enable-python Compile python plugin support --disable-pam-session Disable PAM session support --enable-kerb5-instance instance string to append to the username (separated by a slash) @@ -1735,7 +1799,6 @@ --with-incpath additional places to look for include files --with-libpath additional places to look for libraries --with-libraries additional libraries to link with - --with-efence link with -lefence for malloc() debugging --with-csops add CSOps standard options --without-passwd don't use passwd/shadow file for authentication --with-skey[=DIR] enable S/Key support @@ -1775,6 +1838,8 @@ system reboot, e.g. `/var/db/sudo' or `/var/lib/sudo' --with-iologdir=DIR directory to store sudo I/O log files in + --with-relaydir=DIR directory to store sudo_logsrvd relay temporary + files in --with-tzdir=DIR path to the time zone data directory --with-sendmail set path to sendmail --without-sendmail do not send mail at all @@ -1877,9 +1942,9 @@ case "$ac_dir" in .) ac_dir_suffix= ac_top_builddir_sub=. ac_top_build_prefix= ;; *) - ac_dir_suffix=/`$as_echo "$ac_dir" | sed 's|^\.[\\/]||'` + ac_dir_suffix=/`printf "%s\n" "$ac_dir" | sed 's|^\.[\\/]||'` # A ".." for each directory in $ac_dir_suffix. - ac_top_builddir_sub=`$as_echo "$ac_dir_suffix" | sed 's|/[^\\/]*|/..|g;s|/||'` + ac_top_builddir_sub=`printf "%s\n" "$ac_dir_suffix" | sed 's|/[^\\/]*|/..|g;s|/||'` case $ac_top_builddir_sub in "") ac_top_builddir_sub=. ac_top_build_prefix= ;; *) ac_top_build_prefix=$ac_top_builddir_sub/ ;; @@ -1907,7 +1972,8 @@ ac_abs_srcdir=$ac_abs_top_srcdir$ac_dir_suffix cd "$ac_dir" || { ac_status=$?; continue; } - # Check for guested configure. + # Check for configure.gnu first; this name is used for a wrapper for + # Metaconfig's "Configure" on case-insensitive file systems. if test -f "$ac_srcdir/configure.gnu"; then echo && $SHELL "$ac_srcdir/configure.gnu" --help=recursive @@ -1915,7 +1981,7 @@ echo && $SHELL "$ac_srcdir/configure" --help=recursive else - $as_echo "$as_me: WARNING: no configuration information is in $ac_dir" >&2 + printf "%s\n" "$as_me: WARNING: no configuration information is in $ac_dir" >&2 fi || ac_status=$? cd "$ac_pwd" || { ac_status=$?; break; } done @@ -1924,10 +1990,10 @@ test -n "$ac_init_help" && exit $ac_status if $ac_init_version; then cat <<\_ACEOF -sudo configure 1.9.5p2 -generated by GNU Autoconf 2.69 +sudo configure 1.9.9 +generated by GNU Autoconf 2.71 -Copyright (C) 2012 Free Software Foundation, Inc. +Copyright (C) 2021 Free Software Foundation, Inc. This configure script is free software; the Free Software Foundation gives unlimited permission to copy, distribute and modify it. _ACEOF @@ -1944,14 +2010,14 @@ ac_fn_c_try_compile () { as_lineno=${as_lineno-"$1"} as_lineno_stack=as_lineno_stack=$as_lineno_stack - rm -f conftest.$ac_objext + rm -f conftest.$ac_objext conftest.beam if { { ac_try="$ac_compile" case "(($ac_try" in *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; *) ac_try_echo=$ac_try;; esac eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\"" -$as_echo "$ac_try_echo"; } >&5 +printf "%s\n" "$ac_try_echo"; } >&5 (eval "$ac_compile") 2>conftest.err ac_status=$? if test -s conftest.err; then @@ -1959,14 +2025,15 @@ cat conftest.er1 >&5 mv -f conftest.er1 conftest.err fi - $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 test $ac_status = 0; } && { test -z "$ac_c_werror_flag" || test ! -s conftest.err - } && test -s conftest.$ac_objext; then : + } && test -s conftest.$ac_objext +then : ac_retval=0 -else - $as_echo "$as_me: failed program was:" >&5 +else $as_nop + printf "%s\n" "$as_me: failed program was:" >&5 sed 's/^/| /' conftest.$ac_ext >&5 ac_retval=1 @@ -1976,176 +2043,6 @@ } # ac_fn_c_try_compile -# ac_fn_c_try_cpp LINENO -# ---------------------- -# Try to preprocess conftest.$ac_ext, and return whether this succeeded. -ac_fn_c_try_cpp () -{ - as_lineno=${as_lineno-"$1"} as_lineno_stack=as_lineno_stack=$as_lineno_stack - if { { ac_try="$ac_cpp conftest.$ac_ext" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\"" -$as_echo "$ac_try_echo"; } >&5 - (eval "$ac_cpp conftest.$ac_ext") 2>conftest.err - ac_status=$? - if test -s conftest.err; then - grep -v '^ *+' conftest.err >conftest.er1 - cat conftest.er1 >&5 - mv -f conftest.er1 conftest.err - fi - $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 - test $ac_status = 0; } > conftest.i && { - test -z "$ac_c_preproc_warn_flag$ac_c_werror_flag" || - test ! -s conftest.err - }; then : - ac_retval=0 -else - $as_echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - ac_retval=1 -fi - eval $as_lineno_stack; ${as_lineno_stack:+:} unset as_lineno - as_fn_set_status $ac_retval - -} # ac_fn_c_try_cpp - -# ac_fn_c_check_header_mongrel LINENO HEADER VAR INCLUDES -# ------------------------------------------------------- -# Tests whether HEADER exists, giving a warning if it cannot be compiled using -# the include files in INCLUDES and setting the cache variable VAR -# accordingly. -ac_fn_c_check_header_mongrel () -{ - as_lineno=${as_lineno-"$1"} as_lineno_stack=as_lineno_stack=$as_lineno_stack - if eval \${$3+:} false; then : - { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $2" >&5 -$as_echo_n "checking for $2... " >&6; } -if eval \${$3+:} false; then : - $as_echo_n "(cached) " >&6 -fi -eval ac_res=\$$3 - { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_res" >&5 -$as_echo "$ac_res" >&6; } -else - # Is the header compilable? -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking $2 usability" >&5 -$as_echo_n "checking $2 usability... " >&6; } -cat confdefs.h - <<_ACEOF >conftest.$ac_ext -/* end confdefs.h. */ -$4 -#include <$2> -_ACEOF -if ac_fn_c_try_compile "$LINENO"; then : - ac_header_compiler=yes -else - ac_header_compiler=no -fi -rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_header_compiler" >&5 -$as_echo "$ac_header_compiler" >&6; } - -# Is the header present? -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking $2 presence" >&5 -$as_echo_n "checking $2 presence... " >&6; } -cat confdefs.h - <<_ACEOF >conftest.$ac_ext -/* end confdefs.h. */ -#include <$2> -_ACEOF -if ac_fn_c_try_cpp "$LINENO"; then : - ac_header_preproc=yes -else - ac_header_preproc=no -fi -rm -f conftest.err conftest.i conftest.$ac_ext -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_header_preproc" >&5 -$as_echo "$ac_header_preproc" >&6; } - -# So? What about this header? -case $ac_header_compiler:$ac_header_preproc:$ac_c_preproc_warn_flag in #(( - yes:no: ) - { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: $2: accepted by the compiler, rejected by the preprocessor!" >&5 -$as_echo "$as_me: WARNING: $2: accepted by the compiler, rejected by the preprocessor!" >&2;} - { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: $2: proceeding with the compiler's result" >&5 -$as_echo "$as_me: WARNING: $2: proceeding with the compiler's result" >&2;} - ;; - no:yes:* ) - { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: $2: present but cannot be compiled" >&5 -$as_echo "$as_me: WARNING: $2: present but cannot be compiled" >&2;} - { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: $2: check for missing prerequisite headers?" >&5 -$as_echo "$as_me: WARNING: $2: check for missing prerequisite headers?" >&2;} - { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: $2: see the Autoconf documentation" >&5 -$as_echo "$as_me: WARNING: $2: see the Autoconf documentation" >&2;} - { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: $2: section \"Present But Cannot Be Compiled\"" >&5 -$as_echo "$as_me: WARNING: $2: section \"Present But Cannot Be Compiled\"" >&2;} - { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: $2: proceeding with the compiler's result" >&5 -$as_echo "$as_me: WARNING: $2: proceeding with the compiler's result" >&2;} -( $as_echo "## ---------------------------------------- ## -## Report this to https://bugzilla.sudo.ws/ ## -## ---------------------------------------- ##" - ) | sed "s/^/$as_me: WARNING: /" >&2 - ;; -esac - { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $2" >&5 -$as_echo_n "checking for $2... " >&6; } -if eval \${$3+:} false; then : - $as_echo_n "(cached) " >&6 -else - eval "$3=\$ac_header_compiler" -fi -eval ac_res=\$$3 - { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_res" >&5 -$as_echo "$ac_res" >&6; } -fi - eval $as_lineno_stack; ${as_lineno_stack:+:} unset as_lineno - -} # ac_fn_c_check_header_mongrel - -# ac_fn_c_try_run LINENO -# ---------------------- -# Try to link conftest.$ac_ext, and return whether this succeeded. Assumes -# that executables *can* be run. -ac_fn_c_try_run () -{ - as_lineno=${as_lineno-"$1"} as_lineno_stack=as_lineno_stack=$as_lineno_stack - if { { ac_try="$ac_link" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\"" -$as_echo "$ac_try_echo"; } >&5 - (eval "$ac_link") 2>&5 - ac_status=$? - $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 - test $ac_status = 0; } && { ac_try='./conftest$ac_exeext' - { { case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\"" -$as_echo "$ac_try_echo"; } >&5 - (eval "$ac_try") 2>&5 - ac_status=$? - $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 - test $ac_status = 0; }; }; then : - ac_retval=0 -else - $as_echo "$as_me: program exited with status $ac_status" >&5 - $as_echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - ac_retval=$ac_status -fi - rm -rf conftest.dSYM conftest_ipa8_conftest.oo - eval $as_lineno_stack; ${as_lineno_stack:+:} unset as_lineno - as_fn_set_status $ac_retval - -} # ac_fn_c_try_run - # ac_fn_c_check_header_compile LINENO HEADER VAR INCLUDES # ------------------------------------------------------- # Tests whether HEADER exists and can be compiled using the include files in @@ -2153,26 +2050,28 @@ ac_fn_c_check_header_compile () { as_lineno=${as_lineno-"$1"} as_lineno_stack=as_lineno_stack=$as_lineno_stack - { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $2" >&5 -$as_echo_n "checking for $2... " >&6; } -if eval \${$3+:} false; then : - $as_echo_n "(cached) " >&6 -else + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $2" >&5 +printf %s "checking for $2... " >&6; } +if eval test \${$3+y} +then : + printf %s "(cached) " >&6 +else $as_nop cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ $4 #include <$2> _ACEOF -if ac_fn_c_try_compile "$LINENO"; then : +if ac_fn_c_try_compile "$LINENO" +then : eval "$3=yes" -else +else $as_nop eval "$3=no" fi -rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext +rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext fi eval ac_res=\$$3 - { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_res" >&5 -$as_echo "$ac_res" >&6; } + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_res" >&5 +printf "%s\n" "$ac_res" >&6; } eval $as_lineno_stack; ${as_lineno_stack:+:} unset as_lineno } # ac_fn_c_check_header_compile @@ -2183,14 +2082,14 @@ ac_fn_c_try_link () { as_lineno=${as_lineno-"$1"} as_lineno_stack=as_lineno_stack=$as_lineno_stack - rm -f conftest.$ac_objext conftest$ac_exeext + rm -f conftest.$ac_objext conftest.beam conftest$ac_exeext if { { ac_try="$ac_link" case "(($ac_try" in *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; *) ac_try_echo=$ac_try;; esac eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\"" -$as_echo "$ac_try_echo"; } >&5 +printf "%s\n" "$ac_try_echo"; } >&5 (eval "$ac_link") 2>conftest.err ac_status=$? if test -s conftest.err; then @@ -2198,17 +2097,18 @@ cat conftest.er1 >&5 mv -f conftest.er1 conftest.err fi - $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 test $ac_status = 0; } && { test -z "$ac_c_werror_flag" || test ! -s conftest.err } && test -s conftest$ac_exeext && { test "$cross_compiling" = yes || test -x conftest$ac_exeext - }; then : + } +then : ac_retval=0 -else - $as_echo "$as_me: failed program was:" >&5 +else $as_nop + printf "%s\n" "$as_me: failed program was:" >&5 sed 's/^/| /' conftest.$ac_ext >&5 ac_retval=1 @@ -2223,17 +2123,56 @@ } # ac_fn_c_try_link +# ac_fn_c_try_cpp LINENO +# ---------------------- +# Try to preprocess conftest.$ac_ext, and return whether this succeeded. +ac_fn_c_try_cpp () +{ + as_lineno=${as_lineno-"$1"} as_lineno_stack=as_lineno_stack=$as_lineno_stack + if { { ac_try="$ac_cpp conftest.$ac_ext" +case "(($ac_try" in + *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; + *) ac_try_echo=$ac_try;; +esac +eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\"" +printf "%s\n" "$ac_try_echo"; } >&5 + (eval "$ac_cpp conftest.$ac_ext") 2>conftest.err + ac_status=$? + if test -s conftest.err; then + grep -v '^ *+' conftest.err >conftest.er1 + cat conftest.er1 >&5 + mv -f conftest.er1 conftest.err + fi + printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + test $ac_status = 0; } > conftest.i && { + test -z "$ac_c_preproc_warn_flag$ac_c_werror_flag" || + test ! -s conftest.err + } +then : + ac_retval=0 +else $as_nop + printf "%s\n" "$as_me: failed program was:" >&5 +sed 's/^/| /' conftest.$ac_ext >&5 + + ac_retval=1 +fi + eval $as_lineno_stack; ${as_lineno_stack:+:} unset as_lineno + as_fn_set_status $ac_retval + +} # ac_fn_c_try_cpp + # ac_fn_c_check_func LINENO FUNC VAR # ---------------------------------- # Tests whether FUNC exists, setting the cache variable VAR accordingly ac_fn_c_check_func () { as_lineno=${as_lineno-"$1"} as_lineno_stack=as_lineno_stack=$as_lineno_stack - { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $2" >&5 -$as_echo_n "checking for $2... " >&6; } -if eval \${$3+:} false; then : - $as_echo_n "(cached) " >&6 -else + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $2" >&5 +printf %s "checking for $2... " >&6; } +if eval test \${$3+y} +then : + printf %s "(cached) " >&6 +else $as_nop cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ /* Define $2 to an innocuous variant, in case declares $2. @@ -2241,16 +2180,9 @@ #define $2 innocuous_$2 /* System header to define __stub macros and hopefully few prototypes, - which can conflict with char $2 (); below. - Prefer to if __STDC__ is defined, since - exists even on freestanding compilers. */ - -#ifdef __STDC__ -# include -#else -# include -#endif + which can conflict with char $2 (); below. */ +#include #undef $2 /* Override any GCC internal prototype to avoid an error. @@ -2268,24 +2200,25 @@ #endif int -main () +main (void) { return $2 (); ; return 0; } _ACEOF -if ac_fn_c_try_link "$LINENO"; then : +if ac_fn_c_try_link "$LINENO" +then : eval "$3=yes" -else +else $as_nop eval "$3=no" fi -rm -f core conftest.err conftest.$ac_objext \ +rm -f core conftest.err conftest.$ac_objext conftest.beam \ conftest$ac_exeext conftest.$ac_ext fi eval ac_res=\$$3 - { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_res" >&5 -$as_echo "$ac_res" >&6; } + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_res" >&5 +printf "%s\n" "$ac_res" >&6; } eval $as_lineno_stack; ${as_lineno_stack:+:} unset as_lineno } # ac_fn_c_check_func @@ -2297,17 +2230,18 @@ ac_fn_c_check_type () { as_lineno=${as_lineno-"$1"} as_lineno_stack=as_lineno_stack=$as_lineno_stack - { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $2" >&5 -$as_echo_n "checking for $2... " >&6; } -if eval \${$3+:} false; then : - $as_echo_n "(cached) " >&6 -else + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $2" >&5 +printf %s "checking for $2... " >&6; } +if eval test \${$3+y} +then : + printf %s "(cached) " >&6 +else $as_nop eval "$3=no" cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ $4 int -main () +main (void) { if (sizeof ($2)) return 0; @@ -2315,12 +2249,13 @@ return 0; } _ACEOF -if ac_fn_c_try_compile "$LINENO"; then : +if ac_fn_c_try_compile "$LINENO" +then : cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ $4 int -main () +main (void) { if (sizeof (($2))) return 0; @@ -2328,41 +2263,45 @@ return 0; } _ACEOF -if ac_fn_c_try_compile "$LINENO"; then : +if ac_fn_c_try_compile "$LINENO" +then : -else +else $as_nop eval "$3=yes" fi -rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext +rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext fi -rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext +rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext fi eval ac_res=\$$3 - { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_res" >&5 -$as_echo "$ac_res" >&6; } + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_res" >&5 +printf "%s\n" "$ac_res" >&6; } eval $as_lineno_stack; ${as_lineno_stack:+:} unset as_lineno } # ac_fn_c_check_type -# ac_fn_c_check_decl LINENO SYMBOL VAR INCLUDES -# --------------------------------------------- +# ac_fn_check_decl LINENO SYMBOL VAR INCLUDES EXTRA-OPTIONS FLAG-VAR +# ------------------------------------------------------------------ # Tests whether SYMBOL is declared in INCLUDES, setting cache variable VAR -# accordingly. -ac_fn_c_check_decl () +# accordingly. Pass EXTRA-OPTIONS to the compiler, using FLAG-VAR. +ac_fn_check_decl () { as_lineno=${as_lineno-"$1"} as_lineno_stack=as_lineno_stack=$as_lineno_stack as_decl_name=`echo $2|sed 's/ *(.*//'` + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking whether $as_decl_name is declared" >&5 +printf %s "checking whether $as_decl_name is declared... " >&6; } +if eval test \${$3+y} +then : + printf %s "(cached) " >&6 +else $as_nop as_decl_use=`echo $2|sed -e 's/(/((/' -e 's/)/) 0&/' -e 's/,/) 0& (/g'` - { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether $as_decl_name is declared" >&5 -$as_echo_n "checking whether $as_decl_name is declared... " >&6; } -if eval \${$3+:} false; then : - $as_echo_n "(cached) " >&6 -else + eval ac_save_FLAGS=\$$6 + as_fn_append $6 " $5" cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ $4 int -main () +main (void) { #ifndef $as_decl_name #ifdef __cplusplus @@ -2376,19 +2315,22 @@ return 0; } _ACEOF -if ac_fn_c_try_compile "$LINENO"; then : +if ac_fn_c_try_compile "$LINENO" +then : eval "$3=yes" -else +else $as_nop eval "$3=no" fi -rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext +rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext + eval $6=\$ac_save_FLAGS + fi eval ac_res=\$$3 - { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_res" >&5 -$as_echo "$ac_res" >&6; } + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_res" >&5 +printf "%s\n" "$ac_res" >&6; } eval $as_lineno_stack; ${as_lineno_stack:+:} unset as_lineno -} # ac_fn_c_check_decl +} # ac_fn_check_decl # ac_fn_c_check_member LINENO AGGR MEMBER VAR INCLUDES # ---------------------------------------------------- @@ -2397,16 +2339,17 @@ ac_fn_c_check_member () { as_lineno=${as_lineno-"$1"} as_lineno_stack=as_lineno_stack=$as_lineno_stack - { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $2.$3" >&5 -$as_echo_n "checking for $2.$3... " >&6; } -if eval \${$4+:} false; then : - $as_echo_n "(cached) " >&6 -else + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $2.$3" >&5 +printf %s "checking for $2.$3... " >&6; } +if eval test \${$4+y} +then : + printf %s "(cached) " >&6 +else $as_nop cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ $5 int -main () +main (void) { static $2 ac_aggr; if (ac_aggr.$3) @@ -2415,14 +2358,15 @@ return 0; } _ACEOF -if ac_fn_c_try_compile "$LINENO"; then : +if ac_fn_c_try_compile "$LINENO" +then : eval "$4=yes" -else +else $as_nop cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ $5 int -main () +main (void) { static $2 ac_aggr; if (sizeof ac_aggr.$3) @@ -2431,22 +2375,66 @@ return 0; } _ACEOF -if ac_fn_c_try_compile "$LINENO"; then : +if ac_fn_c_try_compile "$LINENO" +then : eval "$4=yes" -else +else $as_nop eval "$4=no" fi -rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext +rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext fi -rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext +rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext fi eval ac_res=\$$4 - { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_res" >&5 -$as_echo "$ac_res" >&6; } + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_res" >&5 +printf "%s\n" "$ac_res" >&6; } eval $as_lineno_stack; ${as_lineno_stack:+:} unset as_lineno } # ac_fn_c_check_member +# ac_fn_c_try_run LINENO +# ---------------------- +# Try to run conftest.$ac_ext, and return whether this succeeded. Assumes that +# executables *can* be run. +ac_fn_c_try_run () +{ + as_lineno=${as_lineno-"$1"} as_lineno_stack=as_lineno_stack=$as_lineno_stack + if { { ac_try="$ac_link" +case "(($ac_try" in + *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; + *) ac_try_echo=$ac_try;; +esac +eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\"" +printf "%s\n" "$ac_try_echo"; } >&5 + (eval "$ac_link") 2>&5 + ac_status=$? + printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + test $ac_status = 0; } && { ac_try='./conftest$ac_exeext' + { { case "(($ac_try" in + *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; + *) ac_try_echo=$ac_try;; +esac +eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\"" +printf "%s\n" "$ac_try_echo"; } >&5 + (eval "$ac_try") 2>&5 + ac_status=$? + printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + test $ac_status = 0; }; } +then : + ac_retval=0 +else $as_nop + printf "%s\n" "$as_me: program exited with status $ac_status" >&5 + printf "%s\n" "$as_me: failed program was:" >&5 +sed 's/^/| /' conftest.$ac_ext >&5 + + ac_retval=$ac_status +fi + rm -rf conftest.dSYM conftest_ipa8_conftest.oo + eval $as_lineno_stack; ${as_lineno_stack:+:} unset as_lineno + as_fn_set_status $ac_retval + +} # ac_fn_c_try_run + # ac_fn_c_compute_int LINENO EXPR VAR INCLUDES # -------------------------------------------- # Tries to find the compile-time value of EXPR in a program that includes @@ -2461,7 +2449,7 @@ /* end confdefs.h. */ $4 int -main () +main (void) { static int test_array [1 - 2 * !(($2) >= 0)]; test_array [0] = 0; @@ -2471,14 +2459,15 @@ return 0; } _ACEOF -if ac_fn_c_try_compile "$LINENO"; then : +if ac_fn_c_try_compile "$LINENO" +then : ac_lo=0 ac_mid=0 while :; do cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ $4 int -main () +main (void) { static int test_array [1 - 2 * !(($2) <= $ac_mid)]; test_array [0] = 0; @@ -2488,9 +2477,10 @@ return 0; } _ACEOF -if ac_fn_c_try_compile "$LINENO"; then : +if ac_fn_c_try_compile "$LINENO" +then : ac_hi=$ac_mid; break -else +else $as_nop as_fn_arith $ac_mid + 1 && ac_lo=$as_val if test $ac_lo -le $ac_mid; then ac_lo= ac_hi= @@ -2498,14 +2488,14 @@ fi as_fn_arith 2 '*' $ac_mid + 1 && ac_mid=$as_val fi -rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext +rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext done -else +else $as_nop cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ $4 int -main () +main (void) { static int test_array [1 - 2 * !(($2) < 0)]; test_array [0] = 0; @@ -2515,14 +2505,15 @@ return 0; } _ACEOF -if ac_fn_c_try_compile "$LINENO"; then : +if ac_fn_c_try_compile "$LINENO" +then : ac_hi=-1 ac_mid=-1 while :; do cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ $4 int -main () +main (void) { static int test_array [1 - 2 * !(($2) >= $ac_mid)]; test_array [0] = 0; @@ -2532,9 +2523,10 @@ return 0; } _ACEOF -if ac_fn_c_try_compile "$LINENO"; then : +if ac_fn_c_try_compile "$LINENO" +then : ac_lo=$ac_mid; break -else +else $as_nop as_fn_arith '(' $ac_mid ')' - 1 && ac_hi=$as_val if test $ac_mid -le $ac_hi; then ac_lo= ac_hi= @@ -2542,14 +2534,14 @@ fi as_fn_arith 2 '*' $ac_mid && ac_mid=$as_val fi -rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext +rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext done -else +else $as_nop ac_lo= ac_hi= fi -rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext +rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext fi -rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext +rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext # Binary search between lo and hi bounds. while test "x$ac_lo" != "x$ac_hi"; do as_fn_arith '(' $ac_hi - $ac_lo ')' / 2 + $ac_lo && ac_mid=$as_val @@ -2557,7 +2549,7 @@ /* end confdefs.h. */ $4 int -main () +main (void) { static int test_array [1 - 2 * !(($2) <= $ac_mid)]; test_array [0] = 0; @@ -2567,12 +2559,13 @@ return 0; } _ACEOF -if ac_fn_c_try_compile "$LINENO"; then : +if ac_fn_c_try_compile "$LINENO" +then : ac_hi=$ac_mid -else +else $as_nop as_fn_arith '(' $ac_mid ')' + 1 && ac_lo=$as_val fi -rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext +rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext done case $ac_lo in #(( ?*) eval "$3=\$ac_lo"; ac_retval=0 ;; @@ -2582,12 +2575,12 @@ cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ $4 -static long int longval () { return $2; } -static unsigned long int ulongval () { return $2; } +static long int longval (void) { return $2; } +static unsigned long int ulongval (void) { return $2; } #include #include int -main () +main (void) { FILE *f = fopen ("conftest.val", "w"); @@ -2615,9 +2608,10 @@ return 0; } _ACEOF -if ac_fn_c_try_run "$LINENO"; then : +if ac_fn_c_try_run "$LINENO" +then : echo >>conftest.val; read $3 config.log <<_ACEOF This file contains any messages produced by compilers while running configure, to aid debugging if configure makes a mistake. -It was created by sudo $as_me 1.9.5p2, which was -generated by GNU Autoconf 2.69. Invocation command line was +It was created by sudo $as_me 1.9.9, which was +generated by GNU Autoconf 2.71. Invocation command line was - $ $0 $@ + $ $0$ac_configure_args_raw _ACEOF exec 5>>config.log @@ -2669,8 +2683,12 @@ for as_dir in $PATH do IFS=$as_save_IFS - test -z "$as_dir" && as_dir=. - $as_echo "PATH: $as_dir" + case $as_dir in #((( + '') as_dir=./ ;; + */) ;; + *) as_dir=$as_dir/ ;; + esac + printf "%s\n" "PATH: $as_dir" done IFS=$as_save_IFS @@ -2705,7 +2723,7 @@ | -silent | --silent | --silen | --sile | --sil) continue ;; *\'*) - ac_arg=`$as_echo "$ac_arg" | sed "s/'/'\\\\\\\\''/g"` ;; + ac_arg=`printf "%s\n" "$ac_arg" | sed "s/'/'\\\\\\\\''/g"` ;; esac case $ac_pass in 1) as_fn_append ac_configure_args0 " '$ac_arg'" ;; @@ -2740,11 +2758,13 @@ # WARNING: Use '\'' to represent an apostrophe within the trap. # WARNING: Do not start the trap code with a newline, due to a FreeBSD 4.0 bug. trap 'exit_status=$? + # Sanitize IFS. + IFS=" "" $as_nl" # Save into config.log some information that might help in debugging. { echo - $as_echo "## ---------------- ## + printf "%s\n" "## ---------------- ## ## Cache variables. ## ## ---------------- ##" echo @@ -2755,8 +2775,8 @@ case $ac_val in #( *${as_nl}*) case $ac_var in #( - *_cv_*) { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: cache variable $ac_var contains a newline" >&5 -$as_echo "$as_me: WARNING: cache variable $ac_var contains a newline" >&2;} ;; + *_cv_*) { printf "%s\n" "$as_me:${as_lineno-$LINENO}: WARNING: cache variable $ac_var contains a newline" >&5 +printf "%s\n" "$as_me: WARNING: cache variable $ac_var contains a newline" >&2;} ;; esac case $ac_var in #( _ | IFS | as_nl) ;; #( @@ -2780,7 +2800,7 @@ ) echo - $as_echo "## ----------------- ## + printf "%s\n" "## ----------------- ## ## Output variables. ## ## ----------------- ##" echo @@ -2788,14 +2808,14 @@ do eval ac_val=\$$ac_var case $ac_val in - *\'\''*) ac_val=`$as_echo "$ac_val" | sed "s/'\''/'\''\\\\\\\\'\'''\''/g"`;; + *\'\''*) ac_val=`printf "%s\n" "$ac_val" | sed "s/'\''/'\''\\\\\\\\'\'''\''/g"`;; esac - $as_echo "$ac_var='\''$ac_val'\''" + printf "%s\n" "$ac_var='\''$ac_val'\''" done | sort echo if test -n "$ac_subst_files"; then - $as_echo "## ------------------- ## + printf "%s\n" "## ------------------- ## ## File substitutions. ## ## ------------------- ##" echo @@ -2803,15 +2823,15 @@ do eval ac_val=\$$ac_var case $ac_val in - *\'\''*) ac_val=`$as_echo "$ac_val" | sed "s/'\''/'\''\\\\\\\\'\'''\''/g"`;; + *\'\''*) ac_val=`printf "%s\n" "$ac_val" | sed "s/'\''/'\''\\\\\\\\'\'''\''/g"`;; esac - $as_echo "$ac_var='\''$ac_val'\''" + printf "%s\n" "$ac_var='\''$ac_val'\''" done | sort echo fi if test -s confdefs.h; then - $as_echo "## ----------- ## + printf "%s\n" "## ----------- ## ## confdefs.h. ## ## ----------- ##" echo @@ -2819,8 +2839,8 @@ echo fi test "$ac_signal" != 0 && - $as_echo "$as_me: caught signal $ac_signal" - $as_echo "$as_me: exit $exit_status" + printf "%s\n" "$as_me: caught signal $ac_signal" + printf "%s\n" "$as_me: exit $exit_status" } >&5 rm -f core *.core core.conftest.* && rm -f -r conftest* confdefs* conf$$* $ac_clean_files && @@ -2834,63 +2854,48 @@ # confdefs.h avoids OS command line length limits that DEFS can exceed. rm -f -r conftest* confdefs.h -$as_echo "/* confdefs.h */" > confdefs.h +printf "%s\n" "/* confdefs.h */" > confdefs.h # Predefined preprocessor variables. -cat >>confdefs.h <<_ACEOF -#define PACKAGE_NAME "$PACKAGE_NAME" -_ACEOF +printf "%s\n" "#define PACKAGE_NAME \"$PACKAGE_NAME\"" >>confdefs.h -cat >>confdefs.h <<_ACEOF -#define PACKAGE_TARNAME "$PACKAGE_TARNAME" -_ACEOF +printf "%s\n" "#define PACKAGE_TARNAME \"$PACKAGE_TARNAME\"" >>confdefs.h -cat >>confdefs.h <<_ACEOF -#define PACKAGE_VERSION "$PACKAGE_VERSION" -_ACEOF +printf "%s\n" "#define PACKAGE_VERSION \"$PACKAGE_VERSION\"" >>confdefs.h -cat >>confdefs.h <<_ACEOF -#define PACKAGE_STRING "$PACKAGE_STRING" -_ACEOF +printf "%s\n" "#define PACKAGE_STRING \"$PACKAGE_STRING\"" >>confdefs.h -cat >>confdefs.h <<_ACEOF -#define PACKAGE_BUGREPORT "$PACKAGE_BUGREPORT" -_ACEOF +printf "%s\n" "#define PACKAGE_BUGREPORT \"$PACKAGE_BUGREPORT\"" >>confdefs.h -cat >>confdefs.h <<_ACEOF -#define PACKAGE_URL "$PACKAGE_URL" -_ACEOF +printf "%s\n" "#define PACKAGE_URL \"$PACKAGE_URL\"" >>confdefs.h # Let the site file select an alternate cache file if it wants to. # Prefer an explicitly selected file to automatically selected ones. -ac_site_file1=NONE -ac_site_file2=NONE if test -n "$CONFIG_SITE"; then - # We do not want a PATH search for config.site. - case $CONFIG_SITE in #(( - -*) ac_site_file1=./$CONFIG_SITE;; - */*) ac_site_file1=$CONFIG_SITE;; - *) ac_site_file1=./$CONFIG_SITE;; - esac + ac_site_files="$CONFIG_SITE" elif test "x$prefix" != xNONE; then - ac_site_file1=$prefix/share/config.site - ac_site_file2=$prefix/etc/config.site + ac_site_files="$prefix/share/config.site $prefix/etc/config.site" else - ac_site_file1=$ac_default_prefix/share/config.site - ac_site_file2=$ac_default_prefix/etc/config.site + ac_site_files="$ac_default_prefix/share/config.site $ac_default_prefix/etc/config.site" fi -for ac_site_file in "$ac_site_file1" "$ac_site_file2" + +for ac_site_file in $ac_site_files do - test "x$ac_site_file" = xNONE && continue - if test /dev/null != "$ac_site_file" && test -r "$ac_site_file"; then - { $as_echo "$as_me:${as_lineno-$LINENO}: loading site script $ac_site_file" >&5 -$as_echo "$as_me: loading site script $ac_site_file" >&6;} + case $ac_site_file in #( + */*) : + ;; #( + *) : + ac_site_file=./$ac_site_file ;; +esac + if test -f "$ac_site_file" && test -r "$ac_site_file"; then + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: loading site script $ac_site_file" >&5 +printf "%s\n" "$as_me: loading site script $ac_site_file" >&6;} sed 's/^/| /' "$ac_site_file" >&5 . "$ac_site_file" \ - || { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5 -$as_echo "$as_me: error: in \`$ac_pwd':" >&2;} + || { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5 +printf "%s\n" "$as_me: error: in \`$ac_pwd':" >&2;} as_fn_error $? "failed to load site script $ac_site_file See \`config.log' for more details" "$LINENO" 5; } fi @@ -2900,39 +2905,456 @@ # Some versions of bash will fail to source /dev/null (special files # actually), so we avoid doing that. DJGPP emulates it as a regular file. if test /dev/null != "$cache_file" && test -f "$cache_file"; then - { $as_echo "$as_me:${as_lineno-$LINENO}: loading cache $cache_file" >&5 -$as_echo "$as_me: loading cache $cache_file" >&6;} + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: loading cache $cache_file" >&5 +printf "%s\n" "$as_me: loading cache $cache_file" >&6;} case $cache_file in [\\/]* | ?:[\\/]* ) . "$cache_file";; *) . "./$cache_file";; esac fi else - { $as_echo "$as_me:${as_lineno-$LINENO}: creating cache $cache_file" >&5 -$as_echo "$as_me: creating cache $cache_file" >&6;} + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: creating cache $cache_file" >&5 +printf "%s\n" "$as_me: creating cache $cache_file" >&6;} >$cache_file fi -as_fn_append ac_header_list " sys/types.h" -as_fn_append ac_header_list " netgroup.h" -as_fn_append ac_header_list " paths.h" -as_fn_append ac_header_list " spawn.h" -as_fn_append ac_header_list " wordexp.h" -as_fn_append ac_header_list " sys/sockio.h" -as_fn_append ac_header_list " sys/bsdtypes.h" -as_fn_append ac_header_list " sys/select.h" -as_fn_append ac_header_list " sys/stropts.h" -as_fn_append ac_header_list " sys/sysmacros.h" -as_fn_append ac_header_list " sys/syscall.h" -as_fn_append ac_header_list " sys/statvfs.h" -as_fn_append ac_func_list " fexecve" -as_fn_append ac_func_list " killpg" -as_fn_append ac_func_list " nl_langinfo" -as_fn_append ac_func_list " faccessat" -as_fn_append ac_func_list " wordexp" -as_fn_append ac_func_list " getauxval" -as_fn_append ac_func_list " fseeko" -as_fn_append ac_func_list " seteuid" +as_fn_append ac_header_c_list " stdio.h stdio_h HAVE_STDIO_H" +# Test code for whether the C compiler supports C89 (global declarations) +ac_c_conftest_c89_globals=' +/* Does the compiler advertise C89 conformance? + Do not test the value of __STDC__, because some compilers set it to 0 + while being otherwise adequately conformant. */ +#if !defined __STDC__ +# error "Compiler does not advertise C89 conformance" +#endif + +#include +#include +struct stat; +/* Most of the following tests are stolen from RCS 5.7 src/conf.sh. */ +struct buf { int x; }; +struct buf * (*rcsopen) (struct buf *, struct stat *, int); +static char *e (p, i) + char **p; + int i; +{ + return p[i]; +} +static char *f (char * (*g) (char **, int), char **p, ...) +{ + char *s; + va_list v; + va_start (v,p); + s = g (p, va_arg (v,int)); + va_end (v); + return s; +} + +/* OSF 4.0 Compaq cc is some sort of almost-ANSI by default. It has + function prototypes and stuff, but not \xHH hex character constants. + These do not provoke an error unfortunately, instead are silently treated + as an "x". The following induces an error, until -std is added to get + proper ANSI mode. Curiously \x00 != x always comes out true, for an + array size at least. It is necessary to write \x00 == 0 to get something + that is true only with -std. */ +int osf4_cc_array ['\''\x00'\'' == 0 ? 1 : -1]; + +/* IBM C 6 for AIX is almost-ANSI by default, but it replaces macro parameters + inside strings and character constants. */ +#define FOO(x) '\''x'\'' +int xlc6_cc_array[FOO(a) == '\''x'\'' ? 1 : -1]; + +int test (int i, double x); +struct s1 {int (*f) (int a);}; +struct s2 {int (*f) (double a);}; +int pairnames (int, char **, int *(*)(struct buf *, struct stat *, int), + int, int);' + +# Test code for whether the C compiler supports C89 (body of main). +ac_c_conftest_c89_main=' +ok |= (argc == 0 || f (e, argv, 0) != argv[0] || f (e, argv, 1) != argv[1]); +' + +# Test code for whether the C compiler supports C99 (global declarations) +ac_c_conftest_c99_globals=' +// Does the compiler advertise C99 conformance? +#if !defined __STDC_VERSION__ || __STDC_VERSION__ < 199901L +# error "Compiler does not advertise C99 conformance" +#endif + +#include +extern int puts (const char *); +extern int printf (const char *, ...); +extern int dprintf (int, const char *, ...); +extern void *malloc (size_t); + +// Check varargs macros. These examples are taken from C99 6.10.3.5. +// dprintf is used instead of fprintf to avoid needing to declare +// FILE and stderr. +#define debug(...) dprintf (2, __VA_ARGS__) +#define showlist(...) puts (#__VA_ARGS__) +#define report(test,...) ((test) ? puts (#test) : printf (__VA_ARGS__)) +static void +test_varargs_macros (void) +{ + int x = 1234; + int y = 5678; + debug ("Flag"); + debug ("X = %d\n", x); + showlist (The first, second, and third items.); + report (x>y, "x is %d but y is %d", x, y); +} + +// Check long long types. +#define BIG64 18446744073709551615ull +#define BIG32 4294967295ul +#define BIG_OK (BIG64 / BIG32 == 4294967297ull && BIG64 % BIG32 == 0) +#if !BIG_OK + #error "your preprocessor is broken" +#endif +#if BIG_OK +#else + #error "your preprocessor is broken" +#endif +static long long int bignum = -9223372036854775807LL; +static unsigned long long int ubignum = BIG64; + +struct incomplete_array +{ + int datasize; + double data[]; +}; + +struct named_init { + int number; + const wchar_t *name; + double average; +}; + +typedef const char *ccp; + +static inline int +test_restrict (ccp restrict text) +{ + // See if C++-style comments work. + // Iterate through items via the restricted pointer. + // Also check for declarations in for loops. + for (unsigned int i = 0; *(text+i) != '\''\0'\''; ++i) + continue; + return 0; +} + +// Check varargs and va_copy. +static bool +test_varargs (const char *format, ...) +{ + va_list args; + va_start (args, format); + va_list args_copy; + va_copy (args_copy, args); + + const char *str = ""; + int number = 0; + float fnumber = 0; + + while (*format) + { + switch (*format++) + { + case '\''s'\'': // string + str = va_arg (args_copy, const char *); + break; + case '\''d'\'': // int + number = va_arg (args_copy, int); + break; + case '\''f'\'': // float + fnumber = va_arg (args_copy, double); + break; + default: + break; + } + } + va_end (args_copy); + va_end (args); + + return *str && number && fnumber; +} +' + +# Test code for whether the C compiler supports C99 (body of main). +ac_c_conftest_c99_main=' + // Check bool. + _Bool success = false; + success |= (argc != 0); + + // Check restrict. + if (test_restrict ("String literal") == 0) + success = true; + char *restrict newvar = "Another string"; + + // Check varargs. + success &= test_varargs ("s, d'\'' f .", "string", 65, 34.234); + test_varargs_macros (); + + // Check flexible array members. + struct incomplete_array *ia = + malloc (sizeof (struct incomplete_array) + (sizeof (double) * 10)); + ia->datasize = 10; + for (int i = 0; i < ia->datasize; ++i) + ia->data[i] = i * 1.234; + + // Check named initializers. + struct named_init ni = { + .number = 34, + .name = L"Test wide string", + .average = 543.34343, + }; + + ni.number = 58; + + int dynamic_array[ni.number]; + dynamic_array[0] = argv[0][0]; + dynamic_array[ni.number - 1] = 543; + + // work around unused variable warnings + ok |= (!success || bignum == 0LL || ubignum == 0uLL || newvar[0] == '\''x'\'' + || dynamic_array[ni.number - 1] != 543); +' + +# Test code for whether the C compiler supports C11 (global declarations) +ac_c_conftest_c11_globals=' +// Does the compiler advertise C11 conformance? +#if !defined __STDC_VERSION__ || __STDC_VERSION__ < 201112L +# error "Compiler does not advertise C11 conformance" +#endif + +// Check _Alignas. +char _Alignas (double) aligned_as_double; +char _Alignas (0) no_special_alignment; +extern char aligned_as_int; +char _Alignas (0) _Alignas (int) aligned_as_int; + +// Check _Alignof. +enum +{ + int_alignment = _Alignof (int), + int_array_alignment = _Alignof (int[100]), + char_alignment = _Alignof (char) +}; +_Static_assert (0 < -_Alignof (int), "_Alignof is signed"); + +// Check _Noreturn. +int _Noreturn does_not_return (void) { for (;;) continue; } + +// Check _Static_assert. +struct test_static_assert +{ + int x; + _Static_assert (sizeof (int) <= sizeof (long int), + "_Static_assert does not work in struct"); + long int y; +}; + +// Check UTF-8 literals. +#define u8 syntax error! +char const utf8_literal[] = u8"happens to be ASCII" "another string"; + +// Check duplicate typedefs. +typedef long *long_ptr; +typedef long int *long_ptr; +typedef long_ptr long_ptr; + +// Anonymous structures and unions -- taken from C11 6.7.2.1 Example 1. +struct anonymous +{ + union { + struct { int i; int j; }; + struct { int k; long int l; } w; + }; + int m; +} v1; +' + +# Test code for whether the C compiler supports C11 (body of main). +ac_c_conftest_c11_main=' + _Static_assert ((offsetof (struct anonymous, i) + == offsetof (struct anonymous, w.k)), + "Anonymous union alignment botch"); + v1.i = 2; + v1.w.k = 5; + ok |= v1.i != 5; +' + +# Test code for whether the C compiler supports C11 (complete). +ac_c_conftest_c11_program="${ac_c_conftest_c89_globals} +${ac_c_conftest_c99_globals} +${ac_c_conftest_c11_globals} + +int +main (int argc, char **argv) +{ + int ok = 0; + ${ac_c_conftest_c89_main} + ${ac_c_conftest_c99_main} + ${ac_c_conftest_c11_main} + return ok; +} +" + +# Test code for whether the C compiler supports C99 (complete). +ac_c_conftest_c99_program="${ac_c_conftest_c89_globals} +${ac_c_conftest_c99_globals} + +int +main (int argc, char **argv) +{ + int ok = 0; + ${ac_c_conftest_c89_main} + ${ac_c_conftest_c99_main} + return ok; +} +" + +# Test code for whether the C compiler supports C89 (complete). +ac_c_conftest_c89_program="${ac_c_conftest_c89_globals} + +int +main (int argc, char **argv) +{ + int ok = 0; + ${ac_c_conftest_c89_main} + return ok; +} +" + +as_fn_append ac_header_c_list " stdlib.h stdlib_h HAVE_STDLIB_H" +as_fn_append ac_header_c_list " string.h string_h HAVE_STRING_H" +as_fn_append ac_header_c_list " inttypes.h inttypes_h HAVE_INTTYPES_H" +as_fn_append ac_header_c_list " stdint.h stdint_h HAVE_STDINT_H" +as_fn_append ac_header_c_list " strings.h strings_h HAVE_STRINGS_H" +as_fn_append ac_header_c_list " sys/stat.h sys_stat_h HAVE_SYS_STAT_H" +as_fn_append ac_header_c_list " sys/types.h sys_types_h HAVE_SYS_TYPES_H" +as_fn_append ac_header_c_list " unistd.h unistd_h HAVE_UNISTD_H" +as_fn_append ac_header_c_list " wchar.h wchar_h HAVE_WCHAR_H" +as_fn_append ac_header_c_list " minix/config.h minix_config_h HAVE_MINIX_CONFIG_H" +as_fn_append ac_header_c_list " netgroup.h netgroup_h HAVE_NETGROUP_H" +as_fn_append ac_header_c_list " paths.h paths_h HAVE_PATHS_H" +as_fn_append ac_header_c_list " spawn.h spawn_h HAVE_SPAWN_H" +as_fn_append ac_header_c_list " wordexp.h wordexp_h HAVE_WORDEXP_H" +as_fn_append ac_header_c_list " sys/sockio.h sys_sockio_h HAVE_SYS_SOCKIO_H" +as_fn_append ac_header_c_list " sys/bsdtypes.h sys_bsdtypes_h HAVE_SYS_BSDTYPES_H" +as_fn_append ac_header_c_list " sys/select.h sys_select_h HAVE_SYS_SELECT_H" +as_fn_append ac_header_c_list " sys/stropts.h sys_stropts_h HAVE_SYS_STROPTS_H" +as_fn_append ac_header_c_list " sys/sysmacros.h sys_sysmacros_h HAVE_SYS_SYSMACROS_H" +as_fn_append ac_header_c_list " sys/syscall.h sys_syscall_h HAVE_SYS_SYSCALL_H" +as_fn_append ac_header_c_list " sys/statvfs.h sys_statvfs_h HAVE_SYS_STATVFS_H" +as_fn_append ac_func_c_list " fexecve HAVE_FEXECVE" +as_fn_append ac_func_c_list " fmemopen HAVE_FMEMOPEN" +as_fn_append ac_func_c_list " killpg HAVE_KILLPG" +as_fn_append ac_func_c_list " nl_langinfo HAVE_NL_LANGINFO" +as_fn_append ac_func_c_list " faccessat HAVE_FACCESSAT" +as_fn_append ac_func_c_list " wordexp HAVE_WORDEXP" +as_fn_append ac_func_c_list " getauxval HAVE_GETAUXVAL" +as_fn_append ac_func_c_list " strtoull HAVE_STRTOULL" +as_fn_append ac_func_c_list " seteuid HAVE_SETEUID" + +# Auxiliary files required by this configure script. +ac_aux_files="ltmain.sh config.guess config.sub" + +# Locations in which to look for auxiliary files. +ac_aux_dir_candidates="${srcdir}/scripts" + +# Search for a directory containing all of the required auxiliary files, +# $ac_aux_files, from the $PATH-style list $ac_aux_dir_candidates. +# If we don't find one directory that contains all the files we need, +# we report the set of missing files from the *first* directory in +# $ac_aux_dir_candidates and give up. +ac_missing_aux_files="" +ac_first_candidate=: +printf "%s\n" "$as_me:${as_lineno-$LINENO}: looking for aux files: $ac_aux_files" >&5 +as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +as_found=false +for as_dir in $ac_aux_dir_candidates +do + IFS=$as_save_IFS + case $as_dir in #((( + '') as_dir=./ ;; + */) ;; + *) as_dir=$as_dir/ ;; + esac + as_found=: + + printf "%s\n" "$as_me:${as_lineno-$LINENO}: trying $as_dir" >&5 + ac_aux_dir_found=yes + ac_install_sh= + for ac_aux in $ac_aux_files + do + # As a special case, if "install-sh" is required, that requirement + # can be satisfied by any of "install-sh", "install.sh", or "shtool", + # and $ac_install_sh is set appropriately for whichever one is found. + if test x"$ac_aux" = x"install-sh" + then + if test -f "${as_dir}install-sh"; then + printf "%s\n" "$as_me:${as_lineno-$LINENO}: ${as_dir}install-sh found" >&5 + ac_install_sh="${as_dir}install-sh -c" + elif test -f "${as_dir}install.sh"; then + printf "%s\n" "$as_me:${as_lineno-$LINENO}: ${as_dir}install.sh found" >&5 + ac_install_sh="${as_dir}install.sh -c" + elif test -f "${as_dir}shtool"; then + printf "%s\n" "$as_me:${as_lineno-$LINENO}: ${as_dir}shtool found" >&5 + ac_install_sh="${as_dir}shtool install -c" + else + ac_aux_dir_found=no + if $ac_first_candidate; then + ac_missing_aux_files="${ac_missing_aux_files} install-sh" + else + break + fi + fi + else + if test -f "${as_dir}${ac_aux}"; then + printf "%s\n" "$as_me:${as_lineno-$LINENO}: ${as_dir}${ac_aux} found" >&5 + else + ac_aux_dir_found=no + if $ac_first_candidate; then + ac_missing_aux_files="${ac_missing_aux_files} ${ac_aux}" + else + break + fi + fi + fi + done + if test "$ac_aux_dir_found" = yes; then + ac_aux_dir="$as_dir" + break + fi + ac_first_candidate=false + + as_found=false +done +IFS=$as_save_IFS +if $as_found +then : + +else $as_nop + as_fn_error $? "cannot find required auxiliary files:$ac_missing_aux_files" "$LINENO" 5 +fi + + +# These three variables are undocumented and unsupported, +# and are intended to be withdrawn in a future Autoconf release. +# They can cause serious problems if a builder's source tree is in a directory +# whose full name contains unusual characters. +if test -f "${ac_aux_dir}config.guess"; then + ac_config_guess="$SHELL ${ac_aux_dir}config.guess" +fi +if test -f "${ac_aux_dir}config.sub"; then + ac_config_sub="$SHELL ${ac_aux_dir}config.sub" +fi +if test -f "$ac_aux_dir/configure"; then + ac_configure="$SHELL ${ac_aux_dir}configure" +fi + # Check that the precious variables saved in the cache have kept the same # value. ac_cache_corrupted=false @@ -2943,12 +3365,12 @@ eval ac_new_val=\$ac_env_${ac_var}_value case $ac_old_set,$ac_new_set in set,) - { $as_echo "$as_me:${as_lineno-$LINENO}: error: \`$ac_var' was set to \`$ac_old_val' in the previous run" >&5 -$as_echo "$as_me: error: \`$ac_var' was set to \`$ac_old_val' in the previous run" >&2;} + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: error: \`$ac_var' was set to \`$ac_old_val' in the previous run" >&5 +printf "%s\n" "$as_me: error: \`$ac_var' was set to \`$ac_old_val' in the previous run" >&2;} ac_cache_corrupted=: ;; ,set) - { $as_echo "$as_me:${as_lineno-$LINENO}: error: \`$ac_var' was not set in the previous run" >&5 -$as_echo "$as_me: error: \`$ac_var' was not set in the previous run" >&2;} + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: error: \`$ac_var' was not set in the previous run" >&5 +printf "%s\n" "$as_me: error: \`$ac_var' was not set in the previous run" >&2;} ac_cache_corrupted=: ;; ,);; *) @@ -2957,24 +3379,24 @@ ac_old_val_w=`echo x $ac_old_val` ac_new_val_w=`echo x $ac_new_val` if test "$ac_old_val_w" != "$ac_new_val_w"; then - { $as_echo "$as_me:${as_lineno-$LINENO}: error: \`$ac_var' has changed since the previous run:" >&5 -$as_echo "$as_me: error: \`$ac_var' has changed since the previous run:" >&2;} + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: error: \`$ac_var' has changed since the previous run:" >&5 +printf "%s\n" "$as_me: error: \`$ac_var' has changed since the previous run:" >&2;} ac_cache_corrupted=: else - { $as_echo "$as_me:${as_lineno-$LINENO}: warning: ignoring whitespace changes in \`$ac_var' since the previous run:" >&5 -$as_echo "$as_me: warning: ignoring whitespace changes in \`$ac_var' since the previous run:" >&2;} + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: warning: ignoring whitespace changes in \`$ac_var' since the previous run:" >&5 +printf "%s\n" "$as_me: warning: ignoring whitespace changes in \`$ac_var' since the previous run:" >&2;} eval $ac_var=\$ac_old_val fi - { $as_echo "$as_me:${as_lineno-$LINENO}: former value: \`$ac_old_val'" >&5 -$as_echo "$as_me: former value: \`$ac_old_val'" >&2;} - { $as_echo "$as_me:${as_lineno-$LINENO}: current value: \`$ac_new_val'" >&5 -$as_echo "$as_me: current value: \`$ac_new_val'" >&2;} + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: former value: \`$ac_old_val'" >&5 +printf "%s\n" "$as_me: former value: \`$ac_old_val'" >&2;} + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: current value: \`$ac_new_val'" >&5 +printf "%s\n" "$as_me: current value: \`$ac_new_val'" >&2;} fi;; esac # Pass precious variables to config.status. if test "$ac_new_set" = set; then case $ac_new_val in - *\'*) ac_arg=$ac_var=`$as_echo "$ac_new_val" | sed "s/'/'\\\\\\\\''/g"` ;; + *\'*) ac_arg=$ac_var=`printf "%s\n" "$ac_new_val" | sed "s/'/'\\\\\\\\''/g"` ;; *) ac_arg=$ac_var=$ac_new_val ;; esac case " $ac_configure_args " in @@ -2984,11 +3406,12 @@ fi done if $ac_cache_corrupted; then - { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5 -$as_echo "$as_me: error: in \`$ac_pwd':" >&2;} - { $as_echo "$as_me:${as_lineno-$LINENO}: error: changes in the environment can compromise the build" >&5 -$as_echo "$as_me: error: changes in the environment can compromise the build" >&2;} - as_fn_error $? "run \`make distclean' and/or \`rm $cache_file' and start over" "$LINENO" 5 + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5 +printf "%s\n" "$as_me: error: in \`$ac_pwd':" >&2;} + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: error: changes in the environment can compromise the build" >&5 +printf "%s\n" "$as_me: error: changes in the environment can compromise the build" >&2;} + as_fn_error $? "run \`${MAKE-make} distclean' and/or \`rm $cache_file' + and start over" "$LINENO" 5 fi ## -------------------- ## ## Main body of script. ## @@ -3004,8 +3427,16 @@ ac_config_headers="$ac_config_headers config.h pathnames.h" -{ $as_echo "$as_me:${as_lineno-$LINENO}: Configuring Sudo version $PACKAGE_VERSION" >&5 -$as_echo "$as_me: Configuring Sudo version $PACKAGE_VERSION" >&6;} + + + + + + + + + + @@ -3144,6 +3575,7 @@ iolog_dir=/var/log/sudo-io log_dir=/var/log logpath=/var/log/sudo.log +relay_dir=/var/log/sudo_logsrvd rundir=/var/run/sudo vardir=/var/adm/sudo timeout=5 @@ -3177,6 +3609,7 @@ ldap_conf=/etc/ldap.conf ldap_secret=/etc/ldap.secret netsvc_conf=/etc/netsvc.conf +intercept_file="$libexecdir/sudo/sudo_intercept.so" noexec_file="$libexecdir/sudo/sudo_noexec.so" sesh_file="$libexecdir/sudo/sesh" nsswitch_conf=/etc/nsswitch.conf @@ -3190,8 +3623,9 @@ # End initial values for man page substitution # INSTALL_BACKUP= +INSTALL_INTERCEPT= INSTALL_NOEXEC= -CHECK_NOEXEC= +PRELOAD_MODULE=-module exampledir='$(docdir)/examples' devdir='$(srcdir)' PROGS="sudo" @@ -3200,7 +3634,6 @@ : ${SUDOERS_MODE='0440'} : ${SUDOERS_UID='0'} : ${SUDOERS_GID='0'} -: ${PKG_CONFIG='pkg-config'} DEVEL= LDAP="#" BAMAN=0 @@ -3208,6 +3641,7 @@ PSMAN=0 SEMAN=0 LIBINTL= +LIBCRYPTO= LIBMD= LIBTLS= ZLIB= @@ -3227,6 +3661,9 @@ RC_LINK= COMPAT_EXP= SIGNAME= +FUZZ_ENGINE= +FUZZ_LD='$(CC)' +INTERCEPT_EXP= WEAK_ALIAS=no CHECKSHADOW=true shadow_funcs= @@ -3248,6 +3685,15 @@ + + + + + + + + + ac_ext=c ac_cpp='$CPP $CPPFLAGS' ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5' @@ -3256,11 +3702,12 @@ if test -n "$ac_tool_prefix"; then # Extract the first word of "${ac_tool_prefix}gcc", so it can be a program name with args. set dummy ${ac_tool_prefix}gcc; ac_word=$2 -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 -$as_echo_n "checking for $ac_word... " >&6; } -if ${ac_cv_prog_CC+:} false; then : - $as_echo_n "(cached) " >&6 -else +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 +printf %s "checking for $ac_word... " >&6; } +if test ${ac_cv_prog_CC+y} +then : + printf %s "(cached) " >&6 +else $as_nop if test -n "$CC"; then ac_cv_prog_CC="$CC" # Let the user override the test. else @@ -3268,11 +3715,15 @@ for as_dir in $PATH do IFS=$as_save_IFS - test -z "$as_dir" && as_dir=. + case $as_dir in #((( + '') as_dir=./ ;; + */) ;; + *) as_dir=$as_dir/ ;; + esac for ac_exec_ext in '' $ac_executable_extensions; do - if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then + if as_fn_executable_p "$as_dir$ac_word$ac_exec_ext"; then ac_cv_prog_CC="${ac_tool_prefix}gcc" - $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 + printf "%s\n" "$as_me:${as_lineno-$LINENO}: found $as_dir$ac_word$ac_exec_ext" >&5 break 2 fi done @@ -3283,11 +3734,11 @@ fi CC=$ac_cv_prog_CC if test -n "$CC"; then - { $as_echo "$as_me:${as_lineno-$LINENO}: result: $CC" >&5 -$as_echo "$CC" >&6; } + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $CC" >&5 +printf "%s\n" "$CC" >&6; } else - { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 -$as_echo "no" >&6; } + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5 +printf "%s\n" "no" >&6; } fi @@ -3296,11 +3747,12 @@ ac_ct_CC=$CC # Extract the first word of "gcc", so it can be a program name with args. set dummy gcc; ac_word=$2 -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 -$as_echo_n "checking for $ac_word... " >&6; } -if ${ac_cv_prog_ac_ct_CC+:} false; then : - $as_echo_n "(cached) " >&6 -else +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 +printf %s "checking for $ac_word... " >&6; } +if test ${ac_cv_prog_ac_ct_CC+y} +then : + printf %s "(cached) " >&6 +else $as_nop if test -n "$ac_ct_CC"; then ac_cv_prog_ac_ct_CC="$ac_ct_CC" # Let the user override the test. else @@ -3308,11 +3760,15 @@ for as_dir in $PATH do IFS=$as_save_IFS - test -z "$as_dir" && as_dir=. + case $as_dir in #((( + '') as_dir=./ ;; + */) ;; + *) as_dir=$as_dir/ ;; + esac for ac_exec_ext in '' $ac_executable_extensions; do - if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then + if as_fn_executable_p "$as_dir$ac_word$ac_exec_ext"; then ac_cv_prog_ac_ct_CC="gcc" - $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 + printf "%s\n" "$as_me:${as_lineno-$LINENO}: found $as_dir$ac_word$ac_exec_ext" >&5 break 2 fi done @@ -3323,11 +3779,11 @@ fi ac_ct_CC=$ac_cv_prog_ac_ct_CC if test -n "$ac_ct_CC"; then - { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_ct_CC" >&5 -$as_echo "$ac_ct_CC" >&6; } + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_ct_CC" >&5 +printf "%s\n" "$ac_ct_CC" >&6; } else - { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 -$as_echo "no" >&6; } + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5 +printf "%s\n" "no" >&6; } fi if test "x$ac_ct_CC" = x; then @@ -3335,8 +3791,8 @@ else case $cross_compiling:$ac_tool_warned in yes:) -{ $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5 -$as_echo "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;} +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5 +printf "%s\n" "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;} ac_tool_warned=yes ;; esac CC=$ac_ct_CC @@ -3349,11 +3805,12 @@ if test -n "$ac_tool_prefix"; then # Extract the first word of "${ac_tool_prefix}cc", so it can be a program name with args. set dummy ${ac_tool_prefix}cc; ac_word=$2 -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 -$as_echo_n "checking for $ac_word... " >&6; } -if ${ac_cv_prog_CC+:} false; then : - $as_echo_n "(cached) " >&6 -else +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 +printf %s "checking for $ac_word... " >&6; } +if test ${ac_cv_prog_CC+y} +then : + printf %s "(cached) " >&6 +else $as_nop if test -n "$CC"; then ac_cv_prog_CC="$CC" # Let the user override the test. else @@ -3361,11 +3818,15 @@ for as_dir in $PATH do IFS=$as_save_IFS - test -z "$as_dir" && as_dir=. + case $as_dir in #((( + '') as_dir=./ ;; + */) ;; + *) as_dir=$as_dir/ ;; + esac for ac_exec_ext in '' $ac_executable_extensions; do - if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then + if as_fn_executable_p "$as_dir$ac_word$ac_exec_ext"; then ac_cv_prog_CC="${ac_tool_prefix}cc" - $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 + printf "%s\n" "$as_me:${as_lineno-$LINENO}: found $as_dir$ac_word$ac_exec_ext" >&5 break 2 fi done @@ -3376,11 +3837,11 @@ fi CC=$ac_cv_prog_CC if test -n "$CC"; then - { $as_echo "$as_me:${as_lineno-$LINENO}: result: $CC" >&5 -$as_echo "$CC" >&6; } + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $CC" >&5 +printf "%s\n" "$CC" >&6; } else - { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 -$as_echo "no" >&6; } + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5 +printf "%s\n" "no" >&6; } fi @@ -3389,11 +3850,12 @@ if test -z "$CC"; then # Extract the first word of "cc", so it can be a program name with args. set dummy cc; ac_word=$2 -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 -$as_echo_n "checking for $ac_word... " >&6; } -if ${ac_cv_prog_CC+:} false; then : - $as_echo_n "(cached) " >&6 -else +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 +printf %s "checking for $ac_word... " >&6; } +if test ${ac_cv_prog_CC+y} +then : + printf %s "(cached) " >&6 +else $as_nop if test -n "$CC"; then ac_cv_prog_CC="$CC" # Let the user override the test. else @@ -3402,15 +3864,19 @@ for as_dir in $PATH do IFS=$as_save_IFS - test -z "$as_dir" && as_dir=. + case $as_dir in #((( + '') as_dir=./ ;; + */) ;; + *) as_dir=$as_dir/ ;; + esac for ac_exec_ext in '' $ac_executable_extensions; do - if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then - if test "$as_dir/$ac_word$ac_exec_ext" = "/usr/ucb/cc"; then + if as_fn_executable_p "$as_dir$ac_word$ac_exec_ext"; then + if test "$as_dir$ac_word$ac_exec_ext" = "/usr/ucb/cc"; then ac_prog_rejected=yes continue fi ac_cv_prog_CC="cc" - $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 + printf "%s\n" "$as_me:${as_lineno-$LINENO}: found $as_dir$ac_word$ac_exec_ext" >&5 break 2 fi done @@ -3426,18 +3892,18 @@ # However, it has the same basename, so the bogon will be chosen # first if we set CC to just the basename; use the full file name. shift - ac_cv_prog_CC="$as_dir/$ac_word${1+' '}$@" + ac_cv_prog_CC="$as_dir$ac_word${1+' '}$@" fi fi fi fi CC=$ac_cv_prog_CC if test -n "$CC"; then - { $as_echo "$as_me:${as_lineno-$LINENO}: result: $CC" >&5 -$as_echo "$CC" >&6; } + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $CC" >&5 +printf "%s\n" "$CC" >&6; } else - { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 -$as_echo "no" >&6; } + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5 +printf "%s\n" "no" >&6; } fi @@ -3448,11 +3914,12 @@ do # Extract the first word of "$ac_tool_prefix$ac_prog", so it can be a program name with args. set dummy $ac_tool_prefix$ac_prog; ac_word=$2 -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 -$as_echo_n "checking for $ac_word... " >&6; } -if ${ac_cv_prog_CC+:} false; then : - $as_echo_n "(cached) " >&6 -else +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 +printf %s "checking for $ac_word... " >&6; } +if test ${ac_cv_prog_CC+y} +then : + printf %s "(cached) " >&6 +else $as_nop if test -n "$CC"; then ac_cv_prog_CC="$CC" # Let the user override the test. else @@ -3460,11 +3927,15 @@ for as_dir in $PATH do IFS=$as_save_IFS - test -z "$as_dir" && as_dir=. + case $as_dir in #((( + '') as_dir=./ ;; + */) ;; + *) as_dir=$as_dir/ ;; + esac for ac_exec_ext in '' $ac_executable_extensions; do - if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then + if as_fn_executable_p "$as_dir$ac_word$ac_exec_ext"; then ac_cv_prog_CC="$ac_tool_prefix$ac_prog" - $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 + printf "%s\n" "$as_me:${as_lineno-$LINENO}: found $as_dir$ac_word$ac_exec_ext" >&5 break 2 fi done @@ -3475,11 +3946,11 @@ fi CC=$ac_cv_prog_CC if test -n "$CC"; then - { $as_echo "$as_me:${as_lineno-$LINENO}: result: $CC" >&5 -$as_echo "$CC" >&6; } + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $CC" >&5 +printf "%s\n" "$CC" >&6; } else - { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 -$as_echo "no" >&6; } + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5 +printf "%s\n" "no" >&6; } fi @@ -3492,11 +3963,12 @@ do # Extract the first word of "$ac_prog", so it can be a program name with args. set dummy $ac_prog; ac_word=$2 -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 -$as_echo_n "checking for $ac_word... " >&6; } -if ${ac_cv_prog_ac_ct_CC+:} false; then : - $as_echo_n "(cached) " >&6 -else +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 +printf %s "checking for $ac_word... " >&6; } +if test ${ac_cv_prog_ac_ct_CC+y} +then : + printf %s "(cached) " >&6 +else $as_nop if test -n "$ac_ct_CC"; then ac_cv_prog_ac_ct_CC="$ac_ct_CC" # Let the user override the test. else @@ -3504,11 +3976,15 @@ for as_dir in $PATH do IFS=$as_save_IFS - test -z "$as_dir" && as_dir=. + case $as_dir in #((( + '') as_dir=./ ;; + */) ;; + *) as_dir=$as_dir/ ;; + esac for ac_exec_ext in '' $ac_executable_extensions; do - if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then + if as_fn_executable_p "$as_dir$ac_word$ac_exec_ext"; then ac_cv_prog_ac_ct_CC="$ac_prog" - $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 + printf "%s\n" "$as_me:${as_lineno-$LINENO}: found $as_dir$ac_word$ac_exec_ext" >&5 break 2 fi done @@ -3519,11 +3995,11 @@ fi ac_ct_CC=$ac_cv_prog_ac_ct_CC if test -n "$ac_ct_CC"; then - { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_ct_CC" >&5 -$as_echo "$ac_ct_CC" >&6; } + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_ct_CC" >&5 +printf "%s\n" "$ac_ct_CC" >&6; } else - { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 -$as_echo "no" >&6; } + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5 +printf "%s\n" "no" >&6; } fi @@ -3535,8 +4011,8 @@ else case $cross_compiling:$ac_tool_warned in yes:) -{ $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5 -$as_echo "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;} +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5 +printf "%s\n" "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;} ac_tool_warned=yes ;; esac CC=$ac_ct_CC @@ -3544,25 +4020,129 @@ fi fi +if test -z "$CC"; then + if test -n "$ac_tool_prefix"; then + # Extract the first word of "${ac_tool_prefix}clang", so it can be a program name with args. +set dummy ${ac_tool_prefix}clang; ac_word=$2 +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 +printf %s "checking for $ac_word... " >&6; } +if test ${ac_cv_prog_CC+y} +then : + printf %s "(cached) " >&6 +else $as_nop + if test -n "$CC"; then + ac_cv_prog_CC="$CC" # Let the user override the test. +else +as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH +do + IFS=$as_save_IFS + case $as_dir in #((( + '') as_dir=./ ;; + */) ;; + *) as_dir=$as_dir/ ;; + esac + for ac_exec_ext in '' $ac_executable_extensions; do + if as_fn_executable_p "$as_dir$ac_word$ac_exec_ext"; then + ac_cv_prog_CC="${ac_tool_prefix}clang" + printf "%s\n" "$as_me:${as_lineno-$LINENO}: found $as_dir$ac_word$ac_exec_ext" >&5 + break 2 + fi +done + done +IFS=$as_save_IFS + +fi +fi +CC=$ac_cv_prog_CC +if test -n "$CC"; then + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $CC" >&5 +printf "%s\n" "$CC" >&6; } +else + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5 +printf "%s\n" "no" >&6; } +fi -test -z "$CC" && { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5 -$as_echo "$as_me: error: in \`$ac_pwd':" >&2;} +fi +if test -z "$ac_cv_prog_CC"; then + ac_ct_CC=$CC + # Extract the first word of "clang", so it can be a program name with args. +set dummy clang; ac_word=$2 +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 +printf %s "checking for $ac_word... " >&6; } +if test ${ac_cv_prog_ac_ct_CC+y} +then : + printf %s "(cached) " >&6 +else $as_nop + if test -n "$ac_ct_CC"; then + ac_cv_prog_ac_ct_CC="$ac_ct_CC" # Let the user override the test. +else +as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH +do + IFS=$as_save_IFS + case $as_dir in #((( + '') as_dir=./ ;; + */) ;; + *) as_dir=$as_dir/ ;; + esac + for ac_exec_ext in '' $ac_executable_extensions; do + if as_fn_executable_p "$as_dir$ac_word$ac_exec_ext"; then + ac_cv_prog_ac_ct_CC="clang" + printf "%s\n" "$as_me:${as_lineno-$LINENO}: found $as_dir$ac_word$ac_exec_ext" >&5 + break 2 + fi +done + done +IFS=$as_save_IFS + +fi +fi +ac_ct_CC=$ac_cv_prog_ac_ct_CC +if test -n "$ac_ct_CC"; then + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_ct_CC" >&5 +printf "%s\n" "$ac_ct_CC" >&6; } +else + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5 +printf "%s\n" "no" >&6; } +fi + + if test "x$ac_ct_CC" = x; then + CC="" + else + case $cross_compiling:$ac_tool_warned in +yes:) +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5 +printf "%s\n" "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;} +ac_tool_warned=yes ;; +esac + CC=$ac_ct_CC + fi +else + CC="$ac_cv_prog_CC" +fi + +fi + + +test -z "$CC" && { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5 +printf "%s\n" "$as_me: error: in \`$ac_pwd':" >&2;} as_fn_error $? "no acceptable C compiler found in \$PATH See \`config.log' for more details" "$LINENO" 5; } # Provide some information about the compiler. -$as_echo "$as_me:${as_lineno-$LINENO}: checking for C compiler version" >&5 +printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for C compiler version" >&5 set X $ac_compile ac_compiler=$2 -for ac_option in --version -v -V -qversion; do +for ac_option in --version -v -V -qversion -version; do { { ac_try="$ac_compiler $ac_option >&5" case "(($ac_try" in *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; *) ac_try_echo=$ac_try;; esac eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\"" -$as_echo "$ac_try_echo"; } >&5 +printf "%s\n" "$ac_try_echo"; } >&5 (eval "$ac_compiler $ac_option >&5") 2>conftest.err ac_status=$? if test -s conftest.err; then @@ -3572,7 +4152,7 @@ cat conftest.er1 >&5 fi rm -f conftest.er1 conftest.err - $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 test $ac_status = 0; } done @@ -3580,7 +4160,7 @@ /* end confdefs.h. */ int -main () +main (void) { ; @@ -3592,9 +4172,9 @@ # Try to create an executable without -o first, disregard a.out. # It will help us diagnose broken compilers, and finding out an intuition # of exeext. -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether the C compiler works" >&5 -$as_echo_n "checking whether the C compiler works... " >&6; } -ac_link_default=`$as_echo "$ac_link" | sed 's/ -o *conftest[^ ]*//'` +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking whether the C compiler works" >&5 +printf %s "checking whether the C compiler works... " >&6; } +ac_link_default=`printf "%s\n" "$ac_link" | sed 's/ -o *conftest[^ ]*//'` # The possible output files: ac_files="a.out conftest.exe conftest a.exe a_out.exe b.out conftest.*" @@ -3615,11 +4195,12 @@ *) ac_try_echo=$ac_try;; esac eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\"" -$as_echo "$ac_try_echo"; } >&5 +printf "%s\n" "$ac_try_echo"; } >&5 (eval "$ac_link_default") 2>&5 ac_status=$? - $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 - test $ac_status = 0; }; then : + printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + test $ac_status = 0; } +then : # Autoconf-2.13 could set the ac_cv_exeext variable to `no'. # So ignore a value of `no', otherwise this would lead to `EXEEXT = no' # in a Makefile. We should not override ac_cv_exeext if it was cached, @@ -3636,7 +4217,7 @@ # certainly right. break;; *.* ) - if test "${ac_cv_exeext+set}" = set && test "$ac_cv_exeext" != no; + if test ${ac_cv_exeext+y} && test "$ac_cv_exeext" != no; then :; else ac_cv_exeext=`expr "$ac_file" : '[^.]*\(\..*\)'` fi @@ -3652,44 +4233,46 @@ done test "$ac_cv_exeext" = no && ac_cv_exeext= -else +else $as_nop ac_file='' fi -if test -z "$ac_file"; then : - { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 -$as_echo "no" >&6; } -$as_echo "$as_me: failed program was:" >&5 +if test -z "$ac_file" +then : + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5 +printf "%s\n" "no" >&6; } +printf "%s\n" "$as_me: failed program was:" >&5 sed 's/^/| /' conftest.$ac_ext >&5 -{ { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5 -$as_echo "$as_me: error: in \`$ac_pwd':" >&2;} +{ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5 +printf "%s\n" "$as_me: error: in \`$ac_pwd':" >&2;} as_fn_error 77 "C compiler cannot create executables See \`config.log' for more details" "$LINENO" 5; } -else - { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 -$as_echo "yes" >&6; } -fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for C compiler default output file name" >&5 -$as_echo_n "checking for C compiler default output file name... " >&6; } -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_file" >&5 -$as_echo "$ac_file" >&6; } +else $as_nop + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: yes" >&5 +printf "%s\n" "yes" >&6; } +fi +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for C compiler default output file name" >&5 +printf %s "checking for C compiler default output file name... " >&6; } +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_file" >&5 +printf "%s\n" "$ac_file" >&6; } ac_exeext=$ac_cv_exeext rm -f -r a.out a.out.dSYM a.exe conftest$ac_cv_exeext b.out ac_clean_files=$ac_clean_files_save -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for suffix of executables" >&5 -$as_echo_n "checking for suffix of executables... " >&6; } +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for suffix of executables" >&5 +printf %s "checking for suffix of executables... " >&6; } if { { ac_try="$ac_link" case "(($ac_try" in *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; *) ac_try_echo=$ac_try;; esac eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\"" -$as_echo "$ac_try_echo"; } >&5 +printf "%s\n" "$ac_try_echo"; } >&5 (eval "$ac_link") 2>&5 ac_status=$? - $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 - test $ac_status = 0; }; then : + printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + test $ac_status = 0; } +then : # If both `conftest.exe' and `conftest' are `present' (well, observable) # catch `conftest.exe'. For instance with Cygwin, `ls conftest' will # work properly (i.e., refer to `conftest.exe'), while it won't with @@ -3703,15 +4286,15 @@ * ) break;; esac done -else - { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5 -$as_echo "$as_me: error: in \`$ac_pwd':" >&2;} +else $as_nop + { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5 +printf "%s\n" "$as_me: error: in \`$ac_pwd':" >&2;} as_fn_error $? "cannot compute suffix of executables: cannot compile and link See \`config.log' for more details" "$LINENO" 5; } fi rm -f conftest conftest$ac_cv_exeext -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_exeext" >&5 -$as_echo "$ac_cv_exeext" >&6; } +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_exeext" >&5 +printf "%s\n" "$ac_cv_exeext" >&6; } rm -f conftest.$ac_ext EXEEXT=$ac_cv_exeext @@ -3720,7 +4303,7 @@ /* end confdefs.h. */ #include int -main () +main (void) { FILE *f = fopen ("conftest.out", "w"); return ferror (f) || fclose (f) != 0; @@ -3732,8 +4315,8 @@ ac_clean_files="$ac_clean_files conftest.out" # Check that the compiler produces executables we can run. If not, either # the compiler is broken, or we cross compile. -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether we are cross compiling" >&5 -$as_echo_n "checking whether we are cross compiling... " >&6; } +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking whether we are cross compiling" >&5 +printf %s "checking whether we are cross compiling... " >&6; } if test "$cross_compiling" != yes; then { { ac_try="$ac_link" case "(($ac_try" in @@ -3741,10 +4324,10 @@ *) ac_try_echo=$ac_try;; esac eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\"" -$as_echo "$ac_try_echo"; } >&5 +printf "%s\n" "$ac_try_echo"; } >&5 (eval "$ac_link") 2>&5 ac_status=$? - $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 test $ac_status = 0; } if { ac_try='./conftest$ac_cv_exeext' { { case "(($ac_try" in @@ -3752,39 +4335,40 @@ *) ac_try_echo=$ac_try;; esac eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\"" -$as_echo "$ac_try_echo"; } >&5 +printf "%s\n" "$ac_try_echo"; } >&5 (eval "$ac_try") 2>&5 ac_status=$? - $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 test $ac_status = 0; }; }; then cross_compiling=no else if test "$cross_compiling" = maybe; then cross_compiling=yes else - { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5 -$as_echo "$as_me: error: in \`$ac_pwd':" >&2;} -as_fn_error $? "cannot run C compiled programs. + { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5 +printf "%s\n" "$as_me: error: in \`$ac_pwd':" >&2;} +as_fn_error 77 "cannot run C compiled programs. If you meant to cross compile, use \`--host'. See \`config.log' for more details" "$LINENO" 5; } fi fi fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $cross_compiling" >&5 -$as_echo "$cross_compiling" >&6; } +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $cross_compiling" >&5 +printf "%s\n" "$cross_compiling" >&6; } rm -f conftest.$ac_ext conftest$ac_cv_exeext conftest.out ac_clean_files=$ac_clean_files_save -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for suffix of object files" >&5 -$as_echo_n "checking for suffix of object files... " >&6; } -if ${ac_cv_objext+:} false; then : - $as_echo_n "(cached) " >&6 -else +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for suffix of object files" >&5 +printf %s "checking for suffix of object files... " >&6; } +if test ${ac_cv_objext+y} +then : + printf %s "(cached) " >&6 +else $as_nop cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ int -main () +main (void) { ; @@ -3798,11 +4382,12 @@ *) ac_try_echo=$ac_try;; esac eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\"" -$as_echo "$ac_try_echo"; } >&5 +printf "%s\n" "$ac_try_echo"; } >&5 (eval "$ac_compile") 2>&5 ac_status=$? - $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 - test $ac_status = 0; }; then : + printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + test $ac_status = 0; } +then : for ac_file in conftest.o conftest.obj conftest.*; do test -f "$ac_file" || continue; case $ac_file in @@ -3811,31 +4396,32 @@ break;; esac done -else - $as_echo "$as_me: failed program was:" >&5 +else $as_nop + printf "%s\n" "$as_me: failed program was:" >&5 sed 's/^/| /' conftest.$ac_ext >&5 -{ { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5 -$as_echo "$as_me: error: in \`$ac_pwd':" >&2;} +{ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5 +printf "%s\n" "$as_me: error: in \`$ac_pwd':" >&2;} as_fn_error $? "cannot compute suffix of object files: cannot compile See \`config.log' for more details" "$LINENO" 5; } fi rm -f conftest.$ac_cv_objext conftest.$ac_ext fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_objext" >&5 -$as_echo "$ac_cv_objext" >&6; } +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_objext" >&5 +printf "%s\n" "$ac_cv_objext" >&6; } OBJEXT=$ac_cv_objext ac_objext=$OBJEXT -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether we are using the GNU C compiler" >&5 -$as_echo_n "checking whether we are using the GNU C compiler... " >&6; } -if ${ac_cv_c_compiler_gnu+:} false; then : - $as_echo_n "(cached) " >&6 -else +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking whether the compiler supports GNU C" >&5 +printf %s "checking whether the compiler supports GNU C... " >&6; } +if test ${ac_cv_c_compiler_gnu+y} +then : + printf %s "(cached) " >&6 +else $as_nop cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ int -main () +main (void) { #ifndef __GNUC__ choke me @@ -3845,29 +4431,33 @@ return 0; } _ACEOF -if ac_fn_c_try_compile "$LINENO"; then : +if ac_fn_c_try_compile "$LINENO" +then : ac_compiler_gnu=yes -else +else $as_nop ac_compiler_gnu=no fi -rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext +rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext ac_cv_c_compiler_gnu=$ac_compiler_gnu fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_c_compiler_gnu" >&5 -$as_echo "$ac_cv_c_compiler_gnu" >&6; } +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_c_compiler_gnu" >&5 +printf "%s\n" "$ac_cv_c_compiler_gnu" >&6; } +ac_compiler_gnu=$ac_cv_c_compiler_gnu + if test $ac_compiler_gnu = yes; then GCC=yes else GCC= fi -ac_test_CFLAGS=${CFLAGS+set} +ac_test_CFLAGS=${CFLAGS+y} ac_save_CFLAGS=$CFLAGS -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether $CC accepts -g" >&5 -$as_echo_n "checking whether $CC accepts -g... " >&6; } -if ${ac_cv_prog_cc_g+:} false; then : - $as_echo_n "(cached) " >&6 -else +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking whether $CC accepts -g" >&5 +printf %s "checking whether $CC accepts -g... " >&6; } +if test ${ac_cv_prog_cc_g+y} +then : + printf %s "(cached) " >&6 +else $as_nop ac_save_c_werror_flag=$ac_c_werror_flag ac_c_werror_flag=yes ac_cv_prog_cc_g=no @@ -3876,57 +4466,60 @@ /* end confdefs.h. */ int -main () +main (void) { ; return 0; } _ACEOF -if ac_fn_c_try_compile "$LINENO"; then : +if ac_fn_c_try_compile "$LINENO" +then : ac_cv_prog_cc_g=yes -else +else $as_nop CFLAGS="" cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ int -main () +main (void) { ; return 0; } _ACEOF -if ac_fn_c_try_compile "$LINENO"; then : +if ac_fn_c_try_compile "$LINENO" +then : -else +else $as_nop ac_c_werror_flag=$ac_save_c_werror_flag CFLAGS="-g" cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ int -main () +main (void) { ; return 0; } _ACEOF -if ac_fn_c_try_compile "$LINENO"; then : +if ac_fn_c_try_compile "$LINENO" +then : ac_cv_prog_cc_g=yes fi -rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext +rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext fi -rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext +rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext fi -rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext +rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext ac_c_werror_flag=$ac_save_c_werror_flag fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_prog_cc_g" >&5 -$as_echo "$ac_cv_prog_cc_g" >&6; } -if test "$ac_test_CFLAGS" = set; then +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_prog_cc_g" >&5 +printf "%s\n" "$ac_cv_prog_cc_g" >&6; } +if test $ac_test_CFLAGS; then CFLAGS=$ac_save_CFLAGS elif test $ac_cv_prog_cc_g = yes; then if test "$GCC" = yes; then @@ -3941,232 +4534,144 @@ CFLAGS= fi fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $CC option to accept ISO C89" >&5 -$as_echo_n "checking for $CC option to accept ISO C89... " >&6; } -if ${ac_cv_prog_cc_c89+:} false; then : - $as_echo_n "(cached) " >&6 -else - ac_cv_prog_cc_c89=no +ac_prog_cc_stdc=no +if test x$ac_prog_cc_stdc = xno +then : + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $CC option to enable C11 features" >&5 +printf %s "checking for $CC option to enable C11 features... " >&6; } +if test ${ac_cv_prog_cc_c11+y} +then : + printf %s "(cached) " >&6 +else $as_nop + ac_cv_prog_cc_c11=no ac_save_CC=$CC cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ -#include -#include -struct stat; -/* Most of the following tests are stolen from RCS 5.7's src/conf.sh. */ -struct buf { int x; }; -FILE * (*rcsopen) (struct buf *, struct stat *, int); -static char *e (p, i) - char **p; - int i; -{ - return p[i]; -} -static char *f (char * (*g) (char **, int), char **p, ...) -{ - char *s; - va_list v; - va_start (v,p); - s = g (p, va_arg (v,int)); - va_end (v); - return s; -} - -/* OSF 4.0 Compaq cc is some sort of almost-ANSI by default. It has - function prototypes and stuff, but not '\xHH' hex character constants. - These don't provoke an error unfortunately, instead are silently treated - as 'x'. The following induces an error, until -std is added to get - proper ANSI mode. Curiously '\x00'!='x' always comes out true, for an - array size at least. It's necessary to write '\x00'==0 to get something - that's true only with -std. */ -int osf4_cc_array ['\x00' == 0 ? 1 : -1]; - -/* IBM C 6 for AIX is almost-ANSI by default, but it replaces macro parameters - inside strings and character constants. */ -#define FOO(x) 'x' -int xlc6_cc_array[FOO(a) == 'x' ? 1 : -1]; - -int test (int i, double x); -struct s1 {int (*f) (int a);}; -struct s2 {int (*f) (double a);}; -int pairnames (int, char **, FILE *(*)(struct buf *, struct stat *, int), int, int); -int argc; -char **argv; -int -main () -{ -return f (e, argv, 0) != argv[0] || f (e, argv, 1) != argv[1]; - ; - return 0; -} +$ac_c_conftest_c11_program _ACEOF -for ac_arg in '' -qlanglvl=extc89 -qlanglvl=ansi -std \ - -Ae "-Aa -D_HPUX_SOURCE" "-Xc -D__EXTENSIONS__" +for ac_arg in '' -std=gnu11 do CC="$ac_save_CC $ac_arg" - if ac_fn_c_try_compile "$LINENO"; then : - ac_cv_prog_cc_c89=$ac_arg + if ac_fn_c_try_compile "$LINENO" +then : + ac_cv_prog_cc_c11=$ac_arg fi -rm -f core conftest.err conftest.$ac_objext - test "x$ac_cv_prog_cc_c89" != "xno" && break +rm -f core conftest.err conftest.$ac_objext conftest.beam + test "x$ac_cv_prog_cc_c11" != "xno" && break done rm -f conftest.$ac_ext CC=$ac_save_CC - fi -# AC_CACHE_VAL -case "x$ac_cv_prog_cc_c89" in - x) - { $as_echo "$as_me:${as_lineno-$LINENO}: result: none needed" >&5 -$as_echo "none needed" >&6; } ;; - xno) - { $as_echo "$as_me:${as_lineno-$LINENO}: result: unsupported" >&5 -$as_echo "unsupported" >&6; } ;; - *) - CC="$CC $ac_cv_prog_cc_c89" - { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_prog_cc_c89" >&5 -$as_echo "$ac_cv_prog_cc_c89" >&6; } ;; -esac -if test "x$ac_cv_prog_cc_c89" != xno; then : -fi - -ac_ext=c -ac_cpp='$CPP $CPPFLAGS' -ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5' -ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5' -ac_compiler_gnu=$ac_cv_c_compiler_gnu - - -ac_ext=c -ac_cpp='$CPP $CPPFLAGS' -ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5' -ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5' -ac_compiler_gnu=$ac_cv_c_compiler_gnu -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking how to run the C preprocessor" >&5 -$as_echo_n "checking how to run the C preprocessor... " >&6; } -# On Suns, sometimes $CPP names a directory. -if test -n "$CPP" && test -d "$CPP"; then - CPP= -fi -if test -z "$CPP"; then - if ${ac_cv_prog_CPP+:} false; then : - $as_echo_n "(cached) " >&6 -else - # Double quotes because CPP needs to be expanded - for CPP in "$CC -E" "$CC -E -traditional-cpp" "/lib/cpp" - do - ac_preproc_ok=false -for ac_c_preproc_warn_flag in '' yes -do - # Use a header file that comes with gcc, so configuring glibc - # with a fresh cross-compiler works. - # Prefer to if __STDC__ is defined, since - # exists even on freestanding compilers. - # On the NeXT, cc -E runs the code through the compiler's parser, - # not just through cpp. "Syntax error" is here to catch this case. - cat confdefs.h - <<_ACEOF >conftest.$ac_ext -/* end confdefs.h. */ -#ifdef __STDC__ -# include -#else -# include -#endif - Syntax error -_ACEOF -if ac_fn_c_try_cpp "$LINENO"; then : - -else - # Broken: fails on valid input. -continue -fi -rm -f conftest.err conftest.i conftest.$ac_ext - - # OK, works on sane cases. Now check whether nonexistent headers - # can be detected and how. - cat confdefs.h - <<_ACEOF >conftest.$ac_ext +if test "x$ac_cv_prog_cc_c11" = xno +then : + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: unsupported" >&5 +printf "%s\n" "unsupported" >&6; } +else $as_nop + if test "x$ac_cv_prog_cc_c11" = x +then : + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: none needed" >&5 +printf "%s\n" "none needed" >&6; } +else $as_nop + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_prog_cc_c11" >&5 +printf "%s\n" "$ac_cv_prog_cc_c11" >&6; } + CC="$CC $ac_cv_prog_cc_c11" +fi + ac_cv_prog_cc_stdc=$ac_cv_prog_cc_c11 + ac_prog_cc_stdc=c11 +fi +fi +if test x$ac_prog_cc_stdc = xno +then : + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $CC option to enable C99 features" >&5 +printf %s "checking for $CC option to enable C99 features... " >&6; } +if test ${ac_cv_prog_cc_c99+y} +then : + printf %s "(cached) " >&6 +else $as_nop + ac_cv_prog_cc_c99=no +ac_save_CC=$CC +cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ -#include +$ac_c_conftest_c99_program _ACEOF -if ac_fn_c_try_cpp "$LINENO"; then : - # Broken: success on invalid input. -continue -else - # Passes both tests. -ac_preproc_ok=: -break +for ac_arg in '' -std=gnu99 -std=c99 -c99 -qlanglvl=extc1x -qlanglvl=extc99 -AC99 -D_STDC_C99= +do + CC="$ac_save_CC $ac_arg" + if ac_fn_c_try_compile "$LINENO" +then : + ac_cv_prog_cc_c99=$ac_arg fi -rm -f conftest.err conftest.i conftest.$ac_ext - +rm -f core conftest.err conftest.$ac_objext conftest.beam + test "x$ac_cv_prog_cc_c99" != "xno" && break done -# Because of `break', _AC_PREPROC_IFELSE's cleaning code was skipped. -rm -f conftest.i conftest.err conftest.$ac_ext -if $ac_preproc_ok; then : - break +rm -f conftest.$ac_ext +CC=$ac_save_CC fi - done - ac_cv_prog_CPP=$CPP - +if test "x$ac_cv_prog_cc_c99" = xno +then : + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: unsupported" >&5 +printf "%s\n" "unsupported" >&6; } +else $as_nop + if test "x$ac_cv_prog_cc_c99" = x +then : + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: none needed" >&5 +printf "%s\n" "none needed" >&6; } +else $as_nop + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_prog_cc_c99" >&5 +printf "%s\n" "$ac_cv_prog_cc_c99" >&6; } + CC="$CC $ac_cv_prog_cc_c99" fi - CPP=$ac_cv_prog_CPP -else - ac_cv_prog_CPP=$CPP + ac_cv_prog_cc_stdc=$ac_cv_prog_cc_c99 + ac_prog_cc_stdc=c99 fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $CPP" >&5 -$as_echo "$CPP" >&6; } -ac_preproc_ok=false -for ac_c_preproc_warn_flag in '' yes -do - # Use a header file that comes with gcc, so configuring glibc - # with a fresh cross-compiler works. - # Prefer to if __STDC__ is defined, since - # exists even on freestanding compilers. - # On the NeXT, cc -E runs the code through the compiler's parser, - # not just through cpp. "Syntax error" is here to catch this case. - cat confdefs.h - <<_ACEOF >conftest.$ac_ext -/* end confdefs.h. */ -#ifdef __STDC__ -# include -#else -# include -#endif - Syntax error -_ACEOF -if ac_fn_c_try_cpp "$LINENO"; then : - -else - # Broken: fails on valid input. -continue fi -rm -f conftest.err conftest.i conftest.$ac_ext - - # OK, works on sane cases. Now check whether nonexistent headers - # can be detected and how. - cat confdefs.h - <<_ACEOF >conftest.$ac_ext +if test x$ac_prog_cc_stdc = xno +then : + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $CC option to enable C89 features" >&5 +printf %s "checking for $CC option to enable C89 features... " >&6; } +if test ${ac_cv_prog_cc_c89+y} +then : + printf %s "(cached) " >&6 +else $as_nop + ac_cv_prog_cc_c89=no +ac_save_CC=$CC +cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ -#include +$ac_c_conftest_c89_program _ACEOF -if ac_fn_c_try_cpp "$LINENO"; then : - # Broken: success on invalid input. -continue -else - # Passes both tests. -ac_preproc_ok=: -break +for ac_arg in '' -qlanglvl=extc89 -qlanglvl=ansi -std -Ae "-Aa -D_HPUX_SOURCE" "-Xc -D__EXTENSIONS__" +do + CC="$ac_save_CC $ac_arg" + if ac_fn_c_try_compile "$LINENO" +then : + ac_cv_prog_cc_c89=$ac_arg fi -rm -f conftest.err conftest.i conftest.$ac_ext - +rm -f core conftest.err conftest.$ac_objext conftest.beam + test "x$ac_cv_prog_cc_c89" != "xno" && break done -# Because of `break', _AC_PREPROC_IFELSE's cleaning code was skipped. -rm -f conftest.i conftest.err conftest.$ac_ext -if $ac_preproc_ok; then : +rm -f conftest.$ac_ext +CC=$ac_save_CC +fi -else - { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5 -$as_echo "$as_me: error: in \`$ac_pwd':" >&2;} -as_fn_error $? "C preprocessor \"$CPP\" fails sanity check -See \`config.log' for more details" "$LINENO" 5; } +if test "x$ac_cv_prog_cc_c89" = xno +then : + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: unsupported" >&5 +printf "%s\n" "unsupported" >&6; } +else $as_nop + if test "x$ac_cv_prog_cc_c89" = x +then : + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: none needed" >&5 +printf "%s\n" "none needed" >&6; } +else $as_nop + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_prog_cc_c89" >&5 +printf "%s\n" "$ac_cv_prog_cc_c89" >&6; } + CC="$CC $ac_cv_prog_cc_c89" +fi + ac_cv_prog_cc_stdc=$ac_cv_prog_cc_c89 + ac_prog_cc_stdc=c89 +fi fi ac_ext=c @@ -4176,325 +4681,175 @@ ac_compiler_gnu=$ac_cv_c_compiler_gnu -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for grep that handles long lines and -e" >&5 -$as_echo_n "checking for grep that handles long lines and -e... " >&6; } -if ${ac_cv_path_GREP+:} false; then : - $as_echo_n "(cached) " >&6 -else - if test -z "$GREP"; then - ac_path_GREP_found=false - # Loop through the user's path and test for each of PROGNAME-LIST - as_save_IFS=$IFS; IFS=$PATH_SEPARATOR -for as_dir in $PATH$PATH_SEPARATOR/usr/xpg4/bin +ac_header= ac_cache= +for ac_item in $ac_header_c_list do - IFS=$as_save_IFS - test -z "$as_dir" && as_dir=. - for ac_prog in grep ggrep; do - for ac_exec_ext in '' $ac_executable_extensions; do - ac_path_GREP="$as_dir/$ac_prog$ac_exec_ext" - as_fn_executable_p "$ac_path_GREP" || continue -# Check for GNU ac_path_GREP and select it if it is found. - # Check for GNU $ac_path_GREP -case `"$ac_path_GREP" --version 2>&1` in -*GNU*) - ac_cv_path_GREP="$ac_path_GREP" ac_path_GREP_found=:;; -*) - ac_count=0 - $as_echo_n 0123456789 >"conftest.in" - while : - do - cat "conftest.in" "conftest.in" >"conftest.tmp" - mv "conftest.tmp" "conftest.in" - cp "conftest.in" "conftest.nl" - $as_echo 'GREP' >> "conftest.nl" - "$ac_path_GREP" -e 'GREP$' -e '-(cannot match)-' < "conftest.nl" >"conftest.out" 2>/dev/null || break - diff "conftest.out" "conftest.nl" >/dev/null 2>&1 || break - as_fn_arith $ac_count + 1 && ac_count=$as_val - if test $ac_count -gt ${ac_path_GREP_max-0}; then - # Best one so far, save it but keep looking for a better one - ac_cv_path_GREP="$ac_path_GREP" - ac_path_GREP_max=$ac_count - fi - # 10*(2^10) chars as input seems more than enough - test $ac_count -gt 10 && break - done - rm -f conftest.in conftest.tmp conftest.nl conftest.out;; -esac - - $ac_path_GREP_found && break 3 - done - done - done -IFS=$as_save_IFS - if test -z "$ac_cv_path_GREP"; then - as_fn_error $? "no acceptable grep could be found in $PATH$PATH_SEPARATOR/usr/xpg4/bin" "$LINENO" 5 + if test $ac_cache; then + ac_fn_c_check_header_compile "$LINENO" $ac_header ac_cv_header_$ac_cache "$ac_includes_default" + if eval test \"x\$ac_cv_header_$ac_cache\" = xyes; then + printf "%s\n" "#define $ac_item 1" >> confdefs.h + fi + ac_header= ac_cache= + elif test $ac_header; then + ac_cache=$ac_item + else + ac_header=$ac_item fi -else - ac_cv_path_GREP=$GREP -fi +done -fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_path_GREP" >&5 -$as_echo "$ac_cv_path_GREP" >&6; } - GREP="$ac_cv_path_GREP" -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for egrep" >&5 -$as_echo_n "checking for egrep... " >&6; } -if ${ac_cv_path_EGREP+:} false; then : - $as_echo_n "(cached) " >&6 -else - if echo a | $GREP -E '(a|b)' >/dev/null 2>&1 - then ac_cv_path_EGREP="$GREP -E" - else - if test -z "$EGREP"; then - ac_path_EGREP_found=false - # Loop through the user's path and test for each of PROGNAME-LIST - as_save_IFS=$IFS; IFS=$PATH_SEPARATOR -for as_dir in $PATH$PATH_SEPARATOR/usr/xpg4/bin -do - IFS=$as_save_IFS - test -z "$as_dir" && as_dir=. - for ac_prog in egrep; do - for ac_exec_ext in '' $ac_executable_extensions; do - ac_path_EGREP="$as_dir/$ac_prog$ac_exec_ext" - as_fn_executable_p "$ac_path_EGREP" || continue -# Check for GNU ac_path_EGREP and select it if it is found. - # Check for GNU $ac_path_EGREP -case `"$ac_path_EGREP" --version 2>&1` in -*GNU*) - ac_cv_path_EGREP="$ac_path_EGREP" ac_path_EGREP_found=:;; -*) - ac_count=0 - $as_echo_n 0123456789 >"conftest.in" - while : - do - cat "conftest.in" "conftest.in" >"conftest.tmp" - mv "conftest.tmp" "conftest.in" - cp "conftest.in" "conftest.nl" - $as_echo 'EGREP' >> "conftest.nl" - "$ac_path_EGREP" 'EGREP$' < "conftest.nl" >"conftest.out" 2>/dev/null || break - diff "conftest.out" "conftest.nl" >/dev/null 2>&1 || break - as_fn_arith $ac_count + 1 && ac_count=$as_val - if test $ac_count -gt ${ac_path_EGREP_max-0}; then - # Best one so far, save it but keep looking for a better one - ac_cv_path_EGREP="$ac_path_EGREP" - ac_path_EGREP_max=$ac_count - fi - # 10*(2^10) chars as input seems more than enough - test $ac_count -gt 10 && break - done - rm -f conftest.in conftest.tmp conftest.nl conftest.out;; -esac - $ac_path_EGREP_found && break 3 - done - done - done -IFS=$as_save_IFS - if test -z "$ac_cv_path_EGREP"; then - as_fn_error $? "no acceptable egrep could be found in $PATH$PATH_SEPARATOR/usr/xpg4/bin" "$LINENO" 5 - fi -else - ac_cv_path_EGREP=$EGREP -fi - fi + + + +if test $ac_cv_header_stdlib_h = yes && test $ac_cv_header_string_h = yes +then : + +printf "%s\n" "#define STDC_HEADERS 1" >>confdefs.h + fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_path_EGREP" >&5 -$as_echo "$ac_cv_path_EGREP" >&6; } - EGREP="$ac_cv_path_EGREP" -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for ANSI C header files" >&5 -$as_echo_n "checking for ANSI C header files... " >&6; } -if ${ac_cv_header_stdc+:} false; then : - $as_echo_n "(cached) " >&6 -else + + + + + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking whether it is safe to define __EXTENSIONS__" >&5 +printf %s "checking whether it is safe to define __EXTENSIONS__... " >&6; } +if test ${ac_cv_safe_to_define___extensions__+y} +then : + printf %s "(cached) " >&6 +else $as_nop cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ -#include -#include -#include -#include +# define __EXTENSIONS__ 1 + $ac_includes_default int -main () +main (void) { ; return 0; } _ACEOF -if ac_fn_c_try_compile "$LINENO"; then : - ac_cv_header_stdc=yes -else - ac_cv_header_stdc=no -fi -rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext - -if test $ac_cv_header_stdc = yes; then - # SunOS 4.x string.h does not declare mem*, contrary to ANSI. - cat confdefs.h - <<_ACEOF >conftest.$ac_ext -/* end confdefs.h. */ -#include - -_ACEOF -if (eval "$ac_cpp conftest.$ac_ext") 2>&5 | - $EGREP "memchr" >/dev/null 2>&1; then : - -else - ac_cv_header_stdc=no +if ac_fn_c_try_compile "$LINENO" +then : + ac_cv_safe_to_define___extensions__=yes +else $as_nop + ac_cv_safe_to_define___extensions__=no fi -rm -f conftest* - +rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext fi +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_safe_to_define___extensions__" >&5 +printf "%s\n" "$ac_cv_safe_to_define___extensions__" >&6; } -if test $ac_cv_header_stdc = yes; then - # ISC 2.0.2 stdlib.h does not declare free, contrary to ANSI. + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking whether _XOPEN_SOURCE should be defined" >&5 +printf %s "checking whether _XOPEN_SOURCE should be defined... " >&6; } +if test ${ac_cv_should_define__xopen_source+y} +then : + printf %s "(cached) " >&6 +else $as_nop + ac_cv_should_define__xopen_source=no + if test $ac_cv_header_wchar_h = yes +then : cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ -#include -_ACEOF -if (eval "$ac_cpp conftest.$ac_ext") 2>&5 | - $EGREP "free" >/dev/null 2>&1; then : - -else - ac_cv_header_stdc=no -fi -rm -f conftest* + #include + mbstate_t x; +int +main (void) +{ -fi + ; + return 0; +} +_ACEOF +if ac_fn_c_try_compile "$LINENO" +then : -if test $ac_cv_header_stdc = yes; then - # /bin/cc in Irix-4.0.5 gets non-ANSI ctype macros unless using -ansi. - if test "$cross_compiling" = yes; then : - : -else +else $as_nop cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ -#include -#include -#if ((' ' & 0x0FF) == 0x020) -# define ISLOWER(c) ('a' <= (c) && (c) <= 'z') -# define TOUPPER(c) (ISLOWER(c) ? 'A' + ((c) - 'a') : (c)) -#else -# define ISLOWER(c) \ - (('a' <= (c) && (c) <= 'i') \ - || ('j' <= (c) && (c) <= 'r') \ - || ('s' <= (c) && (c) <= 'z')) -# define TOUPPER(c) (ISLOWER(c) ? ((c) | 0x40) : (c)) -#endif -#define XOR(e, f) (((e) && !(f)) || (!(e) && (f))) + #define _XOPEN_SOURCE 500 + #include + mbstate_t x; int -main () +main (void) { - int i; - for (i = 0; i < 256; i++) - if (XOR (islower (i), ISLOWER (i)) - || toupper (i) != TOUPPER (i)) - return 2; + + ; return 0; } _ACEOF -if ac_fn_c_try_run "$LINENO"; then : - -else - ac_cv_header_stdc=no +if ac_fn_c_try_compile "$LINENO" +then : + ac_cv_should_define__xopen_source=yes fi -rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \ - conftest.$ac_objext conftest.beam conftest.$ac_ext +rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext fi - +rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext fi fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_header_stdc" >&5 -$as_echo "$ac_cv_header_stdc" >&6; } -if test $ac_cv_header_stdc = yes; then - -$as_echo "#define STDC_HEADERS 1" >>confdefs.h +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_should_define__xopen_source" >&5 +printf "%s\n" "$ac_cv_should_define__xopen_source" >&6; } -fi + printf "%s\n" "#define _ALL_SOURCE 1" >>confdefs.h -# On IRIX 5.3, sys/types and inttypes.h are conflicting. -for ac_header in sys/types.h sys/stat.h stdlib.h string.h memory.h strings.h \ - inttypes.h stdint.h unistd.h -do : - as_ac_Header=`$as_echo "ac_cv_header_$ac_header" | $as_tr_sh` -ac_fn_c_check_header_compile "$LINENO" "$ac_header" "$as_ac_Header" "$ac_includes_default -" -if eval test \"x\$"$as_ac_Header"\" = x"yes"; then : - cat >>confdefs.h <<_ACEOF -#define `$as_echo "HAVE_$ac_header" | $as_tr_cpp` 1 -_ACEOF + printf "%s\n" "#define _DARWIN_C_SOURCE 1" >>confdefs.h -fi + printf "%s\n" "#define _GNU_SOURCE 1" >>confdefs.h -done + printf "%s\n" "#define _HPUX_ALT_XOPEN_SOCKET_API 1" >>confdefs.h + printf "%s\n" "#define _NETBSD_SOURCE 1" >>confdefs.h + printf "%s\n" "#define _OPENBSD_SOURCE 1" >>confdefs.h - ac_fn_c_check_header_mongrel "$LINENO" "minix/config.h" "ac_cv_header_minix_config_h" "$ac_includes_default" -if test "x$ac_cv_header_minix_config_h" = xyes; then : - MINIX=yes -else - MINIX= -fi + printf "%s\n" "#define _POSIX_PTHREAD_SEMANTICS 1" >>confdefs.h + printf "%s\n" "#define __STDC_WANT_IEC_60559_ATTRIBS_EXT__ 1" >>confdefs.h - if test "$MINIX" = yes; then + printf "%s\n" "#define __STDC_WANT_IEC_60559_BFP_EXT__ 1" >>confdefs.h -$as_echo "#define _POSIX_SOURCE 1" >>confdefs.h + printf "%s\n" "#define __STDC_WANT_IEC_60559_DFP_EXT__ 1" >>confdefs.h + printf "%s\n" "#define __STDC_WANT_IEC_60559_FUNCS_EXT__ 1" >>confdefs.h -$as_echo "#define _POSIX_1_SOURCE 2" >>confdefs.h + printf "%s\n" "#define __STDC_WANT_IEC_60559_TYPES_EXT__ 1" >>confdefs.h + printf "%s\n" "#define __STDC_WANT_LIB_EXT2__ 1" >>confdefs.h -$as_echo "#define _MINIX 1" >>confdefs.h + printf "%s\n" "#define __STDC_WANT_MATH_SPEC_FUNCS__ 1" >>confdefs.h - fi + printf "%s\n" "#define _TANDEM_SOURCE 1" >>confdefs.h + if test $ac_cv_header_minix_config_h = yes +then : + MINIX=yes + printf "%s\n" "#define _MINIX 1" >>confdefs.h - { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether it is safe to define __EXTENSIONS__" >&5 -$as_echo_n "checking whether it is safe to define __EXTENSIONS__... " >&6; } -if ${ac_cv_safe_to_define___extensions__+:} false; then : - $as_echo_n "(cached) " >&6 -else - cat confdefs.h - <<_ACEOF >conftest.$ac_ext -/* end confdefs.h. */ + printf "%s\n" "#define _POSIX_SOURCE 1" >>confdefs.h -# define __EXTENSIONS__ 1 - $ac_includes_default -int -main () -{ + printf "%s\n" "#define _POSIX_1_SOURCE 2" >>confdefs.h - ; - return 0; -} -_ACEOF -if ac_fn_c_try_compile "$LINENO"; then : - ac_cv_safe_to_define___extensions__=yes -else - ac_cv_safe_to_define___extensions__=no -fi -rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext +else $as_nop + MINIX= fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_safe_to_define___extensions__" >&5 -$as_echo "$ac_cv_safe_to_define___extensions__" >&6; } - test $ac_cv_safe_to_define___extensions__ = yes && - $as_echo "#define __EXTENSIONS__ 1" >>confdefs.h - - $as_echo "#define _ALL_SOURCE 1" >>confdefs.h - - $as_echo "#define _GNU_SOURCE 1" >>confdefs.h + if test $ac_cv_safe_to_define___extensions__ = yes +then : + printf "%s\n" "#define __EXTENSIONS__ 1" >>confdefs.h - $as_echo "#define _POSIX_PTHREAD_SEMANTICS 1" >>confdefs.h - - $as_echo "#define _TANDEM_SOURCE 1" >>confdefs.h +fi + if test $ac_cv_should_define__xopen_source = yes +then : + printf "%s\n" "#define _XOPEN_SOURCE 500" >>confdefs.h +fi # @@ -4504,8 +4859,8 @@ # case "$libexecdir" in */sudo) - { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: libexecdir should not include the \"sudo\" subdirectory" >&5 -$as_echo "$as_me: WARNING: libexecdir should not include the \"sudo\" subdirectory" >&2;} + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: WARNING: libexecdir should not include the \"sudo\" subdirectory" >&5 +printf "%s\n" "$as_me: WARNING: libexecdir should not include the \"sudo\" subdirectory" >&2;} libexecdir=`expr "$libexecdir" : '\\(.*\\)/sudo$'` ;; esac @@ -4513,11 +4868,12 @@ # Check whether --with-otp-only was given. -if test "${with_otp_only+set}" = set; then : +if test ${with_otp_only+y} +then : withval=$with_otp_only; case $with_otp_only in yes) with_passwd="no" - { $as_echo "$as_me:${as_lineno-$LINENO}: --with-otp-only option deprecated, treating as --without-passwd" >&5 -$as_echo "$as_me: --with-otp-only option deprecated, treating as --without-passwd" >&6;} + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: --with-otp-only option deprecated, treating as --without-passwd" >&5 +printf "%s\n" "$as_me: --with-otp-only option deprecated, treating as --without-passwd" >&6;} ;; esac fi @@ -4525,11 +4881,12 @@ # Check whether --with-alertmail was given. -if test "${with_alertmail+set}" = set; then : +if test ${with_alertmail+y} +then : withval=$with_alertmail; case $with_alertmail in *) with_mailto="$with_alertmail" - { $as_echo "$as_me:${as_lineno-$LINENO}: --with-alertmail option deprecated, treating as --mailto" >&5 -$as_echo "$as_me: --with-alertmail option deprecated, treating as --mailto" >&6;} + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: --with-alertmail option deprecated, treating as --mailto" >&5 +printf "%s\n" "$as_me: --with-alertmail option deprecated, treating as --mailto" >&6;} ;; esac fi @@ -4537,15 +4894,16 @@ # Check whether --with-pc-insults was given. -if test "${with_pc_insults+set}" = set; then : +if test ${with_pc_insults+y} +then : withval=$with_pc_insults; case $with_pc_insults in yes) enable_offensive_insults=no - { $as_echo "$as_me:${as_lineno-$LINENO}: --with-pc-insults option deprecated, it is now the default" >&5 -$as_echo "$as_me: --with-pc-insults option deprecated, it is now the default" >&6;} + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: --with-pc-insults option deprecated, it is now the default" >&5 +printf "%s\n" "$as_me: --with-pc-insults option deprecated, it is now the default" >&6;} ;; no) enable_offensive_insults=yes - { $as_echo "$as_me:${as_lineno-$LINENO}: --without-pc-insults option deprecated, use --enable-offensive-insults" >&5 -$as_echo "$as_me: --without-pc-insults option deprecated, use --enable-offensive-insults" >&6;} + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: --without-pc-insults option deprecated, use --enable-offensive-insults" >&5 +printf "%s\n" "$as_me: --without-pc-insults option deprecated, use --enable-offensive-insults" >&6;} ;; esac fi @@ -4554,38 +4912,40 @@ # Check whether --with-devel was given. -if test "${with_devel+set}" = set; then : +if test ${with_devel+y} +then : withval=$with_devel; case $with_devel in - yes) { $as_echo "$as_me:${as_lineno-$LINENO}: Setting up for development: -Wall, flex, yacc" >&5 -$as_echo "$as_me: Setting up for development: -Wall, flex, yacc" >&6;} + yes) { printf "%s\n" "$as_me:${as_lineno-$LINENO}: setting up for development: -Wall, flex, yacc" >&5 +printf "%s\n" "$as_me: setting up for development: -Wall, flex, yacc" >&6;} -if ${CPPFLAGS+:} false; then : +if test ${CPPFLAGS+y} +then : case " $CPPFLAGS " in #( *" -DSUDO_DEVEL "*) : - { { $as_echo "$as_me:${as_lineno-$LINENO}: : CPPFLAGS already contains -DSUDO_DEVEL"; } >&5 + { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: : CPPFLAGS already contains -DSUDO_DEVEL"; } >&5 (: CPPFLAGS already contains -DSUDO_DEVEL) 2>&5 ac_status=$? - $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 test $ac_status = 0; } ;; #( *) : as_fn_append CPPFLAGS " -DSUDO_DEVEL" - { { $as_echo "$as_me:${as_lineno-$LINENO}: : CPPFLAGS=\"\$CPPFLAGS\""; } >&5 + { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: : CPPFLAGS=\"\$CPPFLAGS\""; } >&5 (: CPPFLAGS="$CPPFLAGS") 2>&5 ac_status=$? - $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 test $ac_status = 0; } ;; esac -else +else $as_nop CPPFLAGS=-DSUDO_DEVEL - { { $as_echo "$as_me:${as_lineno-$LINENO}: : CPPFLAGS=\"\$CPPFLAGS\""; } >&5 + { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: : CPPFLAGS=\"\$CPPFLAGS\""; } >&5 (: CPPFLAGS="$CPPFLAGS") 2>&5 ac_status=$? - $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 test $ac_status = 0; } fi @@ -4594,8 +4954,8 @@ devdir=. ;; no) ;; - *) { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: Ignoring unknown argument to --with-devel: $with_devel" >&5 -$as_echo "$as_me: WARNING: Ignoring unknown argument to --with-devel: $with_devel" >&2;} + *) { printf "%s\n" "$as_me:${as_lineno-$LINENO}: WARNING: ignoring unknown argument to --with-devel: $with_devel" >&5 +printf "%s\n" "$as_me: WARNING: ignoring unknown argument to --with-devel: $with_devel" >&2;} ;; esac fi @@ -4603,7 +4963,8 @@ # Check whether --with-CC was given. -if test "${with_CC+set}" = set; then : +if test ${with_CC+y} +then : withval=$with_CC; case $with_CC in *) as_fn_error $? "the --with-CC option is no longer supported, please pass CC=$with_CC to configure instead." "$LINENO" 5 ;; @@ -4613,31 +4974,34 @@ # Check whether --with-rpath was given. -if test "${with_rpath+set}" = set; then : - withval=$with_rpath; { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: --with-rpath deprecated, rpath is now the default" >&5 -$as_echo "$as_me: WARNING: --with-rpath deprecated, rpath is now the default" >&2;} +if test ${with_rpath+y} +then : + withval=$with_rpath; { printf "%s\n" "$as_me:${as_lineno-$LINENO}: WARNING: --with-rpath deprecated, rpath is now the default" >&5 +printf "%s\n" "$as_me: WARNING: --with-rpath deprecated, rpath is now the default" >&2;} fi # Check whether --with-blibpath was given. -if test "${with_blibpath+set}" = set; then : - withval=$with_blibpath; { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: --with-blibpath deprecated, use --with-libpath" >&5 -$as_echo "$as_me: WARNING: --with-blibpath deprecated, use --with-libpath" >&2;} +if test ${with_blibpath+y} +then : + withval=$with_blibpath; { printf "%s\n" "$as_me:${as_lineno-$LINENO}: WARNING: --with-blibpath deprecated, use --with-libpath" >&5 +printf "%s\n" "$as_me: WARNING: --with-blibpath deprecated, use --with-libpath" >&2;} fi # Check whether --with-bsm-audit was given. -if test "${with_bsm_audit+set}" = set; then : +if test ${with_bsm_audit+y} +then : withval=$with_bsm_audit; case $with_bsm_audit in - yes) $as_echo "#define HAVE_BSM_AUDIT 1" >>confdefs.h + yes) printf "%s\n" "#define HAVE_BSM_AUDIT 1" >>confdefs.h SUDOERS_LIBS="${SUDOERS_LIBS} -lbsm" SUDOERS_OBJS="${SUDOERS_OBJS} bsm_audit.lo" ;; no) ;; - *) as_fn_error $? "\"--with-bsm-audit does not take an argument.\"" "$LINENO" 5 + *) as_fn_error $? "--with-bsm-audit does not take an argument." "$LINENO" 5 ;; esac fi @@ -4645,36 +5009,38 @@ # Check whether --with-linux-audit was given. -if test "${with_linux_audit+set}" = set; then : +if test ${with_linux_audit+y} +then : withval=$with_linux_audit; case $with_linux_audit in yes) cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ #include int -main () +main (void) { int i = AUDIT_USER_CMD; (void)i; ; return 0; } _ACEOF -if ac_fn_c_try_compile "$LINENO"; then : +if ac_fn_c_try_compile "$LINENO" +then : - $as_echo "#define HAVE_LINUX_AUDIT 1" >>confdefs.h + printf "%s\n" "#define HAVE_LINUX_AUDIT 1" >>confdefs.h SUDO_LIBS="${SUDO_LIBS} -laudit" SUDOERS_LIBS="${SUDO_LIBS} -laudit" SUDOERS_OBJS="${SUDOERS_OBJS} linux_audit.lo" -else +else $as_nop as_fn_error $? "unable to find AUDIT_USER_CMD in libaudit.h for --with-linux-audit" "$LINENO" 5 fi -rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext +rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext ;; no) ;; - *) as_fn_error $? "\"--with-linux-audit does not take an argument.\"" "$LINENO" 5 + *) as_fn_error $? "--with-linux-audit does not take an argument." "$LINENO" 5 ;; esac fi @@ -4682,15 +5048,16 @@ # Check whether --with-solaris-audit was given. -if test "${with_solaris_audit+set}" = set; then : +if test ${with_solaris_audit+y} +then : withval=$with_solaris_audit; case $with_solaris_audit in - yes) $as_echo "#define HAVE_SOLARIS_AUDIT 1" >>confdefs.h + yes) printf "%s\n" "#define HAVE_SOLARIS_AUDIT 1" >>confdefs.h SUDOERS_LIBS="${SUDOERS_LIBS} -lbsm" SUDOERS_OBJS="${SUDOERS_OBJS} solaris_audit.lo" ;; no) ;; - *) as_fn_error $? "\"--with-solaris-audit does not take an argument.\"" "$LINENO" 5 + *) as_fn_error $? "--with-solaris-audit does not take an argument." "$LINENO" 5 ;; esac fi @@ -4698,18 +5065,19 @@ # Check whether --with-sssd was given. -if test "${with_sssd+set}" = set; then : +if test ${with_sssd+y} +then : withval=$with_sssd; case $with_sssd in yes) SUDOERS_OBJS="${SUDOERS_OBJS} sssd.lo" case "$SUDOERS_OBJS" in *ldap_util.lo*) ;; *) SUDOERS_OBJS="${SUDOERS_OBJS} ldap_util.lo";; esac - $as_echo "#define HAVE_SSSD 1" >>confdefs.h + printf "%s\n" "#define HAVE_SSSD 1" >>confdefs.h ;; no) ;; - *) as_fn_error $? "\"--with-sssd does not take an argument.\"" "$LINENO" 5 + *) as_fn_error $? "--with-sssd does not take an argument." "$LINENO" 5 ;; esac fi @@ -4717,7 +5085,8 @@ # Check whether --with-sssd-conf was given. -if test "${with_sssd_conf+set}" = set; then : +if test ${with_sssd_conf+y} +then : withval=$with_sssd_conf; fi @@ -4730,7 +5099,8 @@ # Check whether --with-sssd-lib was given. -if test "${with_sssd_lib+set}" = set; then : +if test ${with_sssd_lib+y} +then : withval=$with_sssd_lib; fi @@ -4743,43 +5113,45 @@ # Check whether --with-incpath was given. -if test "${with_incpath+set}" = set; then : +if test ${with_incpath+y} +then : withval=$with_incpath; case $with_incpath in - yes) as_fn_error $? "\"must give --with-incpath an argument.\"" "$LINENO" 5 + yes) as_fn_error $? "must give --with-incpath an argument." "$LINENO" 5 ;; - no) as_fn_error $? "\"--without-incpath not supported.\"" "$LINENO" 5 + no) as_fn_error $? "--without-incpath not supported." "$LINENO" 5 ;; - *) { $as_echo "$as_me:${as_lineno-$LINENO}: Adding ${with_incpath} to CPPFLAGS" >&5 -$as_echo "$as_me: Adding ${with_incpath} to CPPFLAGS" >&6;} + *) { printf "%s\n" "$as_me:${as_lineno-$LINENO}: adding ${with_incpath} to CPPFLAGS" >&5 +printf "%s\n" "$as_me: adding ${with_incpath} to CPPFLAGS" >&6;} for i in ${with_incpath}; do -if ${CPPFLAGS+:} false; then : +if test ${CPPFLAGS+y} +then : case " $CPPFLAGS " in #( *" -I${i} "*) : - { { $as_echo "$as_me:${as_lineno-$LINENO}: : CPPFLAGS already contains -I\${i}"; } >&5 + { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: : CPPFLAGS already contains -I\${i}"; } >&5 (: CPPFLAGS already contains -I${i}) 2>&5 ac_status=$? - $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 test $ac_status = 0; } ;; #( *) : as_fn_append CPPFLAGS " -I${i}" - { { $as_echo "$as_me:${as_lineno-$LINENO}: : CPPFLAGS=\"\$CPPFLAGS\""; } >&5 + { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: : CPPFLAGS=\"\$CPPFLAGS\""; } >&5 (: CPPFLAGS="$CPPFLAGS") 2>&5 ac_status=$? - $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 test $ac_status = 0; } ;; esac -else +else $as_nop CPPFLAGS=-I${i} - { { $as_echo "$as_me:${as_lineno-$LINENO}: : CPPFLAGS=\"\$CPPFLAGS\""; } >&5 + { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: : CPPFLAGS=\"\$CPPFLAGS\""; } >&5 (: CPPFLAGS="$CPPFLAGS") 2>&5 ac_status=$? - $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 test $ac_status = 0; } fi @@ -4792,14 +5164,15 @@ # Check whether --with-libpath was given. -if test "${with_libpath+set}" = set; then : +if test ${with_libpath+y} +then : withval=$with_libpath; case $with_libpath in - yes) as_fn_error $? "\"must give --with-libpath an argument.\"" "$LINENO" 5 + yes) as_fn_error $? "must give --with-libpath an argument." "$LINENO" 5 ;; - no) as_fn_error $? "\"--without-libpath not supported.\"" "$LINENO" 5 + no) as_fn_error $? "--without-libpath not supported." "$LINENO" 5 ;; - *) { $as_echo "$as_me:${as_lineno-$LINENO}: Adding ${with_libpath} to LDFLAGS" >&5 -$as_echo "$as_me: Adding ${with_libpath} to LDFLAGS" >&6;} + *) { printf "%s\n" "$as_me:${as_lineno-$LINENO}: adding ${with_libpath} to LDFLAGS" >&5 +printf "%s\n" "$as_me: adding ${with_libpath} to LDFLAGS" >&6;} ;; esac fi @@ -4807,33 +5180,15 @@ # Check whether --with-libraries was given. -if test "${with_libraries+set}" = set; then : +if test ${with_libraries+y} +then : withval=$with_libraries; case $with_libraries in - yes) as_fn_error $? "\"must give --with-libraries an argument.\"" "$LINENO" 5 - ;; - no) as_fn_error $? "\"--without-libraries not supported.\"" "$LINENO" 5 + yes) as_fn_error $? "must give --with-libraries an argument." "$LINENO" 5 ;; - *) { $as_echo "$as_me:${as_lineno-$LINENO}: Adding ${with_libraries} to LIBS" >&5 -$as_echo "$as_me: Adding ${with_libraries} to LIBS" >&6;} - ;; -esac -fi - - - -# Check whether --with-efence was given. -if test "${with_efence+set}" = set; then : - withval=$with_efence; case $with_efence in - yes) { $as_echo "$as_me:${as_lineno-$LINENO}: Sudo will link with -lefence (Electric Fence)" >&5 -$as_echo "$as_me: Sudo will link with -lefence (Electric Fence)" >&6;} - LIBS="${LIBS} -lefence" - if test -f /usr/local/lib/libefence.a; then - with_libpath="${with_libpath} /usr/local/lib" - fi + no) as_fn_error $? "--without-libraries not supported." "$LINENO" 5 ;; - no) ;; - *) { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: Ignoring unknown argument to --with-efence: $with_efence" >&5 -$as_echo "$as_me: WARNING: Ignoring unknown argument to --with-efence: $with_efence" >&2;} + *) { printf "%s\n" "$as_me:${as_lineno-$LINENO}: adding ${with_libraries} to LIBS" >&5 +printf "%s\n" "$as_me: adding ${with_libraries} to LIBS" >&6;} ;; esac fi @@ -4841,10 +5196,11 @@ # Check whether --with-csops was given. -if test "${with_csops+set}" = set; then : +if test ${with_csops+y} +then : withval=$with_csops; case $with_csops in - yes) { $as_echo "$as_me:${as_lineno-$LINENO}: Adding CSOps standard options" >&5 -$as_echo "$as_me: Adding CSOps standard options" >&6;} + yes) { printf "%s\n" "$as_me:${as_lineno-$LINENO}: adding CSOps standard options" >&5 +printf "%s\n" "$as_me: adding CSOps standard options" >&6;} CHECKSIA=false with_ignore_dot=yes insults=on @@ -4855,8 +5211,8 @@ : ${mansectform='5'} ;; no) ;; - *) { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: Ignoring unknown argument to --with-csops: $with_csops" >&5 -$as_echo "$as_me: WARNING: Ignoring unknown argument to --with-csops: $with_csops" >&2;} + *) { printf "%s\n" "$as_me:${as_lineno-$LINENO}: WARNING: ignoring unknown argument to --with-csops: $with_csops" >&5 +printf "%s\n" "$as_me: WARNING: ignoring unknown argument to --with-csops: $with_csops" >&2;} ;; esac fi @@ -4864,16 +5220,13 @@ # Check whether --with-passwd was given. -if test "${with_passwd+set}" = set; then : +if test ${with_passwd+y} +then : withval=$with_passwd; case $with_passwd in - yes|no) { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether to use shadow/passwd file authentication" >&5 -$as_echo_n "checking whether to use shadow/passwd file authentication... " >&6; } - { $as_echo "$as_me:${as_lineno-$LINENO}: result: $with_passwd" >&5 -$as_echo "$with_passwd" >&6; } - AUTH_DEF="" + yes|no) AUTH_DEF="" test "$with_passwd" = "yes" && AUTH_REG="$AUTH_REG passwd" ;; - *) as_fn_error $? "\"Sorry, --with-passwd does not take an argument.\"" "$LINENO" 5 + *) as_fn_error $? "sorry, --with-passwd does not take an argument." "$LINENO" 5 ;; esac fi @@ -4881,15 +5234,12 @@ # Check whether --with-skey was given. -if test "${with_skey+set}" = set; then : +if test ${with_skey+y} +then : withval=$with_skey; case $with_skey in no) ;; - *) $as_echo "#define HAVE_SKEY 1" >>confdefs.h + *) printf "%s\n" "#define HAVE_SKEY 1" >>confdefs.h - { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether to try S/Key authentication" >&5 -$as_echo_n "checking whether to try S/Key authentication... " >&6; } - { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 -$as_echo "yes" >&6; } AUTH_REG="$AUTH_REG S/Key" ;; esac @@ -4898,15 +5248,12 @@ # Check whether --with-opie was given. -if test "${with_opie+set}" = set; then : +if test ${with_opie+y} +then : withval=$with_opie; case $with_opie in no) ;; - *) $as_echo "#define HAVE_OPIE 1" >>confdefs.h + *) printf "%s\n" "#define HAVE_OPIE 1" >>confdefs.h - { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether to try NRL OPIE authentication" >&5 -$as_echo_n "checking whether to try NRL OPIE authentication... " >&6; } - { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 -$as_echo "yes" >&6; } AUTH_REG="$AUTH_REG NRL_OPIE" ;; esac @@ -4915,19 +5262,16 @@ # Check whether --with-long-otp-prompt was given. -if test "${with_long_otp_prompt+set}" = set; then : +if test ${with_long_otp_prompt+y} +then : withval=$with_long_otp_prompt; case $with_long_otp_prompt in - yes) $as_echo "#define LONG_OTP_PROMPT 1" >>confdefs.h + yes) printf "%s\n" "#define LONG_OTP_PROMPT 1" >>confdefs.h - { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether to use a two line prompt for OTP authentication" >&5 -$as_echo_n "checking whether to use a two line prompt for OTP authentication... " >&6; } - { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 -$as_echo "yes" >&6; } long_otp_prompt=on ;; no) long_otp_prompt=off ;; - *) as_fn_error $? "\"--with-long-otp-prompt does not take an argument.\"" "$LINENO" 5 + *) as_fn_error $? "--with-long-otp-prompt does not take an argument." "$LINENO" 5 ;; esac fi @@ -4935,15 +5279,12 @@ # Check whether --with-SecurID was given. -if test "${with_SecurID+set}" = set; then : +if test ${with_SecurID+y} +then : withval=$with_SecurID; case $with_SecurID in no) ;; - *) $as_echo "#define HAVE_SECURID 1" >>confdefs.h + *) printf "%s\n" "#define HAVE_SECURID 1" >>confdefs.h - { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether to use SecurID for authentication" >&5 -$as_echo_n "checking whether to use SecurID for authentication... " >&6; } - { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 -$as_echo "yes" >&6; } AUTH_EXCL="$AUTH_EXCL SecurID" ;; esac @@ -4952,15 +5293,12 @@ # Check whether --with-fwtk was given. -if test "${with_fwtk+set}" = set; then : +if test ${with_fwtk+y} +then : withval=$with_fwtk; case $with_fwtk in no) ;; - *) $as_echo "#define HAVE_FWTK 1" >>confdefs.h + *) printf "%s\n" "#define HAVE_FWTK 1" >>confdefs.h - { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether to use FWTK AuthSRV for authentication" >&5 -$as_echo_n "checking whether to use FWTK AuthSRV for authentication... " >&6; } - { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 -$as_echo "yes" >&6; } AUTH_EXCL="$AUTH_EXCL FWTK" ;; esac @@ -4969,14 +5307,11 @@ # Check whether --with-kerb5 was given. -if test "${with_kerb5+set}" = set; then : +if test ${with_kerb5+y} +then : withval=$with_kerb5; case $with_kerb5 in no) ;; - *) { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether to try Kerberos V authentication" >&5 -$as_echo_n "checking whether to try Kerberos V authentication... " >&6; } - { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 -$as_echo "yes" >&6; } - AUTH_REG="$AUTH_REG kerb5" + *) AUTH_REG="$AUTH_REG kerb5" ;; esac fi @@ -4984,11 +5319,12 @@ # Check whether --with-aixauth was given. -if test "${with_aixauth+set}" = set; then : +if test ${with_aixauth+y} +then : withval=$with_aixauth; case $with_aixauth in yes) AUTH_EXCL="$AUTH_EXCL AIX_AUTH";; no) ;; - *) as_fn_error $? "\"--with-aixauth does not take an argument.\"" "$LINENO" 5 + *) as_fn_error $? "--with-aixauth does not take an argument." "$LINENO" 5 ;; esac fi @@ -4996,11 +5332,12 @@ # Check whether --with-pam was given. -if test "${with_pam+set}" = set; then : +if test ${with_pam+y} +then : withval=$with_pam; case $with_pam in yes) AUTH_EXCL="$AUTH_EXCL PAM";; no) ;; - *) as_fn_error $? "\"--with-pam does not take an argument.\"" "$LINENO" 5 + *) as_fn_error $? "--with-pam does not take an argument." "$LINENO" 5 ;; esac fi @@ -5008,18 +5345,15 @@ # Check whether --with-AFS was given. -if test "${with_AFS+set}" = set; then : +if test ${with_AFS+y} +then : withval=$with_AFS; case $with_AFS in - yes) $as_echo "#define HAVE_AFS 1" >>confdefs.h + yes) printf "%s\n" "#define HAVE_AFS 1" >>confdefs.h - { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether to try AFS (kerberos) authentication" >&5 -$as_echo_n "checking whether to try AFS (kerberos) authentication... " >&6; } - { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 -$as_echo "yes" >&6; } AUTH_REG="$AUTH_REG AFS" ;; no) ;; - *) as_fn_error $? "\"--with-AFS does not take an argument.\"" "$LINENO" 5 + *) as_fn_error $? "--with-AFS does not take an argument." "$LINENO" 5 ;; esac fi @@ -5027,18 +5361,15 @@ # Check whether --with-DCE was given. -if test "${with_DCE+set}" = set; then : +if test ${with_DCE+y} +then : withval=$with_DCE; case $with_DCE in - yes) $as_echo "#define HAVE_DCE 1" >>confdefs.h + yes) printf "%s\n" "#define HAVE_DCE 1" >>confdefs.h - { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether to try DCE (kerberos) authentication" >&5 -$as_echo_n "checking whether to try DCE (kerberos) authentication... " >&6; } - { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 -$as_echo "yes" >&6; } AUTH_REG="$AUTH_REG DCE" ;; no) ;; - *) as_fn_error $? "\"--with-DCE does not take an argument.\"" "$LINENO" 5 + *) as_fn_error $? "--with-DCE does not take an argument." "$LINENO" 5 ;; esac fi @@ -5046,10 +5377,11 @@ # Check whether --with-logincap was given. -if test "${with_logincap+set}" = set; then : +if test ${with_logincap+y} +then : withval=$with_logincap; case $with_logincap in yes|no) ;; - *) as_fn_error $? "\"--with-logincap does not take an argument.\"" "$LINENO" 5 + *) as_fn_error $? "--with-logincap does not take an argument." "$LINENO" 5 ;; esac fi @@ -5057,11 +5389,12 @@ # Check whether --with-bsdauth was given. -if test "${with_bsdauth+set}" = set; then : +if test ${with_bsdauth+y} +then : withval=$with_bsdauth; case $with_bsdauth in yes) AUTH_EXCL="$AUTH_EXCL BSD_AUTH";; no) ;; - *) as_fn_error $? "\"--with-bsdauth does not take an argument.\"" "$LINENO" 5 + *) as_fn_error $? "--with-bsdauth does not take an argument." "$LINENO" 5 ;; esac fi @@ -5069,127 +5402,110 @@ # Check whether --with-project was given. -if test "${with_project+set}" = set; then : +if test ${with_project+y} +then : withval=$with_project; case $with_project in yes|no) ;; - no) ;; - *) as_fn_error $? "\"--with-project does not take an argument.\"" "$LINENO" 5 + no) ;; + *) as_fn_error $? "--with-project does not take an argument." "$LINENO" 5 ;; esac fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether to lecture users the first time they run sudo" >&5 -$as_echo_n "checking whether to lecture users the first time they run sudo... " >&6; } # Check whether --with-lecture was given. -if test "${with_lecture+set}" = set; then : +if test ${with_lecture+y} +then : withval=$with_lecture; case $with_lecture in yes|short|always) lecture=once - ;; + ;; no|none|never) lecture=never - ;; - *) as_fn_error $? "\"unknown argument to --with-lecture: $with_lecture\"" "$LINENO" 5 + printf "%s\n" "#define NO_LECTURE 1" >>confdefs.h + + ;; + *) as_fn_error $? "unknown argument to --with-lecture: $with_lecture" "$LINENO" 5 ;; esac fi -if test "$lecture" = "once"; then - { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 -$as_echo "yes" >&6; } -else - $as_echo "#define NO_LECTURE 1" >>confdefs.h - { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 -$as_echo "no" >&6; } -fi - -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether sudo should log via syslog or to a file by default" >&5 -$as_echo_n "checking whether sudo should log via syslog or to a file by default... " >&6; } # Check whether --with-logging was given. -if test "${with_logging+set}" = set; then : +if test ${with_logging+y} +then : withval=$with_logging; case $with_logging in - yes) as_fn_error $? "\"must give --with-logging an argument.\"" "$LINENO" 5 + yes) as_fn_error $? "must give --with-logging an argument." "$LINENO" 5 ;; - no) as_fn_error $? "\"--without-logging not supported.\"" "$LINENO" 5 + no) as_fn_error $? "--without-logging not supported." "$LINENO" 5 ;; - syslog) $as_echo "#define LOGGING SLOG_SYSLOG" >>confdefs.h + syslog) printf "%s\n" "#define LOGGING SLOG_SYSLOG" >>confdefs.h - { $as_echo "$as_me:${as_lineno-$LINENO}: result: syslog" >&5 -$as_echo "syslog" >&6; } ;; - file) $as_echo "#define LOGGING SLOG_FILE" >>confdefs.h + file) printf "%s\n" "#define LOGGING SLOG_FILE" >>confdefs.h - { $as_echo "$as_me:${as_lineno-$LINENO}: result: file" >&5 -$as_echo "file" >&6; } ;; - both) $as_echo "#define LOGGING SLOG_BOTH" >>confdefs.h + both) printf "%s\n" "#define LOGGING SLOG_BOTH" >>confdefs.h - { $as_echo "$as_me:${as_lineno-$LINENO}: result: both" >&5 -$as_echo "both" >&6; } ;; - *) as_fn_error $? "\"unknown argument to --with-logging: $with_logging\"" "$LINENO" 5 + *) as_fn_error $? "unknown argument to --with-logging: $with_logging" "$LINENO" 5 ;; esac -else - $as_echo "#define LOGGING SLOG_SYSLOG" >>confdefs.h - { $as_echo "$as_me:${as_lineno-$LINENO}: result: syslog" >&5 -$as_echo "syslog" >&6; } +else $as_nop + + with_logging=syslog + printf "%s\n" "#define LOGGING SLOG_SYSLOG" >>confdefs.h + + fi # Check whether --with-logfac was given. -if test "${with_logfac+set}" = set; then : +if test ${with_logfac+y} +then : withval=$with_logfac; case $with_logfac in - yes) as_fn_error $? "\"must give --with-logfac an argument.\"" "$LINENO" 5 + yes) as_fn_error $? "must give --with-logfac an argument." "$LINENO" 5 ;; - no) as_fn_error $? "\"--without-logfac not supported.\"" "$LINENO" 5 + no) as_fn_error $? "--without-logfac not supported." "$LINENO" 5 ;; authpriv|auth|daemon|user|local0|local1|local2|local3|local4|local5|local6|local7) logfac=$with_logfac ;; - *) as_fn_error $? "\"$with_logfac is not a supported syslog facility.\"" "$LINENO" 5 + *) as_fn_error $? "$with_logfac is not a supported syslog facility." "$LINENO" 5 ;; esac fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking at which syslog priority to log commands" >&5 -$as_echo_n "checking at which syslog priority to log commands... " >&6; } # Check whether --with-goodpri was given. -if test "${with_goodpri+set}" = set; then : +if test ${with_goodpri+y} +then : withval=$with_goodpri; case $with_goodpri in - yes) as_fn_error $? "\"must give --with-goodpri an argument.\"" "$LINENO" 5 + yes) as_fn_error $? "must give --with-goodpri an argument." "$LINENO" 5 ;; - no) as_fn_error $? "\"--without-goodpri not supported.\"" "$LINENO" 5 + no) as_fn_error $? "--without-goodpri not supported." "$LINENO" 5 ;; alert|crit|debug|emerg|err|info|notice|warning) goodpri=$with_goodpri ;; - *) as_fn_error $? "\"$with_goodpri is not a supported syslog priority.\"" "$LINENO" 5 + *) as_fn_error $? "$with_goodpri is not a supported syslog priority." "$LINENO" 5 ;; esac fi -cat >>confdefs.h <<_ACEOF -#define PRI_SUCCESS "$goodpri" -_ACEOF +printf "%s\n" "#define PRI_SUCCESS \"$goodpri\"" >>confdefs.h -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $goodpri" >&5 -$as_echo "$goodpri" >&6; } -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking at which syslog priority to log failures" >&5 -$as_echo_n "checking at which syslog priority to log failures... " >&6; } # Check whether --with-badpri was given. -if test "${with_badpri+set}" = set; then : +if test ${with_badpri+y} +then : withval=$with_badpri; case $with_badpri in - yes) as_fn_error $? "\"must give --with-badpri an argument.\"" "$LINENO" 5 + yes) as_fn_error $? "must give --with-badpri an argument." "$LINENO" 5 ;; - no) as_fn_error $? "\"--without-badpri not supported.\"" "$LINENO" 5 + no) as_fn_error $? "--without-badpri not supported." "$LINENO" 5 ;; alert|crit|debug|emerg|err|info|notice|warning) badpri=$with_badpri @@ -5200,159 +5516,120 @@ fi -cat >>confdefs.h <<_ACEOF -#define PRI_FAILURE "$badpri" -_ACEOF +printf "%s\n" "#define PRI_FAILURE \"$badpri\"" >>confdefs.h -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $badpri" >&5 -$as_echo "$badpri" >&6; } # Check whether --with-logpath was given. -if test "${with_logpath+set}" = set; then : +if test ${with_logpath+y} +then : withval=$with_logpath; case $with_logpath in - yes) as_fn_error $? "\"must give --with-logpath an argument.\"" "$LINENO" 5 + yes) as_fn_error $? "must give --with-logpath an argument." "$LINENO" 5 ;; - no) as_fn_error $? "\"--without-logpath not supported.\"" "$LINENO" 5 + no) as_fn_error $? "--without-logpath not supported." "$LINENO" 5 ;; esac fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking how long a line in the log file should be" >&5 -$as_echo_n "checking how long a line in the log file should be... " >&6; } # Check whether --with-loglen was given. -if test "${with_loglen+set}" = set; then : +if test ${with_loglen+y} +then : withval=$with_loglen; case $with_loglen in - yes) as_fn_error $? "\"must give --with-loglen an argument.\"" "$LINENO" 5 + yes) as_fn_error $? "must give --with-loglen an argument." "$LINENO" 5 ;; - no) as_fn_error $? "\"--without-loglen not supported.\"" "$LINENO" 5 + no) as_fn_error $? "--without-loglen not supported." "$LINENO" 5 ;; [0-9]*) loglen=$with_loglen ;; - *) as_fn_error $? "\"you must enter a number, not $with_loglen\"" "$LINENO" 5 + *) as_fn_error $? "you must enter a number, not $with_loglen" "$LINENO" 5 ;; esac fi -cat >>confdefs.h <<_ACEOF -#define MAXLOGFILELEN $loglen -_ACEOF +printf "%s\n" "#define MAXLOGFILELEN $loglen" >>confdefs.h -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $loglen" >&5 -$as_echo "$loglen" >&6; } -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether sudo should ignore '.' or '' in \$PATH" >&5 -$as_echo_n "checking whether sudo should ignore '.' or '' in \$PATH... " >&6; } # Check whether --with-ignore-dot was given. -if test "${with_ignore_dot+set}" = set; then : +if test ${with_ignore_dot+y} +then : withval=$with_ignore_dot; case $with_ignore_dot in yes) ignore_dot=on + printf "%s\n" "#define IGNORE_DOT_PATH 1" >>confdefs.h + ;; no) ignore_dot=off ;; - *) as_fn_error $? "\"--with-ignore-dot does not take an argument.\"" "$LINENO" 5 + *) as_fn_error $? "--with-ignore-dot does not take an argument." "$LINENO" 5 ;; esac fi -if test "$ignore_dot" = "on"; then - $as_echo "#define IGNORE_DOT_PATH 1" >>confdefs.h - { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 -$as_echo "yes" >&6; } -else - { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 -$as_echo "no" >&6; } -fi - -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether to send mail when a user is not in sudoers" >&5 -$as_echo_n "checking whether to send mail when a user is not in sudoers... " >&6; } # Check whether --with-mail-if-no-user was given. -if test "${with_mail_if_no_user+set}" = set; then : +if test ${with_mail_if_no_user+y} +then : withval=$with_mail_if_no_user; case $with_mail_if_no_user in yes) mail_no_user=on ;; no) mail_no_user=off ;; - *) as_fn_error $? "\"--with-mail-if-no-user does not take an argument.\"" "$LINENO" 5 + *) as_fn_error $? "--with-mail-if-no-user does not take an argument." "$LINENO" 5 ;; esac fi if test "$mail_no_user" = "on"; then - $as_echo "#define SEND_MAIL_WHEN_NO_USER 1" >>confdefs.h + printf "%s\n" "#define SEND_MAIL_WHEN_NO_USER 1" >>confdefs.h - { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 -$as_echo "yes" >&6; } -else - { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 -$as_echo "no" >&6; } fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether to send mail when user listed but not for this host" >&5 -$as_echo_n "checking whether to send mail when user listed but not for this host... " >&6; } # Check whether --with-mail-if-no-host was given. -if test "${with_mail_if_no_host+set}" = set; then : +if test ${with_mail_if_no_host+y} +then : withval=$with_mail_if_no_host; case $with_mail_if_no_host in yes) mail_no_host=on + printf "%s\n" "#define SEND_MAIL_WHEN_NO_HOST 1" >>confdefs.h + ;; no) mail_no_host=off ;; - *) as_fn_error $? "\"--with-mail-if-no-host does not take an argument.\"" "$LINENO" 5 + *) as_fn_error $? "--with-mail-if-no-host does not take an argument." "$LINENO" 5 ;; esac fi -if test "$mail_no_host" = "on"; then - $as_echo "#define SEND_MAIL_WHEN_NO_HOST 1" >>confdefs.h - - { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 -$as_echo "yes" >&6; } -else - { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 -$as_echo "no" >&6; } -fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether to send mail when a user tries a disallowed command" >&5 -$as_echo_n "checking whether to send mail when a user tries a disallowed command... " >&6; } # Check whether --with-mail-if-noperms was given. -if test "${with_mail_if_noperms+set}" = set; then : +if test ${with_mail_if_noperms+y} +then : withval=$with_mail_if_noperms; case $with_mail_if_noperms in yes) mail_noperms=on + printf "%s\n" "#define SEND_MAIL_WHEN_NOT_OK 1" >>confdefs.h + ;; no) mail_noperms=off ;; - *) as_fn_error $? "\"--with-mail-if-noperms does not take an argument.\"" "$LINENO" 5 + *) as_fn_error $? "--with-mail-if-noperms does not take an argument." "$LINENO" 5 ;; esac fi -if test "$mail_noperms" = "on"; then - $as_echo "#define SEND_MAIL_WHEN_NOT_OK 1" >>confdefs.h - - { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 -$as_echo "yes" >&6; } -else - { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 -$as_echo "no" >&6; } -fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking who should get the mail that sudo sends" >&5 -$as_echo_n "checking who should get the mail that sudo sends... " >&6; } # Check whether --with-mailto was given. -if test "${with_mailto+set}" = set; then : +if test ${with_mailto+y} +then : withval=$with_mailto; case $with_mailto in - yes) as_fn_error $? "\"must give --with-mailto an argument.\"" "$LINENO" 5 + yes) as_fn_error $? "must give --with-mailto an argument." "$LINENO" 5 ;; - no) as_fn_error $? "\"--without-mailto not supported.\"" "$LINENO" 5 + no) as_fn_error $? "--without-mailto not supported." "$LINENO" 5 ;; *) mailto=$with_mailto ;; @@ -5360,70 +5637,55 @@ fi -cat >>confdefs.h <<_ACEOF -#define MAILTO "$mailto" -_ACEOF +printf "%s\n" "#define MAILTO \"$mailto\"" >>confdefs.h -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $mailto" >&5 -$as_echo "$mailto" >&6; } # Check whether --with-mailsubject was given. -if test "${with_mailsubject+set}" = set; then : +if test ${with_mailsubject+y} +then : withval=$with_mailsubject; case $with_mailsubject in - yes) as_fn_error $? "\"must give --with-mailsubject an argument.\"" "$LINENO" 5 + yes) as_fn_error $? "must give --with-mailsubject an argument." "$LINENO" 5 ;; - no) { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: Sorry, --without-mailsubject not supported." >&5 -$as_echo "$as_me: WARNING: Sorry, --without-mailsubject not supported." >&2;} + no) { printf "%s\n" "$as_me:${as_lineno-$LINENO}: WARNING: sorry, --without-mailsubject not supported." >&5 +printf "%s\n" "$as_me: WARNING: sorry, --without-mailsubject not supported." >&2;} ;; *) mailsub="$with_mailsubject" - { $as_echo "$as_me:${as_lineno-$LINENO}: checking sudo mail subject" >&5 -$as_echo_n "checking sudo mail subject... " >&6; } - { $as_echo "$as_me:${as_lineno-$LINENO}: result: Using alert mail subject: $mailsub" >&5 -$as_echo "Using alert mail subject: $mailsub" >&6; } ;; esac fi -cat >>confdefs.h <<_ACEOF -#define MAILSUBJECT "$mailsub" -_ACEOF +printf "%s\n" "#define MAILSUBJECT \"$mailsub\"" >>confdefs.h -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for bad password prompt" >&5 -$as_echo_n "checking for bad password prompt... " >&6; } # Check whether --with-passprompt was given. -if test "${with_passprompt+set}" = set; then : +if test ${with_passprompt+y} +then : withval=$with_passprompt; case $with_passprompt in - yes) as_fn_error $? "\"must give --with-passprompt an argument.\"" "$LINENO" 5 + yes) as_fn_error $? "must give --with-passprompt an argument." "$LINENO" 5 ;; - no) { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: Sorry, --without-passprompt not supported." >&5 -$as_echo "$as_me: WARNING: Sorry, --without-passprompt not supported." >&2;} + no) { printf "%s\n" "$as_me:${as_lineno-$LINENO}: WARNING: sorry, --without-passprompt not supported." >&5 +printf "%s\n" "$as_me: WARNING: sorry, --without-passprompt not supported." >&2;} ;; *) passprompt="$with_passprompt" esac fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $passprompt" >&5 -$as_echo "$passprompt" >&6; } -cat >>confdefs.h <<_ACEOF -#define PASSPROMPT "$passprompt" -_ACEOF +printf "%s\n" "#define PASSPROMPT \"$passprompt\"" >>confdefs.h -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for bad password message" >&5 -$as_echo_n "checking for bad password message... " >&6; } # Check whether --with-badpass-message was given. -if test "${with_badpass_message+set}" = set; then : +if test ${with_badpass_message+y} +then : withval=$with_badpass_message; case $with_badpass_message in - yes) as_fn_error $? "\"Must give --with-badpass-message an argument.\"" "$LINENO" 5 + yes) as_fn_error $? "must give --with-badpass-message an argument." "$LINENO" 5 ;; - no) { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: Sorry, --without-badpass-message not supported." >&5 -$as_echo "$as_me: WARNING: Sorry, --without-badpass-message not supported." >&2;} + no) { printf "%s\n" "$as_me:${as_lineno-$LINENO}: WARNING: sorry, --without-badpass-message not supported." >&5 +printf "%s\n" "$as_me: WARNING: sorry, --without-badpass-message not supported." >&2;} ;; *) badpass_message="$with_badpass_message" ;; @@ -5431,43 +5693,32 @@ fi -cat >>confdefs.h <<_ACEOF -#define INCORRECT_PASSWORD "$badpass_message" -_ACEOF +printf "%s\n" "#define INCORRECT_PASSWORD \"$badpass_message\"" >>confdefs.h -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $badpass_message" >&5 -$as_echo "$badpass_message" >&6; } -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether to expect fully qualified hosts in sudoers" >&5 -$as_echo_n "checking whether to expect fully qualified hosts in sudoers... " >&6; } # Check whether --with-fqdn was given. -if test "${with_fqdn+set}" = set; then : +if test ${with_fqdn+y} +then : withval=$with_fqdn; case $with_fqdn in yes) fqdn=on + printf "%s\n" "#define FQDN 1" >>confdefs.h + ;; no) fqdn=off ;; - *) as_fn_error $? "\"--with-fqdn does not take an argument.\"" "$LINENO" 5 + *) as_fn_error $? "--with-fqdn does not take an argument." "$LINENO" 5 ;; esac fi -if test "$fqdn" = "on"; then - $as_echo "#define FQDN 1" >>confdefs.h - - { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 -$as_echo "yes" >&6; } -else - { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 -$as_echo "no" >&6; } -fi # Check whether --with-timedir was given. -if test "${with_timedir+set}" = set; then : +if test ${with_timedir+y} +then : withval=$with_timedir; case $with_timedir in - *) as_fn_error $? "\"--without-timedir no longer supported, see --with-rundir.\"" "$LINENO" 5 + *) as_fn_error $? "--without-timedir no longer supported, see --with-rundir." "$LINENO" 5 ;; esac fi @@ -5475,11 +5726,12 @@ # Check whether --with-rundir was given. -if test "${with_rundir+set}" = set; then : +if test ${with_rundir+y} +then : withval=$with_rundir; case $with_rundir in - yes) as_fn_error $? "\"must give --with-rundir an argument.\"" "$LINENO" 5 + yes) as_fn_error $? "must give --with-rundir an argument." "$LINENO" 5 ;; - no) as_fn_error $? "\"--without-rundir not supported.\"" "$LINENO" 5 + no) as_fn_error $? "--without-rundir not supported." "$LINENO" 5 ;; esac fi @@ -5487,11 +5739,12 @@ # Check whether --with-vardir was given. -if test "${with_vardir+set}" = set; then : +if test ${with_vardir+y} +then : withval=$with_vardir; case $with_vardir in - yes) as_fn_error $? "\"must give --with-vardir an argument.\"" "$LINENO" 5 + yes) as_fn_error $? "must give --with-vardir an argument." "$LINENO" 5 ;; - no) as_fn_error $? "\"--without-vardir not supported.\"" "$LINENO" 5 + no) as_fn_error $? "--without-vardir not supported." "$LINENO" 5 ;; esac fi @@ -5499,10 +5752,23 @@ # Check whether --with-iologdir was given. -if test "${with_iologdir+set}" = set; then : +if test ${with_iologdir+y} +then : withval=$with_iologdir; case $with_iologdir in yes) ;; - no) as_fn_error $? "\"--without-iologdir not supported.\"" "$LINENO" 5 + no) as_fn_error $? "--without-iologdir not supported." "$LINENO" 5 + ;; +esac +fi + + + +# Check whether --with-relaydir was given. +if test ${with_relaydir+y} +then : + withval=$with_relaydir; case $with_relaydir in + yes) ;; + no) as_fn_error $? "--without-relaydir not supported." "$LINENO" 5 ;; esac fi @@ -5510,9 +5776,10 @@ # Check whether --with-tzdir was given. -if test "${with_tzdir+set}" = set; then : +if test ${with_tzdir+y} +then : withval=$with_tzdir; case $with_tzdir in - yes) as_fn_error $? "\"must give --with-tzdir an argument.\"" "$LINENO" 5 + yes) as_fn_error $? "must give --with-tzdir an argument." "$LINENO" 5 ;; esac fi @@ -5520,7 +5787,8 @@ # Check whether --with-sendmail was given. -if test "${with_sendmail+set}" = set; then : +if test ${with_sendmail+y} +then : withval=$with_sendmail; case $with_sendmail in yes) with_sendmail="" ;; @@ -5536,17 +5804,18 @@ # Check whether --with-sudoers-mode was given. -if test "${with_sudoers_mode+set}" = set; then : +if test ${with_sudoers_mode+y} +then : withval=$with_sudoers_mode; case $with_sudoers_mode in - yes) as_fn_error $? "\"must give --with-sudoers-mode an argument.\"" "$LINENO" 5 + yes) as_fn_error $? "must give --with-sudoers-mode an argument." "$LINENO" 5 ;; - no) as_fn_error $? "\"--without-sudoers-mode not supported.\"" "$LINENO" 5 + no) as_fn_error $? "--without-sudoers-mode not supported." "$LINENO" 5 ;; [1-9]*) SUDOERS_MODE=0${with_sudoers_mode} ;; 0*) SUDOERS_MODE=$with_sudoers_mode ;; - *) as_fn_error $? "\"you must use an octal mode, not a name.\"" "$LINENO" 5 + *) as_fn_error $? "you must use an octal mode, not a name." "$LINENO" 5 ;; esac fi @@ -5554,15 +5823,16 @@ # Check whether --with-sudoers-uid was given. -if test "${with_sudoers_uid+set}" = set; then : +if test ${with_sudoers_uid+y} +then : withval=$with_sudoers_uid; case $with_sudoers_uid in - yes) as_fn_error $? "\"must give --with-sudoers-uid an argument.\"" "$LINENO" 5 + yes) as_fn_error $? "must give --with-sudoers-uid an argument." "$LINENO" 5 ;; - no) as_fn_error $? "\"--without-sudoers-uid not supported.\"" "$LINENO" 5 + no) as_fn_error $? "--without-sudoers-uid not supported." "$LINENO" 5 ;; [0-9]*) SUDOERS_UID=$with_sudoers_uid ;; - *) as_fn_error $? "\"you must use an unsigned numeric uid, not a name.\"" "$LINENO" 5 + *) as_fn_error $? "you must use an unsigned numeric uid, not a name." "$LINENO" 5 ;; esac fi @@ -5570,75 +5840,66 @@ # Check whether --with-sudoers-gid was given. -if test "${with_sudoers_gid+set}" = set; then : +if test ${with_sudoers_gid+y} +then : withval=$with_sudoers_gid; case $with_sudoers_gid in - yes) as_fn_error $? "\"must give --with-sudoers-gid an argument.\"" "$LINENO" 5 + yes) as_fn_error $? "must give --with-sudoers-gid an argument." "$LINENO" 5 ;; - no) as_fn_error $? "\"--without-sudoers-gid not supported.\"" "$LINENO" 5 + no) as_fn_error $? "--without-sudoers-gid not supported." "$LINENO" 5 ;; [0-9]*) SUDOERS_GID=$with_sudoers_gid ;; - *) as_fn_error $? "\"you must use an unsigned numeric gid, not a name.\"" "$LINENO" 5 + *) as_fn_error $? "you must use an unsigned numeric gid, not a name." "$LINENO" 5 ;; esac fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for umask programs should be run with" >&5 -$as_echo_n "checking for umask programs should be run with... " >&6; } # Check whether --with-umask was given. -if test "${with_umask+set}" = set; then : +if test ${with_umask+y} +then : withval=$with_umask; case $with_umask in - yes) as_fn_error $? "\"must give --with-umask an argument.\"" "$LINENO" 5 + yes) as_fn_error $? "must give --with-umask an argument." "$LINENO" 5 ;; no) sudo_umask=0777 ;; [0-9]*) sudo_umask=$with_umask ;; - *) as_fn_error $? "\"you must enter a numeric mask.\"" "$LINENO" 5 + *) as_fn_error $? "you must enter a numeric mask." "$LINENO" 5 ;; esac fi -cat >>confdefs.h <<_ACEOF -#define SUDO_UMASK $sudo_umask -_ACEOF +printf "%s\n" "#define SUDO_UMASK $sudo_umask" >>confdefs.h -if test "$sudo_umask" = "0777"; then - { $as_echo "$as_me:${as_lineno-$LINENO}: result: user" >&5 -$as_echo "user" >&6; } -else - { $as_echo "$as_me:${as_lineno-$LINENO}: result: $sudo_umask" >&5 -$as_echo "$sudo_umask" >&6; } -fi # Check whether --with-umask-override was given. -if test "${with_umask_override+set}" = set; then : +if test ${with_umask_override+y} +then : withval=$with_umask_override; case $with_umask_override in - yes) $as_echo "#define UMASK_OVERRIDE 1" >>confdefs.h + yes) printf "%s\n" "#define UMASK_OVERRIDE 1" >>confdefs.h umask_override=on ;; no) umask_override=off ;; - *) as_fn_error $? "\"--with-umask-override does not take an argument.\"" "$LINENO" 5 + *) as_fn_error $? "--with-umask-override does not take an argument." "$LINENO" 5 ;; esac fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for default user to run commands as" >&5 -$as_echo_n "checking for default user to run commands as... " >&6; } # Check whether --with-runas-default was given. -if test "${with_runas_default+set}" = set; then : +if test ${with_runas_default+y} +then : withval=$with_runas_default; case $with_runas_default in - yes) as_fn_error $? "\"must give --with-runas-default an argument.\"" "$LINENO" 5 + yes) as_fn_error $? "must give --with-runas-default an argument." "$LINENO" 5 ;; - no) as_fn_error $? "\"--without-runas-default not supported.\"" "$LINENO" 5 + no) as_fn_error $? "--without-runas-default not supported." "$LINENO" 5 ;; *) runas_default="$with_runas_default" ;; @@ -5646,180 +5907,146 @@ fi -cat >>confdefs.h <<_ACEOF -#define RUNAS_DEFAULT "$runas_default" -_ACEOF +printf "%s\n" "#define RUNAS_DEFAULT \"$runas_default\"" >>confdefs.h -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $runas_default" >&5 -$as_echo "$runas_default" >&6; } # Check whether --with-exempt was given. -if test "${with_exempt+set}" = set; then : +if test ${with_exempt+y} +then : withval=$with_exempt; case $with_exempt in - yes) as_fn_error $? "\"must give --with-exempt an argument.\"" "$LINENO" 5 + yes) as_fn_error $? "must give --with-exempt an argument." "$LINENO" 5 ;; - no) as_fn_error $? "\"--without-exempt not supported.\"" "$LINENO" 5 + no) as_fn_error $? "--without-exempt not supported." "$LINENO" 5 ;; *) -cat >>confdefs.h <<_ACEOF -#define EXEMPTGROUP "$with_exempt" -_ACEOF +printf "%s\n" "#define EXEMPTGROUP \"$with_exempt\"" >>confdefs.h - { $as_echo "$as_me:${as_lineno-$LINENO}: checking for group to be exempt from password" >&5 -$as_echo_n "checking for group to be exempt from password... " >&6; } - { $as_echo "$as_me:${as_lineno-$LINENO}: result: $with_exempt" >&5 -$as_echo "$with_exempt" >&6; } ;; esac fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for editor that visudo should use" >&5 -$as_echo_n "checking for editor that visudo should use... " >&6; } # Check whether --with-editor was given. -if test "${with_editor+set}" = set; then : +if test ${with_editor+y} +then : withval=$with_editor; case $with_editor in - yes) as_fn_error $? "\"must give --with-editor an argument.\"" "$LINENO" 5 + yes) as_fn_error $? "must give --with-editor an argument." "$LINENO" 5 ;; - no) as_fn_error $? "\"--without-editor not supported.\"" "$LINENO" 5 + no) as_fn_error $? "--without-editor not supported." "$LINENO" 5 ;; *) -cat >>confdefs.h <<_ACEOF -#define EDITOR "$with_editor" -_ACEOF +printf "%s\n" "#define EDITOR \"$with_editor\"" >>confdefs.h - { $as_echo "$as_me:${as_lineno-$LINENO}: result: $with_editor" >&5 -$as_echo "$with_editor" >&6; } editor="$with_editor" ;; esac -else - $as_echo "#define EDITOR _PATH_VI" >>confdefs.h - { $as_echo "$as_me:${as_lineno-$LINENO}: result: vi" >&5 -$as_echo "vi" >&6; } +else $as_nop + printf "%s\n" "#define EDITOR _PATH_VI" >>confdefs.h + fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether to obey EDITOR and VISUAL environment variables" >&5 -$as_echo_n "checking whether to obey EDITOR and VISUAL environment variables... " >&6; } # Check whether --with-env-editor was given. -if test "${with_env_editor+set}" = set; then : +if test ${with_env_editor+y} +then : withval=$with_env_editor; case $with_env_editor in yes) env_editor=on ;; no) env_editor=off ;; - *) as_fn_error $? "\"--with-env-editor does not take an argument.\"" "$LINENO" 5 + *) as_fn_error $? "--with-env-editor does not take an argument." "$LINENO" 5 ;; esac fi if test "$env_editor" = "on"; then - $as_echo "#define ENV_EDITOR 1" >>confdefs.h + printf "%s\n" "#define ENV_EDITOR 1" >>confdefs.h - { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 -$as_echo "yes" >&6; } -else - { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 -$as_echo "no" >&6; } fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking number of tries a user gets to enter their password" >&5 -$as_echo_n "checking number of tries a user gets to enter their password... " >&6; } # Check whether --with-passwd-tries was given. -if test "${with_passwd_tries+set}" = set; then : +if test ${with_passwd_tries+y} +then : withval=$with_passwd_tries; case $with_passwd_tries in yes) ;; - no) as_fn_error $? "\"--without-editor not supported.\"" "$LINENO" 5 + no) as_fn_error $? "--without-editor not supported." "$LINENO" 5 ;; [1-9]*) passwd_tries=$with_passwd_tries ;; - *) as_fn_error $? "\"you must enter the number of tries, > 0\"" "$LINENO" 5 + *) as_fn_error $? "you must enter the number of tries, > 0" "$LINENO" 5 ;; esac fi -cat >>confdefs.h <<_ACEOF -#define TRIES_FOR_PASSWORD $passwd_tries -_ACEOF +printf "%s\n" "#define TRIES_FOR_PASSWORD $passwd_tries" >>confdefs.h -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $passwd_tries" >&5 -$as_echo "$passwd_tries" >&6; } -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking time in minutes after which sudo will ask for a password again" >&5 -$as_echo_n "checking time in minutes after which sudo will ask for a password again... " >&6; } # Check whether --with-timeout was given. -if test "${with_timeout+set}" = set; then : +if test ${with_timeout+y} +then : withval=$with_timeout; case $with_timeout in yes) ;; no) timeout=0 ;; [0-9]*) timeout=$with_timeout ;; - *) as_fn_error $? "\"you must enter the number of minutes.\"" "$LINENO" 5 + *) as_fn_error $? "you must enter the number of minutes." "$LINENO" 5 ;; esac fi -cat >>confdefs.h <<_ACEOF -#define TIMEOUT $timeout -_ACEOF +printf "%s\n" "#define TIMEOUT $timeout" >>confdefs.h -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $timeout" >&5 -$as_echo "$timeout" >&6; } -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking time in minutes after the password prompt will time out" >&5 -$as_echo_n "checking time in minutes after the password prompt will time out... " >&6; } # Check whether --with-password-timeout was given. -if test "${with_password_timeout+set}" = set; then : +if test ${with_password_timeout+y} +then : withval=$with_password_timeout; case $with_password_timeout in yes) ;; no) password_timeout=0 ;; [0-9]*) password_timeout=$with_password_timeout ;; - *) as_fn_error $? "\"you must enter the number of minutes.\"" "$LINENO" 5 + *) as_fn_error $? "you must enter the number of minutes." "$LINENO" 5 ;; esac fi -cat >>confdefs.h <<_ACEOF -#define PASSWORD_TIMEOUT $password_timeout -_ACEOF +printf "%s\n" "#define PASSWORD_TIMEOUT $password_timeout" >>confdefs.h -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $password_timeout" >&5 -$as_echo "$password_timeout" >&6; } # Check whether --with-tty-tickets was given. -if test "${with_tty_tickets+set}" = set; then : +if test ${with_tty_tickets+y} +then : withval=$with_tty_tickets; case $with_tty_tickets in yes) timestamp_type=tty ;; no) timestamp_type=global ;; - *) as_fn_error $? "\"--with-tty-tickets does not take an argument.\"" "$LINENO" 5 + *) as_fn_error $? "--with-tty-tickets does not take an argument." "$LINENO" 5 ;; esac fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether to include insults" >&5 -$as_echo_n "checking whether to include insults... " >&6; } # Check whether --with-insults was given. -if test "${with_insults+set}" = set; then : +if test ${with_insults+y} +then : withval=$with_insults; case $with_insults in yes) insults=on + printf "%s\n" "#define USE_INSULTS 1" >>confdefs.h + with_classic_insults=yes with_csops_insults=yes ;; @@ -5829,24 +6056,16 @@ ;; no) insults=off ;; - *) as_fn_error $? "\"--with-insults does not take an argument.\"" "$LINENO" 5 + *) as_fn_error $? "--with-insults does not take an argument." "$LINENO" 5 ;; esac fi -if test "$insults" = "on"; then - $as_echo "#define USE_INSULTS 1" >>confdefs.h - - { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 -$as_echo "yes" >&6; } -else - { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 -$as_echo "no" >&6; } -fi # Check whether --with-all-insults was given. -if test "${with_all_insults+set}" = set; then : +if test ${with_all_insults+y} +then : withval=$with_all_insults; case $with_all_insults in yes) with_classic_insults=yes with_csops_insults=yes @@ -5855,7 +6074,7 @@ with_python_insults=yes ;; no) ;; - *) as_fn_error $? "\"--with-all-insults does not take an argument.\"" "$LINENO" 5 + *) as_fn_error $? "--with-all-insults does not take an argument." "$LINENO" 5 ;; esac fi @@ -5863,13 +6082,14 @@ # Check whether --with-classic-insults was given. -if test "${with_classic_insults+set}" = set; then : +if test ${with_classic_insults+y} +then : withval=$with_classic_insults; case $with_classic_insults in - yes) $as_echo "#define CLASSIC_INSULTS 1" >>confdefs.h + yes) printf "%s\n" "#define CLASSIC_INSULTS 1" >>confdefs.h ;; no) ;; - *) as_fn_error $? "\"--with-classic-insults does not take an argument.\"" "$LINENO" 5 + *) as_fn_error $? "--with-classic-insults does not take an argument." "$LINENO" 5 ;; esac fi @@ -5877,13 +6097,14 @@ # Check whether --with-csops-insults was given. -if test "${with_csops_insults+set}" = set; then : +if test ${with_csops_insults+y} +then : withval=$with_csops_insults; case $with_csops_insults in - yes) $as_echo "#define CSOPS_INSULTS 1" >>confdefs.h + yes) printf "%s\n" "#define CSOPS_INSULTS 1" >>confdefs.h ;; no) ;; - *) as_fn_error $? "\"--with-csops-insults does not take an argument.\"" "$LINENO" 5 + *) as_fn_error $? "--with-csops-insults does not take an argument." "$LINENO" 5 ;; esac fi @@ -5891,13 +6112,14 @@ # Check whether --with-hal-insults was given. -if test "${with_hal_insults+set}" = set; then : +if test ${with_hal_insults+y} +then : withval=$with_hal_insults; case $with_hal_insults in - yes) $as_echo "#define HAL_INSULTS 1" >>confdefs.h + yes) printf "%s\n" "#define HAL_INSULTS 1" >>confdefs.h ;; no) ;; - *) as_fn_error $? "\"--with-hal-insults does not take an argument.\"" "$LINENO" 5 + *) as_fn_error $? "--with-hal-insults does not take an argument." "$LINENO" 5 ;; esac fi @@ -5905,13 +6127,14 @@ # Check whether --with-goons-insults was given. -if test "${with_goons_insults+set}" = set; then : +if test ${with_goons_insults+y} +then : withval=$with_goons_insults; case $with_goons_insults in - yes) $as_echo "#define GOONS_INSULTS 1" >>confdefs.h + yes) printf "%s\n" "#define GOONS_INSULTS 1" >>confdefs.h ;; no) ;; - *) as_fn_error $? "\"--with-goons-insults does not take an argument.\"" "$LINENO" 5 + *) as_fn_error $? "--with-goons-insults does not take an argument." "$LINENO" 5 ;; esac fi @@ -5919,13 +6142,14 @@ # Check whether --with-python-insults was given. -if test "${with_python_insults+set}" = set; then : +if test ${with_python_insults+y} +then : withval=$with_python_insults; case $with_python_insults in - yes) $as_echo "#define PYTHON_INSULTS 1" >>confdefs.h + yes) printf "%s\n" "#define PYTHON_INSULTS 1" >>confdefs.h ;; no) ;; - *) as_fn_error $? "\"--with-python-insults does not take an argument.\"" "$LINENO" 5 + *) as_fn_error $? "--with-python-insults does not take an argument." "$LINENO" 5 ;; esac fi @@ -5933,7 +6157,8 @@ # Check whether --with-nsswitch was given. -if test "${with_nsswitch+set}" = set; then : +if test ${with_nsswitch+y} +then : withval=$with_nsswitch; case $with_nsswitch in no) ;; yes) with_nsswitch="/etc/nsswitch.conf" @@ -5945,15 +6170,12 @@ # Check whether --with-ldap was given. -if test "${with_ldap+set}" = set; then : +if test ${with_ldap+y} +then : withval=$with_ldap; case $with_ldap in no) ;; - *) $as_echo "#define HAVE_LDAP 1" >>confdefs.h + *) printf "%s\n" "#define HAVE_LDAP 1" >>confdefs.h - { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether to use sudoers from LDAP" >&5 -$as_echo_n "checking whether to use sudoers from LDAP... " >&6; } - { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 -$as_echo "yes" >&6; } ;; esac fi @@ -5961,7 +6183,8 @@ # Check whether --with-ldap-conf-file was given. -if test "${with_ldap_conf_file+set}" = set; then : +if test ${with_ldap_conf_file+y} +then : withval=$with_ldap_conf_file; fi @@ -5973,7 +6196,8 @@ # Check whether --with-ldap-secret-file was given. -if test "${with_ldap_secret_file+set}" = set; then : +if test ${with_ldap_secret_file+y} +then : withval=$with_ldap_secret_file; fi @@ -5983,91 +6207,53 @@ EOF -if test "$insults" = "on"; then - { $as_echo "$as_me:${as_lineno-$LINENO}: checking which insult sets to include" >&5 -$as_echo_n "checking which insult sets to include... " >&6; } - i="" - test "$with_python_insults" = "yes" && i="python ${i}" - test "$with_goons_insults" = "yes" && i="goons ${i}" - test "$with_hal_insults" = "yes" && i="hal ${i}" - test "$with_csops_insults" = "yes" && i="csops ${i}" - test "$with_classic_insults" = "yes" && i="classic ${i}" - { $as_echo "$as_me:${as_lineno-$LINENO}: result: $i" >&5 -$as_echo "$i" >&6; } -fi - -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether to override the user's path" >&5 -$as_echo_n "checking whether to override the user's path... " >&6; } # Check whether --with-secure-path was given. -if test "${with_secure_path+set}" = set; then : +if test ${with_secure_path+y} +then : withval=$with_secure_path; case $with_secure_path in yes) with_secure_path="/bin:/usr/ucb:/usr/bin:/usr/sbin:/sbin:/usr/etc:/etc" - cat >>confdefs.h <<_ACEOF -#define SECURE_PATH "$with_secure_path" -_ACEOF + printf "%s\n" "#define SECURE_PATH \"$with_secure_path\"" >>confdefs.h - { $as_echo "$as_me:${as_lineno-$LINENO}: result: $with_secure_path" >&5 -$as_echo "$with_secure_path" >&6; } secure_path="set to $with_secure_path" ;; - no) { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 -$as_echo "no" >&6; } - ;; - *) cat >>confdefs.h <<_ACEOF -#define SECURE_PATH "$with_secure_path" -_ACEOF + no) ;; + *) printf "%s\n" "#define SECURE_PATH \"$with_secure_path\"" >>confdefs.h - { $as_echo "$as_me:${as_lineno-$LINENO}: result: $with_secure_path" >&5 -$as_echo "$with_secure_path" >&6; } - secure_path="set to F<$with_secure_path>" + secure_path="set to $with_secure_path" ;; esac -else - { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 -$as_echo "no" >&6; } fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether to get ip addresses from the network interfaces" >&5 -$as_echo_n "checking whether to get ip addresses from the network interfaces... " >&6; } # Check whether --with-interfaces was given. -if test "${with_interfaces+set}" = set; then : +if test ${with_interfaces+y} +then : withval=$with_interfaces; case $with_interfaces in - yes) { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 -$as_echo "yes" >&6; } - ;; - no) $as_echo "#define STUB_LOAD_INTERFACES 1" >>confdefs.h + yes) ;; + no) printf "%s\n" "#define STUB_LOAD_INTERFACES 1" >>confdefs.h - { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 -$as_echo "no" >&6; } ;; - *) as_fn_error $? "\"--with-interfaces does not take an argument.\"" "$LINENO" 5 + *) as_fn_error $? "--with-interfaces does not take an argument." "$LINENO" 5 ;; esac -else - { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 -$as_echo "yes" >&6; } fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether to use an askpass helper" >&5 -$as_echo_n "checking whether to use an askpass helper... " >&6; } # Check whether --with-askpass was given. -if test "${with_askpass+set}" = set; then : +if test ${with_askpass+y} +then : withval=$with_askpass; case $with_askpass in - yes) as_fn_error $? "\"--with-askpass takes a path as an argument.\"" "$LINENO" 5 + yes) as_fn_error $? "--with-askpass takes a path as an argument." "$LINENO" 5 ;; no) ;; *) ;; esac -else +else $as_nop with_askpass=no - { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 -$as_echo "no" >&6; } fi @@ -6085,11 +6271,12 @@ # Check whether --with-exampledir was given. -if test "${with_exampledir+set}" = set; then : +if test ${with_exampledir+y} +then : withval=$with_exampledir; case $with_exampledir in - yes) as_fn_error $? "\"must give --with-exampledir an argument.\"" "$LINENO" 5 + yes) as_fn_error $? "must give --with-exampledir an argument." "$LINENO" 5 ;; - no) as_fn_error $? "\"--without-exampledir not supported.\"" "$LINENO" 5 + no) as_fn_error $? "--without-exampledir not supported." "$LINENO" 5 ;; *) exampledir="$with_exampledir" esac @@ -6098,11 +6285,12 @@ # Check whether --with-plugindir was given. -if test "${with_plugindir+set}" = set; then : +if test ${with_plugindir+y} +then : withval=$with_plugindir; case $with_plugindir in - yes) as_fn_error $? "\"must give --with-plugindir an argument.\"" "$LINENO" 5 + yes) as_fn_error $? "must give --with-plugindir an argument." "$LINENO" 5 ;; - no) as_fn_error $? "\"--without-plugindir not supported.\"" "$LINENO" 5 + no) as_fn_error $? "--without-plugindir not supported." "$LINENO" 5 ;; *) plugindir="$with_plugindir" ;; @@ -6112,13 +6300,15 @@ # Check whether --with-man was given. -if test "${with_man+set}" = set; then : +if test ${with_man+y} +then : withval=$with_man; case $with_man in yes) MANTYPE=man ;; - no) as_fn_error $? "\"--without-man not supported.\"" "$LINENO" 5 + no) as_fn_error $? "--without-man not supported." "$LINENO" 5 ;; - *) as_fn_error $? "\"ignoring unknown argument to --with-man: $with_man.\"" "$LINENO" 5 + *) { printf "%s\n" "$as_me:${as_lineno-$LINENO}: WARNING: ignoring unknown argument to --with-man: $with_man." >&5 +printf "%s\n" "$as_me: WARNING: ignoring unknown argument to --with-man: $with_man." >&2;} ;; esac fi @@ -6126,73 +6316,56 @@ # Check whether --with-mdoc was given. -if test "${with_mdoc+set}" = set; then : +if test ${with_mdoc+y} +then : withval=$with_mdoc; case $with_mdoc in yes) MANTYPE=mdoc ;; - no) as_fn_error $? "\"--without-mdoc not supported.\"" "$LINENO" 5 + no) as_fn_error $? "--without-mdoc not supported." "$LINENO" 5 ;; - *) as_fn_error $? "\"ignoring unknown argument to --with-mdoc: $with_mdoc.\"" "$LINENO" 5 + *) { printf "%s\n" "$as_me:${as_lineno-$LINENO}: WARNING: ignoring unknown argument to --with-mdoc: $with_mdoc." >&5 +printf "%s\n" "$as_me: WARNING: ignoring unknown argument to --with-mdoc: $with_mdoc." >&2;} ;; esac fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether to do user authentication by default" >&5 -$as_echo_n "checking whether to do user authentication by default... " >&6; } # Check whether --enable-authentication was given. -if test "${enable_authentication+set}" = set; then : +if test ${enable_authentication+y} +then : enableval=$enable_authentication; case "$enableval" in - yes) { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 -$as_echo "yes" >&6; } - ;; - no) { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 -$as_echo "no" >&6; } - $as_echo "#define NO_AUTHENTICATION 1" >>confdefs.h + yes) ;; + no) printf "%s\n" "#define NO_AUTHENTICATION 1" >>confdefs.h ;; - *) { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 -$as_echo "no" >&6; } - { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: Ignoring unknown argument to --enable-authentication: $enableval" >&5 -$as_echo "$as_me: WARNING: Ignoring unknown argument to --enable-authentication: $enableval" >&2;} + *) { printf "%s\n" "$as_me:${as_lineno-$LINENO}: WARNING: ignoring unknown argument to --enable-authentication: $enableval" >&5 +printf "%s\n" "$as_me: WARNING: ignoring unknown argument to --enable-authentication: $enableval" >&2;} ;; esac -else - { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 -$as_echo "yes" >&6; } fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether to disable running the mailer as root" >&5 -$as_echo_n "checking whether to disable running the mailer as root... " >&6; } # Check whether --enable-root-mailer was given. -if test "${enable_root_mailer+set}" = set; then : +if test ${enable_root_mailer+y} +then : enableval=$enable_root_mailer; case "$enableval" in - yes) { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 -$as_echo "no" >&6; } - ;; - no) { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 -$as_echo "yes" >&6; } - $as_echo "#define NO_ROOT_MAILER 1" >>confdefs.h + yes) ;; + no) printf "%s\n" "#define NO_ROOT_MAILER 1" >>confdefs.h ;; - *) { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 -$as_echo "no" >&6; } - { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: Ignoring unknown argument to --enable-root-mailer: $enableval" >&5 -$as_echo "$as_me: WARNING: Ignoring unknown argument to --enable-root-mailer: $enableval" >&2;} + *) { printf "%s\n" "$as_me:${as_lineno-$LINENO}: WARNING: ignoring unknown argument to --enable-root-mailer: $enableval" >&5 +printf "%s\n" "$as_me: WARNING: ignoring unknown argument to --enable-root-mailer: $enableval" >&2;} ;; esac -else - { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 -$as_echo "no" >&6; } fi # Check whether --enable-setreuid was given. -if test "${enable_setreuid+set}" = set; then : +if test ${enable_setreuid+y} +then : enableval=$enable_setreuid; case "$enableval" in no) SKIP_SETREUID=yes ;; @@ -6203,7 +6376,8 @@ # Check whether --enable-setresuid was given. -if test "${enable_setresuid+set}" = set; then : +if test ${enable_setresuid+y} +then : enableval=$enable_setresuid; case "$enableval" in no) SKIP_SETRESUID=yes ;; @@ -6213,262 +6387,195 @@ fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether to disable shadow password support" >&5 -$as_echo_n "checking whether to disable shadow password support... " >&6; } # Check whether --enable-shadow was given. -if test "${enable_shadow+set}" = set; then : +if test ${enable_shadow+y} +then : enableval=$enable_shadow; case "$enableval" in - yes) { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 -$as_echo "no" >&6; } - ;; - no) { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 -$as_echo "yes" >&6; } - CHECKSHADOW="false" + yes) ;; + no) CHECKSHADOW="false" ;; - *) { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 -$as_echo "no" >&6; } - { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: Ignoring unknown argument to --enable-shadow: $enableval" >&5 -$as_echo "$as_me: WARNING: Ignoring unknown argument to --enable-shadow: $enableval" >&2;} + *) { printf "%s\n" "$as_me:${as_lineno-$LINENO}: WARNING: ignoring unknown argument to --enable-shadow: $enableval" >&5 +printf "%s\n" "$as_me: WARNING: ignoring unknown argument to --enable-shadow: $enableval" >&2;} ;; esac -else - { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 -$as_echo "no" >&6; } fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether root should be allowed to use sudo" >&5 -$as_echo_n "checking whether root should be allowed to use sudo... " >&6; } # Check whether --enable-root-sudo was given. -if test "${enable_root_sudo+set}" = set; then : +if test ${enable_root_sudo+y} +then : enableval=$enable_root_sudo; case "$enableval" in - yes) { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 -$as_echo "yes" >&6; } - ;; - no) $as_echo "#define NO_ROOT_SUDO 1" >>confdefs.h + yes) ;; + no) printf "%s\n" "#define NO_ROOT_SUDO 1" >>confdefs.h - { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 -$as_echo "no" >&6; } root_sudo=off ;; - *) as_fn_error $? "\"--enable-root-sudo does not take an argument.\"" "$LINENO" 5 + *) as_fn_error $? "--enable-root-sudo does not take an argument." "$LINENO" 5 ;; esac -else - { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 -$as_echo "yes" >&6; } fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether to log the hostname in the log file" >&5 -$as_echo_n "checking whether to log the hostname in the log file... " >&6; } # Check whether --enable-log-host was given. -if test "${enable_log_host+set}" = set; then : +if test ${enable_log_host+y} +then : enableval=$enable_log_host; case "$enableval" in - yes) { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 -$as_echo "yes" >&6; } - $as_echo "#define HOST_IN_LOG 1" >>confdefs.h + yes) printf "%s\n" "#define HOST_IN_LOG 1" >>confdefs.h ;; - no) { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 -$as_echo "no" >&6; } - ;; - *) { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 -$as_echo "no" >&6; } - { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: Ignoring unknown argument to --enable-log-host: $enableval" >&5 -$as_echo "$as_me: WARNING: Ignoring unknown argument to --enable-log-host: $enableval" >&2;} + no) ;; + *) { printf "%s\n" "$as_me:${as_lineno-$LINENO}: WARNING: ignoring unknown argument to --enable-log-host: $enableval" >&5 +printf "%s\n" "$as_me: WARNING: ignoring unknown argument to --enable-log-host: $enableval" >&2;} ;; esac -else - { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 -$as_echo "no" >&6; } +else $as_nop + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5 +printf "%s\n" "no" >&6; } fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether to invoke a shell if sudo is given no arguments" >&5 -$as_echo_n "checking whether to invoke a shell if sudo is given no arguments... " >&6; } # Check whether --enable-noargs-shell was given. -if test "${enable_noargs_shell+set}" = set; then : +if test ${enable_noargs_shell+y} +then : enableval=$enable_noargs_shell; case "$enableval" in - yes) { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 -$as_echo "yes" >&6; } - $as_echo "#define SHELL_IF_NO_ARGS 1" >>confdefs.h + yes) printf "%s\n" "#define SHELL_IF_NO_ARGS 1" >>confdefs.h ;; - no) { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 -$as_echo "no" >&6; } - ;; - *) { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 -$as_echo "no" >&6; } - { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: Ignoring unknown argument to --enable-noargs-shell: $enableval" >&5 -$as_echo "$as_me: WARNING: Ignoring unknown argument to --enable-noargs-shell: $enableval" >&2;} + no) ;; + *) { printf "%s\n" "$as_me:${as_lineno-$LINENO}: WARNING: ignoring unknown argument to --enable-noargs-shell: $enableval" >&5 +printf "%s\n" "$as_me: WARNING: ignoring unknown argument to --enable-noargs-shell: $enableval" >&2;} ;; esac -else - { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 -$as_echo "no" >&6; } fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether to set \$HOME to target user in shell mode" >&5 -$as_echo_n "checking whether to set \$HOME to target user in shell mode... " >&6; } # Check whether --enable-shell-sets-home was given. -if test "${enable_shell_sets_home+set}" = set; then : +if test ${enable_shell_sets_home+y} +then : enableval=$enable_shell_sets_home; case "$enableval" in - yes) { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 -$as_echo "yes" >&6; } - $as_echo "#define SHELL_SETS_HOME 1" >>confdefs.h + yes) printf "%s\n" "#define SHELL_SETS_HOME 1" >>confdefs.h ;; - no) { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 -$as_echo "no" >&6; } - ;; - *) { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 -$as_echo "no" >&6; } - { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: Ignoring unknown argument to --enable-shell-sets-home: $enableval" >&5 -$as_echo "$as_me: WARNING: Ignoring unknown argument to --enable-shell-sets-home: $enableval" >&2;} + no) ;; + *) { printf "%s\n" "$as_me:${as_lineno-$LINENO}: WARNING: ignoring unknown argument to --enable-shell-sets-home: $enableval" >&5 +printf "%s\n" "$as_me: WARNING: ignoring unknown argument to --enable-shell-sets-home: $enableval" >&2;} ;; esac -else - { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 -$as_echo "no" >&6; } fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether to disable 'command not found' messages" >&5 -$as_echo_n "checking whether to disable 'command not found' messages... " >&6; } # Check whether --enable-path_info was given. -if test "${enable_path_info+set}" = set; then : +if test ${enable_path_info+y} +then : enableval=$enable_path_info; case "$enableval" in - yes) { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 -$as_echo "no" >&6; } - ;; - no) { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 -$as_echo "yes" >&6; } - $as_echo "#define DONT_LEAK_PATH_INFO 1" >>confdefs.h + yes) ;; + no) printf "%s\n" "#define DONT_LEAK_PATH_INFO 1" >>confdefs.h path_info=off ;; - *) { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 -$as_echo "no" >&6; } - { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: Ignoring unknown argument to --enable-path-info: $enableval" >&5 -$as_echo "$as_me: WARNING: Ignoring unknown argument to --enable-path-info: $enableval" >&2;} + *) { printf "%s\n" "$as_me:${as_lineno-$LINENO}: WARNING: ignoring unknown argument to --enable-path-info: $enableval" >&5 +printf "%s\n" "$as_me: WARNING: ignoring unknown argument to --enable-path-info: $enableval" >&2;} ;; esac -else - { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 -$as_echo "no" >&6; } fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether to enable environment debugging" >&5 -$as_echo_n "checking whether to enable environment debugging... " >&6; } # Check whether --enable-env_debug was given. -if test "${enable_env_debug+set}" = set; then : +if test ${enable_env_debug+y} +then : enableval=$enable_env_debug; case "$enableval" in - yes) { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 -$as_echo "yes" >&6; } - $as_echo "#define ENV_DEBUG 1" >>confdefs.h + yes) printf "%s\n" "#define ENV_DEBUG 1" >>confdefs.h ;; - no) { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 -$as_echo "no" >&6; } - ;; - *) { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 -$as_echo "no" >&6; } - { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: Ignoring unknown argument to --enable-env-debug: $enableval" >&5 -$as_echo "$as_me: WARNING: Ignoring unknown argument to --enable-env-debug: $enableval" >&2;} + no) ;; + *) { printf "%s\n" "$as_me:${as_lineno-$LINENO}: WARNING: ignoring unknown argument to --enable-env-debug: $enableval" >&5 +printf "%s\n" "$as_me: WARNING: ignoring unknown argument to --enable-env-debug: $enableval" >&2;} ;; esac -else - { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 -$as_echo "no" >&6; } fi # Check whether --enable-zlib was given. -if test "${enable_zlib+set}" = set; then : +if test ${enable_zlib+y} +then : enableval=$enable_zlib; -else +else $as_nop enable_zlib=yes fi -if ${CPPFLAGS+:} false; then : +if test ${CPPFLAGS+y} +then : case " $CPPFLAGS " in #( *" -DZLIB_CONST "*) : - { { $as_echo "$as_me:${as_lineno-$LINENO}: : CPPFLAGS already contains -DZLIB_CONST"; } >&5 + { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: : CPPFLAGS already contains -DZLIB_CONST"; } >&5 (: CPPFLAGS already contains -DZLIB_CONST) 2>&5 ac_status=$? - $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 test $ac_status = 0; } ;; #( *) : as_fn_append CPPFLAGS " -DZLIB_CONST" - { { $as_echo "$as_me:${as_lineno-$LINENO}: : CPPFLAGS=\"\$CPPFLAGS\""; } >&5 + { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: : CPPFLAGS=\"\$CPPFLAGS\""; } >&5 (: CPPFLAGS="$CPPFLAGS") 2>&5 ac_status=$? - $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 test $ac_status = 0; } ;; esac -else +else $as_nop CPPFLAGS=-DZLIB_CONST - { { $as_echo "$as_me:${as_lineno-$LINENO}: : CPPFLAGS=\"\$CPPFLAGS\""; } >&5 + { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: : CPPFLAGS=\"\$CPPFLAGS\""; } >&5 (: CPPFLAGS="$CPPFLAGS") 2>&5 ac_status=$? - $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 test $ac_status = 0; } fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether to enable environment resetting by default" >&5 -$as_echo_n "checking whether to enable environment resetting by default... " >&6; } # Check whether --enable-env_reset was given. -if test "${enable_env_reset+set}" = set; then : +if test ${enable_env_reset+y} +then : enableval=$enable_env_reset; case "$enableval" in yes) env_reset=on ;; no) env_reset=off ;; *) env_reset=on - { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: Ignoring unknown argument to --enable-env-reset: $enableval" >&5 -$as_echo "$as_me: WARNING: Ignoring unknown argument to --enable-env-reset: $enableval" >&2;} + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: WARNING: ignoring unknown argument to --enable-env-reset: $enableval" >&5 +printf "%s\n" "$as_me: WARNING: ignoring unknown argument to --enable-env-reset: $enableval" >&2;} ;; esac fi if test "$env_reset" = "on"; then - { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 -$as_echo "yes" >&6; } - $as_echo "#define ENV_RESET 1" >>confdefs.h + printf "%s\n" "#define ENV_RESET 1" >>confdefs.h else - { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 -$as_echo "no" >&6; } - $as_echo "#define ENV_RESET 0" >>confdefs.h + printf "%s\n" "#define ENV_RESET 0" >>confdefs.h fi # Check whether --enable-warnings was given. -if test "${enable_warnings+set}" = set; then : +if test ${enable_warnings+y} +then : enableval=$enable_warnings; case "$enableval" in yes) ;; no) ;; - *) { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: Ignoring unknown argument to --enable-warnings: $enableval" >&5 -$as_echo "$as_me: WARNING: Ignoring unknown argument to --enable-warnings: $enableval" >&2;} + *) { printf "%s\n" "$as_me:${as_lineno-$LINENO}: WARNING: ignoring unknown argument to --enable-warnings: $enableval" >&5 +printf "%s\n" "$as_me: WARNING: ignoring unknown argument to --enable-warnings: $enableval" >&2;} ;; esac @@ -6476,71 +6583,131 @@ # Check whether --enable-werror was given. -if test "${enable_werror+set}" = set; then : +if test ${enable_werror+y} +then : enableval=$enable_werror; case "$enableval" in yes) ;; no) ;; - *) { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: Ignoring unknown argument to --enable-werror: $enableval" >&5 -$as_echo "$as_me: WARNING: Ignoring unknown argument to --enable-werror: $enableval" >&2;} + *) { printf "%s\n" "$as_me:${as_lineno-$LINENO}: WARNING: ignoring unknown argument to --enable-werror: $enableval" >&5 +printf "%s\n" "$as_me: WARNING: ignoring unknown argument to --enable-werror: $enableval" >&2;} ;; esac fi -# Check whether --enable-openssl was given. -if test "${enable_openssl+set}" = set; then : - enableval=$enable_openssl; -fi - - -# Check whether --enable-gcrypt was given. -if test "${enable_gcrypt+set}" = set; then : - enableval=$enable_gcrypt; - if test "${enable_openssl-no}" != no; then - { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: Ignoring --enable-gcrypt when OpenSSL is enabled." >&5 -$as_echo "$as_me: WARNING: Ignoring --enable-gcrypt when OpenSSL is enabled." >&2;} - enable_gcrypt=no - fi - +# Check whether --enable-ssp was given. +if test ${enable_ssp+y} +then : + enableval=$enable_ssp; +else $as_nop + enable_ssp=yes fi # Check whether --enable-hardening was given. -if test "${enable_hardening+set}" = set; then : +if test ${enable_hardening+y} +then : enableval=$enable_hardening; -else +else $as_nop enable_hardening=yes fi # Check whether --enable-pie was given. -if test "${enable_pie+set}" = set; then : +if test ${enable_pie+y} +then : enableval=$enable_pie; fi -# Check whether --enable-asan was given. -if test "${enable_asan+set}" = set; then : - enableval=$enable_asan; +# Check whether --enable-sanitizer was given. +if test ${enable_sanitizer+y} +then : + enableval=$enable_sanitizer; +if test X"$enable_sanitizer" = X"yes"; then + enable_sanitizer="-fsanitize=address,undefined" +fi + +else $as_nop + enable_sanitizer=no +fi + + +# Check whether --enable-fuzzer was given. +if test ${enable_fuzzer+y} +then : + enableval=$enable_fuzzer; +else $as_nop + enable_fuzzer=no +fi + + +# Check whether --enable-fuzzer-engine was given. +if test ${enable_fuzzer_engine+y} +then : + enableval=$enable_fuzzer_engine; case "$enableval" in + yes) as_fn_error $? "must give --enable-fuzzer-engine an argument." "$LINENO" 5 + ;; + no) ;; + *) FUZZ_ENGINE="$enableval" + ;; + esac + +fi + + +# Check whether --enable-fuzzer-linker was given. +if test ${enable_fuzzer_linker+y} +then : + enableval=$enable_fuzzer_linker; case "$enableval" in + yes) as_fn_error $? "must give --enable-fuzzer-linker an argument." "$LINENO" 5 + ;; + no) ;; + *) FUZZ_LD="$enableval" + ;; + esac + +fi + + +# Check whether --enable-leaks was given. +if test ${enable_leaks+y} +then : + enableval=$enable_leaks; case "$enableval" in + yes) ;; + no) printf "%s\n" "#define NO_LEAKS 1" >>confdefs.h + + ;; + *) { printf "%s\n" "$as_me:${as_lineno-$LINENO}: WARNING: ignoring unknown argument to --disable-leaks: $enableval" >&5 +printf "%s\n" "$as_me: WARNING: ignoring unknown argument to --disable-leaks: $enableval" >&2;} + ;; + esac + fi # Check whether --enable-poll was given. -if test "${enable_poll+set}" = set; then : +if test ${enable_poll+y} +then : enableval=$enable_poll; fi # Check whether --enable-admin-flag was given. -if test "${enable_admin_flag+set}" = set; then : +if test ${enable_admin_flag+y} +then : enableval=$enable_admin_flag; case "$enableval" in - yes) $as_echo "#define USE_ADMIN_FLAG 1" >>confdefs.h + yes) cat >>confdefs.h <&5 -$as_echo "$as_me: WARNING: Ignoring unknown argument to --enable-admin-flag: $enableval" >&2;} + *) cat >>confdefs.h <&5 -$as_echo "$as_me: WARNING: Ignoring attempt to disable the device search path" >&2;} + no) { printf "%s\n" "$as_me:${as_lineno-$LINENO}: WARNING: ignoring attempt to disable the device search path" >&5 +printf "%s\n" "$as_me: WARNING: ignoring attempt to disable the device search path" >&2;} ;; *) devsearch="$enableval" ;; @@ -6616,20 +6789,22 @@ # Check whether --with-selinux was given. -if test "${with_selinux+set}" = set; then : +if test ${with_selinux+y} +then : withval=$with_selinux; case $with_selinux in yes) SELINUX_USAGE="[-r role] [-t type] " - $as_echo "#define HAVE_SELINUX 1" >>confdefs.h + printf "%s\n" "#define HAVE_SELINUX 1" >>confdefs.h SUDO_LIBS="${SUDO_LIBS} -lselinux" SUDO_OBJS="${SUDO_OBJS} selinux.o" PROGS="${PROGS} sesh" SEMAN=1 - { $as_echo "$as_me:${as_lineno-$LINENO}: checking for setkeycreatecon in -lselinux" >&5 -$as_echo_n "checking for setkeycreatecon in -lselinux... " >&6; } -if ${ac_cv_lib_selinux_setkeycreatecon+:} false; then : - $as_echo_n "(cached) " >&6 -else + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for setkeycreatecon in -lselinux" >&5 +printf %s "checking for setkeycreatecon in -lselinux... " >&6; } +if test ${ac_cv_lib_selinux_setkeycreatecon+y} +then : + printf %s "(cached) " >&6 +else $as_nop ac_check_lib_save_LIBS=$LIBS LIBS="-lselinux $LIBS" cat confdefs.h - <<_ACEOF >conftest.$ac_ext @@ -6638,50 +6813,50 @@ /* Override any GCC internal prototype to avoid an error. Use char because int might match the return type of a GCC builtin and then its argument prototype would still apply. */ -#ifdef __cplusplus -extern "C" -#endif char setkeycreatecon (); int -main () +main (void) { return setkeycreatecon (); ; return 0; } _ACEOF -if ac_fn_c_try_link "$LINENO"; then : +if ac_fn_c_try_link "$LINENO" +then : ac_cv_lib_selinux_setkeycreatecon=yes -else +else $as_nop ac_cv_lib_selinux_setkeycreatecon=no fi -rm -f core conftest.err conftest.$ac_objext \ +rm -f core conftest.err conftest.$ac_objext conftest.beam \ conftest$ac_exeext conftest.$ac_ext LIBS=$ac_check_lib_save_LIBS fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_selinux_setkeycreatecon" >&5 -$as_echo "$ac_cv_lib_selinux_setkeycreatecon" >&6; } -if test "x$ac_cv_lib_selinux_setkeycreatecon" = xyes; then : - $as_echo "#define HAVE_SETKEYCREATECON 1" >>confdefs.h +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_selinux_setkeycreatecon" >&5 +printf "%s\n" "$ac_cv_lib_selinux_setkeycreatecon" >&6; } +if test "x$ac_cv_lib_selinux_setkeycreatecon" = xyes +then : + printf "%s\n" "#define HAVE_SETKEYCREATECON 1" >>confdefs.h fi ;; no) ;; - *) as_fn_error $? "\"--with-selinux does not take an argument.\"" "$LINENO" 5 + *) as_fn_error $? "--with-selinux does not take an argument." "$LINENO" 5 ;; esac -else +else $as_nop with_selinux=no fi # Check whether --enable-sasl was given. -if test "${enable_sasl+set}" = set; then : +if test ${enable_sasl+y} +then : enableval=$enable_sasl; case "$enableval" in yes|no) ;; - *) { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: Ignoring unknown argument to --enable-sasl: $enableval" >&5 -$as_echo "$as_me: WARNING: Ignoring unknown argument to --enable-sasl: $enableval" >&2;} + *) { printf "%s\n" "$as_me:${as_lineno-$LINENO}: WARNING: ignoring unknown argument to --enable-sasl: $enableval" >&5 +printf "%s\n" "$as_me: WARNING: ignoring unknown argument to --enable-sasl: $enableval" >&2;} ;; esac @@ -6689,59 +6864,63 @@ # Check whether --enable-timestamp-type was given. -if test "${enable_timestamp_type+set}" = set; then : +if test ${enable_timestamp_type+y} +then : enableval=$enable_timestamp_type; case "$enableval" in global|ppid|tty) timestamp_type=$enableval ;; - *) { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: Ignoring unknown argument to --enable-timestamp-type: $enableval" >&5 -$as_echo "$as_me: WARNING: Ignoring unknown argument to --enable-timestamp-type: $enableval" >&2;} + *) { printf "%s\n" "$as_me:${as_lineno-$LINENO}: WARNING: ignoring unknown argument to --enable-timestamp-type: $enableval" >&5 +printf "%s\n" "$as_me: WARNING: ignoring unknown argument to --enable-timestamp-type: $enableval" >&2;} ;; esac fi -cat >>confdefs.h <<_ACEOF -#define TIMESTAMP_TYPE $timestamp_type -_ACEOF +printf "%s\n" "#define TIMESTAMP_TYPE $timestamp_type" >>confdefs.h # Check whether --enable-offensive_insults was given. -if test "${enable_offensive_insults+set}" = set; then : +if test ${enable_offensive_insults+y} +then : enableval=$enable_offensive_insults; -else +else $as_nop enable_offensive_insults=no fi if test "$enable_offensive_insults" = "yes"; then - $as_echo "#define OFFENSIVE_INSULTS 1" >>confdefs.h + printf "%s\n" "#define OFFENSIVE_INSULTS 1" >>confdefs.h fi # Check whether --enable-package_build was given. -if test "${enable_package_build+set}" = set; then : +if test ${enable_package_build+y} +then : enableval=$enable_package_build; -else +else $as_nop enable_package_build=no fi # Check whether --enable-gss_krb5_ccache_name was given. -if test "${enable_gss_krb5_ccache_name+set}" = set; then : +if test ${enable_gss_krb5_ccache_name+y} +then : enableval=$enable_gss_krb5_ccache_name; check_gss_krb5_ccache_name=$enableval -else +else $as_nop check_gss_krb5_ccache_name=no fi # Check whether --enable-pvs-studio was given. -if test "${enable_pvs_studio+set}" = set; then : +if test ${enable_pvs_studio+y} +then : enableval=$enable_pvs_studio; fi # Check whether --enable-log-server was given. -if test "${enable_log_server+set}" = set; then : +if test ${enable_log_server+y} +then : enableval=$enable_log_server; case "$enableval" in yes) ;; @@ -6750,8 +6929,8 @@ LOGSRVD_SRC= LOGSRVD_CONF= ;; - *) { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: Ignoring unknown argument to --enable-log-server: $enableval" >&5 -$as_echo "$as_me: WARNING: Ignoring unknown argument to --enable-log-server: $enableval" >&2;} + *) { printf "%s\n" "$as_me:${as_lineno-$LINENO}: WARNING: ignoring unknown argument to --enable-log-server: $enableval" >&5 +printf "%s\n" "$as_me: WARNING: ignoring unknown argument to --enable-log-server: $enableval" >&2;} ;; esac @@ -6759,26 +6938,27 @@ # Check whether --enable-log-client was given. -if test "${enable_log_client+set}" = set; then : +if test ${enable_log_client+y} +then : enableval=$enable_log_client; case "$enableval" in yes) - $as_echo "#define SUDOERS_LOG_CLIENT 1" >>confdefs.h + printf "%s\n" "#define SUDOERS_LOG_CLIENT 1" >>confdefs.h ;; no) ;; - *) { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: Ignoring unknown argument to --enable-log-client: $enableval" >&5 -$as_echo "$as_me: WARNING: Ignoring unknown argument to --enable-log-client: $enableval" >&2;} + *) { printf "%s\n" "$as_me:${as_lineno-$LINENO}: WARNING: ignoring unknown argument to --enable-log-client: $enableval" >&5 +printf "%s\n" "$as_me: WARNING: ignoring unknown argument to --enable-log-client: $enableval" >&2;} ;; esac -else - $as_echo "#define SUDOERS_LOG_CLIENT 1" >>confdefs.h +else $as_nop + printf "%s\n" "#define SUDOERS_LOG_CLIENT 1" >>confdefs.h fi -if test X"$enable_log_server" = X"no" -a X"$enable_log_client" = X"no"; then +if test X"${enable_log_client}${enable_log_server}" = X"nono"; then # No need for liblogsrv.la LOGSRV_SRC= LIBLOGSRV= @@ -6787,45 +6967,99 @@ PPFILES="$PPFILES "'$(srcdir)/etc/sudo-logsrvd.pp' fi +# Check whether --enable-openssl was given. +if test ${enable_openssl+y} +then : + enableval=$enable_openssl; +else $as_nop + + # Enable OpenSSL by default unless logsrvd and client are disabled + if test X"${enable_log_client}${enable_log_server}" != X"nono"; then + enable_openssl=maybe + fi + +fi + +# Check whether --enable-openssl-pkgconfig-template was given. +if test ${enable_openssl_pkgconfig_template+y} +then : + enableval=$enable_openssl_pkgconfig_template; +else $as_nop + enable_openssl_pkgconfig_template="%s" +fi + + +# Check whether --enable-wolfssl was given. +if test ${enable_wolfssl+y} +then : + enableval=$enable_wolfssl; + enable_openssl=no + +fi + + +# Check whether --enable-gcrypt was given. +if test ${enable_gcrypt+y} +then : + enableval=$enable_gcrypt; + if test "${enable_openssl-no}${enable_wolfssl-no}" != "nono"; then + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: WARNING: ignoring --enable-gcrypt when OpenSSL or wolfSSL is enabled." >&5 +printf "%s\n" "$as_me: WARNING: ignoring --enable-gcrypt when OpenSSL or wolfSSL is enabled." >&2;} + enable_gcrypt=no + fi + +fi + + +# Check whether --enable-python was given. +if test ${enable_python+y} +then : + enableval=$enable_python; case "$enableval" in + yes|no) + ;; + *) { printf "%s\n" "$as_me:${as_lineno-$LINENO}: WARNING: ignoring unknown argument to --enable-python: $enableval" >&5 +printf "%s\n" "$as_me: WARNING: ignoring unknown argument to --enable-python: $enableval" >&2;} + ;; + esac + +fi + + ac_ext=c ac_cpp='$CPP $CPPFLAGS' ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5' ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5' ac_compiler_gnu=$ac_cv_c_compiler_gnu -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking how to run the C preprocessor" >&5 -$as_echo_n "checking how to run the C preprocessor... " >&6; } +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking how to run the C preprocessor" >&5 +printf %s "checking how to run the C preprocessor... " >&6; } # On Suns, sometimes $CPP names a directory. if test -n "$CPP" && test -d "$CPP"; then CPP= fi if test -z "$CPP"; then - if ${ac_cv_prog_CPP+:} false; then : - $as_echo_n "(cached) " >&6 -else - # Double quotes because CPP needs to be expanded - for CPP in "$CC -E" "$CC -E -traditional-cpp" "/lib/cpp" + if test ${ac_cv_prog_CPP+y} +then : + printf %s "(cached) " >&6 +else $as_nop + # Double quotes because $CC needs to be expanded + for CPP in "$CC -E" "$CC -E -traditional-cpp" cpp /lib/cpp do ac_preproc_ok=false for ac_c_preproc_warn_flag in '' yes do # Use a header file that comes with gcc, so configuring glibc # with a fresh cross-compiler works. - # Prefer to if __STDC__ is defined, since - # exists even on freestanding compilers. # On the NeXT, cc -E runs the code through the compiler's parser, # not just through cpp. "Syntax error" is here to catch this case. cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ -#ifdef __STDC__ -# include -#else -# include -#endif +#include Syntax error _ACEOF -if ac_fn_c_try_cpp "$LINENO"; then : +if ac_fn_c_try_cpp "$LINENO" +then : -else +else $as_nop # Broken: fails on valid input. continue fi @@ -6837,10 +7071,11 @@ /* end confdefs.h. */ #include _ACEOF -if ac_fn_c_try_cpp "$LINENO"; then : +if ac_fn_c_try_cpp "$LINENO" +then : # Broken: success on invalid input. continue -else +else $as_nop # Passes both tests. ac_preproc_ok=: break @@ -6850,7 +7085,8 @@ done # Because of `break', _AC_PREPROC_IFELSE's cleaning code was skipped. rm -f conftest.i conftest.err conftest.$ac_ext -if $ac_preproc_ok; then : +if $ac_preproc_ok +then : break fi @@ -6862,29 +7098,24 @@ else ac_cv_prog_CPP=$CPP fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $CPP" >&5 -$as_echo "$CPP" >&6; } +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $CPP" >&5 +printf "%s\n" "$CPP" >&6; } ac_preproc_ok=false for ac_c_preproc_warn_flag in '' yes do # Use a header file that comes with gcc, so configuring glibc # with a fresh cross-compiler works. - # Prefer to if __STDC__ is defined, since - # exists even on freestanding compilers. # On the NeXT, cc -E runs the code through the compiler's parser, # not just through cpp. "Syntax error" is here to catch this case. cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ -#ifdef __STDC__ -# include -#else -# include -#endif +#include Syntax error _ACEOF -if ac_fn_c_try_cpp "$LINENO"; then : +if ac_fn_c_try_cpp "$LINENO" +then : -else +else $as_nop # Broken: fails on valid input. continue fi @@ -6896,10 +7127,11 @@ /* end confdefs.h. */ #include _ACEOF -if ac_fn_c_try_cpp "$LINENO"; then : +if ac_fn_c_try_cpp "$LINENO" +then : # Broken: success on invalid input. continue -else +else $as_nop # Passes both tests. ac_preproc_ok=: break @@ -6909,11 +7141,12 @@ done # Because of `break', _AC_PREPROC_IFELSE's cleaning code was skipped. rm -f conftest.i conftest.err conftest.$ac_ext -if $ac_preproc_ok; then : +if $ac_preproc_ok +then : -else - { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5 -$as_echo "$as_me: error: in \`$ac_pwd':" >&2;} +else $as_nop + { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5 +printf "%s\n" "$as_me: error: in \`$ac_pwd':" >&2;} as_fn_error $? "C preprocessor \"$CPP\" fails sanity check See \`config.log' for more details" "$LINENO" 5; } fi @@ -6927,11 +7160,12 @@ if test -n "$ac_tool_prefix"; then # Extract the first word of "${ac_tool_prefix}ar", so it can be a program name with args. set dummy ${ac_tool_prefix}ar; ac_word=$2 -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 -$as_echo_n "checking for $ac_word... " >&6; } -if ${ac_cv_prog_AR+:} false; then : - $as_echo_n "(cached) " >&6 -else +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 +printf %s "checking for $ac_word... " >&6; } +if test ${ac_cv_prog_AR+y} +then : + printf %s "(cached) " >&6 +else $as_nop if test -n "$AR"; then ac_cv_prog_AR="$AR" # Let the user override the test. else @@ -6939,11 +7173,15 @@ for as_dir in $PATH do IFS=$as_save_IFS - test -z "$as_dir" && as_dir=. + case $as_dir in #((( + '') as_dir=./ ;; + */) ;; + *) as_dir=$as_dir/ ;; + esac for ac_exec_ext in '' $ac_executable_extensions; do - if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then + if as_fn_executable_p "$as_dir$ac_word$ac_exec_ext"; then ac_cv_prog_AR="${ac_tool_prefix}ar" - $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 + printf "%s\n" "$as_me:${as_lineno-$LINENO}: found $as_dir$ac_word$ac_exec_ext" >&5 break 2 fi done @@ -6954,11 +7192,11 @@ fi AR=$ac_cv_prog_AR if test -n "$AR"; then - { $as_echo "$as_me:${as_lineno-$LINENO}: result: $AR" >&5 -$as_echo "$AR" >&6; } + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $AR" >&5 +printf "%s\n" "$AR" >&6; } else - { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 -$as_echo "no" >&6; } + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5 +printf "%s\n" "no" >&6; } fi @@ -6967,11 +7205,12 @@ ac_ct_AR=$AR # Extract the first word of "ar", so it can be a program name with args. set dummy ar; ac_word=$2 -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 -$as_echo_n "checking for $ac_word... " >&6; } -if ${ac_cv_prog_ac_ct_AR+:} false; then : - $as_echo_n "(cached) " >&6 -else +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 +printf %s "checking for $ac_word... " >&6; } +if test ${ac_cv_prog_ac_ct_AR+y} +then : + printf %s "(cached) " >&6 +else $as_nop if test -n "$ac_ct_AR"; then ac_cv_prog_ac_ct_AR="$ac_ct_AR" # Let the user override the test. else @@ -6979,11 +7218,15 @@ for as_dir in $PATH do IFS=$as_save_IFS - test -z "$as_dir" && as_dir=. + case $as_dir in #((( + '') as_dir=./ ;; + */) ;; + *) as_dir=$as_dir/ ;; + esac for ac_exec_ext in '' $ac_executable_extensions; do - if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then + if as_fn_executable_p "$as_dir$ac_word$ac_exec_ext"; then ac_cv_prog_ac_ct_AR="ar" - $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 + printf "%s\n" "$as_me:${as_lineno-$LINENO}: found $as_dir$ac_word$ac_exec_ext" >&5 break 2 fi done @@ -6994,11 +7237,11 @@ fi ac_ct_AR=$ac_cv_prog_ac_ct_AR if test -n "$ac_ct_AR"; then - { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_ct_AR" >&5 -$as_echo "$ac_ct_AR" >&6; } + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_ct_AR" >&5 +printf "%s\n" "$ac_ct_AR" >&6; } else - { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 -$as_echo "no" >&6; } + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5 +printf "%s\n" "no" >&6; } fi if test "x$ac_ct_AR" = x; then @@ -7006,8 +7249,8 @@ else case $cross_compiling:$ac_tool_warned in yes:) -{ $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5 -$as_echo "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;} +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5 +printf "%s\n" "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;} ac_tool_warned=yes ;; esac AR=$ac_ct_AR @@ -7019,11 +7262,12 @@ if test -n "$ac_tool_prefix"; then # Extract the first word of "${ac_tool_prefix}ranlib", so it can be a program name with args. set dummy ${ac_tool_prefix}ranlib; ac_word=$2 -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 -$as_echo_n "checking for $ac_word... " >&6; } -if ${ac_cv_prog_RANLIB+:} false; then : - $as_echo_n "(cached) " >&6 -else +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 +printf %s "checking for $ac_word... " >&6; } +if test ${ac_cv_prog_RANLIB+y} +then : + printf %s "(cached) " >&6 +else $as_nop if test -n "$RANLIB"; then ac_cv_prog_RANLIB="$RANLIB" # Let the user override the test. else @@ -7031,11 +7275,15 @@ for as_dir in $PATH do IFS=$as_save_IFS - test -z "$as_dir" && as_dir=. + case $as_dir in #((( + '') as_dir=./ ;; + */) ;; + *) as_dir=$as_dir/ ;; + esac for ac_exec_ext in '' $ac_executable_extensions; do - if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then + if as_fn_executable_p "$as_dir$ac_word$ac_exec_ext"; then ac_cv_prog_RANLIB="${ac_tool_prefix}ranlib" - $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 + printf "%s\n" "$as_me:${as_lineno-$LINENO}: found $as_dir$ac_word$ac_exec_ext" >&5 break 2 fi done @@ -7046,11 +7294,11 @@ fi RANLIB=$ac_cv_prog_RANLIB if test -n "$RANLIB"; then - { $as_echo "$as_me:${as_lineno-$LINENO}: result: $RANLIB" >&5 -$as_echo "$RANLIB" >&6; } + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $RANLIB" >&5 +printf "%s\n" "$RANLIB" >&6; } else - { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 -$as_echo "no" >&6; } + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5 +printf "%s\n" "no" >&6; } fi @@ -7059,11 +7307,12 @@ ac_ct_RANLIB=$RANLIB # Extract the first word of "ranlib", so it can be a program name with args. set dummy ranlib; ac_word=$2 -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 -$as_echo_n "checking for $ac_word... " >&6; } -if ${ac_cv_prog_ac_ct_RANLIB+:} false; then : - $as_echo_n "(cached) " >&6 -else +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 +printf %s "checking for $ac_word... " >&6; } +if test ${ac_cv_prog_ac_ct_RANLIB+y} +then : + printf %s "(cached) " >&6 +else $as_nop if test -n "$ac_ct_RANLIB"; then ac_cv_prog_ac_ct_RANLIB="$ac_ct_RANLIB" # Let the user override the test. else @@ -7071,11 +7320,15 @@ for as_dir in $PATH do IFS=$as_save_IFS - test -z "$as_dir" && as_dir=. + case $as_dir in #((( + '') as_dir=./ ;; + */) ;; + *) as_dir=$as_dir/ ;; + esac for ac_exec_ext in '' $ac_executable_extensions; do - if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then + if as_fn_executable_p "$as_dir$ac_word$ac_exec_ext"; then ac_cv_prog_ac_ct_RANLIB="ranlib" - $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 + printf "%s\n" "$as_me:${as_lineno-$LINENO}: found $as_dir$ac_word$ac_exec_ext" >&5 break 2 fi done @@ -7086,11 +7339,11 @@ fi ac_ct_RANLIB=$ac_cv_prog_ac_ct_RANLIB if test -n "$ac_ct_RANLIB"; then - { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_ct_RANLIB" >&5 -$as_echo "$ac_ct_RANLIB" >&6; } + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_ct_RANLIB" >&5 +printf "%s\n" "$ac_ct_RANLIB" >&6; } else - { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 -$as_echo "no" >&6; } + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5 +printf "%s\n" "no" >&6; } fi if test "x$ac_ct_RANLIB" = x; then @@ -7098,8 +7351,8 @@ else case $cross_compiling:$ac_tool_warned in yes:) -{ $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5 -$as_echo "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;} +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5 +printf "%s\n" "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;} ac_tool_warned=yes ;; esac RANLIB=$ac_ct_RANLIB @@ -7112,65 +7365,29 @@ as_fn_error $? "the \"ar\" utility is required to build sudo" "$LINENO" 5 fi -if test "x$ac_cv_prog_cc_c89" = "xno"; then - as_fn_error $? "Sudo version $PACKAGE_VERSION requires an ANSI C compiler to build." "$LINENO" 5 -fi - -if test "$enable_static" = "no"; then - { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: Ignoring --disable-static, sudo does not install static libs" >&5 -$as_echo "$as_me: WARNING: Ignoring --disable-static, sudo does not install static libs" >&2;} - enable_static=yes -fi -ac_aux_dir= -for ac_dir in "$srcdir" "$srcdir/.." "$srcdir/../.."; do - if test -f "$ac_dir/install-sh"; then - ac_aux_dir=$ac_dir - ac_install_sh="$ac_aux_dir/install-sh -c" - break - elif test -f "$ac_dir/install.sh"; then - ac_aux_dir=$ac_dir - ac_install_sh="$ac_aux_dir/install.sh -c" - break - elif test -f "$ac_dir/shtool"; then - ac_aux_dir=$ac_dir - ac_install_sh="$ac_aux_dir/shtool install -c" - break - fi -done -if test -z "$ac_aux_dir"; then - as_fn_error $? "cannot find install-sh, install.sh, or shtool in \"$srcdir\" \"$srcdir/..\" \"$srcdir/../..\"" "$LINENO" 5 -fi -# These three variables are undocumented and unsupported, -# and are intended to be withdrawn in a future Autoconf release. -# They can cause serious problems if a builder's source tree is in a directory -# whose full name contains unusual characters. -ac_config_guess="$SHELL $ac_aux_dir/config.guess" # Please don't use this var. -ac_config_sub="$SHELL $ac_aux_dir/config.sub" # Please don't use this var. -ac_configure="$SHELL $ac_aux_dir/configure" # Please don't use this var. - - -# Make sure we can run config.sub. -$SHELL "$ac_aux_dir/config.sub" sun4 >/dev/null 2>&1 || - as_fn_error $? "cannot run $SHELL $ac_aux_dir/config.sub" "$LINENO" 5 - -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking build system type" >&5 -$as_echo_n "checking build system type... " >&6; } -if ${ac_cv_build+:} false; then : - $as_echo_n "(cached) " >&6 -else + # Make sure we can run config.sub. +$SHELL "${ac_aux_dir}config.sub" sun4 >/dev/null 2>&1 || + as_fn_error $? "cannot run $SHELL ${ac_aux_dir}config.sub" "$LINENO" 5 + +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking build system type" >&5 +printf %s "checking build system type... " >&6; } +if test ${ac_cv_build+y} +then : + printf %s "(cached) " >&6 +else $as_nop ac_build_alias=$build_alias test "x$ac_build_alias" = x && - ac_build_alias=`$SHELL "$ac_aux_dir/config.guess"` + ac_build_alias=`$SHELL "${ac_aux_dir}config.guess"` test "x$ac_build_alias" = x && as_fn_error $? "cannot guess build type; you must specify one" "$LINENO" 5 -ac_cv_build=`$SHELL "$ac_aux_dir/config.sub" $ac_build_alias` || - as_fn_error $? "$SHELL $ac_aux_dir/config.sub $ac_build_alias failed" "$LINENO" 5 +ac_cv_build=`$SHELL "${ac_aux_dir}config.sub" $ac_build_alias` || + as_fn_error $? "$SHELL ${ac_aux_dir}config.sub $ac_build_alias failed" "$LINENO" 5 fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_build" >&5 -$as_echo "$ac_cv_build" >&6; } +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_build" >&5 +printf "%s\n" "$ac_cv_build" >&6; } case $ac_cv_build in *-*-*) ;; *) as_fn_error $? "invalid value of canonical build" "$LINENO" 5;; @@ -7189,21 +7406,1196 @@ case $build_os in *\ *) build_os=`echo "$build_os" | sed 's/ /-/g'`;; esac -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking host system type" >&5 -$as_echo_n "checking host system type... " >&6; } -if ${ac_cv_host+:} false; then : - $as_echo_n "(cached) " >&6 + + +cross_compiling_build=no + +ac_build_tool_prefix= +if test -n "$build" +then : + ac_build_tool_prefix="$build-" +elif test -n "$build_alias" +then : + ac_build_tool_prefix="$build_alias-" +fi + +ac_ext=c +ac_cpp='$CPP_FOR_BUILD $CPPFLAGS_FOR_BUILD' +ac_compile='$CC_FOR_BUILD -c $CFLAGS_FOR_BUILD $CPPFLAGS_FOR_BUILD conftest.$ac_ext >&5' +ac_link='$CC_FOR_BUILD -o conftest$ac_build_exeext $CFLAGS_FOR_BUILD $CPPFLAGS_FOR_BUILD $LDFLAGS_FOR_BUILD conftest.$ac_ext $LIBS >&5' +ac_compiler_gnu=$ac_cv_build_c_compiler_gnu + + +was_set_ac_cv_c_compiler_gnu=${ac_cv_c_compiler_gnu+y} +if test ${was_set_ac_cv_c_compiler_gnu} +then : + saved_ac_cv_c_compiler_gnu=$ac_cv_c_compiler_gnu + { ac_cv_c_compiler_gnu=; unset ac_cv_c_compiler_gnu;} +fi + +ac_ext=c +ac_cpp='$CPP_FOR_BUILD $CPPFLAGS_FOR_BUILD' +ac_compile='$CC_FOR_BUILD -c $CFLAGS_FOR_BUILD $CPPFLAGS_FOR_BUILD conftest.$ac_ext >&5' +ac_link='$CC_FOR_BUILD -o conftest$ac_build_exeext $CFLAGS_FOR_BUILD $CPPFLAGS_FOR_BUILD $LDFLAGS_FOR_BUILD conftest.$ac_ext $LIBS >&5' +ac_compiler_gnu=$ac_cv_build_c_compiler_gnu +if test -n "$ac_build_tool_prefix"; then + # Extract the first word of "${ac_tool_prefix}gcc", so it can be a program name with args. +set dummy ${ac_build_tool_prefix}gcc; ac_word=$2 +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 +printf %s "checking for $ac_word... " >&6; } +if test ${ac_cv_prog_CC_FOR_BUILD+y} +then : + printf %s "(cached) " >&6 +else $as_nop + if test -n "$CC_FOR_BUILD"; then + ac_cv_prog_CC_FOR_BUILD="$CC_FOR_BUILD" # Let the user override the test. +else +as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH +do + IFS=$as_save_IFS + case $as_dir in #((( + '') as_dir=./ ;; + */) ;; + *) as_dir=$as_dir/ ;; + esac + for ac_exec_ext in '' $ac_executable_extensions; do + if as_fn_executable_p "$as_dir$ac_word$ac_exec_ext"; then + ac_cv_prog_CC_FOR_BUILD="${ac_build_tool_prefix}gcc" + printf "%s\n" "$as_me:${as_lineno-$LINENO}: found $as_dir$ac_word$ac_exec_ext" >&5 + break 2 + fi +done + done +IFS=$as_save_IFS + +fi +fi +CC_FOR_BUILD=$ac_cv_prog_CC_FOR_BUILD +if test -n "$CC_FOR_BUILD"; then + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $CC_FOR_BUILD" >&5 +printf "%s\n" "$CC_FOR_BUILD" >&6; } +else + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5 +printf "%s\n" "no" >&6; } +fi + + +fi +if test -z "$ac_cv_prog_CC_FOR_BUILD"; then + ac_ct_CC_FOR_BUILD=$CC_FOR_BUILD + # Extract the first word of "gcc", so it can be a program name with args. +set dummy gcc; ac_word=$2 +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 +printf %s "checking for $ac_word... " >&6; } +if test ${ac_cv_prog_ac_ct_CC_FOR_BUILD+y} +then : + printf %s "(cached) " >&6 +else $as_nop + if test -n "$ac_ct_CC_FOR_BUILD"; then + ac_cv_prog_ac_ct_CC_FOR_BUILD="$ac_ct_CC_FOR_BUILD" # Let the user override the test. +else +as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH +do + IFS=$as_save_IFS + case $as_dir in #((( + '') as_dir=./ ;; + */) ;; + *) as_dir=$as_dir/ ;; + esac + for ac_exec_ext in '' $ac_executable_extensions; do + if as_fn_executable_p "$as_dir$ac_word$ac_exec_ext"; then + ac_cv_prog_ac_ct_CC_FOR_BUILD="gcc" + printf "%s\n" "$as_me:${as_lineno-$LINENO}: found $as_dir$ac_word$ac_exec_ext" >&5 + break 2 + fi +done + done +IFS=$as_save_IFS + +fi +fi +ac_ct_CC_FOR_BUILD=$ac_cv_prog_ac_ct_CC_FOR_BUILD +if test -n "$ac_ct_CC_FOR_BUILD"; then + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_ct_CC_FOR_BUILD" >&5 +printf "%s\n" "$ac_ct_CC_FOR_BUILD" >&6; } +else + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5 +printf "%s\n" "no" >&6; } +fi + + if test "x$ac_ct_CC_FOR_BUILD" = x; then + CC_FOR_BUILD="" + else + case $cross_compiling_build:$ac_tool_warned in +yes:) +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with build triplet" >&5 +printf "%s\n" "$as_me: WARNING: using cross tools not prefixed with build triplet" >&2;} +ac_tool_warned=yes ;; +esac + CC_FOR_BUILD=$ac_ct_CC_FOR_BUILD + fi +else + CC_FOR_BUILD="$ac_cv_prog_CC_FOR_BUILD" +fi + +if test -z "$CC_FOR_BUILD"; then + if test -n "$ac_build_tool_prefix"; then + # Extract the first word of "${ac_tool_prefix}cc", so it can be a program name with args. +set dummy ${ac_build_tool_prefix}cc; ac_word=$2 +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 +printf %s "checking for $ac_word... " >&6; } +if test ${ac_cv_prog_CC_FOR_BUILD+y} +then : + printf %s "(cached) " >&6 +else $as_nop + if test -n "$CC_FOR_BUILD"; then + ac_cv_prog_CC_FOR_BUILD="$CC_FOR_BUILD" # Let the user override the test. +else +as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH +do + IFS=$as_save_IFS + case $as_dir in #((( + '') as_dir=./ ;; + */) ;; + *) as_dir=$as_dir/ ;; + esac + for ac_exec_ext in '' $ac_executable_extensions; do + if as_fn_executable_p "$as_dir$ac_word$ac_exec_ext"; then + ac_cv_prog_CC_FOR_BUILD="${ac_build_tool_prefix}cc" + printf "%s\n" "$as_me:${as_lineno-$LINENO}: found $as_dir$ac_word$ac_exec_ext" >&5 + break 2 + fi +done + done +IFS=$as_save_IFS + +fi +fi +CC_FOR_BUILD=$ac_cv_prog_CC_FOR_BUILD +if test -n "$CC_FOR_BUILD"; then + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $CC_FOR_BUILD" >&5 +printf "%s\n" "$CC_FOR_BUILD" >&6; } else + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5 +printf "%s\n" "no" >&6; } +fi + + + fi +fi +if test -z "$CC_FOR_BUILD"; then + # Extract the first word of "cc", so it can be a program name with args. +set dummy cc; ac_word=$2 +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 +printf %s "checking for $ac_word... " >&6; } +if test ${ac_cv_prog_CC_FOR_BUILD+y} +then : + printf %s "(cached) " >&6 +else $as_nop + if test -n "$CC_FOR_BUILD"; then + ac_cv_prog_CC_FOR_BUILD="$CC_FOR_BUILD" # Let the user override the test. +else + ac_prog_rejected=no +as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH +do + IFS=$as_save_IFS + case $as_dir in #((( + '') as_dir=./ ;; + */) ;; + *) as_dir=$as_dir/ ;; + esac + for ac_exec_ext in '' $ac_executable_extensions; do + if as_fn_executable_p "$as_dir$ac_word$ac_exec_ext"; then + if test "$as_dir$ac_word$ac_exec_ext" = "/usr/ucb/cc"; then + ac_prog_rejected=yes + continue + fi + ac_cv_prog_CC_FOR_BUILD="cc" + printf "%s\n" "$as_me:${as_lineno-$LINENO}: found $as_dir$ac_word$ac_exec_ext" >&5 + break 2 + fi +done + done +IFS=$as_save_IFS + +if test $ac_prog_rejected = yes; then + # We found a bogon in the path, so make sure we never use it. + set dummy $ac_cv_prog_CC_FOR_BUILD + shift + if test $# != 0; then + # We chose a different compiler from the bogus one. + # However, it has the same basename, so the bogon will be chosen + # first if we set CC_FOR_BUILD to just the basename; use the full file name. + shift + ac_cv_prog_CC_FOR_BUILD="$as_dir$ac_word${1+' '}$@" + fi +fi +fi +fi +CC_FOR_BUILD=$ac_cv_prog_CC_FOR_BUILD +if test -n "$CC_FOR_BUILD"; then + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $CC_FOR_BUILD" >&5 +printf "%s\n" "$CC_FOR_BUILD" >&6; } +else + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5 +printf "%s\n" "no" >&6; } +fi + + +fi +if test -z "$CC_FOR_BUILD"; then + if test -n "$ac_build_tool_prefix"; then + for ac_prog in cl.exe + do + # Extract the first word of "$ac_tool_prefix$ac_prog", so it can be a program name with args. +set dummy $ac_build_tool_prefix$ac_prog; ac_word=$2 +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 +printf %s "checking for $ac_word... " >&6; } +if test ${ac_cv_prog_CC_FOR_BUILD+y} +then : + printf %s "(cached) " >&6 +else $as_nop + if test -n "$CC_FOR_BUILD"; then + ac_cv_prog_CC_FOR_BUILD="$CC_FOR_BUILD" # Let the user override the test. +else +as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH +do + IFS=$as_save_IFS + case $as_dir in #((( + '') as_dir=./ ;; + */) ;; + *) as_dir=$as_dir/ ;; + esac + for ac_exec_ext in '' $ac_executable_extensions; do + if as_fn_executable_p "$as_dir$ac_word$ac_exec_ext"; then + ac_cv_prog_CC_FOR_BUILD="$ac_build_tool_prefix$ac_prog" + printf "%s\n" "$as_me:${as_lineno-$LINENO}: found $as_dir$ac_word$ac_exec_ext" >&5 + break 2 + fi +done + done +IFS=$as_save_IFS + +fi +fi +CC_FOR_BUILD=$ac_cv_prog_CC_FOR_BUILD +if test -n "$CC_FOR_BUILD"; then + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $CC_FOR_BUILD" >&5 +printf "%s\n" "$CC_FOR_BUILD" >&6; } +else + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5 +printf "%s\n" "no" >&6; } +fi + + + test -n "$CC_FOR_BUILD" && break + done +fi +if test -z "$CC_FOR_BUILD"; then + ac_ct_CC_FOR_BUILD=$CC_FOR_BUILD + for ac_prog in cl.exe +do + # Extract the first word of "$ac_prog", so it can be a program name with args. +set dummy $ac_prog; ac_word=$2 +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 +printf %s "checking for $ac_word... " >&6; } +if test ${ac_cv_prog_ac_ct_CC_FOR_BUILD+y} +then : + printf %s "(cached) " >&6 +else $as_nop + if test -n "$ac_ct_CC_FOR_BUILD"; then + ac_cv_prog_ac_ct_CC_FOR_BUILD="$ac_ct_CC_FOR_BUILD" # Let the user override the test. +else +as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH +do + IFS=$as_save_IFS + case $as_dir in #((( + '') as_dir=./ ;; + */) ;; + *) as_dir=$as_dir/ ;; + esac + for ac_exec_ext in '' $ac_executable_extensions; do + if as_fn_executable_p "$as_dir$ac_word$ac_exec_ext"; then + ac_cv_prog_ac_ct_CC_FOR_BUILD="$ac_prog" + printf "%s\n" "$as_me:${as_lineno-$LINENO}: found $as_dir$ac_word$ac_exec_ext" >&5 + break 2 + fi +done + done +IFS=$as_save_IFS + +fi +fi +ac_ct_CC_FOR_BUILD=$ac_cv_prog_ac_ct_CC_FOR_BUILD +if test -n "$ac_ct_CC_FOR_BUILD"; then + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_ct_CC_FOR_BUILD" >&5 +printf "%s\n" "$ac_ct_CC_FOR_BUILD" >&6; } +else + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5 +printf "%s\n" "no" >&6; } +fi + + + test -n "$ac_ct_CC_FOR_BUILD" && break +done + + if test "x$ac_ct_CC_FOR_BUILD" = x; then + CC_FOR_BUILD="" + else + case $cross_compiling_build:$ac_tool_warned in +yes:) +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with build triplet" >&5 +printf "%s\n" "$as_me: WARNING: using cross tools not prefixed with build triplet" >&2;} +ac_tool_warned=yes ;; +esac + CC_FOR_BUILD=$ac_ct_CC_FOR_BUILD + fi +fi + +fi +if test -z "$CC_FOR_BUILD"; then + if test -n "$ac_build_tool_prefix"; then + # Extract the first word of "${ac_tool_prefix}clang", so it can be a program name with args. +set dummy ${ac_build_tool_prefix}clang; ac_word=$2 +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 +printf %s "checking for $ac_word... " >&6; } +if test ${ac_cv_prog_CC_FOR_BUILD+y} +then : + printf %s "(cached) " >&6 +else $as_nop + if test -n "$CC_FOR_BUILD"; then + ac_cv_prog_CC_FOR_BUILD="$CC_FOR_BUILD" # Let the user override the test. +else +as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH +do + IFS=$as_save_IFS + case $as_dir in #((( + '') as_dir=./ ;; + */) ;; + *) as_dir=$as_dir/ ;; + esac + for ac_exec_ext in '' $ac_executable_extensions; do + if as_fn_executable_p "$as_dir$ac_word$ac_exec_ext"; then + ac_cv_prog_CC_FOR_BUILD="${ac_build_tool_prefix}clang" + printf "%s\n" "$as_me:${as_lineno-$LINENO}: found $as_dir$ac_word$ac_exec_ext" >&5 + break 2 + fi +done + done +IFS=$as_save_IFS + +fi +fi +CC_FOR_BUILD=$ac_cv_prog_CC_FOR_BUILD +if test -n "$CC_FOR_BUILD"; then + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $CC_FOR_BUILD" >&5 +printf "%s\n" "$CC_FOR_BUILD" >&6; } +else + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5 +printf "%s\n" "no" >&6; } +fi + + +fi +if test -z "$ac_cv_prog_CC_FOR_BUILD"; then + ac_ct_CC_FOR_BUILD=$CC_FOR_BUILD + # Extract the first word of "clang", so it can be a program name with args. +set dummy clang; ac_word=$2 +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 +printf %s "checking for $ac_word... " >&6; } +if test ${ac_cv_prog_ac_ct_CC_FOR_BUILD+y} +then : + printf %s "(cached) " >&6 +else $as_nop + if test -n "$ac_ct_CC_FOR_BUILD"; then + ac_cv_prog_ac_ct_CC_FOR_BUILD="$ac_ct_CC_FOR_BUILD" # Let the user override the test. +else +as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH +do + IFS=$as_save_IFS + case $as_dir in #((( + '') as_dir=./ ;; + */) ;; + *) as_dir=$as_dir/ ;; + esac + for ac_exec_ext in '' $ac_executable_extensions; do + if as_fn_executable_p "$as_dir$ac_word$ac_exec_ext"; then + ac_cv_prog_ac_ct_CC_FOR_BUILD="clang" + printf "%s\n" "$as_me:${as_lineno-$LINENO}: found $as_dir$ac_word$ac_exec_ext" >&5 + break 2 + fi +done + done +IFS=$as_save_IFS + +fi +fi +ac_ct_CC_FOR_BUILD=$ac_cv_prog_ac_ct_CC_FOR_BUILD +if test -n "$ac_ct_CC_FOR_BUILD"; then + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_ct_CC_FOR_BUILD" >&5 +printf "%s\n" "$ac_ct_CC_FOR_BUILD" >&6; } +else + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5 +printf "%s\n" "no" >&6; } +fi + + if test "x$ac_ct_CC_FOR_BUILD" = x; then + CC_FOR_BUILD="" + else + case $cross_compiling_build:$ac_tool_warned in +yes:) +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with build triplet" >&5 +printf "%s\n" "$as_me: WARNING: using cross tools not prefixed with build triplet" >&2;} +ac_tool_warned=yes ;; +esac + CC_FOR_BUILD=$ac_ct_CC_FOR_BUILD + fi +else + CC_FOR_BUILD="$ac_cv_prog_CC_FOR_BUILD" +fi + +fi + + +test -z "$CC_FOR_BUILD" && { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5 +printf "%s\n" "$as_me: error: in \`$ac_pwd':" >&2;} +as_fn_error $? "no acceptable C compiler found in \$PATH +See \`config.log' for more details" "$LINENO" 5; } + +# Provide some information about the compiler. +printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for C compiler version" >&5 +set X $ac_compile +ac_compiler=$2 +for ac_option in --version -v -V -qversion -version; do + { { ac_try="$ac_compiler $ac_option >&5" +case "(($ac_try" in + *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; + *) ac_try_echo=$ac_try;; +esac +eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\"" +printf "%s\n" "$ac_try_echo"; } >&5 + (eval "$ac_compiler $ac_option >&5") 2>conftest.err + ac_status=$? + if test -s conftest.err; then + sed '10a\ +... rest of stderr output deleted ... + 10q' conftest.err >conftest.er1 + cat conftest.er1 >&5 + fi + rm -f conftest.er1 conftest.err + printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + test $ac_status = 0; } +done + +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking whether the compiler supports GNU C" >&5 +printf %s "checking whether the compiler supports GNU C... " >&6; } +if test ${ac_cv_c_compiler_gnu+y} +then : + printf %s "(cached) " >&6 +else $as_nop + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +int +main (void) +{ +#ifndef __GNUC__ + choke me +#endif + + ; + return 0; +} +_ACEOF +if ac_fn_c_try_compile "$LINENO" +then : + ac_compiler_gnu=yes +else $as_nop + ac_compiler_gnu=no +fi +rm -f core conftest.err conftest.$ac_build_objext conftest.beam conftest.$ac_ext +ac_cv_c_compiler_gnu=$ac_compiler_gnu + +fi +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_c_compiler_gnu" >&5 +printf "%s\n" "$ac_cv_c_compiler_gnu" >&6; } +ac_compiler_gnu=$ac_cv_c_compiler_gnu + +if test $ac_compiler_gnu = yes; then + GCC_FOR_BUILD=yes +else + GCC_FOR_BUILD= +fi +ac_test_CFLAGS=${CFLAGS_FOR_BUILD+y} +ac_save_CFLAGS=$CFLAGS_FOR_BUILD +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking whether $CC_FOR_BUILD accepts -g" >&5 +printf %s "checking whether $CC_FOR_BUILD accepts -g... " >&6; } +if test ${ac_cv_build_prog_cc_g+y} +then : + printf %s "(cached) " >&6 +else $as_nop + ac_save_c_werror_flag=$ac_c_werror_flag + ac_c_werror_flag=yes + ac_cv_build_prog_cc_g=no + CFLAGS_FOR_BUILD="-g" + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +int +main (void) +{ + + ; + return 0; +} +_ACEOF +if ac_fn_c_try_compile "$LINENO" +then : + ac_cv_build_prog_cc_g=yes +else $as_nop + CFLAGS_FOR_BUILD="" + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +int +main (void) +{ + + ; + return 0; +} +_ACEOF +if ac_fn_c_try_compile "$LINENO" +then : + +else $as_nop + ac_c_werror_flag=$ac_save_c_werror_flag + CFLAGS_FOR_BUILD="-g" + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +int +main (void) +{ + + ; + return 0; +} +_ACEOF +if ac_fn_c_try_compile "$LINENO" +then : + ac_cv_build_prog_cc_g=yes +fi +rm -f core conftest.err conftest.$ac_build_objext conftest.beam conftest.$ac_ext +fi +rm -f core conftest.err conftest.$ac_build_objext conftest.beam conftest.$ac_ext +fi +rm -f core conftest.err conftest.$ac_build_objext conftest.beam conftest.$ac_ext + ac_c_werror_flag=$ac_save_c_werror_flag +fi +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_build_prog_cc_g" >&5 +printf "%s\n" "$ac_cv_build_prog_cc_g" >&6; } +if test $ac_test_CFLAGS; then + CFLAGS_FOR_BUILD=$ac_save_CFLAGS +elif test $ac_cv_build_prog_cc_g = yes; then + if test "$GCC_FOR_BUILD" = yes; then + CFLAGS_FOR_BUILD="-g -O2" + else + CFLAGS_FOR_BUILD="-g" + fi +else + if test "$GCC_FOR_BUILD" = yes; then + CFLAGS_FOR_BUILD="-O2" + else + CFLAGS_FOR_BUILD= + fi +fi +ac_prog_cc_stdc=no +if test x$ac_prog_cc_stdc = xno +then : + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $CC_FOR_BUILD option to enable C11 features" >&5 +printf %s "checking for $CC_FOR_BUILD option to enable C11 features... " >&6; } +if test ${ac_cv_build_prog_cc_c11+y} +then : + printf %s "(cached) " >&6 +else $as_nop + ac_cv_build_prog_cc_c11=no +ac_save_CC=$CC_FOR_BUILD +cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +$ac_c_conftest_c11_program +_ACEOF +for ac_arg in '' -std=gnu11 +do + CC_FOR_BUILD="$ac_save_CC $ac_arg" + if ac_fn_c_try_compile "$LINENO" +then : + ac_cv_build_prog_cc_c11=$ac_arg +fi +rm -f core conftest.err conftest.$ac_build_objext conftest.beam + test "x$ac_cv_build_prog_cc_c11" != "xno" && break +done +rm -f conftest.$ac_ext +CC_FOR_BUILD=$ac_save_CC +fi + +if test "x$ac_cv_build_prog_cc_c11" = xno +then : + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: unsupported" >&5 +printf "%s\n" "unsupported" >&6; } +else $as_nop + if test "x$ac_cv_build_prog_cc_c11" = x +then : + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: none needed" >&5 +printf "%s\n" "none needed" >&6; } +else $as_nop + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_build_prog_cc_c11" >&5 +printf "%s\n" "$ac_cv_build_prog_cc_c11" >&6; } + CC_FOR_BUILD="$CC_FOR_BUILD $ac_cv_build_prog_cc_c11" +fi + ac_cv_prog_cc_stdc=$ac_cv_build_prog_cc_c11 + ac_prog_cc_stdc=c11 +fi +fi +if test x$ac_prog_cc_stdc = xno +then : + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $CC_FOR_BUILD option to enable C99 features" >&5 +printf %s "checking for $CC_FOR_BUILD option to enable C99 features... " >&6; } +if test ${ac_cv_build_prog_cc_c99+y} +then : + printf %s "(cached) " >&6 +else $as_nop + ac_cv_build_prog_cc_c99=no +ac_save_CC=$CC_FOR_BUILD +cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +$ac_c_conftest_c99_program +_ACEOF +for ac_arg in '' -std=gnu99 -std=c99 -c99 -qlanglvl=extc1x -qlanglvl=extc99 -AC99 -D_STDC_C99= +do + CC_FOR_BUILD="$ac_save_CC $ac_arg" + if ac_fn_c_try_compile "$LINENO" +then : + ac_cv_build_prog_cc_c99=$ac_arg +fi +rm -f core conftest.err conftest.$ac_build_objext conftest.beam + test "x$ac_cv_build_prog_cc_c99" != "xno" && break +done +rm -f conftest.$ac_ext +CC_FOR_BUILD=$ac_save_CC +fi + +if test "x$ac_cv_build_prog_cc_c99" = xno +then : + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: unsupported" >&5 +printf "%s\n" "unsupported" >&6; } +else $as_nop + if test "x$ac_cv_build_prog_cc_c99" = x +then : + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: none needed" >&5 +printf "%s\n" "none needed" >&6; } +else $as_nop + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_build_prog_cc_c99" >&5 +printf "%s\n" "$ac_cv_build_prog_cc_c99" >&6; } + CC_FOR_BUILD="$CC_FOR_BUILD $ac_cv_build_prog_cc_c99" +fi + ac_cv_prog_cc_stdc=$ac_cv_build_prog_cc_c99 + ac_prog_cc_stdc=c99 +fi +fi +if test x$ac_prog_cc_stdc = xno +then : + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $CC_FOR_BUILD option to enable C89 features" >&5 +printf %s "checking for $CC_FOR_BUILD option to enable C89 features... " >&6; } +if test ${ac_cv_build_prog_cc_c89+y} +then : + printf %s "(cached) " >&6 +else $as_nop + ac_cv_build_prog_cc_c89=no +ac_save_CC=$CC_FOR_BUILD +cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +$ac_c_conftest_c89_program +_ACEOF +for ac_arg in '' -qlanglvl=extc89 -qlanglvl=ansi -std -Ae "-Aa -D_HPUX_SOURCE" "-Xc -D__EXTENSIONS__" +do + CC_FOR_BUILD="$ac_save_CC $ac_arg" + if ac_fn_c_try_compile "$LINENO" +then : + ac_cv_build_prog_cc_c89=$ac_arg +fi +rm -f core conftest.err conftest.$ac_build_objext conftest.beam + test "x$ac_cv_build_prog_cc_c89" != "xno" && break +done +rm -f conftest.$ac_ext +CC_FOR_BUILD=$ac_save_CC +fi + +if test "x$ac_cv_build_prog_cc_c89" = xno +then : + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: unsupported" >&5 +printf "%s\n" "unsupported" >&6; } +else $as_nop + if test "x$ac_cv_build_prog_cc_c89" = x +then : + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: none needed" >&5 +printf "%s\n" "none needed" >&6; } +else $as_nop + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_build_prog_cc_c89" >&5 +printf "%s\n" "$ac_cv_build_prog_cc_c89" >&6; } + CC_FOR_BUILD="$CC_FOR_BUILD $ac_cv_build_prog_cc_c89" +fi + ac_cv_prog_cc_stdc=$ac_cv_build_prog_cc_c89 + ac_prog_cc_stdc=c89 +fi +fi + +ac_ext=c +ac_cpp='$CPP_FOR_BUILD $CPPFLAGS_FOR_BUILD' +ac_compile='$CC_FOR_BUILD -c $CFLAGS_FOR_BUILD $CPPFLAGS_FOR_BUILD conftest.$ac_ext >&5' +ac_link='$CC_FOR_BUILD -o conftest$ac_build_exeext $CFLAGS_FOR_BUILD $CPPFLAGS_FOR_BUILD $LDFLAGS_FOR_BUILD conftest.$ac_ext $LIBS >&5' +ac_compiler_gnu=$ac_cv_build_c_compiler_gnu + + +if test ${was_set_ac_cv_c_compiler_gnu} +then : + ac_cv_c_compiler_gnu=saved_ac_cv_c_compiler_gnu +fi + +cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +int +main (void) +{ + + ; + return 0; +} +_ACEOF +ac_clean_files_save=$ac_clean_files +ac_clean_files="$ac_clean_files a.out a.out.dSYM a.exe b.out" +# Try to create an executable without -o first, disregard a.out. +# It will help us diagnose broken compilers, and finding out an intuition +# of exeext. +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking whether the C compiler works" >&5 +printf %s "checking whether the C compiler works... " >&6; } +ac_link_default=`printf "%s\n" "$ac_link" | sed 's/ -o *conftest[^ ]*//'` + +# The possible output files: +ac_files="a.out conftest.exe conftest a.exe a_out.exe b.out conftest.*" + +ac_rmfiles= +for ac_file in $ac_files +do + case $ac_file in + *.$ac_ext | *.xcoff | *.tds | *.d | *.pdb | *.xSYM | *.bb | *.bbg | *.map | *.inf | *.dSYM | *.o | *.obj ) ;; + * ) ac_rmfiles="$ac_rmfiles $ac_file";; + esac +done +rm -f $ac_rmfiles + +if { { ac_try="$ac_link_default" +case "(($ac_try" in + *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; + *) ac_try_echo=$ac_try;; +esac +eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\"" +printf "%s\n" "$ac_try_echo"; } >&5 + (eval "$ac_link_default") 2>&5 + ac_status=$? + printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + test $ac_status = 0; } +then : + # Autoconf-2.13 could set the ac_cv_exeext variable to `no'. +# So ignore a value of `no', otherwise this would lead to `EXEEXT = no' +# in a Makefile. We should not override ac_cv_exeext if it was cached, +# so that the user can short-circuit this test for compilers unknown to +# Autoconf. +for ac_file in $ac_files '' +do + test -f "$ac_file" || continue + case $ac_file in + *.$ac_ext | *.xcoff | *.tds | *.d | *.pdb | *.xSYM | *.bb | *.bbg | *.map | *.inf | *.dSYM | *.o | *.obj ) + ;; + [ab].out ) + # We found the default executable, but exeext='' is most + # certainly right. + break;; + *.* ) + if test ${ac_cv_build_exeext+y} && test "$ac_cv_build_exeext" != no; + then :; else + ac_cv_build_exeext=`expr "$ac_file" : '[^.]*\(\..*\)'` + fi + # We set ac_cv_exeext here because the later test for it is not + # safe: cross compilers may not add the suffix if given an `-o' + # argument, so we may need to know it at that point already. + # Even if this section looks crufty: it has the advantage of + # actually working. + break;; + * ) + break;; + esac +done +test "$ac_cv_build_exeext" = no && ac_cv_build_exeext= + +else $as_nop + ac_file='' +fi +if test -z "$ac_file" +then : + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5 +printf "%s\n" "no" >&6; } +printf "%s\n" "$as_me: failed program was:" >&5 +sed 's/^/| /' conftest.$ac_ext >&5 + +{ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5 +printf "%s\n" "$as_me: error: in \`$ac_pwd':" >&2;} +as_fn_error 77 "C compiler cannot create executables +See \`config.log' for more details" "$LINENO" 5; } +else $as_nop + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: yes" >&5 +printf "%s\n" "yes" >&6; } +fi +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for C compiler default output file name" >&5 +printf %s "checking for C compiler default output file name... " >&6; } +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_file" >&5 +printf "%s\n" "$ac_file" >&6; } +ac_build_exeext=$ac_cv_build_exeext + +rm -f -r a.out a.out.dSYM a.exe conftest$ac_cv_build_exeext b.out +ac_clean_files=$ac_clean_files_save +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for suffix of executables" >&5 +printf %s "checking for suffix of executables... " >&6; } +if { { ac_try="$ac_link" +case "(($ac_try" in + *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; + *) ac_try_echo=$ac_try;; +esac +eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\"" +printf "%s\n" "$ac_try_echo"; } >&5 + (eval "$ac_link") 2>&5 + ac_status=$? + printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + test $ac_status = 0; } +then : + # If both `conftest.exe' and `conftest' are `present' (well, observable) +# catch `conftest.exe'. For instance with Cygwin, `ls conftest' will +# work properly (i.e., refer to `conftest.exe'), while it won't with +# `rm'. +for ac_file in conftest.exe conftest conftest.*; do + test -f "$ac_file" || continue + case $ac_file in + *.$ac_ext | *.xcoff | *.tds | *.d | *.pdb | *.xSYM | *.bb | *.bbg | *.map | *.inf | *.dSYM | *.o | *.obj ) ;; + *.* ) ac_cv_build_exeext=`expr "$ac_file" : '[^.]*\(\..*\)'` + break;; + * ) break;; + esac +done +else $as_nop + { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5 +printf "%s\n" "$as_me: error: in \`$ac_pwd':" >&2;} +as_fn_error $? "cannot compute suffix of executables: cannot compile and link +See \`config.log' for more details" "$LINENO" 5; } +fi +rm -f conftest conftest$ac_cv_build_exeext +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_build_exeext" >&5 +printf "%s\n" "$ac_cv_build_exeext" >&6; } + +rm -f conftest.$ac_ext +EXEEXT=$ac_cv_build_exeext +ac_build_exeext=$BUILD_EXEEXT +cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +#include +int +main (void) +{ +FILE *f = fopen ("conftest.out", "w"); + return ferror (f) || fclose (f) != 0; + + ; + return 0; +} +_ACEOF +ac_clean_files="$ac_clean_files conftest.out" +# Check that the compiler produces executables we can run. If not, either +# the compiler is broken, or we cross compile. +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking whether we are cross compiling" >&5 +printf %s "checking whether we are cross compiling... " >&6; } +if test "$cross_compiling_build" != yes; then + { { ac_try="$ac_link" +case "(($ac_try" in + *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; + *) ac_try_echo=$ac_try;; +esac +eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\"" +printf "%s\n" "$ac_try_echo"; } >&5 + (eval "$ac_link") 2>&5 + ac_status=$? + printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + test $ac_status = 0; } + if { ac_try='./conftest$ac_cv_build_exeext' + { { case "(($ac_try" in + *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; + *) ac_try_echo=$ac_try;; +esac +eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\"" +printf "%s\n" "$ac_try_echo"; } >&5 + (eval "$ac_try") 2>&5 + ac_status=$? + printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + test $ac_status = 0; }; }; then + cross_compiling_build=no + else + if test "$cross_compiling_build" = maybe; then + cross_compiling_build=yes + else + { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5 +printf "%s\n" "$as_me: error: in \`$ac_pwd':" >&2;} +as_fn_error 77 "cannot run C compiled programs. +If you meant to cross compile, use \`--build'. +See \`config.log' for more details" "$LINENO" 5; } + fi + fi +fi +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $cross_compiling_build" >&5 +printf "%s\n" "$cross_compiling_build" >&6; } + +rm -f conftest.$ac_ext conftest$ac_cv_build_exeext conftest.out +ac_clean_files=$ac_clean_files_save + +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for suffix of object files" >&5 +printf %s "checking for suffix of object files... " >&6; } +if test ${ac_cv_build_objext+y} +then : + printf %s "(cached) " >&6 +else $as_nop + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +int +main (void) +{ + + ; + return 0; +} +_ACEOF +rm -f conftest.o conftest.obj +if { { ac_try="$ac_compile" +case "(($ac_try" in + *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; + *) ac_try_echo=$ac_try;; +esac +eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\"" +printf "%s\n" "$ac_try_echo"; } >&5 + (eval "$ac_compile") 2>&5 + ac_status=$? + printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + test $ac_status = 0; } +then : + for ac_file in conftest.o conftest.obj conftest.*; do + test -f "$ac_file" || continue; + case $ac_file in + *.$ac_ext | *.xcoff | *.tds | *.d | *.pdb | *.xSYM | *.bb | *.bbg | *.map | *.inf | *.dSYM ) ;; + *) ac_cv_build_objext=`expr "$ac_file" : '.*\.\(.*\)'` + break;; + esac +done +else $as_nop + printf "%s\n" "$as_me: failed program was:" >&5 +sed 's/^/| /' conftest.$ac_ext >&5 + +{ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5 +printf "%s\n" "$as_me: error: in \`$ac_pwd':" >&2;} +as_fn_error $? "cannot compute suffix of object files: cannot compile +See \`config.log' for more details" "$LINENO" 5; } +fi +rm -f conftest.$ac_cv_build_objext conftest.$ac_ext +fi +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_build_objext" >&5 +printf "%s\n" "$ac_cv_build_objext" >&6; } +OBJEXT=$ac_cv_build_objext +ac_build_objext=$BUILD_OBJEXT + +ac_ext=c +ac_cpp='$CPP_FOR_BUILD $CPPFLAGS_FOR_BUILD' +ac_compile='$CC_FOR_BUILD -c $CFLAGS_FOR_BUILD $CPPFLAGS_FOR_BUILD conftest.$ac_ext >&5' +ac_link='$CC_FOR_BUILD -o conftest$ac_build_exeext $CFLAGS_FOR_BUILD $CPPFLAGS_FOR_BUILD $LDFLAGS_FOR_BUILD conftest.$ac_ext $LIBS >&5' +ac_compiler_gnu=$ac_cv_build_c_compiler_gnu +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking how to run the C preprocessor" >&5 +printf %s "checking how to run the C preprocessor... " >&6; } +# On Suns, sometimes $CPP names a directory. +if test -n "$CPP_FOR_BUILD" && test -d "$CPP_FOR_BUILD"; then + CPP_FOR_BUILD= +fi +if test -z "$CPP_FOR_BUILD"; then + if test ${ac_cv_build_prog_CPP+y} +then : + printf %s "(cached) " >&6 +else $as_nop + # Double quotes because $CC needs to be expanded + for CPP_FOR_BUILD in "$CC_FOR_BUILD -E" "$CC_FOR_BUILD -E -traditional-cpp" cpp /lib/cpp + do + ac_preproc_ok=false +for ac_c_preproc_warn_flag in '' yes +do + # Use a header file that comes with gcc, so configuring glibc + # with a fresh cross-compiler works. + # On the NeXT, cc -E runs the code through the compiler's parser, + # not just through cpp. "Syntax error" is here to catch this case. + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +#include + Syntax error +_ACEOF +if ac_fn_c_try_cpp "$LINENO" +then : + +else $as_nop + # Broken: fails on valid input. +continue +fi +rm -f conftest.err conftest.i conftest.$ac_ext + + # OK, works on sane cases. Now check whether nonexistent headers + # can be detected and how. + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +#include +_ACEOF +if ac_fn_c_try_cpp "$LINENO" +then : + # Broken: success on invalid input. +continue +else $as_nop + # Passes both tests. +ac_preproc_ok=: +break +fi +rm -f conftest.err conftest.i conftest.$ac_ext + +done +# Because of `break', _AC_PREPROC_IFELSE's cleaning code was skipped. +rm -f conftest.i conftest.err conftest.$ac_ext +if $ac_preproc_ok +then : + break +fi + + done + ac_cv_build_prog_CPP=$CPP_FOR_BUILD + +fi + CPP_FOR_BUILD=$ac_cv_build_prog_CPP +else + ac_cv_build_prog_CPP=$CPP_FOR_BUILD +fi +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $CPP_FOR_BUILD" >&5 +printf "%s\n" "$CPP_FOR_BUILD" >&6; } +ac_preproc_ok=false +for ac_c_preproc_warn_flag in '' yes +do + # Use a header file that comes with gcc, so configuring glibc + # with a fresh cross-compiler works. + # On the NeXT, cc -E runs the code through the compiler's parser, + # not just through cpp. "Syntax error" is here to catch this case. + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +#include + Syntax error +_ACEOF +if ac_fn_c_try_cpp "$LINENO" +then : + +else $as_nop + # Broken: fails on valid input. +continue +fi +rm -f conftest.err conftest.i conftest.$ac_ext + + # OK, works on sane cases. Now check whether nonexistent headers + # can be detected and how. + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +#include +_ACEOF +if ac_fn_c_try_cpp "$LINENO" +then : + # Broken: success on invalid input. +continue +else $as_nop + # Passes both tests. +ac_preproc_ok=: +break +fi +rm -f conftest.err conftest.i conftest.$ac_ext + +done +# Because of `break', _AC_PREPROC_IFELSE's cleaning code was skipped. +rm -f conftest.i conftest.err conftest.$ac_ext +if $ac_preproc_ok +then : + +else $as_nop + { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5 +printf "%s\n" "$as_me: error: in \`$ac_pwd':" >&2;} +as_fn_error $? "C preprocessor \"$CPP_FOR_BUILD\" fails sanity check +See \`config.log' for more details" "$LINENO" 5; } +fi + +ac_ext=c +ac_cpp='$CPP_FOR_BUILD $CPPFLAGS_FOR_BUILD' +ac_compile='$CC_FOR_BUILD -c $CFLAGS_FOR_BUILD $CPPFLAGS_FOR_BUILD conftest.$ac_ext >&5' +ac_link='$CC_FOR_BUILD -o conftest$ac_build_exeext $CFLAGS_FOR_BUILD $CPPFLAGS_FOR_BUILD $LDFLAGS_FOR_BUILD conftest.$ac_ext $LIBS >&5' +ac_compiler_gnu=$ac_cv_build_c_compiler_gnu + + + +ac_ext=c +ac_cpp='$CPP $CPPFLAGS' +ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5' +ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5' +ac_compiler_gnu=$ac_cv_c_compiler_gnu + + + + +if test "x$ac_cv_prog_cc_c89" = "xno"; then + as_fn_error $? "Sudo version $PACKAGE_VERSION requires an ANSI C compiler to build." "$LINENO" 5 +fi + +if test "$enable_static" = "no"; then + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: WARNING: ignoring --disable-static, sudo does not install static libs" >&5 +printf "%s\n" "$as_me: WARNING: ignoring --disable-static, sudo does not install static libs" >&2;} + enable_static=yes +fi + +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking host system type" >&5 +printf %s "checking host system type... " >&6; } +if test ${ac_cv_host+y} +then : + printf %s "(cached) " >&6 +else $as_nop if test "x$host_alias" = x; then ac_cv_host=$ac_cv_build else - ac_cv_host=`$SHELL "$ac_aux_dir/config.sub" $host_alias` || - as_fn_error $? "$SHELL $ac_aux_dir/config.sub $host_alias failed" "$LINENO" 5 + ac_cv_host=`$SHELL "${ac_aux_dir}config.sub" $host_alias` || + as_fn_error $? "$SHELL ${ac_aux_dir}config.sub $host_alias failed" "$LINENO" 5 fi fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_host" >&5 -$as_echo "$ac_cv_host" >&6; } +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_host" >&5 +printf "%s\n" "$ac_cv_host" >&6; } case $ac_cv_host in *-*-*) ;; *) as_fn_error $? "invalid value of canonical host" "$LINENO" 5;; @@ -7227,33 +8619,34 @@ case "$host_os" in aix4.[23]|aix4.[23].*|aix[5-9]*) -if ${LDFLAGS+:} false; then : +if test ${LDFLAGS+y} +then : case " $LDFLAGS " in #( *" -Wl,-brtl "*) : - { { $as_echo "$as_me:${as_lineno-$LINENO}: : LDFLAGS already contains -Wl,-brtl"; } >&5 + { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: : LDFLAGS already contains -Wl,-brtl"; } >&5 (: LDFLAGS already contains -Wl,-brtl) 2>&5 ac_status=$? - $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 test $ac_status = 0; } ;; #( *) : as_fn_append LDFLAGS " -Wl,-brtl" - { { $as_echo "$as_me:${as_lineno-$LINENO}: : LDFLAGS=\"\$LDFLAGS\""; } >&5 + { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: : LDFLAGS=\"\$LDFLAGS\""; } >&5 (: LDFLAGS="$LDFLAGS") 2>&5 ac_status=$? - $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 test $ac_status = 0; } ;; esac -else +else $as_nop LDFLAGS=-Wl,-brtl - { { $as_echo "$as_me:${as_lineno-$LINENO}: : LDFLAGS=\"\$LDFLAGS\""; } >&5 + { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: : LDFLAGS=\"\$LDFLAGS\""; } >&5 (: LDFLAGS="$LDFLAGS") 2>&5 ac_status=$? - $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 test $ac_status = 0; } fi @@ -7270,10 +8663,11 @@ esac + case `pwd` in *\ * | *\ *) - { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: Libtool does not cope well with whitespace in \`pwd\`" >&5 -$as_echo "$as_me: WARNING: Libtool does not cope well with whitespace in \`pwd\`" >&2;} ;; + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: WARNING: Libtool does not cope well with whitespace in \`pwd\`" >&5 +printf "%s\n" "$as_me: WARNING: Libtool does not cope well with whitespace in \`pwd\`" >&2;} ;; esac @@ -7293,6 +8687,7 @@ + ltmain=$ac_aux_dir/ltmain.sh # Backslashify metacharacters that are still active within @@ -7316,8 +8711,8 @@ ECHO=$ECHO$ECHO$ECHO$ECHO$ECHO ECHO=$ECHO$ECHO$ECHO$ECHO$ECHO$ECHO -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking how to print strings" >&5 -$as_echo_n "checking how to print strings... " >&6; } +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking how to print strings" >&5 +printf %s "checking how to print strings... " >&6; } # Test print first, because it will be a builtin if present. if test "X`( print -r -- -n ) 2>/dev/null`" = X-n && \ test "X`print -r -- $ECHO 2>/dev/null`" = "X$ECHO"; then @@ -7343,12 +8738,12 @@ } case $ECHO in - printf*) { $as_echo "$as_me:${as_lineno-$LINENO}: result: printf" >&5 -$as_echo "printf" >&6; } ;; - print*) { $as_echo "$as_me:${as_lineno-$LINENO}: result: print -r" >&5 -$as_echo "print -r" >&6; } ;; - *) { $as_echo "$as_me:${as_lineno-$LINENO}: result: cat" >&5 -$as_echo "cat" >&6; } ;; + printf*) { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: printf" >&5 +printf "%s\n" "printf" >&6; } ;; + print*) { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: print -r" >&5 +printf "%s\n" "print -r" >&6; } ;; + *) { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: cat" >&5 +printf "%s\n" "cat" >&6; } ;; esac @@ -7364,11 +8759,12 @@ -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for a sed that does not truncate output" >&5 -$as_echo_n "checking for a sed that does not truncate output... " >&6; } -if ${ac_cv_path_SED+:} false; then : - $as_echo_n "(cached) " >&6 -else +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for a sed that does not truncate output" >&5 +printf %s "checking for a sed that does not truncate output... " >&6; } +if test ${ac_cv_path_SED+y} +then : + printf %s "(cached) " >&6 +else $as_nop ac_script=s/aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa/bbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbb/ for ac_i in 1 2 3 4 5 6 7; do ac_script="$ac_script$as_nl$ac_script" @@ -7382,10 +8778,15 @@ for as_dir in $PATH do IFS=$as_save_IFS - test -z "$as_dir" && as_dir=. - for ac_prog in sed gsed; do + case $as_dir in #((( + '') as_dir=./ ;; + */) ;; + *) as_dir=$as_dir/ ;; + esac + for ac_prog in sed gsed + do for ac_exec_ext in '' $ac_executable_extensions; do - ac_path_SED="$as_dir/$ac_prog$ac_exec_ext" + ac_path_SED="$as_dir$ac_prog$ac_exec_ext" as_fn_executable_p "$ac_path_SED" || continue # Check for GNU ac_path_SED and select it if it is found. # Check for GNU $ac_path_SED @@ -7394,13 +8795,13 @@ ac_cv_path_SED="$ac_path_SED" ac_path_SED_found=:;; *) ac_count=0 - $as_echo_n 0123456789 >"conftest.in" + printf %s 0123456789 >"conftest.in" while : do cat "conftest.in" "conftest.in" >"conftest.tmp" mv "conftest.tmp" "conftest.in" cp "conftest.in" "conftest.nl" - $as_echo '' >> "conftest.nl" + printf "%s\n" '' >> "conftest.nl" "$ac_path_SED" -f conftest.sed < "conftest.nl" >"conftest.out" 2>/dev/null || break diff "conftest.out" "conftest.nl" >/dev/null 2>&1 || break as_fn_arith $ac_count + 1 && ac_count=$as_val @@ -7428,8 +8829,8 @@ fi fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_path_SED" >&5 -$as_echo "$ac_cv_path_SED" >&6; } +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_path_SED" >&5 +printf "%s\n" "$ac_cv_path_SED" >&6; } SED="$ac_cv_path_SED" rm -f conftest.sed @@ -7446,11 +8847,154 @@ -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for fgrep" >&5 -$as_echo_n "checking for fgrep... " >&6; } -if ${ac_cv_path_FGREP+:} false; then : - $as_echo_n "(cached) " >&6 +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for grep that handles long lines and -e" >&5 +printf %s "checking for grep that handles long lines and -e... " >&6; } +if test ${ac_cv_path_GREP+y} +then : + printf %s "(cached) " >&6 +else $as_nop + if test -z "$GREP"; then + ac_path_GREP_found=false + # Loop through the user's path and test for each of PROGNAME-LIST + as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH$PATH_SEPARATOR/usr/xpg4/bin +do + IFS=$as_save_IFS + case $as_dir in #((( + '') as_dir=./ ;; + */) ;; + *) as_dir=$as_dir/ ;; + esac + for ac_prog in grep ggrep + do + for ac_exec_ext in '' $ac_executable_extensions; do + ac_path_GREP="$as_dir$ac_prog$ac_exec_ext" + as_fn_executable_p "$ac_path_GREP" || continue +# Check for GNU ac_path_GREP and select it if it is found. + # Check for GNU $ac_path_GREP +case `"$ac_path_GREP" --version 2>&1` in +*GNU*) + ac_cv_path_GREP="$ac_path_GREP" ac_path_GREP_found=:;; +*) + ac_count=0 + printf %s 0123456789 >"conftest.in" + while : + do + cat "conftest.in" "conftest.in" >"conftest.tmp" + mv "conftest.tmp" "conftest.in" + cp "conftest.in" "conftest.nl" + printf "%s\n" 'GREP' >> "conftest.nl" + "$ac_path_GREP" -e 'GREP$' -e '-(cannot match)-' < "conftest.nl" >"conftest.out" 2>/dev/null || break + diff "conftest.out" "conftest.nl" >/dev/null 2>&1 || break + as_fn_arith $ac_count + 1 && ac_count=$as_val + if test $ac_count -gt ${ac_path_GREP_max-0}; then + # Best one so far, save it but keep looking for a better one + ac_cv_path_GREP="$ac_path_GREP" + ac_path_GREP_max=$ac_count + fi + # 10*(2^10) chars as input seems more than enough + test $ac_count -gt 10 && break + done + rm -f conftest.in conftest.tmp conftest.nl conftest.out;; +esac + + $ac_path_GREP_found && break 3 + done + done + done +IFS=$as_save_IFS + if test -z "$ac_cv_path_GREP"; then + as_fn_error $? "no acceptable grep could be found in $PATH$PATH_SEPARATOR/usr/xpg4/bin" "$LINENO" 5 + fi +else + ac_cv_path_GREP=$GREP +fi + +fi +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_path_GREP" >&5 +printf "%s\n" "$ac_cv_path_GREP" >&6; } + GREP="$ac_cv_path_GREP" + + +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for egrep" >&5 +printf %s "checking for egrep... " >&6; } +if test ${ac_cv_path_EGREP+y} +then : + printf %s "(cached) " >&6 +else $as_nop + if echo a | $GREP -E '(a|b)' >/dev/null 2>&1 + then ac_cv_path_EGREP="$GREP -E" + else + if test -z "$EGREP"; then + ac_path_EGREP_found=false + # Loop through the user's path and test for each of PROGNAME-LIST + as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH$PATH_SEPARATOR/usr/xpg4/bin +do + IFS=$as_save_IFS + case $as_dir in #((( + '') as_dir=./ ;; + */) ;; + *) as_dir=$as_dir/ ;; + esac + for ac_prog in egrep + do + for ac_exec_ext in '' $ac_executable_extensions; do + ac_path_EGREP="$as_dir$ac_prog$ac_exec_ext" + as_fn_executable_p "$ac_path_EGREP" || continue +# Check for GNU ac_path_EGREP and select it if it is found. + # Check for GNU $ac_path_EGREP +case `"$ac_path_EGREP" --version 2>&1` in +*GNU*) + ac_cv_path_EGREP="$ac_path_EGREP" ac_path_EGREP_found=:;; +*) + ac_count=0 + printf %s 0123456789 >"conftest.in" + while : + do + cat "conftest.in" "conftest.in" >"conftest.tmp" + mv "conftest.tmp" "conftest.in" + cp "conftest.in" "conftest.nl" + printf "%s\n" 'EGREP' >> "conftest.nl" + "$ac_path_EGREP" 'EGREP$' < "conftest.nl" >"conftest.out" 2>/dev/null || break + diff "conftest.out" "conftest.nl" >/dev/null 2>&1 || break + as_fn_arith $ac_count + 1 && ac_count=$as_val + if test $ac_count -gt ${ac_path_EGREP_max-0}; then + # Best one so far, save it but keep looking for a better one + ac_cv_path_EGREP="$ac_path_EGREP" + ac_path_EGREP_max=$ac_count + fi + # 10*(2^10) chars as input seems more than enough + test $ac_count -gt 10 && break + done + rm -f conftest.in conftest.tmp conftest.nl conftest.out;; +esac + + $ac_path_EGREP_found && break 3 + done + done + done +IFS=$as_save_IFS + if test -z "$ac_cv_path_EGREP"; then + as_fn_error $? "no acceptable egrep could be found in $PATH$PATH_SEPARATOR/usr/xpg4/bin" "$LINENO" 5 + fi else + ac_cv_path_EGREP=$EGREP +fi + + fi +fi +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_path_EGREP" >&5 +printf "%s\n" "$ac_cv_path_EGREP" >&6; } + EGREP="$ac_cv_path_EGREP" + + +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for fgrep" >&5 +printf %s "checking for fgrep... " >&6; } +if test ${ac_cv_path_FGREP+y} +then : + printf %s "(cached) " >&6 +else $as_nop if echo 'ab*c' | $GREP -F 'ab*c' >/dev/null 2>&1 then ac_cv_path_FGREP="$GREP -F" else @@ -7461,10 +9005,15 @@ for as_dir in $PATH$PATH_SEPARATOR/usr/xpg4/bin do IFS=$as_save_IFS - test -z "$as_dir" && as_dir=. - for ac_prog in fgrep; do + case $as_dir in #((( + '') as_dir=./ ;; + */) ;; + *) as_dir=$as_dir/ ;; + esac + for ac_prog in fgrep + do for ac_exec_ext in '' $ac_executable_extensions; do - ac_path_FGREP="$as_dir/$ac_prog$ac_exec_ext" + ac_path_FGREP="$as_dir$ac_prog$ac_exec_ext" as_fn_executable_p "$ac_path_FGREP" || continue # Check for GNU ac_path_FGREP and select it if it is found. # Check for GNU $ac_path_FGREP @@ -7473,13 +9022,13 @@ ac_cv_path_FGREP="$ac_path_FGREP" ac_path_FGREP_found=:;; *) ac_count=0 - $as_echo_n 0123456789 >"conftest.in" + printf %s 0123456789 >"conftest.in" while : do cat "conftest.in" "conftest.in" >"conftest.tmp" mv "conftest.tmp" "conftest.in" cp "conftest.in" "conftest.nl" - $as_echo 'FGREP' >> "conftest.nl" + printf "%s\n" 'FGREP' >> "conftest.nl" "$ac_path_FGREP" FGREP < "conftest.nl" >"conftest.out" 2>/dev/null || break diff "conftest.out" "conftest.nl" >/dev/null 2>&1 || break as_fn_arith $ac_count + 1 && ac_count=$as_val @@ -7508,8 +9057,8 @@ fi fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_path_FGREP" >&5 -$as_echo "$ac_cv_path_FGREP" >&6; } +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_path_FGREP" >&5 +printf "%s\n" "$ac_cv_path_FGREP" >&6; } FGREP="$ac_cv_path_FGREP" @@ -7534,17 +9083,18 @@ # Check whether --with-gnu-ld was given. -if test "${with_gnu_ld+set}" = set; then : +if test ${with_gnu_ld+y} +then : withval=$with_gnu_ld; test no = "$withval" || with_gnu_ld=yes -else +else $as_nop with_gnu_ld=no fi ac_prog=ld if test yes = "$GCC"; then # Check if gcc -print-prog-name=ld gives a path. - { $as_echo "$as_me:${as_lineno-$LINENO}: checking for ld used by $CC" >&5 -$as_echo_n "checking for ld used by $CC... " >&6; } + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for ld used by $CC" >&5 +printf %s "checking for ld used by $CC... " >&6; } case $host in *-*-mingw*) # gcc leaves a trailing carriage return, which upsets mingw @@ -7573,15 +9123,16 @@ ;; esac elif test yes = "$with_gnu_ld"; then - { $as_echo "$as_me:${as_lineno-$LINENO}: checking for GNU ld" >&5 -$as_echo_n "checking for GNU ld... " >&6; } + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for GNU ld" >&5 +printf %s "checking for GNU ld... " >&6; } else - { $as_echo "$as_me:${as_lineno-$LINENO}: checking for non-GNU ld" >&5 -$as_echo_n "checking for non-GNU ld... " >&6; } + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for non-GNU ld" >&5 +printf %s "checking for non-GNU ld... " >&6; } fi -if ${lt_cv_path_LD+:} false; then : - $as_echo_n "(cached) " >&6 -else +if test ${lt_cv_path_LD+y} +then : + printf %s "(cached) " >&6 +else $as_nop if test -z "$LD"; then lt_save_ifs=$IFS; IFS=$PATH_SEPARATOR for ac_dir in $PATH; do @@ -7610,18 +9161,19 @@ LD=$lt_cv_path_LD if test -n "$LD"; then - { $as_echo "$as_me:${as_lineno-$LINENO}: result: $LD" >&5 -$as_echo "$LD" >&6; } + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $LD" >&5 +printf "%s\n" "$LD" >&6; } else - { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 -$as_echo "no" >&6; } + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5 +printf "%s\n" "no" >&6; } fi test -z "$LD" && as_fn_error $? "no acceptable ld found in \$PATH" "$LINENO" 5 -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking if the linker ($LD) is GNU ld" >&5 -$as_echo_n "checking if the linker ($LD) is GNU ld... " >&6; } -if ${lt_cv_prog_gnu_ld+:} false; then : - $as_echo_n "(cached) " >&6 -else +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking if the linker ($LD) is GNU ld" >&5 +printf %s "checking if the linker ($LD) is GNU ld... " >&6; } +if test ${lt_cv_prog_gnu_ld+y} +then : + printf %s "(cached) " >&6 +else $as_nop # I'd rather use --version here, but apparently some GNU lds only accept -v. case `$LD -v 2>&1 &5 -$as_echo "$lt_cv_prog_gnu_ld" >&6; } +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $lt_cv_prog_gnu_ld" >&5 +printf "%s\n" "$lt_cv_prog_gnu_ld" >&6; } with_gnu_ld=$lt_cv_prog_gnu_ld @@ -7644,11 +9196,12 @@ -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for BSD- or MS-compatible name lister (nm)" >&5 -$as_echo_n "checking for BSD- or MS-compatible name lister (nm)... " >&6; } -if ${lt_cv_path_NM+:} false; then : - $as_echo_n "(cached) " >&6 -else +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for BSD- or MS-compatible name lister (nm)" >&5 +printf %s "checking for BSD- or MS-compatible name lister (nm)... " >&6; } +if test ${lt_cv_path_NM+y} +then : + printf %s "(cached) " >&6 +else $as_nop if test -n "$NM"; then # Let the user override the test. lt_cv_path_NM=$NM @@ -7698,8 +9251,8 @@ : ${lt_cv_path_NM=no} fi fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_cv_path_NM" >&5 -$as_echo "$lt_cv_path_NM" >&6; } +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $lt_cv_path_NM" >&5 +printf "%s\n" "$lt_cv_path_NM" >&6; } if test no != "$lt_cv_path_NM"; then NM=$lt_cv_path_NM else @@ -7712,11 +9265,12 @@ do # Extract the first word of "$ac_tool_prefix$ac_prog", so it can be a program name with args. set dummy $ac_tool_prefix$ac_prog; ac_word=$2 -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 -$as_echo_n "checking for $ac_word... " >&6; } -if ${ac_cv_prog_DUMPBIN+:} false; then : - $as_echo_n "(cached) " >&6 -else +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 +printf %s "checking for $ac_word... " >&6; } +if test ${ac_cv_prog_DUMPBIN+y} +then : + printf %s "(cached) " >&6 +else $as_nop if test -n "$DUMPBIN"; then ac_cv_prog_DUMPBIN="$DUMPBIN" # Let the user override the test. else @@ -7724,11 +9278,15 @@ for as_dir in $PATH do IFS=$as_save_IFS - test -z "$as_dir" && as_dir=. + case $as_dir in #((( + '') as_dir=./ ;; + */) ;; + *) as_dir=$as_dir/ ;; + esac for ac_exec_ext in '' $ac_executable_extensions; do - if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then + if as_fn_executable_p "$as_dir$ac_word$ac_exec_ext"; then ac_cv_prog_DUMPBIN="$ac_tool_prefix$ac_prog" - $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 + printf "%s\n" "$as_me:${as_lineno-$LINENO}: found $as_dir$ac_word$ac_exec_ext" >&5 break 2 fi done @@ -7739,11 +9297,11 @@ fi DUMPBIN=$ac_cv_prog_DUMPBIN if test -n "$DUMPBIN"; then - { $as_echo "$as_me:${as_lineno-$LINENO}: result: $DUMPBIN" >&5 -$as_echo "$DUMPBIN" >&6; } + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $DUMPBIN" >&5 +printf "%s\n" "$DUMPBIN" >&6; } else - { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 -$as_echo "no" >&6; } + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5 +printf "%s\n" "no" >&6; } fi @@ -7756,11 +9314,12 @@ do # Extract the first word of "$ac_prog", so it can be a program name with args. set dummy $ac_prog; ac_word=$2 -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 -$as_echo_n "checking for $ac_word... " >&6; } -if ${ac_cv_prog_ac_ct_DUMPBIN+:} false; then : - $as_echo_n "(cached) " >&6 -else +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 +printf %s "checking for $ac_word... " >&6; } +if test ${ac_cv_prog_ac_ct_DUMPBIN+y} +then : + printf %s "(cached) " >&6 +else $as_nop if test -n "$ac_ct_DUMPBIN"; then ac_cv_prog_ac_ct_DUMPBIN="$ac_ct_DUMPBIN" # Let the user override the test. else @@ -7768,11 +9327,15 @@ for as_dir in $PATH do IFS=$as_save_IFS - test -z "$as_dir" && as_dir=. + case $as_dir in #((( + '') as_dir=./ ;; + */) ;; + *) as_dir=$as_dir/ ;; + esac for ac_exec_ext in '' $ac_executable_extensions; do - if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then + if as_fn_executable_p "$as_dir$ac_word$ac_exec_ext"; then ac_cv_prog_ac_ct_DUMPBIN="$ac_prog" - $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 + printf "%s\n" "$as_me:${as_lineno-$LINENO}: found $as_dir$ac_word$ac_exec_ext" >&5 break 2 fi done @@ -7783,11 +9346,11 @@ fi ac_ct_DUMPBIN=$ac_cv_prog_ac_ct_DUMPBIN if test -n "$ac_ct_DUMPBIN"; then - { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_ct_DUMPBIN" >&5 -$as_echo "$ac_ct_DUMPBIN" >&6; } + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_ct_DUMPBIN" >&5 +printf "%s\n" "$ac_ct_DUMPBIN" >&6; } else - { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 -$as_echo "no" >&6; } + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5 +printf "%s\n" "no" >&6; } fi @@ -7799,8 +9362,8 @@ else case $cross_compiling:$ac_tool_warned in yes:) -{ $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5 -$as_echo "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;} +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5 +printf "%s\n" "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;} ac_tool_warned=yes ;; esac DUMPBIN=$ac_ct_DUMPBIN @@ -7828,11 +9391,12 @@ -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking the name lister ($NM) interface" >&5 -$as_echo_n "checking the name lister ($NM) interface... " >&6; } -if ${lt_cv_nm_interface+:} false; then : - $as_echo_n "(cached) " >&6 -else +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking the name lister ($NM) interface" >&5 +printf %s "checking the name lister ($NM) interface... " >&6; } +if test ${lt_cv_nm_interface+y} +then : + printf %s "(cached) " >&6 +else $as_nop lt_cv_nm_interface="BSD nm" echo "int some_variable = 0;" > conftest.$ac_ext (eval echo "\"\$as_me:$LINENO: $ac_compile\"" >&5) @@ -7848,26 +9412,27 @@ fi rm -f conftest* fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_cv_nm_interface" >&5 -$as_echo "$lt_cv_nm_interface" >&6; } +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $lt_cv_nm_interface" >&5 +printf "%s\n" "$lt_cv_nm_interface" >&6; } -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether ln -s works" >&5 -$as_echo_n "checking whether ln -s works... " >&6; } +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking whether ln -s works" >&5 +printf %s "checking whether ln -s works... " >&6; } LN_S=$as_ln_s if test "$LN_S" = "ln -s"; then - { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 -$as_echo "yes" >&6; } + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: yes" >&5 +printf "%s\n" "yes" >&6; } else - { $as_echo "$as_me:${as_lineno-$LINENO}: result: no, using $LN_S" >&5 -$as_echo "no, using $LN_S" >&6; } + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no, using $LN_S" >&5 +printf "%s\n" "no, using $LN_S" >&6; } fi # find the maximum length of command line arguments -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking the maximum length of command line arguments" >&5 -$as_echo_n "checking the maximum length of command line arguments... " >&6; } -if ${lt_cv_sys_max_cmd_len+:} false; then : - $as_echo_n "(cached) " >&6 -else +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking the maximum length of command line arguments" >&5 +printf %s "checking the maximum length of command line arguments... " >&6; } +if test ${lt_cv_sys_max_cmd_len+y} +then : + printf %s "(cached) " >&6 +else $as_nop i=0 teststring=ABCD @@ -7994,11 +9559,11 @@ fi if test -n "$lt_cv_sys_max_cmd_len"; then - { $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_cv_sys_max_cmd_len" >&5 -$as_echo "$lt_cv_sys_max_cmd_len" >&6; } + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $lt_cv_sys_max_cmd_len" >&5 +printf "%s\n" "$lt_cv_sys_max_cmd_len" >&6; } else - { $as_echo "$as_me:${as_lineno-$LINENO}: result: none" >&5 -$as_echo "none" >&6; } + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: none" >&5 +printf "%s\n" "none" >&6; } fi max_cmd_len=$lt_cv_sys_max_cmd_len @@ -8042,11 +9607,12 @@ -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking how to convert $build file names to $host format" >&5 -$as_echo_n "checking how to convert $build file names to $host format... " >&6; } -if ${lt_cv_to_host_file_cmd+:} false; then : - $as_echo_n "(cached) " >&6 -else +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking how to convert $build file names to $host format" >&5 +printf %s "checking how to convert $build file names to $host format... " >&6; } +if test ${lt_cv_to_host_file_cmd+y} +then : + printf %s "(cached) " >&6 +else $as_nop case $host in *-*-mingw* ) case $build in @@ -8082,18 +9648,19 @@ fi to_host_file_cmd=$lt_cv_to_host_file_cmd -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_cv_to_host_file_cmd" >&5 -$as_echo "$lt_cv_to_host_file_cmd" >&6; } +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $lt_cv_to_host_file_cmd" >&5 +printf "%s\n" "$lt_cv_to_host_file_cmd" >&6; } -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking how to convert $build file names to toolchain format" >&5 -$as_echo_n "checking how to convert $build file names to toolchain format... " >&6; } -if ${lt_cv_to_tool_file_cmd+:} false; then : - $as_echo_n "(cached) " >&6 -else +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking how to convert $build file names to toolchain format" >&5 +printf %s "checking how to convert $build file names to toolchain format... " >&6; } +if test ${lt_cv_to_tool_file_cmd+y} +then : + printf %s "(cached) " >&6 +else $as_nop #assume ordinary cross tools, or native build. lt_cv_to_tool_file_cmd=func_convert_file_noop case $host in @@ -8109,22 +9676,23 @@ fi to_tool_file_cmd=$lt_cv_to_tool_file_cmd -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_cv_to_tool_file_cmd" >&5 -$as_echo "$lt_cv_to_tool_file_cmd" >&6; } +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $lt_cv_to_tool_file_cmd" >&5 +printf "%s\n" "$lt_cv_to_tool_file_cmd" >&6; } -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $LD option to reload object files" >&5 -$as_echo_n "checking for $LD option to reload object files... " >&6; } -if ${lt_cv_ld_reload_flag+:} false; then : - $as_echo_n "(cached) " >&6 -else +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $LD option to reload object files" >&5 +printf %s "checking for $LD option to reload object files... " >&6; } +if test ${lt_cv_ld_reload_flag+y} +then : + printf %s "(cached) " >&6 +else $as_nop lt_cv_ld_reload_flag='-r' fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_cv_ld_reload_flag" >&5 -$as_echo "$lt_cv_ld_reload_flag" >&6; } +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $lt_cv_ld_reload_flag" >&5 +printf "%s\n" "$lt_cv_ld_reload_flag" >&6; } reload_flag=$lt_cv_ld_reload_flag case $reload_flag in "" | " "*) ;; @@ -8157,11 +9725,12 @@ if test -n "$ac_tool_prefix"; then # Extract the first word of "${ac_tool_prefix}objdump", so it can be a program name with args. set dummy ${ac_tool_prefix}objdump; ac_word=$2 -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 -$as_echo_n "checking for $ac_word... " >&6; } -if ${ac_cv_prog_OBJDUMP+:} false; then : - $as_echo_n "(cached) " >&6 -else +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 +printf %s "checking for $ac_word... " >&6; } +if test ${ac_cv_prog_OBJDUMP+y} +then : + printf %s "(cached) " >&6 +else $as_nop if test -n "$OBJDUMP"; then ac_cv_prog_OBJDUMP="$OBJDUMP" # Let the user override the test. else @@ -8169,11 +9738,15 @@ for as_dir in $PATH do IFS=$as_save_IFS - test -z "$as_dir" && as_dir=. + case $as_dir in #((( + '') as_dir=./ ;; + */) ;; + *) as_dir=$as_dir/ ;; + esac for ac_exec_ext in '' $ac_executable_extensions; do - if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then + if as_fn_executable_p "$as_dir$ac_word$ac_exec_ext"; then ac_cv_prog_OBJDUMP="${ac_tool_prefix}objdump" - $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 + printf "%s\n" "$as_me:${as_lineno-$LINENO}: found $as_dir$ac_word$ac_exec_ext" >&5 break 2 fi done @@ -8184,11 +9757,11 @@ fi OBJDUMP=$ac_cv_prog_OBJDUMP if test -n "$OBJDUMP"; then - { $as_echo "$as_me:${as_lineno-$LINENO}: result: $OBJDUMP" >&5 -$as_echo "$OBJDUMP" >&6; } + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $OBJDUMP" >&5 +printf "%s\n" "$OBJDUMP" >&6; } else - { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 -$as_echo "no" >&6; } + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5 +printf "%s\n" "no" >&6; } fi @@ -8197,11 +9770,12 @@ ac_ct_OBJDUMP=$OBJDUMP # Extract the first word of "objdump", so it can be a program name with args. set dummy objdump; ac_word=$2 -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 -$as_echo_n "checking for $ac_word... " >&6; } -if ${ac_cv_prog_ac_ct_OBJDUMP+:} false; then : - $as_echo_n "(cached) " >&6 -else +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 +printf %s "checking for $ac_word... " >&6; } +if test ${ac_cv_prog_ac_ct_OBJDUMP+y} +then : + printf %s "(cached) " >&6 +else $as_nop if test -n "$ac_ct_OBJDUMP"; then ac_cv_prog_ac_ct_OBJDUMP="$ac_ct_OBJDUMP" # Let the user override the test. else @@ -8209,11 +9783,15 @@ for as_dir in $PATH do IFS=$as_save_IFS - test -z "$as_dir" && as_dir=. + case $as_dir in #((( + '') as_dir=./ ;; + */) ;; + *) as_dir=$as_dir/ ;; + esac for ac_exec_ext in '' $ac_executable_extensions; do - if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then + if as_fn_executable_p "$as_dir$ac_word$ac_exec_ext"; then ac_cv_prog_ac_ct_OBJDUMP="objdump" - $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 + printf "%s\n" "$as_me:${as_lineno-$LINENO}: found $as_dir$ac_word$ac_exec_ext" >&5 break 2 fi done @@ -8224,11 +9802,11 @@ fi ac_ct_OBJDUMP=$ac_cv_prog_ac_ct_OBJDUMP if test -n "$ac_ct_OBJDUMP"; then - { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_ct_OBJDUMP" >&5 -$as_echo "$ac_ct_OBJDUMP" >&6; } + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_ct_OBJDUMP" >&5 +printf "%s\n" "$ac_ct_OBJDUMP" >&6; } else - { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 -$as_echo "no" >&6; } + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5 +printf "%s\n" "no" >&6; } fi if test "x$ac_ct_OBJDUMP" = x; then @@ -8236,8 +9814,8 @@ else case $cross_compiling:$ac_tool_warned in yes:) -{ $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5 -$as_echo "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;} +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5 +printf "%s\n" "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;} ac_tool_warned=yes ;; esac OBJDUMP=$ac_ct_OBJDUMP @@ -8256,11 +9834,12 @@ -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking how to recognize dependent libraries" >&5 -$as_echo_n "checking how to recognize dependent libraries... " >&6; } -if ${lt_cv_deplibs_check_method+:} false; then : - $as_echo_n "(cached) " >&6 -else +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking how to recognize dependent libraries" >&5 +printf %s "checking how to recognize dependent libraries... " >&6; } +if test ${lt_cv_deplibs_check_method+y} +then : + printf %s "(cached) " >&6 +else $as_nop lt_cv_file_magic_cmd='$MAGIC_CMD' lt_cv_file_magic_test_file= lt_cv_deplibs_check_method='unknown' @@ -8442,8 +10021,8 @@ esac fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_cv_deplibs_check_method" >&5 -$as_echo "$lt_cv_deplibs_check_method" >&6; } +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $lt_cv_deplibs_check_method" >&5 +printf "%s\n" "$lt_cv_deplibs_check_method" >&6; } file_magic_glob= want_nocaseglob=no @@ -8487,11 +10066,12 @@ if test -n "$ac_tool_prefix"; then # Extract the first word of "${ac_tool_prefix}dlltool", so it can be a program name with args. set dummy ${ac_tool_prefix}dlltool; ac_word=$2 -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 -$as_echo_n "checking for $ac_word... " >&6; } -if ${ac_cv_prog_DLLTOOL+:} false; then : - $as_echo_n "(cached) " >&6 -else +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 +printf %s "checking for $ac_word... " >&6; } +if test ${ac_cv_prog_DLLTOOL+y} +then : + printf %s "(cached) " >&6 +else $as_nop if test -n "$DLLTOOL"; then ac_cv_prog_DLLTOOL="$DLLTOOL" # Let the user override the test. else @@ -8499,11 +10079,15 @@ for as_dir in $PATH do IFS=$as_save_IFS - test -z "$as_dir" && as_dir=. + case $as_dir in #((( + '') as_dir=./ ;; + */) ;; + *) as_dir=$as_dir/ ;; + esac for ac_exec_ext in '' $ac_executable_extensions; do - if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then + if as_fn_executable_p "$as_dir$ac_word$ac_exec_ext"; then ac_cv_prog_DLLTOOL="${ac_tool_prefix}dlltool" - $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 + printf "%s\n" "$as_me:${as_lineno-$LINENO}: found $as_dir$ac_word$ac_exec_ext" >&5 break 2 fi done @@ -8514,11 +10098,11 @@ fi DLLTOOL=$ac_cv_prog_DLLTOOL if test -n "$DLLTOOL"; then - { $as_echo "$as_me:${as_lineno-$LINENO}: result: $DLLTOOL" >&5 -$as_echo "$DLLTOOL" >&6; } + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $DLLTOOL" >&5 +printf "%s\n" "$DLLTOOL" >&6; } else - { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 -$as_echo "no" >&6; } + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5 +printf "%s\n" "no" >&6; } fi @@ -8527,11 +10111,12 @@ ac_ct_DLLTOOL=$DLLTOOL # Extract the first word of "dlltool", so it can be a program name with args. set dummy dlltool; ac_word=$2 -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 -$as_echo_n "checking for $ac_word... " >&6; } -if ${ac_cv_prog_ac_ct_DLLTOOL+:} false; then : - $as_echo_n "(cached) " >&6 -else +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 +printf %s "checking for $ac_word... " >&6; } +if test ${ac_cv_prog_ac_ct_DLLTOOL+y} +then : + printf %s "(cached) " >&6 +else $as_nop if test -n "$ac_ct_DLLTOOL"; then ac_cv_prog_ac_ct_DLLTOOL="$ac_ct_DLLTOOL" # Let the user override the test. else @@ -8539,11 +10124,15 @@ for as_dir in $PATH do IFS=$as_save_IFS - test -z "$as_dir" && as_dir=. + case $as_dir in #((( + '') as_dir=./ ;; + */) ;; + *) as_dir=$as_dir/ ;; + esac for ac_exec_ext in '' $ac_executable_extensions; do - if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then + if as_fn_executable_p "$as_dir$ac_word$ac_exec_ext"; then ac_cv_prog_ac_ct_DLLTOOL="dlltool" - $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 + printf "%s\n" "$as_me:${as_lineno-$LINENO}: found $as_dir$ac_word$ac_exec_ext" >&5 break 2 fi done @@ -8554,11 +10143,11 @@ fi ac_ct_DLLTOOL=$ac_cv_prog_ac_ct_DLLTOOL if test -n "$ac_ct_DLLTOOL"; then - { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_ct_DLLTOOL" >&5 -$as_echo "$ac_ct_DLLTOOL" >&6; } + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_ct_DLLTOOL" >&5 +printf "%s\n" "$ac_ct_DLLTOOL" >&6; } else - { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 -$as_echo "no" >&6; } + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5 +printf "%s\n" "no" >&6; } fi if test "x$ac_ct_DLLTOOL" = x; then @@ -8566,8 +10155,8 @@ else case $cross_compiling:$ac_tool_warned in yes:) -{ $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5 -$as_echo "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;} +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5 +printf "%s\n" "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;} ac_tool_warned=yes ;; esac DLLTOOL=$ac_ct_DLLTOOL @@ -8587,11 +10176,12 @@ -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking how to associate runtime and link libraries" >&5 -$as_echo_n "checking how to associate runtime and link libraries... " >&6; } -if ${lt_cv_sharedlib_from_linklib_cmd+:} false; then : - $as_echo_n "(cached) " >&6 -else +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking how to associate runtime and link libraries" >&5 +printf %s "checking how to associate runtime and link libraries... " >&6; } +if test ${lt_cv_sharedlib_from_linklib_cmd+y} +then : + printf %s "(cached) " >&6 +else $as_nop lt_cv_sharedlib_from_linklib_cmd='unknown' case $host_os in @@ -8614,8 +10204,8 @@ esac fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_cv_sharedlib_from_linklib_cmd" >&5 -$as_echo "$lt_cv_sharedlib_from_linklib_cmd" >&6; } +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $lt_cv_sharedlib_from_linklib_cmd" >&5 +printf "%s\n" "$lt_cv_sharedlib_from_linklib_cmd" >&6; } sharedlib_from_linklib_cmd=$lt_cv_sharedlib_from_linklib_cmd test -z "$sharedlib_from_linklib_cmd" && sharedlib_from_linklib_cmd=$ECHO @@ -8630,11 +10220,12 @@ do # Extract the first word of "$ac_tool_prefix$ac_prog", so it can be a program name with args. set dummy $ac_tool_prefix$ac_prog; ac_word=$2 -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 -$as_echo_n "checking for $ac_word... " >&6; } -if ${ac_cv_prog_AR+:} false; then : - $as_echo_n "(cached) " >&6 -else +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 +printf %s "checking for $ac_word... " >&6; } +if test ${ac_cv_prog_AR+y} +then : + printf %s "(cached) " >&6 +else $as_nop if test -n "$AR"; then ac_cv_prog_AR="$AR" # Let the user override the test. else @@ -8642,11 +10233,15 @@ for as_dir in $PATH do IFS=$as_save_IFS - test -z "$as_dir" && as_dir=. + case $as_dir in #((( + '') as_dir=./ ;; + */) ;; + *) as_dir=$as_dir/ ;; + esac for ac_exec_ext in '' $ac_executable_extensions; do - if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then + if as_fn_executable_p "$as_dir$ac_word$ac_exec_ext"; then ac_cv_prog_AR="$ac_tool_prefix$ac_prog" - $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 + printf "%s\n" "$as_me:${as_lineno-$LINENO}: found $as_dir$ac_word$ac_exec_ext" >&5 break 2 fi done @@ -8657,11 +10252,11 @@ fi AR=$ac_cv_prog_AR if test -n "$AR"; then - { $as_echo "$as_me:${as_lineno-$LINENO}: result: $AR" >&5 -$as_echo "$AR" >&6; } + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $AR" >&5 +printf "%s\n" "$AR" >&6; } else - { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 -$as_echo "no" >&6; } + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5 +printf "%s\n" "no" >&6; } fi @@ -8674,11 +10269,12 @@ do # Extract the first word of "$ac_prog", so it can be a program name with args. set dummy $ac_prog; ac_word=$2 -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 -$as_echo_n "checking for $ac_word... " >&6; } -if ${ac_cv_prog_ac_ct_AR+:} false; then : - $as_echo_n "(cached) " >&6 -else +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 +printf %s "checking for $ac_word... " >&6; } +if test ${ac_cv_prog_ac_ct_AR+y} +then : + printf %s "(cached) " >&6 +else $as_nop if test -n "$ac_ct_AR"; then ac_cv_prog_ac_ct_AR="$ac_ct_AR" # Let the user override the test. else @@ -8686,11 +10282,15 @@ for as_dir in $PATH do IFS=$as_save_IFS - test -z "$as_dir" && as_dir=. + case $as_dir in #((( + '') as_dir=./ ;; + */) ;; + *) as_dir=$as_dir/ ;; + esac for ac_exec_ext in '' $ac_executable_extensions; do - if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then + if as_fn_executable_p "$as_dir$ac_word$ac_exec_ext"; then ac_cv_prog_ac_ct_AR="$ac_prog" - $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 + printf "%s\n" "$as_me:${as_lineno-$LINENO}: found $as_dir$ac_word$ac_exec_ext" >&5 break 2 fi done @@ -8701,11 +10301,11 @@ fi ac_ct_AR=$ac_cv_prog_ac_ct_AR if test -n "$ac_ct_AR"; then - { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_ct_AR" >&5 -$as_echo "$ac_ct_AR" >&6; } + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_ct_AR" >&5 +printf "%s\n" "$ac_ct_AR" >&6; } else - { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 -$as_echo "no" >&6; } + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5 +printf "%s\n" "no" >&6; } fi @@ -8717,8 +10317,8 @@ else case $cross_compiling:$ac_tool_warned in yes:) -{ $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5 -$as_echo "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;} +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5 +printf "%s\n" "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;} ac_tool_warned=yes ;; esac AR=$ac_ct_AR @@ -8738,30 +10338,32 @@ -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for archiver @FILE support" >&5 -$as_echo_n "checking for archiver @FILE support... " >&6; } -if ${lt_cv_ar_at_file+:} false; then : - $as_echo_n "(cached) " >&6 -else +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for archiver @FILE support" >&5 +printf %s "checking for archiver @FILE support... " >&6; } +if test ${lt_cv_ar_at_file+y} +then : + printf %s "(cached) " >&6 +else $as_nop lt_cv_ar_at_file=no cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ int -main () +main (void) { ; return 0; } _ACEOF -if ac_fn_c_try_compile "$LINENO"; then : +if ac_fn_c_try_compile "$LINENO" +then : echo conftest.$ac_objext > conftest.lst lt_ar_try='$AR $AR_FLAGS libconftest.a @conftest.lst >&5' { { eval echo "\"\$as_me\":${as_lineno-$LINENO}: \"$lt_ar_try\""; } >&5 (eval $lt_ar_try) 2>&5 ac_status=$? - $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 test $ac_status = 0; } if test 0 -eq "$ac_status"; then # Ensure the archiver fails upon bogus file names. @@ -8769,7 +10371,7 @@ { { eval echo "\"\$as_me\":${as_lineno-$LINENO}: \"$lt_ar_try\""; } >&5 (eval $lt_ar_try) 2>&5 ac_status=$? - $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 test $ac_status = 0; } if test 0 -ne "$ac_status"; then lt_cv_ar_at_file=@ @@ -8778,11 +10380,11 @@ rm -f conftest.* libconftest.a fi -rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext +rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_cv_ar_at_file" >&5 -$as_echo "$lt_cv_ar_at_file" >&6; } +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $lt_cv_ar_at_file" >&5 +printf "%s\n" "$lt_cv_ar_at_file" >&6; } if test no = "$lt_cv_ar_at_file"; then archiver_list_spec= @@ -8799,11 +10401,12 @@ if test -n "$ac_tool_prefix"; then # Extract the first word of "${ac_tool_prefix}strip", so it can be a program name with args. set dummy ${ac_tool_prefix}strip; ac_word=$2 -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 -$as_echo_n "checking for $ac_word... " >&6; } -if ${ac_cv_prog_STRIP+:} false; then : - $as_echo_n "(cached) " >&6 -else +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 +printf %s "checking for $ac_word... " >&6; } +if test ${ac_cv_prog_STRIP+y} +then : + printf %s "(cached) " >&6 +else $as_nop if test -n "$STRIP"; then ac_cv_prog_STRIP="$STRIP" # Let the user override the test. else @@ -8811,11 +10414,15 @@ for as_dir in $PATH do IFS=$as_save_IFS - test -z "$as_dir" && as_dir=. + case $as_dir in #((( + '') as_dir=./ ;; + */) ;; + *) as_dir=$as_dir/ ;; + esac for ac_exec_ext in '' $ac_executable_extensions; do - if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then + if as_fn_executable_p "$as_dir$ac_word$ac_exec_ext"; then ac_cv_prog_STRIP="${ac_tool_prefix}strip" - $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 + printf "%s\n" "$as_me:${as_lineno-$LINENO}: found $as_dir$ac_word$ac_exec_ext" >&5 break 2 fi done @@ -8826,11 +10433,11 @@ fi STRIP=$ac_cv_prog_STRIP if test -n "$STRIP"; then - { $as_echo "$as_me:${as_lineno-$LINENO}: result: $STRIP" >&5 -$as_echo "$STRIP" >&6; } + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $STRIP" >&5 +printf "%s\n" "$STRIP" >&6; } else - { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 -$as_echo "no" >&6; } + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5 +printf "%s\n" "no" >&6; } fi @@ -8839,11 +10446,12 @@ ac_ct_STRIP=$STRIP # Extract the first word of "strip", so it can be a program name with args. set dummy strip; ac_word=$2 -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 -$as_echo_n "checking for $ac_word... " >&6; } -if ${ac_cv_prog_ac_ct_STRIP+:} false; then : - $as_echo_n "(cached) " >&6 -else +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 +printf %s "checking for $ac_word... " >&6; } +if test ${ac_cv_prog_ac_ct_STRIP+y} +then : + printf %s "(cached) " >&6 +else $as_nop if test -n "$ac_ct_STRIP"; then ac_cv_prog_ac_ct_STRIP="$ac_ct_STRIP" # Let the user override the test. else @@ -8851,11 +10459,15 @@ for as_dir in $PATH do IFS=$as_save_IFS - test -z "$as_dir" && as_dir=. + case $as_dir in #((( + '') as_dir=./ ;; + */) ;; + *) as_dir=$as_dir/ ;; + esac for ac_exec_ext in '' $ac_executable_extensions; do - if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then + if as_fn_executable_p "$as_dir$ac_word$ac_exec_ext"; then ac_cv_prog_ac_ct_STRIP="strip" - $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 + printf "%s\n" "$as_me:${as_lineno-$LINENO}: found $as_dir$ac_word$ac_exec_ext" >&5 break 2 fi done @@ -8866,11 +10478,11 @@ fi ac_ct_STRIP=$ac_cv_prog_ac_ct_STRIP if test -n "$ac_ct_STRIP"; then - { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_ct_STRIP" >&5 -$as_echo "$ac_ct_STRIP" >&6; } + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_ct_STRIP" >&5 +printf "%s\n" "$ac_ct_STRIP" >&6; } else - { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 -$as_echo "no" >&6; } + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5 +printf "%s\n" "no" >&6; } fi if test "x$ac_ct_STRIP" = x; then @@ -8878,8 +10490,8 @@ else case $cross_compiling:$ac_tool_warned in yes:) -{ $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5 -$as_echo "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;} +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5 +printf "%s\n" "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;} ac_tool_warned=yes ;; esac STRIP=$ac_ct_STRIP @@ -8898,11 +10510,12 @@ if test -n "$ac_tool_prefix"; then # Extract the first word of "${ac_tool_prefix}ranlib", so it can be a program name with args. set dummy ${ac_tool_prefix}ranlib; ac_word=$2 -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 -$as_echo_n "checking for $ac_word... " >&6; } -if ${ac_cv_prog_RANLIB+:} false; then : - $as_echo_n "(cached) " >&6 -else +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 +printf %s "checking for $ac_word... " >&6; } +if test ${ac_cv_prog_RANLIB+y} +then : + printf %s "(cached) " >&6 +else $as_nop if test -n "$RANLIB"; then ac_cv_prog_RANLIB="$RANLIB" # Let the user override the test. else @@ -8910,11 +10523,15 @@ for as_dir in $PATH do IFS=$as_save_IFS - test -z "$as_dir" && as_dir=. + case $as_dir in #((( + '') as_dir=./ ;; + */) ;; + *) as_dir=$as_dir/ ;; + esac for ac_exec_ext in '' $ac_executable_extensions; do - if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then + if as_fn_executable_p "$as_dir$ac_word$ac_exec_ext"; then ac_cv_prog_RANLIB="${ac_tool_prefix}ranlib" - $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 + printf "%s\n" "$as_me:${as_lineno-$LINENO}: found $as_dir$ac_word$ac_exec_ext" >&5 break 2 fi done @@ -8925,11 +10542,11 @@ fi RANLIB=$ac_cv_prog_RANLIB if test -n "$RANLIB"; then - { $as_echo "$as_me:${as_lineno-$LINENO}: result: $RANLIB" >&5 -$as_echo "$RANLIB" >&6; } + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $RANLIB" >&5 +printf "%s\n" "$RANLIB" >&6; } else - { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 -$as_echo "no" >&6; } + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5 +printf "%s\n" "no" >&6; } fi @@ -8938,11 +10555,12 @@ ac_ct_RANLIB=$RANLIB # Extract the first word of "ranlib", so it can be a program name with args. set dummy ranlib; ac_word=$2 -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 -$as_echo_n "checking for $ac_word... " >&6; } -if ${ac_cv_prog_ac_ct_RANLIB+:} false; then : - $as_echo_n "(cached) " >&6 -else +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 +printf %s "checking for $ac_word... " >&6; } +if test ${ac_cv_prog_ac_ct_RANLIB+y} +then : + printf %s "(cached) " >&6 +else $as_nop if test -n "$ac_ct_RANLIB"; then ac_cv_prog_ac_ct_RANLIB="$ac_ct_RANLIB" # Let the user override the test. else @@ -8950,11 +10568,15 @@ for as_dir in $PATH do IFS=$as_save_IFS - test -z "$as_dir" && as_dir=. + case $as_dir in #((( + '') as_dir=./ ;; + */) ;; + *) as_dir=$as_dir/ ;; + esac for ac_exec_ext in '' $ac_executable_extensions; do - if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then + if as_fn_executable_p "$as_dir$ac_word$ac_exec_ext"; then ac_cv_prog_ac_ct_RANLIB="ranlib" - $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 + printf "%s\n" "$as_me:${as_lineno-$LINENO}: found $as_dir$ac_word$ac_exec_ext" >&5 break 2 fi done @@ -8965,11 +10587,11 @@ fi ac_ct_RANLIB=$ac_cv_prog_ac_ct_RANLIB if test -n "$ac_ct_RANLIB"; then - { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_ct_RANLIB" >&5 -$as_echo "$ac_ct_RANLIB" >&6; } + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_ct_RANLIB" >&5 +printf "%s\n" "$ac_ct_RANLIB" >&6; } else - { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 -$as_echo "no" >&6; } + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5 +printf "%s\n" "no" >&6; } fi if test "x$ac_ct_RANLIB" = x; then @@ -8977,8 +10599,8 @@ else case $cross_compiling:$ac_tool_warned in yes:) -{ $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5 -$as_echo "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;} +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5 +printf "%s\n" "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;} ac_tool_warned=yes ;; esac RANLIB=$ac_ct_RANLIB @@ -9042,11 +10664,12 @@ do # Extract the first word of "$ac_prog", so it can be a program name with args. set dummy $ac_prog; ac_word=$2 -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 -$as_echo_n "checking for $ac_word... " >&6; } -if ${ac_cv_prog_AWK+:} false; then : - $as_echo_n "(cached) " >&6 -else +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 +printf %s "checking for $ac_word... " >&6; } +if test ${ac_cv_prog_AWK+y} +then : + printf %s "(cached) " >&6 +else $as_nop if test -n "$AWK"; then ac_cv_prog_AWK="$AWK" # Let the user override the test. else @@ -9054,11 +10677,15 @@ for as_dir in $PATH do IFS=$as_save_IFS - test -z "$as_dir" && as_dir=. + case $as_dir in #((( + '') as_dir=./ ;; + */) ;; + *) as_dir=$as_dir/ ;; + esac for ac_exec_ext in '' $ac_executable_extensions; do - if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then + if as_fn_executable_p "$as_dir$ac_word$ac_exec_ext"; then ac_cv_prog_AWK="$ac_prog" - $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 + printf "%s\n" "$as_me:${as_lineno-$LINENO}: found $as_dir$ac_word$ac_exec_ext" >&5 break 2 fi done @@ -9069,11 +10696,11 @@ fi AWK=$ac_cv_prog_AWK if test -n "$AWK"; then - { $as_echo "$as_me:${as_lineno-$LINENO}: result: $AWK" >&5 -$as_echo "$AWK" >&6; } + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $AWK" >&5 +printf "%s\n" "$AWK" >&6; } else - { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 -$as_echo "no" >&6; } + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5 +printf "%s\n" "no" >&6; } fi @@ -9109,11 +10736,12 @@ # Check for command to grab the raw symbol name followed by C symbol from nm. -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking command to parse $NM output from $compiler object" >&5 -$as_echo_n "checking command to parse $NM output from $compiler object... " >&6; } -if ${lt_cv_sys_global_symbol_pipe+:} false; then : - $as_echo_n "(cached) " >&6 -else +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking command to parse $NM output from $compiler object" >&5 +printf %s "checking command to parse $NM output from $compiler object... " >&6; } +if test ${lt_cv_sys_global_symbol_pipe+y} +then : + printf %s "(cached) " >&6 +else $as_nop # These are sane defaults that work on at least a few old systems. # [They come from Ultrix. What could be older than Ultrix?!! ;)] @@ -9265,14 +10893,14 @@ if { { eval echo "\"\$as_me\":${as_lineno-$LINENO}: \"$ac_compile\""; } >&5 (eval $ac_compile) 2>&5 ac_status=$? - $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 test $ac_status = 0; }; then # Now try to grab the symbols. nlist=conftest.nm if { { eval echo "\"\$as_me\":${as_lineno-$LINENO}: \"$NM conftest.$ac_objext \| "$lt_cv_sys_global_symbol_pipe" \> $nlist\""; } >&5 (eval $NM conftest.$ac_objext \| "$lt_cv_sys_global_symbol_pipe" \> $nlist) 2>&5 ac_status=$? - $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 test $ac_status = 0; } && test -s "$nlist"; then # Try sorting and uniquifying the output. if sort "$nlist" | uniq > "$nlist"T; then @@ -9341,7 +10969,7 @@ if { { eval echo "\"\$as_me\":${as_lineno-$LINENO}: \"$ac_link\""; } >&5 (eval $ac_link) 2>&5 ac_status=$? - $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 test $ac_status = 0; } && test -s conftest$ac_exeext; then pipe_works=yes fi @@ -9376,11 +11004,11 @@ lt_cv_sys_global_symbol_to_cdecl= fi if test -z "$lt_cv_sys_global_symbol_pipe$lt_cv_sys_global_symbol_to_cdecl"; then - { $as_echo "$as_me:${as_lineno-$LINENO}: result: failed" >&5 -$as_echo "failed" >&6; } + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: failed" >&5 +printf "%s\n" "failed" >&6; } else - { $as_echo "$as_me:${as_lineno-$LINENO}: result: ok" >&5 -$as_echo "ok" >&6; } + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: ok" >&5 +printf "%s\n" "ok" >&6; } fi # Response file support. @@ -9426,13 +11054,14 @@ -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for sysroot" >&5 -$as_echo_n "checking for sysroot... " >&6; } +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for sysroot" >&5 +printf %s "checking for sysroot... " >&6; } # Check whether --with-sysroot was given. -if test "${with_sysroot+set}" = set; then : +if test ${with_sysroot+y} +then : withval=$with_sysroot; -else +else $as_nop with_sysroot=no fi @@ -9450,24 +11079,25 @@ no|'') ;; #( *) - { $as_echo "$as_me:${as_lineno-$LINENO}: result: $with_sysroot" >&5 -$as_echo "$with_sysroot" >&6; } + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $with_sysroot" >&5 +printf "%s\n" "$with_sysroot" >&6; } as_fn_error $? "The sysroot must be an absolute path." "$LINENO" 5 ;; esac - { $as_echo "$as_me:${as_lineno-$LINENO}: result: ${lt_sysroot:-no}" >&5 -$as_echo "${lt_sysroot:-no}" >&6; } + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: ${lt_sysroot:-no}" >&5 +printf "%s\n" "${lt_sysroot:-no}" >&6; } -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for a working dd" >&5 -$as_echo_n "checking for a working dd... " >&6; } -if ${ac_cv_path_lt_DD+:} false; then : - $as_echo_n "(cached) " >&6 -else +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for a working dd" >&5 +printf %s "checking for a working dd... " >&6; } +if test ${ac_cv_path_lt_DD+y} +then : + printf %s "(cached) " >&6 +else $as_nop printf 0123456789abcdef0123456789abcdef >conftest.i cat conftest.i conftest.i >conftest2.i : ${lt_DD:=$DD} @@ -9478,10 +11108,15 @@ for as_dir in $PATH do IFS=$as_save_IFS - test -z "$as_dir" && as_dir=. - for ac_prog in dd; do + case $as_dir in #((( + '') as_dir=./ ;; + */) ;; + *) as_dir=$as_dir/ ;; + esac + for ac_prog in dd + do for ac_exec_ext in '' $ac_executable_extensions; do - ac_path_lt_DD="$as_dir/$ac_prog$ac_exec_ext" + ac_path_lt_DD="$as_dir$ac_prog$ac_exec_ext" as_fn_executable_p "$ac_path_lt_DD" || continue if "$ac_path_lt_DD" bs=32 count=1 conftest.out 2>/dev/null; then cmp -s conftest.i conftest.out \ @@ -9501,15 +11136,16 @@ rm -f conftest.i conftest2.i conftest.out fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_path_lt_DD" >&5 -$as_echo "$ac_cv_path_lt_DD" >&6; } +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_path_lt_DD" >&5 +printf "%s\n" "$ac_cv_path_lt_DD" >&6; } -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking how to truncate binary pipes" >&5 -$as_echo_n "checking how to truncate binary pipes... " >&6; } -if ${lt_cv_truncate_bin+:} false; then : - $as_echo_n "(cached) " >&6 -else +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking how to truncate binary pipes" >&5 +printf %s "checking how to truncate binary pipes... " >&6; } +if test ${lt_cv_truncate_bin+y} +then : + printf %s "(cached) " >&6 +else $as_nop printf 0123456789abcdef0123456789abcdef >conftest.i cat conftest.i conftest.i >conftest2.i lt_cv_truncate_bin= @@ -9520,8 +11156,8 @@ rm -f conftest.i conftest2.i conftest.out test -z "$lt_cv_truncate_bin" && lt_cv_truncate_bin="$SED -e 4q" fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_cv_truncate_bin" >&5 -$as_echo "$lt_cv_truncate_bin" >&6; } +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $lt_cv_truncate_bin" >&5 +printf "%s\n" "$lt_cv_truncate_bin" >&6; } @@ -9544,7 +11180,8 @@ } # Check whether --enable-libtool-lock was given. -if test "${enable_libtool_lock+set}" = set; then : +if test ${enable_libtool_lock+y} +then : enableval=$enable_libtool_lock; fi @@ -9560,7 +11197,7 @@ if { { eval echo "\"\$as_me\":${as_lineno-$LINENO}: \"$ac_compile\""; } >&5 (eval $ac_compile) 2>&5 ac_status=$? - $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 test $ac_status = 0; }; then case `/usr/bin/file conftest.$ac_objext` in *ELF-32*) @@ -9580,7 +11217,7 @@ if { { eval echo "\"\$as_me\":${as_lineno-$LINENO}: \"$ac_compile\""; } >&5 (eval $ac_compile) 2>&5 ac_status=$? - $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 test $ac_status = 0; }; then if test yes = "$lt_cv_prog_gnu_ld"; then case `/usr/bin/file conftest.$ac_objext` in @@ -9618,7 +11255,7 @@ if { { eval echo "\"\$as_me\":${as_lineno-$LINENO}: \"$ac_compile\""; } >&5 (eval $ac_compile) 2>&5 ac_status=$? - $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 test $ac_status = 0; }; then emul=elf case `/usr/bin/file conftest.$ac_objext` in @@ -9659,7 +11296,7 @@ if { { eval echo "\"\$as_me\":${as_lineno-$LINENO}: \"$ac_compile\""; } >&5 (eval $ac_compile) 2>&5 ac_status=$? - $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 test $ac_status = 0; }; then case `/usr/bin/file conftest.o` in *32-bit*) @@ -9722,11 +11359,12 @@ # On SCO OpenServer 5, we need -belf to get full-featured binaries. SAVE_CFLAGS=$CFLAGS CFLAGS="$CFLAGS -belf" - { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether the C compiler needs -belf" >&5 -$as_echo_n "checking whether the C compiler needs -belf... " >&6; } -if ${lt_cv_cc_needs_belf+:} false; then : - $as_echo_n "(cached) " >&6 -else + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking whether the C compiler needs -belf" >&5 +printf %s "checking whether the C compiler needs -belf... " >&6; } +if test ${lt_cv_cc_needs_belf+y} +then : + printf %s "(cached) " >&6 +else $as_nop ac_ext=c ac_cpp='$CPP $CPPFLAGS' ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5' @@ -9737,19 +11375,20 @@ /* end confdefs.h. */ int -main () +main (void) { ; return 0; } _ACEOF -if ac_fn_c_try_link "$LINENO"; then : +if ac_fn_c_try_link "$LINENO" +then : lt_cv_cc_needs_belf=yes -else +else $as_nop lt_cv_cc_needs_belf=no fi -rm -f core conftest.err conftest.$ac_objext \ +rm -f core conftest.err conftest.$ac_objext conftest.beam \ conftest$ac_exeext conftest.$ac_ext ac_ext=c ac_cpp='$CPP $CPPFLAGS' @@ -9758,8 +11397,8 @@ ac_compiler_gnu=$ac_cv_c_compiler_gnu fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_cv_cc_needs_belf" >&5 -$as_echo "$lt_cv_cc_needs_belf" >&6; } +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $lt_cv_cc_needs_belf" >&5 +printf "%s\n" "$lt_cv_cc_needs_belf" >&6; } if test yes != "$lt_cv_cc_needs_belf"; then # this is probably gcc 2.8.0, egcs 1.0 or newer; no need for -belf CFLAGS=$SAVE_CFLAGS @@ -9772,7 +11411,7 @@ if { { eval echo "\"\$as_me\":${as_lineno-$LINENO}: \"$ac_compile\""; } >&5 (eval $ac_compile) 2>&5 ac_status=$? - $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 test $ac_status = 0; }; then case `/usr/bin/file conftest.o` in *64-bit*) @@ -9809,11 +11448,12 @@ if test -n "$ac_tool_prefix"; then # Extract the first word of "${ac_tool_prefix}mt", so it can be a program name with args. set dummy ${ac_tool_prefix}mt; ac_word=$2 -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 -$as_echo_n "checking for $ac_word... " >&6; } -if ${ac_cv_prog_MANIFEST_TOOL+:} false; then : - $as_echo_n "(cached) " >&6 -else +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 +printf %s "checking for $ac_word... " >&6; } +if test ${ac_cv_prog_MANIFEST_TOOL+y} +then : + printf %s "(cached) " >&6 +else $as_nop if test -n "$MANIFEST_TOOL"; then ac_cv_prog_MANIFEST_TOOL="$MANIFEST_TOOL" # Let the user override the test. else @@ -9821,11 +11461,15 @@ for as_dir in $PATH do IFS=$as_save_IFS - test -z "$as_dir" && as_dir=. + case $as_dir in #((( + '') as_dir=./ ;; + */) ;; + *) as_dir=$as_dir/ ;; + esac for ac_exec_ext in '' $ac_executable_extensions; do - if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then + if as_fn_executable_p "$as_dir$ac_word$ac_exec_ext"; then ac_cv_prog_MANIFEST_TOOL="${ac_tool_prefix}mt" - $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 + printf "%s\n" "$as_me:${as_lineno-$LINENO}: found $as_dir$ac_word$ac_exec_ext" >&5 break 2 fi done @@ -9836,11 +11480,11 @@ fi MANIFEST_TOOL=$ac_cv_prog_MANIFEST_TOOL if test -n "$MANIFEST_TOOL"; then - { $as_echo "$as_me:${as_lineno-$LINENO}: result: $MANIFEST_TOOL" >&5 -$as_echo "$MANIFEST_TOOL" >&6; } + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $MANIFEST_TOOL" >&5 +printf "%s\n" "$MANIFEST_TOOL" >&6; } else - { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 -$as_echo "no" >&6; } + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5 +printf "%s\n" "no" >&6; } fi @@ -9849,11 +11493,12 @@ ac_ct_MANIFEST_TOOL=$MANIFEST_TOOL # Extract the first word of "mt", so it can be a program name with args. set dummy mt; ac_word=$2 -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 -$as_echo_n "checking for $ac_word... " >&6; } -if ${ac_cv_prog_ac_ct_MANIFEST_TOOL+:} false; then : - $as_echo_n "(cached) " >&6 -else +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 +printf %s "checking for $ac_word... " >&6; } +if test ${ac_cv_prog_ac_ct_MANIFEST_TOOL+y} +then : + printf %s "(cached) " >&6 +else $as_nop if test -n "$ac_ct_MANIFEST_TOOL"; then ac_cv_prog_ac_ct_MANIFEST_TOOL="$ac_ct_MANIFEST_TOOL" # Let the user override the test. else @@ -9861,11 +11506,15 @@ for as_dir in $PATH do IFS=$as_save_IFS - test -z "$as_dir" && as_dir=. + case $as_dir in #((( + '') as_dir=./ ;; + */) ;; + *) as_dir=$as_dir/ ;; + esac for ac_exec_ext in '' $ac_executable_extensions; do - if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then + if as_fn_executable_p "$as_dir$ac_word$ac_exec_ext"; then ac_cv_prog_ac_ct_MANIFEST_TOOL="mt" - $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 + printf "%s\n" "$as_me:${as_lineno-$LINENO}: found $as_dir$ac_word$ac_exec_ext" >&5 break 2 fi done @@ -9876,11 +11525,11 @@ fi ac_ct_MANIFEST_TOOL=$ac_cv_prog_ac_ct_MANIFEST_TOOL if test -n "$ac_ct_MANIFEST_TOOL"; then - { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_ct_MANIFEST_TOOL" >&5 -$as_echo "$ac_ct_MANIFEST_TOOL" >&6; } + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_ct_MANIFEST_TOOL" >&5 +printf "%s\n" "$ac_ct_MANIFEST_TOOL" >&6; } else - { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 -$as_echo "no" >&6; } + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5 +printf "%s\n" "no" >&6; } fi if test "x$ac_ct_MANIFEST_TOOL" = x; then @@ -9888,8 +11537,8 @@ else case $cross_compiling:$ac_tool_warned in yes:) -{ $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5 -$as_echo "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;} +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5 +printf "%s\n" "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;} ac_tool_warned=yes ;; esac MANIFEST_TOOL=$ac_ct_MANIFEST_TOOL @@ -9899,11 +11548,12 @@ fi test -z "$MANIFEST_TOOL" && MANIFEST_TOOL=mt -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking if $MANIFEST_TOOL is a manifest tool" >&5 -$as_echo_n "checking if $MANIFEST_TOOL is a manifest tool... " >&6; } -if ${lt_cv_path_mainfest_tool+:} false; then : - $as_echo_n "(cached) " >&6 -else +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking if $MANIFEST_TOOL is a manifest tool" >&5 +printf %s "checking if $MANIFEST_TOOL is a manifest tool... " >&6; } +if test ${lt_cv_path_mainfest_tool+y} +then : + printf %s "(cached) " >&6 +else $as_nop lt_cv_path_mainfest_tool=no echo "$as_me:$LINENO: $MANIFEST_TOOL '-?'" >&5 $MANIFEST_TOOL '-?' 2>conftest.err > conftest.out @@ -9913,8 +11563,8 @@ fi rm -f conftest* fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_cv_path_mainfest_tool" >&5 -$as_echo "$lt_cv_path_mainfest_tool" >&6; } +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $lt_cv_path_mainfest_tool" >&5 +printf "%s\n" "$lt_cv_path_mainfest_tool" >&6; } if test yes != "$lt_cv_path_mainfest_tool"; then MANIFEST_TOOL=: fi @@ -9929,11 +11579,12 @@ if test -n "$ac_tool_prefix"; then # Extract the first word of "${ac_tool_prefix}dsymutil", so it can be a program name with args. set dummy ${ac_tool_prefix}dsymutil; ac_word=$2 -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 -$as_echo_n "checking for $ac_word... " >&6; } -if ${ac_cv_prog_DSYMUTIL+:} false; then : - $as_echo_n "(cached) " >&6 -else +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 +printf %s "checking for $ac_word... " >&6; } +if test ${ac_cv_prog_DSYMUTIL+y} +then : + printf %s "(cached) " >&6 +else $as_nop if test -n "$DSYMUTIL"; then ac_cv_prog_DSYMUTIL="$DSYMUTIL" # Let the user override the test. else @@ -9941,11 +11592,15 @@ for as_dir in $PATH do IFS=$as_save_IFS - test -z "$as_dir" && as_dir=. + case $as_dir in #((( + '') as_dir=./ ;; + */) ;; + *) as_dir=$as_dir/ ;; + esac for ac_exec_ext in '' $ac_executable_extensions; do - if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then + if as_fn_executable_p "$as_dir$ac_word$ac_exec_ext"; then ac_cv_prog_DSYMUTIL="${ac_tool_prefix}dsymutil" - $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 + printf "%s\n" "$as_me:${as_lineno-$LINENO}: found $as_dir$ac_word$ac_exec_ext" >&5 break 2 fi done @@ -9956,11 +11611,11 @@ fi DSYMUTIL=$ac_cv_prog_DSYMUTIL if test -n "$DSYMUTIL"; then - { $as_echo "$as_me:${as_lineno-$LINENO}: result: $DSYMUTIL" >&5 -$as_echo "$DSYMUTIL" >&6; } + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $DSYMUTIL" >&5 +printf "%s\n" "$DSYMUTIL" >&6; } else - { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 -$as_echo "no" >&6; } + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5 +printf "%s\n" "no" >&6; } fi @@ -9969,11 +11624,12 @@ ac_ct_DSYMUTIL=$DSYMUTIL # Extract the first word of "dsymutil", so it can be a program name with args. set dummy dsymutil; ac_word=$2 -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 -$as_echo_n "checking for $ac_word... " >&6; } -if ${ac_cv_prog_ac_ct_DSYMUTIL+:} false; then : - $as_echo_n "(cached) " >&6 -else +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 +printf %s "checking for $ac_word... " >&6; } +if test ${ac_cv_prog_ac_ct_DSYMUTIL+y} +then : + printf %s "(cached) " >&6 +else $as_nop if test -n "$ac_ct_DSYMUTIL"; then ac_cv_prog_ac_ct_DSYMUTIL="$ac_ct_DSYMUTIL" # Let the user override the test. else @@ -9981,11 +11637,15 @@ for as_dir in $PATH do IFS=$as_save_IFS - test -z "$as_dir" && as_dir=. + case $as_dir in #((( + '') as_dir=./ ;; + */) ;; + *) as_dir=$as_dir/ ;; + esac for ac_exec_ext in '' $ac_executable_extensions; do - if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then + if as_fn_executable_p "$as_dir$ac_word$ac_exec_ext"; then ac_cv_prog_ac_ct_DSYMUTIL="dsymutil" - $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 + printf "%s\n" "$as_me:${as_lineno-$LINENO}: found $as_dir$ac_word$ac_exec_ext" >&5 break 2 fi done @@ -9996,11 +11656,11 @@ fi ac_ct_DSYMUTIL=$ac_cv_prog_ac_ct_DSYMUTIL if test -n "$ac_ct_DSYMUTIL"; then - { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_ct_DSYMUTIL" >&5 -$as_echo "$ac_ct_DSYMUTIL" >&6; } + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_ct_DSYMUTIL" >&5 +printf "%s\n" "$ac_ct_DSYMUTIL" >&6; } else - { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 -$as_echo "no" >&6; } + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5 +printf "%s\n" "no" >&6; } fi if test "x$ac_ct_DSYMUTIL" = x; then @@ -10008,8 +11668,8 @@ else case $cross_compiling:$ac_tool_warned in yes:) -{ $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5 -$as_echo "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;} +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5 +printf "%s\n" "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;} ac_tool_warned=yes ;; esac DSYMUTIL=$ac_ct_DSYMUTIL @@ -10021,11 +11681,12 @@ if test -n "$ac_tool_prefix"; then # Extract the first word of "${ac_tool_prefix}nmedit", so it can be a program name with args. set dummy ${ac_tool_prefix}nmedit; ac_word=$2 -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 -$as_echo_n "checking for $ac_word... " >&6; } -if ${ac_cv_prog_NMEDIT+:} false; then : - $as_echo_n "(cached) " >&6 -else +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 +printf %s "checking for $ac_word... " >&6; } +if test ${ac_cv_prog_NMEDIT+y} +then : + printf %s "(cached) " >&6 +else $as_nop if test -n "$NMEDIT"; then ac_cv_prog_NMEDIT="$NMEDIT" # Let the user override the test. else @@ -10033,11 +11694,15 @@ for as_dir in $PATH do IFS=$as_save_IFS - test -z "$as_dir" && as_dir=. + case $as_dir in #((( + '') as_dir=./ ;; + */) ;; + *) as_dir=$as_dir/ ;; + esac for ac_exec_ext in '' $ac_executable_extensions; do - if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then + if as_fn_executable_p "$as_dir$ac_word$ac_exec_ext"; then ac_cv_prog_NMEDIT="${ac_tool_prefix}nmedit" - $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 + printf "%s\n" "$as_me:${as_lineno-$LINENO}: found $as_dir$ac_word$ac_exec_ext" >&5 break 2 fi done @@ -10048,11 +11713,11 @@ fi NMEDIT=$ac_cv_prog_NMEDIT if test -n "$NMEDIT"; then - { $as_echo "$as_me:${as_lineno-$LINENO}: result: $NMEDIT" >&5 -$as_echo "$NMEDIT" >&6; } + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $NMEDIT" >&5 +printf "%s\n" "$NMEDIT" >&6; } else - { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 -$as_echo "no" >&6; } + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5 +printf "%s\n" "no" >&6; } fi @@ -10061,11 +11726,12 @@ ac_ct_NMEDIT=$NMEDIT # Extract the first word of "nmedit", so it can be a program name with args. set dummy nmedit; ac_word=$2 -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 -$as_echo_n "checking for $ac_word... " >&6; } -if ${ac_cv_prog_ac_ct_NMEDIT+:} false; then : - $as_echo_n "(cached) " >&6 -else +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 +printf %s "checking for $ac_word... " >&6; } +if test ${ac_cv_prog_ac_ct_NMEDIT+y} +then : + printf %s "(cached) " >&6 +else $as_nop if test -n "$ac_ct_NMEDIT"; then ac_cv_prog_ac_ct_NMEDIT="$ac_ct_NMEDIT" # Let the user override the test. else @@ -10073,11 +11739,15 @@ for as_dir in $PATH do IFS=$as_save_IFS - test -z "$as_dir" && as_dir=. + case $as_dir in #((( + '') as_dir=./ ;; + */) ;; + *) as_dir=$as_dir/ ;; + esac for ac_exec_ext in '' $ac_executable_extensions; do - if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then + if as_fn_executable_p "$as_dir$ac_word$ac_exec_ext"; then ac_cv_prog_ac_ct_NMEDIT="nmedit" - $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 + printf "%s\n" "$as_me:${as_lineno-$LINENO}: found $as_dir$ac_word$ac_exec_ext" >&5 break 2 fi done @@ -10088,11 +11758,11 @@ fi ac_ct_NMEDIT=$ac_cv_prog_ac_ct_NMEDIT if test -n "$ac_ct_NMEDIT"; then - { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_ct_NMEDIT" >&5 -$as_echo "$ac_ct_NMEDIT" >&6; } + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_ct_NMEDIT" >&5 +printf "%s\n" "$ac_ct_NMEDIT" >&6; } else - { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 -$as_echo "no" >&6; } + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5 +printf "%s\n" "no" >&6; } fi if test "x$ac_ct_NMEDIT" = x; then @@ -10100,8 +11770,8 @@ else case $cross_compiling:$ac_tool_warned in yes:) -{ $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5 -$as_echo "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;} +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5 +printf "%s\n" "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;} ac_tool_warned=yes ;; esac NMEDIT=$ac_ct_NMEDIT @@ -10113,11 +11783,12 @@ if test -n "$ac_tool_prefix"; then # Extract the first word of "${ac_tool_prefix}lipo", so it can be a program name with args. set dummy ${ac_tool_prefix}lipo; ac_word=$2 -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 -$as_echo_n "checking for $ac_word... " >&6; } -if ${ac_cv_prog_LIPO+:} false; then : - $as_echo_n "(cached) " >&6 -else +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 +printf %s "checking for $ac_word... " >&6; } +if test ${ac_cv_prog_LIPO+y} +then : + printf %s "(cached) " >&6 +else $as_nop if test -n "$LIPO"; then ac_cv_prog_LIPO="$LIPO" # Let the user override the test. else @@ -10125,11 +11796,15 @@ for as_dir in $PATH do IFS=$as_save_IFS - test -z "$as_dir" && as_dir=. + case $as_dir in #((( + '') as_dir=./ ;; + */) ;; + *) as_dir=$as_dir/ ;; + esac for ac_exec_ext in '' $ac_executable_extensions; do - if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then + if as_fn_executable_p "$as_dir$ac_word$ac_exec_ext"; then ac_cv_prog_LIPO="${ac_tool_prefix}lipo" - $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 + printf "%s\n" "$as_me:${as_lineno-$LINENO}: found $as_dir$ac_word$ac_exec_ext" >&5 break 2 fi done @@ -10140,11 +11815,11 @@ fi LIPO=$ac_cv_prog_LIPO if test -n "$LIPO"; then - { $as_echo "$as_me:${as_lineno-$LINENO}: result: $LIPO" >&5 -$as_echo "$LIPO" >&6; } + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $LIPO" >&5 +printf "%s\n" "$LIPO" >&6; } else - { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 -$as_echo "no" >&6; } + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5 +printf "%s\n" "no" >&6; } fi @@ -10153,11 +11828,12 @@ ac_ct_LIPO=$LIPO # Extract the first word of "lipo", so it can be a program name with args. set dummy lipo; ac_word=$2 -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 -$as_echo_n "checking for $ac_word... " >&6; } -if ${ac_cv_prog_ac_ct_LIPO+:} false; then : - $as_echo_n "(cached) " >&6 -else +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 +printf %s "checking for $ac_word... " >&6; } +if test ${ac_cv_prog_ac_ct_LIPO+y} +then : + printf %s "(cached) " >&6 +else $as_nop if test -n "$ac_ct_LIPO"; then ac_cv_prog_ac_ct_LIPO="$ac_ct_LIPO" # Let the user override the test. else @@ -10165,11 +11841,15 @@ for as_dir in $PATH do IFS=$as_save_IFS - test -z "$as_dir" && as_dir=. + case $as_dir in #((( + '') as_dir=./ ;; + */) ;; + *) as_dir=$as_dir/ ;; + esac for ac_exec_ext in '' $ac_executable_extensions; do - if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then + if as_fn_executable_p "$as_dir$ac_word$ac_exec_ext"; then ac_cv_prog_ac_ct_LIPO="lipo" - $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 + printf "%s\n" "$as_me:${as_lineno-$LINENO}: found $as_dir$ac_word$ac_exec_ext" >&5 break 2 fi done @@ -10180,11 +11860,11 @@ fi ac_ct_LIPO=$ac_cv_prog_ac_ct_LIPO if test -n "$ac_ct_LIPO"; then - { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_ct_LIPO" >&5 -$as_echo "$ac_ct_LIPO" >&6; } + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_ct_LIPO" >&5 +printf "%s\n" "$ac_ct_LIPO" >&6; } else - { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 -$as_echo "no" >&6; } + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5 +printf "%s\n" "no" >&6; } fi if test "x$ac_ct_LIPO" = x; then @@ -10192,8 +11872,8 @@ else case $cross_compiling:$ac_tool_warned in yes:) -{ $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5 -$as_echo "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;} +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5 +printf "%s\n" "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;} ac_tool_warned=yes ;; esac LIPO=$ac_ct_LIPO @@ -10205,11 +11885,12 @@ if test -n "$ac_tool_prefix"; then # Extract the first word of "${ac_tool_prefix}otool", so it can be a program name with args. set dummy ${ac_tool_prefix}otool; ac_word=$2 -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 -$as_echo_n "checking for $ac_word... " >&6; } -if ${ac_cv_prog_OTOOL+:} false; then : - $as_echo_n "(cached) " >&6 -else +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 +printf %s "checking for $ac_word... " >&6; } +if test ${ac_cv_prog_OTOOL+y} +then : + printf %s "(cached) " >&6 +else $as_nop if test -n "$OTOOL"; then ac_cv_prog_OTOOL="$OTOOL" # Let the user override the test. else @@ -10217,11 +11898,15 @@ for as_dir in $PATH do IFS=$as_save_IFS - test -z "$as_dir" && as_dir=. + case $as_dir in #((( + '') as_dir=./ ;; + */) ;; + *) as_dir=$as_dir/ ;; + esac for ac_exec_ext in '' $ac_executable_extensions; do - if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then + if as_fn_executable_p "$as_dir$ac_word$ac_exec_ext"; then ac_cv_prog_OTOOL="${ac_tool_prefix}otool" - $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 + printf "%s\n" "$as_me:${as_lineno-$LINENO}: found $as_dir$ac_word$ac_exec_ext" >&5 break 2 fi done @@ -10232,11 +11917,11 @@ fi OTOOL=$ac_cv_prog_OTOOL if test -n "$OTOOL"; then - { $as_echo "$as_me:${as_lineno-$LINENO}: result: $OTOOL" >&5 -$as_echo "$OTOOL" >&6; } + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $OTOOL" >&5 +printf "%s\n" "$OTOOL" >&6; } else - { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 -$as_echo "no" >&6; } + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5 +printf "%s\n" "no" >&6; } fi @@ -10245,11 +11930,12 @@ ac_ct_OTOOL=$OTOOL # Extract the first word of "otool", so it can be a program name with args. set dummy otool; ac_word=$2 -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 -$as_echo_n "checking for $ac_word... " >&6; } -if ${ac_cv_prog_ac_ct_OTOOL+:} false; then : - $as_echo_n "(cached) " >&6 -else +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 +printf %s "checking for $ac_word... " >&6; } +if test ${ac_cv_prog_ac_ct_OTOOL+y} +then : + printf %s "(cached) " >&6 +else $as_nop if test -n "$ac_ct_OTOOL"; then ac_cv_prog_ac_ct_OTOOL="$ac_ct_OTOOL" # Let the user override the test. else @@ -10257,11 +11943,15 @@ for as_dir in $PATH do IFS=$as_save_IFS - test -z "$as_dir" && as_dir=. + case $as_dir in #((( + '') as_dir=./ ;; + */) ;; + *) as_dir=$as_dir/ ;; + esac for ac_exec_ext in '' $ac_executable_extensions; do - if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then + if as_fn_executable_p "$as_dir$ac_word$ac_exec_ext"; then ac_cv_prog_ac_ct_OTOOL="otool" - $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 + printf "%s\n" "$as_me:${as_lineno-$LINENO}: found $as_dir$ac_word$ac_exec_ext" >&5 break 2 fi done @@ -10272,11 +11962,11 @@ fi ac_ct_OTOOL=$ac_cv_prog_ac_ct_OTOOL if test -n "$ac_ct_OTOOL"; then - { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_ct_OTOOL" >&5 -$as_echo "$ac_ct_OTOOL" >&6; } + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_ct_OTOOL" >&5 +printf "%s\n" "$ac_ct_OTOOL" >&6; } else - { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 -$as_echo "no" >&6; } + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5 +printf "%s\n" "no" >&6; } fi if test "x$ac_ct_OTOOL" = x; then @@ -10284,8 +11974,8 @@ else case $cross_compiling:$ac_tool_warned in yes:) -{ $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5 -$as_echo "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;} +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5 +printf "%s\n" "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;} ac_tool_warned=yes ;; esac OTOOL=$ac_ct_OTOOL @@ -10297,11 +11987,12 @@ if test -n "$ac_tool_prefix"; then # Extract the first word of "${ac_tool_prefix}otool64", so it can be a program name with args. set dummy ${ac_tool_prefix}otool64; ac_word=$2 -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 -$as_echo_n "checking for $ac_word... " >&6; } -if ${ac_cv_prog_OTOOL64+:} false; then : - $as_echo_n "(cached) " >&6 -else +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 +printf %s "checking for $ac_word... " >&6; } +if test ${ac_cv_prog_OTOOL64+y} +then : + printf %s "(cached) " >&6 +else $as_nop if test -n "$OTOOL64"; then ac_cv_prog_OTOOL64="$OTOOL64" # Let the user override the test. else @@ -10309,11 +12000,15 @@ for as_dir in $PATH do IFS=$as_save_IFS - test -z "$as_dir" && as_dir=. + case $as_dir in #((( + '') as_dir=./ ;; + */) ;; + *) as_dir=$as_dir/ ;; + esac for ac_exec_ext in '' $ac_executable_extensions; do - if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then + if as_fn_executable_p "$as_dir$ac_word$ac_exec_ext"; then ac_cv_prog_OTOOL64="${ac_tool_prefix}otool64" - $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 + printf "%s\n" "$as_me:${as_lineno-$LINENO}: found $as_dir$ac_word$ac_exec_ext" >&5 break 2 fi done @@ -10324,11 +12019,11 @@ fi OTOOL64=$ac_cv_prog_OTOOL64 if test -n "$OTOOL64"; then - { $as_echo "$as_me:${as_lineno-$LINENO}: result: $OTOOL64" >&5 -$as_echo "$OTOOL64" >&6; } + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $OTOOL64" >&5 +printf "%s\n" "$OTOOL64" >&6; } else - { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 -$as_echo "no" >&6; } + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5 +printf "%s\n" "no" >&6; } fi @@ -10337,11 +12032,12 @@ ac_ct_OTOOL64=$OTOOL64 # Extract the first word of "otool64", so it can be a program name with args. set dummy otool64; ac_word=$2 -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 -$as_echo_n "checking for $ac_word... " >&6; } -if ${ac_cv_prog_ac_ct_OTOOL64+:} false; then : - $as_echo_n "(cached) " >&6 -else +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 +printf %s "checking for $ac_word... " >&6; } +if test ${ac_cv_prog_ac_ct_OTOOL64+y} +then : + printf %s "(cached) " >&6 +else $as_nop if test -n "$ac_ct_OTOOL64"; then ac_cv_prog_ac_ct_OTOOL64="$ac_ct_OTOOL64" # Let the user override the test. else @@ -10349,11 +12045,15 @@ for as_dir in $PATH do IFS=$as_save_IFS - test -z "$as_dir" && as_dir=. + case $as_dir in #((( + '') as_dir=./ ;; + */) ;; + *) as_dir=$as_dir/ ;; + esac for ac_exec_ext in '' $ac_executable_extensions; do - if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then + if as_fn_executable_p "$as_dir$ac_word$ac_exec_ext"; then ac_cv_prog_ac_ct_OTOOL64="otool64" - $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 + printf "%s\n" "$as_me:${as_lineno-$LINENO}: found $as_dir$ac_word$ac_exec_ext" >&5 break 2 fi done @@ -10364,11 +12064,11 @@ fi ac_ct_OTOOL64=$ac_cv_prog_ac_ct_OTOOL64 if test -n "$ac_ct_OTOOL64"; then - { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_ct_OTOOL64" >&5 -$as_echo "$ac_ct_OTOOL64" >&6; } + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_ct_OTOOL64" >&5 +printf "%s\n" "$ac_ct_OTOOL64" >&6; } else - { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 -$as_echo "no" >&6; } + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5 +printf "%s\n" "no" >&6; } fi if test "x$ac_ct_OTOOL64" = x; then @@ -10376,8 +12076,8 @@ else case $cross_compiling:$ac_tool_warned in yes:) -{ $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5 -$as_echo "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;} +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5 +printf "%s\n" "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;} ac_tool_warned=yes ;; esac OTOOL64=$ac_ct_OTOOL64 @@ -10412,11 +12112,12 @@ - { $as_echo "$as_me:${as_lineno-$LINENO}: checking for -single_module linker flag" >&5 -$as_echo_n "checking for -single_module linker flag... " >&6; } -if ${lt_cv_apple_cc_single_mod+:} false; then : - $as_echo_n "(cached) " >&6 -else + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for -single_module linker flag" >&5 +printf %s "checking for -single_module linker flag... " >&6; } +if test ${lt_cv_apple_cc_single_mod+y} +then : + printf %s "(cached) " >&6 +else $as_nop lt_cv_apple_cc_single_mod=no if test -z "$LT_MULTI_MODULE"; then # By default we will add the -single_module flag. You can override @@ -10445,14 +12146,15 @@ rm -f conftest.* fi fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_cv_apple_cc_single_mod" >&5 -$as_echo "$lt_cv_apple_cc_single_mod" >&6; } +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $lt_cv_apple_cc_single_mod" >&5 +printf "%s\n" "$lt_cv_apple_cc_single_mod" >&6; } - { $as_echo "$as_me:${as_lineno-$LINENO}: checking for -exported_symbols_list linker flag" >&5 -$as_echo_n "checking for -exported_symbols_list linker flag... " >&6; } -if ${lt_cv_ld_exported_symbols_list+:} false; then : - $as_echo_n "(cached) " >&6 -else + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for -exported_symbols_list linker flag" >&5 +printf %s "checking for -exported_symbols_list linker flag... " >&6; } +if test ${lt_cv_ld_exported_symbols_list+y} +then : + printf %s "(cached) " >&6 +else $as_nop lt_cv_ld_exported_symbols_list=no save_LDFLAGS=$LDFLAGS echo "_main" > conftest.sym @@ -10461,31 +12163,33 @@ /* end confdefs.h. */ int -main () +main (void) { ; return 0; } _ACEOF -if ac_fn_c_try_link "$LINENO"; then : +if ac_fn_c_try_link "$LINENO" +then : lt_cv_ld_exported_symbols_list=yes -else +else $as_nop lt_cv_ld_exported_symbols_list=no fi -rm -f core conftest.err conftest.$ac_objext \ +rm -f core conftest.err conftest.$ac_objext conftest.beam \ conftest$ac_exeext conftest.$ac_ext LDFLAGS=$save_LDFLAGS fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_cv_ld_exported_symbols_list" >&5 -$as_echo "$lt_cv_ld_exported_symbols_list" >&6; } +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $lt_cv_ld_exported_symbols_list" >&5 +printf "%s\n" "$lt_cv_ld_exported_symbols_list" >&6; } - { $as_echo "$as_me:${as_lineno-$LINENO}: checking for -force_load linker flag" >&5 -$as_echo_n "checking for -force_load linker flag... " >&6; } -if ${lt_cv_ld_force_load+:} false; then : - $as_echo_n "(cached) " >&6 -else + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for -force_load linker flag" >&5 +printf %s "checking for -force_load linker flag... " >&6; } +if test ${lt_cv_ld_force_load+y} +then : + printf %s "(cached) " >&6 +else $as_nop lt_cv_ld_force_load=no cat > conftest.c << _LT_EOF int forced_loaded() { return 2;} @@ -10513,23 +12217,18 @@ rm -rf conftest.dSYM fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_cv_ld_force_load" >&5 -$as_echo "$lt_cv_ld_force_load" >&6; } +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $lt_cv_ld_force_load" >&5 +printf "%s\n" "$lt_cv_ld_force_load" >&6; } case $host_os in rhapsody* | darwin1.[012]) _lt_dar_allow_undefined='$wl-undefined ${wl}suppress' ;; darwin1.*) _lt_dar_allow_undefined='$wl-flat_namespace $wl-undefined ${wl}suppress' ;; - darwin*) # darwin 5.x on - # if running on 10.5 or later, the deployment target defaults - # to the OS version, if on x86, and 10.4, the deployment - # target defaults to 10.4. Don't you love it? - case ${MACOSX_DEPLOYMENT_TARGET-10.0},$host in - 10.0,*86*-darwin8*|10.0,*-darwin[91]*) - _lt_dar_allow_undefined='$wl-undefined ${wl}dynamic_lookup' ;; - 10.[012][,.]*) + darwin*) + case ${MACOSX_DEPLOYMENT_TARGET},$host in + 10.[012],*|,*powerpc*) _lt_dar_allow_undefined='$wl-flat_namespace $wl-undefined ${wl}suppress' ;; - 10.*) + *) _lt_dar_allow_undefined='$wl-undefined ${wl}dynamic_lookup' ;; esac ;; @@ -10585,19 +12284,14 @@ esac } -for ac_header in dlfcn.h -do : - ac_fn_c_check_header_compile "$LINENO" "dlfcn.h" "ac_cv_header_dlfcn_h" "$ac_includes_default +ac_fn_c_check_header_compile "$LINENO" "dlfcn.h" "ac_cv_header_dlfcn_h" "$ac_includes_default " -if test "x$ac_cv_header_dlfcn_h" = xyes; then : - cat >>confdefs.h <<_ACEOF -#define HAVE_DLFCN_H 1 -_ACEOF +if test "x$ac_cv_header_dlfcn_h" = xyes +then : + printf "%s\n" "#define HAVE_DLFCN_H 1" >>confdefs.h fi -done - @@ -10612,7 +12306,8 @@ # Check whether --enable-shared was given. -if test "${enable_shared+set}" = set; then : +if test ${enable_shared+y} +then : enableval=$enable_shared; p=${PACKAGE-default} case $enableval in yes) enable_shared=yes ;; @@ -10630,7 +12325,7 @@ IFS=$lt_save_ifs ;; esac -else +else $as_nop enable_shared=yes fi @@ -10643,7 +12338,8 @@ # Check whether --enable-static was given. -if test "${enable_static+set}" = set; then : +if test ${enable_static+y} +then : enableval=$enable_static; p=${PACKAGE-default} case $enableval in yes) enable_static=yes ;; @@ -10661,7 +12357,7 @@ IFS=$lt_save_ifs ;; esac -else +else $as_nop enable_static=yes fi @@ -10675,7 +12371,8 @@ # Check whether --with-pic was given. -if test "${with_pic+set}" = set; then : +if test ${with_pic+y} +then : withval=$with_pic; lt_p=${PACKAGE-default} case $withval in yes|no) pic_mode=$withval ;; @@ -10692,7 +12389,7 @@ IFS=$lt_save_ifs ;; esac -else +else $as_nop pic_mode=default fi @@ -10704,7 +12401,8 @@ # Check whether --enable-fast-install was given. -if test "${enable_fast_install+set}" = set; then : +if test ${enable_fast_install+y} +then : enableval=$enable_fast_install; p=${PACKAGE-default} case $enableval in yes) enable_fast_install=yes ;; @@ -10722,7 +12420,7 @@ IFS=$lt_save_ifs ;; esac -else +else $as_nop enable_fast_install=yes fi @@ -10736,11 +12434,12 @@ shared_archive_member_spec= case $host,$enable_shared in power*-*-aix[5-9]*,yes) - { $as_echo "$as_me:${as_lineno-$LINENO}: checking which variant of shared library versioning to provide" >&5 -$as_echo_n "checking which variant of shared library versioning to provide... " >&6; } + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking which variant of shared library versioning to provide" >&5 +printf %s "checking which variant of shared library versioning to provide... " >&6; } # Check whether --with-aix-soname was given. -if test "${with_aix_soname+set}" = set; then : +if test ${with_aix_soname+y} +then : withval=$with_aix_soname; case $withval in aix|svr4|both) ;; @@ -10749,18 +12448,19 @@ ;; esac lt_cv_with_aix_soname=$with_aix_soname -else - if ${lt_cv_with_aix_soname+:} false; then : - $as_echo_n "(cached) " >&6 -else +else $as_nop + if test ${lt_cv_with_aix_soname+y} +then : + printf %s "(cached) " >&6 +else $as_nop lt_cv_with_aix_soname=aix fi with_aix_soname=$lt_cv_with_aix_soname fi - { $as_echo "$as_me:${as_lineno-$LINENO}: result: $with_aix_soname" >&5 -$as_echo "$with_aix_soname" >&6; } + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $with_aix_soname" >&5 +printf "%s\n" "$with_aix_soname" >&6; } if test aix != "$with_aix_soname"; then # For the AIX way of multilib, we name the shared archive member # based on the bitwidth used, traditionally 'shr.o' or 'shr_64.o', @@ -10842,11 +12542,12 @@ setopt NO_GLOB_SUBST fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for objdir" >&5 -$as_echo_n "checking for objdir... " >&6; } -if ${lt_cv_objdir+:} false; then : - $as_echo_n "(cached) " >&6 -else +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for objdir" >&5 +printf %s "checking for objdir... " >&6; } +if test ${lt_cv_objdir+y} +then : + printf %s "(cached) " >&6 +else $as_nop rm -f .libs 2>/dev/null mkdir .libs 2>/dev/null if test -d .libs; then @@ -10857,17 +12558,15 @@ fi rmdir .libs 2>/dev/null fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_cv_objdir" >&5 -$as_echo "$lt_cv_objdir" >&6; } +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $lt_cv_objdir" >&5 +printf "%s\n" "$lt_cv_objdir" >&6; } objdir=$lt_cv_objdir -cat >>confdefs.h <<_ACEOF -#define LT_OBJDIR "$lt_cv_objdir/" -_ACEOF +printf "%s\n" "#define LT_OBJDIR \"$lt_cv_objdir/\"" >>confdefs.h @@ -10913,11 +12612,12 @@ case $deplibs_check_method in file_magic*) if test "$file_magic_cmd" = '$MAGIC_CMD'; then - { $as_echo "$as_me:${as_lineno-$LINENO}: checking for ${ac_tool_prefix}file" >&5 -$as_echo_n "checking for ${ac_tool_prefix}file... " >&6; } -if ${lt_cv_path_MAGIC_CMD+:} false; then : - $as_echo_n "(cached) " >&6 -else + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for ${ac_tool_prefix}file" >&5 +printf %s "checking for ${ac_tool_prefix}file... " >&6; } +if test ${lt_cv_path_MAGIC_CMD+y} +then : + printf %s "(cached) " >&6 +else $as_nop case $MAGIC_CMD in [\\/*] | ?:[\\/]*) lt_cv_path_MAGIC_CMD=$MAGIC_CMD # Let the user override the test with a path. @@ -10966,11 +12666,11 @@ MAGIC_CMD=$lt_cv_path_MAGIC_CMD if test -n "$MAGIC_CMD"; then - { $as_echo "$as_me:${as_lineno-$LINENO}: result: $MAGIC_CMD" >&5 -$as_echo "$MAGIC_CMD" >&6; } + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $MAGIC_CMD" >&5 +printf "%s\n" "$MAGIC_CMD" >&6; } else - { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 -$as_echo "no" >&6; } + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5 +printf "%s\n" "no" >&6; } fi @@ -10979,11 +12679,12 @@ if test -z "$lt_cv_path_MAGIC_CMD"; then if test -n "$ac_tool_prefix"; then - { $as_echo "$as_me:${as_lineno-$LINENO}: checking for file" >&5 -$as_echo_n "checking for file... " >&6; } -if ${lt_cv_path_MAGIC_CMD+:} false; then : - $as_echo_n "(cached) " >&6 -else + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for file" >&5 +printf %s "checking for file... " >&6; } +if test ${lt_cv_path_MAGIC_CMD+y} +then : + printf %s "(cached) " >&6 +else $as_nop case $MAGIC_CMD in [\\/*] | ?:[\\/]*) lt_cv_path_MAGIC_CMD=$MAGIC_CMD # Let the user override the test with a path. @@ -11032,11 +12733,11 @@ MAGIC_CMD=$lt_cv_path_MAGIC_CMD if test -n "$MAGIC_CMD"; then - { $as_echo "$as_me:${as_lineno-$LINENO}: result: $MAGIC_CMD" >&5 -$as_echo "$MAGIC_CMD" >&6; } + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $MAGIC_CMD" >&5 +printf "%s\n" "$MAGIC_CMD" >&6; } else - { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 -$as_echo "no" >&6; } + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5 +printf "%s\n" "no" >&6; } fi @@ -11121,11 +12822,12 @@ lt_prog_compiler_no_builtin_flag=' -fno-builtin' ;; esac - { $as_echo "$as_me:${as_lineno-$LINENO}: checking if $compiler supports -fno-rtti -fno-exceptions" >&5 -$as_echo_n "checking if $compiler supports -fno-rtti -fno-exceptions... " >&6; } -if ${lt_cv_prog_compiler_rtti_exceptions+:} false; then : - $as_echo_n "(cached) " >&6 -else + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking if $compiler supports -fno-rtti -fno-exceptions" >&5 +printf %s "checking if $compiler supports -fno-rtti -fno-exceptions... " >&6; } +if test ${lt_cv_prog_compiler_rtti_exceptions+y} +then : + printf %s "(cached) " >&6 +else $as_nop lt_cv_prog_compiler_rtti_exceptions=no ac_outfile=conftest.$ac_objext echo "$lt_simple_compile_test_code" > conftest.$ac_ext @@ -11156,8 +12858,8 @@ $RM conftest* fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_cv_prog_compiler_rtti_exceptions" >&5 -$as_echo "$lt_cv_prog_compiler_rtti_exceptions" >&6; } +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $lt_cv_prog_compiler_rtti_exceptions" >&5 +printf "%s\n" "$lt_cv_prog_compiler_rtti_exceptions" >&6; } if test yes = "$lt_cv_prog_compiler_rtti_exceptions"; then lt_prog_compiler_no_builtin_flag="$lt_prog_compiler_no_builtin_flag -fno-rtti -fno-exceptions" @@ -11514,26 +13216,28 @@ ;; esac -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $compiler option to produce PIC" >&5 -$as_echo_n "checking for $compiler option to produce PIC... " >&6; } -if ${lt_cv_prog_compiler_pic+:} false; then : - $as_echo_n "(cached) " >&6 -else +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $compiler option to produce PIC" >&5 +printf %s "checking for $compiler option to produce PIC... " >&6; } +if test ${lt_cv_prog_compiler_pic+y} +then : + printf %s "(cached) " >&6 +else $as_nop lt_cv_prog_compiler_pic=$lt_prog_compiler_pic fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_cv_prog_compiler_pic" >&5 -$as_echo "$lt_cv_prog_compiler_pic" >&6; } +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $lt_cv_prog_compiler_pic" >&5 +printf "%s\n" "$lt_cv_prog_compiler_pic" >&6; } lt_prog_compiler_pic=$lt_cv_prog_compiler_pic # # Check to make sure the PIC flag actually works. # if test -n "$lt_prog_compiler_pic"; then - { $as_echo "$as_me:${as_lineno-$LINENO}: checking if $compiler PIC flag $lt_prog_compiler_pic works" >&5 -$as_echo_n "checking if $compiler PIC flag $lt_prog_compiler_pic works... " >&6; } -if ${lt_cv_prog_compiler_pic_works+:} false; then : - $as_echo_n "(cached) " >&6 -else + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking if $compiler PIC flag $lt_prog_compiler_pic works" >&5 +printf %s "checking if $compiler PIC flag $lt_prog_compiler_pic works... " >&6; } +if test ${lt_cv_prog_compiler_pic_works+y} +then : + printf %s "(cached) " >&6 +else $as_nop lt_cv_prog_compiler_pic_works=no ac_outfile=conftest.$ac_objext echo "$lt_simple_compile_test_code" > conftest.$ac_ext @@ -11564,8 +13268,8 @@ $RM conftest* fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_cv_prog_compiler_pic_works" >&5 -$as_echo "$lt_cv_prog_compiler_pic_works" >&6; } +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $lt_cv_prog_compiler_pic_works" >&5 +printf "%s\n" "$lt_cv_prog_compiler_pic_works" >&6; } if test yes = "$lt_cv_prog_compiler_pic_works"; then case $lt_prog_compiler_pic in @@ -11593,11 +13297,12 @@ # Check to make sure the static flag actually works. # wl=$lt_prog_compiler_wl eval lt_tmp_static_flag=\"$lt_prog_compiler_static\" -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking if $compiler static flag $lt_tmp_static_flag works" >&5 -$as_echo_n "checking if $compiler static flag $lt_tmp_static_flag works... " >&6; } -if ${lt_cv_prog_compiler_static_works+:} false; then : - $as_echo_n "(cached) " >&6 -else +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking if $compiler static flag $lt_tmp_static_flag works" >&5 +printf %s "checking if $compiler static flag $lt_tmp_static_flag works... " >&6; } +if test ${lt_cv_prog_compiler_static_works+y} +then : + printf %s "(cached) " >&6 +else $as_nop lt_cv_prog_compiler_static_works=no save_LDFLAGS=$LDFLAGS LDFLAGS="$LDFLAGS $lt_tmp_static_flag" @@ -11621,8 +13326,8 @@ LDFLAGS=$save_LDFLAGS fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_cv_prog_compiler_static_works" >&5 -$as_echo "$lt_cv_prog_compiler_static_works" >&6; } +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $lt_cv_prog_compiler_static_works" >&5 +printf "%s\n" "$lt_cv_prog_compiler_static_works" >&6; } if test yes = "$lt_cv_prog_compiler_static_works"; then : @@ -11636,11 +13341,12 @@ - { $as_echo "$as_me:${as_lineno-$LINENO}: checking if $compiler supports -c -o file.$ac_objext" >&5 -$as_echo_n "checking if $compiler supports -c -o file.$ac_objext... " >&6; } -if ${lt_cv_prog_compiler_c_o+:} false; then : - $as_echo_n "(cached) " >&6 -else + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking if $compiler supports -c -o file.$ac_objext" >&5 +printf %s "checking if $compiler supports -c -o file.$ac_objext... " >&6; } +if test ${lt_cv_prog_compiler_c_o+y} +then : + printf %s "(cached) " >&6 +else $as_nop lt_cv_prog_compiler_c_o=no $RM -r conftest 2>/dev/null mkdir conftest @@ -11683,19 +13389,20 @@ $RM conftest* fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_cv_prog_compiler_c_o" >&5 -$as_echo "$lt_cv_prog_compiler_c_o" >&6; } +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $lt_cv_prog_compiler_c_o" >&5 +printf "%s\n" "$lt_cv_prog_compiler_c_o" >&6; } - { $as_echo "$as_me:${as_lineno-$LINENO}: checking if $compiler supports -c -o file.$ac_objext" >&5 -$as_echo_n "checking if $compiler supports -c -o file.$ac_objext... " >&6; } -if ${lt_cv_prog_compiler_c_o+:} false; then : - $as_echo_n "(cached) " >&6 -else + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking if $compiler supports -c -o file.$ac_objext" >&5 +printf %s "checking if $compiler supports -c -o file.$ac_objext... " >&6; } +if test ${lt_cv_prog_compiler_c_o+y} +then : + printf %s "(cached) " >&6 +else $as_nop lt_cv_prog_compiler_c_o=no $RM -r conftest 2>/dev/null mkdir conftest @@ -11738,8 +13445,8 @@ $RM conftest* fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_cv_prog_compiler_c_o" >&5 -$as_echo "$lt_cv_prog_compiler_c_o" >&6; } +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $lt_cv_prog_compiler_c_o" >&5 +printf "%s\n" "$lt_cv_prog_compiler_c_o" >&6; } @@ -11747,19 +13454,19 @@ hard_links=nottested if test no = "$lt_cv_prog_compiler_c_o" && test no != "$need_locks"; then # do not overwrite the value of need_locks provided by the user - { $as_echo "$as_me:${as_lineno-$LINENO}: checking if we can lock with hard links" >&5 -$as_echo_n "checking if we can lock with hard links... " >&6; } + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking if we can lock with hard links" >&5 +printf %s "checking if we can lock with hard links... " >&6; } hard_links=yes $RM conftest* ln conftest.a conftest.b 2>/dev/null && hard_links=no touch conftest.a ln conftest.a conftest.b 2>&5 || hard_links=no ln conftest.a conftest.b 2>/dev/null && hard_links=no - { $as_echo "$as_me:${as_lineno-$LINENO}: result: $hard_links" >&5 -$as_echo "$hard_links" >&6; } + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $hard_links" >&5 +printf "%s\n" "$hard_links" >&6; } if test no = "$hard_links"; then - { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: '$CC' does not support '-c -o', so 'make -j' may be unsafe" >&5 -$as_echo "$as_me: WARNING: '$CC' does not support '-c -o', so 'make -j' may be unsafe" >&2;} + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: WARNING: '$CC' does not support '-c -o', so 'make -j' may be unsafe" >&5 +printf "%s\n" "$as_me: WARNING: '$CC' does not support '-c -o', so 'make -j' may be unsafe" >&2;} need_locks=warn fi else @@ -11771,8 +13478,8 @@ - { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether the $compiler linker ($LD) supports shared libraries" >&5 -$as_echo_n "checking whether the $compiler linker ($LD) supports shared libraries... " >&6; } + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking whether the $compiler linker ($LD) supports shared libraries" >&5 +printf %s "checking whether the $compiler linker ($LD) supports shared libraries... " >&6; } runpath_var= allow_undefined_flag= @@ -12329,21 +14036,23 @@ if test set = "${lt_cv_aix_libpath+set}"; then aix_libpath=$lt_cv_aix_libpath else - if ${lt_cv_aix_libpath_+:} false; then : - $as_echo_n "(cached) " >&6 -else + if test ${lt_cv_aix_libpath_+y} +then : + printf %s "(cached) " >&6 +else $as_nop cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ int -main () +main (void) { ; return 0; } _ACEOF -if ac_fn_c_try_link "$LINENO"; then : +if ac_fn_c_try_link "$LINENO" +then : lt_aix_libpath_sed=' /Import File Strings/,/^$/ { @@ -12358,7 +14067,7 @@ lt_cv_aix_libpath_=`dump -HX64 conftest$ac_exeext 2>/dev/null | $SED -n -e "$lt_aix_libpath_sed"` fi fi -rm -f core conftest.err conftest.$ac_objext \ +rm -f core conftest.err conftest.$ac_objext conftest.beam \ conftest$ac_exeext conftest.$ac_ext if test -z "$lt_cv_aix_libpath_"; then lt_cv_aix_libpath_=/usr/lib:/lib @@ -12382,21 +14091,23 @@ if test set = "${lt_cv_aix_libpath+set}"; then aix_libpath=$lt_cv_aix_libpath else - if ${lt_cv_aix_libpath_+:} false; then : - $as_echo_n "(cached) " >&6 -else + if test ${lt_cv_aix_libpath_+y} +then : + printf %s "(cached) " >&6 +else $as_nop cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ int -main () +main (void) { ; return 0; } _ACEOF -if ac_fn_c_try_link "$LINENO"; then : +if ac_fn_c_try_link "$LINENO" +then : lt_aix_libpath_sed=' /Import File Strings/,/^$/ { @@ -12411,7 +14122,7 @@ lt_cv_aix_libpath_=`dump -HX64 conftest$ac_exeext 2>/dev/null | $SED -n -e "$lt_aix_libpath_sed"` fi fi -rm -f core conftest.err conftest.$ac_objext \ +rm -f core conftest.err conftest.$ac_objext conftest.beam \ conftest$ac_exeext conftest.$ac_ext if test -z "$lt_cv_aix_libpath_"; then lt_cv_aix_libpath_=/usr/lib:/lib @@ -12638,11 +14349,12 @@ hardcode_minus_L=yes # gcc-3.0.1 (collect2) breaks on -Wl,+cdp. # HP-cc ignores -Wl,+cdp, and we test the linker for +cdp support. - { $as_echo "$as_me:${as_lineno-$LINENO}: checking if +cdp linker flag works" >&5 -$as_echo_n "checking if +cdp linker flag works... " >&6; } -if ${lt_cv_ldflag_cdp_works+:} false; then : - $as_echo_n "(cached) " >&6 -else + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking if +cdp linker flag works" >&5 +printf %s "checking if +cdp linker flag works... " >&6; } +if test ${lt_cv_ldflag_cdp_works+y} +then : + printf %s "(cached) " >&6 +else $as_nop lt_cv_ldflag_cdp_works=no save_LDFLAGS=$LDFLAGS LDFLAGS="$LDFLAGS -Wl,+cdp -Wl,/usr/lib/libc.1:/nonexistent -Wl,+cdp -Wl,/lib/libc.1:/nonexistent" @@ -12650,25 +14362,26 @@ /* end confdefs.h. */ int -main () +main (void) { ; return 0; } _ACEOF -if ac_fn_c_try_link "$LINENO"; then : +if ac_fn_c_try_link "$LINENO" +then : lt_cv_ldflag_cdp_works=yes -else +else $as_nop lt_cv_ldflag_cdp_works=no fi -rm -f core conftest.err conftest.$ac_objext \ +rm -f core conftest.err conftest.$ac_objext conftest.beam \ conftest$ac_exeext conftest.$ac_ext LDFLAGS="$save_LDFLAGS" fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_cv_ldflag_cdp_works" >&5 -$as_echo "$lt_cv_ldflag_cdp_works" >&6; } +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $lt_cv_ldflag_cdp_works" >&5 +printf "%s\n" "$lt_cv_ldflag_cdp_works" >&6; } if test "$lt_cv_ldflag_cdp_works" = yes; then fix_hardcoded_libdir_flag_spec='${wl}+cdp ${wl}${linkdir}/${dlname}:${libdir}/${dlname}' fix_hardcoded_libdir_flag_spec_ld='+cdp ${linkdir}/${dlname}:${libdir}/${dlname}' @@ -12706,11 +14419,12 @@ # Older versions of the 11.00 compiler do not understand -b yet # (HP92453-01 A.11.01.20 doesn't, HP92453-01 B.11.X.35175-35176.GP does) - { $as_echo "$as_me:${as_lineno-$LINENO}: checking if $CC understands -b" >&5 -$as_echo_n "checking if $CC understands -b... " >&6; } -if ${lt_cv_prog_compiler__b+:} false; then : - $as_echo_n "(cached) " >&6 -else + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking if $CC understands -b" >&5 +printf %s "checking if $CC understands -b... " >&6; } +if test ${lt_cv_prog_compiler__b+y} +then : + printf %s "(cached) " >&6 +else $as_nop lt_cv_prog_compiler__b=no save_LDFLAGS=$LDFLAGS LDFLAGS="$LDFLAGS -b" @@ -12734,8 +14448,8 @@ LDFLAGS=$save_LDFLAGS fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_cv_prog_compiler__b" >&5 -$as_echo "$lt_cv_prog_compiler__b" >&6; } +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $lt_cv_prog_compiler__b" >&5 +printf "%s\n" "$lt_cv_prog_compiler__b" >&6; } if test yes = "$lt_cv_prog_compiler__b"; then @@ -12771,11 +14485,12 @@ hardcode_minus_L=yes # gcc-3.0.1 (collect2) breaks on -Wl,+cdp. # HP-cc ignores -Wl,+cdp, and we test the linker for +cdp support. - { $as_echo "$as_me:${as_lineno-$LINENO}: checking if +cdp linker flag works" >&5 -$as_echo_n "checking if +cdp linker flag works... " >&6; } -if ${lt_cv_ldflag_cdp_works+:} false; then : - $as_echo_n "(cached) " >&6 -else + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking if +cdp linker flag works" >&5 +printf %s "checking if +cdp linker flag works... " >&6; } +if test ${lt_cv_ldflag_cdp_works+y} +then : + printf %s "(cached) " >&6 +else $as_nop lt_cv_ldflag_cdp_works=no save_LDFLAGS=$LDFLAGS LDFLAGS="$LDFLAGS -Wl,+cdp -Wl,/usr/lib/libc.1:/nonexistent -Wl,+cdp -Wl,/lib/libc.1:/nonexistent" @@ -12783,25 +14498,26 @@ /* end confdefs.h. */ int -main () +main (void) { ; return 0; } _ACEOF -if ac_fn_c_try_link "$LINENO"; then : +if ac_fn_c_try_link "$LINENO" +then : lt_cv_ldflag_cdp_works=yes -else +else $as_nop lt_cv_ldflag_cdp_works=no fi -rm -f core conftest.err conftest.$ac_objext \ +rm -f core conftest.err conftest.$ac_objext conftest.beam \ conftest$ac_exeext conftest.$ac_ext LDFLAGS="$save_LDFLAGS" fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_cv_ldflag_cdp_works" >&5 -$as_echo "$lt_cv_ldflag_cdp_works" >&6; } +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $lt_cv_ldflag_cdp_works" >&5 +printf "%s\n" "$lt_cv_ldflag_cdp_works" >&6; } if test "$lt_cv_ldflag_cdp_works" = yes; then fix_hardcoded_libdir_flag_spec='${wl}+cdp ${wl}${linkdir}/${dlname}:${libdir}/${dlname}' fix_hardcoded_libdir_flag_spec_ld='+cdp ${linkdir}/${dlname}:${libdir}/${dlname}' @@ -12818,28 +14534,30 @@ # work, assume that -exports_file does not work either and # implicitly export all symbols. # This should be the same for all languages, so no per-tag cache variable. - { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether the $host_os linker accepts -exported_symbol" >&5 -$as_echo_n "checking whether the $host_os linker accepts -exported_symbol... " >&6; } -if ${lt_cv_irix_exported_symbol+:} false; then : - $as_echo_n "(cached) " >&6 -else + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking whether the $host_os linker accepts -exported_symbol" >&5 +printf %s "checking whether the $host_os linker accepts -exported_symbol... " >&6; } +if test ${lt_cv_irix_exported_symbol+y} +then : + printf %s "(cached) " >&6 +else $as_nop save_LDFLAGS=$LDFLAGS LDFLAGS="$LDFLAGS -shared $wl-exported_symbol ${wl}foo $wl-update_registry $wl/dev/null" cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ int foo (void) { return 0; } _ACEOF -if ac_fn_c_try_link "$LINENO"; then : +if ac_fn_c_try_link "$LINENO" +then : lt_cv_irix_exported_symbol=yes -else +else $as_nop lt_cv_irix_exported_symbol=no fi -rm -f core conftest.err conftest.$ac_objext \ +rm -f core conftest.err conftest.$ac_objext conftest.beam \ conftest$ac_exeext conftest.$ac_ext LDFLAGS=$save_LDFLAGS fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_cv_irix_exported_symbol" >&5 -$as_echo "$lt_cv_irix_exported_symbol" >&6; } +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $lt_cv_irix_exported_symbol" >&5 +printf "%s\n" "$lt_cv_irix_exported_symbol" >&6; } if test yes = "$lt_cv_irix_exported_symbol"; then archive_expsym_cmds='$CC -shared $pic_flag $libobjs $deplibs $compiler_flags $wl-soname $wl$soname `test -n "$verstring" && func_echo_all "$wl-set_version $wl$verstring"` $wl-update_registry $wl$output_objdir/so_locations $wl-exports_file $wl$export_symbols -o $lib' fi @@ -13119,8 +14837,8 @@ fi fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ld_shlibs" >&5 -$as_echo "$ld_shlibs" >&6; } +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ld_shlibs" >&5 +printf "%s\n" "$ld_shlibs" >&6; } test no = "$ld_shlibs" && can_build_shared=no with_gnu_ld=$with_gnu_ld @@ -13156,18 +14874,19 @@ # Test whether the compiler implicitly links with -lc since on some # systems, -lgcc has to come before -lc. If gcc already passes -lc # to ld, don't add -lc before -lgcc. - { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether -lc should be explicitly linked in" >&5 -$as_echo_n "checking whether -lc should be explicitly linked in... " >&6; } -if ${lt_cv_archive_cmds_need_lc+:} false; then : - $as_echo_n "(cached) " >&6 -else + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking whether -lc should be explicitly linked in" >&5 +printf %s "checking whether -lc should be explicitly linked in... " >&6; } +if test ${lt_cv_archive_cmds_need_lc+y} +then : + printf %s "(cached) " >&6 +else $as_nop $RM conftest* echo "$lt_simple_compile_test_code" > conftest.$ac_ext if { { eval echo "\"\$as_me\":${as_lineno-$LINENO}: \"$ac_compile\""; } >&5 (eval $ac_compile) 2>&5 ac_status=$? - $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 test $ac_status = 0; } 2>conftest.err; then soname=conftest lib=conftest @@ -13185,7 +14904,7 @@ if { { eval echo "\"\$as_me\":${as_lineno-$LINENO}: \"$archive_cmds 2\>\&1 \| $GREP \" -lc \" \>/dev/null 2\>\&1\""; } >&5 (eval $archive_cmds 2\>\&1 \| $GREP \" -lc \" \>/dev/null 2\>\&1) 2>&5 ac_status=$? - $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 test $ac_status = 0; } then lt_cv_archive_cmds_need_lc=no @@ -13199,8 +14918,8 @@ $RM conftest* fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_cv_archive_cmds_need_lc" >&5 -$as_echo "$lt_cv_archive_cmds_need_lc" >&6; } +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $lt_cv_archive_cmds_need_lc" >&5 +printf "%s\n" "$lt_cv_archive_cmds_need_lc" >&6; } archive_cmds_need_lc=$lt_cv_archive_cmds_need_lc ;; esac @@ -13369,8 +15088,8 @@ - { $as_echo "$as_me:${as_lineno-$LINENO}: checking dynamic linker characteristics" >&5 -$as_echo_n "checking dynamic linker characteristics... " >&6; } + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking dynamic linker characteristics" >&5 +printf %s "checking dynamic linker characteristics... " >&6; } if test yes = "$GCC"; then case $host_os in @@ -13931,9 +15650,10 @@ shlibpath_overrides_runpath=no # Some binutils ld are patched to set DT_RUNPATH - if ${lt_cv_shlibpath_overrides_runpath+:} false; then : - $as_echo_n "(cached) " >&6 -else + if test ${lt_cv_shlibpath_overrides_runpath+y} +then : + printf %s "(cached) " >&6 +else $as_nop lt_cv_shlibpath_overrides_runpath=no save_LDFLAGS=$LDFLAGS save_libdir=$libdir @@ -13943,19 +15663,21 @@ /* end confdefs.h. */ int -main () +main (void) { ; return 0; } _ACEOF -if ac_fn_c_try_link "$LINENO"; then : - if ($OBJDUMP -p conftest$ac_exeext) 2>/dev/null | grep "RUNPATH.*$libdir" >/dev/null; then : +if ac_fn_c_try_link "$LINENO" +then : + if ($OBJDUMP -p conftest$ac_exeext) 2>/dev/null | grep "RUNPATH.*$libdir" >/dev/null +then : lt_cv_shlibpath_overrides_runpath=yes fi fi -rm -f core conftest.err conftest.$ac_objext \ +rm -f core conftest.err conftest.$ac_objext conftest.beam \ conftest$ac_exeext conftest.$ac_ext LDFLAGS=$save_LDFLAGS libdir=$save_libdir @@ -14187,8 +15909,8 @@ dynamic_linker=no ;; esac -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $dynamic_linker" >&5 -$as_echo "$dynamic_linker" >&6; } +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $dynamic_linker" >&5 +printf "%s\n" "$dynamic_linker" >&6; } test no = "$dynamic_linker" && can_build_shared=no variables_saved_for_relink="PATH $shlibpath_var $runpath_var" @@ -14309,8 +16031,8 @@ - { $as_echo "$as_me:${as_lineno-$LINENO}: checking how to hardcode library paths into programs" >&5 -$as_echo_n "checking how to hardcode library paths into programs... " >&6; } + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking how to hardcode library paths into programs" >&5 +printf %s "checking how to hardcode library paths into programs... " >&6; } hardcode_action= if test -n "$hardcode_libdir_flag_spec" || test -n "$runpath_var" || @@ -14335,8 +16057,8 @@ # directories. hardcode_action=unsupported fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $hardcode_action" >&5 -$as_echo "$hardcode_action" >&6; } +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $hardcode_action" >&5 +printf "%s\n" "$hardcode_action" >&6; } if test relink = "$hardcode_action" || test yes = "$inherit_rpath"; then @@ -14380,11 +16102,12 @@ darwin*) # if libdl is installed we need to link against it - { $as_echo "$as_me:${as_lineno-$LINENO}: checking for dlopen in -ldl" >&5 -$as_echo_n "checking for dlopen in -ldl... " >&6; } -if ${ac_cv_lib_dl_dlopen+:} false; then : - $as_echo_n "(cached) " >&6 -else + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for dlopen in -ldl" >&5 +printf %s "checking for dlopen in -ldl... " >&6; } +if test ${ac_cv_lib_dl_dlopen+y} +then : + printf %s "(cached) " >&6 +else $as_nop ac_check_lib_save_LIBS=$LIBS LIBS="-ldl $LIBS" cat confdefs.h - <<_ACEOF >conftest.$ac_ext @@ -14393,32 +16116,31 @@ /* Override any GCC internal prototype to avoid an error. Use char because int might match the return type of a GCC builtin and then its argument prototype would still apply. */ -#ifdef __cplusplus -extern "C" -#endif char dlopen (); int -main () +main (void) { return dlopen (); ; return 0; } _ACEOF -if ac_fn_c_try_link "$LINENO"; then : +if ac_fn_c_try_link "$LINENO" +then : ac_cv_lib_dl_dlopen=yes -else +else $as_nop ac_cv_lib_dl_dlopen=no fi -rm -f core conftest.err conftest.$ac_objext \ +rm -f core conftest.err conftest.$ac_objext conftest.beam \ conftest$ac_exeext conftest.$ac_ext LIBS=$ac_check_lib_save_LIBS fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_dl_dlopen" >&5 -$as_echo "$ac_cv_lib_dl_dlopen" >&6; } -if test "x$ac_cv_lib_dl_dlopen" = xyes; then : +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_dl_dlopen" >&5 +printf "%s\n" "$ac_cv_lib_dl_dlopen" >&6; } +if test "x$ac_cv_lib_dl_dlopen" = xyes +then : lt_cv_dlopen=dlopen lt_cv_dlopen_libs=-ldl -else +else $as_nop lt_cv_dlopen=dyld lt_cv_dlopen_libs= @@ -14438,14 +16160,16 @@ *) ac_fn_c_check_func "$LINENO" "shl_load" "ac_cv_func_shl_load" -if test "x$ac_cv_func_shl_load" = xyes; then : +if test "x$ac_cv_func_shl_load" = xyes +then : lt_cv_dlopen=shl_load -else - { $as_echo "$as_me:${as_lineno-$LINENO}: checking for shl_load in -ldld" >&5 -$as_echo_n "checking for shl_load in -ldld... " >&6; } -if ${ac_cv_lib_dld_shl_load+:} false; then : - $as_echo_n "(cached) " >&6 -else +else $as_nop + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for shl_load in -ldld" >&5 +printf %s "checking for shl_load in -ldld... " >&6; } +if test ${ac_cv_lib_dld_shl_load+y} +then : + printf %s "(cached) " >&6 +else $as_nop ac_check_lib_save_LIBS=$LIBS LIBS="-ldld $LIBS" cat confdefs.h - <<_ACEOF >conftest.$ac_ext @@ -14454,41 +16178,42 @@ /* Override any GCC internal prototype to avoid an error. Use char because int might match the return type of a GCC builtin and then its argument prototype would still apply. */ -#ifdef __cplusplus -extern "C" -#endif char shl_load (); int -main () +main (void) { return shl_load (); ; return 0; } _ACEOF -if ac_fn_c_try_link "$LINENO"; then : +if ac_fn_c_try_link "$LINENO" +then : ac_cv_lib_dld_shl_load=yes -else +else $as_nop ac_cv_lib_dld_shl_load=no fi -rm -f core conftest.err conftest.$ac_objext \ +rm -f core conftest.err conftest.$ac_objext conftest.beam \ conftest$ac_exeext conftest.$ac_ext LIBS=$ac_check_lib_save_LIBS fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_dld_shl_load" >&5 -$as_echo "$ac_cv_lib_dld_shl_load" >&6; } -if test "x$ac_cv_lib_dld_shl_load" = xyes; then : +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_dld_shl_load" >&5 +printf "%s\n" "$ac_cv_lib_dld_shl_load" >&6; } +if test "x$ac_cv_lib_dld_shl_load" = xyes +then : lt_cv_dlopen=shl_load lt_cv_dlopen_libs=-ldld -else +else $as_nop ac_fn_c_check_func "$LINENO" "dlopen" "ac_cv_func_dlopen" -if test "x$ac_cv_func_dlopen" = xyes; then : +if test "x$ac_cv_func_dlopen" = xyes +then : lt_cv_dlopen=dlopen -else - { $as_echo "$as_me:${as_lineno-$LINENO}: checking for dlopen in -ldl" >&5 -$as_echo_n "checking for dlopen in -ldl... " >&6; } -if ${ac_cv_lib_dl_dlopen+:} false; then : - $as_echo_n "(cached) " >&6 -else +else $as_nop + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for dlopen in -ldl" >&5 +printf %s "checking for dlopen in -ldl... " >&6; } +if test ${ac_cv_lib_dl_dlopen+y} +then : + printf %s "(cached) " >&6 +else $as_nop ac_check_lib_save_LIBS=$LIBS LIBS="-ldl $LIBS" cat confdefs.h - <<_ACEOF >conftest.$ac_ext @@ -14497,37 +16222,37 @@ /* Override any GCC internal prototype to avoid an error. Use char because int might match the return type of a GCC builtin and then its argument prototype would still apply. */ -#ifdef __cplusplus -extern "C" -#endif char dlopen (); int -main () +main (void) { return dlopen (); ; return 0; } _ACEOF -if ac_fn_c_try_link "$LINENO"; then : +if ac_fn_c_try_link "$LINENO" +then : ac_cv_lib_dl_dlopen=yes -else +else $as_nop ac_cv_lib_dl_dlopen=no fi -rm -f core conftest.err conftest.$ac_objext \ +rm -f core conftest.err conftest.$ac_objext conftest.beam \ conftest$ac_exeext conftest.$ac_ext LIBS=$ac_check_lib_save_LIBS fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_dl_dlopen" >&5 -$as_echo "$ac_cv_lib_dl_dlopen" >&6; } -if test "x$ac_cv_lib_dl_dlopen" = xyes; then : +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_dl_dlopen" >&5 +printf "%s\n" "$ac_cv_lib_dl_dlopen" >&6; } +if test "x$ac_cv_lib_dl_dlopen" = xyes +then : lt_cv_dlopen=dlopen lt_cv_dlopen_libs=-ldl -else - { $as_echo "$as_me:${as_lineno-$LINENO}: checking for dlopen in -lsvld" >&5 -$as_echo_n "checking for dlopen in -lsvld... " >&6; } -if ${ac_cv_lib_svld_dlopen+:} false; then : - $as_echo_n "(cached) " >&6 -else +else $as_nop + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for dlopen in -lsvld" >&5 +printf %s "checking for dlopen in -lsvld... " >&6; } +if test ${ac_cv_lib_svld_dlopen+y} +then : + printf %s "(cached) " >&6 +else $as_nop ac_check_lib_save_LIBS=$LIBS LIBS="-lsvld $LIBS" cat confdefs.h - <<_ACEOF >conftest.$ac_ext @@ -14536,37 +16261,37 @@ /* Override any GCC internal prototype to avoid an error. Use char because int might match the return type of a GCC builtin and then its argument prototype would still apply. */ -#ifdef __cplusplus -extern "C" -#endif char dlopen (); int -main () +main (void) { return dlopen (); ; return 0; } _ACEOF -if ac_fn_c_try_link "$LINENO"; then : +if ac_fn_c_try_link "$LINENO" +then : ac_cv_lib_svld_dlopen=yes -else +else $as_nop ac_cv_lib_svld_dlopen=no fi -rm -f core conftest.err conftest.$ac_objext \ +rm -f core conftest.err conftest.$ac_objext conftest.beam \ conftest$ac_exeext conftest.$ac_ext LIBS=$ac_check_lib_save_LIBS fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_svld_dlopen" >&5 -$as_echo "$ac_cv_lib_svld_dlopen" >&6; } -if test "x$ac_cv_lib_svld_dlopen" = xyes; then : +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_svld_dlopen" >&5 +printf "%s\n" "$ac_cv_lib_svld_dlopen" >&6; } +if test "x$ac_cv_lib_svld_dlopen" = xyes +then : lt_cv_dlopen=dlopen lt_cv_dlopen_libs=-lsvld -else - { $as_echo "$as_me:${as_lineno-$LINENO}: checking for dld_link in -ldld" >&5 -$as_echo_n "checking for dld_link in -ldld... " >&6; } -if ${ac_cv_lib_dld_dld_link+:} false; then : - $as_echo_n "(cached) " >&6 -else +else $as_nop + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for dld_link in -ldld" >&5 +printf %s "checking for dld_link in -ldld... " >&6; } +if test ${ac_cv_lib_dld_dld_link+y} +then : + printf %s "(cached) " >&6 +else $as_nop ac_check_lib_save_LIBS=$LIBS LIBS="-ldld $LIBS" cat confdefs.h - <<_ACEOF >conftest.$ac_ext @@ -14575,30 +16300,29 @@ /* Override any GCC internal prototype to avoid an error. Use char because int might match the return type of a GCC builtin and then its argument prototype would still apply. */ -#ifdef __cplusplus -extern "C" -#endif char dld_link (); int -main () +main (void) { return dld_link (); ; return 0; } _ACEOF -if ac_fn_c_try_link "$LINENO"; then : +if ac_fn_c_try_link "$LINENO" +then : ac_cv_lib_dld_dld_link=yes -else +else $as_nop ac_cv_lib_dld_dld_link=no fi -rm -f core conftest.err conftest.$ac_objext \ +rm -f core conftest.err conftest.$ac_objext conftest.beam \ conftest$ac_exeext conftest.$ac_ext LIBS=$ac_check_lib_save_LIBS fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_dld_dld_link" >&5 -$as_echo "$ac_cv_lib_dld_dld_link" >&6; } -if test "x$ac_cv_lib_dld_dld_link" = xyes; then : +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_dld_dld_link" >&5 +printf "%s\n" "$ac_cv_lib_dld_dld_link" >&6; } +if test "x$ac_cv_lib_dld_dld_link" = xyes +then : lt_cv_dlopen=dld_link lt_cv_dlopen_libs=-ldld fi @@ -14637,11 +16361,12 @@ save_LIBS=$LIBS LIBS="$lt_cv_dlopen_libs $LIBS" - { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether a program can dlopen itself" >&5 -$as_echo_n "checking whether a program can dlopen itself... " >&6; } -if ${lt_cv_dlopen_self+:} false; then : - $as_echo_n "(cached) " >&6 -else + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking whether a program can dlopen itself" >&5 +printf %s "checking whether a program can dlopen itself... " >&6; } +if test ${lt_cv_dlopen_self+y} +then : + printf %s "(cached) " >&6 +else $as_nop if test yes = "$cross_compiling"; then : lt_cv_dlopen_self=cross else @@ -14720,7 +16445,7 @@ if { { eval echo "\"\$as_me\":${as_lineno-$LINENO}: \"$ac_link\""; } >&5 (eval $ac_link) 2>&5 ac_status=$? - $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 test $ac_status = 0; } && test -s "conftest$ac_exeext" 2>/dev/null; then (./conftest; exit; ) >&5 2>/dev/null lt_status=$? @@ -14738,16 +16463,17 @@ fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_cv_dlopen_self" >&5 -$as_echo "$lt_cv_dlopen_self" >&6; } +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $lt_cv_dlopen_self" >&5 +printf "%s\n" "$lt_cv_dlopen_self" >&6; } if test yes = "$lt_cv_dlopen_self"; then wl=$lt_prog_compiler_wl eval LDFLAGS=\"\$LDFLAGS $lt_prog_compiler_static\" - { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether a statically linked program can dlopen itself" >&5 -$as_echo_n "checking whether a statically linked program can dlopen itself... " >&6; } -if ${lt_cv_dlopen_self_static+:} false; then : - $as_echo_n "(cached) " >&6 -else + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking whether a statically linked program can dlopen itself" >&5 +printf %s "checking whether a statically linked program can dlopen itself... " >&6; } +if test ${lt_cv_dlopen_self_static+y} +then : + printf %s "(cached) " >&6 +else $as_nop if test yes = "$cross_compiling"; then : lt_cv_dlopen_self_static=cross else @@ -14826,7 +16552,7 @@ if { { eval echo "\"\$as_me\":${as_lineno-$LINENO}: \"$ac_link\""; } >&5 (eval $ac_link) 2>&5 ac_status=$? - $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 test $ac_status = 0; } && test -s "conftest$ac_exeext" 2>/dev/null; then (./conftest; exit; ) >&5 2>/dev/null lt_status=$? @@ -14844,8 +16570,8 @@ fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_cv_dlopen_self_static" >&5 -$as_echo "$lt_cv_dlopen_self_static" >&6; } +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $lt_cv_dlopen_self_static" >&5 +printf "%s\n" "$lt_cv_dlopen_self_static" >&6; } fi CPPFLAGS=$save_CPPFLAGS @@ -14883,13 +16609,13 @@ striplib= old_striplib= -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether stripping libraries is possible" >&5 -$as_echo_n "checking whether stripping libraries is possible... " >&6; } +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking whether stripping libraries is possible" >&5 +printf %s "checking whether stripping libraries is possible... " >&6; } if test -n "$STRIP" && $STRIP -V 2>&1 | $GREP "GNU strip" >/dev/null; then test -z "$old_striplib" && old_striplib="$STRIP --strip-debug" test -z "$striplib" && striplib="$STRIP --strip-unneeded" - { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 -$as_echo "yes" >&6; } + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: yes" >&5 +printf "%s\n" "yes" >&6; } else # FIXME - insert some real tests, host_os isn't really good enough case $host_os in @@ -14897,16 +16623,16 @@ if test -n "$STRIP"; then striplib="$STRIP -x" old_striplib="$STRIP -S" - { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 -$as_echo "yes" >&6; } + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: yes" >&5 +printf "%s\n" "yes" >&6; } else - { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 -$as_echo "no" >&6; } + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5 +printf "%s\n" "no" >&6; } fi ;; *) - { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 -$as_echo "no" >&6; } + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5 +printf "%s\n" "no" >&6; } ;; esac fi @@ -14923,13 +16649,13 @@ # Report what library types will actually be built - { $as_echo "$as_me:${as_lineno-$LINENO}: checking if libtool supports shared libraries" >&5 -$as_echo_n "checking if libtool supports shared libraries... " >&6; } - { $as_echo "$as_me:${as_lineno-$LINENO}: result: $can_build_shared" >&5 -$as_echo "$can_build_shared" >&6; } + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking if libtool supports shared libraries" >&5 +printf %s "checking if libtool supports shared libraries... " >&6; } + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $can_build_shared" >&5 +printf "%s\n" "$can_build_shared" >&6; } - { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether to build shared libraries" >&5 -$as_echo_n "checking whether to build shared libraries... " >&6; } + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking whether to build shared libraries" >&5 +printf %s "checking whether to build shared libraries... " >&6; } test no = "$can_build_shared" && enable_shared=no # On AIX, shared libraries and static libraries use the same namespace, and @@ -14953,15 +16679,15 @@ fi ;; esac - { $as_echo "$as_me:${as_lineno-$LINENO}: result: $enable_shared" >&5 -$as_echo "$enable_shared" >&6; } + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $enable_shared" >&5 +printf "%s\n" "$enable_shared" >&6; } - { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether to build static libraries" >&5 -$as_echo_n "checking whether to build static libraries... " >&6; } + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking whether to build static libraries" >&5 +printf %s "checking whether to build static libraries... " >&6; } # Make sure either enable_shared or enable_static is yes. test yes = "$enable_shared" || enable_static=yes - { $as_echo "$as_me:${as_lineno-$LINENO}: result: $enable_static" >&5 -$as_echo "$enable_static" >&6; } + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $enable_static" >&5 +printf "%s\n" "$enable_static" >&6; } @@ -15000,10 +16726,11 @@ # Check whether --with-libtool was given. -if test "${with_libtool+set}" = set; then : +if test ${with_libtool+y} +then : withval=$with_libtool; case $with_libtool in yes|builtin) ;; - no) as_fn_error $? "\"--without-libtool not supported.\"" "$LINENO" 5 + no) as_fn_error $? "--without-libtool not supported." "$LINENO" 5 ;; system) LIBTOOL=libtool ;; @@ -15014,6 +16741,7 @@ if test "$enable_shared" = "no"; then + enable_intercept=no with_noexec=no enable_dlopen=no lt_cv_dlopen=none @@ -15024,33 +16752,94 @@ LIBDL="$lt_cv_dlopen_libs" SHLIB_ENABLE="$enable_dlopen" -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking path to sudo_noexec.so" >&5 -$as_echo_n "checking path to sudo_noexec.so... " >&6; } +# Check whether --enable-intercept was given. +if test ${enable_intercept+y} +then : + enableval=$enable_intercept; case "$enableval" in + yes) ;; + no) ;; + *) intercept_file="$enableval" + ;; + esac + +else $as_nop + enable_intercept="$intercept_file" +fi + +INTERCEPTFILE="sudo_intercept.so" +INTERCEPTDIR="`echo $intercept_file|sed -e 's:^${\([^}]*\)}:$(\1):' -e 's:^\(.*\)/[^/]*:\1:'`" + # Check whether --with-noexec was given. -if test "${with_noexec+set}" = set; then : +if test ${with_noexec+y} +then : withval=$with_noexec; case $with_noexec in yes) ;; no) ;; *) noexec_file="$with_noexec" ;; esac -else +else $as_nop with_noexec="$noexec_file" fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $with_noexec" >&5 -$as_echo "$with_noexec" >&6; } NOEXECFILE="sudo_noexec.so" NOEXECDIR="`echo $noexec_file|sed -e 's:^${\([^}]*\)}:$(\1):' -e 's:^\(.*\)/[^/]*:\1:'`" +# Extract the first word of "sha1sum", so it can be a program name with args. +set dummy sha1sum; ac_word=$2 +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 +printf %s "checking for $ac_word... " >&6; } +if test ${ac_cv_path_SHA1SUM+y} +then : + printf %s "(cached) " >&6 +else $as_nop + case $SHA1SUM in + [\\/]* | ?:[\\/]*) + ac_cv_path_SHA1SUM="$SHA1SUM" # Let the user override the test with a path. + ;; + *) + as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH +do + IFS=$as_save_IFS + case $as_dir in #((( + '') as_dir=./ ;; + */) ;; + *) as_dir=$as_dir/ ;; + esac + for ac_exec_ext in '' $ac_executable_extensions; do + if as_fn_executable_p "$as_dir$ac_word$ac_exec_ext"; then + ac_cv_path_SHA1SUM="$as_dir$ac_word$ac_exec_ext" + printf "%s\n" "$as_me:${as_lineno-$LINENO}: found $as_dir$ac_word$ac_exec_ext" >&5 + break 2 + fi +done + done +IFS=$as_save_IFS + + test -z "$ac_cv_path_SHA1SUM" && ac_cv_path_SHA1SUM="openssl dgst -sha1" + ;; +esac +fi +SHA1SUM=$ac_cv_path_SHA1SUM +if test -n "$SHA1SUM"; then + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $SHA1SUM" >&5 +printf "%s\n" "$SHA1SUM" >&6; } +else + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5 +printf "%s\n" "no" >&6; } +fi + + # Extract the first word of "uname", so it can be a program name with args. set dummy uname; ac_word=$2 -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 -$as_echo_n "checking for $ac_word... " >&6; } -if ${ac_cv_path_UNAMEPROG+:} false; then : - $as_echo_n "(cached) " >&6 -else +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 +printf %s "checking for $ac_word... " >&6; } +if test ${ac_cv_path_UNAMEPROG+y} +then : + printf %s "(cached) " >&6 +else $as_nop case $UNAMEPROG in [\\/]* | ?:[\\/]*) ac_cv_path_UNAMEPROG="$UNAMEPROG" # Let the user override the test with a path. @@ -15060,11 +16849,15 @@ for as_dir in $PATH do IFS=$as_save_IFS - test -z "$as_dir" && as_dir=. + case $as_dir in #((( + '') as_dir=./ ;; + */) ;; + *) as_dir=$as_dir/ ;; + esac for ac_exec_ext in '' $ac_executable_extensions; do - if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then - ac_cv_path_UNAMEPROG="$as_dir/$ac_word$ac_exec_ext" - $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 + if as_fn_executable_p "$as_dir$ac_word$ac_exec_ext"; then + ac_cv_path_UNAMEPROG="$as_dir$ac_word$ac_exec_ext" + printf "%s\n" "$as_me:${as_lineno-$LINENO}: found $as_dir$ac_word$ac_exec_ext" >&5 break 2 fi done @@ -15077,21 +16870,22 @@ fi UNAMEPROG=$ac_cv_path_UNAMEPROG if test -n "$UNAMEPROG"; then - { $as_echo "$as_me:${as_lineno-$LINENO}: result: $UNAMEPROG" >&5 -$as_echo "$UNAMEPROG" >&6; } + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $UNAMEPROG" >&5 +printf "%s\n" "$UNAMEPROG" >&6; } else - { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 -$as_echo "no" >&6; } + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5 +printf "%s\n" "no" >&6; } fi # Extract the first word of "tr", so it can be a program name with args. set dummy tr; ac_word=$2 -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 -$as_echo_n "checking for $ac_word... " >&6; } -if ${ac_cv_path_TRPROG+:} false; then : - $as_echo_n "(cached) " >&6 -else +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 +printf %s "checking for $ac_word... " >&6; } +if test ${ac_cv_path_TRPROG+y} +then : + printf %s "(cached) " >&6 +else $as_nop case $TRPROG in [\\/]* | ?:[\\/]*) ac_cv_path_TRPROG="$TRPROG" # Let the user override the test with a path. @@ -15101,11 +16895,15 @@ for as_dir in $PATH do IFS=$as_save_IFS - test -z "$as_dir" && as_dir=. + case $as_dir in #((( + '') as_dir=./ ;; + */) ;; + *) as_dir=$as_dir/ ;; + esac for ac_exec_ext in '' $ac_executable_extensions; do - if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then - ac_cv_path_TRPROG="$as_dir/$ac_word$ac_exec_ext" - $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 + if as_fn_executable_p "$as_dir$ac_word$ac_exec_ext"; then + ac_cv_path_TRPROG="$as_dir$ac_word$ac_exec_ext" + printf "%s\n" "$as_me:${as_lineno-$LINENO}: found $as_dir$ac_word$ac_exec_ext" >&5 break 2 fi done @@ -15118,21 +16916,22 @@ fi TRPROG=$ac_cv_path_TRPROG if test -n "$TRPROG"; then - { $as_echo "$as_me:${as_lineno-$LINENO}: result: $TRPROG" >&5 -$as_echo "$TRPROG" >&6; } + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $TRPROG" >&5 +printf "%s\n" "$TRPROG" >&6; } else - { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 -$as_echo "no" >&6; } + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5 +printf "%s\n" "no" >&6; } fi # Extract the first word of "mandoc", so it can be a program name with args. set dummy mandoc; ac_word=$2 -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 -$as_echo_n "checking for $ac_word... " >&6; } -if ${ac_cv_path_MANDOCPROG+:} false; then : - $as_echo_n "(cached) " >&6 -else +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 +printf %s "checking for $ac_word... " >&6; } +if test ${ac_cv_path_MANDOCPROG+y} +then : + printf %s "(cached) " >&6 +else $as_nop case $MANDOCPROG in [\\/]* | ?:[\\/]*) ac_cv_path_MANDOCPROG="$MANDOCPROG" # Let the user override the test with a path. @@ -15142,11 +16941,15 @@ for as_dir in $PATH do IFS=$as_save_IFS - test -z "$as_dir" && as_dir=. + case $as_dir in #((( + '') as_dir=./ ;; + */) ;; + *) as_dir=$as_dir/ ;; + esac for ac_exec_ext in '' $ac_executable_extensions; do - if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then - ac_cv_path_MANDOCPROG="$as_dir/$ac_word$ac_exec_ext" - $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 + if as_fn_executable_p "$as_dir$ac_word$ac_exec_ext"; then + ac_cv_path_MANDOCPROG="$as_dir$ac_word$ac_exec_ext" + printf "%s\n" "$as_me:${as_lineno-$LINENO}: found $as_dir$ac_word$ac_exec_ext" >&5 break 2 fi done @@ -15159,11 +16962,11 @@ fi MANDOCPROG=$ac_cv_path_MANDOCPROG if test -n "$MANDOCPROG"; then - { $as_echo "$as_me:${as_lineno-$LINENO}: result: $MANDOCPROG" >&5 -$as_echo "$MANDOCPROG" >&6; } + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $MANDOCPROG" >&5 +printf "%s\n" "$MANDOCPROG" >&6; } else - { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 -$as_echo "no" >&6; } + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5 +printf "%s\n" "no" >&6; } fi @@ -15172,11 +16975,12 @@ else # Extract the first word of "nroff", so it can be a program name with args. set dummy nroff; ac_word=$2 -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 -$as_echo_n "checking for $ac_word... " >&6; } -if ${ac_cv_path_NROFFPROG+:} false; then : - $as_echo_n "(cached) " >&6 -else +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 +printf %s "checking for $ac_word... " >&6; } +if test ${ac_cv_path_NROFFPROG+y} +then : + printf %s "(cached) " >&6 +else $as_nop case $NROFFPROG in [\\/]* | ?:[\\/]*) ac_cv_path_NROFFPROG="$NROFFPROG" # Let the user override the test with a path. @@ -15186,11 +16990,15 @@ for as_dir in $PATH do IFS=$as_save_IFS - test -z "$as_dir" && as_dir=. + case $as_dir in #((( + '') as_dir=./ ;; + */) ;; + *) as_dir=$as_dir/ ;; + esac for ac_exec_ext in '' $ac_executable_extensions; do - if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then - ac_cv_path_NROFFPROG="$as_dir/$ac_word$ac_exec_ext" - $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 + if as_fn_executable_p "$as_dir$ac_word$ac_exec_ext"; then + ac_cv_path_NROFFPROG="$as_dir$ac_word$ac_exec_ext" + printf "%s\n" "$as_me:${as_lineno-$LINENO}: found $as_dir$ac_word$ac_exec_ext" >&5 break 2 fi done @@ -15202,21 +17010,22 @@ fi NROFFPROG=$ac_cv_path_NROFFPROG if test -n "$NROFFPROG"; then - { $as_echo "$as_me:${as_lineno-$LINENO}: result: $NROFFPROG" >&5 -$as_echo "$NROFFPROG" >&6; } + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $NROFFPROG" >&5 +printf "%s\n" "$NROFFPROG" >&6; } else - { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 -$as_echo "no" >&6; } + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5 +printf "%s\n" "no" >&6; } fi if test -n "$NROFFPROG"; then test -n "$MANTYPE" && sudo_cv_var_mantype="$MANTYPE" - { $as_echo "$as_me:${as_lineno-$LINENO}: checking which macro set to use for manual pages" >&5 -$as_echo_n "checking which macro set to use for manual pages... " >&6; } -if ${sudo_cv_var_mantype+:} false; then : - $as_echo_n "(cached) " >&6 -else + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking which macro set to use for manual pages" >&5 +printf %s "checking which macro set to use for manual pages... " >&6; } +if test ${sudo_cv_var_mantype+y} +then : + printf %s "(cached) " >&6 +else $as_nop sudo_cv_var_mantype="man" echo ".Sh NAME" > conftest @@ -15231,8 +17040,8 @@ fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $sudo_cv_var_mantype" >&5 -$as_echo "$sudo_cv_var_mantype" >&6; } +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $sudo_cv_var_mantype" >&5 +printf "%s\n" "$sudo_cv_var_mantype" >&6; } MANTYPE="$sudo_cv_var_mantype" else : ${MANTYPE='mdoc'} @@ -15242,27 +17051,15 @@ if test -n "$sudo_cv_prev_host"; then if test "$sudo_cv_prev_host" != "$host"; then as_fn_error $? "config.cache was created on a different host; remove it and re-run configure." "$LINENO" 5 - else - { $as_echo "$as_me:${as_lineno-$LINENO}: checking previous host type" >&5 -$as_echo_n "checking previous host type... " >&6; } - if ${sudo_cv_prev_host+:} false; then : - $as_echo_n "(cached) " >&6 -else - sudo_cv_prev_host="$host" -fi - - { $as_echo "$as_me:${as_lineno-$LINENO}: result: $sudo_cv_prev_host" >&5 -$as_echo "$sudo_cv_prev_host" >&6; } fi -else - # this will produce no output since there is no cached value - if ${sudo_cv_prev_host+:} false; then : - $as_echo_n "(cached) " >&6 -else +fi +if test ${sudo_cv_prev_host+y} +then : + printf %s "(cached) " >&6 +else $as_nop sudo_cv_prev_host="$host" fi -fi if test -n "$host_os"; then OS=`echo $host_os | sed 's/[0-9].*//'` @@ -15276,12 +17073,17 @@ case "$host" in *-*-solaris2*) - $as_echo "#define PAM_SUN_CODEBASE 1" >>confdefs.h + printf "%s\n" "#define PAM_SUN_CODEBASE 1" >>confdefs.h # LD_PRELOAD is space-delimited RTLD_PRELOAD_DELIM=" " + # illumos has a broken fmemopen(3) + if test X"`uname -o 2>/dev/null`" = X"illumos"; then + : ${ac_cv_func_fmemopen='no'} + fi + # Solaris-specific initialization OS_INIT=os_init_solaris SUDO_OBJS="${SUDO_OBJS} solaris.o" @@ -15293,24 +17095,24 @@ : ${mansectsu='1m'} : ${mansectform='4'} test -z "$with_pam" && AUTH_EXCL_DEF="PAM" - for ac_func in priv_set + + for ac_func in priv_set do : ac_fn_c_check_func "$LINENO" "priv_set" "ac_cv_func_priv_set" -if test "x$ac_cv_func_priv_set" = xyes; then : - cat >>confdefs.h <<_ACEOF -#define HAVE_PRIV_SET 1 -_ACEOF +if test "x$ac_cv_func_priv_set" = xyes +then : + printf "%s\n" "#define HAVE_PRIV_SET 1" >>confdefs.h PSMAN=1 fi -done +done ;; *-*-aix*) - $as_echo "#define PAM_SUN_CODEBASE 1" >>confdefs.h + printf "%s\n" "#define PAM_SUN_CODEBASE 1" >>confdefs.h # To get all prototypes (so we pass -Wall) - $as_echo "#define _LINUX_SOURCE_COMPAT 1" >>confdefs.h + printf "%s\n" "#define _LINUX_SOURCE_COMPAT 1" >>confdefs.h # For AIX we build in support for both LAM and PAM @@ -15323,7 +17125,8 @@ # AIX analog of nsswitch.conf, enabled by default # Check whether --with-netsvc was given. -if test "${with_netsvc+set}" = set; then : +if test ${with_netsvc+y} +then : withval=$with_netsvc; case $with_netsvc in no) ;; yes) with_netsvc="/etc/netsvc.conf" @@ -15349,14 +17152,20 @@ # strnlen/strndup may be broken on AIX < 6 depending # on the libc version, use our own. if test $OSMAJOR -lt 6; then - ac_cv_func_strnlen=no + : ${ac_cv_func_strnlen='no'} + fi + + # fmemopen(3) may be broken on AIX < 7.1 depending + # on the libc version. + if test $OSMAJOR -lt 7; then + : ${ac_cv_func_fmemopen='no'} fi # getdelim() may or may not be present on AIX <= 6.1. # bos610 is missing getdelim but bos61J has it. if test "$enable_package_build" = "yes"; then if test $OSMAJOR -le 6; then - ac_cv_func_getdelim=no + : ${ac_cv_func_getdelim='no'} fi fi @@ -15364,7 +17173,7 @@ # bos710 is missing memset_s but bos71L has it. if test "$enable_package_build" = "yes"; then if test $OSMAJOR -le 7; then - ac_cv_func_memset_s=no + : ${ac_cv_func_memset_s='no'} fi fi @@ -15374,39 +17183,39 @@ RC_LINK=/etc/rc.d/rc2.d/S90sudo # AIX-specific functions - for ac_func in getuserattr setrlimit64 -do : - as_ac_var=`$as_echo "ac_cv_func_$ac_func" | $as_tr_sh` -ac_fn_c_check_func "$LINENO" "$ac_func" "$as_ac_var" -if eval test \"x\$"$as_ac_var"\" = x"yes"; then : - cat >>confdefs.h <<_ACEOF -#define `$as_echo "HAVE_$ac_func" | $as_tr_cpp` 1 -_ACEOF + ac_fn_c_check_func "$LINENO" "getuserattr" "ac_cv_func_getuserattr" +if test "x$ac_cv_func_getuserattr" = xyes +then : + printf "%s\n" "#define HAVE_GETUSERATTR 1" >>confdefs.h fi -done +ac_fn_c_check_func "$LINENO" "setrlimit64" "ac_cv_func_setrlimit64" +if test "x$ac_cv_func_setrlimit64" = xyes +then : + printf "%s\n" "#define HAVE_SETRLIMIT64 1" >>confdefs.h + +fi + - for ac_func in setauthdb + for ac_func in setauthdb do : ac_fn_c_check_func "$LINENO" "setauthdb" "ac_cv_func_setauthdb" -if test "x$ac_cv_func_setauthdb" = xyes; then : - cat >>confdefs.h <<_ACEOF -#define HAVE_SETAUTHDB 1 -_ACEOF +if test "x$ac_cv_func_setauthdb" = xyes +then : + printf "%s\n" "#define HAVE_SETAUTHDB 1" >>confdefs.h ac_fn_c_check_type "$LINENO" "authdb_t" "ac_cv_type_authdb_t" "#include " -if test "x$ac_cv_type_authdb_t" = xyes; then : +if test "x$ac_cv_type_authdb_t" = xyes +then : -cat >>confdefs.h <<_ACEOF -#define HAVE_AUTHDB_T 1 -_ACEOF +printf "%s\n" "#define HAVE_AUTHDB_T 1" >>confdefs.h fi fi -done +done COMMON_OBJS="${COMMON_OBJS} aix.lo" @@ -15417,39 +17226,115 @@ # These prototypes may be missing - ac_fn_c_check_decl "$LINENO" "usrinfo" "ac_cv_have_decl_usrinfo" " + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $CC options needed to detect all undeclared functions" >&5 +printf %s "checking for $CC options needed to detect all undeclared functions... " >&6; } +if test ${ac_cv_c_undeclared_builtin_options+y} +then : + printf %s "(cached) " >&6 +else $as_nop + ac_save_CFLAGS=$CFLAGS + ac_cv_c_undeclared_builtin_options='cannot detect' + for ac_arg in '' -fno-builtin; do + CFLAGS="$ac_save_CFLAGS $ac_arg" + # This test program should *not* compile successfully. + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +int +main (void) +{ +(void) strchr; + ; + return 0; +} +_ACEOF +if ac_fn_c_try_compile "$LINENO" +then : + +else $as_nop + # This test program should compile successfully. + # No library function is consistently available on + # freestanding implementations, so test against a dummy + # declaration. Include always-available headers on the + # off chance that they somehow elicit warnings. + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +#include +#include +#include +#include +extern void ac_decl (int, char *); + +int +main (void) +{ +(void) ac_decl (0, (char *) 0); + (void) ac_decl; + + ; + return 0; +} +_ACEOF +if ac_fn_c_try_compile "$LINENO" +then : + if test x"$ac_arg" = x +then : + ac_cv_c_undeclared_builtin_options='none needed' +else $as_nop + ac_cv_c_undeclared_builtin_options=$ac_arg +fi + break +fi +rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext +fi +rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext + done + CFLAGS=$ac_save_CFLAGS + +fi +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_c_undeclared_builtin_options" >&5 +printf "%s\n" "$ac_cv_c_undeclared_builtin_options" >&6; } + case $ac_cv_c_undeclared_builtin_options in #( + 'cannot detect') : + { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5 +printf "%s\n" "$as_me: error: in \`$ac_pwd':" >&2;} +as_fn_error $? "cannot make $CC report undeclared builtins +See \`config.log' for more details" "$LINENO" 5; } ;; #( + 'none needed') : + ac_c_undeclared_builtin_options='' ;; #( + *) : + ac_c_undeclared_builtin_options=$ac_cv_c_undeclared_builtin_options ;; +esac + +ac_fn_check_decl "$LINENO" "usrinfo" "ac_cv_have_decl_usrinfo" " #include #include -" -if test "x$ac_cv_have_decl_usrinfo" = xyes; then : +" "$ac_c_undeclared_builtin_options" "CFLAGS" +if test "x$ac_cv_have_decl_usrinfo" = xyes +then : ac_have_decl=1 -else +else $as_nop ac_have_decl=0 fi +printf "%s\n" "#define HAVE_DECL_USRINFO $ac_have_decl" >>confdefs.h -cat >>confdefs.h <<_ACEOF -#define HAVE_DECL_USRINFO $ac_have_decl -_ACEOF - - ac_fn_c_check_decl "$LINENO" "setauthdb" "ac_cv_have_decl_setauthdb" " + ac_fn_check_decl "$LINENO" "setauthdb" "ac_cv_have_decl_setauthdb" " #include #include -" -if test "x$ac_cv_have_decl_setauthdb" = xyes; then : +" "$ac_c_undeclared_builtin_options" "CFLAGS" +if test "x$ac_cv_have_decl_setauthdb" = xyes +then : ac_have_decl=1 -else +else $as_nop ac_have_decl=0 fi - -cat >>confdefs.h <<_ACEOF -#define HAVE_DECL_SETAUTHDB $ac_have_decl -_ACEOF +printf "%s\n" "#define HAVE_DECL_SETAUTHDB $ac_have_decl" >>confdefs.h ;; *-*-hiuxmpp*) - $as_echo "#define PAM_SUN_CODEBASE 1" >>confdefs.h + printf "%s\n" "#define PAM_SUN_CODEBASE 1" >>confdefs.h : ${mansectsu='1m'} @@ -15467,21 +17352,22 @@ # HP-UX won't unlink a shared lib that is open INSTALL_BACKUP='~' - for ac_func in pstat_getproc gethrtime -do : - as_ac_var=`$as_echo "ac_cv_func_$ac_func" | $as_tr_sh` -ac_fn_c_check_func "$LINENO" "$ac_func" "$as_ac_var" -if eval test \"x\$"$as_ac_var"\" = x"yes"; then : - cat >>confdefs.h <<_ACEOF -#define `$as_echo "HAVE_$ac_func" | $as_tr_cpp` 1 -_ACEOF + ac_fn_c_check_func "$LINENO" "pstat_getproc" "ac_cv_func_pstat_getproc" +if test "x$ac_cv_func_pstat_getproc" = xyes +then : + printf "%s\n" "#define HAVE_PSTAT_GETPROC 1" >>confdefs.h + +fi +ac_fn_c_check_func "$LINENO" "gethrtime" "ac_cv_func_gethrtime" +if test "x$ac_cv_func_gethrtime" = xyes +then : + printf "%s\n" "#define HAVE_GETHRTIME 1" >>confdefs.h fi -done ;; *-*-hpux*) - $as_echo "#define PAM_SUN_CODEBASE 1" >>confdefs.h + printf "%s\n" "#define PAM_SUN_CODEBASE 1" >>confdefs.h # AFS support needs -lBSD @@ -15505,11 +17391,12 @@ # The HP bundled compiler cannot generate shared libs if test -z "$GCC"; then - { $as_echo "$as_me:${as_lineno-$LINENO}: checking for HP bundled C compiler" >&5 -$as_echo_n "checking for HP bundled C compiler... " >&6; } -if ${sudo_cv_var_hpccbundled+:} false; then : - $as_echo_n "(cached) " >&6 -else + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for HP bundled C compiler" >&5 +printf %s "checking for HP bundled C compiler... " >&6; } +if test ${sudo_cv_var_hpccbundled+y} +then : + printf %s "(cached) " >&6 +else $as_nop if $CC -V 2>&1 | grep '^(Bundled)' >/dev/null 2>&1; then sudo_cv_var_hpccbundled=yes else @@ -15517,8 +17404,8 @@ fi fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $sudo_cv_var_hpccbundled" >&5 -$as_echo "$sudo_cv_var_hpccbundled" >&6; } +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $sudo_cv_var_hpccbundled" >&5 +printf "%s\n" "$sudo_cv_var_hpccbundled" >&6; } if test "$sudo_cv_var_hpccbundled" = "yes"; then as_fn_error $? "The HP bundled C compiler is unable to build Sudo, you must use gcc or the HP ANSI C compiler instead." "$LINENO" 5 fi @@ -15534,35 +17421,37 @@ portable_flag="+DAportable" fi CFLAGS="$CFLAGS $portable_flag" - { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether $CC understands $portable_flag" >&5 -$as_echo_n "checking whether $CC understands $portable_flag... " >&6; } -if ${sudo_cv_var_daportable+:} false; then : - $as_echo_n "(cached) " >&6 -else + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking whether $CC understands $portable_flag" >&5 +printf %s "checking whether $CC understands $portable_flag... " >&6; } +if test ${sudo_cv_var_daportable+y} +then : + printf %s "(cached) " >&6 +else $as_nop cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ int -main () +main (void) { ; return 0; } _ACEOF -if ac_fn_c_try_link "$LINENO"; then : +if ac_fn_c_try_link "$LINENO" +then : sudo_cv_var_daportable=yes -else +else $as_nop sudo_cv_var_daportable=no fi -rm -f core conftest.err conftest.$ac_objext \ +rm -f core conftest.err conftest.$ac_objext conftest.beam \ conftest$ac_exeext conftest.$ac_ext fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $sudo_cv_var_daportable" >&5 -$as_echo "$sudo_cv_var_daportable" >&6; } +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $sudo_cv_var_daportable" >&5 +printf "%s\n" "$sudo_cv_var_daportable" >&6; } if test X"$sudo_cv_var_daportable" != X"yes"; then CFLAGS="$_CFLAGS" fi @@ -15582,78 +17471,70 @@ test -z "$with_pam" && AUTH_EXCL_DEF="PAM" ;; esac - for ac_func in pstat_getproc gethrtime -do : - as_ac_var=`$as_echo "ac_cv_func_$ac_func" | $as_tr_sh` -ac_fn_c_check_func "$LINENO" "$ac_func" "$as_ac_var" -if eval test \"x\$"$as_ac_var"\" = x"yes"; then : - cat >>confdefs.h <<_ACEOF -#define `$as_echo "HAVE_$ac_func" | $as_tr_cpp` 1 -_ACEOF + ac_fn_c_check_func "$LINENO" "pstat_getproc" "ac_cv_func_pstat_getproc" +if test "x$ac_cv_func_pstat_getproc" = xyes +then : + printf "%s\n" "#define HAVE_PSTAT_GETPROC 1" >>confdefs.h + +fi +ac_fn_c_check_func "$LINENO" "gethrtime" "ac_cv_func_gethrtime" +if test "x$ac_cv_func_gethrtime" = xyes +then : + printf "%s\n" "#define HAVE_GETHRTIME 1" >>confdefs.h fi -done ;; *-dec-osf*) # ignore envariables wrt dynamic lib path -if ${SUDO_LDFLAGS+:} false; then : +if test ${SUDO_LDFLAGS+y} +then : case " $SUDO_LDFLAGS " in #( *" -Wl,-no_library_replacement "*) : - { { $as_echo "$as_me:${as_lineno-$LINENO}: : SUDO_LDFLAGS already contains -Wl,-no_library_replacement"; } >&5 + { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: : SUDO_LDFLAGS already contains -Wl,-no_library_replacement"; } >&5 (: SUDO_LDFLAGS already contains -Wl,-no_library_replacement) 2>&5 ac_status=$? - $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 test $ac_status = 0; } ;; #( *) : as_fn_append SUDO_LDFLAGS " -Wl,-no_library_replacement" - { { $as_echo "$as_me:${as_lineno-$LINENO}: : SUDO_LDFLAGS=\"\$SUDO_LDFLAGS\""; } >&5 + { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: : SUDO_LDFLAGS=\"\$SUDO_LDFLAGS\""; } >&5 (: SUDO_LDFLAGS="$SUDO_LDFLAGS") 2>&5 ac_status=$? - $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 test $ac_status = 0; } ;; esac -else +else $as_nop SUDO_LDFLAGS=-Wl,-no_library_replacement - { { $as_echo "$as_me:${as_lineno-$LINENO}: : SUDO_LDFLAGS=\"\$SUDO_LDFLAGS\""; } >&5 + { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: : SUDO_LDFLAGS=\"\$SUDO_LDFLAGS\""; } >&5 (: SUDO_LDFLAGS="$SUDO_LDFLAGS") 2>&5 ac_status=$? - $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 test $ac_status = 0; } fi : ${CHECKSIA='true'} - { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether to disable sia support on Digital UNIX" >&5 -$as_echo_n "checking whether to disable sia support on Digital UNIX... " >&6; } # Check whether --enable-sia was given. -if test "${enable_sia+set}" = set; then : +if test ${enable_sia+y} +then : enableval=$enable_sia; case "$enableval" in - yes) { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 -$as_echo "no" >&6; } - CHECKSIA=true + yes) CHECKSIA=true ;; - no) { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 -$as_echo "yes" >&6; } - CHECKSIA=false + no) CHECKSIA=false ;; - *) { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 -$as_echo "no" >&6; } - { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: Ignoring unknown argument to --enable-sia: $enableval" >&5 -$as_echo "$as_me: WARNING: Ignoring unknown argument to --enable-sia: $enableval" >&2;} + *) { printf "%s\n" "$as_me:${as_lineno-$LINENO}: WARNING: ignoring unknown argument to --enable-sia: $enableval" >&5 +printf "%s\n" "$as_me: WARNING: ignoring unknown argument to --enable-sia: $enableval" >&2;} ;; esac -else - { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 -$as_echo "no" >&6; } fi @@ -15673,8 +17554,8 @@ # copy of prot.h, which we need for shadow passwords. # XXX - make should remove this as part of distclean # - { $as_echo "$as_me:${as_lineno-$LINENO}: checking for broken prot.h" >&5 -$as_echo_n "checking for broken prot.h... " >&6; } + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for broken prot.h" >&5 +printf %s "checking for broken prot.h... " >&6; } cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ @@ -15683,23 +17564,24 @@ #include int -main () +main (void) { return(0); ; return 0; } _ACEOF -if ac_fn_c_try_compile "$LINENO"; then : - { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 -$as_echo "no" >&6; } -else - { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes, fixing locally" >&5 -$as_echo "yes, fixing locally" >&6; } +if ac_fn_c_try_compile "$LINENO" +then : + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5 +printf "%s\n" "no" >&6; } +else $as_nop + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: yes, fixing locally" >&5 +printf "%s\n" "yes, fixing locally" >&6; } sed 's:::g' < /usr/include/prot.h > prot.h fi -rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext +rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext # ":DEFAULT" must be appended to _RLD_LIST RTLD_PRELOAD_VAR="_RLD_LIST" RTLD_PRELOAD_DEFAULT="DEFAULT" @@ -15707,7 +17589,7 @@ : ${mansectform='4'} ;; *-*-irix*) - $as_echo "#define _BSD_TYPES 1" >>confdefs.h + printf "%s\n" "#define _BSD_TYPES 1" >>confdefs.h if test "$prefix" = "/usr/local" -a "$mandir" = '${datarootdir}/man'; then if test -d "/usr/share/man/local"; then @@ -15718,11 +17600,12 @@ fi # IRIX <= 4 needs -lsun if test "$OSMAJOR" -le 4; then - { $as_echo "$as_me:${as_lineno-$LINENO}: checking for getpwnam in -lsun" >&5 -$as_echo_n "checking for getpwnam in -lsun... " >&6; } -if ${ac_cv_lib_sun_getpwnam+:} false; then : - $as_echo_n "(cached) " >&6 -else + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for getpwnam in -lsun" >&5 +printf %s "checking for getpwnam in -lsun... " >&6; } +if test ${ac_cv_lib_sun_getpwnam+y} +then : + printf %s "(cached) " >&6 +else $as_nop ac_check_lib_save_LIBS=$LIBS LIBS="-lsun $LIBS" cat confdefs.h - <<_ACEOF >conftest.$ac_ext @@ -15731,30 +17614,29 @@ /* Override any GCC internal prototype to avoid an error. Use char because int might match the return type of a GCC builtin and then its argument prototype would still apply. */ -#ifdef __cplusplus -extern "C" -#endif char getpwnam (); int -main () +main (void) { return getpwnam (); ; return 0; } _ACEOF -if ac_fn_c_try_link "$LINENO"; then : +if ac_fn_c_try_link "$LINENO" +then : ac_cv_lib_sun_getpwnam=yes -else +else $as_nop ac_cv_lib_sun_getpwnam=no fi -rm -f core conftest.err conftest.$ac_objext \ +rm -f core conftest.err conftest.$ac_objext conftest.beam \ conftest$ac_exeext conftest.$ac_ext LIBS=$ac_check_lib_save_LIBS fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_sun_getpwnam" >&5 -$as_echo "$ac_cv_lib_sun_getpwnam" >&6; } -if test "x$ac_cv_lib_sun_getpwnam" = xyes; then : +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_sun_getpwnam" >&5 +printf "%s\n" "$ac_cv_lib_sun_getpwnam" >&6; } +if test "x$ac_cv_lib_sun_getpwnam" = xyes +then : LIBS="${LIBS} -lsun" fi @@ -15769,184 +17651,39 @@ shadow_funcs="getspnam" test -z "$with_pam" && AUTH_EXCL_DEF="PAM" # Check for SECCOMP_SET_MODE_FILTER in linux/seccomp.h - ac_fn_c_check_decl "$LINENO" "SECCOMP_SET_MODE_FILTER" "ac_cv_have_decl_SECCOMP_SET_MODE_FILTER" " + ac_fn_check_decl "$LINENO" "SECCOMP_SET_MODE_FILTER" "ac_cv_have_decl_SECCOMP_SET_MODE_FILTER" " #include #include #include #include #include -" -if test "x$ac_cv_have_decl_SECCOMP_SET_MODE_FILTER" = xyes; then : +" "$ac_c_undeclared_builtin_options" "CFLAGS" +if test "x$ac_cv_have_decl_SECCOMP_SET_MODE_FILTER" = xyes +then : ac_have_decl=1 -else +else $as_nop ac_have_decl=0 fi - -cat >>confdefs.h <<_ACEOF -#define HAVE_DECL_SECCOMP_SET_MODE_FILTER $ac_have_decl -_ACEOF +printf "%s\n" "#define HAVE_DECL_SECCOMP_SET_MODE_FILTER $ac_have_decl" >>confdefs.h # We call getrandom via syscall(3) in case it is not in libc - for ac_header in linux/random.h -do : - ac_fn_c_check_header_mongrel "$LINENO" "linux/random.h" "ac_cv_header_linux_random_h" "$ac_includes_default" -if test "x$ac_cv_header_linux_random_h" = xyes; then : - cat >>confdefs.h <<_ACEOF -#define HAVE_LINUX_RANDOM_H 1 -_ACEOF + ac_fn_c_check_header_compile "$LINENO" "linux/random.h" "ac_cv_header_linux_random_h" "$ac_includes_default" +if test "x$ac_cv_header_linux_random_h" = xyes +then : + printf "%s\n" "#define HAVE_LINUX_RANDOM_H 1" >>confdefs.h fi -done + # The glibc getentropy() emulation may fail on older kernels. + # We use our own getentropy() by default on Linux. + : ${ac_cv_func_getentropy='no'} ;; *-*-gnu*) # lockf() is broken on the Hurd ac_cv_func_lockf=no ;; - *-*-riscos*) - LIBS="${LIBS} -lsun -lbsd" - -if ${CPPFLAGS+:} false; then : - - case " $CPPFLAGS " in #( - *" -I/usr/include "*) : - { { $as_echo "$as_me:${as_lineno-$LINENO}: : CPPFLAGS already contains -I/usr/include"; } >&5 - (: CPPFLAGS already contains -I/usr/include) 2>&5 - ac_status=$? - $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 - test $ac_status = 0; } ;; #( - *) : - - as_fn_append CPPFLAGS " -I/usr/include" - { { $as_echo "$as_me:${as_lineno-$LINENO}: : CPPFLAGS=\"\$CPPFLAGS\""; } >&5 - (: CPPFLAGS="$CPPFLAGS") 2>&5 - ac_status=$? - $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 - test $ac_status = 0; } - ;; -esac - -else - - CPPFLAGS=-I/usr/include - { { $as_echo "$as_me:${as_lineno-$LINENO}: : CPPFLAGS=\"\$CPPFLAGS\""; } >&5 - (: CPPFLAGS="$CPPFLAGS") 2>&5 - ac_status=$? - $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 - test $ac_status = 0; } - -fi - - -if ${CPPFLAGS+:} false; then : - - case " $CPPFLAGS " in #( - *" -I/usr/include/bsd "*) : - { { $as_echo "$as_me:${as_lineno-$LINENO}: : CPPFLAGS already contains -I/usr/include/bsd"; } >&5 - (: CPPFLAGS already contains -I/usr/include/bsd) 2>&5 - ac_status=$? - $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 - test $ac_status = 0; } ;; #( - *) : - - as_fn_append CPPFLAGS " -I/usr/include/bsd" - { { $as_echo "$as_me:${as_lineno-$LINENO}: : CPPFLAGS=\"\$CPPFLAGS\""; } >&5 - (: CPPFLAGS="$CPPFLAGS") 2>&5 - ac_status=$? - $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 - test $ac_status = 0; } - ;; -esac - -else - - CPPFLAGS=-I/usr/include/bsd - { { $as_echo "$as_me:${as_lineno-$LINENO}: : CPPFLAGS=\"\$CPPFLAGS\""; } >&5 - (: CPPFLAGS="$CPPFLAGS") 2>&5 - ac_status=$? - $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 - test $ac_status = 0; } - -fi - - -if ${CPPFLAGS+:} false; then : - - case " $CPPFLAGS " in #( - *" -D_MIPS "*) : - { { $as_echo "$as_me:${as_lineno-$LINENO}: : CPPFLAGS already contains -D_MIPS"; } >&5 - (: CPPFLAGS already contains -D_MIPS) 2>&5 - ac_status=$? - $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 - test $ac_status = 0; } ;; #( - *) : - - as_fn_append CPPFLAGS " -D_MIPS" - { { $as_echo "$as_me:${as_lineno-$LINENO}: : CPPFLAGS=\"\$CPPFLAGS\""; } >&5 - (: CPPFLAGS="$CPPFLAGS") 2>&5 - ac_status=$? - $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 - test $ac_status = 0; } - ;; -esac - -else - - CPPFLAGS=-D_MIPS - { { $as_echo "$as_me:${as_lineno-$LINENO}: : CPPFLAGS=\"\$CPPFLAGS\""; } >&5 - (: CPPFLAGS="$CPPFLAGS") 2>&5 - ac_status=$? - $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 - test $ac_status = 0; } - -fi - - : ${mansectsu='1m'} - : ${mansectform='4'} - ;; - *-*-isc*) - -if ${CPPFLAGS+:} false; then : - - case " $CPPFLAGS " in #( - *" -D_ISC "*) : - { { $as_echo "$as_me:${as_lineno-$LINENO}: : CPPFLAGS already contains -D_ISC"; } >&5 - (: CPPFLAGS already contains -D_ISC) 2>&5 - ac_status=$? - $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 - test $ac_status = 0; } ;; #( - *) : - - as_fn_append CPPFLAGS " -D_ISC" - { { $as_echo "$as_me:${as_lineno-$LINENO}: : CPPFLAGS=\"\$CPPFLAGS\""; } >&5 - (: CPPFLAGS="$CPPFLAGS") 2>&5 - ac_status=$? - $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 - test $ac_status = 0; } - ;; -esac - -else - - CPPFLAGS=-D_ISC - { { $as_echo "$as_me:${as_lineno-$LINENO}: : CPPFLAGS=\"\$CPPFLAGS\""; } >&5 - (: CPPFLAGS="$CPPFLAGS") 2>&5 - ac_status=$? - $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 - test $ac_status = 0; } - -fi - - ac_cv_search_crypt="-lcrypt" - - shadow_funcs="getspnam" - shadow_libs="-lsec" - - : ${mansectsu='1m'} - : ${mansectform='4'} - ;; *-*-sco*|*-sco-*) shadow_funcs="getprpwnam" shadow_libs="-lprot -lx" @@ -15966,11 +17703,12 @@ : ${mansectform='4'} ;; *-ncr-sysv4*|*-ncr-sysvr4*) - { $as_echo "$as_me:${as_lineno-$LINENO}: checking for strcasecmp in -lc89" >&5 -$as_echo_n "checking for strcasecmp in -lc89... " >&6; } -if ${ac_cv_lib_c89_strcasecmp+:} false; then : - $as_echo_n "(cached) " >&6 -else + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for strcasecmp in -lc89" >&5 +printf %s "checking for strcasecmp in -lc89... " >&6; } +if test ${ac_cv_lib_c89_strcasecmp+y} +then : + printf %s "(cached) " >&6 +else $as_nop ac_check_lib_save_LIBS=$LIBS LIBS="-lc89 $LIBS" cat confdefs.h - <<_ACEOF >conftest.$ac_ext @@ -15979,30 +17717,29 @@ /* Override any GCC internal prototype to avoid an error. Use char because int might match the return type of a GCC builtin and then its argument prototype would still apply. */ -#ifdef __cplusplus -extern "C" -#endif char strcasecmp (); int -main () +main (void) { return strcasecmp (); ; return 0; } _ACEOF -if ac_fn_c_try_link "$LINENO"; then : +if ac_fn_c_try_link "$LINENO" +then : ac_cv_lib_c89_strcasecmp=yes -else +else $as_nop ac_cv_lib_c89_strcasecmp=no fi -rm -f core conftest.err conftest.$ac_objext \ +rm -f core conftest.err conftest.$ac_objext conftest.beam \ conftest$ac_exeext conftest.$ac_ext LIBS=$ac_check_lib_save_LIBS fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_c89_strcasecmp" >&5 -$as_echo "$ac_cv_lib_c89_strcasecmp" >&6; } -if test "x$ac_cv_lib_c89_strcasecmp" = xyes; then : +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_c89_strcasecmp" >&5 +printf "%s\n" "$ac_cv_lib_c89_strcasecmp" >&6; } +if test "x$ac_cv_lib_c89_strcasecmp" = xyes +then : LIBS="${LIBS} -lc89" fi @@ -16018,21 +17755,21 @@ SKIP_SETREUID=yes # Check for newer BSD auth API if test -z "$with_bsdauth"; then - for ac_func in auth_challenge + + for ac_func in auth_challenge do : ac_fn_c_check_func "$LINENO" "auth_challenge" "ac_cv_func_auth_challenge" -if test "x$ac_cv_func_auth_challenge" = xyes; then : - cat >>confdefs.h <<_ACEOF -#define HAVE_AUTH_CHALLENGE 1 -_ACEOF +if test "x$ac_cv_func_auth_challenge" = xyes +then : + printf "%s\n" "#define HAVE_AUTH_CHALLENGE 1" >>confdefs.h AUTH_EXCL_DEF="BSD_AUTH" fi -done +done fi ;; *-*-freebsd*) - $as_echo "#define _BSD_SOURCE 1" >>confdefs.h + printf "%s\n" "#define _BSD_SOURCE 1" >>confdefs.h # FreeBSD has a real setreuid(2) starting with 2.1 and @@ -16055,7 +17792,7 @@ fi ;; *-*-*openbsd*) - $as_echo "#define _BSD_SOURCE 1" >>confdefs.h + printf "%s\n" "#define _BSD_SOURCE 1" >>confdefs.h # OpenBSD-specific initialization @@ -16094,7 +17831,7 @@ : ${with_logincap='maybe'} # For reallocarray() - $as_echo "#define _OPENBSD_SOURCE 1" >>confdefs.h + printf "%s\n" "#define _OPENBSD_SOURCE 1" >>confdefs.h # Examples go in share/examples/sudo @@ -16103,7 +17840,7 @@ fi ;; *-*-dragonfly*) - $as_echo "#define _BSD_SOURCE 1" >>confdefs.h + printf "%s\n" "#define _BSD_SOURCE 1" >>confdefs.h if test "${with_skey-'no'}" = "yes"; then @@ -16137,7 +17874,7 @@ : ${enable_poll='no'} # Darwin 8 and above can interpose library symbols cleanly if test $OSMAJOR -ge 8; then - $as_echo "#define HAVE___INTERPOSE 1" >>confdefs.h + printf "%s\n" "#define HAVE___INTERPOSE 1" >>confdefs.h dlyld_interpose=yes else @@ -16145,53 +17882,66 @@ fi RTLD_PRELOAD_VAR="DYLD_INSERT_LIBRARIES" + # Build sudo_noexec.so as a shared library, not a module. + # On Darwin, modules and shared libraries are incompatible. + PRELOAD_MODULE= + # Mach monotonic timer that runs while sleeping - for ac_func in mach_continuous_time -do : - ac_fn_c_check_func "$LINENO" "mach_continuous_time" "ac_cv_func_mach_continuous_time" -if test "x$ac_cv_func_mach_continuous_time" = xyes; then : - cat >>confdefs.h <<_ACEOF -#define HAVE_MACH_CONTINUOUS_TIME 1 -_ACEOF + ac_fn_c_check_func "$LINENO" "mach_continuous_time" "ac_cv_func_mach_continuous_time" +if test "x$ac_cv_func_mach_continuous_time" = xyes +then : + printf "%s\n" "#define HAVE_MACH_CONTINUOUS_TIME 1" >>confdefs.h fi -done # Undocumented API that dynamically allocates the groups. - for ac_func in getgrouplist_2 + + for ac_func in getgrouplist_2 do : ac_fn_c_check_func "$LINENO" "getgrouplist_2" "ac_cv_func_getgrouplist_2" -if test "x$ac_cv_func_getgrouplist_2" = xyes; then : - cat >>confdefs.h <<_ACEOF -#define HAVE_GETGROUPLIST_2 1 -_ACEOF - ac_fn_c_check_decl "$LINENO" "getgrouplist_2" "ac_cv_have_decl_getgrouplist_2" "$ac_includes_default" -if test "x$ac_cv_have_decl_getgrouplist_2" = xyes; then : +if test "x$ac_cv_func_getgrouplist_2" = xyes +then : + printf "%s\n" "#define HAVE_GETGROUPLIST_2 1" >>confdefs.h + ac_fn_check_decl "$LINENO" "getgrouplist_2" "ac_cv_have_decl_getgrouplist_2" "$ac_includes_default" "$ac_c_undeclared_builtin_options" "CFLAGS" +if test "x$ac_cv_have_decl_getgrouplist_2" = xyes +then : ac_have_decl=1 -else +else $as_nop ac_have_decl=0 fi - -cat >>confdefs.h <<_ACEOF -#define HAVE_DECL_GETGROUPLIST_2 $ac_have_decl -_ACEOF +printf "%s\n" "#define HAVE_DECL_GETGROUPLIST_2 $ac_have_decl" >>confdefs.h fi + done + # We use proc_pidinfo() to emulate closefrom() on macOS. + for ac_header in libproc.h +do : + ac_fn_c_check_header_compile "$LINENO" "libproc.h" "ac_cv_header_libproc_h" "$ac_includes_default" +if test "x$ac_cv_header_libproc_h" = xyes +then : + printf "%s\n" "#define HAVE_LIBPROC_H 1" >>confdefs.h + ac_fn_c_check_func "$LINENO" "proc_pidinfo" "ac_cv_func_proc_pidinfo" +if test "x$ac_cv_func_proc_pidinfo" = xyes +then : + printf "%s\n" "#define HAVE_PROC_PIDINFO 1" >>confdefs.h + +fi - # macOS >= 10.6 getgroups(2) can support more than > 16 groups - $as_echo "#define _DARWIN_UNLIMITED_GETGROUPS 1" >>confdefs.h +fi +done # We need to force a flat namespace to make libc # symbol hooking work like it does on ELF. - { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether the linker accepts -Wl,-force_flat_namespace" >&5 -$as_echo_n "checking whether the linker accepts -Wl,-force_flat_namespace... " >&6; } -if ${ax_cv_check_ldflags___Wl__force_flat_namespace+:} false; then : - $as_echo_n "(cached) " >&6 -else + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking whether the linker accepts -Wl,-force_flat_namespace" >&5 +printf %s "checking whether the linker accepts -Wl,-force_flat_namespace... " >&6; } +if test ${ax_cv_check_ldflags___Wl__force_flat_namespace+y} +then : + printf %s "(cached) " >&6 +else $as_nop ax_check_save_flags=$LDFLAGS LDFLAGS="$LDFLAGS -Wl,-force_flat_namespace" @@ -16199,58 +17949,61 @@ /* end confdefs.h. */ int -main () +main (void) { ; return 0; } _ACEOF -if ac_fn_c_try_link "$LINENO"; then : +if ac_fn_c_try_link "$LINENO" +then : ax_cv_check_ldflags___Wl__force_flat_namespace=yes -else +else $as_nop ax_cv_check_ldflags___Wl__force_flat_namespace=no fi -rm -f core conftest.err conftest.$ac_objext \ +rm -f core conftest.err conftest.$ac_objext conftest.beam \ conftest$ac_exeext conftest.$ac_ext LDFLAGS=$ax_check_save_flags fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ax_cv_check_ldflags___Wl__force_flat_namespace" >&5 -$as_echo "$ax_cv_check_ldflags___Wl__force_flat_namespace" >&6; } -if test x"$ax_cv_check_ldflags___Wl__force_flat_namespace" = xyes; then : +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ax_cv_check_ldflags___Wl__force_flat_namespace" >&5 +printf "%s\n" "$ax_cv_check_ldflags___Wl__force_flat_namespace" >&6; } +if test x"$ax_cv_check_ldflags___Wl__force_flat_namespace" = xyes +then : -if ${SUDO_LDFLAGS+:} false; then : +if test ${SUDO_LDFLAGS+y} +then : case " $SUDO_LDFLAGS " in #( *" -Wl,-force_flat_namespace "*) : - { { $as_echo "$as_me:${as_lineno-$LINENO}: : SUDO_LDFLAGS already contains -Wl,-force_flat_namespace"; } >&5 + { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: : SUDO_LDFLAGS already contains -Wl,-force_flat_namespace"; } >&5 (: SUDO_LDFLAGS already contains -Wl,-force_flat_namespace) 2>&5 ac_status=$? - $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 test $ac_status = 0; } ;; #( *) : as_fn_append SUDO_LDFLAGS " -Wl,-force_flat_namespace" - { { $as_echo "$as_me:${as_lineno-$LINENO}: : SUDO_LDFLAGS=\"\$SUDO_LDFLAGS\""; } >&5 + { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: : SUDO_LDFLAGS=\"\$SUDO_LDFLAGS\""; } >&5 (: SUDO_LDFLAGS="$SUDO_LDFLAGS") 2>&5 ac_status=$? - $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 test $ac_status = 0; } ;; esac -else +else $as_nop SUDO_LDFLAGS=-Wl,-force_flat_namespace - { { $as_echo "$as_me:${as_lineno-$LINENO}: : SUDO_LDFLAGS=\"\$SUDO_LDFLAGS\""; } >&5 + { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: : SUDO_LDFLAGS=\"\$SUDO_LDFLAGS\""; } >&5 (: SUDO_LDFLAGS="$SUDO_LDFLAGS") 2>&5 ac_status=$? - $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 test $ac_status = 0; } fi -else +else $as_nop : fi @@ -16327,13 +18080,19 @@ EOF fi -if test X"$with_noexec" != X"no"; then +if test X"$enable_intercept" = X"no"; then + intercept_file=disabled +fi +if test X"$with_noexec" = X"no"; then + noexec_file=disabled +fi +if test X"${intercept_file} ${noexec_file}" != X"disabled disabled"; then cat >>confdefs.h <>confdefs.h <&5 + { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: : LDFLAGS already contains -L\$i"; } >&5 (: LDFLAGS already contains -L$i) 2>&5 ac_status=$? - $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 test $ac_status = 0; } ;; #( *) : as_fn_append LDFLAGS " -L$i" - { { $as_echo "$as_me:${as_lineno-$LINENO}: : LDFLAGS=\"\$LDFLAGS\""; } >&5 + { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: : LDFLAGS=\"\$LDFLAGS\""; } >&5 (: LDFLAGS="$LDFLAGS") 2>&5 ac_status=$? - $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 test $ac_status = 0; } ;; esac -else +else $as_nop LDFLAGS=-L$i - { { $as_echo "$as_me:${as_lineno-$LINENO}: : LDFLAGS=\"\$LDFLAGS\""; } >&5 + { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: : LDFLAGS=\"\$LDFLAGS\""; } >&5 (: LDFLAGS="$LDFLAGS") 2>&5 ac_status=$? - $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 test $ac_status = 0; } fi if test X"$enable_rpath" = X"yes"; then -if ${LDFLAGS_R+:} false; then : +if test ${LDFLAGS_R+y} +then : case " $LDFLAGS_R " in #( *" -R$i "*) : - { { $as_echo "$as_me:${as_lineno-$LINENO}: : LDFLAGS_R already contains -R\$i"; } >&5 + { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: : LDFLAGS_R already contains -R\$i"; } >&5 (: LDFLAGS_R already contains -R$i) 2>&5 ac_status=$? - $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 test $ac_status = 0; } ;; #( *) : as_fn_append LDFLAGS_R " -R$i" - { { $as_echo "$as_me:${as_lineno-$LINENO}: : LDFLAGS_R=\"\$LDFLAGS_R\""; } >&5 + { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: : LDFLAGS_R=\"\$LDFLAGS_R\""; } >&5 (: LDFLAGS_R="$LDFLAGS_R") 2>&5 ac_status=$? - $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 test $ac_status = 0; } ;; esac -else +else $as_nop LDFLAGS_R=-R$i - { { $as_echo "$as_me:${as_lineno-$LINENO}: : LDFLAGS_R=\"\$LDFLAGS_R\""; } >&5 + { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: : LDFLAGS_R=\"\$LDFLAGS_R\""; } >&5 (: LDFLAGS_R="$LDFLAGS_R") 2>&5 ac_status=$? - $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 test $ac_status = 0; } fi @@ -16448,308 +18209,17 @@ done fi - case $ac_cv_prog_cc_stdc in #( - no) : - ac_cv_prog_cc_c99=no; ac_cv_prog_cc_c89=no ;; #( - *) : - { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $CC option to accept ISO C99" >&5 -$as_echo_n "checking for $CC option to accept ISO C99... " >&6; } -if ${ac_cv_prog_cc_c99+:} false; then : - $as_echo_n "(cached) " >&6 -else - ac_cv_prog_cc_c99=no -ac_save_CC=$CC -cat confdefs.h - <<_ACEOF >conftest.$ac_ext -/* end confdefs.h. */ -#include -#include -#include -#include -#include - -// Check varargs macros. These examples are taken from C99 6.10.3.5. -#define debug(...) fprintf (stderr, __VA_ARGS__) -#define showlist(...) puts (#__VA_ARGS__) -#define report(test,...) ((test) ? puts (#test) : printf (__VA_ARGS__)) -static void -test_varargs_macros (void) -{ - int x = 1234; - int y = 5678; - debug ("Flag"); - debug ("X = %d\n", x); - showlist (The first, second, and third items.); - report (x>y, "x is %d but y is %d", x, y); -} - -// Check long long types. -#define BIG64 18446744073709551615ull -#define BIG32 4294967295ul -#define BIG_OK (BIG64 / BIG32 == 4294967297ull && BIG64 % BIG32 == 0) -#if !BIG_OK - your preprocessor is broken; -#endif -#if BIG_OK -#else - your preprocessor is broken; -#endif -static long long int bignum = -9223372036854775807LL; -static unsigned long long int ubignum = BIG64; - -struct incomplete_array -{ - int datasize; - double data[]; -}; - -struct named_init { - int number; - const wchar_t *name; - double average; -}; - -typedef const char *ccp; - -static inline int -test_restrict (ccp restrict text) -{ - // See if C++-style comments work. - // Iterate through items via the restricted pointer. - // Also check for declarations in for loops. - for (unsigned int i = 0; *(text+i) != '\0'; ++i) - continue; - return 0; -} - -// Check varargs and va_copy. -static void -test_varargs (const char *format, ...) -{ - va_list args; - va_start (args, format); - va_list args_copy; - va_copy (args_copy, args); - - const char *str; - int number; - float fnumber; - - while (*format) - { - switch (*format++) - { - case 's': // string - str = va_arg (args_copy, const char *); - break; - case 'd': // int - number = va_arg (args_copy, int); - break; - case 'f': // float - fnumber = va_arg (args_copy, double); - break; - default: - break; - } - } - va_end (args_copy); - va_end (args); -} - -int -main () -{ - - // Check bool. - _Bool success = false; - - // Check restrict. - if (test_restrict ("String literal") == 0) - success = true; - char *restrict newvar = "Another string"; - - // Check varargs. - test_varargs ("s, d' f .", "string", 65, 34.234); - test_varargs_macros (); - - // Check flexible array members. - struct incomplete_array *ia = - malloc (sizeof (struct incomplete_array) + (sizeof (double) * 10)); - ia->datasize = 10; - for (int i = 0; i < ia->datasize; ++i) - ia->data[i] = i * 1.234; - - // Check named initializers. - struct named_init ni = { - .number = 34, - .name = L"Test wide string", - .average = 543.34343, - }; - - ni.number = 58; - - int dynamic_array[ni.number]; - dynamic_array[ni.number - 1] = 543; - - // work around unused variable warnings - return (!success || bignum == 0LL || ubignum == 0uLL || newvar[0] == 'x' - || dynamic_array[ni.number - 1] != 543); - - ; - return 0; -} -_ACEOF -for ac_arg in '' -std=gnu99 -std=c99 -c99 -AC99 -D_STDC_C99= -qlanglvl=extc99 -do - CC="$ac_save_CC $ac_arg" - if ac_fn_c_try_compile "$LINENO"; then : - ac_cv_prog_cc_c99=$ac_arg -fi -rm -f core conftest.err conftest.$ac_objext - test "x$ac_cv_prog_cc_c99" != "xno" && break -done -rm -f conftest.$ac_ext -CC=$ac_save_CC - -fi -# AC_CACHE_VAL -case "x$ac_cv_prog_cc_c99" in - x) - { $as_echo "$as_me:${as_lineno-$LINENO}: result: none needed" >&5 -$as_echo "none needed" >&6; } ;; - xno) - { $as_echo "$as_me:${as_lineno-$LINENO}: result: unsupported" >&5 -$as_echo "unsupported" >&6; } ;; - *) - CC="$CC $ac_cv_prog_cc_c99" - { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_prog_cc_c99" >&5 -$as_echo "$ac_cv_prog_cc_c99" >&6; } ;; -esac -if test "x$ac_cv_prog_cc_c99" != xno; then : - ac_cv_prog_cc_stdc=$ac_cv_prog_cc_c99 -else - { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $CC option to accept ISO C89" >&5 -$as_echo_n "checking for $CC option to accept ISO C89... " >&6; } -if ${ac_cv_prog_cc_c89+:} false; then : - $as_echo_n "(cached) " >&6 -else - ac_cv_prog_cc_c89=no -ac_save_CC=$CC -cat confdefs.h - <<_ACEOF >conftest.$ac_ext -/* end confdefs.h. */ -#include -#include -struct stat; -/* Most of the following tests are stolen from RCS 5.7's src/conf.sh. */ -struct buf { int x; }; -FILE * (*rcsopen) (struct buf *, struct stat *, int); -static char *e (p, i) - char **p; - int i; -{ - return p[i]; -} -static char *f (char * (*g) (char **, int), char **p, ...) -{ - char *s; - va_list v; - va_start (v,p); - s = g (p, va_arg (v,int)); - va_end (v); - return s; -} - -/* OSF 4.0 Compaq cc is some sort of almost-ANSI by default. It has - function prototypes and stuff, but not '\xHH' hex character constants. - These don't provoke an error unfortunately, instead are silently treated - as 'x'. The following induces an error, until -std is added to get - proper ANSI mode. Curiously '\x00'!='x' always comes out true, for an - array size at least. It's necessary to write '\x00'==0 to get something - that's true only with -std. */ -int osf4_cc_array ['\x00' == 0 ? 1 : -1]; - -/* IBM C 6 for AIX is almost-ANSI by default, but it replaces macro parameters - inside strings and character constants. */ -#define FOO(x) 'x' -int xlc6_cc_array[FOO(a) == 'x' ? 1 : -1]; - -int test (int i, double x); -struct s1 {int (*f) (int a);}; -struct s2 {int (*f) (double a);}; -int pairnames (int, char **, FILE *(*)(struct buf *, struct stat *, int), int, int); -int argc; -char **argv; -int -main () -{ -return f (e, argv, 0) != argv[0] || f (e, argv, 1) != argv[1]; - ; - return 0; -} -_ACEOF -for ac_arg in '' -qlanglvl=extc89 -qlanglvl=ansi -std \ - -Ae "-Aa -D_HPUX_SOURCE" "-Xc -D__EXTENSIONS__" -do - CC="$ac_save_CC $ac_arg" - if ac_fn_c_try_compile "$LINENO"; then : - ac_cv_prog_cc_c89=$ac_arg -fi -rm -f core conftest.err conftest.$ac_objext - test "x$ac_cv_prog_cc_c89" != "xno" && break -done -rm -f conftest.$ac_ext -CC=$ac_save_CC - -fi -# AC_CACHE_VAL -case "x$ac_cv_prog_cc_c89" in - x) - { $as_echo "$as_me:${as_lineno-$LINENO}: result: none needed" >&5 -$as_echo "none needed" >&6; } ;; - xno) - { $as_echo "$as_me:${as_lineno-$LINENO}: result: unsupported" >&5 -$as_echo "unsupported" >&6; } ;; - *) - CC="$CC $ac_cv_prog_cc_c89" - { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_prog_cc_c89" >&5 -$as_echo "$ac_cv_prog_cc_c89" >&6; } ;; -esac -if test "x$ac_cv_prog_cc_c89" != xno; then : - ac_cv_prog_cc_stdc=$ac_cv_prog_cc_c89 -else - ac_cv_prog_cc_stdc=no -fi - -fi - ;; -esac - { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $CC option to accept ISO Standard C" >&5 -$as_echo_n "checking for $CC option to accept ISO Standard C... " >&6; } - if ${ac_cv_prog_cc_stdc+:} false; then : - $as_echo_n "(cached) " >&6 -fi - - case $ac_cv_prog_cc_stdc in #( - no) : - { $as_echo "$as_me:${as_lineno-$LINENO}: result: unsupported" >&5 -$as_echo "unsupported" >&6; } ;; #( - '') : - { $as_echo "$as_me:${as_lineno-$LINENO}: result: none needed" >&5 -$as_echo "none needed" >&6; } ;; #( - *) : - { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_prog_cc_stdc" >&5 -$as_echo "$ac_cv_prog_cc_stdc" >&6; } ;; -esac - -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for an ANSI C-conforming const" >&5 -$as_echo_n "checking for an ANSI C-conforming const... " >&6; } -if ${ac_cv_c_const+:} false; then : - $as_echo_n "(cached) " >&6 -else +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for an ANSI C-conforming const" >&5 +printf %s "checking for an ANSI C-conforming const... " >&6; } +if test ${ac_cv_c_const+y} +then : + printf %s "(cached) " >&6 +else $as_nop cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ int -main () +main (void) { #ifndef __cplusplus @@ -16762,7 +18232,7 @@ /* NEC SVR4.0.2 mips cc rejects this. */ struct point {int x, y;}; static struct point const zero = {0,0}; - /* AIX XL C 1.02.0.0 rejects this. + /* IBM XL C 1.02.0.0 rejects this. It does not let you subtract one const X* pointer from another in an arm of an if-expression whose if-part is not a constant expression */ @@ -16790,7 +18260,7 @@ iptr p = 0; ++p; } - { /* AIX XL C 1.02.0.0 rejects this sort of thing, saying + { /* IBM XL C 1.02.0.0 rejects this sort of thing, saying "k.c", line 2.27: 1506-025 (S) Operand must be a modifiable lvalue. */ struct s { int j; const int *ap[3]; } bx; struct s *b = &bx; b->j = 5; @@ -16806,47 +18276,50 @@ return 0; } _ACEOF -if ac_fn_c_try_compile "$LINENO"; then : +if ac_fn_c_try_compile "$LINENO" +then : ac_cv_c_const=yes -else +else $as_nop ac_cv_c_const=no fi -rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext +rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_c_const" >&5 -$as_echo "$ac_cv_c_const" >&6; } +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_c_const" >&5 +printf "%s\n" "$ac_cv_c_const" >&6; } if test $ac_cv_c_const = no; then -$as_echo "#define const /**/" >>confdefs.h +printf "%s\n" "#define const /**/" >>confdefs.h fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for inline" >&5 -$as_echo_n "checking for inline... " >&6; } -if ${ac_cv_c_inline+:} false; then : - $as_echo_n "(cached) " >&6 -else +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for inline" >&5 +printf %s "checking for inline... " >&6; } +if test ${ac_cv_c_inline+y} +then : + printf %s "(cached) " >&6 +else $as_nop ac_cv_c_inline=no for ac_kw in inline __inline__ __inline; do cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ #ifndef __cplusplus typedef int foo_t; -static $ac_kw foo_t static_foo () {return 0; } -$ac_kw foo_t foo () {return 0; } +static $ac_kw foo_t static_foo (void) {return 0; } +$ac_kw foo_t foo (void) {return 0; } #endif _ACEOF -if ac_fn_c_try_compile "$LINENO"; then : +if ac_fn_c_try_compile "$LINENO" +then : ac_cv_c_inline=$ac_kw fi -rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext +rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext test "$ac_cv_c_inline" != no && break done fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_c_inline" >&5 -$as_echo "$ac_cv_c_inline" >&6; } +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_c_inline" >&5 +printf "%s\n" "$ac_cv_c_inline" >&6; } case $ac_cv_c_inline in inline | yes) ;; @@ -16863,16 +18336,17 @@ ;; esac -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for working volatile" >&5 -$as_echo_n "checking for working volatile... " >&6; } -if ${ac_cv_c_volatile+:} false; then : - $as_echo_n "(cached) " >&6 -else +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for working volatile" >&5 +printf %s "checking for working volatile... " >&6; } +if test ${ac_cv_c_volatile+y} +then : + printf %s "(cached) " >&6 +else $as_nop cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ int -main () +main (void) { volatile int x; @@ -16882,23 +18356,24 @@ return 0; } _ACEOF -if ac_fn_c_try_compile "$LINENO"; then : +if ac_fn_c_try_compile "$LINENO" +then : ac_cv_c_volatile=yes -else +else $as_nop ac_cv_c_volatile=no fi -rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext +rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_c_volatile" >&5 -$as_echo "$ac_cv_c_volatile" >&6; } +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_c_volatile" >&5 +printf "%s\n" "$ac_cv_c_volatile" >&6; } if test $ac_cv_c_volatile = no; then -$as_echo "#define volatile /**/" >>confdefs.h +printf "%s\n" "#define volatile /**/" >>confdefs.h fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for variadic macro support in cpp" >&5 -$as_echo_n "checking for variadic macro support in cpp... " >&6; } +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for variadic macro support in cpp" >&5 +printf %s "checking for variadic macro support in cpp... " >&6; } cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ @@ -16910,24 +18385,25 @@ #endif int -main () +main (void) { sudo_fprintf(stderr, "a %s", "test"); ; return 0; } _ACEOF -if ac_fn_c_try_compile "$LINENO"; then : - { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 -$as_echo "yes" >&6; } -else - { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 -$as_echo "no" >&6; } +if ac_fn_c_try_compile "$LINENO" +then : + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: yes" >&5 +printf "%s\n" "yes" >&6; } +else $as_nop + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5 +printf "%s\n" "no" >&6; } -$as_echo "#define NO_VARIADIC_MACROS 1" >>confdefs.h +printf "%s\n" "#define NO_VARIADIC_MACROS 1" >>confdefs.h - { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: Your C preprocessor doesn't support variadic macros, debugging support will be limited" >&5 -$as_echo "$as_me: WARNING: Your C preprocessor doesn't support variadic macros, debugging support will be limited" >&2;} + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: WARNING: your C preprocessor doesn't support variadic macros, debugging support will be limited" >&5 +printf "%s\n" "$as_me: WARNING: your C preprocessor doesn't support variadic macros, debugging support will be limited" >&2;} for _sym in sudo_debug_printf_nvm_v1; do COMPAT_EXP="${COMPAT_EXP}${_sym} @@ -16936,17 +18412,18 @@ fi -rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext +rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext for ac_prog in gawk mawk nawk awk do # Extract the first word of "$ac_prog", so it can be a program name with args. set dummy $ac_prog; ac_word=$2 -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 -$as_echo_n "checking for $ac_word... " >&6; } -if ${ac_cv_prog_AWK+:} false; then : - $as_echo_n "(cached) " >&6 -else +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 +printf %s "checking for $ac_word... " >&6; } +if test ${ac_cv_prog_AWK+y} +then : + printf %s "(cached) " >&6 +else $as_nop if test -n "$AWK"; then ac_cv_prog_AWK="$AWK" # Let the user override the test. else @@ -16954,11 +18431,15 @@ for as_dir in $PATH do IFS=$as_save_IFS - test -z "$as_dir" && as_dir=. + case $as_dir in #((( + '') as_dir=./ ;; + */) ;; + *) as_dir=$as_dir/ ;; + esac for ac_exec_ext in '' $ac_executable_extensions; do - if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then + if as_fn_executable_p "$as_dir$ac_word$ac_exec_ext"; then ac_cv_prog_AWK="$ac_prog" - $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 + printf "%s\n" "$as_me:${as_lineno-$LINENO}: found $as_dir$ac_word$ac_exec_ext" >&5 break 2 fi done @@ -16969,11 +18450,11 @@ fi AWK=$ac_cv_prog_AWK if test -n "$AWK"; then - { $as_echo "$as_me:${as_lineno-$LINENO}: result: $AWK" >&5 -$as_echo "$AWK" >&6; } + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $AWK" >&5 +printf "%s\n" "$AWK" >&6; } else - { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 -$as_echo "no" >&6; } + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5 +printf "%s\n" "no" >&6; } fi @@ -16984,11 +18465,12 @@ do # Extract the first word of "$ac_prog", so it can be a program name with args. set dummy $ac_prog; ac_word=$2 -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 -$as_echo_n "checking for $ac_word... " >&6; } -if ${ac_cv_prog_YACC+:} false; then : - $as_echo_n "(cached) " >&6 -else +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 +printf %s "checking for $ac_word... " >&6; } +if test ${ac_cv_prog_YACC+y} +then : + printf %s "(cached) " >&6 +else $as_nop if test -n "$YACC"; then ac_cv_prog_YACC="$YACC" # Let the user override the test. else @@ -16996,11 +18478,15 @@ for as_dir in $PATH do IFS=$as_save_IFS - test -z "$as_dir" && as_dir=. + case $as_dir in #((( + '') as_dir=./ ;; + */) ;; + *) as_dir=$as_dir/ ;; + esac for ac_exec_ext in '' $ac_executable_extensions; do - if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then + if as_fn_executable_p "$as_dir$ac_word$ac_exec_ext"; then ac_cv_prog_YACC="$ac_prog" - $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 + printf "%s\n" "$as_me:${as_lineno-$LINENO}: found $as_dir$ac_word$ac_exec_ext" >&5 break 2 fi done @@ -17011,11 +18497,11 @@ fi YACC=$ac_cv_prog_YACC if test -n "$YACC"; then - { $as_echo "$as_me:${as_lineno-$LINENO}: result: $YACC" >&5 -$as_echo "$YACC" >&6; } + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $YACC" >&5 +printf "%s\n" "$YACC" >&6; } else - { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 -$as_echo "no" >&6; } + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5 +printf "%s\n" "no" >&6; } fi @@ -17025,11 +18511,12 @@ # Extract the first word of "flex", so it can be a program name with args. set dummy flex; ac_word=$2 -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 -$as_echo_n "checking for $ac_word... " >&6; } -if ${ac_cv_path_FLEX+:} false; then : - $as_echo_n "(cached) " >&6 -else +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 +printf %s "checking for $ac_word... " >&6; } +if test ${ac_cv_path_FLEX+y} +then : + printf %s "(cached) " >&6 +else $as_nop case $FLEX in [\\/]* | ?:[\\/]*) ac_cv_path_FLEX="$FLEX" # Let the user override the test with a path. @@ -17039,11 +18526,15 @@ for as_dir in $PATH do IFS=$as_save_IFS - test -z "$as_dir" && as_dir=. + case $as_dir in #((( + '') as_dir=./ ;; + */) ;; + *) as_dir=$as_dir/ ;; + esac for ac_exec_ext in '' $ac_executable_extensions; do - if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then - ac_cv_path_FLEX="$as_dir/$ac_word$ac_exec_ext" - $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 + if as_fn_executable_p "$as_dir$ac_word$ac_exec_ext"; then + ac_cv_path_FLEX="$as_dir$ac_word$ac_exec_ext" + printf "%s\n" "$as_me:${as_lineno-$LINENO}: found $as_dir$ac_word$ac_exec_ext" >&5 break 2 fi done @@ -17056,22 +18547,23 @@ fi FLEX=$ac_cv_path_FLEX if test -n "$FLEX"; then - { $as_echo "$as_me:${as_lineno-$LINENO}: result: $FLEX" >&5 -$as_echo "$FLEX" >&6; } + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $FLEX" >&5 +printf "%s\n" "$FLEX" >&6; } else - { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 -$as_echo "no" >&6; } + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5 +printf "%s\n" "no" >&6; } fi # Extract the first word of "mv", so it can be a program name with args. set dummy mv; ac_word=$2 -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 -$as_echo_n "checking for $ac_word... " >&6; } -if ${ac_cv_path_MVPROG+:} false; then : - $as_echo_n "(cached) " >&6 -else +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 +printf %s "checking for $ac_word... " >&6; } +if test ${ac_cv_path_MVPROG+y} +then : + printf %s "(cached) " >&6 +else $as_nop case $MVPROG in [\\/]* | ?:[\\/]*) ac_cv_path_MVPROG="$MVPROG" # Let the user override the test with a path. @@ -17081,11 +18573,15 @@ for as_dir in /usr/bin$PATH_SEPARATOR/bin$PATH_SEPARATOR/usr/ucb$PATH_SEPARATOR/usr/local/bin do IFS=$as_save_IFS - test -z "$as_dir" && as_dir=. + case $as_dir in #((( + '') as_dir=./ ;; + */) ;; + *) as_dir=$as_dir/ ;; + esac for ac_exec_ext in '' $ac_executable_extensions; do - if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then - ac_cv_path_MVPROG="$as_dir/$ac_word$ac_exec_ext" - $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 + if as_fn_executable_p "$as_dir$ac_word$ac_exec_ext"; then + ac_cv_path_MVPROG="$as_dir$ac_word$ac_exec_ext" + printf "%s\n" "$as_me:${as_lineno-$LINENO}: found $as_dir$ac_word$ac_exec_ext" >&5 break 2 fi done @@ -17097,11 +18593,11 @@ fi MVPROG=$ac_cv_path_MVPROG if test -n "$MVPROG"; then - { $as_echo "$as_me:${as_lineno-$LINENO}: result: $MVPROG" >&5 -$as_echo "$MVPROG" >&6; } + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $MVPROG" >&5 +printf "%s\n" "$MVPROG" >&6; } else - { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 -$as_echo "no" >&6; } + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5 +printf "%s\n" "no" >&6; } fi @@ -17113,11 +18609,12 @@ # Extract the first word of "sh", so it can be a program name with args. set dummy sh; ac_word=$2 -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 -$as_echo_n "checking for $ac_word... " >&6; } -if ${ac_cv_path_BSHELLPROG+:} false; then : - $as_echo_n "(cached) " >&6 -else +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 +printf %s "checking for $ac_word... " >&6; } +if test ${ac_cv_path_BSHELLPROG+y} +then : + printf %s "(cached) " >&6 +else $as_nop case $BSHELLPROG in [\\/]* | ?:[\\/]*) ac_cv_path_BSHELLPROG="$BSHELLPROG" # Let the user override the test with a path. @@ -17127,11 +18624,15 @@ for as_dir in $PATH do IFS=$as_save_IFS - test -z "$as_dir" && as_dir=. + case $as_dir in #((( + '') as_dir=./ ;; + */) ;; + *) as_dir=$as_dir/ ;; + esac for ac_exec_ext in '' $ac_executable_extensions; do - if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then - ac_cv_path_BSHELLPROG="$as_dir/$ac_word$ac_exec_ext" - $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 + if as_fn_executable_p "$as_dir$ac_word$ac_exec_ext"; then + ac_cv_path_BSHELLPROG="$as_dir$ac_word$ac_exec_ext" + printf "%s\n" "$as_me:${as_lineno-$LINENO}: found $as_dir$ac_word$ac_exec_ext" >&5 break 2 fi done @@ -17144,11 +18645,11 @@ fi BSHELLPROG=$ac_cv_path_BSHELLPROG if test -n "$BSHELLPROG"; then - { $as_echo "$as_me:${as_lineno-$LINENO}: result: $BSHELLPROG" >&5 -$as_echo "$BSHELLPROG" >&6; } + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $BSHELLPROG" >&5 +printf "%s\n" "$BSHELLPROG" >&6; } else - { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 -$as_echo "no" >&6; } + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5 +printf "%s\n" "no" >&6; } fi @@ -17161,11 +18662,12 @@ # Extract the first word of "sendmail", so it can be a program name with args. set dummy sendmail; ac_word=$2 -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 -$as_echo_n "checking for $ac_word... " >&6; } -if ${ac_cv_path_SENDMAILPROG+:} false; then : - $as_echo_n "(cached) " >&6 -else +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 +printf %s "checking for $ac_word... " >&6; } +if test ${ac_cv_path_SENDMAILPROG+y} +then : + printf %s "(cached) " >&6 +else $as_nop case $SENDMAILPROG in [\\/]* | ?:[\\/]*) ac_cv_path_SENDMAILPROG="$SENDMAILPROG" # Let the user override the test with a path. @@ -17175,11 +18677,15 @@ for as_dir in /usr/sbin$PATH_SEPARATOR/usr/lib$PATH_SEPARATOR/usr/etc$PATH_SEPARATOR/usr/ucblib$PATH_SEPARATOR/usr/local/lib$PATH_SEPARATOR/usr/local/bin do IFS=$as_save_IFS - test -z "$as_dir" && as_dir=. + case $as_dir in #((( + '') as_dir=./ ;; + */) ;; + *) as_dir=$as_dir/ ;; + esac for ac_exec_ext in '' $ac_executable_extensions; do - if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then - ac_cv_path_SENDMAILPROG="$as_dir/$ac_word$ac_exec_ext" - $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 + if as_fn_executable_p "$as_dir$ac_word$ac_exec_ext"; then + ac_cv_path_SENDMAILPROG="$as_dir$ac_word$ac_exec_ext" + printf "%s\n" "$as_me:${as_lineno-$LINENO}: found $as_dir$ac_word$ac_exec_ext" >&5 break 2 fi done @@ -17191,11 +18697,11 @@ fi SENDMAILPROG=$ac_cv_path_SENDMAILPROG if test -n "$SENDMAILPROG"; then - { $as_echo "$as_me:${as_lineno-$LINENO}: result: $SENDMAILPROG" >&5 -$as_echo "$SENDMAILPROG" >&6; } + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $SENDMAILPROG" >&5 +printf "%s\n" "$SENDMAILPROG" >&6; } else - { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 -$as_echo "no" >&6; } + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5 +printf "%s\n" "no" >&6; } fi @@ -17204,15 +18710,17 @@ EOF + with_sendmail="$ac_cv_path_SENDMAILPROG" fi # Extract the first word of "vi", so it can be a program name with args. set dummy vi; ac_word=$2 -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 -$as_echo_n "checking for $ac_word... " >&6; } -if ${ac_cv_path_VIPROG+:} false; then : - $as_echo_n "(cached) " >&6 -else +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 +printf %s "checking for $ac_word... " >&6; } +if test ${ac_cv_path_VIPROG+y} +then : + printf %s "(cached) " >&6 +else $as_nop case $VIPROG in [\\/]* | ?:[\\/]*) ac_cv_path_VIPROG="$VIPROG" # Let the user override the test with a path. @@ -17222,11 +18730,15 @@ for as_dir in /usr/bin$PATH_SEPARATOR/bin$PATH_SEPARATOR/usr/ucb$PATH_SEPARATOR/usr/bsd$PATH_SEPARATOR/usr/local/bin do IFS=$as_save_IFS - test -z "$as_dir" && as_dir=. + case $as_dir in #((( + '') as_dir=./ ;; + */) ;; + *) as_dir=$as_dir/ ;; + esac for ac_exec_ext in '' $ac_executable_extensions; do - if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then - ac_cv_path_VIPROG="$as_dir/$ac_word$ac_exec_ext" - $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 + if as_fn_executable_p "$as_dir$ac_word$ac_exec_ext"; then + ac_cv_path_VIPROG="$as_dir$ac_word$ac_exec_ext" + printf "%s\n" "$as_me:${as_lineno-$LINENO}: found $as_dir$ac_word$ac_exec_ext" >&5 break 2 fi done @@ -17238,11 +18750,11 @@ fi VIPROG=$ac_cv_path_VIPROG if test -n "$VIPROG"; then - { $as_echo "$as_me:${as_lineno-$LINENO}: result: $VIPROG" >&5 -$as_echo "$VIPROG" >&6; } + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $VIPROG" >&5 +printf "%s\n" "$VIPROG" >&6; } else - { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 -$as_echo "no" >&6; } + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5 +printf "%s\n" "no" >&6; } fi @@ -17251,47 +18763,36 @@ EOF -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking which syslog facility sudo should log with" >&5 -$as_echo_n "checking which syslog facility sudo should log with... " >&6; } +if test -z "$with_editor"; then + editor="$ac_cv_path_VIPROG" +fi if test X"$with_logfac" = X""; then - cat confdefs.h - <<_ACEOF >conftest.$ac_ext -/* end confdefs.h. */ -#include -int -main () -{ -int i = LOG_AUTHPRIV; (void)i; - ; - return 0; -} -_ACEOF -if ac_fn_c_try_compile "$LINENO"; then : + ac_fn_check_decl "$LINENO" "LOG_AUTHPRIV" "ac_cv_have_decl_LOG_AUTHPRIV" "#include +" "$ac_c_undeclared_builtin_options" "CFLAGS" +if test "x$ac_cv_have_decl_LOG_AUTHPRIV" = xyes +then : logfac=authpriv fi -rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext fi -cat >>confdefs.h <<_ACEOF -#define LOGFAC "$logfac" -_ACEOF +printf "%s\n" "#define LOGFAC \"$logfac\"" >>confdefs.h -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $logfac" >&5 -$as_echo "$logfac" >&6; } ac_header_dirent=no for ac_hdr in dirent.h sys/ndir.h sys/dir.h ndir.h; do - as_ac_Header=`$as_echo "ac_cv_header_dirent_$ac_hdr" | $as_tr_sh` -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_hdr that defines DIR" >&5 -$as_echo_n "checking for $ac_hdr that defines DIR... " >&6; } -if eval \${$as_ac_Header+:} false; then : - $as_echo_n "(cached) " >&6 -else + as_ac_Header=`printf "%s\n" "ac_cv_header_dirent_$ac_hdr" | $as_tr_sh` +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_hdr that defines DIR" >&5 +printf %s "checking for $ac_hdr that defines DIR... " >&6; } +if eval test \${$as_ac_Header+y} +then : + printf %s "(cached) " >&6 +else $as_nop cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ #include #include <$ac_hdr> int -main () +main (void) { if ((DIR *) 0) return 0; @@ -17299,19 +18800,21 @@ return 0; } _ACEOF -if ac_fn_c_try_compile "$LINENO"; then : +if ac_fn_c_try_compile "$LINENO" +then : eval "$as_ac_Header=yes" -else +else $as_nop eval "$as_ac_Header=no" fi -rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext +rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext fi eval ac_res=\$$as_ac_Header - { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_res" >&5 -$as_echo "$ac_res" >&6; } -if eval test \"x\$"$as_ac_Header"\" = x"yes"; then : + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_res" >&5 +printf "%s\n" "$ac_res" >&6; } +if eval test \"x\$"$as_ac_Header"\" = x"yes" +then : cat >>confdefs.h <<_ACEOF -#define `$as_echo "HAVE_$ac_hdr" | $as_tr_cpp` 1 +#define `printf "%s\n" "HAVE_$ac_hdr" | $as_tr_cpp` 1 _ACEOF ac_header_dirent=$ac_hdr; break @@ -17320,11 +18823,12 @@ done # Two versions of opendir et al. are in -ldir and -lx on SCO Xenix. if test $ac_header_dirent = dirent.h; then - { $as_echo "$as_me:${as_lineno-$LINENO}: checking for library containing opendir" >&5 -$as_echo_n "checking for library containing opendir... " >&6; } -if ${ac_cv_search_opendir+:} false; then : - $as_echo_n "(cached) " >&6 -else + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for library containing opendir" >&5 +printf %s "checking for library containing opendir... " >&6; } +if test ${ac_cv_search_opendir+y} +then : + printf %s "(cached) " >&6 +else $as_nop ac_func_search_save_LIBS=$LIBS cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ @@ -17332,56 +18836,59 @@ /* Override any GCC internal prototype to avoid an error. Use char because int might match the return type of a GCC builtin and then its argument prototype would still apply. */ -#ifdef __cplusplus -extern "C" -#endif char opendir (); int -main () +main (void) { return opendir (); ; return 0; } _ACEOF -for ac_lib in '' dir; do +for ac_lib in '' dir +do if test -z "$ac_lib"; then ac_res="none required" else ac_res=-l$ac_lib LIBS="-l$ac_lib $ac_func_search_save_LIBS" fi - if ac_fn_c_try_link "$LINENO"; then : + if ac_fn_c_try_link "$LINENO" +then : ac_cv_search_opendir=$ac_res fi -rm -f core conftest.err conftest.$ac_objext \ +rm -f core conftest.err conftest.$ac_objext conftest.beam \ conftest$ac_exeext - if ${ac_cv_search_opendir+:} false; then : + if test ${ac_cv_search_opendir+y} +then : break fi done -if ${ac_cv_search_opendir+:} false; then : +if test ${ac_cv_search_opendir+y} +then : -else +else $as_nop ac_cv_search_opendir=no fi rm conftest.$ac_ext LIBS=$ac_func_search_save_LIBS fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_search_opendir" >&5 -$as_echo "$ac_cv_search_opendir" >&6; } +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_search_opendir" >&5 +printf "%s\n" "$ac_cv_search_opendir" >&6; } ac_res=$ac_cv_search_opendir -if test "$ac_res" != no; then : +if test "$ac_res" != no +then : test "$ac_res" = "none required" || LIBS="$ac_res $LIBS" fi else - { $as_echo "$as_me:${as_lineno-$LINENO}: checking for library containing opendir" >&5 -$as_echo_n "checking for library containing opendir... " >&6; } -if ${ac_cv_search_opendir+:} false; then : - $as_echo_n "(cached) " >&6 -else + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for library containing opendir" >&5 +printf %s "checking for library containing opendir... " >&6; } +if test ${ac_cv_search_opendir+y} +then : + printf %s "(cached) " >&6 +else $as_nop ac_func_search_save_LIBS=$LIBS cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ @@ -17389,182 +18896,214 @@ /* Override any GCC internal prototype to avoid an error. Use char because int might match the return type of a GCC builtin and then its argument prototype would still apply. */ -#ifdef __cplusplus -extern "C" -#endif char opendir (); int -main () +main (void) { return opendir (); ; return 0; } _ACEOF -for ac_lib in '' x; do +for ac_lib in '' x +do if test -z "$ac_lib"; then ac_res="none required" else ac_res=-l$ac_lib LIBS="-l$ac_lib $ac_func_search_save_LIBS" fi - if ac_fn_c_try_link "$LINENO"; then : + if ac_fn_c_try_link "$LINENO" +then : ac_cv_search_opendir=$ac_res fi -rm -f core conftest.err conftest.$ac_objext \ +rm -f core conftest.err conftest.$ac_objext conftest.beam \ conftest$ac_exeext - if ${ac_cv_search_opendir+:} false; then : + if test ${ac_cv_search_opendir+y} +then : break fi done -if ${ac_cv_search_opendir+:} false; then : +if test ${ac_cv_search_opendir+y} +then : -else +else $as_nop ac_cv_search_opendir=no fi rm conftest.$ac_ext LIBS=$ac_func_search_save_LIBS fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_search_opendir" >&5 -$as_echo "$ac_cv_search_opendir" >&6; } +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_search_opendir" >&5 +printf "%s\n" "$ac_cv_search_opendir" >&6; } ac_res=$ac_cv_search_opendir -if test "$ac_res" != no; then : +if test "$ac_res" != no +then : test "$ac_res" = "none required" || LIBS="$ac_res $LIBS" fi fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for stdbool.h that conforms to C99" >&5 -$as_echo_n "checking for stdbool.h that conforms to C99... " >&6; } -if ${ac_cv_header_stdbool_h+:} false; then : - $as_echo_n "(cached) " >&6 -else +ac_fn_c_check_type "$LINENO" "_Bool" "ac_cv_type__Bool" "$ac_includes_default" +if test "x$ac_cv_type__Bool" = xyes +then : + +printf "%s\n" "#define HAVE__BOOL 1" >>confdefs.h + + +fi + + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for stdbool.h that conforms to C99" >&5 +printf %s "checking for stdbool.h that conforms to C99... " >&6; } +if test ${ac_cv_header_stdbool_h+y} +then : + printf %s "(cached) " >&6 +else $as_nop cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ +#include - #include - #ifndef bool - "error: bool is not defined" - #endif - #ifndef false - "error: false is not defined" - #endif - #if false - "error: false is not 0" + #ifndef __bool_true_false_are_defined + #error "__bool_true_false_are_defined is not defined" #endif - #ifndef true - "error: true is not defined" + char a[__bool_true_false_are_defined == 1 ? 1 : -1]; + + /* Regardless of whether this is C++ or "_Bool" is a + valid type name, "true" and "false" should be usable + in #if expressions and integer constant expressions, + and "bool" should be a valid type name. */ + + #if !true + #error "'true' is not true" #endif #if true != 1 - "error: true is not 1" + #error "'true' is not equal to 1" #endif - #ifndef __bool_true_false_are_defined - "error: __bool_true_false_are_defined is not defined" + char b[true == 1 ? 1 : -1]; + char c[true]; + + #if false + #error "'false' is not false" #endif + #if false != 0 + #error "'false' is not equal to 0" + #endif + char d[false == 0 ? 1 : -1]; + + enum { e = false, f = true, g = false * true, h = true * 256 }; + + char i[(bool) 0.5 == true ? 1 : -1]; + char j[(bool) 0.0 == false ? 1 : -1]; + char k[sizeof (bool) > 0 ? 1 : -1]; - struct s { _Bool s: 1; _Bool t; } s; + struct sb { bool s: 1; bool t; } s; + char l[sizeof s.t > 0 ? 1 : -1]; - char a[true == 1 ? 1 : -1]; - char b[false == 0 ? 1 : -1]; - char c[__bool_true_false_are_defined == 1 ? 1 : -1]; - char d[(bool) 0.5 == true ? 1 : -1]; - /* See body of main program for 'e'. */ - char f[(_Bool) 0.0 == false ? 1 : -1]; - char g[true]; - char h[sizeof (_Bool)]; - char i[sizeof s.t]; - enum { j = false, k = true, l = false * true, m = true * 256 }; /* The following fails for HP aC++/ANSI C B3910B A.05.55 [Dec 04 2003]. */ - _Bool n[m]; - char o[sizeof n == m * sizeof n[0] ? 1 : -1]; - char p[-1 - (_Bool) 0 < 0 && -1 - (bool) 0 < 0 ? 1 : -1]; + bool m[h]; + char n[sizeof m == h * sizeof m[0] ? 1 : -1]; + char o[-1 - (bool) 0 < 0 ? 1 : -1]; /* Catch a bug in an HP-UX C compiler. See - http://gcc.gnu.org/ml/gcc-patches/2003-12/msg02303.html - http://lists.gnu.org/archive/html/bug-coreutils/2005-11/msg00161.html + https://gcc.gnu.org/ml/gcc-patches/2003-12/msg02303.html + https://lists.gnu.org/archive/html/bug-coreutils/2005-11/msg00161.html */ - _Bool q = true; - _Bool *pq = &q; + bool p = true; + bool *pp = &p; + + /* C 1999 specifies that bool, true, and false are to be + macros, but C++ 2011 and later overrule this. */ + #if __cplusplus < 201103 + #ifndef bool + #error "bool is not defined" + #endif + #ifndef false + #error "false is not defined" + #endif + #ifndef true + #error "true is not defined" + #endif + #endif + + /* If _Bool is available, repeat with it all the tests + above that used bool. */ + #ifdef HAVE__BOOL + struct sB { _Bool s: 1; _Bool t; } t; + + char q[(_Bool) 0.5 == true ? 1 : -1]; + char r[(_Bool) 0.0 == false ? 1 : -1]; + char u[sizeof (_Bool) > 0 ? 1 : -1]; + char v[sizeof t.t > 0 ? 1 : -1]; + + _Bool w[h]; + char x[sizeof m == h * sizeof m[0] ? 1 : -1]; + char y[-1 - (_Bool) 0 < 0 ? 1 : -1]; + _Bool z = true; + _Bool *pz = &p; + #endif int -main () +main (void) { - bool e = &s; - *pq |= q; - *pq |= ! q; - /* Refer to every declared value, to avoid compiler optimizations. */ - return (!a + !b + !c + !d + !e + !f + !g + !h + !i + !!j + !k + !!l - + !m + !n + !o + !p + !q + !pq); + bool ps = &s; + *pp |= p; + *pp |= ! p; + + #ifdef HAVE__BOOL + _Bool pt = &t; + *pz |= z; + *pz |= ! z; + #endif + + /* Refer to every declared value, so they cannot be + discarded as unused. */ + return (!a + !b + !c + !d + !e + !f + !g + !h + !i + !j + !k + + !l + !m + !n + !o + !p + !pp + !ps + #ifdef HAVE__BOOL + + !q + !r + !u + !v + !w + !x + !y + !z + !pt + #endif + ); ; return 0; } _ACEOF -if ac_fn_c_try_compile "$LINENO"; then : +if ac_fn_c_try_compile "$LINENO" +then : ac_cv_header_stdbool_h=yes -else +else $as_nop ac_cv_header_stdbool_h=no fi -rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext -fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_header_stdbool_h" >&5 -$as_echo "$ac_cv_header_stdbool_h" >&6; } - ac_fn_c_check_type "$LINENO" "_Bool" "ac_cv_type__Bool" "$ac_includes_default" -if test "x$ac_cv_type__Bool" = xyes; then : - -cat >>confdefs.h <<_ACEOF -#define HAVE__BOOL 1 -_ACEOF - - +rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext fi - +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_header_stdbool_h" >&5 +printf "%s\n" "$ac_cv_header_stdbool_h" >&6; } if test $ac_cv_header_stdbool_h = yes; then -$as_echo "#define HAVE_STDBOOL_H 1" >>confdefs.h +printf "%s\n" "#define HAVE_STDBOOL_H 1" >>confdefs.h fi +ac_fn_c_check_header_compile "$LINENO" "sys/mkdev.h" "ac_cv_header_sys_mkdev_h" "$ac_includes_default" +if test "x$ac_cv_header_sys_mkdev_h" = xyes +then : - - for ac_header in $ac_header_list -do : - as_ac_Header=`$as_echo "ac_cv_header_$ac_header" | $as_tr_sh` -ac_fn_c_check_header_compile "$LINENO" "$ac_header" "$as_ac_Header" "$ac_includes_default -" -if eval test \"x\$"$as_ac_Header"\" = x"yes"; then : - cat >>confdefs.h <<_ACEOF -#define `$as_echo "HAVE_$ac_header" | $as_tr_cpp` 1 -_ACEOF - -fi - -done - - - - -ac_fn_c_check_header_mongrel "$LINENO" "sys/mkdev.h" "ac_cv_header_sys_mkdev_h" "$ac_includes_default" -if test "x$ac_cv_header_sys_mkdev_h" = xyes; then : - -$as_echo "#define MAJOR_IN_MKDEV 1" >>confdefs.h +printf "%s\n" "#define MAJOR_IN_MKDEV 1" >>confdefs.h fi - if test $ac_cv_header_sys_mkdev_h = no; then - ac_fn_c_check_header_mongrel "$LINENO" "sys/sysmacros.h" "ac_cv_header_sys_sysmacros_h" "$ac_includes_default" -if test "x$ac_cv_header_sys_sysmacros_h" = xyes; then : + ac_fn_c_check_header_compile "$LINENO" "sys/sysmacros.h" "ac_cv_header_sys_sysmacros_h" "$ac_includes_default" +if test "x$ac_cv_header_sys_sysmacros_h" = xyes +then : -$as_echo "#define MAJOR_IN_SYSMACROS 1" >>confdefs.h +printf "%s\n" "#define MAJOR_IN_SYSMACROS 1" >>confdefs.h fi - fi @@ -17579,50 +19118,40 @@ - - - - - - - - - - - -for ac_header in utmps.h utmpx.h + for ac_header in utmps.h utmpx.h do : - as_ac_Header=`$as_echo "ac_cv_header_$ac_header" | $as_tr_sh` -ac_fn_c_check_header_mongrel "$LINENO" "$ac_header" "$as_ac_Header" "$ac_includes_default" -if eval test \"x\$"$as_ac_Header"\" = x"yes"; then : + as_ac_Header=`printf "%s\n" "ac_cv_header_$ac_header" | $as_tr_sh` +ac_fn_c_check_header_compile "$LINENO" "$ac_header" "$as_ac_Header" "$ac_includes_default" +if eval test \"x\$"$as_ac_Header"\" = x"yes" +then : cat >>confdefs.h <<_ACEOF -#define `$as_echo "HAVE_$ac_header" | $as_tr_cpp` 1 +#define `printf "%s\n" "HAVE_$ac_header" | $as_tr_cpp` 1 _ACEOF break fi done - -for ac_header in endian.h sys/endian.h machine/endian.h + for ac_header in endian.h sys/endian.h machine/endian.h do : - as_ac_Header=`$as_echo "ac_cv_header_$ac_header" | $as_tr_sh` -ac_fn_c_check_header_mongrel "$LINENO" "$ac_header" "$as_ac_Header" "$ac_includes_default" -if eval test \"x\$"$as_ac_Header"\" = x"yes"; then : + as_ac_Header=`printf "%s\n" "ac_cv_header_$ac_header" | $as_tr_sh` +ac_fn_c_check_header_compile "$LINENO" "$ac_header" "$as_ac_Header" "$ac_includes_default" +if eval test \"x\$"$as_ac_Header"\" = x"yes" +then : cat >>confdefs.h <<_ACEOF -#define `$as_echo "HAVE_$ac_header" | $as_tr_cpp` 1 +#define `printf "%s\n" "HAVE_$ac_header" | $as_tr_cpp` 1 _ACEOF break fi done - -for ac_header in procfs.h sys/procfs.h + for ac_header in procfs.h sys/procfs.h do : - as_ac_Header=`$as_echo "ac_cv_header_$ac_header" | $as_tr_sh` -ac_fn_c_check_header_mongrel "$LINENO" "$ac_header" "$as_ac_Header" "$ac_includes_default" -if eval test \"x\$"$as_ac_Header"\" = x"yes"; then : + as_ac_Header=`printf "%s\n" "ac_cv_header_$ac_header" | $as_tr_sh` +ac_fn_c_check_header_compile "$LINENO" "$ac_header" "$as_ac_Header" "$ac_includes_default" +if eval test \"x\$"$as_ac_Header"\" = x"yes" +then : cat >>confdefs.h <<_ACEOF -#define `$as_echo "HAVE_$ac_header" | $as_tr_cpp` 1 +#define `printf "%s\n" "HAVE_$ac_header" | $as_tr_cpp` 1 _ACEOF ac_fn_c_check_member "$LINENO" "struct psinfo" "pr_ttydev" "ac_cv_member_struct_psinfo_pr_ttydev" "$ac_includes_default #ifdef HAVE_PROCFS_H @@ -17633,22 +19162,17 @@ #endif " -if test "x$ac_cv_member_struct_psinfo_pr_ttydev" = xyes; then : +if test "x$ac_cv_member_struct_psinfo_pr_ttydev" = xyes +then : -cat >>confdefs.h <<_ACEOF -#define HAVE_STRUCT_PSINFO_PR_TTYDEV 1 -_ACEOF +printf "%s\n" "#define HAVE_STRUCT_PSINFO_PR_TTYDEV 1" >>confdefs.h -for ac_func in _ttyname_dev -do : - ac_fn_c_check_func "$LINENO" "_ttyname_dev" "ac_cv_func__ttyname_dev" -if test "x$ac_cv_func__ttyname_dev" = xyes; then : - cat >>confdefs.h <<_ACEOF -#define HAVE__TTYNAME_DEV 1 -_ACEOF +ac_fn_c_check_func "$LINENO" "_ttyname_dev" "ac_cv_func__ttyname_dev" +if test "x$ac_cv_func__ttyname_dev" = xyes +then : + printf "%s\n" "#define HAVE__TTYNAME_DEV 1" >>confdefs.h fi -done fi @@ -17656,22 +19180,23 @@ fi done - # # Check for large file support. # # Check whether --enable-largefile was given. -if test "${enable_largefile+set}" = set; then : +if test ${enable_largefile+y} +then : enableval=$enable_largefile; fi if test "$enable_largefile" != no; then - { $as_echo "$as_me:${as_lineno-$LINENO}: checking for special C compiler options needed for large files" >&5 -$as_echo_n "checking for special C compiler options needed for large files... " >&6; } -if ${ac_cv_sys_largefile_CC+:} false; then : - $as_echo_n "(cached) " >&6 -else + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for special C compiler options needed for large files" >&5 +printf %s "checking for special C compiler options needed for large files... " >&6; } +if test ${ac_cv_sys_largefile_CC+y} +then : + printf %s "(cached) " >&6 +else $as_nop ac_cv_sys_largefile_CC=no if test "$GCC" != yes; then ac_save_CC=$CC @@ -17685,44 +19210,47 @@ We can't simply define LARGE_OFF_T to be 9223372036854775807, since some C++ compilers masquerading as C compilers incorrectly reject 9223372036854775807. */ -#define LARGE_OFF_T (((off_t) 1 << 62) - 1 + ((off_t) 1 << 62)) +#define LARGE_OFF_T (((off_t) 1 << 31 << 31) - 1 + ((off_t) 1 << 31 << 31)) int off_t_is_large[(LARGE_OFF_T % 2147483629 == 721 && LARGE_OFF_T % 2147483647 == 1) ? 1 : -1]; int -main () +main (void) { ; return 0; } _ACEOF - if ac_fn_c_try_compile "$LINENO"; then : + if ac_fn_c_try_compile "$LINENO" +then : break fi -rm -f core conftest.err conftest.$ac_objext +rm -f core conftest.err conftest.$ac_objext conftest.beam CC="$CC -n32" - if ac_fn_c_try_compile "$LINENO"; then : + if ac_fn_c_try_compile "$LINENO" +then : ac_cv_sys_largefile_CC=' -n32'; break fi -rm -f core conftest.err conftest.$ac_objext +rm -f core conftest.err conftest.$ac_objext conftest.beam break done CC=$ac_save_CC rm -f conftest.$ac_ext fi fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_sys_largefile_CC" >&5 -$as_echo "$ac_cv_sys_largefile_CC" >&6; } +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_sys_largefile_CC" >&5 +printf "%s\n" "$ac_cv_sys_largefile_CC" >&6; } if test "$ac_cv_sys_largefile_CC" != no; then CC=$CC$ac_cv_sys_largefile_CC fi - { $as_echo "$as_me:${as_lineno-$LINENO}: checking for _FILE_OFFSET_BITS value needed for large files" >&5 -$as_echo_n "checking for _FILE_OFFSET_BITS value needed for large files... " >&6; } -if ${ac_cv_sys_file_offset_bits+:} false; then : - $as_echo_n "(cached) " >&6 -else + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for _FILE_OFFSET_BITS value needed for large files" >&5 +printf %s "checking for _FILE_OFFSET_BITS value needed for large files... " >&6; } +if test ${ac_cv_sys_file_offset_bits+y} +then : + printf %s "(cached) " >&6 +else $as_nop while :; do cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ @@ -17731,22 +19259,23 @@ We can't simply define LARGE_OFF_T to be 9223372036854775807, since some C++ compilers masquerading as C compilers incorrectly reject 9223372036854775807. */ -#define LARGE_OFF_T (((off_t) 1 << 62) - 1 + ((off_t) 1 << 62)) +#define LARGE_OFF_T (((off_t) 1 << 31 << 31) - 1 + ((off_t) 1 << 31 << 31)) int off_t_is_large[(LARGE_OFF_T % 2147483629 == 721 && LARGE_OFF_T % 2147483647 == 1) ? 1 : -1]; int -main () +main (void) { ; return 0; } _ACEOF -if ac_fn_c_try_compile "$LINENO"; then : +if ac_fn_c_try_compile "$LINENO" +then : ac_cv_sys_file_offset_bits=no; break fi -rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext +rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ #define _FILE_OFFSET_BITS 64 @@ -17755,43 +19284,43 @@ We can't simply define LARGE_OFF_T to be 9223372036854775807, since some C++ compilers masquerading as C compilers incorrectly reject 9223372036854775807. */ -#define LARGE_OFF_T (((off_t) 1 << 62) - 1 + ((off_t) 1 << 62)) +#define LARGE_OFF_T (((off_t) 1 << 31 << 31) - 1 + ((off_t) 1 << 31 << 31)) int off_t_is_large[(LARGE_OFF_T % 2147483629 == 721 && LARGE_OFF_T % 2147483647 == 1) ? 1 : -1]; int -main () +main (void) { ; return 0; } _ACEOF -if ac_fn_c_try_compile "$LINENO"; then : +if ac_fn_c_try_compile "$LINENO" +then : ac_cv_sys_file_offset_bits=64; break fi -rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext +rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext ac_cv_sys_file_offset_bits=unknown break done fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_sys_file_offset_bits" >&5 -$as_echo "$ac_cv_sys_file_offset_bits" >&6; } +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_sys_file_offset_bits" >&5 +printf "%s\n" "$ac_cv_sys_file_offset_bits" >&6; } case $ac_cv_sys_file_offset_bits in #( no | unknown) ;; *) -cat >>confdefs.h <<_ACEOF -#define _FILE_OFFSET_BITS $ac_cv_sys_file_offset_bits -_ACEOF +printf "%s\n" "#define _FILE_OFFSET_BITS $ac_cv_sys_file_offset_bits" >>confdefs.h ;; esac rm -rf conftest* if test $ac_cv_sys_file_offset_bits = unknown; then - { $as_echo "$as_me:${as_lineno-$LINENO}: checking for _LARGE_FILES value needed for large files" >&5 -$as_echo_n "checking for _LARGE_FILES value needed for large files... " >&6; } -if ${ac_cv_sys_large_files+:} false; then : - $as_echo_n "(cached) " >&6 -else + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for _LARGE_FILES value needed for large files" >&5 +printf %s "checking for _LARGE_FILES value needed for large files... " >&6; } +if test ${ac_cv_sys_large_files+y} +then : + printf %s "(cached) " >&6 +else $as_nop while :; do cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ @@ -17800,22 +19329,23 @@ We can't simply define LARGE_OFF_T to be 9223372036854775807, since some C++ compilers masquerading as C compilers incorrectly reject 9223372036854775807. */ -#define LARGE_OFF_T (((off_t) 1 << 62) - 1 + ((off_t) 1 << 62)) +#define LARGE_OFF_T (((off_t) 1 << 31 << 31) - 1 + ((off_t) 1 << 31 << 31)) int off_t_is_large[(LARGE_OFF_T % 2147483629 == 721 && LARGE_OFF_T % 2147483647 == 1) ? 1 : -1]; int -main () +main (void) { ; return 0; } _ACEOF -if ac_fn_c_try_compile "$LINENO"; then : +if ac_fn_c_try_compile "$LINENO" +then : ac_cv_sys_large_files=no; break fi -rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext +rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ #define _LARGE_FILES 1 @@ -17824,40 +19354,37 @@ We can't simply define LARGE_OFF_T to be 9223372036854775807, since some C++ compilers masquerading as C compilers incorrectly reject 9223372036854775807. */ -#define LARGE_OFF_T (((off_t) 1 << 62) - 1 + ((off_t) 1 << 62)) +#define LARGE_OFF_T (((off_t) 1 << 31 << 31) - 1 + ((off_t) 1 << 31 << 31)) int off_t_is_large[(LARGE_OFF_T % 2147483629 == 721 && LARGE_OFF_T % 2147483647 == 1) ? 1 : -1]; int -main () +main (void) { ; return 0; } _ACEOF -if ac_fn_c_try_compile "$LINENO"; then : +if ac_fn_c_try_compile "$LINENO" +then : ac_cv_sys_large_files=1; break fi -rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext +rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext ac_cv_sys_large_files=unknown break done fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_sys_large_files" >&5 -$as_echo "$ac_cv_sys_large_files" >&6; } +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_sys_large_files" >&5 +printf "%s\n" "$ac_cv_sys_large_files" >&6; } case $ac_cv_sys_large_files in #( no | unknown) ;; *) -cat >>confdefs.h <<_ACEOF -#define _LARGE_FILES $ac_cv_sys_large_files -_ACEOF +printf "%s\n" "#define _LARGE_FILES $ac_cv_sys_large_files" >>confdefs.h ;; esac rm -rf conftest* fi - - fi # @@ -17868,26 +19395,28 @@ # case "$host_os" in hpux*) - { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether sys/socket.h needs _XOPEN_SOURCE_EXTENDED for MSG_WAITALL" >&5 -$as_echo_n "checking whether sys/socket.h needs _XOPEN_SOURCE_EXTENDED for MSG_WAITALL... " >&6; } -if ${sudo_cv_xopen_source_extended+:} false; then : - $as_echo_n "(cached) " >&6 -else + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking whether sys/socket.h needs _XOPEN_SOURCE_EXTENDED for MSG_WAITALL" >&5 +printf %s "checking whether sys/socket.h needs _XOPEN_SOURCE_EXTENDED for MSG_WAITALL... " >&6; } +if test ${sudo_cv_xopen_source_extended+y} +then : + printf %s "(cached) " >&6 +else $as_nop cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ $ac_includes_default # include int -main () +main (void) { int a = MSG_WAITALL; return a; ; return 0; } _ACEOF -if ac_fn_c_try_compile "$LINENO"; then : +if ac_fn_c_try_compile "$LINENO" +then : sudo_cv_xopen_source_extended=no -else +else $as_nop cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ @@ -17896,36 +19425,38 @@ # include # include int -main () +main (void) { int a = MSG_WAITALL; return a; ; return 0; } _ACEOF -if ac_fn_c_try_compile "$LINENO"; then : +if ac_fn_c_try_compile "$LINENO" +then : sudo_cv_xopen_source_extended=yes -else +else $as_nop sudo_cv_xopen_source_extended=error fi -rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext +rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext fi -rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext +rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $sudo_cv_xopen_source_extended" >&5 -$as_echo "$sudo_cv_xopen_source_extended" >&6; } +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $sudo_cv_xopen_source_extended" >&5 +printf "%s\n" "$sudo_cv_xopen_source_extended" >&6; } if test "$sudo_cv_xopen_source_extended" = "yes"; then - $as_echo "#define _XOPEN_SOURCE_EXTENDED 1" >>confdefs.h + printf "%s\n" "#define _XOPEN_SOURCE_EXTENDED 1" >>confdefs.h fi ;; esac -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking POSIX termios" >&5 -$as_echo_n "checking POSIX termios... " >&6; } -if ${ac_cv_sys_posix_termios+:} false; then : - $as_echo_n "(cached) " >&6 -else +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking POSIX termios" >&5 +printf %s "checking POSIX termios... " >&6; } +if test ${ac_cv_sys_posix_termios+y} +then : + printf %s "(cached) " >&6 +else $as_nop cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ #include @@ -17933,7 +19464,7 @@ #include int -main () +main (void) { /* SunOS 4.0.3 has termios.h but not the library calls. */ tcgetattr(0, 0); @@ -17941,19 +19472,20 @@ return 0; } _ACEOF -if ac_fn_c_try_link "$LINENO"; then : +if ac_fn_c_try_link "$LINENO" +then : ac_cv_sys_posix_termios=yes -else +else $as_nop ac_cv_sys_posix_termios=no fi -rm -f core conftest.err conftest.$ac_objext \ +rm -f core conftest.err conftest.$ac_objext conftest.beam \ conftest$ac_exeext conftest.$ac_ext fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_sys_posix_termios" >&5 -$as_echo "$ac_cv_sys_posix_termios" >&6; } +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_sys_posix_termios" >&5 +printf "%s\n" "$ac_cv_sys_posix_termios" >&6; } if test "$ac_cv_sys_posix_termios" != "yes"; then - as_fn_error $? "Must have POSIX termios to build sudo" "$LINENO" 5 + as_fn_error $? "must have POSIX termios to build sudo" "$LINENO" 5 fi maildir=no @@ -17963,27 +19495,27 @@ $ac_includes_default #include int -main () +main (void) { char *p = _PATH_MAILDIR; ; return 0; } _ACEOF -if ac_fn_c_try_compile "$LINENO"; then : +if ac_fn_c_try_compile "$LINENO" +then : maildir=yes fi -rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext +rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext fi if test $maildir = no; then # Solaris has maillock.h which defines MAILDIR - for ac_header in maillock.h + for ac_header in maillock.h do : - ac_fn_c_check_header_mongrel "$LINENO" "maillock.h" "ac_cv_header_maillock_h" "$ac_includes_default" -if test "x$ac_cv_header_maillock_h" = xyes; then : - cat >>confdefs.h <<_ACEOF -#define HAVE_MAILLOCK_H 1 -_ACEOF + ac_fn_c_check_header_compile "$LINENO" "maillock.h" "ac_cv_header_maillock_h" "$ac_includes_default" +if test "x$ac_cv_header_maillock_h" = xyes +then : + printf "%s\n" "#define HAVE_MAILLOCK_H 1" >>confdefs.h cat >>confdefs.h <<\EOF #define _PATH_MAILDIR MAILDIR @@ -17994,7 +19526,6 @@ fi done - if test $maildir = no; then for d in /var/mail /var/spool/mail /usr/spool/mail; do if test -d "$d"; then @@ -18017,16 +19548,16 @@ fi if test ${with_logincap-'no'} != "no"; then - for ac_header in login_cap.h + for ac_header in login_cap.h do : - ac_fn_c_check_header_mongrel "$LINENO" "login_cap.h" "ac_cv_header_login_cap_h" "$ac_includes_default" -if test "x$ac_cv_header_login_cap_h" = xyes; then : - cat >>confdefs.h <<_ACEOF -#define HAVE_LOGIN_CAP_H 1 -_ACEOF + ac_fn_c_check_header_compile "$LINENO" "login_cap.h" "ac_cv_header_login_cap_h" "$ac_includes_default" +if test "x$ac_cv_header_login_cap_h" = xyes +then : + printf "%s\n" "#define HAVE_LOGIN_CAP_H 1" >>confdefs.h LOGINCAP_USAGE='[-c class] '; LCMAN=1 + with_logincap=yes case "$OS" in - freebsd|netbsd) + freebsd*|netbsd*) SUDO_LIBS="${SUDO_LIBS} -lutil" SUDOERS_LIBS="${SUDOERS_LIBS} -lutil" ;; @@ -18035,17 +19566,18 @@ fi done - fi if test ${with_project-'no'} != "no"; then - ac_fn_c_check_header_mongrel "$LINENO" "project.h" "ac_cv_header_project_h" "$ac_includes_default" -if test "x$ac_cv_header_project_h" = xyes; then : - - { $as_echo "$as_me:${as_lineno-$LINENO}: checking for setproject in -lproject" >&5 -$as_echo_n "checking for setproject in -lproject... " >&6; } -if ${ac_cv_lib_project_setproject+:} false; then : - $as_echo_n "(cached) " >&6 -else + ac_fn_c_check_header_compile "$LINENO" "project.h" "ac_cv_header_project_h" "$ac_includes_default" +if test "x$ac_cv_header_project_h" = xyes +then : + + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for setproject in -lproject" >&5 +printf %s "checking for setproject in -lproject... " >&6; } +if test ${ac_cv_lib_project_setproject+y} +then : + printf %s "(cached) " >&6 +else $as_nop ac_check_lib_save_LIBS=$LIBS LIBS="-lproject $LIBS" cat confdefs.h - <<_ACEOF >conftest.$ac_ext @@ -18054,124 +19586,130 @@ /* Override any GCC internal prototype to avoid an error. Use char because int might match the return type of a GCC builtin and then its argument prototype would still apply. */ -#ifdef __cplusplus -extern "C" -#endif char setproject (); int -main () +main (void) { return setproject (); ; return 0; } _ACEOF -if ac_fn_c_try_link "$LINENO"; then : +if ac_fn_c_try_link "$LINENO" +then : ac_cv_lib_project_setproject=yes -else +else $as_nop ac_cv_lib_project_setproject=no fi -rm -f core conftest.err conftest.$ac_objext \ +rm -f core conftest.err conftest.$ac_objext conftest.beam \ conftest$ac_exeext conftest.$ac_ext LIBS=$ac_check_lib_save_LIBS fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_project_setproject" >&5 -$as_echo "$ac_cv_lib_project_setproject" >&6; } -if test "x$ac_cv_lib_project_setproject" = xyes; then : +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_project_setproject" >&5 +printf "%s\n" "$ac_cv_lib_project_setproject" >&6; } +if test "x$ac_cv_lib_project_setproject" = xyes +then : - $as_echo "#define HAVE_PROJECT_H 1" >>confdefs.h + printf "%s\n" "#define HAVE_PROJECT_H 1" >>confdefs.h SUDO_LIBS="${SUDO_LIBS} -lproject" fi +else $as_nop + with_project=no fi - fi ac_fn_c_check_type "$LINENO" "mode_t" "ac_cv_type_mode_t" "$ac_includes_default" -if test "x$ac_cv_type_mode_t" = xyes; then : +if test "x$ac_cv_type_mode_t" = xyes +then : -else +else $as_nop -cat >>confdefs.h <<_ACEOF -#define mode_t int -_ACEOF +printf "%s\n" "#define mode_t int" >>confdefs.h fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for uid_t in sys/types.h" >&5 -$as_echo_n "checking for uid_t in sys/types.h... " >&6; } -if ${ac_cv_type_uid_t+:} false; then : - $as_echo_n "(cached) " >&6 -else + +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for uid_t in sys/types.h" >&5 +printf %s "checking for uid_t in sys/types.h... " >&6; } +if test ${ac_cv_type_uid_t+y} +then : + printf %s "(cached) " >&6 +else $as_nop cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ #include _ACEOF if (eval "$ac_cpp conftest.$ac_ext") 2>&5 | - $EGREP "uid_t" >/dev/null 2>&1; then : + $EGREP "uid_t" >/dev/null 2>&1 +then : ac_cv_type_uid_t=yes -else +else $as_nop ac_cv_type_uid_t=no fi -rm -f conftest* +rm -rf conftest* fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_type_uid_t" >&5 -$as_echo "$ac_cv_type_uid_t" >&6; } +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_type_uid_t" >&5 +printf "%s\n" "$ac_cv_type_uid_t" >&6; } if test $ac_cv_type_uid_t = no; then -$as_echo "#define uid_t int" >>confdefs.h +printf "%s\n" "#define uid_t int" >>confdefs.h -$as_echo "#define gid_t int" >>confdefs.h +printf "%s\n" "#define gid_t int" >>confdefs.h fi ac_fn_c_check_type "$LINENO" "clockid_t" "ac_cv_type_clockid_t" "#include #include " -if test "x$ac_cv_type_clockid_t" = xyes; then : +if test "x$ac_cv_type_clockid_t" = xyes +then : -else - $as_echo "#define clockid_t int" >>confdefs.h +else $as_nop + printf "%s\n" "#define clockid_t int" >>confdefs.h fi ac_fn_c_check_type "$LINENO" "sig_atomic_t" "ac_cv_type_sig_atomic_t" "#include #include " -if test "x$ac_cv_type_sig_atomic_t" = xyes; then : +if test "x$ac_cv_type_sig_atomic_t" = xyes +then : -else - $as_echo "#define sig_atomic_t int" >>confdefs.h +else $as_nop + printf "%s\n" "#define sig_atomic_t int" >>confdefs.h fi ac_fn_c_check_type "$LINENO" "struct in6_addr" "ac_cv_type_struct_in6_addr" "#include #include " -if test "x$ac_cv_type_struct_in6_addr" = xyes; then : +if test "x$ac_cv_type_struct_in6_addr" = xyes +then : -cat >>confdefs.h <<_ACEOF -#define HAVE_STRUCT_IN6_ADDR 1 -_ACEOF +printf "%s\n" "#define HAVE_STRUCT_IN6_ADDR 1" >>confdefs.h fi - { $as_echo "$as_me:${as_lineno-$LINENO}: checking for unsigned long long int" >&5 -$as_echo_n "checking for unsigned long long int... " >&6; } -if ${ac_cv_type_unsigned_long_long_int+:} false; then : - $as_echo_n "(cached) " >&6 -else + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for unsigned long long int" >&5 +printf %s "checking for unsigned long long int... " >&6; } +if test ${ac_cv_type_unsigned_long_long_int+y} +then : + printf %s "(cached) " >&6 +else $as_nop ac_cv_type_unsigned_long_long_int=yes - if test "x${ac_cv_prog_cc_c99-no}" = xno; then - cat confdefs.h - <<_ACEOF >conftest.$ac_ext + case $ac_prog_cc_stdc in + no | c89) ;; + *) + cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ /* For now, do not test the preprocessor; as of 2007 there are too many @@ -18189,7 +19727,7 @@ ? 1 : -1)]; int i = 63; int -main () +main (void) { /* Test availability of runtime routines for shift and division. */ long long int llmax = 9223372036854775807ll; @@ -18203,138 +19741,139 @@ } _ACEOF -if ac_fn_c_try_link "$LINENO"; then : +if ac_fn_c_try_link "$LINENO" +then : -else +else $as_nop ac_cv_type_unsigned_long_long_int=no fi -rm -f core conftest.err conftest.$ac_objext \ - conftest$ac_exeext conftest.$ac_ext - fi +rm -f core conftest.err conftest.$ac_objext conftest.beam \ + conftest$ac_exeext conftest.$ac_ext;; + esac fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_type_unsigned_long_long_int" >&5 -$as_echo "$ac_cv_type_unsigned_long_long_int" >&6; } +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_type_unsigned_long_long_int" >&5 +printf "%s\n" "$ac_cv_type_unsigned_long_long_int" >&6; } if test $ac_cv_type_unsigned_long_long_int = yes; then -$as_echo "#define HAVE_UNSIGNED_LONG_LONG_INT 1" >>confdefs.h +printf "%s\n" "#define HAVE_UNSIGNED_LONG_LONG_INT 1" >>confdefs.h fi - { $as_echo "$as_me:${as_lineno-$LINENO}: checking for long long int" >&5 -$as_echo_n "checking for long long int... " >&6; } -if ${ac_cv_type_long_long_int+:} false; then : - $as_echo_n "(cached) " >&6 -else + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for long long int" >&5 +printf %s "checking for long long int... " >&6; } +if test ${ac_cv_type_long_long_int+y} +then : + printf %s "(cached) " >&6 +else $as_nop ac_cv_type_long_long_int=yes - if test "x${ac_cv_prog_cc_c99-no}" = xno; then - ac_cv_type_long_long_int=$ac_cv_type_unsigned_long_long_int - if test $ac_cv_type_long_long_int = yes; then - if test "$cross_compiling" = yes; then : + case $ac_prog_cc_stdc in + no | c89) ;; + *) + ac_cv_type_long_long_int=$ac_cv_type_unsigned_long_long_int + if test $ac_cv_type_long_long_int = yes; then + if test "$cross_compiling" = yes +then : : -else +else $as_nop cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ #include - #ifndef LLONG_MAX - # define HALF \ - (1LL << (sizeof (long long int) * CHAR_BIT - 2)) - # define LLONG_MAX (HALF - 1 + HALF) - #endif + #ifndef LLONG_MAX + # define HALF \ + (1LL << (sizeof (long long int) * CHAR_BIT - 2)) + # define LLONG_MAX (HALF - 1 + HALF) + #endif int -main () +main (void) { long long int n = 1; - int i; - for (i = 0; ; i++) - { - long long int m = n << i; - if (m >> i != n) - return 1; - if (LLONG_MAX / 2 < m) - break; - } - return 0; + int i; + for (i = 0; ; i++) + { + long long int m = n << i; + if (m >> i != n) + return 1; + if (LLONG_MAX / 2 < m) + break; + } + return 0; ; return 0; } _ACEOF -if ac_fn_c_try_run "$LINENO"; then : +if ac_fn_c_try_run "$LINENO" +then : -else +else $as_nop ac_cv_type_long_long_int=no fi rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \ conftest.$ac_objext conftest.beam conftest.$ac_ext fi - fi - fi + fi;; + esac fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_type_long_long_int" >&5 -$as_echo "$ac_cv_type_long_long_int" >&6; } +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_type_long_long_int" >&5 +printf "%s\n" "$ac_cv_type_long_long_int" >&6; } if test $ac_cv_type_long_long_int = yes; then -$as_echo "#define HAVE_LONG_LONG_INT 1" >>confdefs.h +printf "%s\n" "#define HAVE_LONG_LONG_INT 1" >>confdefs.h fi if test X"$ac_cv_type_long_long_int" != X"yes"; then - as_fn_error $? "\"C compiler does not appear to support the long long int type\"" "$LINENO" 5 + as_fn_error $? "C compiler does not appear to support the long long int type" "$LINENO" 5 fi ac_fn_c_check_type "$LINENO" "intmax_t" "ac_cv_type_intmax_t" "$ac_includes_default" -if test "x$ac_cv_type_intmax_t" = xyes; then : +if test "x$ac_cv_type_intmax_t" = xyes +then : -else +else $as_nop -cat >>confdefs.h <<_ACEOF -#define intmax_t long long -_ACEOF +printf "%s\n" "#define intmax_t long long" >>confdefs.h fi ac_fn_c_check_type "$LINENO" "uintmax_t" "ac_cv_type_uintmax_t" "$ac_includes_default" -if test "x$ac_cv_type_uintmax_t" = xyes; then : +if test "x$ac_cv_type_uintmax_t" = xyes +then : -else +else $as_nop -cat >>confdefs.h <<_ACEOF -#define uintmax_t unsigned long long -_ACEOF +printf "%s\n" "#define uintmax_t unsigned long long" >>confdefs.h fi ac_fn_c_check_type "$LINENO" "uint8_t" "ac_cv_type_uint8_t" "$ac_includes_default" -if test "x$ac_cv_type_uint8_t" = xyes; then : +if test "x$ac_cv_type_uint8_t" = xyes +then : -else +else $as_nop -cat >>confdefs.h <<_ACEOF -#define uint8_t unsigned char -_ACEOF +printf "%s\n" "#define uint8_t unsigned char" >>confdefs.h fi ac_fn_c_check_type "$LINENO" "uint32_t" "ac_cv_type_uint32_t" "$ac_includes_default" -if test "x$ac_cv_type_uint32_t" = xyes; then : +if test "x$ac_cv_type_uint32_t" = xyes +then : -else +else $as_nop -cat >>confdefs.h <<_ACEOF -#define uint32_t unsigned int -_ACEOF +printf "%s\n" "#define uint32_t unsigned int" >>confdefs.h fi ac_fn_c_check_type "$LINENO" "uint64_t" "ac_cv_type_uint64_t" "$ac_includes_default" -if test "x$ac_cv_type_uint64_t" = xyes; then : +if test "x$ac_cv_type_uint64_t" = xyes +then : -else +else $as_nop -cat >>confdefs.h <<_ACEOF -#define uint64_t unsigned long long -_ACEOF +printf "%s\n" "#define uint64_t unsigned long long" >>confdefs.h fi @@ -18342,23 +19881,27 @@ $ac_includes_default #include " -if test "x$ac_cv_type_socklen_t" = xyes; then : +if test "x$ac_cv_type_socklen_t" = xyes +then : -else - $as_echo "#define socklen_t unsigned int" >>confdefs.h +else $as_nop + printf "%s\n" "#define socklen_t unsigned int" >>confdefs.h fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking max length of uid_t" >&5 -$as_echo_n "checking max length of uid_t... " >&6; } -if ${sudo_cv_uid_t_len+:} false; then : - $as_echo_n "(cached) " >&6 -else - rm -f conftestdata -if test "$cross_compiling" = yes; then : +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking max length of uid_t" >&5 +printf %s "checking max length of uid_t... " >&6; } +if test ${sudo_cv_uid_t_len+y} +then : + printf %s "(cached) " >&6 +else $as_nop + +rm -f conftestdata +if test "$cross_compiling" = yes +then : sudo_cv_uid_t_len=10 -else +else $as_nop cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ @@ -18381,9 +19924,10 @@ return(0); } _ACEOF -if ac_fn_c_try_run "$LINENO"; then : +if ac_fn_c_try_run "$LINENO" +then : sudo_cv_uid_t_len=`cat conftestdata` -else +else $as_nop sudo_cv_uid_t_len=10 fi rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \ @@ -18392,14 +19936,11 @@ fi - +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $sudo_cv_uid_t_len" >&5 +printf "%s\n" "$sudo_cv_uid_t_len" >&6; } rm -f conftestdata -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $sudo_cv_uid_t_len" >&5 -$as_echo "$sudo_cv_uid_t_len" >&6; } -cat >>confdefs.h <<_ACEOF -#define MAX_UID_T_LEN $sudo_cv_uid_t_len -_ACEOF +printf "%s\n" "#define MAX_UID_T_LEN $sudo_cv_uid_t_len" >>confdefs.h @@ -18408,9 +19949,10 @@ # include " -if test "x$ac_cv_member_struct_sockaddr_sa_len" = xyes; then : +if test "x$ac_cv_member_struct_sockaddr_sa_len" = xyes +then : -$as_echo "#define HAVE_STRUCT_SOCKADDR_SA_LEN 1" >>confdefs.h +printf "%s\n" "#define HAVE_STRUCT_SOCKADDR_SA_LEN 1" >>confdefs.h fi @@ -18421,9 +19963,10 @@ # include " -if test "x$ac_cv_member_struct_sockaddr_in_sin_len" = xyes; then : +if test "x$ac_cv_member_struct_sockaddr_in_sin_len" = xyes +then : -$as_echo "#define HAVE_STRUCT_SOCKADDR_IN_SIN_LEN 1" >>confdefs.h +printf "%s\n" "#define HAVE_STRUCT_SOCKADDR_IN_SIN_LEN 1" >>confdefs.h fi @@ -18432,17 +19975,19 @@ # version HP92453-01 B.11.11.23709.GP, which incorrectly rejects # declarations like `int a3[[(sizeof (unsigned char)) >= 0]];'. # This bug is HP SR number 8606223364. -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking size of id_t" >&5 -$as_echo_n "checking size of id_t... " >&6; } -if ${ac_cv_sizeof_id_t+:} false; then : - $as_echo_n "(cached) " >&6 -else - if ac_fn_c_compute_int "$LINENO" "(long int) (sizeof (id_t))" "ac_cv_sizeof_id_t" "$ac_includes_default"; then : +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking size of id_t" >&5 +printf %s "checking size of id_t... " >&6; } +if test ${ac_cv_sizeof_id_t+y} +then : + printf %s "(cached) " >&6 +else $as_nop + if ac_fn_c_compute_int "$LINENO" "(long int) (sizeof (id_t))" "ac_cv_sizeof_id_t" "$ac_includes_default" +then : -else +else $as_nop if test "$ac_cv_type_id_t" = yes; then - { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5 -$as_echo "$as_me: error: in \`$ac_pwd':" >&2;} + { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5 +printf "%s\n" "$as_me: error: in \`$ac_pwd':" >&2;} as_fn_error 77 "cannot compute sizeof (id_t) See \`config.log' for more details" "$LINENO" 5; } else @@ -18451,31 +19996,31 @@ fi fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_sizeof_id_t" >&5 -$as_echo "$ac_cv_sizeof_id_t" >&6; } +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_sizeof_id_t" >&5 +printf "%s\n" "$ac_cv_sizeof_id_t" >&6; } -cat >>confdefs.h <<_ACEOF -#define SIZEOF_ID_T $ac_cv_sizeof_id_t -_ACEOF +printf "%s\n" "#define SIZEOF_ID_T $ac_cv_sizeof_id_t" >>confdefs.h # The cast to long int works around a bug in the HP C Compiler # version HP92453-01 B.11.11.23709.GP, which incorrectly rejects # declarations like `int a3[[(sizeof (unsigned char)) >= 0]];'. # This bug is HP SR number 8606223364. -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking size of long long" >&5 -$as_echo_n "checking size of long long... " >&6; } -if ${ac_cv_sizeof_long_long+:} false; then : - $as_echo_n "(cached) " >&6 -else - if ac_fn_c_compute_int "$LINENO" "(long int) (sizeof (long long))" "ac_cv_sizeof_long_long" "$ac_includes_default"; then : +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking size of long long" >&5 +printf %s "checking size of long long... " >&6; } +if test ${ac_cv_sizeof_long_long+y} +then : + printf %s "(cached) " >&6 +else $as_nop + if ac_fn_c_compute_int "$LINENO" "(long int) (sizeof (long long))" "ac_cv_sizeof_long_long" "$ac_includes_default" +then : -else +else $as_nop if test "$ac_cv_type_long_long" = yes; then - { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5 -$as_echo "$as_me: error: in \`$ac_pwd':" >&2;} + { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5 +printf "%s\n" "$as_me: error: in \`$ac_pwd':" >&2;} as_fn_error 77 "cannot compute sizeof (long long) See \`config.log' for more details" "$LINENO" 5; } else @@ -18484,31 +20029,31 @@ fi fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_sizeof_long_long" >&5 -$as_echo "$ac_cv_sizeof_long_long" >&6; } +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_sizeof_long_long" >&5 +printf "%s\n" "$ac_cv_sizeof_long_long" >&6; } -cat >>confdefs.h <<_ACEOF -#define SIZEOF_LONG_LONG $ac_cv_sizeof_long_long -_ACEOF +printf "%s\n" "#define SIZEOF_LONG_LONG $ac_cv_sizeof_long_long" >>confdefs.h # The cast to long int works around a bug in the HP C Compiler # version HP92453-01 B.11.11.23709.GP, which incorrectly rejects # declarations like `int a3[[(sizeof (unsigned char)) >= 0]];'. # This bug is HP SR number 8606223364. -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking size of time_t" >&5 -$as_echo_n "checking size of time_t... " >&6; } -if ${ac_cv_sizeof_time_t+:} false; then : - $as_echo_n "(cached) " >&6 -else - if ac_fn_c_compute_int "$LINENO" "(long int) (sizeof (time_t))" "ac_cv_sizeof_time_t" "$ac_includes_default"; then : +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking size of time_t" >&5 +printf %s "checking size of time_t... " >&6; } +if test ${ac_cv_sizeof_time_t+y} +then : + printf %s "(cached) " >&6 +else $as_nop + if ac_fn_c_compute_int "$LINENO" "(long int) (sizeof (time_t))" "ac_cv_sizeof_time_t" "$ac_includes_default" +then : -else +else $as_nop if test "$ac_cv_type_time_t" = yes; then - { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5 -$as_echo "$as_me: error: in \`$ac_pwd':" >&2;} + { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5 +printf "%s\n" "$as_me: error: in \`$ac_pwd':" >&2;} as_fn_error 77 "cannot compute sizeof (time_t) See \`config.log' for more details" "$LINENO" 5; } else @@ -18517,14 +20062,12 @@ fi fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_sizeof_time_t" >&5 -$as_echo "$ac_cv_sizeof_time_t" >&6; } +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_sizeof_time_t" >&5 +printf "%s\n" "$ac_cv_sizeof_time_t" >&6; } -cat >>confdefs.h <<_ACEOF -#define SIZEOF_TIME_T $ac_cv_sizeof_time_t -_ACEOF +printf "%s\n" "#define SIZEOF_TIME_T $ac_cv_sizeof_time_t" >>confdefs.h if test $ac_cv_header_utmps_h = "yes"; then @@ -18534,10 +20077,11 @@ # include " -if test "x$ac_cv_member_struct_utmps_ut_id" = xyes; then : +if test "x$ac_cv_member_struct_utmps_ut_id" = xyes +then : -$as_echo "#define HAVE_STRUCT_UTMP_UT_ID 1" >>confdefs.h +printf "%s\n" "#define HAVE_STRUCT_UTMP_UT_ID 1" >>confdefs.h fi @@ -18547,10 +20091,11 @@ # include " -if test "x$ac_cv_member_struct_utmps_ut_pid" = xyes; then : +if test "x$ac_cv_member_struct_utmps_ut_pid" = xyes +then : -$as_echo "#define HAVE_STRUCT_UTMP_UT_PID 1" >>confdefs.h +printf "%s\n" "#define HAVE_STRUCT_UTMP_UT_PID 1" >>confdefs.h fi @@ -18560,10 +20105,11 @@ # include " -if test "x$ac_cv_member_struct_utmps_ut_tv" = xyes; then : +if test "x$ac_cv_member_struct_utmps_ut_tv" = xyes +then : -$as_echo "#define HAVE_STRUCT_UTMP_UT_TV 1" >>confdefs.h +printf "%s\n" "#define HAVE_STRUCT_UTMP_UT_TV 1" >>confdefs.h fi @@ -18573,10 +20119,11 @@ # include " -if test "x$ac_cv_member_struct_utmps_ut_type" = xyes; then : +if test "x$ac_cv_member_struct_utmps_ut_type" = xyes +then : -$as_echo "#define HAVE_STRUCT_UTMP_UT_TYPE 1" >>confdefs.h +printf "%s\n" "#define HAVE_STRUCT_UTMP_UT_TYPE 1" >>confdefs.h fi @@ -18587,11 +20134,10 @@ # include " -if test "x$ac_cv_member_struct_utmp_ut_user" = xyes; then : +if test "x$ac_cv_member_struct_utmp_ut_user" = xyes +then : -cat >>confdefs.h <<_ACEOF -#define HAVE_STRUCT_UTMP_UT_USER 1 -_ACEOF +printf "%s\n" "#define HAVE_STRUCT_UTMP_UT_USER 1" >>confdefs.h fi @@ -18602,29 +20148,31 @@ # include " -if test "x$ac_cv_member_struct_utmps_ut_exit___e_termination" = xyes; then : +if test "x$ac_cv_member_struct_utmps_ut_exit___e_termination" = xyes +then : -$as_echo "#define HAVE_STRUCT_UTMP_UT_EXIT 1" >>confdefs.h +printf "%s\n" "#define HAVE_STRUCT_UTMP_UT_EXIT 1" >>confdefs.h -$as_echo "#define HAVE_STRUCT_UTMP_UT_EXIT___E_TERMINATION 1" >>confdefs.h +printf "%s\n" "#define HAVE_STRUCT_UTMP_UT_EXIT___E_TERMINATION 1" >>confdefs.h -else +else $as_nop ac_fn_c_check_member "$LINENO" "struct utmps" "ut_exit.e_termination" "ac_cv_member_struct_utmps_ut_exit_e_termination" " # include # include " -if test "x$ac_cv_member_struct_utmps_ut_exit_e_termination" = xyes; then : +if test "x$ac_cv_member_struct_utmps_ut_exit_e_termination" = xyes +then : -$as_echo "#define HAVE_STRUCT_UTMP_UT_EXIT 1" >>confdefs.h +printf "%s\n" "#define HAVE_STRUCT_UTMP_UT_EXIT 1" >>confdefs.h -$as_echo "#define HAVE_STRUCT_UTMP_UT_EXIT_E_TERMINATION 1" >>confdefs.h +printf "%s\n" "#define HAVE_STRUCT_UTMP_UT_EXIT_E_TERMINATION 1" >>confdefs.h fi @@ -18640,10 +20188,11 @@ # include " -if test "x$ac_cv_member_struct_utmpx_ut_id" = xyes; then : +if test "x$ac_cv_member_struct_utmpx_ut_id" = xyes +then : -$as_echo "#define HAVE_STRUCT_UTMP_UT_ID 1" >>confdefs.h +printf "%s\n" "#define HAVE_STRUCT_UTMP_UT_ID 1" >>confdefs.h fi @@ -18653,10 +20202,11 @@ # include " -if test "x$ac_cv_member_struct_utmpx_ut_pid" = xyes; then : +if test "x$ac_cv_member_struct_utmpx_ut_pid" = xyes +then : -$as_echo "#define HAVE_STRUCT_UTMP_UT_PID 1" >>confdefs.h +printf "%s\n" "#define HAVE_STRUCT_UTMP_UT_PID 1" >>confdefs.h fi @@ -18666,10 +20216,11 @@ # include " -if test "x$ac_cv_member_struct_utmpx_ut_tv" = xyes; then : +if test "x$ac_cv_member_struct_utmpx_ut_tv" = xyes +then : -$as_echo "#define HAVE_STRUCT_UTMP_UT_TV 1" >>confdefs.h +printf "%s\n" "#define HAVE_STRUCT_UTMP_UT_TV 1" >>confdefs.h fi @@ -18679,10 +20230,11 @@ # include " -if test "x$ac_cv_member_struct_utmpx_ut_type" = xyes; then : +if test "x$ac_cv_member_struct_utmpx_ut_type" = xyes +then : -$as_echo "#define HAVE_STRUCT_UTMP_UT_TYPE 1" >>confdefs.h +printf "%s\n" "#define HAVE_STRUCT_UTMP_UT_TYPE 1" >>confdefs.h fi @@ -18693,11 +20245,10 @@ # include " -if test "x$ac_cv_member_struct_utmp_ut_user" = xyes; then : +if test "x$ac_cv_member_struct_utmp_ut_user" = xyes +then : -cat >>confdefs.h <<_ACEOF -#define HAVE_STRUCT_UTMP_UT_USER 1 -_ACEOF +printf "%s\n" "#define HAVE_STRUCT_UTMP_UT_USER 1" >>confdefs.h fi @@ -18708,29 +20259,31 @@ # include " -if test "x$ac_cv_member_struct_utmpx_ut_exit___e_termination" = xyes; then : +if test "x$ac_cv_member_struct_utmpx_ut_exit___e_termination" = xyes +then : -$as_echo "#define HAVE_STRUCT_UTMP_UT_EXIT 1" >>confdefs.h +printf "%s\n" "#define HAVE_STRUCT_UTMP_UT_EXIT 1" >>confdefs.h -$as_echo "#define HAVE_STRUCT_UTMP_UT_EXIT___E_TERMINATION 1" >>confdefs.h +printf "%s\n" "#define HAVE_STRUCT_UTMP_UT_EXIT___E_TERMINATION 1" >>confdefs.h -else +else $as_nop ac_fn_c_check_member "$LINENO" "struct utmpx" "ut_exit.e_termination" "ac_cv_member_struct_utmpx_ut_exit_e_termination" " # include # include " -if test "x$ac_cv_member_struct_utmpx_ut_exit_e_termination" = xyes; then : +if test "x$ac_cv_member_struct_utmpx_ut_exit_e_termination" = xyes +then : -$as_echo "#define HAVE_STRUCT_UTMP_UT_EXIT 1" >>confdefs.h +printf "%s\n" "#define HAVE_STRUCT_UTMP_UT_EXIT 1" >>confdefs.h -$as_echo "#define HAVE_STRUCT_UTMP_UT_EXIT_E_TERMINATION 1" >>confdefs.h +printf "%s\n" "#define HAVE_STRUCT_UTMP_UT_EXIT_E_TERMINATION 1" >>confdefs.h fi @@ -18746,10 +20299,11 @@ # include " -if test "x$ac_cv_member_struct_utmp_ut_id" = xyes; then : +if test "x$ac_cv_member_struct_utmp_ut_id" = xyes +then : -$as_echo "#define HAVE_STRUCT_UTMP_UT_ID 1" >>confdefs.h +printf "%s\n" "#define HAVE_STRUCT_UTMP_UT_ID 1" >>confdefs.h fi @@ -18759,10 +20313,11 @@ # include " -if test "x$ac_cv_member_struct_utmp_ut_pid" = xyes; then : +if test "x$ac_cv_member_struct_utmp_ut_pid" = xyes +then : -$as_echo "#define HAVE_STRUCT_UTMP_UT_PID 1" >>confdefs.h +printf "%s\n" "#define HAVE_STRUCT_UTMP_UT_PID 1" >>confdefs.h fi @@ -18772,10 +20327,11 @@ # include " -if test "x$ac_cv_member_struct_utmp_ut_tv" = xyes; then : +if test "x$ac_cv_member_struct_utmp_ut_tv" = xyes +then : -$as_echo "#define HAVE_STRUCT_UTMP_UT_TV 1" >>confdefs.h +printf "%s\n" "#define HAVE_STRUCT_UTMP_UT_TV 1" >>confdefs.h fi @@ -18785,10 +20341,11 @@ # include " -if test "x$ac_cv_member_struct_utmp_ut_type" = xyes; then : +if test "x$ac_cv_member_struct_utmp_ut_type" = xyes +then : -$as_echo "#define HAVE_STRUCT_UTMP_UT_TYPE 1" >>confdefs.h +printf "%s\n" "#define HAVE_STRUCT_UTMP_UT_TYPE 1" >>confdefs.h fi @@ -18799,11 +20356,10 @@ # include " -if test "x$ac_cv_member_struct_utmp_ut_user" = xyes; then : +if test "x$ac_cv_member_struct_utmp_ut_user" = xyes +then : -cat >>confdefs.h <<_ACEOF -#define HAVE_STRUCT_UTMP_UT_USER 1 -_ACEOF +printf "%s\n" "#define HAVE_STRUCT_UTMP_UT_USER 1" >>confdefs.h fi @@ -18814,29 +20370,31 @@ # include " -if test "x$ac_cv_member_struct_utmp_ut_exit___e_termination" = xyes; then : +if test "x$ac_cv_member_struct_utmp_ut_exit___e_termination" = xyes +then : -$as_echo "#define HAVE_STRUCT_UTMP_UT_EXIT 1" >>confdefs.h +printf "%s\n" "#define HAVE_STRUCT_UTMP_UT_EXIT 1" >>confdefs.h -$as_echo "#define HAVE_STRUCT_UTMP_UT_EXIT___E_TERMINATION 1" >>confdefs.h +printf "%s\n" "#define HAVE_STRUCT_UTMP_UT_EXIT___E_TERMINATION 1" >>confdefs.h -else +else $as_nop ac_fn_c_check_member "$LINENO" "struct utmp" "ut_exit.e_termination" "ac_cv_member_struct_utmp_ut_exit_e_termination" " # include # include " -if test "x$ac_cv_member_struct_utmp_ut_exit_e_termination" = xyes; then : +if test "x$ac_cv_member_struct_utmp_ut_exit_e_termination" = xyes +then : -$as_echo "#define HAVE_STRUCT_UTMP_UT_EXIT 1" >>confdefs.h +printf "%s\n" "#define HAVE_STRUCT_UTMP_UT_EXIT 1" >>confdefs.h -$as_echo "#define HAVE_STRUCT_UTMP_UT_EXIT_E_TERMINATION 1" >>confdefs.h +printf "%s\n" "#define HAVE_STRUCT_UTMP_UT_EXIT_E_TERMINATION 1" >>confdefs.h fi @@ -18847,29 +20405,7 @@ fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether to compile python plugin support" >&5 -$as_echo_n "checking whether to compile python plugin support... " >&6; } -# Check whether --enable-python was given. -if test "${enable_python+set}" = set; then : - enableval=$enable_python; case "$enableval" in - yes|no) - { $as_echo "$as_me:${as_lineno-$LINENO}: result: $enableval" >&5 -$as_echo "$enableval" >&6; } - USE_PYTHON=$enableval - ;; - *) - { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: Ignoring unknown argument to --enable-python: $enableval" >&5 -$as_echo "$as_me: WARNING: Ignoring unknown argument to --enable-python: $enableval" >&2;} - ;; - esac - -else - { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 -$as_echo "no" >&6; } -fi - - -if test ${USE_PYTHON-'no'} = "yes"; then +if test ${enable_python-'no'} = "yes"; then @@ -18878,8 +20414,8 @@ if test -n "$PYTHON"; then # If the user set $PYTHON, use it and don't search something else. - { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether $PYTHON version is >= 3" >&5 -$as_echo_n "checking whether $PYTHON version is >= 3... " >&6; } + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking whether $PYTHON version is >= 3" >&5 +printf %s "checking whether $PYTHON version is >= 3... " >&6; } prog="import sys # split strings by '.' and convert to numeric. Append some zeros # because we need at least 4 digits for the hex conversion. @@ -18893,23 +20429,25 @@ ($PYTHON -c "$prog") >&5 2>&5 ac_status=$? echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); }; then : - { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 -$as_echo "yes" >&6; } -else - { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 -$as_echo "no" >&6; } + (exit $ac_status); } +then : + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: yes" >&5 +printf "%s\n" "yes" >&6; } +else $as_nop + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5 +printf "%s\n" "no" >&6; } as_fn_error $? "Python interpreter is too old" "$LINENO" 5 fi am_display_PYTHON=$PYTHON else # Otherwise, try each interpreter until we find one that satisfies # VERSION. - { $as_echo "$as_me:${as_lineno-$LINENO}: checking for a Python interpreter with version >= 3" >&5 -$as_echo_n "checking for a Python interpreter with version >= 3... " >&6; } -if ${am_cv_pathless_PYTHON+:} false; then : - $as_echo_n "(cached) " >&6 -else + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for a Python interpreter with version >= 3" >&5 +printf %s "checking for a Python interpreter with version >= 3... " >&6; } +if test ${am_cv_pathless_PYTHON+y} +then : + printf %s "(cached) " >&6 +else $as_nop for am_cv_pathless_PYTHON in python python2 python3 python3.9 python3.8 python3.7 python3.6 python3.5 python3.4 python3.3 python3.2 python3.1 python3.0 python2.7 python2.6 python2.5 python2.4 python2.3 python2.2 python2.1 python2.0 none; do test "$am_cv_pathless_PYTHON" = none && break @@ -18926,24 +20464,26 @@ ($am_cv_pathless_PYTHON -c "$prog") >&5 2>&5 ac_status=$? echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); }; then : + (exit $ac_status); } +then : break fi done fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $am_cv_pathless_PYTHON" >&5 -$as_echo "$am_cv_pathless_PYTHON" >&6; } +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $am_cv_pathless_PYTHON" >&5 +printf "%s\n" "$am_cv_pathless_PYTHON" >&6; } # Set $PYTHON to the absolute path of $am_cv_pathless_PYTHON. if test "$am_cv_pathless_PYTHON" = none; then PYTHON=: else # Extract the first word of "$am_cv_pathless_PYTHON", so it can be a program name with args. set dummy $am_cv_pathless_PYTHON; ac_word=$2 -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 -$as_echo_n "checking for $ac_word... " >&6; } -if ${ac_cv_path_PYTHON+:} false; then : - $as_echo_n "(cached) " >&6 -else +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 +printf %s "checking for $ac_word... " >&6; } +if test ${ac_cv_path_PYTHON+y} +then : + printf %s "(cached) " >&6 +else $as_nop case $PYTHON in [\\/]* | ?:[\\/]*) ac_cv_path_PYTHON="$PYTHON" # Let the user override the test with a path. @@ -18953,11 +20493,15 @@ for as_dir in $PATH do IFS=$as_save_IFS - test -z "$as_dir" && as_dir=. + case $as_dir in #((( + '') as_dir=./ ;; + */) ;; + *) as_dir=$as_dir/ ;; + esac for ac_exec_ext in '' $ac_executable_extensions; do - if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then - ac_cv_path_PYTHON="$as_dir/$ac_word$ac_exec_ext" - $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 + if as_fn_executable_p "$as_dir$ac_word$ac_exec_ext"; then + ac_cv_path_PYTHON="$as_dir$ac_word$ac_exec_ext" + printf "%s\n" "$as_me:${as_lineno-$LINENO}: found $as_dir$ac_word$ac_exec_ext" >&5 break 2 fi done @@ -18969,11 +20513,11 @@ fi PYTHON=$ac_cv_path_PYTHON if test -n "$PYTHON"; then - { $as_echo "$as_me:${as_lineno-$LINENO}: result: $PYTHON" >&5 -$as_echo "$PYTHON" >&6; } + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $PYTHON" >&5 +printf "%s\n" "$PYTHON" >&6; } else - { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 -$as_echo "no" >&6; } + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5 +printf "%s\n" "no" >&6; } fi @@ -18987,15 +20531,16 @@ else - { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $am_display_PYTHON version" >&5 -$as_echo_n "checking for $am_display_PYTHON version... " >&6; } -if ${am_cv_python_version+:} false; then : - $as_echo_n "(cached) " >&6 -else - am_cv_python_version=`$PYTHON -c "import sys; sys.stdout.write(sys.version[:3])"` + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $am_display_PYTHON version" >&5 +printf %s "checking for $am_display_PYTHON version... " >&6; } +if test ${am_cv_python_version+y} +then : + printf %s "(cached) " >&6 +else $as_nop + am_cv_python_version=`$PYTHON -c "import sys; print('%u.%u' % sys.version_info[:2])"` fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $am_cv_python_version" >&5 -$as_echo "$am_cv_python_version" >&6; } +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $am_cv_python_version" >&5 +printf "%s\n" "$am_cv_python_version" >&6; } PYTHON_VERSION=$am_cv_python_version @@ -19006,15 +20551,16 @@ - { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $am_display_PYTHON platform" >&5 -$as_echo_n "checking for $am_display_PYTHON platform... " >&6; } -if ${am_cv_python_platform+:} false; then : - $as_echo_n "(cached) " >&6 -else + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $am_display_PYTHON platform" >&5 +printf %s "checking for $am_display_PYTHON platform... " >&6; } +if test ${am_cv_python_platform+y} +then : + printf %s "(cached) " >&6 +else $as_nop am_cv_python_platform=`$PYTHON -c "import sys; sys.stdout.write(sys.platform)"` fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $am_cv_python_platform" >&5 -$as_echo "$am_cv_python_platform" >&6; } +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $am_cv_python_platform" >&5 +printf "%s\n" "$am_cv_python_platform" >&6; } PYTHON_PLATFORM=$am_cv_python_platform @@ -19039,11 +20585,12 @@ pass" - { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $am_display_PYTHON script directory" >&5 -$as_echo_n "checking for $am_display_PYTHON script directory... " >&6; } -if ${am_cv_python_pythondir+:} false; then : - $as_echo_n "(cached) " >&6 -else + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $am_display_PYTHON script directory" >&5 +printf %s "checking for $am_display_PYTHON script directory... " >&6; } +if test ${am_cv_python_pythondir+y} +then : + printf %s "(cached) " >&6 +else $as_nop if test "x$prefix" = xNONE then am_py_prefix=$ac_default_prefix @@ -19074,8 +20621,8 @@ esac fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $am_cv_python_pythondir" >&5 -$as_echo "$am_cv_python_pythondir" >&6; } +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $am_cv_python_pythondir" >&5 +printf "%s\n" "$am_cv_python_pythondir" >&6; } pythondir=$am_cv_python_pythondir @@ -19083,11 +20630,12 @@ pkgpythondir=\${pythondir}/$PACKAGE - { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $am_display_PYTHON extension module directory" >&5 -$as_echo_n "checking for $am_display_PYTHON extension module directory... " >&6; } -if ${am_cv_python_pyexecdir+:} false; then : - $as_echo_n "(cached) " >&6 -else + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $am_display_PYTHON extension module directory" >&5 +printf %s "checking for $am_display_PYTHON extension module directory... " >&6; } +if test ${am_cv_python_pyexecdir+y} +then : + printf %s "(cached) " >&6 +else $as_nop if test "x$exec_prefix" = xNONE then am_py_exec_prefix=$am_py_prefix @@ -19118,8 +20666,8 @@ esac fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $am_cv_python_pyexecdir" >&5 -$as_echo "$am_cv_python_pyexecdir" >&6; } +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $am_cv_python_pyexecdir" >&5 +printf "%s\n" "$am_cv_python_pyexecdir" >&6; } pyexecdir=$am_cv_python_pyexecdir @@ -19136,19 +20684,22 @@ - if test -z "$PYTHON_INCLUDE" || test -z "$PYTHON_LIBS"; then : + if test -z "$PYTHON_INCLUDE" || test -z "$PYTHON_LIBS" +then : - if test -z "$PYTHON_CONFIG"; then : + if test -z "$PYTHON_CONFIG" +then : for ac_prog in python$PYTHON_VERSION-config python-config do # Extract the first word of "$ac_prog", so it can be a program name with args. set dummy $ac_prog; ac_word=$2 -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 -$as_echo_n "checking for $ac_word... " >&6; } -if ${ac_cv_path_PYTHON_CONFIG+:} false; then : - $as_echo_n "(cached) " >&6 -else +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 +printf %s "checking for $ac_word... " >&6; } +if test ${ac_cv_path_PYTHON_CONFIG+y} +then : + printf %s "(cached) " >&6 +else $as_nop case $PYTHON_CONFIG in [\\/]* | ?:[\\/]*) ac_cv_path_PYTHON_CONFIG="$PYTHON_CONFIG" # Let the user override the test with a path. @@ -19158,11 +20709,15 @@ for as_dir in `dirname $PYTHON` do IFS=$as_save_IFS - test -z "$as_dir" && as_dir=. + case $as_dir in #((( + '') as_dir=./ ;; + */) ;; + *) as_dir=$as_dir/ ;; + esac for ac_exec_ext in '' $ac_executable_extensions; do - if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then - ac_cv_path_PYTHON_CONFIG="$as_dir/$ac_word$ac_exec_ext" - $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 + if as_fn_executable_p "$as_dir$ac_word$ac_exec_ext"; then + ac_cv_path_PYTHON_CONFIG="$as_dir$ac_word$ac_exec_ext" + printf "%s\n" "$as_me:${as_lineno-$LINENO}: found $as_dir$ac_word$ac_exec_ext" >&5 break 2 fi done @@ -19174,11 +20729,11 @@ fi PYTHON_CONFIG=$ac_cv_path_PYTHON_CONFIG if test -n "$PYTHON_CONFIG"; then - { $as_echo "$as_me:${as_lineno-$LINENO}: result: $PYTHON_CONFIG" >&5 -$as_echo "$PYTHON_CONFIG" >&6; } + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $PYTHON_CONFIG" >&5 +printf "%s\n" "$PYTHON_CONFIG" >&6; } else - { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 -$as_echo "no" >&6; } + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5 +printf "%s\n" "no" >&6; } fi @@ -19186,7 +20741,8 @@ done test -n "$PYTHON_CONFIG" || PYTHON_CONFIG="no" - if test "$PYTHON_CONFIG" = no; then : + if test "$PYTHON_CONFIG" = no +then : as_fn_error $? "cannot find python-config for $PYTHON." "$LINENO" 5 fi @@ -19194,18 +20750,16 @@ fi - if test -z "$PYTHON_INCLUDE"; then : + if test -z "$PYTHON_INCLUDE" +then : - { $as_echo "$as_me:${as_lineno-$LINENO}: checking python include flags" >&5 -$as_echo_n "checking python include flags... " >&6; } # Pull out python include path, ignore other flags PYTHON_INCLUDE=`$PYTHON_CONFIG --cflags | tr " " "\n" | grep "^-I" | sort -u | tr "\n" " "` - { $as_echo "$as_me:${as_lineno-$LINENO}: result: $PYTHON_INCLUDE" >&5 -$as_echo "$PYTHON_INCLUDE" >&6; } fi - if test -z "$PYTHON_LIBS"; then : + if test -z "$PYTHON_LIBS" +then : # Newer versions of python3-config need --embed to include libpython if $PYTHON_CONFIG 2>&1 | grep embed >/dev/null; then @@ -19213,12 +20767,8 @@ else PY_EMBED= fi - { $as_echo "$as_me:${as_lineno-$LINENO}: checking python linker flags" >&5 -$as_echo_n "checking python linker flags... " >&6; } PYTHON_LIBS=`$PYTHON_CONFIG --ldflags $PY_EMBED` PYTHON_LIBS=`$PYTHON_CONFIG --ldflags $PY_EMBED | tr " " "\n" | grep "^-[lL]" | tr "\n" " "` - { $as_echo "$as_me:${as_lineno-$LINENO}: result: $PYTHON_LIBS" >&5 -$as_echo "$PYTHON_LIBS" >&6; } fi @@ -19229,14 +20779,16 @@ fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking type of array argument to getgroups" >&5 -$as_echo_n "checking type of array argument to getgroups... " >&6; } -if ${ac_cv_type_getgroups+:} false; then : - $as_echo_n "(cached) " >&6 -else - if test "$cross_compiling" = yes; then : +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking type of array argument to getgroups" >&5 +printf %s "checking type of array argument to getgroups... " >&6; } +if test ${ac_cv_type_getgroups+y} +then : + printf %s "(cached) " >&6 +else $as_nop + if test "$cross_compiling" = yes +then : ac_cv_type_getgroups=cross -else +else $as_nop cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ /* Thanks to Mike Rendell for this test. */ @@ -19246,7 +20798,7 @@ #define MAX(x, y) ((x) > (y) ? (x) : (y)) int -main () +main (void) { gid_t gidset[NGID]; int i, n; @@ -19263,9 +20815,10 @@ return n > 0 && gidset[n] != val.gval; } _ACEOF -if ac_fn_c_try_run "$LINENO"; then : +if ac_fn_c_try_run "$LINENO" +then : ac_cv_type_getgroups=gid_t -else +else $as_nop ac_cv_type_getgroups=int fi rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \ @@ -19279,36 +20832,35 @@ _ACEOF if (eval "$ac_cpp conftest.$ac_ext") 2>&5 | - $EGREP "getgroups.*int.*gid_t" >/dev/null 2>&1; then : + $EGREP "getgroups.*int.*gid_t" >/dev/null 2>&1 +then : ac_cv_type_getgroups=gid_t -else +else $as_nop ac_cv_type_getgroups=int fi -rm -f conftest* +rm -rf conftest* fi fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_type_getgroups" >&5 -$as_echo "$ac_cv_type_getgroups" >&6; } +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_type_getgroups" >&5 +printf "%s\n" "$ac_cv_type_getgroups" >&6; } -cat >>confdefs.h <<_ACEOF -#define GETGROUPS_T $ac_cv_type_getgroups -_ACEOF +printf "%s\n" "#define GETGROUPS_T $ac_cv_type_getgroups" >>confdefs.h ac_fn_c_check_type "$LINENO" "size_t" "ac_cv_type_size_t" "$ac_includes_default" -if test "x$ac_cv_type_size_t" = xyes; then : +if test "x$ac_cv_type_size_t" = xyes +then : -else +else $as_nop -cat >>confdefs.h <<_ACEOF -#define size_t unsigned int -_ACEOF +printf "%s\n" "#define size_t unsigned int" >>confdefs.h fi ac_fn_c_check_func "$LINENO" "getgroups" "ac_cv_func_getgroups" -if test "x$ac_cv_func_getgroups" = xyes; then : +if test "x$ac_cv_func_getgroups" = xyes +then : fi @@ -19317,11 +20869,12 @@ # This is reported to be necessary on an ITOS 3000WS running SEIUX 3.1. ac_save_LIBS=$LIBS if test $ac_cv_func_getgroups = no; then - { $as_echo "$as_me:${as_lineno-$LINENO}: checking for getgroups in -lbsd" >&5 -$as_echo_n "checking for getgroups in -lbsd... " >&6; } -if ${ac_cv_lib_bsd_getgroups+:} false; then : - $as_echo_n "(cached) " >&6 -else + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for getgroups in -lbsd" >&5 +printf %s "checking for getgroups in -lbsd... " >&6; } +if test ${ac_cv_lib_bsd_getgroups+y} +then : + printf %s "(cached) " >&6 +else $as_nop ac_check_lib_save_LIBS=$LIBS LIBS="-lbsd $LIBS" cat confdefs.h - <<_ACEOF >conftest.$ac_ext @@ -19330,30 +20883,29 @@ /* Override any GCC internal prototype to avoid an error. Use char because int might match the return type of a GCC builtin and then its argument prototype would still apply. */ -#ifdef __cplusplus -extern "C" -#endif char getgroups (); int -main () +main (void) { return getgroups (); ; return 0; } _ACEOF -if ac_fn_c_try_link "$LINENO"; then : +if ac_fn_c_try_link "$LINENO" +then : ac_cv_lib_bsd_getgroups=yes -else +else $as_nop ac_cv_lib_bsd_getgroups=no fi -rm -f core conftest.err conftest.$ac_objext \ +rm -f core conftest.err conftest.$ac_objext conftest.beam \ conftest$ac_exeext conftest.$ac_ext LIBS=$ac_check_lib_save_LIBS fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_bsd_getgroups" >&5 -$as_echo "$ac_cv_lib_bsd_getgroups" >&6; } -if test "x$ac_cv_lib_bsd_getgroups" = xyes; then : +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_bsd_getgroups" >&5 +printf "%s\n" "$ac_cv_lib_bsd_getgroups" >&6; } +if test "x$ac_cv_lib_bsd_getgroups" = xyes +then : GETGROUPS_LIB=-lbsd fi @@ -19362,19 +20914,26 @@ # Run the program to test the functionality of the system-supplied # getgroups function only if there is such a function. if test $ac_cv_func_getgroups = yes; then - { $as_echo "$as_me:${as_lineno-$LINENO}: checking for working getgroups" >&5 -$as_echo_n "checking for working getgroups... " >&6; } -if ${ac_cv_func_getgroups_works+:} false; then : - $as_echo_n "(cached) " >&6 -else - if test "$cross_compiling" = yes; then : - ac_cv_func_getgroups_works=no -else + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for working getgroups" >&5 +printf %s "checking for working getgroups... " >&6; } +if test ${ac_cv_func_getgroups_works+y} +then : + printf %s "(cached) " >&6 +else $as_nop + if test "$cross_compiling" = yes +then : + case "$host_os" in # (( + # Guess yes on glibc systems. + *-gnu*) ac_cv_func_getgroups_works="guessing yes" ;; + # If we don't know, assume the worst. + *) ac_cv_func_getgroups_works="guessing no" ;; + esac +else $as_nop cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ $ac_includes_default int -main () +main (void) { /* On Ultrix 4.3, getgroups (0, 0) always fails. */ return getgroups (0, 0) == -1; @@ -19382,9 +20941,10 @@ return 0; } _ACEOF -if ac_fn_c_try_run "$LINENO"; then : +if ac_fn_c_try_run "$LINENO" +then : ac_cv_func_getgroups_works=yes -else +else $as_nop ac_cv_func_getgroups_works=no fi rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \ @@ -19393,33 +20953,102 @@ fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_func_getgroups_works" >&5 -$as_echo "$ac_cv_func_getgroups_works" >&6; } +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_func_getgroups_works" >&5 +printf "%s\n" "$ac_cv_func_getgroups_works" >&6; } else ac_cv_func_getgroups_works=no fi -if test $ac_cv_func_getgroups_works = yes; then +case "$ac_cv_func_getgroups_works" in + *yes) -$as_echo "#define HAVE_GETGROUPS 1" >>confdefs.h +printf "%s\n" "#define HAVE_GETGROUPS 1" >>confdefs.h -fi + ;; +esac LIBS=$ac_save_LIBS +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for _LARGEFILE_SOURCE value needed for large files" >&5 +printf %s "checking for _LARGEFILE_SOURCE value needed for large files... " >&6; } +if test ${ac_cv_sys_largefile_source+y} +then : + printf %s "(cached) " >&6 +else $as_nop + while :; do + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +#include /* for off_t */ + #include +int +main (void) +{ +int (*fp) (FILE *, off_t, int) = fseeko; + return fseeko (stdin, 0, 0) && fp (stdin, 0, 0); + ; + return 0; +} +_ACEOF +if ac_fn_c_try_link "$LINENO" +then : + ac_cv_sys_largefile_source=no; break +fi +rm -f core conftest.err conftest.$ac_objext conftest.beam \ + conftest$ac_exeext conftest.$ac_ext + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +#define _LARGEFILE_SOURCE 1 +#include /* for off_t */ + #include +int +main (void) +{ +int (*fp) (FILE *, off_t, int) = fseeko; + return fseeko (stdin, 0, 0) && fp (stdin, 0, 0); + ; + return 0; +} +_ACEOF +if ac_fn_c_try_link "$LINENO" +then : + ac_cv_sys_largefile_source=1; break +fi +rm -f core conftest.err conftest.$ac_objext conftest.beam \ + conftest$ac_exeext conftest.$ac_ext + ac_cv_sys_largefile_source=unknown + break +done +fi +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_sys_largefile_source" >&5 +printf "%s\n" "$ac_cv_sys_largefile_source" >&6; } +case $ac_cv_sys_largefile_source in #( + no | unknown) ;; + *) +printf "%s\n" "#define _LARGEFILE_SOURCE $ac_cv_sys_largefile_source" >>confdefs.h +;; +esac +rm -rf conftest* +# We used to try defining _XOPEN_SOURCE=500 too, to work around a bug +# in glibc 2.1.3, but that breaks too many other things. +# If you want fseeko and ftello with glibc, upgrade to a fixed glibc. +if test $ac_cv_sys_largefile_source != unknown; then - - for ac_func in $ac_func_list -do : - as_ac_var=`$as_echo "ac_cv_func_$ac_func" | $as_tr_sh` -ac_fn_c_check_func "$LINENO" "$ac_func" "$as_ac_var" -if eval test \"x\$"$as_ac_var"\" = x"yes"; then : - cat >>confdefs.h <<_ACEOF -#define `$as_echo "HAVE_$ac_func" | $as_tr_cpp` 1 -_ACEOF +printf "%s\n" "#define HAVE_FSEEKO 1" >>confdefs.h fi -done +ac_func= +for ac_item in $ac_func_c_list +do + if test $ac_func; then + ac_fn_c_check_func "$LINENO" $ac_func ac_cv_func_$ac_func + if eval test \"x\$ac_cv_func_$ac_func\" = xyes; then + echo "#define $ac_item 1" >> confdefs.h + fi + ac_func= + else + ac_func=$ac_item + fi +done @@ -19429,46 +21058,68 @@ + for ac_func in execvpe +do : + ac_fn_c_check_func "$LINENO" "execvpe" "ac_cv_func_execvpe" +if test "x$ac_cv_func_execvpe" = xyes +then : + printf "%s\n" "#define HAVE_EXECVPE 1" >>confdefs.h + for _sym in execvpe; do + INTERCEPT_EXP="${INTERCEPT_EXP}${_sym} +" + done +fi +done + for ac_func in pread +do : + ac_fn_c_check_func "$LINENO" "pread" "ac_cv_func_pread" +if test "x$ac_cv_func_pread" = xyes +then : + printf "%s\n" "#define HAVE_PREAD 1" >>confdefs.h + # pread/pwrite on 32-bit HP-UX 11.x may not support large files + case "$host_os" in + hpux*|hiuxmpp*) -case "$host_os" in - hpux*) - if test X"$ac_cv_func_pread" = X"yes"; then - O_CPPFLAGS="$CPPFLAGS" - CPPFLAGS="$CPPFLAGS -D_LARGEFILE64_SOURCE" - for ac_func in pread64 pwrite64 + for ac_func in pread64 pwrite64 do : - as_ac_var=`$as_echo "ac_cv_func_$ac_func" | $as_tr_sh` + as_ac_var=`printf "%s\n" "ac_cv_func_$ac_func" | $as_tr_sh` ac_fn_c_check_func "$LINENO" "$ac_func" "$as_ac_var" -if eval test \"x\$"$as_ac_var"\" = x"yes"; then : +if eval test \"x\$"$as_ac_var"\" = x"yes" +then : cat >>confdefs.h <<_ACEOF -#define `$as_echo "HAVE_$ac_func" | $as_tr_cpp` 1 +#define `printf "%s\n" "HAVE_$ac_func" | $as_tr_cpp` 1 _ACEOF - -$as_echo "#define _LARGEFILE64_SOURCE 1" >>confdefs.h + ac_fn_check_decl "$LINENO" "pread64" "ac_cv_have_decl_pread64" "$ac_includes_default" "$ac_c_undeclared_builtin_options" "CFLAGS" +if test "x$ac_cv_have_decl_pread64" = xyes +then : + ac_have_decl=1 +else $as_nop + ac_have_decl=0 +fi +printf "%s\n" "#define HAVE_DECL_PREAD64 $ac_have_decl" >>confdefs.h +ac_fn_check_decl "$LINENO" "pwrite64" "ac_cv_have_decl_pwrite64" "$ac_includes_default" "$ac_c_undeclared_builtin_options" "CFLAGS" +if test "x$ac_cv_have_decl_pwrite64" = xyes +then : + ac_have_decl=1 +else $as_nop + ac_have_decl=0 +fi +printf "%s\n" "#define HAVE_DECL_PWRITE64 $ac_have_decl" >>confdefs.h fi -done - CPPFLAGS="$O_CPPFLAGS" - fi - ;; -esac -for ac_func in pread -do : - ac_fn_c_check_func "$LINENO" "pread" "ac_cv_func_pread" -if test "x$ac_cv_func_pread" = xyes; then : - cat >>confdefs.h <<_ACEOF -#define HAVE_PREAD 1 -_ACEOF +done + ;; + esac -else +else $as_nop case " $LIBOBJS " in *" pread.$ac_objext "* ) ;; @@ -19484,17 +21135,17 @@ fi + done -for ac_func in pwrite + for ac_func in pwrite do : ac_fn_c_check_func "$LINENO" "pwrite" "ac_cv_func_pwrite" -if test "x$ac_cv_func_pwrite" = xyes; then : - cat >>confdefs.h <<_ACEOF -#define HAVE_PWRITE 1 -_ACEOF +if test "x$ac_cv_func_pwrite" = xyes +then : + printf "%s\n" "#define HAVE_PWRITE 1" >>confdefs.h -else +else $as_nop case " $LIBOBJS " in *" pwrite.$ac_objext "* ) ;; @@ -19510,17 +21161,17 @@ fi + done -for ac_func in cfmakeraw + for ac_func in cfmakeraw do : ac_fn_c_check_func "$LINENO" "cfmakeraw" "ac_cv_func_cfmakeraw" -if test "x$ac_cv_func_cfmakeraw" = xyes; then : - cat >>confdefs.h <<_ACEOF -#define HAVE_CFMAKERAW 1 -_ACEOF +if test "x$ac_cv_func_cfmakeraw" = xyes +then : + printf "%s\n" "#define HAVE_CFMAKERAW 1" >>confdefs.h -else +else $as_nop case " $LIBOBJS " in *" cfmakeraw.$ac_objext "* ) ;; @@ -19536,121 +21187,160 @@ fi + done -for ac_func in getgrouplist + for ac_func in localtime_r do : - ac_fn_c_check_func "$LINENO" "getgrouplist" "ac_cv_func_getgrouplist" -if test "x$ac_cv_func_getgrouplist" = xyes; then : - cat >>confdefs.h <<_ACEOF -#define HAVE_GETGROUPLIST 1 -_ACEOF + ac_fn_c_check_func "$LINENO" "localtime_r" "ac_cv_func_localtime_r" +if test "x$ac_cv_func_localtime_r" = xyes +then : + printf "%s\n" "#define HAVE_LOCALTIME_R 1" >>confdefs.h -else +else $as_nop - case "$host_os" in - aix*) - for ac_func in getgrset -do : - ac_fn_c_check_func "$LINENO" "getgrset" "ac_cv_func_getgrset" -if test "x$ac_cv_func_getgrset" = xyes; then : - cat >>confdefs.h <<_ACEOF -#define HAVE_GETGRSET 1 -_ACEOF + case " $LIBOBJS " in + *" localtime_r.$ac_objext "* ) ;; + *) LIBOBJS="$LIBOBJS localtime_r.$ac_objext" + ;; +esac -fi -done - ;; - *) - ac_fn_c_check_func "$LINENO" "nss_search" "ac_cv_func_nss_search" -if test "x$ac_cv_func_nss_search" = xyes; then : + for _sym in sudo_localtime_r; do + COMPAT_EXP="${COMPAT_EXP}${_sym} +" + done - ac_fn_c_check_func "$LINENO" "_nss_XbyY_buf_alloc" "ac_cv_func__nss_XbyY_buf_alloc" -if test "x$ac_cv_func__nss_XbyY_buf_alloc" = xyes; then : - # Solaris - ac_fn_c_check_func "$LINENO" "_nss_initf_group" "ac_cv_func__nss_initf_group" -if test "x$ac_cv_func__nss_initf_group" = xyes; then : +fi - for ac_header in nss_dbdefs.h +done + + for ac_func in gmtime_r do : - ac_fn_c_check_header_mongrel "$LINENO" "nss_dbdefs.h" "ac_cv_header_nss_dbdefs_h" "$ac_includes_default" -if test "x$ac_cv_header_nss_dbdefs_h" = xyes; then : - cat >>confdefs.h <<_ACEOF -#define HAVE_NSS_DBDEFS_H 1 -_ACEOF + ac_fn_c_check_func "$LINENO" "gmtime_r" "ac_cv_func_gmtime_r" +if test "x$ac_cv_func_gmtime_r" = xyes +then : + printf "%s\n" "#define HAVE_GMTIME_R 1" >>confdefs.h -fi +else $as_nop -done + case " $LIBOBJS " in + *" gmtime_r.$ac_objext "* ) ;; + *) LIBOBJS="$LIBOBJS gmtime_r.$ac_objext" + ;; +esac - $as_echo "#define HAVE_NSS_SEARCH 1" >>confdefs.h - $as_echo "#define HAVE__NSS_XBYY_BUF_ALLOC 1" >>confdefs.h + for _sym in sudo_gmtime_r; do + COMPAT_EXP="${COMPAT_EXP}${_sym} +" + done - $as_echo "#define HAVE__NSS_INITF_GROUP 1" >>confdefs.h +fi -else +done - for ac_header in nss_dbdefs.h + for ac_func in timegm do : - ac_fn_c_check_header_mongrel "$LINENO" "nss_dbdefs.h" "ac_cv_header_nss_dbdefs_h" "$ac_includes_default" -if test "x$ac_cv_header_nss_dbdefs_h" = xyes; then : - cat >>confdefs.h <<_ACEOF -#define HAVE_NSS_DBDEFS_H 1 -_ACEOF + ac_fn_c_check_func "$LINENO" "timegm" "ac_cv_func_timegm" +if test "x$ac_cv_func_timegm" = xyes +then : + printf "%s\n" "#define HAVE_TIMEGM 1" >>confdefs.h - # Older Solaris does not export _nss_initf_group - # but we can use our own. - $as_echo "#define HAVE_NSS_SEARCH 1" >>confdefs.h +else $as_nop - $as_echo "#define HAVE__NSS_XBYY_BUF_ALLOC 1" >>confdefs.h + case " $LIBOBJS " in + *" timegm.$ac_objext "* ) ;; + *) LIBOBJS="$LIBOBJS timegm.$ac_objext" + ;; +esac + + + for _sym in sudo_timegm; do + COMPAT_EXP="${COMPAT_EXP}${_sym} +" + done fi done + for ac_func in getgrouplist +do : + ac_fn_c_check_func "$LINENO" "getgrouplist" "ac_cv_func_getgrouplist" +if test "x$ac_cv_func_getgrouplist" = xyes +then : + printf "%s\n" "#define HAVE_GETGROUPLIST 1" >>confdefs.h -fi +else $as_nop + case "$host_os" in + aix*) + ac_fn_c_check_func "$LINENO" "getgrset" "ac_cv_func_getgrset" +if test "x$ac_cv_func_getgrset" = xyes +then : + printf "%s\n" "#define HAVE_GETGRSET 1" >>confdefs.h -else +fi - # HP-UX - ac_fn_c_check_func "$LINENO" "__nss_XbyY_buf_alloc" "ac_cv_func___nss_XbyY_buf_alloc" -if test "x$ac_cv_func___nss_XbyY_buf_alloc" = xyes; then : + ;; + *) + ac_fn_c_check_func "$LINENO" "nss_search" "ac_cv_func_nss_search" +if test "x$ac_cv_func_nss_search" = xyes +then : - ac_fn_c_check_func "$LINENO" "__nss_initf_group" "ac_cv_func___nss_initf_group" -if test "x$ac_cv_func___nss_initf_group" = xyes; then : + ac_fn_c_check_func "$LINENO" "_nss_XbyY_buf_alloc" "ac_cv_func__nss_XbyY_buf_alloc" +if test "x$ac_cv_func__nss_XbyY_buf_alloc" = xyes +then : - for ac_header in nss_dbdefs.h -do : - ac_fn_c_check_header_mongrel "$LINENO" "nss_dbdefs.h" "ac_cv_header_nss_dbdefs_h" "$ac_includes_default" -if test "x$ac_cv_header_nss_dbdefs_h" = xyes; then : - cat >>confdefs.h <<_ACEOF -#define HAVE_NSS_DBDEFS_H 1 -_ACEOF + # Solaris + ac_fn_c_check_func "$LINENO" "_nss_initf_group" "ac_cv_func__nss_initf_group" +if test "x$ac_cv_func__nss_initf_group" = xyes +then : + + ac_fn_c_check_header_compile "$LINENO" "nss_dbdefs.h" "ac_cv_header_nss_dbdefs_h" "$ac_includes_default" +if test "x$ac_cv_header_nss_dbdefs_h" = xyes +then : + printf "%s\n" "#define HAVE_NSS_DBDEFS_H 1" >>confdefs.h fi -done + printf "%s\n" "#define HAVE_NSS_SEARCH 1" >>confdefs.h + + printf "%s\n" "#define HAVE__NSS_XBYY_BUF_ALLOC 1" >>confdefs.h + + printf "%s\n" "#define HAVE__NSS_INITF_GROUP 1" >>confdefs.h + - $as_echo "#define HAVE_NSS_SEARCH 1" >>confdefs.h +else $as_nop - $as_echo "#define HAVE___NSS_XBYY_BUF_ALLOC 1" >>confdefs.h + for ac_header in nss_dbdefs.h +do : + ac_fn_c_check_header_compile "$LINENO" "nss_dbdefs.h" "ac_cv_header_nss_dbdefs_h" "$ac_includes_default" +if test "x$ac_cv_header_nss_dbdefs_h" = xyes +then : + printf "%s\n" "#define HAVE_NSS_DBDEFS_H 1" >>confdefs.h - $as_echo "#define HAVE___NSS_INITF_GROUP 1" >>confdefs.h + # Older Solaris does not export _nss_initf_group + # but we can use our own. + printf "%s\n" "#define HAVE_NSS_SEARCH 1" >>confdefs.h + + printf "%s\n" "#define HAVE__NSS_XBYY_BUF_ALLOC 1" >>confdefs.h fi +done fi +else $as_nop + + fi @@ -19666,30 +21356,28 @@ fi + done -for ac_func in getdelim + for ac_func in getdelim do : ac_fn_c_check_func "$LINENO" "getdelim" "ac_cv_func_getdelim" -if test "x$ac_cv_func_getdelim" = xyes; then : - cat >>confdefs.h <<_ACEOF -#define HAVE_GETDELIM 1 -_ACEOF +if test "x$ac_cv_func_getdelim" = xyes +then : + printf "%s\n" "#define HAVE_GETDELIM 1" >>confdefs.h # Out of date gcc fixed includes may result in missing getdelim() prototype - ac_fn_c_check_decl "$LINENO" "getdelim" "ac_cv_have_decl_getdelim" "$ac_includes_default" -if test "x$ac_cv_have_decl_getdelim" = xyes; then : + ac_fn_check_decl "$LINENO" "getdelim" "ac_cv_have_decl_getdelim" "$ac_includes_default" "$ac_c_undeclared_builtin_options" "CFLAGS" +if test "x$ac_cv_have_decl_getdelim" = xyes +then : ac_have_decl=1 -else +else $as_nop ac_have_decl=0 fi +printf "%s\n" "#define HAVE_DECL_GETDELIM $ac_have_decl" >>confdefs.h -cat >>confdefs.h <<_ACEOF -#define HAVE_DECL_GETDELIM $ac_have_decl -_ACEOF - -else +else $as_nop case " $LIBOBJS " in *" getdelim.$ac_objext "* ) ;; @@ -19706,17 +21394,28 @@ COMPAT_TEST_PROGS="${COMPAT_TEST_PROGS}${COMPAT_TEST_PROGS+ }getdelim_test" fi + done -for ac_func in getusershell + for ac_func in getusershell do : ac_fn_c_check_func "$LINENO" "getusershell" "ac_cv_func_getusershell" -if test "x$ac_cv_func_getusershell" = xyes; then : - cat >>confdefs.h <<_ACEOF -#define HAVE_GETUSERSHELL 1 -_ACEOF +if test "x$ac_cv_func_getusershell" = xyes +then : + printf "%s\n" "#define HAVE_GETUSERSHELL 1" >>confdefs.h + + # Older Solaris has getusershell() et al but does not declare it. + ac_fn_check_decl "$LINENO" "getusershell" "ac_cv_have_decl_getusershell" "$ac_includes_default" "$ac_c_undeclared_builtin_options" "CFLAGS" +if test "x$ac_cv_have_decl_getusershell" = xyes +then : + ac_have_decl=1 +else $as_nop + ac_have_decl=0 +fi +printf "%s\n" "#define HAVE_DECL_GETUSERSHELL $ac_have_decl" >>confdefs.h -else + +else $as_nop case " $LIBOBJS " in *" getusershell.$ac_objext "* ) ;; @@ -19732,17 +21431,17 @@ fi + done -for ac_func in reallocarray + for ac_func in reallocarray do : ac_fn_c_check_func "$LINENO" "reallocarray" "ac_cv_func_reallocarray" -if test "x$ac_cv_func_reallocarray" = xyes; then : - cat >>confdefs.h <<_ACEOF -#define HAVE_REALLOCARRAY 1 -_ACEOF +if test "x$ac_cv_func_reallocarray" = xyes +then : + printf "%s\n" "#define HAVE_REALLOCARRAY 1" >>confdefs.h -else +else $as_nop case " $LIBOBJS " in *" reallocarray.$ac_objext "* ) ;; @@ -19758,25 +21457,25 @@ fi + done -for ac_func in arc4random + for ac_func in arc4random do : ac_fn_c_check_func "$LINENO" "arc4random" "ac_cv_func_arc4random" -if test "x$ac_cv_func_arc4random" = xyes; then : - cat >>confdefs.h <<_ACEOF -#define HAVE_ARC4RANDOM 1 -_ACEOF +if test "x$ac_cv_func_arc4random" = xyes +then : + printf "%s\n" "#define HAVE_ARC4RANDOM 1" >>confdefs.h + - for ac_func in arc4random_uniform + for ac_func in arc4random_uniform do : ac_fn_c_check_func "$LINENO" "arc4random_uniform" "ac_cv_func_arc4random_uniform" -if test "x$ac_cv_func_arc4random_uniform" = xyes; then : - cat >>confdefs.h <<_ACEOF -#define HAVE_ARC4RANDOM_UNIFORM 1 -_ACEOF +if test "x$ac_cv_func_arc4random_uniform" = xyes +then : + printf "%s\n" "#define HAVE_ARC4RANDOM_UNIFORM 1" >>confdefs.h -else +else $as_nop case " $LIBOBJS " in *" arc4random_uniform.$ac_objext "* ) ;; @@ -19792,17 +21491,17 @@ fi + done - for ac_func in arc4random_buf + for ac_func in arc4random_buf do : ac_fn_c_check_func "$LINENO" "arc4random_buf" "ac_cv_func_arc4random_buf" -if test "x$ac_cv_func_arc4random_buf" = xyes; then : - cat >>confdefs.h <<_ACEOF -#define HAVE_ARC4RANDOM_BUF 1 -_ACEOF +if test "x$ac_cv_func_arc4random_buf" = xyes +then : + printf "%s\n" "#define HAVE_ARC4RANDOM_BUF 1" >>confdefs.h -else +else $as_nop case " $LIBOBJS " in *" arc4random_buf.$ac_objext "* ) ;; @@ -19818,10 +21517,10 @@ fi -done +done -else +else $as_nop case " $LIBOBJS " in *" arc4random.$ac_objext "* ) ;; @@ -19854,28 +21553,23 @@ done # arc4random.c needs getentropy() - for ac_func in getentropy + + for ac_func in getentropy do : ac_fn_c_check_func "$LINENO" "getentropy" "ac_cv_func_getentropy" -if test "x$ac_cv_func_getentropy" = xyes; then : - cat >>confdefs.h <<_ACEOF -#define HAVE_GETENTROPY 1 -_ACEOF +if test "x$ac_cv_func_getentropy" = xyes +then : + printf "%s\n" "#define HAVE_GETENTROPY 1" >>confdefs.h - for ac_header in sys/random.h -do : - ac_fn_c_check_header_mongrel "$LINENO" "sys/random.h" "ac_cv_header_sys_random_h" "$ac_includes_default" -if test "x$ac_cv_header_sys_random_h" = xyes; then : - cat >>confdefs.h <<_ACEOF -#define HAVE_SYS_RANDOM_H 1 -_ACEOF + ac_fn_c_check_header_compile "$LINENO" "sys/random.h" "ac_cv_header_sys_random_h" "$ac_includes_default" +if test "x$ac_cv_header_sys_random_h" = xyes +then : + printf "%s\n" "#define HAVE_SYS_RANDOM_H 1" >>confdefs.h fi -done - -else +else $as_nop case " $LIBOBJS " in *" getentropy.$ac_objext "* ) ;; @@ -19891,22 +21585,22 @@ fi -done +done # arc4random.c wants pthread_atfork - for ac_header in pthread.h + for ac_header in pthread.h do : - ac_fn_c_check_header_mongrel "$LINENO" "pthread.h" "ac_cv_header_pthread_h" "$ac_includes_default" -if test "x$ac_cv_header_pthread_h" = xyes; then : - cat >>confdefs.h <<_ACEOF -#define HAVE_PTHREAD_H 1 -_ACEOF - - { $as_echo "$as_me:${as_lineno-$LINENO}: checking for main in -lpthread" >&5 -$as_echo_n "checking for main in -lpthread... " >&6; } -if ${ac_cv_lib_pthread_main+:} false; then : - $as_echo_n "(cached) " >&6 -else + ac_fn_c_check_header_compile "$LINENO" "pthread.h" "ac_cv_header_pthread_h" "$ac_includes_default" +if test "x$ac_cv_header_pthread_h" = xyes +then : + printf "%s\n" "#define HAVE_PTHREAD_H 1" >>confdefs.h + + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for main in -lpthread" >&5 +printf %s "checking for main in -lpthread... " >&6; } +if test ${ac_cv_lib_pthread_main+y} +then : + printf %s "(cached) " >&6 +else $as_nop ac_check_lib_save_LIBS=$LIBS LIBS="-lpthread $LIBS" cat confdefs.h - <<_ACEOF >conftest.$ac_ext @@ -19914,94 +21608,91 @@ int -main () +main (void) { return main (); ; return 0; } _ACEOF -if ac_fn_c_try_link "$LINENO"; then : +if ac_fn_c_try_link "$LINENO" +then : ac_cv_lib_pthread_main=yes -else +else $as_nop ac_cv_lib_pthread_main=no fi -rm -f core conftest.err conftest.$ac_objext \ +rm -f core conftest.err conftest.$ac_objext conftest.beam \ conftest$ac_exeext conftest.$ac_ext LIBS=$ac_check_lib_save_LIBS fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_pthread_main" >&5 -$as_echo "$ac_cv_lib_pthread_main" >&6; } -if test "x$ac_cv_lib_pthread_main" = xyes; then : +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_pthread_main" >&5 +printf "%s\n" "$ac_cv_lib_pthread_main" >&6; } +if test "x$ac_cv_lib_pthread_main" = xyes +then : LIBPTHREAD="-lpthread" fi - for ac_func in pthread_atfork -do : - ac_fn_c_check_func "$LINENO" "pthread_atfork" "ac_cv_func_pthread_atfork" -if test "x$ac_cv_func_pthread_atfork" = xyes; then : - cat >>confdefs.h <<_ACEOF -#define HAVE_PTHREAD_ATFORK 1 -_ACEOF + ac_fn_c_check_func "$LINENO" "pthread_atfork" "ac_cv_func_pthread_atfork" +if test "x$ac_cv_func_pthread_atfork" = xyes +then : + printf "%s\n" "#define HAVE_PTHREAD_ATFORK 1" >>confdefs.h fi -done fi done - fi -done +done utmp_style=LEGACY -for ac_func in getutsid getutxid getutid + + for ac_func in getutsid getutxid getutid do : - as_ac_var=`$as_echo "ac_cv_func_$ac_func" | $as_tr_sh` + as_ac_var=`printf "%s\n" "ac_cv_func_$ac_func" | $as_tr_sh` ac_fn_c_check_func "$LINENO" "$ac_func" "$as_ac_var" -if eval test \"x\$"$as_ac_var"\" = x"yes"; then : +if eval test \"x\$"$as_ac_var"\" = x"yes" +then : cat >>confdefs.h <<_ACEOF -#define `$as_echo "HAVE_$ac_func" | $as_tr_cpp` 1 +#define `printf "%s\n" "HAVE_$ac_func" | $as_tr_cpp` 1 _ACEOF utmp_style=POSIX; break fi -done +done if test "$utmp_style" = "LEGACY"; then - for ac_func in getttyent ttyslot + + for ac_func in getttyent ttyslot do : - as_ac_var=`$as_echo "ac_cv_func_$ac_func" | $as_tr_sh` + as_ac_var=`printf "%s\n" "ac_cv_func_$ac_func" | $as_tr_sh` ac_fn_c_check_func "$LINENO" "$ac_func" "$as_ac_var" -if eval test \"x\$"$as_ac_var"\" = x"yes"; then : +if eval test \"x\$"$as_ac_var"\" = x"yes" +then : cat >>confdefs.h <<_ACEOF -#define `$as_echo "HAVE_$ac_func" | $as_tr_cpp` 1 +#define `printf "%s\n" "HAVE_$ac_func" | $as_tr_cpp` 1 _ACEOF break fi -done +done fi -for ac_func in sysctl + + for ac_func in sysctl do : ac_fn_c_check_func "$LINENO" "sysctl" "ac_cv_func_sysctl" -if test "x$ac_cv_func_sysctl" = xyes; then : - cat >>confdefs.h <<_ACEOF -#define HAVE_SYSCTL 1 -_ACEOF - for ac_func in devname -do : - ac_fn_c_check_func "$LINENO" "devname" "ac_cv_func_devname" -if test "x$ac_cv_func_devname" = xyes; then : - cat >>confdefs.h <<_ACEOF -#define HAVE_DEVNAME 1 -_ACEOF +if test "x$ac_cv_func_sysctl" = xyes +then : + printf "%s\n" "#define HAVE_SYSCTL 1" >>confdefs.h + ac_fn_c_check_func "$LINENO" "devname" "ac_cv_func_devname" +if test "x$ac_cv_func_devname" = xyes +then : + printf "%s\n" "#define HAVE_DEVNAME 1" >>confdefs.h fi -done ac_fn_c_check_member "$LINENO" "struct kinfo_proc" "ki_structsize" "ac_cv_member_struct_kinfo_proc_ki_structsize" " # include @@ -20009,38 +21700,42 @@ # include " -if test "x$ac_cv_member_struct_kinfo_proc_ki_structsize" = xyes; then : - $as_echo "#define HAVE_KINFO_PROC_FREEBSD 1" >>confdefs.h +if test "x$ac_cv_member_struct_kinfo_proc_ki_structsize" = xyes +then : + printf "%s\n" "#define HAVE_KINFO_PROC_FREEBSD 1" >>confdefs.h -else +else $as_nop ac_fn_c_check_member "$LINENO" "struct kinfo_proc2" "p_paddr" "ac_cv_member_struct_kinfo_proc2_p_paddr" " # include # include " -if test "x$ac_cv_member_struct_kinfo_proc2_p_paddr" = xyes; then : - $as_echo "#define HAVE_KINFO_PROC2_NETBSD 1" >>confdefs.h +if test "x$ac_cv_member_struct_kinfo_proc2_p_paddr" = xyes +then : + printf "%s\n" "#define HAVE_KINFO_PROC2_NETBSD 1" >>confdefs.h -else +else $as_nop ac_fn_c_check_member "$LINENO" "struct kinfo_proc" "p_paddr" "ac_cv_member_struct_kinfo_proc_p_paddr" " # include # include " -if test "x$ac_cv_member_struct_kinfo_proc_p_paddr" = xyes; then : - $as_echo "#define HAVE_KINFO_PROC_OPENBSD 1" >>confdefs.h +if test "x$ac_cv_member_struct_kinfo_proc_p_paddr" = xyes +then : + printf "%s\n" "#define HAVE_KINFO_PROC_OPENBSD 1" >>confdefs.h -else +else $as_nop ac_fn_c_check_member "$LINENO" "struct kinfo_proc" "kp_proc" "ac_cv_member_struct_kinfo_proc_kp_proc" " # include # include " -if test "x$ac_cv_member_struct_kinfo_proc_kp_proc" = xyes; then : - $as_echo "#define HAVE_KINFO_PROC_44BSD 1" >>confdefs.h +if test "x$ac_cv_member_struct_kinfo_proc_kp_proc" = xyes +then : + printf "%s\n" "#define HAVE_KINFO_PROC_44BSD 1" >>confdefs.h fi @@ -20055,36 +21750,37 @@ fi + done -for ac_func in openpty + for ac_func in openpty do : ac_fn_c_check_func "$LINENO" "openpty" "ac_cv_func_openpty" -if test "x$ac_cv_func_openpty" = xyes; then : +if test "x$ac_cv_func_openpty" = xyes +then : + printf "%s\n" "#define HAVE_OPENPTY 1" >>confdefs.h + for ac_header in libutil.h util.h pty.h +do : + as_ac_Header=`printf "%s\n" "ac_cv_header_$ac_header" | $as_tr_sh` +ac_fn_c_check_header_compile "$LINENO" "$ac_header" "$as_ac_Header" "$ac_includes_default" +if eval test \"x\$"$as_ac_Header"\" = x"yes" +then : cat >>confdefs.h <<_ACEOF -#define HAVE_OPENPTY 1 -_ACEOF - for ac_header in libutil.h util.h pty.h -do : - as_ac_Header=`$as_echo "ac_cv_header_$ac_header" | $as_tr_sh` -ac_fn_c_check_header_mongrel "$LINENO" "$ac_header" "$as_ac_Header" "$ac_includes_default" -if eval test \"x\$"$as_ac_Header"\" = x"yes"; then : - cat >>confdefs.h <<_ACEOF -#define `$as_echo "HAVE_$ac_header" | $as_tr_cpp` 1 +#define `printf "%s\n" "HAVE_$ac_header" | $as_tr_cpp` 1 _ACEOF break fi done +else $as_nop -else - - { $as_echo "$as_me:${as_lineno-$LINENO}: checking for openpty in -lutil" >&5 -$as_echo_n "checking for openpty in -lutil... " >&6; } -if ${ac_cv_lib_util_openpty+:} false; then : - $as_echo_n "(cached) " >&6 -else + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for openpty in -lutil" >&5 +printf %s "checking for openpty in -lutil... " >&6; } +if test ${ac_cv_lib_util_openpty+y} +then : + printf %s "(cached) " >&6 +else $as_nop ac_check_lib_save_LIBS=$LIBS LIBS="-lutil $LIBS" cat confdefs.h - <<_ACEOF >conftest.$ac_ext @@ -20093,133 +21789,126 @@ /* Override any GCC internal prototype to avoid an error. Use char because int might match the return type of a GCC builtin and then its argument prototype would still apply. */ -#ifdef __cplusplus -extern "C" -#endif char openpty (); int -main () +main (void) { return openpty (); ; return 0; } _ACEOF -if ac_fn_c_try_link "$LINENO"; then : +if ac_fn_c_try_link "$LINENO" +then : ac_cv_lib_util_openpty=yes -else +else $as_nop ac_cv_lib_util_openpty=no fi -rm -f core conftest.err conftest.$ac_objext \ +rm -f core conftest.err conftest.$ac_objext conftest.beam \ conftest$ac_exeext conftest.$ac_ext LIBS=$ac_check_lib_save_LIBS fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_util_openpty" >&5 -$as_echo "$ac_cv_lib_util_openpty" >&6; } -if test "x$ac_cv_lib_util_openpty" = xyes; then : - - for ac_header in libutil.h util.h pty.h -do : - as_ac_Header=`$as_echo "ac_cv_header_$ac_header" | $as_tr_sh` -ac_fn_c_check_header_mongrel "$LINENO" "$ac_header" "$as_ac_Header" "$ac_includes_default" -if eval test \"x\$"$as_ac_Header"\" = x"yes"; then : +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_util_openpty" >&5 +printf "%s\n" "$ac_cv_lib_util_openpty" >&6; } +if test "x$ac_cv_lib_util_openpty" = xyes +then : + + for ac_header in libutil.h util.h pty.h +do : + as_ac_Header=`printf "%s\n" "ac_cv_header_$ac_header" | $as_tr_sh` +ac_fn_c_check_header_compile "$LINENO" "$ac_header" "$as_ac_Header" "$ac_includes_default" +if eval test \"x\$"$as_ac_Header"\" = x"yes" +then : cat >>confdefs.h <<_ACEOF -#define `$as_echo "HAVE_$ac_header" | $as_tr_cpp` 1 +#define `printf "%s\n" "HAVE_$ac_header" | $as_tr_cpp` 1 _ACEOF break fi done - case "$SUDO_LIBS" in *-lutil*) ;; *) SUDO_LIBS="${SUDO_LIBS} -lutil";; esac - $as_echo "#define HAVE_OPENPTY 1" >>confdefs.h + printf "%s\n" "#define HAVE_OPENPTY 1" >>confdefs.h -else +else $as_nop + - for ac_func in _getpty + for ac_func in _getpty do : ac_fn_c_check_func "$LINENO" "_getpty" "ac_cv_func__getpty" -if test "x$ac_cv_func__getpty" = xyes; then : - cat >>confdefs.h <<_ACEOF -#define HAVE__GETPTY 1 -_ACEOF +if test "x$ac_cv_func__getpty" = xyes +then : + printf "%s\n" "#define HAVE__GETPTY 1" >>confdefs.h + +else $as_nop -else - for ac_func in grantpt + for ac_func in grantpt do : ac_fn_c_check_func "$LINENO" "grantpt" "ac_cv_func_grantpt" -if test "x$ac_cv_func_grantpt" = xyes; then : - cat >>confdefs.h <<_ACEOF -#define HAVE_GRANTPT 1 -_ACEOF +if test "x$ac_cv_func_grantpt" = xyes +then : + printf "%s\n" "#define HAVE_GRANTPT 1" >>confdefs.h - for ac_func in posix_openpt -do : - ac_fn_c_check_func "$LINENO" "posix_openpt" "ac_cv_func_posix_openpt" -if test "x$ac_cv_func_posix_openpt" = xyes; then : - cat >>confdefs.h <<_ACEOF -#define HAVE_POSIX_OPENPT 1 -_ACEOF + ac_fn_c_check_func "$LINENO" "posix_openpt" "ac_cv_func_posix_openpt" +if test "x$ac_cv_func_posix_openpt" = xyes +then : + printf "%s\n" "#define HAVE_POSIX_OPENPT 1" >>confdefs.h fi -done -else +else $as_nop - for ac_func in revoke -do : - ac_fn_c_check_func "$LINENO" "revoke" "ac_cv_func_revoke" -if test "x$ac_cv_func_revoke" = xyes; then : - cat >>confdefs.h <<_ACEOF -#define HAVE_REVOKE 1 -_ACEOF + ac_fn_c_check_func "$LINENO" "revoke" "ac_cv_func_revoke" +if test "x$ac_cv_func_revoke" = xyes +then : + printf "%s\n" "#define HAVE_REVOKE 1" >>confdefs.h fi -done fi -done +done fi -done +done fi fi + done -for ac_func in unsetenv + for ac_func in unsetenv do : ac_fn_c_check_func "$LINENO" "unsetenv" "ac_cv_func_unsetenv" -if test "x$ac_cv_func_unsetenv" = xyes; then : - cat >>confdefs.h <<_ACEOF -#define HAVE_UNSETENV 1 -_ACEOF - { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether unsetenv returns void" >&5 -$as_echo_n "checking whether unsetenv returns void... " >&6; } -if ${sudo_cv_func_unsetenv_void+:} false; then : - $as_echo_n "(cached) " >&6 -else - if test "$cross_compiling" = yes; then : +if test "x$ac_cv_func_unsetenv" = xyes +then : + printf "%s\n" "#define HAVE_UNSETENV 1" >>confdefs.h + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking whether unsetenv returns void" >&5 +printf %s "checking whether unsetenv returns void... " >&6; } +if test ${sudo_cv_func_unsetenv_void+y} +then : + printf %s "(cached) " >&6 +else $as_nop + if test "$cross_compiling" = yes +then : sudo_cv_func_unsetenv_void=no -else +else $as_nop cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ $ac_includes_default int unsetenv(); int -main () +main (void) { return unsetenv("FOO") != 0; @@ -20229,9 +21918,10 @@ } _ACEOF -if ac_fn_c_try_run "$LINENO"; then : +if ac_fn_c_try_run "$LINENO" +then : sudo_cv_func_unsetenv_void=no -else +else $as_nop sudo_cv_func_unsetenv_void=yes fi rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \ @@ -20239,159 +21929,148 @@ fi fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $sudo_cv_func_unsetenv_void" >&5 -$as_echo "$sudo_cv_func_unsetenv_void" >&6; } +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $sudo_cv_func_unsetenv_void" >&5 +printf "%s\n" "$sudo_cv_func_unsetenv_void" >&6; } if test $sudo_cv_func_unsetenv_void = yes; then -$as_echo "#define UNSETENV_VOID 1" >>confdefs.h +printf "%s\n" "#define UNSETENV_VOID 1" >>confdefs.h fi fi -done -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether putenv takes a const argument" >&5 -$as_echo_n "checking whether putenv takes a const argument... " >&6; } -if ${sudo_cv_func_putenv_const+:} false; then : - $as_echo_n "(cached) " >&6 -else +done +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking whether putenv takes a const argument" >&5 +printf %s "checking whether putenv takes a const argument... " >&6; } +if test ${sudo_cv_func_putenv_const+y} +then : + printf %s "(cached) " >&6 +else $as_nop cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ $ac_includes_default int putenv(const char *string) {return 0;} int -main () +main (void) { ; return 0; } _ACEOF -if ac_fn_c_try_compile "$LINENO"; then : +if ac_fn_c_try_compile "$LINENO" +then : sudo_cv_func_putenv_const=yes -else +else $as_nop sudo_cv_func_putenv_const=no fi -rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext +rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $sudo_cv_func_putenv_const" >&5 -$as_echo "$sudo_cv_func_putenv_const" >&6; } +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $sudo_cv_func_putenv_const" >&5 +printf "%s\n" "$sudo_cv_func_putenv_const" >&6; } if test $sudo_cv_func_putenv_const = yes; then -$as_echo "#define PUTENV_CONST const" >>confdefs.h +printf "%s\n" "#define PUTENV_CONST const" >>confdefs.h else - $as_echo "#define PUTENV_CONST /**/" >>confdefs.h + printf "%s\n" "#define PUTENV_CONST /**/" >>confdefs.h fi if test -z "$SKIP_SETRESUID"; then - for ac_func in setresuid + + for ac_func in setresuid do : ac_fn_c_check_func "$LINENO" "setresuid" "ac_cv_func_setresuid" -if test "x$ac_cv_func_setresuid" = xyes; then : - cat >>confdefs.h <<_ACEOF -#define HAVE_SETRESUID 1 -_ACEOF +if test "x$ac_cv_func_setresuid" = xyes +then : + printf "%s\n" "#define HAVE_SETRESUID 1" >>confdefs.h SKIP_SETREUID=yes - ac_fn_c_check_decl "$LINENO" "setresuid" "ac_cv_have_decl_setresuid" "$ac_includes_default" -if test "x$ac_cv_have_decl_setresuid" = xyes; then : + ac_fn_check_decl "$LINENO" "setresuid" "ac_cv_have_decl_setresuid" "$ac_includes_default" "$ac_c_undeclared_builtin_options" "CFLAGS" +if test "x$ac_cv_have_decl_setresuid" = xyes +then : ac_have_decl=1 -else +else $as_nop ac_have_decl=0 fi +printf "%s\n" "#define HAVE_DECL_SETRESUID $ac_have_decl" >>confdefs.h -cat >>confdefs.h <<_ACEOF -#define HAVE_DECL_SETRESUID $ac_have_decl -_ACEOF - for ac_func in getresuid + for ac_func in getresuid do : ac_fn_c_check_func "$LINENO" "getresuid" "ac_cv_func_getresuid" -if test "x$ac_cv_func_getresuid" = xyes; then : - cat >>confdefs.h <<_ACEOF -#define HAVE_GETRESUID 1 -_ACEOF - ac_fn_c_check_decl "$LINENO" "getresuid" "ac_cv_have_decl_getresuid" "$ac_includes_default" -if test "x$ac_cv_have_decl_getresuid" = xyes; then : +if test "x$ac_cv_func_getresuid" = xyes +then : + printf "%s\n" "#define HAVE_GETRESUID 1" >>confdefs.h + ac_fn_check_decl "$LINENO" "getresuid" "ac_cv_have_decl_getresuid" "$ac_includes_default" "$ac_c_undeclared_builtin_options" "CFLAGS" +if test "x$ac_cv_have_decl_getresuid" = xyes +then : ac_have_decl=1 -else +else $as_nop ac_have_decl=0 fi - -cat >>confdefs.h <<_ACEOF -#define HAVE_DECL_GETRESUID $ac_have_decl -_ACEOF +printf "%s\n" "#define HAVE_DECL_GETRESUID $ac_have_decl" >>confdefs.h fi -done +done fi -done +done fi if test -z "$SKIP_SETREUID"; then - for ac_func in setreuid -do : - ac_fn_c_check_func "$LINENO" "setreuid" "ac_cv_func_setreuid" -if test "x$ac_cv_func_setreuid" = xyes; then : - cat >>confdefs.h <<_ACEOF -#define HAVE_SETREUID 1 -_ACEOF + ac_fn_c_check_func "$LINENO" "setreuid" "ac_cv_func_setreuid" +if test "x$ac_cv_func_setreuid" = xyes +then : + printf "%s\n" "#define HAVE_SETREUID 1" >>confdefs.h fi -done fi - if test X"$with_interfaces" != X"no"; then - for ac_func in getifaddrs + + for ac_func in getifaddrs do : ac_fn_c_check_func "$LINENO" "getifaddrs" "ac_cv_func_getifaddrs" -if test "x$ac_cv_func_getifaddrs" = xyes; then : - cat >>confdefs.h <<_ACEOF -#define HAVE_GETIFADDRS 1 -_ACEOF - for ac_func in freeifaddrs -do : - ac_fn_c_check_func "$LINENO" "freeifaddrs" "ac_cv_func_freeifaddrs" -if test "x$ac_cv_func_freeifaddrs" = xyes; then : - cat >>confdefs.h <<_ACEOF -#define HAVE_FREEIFADDRS 1 -_ACEOF +if test "x$ac_cv_func_getifaddrs" = xyes +then : + printf "%s\n" "#define HAVE_GETIFADDRS 1" >>confdefs.h + ac_fn_c_check_func "$LINENO" "freeifaddrs" "ac_cv_func_freeifaddrs" +if test "x$ac_cv_func_freeifaddrs" = xyes +then : + printf "%s\n" "#define HAVE_FREEIFADDRS 1" >>confdefs.h fi -done fi -done +done fi -for ac_func in lockf + + for ac_func in lockf do : ac_fn_c_check_func "$LINENO" "lockf" "ac_cv_func_lockf" -if test "x$ac_cv_func_lockf" = xyes; then : - cat >>confdefs.h <<_ACEOF -#define HAVE_LOCKF 1 -_ACEOF +if test "x$ac_cv_func_lockf" = xyes +then : + printf "%s\n" "#define HAVE_LOCKF 1" >>confdefs.h break fi + done -for ac_func in innetgr + for ac_func in innetgr do : ac_fn_c_check_func "$LINENO" "innetgr" "ac_cv_func_innetgr" -if test "x$ac_cv_func_innetgr" = xyes; then : - cat >>confdefs.h <<_ACEOF -#define HAVE_INNETGR 1 -_ACEOF +if test "x$ac_cv_func_innetgr" = xyes +then : + printf "%s\n" "#define HAVE_INNETGR 1" >>confdefs.h - ac_fn_c_check_decl "$LINENO" "innetgr" "ac_cv_have_decl_innetgr" " + ac_fn_check_decl "$LINENO" "innetgr" "ac_cv_have_decl_innetgr" " $ac_includes_default #ifdef HAVE_NETGROUP_H # include @@ -20399,28 +22078,26 @@ # include #endif /* HAVE_NETGROUP_H */ -" -if test "x$ac_cv_have_decl_innetgr" = xyes; then : +" "$ac_c_undeclared_builtin_options" "CFLAGS" +if test "x$ac_cv_have_decl_innetgr" = xyes +then : ac_have_decl=1 -else +else $as_nop ac_have_decl=0 fi +printf "%s\n" "#define HAVE_DECL_INNETGR $ac_have_decl" >>confdefs.h -cat >>confdefs.h <<_ACEOF -#define HAVE_DECL_INNETGR $ac_have_decl -_ACEOF +else $as_nop -else - for ac_func in _innetgr + for ac_func in _innetgr do : ac_fn_c_check_func "$LINENO" "_innetgr" "ac_cv_func__innetgr" -if test "x$ac_cv_func__innetgr" = xyes; then : - cat >>confdefs.h <<_ACEOF -#define HAVE__INNETGR 1 -_ACEOF +if test "x$ac_cv_func__innetgr" = xyes +then : + printf "%s\n" "#define HAVE__INNETGR 1" >>confdefs.h - ac_fn_c_check_decl "$LINENO" "_innetgr" "ac_cv_have_decl__innetgr" " + ac_fn_check_decl "$LINENO" "_innetgr" "ac_cv_have_decl__innetgr" " $ac_includes_default #ifdef HAVE_NETGROUP_H # include @@ -20428,86 +22105,77 @@ # include #endif /* HAVE_NETGROUP_H */ -" -if test "x$ac_cv_have_decl__innetgr" = xyes; then : +" "$ac_c_undeclared_builtin_options" "CFLAGS" +if test "x$ac_cv_have_decl__innetgr" = xyes +then : ac_have_decl=1 -else +else $as_nop ac_have_decl=0 fi - -cat >>confdefs.h <<_ACEOF -#define HAVE_DECL__INNETGR $ac_have_decl -_ACEOF +printf "%s\n" "#define HAVE_DECL__INNETGR $ac_have_decl" >>confdefs.h fi -done +done fi + done -for ac_func in getdomainname + for ac_func in getdomainname do : ac_fn_c_check_func "$LINENO" "getdomainname" "ac_cv_func_getdomainname" -if test "x$ac_cv_func_getdomainname" = xyes; then : - cat >>confdefs.h <<_ACEOF -#define HAVE_GETDOMAINNAME 1 -_ACEOF +if test "x$ac_cv_func_getdomainname" = xyes +then : + printf "%s\n" "#define HAVE_GETDOMAINNAME 1" >>confdefs.h - ac_fn_c_check_decl "$LINENO" "getdomainname" "ac_cv_have_decl_getdomainname" " + ac_fn_check_decl "$LINENO" "getdomainname" "ac_cv_have_decl_getdomainname" " $ac_includes_default #include -" -if test "x$ac_cv_have_decl_getdomainname" = xyes; then : +" "$ac_c_undeclared_builtin_options" "CFLAGS" +if test "x$ac_cv_have_decl_getdomainname" = xyes +then : ac_have_decl=1 -else +else $as_nop ac_have_decl=0 fi +printf "%s\n" "#define HAVE_DECL_GETDOMAINNAME $ac_have_decl" >>confdefs.h -cat >>confdefs.h <<_ACEOF -#define HAVE_DECL_GETDOMAINNAME $ac_have_decl -_ACEOF +else $as_nop -else - for ac_func in sysinfo + for ac_func in sysinfo do : ac_fn_c_check_func "$LINENO" "sysinfo" "ac_cv_func_sysinfo" -if test "x$ac_cv_func_sysinfo" = xyes; then : - cat >>confdefs.h <<_ACEOF -#define HAVE_SYSINFO 1 -_ACEOF - for ac_header in sys/systeminfo.h -do : - ac_fn_c_check_header_mongrel "$LINENO" "sys/systeminfo.h" "ac_cv_header_sys_systeminfo_h" "$ac_includes_default" -if test "x$ac_cv_header_sys_systeminfo_h" = xyes; then : - cat >>confdefs.h <<_ACEOF -#define HAVE_SYS_SYSTEMINFO_H 1 -_ACEOF +if test "x$ac_cv_func_sysinfo" = xyes +then : + printf "%s\n" "#define HAVE_SYSINFO 1" >>confdefs.h + ac_fn_c_check_header_compile "$LINENO" "sys/systeminfo.h" "ac_cv_header_sys_systeminfo_h" "$ac_includes_default" +if test "x$ac_cv_header_sys_systeminfo_h" = xyes +then : + printf "%s\n" "#define HAVE_SYS_SYSTEMINFO_H 1" >>confdefs.h fi -done - fi -done +done fi + done -for ac_func in utimensat + for ac_func in utimensat do : ac_fn_c_check_func "$LINENO" "utimensat" "ac_cv_func_utimensat" -if test "x$ac_cv_func_utimensat" = xyes; then : - cat >>confdefs.h <<_ACEOF -#define HAVE_UTIMENSAT 1 -_ACEOF +if test "x$ac_cv_func_utimensat" = xyes +then : + printf "%s\n" "#define HAVE_UTIMENSAT 1" >>confdefs.h -else +else $as_nop case " $LIBOBJS " in *" utimens.$ac_objext "* ) ;; @@ -20521,30 +22189,26 @@ " done - for ac_func in utimes -do : - ac_fn_c_check_func "$LINENO" "utimes" "ac_cv_func_utimes" -if test "x$ac_cv_func_utimes" = xyes; then : - cat >>confdefs.h <<_ACEOF -#define HAVE_UTIMES 1 -_ACEOF + ac_fn_c_check_func "$LINENO" "utimes" "ac_cv_func_utimes" +if test "x$ac_cv_func_utimes" = xyes +then : + printf "%s\n" "#define HAVE_UTIMES 1" >>confdefs.h fi -done fi + done -for ac_func in futimens + for ac_func in futimens do : ac_fn_c_check_func "$LINENO" "futimens" "ac_cv_func_futimens" -if test "x$ac_cv_func_futimens" = xyes; then : - cat >>confdefs.h <<_ACEOF -#define HAVE_FUTIMENS 1 -_ACEOF +if test "x$ac_cv_func_futimens" = xyes +then : + printf "%s\n" "#define HAVE_FUTIMENS 1" >>confdefs.h -else +else $as_nop case " $LIBOBJS " in *" utimens.$ac_objext "* ) ;; @@ -20558,31 +22222,33 @@ " done - for ac_func in futimes futimesat futime + + for ac_func in futimes futimesat futime do : - as_ac_var=`$as_echo "ac_cv_func_$ac_func" | $as_tr_sh` + as_ac_var=`printf "%s\n" "ac_cv_func_$ac_func" | $as_tr_sh` ac_fn_c_check_func "$LINENO" "$ac_func" "$as_ac_var" -if eval test \"x\$"$as_ac_var"\" = x"yes"; then : +if eval test \"x\$"$as_ac_var"\" = x"yes" +then : cat >>confdefs.h <<_ACEOF -#define `$as_echo "HAVE_$ac_func" | $as_tr_cpp` 1 +#define `printf "%s\n" "HAVE_$ac_func" | $as_tr_cpp` 1 _ACEOF break fi -done +done fi + done -for ac_func in explicit_bzero + for ac_func in explicit_bzero do : ac_fn_c_check_func "$LINENO" "explicit_bzero" "ac_cv_func_explicit_bzero" -if test "x$ac_cv_func_explicit_bzero" = xyes; then : - cat >>confdefs.h <<_ACEOF -#define HAVE_EXPLICIT_BZERO 1 -_ACEOF +if test "x$ac_cv_func_explicit_bzero" = xyes +then : + printf "%s\n" "#define HAVE_EXPLICIT_BZERO 1" >>confdefs.h -else +else $as_nop case " $LIBOBJS " in *" explicit_bzero.$ac_objext "* ) ;; @@ -20596,54 +22262,60 @@ " done - for ac_func in explicit_memset memset_explicit memset_s bzero + + for ac_func in explicit_memset memset_explicit memset_s bzero do : - as_ac_var=`$as_echo "ac_cv_func_$ac_func" | $as_tr_sh` + as_ac_var=`printf "%s\n" "ac_cv_func_$ac_func" | $as_tr_sh` ac_fn_c_check_func "$LINENO" "$ac_func" "$as_ac_var" -if eval test \"x\$"$as_ac_var"\" = x"yes"; then : +if eval test \"x\$"$as_ac_var"\" = x"yes" +then : cat >>confdefs.h <<_ACEOF -#define `$as_echo "HAVE_$ac_func" | $as_tr_cpp` 1 +#define `printf "%s\n" "HAVE_$ac_func" | $as_tr_cpp` 1 _ACEOF break fi -done +done fi + done -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for working fnmatch with FNM_CASEFOLD" >&5 -$as_echo_n "checking for working fnmatch with FNM_CASEFOLD... " >&6; } -if ${sudo_cv_func_fnmatch+:} false; then : - $as_echo_n "(cached) " >&6 -else - rm -f conftestdata; > conftestdata -if test "$cross_compiling" = yes; then : + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for working fnmatch with FNM_CASEFOLD" >&5 +printf %s "checking for working fnmatch with FNM_CASEFOLD... " >&6; } +if test ${sudo_cv_func_fnmatch+y} +then : + printf %s "(cached) " >&6 +else $as_nop + + if test "$cross_compiling" = yes +then : sudo_cv_func_fnmatch=no -else +else $as_nop cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ #include int main() { return(fnmatch("/*/bin/echo *", "/usr/bin/echo just a test", FNM_CASEFOLD)); } _ACEOF -if ac_fn_c_try_run "$LINENO"; then : +if ac_fn_c_try_run "$LINENO" +then : sudo_cv_func_fnmatch=yes -else +else $as_nop sudo_cv_func_fnmatch=no fi rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \ conftest.$ac_objext conftest.beam conftest.$ac_ext fi -rm -f core core.* *.core -fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $sudo_cv_func_fnmatch" >&5 -$as_echo "$sudo_cv_func_fnmatch" >&6; } -if test $sudo_cv_func_fnmatch = yes; then : - $as_echo "#define HAVE_FNMATCH 1" >>confdefs.h +fi +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $sudo_cv_func_fnmatch" >&5 +printf "%s\n" "$sudo_cv_func_fnmatch" >&6; } + if test $sudo_cv_func_fnmatch = yes +then : + printf "%s\n" "#define HAVE_FNMATCH 1" >>confdefs.h -else +else $as_nop case " $LIBOBJS " in *" fnmatch.$ac_objext "* ) ;; @@ -20660,36 +22332,39 @@ COMPAT_TEST_PROGS="${COMPAT_TEST_PROGS}${COMPAT_TEST_PROGS+ }fnm_test" fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for isblank" >&5 -$as_echo_n "checking for isblank... " >&6; } -if ${sudo_cv_func_isblank+:} false; then : - $as_echo_n "(cached) " >&6 -else + +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for isblank" >&5 +printf %s "checking for isblank... " >&6; } +if test ${sudo_cv_func_isblank+y} +then : + printf %s "(cached) " >&6 +else $as_nop cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ #include int -main () +main (void) { return (isblank('a')); ; return 0; } _ACEOF -if ac_fn_c_try_link "$LINENO"; then : +if ac_fn_c_try_link "$LINENO" +then : sudo_cv_func_isblank=yes -else +else $as_nop sudo_cv_func_isblank=no fi -rm -f core conftest.err conftest.$ac_objext \ +rm -f core conftest.err conftest.$ac_objext conftest.beam \ conftest$ac_exeext conftest.$ac_ext fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $sudo_cv_func_isblank" >&5 -$as_echo "$sudo_cv_func_isblank" >&6; } +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $sudo_cv_func_isblank" >&5 +printf "%s\n" "$sudo_cv_func_isblank" >&6; } if test "$sudo_cv_func_isblank" = "yes"; then -$as_echo "#define HAVE_ISBLANK 1" >>confdefs.h +printf "%s\n" "#define HAVE_ISBLANK 1" >>confdefs.h else case " $LIBOBJS " in @@ -20706,15 +22381,15 @@ fi -for ac_func in glob + + for ac_func in glob do : ac_fn_c_check_func "$LINENO" "glob" "ac_cv_func_glob" -if test "x$ac_cv_func_glob" = xyes; then : - cat >>confdefs.h <<_ACEOF -#define HAVE_GLOB 1 -_ACEOF +if test "x$ac_cv_func_glob" = xyes +then : + printf "%s\n" "#define HAVE_GLOB 1" >>confdefs.h -else +else $as_nop case " $LIBOBJS " in *" glob.$ac_objext "* ) ;; @@ -20730,17 +22405,17 @@ fi + done -for ac_func in memrchr + for ac_func in memrchr do : ac_fn_c_check_func "$LINENO" "memrchr" "ac_cv_func_memrchr" -if test "x$ac_cv_func_memrchr" = xyes; then : - cat >>confdefs.h <<_ACEOF -#define HAVE_MEMRCHR 1 -_ACEOF +if test "x$ac_cv_func_memrchr" = xyes +then : + printf "%s\n" "#define HAVE_MEMRCHR 1" >>confdefs.h -else +else $as_nop case " $LIBOBJS " in *" memrchr.$ac_objext "* ) ;; @@ -20756,17 +22431,17 @@ fi + done -for ac_func in freezero + for ac_func in freezero do : ac_fn_c_check_func "$LINENO" "freezero" "ac_cv_func_freezero" -if test "x$ac_cv_func_freezero" = xyes; then : - cat >>confdefs.h <<_ACEOF -#define HAVE_FREEZERO 1 -_ACEOF +if test "x$ac_cv_func_freezero" = xyes +then : + printf "%s\n" "#define HAVE_FREEZERO 1" >>confdefs.h -else +else $as_nop case " $LIBOBJS " in *" freezero.$ac_objext "* ) ;; @@ -20782,24 +22457,25 @@ fi + done -for ac_func in nanosleep + for ac_func in nanosleep do : ac_fn_c_check_func "$LINENO" "nanosleep" "ac_cv_func_nanosleep" -if test "x$ac_cv_func_nanosleep" = xyes; then : - cat >>confdefs.h <<_ACEOF -#define HAVE_NANOSLEEP 1 -_ACEOF +if test "x$ac_cv_func_nanosleep" = xyes +then : + printf "%s\n" "#define HAVE_NANOSLEEP 1" >>confdefs.h -else +else $as_nop # On Solaris, nanosleep is in librt - { $as_echo "$as_me:${as_lineno-$LINENO}: checking for nanosleep in -lrt" >&5 -$as_echo_n "checking for nanosleep in -lrt... " >&6; } -if ${ac_cv_lib_rt_nanosleep+:} false; then : - $as_echo_n "(cached) " >&6 -else + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for nanosleep in -lrt" >&5 +printf %s "checking for nanosleep in -lrt... " >&6; } +if test ${ac_cv_lib_rt_nanosleep+y} +then : + printf %s "(cached) " >&6 +else $as_nop ac_check_lib_save_LIBS=$LIBS LIBS="-lrt $LIBS" cat confdefs.h - <<_ACEOF >conftest.$ac_ext @@ -20808,36 +22484,35 @@ /* Override any GCC internal prototype to avoid an error. Use char because int might match the return type of a GCC builtin and then its argument prototype would still apply. */ -#ifdef __cplusplus -extern "C" -#endif char nanosleep (); int -main () +main (void) { return nanosleep (); ; return 0; } _ACEOF -if ac_fn_c_try_link "$LINENO"; then : +if ac_fn_c_try_link "$LINENO" +then : ac_cv_lib_rt_nanosleep=yes -else +else $as_nop ac_cv_lib_rt_nanosleep=no fi -rm -f core conftest.err conftest.$ac_objext \ +rm -f core conftest.err conftest.$ac_objext conftest.beam \ conftest$ac_exeext conftest.$ac_ext LIBS=$ac_check_lib_save_LIBS fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_rt_nanosleep" >&5 -$as_echo "$ac_cv_lib_rt_nanosleep" >&6; } -if test "x$ac_cv_lib_rt_nanosleep" = xyes; then : +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_rt_nanosleep" >&5 +printf "%s\n" "$ac_cv_lib_rt_nanosleep" >&6; } +if test "x$ac_cv_lib_rt_nanosleep" = xyes +then : - $as_echo "#define HAVE_NANOSLEEP 1" >>confdefs.h + printf "%s\n" "#define HAVE_NANOSLEEP 1" >>confdefs.h LIBRT="-lrt" -else +else $as_nop case " $LIBOBJS " in *" nanosleep.$ac_objext "* ) ;; @@ -20856,17 +22531,43 @@ fi + +done + + for ac_func in mkdirat +do : + ac_fn_c_check_func "$LINENO" "mkdirat" "ac_cv_func_mkdirat" +if test "x$ac_cv_func_mkdirat" = xyes +then : + printf "%s\n" "#define HAVE_MKDIRAT 1" >>confdefs.h + +else $as_nop + + case " $LIBOBJS " in + *" mkdirat.$ac_objext "* ) ;; + *) LIBOBJS="$LIBOBJS mkdirat.$ac_objext" + ;; +esac + + + for _sym in sudo_mkdirat; do + COMPAT_EXP="${COMPAT_EXP}${_sym} +" + done + + +fi + done -for ac_func in openat + for ac_func in openat do : ac_fn_c_check_func "$LINENO" "openat" "ac_cv_func_openat" -if test "x$ac_cv_func_openat" = xyes; then : - cat >>confdefs.h <<_ACEOF -#define HAVE_OPENAT 1 -_ACEOF +if test "x$ac_cv_func_openat" = xyes +then : + printf "%s\n" "#define HAVE_OPENAT 1" >>confdefs.h -else +else $as_nop case " $LIBOBJS " in *" openat.$ac_objext "* ) ;; @@ -20882,17 +22583,17 @@ fi + done -for ac_func in unlinkat + for ac_func in unlinkat do : ac_fn_c_check_func "$LINENO" "unlinkat" "ac_cv_func_unlinkat" -if test "x$ac_cv_func_unlinkat" = xyes; then : - cat >>confdefs.h <<_ACEOF -#define HAVE_UNLINKAT 1 -_ACEOF +if test "x$ac_cv_func_unlinkat" = xyes +then : + printf "%s\n" "#define HAVE_UNLINKAT 1" >>confdefs.h -else +else $as_nop case " $LIBOBJS " in *" unlinkat.$ac_objext "* ) ;; @@ -20908,17 +22609,17 @@ fi + done -for ac_func in fchmodat + for ac_func in fchmodat do : ac_fn_c_check_func "$LINENO" "fchmodat" "ac_cv_func_fchmodat" -if test "x$ac_cv_func_fchmodat" = xyes; then : - cat >>confdefs.h <<_ACEOF -#define HAVE_FCHMODAT 1 -_ACEOF +if test "x$ac_cv_func_fchmodat" = xyes +then : + printf "%s\n" "#define HAVE_FCHMODAT 1" >>confdefs.h -else +else $as_nop case " $LIBOBJS " in *" fchmodat.$ac_objext "* ) ;; @@ -20934,17 +22635,17 @@ fi + done -for ac_func in fstatat + for ac_func in fstatat do : ac_fn_c_check_func "$LINENO" "fstatat" "ac_cv_func_fstatat" -if test "x$ac_cv_func_fstatat" = xyes; then : - cat >>confdefs.h <<_ACEOF -#define HAVE_FSTATAT 1 -_ACEOF +if test "x$ac_cv_func_fstatat" = xyes +then : + printf "%s\n" "#define HAVE_FSTATAT 1" >>confdefs.h -else +else $as_nop case " $LIBOBJS " in *" fstatat.$ac_objext "* ) ;; @@ -20960,17 +22661,17 @@ fi + done -for ac_func in dup3 + for ac_func in dup3 do : ac_fn_c_check_func "$LINENO" "dup3" "ac_cv_func_dup3" -if test "x$ac_cv_func_dup3" = xyes; then : - cat >>confdefs.h <<_ACEOF -#define HAVE_DUP3 1 -_ACEOF +if test "x$ac_cv_func_dup3" = xyes +then : + printf "%s\n" "#define HAVE_DUP3 1" >>confdefs.h -else +else $as_nop case " $LIBOBJS " in *" dup3.$ac_objext "* ) ;; @@ -20986,17 +22687,17 @@ fi + done -for ac_func in pipe2 + for ac_func in pipe2 do : ac_fn_c_check_func "$LINENO" "pipe2" "ac_cv_func_pipe2" -if test "x$ac_cv_func_pipe2" = xyes; then : - cat >>confdefs.h <<_ACEOF -#define HAVE_PIPE2 1 -_ACEOF +if test "x$ac_cv_func_pipe2" = xyes +then : + printf "%s\n" "#define HAVE_PIPE2 1" >>confdefs.h -else +else $as_nop case " $LIBOBJS " in *" pipe2.$ac_objext "* ) ;; @@ -21012,17 +22713,17 @@ fi + done -for ac_func in pw_dup + for ac_func in pw_dup do : ac_fn_c_check_func "$LINENO" "pw_dup" "ac_cv_func_pw_dup" -if test "x$ac_cv_func_pw_dup" = xyes; then : - cat >>confdefs.h <<_ACEOF -#define HAVE_PW_DUP 1 -_ACEOF +if test "x$ac_cv_func_pw_dup" = xyes +then : + printf "%s\n" "#define HAVE_PW_DUP 1" >>confdefs.h -else +else $as_nop case " $LIBOBJS " in *" pw_dup.$ac_objext "* ) ;; @@ -21038,17 +22739,17 @@ fi + done -for ac_func in strlcpy + for ac_func in strlcpy do : ac_fn_c_check_func "$LINENO" "strlcpy" "ac_cv_func_strlcpy" -if test "x$ac_cv_func_strlcpy" = xyes; then : - cat >>confdefs.h <<_ACEOF -#define HAVE_STRLCPY 1 -_ACEOF +if test "x$ac_cv_func_strlcpy" = xyes +then : + printf "%s\n" "#define HAVE_STRLCPY 1" >>confdefs.h -else +else $as_nop case " $LIBOBJS " in *" strlcpy.$ac_objext "* ) ;; @@ -21064,17 +22765,17 @@ fi + done -for ac_func in strlcat + for ac_func in strlcat do : ac_fn_c_check_func "$LINENO" "strlcat" "ac_cv_func_strlcat" -if test "x$ac_cv_func_strlcat" = xyes; then : - cat >>confdefs.h <<_ACEOF -#define HAVE_STRLCAT 1 -_ACEOF +if test "x$ac_cv_func_strlcat" = xyes +then : + printf "%s\n" "#define HAVE_STRLCAT 1" >>confdefs.h -else +else $as_nop case " $LIBOBJS " in *" strlcat.$ac_objext "* ) ;; @@ -21090,27 +22791,30 @@ fi -done +done ac_fn_c_check_func "$LINENO" "strnlen" "ac_cv_func_strnlen" -if test "x$ac_cv_func_strnlen" = xyes; then : - { $as_echo "$as_me:${as_lineno-$LINENO}: checking for working strnlen" >&5 -$as_echo_n "checking for working strnlen... " >&6; } -if ${ac_cv_func_strnlen_working+:} false; then : - $as_echo_n "(cached) " >&6 -else - if test "$cross_compiling" = yes; then : +if test "x$ac_cv_func_strnlen" = xyes +then : + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for working strnlen" >&5 +printf %s "checking for working strnlen... " >&6; } +if test ${ac_cv_func_strnlen_working+y} +then : + printf %s "(cached) " >&6 +else $as_nop + if test "$cross_compiling" = yes +then : # Guess no on AIX systems, yes otherwise. case "$host_os" in aix*) ac_cv_func_strnlen_working=no;; *) ac_cv_func_strnlen_working=yes;; esac -else +else $as_nop cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ $ac_includes_default int -main () +main (void) { #define S "foobar" @@ -21132,9 +22836,10 @@ return 0; } _ACEOF -if ac_fn_c_try_run "$LINENO"; then : +if ac_fn_c_try_run "$LINENO" +then : ac_cv_func_strnlen_working=yes -else +else $as_nop ac_cv_func_strnlen_working=no fi rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \ @@ -21142,8 +22847,8 @@ fi fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_func_strnlen_working" >&5 -$as_echo "$ac_cv_func_strnlen_working" >&6; } +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_func_strnlen_working" >&5 +printf "%s\n" "$ac_cv_func_strnlen_working" >&6; } test $ac_cv_func_strnlen_working = no && case " $LIBOBJS " in *" strnlen.$ac_objext "* ) ;; *) LIBOBJS="$LIBOBJS strnlen.$ac_objext" @@ -21151,7 +22856,7 @@ esac -else +else $as_nop case " $LIBOBJS " in *" strnlen.$ac_objext "* ) ;; *) LIBOBJS="$LIBOBJS strnlen.$ac_objext" @@ -21161,17 +22866,17 @@ fi if test X"$ac_cv_func_strnlen_working" = X"yes"; then - $as_echo "#define HAVE_STRNLEN 1" >>confdefs.h + printf "%s\n" "#define HAVE_STRNLEN 1" >>confdefs.h + - for ac_func in strndup + for ac_func in strndup do : ac_fn_c_check_func "$LINENO" "strndup" "ac_cv_func_strndup" -if test "x$ac_cv_func_strndup" = xyes; then : - cat >>confdefs.h <<_ACEOF -#define HAVE_STRNDUP 1 -_ACEOF +if test "x$ac_cv_func_strndup" = xyes +then : + printf "%s\n" "#define HAVE_STRNDUP 1" >>confdefs.h -else +else $as_nop case " $LIBOBJS " in *" strndup.$ac_objext "* ) ;; @@ -21187,8 +22892,8 @@ fi -done +done else # Broken or missing strnlen, use our own. @@ -21211,22 +22916,23 @@ done fi -for ac_func in clock_gettime + + for ac_func in clock_gettime do : ac_fn_c_check_func "$LINENO" "clock_gettime" "ac_cv_func_clock_gettime" -if test "x$ac_cv_func_clock_gettime" = xyes; then : - cat >>confdefs.h <<_ACEOF -#define HAVE_CLOCK_GETTIME 1 -_ACEOF +if test "x$ac_cv_func_clock_gettime" = xyes +then : + printf "%s\n" "#define HAVE_CLOCK_GETTIME 1" >>confdefs.h -else +else $as_nop # On Solaris, clock_gettime is in librt - { $as_echo "$as_me:${as_lineno-$LINENO}: checking for clock_gettime in -lrt" >&5 -$as_echo_n "checking for clock_gettime in -lrt... " >&6; } -if ${ac_cv_lib_rt_clock_gettime+:} false; then : - $as_echo_n "(cached) " >&6 -else + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for clock_gettime in -lrt" >&5 +printf %s "checking for clock_gettime in -lrt... " >&6; } +if test ${ac_cv_lib_rt_clock_gettime+y} +then : + printf %s "(cached) " >&6 +else $as_nop ac_check_lib_save_LIBS=$LIBS LIBS="-lrt $LIBS" cat confdefs.h - <<_ACEOF >conftest.$ac_ext @@ -21235,32 +22941,31 @@ /* Override any GCC internal prototype to avoid an error. Use char because int might match the return type of a GCC builtin and then its argument prototype would still apply. */ -#ifdef __cplusplus -extern "C" -#endif char clock_gettime (); int -main () +main (void) { return clock_gettime (); ; return 0; } _ACEOF -if ac_fn_c_try_link "$LINENO"; then : +if ac_fn_c_try_link "$LINENO" +then : ac_cv_lib_rt_clock_gettime=yes -else +else $as_nop ac_cv_lib_rt_clock_gettime=no fi -rm -f core conftest.err conftest.$ac_objext \ +rm -f core conftest.err conftest.$ac_objext conftest.beam \ conftest$ac_exeext conftest.$ac_ext LIBS=$ac_check_lib_save_LIBS fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_rt_clock_gettime" >&5 -$as_echo "$ac_cv_lib_rt_clock_gettime" >&6; } -if test "x$ac_cv_lib_rt_clock_gettime" = xyes; then : +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_rt_clock_gettime" >&5 +printf "%s\n" "$ac_cv_lib_rt_clock_gettime" >&6; } +if test "x$ac_cv_lib_rt_clock_gettime" = xyes +then : - $as_echo "#define HAVE_CLOCK_GETTIME 1" >>confdefs.h + printf "%s\n" "#define HAVE_CLOCK_GETTIME 1" >>confdefs.h LIBRT="-lrt" @@ -21268,17 +22973,17 @@ fi + done -for ac_func in getopt_long + for ac_func in getopt_long do : ac_fn_c_check_func "$LINENO" "getopt_long" "ac_cv_func_getopt_long" -if test "x$ac_cv_func_getopt_long" = xyes; then : - cat >>confdefs.h <<_ACEOF -#define HAVE_GETOPT_LONG 1 -_ACEOF +if test "x$ac_cv_func_getopt_long" = xyes +then : + printf "%s\n" "#define HAVE_GETOPT_LONG 1" >>confdefs.h -else +else $as_nop case " $LIBOBJS " in *" getopt_long.$ac_objext "* ) ;; @@ -21292,51 +22997,52 @@ " done - { $as_echo "$as_me:${as_lineno-$LINENO}: checking for optreset" >&5 -$as_echo_n "checking for optreset... " >&6; } - if ${sudo_cv_optreset+:} false; then : - $as_echo_n "(cached) " >&6 -else + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for optreset" >&5 +printf %s "checking for optreset... " >&6; } +if test ${sudo_cv_optreset+y} +then : + printf %s "(cached) " >&6 +else $as_nop cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ int -main () +main (void) { extern int optreset; optreset = 1; return optreset; ; return 0; } _ACEOF -if ac_fn_c_try_link "$LINENO"; then : +if ac_fn_c_try_link "$LINENO" +then : sudo_cv_optreset=yes -else +else $as_nop sudo_cv_optreset=no fi -rm -f core conftest.err conftest.$ac_objext \ +rm -f core conftest.err conftest.$ac_objext conftest.beam \ conftest$ac_exeext conftest.$ac_ext fi - +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $sudo_cv_optreset" >&5 +printf "%s\n" "$sudo_cv_optreset" >&6; } if test "$sudo_cv_optreset" = "yes"; then - $as_echo "#define HAVE_OPTRESET 1" >>confdefs.h + printf "%s\n" "#define HAVE_OPTRESET 1" >>confdefs.h fi - { $as_echo "$as_me:${as_lineno-$LINENO}: result: $sudo_cv_optreset" >&5 -$as_echo "$sudo_cv_optreset" >&6; } fi + done -for ac_func in closefrom + for ac_func in closefrom do : ac_fn_c_check_func "$LINENO" "closefrom" "ac_cv_func_closefrom" -if test "x$ac_cv_func_closefrom" = xyes; then : - cat >>confdefs.h <<_ACEOF -#define HAVE_CLOSEFROM 1 -_ACEOF +if test "x$ac_cv_func_closefrom" = xyes +then : + printf "%s\n" "#define HAVE_CLOSEFROM 1" >>confdefs.h -else +else $as_nop case " $LIBOBJS " in *" closefrom.$ac_objext "* ) ;; *) LIBOBJS="$LIBOBJS closefrom.$ac_objext" @@ -21349,57 +23055,57 @@ " done - ac_fn_c_check_decl "$LINENO" "F_CLOSEM" "ac_cv_have_decl_F_CLOSEM" " + ac_fn_check_decl "$LINENO" "F_CLOSEM" "ac_cv_have_decl_F_CLOSEM" " # include # include -" -if test "x$ac_cv_have_decl_F_CLOSEM" = xyes; then : - $as_echo "#define HAVE_FCNTL_CLOSEM 1" >>confdefs.h +" "$ac_c_undeclared_builtin_options" "CFLAGS" +if test "x$ac_cv_have_decl_F_CLOSEM" = xyes +then : + printf "%s\n" "#define HAVE_FCNTL_CLOSEM 1" >>confdefs.h fi - fi + done -for ac_func in mkstemps mkdtemp + for ac_func in mkstemps mkdtemp do : - as_ac_var=`$as_echo "ac_cv_func_$ac_func" | $as_tr_sh` + as_ac_var=`printf "%s\n" "ac_cv_func_$ac_func" | $as_tr_sh` ac_fn_c_check_func "$LINENO" "$ac_func" "$as_ac_var" -if eval test \"x\$"$as_ac_var"\" = x"yes"; then : +if eval test \"x\$"$as_ac_var"\" = x"yes" +then : cat >>confdefs.h <<_ACEOF -#define `$as_echo "HAVE_$ac_func" | $as_tr_cpp` 1 +#define `printf "%s\n" "HAVE_$ac_func" | $as_tr_cpp` 1 _ACEOF -else +else $as_nop break fi -done +done if test X"$ac_cv_func_mkstemps$ac_cv_func_mkdtemp" != X"yesyes"; then - for ac_func in arc4random random lrand48 + + for ac_func in arc4random random lrand48 do : - as_ac_var=`$as_echo "ac_cv_func_$ac_func" | $as_tr_sh` + as_ac_var=`printf "%s\n" "ac_cv_func_$ac_func" | $as_tr_sh` ac_fn_c_check_func "$LINENO" "$ac_func" "$as_ac_var" -if eval test \"x\$"$as_ac_var"\" = x"yes"; then : +if eval test \"x\$"$as_ac_var"\" = x"yes" +then : cat >>confdefs.h <<_ACEOF -#define `$as_echo "HAVE_$ac_func" | $as_tr_cpp` 1 +#define `printf "%s\n" "HAVE_$ac_func" | $as_tr_cpp` 1 _ACEOF break fi -done +done if test X"$ac_cv_func_arc4random" != X"yes"; then - for ac_func in getentropy -do : - ac_fn_c_check_func "$LINENO" "getentropy" "ac_cv_func_getentropy" -if test "x$ac_cv_func_getentropy" = xyes; then : - cat >>confdefs.h <<_ACEOF -#define HAVE_GETENTROPY 1 -_ACEOF + ac_fn_c_check_func "$LINENO" "getentropy" "ac_cv_func_getentropy" +if test "x$ac_cv_func_getentropy" = xyes +then : + printf "%s\n" "#define HAVE_GETENTROPY 1" >>confdefs.h fi -done fi case " $LIBOBJS " in @@ -21417,26 +23123,29 @@ COMPAT_TEST_PROGS="${COMPAT_TEST_PROGS}${COMPAT_TEST_PROGS+ }mktemp_test" fi -for ac_func in snprintf vsnprintf -do : - as_ac_var=`$as_echo "ac_cv_func_$ac_func" | $as_tr_sh` -ac_fn_c_check_func "$LINENO" "$ac_func" "$as_ac_var" -if eval test \"x\$"$as_ac_var"\" = x"yes"; then : - cat >>confdefs.h <<_ACEOF -#define `$as_echo "HAVE_$ac_func" | $as_tr_cpp` 1 -_ACEOF +ac_fn_c_check_func "$LINENO" "snprintf" "ac_cv_func_snprintf" +if test "x$ac_cv_func_snprintf" = xyes +then : + printf "%s\n" "#define HAVE_SNPRINTF 1" >>confdefs.h + +fi +ac_fn_c_check_func "$LINENO" "vsnprintf" "ac_cv_func_vsnprintf" +if test "x$ac_cv_func_vsnprintf" = xyes +then : + printf "%s\n" "#define HAVE_VSNPRINTF 1" >>confdefs.h fi -done -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for working snprintf" >&5 -$as_echo_n "checking for working snprintf... " >&6; } -if ${ac_cv_have_working_snprintf+:} false; then : - $as_echo_n "(cached) " >&6 -else - if test "$cross_compiling" = yes; then : +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for working snprintf" >&5 +printf %s "checking for working snprintf... " >&6; } +if test ${ac_cv_have_working_snprintf+y} +then : + printf %s "(cached) " >&6 +else $as_nop + if test "$cross_compiling" = yes +then : ac_cv_have_working_snprintf=cross -else +else $as_nop cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ #include @@ -21456,9 +23165,10 @@ return(0); } _ACEOF -if ac_fn_c_try_run "$LINENO"; then : +if ac_fn_c_try_run "$LINENO" +then : ac_cv_have_working_snprintf=yes -else +else $as_nop ac_cv_have_working_snprintf=no fi rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \ @@ -21467,16 +23177,18 @@ fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_have_working_snprintf" >&5 -$as_echo "$ac_cv_have_working_snprintf" >&6; } -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for working vsnprintf" >&5 -$as_echo_n "checking for working vsnprintf... " >&6; } -if ${ac_cv_have_working_vsnprintf+:} false; then : - $as_echo_n "(cached) " >&6 -else - if test "$cross_compiling" = yes; then : +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_have_working_snprintf" >&5 +printf "%s\n" "$ac_cv_have_working_snprintf" >&6; } +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for working vsnprintf" >&5 +printf %s "checking for working vsnprintf... " >&6; } +if test ${ac_cv_have_working_vsnprintf+y} +then : + printf %s "(cached) " >&6 +else $as_nop + if test "$cross_compiling" = yes +then : ac_cv_have_working_vsnprintf=cross -else +else $as_nop cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ #include @@ -21507,9 +23219,10 @@ return(0); } _ACEOF -if ac_fn_c_try_run "$LINENO"; then : +if ac_fn_c_try_run "$LINENO" +then : ac_cv_have_working_vsnprintf=yes -else +else $as_nop ac_cv_have_working_vsnprintf=no fi rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \ @@ -21518,8 +23231,8 @@ fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_have_working_vsnprintf" >&5 -$as_echo "$ac_cv_have_working_vsnprintf" >&6; } +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_have_working_vsnprintf" >&5 +printf "%s\n" "$ac_cv_have_working_vsnprintf" >&6; } if test x$ac_cv_have_working_snprintf$ac_cv_have_working_vsnprintf != "xyesyes"; then case " $LIBOBJS " in *" snprintf.$ac_objext "* ) ;; @@ -21527,23 +23240,23 @@ ;; esac - { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: Replacing missing/broken (v)snprintf() with sudo's version." >&5 -$as_echo "$as_me: WARNING: Replacing missing/broken (v)snprintf() with sudo's version." >&2;} + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: WARNING: Replacing missing/broken (v)snprintf() with sudo's version." >&5 +printf "%s\n" "$as_me: WARNING: Replacing missing/broken (v)snprintf() with sudo's version." >&2;} -$as_echo "#define PREFER_PORTABLE_SNPRINTF 1" >>confdefs.h +printf "%s\n" "#define PREFER_PORTABLE_SNPRINTF 1" >>confdefs.h fi if test X"$ac_cv_have_working_snprintf$ac_cv_have_working_vsnprintf" = X"yesyes"; then # System has a C99-compliant v?snprintf(), check for v?asprintf() - for ac_func in asprintf + + for ac_func in asprintf do : ac_fn_c_check_func "$LINENO" "asprintf" "ac_cv_func_asprintf" -if test "x$ac_cv_func_asprintf" = xyes; then : - cat >>confdefs.h <<_ACEOF -#define HAVE_ASPRINTF 1 -_ACEOF +if test "x$ac_cv_func_asprintf" = xyes +then : + printf "%s\n" "#define HAVE_ASPRINTF 1" >>confdefs.h -else +else $as_nop case " $LIBOBJS " in *" snprintf.$ac_objext "* ) ;; @@ -21559,17 +23272,17 @@ fi + done - for ac_func in vasprintf + for ac_func in vasprintf do : ac_fn_c_check_func "$LINENO" "vasprintf" "ac_cv_func_vasprintf" -if test "x$ac_cv_func_vasprintf" = xyes; then : - cat >>confdefs.h <<_ACEOF -#define HAVE_VASPRINTF 1 -_ACEOF +if test "x$ac_cv_func_vasprintf" = xyes +then : + printf "%s\n" "#define HAVE_VASPRINTF 1" >>confdefs.h -else +else $as_nop case " $LIBOBJS " in *" snprintf.$ac_objext "* ) ;; @@ -21585,8 +23298,8 @@ fi -done +done else # Missing or non-compliant v?snprintf(), assume missing/bad v?asprintf() @@ -21601,34 +23314,37 @@ #include " -if test "x$ac_cv_member_struct_tm_tm_gmtoff" = xyes; then : +if test "x$ac_cv_member_struct_tm_tm_gmtoff" = xyes +then : -cat >>confdefs.h <<_ACEOF -#define HAVE_STRUCT_TM_TM_GMTOFF 1 -_ACEOF +printf "%s\n" "#define HAVE_STRUCT_TM_TM_GMTOFF 1" >>confdefs.h fi ac_fn_c_check_member "$LINENO" "struct stat" "st_mtim" "ac_cv_member_struct_stat_st_mtim" "$ac_includes_default" -if test "x$ac_cv_member_struct_stat_st_mtim" = xyes; then : - $as_echo "#define HAVE_ST_MTIM 1" >>confdefs.h +if test "x$ac_cv_member_struct_stat_st_mtim" = xyes +then : + printf "%s\n" "#define HAVE_ST_MTIM 1" >>confdefs.h ac_fn_c_check_member "$LINENO" "struct stat" "st_mtim.st__tim" "ac_cv_member_struct_stat_st_mtim_st__tim" "$ac_includes_default" -if test "x$ac_cv_member_struct_stat_st_mtim_st__tim" = xyes; then : - $as_echo "#define HAVE_ST__TIM 1" >>confdefs.h +if test "x$ac_cv_member_struct_stat_st_mtim_st__tim" = xyes +then : + printf "%s\n" "#define HAVE_ST__TIM 1" >>confdefs.h fi -else +else $as_nop ac_fn_c_check_member "$LINENO" "struct stat" "st_mtimespec" "ac_cv_member_struct_stat_st_mtimespec" "$ac_includes_default" -if test "x$ac_cv_member_struct_stat_st_mtimespec" = xyes; then : - $as_echo "#define HAVE_ST_MTIMESPEC 1" >>confdefs.h +if test "x$ac_cv_member_struct_stat_st_mtimespec" = xyes +then : + printf "%s\n" "#define HAVE_ST_MTIMESPEC 1" >>confdefs.h -else +else $as_nop ac_fn_c_check_member "$LINENO" "struct stat" "st_nmtime" "ac_cv_member_struct_stat_st_nmtime" "$ac_includes_default" -if test "x$ac_cv_member_struct_stat_st_nmtime" = xyes; then : - $as_echo "#define HAVE_ST_NMTIME 1" >>confdefs.h +if test "x$ac_cv_member_struct_stat_st_nmtime" = xyes +then : + printf "%s\n" "#define HAVE_ST_NMTIME 1" >>confdefs.h fi @@ -21638,72 +23354,54 @@ fi -for ac_func in vsyslog -do : - ac_fn_c_check_func "$LINENO" "vsyslog" "ac_cv_func_vsyslog" -if test "x$ac_cv_func_vsyslog" = xyes; then : - cat >>confdefs.h <<_ACEOF -#define HAVE_VSYSLOG 1 -_ACEOF - -else - - case " $LIBOBJS " in - *" vsyslog.$ac_objext "* ) ;; - *) LIBOBJS="$LIBOBJS vsyslog.$ac_objext" - ;; -esac - - - for _sym in sudo_vsyslog; do - COMPAT_EXP="${COMPAT_EXP}${_sym} -" - done - - COMPAT_TEST_PROGS="${COMPAT_TEST_PROGS}${COMPAT_TEST_PROGS+ }vsyslog_test" +ac_fn_c_check_func "$LINENO" "setpassent" "ac_cv_func_setpassent" +if test "x$ac_cv_func_setpassent" = xyes +then : + printf "%s\n" "#define HAVE_SETPASSENT 1" >>confdefs.h fi -done - -for ac_func in setpassent setgroupent -do : - as_ac_var=`$as_echo "ac_cv_func_$ac_func" | $as_tr_sh` -ac_fn_c_check_func "$LINENO" "$ac_func" "$as_ac_var" -if eval test \"x\$"$as_ac_var"\" = x"yes"; then : - cat >>confdefs.h <<_ACEOF -#define `$as_echo "HAVE_$ac_func" | $as_tr_cpp` 1 -_ACEOF +ac_fn_c_check_func "$LINENO" "setgroupent" "ac_cv_func_setgroupent" +if test "x$ac_cv_func_setgroupent" = xyes +then : + printf "%s\n" "#define HAVE_SETGROUPENT 1" >>confdefs.h fi -done if test X"$with_noexec" != X"no"; then # Check for non-standard exec functions - for ac_func in exect execvP execvpe -do : - as_ac_var=`$as_echo "ac_cv_func_$ac_func" | $as_tr_sh` -ac_fn_c_check_func "$LINENO" "$ac_func" "$as_ac_var" -if eval test \"x\$"$as_ac_var"\" = x"yes"; then : - cat >>confdefs.h <<_ACEOF -#define `$as_echo "HAVE_$ac_func" | $as_tr_cpp` 1 -_ACEOF + ac_fn_c_check_func "$LINENO" "exect" "ac_cv_func_exect" +if test "x$ac_cv_func_exect" = xyes +then : + printf "%s\n" "#define HAVE_EXECT 1" >>confdefs.h + +fi +ac_fn_c_check_func "$LINENO" "execvP" "ac_cv_func_execvP" +if test "x$ac_cv_func_execvP" = xyes +then : + printf "%s\n" "#define HAVE_EXECVP 1" >>confdefs.h + +fi +ac_fn_c_check_func "$LINENO" "execvpe" "ac_cv_func_execvpe" +if test "x$ac_cv_func_execvpe" = xyes +then : + printf "%s\n" "#define HAVE_EXECVPE 1" >>confdefs.h fi -done # Check for posix_spawn, and posix_spawnp if test X"$ac_cv_header_spawn_h" = X"yes"; then - for ac_func in posix_spawn posix_spawnp -do : - as_ac_var=`$as_echo "ac_cv_func_$ac_func" | $as_tr_sh` -ac_fn_c_check_func "$LINENO" "$ac_func" "$as_ac_var" -if eval test \"x\$"$as_ac_var"\" = x"yes"; then : - cat >>confdefs.h <<_ACEOF -#define `$as_echo "HAVE_$ac_func" | $as_tr_cpp` 1 -_ACEOF + ac_fn_c_check_func "$LINENO" "posix_spawn" "ac_cv_func_posix_spawn" +if test "x$ac_cv_func_posix_spawn" = xyes +then : + printf "%s\n" "#define HAVE_POSIX_SPAWN 1" >>confdefs.h + +fi +ac_fn_c_check_func "$LINENO" "posix_spawnp" "ac_cv_func_posix_spawnp" +if test "x$ac_cv_func_posix_spawnp" = xyes +then : + printf "%s\n" "#define HAVE_POSIX_SPAWNP 1" >>confdefs.h fi -done fi fi @@ -21713,48 +23411,49 @@ #include #include <$ac_header_dirent> int -main () +main (void) { DIR *d; (void)dirfd(d); ; return 0; } _ACEOF -if ac_fn_c_try_link "$LINENO"; then : - $as_echo "#define HAVE_DIRFD 1" >>confdefs.h +if ac_fn_c_try_link "$LINENO" +then : + printf "%s\n" "#define HAVE_DIRFD 1" >>confdefs.h -else +else $as_nop cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ #include #include <$ac_header_dirent> int -main () +main (void) { DIR d; memset(&d, 0, sizeof(d)); return(d.dd_fd); ; return 0; } _ACEOF -if ac_fn_c_try_link "$LINENO"; then : - $as_echo "#define HAVE_DD_FD 1" >>confdefs.h +if ac_fn_c_try_link "$LINENO" +then : + printf "%s\n" "#define HAVE_DD_FD 1" >>confdefs.h fi -rm -f core conftest.err conftest.$ac_objext \ +rm -f core conftest.err conftest.$ac_objext conftest.beam \ conftest$ac_exeext conftest.$ac_ext fi -rm -f core conftest.err conftest.$ac_objext \ +rm -f core conftest.err conftest.$ac_objext conftest.beam \ conftest$ac_exeext conftest.$ac_ext ac_fn_c_check_member "$LINENO" "struct dirent" "d_type" "ac_cv_member_struct_dirent_d_type" " $ac_includes_default #include <$ac_header_dirent> " -if test "x$ac_cv_member_struct_dirent_d_type" = xyes; then : +if test "x$ac_cv_member_struct_dirent_d_type" = xyes +then : -cat >>confdefs.h <<_ACEOF -#define HAVE_STRUCT_DIRENT_D_TYPE 1 -_ACEOF +printf "%s\n" "#define HAVE_STRUCT_DIRENT_D_TYPE 1" >>confdefs.h fi @@ -21763,111 +23462,393 @@ #include <$ac_header_dirent> " -if test "x$ac_cv_member_struct_dirent_d_namlen" = xyes; then : +if test "x$ac_cv_member_struct_dirent_d_namlen" = xyes +then : -cat >>confdefs.h <<_ACEOF -#define HAVE_STRUCT_DIRENT_D_NAMLEN 1 -_ACEOF +printf "%s\n" "#define HAVE_STRUCT_DIRENT_D_NAMLEN 1" >>confdefs.h fi +openssl_missing=no if test "${enable_openssl-no}" != no; then - # Use OpenSSL's sha2 functions - $as_echo "#define HAVE_OPENSSL 1" >>confdefs.h - - DIGEST=digest_openssl.lo - # Use pkg-config to find the openssl cflags and libs if possible. - if test "$enable_openssl" != "yes"; then + if test "$enable_openssl" != "yes" -a "$enable_openssl" != "maybe"; then PKG_CONFIG_LIBDIR="${enable_openssl}/lib/pkgconfig:${enable_openssl}/lib64/pkgconfig:${enable_openssl}/share/pkgconfig" export PKG_CONFIG_LIBDIR - fi - if $PKG_CONFIG --exists openssl >/dev/null 2>&1; then - # Check whether --static is needed + elif test "$cross_compiling" = "yes" -a -z "$PKG_CONFIG"; then + # Cannot use pkg-config when cross-compiling + PKG_CONFIG=false + fi + : ${PKG_CONFIG='pkg-config'} + pkg_openssl=`printf $enable_openssl_pkgconfig_template "openssl"` + pkg_libcrypto=lib`printf $enable_openssl_pkgconfig_template "crypto"` + if $PKG_CONFIG --exists "$pkg_openssl >= 1.0.1" >/dev/null 2>&1; then + printf "%s\n" "#define HAVE_OPENSSL 1" >>confdefs.h + + if test "$enable_openssl" = "maybe"; then + enable_openssl=yes + fi + O_LDFLAGS="$LDFLAGS" - LDFLAGS="$LDFLAGS `$PKG_CONFIG --libs-only-L openssl`" - { $as_echo "$as_me:${as_lineno-$LINENO}: checking for SSL_library_init in -lssl" >&5 -$as_echo_n "checking for SSL_library_init in -lssl... " >&6; } -if ${ac_cv_lib_ssl_SSL_library_init_lcrypto+:} false; then : - $as_echo_n "(cached) " >&6 -else + LDFLAGS="$LDFLAGS `$PKG_CONFIG --libs-only-L $pkg_openssl`" + # Check whether --static is needed (don't assume name of ssl lib) + libssl="`$PKG_CONFIG --libs-only-l $pkg_openssl | sed 's/^ *-l//'`" + libssl_extra=`echo $libssl | sed 's/^[^ ]* *//'` + libssl=`echo $libssl | sed 's/ .*//'` + as_ac_Lib=`printf "%s\n" "ac_cv_lib_$libssl''_SSL_new$libssl_extra" | $as_tr_sh` +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for SSL_new in -l$libssl" >&5 +printf %s "checking for SSL_new in -l$libssl... " >&6; } +if eval test \${$as_ac_Lib+y} +then : + printf %s "(cached) " >&6 +else $as_nop ac_check_lib_save_LIBS=$LIBS -LIBS="-lssl -lcrypto $LIBS" +LIBS="-l$libssl $libssl_extra $LIBS" cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ /* Override any GCC internal prototype to avoid an error. Use char because int might match the return type of a GCC builtin and then its argument prototype would still apply. */ -#ifdef __cplusplus -extern "C" -#endif -char SSL_library_init (); +char SSL_new (); int -main () +main (void) { -return SSL_library_init (); +return SSL_new (); ; return 0; } _ACEOF -if ac_fn_c_try_link "$LINENO"; then : - ac_cv_lib_ssl_SSL_library_init_lcrypto=yes -else - ac_cv_lib_ssl_SSL_library_init_lcrypto=no +if ac_fn_c_try_link "$LINENO" +then : + eval "$as_ac_Lib=yes" +else $as_nop + eval "$as_ac_Lib=no" fi -rm -f core conftest.err conftest.$ac_objext \ +rm -f core conftest.err conftest.$ac_objext conftest.beam \ conftest$ac_exeext conftest.$ac_ext LIBS=$ac_check_lib_save_LIBS fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_ssl_SSL_library_init_lcrypto" >&5 -$as_echo "$ac_cv_lib_ssl_SSL_library_init_lcrypto" >&6; } -if test "x$ac_cv_lib_ssl_SSL_library_init_lcrypto" = xyes; then : +eval ac_res=\$$as_ac_Lib + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_res" >&5 +printf "%s\n" "$ac_res" >&6; } +if eval test \"x\$"$as_ac_Lib"\" = x"yes" +then : STATIC="" -else +else $as_nop STATIC="--static" fi + + # Use OpenSSL's sha2 functions if possible (don't assume name of crypto) + libcrypto="`$PKG_CONFIG --libs-only-l $pkg_libcrypto | sed -e 's/^ *-l//' -e 's/ .*//'`" + as_ac_Lib=`printf "%s\n" "ac_cv_lib_$libcrypto''_EVP_MD_CTX_new" | $as_tr_sh` +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for EVP_MD_CTX_new in -l$libcrypto" >&5 +printf %s "checking for EVP_MD_CTX_new in -l$libcrypto... " >&6; } +if eval test \${$as_ac_Lib+y} +then : + printf %s "(cached) " >&6 +else $as_nop + ac_check_lib_save_LIBS=$LIBS +LIBS="-l$libcrypto $LIBS" +cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +/* Override any GCC internal prototype to avoid an error. + Use char because int might match the return type of a GCC + builtin and then its argument prototype would still apply. */ +char EVP_MD_CTX_new (); +int +main (void) +{ +return EVP_MD_CTX_new (); + ; + return 0; +} +_ACEOF +if ac_fn_c_try_link "$LINENO" +then : + eval "$as_ac_Lib=yes" +else $as_nop + eval "$as_ac_Lib=no" +fi +rm -f core conftest.err conftest.$ac_objext conftest.beam \ + conftest$ac_exeext conftest.$ac_ext +LIBS=$ac_check_lib_save_LIBS +fi +eval ac_res=\$$as_ac_Lib + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_res" >&5 +printf "%s\n" "$ac_res" >&6; } +if eval test \"x\$"$as_ac_Lib"\" = x"yes" +then : + DIGEST=digest_openssl.lo +fi + LDFLAGS="$O_LDFLAGS" # Use pkg-config to determine OpenSSL libs and cflags - LIBTLS=`$PKG_CONFIG $STATIC --libs openssl` - if $PKG_CONFIG --exists libcrypto >/dev/null 2>&1; then - LIBMD=`$PKG_CONFIG $STATIC --libs libcrypto` + for f in `$PKG_CONFIG $STATIC --libs $pkg_openssl`; do + case "$f" in + -L*) + f="${f#-L}" + + +if test ${LIBTLS+y} +then : + + case " $LIBTLS " in #( + *" -L$f "*) : + { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: : LIBTLS already contains -L\$f"; } >&5 + (: LIBTLS already contains -L$f) 2>&5 + ac_status=$? + printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + test $ac_status = 0; } ;; #( + *) : + + as_fn_append LIBTLS " -L$f" + { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: : LIBTLS=\"\$LIBTLS\""; } >&5 + (: LIBTLS="$LIBTLS") 2>&5 + ac_status=$? + printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + test $ac_status = 0; } + ;; +esac + +else $as_nop + + LIBTLS=-L$f + { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: : LIBTLS=\"\$LIBTLS\""; } >&5 + (: LIBTLS="$LIBTLS") 2>&5 + ac_status=$? + printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + test $ac_status = 0; } + +fi + + if test X"$enable_rpath" = X"yes"; then + +if test ${LIBTLS_R+y} +then : + + case " $LIBTLS_R " in #( + *" -R$f "*) : + { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: : LIBTLS_R already contains -R\$f"; } >&5 + (: LIBTLS_R already contains -R$f) 2>&5 + ac_status=$? + printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + test $ac_status = 0; } ;; #( + *) : + + as_fn_append LIBTLS_R " -R$f" + { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: : LIBTLS_R=\"\$LIBTLS_R\""; } >&5 + (: LIBTLS_R="$LIBTLS_R") 2>&5 + ac_status=$? + printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + test $ac_status = 0; } + ;; +esac + +else $as_nop + + LIBTLS_R=-R$f + { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: : LIBTLS_R=\"\$LIBTLS_R\""; } >&5 + (: LIBTLS_R="$LIBTLS_R") 2>&5 + ac_status=$? + printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + test $ac_status = 0; } + +fi + + fi + + ;; + *) + +if test ${LIBTLS+y} +then : + + case " $LIBTLS " in #( + *" $f "*) : + { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: : LIBTLS already contains \$f"; } >&5 + (: LIBTLS already contains $f) 2>&5 + ac_status=$? + printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + test $ac_status = 0; } ;; #( + *) : + + as_fn_append LIBTLS " $f" + { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: : LIBTLS=\"\$LIBTLS\""; } >&5 + (: LIBTLS="$LIBTLS") 2>&5 + ac_status=$? + printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + test $ac_status = 0; } + ;; +esac + +else $as_nop + + LIBTLS=$f + { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: : LIBTLS=\"\$LIBTLS\""; } >&5 + (: LIBTLS="$LIBTLS") 2>&5 + ac_status=$? + printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + test $ac_status = 0; } + +fi + + ;; + esac + done + if $PKG_CONFIG --exists $pkg_libcrypto >/dev/null 2>&1; then + LIBCRYPTO=`$PKG_CONFIG $STATIC --libs $pkg_libcrypto` + for f in `$PKG_CONFIG $STATIC --libs $pkg_libcrypto`; do + case "$f" in + -L*) + f="${f#-L}" + + +if test ${LIBCRYPTO+y} +then : + + case " $LIBCRYPTO " in #( + *" -L$f "*) : + { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: : LIBCRYPTO already contains -L\$f"; } >&5 + (: LIBCRYPTO already contains -L$f) 2>&5 + ac_status=$? + printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + test $ac_status = 0; } ;; #( + *) : + + as_fn_append LIBCRYPTO " -L$f" + { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: : LIBCRYPTO=\"\$LIBCRYPTO\""; } >&5 + (: LIBCRYPTO="$LIBCRYPTO") 2>&5 + ac_status=$? + printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + test $ac_status = 0; } + ;; +esac + +else $as_nop + + LIBCRYPTO=-L$f + { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: : LIBCRYPTO=\"\$LIBCRYPTO\""; } >&5 + (: LIBCRYPTO="$LIBCRYPTO") 2>&5 + ac_status=$? + printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + test $ac_status = 0; } + +fi + + if test X"$enable_rpath" = X"yes"; then + +if test ${LIBCRYPTO_R+y} +then : + + case " $LIBCRYPTO_R " in #( + *" -R$f "*) : + { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: : LIBCRYPTO_R already contains -R\$f"; } >&5 + (: LIBCRYPTO_R already contains -R$f) 2>&5 + ac_status=$? + printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + test $ac_status = 0; } ;; #( + *) : + + as_fn_append LIBCRYPTO_R " -R$f" + { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: : LIBCRYPTO_R=\"\$LIBCRYPTO_R\""; } >&5 + (: LIBCRYPTO_R="$LIBCRYPTO_R") 2>&5 + ac_status=$? + printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + test $ac_status = 0; } + ;; +esac + +else $as_nop + + LIBCRYPTO_R=-R$f + { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: : LIBCRYPTO_R=\"\$LIBCRYPTO_R\""; } >&5 + (: LIBCRYPTO_R="$LIBCRYPTO_R") 2>&5 + ac_status=$? + printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + test $ac_status = 0; } + +fi + + fi + + ;; + *) + +if test ${LIBCRYPTO+y} +then : + + case " $LIBCRYPTO " in #( + *" $f "*) : + { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: : LIBCRYPTO already contains \$f"; } >&5 + (: LIBCRYPTO already contains $f) 2>&5 + ac_status=$? + printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + test $ac_status = 0; } ;; #( + *) : + + as_fn_append LIBCRYPTO " $f" + { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: : LIBCRYPTO=\"\$LIBCRYPTO\""; } >&5 + (: LIBCRYPTO="$LIBCRYPTO") 2>&5 + ac_status=$? + printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + test $ac_status = 0; } + ;; +esac + +else $as_nop + + LIBCRYPTO=$f + { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: : LIBCRYPTO=\"\$LIBCRYPTO\""; } >&5 + (: LIBCRYPTO="$LIBCRYPTO") 2>&5 + ac_status=$? + printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + test $ac_status = 0; } + +fi + + ;; + esac + done else # No separate pkg config for libcrypto - LIBMD="$LIBTLS" + LIBCRYPTO="$LIBTLS" + LIBCRYPTO_R="$LIBTLS_R" fi - for f in `$PKG_CONFIG --cflags-only-I openssl`; do + for f in `$PKG_CONFIG --cflags-only-I $pkg_openssl`; do -if ${CPPFLAGS+:} false; then : +if test ${CPPFLAGS+y} +then : case " $CPPFLAGS " in #( *" $f "*) : - { { $as_echo "$as_me:${as_lineno-$LINENO}: : CPPFLAGS already contains \$f"; } >&5 + { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: : CPPFLAGS already contains \$f"; } >&5 (: CPPFLAGS already contains $f) 2>&5 ac_status=$? - $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 test $ac_status = 0; } ;; #( *) : as_fn_append CPPFLAGS " $f" - { { $as_echo "$as_me:${as_lineno-$LINENO}: : CPPFLAGS=\"\$CPPFLAGS\""; } >&5 + { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: : CPPFLAGS=\"\$CPPFLAGS\""; } >&5 (: CPPFLAGS="$CPPFLAGS") 2>&5 ac_status=$? - $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 test $ac_status = 0; } ;; esac -else +else $as_nop CPPFLAGS=$f - { { $as_echo "$as_me:${as_lineno-$LINENO}: : CPPFLAGS=\"\$CPPFLAGS\""; } >&5 + { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: : CPPFLAGS=\"\$CPPFLAGS\""; } >&5 (: CPPFLAGS="$CPPFLAGS") 2>&5 ac_status=$? - $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 test $ac_status = 0; } fi @@ -21875,101 +23856,241 @@ done else # No pkg-config file present, try to do it manually - if test "$enable_openssl" != "yes"; then + O_LDFLAGS="$LDFLAGS" + if test "$enable_openssl" != "yes" -a "$enable_openssl" != "maybe"; then + + +if test ${LDFLAGS+y} +then : + + case " $LDFLAGS " in #( + *" -L${enable_openssl}/lib "*) : + { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: : LDFLAGS already contains -L\${enable_openssl}/lib"; } >&5 + (: LDFLAGS already contains -L${enable_openssl}/lib) 2>&5 + ac_status=$? + printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + test $ac_status = 0; } ;; #( + *) : + + as_fn_append LDFLAGS " -L${enable_openssl}/lib" + { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: : LDFLAGS=\"\$LDFLAGS\""; } >&5 + (: LDFLAGS="$LDFLAGS") 2>&5 + ac_status=$? + printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + test $ac_status = 0; } + ;; +esac -if ${CPPFLAGS+:} false; then : +else $as_nop + + LDFLAGS=-L${enable_openssl}/lib + { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: : LDFLAGS=\"\$LDFLAGS\""; } >&5 + (: LDFLAGS="$LDFLAGS") 2>&5 + ac_status=$? + printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + test $ac_status = 0; } + +fi + + if test X"$enable_rpath" = X"yes"; then + +if test ${LDFLAGS_R+y} +then : + + case " $LDFLAGS_R " in #( + *" -R${enable_openssl}/lib "*) : + { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: : LDFLAGS_R already contains -R\${enable_openssl}/lib"; } >&5 + (: LDFLAGS_R already contains -R${enable_openssl}/lib) 2>&5 + ac_status=$? + printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + test $ac_status = 0; } ;; #( + *) : + + as_fn_append LDFLAGS_R " -R${enable_openssl}/lib" + { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: : LDFLAGS_R=\"\$LDFLAGS_R\""; } >&5 + (: LDFLAGS_R="$LDFLAGS_R") 2>&5 + ac_status=$? + printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + test $ac_status = 0; } + ;; +esac + +else $as_nop + + LDFLAGS_R=-R${enable_openssl}/lib + { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: : LDFLAGS_R=\"\$LDFLAGS_R\""; } >&5 + (: LDFLAGS_R="$LDFLAGS_R") 2>&5 + ac_status=$? + printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + test $ac_status = 0; } + +fi + + fi + + fi + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for SSL_new in -lssl" >&5 +printf %s "checking for SSL_new in -lssl... " >&6; } +if test ${ac_cv_lib_ssl_SSL_new_lcrypto+y} +then : + printf %s "(cached) " >&6 +else $as_nop + ac_check_lib_save_LIBS=$LIBS +LIBS="-lssl -lcrypto $LIBS" +cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +/* Override any GCC internal prototype to avoid an error. + Use char because int might match the return type of a GCC + builtin and then its argument prototype would still apply. */ +char SSL_new (); +int +main (void) +{ +return SSL_new (); + ; + return 0; +} +_ACEOF +if ac_fn_c_try_link "$LINENO" +then : + ac_cv_lib_ssl_SSL_new_lcrypto=yes +else $as_nop + ac_cv_lib_ssl_SSL_new_lcrypto=no +fi +rm -f core conftest.err conftest.$ac_objext conftest.beam \ + conftest$ac_exeext conftest.$ac_ext +LIBS=$ac_check_lib_save_LIBS +fi +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_ssl_SSL_new_lcrypto" >&5 +printf "%s\n" "$ac_cv_lib_ssl_SSL_new_lcrypto" >&6; } +if test "x$ac_cv_lib_ssl_SSL_new_lcrypto" = xyes +then : + + # Check OPENSSL_VERSION_NUMBER in headers + O_CPPFLAGS="$CPPFLAGS" + if test "$enable_openssl" != "yes" -a "$enable_openssl" != "maybe"; then + # Note: we only reset CPPFLAGS on failure + +if test ${CPPFLAGS+y} +then : case " $CPPFLAGS " in #( *" -I${enable_openssl}/include "*) : - { { $as_echo "$as_me:${as_lineno-$LINENO}: : CPPFLAGS already contains -I\${enable_openssl}/include"; } >&5 + { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: : CPPFLAGS already contains -I\${enable_openssl}/include"; } >&5 (: CPPFLAGS already contains -I${enable_openssl}/include) 2>&5 ac_status=$? - $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 test $ac_status = 0; } ;; #( *) : as_fn_append CPPFLAGS " -I${enable_openssl}/include" - { { $as_echo "$as_me:${as_lineno-$LINENO}: : CPPFLAGS=\"\$CPPFLAGS\""; } >&5 + { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: : CPPFLAGS=\"\$CPPFLAGS\""; } >&5 (: CPPFLAGS="$CPPFLAGS") 2>&5 ac_status=$? - $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 test $ac_status = 0; } ;; esac -else +else $as_nop CPPFLAGS=-I${enable_openssl}/include - { { $as_echo "$as_me:${as_lineno-$LINENO}: : CPPFLAGS=\"\$CPPFLAGS\""; } >&5 + { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: : CPPFLAGS=\"\$CPPFLAGS\""; } >&5 (: CPPFLAGS="$CPPFLAGS") 2>&5 ac_status=$? - $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 test $ac_status = 0; } fi + fi + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +#include +#if !defined(OPENSSL_VERSION_NUMBER) || OPENSSL_VERSION_NUMBER < 0x1000100fL +#error "OpenSSL too old" +#endif + +int +main (void) +{ + + ; + return 0; +} +_ACEOF +if ac_fn_c_try_cpp "$LINENO" +then : + + # OpenSSL >= 1.0.1 detected, use it. + printf "%s\n" "#define HAVE_OPENSSL 1" >>confdefs.h + + if test "$enable_openssl" != "yes" -a "$enable_openssl" != "maybe"; then -if ${LIBMD+:} false; then : +if test ${LIBCRYPTO+y} +then : - case " $LIBMD " in #( + case " $LIBCRYPTO " in #( *" -L${enable_openssl}/lib "*) : - { { $as_echo "$as_me:${as_lineno-$LINENO}: : LIBMD already contains -L\${enable_openssl}/lib"; } >&5 - (: LIBMD already contains -L${enable_openssl}/lib) 2>&5 + { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: : LIBCRYPTO already contains -L\${enable_openssl}/lib"; } >&5 + (: LIBCRYPTO already contains -L${enable_openssl}/lib) 2>&5 ac_status=$? - $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 test $ac_status = 0; } ;; #( *) : - as_fn_append LIBMD " -L${enable_openssl}/lib" - { { $as_echo "$as_me:${as_lineno-$LINENO}: : LIBMD=\"\$LIBMD\""; } >&5 - (: LIBMD="$LIBMD") 2>&5 + as_fn_append LIBCRYPTO " -L${enable_openssl}/lib" + { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: : LIBCRYPTO=\"\$LIBCRYPTO\""; } >&5 + (: LIBCRYPTO="$LIBCRYPTO") 2>&5 ac_status=$? - $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 test $ac_status = 0; } ;; esac -else +else $as_nop - LIBMD=-L${enable_openssl}/lib - { { $as_echo "$as_me:${as_lineno-$LINENO}: : LIBMD=\"\$LIBMD\""; } >&5 - (: LIBMD="$LIBMD") 2>&5 + LIBCRYPTO=-L${enable_openssl}/lib + { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: : LIBCRYPTO=\"\$LIBCRYPTO\""; } >&5 + (: LIBCRYPTO="$LIBCRYPTO") 2>&5 ac_status=$? - $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 test $ac_status = 0; } fi if test X"$enable_rpath" = X"yes"; then -if ${LIBMD_R+:} false; then : +if test ${LIBCRYPTO_R+y} +then : - case " $LIBMD_R " in #( + case " $LIBCRYPTO_R " in #( *" -R${enable_openssl}/lib "*) : - { { $as_echo "$as_me:${as_lineno-$LINENO}: : LIBMD_R already contains -R\${enable_openssl}/lib"; } >&5 - (: LIBMD_R already contains -R${enable_openssl}/lib) 2>&5 + { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: : LIBCRYPTO_R already contains -R\${enable_openssl}/lib"; } >&5 + (: LIBCRYPTO_R already contains -R${enable_openssl}/lib) 2>&5 ac_status=$? - $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 test $ac_status = 0; } ;; #( *) : - as_fn_append LIBMD_R " -R${enable_openssl}/lib" - { { $as_echo "$as_me:${as_lineno-$LINENO}: : LIBMD_R=\"\$LIBMD_R\""; } >&5 - (: LIBMD_R="$LIBMD_R") 2>&5 + as_fn_append LIBCRYPTO_R " -R${enable_openssl}/lib" + { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: : LIBCRYPTO_R=\"\$LIBCRYPTO_R\""; } >&5 + (: LIBCRYPTO_R="$LIBCRYPTO_R") 2>&5 ac_status=$? - $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 test $ac_status = 0; } ;; esac -else +else $as_nop - LIBMD_R=-R${enable_openssl}/lib - { { $as_echo "$as_me:${as_lineno-$LINENO}: : LIBMD_R=\"\$LIBMD_R\""; } >&5 - (: LIBMD_R="$LIBMD_R") 2>&5 + LIBCRYPTO_R=-R${enable_openssl}/lib + { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: : LIBCRYPTO_R=\"\$LIBCRYPTO_R\""; } >&5 + (: LIBCRYPTO_R="$LIBCRYPTO_R") 2>&5 ac_status=$? - $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 test $ac_status = 0; } fi @@ -21978,287 +24099,1040 @@ -if ${LIBTLS+:} false; then : +if test ${LIBTLS+y} +then : case " $LIBTLS " in #( *" -L${enable_openssl}/lib "*) : - { { $as_echo "$as_me:${as_lineno-$LINENO}: : LIBTLS already contains -L\${enable_openssl}/lib"; } >&5 + { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: : LIBTLS already contains -L\${enable_openssl}/lib"; } >&5 (: LIBTLS already contains -L${enable_openssl}/lib) 2>&5 ac_status=$? - $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 test $ac_status = 0; } ;; #( *) : as_fn_append LIBTLS " -L${enable_openssl}/lib" - { { $as_echo "$as_me:${as_lineno-$LINENO}: : LIBTLS=\"\$LIBTLS\""; } >&5 + { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: : LIBTLS=\"\$LIBTLS\""; } >&5 (: LIBTLS="$LIBTLS") 2>&5 ac_status=$? - $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 test $ac_status = 0; } ;; esac -else +else $as_nop LIBTLS=-L${enable_openssl}/lib - { { $as_echo "$as_me:${as_lineno-$LINENO}: : LIBTLS=\"\$LIBTLS\""; } >&5 + { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: : LIBTLS=\"\$LIBTLS\""; } >&5 (: LIBTLS="$LIBTLS") 2>&5 ac_status=$? - $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 test $ac_status = 0; } fi if test X"$enable_rpath" = X"yes"; then -if ${LIBTLS_R+:} false; then : +if test ${LIBTLS_R+y} +then : case " $LIBTLS_R " in #( *" -R${enable_openssl}/lib "*) : - { { $as_echo "$as_me:${as_lineno-$LINENO}: : LIBTLS_R already contains -R\${enable_openssl}/lib"; } >&5 + { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: : LIBTLS_R already contains -R\${enable_openssl}/lib"; } >&5 (: LIBTLS_R already contains -R${enable_openssl}/lib) 2>&5 ac_status=$? - $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 test $ac_status = 0; } ;; #( *) : as_fn_append LIBTLS_R " -R${enable_openssl}/lib" - { { $as_echo "$as_me:${as_lineno-$LINENO}: : LIBTLS_R=\"\$LIBTLS_R\""; } >&5 + { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: : LIBTLS_R=\"\$LIBTLS_R\""; } >&5 (: LIBTLS_R="$LIBTLS_R") 2>&5 ac_status=$? - $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 test $ac_status = 0; } ;; esac -else +else $as_nop LIBTLS_R=-R${enable_openssl}/lib - { { $as_echo "$as_me:${as_lineno-$LINENO}: : LIBTLS_R=\"\$LIBTLS_R\""; } >&5 + { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: : LIBTLS_R=\"\$LIBTLS_R\""; } >&5 (: LIBTLS_R="$LIBTLS_R") 2>&5 ac_status=$? - $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 test $ac_status = 0; } fi fi - fi - LIBMD="${LIBMD} -lcrypto" - LIBTLS="${LIBTLS} -lcrypto -lssl" + else + enable_openssl=yes + fi + LIBCRYPTO="${LIBCRYPTO} -lcrypto" + LIBTLS="${LIBTLS} -lssl -lcrypto" + + # Use OpenSSL's sha2 functions if possible + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for EVP_MD_CTX_new in -lcrypto" >&5 +printf %s "checking for EVP_MD_CTX_new in -lcrypto... " >&6; } +if test ${ac_cv_lib_crypto_EVP_MD_CTX_new+y} +then : + printf %s "(cached) " >&6 +else $as_nop + ac_check_lib_save_LIBS=$LIBS +LIBS="-lcrypto $LIBS" +cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +/* Override any GCC internal prototype to avoid an error. + Use char because int might match the return type of a GCC + builtin and then its argument prototype would still apply. */ +char EVP_MD_CTX_new (); +int +main (void) +{ +return EVP_MD_CTX_new (); + ; + return 0; +} +_ACEOF +if ac_fn_c_try_link "$LINENO" +then : + ac_cv_lib_crypto_EVP_MD_CTX_new=yes +else $as_nop + ac_cv_lib_crypto_EVP_MD_CTX_new=no +fi +rm -f core conftest.err conftest.$ac_objext conftest.beam \ + conftest$ac_exeext conftest.$ac_ext +LIBS=$ac_check_lib_save_LIBS +fi +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_crypto_EVP_MD_CTX_new" >&5 +printf "%s\n" "$ac_cv_lib_crypto_EVP_MD_CTX_new" >&6; } +if test "x$ac_cv_lib_crypto_EVP_MD_CTX_new" = xyes +then : + + DIGEST=digest_openssl.lo + +fi + + +else $as_nop + + # OpenSSL < 1.0.1 detected, ignore it. + if test "$enable_openssl" = "maybe"; then + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: WARNING: OpenSSL too old (1.0.1 or higher required), Sudo logsrv connections will not be encrypted." >&5 +printf "%s\n" "$as_me: WARNING: OpenSSL too old (1.0.1 or higher required), Sudo logsrv connections will not be encrypted." >&2;} + enable_openssl=no + else + as_fn_error $? "OpenSSL too old (1.0.1 or higher required)." "$LINENO" 5 + fi + CPPFLAGS="$O_CPPFLAGS" + +fi +rm -f conftest.err conftest.i conftest.$ac_ext + +else $as_nop + + if test "$enable_openssl" = "maybe"; then + openssl_missing=yes + enable_openssl=no + else + as_fn_error $? "OpenSSL development libraries not found." "$LINENO" 5 + fi + +fi + + LDFLAGS="$O_LDFLAGS" fi - if test "$enable_openssl" != "yes"; then - unset PKG_CONFIG_LIBDIR + if test "$enable_openssl" != "yes" -a "$enable_openssl" != "maybe"; then + unset PKG_CONFIG_LIBDIRS fi - +fi +if test "${enable_openssl-no}" != no; then OLIBS="$LIBS" LIBS="$LIBS $LIBTLS" - for ac_func in X509_STORE_CTX_get0_cert ASN1_STRING_get0_data SSL_CTX_get0_certificate TLS_client_method TLS_server_method -do : - as_ac_var=`$as_echo "ac_cv_func_$ac_func" | $as_tr_sh` -ac_fn_c_check_func "$LINENO" "$ac_func" "$as_ac_var" -if eval test \"x\$"$as_ac_var"\" = x"yes"; then : - cat >>confdefs.h <<_ACEOF -#define `$as_echo "HAVE_$ac_func" | $as_tr_cpp` 1 -_ACEOF + ac_fn_c_check_func "$LINENO" "X509_STORE_CTX_get0_cert" "ac_cv_func_X509_STORE_CTX_get0_cert" +if test "x$ac_cv_func_X509_STORE_CTX_get0_cert" = xyes +then : + printf "%s\n" "#define HAVE_X509_STORE_CTX_GET0_CERT 1" >>confdefs.h + +fi +ac_fn_c_check_func "$LINENO" "ASN1_STRING_get0_data" "ac_cv_func_ASN1_STRING_get0_data" +if test "x$ac_cv_func_ASN1_STRING_get0_data" = xyes +then : + printf "%s\n" "#define HAVE_ASN1_STRING_GET0_DATA 1" >>confdefs.h + +fi +ac_fn_c_check_func "$LINENO" "SSL_CTX_get0_certificate" "ac_cv_func_SSL_CTX_get0_certificate" +if test "x$ac_cv_func_SSL_CTX_get0_certificate" = xyes +then : + printf "%s\n" "#define HAVE_SSL_CTX_GET0_CERTIFICATE 1" >>confdefs.h + +fi +ac_fn_c_check_func "$LINENO" "SSL_CTX_set0_tmp_dh_pkey" "ac_cv_func_SSL_CTX_set0_tmp_dh_pkey" +if test "x$ac_cv_func_SSL_CTX_set0_tmp_dh_pkey" = xyes +then : + printf "%s\n" "#define HAVE_SSL_CTX_SET0_TMP_DH_PKEY 1" >>confdefs.h + +fi +ac_fn_c_check_func "$LINENO" "TLS_method" "ac_cv_func_TLS_method" +if test "x$ac_cv_func_TLS_method" = xyes +then : + printf "%s\n" "#define HAVE_TLS_METHOD 1" >>confdefs.h fi -done # SSL_CTX_set_min_proto_version may be a macro - ac_fn_c_check_decl "$LINENO" "SSL_CTX_set_min_proto_version" "ac_cv_have_decl_SSL_CTX_set_min_proto_version" " + ac_fn_check_decl "$LINENO" "SSL_CTX_set_min_proto_version" "ac_cv_have_decl_SSL_CTX_set_min_proto_version" " $ac_includes_default #include -" -if test "x$ac_cv_have_decl_SSL_CTX_set_min_proto_version" = xyes; then : - $as_echo "#define HAVE_SSL_CTX_SET_MIN_PROTO_VERSION 1" >>confdefs.h +" "$ac_c_undeclared_builtin_options" "CFLAGS" +if test "x$ac_cv_have_decl_SSL_CTX_set_min_proto_version" = xyes +then : + printf "%s\n" "#define HAVE_SSL_CTX_SET_MIN_PROTO_VERSION 1" >>confdefs.h fi - # LibreSSL TLS 1.3 support may not be enabled, check for declaration too. ac_fn_c_check_func "$LINENO" "SSL_CTX_set_ciphersuites" "ac_cv_func_SSL_CTX_set_ciphersuites" -if test "x$ac_cv_func_SSL_CTX_set_ciphersuites" = xyes; then : +if test "x$ac_cv_func_SSL_CTX_set_ciphersuites" = xyes +then : - ac_fn_c_check_decl "$LINENO" "SSL_CTX_set_ciphersuites" "ac_cv_have_decl_SSL_CTX_set_ciphersuites" " + ac_fn_check_decl "$LINENO" "SSL_CTX_set_ciphersuites" "ac_cv_have_decl_SSL_CTX_set_ciphersuites" " $ac_includes_default #include -" -if test "x$ac_cv_have_decl_SSL_CTX_set_ciphersuites" = xyes; then : - $as_echo "#define HAVE_SSL_CTX_SET_CIPHERSUITES 1" >>confdefs.h +" "$ac_c_undeclared_builtin_options" "CFLAGS" +if test "x$ac_cv_have_decl_SSL_CTX_set_ciphersuites" = xyes +then : + printf "%s\n" "#define HAVE_SSL_CTX_SET_CIPHERSUITES 1" >>confdefs.h fi - fi LIBS="$OLIBS" elif test "${enable_gcrypt-no}" != no; then # Use gcrypt's sha2 functions - $as_echo "#define HAVE_GCRYPT 1" >>confdefs.h + printf "%s\n" "#define HAVE_GCRYPT 1" >>confdefs.h DIGEST=digest_gcrypt.lo LIBMD="-lgcrypt" if test "$enable_gcrypt" != "yes"; then -if ${CPPFLAGS+:} false; then : +if test ${CPPFLAGS+y} +then : case " $CPPFLAGS " in #( *" -I${enable_gcrypt}/include "*) : - { { $as_echo "$as_me:${as_lineno-$LINENO}: : CPPFLAGS already contains -I\${enable_gcrypt}/include"; } >&5 + { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: : CPPFLAGS already contains -I\${enable_gcrypt}/include"; } >&5 (: CPPFLAGS already contains -I${enable_gcrypt}/include) 2>&5 ac_status=$? - $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 test $ac_status = 0; } ;; #( *) : as_fn_append CPPFLAGS " -I${enable_gcrypt}/include" - { { $as_echo "$as_me:${as_lineno-$LINENO}: : CPPFLAGS=\"\$CPPFLAGS\""; } >&5 + { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: : CPPFLAGS=\"\$CPPFLAGS\""; } >&5 (: CPPFLAGS="$CPPFLAGS") 2>&5 ac_status=$? - $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 test $ac_status = 0; } ;; esac -else +else $as_nop CPPFLAGS=-I${enable_gcrypt}/include - { { $as_echo "$as_me:${as_lineno-$LINENO}: : CPPFLAGS=\"\$CPPFLAGS\""; } >&5 + { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: : CPPFLAGS=\"\$CPPFLAGS\""; } >&5 (: CPPFLAGS="$CPPFLAGS") 2>&5 ac_status=$? - $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 test $ac_status = 0; } fi -if ${LDFLAGS+:} false; then : +if test ${LDFLAGS+y} +then : case " $LDFLAGS " in #( *" -L${enable_gcrypt}/lib "*) : - { { $as_echo "$as_me:${as_lineno-$LINENO}: : LDFLAGS already contains -L\${enable_gcrypt}/lib"; } >&5 + { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: : LDFLAGS already contains -L\${enable_gcrypt}/lib"; } >&5 (: LDFLAGS already contains -L${enable_gcrypt}/lib) 2>&5 ac_status=$? - $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 test $ac_status = 0; } ;; #( *) : as_fn_append LDFLAGS " -L${enable_gcrypt}/lib" - { { $as_echo "$as_me:${as_lineno-$LINENO}: : LDFLAGS=\"\$LDFLAGS\""; } >&5 + { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: : LDFLAGS=\"\$LDFLAGS\""; } >&5 (: LDFLAGS="$LDFLAGS") 2>&5 ac_status=$? - $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 test $ac_status = 0; } ;; esac -else +else $as_nop LDFLAGS=-L${enable_gcrypt}/lib - { { $as_echo "$as_me:${as_lineno-$LINENO}: : LDFLAGS=\"\$LDFLAGS\""; } >&5 + { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: : LDFLAGS=\"\$LDFLAGS\""; } >&5 (: LDFLAGS="$LDFLAGS") 2>&5 ac_status=$? - $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 test $ac_status = 0; } fi if test X"$enable_rpath" = X"yes"; then -if ${LDFLAGS_R+:} false; then : +if test ${LDFLAGS_R+y} +then : case " $LDFLAGS_R " in #( *" -R${enable_gcrypt}/lib "*) : - { { $as_echo "$as_me:${as_lineno-$LINENO}: : LDFLAGS_R already contains -R\${enable_gcrypt}/lib"; } >&5 + { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: : LDFLAGS_R already contains -R\${enable_gcrypt}/lib"; } >&5 (: LDFLAGS_R already contains -R${enable_gcrypt}/lib) 2>&5 ac_status=$? - $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 test $ac_status = 0; } ;; #( *) : as_fn_append LDFLAGS_R " -R${enable_gcrypt}/lib" - { { $as_echo "$as_me:${as_lineno-$LINENO}: : LDFLAGS_R=\"\$LDFLAGS_R\""; } >&5 + { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: : LDFLAGS_R=\"\$LDFLAGS_R\""; } >&5 (: LDFLAGS_R="$LDFLAGS_R") 2>&5 ac_status=$? - $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 test $ac_status = 0; } ;; esac -else +else $as_nop LDFLAGS_R=-R${enable_gcrypt}/lib - { { $as_echo "$as_me:${as_lineno-$LINENO}: : LDFLAGS_R=\"\$LDFLAGS_R\""; } >&5 + { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: : LDFLAGS_R=\"\$LDFLAGS_R\""; } >&5 (: LDFLAGS_R="$LDFLAGS_R") 2>&5 ac_status=$? - $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + test $ac_status = 0; } + +fi + + fi + + fi +fi +if test "${enable_wolfssl-no}" != no; then + # Use pkg-config to find the wolfssl cflags and libs if possible. + if test "$enable_wolfssl" != "yes"; then + PKG_CONFIG_LIBDIR="${enable_wolfssl}/lib/pkgconfig:${enable_wolfssl}/lib64/pkgconfig:${enable_wolfssl}/share/pkgconfig" + export PKG_CONFIG_LIBDIR + elif test "$cross_compiling" = "yes" -a -z "$PKG_CONFIG"; then + # Cannot use pkg-config when cross-compiling + PKG_CONFIG=false + fi + : ${PKG_CONFIG='pkg-config'} + if $PKG_CONFIG --exists wolfssl >/dev/null 2>&1; then + printf "%s\n" "#define HAVE_OPENSSL 1" >>confdefs.h + + printf "%s\n" "#define HAVE_WOLFSSL 1" >>confdefs.h + + + O_CPPFLAGS="$CPPFLAGS" + CPPFLAGS="$CPPFLAGS `$PKG_CONFIG --cflags-only-I wolfssl`" + O_LDFLAGS="$LDFLAGS" + LDFLAGS="$LDFLAGS `$PKG_CONFIG --libs-only-L wolfssl`" + + # Check whether --static is needed + libssl="`$PKG_CONFIG --libs-only-l wolfssl | sed 's/^ *-l//'`" + libssl_extra=`echo $libssl | sed 's/^[^ ]* *//'` + libssl=`echo $libssl | sed 's/ .*//'` + as_ac_Lib=`printf "%s\n" "ac_cv_lib_$libssl''_wolfSSL_new$libssl_extra" | $as_tr_sh` +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for wolfSSL_new in -l$libssl" >&5 +printf %s "checking for wolfSSL_new in -l$libssl... " >&6; } +if eval test \${$as_ac_Lib+y} +then : + printf %s "(cached) " >&6 +else $as_nop + ac_check_lib_save_LIBS=$LIBS +LIBS="-l$libssl $libssl_extra $LIBS" +cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +/* Override any GCC internal prototype to avoid an error. + Use char because int might match the return type of a GCC + builtin and then its argument prototype would still apply. */ +char wolfSSL_new (); +int +main (void) +{ +return wolfSSL_new (); + ; + return 0; +} +_ACEOF +if ac_fn_c_try_link "$LINENO" +then : + eval "$as_ac_Lib=yes" +else $as_nop + eval "$as_ac_Lib=no" +fi +rm -f core conftest.err conftest.$ac_objext conftest.beam \ + conftest$ac_exeext conftest.$ac_ext +LIBS=$ac_check_lib_save_LIBS +fi +eval ac_res=\$$as_ac_Lib + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_res" >&5 +printf "%s\n" "$ac_res" >&6; } +if eval test \"x\$"$as_ac_Lib"\" = x"yes" +then : + STATIC="" +else $as_nop + STATIC="--static" +fi + + + # Use wolfSSL's sha2 functions if possible + ac_fn_check_decl "$LINENO" "EVP_MD_CTX_new" "ac_cv_have_decl_EVP_MD_CTX_new" " + $ac_includes_default + #include + #include + +" "$ac_c_undeclared_builtin_options" "CFLAGS" +if test "x$ac_cv_have_decl_EVP_MD_CTX_new" = xyes +then : + DIGEST=digest_openssl.lo +fi + CPPFLAGS="$O_CPPFLAGS" + LDFLAGS="$O_LDFLAGS" + + # Use pkg-config to determine wolfSSL libs and cflags + for f in `$PKG_CONFIG $STATIC --libs wolfssl`; do + case "$f" in + -L*) + f="${f#-L}" + + +if test ${LIBTLS+y} +then : + + case " $LIBTLS " in #( + *" -L$f "*) : + { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: : LIBTLS already contains -L\$f"; } >&5 + (: LIBTLS already contains -L$f) 2>&5 + ac_status=$? + printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + test $ac_status = 0; } ;; #( + *) : + + as_fn_append LIBTLS " -L$f" + { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: : LIBTLS=\"\$LIBTLS\""; } >&5 + (: LIBTLS="$LIBTLS") 2>&5 + ac_status=$? + printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + test $ac_status = 0; } + ;; +esac + +else $as_nop + + LIBTLS=-L$f + { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: : LIBTLS=\"\$LIBTLS\""; } >&5 + (: LIBTLS="$LIBTLS") 2>&5 + ac_status=$? + printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + test $ac_status = 0; } + +fi + + if test X"$enable_rpath" = X"yes"; then + +if test ${LIBTLS_R+y} +then : + + case " $LIBTLS_R " in #( + *" -R$f "*) : + { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: : LIBTLS_R already contains -R\$f"; } >&5 + (: LIBTLS_R already contains -R$f) 2>&5 + ac_status=$? + printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + test $ac_status = 0; } ;; #( + *) : + + as_fn_append LIBTLS_R " -R$f" + { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: : LIBTLS_R=\"\$LIBTLS_R\""; } >&5 + (: LIBTLS_R="$LIBTLS_R") 2>&5 + ac_status=$? + printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + test $ac_status = 0; } + ;; +esac + +else $as_nop + + LIBTLS_R=-R$f + { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: : LIBTLS_R=\"\$LIBTLS_R\""; } >&5 + (: LIBTLS_R="$LIBTLS_R") 2>&5 + ac_status=$? + printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + test $ac_status = 0; } + +fi + + fi + + ;; + *) + +if test ${LIBTLS+y} +then : + + case " $LIBTLS " in #( + *" $f "*) : + { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: : LIBTLS already contains \$f"; } >&5 + (: LIBTLS already contains $f) 2>&5 + ac_status=$? + printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + test $ac_status = 0; } ;; #( + *) : + + as_fn_append LIBTLS " $f" + { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: : LIBTLS=\"\$LIBTLS\""; } >&5 + (: LIBTLS="$LIBTLS") 2>&5 + ac_status=$? + printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + test $ac_status = 0; } + ;; +esac + +else $as_nop + + LIBTLS=$f + { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: : LIBTLS=\"\$LIBTLS\""; } >&5 + (: LIBTLS="$LIBTLS") 2>&5 + ac_status=$? + printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + test $ac_status = 0; } + +fi + + ;; + esac + done + # No separate pkg config for libcrypto + LIBCRYPTO="$LIBTLS" + LIBCRYPTO_R="$LIBTLS_R" + for f in `$PKG_CONFIG --cflags-only-I wolfssl`; do + +if test ${CPPFLAGS+y} +then : + + case " $CPPFLAGS " in #( + *" $f "*) : + { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: : CPPFLAGS already contains \$f"; } >&5 + (: CPPFLAGS already contains $f) 2>&5 + ac_status=$? + printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + test $ac_status = 0; } ;; #( + *) : + + as_fn_append CPPFLAGS " $f" + { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: : CPPFLAGS=\"\$CPPFLAGS\""; } >&5 + (: CPPFLAGS="$CPPFLAGS") 2>&5 + ac_status=$? + printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + test $ac_status = 0; } + ;; +esac + +else $as_nop + + CPPFLAGS=$f + { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: : CPPFLAGS=\"\$CPPFLAGS\""; } >&5 + (: CPPFLAGS="$CPPFLAGS") 2>&5 + ac_status=$? + printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + test $ac_status = 0; } + +fi + + # So we find the openssl compat headers under wolfssl + +if test ${CPPFLAGS+y} +then : + + case " $CPPFLAGS " in #( + *" $f/wolfssl "*) : + { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: : CPPFLAGS already contains \$f/wolfssl"; } >&5 + (: CPPFLAGS already contains $f/wolfssl) 2>&5 + ac_status=$? + printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + test $ac_status = 0; } ;; #( + *) : + + as_fn_append CPPFLAGS " $f/wolfssl" + { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: : CPPFLAGS=\"\$CPPFLAGS\""; } >&5 + (: CPPFLAGS="$CPPFLAGS") 2>&5 + ac_status=$? + printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + test $ac_status = 0; } + ;; +esac + +else $as_nop + + CPPFLAGS=$f/wolfssl + { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: : CPPFLAGS=\"\$CPPFLAGS\""; } >&5 + (: CPPFLAGS="$CPPFLAGS") 2>&5 + ac_status=$? + printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + test $ac_status = 0; } + +fi + + done + if test "$CPPFLAGS" = "$O_CPPFLAGS"; then + # So we find the openssl compat headers under wolfssl (XXX) + +if test ${CPPFLAGS+y} +then : + + case " $CPPFLAGS " in #( + *" -I/usr/include/wolfssl "*) : + { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: : CPPFLAGS already contains -I/usr/include/wolfssl"; } >&5 + (: CPPFLAGS already contains -I/usr/include/wolfssl) 2>&5 + ac_status=$? + printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + test $ac_status = 0; } ;; #( + *) : + + as_fn_append CPPFLAGS " -I/usr/include/wolfssl" + { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: : CPPFLAGS=\"\$CPPFLAGS\""; } >&5 + (: CPPFLAGS="$CPPFLAGS") 2>&5 + ac_status=$? + printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + test $ac_status = 0; } + ;; +esac + +else $as_nop + + CPPFLAGS=-I/usr/include/wolfssl + { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: : CPPFLAGS=\"\$CPPFLAGS\""; } >&5 + (: CPPFLAGS="$CPPFLAGS") 2>&5 + ac_status=$? + printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + test $ac_status = 0; } + +fi + + fi + else + printf "%s\n" "#define HAVE_OPENSSL 1" >>confdefs.h + + printf "%s\n" "#define HAVE_WOLFSSL 1" >>confdefs.h + + + # No pkg-config file present, try to do it manually + if test "$enable_wolfssl" != "yes"; then + + +if test ${LIBCRYPTO+y} +then : + + case " $LIBCRYPTO " in #( + *" -L${enable_wolfssl}/lib "*) : + { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: : LIBCRYPTO already contains -L\${enable_wolfssl}/lib"; } >&5 + (: LIBCRYPTO already contains -L${enable_wolfssl}/lib) 2>&5 + ac_status=$? + printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + test $ac_status = 0; } ;; #( + *) : + + as_fn_append LIBCRYPTO " -L${enable_wolfssl}/lib" + { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: : LIBCRYPTO=\"\$LIBCRYPTO\""; } >&5 + (: LIBCRYPTO="$LIBCRYPTO") 2>&5 + ac_status=$? + printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + test $ac_status = 0; } + ;; +esac + +else $as_nop + + LIBCRYPTO=-L${enable_wolfssl}/lib + { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: : LIBCRYPTO=\"\$LIBCRYPTO\""; } >&5 + (: LIBCRYPTO="$LIBCRYPTO") 2>&5 + ac_status=$? + printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + test $ac_status = 0; } + +fi + + if test X"$enable_rpath" = X"yes"; then + +if test ${LIBCRYPTO_R+y} +then : + + case " $LIBCRYPTO_R " in #( + *" -R${enable_wolfssl}/lib "*) : + { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: : LIBCRYPTO_R already contains -R\${enable_wolfssl}/lib"; } >&5 + (: LIBCRYPTO_R already contains -R${enable_wolfssl}/lib) 2>&5 + ac_status=$? + printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + test $ac_status = 0; } ;; #( + *) : + + as_fn_append LIBCRYPTO_R " -R${enable_wolfssl}/lib" + { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: : LIBCRYPTO_R=\"\$LIBCRYPTO_R\""; } >&5 + (: LIBCRYPTO_R="$LIBCRYPTO_R") 2>&5 + ac_status=$? + printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + test $ac_status = 0; } + ;; +esac + +else $as_nop + + LIBCRYPTO_R=-R${enable_wolfssl}/lib + { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: : LIBCRYPTO_R=\"\$LIBCRYPTO_R\""; } >&5 + (: LIBCRYPTO_R="$LIBCRYPTO_R") 2>&5 + ac_status=$? + printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 test $ac_status = 0; } fi fi + + +if test ${LIBTLS+y} +then : + + case " $LIBTLS " in #( + *" -L${enable_wolfssl}/lib "*) : + { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: : LIBTLS already contains -L\${enable_wolfssl}/lib"; } >&5 + (: LIBTLS already contains -L${enable_wolfssl}/lib) 2>&5 + ac_status=$? + printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + test $ac_status = 0; } ;; #( + *) : + + as_fn_append LIBTLS " -L${enable_wolfssl}/lib" + { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: : LIBTLS=\"\$LIBTLS\""; } >&5 + (: LIBTLS="$LIBTLS") 2>&5 + ac_status=$? + printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + test $ac_status = 0; } + ;; +esac + +else $as_nop + + LIBTLS=-L${enable_wolfssl}/lib + { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: : LIBTLS=\"\$LIBTLS\""; } >&5 + (: LIBTLS="$LIBTLS") 2>&5 + ac_status=$? + printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + test $ac_status = 0; } + +fi + + if test X"$enable_rpath" = X"yes"; then + +if test ${LIBTLS_R+y} +then : + + case " $LIBTLS_R " in #( + *" -R${enable_wolfssl}/lib "*) : + { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: : LIBTLS_R already contains -R\${enable_wolfssl}/lib"; } >&5 + (: LIBTLS_R already contains -R${enable_wolfssl}/lib) 2>&5 + ac_status=$? + printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + test $ac_status = 0; } ;; #( + *) : + + as_fn_append LIBTLS_R " -R${enable_wolfssl}/lib" + { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: : LIBTLS_R=\"\$LIBTLS_R\""; } >&5 + (: LIBTLS_R="$LIBTLS_R") 2>&5 + ac_status=$? + printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + test $ac_status = 0; } + ;; +esac + +else $as_nop + + LIBTLS_R=-R${enable_wolfssl}/lib + { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: : LIBTLS_R=\"\$LIBTLS_R\""; } >&5 + (: LIBTLS_R="$LIBTLS_R") 2>&5 + ac_status=$? + printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + test $ac_status = 0; } + +fi + fi + + +if test ${CPPFLAGS+y} +then : + + case " $CPPFLAGS " in #( + *" -I${enable_wolfssl}/include "*) : + { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: : CPPFLAGS already contains -I\${enable_wolfssl}/include"; } >&5 + (: CPPFLAGS already contains -I${enable_wolfssl}/include) 2>&5 + ac_status=$? + printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + test $ac_status = 0; } ;; #( + *) : + + as_fn_append CPPFLAGS " -I${enable_wolfssl}/include" + { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: : CPPFLAGS=\"\$CPPFLAGS\""; } >&5 + (: CPPFLAGS="$CPPFLAGS") 2>&5 + ac_status=$? + printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + test $ac_status = 0; } + ;; +esac + +else $as_nop + + CPPFLAGS=-I${enable_wolfssl}/include + { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: : CPPFLAGS=\"\$CPPFLAGS\""; } >&5 + (: CPPFLAGS="$CPPFLAGS") 2>&5 + ac_status=$? + printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + test $ac_status = 0; } + +fi + + # So we find the openssl compat headers under wolfssl + +if test ${CPPFLAGS+y} +then : + + case " $CPPFLAGS " in #( + *" -I${enable_wolfssl}/include/wolfssl "*) : + { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: : CPPFLAGS already contains -I\${enable_wolfssl}/include/wolfssl"; } >&5 + (: CPPFLAGS already contains -I${enable_wolfssl}/include/wolfssl) 2>&5 + ac_status=$? + printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + test $ac_status = 0; } ;; #( + *) : + + as_fn_append CPPFLAGS " -I${enable_wolfssl}/include/wolfssl" + { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: : CPPFLAGS=\"\$CPPFLAGS\""; } >&5 + (: CPPFLAGS="$CPPFLAGS") 2>&5 + ac_status=$? + printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + test $ac_status = 0; } + ;; +esac + +else $as_nop + + CPPFLAGS=-I${enable_wolfssl}/include/wolfssl + { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: : CPPFLAGS=\"\$CPPFLAGS\""; } >&5 + (: CPPFLAGS="$CPPFLAGS") 2>&5 + ac_status=$? + printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + test $ac_status = 0; } + +fi + + else + # So we find the openssl compat headers under wolfssl (XXX) + +if test ${CPPFLAGS+y} +then : + + case " $CPPFLAGS " in #( + *" -I/usr/include/wolfssl "*) : + { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: : CPPFLAGS already contains -I/usr/include/wolfssl"; } >&5 + (: CPPFLAGS already contains -I/usr/include/wolfssl) 2>&5 + ac_status=$? + printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + test $ac_status = 0; } ;; #( + *) : + + as_fn_append CPPFLAGS " -I/usr/include/wolfssl" + { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: : CPPFLAGS=\"\$CPPFLAGS\""; } >&5 + (: CPPFLAGS="$CPPFLAGS") 2>&5 + ac_status=$? + printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + test $ac_status = 0; } + ;; +esac + +else $as_nop + + CPPFLAGS=-I/usr/include/wolfssl + { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: : CPPFLAGS=\"\$CPPFLAGS\""; } >&5 + (: CPPFLAGS="$CPPFLAGS") 2>&5 + ac_status=$? + printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + test $ac_status = 0; } + +fi + + fi + LIBTLS="${LIBTLS} -lwolfssl" + LIBCRYPTO="${LIBCRYPTO} -lwolfssl" + + # Use wolfSSL's sha2 functions if possible + ac_fn_check_decl "$LINENO" "EVP_MD_CTX_new" "ac_cv_have_decl_EVP_MD_CTX_new" " + $ac_includes_default + #include + #include + +" "$ac_c_undeclared_builtin_options" "CFLAGS" +if test "x$ac_cv_have_decl_EVP_MD_CTX_new" = xyes +then : + DIGEST=digest_openssl.lo +fi + fi + ac_fn_check_decl "$LINENO" "X509_STORE_CTX_get0_cert" "ac_cv_have_decl_X509_STORE_CTX_get0_cert" " + $ac_includes_default + #include + #include + +" "$ac_c_undeclared_builtin_options" "CFLAGS" +if test "x$ac_cv_have_decl_X509_STORE_CTX_get0_cert" = xyes +then : + printf "%s\n" "#define HAVE_X509_STORE_CTX_GET0_CERT 1" >>confdefs.h + +fi + ac_fn_check_decl "$LINENO" "ASN1_STRING_get0_data" "ac_cv_have_decl_ASN1_STRING_get0_data" " + $ac_includes_default + #include + #include + +" "$ac_c_undeclared_builtin_options" "CFLAGS" +if test "x$ac_cv_have_decl_ASN1_STRING_get0_data" = xyes +then : + printf "%s\n" "#define HAVE_ASN1_STRING_GET0_DATA 1" >>confdefs.h + +fi + ac_fn_check_decl "$LINENO" "SSL_CTX_get0_certificate" "ac_cv_have_decl_SSL_CTX_get0_certificate" " + $ac_includes_default + #include + #include + +" "$ac_c_undeclared_builtin_options" "CFLAGS" +if test "x$ac_cv_have_decl_SSL_CTX_get0_certificate" = xyes +then : + printf "%s\n" "#define HAVE_SSL_CTX_GET0_CERTIFICATE 1" >>confdefs.h + +fi + ac_fn_check_decl "$LINENO" "SSL_CTX_set0_tmp_dh_pkey" "ac_cv_have_decl_SSL_CTX_set0_tmp_dh_pkey" " + $ac_includes_default + #include + #include + +" "$ac_c_undeclared_builtin_options" "CFLAGS" +if test "x$ac_cv_have_decl_SSL_CTX_set0_tmp_dh_pkey" = xyes +then : + printf "%s\n" "#define HAVE_SSL_CTX_SET0_TMP_DH_PKEY 1" >>confdefs.h + +fi + ac_fn_check_decl "$LINENO" "TLS_method" "ac_cv_have_decl_TLS_method" " + $ac_includes_default + #include + #include + +" "$ac_c_undeclared_builtin_options" "CFLAGS" +if test "x$ac_cv_have_decl_TLS_method" = xyes +then : + printf "%s\n" "#define HAVE_TLS_METHOD 1" >>confdefs.h + +fi + ac_fn_check_decl "$LINENO" "SSL_CTX_set_min_proto_version" "ac_cv_have_decl_SSL_CTX_set_min_proto_version" " + $ac_includes_default + #include + #include + +" "$ac_c_undeclared_builtin_options" "CFLAGS" +if test "x$ac_cv_have_decl_SSL_CTX_set_min_proto_version" = xyes +then : + printf "%s\n" "#define HAVE_SSL_CTX_SET_MIN_PROTO_VERSION 1" >>confdefs.h + +fi + ac_fn_check_decl "$LINENO" "SSL_CTX_set_ciphersuites" "ac_cv_have_decl_SSL_CTX_set_ciphersuites" " + $ac_includes_default + #include + #include + +" "$ac_c_undeclared_builtin_options" "CFLAGS" +if test "x$ac_cv_have_decl_SSL_CTX_set_ciphersuites" = xyes +then : + printf "%s\n" "#define HAVE_SSL_CTX_SET_CIPHERSUITES 1" >>confdefs.h + +fi fi if test "$DIGEST" = "digest.lo"; then FOUND_SHA2=no - ac_fn_c_check_header_mongrel "$LINENO" "sha2.h" "ac_cv_header_sha2_h" "$ac_includes_default" -if test "x$ac_cv_header_sha2_h" = xyes; then : + ac_fn_c_check_header_compile "$LINENO" "sha2.h" "ac_cv_header_sha2_h" "$ac_includes_default" +if test "x$ac_cv_header_sha2_h" = xyes +then : FOUND_SHA2=yes - for ac_func in SHA224Update + + for ac_func in SHA224Update do : ac_fn_c_check_func "$LINENO" "SHA224Update" "ac_cv_func_SHA224Update" -if test "x$ac_cv_func_SHA224Update" = xyes; then : - cat >>confdefs.h <<_ACEOF -#define HAVE_SHA224UPDATE 1 -_ACEOF - { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether the data argument of SHA224Update() is void *" >&5 -$as_echo_n "checking whether the data argument of SHA224Update() is void *... " >&6; } -if ${sudo_cv_func_sha2_void_ptr+:} false; then : - $as_echo_n "(cached) " >&6 -else +if test "x$ac_cv_func_SHA224Update" = xyes +then : + printf "%s\n" "#define HAVE_SHA224UPDATE 1" >>confdefs.h + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking whether the data argument of SHA224Update() is void *" >&5 +printf %s "checking whether the data argument of SHA224Update() is void *... " >&6; } +if test ${sudo_cv_func_sha2_void_ptr+y} +then : + printf %s "(cached) " >&6 +else $as_nop cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ $ac_includes_default #include void SHA224Update(SHA2_CTX *context, const void *data, size_t len) {return;} int -main () +main (void) { ; return 0; } _ACEOF -if ac_fn_c_try_compile "$LINENO"; then : +if ac_fn_c_try_compile "$LINENO" +then : sudo_cv_func_sha2_void_ptr=yes -else +else $as_nop sudo_cv_func_sha2_void_ptr=no fi -rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext +rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $sudo_cv_func_sha2_void_ptr" >&5 -$as_echo "$sudo_cv_func_sha2_void_ptr" >&6; } +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $sudo_cv_func_sha2_void_ptr" >&5 +printf "%s\n" "$sudo_cv_func_sha2_void_ptr" >&6; } if test $sudo_cv_func_sha2_void_ptr = yes; then -$as_echo "#define SHA2_VOID_PTR 1" >>confdefs.h +printf "%s\n" "#define SHA2_VOID_PTR 1" >>confdefs.h fi -else +else $as_nop # On some systems, SHA224Update is in libmd - { $as_echo "$as_me:${as_lineno-$LINENO}: checking for SHA224Update in -lmd" >&5 -$as_echo_n "checking for SHA224Update in -lmd... " >&6; } -if ${ac_cv_lib_md_SHA224Update+:} false; then : - $as_echo_n "(cached) " >&6 -else + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for SHA224Update in -lmd" >&5 +printf %s "checking for SHA224Update in -lmd... " >&6; } +if test ${ac_cv_lib_md_SHA224Update+y} +then : + printf %s "(cached) " >&6 +else $as_nop ac_check_lib_save_LIBS=$LIBS LIBS="-lmd $LIBS" cat confdefs.h - <<_ACEOF >conftest.$ac_ext @@ -22267,70 +25141,71 @@ /* Override any GCC internal prototype to avoid an error. Use char because int might match the return type of a GCC builtin and then its argument prototype would still apply. */ -#ifdef __cplusplus -extern "C" -#endif char SHA224Update (); int -main () +main (void) { return SHA224Update (); ; return 0; } _ACEOF -if ac_fn_c_try_link "$LINENO"; then : +if ac_fn_c_try_link "$LINENO" +then : ac_cv_lib_md_SHA224Update=yes -else +else $as_nop ac_cv_lib_md_SHA224Update=no fi -rm -f core conftest.err conftest.$ac_objext \ +rm -f core conftest.err conftest.$ac_objext conftest.beam \ conftest$ac_exeext conftest.$ac_ext LIBS=$ac_check_lib_save_LIBS fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_md_SHA224Update" >&5 -$as_echo "$ac_cv_lib_md_SHA224Update" >&6; } -if test "x$ac_cv_lib_md_SHA224Update" = xyes; then : - - $as_echo "#define HAVE_SHA224UPDATE 1" >>confdefs.h - - { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether the data argument of SHA224Update() is void *" >&5 -$as_echo_n "checking whether the data argument of SHA224Update() is void *... " >&6; } -if ${sudo_cv_func_sha2_void_ptr+:} false; then : - $as_echo_n "(cached) " >&6 -else +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_md_SHA224Update" >&5 +printf "%s\n" "$ac_cv_lib_md_SHA224Update" >&6; } +if test "x$ac_cv_lib_md_SHA224Update" = xyes +then : + + printf "%s\n" "#define HAVE_SHA224UPDATE 1" >>confdefs.h + + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking whether the data argument of SHA224Update() is void *" >&5 +printf %s "checking whether the data argument of SHA224Update() is void *... " >&6; } +if test ${sudo_cv_func_sha2_void_ptr+y} +then : + printf %s "(cached) " >&6 +else $as_nop cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ $ac_includes_default #include void SHA224Update(SHA2_CTX *context, const void *data, size_t len) {return;} int -main () +main (void) { ; return 0; } _ACEOF -if ac_fn_c_try_compile "$LINENO"; then : +if ac_fn_c_try_compile "$LINENO" +then : sudo_cv_func_sha2_void_ptr=yes -else +else $as_nop sudo_cv_func_sha2_void_ptr=no fi -rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext +rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $sudo_cv_func_sha2_void_ptr" >&5 -$as_echo "$sudo_cv_func_sha2_void_ptr" >&6; } +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $sudo_cv_func_sha2_void_ptr" >&5 +printf "%s\n" "$sudo_cv_func_sha2_void_ptr" >&6; } if test $sudo_cv_func_sha2_void_ptr = yes; then -$as_echo "#define SHA2_VOID_PTR 1" >>confdefs.h +printf "%s\n" "#define SHA2_VOID_PTR 1" >>confdefs.h fi LIBMD="-lmd" -else +else $as_nop # Does not have SHA224Update FOUND_SHA2=no @@ -22339,12 +25214,11 @@ fi -done +done fi - if test X"$FOUND_SHA2" = X"no"; then case " $LIBOBJS " in *" sha2.$ac_objext "* ) ;; @@ -22363,9 +25237,10 @@ OLIBS="$LIBS" LIBS="${LIBS} ${NET_LIBS}" ac_fn_c_check_func "$LINENO" "socket" "ac_cv_func_socket" -if test "x$ac_cv_func_socket" = xyes; then : +if test "x$ac_cv_func_socket" = xyes +then : -else +else $as_nop for libs in "-lsocket" "-linet" "-lsocket -lnsl"; do _libs= @@ -22381,11 +25256,12 @@ extralibs="`echo \"$libs\"|sed 's/^-l[^ ]*//'`" _sudo_check_lib_extras=`echo "$extralibs"|sed -e 's/ *//g' -e 's/-l/_/g'` - { $as_echo "$as_me:${as_lineno-$LINENO}: checking for socket in -l$lib${5+ }$extralibs" >&5 -$as_echo_n "checking for socket in -l$lib${5+ }$extralibs... " >&6; } - if { as_var=sudo_cv_lib_$lib''_socket$_sudo_check_lib_extras; eval \${$as_var+:} false; }; then : - $as_echo_n "(cached) " >&6 -else + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for socket in -l$lib${5+ }$extralibs" >&5 +printf %s "checking for socket in -l$lib${5+ }$extralibs... " >&6; } + if { as_var=sudo_cv_lib_$lib''_socket$_sudo_check_lib_extras; eval test \${$as_var+y}; } +then : + printf %s "(cached) " >&6 +else $as_nop SUDO_CHECK_LIB_OLIBS="$LIBS" LIBS="$LIBS -l$lib${5+ }$extralibs" @@ -22395,37 +25271,35 @@ /* Override any GCC internal prototype to avoid an error. Use char because int might match the return type of a GCC builtin and then its argument prototype would still apply. */ -#ifdef __cplusplus -extern "C" -#endif char socket (); int -main () +main (void) { return socket (); ; return 0; } _ACEOF -if ac_fn_c_try_link "$LINENO"; then : +if ac_fn_c_try_link "$LINENO" +then : eval sudo_cv_lib_$lib''_socket$_sudo_check_lib_extras=yes -else +else $as_nop eval sudo_cv_lib_$lib''_socket$_sudo_check_lib_extras=no fi -rm -f core conftest.err conftest.$ac_objext \ +rm -f core conftest.err conftest.$ac_objext conftest.beam \ conftest$ac_exeext conftest.$ac_ext LIBS="$SUDO_CHECK_LIB_OLIBS" fi if eval test \$sudo_cv_lib_$lib''_socket$_sudo_check_lib_extras = "yes"; then - { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 -$as_echo "yes" >&6; } + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: yes" >&5 +printf "%s\n" "yes" >&6; } NET_LIBS="${NET_LIBS} $libs"; break else - { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 -$as_echo "no" >&6; } + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5 +printf "%s\n" "no" >&6; } fi @@ -22439,13 +25313,14 @@ found=false INET_PTON_LIBS= ac_fn_c_check_func "$LINENO" "inet_pton" "ac_cv_func_inet_pton" -if test "x$ac_cv_func_inet_pton" = xyes; then : +if test "x$ac_cv_func_inet_pton" = xyes +then : found=true - $as_echo "#define HAVE_INET_PTON 1" >>confdefs.h + printf "%s\n" "#define HAVE_INET_PTON 1" >>confdefs.h -else +else $as_nop for libs in "-lsocket" "-linet" "-lsocket -lnsl" "-lresolv"; do _libs= @@ -22461,11 +25336,12 @@ extralibs="`echo \"$libs\"|sed 's/^-l[^ ]*//'`" _sudo_check_lib_extras=`echo "$extralibs"|sed -e 's/ *//g' -e 's/-l/_/g'` - { $as_echo "$as_me:${as_lineno-$LINENO}: checking for inet_pton in -l$lib${5+ }$extralibs" >&5 -$as_echo_n "checking for inet_pton in -l$lib${5+ }$extralibs... " >&6; } - if { as_var=sudo_cv_lib_$lib''_inet_pton$_sudo_check_lib_extras; eval \${$as_var+:} false; }; then : - $as_echo_n "(cached) " >&6 -else + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for inet_pton in -l$lib${5+ }$extralibs" >&5 +printf %s "checking for inet_pton in -l$lib${5+ }$extralibs... " >&6; } + if { as_var=sudo_cv_lib_$lib''_inet_pton$_sudo_check_lib_extras; eval test \${$as_var+y}; } +then : + printf %s "(cached) " >&6 +else $as_nop SUDO_CHECK_LIB_OLIBS="$LIBS" LIBS="$LIBS -l$lib${5+ }$extralibs" @@ -22475,50 +25351,48 @@ /* Override any GCC internal prototype to avoid an error. Use char because int might match the return type of a GCC builtin and then its argument prototype would still apply. */ -#ifdef __cplusplus -extern "C" -#endif char inet_pton (); int -main () +main (void) { return inet_pton (); ; return 0; } _ACEOF -if ac_fn_c_try_link "$LINENO"; then : +if ac_fn_c_try_link "$LINENO" +then : eval sudo_cv_lib_$lib''_inet_pton$_sudo_check_lib_extras=yes -else +else $as_nop eval sudo_cv_lib_$lib''_inet_pton$_sudo_check_lib_extras=no fi -rm -f core conftest.err conftest.$ac_objext \ +rm -f core conftest.err conftest.$ac_objext conftest.beam \ conftest$ac_exeext conftest.$ac_ext LIBS="$SUDO_CHECK_LIB_OLIBS" fi if eval test \$sudo_cv_lib_$lib''_inet_pton$_sudo_check_lib_extras = "yes"; then - { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 -$as_echo "yes" >&6; } + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: yes" >&5 +printf "%s\n" "yes" >&6; } found=true - $as_echo "#define HAVE_INET_PTON 1" >>confdefs.h + printf "%s\n" "#define HAVE_INET_PTON 1" >>confdefs.h NET_LIBS="${NET_LIBS} $libs" INET_PTON_LIBS="$libs" case "$libs" in *-lresolv*) - $as_echo "#define NEED_RESOLV_H 1" >>confdefs.h + printf "%s\n" "#define NEED_RESOLV_H 1" >>confdefs.h ;; esac break else - { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 -$as_echo "no" >&6; } + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5 +printf "%s\n" "no" >&6; } fi @@ -22545,13 +25419,14 @@ LIBS="${LIBS} ${NET_LIBS}" found=false ac_fn_c_check_func "$LINENO" "inet_ntop" "ac_cv_func_inet_ntop" -if test "x$ac_cv_func_inet_ntop" = xyes; then : +if test "x$ac_cv_func_inet_ntop" = xyes +then : found=true - $as_echo "#define HAVE_INET_NTOP 1" >>confdefs.h + printf "%s\n" "#define HAVE_INET_NTOP 1" >>confdefs.h -else +else $as_nop for libs in "-lsocket" "-linet" "-lsocket -lnsl" "-lresolv"; do _libs= @@ -22567,11 +25442,12 @@ extralibs="`echo \"$libs\"|sed 's/^-l[^ ]*//'`" _sudo_check_lib_extras=`echo "$extralibs"|sed -e 's/ *//g' -e 's/-l/_/g'` - { $as_echo "$as_me:${as_lineno-$LINENO}: checking for inet_ntop in -l$lib${5+ }$extralibs" >&5 -$as_echo_n "checking for inet_ntop in -l$lib${5+ }$extralibs... " >&6; } - if { as_var=sudo_cv_lib_$lib''_inet_ntop$_sudo_check_lib_extras; eval \${$as_var+:} false; }; then : - $as_echo_n "(cached) " >&6 -else + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for inet_ntop in -l$lib${5+ }$extralibs" >&5 +printf %s "checking for inet_ntop in -l$lib${5+ }$extralibs... " >&6; } + if { as_var=sudo_cv_lib_$lib''_inet_ntop$_sudo_check_lib_extras; eval test \${$as_var+y}; } +then : + printf %s "(cached) " >&6 +else $as_nop SUDO_CHECK_LIB_OLIBS="$LIBS" LIBS="$LIBS -l$lib${5+ }$extralibs" @@ -22581,43 +25457,41 @@ /* Override any GCC internal prototype to avoid an error. Use char because int might match the return type of a GCC builtin and then its argument prototype would still apply. */ -#ifdef __cplusplus -extern "C" -#endif char inet_ntop (); int -main () +main (void) { return inet_ntop (); ; return 0; } _ACEOF -if ac_fn_c_try_link "$LINENO"; then : +if ac_fn_c_try_link "$LINENO" +then : eval sudo_cv_lib_$lib''_inet_ntop$_sudo_check_lib_extras=yes -else +else $as_nop eval sudo_cv_lib_$lib''_inet_ntop$_sudo_check_lib_extras=no fi -rm -f core conftest.err conftest.$ac_objext \ +rm -f core conftest.err conftest.$ac_objext conftest.beam \ conftest$ac_exeext conftest.$ac_ext LIBS="$SUDO_CHECK_LIB_OLIBS" fi if eval test \$sudo_cv_lib_$lib''_inet_ntop$_sudo_check_lib_extras = "yes"; then - { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 -$as_echo "yes" >&6; } + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: yes" >&5 +printf "%s\n" "yes" >&6; } found=true - $as_echo "#define HAVE_INET_NTOP 1" >>confdefs.h + printf "%s\n" "#define HAVE_INET_NTOP 1" >>confdefs.h NET_LIBS="${NET_LIBS} $libs" break else - { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 -$as_echo "no" >&6; } + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5 +printf "%s\n" "no" >&6; } fi @@ -22643,9 +25517,10 @@ OLIBS="$LIBS" LIBS="${LIBS} ${NET_LIBS}" ac_fn_c_check_func "$LINENO" "syslog" "ac_cv_func_syslog" -if test "x$ac_cv_func_syslog" = xyes; then : +if test "x$ac_cv_func_syslog" = xyes +then : -else +else $as_nop for libs in "-lsocket" "-linet" "-lsocket -lnsl"; do _libs= @@ -22661,11 +25536,12 @@ extralibs="`echo \"$libs\"|sed 's/^-l[^ ]*//'`" _sudo_check_lib_extras=`echo "$extralibs"|sed -e 's/ *//g' -e 's/-l/_/g'` - { $as_echo "$as_me:${as_lineno-$LINENO}: checking for syslog in -l$lib${5+ }$extralibs" >&5 -$as_echo_n "checking for syslog in -l$lib${5+ }$extralibs... " >&6; } - if { as_var=sudo_cv_lib_$lib''_syslog$_sudo_check_lib_extras; eval \${$as_var+:} false; }; then : - $as_echo_n "(cached) " >&6 -else + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for syslog in -l$lib${5+ }$extralibs" >&5 +printf %s "checking for syslog in -l$lib${5+ }$extralibs... " >&6; } + if { as_var=sudo_cv_lib_$lib''_syslog$_sudo_check_lib_extras; eval test \${$as_var+y}; } +then : + printf %s "(cached) " >&6 +else $as_nop SUDO_CHECK_LIB_OLIBS="$LIBS" LIBS="$LIBS -l$lib${5+ }$extralibs" @@ -22675,37 +25551,35 @@ /* Override any GCC internal prototype to avoid an error. Use char because int might match the return type of a GCC builtin and then its argument prototype would still apply. */ -#ifdef __cplusplus -extern "C" -#endif char syslog (); int -main () +main (void) { return syslog (); ; return 0; } _ACEOF -if ac_fn_c_try_link "$LINENO"; then : +if ac_fn_c_try_link "$LINENO" +then : eval sudo_cv_lib_$lib''_syslog$_sudo_check_lib_extras=yes -else +else $as_nop eval sudo_cv_lib_$lib''_syslog$_sudo_check_lib_extras=no fi -rm -f core conftest.err conftest.$ac_objext \ +rm -f core conftest.err conftest.$ac_objext conftest.beam \ conftest$ac_exeext conftest.$ac_ext LIBS="$SUDO_CHECK_LIB_OLIBS" fi if eval test \$sudo_cv_lib_$lib''_syslog$_sudo_check_lib_extras = "yes"; then - { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 -$as_echo "yes" >&6; } + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: yes" >&5 +printf "%s\n" "yes" >&6; } NET_LIBS="${NET_LIBS} $libs"; break else - { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 -$as_echo "no" >&6; } + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5 +printf "%s\n" "no" >&6; } fi @@ -22720,11 +25594,12 @@ # OLIBS="$LIBS" GETADDRINFO_LIBS= -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for getaddrinfo" >&5 -$as_echo_n "checking for getaddrinfo... " >&6; } -if ${ax_cv_func_getaddrinfo+:} false; then : - $as_echo_n "(cached) " >&6 -else +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for getaddrinfo" >&5 +printf %s "checking for getaddrinfo... " >&6; } +if test ${ax_cv_func_getaddrinfo+y} +then : + printf %s "(cached) " >&6 +else $as_nop cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ #include @@ -22732,31 +25607,33 @@ #include int main() { return getaddrinfo(0, 0, 0, 0); } _ACEOF -if ac_fn_c_try_link "$LINENO"; then : +if ac_fn_c_try_link "$LINENO" +then : ax_cv_func_getaddrinfo=yes -else +else $as_nop ax_cv_func_getaddrinfo=no fi -rm -f core conftest.err conftest.$ac_objext \ +rm -f core conftest.err conftest.$ac_objext conftest.beam \ conftest$ac_exeext conftest.$ac_ext fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ax_cv_func_getaddrinfo" >&5 -$as_echo "$ax_cv_func_getaddrinfo" >&6; } +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ax_cv_func_getaddrinfo" >&5 +printf "%s\n" "$ax_cv_func_getaddrinfo" >&6; } if test X"$ax_cv_func_getaddrinfo" = X"yes"; then -$as_echo "#define HAVE_GETADDRINFO 1" >>confdefs.h +printf "%s\n" "#define HAVE_GETADDRINFO 1" >>confdefs.h else # Not found in libc, check libsocket and libinet _found=no for _libs in "-lsocket" "-linet" "-lsocket -lnsl"; do _cv="ax_cv_lib_getaddrinfo`echo \"$_libs\"|sed -e 's/-l/_/g' -e 's/ *//g'`" - { $as_echo "$as_me:${as_lineno-$LINENO}: checking for getaddrinfo in $_libs" >&5 -$as_echo_n "checking for getaddrinfo in $_libs... " >&6; } - if eval \${$_cv+:} false; then : - $as_echo_n "(cached) " >&6 -else + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for getaddrinfo in $_libs" >&5 +printf %s "checking for getaddrinfo in $_libs... " >&6; } + if eval test \${$_cv+y} +then : + printf %s "(cached) " >&6 +else $as_nop _nlibs= for _l in $_libs; do @@ -22779,12 +25656,13 @@ #include int main() { return getaddrinfo(0, 0, 0, 0); } _ACEOF -if ac_fn_c_try_link "$LINENO"; then : +if ac_fn_c_try_link "$LINENO" +then : eval $_cv=yes -else +else $as_nop eval $_cv=no fi -rm -f core conftest.err conftest.$ac_objext \ +rm -f core conftest.err conftest.$ac_objext conftest.beam \ conftest$ac_exeext conftest.$ac_ext LIBS="$AX_FUNC_GETADDRINFO_OLIBS" fi @@ -22792,15 +25670,15 @@ fi if eval test \$$_cv = "yes"; then - { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 -$as_echo "yes" >&6; } - $as_echo "#define HAVE_GETADDRINFO 1" >>confdefs.h + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: yes" >&5 +printf "%s\n" "yes" >&6; } + printf "%s\n" "#define HAVE_GETADDRINFO 1" >>confdefs.h test -n "$_libs" && LIBS="$LIBS $_libs" break fi - { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 -$as_echo "no" >&6; } + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5 +printf "%s\n" "no" >&6; } done if eval test \$$_cv != "yes"; then case " $LIBOBJS " in @@ -22827,9 +25705,10 @@ LIBS="${LIBS}${LIBS+ }${INET_PTON_LIBS}" fi ac_fn_c_check_func "$LINENO" "gethostbyname" "ac_cv_func_gethostbyname" -if test "x$ac_cv_func_gethostbyname" = xyes; then : +if test "x$ac_cv_func_gethostbyname" = xyes +then : -else +else $as_nop for libs in "-lsocket" "-linet" "-lsocket -lnsl"; do _libs= @@ -22845,11 +25724,12 @@ extralibs="`echo \"$libs\"|sed 's/^-l[^ ]*//'`" _sudo_check_lib_extras=`echo "$extralibs"|sed -e 's/ *//g' -e 's/-l/_/g'` - { $as_echo "$as_me:${as_lineno-$LINENO}: checking for gethostbyname in -l$lib${5+ }$extralibs" >&5 -$as_echo_n "checking for gethostbyname in -l$lib${5+ }$extralibs... " >&6; } - if { as_var=sudo_cv_lib_$lib''_gethostbyname$_sudo_check_lib_extras; eval \${$as_var+:} false; }; then : - $as_echo_n "(cached) " >&6 -else + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for gethostbyname in -l$lib${5+ }$extralibs" >&5 +printf %s "checking for gethostbyname in -l$lib${5+ }$extralibs... " >&6; } + if { as_var=sudo_cv_lib_$lib''_gethostbyname$_sudo_check_lib_extras; eval test \${$as_var+y}; } +then : + printf %s "(cached) " >&6 +else $as_nop SUDO_CHECK_LIB_OLIBS="$LIBS" LIBS="$LIBS -l$lib${5+ }$extralibs" @@ -22859,37 +25739,35 @@ /* Override any GCC internal prototype to avoid an error. Use char because int might match the return type of a GCC builtin and then its argument prototype would still apply. */ -#ifdef __cplusplus -extern "C" -#endif char gethostbyname (); int -main () +main (void) { return gethostbyname (); ; return 0; } _ACEOF -if ac_fn_c_try_link "$LINENO"; then : +if ac_fn_c_try_link "$LINENO" +then : eval sudo_cv_lib_$lib''_gethostbyname$_sudo_check_lib_extras=yes -else +else $as_nop eval sudo_cv_lib_$lib''_gethostbyname$_sudo_check_lib_extras=no fi -rm -f core conftest.err conftest.$ac_objext \ +rm -f core conftest.err conftest.$ac_objext conftest.beam \ conftest$ac_exeext conftest.$ac_ext LIBS="$SUDO_CHECK_LIB_OLIBS" fi if eval test \$sudo_cv_lib_$lib''_gethostbyname$_sudo_check_lib_extras = "yes"; then - { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 -$as_echo "yes" >&6; } + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: yes" >&5 +printf "%s\n" "yes" >&6; } LT_DEP_LIBS="${LT_DEP_LIBS} $libs"; break else - { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 -$as_echo "no" >&6; } + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5 +printf "%s\n" "no" >&6; } fi @@ -22923,23 +25801,95 @@ esac LIBS="$OLIBS" -for ac_func in getprogname +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for va_copy" >&5 +printf %s "checking for va_copy... " >&6; } +if test ${sudo_cv_func_va_copy+y} +then : + printf %s "(cached) " >&6 +else $as_nop + + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +#include + va_list ap1, ap2; +int +main (void) +{ +va_copy(ap1, ap2); + ; + return 0; +} +_ACEOF +if ac_fn_c_try_link "$LINENO" +then : + sudo_cv_func_va_copy=yes +else $as_nop + sudo_cv_func_va_copy=no +fi +rm -f core conftest.err conftest.$ac_objext conftest.beam \ + conftest$ac_exeext conftest.$ac_ext + +fi +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $sudo_cv_func_va_copy" >&5 +printf "%s\n" "$sudo_cv_func_va_copy" >&6; } +if test "$sudo_cv_func_va_copy" = "yes"; then + printf "%s\n" "#define HAVE_VA_COPY 1" >>confdefs.h + +else + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for __va_copy" >&5 +printf %s "checking for __va_copy... " >&6; } +if test ${sudo_cv_func___va_copy+y} +then : + printf %s "(cached) " >&6 +else $as_nop + + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +#include + va_list ap1, ap2; +int +main (void) +{ +__va_copy(ap1, ap2); + ; + return 0; +} +_ACEOF +if ac_fn_c_try_link "$LINENO" +then : + sudo_cv_func___va_copy=yes +else $as_nop + sudo_cv_func___va_copy=no +fi +rm -f core conftest.err conftest.$ac_objext conftest.beam \ + conftest$ac_exeext conftest.$ac_ext + +fi +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $sudo_cv_func___va_copy" >&5 +printf "%s\n" "$sudo_cv_func___va_copy" >&6; } + if test "$sudo_cv_func___va_copy" = "yes"; then + printf "%s\n" "#define HAVE___VA_COPY 1" >>confdefs.h + + fi +fi + + + for ac_func in getprogname do : ac_fn_c_check_func "$LINENO" "getprogname" "ac_cv_func_getprogname" -if test "x$ac_cv_func_getprogname" = xyes; then : - cat >>confdefs.h <<_ACEOF -#define HAVE_GETPROGNAME 1 -_ACEOF +if test "x$ac_cv_func_getprogname" = xyes +then : + printf "%s\n" "#define HAVE_GETPROGNAME 1" >>confdefs.h - for ac_func in setprogname + + for ac_func in setprogname do : ac_fn_c_check_func "$LINENO" "setprogname" "ac_cv_func_setprogname" -if test "x$ac_cv_func_setprogname" = xyes; then : - cat >>confdefs.h <<_ACEOF -#define HAVE_SETPROGNAME 1 -_ACEOF +if test "x$ac_cv_func_setprogname" = xyes +then : + printf "%s\n" "#define HAVE_SETPROGNAME 1" >>confdefs.h -else +else $as_nop for _sym in sudo_setprogname; do COMPAT_EXP="${COMPAT_EXP}${_sym} @@ -22947,43 +25897,44 @@ done fi -done +done -else +else $as_nop - { $as_echo "$as_me:${as_lineno-$LINENO}: checking for __progname" >&5 -$as_echo_n "checking for __progname... " >&6; } - if ${sudo_cv___progname+:} false; then : - $as_echo_n "(cached) " >&6 -else + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for __progname" >&5 +printf %s "checking for __progname... " >&6; } +if test ${sudo_cv___progname+y} +then : + printf %s "(cached) " >&6 +else $as_nop cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ int -main () +main (void) { extern char *__progname; if (__progname[0] == '\0') return 1; ; return 0; } _ACEOF -if ac_fn_c_try_link "$LINENO"; then : +if ac_fn_c_try_link "$LINENO" +then : sudo_cv___progname=yes -else +else $as_nop sudo_cv___progname=no fi -rm -f core conftest.err conftest.$ac_objext \ +rm -f core conftest.err conftest.$ac_objext conftest.beam \ conftest$ac_exeext conftest.$ac_ext fi - +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $sudo_cv___progname" >&5 +printf "%s\n" "$sudo_cv___progname" >&6; } if test "$sudo_cv___progname" = "yes"; then - $as_echo "#define HAVE___PROGNAME 1" >>confdefs.h + printf "%s\n" "#define HAVE___PROGNAME 1" >>confdefs.h fi - { $as_echo "$as_me:${as_lineno-$LINENO}: result: $sudo_cv___progname" >&5 -$as_echo "$sudo_cv___progname" >&6; } for _sym in sudo_getprogname; do COMPAT_EXP="${COMPAT_EXP}${_sym} @@ -22998,73 +25949,75 @@ fi -done -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for __func__" >&5 -$as_echo_n "checking for __func__... " >&6; } -if ${sudo_cv___func__+:} false; then : - $as_echo_n "(cached) " >&6 -else +done +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for __func__" >&5 +printf %s "checking for __func__... " >&6; } +if test ${sudo_cv___func__+y} +then : + printf %s "(cached) " >&6 +else $as_nop cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ int -main () +main (void) { if (__func__[0] == '\0') return 1; ; return 0; } _ACEOF -if ac_fn_c_try_link "$LINENO"; then : +if ac_fn_c_try_link "$LINENO" +then : sudo_cv___func__=yes -else +else $as_nop sudo_cv___func__=no fi -rm -f core conftest.err conftest.$ac_objext \ +rm -f core conftest.err conftest.$ac_objext conftest.beam \ conftest$ac_exeext conftest.$ac_ext fi - -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $sudo_cv___func__" >&5 -$as_echo "$sudo_cv___func__" >&6; } +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $sudo_cv___func__" >&5 +printf "%s\n" "$sudo_cv___func__" >&6; } if test "$sudo_cv___func__" = "yes"; then - $as_echo "#define HAVE___FUNC__ 1" >>confdefs.h + printf "%s\n" "#define HAVE___FUNC__ 1" >>confdefs.h elif test -n "$GCC"; then - { $as_echo "$as_me:${as_lineno-$LINENO}: checking for __FUNCTION__" >&5 -$as_echo_n "checking for __FUNCTION__... " >&6; } - if ${sudo_cv___FUNCTION__+:} false; then : - $as_echo_n "(cached) " >&6 -else + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for __FUNCTION__" >&5 +printf %s "checking for __FUNCTION__... " >&6; } +if test ${sudo_cv___FUNCTION__+y} +then : + printf %s "(cached) " >&6 +else $as_nop cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ int -main () +main (void) { if(__FUNCTION__[0] == '\0') return 1; ; return 0; } _ACEOF -if ac_fn_c_try_link "$LINENO"; then : +if ac_fn_c_try_link "$LINENO" +then : sudo_cv___FUNCTION__=yes -else +else $as_nop sudo_cv___FUNCTION__=no fi -rm -f core conftest.err conftest.$ac_objext \ +rm -f core conftest.err conftest.$ac_objext conftest.beam \ conftest$ac_exeext conftest.$ac_ext fi - - { $as_echo "$as_me:${as_lineno-$LINENO}: result: $sudo_cv___FUNCTION__" >&5 -$as_echo "$sudo_cv___FUNCTION__" >&6; } +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $sudo_cv___FUNCTION__" >&5 +printf "%s\n" "$sudo_cv___FUNCTION__" >&6; } if test "$sudo_cv___FUNCTION__" = "yes"; then - $as_echo "#define HAVE___FUNC__ 1" >>confdefs.h + printf "%s\n" "#define HAVE___FUNC__ 1" >>confdefs.h -$as_echo "#define __func__ __FUNCTION__" >>confdefs.h +printf "%s\n" "#define __func__ __FUNCTION__" >>confdefs.h fi fi @@ -23078,99 +26031,102 @@ if test "$enable_nls" != "no"; then if test "$enable_nls" != "yes"; then -if ${CPPFLAGS+:} false; then : +if test ${CPPFLAGS+y} +then : case " $CPPFLAGS " in #( *" -I${enable_nls}/include "*) : - { { $as_echo "$as_me:${as_lineno-$LINENO}: : CPPFLAGS already contains -I\${enable_nls}/include"; } >&5 + { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: : CPPFLAGS already contains -I\${enable_nls}/include"; } >&5 (: CPPFLAGS already contains -I${enable_nls}/include) 2>&5 ac_status=$? - $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 test $ac_status = 0; } ;; #( *) : as_fn_append CPPFLAGS " -I${enable_nls}/include" - { { $as_echo "$as_me:${as_lineno-$LINENO}: : CPPFLAGS=\"\$CPPFLAGS\""; } >&5 + { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: : CPPFLAGS=\"\$CPPFLAGS\""; } >&5 (: CPPFLAGS="$CPPFLAGS") 2>&5 ac_status=$? - $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 test $ac_status = 0; } ;; esac -else +else $as_nop CPPFLAGS=-I${enable_nls}/include - { { $as_echo "$as_me:${as_lineno-$LINENO}: : CPPFLAGS=\"\$CPPFLAGS\""; } >&5 + { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: : CPPFLAGS=\"\$CPPFLAGS\""; } >&5 (: CPPFLAGS="$CPPFLAGS") 2>&5 ac_status=$? - $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 test $ac_status = 0; } fi -if ${LDFLAGS+:} false; then : +if test ${LDFLAGS+y} +then : case " $LDFLAGS " in #( *" -L$enable_nls/lib "*) : - { { $as_echo "$as_me:${as_lineno-$LINENO}: : LDFLAGS already contains -L\$enable_nls/lib"; } >&5 + { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: : LDFLAGS already contains -L\$enable_nls/lib"; } >&5 (: LDFLAGS already contains -L$enable_nls/lib) 2>&5 ac_status=$? - $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 test $ac_status = 0; } ;; #( *) : as_fn_append LDFLAGS " -L$enable_nls/lib" - { { $as_echo "$as_me:${as_lineno-$LINENO}: : LDFLAGS=\"\$LDFLAGS\""; } >&5 + { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: : LDFLAGS=\"\$LDFLAGS\""; } >&5 (: LDFLAGS="$LDFLAGS") 2>&5 ac_status=$? - $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 test $ac_status = 0; } ;; esac -else +else $as_nop LDFLAGS=-L$enable_nls/lib - { { $as_echo "$as_me:${as_lineno-$LINENO}: : LDFLAGS=\"\$LDFLAGS\""; } >&5 + { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: : LDFLAGS=\"\$LDFLAGS\""; } >&5 (: LDFLAGS="$LDFLAGS") 2>&5 ac_status=$? - $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 test $ac_status = 0; } fi if test X"$enable_rpath" = X"yes"; then -if ${LDFLAGS_R+:} false; then : +if test ${LDFLAGS_R+y} +then : case " $LDFLAGS_R " in #( *" -R$enable_nls/lib "*) : - { { $as_echo "$as_me:${as_lineno-$LINENO}: : LDFLAGS_R already contains -R\$enable_nls/lib"; } >&5 + { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: : LDFLAGS_R already contains -R\$enable_nls/lib"; } >&5 (: LDFLAGS_R already contains -R$enable_nls/lib) 2>&5 ac_status=$? - $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 test $ac_status = 0; } ;; #( *) : as_fn_append LDFLAGS_R " -R$enable_nls/lib" - { { $as_echo "$as_me:${as_lineno-$LINENO}: : LDFLAGS_R=\"\$LDFLAGS_R\""; } >&5 + { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: : LDFLAGS_R=\"\$LDFLAGS_R\""; } >&5 (: LDFLAGS_R="$LDFLAGS_R") 2>&5 ac_status=$? - $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 test $ac_status = 0; } ;; esac -else +else $as_nop LDFLAGS_R=-R$enable_nls/lib - { { $as_echo "$as_me:${as_lineno-$LINENO}: : LDFLAGS_R=\"\$LDFLAGS_R\""; } >&5 + { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: : LDFLAGS_R=\"\$LDFLAGS_R\""; } >&5 (: LDFLAGS_R="$LDFLAGS_R") 2>&5 ac_status=$? - $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 test $ac_status = 0; } fi @@ -23186,24 +26142,25 @@ continue fi gettext_name=sudo_cv_gettext - { $as_echo "$as_me:${as_lineno-$LINENO}: checking for gettext" >&5 -$as_echo_n "checking for gettext... " >&6; } + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for gettext" >&5 +printf %s "checking for gettext... " >&6; } else LIBS="$OLIBS $l" gettext_name=sudo_cv_gettext"`echo $l|sed -e 's/ //g' -e 's/-/_/g'`" - { $as_echo "$as_me:${as_lineno-$LINENO}: checking for gettext in $l" >&5 -$as_echo_n "checking for gettext in $l... " >&6; } + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for gettext in $l" >&5 +printf %s "checking for gettext in $l... " >&6; } fi - if eval \${$gettext_name+:} false; then : - $as_echo_n "(cached) " >&6 -else + if eval test \${$gettext_name+y} +then : + printf %s "(cached) " >&6 +else $as_nop cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ #include int -main () +main (void) { (void)gettext((char *)0); ; @@ -23211,31 +26168,28 @@ } _ACEOF -if ac_fn_c_try_link "$LINENO"; then : +if ac_fn_c_try_link "$LINENO" +then : eval $gettext_name=yes -else +else $as_nop eval $gettext_name=no fi -rm -f core conftest.err conftest.$ac_objext \ +rm -f core conftest.err conftest.$ac_objext conftest.beam \ conftest$ac_exeext conftest.$ac_ext fi eval gettext_result="\$$gettext_name" - { $as_echo "$as_me:${as_lineno-$LINENO}: result: $gettext_result" >&5 -$as_echo "$gettext_result" >&6; } + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $gettext_result" >&5 +printf "%s\n" "$gettext_result" >&6; } if test "$gettext_result" = "yes"; then - for ac_func in ngettext -do : - ac_fn_c_check_func "$LINENO" "ngettext" "ac_cv_func_ngettext" -if test "x$ac_cv_func_ngettext" = xyes; then : - cat >>confdefs.h <<_ACEOF -#define HAVE_NGETTEXT 1 -_ACEOF + ac_fn_c_check_func "$LINENO" "ngettext" "ac_cv_func_ngettext" +if test "x$ac_cv_func_ngettext" = xyes +then : + printf "%s\n" "#define HAVE_NGETTEXT 1" >>confdefs.h fi -done break fi @@ -23256,7 +26210,7 @@ LIBINTL="-lintl -liconv" fi if test X"$SUDO_NLS" = X"enabled"; then - $as_echo "#define HAVE_LIBINTL_H 1" >>confdefs.h + printf "%s\n" "#define HAVE_LIBINTL_H 1" >>confdefs.h for _sym in sudo_warn_gettext_v1; do @@ -23269,11 +26223,12 @@ case "$enable_zlib" in yes) - { $as_echo "$as_me:${as_lineno-$LINENO}: checking for gzdopen in -lz" >&5 -$as_echo_n "checking for gzdopen in -lz... " >&6; } -if ${ac_cv_lib_z_gzdopen+:} false; then : - $as_echo_n "(cached) " >&6 -else + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for gzdopen in -lz" >&5 +printf %s "checking for gzdopen in -lz... " >&6; } +if test ${ac_cv_lib_z_gzdopen+y} +then : + printf %s "(cached) " >&6 +else $as_nop ac_check_lib_save_LIBS=$LIBS LIBS="-lz $LIBS" cat confdefs.h - <<_ACEOF >conftest.$ac_ext @@ -23282,53 +26237,50 @@ /* Override any GCC internal prototype to avoid an error. Use char because int might match the return type of a GCC builtin and then its argument prototype would still apply. */ -#ifdef __cplusplus -extern "C" -#endif char gzdopen (); int -main () +main (void) { return gzdopen (); ; return 0; } _ACEOF -if ac_fn_c_try_link "$LINENO"; then : +if ac_fn_c_try_link "$LINENO" +then : ac_cv_lib_z_gzdopen=yes -else +else $as_nop ac_cv_lib_z_gzdopen=no fi -rm -f core conftest.err conftest.$ac_objext \ +rm -f core conftest.err conftest.$ac_objext conftest.beam \ conftest$ac_exeext conftest.$ac_ext LIBS=$ac_check_lib_save_LIBS fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_z_gzdopen" >&5 -$as_echo "$ac_cv_lib_z_gzdopen" >&6; } -if test "x$ac_cv_lib_z_gzdopen" = xyes; then : - - for ac_header in zlib.h -do : - ac_fn_c_check_header_mongrel "$LINENO" "zlib.h" "ac_cv_header_zlib_h" "$ac_includes_default" -if test "x$ac_cv_header_zlib_h" = xyes; then : - cat >>confdefs.h <<_ACEOF -#define HAVE_ZLIB_H 1 -_ACEOF +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_z_gzdopen" >&5 +printf "%s\n" "$ac_cv_lib_z_gzdopen" >&6; } +if test "x$ac_cv_lib_z_gzdopen" = xyes +then : + + for ac_header in zlib.h +do : + ac_fn_c_check_header_compile "$LINENO" "zlib.h" "ac_cv_header_zlib_h" "$ac_includes_default" +if test "x$ac_cv_header_zlib_h" = xyes +then : + printf "%s\n" "#define HAVE_ZLIB_H 1" >>confdefs.h ZLIB="-lz" -else +else $as_nop enable_zlib=builtin fi done - fi ;; no) ;; system) - $as_echo "#define HAVE_ZLIB_H 1" >>confdefs.h + printf "%s\n" "#define HAVE_ZLIB_H 1" >>confdefs.h ZLIB="-lz" ;; @@ -23336,102 +26288,105 @@ # handled below ;; *) - $as_echo "#define HAVE_ZLIB_H 1" >>confdefs.h + printf "%s\n" "#define HAVE_ZLIB_H 1" >>confdefs.h -if ${CPPFLAGS+:} false; then : +if test ${CPPFLAGS+y} +then : case " $CPPFLAGS " in #( *" -I${enable_zlib}/include "*) : - { { $as_echo "$as_me:${as_lineno-$LINENO}: : CPPFLAGS already contains -I\${enable_zlib}/include"; } >&5 + { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: : CPPFLAGS already contains -I\${enable_zlib}/include"; } >&5 (: CPPFLAGS already contains -I${enable_zlib}/include) 2>&5 ac_status=$? - $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 test $ac_status = 0; } ;; #( *) : as_fn_append CPPFLAGS " -I${enable_zlib}/include" - { { $as_echo "$as_me:${as_lineno-$LINENO}: : CPPFLAGS=\"\$CPPFLAGS\""; } >&5 + { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: : CPPFLAGS=\"\$CPPFLAGS\""; } >&5 (: CPPFLAGS="$CPPFLAGS") 2>&5 ac_status=$? - $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 test $ac_status = 0; } ;; esac -else +else $as_nop CPPFLAGS=-I${enable_zlib}/include - { { $as_echo "$as_me:${as_lineno-$LINENO}: : CPPFLAGS=\"\$CPPFLAGS\""; } >&5 + { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: : CPPFLAGS=\"\$CPPFLAGS\""; } >&5 (: CPPFLAGS="$CPPFLAGS") 2>&5 ac_status=$? - $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 test $ac_status = 0; } fi -if ${ZLIB+:} false; then : +if test ${ZLIB+y} +then : case " $ZLIB " in #( *" -L$enable_zlib/lib "*) : - { { $as_echo "$as_me:${as_lineno-$LINENO}: : ZLIB already contains -L\$enable_zlib/lib"; } >&5 + { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: : ZLIB already contains -L\$enable_zlib/lib"; } >&5 (: ZLIB already contains -L$enable_zlib/lib) 2>&5 ac_status=$? - $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 test $ac_status = 0; } ;; #( *) : as_fn_append ZLIB " -L$enable_zlib/lib" - { { $as_echo "$as_me:${as_lineno-$LINENO}: : ZLIB=\"\$ZLIB\""; } >&5 + { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: : ZLIB=\"\$ZLIB\""; } >&5 (: ZLIB="$ZLIB") 2>&5 ac_status=$? - $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 test $ac_status = 0; } ;; esac -else +else $as_nop ZLIB=-L$enable_zlib/lib - { { $as_echo "$as_me:${as_lineno-$LINENO}: : ZLIB=\"\$ZLIB\""; } >&5 + { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: : ZLIB=\"\$ZLIB\""; } >&5 (: ZLIB="$ZLIB") 2>&5 ac_status=$? - $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 test $ac_status = 0; } fi if test X"$enable_rpath" = X"yes"; then -if ${ZLIB_R+:} false; then : +if test ${ZLIB_R+y} +then : case " $ZLIB_R " in #( *" -R$enable_zlib/lib "*) : - { { $as_echo "$as_me:${as_lineno-$LINENO}: : ZLIB_R already contains -R\$enable_zlib/lib"; } >&5 + { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: : ZLIB_R already contains -R\$enable_zlib/lib"; } >&5 (: ZLIB_R already contains -R$enable_zlib/lib) 2>&5 ac_status=$? - $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 test $ac_status = 0; } ;; #( *) : as_fn_append ZLIB_R " -R$enable_zlib/lib" - { { $as_echo "$as_me:${as_lineno-$LINENO}: : ZLIB_R=\"\$ZLIB_R\""; } >&5 + { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: : ZLIB_R=\"\$ZLIB_R\""; } >&5 (: ZLIB_R="$ZLIB_R") 2>&5 ac_status=$? - $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 test $ac_status = 0; } ;; esac -else +else $as_nop ZLIB_R=-R$enable_zlib/lib - { { $as_echo "$as_me:${as_lineno-$LINENO}: : ZLIB_R=\"\$ZLIB_R\""; } >&5 + { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: : ZLIB_R=\"\$ZLIB_R\""; } >&5 (: ZLIB_R="$ZLIB_R") 2>&5 ac_status=$? - $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 test $ac_status = 0; } fi @@ -23443,7 +26398,7 @@ esac case "$enable_zlib" in builtin|static|dynamic) - $as_echo "#define HAVE_ZLIB_H 1" >>confdefs.h + printf "%s\n" "#define HAVE_ZLIB_H 1" >>confdefs.h # XXX - can't use AX_APPEND_FLAG due to use of $(top_foo) and quoting CPPFLAGS='-I$(top_builddir)/lib/zlib -I$(top_srcdir)/lib/zlib '"${CPPFLAGS}" @@ -23455,7 +26410,7 @@ if test X"$enable_shared" = X"no" -o "$enable_zlib" = "static"; then if test "$enable_zlib" = "shared"; then - as_fn_error $? "\"Unable to build shared libraries on this system\"" "$LINENO" 5 + as_fn_error $? "unable to build shared libraries on this system" "$LINENO" 5 fi # Build as convenience library ZLIB_LDFLAGS=-no-install @@ -23463,96 +26418,96 @@ ;; esac -ac_fn_c_check_decl "$LINENO" "errno" "ac_cv_have_decl_errno" " +ac_fn_check_decl "$LINENO" "errno" "ac_cv_have_decl_errno" " $ac_includes_default #include -" -if test "x$ac_cv_have_decl_errno" = xyes; then : +" "$ac_c_undeclared_builtin_options" "CFLAGS" +if test "x$ac_cv_have_decl_errno" = xyes +then : ac_have_decl=1 -else +else $as_nop ac_have_decl=0 fi - -cat >>confdefs.h <<_ACEOF -#define HAVE_DECL_ERRNO $ac_have_decl -_ACEOF +printf "%s\n" "#define HAVE_DECL_ERRNO $ac_have_decl" >>confdefs.h -ac_fn_c_check_decl "$LINENO" "h_errno" "ac_cv_have_decl_h_errno" " +ac_fn_check_decl "$LINENO" "h_errno" "ac_cv_have_decl_h_errno" " $ac_includes_default #include -" -if test "x$ac_cv_have_decl_h_errno" = xyes; then : +" "$ac_c_undeclared_builtin_options" "CFLAGS" +if test "x$ac_cv_have_decl_h_errno" = xyes +then : ac_have_decl=1 -else +else $as_nop ac_have_decl=0 fi +printf "%s\n" "#define HAVE_DECL_H_ERRNO $ac_have_decl" >>confdefs.h -cat >>confdefs.h <<_ACEOF -#define HAVE_DECL_H_ERRNO $ac_have_decl -_ACEOF - -ac_fn_c_check_decl "$LINENO" "LLONG_MAX" "ac_cv_have_decl_LLONG_MAX" " +ac_fn_check_decl "$LINENO" "LLONG_MAX" "ac_cv_have_decl_LLONG_MAX" " #include #include -" -if test "x$ac_cv_have_decl_LLONG_MAX" = xyes; then : +" "$ac_c_undeclared_builtin_options" "CFLAGS" +if test "x$ac_cv_have_decl_LLONG_MAX" = xyes +then : ac_have_decl=1 -else +else $as_nop ac_have_decl=0 fi - -cat >>confdefs.h <<_ACEOF -#define HAVE_DECL_LLONG_MAX $ac_have_decl -_ACEOF -ac_fn_c_check_decl "$LINENO" "LLONG_MIN" "ac_cv_have_decl_LLONG_MIN" " +printf "%s\n" "#define HAVE_DECL_LLONG_MAX $ac_have_decl" >>confdefs.h +ac_fn_check_decl "$LINENO" "LLONG_MIN" "ac_cv_have_decl_LLONG_MIN" " #include #include -" -if test "x$ac_cv_have_decl_LLONG_MIN" = xyes; then : +" "$ac_c_undeclared_builtin_options" "CFLAGS" +if test "x$ac_cv_have_decl_LLONG_MIN" = xyes +then : ac_have_decl=1 -else +else $as_nop ac_have_decl=0 fi - -cat >>confdefs.h <<_ACEOF -#define HAVE_DECL_LLONG_MIN $ac_have_decl -_ACEOF -ac_fn_c_check_decl "$LINENO" "ULLONG_MAX" "ac_cv_have_decl_ULLONG_MAX" " +printf "%s\n" "#define HAVE_DECL_LLONG_MIN $ac_have_decl" >>confdefs.h +ac_fn_check_decl "$LINENO" "ULLONG_MAX" "ac_cv_have_decl_ULLONG_MAX" " #include #include -" -if test "x$ac_cv_have_decl_ULLONG_MAX" = xyes; then : +" "$ac_c_undeclared_builtin_options" "CFLAGS" +if test "x$ac_cv_have_decl_ULLONG_MAX" = xyes +then : ac_have_decl=1 -else +else $as_nop ac_have_decl=0 fi - -cat >>confdefs.h <<_ACEOF -#define HAVE_DECL_ULLONG_MAX $ac_have_decl -_ACEOF -ac_fn_c_check_decl "$LINENO" "PATH_MAX" "ac_cv_have_decl_PATH_MAX" " +printf "%s\n" "#define HAVE_DECL_ULLONG_MAX $ac_have_decl" >>confdefs.h +ac_fn_check_decl "$LINENO" "PATH_MAX" "ac_cv_have_decl_PATH_MAX" " #include #include -" -if test "x$ac_cv_have_decl_PATH_MAX" = xyes; then : +" "$ac_c_undeclared_builtin_options" "CFLAGS" +if test "x$ac_cv_have_decl_PATH_MAX" = xyes +then : ac_have_decl=1 -else +else $as_nop ac_have_decl=0 fi +printf "%s\n" "#define HAVE_DECL_PATH_MAX $ac_have_decl" >>confdefs.h +ac_fn_check_decl "$LINENO" "SSIZE_MAX" "ac_cv_have_decl_SSIZE_MAX" " +#include +#include -cat >>confdefs.h <<_ACEOF -#define HAVE_DECL_PATH_MAX $ac_have_decl -_ACEOF +" "$ac_c_undeclared_builtin_options" "CFLAGS" +if test "x$ac_cv_have_decl_SSIZE_MAX" = xyes +then : + ac_have_decl=1 +else $as_nop + ac_have_decl=0 +fi +printf "%s\n" "#define HAVE_DECL_SSIZE_MAX $ac_have_decl" >>confdefs.h -ac_fn_c_check_decl "$LINENO" "SIZE_MAX" "ac_cv_have_decl_SIZE_MAX" " +ac_fn_check_decl "$LINENO" "SIZE_MAX" "ac_cv_have_decl_SIZE_MAX" " #include #include #if defined(HAVE_STDINT_H) @@ -23561,112 +26516,100 @@ # include #endif -" -if test "x$ac_cv_have_decl_SIZE_MAX" = xyes; then : +" "$ac_c_undeclared_builtin_options" "CFLAGS" +if test "x$ac_cv_have_decl_SIZE_MAX" = xyes +then : ac_have_decl=1 -else +else $as_nop ac_have_decl=0 fi - -cat >>confdefs.h <<_ACEOF -#define HAVE_DECL_SIZE_MAX $ac_have_decl -_ACEOF +printf "%s\n" "#define HAVE_DECL_SIZE_MAX $ac_have_decl" >>confdefs.h if test "$ac_cv_have_decl_LLONG_MAX" != "yes"; then - ac_fn_c_check_decl "$LINENO" "QUAD_MAX" "ac_cv_have_decl_QUAD_MAX" " + ac_fn_check_decl "$LINENO" "QUAD_MAX" "ac_cv_have_decl_QUAD_MAX" " #include #include -" -if test "x$ac_cv_have_decl_QUAD_MAX" = xyes; then : +" "$ac_c_undeclared_builtin_options" "CFLAGS" +if test "x$ac_cv_have_decl_QUAD_MAX" = xyes +then : ac_have_decl=1 -else +else $as_nop ac_have_decl=0 fi - -cat >>confdefs.h <<_ACEOF -#define HAVE_DECL_QUAD_MAX $ac_have_decl -_ACEOF +printf "%s\n" "#define HAVE_DECL_QUAD_MAX $ac_have_decl" >>confdefs.h fi if test "$ac_cv_have_decl_LLONG_MIN" != "yes"; then - ac_fn_c_check_decl "$LINENO" "QUAD_MIN" "ac_cv_have_decl_QUAD_MIN" " + ac_fn_check_decl "$LINENO" "QUAD_MIN" "ac_cv_have_decl_QUAD_MIN" " #include #include -" -if test "x$ac_cv_have_decl_QUAD_MIN" = xyes; then : +" "$ac_c_undeclared_builtin_options" "CFLAGS" +if test "x$ac_cv_have_decl_QUAD_MIN" = xyes +then : ac_have_decl=1 -else +else $as_nop ac_have_decl=0 fi - -cat >>confdefs.h <<_ACEOF -#define HAVE_DECL_QUAD_MIN $ac_have_decl -_ACEOF +printf "%s\n" "#define HAVE_DECL_QUAD_MIN $ac_have_decl" >>confdefs.h fi if test "$ac_cv_have_decl_ULLONG_MAX" != "yes"; then - ac_fn_c_check_decl "$LINENO" "UQUAD_MAX" "ac_cv_have_decl_UQUAD_MAX" " + ac_fn_check_decl "$LINENO" "UQUAD_MAX" "ac_cv_have_decl_UQUAD_MAX" " #include #include -" -if test "x$ac_cv_have_decl_UQUAD_MAX" = xyes; then : +" "$ac_c_undeclared_builtin_options" "CFLAGS" +if test "x$ac_cv_have_decl_UQUAD_MAX" = xyes +then : ac_have_decl=1 -else +else $as_nop ac_have_decl=0 fi - -cat >>confdefs.h <<_ACEOF -#define HAVE_DECL_UQUAD_MAX $ac_have_decl -_ACEOF +printf "%s\n" "#define HAVE_DECL_UQUAD_MAX $ac_have_decl" >>confdefs.h fi if test "$ac_cv_have_decl_SIZE_MAX" != "yes"; then - ac_fn_c_check_decl "$LINENO" "SIZE_T_MAX" "ac_cv_have_decl_SIZE_T_MAX" " + ac_fn_check_decl "$LINENO" "SIZE_T_MAX" "ac_cv_have_decl_SIZE_T_MAX" " #include #include -" -if test "x$ac_cv_have_decl_SIZE_T_MAX" = xyes; then : +" "$ac_c_undeclared_builtin_options" "CFLAGS" +if test "x$ac_cv_have_decl_SIZE_T_MAX" = xyes +then : ac_have_decl=1 -else +else $as_nop ac_have_decl=0 fi - -cat >>confdefs.h <<_ACEOF -#define HAVE_DECL_SIZE_T_MAX $ac_have_decl -_ACEOF +printf "%s\n" "#define HAVE_DECL_SIZE_T_MAX $ac_have_decl" >>confdefs.h fi if test "$ac_cv_have_decl_PATH_MAX" != "yes"; then - ac_fn_c_check_decl "$LINENO" "_POSIX_PATH_MAX" "ac_cv_have_decl__POSIX_PATH_MAX" " + ac_fn_check_decl "$LINENO" "_POSIX_PATH_MAX" "ac_cv_have_decl__POSIX_PATH_MAX" " #include #include -" -if test "x$ac_cv_have_decl__POSIX_PATH_MAX" = xyes; then : +" "$ac_c_undeclared_builtin_options" "CFLAGS" +if test "x$ac_cv_have_decl__POSIX_PATH_MAX" = xyes +then : ac_have_decl=1 -else +else $as_nop ac_have_decl=0 fi - -cat >>confdefs.h <<_ACEOF -#define HAVE_DECL__POSIX_PATH_MAX $ac_have_decl -_ACEOF +printf "%s\n" "#define HAVE_DECL__POSIX_PATH_MAX $ac_have_decl" >>confdefs.h fi -for ac_func in strsignal + + for ac_func in strsignal do : ac_fn_c_check_func "$LINENO" "strsignal" "ac_cv_func_strsignal" -if test "x$ac_cv_func_strsignal" = xyes; then : - cat >>confdefs.h <<_ACEOF -#define HAVE_STRSIGNAL 1 -_ACEOF +if test "x$ac_cv_func_strsignal" = xyes +then : + printf "%s\n" "#define HAVE_STRSIGNAL 1" >>confdefs.h -else +else $as_nop case " $LIBOBJS " in *" strsignal.$ac_objext "* ) ;; @@ -23681,40 +26624,38 @@ done HAVE_SIGLIST="false" - ac_fn_c_check_decl "$LINENO" "sys_siglist" "ac_cv_have_decl_sys_siglist" " + ac_fn_check_decl "$LINENO" "sys_siglist" "ac_cv_have_decl_sys_siglist" " $ac_includes_default #include -" -if test "x$ac_cv_have_decl_sys_siglist" = xyes; then : +" "$ac_c_undeclared_builtin_options" "CFLAGS" +if test "x$ac_cv_have_decl_sys_siglist" = xyes +then : ac_have_decl=1 -else +else $as_nop ac_have_decl=0 fi - -cat >>confdefs.h <<_ACEOF -#define HAVE_DECL_SYS_SIGLIST $ac_have_decl -_ACEOF -if test $ac_have_decl = 1; then : +printf "%s\n" "#define HAVE_DECL_SYS_SIGLIST $ac_have_decl" >>confdefs.h +if test $ac_have_decl = 1 +then : HAVE_SIGLIST="true" fi -ac_fn_c_check_decl "$LINENO" "_sys_siglist" "ac_cv_have_decl__sys_siglist" " +ac_fn_check_decl "$LINENO" "_sys_siglist" "ac_cv_have_decl__sys_siglist" " $ac_includes_default #include -" -if test "x$ac_cv_have_decl__sys_siglist" = xyes; then : +" "$ac_c_undeclared_builtin_options" "CFLAGS" +if test "x$ac_cv_have_decl__sys_siglist" = xyes +then : ac_have_decl=1 -else +else $as_nop ac_have_decl=0 fi - -cat >>confdefs.h <<_ACEOF -#define HAVE_DECL__SYS_SIGLIST $ac_have_decl -_ACEOF -if test $ac_have_decl = 1; then : +printf "%s\n" "#define HAVE_DECL__SYS_SIGLIST $ac_have_decl" >>confdefs.h +if test $ac_have_decl = 1 +then : HAVE_SIGLIST="true" @@ -23730,32 +26671,30 @@ fi fi + done -for ac_func in sig2str + for ac_func in sig2str do : ac_fn_c_check_func "$LINENO" "sig2str" "ac_cv_func_sig2str" -if test "x$ac_cv_func_sig2str" = xyes; then : - cat >>confdefs.h <<_ACEOF -#define HAVE_SIG2STR 1 -_ACEOF +if test "x$ac_cv_func_sig2str" = xyes +then : + printf "%s\n" "#define HAVE_SIG2STR 1" >>confdefs.h - ac_fn_c_check_decl "$LINENO" "SIG2STR_MAX" "ac_cv_have_decl_SIG2STR_MAX" " + ac_fn_check_decl "$LINENO" "SIG2STR_MAX" "ac_cv_have_decl_SIG2STR_MAX" " # include -" -if test "x$ac_cv_have_decl_SIG2STR_MAX" = xyes; then : +" "$ac_c_undeclared_builtin_options" "CFLAGS" +if test "x$ac_cv_have_decl_SIG2STR_MAX" = xyes +then : ac_have_decl=1 -else +else $as_nop ac_have_decl=0 fi +printf "%s\n" "#define HAVE_DECL_SIG2STR_MAX $ac_have_decl" >>confdefs.h -cat >>confdefs.h <<_ACEOF -#define HAVE_DECL_SIG2STR_MAX $ac_have_decl -_ACEOF - -else +else $as_nop case " $LIBOBJS " in *" sig2str.$ac_objext "* ) ;; @@ -23771,17 +26710,17 @@ fi + done -for ac_func in str2sig + for ac_func in str2sig do : ac_fn_c_check_func "$LINENO" "str2sig" "ac_cv_func_str2sig" -if test "x$ac_cv_func_str2sig" = xyes; then : - cat >>confdefs.h <<_ACEOF -#define HAVE_STR2SIG 1 -_ACEOF +if test "x$ac_cv_func_str2sig" = xyes +then : + printf "%s\n" "#define HAVE_STR2SIG 1" >>confdefs.h -else +else $as_nop case " $LIBOBJS " in *" str2sig.$ac_objext "* ) ;; @@ -23797,114 +26736,109 @@ fi -done +done if test x"${ac_cv_func_sig2str}${ac_cv_func_str2sig}" != x"yesyes"; then - for ac_func in sigabbrev_np -do : - ac_fn_c_check_func "$LINENO" "sigabbrev_np" "ac_cv_func_sigabbrev_np" -if test "x$ac_cv_func_sigabbrev_np" = xyes; then : - cat >>confdefs.h <<_ACEOF -#define HAVE_SIGABBREV_NP 1 -_ACEOF + ac_fn_c_check_func "$LINENO" "sigabbrev_np" "ac_cv_func_sigabbrev_np" +if test "x$ac_cv_func_sigabbrev_np" = xyes +then : + printf "%s\n" "#define HAVE_SIGABBREV_NP 1" >>confdefs.h fi -done if test x"${ac_cv_func_sigabbrev_np}" != x"yes"; then COMPAT_TEST_PROGS="${COMPAT_TEST_PROGS}${COMPAT_TEST_PROGS+ }strsig_test" HAVE_SIGNAME="false" - ac_fn_c_check_decl "$LINENO" "sys_signame" "ac_cv_have_decl_sys_signame" " + ac_fn_check_decl "$LINENO" "sys_signame" "ac_cv_have_decl_sys_signame" " $ac_includes_default #include -" -if test "x$ac_cv_have_decl_sys_signame" = xyes; then : +" "$ac_c_undeclared_builtin_options" "CFLAGS" +if test "x$ac_cv_have_decl_sys_signame" = xyes +then : ac_have_decl=1 -else +else $as_nop ac_have_decl=0 fi - -cat >>confdefs.h <<_ACEOF -#define HAVE_DECL_SYS_SIGNAME $ac_have_decl -_ACEOF -if test $ac_have_decl = 1; then : +printf "%s\n" "#define HAVE_DECL_SYS_SIGNAME $ac_have_decl" >>confdefs.h +if test $ac_have_decl = 1 +then : HAVE_SIGNAME="true" fi -ac_fn_c_check_decl "$LINENO" "_sys_signame" "ac_cv_have_decl__sys_signame" " +ac_fn_check_decl "$LINENO" "_sys_signame" "ac_cv_have_decl__sys_signame" " $ac_includes_default #include -" -if test "x$ac_cv_have_decl__sys_signame" = xyes; then : +" "$ac_c_undeclared_builtin_options" "CFLAGS" +if test "x$ac_cv_have_decl__sys_signame" = xyes +then : ac_have_decl=1 -else +else $as_nop ac_have_decl=0 fi - -cat >>confdefs.h <<_ACEOF -#define HAVE_DECL__SYS_SIGNAME $ac_have_decl -_ACEOF -if test $ac_have_decl = 1; then : +printf "%s\n" "#define HAVE_DECL__SYS_SIGNAME $ac_have_decl" >>confdefs.h +if test $ac_have_decl = 1 +then : HAVE_SIGNAME="true" fi -ac_fn_c_check_decl "$LINENO" "sys_sigabbrev" "ac_cv_have_decl_sys_sigabbrev" " +ac_fn_check_decl "$LINENO" "sys_sigabbrev" "ac_cv_have_decl_sys_sigabbrev" " $ac_includes_default #include -" -if test "x$ac_cv_have_decl_sys_sigabbrev" = xyes; then : +" "$ac_c_undeclared_builtin_options" "CFLAGS" +if test "x$ac_cv_have_decl_sys_sigabbrev" = xyes +then : ac_have_decl=1 -else +else $as_nop ac_have_decl=0 fi - -cat >>confdefs.h <<_ACEOF -#define HAVE_DECL_SYS_SIGABBREV $ac_have_decl -_ACEOF -if test $ac_have_decl = 1; then : +printf "%s\n" "#define HAVE_DECL_SYS_SIGABBREV $ac_have_decl" >>confdefs.h +if test $ac_have_decl = 1 +then : HAVE_SIGNAME="true" fi if test "$HAVE_SIGNAME" != "true"; then - { $as_echo "$as_me:${as_lineno-$LINENO}: checking for undeclared sys_sigabbrev" >&5 -$as_echo_n "checking for undeclared sys_sigabbrev... " >&6; } -if ${sudo_cv_var_sys_sigabbrev+:} false; then : - $as_echo_n "(cached) " >&6 -else + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for undeclared sys_sigabbrev" >&5 +printf %s "checking for undeclared sys_sigabbrev... " >&6; } +if test ${sudo_cv_var_sys_sigabbrev+y} +then : + printf %s "(cached) " >&6 +else $as_nop cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ extern char **sys_sigabbrev; int -main () +main (void) { return sys_sigabbrev[1]; ; return 0; } _ACEOF -if ac_fn_c_try_link "$LINENO"; then : +if ac_fn_c_try_link "$LINENO" +then : sudo_cv_var_sys_sigabbrev=yes -else +else $as_nop sudo_cv_var_sys_sigabbrev=no fi -rm -f core conftest.err conftest.$ac_objext \ +rm -f core conftest.err conftest.$ac_objext conftest.beam \ conftest$ac_exeext conftest.$ac_ext fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $sudo_cv_var_sys_sigabbrev" >&5 -$as_echo "$sudo_cv_var_sys_sigabbrev" >&6; } +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $sudo_cv_var_sys_sigabbrev" >&5 +printf "%s\n" "$sudo_cv_var_sys_sigabbrev" >&6; } if test "$sudo_cv_var_sys_sigabbrev" = yes; then - $as_echo "#define HAVE_SYS_SIGABBREV 1" >>confdefs.h + printf "%s\n" "#define HAVE_SYS_SIGABBREV 1" >>confdefs.h else case " $LIBOBJS " in @@ -23921,16 +26855,12 @@ OLIBS="$LIBS" LIBS="$LIBS $lt_cv_dlopen_libs" -for ac_func in dl_iterate_phdr -do : - ac_fn_c_check_func "$LINENO" "dl_iterate_phdr" "ac_cv_func_dl_iterate_phdr" -if test "x$ac_cv_func_dl_iterate_phdr" = xyes; then : - cat >>confdefs.h <<_ACEOF -#define HAVE_DL_ITERATE_PHDR 1 -_ACEOF +ac_fn_c_check_func "$LINENO" "dl_iterate_phdr" "ac_cv_func_dl_iterate_phdr" +if test "x$ac_cv_func_dl_iterate_phdr" = xyes +then : + printf "%s\n" "#define HAVE_DL_ITERATE_PHDR 1" >>confdefs.h fi -done LIBS="$OLIBS" @@ -23965,12 +26895,13 @@ # Check for pam_start() in libpam first, then for pam_appl.h. # found_pam_lib=no - as_ac_Lib=`$as_echo "ac_cv_lib_pam_pam_start$lt_cv_dlopen_libs" | $as_tr_sh` -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for pam_start in -lpam" >&5 -$as_echo_n "checking for pam_start in -lpam... " >&6; } -if eval \${$as_ac_Lib+:} false; then : - $as_echo_n "(cached) " >&6 -else + as_ac_Lib=`printf "%s\n" "ac_cv_lib_pam_pam_start$lt_cv_dlopen_libs" | $as_tr_sh` +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for pam_start in -lpam" >&5 +printf %s "checking for pam_start in -lpam... " >&6; } +if eval test \${$as_ac_Lib+y} +then : + printf %s "(cached) " >&6 +else $as_nop ac_check_lib_save_LIBS=$LIBS LIBS="-lpam $lt_cv_dlopen_libs $LIBS" cat confdefs.h - <<_ACEOF >conftest.$ac_ext @@ -23979,31 +26910,30 @@ /* Override any GCC internal prototype to avoid an error. Use char because int might match the return type of a GCC builtin and then its argument prototype would still apply. */ -#ifdef __cplusplus -extern "C" -#endif char pam_start (); int -main () +main (void) { return pam_start (); ; return 0; } _ACEOF -if ac_fn_c_try_link "$LINENO"; then : +if ac_fn_c_try_link "$LINENO" +then : eval "$as_ac_Lib=yes" -else +else $as_nop eval "$as_ac_Lib=no" fi -rm -f core conftest.err conftest.$ac_objext \ +rm -f core conftest.err conftest.$ac_objext conftest.beam \ conftest$ac_exeext conftest.$ac_ext LIBS=$ac_check_lib_save_LIBS fi eval ac_res=\$$as_ac_Lib - { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_res" >&5 -$as_echo "$ac_res" >&6; } -if eval test \"x\$"$as_ac_Lib"\" = x"yes"; then : + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_res" >&5 +printf "%s\n" "$ac_res" >&6; } +if eval test \"x\$"$as_ac_Lib"\" = x"yes" +then : found_pam_lib=yes fi @@ -24012,35 +26942,35 @@ # in /usr/include/pam instead of /usr/include/security... # found_pam_hdrs=no - for ac_header in security/pam_appl.h pam/pam_appl.h + for ac_header in security/pam_appl.h pam/pam_appl.h do : - as_ac_Header=`$as_echo "ac_cv_header_$ac_header" | $as_tr_sh` -ac_fn_c_check_header_mongrel "$LINENO" "$ac_header" "$as_ac_Header" "$ac_includes_default" -if eval test \"x\$"$as_ac_Header"\" = x"yes"; then : + as_ac_Header=`printf "%s\n" "ac_cv_header_$ac_header" | $as_tr_sh` +ac_fn_c_check_header_compile "$LINENO" "$ac_header" "$as_ac_Header" "$ac_includes_default" +if eval test \"x\$"$as_ac_Header"\" = x"yes" +then : cat >>confdefs.h <<_ACEOF -#define `$as_echo "HAVE_$ac_header" | $as_tr_cpp` 1 +#define `printf "%s\n" "HAVE_$ac_header" | $as_tr_cpp` 1 _ACEOF found_pam_hdrs=yes; break fi done - if test "$found_pam_lib" = "yes" -a "$found_pam_hdrs" = "yes"; then # Found both PAM libs and headers with_pam=yes elif test "$with_pam" = "yes"; then if test "$found_pam_lib" = "no"; then - as_fn_error $? "\"--with-pam specified but unable to locate PAM development library.\"" "$LINENO" 5 + as_fn_error $? "--with-pam specified but unable to locate PAM development library." "$LINENO" 5 fi if test "$found_pam_hdrs" = "no"; then - as_fn_error $? "\"--with-pam specified but unable to locate PAM development headers.\"" "$LINENO" 5 + as_fn_error $? "--with-pam specified but unable to locate PAM development headers." "$LINENO" 5 fi elif test "$found_pam_lib" != "$found_pam_hdrs"; then if test "$found_pam_lib" = "no"; then - as_fn_error $? "\"found PAM headers but no PAM development library; specify --without-pam to build without PAM\"" "$LINENO" 5 + as_fn_error $? "found PAM headers but no PAM development library; specify --without-pam to build without PAM" "$LINENO" 5 fi if test "$found_pam_hdrs" = "no"; then - as_fn_error $? "\"found PAM library but no PAM development headers; specify --without-pam to build without PAM\"" "$LINENO" 5 + as_fn_error $? "found PAM library but no PAM development headers; specify --without-pam to build without PAM" "$LINENO" 5 fi fi @@ -24048,89 +26978,72 @@ # Older PAM implementations lack pam_getenvlist OLIBS="$LIBS" LIBS="$LIBS -lpam $lt_cv_dlopen_libs" - for ac_func in pam_getenvlist -do : - ac_fn_c_check_func "$LINENO" "pam_getenvlist" "ac_cv_func_pam_getenvlist" -if test "x$ac_cv_func_pam_getenvlist" = xyes; then : - cat >>confdefs.h <<_ACEOF -#define HAVE_PAM_GETENVLIST 1 -_ACEOF + ac_fn_c_check_func "$LINENO" "pam_getenvlist" "ac_cv_func_pam_getenvlist" +if test "x$ac_cv_func_pam_getenvlist" = xyes +then : + printf "%s\n" "#define HAVE_PAM_GETENVLIST 1" >>confdefs.h fi -done LIBS="$OLIBS" # We already link with -ldl if needed (see LIBDL below) SUDOERS_LIBS="${SUDOERS_LIBS} -lpam" - $as_echo "#define HAVE_PAM 1" >>confdefs.h + printf "%s\n" "#define HAVE_PAM 1" >>confdefs.h AUTH_OBJS="$AUTH_OBJS pam.lo"; AUTH_EXCL=PAM # Check whether --with-pam-login was given. -if test "${with_pam_login+set}" = set; then : +if test ${with_pam_login+y} +then : withval=$with_pam_login; case $with_pam_login in - yes) $as_echo "#define HAVE_PAM_LOGIN 1" >>confdefs.h + yes) printf "%s\n" "#define HAVE_PAM_LOGIN 1" >>confdefs.h - { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether to use PAM login" >&5 -$as_echo_n "checking whether to use PAM login... " >&6; } - { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 -$as_echo "yes" >&6; } pam_login_service="sudo-i" ;; no) ;; - *) as_fn_error $? "\"--with-pam-login does not take an argument.\"" "$LINENO" 5 + *) as_fn_error $? "--with-pam-login does not take an argument." "$LINENO" 5 ;; esac fi - { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether to use PAM session support" >&5 -$as_echo_n "checking whether to use PAM session support... " >&6; } # Check whether --enable-pam_session was given. -if test "${enable_pam_session+set}" = set; then : +if test ${enable_pam_session+y} +then : enableval=$enable_pam_session; case "$enableval" in - yes) { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 -$as_echo "yes" >&6; } - ;; - no) { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 -$as_echo "no" >&6; } - $as_echo "#define NO_PAM_SESSION 1" >>confdefs.h + yes) ;; + no) printf "%s\n" "#define NO_PAM_SESSION 1" >>confdefs.h pam_session=off ;; - *) { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 -$as_echo "no" >&6; } - { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: Ignoring unknown argument to --enable-pam-session: $enableval" >&5 -$as_echo "$as_me: WARNING: Ignoring unknown argument to --enable-pam-session: $enableval" >&2;} + *) { printf "%s\n" "$as_me:${as_lineno-$LINENO}: WARNING: ignoring unknown argument to --enable-pam-session: $enableval" >&5 +printf "%s\n" "$as_me: WARNING: ignoring unknown argument to --enable-pam-session: $enableval" >&2;} ;; esac -else - { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 -$as_echo "yes" >&6; } fi fi fi if test ${with_aixauth-'no'} != "no"; then - for ac_func in authenticate + + for ac_func in authenticate do : ac_fn_c_check_func "$LINENO" "authenticate" "ac_cv_func_authenticate" -if test "x$ac_cv_func_authenticate" = xyes; then : - cat >>confdefs.h <<_ACEOF -#define HAVE_AUTHENTICATE 1 -_ACEOF +if test "x$ac_cv_func_authenticate" = xyes +then : + printf "%s\n" "#define HAVE_AUTHENTICATE 1" >>confdefs.h with_aixauth=yes fi -done +done if test "${with_aixauth}" = "yes"; then - { $as_echo "$as_me:${as_lineno-$LINENO}: using AIX general authentication" >&5 -$as_echo "$as_me: using AIX general authentication" >&6;} - $as_echo "#define HAVE_AIXAUTH 1" >>confdefs.h + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: using AIX general authentication" >&5 +printf "%s\n" "$as_me: using AIX general authentication" >&6;} + printf "%s\n" "#define HAVE_AIXAUTH 1" >>confdefs.h AUTH_OBJS="$AUTH_OBJS aix_auth.lo"; SUDOERS_LIBS="${SUDOERS_LIBS} -ls" @@ -24139,34 +27052,34 @@ fi if test ${with_bsdauth-'no'} != "no"; then - ac_fn_c_check_header_mongrel "$LINENO" "bsd_auth.h" "ac_cv_header_bsd_auth_h" "$ac_includes_default" -if test "x$ac_cv_header_bsd_auth_h" = xyes; then : - $as_echo "#define HAVE_BSD_AUTH_H 1" >>confdefs.h + ac_fn_c_check_header_compile "$LINENO" "bsd_auth.h" "ac_cv_header_bsd_auth_h" "$ac_includes_default" +if test "x$ac_cv_header_bsd_auth_h" = xyes +then : + printf "%s\n" "#define HAVE_BSD_AUTH_H 1" >>confdefs.h AUTH_OBJS="$AUTH_OBJS bsdauth.lo" BSDAUTH_USAGE='[-a type] ' AUTH_EXCL=BSD_AUTH; BAMAN=1 -else +else $as_nop as_fn_error $? "BSD authentication was specified but bsd_auth.h could not be found" "$LINENO" 5 fi - fi if test ${CHECKSIA-'false'} = "true"; then - for ac_func in sia_ses_init + + for ac_func in sia_ses_init do : ac_fn_c_check_func "$LINENO" "sia_ses_init" "ac_cv_func_sia_ses_init" -if test "x$ac_cv_func_sia_ses_init" = xyes; then : - cat >>confdefs.h <<_ACEOF -#define HAVE_SIA_SES_INIT 1 -_ACEOF +if test "x$ac_cv_func_sia_ses_init" = xyes +then : + printf "%s\n" "#define HAVE_SIA_SES_INIT 1" >>confdefs.h found=true -else +else $as_nop found=false fi -done +done if test "$found" = "true"; then AUTH_EXCL=SIA AUTH_OBJS="$AUTH_OBJS sia.lo" @@ -24177,66 +27090,68 @@ if test "$with_fwtk" != "yes"; then -if ${SUDOERS_LDFLAGS+:} false; then : +if test ${SUDOERS_LDFLAGS+y} +then : case " $SUDOERS_LDFLAGS " in #( *" -L${with_fwtk} "*) : - { { $as_echo "$as_me:${as_lineno-$LINENO}: : SUDOERS_LDFLAGS already contains -L\${with_fwtk}"; } >&5 + { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: : SUDOERS_LDFLAGS already contains -L\${with_fwtk}"; } >&5 (: SUDOERS_LDFLAGS already contains -L${with_fwtk}) 2>&5 ac_status=$? - $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 test $ac_status = 0; } ;; #( *) : as_fn_append SUDOERS_LDFLAGS " -L${with_fwtk}" - { { $as_echo "$as_me:${as_lineno-$LINENO}: : SUDOERS_LDFLAGS=\"\$SUDOERS_LDFLAGS\""; } >&5 + { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: : SUDOERS_LDFLAGS=\"\$SUDOERS_LDFLAGS\""; } >&5 (: SUDOERS_LDFLAGS="$SUDOERS_LDFLAGS") 2>&5 ac_status=$? - $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 test $ac_status = 0; } ;; esac -else +else $as_nop SUDOERS_LDFLAGS=-L${with_fwtk} - { { $as_echo "$as_me:${as_lineno-$LINENO}: : SUDOERS_LDFLAGS=\"\$SUDOERS_LDFLAGS\""; } >&5 + { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: : SUDOERS_LDFLAGS=\"\$SUDOERS_LDFLAGS\""; } >&5 (: SUDOERS_LDFLAGS="$SUDOERS_LDFLAGS") 2>&5 ac_status=$? - $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 test $ac_status = 0; } fi if test X"$enable_rpath" = X"yes"; then -if ${SUDOERS_LDFLAGS_R+:} false; then : +if test ${SUDOERS_LDFLAGS_R+y} +then : case " $SUDOERS_LDFLAGS_R " in #( *" -R${with_fwtk} "*) : - { { $as_echo "$as_me:${as_lineno-$LINENO}: : SUDOERS_LDFLAGS_R already contains -R\${with_fwtk}"; } >&5 + { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: : SUDOERS_LDFLAGS_R already contains -R\${with_fwtk}"; } >&5 (: SUDOERS_LDFLAGS_R already contains -R${with_fwtk}) 2>&5 ac_status=$? - $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 test $ac_status = 0; } ;; #( *) : as_fn_append SUDOERS_LDFLAGS_R " -R${with_fwtk}" - { { $as_echo "$as_me:${as_lineno-$LINENO}: : SUDOERS_LDFLAGS_R=\"\$SUDOERS_LDFLAGS_R\""; } >&5 + { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: : SUDOERS_LDFLAGS_R=\"\$SUDOERS_LDFLAGS_R\""; } >&5 (: SUDOERS_LDFLAGS_R="$SUDOERS_LDFLAGS_R") 2>&5 ac_status=$? - $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 test $ac_status = 0; } ;; esac -else +else $as_nop SUDOERS_LDFLAGS_R=-R${with_fwtk} - { { $as_echo "$as_me:${as_lineno-$LINENO}: : SUDOERS_LDFLAGS_R=\"\$SUDOERS_LDFLAGS_R\""; } >&5 + { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: : SUDOERS_LDFLAGS_R=\"\$SUDOERS_LDFLAGS_R\""; } >&5 (: SUDOERS_LDFLAGS_R="$SUDOERS_LDFLAGS_R") 2>&5 ac_status=$? - $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 test $ac_status = 0; } fi @@ -24244,33 +27159,34 @@ fi -if ${CPPFLAGS+:} false; then : +if test ${CPPFLAGS+y} +then : case " $CPPFLAGS " in #( *" -I${with_fwtk} "*) : - { { $as_echo "$as_me:${as_lineno-$LINENO}: : CPPFLAGS already contains -I\${with_fwtk}"; } >&5 + { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: : CPPFLAGS already contains -I\${with_fwtk}"; } >&5 (: CPPFLAGS already contains -I${with_fwtk}) 2>&5 ac_status=$? - $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 test $ac_status = 0; } ;; #( *) : as_fn_append CPPFLAGS " -I${with_fwtk}" - { { $as_echo "$as_me:${as_lineno-$LINENO}: : CPPFLAGS=\"\$CPPFLAGS\""; } >&5 + { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: : CPPFLAGS=\"\$CPPFLAGS\""; } >&5 (: CPPFLAGS="$CPPFLAGS") 2>&5 ac_status=$? - $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 test $ac_status = 0; } ;; esac -else +else $as_nop CPPFLAGS=-I${with_fwtk} - { { $as_echo "$as_me:${as_lineno-$LINENO}: : CPPFLAGS=\"\$CPPFLAGS\""; } >&5 + { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: : CPPFLAGS=\"\$CPPFLAGS\""; } >&5 (: CPPFLAGS="$CPPFLAGS") 2>&5 ac_status=$? - $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 test $ac_status = 0; } fi @@ -24290,99 +27206,102 @@ with_SecurID=/usr/ace fi -if ${CPPFLAGS+:} false; then : +if test ${CPPFLAGS+y} +then : case " $CPPFLAGS " in #( *" -I${with_SecurID} "*) : - { { $as_echo "$as_me:${as_lineno-$LINENO}: : CPPFLAGS already contains -I\${with_SecurID}"; } >&5 + { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: : CPPFLAGS already contains -I\${with_SecurID}"; } >&5 (: CPPFLAGS already contains -I${with_SecurID}) 2>&5 ac_status=$? - $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 test $ac_status = 0; } ;; #( *) : as_fn_append CPPFLAGS " -I${with_SecurID}" - { { $as_echo "$as_me:${as_lineno-$LINENO}: : CPPFLAGS=\"\$CPPFLAGS\""; } >&5 + { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: : CPPFLAGS=\"\$CPPFLAGS\""; } >&5 (: CPPFLAGS="$CPPFLAGS") 2>&5 ac_status=$? - $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 test $ac_status = 0; } ;; esac -else +else $as_nop CPPFLAGS=-I${with_SecurID} - { { $as_echo "$as_me:${as_lineno-$LINENO}: : CPPFLAGS=\"\$CPPFLAGS\""; } >&5 + { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: : CPPFLAGS=\"\$CPPFLAGS\""; } >&5 (: CPPFLAGS="$CPPFLAGS") 2>&5 ac_status=$? - $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 test $ac_status = 0; } fi -if ${SUDOERS_LDFLAGS+:} false; then : +if test ${SUDOERS_LDFLAGS+y} +then : case " $SUDOERS_LDFLAGS " in #( *" -L${with_SecurID} "*) : - { { $as_echo "$as_me:${as_lineno-$LINENO}: : SUDOERS_LDFLAGS already contains -L\${with_SecurID}"; } >&5 + { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: : SUDOERS_LDFLAGS already contains -L\${with_SecurID}"; } >&5 (: SUDOERS_LDFLAGS already contains -L${with_SecurID}) 2>&5 ac_status=$? - $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 test $ac_status = 0; } ;; #( *) : as_fn_append SUDOERS_LDFLAGS " -L${with_SecurID}" - { { $as_echo "$as_me:${as_lineno-$LINENO}: : SUDOERS_LDFLAGS=\"\$SUDOERS_LDFLAGS\""; } >&5 + { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: : SUDOERS_LDFLAGS=\"\$SUDOERS_LDFLAGS\""; } >&5 (: SUDOERS_LDFLAGS="$SUDOERS_LDFLAGS") 2>&5 ac_status=$? - $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 test $ac_status = 0; } ;; esac -else +else $as_nop SUDOERS_LDFLAGS=-L${with_SecurID} - { { $as_echo "$as_me:${as_lineno-$LINENO}: : SUDOERS_LDFLAGS=\"\$SUDOERS_LDFLAGS\""; } >&5 + { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: : SUDOERS_LDFLAGS=\"\$SUDOERS_LDFLAGS\""; } >&5 (: SUDOERS_LDFLAGS="$SUDOERS_LDFLAGS") 2>&5 ac_status=$? - $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 test $ac_status = 0; } fi if test X"$enable_rpath" = X"yes"; then -if ${SUDOERS_LDFLAGS_R+:} false; then : +if test ${SUDOERS_LDFLAGS_R+y} +then : case " $SUDOERS_LDFLAGS_R " in #( *" -R${with_SecurID} "*) : - { { $as_echo "$as_me:${as_lineno-$LINENO}: : SUDOERS_LDFLAGS_R already contains -R\${with_SecurID}"; } >&5 + { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: : SUDOERS_LDFLAGS_R already contains -R\${with_SecurID}"; } >&5 (: SUDOERS_LDFLAGS_R already contains -R${with_SecurID}) 2>&5 ac_status=$? - $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 test $ac_status = 0; } ;; #( *) : as_fn_append SUDOERS_LDFLAGS_R " -R${with_SecurID}" - { { $as_echo "$as_me:${as_lineno-$LINENO}: : SUDOERS_LDFLAGS_R=\"\$SUDOERS_LDFLAGS_R\""; } >&5 + { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: : SUDOERS_LDFLAGS_R=\"\$SUDOERS_LDFLAGS_R\""; } >&5 (: SUDOERS_LDFLAGS_R="$SUDOERS_LDFLAGS_R") 2>&5 ac_status=$? - $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 test $ac_status = 0; } ;; esac -else +else $as_nop SUDOERS_LDFLAGS_R=-R${with_SecurID} - { { $as_echo "$as_me:${as_lineno-$LINENO}: : SUDOERS_LDFLAGS_R=\"\$SUDOERS_LDFLAGS_R\""; } >&5 + { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: : SUDOERS_LDFLAGS_R=\"\$SUDOERS_LDFLAGS_R\""; } >&5 (: SUDOERS_LDFLAGS_R="$SUDOERS_LDFLAGS_R") 2>&5 ac_status=$? - $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 test $ac_status = 0; } fi @@ -24405,11 +27324,12 @@ if test ${with_kerb5-'no'} != "no"; then # Extract the first word of "krb5-config", so it can be a program name with args. set dummy krb5-config; ac_word=$2 -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 -$as_echo_n "checking for $ac_word... " >&6; } -if ${ac_cv_prog_KRB5CONFIG+:} false; then : - $as_echo_n "(cached) " >&6 -else +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 +printf %s "checking for $ac_word... " >&6; } +if test ${ac_cv_prog_KRB5CONFIG+y} +then : + printf %s "(cached) " >&6 +else $as_nop if test -n "$KRB5CONFIG"; then ac_cv_prog_KRB5CONFIG="$KRB5CONFIG" # Let the user override the test. else @@ -24417,11 +27337,15 @@ for as_dir in $PATH do IFS=$as_save_IFS - test -z "$as_dir" && as_dir=. + case $as_dir in #((( + '') as_dir=./ ;; + */) ;; + *) as_dir=$as_dir/ ;; + esac for ac_exec_ext in '' $ac_executable_extensions; do - if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then + if as_fn_executable_p "$as_dir$ac_word$ac_exec_ext"; then ac_cv_prog_KRB5CONFIG="yes" - $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 + printf "%s\n" "$as_me:${as_lineno-$LINENO}: found $as_dir$ac_word$ac_exec_ext" >&5 break 2 fi done @@ -24433,81 +27357,85 @@ fi KRB5CONFIG=$ac_cv_prog_KRB5CONFIG if test -n "$KRB5CONFIG"; then - { $as_echo "$as_me:${as_lineno-$LINENO}: result: $KRB5CONFIG" >&5 -$as_echo "$KRB5CONFIG" >&6; } + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $KRB5CONFIG" >&5 +printf "%s\n" "$KRB5CONFIG" >&6; } else - { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 -$as_echo "no" >&6; } + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5 +printf "%s\n" "no" >&6; } fi if test -n "$KRB5CONFIG"; then - $as_echo "#define HAVE_KERB5 1" >>confdefs.h + printf "%s\n" "#define HAVE_KERB5 1" >>confdefs.h AUTH_OBJS="$AUTH_OBJS kerb5.lo" + for f in `krb5-config --cflags`; do -if ${CPPFLAGS+:} false; then : +if test ${CPPFLAGS+y} +then : case " $CPPFLAGS " in #( - *" `krb5-config --cflags` "*) : - { { $as_echo "$as_me:${as_lineno-$LINENO}: : CPPFLAGS already contains \`krb5-config --cflags\`"; } >&5 - (: CPPFLAGS already contains `krb5-config --cflags`) 2>&5 + *" $f "*) : + { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: : CPPFLAGS already contains \$f"; } >&5 + (: CPPFLAGS already contains $f) 2>&5 ac_status=$? - $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 test $ac_status = 0; } ;; #( *) : - as_fn_append CPPFLAGS " `krb5-config --cflags`" - { { $as_echo "$as_me:${as_lineno-$LINENO}: : CPPFLAGS=\"\$CPPFLAGS\""; } >&5 + as_fn_append CPPFLAGS " $f" + { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: : CPPFLAGS=\"\$CPPFLAGS\""; } >&5 (: CPPFLAGS="$CPPFLAGS") 2>&5 ac_status=$? - $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 test $ac_status = 0; } ;; esac -else +else $as_nop - CPPFLAGS=`krb5-config --cflags` - { { $as_echo "$as_me:${as_lineno-$LINENO}: : CPPFLAGS=\"\$CPPFLAGS\""; } >&5 + CPPFLAGS=$f + { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: : CPPFLAGS=\"\$CPPFLAGS\""; } >&5 (: CPPFLAGS="$CPPFLAGS") 2>&5 ac_status=$? - $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 test $ac_status = 0; } fi + done SUDOERS_LIBS="$SUDOERS_LIBS `krb5-config --libs`" - { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether we are using Heimdal" >&5 -$as_echo_n "checking whether we are using Heimdal... " >&6; } + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking whether we are using Heimdal" >&5 +printf %s "checking whether we are using Heimdal... " >&6; } cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ #include int -main () +main (void) { const char *tmp = heimdal_version; ; return 0; } _ACEOF -if ac_fn_c_try_compile "$LINENO"; then : +if ac_fn_c_try_compile "$LINENO" +then : - { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 -$as_echo "yes" >&6; } - $as_echo "#define HAVE_HEIMDAL 1" >>confdefs.h + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: yes" >&5 +printf "%s\n" "yes" >&6; } + printf "%s\n" "#define HAVE_HEIMDAL 1" >>confdefs.h -else +else $as_nop - { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 -$as_echo "no" >&6; } + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5 +printf "%s\n" "no" >&6; } fi -rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext +rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext else - $as_echo "#define HAVE_KERB5 1" >>confdefs.h + printf "%s\n" "#define HAVE_KERB5 1" >>confdefs.h if test "$with_kerb5" = "yes"; then found=no @@ -24518,86 +27446,89 @@ /* end confdefs.h. */ #include int -main () +main (void) { ; return 0; } _ACEOF -if ac_fn_c_try_cpp "$LINENO"; then : +if ac_fn_c_try_cpp "$LINENO" +then : found=yes; break fi rm -f conftest.err conftest.i conftest.$ac_ext done if test X"$found" = X"no"; then CPPFLAGS="$O_CPPFLAGS" - { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: Unable to locate Kerberos V include files, you will have to edit the Makefile and add -I/path/to/krb/includes to CPPFLAGS" >&5 -$as_echo "$as_me: WARNING: Unable to locate Kerberos V include files, you will have to edit the Makefile and add -I/path/to/krb/includes to CPPFLAGS" >&2;} + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: WARNING: unable to locate Kerberos V include files, you will have to edit the Makefile and add -I/path/to/krb/includes to CPPFLAGS" >&5 +printf "%s\n" "$as_me: WARNING: unable to locate Kerberos V include files, you will have to edit the Makefile and add -I/path/to/krb/includes to CPPFLAGS" >&2;} fi else -if ${SUDOERS_LDFLAGS+:} false; then : +if test ${SUDOERS_LDFLAGS+y} +then : case " $SUDOERS_LDFLAGS " in #( *" -L${with_kerb5}/lib "*) : - { { $as_echo "$as_me:${as_lineno-$LINENO}: : SUDOERS_LDFLAGS already contains -L\${with_kerb5}/lib"; } >&5 + { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: : SUDOERS_LDFLAGS already contains -L\${with_kerb5}/lib"; } >&5 (: SUDOERS_LDFLAGS already contains -L${with_kerb5}/lib) 2>&5 ac_status=$? - $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 test $ac_status = 0; } ;; #( *) : as_fn_append SUDOERS_LDFLAGS " -L${with_kerb5}/lib" - { { $as_echo "$as_me:${as_lineno-$LINENO}: : SUDOERS_LDFLAGS=\"\$SUDOERS_LDFLAGS\""; } >&5 + { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: : SUDOERS_LDFLAGS=\"\$SUDOERS_LDFLAGS\""; } >&5 (: SUDOERS_LDFLAGS="$SUDOERS_LDFLAGS") 2>&5 ac_status=$? - $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 test $ac_status = 0; } ;; esac -else +else $as_nop SUDOERS_LDFLAGS=-L${with_kerb5}/lib - { { $as_echo "$as_me:${as_lineno-$LINENO}: : SUDOERS_LDFLAGS=\"\$SUDOERS_LDFLAGS\""; } >&5 + { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: : SUDOERS_LDFLAGS=\"\$SUDOERS_LDFLAGS\""; } >&5 (: SUDOERS_LDFLAGS="$SUDOERS_LDFLAGS") 2>&5 ac_status=$? - $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 test $ac_status = 0; } fi if test X"$enable_rpath" = X"yes"; then -if ${SUDOERS_LDFLAGS_R+:} false; then : +if test ${SUDOERS_LDFLAGS_R+y} +then : case " $SUDOERS_LDFLAGS_R " in #( *" -R${with_kerb5}/lib "*) : - { { $as_echo "$as_me:${as_lineno-$LINENO}: : SUDOERS_LDFLAGS_R already contains -R\${with_kerb5}/lib"; } >&5 + { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: : SUDOERS_LDFLAGS_R already contains -R\${with_kerb5}/lib"; } >&5 (: SUDOERS_LDFLAGS_R already contains -R${with_kerb5}/lib) 2>&5 ac_status=$? - $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 test $ac_status = 0; } ;; #( *) : as_fn_append SUDOERS_LDFLAGS_R " -R${with_kerb5}/lib" - { { $as_echo "$as_me:${as_lineno-$LINENO}: : SUDOERS_LDFLAGS_R=\"\$SUDOERS_LDFLAGS_R\""; } >&5 + { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: : SUDOERS_LDFLAGS_R=\"\$SUDOERS_LDFLAGS_R\""; } >&5 (: SUDOERS_LDFLAGS_R="$SUDOERS_LDFLAGS_R") 2>&5 ac_status=$? - $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 test $ac_status = 0; } ;; esac -else +else $as_nop SUDOERS_LDFLAGS_R=-R${with_kerb5}/lib - { { $as_echo "$as_me:${as_lineno-$LINENO}: : SUDOERS_LDFLAGS_R=\"\$SUDOERS_LDFLAGS_R\""; } >&5 + { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: : SUDOERS_LDFLAGS_R=\"\$SUDOERS_LDFLAGS_R\""; } >&5 (: SUDOERS_LDFLAGS_R="$SUDOERS_LDFLAGS_R") 2>&5 ac_status=$? - $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 test $ac_status = 0; } fi @@ -24605,65 +27536,68 @@ fi -if ${CPPFLAGS+:} false; then : +if test ${CPPFLAGS+y} +then : case " $CPPFLAGS " in #( *" -I${with_kerb5}/include "*) : - { { $as_echo "$as_me:${as_lineno-$LINENO}: : CPPFLAGS already contains -I\${with_kerb5}/include"; } >&5 + { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: : CPPFLAGS already contains -I\${with_kerb5}/include"; } >&5 (: CPPFLAGS already contains -I${with_kerb5}/include) 2>&5 ac_status=$? - $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 test $ac_status = 0; } ;; #( *) : as_fn_append CPPFLAGS " -I${with_kerb5}/include" - { { $as_echo "$as_me:${as_lineno-$LINENO}: : CPPFLAGS=\"\$CPPFLAGS\""; } >&5 + { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: : CPPFLAGS=\"\$CPPFLAGS\""; } >&5 (: CPPFLAGS="$CPPFLAGS") 2>&5 ac_status=$? - $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 test $ac_status = 0; } ;; esac -else +else $as_nop CPPFLAGS=-I${with_kerb5}/include - { { $as_echo "$as_me:${as_lineno-$LINENO}: : CPPFLAGS=\"\$CPPFLAGS\""; } >&5 + { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: : CPPFLAGS=\"\$CPPFLAGS\""; } >&5 (: CPPFLAGS="$CPPFLAGS") 2>&5 ac_status=$? - $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 test $ac_status = 0; } fi fi - { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether we are using Heimdal" >&5 -$as_echo_n "checking whether we are using Heimdal... " >&6; } + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking whether we are using Heimdal" >&5 +printf %s "checking whether we are using Heimdal... " >&6; } cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ #include int -main () +main (void) { const char *tmp = heimdal_version; ; return 0; } _ACEOF -if ac_fn_c_try_compile "$LINENO"; then : +if ac_fn_c_try_compile "$LINENO" +then : - { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 -$as_echo "yes" >&6; } - $as_echo "#define HAVE_HEIMDAL 1" >>confdefs.h + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: yes" >&5 +printf "%s\n" "yes" >&6; } + printf "%s\n" "#define HAVE_HEIMDAL 1" >>confdefs.h # XXX - need to check whether -lcrypo is needed! SUDOERS_LIBS="${SUDOERS_LIBS} -lkrb5 -lcrypto -ldes -lcom_err -lasn1" - { $as_echo "$as_me:${as_lineno-$LINENO}: checking for main in -lroken" >&5 -$as_echo_n "checking for main in -lroken... " >&6; } -if ${ac_cv_lib_roken_main+:} false; then : - $as_echo_n "(cached) " >&6 -else + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for main in -lroken" >&5 +printf %s "checking for main in -lroken... " >&6; } +if test ${ac_cv_lib_roken_main+y} +then : + printf %s "(cached) " >&6 +else $as_nop ac_check_lib_save_LIBS=$LIBS LIBS="-lroken $LIBS" cat confdefs.h - <<_ACEOF >conftest.$ac_ext @@ -24671,39 +27605,42 @@ int -main () +main (void) { return main (); ; return 0; } _ACEOF -if ac_fn_c_try_link "$LINENO"; then : +if ac_fn_c_try_link "$LINENO" +then : ac_cv_lib_roken_main=yes -else +else $as_nop ac_cv_lib_roken_main=no fi -rm -f core conftest.err conftest.$ac_objext \ +rm -f core conftest.err conftest.$ac_objext conftest.beam \ conftest$ac_exeext conftest.$ac_ext LIBS=$ac_check_lib_save_LIBS fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_roken_main" >&5 -$as_echo "$ac_cv_lib_roken_main" >&6; } -if test "x$ac_cv_lib_roken_main" = xyes; then : +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_roken_main" >&5 +printf "%s\n" "$ac_cv_lib_roken_main" >&6; } +if test "x$ac_cv_lib_roken_main" = xyes +then : SUDOERS_LIBS="${SUDOERS_LIBS} -lroken" fi -else +else $as_nop - { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 -$as_echo "no" >&6; } + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5 +printf "%s\n" "no" >&6; } SUDOERS_LIBS="${SUDOERS_LIBS} -lkrb5 -lk5crypto -lcom_err" - { $as_echo "$as_me:${as_lineno-$LINENO}: checking for main in -lkrb5support" >&5 -$as_echo_n "checking for main in -lkrb5support... " >&6; } -if ${ac_cv_lib_krb5support_main+:} false; then : - $as_echo_n "(cached) " >&6 -else + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for main in -lkrb5support" >&5 +printf %s "checking for main in -lkrb5support... " >&6; } +if test ${ac_cv_lib_krb5support_main+y} +then : + printf %s "(cached) " >&6 +else $as_nop ac_check_lib_save_LIBS=$LIBS LIBS="-lkrb5support $LIBS" cat confdefs.h - <<_ACEOF >conftest.$ac_ext @@ -24711,66 +27648,70 @@ int -main () +main (void) { return main (); ; return 0; } _ACEOF -if ac_fn_c_try_link "$LINENO"; then : +if ac_fn_c_try_link "$LINENO" +then : ac_cv_lib_krb5support_main=yes -else +else $as_nop ac_cv_lib_krb5support_main=no fi -rm -f core conftest.err conftest.$ac_objext \ +rm -f core conftest.err conftest.$ac_objext conftest.beam \ conftest$ac_exeext conftest.$ac_ext LIBS=$ac_check_lib_save_LIBS fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_krb5support_main" >&5 -$as_echo "$ac_cv_lib_krb5support_main" >&6; } -if test "x$ac_cv_lib_krb5support_main" = xyes; then : +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_krb5support_main" >&5 +printf "%s\n" "$ac_cv_lib_krb5support_main" >&6; } +if test "x$ac_cv_lib_krb5support_main" = xyes +then : SUDOERS_LIBS="${SUDOERS_LIBS} -lkrb5support" fi fi -rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext +rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext AUTH_OBJS="$AUTH_OBJS kerb5.lo" fi _LIBS="$LIBS" LIBS="${LIBS} ${SUDOERS_LIBS}" - for ac_func in krb5_verify_user krb5_init_secure_context -do : - as_ac_var=`$as_echo "ac_cv_func_$ac_func" | $as_tr_sh` -ac_fn_c_check_func "$LINENO" "$ac_func" "$as_ac_var" -if eval test \"x\$"$as_ac_var"\" = x"yes"; then : - cat >>confdefs.h <<_ACEOF -#define `$as_echo "HAVE_$ac_func" | $as_tr_cpp` 1 -_ACEOF + ac_fn_c_check_func "$LINENO" "krb5_verify_user" "ac_cv_func_krb5_verify_user" +if test "x$ac_cv_func_krb5_verify_user" = xyes +then : + printf "%s\n" "#define HAVE_KRB5_VERIFY_USER 1" >>confdefs.h + +fi +ac_fn_c_check_func "$LINENO" "krb5_init_secure_context" "ac_cv_func_krb5_init_secure_context" +if test "x$ac_cv_func_krb5_init_secure_context" = xyes +then : + printf "%s\n" "#define HAVE_KRB5_INIT_SECURE_CONTEXT 1" >>confdefs.h fi -done - for ac_func in krb5_get_init_creds_opt_alloc + + for ac_func in krb5_get_init_creds_opt_alloc do : ac_fn_c_check_func "$LINENO" "krb5_get_init_creds_opt_alloc" "ac_cv_func_krb5_get_init_creds_opt_alloc" -if test "x$ac_cv_func_krb5_get_init_creds_opt_alloc" = xyes; then : - cat >>confdefs.h <<_ACEOF -#define HAVE_KRB5_GET_INIT_CREDS_OPT_ALLOC 1 -_ACEOF - - { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether krb5_get_init_creds_opt_free takes a context" >&5 -$as_echo_n "checking whether krb5_get_init_creds_opt_free takes a context... " >&6; } -if ${sudo_cv_krb5_get_init_creds_opt_free_two_args+:} false; then : - $as_echo_n "(cached) " >&6 -else +if test "x$ac_cv_func_krb5_get_init_creds_opt_alloc" = xyes +then : + printf "%s\n" "#define HAVE_KRB5_GET_INIT_CREDS_OPT_ALLOC 1" >>confdefs.h + + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking whether krb5_get_init_creds_opt_free takes a context" >&5 +printf %s "checking whether krb5_get_init_creds_opt_free takes a context... " >&6; } +if test ${sudo_cv_krb5_get_init_creds_opt_free_two_args+y} +then : + printf %s "(cached) " >&6 +else $as_nop cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ #include int -main () +main (void) { krb5_get_init_creds_opt_free(NULL, NULL); @@ -24778,48 +27719,41 @@ return 0; } _ACEOF -if ac_fn_c_try_compile "$LINENO"; then : +if ac_fn_c_try_compile "$LINENO" +then : sudo_cv_krb5_get_init_creds_opt_free_two_args=yes -else +else $as_nop sudo_cv_krb5_get_init_creds_opt_free_two_args=no fi -rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext +rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $sudo_cv_krb5_get_init_creds_opt_free_two_args" >&5 -$as_echo "$sudo_cv_krb5_get_init_creds_opt_free_two_args" >&6; } +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $sudo_cv_krb5_get_init_creds_opt_free_two_args" >&5 +printf "%s\n" "$sudo_cv_krb5_get_init_creds_opt_free_two_args" >&6; } fi -done +done if test X"$sudo_cv_krb5_get_init_creds_opt_free_two_args" = X"yes"; then - $as_echo "#define HAVE_KRB5_GET_INIT_CREDS_OPT_FREE_TWO_ARGS 1" >>confdefs.h + printf "%s\n" "#define HAVE_KRB5_GET_INIT_CREDS_OPT_FREE_TWO_ARGS 1" >>confdefs.h fi LIBS="$_LIBS" - { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether to use an instance name for Kerberos V" >&5 -$as_echo_n "checking whether to use an instance name for Kerberos V... " >&6; } # Check whether --enable-kerb5-instance was given. -if test "${enable_kerb5_instance+set}" = set; then : +if test ${enable_kerb5_instance+y} +then : enableval=$enable_kerb5_instance; case "$enableval" in - yes) as_fn_error $? "\"must give --enable-kerb5-instance an argument.\"" "$LINENO" 5 - ;; - no) { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 -$as_echo "no" >&6; } + yes) as_fn_error $? "must give --enable-kerb5-instance an argument." "$LINENO" 5 ;; + no) ;; *) cat >>confdefs.h <&5 -$as_echo "$enableval" >&6; } ;; esac -else - { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 -$as_echo "no" >&6; } fi fi @@ -24832,66 +27766,68 @@ if test -d ${i}; then -if ${SUDOERS_LDFLAGS+:} false; then : +if test ${SUDOERS_LDFLAGS+y} +then : case " $SUDOERS_LDFLAGS " in #( *" -L$i "*) : - { { $as_echo "$as_me:${as_lineno-$LINENO}: : SUDOERS_LDFLAGS already contains -L\$i"; } >&5 + { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: : SUDOERS_LDFLAGS already contains -L\$i"; } >&5 (: SUDOERS_LDFLAGS already contains -L$i) 2>&5 ac_status=$? - $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 test $ac_status = 0; } ;; #( *) : as_fn_append SUDOERS_LDFLAGS " -L$i" - { { $as_echo "$as_me:${as_lineno-$LINENO}: : SUDOERS_LDFLAGS=\"\$SUDOERS_LDFLAGS\""; } >&5 + { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: : SUDOERS_LDFLAGS=\"\$SUDOERS_LDFLAGS\""; } >&5 (: SUDOERS_LDFLAGS="$SUDOERS_LDFLAGS") 2>&5 ac_status=$? - $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 test $ac_status = 0; } ;; esac -else +else $as_nop SUDOERS_LDFLAGS=-L$i - { { $as_echo "$as_me:${as_lineno-$LINENO}: : SUDOERS_LDFLAGS=\"\$SUDOERS_LDFLAGS\""; } >&5 + { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: : SUDOERS_LDFLAGS=\"\$SUDOERS_LDFLAGS\""; } >&5 (: SUDOERS_LDFLAGS="$SUDOERS_LDFLAGS") 2>&5 ac_status=$? - $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 test $ac_status = 0; } fi if test X"$enable_rpath" = X"yes"; then -if ${SUDOERS_LDFLAGS_R+:} false; then : +if test ${SUDOERS_LDFLAGS_R+y} +then : case " $SUDOERS_LDFLAGS_R " in #( *" -R$i "*) : - { { $as_echo "$as_me:${as_lineno-$LINENO}: : SUDOERS_LDFLAGS_R already contains -R\$i"; } >&5 + { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: : SUDOERS_LDFLAGS_R already contains -R\$i"; } >&5 (: SUDOERS_LDFLAGS_R already contains -R$i) 2>&5 ac_status=$? - $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 test $ac_status = 0; } ;; #( *) : as_fn_append SUDOERS_LDFLAGS_R " -R$i" - { { $as_echo "$as_me:${as_lineno-$LINENO}: : SUDOERS_LDFLAGS_R=\"\$SUDOERS_LDFLAGS_R\""; } >&5 + { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: : SUDOERS_LDFLAGS_R=\"\$SUDOERS_LDFLAGS_R\""; } >&5 (: SUDOERS_LDFLAGS_R="$SUDOERS_LDFLAGS_R") 2>&5 ac_status=$? - $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 test $ac_status = 0; } ;; esac -else +else $as_nop SUDOERS_LDFLAGS_R=-R$i - { { $as_echo "$as_me:${as_lineno-$LINENO}: : SUDOERS_LDFLAGS_R=\"\$SUDOERS_LDFLAGS_R\""; } >&5 + { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: : SUDOERS_LDFLAGS_R=\"\$SUDOERS_LDFLAGS_R\""; } >&5 (: SUDOERS_LDFLAGS_R="$SUDOERS_LDFLAGS_R") 2>&5 ac_status=$? - $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 test $ac_status = 0; } fi @@ -24902,8 +27838,8 @@ fi done if test -z "$FOUND_AFSLIBDIR"; then - { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: Unable to locate AFS libraries, you will have to edit the Makefile and add -L/path/to/afs/libs to SUDOERS_LDFLAGS or rerun configure with the --with-libpath options." >&5 -$as_echo "$as_me: WARNING: Unable to locate AFS libraries, you will have to edit the Makefile and add -L/path/to/afs/libs to SUDOERS_LDFLAGS or rerun configure with the --with-libpath options." >&2;} + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: WARNING: unable to locate AFS libraries, you will have to edit the Makefile and add -L/path/to/afs/libs to SUDOERS_LDFLAGS or rerun configure with the --with-libpath options." >&5 +printf "%s\n" "$as_me: WARNING: unable to locate AFS libraries, you will have to edit the Makefile and add -L/path/to/afs/libs to SUDOERS_LDFLAGS or rerun configure with the --with-libpath options." >&2;} fi # Order is important here. Note that we build AFS_LIBS from right to left @@ -24925,33 +27861,34 @@ for i in /usr/afsws/include; do if test -d ${i}; then -if ${CPPFLAGS+:} false; then : +if test ${CPPFLAGS+y} +then : case " $CPPFLAGS " in #( *" -I${i} "*) : - { { $as_echo "$as_me:${as_lineno-$LINENO}: : CPPFLAGS already contains -I\${i}"; } >&5 + { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: : CPPFLAGS already contains -I\${i}"; } >&5 (: CPPFLAGS already contains -I${i}) 2>&5 ac_status=$? - $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 test $ac_status = 0; } ;; #( *) : as_fn_append CPPFLAGS " -I${i}" - { { $as_echo "$as_me:${as_lineno-$LINENO}: : CPPFLAGS=\"\$CPPFLAGS\""; } >&5 + { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: : CPPFLAGS=\"\$CPPFLAGS\""; } >&5 (: CPPFLAGS="$CPPFLAGS") 2>&5 ac_status=$? - $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 test $ac_status = 0; } ;; esac -else +else $as_nop CPPFLAGS=-I${i} - { { $as_echo "$as_me:${as_lineno-$LINENO}: : CPPFLAGS=\"\$CPPFLAGS\""; } >&5 + { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: : CPPFLAGS=\"\$CPPFLAGS\""; } >&5 (: CPPFLAGS="$CPPFLAGS") 2>&5 ac_status=$? - $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 test $ac_status = 0; } fi @@ -24961,8 +27898,8 @@ done if test -z "$FOUND_AFSLIBDIR"; then - { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: Unable to locate AFS include dir, you may have to edit the Makefile and add -I/path/to/afs/includes to CPPFLAGS or rerun configure with the --with-incpath options." >&5 -$as_echo "$as_me: WARNING: Unable to locate AFS include dir, you may have to edit the Makefile and add -I/path/to/afs/includes to CPPFLAGS or rerun configure with the --with-incpath options." >&2;} + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: WARNING: unable to locate AFS include dir, you may have to edit the Makefile and add -I/path/to/afs/includes to CPPFLAGS or rerun configure with the --with-incpath options." >&5 +printf "%s\n" "$as_me: WARNING: unable to locate AFS include dir, you may have to edit the Makefile and add -I/path/to/afs/includes to CPPFLAGS or rerun configure with the --with-incpath options." >&2;} fi AUTH_OBJS="$AUTH_OBJS afs.lo" @@ -24978,33 +27915,34 @@ O_LDFLAGS="$LDFLAGS" if test "$with_skey" != "yes"; then -if ${CPPFLAGS+:} false; then : +if test ${CPPFLAGS+y} +then : case " $CPPFLAGS " in #( *" -I${with_skey}/include "*) : - { { $as_echo "$as_me:${as_lineno-$LINENO}: : CPPFLAGS already contains -I\${with_skey}/include"; } >&5 + { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: : CPPFLAGS already contains -I\${with_skey}/include"; } >&5 (: CPPFLAGS already contains -I${with_skey}/include) 2>&5 ac_status=$? - $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 test $ac_status = 0; } ;; #( *) : as_fn_append CPPFLAGS " -I${with_skey}/include" - { { $as_echo "$as_me:${as_lineno-$LINENO}: : CPPFLAGS=\"\$CPPFLAGS\""; } >&5 + { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: : CPPFLAGS=\"\$CPPFLAGS\""; } >&5 (: CPPFLAGS="$CPPFLAGS") 2>&5 ac_status=$? - $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 test $ac_status = 0; } ;; esac -else +else $as_nop CPPFLAGS=-I${with_skey}/include - { { $as_echo "$as_me:${as_lineno-$LINENO}: : CPPFLAGS=\"\$CPPFLAGS\""; } >&5 + { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: : CPPFLAGS=\"\$CPPFLAGS\""; } >&5 (: CPPFLAGS="$CPPFLAGS") 2>&5 ac_status=$? - $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 test $ac_status = 0; } fi @@ -25012,66 +27950,68 @@ LDFLAGS="$LDFLAGS -L${with_skey}/lib" -if ${SUDOERS_LDFLAGS+:} false; then : +if test ${SUDOERS_LDFLAGS+y} +then : case " $SUDOERS_LDFLAGS " in #( *" -L${with_skey}/lib "*) : - { { $as_echo "$as_me:${as_lineno-$LINENO}: : SUDOERS_LDFLAGS already contains -L\${with_skey}/lib"; } >&5 + { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: : SUDOERS_LDFLAGS already contains -L\${with_skey}/lib"; } >&5 (: SUDOERS_LDFLAGS already contains -L${with_skey}/lib) 2>&5 ac_status=$? - $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 test $ac_status = 0; } ;; #( *) : as_fn_append SUDOERS_LDFLAGS " -L${with_skey}/lib" - { { $as_echo "$as_me:${as_lineno-$LINENO}: : SUDOERS_LDFLAGS=\"\$SUDOERS_LDFLAGS\""; } >&5 + { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: : SUDOERS_LDFLAGS=\"\$SUDOERS_LDFLAGS\""; } >&5 (: SUDOERS_LDFLAGS="$SUDOERS_LDFLAGS") 2>&5 ac_status=$? - $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 test $ac_status = 0; } ;; esac -else +else $as_nop SUDOERS_LDFLAGS=-L${with_skey}/lib - { { $as_echo "$as_me:${as_lineno-$LINENO}: : SUDOERS_LDFLAGS=\"\$SUDOERS_LDFLAGS\""; } >&5 + { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: : SUDOERS_LDFLAGS=\"\$SUDOERS_LDFLAGS\""; } >&5 (: SUDOERS_LDFLAGS="$SUDOERS_LDFLAGS") 2>&5 ac_status=$? - $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 test $ac_status = 0; } fi if test X"$enable_rpath" = X"yes"; then -if ${SUDOERS_LDFLAGS_R+:} false; then : +if test ${SUDOERS_LDFLAGS_R+y} +then : case " $SUDOERS_LDFLAGS_R " in #( *" -R${with_skey}/lib "*) : - { { $as_echo "$as_me:${as_lineno-$LINENO}: : SUDOERS_LDFLAGS_R already contains -R\${with_skey}/lib"; } >&5 + { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: : SUDOERS_LDFLAGS_R already contains -R\${with_skey}/lib"; } >&5 (: SUDOERS_LDFLAGS_R already contains -R${with_skey}/lib) 2>&5 ac_status=$? - $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 test $ac_status = 0; } ;; #( *) : as_fn_append SUDOERS_LDFLAGS_R " -R${with_skey}/lib" - { { $as_echo "$as_me:${as_lineno-$LINENO}: : SUDOERS_LDFLAGS_R=\"\$SUDOERS_LDFLAGS_R\""; } >&5 + { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: : SUDOERS_LDFLAGS_R=\"\$SUDOERS_LDFLAGS_R\""; } >&5 (: SUDOERS_LDFLAGS_R="$SUDOERS_LDFLAGS_R") 2>&5 ac_status=$? - $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 test $ac_status = 0; } ;; esac -else +else $as_nop SUDOERS_LDFLAGS_R=-R${with_skey}/lib - { { $as_echo "$as_me:${as_lineno-$LINENO}: : SUDOERS_LDFLAGS_R=\"\$SUDOERS_LDFLAGS_R\""; } >&5 + { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: : SUDOERS_LDFLAGS_R=\"\$SUDOERS_LDFLAGS_R\""; } >&5 (: SUDOERS_LDFLAGS_R="$SUDOERS_LDFLAGS_R") 2>&5 ac_status=$? - $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 test $ac_status = 0; } fi @@ -25080,13 +28020,13 @@ ac_fn_c_check_header_compile "$LINENO" "skey.h" "ac_cv_header_skey_h" "#include " -if test "x$ac_cv_header_skey_h" = xyes; then : +if test "x$ac_cv_header_skey_h" = xyes +then : found=yes -else +else $as_nop found=no fi - else found=no O_CPPFLAGS="$CPPFLAGS" @@ -25094,11 +28034,11 @@ test -n "$dir" && CPPFLAGS="$O_CPPFLAGS -I${dir}/include" ac_fn_c_check_header_compile "$LINENO" "skey.h" "ac_cv_header_skey_h" "#include " -if test "x$ac_cv_header_skey_h" = xyes; then : +if test "x$ac_cv_header_skey_h" = xyes +then : found=yes; break fi - done if test "$found" = "no" -o -z "$dir"; then CPPFLAGS="$O_CPPFLAGS" @@ -25106,66 +28046,68 @@ LDFLAGS="$LDFLAGS -L${dir}/lib" -if ${SUDOERS_LDFLAGS+:} false; then : +if test ${SUDOERS_LDFLAGS+y} +then : case " $SUDOERS_LDFLAGS " in #( *" -L${dir}/lib "*) : - { { $as_echo "$as_me:${as_lineno-$LINENO}: : SUDOERS_LDFLAGS already contains -L\${dir}/lib"; } >&5 + { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: : SUDOERS_LDFLAGS already contains -L\${dir}/lib"; } >&5 (: SUDOERS_LDFLAGS already contains -L${dir}/lib) 2>&5 ac_status=$? - $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 test $ac_status = 0; } ;; #( *) : as_fn_append SUDOERS_LDFLAGS " -L${dir}/lib" - { { $as_echo "$as_me:${as_lineno-$LINENO}: : SUDOERS_LDFLAGS=\"\$SUDOERS_LDFLAGS\""; } >&5 + { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: : SUDOERS_LDFLAGS=\"\$SUDOERS_LDFLAGS\""; } >&5 (: SUDOERS_LDFLAGS="$SUDOERS_LDFLAGS") 2>&5 ac_status=$? - $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 test $ac_status = 0; } ;; esac -else +else $as_nop SUDOERS_LDFLAGS=-L${dir}/lib - { { $as_echo "$as_me:${as_lineno-$LINENO}: : SUDOERS_LDFLAGS=\"\$SUDOERS_LDFLAGS\""; } >&5 + { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: : SUDOERS_LDFLAGS=\"\$SUDOERS_LDFLAGS\""; } >&5 (: SUDOERS_LDFLAGS="$SUDOERS_LDFLAGS") 2>&5 ac_status=$? - $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 test $ac_status = 0; } fi if test X"$enable_rpath" = X"yes"; then -if ${SUDOERS_LDFLAGS_R+:} false; then : +if test ${SUDOERS_LDFLAGS_R+y} +then : case " $SUDOERS_LDFLAGS_R " in #( *" -R${dir}/lib "*) : - { { $as_echo "$as_me:${as_lineno-$LINENO}: : SUDOERS_LDFLAGS_R already contains -R\${dir}/lib"; } >&5 + { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: : SUDOERS_LDFLAGS_R already contains -R\${dir}/lib"; } >&5 (: SUDOERS_LDFLAGS_R already contains -R${dir}/lib) 2>&5 ac_status=$? - $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 test $ac_status = 0; } ;; #( *) : as_fn_append SUDOERS_LDFLAGS_R " -R${dir}/lib" - { { $as_echo "$as_me:${as_lineno-$LINENO}: : SUDOERS_LDFLAGS_R=\"\$SUDOERS_LDFLAGS_R\""; } >&5 + { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: : SUDOERS_LDFLAGS_R=\"\$SUDOERS_LDFLAGS_R\""; } >&5 (: SUDOERS_LDFLAGS_R="$SUDOERS_LDFLAGS_R") 2>&5 ac_status=$? - $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 test $ac_status = 0; } ;; esac -else +else $as_nop SUDOERS_LDFLAGS_R=-R${dir}/lib - { { $as_echo "$as_me:${as_lineno-$LINENO}: : SUDOERS_LDFLAGS_R=\"\$SUDOERS_LDFLAGS_R\""; } >&5 + { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: : SUDOERS_LDFLAGS_R=\"\$SUDOERS_LDFLAGS_R\""; } >&5 (: SUDOERS_LDFLAGS_R="$SUDOERS_LDFLAGS_R") 2>&5 ac_status=$? - $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 test $ac_status = 0; } fi @@ -25174,15 +28116,16 @@ fi if test "$found" = "no"; then - { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: Unable to locate skey.h, you will have to edit the Makefile and add -I/path/to/skey/includes to CPPFLAGS" >&5 -$as_echo "$as_me: WARNING: Unable to locate skey.h, you will have to edit the Makefile and add -I/path/to/skey/includes to CPPFLAGS" >&2;} + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: WARNING: unable to locate skey.h, you will have to edit the Makefile and add -I/path/to/skey/includes to CPPFLAGS" >&5 +printf "%s\n" "$as_me: WARNING: unable to locate skey.h, you will have to edit the Makefile and add -I/path/to/skey/includes to CPPFLAGS" >&2;} fi fi - { $as_echo "$as_me:${as_lineno-$LINENO}: checking for main in -lskey" >&5 -$as_echo_n "checking for main in -lskey... " >&6; } -if ${ac_cv_lib_skey_main+:} false; then : - $as_echo_n "(cached) " >&6 -else + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for main in -lskey" >&5 +printf %s "checking for main in -lskey... " >&6; } +if test ${ac_cv_lib_skey_main+y} +then : + printf %s "(cached) " >&6 +else $as_nop ac_check_lib_save_LIBS=$LIBS LIBS="-lskey $LIBS" cat confdefs.h - <<_ACEOF >conftest.$ac_ext @@ -25190,36 +28133,39 @@ int -main () +main (void) { return main (); ; return 0; } _ACEOF -if ac_fn_c_try_link "$LINENO"; then : +if ac_fn_c_try_link "$LINENO" +then : ac_cv_lib_skey_main=yes -else +else $as_nop ac_cv_lib_skey_main=no fi -rm -f core conftest.err conftest.$ac_objext \ +rm -f core conftest.err conftest.$ac_objext conftest.beam \ conftest$ac_exeext conftest.$ac_ext LIBS=$ac_check_lib_save_LIBS fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_skey_main" >&5 -$as_echo "$ac_cv_lib_skey_main" >&6; } -if test "x$ac_cv_lib_skey_main" = xyes; then : +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_skey_main" >&5 +printf "%s\n" "$ac_cv_lib_skey_main" >&6; } +if test "x$ac_cv_lib_skey_main" = xyes +then : found=yes -else - { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: Unable to locate libskey.a, you will have to edit the Makefile and add -L/path/to/skey/lib to SUDOERS_LDFLAGS" >&5 -$as_echo "$as_me: WARNING: Unable to locate libskey.a, you will have to edit the Makefile and add -L/path/to/skey/lib to SUDOERS_LDFLAGS" >&2;} +else $as_nop + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: WARNING: unable to locate libskey.a, you will have to edit the Makefile and add -L/path/to/skey/lib to SUDOERS_LDFLAGS" >&5 +printf "%s\n" "$as_me: WARNING: unable to locate libskey.a, you will have to edit the Makefile and add -L/path/to/skey/lib to SUDOERS_LDFLAGS" >&2;} fi - { $as_echo "$as_me:${as_lineno-$LINENO}: checking for skeyaccess in -lskey" >&5 -$as_echo_n "checking for skeyaccess in -lskey... " >&6; } -if ${ac_cv_lib_skey_skeyaccess+:} false; then : - $as_echo_n "(cached) " >&6 -else + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for skeyaccess in -lskey" >&5 +printf %s "checking for skeyaccess in -lskey... " >&6; } +if test ${ac_cv_lib_skey_skeyaccess+y} +then : + printf %s "(cached) " >&6 +else $as_nop ac_check_lib_save_LIBS=$LIBS LIBS="-lskey $LIBS" cat confdefs.h - <<_ACEOF >conftest.$ac_ext @@ -25228,44 +28174,43 @@ /* Override any GCC internal prototype to avoid an error. Use char because int might match the return type of a GCC builtin and then its argument prototype would still apply. */ -#ifdef __cplusplus -extern "C" -#endif char skeyaccess (); int -main () +main (void) { return skeyaccess (); ; return 0; } _ACEOF -if ac_fn_c_try_link "$LINENO"; then : +if ac_fn_c_try_link "$LINENO" +then : ac_cv_lib_skey_skeyaccess=yes -else +else $as_nop ac_cv_lib_skey_skeyaccess=no fi -rm -f core conftest.err conftest.$ac_objext \ +rm -f core conftest.err conftest.$ac_objext conftest.beam \ conftest$ac_exeext conftest.$ac_ext LIBS=$ac_check_lib_save_LIBS fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_skey_skeyaccess" >&5 -$as_echo "$ac_cv_lib_skey_skeyaccess" >&6; } -if test "x$ac_cv_lib_skey_skeyaccess" = xyes; then : - $as_echo "#define HAVE_SKEYACCESS 1" >>confdefs.h +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_skey_skeyaccess" >&5 +printf "%s\n" "$ac_cv_lib_skey_skeyaccess" >&6; } +if test "x$ac_cv_lib_skey_skeyaccess" = xyes +then : + printf "%s\n" "#define HAVE_SKEYACCESS 1" >>confdefs.h fi - { $as_echo "$as_me:${as_lineno-$LINENO}: checking for RFC1938-compliant skeychallenge" >&5 -$as_echo_n "checking for RFC1938-compliant skeychallenge... " >&6; } + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for RFC1938-compliant skeychallenge" >&5 +printf %s "checking for RFC1938-compliant skeychallenge... " >&6; } cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ # include # include int -main () +main (void) { skeychallenge(NULL, NULL, NULL, 0); @@ -25273,21 +28218,22 @@ return 0; } _ACEOF -if ac_fn_c_try_compile "$LINENO"; then : +if ac_fn_c_try_compile "$LINENO" +then : - $as_echo "#define HAVE_RFC1938_SKEYCHALLENGE 1" >>confdefs.h + printf "%s\n" "#define HAVE_RFC1938_SKEYCHALLENGE 1" >>confdefs.h - { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 -$as_echo "yes" >&6; } + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: yes" >&5 +printf "%s\n" "yes" >&6; } -else +else $as_nop - { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 -$as_echo "no" >&6; } + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5 +printf "%s\n" "no" >&6; } fi -rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext +rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext LDFLAGS="$O_LDFLAGS" SUDOERS_LIBS="${SUDOERS_LIBS} -lskey" @@ -25298,33 +28244,34 @@ O_LDFLAGS="$LDFLAGS" if test "$with_opie" != "yes"; then -if ${CPPFLAGS+:} false; then : +if test ${CPPFLAGS+y} +then : case " $CPPFLAGS " in #( *" -I${with_opie}/include "*) : - { { $as_echo "$as_me:${as_lineno-$LINENO}: : CPPFLAGS already contains -I\${with_opie}/include"; } >&5 + { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: : CPPFLAGS already contains -I\${with_opie}/include"; } >&5 (: CPPFLAGS already contains -I${with_opie}/include) 2>&5 ac_status=$? - $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 test $ac_status = 0; } ;; #( *) : as_fn_append CPPFLAGS " -I${with_opie}/include" - { { $as_echo "$as_me:${as_lineno-$LINENO}: : CPPFLAGS=\"\$CPPFLAGS\""; } >&5 + { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: : CPPFLAGS=\"\$CPPFLAGS\""; } >&5 (: CPPFLAGS="$CPPFLAGS") 2>&5 ac_status=$? - $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 test $ac_status = 0; } ;; esac -else +else $as_nop CPPFLAGS=-I${with_opie}/include - { { $as_echo "$as_me:${as_lineno-$LINENO}: : CPPFLAGS=\"\$CPPFLAGS\""; } >&5 + { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: : CPPFLAGS=\"\$CPPFLAGS\""; } >&5 (: CPPFLAGS="$CPPFLAGS") 2>&5 ac_status=$? - $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 test $ac_status = 0; } fi @@ -25332,66 +28279,68 @@ LDFLAGS="$LDFLAGS -L${with_opie}/lib" -if ${SUDOERS_LDFLAGS+:} false; then : +if test ${SUDOERS_LDFLAGS+y} +then : case " $SUDOERS_LDFLAGS " in #( *" -L${with_opie}/lib "*) : - { { $as_echo "$as_me:${as_lineno-$LINENO}: : SUDOERS_LDFLAGS already contains -L\${with_opie}/lib"; } >&5 + { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: : SUDOERS_LDFLAGS already contains -L\${with_opie}/lib"; } >&5 (: SUDOERS_LDFLAGS already contains -L${with_opie}/lib) 2>&5 ac_status=$? - $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 test $ac_status = 0; } ;; #( *) : as_fn_append SUDOERS_LDFLAGS " -L${with_opie}/lib" - { { $as_echo "$as_me:${as_lineno-$LINENO}: : SUDOERS_LDFLAGS=\"\$SUDOERS_LDFLAGS\""; } >&5 + { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: : SUDOERS_LDFLAGS=\"\$SUDOERS_LDFLAGS\""; } >&5 (: SUDOERS_LDFLAGS="$SUDOERS_LDFLAGS") 2>&5 ac_status=$? - $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 test $ac_status = 0; } ;; esac -else +else $as_nop SUDOERS_LDFLAGS=-L${with_opie}/lib - { { $as_echo "$as_me:${as_lineno-$LINENO}: : SUDOERS_LDFLAGS=\"\$SUDOERS_LDFLAGS\""; } >&5 + { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: : SUDOERS_LDFLAGS=\"\$SUDOERS_LDFLAGS\""; } >&5 (: SUDOERS_LDFLAGS="$SUDOERS_LDFLAGS") 2>&5 ac_status=$? - $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 test $ac_status = 0; } fi if test X"$enable_rpath" = X"yes"; then -if ${SUDOERS_LDFLAGS_R+:} false; then : +if test ${SUDOERS_LDFLAGS_R+y} +then : case " $SUDOERS_LDFLAGS_R " in #( *" -R${with_opie}/lib "*) : - { { $as_echo "$as_me:${as_lineno-$LINENO}: : SUDOERS_LDFLAGS_R already contains -R\${with_opie}/lib"; } >&5 + { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: : SUDOERS_LDFLAGS_R already contains -R\${with_opie}/lib"; } >&5 (: SUDOERS_LDFLAGS_R already contains -R${with_opie}/lib) 2>&5 ac_status=$? - $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 test $ac_status = 0; } ;; #( *) : as_fn_append SUDOERS_LDFLAGS_R " -R${with_opie}/lib" - { { $as_echo "$as_me:${as_lineno-$LINENO}: : SUDOERS_LDFLAGS_R=\"\$SUDOERS_LDFLAGS_R\""; } >&5 + { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: : SUDOERS_LDFLAGS_R=\"\$SUDOERS_LDFLAGS_R\""; } >&5 (: SUDOERS_LDFLAGS_R="$SUDOERS_LDFLAGS_R") 2>&5 ac_status=$? - $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 test $ac_status = 0; } ;; esac -else +else $as_nop SUDOERS_LDFLAGS_R=-R${with_opie}/lib - { { $as_echo "$as_me:${as_lineno-$LINENO}: : SUDOERS_LDFLAGS_R=\"\$SUDOERS_LDFLAGS_R\""; } >&5 + { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: : SUDOERS_LDFLAGS_R=\"\$SUDOERS_LDFLAGS_R\""; } >&5 (: SUDOERS_LDFLAGS_R="$SUDOERS_LDFLAGS_R") 2>&5 ac_status=$? - $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 test $ac_status = 0; } fi @@ -25402,16 +28351,17 @@ /* end confdefs.h. */ #include int -main () +main (void) { ; return 0; } _ACEOF -if ac_fn_c_try_cpp "$LINENO"; then : +if ac_fn_c_try_cpp "$LINENO" +then : found=yes -else +else $as_nop found=no fi rm -f conftest.err conftest.i conftest.$ac_ext @@ -25424,14 +28374,15 @@ /* end confdefs.h. */ #include int -main () +main (void) { ; return 0; } _ACEOF -if ac_fn_c_try_cpp "$LINENO"; then : +if ac_fn_c_try_cpp "$LINENO" +then : found=yes; break fi rm -f conftest.err conftest.i conftest.$ac_ext @@ -25442,66 +28393,68 @@ LDFLAGS="$LDFLAGS -L${dir}/lib" -if ${SUDOERS_LDFLAGS+:} false; then : +if test ${SUDOERS_LDFLAGS+y} +then : case " $SUDOERS_LDFLAGS " in #( *" -L${dir}/lib "*) : - { { $as_echo "$as_me:${as_lineno-$LINENO}: : SUDOERS_LDFLAGS already contains -L\${dir}/lib"; } >&5 + { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: : SUDOERS_LDFLAGS already contains -L\${dir}/lib"; } >&5 (: SUDOERS_LDFLAGS already contains -L${dir}/lib) 2>&5 ac_status=$? - $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 test $ac_status = 0; } ;; #( *) : as_fn_append SUDOERS_LDFLAGS " -L${dir}/lib" - { { $as_echo "$as_me:${as_lineno-$LINENO}: : SUDOERS_LDFLAGS=\"\$SUDOERS_LDFLAGS\""; } >&5 + { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: : SUDOERS_LDFLAGS=\"\$SUDOERS_LDFLAGS\""; } >&5 (: SUDOERS_LDFLAGS="$SUDOERS_LDFLAGS") 2>&5 ac_status=$? - $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 test $ac_status = 0; } ;; esac -else +else $as_nop SUDOERS_LDFLAGS=-L${dir}/lib - { { $as_echo "$as_me:${as_lineno-$LINENO}: : SUDOERS_LDFLAGS=\"\$SUDOERS_LDFLAGS\""; } >&5 + { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: : SUDOERS_LDFLAGS=\"\$SUDOERS_LDFLAGS\""; } >&5 (: SUDOERS_LDFLAGS="$SUDOERS_LDFLAGS") 2>&5 ac_status=$? - $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 test $ac_status = 0; } fi if test X"$enable_rpath" = X"yes"; then -if ${SUDOERS_LDFLAGS_R+:} false; then : +if test ${SUDOERS_LDFLAGS_R+y} +then : case " $SUDOERS_LDFLAGS_R " in #( *" -R${dir}/lib "*) : - { { $as_echo "$as_me:${as_lineno-$LINENO}: : SUDOERS_LDFLAGS_R already contains -R\${dir}/lib"; } >&5 + { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: : SUDOERS_LDFLAGS_R already contains -R\${dir}/lib"; } >&5 (: SUDOERS_LDFLAGS_R already contains -R${dir}/lib) 2>&5 ac_status=$? - $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 test $ac_status = 0; } ;; #( *) : as_fn_append SUDOERS_LDFLAGS_R " -R${dir}/lib" - { { $as_echo "$as_me:${as_lineno-$LINENO}: : SUDOERS_LDFLAGS_R=\"\$SUDOERS_LDFLAGS_R\""; } >&5 + { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: : SUDOERS_LDFLAGS_R=\"\$SUDOERS_LDFLAGS_R\""; } >&5 (: SUDOERS_LDFLAGS_R="$SUDOERS_LDFLAGS_R") 2>&5 ac_status=$? - $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 test $ac_status = 0; } ;; esac -else +else $as_nop SUDOERS_LDFLAGS_R=-R${dir}/lib - { { $as_echo "$as_me:${as_lineno-$LINENO}: : SUDOERS_LDFLAGS_R=\"\$SUDOERS_LDFLAGS_R\""; } >&5 + { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: : SUDOERS_LDFLAGS_R=\"\$SUDOERS_LDFLAGS_R\""; } >&5 (: SUDOERS_LDFLAGS_R="$SUDOERS_LDFLAGS_R") 2>&5 ac_status=$? - $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 test $ac_status = 0; } fi @@ -25510,15 +28463,16 @@ fi if test "$found" = "no"; then - { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: Unable to locate opie.h, you will have to edit the Makefile and add -I/path/to/opie/includes to CPPFLAGS" >&5 -$as_echo "$as_me: WARNING: Unable to locate opie.h, you will have to edit the Makefile and add -I/path/to/opie/includes to CPPFLAGS" >&2;} + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: WARNING: unable to locate opie.h, you will have to edit the Makefile and add -I/path/to/opie/includes to CPPFLAGS" >&5 +printf "%s\n" "$as_me: WARNING: unable to locate opie.h, you will have to edit the Makefile and add -I/path/to/opie/includes to CPPFLAGS" >&2;} fi fi - { $as_echo "$as_me:${as_lineno-$LINENO}: checking for main in -lopie" >&5 -$as_echo_n "checking for main in -lopie... " >&6; } -if ${ac_cv_lib_opie_main+:} false; then : - $as_echo_n "(cached) " >&6 -else + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for main in -lopie" >&5 +printf %s "checking for main in -lopie... " >&6; } +if test ${ac_cv_lib_opie_main+y} +then : + printf %s "(cached) " >&6 +else $as_nop ac_check_lib_save_LIBS=$LIBS LIBS="-lopie $LIBS" cat confdefs.h - <<_ACEOF >conftest.$ac_ext @@ -25526,29 +28480,31 @@ int -main () +main (void) { return main (); ; return 0; } _ACEOF -if ac_fn_c_try_link "$LINENO"; then : +if ac_fn_c_try_link "$LINENO" +then : ac_cv_lib_opie_main=yes -else +else $as_nop ac_cv_lib_opie_main=no fi -rm -f core conftest.err conftest.$ac_objext \ +rm -f core conftest.err conftest.$ac_objext conftest.beam \ conftest$ac_exeext conftest.$ac_ext LIBS=$ac_check_lib_save_LIBS fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_opie_main" >&5 -$as_echo "$ac_cv_lib_opie_main" >&6; } -if test "x$ac_cv_lib_opie_main" = xyes; then : +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_opie_main" >&5 +printf "%s\n" "$ac_cv_lib_opie_main" >&6; } +if test "x$ac_cv_lib_opie_main" = xyes +then : found=yes -else - { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: Unable to locate libopie.a, you will have to edit the Makefile and add -L/path/to/opie/lib to SUDOERS_LDFLAGS" >&5 -$as_echo "$as_me: WARNING: Unable to locate libopie.a, you will have to edit the Makefile and add -L/path/to/opie/lib to SUDOERS_LDFLAGS" >&2;} +else $as_nop + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: WARNING: unable to locate libopie.a, you will have to edit the Makefile and add -L/path/to/opie/lib to SUDOERS_LDFLAGS" >&5 +printf "%s\n" "$as_me: WARNING: unable to locate libopie.a, you will have to edit the Makefile and add -L/path/to/opie/lib to SUDOERS_LDFLAGS" >&2;} fi LDFLAGS="$O_LDFLAGS" @@ -25558,11 +28514,12 @@ if test ${with_passwd-'no'} != "no"; then _LIBS="$LIBS" - { $as_echo "$as_me:${as_lineno-$LINENO}: checking for library containing crypt" >&5 -$as_echo_n "checking for library containing crypt... " >&6; } -if ${ac_cv_search_crypt+:} false; then : - $as_echo_n "(cached) " >&6 -else + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for library containing crypt" >&5 +printf %s "checking for library containing crypt... " >&6; } +if test ${ac_cv_search_crypt+y} +then : + printf %s "(cached) " >&6 +else $as_nop ac_func_search_save_LIBS=$LIBS cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ @@ -25570,46 +28527,48 @@ /* Override any GCC internal prototype to avoid an error. Use char because int might match the return type of a GCC builtin and then its argument prototype would still apply. */ -#ifdef __cplusplus -extern "C" -#endif char crypt (); int -main () +main (void) { return crypt (); ; return 0; } _ACEOF -for ac_lib in '' crypt crypt_d ufc; do +for ac_lib in '' crypt crypt_d ufc +do if test -z "$ac_lib"; then ac_res="none required" else ac_res=-l$ac_lib LIBS="-l$ac_lib $ac_func_search_save_LIBS" fi - if ac_fn_c_try_link "$LINENO"; then : + if ac_fn_c_try_link "$LINENO" +then : ac_cv_search_crypt=$ac_res fi -rm -f core conftest.err conftest.$ac_objext \ +rm -f core conftest.err conftest.$ac_objext conftest.beam \ conftest$ac_exeext - if ${ac_cv_search_crypt+:} false; then : + if test ${ac_cv_search_crypt+y} +then : break fi done -if ${ac_cv_search_crypt+:} false; then : +if test ${ac_cv_search_crypt+y} +then : -else +else $as_nop ac_cv_search_crypt=no fi rm conftest.$ac_ext LIBS=$ac_func_search_save_LIBS fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_search_crypt" >&5 -$as_echo "$ac_cv_search_crypt" >&6; } +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_search_crypt" >&5 +printf "%s\n" "$ac_cv_search_crypt" >&6; } ac_res=$ac_cv_search_crypt -if test "$ac_res" != no; then : +if test "$ac_res" != no +then : test "$ac_res" = "none required" || LIBS="$ac_res $LIBS" test "${ac_cv_search_crypt}" != "none required" && shadow_libs="${shadow_libs} ${ac_cv_search_crypt}" @@ -25617,7 +28576,7 @@ fi if test "${ac_cv_search_crypt}" != "no"; then - $as_echo "#define HAVE_CRYPT 1" >>confdefs.h + printf "%s\n" "#define HAVE_CRYPT 1" >>confdefs.h fi LIBS="$_LIBS" @@ -25626,34 +28585,56 @@ _LIBS="$LIBS" LIBS="$LIBS $shadow_libs" found=no - for ac_func in $shadow_funcs -do : - as_ac_var=`$as_echo "ac_cv_func_$ac_func" | $as_tr_sh` -ac_fn_c_check_func "$LINENO" "$ac_func" "$as_ac_var" -if eval test \"x\$"$as_ac_var"\" = x"yes"; then : - cat >>confdefs.h <<_ACEOF -#define `$as_echo "HAVE_$ac_func" | $as_tr_cpp` 1 -_ACEOF - found=yes + for func in $shadow_funcs; do + as_ac_var=`printf "%s\n" "ac_cv_func_$func" | $as_tr_sh` +ac_fn_c_check_func "$LINENO" "$func" "$as_ac_var" +if eval test \"x\$"$as_ac_var"\" = x"yes" +then : + + case "$func" in + dispcrypt) + printf "%s\n" "#define HAVE_DISPCRYPT 1" >>confdefs.h + + ;; + getprpwnam) + printf "%s\n" "#define HAVE_GETPRPWNAM 1" >>confdefs.h + + SECUREWARE=1 + ;; + getpwnam_shadow) + printf "%s\n" "#define HAVE_GETPWNAM_SHADOW 1" >>confdefs.h + + ;; + getspnam) + printf "%s\n" "#define HAVE_GETSPNAM 1" >>confdefs.h + + ;; + iscomsec) + printf "%s\n" "#define HAVE_ISCOMSEC 1" >>confdefs.h + + ;; + *) + as_fn_error $? "unhandled shadow password function $func" "$LINENO" 5 + ;; + esac + found=yes + fi -done - if test "$found" = "yes"; then - case "$shadow_funcs" in - *getprpwnam*) SECUREWARE=1;; - esac - else + done + if test "$found" = "no"; then shadow_libs= fi CHECKSHADOW=false LIBS="$_LIBS" fi if test "$CHECKSHADOW" = "true"; then - { $as_echo "$as_me:${as_lineno-$LINENO}: checking for library containing getspnam" >&5 -$as_echo_n "checking for library containing getspnam... " >&6; } -if ${ac_cv_search_getspnam+:} false; then : - $as_echo_n "(cached) " >&6 -else + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for library containing getspnam" >&5 +printf %s "checking for library containing getspnam... " >&6; } +if test ${ac_cv_search_getspnam+y} +then : + printf %s "(cached) " >&6 +else $as_nop ac_func_search_save_LIBS=$LIBS cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ @@ -25661,49 +28642,51 @@ /* Override any GCC internal prototype to avoid an error. Use char because int might match the return type of a GCC builtin and then its argument prototype would still apply. */ -#ifdef __cplusplus -extern "C" -#endif char getspnam (); int -main () +main (void) { return getspnam (); ; return 0; } _ACEOF -for ac_lib in '' gen shadow; do +for ac_lib in '' gen shadow +do if test -z "$ac_lib"; then ac_res="none required" else ac_res=-l$ac_lib LIBS="-l$ac_lib $ac_func_search_save_LIBS" fi - if ac_fn_c_try_link "$LINENO"; then : + if ac_fn_c_try_link "$LINENO" +then : ac_cv_search_getspnam=$ac_res fi -rm -f core conftest.err conftest.$ac_objext \ +rm -f core conftest.err conftest.$ac_objext conftest.beam \ conftest$ac_exeext - if ${ac_cv_search_getspnam+:} false; then : + if test ${ac_cv_search_getspnam+y} +then : break fi done -if ${ac_cv_search_getspnam+:} false; then : +if test ${ac_cv_search_getspnam+y} +then : -else +else $as_nop ac_cv_search_getspnam=no fi rm conftest.$ac_ext LIBS=$ac_func_search_save_LIBS fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_search_getspnam" >&5 -$as_echo "$ac_cv_search_getspnam" >&6; } +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_search_getspnam" >&5 +printf "%s\n" "$ac_cv_search_getspnam" >&6; } ac_res=$ac_cv_search_getspnam -if test "$ac_res" != no; then : +if test "$ac_res" != no +then : test "$ac_res" = "none required" || LIBS="$ac_res $LIBS" - $as_echo "#define HAVE_GETSPNAM 1" >>confdefs.h + printf "%s\n" "#define HAVE_GETSPNAM 1" >>confdefs.h test "${ac_cv_search_getspnam}" != "none required" && shadow_libs="${shadow_libs} ${ac_cv_search_getspnam}" CHECKSHADOW=false @@ -25712,11 +28695,12 @@ fi if test "$CHECKSHADOW" = "true"; then - { $as_echo "$as_me:${as_lineno-$LINENO}: checking for library containing getprpwnam" >&5 -$as_echo_n "checking for library containing getprpwnam... " >&6; } -if ${ac_cv_search_getprpwnam+:} false; then : - $as_echo_n "(cached) " >&6 -else + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for library containing getprpwnam" >&5 +printf %s "checking for library containing getprpwnam... " >&6; } +if test ${ac_cv_search_getprpwnam+y} +then : + printf %s "(cached) " >&6 +else $as_nop ac_func_search_save_LIBS=$LIBS cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ @@ -25724,49 +28708,51 @@ /* Override any GCC internal prototype to avoid an error. Use char because int might match the return type of a GCC builtin and then its argument prototype would still apply. */ -#ifdef __cplusplus -extern "C" -#endif char getprpwnam (); int -main () +main (void) { return getprpwnam (); ; return 0; } _ACEOF -for ac_lib in '' sec security prot; do +for ac_lib in '' sec security prot +do if test -z "$ac_lib"; then ac_res="none required" else ac_res=-l$ac_lib LIBS="-l$ac_lib $ac_func_search_save_LIBS" fi - if ac_fn_c_try_link "$LINENO"; then : + if ac_fn_c_try_link "$LINENO" +then : ac_cv_search_getprpwnam=$ac_res fi -rm -f core conftest.err conftest.$ac_objext \ +rm -f core conftest.err conftest.$ac_objext conftest.beam \ conftest$ac_exeext - if ${ac_cv_search_getprpwnam+:} false; then : + if test ${ac_cv_search_getprpwnam+y} +then : break fi done -if ${ac_cv_search_getprpwnam+:} false; then : +if test ${ac_cv_search_getprpwnam+y} +then : -else +else $as_nop ac_cv_search_getprpwnam=no fi rm conftest.$ac_ext LIBS=$ac_func_search_save_LIBS fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_search_getprpwnam" >&5 -$as_echo "$ac_cv_search_getprpwnam" >&6; } +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_search_getprpwnam" >&5 +printf "%s\n" "$ac_cv_search_getprpwnam" >&6; } ac_res=$ac_cv_search_getprpwnam -if test "$ac_res" != no; then : +if test "$ac_res" != no +then : test "$ac_res" = "none required" || LIBS="$ac_res $LIBS" - $as_echo "#define HAVE_GETPRPWNAM 1" >>confdefs.h + printf "%s\n" "#define HAVE_GETPRPWNAM 1" >>confdefs.h test "${ac_cv_search_getprpwnam}" != "none required" && shadow_libs="${shadow_libs} ${ac_cv_search_getprpwnam}" SECUREWARE=1 @@ -25782,41 +28768,40 @@ if test -n "$SECUREWARE"; then _LIBS="$LIBS" LIBS="$LIBS $shadow_libs" - for ac_func in bigcrypt -do : - ac_fn_c_check_func "$LINENO" "bigcrypt" "ac_cv_func_bigcrypt" -if test "x$ac_cv_func_bigcrypt" = xyes; then : - cat >>confdefs.h <<_ACEOF -#define HAVE_BIGCRYPT 1 -_ACEOF + ac_fn_c_check_func "$LINENO" "bigcrypt" "ac_cv_func_bigcrypt" +if test "x$ac_cv_func_bigcrypt" = xyes +then : + printf "%s\n" "#define HAVE_BIGCRYPT 1" >>confdefs.h fi -done AUTH_OBJS="$AUTH_OBJS secureware.lo" # set_auth_parameters() and initprivs() are called from sudo.c - for ac_func in set_auth_parameters initprivs + + for ac_func in set_auth_parameters initprivs do : - as_ac_var=`$as_echo "ac_cv_func_$ac_func" | $as_tr_sh` + as_ac_var=`printf "%s\n" "ac_cv_func_$ac_func" | $as_tr_sh` ac_fn_c_check_func "$LINENO" "$ac_func" "$as_ac_var" -if eval test \"x\$"$as_ac_var"\" = x"yes"; then : +if eval test \"x\$"$as_ac_var"\" = x"yes" +then : cat >>confdefs.h <<_ACEOF -#define `$as_echo "HAVE_$ac_func" | $as_tr_cpp` 1 +#define `printf "%s\n" "HAVE_$ac_func" | $as_tr_cpp` 1 _ACEOF test -n "$shadow_libs" && SUDO_LIBS="$SUDO_LIBS $shadow_libs" fi -done +done LIBS="$_LIBS" fi fi if test X"$with_bsm_audit" = X"yes"; then - { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether au_close() takes 4 arguments" >&5 -$as_echo_n "checking whether au_close() takes 4 arguments... " >&6; } -if ${sudo_cv_func_au_close_solaris11+:} false; then : - $as_echo_n "(cached) " >&6 -else + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking whether au_close() takes 4 arguments" >&5 +printf %s "checking whether au_close() takes 4 arguments... " >&6; } +if test ${sudo_cv_func_au_close_solaris11+y} +then : + printf %s "(cached) " >&6 +else $as_nop cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ $ac_includes_default @@ -25826,75 +28811,74 @@ int au_close(int d, int keep, au_event_t event, au_emod_t emod) {return 0;} int -main () +main (void) { ; return 0; } _ACEOF -if ac_fn_c_try_compile "$LINENO"; then : +if ac_fn_c_try_compile "$LINENO" +then : sudo_cv_func_au_close_solaris11=yes -else +else $as_nop sudo_cv_func_au_close_solaris11=no fi -rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext +rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $sudo_cv_func_au_close_solaris11" >&5 -$as_echo "$sudo_cv_func_au_close_solaris11" >&6; } +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $sudo_cv_func_au_close_solaris11" >&5 +printf "%s\n" "$sudo_cv_func_au_close_solaris11" >&6; } if test $sudo_cv_func_au_close_solaris11 = yes; then -$as_echo "#define HAVE_AU_CLOSE_SOLARIS11 1" >>confdefs.h +printf "%s\n" "#define HAVE_AU_CLOSE_SOLARIS11 1" >>confdefs.h fi fi if test X"$enable_poll" = X""; then - for ac_func in ppoll poll + + for ac_func in ppoll poll do : - as_ac_var=`$as_echo "ac_cv_func_$ac_func" | $as_tr_sh` + as_ac_var=`printf "%s\n" "ac_cv_func_$ac_func" | $as_tr_sh` ac_fn_c_check_func "$LINENO" "$ac_func" "$as_ac_var" -if eval test \"x\$"$as_ac_var"\" = x"yes"; then : +if eval test \"x\$"$as_ac_var"\" = x"yes" +then : cat >>confdefs.h <<_ACEOF -#define `$as_echo "HAVE_$ac_func" | $as_tr_cpp` 1 +#define `printf "%s\n" "HAVE_$ac_func" | $as_tr_cpp` 1 _ACEOF enable_poll=yes; break -else +else $as_nop enable_poll=no fi -done +done elif test X"$enable_poll" = X"yes"; then - for ac_func in ppoll + + for ac_func in ppoll do : ac_fn_c_check_func "$LINENO" "ppoll" "ac_cv_func_ppoll" -if test "x$ac_cv_func_ppoll" = xyes; then : - cat >>confdefs.h <<_ACEOF -#define HAVE_PPOLL 1 -_ACEOF +if test "x$ac_cv_func_ppoll" = xyes +then : + printf "%s\n" "#define HAVE_PPOLL 1" >>confdefs.h -else - $as_echo "#define HAVE_POLL 1" >>confdefs.h +else $as_nop + printf "%s\n" "#define HAVE_POLL 1" >>confdefs.h fi -done +done fi if test "$enable_poll" = "yes"; then COMMON_OBJS="${COMMON_OBJS} event_poll.lo" else - for ac_func in pselect -do : - ac_fn_c_check_func "$LINENO" "pselect" "ac_cv_func_pselect" -if test "x$ac_cv_func_pselect" = xyes; then : - cat >>confdefs.h <<_ACEOF -#define HAVE_PSELECT 1 -_ACEOF + ac_fn_c_check_func "$LINENO" "pselect" "ac_cv_func_pselect" +if test "x$ac_cv_func_pselect" = xyes +then : + printf "%s\n" "#define HAVE_PSELECT 1" >>confdefs.h fi -done COMMON_OBJS="${COMMON_OBJS} event_select.lo" fi @@ -25904,66 +28888,68 @@ if test "$with_ldap" != "yes"; then -if ${SUDOERS_LDFLAGS+:} false; then : +if test ${SUDOERS_LDFLAGS+y} +then : case " $SUDOERS_LDFLAGS " in #( *" -L${with_ldap}/lib "*) : - { { $as_echo "$as_me:${as_lineno-$LINENO}: : SUDOERS_LDFLAGS already contains -L\${with_ldap}/lib"; } >&5 + { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: : SUDOERS_LDFLAGS already contains -L\${with_ldap}/lib"; } >&5 (: SUDOERS_LDFLAGS already contains -L${with_ldap}/lib) 2>&5 ac_status=$? - $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 test $ac_status = 0; } ;; #( *) : as_fn_append SUDOERS_LDFLAGS " -L${with_ldap}/lib" - { { $as_echo "$as_me:${as_lineno-$LINENO}: : SUDOERS_LDFLAGS=\"\$SUDOERS_LDFLAGS\""; } >&5 + { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: : SUDOERS_LDFLAGS=\"\$SUDOERS_LDFLAGS\""; } >&5 (: SUDOERS_LDFLAGS="$SUDOERS_LDFLAGS") 2>&5 ac_status=$? - $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 test $ac_status = 0; } ;; esac -else +else $as_nop SUDOERS_LDFLAGS=-L${with_ldap}/lib - { { $as_echo "$as_me:${as_lineno-$LINENO}: : SUDOERS_LDFLAGS=\"\$SUDOERS_LDFLAGS\""; } >&5 + { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: : SUDOERS_LDFLAGS=\"\$SUDOERS_LDFLAGS\""; } >&5 (: SUDOERS_LDFLAGS="$SUDOERS_LDFLAGS") 2>&5 ac_status=$? - $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 test $ac_status = 0; } fi if test X"$enable_rpath" = X"yes"; then -if ${SUDOERS_LDFLAGS_R+:} false; then : +if test ${SUDOERS_LDFLAGS_R+y} +then : case " $SUDOERS_LDFLAGS_R " in #( *" -R${with_ldap}/lib "*) : - { { $as_echo "$as_me:${as_lineno-$LINENO}: : SUDOERS_LDFLAGS_R already contains -R\${with_ldap}/lib"; } >&5 + { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: : SUDOERS_LDFLAGS_R already contains -R\${with_ldap}/lib"; } >&5 (: SUDOERS_LDFLAGS_R already contains -R${with_ldap}/lib) 2>&5 ac_status=$? - $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 test $ac_status = 0; } ;; #( *) : as_fn_append SUDOERS_LDFLAGS_R " -R${with_ldap}/lib" - { { $as_echo "$as_me:${as_lineno-$LINENO}: : SUDOERS_LDFLAGS_R=\"\$SUDOERS_LDFLAGS_R\""; } >&5 + { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: : SUDOERS_LDFLAGS_R=\"\$SUDOERS_LDFLAGS_R\""; } >&5 (: SUDOERS_LDFLAGS_R="$SUDOERS_LDFLAGS_R") 2>&5 ac_status=$? - $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 test $ac_status = 0; } ;; esac -else +else $as_nop SUDOERS_LDFLAGS_R=-R${with_ldap}/lib - { { $as_echo "$as_me:${as_lineno-$LINENO}: : SUDOERS_LDFLAGS_R=\"\$SUDOERS_LDFLAGS_R\""; } >&5 + { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: : SUDOERS_LDFLAGS_R=\"\$SUDOERS_LDFLAGS_R\""; } >&5 (: SUDOERS_LDFLAGS_R="$SUDOERS_LDFLAGS_R") 2>&5 ac_status=$? - $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 test $ac_status = 0; } fi @@ -25974,66 +28960,68 @@ if test -d "${with_ldap}/lib64"; then -if ${SUDOERS_LDFLAGS+:} false; then : +if test ${SUDOERS_LDFLAGS+y} +then : case " $SUDOERS_LDFLAGS " in #( *" -L${with_ldap}/lib64 "*) : - { { $as_echo "$as_me:${as_lineno-$LINENO}: : SUDOERS_LDFLAGS already contains -L\${with_ldap}/lib64"; } >&5 + { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: : SUDOERS_LDFLAGS already contains -L\${with_ldap}/lib64"; } >&5 (: SUDOERS_LDFLAGS already contains -L${with_ldap}/lib64) 2>&5 ac_status=$? - $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 test $ac_status = 0; } ;; #( *) : as_fn_append SUDOERS_LDFLAGS " -L${with_ldap}/lib64" - { { $as_echo "$as_me:${as_lineno-$LINENO}: : SUDOERS_LDFLAGS=\"\$SUDOERS_LDFLAGS\""; } >&5 + { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: : SUDOERS_LDFLAGS=\"\$SUDOERS_LDFLAGS\""; } >&5 (: SUDOERS_LDFLAGS="$SUDOERS_LDFLAGS") 2>&5 ac_status=$? - $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 test $ac_status = 0; } ;; esac -else +else $as_nop SUDOERS_LDFLAGS=-L${with_ldap}/lib64 - { { $as_echo "$as_me:${as_lineno-$LINENO}: : SUDOERS_LDFLAGS=\"\$SUDOERS_LDFLAGS\""; } >&5 + { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: : SUDOERS_LDFLAGS=\"\$SUDOERS_LDFLAGS\""; } >&5 (: SUDOERS_LDFLAGS="$SUDOERS_LDFLAGS") 2>&5 ac_status=$? - $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 test $ac_status = 0; } fi if test X"$enable_rpath" = X"yes"; then -if ${SUDOERS_LDFLAGS_R+:} false; then : +if test ${SUDOERS_LDFLAGS_R+y} +then : case " $SUDOERS_LDFLAGS_R " in #( *" -R${with_ldap}/lib64 "*) : - { { $as_echo "$as_me:${as_lineno-$LINENO}: : SUDOERS_LDFLAGS_R already contains -R\${with_ldap}/lib64"; } >&5 + { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: : SUDOERS_LDFLAGS_R already contains -R\${with_ldap}/lib64"; } >&5 (: SUDOERS_LDFLAGS_R already contains -R${with_ldap}/lib64) 2>&5 ac_status=$? - $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 test $ac_status = 0; } ;; #( *) : as_fn_append SUDOERS_LDFLAGS_R " -R${with_ldap}/lib64" - { { $as_echo "$as_me:${as_lineno-$LINENO}: : SUDOERS_LDFLAGS_R=\"\$SUDOERS_LDFLAGS_R\""; } >&5 + { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: : SUDOERS_LDFLAGS_R=\"\$SUDOERS_LDFLAGS_R\""; } >&5 (: SUDOERS_LDFLAGS_R="$SUDOERS_LDFLAGS_R") 2>&5 ac_status=$? - $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 test $ac_status = 0; } ;; esac -else +else $as_nop SUDOERS_LDFLAGS_R=-R${with_ldap}/lib64 - { { $as_echo "$as_me:${as_lineno-$LINENO}: : SUDOERS_LDFLAGS_R=\"\$SUDOERS_LDFLAGS_R\""; } >&5 + { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: : SUDOERS_LDFLAGS_R=\"\$SUDOERS_LDFLAGS_R\""; } >&5 (: SUDOERS_LDFLAGS_R="$SUDOERS_LDFLAGS_R") 2>&5 ac_status=$? - $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 test $ac_status = 0; } fi @@ -26043,33 +29031,34 @@ LDFLAGS="$LDFLAGS -L${with_ldap}/lib64" fi -if ${CPPFLAGS+:} false; then : +if test ${CPPFLAGS+y} +then : case " $CPPFLAGS " in #( *" -I${with_ldap}/include "*) : - { { $as_echo "$as_me:${as_lineno-$LINENO}: : CPPFLAGS already contains -I\${with_ldap}/include"; } >&5 + { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: : CPPFLAGS already contains -I\${with_ldap}/include"; } >&5 (: CPPFLAGS already contains -I${with_ldap}/include) 2>&5 ac_status=$? - $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 test $ac_status = 0; } ;; #( *) : as_fn_append CPPFLAGS " -I${with_ldap}/include" - { { $as_echo "$as_me:${as_lineno-$LINENO}: : CPPFLAGS=\"\$CPPFLAGS\""; } >&5 + { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: : CPPFLAGS=\"\$CPPFLAGS\""; } >&5 (: CPPFLAGS="$CPPFLAGS") 2>&5 ac_status=$? - $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 test $ac_status = 0; } ;; esac -else +else $as_nop CPPFLAGS=-I${with_ldap}/include - { { $as_echo "$as_me:${as_lineno-$LINENO}: : CPPFLAGS=\"\$CPPFLAGS\""; } >&5 + { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: : CPPFLAGS=\"\$CPPFLAGS\""; } >&5 (: CPPFLAGS="$CPPFLAGS") 2>&5 ac_status=$? - $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 test $ac_status = 0; } fi @@ -26089,11 +29078,12 @@ found=no # On HP-UX, libibmldap has a hidden dependency on libCsup case "$host_os" in - hpux*) { $as_echo "$as_me:${as_lineno-$LINENO}: checking for main in -lCsup" >&5 -$as_echo_n "checking for main in -lCsup... " >&6; } -if ${ac_cv_lib_Csup_main+:} false; then : - $as_echo_n "(cached) " >&6 -else + hpux*|hiuxmpp*) { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for main in -lCsup" >&5 +printf %s "checking for main in -lCsup... " >&6; } +if test ${ac_cv_lib_Csup_main+y} +then : + printf %s "(cached) " >&6 +else $as_nop ac_check_lib_save_LIBS=$LIBS LIBS="-lCsup $LIBS" cat confdefs.h - <<_ACEOF >conftest.$ac_ext @@ -26101,34 +29091,37 @@ int -main () +main (void) { return main (); ; return 0; } _ACEOF -if ac_fn_c_try_link "$LINENO"; then : +if ac_fn_c_try_link "$LINENO" +then : ac_cv_lib_Csup_main=yes -else +else $as_nop ac_cv_lib_Csup_main=no fi -rm -f core conftest.err conftest.$ac_objext \ +rm -f core conftest.err conftest.$ac_objext conftest.beam \ conftest$ac_exeext conftest.$ac_ext LIBS=$ac_check_lib_save_LIBS fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_Csup_main" >&5 -$as_echo "$ac_cv_lib_Csup_main" >&6; } -if test "x$ac_cv_lib_Csup_main" = xyes; then : +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_Csup_main" >&5 +printf "%s\n" "$ac_cv_lib_Csup_main" >&6; } +if test "x$ac_cv_lib_Csup_main" = xyes +then : IBMLDAP_EXTRA=" -lCsup" fi ;; esac - { $as_echo "$as_me:${as_lineno-$LINENO}: checking for library containing ldap_init" >&5 -$as_echo_n "checking for library containing ldap_init... " >&6; } -if ${ac_cv_search_ldap_init+:} false; then : - $as_echo_n "(cached) " >&6 -else + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for library containing ldap_init" >&5 +printf %s "checking for library containing ldap_init... " >&6; } +if test ${ac_cv_search_ldap_init+y} +then : + printf %s "(cached) " >&6 +else $as_nop ac_func_search_save_LIBS=$LIBS cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ @@ -26136,46 +29129,48 @@ /* Override any GCC internal prototype to avoid an error. Use char because int might match the return type of a GCC builtin and then its argument prototype would still apply. */ -#ifdef __cplusplus -extern "C" -#endif char ldap_init (); int -main () +main (void) { return ldap_init (); ; return 0; } _ACEOF -for ac_lib in '' "ibmldap${IBMLDAP_EXTRA}" "ibmldap -lidsldif${IBMLDAP_EXTRA}" "ldap" "ldap -llber" "ldap -llber -lssl -lcrypto" "ibmldap${IBMLDAP_EXTRA}"; do +for ac_lib in '' "ibmldap${IBMLDAP_EXTRA}" "ibmldap -lidsldif${IBMLDAP_EXTRA}" "ldap" "ldap -llber" "ldap -llber -lssl -lcrypto" "ibmldap${IBMLDAP_EXTRA}" +do if test -z "$ac_lib"; then ac_res="none required" else ac_res=-l$ac_lib LIBS="-l$ac_lib $ac_func_search_save_LIBS" fi - if ac_fn_c_try_link "$LINENO"; then : + if ac_fn_c_try_link "$LINENO" +then : ac_cv_search_ldap_init=$ac_res fi -rm -f core conftest.err conftest.$ac_objext \ +rm -f core conftest.err conftest.$ac_objext conftest.beam \ conftest$ac_exeext - if ${ac_cv_search_ldap_init+:} false; then : + if test ${ac_cv_search_ldap_init+y} +then : break fi done -if ${ac_cv_search_ldap_init+:} false; then : +if test ${ac_cv_search_ldap_init+y} +then : -else +else $as_nop ac_cv_search_ldap_init=no fi rm conftest.$ac_ext LIBS=$ac_func_search_save_LIBS fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_search_ldap_init" >&5 -$as_echo "$ac_cv_search_ldap_init" >&6; } +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_search_ldap_init" >&5 +printf "%s\n" "$ac_cv_search_ldap_init" >&6; } ac_res=$ac_cv_search_ldap_init -if test "$ac_res" != no; then : +if test "$ac_res" != no +then : test "$ac_res" = "none required" || LIBS="$ac_res $LIBS" test "${ac_cv_search_ldap_init}" != "none required" && LDAP_LIBS="${ac_cv_search_ldap_init}" @@ -26189,29 +29184,31 @@ fi LIBS="${_LIBS} ${LDAP_LIBS}" OLIBS="$LIBS" - { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether lber.h defines LBER_OPT_DEBUG_LEVEL" >&5 -$as_echo_n "checking whether lber.h defines LBER_OPT_DEBUG_LEVEL... " >&6; } + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking whether lber.h defines LBER_OPT_DEBUG_LEVEL" >&5 +printf %s "checking whether lber.h defines LBER_OPT_DEBUG_LEVEL... " >&6; } cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ #include # include int -main () +main (void) { int opt=LBER_OPT_DEBUG_LEVEL; ; return 0; } _ACEOF -if ac_fn_c_try_compile "$LINENO"; then : +if ac_fn_c_try_compile "$LINENO" +then : - { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 -$as_echo "yes" >&6; } - { $as_echo "$as_me:${as_lineno-$LINENO}: checking for library containing ber_set_option" >&5 -$as_echo_n "checking for library containing ber_set_option... " >&6; } -if ${ac_cv_search_ber_set_option+:} false; then : - $as_echo_n "(cached) " >&6 -else + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: yes" >&5 +printf "%s\n" "yes" >&6; } + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for library containing ber_set_option" >&5 +printf %s "checking for library containing ber_set_option... " >&6; } +if test ${ac_cv_search_ber_set_option+y} +then : + printf %s "(cached) " >&6 +else $as_nop ac_func_search_save_LIBS=$LIBS cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ @@ -26219,49 +29216,51 @@ /* Override any GCC internal prototype to avoid an error. Use char because int might match the return type of a GCC builtin and then its argument prototype would still apply. */ -#ifdef __cplusplus -extern "C" -#endif char ber_set_option (); int -main () +main (void) { return ber_set_option (); ; return 0; } _ACEOF -for ac_lib in '' lber; do +for ac_lib in '' lber +do if test -z "$ac_lib"; then ac_res="none required" else ac_res=-l$ac_lib LIBS="-l$ac_lib $ac_func_search_save_LIBS" fi - if ac_fn_c_try_link "$LINENO"; then : + if ac_fn_c_try_link "$LINENO" +then : ac_cv_search_ber_set_option=$ac_res fi -rm -f core conftest.err conftest.$ac_objext \ +rm -f core conftest.err conftest.$ac_objext conftest.beam \ conftest$ac_exeext - if ${ac_cv_search_ber_set_option+:} false; then : + if test ${ac_cv_search_ber_set_option+y} +then : break fi done -if ${ac_cv_search_ber_set_option+:} false; then : +if test ${ac_cv_search_ber_set_option+y} +then : -else +else $as_nop ac_cv_search_ber_set_option=no fi rm conftest.$ac_ext LIBS=$ac_func_search_save_LIBS fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_search_ber_set_option" >&5 -$as_echo "$ac_cv_search_ber_set_option" >&6; } +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_search_ber_set_option" >&5 +printf "%s\n" "$ac_cv_search_ber_set_option" >&6; } ac_res=$ac_cv_search_ber_set_option -if test "$ac_res" != no; then : +if test "$ac_res" != no +then : test "$ac_res" = "none required" || LIBS="$ac_res $LIBS" found=yes -else +else $as_nop found=no fi @@ -26269,123 +29268,178 @@ LDAP_LIBS="$LDAP_LIBS -llber" fi -else +else $as_nop - { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 -$as_echo "no" >&6; } + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5 +printf "%s\n" "no" >&6; } fi -rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext - { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether lber.h is needed" >&5 -$as_echo_n "checking whether lber.h is needed... " >&6; } +rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking whether lber.h is needed" >&5 +printf %s "checking whether lber.h is needed... " >&6; } cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ #include # include int -main () +main (void) { (void)ldap_init(0, 0) ; return 0; } _ACEOF -if ac_fn_c_try_link "$LINENO"; then : - { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 -$as_echo "no" >&6; } -else - - { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 -$as_echo "yes" >&6; } - $as_echo "#define HAVE_LBER_H 1" >>confdefs.h +if ac_fn_c_try_link "$LINENO" +then : + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5 +printf "%s\n" "no" >&6; } +else $as_nop + + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: yes" >&5 +printf "%s\n" "yes" >&6; } + printf "%s\n" "#define HAVE_LBER_H 1" >>confdefs.h fi -rm -f core conftest.err conftest.$ac_objext \ +rm -f core conftest.err conftest.$ac_objext conftest.beam \ conftest$ac_exeext conftest.$ac_ext if test ${enable_sasl-'yes'} = "yes"; then found_sasl_h=no - for ac_header in sasl/sasl.h sasl.h + for ac_header in sasl/sasl.h sasl.h do : - as_ac_Header=`$as_echo "ac_cv_header_$ac_header" | $as_tr_sh` -ac_fn_c_check_header_mongrel "$LINENO" "$ac_header" "$as_ac_Header" "$ac_includes_default" -if eval test \"x\$"$as_ac_Header"\" = x"yes"; then : + as_ac_Header=`printf "%s\n" "ac_cv_header_$ac_header" | $as_tr_sh` +ac_fn_c_check_header_compile "$LINENO" "$ac_header" "$as_ac_Header" "$ac_includes_default" +if eval test \"x\$"$as_ac_Header"\" = x"yes" +then : cat >>confdefs.h <<_ACEOF -#define `$as_echo "HAVE_$ac_header" | $as_tr_cpp` 1 +#define `printf "%s\n" "HAVE_$ac_header" | $as_tr_cpp` 1 _ACEOF found_sasl_h=yes - for ac_func in ldap_sasl_interactive_bind_s -do : - ac_fn_c_check_func "$LINENO" "ldap_sasl_interactive_bind_s" "ac_cv_func_ldap_sasl_interactive_bind_s" -if test "x$ac_cv_func_ldap_sasl_interactive_bind_s" = xyes; then : - cat >>confdefs.h <<_ACEOF -#define HAVE_LDAP_SASL_INTERACTIVE_BIND_S 1 -_ACEOF + ac_fn_c_check_func "$LINENO" "ldap_sasl_interactive_bind_s" "ac_cv_func_ldap_sasl_interactive_bind_s" +if test "x$ac_cv_func_ldap_sasl_interactive_bind_s" = xyes +then : + printf "%s\n" "#define HAVE_LDAP_SASL_INTERACTIVE_BIND_S 1" >>confdefs.h fi -done break fi done - if test X${enable_sasl} = X"yes"; then if test X"$found_sasl_h" != X"yes"; then - as_fn_error $? "\"--enable-sasl specified but unable to locate SASL development headers.\"" "$LINENO" 5 + as_fn_error $? "--enable-sasl specified but unable to locate SASL development headers." "$LINENO" 5 fi if test X"$ac_cv_func_ldap_sasl_interactive_bind_s" != X"yes"; then : - as_fn_error $? "\"--enable-sasl specified but SASL support is missing in your LDAP library\"" "$LINENO" 5 + as_fn_error $? "--enable-sasl specified but SASL support is missing in your LDAP library" "$LINENO" 5 fi fi fi - for ac_header in ldapssl.h ldap_ssl.h mps/ldap_ssl.h + for ac_header in ldapssl.h ldap_ssl.h mps/ldap_ssl.h do : - as_ac_Header=`$as_echo "ac_cv_header_$ac_header" | $as_tr_sh` + as_ac_Header=`printf "%s\n" "ac_cv_header_$ac_header" | $as_tr_sh` ac_fn_c_check_header_compile "$LINENO" "$ac_header" "$as_ac_Header" "#include " -if eval test \"x\$"$as_ac_Header"\" = x"yes"; then : +if eval test \"x\$"$as_ac_Header"\" = x"yes" +then : cat >>confdefs.h <<_ACEOF -#define `$as_echo "HAVE_$ac_header" | $as_tr_cpp` 1 +#define `printf "%s\n" "HAVE_$ac_header" | $as_tr_cpp` 1 _ACEOF break fi done + ac_fn_c_check_func "$LINENO" "ldap_initialize" "ac_cv_func_ldap_initialize" +if test "x$ac_cv_func_ldap_initialize" = xyes +then : + printf "%s\n" "#define HAVE_LDAP_INITIALIZE 1" >>confdefs.h - for ac_func in ldap_initialize ldap_start_tls_s ldapssl_init ldapssl_set_strength ldap_unbind_ext_s ldap_str2dn ldap_create ldap_sasl_bind_s ldap_ssl_init ldap_ssl_client_init ldap_start_tls_s_np -do : - as_ac_var=`$as_echo "ac_cv_func_$ac_func" | $as_tr_sh` -ac_fn_c_check_func "$LINENO" "$ac_func" "$as_ac_var" -if eval test \"x\$"$as_ac_var"\" = x"yes"; then : - cat >>confdefs.h <<_ACEOF -#define `$as_echo "HAVE_$ac_func" | $as_tr_cpp` 1 -_ACEOF +fi +ac_fn_c_check_func "$LINENO" "ldap_start_tls_s" "ac_cv_func_ldap_start_tls_s" +if test "x$ac_cv_func_ldap_start_tls_s" = xyes +then : + printf "%s\n" "#define HAVE_LDAP_START_TLS_S 1" >>confdefs.h fi -done +ac_fn_c_check_func "$LINENO" "ldapssl_init" "ac_cv_func_ldapssl_init" +if test "x$ac_cv_func_ldapssl_init" = xyes +then : + printf "%s\n" "#define HAVE_LDAPSSL_INIT 1" >>confdefs.h + +fi +ac_fn_c_check_func "$LINENO" "ldapssl_set_strength" "ac_cv_func_ldapssl_set_strength" +if test "x$ac_cv_func_ldapssl_set_strength" = xyes +then : + printf "%s\n" "#define HAVE_LDAPSSL_SET_STRENGTH 1" >>confdefs.h + +fi +ac_fn_c_check_func "$LINENO" "ldap_unbind_ext_s" "ac_cv_func_ldap_unbind_ext_s" +if test "x$ac_cv_func_ldap_unbind_ext_s" = xyes +then : + printf "%s\n" "#define HAVE_LDAP_UNBIND_EXT_S 1" >>confdefs.h + +fi +ac_fn_c_check_func "$LINENO" "ldap_str2dn" "ac_cv_func_ldap_str2dn" +if test "x$ac_cv_func_ldap_str2dn" = xyes +then : + printf "%s\n" "#define HAVE_LDAP_STR2DN 1" >>confdefs.h + +fi +ac_fn_c_check_func "$LINENO" "ldap_create" "ac_cv_func_ldap_create" +if test "x$ac_cv_func_ldap_create" = xyes +then : + printf "%s\n" "#define HAVE_LDAP_CREATE 1" >>confdefs.h + +fi +ac_fn_c_check_func "$LINENO" "ldap_sasl_bind_s" "ac_cv_func_ldap_sasl_bind_s" +if test "x$ac_cv_func_ldap_sasl_bind_s" = xyes +then : + printf "%s\n" "#define HAVE_LDAP_SASL_BIND_S 1" >>confdefs.h + +fi +ac_fn_c_check_func "$LINENO" "ldap_ssl_init" "ac_cv_func_ldap_ssl_init" +if test "x$ac_cv_func_ldap_ssl_init" = xyes +then : + printf "%s\n" "#define HAVE_LDAP_SSL_INIT 1" >>confdefs.h + +fi +ac_fn_c_check_func "$LINENO" "ldap_ssl_client_init" "ac_cv_func_ldap_ssl_client_init" +if test "x$ac_cv_func_ldap_ssl_client_init" = xyes +then : + printf "%s\n" "#define HAVE_LDAP_SSL_CLIENT_INIT 1" >>confdefs.h + +fi +ac_fn_c_check_func "$LINENO" "ldap_start_tls_s_np" "ac_cv_func_ldap_start_tls_s_np" +if test "x$ac_cv_func_ldap_start_tls_s_np" = xyes +then : + printf "%s\n" "#define HAVE_LDAP_START_TLS_S_NP 1" >>confdefs.h + +fi + - for ac_func in ldap_search_ext_s ldap_search_st + for ac_func in ldap_search_ext_s ldap_search_st do : - as_ac_var=`$as_echo "ac_cv_func_$ac_func" | $as_tr_sh` + as_ac_var=`printf "%s\n" "ac_cv_func_$ac_func" | $as_tr_sh` ac_fn_c_check_func "$LINENO" "$ac_func" "$as_ac_var" -if eval test \"x\$"$as_ac_var"\" = x"yes"; then : +if eval test \"x\$"$as_ac_var"\" = x"yes" +then : cat >>confdefs.h <<_ACEOF -#define `$as_echo "HAVE_$ac_func" | $as_tr_cpp` 1 +#define `printf "%s\n" "HAVE_$ac_func" | $as_tr_cpp` 1 _ACEOF break fi -done +done if test X"$check_gss_krb5_ccache_name" = X"yes"; then - { $as_echo "$as_me:${as_lineno-$LINENO}: checking for gss_krb5_ccache_name in -lgssapi" >&5 -$as_echo_n "checking for gss_krb5_ccache_name in -lgssapi... " >&6; } -if ${ac_cv_lib_gssapi_gss_krb5_ccache_name+:} false; then : - $as_echo_n "(cached) " >&6 -else + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for gss_krb5_ccache_name in -lgssapi" >&5 +printf %s "checking for gss_krb5_ccache_name in -lgssapi... " >&6; } +if test ${ac_cv_lib_gssapi_gss_krb5_ccache_name+y} +then : + printf %s "(cached) " >&6 +else $as_nop ac_check_lib_save_LIBS=$LIBS LIBS="-lgssapi $LIBS" cat confdefs.h - <<_ACEOF >conftest.$ac_ext @@ -26394,39 +29448,39 @@ /* Override any GCC internal prototype to avoid an error. Use char because int might match the return type of a GCC builtin and then its argument prototype would still apply. */ -#ifdef __cplusplus -extern "C" -#endif char gss_krb5_ccache_name (); int -main () +main (void) { return gss_krb5_ccache_name (); ; return 0; } _ACEOF -if ac_fn_c_try_link "$LINENO"; then : +if ac_fn_c_try_link "$LINENO" +then : ac_cv_lib_gssapi_gss_krb5_ccache_name=yes -else +else $as_nop ac_cv_lib_gssapi_gss_krb5_ccache_name=no fi -rm -f core conftest.err conftest.$ac_objext \ +rm -f core conftest.err conftest.$ac_objext conftest.beam \ conftest$ac_exeext conftest.$ac_ext LIBS=$ac_check_lib_save_LIBS fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_gssapi_gss_krb5_ccache_name" >&5 -$as_echo "$ac_cv_lib_gssapi_gss_krb5_ccache_name" >&6; } -if test "x$ac_cv_lib_gssapi_gss_krb5_ccache_name" = xyes; then : - $as_echo "#define HAVE_GSS_KRB5_CCACHE_NAME 1" >>confdefs.h +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_gssapi_gss_krb5_ccache_name" >&5 +printf "%s\n" "$ac_cv_lib_gssapi_gss_krb5_ccache_name" >&6; } +if test "x$ac_cv_lib_gssapi_gss_krb5_ccache_name" = xyes +then : + printf "%s\n" "#define HAVE_GSS_KRB5_CCACHE_NAME 1" >>confdefs.h LDAP_LIBS="${LDAP_LIBS} -lgssapi" -else - { $as_echo "$as_me:${as_lineno-$LINENO}: checking for gss_krb5_ccache_name in -lgssapi_krb5" >&5 -$as_echo_n "checking for gss_krb5_ccache_name in -lgssapi_krb5... " >&6; } -if ${ac_cv_lib_gssapi_krb5_gss_krb5_ccache_name+:} false; then : - $as_echo_n "(cached) " >&6 -else +else $as_nop + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for gss_krb5_ccache_name in -lgssapi_krb5" >&5 +printf %s "checking for gss_krb5_ccache_name in -lgssapi_krb5... " >&6; } +if test ${ac_cv_lib_gssapi_krb5_gss_krb5_ccache_name+y} +then : + printf %s "(cached) " >&6 +else $as_nop ac_check_lib_save_LIBS=$LIBS LIBS="-lgssapi_krb5 $LIBS" cat confdefs.h - <<_ACEOF >conftest.$ac_ext @@ -26435,31 +29489,30 @@ /* Override any GCC internal prototype to avoid an error. Use char because int might match the return type of a GCC builtin and then its argument prototype would still apply. */ -#ifdef __cplusplus -extern "C" -#endif char gss_krb5_ccache_name (); int -main () +main (void) { return gss_krb5_ccache_name (); ; return 0; } _ACEOF -if ac_fn_c_try_link "$LINENO"; then : +if ac_fn_c_try_link "$LINENO" +then : ac_cv_lib_gssapi_krb5_gss_krb5_ccache_name=yes -else +else $as_nop ac_cv_lib_gssapi_krb5_gss_krb5_ccache_name=no fi -rm -f core conftest.err conftest.$ac_objext \ +rm -f core conftest.err conftest.$ac_objext conftest.beam \ conftest$ac_exeext conftest.$ac_ext LIBS=$ac_check_lib_save_LIBS fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_gssapi_krb5_gss_krb5_ccache_name" >&5 -$as_echo "$ac_cv_lib_gssapi_krb5_gss_krb5_ccache_name" >&6; } -if test "x$ac_cv_lib_gssapi_krb5_gss_krb5_ccache_name" = xyes; then : - $as_echo "#define HAVE_GSS_KRB5_CCACHE_NAME 1" >>confdefs.h +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_gssapi_krb5_gss_krb5_ccache_name" >&5 +printf "%s\n" "$ac_cv_lib_gssapi_krb5_gss_krb5_ccache_name" >&6; } +if test "x$ac_cv_lib_gssapi_krb5_gss_krb5_ccache_name" = xyes +then : + printf "%s\n" "#define HAVE_GSS_KRB5_CCACHE_NAME 1" >>confdefs.h LDAP_LIBS="${LDAP_LIBS} -lgssapi_krb5" fi @@ -26480,7 +29533,7 @@ #include int -main () +main (void) { ; @@ -26488,30 +29541,26 @@ } _ACEOF -if ac_fn_c_try_cpp "$LINENO"; then : +if ac_fn_c_try_cpp "$LINENO" +then : - for ac_header in gssapi/gssapi.h -do : - ac_fn_c_check_header_mongrel "$LINENO" "gssapi/gssapi.h" "ac_cv_header_gssapi_gssapi_h" "$ac_includes_default" -if test "x$ac_cv_header_gssapi_gssapi_h" = xyes; then : - cat >>confdefs.h <<_ACEOF -#define HAVE_GSSAPI_GSSAPI_H 1 -_ACEOF + ac_fn_c_check_header_compile "$LINENO" "gssapi/gssapi.h" "ac_cv_header_gssapi_gssapi_h" "$ac_includes_default" +if test "x$ac_cv_header_gssapi_gssapi_h" = xyes +then : + printf "%s\n" "#define HAVE_GSSAPI_GSSAPI_H 1" >>confdefs.h fi -done - break -else +else $as_nop cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ #include int -main () +main (void) { ; @@ -26519,20 +29568,16 @@ } _ACEOF -if ac_fn_c_try_cpp "$LINENO"; then : +if ac_fn_c_try_cpp "$LINENO" +then : - for ac_header in gssapi.h -do : - ac_fn_c_check_header_mongrel "$LINENO" "gssapi.h" "ac_cv_header_gssapi_h" "$ac_includes_default" -if test "x$ac_cv_header_gssapi_h" = xyes; then : - cat >>confdefs.h <<_ACEOF -#define HAVE_GSSAPI_H 1 -_ACEOF + ac_fn_c_check_header_compile "$LINENO" "gssapi.h" "ac_cv_header_gssapi_h" "$ac_includes_default" +if test "x$ac_cv_header_gssapi_h" = xyes +then : + printf "%s\n" "#define HAVE_GSSAPI_H 1" >>confdefs.h fi -done - break fi @@ -26542,22 +29587,17 @@ rm -f conftest.err conftest.i conftest.$ac_ext done if test X"$ac_cv_header_gssapi_gssapi_h" != X"no"; then - for ac_header in gssapi/gssapi_krb5.h -do : - ac_fn_c_check_header_mongrel "$LINENO" "gssapi/gssapi_krb5.h" "ac_cv_header_gssapi_gssapi_krb5_h" "$ac_includes_default" -if test "x$ac_cv_header_gssapi_gssapi_krb5_h" = xyes; then : - cat >>confdefs.h <<_ACEOF -#define HAVE_GSSAPI_GSSAPI_KRB5_H 1 -_ACEOF + ac_fn_c_check_header_compile "$LINENO" "gssapi/gssapi_krb5.h" "ac_cv_header_gssapi_gssapi_krb5_h" "$ac_includes_default" +if test "x$ac_cv_header_gssapi_gssapi_krb5_h" = xyes +then : + printf "%s\n" "#define HAVE_GSSAPI_GSSAPI_KRB5_H 1" >>confdefs.h fi -done - elif test X"$ac_cv_header_gssapi_h" = X"no"; then CPPFLAGS="$O_CPPFLAGS" - { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: Unable to locate gssapi.h, you will have to edit the Makefile and add -I/path/to/gssapi/includes to CPPFLAGS" >&5 -$as_echo "$as_me: WARNING: Unable to locate gssapi.h, you will have to edit the Makefile and add -I/path/to/gssapi/includes to CPPFLAGS" >&2;} + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: WARNING: unable to locate gssapi.h, you will have to edit the Makefile and add -I/path/to/gssapi/includes to CPPFLAGS" >&5 +printf "%s\n" "$as_me: WARNING: unable to locate gssapi.h, you will have to edit the Makefile and add -I/path/to/gssapi/includes to CPPFLAGS" >&2;} fi fi @@ -26572,101 +29612,107 @@ # case "$lt_cv_dlopen" in dlopen) - $as_echo "#define HAVE_DLOPEN 1" >>confdefs.h + printf "%s\n" "#define HAVE_DLOPEN 1" >>confdefs.h if test "$enable_static_sudoers" = "yes"; then - $as_echo "#define STATIC_SUDOERS_PLUGIN 1" >>confdefs.h + printf "%s\n" "#define STATIC_SUDOERS_PLUGIN 1" >>confdefs.h SUDO_OBJS="${SUDO_OBJS} preload.o" STATIC_SUDOERS="\$(top_builddir)/plugins/sudoers/sudoers.la" -if ${SUDOERS_LDFLAGS+:} false; then : +if test ${SUDOERS_LDFLAGS+y} +then : case " $SUDOERS_LDFLAGS " in #( - *" --tag=disable-shared -static "*) : - { { $as_echo "$as_me:${as_lineno-$LINENO}: : SUDOERS_LDFLAGS already contains --tag=disable-shared -static"; } >&5 - (: SUDOERS_LDFLAGS already contains --tag=disable-shared -static) 2>&5 + *" -no-install "*) : + { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: : SUDOERS_LDFLAGS already contains -no-install"; } >&5 + (: SUDOERS_LDFLAGS already contains -no-install) 2>&5 ac_status=$? - $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 test $ac_status = 0; } ;; #( *) : - as_fn_append SUDOERS_LDFLAGS " --tag=disable-shared -static" - { { $as_echo "$as_me:${as_lineno-$LINENO}: : SUDOERS_LDFLAGS=\"\$SUDOERS_LDFLAGS\""; } >&5 + as_fn_append SUDOERS_LDFLAGS " -no-install" + { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: : SUDOERS_LDFLAGS=\"\$SUDOERS_LDFLAGS\""; } >&5 (: SUDOERS_LDFLAGS="$SUDOERS_LDFLAGS") 2>&5 ac_status=$? - $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 test $ac_status = 0; } ;; esac -else +else $as_nop - SUDOERS_LDFLAGS=--tag=disable-shared -static - { { $as_echo "$as_me:${as_lineno-$LINENO}: : SUDOERS_LDFLAGS=\"\$SUDOERS_LDFLAGS\""; } >&5 + SUDOERS_LDFLAGS=-no-install + { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: : SUDOERS_LDFLAGS=\"\$SUDOERS_LDFLAGS\""; } >&5 (: SUDOERS_LDFLAGS="$SUDOERS_LDFLAGS") 2>&5 ac_status=$? - $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 test $ac_status = 0; } fi + SUDOERS_LT_STATIC="--tag=disable-shared" LT_STATIC="" else + SUDOERS_LT_STATIC="--tag=disable-static" LT_STATIC="--tag=disable-static" fi ;; shl_load) - $as_echo "#define HAVE_SHL_LOAD 1" >>confdefs.h + printf "%s\n" "#define HAVE_SHL_LOAD 1" >>confdefs.h if test "$enable_static_sudoers" = "yes"; then - $as_echo "#define STATIC_SUDOERS_PLUGIN 1" >>confdefs.h + printf "%s\n" "#define STATIC_SUDOERS_PLUGIN 1" >>confdefs.h SUDO_OBJS="${SUDO_OBJS} preload.o" STATIC_SUDOERS="\$(top_builddir)/plugins/sudoers/sudoers.la" -if ${SUDOERS_LDFLAGS+:} false; then : +if test ${SUDOERS_LDFLAGS+y} +then : case " $SUDOERS_LDFLAGS " in #( - *" --tag=disable-shared -static "*) : - { { $as_echo "$as_me:${as_lineno-$LINENO}: : SUDOERS_LDFLAGS already contains --tag=disable-shared -static"; } >&5 - (: SUDOERS_LDFLAGS already contains --tag=disable-shared -static) 2>&5 + *" -no-install "*) : + { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: : SUDOERS_LDFLAGS already contains -no-install"; } >&5 + (: SUDOERS_LDFLAGS already contains -no-install) 2>&5 ac_status=$? - $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 test $ac_status = 0; } ;; #( *) : - as_fn_append SUDOERS_LDFLAGS " --tag=disable-shared -static" - { { $as_echo "$as_me:${as_lineno-$LINENO}: : SUDOERS_LDFLAGS=\"\$SUDOERS_LDFLAGS\""; } >&5 + as_fn_append SUDOERS_LDFLAGS " -no-install" + { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: : SUDOERS_LDFLAGS=\"\$SUDOERS_LDFLAGS\""; } >&5 (: SUDOERS_LDFLAGS="$SUDOERS_LDFLAGS") 2>&5 ac_status=$? - $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 test $ac_status = 0; } ;; esac -else +else $as_nop - SUDOERS_LDFLAGS=--tag=disable-shared -static - { { $as_echo "$as_me:${as_lineno-$LINENO}: : SUDOERS_LDFLAGS=\"\$SUDOERS_LDFLAGS\""; } >&5 + SUDOERS_LDFLAGS=-no-install + { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: : SUDOERS_LDFLAGS=\"\$SUDOERS_LDFLAGS\""; } >&5 (: SUDOERS_LDFLAGS="$SUDOERS_LDFLAGS") 2>&5 ac_status=$? - $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 test $ac_status = 0; } fi + SUDOERS_LT_STATIC="--tag=disable-shared" LT_STATIC="" else + SUDOERS_LT_STATIC="--tag=disable-static" LT_STATIC="--tag=disable-static" fi ;; *) if test X"${ac_cv_func_dlopen}" = X"yes"; then - as_fn_error $? "\"dlopen present but libtool doesn't appear to support your platform.\"" "$LINENO" 5 + as_fn_error $? "dlopen present but libtool doesn't appear to support your platform." "$LINENO" 5 fi # Preload sudoers module symbols - $as_echo "#define STATIC_SUDOERS_PLUGIN 1" >>confdefs.h + printf "%s\n" "#define STATIC_SUDOERS_PLUGIN 1" >>confdefs.h SUDO_OBJS="${SUDO_OBJS} preload.o" STATIC_SUDOERS="\$(top_builddir)/plugins/sudoers/sudoers.la" @@ -26687,69 +29733,38 @@ # if test "$enable_shared_libutil" = "no"; then if test X"$STATIC_SUDOERS" = X""; then - as_fn_error $? "\"--disable-shared-libutil may only be specified with --enable-static-sudoers or when dynamic linking is disabled.\"" "$LINENO" 5 + as_fn_error $? "--disable-shared-libutil may only be specified with --enable-static-sudoers or when dynamic linking is disabled." "$LINENO" 5 else - # Do not install sudoers or libsudo_util. + # Do not install libsudo_util. -if ${SUDOERS_LDFLAGS+:} false; then : - - case " $SUDOERS_LDFLAGS " in #( - *" -no-install "*) : - { { $as_echo "$as_me:${as_lineno-$LINENO}: : SUDOERS_LDFLAGS already contains -no-install"; } >&5 - (: SUDOERS_LDFLAGS already contains -no-install) 2>&5 - ac_status=$? - $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 - test $ac_status = 0; } ;; #( - *) : - - as_fn_append SUDOERS_LDFLAGS " -no-install" - { { $as_echo "$as_me:${as_lineno-$LINENO}: : SUDOERS_LDFLAGS=\"\$SUDOERS_LDFLAGS\""; } >&5 - (: SUDOERS_LDFLAGS="$SUDOERS_LDFLAGS") 2>&5 - ac_status=$? - $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 - test $ac_status = 0; } - ;; -esac - -else - - SUDOERS_LDFLAGS=-no-install - { { $as_echo "$as_me:${as_lineno-$LINENO}: : SUDOERS_LDFLAGS=\"\$SUDOERS_LDFLAGS\""; } >&5 - (: SUDOERS_LDFLAGS="$SUDOERS_LDFLAGS") 2>&5 - ac_status=$? - $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 - test $ac_status = 0; } - -fi - - -if ${LIBUTIL_LDFLAGS+:} false; then : +if test ${LIBUTIL_LDFLAGS+y} +then : case " $LIBUTIL_LDFLAGS " in #( *" -no-install "*) : - { { $as_echo "$as_me:${as_lineno-$LINENO}: : LIBUTIL_LDFLAGS already contains -no-install"; } >&5 + { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: : LIBUTIL_LDFLAGS already contains -no-install"; } >&5 (: LIBUTIL_LDFLAGS already contains -no-install) 2>&5 ac_status=$? - $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 test $ac_status = 0; } ;; #( *) : as_fn_append LIBUTIL_LDFLAGS " -no-install" - { { $as_echo "$as_me:${as_lineno-$LINENO}: : LIBUTIL_LDFLAGS=\"\$LIBUTIL_LDFLAGS\""; } >&5 + { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: : LIBUTIL_LDFLAGS=\"\$LIBUTIL_LDFLAGS\""; } >&5 (: LIBUTIL_LDFLAGS="$LIBUTIL_LDFLAGS") 2>&5 ac_status=$? - $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 test $ac_status = 0; } ;; esac -else +else $as_nop LIBUTIL_LDFLAGS=-no-install - { { $as_echo "$as_me:${as_lineno-$LINENO}: : LIBUTIL_LDFLAGS=\"\$LIBUTIL_LDFLAGS\""; } >&5 + { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: : LIBUTIL_LDFLAGS=\"\$LIBUTIL_LDFLAGS\""; } >&5 (: LIBUTIL_LDFLAGS="$LIBUTIL_LDFLAGS") 2>&5 ac_status=$? - $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 test $ac_status = 0; } fi @@ -26763,12 +29778,13 @@ # so always link against -lpthread on HP-UX if it is available. # This check should go after all other libraries tests. case "$host_os" in - hpux*) - { $as_echo "$as_me:${as_lineno-$LINENO}: checking for main in -lpthread" >&5 -$as_echo_n "checking for main in -lpthread... " >&6; } -if ${ac_cv_lib_pthread_main+:} false; then : - $as_echo_n "(cached) " >&6 -else + hpux*|hiuxmpp*) + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for main in -lpthread" >&5 +printf %s "checking for main in -lpthread... " >&6; } +if test ${ac_cv_lib_pthread_main+y} +then : + printf %s "(cached) " >&6 +else $as_nop ac_check_lib_save_LIBS=$LIBS LIBS="-lpthread $LIBS" cat confdefs.h - <<_ACEOF >conftest.$ac_ext @@ -26776,42 +29792,44 @@ int -main () +main (void) { return main (); ; return 0; } _ACEOF -if ac_fn_c_try_link "$LINENO"; then : +if ac_fn_c_try_link "$LINENO" +then : ac_cv_lib_pthread_main=yes -else +else $as_nop ac_cv_lib_pthread_main=no fi -rm -f core conftest.err conftest.$ac_objext \ +rm -f core conftest.err conftest.$ac_objext conftest.beam \ conftest$ac_exeext conftest.$ac_ext LIBS=$ac_check_lib_save_LIBS fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_pthread_main" >&5 -$as_echo "$ac_cv_lib_pthread_main" >&6; } -if test "x$ac_cv_lib_pthread_main" = xyes; then : +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_pthread_main" >&5 +printf "%s\n" "$ac_cv_lib_pthread_main" >&6; } +if test "x$ac_cv_lib_pthread_main" = xyes +then : SUDO_LIBS="${SUDO_LIBS} -lpthread" fi - $as_echo "#define _REENTRANT 1" >>confdefs.h + printf "%s\n" "#define _REENTRANT 1" >>confdefs.h ;; esac if test "$utmp_style" = "LEGACY"; then - { $as_echo "$as_me:${as_lineno-$LINENO}: checking for utmp file path" >&5 -$as_echo_n "checking for utmp file path... " >&6; } + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for utmp file path" >&5 +printf %s "checking for utmp file path... " >&6; } found=no for p in "/var/run/utmp" "/var/adm/utmp" "/etc/utmp"; do if test -r "$p"; then found=yes - { $as_echo "$as_me:${as_lineno-$LINENO}: result: $p" >&5 -$as_echo "$p" >&6; } + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $p" >&5 +printf "%s\n" "$p" >&6; } cat >>confdefs.h <&5 -$as_echo "not found" >&6; } + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: not found" >&5 +printf "%s\n" "not found" >&6; } fi fi - { $as_echo "$as_me:${as_lineno-$LINENO}: checking for log dir location" >&5 -$as_echo_n "checking for log dir location... " >&6; } + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for log dir location" >&5 +printf %s "checking for log dir location... " >&6; } if test "${with_logdir-yes}" != "yes"; then log_dir="$with_logdir" else @@ -26845,11 +29863,11 @@ EOF fi - { $as_echo "$as_me:${as_lineno-$LINENO}: result: $log_dir" >&5 -$as_echo "$log_dir" >&6; } + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $log_dir" >&5 +printf "%s\n" "$log_dir" >&6; } -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for log file location" >&5 -$as_echo_n "checking for log file location... " >&6; } +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for log file location" >&5 +printf %s "checking for log file location... " >&6; } if test "${with_logpath-yes}" != "yes"; then logpath="$with_logpath" else @@ -26861,15 +29879,38 @@ fi done fi - { $as_echo "$as_me:${as_lineno-$LINENO}: result: $logpath" >&5 -$as_echo "$logpath" >&6; } + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $logpath" >&5 +printf "%s\n" "$logpath" >&6; } cat >>confdefs.h <&5 -$as_echo_n "checking for sudo run dir location... " >&6; } + + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for sudo_logsrvd relay dir location" >&5 +printf %s "checking for sudo_logsrvd relay dir location... " >&6; } + if test "${with_relaydir-yes}" != "yes"; then + relay_dir="$with_relaydir" + else + # Default value of relay_dir set in configure.ac + for d in /var/log /var/adm /usr/adm; do + if test -d "$d"; then + relay_dir="$d/sudo_logsrvd" + break + fi + done + fi + if test "${with_relaydir}" != "no"; then + cat >>confdefs.h <&5 +printf "%s\n" "$relay_dir" >&6; } + +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for sudo run dir location" >&5 +printf %s "checking for sudo run dir location... " >&6; } if test -n "$with_rundir"; then rundir="$with_rundir" elif test -n "$runstatedir" && test "$runstatedir" != '${localstatedir}/run'; then @@ -26883,8 +29924,8 @@ fi done fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $rundir" >&5 -$as_echo "$rundir" >&6; } +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $rundir" >&5 +printf "%s\n" "$rundir" >&6; } cat >>confdefs.h <&5 -$as_echo_n "checking for sudo var dir location... " >&6; } +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for sudo var dir location" >&5 +printf %s "checking for sudo var dir location... " >&6; } vardir="$with_vardir" if test -z "$vardir"; then for d in /var/db /var/lib /var/adm /usr/adm; do @@ -26905,16 +29946,16 @@ fi done fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $vardir" >&5 -$as_echo "$vardir" >&6; } +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $vardir" >&5 +printf "%s\n" "$vardir" >&6; } cat >>confdefs.h <&5 -$as_echo_n "checking for I/O log dir location... " >&6; } + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for I/O log dir location" >&5 +printf %s "checking for I/O log dir location... " >&6; } if test "${with_iologdir-yes}" != "yes"; then iolog_dir="$with_iologdir" else @@ -26932,11 +29973,11 @@ EOF fi - { $as_echo "$as_me:${as_lineno-$LINENO}: result: $iolog_dir" >&5 -$as_echo "$iolog_dir" >&6; } + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $iolog_dir" >&5 +printf "%s\n" "$iolog_dir" >&6; } -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking time zone data directory" >&5 -$as_echo_n "checking time zone data directory... " >&6; } +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking time zone data directory" >&5 +printf %s "checking time zone data directory... " >&6; } tzdir="$with_tzdir" if test -z "$tzdir"; then tzdir=no @@ -26947,8 +29988,8 @@ fi done fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $tzdir" >&5 -$as_echo "$tzdir" >&6; } +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $tzdir" >&5 +printf "%s\n" "$tzdir" >&6; } if test "${tzdir}" != "no"; then cat >>confdefs.h <&5 + { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: : CPPFLAGS already contains -D_FORTIFY_SOURCE=2"; } >&5 (: CPPFLAGS already contains -D_FORTIFY_SOURCE=2) 2>&5 ac_status=$? - $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 test $ac_status = 0; } ;; #( *) : as_fn_append CPPFLAGS " -D_FORTIFY_SOURCE=2" - { { $as_echo "$as_me:${as_lineno-$LINENO}: : CPPFLAGS=\"\$CPPFLAGS\""; } >&5 + { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: : CPPFLAGS=\"\$CPPFLAGS\""; } >&5 (: CPPFLAGS="$CPPFLAGS") 2>&5 ac_status=$? - $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 test $ac_status = 0; } ;; esac -else +else $as_nop CPPFLAGS=-D_FORTIFY_SOURCE=2 - { { $as_echo "$as_me:${as_lineno-$LINENO}: : CPPFLAGS=\"\$CPPFLAGS\""; } >&5 + { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: : CPPFLAGS=\"\$CPPFLAGS\""; } >&5 (: CPPFLAGS="$CPPFLAGS") 2>&5 ac_status=$? - $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 test $ac_status = 0; } fi - { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether _FORTIFY_SOURCE may be specified" >&5 -$as_echo_n "checking whether _FORTIFY_SOURCE may be specified... " >&6; } -if ${sudo_cv_use_fortify_source+:} false; then : - $as_echo_n "(cached) " >&6 -else + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking whether _FORTIFY_SOURCE may be specified" >&5 +printf %s "checking whether _FORTIFY_SOURCE may be specified... " >&6; } +if test ${sudo_cv_use_fortify_source+y} +then : + printf %s "(cached) " >&6 +else $as_nop cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ int -main () +main (void) { char buf[4]; (void)sprintf(buf, "%s", "foo"); @@ -27009,39 +30052,41 @@ return 0; } _ACEOF -if ac_fn_c_try_link "$LINENO"; then : +if ac_fn_c_try_link "$LINENO" +then : sudo_cv_use_fortify_source=yes -else +else $as_nop sudo_cv_use_fortify_source=no fi -rm -f core conftest.err conftest.$ac_objext \ +rm -f core conftest.err conftest.$ac_objext conftest.beam \ conftest$ac_exeext conftest.$ac_ext cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ int -main () +main (void) { ; return 0; } _ACEOF -if ac_fn_c_try_link "$LINENO"; then : +if ac_fn_c_try_link "$LINENO" +then : sudo_cv_use_fortify_source=yes -else +else $as_nop sudo_cv_use_fortify_source=no fi -rm -f core conftest.err conftest.$ac_objext \ +rm -f core conftest.err conftest.$ac_objext conftest.beam \ conftest$ac_exeext conftest.$ac_ext fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $sudo_cv_use_fortify_source" >&5 -$as_echo "$sudo_cv_use_fortify_source" >&6; } +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $sudo_cv_use_fortify_source" >&5 +printf "%s\n" "$sudo_cv_use_fortify_source" >&6; } if test "$sudo_cv_use_fortify_source" != yes; then CPPFLAGS="$O_CPPFLAGS" fi @@ -27050,12 +30095,21 @@ ac_c_werror_flag=yes +ac_fn_c_check_header_compile "$LINENO" "sys/sysctl.h" "ac_cv_header_sys_sysctl_h" "$ac_includes_default" +if test "x$ac_cv_header_sys_sysctl_h" = xyes +then : + printf "%s\n" "#define HAVE_SYS_SYSCTL_H 1" >>confdefs.h + +fi + + if test -n "$GCC" -a "$lt_cv_prog_gnu_ld" != "yes" -a -n "$GCC"; then - { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether C compiler accepts -static-libgcc" >&5 -$as_echo_n "checking whether C compiler accepts -static-libgcc... " >&6; } -if ${ax_cv_check_cflags___static_libgcc+:} false; then : - $as_echo_n "(cached) " >&6 -else + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking whether C compiler accepts -static-libgcc" >&5 +printf %s "checking whether C compiler accepts -static-libgcc... " >&6; } +if test ${ax_cv_check_cflags___static_libgcc+y} +then : + printf %s "(cached) " >&6 +else $as_nop ax_check_save_flags=$CFLAGS CFLAGS="$CFLAGS -static-libgcc" @@ -27063,71 +30117,75 @@ /* end confdefs.h. */ int -main () +main (void) { ; return 0; } _ACEOF -if ac_fn_c_try_compile "$LINENO"; then : +if ac_fn_c_try_compile "$LINENO" +then : ax_cv_check_cflags___static_libgcc=yes -else +else $as_nop ax_cv_check_cflags___static_libgcc=no fi -rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext +rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext CFLAGS=$ax_check_save_flags fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ax_cv_check_cflags___static_libgcc" >&5 -$as_echo "$ax_cv_check_cflags___static_libgcc" >&6; } -if test x"$ax_cv_check_cflags___static_libgcc" = xyes; then : +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ax_cv_check_cflags___static_libgcc" >&5 +printf "%s\n" "$ax_cv_check_cflags___static_libgcc" >&6; } +if test x"$ax_cv_check_cflags___static_libgcc" = xyes +then : -if ${LT_LDFLAGS+:} false; then : +if test ${LT_LDFLAGS+y} +then : case " $LT_LDFLAGS " in #( *" -Wc,-static-libgcc "*) : - { { $as_echo "$as_me:${as_lineno-$LINENO}: : LT_LDFLAGS already contains -Wc,-static-libgcc"; } >&5 + { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: : LT_LDFLAGS already contains -Wc,-static-libgcc"; } >&5 (: LT_LDFLAGS already contains -Wc,-static-libgcc) 2>&5 ac_status=$? - $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 test $ac_status = 0; } ;; #( *) : as_fn_append LT_LDFLAGS " -Wc,-static-libgcc" - { { $as_echo "$as_me:${as_lineno-$LINENO}: : LT_LDFLAGS=\"\$LT_LDFLAGS\""; } >&5 + { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: : LT_LDFLAGS=\"\$LT_LDFLAGS\""; } >&5 (: LT_LDFLAGS="$LT_LDFLAGS") 2>&5 ac_status=$? - $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 test $ac_status = 0; } ;; esac -else +else $as_nop LT_LDFLAGS=-Wc,-static-libgcc - { { $as_echo "$as_me:${as_lineno-$LINENO}: : LT_LDFLAGS=\"\$LT_LDFLAGS\""; } >&5 + { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: : LT_LDFLAGS=\"\$LT_LDFLAGS\""; } >&5 (: LT_LDFLAGS="$LT_LDFLAGS") 2>&5 ac_status=$? - $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 test $ac_status = 0; } fi -else +else $as_nop : fi fi case "$OS" in - netbsd) + netbsd*) ;; *) - { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether the linker accepts -Wl,--enable-new-dtags" >&5 -$as_echo_n "checking whether the linker accepts -Wl,--enable-new-dtags... " >&6; } -if ${ax_cv_check_ldflags___Wl___enable_new_dtags+:} false; then : - $as_echo_n "(cached) " >&6 -else + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking whether the linker accepts -Wl,--enable-new-dtags" >&5 +printf %s "checking whether the linker accepts -Wl,--enable-new-dtags... " >&6; } +if test ${ax_cv_check_ldflags___Wl___enable_new_dtags+y} +then : + printf %s "(cached) " >&6 +else $as_nop ax_check_save_flags=$LDFLAGS LDFLAGS="$LDFLAGS -Wl,--enable-new-dtags" @@ -27135,70 +30193,146 @@ /* end confdefs.h. */ int -main () +main (void) { ; return 0; } _ACEOF -if ac_fn_c_try_link "$LINENO"; then : +if ac_fn_c_try_link "$LINENO" +then : ax_cv_check_ldflags___Wl___enable_new_dtags=yes -else +else $as_nop ax_cv_check_ldflags___Wl___enable_new_dtags=no fi -rm -f core conftest.err conftest.$ac_objext \ +rm -f core conftest.err conftest.$ac_objext conftest.beam \ conftest$ac_exeext conftest.$ac_ext LDFLAGS=$ax_check_save_flags fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ax_cv_check_ldflags___Wl___enable_new_dtags" >&5 -$as_echo "$ax_cv_check_ldflags___Wl___enable_new_dtags" >&6; } -if test x"$ax_cv_check_ldflags___Wl___enable_new_dtags" = xyes; then : +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ax_cv_check_ldflags___Wl___enable_new_dtags" >&5 +printf "%s\n" "$ax_cv_check_ldflags___Wl___enable_new_dtags" >&6; } +if test x"$ax_cv_check_ldflags___Wl___enable_new_dtags" = xyes +then : -if ${LDFLAGS+:} false; then : +if test ${LDFLAGS+y} +then : case " $LDFLAGS " in #( *" -Wl,--enable-new-dtags "*) : - { { $as_echo "$as_me:${as_lineno-$LINENO}: : LDFLAGS already contains -Wl,--enable-new-dtags"; } >&5 + { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: : LDFLAGS already contains -Wl,--enable-new-dtags"; } >&5 (: LDFLAGS already contains -Wl,--enable-new-dtags) 2>&5 ac_status=$? - $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 test $ac_status = 0; } ;; #( *) : as_fn_append LDFLAGS " -Wl,--enable-new-dtags" - { { $as_echo "$as_me:${as_lineno-$LINENO}: : LDFLAGS=\"\$LDFLAGS\""; } >&5 + { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: : LDFLAGS=\"\$LDFLAGS\""; } >&5 (: LDFLAGS="$LDFLAGS") 2>&5 ac_status=$? - $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 test $ac_status = 0; } ;; esac -else +else $as_nop LDFLAGS=-Wl,--enable-new-dtags - { { $as_echo "$as_me:${as_lineno-$LINENO}: : LDFLAGS=\"\$LDFLAGS\""; } >&5 + { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: : LDFLAGS=\"\$LDFLAGS\""; } >&5 (: LDFLAGS="$LDFLAGS") 2>&5 ac_status=$? - $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 test $ac_status = 0; } fi -else +else $as_nop : fi ;; esac +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking whether the linker accepts -Wl,--allow-multiple-definition" >&5 +printf %s "checking whether the linker accepts -Wl,--allow-multiple-definition... " >&6; } +if test ${ax_cv_check_ldflags___Wl___allow_multiple_definition+y} +then : + printf %s "(cached) " >&6 +else $as_nop + + ax_check_save_flags=$LDFLAGS + LDFLAGS="$LDFLAGS -Wl,--allow-multiple-definition" + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +int +main (void) +{ + + ; + return 0; +} +_ACEOF +if ac_fn_c_try_link "$LINENO" +then : + ax_cv_check_ldflags___Wl___allow_multiple_definition=yes +else $as_nop + ax_cv_check_ldflags___Wl___allow_multiple_definition=no +fi +rm -f core conftest.err conftest.$ac_objext conftest.beam \ + conftest$ac_exeext conftest.$ac_ext + LDFLAGS=$ax_check_save_flags +fi +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ax_cv_check_ldflags___Wl___allow_multiple_definition" >&5 +printf "%s\n" "$ax_cv_check_ldflags___Wl___allow_multiple_definition" >&6; } +if test x"$ax_cv_check_ldflags___Wl___allow_multiple_definition" = xyes +then : + +if test ${LDFLAGS+y} +then : + + case " $LDFLAGS " in #( + *" -Wl,--allow-multiple-definition "*) : + { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: : LDFLAGS already contains -Wl,--allow-multiple-definition"; } >&5 + (: LDFLAGS already contains -Wl,--allow-multiple-definition) 2>&5 + ac_status=$? + printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + test $ac_status = 0; } ;; #( + *) : + + as_fn_append LDFLAGS " -Wl,--allow-multiple-definition" + { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: : LDFLAGS=\"\$LDFLAGS\""; } >&5 + (: LDFLAGS="$LDFLAGS") 2>&5 + ac_status=$? + printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + test $ac_status = 0; } + ;; +esac + +else $as_nop + + LDFLAGS=-Wl,--allow-multiple-definition + { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: : LDFLAGS=\"\$LDFLAGS\""; } >&5 + (: LDFLAGS="$LDFLAGS") 2>&5 + ac_status=$? + printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + test $ac_status = 0; } + +fi + +else $as_nop + : +fi + + if test -n "$GCC"; then - { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether C compiler accepts -fvisibility=hidden" >&5 -$as_echo_n "checking whether C compiler accepts -fvisibility=hidden... " >&6; } -if ${ax_cv_check_cflags___fvisibility_hidden+:} false; then : - $as_echo_n "(cached) " >&6 -else + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking whether C compiler accepts -fvisibility=hidden" >&5 +printf %s "checking whether C compiler accepts -fvisibility=hidden... " >&6; } +if test ${ax_cv_check_cflags___fvisibility_hidden+y} +then : + printf %s "(cached) " >&6 +else $as_nop ax_check_save_flags=$CFLAGS CFLAGS="$CFLAGS -fvisibility=hidden" @@ -27206,43 +30340,46 @@ /* end confdefs.h. */ int -main () +main (void) { ; return 0; } _ACEOF -if ac_fn_c_try_compile "$LINENO"; then : +if ac_fn_c_try_compile "$LINENO" +then : ax_cv_check_cflags___fvisibility_hidden=yes -else +else $as_nop ax_cv_check_cflags___fvisibility_hidden=no fi -rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext +rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext CFLAGS=$ax_check_save_flags fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ax_cv_check_cflags___fvisibility_hidden" >&5 -$as_echo "$ax_cv_check_cflags___fvisibility_hidden" >&6; } -if test x"$ax_cv_check_cflags___fvisibility_hidden" = xyes; then : +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ax_cv_check_cflags___fvisibility_hidden" >&5 +printf "%s\n" "$ax_cv_check_cflags___fvisibility_hidden" >&6; } +if test x"$ax_cv_check_cflags___fvisibility_hidden" = xyes +then : - $as_echo "#define HAVE_DSO_VISIBILITY 1" >>confdefs.h + printf "%s\n" "#define HAVE_DSO_VISIBILITY 1" >>confdefs.h CFLAGS="${CFLAGS} -fvisibility=hidden" LT_LDEXPORTS= LT_LDDEP= -else +else $as_nop : fi else case "$host_os" in - hpux*) - { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether C compiler accepts -Bhidden_def" >&5 -$as_echo_n "checking whether C compiler accepts -Bhidden_def... " >&6; } -if ${ax_cv_check_cflags___Bhidden_def+:} false; then : - $as_echo_n "(cached) " >&6 -else + hpux*|hiuxmpp*) + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking whether C compiler accepts -Bhidden_def" >&5 +printf %s "checking whether C compiler accepts -Bhidden_def... " >&6; } +if test ${ax_cv_check_cflags___Bhidden_def+y} +then : + printf %s "(cached) " >&6 +else $as_nop ax_check_save_flags=$CFLAGS CFLAGS="$CFLAGS -Bhidden_def" @@ -27250,33 +30387,36 @@ /* end confdefs.h. */ int -main () +main (void) { ; return 0; } _ACEOF -if ac_fn_c_try_compile "$LINENO"; then : +if ac_fn_c_try_compile "$LINENO" +then : ax_cv_check_cflags___Bhidden_def=yes -else +else $as_nop ax_cv_check_cflags___Bhidden_def=no fi -rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext +rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext CFLAGS=$ax_check_save_flags fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ax_cv_check_cflags___Bhidden_def" >&5 -$as_echo "$ax_cv_check_cflags___Bhidden_def" >&6; } -if test x"$ax_cv_check_cflags___Bhidden_def" = xyes; then : +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ax_cv_check_cflags___Bhidden_def" >&5 +printf "%s\n" "$ax_cv_check_cflags___Bhidden_def" >&6; } +if test x"$ax_cv_check_cflags___Bhidden_def" = xyes +then : # HP-UX cc may not allow __declspec(dllexport) to be # used in conjunction with #pragma HP_DEFINED_EXTERNAL # when redefining standard libc functions. - { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether __declspec(dllexport) can be used when overriding libc functions" >&5 -$as_echo_n "checking whether __declspec(dllexport) can be used when overriding libc functions... " >&6; } -if ${sudo_cv_var_hpux_declspec_libc_function+:} false; then : - $as_echo_n "(cached) " >&6 -else + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking whether __declspec(dllexport) can be used when overriding libc functions" >&5 +printf %s "checking whether __declspec(dllexport) can be used when overriding libc functions... " >&6; } +if test ${sudo_cv_var_hpux_declspec_libc_function+y} +then : + printf %s "(cached) " >&6 +else $as_nop _CFLAGS="$CFLAGS" CFLAGS="${CFLAGS} -Bhidden_def" @@ -27285,41 +30425,43 @@ #include __declspec(dllexport) char * getenv(const char *n) { return NULL; } _ACEOF -if ac_fn_c_try_compile "$LINENO"; then : +if ac_fn_c_try_compile "$LINENO" +then : sudo_cv_var_hpux_declspec_libc_function=yes -else +else $as_nop sudo_cv_var_hpux_declspec_libc_function=no fi -rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext +rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext CFLAGS="$_CFLAGS" fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $sudo_cv_var_hpux_declspec_libc_function" >&5 -$as_echo "$sudo_cv_var_hpux_declspec_libc_function" >&6; } +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $sudo_cv_var_hpux_declspec_libc_function" >&5 +printf "%s\n" "$sudo_cv_var_hpux_declspec_libc_function" >&6; } if test "$sudo_cv_var_hpux_declspec_libc_function" = "yes"; then - $as_echo "#define HAVE_DSO_VISIBILITY 1" >>confdefs.h + printf "%s\n" "#define HAVE_DSO_VISIBILITY 1" >>confdefs.h CFLAGS="${CFLAGS} -Bhidden_def" LT_LDEXPORTS= LT_LDDEP= fi -else +else $as_nop : fi ;; solaris2*) - { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether C compiler accepts -xldscope=hidden" >&5 -$as_echo_n "checking whether C compiler accepts -xldscope=hidden... " >&6; } -if ${ax_cv_check_cflags___xldscope_hidden+:} false; then : - $as_echo_n "(cached) " >&6 -else + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking whether C compiler accepts -xldscope=hidden" >&5 +printf %s "checking whether C compiler accepts -xldscope=hidden... " >&6; } +if test ${ax_cv_check_cflags___xldscope_hidden+y} +then : + printf %s "(cached) " >&6 +else $as_nop ax_check_save_flags=$CFLAGS CFLAGS="$CFLAGS -xldscope=hidden" @@ -27327,32 +30469,34 @@ /* end confdefs.h. */ int -main () +main (void) { ; return 0; } _ACEOF -if ac_fn_c_try_compile "$LINENO"; then : +if ac_fn_c_try_compile "$LINENO" +then : ax_cv_check_cflags___xldscope_hidden=yes -else +else $as_nop ax_cv_check_cflags___xldscope_hidden=no fi -rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext +rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext CFLAGS=$ax_check_save_flags fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ax_cv_check_cflags___xldscope_hidden" >&5 -$as_echo "$ax_cv_check_cflags___xldscope_hidden" >&6; } -if test x"$ax_cv_check_cflags___xldscope_hidden" = xyes; then : +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ax_cv_check_cflags___xldscope_hidden" >&5 +printf "%s\n" "$ax_cv_check_cflags___xldscope_hidden" >&6; } +if test x"$ax_cv_check_cflags___xldscope_hidden" = xyes +then : - $as_echo "#define HAVE_DSO_VISIBILITY 1" >>confdefs.h + printf "%s\n" "#define HAVE_DSO_VISIBILITY 1" >>confdefs.h CFLAGS="${CFLAGS} -xldscope=hidden" LT_LDEXPORTS= LT_LDDEP= -else +else $as_nop : fi @@ -27361,11 +30505,12 @@ fi if test "$lt_cv_prog_gnu_ld" = "yes"; then - { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether ld supports anonymous map files" >&5 -$as_echo_n "checking whether ld supports anonymous map files... " >&6; } -if ${sudo_cv_var_gnu_ld_anon_map+:} false; then : - $as_echo_n "(cached) " >&6 -else + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking whether ld supports anonymous map files" >&5 +printf %s "checking whether ld supports anonymous map files... " >&6; } +if test ${sudo_cv_var_gnu_ld_anon_map+y} +then : + printf %s "(cached) " >&6 +else $as_nop sudo_cv_var_gnu_ld_anon_map=no cat > conftest.map <<-EOF @@ -27382,36 +30527,38 @@ /* end confdefs.h. */ int foo; int -main () +main (void) { ; return 0; } _ACEOF -if ac_fn_c_try_link "$LINENO"; then : +if ac_fn_c_try_link "$LINENO" +then : sudo_cv_var_gnu_ld_anon_map=yes fi -rm -f core conftest.err conftest.$ac_objext \ +rm -f core conftest.err conftest.$ac_objext conftest.beam \ conftest$ac_exeext conftest.$ac_ext CFLAGS="$_CFLAGS" LDFLAGS="$_LDFLAGS" fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $sudo_cv_var_gnu_ld_anon_map" >&5 -$as_echo "$sudo_cv_var_gnu_ld_anon_map" >&6; } +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $sudo_cv_var_gnu_ld_anon_map" >&5 +printf "%s\n" "$sudo_cv_var_gnu_ld_anon_map" >&6; } if test "$sudo_cv_var_gnu_ld_anon_map" = "yes"; then LT_LDDEP="\$(shlib_map)"; LT_LDEXPORTS="-Wl,--version-script,\$(shlib_map)" fi else case "$host_os" in solaris2*) - { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether ld supports anonymous map files" >&5 -$as_echo_n "checking whether ld supports anonymous map files... " >&6; } -if ${sudo_cv_var_solaris_ld_anon_map+:} false; then : - $as_echo_n "(cached) " >&6 -else + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking whether ld supports anonymous map files" >&5 +printf %s "checking whether ld supports anonymous map files... " >&6; } +if test ${sudo_cv_var_solaris_ld_anon_map+y} +then : + printf %s "(cached) " >&6 +else $as_nop sudo_cv_var_solaris_ld_anon_map=no cat > conftest.map <<-EOF @@ -27428,35 +30575,37 @@ /* end confdefs.h. */ int foo; int -main () +main (void) { ; return 0; } _ACEOF -if ac_fn_c_try_link "$LINENO"; then : +if ac_fn_c_try_link "$LINENO" +then : sudo_cv_var_solaris_ld_anon_map=yes fi -rm -f core conftest.err conftest.$ac_objext \ +rm -f core conftest.err conftest.$ac_objext conftest.beam \ conftest$ac_exeext conftest.$ac_ext CFLAGS="$_CFLAGS" LDFLAGS="$_LDFLAGS" fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $sudo_cv_var_solaris_ld_anon_map" >&5 -$as_echo "$sudo_cv_var_solaris_ld_anon_map" >&6; } +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $sudo_cv_var_solaris_ld_anon_map" >&5 +printf "%s\n" "$sudo_cv_var_solaris_ld_anon_map" >&6; } if test "$sudo_cv_var_solaris_ld_anon_map" = "yes"; then LT_LDDEP="\$(shlib_map)"; LT_LDEXPORTS="-Wl,-M,\$(shlib_map)" fi ;; - hpux*) - { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether ld supports controlling exported symbols" >&5 -$as_echo_n "checking whether ld supports controlling exported symbols... " >&6; } -if ${sudo_cv_var_hpux_ld_symbol_export+:} false; then : - $as_echo_n "(cached) " >&6 -else + hpux*|hiuxmpp*) + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking whether ld supports controlling exported symbols" >&5 +printf %s "checking whether ld supports controlling exported symbols... " >&6; } +if test ${sudo_cv_var_hpux_ld_symbol_export+y} +then : + printf %s "(cached) " >&6 +else $as_nop sudo_cv_var_hpux_ld_symbol_export=no echo "+e foo" > conftest.opt @@ -27472,17 +30621,18 @@ /* end confdefs.h. */ int foo; int -main () +main (void) { ; return 0; } _ACEOF -if ac_fn_c_try_link "$LINENO"; then : +if ac_fn_c_try_link "$LINENO" +then : sudo_cv_var_hpux_ld_symbol_export=yes fi -rm -f core conftest.err conftest.$ac_objext \ +rm -f core conftest.err conftest.$ac_objext conftest.beam \ conftest$ac_exeext conftest.$ac_ext CFLAGS="$_CFLAGS" LDFLAGS="$_LDFLAGS" @@ -27490,8 +30640,8 @@ fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $sudo_cv_var_hpux_ld_symbol_export" >&5 -$as_echo "$sudo_cv_var_hpux_ld_symbol_export" >&6; } +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $sudo_cv_var_hpux_ld_symbol_export" >&5 +printf "%s\n" "$sudo_cv_var_hpux_ld_symbol_export" >&6; } if test "$sudo_cv_var_hpux_ld_symbol_export" = "yes"; then LT_LDDEP="\$(shlib_opt)"; LT_LDEXPORTS="-Wl,-c,\$(shlib_opt)" fi @@ -27499,77 +30649,380 @@ esac fi -if test "$enable_asan" = "yes"; then - { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether C compiler accepts -fsanitize=address -fsanitize=undefined" >&5 -$as_echo_n "checking whether C compiler accepts -fsanitize=address -fsanitize=undefined... " >&6; } -if ${ax_cv_check_cflags___fsanitize_address__fsanitize_undefined+:} false; then : - $as_echo_n "(cached) " >&6 -else +if test "$enable_sanitizer" != "no"; then + as_CACHEVAR=`printf "%s\n" "ax_cv_check_cflags__$enable_sanitizer" | $as_tr_sh` +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking whether C compiler accepts $enable_sanitizer" >&5 +printf %s "checking whether C compiler accepts $enable_sanitizer... " >&6; } +if eval test \${$as_CACHEVAR+y} +then : + printf %s "(cached) " >&6 +else $as_nop ax_check_save_flags=$CFLAGS - CFLAGS="$CFLAGS -fsanitize=address -fsanitize=undefined" + CFLAGS="$CFLAGS $enable_sanitizer" cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ int -main () +main (void) { ; return 0; } _ACEOF -if ac_fn_c_try_compile "$LINENO"; then : - ax_cv_check_cflags___fsanitize_address__fsanitize_undefined=yes -else - ax_cv_check_cflags___fsanitize_address__fsanitize_undefined=no +if ac_fn_c_try_compile "$LINENO" +then : + eval "$as_CACHEVAR=yes" +else $as_nop + eval "$as_CACHEVAR=no" fi -rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext +rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext CFLAGS=$ax_check_save_flags fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ax_cv_check_cflags___fsanitize_address__fsanitize_undefined" >&5 -$as_echo "$ax_cv_check_cflags___fsanitize_address__fsanitize_undefined" >&6; } -if test x"$ax_cv_check_cflags___fsanitize_address__fsanitize_undefined" = xyes; then : - - { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether the linker accepts -fsanitize=address -fsanitize=undefined" >&5 -$as_echo_n "checking whether the linker accepts -fsanitize=address -fsanitize=undefined... " >&6; } -if ${ax_cv_check_ldflags___fsanitize_address__fsanitize_undefined+:} false; then : - $as_echo_n "(cached) " >&6 -else +eval ac_res=\$$as_CACHEVAR + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_res" >&5 +printf "%s\n" "$ac_res" >&6; } +if test x"`eval 'as_val=${'$as_CACHEVAR'};printf "%s\n" "$as_val"'`" = xyes +then : + + +if test ${ASAN_CFLAGS+y} +then : + + case " $ASAN_CFLAGS " in #( + *" $enable_sanitizer "*) : + { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: : ASAN_CFLAGS already contains \$enable_sanitizer"; } >&5 + (: ASAN_CFLAGS already contains $enable_sanitizer) 2>&5 + ac_status=$? + printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + test $ac_status = 0; } ;; #( + *) : - ax_check_save_flags=$LDFLAGS - LDFLAGS="$LDFLAGS -fsanitize=address -fsanitize=undefined" + as_fn_append ASAN_CFLAGS " $enable_sanitizer" + { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: : ASAN_CFLAGS=\"\$ASAN_CFLAGS\""; } >&5 + (: ASAN_CFLAGS="$ASAN_CFLAGS") 2>&5 + ac_status=$? + printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + test $ac_status = 0; } + ;; +esac + +else $as_nop + + ASAN_CFLAGS=$enable_sanitizer + { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: : ASAN_CFLAGS=\"\$ASAN_CFLAGS\""; } >&5 + (: ASAN_CFLAGS="$ASAN_CFLAGS") 2>&5 + ac_status=$? + printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + test $ac_status = 0; } + +fi + + +if test ${ASAN_LDFLAGS+y} +then : + + case " $ASAN_LDFLAGS " in #( + *" -XCClinker "*) : + { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: : ASAN_LDFLAGS already contains -XCClinker"; } >&5 + (: ASAN_LDFLAGS already contains -XCClinker) 2>&5 + ac_status=$? + printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + test $ac_status = 0; } ;; #( + *) : + + as_fn_append ASAN_LDFLAGS " -XCClinker" + { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: : ASAN_LDFLAGS=\"\$ASAN_LDFLAGS\""; } >&5 + (: ASAN_LDFLAGS="$ASAN_LDFLAGS") 2>&5 + ac_status=$? + printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + test $ac_status = 0; } + ;; +esac + +else $as_nop + + ASAN_LDFLAGS=-XCClinker + { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: : ASAN_LDFLAGS=\"\$ASAN_LDFLAGS\""; } >&5 + (: ASAN_LDFLAGS="$ASAN_LDFLAGS") 2>&5 + ac_status=$? + printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + test $ac_status = 0; } + +fi + + +if test ${ASAN_LDFLAGS+y} +then : + + case " $ASAN_LDFLAGS " in #( + *" $enable_sanitizer "*) : + { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: : ASAN_LDFLAGS already contains \$enable_sanitizer"; } >&5 + (: ASAN_LDFLAGS already contains $enable_sanitizer) 2>&5 + ac_status=$? + printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + test $ac_status = 0; } ;; #( + *) : + + as_fn_append ASAN_LDFLAGS " $enable_sanitizer" + { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: : ASAN_LDFLAGS=\"\$ASAN_LDFLAGS\""; } >&5 + (: ASAN_LDFLAGS="$ASAN_LDFLAGS") 2>&5 + ac_status=$? + printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + test $ac_status = 0; } + ;; +esac + +else $as_nop + + ASAN_LDFLAGS=$enable_sanitizer + { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: : ASAN_LDFLAGS=\"\$ASAN_LDFLAGS\""; } >&5 + (: ASAN_LDFLAGS="$ASAN_LDFLAGS") 2>&5 + ac_status=$? + printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + test $ac_status = 0; } + +fi + + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking whether C compiler accepts -fno-omit-frame-pointer" >&5 +printf %s "checking whether C compiler accepts -fno-omit-frame-pointer... " >&6; } +if test ${ax_cv_check_cflags___fno_omit_frame_pointer+y} +then : + printf %s "(cached) " >&6 +else $as_nop + + ax_check_save_flags=$CFLAGS + CFLAGS="$CFLAGS -fno-omit-frame-pointer" cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ int -main () +main (void) { ; return 0; } _ACEOF -if ac_fn_c_try_link "$LINENO"; then : - ax_cv_check_ldflags___fsanitize_address__fsanitize_undefined=yes -else - ax_cv_check_ldflags___fsanitize_address__fsanitize_undefined=no +if ac_fn_c_try_compile "$LINENO" +then : + ax_cv_check_cflags___fno_omit_frame_pointer=yes +else $as_nop + ax_cv_check_cflags___fno_omit_frame_pointer=no fi -rm -f core conftest.err conftest.$ac_objext \ - conftest$ac_exeext conftest.$ac_ext - LDFLAGS=$ax_check_save_flags +rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext + CFLAGS=$ax_check_save_flags fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ax_cv_check_ldflags___fsanitize_address__fsanitize_undefined" >&5 -$as_echo "$ax_cv_check_ldflags___fsanitize_address__fsanitize_undefined" >&6; } -if test x"$ax_cv_check_ldflags___fsanitize_address__fsanitize_undefined" = xyes; then : - - ASAN_LDFLAGS="-Wc,-fsanitize=address -Wc,-fsanitize=undefined" - ASAN_CFLAGS="-fsanitize=address -fsanitize=undefined" - { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether C compiler accepts -fno-omit-frame-pointer" >&5 -$as_echo_n "checking whether C compiler accepts -fno-omit-frame-pointer... " >&6; } -if ${ax_cv_check_cflags___fno_omit_frame_pointer+:} false; then : - $as_echo_n "(cached) " >&6 -else +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ax_cv_check_cflags___fno_omit_frame_pointer" >&5 +printf "%s\n" "$ax_cv_check_cflags___fno_omit_frame_pointer" >&6; } +if test x"$ax_cv_check_cflags___fno_omit_frame_pointer" = xyes +then : + + +if test ${CFLAGS+y} +then : + + case " $CFLAGS " in #( + *" -fno-omit-frame-pointer "*) : + { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: : CFLAGS already contains -fno-omit-frame-pointer"; } >&5 + (: CFLAGS already contains -fno-omit-frame-pointer) 2>&5 + ac_status=$? + printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + test $ac_status = 0; } ;; #( + *) : + + as_fn_append CFLAGS " -fno-omit-frame-pointer" + { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: : CFLAGS=\"\$CFLAGS\""; } >&5 + (: CFLAGS="$CFLAGS") 2>&5 + ac_status=$? + printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + test $ac_status = 0; } + ;; +esac + +else $as_nop + + CFLAGS=-fno-omit-frame-pointer + { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: : CFLAGS=\"\$CFLAGS\""; } >&5 + (: CFLAGS="$CFLAGS") 2>&5 + ac_status=$? + printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + test $ac_status = 0; } + +fi + + +else $as_nop + : +fi + + printf "%s\n" "#define NO_LEAKS 1" >>confdefs.h + + case `$CC --version 2>&1` in + *gcc*) + libasan=`$CC -print-file-name=libasan.so 2>/dev/null` + if test -n "$libasan" -a X"$libasan" != X"libasan.so"; then + # libasan.so may be a linker script + libasan="`awk 'BEGIN {lib=ARGV[1]} /^INPUT/ {lib=$3} END {print lib}' \"$libasan\"`" + cat >>confdefs.h <&5 +printf %s "checking whether C compiler accepts -fsanitize=fuzzer-no-link... " >&6; } +if test ${ax_cv_check_cflags___fsanitize_fuzzer_no_link+y} +then : + printf %s "(cached) " >&6 +else $as_nop + + ax_check_save_flags=$CFLAGS + CFLAGS="$CFLAGS -fsanitize=fuzzer-no-link" + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +int +main (void) +{ + + ; + return 0; +} +_ACEOF +if ac_fn_c_try_compile "$LINENO" +then : + ax_cv_check_cflags___fsanitize_fuzzer_no_link=yes +else $as_nop + ax_cv_check_cflags___fsanitize_fuzzer_no_link=no +fi +rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext + CFLAGS=$ax_check_save_flags +fi +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ax_cv_check_cflags___fsanitize_fuzzer_no_link" >&5 +printf "%s\n" "$ax_cv_check_cflags___fsanitize_fuzzer_no_link" >&6; } +if test x"$ax_cv_check_cflags___fsanitize_fuzzer_no_link" = xyes +then : + + +if test ${ASAN_CFLAGS+y} +then : + + case " $ASAN_CFLAGS " in #( + *" -fsanitize=fuzzer-no-link "*) : + { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: : ASAN_CFLAGS already contains -fsanitize=fuzzer-no-link"; } >&5 + (: ASAN_CFLAGS already contains -fsanitize=fuzzer-no-link) 2>&5 + ac_status=$? + printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + test $ac_status = 0; } ;; #( + *) : + + as_fn_append ASAN_CFLAGS " -fsanitize=fuzzer-no-link" + { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: : ASAN_CFLAGS=\"\$ASAN_CFLAGS\""; } >&5 + (: ASAN_CFLAGS="$ASAN_CFLAGS") 2>&5 + ac_status=$? + printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + test $ac_status = 0; } + ;; +esac + +else $as_nop + + ASAN_CFLAGS=-fsanitize=fuzzer-no-link + { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: : ASAN_CFLAGS=\"\$ASAN_CFLAGS\""; } >&5 + (: ASAN_CFLAGS="$ASAN_CFLAGS") 2>&5 + ac_status=$? + printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + test $ac_status = 0; } + +fi + + +if test ${ASAN_LDFLAGS+y} +then : + + case " $ASAN_LDFLAGS " in #( + *" -XCClinker "*) : + { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: : ASAN_LDFLAGS already contains -XCClinker"; } >&5 + (: ASAN_LDFLAGS already contains -XCClinker) 2>&5 + ac_status=$? + printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + test $ac_status = 0; } ;; #( + *) : + + as_fn_append ASAN_LDFLAGS " -XCClinker" + { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: : ASAN_LDFLAGS=\"\$ASAN_LDFLAGS\""; } >&5 + (: ASAN_LDFLAGS="$ASAN_LDFLAGS") 2>&5 + ac_status=$? + printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + test $ac_status = 0; } + ;; +esac + +else $as_nop + + ASAN_LDFLAGS=-XCClinker + { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: : ASAN_LDFLAGS=\"\$ASAN_LDFLAGS\""; } >&5 + (: ASAN_LDFLAGS="$ASAN_LDFLAGS") 2>&5 + ac_status=$? + printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + test $ac_status = 0; } + +fi + + +if test ${ASAN_LDFLAGS+y} +then : + + case " $ASAN_LDFLAGS " in #( + *" -fsanitize=fuzzer-no-link "*) : + { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: : ASAN_LDFLAGS already contains -fsanitize=fuzzer-no-link"; } >&5 + (: ASAN_LDFLAGS already contains -fsanitize=fuzzer-no-link) 2>&5 + ac_status=$? + printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + test $ac_status = 0; } ;; #( + *) : + + as_fn_append ASAN_LDFLAGS " -fsanitize=fuzzer-no-link" + { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: : ASAN_LDFLAGS=\"\$ASAN_LDFLAGS\""; } >&5 + (: ASAN_LDFLAGS="$ASAN_LDFLAGS") 2>&5 + ac_status=$? + printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + test $ac_status = 0; } + ;; +esac + +else $as_nop + + ASAN_LDFLAGS=-fsanitize=fuzzer-no-link + { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: : ASAN_LDFLAGS=\"\$ASAN_LDFLAGS\""; } >&5 + (: ASAN_LDFLAGS="$ASAN_LDFLAGS") 2>&5 + ac_status=$? + printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + test $ac_status = 0; } + +fi + + if test -z "$FUZZ_ENGINE"; then + FUZZ_ENGINE="-fsanitize=fuzzer" + fi + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking whether C compiler accepts -fno-omit-frame-pointer" >&5 +printf %s "checking whether C compiler accepts -fno-omit-frame-pointer... " >&6; } +if test ${ax_cv_check_cflags___fno_omit_frame_pointer+y} +then : + printf %s "(cached) " >&6 +else $as_nop ax_check_save_flags=$CFLAGS CFLAGS="$CFLAGS -fno-omit-frame-pointer" @@ -27577,43 +31030,111 @@ /* end confdefs.h. */ int -main () +main (void) { ; return 0; } _ACEOF -if ac_fn_c_try_compile "$LINENO"; then : +if ac_fn_c_try_compile "$LINENO" +then : ax_cv_check_cflags___fno_omit_frame_pointer=yes -else +else $as_nop ax_cv_check_cflags___fno_omit_frame_pointer=no fi -rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext +rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext CFLAGS=$ax_check_save_flags fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ax_cv_check_cflags___fno_omit_frame_pointer" >&5 -$as_echo "$ax_cv_check_cflags___fno_omit_frame_pointer" >&6; } -if test x"$ax_cv_check_cflags___fno_omit_frame_pointer" = xyes; then : +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ax_cv_check_cflags___fno_omit_frame_pointer" >&5 +printf "%s\n" "$ax_cv_check_cflags___fno_omit_frame_pointer" >&6; } +if test x"$ax_cv_check_cflags___fno_omit_frame_pointer" = xyes +then : - CFLAGS="$CFLAGS -fno-omit-frame-pointer" -else +if test ${CFLAGS+y} +then : + + case " $CFLAGS " in #( + *" -fno-omit-frame-pointer "*) : + { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: : CFLAGS already contains -fno-omit-frame-pointer"; } >&5 + (: CFLAGS already contains -fno-omit-frame-pointer) 2>&5 + ac_status=$? + printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + test $ac_status = 0; } ;; #( + *) : + + as_fn_append CFLAGS " -fno-omit-frame-pointer" + { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: : CFLAGS=\"\$CFLAGS\""; } >&5 + (: CFLAGS="$CFLAGS") 2>&5 + ac_status=$? + printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + test $ac_status = 0; } + ;; +esac + +else $as_nop + + CFLAGS=-fno-omit-frame-pointer + { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: : CFLAGS=\"\$CFLAGS\""; } >&5 + (: CFLAGS="$CFLAGS") 2>&5 + ac_status=$? + printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + test $ac_status = 0; } + +fi + + +else $as_nop : fi - $as_echo "#define NO_LEAKS 1" >>confdefs.h + # Use CFLAGS, not CPPFLAGS to match oss-fuzz behavior +if test ${CFLAGS+y} +then : + + case " $CFLAGS " in #( + *" -DFUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION "*) : + { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: : CFLAGS already contains -DFUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION"; } >&5 + (: CFLAGS already contains -DFUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION) 2>&5 + ac_status=$? + printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + test $ac_status = 0; } ;; #( + *) : + + as_fn_append CFLAGS " -DFUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION" + { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: : CFLAGS=\"\$CFLAGS\""; } >&5 + (: CFLAGS="$CFLAGS") 2>&5 + ac_status=$? + printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + test $ac_status = 0; } + ;; +esac + +else $as_nop + + CFLAGS=-DFUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION + { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: : CFLAGS=\"\$CFLAGS\""; } >&5 + (: CFLAGS="$CFLAGS") 2>&5 + ac_status=$? + printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + test $ac_status = 0; } -else - : fi + printf "%s\n" "#define NO_LEAKS 1" >>confdefs.h + + +else $as_nop + + as_fn_error $? "$CC does not support the -fsanitize=fuzzer-no-link flag" "$LINENO" 5 -else - : fi +else + # Not using compiler fuzzing support, link with stub library. + FUZZ_ENGINE='$(top_builddir)/lib/fuzzstub/libsudo_fuzzstub.la' fi if test -n "$GCC"; then @@ -27627,11 +31148,12 @@ fi if test -n "$enable_pie"; then if test "$enable_pie" = "no"; then - { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether C compiler accepts -fno-pie" >&5 -$as_echo_n "checking whether C compiler accepts -fno-pie... " >&6; } -if ${ax_cv_check_cflags___fno_pie+:} false; then : - $as_echo_n "(cached) " >&6 -else + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking whether C compiler accepts -fno-pie" >&5 +printf %s "checking whether C compiler accepts -fno-pie... " >&6; } +if test ${ax_cv_check_cflags___fno_pie+y} +then : + printf %s "(cached) " >&6 +else $as_nop ax_check_save_flags=$CFLAGS CFLAGS="$CFLAGS -fno-pie" @@ -27639,32 +31161,35 @@ /* end confdefs.h. */ int -main () +main (void) { ; return 0; } _ACEOF -if ac_fn_c_try_compile "$LINENO"; then : +if ac_fn_c_try_compile "$LINENO" +then : ax_cv_check_cflags___fno_pie=yes -else +else $as_nop ax_cv_check_cflags___fno_pie=no fi -rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext +rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext CFLAGS=$ax_check_save_flags fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ax_cv_check_cflags___fno_pie" >&5 -$as_echo "$ax_cv_check_cflags___fno_pie" >&6; } -if test x"$ax_cv_check_cflags___fno_pie" = xyes; then : +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ax_cv_check_cflags___fno_pie" >&5 +printf "%s\n" "$ax_cv_check_cflags___fno_pie" >&6; } +if test x"$ax_cv_check_cflags___fno_pie" = xyes +then : _CFLAGS="$CFLAGS" CFLAGS="$CFLAGS -fno-pie" - { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether the linker accepts -nopie" >&5 -$as_echo_n "checking whether the linker accepts -nopie... " >&6; } -if ${ax_cv_check_ldflags___nopie+:} false; then : - $as_echo_n "(cached) " >&6 -else + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking whether the linker accepts -nopie" >&5 +printf %s "checking whether the linker accepts -nopie... " >&6; } +if test ${ax_cv_check_ldflags___nopie+y} +then : + printf %s "(cached) " >&6 +else $as_nop ax_check_save_flags=$LDFLAGS LDFLAGS="$LDFLAGS -nopie" @@ -27672,45 +31197,48 @@ /* end confdefs.h. */ int -main () +main (void) { ; return 0; } _ACEOF -if ac_fn_c_try_link "$LINENO"; then : +if ac_fn_c_try_link "$LINENO" +then : ax_cv_check_ldflags___nopie=yes -else +else $as_nop ax_cv_check_ldflags___nopie=no fi -rm -f core conftest.err conftest.$ac_objext \ +rm -f core conftest.err conftest.$ac_objext conftest.beam \ conftest$ac_exeext conftest.$ac_ext LDFLAGS=$ax_check_save_flags fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ax_cv_check_ldflags___nopie" >&5 -$as_echo "$ax_cv_check_ldflags___nopie" >&6; } -if test x"$ax_cv_check_ldflags___nopie" = xyes; then : +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ax_cv_check_ldflags___nopie" >&5 +printf "%s\n" "$ax_cv_check_ldflags___nopie" >&6; } +if test x"$ax_cv_check_ldflags___nopie" = xyes +then : PIE_CFLAGS="-fno-pie" PIE_LDFLAGS="-nopie" -else +else $as_nop : fi CFLAGS="$_CFLAGS" -else +else $as_nop : fi else - { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether C compiler accepts -fPIE" >&5 -$as_echo_n "checking whether C compiler accepts -fPIE... " >&6; } -if ${ax_cv_check_cflags___fPIE+:} false; then : - $as_echo_n "(cached) " >&6 -else + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking whether C compiler accepts -fPIE" >&5 +printf %s "checking whether C compiler accepts -fPIE... " >&6; } +if test ${ax_cv_check_cflags___fPIE+y} +then : + printf %s "(cached) " >&6 +else $as_nop ax_check_save_flags=$CFLAGS CFLAGS="$CFLAGS -fPIE" @@ -27718,32 +31246,35 @@ /* end confdefs.h. */ int -main () +main (void) { ; return 0; } _ACEOF -if ac_fn_c_try_compile "$LINENO"; then : +if ac_fn_c_try_compile "$LINENO" +then : ax_cv_check_cflags___fPIE=yes -else +else $as_nop ax_cv_check_cflags___fPIE=no fi -rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext +rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext CFLAGS=$ax_check_save_flags fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ax_cv_check_cflags___fPIE" >&5 -$as_echo "$ax_cv_check_cflags___fPIE" >&6; } -if test x"$ax_cv_check_cflags___fPIE" = xyes; then : +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ax_cv_check_cflags___fPIE" >&5 +printf "%s\n" "$ax_cv_check_cflags___fPIE" >&6; } +if test x"$ax_cv_check_cflags___fPIE" = xyes +then : _CFLAGS="$CFLAGS" CFLAGS="$CFLAGS -fPIE" - { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether the linker accepts -pie" >&5 -$as_echo_n "checking whether the linker accepts -pie... " >&6; } -if ${ax_cv_check_ldflags___pie+:} false; then : - $as_echo_n "(cached) " >&6 -else + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking whether the linker accepts -pie" >&5 +printf %s "checking whether the linker accepts -pie... " >&6; } +if test ${ax_cv_check_ldflags___pie+y} +then : + printf %s "(cached) " >&6 +else $as_nop ax_check_save_flags=$LDFLAGS LDFLAGS="$LDFLAGS -pie" @@ -27751,71 +31282,78 @@ /* end confdefs.h. */ int -main () +main (void) { ; return 0; } _ACEOF -if ac_fn_c_try_link "$LINENO"; then : +if ac_fn_c_try_link "$LINENO" +then : ax_cv_check_ldflags___pie=yes -else +else $as_nop ax_cv_check_ldflags___pie=no fi -rm -f core conftest.err conftest.$ac_objext \ +rm -f core conftest.err conftest.$ac_objext conftest.beam \ conftest$ac_exeext conftest.$ac_ext LDFLAGS=$ax_check_save_flags fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ax_cv_check_ldflags___pie" >&5 -$as_echo "$ax_cv_check_ldflags___pie" >&6; } -if test x"$ax_cv_check_ldflags___pie" = xyes; then : +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ax_cv_check_ldflags___pie" >&5 +printf "%s\n" "$ax_cv_check_ldflags___pie" >&6; } +if test x"$ax_cv_check_ldflags___pie" = xyes +then : if test "$enable_pie" = "maybe"; then - { $as_echo "$as_me:${as_lineno-$LINENO}: checking for working PIE support" >&5 -$as_echo_n "checking for working PIE support... " >&6; } -if ${sudo_cv_working_pie+:} false; then : - $as_echo_n "(cached) " >&6 -else - rm -f conftestdata; > conftestdata -if test "$cross_compiling" = yes; then : + + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for working PIE support" >&5 +printf %s "checking for working PIE support... " >&6; } +if test ${sudo_cv_working_pie+y} +then : + printf %s "(cached) " >&6 +else $as_nop + + if test "$cross_compiling" = yes +then : sudo_cv_working_pie=no -else +else $as_nop cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ $ac_includes_default int main() { char *p = malloc(1024); if (p == NULL) return 1; memset(p, 0, 1024); return 0; } _ACEOF -if ac_fn_c_try_run "$LINENO"; then : +if ac_fn_c_try_run "$LINENO" +then : sudo_cv_working_pie=yes -else +else $as_nop sudo_cv_working_pie=no fi rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \ conftest.$ac_objext conftest.beam conftest.$ac_ext fi -rm -f core core.* *.core -fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $sudo_cv_working_pie" >&5 -$as_echo "$sudo_cv_working_pie" >&6; } -if test $sudo_cv_working_pie = yes; then : +fi +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $sudo_cv_working_pie" >&5 +printf "%s\n" "$sudo_cv_working_pie" >&6; } + if test $sudo_cv_working_pie = yes +then : enable_pie=yes fi + fi if test "$enable_pie" = "yes"; then PIE_CFLAGS="-fPIE" PIE_LDFLAGS="-Wc,-fPIE -pie" fi -else +else $as_nop : fi CFLAGS="$_CFLAGS" -else +else $as_nop : fi @@ -27826,11 +31364,12 @@ # Solaris 11.1 and higher supports tagging binaries to use ASLR case "$host_os" in solaris2.1[1-9]|solaris2.[2-9][0-9]) - { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether the linker accepts -Wl,-z,aslr" >&5 -$as_echo_n "checking whether the linker accepts -Wl,-z,aslr... " >&6; } -if ${ax_cv_check_ldflags___Wl__z_aslr+:} false; then : - $as_echo_n "(cached) " >&6 -else + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking whether the linker accepts -Wl,-z,aslr" >&5 +printf %s "checking whether the linker accepts -Wl,-z,aslr... " >&6; } +if test ${ax_cv_check_ldflags___Wl__z_aslr+y} +then : + printf %s "(cached) " >&6 +else $as_nop ax_check_save_flags=$LDFLAGS LDFLAGS="$LDFLAGS -Wl,-z,aslr" @@ -27838,58 +31377,61 @@ /* end confdefs.h. */ int -main () +main (void) { ; return 0; } _ACEOF -if ac_fn_c_try_link "$LINENO"; then : +if ac_fn_c_try_link "$LINENO" +then : ax_cv_check_ldflags___Wl__z_aslr=yes -else +else $as_nop ax_cv_check_ldflags___Wl__z_aslr=no fi -rm -f core conftest.err conftest.$ac_objext \ +rm -f core conftest.err conftest.$ac_objext conftest.beam \ conftest$ac_exeext conftest.$ac_ext LDFLAGS=$ax_check_save_flags fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ax_cv_check_ldflags___Wl__z_aslr" >&5 -$as_echo "$ax_cv_check_ldflags___Wl__z_aslr" >&6; } -if test x"$ax_cv_check_ldflags___Wl__z_aslr" = xyes; then : +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ax_cv_check_ldflags___Wl__z_aslr" >&5 +printf "%s\n" "$ax_cv_check_ldflags___Wl__z_aslr" >&6; } +if test x"$ax_cv_check_ldflags___Wl__z_aslr" = xyes +then : -if ${PIE_LDFLAGS+:} false; then : +if test ${PIE_LDFLAGS+y} +then : case " $PIE_LDFLAGS " in #( *" -Wl,-z,aslr "*) : - { { $as_echo "$as_me:${as_lineno-$LINENO}: : PIE_LDFLAGS already contains -Wl,-z,aslr"; } >&5 + { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: : PIE_LDFLAGS already contains -Wl,-z,aslr"; } >&5 (: PIE_LDFLAGS already contains -Wl,-z,aslr) 2>&5 ac_status=$? - $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 test $ac_status = 0; } ;; #( *) : as_fn_append PIE_LDFLAGS " -Wl,-z,aslr" - { { $as_echo "$as_me:${as_lineno-$LINENO}: : PIE_LDFLAGS=\"\$PIE_LDFLAGS\""; } >&5 + { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: : PIE_LDFLAGS=\"\$PIE_LDFLAGS\""; } >&5 (: PIE_LDFLAGS="$PIE_LDFLAGS") 2>&5 ac_status=$? - $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 test $ac_status = 0; } ;; esac -else +else $as_nop PIE_LDFLAGS=-Wl,-z,aslr - { { $as_echo "$as_me:${as_lineno-$LINENO}: : PIE_LDFLAGS=\"\$PIE_LDFLAGS\""; } >&5 + { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: : PIE_LDFLAGS=\"\$PIE_LDFLAGS\""; } >&5 (: PIE_LDFLAGS="$PIE_LDFLAGS") 2>&5 ac_status=$? - $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 test $ac_status = 0; } fi -else +else $as_nop : fi @@ -27897,12 +31439,13 @@ esac fi -if test "$enable_hardening" != "no"; then - { $as_echo "$as_me:${as_lineno-$LINENO}: checking for compiler stack protector support" >&5 -$as_echo_n "checking for compiler stack protector support... " >&6; } -if ${sudo_cv_var_stack_protector+:} false; then : - $as_echo_n "(cached) " >&6 -else +if test "$enable_hardening" != "no" && test "$enable_ssp" != "no"; then + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for compiler stack protector support" >&5 +printf %s "checking for compiler stack protector support... " >&6; } +if test ${sudo_cv_var_stack_protector+y} +then : + printf %s "(cached) " >&6 +else $as_nop # Avoid CFLAGS since the compiler might optimize away our test. # We don't want CPPFLAGS or LIBS to interfere with the test but @@ -27922,7 +31465,7 @@ $ac_includes_default int -main () +main (void) { char buf[1024]; buf[1023] = '\0'; ; @@ -27930,9 +31473,10 @@ } _ACEOF -if ac_fn_c_try_link "$LINENO"; then : +if ac_fn_c_try_link "$LINENO" +then : -else +else $as_nop sudo_cv_var_stack_protector="-fstack-protector-all" CFLAGS="$sudo_cv_var_stack_protector" @@ -27942,7 +31486,7 @@ $ac_includes_default int -main () +main (void) { char buf[1024]; buf[1023] = '\0'; ; @@ -27950,9 +31494,10 @@ } _ACEOF -if ac_fn_c_try_link "$LINENO"; then : +if ac_fn_c_try_link "$LINENO" +then : -else +else $as_nop sudo_cv_var_stack_protector="-fstack-protector" CFLAGS="$sudo_cv_var_stack_protector" @@ -27962,7 +31507,7 @@ $ac_includes_default int -main () +main (void) { char buf[1024]; buf[1023] = '\0'; ; @@ -27970,22 +31515,23 @@ } _ACEOF -if ac_fn_c_try_link "$LINENO"; then : +if ac_fn_c_try_link "$LINENO" +then : -else +else $as_nop sudo_cv_var_stack_protector=no fi -rm -f core conftest.err conftest.$ac_objext \ +rm -f core conftest.err conftest.$ac_objext conftest.beam \ conftest$ac_exeext conftest.$ac_ext fi -rm -f core conftest.err conftest.$ac_objext \ +rm -f core conftest.err conftest.$ac_objext conftest.beam \ conftest$ac_exeext conftest.$ac_ext fi -rm -f core conftest.err conftest.$ac_objext \ +rm -f core conftest.err conftest.$ac_objext conftest.beam \ conftest$ac_exeext conftest.$ac_ext CPPFLAGS="$_CPPFLAGS" CFLAGS="$_CFLAGS" @@ -27994,17 +31540,232 @@ fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $sudo_cv_var_stack_protector" >&5 -$as_echo "$sudo_cv_var_stack_protector" >&6; } +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $sudo_cv_var_stack_protector" >&5 +printf "%s\n" "$sudo_cv_var_stack_protector" >&6; } if test X"$sudo_cv_var_stack_protector" != X"no"; then SSP_CFLAGS="$sudo_cv_var_stack_protector" SSP_LDFLAGS="-Wc,$sudo_cv_var_stack_protector" fi - { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether the linker accepts -Wl,-z,relro" >&5 -$as_echo_n "checking whether the linker accepts -Wl,-z,relro... " >&6; } -if ${ax_cv_check_ldflags___Wl__z_relro+:} false; then : - $as_echo_n "(cached) " >&6 -else +fi +if test "$enable_hardening" != "no"; then + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking whether the linker accepts -fstack-clash-protection" >&5 +printf %s "checking whether the linker accepts -fstack-clash-protection... " >&6; } +if test ${ax_cv_check_ldflags___fstack_clash_protection+y} +then : + printf %s "(cached) " >&6 +else $as_nop + + ax_check_save_flags=$LDFLAGS + LDFLAGS="$LDFLAGS -fstack-clash-protection" + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +int +main (void) +{ + + ; + return 0; +} +_ACEOF +if ac_fn_c_try_link "$LINENO" +then : + ax_cv_check_ldflags___fstack_clash_protection=yes +else $as_nop + ax_cv_check_ldflags___fstack_clash_protection=no +fi +rm -f core conftest.err conftest.$ac_objext conftest.beam \ + conftest$ac_exeext conftest.$ac_ext + LDFLAGS=$ax_check_save_flags +fi +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ax_cv_check_ldflags___fstack_clash_protection" >&5 +printf "%s\n" "$ax_cv_check_ldflags___fstack_clash_protection" >&6; } +if test x"$ax_cv_check_ldflags___fstack_clash_protection" = xyes +then : + + +if test ${SSP_CFLAGS+y} +then : + + case " $SSP_CFLAGS " in #( + *" -fstack-clash-protection "*) : + { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: : SSP_CFLAGS already contains -fstack-clash-protection"; } >&5 + (: SSP_CFLAGS already contains -fstack-clash-protection) 2>&5 + ac_status=$? + printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + test $ac_status = 0; } ;; #( + *) : + + as_fn_append SSP_CFLAGS " -fstack-clash-protection" + { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: : SSP_CFLAGS=\"\$SSP_CFLAGS\""; } >&5 + (: SSP_CFLAGS="$SSP_CFLAGS") 2>&5 + ac_status=$? + printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + test $ac_status = 0; } + ;; +esac + +else $as_nop + + SSP_CFLAGS=-fstack-clash-protection + { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: : SSP_CFLAGS=\"\$SSP_CFLAGS\""; } >&5 + (: SSP_CFLAGS="$SSP_CFLAGS") 2>&5 + ac_status=$? + printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + test $ac_status = 0; } + +fi + + +if test ${SSP_LDFLAGS+y} +then : + + case " $SSP_LDFLAGS " in #( + *" -Wc,-fstack-clash-protection "*) : + { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: : SSP_LDFLAGS already contains -Wc,-fstack-clash-protection"; } >&5 + (: SSP_LDFLAGS already contains -Wc,-fstack-clash-protection) 2>&5 + ac_status=$? + printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + test $ac_status = 0; } ;; #( + *) : + + as_fn_append SSP_LDFLAGS " -Wc,-fstack-clash-protection" + { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: : SSP_LDFLAGS=\"\$SSP_LDFLAGS\""; } >&5 + (: SSP_LDFLAGS="$SSP_LDFLAGS") 2>&5 + ac_status=$? + printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + test $ac_status = 0; } + ;; +esac + +else $as_nop + + SSP_LDFLAGS=-Wc,-fstack-clash-protection + { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: : SSP_LDFLAGS=\"\$SSP_LDFLAGS\""; } >&5 + (: SSP_LDFLAGS="$SSP_LDFLAGS") 2>&5 + ac_status=$? + printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + test $ac_status = 0; } + +fi + + +else $as_nop + : +fi + + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking whether the linker accepts -fcf-protection" >&5 +printf %s "checking whether the linker accepts -fcf-protection... " >&6; } +if test ${ax_cv_check_ldflags___fcf_protection+y} +then : + printf %s "(cached) " >&6 +else $as_nop + + ax_check_save_flags=$LDFLAGS + LDFLAGS="$LDFLAGS -fcf-protection" + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +int +main (void) +{ + + ; + return 0; +} +_ACEOF +if ac_fn_c_try_link "$LINENO" +then : + ax_cv_check_ldflags___fcf_protection=yes +else $as_nop + ax_cv_check_ldflags___fcf_protection=no +fi +rm -f core conftest.err conftest.$ac_objext conftest.beam \ + conftest$ac_exeext conftest.$ac_ext + LDFLAGS=$ax_check_save_flags +fi +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ax_cv_check_ldflags___fcf_protection" >&5 +printf "%s\n" "$ax_cv_check_ldflags___fcf_protection" >&6; } +if test x"$ax_cv_check_ldflags___fcf_protection" = xyes +then : + + +if test ${SSP_CFLAGS+y} +then : + + case " $SSP_CFLAGS " in #( + *" -fcf-protection "*) : + { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: : SSP_CFLAGS already contains -fcf-protection"; } >&5 + (: SSP_CFLAGS already contains -fcf-protection) 2>&5 + ac_status=$? + printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + test $ac_status = 0; } ;; #( + *) : + + as_fn_append SSP_CFLAGS " -fcf-protection" + { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: : SSP_CFLAGS=\"\$SSP_CFLAGS\""; } >&5 + (: SSP_CFLAGS="$SSP_CFLAGS") 2>&5 + ac_status=$? + printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + test $ac_status = 0; } + ;; +esac + +else $as_nop + + SSP_CFLAGS=-fcf-protection + { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: : SSP_CFLAGS=\"\$SSP_CFLAGS\""; } >&5 + (: SSP_CFLAGS="$SSP_CFLAGS") 2>&5 + ac_status=$? + printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + test $ac_status = 0; } + +fi + + +if test ${SSP_LDFLAGS+y} +then : + + case " $SSP_LDFLAGS " in #( + *" -Wc,-fcf-protection "*) : + { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: : SSP_LDFLAGS already contains -Wc,-fcf-protection"; } >&5 + (: SSP_LDFLAGS already contains -Wc,-fcf-protection) 2>&5 + ac_status=$? + printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + test $ac_status = 0; } ;; #( + *) : + + as_fn_append SSP_LDFLAGS " -Wc,-fcf-protection" + { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: : SSP_LDFLAGS=\"\$SSP_LDFLAGS\""; } >&5 + (: SSP_LDFLAGS="$SSP_LDFLAGS") 2>&5 + ac_status=$? + printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + test $ac_status = 0; } + ;; +esac + +else $as_nop + + SSP_LDFLAGS=-Wc,-fcf-protection + { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: : SSP_LDFLAGS=\"\$SSP_LDFLAGS\""; } >&5 + (: SSP_LDFLAGS="$SSP_LDFLAGS") 2>&5 + ac_status=$? + printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + test $ac_status = 0; } + +fi + + +else $as_nop + : +fi + + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking whether the linker accepts -Wl,-z,relro" >&5 +printf %s "checking whether the linker accepts -Wl,-z,relro... " >&6; } +if test ${ax_cv_check_ldflags___Wl__z_relro+y} +then : + printf %s "(cached) " >&6 +else $as_nop ax_check_save_flags=$LDFLAGS LDFLAGS="$LDFLAGS -Wl,-z,relro" @@ -28012,58 +31773,203 @@ /* end confdefs.h. */ int -main () +main (void) { ; return 0; } _ACEOF -if ac_fn_c_try_link "$LINENO"; then : +if ac_fn_c_try_link "$LINENO" +then : ax_cv_check_ldflags___Wl__z_relro=yes -else +else $as_nop ax_cv_check_ldflags___Wl__z_relro=no fi -rm -f core conftest.err conftest.$ac_objext \ +rm -f core conftest.err conftest.$ac_objext conftest.beam \ conftest$ac_exeext conftest.$ac_ext LDFLAGS=$ax_check_save_flags fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ax_cv_check_ldflags___Wl__z_relro" >&5 -$as_echo "$ax_cv_check_ldflags___Wl__z_relro" >&6; } -if test x"$ax_cv_check_ldflags___Wl__z_relro" = xyes; then : +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ax_cv_check_ldflags___Wl__z_relro" >&5 +printf "%s\n" "$ax_cv_check_ldflags___Wl__z_relro" >&6; } +if test x"$ax_cv_check_ldflags___Wl__z_relro" = xyes +then : -if ${LDFLAGS+:} false; then : +if test ${LDFLAGS+y} +then : case " $LDFLAGS " in #( *" -Wl,-z,relro "*) : - { { $as_echo "$as_me:${as_lineno-$LINENO}: : LDFLAGS already contains -Wl,-z,relro"; } >&5 + { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: : LDFLAGS already contains -Wl,-z,relro"; } >&5 (: LDFLAGS already contains -Wl,-z,relro) 2>&5 ac_status=$? - $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 test $ac_status = 0; } ;; #( *) : as_fn_append LDFLAGS " -Wl,-z,relro" - { { $as_echo "$as_me:${as_lineno-$LINENO}: : LDFLAGS=\"\$LDFLAGS\""; } >&5 + { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: : LDFLAGS=\"\$LDFLAGS\""; } >&5 (: LDFLAGS="$LDFLAGS") 2>&5 ac_status=$? - $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 test $ac_status = 0; } ;; esac -else +else $as_nop LDFLAGS=-Wl,-z,relro - { { $as_echo "$as_me:${as_lineno-$LINENO}: : LDFLAGS=\"\$LDFLAGS\""; } >&5 + { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: : LDFLAGS=\"\$LDFLAGS\""; } >&5 (: LDFLAGS="$LDFLAGS") 2>&5 ac_status=$? - $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 test $ac_status = 0; } fi -else +else $as_nop + : +fi + + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking whether the linker accepts -Wl,-z,now" >&5 +printf %s "checking whether the linker accepts -Wl,-z,now... " >&6; } +if test ${ax_cv_check_ldflags___Wl__z_now+y} +then : + printf %s "(cached) " >&6 +else $as_nop + + ax_check_save_flags=$LDFLAGS + LDFLAGS="$LDFLAGS -Wl,-z,now" + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +int +main (void) +{ + + ; + return 0; +} +_ACEOF +if ac_fn_c_try_link "$LINENO" +then : + ax_cv_check_ldflags___Wl__z_now=yes +else $as_nop + ax_cv_check_ldflags___Wl__z_now=no +fi +rm -f core conftest.err conftest.$ac_objext conftest.beam \ + conftest$ac_exeext conftest.$ac_ext + LDFLAGS=$ax_check_save_flags +fi +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ax_cv_check_ldflags___Wl__z_now" >&5 +printf "%s\n" "$ax_cv_check_ldflags___Wl__z_now" >&6; } +if test x"$ax_cv_check_ldflags___Wl__z_now" = xyes +then : + +if test ${LDFLAGS+y} +then : + + case " $LDFLAGS " in #( + *" -Wl,-z,now "*) : + { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: : LDFLAGS already contains -Wl,-z,now"; } >&5 + (: LDFLAGS already contains -Wl,-z,now) 2>&5 + ac_status=$? + printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + test $ac_status = 0; } ;; #( + *) : + + as_fn_append LDFLAGS " -Wl,-z,now" + { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: : LDFLAGS=\"\$LDFLAGS\""; } >&5 + (: LDFLAGS="$LDFLAGS") 2>&5 + ac_status=$? + printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + test $ac_status = 0; } + ;; +esac + +else $as_nop + + LDFLAGS=-Wl,-z,now + { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: : LDFLAGS=\"\$LDFLAGS\""; } >&5 + (: LDFLAGS="$LDFLAGS") 2>&5 + ac_status=$? + printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + test $ac_status = 0; } + +fi + +else $as_nop + : +fi + + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking whether the linker accepts -Wl,-z,noexecstack" >&5 +printf %s "checking whether the linker accepts -Wl,-z,noexecstack... " >&6; } +if test ${ax_cv_check_ldflags___Wl__z_noexecstack+y} +then : + printf %s "(cached) " >&6 +else $as_nop + + ax_check_save_flags=$LDFLAGS + LDFLAGS="$LDFLAGS -Wl,-z,noexecstack" + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +int +main (void) +{ + + ; + return 0; +} +_ACEOF +if ac_fn_c_try_link "$LINENO" +then : + ax_cv_check_ldflags___Wl__z_noexecstack=yes +else $as_nop + ax_cv_check_ldflags___Wl__z_noexecstack=no +fi +rm -f core conftest.err conftest.$ac_objext conftest.beam \ + conftest$ac_exeext conftest.$ac_ext + LDFLAGS=$ax_check_save_flags +fi +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ax_cv_check_ldflags___Wl__z_noexecstack" >&5 +printf "%s\n" "$ax_cv_check_ldflags___Wl__z_noexecstack" >&6; } +if test x"$ax_cv_check_ldflags___Wl__z_noexecstack" = xyes +then : + +if test ${LDFLAGS+y} +then : + + case " $LDFLAGS " in #( + *" -Wl,-z,noexecstack "*) : + { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: : LDFLAGS already contains -Wl,-z,noexecstack"; } >&5 + (: LDFLAGS already contains -Wl,-z,noexecstack) 2>&5 + ac_status=$? + printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + test $ac_status = 0; } ;; #( + *) : + + as_fn_append LDFLAGS " -Wl,-z,noexecstack" + { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: : LDFLAGS=\"\$LDFLAGS\""; } >&5 + (: LDFLAGS="$LDFLAGS") 2>&5 + ac_status=$? + printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + test $ac_status = 0; } + ;; +esac + +else $as_nop + + LDFLAGS=-Wl,-z,noexecstack + { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: : LDFLAGS=\"\$LDFLAGS\""; } >&5 + (: LDFLAGS="$LDFLAGS") 2>&5 + ac_status=$? + printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + test $ac_status = 0; } + +fi + +else $as_nop : fi @@ -28073,12 +31979,12 @@ yes|maybe) AUTH_OBJS="$AUTH_OBJS getspwuid.lo passwd.lo" if test "${ac_cv_search_crypt}" = "no"; then - { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: No crypt function found, assuming plaintext passwords" >&5 -$as_echo "$as_me: WARNING: No crypt function found, assuming plaintext passwords" >&2;} + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: WARNING: no crypt function found, assuming plaintext passwords" >&5 +printf "%s\n" "$as_me: WARNING: no crypt function found, assuming plaintext passwords" >&2;} fi ;; *) - $as_echo "#define WITHOUT_PASSWD 1" >>confdefs.h + printf "%s\n" "#define WITHOUT_PASSWD 1" >>confdefs.h if test -z "$AUTH_OBJS"; then as_fn_error $? "no authentication methods defined." "$LINENO" 5 @@ -28086,9 +31992,6 @@ ;; esac AUTH_OBJS=${AUTH_OBJS# } -_AUTH=`echo "$AUTH_OBJS" | sed -e 's/\.lo//g' -e 's/getspwuid *//'` -{ $as_echo "$as_me:${as_lineno-$LINENO}: using the following authentication methods: $_AUTH" >&5 -$as_echo "$as_me: using the following authentication methods: $_AUTH" >&6;} if test -n "$LIBS"; then L="$LIBS" @@ -28103,19 +32006,18 @@ fi -cat >>confdefs.h <<_ACEOF -#define os_init $OS_INIT -_ACEOF +printf "%s\n" "#define os_init $OS_INIT" >>confdefs.h if test -n "$GCC"; then if test X"$enable_warnings" = X"yes" -o X"$with_devel" = X"yes"; then - CFLAGS="${CFLAGS} -Wall -Wsign-compare -Wpointer-arith" - { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether C compiler accepts -Wshadow" >&5 -$as_echo_n "checking whether C compiler accepts -Wshadow... " >&6; } -if ${ax_cv_check_cflags___Wshadow+:} false; then : - $as_echo_n "(cached) " >&6 -else + CFLAGS="${CFLAGS} -Wall -Wsign-compare -Wpointer-arith -Wno-unknown-pragmas" + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking whether C compiler accepts -Wshadow" >&5 +printf %s "checking whether C compiler accepts -Wshadow... " >&6; } +if test ${ax_cv_check_cflags___Wshadow+y} +then : + printf %s "(cached) " >&6 +else $as_nop ax_check_save_flags=$CFLAGS CFLAGS="$CFLAGS -Wshadow" @@ -28123,34 +32025,37 @@ /* end confdefs.h. */ int -main () +main (void) { ; return 0; } _ACEOF -if ac_fn_c_try_compile "$LINENO"; then : +if ac_fn_c_try_compile "$LINENO" +then : ax_cv_check_cflags___Wshadow=yes -else +else $as_nop ax_cv_check_cflags___Wshadow=no fi -rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext +rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext CFLAGS=$ax_check_save_flags fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ax_cv_check_cflags___Wshadow" >&5 -$as_echo "$ax_cv_check_cflags___Wshadow" >&6; } -if test x"$ax_cv_check_cflags___Wshadow" = xyes; then : +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ax_cv_check_cflags___Wshadow" >&5 +printf "%s\n" "$ax_cv_check_cflags___Wshadow" >&6; } +if test x"$ax_cv_check_cflags___Wshadow" = xyes +then : CFLAGS="$CFLAGS -Wshadow" -else +else $as_nop : fi - { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether $CC supports the fallthrough attribute" >&5 -$as_echo_n "checking whether $CC supports the fallthrough attribute... " >&6; } -if ${sudo_cv_var_fallthrough_attribute+:} false; then : - $as_echo_n "(cached) " >&6 -else + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking whether $CC supports the fallthrough attribute" >&5 +printf %s "checking whether $CC supports the fallthrough attribute... " >&6; } +if test ${sudo_cv_var_fallthrough_attribute+y} +then : + printf %s "(cached) " >&6 +else $as_nop cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ @@ -28168,22 +32073,23 @@ } _ACEOF -if ac_fn_c_try_compile "$LINENO"; then : +if ac_fn_c_try_compile "$LINENO" +then : sudo_cv_var_fallthrough_attribute=yes -else +else $as_nop sudo_cv_var_fallthrough_attribute=no fi -rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext +rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $sudo_cv_var_fallthrough_attribute" >&5 -$as_echo "$sudo_cv_var_fallthrough_attribute" >&6; } +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $sudo_cv_var_fallthrough_attribute" >&5 +printf "%s\n" "$sudo_cv_var_fallthrough_attribute" >&6; } if test X"$sudo_cv_var_fallthrough_attribute" = X"yes"; then - $as_echo "#define HAVE_FALLTHROUGH_ATTRIBUTE 1" >>confdefs.h + printf "%s\n" "#define HAVE_FALLTHROUGH_ATTRIBUTE 1" >>confdefs.h CFLAGS="$CFLAGS -Wimplicit-fallthrough" fi @@ -28191,6 +32097,10 @@ if test X"$enable_werror" = X"yes"; then CFLAGS="${CFLAGS} -Werror" fi + case "$host" in + # Avoid unwanted warnings on macOS + darwin*) CFLAGS="${CFLAGS} -Wno-deprecated-declarations";; + esac fi CROSS_COMPILING="$cross_compiling" @@ -28206,6 +32116,13 @@ fi fi +# Update exec_prefix in intercept_file +_intercept_file= +while test X"$intercept_file" != X"$_intercept_file"; do + _intercept_file="$intercept_file" + eval intercept_file="$_intercept_file" +done + # Update exec_prefix in noexec_file _noexec_file= while test X"$noexec_file" != X"$_noexec_file"; do @@ -28228,24 +32145,24 @@ done exec_prefix="$oexec_prefix" +if test X"$enable_intercept" != X"no"; then + SUDO_OBJS="${SUDO_OBJS} intercept.pb-c.o" + PROGS="${PROGS} sudo_intercept.la" + INSTALL_INTERCEPT="install-intercept" + + cat >>confdefs.h <>confdefs.h <>confdefs.h <>confdefs.h <>confdefs.h +printf "%s\n" "#define ENABLE_SUDO_PLUGIN_API 1" >>confdefs.h else cat >>confdefs.h <confcache <<\_ACEOF @@ -28337,8 +32269,8 @@ case $ac_val in #( *${as_nl}*) case $ac_var in #( - *_cv_*) { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: cache variable $ac_var contains a newline" >&5 -$as_echo "$as_me: WARNING: cache variable $ac_var contains a newline" >&2;} ;; + *_cv_*) { printf "%s\n" "$as_me:${as_lineno-$LINENO}: WARNING: cache variable $ac_var contains a newline" >&5 +printf "%s\n" "$as_me: WARNING: cache variable $ac_var contains a newline" >&2;} ;; esac case $ac_var in #( _ | IFS | as_nl) ;; #( @@ -28368,15 +32300,15 @@ /^ac_cv_env_/b end t clear :clear - s/^\([^=]*\)=\(.*[{}].*\)$/test "${\1+set}" = set || &/ + s/^\([^=]*\)=\(.*[{}].*\)$/test ${\1+y} || &/ t end s/^\([^=]*\)=\(.*\)$/\1=${\1=\2}/ :end' >>confcache if diff "$cache_file" confcache >/dev/null 2>&1; then :; else if test -w "$cache_file"; then if test "x$cache_file" != "x/dev/null"; then - { $as_echo "$as_me:${as_lineno-$LINENO}: updating cache $cache_file" >&5 -$as_echo "$as_me: updating cache $cache_file" >&6;} + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: updating cache $cache_file" >&5 +printf "%s\n" "$as_me: updating cache $cache_file" >&6;} if test ! -f "$cache_file" || test -h "$cache_file"; then cat confcache >"$cache_file" else @@ -28390,8 +32322,8 @@ fi fi else - { $as_echo "$as_me:${as_lineno-$LINENO}: not updating unwritable cache $cache_file" >&5 -$as_echo "$as_me: not updating unwritable cache $cache_file" >&6;} + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: not updating unwritable cache $cache_file" >&5 +printf "%s\n" "$as_me: not updating unwritable cache $cache_file" >&6;} fi fi rm -f confcache @@ -28408,7 +32340,7 @@ for ac_i in : $LIBOBJS; do test "x$ac_i" = x: && continue # 1. Remove the extension, and $U if already installed. ac_script='s/\$U\././;s/\.o$//;s/\.obj$//' - ac_i=`$as_echo "$ac_i" | sed "$ac_script"` + ac_i=`printf "%s\n" "$ac_i" | sed "$ac_script"` # 2. Prepend LIBOBJDIR. When used with automake>=1.10 LIBOBJDIR # will be set to the directory where LIBOBJS objects are built. as_fn_append ac_libobjs " \${LIBOBJDIR}$ac_i\$U.$ac_objext" @@ -28424,8 +32356,8 @@ ac_write_fail=0 ac_clean_files_save=$ac_clean_files ac_clean_files="$ac_clean_files $CONFIG_STATUS" -{ $as_echo "$as_me:${as_lineno-$LINENO}: creating $CONFIG_STATUS" >&5 -$as_echo "$as_me: creating $CONFIG_STATUS" >&6;} +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: creating $CONFIG_STATUS" >&5 +printf "%s\n" "$as_me: creating $CONFIG_STATUS" >&6;} as_write_fail=0 cat >$CONFIG_STATUS <<_ASEOF || as_write_fail=1 #! $SHELL @@ -28448,14 +32380,16 @@ # Be more Bourne compatible DUALCASE=1; export DUALCASE # for MKS sh -if test -n "${ZSH_VERSION+set}" && (emulate sh) >/dev/null 2>&1; then : +as_nop=: +if test ${ZSH_VERSION+y} && (emulate sh) >/dev/null 2>&1 +then : emulate sh NULLCMD=: # Pre-4.2 versions of Zsh do word splitting on ${1+"$@"}, which # is contrary to our usage. Disable this feature. alias -g '${1+"$@"}'='"$@"' setopt NO_GLOB_SUBST -else +else $as_nop case `(set -o) 2>/dev/null` in #( *posix*) : set -o posix ;; #( @@ -28465,46 +32399,46 @@ fi + +# Reset variables that may have inherited troublesome values from +# the environment. + +# IFS needs to be set, to space, tab, and newline, in precisely that order. +# (If _AS_PATH_WALK were called with IFS unset, it would have the +# side effect of setting IFS to empty, thus disabling word splitting.) +# Quoting is to prevent editors from complaining about space-tab. as_nl=' ' export as_nl -# Printing a long string crashes Solaris 7 /usr/bin/printf. -as_echo='\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\' -as_echo=$as_echo$as_echo$as_echo$as_echo$as_echo -as_echo=$as_echo$as_echo$as_echo$as_echo$as_echo$as_echo -# Prefer a ksh shell builtin over an external printf program on Solaris, -# but without wasting forks for bash or zsh. -if test -z "$BASH_VERSION$ZSH_VERSION" \ - && (test "X`print -r -- $as_echo`" = "X$as_echo") 2>/dev/null; then - as_echo='print -r --' - as_echo_n='print -rn --' -elif (test "X`printf %s $as_echo`" = "X$as_echo") 2>/dev/null; then - as_echo='printf %s\n' - as_echo_n='printf %s' -else - if test "X`(/usr/ucb/echo -n -n $as_echo) 2>/dev/null`" = "X-n $as_echo"; then - as_echo_body='eval /usr/ucb/echo -n "$1$as_nl"' - as_echo_n='/usr/ucb/echo -n' - else - as_echo_body='eval expr "X$1" : "X\\(.*\\)"' - as_echo_n_body='eval - arg=$1; - case $arg in #( - *"$as_nl"*) - expr "X$arg" : "X\\(.*\\)$as_nl"; - arg=`expr "X$arg" : ".*$as_nl\\(.*\\)"`;; - esac; - expr "X$arg" : "X\\(.*\\)" | tr -d "$as_nl" - ' - export as_echo_n_body - as_echo_n='sh -c $as_echo_n_body as_echo' - fi - export as_echo_body - as_echo='sh -c $as_echo_body as_echo' -fi +IFS=" "" $as_nl" + +PS1='$ ' +PS2='> ' +PS4='+ ' + +# Ensure predictable behavior from utilities with locale-dependent output. +LC_ALL=C +export LC_ALL +LANGUAGE=C +export LANGUAGE + +# We cannot yet rely on "unset" to work, but we need these variables +# to be unset--not just set to an empty or harmless value--now, to +# avoid bugs in old shells (e.g. pre-3.0 UWIN ksh). This construct +# also avoids known problems related to "unset" and subshell syntax +# in other old shells (e.g. bash 2.01 and pdksh 5.2.14). +for as_var in BASH_ENV ENV MAIL MAILPATH CDPATH +do eval test \${$as_var+y} \ + && ( (unset $as_var) || exit 1) >/dev/null 2>&1 && unset $as_var || : +done + +# Ensure that fds 0, 1, and 2 are open. +if (exec 3>&0) 2>/dev/null; then :; else exec 0&1) 2>/dev/null; then :; else exec 1>/dev/null; fi +if (exec 3>&2) ; then :; else exec 2>/dev/null; fi # The user is always right. -if test "${PATH_SEPARATOR+set}" != set; then +if ${PATH_SEPARATOR+false} :; then PATH_SEPARATOR=: (PATH='/bin;/bin'; FPATH=$PATH; sh -c :) >/dev/null 2>&1 && { (PATH='/bin:/bin'; FPATH=$PATH; sh -c :) >/dev/null 2>&1 || @@ -28513,13 +32447,6 @@ fi -# IFS -# We need space, tab and new line, in precisely that order. Quoting is -# there to prevent editors from complaining about space-tab. -# (If _AS_PATH_WALK were called with IFS unset, it would disable word -# splitting by setting IFS to empty value.) -IFS=" "" $as_nl" - # Find who we are. Look in the path if we contain no directory separator. as_myself= case $0 in #(( @@ -28528,8 +32455,12 @@ for as_dir in $PATH do IFS=$as_save_IFS - test -z "$as_dir" && as_dir=. - test -r "$as_dir/$0" && as_myself=$as_dir/$0 && break + case $as_dir in #((( + '') as_dir=./ ;; + */) ;; + *) as_dir=$as_dir/ ;; + esac + test -r "$as_dir$0" && as_myself=$as_dir$0 && break done IFS=$as_save_IFS @@ -28541,30 +32472,10 @@ as_myself=$0 fi if test ! -f "$as_myself"; then - $as_echo "$as_myself: error: cannot find myself; rerun with an absolute file name" >&2 + printf "%s\n" "$as_myself: error: cannot find myself; rerun with an absolute file name" >&2 exit 1 fi -# Unset variables that we do not need and which cause bugs (e.g. in -# pre-3.0 UWIN ksh). But do not cause bugs in bash 2.01; the "|| exit 1" -# suppresses any "Segmentation fault" message there. '((' could -# trigger a bug in pdksh 5.2.14. -for as_var in BASH_ENV ENV MAIL MAILPATH -do eval test x\${$as_var+set} = xset \ - && ( (unset $as_var) || exit 1) >/dev/null 2>&1 && unset $as_var || : -done -PS1='$ ' -PS2='> ' -PS4='+ ' - -# NLS nuisances. -LC_ALL=C -export LC_ALL -LANGUAGE=C -export LANGUAGE - -# CDPATH. -(unset CDPATH) >/dev/null 2>&1 && unset CDPATH # as_fn_error STATUS ERROR [LINENO LOG_FD] @@ -28577,13 +32488,14 @@ as_status=$1; test $as_status -eq 0 && as_status=1 if test "$4"; then as_lineno=${as_lineno-"$3"} as_lineno_stack=as_lineno_stack=$as_lineno_stack - $as_echo "$as_me:${as_lineno-$LINENO}: error: $2" >&$4 + printf "%s\n" "$as_me:${as_lineno-$LINENO}: error: $2" >&$4 fi - $as_echo "$as_me: error: $2" >&2 + printf "%s\n" "$as_me: error: $2" >&2 as_fn_exit $as_status } # as_fn_error + # as_fn_set_status STATUS # ----------------------- # Set $? to STATUS, without forking. @@ -28610,18 +32522,20 @@ { eval $1=; unset $1;} } as_unset=as_fn_unset + # as_fn_append VAR VALUE # ---------------------- # Append the text in VALUE to the end of the definition contained in VAR. Take # advantage of any shell optimizations that allow amortized linear growth over # repeated appends, instead of the typical quadratic growth present in naive # implementations. -if (eval "as_var=1; as_var+=2; test x\$as_var = x12") 2>/dev/null; then : +if (eval "as_var=1; as_var+=2; test x\$as_var = x12") 2>/dev/null +then : eval 'as_fn_append () { eval $1+=\$2 }' -else +else $as_nop as_fn_append () { eval $1=\$$1\$2 @@ -28633,12 +32547,13 @@ # Perform arithmetic evaluation on the ARGs, and store the result in the # global $as_val. Take advantage of shells that can avoid forks. The arguments # must be portable across $(()) and expr. -if (eval "test \$(( 1 + 1 )) = 2") 2>/dev/null; then : +if (eval "test \$(( 1 + 1 )) = 2") 2>/dev/null +then : eval 'as_fn_arith () { as_val=$(( $* )) }' -else +else $as_nop as_fn_arith () { as_val=`expr "$@" || test $? -eq 1` @@ -28669,7 +32584,7 @@ $as_expr X/"$0" : '.*/\([^/][^/]*\)/*$' \| \ X"$0" : 'X\(//\)$' \| \ X"$0" : 'X\(/\)' \| . 2>/dev/null || -$as_echo X/"$0" | +printf "%s\n" X/"$0" | sed '/^.*\/\([^/][^/]*\)\/*$/{ s//\1/ q @@ -28691,6 +32606,10 @@ as_cr_digits='0123456789' as_cr_alnum=$as_cr_Letters$as_cr_digits + +# Determine whether it's possible to make 'echo' print without a newline. +# These variables are no longer used directly by Autoconf, but are AC_SUBSTed +# for compatibility with existing Makefiles. ECHO_C= ECHO_N= ECHO_T= case `echo -n x` in #((((( -n*) @@ -28704,6 +32623,12 @@ ECHO_N='-n';; esac +# For backward compatibility with old third-party macros, we provide +# the shell variables $as_echo and $as_echo_n. New code should use +# AS_ECHO(["message"]) and AS_ECHO_N(["message"]), respectively. +as_echo='printf %s\n' +as_echo_n='printf %s' + rm -f conf$$ conf$$.exe conf$$.file if test -d conf$$.dir; then rm -f conf$$.dir/conf$$.file @@ -28745,7 +32670,7 @@ as_dirs= while :; do case $as_dir in #( - *\'*) as_qdir=`$as_echo "$as_dir" | sed "s/'/'\\\\\\\\''/g"`;; #'( + *\'*) as_qdir=`printf "%s\n" "$as_dir" | sed "s/'/'\\\\\\\\''/g"`;; #'( *) as_qdir=$as_dir;; esac as_dirs="'$as_qdir' $as_dirs" @@ -28754,7 +32679,7 @@ X"$as_dir" : 'X\(//\)[^/]' \| \ X"$as_dir" : 'X\(//\)$' \| \ X"$as_dir" : 'X\(/\)' \| . 2>/dev/null || -$as_echo X"$as_dir" | +printf "%s\n" X"$as_dir" | sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{ s//\1/ q @@ -28816,8 +32741,8 @@ # report actual input values of CONFIG_FILES etc. instead of their # values after options handling. ac_log=" -This file was extended by sudo $as_me 1.9.5p2, which was -generated by GNU Autoconf 2.69. Invocation command line was +This file was extended by sudo $as_me 1.9.9, which was +generated by GNU Autoconf 2.71. Invocation command line was CONFIG_FILES = $CONFIG_FILES CONFIG_HEADERS = $CONFIG_HEADERS @@ -28879,14 +32804,16 @@ Report bugs to ." _ACEOF +ac_cs_config=`printf "%s\n" "$ac_configure_args" | sed "$ac_safe_unquote"` +ac_cs_config_escaped=`printf "%s\n" "$ac_cs_config" | sed "s/^ //; s/'/'\\\\\\\\''/g"` cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1 -ac_cs_config="`$as_echo "$ac_configure_args" | sed 's/^ //; s/[\\""\`\$]/\\\\&/g'`" +ac_cs_config='$ac_cs_config_escaped' ac_cs_version="\\ -sudo config.status 1.9.5p2 -configured by $0, generated by GNU Autoconf 2.69, +sudo config.status 1.9.9 +configured by $0, generated by GNU Autoconf 2.71, with options \\"\$ac_cs_config\\" -Copyright (C) 2012 Free Software Foundation, Inc. +Copyright (C) 2021 Free Software Foundation, Inc. This config.status script is free software; the Free Software Foundation gives unlimited permission to copy, distribute and modify it." @@ -28924,15 +32851,15 @@ -recheck | --recheck | --rechec | --reche | --rech | --rec | --re | --r) ac_cs_recheck=: ;; --version | --versio | --versi | --vers | --ver | --ve | --v | -V ) - $as_echo "$ac_cs_version"; exit ;; + printf "%s\n" "$ac_cs_version"; exit ;; --config | --confi | --conf | --con | --co | --c ) - $as_echo "$ac_cs_config"; exit ;; + printf "%s\n" "$ac_cs_config"; exit ;; --debug | --debu | --deb | --de | --d | -d ) debug=: ;; --file | --fil | --fi | --f ) $ac_shift case $ac_optarg in - *\'*) ac_optarg=`$as_echo "$ac_optarg" | sed "s/'/'\\\\\\\\''/g"` ;; + *\'*) ac_optarg=`printf "%s\n" "$ac_optarg" | sed "s/'/'\\\\\\\\''/g"` ;; '') as_fn_error $? "missing file argument" ;; esac as_fn_append CONFIG_FILES " '$ac_optarg'" @@ -28940,7 +32867,7 @@ --header | --heade | --head | --hea ) $ac_shift case $ac_optarg in - *\'*) ac_optarg=`$as_echo "$ac_optarg" | sed "s/'/'\\\\\\\\''/g"` ;; + *\'*) ac_optarg=`printf "%s\n" "$ac_optarg" | sed "s/'/'\\\\\\\\''/g"` ;; esac as_fn_append CONFIG_HEADERS " '$ac_optarg'" ac_need_defaults=false;; @@ -28949,7 +32876,7 @@ as_fn_error $? "ambiguous option: \`$1' Try \`$0 --help' for more information.";; --help | --hel | -h ) - $as_echo "$ac_cs_usage"; exit ;; + printf "%s\n" "$ac_cs_usage"; exit ;; -q | -quiet | --quiet | --quie | --qui | --qu | --q \ | -silent | --silent | --silen | --sile | --sil | --si | --s) ac_cs_silent=: ;; @@ -28977,7 +32904,7 @@ if \$ac_cs_recheck; then set X $SHELL '$0' $ac_configure_args \$ac_configure_extra_args --no-create --no-recursion shift - \$as_echo "running CONFIG_SHELL=$SHELL \$*" >&6 + \printf "%s\n" "running CONFIG_SHELL=$SHELL \$*" >&6 CONFIG_SHELL='$SHELL' export CONFIG_SHELL exec "\$@" @@ -28991,7 +32918,7 @@ sed 'h;s/./-/g;s/^.../## /;s/...$/ ##/;p;x;p;x' <<_ASBOX ## Running $as_me. ## _ASBOX - $as_echo "$ac_log" + printf "%s\n" "$ac_log" } >&5 _ACEOF @@ -29304,16 +33231,19 @@ "etc/init.d/$INIT_SCRIPT") CONFIG_FILES="$CONFIG_FILES etc/init.d/$INIT_SCRIPT" ;; "etc/init.d/sudo.conf") CONFIG_FILES="$CONFIG_FILES etc/init.d/sudo.conf" ;; "Makefile") CONFIG_FILES="$CONFIG_FILES Makefile" ;; - "doc/Makefile") CONFIG_FILES="$CONFIG_FILES doc/Makefile" ;; + "docs/Makefile") CONFIG_FILES="$CONFIG_FILES docs/Makefile" ;; "examples/Makefile") CONFIG_FILES="$CONFIG_FILES examples/Makefile" ;; "examples/sudo.conf") CONFIG_FILES="$CONFIG_FILES examples/sudo.conf" ;; "include/Makefile") CONFIG_FILES="$CONFIG_FILES include/Makefile" ;; "lib/eventlog/Makefile") CONFIG_FILES="$CONFIG_FILES lib/eventlog/Makefile" ;; + "lib/fuzzstub/Makefile") CONFIG_FILES="$CONFIG_FILES lib/fuzzstub/Makefile" ;; "lib/iolog/Makefile") CONFIG_FILES="$CONFIG_FILES lib/iolog/Makefile" ;; "lib/logsrv/Makefile") CONFIG_FILES="$CONFIG_FILES lib/logsrv/Makefile" ;; + "lib/protobuf-c/Makefile") CONFIG_FILES="$CONFIG_FILES lib/protobuf-c/Makefile" ;; "lib/util/Makefile") CONFIG_FILES="$CONFIG_FILES lib/util/Makefile" ;; "lib/util/util.exp") CONFIG_FILES="$CONFIG_FILES lib/util/util.exp" ;; "logsrvd/Makefile") CONFIG_FILES="$CONFIG_FILES logsrvd/Makefile" ;; + "src/intercept.exp") CONFIG_FILES="$CONFIG_FILES src/intercept.exp" ;; "src/sudo_usage.h") CONFIG_FILES="$CONFIG_FILES src/sudo_usage.h" ;; "src/Makefile") CONFIG_FILES="$CONFIG_FILES src/Makefile" ;; "plugins/audit_json/Makefile") CONFIG_FILES="$CONFIG_FILES plugins/audit_json/Makefile" ;; @@ -29334,9 +33264,9 @@ # We use the long form for the default assignment because of an extremely # bizarre bug on SunOS 4.1.3. if $ac_need_defaults; then - test "${CONFIG_FILES+set}" = set || CONFIG_FILES=$config_files - test "${CONFIG_HEADERS+set}" = set || CONFIG_HEADERS=$config_headers - test "${CONFIG_COMMANDS+set}" = set || CONFIG_COMMANDS=$config_commands + test ${CONFIG_FILES+y} || CONFIG_FILES=$config_files + test ${CONFIG_HEADERS+y} || CONFIG_HEADERS=$config_headers + test ${CONFIG_COMMANDS+y} || CONFIG_COMMANDS=$config_commands fi # Have a temporary directory for convenience. Make it in the build tree @@ -29672,7 +33602,7 @@ esac || as_fn_error 1 "cannot find input file: \`$ac_f'" "$LINENO" 5;; esac - case $ac_f in *\'*) ac_f=`$as_echo "$ac_f" | sed "s/'/'\\\\\\\\''/g"`;; esac + case $ac_f in *\'*) ac_f=`printf "%s\n" "$ac_f" | sed "s/'/'\\\\\\\\''/g"`;; esac as_fn_append ac_file_inputs " '$ac_f'" done @@ -29680,17 +33610,17 @@ # use $as_me), people would be surprised to read: # /* config.h. Generated by config.status. */ configure_input='Generated from '` - $as_echo "$*" | sed 's|^[^:]*/||;s|:[^:]*/|, |g' + printf "%s\n" "$*" | sed 's|^[^:]*/||;s|:[^:]*/|, |g' `' by configure.' if test x"$ac_file" != x-; then configure_input="$ac_file. $configure_input" - { $as_echo "$as_me:${as_lineno-$LINENO}: creating $ac_file" >&5 -$as_echo "$as_me: creating $ac_file" >&6;} + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: creating $ac_file" >&5 +printf "%s\n" "$as_me: creating $ac_file" >&6;} fi # Neutralize special characters interpreted by sed in replacement strings. case $configure_input in #( *\&* | *\|* | *\\* ) - ac_sed_conf_input=`$as_echo "$configure_input" | + ac_sed_conf_input=`printf "%s\n" "$configure_input" | sed 's/[\\\\&|]/\\\\&/g'`;; #( *) ac_sed_conf_input=$configure_input;; esac @@ -29707,7 +33637,7 @@ X"$ac_file" : 'X\(//\)[^/]' \| \ X"$ac_file" : 'X\(//\)$' \| \ X"$ac_file" : 'X\(/\)' \| . 2>/dev/null || -$as_echo X"$ac_file" | +printf "%s\n" X"$ac_file" | sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{ s//\1/ q @@ -29731,9 +33661,9 @@ case "$ac_dir" in .) ac_dir_suffix= ac_top_builddir_sub=. ac_top_build_prefix= ;; *) - ac_dir_suffix=/`$as_echo "$ac_dir" | sed 's|^\.[\\/]||'` + ac_dir_suffix=/`printf "%s\n" "$ac_dir" | sed 's|^\.[\\/]||'` # A ".." for each directory in $ac_dir_suffix. - ac_top_builddir_sub=`$as_echo "$ac_dir_suffix" | sed 's|/[^\\/]*|/..|g;s|/||'` + ac_top_builddir_sub=`printf "%s\n" "$ac_dir_suffix" | sed 's|/[^\\/]*|/..|g;s|/||'` case $ac_top_builddir_sub in "") ac_top_builddir_sub=. ac_top_build_prefix= ;; *) ac_top_build_prefix=$ac_top_builddir_sub/ ;; @@ -29786,8 +33716,8 @@ case `eval "sed -n \"\$ac_sed_dataroot\" $ac_file_inputs"` in *datarootdir*) ac_datarootdir_seen=yes;; *@datadir@*|*@docdir@*|*@infodir@*|*@localedir@*|*@mandir@*) - { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: $ac_file_inputs seems to ignore the --datarootdir setting" >&5 -$as_echo "$as_me: WARNING: $ac_file_inputs seems to ignore the --datarootdir setting" >&2;} + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: WARNING: $ac_file_inputs seems to ignore the --datarootdir setting" >&5 +printf "%s\n" "$as_me: WARNING: $ac_file_inputs seems to ignore the --datarootdir setting" >&2;} _ACEOF cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1 ac_datarootdir_hack=' @@ -29829,9 +33759,9 @@ { ac_out=`sed -n '/\${datarootdir}/p' "$ac_tmp/out"`; test -n "$ac_out"; } && { ac_out=`sed -n '/^[ ]*datarootdir[ ]*:*=/p' \ "$ac_tmp/out"`; test -z "$ac_out"; } && - { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: $ac_file contains a reference to the variable \`datarootdir' + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: WARNING: $ac_file contains a reference to the variable \`datarootdir' which seems to be undefined. Please make sure it is defined" >&5 -$as_echo "$as_me: WARNING: $ac_file contains a reference to the variable \`datarootdir' +printf "%s\n" "$as_me: WARNING: $ac_file contains a reference to the variable \`datarootdir' which seems to be undefined. Please make sure it is defined" >&2;} rm -f "$ac_tmp/stdin" @@ -29847,27 +33777,27 @@ # if test x"$ac_file" != x-; then { - $as_echo "/* $configure_input */" \ + printf "%s\n" "/* $configure_input */" >&1 \ && eval '$AWK -f "$ac_tmp/defines.awk"' "$ac_file_inputs" } >"$ac_tmp/config.h" \ || as_fn_error $? "could not create $ac_file" "$LINENO" 5 if diff "$ac_file" "$ac_tmp/config.h" >/dev/null 2>&1; then - { $as_echo "$as_me:${as_lineno-$LINENO}: $ac_file is unchanged" >&5 -$as_echo "$as_me: $ac_file is unchanged" >&6;} + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: $ac_file is unchanged" >&5 +printf "%s\n" "$as_me: $ac_file is unchanged" >&6;} else rm -f "$ac_file" mv "$ac_tmp/config.h" "$ac_file" \ || as_fn_error $? "could not create $ac_file" "$LINENO" 5 fi else - $as_echo "/* $configure_input */" \ + printf "%s\n" "/* $configure_input */" >&1 \ && eval '$AWK -f "$ac_tmp/defines.awk"' "$ac_file_inputs" \ || as_fn_error $? "could not create -" "$LINENO" 5 fi ;; - :C) { $as_echo "$as_me:${as_lineno-$LINENO}: executing $ac_file commands" >&5 -$as_echo "$as_me: executing $ac_file commands" >&6;} + :C) { printf "%s\n" "$as_me:${as_lineno-$LINENO}: executing $ac_file commands" >&5 +printf "%s\n" "$as_me: executing $ac_file commands" >&6;} ;; esac @@ -30407,6 +34337,7 @@ esac + ltmain=$ac_aux_dir/ltmain.sh @@ -30456,24 +34387,186 @@ $ac_cs_success || as_fn_exit 1 fi if test -n "$ac_unrecognized_opts" && test "$enable_option_checking" != no; then - { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: unrecognized options: $ac_unrecognized_opts" >&5 -$as_echo "$as_me: WARNING: unrecognized options: $ac_unrecognized_opts" >&2;} + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: WARNING: unrecognized options: $ac_unrecognized_opts" >&5 +printf "%s\n" "$as_me: WARNING: unrecognized options: $ac_unrecognized_opts" >&2;} fi +if test ${LIBTLS+y}; then + have_tls=yes +fi +echo "" >&6 +echo "Configured Sudo version $PACKAGE_VERSION" >&6 +echo " Compiler settings:" >&6 +echo " prefix : $prefix" >&6 +echo " compiler : $CC" >&6 +echo " compiler options : $CFLAGS" >&6 +echo " preprocessor options : $CPPFLAGS" >&6 +echo " linker options : $LDFLAGS" >&6 +echo " front-end libraries : $SUDO_LIBS" >&6 +echo " sudoers libraries : $SUDOERS_LIBS" >&6 +echo " extra libraries : $LIBS" >&6 +if test "${enable_sanitizer-no}" != "no"; then + echo " sanitizer options : ${enable_sanitizer}" >&6 +fi +if test X"$FUZZ_LD" != X"\$(CC)"; then + echo " fuzzing linker : ${FUZZ_LD}" >&6 +fi +if test X"$FUZZ_ENGINE" != X"\$(top_builddir)/lib/fuzzstub/libsudo_fuzzstub.la"; then + echo " fuzzing engine : ${FUZZ_ENGINE}" >&6 +fi +echo " Plugin options:" >&6 +echo " plugin support : ${SHLIB_ENABLE}" >&6 +echo " Sudoers plugin static : ${enable_static_sudoers-no}" >&6 +echo " Python plugin : ${enable_python-no}" >&6 +if test "${enable_python-no}" != "no"; then + echo " Python CFLAGS : ${PYTHON_INCLUDE}" >&6 + echo " Python LDFLAGS : ${PYTHON_LIBS}" >&6 +fi +echo " Optional features:" >&6 +echo " log client : ${enable_log_client-yes}" >&6 +echo " log server : ${enable_log_server-yes}" >&6 +echo " log client/server TLS : ${have_tls-no}" >&6 +case "$host_os" in + linux*) echo " SELinux RBAC : ${with_selinux-yes}" >&6;; +esac +echo " Optional sudoers back-ends:" >&6 +echo " LDAP : ${with_ldap-no}" >&6 +if test "${with_ldap-no}" != "no"; then + echo " ldap configuration : ${ldap_conf}" >&6 + echo " ldap secret : ${ldap_secret}" >&6 + echo " SASL authentication : ${enable_sasl-no}" >&6 +fi +echo " SSSD : ${with_sssd-no}" >&6 +if test "${with_sssd-no}" != "no"; then + echo " SSSD config path : ${sssd_conf}" >&6 + if test "${sssd_lib}" = \""LIBDIR\""; then + echo " SSSD lib dir : ${libdir}" >&6 + else + echo " SSSD lib dir : ${sssd_lib}" >&6 + fi +fi +echo " Authentication options:" >&6 +echo " require authentication : ${enable_authentication-yes}" >&6 +auth_methods=`echo "$AUTH_OBJS" | sed -e 's/\.lo//g' -e 's/getspwuid *//'` +echo " authentication methods : ${auth_methods}" >&6 +if test "${with_pam-no}" = "yes"; then + echo " pam session support : ${pam_session}" >&6 + echo " pam login service : ${pam_login_service}" >&6 +fi +if test "${with_kerb5-no}" != "no"; then + echo " kerb5 instance string : ${with_kerb5-none}" >&6 +fi +if test "${with_opie-no}-${with_skey-no}" != "no-no"; then + echo " long OTP prompt : ${long_otp_prompt-no}" >&6 +fi +echo " group exempt from passwords : ${with_exempt-none}" >&6 +echo " password prompt : ${passprompt}" >&6 +echo " password prompt timeout : ${password_timeout} minutes" >&6 +echo " password tries : ${passwd_tries}" >&6 +echo " bad password message : ${badpass_message}" >&6 +if test "$insults" = "on"; then + i="" + test "$enable_offensive_insults" = "yes" && i="offensive ${i}" + test "$with_python_insults" = "yes" && i="python ${i}" + test "$with_goons_insults" = "yes" && i="goons ${i}" + test "$with_hal_insults" = "yes" && i="hal ${i}" + test "$with_csops_insults" = "yes" && i="csops ${i}" + test "$with_classic_insults" = "yes" && i="classic ${i}" +else + i=no +fi +echo " insults : $i" >&6 +echo " display lecture : ${lecture}" >&6 +echo " timestamp (credential) type : ${timestamp_type}" >&6 +echo " timestamp (credential) timeout: ${timeout} minutes" >&6 +echo " Logging options:" >&6 +echo " logging default : ${with_logging}" >&6 +echo " syslog facility : ${logfac}" >&6 +echo " syslog priority allowed : ${goodpri}" >&6 +echo " syslog priority denied : ${badpri}" >&6 +echo " log file path : ${logpath}" >&6 +echo " log file includes hostname : ${enable_log_host-no}" >&6 +echo " log file line length : ${loglen}" >&6 +echo " compress I/O logs : ${enable_zlib}" >&6 +case "$host_os" in + linux*) echo " Linux audit : ${with_linux_audit-no}" >&6;; + solaris2.11*) echo " Solaris audit : ${with_solaris_audit-no}" >&6;; + *) echo " BSM audit : ${with_bsm_audit-no}" >&6;; +esac +echo " run mailer as root : ${enable_root_mailer-yes}" >&6 +echo " warning/error mail recipient : ${mailto}" >&6 +echo " warning/error mail subject : ${mailsub}" >&6 +echo " mail if user not in sudoers : ${mail_no_user}" >&6 +echo " mail if user not on host : ${mail_no_host}" >&6 +echo " mail if command not allowed : ${mail_no_perms}" >&6 +echo " Pathnames:" >&6 +echo " log directory : ${log_dir}" >&6 +echo " plugin directory : ${plugindir}" >&6 +echo " run directory : ${rundir}" >&6 +echo " var directory : ${vardir}" >&6 +echo " I/O log directory : ${iolog_dir}" >&6 +echo " sudo_logsrvd relay directory : ${relay_dir}" >&6 +echo " time zone directory : ${tzdir}" >&6 +echo " path to sendmail : ${with_sendmail}" >&6 +if test -n "$TMPFILES_D"; then + echo " systemd tempfiles dir : ${TMPFILES_D}" >&6 +fi +if test ${with_netsvc-"no"} != "no"; then + echo " netsvc file : ${netsvc_conf}" >&6 +elif test ${with_nsswitch-"yes"} != "no"; then + echo " nsswitch file : ${nsswitch_conf}" >&6 +fi +echo " noexec file : ${noexec_file}" >&6 +echo " secure path : ${with_secure_path-no}" >&6 +echo " askpass helper file : ${with_askpass-no}" >&6 +echo " device search path : ${devsearch}" >&6 +echo " Other options:" >&6 +if test "${with_devel-no}" != "no"; then + echo " development build : ${with_devel}" >&6 +fi +case "$host_os" in + solaris2*) echo " Solaris project support : ${with_project-no}" >&6;; +esac +if test "${with_logincap+set}" = "set"; then + echo " /etc/login.conf support : ${with_logincap}" >&6 +fi +echo " fully-qualified domain names : ${fqdn}" >&6 +echo " default umask : ${sudo_umask}" >&6 +echo " umask override : ${umask_override}" >&6 +echo " default runas user : ${runas_default}" >&6 +echo " probe network interfaces : ${with_interfaces-yes}" >&6 +echo " allow root to run sudo : ${root_sudo}" >&6 +echo " reset environment for commands: ${env_reset}" >&6 +echo " run shell if no args : ${enable_noargs_shell-no}" >&6 +echo " ignore '.' or '' in \$PATH : ${ignore_dot}" >&6 +echo " disable path info : ${enable_path_info-no}" >&6 +echo " sudoers file mode : ${SUDOERS_MODE}" >&6 +echo " sudoers file owner : ${SUDOERS_UID}:${SUDOERS_GID}" >&6 +echo " default visudo editor : ${editor}" >&6 +echo " visudo supports \$EDITOR : ${env_editor}" >&6 +if test "${enable_env_debug+set}" = "set"; then + echo " environment debugging : ${enable_env_debug-no}" >&6 +fi +echo "" >&6 + +if test "$openssl_missing" = "yes"; then + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: WARNING: OpenSSL dev libraries not found, Sudo logsrv connections will not be encrypted." >&5 +printf "%s\n" "$as_me: WARNING: OpenSSL dev libraries not found, Sudo logsrv connections will not be encrypted." >&2;} +fi if test "$with_pam" = "yes"; then case $host_os in - hpux*) + hpux*|hiuxmpp*) if test -f /usr/lib/security/libpam_hpsec.so.1; then - { $as_echo "$as_me:${as_lineno-$LINENO}: You may wish to add the following line to /etc/pam.conf" >&5 -$as_echo "$as_me: You may wish to add the following line to /etc/pam.conf" >&6;} - { $as_echo "$as_me:${as_lineno-$LINENO}: sudo session required libpam_hpsec.so.1 bypass_umask bypass_last_login" >&5 -$as_echo "$as_me: sudo session required libpam_hpsec.so.1 bypass_umask bypass_last_login" >&6;} + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: you may wish to add the following line to /etc/pam.conf" >&5 +printf "%s\n" "$as_me: you may wish to add the following line to /etc/pam.conf" >&6;} + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: sudo session required libpam_hpsec.so.1 bypass_umask bypass_last_login" >&5 +printf "%s\n" "$as_me: sudo session required libpam_hpsec.so.1 bypass_umask bypass_last_login" >&6;} fi ;; linux*) - { $as_echo "$as_me:${as_lineno-$LINENO}: You will need to customize examples/pam.conf and install it as /etc/pam.d/sudo" >&5 -$as_echo "$as_me: You will need to customize examples/pam.conf and install it as /etc/pam.d/sudo" >&6;} + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: you will need to customize examples/pam.conf and install it as /etc/pam.d/sudo" >&5 +printf "%s\n" "$as_me: you will need to customize examples/pam.conf and install it as /etc/pam.d/sudo" >&6;} ;; esac fi @@ -30486,14 +34579,17 @@ ;; esac if test $clear_rundir -eq 1; then - { $as_echo "$as_me:${as_lineno-$LINENO}: Warning: the $rundir/ts directory must be cleared at boot time." >&5 -$as_echo "$as_me: Warning: the $rundir/ts directory must be cleared at boot time." >&6;} - { $as_echo "$as_me:${as_lineno-$LINENO}: You may need to create a startup item to do this." >&5 -$as_echo "$as_me: You may need to create a startup item to do this." >&6;} + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: warning: the $rundir/ts directory must be cleared at boot time." >&5 +printf "%s\n" "$as_me: warning: the $rundir/ts directory must be cleared at boot time." >&6;} + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: You may need to create a startup item to do this." >&5 +printf "%s\n" "$as_me: You may need to create a startup item to do this." >&6;} fi + + + diff -Nru sudo-1.9.5p2/configure.ac sudo-1.9.9/configure.ac --- sudo-1.9.5p2/configure.ac 2021-01-23 15:45:11.000000000 +0000 +++ sudo-1.9.9/configure.ac 2022-01-27 21:25:46.000000000 +0000 @@ -17,14 +17,11 @@ dnl ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF dnl OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. dnl -AC_PREREQ([2.59]) -AC_INIT([sudo], [1.9.5p2], [https://bugzilla.sudo.ws/], [sudo]) +AC_PREREQ([2.70]) +AC_INIT([sudo], [1.9.9], [https://bugzilla.sudo.ws/], [sudo]) AC_CONFIG_HEADERS([config.h pathnames.h]) AC_CONFIG_SRCDIR([src/sudo.c]) -dnl -dnl Note: this must come after AC_INIT -dnl -AC_MSG_NOTICE([Configuring Sudo version $PACKAGE_VERSION]) +AC_CONFIG_AUX_DIR([scripts]) dnl dnl Variables that get substituted in the Makefile and man pages dnl @@ -44,6 +41,7 @@ AC_SUBST([LT_STATIC]) AC_SUBST([LT_DEP_LIBS]) AC_SUBST([COMMON_OBJS]) +AC_SUBST([SUDOERS_LT_STATIC]) AC_SUBST([SUDOERS_OBJS]) AC_SUBST([SUDO_OBJS]) AC_SUBST([LIBS]) @@ -72,13 +70,17 @@ AC_SUBST([devdir]) AC_SUBST([mansectsu]) AC_SUBST([mansectform]) +AC_SUBST([INTERCEPTFILE]) +AC_SUBST([INTERCEPTDIR]) +AC_SUBST([intercept_file]) AC_SUBST([NOEXECFILE]) AC_SUBST([NOEXECDIR]) AC_SUBST([noexec_file]) AC_SUBST([sesh_file]) AC_SUBST([INSTALL_BACKUP]) +AC_SUBST([INSTALL_INTERCEPT]) AC_SUBST([INSTALL_NOEXEC]) -AC_SUBST([CHECK_NOEXEC]) +AC_SUBST([PRELOAD_MODULE]) AC_SUBST([DONT_LEAK_PATH_INFO]) AC_SUBST([BSDAUTH_USAGE]) AC_SUBST([SELINUX_USAGE]) @@ -91,6 +93,7 @@ AC_SUBST([LIBDL]) AC_SUBST([LIBRT]) AC_SUBST([LIBINTL]) +AC_SUBST([LIBCRYPTO]) AC_SUBST([LIBMD]) AC_SUBST([LIBTLS]) AC_SUBST([LIBPTHREAD]) @@ -122,6 +125,9 @@ AC_SUBST([LOGSRVD_CONF]) AC_SUBST([LIBLOGSRV]) AC_SUBST([PPFILES]) +AC_SUBST([FUZZ_ENGINE]) +AC_SUBST([FUZZ_LD]) +AC_SUBST([INTERCEPT_EXP]) dnl dnl Variables that get substituted in docs (not overridden by environment) @@ -129,6 +135,7 @@ AC_SUBST([iolog_dir])dnl real initial value from SUDO_IO_LOGDIR AC_SUBST([log_dir])dnl real initial value from SUDO_LOGDIR AC_SUBST([logpath])dnl real initial value from SUDO_LOGFILE +AC_SUBST([relay_dir])dnl real initial value from SUDO_RELAY_DIR AC_SUBST([rundir])dnl real initial value from SUDO_RUNDIR AC_SUBST([vardir])dnl real initial value from SUDO_VARDIR AC_SUBST([timeout]) @@ -174,6 +181,7 @@ iolog_dir=/var/log/sudo-io log_dir=/var/log logpath=/var/log/sudo.log +relay_dir=/var/log/sudo_logsrvd rundir=/var/run/sudo vardir=/var/adm/sudo timeout=5 @@ -207,6 +215,7 @@ ldap_conf=/etc/ldap.conf ldap_secret=/etc/ldap.secret netsvc_conf=/etc/netsvc.conf +intercept_file="$libexecdir/sudo/sudo_intercept.so" noexec_file="$libexecdir/sudo/sudo_noexec.so" sesh_file="$libexecdir/sudo/sesh" nsswitch_conf=/etc/nsswitch.conf @@ -224,8 +233,9 @@ dnl May be overridden by environment variables.. dnl INSTALL_BACKUP= +INSTALL_INTERCEPT= INSTALL_NOEXEC= -CHECK_NOEXEC= +PRELOAD_MODULE=-module exampledir='$(docdir)/examples' devdir='$(srcdir)' PROGS="sudo" @@ -234,7 +244,6 @@ : ${SUDOERS_MODE='0440'} : ${SUDOERS_UID='0'} : ${SUDOERS_GID='0'} -: ${PKG_CONFIG='pkg-config'} DEVEL= LDAP="#" BAMAN=0 @@ -242,6 +251,7 @@ PSMAN=0 SEMAN=0 LIBINTL= +LIBCRYPTO= LIBMD= LIBTLS= ZLIB= @@ -261,6 +271,9 @@ RC_LINK= COMPAT_EXP= SIGNAME= +FUZZ_ENGINE= +FUZZ_LD='$(CC)' +INTERCEPT_EXP= dnl dnl Other variables dnl @@ -342,13 +355,13 @@ AC_ARG_WITH(devel, [AS_HELP_STRING([--with-devel], [add development options])], [case $with_devel in - yes) AC_MSG_NOTICE([Setting up for development: -Wall, flex, yacc]) + yes) AC_MSG_NOTICE([setting up for development: -Wall, flex, yacc]) AX_APPEND_FLAG([-DSUDO_DEVEL], [CPPFLAGS]) DEVEL="true" devdir=. ;; no) ;; - *) AC_MSG_WARN([Ignoring unknown argument to --with-devel: $with_devel]) + *) AC_MSG_WARN([ignoring unknown argument to --with-devel: $with_devel]) ;; esac]) @@ -374,7 +387,7 @@ SUDOERS_OBJS="${SUDOERS_OBJS} bsm_audit.lo" ;; no) ;; - *) AC_MSG_ERROR(["--with-bsm-audit does not take an argument."]) + *) AC_MSG_ERROR([--with-bsm-audit does not take an argument.]) ;; esac]) @@ -393,7 +406,7 @@ ]) ;; no) ;; - *) AC_MSG_ERROR(["--with-linux-audit does not take an argument."]) + *) AC_MSG_ERROR([--with-linux-audit does not take an argument.]) ;; esac]) @@ -407,7 +420,7 @@ SUDOERS_OBJS="${SUDOERS_OBJS} solaris_audit.lo" ;; no) ;; - *) AC_MSG_ERROR(["--with-solaris-audit does not take an argument."]) + *) AC_MSG_ERROR([--with-solaris-audit does not take an argument.]) ;; esac]) @@ -424,7 +437,7 @@ AC_DEFINE(HAVE_SSSD) ;; no) ;; - *) AC_MSG_ERROR(["--with-sssd does not take an argument."]) + *) AC_MSG_ERROR([--with-sssd does not take an argument.]) ;; esac]) @@ -440,11 +453,11 @@ AC_ARG_WITH(incpath, [AS_HELP_STRING([--with-incpath], [additional places to look for include files])], [case $with_incpath in - yes) AC_MSG_ERROR(["must give --with-incpath an argument."]) + yes) AC_MSG_ERROR([must give --with-incpath an argument.]) ;; - no) AC_MSG_ERROR(["--without-incpath not supported."]) + no) AC_MSG_ERROR([--without-incpath not supported.]) ;; - *) AC_MSG_NOTICE([Adding ${with_incpath} to CPPFLAGS]) + *) AC_MSG_NOTICE([adding ${with_incpath} to CPPFLAGS]) for i in ${with_incpath}; do AX_APPEND_FLAG([-I${i}], [CPPFLAGS]) done @@ -453,40 +466,27 @@ AC_ARG_WITH(libpath, [AS_HELP_STRING([--with-libpath], [additional places to look for libraries])], [case $with_libpath in - yes) AC_MSG_ERROR(["must give --with-libpath an argument."]) + yes) AC_MSG_ERROR([must give --with-libpath an argument.]) ;; - no) AC_MSG_ERROR(["--without-libpath not supported."]) + no) AC_MSG_ERROR([--without-libpath not supported.]) ;; - *) AC_MSG_NOTICE([Adding ${with_libpath} to LDFLAGS]) + *) AC_MSG_NOTICE([adding ${with_libpath} to LDFLAGS]) ;; esac]) AC_ARG_WITH(libraries, [AS_HELP_STRING([--with-libraries], [additional libraries to link with])], [case $with_libraries in - yes) AC_MSG_ERROR(["must give --with-libraries an argument."]) + yes) AC_MSG_ERROR([must give --with-libraries an argument.]) ;; - no) AC_MSG_ERROR(["--without-libraries not supported."]) + no) AC_MSG_ERROR([--without-libraries not supported.]) ;; - *) AC_MSG_NOTICE([Adding ${with_libraries} to LIBS]) - ;; -esac]) - -AC_ARG_WITH(efence, [AS_HELP_STRING([--with-efence], [link with -lefence for malloc() debugging])], -[case $with_efence in - yes) AC_MSG_NOTICE([Sudo will link with -lefence (Electric Fence)]) - LIBS="${LIBS} -lefence" - if test -f /usr/local/lib/libefence.a; then - with_libpath="${with_libpath} /usr/local/lib" - fi - ;; - no) ;; - *) AC_MSG_WARN([Ignoring unknown argument to --with-efence: $with_efence]) + *) AC_MSG_NOTICE([adding ${with_libraries} to LIBS]) ;; esac]) AC_ARG_WITH(csops, [AS_HELP_STRING([--with-csops], [add CSOps standard options])], [case $with_csops in - yes) AC_MSG_NOTICE([Adding CSOps standard options]) + yes) AC_MSG_NOTICE([adding CSOps standard options]) CHECKSIA=false with_ignore_dot=yes insults=on @@ -497,18 +497,16 @@ : ${mansectform='5'} ;; no) ;; - *) AC_MSG_WARN([Ignoring unknown argument to --with-csops: $with_csops]) + *) AC_MSG_WARN([ignoring unknown argument to --with-csops: $with_csops]) ;; esac]) AC_ARG_WITH(passwd, [AS_HELP_STRING([--without-passwd], [don't use passwd/shadow file for authentication])], [case $with_passwd in - yes|no) AC_MSG_CHECKING(whether to use shadow/passwd file authentication) - AC_MSG_RESULT($with_passwd) - AUTH_DEF="" + yes|no) AUTH_DEF="" test "$with_passwd" = "yes" && AUTH_REG="$AUTH_REG passwd" ;; - *) AC_MSG_ERROR(["Sorry, --with-passwd does not take an argument."]) + *) AC_MSG_ERROR([sorry, --with-passwd does not take an argument.]) ;; esac]) @@ -516,8 +514,6 @@ [case $with_skey in no) ;; *) AC_DEFINE(HAVE_SKEY) - AC_MSG_CHECKING(whether to try S/Key authentication) - AC_MSG_RESULT(yes) AUTH_REG="$AUTH_REG S/Key" ;; esac]) @@ -526,8 +522,6 @@ [case $with_opie in no) ;; *) AC_DEFINE(HAVE_OPIE) - AC_MSG_CHECKING(whether to try NRL OPIE authentication) - AC_MSG_RESULT(yes) AUTH_REG="$AUTH_REG NRL_OPIE" ;; esac]) @@ -535,13 +529,11 @@ AC_ARG_WITH(long-otp-prompt, [AS_HELP_STRING([--with-long-otp-prompt], [use a two line OTP (skey/opie) prompt])], [case $with_long_otp_prompt in yes) AC_DEFINE(LONG_OTP_PROMPT) - AC_MSG_CHECKING(whether to use a two line prompt for OTP authentication) - AC_MSG_RESULT(yes) long_otp_prompt=on ;; no) long_otp_prompt=off ;; - *) AC_MSG_ERROR(["--with-long-otp-prompt does not take an argument."]) + *) AC_MSG_ERROR([--with-long-otp-prompt does not take an argument.]) ;; esac]) @@ -549,8 +541,6 @@ [case $with_SecurID in no) ;; *) AC_DEFINE(HAVE_SECURID) - AC_MSG_CHECKING(whether to use SecurID for authentication) - AC_MSG_RESULT(yes) AUTH_EXCL="$AUTH_EXCL SecurID" ;; esac]) @@ -559,8 +549,6 @@ [case $with_fwtk in no) ;; *) AC_DEFINE(HAVE_FWTK) - AC_MSG_CHECKING(whether to use FWTK AuthSRV for authentication) - AC_MSG_RESULT(yes) AUTH_EXCL="$AUTH_EXCL FWTK" ;; esac]) @@ -568,9 +556,7 @@ AC_ARG_WITH(kerb5, [AS_HELP_STRING([--with-kerb5[[=DIR]]], [enable Kerberos V support])], [case $with_kerb5 in no) ;; - *) AC_MSG_CHECKING(whether to try Kerberos V authentication) - AC_MSG_RESULT(yes) - AUTH_REG="$AUTH_REG kerb5" + *) AUTH_REG="$AUTH_REG kerb5" ;; esac]) @@ -578,7 +564,7 @@ [case $with_aixauth in yes) AUTH_EXCL="$AUTH_EXCL AIX_AUTH";; no) ;; - *) AC_MSG_ERROR(["--with-aixauth does not take an argument."]) + *) AC_MSG_ERROR([--with-aixauth does not take an argument.]) ;; esac]) @@ -586,38 +572,34 @@ [case $with_pam in yes) AUTH_EXCL="$AUTH_EXCL PAM";; no) ;; - *) AC_MSG_ERROR(["--with-pam does not take an argument."]) + *) AC_MSG_ERROR([--with-pam does not take an argument.]) ;; esac]) AC_ARG_WITH(AFS, [AS_HELP_STRING([--with-AFS], [enable AFS support])], [case $with_AFS in yes) AC_DEFINE(HAVE_AFS) - AC_MSG_CHECKING(whether to try AFS (kerberos) authentication) - AC_MSG_RESULT(yes) AUTH_REG="$AUTH_REG AFS" ;; no) ;; - *) AC_MSG_ERROR(["--with-AFS does not take an argument."]) + *) AC_MSG_ERROR([--with-AFS does not take an argument.]) ;; esac]) AC_ARG_WITH(DCE, [AS_HELP_STRING([--with-DCE], [enable DCE support])], [case $with_DCE in yes) AC_DEFINE(HAVE_DCE) - AC_MSG_CHECKING(whether to try DCE (kerberos) authentication) - AC_MSG_RESULT(yes) AUTH_REG="$AUTH_REG DCE" ;; no) ;; - *) AC_MSG_ERROR(["--with-DCE does not take an argument."]) + *) AC_MSG_ERROR([--with-DCE does not take an argument.]) ;; esac]) AC_ARG_WITH(logincap, [AS_HELP_STRING([--with-logincap], [enable BSD login class support])], [case $with_logincap in yes|no) ;; - *) AC_MSG_ERROR(["--with-logincap does not take an argument."]) + *) AC_MSG_ERROR([--with-logincap does not take an argument.]) ;; esac]) @@ -625,89 +607,79 @@ [case $with_bsdauth in yes) AUTH_EXCL="$AUTH_EXCL BSD_AUTH";; no) ;; - *) AC_MSG_ERROR(["--with-bsdauth does not take an argument."]) + *) AC_MSG_ERROR([--with-bsdauth does not take an argument.]) ;; esac]) AC_ARG_WITH(project, [AS_HELP_STRING([--with-project], [enable Solaris project support])], [case $with_project in yes|no) ;; - no) ;; - *) AC_MSG_ERROR(["--with-project does not take an argument."]) + no) ;; + *) AC_MSG_ERROR([--with-project does not take an argument.]) ;; esac]) -AC_MSG_CHECKING(whether to lecture users the first time they run sudo) AC_ARG_WITH(lecture, [AS_HELP_STRING([--without-lecture], [don't print lecture for first-time sudoer])], [case $with_lecture in yes|short|always) lecture=once - ;; + ;; no|none|never) lecture=never - ;; - *) AC_MSG_ERROR(["unknown argument to --with-lecture: $with_lecture"]) + AC_DEFINE(NO_LECTURE) + ;; + *) AC_MSG_ERROR([unknown argument to --with-lecture: $with_lecture]) ;; esac]) -if test "$lecture" = "once"; then - AC_MSG_RESULT(yes) -else - AC_DEFINE(NO_LECTURE) - AC_MSG_RESULT(no) -fi -AC_MSG_CHECKING(whether sudo should log via syslog or to a file by default) AC_ARG_WITH(logging, [AS_HELP_STRING([--with-logging], [log via syslog, file, or both])], [case $with_logging in - yes) AC_MSG_ERROR(["must give --with-logging an argument."]) + yes) AC_MSG_ERROR([must give --with-logging an argument.]) ;; - no) AC_MSG_ERROR(["--without-logging not supported."]) + no) AC_MSG_ERROR([--without-logging not supported.]) ;; syslog) AC_DEFINE(LOGGING, SLOG_SYSLOG) - AC_MSG_RESULT(syslog) ;; file) AC_DEFINE(LOGGING, SLOG_FILE) - AC_MSG_RESULT(file) ;; both) AC_DEFINE(LOGGING, SLOG_BOTH) - AC_MSG_RESULT(both) ;; - *) AC_MSG_ERROR(["unknown argument to --with-logging: $with_logging"]) + *) AC_MSG_ERROR([unknown argument to --with-logging: $with_logging]) ;; -esac], [AC_DEFINE(LOGGING, SLOG_SYSLOG) AC_MSG_RESULT(syslog)]) +esac], [ + with_logging=syslog + AC_DEFINE(LOGGING, SLOG_SYSLOG) +]) AC_ARG_WITH(logfac, [AS_HELP_STRING([--with-logfac], [syslog facility to log with (default is "auth")])], [case $with_logfac in - yes) AC_MSG_ERROR(["must give --with-logfac an argument."]) + yes) AC_MSG_ERROR([must give --with-logfac an argument.]) ;; - no) AC_MSG_ERROR(["--without-logfac not supported."]) + no) AC_MSG_ERROR([--without-logfac not supported.]) ;; authpriv|auth|daemon|user|local0|local1|local2|local3|local4|local5|local6|local7) logfac=$with_logfac ;; - *) AC_MSG_ERROR(["$with_logfac is not a supported syslog facility."]) + *) AC_MSG_ERROR([$with_logfac is not a supported syslog facility.]) ;; esac]) -AC_MSG_CHECKING(at which syslog priority to log commands) AC_ARG_WITH(goodpri, [AS_HELP_STRING([--with-goodpri], [syslog priority for commands (def is "notice")])], [case $with_goodpri in - yes) AC_MSG_ERROR(["must give --with-goodpri an argument."]) + yes) AC_MSG_ERROR([must give --with-goodpri an argument.]) ;; - no) AC_MSG_ERROR(["--without-goodpri not supported."]) + no) AC_MSG_ERROR([--without-goodpri not supported.]) ;; alert|crit|debug|emerg|err|info|notice|warning) goodpri=$with_goodpri ;; - *) AC_MSG_ERROR(["$with_goodpri is not a supported syslog priority."]) + *) AC_MSG_ERROR([$with_goodpri is not a supported syslog priority.]) ;; esac]) AC_DEFINE_UNQUOTED(PRI_SUCCESS, "$goodpri", [The syslog priority sudo will use for successful attempts.]) -AC_MSG_RESULT($goodpri) -AC_MSG_CHECKING(at which syslog priority to log failures) AC_ARG_WITH(badpri, [AS_HELP_STRING([--with-badpri], [syslog priority for failures (def is "alert")])], [case $with_badpri in - yes) AC_MSG_ERROR(["must give --with-badpri an argument."]) + yes) AC_MSG_ERROR([must give --with-badpri an argument.]) ;; - no) AC_MSG_ERROR(["--without-badpri not supported."]) + no) AC_MSG_ERROR([--without-badpri not supported.]) ;; alert|crit|debug|emerg|err|info|notice|warning) badpri=$with_badpri @@ -716,199 +688,167 @@ ;; esac]) AC_DEFINE_UNQUOTED(PRI_FAILURE, "$badpri", [The syslog priority sudo will use for unsuccessful attempts/errors.]) -AC_MSG_RESULT($badpri) AC_ARG_WITH(logpath, [AS_HELP_STRING([--with-logpath], [path to the sudo log file])], [case $with_logpath in - yes) AC_MSG_ERROR(["must give --with-logpath an argument."]) + yes) AC_MSG_ERROR([must give --with-logpath an argument.]) ;; - no) AC_MSG_ERROR(["--without-logpath not supported."]) + no) AC_MSG_ERROR([--without-logpath not supported.]) ;; esac]) -AC_MSG_CHECKING(how long a line in the log file should be) AC_ARG_WITH(loglen, [AS_HELP_STRING([--with-loglen], [maximum length of a log file line (default is 80)])], [case $with_loglen in - yes) AC_MSG_ERROR(["must give --with-loglen an argument."]) + yes) AC_MSG_ERROR([must give --with-loglen an argument.]) ;; - no) AC_MSG_ERROR(["--without-loglen not supported."]) + no) AC_MSG_ERROR([--without-loglen not supported.]) ;; [[0-9]]*) loglen=$with_loglen ;; - *) AC_MSG_ERROR(["you must enter a number, not $with_loglen"]) + *) AC_MSG_ERROR([you must enter a number, not $with_loglen]) ;; esac]) AC_DEFINE_UNQUOTED(MAXLOGFILELEN, $loglen, [The max number of chars per log file line (for line wrapping).]) -AC_MSG_RESULT($loglen) -AC_MSG_CHECKING(whether sudo should ignore '.' or '' in \$PATH) AC_ARG_WITH(ignore-dot, [AS_HELP_STRING([--with-ignore-dot], [ignore '.' in the PATH])], [case $with_ignore_dot in yes) ignore_dot=on + AC_DEFINE(IGNORE_DOT_PATH) ;; no) ignore_dot=off ;; - *) AC_MSG_ERROR(["--with-ignore-dot does not take an argument."]) + *) AC_MSG_ERROR([--with-ignore-dot does not take an argument.]) ;; esac]) -if test "$ignore_dot" = "on"; then - AC_DEFINE(IGNORE_DOT_PATH) - AC_MSG_RESULT(yes) -else - AC_MSG_RESULT(no) -fi -AC_MSG_CHECKING(whether to send mail when a user is not in sudoers) AC_ARG_WITH(mail-if-no-user, [AS_HELP_STRING([--without-mail-if-no-user], [do not send mail if user not in sudoers])], [case $with_mail_if_no_user in yes) mail_no_user=on ;; no) mail_no_user=off ;; - *) AC_MSG_ERROR(["--with-mail-if-no-user does not take an argument."]) + *) AC_MSG_ERROR([--with-mail-if-no-user does not take an argument.]) ;; esac]) if test "$mail_no_user" = "on"; then AC_DEFINE(SEND_MAIL_WHEN_NO_USER) - AC_MSG_RESULT(yes) -else - AC_MSG_RESULT(no) fi -AC_MSG_CHECKING(whether to send mail when user listed but not for this host) AC_ARG_WITH(mail-if-no-host, [AS_HELP_STRING([--with-mail-if-no-host], [send mail if user in sudoers but not for this host])], [case $with_mail_if_no_host in yes) mail_no_host=on + AC_DEFINE(SEND_MAIL_WHEN_NO_HOST) ;; no) mail_no_host=off ;; - *) AC_MSG_ERROR(["--with-mail-if-no-host does not take an argument."]) + *) AC_MSG_ERROR([--with-mail-if-no-host does not take an argument.]) ;; esac]) -if test "$mail_no_host" = "on"; then - AC_DEFINE(SEND_MAIL_WHEN_NO_HOST) - AC_MSG_RESULT(yes) -else - AC_MSG_RESULT(no) -fi -AC_MSG_CHECKING(whether to send mail when a user tries a disallowed command) AC_ARG_WITH(mail-if-noperms, [AS_HELP_STRING([--with-mail-if-noperms], [send mail if user not allowed to run command])], [case $with_mail_if_noperms in yes) mail_noperms=on + AC_DEFINE(SEND_MAIL_WHEN_NOT_OK) ;; no) mail_noperms=off ;; - *) AC_MSG_ERROR(["--with-mail-if-noperms does not take an argument."]) + *) AC_MSG_ERROR([--with-mail-if-noperms does not take an argument.]) ;; esac]) -if test "$mail_noperms" = "on"; then - AC_DEFINE(SEND_MAIL_WHEN_NOT_OK) - AC_MSG_RESULT(yes) -else - AC_MSG_RESULT(no) -fi -AC_MSG_CHECKING(who should get the mail that sudo sends) AC_ARG_WITH(mailto, [AS_HELP_STRING([--with-mailto], [who should get sudo mail (default is "root")])], [case $with_mailto in - yes) AC_MSG_ERROR(["must give --with-mailto an argument."]) + yes) AC_MSG_ERROR([must give --with-mailto an argument.]) ;; - no) AC_MSG_ERROR(["--without-mailto not supported."]) + no) AC_MSG_ERROR([--without-mailto not supported.]) ;; *) mailto=$with_mailto ;; esac]) AC_DEFINE_UNQUOTED(MAILTO, "$mailto", [The user or email address that sudo mail is sent to.]) -AC_MSG_RESULT([$mailto]) AC_ARG_WITH(mailsubject, [AS_HELP_STRING([--with-mailsubject], [subject of sudo mail])], [case $with_mailsubject in - yes) AC_MSG_ERROR(["must give --with-mailsubject an argument."]) + yes) AC_MSG_ERROR([must give --with-mailsubject an argument.]) ;; - no) AC_MSG_WARN([Sorry, --without-mailsubject not supported.]) + no) AC_MSG_WARN([sorry, --without-mailsubject not supported.]) ;; *) mailsub="$with_mailsubject" - AC_MSG_CHECKING(sudo mail subject) - AC_MSG_RESULT([Using alert mail subject: $mailsub]) ;; esac]) AC_DEFINE_UNQUOTED(MAILSUBJECT, "$mailsub", [The subject of the mail sent by sudo to the MAILTO user/address.]) -AC_MSG_CHECKING(for bad password prompt) AC_ARG_WITH(passprompt, [AS_HELP_STRING([--with-passprompt], [default password prompt])], [case $with_passprompt in - yes) AC_MSG_ERROR(["must give --with-passprompt an argument."]) + yes) AC_MSG_ERROR([must give --with-passprompt an argument.]) ;; - no) AC_MSG_WARN([Sorry, --without-passprompt not supported.]) + no) AC_MSG_WARN([sorry, --without-passprompt not supported.]) ;; *) passprompt="$with_passprompt" esac]) -AC_MSG_RESULT($passprompt) AC_DEFINE_UNQUOTED(PASSPROMPT, "$passprompt", [The default password prompt.]) -AC_MSG_CHECKING(for bad password message) AC_ARG_WITH(badpass-message, [AS_HELP_STRING([--with-badpass-message], [message the user sees when the password is wrong])], [case $with_badpass_message in - yes) AC_MSG_ERROR(["Must give --with-badpass-message an argument."]) + yes) AC_MSG_ERROR([must give --with-badpass-message an argument.]) ;; - no) AC_MSG_WARN([Sorry, --without-badpass-message not supported.]) + no) AC_MSG_WARN([sorry, --without-badpass-message not supported.]) ;; *) badpass_message="$with_badpass_message" ;; esac]) AC_DEFINE_UNQUOTED(INCORRECT_PASSWORD, "$badpass_message", [The message given when a bad password is entered.]) -AC_MSG_RESULT([$badpass_message]) -AC_MSG_CHECKING(whether to expect fully qualified hosts in sudoers) AC_ARG_WITH(fqdn, [AS_HELP_STRING([--with-fqdn], [expect fully qualified hosts in sudoers])], [case $with_fqdn in yes) fqdn=on + AC_DEFINE(FQDN) ;; no) fqdn=off ;; - *) AC_MSG_ERROR(["--with-fqdn does not take an argument."]) + *) AC_MSG_ERROR([--with-fqdn does not take an argument.]) ;; esac]) -if test "$fqdn" = "on"; then - AC_DEFINE(FQDN) - AC_MSG_RESULT(yes) -else - AC_MSG_RESULT(no) -fi AC_ARG_WITH(timedir, [AS_HELP_STRING([--with-timedir=DIR], [deprecated])], [case $with_timedir in - *) AC_MSG_ERROR(["--without-timedir no longer supported, see --with-rundir."]) + *) AC_MSG_ERROR([--without-timedir no longer supported, see --with-rundir.]) ;; esac]) AC_ARG_WITH(rundir, [AS_HELP_STRING([--with-rundir=DIR], [directory for sudo-specific files that do not survive a system reboot, e.g. `/var/run/sudo'])], [case $with_rundir in - yes) AC_MSG_ERROR(["must give --with-rundir an argument."]) + yes) AC_MSG_ERROR([must give --with-rundir an argument.]) ;; - no) AC_MSG_ERROR(["--without-rundir not supported."]) + no) AC_MSG_ERROR([--without-rundir not supported.]) ;; esac]) AC_ARG_WITH(vardir, [AS_HELP_STRING([--with-vardir=DIR], [directory for sudo-specific files that survive a system reboot, e.g. `/var/db/sudo' or `/var/lib/sudo'])], [case $with_vardir in - yes) AC_MSG_ERROR(["must give --with-vardir an argument."]) + yes) AC_MSG_ERROR([must give --with-vardir an argument.]) ;; - no) AC_MSG_ERROR(["--without-vardir not supported."]) + no) AC_MSG_ERROR([--without-vardir not supported.]) ;; esac]) AC_ARG_WITH(iologdir, [AS_HELP_STRING([--with-iologdir=DIR], [directory to store sudo I/O log files in])], [case $with_iologdir in yes) ;; - no) AC_MSG_ERROR(["--without-iologdir not supported."]) + no) AC_MSG_ERROR([--without-iologdir not supported.]) + ;; +esac]) + +AC_ARG_WITH(relaydir, [AS_HELP_STRING([--with-relaydir=DIR], [directory to store sudo_logsrvd relay temporary files in])], +[case $with_relaydir in + yes) ;; + no) AC_MSG_ERROR([--without-relaydir not supported.]) ;; esac]) AC_ARG_WITH(tzdir, [AS_HELP_STRING([--with-tzdir=DIR], [path to the time zone data directory])], [case $with_tzdir in - yes) AC_MSG_ERROR(["must give --with-tzdir an argument."]) + yes) AC_MSG_ERROR([must give --with-tzdir an argument.]) ;; esac]) @@ -924,61 +864,55 @@ AC_ARG_WITH(sudoers-mode, [AS_HELP_STRING([--with-sudoers-mode], [mode of sudoers file (defaults to 0440)])], [case $with_sudoers_mode in - yes) AC_MSG_ERROR(["must give --with-sudoers-mode an argument."]) + yes) AC_MSG_ERROR([must give --with-sudoers-mode an argument.]) ;; - no) AC_MSG_ERROR(["--without-sudoers-mode not supported."]) + no) AC_MSG_ERROR([--without-sudoers-mode not supported.]) ;; [[1-9]]*) SUDOERS_MODE=0${with_sudoers_mode} ;; 0*) SUDOERS_MODE=$with_sudoers_mode ;; - *) AC_MSG_ERROR(["you must use an octal mode, not a name."]) + *) AC_MSG_ERROR([you must use an octal mode, not a name.]) ;; esac]) AC_ARG_WITH(sudoers-uid, [AS_HELP_STRING([--with-sudoers-uid], [uid that owns sudoers file (defaults to 0)])], [case $with_sudoers_uid in - yes) AC_MSG_ERROR(["must give --with-sudoers-uid an argument."]) + yes) AC_MSG_ERROR([must give --with-sudoers-uid an argument.]) ;; - no) AC_MSG_ERROR(["--without-sudoers-uid not supported."]) + no) AC_MSG_ERROR([--without-sudoers-uid not supported.]) ;; [[0-9]]*) SUDOERS_UID=$with_sudoers_uid ;; - *) AC_MSG_ERROR(["you must use an unsigned numeric uid, not a name."]) + *) AC_MSG_ERROR([you must use an unsigned numeric uid, not a name.]) ;; esac]) AC_ARG_WITH(sudoers-gid, [AS_HELP_STRING([--with-sudoers-gid], [gid that owns sudoers file (defaults to 0)])], [case $with_sudoers_gid in - yes) AC_MSG_ERROR(["must give --with-sudoers-gid an argument."]) + yes) AC_MSG_ERROR([must give --with-sudoers-gid an argument.]) ;; - no) AC_MSG_ERROR(["--without-sudoers-gid not supported."]) + no) AC_MSG_ERROR([--without-sudoers-gid not supported.]) ;; [[0-9]]*) SUDOERS_GID=$with_sudoers_gid ;; - *) AC_MSG_ERROR(["you must use an unsigned numeric gid, not a name."]) + *) AC_MSG_ERROR([you must use an unsigned numeric gid, not a name.]) ;; esac]) -AC_MSG_CHECKING(for umask programs should be run with) AC_ARG_WITH(umask, [AS_HELP_STRING([--with-umask], [umask with which the prog should run (default is 022)]) AS_HELP_STRING([--without-umask], [Preserves the umask of the user invoking sudo.])], [case $with_umask in - yes) AC_MSG_ERROR(["must give --with-umask an argument."]) + yes) AC_MSG_ERROR([must give --with-umask an argument.]) ;; no) sudo_umask=0777 ;; [[0-9]]*) sudo_umask=$with_umask ;; - *) AC_MSG_ERROR(["you must enter a numeric mask."]) + *) AC_MSG_ERROR([you must enter a numeric mask.]) ;; esac]) AC_DEFINE_UNQUOTED(SUDO_UMASK, $sudo_umask, [The umask that the sudo-run prog should use.]) -if test "$sudo_umask" = "0777"; then - AC_MSG_RESULT(user) -else - AC_MSG_RESULT($sudo_umask) -fi AC_ARG_WITH(umask-override, [AS_HELP_STRING([--with-umask-override], [Use the umask specified in sudoers even if it is less restrictive than the user's.])], [case $with_umask_override in @@ -987,80 +921,67 @@ ;; no) umask_override=off ;; - *) AC_MSG_ERROR(["--with-umask-override does not take an argument."]) + *) AC_MSG_ERROR([--with-umask-override does not take an argument.]) ;; esac]) -AC_MSG_CHECKING(for default user to run commands as) AC_ARG_WITH(runas-default, [AS_HELP_STRING([--with-runas-default], [User to run commands as (default is "root")])], [case $with_runas_default in - yes) AC_MSG_ERROR(["must give --with-runas-default an argument."]) + yes) AC_MSG_ERROR([must give --with-runas-default an argument.]) ;; - no) AC_MSG_ERROR(["--without-runas-default not supported."]) + no) AC_MSG_ERROR([--without-runas-default not supported.]) ;; *) runas_default="$with_runas_default" ;; esac]) AC_DEFINE_UNQUOTED(RUNAS_DEFAULT, "$runas_default", [The user sudo should run commands as by default.]) -AC_MSG_RESULT([$runas_default]) AC_ARG_WITH(exempt, [AS_HELP_STRING([--with-exempt=group], [no passwd needed for users in this group])], [case $with_exempt in - yes) AC_MSG_ERROR(["must give --with-exempt an argument."]) + yes) AC_MSG_ERROR([must give --with-exempt an argument.]) ;; - no) AC_MSG_ERROR(["--without-exempt not supported."]) + no) AC_MSG_ERROR([--without-exempt not supported.]) ;; *) AC_DEFINE_UNQUOTED(EXEMPTGROUP, "$with_exempt", [If defined, users in this group need not enter a passwd (ie "sudo").]) - AC_MSG_CHECKING(for group to be exempt from password) - AC_MSG_RESULT([$with_exempt]) ;; esac]) -AC_MSG_CHECKING(for editor that visudo should use) AC_ARG_WITH(editor, [AS_HELP_STRING([--with-editor=path], [Default editor for visudo (defaults to vi)])], [case $with_editor in - yes) AC_MSG_ERROR(["must give --with-editor an argument."]) + yes) AC_MSG_ERROR([must give --with-editor an argument.]) ;; - no) AC_MSG_ERROR(["--without-editor not supported."]) + no) AC_MSG_ERROR([--without-editor not supported.]) ;; *) AC_DEFINE_UNQUOTED(EDITOR, "$with_editor", [A colon-separated list of pathnames to be used as the editor for visudo.]) - AC_MSG_RESULT([$with_editor]) editor="$with_editor" ;; -esac], [AC_DEFINE(EDITOR, _PATH_VI) AC_MSG_RESULT(vi)]) +esac], [AC_DEFINE(EDITOR, _PATH_VI)]) -AC_MSG_CHECKING(whether to obey EDITOR and VISUAL environment variables) AC_ARG_WITH(env-editor, [AS_HELP_STRING([--with-env-editor], [Use the environment variable EDITOR for visudo])], [case $with_env_editor in yes) env_editor=on ;; no) env_editor=off ;; - *) AC_MSG_ERROR(["--with-env-editor does not take an argument."]) + *) AC_MSG_ERROR([--with-env-editor does not take an argument.]) ;; esac]) if test "$env_editor" = "on"; then AC_DEFINE(ENV_EDITOR) - AC_MSG_RESULT(yes) -else - AC_MSG_RESULT(no) fi -AC_MSG_CHECKING(number of tries a user gets to enter their password) AC_ARG_WITH(passwd-tries, [AS_HELP_STRING([--with-passwd-tries], [number of tries to enter password (default is 3)])], [case $with_passwd_tries in yes) ;; - no) AC_MSG_ERROR(["--without-editor not supported."]) + no) AC_MSG_ERROR([--without-editor not supported.]) ;; [[1-9]]*) passwd_tries=$with_passwd_tries ;; - *) AC_MSG_ERROR(["you must enter the number of tries, > 0"]) + *) AC_MSG_ERROR([you must enter the number of tries, > 0]) ;; esac]) AC_DEFINE_UNQUOTED(TRIES_FOR_PASSWORD, $passwd_tries, [The number of tries a user gets to enter their password.]) -AC_MSG_RESULT($passwd_tries) -AC_MSG_CHECKING(time in minutes after which sudo will ask for a password again) AC_ARG_WITH(timeout, [AS_HELP_STRING([--with-timeout], [minutes before sudo asks for passwd again (def is 5 minutes)])], [case $with_timeout in yes) ;; @@ -1068,13 +989,11 @@ ;; [[0-9]]*) timeout=$with_timeout ;; - *) AC_MSG_ERROR(["you must enter the number of minutes."]) + *) AC_MSG_ERROR([you must enter the number of minutes.]) ;; esac]) AC_DEFINE_UNQUOTED(TIMEOUT, $timeout, [The number of minutes before sudo asks for a password again.]) -AC_MSG_RESULT($timeout) -AC_MSG_CHECKING(time in minutes after the password prompt will time out) AC_ARG_WITH(password-timeout, [AS_HELP_STRING([--with-password-timeout], [passwd prompt timeout in minutes (default is 5 minutes)])], [case $with_password_timeout in yes) ;; @@ -1082,11 +1001,10 @@ ;; [[0-9]]*) password_timeout=$with_password_timeout ;; - *) AC_MSG_ERROR(["you must enter the number of minutes."]) + *) AC_MSG_ERROR([you must enter the number of minutes.]) ;; esac]) AC_DEFINE_UNQUOTED(PASSWORD_TIMEOUT, $password_timeout, [The passwd prompt timeout (in minutes).]) -AC_MSG_RESULT($password_timeout) AC_ARG_WITH(tty-tickets, [AS_HELP_STRING([--with-tty-tickets], [use a different ticket file for each tty])], [case $with_tty_tickets in @@ -1094,14 +1012,14 @@ ;; no) timestamp_type=global ;; - *) AC_MSG_ERROR(["--with-tty-tickets does not take an argument."]) + *) AC_MSG_ERROR([--with-tty-tickets does not take an argument.]) ;; esac]) -AC_MSG_CHECKING(whether to include insults) AC_ARG_WITH(insults, [AS_HELP_STRING([--with-insults], [insult the user for entering an incorrect password])], [case $with_insults in yes) insults=on + AC_DEFINE(USE_INSULTS) with_classic_insults=yes with_csops_insults=yes ;; @@ -1111,15 +1029,9 @@ ;; no) insults=off ;; - *) AC_MSG_ERROR(["--with-insults does not take an argument."]) + *) AC_MSG_ERROR([--with-insults does not take an argument.]) ;; esac]) -if test "$insults" = "on"; then - AC_DEFINE(USE_INSULTS) - AC_MSG_RESULT(yes) -else - AC_MSG_RESULT(no) -fi AC_ARG_WITH(all-insults, [AS_HELP_STRING([--with-all-insults], [include all the sudo insult sets])], [case $with_all_insults in @@ -1130,7 +1042,7 @@ with_python_insults=yes ;; no) ;; - *) AC_MSG_ERROR(["--with-all-insults does not take an argument."]) + *) AC_MSG_ERROR([--with-all-insults does not take an argument.]) ;; esac]) @@ -1139,7 +1051,7 @@ yes) AC_DEFINE(CLASSIC_INSULTS) ;; no) ;; - *) AC_MSG_ERROR(["--with-classic-insults does not take an argument."]) + *) AC_MSG_ERROR([--with-classic-insults does not take an argument.]) ;; esac]) @@ -1148,7 +1060,7 @@ yes) AC_DEFINE(CSOPS_INSULTS) ;; no) ;; - *) AC_MSG_ERROR(["--with-csops-insults does not take an argument."]) + *) AC_MSG_ERROR([--with-csops-insults does not take an argument.]) ;; esac]) @@ -1157,7 +1069,7 @@ yes) AC_DEFINE(HAL_INSULTS) ;; no) ;; - *) AC_MSG_ERROR(["--with-hal-insults does not take an argument."]) + *) AC_MSG_ERROR([--with-hal-insults does not take an argument.]) ;; esac]) @@ -1166,7 +1078,7 @@ yes) AC_DEFINE(GOONS_INSULTS) ;; no) ;; - *) AC_MSG_ERROR(["--with-goons-insults does not take an argument."]) + *) AC_MSG_ERROR([--with-goons-insults does not take an argument.]) ;; esac]) @@ -1175,7 +1087,7 @@ yes) AC_DEFINE(PYTHON_INSULTS) ;; no) ;; - *) AC_MSG_ERROR(["--with-python-insults does not take an argument."]) + *) AC_MSG_ERROR([--with-python-insults does not take an argument.]) ;; esac]) @@ -1191,8 +1103,6 @@ [case $with_ldap in no) ;; *) AC_DEFINE(HAVE_LDAP) - AC_MSG_CHECKING(whether to use sudoers from LDAP) - AC_MSG_RESULT(yes) ;; esac]) @@ -1204,56 +1114,35 @@ test -n "$with_ldap_secret_file" && ldap_secret="$with_ldap_secret_file" SUDO_DEFINE_UNQUOTED(_PATH_LDAP_SECRET, "$ldap_secret", [Path to the ldap.secret file]) -dnl include all insult sets on one line -if test "$insults" = "on"; then - AC_MSG_CHECKING(which insult sets to include) - i="" - test "$with_python_insults" = "yes" && i="python ${i}" - test "$with_goons_insults" = "yes" && i="goons ${i}" - test "$with_hal_insults" = "yes" && i="hal ${i}" - test "$with_csops_insults" = "yes" && i="csops ${i}" - test "$with_classic_insults" = "yes" && i="classic ${i}" - AC_MSG_RESULT([$i]) -fi - -AC_MSG_CHECKING(whether to override the user's path) AC_ARG_WITH(secure-path, [AS_HELP_STRING([--with-secure-path], [override the user's path with a built-in one])], [case $with_secure_path in yes) with_secure_path="/bin:/usr/ucb:/usr/bin:/usr/sbin:/sbin:/usr/etc:/etc" AC_DEFINE_UNQUOTED(SECURE_PATH, "$with_secure_path") - AC_MSG_RESULT([$with_secure_path]) secure_path="set to $with_secure_path" ;; - no) AC_MSG_RESULT(no) - ;; + no) ;; *) AC_DEFINE_UNQUOTED(SECURE_PATH, "$with_secure_path") - AC_MSG_RESULT([$with_secure_path]) - secure_path="set to F<$with_secure_path>" + secure_path="set to $with_secure_path" ;; -esac], AC_MSG_RESULT(no)) +esac]) -AC_MSG_CHECKING(whether to get ip addresses from the network interfaces) AC_ARG_WITH(interfaces, [AS_HELP_STRING([--without-interfaces], [don't try to read the ip addr of network interfaces])], [case $with_interfaces in - yes) AC_MSG_RESULT(yes) - ;; + yes) ;; no) AC_DEFINE(STUB_LOAD_INTERFACES) - AC_MSG_RESULT(no) ;; - *) AC_MSG_ERROR(["--with-interfaces does not take an argument."]) + *) AC_MSG_ERROR([--with-interfaces does not take an argument.]) ;; -esac], AC_MSG_RESULT(yes)) +esac]) -AC_MSG_CHECKING(whether to use an askpass helper) AC_ARG_WITH(askpass, [AS_HELP_STRING([--with-askpass=PATH], [Fully qualified pathname of askpass helper])], [case $with_askpass in - yes) AC_MSG_ERROR(["--with-askpass takes a path as an argument."]) + yes) AC_MSG_ERROR([--with-askpass takes a path as an argument.]) ;; no) ;; *) ;; esac], [ with_askpass=no - AC_MSG_RESULT(no) ]) if test X"$with_askpass" != X"no"; then SUDO_DEFINE_UNQUOTED(_PATH_SUDO_ASKPASS, "$with_askpass") @@ -1263,18 +1152,18 @@ AC_ARG_WITH(exampledir, [AS_HELP_STRING([--with-exampledir=DIR], [path to install sudo examples in])], [case $with_exampledir in - yes) AC_MSG_ERROR(["must give --with-exampledir an argument."]) + yes) AC_MSG_ERROR([must give --with-exampledir an argument.]) ;; - no) AC_MSG_ERROR(["--without-exampledir not supported."]) + no) AC_MSG_ERROR([--without-exampledir not supported.]) ;; *) exampledir="$with_exampledir" esac]) AC_ARG_WITH(plugindir, [AS_HELP_STRING([--with-plugindir=DIR], [set directory to load plugins from])], [case $with_plugindir in - yes) AC_MSG_ERROR(["must give --with-plugindir an argument."]) + yes) AC_MSG_ERROR([must give --with-plugindir an argument.]) ;; - no) AC_MSG_ERROR(["--without-plugindir not supported."]) + no) AC_MSG_ERROR([--without-plugindir not supported.]) ;; *) plugindir="$with_plugindir" ;; @@ -1284,9 +1173,9 @@ [case $with_man in yes) MANTYPE=man ;; - no) AC_MSG_ERROR(["--without-man not supported."]) + no) AC_MSG_ERROR([--without-man not supported.]) ;; - *) AC_MSG_ERROR(["ignoring unknown argument to --with-man: $with_man."]) + *) AC_MSG_WARN([ignoring unknown argument to --with-man: $with_man.]) ;; esac]) @@ -1294,9 +1183,9 @@ [case $with_mdoc in yes) MANTYPE=mdoc ;; - no) AC_MSG_ERROR(["--without-mdoc not supported."]) + no) AC_MSG_ERROR([--without-mdoc not supported.]) ;; - *) AC_MSG_ERROR(["ignoring unknown argument to --with-mdoc: $with_mdoc."]) + *) AC_MSG_WARN([ignoring unknown argument to --with-mdoc: $with_mdoc.]) ;; esac]) @@ -1304,35 +1193,27 @@ dnl Options for --enable dnl -AC_MSG_CHECKING(whether to do user authentication by default) AC_ARG_ENABLE(authentication, [AS_HELP_STRING([--disable-authentication], [Do not require authentication by default])], [ case "$enableval" in - yes) AC_MSG_RESULT(yes) - ;; - no) AC_MSG_RESULT(no) - AC_DEFINE(NO_AUTHENTICATION) + yes) ;; + no) AC_DEFINE(NO_AUTHENTICATION) ;; - *) AC_MSG_RESULT(no) - AC_MSG_WARN([Ignoring unknown argument to --enable-authentication: $enableval]) + *) AC_MSG_WARN([ignoring unknown argument to --enable-authentication: $enableval]) ;; esac -], AC_MSG_RESULT(yes)) +]) -AC_MSG_CHECKING(whether to disable running the mailer as root) AC_ARG_ENABLE(root-mailer, [AS_HELP_STRING([--disable-root-mailer], [Don't run the mailer as root, run as the user])], [ case "$enableval" in - yes) AC_MSG_RESULT(no) - ;; - no) AC_MSG_RESULT(yes) - AC_DEFINE(NO_ROOT_MAILER) + yes) ;; + no) AC_DEFINE(NO_ROOT_MAILER) ;; - *) AC_MSG_RESULT(no) - AC_MSG_WARN([Ignoring unknown argument to --enable-root-mailer: $enableval]) + *) AC_MSG_WARN([ignoring unknown argument to --enable-root-mailer: $enableval]) ;; esac -], AC_MSG_RESULT(no)) +]) AC_ARG_ENABLE(setreuid, [AS_HELP_STRING([--disable-setreuid], [Don't try to use the setreuid() function])], @@ -1352,118 +1233,90 @@ esac ]) -AC_MSG_CHECKING(whether to disable shadow password support) AC_ARG_ENABLE(shadow, [AS_HELP_STRING([--disable-shadow], [Never use shadow passwords])], [ case "$enableval" in - yes) AC_MSG_RESULT(no) - ;; - no) AC_MSG_RESULT(yes) - CHECKSHADOW="false" + yes) ;; + no) CHECKSHADOW="false" ;; - *) AC_MSG_RESULT(no) - AC_MSG_WARN([Ignoring unknown argument to --enable-shadow: $enableval]) + *) AC_MSG_WARN([ignoring unknown argument to --enable-shadow: $enableval]) ;; esac -], AC_MSG_RESULT(no)) +]) -AC_MSG_CHECKING(whether root should be allowed to use sudo) AC_ARG_ENABLE(root-sudo, [AS_HELP_STRING([--disable-root-sudo], [Don't allow root to run sudo])], [ case "$enableval" in - yes) AC_MSG_RESULT(yes) - ;; + yes) ;; no) AC_DEFINE(NO_ROOT_SUDO) - AC_MSG_RESULT(no) root_sudo=off ;; - *) AC_MSG_ERROR(["--enable-root-sudo does not take an argument."]) + *) AC_MSG_ERROR([--enable-root-sudo does not take an argument.]) ;; esac -], AC_MSG_RESULT(yes)) +]) -AC_MSG_CHECKING(whether to log the hostname in the log file) AC_ARG_ENABLE(log-host, [AS_HELP_STRING([--enable-log-host], [Log the hostname in the log file])], [ case "$enableval" in - yes) AC_MSG_RESULT(yes) - AC_DEFINE(HOST_IN_LOG) - ;; - no) AC_MSG_RESULT(no) + yes) AC_DEFINE(HOST_IN_LOG) ;; - *) AC_MSG_RESULT(no) - AC_MSG_WARN([Ignoring unknown argument to --enable-log-host: $enableval]) + no) ;; + *) AC_MSG_WARN([ignoring unknown argument to --enable-log-host: $enableval]) ;; esac ], AC_MSG_RESULT(no)) -AC_MSG_CHECKING(whether to invoke a shell if sudo is given no arguments) AC_ARG_ENABLE(noargs-shell, [AS_HELP_STRING([--enable-noargs-shell], [If sudo is given no arguments run a shell])], [ case "$enableval" in - yes) AC_MSG_RESULT(yes) - AC_DEFINE(SHELL_IF_NO_ARGS) - ;; - no) AC_MSG_RESULT(no) + yes) AC_DEFINE(SHELL_IF_NO_ARGS) ;; - *) AC_MSG_RESULT(no) - AC_MSG_WARN([Ignoring unknown argument to --enable-noargs-shell: $enableval]) + no) ;; + *) AC_MSG_WARN([ignoring unknown argument to --enable-noargs-shell: $enableval]) ;; esac -], AC_MSG_RESULT(no)) +]) -AC_MSG_CHECKING(whether to set \$HOME to target user in shell mode) AC_ARG_ENABLE(shell-sets-home, [AS_HELP_STRING([--enable-shell-sets-home], [Set $HOME to target user in shell mode])], [ case "$enableval" in - yes) AC_MSG_RESULT(yes) - AC_DEFINE(SHELL_SETS_HOME) - ;; - no) AC_MSG_RESULT(no) + yes) AC_DEFINE(SHELL_SETS_HOME) ;; - *) AC_MSG_RESULT(no) - AC_MSG_WARN([Ignoring unknown argument to --enable-shell-sets-home: $enableval]) + no) ;; + *) AC_MSG_WARN([ignoring unknown argument to --enable-shell-sets-home: $enableval]) ;; esac -], AC_MSG_RESULT(no)) +]) -AC_MSG_CHECKING(whether to disable 'command not found' messages) AC_ARG_ENABLE(path_info, [AS_HELP_STRING([--disable-path-info], [Print 'command not allowed' not 'command not found'])], [ case "$enableval" in - yes) AC_MSG_RESULT(no) - ;; - no) AC_MSG_RESULT(yes) - AC_DEFINE(DONT_LEAK_PATH_INFO) + yes) ;; + no) AC_DEFINE(DONT_LEAK_PATH_INFO) path_info=off ;; - *) AC_MSG_RESULT(no) - AC_MSG_WARN([Ignoring unknown argument to --enable-path-info: $enableval]) + *) AC_MSG_WARN([ignoring unknown argument to --enable-path-info: $enableval]) ;; esac -], AC_MSG_RESULT(no)) +]) -AC_MSG_CHECKING(whether to enable environment debugging) AC_ARG_ENABLE(env_debug, [AS_HELP_STRING([--enable-env-debug], [Whether to enable environment debugging.])], [ case "$enableval" in - yes) AC_MSG_RESULT(yes) - AC_DEFINE(ENV_DEBUG) - ;; - no) AC_MSG_RESULT(no) + yes) AC_DEFINE(ENV_DEBUG) ;; - *) AC_MSG_RESULT(no) - AC_MSG_WARN([Ignoring unknown argument to --enable-env-debug: $enableval]) + no) ;; + *) AC_MSG_WARN([ignoring unknown argument to --enable-env-debug: $enableval]) ;; esac -], AC_MSG_RESULT(no)) +]) AC_ARG_ENABLE(zlib, [AS_HELP_STRING([--enable-zlib[[=PATH]]], [Whether to enable or disable zlib])], [], [enable_zlib=yes]) AX_APPEND_FLAG([-DZLIB_CONST], [CPPFLAGS]) -AC_MSG_CHECKING(whether to enable environment resetting by default) AC_ARG_ENABLE(env_reset, [AS_HELP_STRING([--enable-env-reset], [Whether to enable environment resetting by default.])], [ case "$enableval" in @@ -1472,15 +1325,13 @@ no) env_reset=off ;; *) env_reset=on - AC_MSG_WARN([Ignoring unknown argument to --enable-env-reset: $enableval]) + AC_MSG_WARN([ignoring unknown argument to --enable-env-reset: $enableval]) ;; esac ]) if test "$env_reset" = "on"; then - AC_MSG_RESULT(yes) AC_DEFINE(ENV_RESET, 1) else - AC_MSG_RESULT(no) AC_DEFINE(ENV_RESET, 0) fi @@ -1489,7 +1340,7 @@ [ case "$enableval" in yes) ;; no) ;; - *) AC_MSG_WARN([Ignoring unknown argument to --enable-warnings: $enableval]) + *) AC_MSG_WARN([ignoring unknown argument to --enable-warnings: $enableval]) ;; esac ]) @@ -1499,21 +1350,14 @@ [ case "$enableval" in yes) ;; no) ;; - *) AC_MSG_WARN([Ignoring unknown argument to --enable-werror: $enableval]) + *) AC_MSG_WARN([ignoring unknown argument to --enable-werror: $enableval]) ;; esac ]) -AC_ARG_ENABLE(openssl, -[AS_HELP_STRING([--enable-openssl], [Use OpenSSL's TLS and sha2 functions])]) - -AC_ARG_ENABLE(gcrypt, -[AS_HELP_STRING([--enable-gcrypt], [Use GNU crypt's sha2 functions])], [ - if test "${enable_openssl-no}" != no; then - AC_MSG_WARN([Ignoring --enable-gcrypt when OpenSSL is enabled.]) - enable_gcrypt=no - fi -]) +AC_ARG_ENABLE(ssp, +[AS_HELP_STRING([--disable-ssp], [Do not compile using the -fstack-protector option.])], +[], [enable_ssp=yes]) AC_ARG_ENABLE(hardening, [AS_HELP_STRING([--disable-hardening], [Do not use compiler/linker exploit mitigation options])], @@ -1522,19 +1366,60 @@ AC_ARG_ENABLE(pie, [AS_HELP_STRING([--enable-pie], [Build sudo as a position independent executable.])]) -AC_ARG_ENABLE(asan, -[AS_HELP_STRING([--enable-asan], [Build sudo with address sanitizer support.])]) +AC_ARG_ENABLE(sanitizer, +[AS_HELP_STRING([--enable-sanitizer], [Build sudo with sanitizer support.])], [ +if test X"$enable_sanitizer" = X"yes"; then + enable_sanitizer="-fsanitize=address,undefined" +fi +], [enable_sanitizer=no]) + +AC_ARG_ENABLE(fuzzer, +[AS_HELP_STRING([--enable-fuzzer], [Build sudo with LLVM libFuzzer support.])], +[], [enable_fuzzer=no]) + +AC_ARG_ENABLE(fuzzer-engine, +[AS_HELP_STRING([--enable-fuzzer-engine], [Link fuzz targets with the specified fuzzer engine instead of the default.])], +[ case "$enableval" in + yes) AC_MSG_ERROR([must give --enable-fuzzer-engine an argument.]) + ;; + no) ;; + *) FUZZ_ENGINE="$enableval" + ;; + esac +]) + +AC_ARG_ENABLE(fuzzer-linker, +[AS_HELP_STRING([--enable-fuzzer-linker], [Use the specified linker when building fuzz targets instead of the default C compiler.])], +[ case "$enableval" in + yes) AC_MSG_ERROR([must give --enable-fuzzer-linker an argument.]) + ;; + no) ;; + *) FUZZ_LD="$enableval" + ;; + esac +]) + +AC_ARG_ENABLE(leaks, +[AS_HELP_STRING([--disable-leaks], [Prevent some harmless memory leaks.])], +[ case "$enableval" in + yes) ;; + no) AC_DEFINE(NO_LEAKS) + ;; + *) AC_MSG_WARN([ignoring unknown argument to --disable-leaks: $enableval]) + ;; + esac +]) AC_ARG_ENABLE(poll, [AS_HELP_STRING([--disable-poll], [Use select() instead of poll().])]) AC_ARG_ENABLE(admin-flag, -[AS_HELP_STRING([--enable-admin-flag], [Whether to create a Ubuntu-style admin flag file])], +[AS_HELP_STRING([--enable-admin-flag[[=PATH]]], [Whether to create a Ubuntu-style admin flag file])], [ case "$enableval" in - yes) AC_DEFINE(USE_ADMIN_FLAG) + yes) SUDO_DEFINE_UNQUOTED(_PATH_SUDO_ADMIN_FLAG, "~/.sudo_as_admin_successful") ;; no) ;; - *) AC_MSG_WARN([Ignoring unknown argument to --enable-admin-flag: $enableval]) + *) SUDO_DEFINE_UNQUOTED(_PATH_SUDO_ADMIN_FLAG, "$enableval") ;; esac ]) @@ -1572,7 +1457,7 @@ [case $enableval in yes) # use default value ;; - no) AC_MSG_WARN([Ignoring attempt to disable the device search path]) + no) AC_MSG_WARN([ignoring attempt to disable the device search path]) ;; *) devsearch="$enableval" ;; @@ -1588,11 +1473,11 @@ SUDO_OBJS="${SUDO_OBJS} selinux.o" PROGS="${PROGS} sesh" SEMAN=1 - AC_CHECK_LIB([selinux], [setkeycreatecon], + AC_CHECK_LIB(selinux, setkeycreatecon, [AC_DEFINE(HAVE_SETKEYCREATECON)]) ;; no) ;; - *) AC_MSG_ERROR(["--with-selinux does not take an argument."]) + *) AC_MSG_ERROR([--with-selinux does not take an argument.]) ;; esac], [with_selinux=no]) @@ -1600,7 +1485,7 @@ [AS_HELP_STRING([--enable-sasl], [Enable/disable LDAP SASL support])], [ case "$enableval" in yes|no) ;; - *) AC_MSG_WARN([Ignoring unknown argument to --enable-sasl: $enableval]) + *) AC_MSG_WARN([ignoring unknown argument to --enable-sasl: $enableval]) ;; esac ]) @@ -1611,7 +1496,7 @@ global|ppid|tty) timestamp_type=$enableval ;; - *) AC_MSG_WARN([Ignoring unknown argument to --enable-timestamp-type: $enableval]) + *) AC_MSG_WARN([ignoring unknown argument to --enable-timestamp-type: $enableval]) ;; esac ]) @@ -1648,7 +1533,7 @@ LOGSRVD_SRC= LOGSRVD_CONF= ;; - *) AC_MSG_WARN([Ignoring unknown argument to --enable-log-server: $enableval]) + *) AC_MSG_WARN([ignoring unknown argument to --enable-log-server: $enableval]) ;; esac ]) @@ -1661,12 +1546,12 @@ ;; no) ;; - *) AC_MSG_WARN([Ignoring unknown argument to --enable-log-client: $enableval]) + *) AC_MSG_WARN([ignoring unknown argument to --enable-log-client: $enableval]) ;; esac ], [AC_DEFINE([SUDOERS_LOG_CLIENT])]) -if test X"$enable_log_server" = X"no" -a X"$enable_log_client" = X"no"; then +if test X"${enable_log_client}${enable_log_server}" = X"nono"; then # No need for liblogsrv.la LOGSRV_SRC= LIBLOGSRV= @@ -1676,6 +1561,44 @@ fi dnl +dnl Do OpenSSL / wolfSSL / gcrypt after logsrv options +dnl +AC_ARG_ENABLE(openssl, +[AS_HELP_STRING([--enable-openssl], [Use OpenSSL's TLS and sha2 functions])], +[], [ + # Enable OpenSSL by default unless logsrvd and client are disabled + if test X"${enable_log_client}${enable_log_server}" != X"nono"; then + enable_openssl=maybe + fi +]) +AC_ARG_ENABLE(openssl-pkgconfig-template, +[AS_HELP_STRING([--enable-openssl-pkgconfig-template], [A printf format string used to construct the OpenSSL pkg-config name])], +[], [enable_openssl_pkgconfig_template="%s"]) + +AC_ARG_ENABLE(wolfssl, +[AS_HELP_STRING([--enable-wolfssl], [Use wolfSSL's TLS and sha2 functions])], [ + enable_openssl=no +]) + +AC_ARG_ENABLE(gcrypt, +[AS_HELP_STRING([--enable-gcrypt], [Use GNU crypt's sha2 functions])], [ + if test "${enable_openssl-no}${enable_wolfssl-no}" != "nono"; then + AC_MSG_WARN([ignoring --enable-gcrypt when OpenSSL or wolfSSL is enabled.]) + enable_gcrypt=no + fi +]) + +AC_ARG_ENABLE(python, +[AS_HELP_STRING([--enable-python], [Compile python plugin support])], +[ case "$enableval" in + yes|no) + ;; + *) AC_MSG_WARN([ignoring unknown argument to --enable-python: $enableval]) + ;; + esac +]) + +dnl dnl C compiler checks dnl AC_PROG_CPP @@ -1684,6 +1607,7 @@ if test X"$AR" = X"false"; then AC_MSG_ERROR([the "ar" utility is required to build sudo]) fi +AX_PROG_CC_FOR_BUILD if test "x$ac_cv_prog_cc_c89" = "xno"; then AC_MSG_ERROR([Sudo version $PACKAGE_VERSION requires an ANSI C compiler to build.]) @@ -1694,7 +1618,7 @@ dnl be unable to build the executables in the sudoers plugin dir. dnl if test "$enable_static" = "no"; then - AC_MSG_WARN([Ignoring --disable-static, sudo does not install static libs]) + AC_MSG_WARN([ignoring --disable-static, sudo does not install static libs]) enable_static=yes fi @@ -1742,7 +1666,7 @@ AC_ARG_WITH(libtool, [AS_HELP_STRING([--with-libtool=PATH], [specify path to libtool])], [case $with_libtool in yes|builtin) ;; - no) AC_MSG_ERROR(["--without-libtool not supported."]) + no) AC_MSG_ERROR([--without-libtool not supported.]) ;; system) LIBTOOL=libtool ;; @@ -1751,9 +1675,10 @@ esac]) dnl -dnl Defer with_noexec until after libtool magic runs +dnl Defer enable_intercept and with_noexec until after libtool magic runs dnl if test "$enable_shared" = "no"; then + enable_intercept=no with_noexec=no enable_dlopen=no lt_cv_dlopen=none @@ -1764,7 +1689,18 @@ LIBDL="$lt_cv_dlopen_libs" SHLIB_ENABLE="$enable_dlopen" -AC_MSG_CHECKING(path to sudo_noexec.so) +AC_ARG_ENABLE(intercept, +[AS_HELP_STRING([--enable-intercept], [fully qualified pathname of sudo_intercept.so])], +[ case "$enableval" in + yes) ;; + no) ;; + *) intercept_file="$enableval" + ;; + esac +], [enable_intercept="$intercept_file"]) +INTERCEPTFILE="sudo_intercept.so" +INTERCEPTDIR="`echo $intercept_file|sed -e 's:^${\([[^}]]*\)}:$(\1):' -e 's:^\(.*\)/[[^/]]*:\1:'`" + AC_ARG_WITH(noexec, [AS_HELP_STRING([--with-noexec[[=PATH]]], [fully qualified pathname of sudo_noexec.so])], [case $with_noexec in yes) ;; @@ -1772,13 +1708,13 @@ *) noexec_file="$with_noexec" ;; esac], [with_noexec="$noexec_file"]) -AC_MSG_RESULT($with_noexec) NOEXECFILE="sudo_noexec.so" NOEXECDIR="`echo $noexec_file|sed -e 's:^${\([[^}]]*\)}:$(\1):' -e 's:^\(.*\)/[[^/]]*:\1:'`" dnl dnl Find programs we use dnl +AC_PATH_PROG(SHA1SUM, [sha1sum], [openssl dgst -sha1]) AC_PATH_PROG(UNAMEPROG, [uname], [uname]) AC_PATH_PROG(TRPROG, [tr], [tr]) AC_PATH_PROG(MANDOCPROG, [mandoc], [mandoc]) @@ -1810,21 +1746,14 @@ fi dnl -dnl What kind of beastie are we being run on? -dnl Barf if config.cache was generated on another host. +dnl If a config.cache exists make sure it matches the current host. dnl if test -n "$sudo_cv_prev_host"; then if test "$sudo_cv_prev_host" != "$host"; then AC_MSG_ERROR([config.cache was created on a different host; remove it and re-run configure.]) - else - AC_MSG_CHECKING(previous host type) - AC_CACHE_VAL(sudo_cv_prev_host, sudo_cv_prev_host="$host") - AC_MSG_RESULT([$sudo_cv_prev_host]) fi -else - # this will produce no output since there is no cached value - AC_CACHE_VAL(sudo_cv_prev_host, sudo_cv_prev_host="$host") fi +AC_CACHE_VAL(sudo_cv_prev_host, sudo_cv_prev_host="$host") dnl dnl We want to be able to differentiate between different rev's @@ -1846,6 +1775,11 @@ # LD_PRELOAD is space-delimited RTLD_PRELOAD_DELIM=" " + # illumos has a broken fmemopen(3) + if test X"`uname -o 2>/dev/null`" = X"illumos"; then + : ${ac_cv_func_fmemopen='no'} + fi + # Solaris-specific initialization OS_INIT=os_init_solaris SUDO_OBJS="${SUDO_OBJS} solaris.o" @@ -1897,14 +1831,20 @@ # strnlen/strndup may be broken on AIX < 6 depending # on the libc version, use our own. if test $OSMAJOR -lt 6; then - ac_cv_func_strnlen=no + : ${ac_cv_func_strnlen='no'} + fi + + # fmemopen(3) may be broken on AIX < 7.1 depending + # on the libc version. + if test $OSMAJOR -lt 7; then + : ${ac_cv_func_fmemopen='no'} fi # getdelim() may or may not be present on AIX <= 6.1. # bos610 is missing getdelim but bos61J has it. if test "$enable_package_build" = "yes"; then if test $OSMAJOR -le 6; then - ac_cv_func_getdelim=no + : ${ac_cv_func_getdelim='no'} fi fi @@ -1912,7 +1852,7 @@ # bos710 is missing memset_s but bos71L has it. if test "$enable_package_build" = "yes"; then if test $OSMAJOR -le 7; then - ac_cv_func_memset_s=no + : ${ac_cv_func_memset_s='no'} fi fi @@ -2041,21 +1981,17 @@ AX_APPEND_FLAG([-Wl,-no_library_replacement], [SUDO_LDFLAGS]) : ${CHECKSIA='true'} - AC_MSG_CHECKING(whether to disable sia support on Digital UNIX) AC_ARG_ENABLE(sia, [AS_HELP_STRING([--disable-sia], [Disable SIA on Digital UNIX])], [ case "$enableval" in - yes) AC_MSG_RESULT(no) - CHECKSIA=true + yes) CHECKSIA=true ;; - no) AC_MSG_RESULT(yes) - CHECKSIA=false + no) CHECKSIA=false ;; - *) AC_MSG_RESULT(no) - AC_MSG_WARN([Ignoring unknown argument to --enable-sia: $enableval]) + *) AC_MSG_WARN([ignoring unknown argument to --enable-sia: $enableval]) ;; esac - ], AC_MSG_RESULT(no)) + ]) shadow_funcs="getprpwnam dispcrypt" # OSF/1 4.x and higher need -ldb too @@ -2119,29 +2055,15 @@ ]) # We call getrandom via syscall(3) in case it is not in libc AC_CHECK_HEADERS([linux/random.h]) + + # The glibc getentropy() emulation may fail on older kernels. + # We use our own getentropy() by default on Linux. + : ${ac_cv_func_getentropy='no'} ;; *-*-gnu*) # lockf() is broken on the Hurd ac_cv_func_lockf=no ;; - *-*-riscos*) - LIBS="${LIBS} -lsun -lbsd" - AX_APPEND_FLAG([-I/usr/include], [CPPFLAGS]) - AX_APPEND_FLAG([-I/usr/include/bsd], [CPPFLAGS]) - AX_APPEND_FLAG([-D_MIPS], [CPPFLAGS]) - : ${mansectsu='1m'} - : ${mansectform='4'} - ;; - *-*-isc*) - AX_APPEND_FLAG([-D_ISC], [CPPFLAGS]) - ac_cv_search_crypt="-lcrypt" - - shadow_funcs="getspnam" - shadow_libs="-lsec" - - : ${mansectsu='1m'} - : ${mansectform='4'} - ;; *-*-sco*|*-sco-*) shadow_funcs="getprpwnam" shadow_libs="-lprot -lx" @@ -2286,14 +2208,18 @@ fi RTLD_PRELOAD_VAR="DYLD_INSERT_LIBRARIES" + # Build sudo_noexec.so as a shared library, not a module. + # On Darwin, modules and shared libraries are incompatible. + PRELOAD_MODULE= + # Mach monotonic timer that runs while sleeping AC_CHECK_FUNCS([mach_continuous_time]) # Undocumented API that dynamically allocates the groups. AC_CHECK_FUNCS([getgrouplist_2], [AC_CHECK_DECLS([getgrouplist_2])]) - # macOS >= 10.6 getgroups(2) can support more than > 16 groups - AC_DEFINE([_DARWIN_UNLIMITED_GETGROUPS]) + # We use proc_pidinfo() to emulate closefrom() on macOS. + AC_CHECK_HEADERS([libproc.h], [AC_CHECK_FUNCS([proc_pidinfo])]) # We need to force a flat namespace to make libc # symbol hooking work like it does on ELF. @@ -2374,9 +2300,15 @@ dnl dnl Library preloading to support NOEXEC dnl -if test X"$with_noexec" != X"no"; then +if test X"$enable_intercept" = X"no"; then + intercept_file=disabled +fi +if test X"$with_noexec" = X"no"; then + noexec_file=disabled +fi +if test X"${intercept_file} ${noexec_file}" != X"disabled disabled"; then SUDO_DEFINE_UNQUOTED(RTLD_PRELOAD_VAR, "$RTLD_PRELOAD_VAR") - SUDO_DEFINE_UNQUOTED(RTLD_PRELOAD_DELIM, "$RTLD_PRELOAD_DELIM") + SUDO_DEFINE_UNQUOTED(RTLD_PRELOAD_DELIM, '$RTLD_PRELOAD_DELIM') if test -n "$RTLD_PRELOAD_DEFAULT"; then SUDO_DEFINE_UNQUOTED(RTLD_PRELOAD_DEFAULT, "$RTLD_PRELOAD_DEFAULT") fi @@ -2399,7 +2331,7 @@ dnl Only one of S/Key and OPIE may be specified dnl if test X"${with_skey}${with_opie}" = X"yesyes"; then - AC_MSG_ERROR(["cannot use both S/Key and OPIE"]) + AC_MSG_ERROR([cannot use both S/Key and OPIE]) fi dnl @@ -2431,7 +2363,6 @@ dnl dnl C compiler checks (to be done after os checks) dnl -AC_PROG_CC_STDC AC_C_CONST AC_C_INLINE AC_C_VOLATILE @@ -2446,7 +2377,7 @@ ], [sudo_fprintf(stderr, "a %s", "test");])], [AC_MSG_RESULT([yes])], [AC_MSG_RESULT([no]) AC_DEFINE([NO_VARIADIC_MACROS], [1], [Define if your C preprocessor does not support variadic macros.]) - AC_MSG_WARN([Your C preprocessor doesn't support variadic macros, debugging support will be limited]) + AC_MSG_WARN([your C preprocessor doesn't support variadic macros, debugging support will be limited]) SUDO_APPEND_COMPAT_EXP(sudo_debug_printf_nvm_v1) ]) @@ -2460,17 +2391,22 @@ SUDO_PROG_BSHELL if test -z "$with_sendmail"; then SUDO_PROG_SENDMAIL + with_sendmail="$ac_cv_path_SENDMAILPROG" fi SUDO_PROG_VI dnl +dnl Use fully-qualified path to vi in the manual +dnl +if test -z "$with_editor"; then + editor="$ac_cv_path_VIPROG" +fi +dnl dnl Check for authpriv support in syslog dnl -AC_MSG_CHECKING(which syslog facility sudo should log with) if test X"$with_logfac" = X""; then - AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[#include ]], [[int i = LOG_AUTHPRIV; (void)i;]])], [logfac=authpriv]) + AC_CHECK_DECL([LOG_AUTHPRIV], [logfac=authpriv], [], [#include ]) fi AC_DEFINE_UNQUOTED(LOGFAC, "$logfac", [The syslog facility sudo will use.]) -AC_MSG_RESULT($logfac) dnl dnl Header file checks dnl @@ -2519,13 +2455,14 @@ esac AC_SYS_POSIX_TERMIOS if test "$ac_cv_sys_posix_termios" != "yes"; then - AC_MSG_ERROR([Must have POSIX termios to build sudo]) + AC_MSG_ERROR([must have POSIX termios to build sudo]) fi SUDO_MAILDIR if test ${with_logincap-'no'} != "no"; then AC_CHECK_HEADERS([login_cap.h], [LOGINCAP_USAGE='[[-c class]] '; LCMAN=1 + with_logincap=yes case "$OS" in - freebsd|netbsd) + freebsd*|netbsd*) SUDO_LIBS="${SUDO_LIBS} -lutil" SUDOERS_LIBS="${SUDOERS_LIBS} -lutil" ;; @@ -2538,7 +2475,7 @@ AC_DEFINE(HAVE_PROJECT_H) SUDO_LIBS="${SUDO_LIBS} -lproject" ]) - ], []) + ], [with_project=no]) fi dnl dnl typedef checks @@ -2553,7 +2490,7 @@ #include ]) AC_TYPE_LONG_LONG_INT if test X"$ac_cv_type_long_long_int" != X"yes"; then - AC_MSG_ERROR(["C compiler does not appear to support the long long int type"]) + AC_MSG_ERROR([C compiler does not appear to support the long long int type]) fi AC_CHECK_TYPE(intmax_t, long long) AC_CHECK_TYPE(uintmax_t, unsigned long long) @@ -2580,21 +2517,7 @@ dnl dnl Python plugin support dnl -AC_MSG_CHECKING(whether to compile python plugin support) -AC_ARG_ENABLE(python, -[AS_HELP_STRING([--enable-python], [Compile python plugin support])], -[ case "$enableval" in - yes|no) - AC_MSG_RESULT($enableval) - USE_PYTHON=$enableval - ;; - *) - AC_MSG_WARN([Ignoring unknown argument to --enable-python: $enableval]) - ;; - esac -], AC_MSG_RESULT(no)) - -if test ${USE_PYTHON-'no'} = "yes"; then +if test ${enable_python-'no'} = "yes"; then AM_PATH_PYTHON([3]) AC_ARG_VAR([PYTHON_INCLUDE], [Include flags for python, bypassing python-config]) @@ -2612,10 +2535,8 @@ ]) AS_IF([test -z "$PYTHON_INCLUDE"], [ - AC_MSG_CHECKING([python include flags]) # Pull out python include path, ignore other flags PYTHON_INCLUDE=`$PYTHON_CONFIG --cflags | tr " " "\n" | grep "^-I" | sort -u | tr "\n" " "` - AC_MSG_RESULT([$PYTHON_INCLUDE]) ]) AS_IF([test -z "$PYTHON_LIBS"], [ @@ -2625,10 +2546,8 @@ else PY_EMBED= fi - AC_MSG_CHECKING([python linker flags]) PYTHON_LIBS=`$PYTHON_CONFIG --ldflags $PY_EMBED` PYTHON_LIBS=`$PYTHON_CONFIG --ldflags $PY_EMBED | tr " " "\n" | grep "^-[[lL]]" | tr "\n" " "` - AC_MSG_RESULT([$PYTHON_LIBS]) ]) PPFILES="$PPFILES "'$(srcdir)/etc/sudo-python.pp' @@ -2641,20 +2560,19 @@ dnl Function checks dnl AC_FUNC_GETGROUPS -AC_CHECK_FUNCS_ONCE([fexecve killpg nl_langinfo faccessat wordexp getauxval fseeko]) -case "$host_os" in - hpux*) - if test X"$ac_cv_func_pread" = X"yes"; then - O_CPPFLAGS="$CPPFLAGS" - CPPFLAGS="$CPPFLAGS -D_LARGEFILE64_SOURCE" +AC_FUNC_FSEEKO +AC_CHECK_FUNCS_ONCE([fexecve fmemopen killpg nl_langinfo faccessat wordexp getauxval strtoull]) +AC_CHECK_FUNCS([execvpe], [SUDO_APPEND_INTERCEPT_EXP(execvpe)]) +AC_CHECK_FUNCS([pread], [ + # pread/pwrite on 32-bit HP-UX 11.x may not support large files + case "$host_os" in + hpux*|hiuxmpp*) AC_CHECK_FUNCS([pread64 pwrite64], [ - AC_DEFINE([_LARGEFILE64_SOURCE], [1], [Define to 1 to enable 64-bit versions of standard C functions on 32-bit systems.]) + AC_CHECK_DECLS([pread64, pwrite64]) ]) - CPPFLAGS="$O_CPPFLAGS" - fi - ;; -esac -AC_CHECK_FUNCS([pread], [], [ + ;; + esac +], [ AC_LIBOBJ(pread) SUDO_APPEND_COMPAT_EXP(sudo_pread) ]) @@ -2666,6 +2584,18 @@ AC_LIBOBJ(cfmakeraw) SUDO_APPEND_COMPAT_EXP(sudo_cfmakeraw) ]) +AC_CHECK_FUNCS([localtime_r], [], [ + AC_LIBOBJ(localtime_r) + SUDO_APPEND_COMPAT_EXP(sudo_localtime_r) +]) +AC_CHECK_FUNCS([gmtime_r], [], [ + AC_LIBOBJ(gmtime_r) + SUDO_APPEND_COMPAT_EXP(sudo_gmtime_r) +]) +AC_CHECK_FUNCS([timegm], [], [ + AC_LIBOBJ(timegm) + SUDO_APPEND_COMPAT_EXP(sudo_timegm) +]) AC_CHECK_FUNCS([getgrouplist], [], [ case "$host_os" in aix*) @@ -2689,15 +2619,16 @@ ]) ]) ], [ - # HP-UX - AC_CHECK_FUNC([__nss_XbyY_buf_alloc], [ - AC_CHECK_FUNC([__nss_initf_group], [ - AC_CHECK_HEADERS([nss_dbdefs.h]) - AC_DEFINE([HAVE_NSS_SEARCH]) - AC_DEFINE([HAVE___NSS_XBYY_BUF_ALLOC]) - AC_DEFINE([HAVE___NSS_INITF_GROUP]) - ]) - ]) + dnl HP-UX support disabled until "group: compat" fixed + dnl # HP-UX + dnl AC_CHECK_FUNC([__nss_XbyY_buf_alloc], [ + dnl AC_CHECK_FUNC([__nss_initf_group], [ + dnl AC_CHECK_HEADERS([nss_dbdefs.h]) + dnl AC_DEFINE([HAVE_NSS_SEARCH]) + dnl AC_DEFINE([HAVE___NSS_XBYY_BUF_ALLOC]) + dnl AC_DEFINE([HAVE___NSS_INITF_GROUP]) + dnl ]) + dnl]) ]) ]) ;; @@ -2712,7 +2643,10 @@ SUDO_APPEND_COMPAT_EXP(sudo_getdelim) COMPAT_TEST_PROGS="${COMPAT_TEST_PROGS}${COMPAT_TEST_PROGS+ }getdelim_test" ]) -AC_CHECK_FUNCS([getusershell], [], [ +AC_CHECK_FUNCS([getusershell], [ + # Older Solaris has getusershell() et al but does not declare it. + AC_CHECK_DECLS([getusershell]) +], [ AC_LIBOBJ(getusershell) SUDO_APPEND_COMPAT_EXP(sudo_getusershell) ]) @@ -2886,6 +2820,10 @@ SUDO_APPEND_COMPAT_EXP(sudo_nanosleep) ]) ]) +AC_CHECK_FUNCS([mkdirat], [], [ + AC_LIBOBJ(mkdirat) + SUDO_APPEND_COMPAT_EXP(sudo_mkdirat) +]) AC_CHECK_FUNCS([openat], [], [ AC_LIBOBJ(openat) SUDO_APPEND_COMPAT_EXP(sudo_openat) @@ -2946,13 +2884,11 @@ AC_CHECK_FUNCS([getopt_long], [], [ AC_LIBOBJ(getopt_long) SUDO_APPEND_COMPAT_EXP(sudo_getopt_long sudo_getopt_long_only) - AC_MSG_CHECKING([for optreset]) - AC_CACHE_VAL(sudo_cv_optreset, [ + AC_CACHE_CHECK([for optreset], sudo_cv_optreset, [ AC_LINK_IFELSE([AC_LANG_PROGRAM([[]], [[extern int optreset; optreset = 1; return optreset;]])], [sudo_cv_optreset=yes], [sudo_cv_optreset=no])]) if test "$sudo_cv_optreset" = "yes"; then AC_DEFINE(HAVE_OPTRESET) fi - AC_MSG_RESULT($sudo_cv_optreset) ]) AC_CHECK_FUNCS([closefrom], [], [AC_LIBOBJ(closefrom) SUDO_APPEND_COMPAT_EXP(sudo_closefrom) @@ -2998,11 +2934,6 @@ [AC_CHECK_MEMBER([struct stat.st_nmtime], AC_DEFINE(HAVE_ST_NMTIME))]) ] ) -AC_CHECK_FUNCS([vsyslog], [], [ - AC_LIBOBJ(vsyslog) - SUDO_APPEND_COMPAT_EXP(sudo_vsyslog) - COMPAT_TEST_PROGS="${COMPAT_TEST_PROGS}${COMPAT_TEST_PROGS+ }vsyslog_test" -]) dnl dnl 4.4BSD-based systems can force the password or group file to be held open dnl @@ -3032,51 +2963,135 @@ dnl dnl Check for functions only present in OpenSSL 1.1 and above dnl +openssl_missing=no if test "${enable_openssl-no}" != no; then - # Use OpenSSL's sha2 functions - AC_DEFINE(HAVE_OPENSSL) - DIGEST=digest_openssl.lo - # Use pkg-config to find the openssl cflags and libs if possible. - if test "$enable_openssl" != "yes"; then + if test "$enable_openssl" != "yes" -a "$enable_openssl" != "maybe"; then PKG_CONFIG_LIBDIR="${enable_openssl}/lib/pkgconfig:${enable_openssl}/lib64/pkgconfig:${enable_openssl}/share/pkgconfig" export PKG_CONFIG_LIBDIR - fi - if $PKG_CONFIG --exists openssl >/dev/null 2>&1; then - # Check whether --static is needed + elif test "$cross_compiling" = "yes" -a -z "$PKG_CONFIG"; then + # Cannot use pkg-config when cross-compiling + PKG_CONFIG=false + fi + : ${PKG_CONFIG='pkg-config'} + pkg_openssl=`printf $enable_openssl_pkgconfig_template "openssl"` + pkg_libcrypto=lib`printf $enable_openssl_pkgconfig_template "crypto"` + if $PKG_CONFIG --exists "$pkg_openssl >= 1.0.1" >/dev/null 2>&1; then + AC_DEFINE(HAVE_OPENSSL) + if test "$enable_openssl" = "maybe"; then + enable_openssl=yes + fi + O_LDFLAGS="$LDFLAGS" - LDFLAGS="$LDFLAGS `$PKG_CONFIG --libs-only-L openssl`" - AC_CHECK_LIB([ssl], [SSL_library_init], [STATIC=""], [STATIC="--static"], [-lcrypto]) + LDFLAGS="$LDFLAGS `$PKG_CONFIG --libs-only-L $pkg_openssl`" + # Check whether --static is needed (don't assume name of ssl lib) + libssl="`$PKG_CONFIG --libs-only-l $pkg_openssl | sed 's/^ *-l//'`" + libssl_extra=`echo $libssl | sed 's/^[[^ ]]* *//'` + libssl=`echo $libssl | sed 's/ .*//'` + AC_CHECK_LIB($libssl, SSL_new, [STATIC=""], [STATIC="--static"], [$libssl_extra]) + + # Use OpenSSL's sha2 functions if possible (don't assume name of crypto) + libcrypto="`$PKG_CONFIG --libs-only-l $pkg_libcrypto | sed -e 's/^ *-l//' -e 's/ .*//'`" + AC_CHECK_LIB($libcrypto, EVP_MD_CTX_new, [DIGEST=digest_openssl.lo]) LDFLAGS="$O_LDFLAGS" # Use pkg-config to determine OpenSSL libs and cflags - LIBTLS=`$PKG_CONFIG $STATIC --libs openssl` - if $PKG_CONFIG --exists libcrypto >/dev/null 2>&1; then - LIBMD=`$PKG_CONFIG $STATIC --libs libcrypto` + for f in `$PKG_CONFIG $STATIC --libs $pkg_openssl`; do + case "$f" in + -L*) + f="${f#-L}" + SUDO_APPEND_LIBPATH([LIBTLS], [$f]) + ;; + *) + AX_APPEND_FLAG([$f], [LIBTLS]) + ;; + esac + done + if $PKG_CONFIG --exists $pkg_libcrypto >/dev/null 2>&1; then + LIBCRYPTO=`$PKG_CONFIG $STATIC --libs $pkg_libcrypto` + for f in `$PKG_CONFIG $STATIC --libs $pkg_libcrypto`; do + case "$f" in + -L*) + f="${f#-L}" + SUDO_APPEND_LIBPATH([LIBCRYPTO], [$f]) + ;; + *) + AX_APPEND_FLAG([$f], [LIBCRYPTO]) + ;; + esac + done else # No separate pkg config for libcrypto - LIBMD="$LIBTLS" + LIBCRYPTO="$LIBTLS" + LIBCRYPTO_R="$LIBTLS_R" fi - for f in `$PKG_CONFIG --cflags-only-I openssl`; do + for f in `$PKG_CONFIG --cflags-only-I $pkg_openssl`; do AX_APPEND_FLAG([$f], [CPPFLAGS]) done else # No pkg-config file present, try to do it manually - if test "$enable_openssl" != "yes"; then - AX_APPEND_FLAG([-I${enable_openssl}/include], [CPPFLAGS]) - SUDO_APPEND_LIBPATH(LIBMD, [${enable_openssl}/lib]) - SUDO_APPEND_LIBPATH(LIBTLS, [${enable_openssl}/lib]) + O_LDFLAGS="$LDFLAGS" + if test "$enable_openssl" != "yes" -a "$enable_openssl" != "maybe"; then + SUDO_APPEND_LIBPATH(LDFLAGS, [${enable_openssl}/lib]) fi - LIBMD="${LIBMD} -lcrypto" - LIBTLS="${LIBTLS} -lcrypto -lssl" + AC_CHECK_LIB(ssl, SSL_new, [ + # Check OPENSSL_VERSION_NUMBER in headers + O_CPPFLAGS="$CPPFLAGS" + if test "$enable_openssl" != "yes" -a "$enable_openssl" != "maybe"; then + # Note: we only reset CPPFLAGS on failure + AX_APPEND_FLAG([-I${enable_openssl}/include], [CPPFLAGS]) + fi + AC_PREPROC_IFELSE([AC_LANG_PROGRAM([[#include +#if !defined(OPENSSL_VERSION_NUMBER) || OPENSSL_VERSION_NUMBER < 0x1000100fL +#error "OpenSSL too old" +#endif +]])], [ + # OpenSSL >= 1.0.1 detected, use it. + AC_DEFINE(HAVE_OPENSSL) + if test "$enable_openssl" != "yes" -a "$enable_openssl" != "maybe"; then + SUDO_APPEND_LIBPATH(LIBCRYPTO, [${enable_openssl}/lib]) + SUDO_APPEND_LIBPATH(LIBTLS, [${enable_openssl}/lib]) + else + enable_openssl=yes + fi + LIBCRYPTO="${LIBCRYPTO} -lcrypto" + LIBTLS="${LIBTLS} -lssl -lcrypto" + + # Use OpenSSL's sha2 functions if possible + AC_CHECK_LIB(crypto, EVP_MD_CTX_new, [ + DIGEST=digest_openssl.lo + ]) +], [ + # OpenSSL < 1.0.1 detected, ignore it. + if test "$enable_openssl" = "maybe"; then + AC_MSG_WARN([OpenSSL too old (1.0.1 or higher required), Sudo logsrv connections will not be encrypted.]) + enable_openssl=no + else + AC_MSG_ERROR([OpenSSL too old (1.0.1 or higher required).]) + fi + CPPFLAGS="$O_CPPFLAGS" +]) + ], [ + if test "$enable_openssl" = "maybe"; then + openssl_missing=yes + enable_openssl=no + else + AC_MSG_ERROR([OpenSSL development libraries not found.]) + fi + ], [-lcrypto]) + LDFLAGS="$O_LDFLAGS" fi - if test "$enable_openssl" != "yes"; then - unset PKG_CONFIG_LIBDIR + if test "$enable_openssl" != "yes" -a "$enable_openssl" != "maybe"; then + unset PKG_CONFIG_LIBDIRS fi - +fi +dnl +dnl Note that enable_openssl may be reset above. +dnl +if test "${enable_openssl-no}" != no; then OLIBS="$LIBS" LIBS="$LIBS $LIBTLS" - AC_CHECK_FUNCS([X509_STORE_CTX_get0_cert ASN1_STRING_get0_data SSL_CTX_get0_certificate TLS_client_method TLS_server_method]) + AC_CHECK_FUNCS([X509_STORE_CTX_get0_cert ASN1_STRING_get0_data SSL_CTX_get0_certificate SSL_CTX_set0_tmp_dh_pkey TLS_method]) # SSL_CTX_set_min_proto_version may be a macro AC_CHECK_DECL([SSL_CTX_set_min_proto_version], [AC_DEFINE(HAVE_SSL_CTX_SET_MIN_PROTO_VERSION)], [], [ AC_INCLUDES_DEFAULT @@ -3101,7 +3116,132 @@ fi fi dnl -dnl Check for sha2 functions if not using openssl or gcrypt +dnl Check for OpenSSL compatibility functions in wolfSSL +dnl +if test "${enable_wolfssl-no}" != no; then + # Use pkg-config to find the wolfssl cflags and libs if possible. + if test "$enable_wolfssl" != "yes"; then + PKG_CONFIG_LIBDIR="${enable_wolfssl}/lib/pkgconfig:${enable_wolfssl}/lib64/pkgconfig:${enable_wolfssl}/share/pkgconfig" + export PKG_CONFIG_LIBDIR + elif test "$cross_compiling" = "yes" -a -z "$PKG_CONFIG"; then + # Cannot use pkg-config when cross-compiling + PKG_CONFIG=false + fi + : ${PKG_CONFIG='pkg-config'} + if $PKG_CONFIG --exists wolfssl >/dev/null 2>&1; then + AC_DEFINE(HAVE_OPENSSL) + AC_DEFINE(HAVE_WOLFSSL) + + O_CPPFLAGS="$CPPFLAGS" + CPPFLAGS="$CPPFLAGS `$PKG_CONFIG --cflags-only-I wolfssl`" + O_LDFLAGS="$LDFLAGS" + LDFLAGS="$LDFLAGS `$PKG_CONFIG --libs-only-L wolfssl`" + + # Check whether --static is needed + libssl="`$PKG_CONFIG --libs-only-l wolfssl | sed 's/^ *-l//'`" + libssl_extra=`echo $libssl | sed 's/^[[^ ]]* *//'` + libssl=`echo $libssl | sed 's/ .*//'` + AC_CHECK_LIB($libssl, wolfSSL_new, [STATIC=""], [STATIC="--static"], [$libssl_extra]) + + # Use wolfSSL's sha2 functions if possible + AC_CHECK_DECL([EVP_MD_CTX_new], [DIGEST=digest_openssl.lo], [], [ + AC_INCLUDES_DEFAULT + #include + #include + ]) + CPPFLAGS="$O_CPPFLAGS" + LDFLAGS="$O_LDFLAGS" + + # Use pkg-config to determine wolfSSL libs and cflags + for f in `$PKG_CONFIG $STATIC --libs wolfssl`; do + case "$f" in + -L*) + f="${f#-L}" + SUDO_APPEND_LIBPATH([LIBTLS], [$f]) + ;; + *) + AX_APPEND_FLAG([$f], [LIBTLS]) + ;; + esac + done + # No separate pkg config for libcrypto + LIBCRYPTO="$LIBTLS" + LIBCRYPTO_R="$LIBTLS_R" + for f in `$PKG_CONFIG --cflags-only-I wolfssl`; do + AX_APPEND_FLAG([$f], [CPPFLAGS]) + # So we find the openssl compat headers under wolfssl + AX_APPEND_FLAG([$f/wolfssl], [CPPFLAGS]) + done + if test "$CPPFLAGS" = "$O_CPPFLAGS"; then + # So we find the openssl compat headers under wolfssl (XXX) + AX_APPEND_FLAG([-I/usr/include/wolfssl], [CPPFLAGS]) + fi + else + AC_DEFINE(HAVE_OPENSSL) + AC_DEFINE(HAVE_WOLFSSL) + + # No pkg-config file present, try to do it manually + if test "$enable_wolfssl" != "yes"; then + SUDO_APPEND_LIBPATH(LIBCRYPTO, [${enable_wolfssl}/lib]) + SUDO_APPEND_LIBPATH(LIBTLS, [${enable_wolfssl}/lib]) + AX_APPEND_FLAG([-I${enable_wolfssl}/include], [CPPFLAGS]) + # So we find the openssl compat headers under wolfssl + AX_APPEND_FLAG([-I${enable_wolfssl}/include/wolfssl], [CPPFLAGS]) + else + # So we find the openssl compat headers under wolfssl (XXX) + AX_APPEND_FLAG([-I/usr/include/wolfssl], [CPPFLAGS]) + fi + LIBTLS="${LIBTLS} -lwolfssl" + LIBCRYPTO="${LIBCRYPTO} -lwolfssl" + + # Use wolfSSL's sha2 functions if possible + AC_CHECK_DECL([EVP_MD_CTX_new], [DIGEST=digest_openssl.lo], [], [ + AC_INCLUDES_DEFAULT + #include + #include + ]) + fi + dnl + dnl Check for specific OpenSSL API compatibility macros + dnl + AC_CHECK_DECL([X509_STORE_CTX_get0_cert], [AC_DEFINE(HAVE_X509_STORE_CTX_GET0_CERT)], [], [ + AC_INCLUDES_DEFAULT + #include + #include + ]) + AC_CHECK_DECL([ASN1_STRING_get0_data], [AC_DEFINE(HAVE_ASN1_STRING_GET0_DATA)], [], [ + AC_INCLUDES_DEFAULT + #include + #include + ]) + AC_CHECK_DECL([SSL_CTX_get0_certificate], [AC_DEFINE(HAVE_SSL_CTX_GET0_CERTIFICATE)], [], [ + AC_INCLUDES_DEFAULT + #include + #include + ]) + AC_CHECK_DECL([SSL_CTX_set0_tmp_dh_pkey], [AC_DEFINE(HAVE_SSL_CTX_SET0_TMP_DH_PKEY)], [], [ + AC_INCLUDES_DEFAULT + #include + #include + ]) + AC_CHECK_DECL([TLS_method], [AC_DEFINE(HAVE_TLS_METHOD)], [], [ + AC_INCLUDES_DEFAULT + #include + #include + ]) + AC_CHECK_DECL([SSL_CTX_set_min_proto_version], [AC_DEFINE(HAVE_SSL_CTX_SET_MIN_PROTO_VERSION)], [], [ + AC_INCLUDES_DEFAULT + #include + #include + ]) + AC_CHECK_DECL([SSL_CTX_set_ciphersuites], [AC_DEFINE(HAVE_SSL_CTX_SET_CIPHERSUITES)], [], [ + AC_INCLUDES_DEFAULT + #include + #include + ]) +fi +dnl +dnl Check for sha2 functions if not using openssl, wolfssl or gcrypt dnl if test "$DIGEST" = "digest.lo"; then FOUND_SHA2=no @@ -3309,35 +3449,50 @@ LIBS="$OLIBS" dnl +dnl Check for va_copy or __va_copy in stdarg.h +dnl +AC_CACHE_CHECK([for va_copy], sudo_cv_func_va_copy, [ + AC_LINK_IFELSE([AC_LANG_PROGRAM([[#include + va_list ap1, ap2;]], [[va_copy(ap1, ap2);]])], + [sudo_cv_func_va_copy=yes], [sudo_cv_func_va_copy=no]) +]) +if test "$sudo_cv_func_va_copy" = "yes"; then + AC_DEFINE(HAVE_VA_COPY) +else + AC_CACHE_CHECK([for __va_copy], sudo_cv_func___va_copy, [ + AC_LINK_IFELSE([AC_LANG_PROGRAM([[#include + va_list ap1, ap2;]], [[__va_copy(ap1, ap2);]])], + [sudo_cv_func___va_copy=yes], [sudo_cv_func___va_copy=no]) + ]) + if test "$sudo_cv_func___va_copy" = "yes"; then + AC_DEFINE(HAVE___VA_COPY) + fi +fi + +dnl dnl Check for getprogname()/setprogname() or __progname dnl AC_CHECK_FUNCS([getprogname], [ AC_CHECK_FUNCS([setprogname], [], [SUDO_APPEND_COMPAT_EXP(sudo_setprogname)]) ], [ - AC_MSG_CHECKING([for __progname]) - AC_CACHE_VAL(sudo_cv___progname, [ + AC_CACHE_CHECK([for __progname], sudo_cv___progname, [ AC_LINK_IFELSE([AC_LANG_PROGRAM([[]], [[extern char *__progname; if (__progname[0] == '\0') return 1;]])], [sudo_cv___progname=yes], [sudo_cv___progname=no])]) if test "$sudo_cv___progname" = "yes"; then AC_DEFINE(HAVE___PROGNAME) fi - AC_MSG_RESULT($sudo_cv___progname) SUDO_APPEND_COMPAT_EXP(sudo_getprogname) SUDO_APPEND_COMPAT_EXP(sudo_setprogname) ]) dnl dnl Check for __func__ or __FUNCTION__ dnl -AC_MSG_CHECKING([for __func__]) -AC_CACHE_VAL(sudo_cv___func__, [ +AC_CACHE_CHECK([for __func__], sudo_cv___func__, [ AC_LINK_IFELSE([AC_LANG_PROGRAM([[]], [[if (__func__[0] == '\0') return 1;]])], [sudo_cv___func__=yes], [sudo_cv___func__=no])]) -AC_MSG_RESULT($sudo_cv___func__) if test "$sudo_cv___func__" = "yes"; then AC_DEFINE(HAVE___FUNC__) elif test -n "$GCC"; then - AC_MSG_CHECKING([for __FUNCTION__]) - AC_CACHE_VAL(sudo_cv___FUNCTION__, [ + AC_CACHE_CHECK([for __FUNCTION__], sudo_cv___FUNCTION__, [ AC_LINK_IFELSE([AC_LANG_PROGRAM([[]], [[if(__FUNCTION__[0] == '\0') return 1;]])], [sudo_cv___FUNCTION__=yes], [sudo_cv___FUNCTION__=no])]) - AC_MSG_RESULT($sudo_cv___FUNCTION__) if test "$sudo_cv___FUNCTION__" = "yes"; then AC_DEFINE(HAVE___FUNC__) AC_DEFINE(__func__, __FUNCTION__, [Define to __FUNCTION__ if your compiler supports __FUNCTION__ but not __func__]) @@ -3443,7 +3598,7 @@ AC_CONFIG_FILES([lib/zlib/Makefile]) if test X"$enable_shared" = X"no" -o "$enable_zlib" = "static"; then if test "$enable_zlib" = "shared"; then - AC_MSG_ERROR(["Unable to build shared libraries on this system"]) + AC_MSG_ERROR([unable to build shared libraries on this system]) fi # Build as convenience library ZLIB_LDFLAGS=-no-install @@ -3470,7 +3625,7 @@ dnl dnl Check for incomplete limits.h and missing SIZE_MAX. dnl -AC_CHECK_DECLS([LLONG_MAX, LLONG_MIN, ULLONG_MAX, PATH_MAX], [], [], [ +AC_CHECK_DECLS([LLONG_MAX, LLONG_MIN, ULLONG_MAX, PATH_MAX, SSIZE_MAX], [], [], [ #include #include ]) @@ -3645,17 +3800,17 @@ with_pam=yes elif test "$with_pam" = "yes"; then if test "$found_pam_lib" = "no"; then - AC_MSG_ERROR(["--with-pam specified but unable to locate PAM development library."]) + AC_MSG_ERROR([--with-pam specified but unable to locate PAM development library.]) fi if test "$found_pam_hdrs" = "no"; then - AC_MSG_ERROR(["--with-pam specified but unable to locate PAM development headers."]) + AC_MSG_ERROR([--with-pam specified but unable to locate PAM development headers.]) fi elif test "$found_pam_lib" != "$found_pam_hdrs"; then if test "$found_pam_lib" = "no"; then - AC_MSG_ERROR(["found PAM headers but no PAM development library; specify --without-pam to build without PAM"]) + AC_MSG_ERROR([found PAM headers but no PAM development library; specify --without-pam to build without PAM]) fi if test "$found_pam_hdrs" = "no"; then - AC_MSG_ERROR(["found PAM library but no PAM development headers; specify --without-pam to build without PAM"]) + AC_MSG_ERROR([found PAM library but no PAM development headers; specify --without-pam to build without PAM]) fi fi @@ -3675,29 +3830,23 @@ AC_ARG_WITH(pam-login, [AS_HELP_STRING([--with-pam-login], [enable specific PAM session for sudo -i])], [case $with_pam_login in yes) AC_DEFINE([HAVE_PAM_LOGIN]) - AC_MSG_CHECKING(whether to use PAM login) - AC_MSG_RESULT(yes) pam_login_service="sudo-i" ;; no) ;; - *) AC_MSG_ERROR(["--with-pam-login does not take an argument."]) + *) AC_MSG_ERROR([--with-pam-login does not take an argument.]) ;; esac]) - AC_MSG_CHECKING(whether to use PAM session support) AC_ARG_ENABLE(pam_session, [AS_HELP_STRING([--disable-pam-session], [Disable PAM session support])], [ case "$enableval" in - yes) AC_MSG_RESULT(yes) - ;; - no) AC_MSG_RESULT(no) - AC_DEFINE(NO_PAM_SESSION) + yes) ;; + no) AC_DEFINE(NO_PAM_SESSION) pam_session=off ;; - *) AC_MSG_RESULT(no) - AC_MSG_WARN([Ignoring unknown argument to --enable-pam-session: $enableval]) + *) AC_MSG_WARN([ignoring unknown argument to --enable-pam-session: $enableval]) ;; - esac], AC_MSG_RESULT(yes)) + esac]) fi fi @@ -3796,7 +3945,9 @@ if test -n "$KRB5CONFIG"; then AC_DEFINE(HAVE_KERB5) AUTH_OBJS="$AUTH_OBJS kerb5.lo" - AX_APPEND_FLAG([`krb5-config --cflags`], [CPPFLAGS]) + for f in `krb5-config --cflags`; do + AX_APPEND_FLAG([$f], [CPPFLAGS]) + done SUDOERS_LIBS="$SUDOERS_LIBS `krb5-config --libs`" dnl dnl Try to determine whether we have Heimdal or MIT Kerberos @@ -3823,7 +3974,7 @@ done if test X"$found" = X"no"; then CPPFLAGS="$O_CPPFLAGS" - AC_MSG_WARN([Unable to locate Kerberos V include files, you will have to edit the Makefile and add -I/path/to/krb/includes to CPPFLAGS]) + AC_MSG_WARN([unable to locate Kerberos V include files, you will have to edit the Makefile and add -I/path/to/krb/includes to CPPFLAGS]) fi else dnl XXX - try to include krb5.h here too @@ -3867,18 +4018,15 @@ AC_DEFINE(HAVE_KRB5_GET_INIT_CREDS_OPT_FREE_TWO_ARGS) fi LIBS="$_LIBS" - AC_MSG_CHECKING(whether to use an instance name for Kerberos V) AC_ARG_ENABLE(kerb5-instance, [AS_HELP_STRING([--enable-kerb5-instance], [instance string to append to the username (separated by a slash)])], [ case "$enableval" in - yes) AC_MSG_ERROR(["must give --enable-kerb5-instance an argument."]) - ;; - no) AC_MSG_RESULT(no) + yes) AC_MSG_ERROR([must give --enable-kerb5-instance an argument.]) ;; + no) ;; *) SUDO_DEFINE_UNQUOTED(SUDO_KRB5_INSTANCE, "$enableval") - AC_MSG_RESULT([$enableval]) ;; - esac], AC_MSG_RESULT(no)) + esac]) fi dnl @@ -3895,7 +4043,7 @@ fi done if test -z "$FOUND_AFSLIBDIR"; then - AC_MSG_WARN([Unable to locate AFS libraries, you will have to edit the Makefile and add -L/path/to/afs/libs to SUDOERS_LDFLAGS or rerun configure with the --with-libpath options.]) + AC_MSG_WARN([unable to locate AFS libraries, you will have to edit the Makefile and add -L/path/to/afs/libs to SUDOERS_LDFLAGS or rerun configure with the --with-libpath options.]) fi # Order is important here. Note that we build AFS_LIBS from right to left @@ -3922,7 +4070,7 @@ done if test -z "$FOUND_AFSLIBDIR"; then - AC_MSG_WARN([Unable to locate AFS include dir, you may have to edit the Makefile and add -I/path/to/afs/includes to CPPFLAGS or rerun configure with the --with-incpath options.]) + AC_MSG_WARN([unable to locate AFS include dir, you may have to edit the Makefile and add -I/path/to/afs/includes to CPPFLAGS or rerun configure with the --with-incpath options.]) fi AUTH_OBJS="$AUTH_OBJS afs.lo" @@ -3962,10 +4110,10 @@ SUDO_APPEND_LIBPATH(SUDOERS_LDFLAGS, [${dir}/lib]) fi if test "$found" = "no"; then - AC_MSG_WARN([Unable to locate skey.h, you will have to edit the Makefile and add -I/path/to/skey/includes to CPPFLAGS]) + AC_MSG_WARN([unable to locate skey.h, you will have to edit the Makefile and add -I/path/to/skey/includes to CPPFLAGS]) fi fi - AC_CHECK_LIB(skey, main, [found=yes], [AC_MSG_WARN([Unable to locate libskey.a, you will have to edit the Makefile and add -L/path/to/skey/lib to SUDOERS_LDFLAGS])]) + AC_CHECK_LIB(skey, main, [found=yes], [AC_MSG_WARN([unable to locate libskey.a, you will have to edit the Makefile and add -L/path/to/skey/lib to SUDOERS_LDFLAGS])]) AC_CHECK_LIB(skey, skeyaccess, AC_DEFINE(HAVE_SKEYACCESS)) AC_MSG_CHECKING([for RFC1938-compliant skeychallenge]) @@ -4011,10 +4159,10 @@ SUDO_APPEND_LIBPATH(SUDOERS_LDFLAGS, [${dir}/lib]) fi if test "$found" = "no"; then - AC_MSG_WARN([Unable to locate opie.h, you will have to edit the Makefile and add -I/path/to/opie/includes to CPPFLAGS]) + AC_MSG_WARN([unable to locate opie.h, you will have to edit the Makefile and add -I/path/to/opie/includes to CPPFLAGS]) fi fi - AC_CHECK_LIB(opie, main, [found=yes], [AC_MSG_WARN([Unable to locate libopie.a, you will have to edit the Makefile and add -L/path/to/opie/lib to SUDOERS_LDFLAGS])]) + AC_CHECK_LIB(opie, main, [found=yes], [AC_MSG_WARN([unable to locate libopie.a, you will have to edit the Makefile and add -L/path/to/opie/lib to SUDOERS_LDFLAGS])]) LDFLAGS="$O_LDFLAGS" SUDOERS_LIBS="${SUDOERS_LIBS} -lopie" AUTH_OBJS="$AUTH_OBJS rfc1938.lo" @@ -4042,12 +4190,36 @@ _LIBS="$LIBS" LIBS="$LIBS $shadow_libs" found=no - AC_CHECK_FUNCS([$shadow_funcs], [found=yes]) - if test "$found" = "yes"; then - case "$shadow_funcs" in - *getprpwnam*) SECUREWARE=1;; - esac - else + for func in $shadow_funcs; do + AC_CHECK_FUNC([$func], [ + dnl Enumerate shadow functions instead of using: + dnl AC_DEFINE_UNQUOTED(AS_TR_CPP([HAVE_$func])) + dnl for autoheader's sake and to catch template omissions. + case "$func" in + dispcrypt) + AC_DEFINE(HAVE_DISPCRYPT) + ;; + getprpwnam) + AC_DEFINE(HAVE_GETPRPWNAM) + SECUREWARE=1 + ;; + getpwnam_shadow) + AC_DEFINE(HAVE_GETPWNAM_SHADOW) + ;; + getspnam) + AC_DEFINE(HAVE_GETSPNAM) + ;; + iscomsec) + AC_DEFINE(HAVE_ISCOMSEC) + ;; + *) + AC_MSG_ERROR([unhandled shadow password function $func]) + ;; + esac + found=yes + ]) + done + if test "$found" = "no"; then shadow_libs= fi CHECKSHADOW=false @@ -4133,7 +4305,7 @@ found=no # On HP-UX, libibmldap has a hidden dependency on libCsup case "$host_os" in - hpux*) AC_CHECK_LIB(Csup, main, [IBMLDAP_EXTRA=" -lCsup"]);; + hpux*|hiuxmpp*) AC_CHECK_LIB(Csup, main, [IBMLDAP_EXTRA=" -lCsup"]);; esac AC_SEARCH_LIBS([ldap_init], ["ibmldap${IBMLDAP_EXTRA}" "ibmldap -lidsldif${IBMLDAP_EXTRA}" "ldap" "ldap -llber" "ldap -llber -lssl -lcrypto" "ibmldap${IBMLDAP_EXTRA}]", [ test "${ac_cv_search_ldap_init}" != "none required" && LDAP_LIBS="${ac_cv_search_ldap_init}" @@ -4173,10 +4345,10 @@ ]) if test X${enable_sasl} = X"yes"; then if test X"$found_sasl_h" != X"yes"; then - AC_MSG_ERROR(["--enable-sasl specified but unable to locate SASL development headers."]) + AC_MSG_ERROR([--enable-sasl specified but unable to locate SASL development headers.]) fi if test X"$ac_cv_func_ldap_sasl_interactive_bind_s" != X"yes"; then : - AC_MSG_ERROR(["--enable-sasl specified but SASL support is missing in your LDAP library"]) + AC_MSG_ERROR([--enable-sasl specified but SASL support is missing in your LDAP library]) fi fi fi @@ -4218,7 +4390,7 @@ AC_CHECK_HEADERS([gssapi/gssapi_krb5.h]) elif test X"$ac_cv_header_gssapi_h" = X"no"; then CPPFLAGS="$O_CPPFLAGS" - AC_MSG_WARN([Unable to locate gssapi.h, you will have to edit the Makefile and add -I/path/to/gssapi/includes to CPPFLAGS]) + AC_MSG_WARN([unable to locate gssapi.h, you will have to edit the Makefile and add -I/path/to/gssapi/includes to CPPFLAGS]) fi fi @@ -4238,9 +4410,11 @@ AC_DEFINE(STATIC_SUDOERS_PLUGIN) SUDO_OBJS="${SUDO_OBJS} preload.o" STATIC_SUDOERS="\$(top_builddir)/plugins/sudoers/sudoers.la" - AX_APPEND_FLAG([--tag=disable-shared -static], [SUDOERS_LDFLAGS]) + AX_APPEND_FLAG([-no-install], [SUDOERS_LDFLAGS]) + SUDOERS_LT_STATIC="--tag=disable-shared" LT_STATIC="" else + SUDOERS_LT_STATIC="--tag=disable-static" LT_STATIC="--tag=disable-static" fi ;; @@ -4250,15 +4424,17 @@ AC_DEFINE(STATIC_SUDOERS_PLUGIN) SUDO_OBJS="${SUDO_OBJS} preload.o" STATIC_SUDOERS="\$(top_builddir)/plugins/sudoers/sudoers.la" - AX_APPEND_FLAG([--tag=disable-shared -static], [SUDOERS_LDFLAGS]) + AX_APPEND_FLAG([-no-install], [SUDOERS_LDFLAGS]) + SUDOERS_LT_STATIC="--tag=disable-shared" LT_STATIC="" else + SUDOERS_LT_STATIC="--tag=disable-static" LT_STATIC="--tag=disable-static" fi ;; *) if test X"${ac_cv_func_dlopen}" = X"yes"; then - AC_MSG_ERROR(["dlopen present but libtool doesn't appear to support your platform."]) + AC_MSG_ERROR([dlopen present but libtool doesn't appear to support your platform.]) fi # Preload sudoers module symbols AC_DEFINE(STATIC_SUDOERS_PLUGIN) @@ -4281,10 +4457,9 @@ # if test "$enable_shared_libutil" = "no"; then if test X"$STATIC_SUDOERS" = X""; then - AC_MSG_ERROR(["--disable-shared-libutil may only be specified with --enable-static-sudoers or when dynamic linking is disabled."]) + AC_MSG_ERROR([--disable-shared-libutil may only be specified with --enable-static-sudoers or when dynamic linking is disabled.]) else - # Do not install sudoers or libsudo_util. - AX_APPEND_FLAG([-no-install], [SUDOERS_LDFLAGS]) + # Do not install libsudo_util. AX_APPEND_FLAG([-no-install], [LIBUTIL_LDFLAGS]) fi fi @@ -4295,7 +4470,7 @@ # so always link against -lpthread on HP-UX if it is available. # This check should go after all other libraries tests. case "$host_os" in - hpux*) + hpux*|hiuxmpp*) AC_CHECK_LIB(pthread, main, [SUDO_LIBS="${SUDO_LIBS} -lpthread"]) AC_DEFINE(_REENTRANT) ;; @@ -4309,6 +4484,7 @@ fi SUDO_LOGDIR SUDO_LOGFILE +SUDO_RELAY_DIR SUDO_RUNDIR SUDO_VARDIR SUDO_IO_LOGDIR @@ -4351,6 +4527,12 @@ AC_LANG_WERROR dnl +dnl Don't use sys/sysctl.h if it is marked deprecated (Linux). +dnl This test relies on AC_LANG_WERROR +dnl +AC_CHECK_HEADERS([sys/sysctl.h]) + +dnl dnl If compiler supports the -static-libgcc flag use it unless we have dnl GNU ld (which can avoid linking in libgcc when it is not needed). dnl This test relies on AC_LANG_WERROR @@ -4365,7 +4547,7 @@ dnl We don't do this on NetBSD where RPATH already supports LD_LIBRARY_PATH. dnl case "$OS" in - netbsd) + netbsd*) ;; *) AX_CHECK_LINK_FLAG([-Wl,--enable-new-dtags], [AX_APPEND_FLAG([-Wl,--enable-new-dtags], [LDFLAGS])]) @@ -4373,6 +4555,12 @@ esac dnl +dnl For fuzz_policy we redefine getaddrinfo() and freeaddrinfo(), but +dnl this can cause problems with ld.lld when sanitizers are enabled. +dnl +AX_CHECK_LINK_FLAG([-Wl,--allow-multiple-definition], [AX_APPEND_FLAG([-Wl,--allow-multiple-definition], [LDFLAGS])]) + +dnl dnl Check for symbol visibility support. dnl This test relies on AC_LANG_WERROR dnl @@ -4385,7 +4573,7 @@ ]) else case "$host_os" in - hpux*) + hpux*|hiuxmpp*) AX_CHECK_COMPILE_FLAG([-Bhidden_def], [ # HP-UX cc may not allow __declspec(dllexport) to be # used in conjunction with #pragma HP_DEFINED_EXTERNAL @@ -4481,7 +4669,7 @@ LT_LDDEP="\$(shlib_map)"; LT_LDEXPORTS="-Wl,-M,\$(shlib_map)" fi ;; - hpux*) + hpux*|hiuxmpp*) AC_CACHE_CHECK([whether ld supports controlling exported symbols], [sudo_cv_var_hpux_ld_symbol_export], [ @@ -4510,20 +4698,56 @@ fi dnl -dnl Check for -fsanitize=address,undefined support +dnl Check for -fsanitize support dnl This test relies on AC_LANG_WERROR dnl -if test "$enable_asan" = "yes"; then - AX_CHECK_COMPILE_FLAG([-fsanitize=address -fsanitize=undefined], [ - AX_CHECK_LINK_FLAG([-fsanitize=address -fsanitize=undefined], [ - ASAN_LDFLAGS="-Wc,-fsanitize=address -Wc,-fsanitize=undefined" - ASAN_CFLAGS="-fsanitize=address -fsanitize=undefined" - AX_CHECK_COMPILE_FLAG([-fno-omit-frame-pointer], [ - CFLAGS="$CFLAGS -fno-omit-frame-pointer" - ]) - AC_DEFINE(NO_LEAKS) +if test "$enable_sanitizer" != "no"; then + AX_CHECK_COMPILE_FLAG([$enable_sanitizer], [ + AX_APPEND_FLAG([$enable_sanitizer], [ASAN_CFLAGS]) + AX_APPEND_FLAG([-XCClinker], [ASAN_LDFLAGS]) + AX_APPEND_FLAG([$enable_sanitizer], [ASAN_LDFLAGS]) + AX_CHECK_COMPILE_FLAG([-fno-omit-frame-pointer], [ + AX_APPEND_FLAG([-fno-omit-frame-pointer], [CFLAGS]) + ]) + AC_DEFINE(NO_LEAKS) + dnl + dnl check for libasan.so so we can preload it before sudo_intercept.so + dnl gcc links asan dynamically, clang links it statically. + dnl + case `$CC --version 2>&1` in + *gcc*) + libasan=`$CC -print-file-name=libasan.so 2>/dev/null` + if test -n "$libasan" -a X"$libasan" != X"libasan.so"; then + # libasan.so may be a linker script + libasan="`awk 'BEGIN {lib=ARGV[[1]]} /^INPUT/ {lib=$3} END {print lib}' \"$libasan\"`" + SUDO_DEFINE_UNQUOTED(_PATH_ASAN_LIB, "$libasan", [Path to the libasan.so shared library]) + fi + ;; + esac + ], [ + AC_MSG_ERROR([$CC does not support the $enable_sanitizer flag]) + ]) +fi +if test "$enable_fuzzer" = "yes"; then + AX_CHECK_COMPILE_FLAG([-fsanitize=fuzzer-no-link], [ + AX_APPEND_FLAG([-fsanitize=fuzzer-no-link], [ASAN_CFLAGS]) + AX_APPEND_FLAG([-XCClinker], [ASAN_LDFLAGS]) + AX_APPEND_FLAG([-fsanitize=fuzzer-no-link], [ASAN_LDFLAGS]) + if test -z "$FUZZ_ENGINE"; then + FUZZ_ENGINE="-fsanitize=fuzzer" + fi + AX_CHECK_COMPILE_FLAG([-fno-omit-frame-pointer], [ + AX_APPEND_FLAG([-fno-omit-frame-pointer], [CFLAGS]) ]) + # Use CFLAGS, not CPPFLAGS to match oss-fuzz behavior + AX_APPEND_FLAG([-DFUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION], [CFLAGS]) + AC_DEFINE(NO_LEAKS) + ], [ + AC_MSG_ERROR([$CC does not support the -fsanitize=fuzzer-no-link flag]) ]) +else + # Not using compiler fuzzing support, link with stub library. + FUZZ_ENGINE='$(top_builddir)/lib/fuzzstub/libsudo_fuzzstub.la' fi dnl @@ -4581,7 +4805,7 @@ dnl Check for -fstack-protector and -z relro support dnl This test relies on AC_LANG_WERROR dnl -if test "$enable_hardening" != "no"; then +if test "$enable_hardening" != "no" && test "$enable_ssp" != "no"; then AC_CACHE_CHECK([for compiler stack protector support], [sudo_cv_var_stack_protector], [ @@ -4630,7 +4854,19 @@ SSP_CFLAGS="$sudo_cv_var_stack_protector" SSP_LDFLAGS="-Wc,$sudo_cv_var_stack_protector" fi +fi +if test "$enable_hardening" != "no"; then + AX_CHECK_LINK_FLAG([-fstack-clash-protection], [ + AX_APPEND_FLAG([-fstack-clash-protection], [SSP_CFLAGS]) + AX_APPEND_FLAG([-Wc,-fstack-clash-protection], [SSP_LDFLAGS]) + ]) + AX_CHECK_LINK_FLAG([-fcf-protection], [ + AX_APPEND_FLAG([-fcf-protection], [SSP_CFLAGS]) + AX_APPEND_FLAG([-Wc,-fcf-protection], [SSP_LDFLAGS]) + ]) AX_CHECK_LINK_FLAG([-Wl,-z,relro], [AX_APPEND_FLAG([-Wl,-z,relro], [LDFLAGS])]) + AX_CHECK_LINK_FLAG([-Wl,-z,now], [AX_APPEND_FLAG([-Wl,-z,now], [LDFLAGS])]) + AX_CHECK_LINK_FLAG([-Wl,-z,noexecstack], [AX_APPEND_FLAG([-Wl,-z,noexecstack], [LDFLAGS])]) fi dnl @@ -4640,7 +4876,7 @@ yes|maybe) AUTH_OBJS="$AUTH_OBJS getspwuid.lo passwd.lo" if test "${ac_cv_search_crypt}" = "no"; then - AC_MSG_WARN([No crypt function found, assuming plaintext passwords]) + AC_MSG_WARN([no crypt function found, assuming plaintext passwords]) fi ;; *) @@ -4651,8 +4887,6 @@ ;; esac AUTH_OBJS=${AUTH_OBJS# } -_AUTH=`echo "$AUTH_OBJS" | sed -e 's/\.lo//g' -e 's/getspwuid *//'` -AC_MSG_NOTICE([using the following authentication methods: $_AUTH]) dnl dnl LIBS may contain duplicates from SUDO_LIBS, SUDOERS_LIBS, or NET_LIBS @@ -4682,7 +4916,7 @@ dnl dnl Default warnings for development use. dnl - CFLAGS="${CFLAGS} -Wall -Wsign-compare -Wpointer-arith" + CFLAGS="${CFLAGS} -Wall -Wsign-compare -Wpointer-arith -Wno-unknown-pragmas" AX_CHECK_COMPILE_FLAG([-Wshadow], [CFLAGS="$CFLAGS -Wshadow"]) dnl dnl The fallthrough attribute is supported by gcc 7.0 and clang 10. @@ -4719,6 +4953,10 @@ if test X"$enable_werror" = X"yes"; then CFLAGS="${CFLAGS} -Werror" fi + case "$host" in + # Avoid unwanted warnings on macOS + darwin*) CFLAGS="${CFLAGS} -Wno-deprecated-declarations";; + esac fi dnl @@ -4743,6 +4981,13 @@ fi fi +# Update exec_prefix in intercept_file +_intercept_file= +while test X"$intercept_file" != X"$_intercept_file"; do + _intercept_file="$intercept_file" + eval intercept_file="$_intercept_file" +done + # Update exec_prefix in noexec_file _noexec_file= while test X"$noexec_file" != X"$_noexec_file"; do @@ -4768,18 +5013,18 @@ dnl dnl Defer setting _PATH_SUDO_NOEXEC, etc until after exec_prefix is set dnl +if test X"$enable_intercept" != X"no"; then + SUDO_OBJS="${SUDO_OBJS} intercept.pb-c.o" + PROGS="${PROGS} sudo_intercept.la" + INSTALL_INTERCEPT="install-intercept" + + SUDO_DEFINE_UNQUOTED(_PATH_SUDO_INTERCEPT, "$intercept_file", [The fully qualified pathname of sudo_intercept.so]) +fi if test X"$with_noexec" != X"no"; then PROGS="${PROGS} sudo_noexec.la" INSTALL_NOEXEC="install-noexec" - # Can't use asan with LD_PRELOAD - if test "$enable_asan" != "yes"; then - CHECK_NOEXEC=check_noexec - fi - SUDO_DEFINE_UNQUOTED(_PATH_SUDO_NOEXEC, "$noexec_file", [The fully qualified pathname of sudo_noexec.so]) -else - SUDO_DEFINE_UNQUOTED(_PATH_SUDO_NOEXEC, NULL) fi if test X"$with_selinux" != X"no"; then SUDO_DEFINE_UNQUOTED(_PATH_SUDO_SESH, "$sesh_file") @@ -4805,6 +5050,24 @@ if test X"$ZLIB_R" != X""; then ZLIB="$ZLIB_R $ZLIB" fi +if test X"$LIBCRYPTO_R" != X""; then + LIBCRYPTO="$LIBCRYPTO_R $LIBCRYPTO" +fi +if test X"$LIBTLS_R" != X""; then + LIBTLS="$LIBTLS_R $LIBTLS" +fi + +dnl +dnl Trim leading spaces +dnl +CFLAGS=${CFLAGS# } +CPPFLAGS=${CPPFLAGS# } +LDFLAGS=${LDFLAGS# } +SUDO_LDFLAGS=${SUDO_LDFLAGS# } +SUDOERS_LDFLAGS=${SUDOERS_LDFLAGS# } +LIBS=${LIBS# } +SUDO_LIBS=${SUDO_LIBS# } +SUDOERS_LIBS=${SUDOERS_LIBS# } dnl dnl Override default configure dirs for the Makefile @@ -4834,23 +5097,187 @@ AC_CONFIG_FILES([etc/init.d/sudo.conf]) fi -AC_CONFIG_FILES([Makefile doc/Makefile examples/Makefile examples/sudo.conf include/Makefile lib/eventlog/Makefile lib/iolog/Makefile lib/logsrv/Makefile lib/util/Makefile lib/util/util.exp logsrvd/Makefile src/sudo_usage.h src/Makefile plugins/audit_json/Makefile plugins/sample/Makefile plugins/group_file/Makefile plugins/sample_approval/Makefile plugins/system_group/Makefile plugins/sudoers/Makefile plugins/sudoers/sudoers]) +AC_CONFIG_FILES([Makefile docs/Makefile examples/Makefile examples/sudo.conf include/Makefile lib/eventlog/Makefile lib/fuzzstub/Makefile lib/iolog/Makefile lib/logsrv/Makefile lib/protobuf-c/Makefile lib/util/Makefile lib/util/util.exp logsrvd/Makefile src/intercept.exp src/sudo_usage.h src/Makefile plugins/audit_json/Makefile plugins/sample/Makefile plugins/group_file/Makefile plugins/sample_approval/Makefile plugins/system_group/Makefile plugins/sudoers/Makefile plugins/sudoers/sudoers]) AC_OUTPUT dnl -dnl Spew any text the user needs to know about +dnl Summarize configuration +dnl +if test ${LIBTLS+y}; then + have_tls=yes +fi +echo "" >&AS_MESSAGE_FD +echo "Configured Sudo version $PACKAGE_VERSION" >&AS_MESSAGE_FD +echo " Compiler settings:" >&AS_MESSAGE_FD +echo " prefix : $prefix" >&AS_MESSAGE_FD +echo " compiler : $CC" >&AS_MESSAGE_FD +echo " compiler options : $CFLAGS" >&AS_MESSAGE_FD +echo " preprocessor options : $CPPFLAGS" >&AS_MESSAGE_FD +echo " linker options : $LDFLAGS" >&AS_MESSAGE_FD +echo " front-end libraries : $SUDO_LIBS" >&AS_MESSAGE_FD +echo " sudoers libraries : $SUDOERS_LIBS" >&AS_MESSAGE_FD +echo " extra libraries : $LIBS" >&AS_MESSAGE_FD +if test "${enable_sanitizer-no}" != "no"; then + echo " sanitizer options : ${enable_sanitizer}" >&AS_MESSAGE_FD +fi +if test X"$FUZZ_LD" != X"\$(CC)"; then + echo " fuzzing linker : ${FUZZ_LD}" >&AS_MESSAGE_FD +fi +if test X"$FUZZ_ENGINE" != X"\$(top_builddir)/lib/fuzzstub/libsudo_fuzzstub.la"; then + echo " fuzzing engine : ${FUZZ_ENGINE}" >&AS_MESSAGE_FD +fi +echo " Plugin options:" >&AS_MESSAGE_FD +echo " plugin support : ${SHLIB_ENABLE}" >&AS_MESSAGE_FD +echo " Sudoers plugin static : ${enable_static_sudoers-no}" >&AS_MESSAGE_FD +echo " Python plugin : ${enable_python-no}" >&AS_MESSAGE_FD +if test "${enable_python-no}" != "no"; then + echo " Python CFLAGS : ${PYTHON_INCLUDE}" >&AS_MESSAGE_FD + echo " Python LDFLAGS : ${PYTHON_LIBS}" >&AS_MESSAGE_FD +fi +echo " Optional features:" >&AS_MESSAGE_FD +echo " log client : ${enable_log_client-yes}" >&AS_MESSAGE_FD +echo " log server : ${enable_log_server-yes}" >&AS_MESSAGE_FD +echo " log client/server TLS : ${have_tls-no}" >&AS_MESSAGE_FD +case "$host_os" in + linux*) echo " SELinux RBAC : ${with_selinux-yes}" >&AS_MESSAGE_FD;; +esac +echo " Optional sudoers back-ends:" >&AS_MESSAGE_FD +echo " LDAP : ${with_ldap-no}" >&AS_MESSAGE_FD +if test "${with_ldap-no}" != "no"; then + echo " ldap configuration : ${ldap_conf}" >&AS_MESSAGE_FD + echo " ldap secret : ${ldap_secret}" >&AS_MESSAGE_FD + echo " SASL authentication : ${enable_sasl-no}" >&AS_MESSAGE_FD +fi +echo " SSSD : ${with_sssd-no}" >&AS_MESSAGE_FD +if test "${with_sssd-no}" != "no"; then + echo " SSSD config path : ${sssd_conf}" >&AS_MESSAGE_FD + if test "${sssd_lib}" = \""LIBDIR\""; then + echo " SSSD lib dir : ${libdir}" >&AS_MESSAGE_FD + else + echo " SSSD lib dir : ${sssd_lib}" >&AS_MESSAGE_FD + fi +fi +echo " Authentication options:" >&AS_MESSAGE_FD +echo " require authentication : ${enable_authentication-yes}" >&AS_MESSAGE_FD +auth_methods=`echo "$AUTH_OBJS" | sed -e 's/\.lo//g' -e 's/getspwuid *//'` +echo " authentication methods : ${auth_methods}" >&AS_MESSAGE_FD +if test "${with_pam-no}" = "yes"; then + echo " pam session support : ${pam_session}" >&AS_MESSAGE_FD + echo " pam login service : ${pam_login_service}" >&AS_MESSAGE_FD +fi +if test "${with_kerb5-no}" != "no"; then + echo " kerb5 instance string : ${with_kerb5-none}" >&AS_MESSAGE_FD +fi +if test "${with_opie-no}-${with_skey-no}" != "no-no"; then + echo " long OTP prompt : ${long_otp_prompt-no}" >&AS_MESSAGE_FD +fi +echo " group exempt from passwords : ${with_exempt-none}" >&AS_MESSAGE_FD +echo " password prompt : ${passprompt}" >&AS_MESSAGE_FD +echo " password prompt timeout : ${password_timeout} minutes" >&AS_MESSAGE_FD +echo " password tries : ${passwd_tries}" >&AS_MESSAGE_FD +echo " bad password message : ${badpass_message}" >&AS_MESSAGE_FD +if test "$insults" = "on"; then + i="" + test "$enable_offensive_insults" = "yes" && i="offensive ${i}" + test "$with_python_insults" = "yes" && i="python ${i}" + test "$with_goons_insults" = "yes" && i="goons ${i}" + test "$with_hal_insults" = "yes" && i="hal ${i}" + test "$with_csops_insults" = "yes" && i="csops ${i}" + test "$with_classic_insults" = "yes" && i="classic ${i}" +else + i=no +fi +echo " insults : $i" >&AS_MESSAGE_FD +echo " display lecture : ${lecture}" >&AS_MESSAGE_FD +echo " timestamp (credential) type : ${timestamp_type}" >&AS_MESSAGE_FD +echo " timestamp (credential) timeout: ${timeout} minutes" >&AS_MESSAGE_FD +echo " Logging options:" >&AS_MESSAGE_FD +echo " logging default : ${with_logging}" >&AS_MESSAGE_FD +echo " syslog facility : ${logfac}" >&AS_MESSAGE_FD +echo " syslog priority allowed : ${goodpri}" >&AS_MESSAGE_FD +echo " syslog priority denied : ${badpri}" >&AS_MESSAGE_FD +echo " log file path : ${logpath}" >&AS_MESSAGE_FD +echo " log file includes hostname : ${enable_log_host-no}" >&AS_MESSAGE_FD +echo " log file line length : ${loglen}" >&AS_MESSAGE_FD +echo " compress I/O logs : ${enable_zlib}" >&AS_MESSAGE_FD +case "$host_os" in + linux*) echo " Linux audit : ${with_linux_audit-no}" >&AS_MESSAGE_FD;; + solaris2.11*) echo " Solaris audit : ${with_solaris_audit-no}" >&AS_MESSAGE_FD;; + *) echo " BSM audit : ${with_bsm_audit-no}" >&AS_MESSAGE_FD;; +esac +echo " run mailer as root : ${enable_root_mailer-yes}" >&AS_MESSAGE_FD +echo " warning/error mail recipient : ${mailto}" >&AS_MESSAGE_FD +echo " warning/error mail subject : ${mailsub}" >&AS_MESSAGE_FD +echo " mail if user not in sudoers : ${mail_no_user}" >&AS_MESSAGE_FD +echo " mail if user not on host : ${mail_no_host}" >&AS_MESSAGE_FD +echo " mail if command not allowed : ${mail_no_perms}" >&AS_MESSAGE_FD +echo " Pathnames:" >&AS_MESSAGE_FD +echo " log directory : ${log_dir}" >&AS_MESSAGE_FD +echo " plugin directory : ${plugindir}" >&AS_MESSAGE_FD +echo " run directory : ${rundir}" >&AS_MESSAGE_FD +echo " var directory : ${vardir}" >&AS_MESSAGE_FD +echo " I/O log directory : ${iolog_dir}" >&AS_MESSAGE_FD +echo " sudo_logsrvd relay directory : ${relay_dir}" >&AS_MESSAGE_FD +echo " time zone directory : ${tzdir}" >&AS_MESSAGE_FD +echo " path to sendmail : ${with_sendmail}" >&AS_MESSAGE_FD +if test -n "$TMPFILES_D"; then + echo " systemd tempfiles dir : ${TMPFILES_D}" >&AS_MESSAGE_FD +fi +if test ${with_netsvc-"no"} != "no"; then + echo " netsvc file : ${netsvc_conf}" >&AS_MESSAGE_FD +elif test ${with_nsswitch-"yes"} != "no"; then + echo " nsswitch file : ${nsswitch_conf}" >&AS_MESSAGE_FD +fi +echo " noexec file : ${noexec_file}" >&AS_MESSAGE_FD +echo " secure path : ${with_secure_path-no}" >&AS_MESSAGE_FD +echo " askpass helper file : ${with_askpass-no}" >&AS_MESSAGE_FD +echo " device search path : ${devsearch}" >&AS_MESSAGE_FD +echo " Other options:" >&AS_MESSAGE_FD +if test "${with_devel-no}" != "no"; then + echo " development build : ${with_devel}" >&AS_MESSAGE_FD +fi +case "$host_os" in + solaris2*) echo " Solaris project support : ${with_project-no}" >&AS_MESSAGE_FD;; +esac +if test "${with_logincap+set}" = "set"; then + echo " /etc/login.conf support : ${with_logincap}" >&AS_MESSAGE_FD +fi +echo " fully-qualified domain names : ${fqdn}" >&AS_MESSAGE_FD +echo " default umask : ${sudo_umask}" >&AS_MESSAGE_FD +echo " umask override : ${umask_override}" >&AS_MESSAGE_FD +echo " default runas user : ${runas_default}" >&AS_MESSAGE_FD +echo " probe network interfaces : ${with_interfaces-yes}" >&AS_MESSAGE_FD +echo " allow root to run sudo : ${root_sudo}" >&AS_MESSAGE_FD +echo " reset environment for commands: ${env_reset}" >&AS_MESSAGE_FD +echo " run shell if no args : ${enable_noargs_shell-no}" >&AS_MESSAGE_FD +echo " ignore '.' or '' in \$PATH : ${ignore_dot}" >&AS_MESSAGE_FD +echo " disable path info : ${enable_path_info-no}" >&AS_MESSAGE_FD +echo " sudoers file mode : ${SUDOERS_MODE}" >&AS_MESSAGE_FD +echo " sudoers file owner : ${SUDOERS_UID}:${SUDOERS_GID}" >&AS_MESSAGE_FD +echo " default visudo editor : ${editor}" >&AS_MESSAGE_FD +echo " visudo supports \$EDITOR : ${env_editor}" >&AS_MESSAGE_FD +if test "${enable_env_debug+set}" = "set"; then + echo " environment debugging : ${enable_env_debug-no}" >&AS_MESSAGE_FD +fi +echo "" >&AS_MESSAGE_FD + +dnl +dnl Display any warnings/info the user needs to know about at the end. dnl +if test "$openssl_missing" = "yes"; then + AC_MSG_WARN([OpenSSL dev libraries not found, Sudo logsrv connections will not be encrypted.]) +fi if test "$with_pam" = "yes"; then case $host_os in - hpux*) + hpux*|hiuxmpp*) if test -f /usr/lib/security/libpam_hpsec.so.1; then - AC_MSG_NOTICE([You may wish to add the following line to /etc/pam.conf]) + AC_MSG_NOTICE([you may wish to add the following line to /etc/pam.conf]) AC_MSG_NOTICE([sudo session required libpam_hpsec.so.1 bypass_umask bypass_last_login]) fi ;; linux*) - AC_MSG_NOTICE([You will need to customize examples/pam.conf and install it as /etc/pam.d/sudo]) + AC_MSG_NOTICE([you will need to customize examples/pam.conf and install it as /etc/pam.d/sudo]) ;; esac fi @@ -4866,7 +5293,7 @@ ;; esac if test $clear_rundir -eq 1; then - AC_MSG_NOTICE([Warning: the $rundir/ts directory must be cleared at boot time.]) + AC_MSG_NOTICE([warning: the $rundir/ts directory must be cleared at boot time.]) AC_MSG_NOTICE([ You may need to create a startup item to do this.]) fi @@ -4954,7 +5381,6 @@ AH_TEMPLATE(STATIC_SUDOERS_PLUGIN, [Define to 1 to compile the sudoers plugin statically into the sudo binary.]) AH_TEMPLATE(STUB_LOAD_INTERFACES, [Define to 1 if the code in interfaces.c does not compile for you.]) AH_TEMPLATE(UMASK_OVERRIDE, [Define to 1 to use the umask specified in sudoers even when it is less restrictive than the invoking user's.]) -AH_TEMPLATE(USE_ADMIN_FLAG, [Define to 1 if you want to create ~/.sudo_as_admin_successful if the user is in the admin group the first time they run sudo.]) AH_TEMPLATE(USE_INSULTS, [Define to 1 if you want to insult the user for entering an incorrect password.]) AH_TEMPLATE(USE_STOW, [Define to 1 if you use GNU stow packaging.]) AH_TEMPLATE(WITHOUT_PASSWD, [Define to avoid using the passwd/shadow file for authentication.]) @@ -4983,11 +5409,14 @@ AH_TEMPLATE(HAVE_KINFO_PROC2_NETBSD, [Define to 1 if your system has a NetBSD-style kinfo_proc2 struct.]) AH_TEMPLATE(HAVE_KINFO_PROC_OPENBSD, [Define to 1 if your system has an OpenBSD-style kinfo_proc struct.]) AH_TEMPLATE(HAVE_OPENSSL, [Define to 1 if you are using OpenSSL's TLS and sha2 functions.]) +AH_TEMPLATE(HAVE_WOLFSSL, [Define to 1 if you are using wolfSSL's TLS and sha2 functions.]) AH_TEMPLATE(HAVE_GCRYPT, [Define to 1 if you are using gcrypt's sha2 functions.]) AH_TEMPLATE(HAVE_SSL_CTX_SET_MIN_PROTO_VERSION, [Define to 1 if you have the `SSL_CTX_set_min_proto_version' function or macro.]) AH_TEMPLATE(HAVE_SSL_CTX_SET_CIPHERSUITES, [Define to 1 if you have the `SSL_CTX_set_ciphersuites' function or macro.]) AH_TEMPLATE(SUDOERS_LOG_CLIENT, [Define to 1 to compile support for sudo_logsrvd in the sudoers plugin.]) AH_TEMPLATE(HAVE_FALLTHROUGH_ATTRIBUTE, [Define to 1 if the compiler supports the fallthrough attribute.]) +AH_TEMPLATE(HAVE_VA_COPY, [Define to 1 if you have the `va_copy' function.]) +AH_TEMPLATE(HAVE___VA_COPY, [Define to 1 if you have the `__va_copy' function.]) dnl dnl Bits to copy verbatim into config.h.in diff -Nru sudo-1.9.5p2/debian/NEWS sudo-1.9.9/debian/NEWS --- sudo-1.9.5p2/debian/NEWS 2018-09-19 09:13:32.000000000 +0000 +++ sudo-1.9.9/debian/NEWS 2022-08-03 07:22:17.000000000 +0000 @@ -1,3 +1,12 @@ +sudo (1.9.5p2-3) unstable; urgency=medium + + We have added "Defaults use_pty" to the default configuration. This fixes + CVE-2005-4890 which has been lingering around for more then a decade. + If you would like the old behavior back, please remove the respective line + from /etc/sudoers. + + -- Marc Haber Wed, 24 Feb 2021 17:59:22 +0100 + sudo (1.8.2-1) unstable; urgency=low The sudo package is no longer configured using --with-secure-path. diff -Nru sudo-1.9.5p2/debian/README sudo-1.9.9/debian/README --- sudo-1.9.5p2/debian/README 2018-09-19 09:13:32.000000000 +0000 +++ sudo-1.9.9/debian/README 1970-01-01 00:00:00.000000000 +0000 @@ -1,21 +0,0 @@ -# -# As of Debian version 1.7.2p1-1, the default /etc/sudoers file created on -# installation of the package now includes the directive: -# -# #includedir /etc/sudoers.d -# -# This will cause sudo to read and parse any files in the /etc/sudoers.d -# directory that do not end in '~' or contain a '.' character. -# -# Note that there must be at least one file in the sudoers.d directory (this -# one will do), and all files in this directory should be mode 0440. -# -# Note also, that because sudoers contents can vary widely, no attempt is -# made to add this directive to existing sudoers files on upgrade. Feel free -# to add the above directive to the end of your /etc/sudoers file to enable -# this functionality for existing installations if you wish! -# -# Finally, please note that using the visudo command is the recommended way -# to update sudoers content, since it protects against many failure modes. -# See the man page for visudo for more information. -# diff -Nru sudo-1.9.5p2/debian/changelog sudo-1.9.9/debian/changelog --- sudo-1.9.5p2/debian/changelog 2021-06-21 22:09:32.000000000 +0000 +++ sudo-1.9.9/debian/changelog 2023-04-03 18:00:44.000000000 +0000 @@ -1,3 +1,234 @@ +sudo (1.9.9-1ubuntu2.4) jammy-security; urgency=medium + + * SECURITY UPDATE: does not escape control characters + - debian/patches/CVE-2023-2848x-1.patch: escape control characters in + log messages and sudoreplay output in docs/sudoers.man.in, + docs/sudoers.mdoc.in, docs/sudoreplay.man.in, + docs/sudoreplay.mdoc.in, include/sudo_lbuf.h, + lib/eventlog/eventlog.c, lib/iolog/iolog_json.c, lib/util/lbuf.c, + lib/util/util.exp.in, plugins/sudoers/sudoreplay.c. + - debian/patches/CVE-2023-2848x-2.patch: fix regression in + lib/eventlog/eventlog.c. + - CVE-2023-28486 + - CVE-2023-28487 + + -- Marc Deslauriers Mon, 03 Apr 2023 14:00:44 -0400 + +sudo (1.9.9-1ubuntu2.3) jammy-security; urgency=medium + + * SECURITY UPDATE: double free with per-command chroot sudoers rules + - debian/patches/CVE-2023-27320.patch: don't free user_cmnd twice in + MANIFEST, plugins/sudoers/match_command.c, + plugins/sudoers/regress/fuzz/fuzz_sudoers.c, + plugins/sudoers/regress/testsudoers/test20.out.ok, + plugins/sudoers/regress/testsudoers/test20.sh, + plugins/sudoers/testsudoers.c, + plugins/sudoers/visudo.c. + - CVE-2023-27320 + + -- Marc Deslauriers Wed, 01 Mar 2023 08:59:37 -0500 + +sudo (1.9.9-1ubuntu2.2) jammy-security; urgency=medium + + * SECURITY UPDATE: arbitrary file overwrite via sudoedit + - debian/patches/CVE-2023-22809.patch: do not permit editor arguments + to include -- in plugins/sudoers/editor.c, plugins/sudoers/sudoers.c, + plugins/sudoers/visudo.c. + - CVE-2023-22809 + * SECURITY UPDATE: DoS via invalid arithmetic shift in Protobuf-c + - debian/patches/CVE-2022-33070.patch: only shift unsigned values in + lib/protobuf-c/protobuf-c.c. + - CVE-2022-33070 + + -- Marc Deslauriers Mon, 16 Jan 2023 07:36:33 -0500 + +sudo (1.9.9-1ubuntu2.1) jammy; urgency=medium + + * Add XDG_CURRENT_DESKTOP to initial_keepenv_table for Qt to determine the + correct theme (LP: #1958055) + + -- Benjamin Drung Thu, 04 Aug 2022 12:35:21 +0200 + +sudo (1.9.9-1ubuntu2) jammy; urgency=medium + + * d/t/control: skip 03-getroot-ldap autopkgtest on non-containers + + -- Lukas Märdian Mon, 14 Feb 2022 12:48:05 +0100 + +sudo (1.9.9-1ubuntu1) jammy; urgency=medium + + * Merge from Debian unstable. Remaining changes: + - debian/control: + + Build-Conflicts on fakeroot (<< 1.25.3-1.1ubuntu1) + - debian/rules: + + compile with --without-lecture --with-tty-tickets --enable-admin-flag + - debian/sudo[-ldap].manpages: install man/man8/sudo_root.8 + - debian/sudo[-ldap].init: delete init scripts, as they are no longer + necessary. + - debian/etc/pam.d/sudo[-i]: + + Use pam_env to read /etc/environment and /etc/default/locale + environment files. Reading ~/.pam_environment is not permitted due + to security reasons. + - debian/etc/sudoers: + + also grant admin group sudo access + + include /snap/bin in the secure_path + - debian/tests/control: 03-getroot-ldap: + + allow removal of 'sudo' in autopkgtest (SUDO_FORCE_REMOVE=yes) + * Dropped changes: + - debian/rules: + + use dh-autoreconf (converted to using dh) + + -- Lukas Märdian Tue, 08 Feb 2022 12:01:45 +0100 + +sudo (1.9.9-1) unstable; urgency=medium + + * new upstream version + * audit plugin now handles unresolvable hostname better + Thanks to Sven Mueller (Closes: #1001969) + * better document environment handling. + Thanks to Arnout Engelen (Closes: #659101) + * README files now come as markdown + * schemas are now in docs subdirectory + * LICENSE is now LICENSE.md + + [ Marc Haber ] + * refresh patches + * mark paths-in-samples.diff expicitly as not forwarded + * have systemd-tmpfiles clean up /run/sudo on boot + * lintian overrides: + * improve 'em in various places + * give better explanations + * override long line warnings + * override typo warning for a literal film quote + * use correct lintian tag for override init script without unit + * init script / systemd units + * guarantee init script no-op on systemd systems + * mask sysv init script on systemd systems in postinst + instead of debian/rules + * actually remove masking of service in postrm + * maintainer scripts + * document when .dist file removal was added to that + it can be eventually removed + * document when alternative removal was added to that + it can be eventually removed + * add a test to check for presence of #1003969 + * Standards-Version: 4.6.0 (no changes) + * use uscan version 4 + * honor nocheck DEB_BUILD_OPTION + + [ Hilko Bengen ] + * More improvement for Lintian overrides + * Convert debian/copyright to machine-readable format, using + information from upstream-provided LICENSE.md file + + -- Marc Haber Mon, 31 Jan 2022 20:19:55 +0100 + +sudo (1.9.8p2-1) unstable; urgency=medium + + * add more autopkgtests (especially for LDAP) + * improve existing autopkgtests + * debian/patches: + * Remove typo-in-classic-insults.diff, reflectinc upstream's decision + to not fix the typo as a way of remembering Evi Nemeth. + * remove unneeded sudo-success_return. patch + * mark debian/patches/sudo-ldap-docs as Forwarded: not-needed + * add DEP3 headers + * mention #1001858 in sudo.prerm + * comment some lintian-overrides with unclear results + + -- Marc Haber Sat, 18 Dec 2021 14:55:08 +0100 + +sudo (1.9.8p2-1~exp1) experimental; urgency=medium + + [ Marc Haber ] + * new upstream version 1.9.8p2-1 + * this correctly handles double defined alases (Closes: #985412) + * improve sudoers.ldap.manpage. Thanks to Dennis Filder and + Eric Brun (Closes: #981190) + * refresh patches + * remove prompting for wrong sudo group id (Closes: #605576) + * give better docs for LDAP success behavior. + Thanks to Dennis Filder (Closes: 981190) + * remove unneeded mandoc from Build-Depends. + Thanks to Ingo Schwarze + * Restore inclusion of pam_limits.so PAM module. + Thanks to Salvatore Bonaccorso (Closes: 518464) + * Use @includedir in sudoers.d/README (Closes: #993815) + * Other improvements for sudoers.d/README. + Thanks to Josh Triplett (Closes: #994962) + * add some (simple) autopkgtests + * better short description for sudo-ldap + * use https in debian/watch + * some changes to patch headers for Lintian + * manually remove executable bit from shared libs + * explicitly write set -e in maintainer scripts + * debian/control: set Rules-Requires-Root: binary-targets + * add first/trivial autopkgtests + + [ Hilko Bengen ] + * Update lintian-overrides files + * Remove group sudo / gid=27 check from postinst scripts + + [ Otto Kekäläinen ] + * Add basic Salsa-CI for project quality assurance + + -- Marc Haber Sun, 12 Dec 2021 22:45:15 +0100 + +sudo (1.9.6-1~exp2) experimental; urgency=low + + [ Marc Haber ] + * add use_pty to default configuration, fixing CVE-2005-4890. + Thanks to Daniel Kahn Gillmor (Closes: #657784) + * Add group specific defaults for environment variables (commented out) + Thanks to Josh Triplett + * remove --disable-setresuid from sudo-ldap as well. + Thanks to Dennis Filder (Closes: #985307) + + [ Hilko Bengen ] + * Add PAM config for interactive login use (Closes: #690044) + * Actually configure sudo to use pam / sudo-i + + -- Marc Haber Fri, 02 Apr 2021 18:15:21 +0200 + +sudo (1.9.6-1~exp1) experimental; urgency=medium + + * new upstream version + * add upstream signature + * refresh patches + * remove NO_ROOT_MAILER patch (incorporated upstream) + + -- Marc Haber Fri, 12 Mar 2021 22:06:59 +0100 + +sudo (1.9.5p2-3+exp1) experimental; urgency=medium + + [ Marc Haber ] + * convert package to dh + * rename init scripts to be picked up by new debhelper + * rename and update lintian overrides + * let /run directory be created by systemd + * remove documentation files that are installed by upstream scripts + * clear dependency path in .la files + * add Pre-Depends: ${misc:Pre-Depends} + * override package-has-unnecessary-activation-of-ldconfig-trigger + + [ Bastian Blank ] + * Move stuff to /usr/libexec. + * Use dpkg provided make snippets + * Provide build-flags via environment + * Use easier to read multi-line variables + * Remove not require prefix override + * Move stuff to /usr/libexec + + [ Hilko Bengen ] + * Remove unneeded Built-Using + * Simplify dh_auto_* overrides + * Further simplification + * debian/rules: Remove another unneeded variable + * Don't ship *.la files + * Add Apport script + + -- Marc Haber Fri, 12 Mar 2021 20:48:13 +0100 + sudo (1.9.5p2-3ubuntu2) impish; urgency=medium * No-change rebuild due to OpenLDAP soname bump. diff -Nru sudo-1.9.5p2/debian/compat sudo-1.9.9/debian/compat --- sudo-1.9.5p2/debian/compat 2018-09-19 09:13:32.000000000 +0000 +++ sudo-1.9.9/debian/compat 1970-01-01 00:00:00.000000000 +0000 @@ -1 +0,0 @@ -10 diff -Nru sudo-1.9.5p2/debian/control sudo-1.9.9/debian/control --- sudo-1.9.5p2/debian/control 2021-05-20 15:43:31.000000000 +0000 +++ sudo-1.9.9/debian/control 2022-08-03 07:43:57.000000000 +0000 @@ -3,9 +3,14 @@ Priority: optional Maintainer: Ubuntu Developers XSBC-Original-Maintainer: Sudo Maintainers -Build-Depends: debhelper (>= 10), libpam0g-dev, libldap2-dev, libsasl2-dev, libselinux1-dev [linux-any], autoconf, bison, flex, libaudit-dev [linux-any], mandoc, zlib1g-dev +Uploaders: Marc Haber , + Hanno Wagner , + Hilko Bengen , + Bastian Blank +Build-Depends: debhelper-compat (= 13), libpam0g-dev, libldap2-dev, libsasl2-dev, libselinux1-dev [linux-any], autoconf, bison, flex, libaudit-dev [linux-any], zlib1g-dev Build-Conflicts: fakeroot (<< 1.25.3-1.1ubuntu1) -Standards-Version: 4.1.1 +Standards-Version: 4.6.0 +Rules-Requires-Root: binary-targets Vcs-Git: https://salsa.debian.org/sudo-team/sudo.git Vcs-Browser: https://salsa.debian.org/sudo-team/sudo Homepage: https://www.sudo.ws/ @@ -13,6 +18,7 @@ Package: sudo Architecture: any Depends: ${shlibs:Depends}, ${misc:Depends}, libpam-modules, lsb-base +Pre-Depends: ${misc:Pre-Depends} Conflicts: sudo-ldap Replaces: sudo-ldap Description: Provide limited super user privileges to specific users @@ -26,10 +32,11 @@ Package: sudo-ldap Architecture: any Depends: ${shlibs:Depends}, ${misc:Depends}, libpam-modules, lsb-base +Pre-Depends: ${misc:Pre-Depends} Conflicts: sudo Replaces: sudo Provides: sudo -Description: Provide limited super user privileges to specific users +Description: Provide limited super user privileges (with LDAP support) Sudo is a program designed to allow a sysadmin to give limited root privileges to users and log root activity. The basic philosophy is to give as few privileges as possible but still allow people to get their work done. diff -Nru sudo-1.9.5p2/debian/copyright sudo-1.9.9/debian/copyright --- sudo-1.9.5p2/debian/copyright 2018-09-19 09:13:32.000000000 +0000 +++ sudo-1.9.9/debian/copyright 2022-08-03 07:32:19.000000000 +0000 @@ -1,57 +1,178 @@ -This is the Debian GNU/Linux prepackaged version of sudo. sudo is -used to provide limited super user privileges to specific users. - -Bdale Garbee maintains this package using sources from - - http://www.sudo.ws/ - -Sudo is distributed under the following ISC-style license: - - Copyright (c) 1994-1996, 1998-2008 - Todd C. Miller - - Permission to use, copy, modify, and distribute this software for any - purpose with or without fee is hereby granted, provided that the above - copyright notice and this permission notice appear in all copies. - - THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES - WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF - MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR - ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES - WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN - ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF - OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. - - Sponsored in part by the Defense Advanced Research Projects - Agency (DARPA) and Air Force Research Laboratory, Air Force - Materiel Command, USAF, under agreement number F39502-99-1-0512. - -Additionally, fnmatch.c, fnmatch.h, getcwd.c, glob.c, glob.h and snprintf.c -bear the following UCB license: - - Copyright (c) 1987, 1989, 1990, 1991, 1992, 1993, 1994 - The Regents of the University of California. All rights reserved. - - Redistribution and use in source and binary forms, with or without - modification, are permitted provided that the following conditions - are met: - 1. Redistributions of source code must retain the above copyright - notice, this list of conditions and the following disclaimer. - 2. Redistributions in binary form must reproduce the above copyright - notice, this list of conditions and the following disclaimer in the - documentation and/or other materials provided with the distribution. - 3. Neither the name of the University nor the names of its contributors - may be used to endorse or promote products derived from this software - without specific prior written permission. - - THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND - ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE - FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - SUCH DAMAGE. +Format: https://www.debian.org/doc/packaging-manuals/copyright-format/1.0/ +Upstream-Name: sudo +Upstream-Contact: Todd C. Miller +Source: https://www.sudo.ws/ + +Files: * +Copyright: 1994-1996, 1998-2022 Todd C. Miller +License: ISC + +Files: plugins/python/* +Copyright: 2019-2020 Robert Manner +License: ISC + +Files: lib/iolog/hostcheck.c include/hostcheck.h +Copyright: 2020 Laszlo Orban +License: ISC + +Files: plugins/sudoers/redblack.c +Copyright: 2001 Emin Martinian +License: other + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that neither the name of Emin + Martinian nor the names of any contributors are be used to endorse or + promote products derived from this software without specific prior + written permission. + . + THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR + A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT + OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT + LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, + DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY + THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE + OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + +Files: plugins/sudoers/sssd.c +Copyright: 2011 Daniel Kopecek +License: ISC + +Files: plugins/sudoers/bsm_audit.[ch] +Copyright: 2009 Christian S.J. Peron +License: ISC + +Files: plugins/sudoers/solaris_audit.[ch] +Copyright: 2014, Oracle and/or its affiliates. +License: ISC + +Files: lib/util/reallocarray.c +Copyright: 2008 Otto Moerbeek +License: ISC + +Files: lib/util/getcwd.c lib/util/glob.c include/compat/glob.h lib/util/snprintf.c include/sudo_queue.h +Copyright: 1989, 1990, 1991, 1993 The Regents of the University of California +License: BSD-3-Clause + +Files: lib/util/fnmatch.c +Copyright: 2011, VMware, Inc. +License: BSD-3-Clause + +Files: lib/util/getopt_long.c +Copyright: 2000 The NetBSD Foundation, Inc. +License: BSD-2-Clause + +Files: lib/util/inet_pton.c +Copyright: 1996 Internet Software Consortium. +License: ISC + +Files: lib/util/arc4random.c +Copyright: 1996, David Mazieres + 2008, Damien Miller + 2013, Markus Friedl + 2014, Theo de Raadt +License: ISC + +Files: lib/util/arc4random_uniform.c +Copyright: 2008 Damien Miller +License: ISC + +Files: lib/util/getentropy.c +Copyright: 2014 Theo de Raadt + 2014 Bob Beck +License: ISC + +Files: include/protobuf-c/* lib/protobuf-c/* +Copyright: 2008-2018, Dave Benson and the protobuf-c authors +License: BSD-2-Clause + +Files: lib/zlib/* +Copyright: 1995-2017 Jean-loup Gailly and Mark Adler +License: Zlib + This software is provided 'as-is', without any express or implied + warranty. In no event will the authors be held liable for any damages + arising from the use of this software. + . + Permission is granted to anyone to use this software for any purpose, + including commercial applications, and to alter it and redistribute it + freely, subject to the following restrictions: + . + 1. The origin of this software must not be misrepresented; you must not + claim that you wrote the original software. If you use this software + in a product, an acknowledgment in the product documentation would be + appreciated but is not required. + 2. Altered source versions must be plainly marked as such, and must not be + misrepresented as being the original software. + 3. This notice may not be removed or altered from any source distribution. + . + Jean-loup Gailly Mark Adler + jloup@gzip.org madler@alumni.caltech.edu + +Files: debian/* +Copyright: Bdale Garbee + Marc Haber , + Hilko Bengen , + Bastian Blank , +License: ISC + +License: ISC + Permission to use, copy, modify, and/or distribute this software for + any purpose with or without fee is hereby granted, provided that the + above copyright notice and this permission notice appear in all copies. + . + THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR + ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN + ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF + OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + +License: BSD-3-Clause + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions + are met: + 1. Redistributions of source code must retain the above copyright + notice, this list of conditions and the following disclaimer. + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + 3. Neither the name of the University nor the names of its contributors + may be used to endorse or promote products derived from this software + without specific prior written permission. + . + THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR + A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE HOLDERS OR + CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, + EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, + PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR + PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF + LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING + NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS + SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + +License: BSD-2-Clause + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions + are met: + 1. Redistributions of source code must retain the above copyright + notice, this list of conditions and the following disclaimer. + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + . + THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR + A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE HOLDERS OR + CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, + EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, + PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR + PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF + LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING + NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS + SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. diff -Nru sudo-1.9.5p2/debian/etc/pam.d/sudo sudo-1.9.9/debian/etc/pam.d/sudo --- sudo-1.9.5p2/debian/etc/pam.d/sudo 1970-01-01 00:00:00.000000000 +0000 +++ sudo-1.9.9/debian/etc/pam.d/sudo 2022-08-03 07:43:57.000000000 +0000 @@ -0,0 +1,11 @@ +#%PAM-1.0 + +# Set up user limits from /etc/security/limits.conf. +session required pam_limits.so + +session required pam_env.so readenv=1 user_readenv=0 +session required pam_env.so readenv=1 envfile=/etc/default/locale user_readenv=0 + +@include common-auth +@include common-account +@include common-session-noninteractive diff -Nru sudo-1.9.5p2/debian/etc/pam.d/sudo-i sudo-1.9.9/debian/etc/pam.d/sudo-i --- sudo-1.9.5p2/debian/etc/pam.d/sudo-i 1970-01-01 00:00:00.000000000 +0000 +++ sudo-1.9.9/debian/etc/pam.d/sudo-i 2022-08-03 07:43:57.000000000 +0000 @@ -0,0 +1,11 @@ +#%PAM-1.0 + +# Set up user limits from /etc/security/limits.conf. +session required pam_limits.so + +session required pam_env.so readenv=1 user_readenv=0 +session required pam_env.so readenv=1 envfile=/etc/default/locale user_readenv=0 + +@include common-auth +@include common-account +@include common-session diff -Nru sudo-1.9.5p2/debian/etc/sudoers sudo-1.9.9/debian/etc/sudoers --- sudo-1.9.5p2/debian/etc/sudoers 1970-01-01 00:00:00.000000000 +0000 +++ sudo-1.9.9/debian/etc/sudoers 2022-08-03 07:43:57.000000000 +0000 @@ -0,0 +1,54 @@ +# +# This file MUST be edited with the 'visudo' command as root. +# +# Please consider adding local content in /etc/sudoers.d/ instead of +# directly modifying this file. +# +# See the man page for details on how to write a sudoers file. +# +Defaults env_reset +Defaults mail_badpass +Defaults secure_path="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/snap/bin" +Defaults use_pty + +# This preserves proxy settings from user environments of root +# equivalent users (group sudo) +#Defaults:%sudo env_keep += "http_proxy https_proxy ftp_proxy all_proxy no_proxy" + +# This allows running arbitrary commands, but so does ALL, and it means +# different sudoers have their choice of editor respected. +#Defaults:%sudo env_keep += "EDITOR" + +# Completely harmless preservation of a user preference. +#Defaults:%sudo env_keep += "GREP_COLOR" + +# While you shouldn't normally run git as root, you need to with etckeeper +#Defaults:%sudo env_keep += "GIT_AUTHOR_* GIT_COMMITTER_*" + +# Per-user preferences; root won't have sensible values for them. +#Defaults:%sudo env_keep += "EMAIL DEBEMAIL DEBFULLNAME" + +# "sudo scp" or "sudo rsync" should be able to use your SSH agent. +#Defaults:%sudo env_keep += "SSH_AGENT_PID SSH_AUTH_SOCK" + +# Ditto for GPG agent +#Defaults:%sudo env_keep += "GPG_AGENT_INFO" + +# Host alias specification + +# User alias specification + +# Cmnd alias specification + +# User privilege specification +root ALL=(ALL:ALL) ALL + +# Members of the admin group may gain root privileges +%admin ALL=(ALL) ALL + +# Allow members of group sudo to execute any command +%sudo ALL=(ALL:ALL) ALL + +# See sudoers(5) for more information on "@include" directives: + +@includedir /etc/sudoers.d diff -Nru sudo-1.9.5p2/debian/etc/sudoers.d/README sudo-1.9.9/debian/etc/sudoers.d/README --- sudo-1.9.5p2/debian/etc/sudoers.d/README 1970-01-01 00:00:00.000000000 +0000 +++ sudo-1.9.9/debian/etc/sudoers.d/README 2022-08-03 07:22:17.000000000 +0000 @@ -0,0 +1,24 @@ +# +# The default /etc/sudoers file created on installation of the +# sudo package now includes the directive: +# +# @includedir /etc/sudoers.d +# +# This will cause sudo to read and parse any files in the /etc/sudoers.d +# directory that do not end in '~' or contain a '.' character. +# +# Note that there must be at least one file in the sudoers.d directory (this +# one will do). +# +# Note also, that because sudoers contents can vary widely, no attempt is +# made to add this directive to existing sudoers files on upgrade. Feel free +# to add the above directive to the end of your /etc/sudoers file to enable +# this functionality for existing installations if you wish! Sudo +# versions older than the one in Debian 11 (bullseye) require the +# directive will only support the old syntax #includedir, and the current +# sudo will happily accept both @includedir and #includedir +# +# Finally, please note that using the visudo command is the recommended way +# to update sudoers content, since it protects against many failure modes. +# See the man page for visudo and sudoers for more information. +# diff -Nru sudo-1.9.5p2/debian/patches/Add-XDG_CURRENT_DESKTOP-to-initial_keepenv_table.patch sudo-1.9.9/debian/patches/Add-XDG_CURRENT_DESKTOP-to-initial_keepenv_table.patch --- sudo-1.9.5p2/debian/patches/Add-XDG_CURRENT_DESKTOP-to-initial_keepenv_table.patch 1970-01-01 00:00:00.000000000 +0000 +++ sudo-1.9.9/debian/patches/Add-XDG_CURRENT_DESKTOP-to-initial_keepenv_table.patch 2022-08-04 10:34:51.000000000 +0000 @@ -0,0 +1,29 @@ +From: Benjamin Drung +Date: Fri, 29 Jul 2022 11:35:47 +0200 +Subject: Add XDG_CURRENT_DESKTOP to initial_keepenv_table + +Qt needs `XDG_CURRENT_DESKTOP` to be set to determine the correct theme. + +Since `DISPLAY` and `XAUTHORITY` are already in the default table of +variables to preserve in the environment, just add `XDG_CURRENT_DESKTOP` +to it. + +Bug: https://launchpad.net/bugs/1958055 +Forwarded: https://github.com/sudo-project/sudo/pull/165 +Signed-off-by: Benjamin Drung +--- + plugins/sudoers/env.c | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/plugins/sudoers/env.c b/plugins/sudoers/env.c +index f20515f..b1f47d1 100644 +--- a/plugins/sudoers/env.c ++++ b/plugins/sudoers/env.c +@@ -225,6 +225,7 @@ static const char *initial_keepenv_table[] = { + "PS2", + "XAUTHORITY", + "XAUTHORIZATION", ++ "XDG_CURRENT_DESKTOP", + NULL + }; + diff -Nru sudo-1.9.5p2/debian/patches/CVE-2022-33070.patch sudo-1.9.9/debian/patches/CVE-2022-33070.patch --- sudo-1.9.5p2/debian/patches/CVE-2022-33070.patch 1970-01-01 00:00:00.000000000 +0000 +++ sudo-1.9.9/debian/patches/CVE-2022-33070.patch 2023-01-16 12:36:21.000000000 +0000 @@ -0,0 +1,90 @@ + +# HG changeset patch +# User Todd C. Miller +# Date 1654568137 21600 +# Node ID e25aa8e9891aeea0c4c92bb53692fd2902fbade1 +# Parent f3637be4df4fcf7082556306baba6dedbdbc3610 +Only shift unsigned values to avoid implementation-specific behavior. +This converts the arithmetic shifts to logical shifts. + +--- a/lib/protobuf-c/protobuf-c.c ++++ b/lib/protobuf-c/protobuf-c.c +@@ -314,9 +314,8 @@ int32_size(int32_t v) + static inline uint32_t + zigzag32(int32_t v) + { +- // Note: the right-shift must be arithmetic +- // Note: left shift must be unsigned because of overflow +- return ((uint32_t)(v) << 1) ^ (uint32_t)(v >> 31); ++ // Note: Using unsigned types prevents undefined behavior ++ return ((uint32_t)v << 1) ^ -((uint32_t)v >> 31); + } + + /** +@@ -378,9 +377,8 @@ uint64_size(uint64_t v) + static inline uint64_t + zigzag64(int64_t v) + { +- // Note: the right-shift must be arithmetic +- // Note: left shift must be unsigned because of overflow +- return ((uint64_t)(v) << 1) ^ (uint64_t)(v >> 63); ++ // Note: Using unsigned types prevents undefined behavior ++ return ((uint64_t)v << 1) ^ -((uint64_t)v >> 63); + } + + /** +@@ -800,7 +798,8 @@ uint32_pack(uint32_t value, uint8_t *out + } + + /** +- * Pack a signed 32-bit integer and return the number of bytes written. ++ * Pack a signed 32-bit integer and return the number of bytes written, ++ * passed as unsigned to avoid implementation-specific behavior. + * Negative numbers are encoded as two's complement 64-bit integers. + * + * \param value +@@ -811,14 +810,14 @@ uint32_pack(uint32_t value, uint8_t *out + * Number of bytes written to `out`. + */ + static inline size_t +-int32_pack(int32_t value, uint8_t *out) ++int32_pack(uint32_t value, uint8_t *out) + { +- if (value < 0) { ++ if ((int32_t)value < 0) { + out[0] = value | 0x80; + out[1] = (value >> 7) | 0x80; + out[2] = (value >> 14) | 0x80; + out[3] = (value >> 21) | 0x80; +- out[4] = (value >> 28) | 0x80; ++ out[4] = (value >> 28) | 0xf0; + out[5] = out[6] = out[7] = out[8] = 0xff; + out[9] = 0x01; + return 10; +@@ -2424,7 +2423,7 @@ static inline int32_t + unzigzag32(uint32_t v) + { + // Note: Using unsigned types prevents undefined behavior +- return (int32_t)((v >> 1) ^ (~(v & 1) + 1)); ++ return (int32_t)((v >> 1) ^ -(v & 1)); + } + + static inline uint32_t +@@ -2466,7 +2465,7 @@ static inline int64_t + unzigzag64(uint64_t v) + { + // Note: Using unsigned types prevents undefined behavior +- return (int64_t)((v >> 1) ^ (~(v & 1) + 1)); ++ return (int64_t)((v >> 1) ^ -(v & 1)); + } + + static inline uint64_t +@@ -3533,7 +3532,7 @@ protobuf_c_service_generated_init(Protob + service->descriptor = descriptor; + service->destroy = destroy; + service->invoke = protobuf_c_service_invoke_internal; +- memset(service + 1, 0, descriptor->n_methods * sizeof(GenericHandler)); ++ memset(&service[1], 0, descriptor->n_methods * sizeof(GenericHandler)); + } + + void protobuf_c_service_destroy(ProtobufCService *service) diff -Nru sudo-1.9.5p2/debian/patches/CVE-2023-22809.patch sudo-1.9.9/debian/patches/CVE-2023-22809.patch --- sudo-1.9.5p2/debian/patches/CVE-2023-22809.patch 1970-01-01 00:00:00.000000000 +0000 +++ sudo-1.9.9/debian/patches/CVE-2023-22809.patch 2023-01-16 12:36:30.000000000 +0000 @@ -0,0 +1,126 @@ +Backport of: + +# HG changeset patch +# Parent 7275148cad1f8cd3c350026460acc4d6ad349c3a +sudoedit: do not permit editor arguments to include "--" +We use "--" to separate the editor and arguments from the files to edit. +If the editor arguments include "--", sudo can be tricked into allowing +the user to edit a file not permitted by the security policy. +Thanks to Matthieu Barjole and Victor Cutillas of Synacktiv +(https://synacktiv.com) for finding this bug. + +--- a/plugins/sudoers/editor.c ++++ b/plugins/sudoers/editor.c +@@ -133,7 +133,7 @@ resolve_editor(const char *ed, size_t ed + const char *tmp, *cp, *ep = NULL; + const char *edend = ed + edlen; + struct stat user_editor_sb; +- int nargc; ++ int nargc = 0; + debug_decl(resolve_editor, SUDOERS_DEBUG_UTIL); + + /* +@@ -151,10 +151,7 @@ resolve_editor(const char *ed, size_t ed + /* If we can't find the editor in the user's PATH, give up. */ + if (find_path(editor, &editor_path, &user_editor_sb, getenv("PATH"), NULL, + 0, allowlist) != FOUND) { +- sudoers_gc_remove(GC_PTR, editor); +- free(editor); +- errno = ENOENT; +- debug_return_str(NULL); ++ goto bad; + } + + /* Count rest of arguments and allocate editor argv. */ +@@ -175,6 +172,17 @@ resolve_editor(const char *ed, size_t ed + nargv[nargc] = copy_arg(cp, ep - cp); + if (nargv[nargc] == NULL) + goto oom; ++ ++ /* ++ * We use "--" to separate the editor and arguments from the files ++ * to edit. The editor arguments themselves may not contain "--". ++ */ ++ if (strcmp(nargv[nargc], "--") == 0) { ++ sudo_warnx(U_("ignoring editor: %.*s"), (int)edlen, ed); ++ sudo_warnx("%s", U_("editor arguments may not contain \"--\"")); ++ errno = EINVAL; ++ goto bad; ++ } + } + if (nfiles != 0) { + nargv[nargc++] = "--"; +@@ -188,6 +196,7 @@ resolve_editor(const char *ed, size_t ed + debug_return_str(editor_path); + oom: + sudo_warnx(U_("%s: %s"), __func__, U_("unable to allocate memory")); ++bad: + sudoers_gc_remove(GC_PTR, editor); + free(editor); + free(editor_path); +--- a/plugins/sudoers/sudoers.c ++++ b/plugins/sudoers/sudoers.c +@@ -772,21 +772,32 @@ sudoers_policy_main(int argc, char * con + + /* Note: must call audit before uid change. */ + if (ISSET(sudo_mode, MODE_EDIT)) { ++ const char *env_editor = NULL; + char **edit_argv; + int edit_argc; +- const char *env_editor; + + free(safe_cmnd); + safe_cmnd = find_editor(NewArgc - 1, NewArgv + 1, &edit_argc, + &edit_argv, NULL, &env_editor); + if (safe_cmnd == NULL) { +- if (errno != ENOENT) ++ switch (errno) { ++ case ENOENT: ++ audit_failure(NewArgv, N_("%s: command not found"), ++ env_editor ? env_editor : def_editor); ++ sudo_warnx(U_("%s: command not found"), ++ env_editor ? env_editor : def_editor); ++ goto bad; ++ case EINVAL: ++ if (def_env_editor && env_editor != NULL) { ++ /* User tried to do something funny with the editor. */ ++ log_warningx(SLOG_NO_STDERR|SLOG_AUDIT|SLOG_SEND_MAIL, ++ "invalid user-specified editor: %s", env_editor); ++ goto bad; ++ } ++ FALLTHROUGH; ++ default: + goto done; +- audit_failure(NewArgv, N_("%s: command not found"), +- env_editor ? env_editor : def_editor); +- sudo_warnx(U_("%s: command not found"), +- env_editor ? env_editor : def_editor); +- goto bad; ++ } + } + /* find_editor() already g/c'd edit_argv[] */ + sudoers_gc_remove(GC_PTR, NewArgv); +--- a/plugins/sudoers/visudo.c ++++ b/plugins/sudoers/visudo.c +@@ -324,7 +324,7 @@ static char * + get_editor(int *editor_argc, char ***editor_argv) + { + char *editor_path = NULL, **allowlist = NULL; +- const char *env_editor; ++ const char *env_editor = NULL; + static char *files[] = { "+1", "sudoers" }; + unsigned int allowlist_len = 0; + debug_decl(get_editor, SUDOERS_DEBUG_UTIL); +@@ -358,7 +358,11 @@ get_editor(int *editor_argc, char ***edi + if (editor_path == NULL) { + if (def_env_editor && env_editor != NULL) { + /* We are honoring $EDITOR so this is a fatal error. */ +- sudo_fatalx(U_("specified editor (%s) doesn't exist"), env_editor); ++ if (errno == ENOENT) { ++ sudo_warnx(U_("specified editor (%s) doesn't exist"), ++ env_editor); ++ } ++ exit(EXIT_FAILURE); + } + sudo_fatalx(U_("no editor found (editor path = %s)"), def_editor); + } diff -Nru sudo-1.9.5p2/debian/patches/CVE-2023-27320.patch sudo-1.9.9/debian/patches/CVE-2023-27320.patch --- sudo-1.9.5p2/debian/patches/CVE-2023-27320.patch 1970-01-01 00:00:00.000000000 +0000 +++ sudo-1.9.9/debian/patches/CVE-2023-27320.patch 2023-03-01 13:59:33.000000000 +0000 @@ -0,0 +1,195 @@ +Backport of: + +From 87ce69246869d9b9d69be278e29e0fc6a3cabdb9 Mon Sep 17 00:00:00 2001 +From: "Todd C. Miller" +Date: Tue, 21 Feb 2023 20:01:13 -0700 +Subject: [PATCH] Fix potential double free for rules that include a CHROOT= + option. If a rule with a CHROOT= option matches the user, host and runas, the + user_cmnd variable could be freed twice. + +--- + MANIFEST | 2 ++ + plugins/sudoers/match_command.c | 6 +++++- + plugins/sudoers/regress/fuzz/fuzz_sudoers.c | 17 ++++++++++++---- + .../sudoers/regress/testsudoers/test20.out.ok | 15 ++++++++++++++ + plugins/sudoers/regress/testsudoers/test20.sh | 18 +++++++++++++++++ + plugins/sudoers/testsudoers.c | 20 ++++++++++++++----- + plugins/sudoers/visudo.c | 4 +++- + 7 files changed, 71 insertions(+), 11 deletions(-) + create mode 100644 plugins/sudoers/regress/testsudoers/test20.out.ok + create mode 100644 plugins/sudoers/regress/testsudoers/test20.sh + +--- a/MANIFEST ++++ b/MANIFEST +@@ -972,6 +972,8 @@ plugins/sudoers/regress/testsudoers/test + plugins/sudoers/regress/testsudoers/test2.inc + plugins/sudoers/regress/testsudoers/test2.out.ok + plugins/sudoers/regress/testsudoers/test2.sh ++plugins/sudoers/regress/testsudoers/test20.out.ok ++plugins/sudoers/regress/testsudoers/test20.sh + plugins/sudoers/regress/testsudoers/test3.out.ok + plugins/sudoers/regress/testsudoers/test3.sh + plugins/sudoers/regress/testsudoers/test4.out.ok +--- a/plugins/sudoers/match_command.c ++++ b/plugins/sudoers/match_command.c +@@ -708,12 +708,16 @@ command_matches(const char *sudoers_cmnd + /* Rule-specific runchroot, reset user_cmnd and user_stat. */ + int status; + ++ /* Save old user_cmnd first, set_cmnd_path() will free it. */ + saved_user_cmnd = user_cmnd; ++ user_cmnd = NULL; + if (user_stat != NULL) + saved_user_stat = *user_stat; + status = set_cmnd_path(runchroot); +- if (status != FOUND) ++ if (status != FOUND) { ++ user_cmnd = saved_user_cmnd; + saved_user_cmnd = NULL; ++ } + if (info != NULL) + info->status = status; + } +--- a/plugins/sudoers/regress/fuzz/fuzz_sudoers.c ++++ b/plugins/sudoers/regress/fuzz/fuzz_sudoers.c +@@ -44,6 +44,9 @@ + static int fuzz_conversation(int num_msgs, const struct sudo_conv_message msgs[], struct sudo_conv_reply replies[], struct sudo_conv_callback *callback); + static int fuzz_printf(int msg_type, const char *fmt, ...); + ++/* For set_cmnd_path() */ ++static const char *orig_cmnd; ++ + /* Required to link with parser. */ + struct sudo_user sudo_user; + struct passwd *list_pw; +@@ -104,8 +107,13 @@ init_envtables(void) + int + set_cmnd_path(const char *runchroot) + { +- /* Cannot return FOUND without also setting user_cmnd to a new value. */ +- return NOT_FOUND; ++ /* Reallocate user_cmnd to catch bugs in command_matches(). */ ++ char *new_cmnd = strdup(orig_cmnd); ++ if (new_cmnd == NULL) ++ return NOT_FOUND_ERROR; ++ free(user_cmnd); ++ user_cmnd = new_cmnd; ++ return FOUND; + } + + /* STUB */ +@@ -255,11 +263,12 @@ LLVMFuzzerTestOneInput(const uint8_t *da + + /* The minimum needed to perform matching (user_cmnd must be dynamic). */ + user_host = user_shost = user_runhost = user_srunhost = "localhost"; +- user_cmnd = strdup("/usr/bin/id"); ++ orig_cmnd = (char *)"/usr/bin/id"; ++ user_cmnd = strdup(orig_cmnd); + if (user_cmnd == NULL) + goto done; + user_args = "-u"; +- user_base = "id"; ++ user_base = sudo_basename(user_cmnd); + + /* Add a fake network interfaces. */ + interfaces = get_interfaces(); +--- /dev/null ++++ b/plugins/sudoers/regress/testsudoers/test20.out.ok +@@ -0,0 +1,15 @@ ++Parses OK ++ ++Entries for user root: ++ ++ALL = CHROOT=/ /bin/ls ++ host matched ++ runas matched ++ cmnd allowed ++ ++ALL = CWD=/ /bin/pwd ++ host matched ++ runas matched ++ cmnd allowed ++ ++Command allowed +--- /dev/null ++++ b/plugins/sudoers/regress/testsudoers/test20.sh +@@ -0,0 +1,18 @@ ++#!/bin/sh ++# ++# Verify CHROOT and CWD support ++# This will catch an unpatched double-free in set_cmnd_path() under ASAN. ++# ++ ++: ${TESTSUDOERS=testsudoers} ++ ++exec 2>&1 ++ ++# Exercise double free of user_cmnd in set_cmnd_path() under ASAN. ++# We need more than one rule where the last rule matches and has CHROOT. ++$TESTSUDOERS root /bin/ls <<'EOF' ++root ALL = CWD=/ /bin/pwd ++root ALL = CHROOT=/ /bin/ls ++EOF ++ ++exit 0 +--- a/plugins/sudoers/testsudoers.c ++++ b/plugins/sudoers/testsudoers.c +@@ -82,6 +82,7 @@ extern int (*trace_print)(const char *ms + */ + struct sudo_user sudo_user; + struct passwd *list_pw; ++static const char *orig_cmnd; + static char *runas_group, *runas_user; + + #if defined(SUDO_DEVEL) && defined(__OpenBSD__) +@@ -203,14 +204,18 @@ main(int argc, char *argv[]) + if (!dflag) + usage(); + user_name = argc ? *argv++ : "root"; +- user_cmnd = user_base = "true"; ++ orig_cmnd = "true"; + argc = 0; + } else { + user_name = *argv++; +- user_cmnd = *argv++; +- user_base = sudo_basename(user_cmnd); ++ orig_cmnd = *argv++; + argc -= 2; + } ++ user_cmnd = strdup(orig_cmnd); ++ if (user_cmnd == NULL) ++ sudo_fatalx(U_("%s: %s"), __func__, U_("unable to allocate memory")); ++ user_base = sudo_basename(user_cmnd); ++ + if ((sudo_user.pw = sudo_getpwnam(user_name)) == NULL) + sudo_fatalx(U_("unknown user %s"), user_name); + +@@ -501,8 +506,13 @@ init_eventlog_config(void) + int + set_cmnd_path(const char *runchroot) + { +- /* Cannot return FOUND without also setting user_cmnd to a new value. */ +- return NOT_FOUND; ++ /* Reallocate user_cmnd to catch bugs in command_matches(). */ ++ char *new_cmnd = strdup(orig_cmnd); ++ if (new_cmnd == NULL) ++ return NOT_FOUND_ERROR; ++ free(user_cmnd); ++ user_cmnd = new_cmnd; ++ return FOUND; + } + + static bool +--- a/plugins/sudoers/visudo.c ++++ b/plugins/sudoers/visudo.c +@@ -244,7 +244,9 @@ main(int argc, char *argv[]) + } + + /* Mock up a fake sudo_user struct. */ +- user_cmnd = user_base = ""; ++ user_cmnd = user_base = strdup("true"); ++ if (user_cmnd == NULL) ++ sudo_fatalx(U_("%s: %s"), __func__, U_("unable to allocate memory")); + if (geteuid() == 0) { + const char *user = getenv("SUDO_USER"); + if (user != NULL && *user != '\0') diff -Nru sudo-1.9.5p2/debian/patches/CVE-2023-2848x-1.patch sudo-1.9.9/debian/patches/CVE-2023-2848x-1.patch --- sudo-1.9.5p2/debian/patches/CVE-2023-2848x-1.patch 1970-01-01 00:00:00.000000000 +0000 +++ sudo-1.9.9/debian/patches/CVE-2023-2848x-1.patch 2023-04-03 18:00:29.000000000 +0000 @@ -0,0 +1,951 @@ +Backport of: + +From 334daf92b31b79ce68ed75e2ee14fca265f029ca Mon Sep 17 00:00:00 2001 +From: "Todd C. Miller" +Date: Wed, 18 Jan 2023 08:21:34 -0700 +Subject: [PATCH] Escape control characters in log messages and "sudoreplay -l" + output. The log message contains user-controlled strings that could include + things like terminal control characters. Space characters in the command + path are now also escaped. + +Command line arguments that contain spaces are surrounded with +single quotes and any literal single quote or backslash characters +are escaped with a backslash. This makes it possible to distinguish +multiple command line arguments from a single argument that contains +spaces. + +Issue found by Matthieu Barjole and Victor Cutillas of Synacktiv +(https://synacktiv.com). +--- + docs/sudoers.man.in | 44 ++++++-- + docs/sudoers.mdoc.in | 38 +++++-- + docs/sudoreplay.man.in | 9 ++ + docs/sudoreplay.mdoc.in | 10 ++ + include/sudo_lbuf.h | 7 ++ + lib/eventlog/eventlog.c | 210 ++++++++++------------------------- + lib/iolog/iolog_json.c | 39 ------- + lib/util/lbuf.c | 106 ++++++++++++++++++ + lib/util/util.exp.in | 1 + + plugins/sudoers/sudoreplay.c | 144 ++++++++++++++++++++---- + 10 files changed, 383 insertions(+), 225 deletions(-) + +--- a/docs/sudoers.man.in ++++ b/docs/sudoers.man.in +@@ -5338,14 +5338,31 @@ can log events via + syslog(3), + to a local log file, or both. + The log format is almost identical in both cases. ++Any control characters present in the log data are formatted in octal ++with a leading ++\(oq#\(cq ++character. ++For example, a horizontal tab is stored as ++\(oq#011\(cq ++and an embedded carriage return is stored as ++\(oq#015\(cq. ++In addition, space characters in the command path are stored as ++\(oq#040\(cq. ++Command line arguments that contain spaces are enclosed in single quotes ++(''). ++This makes it possible to distinguish multiple command line arguments ++from a single argument that contains spaces. ++Literal single quotes and backslash characters ++(\(oq\e\(cq) ++in command line arguments are escaped with a backslash. + .SS "Accepted command log entries" + Commands that sudo runs are logged using the following format (split + into multiple lines for readability): + .nf + .sp + .RS 4n +-date hostname progname: username : TTY=ttyname ; PWD=cwd ; \e +- USER=runasuser ; GROUP=runasgroup ; TSID=logid ; \e ++date hostname progname: username : TTY=ttyname ; CHROOT=chroot ; \e ++ PWD=cwd ; USER=runasuser ; GROUP=runasgroup ; TSID=logid ; \e + ENV=env_vars COMMAND=command + .RE + .fi +@@ -5394,6 +5411,9 @@ was run on, or + \(lqunknown\(rq + if there was no terminal present. + .TP 14n ++chroot ++The root directory that the command was run in, if one was specified. ++.TP 14n + cwd + The current working directory that + \fBsudo\fR +@@ -5418,7 +5438,7 @@ A list of environment variables specifie + if specified. + .TP 14n + command +-The actual command that was executed. ++The actual command that was executed, including any command line arguments. + .PP + Messages are logged using the locale specified by + \fIsudoers_locale\fR, +@@ -5654,17 +5674,21 @@ with a few important differences: + 1.\& + The + \fIprogname\fR +-and +-\fIhostname\fR +-fields are not present. ++field is not present. + .TP 5n + 2.\& +-If the +-\fIlog_year\fR +-option is enabled, +-the date will also include the year. ++The ++\fIhostname\fR ++is only logged if the ++\fIlog_host\fR ++option is enabled. + .TP 5n + 3.\& ++The date does not include the year unless the ++\fIlog_year\fR ++option is enabled. ++.TP 5n ++4.\& + Lines that are longer than + \fIloglinelen\fR + characters (80 by default) are word-wrapped and continued on the +--- a/docs/sudoers.mdoc.in ++++ b/docs/sudoers.mdoc.in +@@ -4980,12 +4980,29 @@ can log events via + .Xr syslog 3 , + to a local log file, or both. + The log format is almost identical in both cases. ++Any control characters present in the log data are formatted in octal ++with a leading ++.Ql # ++character. ++For example, a horizontal tab is stored as ++.Ql #011 ++and an embedded carriage return is stored as ++.Ql #015 . ++In addition, space characters in the command path are stored as ++.Ql #040 . ++Command line arguments that contain spaces are enclosed in single quotes ++.Pq '' . ++This makes it possible to distinguish multiple command line arguments ++from a single argument that contains spaces. ++Literal single quotes and backslash characters ++.Pq Ql \e ++in command line arguments are escaped with a backslash. + .Ss Accepted command log entries + Commands that sudo runs are logged using the following format (split + into multiple lines for readability): + .Bd -literal -offset 4n +-date hostname progname: username : TTY=ttyname ; PWD=cwd ; \e +- USER=runasuser ; GROUP=runasgroup ; TSID=logid ; \e ++date hostname progname: username : TTY=ttyname ; CHROOT=chroot ; \e ++ PWD=cwd ; USER=runasuser ; GROUP=runasgroup ; TSID=logid ; \e + ENV=env_vars COMMAND=command + .Ed + .Pp +@@ -5028,6 +5045,8 @@ or + was run on, or + .Dq unknown + if there was no terminal present. ++.It chroot ++The root directory that the command was run in, if one was specified. + .It cwd + The current working directory that + .Nm sudo +@@ -5047,7 +5066,7 @@ option is enabled. + A list of environment variables specified on the command line, + if specified. + .It command +-The actual command that was executed. ++The actual command that was executed, including any command line arguments. + .El + .Pp + Messages are logged using the locale specified by +@@ -5269,14 +5288,17 @@ with a few important differences: + .It + The + .Em progname +-and ++field is not present. ++.It ++The + .Em hostname +-fields are not present. ++is only logged if the ++.Em log_host ++option is enabled. + .It +-If the ++The date does not include the year unless the + .Em log_year +-option is enabled, +-the date will also include the year. ++option is enabled. + .It + Lines that are longer than + .Em loglinelen +--- a/docs/sudoreplay.man.in ++++ b/docs/sudoreplay.man.in +@@ -168,6 +168,15 @@ In this mode, + will list available sessions in a format similar to the + \fBsudo\fR + log file format, sorted by file name (or sequence number). ++Any control characters present in the log data are formated in octal ++with a leading ++\(oq#\(cq ++character. ++For example, a horizontal tab is displayed as ++\(oq#011\(cq ++and an embedded carriage return is displayed as ++\(oq#015\(cq. ++.sp + If a + \fIsearch expression\fR + is specified, it will be used to restrict the IDs that are displayed. +--- a/docs/sudoreplay.mdoc.in ++++ b/docs/sudoreplay.mdoc.in +@@ -160,6 +160,16 @@ In this mode, + will list available sessions in a format similar to the + .Nm sudo + log file format, sorted by file name (or sequence number). ++Any control characters present in the log data are formatted in octal ++with a leading ++.Ql # ++character. ++For example, a horizontal tab is displayed as ++.Ql #011 ++and an embedded carriage return is displayed as ++.Ql #015 . ++Space characters in the command name and arguments are also formatted in octal. ++.Pp + If a + .Ar search expression + is specified, it will be used to restrict the IDs that are displayed. +--- a/include/sudo_lbuf.h ++++ b/include/sudo_lbuf.h +@@ -36,9 +36,15 @@ struct sudo_lbuf { + + typedef int (*sudo_lbuf_output_t)(const char *); + ++/* Flags for sudo_lbuf_append_esc() */ ++#define LBUF_ESC_CNTRL 0x01 ++#define LBUF_ESC_BLANK 0x02 ++#define LBUF_ESC_QUOTE 0x04 ++ + sudo_dso_public void sudo_lbuf_init_v1(struct sudo_lbuf *lbuf, sudo_lbuf_output_t output, int indent, const char *continuation, int cols); + sudo_dso_public void sudo_lbuf_destroy_v1(struct sudo_lbuf *lbuf); + sudo_dso_public bool sudo_lbuf_append_v1(struct sudo_lbuf *lbuf, const char *fmt, ...) __printflike(2, 3); ++sudo_dso_public bool sudo_lbuf_append_esc_v1(struct sudo_lbuf *lbuf, int flags, const char *fmt, ...) __printflike(3, 4); + sudo_dso_public bool sudo_lbuf_append_quoted_v1(struct sudo_lbuf *lbuf, const char *set, const char *fmt, ...) __printflike(3, 4); + sudo_dso_public void sudo_lbuf_print_v1(struct sudo_lbuf *lbuf); + sudo_dso_public bool sudo_lbuf_error_v1(struct sudo_lbuf *lbuf); +@@ -47,6 +53,7 @@ sudo_dso_public void sudo_lbuf_clearerr_ + #define sudo_lbuf_init(_a, _b, _c, _d, _e) sudo_lbuf_init_v1((_a), (_b), (_c), (_d), (_e)) + #define sudo_lbuf_destroy(_a) sudo_lbuf_destroy_v1((_a)) + #define sudo_lbuf_append sudo_lbuf_append_v1 ++#define sudo_lbuf_append_esc sudo_lbuf_append_esc_v1 + #define sudo_lbuf_append_quoted sudo_lbuf_append_quoted_v1 + #define sudo_lbuf_print(_a) sudo_lbuf_print_v1((_a)) + #define sudo_lbuf_error(_a) sudo_lbuf_error_v1((_a)) +--- a/lib/eventlog/eventlog.c ++++ b/lib/eventlog/eventlog.c +@@ -1,7 +1,7 @@ + /* + * SPDX-License-Identifier: ISC + * +- * Copyright (c) 1994-1996, 1998-2021 Todd C. Miller ++ * Copyright (c) 1994-1996, 1998-2023 Todd C. Miller + * + * Permission to use, copy, modify, and distribute this software for any + * purpose with or without fee is hereby granted, provided that the above +@@ -51,24 +51,13 @@ + #include "sudo_compat.h" + #include "sudo_debug.h" + #include "sudo_eventlog.h" ++#include "sudo_lbuf.h" + #include "sudo_fatal.h" + #include "sudo_gettext.h" + #include "sudo_json.h" + #include "sudo_queue.h" + #include "sudo_util.h" + +-#define LL_HOST_STR "HOST=" +-#define LL_TTY_STR "TTY=" +-#define LL_CHROOT_STR "CHROOT=" +-#define LL_CWD_STR "PWD=" +-#define LL_USER_STR "USER=" +-#define LL_GROUP_STR "GROUP=" +-#define LL_ENV_STR "ENV=" +-#define LL_CMND_STR "COMMAND=" +-#define LL_TSID_STR "TSID=" +-#define LL_EXIT_STR "EXIT=" +-#define LL_SIGNAL_STR "SIGNAL=" +- + #define IS_SESSID(s) ( \ + isalnum((unsigned char)(s)[0]) && isalnum((unsigned char)(s)[1]) && \ + (s)[2] == '/' && \ +@@ -93,26 +82,28 @@ new_logline(int event_type, int flags, s + const struct eventlog *evlog) + { + const struct eventlog_config *evl_conf = eventlog_getconf(); +- char *line = NULL, *evstr = NULL; + const char *iolog_file; + const char *tty, *tsid = NULL; + char exit_str[(((sizeof(int) * 8) + 2) / 3) + 2]; + char sessid[7], offsetstr[64] = ""; +- size_t len = 0; ++ struct sudo_lbuf lbuf; + int i; + debug_decl(new_logline, SUDO_DEBUG_UTIL); + ++ sudo_lbuf_init(&lbuf, NULL, 0, NULL, 0); ++ + if (ISSET(flags, EVLOG_RAW) || evlog == NULL) { + if (args->reason != NULL) { + if (args->errstr != NULL) { +- if (asprintf(&line, "%s: %s", args->reason, args->errstr) == -1) +- goto oom; ++ sudo_lbuf_append_esc(&lbuf, LBUF_ESC_CNTRL, "%s: %s", ++ args->reason, args->errstr); + } else { +- if ((line = strdup(args->reason)) == NULL) +- goto oom; ++ sudo_lbuf_append_esc(&lbuf, LBUF_ESC_CNTRL, "%s", args->reason); + } ++ if (sudo_lbuf_error(&lbuf)) ++ goto oom; + } +- debug_return_str(line); ++ debug_return_str(lbuf.buf); + } + + /* A TSID may be a sudoers-style session ID or a free-form string. */ +@@ -150,169 +141,90 @@ new_logline(int event_type, int flags, s + } + + /* +- * Compute line length ++ * Format the log line as an lbuf, escaping control characters in ++ * octal form (#0nn). Error checking (ENOMEM) is done at the end. + */ +- if (args->reason != NULL) +- len += strlen(args->reason) + 3; +- if (args->errstr != NULL) +- len += strlen(args->errstr) + 3; +- if (evlog->submithost != NULL && !evl_conf->omit_hostname) +- len += sizeof(LL_HOST_STR) + 2 + strlen(evlog->submithost); +- if (tty != NULL) +- len += sizeof(LL_TTY_STR) + 2 + strlen(tty); +- if (evlog->runchroot != NULL) +- len += sizeof(LL_CHROOT_STR) + 2 + strlen(evlog->runchroot); +- if (evlog->runcwd != NULL) +- len += sizeof(LL_CWD_STR) + 2 + strlen(evlog->runcwd); +- if (evlog->runuser != NULL) +- len += sizeof(LL_USER_STR) + 2 + strlen(evlog->runuser); +- if (evlog->rungroup != NULL) +- len += sizeof(LL_GROUP_STR) + 2 + strlen(evlog->rungroup); +- if (tsid != NULL) { +- len += sizeof(LL_TSID_STR) + 2 + strlen(tsid) + strlen(offsetstr); +- } +- if (evlog->env_add != NULL) { +- size_t evlen = 0; +- char * const *ep; +- +- for (ep = evlog->env_add; *ep != NULL; ep++) +- evlen += strlen(*ep) + 1; +- if (evlen != 0) { +- if ((evstr = malloc(evlen)) == NULL) +- goto oom; +- ep = evlog->env_add; +- if (strlcpy(evstr, *ep, evlen) >= evlen) +- goto toobig; +- while (*++ep != NULL) { +- if (strlcat(evstr, " ", evlen) >= evlen || +- strlcat(evstr, *ep, evlen) >= evlen) +- goto toobig; +- } +- len += sizeof(LL_ENV_STR) + 2 + evlen; +- } +- } +- if (evlog->command != NULL) { +- len += sizeof(LL_CMND_STR) - 1 + strlen(evlog->command); +- if (evlog->argv != NULL && evlog->argv[0] != NULL) { +- for (i = 1; evlog->argv[i] != NULL; i++) +- len += strlen(evlog->argv[i]) + 1; +- } +- if (event_type == EVLOG_EXIT) { +- if (evlog->signal_name != NULL) +- len += sizeof(LL_SIGNAL_STR) + 2 + strlen(evlog->signal_name); +- if (evlog->exit_value != -1) { +- (void)snprintf(exit_str, sizeof(exit_str), "%d", evlog->exit_value); +- len += sizeof(LL_EXIT_STR) + 2 + strlen(exit_str); +- } +- } +- } +- +- /* +- * Allocate and build up the line. +- */ +- if ((line = malloc(++len)) == NULL) +- goto oom; +- line[0] = '\0'; +- + if (args->reason != NULL) { +- if (strlcat(line, args->reason, len) >= len || +- strlcat(line, args->errstr ? " : " : " ; ", len) >= len) +- goto toobig; ++ sudo_lbuf_append_esc(&lbuf, LBUF_ESC_CNTRL, "%s%s", args->reason, ++ args->errstr ? " : " : " ; "); + } + if (args->errstr != NULL) { +- if (strlcat(line, args->errstr, len) >= len || +- strlcat(line, " ; ", len) >= len) +- goto toobig; ++ sudo_lbuf_append_esc(&lbuf, LBUF_ESC_CNTRL, "%s ; ", args->errstr); + } + if (evlog->submithost != NULL && !evl_conf->omit_hostname) { +- if (strlcat(line, LL_HOST_STR, len) >= len || +- strlcat(line, evlog->submithost, len) >= len || +- strlcat(line, " ; ", len) >= len) +- goto toobig; ++ sudo_lbuf_append_esc(&lbuf, LBUF_ESC_CNTRL, "HOST=%s ; ", ++ evlog->submithost); + } + if (tty != NULL) { +- if (strlcat(line, LL_TTY_STR, len) >= len || +- strlcat(line, tty, len) >= len || +- strlcat(line, " ; ", len) >= len) +- goto toobig; ++ sudo_lbuf_append_esc(&lbuf, LBUF_ESC_CNTRL, "TTY=%s ; ", tty); + } + if (evlog->runchroot != NULL) { +- if (strlcat(line, LL_CHROOT_STR, len) >= len || +- strlcat(line, evlog->runchroot, len) >= len || +- strlcat(line, " ; ", len) >= len) +- goto toobig; ++ sudo_lbuf_append_esc(&lbuf, LBUF_ESC_CNTRL, "CHROOT=%s ; ", ++ evlog->runchroot); + } + if (evlog->runcwd != NULL) { +- if (strlcat(line, LL_CWD_STR, len) >= len || +- strlcat(line, evlog->runcwd, len) >= len || +- strlcat(line, " ; ", len) >= len) +- goto toobig; ++ sudo_lbuf_append_esc(&lbuf, LBUF_ESC_CNTRL, "PWD=%s ; ", ++ evlog->runcwd); + } + if (evlog->runuser != NULL) { +- if (strlcat(line, LL_USER_STR, len) >= len || +- strlcat(line, evlog->runuser, len) >= len || +- strlcat(line, " ; ", len) >= len) +- goto toobig; ++ sudo_lbuf_append_esc(&lbuf, LBUF_ESC_CNTRL, "USER=%s ; ", ++ evlog->runuser); + } + if (evlog->rungroup != NULL) { +- if (strlcat(line, LL_GROUP_STR, len) >= len || +- strlcat(line, evlog->rungroup, len) >= len || +- strlcat(line, " ; ", len) >= len) +- goto toobig; ++ sudo_lbuf_append_esc(&lbuf, LBUF_ESC_CNTRL, "GROUP=%s ; ", ++ evlog->rungroup); + } + if (tsid != NULL) { +- if (strlcat(line, LL_TSID_STR, len) >= len || +- strlcat(line, tsid, len) >= len || +- strlcat(line, offsetstr, len) >= len || +- strlcat(line, " ; ", len) >= len) +- goto toobig; +- } +- if (evstr != NULL) { +- if (strlcat(line, LL_ENV_STR, len) >= len || +- strlcat(line, evstr, len) >= len || +- strlcat(line, " ; ", len) >= len) +- goto toobig; +- free(evstr); +- evstr = NULL; ++ sudo_lbuf_append_esc(&lbuf, LBUF_ESC_CNTRL, "TSID=%s%s ; ", tsid, ++ offsetstr); ++ } ++ if (evlog->env_add != NULL && evlog->env_add[0] != NULL) { ++ sudo_lbuf_append_esc(&lbuf, LBUF_ESC_CNTRL, "ENV=%s", ++ evlog->env_add[0]); ++ for (i = 1; evlog->env_add[i] != NULL; i++) { ++ sudo_lbuf_append_esc(&lbuf, LBUF_ESC_CNTRL, " %s", ++ evlog->env_add[i]); ++ } + } + if (evlog->command != NULL) { +- if (strlcat(line, LL_CMND_STR, len) >= len) +- goto toobig; +- if (strlcat(line, evlog->command, len) >= len) +- goto toobig; ++ sudo_lbuf_append_esc(&lbuf, LBUF_ESC_CNTRL|LBUF_ESC_BLANK, ++ "COMMAND=%s", evlog->command); + if (evlog->argv != NULL && evlog->argv[0] != NULL) { + for (i = 1; evlog->argv[i] != NULL; i++) { +- if (strlcat(line, " ", len) >= len || +- strlcat(line, evlog->argv[i], len) >= len) +- goto toobig; ++ sudo_lbuf_append(&lbuf, " "); ++ if (strchr(evlog->argv[i], ' ') != NULL) { ++ /* Wrap args containing spaces in single quotes. */ ++ sudo_lbuf_append(&lbuf, "'"); ++ sudo_lbuf_append_esc(&lbuf, LBUF_ESC_CNTRL|LBUF_ESC_QUOTE, ++ "%s", evlog->argv[i]); ++ sudo_lbuf_append(&lbuf, "'"); ++ } else { ++ /* Escape quotes here too for consistency. */ ++ sudo_lbuf_append_esc(&lbuf, ++ LBUF_ESC_CNTRL|LBUF_ESC_BLANK|LBUF_ESC_QUOTE, ++ "%s", evlog->argv[i]); ++ } + } + } + if (event_type == EVLOG_EXIT) { + if (evlog->signal_name != NULL) { +- if (strlcat(line, " ; ", len) >= len || +- strlcat(line, LL_SIGNAL_STR, len) >= len || +- strlcat(line, evlog->signal_name, len) >= len) +- goto toobig; ++ sudo_lbuf_append_esc(&lbuf, LBUF_ESC_CNTRL, " ; SIGNAL=%s", ++ evlog->signal_name); + } + if (evlog->exit_value != -1) { +- if (strlcat(line, " ; ", len) >= len || +- strlcat(line, LL_EXIT_STR, len) >= len || +- strlcat(line, exit_str, len) >= len) +- goto toobig; ++ (void)snprintf(exit_str, sizeof(exit_str), "%d", ++ evlog->exit_value); ++ sudo_lbuf_append_esc(&lbuf, LBUF_ESC_CNTRL, " ; EXIT=%s", ++ exit_str); + } + } + } +- +- debug_return_str(line); ++ if (!sudo_lbuf_error(&lbuf)) ++ debug_return_str(lbuf.buf); + oom: +- free(evstr); ++ sudo_lbuf_destroy(&lbuf); + sudo_warnx(U_("%s: %s"), __func__, U_("unable to allocate memory")); + debug_return_str(NULL); +-toobig: +- free(evstr); +- free(line); +- sudo_warnx(U_("internal error, %s overflow"), __func__); +- debug_return_str(NULL); + } + + static void +--- a/lib/iolog/iolog_json.c ++++ b/lib/iolog/iolog_json.c +@@ -541,45 +541,6 @@ iolog_parse_json_object(struct json_obje + } + } + +- /* Merge cmd and argv as sudoreplay expects. */ +- if (evlog->command != NULL && evlog->argv != NULL && evlog->argv[0] != NULL) { +- size_t len, bufsize = strlen(evlog->command) + 1; +- char *cp, *buf; +- int ac; +- +- /* Skip argv[0], we use evlog->command instead. */ +- for (ac = 1; evlog->argv[ac] != NULL; ac++) +- bufsize += strlen(evlog->argv[ac]) + 1; +- +- if ((buf = malloc(bufsize)) == NULL) { +- sudo_warnx(U_("%s: %s"), __func__, U_("unable to allocate memory")); +- goto done; +- } +- cp = buf; +- +- len = strlcpy(cp, evlog->command, bufsize); +- if (len >= bufsize) +- sudo_fatalx(U_("internal error, %s overflow"), __func__); +- cp += len; +- bufsize -= len; +- +- for (ac = 1; evlog->argv[ac] != NULL; ac++) { +- if (bufsize < 2) +- sudo_fatalx(U_("internal error, %s overflow"), __func__); +- *cp++ = ' '; +- bufsize--; +- +- len = strlcpy(cp, evlog->argv[ac], bufsize); +- if (len >= bufsize) +- sudo_fatalx(U_("internal error, %s overflow"), __func__); +- cp += len; +- bufsize -= len; +- } +- +- free(evlog->command); +- evlog->command = buf; +- } +- + ret = true; + + done: +--- a/lib/util/lbuf.c ++++ b/lib/util/lbuf.c +@@ -88,6 +88,112 @@ sudo_lbuf_expand(struct sudo_lbuf *lbuf, + } + + /* ++ * Escape a character in octal form (#0n) and store it as a string ++ * in buf, which must have at least 6 bytes available. ++ * Returns the length of buf, not counting the terminating NUL byte. ++ */ ++static int ++escape(unsigned char ch, char *buf) ++{ ++ const int len = ch < 0100 ? (ch < 010 ? 3 : 4) : 5; ++ ++ /* Work backwards from the least significant digit to most significant. */ ++ switch (len) { ++ case 5: ++ buf[4] = (ch & 7) + '0'; ++ ch >>= 3; ++ FALLTHROUGH; ++ case 4: ++ buf[3] = (ch & 7) + '0'; ++ ch >>= 3; ++ FALLTHROUGH; ++ case 3: ++ buf[2] = (ch & 7) + '0'; ++ buf[1] = '0'; ++ buf[0] = '#'; ++ break; ++ } ++ buf[len] = '\0'; ++ ++ return len; ++} ++ ++/* ++ * Parse the format and append strings, only %s and %% escapes are supported. ++ * Any non-printable characters are escaped in octal as #0nn. ++ */ ++bool ++sudo_lbuf_append_esc_v1(struct sudo_lbuf *lbuf, int flags, const char *fmt, ...) ++{ ++ unsigned int saved_len = lbuf->len; ++ bool ret = false; ++ const char *s; ++ va_list ap; ++ debug_decl(sudo_lbuf_append_esc, SUDO_DEBUG_UTIL); ++ ++ if (sudo_lbuf_error(lbuf)) ++ debug_return_bool(false); ++ ++#define should_escape(ch) \ ++ ((ISSET(flags, LBUF_ESC_CNTRL) && iscntrl((unsigned char)ch)) || \ ++ (ISSET(flags, LBUF_ESC_BLANK) && isblank((unsigned char)ch))) ++#define should_quote(ch) \ ++ (ISSET(flags, LBUF_ESC_QUOTE) && (ch == '\'' || ch == '\\')) ++ ++ va_start(ap, fmt); ++ while (*fmt != '\0') { ++ if (fmt[0] == '%' && fmt[1] == 's') { ++ if ((s = va_arg(ap, char *)) == NULL) ++ s = "(NULL)"; ++ while (*s != '\0') { ++ if (should_escape(*s)) { ++ if (!sudo_lbuf_expand(lbuf, sizeof("#0177") - 1)) ++ goto done; ++ lbuf->len += escape(*s++, lbuf->buf + lbuf->len); ++ continue; ++ } ++ if (should_quote(*s)) { ++ if (!sudo_lbuf_expand(lbuf, 2)) ++ goto done; ++ lbuf->buf[lbuf->len++] = '\\'; ++ lbuf->buf[lbuf->len++] = *s++; ++ continue; ++ } ++ if (!sudo_lbuf_expand(lbuf, 1)) ++ goto done; ++ lbuf->buf[lbuf->len++] = *s++; ++ } ++ fmt += 2; ++ continue; ++ } ++ if (should_escape(*fmt)) { ++ if (!sudo_lbuf_expand(lbuf, sizeof("#0177") - 1)) ++ goto done; ++ if (*fmt == '\'') { ++ lbuf->buf[lbuf->len++] = '\\'; ++ lbuf->buf[lbuf->len++] = *fmt++; ++ } else { ++ lbuf->len += escape(*fmt++, lbuf->buf + lbuf->len); ++ } ++ continue; ++ } ++ if (!sudo_lbuf_expand(lbuf, 1)) ++ goto done; ++ lbuf->buf[lbuf->len++] = *fmt++; ++ } ++ ret = true; ++ ++done: ++ if (!ret) ++ lbuf->len = saved_len; ++ if (lbuf->size != 0) ++ lbuf->buf[lbuf->len] = '\0'; ++ va_end(ap); ++ ++ debug_return_bool(ret); ++} ++ ++/* + * Parse the format and append strings, only %s and %% escapes are supported. + * Any characters in set are quoted with a backslash. + */ +--- a/lib/util/util.exp.in ++++ b/lib/util/util.exp.in +@@ -98,6 +98,7 @@ sudo_json_get_len_v1 + sudo_json_init_v1 + sudo_json_open_array_v1 + sudo_json_open_object_v1 ++sudo_lbuf_append_esc_v1 + sudo_lbuf_append_quoted_v1 + sudo_lbuf_append_v1 + sudo_lbuf_clearerr_v1 +--- a/plugins/sudoers/sudoreplay.c ++++ b/plugins/sudoers/sudoreplay.c +@@ -62,6 +62,7 @@ + #include "sudo_debug.h" + #include "sudo_event.h" + #include "sudo_eventlog.h" ++#include "sudo_lbuf.h" + #include "sudo_fatal.h" + #include "sudo_gettext.h" + #include "sudo_iolog.h" +@@ -373,6 +374,10 @@ main(int argc, char *argv[]) + if ((evlog = iolog_parse_loginfo(iolog_dir_fd, iolog_dir)) == NULL) + goto done; + printf(_("Replaying sudo session: %s"), evlog->command); ++ if (evlog->argv != NULL && evlog->argv[0] != NULL) { ++ for (i = 1; evlog->argv[i] != NULL; i++) ++ printf(" %s", evlog->argv[i]); ++ } + + /* Setup terminal if appropriate. */ + if (!isatty(STDIN_FILENO) || !isatty(STDOUT_FILENO)) +@@ -1312,11 +1317,57 @@ parse_expr(struct search_node_list *head + debug_return_int(av - argv); + } + ++static char * ++expand_command(struct eventlog *evlog, char **newbuf) ++{ ++ size_t len, bufsize = strlen(evlog->command) + 1; ++ char *cp, *buf; ++ int ac; ++ debug_decl(expand_command, SUDO_DEBUG_UTIL); ++ ++ if (evlog->argv == NULL || evlog->argv[0] == NULL || evlog->argv[1] == NULL) { ++ /* No arguments, we can use the command as-is. */ ++ *newbuf = NULL; ++ debug_return_str(evlog->command); ++ } ++ ++ /* Skip argv[0], we use evlog->command instead. */ ++ for (ac = 1; evlog->argv[ac] != NULL; ac++) ++ bufsize += strlen(evlog->argv[ac]) + 1; ++ ++ if ((buf = malloc(bufsize)) == NULL) ++ sudo_fatalx(U_("%s: %s"), __func__, U_("unable to allocate memory")); ++ cp = buf; ++ ++ len = strlcpy(cp, evlog->command, bufsize); ++ if (len >= bufsize) ++ sudo_fatalx(U_("internal error, %s overflow"), __func__); ++ cp += len; ++ bufsize -= len; ++ ++ for (ac = 1; evlog->argv[ac] != NULL; ac++) { ++ if (bufsize < 2) ++ sudo_fatalx(U_("internal error, %s overflow"), __func__); ++ *cp++ = ' '; ++ bufsize--; ++ ++ len = strlcpy(cp, evlog->argv[ac], bufsize); ++ if (len >= bufsize) ++ sudo_fatalx(U_("internal error, %s overflow"), __func__); ++ cp += len; ++ bufsize -= len; ++ } ++ ++ *newbuf = buf; ++ debug_return_str(buf); ++} ++ + static bool + match_expr(struct search_node_list *head, struct eventlog *evlog, bool last_match) + { + struct search_node *sn; + bool res = false, matched = last_match; ++ char *tofree; + int rc; + debug_decl(match_expr, SUDO_DEBUG_UTIL); + +@@ -1350,13 +1401,15 @@ match_expr(struct search_node_list *head + res = strcmp(sn->u.user, evlog->submituser) == 0; + break; + case ST_PATTERN: +- rc = regexec(&sn->u.cmdre, evlog->command, 0, NULL, 0); ++ rc = regexec(&sn->u.cmdre, expand_command(evlog, &tofree), ++ 0, NULL, 0); + if (rc && rc != REG_NOMATCH) { + char buf[BUFSIZ]; + regerror(rc, &sn->u.cmdre, buf, sizeof(buf)); + sudo_fatalx("%s", buf); + } + res = rc == REG_NOMATCH ? 0 : 1; ++ free(tofree); + break; + case ST_FROMDATE: + res = sudo_timespeccmp(&evlog->submit_time, &sn->u.tstamp, >=); +@@ -1377,12 +1430,13 @@ match_expr(struct search_node_list *head + } + + static int +-list_session(char *log_dir, regex_t *re, const char *user, const char *tty) ++list_session(struct sudo_lbuf *lbuf, char *log_dir, regex_t *re, ++ const char *user, const char *tty) + { + char idbuf[7], *idstr, *cp; + struct eventlog *evlog = NULL; + const char *timestr; +- int ret = -1; ++ int i, ret = -1; + debug_decl(list_session, SUDO_DEBUG_UTIL); + + if ((evlog = iolog_parse_loginfo(-1, log_dir)) == NULL) +@@ -1414,23 +1468,71 @@ list_session(char *log_dir, regex_t *re, + } + /* XXX - print lines + cols? */ + timestr = get_timestr(evlog->submit_time.tv_sec, 1); +- printf("%s : %s : ", timestr ? timestr : "invalid date", evlog->submituser); +- if (evlog->submithost != NULL) +- printf("HOST=%s ; ", evlog->submithost); +- if (evlog->ttyname != NULL) +- printf("TTY=%s ; ", evlog->ttyname); +- if (evlog->runchroot != NULL) +- printf("CHROOT=%s ; ", evlog->runchroot); +- if (evlog->runcwd != NULL || evlog->cwd != NULL) +- printf("CWD=%s ; ", evlog->runcwd ? evlog->runcwd : evlog->cwd); +- printf("USER=%s ; ", evlog->runuser); +- if (evlog->rungroup != NULL) +- printf("GROUP=%s ; ", evlog->rungroup); +- printf("TSID=%s ; COMMAND=%s\n", idstr, evlog->command); ++ sudo_lbuf_append_esc(lbuf, LBUF_ESC_CNTRL, "%s : %s : ", ++ timestr ? timestr : "invalid date", evlog->submituser); ++ if (evlog->submithost != NULL) { ++ sudo_lbuf_append_esc(lbuf, LBUF_ESC_CNTRL, "HOST=%s ; ", ++ evlog->submithost); ++ } ++ if (evlog->ttyname != NULL) { ++ sudo_lbuf_append_esc(lbuf, LBUF_ESC_CNTRL, "TTY=%s ; ", ++ evlog->ttyname); ++ } ++ if (evlog->runchroot != NULL) { ++ sudo_lbuf_append_esc(lbuf, LBUF_ESC_CNTRL, "CHROOT=%s ; ", ++ evlog->runchroot); ++ } ++ if (evlog->runcwd != NULL || evlog->cwd != NULL) { ++ sudo_lbuf_append_esc(lbuf, LBUF_ESC_CNTRL, "CWD=%s ; ", ++ evlog->runcwd ? evlog->runcwd : evlog->cwd); ++ } ++ sudo_lbuf_append_esc(lbuf, LBUF_ESC_CNTRL, "USER=%s ; ", evlog->runuser); ++ if (evlog->rungroup != NULL) { ++ sudo_lbuf_append_esc(lbuf, LBUF_ESC_CNTRL, "GROUP=%s ; ", ++ evlog->rungroup); ++ } ++ sudo_lbuf_append_esc(lbuf, LBUF_ESC_CNTRL, "TSID=%s ; ", idstr); ++ ++ /* ++ * If we have both command and argv from info.json we can escape ++ * blanks in the the command and arguments. If all we have is a ++ * single string containing both the command and arguments we cannot. ++ */ ++ if (evlog->argv != NULL) { ++ /* Command plus argv from the info.json file. */ ++ sudo_lbuf_append_esc(lbuf, LBUF_ESC_CNTRL|LBUF_ESC_BLANK, ++ "COMMAND=%s", evlog->command); ++ if (evlog->argv[0] != NULL) { ++ for (i = 1; evlog->argv[i] != NULL; i++) { ++ sudo_lbuf_append(lbuf, " "); ++ if (strchr(evlog->argv[i], ' ') != NULL) { ++ /* Wrap args containing spaces in single quotes. */ ++ sudo_lbuf_append(lbuf, "'"); ++ sudo_lbuf_append_esc(lbuf, LBUF_ESC_CNTRL|LBUF_ESC_QUOTE, ++ "%s", evlog->argv[i]); ++ sudo_lbuf_append(lbuf, "'"); ++ } else { ++ /* Escape quotes here too for consistency. */ ++ sudo_lbuf_append_esc(lbuf, ++ LBUF_ESC_CNTRL|LBUF_ESC_BLANK|LBUF_ESC_QUOTE, ++ "%s", evlog->argv[i]); ++ } ++ } ++ } ++ } else { ++ /* Single string from the legacy info file. */ ++ sudo_lbuf_append_esc(lbuf, LBUF_ESC_CNTRL, "COMMAND=%s", ++ evlog->command); ++ } + +- ret = 0; ++ if (!sudo_lbuf_error(lbuf)) { ++ puts(lbuf->buf); ++ ret = 0; ++ } + + done: ++ lbuf->error = 0; ++ lbuf->len = 0; + eventlog_free(evlog); + debug_return_int(ret); + } +@@ -1450,6 +1552,7 @@ find_sessions(const char *dir, regex_t * + DIR *d; + struct dirent *dp; + struct stat sb; ++ struct sudo_lbuf lbuf; + size_t sdlen, sessions_len = 0, sessions_size = 0; + unsigned int i; + int len; +@@ -1461,6 +1564,8 @@ find_sessions(const char *dir, regex_t * + #endif + debug_decl(find_sessions, SUDO_DEBUG_UTIL); + ++ sudo_lbuf_init(&lbuf, NULL, 0, NULL, 0); ++ + d = opendir(dir); + if (d == NULL) + sudo_fatal(U_("unable to open %s"), dir); +@@ -1521,7 +1626,7 @@ find_sessions(const char *dir, regex_t * + /* Check for dir with a log file. */ + if (lstat(pathbuf, &sb) == 0 && S_ISREG(sb.st_mode)) { + pathbuf[sdlen + len - 4] = '\0'; +- list_session(pathbuf, re, user, tty); ++ list_session(&lbuf, pathbuf, re, user, tty); + } else { + /* Strip off "/log" and recurse if a non-log dir. */ + pathbuf[sdlen + len - 4] = '\0'; +@@ -1532,6 +1637,7 @@ find_sessions(const char *dir, regex_t * + } + free(sessions); + } ++ sudo_lbuf_destroy(&lbuf); + + debug_return_int(0); + } diff -Nru sudo-1.9.5p2/debian/patches/CVE-2023-2848x-2.patch sudo-1.9.9/debian/patches/CVE-2023-2848x-2.patch --- sudo-1.9.5p2/debian/patches/CVE-2023-2848x-2.patch 1970-01-01 00:00:00.000000000 +0000 +++ sudo-1.9.9/debian/patches/CVE-2023-2848x-2.patch 2023-04-03 18:00:44.000000000 +0000 @@ -0,0 +1,22 @@ +Backport of: + +From 12648b4e0a8cf486480442efd52f0e0b6cab6e8b Mon Sep 17 00:00:00 2001 +From: "Todd C. Miller" +Date: Mon, 13 Mar 2023 08:04:32 -0600 +Subject: [PATCH] Add missing " ; " separator between environment variables and + command. This is a regression introduced in sudo 1.9.13. GitHub issue #254. + +--- + lib/eventlog/eventlog.c | 1 + + 1 file changed, 1 insertion(+) + +--- a/lib/eventlog/eventlog.c ++++ b/lib/eventlog/eventlog.c +@@ -185,6 +185,7 @@ new_logline(int event_type, int flags, s + sudo_lbuf_append_esc(&lbuf, LBUF_ESC_CNTRL, " %s", + evlog->env_add[i]); + } ++ sudo_lbuf_append(&lbuf, " ; "); + } + if (evlog->command != NULL) { + sudo_lbuf_append_esc(&lbuf, LBUF_ESC_CNTRL|LBUF_ESC_BLANK, diff -Nru sudo-1.9.5p2/debian/patches/fix-no-root-mailer.diff sudo-1.9.9/debian/patches/fix-no-root-mailer.diff --- sudo-1.9.5p2/debian/patches/fix-no-root-mailer.diff 2021-05-20 15:43:31.000000000 +0000 +++ sudo-1.9.9/debian/patches/fix-no-root-mailer.diff 1970-01-01 00:00:00.000000000 +0000 @@ -1,48 +0,0 @@ - -# HG changeset patch -# User Todd C. Miller -# Date 1611924154 25200 -# Node ID e0d4f196ba027604154f79ddd03a0b90f90c9607 -# Parent cd1c7615e861083e9e9b61d0e0070354e227ea5c -Fix NO_ROOT_MAILER, broken by the eventlog refactor in sudo 1.9.4. -init_eventlog_config() is called immediately after initializing the -Defaults settings, which is before struct sudo_user is setup. This -adds a call to eventlog_set_mailuid() if NO_ROOT_MAILER is defined -after the invoking user is determined. Reported by Roman Fiedler. - ---- a/plugins/sudoers/logging.c -+++ b/plugins/sudoers/logging.c -@@ -786,11 +786,6 @@ void - init_eventlog_config(void) - { - int logtype = 0; --#ifdef NO_ROOT_MAILER -- uid_t mailuid = user_uid; --#else -- uid_t mailuid = ROOT_UID; --#endif - debug_decl(init_eventlog_config, SUDOERS_DEBUG_LOGGING); - - if (def_syslog) -@@ -805,7 +800,7 @@ init_eventlog_config(void) - eventlog_set_syslog_alertpri(def_syslog_badpri); - eventlog_set_syslog_maxlen(def_syslog_maxlen); - eventlog_set_file_maxlen(def_loglinelen); -- eventlog_set_mailuid(mailuid); -+ eventlog_set_mailuid(ROOT_UID); - eventlog_set_omit_hostname(!def_log_host); - eventlog_set_logpath(def_logfile); - eventlog_set_time_fmt(def_log_year ? "%h %e %T %Y" : "%h %e %T"); ---- a/plugins/sudoers/policy.c -+++ b/plugins/sudoers/policy.c -@@ -518,6 +518,10 @@ sudoers_policy_deserialize_info(void *v) - /* Some systems support fexecve() which we use for digest matches. */ - cmnd_fd = -1; - -+#ifdef NO_ROOT_MAILER -+ eventlog_set_mailuid(user_uid); -+#endif -+ - /* Dump settings and user info (XXX - plugin args) */ - for (cur = info->settings; *cur != NULL; cur++) - sudo_debug_printf(SUDO_DEBUG_INFO, "settings: %s", *cur); diff -Nru sudo-1.9.5p2/debian/patches/paths-in-samples.diff sudo-1.9.9/debian/patches/paths-in-samples.diff --- sudo-1.9.5p2/debian/patches/paths-in-samples.diff 2021-05-20 15:43:31.000000000 +0000 +++ sudo-1.9.9/debian/patches/paths-in-samples.diff 2022-08-04 10:35:06.000000000 +0000 @@ -1,3 +1,7 @@ +Description: fix paths in sudoers example to match Debian's +Last-Update: 2021-12-13 +Author: Bdale Garbee +Forwarded: not-needed --- a/examples/sudoers +++ b/examples/sudoers @@ -44,10 +44,10 @@ Host_Alias CDROM = orion, perseus, hercu diff -Nru sudo-1.9.5p2/debian/patches/series sudo-1.9.9/debian/patches/series --- sudo-1.9.5p2/debian/patches/series 2021-05-20 15:43:31.000000000 +0000 +++ sudo-1.9.9/debian/patches/series 2023-04-03 18:00:31.000000000 +0000 @@ -1,5 +1,9 @@ -typo-in-classic-insults.diff paths-in-samples.diff Whitelist-DPKG_COLORS-environment-variable.diff -fix-no-root-mailer.diff sudo-ldap-docs +Add-XDG_CURRENT_DESKTOP-to-initial_keepenv_table.patch +CVE-2022-33070.patch +CVE-2023-22809.patch +CVE-2023-27320.patch +CVE-2023-2848x-1.patch +CVE-2023-2848x-2.patch diff -Nru sudo-1.9.5p2/debian/patches/sudo-ldap-docs sudo-1.9.9/debian/patches/sudo-ldap-docs --- sudo-1.9.5p2/debian/patches/sudo-ldap-docs 2021-05-20 15:43:31.000000000 +0000 +++ sudo-1.9.9/debian/patches/sudo-ldap-docs 2022-08-04 10:35:06.000000000 +0000 @@ -1,21 +1,21 @@ Description: Adapt README.LDAP to the actual state of the sudo-ldap package Author: Marc Haber - ---- a/README.LDAP -+++ b/README.LDAP +Forwarded: not-needed +--- a/README.LDAP.md ++++ b/README.LDAP.md @@ -35,18 +35,8 @@ They are one and the same. - Build instructions - ================== + ## Build instructions + -The simplest way to build sudo with LDAP support is to include the --'--with-ldap' option. +-`--with-ldap` option. - -- $ ./configure --with-ldap +- $ ./configure --with-ldap - -If your ldap libraries and headers are in a non-standard place, you will need -to specify them at configure time. E.g. - -- $ ./configure --with-ldap=/usr/local/ldapsdk +- $ ./configure --with-ldap=/usr/local/ldapsdk - -Sudo is developed using OpenLDAP but Netscape-based LDAP libraries -(such as those present in Solaris) are also known to work. @@ -23,32 +23,31 @@ +using the OpenLDAP libs. Your mileage may vary. Please let the sudo workers mailing list - know if special configuration was required -@@ -174,13 +164,10 @@ I recommend using any of the following L + sudo-workers@sudo.ws know if special configuration was required +@@ -179,13 +169,10 @@ I recommend using any of the following L There are dozens of others, some Open Source, some free, some not. --Configure your /etc/ldap.conf and /etc/nsswitch.conf --==================================================== +-## Configure your /etc/ldap.conf and /etc/nsswitch.conf ++## Configure your /etc/sudo-ldap.conf and /etc/nsswitch.conf + -The /etc/ldap.conf file is meant to be shared between sudo, pam_ldap, nss_ldap -and other ldap applications and modules. IBM Secureway unfortunately uses -the same file name but has a different syntax. If you need to change where --this file is stored, re-run configure with the --with-ldap-conf-file=PATH +-this file is stored, re-run configure with the `--with-ldap-conf-file=PATH` -option. -+Configure your /etc/sudo-ldap.conf and /etc/nsswitch.conf -+========================================================= +The Debian package sudo-ldap uses /etc/sudo-ldap.conf as configuration file +and is configured to use nsswitch. See the "Configuring ldap.conf" section in the sudoers.ldap manual for a list of supported ldap.conf parameters and an example ldap.conf -@@ -192,9 +179,6 @@ After configuring /etc/ldap.conf, you mu +@@ -197,9 +184,6 @@ After configuring /etc/ldap.conf, you mu to tell sudo to look in LDAP for sudoers. See the "Configuring nsswitch.conf" section in the sudoers.ldap manual for details. Note that sudo will use /etc/nsswitch.conf even if the underlying operating system does not support it. --To disable nsswitch support, run configure with the --with-nsswitch=no option. +-To disable nsswitch support, run configure with the `--with-nsswitch=no` option. -This will cause sudo to consult LDAP first and /etc/sudoers second, unless the -ignore_sudoers_file flag is set in the global LDAP options. - Debugging your LDAP configuration - ================================= + ## Debugging your LDAP configuration + diff -Nru sudo-1.9.5p2/debian/patches/typo-in-classic-insults.diff sudo-1.9.9/debian/patches/typo-in-classic-insults.diff --- sudo-1.9.5p2/debian/patches/typo-in-classic-insults.diff 2021-05-20 15:43:31.000000000 +0000 +++ sudo-1.9.9/debian/patches/typo-in-classic-insults.diff 1970-01-01 00:00:00.000000000 +0000 @@ -1,11 +0,0 @@ ---- a/plugins/sudoers/ins_classic.h -+++ b/plugins/sudoers/ins_classic.h -@@ -32,7 +32,7 @@ - "Where did you learn to type?", - "Are you on drugs?", - "My pet ferret can type better than you!", -- "You type like i drive.", -+ "You type like I drive.", - "Do you think like you type?", - "Your mind just hasn't been the same since the electro-shock, has it?", - diff -Nru sudo-1.9.5p2/debian/rules sudo-1.9.9/debian/rules --- sudo-1.9.5p2/debian/rules 2021-05-20 15:43:31.000000000 +0000 +++ sudo-1.9.9/debian/rules 2022-08-04 10:34:35.000000000 +0000 @@ -1,205 +1,85 @@ #!/usr/bin/make -f +# Uncomment this to turn on verbose mode. +#export DH_VERBOSE=1 -export DH_VERBOSE=1 export DEB_BUILD_MAINT_OPTIONS = hardening=+all +export DEB_CFLAGS_MAINT_APPEND = -Wall -pedantic +export DEB_LDFLAGS_MAINT_APPEND = -Wl,--as-needed +DPKG_EXPORT_BUILDFLAGS = 1 + +include /usr/share/dpkg/default.mk + +define CONFIGURE_ARGS + -v + --with-all-insults + --with-pam --with-pam-login + --with-fqdn + --with-logging=syslog + --with-logfac=authpriv + --with-env-editor + --with-editor=/usr/bin/editor + --with-exampledir=/usr/share/doc/sudo/examples + --with-timeout=15 + --with-password-timeout=0 + --with-passprompt="[sudo] password for %p: " + --disable-root-mailer + --with-sendmail=/usr/sbin/sendmail + --with-rundir=/run/sudo + --with-sssd --with-sssd-lib=/usr/lib/$(DEB_HOST_MULTIARCH) + --enable-zlib=system +endef -CFLAGS = `dpkg-buildflags --get CFLAGS` -CFLAGS += -Wall -Wno-comment -LDFLAGS = `dpkg-buildflags --get LDFLAGS` -CPPFLAGS = `dpkg-buildflags --get CPPFLAGS` - -DEB_HOST_MULTIARCH ?= $(shell dpkg-architecture -qDEB_HOST_MULTIARCH) -DEB_HOST_ARCH_OS ?= $(shell dpkg-architecture -qDEB_HOST_ARCH_OS) ifeq ($(DEB_HOST_ARCH_OS),linux) - configure_args += --with-selinux --with-linux-audit --enable-tmpfiles.d=yes +CONFIGURE_ARGS += --with-selinux --with-linux-audit --enable-tmpfiles.d=yes +endif + +ifeq ($(DEB_VENDOR),Ubuntu) +CONFIGURE_ARGS += --without-lecture --with-tty-tickets --enable-admin-flag endif -# Consistently use /bin/mv to ensure reproducible builds regardless of -# building on a usrmerge or non-usrmerge system. -configure_args += MVPROG=/bin/mv - -reconf-stamp: - dh_testdir - dh_autoreconf - touch $@ - -configure: configure-stamp -configure-stamp: reconf-stamp - dh_testdir - cp -f /usr/share/misc/config.sub config.sub - cp -f /usr/share/misc/config.guess config.guess - - # simple version - NROFFPROG=/usr/bin/nroff CFLAGS="$(CFLAGS)" \ - CPPFLAGS="$(CPPFLAGS)" LDFLAGS="$(LDFLAGS)" \ - dh_auto_configure --builddirectory=build-simple -- \ - -v \ - --with-all-insults \ - --with-pam \ - --with-fqdn \ - --with-logging=syslog \ - --with-logfac=authpriv \ - --with-env-editor \ - --with-editor=/usr/bin/editor \ - --with-exampledir=/usr/share/doc/sudo/examples \ - --with-timeout=15 \ - --with-password-timeout=0 \ - --with-passprompt="[sudo] password for %p: " \ - --without-lecture --with-tty-tickets \ - --disable-root-mailer \ - --enable-admin-flag \ - --with-sendmail=/usr/sbin/sendmail \ - --with-rundir=/run/sudo \ - --libexecdir=/usr/lib \ - --with-sssd --with-sssd-lib=/usr/lib/$(DEB_HOST_MULTIARCH) \ - --enable-zlib=system \ - $(configure_args) - - # LDAP version - NROFFPROG=/usr/bin/nroff CFLAGS="$(CFLAGS)" \ - CPPFLAGS="$(CPPFLAGS)" LDFLAGS="$(LDFLAGS)" \ - dh_auto_configure --builddirectory=build-ldap -- \ - -v \ - --with-all-insults \ - --with-pam \ - --with-ldap \ - --with-fqdn \ - --with-logging=syslog \ - --with-logfac=authpriv \ - --with-env-editor \ - --with-editor=/usr/bin/editor \ - --with-exampledir=/usr/share/doc/sudo-ldap/examples \ - --with-timeout=15 \ - --with-password-timeout=0 \ - --with-passprompt="[sudo] password for %p: " \ - --without-lecture --with-tty-tickets \ - --disable-root-mailer \ - --enable-admin-flag \ - --disable-setresuid \ - --with-sendmail=/usr/sbin/sendmail \ - --with-rundir=/run/sudo \ - --with-ldap-conf-file=/etc/sudo-ldap.conf \ - --libexecdir=/usr/lib \ - --with-sssd --with-sssd-lib=/usr/lib/$(DEB_HOST_MULTIARCH) \ - --enable-zlib=system \ - $(configure_args) - - touch configure-stamp - -build: build-arch build-indep -build-arch: build-stamp -build-indep: build-stamp -build-stamp: configure-stamp - dh_testdir +%: + dh $@ - $(MAKE) -C build-simple - $(MAKE) -C build-ldap +override_dh_auto_configure: + dh_auto_configure --builddirectory build-simple -- $(strip $(CONFIGURE_ARGS)) + dh_auto_configure --builddirectory build-ldap -- $(strip $(CONFIGURE_ARGS)) \ + --with-ldap --with-ldap-conf-file=/etc/sudo-ldap.conf + +override_dh_auto_clean override_dh_auto_build: + $(patsubst override_%,%,$@) --builddirectory build-simple + $(patsubst override_%,%,$@) --builddirectory build-ldap +override_dh_auto_test: ifeq (,$(filter nocheck,$(DEB_BUILD_OPTIONS))) - $(MAKE) -C build-simple check + dh_auto_test --builddirectory build-simple + dh_auto_test --builddirectory build-ldap endif - touch build-stamp - -clean: - dh_testdir - dh_testroot - rm -f configure-stamp build-stamp - rm -rf build-simple build-ldap - rm -f config.cache - dh_autoreconf_clean - dh_clean - -install: build-stamp - dh_testdir - dh_testroot - dh_prep - dh_installdirs - - $(MAKE) -C build-simple install DESTDIR=$(CURDIR)/debian/sudo - $(MAKE) -C build-ldap install DESTDIR=$(CURDIR)/debian/sudo-ldap - - # remove stuff we don't want - rm -f debian/sudo*/etc/sudoers \ - debian/sudo*/usr/share/doc/sudo/LICENSE* \ - debian/sudo*/usr/share/doc/sudo/ChangeLog - - # provide upstream sudoers.dist as an alternate example - mv debian/sudo/etc/sudoers.dist \ - debian/sudo/usr/share/doc/sudo/examples/sudoers.dist - mv debian/sudo-ldap/etc/sudoers.dist \ - debian/sudo-ldap/usr/share/doc/sudo-ldap/examples/sudoers.dist - - # /run/sudo directory is created at boot time and shouldn't be in the - # package +override_dh_auto_install: + dh_auto_install --builddirectory build-simple --destdir debian/sudo + dh_auto_install --builddirectory build-ldap --destdir debian/sudo-ldap + + rm -f debian/sudo*/etc/sudoers \ + debian/sudo*/usr/share/doc/sudo/LICENSE.md \ + debian/sudo*/usr/share/doc/sudo*/ChangeLog rm -rf debian/sudo*/run + find debian/sudo*/ -type f -name '*.la' | xargs rm -f + + for pkg in sudo sudo-ldap; do \ + mv debian/$$pkg/etc/sudoers.dist \ + debian/$$pkg/usr/share/doc/sudo/examples/sudoers.dist; \ + done # move upstream-installed docs to the right place for ldap package - mv debian/sudo-ldap/usr/share/doc/sudo/* \ - debian/sudo-ldap/usr/share/doc/sudo-ldap/ - rmdir debian/sudo-ldap/usr/share/doc/sudo - - # and install things we do want that make install doesn't know about - install -o root -g root -m 0644 debian/sudo.pam \ - debian/sudo/etc/pam.d/sudo - install -o root -g root -m 0644 debian/sudo.pam \ - debian/sudo-ldap/etc/pam.d/sudo - - install -o root -g root -m 0644 debian/sudo.lintian \ - debian/sudo/usr/share/lintian/overrides/sudo - install -o root -g root -m 0644 debian/sudo-ldap.lintian \ - debian/sudo-ldap/usr/share/lintian/overrides/sudo-ldap - - install -o root -g root -m 0644 debian/sudo_root.8 \ - debian/sudo/usr/share/man/man8/sudo_root.8 - install -o root -g root -m 0644 debian/sudo_root.8 \ - debian/sudo-ldap/usr/share/man/man8/sudo_root.8 - - install -o root -g root -m 0440 debian/sudoers \ - debian/sudo/etc/sudoers - install -o root -g root -m 0440 debian/sudoers \ - debian/sudo-ldap/etc/sudoers - - install -o root -g root -m 0440 debian/README \ - debian/sudo/etc/sudoers.d/README - install -o root -g root -m 0440 debian/README \ - debian/sudo-ldap/etc/sudoers.d/README - - # we don't want the initscript to run, the creation of the rundir and - # the cleanup the stamp files is now done by tmpfiles when using - # systemd - ln -s /dev/null debian/sudo/lib/systemd/system/sudo.service - ln -s /dev/null debian/sudo-ldap/lib/systemd/system/sudo.service - - install -o root -g root -m 0644 $(CURDIR)/debian/source_sudo.py \ - debian/sudo/usr/share/apport/package-hooks/source_sudo.py - install -o root -g root -m 0644 $(CURDIR)/debian/source_sudo.py \ - debian/sudo-ldap/usr/share/apport/package-hooks/source_sudo.py - - -binary-indep: build install - -binary-arch: build install - dh_testdir - dh_testroot - dh_installdocs -A - dh_installman -A - dh_installinfo -A - dh_installchangelogs ChangeLog - # clear dependency_libs field in .la files - sed -i "/dependency_libs/ s/'.*'/''/" `find . -name '*.la'` - dh_strip - dh_compress - dh_fixperms - chown root.root debian/sudo/usr/bin/sudo debian/sudo-ldap/usr/bin/sudo - chmod 4755 debian/sudo/usr/bin/sudo debian/sudo-ldap/usr/bin/sudo - chmod 0440 debian/sudo/etc/sudoers.d/README \ - debian/sudo-ldap/etc/sudoers.d/README - dh_installdeb - dh_shlibdeps - dh_gencontrol - dh_md5sums - dh_builddeb + mv debian/sudo-ldap/usr/share/doc/sudo \ + debian/sudo-ldap/usr/share/doc/sudo-ldap + +execute_after_dh_fixperms: + # fix executable libraries + chmod 0644 debian/sudo*/usr/libexec/sudo/*.so + +override_dh_fixperms: + dh_fixperms --exclude=usr/bin/sudo -binary: binary-indep binary-arch -.PHONY: configure build-indep build-arch build clean binary-indep binary-arch binary install +override_dh_installchangelogs: + dh_installchangelogs --exclude=HISTORY diff -Nru sudo-1.9.5p2/debian/rules.predh7 sudo-1.9.9/debian/rules.predh7 --- sudo-1.9.5p2/debian/rules.predh7 1970-01-01 00:00:00.000000000 +0000 +++ sudo-1.9.9/debian/rules.predh7 2022-08-03 07:22:17.000000000 +0000 @@ -0,0 +1,192 @@ +#!/usr/bin/make -f + +export DH_VERBOSE=1 +export DEB_BUILD_MAINT_OPTIONS = hardening=+all + +CFLAGS = `dpkg-buildflags --get CFLAGS` +CFLAGS += -Wall -Wno-comment +LDFLAGS = `dpkg-buildflags --get LDFLAGS` +CPPFLAGS = `dpkg-buildflags --get CPPFLAGS` + +DEB_HOST_MULTIARCH ?= $(shell dpkg-architecture -qDEB_HOST_MULTIARCH) +DEB_HOST_ARCH_OS ?= $(shell dpkg-architecture -qDEB_HOST_ARCH_OS) +ifeq ($(DEB_HOST_ARCH_OS),linux) + configure_args += --with-selinux --with-linux-audit --enable-tmpfiles.d=yes +endif + +# Consistently use /bin/mv to ensure reproducible builds regardless of +# building on a usrmerge or non-usrmerge system. +configure_args += MVPROG=/bin/mv + +reconf-stamp: + cp -f /usr/share/misc/config.sub config.sub + cp -f /usr/share/misc/config.guess config.guess + autoconf -I m4 + touch $@ + +configure: configure-stamp +configure-stamp: reconf-stamp + dh_testdir + cp -f /usr/share/misc/config.sub config.sub + cp -f /usr/share/misc/config.guess config.guess + + # simple version + NROFFPROG=/usr/bin/nroff CFLAGS="$(CFLAGS)" \ + CPPFLAGS="$(CPPFLAGS)" LDFLAGS="$(LDFLAGS)" \ + dh_auto_configure --builddirectory=build-simple -- \ + -v \ + --with-all-insults \ + --with-pam \ + --with-fqdn \ + --with-logging=syslog \ + --with-logfac=authpriv \ + --with-env-editor \ + --with-editor=/usr/bin/editor \ + --with-exampledir=/usr/share/doc/sudo/examples \ + --with-timeout=15 \ + --with-password-timeout=0 \ + --with-passprompt="[sudo] password for %p: " \ + --disable-root-mailer \ + --with-sendmail=/usr/sbin/sendmail \ + --with-rundir=/run/sudo \ + --libexecdir=/usr/lib \ + --with-sssd --with-sssd-lib=/usr/lib/$(DEB_HOST_MULTIARCH) \ + --enable-zlib=system \ + $(configure_args) + + # LDAP version + NROFFPROG=/usr/bin/nroff CFLAGS="$(CFLAGS)" \ + CPPFLAGS="$(CPPFLAGS)" LDFLAGS="$(LDFLAGS)" \ + dh_auto_configure --builddirectory=build-ldap -- \ + -v \ + --with-all-insults \ + --with-pam \ + --with-ldap \ + --with-fqdn \ + --with-logging=syslog \ + --with-logfac=authpriv \ + --with-env-editor \ + --with-editor=/usr/bin/editor \ + --with-exampledir=/usr/share/doc/sudo-ldap/examples \ + --with-timeout=15 \ + --with-password-timeout=0 \ + --with-passprompt="[sudo] password for %p: " \ + --disable-root-mailer \ + --disable-setresuid \ + --with-sendmail=/usr/sbin/sendmail \ + --with-rundir=/run/sudo \ + --with-ldap-conf-file=/etc/sudo-ldap.conf \ + --libexecdir=/usr/lib \ + --with-sssd --with-sssd-lib=/usr/lib/$(DEB_HOST_MULTIARCH) \ + --enable-zlib=system \ + $(configure_args) + + touch configure-stamp + +build: build-arch build-indep +build-arch: build-stamp +build-indep: build-stamp +build-stamp: configure-stamp + dh_testdir + + $(MAKE) -C build-simple + $(MAKE) -C build-ldap + +ifeq (,$(filter nocheck,$(DEB_BUILD_OPTIONS))) + $(MAKE) -C build-simple check +endif + + touch build-stamp + +clean: + dh_testdir + dh_testroot + rm -f configure-stamp build-stamp + rm -rf build-simple build-ldap + rm -f config.cache + dh_clean + +install: build-stamp + dh_testdir + dh_testroot + dh_prep + dh_installdirs + + $(MAKE) -C build-simple install DESTDIR=$(CURDIR)/debian/sudo + $(MAKE) -C build-ldap install DESTDIR=$(CURDIR)/debian/sudo-ldap + + # remove stuff we don't want + rm -f debian/sudo*/etc/sudoers \ + debian/sudo*/usr/share/doc/sudo/LICENSE* \ + debian/sudo*/usr/share/doc/sudo/ChangeLog + + # provide upstream sudoers.dist as an alternate example + mv debian/sudo/etc/sudoers.dist \ + debian/sudo/usr/share/doc/sudo/examples/sudoers.dist + mv debian/sudo-ldap/etc/sudoers.dist \ + debian/sudo-ldap/usr/share/doc/sudo-ldap/examples/sudoers.dist + + # /run/sudo directory is created at boot time and shouldn't be in the + # package + rm -rf debian/sudo*/run + + # move upstream-installed docs to the right place for ldap package + mv debian/sudo-ldap/usr/share/doc/sudo/* \ + debian/sudo-ldap/usr/share/doc/sudo-ldap/ + rmdir debian/sudo-ldap/usr/share/doc/sudo + + # and install things we do want that make install doesn't know about + install -o root -g root -m 0644 debian/sudo.pam \ + debian/sudo/etc/pam.d/sudo + install -o root -g root -m 0644 debian/sudo.pam \ + debian/sudo-ldap/etc/pam.d/sudo + + install -o root -g root -m 0644 debian/sudo.lintian \ + debian/sudo/usr/share/lintian/overrides/sudo + install -o root -g root -m 0644 debian/sudo-ldap.lintian \ + debian/sudo-ldap/usr/share/lintian/overrides/sudo-ldap + + install -o root -g root -m 0440 debian/sudoers \ + debian/sudo/etc/sudoers + install -o root -g root -m 0440 debian/sudoers \ + debian/sudo-ldap/etc/sudoers + + install -o root -g root -m 0440 debian/README \ + debian/sudo/etc/sudoers.d/README + install -o root -g root -m 0440 debian/README \ + debian/sudo-ldap/etc/sudoers.d/README + + # we don't want the initscript to run, the creation of the rundir and + # the cleanup the stamp files is now done by tmpfiles when using + # systemd + ln -s /dev/null debian/sudo/lib/systemd/system/sudo.service + ln -s /dev/null debian/sudo-ldap/lib/systemd/system/sudo.service + +binary-indep: build install + +binary-arch: build install + dh_testdir + dh_testroot + dh_installdocs -A + dh_installinit -psudo --name=sudo + dh_installinit -psudo-ldap --name=sudo-ldap + dh_installman -A + dh_installinfo -A + dh_installchangelogs ChangeLog + # clear dependency_libs field in .la files + sed -i "/dependency_libs/ s/'.*'/''/" `find . -name '*.la'` + dh_strip + dh_compress + dh_fixperms + chown root.root debian/sudo/usr/bin/sudo debian/sudo-ldap/usr/bin/sudo + chmod 4755 debian/sudo/usr/bin/sudo debian/sudo-ldap/usr/bin/sudo + chmod 0440 debian/sudo/etc/sudoers.d/README \ + debian/sudo-ldap/etc/sudoers.d/README + dh_installdeb + dh_shlibdeps + dh_gencontrol + dh_md5sums + dh_builddeb + +binary: binary-indep binary-arch +.PHONY: configure build-indep build-arch build clean binary-indep binary-arch binary install diff -Nru sudo-1.9.5p2/debian/salsa-ci.yml sudo-1.9.9/debian/salsa-ci.yml --- sudo-1.9.5p2/debian/salsa-ci.yml 1970-01-01 00:00:00.000000000 +0000 +++ sudo-1.9.9/debian/salsa-ci.yml 2022-08-03 07:22:17.000000000 +0000 @@ -0,0 +1,14 @@ +--- +include: + - https://salsa.debian.org/salsa-ci-team/pipeline/raw/master/recipes/debian.yml + +# Enable extra Salsa-CI tests that are otherwise off by default +variables: + SALSA_CI_DISABLE_MISSING_BREAKS: 0 + SALSA_CI_DISABLE_RC_BUGS: 0 + +# Piuparts for sudo is currently failing (August 2021) when Salsa-CI was enabled. +# Remove this override once that issue is fixed. +piuparts: + allow_failure: true + diff -Nru sudo-1.9.5p2/debian/source/lintian-overrides sudo-1.9.9/debian/source/lintian-overrides --- sudo-1.9.5p2/debian/source/lintian-overrides 1970-01-01 00:00:00.000000000 +0000 +++ sudo-1.9.9/debian/source/lintian-overrides 2022-08-04 10:34:35.000000000 +0000 @@ -0,0 +1,13 @@ +# not going to pester upstream about this +sudo source: very-long-line-length-in-source-file lib/iolog/regress/corpus/seed/log_json/id.json line * is 654 characters long (>512) +sudo source: very-long-line-length-in-source-file lib/iolog/regress/corpus/seed/log_json/ls.json line * is 654 characters long (>512) +sudo source: very-long-line-length-in-source-file lib/iolog/regress/corpus/seed/log_json/mailq.json line * is 654 characters long (>512) +sudo source: very-long-line-length-in-source-file lib/iolog/regress/corpus/seed/log_json/make.json line * is 654 characters long (>512) +sudo source: very-long-line-length-in-source-file lib/iolog/regress/corpus/seed/log_json/pkg_add.json line * is 654 characters long (>512) +sudo source: very-long-line-length-in-source-file lib/iolog/regress/corpus/seed/log_json/pkg_delete.json line * is 654 characters long (>512) +sudo source: very-long-line-length-in-source-file plugins/sudoers/regress/corpus/seed/policy/policy.3 line * is 1030 characters long (>512) +sudo source: very-long-line-length-in-source-file configure line * is 704 characters long (>512) +sudo source: very-long-line-length-in-source-file docs/Makefile.in line * is 559 characters long (>512) +sudo source: very-long-line-length-in-source-file m4/libtool.m4 line * is 738 characters long (>512) +sudo source: very-long-line-length-in-source-file scripts/mkdep.pl line * is 645 characters long (>512) + diff -Nru sudo-1.9.5p2/debian/sudo-ldap.dirs sudo-1.9.9/debian/sudo-ldap.dirs --- sudo-1.9.5p2/debian/sudo-ldap.dirs 2021-05-20 15:43:31.000000000 +0000 +++ sudo-1.9.9/debian/sudo-ldap.dirs 1970-01-01 00:00:00.000000000 +0000 @@ -1,10 +0,0 @@ -etc/pam.d -etc/sudoers.d -lib/systemd/system -usr/bin -usr/share/man/man8 -usr/share/man/man5 -usr/sbin -usr/share/apport/package-hooks -usr/share/doc/sudo-ldap -usr/share/lintian/overrides diff -Nru sudo-1.9.5p2/debian/sudo-ldap.docs sudo-1.9.9/debian/sudo-ldap.docs --- sudo-1.9.5p2/debian/sudo-ldap.docs 2018-09-19 09:13:32.000000000 +0000 +++ sudo-1.9.9/debian/sudo-ldap.docs 2022-08-04 10:34:35.000000000 +0000 @@ -1,7 +1,4 @@ debian/OPTIONS -doc/UPGRADE -doc/HISTORY -doc/TROUBLESHOOTING -doc/schema.* -README -README.LDAP +docs/schema.* +README.md +README.LDAP.md diff -Nru sudo-1.9.5p2/debian/sudo-ldap.install sudo-1.9.9/debian/sudo-ldap.install --- sudo-1.9.5p2/debian/sudo-ldap.install 1970-01-01 00:00:00.000000000 +0000 +++ sudo-1.9.9/debian/sudo-ldap.install 2022-08-03 07:22:17.000000000 +0000 @@ -0,0 +1,2 @@ +debian/etc/* /etc +debian/source_sudo.py /usr/share/apport/package-hooks diff -Nru sudo-1.9.5p2/debian/sudo-ldap.lintian sudo-1.9.9/debian/sudo-ldap.lintian --- sudo-1.9.5p2/debian/sudo-ldap.lintian 2021-02-15 00:09:28.000000000 +0000 +++ sudo-1.9.9/debian/sudo-ldap.lintian 1970-01-01 00:00:00.000000000 +0000 @@ -1,5 +0,0 @@ -sudo-ldap: non-standard-file-perm etc/sudoers.d/README 0440 != 0644 -sudo-ldap: setuid-binary usr/bin/sudo 4755 root/root -sudo-ldap: read-in-maintainer-script -sudo-ldap: duplicate-updaterc.d-calls-in-postinst -sudo-ldap: systemd-no-service-for-init-script sudo-ldap diff -Nru sudo-1.9.5p2/debian/sudo-ldap.lintian-overrides sudo-1.9.9/debian/sudo-ldap.lintian-overrides --- sudo-1.9.5p2/debian/sudo-ldap.lintian-overrides 1970-01-01 00:00:00.000000000 +0000 +++ sudo-1.9.9/debian/sudo-ldap.lintian-overrides 2022-08-04 10:34:35.000000000 +0000 @@ -0,0 +1,20 @@ +# sudo is set-uid root by design. +sudo-ldap: elevated-privileges usr/bin/sudo 4755 root/root + +# the init script job is done by systemd-tmpfiles on systemd systems +sudo-ldap: missing-systemd-service-for-init.d-script sudo-ldap [etc/init.d/sudo-ldap] + +# a false alarm, see #204975 +sudo-ldap: package-has-unnecessary-activation-of-ldconfig-trigger + +# a false alarm +sudo-ldap: hardening-no-fortify-functions [usr/libexec/sudo/group_file.so] + +# this is a false alarm, our shared objects are all private +sudo-ldap: custom-library-search-path RUNPATH /usr/libexec/sudo [*] + +# Debian does not ship Apport. +sudo-ldap: python3-script-but-no-python3-dep /usr/bin/python3 (does not satisfy python3:any | python3-minimal:any) [*] + +# This is a film quote +sudo-ldap: spelling-error-in-binary usr/libexec/sudo/sudoers.so "allow to" "allow one to" diff -Nru sudo-1.9.5p2/debian/sudo-ldap.manpages sudo-1.9.9/debian/sudo-ldap.manpages --- sudo-1.9.5p2/debian/sudo-ldap.manpages 2018-09-19 09:13:32.000000000 +0000 +++ sudo-1.9.9/debian/sudo-ldap.manpages 2022-08-03 07:43:57.000000000 +0000 @@ -1,4 +1 @@ -build-ldap/doc/sudo.mdoc -build-ldap/doc/sudoers.mdoc -build-ldap/doc/sudoers.ldap.mdoc -build-ldap/doc/visudo.mdoc +debian/sudo_root.8 diff -Nru sudo-1.9.5p2/debian/sudo-ldap.postinst sudo-1.9.9/debian/sudo-ldap.postinst --- sudo-1.9.5p2/debian/sudo-ldap.postinst 2018-09-19 09:13:32.000000000 +0000 +++ sudo-1.9.9/debian/sudo-ldap.postinst 2022-08-04 10:34:35.000000000 +0000 @@ -3,12 +3,14 @@ set -e # remove old link +# this was already present in 2017 if [ -L /etc/alternatives/sudo ]; then rm /etc/alternatives/sudo fi # remove legacy conffile no longer delivered +# this was added in 1.8.21p2-1 in 2017. if [ -f /etc/sudoers.dist ]; then rm /etc/sudoers.dist @@ -46,38 +48,10 @@ update-rc.d sudo remove fi -#DEBHELPER# - -# make sure we have a sudo group - -[ -n "`getent group sudo`" ] && exit 0 # we're finished if there is a group sudo: - -# start search with gid 27 -gid="27" -while [ -n "`getent group $gid | cut -d: -f3`" ];do - gid=`expr $gid + 1` -done - - -if [ "$gid" -ne "27" ];then - echo "On Debian we normally use gid 27 for 'sudo'." - gname="`getent group 27 | cut -d: -f1`" - echo "However, on your system gid 27 is group '$gname'." - echo "" - echo "Would you like me to stop configuring sudo so that you can change this?"; - while true;do - echo -n "(Enter 'yes' to stop, enter to continue): " - read ans - [ "$ans" = "" ] && break - if [ "$ans" = "yes" -o "$ans" = "YES" ];then - echo "'dpkg --pending --configure' will restart the configuration." - exit 1; - fi - echo "Please enter exactly 'yes' to stop, or press the enter key to continue without stopping" - done +# the sysv init script just creates the directories in /run. This must not +# be done on systemd systems, we use systemd-tmpfiles for that +if [ -x "/usr/bin/deb-systemd-helper" ]; then + deb-systemd-helper mask 'sudo-ldap.service' || true fi -echo "Creating group 'sudo' with gid = $gid"; -groupadd -g $gid sudo - -echo "" +#DEBHELPER# diff -Nru sudo-1.9.5p2/debian/sudo-ldap.postrm sudo-1.9.9/debian/sudo-ldap.postrm --- sudo-1.9.5p2/debian/sudo-ldap.postrm 2018-09-19 09:13:32.000000000 +0000 +++ sudo-1.9.9/debian/sudo-ldap.postrm 2022-08-04 10:34:35.000000000 +0000 @@ -1,10 +1,15 @@ -#!/bin/sh -e +#!/bin/sh + +set -e case "$1" in purge) rm -f /etc/sudo-ldap.conf rm -rf /var/lib/sudo rm -rf /run/sudo + if [ -x "/usr/bin/deb-systemd-helper" ]; then + deb-systemd-helper unmask 'sudo-ldap.service' || true + fi ;; remove|upgrade|deconfigure) diff -Nru sudo-1.9.5p2/debian/sudo-ldap.preinst sudo-1.9.9/debian/sudo-ldap.preinst --- sudo-1.9.5p2/debian/sudo-ldap.preinst 2018-09-19 09:13:32.000000000 +0000 +++ sudo-1.9.9/debian/sudo-ldap.preinst 2022-08-03 07:22:17.000000000 +0000 @@ -1,4 +1,6 @@ -#!/bin/sh -e +#!/bin/sh + +set -e case "$1" in install|upgrade) diff -Nru sudo-1.9.5p2/debian/sudo-ldap.sudo-ldap.init sudo-1.9.9/debian/sudo-ldap.sudo-ldap.init --- sudo-1.9.5p2/debian/sudo-ldap.sudo-ldap.init 2018-09-19 09:13:32.000000000 +0000 +++ sudo-1.9.9/debian/sudo-ldap.sudo-ldap.init 1970-01-01 00:00:00.000000000 +0000 @@ -1,44 +0,0 @@ -#! /bin/sh - -### BEGIN INIT INFO -# Provides: sudo-ldap -# Required-Start: $local_fs $remote_fs -# Required-Stop: -# X-Start-Before: rmnologin -# Default-Start: 2 3 4 5 -# Default-Stop: -# Short-Description: Provide limited super user privileges to specific users -# Description: Provide limited super user privileges to specific users. -### END INIT INFO - -. /lib/lsb/init-functions - -N=/etc/init.d/sudo-ldap - -set -e - -case "$1" in - start) - # make sure privileges don't persist across reboots - # if the /run/sudo directory doesn't exist, let's create it with the - # correct permissions and SELinux label - if [ -d /run/sudo ] - then - find /run/sudo -exec touch -d @0 '{}' \; - else - mkdir /run/sudo /run/sudo/ts - chown root:root /run/sudo /run/sudo/ts - chmod 0711 /run/sudo - chmod 0700 /run/sudo/ts - [ -x /sbin/restorecon ] && /sbin/restorecon /run/sudo /run/sudo/ts - fi - ;; - stop|reload|restart|force-reload|status) - ;; - *) - echo "Usage: $N {start|stop|restart|force-reload|status}" >&2 - exit 1 - ;; -esac - -exit 0 diff -Nru sudo-1.9.5p2/debian/sudo-ldap.tmpfiles sudo-1.9.9/debian/sudo-ldap.tmpfiles --- sudo-1.9.5p2/debian/sudo-ldap.tmpfiles 1970-01-01 00:00:00.000000000 +0000 +++ sudo-1.9.9/debian/sudo-ldap.tmpfiles 2022-08-03 07:22:17.000000000 +0000 @@ -0,0 +1 @@ +D /run/sudo 0711 root root diff -Nru sudo-1.9.5p2/debian/sudo.dirs sudo-1.9.9/debian/sudo.dirs --- sudo-1.9.5p2/debian/sudo.dirs 2021-05-20 15:43:31.000000000 +0000 +++ sudo-1.9.9/debian/sudo.dirs 1970-01-01 00:00:00.000000000 +0000 @@ -1,10 +0,0 @@ -etc/pam.d -etc/sudoers.d -lib/systemd/system -usr/bin -usr/share/man/man8 -usr/share/man/man5 -usr/sbin -usr/share/apport/package-hooks -usr/share/doc/sudo -usr/share/lintian/overrides diff -Nru sudo-1.9.5p2/debian/sudo.docs sudo-1.9.9/debian/sudo.docs --- sudo-1.9.5p2/debian/sudo.docs 2018-09-19 09:13:32.000000000 +0000 +++ sudo-1.9.9/debian/sudo.docs 2022-08-04 10:34:35.000000000 +0000 @@ -1,5 +1,2 @@ debian/OPTIONS -doc/UPGRADE -doc/HISTORY -doc/TROUBLESHOOTING -README +README.md diff -Nru sudo-1.9.5p2/debian/sudo.install sudo-1.9.9/debian/sudo.install --- sudo-1.9.5p2/debian/sudo.install 1970-01-01 00:00:00.000000000 +0000 +++ sudo-1.9.9/debian/sudo.install 2022-08-03 07:22:17.000000000 +0000 @@ -0,0 +1,2 @@ +debian/etc/* /etc +debian/source_sudo.py /usr/share/apport/package-hooks diff -Nru sudo-1.9.5p2/debian/sudo.lintian sudo-1.9.9/debian/sudo.lintian --- sudo-1.9.5p2/debian/sudo.lintian 2021-02-15 00:09:28.000000000 +0000 +++ sudo-1.9.9/debian/sudo.lintian 1970-01-01 00:00:00.000000000 +0000 @@ -1,4 +0,0 @@ -sudo: non-standard-file-perm etc/sudoers.d/README 0440 != 0644 -sudo: setuid-binary usr/bin/sudo 4755 root/root -sudo: read-in-maintainer-script -sudo: duplicate-updaterc.d-calls-in-postinst diff -Nru sudo-1.9.5p2/debian/sudo.lintian-overrides sudo-1.9.9/debian/sudo.lintian-overrides --- sudo-1.9.5p2/debian/sudo.lintian-overrides 1970-01-01 00:00:00.000000000 +0000 +++ sudo-1.9.9/debian/sudo.lintian-overrides 2022-08-04 10:34:35.000000000 +0000 @@ -0,0 +1,21 @@ +# sudo is set-uid root by design. +sudo: elevated-privileges usr/bin/sudo 4755 root/root + +# the init script job is done by systemd-tmpfiles on systemd systems +sudo: missing-systemd-service-for-init.d-script sudo [etc/init.d/sudo] + +# a false alarm, see #204975 +sudo: package-has-unnecessary-activation-of-ldconfig-trigger + +# a false alarm +sudo: hardening-no-fortify-functions [usr/libexec/sudo/group_file.so] + +# this is a false alarm, our shared objects are all private +sudo: custom-library-search-path RUNPATH /usr/libexec/sudo [*] + +# Debian does not ship Apport. +sudo: python3-script-but-no-python3-dep /usr/bin/python3 (does not satisfy python3:any | python3-minimal:any) [*] + +# This is a film quote +sudo: spelling-error-in-binary usr/libexec/sudo/sudoers.so "allow to" "allow one to" + diff -Nru sudo-1.9.5p2/debian/sudo.manpages sudo-1.9.9/debian/sudo.manpages --- sudo-1.9.5p2/debian/sudo.manpages 2018-09-19 09:13:32.000000000 +0000 +++ sudo-1.9.9/debian/sudo.manpages 2022-08-03 07:43:57.000000000 +0000 @@ -1,3 +1 @@ -build-simple/doc/sudo.mdoc -build-simple/doc/sudoers.mdoc -build-simple/doc/visudo.mdoc +debian/sudo_root.8 diff -Nru sudo-1.9.5p2/debian/sudo.pam sudo-1.9.9/debian/sudo.pam --- sudo-1.9.5p2/debian/sudo.pam 2021-05-20 15:43:31.000000000 +0000 +++ sudo-1.9.9/debian/sudo.pam 1970-01-01 00:00:00.000000000 +0000 @@ -1,7 +0,0 @@ -#%PAM-1.0 - -session required pam_env.so readenv=1 user_readenv=0 -session required pam_env.so readenv=1 envfile=/etc/default/locale user_readenv=0 -@include common-auth -@include common-account -@include common-session-noninteractive diff -Nru sudo-1.9.5p2/debian/sudo.postinst sudo-1.9.9/debian/sudo.postinst --- sudo-1.9.5p2/debian/sudo.postinst 2018-09-19 09:13:32.000000000 +0000 +++ sudo-1.9.9/debian/sudo.postinst 2022-08-04 10:34:35.000000000 +0000 @@ -3,15 +3,17 @@ set -e # remove old link +# this was already present in 2017 if [ -L /etc/alternatives/sudo ]; then rm /etc/alternatives/sudo fi # remove legacy conffile no longer delivered +# this was added in 1.8.21p2-1 in 2017. if [ -f /etc/sudoers.dist ]; then - rm /etc/sudoers.dist + rm /etc/sudoers.dist fi # complain if no sudoers file is present @@ -28,38 +30,10 @@ # if we've gotten this far .. remove the saved, unchanged old sudoers file rm -f /etc/sudoers.pre-conffile -#DEBHELPER# - -# make sure we have a sudo group - -[ -n "`getent group sudo`" ] && exit 0 # we're finished if there is a group sudo: - -# start search with gid 27 -gid="27" -while [ -n "`getent group $gid | cut -d: -f3`" ];do - gid=`expr $gid + 1` -done - - -if [ "$gid" -ne "27" ];then - echo "On Debian we normally use gid 27 for 'sudo'." - gname="`getent group 27 | cut -d: -f1`" - echo "However, on your system gid 27 is group '$gname'." - echo "" - echo "Would you like me to stop configuring sudo so that you can change this?"; - while true;do - echo -n "(Enter 'yes' to stop, enter to continue): " - read ans - [ "$ans" = "" ] && break - if [ "$ans" = "yes" -o "$ans" = "YES" ];then - echo "'dpkg --pending --configure' will restart the configuration." - exit 1; - fi - echo "Please enter exactly 'yes' to stop, or press the enter key to continue without stopping" - done +# the sysv init script just creates the directories in /run. This must not +# be done on systemd systems, we use systemd-tmpfiles for that +if [ -x "/usr/bin/deb-systemd-helper" ]; then + deb-systemd-helper mask 'sudo.service' || true fi -echo "Creating group 'sudo' with gid = $gid"; -groupadd -g $gid sudo - -echo "" +#DEBHELPER# diff -Nru sudo-1.9.5p2/debian/sudo.postrm sudo-1.9.9/debian/sudo.postrm --- sudo-1.9.5p2/debian/sudo.postrm 2018-09-19 09:13:32.000000000 +0000 +++ sudo-1.9.9/debian/sudo.postrm 2022-08-04 10:34:35.000000000 +0000 @@ -1,9 +1,14 @@ -#!/bin/sh -e +#!/bin/sh + +set -e case "$1" in purge) rm -rf /var/lib/sudo rm -rf /run/sudo + if [ -x "/usr/bin/deb-systemd-helper" ]; then + deb-systemd-helper unmask 'sudo.service' || true + fi ;; remove|upgrade|deconfigure) diff -Nru sudo-1.9.5p2/debian/sudo.preinst sudo-1.9.9/debian/sudo.preinst --- sudo-1.9.5p2/debian/sudo.preinst 2018-09-19 09:13:32.000000000 +0000 +++ sudo-1.9.9/debian/sudo.preinst 2022-08-03 07:22:17.000000000 +0000 @@ -1,4 +1,6 @@ -#!/bin/sh -e +#!/bin/sh + +set -e case "$1" in install|upgrade) diff -Nru sudo-1.9.5p2/debian/sudo.prerm sudo-1.9.9/debian/sudo.prerm --- sudo-1.9.5p2/debian/sudo.prerm 2018-09-19 09:13:32.000000000 +0000 +++ sudo-1.9.9/debian/sudo.prerm 2022-08-04 10:34:35.000000000 +0000 @@ -10,6 +10,8 @@ passwd1=$(echo "$passwd" |cut -c1) # Note: we do need the 'xfoo' syntax here, since POSIX special-cases # the $passwd value '!' as negation. + # todo: don't error out here if AUTOPKGTEST_TMP is set, in autopkgtest + # we must be able to replace sudo with sudo-ldap non-interactively if [ "x$passwd" = "x*" ] || [ "x$passwd1" = "x!" ]; then # yup, password is locked echo "You have asked that the sudo package be removed," diff -Nru sudo-1.9.5p2/debian/sudo.sudo.init sudo-1.9.9/debian/sudo.sudo.init --- sudo-1.9.5p2/debian/sudo.sudo.init 2018-09-19 09:13:32.000000000 +0000 +++ sudo-1.9.9/debian/sudo.sudo.init 1970-01-01 00:00:00.000000000 +0000 @@ -1,44 +0,0 @@ -#! /bin/sh - -### BEGIN INIT INFO -# Provides: sudo -# Required-Start: $local_fs $remote_fs -# Required-Stop: -# X-Start-Before: rmnologin -# Default-Start: 2 3 4 5 -# Default-Stop: -# Short-Description: Provide limited super user privileges to specific users -# Description: Provide limited super user privileges to specific users. -### END INIT INFO - -. /lib/lsb/init-functions - -N=/etc/init.d/sudo - -set -e - -case "$1" in - start) - # make sure privileges don't persist across reboots - # if the /run/sudo directory doesn't exist, let's create it with the - # correct permissions and SELinux label - if [ -d /run/sudo ] - then - find /run/sudo -exec touch -d @0 '{}' \; - else - mkdir /run/sudo /run/sudo/ts - chown root:root /run/sudo /run/sudo/ts - chmod 0711 /run/sudo - chmod 0700 /run/sudo/ts - [ -x /sbin/restorecon ] && /sbin/restorecon /run/sudo /run/sudo/ts - fi - ;; - stop|reload|restart|force-reload|status) - ;; - *) - echo "Usage: $N {start|stop|restart|force-reload|status}" >&2 - exit 1 - ;; -esac - -exit 0 diff -Nru sudo-1.9.5p2/debian/sudo.tmpfiles sudo-1.9.9/debian/sudo.tmpfiles --- sudo-1.9.5p2/debian/sudo.tmpfiles 1970-01-01 00:00:00.000000000 +0000 +++ sudo-1.9.9/debian/sudo.tmpfiles 2022-08-03 07:22:17.000000000 +0000 @@ -0,0 +1 @@ +D /run/sudo 0711 root root diff -Nru sudo-1.9.5p2/debian/sudoers sudo-1.9.9/debian/sudoers --- sudo-1.9.5p2/debian/sudoers 2021-05-20 15:43:31.000000000 +0000 +++ sudo-1.9.9/debian/sudoers 1970-01-01 00:00:00.000000000 +0000 @@ -1,30 +0,0 @@ -# -# This file MUST be edited with the 'visudo' command as root. -# -# Please consider adding local content in /etc/sudoers.d/ instead of -# directly modifying this file. -# -# See the man page for details on how to write a sudoers file. -# -Defaults env_reset -Defaults mail_badpass -Defaults secure_path="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/snap/bin" - -# Host alias specification - -# User alias specification - -# Cmnd alias specification - -# User privilege specification -root ALL=(ALL:ALL) ALL - -# Members of the admin group may gain root privileges -%admin ALL=(ALL) ALL - -# Allow members of group sudo to execute any command -%sudo ALL=(ALL:ALL) ALL - -# See sudoers(5) for more information on "@include" directives: - -@includedir /etc/sudoers.d diff -Nru sudo-1.9.5p2/debian/tests/01-getroot sudo-1.9.9/debian/tests/01-getroot --- sudo-1.9.5p2/debian/tests/01-getroot 1970-01-01 00:00:00.000000000 +0000 +++ sudo-1.9.9/debian/tests/01-getroot 2022-08-04 10:34:35.000000000 +0000 @@ -0,0 +1,100 @@ +#!/bin/sh + +set -e + +# set a root password so that we can later replace sudo with sudo-ldap +passwd=$(getent shadow root|cut -f2 -d:) +passwd1=$(echo "$passwd" |cut -c1) +# Note: we do need the 'xfoo' syntax here, since POSIX special-cases +# the $passwd value '!' as negation. +if [ "x$passwd" = "x*" ] || [ "x$passwd1" = "x!" ]; then + echo "root:rootpassword" | chpasswd +fi + +TESTNR="01" +BASEDIR="$(pwd)/debian/tests" +COMMONDIR="${BASEDIR}/common" +DIR="${BASEDIR}/${TESTNR}" +PATH="/bin:/usr/bin:/sbin:/usr/sbin" +ACCTA="test${TESTNR}a" +ACCTB="test${TESTNR}b" +PASSWD="test${TESTNR}23456" +HOMEDIRA="/home/${ACCTA}" +HOMEDIRB="/home/${ACCTB}" +LDIFDIR="${DIR}/ldif" + +trap ' + printf "\ntrap handler\n" + deluser --remove-home "${ACCTA}" || true + deluser --remove-home "${ACCTB}" || true +' 0 INT QUIT ABRT PIPE TERM + +printf > /etc/hosts "127.0.1.1 %s\n" "$(hostname)" +cat /etc/hosts + +printf "========= test %s\.1: account group member, correct password\n" "${TESTNR}" +deluser ${ACCTA} 2>/dev/null || true +adduser --disabled-password --home "${HOMEDIRA}" --gecos "" "${ACCTA}" +printf "%s:%s\n" "${ACCTA}" "${PASSWD}" | chpasswd +adduser "${ACCTA}" sudo +RET=0 +printf "trying %s with correct password\n" "${ACCTA}" +su - "${ACCTA}" -c "${COMMONDIR}/asuser ${PASSWD}" || RET=$? +printf "%s with correct password, return value %s\n" "${ACCTA}" "${RET}" +if [ "$(cat ${HOMEDIRA}/stdout)" != "0" ]; then + echo >&2 id -u did not give 0 + printf >&2 "stdout:\n" + cat >&2 ${HOMEDIRA}/stdout + printf >&2 "stderr:\n" + cat >&2 ${HOMEDIRA}/stderr + printf >&2 "exit code %s\n" "${RET}" + printf >&2 "exit 1\n" "${RET}" + exit 1 +fi + +printf "========= test %s\.2: account group member, wrong password\n" "${TESTNR}" +rm -f "${HOMEDIRA}/std*" +RET=0 +printf "trying %s with wrong password\n" "${ACCTA}" +su - "${ACCTA}" -c "${COMMONDIR}/asuser wrongpasswd" || RET=$? +printf "%s with wrong password, return value %s\n" "${ACCTA}" "${RET}" +head -n-0 ${HOMEDIRA}/stdout ${HOMEDIRA}/stderr +printf -- "\n-------\n" +for string in "[sudo] password for ${ACCTA}" "Sorry, try again" "sudo: no password was provided" "sudo: 1 incorrect password attempt"; do + if ! grep -F "${string}" ${HOMEDIRA}/stderr; then + printf "%s missing in stderr output\n" "${string}" + printf >&2 "stdout:\n" + cat >&2 ${HOMEDIRA}/stdout + printf >&2 "stderr:\n" + cat >&2 ${HOMEDIRA}/stderr + printf >&2 "\nexit code %s\n" "${RET}" + printf >&2 -- "------\n exit 1\n" + exit 1 + fi +done + +printf "========= test %s\.3: account not group member, correct password\n" "${TESTNR}" +deluser ${ACCTB} 2>/dev/null || true +adduser --disabled-password --home "${HOMEDIRB}" --gecos "" "${ACCTB}" +printf "%s:%s\n" "${ACCTB}" "${PASSWD}" | chpasswd +RET=0 +printf "trying %s (no sudo membership) with correct password\n" "${ACCTB}" +su - "${ACCTB}" -c "${COMMONDIR}/asuser ${PASSWD}" || RET=$? +printf "%s with correct password, return value %s\n" "${ACCTB}" "${RET}" +head -n-0 ${HOMEDIRB}/stdout ${HOMEDIRA}/stderr +printf -- "\n-------\n" +for string in "[sudo] password for ${ACCTB}" "${ACCTB} is not in the sudoers file"; do + if ! grep -F "${string}" ${HOMEDIRB}/stderr; then + printf "%s missing in stderr output\n" "${string}" + printf >&2 "stdout:\n" + cat >&2 ${HOMEDIRB}/stdout + printf >&2 "stderr:\n" + cat >&2 ${HOMEDIRB}/stderr + printf >&2 "\nexit code %s\n" "${RET}" + printf >&2 -- "------\n exit 1\n" + exit 1 + fi +done + +printf "test series sucessful, exit 0\n" +exit 0 diff -Nru sudo-1.9.5p2/debian/tests/02-1003969-audit-no-resolve sudo-1.9.9/debian/tests/02-1003969-audit-no-resolve --- sudo-1.9.5p2/debian/tests/02-1003969-audit-no-resolve 1970-01-01 00:00:00.000000000 +0000 +++ sudo-1.9.9/debian/tests/02-1003969-audit-no-resolve 2022-08-03 07:22:17.000000000 +0000 @@ -0,0 +1,43 @@ +#!/bin/sh + +set -e + +TESTNR="02" +BASEDIR="$(pwd)/debian/tests" +COMMONDIR="${BASEDIR}/common" +DIR="${BASEDIR}/${TESTNR}" +PATH="/bin:/usr/bin:/sbin:/usr/sbin" +ACCTA="test${TESTNR}a" +ACCTB="test${TESTNR}b" +PASSWD="test${TESTNR}23456" +HOMEDIRA="/root" +LDIFDIR="${DIR}/ldif" + +trap ' + printf "\ntrap handler\n" + mv /etc/resolv.conf.disabled /etc/resolv.conf || true + mv /etc/hosts.disabled /etc/hosts || true +' 0 INT QUIT ABRT PIPE TERM + +printf "========= test %s\.1: sudo to nobody\n" "${TESTNR}" +mv /etc/resolv.conf /etc/resolv.conf.disabled +mv /etc/hosts /etc/hosts.disabled +RET=0 +printf "trying sudo to nobody\n" +cd "${HOMEDIRA}" +${COMMONDIR}/asuser "" nobody || RET=$? +printf "sudo to nobody, return value %s\n" "${RET}" +STDERRLENGTH="$(cat ${HOMEDIRA}/stderr | grep -vE 'sudo: unable to resolve host [^:]+: Temporary failure in name resolution' | wc -l)" +if [ "${STDERRLENGTH}" != "0" ]; then + echo >&2 non-empty stderr + printf >&2 "stdout:\n" + cat >&2 ${HOMEDIRA}/stdout + printf >&2 "stderr:\n" + cat >&2 ${HOMEDIRA}/stderr + printf >&2 "exit code %s\n" "${RET}" + printf >&2 "exit 1\n" "${RET}" + exit 1 +fi + +printf "test series sucessful, exit 0\n" +exit 0 diff -Nru sudo-1.9.5p2/debian/tests/03/ldif/container.ldif sudo-1.9.9/debian/tests/03/ldif/container.ldif --- sudo-1.9.5p2/debian/tests/03/ldif/container.ldif 1970-01-01 00:00:00.000000000 +0000 +++ sudo-1.9.9/debian/tests/03/ldif/container.ldif 2022-08-03 07:22:17.000000000 +0000 @@ -0,0 +1,5 @@ +dn: ou=SUDOers,dc=example,dc=com +objectClass: top +objectClass: organizationalUnit +ou: SUDOers + diff -Nru sudo-1.9.5p2/debian/tests/03/ldif/debconf sudo-1.9.9/debian/tests/03/ldif/debconf --- sudo-1.9.5p2/debian/tests/03/ldif/debconf 1970-01-01 00:00:00.000000000 +0000 +++ sudo-1.9.9/debian/tests/03/ldif/debconf 2022-08-03 07:22:17.000000000 +0000 @@ -0,0 +1,16 @@ +slapd slapd/password1 password ldappw +slapd slapd/password2 password ldappw +slapd slapd/internal/adminpw password ldappw +slapd slapd/internal/generated_adminpw password ldappw +slapd slapd/password_mismatch note +slapd slapd/domain string example.com +slapd slapd/dump_database_destdir string /var/backups/slapd-VERSION +slapd slapd/purge_database boolean true +slapd slapd/dump_database select when needed +slapd slapd/no_configuration boolean false +slapd slapd/ppolicy_schema_needs_update select abort installation +slapd slapd/invalid_config boolean false +slapd shared/organization string example.com +slapd slapd/move_old_database boolean true +slapd slapd/unsafe_selfwrite_acl note + diff -Nru sudo-1.9.5p2/debian/tests/03/ldif/sudoers.ldif sudo-1.9.9/debian/tests/03/ldif/sudoers.ldif --- sudo-1.9.5p2/debian/tests/03/ldif/sudoers.ldif 1970-01-01 00:00:00.000000000 +0000 +++ sudo-1.9.9/debian/tests/03/ldif/sudoers.ldif 2022-08-03 07:22:17.000000000 +0000 @@ -0,0 +1,32 @@ +dn: cn=defaults,ou=SUDOers,dc=example,dc=com +objectClass: top +objectClass: sudoRole +cn: defaults +description: Default sudoOption's go here +sudoOption: env_reset +sudoOption: mail_badpass +sudoOption: secure_path=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin +sudoOption: use_pty + +dn: cn=root,ou=SUDOers,dc=example,dc=com +objectClass: top +objectClass: sudoRole +cn: root +sudoUser: root +sudoHost: ALL +sudoRunAsUser: ALL +sudoRunAsGroup: ALL +sudoCommand: ALL +sudoOrder: 1 + +dn: cn=%sudo,ou=SUDOers,dc=example,dc=com +objectClass: top +objectClass: sudoRole +cn: %sudo +sudoUser: %sudo +sudoHost: ALL +sudoRunAsUser: ALL +sudoRunAsGroup: ALL +sudoCommand: ALL +sudoOrder: 2 + diff -Nru sudo-1.9.5p2/debian/tests/03-getroot-ldap sudo-1.9.9/debian/tests/03-getroot-ldap --- sudo-1.9.5p2/debian/tests/03-getroot-ldap 1970-01-01 00:00:00.000000000 +0000 +++ sudo-1.9.9/debian/tests/03-getroot-ldap 2022-08-04 10:34:35.000000000 +0000 @@ -0,0 +1,125 @@ +#!/bin/sh + +set -e + +TESTNR="03" +BASEDIR="$(pwd)/debian/tests" +COMMONDIR="${BASEDIR}/common" +DIR="${BASEDIR}/${TESTNR}" +PATH="/bin:/usr/bin:/sbin:/usr/sbin" +ACCTA="test${TESTNR}a" +ACCTB="test${TESTNR}b" +PASSWD="test${TESTNR}23456" +HOMEDIRA="/home/${ACCTA}" +HOMEDIRB="/home/${ACCTB}" +LDIFDIR="${DIR}/ldif" + +trap ' + printf "\ntrap handler\n" + kill $(pidof slapd) + deluser --remove-home "${ACCTA}" || true + deluser --remove-home "${ACCTB}" || true + mv /etc/disabled.sudoers /etc/sudoers || true +' 0 INT QUIT ABRT PIPE TERM + +if ! grep -q '^slapd: ALL' /etc/hosts.allow; then + echo "slapd: ALL" >> /etc/hosts.allow +fi + +< ${LDIFDIR}/debconf debconf-set-selections +rm -rf /var/lib/ldap/*.mdb +DEBIAN_FRONTEND=noninteractive dpkg-reconfigure -pcritical slapd 2>/dev/null +if ! grep -q '^slapd: ALL$' /etc/hosts.allow; then + echo "slapd: ALL" >> /etc/hosts.allow +fi +slapd -h 'ldap://127.0.0.1:11389/ ldapi:///' -g openldap -u openldap -F /etc/ldap/slapd.d +echo "URI ldap://127.0.0.1:11389" > /etc/ldap/ldap.conf +# ldapsearch -x -LLL -s base -b "" namingContexts should work here +< /usr/share/doc/sudo-ldap/schema.olcSudo ldapadd -Y EXTERNAL -H ldapi:/// 2>/dev/null +< ${LDIFDIR}/container.ldif ldapadd -x -D 'cn=admin,dc=example,dc=com' -w ldappw 2>/dev/null +if ! grep -q '^sudoers: ldap$' /etc/nsswitch.conf; then + sed -i '/^sudoers.*/d' /etc/nsswitch.conf + echo "sudoers: ldap" >> /etc/nsswitch.conf +fi +touch /etc/ldap/ldap.conf +if ! grep -q '^sudoers_base ou=SUDOers,dc=example,dc=com' /etc/ldap/ldap.conf; then + echo "sudoers_base ou=SUDOers,dc=example,dc=com" >> /etc/ldap/ldap.conf +fi +# #1001851 +DEBIAN_FRONTEND=noninteractive dpkg-reconfigure -pcritical sudo-ldap 2>/dev/null +cat /etc/sudoers +cvtsudoers -b ou=SUDOers,dc=example,dc=com -o ${LDIFDIR}/sudoers.ldif /etc/sudoers +cat ${LDIFDIR}/sudoers.ldif +< ${LDIFDIR}/sudoers.ldif ldapadd -x -D 'cn=admin,dc=example,dc=com' -w ldappw +# ldapsearch -x -LLL -b "ou=SUDOers,dc=example,dc=com" should work here +mv /etc/sudoers /etc/disabled.sudoers + + +printf "========= test %s\.1: account group member, correct password\n" "${TESTNR}" +printf > /etc/hosts "127.0.1.1 %s\n" "$(hostname)" +deluser ${ACCTA} 2>/dev/null || true +adduser --disabled-password --home "${HOMEDIRA}" --gecos "" "${ACCTA}" +printf "%s:%s\n" "${ACCTA}" "${PASSWD}" | chpasswd +adduser "${ACCTA}" sudo +RET=0 +printf "trying %s with correct password\n" "${ACCTA}" +su - "${ACCTA}" -c "${COMMONDIR}/asuser ${PASSWD}" || RET=$? +printf "%s with correct password, return value %s\n" "${ACCTA}" "${RET}" +if [ "$(cat ${HOMEDIRA}/stdout)" != "0" ]; then + printf >&2 "id -u did not give 0\n" + printf >&2 "stdout:\n" + cat >&2 ${HOMEDIRA}/stdout + printf >&2 "stderr:\n" + cat >&2 ${HOMEDIRA}/stderr + printf >&2 "exit code %s\n" "${RET}" + printf >&2 "exit 1\n" "${RET}" + exit 1 +fi + +printf "========= test %s\.2: account group member, wrong password\n" "${TESTNR}" +rm -f "${HOMEDIRA}/std*" +RET=0 +printf "trying %s with wrong password\n" "${ACCTA}" +su - "${ACCTA}" -c "${COMMONDIR}/asuser wrongpasswd" || RET=$? +printf "%s with wrong password, return value %s\n" "${ACCTA}" "${RET}" +head -n-0 ${HOMEDIRA}/stdout ${HOMEDIRA}/stderr +printf -- "\n-------\n" +for string in "[sudo] password for ${ACCTA}" "Sorry, try again" "sudo: no password was provided" "sudo: 1 incorrect password attempt"; do + if ! grep -F "${string}" ${HOMEDIRA}/stderr; then + printf "%s missing in stderr output\n" "${string}" + printf >&2 "stdout:\n" + cat >&2 ${HOMEDIRA}/stdout + printf >&2 "stderr:\n" + cat >&2 ${HOMEDIRA}/stderr + printf >&2 "\nexit code %s\n" "${RET}" + printf >&2 -- "------\n exit 1\n" + exit 1 + fi +done + +printf "========= test %s\.3: account not group member, correct password\n" "${TESTNR}" +deluser ${ACCTB} 2>/dev/null || true +adduser --disabled-password --home "${HOMEDIRB}" --gecos "" "${ACCTB}" +printf "%s:%s\n" "${ACCTB}" "${PASSWD}" | chpasswd +RET=0 +printf "trying %s (no sudo membership) with correct password\n" "${ACCTB}" +su - "${ACCTB}" -c "${COMMONDIR}/asuser ${PASSWD}" || RET=$? +printf "%s with correct password, return value %s\n" "${ACCTB}" "${RET}" +head -n-0 ${HOMEDIRB}/stdout ${HOMEDIRB}/stderr +printf -- "\n-------\n" +for string in "[sudo] password for ${ACCTB}" "${ACCTB} is not allowed to run sudo on"; do + if ! grep -F "${string}" ${HOMEDIRB}/stderr; then + printf "%s missing in stderr output\n" "${string}" + printf >&2 "stdout:\n" + cat >&2 ${HOMEDIRB}/stdout + printf >&2 "stderr:\n" + cat >&2 ${HOMEDIRB}/stderr + printf >&2 "\nexit code %s\n" "${RET}" + printf >&2 -- "------\n exit 1\n" + exit 1 + fi +done + +printf "test series sucessful, exit 0\n" +exit 0 + diff -Nru sudo-1.9.5p2/debian/tests/common/asuser sudo-1.9.9/debian/tests/common/asuser --- sudo-1.9.5p2/debian/tests/common/asuser 1970-01-01 00:00:00.000000000 +0000 +++ sudo-1.9.9/debian/tests/common/asuser 2022-08-03 07:22:17.000000000 +0000 @@ -0,0 +1,7 @@ +#!/bin/bash + +set -e + +echo "${1:-}" | sudo -u "${2:-root}" --stdin id -u > "${3:-stdout}" 2> "${4:-stderr}" + + diff -Nru sudo-1.9.5p2/debian/tests/control sudo-1.9.9/debian/tests/control --- sudo-1.9.5p2/debian/tests/control 1970-01-01 00:00:00.000000000 +0000 +++ sudo-1.9.9/debian/tests/control 2022-08-04 10:34:35.000000000 +0000 @@ -0,0 +1,16 @@ +Tests: 01-getroot +Depends: sudo, adduser +Restrictions: needs-root + +Tests: 02-1003969-audit-no-resolve +Depends: sudo +Restrictions: needs-root + +# We cannot add 'sudo-ldap' as a Depends: as there is a removal conflict with +# 'sudo' in Ubuntu and we need to pass the SUDO_FORCE_REMOVE env var to avoid +# this. Removing sudo conflicts with autopkgtest-virt-ssh, so we skip this test +# (except for armhf/LXD containers). Needs more investigation... +Test-Command: systemd-detect-virt -q --container || exit 77; env SUDO_FORCE_REMOVE=yes apt-get -y install sudo-ldap && debian/tests/03-getroot-ldap +Depends: adduser, slapd, ldap-utils +Restrictions: needs-root, skippable +Features: test-name=03-getroot-ldap diff -Nru sudo-1.9.5p2/debian/tests/ldif/container.ldif sudo-1.9.9/debian/tests/ldif/container.ldif --- sudo-1.9.5p2/debian/tests/ldif/container.ldif 1970-01-01 00:00:00.000000000 +0000 +++ sudo-1.9.9/debian/tests/ldif/container.ldif 2022-08-03 07:22:17.000000000 +0000 @@ -0,0 +1,5 @@ +dn: ou=SUDOers,dc=example,dc=com +objectClass: top +objectClass: organizationalUnit +ou: SUDOers + diff -Nru sudo-1.9.5p2/debian/tests/ldif/debconf sudo-1.9.9/debian/tests/ldif/debconf --- sudo-1.9.5p2/debian/tests/ldif/debconf 1970-01-01 00:00:00.000000000 +0000 +++ sudo-1.9.9/debian/tests/ldif/debconf 2022-08-03 07:22:17.000000000 +0000 @@ -0,0 +1,16 @@ +slapd slapd/password1 password ldappw +slapd slapd/password2 password ldappw +slapd slapd/internal/adminpw password ldappw +slapd slapd/internal/generated_adminpw password ldappw +slapd slapd/password_mismatch note +slapd slapd/domain string example.com +slapd slapd/dump_database_destdir string /var/backups/slapd-VERSION +slapd slapd/purge_database boolean true +slapd slapd/dump_database select when needed +slapd slapd/no_configuration boolean false +slapd slapd/ppolicy_schema_needs_update select abort installation +slapd slapd/invalid_config boolean false +slapd shared/organization string example.com +slapd slapd/move_old_database boolean true +slapd slapd/unsafe_selfwrite_acl note + diff -Nru sudo-1.9.5p2/debian/upstream/signing-key.asc sudo-1.9.9/debian/upstream/signing-key.asc --- sudo-1.9.5p2/debian/upstream/signing-key.asc 2021-05-20 15:43:31.000000000 +0000 +++ sudo-1.9.9/debian/upstream/signing-key.asc 2022-08-03 07:22:17.000000000 +0000 @@ -1,27 +1,51 @@ -pub 1024D/7EE470C4 2002-10-02 Todd C. Miller -Key fingerprint = CCB2 4BE9 E948 1B15 D341 5953 5A89 DFA2 7EE4 70C4 - -----BEGIN PGP PUBLIC KEY BLOCK----- -Version: GnuPG v1.4.13 (OpenBSD) -mQGiBD2bdiURBACyoSsYq9t8jiLnhABRZcgDP2vaoJoGJD3eb9HNsv2+0IrcHaut -s1QR1AY88AGTMnQTFWjH1vIXz/YCKnvgqklfbVCMehvkOUKvGv2eP7IkmWvVPIQb -kayHCtChOKW86hqxZXyT8sbBJqHGHq7xBbg71uZ/CSaTY3ATencRX+UndwCg6ujz -FFQhKoVwnPdYPkYA10kp2UsD/2Act3O9UJabaln5MLqLQrxo1Cqa3+ht4liAAOr3 -psMPcieyIULQ4yE19Jvb90s2sao88BUPVeDxBHV/nhcNQxlH4Boc+kWtU36XSxU3 -yrUhZDQIvrM4o1yCSgNSwUM88+qYm6ETAT0sZAiFT9biMjsT4Bw13KihyYtE2L36 -LdXOA/9MEH8zWRqUjQMt4X1yKTjwmIotAd9xetVNj+4lfTgmsnlZoex7T94Id0+B -FDDSj4gpQ7GpFa0qOQgTyaUo5HgoPFw4F9TjebWiyey2SznIw4960KoAwfSTdSOG -GoD96xuBsmQGCfdIFW43SJngXKiOpF/3VHoUxGYhTefOSGHAvLQqVG9kZCBDLiBN -aWxsZXIgPFRvZGQuTWlsbGVyQGNvdXJ0ZXNhbi5jb20+iFkEExECABkFAj2bdiUE -CwcDAgMVAgMDFgIBAh4BAheAAAoJEFqJ36J+5HDEQigAoLdD+y5EQzvogb6oybhC -pBBmefqYAKDGlnXX7JNBJYBv/r5TBg4+zLOOL7kBDQQ9m3YnEAQAzhN0fOfOz3+z -m0rHJ+hCW06ME9W1UWTgPdkh6izMO29j5tsq7MDOEoiBA8fGNV9+1nqXS3PWsYpP -qnm+Yx/8zHPsepiOWe3UaJruBfFT8BlGSzN6p9aO1liQOnv57XouRab5tUFZPDM7 -ADHGAlruyvZjzywj/v6FWNoY6DLiqosAAwUEAKSap7csw/skFED0lF/lsllvmRa7 -4kd/lEYGPB62Cyau/4nucrnZrBNP7wSIdpCLzQxq6l/j/vP5aUV8qN2W6+DY1CZA -rodtZKPUNGHCdop9ZcskEx6eOG2ivYpgn0z6scoXUJ4g5kCSshzPedG4DOLHFMtE -hVDWxnHdtn0UFCntiEYEGBECAAYFAj2bdicACgkQWonfon7kcMTOeACgmCPD1Is5 -KhRmc+7kY4ILfdUX5OUAn2mdSBk/pObAfpdPzasJT7QxIQFL -=3GDW +mQINBFokaiQBEADMmTjkUBpTgLLiv85lz0UGmgVj39si2Gd3RC2/qz3UmHhS0qnL +4x3LejZQOifaevT3wIgOjU+YtyHleW2lZp0a/ndtFgXHeVJTQ12Ej5NbOHBFECWk +WyXj1Rv/vBopI7OxERjAjoUQLSu6nsksclYoO0pZywm+K17os1i5Qbi0djdYjHT5 +Asiqnef5g02a8DJzQCq37VM046gFRhnp/unJoi4iexpjH/HL4tlRO7/3pDwV6MFV +WDhNcrlP6AnmSzYbFv8Nt4MsbWU0oYa1TtRmuqxn5R/Lb9i4Uj793qZz3I/cDqv7 +8kd3lRJ5TbjXR1D2alhGVP6+0KWOKd5rpDSwYNojwKdVI6faJUOjRRSHGmZiNYFW +p5UXDQUeFXmzEFWaXgIXbmH0SqpVkKvwhH/sn0G3ryLXnPizjM3RSmoxSzpJNTHB +FGPBLd9eJ724IvF5Qigo8IdpPTZUv7EHmK2va97nH+AK7HDAPWTsOpM49CZXy1xz +9N8Be3I8ayUgMO6aVuAKpQFGEpuNGq+DCvyUOyVa5jeEf50wWHXBMPlVjdZK/46a +NKmg9YyGDmZn1YIGeAc6mhW0yM/+vvz9Wof5+RHHOBbVmAI7e7Mm7gR6xLZ0zty9 +FdPtEvxPnzzPIBjStPxvFr3j/9maW7iJNX1c/FTqXY+VAfUy7mpvrEZrGQARAQAB +tCRUb2RkIEMuIE1pbGxlciA8VG9kZC5NaWxsZXJAc3Vkby53cz6JAk4EEwEIADgW +IQRZ0enMuis3ZwT901up9MAhzqRw+wUCWiRqJAIbAwULCQgHAwUVCgkICwUWAgMB +AAIeAQIXgAAKCRCp9MAhzqRw+5TmEACtyNWwMIfo/0okILNHryc61nA96XznSsQS +9u5AaRN06l6dp+1ix7FrSlXvCq1Oq7kajsF8Nnq9y2r7Os9ZsZSwGF1JGTt/qBT8 +N+Y+pEIe7igTSxv3UJINuY2uQvR6y7GOmvMVHvLUAR48WXhS3w4UVlBfDx4UEuLF +ocurDsNgqYBEv3QYORUNCVMZlJg6/d8X3KpAK+Og3V13L8NjqZ546sRZub42FjJh +xNh1mKLU+Q1Y+9JmB3EMBBOTY+OAnwQJiLcW3l1RdA8d2wTQ3+CnwywJrcUm3yKw +MGgPxs8+ywol9B2G5DtXYO82Flzfzb8kHQ6JRKBFVa3dz2NZt82VIIovfEl90zvB +aEJVlNH/XH5qsVLYLHB/NZUwxxz573HSMW4YCQgZZWaZ0byjb27KYd6S7Tj/DV5u +QvVmGcRQ7sAcJoKVG3XVlm+n5XnCWXddySOtt3XZbByIAyC5iu8LuLjCauO0sUX0 +L4yKnc0e4bqCglImJGZuuOL5tLYOL7Bd/RWj2uC+dpPaol6VAefGDUv8GqKa+Y28 +FRXKVvxcQwLYLm4DA6hYV9f/0RjjPT/8VDk/dfytydhpaDnNu1nieAa5lx3/BPYP +iuLgWg4DXpfW4IIGIMaEULDOfN7xOELfbTnIru89aWc+kqdzfrMPhLwxClHg2JWr +juE+BPzMXrkCDQRaJGokARAAxGZu+BKBt8rY8lF/7wQBfrqx2nlUTvdMlmUELT3e +8Gw/z7+qArjYn+Xm7TTh490KMaATKFnDol0vfvlMXre4hyCC1/+B2qjEKiUCvVhw +mKQFNV3pmbugTlbdEnHuf5sbzU32HWb2x2L4jMcrN97CQq6qx65S05uo7TS7DM7x +PUCrGZKeXvlQVmJv0gH3symIy2ZQoLtTYyMoaDfifKLHbQfR2WSxPy7cb6mjX1jM +OD8dGGazLDGohCDpLhs4MbFTjwh1PBhFETBbAh5/ElNefpfT25w7RkPaMLiXmxTS +Qu/uugldjAsz5uQ8D39TueoeFymBOUH76dM1VewNzHxZTp0GpnOfvhtleKg/870t +NhLphf811g1HxeNM+W9oU5kY/dcFo71SHwuVzMSGU3QOuJmLso3epFsMfs5mDML8 +UT+gXZgI2gfu0VPja4ashJ6Pd+OUpH7awFNLa7CoGILpBTIN1xxUCyzk1DNkscWY +CgMUobdSEi/W59iCPlrDW5tPCfIzTA06F6WhjFKoYaM9oqBM113J9j+t4FK7gkra +o9ksF6eKaohNEiGJWRFJUwHf1jiHWafwZTAm1ZE9yuUksBbWrcEYdoak4CRcc1Ba +ZWNd4PKn9IFoFSjbe8WAGoRLcv0sNujmN+UiQ+LesIUw3QA0YWXsN9sijUxroC/C +lZMAEQEAAYkCNgQYAQgAIBYhBFnR6cy6KzdnBP3TW6n0wCHOpHD7BQJaJGokAhsM +AAoJEKn0wCHOpHD7ok0QAJSNCcZAUTmQRlhncToRg6lLqwgIDx/GLYq6F/WDYn6M +e2QalyUskpFX12qmJBlaMFHAus7bhbtyQBcEmPW9MY+HhItvRYXpKMbgEdxnMvD5 +uY+zDHiScRECH8gtZy8Uld0HiCy2aWgwt3LtVRuLu/wt5KsLq1s9zpEHQ0P9AHnz ++EWFArCHCC8FatWE47zZLDLOuMSLeS7HBSheloyTwezfdzbKnyD3JVwoTID0LP2W +o5FspqwYkIN93zRyTrlC6lmPR+TMzMsAeAh2kHpoV03z6isTO59jIqj1Nrai8fhd +4DyfnRBBjkoXJTPeTM+MFa1gdU2B8VJfoqG7Ti780Tg83Z4/H9EEdD/pHzI8ay6x +X5ABJhDnPHTPz3fKPaxwrfOJGyCvAr8qbCVql1Dp8b3sTAlWbG/Cqz7q3NhF298o +4A1EDu5IADWKOhekdjF/dutRHMCbvJKA0q4XiZu9YVYv7yysRPTicwvN9W5z7a5o +IJLCXXtetNtoFZFoUDDZjmaCA6pcbFX9FZ96b9jLNa/BKvtlCTsosJHxf9XNiSx5 +dW9wHuojr60wvLxVK/N2anvjEfYuVxlfcKjOHpJuOX7xAcOAVAWnNvY/vSZCvAo2 +azMB5NOxu2Iz3pyqARpClI6b14giASYMfWkb2Bfx2Sc44SHXcm5MxiTt51tB8i+d +=vIKA -----END PGP PUBLIC KEY BLOCK----- diff -Nru sudo-1.9.5p2/debian/watch sudo-1.9.9/debian/watch --- sudo-1.9.5p2/debian/watch 2018-09-19 09:13:32.000000000 +0000 +++ sudo-1.9.9/debian/watch 2022-08-03 07:22:17.000000000 +0000 @@ -1,2 +1,2 @@ -version=3 -opts=pgpsigurlmangle=s/$/.sig/ http://www.sudo.ws/sudo/dist/sudo-(.*)[.]tar[.]gz +version=4 +opts=pgpsigurlmangle=s/$/.sig/ https://www.sudo.ws/sudo/dist/sudo-(.*)[.]tar[.]gz diff -Nru sudo-1.9.5p2/doc/CONTRIBUTORS sudo-1.9.9/doc/CONTRIBUTORS --- sudo-1.9.5p2/doc/CONTRIBUTORS 2020-12-17 01:33:43.000000000 +0000 +++ sudo-1.9.9/doc/CONTRIBUTORS 1970-01-01 00:00:00.000000000 +0000 @@ -1,245 +0,0 @@ -The following list of people, sorted by last name, have contributed -code or patches to this implementation of sudo since I began -maintaining it in 1993. This list is known to be incomplete--if -you believe you should be listed, please send a note to sudo@sudo.ws. - - Ackeret, Matt - Adler, Mark - Allbery, Russ - Anderson, Jamie - Andrew, Nick - Andric, Dimitry - Barron, Danny - Bates, Tom - Behan, Zdeněk - Bellis, Ray - Benali, Elias - Beverly, Jamie - Boardman, Spider - Bos, Sander - Bostley, P.J. - Bowes, Keith - Boyce, Keith Garry - Brantley, Michael - Braun, Rob - Březina, Pavel - Brooks, Piete - Brown, Jerry - Burr, Michael E - Burton, Ross - Bussjaeger, Andreas - Calvin, Gary - Campbell, Aaron - Chazelas, Stephane - Cheloha, Scott - Čížek, Vítězslav - Coleman, Chris - Corzine, Deven T. - Cusack, Frank - Dai, Wei - Dill, David - Earickson, Jeff - Eckhardt, Drew - Edgington, Ben - Esipovich, Marc - Espie, Marc - Faigon, Ariel - Farrell, Brian - Fobes, Steve - Frysinger, Mike - G., Daniel Richard - Gailly, Jean-loup - Gelman, Stephen - Gerraty, Simon J. - Graber, Stephane - Guillory, B. - Hayman, Randy M. - Henke, Joachim - Hideaki, Yoshifuji - Hieb, Dave - Holloway, Nick - Hoover, Adam - Hunter, Michael T. - Hutchings, Ben - Irrgang, Eric - Jackson, Brian - Jackson, John R. - Jackson, Richard L., Jr. - Janssen, Mark - Jepeway, Chris - Jorge, Joel Peláe - Jover, Guillem - Juhani, Timo - Kikuchi, Ayamura - Kadow, Kevin - Kasal, Stepan - Kienenberger, Mike - King, Dale - King, Michael - Klyachkin, Andrey - Knoble, Jim - Knox, Tim - Komarnitsky, Alek O. - Kondrashov, Nikolai - Kopeček, Daniel - Kranenburg, Paul - Krause, David - Lakin, Eric - Larsen, Case - Levin, Dmitry V. - Libby, Kendall - Lobbes, Phillip E. - McIntyre, Jason - MacKenzie, David J. - McLaughlin, Tom - Makey, Jeff - Mallayya, Sangamesh - Manner, Róbert - Marchionna, Michael D. - Markham, Paul - Martinian, Emin - Meskes, Michael - Michael, David - Miller, Todd C. - Minier, Loïc - Moffat, Darren - Moldung, Jan Thomas - Morris, Charles - Mueller, Andreas - Müller, Dworkin - Nieusma, Jeff - Nikitser, Peter A. - Nussel, Ludwig - Orbán, László - Ouellet, Jean-Philippe - Paquet, Eric - Paradis, Chantal - Pasteleurs, Frederic - Percival, Ted - Perera, Andres - Peron, Christian S.J. - Peschel, Aaron - Peslyak, Alexander - Peterson, Toby - Pettenò, Diego Elio - Pickett, Joel - Plotnick, Alex - de Raadt, Theo - Rasch, Gudleik - Reid, Steve - Richards, Matt - Rossum, Guido van - Rouillard, John P. - Rowe, William A., Jr. - Roy, Alain - Ruusamäe, Elan - Ryabinkin, Eygene - Sato, Yuichi - Sánchez, Wilfredo - Sanders, Miguel - Sasaki, Kan - Saucier, Jean-Francois - Schoenfeld, Patrick - Schuring, Arno - Schwarze, Ingo - Scott, Dougal - Sieger, Nick - Simon, Thor Lancelot - Slemko, Marc - Smith, Andy - Sobrado, Igor - Soulen, Steven - Spangler, Aaron - Spradling, Cloyce D. - Spradling, Michael - Stier, Matthew - Stoeckmann, Tobias - Street, Russell - Stritzky, Tilo - Stroucken, Michael - Tarrall, Robert - Thomas, Matthew - Todd, Giles - Toft, Martin - Torek, Chris - Tucker, Darren - Uhl, Robert - Uzel, Petr - Valery, Reznic - Van Dinter, Theo - Venckus, Martynas - de Vries, Maarten - Wagner, Klaus - Walsh, Dan - Warburton, John - Webb, Kirk - Wetzel, Timm - Wieringen, Marco van - Wilk, Jakub - Winiger, Gary - Wood, David - Zacarias, Gustavo - Zolnowsky, John - -The following people have worked to translate sudo into -other languages as part of the Translation Project, see -https://translationproject.org for more details. - - Albuquerque, Pedro - Blättermann, Mario - Bogusz, Jakub - Buo-ren, Lin - Casagrande, Milo - Castro, Felipe - Cho, Seong-ho - Chornoivan, Yuri - Diéguez, Francisco - Fontenelle, Rafael - García-Fontes, Walter - Gezer, Volkan - Hamasaki, Takeshi - Hamming, Peter - Hansen, Joe - Hantrais, Frédéric - Hein, Jochen - Hufthammer, Karl Ove - Jerovšek, Damir - Karvonen, Jorma - Kazik, Dušan - Kelemen, Gábor - Keçeci, Mehmet - Košir, Klemen - Kozlov, Yuri - Kramer, Jakob - Krznar, Tomislav - Marchal, Frédéric - Margevičius, Algimantas - Maryanov, Pavel - Florentina Mușat - Nurmi, Lauri - Nikolić, Miroslav - Nylander, Daniel - Pan, Yi-Jyun - Písař, Petr - Puente, Enol - Putanec, Božidar - Quân, Trần Ngọc - Rasmussen, Sebastian - Regueiro, Leandro - Sarıer, Özgür - Sendón, Abel - Șerbănescu, Daniel - Sikrom, Åka - Spingos, Dimitris - Taniguchi, Yasuaki - Tomat, Fábio - Úr, Balázs - Uranga, Mikel Olasagasti - Vorotnikov, Artem - Wang, Wylmer - Yang, Boyuan - -The following people designed the artwork used on the sudo website: - - Shield logo: Badger, Trent - Sandwich logo: Stillman, Mark diff -Nru sudo-1.9.5p2/doc/HISTORY sudo-1.9.9/doc/HISTORY --- sudo-1.9.5p2/doc/HISTORY 2020-12-17 01:33:43.000000000 +0000 +++ sudo-1.9.9/doc/HISTORY 1970-01-01 00:00:00.000000000 +0000 @@ -1,76 +0,0 @@ -A Brief History of Sudo: - -The Early Years - -Sudo was first conceived and implemented by Bob Coggeshall and Cliff Spencer -around 1980 at the Department of Computer Science at SUNY/Buffalo. It ran on -a VAX-11/750 running 4.1BSD. An updated version, credited to Phil Betchel, -Cliff Spencer, Gretchen Phillips, John LoVerso and Don Gworek, was posted to -the net.sources Usenet newsgroup in December of 1985. - -Sudo at CU-Boulder - -In the Summer of 1986, Garth Snyder released an enhanced version of sudo. -For the next 5 years, sudo was fed and watered by a handful of folks at -CU-Boulder, including Bob Coggeshall, Bob Manchek, and Trent Hein. - -Root Group Sudo - -In 1991, Dave Hieb and Jeff Nieusma wrote a new version of sudo with an -enhanced sudoers format under contract to a consulting firm called "The Root -Group". This version was later released under the GNU public license. - -CU Sudo - -In 1994, after maintaining sudo informally within CU-Boulder for some time, -Todd C. Miller made a public release of "CU sudo" (version 1.3) with bug -fixes and support for more operating systems. The "CU" was added to -differentiate it from the "official" version from "The Root Group". - -In 1995, a new parser for the sudoers file was contributed by Chris Jepeway. -The new parser was a proper grammar (unlike the old one) and could work with -both sudo and visudo (previously they had slightly different parsers). - -In 1996, Todd, who had been maintaining sudo for several years in his spare -time, moved distribution of sudo from a CU-Boulder ftp site to his domain, -courtesan.com. - -Just Plain Sudo - -In 1999, the "CU" prefix was dropped from the name since there had been no -formal release of sudo from "The Root Group" since 1991 (the original -authors now work elsewhere). As of version 1.6, Sudo no longer contains any -of the original "Root Group" code and is available under an ISC-style -license. - -In 2001, the sudo web site, ftp site and mailing lists were moved from -courtesan.com to the sudo.ws domain (sudo.org was already taken). - -LDAP Integration - -In 2003, Nationwide Mutual Insurance Company contributed code written by -Aaron Spangler to store the sudoers data in LDAP. These changes were -incorporated into Sudo 1.6.8. - -New Parser - -In 2005, Todd rewrote the sudoers parser to better support the features that -had been added in the past ten years. This new parser removes some -limitations of the previous one, removes ordering constraints and adds -support for including multiple sudoers files. - -Quest Sponsorship - -In 2010, Quest Software began sponsoring Sudo development by hiring -Todd to work on Sudo as part of his full-time job. This enabled -the addition of I/O logging, the plugin interface, additional -regression tests, support for binary packages and more regular -releases. - -Present Day - -Sudo, in its current form, is maintained by: - - Todd C. Miller - -Todd continues to enhance sudo and fix bugs. diff -Nru sudo-1.9.5p2/doc/LICENSE sudo-1.9.9/doc/LICENSE --- sudo-1.9.5p2/doc/LICENSE 2021-01-09 20:12:16.000000000 +0000 +++ sudo-1.9.9/doc/LICENSE 1970-01-01 00:00:00.000000000 +0000 @@ -1,347 +0,0 @@ -Sudo is distributed under the following license: - - Copyright (c) 1994-1996, 1998-2021 - Todd C. Miller - - Permission to use, copy, modify, and distribute this software for any - purpose with or without fee is hereby granted, provided that the above - copyright notice and this permission notice appear in all copies. - - THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES - WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF - MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR - ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES - WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN - ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF - OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. - - Sponsored in part by the Defense Advanced Research Projects - Agency (DARPA) and Air Force Research Laboratory, Air Force - Materiel Command, USAF, under agreement number F39502-99-1-0512. - -The Python plugin bindings bear the following license: - - Copyright (c) 2019-2020 Robert Manner - - Permission to use, copy, modify, and distribute this software for any - purpose with or without fee is hereby granted, provided that the above - copyright notice and this permission notice appear in all copies. - - THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES - WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF - MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR - ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES - WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN - ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF - OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. - -The files hostcheck.c and hostcheck.h bear the following license: - - Copyright (c) 2020 Laszlo Orban - - Permission to use, copy, modify, and distribute this software for any - purpose with or without fee is hereby granted, provided that the above - copyright notice and this permission notice appear in all copies. - - THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES - WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF - MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR - ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES - WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN - ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF - OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. - -The file redblack.c bears the following license: - - Copyright (c) 2001 Emin Martinian - - Redistribution and use in source and binary forms, with or without - modification, are permitted provided that neither the name of Emin - Martinian nor the names of any contributors are be used to endorse or - promote products derived from this software without specific prior - written permission. - - THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS - "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT - LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR - A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT - OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT - LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, - DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY - THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE - OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - -The file sssd.c bears the following license: - - Copyright (c) 2011 Daniel Kopecek - - This code is derived from software contributed by Aaron Spangler. - - Permission to use, copy, modify, and distribute this software for any - purpose with or without fee is hereby granted, provided that the above - copyright notice and this permission notice appear in all copies. - - THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES - WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF - MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR - ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES - WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN - ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF - OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. - -The files bsm_audit.c and bsm_audit.h bear the following license: - - Copyright (c) 2009 Christian S.J. Peron - - Permission to use, copy, modify, and distribute this software for any - purpose with or without fee is hereby granted, provided that the above - copyright notice and this permission notice appear in all copies. - - THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES - WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF - MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR - ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES - WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN - ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF - OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. - -The files solaris_audit.c and solaris_audit.h bear the following license: - - Copyright (c) 2014, Oracle and/or its affiliates. - - Permission to use, copy, modify, and distribute this software for any - purpose with or without fee is hereby granted, provided that the above - copyright notice and this permission notice appear in all copies. - - THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES - WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF - MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR - ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES - WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN - ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF - OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. - -The file reallocarray.c bears the following license: - - Copyright (c) 2008 Otto Moerbeek - - Permission to use, copy, modify, and distribute this software for any - purpose with or without fee is hereby granted, provided that the above - copyright notice and this permission notice appear in all copies. - - THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES - WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF - MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR - ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES - WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN - ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF - OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. - -The files getcwd.c, glob.c, glob.h, snprintf.c and sudo_queue.h bear the -following license: - - Copyright (c) 1989, 1990, 1991, 1993 - The Regents of the University of California. All rights reserved. - - Redistribution and use in source and binary forms, with or without - modification, are permitted provided that the following conditions - are met: - 1. Redistributions of source code must retain the above copyright - notice, this list of conditions and the following disclaimer. - 2. Redistributions in binary form must reproduce the above copyright - notice, this list of conditions and the following disclaimer in the - documentation and/or other materials provided with the distribution. - 3. Neither the name of the University nor the names of its contributors - may be used to endorse or promote products derived from this software - without specific prior written permission. - - THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND - ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE - FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - SUCH DAMAGE. - -The file fnmatch.c bears the following license: - - Copyright (c) 2011, VMware, Inc. - All rights reserved. - - Redistribution and use in source and binary forms, with or without - modification, are permitted provided that the following conditions are met: - * Redistributions of source code must retain the above copyright - notice, this list of conditions and the following disclaimer. - * Redistributions in binary form must reproduce the above copyright - notice, this list of conditions and the following disclaimer in the - documentation and/or other materials provided with the distribution. - * Neither the name of the VMware, Inc. nor the names of its contributors - may be used to endorse or promote products derived from this software - without specific prior written permission. - - THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" - AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - ARE DISCLAIMED. IN NO EVENT SHALL VMWARE, INC. OR CONTRIBUTORS BE LIABLE FOR - ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND - ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF - THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - -The file getopt_long.c bears the following license: - - Copyright (c) 2000 The NetBSD Foundation, Inc. - All rights reserved. - - This code is derived from software contributed to The NetBSD Foundation - by Dieter Baron and Thomas Klausner. - - Redistribution and use in source and binary forms, with or without - modification, are permitted provided that the following conditions - are met: - 1. Redistributions of source code must retain the above copyright - notice, this list of conditions and the following disclaimer. - 2. Redistributions in binary form must reproduce the above copyright - notice, this list of conditions and the following disclaimer in the - documentation and/or other materials provided with the distribution. - - THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS - ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED - TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR - PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS - BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR - CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF - SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS - INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN - CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE - POSSIBILITY OF SUCH DAMAGE. - -The file inet_pton.c bears the following license: - - Copyright (c) 1996 by Internet Software Consortium. - - Permission to use, copy, modify, and distribute this software for any - purpose with or without fee is hereby granted, provided that the above - copyright notice and this permission notice appear in all copies. - - THE SOFTWARE IS PROVIDED "AS IS" AND INTERNET SOFTWARE CONSORTIUM DISCLAIMS - ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES - OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL INTERNET SOFTWARE - CONSORTIUM BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL - DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR - PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS - ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS - SOFTWARE. - -The file arc4random.c bears the following license: - - Copyright (c) 1996, David Mazieres - Copyright (c) 2008, Damien Miller - Copyright (c) 2013, Markus Friedl - Copyright (c) 2014, Theo de Raadt - - Permission to use, copy, modify, and distribute this software for any - purpose with or without fee is hereby granted, provided that the above - copyright notice and this permission notice appear in all copies. - - THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES - WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF - MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR - ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES - WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN - ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF - OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. - -The file arc4random_uniform.c bears the following license: - - Copyright (c) 2008, Damien Miller - - Permission to use, copy, modify, and distribute this software for any - purpose with or without fee is hereby granted, provided that the above - copyright notice and this permission notice appear in all copies. - - THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES - WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF - MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR - ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES - WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN - ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF - OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. - -The file getentropy.c bears the following license: - - Copyright (c) 2014 Theo de Raadt - Copyright (c) 2014 Bob Beck - - Permission to use, copy, modify, and distribute this software for any - purpose with or without fee is hereby granted, provided that the above - copyright notice and this permission notice appear in all copies. - - THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES - WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF - MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR - ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES - WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN - ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF - OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. - -The embedded copy of zlib bears the following license: - - Copyright (C) 1995-2017 Jean-loup Gailly and Mark Adler - - This software is provided 'as-is', without any express or implied - warranty. In no event will the authors be held liable for any damages - arising from the use of this software. - - Permission is granted to anyone to use this software for any purpose, - including commercial applications, and to alter it and redistribute it - freely, subject to the following restrictions: - - 1. The origin of this software must not be misrepresented; you must not - claim that you wrote the original software. If you use this software - in a product, an acknowledgment in the product documentation would be - appreciated but is not required. - 2. Altered source versions must be plainly marked as such, and must not be - misrepresented as being the original software. - 3. This notice may not be removed or altered from any source distribution. - - Jean-loup Gailly Mark Adler - jloup@gzip.org madler@alumni.caltech.edu - -The embedded copy of protobuf-c bears the following license: - - Copyright (c) 2008-2018, Dave Benson and the protobuf-c authors. - All rights reserved. - - Redistribution and use in source and binary forms, with or without - modification, are permitted provided that the following conditions - are met: - - * Redistributions of source code must retain the above copyright - notice, this list of conditions and the following disclaimer. - - * Redistributions in binary form must reproduce the above - copyright notice, this list of conditions and the following - disclaimer in the documentation and/or other materials - provided with the distribution. - - THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS - "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT - LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR - A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT - OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT - LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, - DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY - THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE - OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. diff -Nru sudo-1.9.5p2/doc/Makefile.in sudo-1.9.9/doc/Makefile.in --- sudo-1.9.5p2/doc/Makefile.in 2020-12-17 01:33:43.000000000 +0000 +++ sudo-1.9.9/doc/Makefile.in 1970-01-01 00:00:00.000000000 +0000 @@ -1,421 +0,0 @@ -# -# SPDX-License-Identifier: ISC -# -# Copyright (c) 2010-2015, 2017-2020 Todd C. Miller -# -# Permission to use, copy, modify, and distribute this software for any -# purpose with or without fee is hereby granted, provided that the above -# copyright notice and this permission notice appear in all copies. -# -# THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES -# WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF -# MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR -# ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES -# WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN -# ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF -# OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. -# -# @configure_input@ -# - -#### Start of system configuration section. #### - -srcdir = @srcdir@ -abs_srcdir = @abs_srcdir@ -top_srcdir = @top_srcdir@ -abs_top_srcdir = @abs_top_srcdir@ -top_builddir = @top_builddir@ -abs_top_builddir = @abs_top_builddir@ -docdir = @docdir@ -scriptdir = $(top_srcdir)/scripts - -# Tools to use -SED = @SED@ -IGOR = igor -MANDOC = @MANDOCPROG@ -MANCOMPRESS = @MANCOMPRESS@ -MANCOMPRESSEXT = @MANCOMPRESSEXT@ -TR = @TRPROG@ - -# Our install program supports extra flags... -INSTALL = $(SHELL) $(top_srcdir)/install-sh -c -INSTALL_OWNER = -o $(install_uid) -g $(install_gid) - -# Where to install things... -prefix = @prefix@ -exec_prefix = @exec_prefix@ -bindir = @bindir@ -sbindir = @sbindir@ -sysconfdir = @sysconfdir@ -libexecdir = @libexecdir@ -datarootdir = @datarootdir@ -localstatedir = @localstatedir@ -mandir = @mandir@ - -# Directory in which to install the man page -mantype = @MANTYPE@ -mansectsu = @mansectsu@ -mansectform = @mansectform@ -mandirexe = $(mandir)/@MANDIRTYPE@1 -mandirsu = $(mandir)/@MANDIRTYPE@$(mansectsu) -mandirform = $(mandir)/@MANDIRTYPE@$(mansectform) - -# User and group ids the installed files should be "owned" by -install_uid = 0 -install_gid = 0 - -# Set to non-empty for development mode -DEVEL = @DEVEL@ - -#### End of system configuration section. #### - -SHELL = @SHELL@ - -DOCS = ./cvtsudoers.$(mantype) ./sudo.$(mantype) ./sudo.conf.$(mantype) \ - ./sudo_logsrvd.$(mantype) ./sudo_logsrv.proto.$(mantype) \ - ./sudo_logsrvd.conf.$(mantype) ./sudo_plugin.$(mantype) \ - ./sudo_plugin_python.$(mantype) ./sudo_sendlog.$(mantype) \ - ./sudoers.$(mantype) ./sudoers.ldap.$(mantype) \ - ./sudoers_timestamp.$(mantype) \ - ./sudoreplay.$(mantype) ./visudo.$(mantype) - -DEVDOCS = $(srcdir)/cvtsudoers.man.in $(srcdir)/sudo.conf.man.in \ - $(srcdir)/sudo.man.in $(srcdir)/sudo_logsrvd.man.in \ - $(srcdir)/sudo_logsrv.proto.man.in \ - $(srcdir)/sudo_logsrvd.conf.man.in \ - $(srcdir)/sudo_plugin.man.in $(srcdir)/sudo_plugin_python.man.in \ - $(srcdir)/sudo_sendlog.man.in $(srcdir)/sudoers.ldap.man.in \ - $(srcdir)/sudoers.man.in $(srcdir)/sudoers_timestamp.man.in \ - $(srcdir)/sudoreplay.man.in $(srcdir)/visudo.man.in - -OTHER_DOCS = $(top_srcdir)/ChangeLog $(top_srcdir)/README \ - $(top_srcdir)/NEWS $(srcdir)/HISTORY $(srcdir)/CONTRIBUTORS \ - $(srcdir)/LICENSE $(srcdir)/TROUBLESHOOTING $(srcdir)/UPGRADE - -OTHER_DOCS_LDAP = $(top_srcdir)/README.LDAP $(srcdir)/schema.* - -VERSION = @PACKAGE_VERSION@ -PACKAGE_TARNAME = @PACKAGE_TARNAME@ - -all: $(DEVDOCS) $(DOCS) - -igor: all - @if [ "$(mantype)" != "mdoc" ]; then \ - echo "make igor only supported for mdoc manuals" 1>&2; \ - exit 1; \ - else \ - rval=0; \ - for m in $(DOCS); do \ - echo $(IGOR) -D $$m; \ - $(IGOR) -D $$m || rval=`expr $$rval + $$?`; \ - done; \ - exit $$rval; \ - fi - -lint: all - @if [ "$(mantype)" != "mdoc" ]; then \ - echo "make lint only supported for mdoc manuals" 1>&2; \ - exit 1; \ - else \ - rval=0; \ - for m in $(DOCS); do \ - echo $(MANDOC) -Tlint -Wstyle $$m; \ - $(MANDOC) -Tlint -Wstyle $$m || rval=`expr $$rval + $$?`; \ - done; \ - exit $$rval; \ - fi - -depend: - -Makefile: $(srcdir)/Makefile.in - cd $(top_builddir) && ./config.status --file doc/Makefile - -.SUFFIXES: .man - -$(srcdir)/sudo.man.in: $(srcdir)/sudo.mdoc.in $(srcdir)/sudo.man.in.sed - @if [ -n "$(DEVEL)" ]; then \ - echo "Generating $@"; \ - mansectsu=`echo @MANSECTSU@|$(TR) A-Z a-z`; \ - mansectform=`echo @MANSECTFORM@|$(TR) A-Z a-z`; \ - $(SED) -e 's/^\(\.nr [A-Z][A-Z]\) .[A-Z][A-Z]MAN./\1 1/' -e "s/$$mansectsu/8/g" -e "s/$$mansectform/5/g" $(srcdir)/sudo.mdoc.in | $(MANDOC) -Tman | $(SED) -e 's/^\(\.TH "SUDO" \)"8"\(.*\)/\1"'$$mansectsu'"\2/' -e "s/(5)/($$mansectform)/g" -e "s/(8)/($$mansectsu)/g" -f $(srcdir)/sudo.man.in.sed > $@; \ - fi - -fixman.sed: $(srcdir)/fixman.sh - $(SHELL) $(srcdir)/fixman.sh $@ - -./sudo.man: $(top_builddir)/config.status $(srcdir)/sudo.man.in fixman.sed - (cd $(top_builddir) && $(SHELL) config.status --file=-) < $(srcdir)/sudo.man.in | $(SED) -f fixman.sed > $@ - -./sudo.mdoc: $(top_builddir)/config.status $(srcdir)/sudo.mdoc.in - cd $(top_builddir) && $(SHELL) config.status --file=doc/$@ - -$(srcdir)/visudo.man.in: $(srcdir)/visudo.mdoc.in - @if [ -n "$(DEVEL)" ]; then \ - echo "Generating $@"; \ - mansectsu=`echo @MANSECTSU@|$(TR) A-Z a-z`; \ - mansectform=`echo @MANSECTFORM@|$(TR) A-Z a-z`; \ - $(SED) -e "s/$$mansectsu/8/g" -e "s/$$mansectform/5/g" $(srcdir)/visudo.mdoc.in | $(MANDOC) -Tman | $(SED) -e 's/^\(\.TH "VISUDO" \)"8"\(.*\)/\1"'$$mansectsu'"\2/' -e "s/(5)/($$mansectform)/g" -e "s/(8)/($$mansectsu)/g" > $@; \ - fi - -./visudo.man: $(top_builddir)/config.status $(srcdir)/visudo.man.in fixman.sed - (cd $(top_builddir) && $(SHELL) config.status --file=-) < $(srcdir)/visudo.man.in | $(SED) -f fixman.sed > $@ - -./visudo.mdoc: $(top_builddir)/config.status $(srcdir)/visudo.mdoc.in - cd $(top_builddir) && $(SHELL) config.status --file=doc/$@ - -$(srcdir)/sudo.conf.man.in: $(srcdir)/sudo.conf.mdoc.in - @if [ -n "$(DEVEL)" ]; then \ - echo "Generating $@"; \ - mansectsu=`echo @MANSECTSU@|$(TR) A-Z a-z`; \ - mansectform=`echo @MANSECTFORM@|$(TR) A-Z a-z`; \ - $(SED) -e 's/^\(\.nr [A-Z][A-Z]\) .[A-Z][A-Z]MAN./\1 1/' -e "s/$$mansectsu/8/g" -e "s/$$mansectform/5/g" $(srcdir)/sudo.conf.mdoc.in | $(MANDOC) -Tman | $(SED) -e 's/^\(\.TH "SUDO.CONF" \)"5"\(.*\)/\1"'$$mansectform'"\2/' -e "s/(5)/($$mansectform)/g" -e "s/(8)/($$mansectsu)/g" -f $(srcdir)/sudo.conf.man.in.sed > $@; \ - fi - -./sudo.conf.man: $(top_builddir)/config.status $(srcdir)/sudo.conf.man.in fixman.sed - (cd $(top_builddir) && $(SHELL) config.status --file=-) < $(srcdir)/sudo.conf.man.in | $(SED) -f fixman.sed > $@ - -./sudo.conf.mdoc: $(top_builddir)/config.status $(srcdir)/sudo.conf.mdoc.in - cd $(top_builddir) && $(SHELL) config.status --file=doc/$@ - -$(srcdir)/sudoers.man.in: $(srcdir)/sudoers.mdoc.in $(srcdir)/sudoers.man.in.sed - @if [ -n "$(DEVEL)" ]; then \ - echo "Generating $@"; \ - mansectsu=`echo @MANSECTSU@|$(TR) A-Z a-z`; \ - mansectform=`echo @MANSECTFORM@|$(TR) A-Z a-z`; \ - $(SED) -e 's/^\(\.nr [A-Z][A-Z]\) .[A-Z][A-Z]MAN./\1 1/' -e "s/$$mansectsu/8/g" -e "s/$$mansectform/5/g" $(srcdir)/sudoers.mdoc.in | $(MANDOC) -Tman | $(SED) -e 's/^\(\.TH "SUDOERS" \)"5"\(.*\)/\1"'$$mansectform'"\2/' -e "s/(5)/($$mansectform)/g" -e "s/(8)/($$mansectsu)/g" -f $(srcdir)/sudoers.man.in.sed> $@; \ - fi - -./sudoers.man: $(top_builddir)/config.status $(srcdir)/sudoers.man.in fixman.sed - (cd $(top_builddir) && $(SHELL) config.status --file=-) < $(srcdir)/sudoers.man.in | $(SED) -f fixman.sed > $@ - -./sudoers.mdoc: $(top_builddir)/config.status $(srcdir)/sudoers.mdoc.in $(srcdir)/fixmdoc.sed - (cd $(top_builddir) && $(SHELL) config.status --file=-) < $(srcdir)/sudoers.mdoc.in | $(SED) -f $(srcdir)/fixmdoc.sed > $@ - -$(srcdir)/sudoers.ldap.man.in: $(srcdir)/sudoers.ldap.mdoc.in - @if [ -n "$(DEVEL)" ]; then \ - echo "Generating $@"; \ - mansectsu=`echo @MANSECTSU@|$(TR) A-Z a-z`; \ - mansectform=`echo @MANSECTFORM@|$(TR) A-Z a-z`; \ - $(SED) -e "s/$$mansectsu/8/g" -e "s/$$mansectform/5/g" $(srcdir)/sudoers.ldap.mdoc.in | $(MANDOC) -Tman | $(SED) -e 's/^\(\.TH "SUDOERS.LDAP" \)"5"\(.*\)/\1"'$$mansectform'"\2/' -e "s/(5)/($$mansectform)/g" -e "s/(8)/($$mansectsu)/g" > $@; \ - fi - -./sudoers.ldap.man: $(top_builddir)/config.status $(srcdir)/sudoers.ldap.man.in fixman.sed - (cd $(top_builddir) && $(SHELL) config.status --file=-) < $(srcdir)/sudoers.ldap.man.in | $(SED) -f fixman.sed > $@ - -./sudoers.ldap.mdoc: $(top_builddir)/config.status $(srcdir)/sudoers.ldap.mdoc.in - cd $(top_builddir) && $(SHELL) config.status --file=doc/$@ - -$(srcdir)/sudoers_timestamp.man.in: $(srcdir)/sudoers_timestamp.mdoc.in - @if [ -n "$(DEVEL)" ]; then \ - echo "Generating $@"; \ - mansectsu=`echo @MANSECTSU@|$(TR) A-Z a-z`; \ - mansectform=`echo @MANSECTFORM@|$(TR) A-Z a-z`; \ - $(SED) -e "s/$$mansectsu/8/g" -e "s/$$mansectform/5/g" $(srcdir)/sudoers_timestamp.mdoc.in | $(MANDOC) -Tman | $(SED) -e 's/^\(\.TH "SUDOERS_TIMESTAMP" \)"5"\(.*\)/\1"'$$mansectform'"\2/' -e "s/(5)/($$mansectform)/g" -e "s/(8)/($$mansectsu)/g" > $@; \ - fi - -./sudoers_timestamp.man: $(top_builddir)/config.status $(srcdir)/sudoers_timestamp.man.in fixman.sed - (cd $(top_builddir) && $(SHELL) config.status --file=-) < $(srcdir)/sudoers_timestamp.man.in | $(SED) -f fixman.sed > $@ - -./sudoers_timestamp.mdoc: $(top_builddir)/config.status $(srcdir)/sudoers_timestamp.mdoc.in - cd $(top_builddir) && $(SHELL) config.status --file=doc/$@ - -$(srcdir)/cvtsudoers.man.in: $(srcdir)/cvtsudoers.mdoc.in - @if [ -n "$(DEVEL)" ]; then \ - echo "Generating $@"; \ - mansectsu=`echo @MANSECTSU@|$(TR) A-Z a-z`; \ - mansectform=`echo @MANSECTFORM@|$(TR) A-Z a-z`; \ - $(SED) -e "s/$$mansectsu/8/g" -e "s/$$mansectform/5/g" $(srcdir)/cvtsudoers.mdoc.in | $(MANDOC) -Tman | $(SED) -e "s/(5)/($$mansectform)/g" -e "s/(8)/($$mansectsu)/g" > $@; \ - fi - -./cvtsudoers.man: $(top_builddir)/config.status $(srcdir)/cvtsudoers.man.in fixman.sed - (cd $(top_builddir) && $(SHELL) config.status --file=-) < $(srcdir)/cvtsudoers.man.in | $(SED) -f fixman.sed > $@ - -./cvtsudoers.mdoc: $(top_builddir)/config.status $(srcdir)/cvtsudoers.mdoc.in - cd $(top_builddir) && $(SHELL) config.status --file=doc/$@ - -$(srcdir)/sudoreplay.man.in: $(srcdir)/sudoreplay.mdoc.in - @if [ -n "$(DEVEL)" ]; then \ - echo "Generating $@"; \ - mansectsu=`echo @MANSECTSU@|$(TR) A-Z a-z`; \ - mansectform=`echo @MANSECTFORM@|$(TR) A-Z a-z`; \ - $(SED) -e "s/$$mansectsu/8/g" -e "s/$$mansectform/5/g" $(srcdir)/sudoreplay.mdoc.in | $(MANDOC) -Tman | $(SED) -e 's/^\(\.TH "SUDOREPLAY" \)"8"\(.*\)/\1"'$$mansectsu'"\2/' -e "s/(5)/($$mansectform)/g" -e "s/(8)/($$mansectsu)/g" > $@; \ - fi - -./sudoreplay.man: $(top_builddir)/config.status $(srcdir)/sudoreplay.man.in fixman.sed - (cd $(top_builddir) && $(SHELL) config.status --file=-) < $(srcdir)/sudoreplay.man.in | $(SED) -f fixman.sed > $@ - -./sudoreplay.mdoc: $(top_builddir)/config.status $(srcdir)/sudoreplay.mdoc.in - cd $(top_builddir) && $(SHELL) config.status --file=doc/$@ - -$(srcdir)/sudo_logsrvd.man.in: $(srcdir)/sudo_logsrvd.mdoc.in - @if [ -n "$(DEVEL)" ]; then \ - echo "Generating $@"; \ - mansectsu=`echo @MANSECTSU@|$(TR) A-Z a-z`; \ - mansectform=`echo @MANSECTFORM@|$(TR) A-Z a-z`; \ - $(SED) -e "s/$$mansectsu/8/g" -e "s/$$mansectform/5/g" $(srcdir)/sudo_logsrvd.mdoc.in | $(MANDOC) -Tman | $(SED) -e 's/^\(\.TH "SUDO_LOGSRVD" \)"8"\(.*\)/\1"'$$mansectsu'"\2/' -e "s/(5)/($$mansectform)/g" -e "s/(8)/($$mansectsu)/g" > $@; \ - fi - -./sudo_logsrvd.man: $(top_builddir)/config.status $(srcdir)/sudo_logsrvd.man.in fixman.sed - (cd $(top_builddir) && $(SHELL) config.status --file=-) < $(srcdir)/sudo_logsrvd.man.in | $(SED) -f fixman.sed > $@ - -./sudo_logsrvd.mdoc: $(top_builddir)/config.status $(srcdir)/sudo_logsrvd.mdoc.in - cd $(top_builddir) && $(SHELL) config.status --file=doc/$@ - -$(srcdir)/sudo_logsrv.proto.man.in: $(srcdir)/sudo_logsrv.proto.mdoc.in - @if [ -n "$(DEVEL)" ]; then \ - echo "Generating $@"; \ - mansectsu=`echo @MANSECTSU@|$(TR) A-Z a-z`; \ - mansectform=`echo @MANSECTFORM@|$(TR) A-Z a-z`; \ - $(SED) -e "s/$$mansectsu/8/g" -e "s/$$mansectform/5/g" $(srcdir)/sudo_logsrv.proto.mdoc.in | $(MANDOC) -Tman | $(SED) -e 's/^\(\.TH "SUDO_LOGSRV.PROTO" \)"5"\(.*\)/\1"'$$mansectform'"\2/' -e "s/(5)/($$mansectform)/g" -e "s/(5)/($$mansectform)/g" > $@; \ - fi - -./sudo_logsrv.proto.man: $(top_builddir)/config.status $(srcdir)/sudo_logsrv.proto.man.in fixman.sed - (cd $(top_builddir) && $(SHELL) config.status --file=-) < $(srcdir)/sudo_logsrv.proto.man.in | $(SED) -f fixman.sed > $@ - -./sudo_logsrv.proto.mdoc: $(top_builddir)/config.status $(srcdir)/sudo_logsrv.proto.mdoc.in - cd $(top_builddir) && $(SHELL) config.status --file=doc/$@ - -$(srcdir)/sudo_logsrvd.conf.man.in: $(srcdir)/sudo_logsrvd.conf.mdoc.in - @if [ -n "$(DEVEL)" ]; then \ - echo "Generating $@"; \ - mansectsu=`echo @MANSECTSU@|$(TR) A-Z a-z`; \ - mansectform=`echo @MANSECTFORM@|$(TR) A-Z a-z`; \ - $(SED) -e "s/$$mansectsu/8/g" -e "s/$$mansectform/5/g" $(srcdir)/sudo_logsrvd.conf.mdoc.in | $(MANDOC) -Tman | $(SED) -e 's/^\(\.TH "SUDO_LOGSRVD.CONF" \)"5"\(.*\)/\1"'$$mansectform'"\2/' -e "s/(5)/($$mansectform)/g" -e "s/(5)/($$mansectform)/g" > $@; \ - fi - -./sudo_logsrvd.conf.man: $(top_builddir)/config.status $(srcdir)/sudo_logsrvd.conf.man.in fixman.sed - (cd $(top_builddir) && $(SHELL) config.status --file=-) < $(srcdir)/sudo_logsrvd.conf.man.in | $(SED) -f fixman.sed > $@ - -./sudo_logsrvd.conf.mdoc: $(top_builddir)/config.status $(srcdir)/sudo_logsrvd.conf.mdoc.in - cd $(top_builddir) && $(SHELL) config.status --file=doc/$@ - -$(srcdir)/sudo_plugin.man.in: $(srcdir)/sudo_plugin.mdoc.in - @if [ -n "$(DEVEL)" ]; then \ - echo "Generating $@"; \ - mansectsu=`echo @MANSECTSU@|$(TR) A-Z a-z`; \ - mansectform=`echo @MANSECTFORM@|$(TR) A-Z a-z`; \ - $(SED) -e "s/$$mansectsu/8/g" -e "s/$$mansectform/5/g" $(srcdir)/sudo_plugin.mdoc.in | $(MANDOC) -Tman | $(SED) -e 's/^\(\.TH "SUDO_PLUGIN" \)"8"\(.*\)/\1"'$$mansectsu'"\2/' -e "s/(5)/($$mansectform)/g" -e "s/(8)/($$mansectsu)/g" > $@; \ - fi - -./sudo_plugin.man: $(top_builddir)/config.status $(srcdir)/sudo_plugin.man.in fixman.sed - (cd $(top_builddir) && $(SHELL) config.status --file=-) < $(srcdir)/sudo_plugin.man.in | $(SED) -f fixman.sed > $@ - -./sudo_plugin.mdoc: $(top_builddir)/config.status $(srcdir)/sudo_plugin.mdoc.in - cd $(top_builddir) && $(SHELL) config.status --file=doc/$@ - -$(srcdir)/sudo_plugin_python.man.in: $(srcdir)/sudo_plugin_python.mdoc.in - @if [ -n "$(DEVEL)" ]; then \ - echo "Generating $@"; \ - mansectsu=`echo @MANSECTSU@|$(TR) A-Z a-z`; \ - mansectform=`echo @MANSECTFORM@|$(TR) A-Z a-z`; \ - $(SED) -e "s/$$mansectsu/8/g" -e "s/$$mansectform/5/g" $(srcdir)/sudo_plugin_python.mdoc.in | $(MANDOC) -Tman | $(SED) -e 's/^\(\.TH "SUDO_PLUGIN" \)"8"\(.*\)/\1"'$$mansectsu'"\2/' -e "s/(5)/($$mansectform)/g" -e "s/(8)/($$mansectsu)/g" > $@; \ - fi - -./sudo_plugin_python.man: $(top_builddir)/config.status $(srcdir)/sudo_plugin_python.man.in fixman.sed - (cd $(top_builddir) && $(SHELL) config.status --file=-) < $(srcdir)/sudo_plugin_python.man.in | $(SED) -f fixman.sed > $@ - -./sudo_plugin_python.mdoc: $(top_builddir)/config.status $(srcdir)/sudo_plugin_python.mdoc.in - cd $(top_builddir) && $(SHELL) config.status --file=doc/$@ - -$(srcdir)/sudo_sendlog.man.in: $(srcdir)/sudo_sendlog.mdoc.in - @if [ -n "$(DEVEL)" ]; then \ - echo "Generating $@"; \ - mansectsu=`echo @MANSECTSU@|$(TR) A-Z a-z`; \ - mansectform=`echo @MANSECTFORM@|$(TR) A-Z a-z`; \ - $(SED) -e "s/$$mansectsu/8/g" -e "s/$$mansectform/5/g" $(srcdir)/sudo_sendlog.mdoc.in | $(MANDOC) -Tman | $(SED) -e 's/^\(\.TH "SUDO_SENDLOG" \)"8"\(.*\)/\1"'$$mansectsu'"\2/' -e "s/(5)/($$mansectform)/g" -e "s/(8)/($$mansectsu)/g" > $@; \ - fi - -./sudo_sendlog.man: $(top_builddir)/config.status $(srcdir)/sudo_sendlog.man.in fixman.sed - (cd $(top_builddir) && $(SHELL) config.status --file=-) < $(srcdir)/sudo_sendlog.man.in | $(SED) -f fixman.sed > $@ - -./sudo_sendlog.mdoc: $(top_builddir)/config.status $(srcdir)/sudo_sendlog.mdoc.in - cd $(top_builddir) && $(SHELL) config.status --file=doc/$@ - -pre-install: - -install: install-doc - -install-dirs: - $(SHELL) $(scriptdir)/mkinstalldirs $(DESTDIR)$(docdir) \ - $(DESTDIR)$(mandirexe) $(DESTDIR)$(mandirform) $(DESTDIR)$(mandirsu) - -install-binaries: - -install-includes: - -install-doc: install-dirs - for f in $(OTHER_DOCS); do $(INSTALL) $(INSTALL_OWNER) -m 0644 $$f $(DESTDIR)$(docdir); done - @LDAP@for f in $(OTHER_DOCS_LDAP); do $(INSTALL) $(INSTALL_OWNER) -m 0644 $$f $(DESTDIR)$(docdir); done - $(INSTALL) $(INSTALL_OWNER) -m 0644 ./cvtsudoers.$(mantype) $(DESTDIR)$(mandirexe)/cvtsudoers.1 - $(INSTALL) $(INSTALL_OWNER) -m 0644 ./sudo.$(mantype) $(DESTDIR)$(mandirsu)/sudo.$(mansectsu) - @LOGSRV@$(INSTALL) $(INSTALL_OWNER) -m 0644 ./sudo_logsrvd.$(mantype) $(DESTDIR)$(mandirsu)/sudo_logsrvd.$(mansectsu) - $(INSTALL) $(INSTALL_OWNER) -m 0644 ./sudo_plugin.$(mantype) $(DESTDIR)$(mandirsu)/sudo_plugin.$(mansectsu) - @PYTHON_PLUGIN@$(INSTALL) $(INSTALL_OWNER) -m 0644 ./sudo_plugin_python.$(mantype) $(DESTDIR)$(mandirsu)/sudo_plugin_python.$(mansectsu) - $(INSTALL) $(INSTALL_OWNER) -m 0644 ./sudo_sendlog.$(mantype) $(DESTDIR)$(mandirsu)/sudo_sendlog.$(mansectsu) - $(INSTALL) $(INSTALL_OWNER) -m 0644 ./sudoreplay.$(mantype) $(DESTDIR)$(mandirsu)/sudoreplay.$(mansectsu) - $(INSTALL) $(INSTALL_OWNER) -m 0644 ./visudo.$(mantype) $(DESTDIR)$(mandirsu)/visudo.$(mansectsu) - $(INSTALL) $(INSTALL_OWNER) -m 0644 ./sudo.conf.$(mantype) $(DESTDIR)$(mandirform)/sudo.conf.$(mansectform) - @LOGSRV@$(INSTALL) $(INSTALL_OWNER) -m 0644 ./sudo_logsrv.proto.$(mantype) $(DESTDIR)$(mandirform)/sudo_logsrv.proto.$(mansectform) - @LOGSRV@$(INSTALL) $(INSTALL_OWNER) -m 0644 ./sudo_logsrvd.conf.$(mantype) $(DESTDIR)$(mandirform)/sudo_logsrvd.conf.$(mansectform) - $(INSTALL) $(INSTALL_OWNER) -m 0644 ./sudoers.$(mantype) $(DESTDIR)$(mandirform)/sudoers.$(mansectform) - $(INSTALL) $(INSTALL_OWNER) -m 0644 ./sudoers_timestamp.$(mantype) $(DESTDIR)$(mandirform)/sudoers_timestamp.$(mansectform) - @LDAP@$(INSTALL) $(INSTALL_OWNER) -m 0644 ./sudoers.ldap.$(mantype) $(DESTDIR)$(mandirform)/sudoers.ldap.$(mansectform) - @if test -n "$(MANCOMPRESS)"; then \ - for f in $(mandirexe)/cvtsudoers.1 $(mandirsu)/sudo.$(mansectsu) $(mandirsu)/sudo_logsrvd.$(mansectsu) $(mandirsu)/sudo_plugin.$(mansectsu) $(mandirsu)/sudo_plugin_python.$(mansectsu) $(mandirsu)/sudo_sendlog.$(mansectsu) $(mandirsu)/sudoreplay.$(mansectsu) $(mandirsu)/visudo.$(mansectsu) $(mandirform)/sudo.conf.$(mansectform) $(mandirform)/sudo_logsrv.proto.$(mansectform) $(mandirform)/sudo_logsrvd.conf.$(mansectform) $(mandirform)/sudoers.$(mansectform) $(mandirform)/sudoers_timestamp.$(mansectform) $(mandirform)/sudoers.ldap.$(mansectform); do \ - if test -f $(DESTDIR)$$f; then \ - echo $(MANCOMPRESS) -f $(DESTDIR)$$f; \ - $(MANCOMPRESS) -f $(DESTDIR)$$f; \ - fi; \ - done; \ - rm -f $(DESTDIR)$(mandirsu)/sudoedit.$(mansectsu)$(MANCOMPRESSEXT); \ - echo ln -s sudo.$(mansectsu)$(MANCOMPRESSEXT) $(DESTDIR)$(mandirsu)/sudoedit.$(mansectsu)$(MANCOMPRESSEXT); \ - ln -s sudo.$(mansectsu)$(MANCOMPRESSEXT) $(DESTDIR)$(mandirsu)/sudoedit.$(mansectsu)$(MANCOMPRESSEXT); \ - else \ - rm -f $(DESTDIR)$(mandirsu)/sudoedit.$(mansectsu); \ - echo ln -s sudo.$(mansectsu) $(DESTDIR)$(mandirsu)/sudoedit.$(mansectsu); \ - ln -s sudo.$(mansectsu) $(DESTDIR)$(mandirsu)/sudoedit.$(mansectsu); \ - fi - -install-plugin: - -uninstall: - -rm -rf $(DESTDIR)$(docdir) - -rm -f $(DESTDIR)$(mandirexe)/cvtsudoers.1 \ - $(DESTDIR)$(mandirsu)/sudo.$(mansectsu) \ - $(DESTDIR)$(mandirsu)/sudoedit.$(mansectsu) \ - $(DESTDIR)$(mandirsu)/sudo_logsrvd.$(mansectsu) \ - $(DESTDIR)$(mandirsu)/sudo_plugin.$(mansectsu) \ - $(DESTDIR)$(mandirsu)/sudo_plugin_python.$(mansectsu) \ - $(DESTDIR)$(mandirsu)/sudo_sendlog.$(mansectsu) \ - $(DESTDIR)$(mandirsu)/sudoreplay.$(mansectsu) \ - $(DESTDIR)$(mandirsu)/visudo.$(mansectsu) \ - $(DESTDIR)$(mandirform)/sudo.conf.$(mansectform) \ - $(DESTDIR)$(mandirform)/sudo_logsrv.proto.$(mansectform) \ - $(DESTDIR)$(mandirform)/sudo_logsrvd.conf.$(mansectform) \ - $(DESTDIR)$(mandirform)/sudoers.$(mansectform) \ - $(DESTDIR)$(mandirform)/sudoers_timestamp.$(mansectform) - $(DESTDIR)$(mandirform)/sudoers.ldap.$(mansectform) - -splint: - -cppcheck: - -pvs-log-files: - -pvs-studio: - -check: - -clean: - -rm -f fixman.sed - -mostlyclean: clean - -distclean: clean - -rm -rf Makefile config.log *.man *.mdoc - -clobber: distclean - -realclean: distclean - -cleandir: distclean diff -Nru sudo-1.9.5p2/doc/TROUBLESHOOTING sudo-1.9.9/doc/TROUBLESHOOTING --- sudo-1.9.5p2/doc/TROUBLESHOOTING 2020-12-17 01:33:43.000000000 +0000 +++ sudo-1.9.9/doc/TROUBLESHOOTING 1970-01-01 00:00:00.000000000 +0000 @@ -1,295 +0,0 @@ -Troubleshooting tips and FAQ for Sudo -===================================== - -Q) When I run configure, it says "C compiler cannot create executables". -A) This usually means you either don't have a working compiler. This - could be due to the lack of a license or that some component of the - compiler suite could not be found. Check config.log for clues as - to why this is happening. On many systems, compiler components live - in /usr/ccs/bin which may not be in your PATH environment variable. - -Q) When I run configure, it says "sudo requires the 'ar' utility to build". -A) As part of the build process, sudo creates a temporary library containing - objects that are shared amongst the different sudo executables. - On Unix systems, the "ar" utility is used to do this. This error - indicates that "ar" is missing on your system. On Solaris systems, - you may need to install the SUNWbtool package. On other systems - "ar" may be included in the GNU binutils package. - -Q) Sudo compiles and installs OK but when I try to run it I get: - /usr/local/bin/sudo must be owned by uid 0 and have the setuid bit set -A) Sudo must be setuid root to do its work. Either /usr/local/bin/sudo - is not owned by uid 0 or the setuid bit is not set. This should have - been done for you by "make install" but you can fix it manually by - running the following as root: - # chown root /usr/local/bin/sudo; chmod 4755 /usr/local/bin/sudo - -Q) Sudo compiles and installs OK but when I try to run it I get: - effective uid is not 0, is /usr/local/bin/sudo on a file system with the - 'nosuid' option set or an NFS file system without root privileges? -A) The owner and permissions on the sudo binary appear to be OK but when - sudo ran, the setuid bit did not have an effect. There are two common - causes for this. The first is that the file system the sudo binary - is located on is mounted with the 'nosuid' mount option, which disables - setuid binaries. The output of the "mount" command should tell you if - the file system is mounted with the 'nosuid' option. The other possible - cause is that sudo is installed on an NFS-mounted file system that is - exported without root privileges. By default, NFS file systems are - exported with uid 0 mapped to a non-privileged uid (usually -2). You - should be able to determine whether sudo is located on an NFS-mounted - filesystem by running "df `which sudo'". - -Q) Sudo never gives me a chance to enter a password using PAM, it just - says 'Sorry, try again.' three times and exits. -A) You didn't setup PAM to work with sudo. On RedHat Linux or Fedora - Core this generally means installing the sample pam.conf file as - /etc/pam.d/sudo. See the example pam.conf file for hints on what - to use for other Linux systems. - -Q) Sudo says 'Account expired or PAM config lacks an "account" - section for sudo, contact your system administrator' and exits - but I know my account has not expired. -A) Your PAM config lacks an "account" specification. On Linux this - usually means you are missing a line like: - account required pam_unix.so - in /etc/pam.d/sudo. - -Q) Sudo is setup to log via syslog(3) but I'm not getting any log - messages. -A) Make sure you have an entry in your syslog.conf file to save - the sudo messages (see the example syslog.conf file). The default - log facility is authpriv (changeable via configure or in sudoers). - Don't forget to send a SIGHUP to your syslogd so that it re-reads - its conf file. Also, remember that syslogd does *not* create - log files, you need to create the file before syslogd will log - to it (ie: touch /var/log/sudo). - Note: the facility (e.g. "auth.debug") must be separated from the - destination (e.g. "/var/log/auth" or "@loghost") by - tabs, *not* spaces. This is a common error. - -Q) When sudo asks me for my password it never accepts what I enter even - though I know I entered my password correctly. -A) If you are not using pam and your system uses shadow passwords, - it is possible that sudo didn't properly detect that shadow - passwords are in use. Take a look at the generated config.h - file and verify that the C function used for shadow password - look ups was detected. For instance, for SVR4-style shadow - passwords, HAVE_GETSPNAM should be defined (you can search for - the string "shadow passwords" in config.h with your editor). - Note that there is no define for 4.4BSD-based shadow passwords - since that just uses the standard getpw* routines. - -Q) Can sudo use the ssh agent for authentication instead of asking - for the user's Unix password? -A) Not directly, but you can use a PAM module like pam_ssh_agent_auth - or pam_ssh for this purpose. - -Q) I don't want the sudoers file in /etc, how can I specify where it - should go? -A) Use the --sysconfdir option to configure. Ie: - configure --sysconfdir=/dir/you/want/sudoers/in - -Q) Can I put the sudoers file in NIS/NIS+ or do I have to have a - copy on each machine? -A) There is no support for making an NIS/NIS+ map/table out of - the sudoers file at this time. You can distribute the sudoers - file via rsync or rdist. It is also possible to NFS-mount the - sudoers file. If you use LDAP at your site you may be interested - in sudo's LDAP sudoers support, see the README.LDAP file and the - sudoers.ldap manual. - -Q) I don't run sendmail on my machine. Does this mean that I cannot - use sudo? -A) No, you just need to disable mailing with a line like: - Defaults !mailerpath - in your sudoers file or run configure with the --without-sendmail - option. - -Q) When I run visudo it uses vi as the editor and I hate vi. How - can I make it use another editor? -A) You can specify the editor to use in visudo in the sudoers file. - See the "editor" and "env_editor" entries in the sudoers manual. - The defaults can also be set at configure time using the - --with-editor and --with-env-editor configure options. - -Q) Sudo appears to be removing some variables from the environment, why? -A) By default, sudo runs commands with a new, minimal environment. - The "env_keep" setting in sudoers can be used to control which - environment variables are preserved from the invoking user's - environment via the "env_keep" setting in sudoers. - - While it is possible to disable the "env_reset" setting, which - will preserve all environment variables that don't match a black - list, doing so is strongly discouraged. See the "Command - environment" section of the sudoers manual for more information. - -Q) Why does sudo reset the HOME environment variable? -A) Many programs use the HOME environment variable to locate - configuration and data files. Often, these configuration files - are treated as trusted input that affects how the program operates. - By controlling the configuration files, a user may be able to - cause the program to execute other commands without sudo's - restrictions or logging. - - Some programs perform extra checks when the real and effective - user-IDs differ, but because sudo runs commands with all user-IDs - set to the target user, these checks are insufficient. - - While it is possible to preserve the value of the HOME environment - variable by adding it to the "env_keep" list in the sudoers file, - doing so is strongly discouraged. Users wishing to edit files - with sudo should run sudoedit (or sudo -e) to get their accustomed - editor configuration instead of invoking the editor directly. - -Q) How can I keep sudo from asking for a password? -A) To specify this on a per-user (and per-command) basis, use the - 'NOPASSWD' tag right before the command list in sudoers. See - the sudoers man page and examples/sudoers for details. To disable - passwords completely, add !authenticate" to the Defaults line - in /etc/sudoers. You can also turn off authentication on a - per-user or per-host basis using a user or host-specific Defaults - entry in sudoers. To hard-code the global default, you can - configure with the --without-passwd option. - -Q) When I run configure, it dies with the following error: - "no acceptable cc found in $PATH". -A) /usr/ucb/cc was the only C compiler that configure could find. - You need to tell configure the path to the "real" C compiler - via the --with-CC option. On Solaris, the path is probably - something like "/opt/SUNWspro/SC4.0/bin/cc". If you have gcc - that will also work. - -Q) When I run configure, it dies with the following error: - Fatal Error: config.cache exists from another platform! - Please remove it and re-run configure. -A) configure caches the results of its tests in a file called - config.cache to make re-running configure speedy. However, - if you are building sudo for a different platform the results - in config.cache will be wrong so you need to remove config.cache. - You can do this by "rm config.cache" or "make realclean". - Note that "make realclean" will also remove any object files - and configure temp files that are laying around as well. - -Q) I built sudo on a Solaris 11 (or higher) machine but the resulting - binary doesn't work older Solaris versions. Why? -A) Starting with Solaris 11, asprintf(3) is included in the standard - C library. To build a version of sudo on a Solaris 11 machine that - will run on an older Solaris release, edit config.h and comment out - the lines: - #define HAVE_ASPRINTF 1 - #define HAVE_VASPRINTF 1 - and run make. - -Q) When I run "visudo" it says "sudoers file busy, try again later." - and doesn't do anything. -A) Someone else is currently editing the sudoers file with visudo. - -Q) When I try to use "cd" with sudo it says "cd: command not found". -A) "cd" is a shell built-in command, you can't run it as a command - since a child process (sudo) cannot affect the current working - directory of the parent (your shell). - -Q) When I try to use "cd" with sudo the command completes without - errors but nothing happens. -A) Even though "cd" is a shell built-in command, some operating systems - include a /usr/bin/cd command for some reason. A standalone - "cd" command is totally useless since a child process (cd) cannot - affect the current working directory of the parent (your shell). - Thus, "sudo cd /foo" will start a child process, change the - directory and immediately exit without doing anything useful. - -Q) When I run sudo it says I am not allowed to run the command as root - but I don't want to run it as root, I want to run it as another user. - My sudoers file entry looks like: - bob ALL=(oracle) ALL -A) The default user sudo tries to run things as is always root, even if - the invoking user can only run commands as a single, specific user. - This may change in the future but at the present time you have to - work around this using the 'runas_default' option in sudoers. - For example: - Defaults:bob runas_default=oracle - would achieve the desired result for the preceding sudoers fragment. - -Q) When I try to run sudo via ssh, I get the error: - sudo: a terminal is required to read the password; either use the -S - option to read from standard input or configure an askpass helper -A) If sudo needs to authenticate a user, it requires access to the user's - terminal to disable echo so the password is not displayed to the screen. - The above message indicates that no terminal was present. - - When running a command via ssh, a terminal is not allocated by default - which can cause this message. The "-t" option to ssh will force it to - allocate a tty. Alternately, you may be able to use the ssh-askpass - utility to prompt for the password if X11 forwarding is enabled and an - askpass helper is configured in the sudo.conf file. If you do not mind - your password being echoed to the screen, you may use sudo's -S option - to read the password from the standard input. Alternately, you may set - the "visiblepw" sudoers option which will allow the password to be entered - even when echo cannot be disabled, though this is not recommended. - -Q) When I try to use SSL-enabled LDAP with sudo I get an error: - unable to initialize SSL cert and key db: security library: bad database. - you must set TLS_CERT in /etc/ldap.conf to use SSL -A) On systems that use a Mozilla-derived LDAP SDK there must be a - certificate database in place to use SSL-encrypted LDAP connections. - This file is usually /var/ldap/cert8.db or /etc/ldap/cert8.db. - The actual number after "cert" will vary, depending on the version - of the LDAP SDK that is being used. If you do not have a certificate - database you can either copy one from a mozilla-derived browser, such - as firefox, or create one using the "certutil" command. You can run - "certutil" as follows and press the (or ) key at the - password prompt: - # certutil -N -d /var/ldap - Enter a password which will be used to encrypt your keys. - The password should be at least 8 characters long, - and should contain at least one non-alphabetic character. - - Enter new password: - Re-enter password: - -Q) On HP-UX, the umask setting in sudoers has no effect. -A) If your /etc/pam.conf file has the libpam_hpsec.so.1 session module - enabled, you may need to a add line like the following to pam.conf: - sudo session required libpam_hpsec.so.1 bypass_umask - -Q) When I run "sudo -i shell_alias" I get "command not found" even - though the alias is defined in my shell startup files. -A) Commands run via "sudo -i" are executed by the shell in - non-interactive mode. The bash shell will only parse aliases in - interactive mode unless the "expand_aliases" shell option is - set. If you add "shopt -s expand_aliases" to your .bash_profile - (or .profile if using that instead) the aliases should now be - available to "sudo -i". - -Q) When I run sudo on AIX I get the following error: - setuidx(ID_EFFECTIVE|ID_REAL|ID_SAVED, ROOT_UID): Operation not permitted. -A) AIX's Enhanced RBAC is preventing sudo from running. To fix - this, add the following entry to /etc/security/privcmds (adjust - the path to sudo as needed) and run the setkst command as root: - - /usr/local/bin/sudo: - accessauths = ALLOW_ALL - innateprivs = PV_DAC_GID,PV_DAC_R,PV_DAC_UID,PV_DAC_X,PV_FS_CHOWN,PV_PROC_PRIO,PV_NET_PORT,PV_NET_CNTL,PV_SU_UID - secflags = FSF_EPS - -Q) Sudo configures and builds without error but when I run it I get - a Segmentation fault. -A) If you are on a Linux system, the first thing to try is to run - configure with the --disable-pie option, then "make clean" and - "make". If that fixes the problem then your operating system - does not properly support position independent executables. - Please send a message to sudo@sudo.ws with system details such - as the Linux distro, kernel version and CPU architecture. - -Q) When I run configure I get the following error: - dlopen present but libtool doesn't appear to support your platform. -A) Libtool doesn't know how to support dynamic linking on the operating - system you are building for. If you are cross-compiling, you need to - specify the operating system, not just the CPU type. For example: - --host powerpc-unknown-linux - instead of just: - --host powerpc - -Q) How do you pronounce `sudo'? -A) The official pronunciation is soo-doo (for su "do"). However, an - alternate pronunciation, a homophone of "pseudo", is also common. diff -Nru sudo-1.9.5p2/doc/UPGRADE sudo-1.9.9/doc/UPGRADE --- sudo-1.9.5p2/doc/UPGRADE 2020-12-17 01:33:43.000000000 +0000 +++ sudo-1.9.9/doc/UPGRADE 1970-01-01 00:00:00.000000000 +0000 @@ -1,534 +0,0 @@ -Notes on upgrading from an older release -======================================== - -o Upgrading from a version prior to 1.9.3: - - Due to the addition of the CHROOT and CWD options, it is no - longer possible to declare an alias with one of those names. - If a sudoers file has an alias with one of those names, sudo - and visudo will report a syntax error with a message like - "syntax error: unexpected CHROOT, expecting ALIAS". - - Starting with version 1.9.3, sudoers rules must end in either - a newline or the end-of-file. This makes it possible to provide - better error messages. Previously, it was possible to include - multiple rules on a single line, separated by white space. - - Starting with version 1.9.3, sudo will attempt to recover from - a syntax error in the sudoers file by discarding the portion - of the line that contains the error until the end of the line. - To restore the historic behavior of refusing to run when a - syntax error is encountered, add "error_recovery=false" as a - plugin option in sudo.conf for the "sudoers_audit" plugin, (or - "sudoers_policy" if there is no "sudoers_audit" plugin configured). - -o Upgrading from a version prior to 1.9.1: - - Starting with version 1.9.1, sudoers plugin arguments in sudo.conf - should be specified for the "sudoers_audit" plugin, not - "sudoers_policy". This is because the sudoers file is now - opened and parsed by the "sudoers_audit" plugin. Previously, - this was done by the "sudoers_policy" plugin. The use of an - audit plugin makes it possible for the sudoers module to detect - when a command has been rejected by an approval plugin and only - log commands that are allowed by both policy and approval - plugins. - -o Upgrading from a version prior to 1.8.30: - - Starting with version 1.8.30, sudo will no longer allow commands - to be run as a user or group ID that is not in the password or - group databases by default. Previously, sudo would always allow - unknown user or group IDs if the sudoers entry permitted it, - including via the "ALL" alias. The old behavior can be restored - by setting the new "allow_unknown_runas_id" Defaults setting - in the sudoers file. - -o Upgrading from a version prior to 1.8.29: - - Starting with version 1.8.29, if the umask is explicitly set - in sudoers, that value is used regardless of the umask specified - by PAM or login.conf. However, if the umask is not explicitly - set in sudoers, PAM or login.conf may now override the default - sudoers umask. Previously, the sudoers umask always overrode - the umask set by PAM, which was not the documented behavior. - -o Upgrading from a version prior to 1.8.28: - - Starting with version 1.8.28, sudo stores the signal that caused - a command to be suspended or resumed as a string in the I/O log - timing file. The version of sudoreplay included with sudo - 1.8.28 can process either type of I/O log file but older versions - of sudoreplay are unable to replay the newer logs. - - Starting with version 1.8.28, sudoedit honors the umask and - umask_override settings in sudoers. Previously, the user's - umask was used as-is. - -o Upgrading from a version prior to 1.8.26: - - Starting with version 1.8.26, sudo no long sets the USERNAME - environment variable when running commands. This is a non-standard - environment variable that was set on some older Linux systems. - Sudo still sets the LOGNAME, USER and, on AIX systems, LOGIN - environment variables. - - Handling of the LOGNAME, USER (and on AIX, LOGIN) environment - variables has changed slightly in version 1.8.26. Sudo now - treats those variables as a single unit. This means that if - one variable is preserved or removed from the environment using - env_keep, env_check or env_delete, the others are too. - -o Upgrading from a version prior to 1.8.23: - - In sudo 1.8.23 the "sudoers2ldif" script and the "visudo -x" - functionality has been superseded by the "cvtsudoers" utility. - The cvtsudoers utility is intended to be a drop-in replacement - for "sudoers2ldif". Because it uses the same parser as sudo - and visudo, cvtsudoers can perform a more accurate conversion - than sudoers2ldif could. - - To convert a sudoers file to JSON, the format option must be - specified. For example, instead of: - - visudo -f sudoers_file -x output_file - - one would use: - - cvtsudoers -f json -o output_file sudoers_file - - Note that unlike "visudo -x", "cvtsudoers" reads from the - standard input by default. Also, the base DN may be specified - on the command line, if desired, using the -b option. - -o Upgrading from a version prior to 1.8.20: - - Due to the addition of the TIMEOUT, NOTBEFORE and NOTAFTTER - options, it is no longer possible to declare an alias with one - of those names. If a sudoers file has an alias with one of - those names, sudo and visudo will report a syntax error with a - message like "syntax error: unexpected TIMEOUT, expecting ALIAS". - - Starting with version 1.9.3, sudoers rules must end in either - Prior to version 1.8.20, when log_input, log_output or use_pty - were enabled, if any of the standard input, output or error - were not connected to a terminal, sudo would use a pipe. The - pipe allows sudo to interpose itself between the old standard - input, output or error and log the contents. Beginning with - version 1.8.20, a pipe is only used when I/O logging is enabled. - If use_pty is set without log_input or log_output, no pipe will - be used. Additionally, if log_input is set without log_output, - a pipe is only used for the standard input. Likewise, if - log_output is set without log_input, a pipe is only used for - the standard output and standard error. This results in a - noticeable change in behavior if the use_pty flag is set and no - terminal is present when running commands such as scripts that - execute other commands asynchronously (in the background). - Previously, sudo would exit immediately, causing background - commands to terminate with a broken pipe if they attempt to - write to the standard output or standard error. As of version - 1.8.20, a pipe will not be used in this case so the command - will no longer be terminated. - -o Upgrading from a version prior to 1.8.16: - - When editing files with sudoedit, files in a directory that is - writable by the invoking user may no longer be edited by default. - Also, sudoedit will refuse to follow a symbolic link in the - path to be edited if that directory containing the link is - writable by the user. This behavior can be disabled by negating - the sudoedit_checkdir sudoers option, which is now enabled by - default. - -o Upgrading from a version prior to 1.8.15: - - Prior to version 1.8.15, when env_reset was enabled (the default) - and the -s option was not used, the SHELL environment variable - was set to the shell of the invoking user. In 1.8.15 and above, - when env_reset is enabled and the -s option is not used, SHELL - is set based on the target user. - - When editing files with sudoedit, symbolic links will no longer - be followed by default. The old behavior can be restored by - enabling the sudoedit_follow option in sudoers or on a per-command - basis with the FOLLOW and NOFOLLOW tags. - - Prior to version 1.8.15, groups listed in sudoers that were not - found in the system group database were passed to the group - plugin, if any. Starting with 1.8.15, only groups of the form - %:group are resolved via the group plugin by default. The old - behavior can be restored by using the always_query_group_plugin - sudoers option. - - Locking of the time stamp file has changed in sudo 1.8.15. - Previously, the user's entire time stamp file was locked while - retrieving and updating a time stamp record. Now, only a single - record, specific to the tty or parent process ID, is locked. - This lock is held while the user enters their password. If - sudo is suspended at the password prompt (or run in the - background), the lock is dropped until sudo is resumed, at which - point it will be reacquired. This allows sudo to be used in a - pipeline even when a password is required--only one instance - of sudo will prompt for a password. - -o Upgrading from a version prior to 1.8.14: - - On HP-UX, sudo will no longer check for "plugin.sl" if "plugin.so" - is specified but does not exist. This was a temporary hack for - backward compatibility with Sudo 1.8.6 and below when the - plugin path name was not listed in sudo.conf. A plugin path - name that explicitly ends in ".sl" will still work as expected. - -o Upgrading from a version prior to 1.8.12: - - On Solaris, sudo is now able to determine the NIS domain name. - As a result, if you had previously been using netgroups that - do not include the domain, you will need to either set the - domain in the entry or leave the domain part of the tuple blank. - - For example, the following will no longer work: - my-hosts (foo,-,-) (bar,-,-) (baz,-,-) - and should be changed to: - my-hosts (foo,-,) (bar,-,) (baz,-,) - -o Upgrading from a version prior to 1.8.10: - - The time stamp file format has changed in sudo 1.8.10. There - is now a single time stamp file for each user, even when tty-based - time stamps are used. Each time stamp file may contain multiple - records to support tty-based time stamps as well as multiple - authentication users. On systems that support it, monotonic - time is stored instead of wall clock time. As a result, it is - important that the time stamp files not persist when the system - reboots. For this reason, the default location for the time - stamp files has changed back to a directory located in /var/run. - Systems that do not have /var/run (e.g. AIX) or that do not clear - it on boot (e.g. HP-UX) will need to clear the time stamp - directory via a start up script. Such a script is installed by - default on AIX and HP-UX systems. - - Because there is now a single time stamp file per user, the -K - option will remove all of the user's time stamps, not just the - time stamp for the current terminal. - - Lecture status is now stored separately from the time stamps - in a separate directory: /var/db/sudo/lectured, /var/lib/sudo/lectured - or /var/adm/sudo/lectured depending on what is present on the - system. - - LDAP-based sudoers now uses a default search filter of - (objectClass=sudoRole) for more efficient queries. It is - possible to disable the default search filter by specifying - SUDOERS_SEARCH_FILTER in ldap.conf but omitting a value. - -o Upgrading from a version prior to 1.8.7: - - Sudo now stores its libexec files in a "sudo" sub-directory - instead of in libexec itself. For backward compatibility, if - the plugin is not found in the default plugin directory, sudo - will check the parent directory default directory ends in "/sudo". - - The default sudo plugins now all use the .so extension, regardless - of the extension used by system shared libraries. For backward - compatibility, sudo on HP-UX will also search for a plugin with - an .sl extension if the .so version is not found. - - Handling of users belonging to a large number of groups has - changed. Previously, sudo would only use the group list from - the kernel unless the system_group plugin was enabled in sudoers. - Now, sudo will query the groups database if the user belongs - to the maximum number of groups supported by the kernel. See - the group_source and max_groups settings in the sudo.conf manual - for details. - -o Upgrading from a version prior to 1.8.2: - - When matching Unix groups in the sudoers file, sudo will now - match based on the name of the group as it appears in sudoers - instead of the group-ID. This can substantially reduce the - number of group lookups for sudoers files that contain a large - number of groups. There are a few side effects of this change. - - 1) Unix groups with different names but the same group-ID are - can no longer be used interchangeably. Sudo will look up all - of a user's groups by group-ID and use the resulting group - names when matching sudoers entries. If there are multiple - groups with the same ID, the group name returned by the - system getgrgid() library function is the name that will be - used when matching sudoers entries. - - 2) Unix group names specified in the sudoers file that are - longer than the system maximum will no longer match. For - instance, if there is a Unix group "fireflie" on a system - where group names are limited to eight characters, "%fireflies" - in sudoers will no longer match "fireflie". Previously, a - lookup by name of the group "fireflies" would have matched - the "fireflie" group on most systems. - - The legacy group matching behavior may be restored by enabling - the match_group_by_gid Defaults option in sudoers available - in sudo 1.8.18 and higher. - -o Upgrading from a version prior to 1.8.1: - - Changes in the sudoers parser could result in parse errors for - existing sudoers file. These changes cause certain erroneous - entries to be flagged as errors where before they allowed. - Changes include: - - Combining multiple Defaults entries with a backslash. E.g. - - Defaults set_path \ - Defaults syslog - - which should be: - - Defaults set_path - Defaults syslog - - Also, double-quoted strings with a missing end-quote are now - detected and result in an error. Previously, text starting a - double quote and ending with a newline was ignored. E.g. - - Defaults set_path"foo - - In previous versions of sudo, the `"foo' portion would have - been ignored. - - To avoid problems, sudo 1.8.1's "make install" will not install - a new sudo binary if the existing sudoers file has errors. - - In Sudo 1.8.1 the "noexec" functionality has moved out of the - sudoers policy plugin and into the sudo front-end. As a result, - the path to the noexec file is now specified in the sudo.conf - file instead of the sudoers file. If you have a sudoers file - that uses the "noexec_file" option, you will need to move the - definition to the sudo.conf file instead. - - Old style in /etc/sudoers: - Defaults noexec_file=/usr/local/libexec/sudo_noexec.so - - New style in /etc/sudo.conf: - Path noexec /usr/local/libexec/sudo_noexec.so - -o Upgrading from a version prior to 1.8.0: - - Starting with version 1.8.0, sudo uses a modular framework to - support policy and I/O logging plugins. The default policy - plugin is "sudoers" which provides the traditional sudoers - evaluation and I/O logging. Plugins are typically located in - /usr/libexec or /usr/local/libexec, though this is system-dependent. - The sudoers plugin is named "sudoers.so" on most systems. - - The sudo.conf file, usually stored in /etc, is used to configure - plugins. This file is optional--if no plugins are specified - in sudo.conf, the "sudoers" plugin is used. See the example - sudo.conf file in the doc directory or refer to the updated - sudo manual to see how to configure sudo.conf. - - The "askpass" setting has moved from the sudoers file to the - sudo.conf file. If you have a sudoers file that uses the - "askpass" option, you will need to move the definition to the - sudo.conf file. - - Old style in /etc/sudoers: - Defaults askpass=/usr/X11R6/bin/ssh-askpass - - New style in /etc/sudo.conf: - Path askpass /usr/X11R6/bin/ssh-askpass - -o Upgrading from a version prior to 1.7.5: - - Sudo 1.7.5 includes an updated LDAP schema with support for - the sudoNotBefore, sudoNotAfter and sudoOrder attributes. - - The sudoNotBefore and sudoNotAfter attribute support is only - used when the SUDOERS_TIMED setting is enabled in ldap.conf. - If enabled, those attributes are used directly when constructing - an LDAP filter. As a result, your LDAP server must have the - updated schema if you want to use sudoNotBefore and sudoNotAfter. - - The sudoOrder support does not affect the LDAP filter sudo - constructs and so there is no need to explicitly enable it in - ldap.conf. If the sudoOrder attribute is not present in an - entry, a value of 0 is used. If no entries contain sudoOrder - attributes, the results are in whatever order the LDAP server - returns them, as in past versions of sudo. - - Older versions of sudo will simply ignore the new attributes - if they are present in an entry. There are no compatibility - problems using the updated schema with older versions of sudo. - -o Upgrading from a version prior to 1.7.4: - - Starting with sudo 1.7.4, the time stamp files have moved from - /var/run/sudo to either /var/db/sudo, /var/lib/sudo or /var/adm/sudo. - The directories are checked for existence in that order. This - prevents users from receiving the sudo lecture every time the - system reboots. Time stamp files older than the boot time are - ignored on systems where it is possible to determine this. - - Additionally, the tty_tickets sudoers option is now enabled by - default. To restore the old behavior (single time stamp per user), - add a line like: - Defaults !tty_tickets - to sudoers or use the --without-tty-tickets configure option. - - The HOME and MAIL environment variables are now reset based on the - target user's password database entry when the env_reset sudoers option - is enabled (which is the case in the default configuration). Users - wishing to preserve the original values should use a sudoers entry like: - Defaults env_keep += HOME - to preserve the old value of HOME and - Defaults env_keep += MAIL - to preserve the old value of MAIL. - - NOTE: preserving HOME has security implications since many programs - use it when searching for configuration files. Adding HOME to env_keep - may enable a user to run unrestricted commands via sudo. - - The default syslog facility has changed from "local2" to "authpriv" - (or "auth" if the operating system doesn't have "authpriv"). - The --with-logfac configure option can be used to change this - or it can be changed in the sudoers file. - -o Upgrading from a version prior to 1.7.0: - - Starting with sudo 1.7.0, comments in the sudoers file must not - have a digit or minus sign immediately after the comment character - ('#'). Otherwise, the comment may be interpreted as a user or - group-ID. - - When sudo is build with LDAP support the /etc/nsswitch.conf file is - now used to determine the sudoers sea ch order. sudo will default to - only using /etc/sudoers unless /etc/nsswitch.conf says otherwise. - This can be changed with an nsswitch.conf line, e.g.: - sudoers: ldap files - Would case LDAP to be searched first, then the sudoers file. - To restore the pre-1.7.0 behavior, run configure with the - --with-nsswitch=no flag. - - Sudo now ignores user .ldaprc files as well as system LDAP defaults. - All LDAP configuration is now in /etc/ldap.conf (or whichever file - was specified by configure's --with-ldap-conf-file option). - If you are using TLS, you may now need to specify: - tls_checkpeer no - in sudo's ldap.conf unless ldap.conf references a valid certificate - authority file(s). - - Please also see the NEWS file for a list of new features in - sudo 1.7.0. - -o Upgrading from a version prior to 1.6.9: - - Starting with sudo 1.6.9, if an OS supports a modular authentication - method such as PAM, it will be used by default by configure. - - Environment variable handling has changed significantly in sudo - 1.6.9. Prior to version 1.6.9, sudo would preserve the user's - environment, pruning out potentially dangerous variables. - Beginning with sudo 1.6.9, the environment is reset to a default - set of values with only a small number of "safe" variables - preserved. To preserve specific environment variables, add - them to the "env_keep" list in sudoers. E.g. - - Defaults env_keep += "EDITOR" - - The old behavior can be restored by negating the "env_reset" - option in sudoers. E.g. - - Defaults !env_reset - - There have also been changes to how the "env_keep" and - "env_check" options behave. - - Prior to sudo 1.6.9, the TERM and PATH environment variables - would always be preserved even if the env_keep option was - redefined. That is no longer the case. Consequently, if - env_keep is set with "=" and not simply appended to (i.e. using - "+="), PATH and TERM must be explicitly included in the list - of environment variables to keep. The LOGNAME, SHELL, USER, - and USERNAME environment variables are still always set. - - Additionally, the env_check setting previously had no effect - when env_reset was set (which is now on by default). Starting - with sudo 1.6.9, environment variables listed in env_check are - also preserved in the env_reset case, provided that they do not - contain a '/' or '%' character. Note that it is not necessary - to also list a variable in env_keep--having it in env_check is - sufficient. - - The default lists of variables to be preserved and/or checked - are displayed when sudo is run by root with the -V flag. - -o Upgrading from a version prior to 1.6.8: - - Prior to sudo 1.6.8, if /var/run did not exist, sudo would put - the time stamp files in /tmp/.odus. As of sudo 1.6.8, the - time stamp files will be placed in /var/adm/sudo or /usr/adm/sudo - if there is no /var/run directory. This directory will be - created if it does not already exist. - - Previously, a sudoers entry that explicitly prohibited running - a command as a certain user did not override a previous entry - allowing the same command. This has been fixed in sudo 1.6.8 - such that the last match is now used (as it is documented). - Hopefully no one was depending on the previous (buggy) behavior. - -o Upgrading from a version prior to 1.6: - - As of sudo 1.6, parsing of runas entries and the NOPASSWD tag - has changed. Prior to 1.6, a runas specifier applied only to - a single command directly following it. Likewise, the NOPASSWD - tag only allowed the command directly following it to be run - without a password. Starting with sudo 1.6, both the runas - specifier and the NOPASSWD tag are "sticky" for an entire - command list. So, given the following line in sudo < 1.6 - - millert ALL=(daemon) NOPASSWD:/usr/bin/whoami,/bin/ls - - millert would be able to run /usr/bin/whoami as user daemon - without a password and /bin/ls as root with a password. - - As of sudo 1.6, the same line now means that millert is able - to run run both /usr/bin/whoami and /bin/ls as user daemon - without a password. To expand on this, take the following - example: - - millert ALL=(daemon) NOPASSWD:/usr/bin/whoami, (root) /bin/ls, \ - /sbin/dump - - millert can run /usr/bin/whoami as daemon and /bin/ls and - /sbin/dump as root. No password need be given for either - command. In other words, the "(root)" sets the default runas - user to root for the rest of the list. If we wanted to require - a password for /bin/ls and /sbin/dump the line could be written - as: - - millert ALL=(daemon) NOPASSWD:/usr/bin/whoami, \ - (root) PASSWD:/bin/ls, /sbin/dump - - Additionally, sudo now uses a per-user time stamp directory - instead of a time stamp file. This allows tty time stamps to - simply be files within the user's time stamp dir. For the - default, non-tty case, the time stamp on the directory itself - is used. - - Also, the temporary file used by visudo is now /etc/sudoers.tmp - since some versions of vipw on systems with shadow passwords use - /etc/stmp for the temporary shadow file. - -o Upgrading from a version prior to 1.5: - - By default, sudo expects the sudoers file to be mode 0440 and - to be owned by user and group 0. This differs from version 1.4 - and below which expected the sudoers file to be mode 0400 and - to be owned by root. Doing a `make install' will set the sudoers - file to the new mode and group. If sudo encounters a sudoers - file with the old permissions it will attempt to update it to - the new scheme. You cannot, however, use a sudoers file with - the new permissions with an old sudo binary. It is suggested - that if have a means of distributing sudo you distribute the - new binaries first, then the new sudoers file (or you can leave - sudoers as is and sudo will fix the permissions itself as long - as sudoers is on a local file system). diff -Nru sudo-1.9.5p2/doc/cvtsudoers.man.in sudo-1.9.9/doc/cvtsudoers.man.in --- sudo-1.9.5p2/doc/cvtsudoers.man.in 2020-12-17 01:33:43.000000000 +0000 +++ sudo-1.9.9/doc/cvtsudoers.man.in 1970-01-01 00:00:00.000000000 +0000 @@ -1,513 +0,0 @@ -.\" Automatically generated from an mdoc input file. Do not edit. -.\" -.\" SPDX-License-Identifier: ISC -.\" -.\" Copyright (c) 2018 Todd C. Miller -.\" -.\" Permission to use, copy, modify, and distribute this software for any -.\" purpose with or without fee is hereby granted, provided that the above -.\" copyright notice and this permission notice appear in all copies. -.\" -.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES -.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF -.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR -.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES -.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN -.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF -.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. -.\" -.TH "CVTSUDOERS" "1" "December 11, 2018" "Sudo @PACKAGE_VERSION@" "General Commands Manual" -.nh -.if n .ad l -.SH "NAME" -\fBcvtsudoers\fR -\- convert between sudoers file formats -.SH "SYNOPSIS" -.HP 11n -\fBcvtsudoers\fR -[\fB\-ehMpV\fR] -[\fB\-b\fR\ \fIdn\fR] -[\fB\-c\fR\ \fIconf_file\fR] -[\fB\-d\fR\ \fIdeftypes\fR] -[\fB\-f\fR\ \fIoutput_format\fR] -[\fB\-i\fR\ \fIinput_format\fR] -[\fB\-I\fR\ \fIincrement\fR] -[\fB\-m\fR\ \fIfilter\fR] -[\fB\-o\fR\ \fIoutput_file\fR] -[\fB\-O\fR\ \fIstart_point\fR] -[\fB\-P\fR\ \fIpadding\fR] -[\fB\-s\fR\ \fIsections\fR] -[\fIinput_file\fR] -.SH "DESCRIPTION" -\fBcvtsudoers\fR -can be used to convert between -\fIsudoers\fR -security policy file formats. -The default input format is sudoers. -The default output format is LDIF. -It is only possible to convert a -\fIsudoers\fR -file that is syntactically correct. -.PP -If no -\fIinput_file\fR -is specified, or if it is -\(oq-\(cq, -the policy is read from the standard input. -By default, the result is written to the standard output. -.PP -The options are as follows: -.TP 12n -\fB\-b\fR \fIdn\fR, \fB\--base\fR=\fIdn\fR -The base DN (distinguished name) that will be used when performing -LDAP queries. -Typically this is of the form -\fRou=SUDOers,dc=my-domain,dc=com\fR -for the domain -\fRmy-domain.com\fR. -If this option is not specified, the value of the -\fRSUDOERS_BASE\fR -environment variable will be used instead. -Only necessary when converting to LDIF format. -.TP 12n -\fB\-c\fR \fIconf_file\fR, \fB\--config\fR=\fIconf_file\fR -Specify the path to the configuration file. -Defaults to -\fI@sysconfdir@/cvtsudoers.conf\fR. -.TP 12n -\fB\-d\fR \fIdeftypes\fR, \fB\--defaults\fR=\fIdeftypes\fR -Only convert -\fRDefaults\fR -entries of the specified types. -One or more -\fRDefaults\fR -types may be specified, separated by a comma -(\(oq\&,\(cq). -The supported types are: -.PP -.RS 12n -.PD 0 -.TP 10n -all -All Defaults entries. -.PD -.TP 10n -global -Global Defaults entries that are applied regardless of -user, runas, host or command. -.TP 10n -user -Per-user Defaults entries. -.TP 10n -runas -Per-runas user Defaults entries. -.TP 10n -host -Per-host Defaults entries. -.TP 10n -command -Per-command Defaults entries. -.PP -See the -\fBDefaults\fR -section in -sudoers(@mansectform@) -for more information. -.sp -If the -\fB\-d\fR -option is not specified, all -\fRDefaults\fR -entries will be converted. -.RE -.TP 12n -\fB\-e\fR, \fB\--expand-aliases\fR -Expand aliases in -\fIinput_file\fR. -Aliases are preserved by default when the output -\fIformat\fR -is JSON or sudoers. -.TP 12n -\fB\-f\fR \fIoutput_format\fR, \fB\--output-format\fR=\fIoutput_format\fR -Specify the output format (case-insensitive). -The following formats are supported: -.PP -.RS 12n -.PD 0 -.TP 10n -JSON -JSON (JavaScript Object Notation) files are usually easier for -third-party applications to consume than the traditional -\fIsudoers\fR -format. -The various values have explicit types which removes much of the -ambiguity of the -\fIsudoers\fR -format. -.PD -.TP 10n -LDIF -LDIF (LDAP Data Interchange Format) files can be imported into an LDAP -server for use with -sudoers.ldap(@mansectform@). -.sp -Conversion to LDIF has the following limitations: -.PP -.RS 10n -.PD 0 -.TP 3n -\fB\(bu\fR -Command, host, runas and user-specific Defaults lines cannot be -translated as they don't have an equivalent in the sudoers LDAP schema. -.PD -.TP 3n -\fB\(bu\fR -Command, host, runas and user aliases are not supported by the -sudoers LDAP schema so they are expanded during the conversion. -.PD 0 -.PP -.RE -.PD -.TP 10n -sudoers -Traditional sudoers format. -A new sudoers file will be reconstructed from the parsed input file. -Comments are not preserved and data from any include files will be -output inline. -.PD 0 -.PP -.RE -.PD -.TP 12n -\fB\-h\fR, \fB\--help\fR -Display a short help message to the standard output and exit. -.TP 12n -\fB\-i\fR \fIinput_format\fR, \fB\--input-format\fR=\fIinput_format\fR -Specify the input format. -The following formats are supported: -.PP -.RS 12n -.PD 0 -.TP 10n -LDIF -LDIF (LDAP Data Interchange Format) files can be exported from an LDAP -server to convert security policies used by -sudoers.ldap(@mansectform@). -If a base DN (distinguished name) is specified, only sudoRole objects -that match the base DN will be processed. -Not all sudoOptions specified in a sudoRole can be translated from -LDIF to sudoers format. -.PD -.TP 10n -sudoers -Traditional sudoers format. -This is the default input format. -.PD 0 -.PP -.RE -.PD -.TP 12n -\fB\-I\fR \fIincrement\fR, \fB\--increment\fR=\fIincrement\fR -When generating LDIF output, increment each sudoOrder attribute by -the specified number. -Defaults to an increment of 1. -.TP 12n -\fB\-m\fR \fIfilter\fR, \fB\--match\fR=\fIfilter\fR -Only output rules that match the specified -\fIfilter\fR. -A -\fIfilter\fR -expression is made up of one or more -\fBkey =\fR \fIvalue\fR -pairs, separated by a comma -(\(oq\&,\(cq). -The -\fBkey\fR -may be -\(lquser\(rq, -\(lqgroup\(rq -or -\(lqhost\(rq. -For example, -\fBuser\fR = \fIoperator\fR -or -\fBhost\fR = \fIwww\fR. -An upper-case User_Alias or Host_Alias may be specified as the -\(lquser\(rq -or -\(lqhost\(rq. -.sp -A matching -\fIsudoers\fR -rule may also include users, groups and hosts that are not part of the -\fIfilter\fR. -This can happen when a rule includes multiple users, groups or hosts. -To prune out any non-matching user, group or host from the rules, the -\fB\-p\fR -option may be used. -.sp -By default, the password and group databases are not consulted when matching -against the filter so the users and groups do not need to be present -on the local system (see the -\fB\-M\fR -option). -Only aliases that are referenced by the filtered policy rules will -be displayed. -.TP 12n -\fB\-M\fR, \fB\--match-local\fR -When the -\fB\-m\fR -option is also specified, use password and group database information -when matching users and groups in the filter. -Only users and groups in the filter that exist on the local system will match, -and a user's groups will automatically be added to the filter. -If the -\fB\-M\fR -is -\fInot\fR -specified, users and groups in the filter do not need to exist on the -local system, but all groups used for matching must be explicitly listed -in the filter. -.TP 12n -\fB\-o\fR \fIoutput_file\fR, \fB\--output\fR=\fIoutput_file\fR -Write the converted output to -\fIoutput_file\fR. -If no -\fIoutput_file\fR -is specified, or if it is -\(oq-\(cq, -the converted -\fIsudoers\fR -policy will be written to the standard output. -.TP 12n -\fB\-O\fR \fIstart_point\fR, \fB\--order-start\fR=\fIstart_point\fR -When generating LDIF output, use the number specified by -\fIstart_point\fR -in the sudoOrder attribute of the first sudoRole object. -Subsequent sudoRole object use a sudoOrder value generated by adding an -\fIincrement\fR, -see the -\fB\-I\fR -option for details. -Defaults to a starting point of 1. -A starting point of 0 will disable the generation of sudoOrder -attributes in the resulting LDIF file. -.TP 12n -\fB\-p\fR, \fB\--prune-matches\fR -When the -\fB\-m\fR -option is also specified, -\fBcvtsudoers\fR -will prune out non-matching users, groups and hosts from -matching entries. -.TP 12n -\fB\-P\fR \fIpadding\fR, \fB\--padding\fR=\fIpadding\fR -When generating LDIF output, construct the initial sudoOrder value by -concatenating -\fIorder_start\fR -and -\fIincrement\fR, -padding the -\fIincrement\fR -with zeros until it consists of -\fIpadding\fR -digits. -For example, if -\fIorder_start\fR -is 1027, -\fIpadding\fR -is 3, and -\fIincrement\fR -is 1, the value of sudoOrder for the first entry will be 1027000, -followed by 1027001, 1027002, etc. -If the number of sudoRole entries is larger than the padding would allow, -\fBcvtsudoers\fR -will exit with an error. -By default, no padding is performed. -.TP 12n -\fB\-s\fR \fIsections\fR, \fB\--suppress\fR=\fIsections\fR -Suppress the output of specific -\fIsections\fR -of the security policy. -One or more section names may be specified, separated by a comma -(\(oq\&,\(cq). -The supported section name are: -\fBdefaults\fR, -\fBaliases\fR -and -\fBprivileges\fR -(which may be shortened to -\fBprivs\fR). -.TP 12n -\fB\-V\fR, \fB\--version\fR -Print the -\fBcvtsudoers\fR -and -\fIsudoers\fR -grammar versions and exit. -.PP -Options in the form -\(lqkeyword = value\(rq -may also be specified in a configuration file, -\fI@sysconfdir@/cvtsudoers.conf\fR -by default. -The following keywords are recognized: -.TP 6n -\fBdefaults =\fR \fIdeftypes\fR -See the description of the -\fB\-d\fR -command line option. -.TP 6n -\fBexpand_aliases =\fR \fIyes\fR | \fIno\fR -See the description of the -\fB\-e\fR -command line option. -.TP 6n -\fBinput_format =\fR \fIldif\fR | \fIsudoers\fR -See the description of the -\fB\-i\fR -command line option. -.TP 6n -\fBmatch =\fR \fIfilter\fR -See the description of the -\fB\-m\fR -command line option. -.TP 6n -\fBorder_increment =\fR \fIincrement\fR -See the description of the -\fB\-I\fR -command line option. -.TP 6n -\fBorder_start =\fR \fIstart_point\fR -See the description of the -\fB\-O\fR -command line option. -.TP 6n -\fBoutput_format =\fR \fIjson\fR | \fIldif\fR | \fIsudoers\fR -See the description of the -\fB\-f\fR -command line option. -.TP 6n -\fBpadding =\fR \fIpadding\fR -See the description of the -\fB\-P\fR -command line option. -.TP 6n -\fBprune_matches =\fR \fIyes\fR | \fIno\fR -See the description of the -\fB\-p\fR -command line option. -.TP 6n -\fBsudoers_base =\fR \fIdn\fR -See the description of the -\fB\-b\fR -command line option. -.TP 6n -\fBsuppress =\fR \fIsections\fR -See the description of the -\fB\-s\fR -command line option. -.PP -Options on the command line will override values from the -configuration file. -.SH "FILES" -.TP 26n -\fI@sysconfdir@/cvtsudoers.conf\fR -default configuration for cvtsudoers -.SH "EXAMPLES" -Convert -\fI/etc/sudoers\fR -to LDIF (LDAP Data Interchange Format) where the -\fIldap.conf\fR -file uses a -\fIsudoers_base\fR -of my-domain,dc=com, storing the result in -\fIsudoers.ldif\fR: -.nf -.sp -.RS 6n -$ cvtsudoers -b ou=SUDOers,dc=my-domain,dc=com -o sudoers.ldif \e - /etc/sudoers -.RE -.fi -.PP -Convert -\fI/etc/sudoers\fR -to JSON format, storing the result in -\fIsudoers.json\fR: -.nf -.sp -.RS 6n -$ cvtsudoers -f json -o sudoers.json /etc/sudoers -.RE -.fi -.PP -Parse -\fI/etc/sudoers\fR -and display only rules that match user -\fIambrose\fR -on host -\fIhastur\fR: -.nf -.sp -.RS 6n -$ cvtsudoers -f sudoers -m user=ambrose,host=hastur /etc/sudoers -.RE -.fi -.PP -Same as above, but expand aliases and prune out any non-matching -users and hosts from the expanded entries. -.nf -.sp -.RS 6n -$ cvtsudoers -ep -f sudoers -m user=ambrose,host=hastur /etc/sudoers -.RE -.fi -.PP -Convert -\fIsudoers.ldif\fR -from LDIF to traditional -\fIsudoers\fR -format: -.nf -.sp -.RS 6n -$ cvtsudoers -i ldif -f sudoers -o sudoers.new sudoers.ldif -.RE -.fi -.SH "SEE ALSO" -sudoers(@mansectform@), -sudoers.ldap(@mansectform@), -sudo(@mansectsu@) -.SH "AUTHORS" -Many people have worked on -\fBsudo\fR -over the years; this version consists of code written primarily by: -.sp -.RS 6n -Todd C. Miller -.RE -.PP -See the CONTRIBUTORS file in the -\fBsudo\fR -distribution (https://www.sudo.ws/contributors.html) for an -exhaustive list of people who have contributed to -\fBsudo\fR. -.SH "BUGS" -If you feel you have found a bug in -\fBcvtsudoers\fR, -please submit a bug report at https://bugzilla.sudo.ws/ -.SH "SUPPORT" -Limited free support is available via the sudo-users mailing list, -see https://www.sudo.ws/mailman/listinfo/sudo-users to subscribe or -search the archives. -.SH "DISCLAIMER" -\fBcvtsudoers\fR -is provided -\(lqAS IS\(rq -and any express or implied warranties, including, but not limited -to, the implied warranties of merchantability and fitness for a -particular purpose are disclaimed. -See the LICENSE file distributed with -\fBsudo\fR -or https://www.sudo.ws/license.html for complete details. diff -Nru sudo-1.9.5p2/doc/cvtsudoers.mdoc.in sudo-1.9.9/doc/cvtsudoers.mdoc.in --- sudo-1.9.5p2/doc/cvtsudoers.mdoc.in 2020-12-17 01:33:43.000000000 +0000 +++ sudo-1.9.9/doc/cvtsudoers.mdoc.in 1970-01-01 00:00:00.000000000 +0000 @@ -1,439 +0,0 @@ -.\" -.\" SPDX-License-Identifier: ISC -.\" -.\" Copyright (c) 2018 Todd C. Miller -.\" -.\" Permission to use, copy, modify, and distribute this software for any -.\" purpose with or without fee is hereby granted, provided that the above -.\" copyright notice and this permission notice appear in all copies. -.\" -.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES -.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF -.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR -.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES -.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN -.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF -.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. -.\" -.Dd December 11, 2018 -.Dt CVTSUDOERS 1 -.Os Sudo @PACKAGE_VERSION@ -.Sh NAME -.Nm cvtsudoers -.Nd convert between sudoers file formats -.Sh SYNOPSIS -.Nm cvtsudoers -.Op Fl ehMpV -.Op Fl b Ar dn -.Op Fl c Ar conf_file -.Op Fl d Ar deftypes -.Op Fl f Ar output_format -.Op Fl i Ar input_format -.Op Fl I Ar increment -.Op Fl m Ar filter -.Op Fl o Ar output_file -.Op Fl O Ar start_point -.Op Fl P Ar padding -.Op Fl s Ar sections -.Op Ar input_file -.Sh DESCRIPTION -.Nm -can be used to convert between -.Em sudoers -security policy file formats. -The default input format is sudoers. -The default output format is LDIF. -It is only possible to convert a -.Em sudoers -file that is syntactically correct. -.Pp -If no -.Ar input_file -is specified, or if it is -.Ql - , -the policy is read from the standard input. -By default, the result is written to the standard output. -.Pp -The options are as follows: -.Bl -tag -width Fl -.It Fl b Ar dn , Fl -base Ns = Ns Ar dn -The base DN (distinguished name) that will be used when performing -LDAP queries. -Typically this is of the form -.Li ou=SUDOers,dc=my-domain,dc=com -for the domain -.Li my-domain.com . -If this option is not specified, the value of the -.Ev SUDOERS_BASE -environment variable will be used instead. -Only necessary when converting to LDIF format. -.It Fl c Ar conf_file , Fl -config Ns = Ns Ar conf_file -Specify the path to the configuration file. -Defaults to -.Pa @sysconfdir@/cvtsudoers.conf . -.It Fl d Ar deftypes , Fl -defaults Ns = Ns Ar deftypes -Only convert -.Li Defaults -entries of the specified types. -One or more -.Li Defaults -types may be specified, separated by a comma -.Pq Ql \&, . -The supported types are: -.Bl -tag -width 8n -.It all -All Defaults entries. -.It global -Global Defaults entries that are applied regardless of -user, runas, host or command. -.It user -Per-user Defaults entries. -.It runas -Per-runas user Defaults entries. -.It host -Per-host Defaults entries. -.It command -Per-command Defaults entries. -.El -.Pp -See the -.Sy Defaults -section in -.Xr sudoers @mansectform@ -for more information. -.Pp -If the -.Fl d -option is not specified, all -.Li Defaults -entries will be converted. -.It Fl e , Fl -expand-aliases -Expand aliases in -.Ar input_file . -Aliases are preserved by default when the output -.Ar format -is JSON or sudoers. -.It Fl f Ar output_format , Fl -output-format Ns = Ns Ar output_format -Specify the output format (case-insensitive). -The following formats are supported: -.Bl -tag -width 8n -.It JSON -JSON (JavaScript Object Notation) files are usually easier for -third-party applications to consume than the traditional -.Em sudoers -format. -The various values have explicit types which removes much of the -ambiguity of the -.Em sudoers -format. -.It LDIF -LDIF (LDAP Data Interchange Format) files can be imported into an LDAP -server for use with -.Xr sudoers.ldap @mansectform@ . -.Pp -Conversion to LDIF has the following limitations: -.Bl -bullet -width 1n -.It -Command, host, runas and user-specific Defaults lines cannot be -translated as they don't have an equivalent in the sudoers LDAP schema. -.It -Command, host, runas and user aliases are not supported by the -sudoers LDAP schema so they are expanded during the conversion. -.El -.It sudoers -Traditional sudoers format. -A new sudoers file will be reconstructed from the parsed input file. -Comments are not preserved and data from any include files will be -output inline. -.El -.It Fl h , Fl -help -Display a short help message to the standard output and exit. -.It Fl i Ar input_format , Fl -input-format Ns = Ns Ar input_format -Specify the input format. -The following formats are supported: -.Bl -tag -width 8n -.It LDIF -LDIF (LDAP Data Interchange Format) files can be exported from an LDAP -server to convert security policies used by -.Xr sudoers.ldap @mansectform@ . -If a base DN (distinguished name) is specified, only sudoRole objects -that match the base DN will be processed. -Not all sudoOptions specified in a sudoRole can be translated from -LDIF to sudoers format. -.It sudoers -Traditional sudoers format. -This is the default input format. -.El -.It Fl I Ar increment , Fl -increment Ns = Ns Ar increment -When generating LDIF output, increment each sudoOrder attribute by -the specified number. -Defaults to an increment of 1. -.It Fl m Ar filter , Fl -match Ns = Ns Ar filter -Only output rules that match the specified -.Ar filter . -A -.Ar filter -expression is made up of one or more -.Sy key = Ar value -pairs, separated by a comma -.Pq Ql \&, . -The -.Sy key -may be -.Dq user , -.Dq group -or -.Dq host . -For example, -.Sy user No = Ar operator -or -.Sy host No = Ar www . -An upper-case User_Alias or Host_Alias may be specified as the -.Dq user -or -.Dq host . -.Pp -A matching -.Em sudoers -rule may also include users, groups and hosts that are not part of the -.Ar filter . -This can happen when a rule includes multiple users, groups or hosts. -To prune out any non-matching user, group or host from the rules, the -.Fl p -option may be used. -.Pp -By default, the password and group databases are not consulted when matching -against the filter so the users and groups do not need to be present -on the local system (see the -.Fl M -option). -Only aliases that are referenced by the filtered policy rules will -be displayed. -.It Fl M , Fl -match-local -When the -.Fl m -option is also specified, use password and group database information -when matching users and groups in the filter. -Only users and groups in the filter that exist on the local system will match, -and a user's groups will automatically be added to the filter. -If the -.Fl M -is -.Em not -specified, users and groups in the filter do not need to exist on the -local system, but all groups used for matching must be explicitly listed -in the filter. -.It Fl o Ar output_file , Fl -output Ns = Ns Ar output_file -Write the converted output to -.Ar output_file . -If no -.Ar output_file -is specified, or if it is -.Ql - , -the converted -.Em sudoers -policy will be written to the standard output. -.It Fl O Ar start_point , Fl -order-start Ns = Ns Ar start_point -When generating LDIF output, use the number specified by -.Ar start_point -in the sudoOrder attribute of the first sudoRole object. -Subsequent sudoRole object use a sudoOrder value generated by adding an -.Ar increment , -see the -.Fl I -option for details. -Defaults to a starting point of 1. -A starting point of 0 will disable the generation of sudoOrder -attributes in the resulting LDIF file. -.It Fl p , Fl -prune-matches -When the -.Fl m -option is also specified, -.Nm -will prune out non-matching users, groups and hosts from -matching entries. -.It Fl P Ar padding , Fl -padding Ns = Ns Ar padding -When generating LDIF output, construct the initial sudoOrder value by -concatenating -.Ar order_start -and -.Ar increment , -padding the -.Ar increment -with zeros until it consists of -.Ar padding -digits. -For example, if -.Ar order_start -is 1027, -.Ar padding -is 3, and -.Ar increment -is 1, the value of sudoOrder for the first entry will be 1027000, -followed by 1027001, 1027002, etc. -If the number of sudoRole entries is larger than the padding would allow, -.Nm -will exit with an error. -By default, no padding is performed. -.It Fl s Ar sections , Fl -suppress Ns = Ns Ar sections -Suppress the output of specific -.Ar sections -of the security policy. -One or more section names may be specified, separated by a comma -.Pq Ql \&, . -The supported section name are: -.Sy defaults , -.Sy aliases -and -.Sy privileges -(which may be shortened to -.Sy privs ) . -.It Fl V , -version -Print the -.Nm -and -.Em sudoers -grammar versions and exit. -.El -.Pp -Options in the form -.Dq keyword = value -may also be specified in a configuration file, -.Pa @sysconfdir@/cvtsudoers.conf -by default. -The following keywords are recognized: -.Bl -tag -width 4n -.It Sy defaults = Ar deftypes -See the description of the -.Fl d -command line option. -.It Sy expand_aliases = Ar yes | no -See the description of the -.Fl e -command line option. -.It Sy input_format = Ar ldif | sudoers -See the description of the -.Fl i -command line option. -.It Sy match = Ar filter -See the description of the -.Fl m -command line option. -.It Sy order_increment = Ar increment -See the description of the -.Fl I -command line option. -.It Sy order_start = Ar start_point -See the description of the -.Fl O -command line option. -.It Sy output_format = Ar json | ldif | sudoers -See the description of the -.Fl f -command line option. -.It Sy padding = Ar padding -See the description of the -.Fl P -command line option. -.It Sy prune_matches = Ar yes | no -See the description of the -.Fl p -command line option. -.It Sy sudoers_base = Ar dn -See the description of the -.Fl b -command line option. -.It Sy suppress = Ar sections -See the description of the -.Fl s -command line option. -.El -.Pp -Options on the command line will override values from the -configuration file. -.Sh FILES -.Bl -tag -width 24n -.It Pa @sysconfdir@/cvtsudoers.conf -default configuration for cvtsudoers -.El -.Sh EXAMPLES -Convert -.Pa /etc/sudoers -to LDIF (LDAP Data Interchange Format) where the -.Pa ldap.conf -file uses a -.Em sudoers_base -of my-domain,dc=com, storing the result in -.Pa sudoers.ldif : -.Bd -literal -offset indent -$ cvtsudoers -b ou=SUDOers,dc=my-domain,dc=com -o sudoers.ldif \e - /etc/sudoers -.Ed -.Pp -Convert -.Pa /etc/sudoers -to JSON format, storing the result in -.Pa sudoers.json : -.Bd -literal -offset indent -$ cvtsudoers -f json -o sudoers.json /etc/sudoers -.Ed -.Pp -Parse -.Pa /etc/sudoers -and display only rules that match user -.Em ambrose -on host -.Em hastur : -.Bd -literal -offset indent -$ cvtsudoers -f sudoers -m user=ambrose,host=hastur /etc/sudoers -.Ed -.Pp -Same as above, but expand aliases and prune out any non-matching -users and hosts from the expanded entries. -.Bd -literal -offset indent -$ cvtsudoers -ep -f sudoers -m user=ambrose,host=hastur /etc/sudoers -.Ed -.Pp -Convert -.Pa sudoers.ldif -from LDIF to traditional -.Em sudoers -format: -.Bd -literal -offset indent -$ cvtsudoers -i ldif -f sudoers -o sudoers.new sudoers.ldif -.Ed -.Sh SEE ALSO -.Xr sudoers @mansectform@ , -.Xr sudoers.ldap @mansectform@ , -.Xr sudo @mansectsu@ -.Sh AUTHORS -Many people have worked on -.Nm sudo -over the years; this version consists of code written primarily by: -.Bd -ragged -offset indent -.An Todd C. Miller -.Ed -.Pp -See the CONTRIBUTORS file in the -.Nm sudo -distribution (https://www.sudo.ws/contributors.html) for an -exhaustive list of people who have contributed to -.Nm sudo . -.Sh BUGS -If you feel you have found a bug in -.Nm , -please submit a bug report at https://bugzilla.sudo.ws/ -.Sh SUPPORT -Limited free support is available via the sudo-users mailing list, -see https://www.sudo.ws/mailman/listinfo/sudo-users to subscribe or -search the archives. -.Sh DISCLAIMER -.Nm -is provided -.Dq AS IS -and any express or implied warranties, including, but not limited -to, the implied warranties of merchantability and fitness for a -particular purpose are disclaimed. -See the LICENSE file distributed with -.Nm sudo -or https://www.sudo.ws/license.html for complete details. diff -Nru sudo-1.9.5p2/doc/fixman.sh sudo-1.9.9/doc/fixman.sh --- sudo-1.9.5p2/doc/fixman.sh 2020-12-17 01:33:43.000000000 +0000 +++ sudo-1.9.9/doc/fixman.sh 1970-01-01 00:00:00.000000000 +0000 @@ -1,39 +0,0 @@ -#!/bin/sh -# -# SPDX-License-Identifier: ISC -# -# Copyright (c) 2012-2014, 2017 Todd C. Miller -# -# Permission to use, copy, modify, and distribute this software for any -# purpose with or without fee is hereby granted, provided that the above -# copyright notice and this permission notice appear in all copies. -# -# THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES -# WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF -# MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR -# ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES -# WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN -# ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF -# OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. -# - -OUTFILE="$1" -rm -f "$OUTFILE" -> "$OUTFILE" - -# HP-UX friendly header/footer for all man pages -if [ X"`uname 2>&1`" = X"HP-UX" ]; then - cat >>"$OUTFILE" <<-'EOF' - s/^\.TH \("[^"]*"\) \("[^"]*"\) "\([^"]*\)" "\([^"]*\)" \("[^"]*"\)/.TH \1 \2\ - .ds )H \4\ - .ds ]W \3/ -EOF -fi - -# Replace "0 minutes" with "unlimited" -cat >>"$OUTFILE" <<-'EOF' - /^\\fR0\\fR$/ { - N - s/^\\fR0\\fR\nminutes\.$/unlimited./ - } -EOF diff -Nru sudo-1.9.5p2/doc/fixmdoc.sed sudo-1.9.9/doc/fixmdoc.sed --- sudo-1.9.5p2/doc/fixmdoc.sed 2020-12-17 01:33:43.000000000 +0000 +++ sudo-1.9.9/doc/fixmdoc.sed 1970-01-01 00:00:00.000000000 +0000 @@ -1,5 +0,0 @@ -# Replace "0 minutes" with "unlimited" -/^\.Li 0$/ { - N - s/^\.Li 0\nminutes\.$/unlimited./ -} diff -Nru sudo-1.9.5p2/doc/schema.ActiveDirectory sudo-1.9.9/doc/schema.ActiveDirectory --- sudo-1.9.5p2/doc/schema.ActiveDirectory 2020-12-17 01:33:43.000000000 +0000 +++ sudo-1.9.9/doc/schema.ActiveDirectory 1970-01-01 00:00:00.000000000 +0000 @@ -1,255 +0,0 @@ -# -# Active Directory Schema for sudo configuration (sudoers) -# -# To extend your Active Directory schema, run one of the following command -# on your Windows DC (default port - Active Directory): -# -# ldifde -i -f schema.ActiveDirectory -c "CN=Schema,CN=Configuration,DC=X" #schemaNamingContext -# -# or on your Windows DC if using another port (with Active Directory LightWeight Directory Services / ADAM-Active Directory Application Mode) -# Port 50000 by example (or any other port specified when defining the ADLDS/ADAM instance -# -# ldifde -i -f schema.ActiveDirectory -t 50000 -c "CN=Schema,CN=Configuration,DC=X" #schemaNamingContext -# -# or -# -# ldifde -i -f schema.ActiveDirectory -s server:port -c "CN=Schema,CN=Configuration,DC=X" #schemaNamingContext -# -# Can add username domain and password -# -# -b username domain password -# -# Can create Log file in current or any directory -# -# -j . -# - -dn: CN=sudoUser,CN=Schema,CN=Configuration,DC=X -changetype: add -objectClass: top -objectClass: attributeSchema -cn: sudoUser -distinguishedName: CN=sudoUser,CN=Schema,CN=Configuration,DC=X -instanceType: 4 -attributeID: 1.3.6.1.4.1.15953.9.1.1 -attributeSyntax: 2.5.5.5 -isSingleValued: FALSE -showInAdvancedViewOnly: TRUE -adminDisplayName: sudoUser -adminDescription: User(s) who may run sudo -oMSyntax: 22 -searchFlags: 1 -lDAPDisplayName: sudoUser -name: sudoUser -schemaIDGUID:: JrGcaKpnoU+0s+HgeFjAbg== -objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X - -dn: CN=sudoHost,CN=Schema,CN=Configuration,DC=X -changetype: add -objectClass: top -objectClass: attributeSchema -cn: sudoHost -distinguishedName: CN=sudoHost,CN=Schema,CN=Configuration,DC=X -instanceType: 4 -attributeID: 1.3.6.1.4.1.15953.9.1.2 -attributeSyntax: 2.5.5.5 -isSingleValued: FALSE -showInAdvancedViewOnly: TRUE -adminDisplayName: sudoHost -adminDescription: Host(s) who may run sudo -oMSyntax: 22 -lDAPDisplayName: sudoHost -name: sudoHost -schemaIDGUID:: d0TTjg+Y6U28g/Y+ns2k4w== -objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X - -dn: CN=sudoCommand,CN=Schema,CN=Configuration,DC=X -changetype: add -objectClass: top -objectClass: attributeSchema -cn: sudoCommand -distinguishedName: CN=sudoCommand,CN=Schema,CN=Configuration,DC=X -instanceType: 4 -attributeID: 1.3.6.1.4.1.15953.9.1.3 -attributeSyntax: 2.5.5.5 -isSingleValued: FALSE -showInAdvancedViewOnly: TRUE -adminDisplayName: sudoCommand -adminDescription: Command(s) to be executed by sudo -oMSyntax: 22 -lDAPDisplayName: sudoCommand -name: sudoCommand -schemaIDGUID:: D6QR4P5UyUen3RGYJCHCPg== -objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X - -dn: CN=sudoRunAs,CN=Schema,CN=Configuration,DC=X -changetype: add -objectClass: top -objectClass: attributeSchema -cn: sudoRunAs -distinguishedName: CN=sudoRunAs,CN=Schema,CN=Configuration,DC=X -instanceType: 4 -attributeID: 1.3.6.1.4.1.15953.9.1.4 -attributeSyntax: 2.5.5.5 -isSingleValued: FALSE -showInAdvancedViewOnly: TRUE -adminDisplayName: sudoRunAs -adminDescription: User(s) impersonated by sudo (deprecated) -oMSyntax: 22 -lDAPDisplayName: sudoRunAs -name: sudoRunAs -schemaIDGUID:: CP98mCQTyUKKxGrQeM80hQ== -objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X - -dn: CN=sudoOption,CN=Schema,CN=Configuration,DC=X -changetype: add -objectClass: top -objectClass: attributeSchema -cn: sudoOption -distinguishedName: CN=sudoOption,CN=Schema,CN=Configuration,DC=X -instanceType: 4 -attributeID: 1.3.6.1.4.1.15953.9.1.5 -attributeSyntax: 2.5.5.5 -isSingleValued: FALSE -showInAdvancedViewOnly: TRUE -adminDisplayName: sudoOption -adminDescription: Option(s) followed by sudo -oMSyntax: 22 -lDAPDisplayName: sudoOption -name: sudoOption -schemaIDGUID:: ojaPzBBlAEmsvrHxQctLnA== -objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X - -dn: CN=sudoRunAsUser,CN=Schema,CN=Configuration,DC=X -changetype: add -objectClass: top -objectClass: attributeSchema -cn: sudoRunAsUser -distinguishedName: CN=sudoRunAsUser,CN=Schema,CN=Configuration,DC=X -instanceType: 4 -attributeID: 1.3.6.1.4.1.15953.9.1.6 -attributeSyntax: 2.5.5.5 -isSingleValued: FALSE -showInAdvancedViewOnly: TRUE -adminDisplayName: sudoRunAsUser -adminDescription: User(s) impersonated by sudo -oMSyntax: 22 -lDAPDisplayName: sudoRunAsUser -name: sudoRunAsUser -schemaIDGUID:: 9C52yPYd3RG3jMR2VtiVkw== -objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X - -dn: CN=sudoRunAsGroup,CN=Schema,CN=Configuration,DC=X -changetype: add -objectClass: top -objectClass: attributeSchema -cn: sudoRunAsGroup -distinguishedName: CN=sudoRunAsGroup,CN=Schema,CN=Configuration,DC=X -instanceType: 4 -attributeID: 1.3.6.1.4.1.15953.9.1.7 -attributeSyntax: 2.5.5.5 -isSingleValued: FALSE -showInAdvancedViewOnly: TRUE -adminDisplayName: sudoRunAsGroup -adminDescription: Groups(s) impersonated by sudo -oMSyntax: 22 -lDAPDisplayName: sudoRunAsGroup -name: sudoRunAsGroup -schemaIDGUID:: xJhSt/Yd3RGJPTB1VtiVkw== -objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X - -dn: CN=sudoNotBefore,CN=Schema,CN=Configuration,DC=X -changetype: add -objectClass: top -objectClass: attributeSchema -cn: sudoNotBefore -distinguishedName: CN=sudoNotBefore,CN=Schema,CN=Configuration,DC=X -instanceType: 4 -attributeID: 1.3.6.1.4.1.15953.9.1.8 -attributeSyntax: 2.5.5.11 -isSingleValued: TRUE -showInAdvancedViewOnly: TRUE -adminDisplayName: sudoNotBefore -adminDescription: Start of time interval for which the entry is valid -oMSyntax: 24 -lDAPDisplayName: sudoNotBefore -name: sudoNotBefore -schemaIDGUID:: dm1HnRfY4RGf4gopYYhwmw== -objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X - -dn: CN=sudoNotAfter,CN=Schema,CN=Configuration,DC=X -changetype: add -objectClass: top -objectClass: attributeSchema -cn: sudoNotAfter -distinguishedName: CN=sudoNotAfter,CN=Schema,CN=Configuration,DC=X -instanceType: 4 -attributeID: 1.3.6.1.4.1.15953.9.1.9 -attributeSyntax: 2.5.5.11 -isSingleValued: TRUE -showInAdvancedViewOnly: TRUE -adminDisplayName: sudoNotAfter -adminDescription: End of time interval for which the entry is valid -oMSyntax: 24 -lDAPDisplayName: sudoNotAfter -name: sudoNotAfter -schemaIDGUID:: OAr/pBfY4RG9dBIpYYhwmw== -objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X - -dn: CN=sudoOrder,CN=Schema,CN=Configuration,DC=X -changetype: add -objectClass: top -objectClass: attributeSchema -cn: sudoOrder -distinguishedName: CN=sudoOrder,CN=Schema,CN=Configuration,DC=X -instanceType: 4 -attributeID: 1.3.6.1.4.1.15953.9.1.10 -attributeSyntax: 2.5.5.9 -isSingleValued: TRUE -showInAdvancedViewOnly: TRUE -adminDisplayName: sudoOrder -adminDescription: an integer to order the sudoRole entries -oMSyntax: 2 -lDAPDisplayName: sudoOrder -name: sudoOrder -schemaIDGUID:: 0J8yrRfY4RGIYBUpYYhwmw== -objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X - -dn: -changetype: modify -add: schemaUpdateNow -schemaUpdateNow: 1 -- - -dn: CN=sudoRole,CN=Schema,CN=Configuration,DC=X -changetype: add -objectClass: top -objectClass: classSchema -cn: sudoRole -distinguishedName: CN=sudoRole,CN=Schema,CN=Configuration,DC=X -instanceType: 4 -possSuperiors: container -possSuperiors: top -subClassOf: top -governsID: 1.3.6.1.4.1.15953.9.2.1 -mayContain: sudoCommand -mayContain: sudoHost -mayContain: sudoOption -mayContain: sudoRunAs -mayContain: sudoRunAsUser -mayContain: sudoRunAsGroup -mayContain: sudoUser -mayContain: sudoNotBefore -mayContain: sudoNotAfter -mayContain: sudoOrder -rDNAttID: cn -showInAdvancedViewOnly: FALSE -adminDisplayName: sudoRole -adminDescription: Sudoer Entries -objectClassCategory: 1 -lDAPDisplayName: sudoRole -name: sudoRole -schemaIDGUID:: SQn432lnZ0+ukbdh3+gN3w== -systemOnly: FALSE -objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X -defaultObjectCategory: CN=sudoRole,CN=Schema,CN=Configuration,DC=X diff -Nru sudo-1.9.5p2/doc/schema.OpenLDAP sudo-1.9.9/doc/schema.OpenLDAP --- sudo-1.9.5p2/doc/schema.OpenLDAP 2020-12-17 01:33:43.000000000 +0000 +++ sudo-1.9.9/doc/schema.OpenLDAP 1970-01-01 00:00:00.000000000 +0000 @@ -1,78 +0,0 @@ -# -# OpenLDAP schema file for Sudo -# Save as /etc/openldap/schema/sudo.schema and restart slapd. -# For a version that uses online configuration, see schema.olcSudo. -# - -attributetype ( 1.3.6.1.4.1.15953.9.1.1 - NAME 'sudoUser' - DESC 'User(s) who may run sudo' - EQUALITY caseExactIA5Match - SUBSTR caseExactIA5SubstringsMatch - SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) - -attributetype ( 1.3.6.1.4.1.15953.9.1.2 - NAME 'sudoHost' - DESC 'Host(s) who may run sudo' - EQUALITY caseExactIA5Match - SUBSTR caseExactIA5SubstringsMatch - SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) - -attributetype ( 1.3.6.1.4.1.15953.9.1.3 - NAME 'sudoCommand' - DESC 'Command(s) to be executed by sudo' - EQUALITY caseExactIA5Match - SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) - -attributetype ( 1.3.6.1.4.1.15953.9.1.4 - NAME 'sudoRunAs' - DESC 'User(s) impersonated by sudo (deprecated)' - EQUALITY caseExactIA5Match - SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) - -attributetype ( 1.3.6.1.4.1.15953.9.1.5 - NAME 'sudoOption' - DESC 'Options(s) followed by sudo' - EQUALITY caseExactIA5Match - SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) - -attributetype ( 1.3.6.1.4.1.15953.9.1.6 - NAME 'sudoRunAsUser' - DESC 'User(s) impersonated by sudo' - EQUALITY caseExactIA5Match - SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) - -attributetype ( 1.3.6.1.4.1.15953.9.1.7 - NAME 'sudoRunAsGroup' - DESC 'Group(s) impersonated by sudo' - EQUALITY caseExactIA5Match - SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) - -attributetype ( 1.3.6.1.4.1.15953.9.1.8 - NAME 'sudoNotBefore' - DESC 'Start of time interval for which the entry is valid' - EQUALITY generalizedTimeMatch - ORDERING generalizedTimeOrderingMatch - SYNTAX 1.3.6.1.4.1.1466.115.121.1.24 ) - -attributetype ( 1.3.6.1.4.1.15953.9.1.9 - NAME 'sudoNotAfter' - DESC 'End of time interval for which the entry is valid' - EQUALITY generalizedTimeMatch - ORDERING generalizedTimeOrderingMatch - SYNTAX 1.3.6.1.4.1.1466.115.121.1.24 ) - -attributetype ( 1.3.6.1.4.1.15953.9.1.10 - NAME 'sudoOrder' - DESC 'an integer to order the sudoRole entries' - EQUALITY integerMatch - ORDERING integerOrderingMatch - SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 ) - -objectclass ( 1.3.6.1.4.1.15953.9.2.1 NAME 'sudoRole' SUP top STRUCTURAL - DESC 'Sudoer Entries' - MUST ( cn ) - MAY ( sudoUser $ sudoHost $ sudoCommand $ sudoRunAs $ sudoRunAsUser $ - sudoRunAsGroup $ sudoOption $ sudoOrder $ sudoNotBefore $ - sudoNotAfter $ description ) - ) diff -Nru sudo-1.9.5p2/doc/schema.iPlanet sudo-1.9.9/doc/schema.iPlanet --- sudo-1.9.5p2/doc/schema.iPlanet 2020-12-17 01:33:43.000000000 +0000 +++ sudo-1.9.9/doc/schema.iPlanet 1970-01-01 00:00:00.000000000 +0000 @@ -1,12 +0,0 @@ -dn: cn=schema -attributeTypes: ( 1.3.6.1.4.1.15953.9.1.1 NAME 'sudoUser' DESC 'User(s) who may run sudo' EQUALITY caseExactIA5Match SUBSTR caseExactIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 X-ORIGIN 'SUDO' ) -attributeTypes: ( 1.3.6.1.4.1.15953.9.1.2 NAME 'sudoHost' DESC 'Host(s) who may run sudo' EQUALITY caseExactIA5Match SUBSTR caseExactIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 X-ORIGIN 'SUDO' ) -attributeTypes: ( 1.3.6.1.4.1.15953.9.1.3 NAME 'sudoCommand' DESC 'Command(s) to be executed by sudo' EQUALITY caseExactIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 X-ORIGIN 'SUDO' ) -attributeTypes: ( 1.3.6.1.4.1.15953.9.1.4 NAME 'sudoRunAs' DESC 'User(s) impersonated by sudo (deprecated)' EQUALITY caseExactIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 X-ORIGIN 'SUDO' ) -attributeTypes: ( 1.3.6.1.4.1.15953.9.1.5 NAME 'sudoOption' DESC 'Options(s) followed by sudo' EQUALITY caseExactIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 X-ORIGIN 'SUDO' ) -attributeTypes: ( 1.3.6.1.4.1.15953.9.1.6 NAME 'sudoRunAsUser' DESC 'User(s) impersonated by sudo' EQUALITY caseExactIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 X-ORIGIN 'SUDO' ) -attributeTypes: ( 1.3.6.1.4.1.15953.9.1.7 NAME 'sudoRunAsGroup' DESC 'Group(s) impersonated by sudo' EQUALITY caseExactIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 X-ORIGIN 'SUDO' ) -attributeTypes: ( 1.3.6.1.4.1.15953.9.1.8 NAME 'sudoNotBefore' DESC 'Start of time interval for which the entry is valid' EQUALITY generalizedTimeMatch ORDERING generalizedTimeOrderingMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.24 ) -attributeTypes: ( 1.3.6.1.4.1.15953.9.1.9 NAME 'sudoNotAfter' DESC 'End of time interval for which the entry is valid' EQUALITY generalizedTimeMatch ORDERING generalizedTimeOrderingMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.24 ) -attributeTypes: ( 1.3.6.1.4.1.15953.9.1.10 NAME 'sudoOrder' DESC 'an integer to order the sudoRole entries' EQUALITY integerMatch ORDERING integerOrderingMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 ) -objectClasses: ( 1.3.6.1.4.1.15953.9.2.1 NAME 'sudoRole' SUP top STRUCTURAL DESC 'Sudoer Entries' MUST ( cn ) MAY ( sudoUser $ sudoHost $ sudoCommand $ sudoRunAs $ sudoRunAsUser $ sudoRunAsGroup $ sudoOption $ sudoOrder $ sudoNotBefore $ sudoNotAfter $ description ) X-ORIGIN 'SUDO' ) diff -Nru sudo-1.9.5p2/doc/schema.olcSudo sudo-1.9.9/doc/schema.olcSudo --- sudo-1.9.5p2/doc/schema.olcSudo 2020-12-17 01:33:43.000000000 +0000 +++ sudo-1.9.9/doc/schema.olcSudo 1970-01-01 00:00:00.000000000 +0000 @@ -1,79 +0,0 @@ -dn: cn=sudoschema,cn=schema,cn=config -objectClass: olcSchemaConfig -cn: sudoschema -# -# OpenLDAP schema file for Sudo in on-line configuration (OLC) format. -# Import using ldapadd or another suitable LDAP browser. -# Converted to OLC format by Frederic Pasteleurs -# -olcattributetypes: ( 1.3.6.1.4.1.15953.9.1.1 - NAME 'sudoUser' - DESC 'User(s) who may run sudo' - EQUALITY caseExactIA5Match - SUBSTR caseExactIA5SubstringsMatch - SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) -# -olcattributetypes: ( 1.3.6.1.4.1.15953.9.1.2 - NAME 'sudoHost' - DESC 'Host(s) who may run sudo' - EQUALITY caseExactIA5Match - SUBSTR caseExactIA5SubstringsMatch - SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) -# -olcattributetypes: ( 1.3.6.1.4.1.15953.9.1.3 - NAME 'sudoCommand' - DESC 'Command(s) to be executed by sudo' - EQUALITY caseExactIA5Match - SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) -# -olcattributetypes: ( 1.3.6.1.4.1.15953.9.1.4 - NAME 'sudoRunAs' - DESC 'User(s) impersonated by sudo (deprecated)' - EQUALITY caseExactIA5Match - SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) -# -olcattributetypes: ( 1.3.6.1.4.1.15953.9.1.5 - NAME 'sudoOption' - DESC 'Options(s) followed by sudo' - EQUALITY caseExactIA5Match - SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) -# -olcattributetypes: ( 1.3.6.1.4.1.15953.9.1.6 - NAME 'sudoRunAsUser' - DESC 'User(s) impersonated by sudo' - EQUALITY caseExactIA5Match - SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) -# -olcattributetypes: ( 1.3.6.1.4.1.15953.9.1.7 - NAME 'sudoRunAsGroup' - DESC 'Group(s) impersonated by sudo' - EQUALITY caseExactIA5Match - SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) -# -olcattributetypes: ( 1.3.6.1.4.1.15953.9.1.8 - NAME 'sudoNotBefore' - DESC 'Start of time interval for which the entry is valid' - EQUALITY generalizedTimeMatch - ORDERING generalizedTimeOrderingMatch - SYNTAX 1.3.6.1.4.1.1466.115.121.1.24 ) -# -olcattributetypes: ( 1.3.6.1.4.1.15953.9.1.9 - NAME 'sudoNotAfter' - DESC 'End of time interval for which the entry is valid' - EQUALITY generalizedTimeMatch - ORDERING generalizedTimeOrderingMatch - SYNTAX 1.3.6.1.4.1.1466.115.121.1.24 ) -# -olcattributeTypes: ( 1.3.6.1.4.1.15953.9.1.10 - NAME 'sudoOrder' - DESC 'an integer to order the sudoRole entries' - EQUALITY integerMatch - ORDERING integerOrderingMatch - SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 ) -# -olcobjectclasses: ( 1.3.6.1.4.1.15953.9.2.1 NAME 'sudoRole' SUP top STRUCTURAL - DESC 'Sudoer Entries' - MUST ( cn ) - MAY ( sudoUser $ sudoHost $ sudoCommand $ sudoRunAs $ sudoRunAsUser $ sudoRunAsGroup $ sudoOption $ sudoOrder $ sudoNotBefore $ sudoNotAfter $ - description ) - ) diff -Nru sudo-1.9.5p2/doc/sudo.conf.man.in sudo-1.9.9/doc/sudo.conf.man.in --- sudo-1.9.5p2/doc/sudo.conf.man.in 2020-12-17 01:34:30.000000000 +0000 +++ sudo-1.9.9/doc/sudo.conf.man.in 1970-01-01 00:00:00.000000000 +0000 @@ -1,864 +0,0 @@ -.\" Automatically generated from an mdoc input file. Do not edit. -.\" -.\" SPDX-License-Identifier: ISC -.\" -.\" Copyright (c) 2010-2020 Todd C. Miller -.\" -.\" Permission to use, copy, modify, and distribute this software for any -.\" purpose with or without fee is hereby granted, provided that the above -.\" copyright notice and this permission notice appear in all copies. -.\" -.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES -.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF -.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR -.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES -.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN -.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF -.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. -.\" -.nr SL @SEMAN@ -.TH "SUDO.CONF" "@mansectform@" "December 5, 2020" "Sudo @PACKAGE_VERSION@" "File Formats Manual" -.nh -.if n .ad l -.SH "NAME" -\fBsudo.conf\fR -\- configuration for sudo front end -.SH "DESCRIPTION" -The -\fBsudo.conf\fR -file is used to configure the -\fBsudo\fR -front end. -It specifies the security policy and I/O logging plugins, debug flags -as well as plugin-agnostic path names and settings. -.PP -The -\fBsudo.conf\fR -file supports the following directives, described in detail below. -.TP 10n -Plugin -a security policy or I/O logging plugin -.TP 10n -Path -a plugin-agnostic path -.TP 10n -Set -a front end setting, such as -\fIdisable_coredump\fR -or -\fIgroup_source\fR -.TP 10n -Debug -debug flags to aid in debugging -\fBsudo\fR, -\fBsudoreplay\fR, -\fBvisudo\fR, -and the -\fBsudoers\fR -plugin. -.PP -The pound sign -(\(oq#\(cq) -is used to indicate a comment. -Both the comment character and any text after it, up to the end of -the line, are ignored. -.PP -Long lines can be continued with a backslash -(\(oq\e\(cq) -as the last character on the line. -Note that leading white space is removed from the beginning of lines -even when the continuation character is used. -.PP -Non-comment lines that don't begin with -\fRPlugin\fR, -\fRPath\fR, -\fRDebug\fR, -or -\fRSet\fR -are silently ignored. -.PP -The -\fBsudo.conf\fR -file is always parsed in the -\(lq\fRC\fR\(rq -locale. -.SS "Plugin configuration" -\fBsudo\fR -supports a plugin architecture for security policies and input/output -logging. -Third parties can develop and distribute their own policy and I/O -logging plugins to work seamlessly with the -\fBsudo\fR -front end. -Plugins are dynamically loaded based on the contents of -\fBsudo.conf\fR. -.PP -A -\fRPlugin\fR -line consists of the -\fRPlugin\fR -keyword, followed by the -\fIsymbol_name\fR -and the -\fIpath\fR -to the dynamic shared object that contains the plugin. -The -\fIsymbol_name\fR -is the name of the -\fRapproval_plugin\fR, -\fRaudit_plugin\fR, -\fRio_plugin\fR, -or -\fRpolicy_plugin\fR -struct contained in the plugin. -If a plugin implements multiple plugin types, there must be a -\fRPlugin\fR -line for each unique symbol name. -The -\fIpath\fR -may be fully qualified or relative. -If not fully qualified, it is relative to the directory -specified by the -\fIplugin_dir\fR -\fRPath\fR -setting, which defaults to -\fI@plugindir@\fR. -In other words: -.nf -.sp -.RS 6n -Plugin sudoers_policy sudoers.so -.RE -.fi -.PP -is equivalent to: -.nf -.sp -.RS 6n -Plugin sudoers_policy @plugindir@/sudoers.so -.RE -.fi -.PP -If the plugin was compiled statically into the -\fBsudo\fR -binary instead of being installed as a dynamic shared object, the -\fIpath\fR -should be specified without a leading directory, -as it does not actually exist in the file system. -For example: -.nf -.sp -.RS 6n -Plugin sudoers_policy sudoers.so -.RE -.fi -.PP -Starting with -\fBsudo\fR -1.8.5, any additional parameters after the -\fIpath\fR -are passed as arguments to the plugin's -\fIopen\fR -function. -For example, to override the compile-time default sudoers file mode: -.nf -.sp -.RS 6n -Plugin sudoers_policy sudoers.so sudoers_mode=0440 -.RE -.fi -.PP -See the -sudoers(@mansectform@) -manual for a list of supported arguments. -.PP -The same dynamic shared object may contain multiple plugins, -each with a different symbol name. -The file must be owned by uid 0 and only writable by its owner. -Because of ambiguities that arise from composite policies, only a single -policy plugin may be specified. -This limitation does not apply to I/O plugins. -.PP -If no -\fBsudo.conf\fR -file is present, or if it contains no -\fRPlugin\fR -lines, the -\fBsudoers\fR -plugin will be used as the default security policy, for I/O logging -(if enabled by the policy) and for auditing. -This is equivalent to the following: -.nf -.sp -.RS 6n -Plugin sudoers_policy sudoers.so -Plugin sudoers_io sudoers.so -Plugin sudoers_audit sudoers.so -.RE -.fi -.PP -Starting with -\fBsudo\fR -version 1.9.1, some of the logging functionality of the -\fBsudoers\fR -plugin has been moved from the policy plugin to an audit plugin. -To maintain compatibility with -\fBsudo.conf\fR -files from older -\fBsudo\fR -versions, if -\fBsudoers\fR -is configured as the security policy, it will be used as an audit -plugin as well. -This guarantees that the logging behavior will be consistnet with that of -\fBsudo\fR -versions 1.9.0 and below. -.PP -For more information on the -\fBsudo\fR -plugin architecture, see the -sudo_plugin(@mansectform@) -manual. -.SS "Path settings" -A -\fRPath\fR -line consists of the -\fRPath\fR -keyword, followed by the name of the path to set and its value. -For example: -.nf -.sp -.RS 6n -Path noexec @noexec_file@ -Path askpass /usr/X11R6/bin/ssh-askpass -.RE -.fi -.PP -If no path name is specified, features relying on the specified -setting will be disabled. -Disabling -\fRPath\fR -settings is only supported in -\fBsudo\fR -version 1.8.16 and higher. -.PP -The following plugin-agnostic paths may be set in the -\fI@sysconfdir@/sudo.conf\fR -file: -.TP 10n -askpass -The fully qualified path to a helper program used to read the user's -password when no terminal is available. -This may be the case when -\fBsudo\fR -is executed from a graphical (as opposed to text-based) application. -The program specified by -\fIaskpass\fR -should display the argument passed to it as the prompt and write -the user's password to the standard output. -The value of -\fIaskpass\fR -may be overridden by the -\fRSUDO_ASKPASS\fR -environment variable. -.TP 10n -devsearch -.br -An ordered, colon-separated search path of directories to look in for -device nodes. -This is used when mapping the process's tty device number to a device name -on systems that do not provide such a mechanism. -Sudo will -\fInot\fR -recurse into sub-directories. -If terminal devices may be located in a sub-directory of -\fI/dev\fR, -that path must be explicitly listed in -\fIdevsearch\fR. -The default value is -\fR/dev/pts:/dev/vt:/dev/term:/dev/zcons:/dev/pty:/dev\fR -.sp -This option is ignored on systems that support either the -\fBdevname\fR() -or -\fB_ttyname_dev\fR() -functions, for example -BSD, -macOS and Solaris. -.TP 10n -noexec -The fully-qualified path to a shared library containing wrappers -for the -\fBexecl\fR(), -\fBexecle\fR(), -\fBexeclp\fR(), -\fBexect\fR(), -\fBexecv\fR(), -\fBexecve\fR(), -\fBexecvP\fR(), -\fBexecvp\fR(), -\fBexecvpe\fR(), -\fBfexecve\fR(), -\fBpopen\fR(), -\fBposix_spawn\fR(), -\fBposix_spawnp\fR(), -\fBsystem\fR(), -and -\fBwordexp\fR() -library functions that prevent the execution of further commands. -This is used to implement the -\fInoexec\fR -functionality on systems that support -\fRLD_PRELOAD\fR -or its equivalent. -The default value is -\fI@noexec_file@\fR. -.TP 10n -plugin_dir -The default directory to use when searching for plugins -that are specified without a fully qualified path name. -The default value is -\fI@plugindir@\fR. -.if \n(SL \{\ -.TP 10n -sesh -The fully-qualified path to the -\fBsesh\fR -binary. -This setting is only used when -\fBsudo\fR -is built with SELinux support. -The default value is -\fI@sesh_file@\fR. -.\} -.SS "Other settings" -The -\fBsudo.conf\fR -file also supports the following front end settings: -.TP 10n -disable_coredump -Core dumps of -\fBsudo\fR -itself are disabled by default to prevent the disclosure of potentially -sensitive information. -To aid in debugging -\fBsudo\fR -crashes, you may wish to re-enable core dumps by setting -\(lqdisable_coredump\(rq -to false in -\fBsudo.conf\fR -as follows: -.nf -.sp -.RS 16n -Set disable_coredump false -.RE -.fi -.RS 10n -.sp -All modern operating systems place restrictions on core dumps -from set-user-ID processes like -\fBsudo\fR -so this option can be enabled without compromising security. -To actually get a -\fBsudo\fR -core file you will likely need to enable core dumps for set-user-ID processes. -On -BSD -and Linux systems this is accomplished in the -sysctl(@mansectsu@) -command. -On Solaris, the -coreadm(1m) -command is used to configure core dump behavior. -.sp -This setting is only available in -\fBsudo\fR -version 1.8.4 and higher. -.RE -.TP 10n -developer_mode -By default -\fBsudo\fR -refuses to load plugins which can be modified by other than the root user. -The plugin should be owned by root and write access permissions should be -disabled for -\(lqgroup\(rq -and -\(lqother\(rq\&. -To make development of a plugin easier, you can disable that by setting -\(lqdeveloper_mode\(rq -option to true in -\fBsudo.conf\fR -as follows: -.nf -.sp -.RS 16n -Set developer_mode true -.RE -.fi -.RS 10n -.sp -Please note that this creates a security risk, so it is not recommended -on critical systems such as a desktop machine for daily use, but is intended -to be used in development environments (VM, container, etc). -Before enabling developer mode, ensure you understand the implications. -.sp -This setting is only available in -\fBsudo\fR -version 1.9.0 and higher. -.RE -.TP 10n -group_source -\fBsudo\fR -passes the invoking user's group list to the policy and I/O plugins. -On most systems, there is an upper limit to the number of groups that -a user may belong to simultaneously (typically 16 for compatibility -with NFS). -On systems with the -getconf(1) -utility, running: -.RS 16n -getconf NGROUPS_MAX -.RE -.RS 10n -will return the maximum number of groups. -.sp -However, it is still possible to be a member of a larger number of -groups--they simply won't be included in the group list returned -by the kernel for the user. -Starting with -\fBsudo\fR -version 1.8.7, if the user's kernel group list has the maximum number -of entries, -\fBsudo\fR -will consult the group database directly to determine the group list. -This makes it possible for the security policy to perform matching by group -name even when the user is a member of more than the maximum number of groups. -.sp -The -\fIgroup_source\fR -setting allows the administrator to change this default behavior. -Supported values for -\fIgroup_source\fR -are: -.TP 10n -static -Use the static group list that the kernel returns. -Retrieving the group list this way is very fast but it is subject -to an upper limit as described above. -It is -\(lqstatic\(rq -in that it does not reflect changes to the group database made -after the user logs in. -This was the default behavior prior to -\fBsudo\fR -1.8.7. -.TP 10n -dynamic -Always query the group database directly. -It is -\(lqdynamic\(rq -in that changes made to the group database after the user logs in -will be reflected in the group list. -On some systems, querying the group database for all of a user's -groups can be time consuming when querying a network-based group -database. -Most operating systems provide an efficient method of performing -such queries. -Currently, -\fBsudo\fR -supports efficient group queries on AIX, -BSD, -HP-UX, Linux and Solaris. -.TP 10n -adaptive -Only query the group database if the static group list returned -by the kernel has the maximum number of entries. -This is the default behavior in -\fBsudo\fR -1.8.7 and higher. -.PP -For example, to cause -\fBsudo\fR -to only use the kernel's static list of groups for the user: -.nf -.sp -.RS 16n -Set group_source static -.RE -.fi -.sp -This setting is only available in -\fBsudo\fR -version 1.8.7 and higher. -.RE -.TP 10n -max_groups -The maximum number of user groups to retrieve from the group database. -Values less than one will be ignored. -This setting is only used when querying the group database directly. -It is intended to be used on systems where it is not possible to detect -when the array to be populated with group entries is not sufficiently large. -By default, -\fBsudo\fR -will allocate four times the system's maximum number of groups (see above) -and retry with double that number if the group database query fails. -.sp -This setting is only available in -\fBsudo\fR -version 1.8.7 and higher. -It should not be required in -\fBsudo\fR -versions 1.8.24 and higher and may be removed in a later release. -.TP 10n -probe_interfaces -By default, -\fBsudo\fR -will probe the system's network interfaces and pass the IP address -of each enabled interface to the policy plugin. -This makes it possible for the plugin to match rules based on the IP address -without having to query DNS. -On Linux systems with a large number of virtual interfaces, this may -take a non-negligible amount of time. -If IP-based matching is not required, network interface probing -can be disabled as follows: -.nf -.sp -.RS 16n -Set probe_interfaces false -.RE -.fi -.RS 10n -.sp -This setting is only available in -\fBsudo\fR -version 1.8.10 and higher. -.RE -.SS "Debug flags" -\fBsudo\fR -versions 1.8.4 and higher support a flexible debugging framework -that can help track down what -\fBsudo\fR -is doing internally if there is a problem. -.PP -A -\fRDebug\fR -line consists of the -\fRDebug\fR -keyword, followed by the name of the program (or plugin) to debug -(\fBsudo\fR, \fBvisudo\fR, \fBsudoreplay\fR, \fBsudoers\fR), -the debug file name and a comma-separated list of debug flags. -The debug flag syntax used by -\fBsudo\fR -and the -\fBsudoers\fR -plugin is -\fIsubsystem\fR@\fIpriority\fR -but a plugin is free to use a different format so long as it does -not include a comma -(\(oq\&,\(cq). -.PP -For example: -.nf -.sp -.RS 6n -Debug sudo /var/log/sudo_debug all@warn,plugin@info -.RE -.fi -.PP -would log all debugging statements at the -\fIwarn\fR -level and higher in addition to those at the -\fIinfo\fR -level for the plugin subsystem. -.PP -As of -\fBsudo\fR -1.8.12, multiple -\fRDebug\fR -entries may be specified per program. -Older versions of -\fBsudo\fR -only support a single -\fRDebug\fR -entry per program. -Plugin-specific -\fRDebug\fR -entries are also supported starting with -\fBsudo\fR -1.8.12 and are matched by either the base name of the plugin that was loaded -(for example -\fRsudoers.so\fR) -or by the plugin's fully-qualified path name. -Previously, the -\fBsudoers\fR -plugin shared the same -\fRDebug\fR -entry as the -\fBsudo\fR -front end and could not be configured separately. -.PP -The following priorities are supported, in order of decreasing severity: -\fIcrit\fR, \fIerr\fR, \fIwarn\fR, \fInotice\fR, \fIdiag\fR, \fIinfo\fR, \fItrace\fR -and -\fIdebug\fR. -Each priority, when specified, also includes all priorities higher -than it. -For example, a priority of -\fInotice\fR -would include debug messages logged at -\fInotice\fR -and higher. -.PP -The priorities -\fItrace\fR -and -\fIdebug\fR -also include function call tracing which logs when a function is -entered and when it returns. -For example, the following trace is for the -\fBget_user_groups\fR() -function located in src/sudo.c: -.nf -.sp -.RS 6n -sudo[123] -> get_user_groups @ src/sudo.c:385 -sudo[123] <- get_user_groups @ src/sudo.c:429 := groups=10,0,5 -.RE -.fi -.PP -When the function is entered, indicated by a right arrow -\(oq->\(cq, -the program, process ID, function, source file and line number -are logged. -When the function returns, indicated by a left arrow -\(oq<-\(cq, -the same information is logged along with the return value. -In this case, the return value is a string. -.PP -The following subsystems are used by the -\fBsudo\fR -front-end: -.TP 12n -\fIall\fR -matches every subsystem -.TP 12n -\fIargs\fR -command line argument processing -.TP 12n -\fIconv\fR -user conversation -.TP 12n -\fIedit\fR -sudoedit -.TP 12n -\fIevent\fR -event subsystem -.TP 12n -\fIexec\fR -command execution -.TP 12n -\fImain\fR -\fBsudo\fR -main function -.TP 12n -\fInetif\fR -network interface handling -.TP 12n -\fIpcomm\fR -communication with the plugin -.TP 12n -\fIplugin\fR -plugin configuration -.TP 12n -\fIpty\fR -pseudo-terminal related code -.TP 12n -\fIselinux\fR -SELinux-specific handling -.TP 12n -\fIutil\fR -utility functions -.TP 12n -\fIutmp\fR -utmp handling -.PP -The -sudoers(@mansectform@) -plugin includes support for additional subsystems. -.SH "FILES" -.TP 26n -\fI@sysconfdir@/sudo.conf\fR -\fBsudo\fR -front end configuration -.SH "EXAMPLES" -.nf -.RS 0n -# -# Default @sysconfdir@/sudo.conf file -# -# Sudo plugins: -# Plugin plugin_name plugin_path plugin_options ... -# -# The plugin_path is relative to @plugindir@ unless -# fully qualified. -# The plugin_name corresponds to a global symbol in the plugin -# that contains the plugin interface structure. -# The plugin_options are optional. -# -# The sudoers plugin is used by default if no Plugin lines are present. -#Plugin sudoers_policy sudoers.so -#Plugin sudoers_io sudoers.so -#Plugin sudoers_audit sudoers.so - -# -# Sudo askpass: -# Path askpass /path/to/askpass -# -# An askpass helper program may be specified to provide a graphical -# password prompt for "sudo -A" support. Sudo does not ship with its -# own askpass program but can use the OpenSSH askpass. -# -# Use the OpenSSH askpass -#Path askpass /usr/X11R6/bin/ssh-askpass -# -# Use the Gnome OpenSSH askpass -#Path askpass /usr/libexec/openssh/gnome-ssh-askpass - -# -# Sudo device search path: -# Path devsearch /dev/path1:/dev/path2:/dev -# -# A colon-separated list of paths to check when searching for a user's -# terminal device. -# -#Path devsearch /dev/pts:/dev/vt:/dev/term:/dev/zcons:/dev/pty:/dev - -# -# Sudo noexec: -# Path noexec /path/to/sudo_noexec.so -# -# Path to a shared library containing replacements for the execv(), -# execve() and fexecve() library functions that just return an error. -# This is used to implement the "noexec" functionality on systems that -# support LD_PRELOAD or its equivalent. -# -# The compiled-in value is usually sufficient and should only be changed -# if you rename or move the sudo_noexec.so file. -# -#Path noexec @plugindir@/sudo_noexec.so - -# -# Sudo plugin directory: -# Path plugin_dir /path/to/plugins -# -# The default directory to use when searching for plugins that are -# specified without a fully qualified path name. -# -#Path plugin_dir @plugindir@ - -# -# Sudo developer mode: -# Set developer_mode true|false -# -# Allow loading of plugins that are owned by non-root or are writable -# by "group" or "other". Should only be used during plugin development. -#Set developer_mode true - -# -# Core dumps: -# Set disable_coredump true|false -# -# By default, sudo disables core dumps while it is executing (they -# are re-enabled for the command that is run). -# To aid in debugging sudo problems, you may wish to enable core -# dumps by setting "disable_coredump" to false. -# -#Set disable_coredump false - -# -# User groups: -# Set group_source static|dynamic|adaptive -# -# Sudo passes the user's group list to the policy plugin. -# If the user is a member of the maximum number of groups (usually 16), -# sudo will query the group database directly to be sure to include -# the full list of groups. -# -# On some systems, this can be expensive so the behavior is configurable. -# The "group_source" setting has three possible values: -# static - use the user's list of groups returned by the kernel. -# dynamic - query the group database to find the list of groups. -# adaptive - if user is in less than the maximum number of groups. -# use the kernel list, else query the group database. -# -#Set group_source static - -# -# Sudo interface probing: -# Set probe_interfaces true|false -# -# By default, sudo will probe the system's network interfaces and -# pass the IP address of each enabled interface to the policy plugin. -# On systems with a large number of virtual interfaces this may take -# a noticeable amount of time. -# -#Set probe_interfaces false - -# -# Sudo debug files: -# Debug program /path/to/debug_log subsystem@priority[,subsyste@priority] -# -# Sudo and related programs support logging debug information to a file. -# The program is typically sudo, sudoers.so, sudoreplay or visudo. -# -# Subsystems vary based on the program; "all" matches all subsystems. -# Priority may be crit, err, warn, notice, diag, info, trace or debug. -# Multiple subsystem@priority may be specified, separated by a comma. -# -#Debug sudo /var/log/sudo_debug all@debug -#Debug sudoers.so /var/log/sudoers_debug all@debug -.RE -.fi -.SH "SEE ALSO" -sudo_plugin(@mansectform@), -sudoers(@mansectform@), -sudo(@mansectsu@) -.SH "HISTORY" -See the HISTORY file in the -\fBsudo\fR -distribution (https://www.sudo.ws/history.html) for a brief -history of sudo. -.SH "AUTHORS" -Many people have worked on -\fBsudo\fR -over the years; this version consists of code written primarily by: -.sp -.RS 6n -Todd C. Miller -.RE -.PP -See the CONTRIBUTORS file in the -\fBsudo\fR -distribution (https://www.sudo.ws/contributors.html) for an -exhaustive list of people who have contributed to -\fBsudo\fR. -.SH "BUGS" -If you feel you have found a bug in -\fBsudo\fR, -please submit a bug report at https://bugzilla.sudo.ws/ -.SH "SUPPORT" -Limited free support is available via the sudo-users mailing list, -see https://www.sudo.ws/mailman/listinfo/sudo-users to subscribe or -search the archives. -.SH "DISCLAIMER" -\fBsudo\fR -is provided -\(lqAS IS\(rq -and any express or implied warranties, including, but not limited -to, the implied warranties of merchantability and fitness for a -particular purpose are disclaimed. -See the LICENSE file distributed with -\fBsudo\fR -or https://www.sudo.ws/license.html for complete details. diff -Nru sudo-1.9.5p2/doc/sudo.conf.man.in.sed sudo-1.9.9/doc/sudo.conf.man.in.sed --- sudo-1.9.5p2/doc/sudo.conf.man.in.sed 2020-12-17 01:33:43.000000000 +0000 +++ sudo-1.9.9/doc/sudo.conf.man.in.sed 1970-01-01 00:00:00.000000000 +0000 @@ -1,15 +0,0 @@ -s/^\(.TH .*\)/.nr SL @SEMAN@\ -\1/ - -/^\.TP 10n$/ { - N - /^.TP 10n\nsesh$/ { - i\ -.if \\n(SL \\{\\ - } -} - -/^\\fI@sesh_file@\\fR\.$/ { - a\ -.\\} -} diff -Nru sudo-1.9.5p2/doc/sudo.conf.mdoc.in sudo-1.9.9/doc/sudo.conf.mdoc.in --- sudo-1.9.5p2/doc/sudo.conf.mdoc.in 2020-12-17 01:34:30.000000000 +0000 +++ sudo-1.9.9/doc/sudo.conf.mdoc.in 1970-01-01 00:00:00.000000000 +0000 @@ -1,796 +0,0 @@ -.\" -.\" SPDX-License-Identifier: ISC -.\" -.\" Copyright (c) 2010-2020 Todd C. Miller -.\" -.\" Permission to use, copy, modify, and distribute this software for any -.\" purpose with or without fee is hereby granted, provided that the above -.\" copyright notice and this permission notice appear in all copies. -.\" -.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES -.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF -.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR -.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES -.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN -.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF -.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. -.\" -.nr SL @SEMAN@ -.Dd December 5, 2020 -.Dt SUDO.CONF @mansectform@ -.Os Sudo @PACKAGE_VERSION@ -.Sh NAME -.Nm sudo.conf -.Nd configuration for sudo front end -.Sh DESCRIPTION -The -.Nm sudo.conf -file is used to configure the -.Nm sudo -front end. -It specifies the security policy and I/O logging plugins, debug flags -as well as plugin-agnostic path names and settings. -.Pp -The -.Nm -file supports the following directives, described in detail below. -.Bl -tag -width 8n -.It Plugin -a security policy or I/O logging plugin -.It Path -a plugin-agnostic path -.It Set -a front end setting, such as -.Em disable_coredump -or -.Em group_source -.It Debug -debug flags to aid in debugging -.Nm sudo , -.Nm sudoreplay , -.Nm visudo , -and the -.Nm sudoers -plugin. -.El -.Pp -The pound sign -.Pq Ql # -is used to indicate a comment. -Both the comment character and any text after it, up to the end of -the line, are ignored. -.Pp -Long lines can be continued with a backslash -.Pq Ql \e -as the last character on the line. -Note that leading white space is removed from the beginning of lines -even when the continuation character is used. -.Pp -Non-comment lines that don't begin with -.Li Plugin , -.Li Path , -.Li Debug , -or -.Li Set -are silently ignored. -.Pp -The -.Nm -file is always parsed in the -.Dq Li C -locale. -.Ss Plugin configuration -.Nm sudo -supports a plugin architecture for security policies and input/output -logging. -Third parties can develop and distribute their own policy and I/O -logging plugins to work seamlessly with the -.Nm sudo -front end. -Plugins are dynamically loaded based on the contents of -.Nm . -.Pp -A -.Li Plugin -line consists of the -.Li Plugin -keyword, followed by the -.Em symbol_name -and the -.Em path -to the dynamic shared object that contains the plugin. -The -.Em symbol_name -is the name of the -.Li approval_plugin , -.Li audit_plugin , -.Li io_plugin , -or -.Li policy_plugin -struct contained in the plugin. -If a plugin implements multiple plugin types, there must be a -.Li Plugin -line for each unique symbol name. -The -.Em path -may be fully qualified or relative. -If not fully qualified, it is relative to the directory -specified by the -.Em plugin_dir -.Li Path -setting, which defaults to -.Pa @plugindir@ . -In other words: -.Bd -literal -offset indent -Plugin sudoers_policy sudoers.so -.Ed -.Pp -is equivalent to: -.Bd -literal -offset indent -Plugin sudoers_policy @plugindir@/sudoers.so -.Ed -.Pp -If the plugin was compiled statically into the -.Nm sudo -binary instead of being installed as a dynamic shared object, the -.Em path -should be specified without a leading directory, -as it does not actually exist in the file system. -For example: -.Bd -literal -offset indent -Plugin sudoers_policy sudoers.so -.Ed -.Pp -Starting with -.Nm sudo -1.8.5, any additional parameters after the -.Em path -are passed as arguments to the plugin's -.Em open -function. -For example, to override the compile-time default sudoers file mode: -.Bd -literal -offset indent -Plugin sudoers_policy sudoers.so sudoers_mode=0440 -.Ed -.Pp -See the -.Xr sudoers @mansectform@ -manual for a list of supported arguments. -.Pp -The same dynamic shared object may contain multiple plugins, -each with a different symbol name. -The file must be owned by uid 0 and only writable by its owner. -Because of ambiguities that arise from composite policies, only a single -policy plugin may be specified. -This limitation does not apply to I/O plugins. -.Pp -If no -.Nm -file is present, or if it contains no -.Li Plugin -lines, the -.Nm sudoers -plugin will be used as the default security policy, for I/O logging -(if enabled by the policy) and for auditing. -This is equivalent to the following: -.Bd -literal -offset indent -Plugin sudoers_policy sudoers.so -Plugin sudoers_io sudoers.so -Plugin sudoers_audit sudoers.so -.Ed -.Pp -Starting with -.Nm sudo -version 1.9.1, some of the logging functionality of the -.Nm sudoers -plugin has been moved from the policy plugin to an audit plugin. -To maintain compatibility with -.Nm -files from older -.Nm sudo -versions, if -.Nm sudoers -is configured as the security policy, it will be used as an audit -plugin as well. -This guarantees that the logging behavior will be consistnet with that of -.Nm sudo -versions 1.9.0 and below. -.Pp -For more information on the -.Nm sudo -plugin architecture, see the -.Xr sudo_plugin @mansectform@ -manual. -.Ss Path settings -A -.Li Path -line consists of the -.Li Path -keyword, followed by the name of the path to set and its value. -For example: -.Bd -literal -offset indent -Path noexec @noexec_file@ -Path askpass /usr/X11R6/bin/ssh-askpass -.Ed -.Pp -If no path name is specified, features relying on the specified -setting will be disabled. -Disabling -.Li Path -settings is only supported in -.Nm sudo -version 1.8.16 and higher. -.Pp -The following plugin-agnostic paths may be set in the -.Pa @sysconfdir@/sudo.conf -file: -.Bl -tag -width 8n -.It askpass -The fully qualified path to a helper program used to read the user's -password when no terminal is available. -This may be the case when -.Nm sudo -is executed from a graphical (as opposed to text-based) application. -The program specified by -.Em askpass -should display the argument passed to it as the prompt and write -the user's password to the standard output. -The value of -.Em askpass -may be overridden by the -.Ev SUDO_ASKPASS -environment variable. -.It devsearch -An ordered, colon-separated search path of directories to look in for -device nodes. -This is used when mapping the process's tty device number to a device name -on systems that do not provide such a mechanism. -Sudo will -.Em not -recurse into sub-directories. -If terminal devices may be located in a sub-directory of -.Pa /dev , -that path must be explicitly listed in -.Em devsearch . -The default value is -.Li /dev/pts:/dev/vt:/dev/term:/dev/zcons:/dev/pty:/dev -.Pp -This option is ignored on systems that support either the -.Fn devname -or -.Fn _ttyname_dev -functions, for example -.Bx , -macOS and Solaris. -.It noexec -The fully-qualified path to a shared library containing wrappers -for the -.Fn execl , -.Fn execle , -.Fn execlp , -.Fn exect , -.Fn execv , -.Fn execve , -.Fn execvP , -.Fn execvp , -.Fn execvpe , -.Fn fexecve , -.Fn popen , -.Fn posix_spawn , -.Fn posix_spawnp , -.Fn system , -and -.Fn wordexp -library functions that prevent the execution of further commands. -This is used to implement the -.Em noexec -functionality on systems that support -.Ev LD_PRELOAD -or its equivalent. -The default value is -.Pa @noexec_file@ . -.It plugin_dir -The default directory to use when searching for plugins -that are specified without a fully qualified path name. -The default value is -.Pa @plugindir@ . -.if \n(SL \{\ -.It sesh -The fully-qualified path to the -.Nm sesh -binary. -This setting is only used when -.Nm sudo -is built with SELinux support. -The default value is -.Pa @sesh_file@ . -.\} -.El -.Ss Other settings -The -.Nm -file also supports the following front end settings: -.Bl -tag -width 8n -.It disable_coredump -Core dumps of -.Nm sudo -itself are disabled by default to prevent the disclosure of potentially -sensitive information. -To aid in debugging -.Nm sudo -crashes, you may wish to re-enable core dumps by setting -.Dq disable_coredump -to false in -.Nm -as follows: -.Bd -literal -offset indent -Set disable_coredump false -.Ed -.Pp -All modern operating systems place restrictions on core dumps -from set-user-ID processes like -.Nm sudo -so this option can be enabled without compromising security. -To actually get a -.Nm sudo -core file you will likely need to enable core dumps for set-user-ID processes. -On -.Bx -and Linux systems this is accomplished in the -.Xr sysctl 8 -command. -On Solaris, the -.Xr coreadm 1m -command is used to configure core dump behavior. -.Pp -This setting is only available in -.Nm sudo -version 1.8.4 and higher. -.It developer_mode -By default -.Nm sudo -refuses to load plugins which can be modified by other than the root user. -The plugin should be owned by root and write access permissions should be -disabled for -.Dq group -and -.Sm off -.Dq other -\&. -.Sm on -To make development of a plugin easier, you can disable that by setting -.Dq developer_mode -option to true in -.Nm sudo.conf -as follows: -.Bd -literal -offset indent -Set developer_mode true -.Ed -.Pp -Please note that this creates a security risk, so it is not recommended -on critical systems such as a desktop machine for daily use, but is intended -to be used in development environments (VM, container, etc). -Before enabling developer mode, ensure you understand the implications. -.Pp -This setting is only available in -.Nm sudo -version 1.9.0 and higher. -.It group_source -.Nm sudo -passes the invoking user's group list to the policy and I/O plugins. -On most systems, there is an upper limit to the number of groups that -a user may belong to simultaneously (typically 16 for compatibility -with NFS). -On systems with the -.Xr getconf 1 -utility, running: -.Dl getconf NGROUPS_MAX -will return the maximum number of groups. -.Pp -However, it is still possible to be a member of a larger number of -groups--they simply won't be included in the group list returned -by the kernel for the user. -Starting with -.Nm sudo -version 1.8.7, if the user's kernel group list has the maximum number -of entries, -.Nm sudo -will consult the group database directly to determine the group list. -This makes it possible for the security policy to perform matching by group -name even when the user is a member of more than the maximum number of groups. -.Pp -The -.Em group_source -setting allows the administrator to change this default behavior. -Supported values for -.Em group_source -are: -.Bl -tag -width 8n -.It static -Use the static group list that the kernel returns. -Retrieving the group list this way is very fast but it is subject -to an upper limit as described above. -It is -.Dq static -in that it does not reflect changes to the group database made -after the user logs in. -This was the default behavior prior to -.Nm sudo -1.8.7. -.It dynamic -Always query the group database directly. -It is -.Dq dynamic -in that changes made to the group database after the user logs in -will be reflected in the group list. -On some systems, querying the group database for all of a user's -groups can be time consuming when querying a network-based group -database. -Most operating systems provide an efficient method of performing -such queries. -Currently, -.Nm sudo -supports efficient group queries on AIX, -.Bx , -HP-UX, Linux and Solaris. -.It adaptive -Only query the group database if the static group list returned -by the kernel has the maximum number of entries. -This is the default behavior in -.Nm sudo -1.8.7 and higher. -.El -.Pp -For example, to cause -.Nm sudo -to only use the kernel's static list of groups for the user: -.Bd -literal -offset indent -Set group_source static -.Ed -.Pp -This setting is only available in -.Nm sudo -version 1.8.7 and higher. -.It max_groups -The maximum number of user groups to retrieve from the group database. -Values less than one will be ignored. -This setting is only used when querying the group database directly. -It is intended to be used on systems where it is not possible to detect -when the array to be populated with group entries is not sufficiently large. -By default, -.Nm sudo -will allocate four times the system's maximum number of groups (see above) -and retry with double that number if the group database query fails. -.Pp -This setting is only available in -.Nm sudo -version 1.8.7 and higher. -It should not be required in -.Nm sudo -versions 1.8.24 and higher and may be removed in a later release. -.It probe_interfaces -By default, -.Nm sudo -will probe the system's network interfaces and pass the IP address -of each enabled interface to the policy plugin. -This makes it possible for the plugin to match rules based on the IP address -without having to query DNS. -On Linux systems with a large number of virtual interfaces, this may -take a non-negligible amount of time. -If IP-based matching is not required, network interface probing -can be disabled as follows: -.Bd -literal -offset indent -Set probe_interfaces false -.Ed -.Pp -This setting is only available in -.Nm sudo -version 1.8.10 and higher. -.El -.Ss Debug flags -.Nm sudo -versions 1.8.4 and higher support a flexible debugging framework -that can help track down what -.Nm sudo -is doing internally if there is a problem. -.Pp -A -.Li Debug -line consists of the -.Li Debug -keyword, followed by the name of the program (or plugin) to debug -.Pq Nm sudo , Nm visudo , Nm sudoreplay , Nm sudoers , -the debug file name and a comma-separated list of debug flags. -The debug flag syntax used by -.Nm sudo -and the -.Nm sudoers -plugin is -.Em subsystem Ns @ Ns Em priority -but a plugin is free to use a different format so long as it does -not include a comma -.Pq Ql \&, . -.Pp -For example: -.Bd -literal -offset indent -Debug sudo /var/log/sudo_debug all@warn,plugin@info -.Ed -.Pp -would log all debugging statements at the -.Em warn -level and higher in addition to those at the -.Em info -level for the plugin subsystem. -.Pp -As of -.Nm sudo -1.8.12, multiple -.Li Debug -entries may be specified per program. -Older versions of -.Nm sudo -only support a single -.Li Debug -entry per program. -Plugin-specific -.Li Debug -entries are also supported starting with -.Nm sudo -1.8.12 and are matched by either the base name of the plugin that was loaded -(for example -.Li sudoers.so ) -or by the plugin's fully-qualified path name. -Previously, the -.Nm sudoers -plugin shared the same -.Li Debug -entry as the -.Nm sudo -front end and could not be configured separately. -.Pp -The following priorities are supported, in order of decreasing severity: -.Em crit , err , warn , notice , diag , info , trace -and -.Em debug . -Each priority, when specified, also includes all priorities higher -than it. -For example, a priority of -.Em notice -would include debug messages logged at -.Em notice -and higher. -.Pp -The priorities -.Em trace -and -.Em debug -also include function call tracing which logs when a function is -entered and when it returns. -For example, the following trace is for the -.Fn get_user_groups -function located in src/sudo.c: -.Bd -literal -offset indent -sudo[123] -> get_user_groups @ src/sudo.c:385 -sudo[123] <- get_user_groups @ src/sudo.c:429 := groups=10,0,5 -.Ed -.Pp -When the function is entered, indicated by a right arrow -.Ql -> , -the program, process ID, function, source file and line number -are logged. -When the function returns, indicated by a left arrow -.Ql <- , -the same information is logged along with the return value. -In this case, the return value is a string. -.Pp -The following subsystems are used by the -.Nm sudo -front-end: -.Bl -tag -width Fl -.It Em all -matches every subsystem -.It Em args -command line argument processing -.It Em conv -user conversation -.It Em edit -sudoedit -.It Em event -event subsystem -.It Em exec -command execution -.It Em main -.Nm sudo -main function -.It Em netif -network interface handling -.It Em pcomm -communication with the plugin -.It Em plugin -plugin configuration -.It Em pty -pseudo-terminal related code -.It Em selinux -SELinux-specific handling -.It Em util -utility functions -.It Em utmp -utmp handling -.El -.Pp -The -.Xr sudoers @mansectform@ -plugin includes support for additional subsystems. -.Sh FILES -.Bl -tag -width 24n -.It Pa @sysconfdir@/sudo.conf -.Nm sudo -front end configuration -.El -.Sh EXAMPLES -.Bd -literal -# -# Default @sysconfdir@/sudo.conf file -# -# Sudo plugins: -# Plugin plugin_name plugin_path plugin_options ... -# -# The plugin_path is relative to @plugindir@ unless -# fully qualified. -# The plugin_name corresponds to a global symbol in the plugin -# that contains the plugin interface structure. -# The plugin_options are optional. -# -# The sudoers plugin is used by default if no Plugin lines are present. -#Plugin sudoers_policy sudoers.so -#Plugin sudoers_io sudoers.so -#Plugin sudoers_audit sudoers.so - -# -# Sudo askpass: -# Path askpass /path/to/askpass -# -# An askpass helper program may be specified to provide a graphical -# password prompt for "sudo -A" support. Sudo does not ship with its -# own askpass program but can use the OpenSSH askpass. -# -# Use the OpenSSH askpass -#Path askpass /usr/X11R6/bin/ssh-askpass -# -# Use the Gnome OpenSSH askpass -#Path askpass /usr/libexec/openssh/gnome-ssh-askpass - -# -# Sudo device search path: -# Path devsearch /dev/path1:/dev/path2:/dev -# -# A colon-separated list of paths to check when searching for a user's -# terminal device. -# -#Path devsearch /dev/pts:/dev/vt:/dev/term:/dev/zcons:/dev/pty:/dev - -# -# Sudo noexec: -# Path noexec /path/to/sudo_noexec.so -# -# Path to a shared library containing replacements for the execv(), -# execve() and fexecve() library functions that just return an error. -# This is used to implement the "noexec" functionality on systems that -# support LD_PRELOAD or its equivalent. -# -# The compiled-in value is usually sufficient and should only be changed -# if you rename or move the sudo_noexec.so file. -# -#Path noexec @plugindir@/sudo_noexec.so - -# -# Sudo plugin directory: -# Path plugin_dir /path/to/plugins -# -# The default directory to use when searching for plugins that are -# specified without a fully qualified path name. -# -#Path plugin_dir @plugindir@ - -# -# Sudo developer mode: -# Set developer_mode true|false -# -# Allow loading of plugins that are owned by non-root or are writable -# by "group" or "other". Should only be used during plugin development. -#Set developer_mode true - -# -# Core dumps: -# Set disable_coredump true|false -# -# By default, sudo disables core dumps while it is executing (they -# are re-enabled for the command that is run). -# To aid in debugging sudo problems, you may wish to enable core -# dumps by setting "disable_coredump" to false. -# -#Set disable_coredump false - -# -# User groups: -# Set group_source static|dynamic|adaptive -# -# Sudo passes the user's group list to the policy plugin. -# If the user is a member of the maximum number of groups (usually 16), -# sudo will query the group database directly to be sure to include -# the full list of groups. -# -# On some systems, this can be expensive so the behavior is configurable. -# The "group_source" setting has three possible values: -# static - use the user's list of groups returned by the kernel. -# dynamic - query the group database to find the list of groups. -# adaptive - if user is in less than the maximum number of groups. -# use the kernel list, else query the group database. -# -#Set group_source static - -# -# Sudo interface probing: -# Set probe_interfaces true|false -# -# By default, sudo will probe the system's network interfaces and -# pass the IP address of each enabled interface to the policy plugin. -# On systems with a large number of virtual interfaces this may take -# a noticeable amount of time. -# -#Set probe_interfaces false - -# -# Sudo debug files: -# Debug program /path/to/debug_log subsystem@priority[,subsyste@priority] -# -# Sudo and related programs support logging debug information to a file. -# The program is typically sudo, sudoers.so, sudoreplay or visudo. -# -# Subsystems vary based on the program; "all" matches all subsystems. -# Priority may be crit, err, warn, notice, diag, info, trace or debug. -# Multiple subsystem@priority may be specified, separated by a comma. -# -#Debug sudo /var/log/sudo_debug all@debug -#Debug sudoers.so /var/log/sudoers_debug all@debug -.Ed -.Sh SEE ALSO -.Xr sudo_plugin @mansectform@ , -.Xr sudoers @mansectform@ , -.Xr sudo @mansectsu@ -.Sh HISTORY -See the HISTORY file in the -.Nm sudo -distribution (https://www.sudo.ws/history.html) for a brief -history of sudo. -.Sh AUTHORS -Many people have worked on -.Nm sudo -over the years; this version consists of code written primarily by: -.Bd -ragged -offset indent -.An Todd C. Miller -.Ed -.Pp -See the CONTRIBUTORS file in the -.Nm sudo -distribution (https://www.sudo.ws/contributors.html) for an -exhaustive list of people who have contributed to -.Nm sudo . -.Sh BUGS -If you feel you have found a bug in -.Nm sudo , -please submit a bug report at https://bugzilla.sudo.ws/ -.Sh SUPPORT -Limited free support is available via the sudo-users mailing list, -see https://www.sudo.ws/mailman/listinfo/sudo-users to subscribe or -search the archives. -.Sh DISCLAIMER -.Nm sudo -is provided -.Dq AS IS -and any express or implied warranties, including, but not limited -to, the implied warranties of merchantability and fitness for a -particular purpose are disclaimed. -See the LICENSE file distributed with -.Nm sudo -or https://www.sudo.ws/license.html for complete details. diff -Nru sudo-1.9.5p2/doc/sudo.man.in sudo-1.9.9/doc/sudo.man.in --- sudo-1.9.5p2/doc/sudo.man.in 2020-12-17 01:33:43.000000000 +0000 +++ sudo-1.9.9/doc/sudo.man.in 1970-01-01 00:00:00.000000000 +0000 @@ -1,1495 +0,0 @@ -.\" Automatically generated from an mdoc input file. Do not edit. -.\" -.\" SPDX-License-Identifier: ISC -.\" -.\" Copyright (c) 1994-1996, 1998-2005, 2007-2020 -.\" Todd C. Miller -.\" -.\" Permission to use, copy, modify, and distribute this software for any -.\" purpose with or without fee is hereby granted, provided that the above -.\" copyright notice and this permission notice appear in all copies. -.\" -.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES -.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF -.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR -.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES -.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN -.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF -.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. -.\" -.\" Sponsored in part by the Defense Advanced Research Projects -.\" Agency (DARPA) and Air Force Research Laboratory, Air Force -.\" Materiel Command, USAF, under agreement number F39502-99-1-0512. -.\" -.nr SL @SEMAN@ -.nr BA @BAMAN@ -.nr LC @LCMAN@ -.nr PS @PSMAN@ -.TH "SUDO" "@mansectsu@" "September 1, 2020" "Sudo @PACKAGE_VERSION@" "System Manager's Manual" -.nh -.if n .ad l -.SH "NAME" -\fBsudo\fR, -\fBsudoedit\fR -\- execute a command as another user -.SH "SYNOPSIS" -.HP 5n -\fBsudo\fR -\fB\-h\fR\ |\ \fB\-K\fR\ |\ \fB\-k\fR\ |\ \fB\-V\fR -.br -.PD 0 -.HP 5n -\fBsudo\fR -\fB\-v\fR -[\fB\-ABknS\fR] -.if \n(BA [\fB\-a\fR\ \fItype\fR] -[\fB\-g\fR\ \fIgroup\fR] -[\fB\-h\fR\ \fIhost\fR] -[\fB\-p\fR\ \fIprompt\fR] -[\fB\-u\fR\ \fIuser\fR] -.br -.HP 5n -\fBsudo\fR -\fB\-l\fR -[\fB\-ABknS\fR] -.if \n(BA [\fB\-a\fR\ \fItype\fR] -[\fB\-g\fR\ \fIgroup\fR] -[\fB\-h\fR\ \fIhost\fR] -[\fB\-p\fR\ \fIprompt\fR] -[\fB\-U\fR\ \fIuser\fR] -[\fB\-u\fR\ \fIuser\fR] -[\fIcommand\fR] -.br -.HP 5n -\fBsudo\fR -[\fB\-ABbEHnPS\fR] -.if \n(BA [\fB\-a\fR\ \fItype\fR] -[\fB\-C\fR\ \fInum\fR] -.if \n(LC [\fB\-c\fR\ \fIclass\fR] -[\fB\-D\fR\ \fIdirectory\fR] -[\fB\-g\fR\ \fIgroup\fR] -[\fB\-h\fR\ \fIhost\fR] -[\fB\-p\fR\ \fIprompt\fR] -[\fB\-R\fR\ \fIdirectory\fR] -.if \n(SL [\fB\-r\fR\ \fIrole\fR] -.if \n(SL [\fB\-t\fR\ \fItype\fR] -[\fB\-T\fR\ \fItimeout\fR] -[\fB\-u\fR\ \fIuser\fR] -[\fIVAR\fR=\fIvalue\fR] -[\fB\-i\fR\ |\ \fB\-s\fR] -[\fIcommand\fR] -.br -.HP 9n -\fBsudoedit\fR -[\fB\-ABknS\fR] -.if \n(BA [\fB\-a\fR\ \fItype\fR] -[\fB\-C\fR\ \fInum\fR] -.if \n(LC [\fB\-c\fR\ \fIclass\fR] -[\fB\-D\fR\ \fIdirectory\fR] -[\fB\-g\fR\ \fIgroup\fR] -[\fB\-h\fR\ \fIhost\fR] -[\fB\-p\fR\ \fIprompt\fR] -[\fB\-R\fR\ \fIdirectory\fR] -.if \n(SL [\fB\-r\fR\ \fIrole\fR] -.if \n(SL [\fB\-t\fR\ \fItype\fR] -[\fB\-T\fR\ \fItimeout\fR] -[\fB\-u\fR\ \fIuser\fR] -\fIfile\ ...\fR -.PD -.SH "DESCRIPTION" -\fBsudo\fR -allows a permitted user to execute a -\fIcommand\fR -as the superuser or another user, as specified by the security -policy. -The invoking user's real -(\fInot\fR effective) -user-ID is used to determine the user name with which -to query the security policy. -.PP -\fBsudo\fR -supports a plugin architecture for security policies and input/output -logging. -Third parties can develop and distribute their own policy and I/O -logging plugins to work seamlessly with the -\fBsudo\fR -front end. -The default security policy is -\fIsudoers\fR, -which is configured via the file -\fI@sysconfdir@/sudoers\fR, -or via LDAP. -See the -\fIPlugins\fR -section for more information. -.PP -The security policy determines what privileges, if any, a user has -to run -\fBsudo\fR. -The policy may require that users authenticate themselves with a -password or another authentication mechanism. -If authentication is required, -\fBsudo\fR -will exit if the user's password is not entered within a configurable -time limit. -This limit is policy-specific; the default password prompt timeout -for the -\fIsudoers\fR -security policy is -\fR@password_timeout@\fR -minutes. -.PP -Security policies may support credential caching to allow the user -to run -\fBsudo\fR -again for a period of time without requiring authentication. -By default, the -\fIsudoers\fR -policy caches credentials on a per-terminal basis for -\fR@timeout@\fR -minutes. -See the -\fItimestamp_type\fR -and -\fItimestamp_timeout\fR -options in -sudoers(@mansectform@) -for more information. -By running -\fBsudo\fR -with the -\fB\-v\fR -option, a user can update the cached credentials without running a -\fIcommand\fR. -.PP -On systems where -\fBsudo\fR -is the primary method of gaining superuser privileges, it is imperative -to avoid syntax errors in the security policy configuration files. -For the default security policy, -sudoers(@mansectform@), -changes to the configuration files should be made using the -visudo(@mansectsu@) -utility which will ensure that no syntax errors are introduced. -.PP -When invoked as -\fBsudoedit\fR, -the -\fB\-e\fR -option (described below), is implied. -.PP -Security policies may log successful and failed attempts to use -\fBsudo\fR. -If an I/O plugin is configured, the running command's input and -output may be logged as well. -.PP -The options are as follows: -.TP 12n -\fB\-A\fR, \fB\--askpass\fR -Normally, if -\fBsudo\fR -requires a password, it will read it from the user's terminal. -If the -\fB\-A\fR (\fIaskpass\fR) -option is specified, a (possibly graphical) helper program is -executed to read the user's password and output the password to the -standard output. -If the -\fRSUDO_ASKPASS\fR -environment variable is set, it specifies the path to the helper -program. -Otherwise, if -sudo.conf(@mansectform@) -contains a line specifying the askpass program, that value will be -used. -For example: -.nf -.sp -.RS 16n -# Path to askpass helper program -Path askpass /usr/X11R6/bin/ssh-askpass -.RE -.fi -.RS 12n -.sp -If no askpass program is available, -\fBsudo\fR -will exit with an error. -.RE -.if \n(BA \{\ -.TP 12n -\fB\-a\fR \fItype\fR, \fB\--auth-type\fR=\fItype\fR -Use the specified -BSD -authentication -\fItype\fR -when validating the user, if allowed by -\fI/etc/login.conf\fR. -The system administrator may specify a list of sudo-specific -authentication methods by adding an -\(lqauth-sudo\(rq -entry in -\fI/etc/login.conf\fR. -This option is only available on systems that support -BSD -authentication. -.\} -.TP 12n -\fB\-B\fR, \fB\--bell\fR -Ring the bell as part of the password promp when a terminal is present. -This option has no effect if an askpass program is used. -.TP 12n -\fB\-b\fR, \fB\--background\fR -Run the given command in the background. -Note that it is not possible to use shell job control to manipulate -background processes started by -\fBsudo\fR. -Most interactive commands will fail to work properly in background -mode. -.TP 12n -\fB\-C\fR \fInum\fR, \fB\--close-from\fR=\fInum\fR -Close all file descriptors greater than or equal to -\fInum\fR -before executing a command. -Values less than three are not permitted. -By default, -\fBsudo\fR -will close all open file descriptors other than standard input, -standard output and standard error when executing a command. -The security policy may restrict the user's ability to use this option. -The -\fIsudoers\fR -policy only permits use of the -\fB\-C\fR -option when the administrator has enabled the -\fIclosefrom_override\fR -option. -.if \n(LC \{\ -.TP 12n -\fB\-c\fR \fIclass\fR, \fB\--login-class\fR=\fIclass\fR -Run the command with resource limits and scheduling priority of -the specified login -\fIclass\fR. -The -\fIclass\fR -argument can be either a class name as defined in -\fI/etc/login.conf\fR, -or a single -\(oq\-\(cq -character. -If -\fIclass\fR -is -\fB-\fR, -the default login class of the target user will be used. -Otherwise, the command must be run as the superuser (user-ID 0), or -\fBsudo\fR -must be run from a shell that is already running as the superuser. -If the command is being run as a login shell, additional -\fI/etc/login.conf\fR -settings, such as the umask and environment variables, will -be applied, if present. -This option is only available on systems with -BSD -login classes. -.\} -.TP 12n -\fB\-D\fR \fIdirectory\fR, \fB\--chdir\fR=\fIdirectory\fR -Run the command in the specified -\fIdirectory\fR -instead of the current working directory. -The security policy may return an error if the user does not have -permission to specify the working directory. -.TP 12n -\fB\-E\fR, \fB\--preserve-env\fR -Indicates to the security policy that the user wishes to -preserve their existing environment variables. -The security policy may return an error if the user does not have -permission to preserve the environment. -.TP 12n -\fB\--preserve-env=list\fR -Indicates to the security policy that the user wishes to add the -comma-separated list of environment variables to those preserved -from the user's environment. -The security policy may return an error if the user does not have -permission to preserve the environment. -This option may be specified multiple times. -.TP 12n -\fB\-e\fR, \fB\--edit\fR -Edit one or more files instead of running a command. -In lieu of a path name, the string "sudoedit" is used when consulting -the security policy. -If the user is authorized by the policy, the following steps are -taken: -.RS 16n -.TP 5n -1.\& -Temporary copies are made of the files to be edited with the owner -set to the invoking user. -.TP 5n -2.\& -The editor specified by the policy is run to edit the temporary -files. -The -\fIsudoers\fR -policy uses the -\fRSUDO_EDITOR\fR, -\fRVISUAL\fR -and -\fREDITOR\fR -environment variables (in that order). -If none of -\fRSUDO_EDITOR\fR, -\fRVISUAL\fR -or -\fREDITOR\fR -are set, the first program listed in the -\fIeditor\fR -sudoers(@mansectform@) -option is used. -.TP 5n -3.\& -If they have been modified, the temporary files are copied back to -their original location and the temporary versions are removed. -.RE -.RS 12n -.sp -To help prevent the editing of unauthorized files, the following -restrictions are enforced unless explicitly allowed by the security policy: -.RS 16n -.TP 3n -\fB\(bu\fR -Symbolic links may not be edited (version 1.8.15 and higher). -.TP 3n -\fB\(bu\fR -Symbolic links along the path to be edited are not followed when the -parent directory is writable by the invoking user unless that user -is root (version 1.8.16 and higher). -.TP 3n -\fB\(bu\fR -Files located in a directory that is writable by the invoking user may -not be edited unless that user is root (version 1.8.16 and higher). -.RE -.sp -Users are never allowed to edit device special files. -.sp -If the specified file does not exist, it will be created. -Note that unlike most commands run by -\fIsudo\fR, -the editor is run with the invoking user's environment unmodified. -If the temporary file becomes empty after editing, the user will -be prompted before it is installed. -If, for some reason, -\fBsudo\fR -is unable to update a file with its edited version, the user will -receive a warning and the edited copy will remain in a temporary -file. -.RE -.TP 12n -\fB\-g\fR \fIgroup\fR, \fB\--group\fR=\fIgroup\fR -Run the command with the primary group set to -\fIgroup\fR -instead of the primary group specified by the target -user's password database entry. -The -\fIgroup\fR -may be either a group name or a numeric group-ID -(GID) -prefixed with the -\(oq#\(cq -character (e.g., -\fR#0\fR -for GID 0). -When running a command as a GID, many shells require that the -\(oq#\(cq -be escaped with a backslash -(\(oq\e\(cq). -If no -\fB\-u\fR -option is specified, the command will be run as the invoking user. -In either case, the primary group will be set to -\fIgroup\fR. -The -\fIsudoers\fR -policy permits any of the target user's groups to be specified via -the -\fB\-g\fR -option as long as the -\fB\-P\fR -option is not in use. -.TP 12n -\fB\-H\fR, \fB\--set-home\fR -Request that the security policy set the -\fRHOME\fR -environment variable to the home directory specified by the target -user's password database entry. -Depending on the policy, this may be the default behavior. -.TP 12n -\fB\-h\fR, \fB\--help\fR -Display a short help message to the standard output and exit. -.TP 12n -\fB\-h\fR \fIhost\fR, \fB\--host\fR=\fIhost\fR -Run the command on the specified -\fIhost\fR -if the security policy plugin supports remote commands. -Note that the -\fIsudoers\fR -plugin does not currently support running remote commands. -This may also be used in conjunction with the -\fB\-l\fR -option to list a user's privileges for the remote host. -.TP 12n -\fB\-i\fR, \fB\--login\fR -Run the shell specified by the target user's password database entry -as a login shell. -This means that login-specific resource files such as -\fI.profile\fR, -\fI.bash_profile\fR -or -\fI.login\fR -will be read by the shell. -If a command is specified, it is passed to the shell for execution -via the shell's -\fB\-c\fR -option. -If no command is specified, an interactive shell is executed. -\fBsudo\fR -attempts to change to that user's home directory before running the -shell. -The command is run with an environment similar to the one -a user would receive at log in. -Note that most shells behave differently when a command is specified -as compared to an interactive session; consult the shell's manual -for details. -The -\fICommand environment\fR -section in the -sudoers(@mansectform@) -manual documents how the -\fB\-i\fR -option affects the environment in which a command is run when the -\fIsudoers\fR -policy is in use. -.TP 12n -\fB\-K\fR, \fB\--remove-timestamp\fR -Similar to the -\fB\-k\fR -option, except that it removes the user's cached credentials entirely -and may not be used in conjunction with a command or other option. -This option does not require a password. -Not all security policies support credential caching. -.TP 12n -\fB\-k\fR, \fB\--reset-timestamp\fR -When used without a command, invalidates the user's cached credentials. -In other words, the next time -\fBsudo\fR -is run a password will be required. -This option does not require a password and was added to allow a -user to revoke -\fBsudo\fR -permissions from a -\fI.logout\fR -file. -.sp -When used in conjunction with a command or an option that may require -a password, this option will cause -\fBsudo\fR -to ignore the user's cached credentials. -As a result, -\fBsudo\fR -will prompt for a password (if one is required by the security -policy) and will not update the user's cached credentials. -.sp -Not all security policies support credential caching. -.TP 12n -\fB\-l\fR, \fB\--list\fR -If no -\fIcommand\fR -is specified, -list the allowed (and forbidden) commands for the -invoking user (or the user specified by the -\fB\-U\fR -option) on the current host. -A longer list format is used if this option is specified multiple times -and the security policy supports a verbose output format. -.sp -If a -\fIcommand\fR -is specified and is permitted by the security policy, the fully-qualified -path to the command is displayed along with any command line -arguments. -If a -\fIcommand\fR -is specified but not allowed by the policy, -\fBsudo\fR -will exit with a status value of 1. -.TP 12n -\fB\-n\fR, \fB\--non-interactive\fR -Avoid prompting the user for input of any kind. -If a password is required for the command to run, -\fBsudo\fR -will display an error message and exit. -.TP 12n -\fB\-P\fR, \fB\--preserve-groups\fR -Preserve the invoking user's group vector unaltered. -By default, the -\fIsudoers\fR -policy will initialize the group vector to the list of groups the -target user is a member of. -The real and effective group-IDs, however, are still set to match -the target user. -.TP 12n -\fB\-p\fR \fIprompt\fR, \fB\--prompt\fR=\fIprompt\fR -Use a custom password prompt with optional escape sequences. -The following percent -(\(oq%\(cq) -escape sequences are supported by the -\fIsudoers\fR -policy: -.PP -.RS 12n -.PD 0 -.TP 4n -\fR%H\fR -expanded to the host name including the domain name (on if the -machine's host name is fully qualified or the -\fIfqdn\fR -option is set in -sudoers(@mansectform@)) -.PD -.TP 4n -\fR%h\fR -expanded to the local host name without the domain name -.TP 4n -\fR%p\fR -expanded to the name of the user whose password is being requested -(respects the -\fIrootpw\fR, -\fItargetpw\fR, -and -\fIrunaspw\fR -flags in -sudoers(@mansectform@)) -.TP 4n -\fR\&%U\fR -expanded to the login name of the user the command will be run as -(defaults to root unless the -\fB\-u\fR -option is also specified) -.TP 4n -\fR%u\fR -expanded to the invoking user's login name -.TP 4n -\fR%%\fR -two consecutive -\(oq%\(cq -characters are collapsed into a single -\(oq%\(cq -character -.PP -The custom prompt will override the default prompt specified by either -the security policy or the -\fRSUDO_PROMPT\fR -environment variable. -On systems that use PAM, the custom prompt will also override the prompt -specified by a PAM module unless the -\fIpassprompt_override\fR -flag is disabled in -\fIsudoers\fR. -.RE -.TP 12n -\fB\-R\fR \fIdirectory\fR, \fB\--chroot\fR=\fIdirectory\fR -Change to the specified root -\fIdirectory\fR -(see -chroot(@mansectsu@)) -before running the command. -The security policy may return an error if the user does not have -permission to specify the root directory. -.if \n(SL \{\ -.TP 12n -\fB\-r\fR \fIrole\fR, \fB\--role\fR=\fIrole\fR -Run the command with an SELinux security context that includes -the specified -\fIrole\fR. -.\} -.TP 12n -\fB\-S\fR, \fB\--stdin\fR -Write the prompt to the standard error and read the password from the -standard input instead of using the terminal device. -.TP 12n -\fB\-s\fR, \fB\--shell\fR -Run the shell specified by the -\fRSHELL\fR -environment variable if it is set or the shell specified by the -invoking user's password database entry. -If a command is specified, it is passed to the shell for execution -via the shell's -\fB\-c\fR -option. -If no command is specified, an interactive shell is executed. -Note that most shells behave differently when a command is specified -as compared to an interactive session; consult the shell's manual -for details. -.if \n(SL \{\ -.TP 12n -\fB\-t\fR \fItype\fR, \fB\--type\fR=\fItype\fR -Run the command with an SELinux security context that includes -the specified -\fItype\fR. -If no -\fItype\fR -is specified, the default type is derived from the role. -.\} -.TP 12n -\fB\-U\fR \fIuser\fR, \fB\--other-user\fR=\fIuser\fR -Used in conjunction with the -\fB\-l\fR -option to list the privileges for -\fIuser\fR -instead of for the invoking user. -The security policy may restrict listing other users' privileges. -The -\fIsudoers\fR -policy only allows root or a user with the -\fRALL\fR -privilege on the current host to use this option. -.TP 12n -\fB\-T\fR \fItimeout\fR, \fB\--command-timeout\fR=\fItimeout\fR -Used to set a timeout for the command. -If the timeout expires before the command has exited, the -command will be terminated. -The security policy may restrict the ability to set command timeouts. -The -\fIsudoers\fR -policy requires that user-specified timeouts be explicitly enabled. -.TP 12n -\fB\-u\fR \fIuser\fR, \fB\--user\fR=\fIuser\fR -Run the command as a user other than the default target user -(usually -\fIroot\fR). -The -\fIuser\fR -may be either a user name or a numeric user-ID -(UID) -prefixed with the -\(oq#\(cq -character (e.g., -\fR#0\fR -for UID 0). -When running commands as a UID, many shells require that the -\(oq#\(cq -be escaped with a backslash -(\(oq\e\(cq). -Some security policies may restrict UIDs -to those listed in the password database. -The -\fIsudoers\fR -policy allows UIDs that are not in the password database as long as the -\fItargetpw\fR -option is not set. -Other security policies may not support this. -.TP 12n -\fB\-V\fR, \fB\--version\fR -Print the -\fBsudo\fR -version string as well as the version string of the security -policy plugin and any I/O plugins. -If the invoking user is already root the -\fB\-V\fR -option will display the arguments passed to configure when -\fBsudo\fR -was built and plugins may display more verbose information such as -default options. -.TP 12n -\fB\-v\fR, \fB\--validate\fR -Update the user's cached credentials, authenticating the user -if necessary. -For the -\fIsudoers\fR -plugin, this extends the -\fBsudo\fR -timeout for another -\fR@timeout@\fR -minutes by default, but does not run a command. -Not all security policies support cached credentials. -.TP 12n -\fB\--\fR -The -\fB\--\fR -option indicates that -\fBsudo\fR -should stop processing command line arguments. -.PP -Options that take a value may only be specified once unless -otherwise indicated in the description. -This is to help guard against problems caused by poorly written -scripts that invoke -\fBsudo\fR -with user-controlled input. -.PP -Environment variables to be set for the command may also be passed -on the command line in the form of -\fIVAR\fR=\fIvalue\fR, -e.g., -\fRLD_LIBRARY_PATH\fR=\fI/usr/local/pkg/lib\fR. -Variables passed on the command line are subject to restrictions -imposed by the security policy plugin. -The -\fIsudoers\fR -policy subjects variables passed on the command line to the same -restrictions as normal environment variables with one important -exception. -If the -\fIsetenv\fR -option is set in -\fIsudoers\fR, -the command to be run has the -\fRSETENV\fR -tag set or the command matched is -\fRALL\fR, -the user may set variables that would otherwise be forbidden. -See -sudoers(@mansectform@) -for more information. -.SH "COMMAND EXECUTION" -When -\fBsudo\fR -executes a command, the security policy specifies the execution -environment for the command. -Typically, the real and effective user and group and IDs are set to -match those of the target user, as specified in the password database, -and the group vector is initialized based on the group database -(unless the -\fB\-P\fR -option was specified). -.PP -The following parameters may be specified by security policy: -.TP 3n -\fB\(bu\fR -real and effective user-ID -.TP 3n -\fB\(bu\fR -real and effective group-ID -.TP 3n -\fB\(bu\fR -supplementary group-IDs -.TP 3n -\fB\(bu\fR -the environment list -.TP 3n -\fB\(bu\fR -current working directory -.TP 3n -\fB\(bu\fR -file creation mode mask (umask) -.if \n(SL \{\ -.TP 3n -\fB\(bu\fR -SELinux role and type -.\} -.if \n(PS \{\ -.TP 3n -\fB\(bu\fR -Solaris project -.\} -.if \n(PS \{\ -.TP 3n -\fB\(bu\fR -Solaris privileges -.\} -.if \n(LC \{\ -.TP 3n -\fB\(bu\fR -BSD -login class -.\} -.TP 3n -\fB\(bu\fR -scheduling priority (aka nice value) -.SS "Process model" -There are two distinct ways -\fBsudo\fR -can run a command. -.PP -If an I/O logging plugin is configured or if the security policy -explicitly requests it, a new pseudo-terminal -(\(lqpty\(rq) -is allocated and -fork(2) -is used to create a second -\fBsudo\fR -process, referred to as the -\fImonitor\fR. -The -\fImonitor\fR -creates a new terminal session with itself as the leader and the pty as its -controlling terminal, calls -fork(2), -sets up the execution environment as described above, and then uses the -execve(2) -system call to run the command in the child process. -The -\fImonitor\fR -exists to relay job control signals between the user's -existing terminal and the pty the command is being run in. -This makes it possible to suspend and resume the command. -Without the monitor, the command would be in what POSIX terms an -\(lqorphaned process group\(rq -and it would not receive any job control signals from the kernel. -When the command exits or is terminated by a signal, the -\fImonitor\fR -passes the command's exit status to the main -\fBsudo\fR -process and exits. -After receiving the command's exit status, the main -\fBsudo\fR -passes the command's exit status to the security policy's close function -and exits. -.PP -If no pty is used, -\fBsudo\fR -calls -fork(2), -sets up the execution environment as described above, and uses the -execve(2) -system call to run the command in the child process. -The main -\fBsudo\fR -process waits until the command has completed, then passes the -command's exit status to the security policy's close function and exits. -As a special case, if the policy plugin does not define a close -function, -\fBsudo\fR -will execute the command directly instead of calling -fork(2) -first. -The -\fIsudoers\fR -policy plugin will only define a close function when I/O logging -is enabled, a pty is required, or the -\fIpam_session\fR -or -\fIpam_setcred\fR -options are enabled. -Note that -\fIpam_session\fR -and -\fIpam_setcred\fR -are enabled by default on systems using PAM. -.PP -On systems that use PAM, the security policy's close function -is responsible for closing the PAM session. -It may also log the command's exit status. -.SS "Signal handling" -When the command is run as a child of the -\fBsudo\fR -process, -\fBsudo\fR -will relay signals it receives to the command. -The -\fRSIGINT\fR -and -\fRSIGQUIT\fR -signals are only relayed when the command is being run in a new pty -or when the signal was sent by a user process, not the kernel. -This prevents the command from receiving -\fRSIGINT\fR -twice each time the user enters control-C. -Some signals, such as -\fRSIGSTOP\fR -and -\fRSIGKILL\fR, -cannot be caught and thus will not be relayed to the command. -As a general rule, -\fRSIGTSTP\fR -should be used instead of -\fRSIGSTOP\fR -when you wish to suspend a command being run by -\fBsudo\fR. -.PP -As a special case, -\fBsudo\fR -will not relay signals that were sent by the command it is running. -This prevents the command from accidentally killing itself. -On some systems, the -reboot(@mansectsu@) -command sends -\fRSIGTERM\fR -to all non-system processes other than itself before rebooting -the system. -This prevents -\fBsudo\fR -from relaying the -\fRSIGTERM\fR -signal it received back to -reboot(@mansectsu@), -which might then exit before the system was actually rebooted, -leaving it in a half-dead state similar to single user mode. -Note, however, that this check only applies to the command run by -\fBsudo\fR -and not any other processes that the command may create. -As a result, running a script that calls -reboot(@mansectsu@) -or -shutdown(@mansectsu@) -via -\fBsudo\fR -may cause the system to end up in this undefined state unless the -reboot(@mansectsu@) -or -shutdown(@mansectsu@) -are run using the -\fBexec\fR() -family of functions instead of -\fBsystem\fR() -(which interposes a shell between the command and the calling process). -.PP -If no I/O logging plugins are loaded and the policy plugin has not -defined a -\fBclose\fR() -function, set a command timeout or required that the command be -run in a new pty, -\fBsudo\fR -may execute the command directly instead of running it as a child process. -.SS "Plugins" -Plugins may be specified via -\fRPlugin\fR -directives in the -sudo.conf(@mansectform@) -file. -They may be loaded as dynamic shared objects (on systems that support them), -or compiled directly into the -\fBsudo\fR -binary. -If no -sudo.conf(@mansectform@) -file is present, or if it doesn't contain any -\fRPlugin\fR -lines, -\fBsudo\fR -will use -sudoers(@mansectform@) -for the policy, auditing and I/O logging plugins. -See the -sudo.conf(@mansectform@) -manual for details of the -\fI@sysconfdir@/sudo.conf\fR -file and the -sudo_plugin(@mansectform@) -manual for more information about the -\fBsudo\fR -plugin architecture. -.SH "EXIT VALUE" -Upon successful execution of a command, the exit status from -\fBsudo\fR -will be the exit status of the program that was executed. -If the command terminated due to receipt of a signal, -\fBsudo\fR -will send itself the same signal that terminated the command. -.PP -If the -\fB\-l\fR -option was specified without a command, -\fBsudo\fR -will exit with a value of 0 if the user is allowed to run -\fBsudo\fR -and they authenticated successfully (as required by the security policy). -If a command is specified with the -\fB\-l\fR -option, the exit value will only be 0 if the command is permitted by the -security policy, otherwise it will be 1. -.PP -If there is an authentication failure, a configuration/permission -problem or if the given command cannot be executed, -\fBsudo\fR -exits with a value of 1. -In the latter case, the error string is printed to the standard error. -If -\fBsudo\fR -cannot -stat(2) -one or more entries in the user's -\fRPATH\fR, -an error is printed to the standard error. -(If the directory does not exist or if it is not really a directory, -the entry is ignored and no error is printed.) -This should not happen under normal circumstances. -The most common reason for -stat(2) -to return -\(lqpermission denied\(rq -is if you are running an automounter and one of the directories in -your -\fRPATH\fR -is on a machine that is currently unreachable. -.SH "SECURITY NOTES" -\fBsudo\fR -tries to be safe when executing external commands. -.PP -To prevent command spoofing, -\fBsudo\fR -checks "." and "" (both denoting current directory) last when -searching for a command in the user's -\fRPATH\fR -(if one or both are in the -\fRPATH\fR). -Note, however, that the actual -\fRPATH\fR -environment variable is -\fInot\fR -modified and is passed unchanged to the program that -\fBsudo\fR -executes. -.PP -Users should -\fInever\fR -be granted -\fBsudo\fR -privileges to execute files that are writable by the user or -that reside in a directory that is writable by the user. -If the user can modify or replace the command there is no way -to limit what additional commands they can run. -.PP -Please note that -\fBsudo\fR -will normally only log the command it explicitly runs. -If a user runs a command such as -\fRsudo su\fR -or -\fRsudo sh\fR, -subsequent commands run from that shell are not subject to -\fBsudo\fR's -security policy. -The same is true for commands that offer shell escapes (including -most editors). -If I/O logging is enabled, subsequent commands will have their input and/or -output logged, but there will not be traditional logs for those commands. -Because of this, care must be taken when giving users access to commands via -\fBsudo\fR -to verify that the command does not inadvertently give the user an -effective root shell. -For more information, please see the -\fIPreventing shell escapes\fR -section in -sudoers(@mansectform@). -.PP -To prevent the disclosure of potentially sensitive information, -\fBsudo\fR -disables core dumps by default while it is executing (they are -re-enabled for the command that is run). -This historical practice dates from a time when most operating -systems allowed set-user-ID processes to dump core by default. -To aid in debugging -\fBsudo\fR -crashes, you may wish to re-enable core dumps by setting -\(lqdisable_coredump\(rq -to false in the -sudo.conf(@mansectform@) -file as follows: -.nf -.sp -.RS 6n -Set disable_coredump false -.RE -.fi -.PP -See the -sudo.conf(@mansectform@) -manual for more information. -.SH "ENVIRONMENT" -\fBsudo\fR -utilizes the following environment variables. -The security policy has control over the actual content of the command's -environment. -.TP 17n -\fREDITOR\fR -Default editor to use in -\fB\-e\fR -(sudoedit) mode if neither -\fRSUDO_EDITOR\fR -nor -\fRVISUAL\fR -is set. -.TP 17n -\fRMAIL\fR -Set to the mail spool of the target user when the -\fB\-i\fR -option is specified or when -\fIenv_reset\fR -is enabled in -\fIsudoers\fR -(unless -\fRMAIL\fR -is present in the -\fIenv_keep\fR -list). -.TP 17n -\fRHOME\fR -Set to the home directory of the target user when the -\fB\-i\fR -or -\fB\-H\fR -options are specified, when the -\fB\-s\fR -option is specified and -\fIset_home\fR -is set in -\fIsudoers\fR, -when -\fIalways_set_home\fR -is enabled in -\fIsudoers\fR, -or when -\fIenv_reset\fR -is enabled in -\fIsudoers\fR -and -\fIHOME\fR -is not present in the -\fIenv_keep\fR -list. -.TP 17n -\fRLOGNAME\fR -Set to the login name of the target user when the -\fB\-i\fR -option is specified, when the -\fIset_logname\fR -option is enabled in -\fIsudoers\fR -or when the -\fIenv_reset\fR -option is enabled in -\fIsudoers\fR -(unless -\fRLOGNAME\fR -is present in the -\fIenv_keep\fR -list). -.TP 17n -\fRPATH\fR -May be overridden by the security policy. -.TP 17n -\fRSHELL\fR -Used to determine shell to run with -\fB\-s\fR -option. -.TP 17n -\fRSUDO_ASKPASS\fR -Specifies the path to a helper program used to read the password -if no terminal is available or if the -\fB\-A\fR -option is specified. -.TP 17n -\fRSUDO_COMMAND\fR -Set to the command run by sudo, including command line arguments. -The command line arguments are truncated at 4096 characters to -prevent a potential execution error. -.TP 17n -\fRSUDO_EDITOR\fR -Default editor to use in -\fB\-e\fR -(sudoedit) mode. -.TP 17n -\fRSUDO_GID\fR -Set to the group-ID of the user who invoked sudo. -.TP 17n -\fRSUDO_PROMPT\fR -Used as the default password prompt unless -the -\fB\-p\fR -option was specified. -.TP 17n -\fRSUDO_PS1\fR -If set, -\fRPS1\fR -will be set to its value for the program being run. -.TP 17n -\fRSUDO_UID\fR -Set to the user-ID of the user who invoked sudo. -.TP 17n -\fRSUDO_USER\fR -Set to the login name of the user who invoked sudo. -.TP 17n -\fRUSER\fR -Set to the same value as -\fRLOGNAME\fR, -described above. -.TP 17n -\fRVISUAL\fR -Default editor to use in -\fB\-e\fR -(sudoedit) mode if -\fRSUDO_EDITOR\fR -is not set. -.SH "FILES" -.TP 26n -\fI@sysconfdir@/sudo.conf\fR -\fBsudo\fR -front end configuration -.SH "EXAMPLES" -Note: the following examples assume a properly configured security -policy. -.PP -To get a file listing of an unreadable directory: -.nf -.sp -.RS 6n -$ sudo ls /usr/local/protected -.RE -.fi -.PP -To list the home directory of user yaz on a machine where the file -system holding ~yaz is not exported as root: -.nf -.sp -.RS 6n -$ sudo -u yaz ls ~yaz -.RE -.fi -.PP -To edit the -\fIindex.html\fR -file as user www: -.nf -.sp -.RS 6n -$ sudoedit -u www ~www/htdocs/index.html -.RE -.fi -.PP -To view system logs only accessible to root and users in the adm -group: -.nf -.sp -.RS 6n -$ sudo -g adm more /var/log/syslog -.RE -.fi -.PP -To run an editor as jim with a different primary group: -.nf -.sp -.RS 6n -$ sudoedit -u jim -g audio ~jim/sound.txt -.RE -.fi -.PP -To shut down a machine: -.nf -.sp -.RS 6n -$ sudo shutdown -r +15 "quick reboot" -.RE -.fi -.PP -To make a usage listing of the directories in the /home partition. -Note that this runs the commands in a sub-shell to make the -\fRcd\fR -and file redirection work. -.nf -.sp -.RS 6n -$ sudo sh -c "cd /home ; du -s * | sort -rn > USAGE" -.RE -.fi -.SH "DIAGNOSTICS" -Error messages produced by -\fBsudo\fR -include: -.TP 6n -\fRediting files in a writable directory is not permitted\fR -By default, -\fBsudoedit\fR -does not permit editing a file when any of the parent directories are writable -by the invoking user. -This avoids a race condition that could allow the user to overwrite -an arbitrary file. -See the -\fIsudoedit_checkdir\fR -option in -sudoers(@mansectform@) -for more information. -.TP 6n -\fRediting symbolic links is not permitted\fR -By default, -\fBsudoedit\fR -does not follow symbolic links when opening files. -See the -\fIsudoedit_follow\fR -option in -sudoers(@mansectform@) -for more information. -.TP 6n -\fReffective uid is not 0, is sudo installed setuid root?\fR -\fBsudo\fR -was not run with root privileges. -The -\fBsudo\fR -binary must be owned by the root user and have the set-user-ID bit set. -Also, it must not be located on a file system mounted with the -\(oqnosuid\(cq -option or on an NFS file system that maps uid 0 to an unprivileged uid. -.TP 6n -\fReffective uid is not 0, is sudo on a file system with the 'nosuid' option set or an NFS file system without root privileges?\fR -\fBsudo\fR -was not run with root privileges. -The -\fBsudo\fR -binary has the proper owner and permissions but it still did not run -with root privileges. -The most common reason for this is that the file system the -\fBsudo\fR -binary is located on is mounted with the -\(oqnosuid\(cq -option or it is an NFS file system that maps uid 0 to an unprivileged uid. -.TP 6n -\fRfatal error, unable to load plugins\fR -An error occurred while loading or initializing the plugins specified in -sudo.conf(@mansectform@). -.TP 6n -\fRinvalid environment variable name\fR -One or more environment variable names specified via the -\fB\-E\fR -option contained an equal sign -(\(oq=\(cq). -The arguments to the -\fB\-E\fR -option should be environment variable names without an associated value. -.TP 6n -\fRno password was provided\fR -When -\fBsudo\fR -tried to read the password, it did not receive any characters. -This may happen if no terminal is available (or the -\fB\-S\fR -option is specified) and the standard input has been redirected from -\fI/dev/null\fR. -.TP 6n -\fRa terminal is required to read the password\fR -\fBsudo\fR -needs to read the password but there is no mechanism available for it -to do so. -A terminal is not present to read the password from, -\fBsudo\fR -has not been configured to read from the standard input, -the -\fB\-S\fR -option was not used, and no askpass helper has been specified either via the -sudo.conf(@mansectform@) -file or the -\fRSUDO_ASKPASS\fR -environment variable. -.TP 6n -\fRno writable temporary directory found\fR -\fBsudoedit\fR -was unable to find a usable temporary directory in which to store its -intermediate files. -.TP 6n -\fRsudo must be owned by uid 0 and have the setuid bit set\fR -\fBsudo\fR -was not run with root privileges. -The -\fBsudo\fR -binary does not have the correct owner or permissions. -It must be owned by the root user and have the set-user-ID bit set. -.TP 6n -\fRsudoedit is not supported on this platform\fR -It is only possible to run -\fBsudoedit\fR -on systems that support setting the effective user-ID. -.TP 6n -\fRtimed out reading password\fR -The user did not enter a password before the password timeout -(5 minutes by default) expired. -.TP 6n -\fRyou do not exist in the passwd database\fR -Your user-ID does not appear in the system passwd database. -.TP 6n -\fRyou may not specify environment variables in edit mode\fR -It is only possible to specify environment variables when running -a command. -When editing a file, the editor is run with the user's environment unmodified. -.SH "SEE ALSO" -su(1), -stat(2), -login_cap(3), -passwd(@mansectform@), -sudo.conf(@mansectform@), -sudo_plugin(@mansectform@), -sudoers(@mansectform@), -sudoers_timestamp(@mansectform@), -sudoreplay(@mansectsu@), -visudo(@mansectsu@) -.SH "HISTORY" -See the HISTORY file in the -\fBsudo\fR -distribution (https://www.sudo.ws/history.html) for a brief -history of sudo. -.SH "AUTHORS" -Many people have worked on -\fBsudo\fR -over the years; this version consists of code written primarily by: -.sp -.RS 6n -Todd C. Miller -.RE -.PP -See the CONTRIBUTORS file in the -\fBsudo\fR -distribution (https://www.sudo.ws/contributors.html) for an -exhaustive list of people who have contributed to -\fBsudo\fR. -.SH "CAVEATS" -There is no easy way to prevent a user from gaining a root shell -if that user is allowed to run arbitrary commands via -\fBsudo\fR. -Also, many programs (such as editors) allow the user to run commands -via shell escapes, thus avoiding -\fBsudo\fR's -checks. -However, on most systems it is possible to prevent shell escapes with the -sudoers(@mansectform@) -plugin's -\fInoexec\fR -functionality. -.PP -It is not meaningful to run the -\fRcd\fR -command directly via sudo, e.g., -.nf -.sp -.RS 6n -$ sudo cd /usr/local/protected -.RE -.fi -.PP -since when the command exits the parent process (your shell) will -still be the same. -Please see the -\fIEXAMPLES\fR -section for more information. -.PP -Running shell scripts via -\fBsudo\fR -can expose the same kernel bugs that make set-user-ID shell scripts -unsafe on some operating systems (if your OS has a /dev/fd/ directory, -set-user-ID shell scripts are generally safe). -.SH "BUGS" -If you feel you have found a bug in -\fBsudo\fR, -please submit a bug report at https://bugzilla.sudo.ws/ -.SH "SUPPORT" -Limited free support is available via the sudo-users mailing list, -see https://www.sudo.ws/mailman/listinfo/sudo-users to subscribe or -search the archives. -.SH "DISCLAIMER" -\fBsudo\fR -is provided -\(lqAS IS\(rq -and any express or implied warranties, including, but not limited -to, the implied warranties of merchantability and fitness for a -particular purpose are disclaimed. -See the LICENSE file distributed with -\fBsudo\fR -or https://www.sudo.ws/license.html for complete details. diff -Nru sudo-1.9.5p2/doc/sudo.man.in.sed sudo-1.9.9/doc/sudo.man.in.sed --- sudo-1.9.5p2/doc/sudo.man.in.sed 2020-12-17 01:33:43.000000000 +0000 +++ sudo-1.9.9/doc/sudo.man.in.sed 1970-01-01 00:00:00.000000000 +0000 @@ -1,76 +0,0 @@ -s/^\(.TH .*\)/.nr SL @SEMAN@\ -.nr BA @BAMAN@\ -.nr LC @LCMAN@\ -.nr PS @PSMAN@\ -\1/ - -s/^\(\[\\fB\\-a\\fR.*\\fItype\\fR\]\) *$/.if \\n(BA \1/ -s/^\(\[\\fB\\-c\\fR.*\\fIclass\\fR\]\) *$/.if \\n(LC \1/ -s/^\(\[\\fB\\-r\\fR.*\\fIrole\\fR\]\) *$/.if \\n(SL \1/ -s/^\(\[\\fB\\-t\\fR.*\\fItype\\fR\]\) *$/.if \\n(SL \1/ - -/^\.TP 12n$/ { - N - /^\.TP 12n\n\\fB\\-a\\fR.*\\fItype\\fR$/,/^\.TP 12n/ { - /^\.TP 12n/ { - /^\.TP 12n\n\\fB\\-a\\fR.*\\fItype\\fR$/i\ -.if \\n(BA \\{\\ - /^\.TP 12n\n\\fB\\-a\\fR.*\\fItype\\fR$/!i\ -.\\} - } - } - /^\.TP 12n\n\\fB\\-c\\fR.*\\fIclass\\fR$/,/^\.TP 12n/ { - /^\.TP 12n/ { - /^\.TP 12n\n\\fB\\-c\\fR.*\\fIclass\\fR$/i\ -.if \\n(LC \\{\\ - /^\.TP 12n\n\\fB\\-c\\fR.*\\fIclass\\fR$/!i\ -.\\} - } - } - /^\.TP 12n\n\\fB\\-r\\fR.*\\fIrole\\fR$/,/^\.TP 12n/ { - /^\.TP 12n/ { - /^\.TP 12n\n\\fB\\-r\\fR.*\\fIrole\\fR$/i\ -.if \\n(SL \\{\\ - /^\.TP 12n\n\\fB\\-r\\fR.*\\fIrole\\fR$/!i\ -.\\} - } - } - /^\.TP 12n\n\\fB\\-t\\fR.*\\fItype\\fR$/,/^\.TP 12n/ { - /^\.TP 12n/ { - /^\.TP 12n\n\\fB\\-t\\fR.*\\fItype\\fR$/i\ -.if \\n(SL \\{\\ - /^\.TP 12n\n\\fB\\-t\\fR.*\\fItype\\fR$/!i\ -.\\} - } - } -} - -/^\.TP 3n$/ { - N - N - /^.TP 3n\n\\fB\\(bu\\fR\nSELinux role and type$/ { - i\ -.if \\n(SL \\{\\ - a\ -.\\} - } - /^.TP 3n\n\\fB\\(bu\\fR\nSolaris project$/ { - i\ -.if \\n(PS \\{\\ - a\ -.\\} - } - /^.TP 3n\n\\fB\\(bu\\fR\nSolaris privileges$/ { - i\ -.if \\n(PS \\{\\ - a\ -.\\} - } - /^.TP 3n\n\\fB\\(bu\\fR\nBSD$/ { - N - i\ -.if \\n(LC \\{\\ - a\ -.\\} - } -} diff -Nru sudo-1.9.5p2/doc/sudo.mdoc.in sudo-1.9.9/doc/sudo.mdoc.in --- sudo-1.9.5p2/doc/sudo.mdoc.in 2020-12-17 01:33:43.000000000 +0000 +++ sudo-1.9.9/doc/sudo.mdoc.in 1970-01-01 00:00:00.000000000 +0000 @@ -1,1383 +0,0 @@ -.\" -.\" SPDX-License-Identifier: ISC -.\" -.\" Copyright (c) 1994-1996, 1998-2005, 2007-2020 -.\" Todd C. Miller -.\" -.\" Permission to use, copy, modify, and distribute this software for any -.\" purpose with or without fee is hereby granted, provided that the above -.\" copyright notice and this permission notice appear in all copies. -.\" -.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES -.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF -.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR -.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES -.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN -.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF -.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. -.\" -.\" Sponsored in part by the Defense Advanced Research Projects -.\" Agency (DARPA) and Air Force Research Laboratory, Air Force -.\" Materiel Command, USAF, under agreement number F39502-99-1-0512. -.\" -.nr SL @SEMAN@ -.nr BA @BAMAN@ -.nr LC @LCMAN@ -.nr PS @PSMAN@ -.Dd September 1, 2020 -.Dt SUDO @mansectsu@ -.Os Sudo @PACKAGE_VERSION@ -.Sh NAME -.Nm sudo , -.Nm sudoedit -.Nd execute a command as another user -.Sh SYNOPSIS -.Nm sudo -.Fl h | K | k | V -.Nm sudo -.Fl v -.Op Fl ABknS -.if \n(BA \{\ -.Op Fl a Ar type -.\} -.Op Fl g Ar group -.Op Fl h Ar host -.Op Fl p Ar prompt -.Op Fl u Ar user -.Nm sudo -.Fl l -.Op Fl ABknS -.if \n(BA \{\ -.Op Fl a Ar type -.\} -.Op Fl g Ar group -.Op Fl h Ar host -.Op Fl p Ar prompt -.Op Fl U Ar user -.Op Fl u Ar user -.Op Ar command -.Nm sudo -.Op Fl ABbEHnPS -.if \n(BA \{\ -.Op Fl a Ar type -.\} -.Op Fl C Ar num -.if \n(LC \{\ -.Op Fl c Ar class -.\} -.Op Fl D Ar directory -.Op Fl g Ar group -.Op Fl h Ar host -.Op Fl p Ar prompt -.Op Fl R Ar directory -.if \n(SL \{\ -.Op Fl r Ar role -.Op Fl t Ar type -.\} -.Op Fl T Ar timeout -.Op Fl u Ar user -.Op Ar VAR Ns = Ns Ar value -.Op Fl i | s -.Op Ar command -.Nm sudoedit -.Op Fl ABknS -.if \n(BA \{\ -.Op Fl a Ar type -.\} -.Op Fl C Ar num -.if \n(LC \{\ -.Op Fl c Ar class -.\} -.Op Fl D Ar directory -.Op Fl g Ar group -.Op Fl h Ar host -.Op Fl p Ar prompt -.Op Fl R Ar directory -.if \n(SL \{\ -.Op Fl r Ar role -.Op Fl t Ar type -.\} -.Op Fl T Ar timeout -.Op Fl u Ar user -.Ar -.Sh DESCRIPTION -.Nm -allows a permitted user to execute a -.Ar command -as the superuser or another user, as specified by the security -policy. -The invoking user's real -.Pq Em not No effective -user-ID is used to determine the user name with which -to query the security policy. -.Pp -.Nm -supports a plugin architecture for security policies and input/output -logging. -Third parties can develop and distribute their own policy and I/O -logging plugins to work seamlessly with the -.Nm -front end. -The default security policy is -.Em sudoers , -which is configured via the file -.Pa @sysconfdir@/sudoers , -or via LDAP. -See the -.Sx Plugins -section for more information. -.Pp -The security policy determines what privileges, if any, a user has -to run -.Nm . -The policy may require that users authenticate themselves with a -password or another authentication mechanism. -If authentication is required, -.Nm -will exit if the user's password is not entered within a configurable -time limit. -This limit is policy-specific; the default password prompt timeout -for the -.Em sudoers -security policy is -.Li @password_timeout@ -minutes. -.Pp -Security policies may support credential caching to allow the user -to run -.Nm -again for a period of time without requiring authentication. -By default, the -.Em sudoers -policy caches credentials on a per-terminal basis for -.Li @timeout@ -minutes. -See the -.Em timestamp_type -and -.Em timestamp_timeout -options in -.Xr sudoers @mansectform@ -for more information. -By running -.Nm -with the -.Fl v -option, a user can update the cached credentials without running a -.Ar command . -.Pp -On systems where -.Nm -is the primary method of gaining superuser privileges, it is imperative -to avoid syntax errors in the security policy configuration files. -For the default security policy, -.Xr sudoers @mansectform@ , -changes to the configuration files should be made using the -.Xr visudo @mansectsu@ -utility which will ensure that no syntax errors are introduced. -.Pp -When invoked as -.Nm sudoedit , -the -.Fl e -option (described below), is implied. -.Pp -Security policies may log successful and failed attempts to use -.Nm . -If an I/O plugin is configured, the running command's input and -output may be logged as well. -.Pp -The options are as follows: -.Bl -tag -width Fl -.It Fl A , -askpass -Normally, if -.Nm -requires a password, it will read it from the user's terminal. -If the -.Fl A Pq Em askpass -option is specified, a (possibly graphical) helper program is -executed to read the user's password and output the password to the -standard output. -If the -.Ev SUDO_ASKPASS -environment variable is set, it specifies the path to the helper -program. -Otherwise, if -.Xr sudo.conf @mansectform@ -contains a line specifying the askpass program, that value will be -used. -For example: -.Bd -literal -offset 4n -# Path to askpass helper program -Path askpass /usr/X11R6/bin/ssh-askpass -.Ed -.Pp -If no askpass program is available, -.Nm -will exit with an error. -.if \n(BA \{\ -.It Fl a Ar type , Fl -auth-type Ns = Ns Ar type -Use the specified -.Bx -authentication -.Ar type -when validating the user, if allowed by -.Pa /etc/login.conf . -The system administrator may specify a list of sudo-specific -authentication methods by adding an -.Dq auth-sudo -entry in -.Pa /etc/login.conf . -This option is only available on systems that support -.Bx -authentication. -.\} -.It Fl B , -bell -Ring the bell as part of the password promp when a terminal is present. -This option has no effect if an askpass program is used. -.It Fl b , -background -Run the given command in the background. -Note that it is not possible to use shell job control to manipulate -background processes started by -.Nm . -Most interactive commands will fail to work properly in background -mode. -.It Fl C Ar num , Fl -close-from Ns = Ns Ar num -Close all file descriptors greater than or equal to -.Ar num -before executing a command. -Values less than three are not permitted. -By default, -.Nm -will close all open file descriptors other than standard input, -standard output and standard error when executing a command. -The security policy may restrict the user's ability to use this option. -The -.Em sudoers -policy only permits use of the -.Fl C -option when the administrator has enabled the -.Em closefrom_override -option. -.if \n(LC \{\ -.It Fl c Ar class , Fl -login-class Ns = Ns Ar class -Run the command with resource limits and scheduling priority of -the specified login -.Ar class . -The -.Ar class -argument can be either a class name as defined in -.Pa /etc/login.conf , -or a single -.Ql \- -character. -If -.Ar class -is -.Cm - , -the default login class of the target user will be used. -Otherwise, the command must be run as the superuser (user-ID 0), or -.Nm -must be run from a shell that is already running as the superuser. -If the command is being run as a login shell, additional -.Pa /etc/login.conf -settings, such as the umask and environment variables, will -be applied, if present. -This option is only available on systems with -.Bx -login classes. -.\} -.It Fl D Ar directory , Fl -chdir Ns = Ns Ar directory -Run the command in the specified -.Ar directory -instead of the current working directory. -The security policy may return an error if the user does not have -permission to specify the working directory. -.It Fl E , -preserve-env -Indicates to the security policy that the user wishes to -preserve their existing environment variables. -The security policy may return an error if the user does not have -permission to preserve the environment. -.It Fl -preserve-env=list -Indicates to the security policy that the user wishes to add the -comma-separated list of environment variables to those preserved -from the user's environment. -The security policy may return an error if the user does not have -permission to preserve the environment. -This option may be specified multiple times. -.It Fl e , -edit -Edit one or more files instead of running a command. -In lieu of a path name, the string "sudoedit" is used when consulting -the security policy. -If the user is authorized by the policy, the following steps are -taken: -.Bl -enum -offset 4 -.It -Temporary copies are made of the files to be edited with the owner -set to the invoking user. -.It -The editor specified by the policy is run to edit the temporary -files. -The -.Em sudoers -policy uses the -.Ev SUDO_EDITOR , -.Ev VISUAL -and -.Ev EDITOR -environment variables (in that order). -If none of -.Ev SUDO_EDITOR , -.Ev VISUAL -or -.Ev EDITOR -are set, the first program listed in the -.Em editor -.Xr sudoers @mansectform@ -option is used. -.It -If they have been modified, the temporary files are copied back to -their original location and the temporary versions are removed. -.El -.Pp -To help prevent the editing of unauthorized files, the following -restrictions are enforced unless explicitly allowed by the security policy: -.Bl -bullet -offset 4 -width 1n -.It -Symbolic links may not be edited (version 1.8.15 and higher). -.It -Symbolic links along the path to be edited are not followed when the -parent directory is writable by the invoking user unless that user -is root (version 1.8.16 and higher). -.It -Files located in a directory that is writable by the invoking user may -not be edited unless that user is root (version 1.8.16 and higher). -.El -.Pp -Users are never allowed to edit device special files. -.Pp -If the specified file does not exist, it will be created. -Note that unlike most commands run by -.Em sudo , -the editor is run with the invoking user's environment unmodified. -If the temporary file becomes empty after editing, the user will -be prompted before it is installed. -If, for some reason, -.Nm -is unable to update a file with its edited version, the user will -receive a warning and the edited copy will remain in a temporary -file. -.It Fl g Ar group , Fl -group Ns = Ns Ar group -Run the command with the primary group set to -.Ar group -instead of the primary group specified by the target -user's password database entry. -The -.Ar group -may be either a group name or a numeric group-ID -.Pq GID -prefixed with the -.Ql # -character (e.g., -.Li #0 -for GID 0). -When running a command as a GID, many shells require that the -.Ql # -be escaped with a backslash -.Pq Ql \e . -If no -.Fl u -option is specified, the command will be run as the invoking user. -In either case, the primary group will be set to -.Ar group . -The -.Em sudoers -policy permits any of the target user's groups to be specified via -the -.Fl g -option as long as the -.Fl P -option is not in use. -.It Fl H , -set-home -Request that the security policy set the -.Ev HOME -environment variable to the home directory specified by the target -user's password database entry. -Depending on the policy, this may be the default behavior. -.It Fl h , -help -Display a short help message to the standard output and exit. -.It Fl h Ar host , Fl -host Ns = Ns Ar host -Run the command on the specified -.Ar host -if the security policy plugin supports remote commands. -Note that the -.Em sudoers -plugin does not currently support running remote commands. -This may also be used in conjunction with the -.Fl l -option to list a user's privileges for the remote host. -.It Fl i , -login -Run the shell specified by the target user's password database entry -as a login shell. -This means that login-specific resource files such as -.Pa .profile , -.Pa .bash_profile -or -.Pa .login -will be read by the shell. -If a command is specified, it is passed to the shell for execution -via the shell's -.Fl c -option. -If no command is specified, an interactive shell is executed. -.Nm -attempts to change to that user's home directory before running the -shell. -The command is run with an environment similar to the one -a user would receive at log in. -Note that most shells behave differently when a command is specified -as compared to an interactive session; consult the shell's manual -for details. -The -.Em Command environment -section in the -.Xr sudoers @mansectform@ -manual documents how the -.Fl i -option affects the environment in which a command is run when the -.Em sudoers -policy is in use. -.It Fl K , -remove-timestamp -Similar to the -.Fl k -option, except that it removes the user's cached credentials entirely -and may not be used in conjunction with a command or other option. -This option does not require a password. -Not all security policies support credential caching. -.It Fl k , -reset-timestamp -When used without a command, invalidates the user's cached credentials. -In other words, the next time -.Nm -is run a password will be required. -This option does not require a password and was added to allow a -user to revoke -.Nm -permissions from a -.Pa .logout -file. -.Pp -When used in conjunction with a command or an option that may require -a password, this option will cause -.Nm -to ignore the user's cached credentials. -As a result, -.Nm -will prompt for a password (if one is required by the security -policy) and will not update the user's cached credentials. -.Pp -Not all security policies support credential caching. -.It Fl l , Fl -list -If no -.Ar command -is specified, -list the allowed (and forbidden) commands for the -invoking user (or the user specified by the -.Fl U -option) on the current host. -A longer list format is used if this option is specified multiple times -and the security policy supports a verbose output format. -.Pp -If a -.Ar command -is specified and is permitted by the security policy, the fully-qualified -path to the command is displayed along with any command line -arguments. -If a -.Ar command -is specified but not allowed by the policy, -.Nm -will exit with a status value of 1. -.It Fl n , -non-interactive -Avoid prompting the user for input of any kind. -If a password is required for the command to run, -.Nm -will display an error message and exit. -.It Fl P , -preserve-groups -Preserve the invoking user's group vector unaltered. -By default, the -.Em sudoers -policy will initialize the group vector to the list of groups the -target user is a member of. -The real and effective group-IDs, however, are still set to match -the target user. -.It Fl p Ar prompt , Fl -prompt Ns = Ns Ar prompt -Use a custom password prompt with optional escape sequences. -The following percent -.Pq Ql % -escape sequences are supported by the -.Em sudoers -policy: -.Bl -tag -width 2n -.It Li %H -expanded to the host name including the domain name (on if the -machine's host name is fully qualified or the -.Em fqdn -option is set in -.Xr sudoers @mansectform@ ) -.It Li %h -expanded to the local host name without the domain name -.It Li %p -expanded to the name of the user whose password is being requested -(respects the -.Em rootpw , -.Em targetpw , -and -.Em runaspw -flags in -.Xr sudoers @mansectform@ ) -.It Li \&%U -expanded to the login name of the user the command will be run as -(defaults to root unless the -.Fl u -option is also specified) -.It Li %u -expanded to the invoking user's login name -.It Li %% -two consecutive -.Ql % -characters are collapsed into a single -.Ql % -character -.El -.Pp -The custom prompt will override the default prompt specified by either -the security policy or the -.Ev SUDO_PROMPT -environment variable. -On systems that use PAM, the custom prompt will also override the prompt -specified by a PAM module unless the -.Em passprompt_override -flag is disabled in -.Em sudoers . -.It Fl R Ar directory , Fl -chroot Ns = Ns Ar directory -Change to the specified root -.Ar directory -(see -.Xr chroot @mansectsu@ ) -before running the command. -The security policy may return an error if the user does not have -permission to specify the root directory. -.if \n(SL \{\ -.It Fl r Ar role , Fl -role Ns = Ns Ar role -Run the command with an SELinux security context that includes -the specified -.Ar role . -.\} -.It Fl S , -stdin -Write the prompt to the standard error and read the password from the -standard input instead of using the terminal device. -.It Fl s , -shell -Run the shell specified by the -.Ev SHELL -environment variable if it is set or the shell specified by the -invoking user's password database entry. -If a command is specified, it is passed to the shell for execution -via the shell's -.Fl c -option. -If no command is specified, an interactive shell is executed. -Note that most shells behave differently when a command is specified -as compared to an interactive session; consult the shell's manual -for details. -.if \n(SL \{\ -.It Fl t Ar type , Fl -type Ns = Ns Ar type -Run the command with an SELinux security context that includes -the specified -.Ar type . -If no -.Ar type -is specified, the default type is derived from the role. -.\} -.It Fl U Ar user , Fl -other-user Ns = Ns Ar user -Used in conjunction with the -.Fl l -option to list the privileges for -.Ar user -instead of for the invoking user. -The security policy may restrict listing other users' privileges. -The -.Em sudoers -policy only allows root or a user with the -.Li ALL -privilege on the current host to use this option. -.It Fl T Ar timeout , Fl -command-timeout Ns = Ns Ar timeout -Used to set a timeout for the command. -If the timeout expires before the command has exited, the -command will be terminated. -The security policy may restrict the ability to set command timeouts. -The -.Em sudoers -policy requires that user-specified timeouts be explicitly enabled. -.It Fl u Ar user , Fl -user Ns = Ns Ar user -Run the command as a user other than the default target user -(usually -.Em root ) . -The -.Ar user -may be either a user name or a numeric user-ID -.Pq UID -prefixed with the -.Ql # -character (e.g., -.Li #0 -for UID 0). -When running commands as a UID, many shells require that the -.Ql # -be escaped with a backslash -.Pq Ql \e . -Some security policies may restrict UIDs -to those listed in the password database. -The -.Em sudoers -policy allows UIDs that are not in the password database as long as the -.Em targetpw -option is not set. -Other security policies may not support this. -.It Fl V , -version -Print the -.Nm -version string as well as the version string of the security -policy plugin and any I/O plugins. -If the invoking user is already root the -.Fl V -option will display the arguments passed to configure when -.Nm -was built and plugins may display more verbose information such as -default options. -.It Fl v , -validate -Update the user's cached credentials, authenticating the user -if necessary. -For the -.Em sudoers -plugin, this extends the -.Nm -timeout for another -.Li @timeout@ -minutes by default, but does not run a command. -Not all security policies support cached credentials. -.It Fl - -The -.Fl - -option indicates that -.Nm -should stop processing command line arguments. -.El -.Pp -Options that take a value may only be specified once unless -otherwise indicated in the description. -This is to help guard against problems caused by poorly written -scripts that invoke -.Nm sudo -with user-controlled input. -.Pp -Environment variables to be set for the command may also be passed -on the command line in the form of -.Ar VAR Ns = Ns Ar value , -e.g., -.Ev LD_LIBRARY_PATH Ns = Ns Pa /usr/local/pkg/lib . -Variables passed on the command line are subject to restrictions -imposed by the security policy plugin. -The -.Em sudoers -policy subjects variables passed on the command line to the same -restrictions as normal environment variables with one important -exception. -If the -.Em setenv -option is set in -.Em sudoers , -the command to be run has the -.Li SETENV -tag set or the command matched is -.Li ALL , -the user may set variables that would otherwise be forbidden. -See -.Xr sudoers @mansectform@ -for more information. -.Sh COMMAND EXECUTION -When -.Nm -executes a command, the security policy specifies the execution -environment for the command. -Typically, the real and effective user and group and IDs are set to -match those of the target user, as specified in the password database, -and the group vector is initialized based on the group database -(unless the -.Fl P -option was specified). -.Pp -The following parameters may be specified by security policy: -.Bl -bullet -width 1n -.It -real and effective user-ID -.It -real and effective group-ID -.It -supplementary group-IDs -.It -the environment list -.It -current working directory -.It -file creation mode mask (umask) -.if \n(SL \{\ -.It -SELinux role and type -.\} -.if \n(PS \{\ -.It -Solaris project -.It -Solaris privileges -.\} -.if \n(LC \{\ -.It -.Bx -login class -.\} -.It -scheduling priority (aka nice value) -.El -.Ss Process model -There are two distinct ways -.Nm -can run a command. -.Pp -If an I/O logging plugin is configured or if the security policy -explicitly requests it, a new pseudo-terminal -.Pq Dq pty -is allocated and -.Xr fork 2 -is used to create a second -.Nm -process, referred to as the -.Em monitor . -The -.Em monitor -creates a new terminal session with itself as the leader and the pty as its -controlling terminal, calls -.Xr fork 2 , -sets up the execution environment as described above, and then uses the -.Xr execve 2 -system call to run the command in the child process. -The -.Em monitor -exists to relay job control signals between the user's -existing terminal and the pty the command is being run in. -This makes it possible to suspend and resume the command. -Without the monitor, the command would be in what POSIX terms an -.Dq orphaned process group -and it would not receive any job control signals from the kernel. -When the command exits or is terminated by a signal, the -.Em monitor -passes the command's exit status to the main -.Nm -process and exits. -After receiving the command's exit status, the main -.Nm -passes the command's exit status to the security policy's close function -and exits. -.Pp -If no pty is used, -.Nm -calls -.Xr fork 2 , -sets up the execution environment as described above, and uses the -.Xr execve 2 -system call to run the command in the child process. -The main -.Nm -process waits until the command has completed, then passes the -command's exit status to the security policy's close function and exits. -As a special case, if the policy plugin does not define a close -function, -.Nm -will execute the command directly instead of calling -.Xr fork 2 -first. -The -.Em sudoers -policy plugin will only define a close function when I/O logging -is enabled, a pty is required, or the -.Em pam_session -or -.Em pam_setcred -options are enabled. -Note that -.Em pam_session -and -.Em pam_setcred -are enabled by default on systems using PAM. -.Pp -On systems that use PAM, the security policy's close function -is responsible for closing the PAM session. -It may also log the command's exit status. -.Ss Signal handling -When the command is run as a child of the -.Nm -process, -.Nm -will relay signals it receives to the command. -The -.Dv SIGINT -and -.Dv SIGQUIT -signals are only relayed when the command is being run in a new pty -or when the signal was sent by a user process, not the kernel. -This prevents the command from receiving -.Dv SIGINT -twice each time the user enters control-C. -Some signals, such as -.Dv SIGSTOP -and -.Dv SIGKILL , -cannot be caught and thus will not be relayed to the command. -As a general rule, -.Dv SIGTSTP -should be used instead of -.Dv SIGSTOP -when you wish to suspend a command being run by -.Nm . -.Pp -As a special case, -.Nm -will not relay signals that were sent by the command it is running. -This prevents the command from accidentally killing itself. -On some systems, the -.Xr reboot @mansectsu@ -command sends -.Dv SIGTERM -to all non-system processes other than itself before rebooting -the system. -This prevents -.Nm -from relaying the -.Dv SIGTERM -signal it received back to -.Xr reboot @mansectsu@ , -which might then exit before the system was actually rebooted, -leaving it in a half-dead state similar to single user mode. -Note, however, that this check only applies to the command run by -.Nm -and not any other processes that the command may create. -As a result, running a script that calls -.Xr reboot @mansectsu@ -or -.Xr shutdown @mansectsu@ -via -.Nm -may cause the system to end up in this undefined state unless the -.Xr reboot @mansectsu@ -or -.Xr shutdown @mansectsu@ -are run using the -.Fn exec -family of functions instead of -.Fn system -(which interposes a shell between the command and the calling process). -.Pp -If no I/O logging plugins are loaded and the policy plugin has not -defined a -.Fn close -function, set a command timeout or required that the command be -run in a new pty, -.Nm -may execute the command directly instead of running it as a child process. -.Ss Plugins -Plugins may be specified via -.Li Plugin -directives in the -.Xr sudo.conf @mansectform@ -file. -They may be loaded as dynamic shared objects (on systems that support them), -or compiled directly into the -.Nm -binary. -If no -.Xr sudo.conf @mansectform@ -file is present, or if it doesn't contain any -.Li Plugin -lines, -.Nm -will use -.Xr sudoers @mansectform@ -for the policy, auditing and I/O logging plugins. -See the -.Xr sudo.conf @mansectform@ -manual for details of the -.Pa @sysconfdir@/sudo.conf -file and the -.Xr sudo_plugin @mansectform@ -manual for more information about the -.Nm -plugin architecture. -.Sh EXIT VALUE -Upon successful execution of a command, the exit status from -.Nm -will be the exit status of the program that was executed. -If the command terminated due to receipt of a signal, -.Nm -will send itself the same signal that terminated the command. -.Pp -If the -.Fl l -option was specified without a command, -.Nm -will exit with a value of 0 if the user is allowed to run -.Nm -and they authenticated successfully (as required by the security policy). -If a command is specified with the -.Fl l -option, the exit value will only be 0 if the command is permitted by the -security policy, otherwise it will be 1. -.Pp -If there is an authentication failure, a configuration/permission -problem or if the given command cannot be executed, -.Nm -exits with a value of 1. -In the latter case, the error string is printed to the standard error. -If -.Nm -cannot -.Xr stat 2 -one or more entries in the user's -.Ev PATH , -an error is printed to the standard error. -(If the directory does not exist or if it is not really a directory, -the entry is ignored and no error is printed.) -This should not happen under normal circumstances. -The most common reason for -.Xr stat 2 -to return -.Dq permission denied -is if you are running an automounter and one of the directories in -your -.Ev PATH -is on a machine that is currently unreachable. -.Sh SECURITY NOTES -.Nm -tries to be safe when executing external commands. -.Pp -To prevent command spoofing, -.Nm -checks "." and "" (both denoting current directory) last when -searching for a command in the user's -.Ev PATH -(if one or both are in the -.Ev PATH ) . -Note, however, that the actual -.Ev PATH -environment variable is -.Em not -modified and is passed unchanged to the program that -.Nm -executes. -.Pp -Users should -.Em never -be granted -.Nm -privileges to execute files that are writable by the user or -that reside in a directory that is writable by the user. -If the user can modify or replace the command there is no way -to limit what additional commands they can run. -.Pp -Please note that -.Nm -will normally only log the command it explicitly runs. -If a user runs a command such as -.Li sudo su -or -.Li sudo sh , -subsequent commands run from that shell are not subject to -.Nm sudo Ns 's -security policy. -The same is true for commands that offer shell escapes (including -most editors). -If I/O logging is enabled, subsequent commands will have their input and/or -output logged, but there will not be traditional logs for those commands. -Because of this, care must be taken when giving users access to commands via -.Nm -to verify that the command does not inadvertently give the user an -effective root shell. -For more information, please see the -.Em Preventing shell escapes -section in -.Xr sudoers @mansectform@ . -.Pp -To prevent the disclosure of potentially sensitive information, -.Nm -disables core dumps by default while it is executing (they are -re-enabled for the command that is run). -This historical practice dates from a time when most operating -systems allowed set-user-ID processes to dump core by default. -To aid in debugging -.Nm -crashes, you may wish to re-enable core dumps by setting -.Dq disable_coredump -to false in the -.Xr sudo.conf @mansectform@ -file as follows: -.Bd -literal -offset indent -Set disable_coredump false -.Ed -.Pp -See the -.Xr sudo.conf @mansectform@ -manual for more information. -.Sh ENVIRONMENT -.Nm -utilizes the following environment variables. -The security policy has control over the actual content of the command's -environment. -.Bl -tag -width 15n -.It Ev EDITOR -Default editor to use in -.Fl e -(sudoedit) mode if neither -.Ev SUDO_EDITOR -nor -.Ev VISUAL -is set. -.It Ev MAIL -Set to the mail spool of the target user when the -.Fl i -option is specified or when -.Em env_reset -is enabled in -.Em sudoers -(unless -.Ev MAIL -is present in the -.Em env_keep -list). -.It Ev HOME -Set to the home directory of the target user when the -.Fl i -or -.Fl H -options are specified, when the -.Fl s -option is specified and -.Em set_home -is set in -.Em sudoers , -when -.Em always_set_home -is enabled in -.Em sudoers , -or when -.Em env_reset -is enabled in -.Em sudoers -and -.Em HOME -is not present in the -.Em env_keep -list. -.It Ev LOGNAME -Set to the login name of the target user when the -.Fl i -option is specified, when the -.Em set_logname -option is enabled in -.Em sudoers -or when the -.Em env_reset -option is enabled in -.Em sudoers -(unless -.Ev LOGNAME -is present in the -.Em env_keep -list). -.It Ev PATH -May be overridden by the security policy. -.It Ev SHELL -Used to determine shell to run with -.Fl s -option. -.It Ev SUDO_ASKPASS -Specifies the path to a helper program used to read the password -if no terminal is available or if the -.Fl A -option is specified. -.It Ev SUDO_COMMAND -Set to the command run by sudo, including command line arguments. -The command line arguments are truncated at 4096 characters to -prevent a potential execution error. -.It Ev SUDO_EDITOR -Default editor to use in -.Fl e -(sudoedit) mode. -.It Ev SUDO_GID -Set to the group-ID of the user who invoked sudo. -.It Ev SUDO_PROMPT -Used as the default password prompt unless -the -.Fl p -option was specified. -.It Ev SUDO_PS1 -If set, -.Ev PS1 -will be set to its value for the program being run. -.It Ev SUDO_UID -Set to the user-ID of the user who invoked sudo. -.It Ev SUDO_USER -Set to the login name of the user who invoked sudo. -.It Ev USER -Set to the same value as -.Ev LOGNAME , -described above. -.It Ev VISUAL -Default editor to use in -.Fl e -(sudoedit) mode if -.Ev SUDO_EDITOR -is not set. -.El -.Sh FILES -.Bl -tag -width 24n -.It Pa @sysconfdir@/sudo.conf -.Nm -front end configuration -.El -.Sh EXAMPLES -Note: the following examples assume a properly configured security -policy. -.Pp -To get a file listing of an unreadable directory: -.Bd -literal -offset indent -$ sudo ls /usr/local/protected -.Ed -.Pp -To list the home directory of user yaz on a machine where the file -system holding ~yaz is not exported as root: -.Bd -literal -offset indent -$ sudo -u yaz ls ~yaz -.Ed -.Pp -To edit the -.Pa index.html -file as user www: -.Bd -literal -offset indent -$ sudoedit -u www ~www/htdocs/index.html -.Ed -.Pp -To view system logs only accessible to root and users in the adm -group: -.Bd -literal -offset indent -$ sudo -g adm more /var/log/syslog -.Ed -.Pp -To run an editor as jim with a different primary group: -.Bd -literal -offset indent -$ sudoedit -u jim -g audio ~jim/sound.txt -.Ed -.Pp -To shut down a machine: -.Bd -literal -offset indent -$ sudo shutdown -r +15 "quick reboot" -.Ed -.Pp -To make a usage listing of the directories in the /home partition. -Note that this runs the commands in a sub-shell to make the -.Li cd -and file redirection work. -.Bd -literal -offset indent -$ sudo sh -c "cd /home ; du -s * | sort -rn > USAGE" -.Ed -.Sh DIAGNOSTICS -Error messages produced by -.Nm -include: -.Bl -tag -width 4n -.It Li editing files in a writable directory is not permitted -By default, -.Nm sudoedit -does not permit editing a file when any of the parent directories are writable -by the invoking user. -This avoids a race condition that could allow the user to overwrite -an arbitrary file. -See the -.Em sudoedit_checkdir -option in -.Xr sudoers @mansectform@ -for more information. -.It Li editing symbolic links is not permitted -By default, -.Nm sudoedit -does not follow symbolic links when opening files. -See the -.Em sudoedit_follow -option in -.Xr sudoers @mansectform@ -for more information. -.It Li effective uid is not 0, is sudo installed setuid root? -.Nm -was not run with root privileges. -The -.Nm -binary must be owned by the root user and have the set-user-ID bit set. -Also, it must not be located on a file system mounted with the -.Sq nosuid -option or on an NFS file system that maps uid 0 to an unprivileged uid. -.It Li effective uid is not 0, is sudo on a file system with the 'nosuid' option set or an NFS file system without root privileges? -.Nm -was not run with root privileges. -The -.Nm -binary has the proper owner and permissions but it still did not run -with root privileges. -The most common reason for this is that the file system the -.Nm -binary is located on is mounted with the -.Sq nosuid -option or it is an NFS file system that maps uid 0 to an unprivileged uid. -.It Li fatal error, unable to load plugins -An error occurred while loading or initializing the plugins specified in -.Xr sudo.conf @mansectform@ . -.It Li invalid environment variable name -One or more environment variable names specified via the -.Fl E -option contained an equal sign -.Pq Ql = . -The arguments to the -.Fl E -option should be environment variable names without an associated value. -.It Li no password was provided -When -.Nm -tried to read the password, it did not receive any characters. -This may happen if no terminal is available (or the -.Fl S -option is specified) and the standard input has been redirected from -.Pa /dev/null . -.It Li a terminal is required to read the password -.Nm -needs to read the password but there is no mechanism available for it -to do so. -A terminal is not present to read the password from, -.Nm -has not been configured to read from the standard input, -the -.Fl S -option was not used, and no askpass helper has been specified either via the -.Xr sudo.conf @mansectform@ -file or the -.Ev SUDO_ASKPASS -environment variable. -.It Li no writable temporary directory found -.Nm sudoedit -was unable to find a usable temporary directory in which to store its -intermediate files. -.It Li sudo must be owned by uid 0 and have the setuid bit set -.Nm -was not run with root privileges. -The -.Nm -binary does not have the correct owner or permissions. -It must be owned by the root user and have the set-user-ID bit set. -.It Li sudoedit is not supported on this platform -It is only possible to run -.Nm sudoedit -on systems that support setting the effective user-ID. -.It Li timed out reading password -The user did not enter a password before the password timeout -(5 minutes by default) expired. -.It Li you do not exist in the passwd database -Your user-ID does not appear in the system passwd database. -.It Li you may not specify environment variables in edit mode -It is only possible to specify environment variables when running -a command. -When editing a file, the editor is run with the user's environment unmodified. -.El -.Sh SEE ALSO -.Xr su 1 , -.Xr stat 2 , -.Xr login_cap 3 , -.Xr passwd @mansectform@ , -.Xr sudo.conf @mansectform@ , -.Xr sudo_plugin @mansectform@ , -.Xr sudoers @mansectform@ , -.Xr sudoers_timestamp @mansectform@ , -.Xr sudoreplay @mansectsu@ , -.Xr visudo @mansectsu@ -.Sh HISTORY -See the HISTORY file in the -.Nm -distribution (https://www.sudo.ws/history.html) for a brief -history of sudo. -.Sh AUTHORS -Many people have worked on -.Nm -over the years; this version consists of code written primarily by: -.Bd -ragged -offset indent -.An Todd C. Miller -.Ed -.Pp -See the CONTRIBUTORS file in the -.Nm -distribution (https://www.sudo.ws/contributors.html) for an -exhaustive list of people who have contributed to -.Nm . -.Sh CAVEATS -There is no easy way to prevent a user from gaining a root shell -if that user is allowed to run arbitrary commands via -.Nm . -Also, many programs (such as editors) allow the user to run commands -via shell escapes, thus avoiding -.Nm sudo Ns 's -checks. -However, on most systems it is possible to prevent shell escapes with the -.Xr sudoers @mansectform@ -plugin's -.Em noexec -functionality. -.Pp -It is not meaningful to run the -.Li cd -command directly via sudo, e.g., -.Bd -literal -offset indent -$ sudo cd /usr/local/protected -.Ed -.Pp -since when the command exits the parent process (your shell) will -still be the same. -Please see the -.Sx EXAMPLES -section for more information. -.Pp -Running shell scripts via -.Nm -can expose the same kernel bugs that make set-user-ID shell scripts -unsafe on some operating systems (if your OS has a /dev/fd/ directory, -set-user-ID shell scripts are generally safe). -.Sh BUGS -If you feel you have found a bug in -.Nm , -please submit a bug report at https://bugzilla.sudo.ws/ -.Sh SUPPORT -Limited free support is available via the sudo-users mailing list, -see https://www.sudo.ws/mailman/listinfo/sudo-users to subscribe or -search the archives. -.Sh DISCLAIMER -.Nm -is provided -.Dq AS IS -and any express or implied warranties, including, but not limited -to, the implied warranties of merchantability and fitness for a -particular purpose are disclaimed. -See the LICENSE file distributed with -.Nm -or https://www.sudo.ws/license.html for complete details. diff -Nru sudo-1.9.5p2/doc/sudo_logsrv.proto.man.in sudo-1.9.9/doc/sudo_logsrv.proto.man.in --- sudo-1.9.5p2/doc/sudo_logsrv.proto.man.in 2020-12-17 01:33:43.000000000 +0000 +++ sudo-1.9.9/doc/sudo_logsrv.proto.man.in 1970-01-01 00:00:00.000000000 +0000 @@ -1,899 +0,0 @@ -.\" Automatically generated from an mdoc input file. Do not edit. -.\" -.\" SPDX-License-Identifier: ISC -.\" -.\" Copyright (c) 2019-2020 Todd C. Miller -.\" -.\" Permission to use, copy, modify, and distribute this software for any -.\" purpose with or without fee is hereby granted, provided that the above -.\" copyright notice and this permission notice appear in all copies. -.\" -.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES -.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF -.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR -.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES -.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN -.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF -.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. -.\" -.TH "SUDO_LOGSRV.PROTO" "@mansectform@" "November 6, 2020" "Sudo @PACKAGE_VERSION@" "File Formats Manual" -.nh -.if n .ad l -.SH "NAME" -\fBsudo_logsrv.proto\fR -\- Sudo log server protocol -.SH "DESCRIPTION" -Starting with version 1.9.0, -\fBsudo\fR -supports sending event and I/O logs to a log server. -The protocol used is written in Google's Protocol Buffers domain -specific language. -The -\fIEXAMPLES\fR -section includes a complete description of the protocol in Protocol -Buffers format. -.PP -Because there is no way to determine message boundaries when using -Protocol Buffers, the wire size of each message is sent immediately -preceding the message itself as a 32-bit unsigned integer in network -byte order. -This is referred to as -\(lqlength-prefix framing\(rq -and is how Google suggests handling the lack of message delimiters. -.PP -The protocol is made up of two basic messages, -\fIClientMessage\fR -and -\fIServerMessage\fR, -described below. -The server must accept messages up to two megabytes in size. -The server may return an error if the client tries to send a message -larger than two megabytes. -.SH "Client Messages" -A -\fIClientMessage\fR -is a container used to encapsulate all the possible message types -a client may send to the server. -.nf -.sp -.RS 0n -message ClientMessage { - oneof type { - AcceptMessage accept_msg = 1; - RejectMessage reject_msg = 2; - ExitMessage exit_msg = 3; - RestartMessage restart_msg = 4; - AlertMessage alert_msg = 5; - IoBuffer ttyin_buf = 6; - IoBuffer ttyout_buf = 7; - IoBuffer stdin_buf = 8; - IoBuffer stdout_buf = 9; - IoBuffer stderr_buf = 10; - ChangeWindowSize winsize_event = 11; - CommandSuspend suspend_event = 12; - ClientHello hello_msg = 13; - } -} -.RE -.fi -.PP -The different -\fIClientMessage\fR -sub-messages the client may sent to the server are described below. -.SS "TimeSpec" -.nf -.RS 0n -message TimeSpec { - int64 tv_sec = 1; - int32 tv_nsec = 2; -} -.RE -.fi -.PP -A -\fITimeSpec\fR -is the equivalent of a POSIX -\fRstruct timespec\fR, -containing seconds and nanoseconds members. -The -\fItv_sec\fR -member is a 64-bit integer to support dates after the year 2038. -.SS "InfoMessage" -.nf -.RS 0n -message InfoMessage { - message StringList { - repeated string strings = 1; - } - message NumberList { - repeated int64 numbers = 1; - } - string key = 1; - oneof value { - int64 numval = 2; - string strval = 3; - StringList strlistval = 4; - NumberList numlistval = 5; - } -} -.RE -.fi -.PP -An -\fIInfoMessage\fR -is used to represent information about the invoking user as well as the -execution environment the command runs in the form of key-value pairs. -The key is always a string but the value may be a 64-bit integer, -a string, an array of strings or an array of 64-bit integers. -The event log data is composed of -\fIInfoMessage\fR -entries. -See the -\fIEVENT LOG VARIABLES\fR -section for more information. -.SS "ClientHello hello_msg" -.nf -.RS 0n -message ClientHello { - string client_id = 1; -} -.RE -.fi -.PP -A -\fIClientHello\fR -message consists of client information that may be sent to the -server when the client first connects. -.TP 8n -client_id -A free-form client description. -This usually includes the name and version of the client implementation. -.SS "AcceptMessage accept_msg" -.nf -.RS 0n -message AcceptMessage { - TimeSpec submit_time = 1; - repeated InfoMessage info_msgs = 2; - bool expect_iobufs = 3; -} -.RE -.fi -.PP -An -\fIAcceptMessage\fR -is sent by the client when a command is allowed by the security policy. -It contains the following members: -.TP 8n -submit_time -The wall clock time when the command was submitted to the security policy. -.TP 8n -info_msgs -An array of -\fIInfoMessage\fR -describing the user who submitted the command as well as the execution -environment of the command. -This information is used to generate an event log entry and may also be -used by server to determine where and how the I/O log is stored. -.TP 8n -expect_iobufs -Set to true if the server should expect -\fIIoBuffer\fR -messages to follow (for I/O logging) or false if the server should only -store the event log. -.PP -If an -\fIAcceptMessage\fR -is sent, the client must not send a -\fIRejectMessage\fR -or -\fIRestartMessage\fR. -.SS "RejectMessage reject_msg" -.nf -.RS 0n -message RejectMessage { - TimeSpec submit_time = 1; - string reason = 2; - repeated InfoMessage info_msgs = 3; -} -.RE -.fi -.PP -A -\fIRejectMessage\fR -is sent by the client when a command is denied by the security policy. -It contains the following members: -.TP 8n -submit_time -The wall clock time when the command was submitted to the security policy. -.TP 8n -reason -The reason the security policy gave for denying the command. -.TP 8n -info_msgs -An array of -\fIInfoMessage\fR -describing the user who submitted the command as well as the execution -environment of the command. -This information is used to generate an event log entry. -.PP -If a -\fIRejectMessage\fR -is sent, the client must not send an -\fIAcceptMessage\fR -or -\fIRestartMessage\fR. -.SS "ExitMessage exit_msg" -.nf -.RS 0n -message ExitMessage { - TimeSpec run_time = 1; - int32 exit_value = 2; - bool dumped_core = 3; - string signal = 4; - string error = 5; -} -.PP -.RE -.fi -An -\fIExitMessage\fR -is sent by the client after the command has exited or has been -terminated by a signal. -It contains the following members: -.TP 8n -run_time -The total amount of elapsed time since the command started, -calculated using a monotonic clock where possible. -This is not the wall clock time. -.TP 8n -exit_value -The command's exit value in the range 0-255. -.TP 8n -dumped_core -True if the command was terminated by a signal and dumped core. -.TP 8n -signal -If the command was terminated by a signal, this is set to the -name of the signal without the leading -\(lqSIG\(rq. -For example, -\fRINT\fR, -\fRTERM\fR, -\fRKILL\fR, -\fRSEGV\fR. -.TP 8n -error -A message from the client indicating that the command was terminated -unexpectedly due to an error. -.PP -When performing I/O logging, the client should wait for a -\fIcommit_point\fR -corresponding to the final -\fIIoBuffer\fR -before closing the connection unless the final -\fIcommit_point\fR -has already been received. -.SS "RestartMessage restart_msg" -.nf -.RS 0n -message RestartMessage { - string log_id = 1; - TimeSpec resume_point = 2; -} -.RE -.fi -.PP -A -\fIRestartMessage\fR -is sent by the client to resume sending an existing I/O log that -was previously interrupted. -It contains the following members: -.TP 8n -log_id -The the server-side name for an I/O log that was previously -sent to the client by the server. -This may be a path name on the server or some other kind of server-side -identifier. -.TP 8n -resume_point -The point in time after which to resume the I/O log. -This is in the form of a -\fITimeSpec\fR -representing the amount of time since the command started, not -the wall clock time. -The -\fIresume_point\fR -should correspond to a -\fIcommit_point\fR -previously sent to the client by the server. -If the server receives a -\fIRestartMessage\fR -containing a -\fIresume_point\fR -it has not previously seen, an error will be returned to the client -and the connection will be dropped. -.PP -If a -\fIRestartMessage\fR -is sent, the client must not send an -\fIAcceptMessage\fR -or -\fIRejectMessage\fR. -.SS "AlertMessage alert_msg" -.nf -.RS 0n -message AlertMessage { - TimeSpec alert_time = 1; - string reason = 2; - repeated InfoMessage info_msgs = 3; -} -.RE -.fi -.PP -An -\fIAlertMessage\fR -is sent by the client to indicate a problem detected by the security -policy while the command is running that should be stored in the event log. -It contains the following members: -.TP 8n -alert_time -The wall clock time when the alert occurred. -.TP 8n -reason -The reason for the alert. -.TP 8n -info_msgs -An optional array of -\fIInfoMessage\fR -describing the user who submitted the command as well as the execution -environment of the command. -This information is used to generate an event log entry. -.SS "IoBuffer ttyin_buf | ttyout_buf | stdin_buf | stdout_buf | stderr_buf" -.nf -.RS 0n -message IoBuffer { - TimeSpec delay = 1; - bytes data = 2; -} -.RE -.fi -.PP -An -\fIIoBuffer\fR -is used to represent data from terminal input, terminal -output, standard input, standard output or standard error. -It contains the following members: -.TP 8n -delay -The elapsed time since the last record in the form of a -\fITimeSpec\fR. -The -\fIdelay\fR -should be calculated using a monotonic clock where possible. -.TP 8n -data -The binary I/O log data from terminal input, terminal output, -standard input, standard output or standard error. -.SS "ChangeWindowSize winsize_event" -.nf -.RS 0n -message ChangeWindowSize { - TimeSpec delay = 1; - int32 rows = 2; - int32 cols = 3; -} -.RE -.fi -.PP -A -\fIChangeWindowSize\fR -message is sent by the client when the terminal running the command -changes size. -It contains the following members: -.TP 8n -delay -The elapsed time since the last record in the form of a -\fITimeSpec\fR. -The -\fIdelay\fR -should be calculated using a monotonic clock where possible. -.TP 8n -rows -The new number of terminal rows. -.TP 8n -cols -The new number of terminal columns. -.SS "CommandSuspend suspend_event" -.nf -.RS 0n -message CommandSuspend { - TimeSpec delay = 1; - string signal = 2; -} -.RE -.fi -.PP -A -\fICommandSuspend\fR -message is sent by the client when the command is either suspended -or resumed. -It contains the following members: -.TP 8n -delay -The elapsed time since the last record in the form of a -\fITimeSpec\fR. -The -\fIdelay\fR -should be calculated using a monotonic clock where possible. -.TP 8n -signal -The signal name without the leading -\(lqSIG\(rq. -For example, -\fRSTOP\fR, -\fRTSTP\fR, -\fRCONT\fR. -.SH "Server Messages" -A -\fIServerMessage\fR -is a container used to encapsulate all the possible message types -the server may send to a client. -.nf -.sp -.RS 0n -message ServerMessage { - oneof type { - ServerHello hello = 1; - TimeSpec commit_point = 2; - string log_id = 3; - string error = 4; - string abort = 5; - } -} -.RE -.fi -.PP -The different -\fIServerMessage\fR -sub-messages the server may sent to the client are described below. -.SS "ServerHello hello" -.nf -.RS 0n -message ServerHello { - string server_id = 1; - string redirect = 2; - repeated string servers = 3; -} -.RE -.fi -.PP -The -\fIServerHello\fR -message consists of server information sent when the client first connects. -It contains the following members: -.TP 8n -server_id -A free-form server description. -Usually this includes the name and version of the implementation -running on the log server. -This member is always present. -.TP 8n -redirect -A host and port separated by a colon -(\(oq\(cq): -that the client should connect to instead. -The host may be a host name, an IPv4 address, or an IPv6 address -in square brackets. -This may be used for server load balancing. -The server will disconnect after sending the -\fIServerHello\fR -when it includes a -\fBredirect\fR. -.TP 8n -servers -.br -A list of other known log servers. -This can be used to implement log server redundancy and allows the -client to discover all other log servers simply by connecting to -one known server. -This member may be omitted when there is only a single log server. -.SS "TimeSpec commit_point" -A periodic time stamp sent by the server to indicate when I/O log -buffers have been committed to storage. -This message is not sent after every -\fIIoBuffer\fR -but rather at a server-configurable interval. -When the server receives an -\fIExitMessage\fR, -it will respond with a -\fIcommit_point\fR -corresponding to the last received -\fIIoBuffer\fR -before closing the connection. -.SS "string log_id" -The server-side ID of the I/O log being stored, sent in response -to an -\fIAcceptMessage\fR -where -\fIexpect_iobufs\fR -is true. -.SS "string error" -A fatal server-side error. -The server will close the connection after sending the -\fIerror\fR -message. -.SS "string abort" -An -\fIabort\fR -message from the server indicates that the client should kill the -command and terminate the session. -It may be used to implement simple server-side policy. -The server will close the connection after sending the -\fIabort\fR -message. -.SH "Protocol flow of control" -The expected protocol flow is as follows: -.TP 5n -1.\& -Client connects to the first available server. -If the client is configured to use TLS, a TLS handshake will be -attempted. -.TP 5n -2.\& -Client sends -\fIClientHello\fR. -This is currently optional but allows the server to detect a -non-TLS connection on the TLS port. -.TP 5n -3.\& -Server sends -\fIServerHello\fR. -.TP 5n -4.\& -Client responds with either -\fIAcceptMessage\fR, -\fIRejectMessage\fR, -or -\fIRestartMessage\fR. -.TP 5n -5.\& -If client sent a -\fIAcceptMessage\fR -with -\fIexpect_iobufs\fR -set, server creates a new I/O log and responds with a -\fIlog_id\fR. -.TP 5n -6.\& -Client sends zero or more -\fIIoBuffer\fR -messages. -.TP 5n -7.\& -Server periodically responds to -\fIIoBuffer\fR -messages with a -\fIcommit_point\fR. -.TP 5n -8.\& -Client sends an -\fIExitMessage\fR -when the command exits or is killed. -.TP 5n -9.\& -Server sends the final -\fIcommit_point\fR -if one is pending. -.TP 5n -10.\& -Server closes the connection. -After receiving the final -\fIcommit_point\fR, -the client shuts down its side of the TLS connection if TLS -is in use, and closes the connection. -.TP 5n -11.\& -Server shuts down its side of the TLS connection if TLS is in use, -and closes the connection. -.PP -At any point, the server may send an -\fIerror\fR -or -\fIabort\fR -message to the client at which point the server will close the -connection. -If an -\fIabort\fR -message is received, the client should terminate the running command. -.SH "EVENT LOG VARIABLES" -\fIAcceptMessage\fR, -\fIAlertMessage\fR -and -\fIRejectMessage\fR -classes contain an array of -\fIInfoMessage\fR -that should contain information about the user who submitted the command -as well as information about the execution environment of the command -if it was accepted. -.PP -Some variables have a -\fIclient\fR, -\fIrun\fR, -or -\fIsubmit\fR -prefix. -These prefixes are used to eliminate ambiguity for variables that -could apply to the client program, the user submitting the command, -or the command being run. -Variables with a -\fIclient\fR -prefix pertain to the program performing the connection to the log -server, for example -\fBsudo\fR. -Variables with a -\fIrun\fR -prefix pertain to the command that the user requested be run. -Variables with a -\fIsubmit\fR -prefix pertain to the user submitting the request -(the user running \fBsudo\fR). -.PP -The following -\fIInfoMessage\fR -entries are required: -.TS -l l l. -.PP -\fBKey\fR \fBType\fR \fBDescription\fR -.PP -command string command that was submitted -.PP -runuser string name of user the command was run as -.PP -submithost string name of host the command was submitted on -.PP -submituser string name of user submitting the command -.TE -.PP -The following -\fIInfoMessage\fR -entries are recognized, but not required: -.TS -l l l. -.PP -\fBKey\fR \fBType\fR \fBDescription\fR -.PP -clientargv StringList client's original argument vector -.PP -clientpid int64 client's process ID -.PP -clientppid int64 client's parent process ID -.PP -clientsid int64 client's terminal session ID -.PP -columns int64 number of columns in the terminal -.PP -lines int64 number of lines in the terminal -.PP -runargv StringList argument vector of command to run -.PP -runchroot string root directory of command to run -.PP -runcwd string running command's working directory -.PP -runenv StringList the running command's environment -.PP -rungid int64 primary group-ID of the command -.PP -rungids NumberList supplementary group-IDs for the command -.PP -rungroup string primary group name of the command -.PP -rungroups StringList supplementary group names for the command -.PP -runuid int64 run user's user-ID -.PP -submitcwd string submit user's current working directory -.PP -submitenv StringList the submit user's environment -.PP -submitgid int64 submit user's primary group-ID -.PP -submitgids NumberList submit user's supplementary group-IDs -.PP -submitgroup string submitting user's primary group name -.PP -submitgroups StringList submit user's supplementary group names -.PP -submituid int64 submit user's user-ID -.PP -ttyname string the terminal the command was submitted from -.TE -.PP -The server must accept other variables not listed above but may -ignore them. -.SH "EXAMPLES" -The Protocol Buffers description of the log server protocol is included -in full below. -Note that this uses the newer -\(lqproto3\(rq -syntax. -.nf -.sp -.RS 0n -syntax = "proto3"; - -/* - * Client message to the server. Messages on the wire are - * prefixed with a 32-bit size in network byte order. - */ -message ClientMessage { - oneof type { - AcceptMessage accept_msg = 1; - RejectMessage reject_msg = 2; - ExitMessage exit_msg = 3; - RestartMessage restart_msg = 4; - AlertMessage alert_msg = 5; - IoBuffer ttyin_buf = 6; - IoBuffer ttyout_buf = 7; - IoBuffer stdin_buf = 8; - IoBuffer stdout_buf = 9; - IoBuffer stderr_buf = 10; - ChangeWindowSize winsize_event = 11; - CommandSuspend suspend_event = 12; - } -} - -/* Equivalent of POSIX struct timespec */ -message TimeSpec { - int64 tv_sec = 1; /* seconds */ - int32 tv_nsec = 2; /* nanoseconds */ -} - -/* I/O buffer with keystroke data */ -message IoBuffer { - TimeSpec delay = 1; /* elapsed time since last record */ - bytes data = 2; /* keystroke data */ -} - -/* - * Key/value pairs, like Privilege Manager struct info. - * The value may be a number, a string, or a list of strings. - */ -message InfoMessage { - message StringList { - repeated string strings = 1; - } - message NumberList { - repeated int64 numbers = 1; - } - string key = 1; - oneof value { - int64 numval = 2; - string strval = 3; - StringList strlistval = 4; - NumberList numlistval = 5; - } -} - -/* - * Event log data for command accepted by the policy. - */ -message AcceptMessage { - TimeSpec submit_time = 1; /* when command was submitted */ - repeated InfoMessage info_msgs = 2; /* key,value event log data */ - bool expect_iobufs = 3; /* true if I/O logging enabled */ -} - -/* - * Event log data for command rejected by the policy. - */ -message RejectMessage { - TimeSpec submit_time = 1; /* when command was submitted */ - string reason = 2; /* reason command was rejected */ - repeated InfoMessage info_msgs = 3; /* key,value event log data */ -} - -/* Message sent by client when command exits. */ -/* Might revisit runtime and use end_time instead */ -message ExitMessage { - TimeSpec run_time = 1; /* total elapsed run time */ - int32 exit_value = 2; /* 0-255 */ - bool dumped_core = 3; /* true if command dumped core */ - string signal = 4; /* signal name if killed by signal */ - string error = 5; /* if killed due to other error */ -} - -/* Alert message, policy module-specific. */ -message AlertMessage { - TimeSpec alert_time = 1; /* time alert message occurred */ - string reason = 2; /* policy alert error string */ - repeated InfoMessage info_msgs = 3; /* key,value event log data */ -} - -/* Used to restart an existing I/O log on the server. */ -message RestartMessage { - string log_id = 1; /* ID of log being restarted */ - TimeSpec resume_point = 2; /* resume point (elapsed time) */ -} - -/* Window size change event. */ -message ChangeWindowSize { - TimeSpec delay = 1; /* elapsed time since last record */ - int32 rows = 2; /* new number of rows */ - int32 cols = 3; /* new number of columns */ -} - -/* Command suspend/resume event. */ -message CommandSuspend { - TimeSpec delay = 1; /* elapsed time since last record */ - string signal = 2; /* signal that caused suspend/resume */ -} - -/* - * Server messages to the client. Messages on the wire are - * prefixed with a 32-bit size in network byte order. - */ -message ServerMessage { - oneof type { - ServerHello hello = 1; /* server hello message */ - TimeSpec commit_point = 2; /* cumulative time of records stored */ - string log_id = 3; /* ID of server-side I/O log */ - string error = 4; /* error message from server */ - string abort = 5; /* abort message, kill command */ - } -} - -/* Hello message from server when client connects. */ -message ServerHello { - string server_id = 1; /* free-form server description */ - string redirect = 2; /* optional redirect if busy */ - repeated string servers = 3; /* optional list of known servers */ -} -.RE -.fi -.SH "SEE ALSO" -sudo_logsrvd.conf(@mansectform@), -sudoers(@mansectform@), -sudo(8), -sudo_logsrvd(8) -.PP -\fIProtocol Buffers\fR, -https://developers.google.com/protocol-buffers/. -.SH "HISTORY" -See the HISTORY file in the -\fBsudo\fR -distribution (https://www.sudo.ws/history.html) for a brief -history of sudo. -.SH "AUTHORS" -Many people have worked on -\fBsudo\fR -over the years; this version consists of code written primarily by: -.sp -.RS 6n -Todd C. Miller -.RE -.PP -See the CONTRIBUTORS file in the -\fBsudo\fR -distribution (https://www.sudo.ws/contributors.html) for an -exhaustive list of people who have contributed to -\fBsudo\fR. -.SH "BUGS" -If you feel you have found a bug in -\fBsudo\fR, -please submit a bug report at https://bugzilla.sudo.ws/ -.SH "SUPPORT" -Limited free support is available via the sudo-users mailing list, -see https://www.sudo.ws/mailman/listinfo/sudo-users to subscribe or -search the archives. -.SH "DISCLAIMER" -\fBsudo\fR -is provided -\(lqAS IS\(rq -and any express or implied warranties, including, but not limited -to, the implied warranties of merchantability and fitness for a -particular purpose are disclaimed. -See the LICENSE file distributed with -\fBsudo\fR -or https://www.sudo.ws/license.html for complete details. diff -Nru sudo-1.9.5p2/doc/sudo_logsrv.proto.mdoc.in sudo-1.9.9/doc/sudo_logsrv.proto.mdoc.in --- sudo-1.9.5p2/doc/sudo_logsrv.proto.mdoc.in 2020-12-17 01:33:43.000000000 +0000 +++ sudo-1.9.9/doc/sudo_logsrv.proto.mdoc.in 1970-01-01 00:00:00.000000000 +0000 @@ -1,817 +0,0 @@ -.\" -.\" SPDX-License-Identifier: ISC -.\" -.\" Copyright (c) 2019-2020 Todd C. Miller -.\" -.\" Permission to use, copy, modify, and distribute this software for any -.\" purpose with or without fee is hereby granted, provided that the above -.\" copyright notice and this permission notice appear in all copies. -.\" -.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES -.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF -.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR -.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES -.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN -.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF -.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. -.\" -.Dd November 6, 2020 -.Dt SUDO_LOGSRV.PROTO @mansectform@ -.Os Sudo @PACKAGE_VERSION@ -.Sh NAME -.Nm sudo_logsrv.proto -.Nd Sudo log server protocol -.Sh DESCRIPTION -Starting with version 1.9.0, -.Nm sudo -supports sending event and I/O logs to a log server. -The protocol used is written in Google's Protocol Buffers domain -specific language. -The -.Sx EXAMPLES -section includes a complete description of the protocol in Protocol -Buffers format. -.Pp -Because there is no way to determine message boundaries when using -Protocol Buffers, the wire size of each message is sent immediately -preceding the message itself as a 32-bit unsigned integer in network -byte order. -This is referred to as -.Dq length-prefix framing -and is how Google suggests handling the lack of message delimiters. -.Pp -The protocol is made up of two basic messages, -.Em ClientMessage -and -.Em ServerMessage , -described below. -The server must accept messages up to two megabytes in size. -The server may return an error if the client tries to send a message -larger than two megabytes. -.Sh Client Messages -A -.Em ClientMessage -is a container used to encapsulate all the possible message types -a client may send to the server. -.Bd -literal -message ClientMessage { - oneof type { - AcceptMessage accept_msg = 1; - RejectMessage reject_msg = 2; - ExitMessage exit_msg = 3; - RestartMessage restart_msg = 4; - AlertMessage alert_msg = 5; - IoBuffer ttyin_buf = 6; - IoBuffer ttyout_buf = 7; - IoBuffer stdin_buf = 8; - IoBuffer stdout_buf = 9; - IoBuffer stderr_buf = 10; - ChangeWindowSize winsize_event = 11; - CommandSuspend suspend_event = 12; - ClientHello hello_msg = 13; - } -} -.Ed -.Pp -The different -.Em ClientMessage -sub-messages the client may sent to the server are described below. -.Ss TimeSpec -.Bd -literal -message TimeSpec { - int64 tv_sec = 1; - int32 tv_nsec = 2; -} -.Ed -.Pp -A -.Em TimeSpec -is the equivalent of a POSIX -.Li struct timespec , -containing seconds and nanoseconds members. -The -.Em tv_sec -member is a 64-bit integer to support dates after the year 2038. -.Ss InfoMessage -.Bd -literal -message InfoMessage { - message StringList { - repeated string strings = 1; - } - message NumberList { - repeated int64 numbers = 1; - } - string key = 1; - oneof value { - int64 numval = 2; - string strval = 3; - StringList strlistval = 4; - NumberList numlistval = 5; - } -} -.Ed -.Pp -An -.Em InfoMessage -is used to represent information about the invoking user as well as the -execution environment the command runs in the form of key-value pairs. -The key is always a string but the value may be a 64-bit integer, -a string, an array of strings or an array of 64-bit integers. -The event log data is composed of -.Em InfoMessage -entries. -See the -.Sx EVENT LOG VARIABLES -section for more information. -.Ss ClientHello hello_msg -.Bd -literal -message ClientHello { - string client_id = 1; -} -.Ed -.Pp -A -.Em ClientHello -message consists of client information that may be sent to the -server when the client first connects. -.Bl -tag -width Ds -.It client_id -A free-form client description. -This usually includes the name and version of the client implementation. -.El -.Ss AcceptMessage accept_msg -.Bd -literal -message AcceptMessage { - TimeSpec submit_time = 1; - repeated InfoMessage info_msgs = 2; - bool expect_iobufs = 3; -} -.Ed -.Pp -An -.Em AcceptMessage -is sent by the client when a command is allowed by the security policy. -It contains the following members: -.Bl -tag -width Ds -.It submit_time -The wall clock time when the command was submitted to the security policy. -.It info_msgs -An array of -.Em InfoMessage -describing the user who submitted the command as well as the execution -environment of the command. -This information is used to generate an event log entry and may also be -used by server to determine where and how the I/O log is stored. -.It expect_iobufs -Set to true if the server should expect -.Em IoBuffer -messages to follow (for I/O logging) or false if the server should only -store the event log. -.El -.Pp -If an -.Em AcceptMessage -is sent, the client must not send a -.Em RejectMessage -or -.Em RestartMessage . -.Ss RejectMessage reject_msg -.Bd -literal -message RejectMessage { - TimeSpec submit_time = 1; - string reason = 2; - repeated InfoMessage info_msgs = 3; -} -.Ed -.Pp -A -.Em RejectMessage -is sent by the client when a command is denied by the security policy. -It contains the following members: -.Bl -tag -width Ds -.It submit_time -The wall clock time when the command was submitted to the security policy. -.It reason -The reason the security policy gave for denying the command. -.It info_msgs -An array of -.Em InfoMessage -describing the user who submitted the command as well as the execution -environment of the command. -This information is used to generate an event log entry. -.El -.Pp -If a -.Em RejectMessage -is sent, the client must not send an -.Em AcceptMessage -or -.Em RestartMessage . -.Ss ExitMessage exit_msg -.Bd -literal -message ExitMessage { - TimeSpec run_time = 1; - int32 exit_value = 2; - bool dumped_core = 3; - string signal = 4; - string error = 5; -} -.Pp -.Ed -An -.Em ExitMessage -is sent by the client after the command has exited or has been -terminated by a signal. -It contains the following members: -.Bl -tag -width Ds -.It run_time -The total amount of elapsed time since the command started, -calculated using a monotonic clock where possible. -This is not the wall clock time. -.It exit_value -The command's exit value in the range 0-255. -.It dumped_core -True if the command was terminated by a signal and dumped core. -.It signal -If the command was terminated by a signal, this is set to the -name of the signal without the leading -.Dq SIG . -For example, -.Li INT , -.Li TERM , -.Li KILL , -.Li SEGV . -.It error -A message from the client indicating that the command was terminated -unexpectedly due to an error. -.El -.Pp -When performing I/O logging, the client should wait for a -.Em commit_point -corresponding to the final -.Em IoBuffer -before closing the connection unless the final -.Em commit_point -has already been received. -.Ss RestartMessage restart_msg -.Bd -literal -message RestartMessage { - string log_id = 1; - TimeSpec resume_point = 2; -} -.Ed -.Pp -A -.Em RestartMessage -is sent by the client to resume sending an existing I/O log that -was previously interrupted. -It contains the following members: -.Bl -tag -width Ds -.It log_id -The the server-side name for an I/O log that was previously -sent to the client by the server. -This may be a path name on the server or some other kind of server-side -identifier. -.It resume_point -The point in time after which to resume the I/O log. -This is in the form of a -.Em TimeSpec -representing the amount of time since the command started, not -the wall clock time. -The -.Em resume_point -should correspond to a -.Em commit_point -previously sent to the client by the server. -If the server receives a -.Em RestartMessage -containing a -.Em resume_point -it has not previously seen, an error will be returned to the client -and the connection will be dropped. -.El -.Pp -If a -.Em RestartMessage -is sent, the client must not send an -.Em AcceptMessage -or -.Em RejectMessage . -.Ss AlertMessage alert_msg -.Bd -literal -message AlertMessage { - TimeSpec alert_time = 1; - string reason = 2; - repeated InfoMessage info_msgs = 3; -} -.Ed -.Pp -An -.Em AlertMessage -is sent by the client to indicate a problem detected by the security -policy while the command is running that should be stored in the event log. -It contains the following members: -.Bl -tag -width Ds -.It alert_time -The wall clock time when the alert occurred. -.It reason -The reason for the alert. -.It info_msgs -An optional array of -.Em InfoMessage -describing the user who submitted the command as well as the execution -environment of the command. -This information is used to generate an event log entry. -.El -.Ss IoBuffer ttyin_buf | ttyout_buf | stdin_buf | stdout_buf | stderr_buf -.Bd -literal -message IoBuffer { - TimeSpec delay = 1; - bytes data = 2; -} -.Ed -.Pp -An -.Em IoBuffer -is used to represent data from terminal input, terminal -output, standard input, standard output or standard error. -It contains the following members: -.Bl -tag -width Ds -.It delay -The elapsed time since the last record in the form of a -.Em TimeSpec . -The -.Em delay -should be calculated using a monotonic clock where possible. -.It data -The binary I/O log data from terminal input, terminal output, -standard input, standard output or standard error. -.El -.Ss ChangeWindowSize winsize_event -.Bd -literal -message ChangeWindowSize { - TimeSpec delay = 1; - int32 rows = 2; - int32 cols = 3; -} -.Ed -.Pp -A -.Em ChangeWindowSize -message is sent by the client when the terminal running the command -changes size. -It contains the following members: -.Bl -tag -width Ds -.It delay -The elapsed time since the last record in the form of a -.Em TimeSpec . -The -.Em delay -should be calculated using a monotonic clock where possible. -.It rows -The new number of terminal rows. -.It cols -The new number of terminal columns. -.El -.Ss CommandSuspend suspend_event -.Bd -literal -message CommandSuspend { - TimeSpec delay = 1; - string signal = 2; -} -.Ed -.Pp -A -.Em CommandSuspend -message is sent by the client when the command is either suspended -or resumed. -It contains the following members: -.Bl -tag -width Ds -.It delay -The elapsed time since the last record in the form of a -.Em TimeSpec . -The -.Em delay -should be calculated using a monotonic clock where possible. -.It signal -The signal name without the leading -.Dq SIG . -For example, -.Li STOP , -.Li TSTP , -.Li CONT . -.El -.Sh Server Messages -A -.Em ServerMessage -is a container used to encapsulate all the possible message types -the server may send to a client. -.Bd -literal -message ServerMessage { - oneof type { - ServerHello hello = 1; - TimeSpec commit_point = 2; - string log_id = 3; - string error = 4; - string abort = 5; - } -} -.Ed -.Pp -The different -.Em ServerMessage -sub-messages the server may sent to the client are described below. -.Ss ServerHello hello -.Bd -literal -message ServerHello { - string server_id = 1; - string redirect = 2; - repeated string servers = 3; -} -.Ed -.Pp -The -.Em ServerHello -message consists of server information sent when the client first connects. -It contains the following members: -.Bl -tag -width Ds -.It server_id -A free-form server description. -Usually this includes the name and version of the implementation -running on the log server. -This member is always present. -.It redirect -A host and port separated by a colon -.Pq Ql : -that the client should connect to instead. -The host may be a host name, an IPv4 address, or an IPv6 address -in square brackets. -This may be used for server load balancing. -The server will disconnect after sending the -.Em ServerHello -when it includes a -.Sy redirect . -.It servers -A list of other known log servers. -This can be used to implement log server redundancy and allows the -client to discover all other log servers simply by connecting to -one known server. -This member may be omitted when there is only a single log server. -.El -.Ss TimeSpec commit_point -A periodic time stamp sent by the server to indicate when I/O log -buffers have been committed to storage. -This message is not sent after every -.Em IoBuffer -but rather at a server-configurable interval. -When the server receives an -.Em ExitMessage , -it will respond with a -.Em commit_point -corresponding to the last received -.Em IoBuffer -before closing the connection. -.Ss string log_id -The server-side ID of the I/O log being stored, sent in response -to an -.Em AcceptMessage -where -.Em expect_iobufs -is true. -.Ss string error -A fatal server-side error. -The server will close the connection after sending the -.Em error -message. -.Ss string abort -An -.Em abort -message from the server indicates that the client should kill the -command and terminate the session. -It may be used to implement simple server-side policy. -The server will close the connection after sending the -.Em abort -message. -.Sh Protocol flow of control -The expected protocol flow is as follows: -.Bl -enum -.It -Client connects to the first available server. -If the client is configured to use TLS, a TLS handshake will be -attempted. -.It -Client sends -.Em ClientHello . -This is currently optional but allows the server to detect a -non-TLS connection on the TLS port. -.It -Server sends -.Em ServerHello . -.It -Client responds with either -.Em AcceptMessage , -.Em RejectMessage , -or -.Em RestartMessage . -.It -If client sent a -.Em AcceptMessage -with -.Em expect_iobufs -set, server creates a new I/O log and responds with a -.Em log_id . -.It -Client sends zero or more -.Em IoBuffer -messages. -.It -Server periodically responds to -.Em IoBuffer -messages with a -.Em commit_point . -.It -Client sends an -.Em ExitMessage -when the command exits or is killed. -.It -Server sends the final -.Em commit_point -if one is pending. -.It -Server closes the connection. -After receiving the final -.Em commit_point , -the client shuts down its side of the TLS connection if TLS -is in use, and closes the connection. -.It -Server shuts down its side of the TLS connection if TLS is in use, -and closes the connection. -.El -.Pp -At any point, the server may send an -.Em error -or -.Em abort -message to the client at which point the server will close the -connection. -If an -.Em abort -message is received, the client should terminate the running command. -.Sh EVENT LOG VARIABLES -.Em AcceptMessage , -.Em AlertMessage -and -.Em RejectMessage -classes contain an array of -.Em InfoMessage -that should contain information about the user who submitted the command -as well as information about the execution environment of the command -if it was accepted. -.Pp -Some variables have a -.Em client , -.Em run , -or -.Em submit -prefix. -These prefixes are used to eliminate ambiguity for variables that -could apply to the client program, the user submitting the command, -or the command being run. -Variables with a -.Em client -prefix pertain to the program performing the connection to the log -server, for example -.Nm sudo . -Variables with a -.Em run -prefix pertain to the command that the user requested be run. -Variables with a -.Em submit -prefix pertain to the user submitting the request -.Pq the user running Nm sudo . -.Pp -The following -.Em InfoMessage -entries are required: -.Bl -column "submitgroup" "stringlist" "name of host the command was submitted on" -.It Sy Key Ta Sy Type Ta Sy Description -.It command Ta string Ta command that was submitted -.It runuser Ta string Ta name of user the command was run as -.It submithost Ta string Ta name of host the command was submitted on -.It submituser Ta string Ta name of user submitting the command -.El -.Pp -The following -.Em InfoMessage -entries are recognized, but not required: -.Bl -column "submitgroup" "stringlist" "name of host the command was submitted on" -.It Sy Key Ta Sy Type Ta Sy Description -.It clientargv Ta StringList Ta client's original argument vector -.It clientpid Ta int64 Ta client's process ID -.It clientppid Ta int64 Ta client's parent process ID -.It clientsid Ta int64 Ta client's terminal session ID -.It columns Ta int64 Ta number of columns in the terminal -.It lines Ta int64 Ta number of lines in the terminal -.It runargv Ta StringList Ta argument vector of command to run -.It runchroot Ta string Ta root directory of command to run -.It runcwd Ta string Ta running command's working directory -.It runenv Ta StringList Ta the running command's environment -.It rungid Ta int64 Ta primary group-ID of the command -.It rungids Ta NumberList Ta supplementary group-IDs for the command -.It rungroup Ta string Ta primary group name of the command -.It rungroups Ta StringList Ta supplementary group names for the command -.It runuid Ta int64 Ta run user's user-ID -.It submitcwd Ta string Ta submit user's current working directory -.It submitenv Ta StringList Ta the submit user's environment -.It submitgid Ta int64 Ta submit user's primary group-ID -.It submitgids Ta NumberList Ta submit user's supplementary group-IDs -.It submitgroup Ta string Ta submitting user's primary group name -.It submitgroups Ta StringList Ta submit user's supplementary group names -.It submituid Ta int64 Ta submit user's user-ID -.It ttyname Ta string Ta the terminal the command was submitted from -.El -.Pp -The server must accept other variables not listed above but may -ignore them. -.Sh EXAMPLES -The Protocol Buffers description of the log server protocol is included -in full below. -Note that this uses the newer -.Dq proto3 -syntax. -.Bd -literal -syntax = "proto3"; - -/* - * Client message to the server. Messages on the wire are - * prefixed with a 32-bit size in network byte order. - */ -message ClientMessage { - oneof type { - AcceptMessage accept_msg = 1; - RejectMessage reject_msg = 2; - ExitMessage exit_msg = 3; - RestartMessage restart_msg = 4; - AlertMessage alert_msg = 5; - IoBuffer ttyin_buf = 6; - IoBuffer ttyout_buf = 7; - IoBuffer stdin_buf = 8; - IoBuffer stdout_buf = 9; - IoBuffer stderr_buf = 10; - ChangeWindowSize winsize_event = 11; - CommandSuspend suspend_event = 12; - } -} - -/* Equivalent of POSIX struct timespec */ -message TimeSpec { - int64 tv_sec = 1; /* seconds */ - int32 tv_nsec = 2; /* nanoseconds */ -} - -/* I/O buffer with keystroke data */ -message IoBuffer { - TimeSpec delay = 1; /* elapsed time since last record */ - bytes data = 2; /* keystroke data */ -} - -/* - * Key/value pairs, like Privilege Manager struct info. - * The value may be a number, a string, or a list of strings. - */ -message InfoMessage { - message StringList { - repeated string strings = 1; - } - message NumberList { - repeated int64 numbers = 1; - } - string key = 1; - oneof value { - int64 numval = 2; - string strval = 3; - StringList strlistval = 4; - NumberList numlistval = 5; - } -} - -/* - * Event log data for command accepted by the policy. - */ -message AcceptMessage { - TimeSpec submit_time = 1; /* when command was submitted */ - repeated InfoMessage info_msgs = 2; /* key,value event log data */ - bool expect_iobufs = 3; /* true if I/O logging enabled */ -} - -/* - * Event log data for command rejected by the policy. - */ -message RejectMessage { - TimeSpec submit_time = 1; /* when command was submitted */ - string reason = 2; /* reason command was rejected */ - repeated InfoMessage info_msgs = 3; /* key,value event log data */ -} - -/* Message sent by client when command exits. */ -/* Might revisit runtime and use end_time instead */ -message ExitMessage { - TimeSpec run_time = 1; /* total elapsed run time */ - int32 exit_value = 2; /* 0-255 */ - bool dumped_core = 3; /* true if command dumped core */ - string signal = 4; /* signal name if killed by signal */ - string error = 5; /* if killed due to other error */ -} - -/* Alert message, policy module-specific. */ -message AlertMessage { - TimeSpec alert_time = 1; /* time alert message occurred */ - string reason = 2; /* policy alert error string */ - repeated InfoMessage info_msgs = 3; /* key,value event log data */ -} - -/* Used to restart an existing I/O log on the server. */ -message RestartMessage { - string log_id = 1; /* ID of log being restarted */ - TimeSpec resume_point = 2; /* resume point (elapsed time) */ -} - -/* Window size change event. */ -message ChangeWindowSize { - TimeSpec delay = 1; /* elapsed time since last record */ - int32 rows = 2; /* new number of rows */ - int32 cols = 3; /* new number of columns */ -} - -/* Command suspend/resume event. */ -message CommandSuspend { - TimeSpec delay = 1; /* elapsed time since last record */ - string signal = 2; /* signal that caused suspend/resume */ -} - -/* - * Server messages to the client. Messages on the wire are - * prefixed with a 32-bit size in network byte order. - */ -message ServerMessage { - oneof type { - ServerHello hello = 1; /* server hello message */ - TimeSpec commit_point = 2; /* cumulative time of records stored */ - string log_id = 3; /* ID of server-side I/O log */ - string error = 4; /* error message from server */ - string abort = 5; /* abort message, kill command */ - } -} - -/* Hello message from server when client connects. */ -message ServerHello { - string server_id = 1; /* free-form server description */ - string redirect = 2; /* optional redirect if busy */ - repeated string servers = 3; /* optional list of known servers */ -} -.Ed -.Sh SEE ALSO -.Xr sudo_logsrvd.conf @mansectform@ , -.Xr sudoers @mansectform@ , -.Xr sudo @mansectsu@ , -.Xr sudo_logsrvd @mansectsu@ -.Rs -.%T Protocol Buffers -.%U https://developers.google.com/protocol-buffers/ -.Re -.Sh HISTORY -See the HISTORY file in the -.Nm sudo -distribution (https://www.sudo.ws/history.html) for a brief -history of sudo. -.Sh AUTHORS -Many people have worked on -.Nm sudo -over the years; this version consists of code written primarily by: -.Bd -ragged -offset indent -.An Todd C. Miller -.Ed -.Pp -See the CONTRIBUTORS file in the -.Nm sudo -distribution (https://www.sudo.ws/contributors.html) for an -exhaustive list of people who have contributed to -.Nm sudo . -.Sh BUGS -If you feel you have found a bug in -.Nm sudo , -please submit a bug report at https://bugzilla.sudo.ws/ -.Sh SUPPORT -Limited free support is available via the sudo-users mailing list, -see https://www.sudo.ws/mailman/listinfo/sudo-users to subscribe or -search the archives. -.Sh DISCLAIMER -.Nm sudo -is provided -.Dq AS IS -and any express or implied warranties, including, but not limited -to, the implied warranties of merchantability and fitness for a -particular purpose are disclaimed. -See the LICENSE file distributed with -.Nm sudo -or https://www.sudo.ws/license.html for complete details. diff -Nru sudo-1.9.5p2/doc/sudo_logsrvd.conf.man.in sudo-1.9.9/doc/sudo_logsrvd.conf.man.in --- sudo-1.9.5p2/doc/sudo_logsrvd.conf.man.in 2020-12-17 01:33:43.000000000 +0000 +++ sudo-1.9.9/doc/sudo_logsrvd.conf.man.in 1970-01-01 00:00:00.000000000 +0000 @@ -1,769 +0,0 @@ -.\" Automatically generated from an mdoc input file. Do not edit. -.\" -.\" SPDX-License-Identifier: ISC -.\" -.\" Copyright (c) 2019-2020 Todd C. Miller -.\" -.\" Permission to use, copy, modify, and distribute this software for any -.\" purpose with or without fee is hereby granted, provided that the above -.\" copyright notice and this permission notice appear in all copies. -.\" -.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES -.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF -.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR -.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES -.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN -.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF -.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. -.\" -.TH "SUDO_LOGSRVD.CONF" "@mansectform@" "November 24, 2020" "Sudo @PACKAGE_VERSION@" "File Formats Manual" -.nh -.if n .ad l -.SH "NAME" -\fBsudo_logsrvd.conf\fR -\- configuration for sudo_logsrvd -.SH "DESCRIPTION" -The -\fBsudo_logsrvd.conf\fR -file is used to configure the -\fBsudo_logsrvd\fR -log server. -It uses an INI-style format made up of sections in square brackets and -\(lqkey = value\(rq -pairs specific to each section below the section name. -Depending on the key, values may be integers, booleans or strings. -Section and key names are not case sensitive, but values are. -.PP -The pound sign -(\(oq#\(cq) -is used to indicate a comment. -Both the comment character and any text after it, up to the end of -the line, are ignored. -Lines beginning with a semi-colon -(\(oq\&;\(cq) -are also ignored. -.PP -Long lines can be continued with a backslash -(\(oq\e\(cq) -as the last character on the line. -Note that leading white space is removed from the beginning of lines -even when the continuation character is used. -.PP -The -\fIEXAMPLES\fR -section contains a copy of the default -\fBsudo_logsrvd.conf\fR -file. -.PP -The following configuration sections are recognized: -.PP -.RS 6n -.PD 0 -.TP 4n -\fB\(bu\fR -server -.TP 4n -\fB\(bu\fR -iolog -.TP 4n -\fB\(bu\fR -eventlog -.TP 4n -\fB\(bu\fR -syslog -.TP 4n -\fB\(bu\fR -logfile -.RE -.PD -.PP -Each section is described in detail below. -.SS "server" -The -\fIserver\fR -section configures the address and port the server will listen on. -The following keys are recognized: -.TP 10n -listen_address = host[:port][(tls)] -The host name or IP address, optional port to listen on and -an optional Transport Layer Security (TLS) flag in parentheses. -.sp -The host may be a host name, an IPv4 address, an IPv6 address -in square brackets or the wild card entry -\(oq*\(cq. -A host setting of -\(oq*\(cq -will cause -\fBsudo_logsrvd\fR -to listen on all configured network interfaces. -.sp -If the optional tls flag is present, -\fBsudo_logsrvd\fR -will secure the connection with TLS version 1.2 or 1.3. -Versions of TLS prior to 1.2 are not supported. -See -sudo_logsrvd(8) -for details on generating TLS keys and certificates. -.sp -If a port is specified, it may either be a port number or a known -service name as defined by the system service name database. -If no port is specified, port 30343 will be used for plaintext -connections and port 30344 will be used for TLS connections. -.sp -The default value is: -.nf -.RS 16n -listen_address = *:30343 -listen_address = *:30344(tls) -.RE -.fi -.RS 10n -which will listen on all configured network interfaces for both -plaintext and TLS connections. -Multiple -\fIlisten_address\fR -lines may be specified to listen on more than one port or interface. -.RE -.TP 10n -pid_file = path -The path to the file containing the process ID of the running -\fBsudo_logsrvd\fR. -If set to an empty value, or if -\fBsudo_logsrvd\fR -is run with the -\fB\-n\fR -option, no -\fIpid_file\fR -will be created. -If -\fIpid_file\fR -refers to a symbolic link, it will be ignored. -The default value is -\fI@rundir@/sudo_logsrvd.pid\fR. -.TP 10n -tcp_keepalive = boolean -If true, -\fBsudo_logsrvd\fR -will enable the TCP keepalive socket option on the client connection. -This enables the periodic transmission of keepalive messages to the client. -If the client does not respond to a message, the connection will be closed. -.TP 10n -timeout = number -The amount of time, in seconds, -\fBsudo_logsrvd\fR -will wait for the client to respond. -A value of 0 will disable the timeout. -The default value is 30. -.TP 10n -tls_cacert = path -The path to a certificate authority bundle file, in PEM format, -to use instead of the system's default certificate authority database -when authenticating clients. -The default is to use -\fI/etc/ssl/sudo/cacert.pem\fR -if it exists, otherwise the system's default certificate authority -database is used. -.TP 10n -tls_cert = path -The path to the server's certificate file, in PEM format. -The default value is -\fI/etc/ssl/sudo/certs/logsrvd_cert.pem\fR. -.TP 10n -tls_checkpeer = bool -If true, client certificates will be validated by the server; -clients without a valid certificate will be unable to connect. -If false, no validation of client certificates will be performed. -It true and client certificates are created using a private certificate -authority, the -\fItls_cacert\fR -setting must be set to a CA bundle that contains the CA certificate -used to generate the client certificate. -The default value is -\fRfalse\fR. -.TP 10n -tls_ciphers_v12 = string -A list of ciphers to use for connections secured by TLS version 1.2 only, -separated by a colon -\(oq:\&\(cq. -See the -\fICIPHER LIST FORMAT\fR -section in -openssl-ciphers(1) -for full details. -The default value is -\fRHIGH:!aNULL\fR -which consists of encryption cipher suites with key lengths larger than -128 bits, and some cipher suites with 128-bit keys. -Cipher suites that offer no authentication are excluded. -.TP 10n -tls_ciphers_v13 = string -A list of ciphers to use for connections secured by TLS version 1.3 only, -separated by a colon -\(oq:\&\(cq. -Supported cipher suites depend on the version of OpenSSL used, -but should include the following: -.sp -.RS 16n -.PD 0 -.TP 10n -TLS_AES_128_GCM_SHA256 -.TP 10n -TLS_AES_256_GCM_SHA384 -.TP 10n -TLS_CHACHA20_POLY1305_SHA256 -.TP 10n -TLS_AES_128_CCM_SHA256 -.TP 10n -TLS_AES_128_CCM_8_SHA256 -.RE -.RS 10n -.sp -The default cipher suite is TLS_AES_256_GCM_SHA384. -.RE -.PD -.TP 10n -tls_dhparams = path -The path to a file containing custom Diffie-Hellman parameters in PEM format. -This file can be created with the following command: -.nf -.sp -.RS 10n -openssl dhparam -out /etc/sudo_logsrvd_dhparams.pem 2048 -.RE -.fi -.RS 10n -.sp -By default, -\fBsudo_logsrvd\fR -will use the OpenSSL defaults for Diffie-Hellman key generation. -.RE -.TP 10n -tls_key = path -The path to the server's private key file, in PEM format. -The default value is -\fI/etc/ssl/sudo/private/logsrvd_key.pem\fR. -.TP 10n -tls_verify = bool -If true, the server certificate will be verified at startup and -clients will authenticate the server by verifying its certificate -and identity. -If false, no verification is performed of the server certificate -by the server or the client. -When using self-signed certificates without a certificate authority, -this setting should be set to false. -The default value is true. -.SS "iolog" -The -\fIiolog\fR -section configures I/O log parameters. -These settings are identical to the I/O configuration in -sudoers(@mansectform@). -The following keys are recognized: -.TP 10n -iolog_compress = boolean -If set, I/O logs will be compressed using -\fBzlib\fR. -Enabling compression can make it harder to view the logs in real-time as -the program is executing due to buffering. -The default value is -\fRfalse\fR. -.TP 10n -iolog_dir = path -The top-level directory to use when constructing the path -name for the I/O log directory. -The session sequence number, if any, is stored in the directory. -The default value is -\fI@iolog_dir@\fR. -.sp -The following percent -(\(oq%\(cq) -escape sequences are supported: -.PP -.RS 10n -.PD 0 -.TP 6n -\fR%{seq}\fR -expanded to a monotonically increasing base-36 sequence number, such as 0100A5, -where every two digits are used to form a new directory, e.g., -\fI01/00/A5\fR -.PD -.TP 6n -\fR%{user}\fR -expanded to the invoking user's login name -.TP 6n -\fR%{group}\fR -expanded to the name of the invoking user's real group-ID -.TP 6n -\fR%{runas_user}\fR -expanded to the login name of the user the command will -be run as (e.g., root) -.TP 6n -\fR%{runas_group}\fR -expanded to the group name of the user the command will -be run as (e.g., wheel) -.TP 6n -\fR%{hostname}\fR -expanded to the local host name without the domain name -.TP 6n -\fR%{command}\fR -expanded to the base name of the command being run -.PP -In addition, any escape sequences supported by the system's -strftime(3) -function will be expanded. -.sp -To include a literal -\(oq%\(cq -character, the string -\(oq%%\(cq -should be used. -.RE -.TP 10n -iolog_file = path -The path name, relative to -\fIiolog_dir\fR, -in which to store I/O logs. -Note that -\fIiolog_file\fR -may contain directory components. -The default value is -\fR%{seq}\fR. -.sp -See the -\fIiolog_dir\fR -setting above for a list of supported percent -(\(oq%\(cq) -escape sequences. -.sp -In addition to the escape sequences, path names that end in six or -more -\fRX\fRs -will have the -\fRX\fRs -replaced with a unique combination of digits and letters, similar to the -mktemp(3) -function. -.sp -If the path created by concatenating -\fIiolog_dir\fR -and -\fIiolog_file\fR -already exists, the existing I/O log file will be truncated and -overwritten unless -\fIiolog_file\fR -ends in six or -more -\fRX\fRs. -.TP 10n -iolog_flush = boolean -If set, I/O log data is flushed to disk after each write instead of -buffering it. -This makes it possible to view the logs in real-time as the program is -executing but may significantly reduce the effectiveness -of I/O log compression. -The default value is -\fRtrue\fR. -.TP 10n -iolog_group = name -The group name to look up when setting the group-ID on new I/O log -files and directories. -If -\fIiolog_group\fR -is not set, -the primary group-ID of the user specified by -\fIiolog_user is used.\fR -If neither -\fIiolog_group\fR -nor -\fIiolog_user\fR -are set, I/O log files and directories are created with group-ID 0. -.TP 10n -iolog_mode = mode -The file mode to use when creating I/O log files. -Mode bits for read and write permissions for owner, group or other -are honored, everything else is ignored. -The file permissions will always include the owner read and -write bits, even if they are not present in the specified mode. -When creating I/O log directories, search (execute) bits are added -to match the read and write bits specified by -\fIiolog_mode\fR. -The default value is -\fR0600\fR. -.TP 10n -iolog_user = name -The user name to look up when setting the owner of new -I/O log files and directories. -If -\fIiolog_group\fR -is set, it will be used instead of the user's primary group-ID. -By default, I/O log files and directories are created with user and -group-ID 0. -.TP 10n -maxseq = number -The maximum sequence number that will be substituted for the -\(lq\fR%{seq}\fR\(rq -escape in the I/O log file (see the -\fIiolog_dir\fR -description above for more information). -While the value substituted for -\(lq\fR%{seq}\fR\(rq -is in base 36, -\fImaxseq\fR -itself should be expressed in decimal. -Values larger than 2176782336 (which corresponds to the -base 36 sequence number -\(lqZZZZZZ\(rq) -will be silently truncated to 2176782336. -The default value is 2176782336. -.SS "eventlog" -The -\fIeventlog\fR -section configures how (and if) security policy events are logged. -.TP 6n -log_type = string -Where to log accept, reject and alert events reported by the policy. -Supported values are -\fIsyslog\fR, -\fIlogfile\fR, -and -\fInone\fR. -The default value is -\fIsyslog\fR. -.TP 6n -log_format = string -The event log format. -Supported log formats are -\(lqsudo\(rq -for traditional sudo-style logs and -\(lqjson\(rq -for JSON-format logs. -The JSON log entries contain the full contents of the accept, reject -and alert messages. -The default value is -\fIsudo\fR. -.SS "syslog" -The -\fIsyslog\fR -section configures how events are logged via -syslog(3). -.TP 6n -facility = string -Syslog facility if syslog is being used for logging. -Defaults to -\fR@logfac@\fR. -.sp -The following syslog facilities are supported: -\fBauthpriv\fR -(if your -OS supports it), -\fBauth\fR, -\fBdaemon\fR, -\fBuser\fR, -\fBlocal0\fR, -\fBlocal1\fR, -\fBlocal2\fR, -\fBlocal3\fR, -\fBlocal4\fR, -\fBlocal5\fR, -\fBlocal6\fR, -and -\fBlocal7\fR. -.TP 6n -accept_priority = string -Syslog priority to use when the user is allowed to run a command and -authentication is successful. -Defaults to -\fR@goodpri@\fR. -.sp -The following syslog priorities are supported: -\fBalert\fR, -\fBcrit\fR, -\fBdebug\fR, -\fBemerg\fR, -\fBerr\fR, -\fBinfo\fR, -\fBnotice\fR, -\fBwarning\fR, -and -\fBnone\fR. -Setting it to a value of -\fBnone\fR -will disable logging of successful commands. -.TP 6n -reject_priority = string -Syslog priority to use when the user is not allowed to run a command or -when authentication is unsuccessful. -Defaults to -\fR@badpri@\fR. -.sp -See -\fIaccept_priority\fR -for the list of supported syslog priorities. -.TP 6n -alert_priority = string -Syslog priority to use for event log alert messages received from the client. -Defaults to -\fR@badpri@\fR. -.sp -See -\fIaccept_priority\fR -for the list of supported syslog priorities. -.TP 6n -maxlen = number -On many systems, -syslog(3) -has a relatively small log buffer. -IETF RFC 5424 states that syslog servers must support messages of -at least 480 bytes and should support messages up to 2048 bytes. -By default, -\fBsudo_logsrvd\fR -creates log messages up to 960 bytes which corresponds to the -historic -BSD -syslog implementation which used a 1024 byte buffer -to store the message, date, hostname and program name. -.sp -To prevent syslog messages from being truncated, -\fBsudo_logsrvd\fR -will split up sudo-style log messages that are larger than -\fImaxlen\fR -bytes. -When a message is split, additional parts will include the string -\(lq(command continued)\(rq -after the user name and before the continued command line arguments. -JSON-format log entries are never split and are not affected by -\fImaxlen\fR. -.SS "logfile" -The -\fIlogfile\fR -section consists of settings related to logging to a plain file -(not syslog). -.TP 6n -path = string -The path to the file-based event log. -This path must be fully-qualified and start with a -\(oq/\(cq -character. -The default value is -\fI@logpath@\fR. -.TP 6n -time_format = string -The string used when formatting the date and time for file-based event logs. -Formatting is performed via the system's -strftime(3) -function so any escape sequences supported by that function will be expanded. -The default value is -\(lq\fR%h %e %T\fR\(rq -which produces dates like -\(lqOct 3 07:15:24\(rq -in the C locale. -.SH "FILES" -.TP 26n -\fI@sysconfdir@/sudo_logsrvd.conf\fR -Sudo log server configuration file -.SH "EXAMPLES" -.nf -.RS 0n -# -# sudo logsrv configuration -# - -[server] -# The host name or IP address and port to listen on with an optional TLS -# flag. If no port is specified, port 30343 will be used for plaintext -# connections and port 30344 will be used to TLS connections. -# The following forms are accepted: -# listen_address = hostname(tls) -# listen_address = hostname:port(tls) -# listen_address = IPv4_address(tls) -# listen_address = IPv4_address:port(tls) -# listen_address = [IPv6_address](tls) -# listen_address = [IPv6_address]:port(tls) -# -# The (tls) suffix should be omitted for plaintext connections. -# -# Multiple listen_address settings may be specified. -# The default is to listen on all addresses. -#listen_address = *:30343 -#listen_address = *:30344(tls) - -# The file containing the ID of the running sudo_logsrvd process. -#pid_file = @rundir@/sudo_logsrvd.pid - -# If set, enable the SO_KEEPALIVE socket option on the connected socket. -#tcp_keepalive = true - -# The amount of time, in seconds, the server will wait for the client to -# respond. A value of 0 will disable the timeout. The default value is 30. -#timeout = 30 - -# If set, server certificate will be verified at server startup and -# also connecting clients will perform server authentication by -# verifying the server's certificate and identity. -#tls_verify = true - -# Whether to verify client certificates for TLS connections. -# By default client certs are not checked. -#tls_checkpeer = false - -# Path to the certificate authority bundle file in PEM format. -# Required if 'tls_verify' or 'tls_checkpeer' is set. -#tls_cacert = /etc/ssl/sudo/cacert.pem - -# Path to the server's certificate file in PEM format. -# Required for TLS connections. -#tls_cert = /etc/ssl/sudo/certs/logsrvd_cert.pem - -# Path to the server's private key file in PEM format. -# Required for TLS connections. -#tls_key = /etc/ssl/sudo/private/logsrvd_key.pem - -# TLS cipher list (see "CIPHER LIST FORMAT" in the openssl-ciphers manual). -# NOTE that this setting is only effective if the negotiated protocol -# is TLS version 1.2. -# The default cipher list is HIGH:!aNULL. -#tls_ciphers_v12 = HIGH:!aNULL - -# TLS cipher list if the negotiated protocol is TLS version 1.3. -# The default cipher list is TLS_AES_256_GCM_SHA384. -#tls_ciphers_v13 = TLS_AES_256_GCM_SHA384 - -# Path to the Diffie-Hellman parameter file in PEM format. -# If not set, the server will use the OpenSSL defaults. -#tls_dhparams = /etc/ssl/sudo/logsrvd_dhparams.pem - -[iolog] -# The top-level directory to use when constructing the path name for the -# I/O log directory. The session sequence number, if any, is stored here. -#iolog_dir = /var/log/sudo-io - -# The path name, relative to iolog_dir, in which to store I/O logs. -# Note that iolog_file may contain directory components. -#iolog_file = %{seq} - -# If set, I/O logs will be compressed using zlib. Enabling compression can -# make it harder to view the logs in real-time as the program is executing. -#iolog_compress = false - -# If set, I/O log data is flushed to disk after each write instead of -# buffering it. This makes it possible to view the logs in real-time -# as the program is executing but reduces the effectiveness of compression. -#iolog_flush = true - -# The group to use when creating new I/O log files and directories. -# If iolog_group is not set, the primary group-ID of the user specified -# by iolog_user is used. If neither iolog_group nor iolog_user -# are set, I/O log files and directories are created with group-ID 0. -#iolog_group = wheel - -# The user to use when setting the user-ID and group-ID of new I/O -# log files and directories. If iolog_group is set, it will be used -# instead of the user's primary group-ID. By default, I/O log files -# and directories are created with user and group-ID 0. -#iolog_user = root - -# The file mode to use when creating I/O log files. The file permissions -# will always include the owner read and write bits, even if they are -# not present in the specified mode. When creating I/O log directories, -# search (execute) bits are added to match the read and write bits -# specified by iolog_mode. -#iolog_mode = 0600 - -# The maximum sequence number that will be substituted for the "%{seq}" -# escape in the I/O log file. While the value substituted for "%{seq}" -# is in base 36, maxseq itself should be expressed in decimal. Values -# larger than 2176782336 (which corresponds to the base 36 sequence -# number "ZZZZZZ") will be silently truncated to 2176782336. -#maxseq = 2176782336 - -[eventlog] -# Where to log accept, reject and alert events. -# Accepted values are syslog, logfile, or none. -# Defaults to syslog -#log_type = syslog - -# Event log format. -# Currently only sudo-style event logs are supported. -#log_format = sudo - -[syslog] -# The maximum length of a syslog payload. -# On many systems, syslog(3) has a relatively small log buffer. -# IETF RFC 5424 states that syslog servers must support messages -# of at least 480 bytes and should support messages up to 2048 bytes. -# Messages larger than this value will be split into multiple messages. -#maxlen = 960 - -# The syslog facility to use for event log messages. -# The following syslog facilities are supported: authpriv (if your OS -# supports it), auth, daemon, user, local0, local1, local2, local3, -# local4, local5, local6, and local7. -#facility = authpriv - -# Syslog priority to use for event log accept messages, when the command -# is allowed by the security policy. The following syslog priorities are -# supported: alert, crit, debug, emerg, err, info, notice, warning, none. -#accept_priority = notice - -# Syslog priority to use for event log reject messages, when the command -# is not allowed by the security policy. -#reject_priority = alert - -# Syslog priority to use for event log alert messages reported by the -# client. -#alert_priority = alert - -[logfile] -# The path to the file-based event log. -# This path must be fully-qualified and start with a '/' character. -#path = /var/log/sudo - -# The format string used when formatting the date and time for -# file-based event logs. Formatting is performed via strftime(3) so -# any format string supported by that function is allowed. -#time_format = %h %e %T -.RE -.fi -.SH "SEE ALSO" -strftime(3), -sudo.conf(@mansectform@), -sudoers(@mansectform@), -sudo(8), -sudo_logsrvd(8) -.SH "HISTORY" -See the HISTORY file in the -\fBsudo\fR -distribution (https://www.sudo.ws/history.html) for a brief -history of sudo. -.SH "AUTHORS" -Many people have worked on -\fBsudo\fR -over the years; this version consists of code written primarily by: -.sp -.RS 6n -Todd C. Miller -.RE -.PP -See the CONTRIBUTORS file in the -\fBsudo\fR -distribution (https://www.sudo.ws/contributors.html) for an -exhaustive list of people who have contributed to -\fBsudo\fR. -.SH "BUGS" -If you feel you have found a bug in -\fBsudo\fR, -please submit a bug report at https://bugzilla.sudo.ws/ -.SH "SUPPORT" -Limited free support is available via the sudo-users mailing list, -see https://www.sudo.ws/mailman/listinfo/sudo-users to subscribe or -search the archives. -.SH "DISCLAIMER" -\fBsudo\fR -is provided -\(lqAS IS\(rq -and any express or implied warranties, including, but not limited -to, the implied warranties of merchantability and fitness for a -particular purpose are disclaimed. -See the LICENSE file distributed with -\fBsudo\fR -or https://www.sudo.ws/license.html for complete details. diff -Nru sudo-1.9.5p2/doc/sudo_logsrvd.conf.mdoc.in sudo-1.9.9/doc/sudo_logsrvd.conf.mdoc.in --- sudo-1.9.5p2/doc/sudo_logsrvd.conf.mdoc.in 2020-12-17 01:33:43.000000000 +0000 +++ sudo-1.9.9/doc/sudo_logsrvd.conf.mdoc.in 1970-01-01 00:00:00.000000000 +0000 @@ -1,712 +0,0 @@ -.\" -.\" SPDX-License-Identifier: ISC -.\" -.\" Copyright (c) 2019-2020 Todd C. Miller -.\" -.\" Permission to use, copy, modify, and distribute this software for any -.\" purpose with or without fee is hereby granted, provided that the above -.\" copyright notice and this permission notice appear in all copies. -.\" -.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES -.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF -.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR -.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES -.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN -.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF -.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. -.\" -.Dd November 24, 2020 -.Dt SUDO_LOGSRVD.CONF @mansectform@ -.Os Sudo @PACKAGE_VERSION@ -.Sh NAME -.Nm sudo_logsrvd.conf -.Nd configuration for sudo_logsrvd -.Sh DESCRIPTION -The -.Nm sudo_logsrvd.conf -file is used to configure the -.Nm sudo_logsrvd -log server. -It uses an INI-style format made up of sections in square brackets and -.Dq key = value -pairs specific to each section below the section name. -Depending on the key, values may be integers, booleans or strings. -Section and key names are not case sensitive, but values are. -.Pp -The pound sign -.Pq Ql # -is used to indicate a comment. -Both the comment character and any text after it, up to the end of -the line, are ignored. -Lines beginning with a semi-colon -.Pq Ql \&; -are also ignored. -.Pp -Long lines can be continued with a backslash -.Pq Ql \e -as the last character on the line. -Note that leading white space is removed from the beginning of lines -even when the continuation character is used. -.Pp -The -.Sx EXAMPLES -section contains a copy of the default -.Nm -file. -.Pp -The following configuration sections are recognized: -.Pp -.Bl -bullet -compact -offset indent -.It -server -.It -iolog -.It -eventlog -.It -syslog -.It -logfile -.El -.Pp -Each section is described in detail below. -.Ss server -The -.Em server -section configures the address and port the server will listen on. -The following keys are recognized: -.Bl -tag -width 8n -.It listen_address = host Ns Oo : Ns port Oc Ns Op (tls) -The host name or IP address, optional port to listen on and -an optional Transport Layer Security (TLS) flag in parentheses. -.Pp -The host may be a host name, an IPv4 address, an IPv6 address -in square brackets or the wild card entry -.Ql * . -A host setting of -.Ql * -will cause -.Nm sudo_logsrvd -to listen on all configured network interfaces. -.Pp -If the optional tls flag is present, -.Nm sudo_logsrvd -will secure the connection with TLS version 1.2 or 1.3. -Versions of TLS prior to 1.2 are not supported. -See -.Xr sudo_logsrvd @mansectsu@ -for details on generating TLS keys and certificates. -.Pp -If a port is specified, it may either be a port number or a known -service name as defined by the system service name database. -If no port is specified, port 30343 will be used for plaintext -connections and port 30344 will be used for TLS connections. -.Pp -The default value is: -.Bd -literal -compact -offset indent -listen_address = *:30343 -listen_address = *:30344(tls) -.Ed -which will listen on all configured network interfaces for both -plaintext and TLS connections. -Multiple -.Em listen_address -lines may be specified to listen on more than one port or interface. -.It pid_file = path -The path to the file containing the process ID of the running -.Nm sudo_logsrvd . -If set to an empty value, or if -.Nm sudo_logsrvd -is run with the -.Fl n -option, no -.Em pid_file -will be created. -If -.Em pid_file -refers to a symbolic link, it will be ignored. -The default value is -.Pa @rundir@/sudo_logsrvd.pid . -.It tcp_keepalive = boolean -If true, -.Nm sudo_logsrvd -will enable the TCP keepalive socket option on the client connection. -This enables the periodic transmission of keepalive messages to the client. -If the client does not respond to a message, the connection will be closed. -.It timeout = number -The amount of time, in seconds, -.Nm sudo_logsrvd -will wait for the client to respond. -A value of 0 will disable the timeout. -The default value is 30. -.It tls_cacert = path -The path to a certificate authority bundle file, in PEM format, -to use instead of the system's default certificate authority database -when authenticating clients. -The default is to use -.Pa /etc/ssl/sudo/cacert.pem -if it exists, otherwise the system's default certificate authority -database is used. -.It tls_cert = path -The path to the server's certificate file, in PEM format. -The default value is -.Pa /etc/ssl/sudo/certs/logsrvd_cert.pem . -.It tls_checkpeer = bool -If true, client certificates will be validated by the server; -clients without a valid certificate will be unable to connect. -If false, no validation of client certificates will be performed. -It true and client certificates are created using a private certificate -authority, the -.Em tls_cacert -setting must be set to a CA bundle that contains the CA certificate -used to generate the client certificate. -The default value is -.Li false . -.It tls_ciphers_v12 = string -A list of ciphers to use for connections secured by TLS version 1.2 only, -separated by a colon -.Ql :\& . -See the -.Sx CIPHER LIST FORMAT -section in -.Xr openssl-ciphers 1 -for full details. -The default value is -.Li HIGH:!aNULL -which consists of encryption cipher suites with key lengths larger than -128 bits, and some cipher suites with 128-bit keys. -Cipher suites that offer no authentication are excluded. -.It tls_ciphers_v13 = string -A list of ciphers to use for connections secured by TLS version 1.3 only, -separated by a colon -.Ql :\& . -Supported cipher suites depend on the version of OpenSSL used, -but should include the following: -.Pp -.Bl -tag -compact -width 8n -offset indent -.It TLS_AES_128_GCM_SHA256 -.It TLS_AES_256_GCM_SHA384 -.It TLS_CHACHA20_POLY1305_SHA256 -.It TLS_AES_128_CCM_SHA256 -.It TLS_AES_128_CCM_8_SHA256 -.El -.Pp -The default cipher suite is TLS_AES_256_GCM_SHA384. -.It tls_dhparams = path -The path to a file containing custom Diffie-Hellman parameters in PEM format. -This file can be created with the following command: -.Bd -literal -openssl dhparam -out /etc/sudo_logsrvd_dhparams.pem 2048 -.Ed -.Pp -By default, -.Nm sudo_logsrvd -will use the OpenSSL defaults for Diffie-Hellman key generation. -.It tls_key = path -The path to the server's private key file, in PEM format. -The default value is -.Pa /etc/ssl/sudo/private/logsrvd_key.pem . -.It tls_verify = bool -If true, the server certificate will be verified at startup and -clients will authenticate the server by verifying its certificate -and identity. -If false, no verification is performed of the server certificate -by the server or the client. -When using self-signed certificates without a certificate authority, -this setting should be set to false. -The default value is true. -.El -.Ss iolog -The -.Em iolog -section configures I/O log parameters. -These settings are identical to the I/O configuration in -.Xr sudoers @mansectform@ . -The following keys are recognized: -.Bl -tag -width 8n -.It iolog_compress = boolean -If set, I/O logs will be compressed using -.Sy zlib . -Enabling compression can make it harder to view the logs in real-time as -the program is executing due to buffering. -The default value is -.Li false . -.It iolog_dir = path -The top-level directory to use when constructing the path -name for the I/O log directory. -The session sequence number, if any, is stored in the directory. -The default value is -.Pa @iolog_dir@ . -.Pp -The following percent -.Pq Ql % -escape sequences are supported: -.Bl -tag -width 4n -.It Li %{seq} -expanded to a monotonically increasing base-36 sequence number, such as 0100A5, -where every two digits are used to form a new directory, e.g., -.Pa 01/00/A5 -.It Li %{user} -expanded to the invoking user's login name -.It Li %{group} -expanded to the name of the invoking user's real group-ID -.It Li %{runas_user} -expanded to the login name of the user the command will -be run as (e.g., root) -.It Li %{runas_group} -expanded to the group name of the user the command will -be run as (e.g., wheel) -.It Li %{hostname} -expanded to the local host name without the domain name -.It Li %{command} -expanded to the base name of the command being run -.El -.Pp -In addition, any escape sequences supported by the system's -.Xr strftime 3 -function will be expanded. -.Pp -To include a literal -.Ql % -character, the string -.Ql %% -should be used. -.It iolog_file = path -The path name, relative to -.Em iolog_dir , -in which to store I/O logs. -Note that -.Em iolog_file -may contain directory components. -The default value is -.Li %{seq} . -.Pp -See the -.Em iolog_dir -setting above for a list of supported percent -.Pq Ql % -escape sequences. -.Pp -In addition to the escape sequences, path names that end in six or -more -.Li X Ns s -will have the -.Li X Ns s -replaced with a unique combination of digits and letters, similar to the -.Xr mktemp 3 -function. -.Pp -If the path created by concatenating -.Em iolog_dir -and -.Em iolog_file -already exists, the existing I/O log file will be truncated and -overwritten unless -.Em iolog_file -ends in six or -more -.Li X Ns s . -.It iolog_flush = boolean -If set, I/O log data is flushed to disk after each write instead of -buffering it. -This makes it possible to view the logs in real-time as the program is -executing but may significantly reduce the effectiveness -of I/O log compression. -The default value is -.Li true . -.It iolog_group = name -The group name to look up when setting the group-ID on new I/O log -files and directories. -If -.Em iolog_group -is not set, -the primary group-ID of the user specified by -.Em iolog_user is used. -If neither -.Em iolog_group -nor -.Em iolog_user -are set, I/O log files and directories are created with group-ID 0. -.It iolog_mode = mode -The file mode to use when creating I/O log files. -Mode bits for read and write permissions for owner, group or other -are honored, everything else is ignored. -The file permissions will always include the owner read and -write bits, even if they are not present in the specified mode. -When creating I/O log directories, search (execute) bits are added -to match the read and write bits specified by -.Em iolog_mode . -The default value is -.Li 0600 . -.It iolog_user = name -The user name to look up when setting the owner of new -I/O log files and directories. -If -.Em iolog_group -is set, it will be used instead of the user's primary group-ID. -By default, I/O log files and directories are created with user and -group-ID 0. -.It maxseq = number -The maximum sequence number that will be substituted for the -.Dq Li %{seq} -escape in the I/O log file (see the -.Em iolog_dir -description above for more information). -While the value substituted for -.Dq Li %{seq} -is in base 36, -.Em maxseq -itself should be expressed in decimal. -Values larger than 2176782336 (which corresponds to the -base 36 sequence number -.Dq ZZZZZZ ) -will be silently truncated to 2176782336. -The default value is 2176782336. -.El -.Ss eventlog -The -.Em eventlog -section configures how (and if) security policy events are logged. -.Bl -tag -width 4n -.It log_type = string -Where to log accept, reject and alert events reported by the policy. -Supported values are -.Em syslog , -.Em logfile , -and -.Em none . -The default value is -.Em syslog . -.It log_format = string -The event log format. -Supported log formats are -.Dq sudo -for traditional sudo-style logs and -.Dq json -for JSON-format logs. -The JSON log entries contain the full contents of the accept, reject -and alert messages. -The default value is -.Em sudo . -.El -.Ss syslog -The -.Em syslog -section configures how events are logged via -.Xr syslog 3 . -.Bl -tag -width 4n -.It facility = string -Syslog facility if syslog is being used for logging. -Defaults to -.Li @logfac@ . -.Pp -The following syslog facilities are supported: -.Sy authpriv -(if your -OS supports it), -.Sy auth , -.Sy daemon , -.Sy user , -.Sy local0 , -.Sy local1 , -.Sy local2 , -.Sy local3 , -.Sy local4 , -.Sy local5 , -.Sy local6 , -and -.Sy local7 . -.It accept_priority = string -Syslog priority to use when the user is allowed to run a command and -authentication is successful. -Defaults to -.Li @goodpri@ . -.Pp -The following syslog priorities are supported: -.Sy alert , -.Sy crit , -.Sy debug , -.Sy emerg , -.Sy err , -.Sy info , -.Sy notice , -.Sy warning , -and -.Sy none . -Setting it to a value of -.Sy none -will disable logging of successful commands. -.It reject_priority = string -Syslog priority to use when the user is not allowed to run a command or -when authentication is unsuccessful. -Defaults to -.Li @badpri@ . -.Pp -See -.Em accept_priority -for the list of supported syslog priorities. -.It alert_priority = string -Syslog priority to use for event log alert messages received from the client. -Defaults to -.Li @badpri@ . -.Pp -See -.Em accept_priority -for the list of supported syslog priorities. -.It maxlen = number -On many systems, -.Xr syslog 3 -has a relatively small log buffer. -IETF RFC 5424 states that syslog servers must support messages of -at least 480 bytes and should support messages up to 2048 bytes. -By default, -.Nm sudo_logsrvd -creates log messages up to 960 bytes which corresponds to the -historic -.Bx -syslog implementation which used a 1024 byte buffer -to store the message, date, hostname and program name. -.Pp -To prevent syslog messages from being truncated, -.Nm sudo_logsrvd -will split up sudo-style log messages that are larger than -.Em maxlen -bytes. -When a message is split, additional parts will include the string -.Dq Pq command continued -after the user name and before the continued command line arguments. -JSON-format log entries are never split and are not affected by -.Em maxlen . -.El -.Ss logfile -The -.Em logfile -section consists of settings related to logging to a plain file -(not syslog). -.Bl -tag -width 4n -.It path = string -The path to the file-based event log. -This path must be fully-qualified and start with a -.Sq / -character. -The default value is -.Pa @logpath@ . -.It time_format = string -The string used when formatting the date and time for file-based event logs. -Formatting is performed via the system's -.Xr strftime 3 -function so any escape sequences supported by that function will be expanded. -The default value is -.Dq Li "%h %e %T" -which produces dates like -.Dq Oct 3 07:15:24 -in the C locale. -.El -.Sh FILES -.Bl -tag -width 24n -.It Pa @sysconfdir@/sudo_logsrvd.conf -Sudo log server configuration file -.El -.Sh EXAMPLES -.Bd -literal -# -# sudo logsrv configuration -# - -[server] -# The host name or IP address and port to listen on with an optional TLS -# flag. If no port is specified, port 30343 will be used for plaintext -# connections and port 30344 will be used to TLS connections. -# The following forms are accepted: -# listen_address = hostname(tls) -# listen_address = hostname:port(tls) -# listen_address = IPv4_address(tls) -# listen_address = IPv4_address:port(tls) -# listen_address = [IPv6_address](tls) -# listen_address = [IPv6_address]:port(tls) -# -# The (tls) suffix should be omitted for plaintext connections. -# -# Multiple listen_address settings may be specified. -# The default is to listen on all addresses. -#listen_address = *:30343 -#listen_address = *:30344(tls) - -# The file containing the ID of the running sudo_logsrvd process. -#pid_file = @rundir@/sudo_logsrvd.pid - -# If set, enable the SO_KEEPALIVE socket option on the connected socket. -#tcp_keepalive = true - -# The amount of time, in seconds, the server will wait for the client to -# respond. A value of 0 will disable the timeout. The default value is 30. -#timeout = 30 - -# If set, server certificate will be verified at server startup and -# also connecting clients will perform server authentication by -# verifying the server's certificate and identity. -#tls_verify = true - -# Whether to verify client certificates for TLS connections. -# By default client certs are not checked. -#tls_checkpeer = false - -# Path to the certificate authority bundle file in PEM format. -# Required if 'tls_verify' or 'tls_checkpeer' is set. -#tls_cacert = /etc/ssl/sudo/cacert.pem - -# Path to the server's certificate file in PEM format. -# Required for TLS connections. -#tls_cert = /etc/ssl/sudo/certs/logsrvd_cert.pem - -# Path to the server's private key file in PEM format. -# Required for TLS connections. -#tls_key = /etc/ssl/sudo/private/logsrvd_key.pem - -# TLS cipher list (see "CIPHER LIST FORMAT" in the openssl-ciphers manual). -# NOTE that this setting is only effective if the negotiated protocol -# is TLS version 1.2. -# The default cipher list is HIGH:!aNULL. -#tls_ciphers_v12 = HIGH:!aNULL - -# TLS cipher list if the negotiated protocol is TLS version 1.3. -# The default cipher list is TLS_AES_256_GCM_SHA384. -#tls_ciphers_v13 = TLS_AES_256_GCM_SHA384 - -# Path to the Diffie-Hellman parameter file in PEM format. -# If not set, the server will use the OpenSSL defaults. -#tls_dhparams = /etc/ssl/sudo/logsrvd_dhparams.pem - -[iolog] -# The top-level directory to use when constructing the path name for the -# I/O log directory. The session sequence number, if any, is stored here. -#iolog_dir = /var/log/sudo-io - -# The path name, relative to iolog_dir, in which to store I/O logs. -# Note that iolog_file may contain directory components. -#iolog_file = %{seq} - -# If set, I/O logs will be compressed using zlib. Enabling compression can -# make it harder to view the logs in real-time as the program is executing. -#iolog_compress = false - -# If set, I/O log data is flushed to disk after each write instead of -# buffering it. This makes it possible to view the logs in real-time -# as the program is executing but reduces the effectiveness of compression. -#iolog_flush = true - -# The group to use when creating new I/O log files and directories. -# If iolog_group is not set, the primary group-ID of the user specified -# by iolog_user is used. If neither iolog_group nor iolog_user -# are set, I/O log files and directories are created with group-ID 0. -#iolog_group = wheel - -# The user to use when setting the user-ID and group-ID of new I/O -# log files and directories. If iolog_group is set, it will be used -# instead of the user's primary group-ID. By default, I/O log files -# and directories are created with user and group-ID 0. -#iolog_user = root - -# The file mode to use when creating I/O log files. The file permissions -# will always include the owner read and write bits, even if they are -# not present in the specified mode. When creating I/O log directories, -# search (execute) bits are added to match the read and write bits -# specified by iolog_mode. -#iolog_mode = 0600 - -# The maximum sequence number that will be substituted for the "%{seq}" -# escape in the I/O log file. While the value substituted for "%{seq}" -# is in base 36, maxseq itself should be expressed in decimal. Values -# larger than 2176782336 (which corresponds to the base 36 sequence -# number "ZZZZZZ") will be silently truncated to 2176782336. -#maxseq = 2176782336 - -[eventlog] -# Where to log accept, reject and alert events. -# Accepted values are syslog, logfile, or none. -# Defaults to syslog -#log_type = syslog - -# Event log format. -# Currently only sudo-style event logs are supported. -#log_format = sudo - -[syslog] -# The maximum length of a syslog payload. -# On many systems, syslog(3) has a relatively small log buffer. -# IETF RFC 5424 states that syslog servers must support messages -# of at least 480 bytes and should support messages up to 2048 bytes. -# Messages larger than this value will be split into multiple messages. -#maxlen = 960 - -# The syslog facility to use for event log messages. -# The following syslog facilities are supported: authpriv (if your OS -# supports it), auth, daemon, user, local0, local1, local2, local3, -# local4, local5, local6, and local7. -#facility = authpriv - -# Syslog priority to use for event log accept messages, when the command -# is allowed by the security policy. The following syslog priorities are -# supported: alert, crit, debug, emerg, err, info, notice, warning, none. -#accept_priority = notice - -# Syslog priority to use for event log reject messages, when the command -# is not allowed by the security policy. -#reject_priority = alert - -# Syslog priority to use for event log alert messages reported by the -# client. -#alert_priority = alert - -[logfile] -# The path to the file-based event log. -# This path must be fully-qualified and start with a '/' character. -#path = /var/log/sudo - -# The format string used when formatting the date and time for -# file-based event logs. Formatting is performed via strftime(3) so -# any format string supported by that function is allowed. -#time_format = %h %e %T -.Ed -.Sh SEE ALSO -.Xr strftime 3 , -.Xr sudo.conf @mansectform@ , -.Xr sudoers @mansectform@ , -.Xr sudo @mansectsu@ , -.Xr sudo_logsrvd @mansectsu@ -.Sh HISTORY -See the HISTORY file in the -.Nm sudo -distribution (https://www.sudo.ws/history.html) for a brief -history of sudo. -.Sh AUTHORS -Many people have worked on -.Nm sudo -over the years; this version consists of code written primarily by: -.Bd -ragged -offset indent -.An Todd C. Miller -.Ed -.Pp -See the CONTRIBUTORS file in the -.Nm sudo -distribution (https://www.sudo.ws/contributors.html) for an -exhaustive list of people who have contributed to -.Nm sudo . -.Sh BUGS -If you feel you have found a bug in -.Nm sudo , -please submit a bug report at https://bugzilla.sudo.ws/ -.Sh SUPPORT -Limited free support is available via the sudo-users mailing list, -see https://www.sudo.ws/mailman/listinfo/sudo-users to subscribe or -search the archives. -.Sh DISCLAIMER -.Nm sudo -is provided -.Dq AS IS -and any express or implied warranties, including, but not limited -to, the implied warranties of merchantability and fitness for a -particular purpose are disclaimed. -See the LICENSE file distributed with -.Nm sudo -or https://www.sudo.ws/license.html for complete details. diff -Nru sudo-1.9.5p2/doc/sudo_logsrvd.man.in sudo-1.9.9/doc/sudo_logsrvd.man.in --- sudo-1.9.5p2/doc/sudo_logsrvd.man.in 2020-12-17 01:33:43.000000000 +0000 +++ sudo-1.9.9/doc/sudo_logsrvd.man.in 1970-01-01 00:00:00.000000000 +0000 @@ -1,438 +0,0 @@ -.\" Automatically generated from an mdoc input file. Do not edit. -.\" -.\" SPDX-License-Identifier: ISC -.\" -.\" Copyright (c) 2019-2020 Todd C. Miller -.\" -.\" Permission to use, copy, modify, and distribute this software for any -.\" purpose with or without fee is hereby granted, provided that the above -.\" copyright notice and this permission notice appear in all copies. -.\" -.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES -.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF -.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR -.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES -.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN -.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF -.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. -.\" -.TH "SUDO_LOGSRVD" "@mansectsu@" "March 28, 2020" "Sudo @PACKAGE_VERSION@" "System Manager's Manual" -.nh -.if n .ad l -.SH "NAME" -\fBsudo_logsrvd\fR -\- sudo event and I/O log server -.SH "SYNOPSIS" -.HP 13n -\fBsudo_logsrvd\fR -[\fB\-hnV\fR] -[\fB\-f\fR\ \fIfile\fR] -[\fB\-R\fR\ \fIpercentage\fR] -.SH "DESCRIPTION" -\fBsudo_logsrvd\fR -is a high-performance log server that accepts event and I/O logs from -\fBsudo\fR. -It can be used to implement centralized logging of -\fBsudo\fR -logs. -Event log entries may be logged either via -syslog(3) -or to a file. -I/O Logs created by -\fBsudo_logsrvd\fR -can be replayed via the -sudoreplay(@mansectsu@) -utility in the same way as logs generated directly by the -\fBsudoers\fR -plugin. -.PP -The server also supports restarting interrupted log transfers. -To distinguish completed I/O logs from incomplete ones, the -I/O log timing file is set to be read-only when the log is complete. -.PP -Configuration parameters for -\fBsudo_logsrvd\fR -may be specified in the -sudo_logsrvd.conf(@mansectform@) -file. -.PP -The options are as follows: -.TP 12n -\fB\-f\fR, \fB\--file\fR -Read configuration from -\fIfile\fR -instead of the default, -\fI@sysconfdir@/sudo_logsrvd.conf\fR. -.TP 12n -\fB\-h\fR, \fB\--help\fR -Display a short help message to the standard output and exit. -.TP 12n -\fB\-n\fR, \fB\--no-fork\fR -Run -\fBsudo_logsrvd\fR -in the foreground instead of detaching from the terminal and becoming -a daemon. -.TP 12n -\fB\-R\fR, \fB\--random-drop\fR -For each message, there is a -\fIpercentage\fR -chance that the server will drop the connection. -This is only intended for debugging the ability of a -client to restart a connection. -.TP 12n -\fB\-V\fR, \fB\--version\fR -Print the -\fBsudo_logsrvd\fR -version and exit. -.SS "Securing server connections" -The I/O log data sent to -\fBsudo_logsrvd\fR -may contain sensitive information such as passwords and should be -secured using Transport Layer Security (TLS). -Doing so requires having a signed certificate on the server and, if -\fItls_checkpeer\fR -is enabled in -sudo_logsrvd.conf(@mansectform@), -a signed certificate on the client as well. -.PP -The certificates can either be signed by a well-known Certificate -Authority (CA), or a private CA can be used. -Instructions for creating a private CA are included below in the -\fIEXAMPLES\fR -section. -.SS "Debugging sudo_logsrvd" -\fBsudo_logsrvd\fR -supports a flexible debugging framework that is configured via -\fRDebug\fR -lines in the -sudo.conf(@mansectform@) -file. -.PP -For more information on configuring -sudo.conf(@mansectform@), -please refer to its manual. -.SH "FILES" -.TP 26n -\fI@sysconfdir@/sudo.conf\fR -Sudo front end configuration -.TP 26n -\fI@sysconfdir@/sudo_logsrvd.conf\fR -Sudo log server configuration file -.TP 26n -\fI@iolog_dir@\fR -Default I/O log file location -.TP 26n -\fI@rundir@/sudo_logsrvd.pid\fR -.br -Process ID file for -\fBsudo_logsrvd\fR -.SH "EXAMPLES" -.SS "Creating self-signed certificates" -Unless you are using certificates signed by a well-known Certificate -Authority (or a local enterprise CA), you will need to create your -own CA that can sign the certificates used by -\fBsudo_logsrvd\fR, -\fBsudo_sendlog\fR, -and the -\fBsudoers\fR -plugin. -The following steps use the -openssl(1) -command to create keys and certificates. -.SS "Initial setup" -First, we need to create a directory structure to store the -files for the CA. -We'll create a new directory hierarchy in -\fI/etc/ssl/sudo\fR -for this purpose. -.nf -.sp -.RS 6n -# mkdir /etc/ssl/sudo -# cd /etc/ssl/sudo -# mkdir certs csr newcerts private -# chmod 700 private -# touch index.txt -# echo 1000 > serial -.RE -.fi -.PP -The serial and index.txt files are used to keep track of signed certificates. -.PP -Next, we need to make a copy of the openssl.conf file and customize -it for our new CA. -The path to openssl.cnf is system-dependent but -\fI/etc/ssl/openssl.cnf\fR -is the most common location. -You will need to adjust the example below if it has a different location on -your system. -.nf -.sp -.RS 6n -# cp /etc/ssl/openssl.cnf . -.RE -.fi -.PP -Now edit the -\fIopenssl.cnf\fR -file in the current directory and make sure it contains -\(lqca\(rq -and -\(lqCA_default\(rq -sections. -Those sections should include the following settings: -.nf -.sp -.RS 6n -[ ca ] -default_ca = CA_default - -[ CA_default ] -dir = /etc/ssl/sudo -certs = $dir/certs -database = $dir/index.txt -certificate = $dir/cacert.pem -serial = $dir/serial -.RE -.fi -.PP -If your -\fIopenssl.conf\fR -file already has a -\(lqCA_default\(rq -section, you may only need to modify the -\(lqdir\(rq -setting. -.SS "Creating the CA key and certificate" -In order to create and sign our own certificates, we need to create -a private key and a certificate for the root of the CA. -First, create the private key and protect it with a pass phrase: -.nf -.sp -.RS 6n -# openssl genrsa -aes256 -out private/cakey.pem 4096 -# chmod 400 private/cakey.pem -.RE -.fi -.PP -Next, generate the root certificate, using appropriate values for -the site-specific fields: -.nf -.sp -.RS 6n -# openssl req -config openssl.cnf -key private/cakey.pem \e - -new -x509 -days 7300 -sha256 -extensions v3_ca \e - -out cacert.pem - -Enter pass phrase for private/cakey.pem: -You are about to be asked to enter information that will be -incorporated into your certificate request. -What you are about to enter is what is called a Distinguished Name -or a DN. -There are quite a few fields but you can leave some blank. -For some fields there will be a default value, -If you enter '.', the field will be left blank. ------ -Country Name (2 letter code) [AU]:US -State or Province Name (full name) [Some-State]:Colorado -Locality Name (eg, city) []: -Organization Name (eg, company) [Internet Widgits Pty Ltd]:sudo -Organizational Unit Name (eg, section) []:sudo Certificate Authority -Common Name (e.g., server FQDN or YOUR name) []:sudo Root CA -Email Address []: - -# chmod 444 cacert.pem -.RE -.fi -.PP -Finally, verify the root certificate: -.nf -.sp -.RS 6n -# openssl x509 -noout -text -in cacert.pem -.RE -.fi -.SS "Creating and signing certificates" -The server and client certificates will be signed by the previously -created root CA. -Usually, the root CA is not used to sign server/client certificates -directly. -Instead, intermediate certificates are created and signed with the -root CA and the intermediate certs are used to sign CSRs (Certificate -Signing Request). -In this example we'll skip this part for simplicity's sake and sign the -CSRs with the root CA. -.PP -First, generate the private key without a pass phrase. -.nf -.sp -.RS 6n -# openssl genrsa -out private/logsrvd_key.pem 2048 -# chmod 400 private/logsrvd_key.pem -.RE -.fi -.PP -Next, create a certificate signing request (CSR) for the server's certificate. -The organization name must match the name given in the root certificate. -The common name should be either the server's IP address or a fully -qualified domain name. -.nf -.sp -.RS 6n -# openssl req -config openssl.cnf -key private/logsrvd_key.pem -new \e - -sha256 -out csr/logsrvd_csr.pem - -Enter pass phrase for private/logsrvd_key.pem: -You are about to be asked to enter information that will be -incorporated into your certificate request. -What you are about to enter is what is called a Distinguished Name -or a DN. -There are quite a few fields but you can leave some blank. -For some fields there will be a default value, -If you enter '.', the field will be left blank. ------ -Country Name (2 letter code) [AU]:US -State or Province Name (full name) [Some-State]:Colorado -Locality Name (eg, city) []: -Organization Name (eg, company) [Internet Widgits Pty Ltd]:sudo -Organizational Unit Name (eg, section) []:sudo log server -Common Name (e.g., server FQDN or YOUR name) []:logserver.example.com -Email Address []: - -Please enter the following 'extra' attributes -to be sent with your certificate request -A challenge password []: -An optional company name []: -.RE -.fi -.PP -Now sign the CSR that was just created: -.nf -.sp -.RS 6n -# openssl ca -config openssl.cnf -days 375 -notext -md sha256 \e - -in csr/logsrvd_csr.pem -out certs/logsrvd_cert.pem - -Using configuration from openssl.cnf -Enter pass phrase for ./private/cakey.pem: -Check that the request matches the signature -Signature ok -Certificate Details: - Serial Number: 4096 (0x1000) - Validity - Not Before: Nov 11 14:05:05 2019 GMT - Not After : Nov 20 14:05:05 2020 GMT - Subject: - countryName = US - stateOrProvinceName = Colorado - organizationName = sudo - organizationalUnitName = sudo log server - commonName = logserve.example.com - X509v3 extensions: - X509v3 Basic Constraints: - CA:FALSE - Netscape Comment: - OpenSSL Generated Certificate - X509v3 Subject Key Identifier: - 4C:50:F9:D0:BE:1A:4C:B2:AC:90:76:56:C7:9E:16:AE:E6:9E:E5:B5 - X509v3 Authority Key Identifier: - keyid:D7:91:24:16:B1:03:06:65:1A:7A:6E:CF:51:E9:5C:CB:7A:95:3E:0C - -Certificate is to be certified until Nov 20 14:05:05 2020 GMT (375 days) -Sign the certificate? [y/n]:y - -1 out of 1 certificate requests certified, commit? [y/n]y -Write out database with 1 new entries -Data Base Updated -.RE -.fi -.PP -Finally, verify the new certificate: -.nf -.sp -.RS 6n -# openssl verify -CAfile cacert.pem certs/logsrvd_cert.pem -certs/logsrvd_cert.pem: OK -.RE -.fi -.PP -The -\fI/etc/ssl/sudo/certs\fR -directory now contains a signed and verified certificate for use with -\fBsudo_logsrvd\fR. -.PP -To generate a client certificate, repeat the process above using -a different file name. -.SS "Configuring sudo_logsrvd to use TLS" -To use TLS for client/server communication, both -\fBsudo_logsrvd\fR -and the -\fBsudoers\fR -plugin need to be configured to use TLS. -Configuring -\fBsudo_logsrvd\fR -for TLS requires the following settings, assuming the same path -names used earlier: -.nf -.sp -.RS 6n -# If set, secure connections with TLS 1.2 or 1.3. -tls = true - -# Path to the certificate authority bundle file in PEM format. -tls_cacert = /etc/ssl/sudo/cacert.pem - -# Path to the server's certificate file in PEM format. -tls_cert = /etc/ssl/sudo/certs/logsrvd_cert.pem - -# Path to the server's private key file in PEM format. -tls_key = /etc/ssl/sudo/private/logsrvd_key.pem -.RE -.fi -.PP -The root CA cert -(\fIcacert.pem\fR) -must be installed on the system running -\fBsudo_logsrvd\fR. -If peer authentication is enabled on the client, a copy of -\fIcacert.pem\fR -must be present on the client system too. -.SH "SEE ALSO" -sudo.conf(@mansectform@), -sudo_logsrvd.conf(@mansectform@), -sudoers(@mansectform@), -sudo(@mansectsu@), -sudo_sendlog(@mansectsu@), -sudoreplay(@mansectsu@) -.SH "AUTHORS" -Many people have worked on -\fBsudo\fR -over the years; this version consists of code written primarily by: -.sp -.RS 6n -Todd C. Miller -.RE -.PP -See the CONTRIBUTORS file in the -\fBsudo\fR -distribution (https://www.sudo.ws/contributors.html) for an -exhaustive list of people who have contributed to -\fBsudo\fR. -.SH "BUGS" -If you feel you have found a bug in -\fBsudo_logsrvd\fR, -please submit a bug report at https://bugzilla.sudo.ws/ -.SH "SUPPORT" -Limited free support is available via the sudo-users mailing list, -see https://www.sudo.ws/mailman/listinfo/sudo-users to subscribe or -search the archives. -.SH "DISCLAIMER" -\fBsudo_logsrvd\fR -is provided -\(lqAS IS\(rq -and any express or implied warranties, including, but not limited -to, the implied warranties of merchantability and fitness for a -particular purpose are disclaimed. -See the LICENSE file distributed with -\fBsudo\fR -or https://www.sudo.ws/license.html for complete details. diff -Nru sudo-1.9.5p2/doc/sudo_logsrvd.mdoc.in sudo-1.9.9/doc/sudo_logsrvd.mdoc.in --- sudo-1.9.5p2/doc/sudo_logsrvd.mdoc.in 2020-12-17 01:33:43.000000000 +0000 +++ sudo-1.9.9/doc/sudo_logsrvd.mdoc.in 1970-01-01 00:00:00.000000000 +0000 @@ -1,396 +0,0 @@ -.\" -.\" SPDX-License-Identifier: ISC -.\" -.\" Copyright (c) 2019-2020 Todd C. Miller -.\" -.\" Permission to use, copy, modify, and distribute this software for any -.\" purpose with or without fee is hereby granted, provided that the above -.\" copyright notice and this permission notice appear in all copies. -.\" -.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES -.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF -.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR -.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES -.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN -.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF -.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. -.\" -.Dd March 28, 2020 -.Dt SUDO_LOGSRVD @mansectsu@ -.Os Sudo @PACKAGE_VERSION@ -.Sh NAME -.Nm sudo_logsrvd -.Nd sudo event and I/O log server -.Sh SYNOPSIS -.Nm sudo_logsrvd -.Op Fl hnV -.Op Fl f Ar file -.Op Fl R Ar percentage -.Sh DESCRIPTION -.Nm -is a high-performance log server that accepts event and I/O logs from -.Nm sudo . -It can be used to implement centralized logging of -.Nm sudo -logs. -Event log entries may be logged either via -.Xr syslog 3 -or to a file. -I/O Logs created by -.Nm -can be replayed via the -.Xr sudoreplay @mansectsu@ -utility in the same way as logs generated directly by the -.Nm sudoers -plugin. -.Pp -The server also supports restarting interrupted log transfers. -To distinguish completed I/O logs from incomplete ones, the -I/O log timing file is set to be read-only when the log is complete. -.Pp -Configuration parameters for -.Nm -may be specified in the -.Xr sudo_logsrvd.conf @mansectform@ -file. -.Pp -The options are as follows: -.Bl -tag -width Fl -.It Fl f , -file -Read configuration from -.Ar file -instead of the default, -.Pa @sysconfdir@/sudo_logsrvd.conf . -.It Fl h , -help -Display a short help message to the standard output and exit. -.It Fl n , -no-fork -Run -.Nm -in the foreground instead of detaching from the terminal and becoming -a daemon. -.It Fl R , -random-drop -For each message, there is a -.Ar percentage -chance that the server will drop the connection. -This is only intended for debugging the ability of a -client to restart a connection. -.It Fl V , -version -Print the -.Nm -version and exit. -.El -.Ss Securing server connections -The I/O log data sent to -.Nm -may contain sensitive information such as passwords and should be -secured using Transport Layer Security (TLS). -Doing so requires having a signed certificate on the server and, if -.Em tls_checkpeer -is enabled in -.Xr sudo_logsrvd.conf @mansectform@ , -a signed certificate on the client as well. -.Pp -The certificates can either be signed by a well-known Certificate -Authority (CA), or a private CA can be used. -Instructions for creating a private CA are included below in the -.Sx EXAMPLES -section. -.Ss Debugging sudo_logsrvd -.Nm -supports a flexible debugging framework that is configured via -.Li Debug -lines in the -.Xr sudo.conf @mansectform@ -file. -.Pp -For more information on configuring -.Xr sudo.conf @mansectform@ , -please refer to its manual. -.Sh FILES -.Bl -tag -width 24n -.It Pa @sysconfdir@/sudo.conf -Sudo front end configuration -.It Pa @sysconfdir@/sudo_logsrvd.conf -Sudo log server configuration file -.It Pa @iolog_dir@ -Default I/O log file location -.It Pa @rundir@/sudo_logsrvd.pid -Process ID file for -.Nm -.El -.Sh EXAMPLES -.Ss Creating self-signed certificates -Unless you are using certificates signed by a well-known Certificate -Authority (or a local enterprise CA), you will need to create your -own CA that can sign the certificates used by -.Nm , -.Nm sudo_sendlog , -and the -.Nm sudoers -plugin. -The following steps use the -.Xr openssl 1 -command to create keys and certificates. -.Ss Initial setup -First, we need to create a directory structure to store the -files for the CA. -We'll create a new directory hierarchy in -.Pa /etc/ssl/sudo -for this purpose. -.Bd -literal -offset indent -# mkdir /etc/ssl/sudo -# cd /etc/ssl/sudo -# mkdir certs csr newcerts private -# chmod 700 private -# touch index.txt -# echo 1000 > serial -.Ed -.Pp -The serial and index.txt files are used to keep track of signed certificates. -.Pp -Next, we need to make a copy of the openssl.conf file and customize -it for our new CA. -The path to openssl.cnf is system-dependent but -.Pa /etc/ssl/openssl.cnf -is the most common location. -You will need to adjust the example below if it has a different location on -your system. -.Bd -literal -offset indent -# cp /etc/ssl/openssl.cnf . -.Ed -.Pp -Now edit the -.Pa openssl.cnf -file in the current directory and make sure it contains -.Dq ca -and -.Dq CA_default -sections. -Those sections should include the following settings: -.Bd -literal -offset indent -[ ca ] -default_ca = CA_default - -[ CA_default ] -dir = /etc/ssl/sudo -certs = $dir/certs -database = $dir/index.txt -certificate = $dir/cacert.pem -serial = $dir/serial -.Ed -.Pp -If your -.Pa openssl.conf -file already has a -.Dq CA_default -section, you may only need to modify the -.Dq dir -setting. -.Ss Creating the CA key and certificate -In order to create and sign our own certificates, we need to create -a private key and a certificate for the root of the CA. -First, create the private key and protect it with a pass phrase: -.Bd -literal -offset indent -# openssl genrsa -aes256 -out private/cakey.pem 4096 -# chmod 400 private/cakey.pem -.Ed -.Pp -Next, generate the root certificate, using appropriate values for -the site-specific fields: -.Bd -literal -offset indent -# openssl req -config openssl.cnf -key private/cakey.pem \e - -new -x509 -days 7300 -sha256 -extensions v3_ca \e - -out cacert.pem - -Enter pass phrase for private/cakey.pem: -You are about to be asked to enter information that will be -incorporated into your certificate request. -What you are about to enter is what is called a Distinguished Name -or a DN. -There are quite a few fields but you can leave some blank. -For some fields there will be a default value, -If you enter '.', the field will be left blank. ------ -Country Name (2 letter code) [AU]:US -State or Province Name (full name) [Some-State]:Colorado -Locality Name (eg, city) []: -Organization Name (eg, company) [Internet Widgits Pty Ltd]:sudo -Organizational Unit Name (eg, section) []:sudo Certificate Authority -Common Name (e.g., server FQDN or YOUR name) []:sudo Root CA -Email Address []: - -# chmod 444 cacert.pem -.Ed -.Pp -Finally, verify the root certificate: -.Bd -literal -offset indent -# openssl x509 -noout -text -in cacert.pem -.Ed -.Ss Creating and signing certificates -The server and client certificates will be signed by the previously -created root CA. -Usually, the root CA is not used to sign server/client certificates -directly. -Instead, intermediate certificates are created and signed with the -root CA and the intermediate certs are used to sign CSRs (Certificate -Signing Request). -In this example we'll skip this part for simplicity's sake and sign the -CSRs with the root CA. -.Pp -First, generate the private key without a pass phrase. -.Bd -literal -offset indent -# openssl genrsa -out private/logsrvd_key.pem 2048 -# chmod 400 private/logsrvd_key.pem -.Ed -.Pp -Next, create a certificate signing request (CSR) for the server's certificate. -The organization name must match the name given in the root certificate. -The common name should be either the server's IP address or a fully -qualified domain name. -.Bd -literal -offset indent -# openssl req -config openssl.cnf -key private/logsrvd_key.pem -new \e - -sha256 -out csr/logsrvd_csr.pem - -Enter pass phrase for private/logsrvd_key.pem: -You are about to be asked to enter information that will be -incorporated into your certificate request. -What you are about to enter is what is called a Distinguished Name -or a DN. -There are quite a few fields but you can leave some blank. -For some fields there will be a default value, -If you enter '.', the field will be left blank. ------ -Country Name (2 letter code) [AU]:US -State or Province Name (full name) [Some-State]:Colorado -Locality Name (eg, city) []: -Organization Name (eg, company) [Internet Widgits Pty Ltd]:sudo -Organizational Unit Name (eg, section) []:sudo log server -Common Name (e.g., server FQDN or YOUR name) []:logserver.example.com -Email Address []: - -Please enter the following 'extra' attributes -to be sent with your certificate request -A challenge password []: -An optional company name []: -.Ed -.Pp -Now sign the CSR that was just created: -.Bd -literal -offset indent -# openssl ca -config openssl.cnf -days 375 -notext -md sha256 \e - -in csr/logsrvd_csr.pem -out certs/logsrvd_cert.pem - -Using configuration from openssl.cnf -Enter pass phrase for ./private/cakey.pem: -Check that the request matches the signature -Signature ok -Certificate Details: - Serial Number: 4096 (0x1000) - Validity - Not Before: Nov 11 14:05:05 2019 GMT - Not After : Nov 20 14:05:05 2020 GMT - Subject: - countryName = US - stateOrProvinceName = Colorado - organizationName = sudo - organizationalUnitName = sudo log server - commonName = logserve.example.com - X509v3 extensions: - X509v3 Basic Constraints: - CA:FALSE - Netscape Comment: - OpenSSL Generated Certificate - X509v3 Subject Key Identifier: - 4C:50:F9:D0:BE:1A:4C:B2:AC:90:76:56:C7:9E:16:AE:E6:9E:E5:B5 - X509v3 Authority Key Identifier: - keyid:D7:91:24:16:B1:03:06:65:1A:7A:6E:CF:51:E9:5C:CB:7A:95:3E:0C - -Certificate is to be certified until Nov 20 14:05:05 2020 GMT (375 days) -Sign the certificate? [y/n]:y - -1 out of 1 certificate requests certified, commit? [y/n]y -Write out database with 1 new entries -Data Base Updated -.Ed -.Pp -Finally, verify the new certificate: -.Bd -literal -offset indent -# openssl verify -CAfile cacert.pem certs/logsrvd_cert.pem -certs/logsrvd_cert.pem: OK -.Ed -.Pp -The -.Pa /etc/ssl/sudo/certs -directory now contains a signed and verified certificate for use with -.Nm sudo_logsrvd . -.Pp -To generate a client certificate, repeat the process above using -a different file name. -.Ss Configuring sudo_logsrvd to use TLS -To use TLS for client/server communication, both -.Nm -and the -.Nm sudoers -plugin need to be configured to use TLS. -Configuring -.Nm -for TLS requires the following settings, assuming the same path -names used earlier: -.Bd -literal -offset indent -# If set, secure connections with TLS 1.2 or 1.3. -tls = true - -# Path to the certificate authority bundle file in PEM format. -tls_cacert = /etc/ssl/sudo/cacert.pem - -# Path to the server's certificate file in PEM format. -tls_cert = /etc/ssl/sudo/certs/logsrvd_cert.pem - -# Path to the server's private key file in PEM format. -tls_key = /etc/ssl/sudo/private/logsrvd_key.pem -.Ed -.Pp -The root CA cert -.Pq Pa cacert.pem -must be installed on the system running -.Nm . -If peer authentication is enabled on the client, a copy of -.Pa cacert.pem -must be present on the client system too. -.Sh SEE ALSO -.Xr sudo.conf @mansectform@ , -.Xr sudo_logsrvd.conf @mansectform@ , -.Xr sudoers @mansectform@ , -.Xr sudo @mansectsu@ , -.Xr sudo_sendlog @mansectsu@ , -.Xr sudoreplay @mansectsu@ -.Sh AUTHORS -Many people have worked on -.Nm sudo -over the years; this version consists of code written primarily by: -.Bd -ragged -offset indent -.An Todd C. Miller -.Ed -.Pp -See the CONTRIBUTORS file in the -.Nm sudo -distribution (https://www.sudo.ws/contributors.html) for an -exhaustive list of people who have contributed to -.Nm sudo . -.Sh BUGS -If you feel you have found a bug in -.Nm , -please submit a bug report at https://bugzilla.sudo.ws/ -.Sh SUPPORT -Limited free support is available via the sudo-users mailing list, -see https://www.sudo.ws/mailman/listinfo/sudo-users to subscribe or -search the archives. -.Sh DISCLAIMER -.Nm -is provided -.Dq AS IS -and any express or implied warranties, including, but not limited -to, the implied warranties of merchantability and fitness for a -particular purpose are disclaimed. -See the LICENSE file distributed with -.Nm sudo -or https://www.sudo.ws/license.html for complete details. diff -Nru sudo-1.9.5p2/doc/sudo_plugin.man.in sudo-1.9.9/doc/sudo_plugin.man.in --- sudo-1.9.5p2/doc/sudo_plugin.man.in 2020-12-17 01:33:43.000000000 +0000 +++ sudo-1.9.9/doc/sudo_plugin.man.in 1970-01-01 00:00:00.000000000 +0000 @@ -1,5147 +0,0 @@ -.\" Automatically generated from an mdoc input file. Do not edit. -.\" -.\" SPDX-License-Identifier: ISC -.\" -.\" Copyright (c) 2009-2020 Todd C. Miller -.\" -.\" Permission to use, copy, modify, and distribute this software for any -.\" purpose with or without fee is hereby granted, provided that the above -.\" copyright notice and this permission notice appear in all copies. -.\" -.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES -.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF -.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR -.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES -.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN -.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF -.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. -.\" -.TH "SUDO_PLUGIN" "5" "November 17, 2020" "Sudo @PACKAGE_VERSION@" "File Formats Manual" -.nh -.if n .ad l -.SH "NAME" -\fBsudo_plugin\fR -\- Sudo Plugin API -.SH "DESCRIPTION" -Starting with version 1.8, -\fBsudo\fR -supports a plugin API -for policy and session logging. -Plugins may be compiled as dynamic shared objects (the default on -systems that support them) or compiled statically into the -\fBsudo\fR -binary itself. -By default, the -\fBsudoers\fR -policy plugin and an associated I/O logging plugin are used. -Via the plugin API, -\fBsudo\fR -can be configured to use alternate policy and/or I/O logging plugins -provided by third parties. -The plugins to be used are specified in the -sudo.conf(@mansectform@) -file. -.PP -The API is versioned with a major and minor number. -The minor version number is incremented when additions are made. -The major number is incremented when incompatible changes are made. -A plugin should be check the version passed to it and make sure that the -major version matches. -.PP -The plugin API is defined by the -\fRsudo_plugin.h\fR -header file. -.SS "Policy plugin API" -A policy plugin must declare and populate a -\fRpolicy_plugin\fR -struct in the global scope. -This structure contains pointers to the functions that implement the -\fBsudo\fR -policy checks. -The name of the symbol should be specified in -sudo.conf(@mansectform@) -along with a path to the plugin so that -\fBsudo\fR -can load it. -.nf -.sp -.RS 0n -struct policy_plugin { -#define SUDO_POLICY_PLUGIN 1 - unsigned int type; /* always SUDO_POLICY_PLUGIN */ - unsigned int version; /* always SUDO_API_VERSION */ - int (*open)(unsigned int version, sudo_conv_t conversation, - sudo_printf_t plugin_printf, char * const settings[], - char * const user_info[], char * const user_env[], - char * const plugin_options[], const char **errstr); - void (*close)(int exit_status, int error); - int (*show_version)(int verbose); - int (*check_policy)(int argc, char * const argv[], - char *env_add[], char **command_info[], - char **argv_out[], char **user_env_out[], const char **errstr); - int (*list)(int argc, char * const argv[], int verbose, - const char *list_user, const char **errstr); - int (*validate)(const char **errstr); - void (*invalidate)(int remove); - int (*init_session)(struct passwd *pwd, char **user_env[], - const char **errstr); - void (*register_hooks)(int version, - int (*register_hook)(struct sudo_hook *hook)); - void (*deregister_hooks)(int version, - int (*deregister_hook)(struct sudo_hook *hook)); - struct sudo_plugin_event * (*event_alloc)(void); -}; -.RE -.fi -.PP -The policy_plugin struct has the following fields: -.TP 6n -type -The -\fRtype\fR -field should always be set to SUDO_POLICY_PLUGIN. -.TP 6n -version -The -\fRversion\fR -field should be set to -\fRSUDO_API_VERSION\fR. -.sp -This allows -\fBsudo\fR -to determine the API version the plugin was -built against. -.TP 6n -open -.nf -.RS 6n -int (*open)(unsigned int version, sudo_conv_t conversation, - sudo_printf_t plugin_printf, char * const settings[], - char * const user_info[], char * const user_env[], - char * const plugin_options[], const char **errstr); -.RE -.fi -.RS 6n -.sp -Returns 1 on success, 0 on failure, \-1 if a general error occurred, -or \-2 if there was a usage error. -In the latter case, -\fBsudo\fR -will print a usage message before it exits. -If an error occurs, the plugin may optionally call the -\fBconversation\fR() -or -\fBplugin_printf\fR() -function with -\fRSUDO_CONF_ERROR_MSG\fR -to present additional error information to the user. -.sp -The function arguments are as follows: -.TP 6n -version -The version passed in by -\fBsudo\fR -allows the plugin to determine the -major and minor version number of the plugin API supported by -\fBsudo\fR. -.TP 6n -conversation -A pointer to the -\fBconversation\fR() -function that can be used by the plugin to interact with the user (see -\fIConversation API\fR -for details). -Returns 0 on success and \-1 on failure. -.TP 6n -plugin_printf -A pointer to a -\fBprintf\fR()-style -function that may be used to display informational or error messages (see -\fIConversation API\fR -for details). -Returns the number of characters printed on success and \-1 on failure. -.TP 6n -settings -A vector of user-supplied -\fBsudo\fR -settings in the form of -\(lqname=value\(rq -strings. -The vector is terminated by a -\fRNULL\fR -pointer. -These settings correspond to options the user specified when running -\fBsudo\fR. -As such, they will only be present when the corresponding option has -been specified on the command line. -.sp -When parsing -\fIsettings\fR, -the plugin should split on the -\fBfirst\fR -equal sign -(\(oq=\(cq) -since the -\fIname\fR -field will never include one -itself but the -\fIvalue\fR -might. -.sp -The following values may be set by -\fBsudo\fR: -.PP -.RS 6n -.PD 0 -.TP 6n -bsdauth_type=string -Authentication type, if specified by the -\fB\-a\fR -option, to use on -systems where -BSD -authentication is supported. -.PD -.TP 6n -closefrom=number -If specified, the user has requested via the -\fB\-C\fR -option that -\fBsudo\fR -close all files descriptors with a value of -\fInumber\fR -or higher. -The plugin may optionally pass this, or another value, back in the -\fIcommand_info\fR -list. -.TP 6n -cmnd_chroot=string -The root directory (see -chroot(2)) -to run the command in, as specified by the user via the -\fB\-R\fR -option. -The plugin may ignore or restrict the user's ability to specify a new -root directory. -Only available starting with API version 1.16. -.TP 6n -cmnd_cwd=string -The working directory to run the command in, as specified by the user via the -\fB\-D\fR -option. -The plugin may ignore or restrict the user's ability to specify a new -working directory. -Only available starting with API version 1.16. -.TP 6n -debug_flags=string -A debug file path name followed by a space and a comma-separated -list of debug flags that correspond to the plugin's -\fRDebug\fR -entry in -sudo.conf(@mansectform@), -if there is one. -The flags are passed to the plugin exactly as they appear in -sudo.conf(@mansectform@). -The syntax used by -\fBsudo\fR -and the -\fBsudoers\fR -plugin is -\fIsubsystem\fR@\fIpriority\fR -but a plugin is free to use a different -format so long as it does not include a comma -(\(oq,\&\(cq). -Prior to -\fBsudo\fR -1.8.12, there was no way to specify plugin-specific -\fIdebug_flags\fR -so the value was always the same as that used by the -\fBsudo\fR -front end and did not include a path name, only the flags themselves. -As of version 1.7 of the plugin interface, -\fBsudo\fR -will only pass -\fIdebug_flags\fR -if -sudo.conf(@mansectform@) -contains a plugin-specific -\fRDebug\fR -entry. -.TP 6n -ignore_ticket=bool -Set to true if the user specified the -\fB\-k\fR -option along with a -command, indicating that the user wishes to ignore any cached -authentication credentials. -\fIimplied_shell\fR -to true. -This allows -\fBsudo\fR -with no arguments -to be used similarly to -su(1). -If the plugin does not to support this usage, it may return a value of \-2 -from the -\fBcheck_policy\fR() -function, which will cause -\fBsudo\fR -to print a usage message and -exit. -.TP 6n -implied_shell=bool -If the user does not specify a program on the command line, -\fBsudo\fR -will pass the plugin the path to the user's shell and set -.TP 6n -login_class=string -BSD -login class to use when setting resource limits and nice value, -if specified by the -\fB\-c\fR -option. -.TP 6n -login_shell=bool -Set to true if the user specified the -\fB\-i\fR -option, indicating that -the user wishes to run a login shell. -.TP 6n -max_groups=int -The maximum number of groups a user may belong to. -This will only be present if there is a corresponding setting in -sudo.conf(@mansectform@). -.TP 6n -network_addrs=list -A space-separated list of IP network addresses and netmasks in the -form -\(lqaddr/netmask\(rq, -e.g., -\(lq192.168.1.2/255.255.255.0\(rq. -The address and netmask pairs may be either IPv4 or IPv6, depending on -what the operating system supports. -If the address contains a colon -(\(oq:\&\(cq), -it is an IPv6 address, else it is IPv4. -.TP 6n -noninteractive=bool -Set to true if the user specified the -\fB\-n\fR -option, indicating that -\fBsudo\fR -should operate in non-interactive mode. -The plugin may reject a command run in non-interactive mode if user -interaction is required. -.TP 6n -plugin_dir=string -The default plugin directory used by the -\fBsudo\fR -front end. -This is the default directory set at compile time and may not -correspond to the directory the running plugin was loaded from. -It may be used by a plugin to locate support files. -.TP 6n -plugin_path=string -The path name of plugin loaded by the -\fBsudo\fR -front end. -The path name will be a fully-qualified unless the plugin was -statically compiled into -\fBsudo\fR. -.TP 6n -preserve_environment=bool -Set to true if the user specified the -\fB\-E\fR -option, indicating that -the user wishes to preserve the environment. -.TP 6n -preserve_groups=bool -Set to true if the user specified the -\fB\-P\fR -option, indicating that -the user wishes to preserve the group vector instead of setting it -based on the runas user. -.TP 6n -progname=string -The command name that sudo was run as, typically -\(lqsudo\(rq -or -\(lqsudoedit\(rq. -.TP 6n -prompt=string -The prompt to use when requesting a password, if specified via -the -\fB\-p\fR -option. -.TP 6n -remote_host=string -The name of the remote host to run the command on, if specified via -the -\fB\-h\fR -option. -Support for running the command on a remote host is meant to be implemented -via a helper program that is executed in place of the user-specified command. -The -\fBsudo\fR -front end is only capable of executing commands on the local host. -Only available starting with API version 1.4. -.TP 6n -run_shell=bool -Set to true if the user specified the -\fB\-s\fR -option, indicating that the user wishes to run a shell. -.TP 6n -runas_group=string -The group name or gid to run the command as, if specified via -the -\fB\-g\fR -option. -.TP 6n -runas_user=string -The user name or uid to run the command as, if specified via the -\fB\-u\fR -option. -.TP 6n -selinux_role=string -SELinux role to use when executing the command, if specified by -the -\fB\-r\fR -option. -.TP 6n -selinux_type=string -SELinux type to use when executing the command, if specified by -the -\fB\-t\fR -option. -.TP 6n -set_home=bool -Set to true if the user specified the -\fB\-H\fR -option. -If true, set the -\fRHOME\fR -environment variable to the target user's home directory. -.TP 6n -sudoedit=bool -Set to true when the -\fB\-e\fR -option is specified or if invoked as -\fBsudoedit\fR. -The plugin shall substitute an editor into -\fIargv\fR -in the -\fBcheck_policy\fR() -function or return \-2 with a usage error -if the plugin does not support -\fIsudoedit\fR. -For more information, see the -\fIcheck_policy\fR -section. -.TP 6n -timeout=string -Command timeout specified by the user via the -\fB\-T\fR -option. -Not all plugins support command timeouts and the ability of the -user to set a timeout may be restricted by policy. -The format of the timeout string is plugin-specific. -.PP -Additional settings may be added in the future so the plugin should -silently ignore settings that it does not recognize. -.RE -.TP 6n -user_info -A vector of information about the user running the command in the form of -\(lqname=value\(rq -strings. -The vector is terminated by a -\fRNULL\fR -pointer. -.sp -When parsing -\fIuser_info\fR, -the plugin should split on the -\fBfirst\fR -equal sign -(\(oq=\(cq) -since the -\fIname\fR -field will never include one -itself but the -\fIvalue\fR -might. -.sp -The following values may be set by -\fBsudo\fR: -.PP -.RS 6n -.PD 0 -.TP 6n -cols=int -The number of columns the user's terminal supports. -If there is no terminal device available, a default value of 80 is used. -.PD -.TP 6n -cwd=string -The user's current working directory. -.TP 6n -egid=gid_t -The effective group-ID of the user invoking -\fBsudo\fR. -.TP 6n -euid=uid_t -The effective user-ID of the user invoking -\fBsudo\fR. -.TP 6n -gid=gid_t -The real group-ID of the user invoking -\fBsudo\fR. -.TP 6n -groups=list -The user's supplementary group list formatted as a string of -comma-separated group-IDs. -.TP 6n -host=string -The local machine's hostname as returned by the -gethostname(2) -system call. -.TP 6n -lines=int -The number of lines the user's terminal supports. -If there is -no terminal device available, a default value of 24 is used. -.TP 6n -pgid=int -The ID of the process group that the running -\fBsudo\fR -process is a member of. -Only available starting with API version 1.2. -.TP 6n -pid=int -The process ID of the running -\fBsudo\fR -process. -Only available starting with API version 1.2. -.TP 6n -ppid=int -The parent process ID of the running -\fBsudo\fR -process. -Only available starting with API version 1.2. -.TP 6n -rlimit_as=soft,hard -The maximum size to which the process's address space may grow (in bytes), -if supported by the operating system. -The soft and hard limits are separated by a comma. -A value of -\(lqinfinity\(rq -indicates that there is no limit. -Only available starting with API version 1.16. -.TP 6n -rlimit_core=soft,hard -The largest size core dump file that may be created (in bytes). -The soft and hard limits are separated by a comma. -A value of -\(lqinfinity\(rq -indicates that there is no limit. -Only available starting with API version 1.16. -.TP 6n -rlimit_cpu=soft,hard -The maximum amount of CPU time that the process may use (in seconds). -The soft and hard limits are separated by a comma. -A value of -\(lqinfinity\(rq -indicates that there is no limit. -Only available starting with API version 1.16. -.TP 6n -rlimit_data=soft,hard -The maximum size of the data segment for the process (in bytes). -The soft and hard limits are separated by a comma. -A value of -\(lqinfinity\(rq -indicates that there is no limit. -Only available starting with API version 1.16. -.TP 6n -rlimit_fsize=soft,hard -The largest size file that the process may create (in bytes). -The soft and hard limits are separated by a comma. -A value of -\(lqinfinity\(rq -indicates that there is no limit. -Only available starting with API version 1.16. -.TP 6n -rlimit_locks=soft,hard -The maximum number of locks that the process may establish, -if supported by the operating system. -The soft and hard limits are separated by a comma. -A value of -\(lqinfinity\(rq -indicates that there is no limit. -Only available starting with API version 1.16. -.TP 6n -rlimit_memlock=soft,hard -The maximum size that the process may lock in memory (in bytes), -if supported by the operating system. -The soft and hard limits are separated by a comma. -A value of -\(lqinfinity\(rq -indicates that there is no limit. -Only available starting with API version 1.16. -.TP 6n -rlimit_nofile=soft,hard -The maximum number of files that the process may have open. -The soft and hard limits are separated by a comma. -A value of -\(lqinfinity\(rq -indicates that there is no limit. -Only available starting with API version 1.16. -.TP 6n -rlimit_nproc=soft,hard -The maximum number of processes that the user may run simultaneously. -The soft and hard limits are separated by a comma. -A value of -\(lqinfinity\(rq -indicates that there is no limit. -Only available starting with API version 1.16. -.TP 6n -rlimit_rss=soft,hard -The maximum size to which the process's resident set size may grow (in bytes). -The soft and hard limits are separated by a comma. -A value of -\(lqinfinity\(rq -indicates that there is no limit. -Only available starting with API version 1.16. -.TP 6n -rlimit_stack=soft,hard -The maximum size to which the process's stack may grow (in bytes). -The soft and hard limits are separated by a comma. -A value of -\(lqinfinity\(rq -indicates that there is no limit. -Only available starting with API version 1.16. -.TP 6n -sid=int -The session ID of the running -\fBsudo\fR -process or 0 if -\fBsudo\fR -is not part of a POSIX job control session. -Only available starting with API version 1.2. -.TP 6n -tcpgid=int -The ID of the foreground process group associated with the terminal -device associated with the -\fBsudo\fR -process or 0 if there is no terminal present. -Only available starting with API version 1.2. -.TP 6n -tty=string -The path to the user's terminal device. -If the user has no terminal device associated with the session, -the value will be empty, as in -\(lq\fRtty=\fR\(rq. -.TP 6n -uid=uid_t -The real user-ID of the user invoking -\fBsudo\fR. -.TP 6n -umask=octal -The invoking user's file creation mask. -Only available starting with API version 1.10. -.TP 6n -user=string -The name of the user invoking -\fBsudo\fR. -.PD 0 -.PP -.RE -.PD -.TP 6n -user_env -The user's environment in the form of a -\fRNULL\fR-terminated vector of -\(lqname=value\(rq -strings. -.sp -When parsing -\fIuser_env\fR, -the plugin should split on the -\fBfirst\fR -equal sign -(\(oq=\(cq) -since the -\fIname\fR -field will never include one -itself but the -\fIvalue\fR -might. -.TP 6n -plugin_options -Any (non-comment) strings immediately after the plugin path are -passed as arguments to the plugin. -These arguments are split on a white space boundary and are passed to -the plugin in the form of a -\fRNULL\fR-terminated -array of strings. -If no arguments were -specified, -\fIplugin_options\fR -will be the -\fRNULL\fR -pointer. -.sp -NOTE: the -\fIplugin_options\fR -parameter is only available starting with -API version 1.2. -A plugin -\fBmust\fR -check the API version specified -by the -\fBsudo\fR -front end before using -\fIplugin_options\fR. -Failure to do so may result in a crash. -.TP 6n -errstr -If the -\fBopen\fR() -function returns a value other than 1, the plugin may -store a message describing the failure or error in -\fIerrstr\fR. -The -\fBsudo\fR -front end will then pass this value to any registered audit plugins. -The string stored in -\fIerrstr\fR -must remain valid until the plugin's -\fBclose\fR() -function is called. -.sp -NOTE: the -\fIerrstr\fR -parameter is only available starting with -API version 1.15. -A plugin -\fBmust\fR -check the API version specified by the -\fBsudo\fR -front end before using -\fIerrstr\fR. -Failure to do so may result in a crash. -.PD 0 -.PP -.RE -.PD -.TP 6n -close -.br -.nf -.RS 6n -void (*close)(int exit_status, int error); -.RE -.fi -.RS 6n -.sp -The -\fBclose\fR() -function is called when -\fBsudo\fR -is finished, shortly before it exits. -Starting with API version 1.15, -\fBclose\fR() -is called regardless of whether or not a command was actually executed. -This makes it possible for plugins to perform cleanup even when a -command was not run. -It is not possible to tell whether a command was run based solely -on the arguments passed to the -\fBclose\fR() -function. -To determine if a command was actually run, -the plugin must keep track of whether or not the -\fBcheck_policy\fR() -function returned successfully. -.sp -The function arguments are as follows: -.TP 6n -exit_status -The command's exit status, as returned by the -wait(2) -system call, or zero if no command was run. -The value of -\fRexit_status\fR -is undefined if -\fRerror\fR -is non-zero. -.TP 6n -error -.br -If the command could not be executed, this is set to the value of -\fRerrno\fR -set by the -execve(2) -system call. -The plugin is responsible for displaying error information via the -\fBconversation\fR() -or -\fBplugin_printf\fR() -function. -If the command was successfully executed, the value of -\fRerror\fR -is zero. -.PP -If no -\fBclose\fR() -function is defined, no I/O logging plugins are loaded, -and neither the -\fItimeout\fR -not -\fIuse_pty\fR -options are set in the -\fRcommand_info\fR -list, the -\fBsudo\fR -front end may execute the command directly instead of running -it as a child process. -.RE -.TP 6n -show_version -.nf -.RS 6n -int (*show_version)(int verbose); -.RE -.fi -.RS 6n -.sp -The -\fBshow_version\fR() -function is called by -\fBsudo\fR -when the user specifies -the -\fB\-V\fR -option. -The plugin may display its version information to the user via the -\fBconversation\fR() -or -\fBplugin_printf\fR() -function using -\fRSUDO_CONV_INFO_MSG\fR. -If the user requests detailed version information, the verbose flag will be set. -.sp -Returns 1 on success, 0 on failure, \-1 if a general error occurred, -or \-2 if there was a usage error, although the return value is currently -ignored. -.RE -.TP 6n -check_policy -.nf -.RS 6n -int (*check_policy)(int argc, char * const argv[], char *env_add[], - char **command_info[], char **argv_out[], char **user_env_out[], - const char **errstr); -.RE -.fi -.RS 6n -.sp -The -\fBcheck_policy\fR() -function is called by -\fBsudo\fR -to determine -whether the user is allowed to run the specified commands. -.sp -If the -\fIsudoedit\fR -option was enabled in the -\fIsettings\fR -array -passed to the -\fBopen\fR() -function, the user has requested -\fIsudoedit\fR -mode. -\fIsudoedit\fR -is a mechanism for editing one or more files -where an editor is run with the user's credentials instead of with -elevated privileges. -\fBsudo\fR -achieves this by creating user-writable -temporary copies of the files to be edited and then overwriting the -originals with the temporary copies after editing is complete. -If the plugin supports -\fIsudoedit\fR, -it should choose the editor to be used, potentially from a variable -in the user's environment, such as -\fREDITOR\fR, -and include it in -\fIargv_out\fR -(note that environment -variables may include command line options). -The files to be edited should be copied from -\fIargv\fR -into -\fIargv_out\fR, -separated from the -editor and its arguments by a -\(lq\fR--\fR\(rq -element. -The -\(lq\fR--\fR\(rq -will -be removed by -\fBsudo\fR -before the editor is executed. -The plugin should also set -\fIsudoedit=true\fR -in the -\fIcommand_info\fR -list. -.sp -The -\fBcheck_policy\fR() -function returns 1 if the command is allowed, -0 if not allowed, \-1 for a general error, or \-2 for a usage error -or if -\fIsudoedit\fR -was specified but is unsupported by the plugin. -In the latter case, -\fBsudo\fR -will print a usage message before it -exits. -If an error occurs, the plugin may optionally call the -\fBconversation\fR() -or -\fBplugin_printf\fR() -function with -\fRSUDO_CONF_ERROR_MSG\fR -to present additional error information to the user. -.sp -The function arguments are as follows: -.TP 6n -argc -The number of elements in -\fIargv\fR, -not counting the final -\fRNULL\fR -pointer. -.TP 6n -argv -The argument vector describing the command the user wishes to run, -in the same form as what would be passed to the -execve(2) -system call. -The vector is terminated by a -\fRNULL\fR -pointer. -.TP 6n -env_add -Additional environment variables specified by the user on the command -line in the form of a -\fRNULL\fR-terminated -vector of -\(lqname=value\(rq -strings. -The plugin may reject the command if one or more variables -are not allowed to be set, or it may silently ignore such variables. -.sp -When parsing -\fIenv_add\fR, -the plugin should split on the -\fBfirst\fR -equal sign -(\(oq=\(cq) -since the -\fIname\fR -field will never include one -itself but the -\fIvalue\fR -might. -.TP 6n -command_info -Information about the command being run in the form of -\(lqname=value\(rq -strings. -These values are used by -\fBsudo\fR -to set the execution -environment when running a command. -The plugin is responsible for creating and populating the vector, -which must be terminated with a -\fRNULL\fR -pointer. -The following values are recognized by -\fBsudo\fR: -.PP -.RS 6n -.PD 0 -.TP 6n -chroot=string -The root directory to use when running the command. -.PD -.TP 6n -closefrom=number -If specified, -\fBsudo\fR -will close all files descriptors with a value -of -\fInumber\fR -or higher. -.TP 6n -command=string -Fully qualified path to the command to be executed. -.TP 6n -cwd=string -The current working directory to change to when executing the command. -If -\fBsudo\fR -is unable to change to the new working directory, the command will -not be run unless -\fIcwd_optional\fR -is also set (see below). -.TP 6n -cwd_optional=bool -If enabled, -\fBsudo\fR -will treat an inability to change to the new working directory as a -non-fatal error. -This setting has no effect unless -\fIcwd\fR -is also set. -.TP 6n -exec_background=bool -By default, -\fBsudo\fR -runs a command as the foreground process as long as -\fBsudo\fR -itself is running in the foreground. -When -\fIexec_background\fR -is enabled and the command is being run in a pseudo-terminal -(due to I/O logging or the -\fIuse_pty\fR -setting), the command will be run as a background process. -Attempts to read from the controlling terminal (or to change terminal -settings) will result in the command being suspended with the -\fRSIGTTIN\fR -signal (or -\fRSIGTTOU\fR -in the case of terminal settings). -If this happens when -\fBsudo\fR -is a foreground process, the command will be granted the controlling terminal -and resumed in the foreground with no user intervention required. -The advantage of initially running the command in the background is that -\fBsudo\fR -need not read from the terminal unless the command explicitly requests it. -Otherwise, any terminal input must be passed to the command, whether it -has required it or not (the kernel buffers terminals so it is not possible -to tell whether the command really wants the input). -This is different from historic -\fIsudo\fR -behavior or when the command is not being run in a pseudo-terminal. -.sp -For this to work seamlessly, the operating system must support the -automatic restarting of system calls. -Unfortunately, not all operating systems do this by default, -and even those that do may have bugs. -For example, macOS fails to restart the -\fBtcgetattr\fR() -and -\fBtcsetattr\fR() -system calls (this is a bug in macOS). -Furthermore, because this behavior depends on the command stopping with the -\fRSIGTTIN\fR -or -\fRSIGTTOU\fR -signals, programs that catch these signals and suspend themselves -with a different signal (usually -\fRSIGTOP\fR) -will not be automatically foregrounded. -Some versions of the linux -su(1) -command behave this way. -Because of this, a plugin should not set -\fIexec_background\fR -unless it is explicitly enabled by the administrator and there should -be a way to enabled or disable it on a per-command basis. -.sp -This setting has no effect unless I/O logging is enabled or -\fIuse_pty\fR -is enabled. -.TP 6n -execfd=number -If specified, -\fBsudo\fR -will use the -fexecve(2) -system call to execute the command instead of -execve(2). -The specified -\fInumber\fR -must refer to an open file descriptor. -.TP 6n -iolog_compress=bool -Set to true if the I/O logging plugins, if any, should compress the -log data. -This is a hint to the I/O logging plugin which may choose to ignore it. -.TP 6n -iolog_group=string -The group that will own newly created I/O log files and directories. -This is a hint to the I/O logging plugin which may choose to ignore it. -.TP 6n -iolog_mode=octal -The file permission mode to use when creating I/O log files and directories. -This is a hint to the I/O logging plugin which may choose to ignore it. -.TP 6n -iolog_user=string -The user that will own newly created I/O log files and directories. -This is a hint to the I/O logging plugin which may choose to ignore it. -.TP 6n -iolog_path=string -Fully qualified path to the file or directory in which I/O log is -to be stored. -This is a hint to the I/O logging plugin which may choose to ignore it. -If no I/O logging plugin is loaded, this setting has no effect. -.TP 6n -iolog_stdin=bool -Set to true if the I/O logging plugins, if any, should log the -standard input if it is not connected to a terminal device. -This is a hint to the I/O logging plugin which may choose to ignore it. -.TP 6n -iolog_stdout=bool -Set to true if the I/O logging plugins, if any, should log the -standard output if it is not connected to a terminal device. -This is a hint to the I/O logging plugin which may choose to ignore it. -.TP 6n -iolog_stderr=bool -Set to true if the I/O logging plugins, if any, should log the -standard error if it is not connected to a terminal device. -This is a hint to the I/O logging plugin which may choose to ignore it. -.TP 6n -iolog_ttyin=bool -Set to true if the I/O logging plugins, if any, should log all -terminal input. -This only includes input typed by the user and not from a pipe or -redirected from a file. -This is a hint to the I/O logging plugin which may choose to ignore it. -.TP 6n -iolog_ttyout=bool -Set to true if the I/O logging plugins, if any, should log all -terminal output. -This only includes output to the screen, not output to a pipe or file. -This is a hint to the I/O logging plugin which may choose to ignore it. -.TP 6n -login_class=string -BSD -login class to use when setting resource limits and nice value (optional). -This option is only set on systems that support login classes. -.TP 6n -nice=int -Nice value (priority) to use when executing the command. -The nice value, if specified, overrides the priority associated with the -\fIlogin_class\fR -on -BSD -systems. -.TP 6n -noexec=bool -If set, prevent the command from executing other programs. -.TP 6n -preserve_fds=list -A comma-separated list of file descriptors that should be -preserved, regardless of the value of the -\fIclosefrom\fR -setting. -Only available starting with API version 1.5. -.TP 6n -preserve_groups=bool -If set, -\fBsudo\fR -will preserve the user's group vector instead of -initializing the group vector based on -\fRrunas_user\fR. -.TP 6n -runas_egid=gid -Effective group-ID to run the command as. -If not specified, the value of -\fIrunas_gid\fR -is used. -.TP 6n -runas_euid=uid -Effective user-ID to run the command as. -If not specified, the value of -\fIrunas_uid\fR -is used. -.TP 6n -runas_gid=gid -Group-ID to run the command as. -.TP 6n -runas_group=string -The name of the group the command will run as, if it is different -from the -\fIrunas_user\fR's -default group. -This value is provided for auditing purposes only, the -\fBsudo\fR -front-end uses -\fIrunas_egid\fR -and -\fIrunas_gid\fR -when executing the command. -.TP 6n -runas_groups=list -The supplementary group vector to use for the command in the form -of a comma-separated list of group-IDs. -If -\fIpreserve_groups\fR -is set, this option is ignored. -.TP 6n -runas_uid=uid -User-ID to run the command as. -.TP 6n -runas_user=string -The name of the user the command will run as, which should correspond to -\fIrunas_euid\fR -(or -\fIrunas_uid\fR -if -\fIrunas_euid\fR -is not set). -This value is provided for auditing purposes only, the -\fBsudo\fR -front-end uses -\fIrunas_euid\fR -and -\fIrunas_uid\fR -when executing the command. -.TP 6n -selinux_role=string -SELinux role to use when executing the command. -.TP 6n -selinux_type=string -SELinux type to use when executing the command. -.TP 6n -set_utmp=bool -Create a utmp (or utmpx) entry when a pseudo-terminal is allocated. -By default, the new entry will be a copy of the user's existing utmp -entry (if any), with the tty, time, type and pid fields updated. -.TP 6n -sudoedit=bool -Set to true when in -\fIsudoedit\fR -mode. -The plugin may enable -\fIsudoedit\fR -mode even if -\fBsudo\fR -was not invoked as -\fBsudoedit\fR. -This allows the plugin to perform command substitution and transparently -enable -\fIsudoedit\fR -when the user attempts to run an editor. -.TP 6n -sudoedit_checkdir=bool -Set to false to disable directory writability checks in -\fBsudoedit\fR. -By default, -\fBsudoedit\fR -1.8.16 and higher will check all directory components of the path to be -edited for writability by the invoking user. -Symbolic links will not be followed in writable directories and -\fBsudoedit\fR -will refuse to edit a file located in a writable directory. -These restrictions are not enforced when -\fBsudoedit\fR -is run by root. -The -\fIsudoedit_follow\fR -option can be set to false to disable this check. -Only available starting with API version 1.8. -.TP 6n -sudoedit_follow=bool -Set to true to allow -\fBsudoedit\fR -to edit files that are symbolic links. -By default, -\fBsudoedit\fR -1.8.15 and higher will refuse to open a symbolic link. -The -\fIsudoedit_follow\fR -option can be used to restore the older behavior and allow -\fBsudoedit\fR -to open symbolic links. -Only available starting with API version 1.8. -.TP 6n -timeout=int -Command timeout. -If non-zero then when the timeout expires the command will be killed. -.TP 6n -umask=octal -The file creation mask to use when executing the command. -This value may be overridden by PAM or login.conf on some systems -unless the -\fIumask_override\fR -option is also set. -.TP 6n -umask_override=bool -Force the value specified by the -\fIumask\fR -option to override any umask set by PAM or login.conf. -.TP 6n -use_pty=bool -Allocate a pseudo-terminal to run the command in, regardless of whether -or not I/O logging is in use. -By default, -\fBsudo\fR -will only run -the command in a pseudo-terminal when an I/O log plugin is loaded. -.TP 6n -utmp_user=string -User name to use when constructing a new utmp (or utmpx) entry when -\fIset_utmp\fR -is enabled. -This option can be used to set the user field in the utmp entry to -the user the command runs as rather than the invoking user. -If not set, -\fBsudo\fR -will base the new entry on -the invoking user's existing entry. -.PP -Unsupported values will be ignored. -.RE -.TP 6n -argv_out -The -\fRNULL\fR-terminated -argument vector to pass to the -execve(2) -system call when executing the command. -The plugin is responsible for allocating and populating the vector. -.TP 6n -user_env_out -The -\fRNULL\fR-terminated -environment vector to use when executing the command. -The plugin is responsible for allocating and populating the vector. -.TP 6n -errstr -If the -\fBcheck_policy\fR() -function returns a value other than 1, the plugin may -store a message describing the failure or error in -\fIerrstr\fR. -The -\fBsudo\fR -front end will then pass this value to any registered audit plugins. -The string stored in -\fIerrstr\fR -must remain valid until the plugin's -\fBclose\fR() -function is called. -.sp -NOTE: the -\fIerrstr\fR -parameter is only available starting with -API version 1.15. -A plugin -\fBmust\fR -check the API version specified by the -\fBsudo\fR -front end before using -\fIerrstr\fR. -Failure to do so may result in a crash. -.PD 0 -.PP -.RE -.PD -.TP 6n -list -.nf -.RS 6n -int (*list)(int argc, char * const argv[], int verbose, - const char *list_user, const char **errstr); -.RE -.fi -.RS 6n -.sp -List available privileges for the invoking user. -Returns 1 on success, 0 on failure and \-1 on error. -On error, the plugin may optionally call the -\fBconversation\fR() -or -\fBplugin_printf\fR() -function with -\fRSUDO_CONF_ERROR_MSG\fR -to present additional error information to -the user. -.sp -Privileges should be output via the -\fBconversation\fR() -or -\fBplugin_printf\fR() -function using -\fRSUDO_CONV_INFO_MSG\fR. -.sp -The function arguments are as follows: -.TP 6n -argc -The number of elements in -\fIargv\fR, -not counting the final -\fRNULL\fR -pointer. -.TP 6n -argv -If -non-\fRNULL\fR, -an argument vector describing a command the user -wishes to check against the policy in the same form as what would -be passed to the -execve(2) -system call. -If the command is permitted by the policy, the fully-qualified path -to the command should be displayed along with any command line arguments. -.TP 6n -verbose -Flag indicating whether to list in verbose mode or not. -.TP 6n -list_user -The name of a different user to list privileges for if the policy -allows it. -If -\fRNULL\fR, -the plugin should list the privileges of the invoking user. -.TP 6n -errstr -If the -\fBlist\fR() -function returns a value other than 1, the plugin may -store a message describing the failure or error in -\fIerrstr\fR. -The -\fBsudo\fR -front end will then pass this value to any registered audit plugins. -The string stored in -\fIerrstr\fR -must remain valid until the plugin's -\fBclose\fR() -function is called. -.sp -NOTE: the -\fIerrstr\fR -parameter is only available starting with -API version 1.15. -A plugin -\fBmust\fR -check the API version specified by the -\fBsudo\fR -front end before using -\fIerrstr\fR. -Failure to do so may result in a crash. -.PD 0 -.PP -.RE -.PD -.TP 6n -validate -.nf -.RS 6n -int (*validate)(const char **errstr); -.RE -.fi -.RS 6n -.sp -The -\fBvalidate\fR() -function is called when -\fBsudo\fR -is run with the -\fB\-v\fR -option. -For policy plugins such as -\fBsudoers\fR -that cache -authentication credentials, this function will validate and cache -the credentials. -.sp -The -\fBvalidate\fR() -function should be -\fRNULL\fR -if the plugin does not support credential caching. -.sp -Returns 1 on success, 0 on failure and \-1 on error. -On error, the plugin may optionally call the -\fBconversation\fR() -or -\fBplugin_printf\fR() -function with -\fRSUDO_CONF_ERROR_MSG\fR -to present additional -error information to the user. -.sp -The function arguments are as follows: -.TP 6n -errstr -If the -\fBvalidate\fR() -function returns a value other than 1, the plugin may -store a message describing the failure or error in -\fIerrstr\fR. -The -\fBsudo\fR -front end will then pass this value to any registered audit plugins. -The string stored in -\fIerrstr\fR -must remain valid until the plugin's -\fBclose\fR() -function is called. -.sp -NOTE: the -\fIerrstr\fR -parameter is only available starting with -API version 1.15. -A plugin -\fBmust\fR -check the API version specified by the -\fBsudo\fR -front end before using -\fIerrstr\fR. -Failure to do so may result in a crash. -.PD 0 -.PP -.RE -.PD -.TP 6n -invalidate -.nf -.RS 6n -void (*invalidate)(int remove); -.RE -.fi -.RS 6n -.sp -The -\fBinvalidate\fR() -function is called when -\fBsudo\fR -is run with the -\fB\-k\fR -or -\fB\-K\fR -option. -For policy plugins such as -\fBsudoers\fR -that -cache authentication credentials, this function will invalidate the -credentials. -If the -\fIremove\fR -flag is set, the plugin may remove -the credentials instead of simply invalidating them. -.sp -The -\fBinvalidate\fR() -function should be -\fRNULL\fR -if the plugin does not support credential caching. -.RE -.TP 6n -init_session -.nf -.RS 6n -int (*init_session)(struct passwd *pwd, char **user_env_out[]); -.RE -.fi -.RS 6n -.sp -The -\fBinit_session\fR() -function is called before -\fBsudo\fR -sets up the -execution environment for the command. -It is run in the parent -\fBsudo\fR -process and before any uid or gid changes. -This can be used to perform session setup that is not supported by -\fIcommand_info\fR, -such as opening the PAM session. -The -\fBclose\fR() -function can be -used to tear down the session that was opened by -\fRinit_session\fR. -.sp -The -\fIpwd\fR -argument points to a passwd struct for the user the -command will be run as if the uid the command will run as was found -in the password database, otherwise it will be -\fRNULL\fR. -.sp -The -\fIuser_env_out\fR -argument points to the environment the command will -run in, in the form of a -\fRNULL\fR-terminated -vector of -\(lqname=value\(rq -strings. -This is the same string passed back to the front end via -the Policy Plugin's -\fIuser_env_out\fR -parameter. -If the -\fBinit_session\fR() -function needs to modify the user environment, it should update the -pointer stored in -\fIuser_env_out\fR. -The expected use case is to merge the contents of the PAM environment -(if any) with the contents of -\fIuser_env_out\fR. -NOTE: the -\fIuser_env_out\fR -parameter is only available -starting with API version 1.2. -A plugin -\fBmust\fR -check the API -version specified by the -\fBsudo\fR -front end before using -\fIuser_env_out\fR. -Failure to do so may result in a crash. -.sp -Returns 1 on success, 0 on failure and \-1 on error. -On error, the plugin may optionally call the -\fBconversation\fR() -or -\fBplugin_printf\fR() -function with -\fRSUDO_CONF_ERROR_MSG\fR -to present additional -error information to the user. -.RE -.TP 6n -register_hooks -.nf -.RS 6n -void (*register_hooks)(int version, - int (*register_hook)(struct sudo_hook *hook)); -.RE -.fi -.RS 6n -.sp -The -\fBregister_hooks\fR() -function is called by the sudo front end to -register any hooks the plugin needs. -If the plugin does not support hooks, -\fRregister_hooks\fR -should be set to the -\fRNULL\fR -pointer. -.sp -The -\fIversion\fR -argument describes the version of the hooks API -supported by the -\fBsudo\fR -front end. -.sp -The -\fBregister_hook\fR() -function should be used to register any supported -hooks the plugin needs. -It returns 0 on success, 1 if the hook type is not supported and \-1 -if the major version in -\fRstruct hook\fR -does not match the front end's major hook API version. -.sp -See the -\fIHook function API\fR -section below for more information -about hooks. -.sp -NOTE: the -\fBregister_hooks\fR() -function is only available starting -with API version 1.2. -If the -\fBsudo\fR -front end doesn't support API -version 1.2 or higher, -\fRregister_hooks\fR -will not be called. -.RE -.TP 6n -deregister_hooks -.nf -.RS 6n -void (*deregister_hooks)(int version, - int (*deregister_hook)(struct sudo_hook *hook)); -.RE -.fi -.RS 6n -.sp -The -\fBderegister_hooks\fR() -function is called by the sudo front end -to deregister any hooks the plugin has registered. -If the plugin does not support hooks, -\fRderegister_hooks\fR -should be set to the -\fRNULL\fR -pointer. -.sp -The -\fIversion\fR -argument describes the version of the hooks API -supported by the -\fBsudo\fR -front end. -.sp -The -\fBderegister_hook\fR() -function should be used to deregister any -hooks that were put in place by the -\fBregister_hook\fR() -function. -If the plugin tries to deregister a hook that the front end does not support, -\fRderegister_hook\fR -will return an error. -.sp -See the -\fIHook function API\fR -section below for more information -about hooks. -.sp -NOTE: the -\fBderegister_hooks\fR() -function is only available starting -with API version 1.2. -If the -\fBsudo\fR -front end doesn't support API -version 1.2 or higher, -\fRderegister_hooks\fR -will not be called. -.RE -.TP 6n -event_alloc -.nf -.RS 6n -struct sudo_plugin_event * (*event_alloc)(void); -.RE -.fi -.RS 6n -.sp -The -\fBevent_alloc\fR() -function is used to allocate a -\fRstruct sudo_plugin_event\fR -which provides access to the main -\fBsudo\fR -event loop. -Unlike the other fields, the -\fBevent_alloc\fR() -pointer is filled in by the -\fBsudo\fR -front end, not by the plugin. -.sp -See the -\fIEvent API\fR -section below for more information -about events. -.sp -NOTE: the -\fBevent_alloc\fR() -function is only available starting -with API version 1.15. -If the -\fBsudo\fR -front end doesn't support API -version 1.15 or higher, -\fBevent_alloc\fR() -will not be set. -.RE -.TP 6n -errstr -If the -\fBinit_session\fR() -function returns a value other than 1, the plugin may -store a message describing the failure or error in -\fIerrstr\fR. -The -\fBsudo\fR -front end will then pass this value to any registered audit plugins. -The string stored in -\fIerrstr\fR -must remain valid until the plugin's -\fBclose\fR() -function is called. -.sp -NOTE: the -\fIerrstr\fR -parameter is only available starting with -API version 1.15. -A plugin -\fBmust\fR -check the API version specified by the -\fBsudo\fR -front end before using -\fIerrstr\fR. -Failure to do so may result in a crash. -.PP -\fIPolicy Plugin Version Macros\fR -.nf -.sp -.RS 0n -/* Plugin API version major/minor. */ -#define SUDO_API_VERSION_MAJOR 1 -#define SUDO_API_VERSION_MINOR 13 -#define SUDO_API_MKVERSION(x, y) ((x << 16) | y) -#define SUDO_API_VERSION SUDO_API_MKVERSION(SUDO_API_VERSION_MAJOR,\e - SUDO_API_VERSION_MINOR) - -/* Getters and setters for API version */ -#define SUDO_API_VERSION_GET_MAJOR(v) ((v) >> 16) -#define SUDO_API_VERSION_GET_MINOR(v) ((v) & 0xffff) -#define SUDO_API_VERSION_SET_MAJOR(vp, n) do { \e - *(vp) = (*(vp) & 0x0000ffff) | ((n) << 16); \e -} while(0) -#define SUDO_API_VERSION_SET_MINOR(vp, n) do { \e - *(vp) = (*(vp) & 0xffff0000) | (n); \e -} while(0) -.RE -.fi -.SS "I/O plugin API" -.nf -.RS 0n -struct io_plugin { -#define SUDO_IO_PLUGIN 2 - unsigned int type; /* always SUDO_IO_PLUGIN */ - unsigned int version; /* always SUDO_API_VERSION */ - int (*open)(unsigned int version, sudo_conv_t conversation, - sudo_printf_t plugin_printf, char * const settings[], - char * const user_info[], char * const command_info[], - int argc, char * const argv[], char * const user_env[], - char * const plugin_options[], const char **errstr); - void (*close)(int exit_status, int error); /* wait status or error */ - int (*show_version)(int verbose); - int (*log_ttyin)(const char *buf, unsigned int len, - const char **errstr); - int (*log_ttyout)(const char *buf, unsigned int len, - const char **errstr); - int (*log_stdin)(const char *buf, unsigned int len, - const char **errstr); - int (*log_stdout)(const char *buf, unsigned int len, - const char **errstr); - int (*log_stderr)(const char *buf, unsigned int len, - const char **errstr); - void (*register_hooks)(int version, - int (*register_hook)(struct sudo_hook *hook)); - void (*deregister_hooks)(int version, - int (*deregister_hook)(struct sudo_hook *hook)); - int (*change_winsize)(unsigned int lines, unsigned int cols, - const char **errstr); - int (*log_suspend)(int signo, const char **errstr); - struct sudo_plugin_event * (*event_alloc)(void); -}; -.RE -.fi -.PP -When an I/O plugin is loaded, -\fBsudo\fR -runs the command in a pseudo-terminal. -This makes it possible to log the input and output from the user's -session. -If any of the standard input, standard output or standard error do not -correspond to a tty, -\fBsudo\fR -will open a pipe to capture -the I/O for logging before passing it on. -.PP -The log_ttyin function receives the raw user input from the terminal -device (note that this will include input even when echo is disabled, -such as when a password is read). -The log_ttyout function receives output from the pseudo-terminal that is -suitable for replaying the user's session at a later time. -The -\fBlog_stdin\fR(), -\fBlog_stdout\fR() -and -\fBlog_stderr\fR() -functions are only called if the standard input, standard output -or standard error respectively correspond to something other than -a tty. -.PP -Any of the logging functions may be set to the -\fRNULL\fR -pointer if no logging is to be performed. -If the open function returns 0, no I/O will be sent to the plugin. -.PP -If a logging function returns an error -(\-1), -the running command will be terminated and all of the plugin's logging -functions will be disabled. -Other I/O logging plugins will still receive any remaining -input or output that has not yet been processed. -.PP -If an input logging function rejects the data by returning 0, the -command will be terminated and the data will not be passed to the -command, though it will still be sent to any other I/O logging plugins. -If an output logging function rejects the data by returning 0, the -command will be terminated and the data will not be written to the -terminal, though it will still be sent to any other I/O logging plugins. -.PP -The audit_plugin struct has the following fields: -.TP 6n -type -The -\fRtype\fR -field should always be set to -\fRSUDO_IO_PLUGIN\fR. -.TP 6n -version -The -\fRversion\fR -field should be set to -\fRSUDO_API_VERSION\fR. -.sp -This allows -\fBsudo\fR -to determine the API version the plugin was -built against. -.TP 6n -open -.nf -.RS 6n -int (*open)(unsigned int version, sudo_conv_t conversation, - sudo_printf_t plugin_printf, char * const settings[], - char * const user_info[], char * const command_info[], - int argc, char * const argv[], char * const user_env[], - char * const plugin_options[]); -.RE -.fi -.RS 6n -.sp -The -\fBopen\fR() -function is run before the -\fBlog_ttyin\fR(), -\fBlog_ttyout\fR(), -\fBlog_stdin\fR(), -\fBlog_stdout\fR(), -\fBlog_stderr\fR(), -\fBlog_suspend\fR(), -\fBchange_winsize\fR(), -or -\fBshow_version\fR() -functions are called. -It is only called if the version is being requested or if the -policy plugin's -\fBcheck_policy\fR() -function has returned successfully. -It returns 1 on success, 0 on failure, \-1 if a general error occurred, -or \-2 if there was a usage error. -In the latter case, -\fBsudo\fR -will print a usage message before it exits. -If an error occurs, the plugin may optionally call the -\fBconversation\fR() -or -\fBplugin_printf\fR() -function with -\fRSUDO_CONF_ERROR_MSG\fR -to present additional error information to the user. -.sp -The function arguments are as follows: -.TP 6n -version -The version passed in by -\fBsudo\fR -allows the plugin to determine the -major and minor version number of the plugin API supported by -\fBsudo\fR. -.TP 6n -conversation -A pointer to the -\fBconversation\fR() -function that may be used by the -\fBshow_version\fR() -function to display version information (see -\fBshow_version\fR() -below). -The -\fBconversation\fR() -function may also be used to display additional error message to the user. -The -\fBconversation\fR() -function returns 0 on success and \-1 on failure. -.TP 6n -plugin_printf -A pointer to a -\fBprintf\fR()-style -function that may be used by the -\fBshow_version\fR() -function to display version information (see -show_version below). -The -\fBplugin_printf\fR() -function may also be used to display additional error message to the user. -The -\fBplugin_printf\fR() -function returns number of characters printed on success and \-1 on failure. -.TP 6n -settings -A vector of user-supplied -\fBsudo\fR -settings in the form of -\(lqname=value\(rq -strings. -The vector is terminated by a -\fRNULL\fR -pointer. -These settings correspond to options the user specified when running -\fBsudo\fR. -As such, they will only be present when the corresponding option has -been specified on the command line. -.sp -When parsing -\fIsettings\fR, -the plugin should split on the -\fBfirst\fR -equal sign -(\(oq=\(cq) -since the -\fIname\fR -field will never include one -itself but the -\fIvalue\fR -might. -.sp -See the -\fIPolicy plugin API\fR -section for a list of all possible settings. -.TP 6n -user_info -A vector of information about the user running the command in the form of -\(lqname=value\(rq -strings. -The vector is terminated by a -\fRNULL\fR -pointer. -.sp -When parsing -\fIuser_info\fR, -the plugin should split on the -\fBfirst\fR -equal sign -(\(oq=\(cq) -since the -\fIname\fR -field will never include one -itself but the -\fIvalue\fR -might. -.sp -See the -\fIPolicy plugin API\fR -section for a list of all possible strings. -.TP 6n -command_info -A vector of information describing the command being run in the form of -\(lqname=value\(rq -strings. -The vector is terminated by a -\fRNULL\fR -pointer. -.sp -When parsing -\fIcommand_info\fR, -the plugin should split on the -\fBfirst\fR -equal sign -(\(oq=\(cq) -since the -\fIname\fR -field will never include one -itself but the -\fIvalue\fR -might. -.sp -See the -\fIPolicy plugin API\fR -section for a list of all possible strings. -.TP 6n -argc -The number of elements in -\fIargv\fR, -not counting the final -\fRNULL\fR -pointer. -It can be zero, when -\fBsudo\fR -is called with -\fB\-V\fR. -.TP 6n -argv -If -non-\fRNULL\fR, -an argument vector describing a command the user -wishes to run in the same form as what would be passed to the -execve(2) -system call. -.TP 6n -user_env -The user's environment in the form of a -\fRNULL\fR-terminated -vector of -\(lqname=value\(rq -strings. -.sp -When parsing -\fIuser_env\fR, -the plugin should split on the -\fBfirst\fR -equal sign -(\(oq=\(cq) -since the -\fIname\fR -field will never include one -itself but the -\fIvalue\fR -might. -.TP 6n -plugin_options -Any (non-comment) strings immediately after the plugin path are -treated as arguments to the plugin. -These arguments are split on a white space boundary and are passed to -the plugin in the form of a -\fRNULL\fR-terminated -array of strings. -If no arguments were specified, -\fIplugin_options\fR -will be the -\fRNULL\fR -pointer. -.sp -NOTE: the -\fIplugin_options\fR -parameter is only available starting with -API version 1.2. -A plugin -\fBmust\fR -check the API version specified -by the -\fBsudo\fR -front end before using -\fIplugin_options\fR. -Failure to do so may result in a crash. -.TP 6n -errstr -If the -\fBopen\fR() -function returns a value other than 1, the plugin may -store a message describing the failure or error in -\fIerrstr\fR. -The -\fBsudo\fR -front end will then pass this value to any registered audit plugins. -The string stored in -\fIerrstr\fR -must remain valid until the plugin's -\fBclose\fR() -function is called. -.sp -NOTE: the -\fIerrstr\fR -parameter is only available starting with -API version 1.15. -A plugin -\fBmust\fR -check the API version specified by the -\fBsudo\fR -front end before using -\fIerrstr\fR. -Failure to do so may result in a crash. -.PD 0 -.PP -.RE -.PD -.TP 6n -close -.br -.nf -.RS 6n -void (*close)(int exit_status, int error); -.RE -.fi -.RS 6n -.sp -The -\fBclose\fR() -function is called when -\fBsudo\fR -is finished, shortly before it exits. -.sp -The function arguments are as follows: -.TP 6n -exit_status -The command's exit status, as returned by the -wait(2) -system call, or zero if no command was run. -The value of -\fRexit_status\fR -is undefined if -\fRerror\fR -is non-zero. -.TP 6n -error -.br -If the command could not be executed, this is set to the value of -\fRerrno\fR -set by the -execve(2) -system call. -If the command was successfully executed, the value of -\fRerror\fR -is zero. -.PD 0 -.PP -.RE -.PD -.TP 6n -show_version -.nf -.RS 6n -int (*show_version)(int verbose); -.RE -.fi -.RS 6n -.sp -The -\fBshow_version\fR() -function is called by -\fBsudo\fR -when the user specifies -the -\fB\-V\fR -option. -The plugin may display its version information to the user via the -\fBconversation\fR() -or -\fBplugin_printf\fR() -function using -\fRSUDO_CONV_INFO_MSG\fR. -.sp -Returns 1 on success, 0 on failure, \-1 if a general error occurred, -or \-2 if there was a usage error, although the return value is currently -ignored. -.RE -.TP 6n -log_ttyin -.nf -.RS 6n -int (*log_ttyin)(const char *buf, unsigned int len, - const char **errstr); -.RE -.fi -.RS 6n -.sp -The -\fBlog_ttyin\fR() -function is called whenever data can be read from -the user but before it is passed to the running command. -This allows the plugin to reject data if it chooses to (for instance -if the input contains banned content). -Returns 1 if the data should be passed to the command, 0 if the data -is rejected (which will terminate the running command) or \-1 if an -error occurred. -.sp -The function arguments are as follows: -.TP 6n -buf -The buffer containing user input. -.TP 6n -len -The length of -\fIbuf\fR -in bytes. -.TP 6n -errstr -If the -\fBlog_ttyin\fR() -function returns a value other than 1, the plugin may -store a message describing the failure or error in -\fIerrstr\fR. -The -\fBsudo\fR -front end will then pass this value to any registered audit plugins. -The string stored in -\fIerrstr\fR -must remain valid until the plugin's -\fBclose\fR() -function is called. -.sp -NOTE: the -\fIerrstr\fR -parameter is only available starting with -API version 1.15. -A plugin -\fBmust\fR -check the API version specified by the -\fBsudo\fR -front end before using -\fIerrstr\fR. -Failure to do so may result in a crash. -.PD 0 -.PP -.RE -.PD -.TP 6n -log_ttyout -.nf -.RS 6n -int (*log_ttyout)(const char *buf, unsigned int len, - const char **errstr); -.RE -.fi -.RS 6n -.sp -The -\fBlog_ttyout\fR() -function is called whenever data can be read from -the command but before it is written to the user's terminal. -This allows the plugin to reject data if it chooses to (for instance -if the output contains banned content). -Returns 1 if the data should be passed to the user, 0 if the data is rejected -(which will terminate the running command) or \-1 if an error occurred. -.sp -The function arguments are as follows: -.TP 6n -buf -The buffer containing command output. -.TP 6n -len -The length of -\fIbuf\fR -in bytes. -.TP 6n -errstr -If the -\fBlog_ttyout\fR() -function returns a value other than 1, the plugin may -store a message describing the failure or error in -\fIerrstr\fR. -The -\fBsudo\fR -front end will then pass this value to any registered audit plugins. -The string stored in -\fIerrstr\fR -must remain valid until the plugin's -\fBclose\fR() -function is called. -.sp -NOTE: the -\fIerrstr\fR -parameter is only available starting with -API version 1.15. -A plugin -\fBmust\fR -check the API version specified by the -\fBsudo\fR -front end before using -\fIerrstr\fR. -Failure to do so may result in a crash. -.PD 0 -.PP -.RE -.PD -.TP 6n -log_stdin -.nf -.RS 6n -int (*log_stdin)(const char *buf, unsigned int len, - const char **errstr); -.RE -.fi -.RS 6n -.sp -The -\fBlog_stdin\fR() -function is only used if the standard input does -not correspond to a tty device. -It is called whenever data can be read from the standard input but -before it is passed to the running command. -This allows the plugin to reject data if it chooses to -(for instance if the input contains banned content). -Returns 1 if the data should be passed to the command, 0 if the data is -rejected (which will terminate the running command) or \-1 if an error occurred. -.sp -The function arguments are as follows: -.TP 6n -buf -The buffer containing user input. -.TP 6n -len -The length of -\fIbuf\fR -in bytes. -.TP 6n -errstr -If the -\fBlog_stdin\fR() -function returns a value other than 1, the plugin may -store a message describing the failure or error in -\fIerrstr\fR. -The -\fBsudo\fR -front end will then pass this value to any registered audit plugins. -The string stored in -\fIerrstr\fR -must remain valid until the plugin's -\fBclose\fR() -function is called. -.sp -NOTE: the -\fIerrstr\fR -parameter is only available starting with -API version 1.15. -A plugin -\fBmust\fR -check the API version specified by the -\fBsudo\fR -front end before using -\fIerrstr\fR. -Failure to do so may result in a crash. -.PD 0 -.PP -.RE -.PD -.TP 6n -log_stdout -.nf -.RS 6n -int (*log_stdout)(const char *buf, unsigned int len, - const char **errstr); -.RE -.fi -.RS 6n -.sp -The -\fBlog_stdout\fR() -function is only used if the standard output does not correspond -to a tty device. -It is called whenever data can be read from the command but before -it is written to the standard output. -This allows the plugin to reject data if it chooses to -(for instance if the output contains banned content). -Returns 1 if the data should be passed to the user, 0 if the data is -rejected (which will terminate the running command) or \-1 if an error occurred. -.sp -The function arguments are as follows: -.TP 6n -buf -The buffer containing command output. -.TP 6n -len -The length of -\fIbuf\fR -in bytes. -.TP 6n -errstr -If the -\fBlog_stdout\fR() -function returns a value other than 1, the plugin may -store a message describing the failure or error in -\fIerrstr\fR. -The -\fBsudo\fR -front end will then pass this value to any registered audit plugins. -The string stored in -\fIerrstr\fR -must remain valid until the plugin's -\fBclose\fR() -function is called. -.sp -NOTE: the -\fIerrstr\fR -parameter is only available starting with -API version 1.15. -A plugin -\fBmust\fR -check the API version specified by the -\fBsudo\fR -front end before using -\fIerrstr\fR. -Failure to do so may result in a crash. -.PD 0 -.PP -.RE -.PD -.TP 6n -log_stderr -.nf -.RS 6n -int (*log_stderr)(const char *buf, unsigned int len, - const char **errstr); -.RE -.fi -.RS 6n -.sp -The -\fBlog_stderr\fR() -function is only used if the standard error does -not correspond to a tty device. -It is called whenever data can be read from the command but before it -is written to the standard error. -This allows the plugin to reject data if it chooses to -(for instance if the output contains banned content). -Returns 1 if the data should be passed to the user, 0 if the data is -rejected (which will terminate the running command) or \-1 if an error occurred. -.sp -The function arguments are as follows: -.TP 6n -buf -The buffer containing command output. -.TP 6n -len -The length of -\fIbuf\fR -in bytes. -.TP 6n -errstr -If the -\fBlog_stderr\fR() -function returns a value other than 1, the plugin may -store a message describing the failure or error in -\fIerrstr\fR. -The -\fBsudo\fR -front end will then pass this value to any registered audit plugins. -The string stored in -\fIerrstr\fR -must remain valid until the plugin's -\fBclose\fR() -function is called. -.sp -NOTE: the -\fIerrstr\fR -parameter is only available starting with -API version 1.15. -A plugin -\fBmust\fR -check the API version specified by the -\fBsudo\fR -front end before using -\fIerrstr\fR. -Failure to do so may result in a crash. -.PD 0 -.PP -.RE -.PD -.TP 6n -register_hooks -See the -\fIPolicy plugin API\fR -section for a description of -\fRregister_hooks\fR. -.TP 6n -deregister_hooks -See the -\fIPolicy plugin API\fR -section for a description of -\fRderegister_hooks\fR. -.TP 6n -change_winsize -.nf -.RS 6n -int (*change_winsize)(unsigned int lines, unsigned int cols, - const char **errstr); -.RE -.fi -.RS 6n -.sp -The -\fBchange_winsize\fR() -function is called whenever the window size of the terminal changes from -the initial values specified in the -\fRuser_info\fR -list. -Returns \-1 if an error occurred, in which case no further calls to -\fBchange_winsize\fR() -will be made, -.sp -The function arguments are as follows: -.TP 6n -lines -.br -The number of lines (rows) in the re-sized terminal. -.TP 6n -cols -The number of columns in the re-sized terminal. -.TP 6n -errstr -If the -\fBchange_winsize\fR() -function returns a value other than 1, the plugin may -store a message describing the failure or error in -\fIerrstr\fR. -The -\fBsudo\fR -front end will then pass this value to any registered audit plugins. -The string stored in -\fIerrstr\fR -must remain valid until the plugin's -\fBclose\fR() -function is called. -.sp -NOTE: the -\fIerrstr\fR -parameter is only available starting with -API version 1.15. -A plugin -\fBmust\fR -check the API version specified by the -\fBsudo\fR -front end before using -\fIerrstr\fR. -Failure to do so may result in a crash. -.PD 0 -.PP -.RE -.PD -.TP 6n -log_suspend -.nf -.RS 6n -int (*log_suspend)(int signo, const char **errstr); -.RE -.fi -.RS 6n -.sp -The -\fBlog_suspend\fR() -function is called whenever a command is suspended or resumed. -Logging this information makes it possible to skip the period of time when -the command was suspended during playback of a session. -Returns \-1 if an error occurred, in which case no further calls to -\fBlog_suspend\fR() -will be made, -.sp -The function arguments are as follows: -.TP 6n -signo -.br -The signal that caused the command to be suspended, or -\fRSIGCONT\fR -if the command was resumed. -.TP 6n -errstr -If the -\fBlog_suspend\fR() -function returns a value other than 1, the plugin may -store a message describing the failure or error in -\fIerrstr\fR. -The -\fBsudo\fR -front end will then pass this value to any registered audit plugins. -The string stored in -\fIerrstr\fR -must remain valid until the plugin's -\fBclose\fR() -function is called. -.sp -NOTE: the -\fIerrstr\fR -parameter is only available starting with -API version 1.15. -A plugin -\fBmust\fR -check the API version specified by the -\fBsudo\fR -front end before using -\fIerrstr\fR. -Failure to do so may result in a crash. -.TP 6n -event_alloc -.nf -.RS 6n -struct sudo_plugin_event * (*event_alloc)(void); -.RE -.fi -.RS 6n -.sp -The -\fBevent_alloc\fR() -function is used to allocate a -\fRstruct sudo_plugin_event\fR -which provides access to the main -\fBsudo\fR -event loop. -Unlike the other fields, the -\fBevent_alloc\fR() -pointer is filled in by the -\fBsudo\fR -front end, not by the plugin. -.sp -See the -\fIEvent API\fR -section below for more information -about events. -.sp -NOTE: the -\fBevent_alloc\fR() -function is only available starting -with API version 1.15. -If the -\fBsudo\fR -front end doesn't support API -version 1.15 or higher, -\fBevent_alloc\fR() -will not be set. -.RE -.PP -\fII/O Plugin Version Macros\fR -.sp -Same as for the -\fIPolicy plugin API\fR. -.RE -.SS "Audit plugin API" -.nf -.RS 0n -/* Audit plugin close function status types. */ -#define SUDO_PLUGIN_NO_STATUS 0 -#define SUDO_PLUGIN_WAIT_STATUS 1 -#define SUDO_PLUGIN_EXEC_ERROR 2 -#define SUDO_PLUGIN_SUDO_ERROR 3 - -#define SUDO_AUDIT_PLUGIN 3 -struct audit_plugin { - unsigned int type; /* always SUDO_AUDIT_PLUGIN */ - unsigned int version; /* always SUDO_API_VERSION */ - int (*open)(unsigned int version, sudo_conv_t conversation, - sudo_printf_t sudo_printf, char * const settings[], - char * const user_info[], int submit_optind, - char * const submit_argv[], char * const submit_envp[], - char * const plugin_options[], const char **errstr); - void (*close)(int status_type, int status); - int (*accept)(const char *plugin_name, - unsigned int plugin_type, char * const command_info[], - char * const run_argv[], char * const run_envp[], - const char **errstr); - int (*reject)(const char *plugin_name, unsigned int plugin_type, - const char *audit_msg, char * const command_info[], - const char **errstr); - int (*error)(const char *plugin_name, unsigned int plugin_type, - const char *audit_msg, char * const command_info[], - const char **errstr); - int (*show_version)(int verbose); - void (*register_hooks)(int version, - int (*register_hook)(struct sudo_hook *hook)); - void (*deregister_hooks)(int version, - int (*deregister_hook)(struct sudo_hook *hook)); - struct sudo_plugin_event * (*event_alloc)(void); -} -.RE -.fi -.PP -An audit plugin can be used to log successful and unsuccessful attempts -to run -\fBsudo\fR -independent of the policy or any I/O plugins. -Multiple audit plugins may be specified in -sudo.conf(@mansectform@). -.PP -The audit_plugin struct has the following fields: -.TP 6n -type -The -\fRtype\fR -field should always be set to -\fRSUDO_AUDIT_PLUGIN\fR. -.TP 6n -version -The -\fRversion\fR -field should be set to -\fRSUDO_API_VERSION\fR. -.sp -This allows -\fBsudo\fR -to determine the API version the plugin was -built against. -.TP 6n -open -.nf -.RS 6n -int (*open)(unsigned int version, sudo_conv_t conversation, - sudo_printf_t sudo_printf, char * const settings[], - char * const user_info[], int submit_optind, - char * const submit_argv[], char * const submit_envp[], - char * const plugin_options[], const char **errstr); -.RE -.fi -.RS 6n -.sp -The audit -\fBopen\fR() -function is run before any other -\fBsudo\fR -plugin API functions. -This makes it possible to audit failures in the other plugins. -It returns 1 on success, 0 on failure, \-1 if a general error occurred, -or \-2 if there was a usage error. -In the latter case, -\fBsudo\fR -will print a usage message before it exits. -If an error occurs, the plugin may optionally call the -\fBconversation\fR() -or -\fBplugin_printf\fR() -function with -\fRSUDO_CONF_ERROR_MSG\fR -to present additional error information to the user. -.sp -The function arguments are as follows: -.TP 6n -version -The version passed in by -\fBsudo\fR -allows the plugin to determine the -major and minor version number of the plugin API supported by -\fBsudo\fR. -.TP 6n -conversation -A pointer to the -\fBconversation\fR() -function that may be used by the -\fBshow_version\fR() -function to display version information (see -\fBshow_version\fR() -below). -The -\fBconversation\fR() -function may also be used to display additional error message to the user. -The -\fBconversation\fR() -function returns 0 on success and \-1 on failure. -.TP 6n -plugin_printf -A pointer to a -\fBprintf\fR()-style -function that may be used by the -\fBshow_version\fR() -function to display version information (see -show_version below). -The -\fBplugin_printf\fR() -function may also be used to display additional error message to the user. -The -\fBplugin_printf\fR() -function returns number of characters printed on success and \-1 on failure. -.TP 6n -settings -A vector of user-supplied -\fBsudo\fR -settings in the form of -\(lqname=value\(rq -strings. -The vector is terminated by a -\fRNULL\fR -pointer. -These settings correspond to options the user specified when running -\fBsudo\fR. -As such, they will only be present when the corresponding option has -been specified on the command line. -.sp -When parsing -\fIsettings\fR, -the plugin should split on the -\fBfirst\fR -equal sign -(\(oq=\(cq) -since the -\fIname\fR -field will never include one -itself but the -\fIvalue\fR -might. -.sp -See the -\fIPolicy plugin API\fR -section for a list of all possible settings. -.TP 6n -user_info -A vector of information about the user running the command in the form of -\(lqname=value\(rq -strings. -The vector is terminated by a -\fRNULL\fR -pointer. -.sp -When parsing -\fIuser_info\fR, -the plugin should split on the -\fBfirst\fR -equal sign -(\(oq=\(cq) -since the -\fIname\fR -field will never include one -itself but the -\fIvalue\fR -might. -.sp -See the -\fIPolicy plugin API\fR -section for a list of all possible strings. -.TP 6n -submit_optind -The index into -\fIsubmit_argv\fR -that corresponds to the first entry that is not a command line option. -If -\fIsubmit_argv\fR -only consists of options, which may be the case with the -\fB\-l\fR -or -\fB\-v\fR -options, -\fRsubmit_argv[submit_optind]\fR -will evaluate to the NULL pointer. -.TP 6n -submit_argv -The argument vector -\fBsudo\fR -was invoked with, including all command line options. -The -\fIsubmit_optind\fR -argument can be used to determine the end of the command line options. -.TP 6n -submit_envp -The invoking user's environment in the form of a -\fRNULL\fR-terminated -vector of -\(lqname=value\(rq -strings. -.sp -When parsing -\fIsubmit_envp\fR, -the plugin should split on the -\fBfirst\fR -equal sign -(\(oq=\(cq) -since the -\fIname\fR -field will never include one -itself but the -\fIvalue\fR -might. -.TP 6n -plugin_options -Any (non-comment) strings immediately after the plugin path are -treated as arguments to the plugin. -These arguments are split on a white space boundary and are passed to -the plugin in the form of a -\fRNULL\fR-terminated -array of strings. -If no arguments were specified, -\fIplugin_options\fR -will be the -\fRNULL\fR -pointer. -.TP 6n -errstr -If the -\fBopen\fR() -function returns a value other than 1, the plugin may -store a message describing the failure or error in -\fIerrstr\fR. -The -\fBsudo\fR -front end will then pass this value to any registered audit plugins. -The string stored in -\fIerrstr\fR -must remain valid until the plugin's -\fBclose\fR() -function is called. -.PD 0 -.PP -.RE -.PD -.TP 6n -close -.br -.nf -.RS 6n -void (*close)(int status_type, int status); -.RE -.fi -.RS 6n -.sp -The -\fBclose\fR() -function is called when -\fBsudo\fR -is finished, shortly before it exits. -.sp -The function arguments are as follows: -.TP 6n -status_type -The type of status being passed. -One of -\fRSUDO_PLUGIN_NO_STATUS\fR, -\fRSUDO_PLUGIN_WAIT_STATUS\fR, -\fRSUDO_PLUGIN_EXEC_ERROR\fR -or -\fRSUDO_PLUGIN_SUDO_ERROR\fR. -.TP 6n -status -Depending on the value of -\fIstatus_type\fR, -this value is either -ignored, the command's exit status as returned by the -wait(2) -system call, the value of -\fRerrno\fR -set by the -execve(2) -system call, or the value of -\fRerrno\fR -resulting from an error in the -\fBsudo\fR -front end. -.PD 0 -.PP -.RE -.PD -.TP 6n -accept -.nf -.RS 6n -int (*accept)(const char *plugin_name, unsigned int plugin_type, - char * const command_info[], char * const run_argv[], - char * const run_envp[], const char **errstr); -.RE -.fi -.RS 6n -.sp -The -\fBaccept\fR() -function is called when a command or action is accepted by a policy -or approval plugin. -The function arguments are as follows: -.TP 6n -plugin_name -The name of the plugin that accepted the command or -\(lqsudo\(rq -for the -\fBsudo\fR -front-end. -.TP 6n -plugin_type -The type of plugin that accepted the command, currently either -\fRSUDO_POLICY_PLUGIN\fR, -\fRSUDO_POLICY_APPROVAL\fR -or -\fRSUDO_FRONT_END\fR. -The -\fBaccept\fR() -function is called multiple times--once for each policy or approval -plugin that succeeds and once for the sudo front-end. -When called on behalf of the sudo front-end, -\fIcommand_info\fR -may include information from an I/O logging plugin as well. -.sp -Typically, an audit plugin is interested in either the accept status from -the -\fBsudo\fR -front-end or from the various policy and approval plugins, but not both. -It is possible for the policy plugin to accept a command that is -later rejected by an approval plugin, in which case the audit -plugin's -\fBaccept\fR() -and -\fBreject\fR() -functions will -\fIboth\fR -be called. -.TP 6n -command_info -An optional -vector of information describing the command being run in the form of -\(lqname=value\(rq -strings. -The vector is terminated by a -\fRNULL\fR -pointer. -.sp -When parsing -\fIcommand_info\fR, -the plugin should split on the -\fBfirst\fR -equal sign -(\(oq=\(cq) -since the -\fIname\fR -field will never include one -itself but the -\fIvalue\fR -might. -.sp -See the -\fIPolicy plugin API\fR -section for a list of all possible strings. -.TP 6n -run_argv -A -\fRNULL\fR-terminated -argument vector describing a command that will be run in the -same form as what would be passed to the -execve(2) -system call. -.TP 6n -run_envp -The environment the command will be run with in the form of a -\fRNULL\fR-terminated -vector of -\(lqname=value\(rq -strings. -.sp -When parsing -\fIrun_envp\fR, -the plugin should split on the -\fBfirst\fR -equal sign -(\(oq=\(cq) -since the -\fIname\fR -field will never include one -itself but the -\fIvalue\fR -might. -.TP 6n -errstr -If the -\fBaccept\fR() -function returns a value other than 1, the plugin may -store a message describing the failure or error in -\fIerrstr\fR. -The -\fBsudo\fR -front end will then pass this value to any registered audit plugins. -The string stored in -\fIerrstr\fR -must remain valid until the plugin's -\fBclose\fR() -function is called. -.PD 0 -.PP -.RE -.PD -.TP 6n -reject -.nf -.RS 6n -int (*reject)(const char *plugin_name, unsigned int plugin_type, - const char *audit_msg, char * const command_info[], - const char **errstr); -.RE -.fi -.RS 6n -.sp -The -\fBreject\fR() -function is called when a command or action is rejected by a plugin. -The function arguments are as follows: -.TP 6n -plugin_name -The name of the plugin that rejected the command. -.TP 6n -plugin_type -The type of plugin that rejected the command, currently either -\fRSUDO_POLICY_PLUGIN\fR, -\fRSUDO_APPROVAL_PLUGIN\fR -or -\fRSUDO_IO_PLUGIN\fR. -.sp -Unlike the -\fBaccept\fR() -function, the -\fBreject\fR() -function is not called on behalf of the -\fBsudo\fR -front-end. -.TP 6n -audit_msg -An optional string describing the reason the command was rejected -by the plugin. -If the plugin did not provide a reason, -\fIaudit_msg\fR -will be the -\fRNULL\fR -pointer. -.TP 6n -command_info -An optional -vector of information describing the command being run in the form of -\(lqname=value\(rq -strings. -The vector is terminated by a -\fRNULL\fR -pointer. -.sp -When parsing -\fIcommand_info\fR, -the plugin should split on the -\fBfirst\fR -equal sign -(\(oq=\(cq) -since the -\fIname\fR -field will never include one -itself but the -\fIvalue\fR -might. -.sp -See the -\fIPolicy plugin API\fR -section for a list of all possible strings. -.TP 6n -errstr -If the -\fBreject\fR() -function returns a value other than 1, the plugin may -store a message describing the failure or error in -\fIerrstr\fR. -The -\fBsudo\fR -front end will then pass this value to any registered audit plugins. -The string stored in -\fIerrstr\fR -must remain valid until the plugin's -\fBclose\fR() -function is called. -.PD 0 -.PP -.RE -.PD -.TP 6n -error -.br -.nf -.RS 6n -int (*error)(const char *plugin_name, unsigned int plugin_type, - const char *audit_msg, char * const command_info[], - const char **errstr); -.RE -.fi -.RS 6n -.sp -The -\fBerror\fR() -function is called when a plugin or the -\fBsudo\fR -front-end returns an error. -The function arguments are as follows: -.TP 6n -plugin_name -The name of the plugin that generated the error or -\(lqsudo\(rq -for the -\fBsudo\fR -front-end. -.TP 6n -plugin_type -The type of plugin that generated the error, or -\fRSUDO_FRONT_END\fR -for the -\fBsudo\fR -front-end. -.TP 6n -audit_msg -An optional string describing the plugin error. -If the plugin did not provide a description, -\fIaudit_msg\fR -will be the -\fRNULL\fR -pointer. -.TP 6n -command_info -An optional -vector of information describing the command being run in the form of -\(lqname=value\(rq -strings. -The vector is terminated by a -\fRNULL\fR -pointer. -.sp -When parsing -\fIcommand_info\fR, -the plugin should split on the -\fBfirst\fR -equal sign -(\(oq=\(cq) -since the -\fIname\fR -field will never include one -itself but the -\fIvalue\fR -might. -.sp -See the -\fIPolicy plugin API\fR -section for a list of all possible strings. -.TP 6n -errstr -If the -\fBerror\fR() -function returns a value other than 1, the plugin may -store a message describing the failure or error in -\fIerrstr\fR. -The -\fBsudo\fR -front end will then pass this value to any registered audit plugins. -The string stored in -\fIerrstr\fR -must remain valid until the plugin's -\fBclose\fR() -function is called. -.PD 0 -.PP -.RE -.PD -.TP 6n -show_version -.nf -.RS 6n -int (*show_version)(int verbose); -.RE -.fi -.RS 6n -.sp -The -\fBshow_version\fR() -function is called by -\fBsudo\fR -when the user specifies -the -\fB\-V\fR -option. -The plugin may display its version information to the user via the -\fBconversation\fR() -or -\fBplugin_printf\fR() -function using -\fRSUDO_CONV_INFO_MSG\fR. -If the user requests detailed version information, the verbose flag will be set. -.sp -Returns 1 on success, 0 on failure, \-1 if a general error occurred, -or \-2 if there was a usage error, although the return value is currently -ignored. -.RE -.TP 6n -register_hooks -See the -\fIPolicy plugin API\fR -section for a description of -\fRregister_hooks\fR. -.TP 6n -deregister_hooks -See the -\fIPolicy plugin API\fR -section for a description of -\fRderegister_hooks\fR. -.TP 6n -event_alloc -.nf -.RS 6n -struct sudo_plugin_event * (*event_alloc)(void); -.RE -.fi -.RS 6n -.sp -The -\fBevent_alloc\fR() -function is used to allocate a -\fRstruct sudo_plugin_event\fR -which provides access to the main -\fBsudo\fR -event loop. -Unlike the other fields, the -\fBevent_alloc\fR() -pointer is filled in by the -\fBsudo\fR -front end, not by the plugin. -.sp -See the -\fIEvent API\fR -section below for more information -about events. -.sp -NOTE: the -\fBevent_alloc\fR() -function is only available starting -with API version 1.17. -If the -\fBsudo\fR -front end doesn't support API -version 1.17 or higher, -\fBevent_alloc\fR() -will not be set. -.RE -.SS "Approval plugin API" -.nf -.RS 0n -struct approval_plugin { -#define SUDO_APPROVAL_PLUGIN 4 - unsigned int type; /* always SUDO_APPROVAL_PLUGIN */ - unsigned int version; /* always SUDO_API_VERSION */ - int (*open)(unsigned int version, sudo_conv_t conversation, - sudo_printf_t sudo_printf, char * const settings[], - char * const user_info[], int submit_optind, - char * const submit_argv[], char * const submit_envp[], - char * const plugin_options[], const char **errstr); - void (*close)(void); - int (*check)(char * const command_info[], char * const run_argv[], - char * const run_envp[], const char **errstr); - int (*show_version)(int verbose); -}; -.RE -.fi -.PP -An approval plugin can be used to apply extra constraints after a -command has been accepted by the policy plugin. -Unlike the other plugin types, it does not remain open until the command -completes. -The plugin is opened before a call to -\fBcheck\fR() -or -\fBshow_version\fR() -and closed shortly thereafter (audit plugin functions must be called -before the plugin is closed). -Multiple approval plugins may be specified in -sudo.conf(@mansectform@). -.PP -The approval_plugin struct has the following fields: -.TP 6n -type -The -\fRtype\fR -field should always be set to -\fRSUDO_APPROVAL_PLUGIN\fR. -.TP 6n -version -The -\fRversion\fR -field should be set to -\fRSUDO_API_VERSION\fR. -.sp -This allows -\fBsudo\fR -to determine the API version the plugin was -built against. -.TP 6n -open -.nf -.RS 6n -int (*open)(unsigned int version, sudo_conv_t conversation, - sudo_printf_t sudo_printf, char * const settings[], - char * const user_info[], int submit_optind, - char * const submit_argv[], char * const submit_envp[], - char * const plugin_options[], const char **errstr); -.RE -.fi -.RS 6n -.sp -The approval -\fBopen\fR() -function is run immediately before a call to the plugin's -\fBcheck\fR() -or -\fBshow_version\fR() -functions. -It is only called if the version is being requested or if the -policy plugin's -\fBcheck_policy\fR() -function has returned successfully. -It returns 1 on success, 0 on failure, \-1 if a general error occurred, -or \-2 if there was a usage error. -In the latter case, -\fBsudo\fR -will print a usage message before it exits. -If an error occurs, the plugin may optionally call the -\fBconversation\fR() -or -\fBplugin_printf\fR() -function with -\fRSUDO_CONF_ERROR_MSG\fR -to present additional error information to the user. -.sp -The function arguments are as follows: -.TP 6n -version -The version passed in by -\fBsudo\fR -allows the plugin to determine the -major and minor version number of the plugin API supported by -\fBsudo\fR. -.TP 6n -conversation -A pointer to the -\fBconversation\fR() -function that can be used by the plugin to interact with the user (see -\fIConversation API\fR -for details). -Returns 0 on success and \-1 on failure. -.TP 6n -plugin_printf -A pointer to a -\fBprintf\fR()-style -function that may be used to display informational or error messages (see -\fIConversation API\fR -for details). -Returns the number of characters printed on success and \-1 on failure. -.TP 6n -settings -A vector of user-supplied -\fBsudo\fR -settings in the form of -\(lqname=value\(rq -strings. -The vector is terminated by a -\fRNULL\fR -pointer. -These settings correspond to options the user specified when running -\fBsudo\fR. -As such, they will only be present when the corresponding option has -been specified on the command line. -.sp -When parsing -\fIsettings\fR, -the plugin should split on the -\fBfirst\fR -equal sign -(\(oq=\(cq) -since the -\fIname\fR -field will never include one -itself but the -\fIvalue\fR -might. -.sp -See the -\fIPolicy plugin API\fR -section for a list of all possible settings. -.TP 6n -user_info -A vector of information about the user running the command in the form of -\(lqname=value\(rq -strings. -The vector is terminated by a -\fRNULL\fR -pointer. -.sp -When parsing -\fIuser_info\fR, -the plugin should split on the -\fBfirst\fR -equal sign -(\(oq=\(cq) -since the -\fIname\fR -field will never include one -itself but the -\fIvalue\fR -might. -.sp -See the -\fIPolicy plugin API\fR -section for a list of all possible strings. -.TP 6n -submit_optind -The index into -\fIsubmit_argv\fR -that corresponds to the first entry that is not a command line option. -If -\fIsubmit_argv\fR -only consists of options, which may be the case with the -\fB\-l\fR -or -\fB\-v\fR -options, -\fRsubmit_argv[submit_optind]\fR -will evaluate to the NULL pointer. -.TP 6n -submit_argv -The argument vector -\fBsudo\fR -was invoked with, including all command line options. -The -\fIsubmit_optind\fR -argument can be used to determine the end of the command line options. -.TP 6n -submit_envp -The invoking user's environment in the form of a -\fRNULL\fR-terminated -vector of -\(lqname=value\(rq -strings. -.sp -When parsing -\fIsubmit_envp\fR, -the plugin should split on the -\fBfirst\fR -equal sign -(\(oq=\(cq) -since the -\fIname\fR -field will never include one -itself but the -\fIvalue\fR -might. -.TP 6n -plugin_options -Any (non-comment) strings immediately after the plugin path are -treated as arguments to the plugin. -These arguments are split on a white space boundary and are passed to -the plugin in the form of a -\fRNULL\fR-terminated -array of strings. -If no arguments were specified, -\fIplugin_options\fR -will be the -\fRNULL\fR -pointer. -.TP 6n -errstr -If the -\fBopen\fR() -function returns a value other than 1, the plugin may -store a message describing the failure or error in -\fIerrstr\fR. -The -\fBsudo\fR -front end will then pass this value to any registered audit plugins. -The string stored in -\fIerrstr\fR -must remain valid until the plugin's -\fBclose\fR() -function is called. -.PD 0 -.PP -.RE -.PD -.TP 6n -close -.br -.nf -.RS 6n -void (*close)(void); -.RE -.fi -.RS 6n -.sp -The -\fBclose\fR() -function is called after the approval plugin's -\fBcheck\fR() -or -\fBshow_version\fR() -functions have been called. -It takes no arguments. -The -\fBclose\fR() -function is typically used to perform plugin-specific cleanup, -such as the freeing of memory objects allocated by the plugin. -If the plugin does not need to perform any cleanup, -\fBclose\fR() -may be set to the -\fRNULL\fR -pointer. -.RE -.TP 6n -check -.br -.nf -.RS 6n -int (*check)(char * const command_info[], char * const run_argv[], - char * const run_envp[], const char **errstr); -.RE -.fi -.RS 6n -.sp -The approval -\fBcheck\fR() -function is run after the policy plugin -\fBcheck_policy\fR() -function and before any I/O logging plugins. -If multiple approval plugins are loaded, they must all succeed for -the command to be allowed. -It returns 1 on success, 0 on failure, \-1 if a general error occurred, -or \-2 if there was a usage error. -In the latter case, -\fBsudo\fR -will print a usage message before it exits. -If an error occurs, the plugin may optionally call the -\fBconversation\fR() -or -\fBplugin_printf\fR() -function with -\fRSUDO_CONF_ERROR_MSG\fR -to present additional error information to the user. -.sp -The function arguments are as follows: -.TP 6n -command_info -A vector of information describing the command being run in the form of -\(lqname=value\(rq -strings. -The vector is terminated by a -\fRNULL\fR -pointer. -.sp -When parsing -\fIcommand_info\fR, -the plugin should split on the -\fBfirst\fR -equal sign -(\(oq=\(cq) -since the -\fIname\fR -field will never include one -itself but the -\fIvalue\fR -might. -.sp -See the -\fIPolicy plugin API\fR -section for a list of all possible strings. -.TP 6n -run_argv -A -\fRNULL\fR-terminated -argument vector describing a command that will be run in the -same form as what would be passed to the -execve(2) -system call. -.TP 6n -run_envp -The environment the command will be run with in the form of a -\fRNULL\fR-terminated -vector of -\(lqname=value\(rq -strings. -.sp -When parsing -\fIrun_envp\fR, -the plugin should split on the -\fBfirst\fR -equal sign -(\(oq=\(cq) -since the -\fIname\fR -field will never include one -itself but the -\fIvalue\fR -might. -.TP 6n -errstr -If the -\fBopen\fR() -function returns a value other than 1, the plugin may -store a message describing the failure or error in -\fIerrstr\fR. -The -\fBsudo\fR -front end will then pass this value to any registered audit plugins. -The string stored in -\fIerrstr\fR -must remain valid until the plugin's -\fBclose\fR() -function is called. -.PD 0 -.PP -.RE -.PD -.TP 6n -show_version -.nf -.RS 6n -int (*show_version)(int verbose); -.RE -.fi -.RS 6n -.sp -The -\fBshow_version\fR() -function is called by -\fBsudo\fR -when the user specifies -the -\fB\-V\fR -option. -The plugin may display its version information to the user via the -\fBconversation\fR() -or -\fBplugin_printf\fR() -function using -\fRSUDO_CONV_INFO_MSG\fR. -If the user requests detailed version information, the verbose flag will be set. -.sp -Returns 1 on success, 0 on failure, \-1 if a general error occurred, -or \-2 if there was a usage error, although the return value is currently -ignored. -.RE -.SS "Signal handlers" -The -\fBsudo\fR -front end installs default signal handlers to trap common signals -while the plugin functions are run. -The following signals are trapped by default before the command is -executed: -.TP 3n -\fB\(bu\fR -\fRSIGALRM\fR -.PD 0 -.TP 3n -\fB\(bu\fR -\fRSIGHUP\fR -.TP 3n -\fB\(bu\fR -\fRSIGINT\fR -.TP 3n -\fB\(bu\fR -\fRSIGPIPE\fR -.TP 3n -\fB\(bu\fR -\fRSIGQUIT\fR -.TP 3n -\fB\(bu\fR -\fRSIGTERM\fR -.TP 3n -\fB\(bu\fR -\fRSIGTSTP\fR -.TP 3n -\fB\(bu\fR -\fRSIGUSR1\fR -.TP 3n -\fB\(bu\fR -\fRSIGUSR2\fR -.PD -.PP -If a fatal signal is received before the command is executed, -\fBsudo\fR -will call the plugin's -\fBclose\fR() -function with an exit status of 128 plus the value of the signal -that was received. -This allows for consistent logging of commands killed by a signal -for plugins that log such information in their -\fBclose\fR() -function. -An exception to this is -\fRSIGPIPE\fR, -which is ignored until the command is executed. -.PP -A plugin may temporarily install its own signal handlers but must -restore the original handler before the plugin function returns. -.SS "Hook function API" -Beginning with plugin API version 1.2, it is possible to install -hooks for certain functions called by the -\fBsudo\fR -front end. -.PP -Currently, the only supported hooks relate to the handling of -environment variables. -Hooks can be used to intercept attempts to get, set, or remove -environment variables so that these changes can be reflected in -the version of the environment that is used to execute a command. -A future version of the API will support hooking internal -\fBsudo\fR -front end functions as well. -.PP -\fIHook structure\fR -.PP -Hooks in -\fBsudo\fR -are described by the following structure: -.nf -.sp -.RS 0n -typedef int (*sudo_hook_fn_t)(); - -struct sudo_hook { - unsigned int hook_version; - unsigned int hook_type; - sudo_hook_fn_t hook_fn; - void *closure; -}; -.RE -.fi -.PP -The -\fRsudo_hook\fR -structure has the following fields: -.TP 6n -hook_version -The -\fRhook_version\fR -field should be set to -\fRSUDO_HOOK_VERSION\fR. -.TP 6n -hook_type -The -\fRhook_type\fR -field may be one of the following supported hook types: -.PP -.RS 6n -.PD 0 -.TP 6n -\fRSUDO_HOOK_SETENV\fR -The C library -setenv(3) -function. -Any registered hooks will run before the C library implementation. -The -\fRhook_fn\fR -field should -be a function that matches the following typedef: -.nf -.sp -.RS 6n -typedef int (*sudo_hook_fn_setenv_t)(const char *name, - const char *value, int overwrite, void *closure); -.RE -.fi -.RS 6n -.sp -If the registered hook does not match the typedef the results are -unspecified. -.RE -.PD -.TP 6n -\fRSUDO_HOOK_UNSETENV\fR -The C library -unsetenv(3) -function. -Any registered hooks will run before the C library implementation. -The -\fRhook_fn\fR -field should -be a function that matches the following typedef: -.nf -.sp -.RS 6n -typedef int (*sudo_hook_fn_unsetenv_t)(const char *name, - void *closure); -.RE -.fi -.TP 6n -\fRSUDO_HOOK_GETENV\fR -The C library -getenv(3) -function. -Any registered hooks will run before the C library implementation. -The -\fRhook_fn\fR -field should -be a function that matches the following typedef: -.nf -.sp -.RS 6n -typedef int (*sudo_hook_fn_getenv_t)(const char *name, - char **value, void *closure); -.RE -.fi -.RS 6n -.sp -If the registered hook does not match the typedef the results are -unspecified. -.RE -.TP 6n -\fRSUDO_HOOK_PUTENV\fR -The C library -putenv(3) -function. -Any registered hooks will run before the C library implementation. -The -\fRhook_fn\fR -field should -be a function that matches the following typedef: -.nf -.sp -.RS 6n -typedef int (*sudo_hook_fn_putenv_t)(char *string, - void *closure); -.RE -.fi -.RS 6n -.sp -If the registered hook does not match the typedef the results are -unspecified. -.RE -.PD 0 -.PP -.RE -.PD -.TP 6n -hook_fn -sudo_hook_fn_t hook_fn; -.sp -The -\fRhook_fn\fR -field should be set to the plugin's hook implementation. -The actual function arguments will vary depending on the -\fRhook_type\fR -(see -\fRhook_type\fR -above). -In all cases, the -\fRclosure\fR -field of -\fRstruct sudo_hook\fR -is passed as the last function parameter. -This can be used to pass arbitrary data to the plugin's hook implementation. -.sp -The function return value may be one of the following: -.PP -.RS 6n -.PD 0 -.TP 6n -\fRSUDO_HOOK_RET_ERROR\fR -The hook function encountered an error. -.PD -.TP 6n -\fRSUDO_HOOK_RET_NEXT\fR -The hook completed without error, go on to the next hook (including -the system implementation if applicable). -For example, a -getenv(3) -hook might return -\fRSUDO_HOOK_RET_NEXT\fR -if the specified variable was not found in the private copy of the environment. -.TP 6n -\fRSUDO_HOOK_RET_STOP\fR -The hook completed without error, stop processing hooks for this invocation. -This can be used to replace the system implementation. -For example, a -\fRsetenv\fR -hook that operates on a private copy of -the environment but leaves -\fRenviron\fR -unchanged. -.PD 0 -.PP -.RE -.PD -.PP -Note that it is very easy to create an infinite loop when hooking -C library functions. -For example, a -getenv(3) -hook that calls the -snprintf(3) -function may create a loop if the -snprintf(3) -implementation calls -getenv(3) -to check the locale. -To prevent this, you may wish to use a static variable in the hook -function to guard against nested calls. -For example: -.nf -.sp -.RS 0n -static int in_progress = 0; /* avoid recursion */ -if (in_progress) - return SUDO_HOOK_RET_NEXT; -in_progress = 1; -\&... -in_progress = 0; -return SUDO_HOOK_RET_STOP; -.RE -.fi -.PP -\fIHook API Version Macros\fR -.nf -.sp -.RS 0n -/* Hook API version major/minor */ -#define SUDO_HOOK_VERSION_MAJOR 1 -#define SUDO_HOOK_VERSION_MINOR 0 -#define SUDO_HOOK_VERSION SUDO_API_MKVERSION(SUDO_HOOK_VERSION_MAJOR,\e - SUDO_HOOK_VERSION_MINOR) -.RE -.fi -.PP -For getters and setters see the -\fIPolicy plugin API\fR. -.SS "Event API" -When -\fBsudo\fR -runs a command, it uses an event loop to service signals and I/O. -Events may be triggered based on time, a file or socket descriptor -becoming ready, or due to receipt of a signal. -Starting with API version 1.15, it is possible for a plugin to -participate in this event loop by calling the -\fBevent_alloc\fR() -function. -.PP -\fIEvent structure\fR -.PP -Events are described by the following structure: -.nf -.RS 0n -typedef void (*sudo_plugin_ev_callback_t)(int fd, int what, void *closure); - -struct sudo_plugin_event { - int (*set)(struct sudo_plugin_event *pev, int fd, int events, - sudo_plugin_ev_callback_t callback, void *closure); - int (*add)(struct sudo_plugin_event *pev, struct timespec *timeout); - int (*del)(struct sudo_plugin_event *pev); - int (*pending)(struct sudo_plugin_event *pev, int events, - struct timespec *ts); - int (*fd)(struct sudo_plugin_event *pev); - void (*setbase)(struct sudo_plugin_event *pev, void *base); - void (*loopbreak)(struct sudo_plugin_event *pev); - void (*free)(struct sudo_plugin_event *pev); -}; -.RE -.fi -.PP -The sudo_plugin_event struct contains the following function pointers: -.TP 6n -\fBset\fR() -.br -.nf -.RS 6n -int (*set)(struct sudo_plugin_event *pev, int fd, int events, - sudo_plugin_ev_callback_t callback, void *closure); -.RE -.fi -.RS 6n -.sp -The -\fBset\fR() -function takes the following arguments: -.TP 6n -struct sudo_plugin_event *\fIpev\fR -A pointer to the struct sudo_plugin_event itself. -.TP 6n -\fIfd\fR -The file or socket descriptor for I/O-based events or the signal -number for signal events. -For time-based events, -\fIfd\fR -must be -1. -.TP 6n -\fIevents\fR -The following values determine what will trigger the event callback: -.PP -.RS 6n -.PD 0 -.TP 6n -SUDO_PLUGIN_EV_TIMEOUT -callback is run after the specified timeout expires -.PD -.TP 6n -SUDO_PLUGIN_EV_READ -callback is run when the file descriptor is readable -.TP 6n -SUDO_PLUGIN_EV_WRITE -callback is run when the file descriptor is writable -.TP 6n -SUDO_PLUGIN_EV_PERSIST -event is persistent and remains enabled until explicitly deleted -.TP 6n -SUDO_PLUGIN_EV_SIGNAL -callback is run when the specified signal is received -.PP -The -\fRSUDO_PLUGIN_EV_PERSIST\fR -flag may be ORed with any of the event types. -It is also possible to OR -\fRSUDO_PLUGIN_EV_READ\fR -and -\fRSUDO_PLUGIN_EV_WRITE\fR -together to run the callback when a descriptor is ready to be -either read from or written to. -All other event values are mutually exclusive. -.RE -.TP 6n -sudo_plugin_ev_callback_t \fIcallback\fR -.nf -.RS 6n -typedef void (*sudo_plugin_ev_callback_t)(int fd, int what, - void *closure); -.RE -.fi -.RS 6n -.sp -The function to call when an event is triggered. -The -\fBcallback\fR() -function is run with the following arguments: -.TP 6n -\fIfd\fR -The file or socket descriptor for I/O-based events or the signal -number for signal events. -.TP 6n -\fIwhat\fR -The event type that triggered that callback. -For events that have multiple event types (for example -\fRSUDO_PLUGIN_EV_READ\fR -and -\fRSUDO_PLUGIN_EV_WRITE\fR) -or have an associated timeout, -\fIwhat\fR -can be used to determine why the callback was run. -.TP 6n -\fIclosure\fR -The generic pointer that was specified in the -\fBset\fR() -function. -.PD 0 -.PP -.RE -.PD -.TP 6n -closure -A generic pointer that will be passed to the callback function. -.PP -The -\fBset\fR() -function returns 1 on success, and \-1 if a error occurred. -.RE -.TP 6n -\fBadd\fR() -.br -.nf -.RS 6n -int (*add)(struct sudo_plugin_event *pev, struct timespec *timeout); -.RE -.fi -.RS 6n -.sp -The -\fBadd\fR() -function adds the event -\fIpev\fR -to -\fBsudo\fR's -event loop. -The event must have previously been initialized via the -\fBset\fR() -function. -If the -\fItimeout\fR -argument is not NULL, it should specify a (relative) timeout after -which the event will be triggered if the main event criteria has -not been met. -This is often used to implement an I/O timeout where the event -will fire if a descriptor is not ready within a certain time -period. -If the event is already present in the event loop, its -\fItimeout\fR -will be adjusted to match the new value, if any. -.sp -The -\fBadd\fR() -function returns 1 on success, and \-1 if a error occurred. -.RE -.TP 6n -\fBdel\fR() -.br -.nf -.RS 6n -int (*del)(struct sudo_plugin_event *pev); -.RE -.fi -.RS 6n -.sp -The -\fBdel\fR() -function deletes the event -\fIpev\fR -from -\fBsudo\fR's -event loop. -Deleted events can be added back via the -\fBadd\fR() -function. -.sp -The -\fBdel\fR() -function returns 1 on success, and \-1 if a error occurred. -.RE -.TP 6n -\fBpending\fR() -.nf -.RS 6n -int (*pending)(struct sudo_plugin_event *pev, int events, - struct timespec *ts); -.RE -.fi -.RS 6n -.sp -The -\fBpending\fR() -function can be used to determine whether one or more events is pending. -The -\fIevents\fR -argument specifies which events to check for. -See the -\fBset\fR() -function for a list of valid event types. -If -\fRSUDO_PLUGIN_EV_TIMEOUT\fR -is specified in -\fRevents\fR, -the event has an associated timeout and the -\fIts\fR -pointer is non-NULL, it will be filled in with the remaining time. -.RE -.TP 6n -\fBfd\fR() -.nf -.RS 6n -int (*fd)(struct sudo_plugin_event *pev); -.RE -.fi -.RS 6n -.sp -The -\fBfd\fR() -function returns the descriptor or signal number associated with -the event -\fIpev\fR. -.RE -.TP 6n -\fBsetbase\fR() -.nf -.RS 6n -void (*setbase)(struct sudo_plugin_event *pev, void *base); -.RE -.fi -.RS 6n -.sp -The -\fBsetbase\fR() -function sets the underlying event -\fIbase\fR -for -\fIpev\fR -to the specified value. -This can be used to move an event created via -\fBevent_alloc\fR() -to a new event loop allocated by sudo's event subsystem. -If -\fIbase\fR -is -\fRNULL\fR, -\fIpev\fR's -event base is reset to the default value, which corresponds to -\fBsudo\fR's -main event loop. -Using this function requires linking the plugin with the sudo_util -library. -It is unlikely to be used outside of the -\fBsudoers\fR -plugin. -.RE -.TP 6n -\fBloopbreak\fR() -.nf -.RS 6n -void (*loopbreak)(struct sudo_plugin_event *pev); -.RE -.fi -.RS 6n -.sp -The -\fBloopbreak\fR() -function causes -\fBsudo\fR's -event loop to exit immediately and the running command to be terminated. -.RE -.TP 6n -\fBfree\fR() -.nf -.RS 6n -void (*free)(struct sudo_plugin_event *pev); -.RE -.fi -.RS 6n -.sp -The -\fBfree\fR() -function deletes the event -\fIpev\fR -from the event loop and frees the memory associated with it. -.RE -.SS "Remote command execution" -The -\fBsudo\fR -front end does not support running remote commands. -However, starting with -\fBsudo\fR -1.8.8, the -\fB\-h\fR -option may be used to specify a remote host that is passed -to the policy plugin. -A plugin may also accept a -\fIrunas_user\fR -in the form of -\(lquser@hostname\(rq -which will work with older versions of -\fBsudo\fR. -It is anticipated that remote commands will be supported by executing a -\(lqhelper\(rq -program. -The policy plugin should setup the execution environment such that the -\fBsudo\fR -front end will run the helper which, in turn, will connect to the -remote host and run the command. -.PP -For example, the policy plugin could utilize -\fBssh\fR -to perform remote command execution. -The helper program would be responsible for running -\fBssh\fR -with the proper options to use a private key or certificate -that the remote host will accept and run a program -on the remote host that would setup the execution environment -accordingly. -.PP -Note that remote -\fBsudoedit\fR -functionality must be handled by the policy plugin, not -\fBsudo\fR -itself as the front end has no knowledge that a remote command is -being executed. -This may be addressed in a future revision of the plugin API. -.SS "Conversation API" -If the plugin needs to interact with the user, it may do so via the -\fBconversation\fR() -function. -A plugin should not attempt to read directly from the standard input -or the user's tty (neither of which are guaranteed to exist). -The caller must include a trailing newline in -\fRmsg\fR -if one is to be printed. -.PP -A -\fBprintf\fR()-style -function is also available that can be used to display informational -or error messages to the user, which is usually more convenient for -simple messages where no use input is required. -.PP -\fIConversation function structures\fR -.PP -The conversation function takes as arguments pointers to the following -structures: -.nf -.sp -.RS 0n -struct sudo_conv_message { -#define SUDO_CONV_PROMPT_ECHO_OFF 0x0001 /* do not echo user input */ -#define SUDO_CONV_PROMPT_ECHO_ON 0x0002 /* echo user input */ -#define SUDO_CONV_ERROR_MSG 0x0003 /* error message */ -#define SUDO_CONV_INFO_MSG 0x0004 /* informational message */ -#define SUDO_CONV_PROMPT_MASK 0x0005 /* mask user input */ -#define SUDO_CONV_PROMPT_ECHO_OK 0x1000 /* flag: allow echo if no tty */ -#define SUDO_CONV_PREFER_TTY 0x2000 /* flag: use tty if possible */ - int msg_type; - int timeout; - const char *msg; -}; - -#define SUDO_CONV_REPL_MAX 1023 - -struct sudo_conv_reply { - char *reply; -}; - -typedef int (*sudo_conv_callback_fn_t)(int signo, void *closure); -struct sudo_conv_callback { - unsigned int version; - void *closure; - sudo_conv_callback_fn_t on_suspend; - sudo_conv_callback_fn_t on_resume; -}; -.RE -.fi -.PP -Pointers to the -\fBconversation\fR() -and -\fBprintf\fR()-style -functions are passed -in to the plugin's -\fBopen\fR() -function when the plugin is initialized. -The following type definitions can be used in the declaration of the -\fBopen\fR() -function: -.nf -.sp -.RS 0n -typedef int (*sudo_conv_t)(int num_msgs, - const struct sudo_conv_message msgs[], - struct sudo_conv_reply replies[], struct sudo_conv_callback *callback); - -typedef int (*sudo_printf_t)(int msg_type, const char *fmt, ...); -.RE -.fi -.PP -To use the -\fBconversation\fR() -function, the plugin must pass an array of -\fRsudo_conv_message\fR -and -\fRsudo_conv_reply\fR -structures. -There must be a -\fRstruct sudo_conv_message\fR -and -\fRstruct sudo_conv_reply\fR -for -each message in the conversation, that is, both arrays must have the same -number of elements. -Each -\fRstruct sudo_conv_reply\fR -must have its -\fIreply\fR -member initialized to -\fRNULL\fR. -The -\fRstruct sudo_conv_callback\fR -pointer, if not -\fRNULL\fR, -should contain function pointers to be called when the -\fBsudo\fR -process is suspended and/or resumed during conversation input. -The -\fIon_suspend\fR -and -\fIon_resume\fR -functions are called with the signal that caused -\fBsudo\fR -to be suspended and the -\fIclosure\fR -pointer from the -\fRstruct sudo_conv_callback\fR. -These functions should return 0 on success and \-1 on error. -On error, the conversation will end and the conversation function -will return a value of \-1. -The intended use is to allow the plugin to release resources, such as locks, -that should not be held indefinitely while suspended and then reacquire them -when the process is resumed. -Note that the functions are not actually invoked from within a signal handler. -.PP -The -\fImsg_type\fR -must be set to one of the following values: -.TP 6n -SUDO_CONV_PROMPT_ECHO_OFF -Prompt the user for input with echo disabled; -this is generally used for passwords. -The reply will be stored in the -\fIreplies\fR -array, and it will never be -\fRNULL\fR. -.TP 6n -SUDO_CONV_PROMPT_ECHO_ON -Prompt the user for input with echo enabled. -The reply will be stored in the -\fIreplies\fR -array, and it will never be -\fRNULL\fR. -.TP 6n -SUDO_CONV_ERROR_MSG -Display an error message. -The message is written to the standard error unless the -\fRSUDO_CONV_PREFER_TTY\fR -flag is set, in which case it is written to the user's terminal if possible. -.TP 6n -SUDO_CONV_INFO_MSG -Display a message. -The message is written to the standard output unless the -\fRSUDO_CONV_PREFER_TTY\fR -flag is set, in which case it is written to the user's terminal if possible. -.TP 6n -SUDO_CONV_PROMPT_MASK -Prompt the user for input but echo an asterisk character for each -character read. -The reply will be stored in the -\fIreplies\fR -array, and it will never be -\fRNULL\fR. -This can be used to provide visual feedback to the user while reading -sensitive information that should not be displayed. -.PP -In addition to the above values, the following flag bits may also be set: -.TP 6n -SUDO_CONV_PROMPT_ECHO_OK -Allow input to be read when echo cannot be disabled -when the message type is -\fRSUDO_CONV_PROMPT_ECHO_OFF\fR -or -\fRSUDO_CONV_PROMPT_MASK\fR. -By default, -\fBsudo\fR -will refuse to read input if the echo cannot be disabled for those -message types. -.TP 6n -SUDO_CONV_PREFER_TTY -When displaying a message via -\fRSUDO_CONV_ERROR_MSG\fR -or -\fRSUDO_CONV_INFO_MSG\fR, -try to write the message to the user's terminal. -If the terminal is unavailable, the standard error or standard output -will be used, depending upon whether -The user's terminal is always used when possible for input, -this flag is only used for output. -\fRSUDO_CONV_ERROR_MSG\fR -or -\fRSUDO_CONV_INFO_MSG\fR -was used. -.PP -The -\fItimeout\fR -in seconds until the prompt will wait for no more input. -A zero value implies an infinite timeout. -.PP -The plugin is responsible for freeing the reply buffer located in each -\fRstruct sudo_conv_reply\fR, -if it is not -\fRNULL\fR. -\fRSUDO_CONV_REPL_MAX\fR -represents the maximum length of the reply buffer (not including -the trailing NUL character). -In practical terms, this is the longest password -\fBsudo\fR -will support. -.PP -The -\fBprintf\fR()-style -function uses the same underlying mechanism as the -\fBconversation\fR() -function but only supports -\fRSUDO_CONV_INFO_MSG\fR -and -\fRSUDO_CONV_ERROR_MSG\fR -for the -\fImsg_type\fR -parameter. -It can be more convenient than using the -\fBconversation\fR() -function if no user reply is needed and supports standard -\fBprintf\fR() -escape sequences. -.PP -See the sample plugin for an example of the -\fBconversation\fR() -function usage. -.SS "Plugin invocation order" -As of -\fBsudo\fR -1.9.0, the plugin -\fBopen\fR() -and -\fBclose\fR() -functions are called in the -following order: -.TP 5n -1.\& -audit open -.TP 5n -2.\& -policy open -.TP 5n -3.\& -approval open -.TP 5n -4.\& -approval close -.TP 5n -5.\& -I/O log open -.TP 5n -6.\& -command runs -.TP 5n -7.\& -command exits -.TP 5n -8.\& -I/O log close -.TP 5n -9.\& -policy close -.TP 5n -10.\& -audit close -.TP 5n -11.\& -sudo exits -.PP -Prior to -\fBsudo\fR -1.9.0, the I/O log -\fBclose\fR() -function was called -\fIafter\fR -the policy -\fBclose\fR() -function. -.SS "Sudoers group plugin API" -The -\fBsudoers\fR -plugin supports its own plugin interface to allow non-Unix -group lookups. -This can be used to query a group source other than the standard Unix -group database. -Two sample group plugins are bundled with -\fBsudo\fR, -\fIgroup_file\fR -and -\fIsystem_group\fR, -are detailed in -sudoers(@mansectform@). -Third party group plugins include a QAS AD plugin available from Quest Software. -.PP -A group plugin must declare and populate a -\fRsudoers_group_plugin\fR -struct in the global scope. -This structure contains pointers to the functions that implement plugin -initialization, cleanup and group lookup. -.nf -.sp -.RS 0n -struct sudoers_group_plugin { - unsigned int version; - int (*init)(int version, sudo_printf_t sudo_printf, - char *const argv[]); - void (*cleanup)(void); - int (*query)(const char *user, const char *group, - const struct passwd *pwd); -}; -.RE -.fi -.PP -The -\fRsudoers_group_plugin\fR -struct has the following fields: -.TP 6n -version -The -\fRversion\fR -field should be set to GROUP_API_VERSION. -.sp -This allows -\fBsudoers\fR -to determine the API version the group plugin -was built against. -.TP 6n -init -.nf -.RS 6n -int (*init)(int version, sudo_printf_t plugin_printf, - char *const argv[]); -.RE -.fi -.RS 6n -.sp -The -\fBinit\fR() -function is called after -\fIsudoers\fR -has been parsed but -before any policy checks. -It returns 1 on success, 0 on failure (or if the plugin is not configured), -and \-1 if a error occurred. -If an error occurs, the plugin may call the -\fBplugin_printf\fR() -function with -\fRSUDO_CONF_ERROR_MSG\fR -to present additional error information to the user. -.sp -The function arguments are as follows: -.TP 6n -version -The version passed in by -\fBsudoers\fR -allows the plugin to determine the -major and minor version number of the group plugin API supported by -\fBsudoers\fR. -.TP 6n -plugin_printf -A pointer to a -\fBprintf\fR()-style -function that may be used to display informational or error message to the user. -Returns the number of characters printed on success and \-1 on failure. -.TP 6n -argv -A -\fRNULL\fR-terminated -array of arguments generated from the -\fIgroup_plugin\fR -option in -\fIsudoers\fR. -If no arguments were given, -\fIargv\fR -will be -\fRNULL\fR. -.PD 0 -.PP -.RE -.PD -.TP 6n -cleanup -.nf -.RS 6n -void (*cleanup)(); -.RE -.fi -.RS 6n -.sp -The -\fBcleanup\fR() -function is called when -\fBsudoers\fR -has finished its -group checks. -The plugin should free any memory it has allocated and close open file handles. -.RE -.TP 6n -query -.br -.nf -.RS 6n -int (*query)(const char *user, const char *group, - const struct passwd *pwd); -.RE -.fi -.RS 6n -.sp -The -\fBquery\fR() -function is used to ask the group plugin whether -\fIuser\fR -is a member of -\fIgroup\fR. -.sp -The function arguments are as follows: -.TP 6n -user -The name of the user being looked up in the external group database. -.TP 6n -group -.br -The name of the group being queried. -.TP 6n -pwd -The password database entry for -\fIuser\fR, -if any. -If -\fIuser\fR -is not -present in the password database, -\fIpwd\fR -will be -\fRNULL\fR. -.PD 0 -.PP -.RE -.PD -.PP -\fIGroup API Version Macros\fR -.nf -.sp -.RS 0n -/* Sudoers group plugin version major/minor */ -#define GROUP_API_VERSION_MAJOR 1 -#define GROUP_API_VERSION_MINOR 0 -#define GROUP_API_VERSION ((GROUP_API_VERSION_MAJOR << 16) | \e - GROUP_API_VERSION_MINOR) -.RE -.fi -For getters and setters see the -\fIPolicy plugin API\fR. -.SH "PLUGIN API CHANGELOG" -The following revisions have been made to the Sudo Plugin API. -.TP 6n -Version 1.0 -Initial API version. -.TP 6n -Version 1.1 (sudo 1.8.0) -The I/O logging plugin's -\fBopen\fR() -function was modified to take the -\fRcommand_info\fR -list as an argument. -.TP 6n -Version 1.2 (sudo 1.8.5) -The Policy and I/O logging plugins' -\fBopen\fR() -functions are now passed -a list of plugin parameters if any are specified in -sudo.conf(@mansectform@). -.sp -A simple hooks API has been introduced to allow plugins to hook in to the -system's environment handling functions. -.sp -The -\fRinit_session\fR -Policy plugin function is now passed a pointer -to the user environment which can be updated as needed. -This can be used to merge in environment variables stored in the PAM -handle before a command is run. -.TP 6n -Version 1.3 (sudo 1.8.7) -Support for the -\fIexec_background\fR -entry has been added to the -\fRcommand_info\fR -list. -.sp -The -\fImax_groups\fR -and -\fIplugin_dir\fR -entries were added to the -\fRsettings\fR -list. -.sp -The -\fBversion\fR() -and -\fBclose\fR() -functions are now optional. -Previously, a missing -\fBversion\fR() -or -\fBclose\fR() -function would result in a crash. -If no policy plugin -\fBclose\fR() -function is defined, a default -\fBclose\fR() -function will be provided by the -\fBsudo\fR -front end that displays a warning if the command could not be -executed. -.sp -The -\fBsudo\fR -front end now installs default signal handlers to trap common signals -while the plugin functions are run. -.TP 6n -Version 1.4 (sudo 1.8.8) -The -\fIremote_host\fR -entry was added to the -\fRsettings\fR -list. -.TP 6n -Version 1.5 (sudo 1.8.9) -The -\fIpreserve_fds\fR -entry was added to the -\fRcommand_info\fR -list. -.TP 6n -Version 1.6 (sudo 1.8.11) -The behavior when an I/O logging plugin returns an error -(\-1) -has changed. -Previously, the -\fBsudo\fR -front end took no action when the -\fBlog_ttyin\fR(), -\fBlog_ttyout\fR(), -\fBlog_stdin\fR(), -\fBlog_stdout\fR(), -or -\fBlog_stderr\fR() -function returned an error. -.sp -The behavior when an I/O logging plugin returns 0 has changed. -Previously, output from the command would be displayed to the -terminal even if an output logging function returned 0. -.TP 6n -Version 1.7 (sudo 1.8.12) -The -\fIplugin_path\fR -entry was added to the -\fRsettings\fR -list. -.sp -The -\fIdebug_flags\fR -entry now starts with a debug file path name and may occur multiple -times if there are multiple plugin-specific Debug lines in the -sudo.conf(@mansectform@) file. -.TP 6n -Version 1.8 (sudo 1.8.15) -The -\fIsudoedit_checkdir\fR -and -\fIsudoedit_follow\fR -entries were added to the -\fRcommand_info\fR -list. -The default value of -\fIsudoedit_checkdir\fR -was changed to true in sudo 1.8.16. -.sp -The sudo -\fIconversation\fR -function now takes a pointer to a -\fRstruct sudo_conv_callback\fR -as its fourth argument. -The -\fRsudo_conv_t\fR -definition has been updated to match. -The plugin must specify that it supports plugin API version 1.8 or higher -to receive a conversation function pointer that supports this argument. -.TP 6n -Version 1.9 (sudo 1.8.16) -The -\fIexecfd\fR -entry was added to the -\fRcommand_info\fR -list. -.TP 6n -Version 1.10 (sudo 1.8.19) -The -\fIumask\fR -entry was added to the -\fRuser_info\fR -list. -The -\fIiolog_group\fR, -\fIiolog_mode\fR, -and -\fIiolog_user\fR -entries were added to the -\fRcommand_info\fR -list. -.TP 6n -Version 1.11 (sudo 1.8.20) -The -\fItimeout\fR -entry was added to the -\fRsettings\fR -list. -.TP 6n -Version 1.12 (sudo 1.8.21) -The -\fRchange_winsize\fR -field was added to the io_plugin struct. -.TP 6n -Version 1.13 (sudo 1.8.26) -The -\fRlog_suspend\fR -field was added to the io_plugin struct. -.TP 6n -Version 1.14 (sudo 1.8.29) -The -\fIumask_override\fR -entry was added to the -\fRcommand_info\fR -list. -.TP 6n -Version 1.15 (sudo 1.9.0) -The -\fIcwd_optional\fR -entry was added to the -\fRcommand_info\fR -list. -.sp -The -\fIevent_alloc\fR -field was added to the policy_plugin and io_plugin structs. -.sp -The -\fIerrstr\fR -argument was added to the policy and I/O plugin functions -which the plugin function can use to return an error string. -This string may be used by the audit plugin to report failure or -error conditions set by the other plugins. -.sp -The -\fBclose\fR() -function is now is called regardless of whether or not a command -was actually executed. -This makes it possible for plugins to perform cleanup even when a -command was not run. -.sp -\fRSUDO_CONV_REPL_MAX\fR -has increased from 255 to 1023 bytes. -.sp -Support for audit and approval plugins was added. -.TP 6n -Version 1.16 (sudo 1.9.3) -Initial resource limit values were added to the -\fRuser_info\fR -list. -.sp -The -\fIcmnd_chroot\fR -and -\fIcmnd_cwd\fR -enties were added to the -\fRsettings\fR -list. -.TP 6n -Version 1.17 (sudo 1.9.4) -The -\fIevent_alloc\fR -field was added to the audit_plugin and approval_plugin structs. -.SH "SEE ALSO" -sudo.conf(@mansectform@), -sudoers(@mansectform@), -sudo(@mansectsu@) -.SH "AUTHORS" -Many people have worked on -\fBsudo\fR -over the years; this version consists of code written primarily by: -.sp -.RS 6n -Todd C. Miller -.RE -.PP -See the CONTRIBUTORS file in the -\fBsudo\fR -distribution (https://www.sudo.ws/contributors.html) for an -exhaustive list of people who have contributed to -\fBsudo\fR. -.SH "BUGS" -If you feel you have found a bug in -\fBsudo\fR, -please submit a bug report at https://bugzilla.sudo.ws/ -.SH "SUPPORT" -Limited free support is available via the sudo-users mailing list, -see https://www.sudo.ws/mailman/listinfo/sudo-users to subscribe or -search the archives. -.SH "DISCLAIMER" -\fBsudo\fR -is provided -\(lqAS IS\(rq -and any express or implied warranties, including, but not limited -to, the implied warranties of merchantability and fitness for a -particular purpose are disclaimed. -See the LICENSE file distributed with -\fBsudo\fR -or https://www.sudo.ws/license.html for complete details. diff -Nru sudo-1.9.5p2/doc/sudo_plugin.mdoc.in sudo-1.9.9/doc/sudo_plugin.mdoc.in --- sudo-1.9.5p2/doc/sudo_plugin.mdoc.in 2020-12-17 01:33:43.000000000 +0000 +++ sudo-1.9.9/doc/sudo_plugin.mdoc.in 1970-01-01 00:00:00.000000000 +0000 @@ -1,4553 +0,0 @@ -.\" -.\" SPDX-License-Identifier: ISC -.\" -.\" Copyright (c) 2009-2020 Todd C. Miller -.\" -.\" Permission to use, copy, modify, and distribute this software for any -.\" purpose with or without fee is hereby granted, provided that the above -.\" copyright notice and this permission notice appear in all copies. -.\" -.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES -.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF -.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR -.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES -.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN -.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF -.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. -.\" -.Dd November 17, 2020 -.Dt SUDO_PLUGIN @mansectform@ -.Os Sudo @PACKAGE_VERSION@ -.Sh NAME -.Nm sudo_plugin -.Nd Sudo Plugin API -.Sh DESCRIPTION -Starting with version 1.8, -.Nm sudo -supports a plugin API -for policy and session logging. -Plugins may be compiled as dynamic shared objects (the default on -systems that support them) or compiled statically into the -.Nm sudo -binary itself. -By default, the -.Nm sudoers -policy plugin and an associated I/O logging plugin are used. -Via the plugin API, -.Nm sudo -can be configured to use alternate policy and/or I/O logging plugins -provided by third parties. -The plugins to be used are specified in the -.Xr sudo.conf @mansectform@ -file. -.Pp -The API is versioned with a major and minor number. -The minor version number is incremented when additions are made. -The major number is incremented when incompatible changes are made. -A plugin should be check the version passed to it and make sure that the -major version matches. -.Pp -The plugin API is defined by the -.Li sudo_plugin.h -header file. -.Ss Policy plugin API -A policy plugin must declare and populate a -.Li policy_plugin -struct in the global scope. -This structure contains pointers to the functions that implement the -.Nm sudo -policy checks. -The name of the symbol should be specified in -.Xr sudo.conf @mansectform@ -along with a path to the plugin so that -.Nm sudo -can load it. -.Bd -literal -struct policy_plugin { -#define SUDO_POLICY_PLUGIN 1 - unsigned int type; /* always SUDO_POLICY_PLUGIN */ - unsigned int version; /* always SUDO_API_VERSION */ - int (*open)(unsigned int version, sudo_conv_t conversation, - sudo_printf_t plugin_printf, char * const settings[], - char * const user_info[], char * const user_env[], - char * const plugin_options[], const char **errstr); - void (*close)(int exit_status, int error); - int (*show_version)(int verbose); - int (*check_policy)(int argc, char * const argv[], - char *env_add[], char **command_info[], - char **argv_out[], char **user_env_out[], const char **errstr); - int (*list)(int argc, char * const argv[], int verbose, - const char *list_user, const char **errstr); - int (*validate)(const char **errstr); - void (*invalidate)(int remove); - int (*init_session)(struct passwd *pwd, char **user_env[], - const char **errstr); - void (*register_hooks)(int version, - int (*register_hook)(struct sudo_hook *hook)); - void (*deregister_hooks)(int version, - int (*deregister_hook)(struct sudo_hook *hook)); - struct sudo_plugin_event * (*event_alloc)(void); -}; -.Ed -.Pp -The policy_plugin struct has the following fields: -.Bl -tag -width 4n -.It type -The -.Li type -field should always be set to SUDO_POLICY_PLUGIN. -.It version -The -.Li version -field should be set to -.Dv SUDO_API_VERSION . -.Pp -This allows -.Nm sudo -to determine the API version the plugin was -built against. -.It open -.Bd -literal -compact -int (*open)(unsigned int version, sudo_conv_t conversation, - sudo_printf_t plugin_printf, char * const settings[], - char * const user_info[], char * const user_env[], - char * const plugin_options[], const char **errstr); -.Ed -.Pp -Returns 1 on success, 0 on failure, \-1 if a general error occurred, -or \-2 if there was a usage error. -In the latter case, -.Nm sudo -will print a usage message before it exits. -If an error occurs, the plugin may optionally call the -.Fn conversation -or -.Fn plugin_printf -function with -.Dv SUDO_CONF_ERROR_MSG -to present additional error information to the user. -.Pp -The function arguments are as follows: -.Bl -tag -width 4n -.It version -The version passed in by -.Nm sudo -allows the plugin to determine the -major and minor version number of the plugin API supported by -.Nm sudo . -.It conversation -A pointer to the -.Fn conversation -function that can be used by the plugin to interact with the user (see -.Sx Conversation API -for details). -Returns 0 on success and \-1 on failure. -.It plugin_printf -A pointer to a -.Fn printf Ns -style -function that may be used to display informational or error messages (see -.Sx Conversation API -for details). -Returns the number of characters printed on success and \-1 on failure. -.It settings -A vector of user-supplied -.Nm sudo -settings in the form of -.Dq name=value -strings. -The vector is terminated by a -.Dv NULL -pointer. -These settings correspond to options the user specified when running -.Nm sudo . -As such, they will only be present when the corresponding option has -been specified on the command line. -.Pp -When parsing -.Em settings , -the plugin should split on the -.Sy first -equal sign -.Pq Ql = -since the -.Em name -field will never include one -itself but the -.Em value -might. -.Pp -The following values may be set by -.Nm sudo : -.Bl -tag -width 4n -.It bsdauth_type=string -Authentication type, if specified by the -.Fl a -option, to use on -systems where -.Bx -authentication is supported. -.It closefrom=number -If specified, the user has requested via the -.Fl C -option that -.Nm sudo -close all files descriptors with a value of -.Em number -or higher. -The plugin may optionally pass this, or another value, back in the -.Em command_info -list. -.It cmnd_chroot=string -The root directory (see -.Xr chroot 2 ) -to run the command in, as specified by the user via the -.Fl R -option. -The plugin may ignore or restrict the user's ability to specify a new -root directory. -Only available starting with API version 1.16. -.It cmnd_cwd=string -The working directory to run the command in, as specified by the user via the -.Fl D -option. -The plugin may ignore or restrict the user's ability to specify a new -working directory. -Only available starting with API version 1.16. -.It debug_flags=string -A debug file path name followed by a space and a comma-separated -list of debug flags that correspond to the plugin's -.Li Debug -entry in -.Xr sudo.conf @mansectform@ , -if there is one. -The flags are passed to the plugin exactly as they appear in -.Xr sudo.conf @mansectform@ . -The syntax used by -.Nm sudo -and the -.Nm sudoers -plugin is -.Em subsystem Ns @ Ns Em priority -but a plugin is free to use a different -format so long as it does not include a comma -.Pq Ql ,\& . -Prior to -.Nm sudo -1.8.12, there was no way to specify plugin-specific -.Em debug_flags -so the value was always the same as that used by the -.Nm sudo -front end and did not include a path name, only the flags themselves. -As of version 1.7 of the plugin interface, -.Nm sudo -will only pass -.Em debug_flags -if -.Xr sudo.conf @mansectform@ -contains a plugin-specific -.Li Debug -entry. -.It ignore_ticket=bool -Set to true if the user specified the -.Fl k -option along with a -command, indicating that the user wishes to ignore any cached -authentication credentials. -.Em implied_shell -to true. -This allows -.Nm sudo -with no arguments -to be used similarly to -.Xr su 1 . -If the plugin does not to support this usage, it may return a value of \-2 -from the -.Fn check_policy -function, which will cause -.Nm sudo -to print a usage message and -exit. -.It implied_shell=bool -If the user does not specify a program on the command line, -.Nm sudo -will pass the plugin the path to the user's shell and set -.It login_class=string -.Bx -login class to use when setting resource limits and nice value, -if specified by the -.Fl c -option. -.It login_shell=bool -Set to true if the user specified the -.Fl i -option, indicating that -the user wishes to run a login shell. -.It max_groups=int -The maximum number of groups a user may belong to. -This will only be present if there is a corresponding setting in -.Xr sudo.conf @mansectform@ . -.It network_addrs=list -A space-separated list of IP network addresses and netmasks in the -form -.Dq addr/netmask , -e.g., -.Dq 192.168.1.2/255.255.255.0 . -The address and netmask pairs may be either IPv4 or IPv6, depending on -what the operating system supports. -If the address contains a colon -.Pq Ql :\& , -it is an IPv6 address, else it is IPv4. -.It noninteractive=bool -Set to true if the user specified the -.Fl n -option, indicating that -.Nm sudo -should operate in non-interactive mode. -The plugin may reject a command run in non-interactive mode if user -interaction is required. -.It plugin_dir=string -The default plugin directory used by the -.Nm sudo -front end. -This is the default directory set at compile time and may not -correspond to the directory the running plugin was loaded from. -It may be used by a plugin to locate support files. -.It plugin_path=string -The path name of plugin loaded by the -.Nm sudo -front end. -The path name will be a fully-qualified unless the plugin was -statically compiled into -.Nm sudo . -.It preserve_environment=bool -Set to true if the user specified the -.Fl E -option, indicating that -the user wishes to preserve the environment. -.It preserve_groups=bool -Set to true if the user specified the -.Fl P -option, indicating that -the user wishes to preserve the group vector instead of setting it -based on the runas user. -.It progname=string -The command name that sudo was run as, typically -.Dq sudo -or -.Dq sudoedit . -.It prompt=string -The prompt to use when requesting a password, if specified via -the -.Fl p -option. -.It remote_host=string -The name of the remote host to run the command on, if specified via -the -.Fl h -option. -Support for running the command on a remote host is meant to be implemented -via a helper program that is executed in place of the user-specified command. -The -.Nm sudo -front end is only capable of executing commands on the local host. -Only available starting with API version 1.4. -.It run_shell=bool -Set to true if the user specified the -.Fl s -option, indicating that the user wishes to run a shell. -.It runas_group=string -The group name or gid to run the command as, if specified via -the -.Fl g -option. -.It runas_user=string -The user name or uid to run the command as, if specified via the -.Fl u -option. -.It selinux_role=string -SELinux role to use when executing the command, if specified by -the -.Fl r -option. -.It selinux_type=string -SELinux type to use when executing the command, if specified by -the -.Fl t -option. -.It set_home=bool -Set to true if the user specified the -.Fl H -option. -If true, set the -.Li HOME -environment variable to the target user's home directory. -.It sudoedit=bool -Set to true when the -.Fl e -option is specified or if invoked as -.Nm sudoedit . -The plugin shall substitute an editor into -.Em argv -in the -.Fn check_policy -function or return \-2 with a usage error -if the plugin does not support -.Em sudoedit . -For more information, see the -.Em check_policy -section. -.It timeout=string -Command timeout specified by the user via the -.Fl T -option. -Not all plugins support command timeouts and the ability of the -user to set a timeout may be restricted by policy. -The format of the timeout string is plugin-specific. -.El -.Pp -Additional settings may be added in the future so the plugin should -silently ignore settings that it does not recognize. -.It user_info -A vector of information about the user running the command in the form of -.Dq name=value -strings. -The vector is terminated by a -.Dv NULL -pointer. -.Pp -When parsing -.Em user_info , -the plugin should split on the -.Sy first -equal sign -.Pq Ql = -since the -.Em name -field will never include one -itself but the -.Em value -might. -.Pp -The following values may be set by -.Nm sudo : -.Bl -tag -width 4n -.It cols=int -The number of columns the user's terminal supports. -If there is no terminal device available, a default value of 80 is used. -.It cwd=string -The user's current working directory. -.It egid=gid_t -The effective group-ID of the user invoking -.Nm sudo . -.It euid=uid_t -The effective user-ID of the user invoking -.Nm sudo . -.It gid=gid_t -The real group-ID of the user invoking -.Nm sudo . -.It groups=list -The user's supplementary group list formatted as a string of -comma-separated group-IDs. -.It host=string -The local machine's hostname as returned by the -.Xr gethostname 2 -system call. -.It lines=int -The number of lines the user's terminal supports. -If there is -no terminal device available, a default value of 24 is used. -.It pgid=int -The ID of the process group that the running -.Nm sudo -process is a member of. -Only available starting with API version 1.2. -.It pid=int -The process ID of the running -.Nm sudo -process. -Only available starting with API version 1.2. -.It ppid=int -The parent process ID of the running -.Nm sudo -process. -Only available starting with API version 1.2. -.It rlimit_as=soft,hard -The maximum size to which the process's address space may grow (in bytes), -if supported by the operating system. -The soft and hard limits are separated by a comma. -A value of -.Dq infinity -indicates that there is no limit. -Only available starting with API version 1.16. -.It rlimit_core=soft,hard -The largest size core dump file that may be created (in bytes). -The soft and hard limits are separated by a comma. -A value of -.Dq infinity -indicates that there is no limit. -Only available starting with API version 1.16. -.It rlimit_cpu=soft,hard -The maximum amount of CPU time that the process may use (in seconds). -The soft and hard limits are separated by a comma. -A value of -.Dq infinity -indicates that there is no limit. -Only available starting with API version 1.16. -.It rlimit_data=soft,hard -The maximum size of the data segment for the process (in bytes). -The soft and hard limits are separated by a comma. -A value of -.Dq infinity -indicates that there is no limit. -Only available starting with API version 1.16. -.It rlimit_fsize=soft,hard -The largest size file that the process may create (in bytes). -The soft and hard limits are separated by a comma. -A value of -.Dq infinity -indicates that there is no limit. -Only available starting with API version 1.16. -.It rlimit_locks=soft,hard -The maximum number of locks that the process may establish, -if supported by the operating system. -The soft and hard limits are separated by a comma. -A value of -.Dq infinity -indicates that there is no limit. -Only available starting with API version 1.16. -.It rlimit_memlock=soft,hard -The maximum size that the process may lock in memory (in bytes), -if supported by the operating system. -The soft and hard limits are separated by a comma. -A value of -.Dq infinity -indicates that there is no limit. -Only available starting with API version 1.16. -.It rlimit_nofile=soft,hard -The maximum number of files that the process may have open. -The soft and hard limits are separated by a comma. -A value of -.Dq infinity -indicates that there is no limit. -Only available starting with API version 1.16. -.It rlimit_nproc=soft,hard -The maximum number of processes that the user may run simultaneously. -The soft and hard limits are separated by a comma. -A value of -.Dq infinity -indicates that there is no limit. -Only available starting with API version 1.16. -.It rlimit_rss=soft,hard -The maximum size to which the process's resident set size may grow (in bytes). -The soft and hard limits are separated by a comma. -A value of -.Dq infinity -indicates that there is no limit. -Only available starting with API version 1.16. -.It rlimit_stack=soft,hard -The maximum size to which the process's stack may grow (in bytes). -The soft and hard limits are separated by a comma. -A value of -.Dq infinity -indicates that there is no limit. -Only available starting with API version 1.16. -.It sid=int -The session ID of the running -.Nm sudo -process or 0 if -.Nm sudo -is not part of a POSIX job control session. -Only available starting with API version 1.2. -.It tcpgid=int -The ID of the foreground process group associated with the terminal -device associated with the -.Nm sudo -process or 0 if there is no terminal present. -Only available starting with API version 1.2. -.It tty=string -The path to the user's terminal device. -If the user has no terminal device associated with the session, -the value will be empty, as in -.Dq Li tty= . -.It uid=uid_t -The real user-ID of the user invoking -.Nm sudo . -.It umask=octal -The invoking user's file creation mask. -Only available starting with API version 1.10. -.It user=string -The name of the user invoking -.Nm sudo . -.El -.It user_env -The user's environment in the form of a -.Dv NULL Ns -terminated vector of -.Dq name=value -strings. -.Pp -When parsing -.Em user_env , -the plugin should split on the -.Sy first -equal sign -.Pq Ql = -since the -.Em name -field will never include one -itself but the -.Em value -might. -.It plugin_options -Any (non-comment) strings immediately after the plugin path are -passed as arguments to the plugin. -These arguments are split on a white space boundary and are passed to -the plugin in the form of a -.Dv NULL Ns -terminated -array of strings. -If no arguments were -specified, -.Em plugin_options -will be the -.Dv NULL -pointer. -.Pp -NOTE: the -.Em plugin_options -parameter is only available starting with -API version 1.2. -A plugin -.Sy must -check the API version specified -by the -.Nm sudo -front end before using -.Em plugin_options . -Failure to do so may result in a crash. -.It errstr -If the -.Fn open -function returns a value other than 1, the plugin may -store a message describing the failure or error in -.Fa errstr . -The -.Nm sudo -front end will then pass this value to any registered audit plugins. -The string stored in -.Fa errstr -must remain valid until the plugin's -.Fn close -function is called. -.Pp -NOTE: the -.Fa errstr -parameter is only available starting with -API version 1.15. -A plugin -.Sy must -check the API version specified by the -.Nm sudo -front end before using -.Fa errstr . -Failure to do so may result in a crash. -.El -.It close -.Bd -literal -compact -void (*close)(int exit_status, int error); -.Ed -.Pp -The -.Fn close -function is called when -.Nm sudo -is finished, shortly before it exits. -Starting with API version 1.15, -.Fn close -is called regardless of whether or not a command was actually executed. -This makes it possible for plugins to perform cleanup even when a -command was not run. -It is not possible to tell whether a command was run based solely -on the arguments passed to the -.Fn close -function. -To determine if a command was actually run, -the plugin must keep track of whether or not the -.Fn check_policy -function returned successfully. -.Pp -The function arguments are as follows: -.Bl -tag -width 4n -.It exit_status -The command's exit status, as returned by the -.Xr wait 2 -system call, or zero if no command was run. -The value of -.Li exit_status -is undefined if -.Li error -is non-zero. -.It error -If the command could not be executed, this is set to the value of -.Li errno -set by the -.Xr execve 2 -system call. -The plugin is responsible for displaying error information via the -.Fn conversation -or -.Fn plugin_printf -function. -If the command was successfully executed, the value of -.Li error -is zero. -.El -.Pp -If no -.Fn close -function is defined, no I/O logging plugins are loaded, -and neither the -.Em timeout -not -.Em use_pty -options are set in the -.Li command_info -list, the -.Nm sudo -front end may execute the command directly instead of running -it as a child process. -.It show_version -.Bd -literal -compact -int (*show_version)(int verbose); -.Ed -.Pp -The -.Fn show_version -function is called by -.Nm sudo -when the user specifies -the -.Fl V -option. -The plugin may display its version information to the user via the -.Fn conversation -or -.Fn plugin_printf -function using -.Dv SUDO_CONV_INFO_MSG . -If the user requests detailed version information, the verbose flag will be set. -.Pp -Returns 1 on success, 0 on failure, \-1 if a general error occurred, -or \-2 if there was a usage error, although the return value is currently -ignored. -.It check_policy -.Bd -literal -compact -int (*check_policy)(int argc, char * const argv[], char *env_add[], - char **command_info[], char **argv_out[], char **user_env_out[], - const char **errstr); -.Ed -.Pp -The -.Fn check_policy -function is called by -.Nm sudo -to determine -whether the user is allowed to run the specified commands. -.Pp -If the -.Em sudoedit -option was enabled in the -.Em settings -array -passed to the -.Fn open -function, the user has requested -.Em sudoedit -mode. -.Em sudoedit -is a mechanism for editing one or more files -where an editor is run with the user's credentials instead of with -elevated privileges. -.Nm sudo -achieves this by creating user-writable -temporary copies of the files to be edited and then overwriting the -originals with the temporary copies after editing is complete. -If the plugin supports -.Em sudoedit , -it should choose the editor to be used, potentially from a variable -in the user's environment, such as -.Li EDITOR , -and include it in -.Em argv_out -(note that environment -variables may include command line options). -The files to be edited should be copied from -.Em argv -into -.Em argv_out , -separated from the -editor and its arguments by a -.Dq Li -- -element. -The -.Dq Li -- -will -be removed by -.Nm sudo -before the editor is executed. -The plugin should also set -.Em sudoedit=true -in the -.Em command_info -list. -.Pp -The -.Fn check_policy -function returns 1 if the command is allowed, -0 if not allowed, \-1 for a general error, or \-2 for a usage error -or if -.Em sudoedit -was specified but is unsupported by the plugin. -In the latter case, -.Nm sudo -will print a usage message before it -exits. -If an error occurs, the plugin may optionally call the -.Fn conversation -or -.Fn plugin_printf -function with -.Dv SUDO_CONF_ERROR_MSG -to present additional error information to the user. -.Pp -The function arguments are as follows: -.Bl -tag -width 4n -.It argc -The number of elements in -.Em argv , -not counting the final -.Dv NULL -pointer. -.It argv -The argument vector describing the command the user wishes to run, -in the same form as what would be passed to the -.Xr execve 2 -system call. -The vector is terminated by a -.Dv NULL -pointer. -.It env_add -Additional environment variables specified by the user on the command -line in the form of a -.Dv NULL Ns -terminated -vector of -.Dq name=value -strings. -The plugin may reject the command if one or more variables -are not allowed to be set, or it may silently ignore such variables. -.Pp -When parsing -.Em env_add , -the plugin should split on the -.Sy first -equal sign -.Pq Ql = -since the -.Em name -field will never include one -itself but the -.Em value -might. -.It command_info -Information about the command being run in the form of -.Dq name=value -strings. -These values are used by -.Nm sudo -to set the execution -environment when running a command. -The plugin is responsible for creating and populating the vector, -which must be terminated with a -.Dv NULL -pointer. -The following values are recognized by -.Nm sudo : -.Bl -tag -width 4n -.It chroot=string -The root directory to use when running the command. -.It closefrom=number -If specified, -.Nm sudo -will close all files descriptors with a value -of -.Em number -or higher. -.It command=string -Fully qualified path to the command to be executed. -.It cwd=string -The current working directory to change to when executing the command. -If -.Nm sudo -is unable to change to the new working directory, the command will -not be run unless -.Em cwd_optional -is also set (see below). -.It cwd_optional=bool -If enabled, -.Nm sudo -will treat an inability to change to the new working directory as a -non-fatal error. -This setting has no effect unless -.Em cwd -is also set. -.It exec_background=bool -By default, -.Nm sudo -runs a command as the foreground process as long as -.Nm sudo -itself is running in the foreground. -When -.Em exec_background -is enabled and the command is being run in a pseudo-terminal -(due to I/O logging or the -.Em use_pty -setting), the command will be run as a background process. -Attempts to read from the controlling terminal (or to change terminal -settings) will result in the command being suspended with the -.Dv SIGTTIN -signal (or -.Dv SIGTTOU -in the case of terminal settings). -If this happens when -.Nm sudo -is a foreground process, the command will be granted the controlling terminal -and resumed in the foreground with no user intervention required. -The advantage of initially running the command in the background is that -.Nm sudo -need not read from the terminal unless the command explicitly requests it. -Otherwise, any terminal input must be passed to the command, whether it -has required it or not (the kernel buffers terminals so it is not possible -to tell whether the command really wants the input). -This is different from historic -.Em sudo -behavior or when the command is not being run in a pseudo-terminal. -.Pp -For this to work seamlessly, the operating system must support the -automatic restarting of system calls. -Unfortunately, not all operating systems do this by default, -and even those that do may have bugs. -For example, macOS fails to restart the -.Fn tcgetattr -and -.Fn tcsetattr -system calls (this is a bug in macOS). -Furthermore, because this behavior depends on the command stopping with the -.Dv SIGTTIN -or -.Dv SIGTTOU -signals, programs that catch these signals and suspend themselves -with a different signal (usually -.Dv SIGTOP ) -will not be automatically foregrounded. -Some versions of the linux -.Xr su 1 -command behave this way. -Because of this, a plugin should not set -.Em exec_background -unless it is explicitly enabled by the administrator and there should -be a way to enabled or disable it on a per-command basis. -.Pp -This setting has no effect unless I/O logging is enabled or -.Em use_pty -is enabled. -.It execfd=number -If specified, -.Nm sudo -will use the -.Xr fexecve 2 -system call to execute the command instead of -.Xr execve 2 . -The specified -.Em number -must refer to an open file descriptor. -.It iolog_compress=bool -Set to true if the I/O logging plugins, if any, should compress the -log data. -This is a hint to the I/O logging plugin which may choose to ignore it. -.It iolog_group=string -The group that will own newly created I/O log files and directories. -This is a hint to the I/O logging plugin which may choose to ignore it. -.It iolog_mode=octal -The file permission mode to use when creating I/O log files and directories. -This is a hint to the I/O logging plugin which may choose to ignore it. -.It iolog_user=string -The user that will own newly created I/O log files and directories. -This is a hint to the I/O logging plugin which may choose to ignore it. -.It iolog_path=string -Fully qualified path to the file or directory in which I/O log is -to be stored. -This is a hint to the I/O logging plugin which may choose to ignore it. -If no I/O logging plugin is loaded, this setting has no effect. -.It iolog_stdin=bool -Set to true if the I/O logging plugins, if any, should log the -standard input if it is not connected to a terminal device. -This is a hint to the I/O logging plugin which may choose to ignore it. -.It iolog_stdout=bool -Set to true if the I/O logging plugins, if any, should log the -standard output if it is not connected to a terminal device. -This is a hint to the I/O logging plugin which may choose to ignore it. -.It iolog_stderr=bool -Set to true if the I/O logging plugins, if any, should log the -standard error if it is not connected to a terminal device. -This is a hint to the I/O logging plugin which may choose to ignore it. -.It iolog_ttyin=bool -Set to true if the I/O logging plugins, if any, should log all -terminal input. -This only includes input typed by the user and not from a pipe or -redirected from a file. -This is a hint to the I/O logging plugin which may choose to ignore it. -.It iolog_ttyout=bool -Set to true if the I/O logging plugins, if any, should log all -terminal output. -This only includes output to the screen, not output to a pipe or file. -This is a hint to the I/O logging plugin which may choose to ignore it. -.It login_class=string -.Bx -login class to use when setting resource limits and nice value (optional). -This option is only set on systems that support login classes. -.It nice=int -Nice value (priority) to use when executing the command. -The nice value, if specified, overrides the priority associated with the -.Em login_class -on -.Bx -systems. -.It noexec=bool -If set, prevent the command from executing other programs. -.It preserve_fds=list -A comma-separated list of file descriptors that should be -preserved, regardless of the value of the -.Em closefrom -setting. -Only available starting with API version 1.5. -.It preserve_groups=bool -If set, -.Nm sudo -will preserve the user's group vector instead of -initializing the group vector based on -.Li runas_user . -.It runas_egid=gid -Effective group-ID to run the command as. -If not specified, the value of -.Em runas_gid -is used. -.It runas_euid=uid -Effective user-ID to run the command as. -If not specified, the value of -.Em runas_uid -is used. -.It runas_gid=gid -Group-ID to run the command as. -.It runas_group=string -The name of the group the command will run as, if it is different -from the -.Em runas_user Ns 's -default group. -This value is provided for auditing purposes only, the -.Nm sudo -front-end uses -.Em runas_egid -and -.Em runas_gid -when executing the command. -.It runas_groups=list -The supplementary group vector to use for the command in the form -of a comma-separated list of group-IDs. -If -.Em preserve_groups -is set, this option is ignored. -.It runas_uid=uid -User-ID to run the command as. -.It runas_user=string -The name of the user the command will run as, which should correspond to -.Em runas_euid -(or -.Em runas_uid -if -.Em runas_euid -is not set). -This value is provided for auditing purposes only, the -.Nm sudo -front-end uses -.Em runas_euid -and -.Em runas_uid -when executing the command. -.It selinux_role=string -SELinux role to use when executing the command. -.It selinux_type=string -SELinux type to use when executing the command. -.It set_utmp=bool -Create a utmp (or utmpx) entry when a pseudo-terminal is allocated. -By default, the new entry will be a copy of the user's existing utmp -entry (if any), with the tty, time, type and pid fields updated. -.It sudoedit=bool -Set to true when in -.Em sudoedit -mode. -The plugin may enable -.Em sudoedit -mode even if -.Nm sudo -was not invoked as -.Nm sudoedit . -This allows the plugin to perform command substitution and transparently -enable -.Em sudoedit -when the user attempts to run an editor. -.It sudoedit_checkdir=bool -Set to false to disable directory writability checks in -.Nm sudoedit . -By default, -.Nm sudoedit -1.8.16 and higher will check all directory components of the path to be -edited for writability by the invoking user. -Symbolic links will not be followed in writable directories and -.Nm sudoedit -will refuse to edit a file located in a writable directory. -These restrictions are not enforced when -.Nm sudoedit -is run by root. -The -.Em sudoedit_follow -option can be set to false to disable this check. -Only available starting with API version 1.8. -.It sudoedit_follow=bool -Set to true to allow -.Nm sudoedit -to edit files that are symbolic links. -By default, -.Nm sudoedit -1.8.15 and higher will refuse to open a symbolic link. -The -.Em sudoedit_follow -option can be used to restore the older behavior and allow -.Nm sudoedit -to open symbolic links. -Only available starting with API version 1.8. -.It timeout=int -Command timeout. -If non-zero then when the timeout expires the command will be killed. -.It umask=octal -The file creation mask to use when executing the command. -This value may be overridden by PAM or login.conf on some systems -unless the -.Em umask_override -option is also set. -.It umask_override=bool -Force the value specified by the -.Em umask -option to override any umask set by PAM or login.conf. -.It use_pty=bool -Allocate a pseudo-terminal to run the command in, regardless of whether -or not I/O logging is in use. -By default, -.Nm sudo -will only run -the command in a pseudo-terminal when an I/O log plugin is loaded. -.It utmp_user=string -User name to use when constructing a new utmp (or utmpx) entry when -.Em set_utmp -is enabled. -This option can be used to set the user field in the utmp entry to -the user the command runs as rather than the invoking user. -If not set, -.Nm sudo -will base the new entry on -the invoking user's existing entry. -.El -.Pp -Unsupported values will be ignored. -.It argv_out -The -.Dv NULL Ns -terminated -argument vector to pass to the -.Xr execve 2 -system call when executing the command. -The plugin is responsible for allocating and populating the vector. -.It user_env_out -The -.Dv NULL Ns -terminated -environment vector to use when executing the command. -The plugin is responsible for allocating and populating the vector. -.It errstr -If the -.Fn check_policy -function returns a value other than 1, the plugin may -store a message describing the failure or error in -.Fa errstr . -The -.Nm sudo -front end will then pass this value to any registered audit plugins. -The string stored in -.Fa errstr -must remain valid until the plugin's -.Fn close -function is called. -.Pp -NOTE: the -.Fa errstr -parameter is only available starting with -API version 1.15. -A plugin -.Sy must -check the API version specified by the -.Nm sudo -front end before using -.Fa errstr . -Failure to do so may result in a crash. -.El -.It list -.Bd -literal -compact -int (*list)(int argc, char * const argv[], int verbose, - const char *list_user, const char **errstr); -.Ed -.Pp -List available privileges for the invoking user. -Returns 1 on success, 0 on failure and \-1 on error. -On error, the plugin may optionally call the -.Fn conversation -or -.Fn plugin_printf -function with -.Dv SUDO_CONF_ERROR_MSG -to present additional error information to -the user. -.Pp -Privileges should be output via the -.Fn conversation -or -.Fn plugin_printf -function using -.Dv SUDO_CONV_INFO_MSG . -.Pp -The function arguments are as follows: -.Bl -tag -width 4n -.It argc -The number of elements in -.Em argv , -not counting the final -.Dv NULL -pointer. -.It argv -If -.No non- Ns Dv NULL , -an argument vector describing a command the user -wishes to check against the policy in the same form as what would -be passed to the -.Xr execve 2 -system call. -If the command is permitted by the policy, the fully-qualified path -to the command should be displayed along with any command line arguments. -.It verbose -Flag indicating whether to list in verbose mode or not. -.It list_user -The name of a different user to list privileges for if the policy -allows it. -If -.Dv NULL , -the plugin should list the privileges of the invoking user. -.It errstr -If the -.Fn list -function returns a value other than 1, the plugin may -store a message describing the failure or error in -.Fa errstr . -The -.Nm sudo -front end will then pass this value to any registered audit plugins. -The string stored in -.Fa errstr -must remain valid until the plugin's -.Fn close -function is called. -.Pp -NOTE: the -.Fa errstr -parameter is only available starting with -API version 1.15. -A plugin -.Sy must -check the API version specified by the -.Nm sudo -front end before using -.Fa errstr . -Failure to do so may result in a crash. -.El -.It validate -.Bd -literal -compact -int (*validate)(const char **errstr); -.Ed -.Pp -The -.Fn validate -function is called when -.Nm sudo -is run with the -.Fl v -option. -For policy plugins such as -.Nm sudoers -that cache -authentication credentials, this function will validate and cache -the credentials. -.Pp -The -.Fn validate -function should be -.Dv NULL -if the plugin does not support credential caching. -.Pp -Returns 1 on success, 0 on failure and \-1 on error. -On error, the plugin may optionally call the -.Fn conversation -or -.Fn plugin_printf -function with -.Dv SUDO_CONF_ERROR_MSG -to present additional -error information to the user. -.Pp -The function arguments are as follows: -.Bl -tag -width 4n -.It errstr -If the -.Fn validate -function returns a value other than 1, the plugin may -store a message describing the failure or error in -.Fa errstr . -The -.Nm sudo -front end will then pass this value to any registered audit plugins. -The string stored in -.Fa errstr -must remain valid until the plugin's -.Fn close -function is called. -.Pp -NOTE: the -.Fa errstr -parameter is only available starting with -API version 1.15. -A plugin -.Sy must -check the API version specified by the -.Nm sudo -front end before using -.Fa errstr . -Failure to do so may result in a crash. -.El -.It invalidate -.Bd -literal -compact -void (*invalidate)(int remove); -.Ed -.Pp -The -.Fn invalidate -function is called when -.Nm sudo -is run with the -.Fl k -or -.Fl K -option. -For policy plugins such as -.Nm sudoers -that -cache authentication credentials, this function will invalidate the -credentials. -If the -.Em remove -flag is set, the plugin may remove -the credentials instead of simply invalidating them. -.Pp -The -.Fn invalidate -function should be -.Dv NULL -if the plugin does not support credential caching. -.It init_session -.Bd -literal -compact -int (*init_session)(struct passwd *pwd, char **user_env_out[]); -.Ed -.Pp -The -.Fn init_session -function is called before -.Nm sudo -sets up the -execution environment for the command. -It is run in the parent -.Nm sudo -process and before any uid or gid changes. -This can be used to perform session setup that is not supported by -.Em command_info , -such as opening the PAM session. -The -.Fn close -function can be -used to tear down the session that was opened by -.Li init_session . -.Pp -The -.Em pwd -argument points to a passwd struct for the user the -command will be run as if the uid the command will run as was found -in the password database, otherwise it will be -.Dv NULL . -.Pp -The -.Em user_env_out -argument points to the environment the command will -run in, in the form of a -.Dv NULL Ns -terminated -vector of -.Dq name=value -strings. -This is the same string passed back to the front end via -the Policy Plugin's -.Em user_env_out -parameter. -If the -.Fn init_session -function needs to modify the user environment, it should update the -pointer stored in -.Em user_env_out . -The expected use case is to merge the contents of the PAM environment -(if any) with the contents of -.Em user_env_out . -NOTE: the -.Em user_env_out -parameter is only available -starting with API version 1.2. -A plugin -.Sy must -check the API -version specified by the -.Nm sudo -front end before using -.Em user_env_out . -Failure to do so may result in a crash. -.Pp -Returns 1 on success, 0 on failure and \-1 on error. -On error, the plugin may optionally call the -.Fn conversation -or -.Fn plugin_printf -function with -.Dv SUDO_CONF_ERROR_MSG -to present additional -error information to the user. -.It register_hooks -.Bd -literal -compact -void (*register_hooks)(int version, - int (*register_hook)(struct sudo_hook *hook)); -.Ed -.Pp -The -.Fn register_hooks -function is called by the sudo front end to -register any hooks the plugin needs. -If the plugin does not support hooks, -.Li register_hooks -should be set to the -.Dv NULL -pointer. -.Pp -The -.Em version -argument describes the version of the hooks API -supported by the -.Nm sudo -front end. -.Pp -The -.Fn register_hook -function should be used to register any supported -hooks the plugin needs. -It returns 0 on success, 1 if the hook type is not supported and \-1 -if the major version in -.Li struct hook -does not match the front end's major hook API version. -.Pp -See the -.Sx Hook function API -section below for more information -about hooks. -.Pp -NOTE: the -.Fn register_hooks -function is only available starting -with API version 1.2. -If the -.Nm sudo -front end doesn't support API -version 1.2 or higher, -.Li register_hooks -will not be called. -.It deregister_hooks -.Bd -literal -compact -void (*deregister_hooks)(int version, - int (*deregister_hook)(struct sudo_hook *hook)); -.Ed -.Pp -The -.Fn deregister_hooks -function is called by the sudo front end -to deregister any hooks the plugin has registered. -If the plugin does not support hooks, -.Li deregister_hooks -should be set to the -.Dv NULL -pointer. -.Pp -The -.Em version -argument describes the version of the hooks API -supported by the -.Nm sudo -front end. -.Pp -The -.Fn deregister_hook -function should be used to deregister any -hooks that were put in place by the -.Fn register_hook -function. -If the plugin tries to deregister a hook that the front end does not support, -.Li deregister_hook -will return an error. -.Pp -See the -.Sx Hook function API -section below for more information -about hooks. -.Pp -NOTE: the -.Fn deregister_hooks -function is only available starting -with API version 1.2. -If the -.Nm sudo -front end doesn't support API -version 1.2 or higher, -.Li deregister_hooks -will not be called. -.It event_alloc -.Bd -literal -compact -struct sudo_plugin_event * (*event_alloc)(void); -.Ed -.Pp -The -.Fn event_alloc -function is used to allocate a -.Li struct sudo_plugin_event -which provides access to the main -.Nm sudo -event loop. -Unlike the other fields, the -.Fn event_alloc -pointer is filled in by the -.Nm sudo -front end, not by the plugin. -.Pp -See the -.Sx Event API -section below for more information -about events. -.Pp -NOTE: the -.Fn event_alloc -function is only available starting -with API version 1.15. -If the -.Nm sudo -front end doesn't support API -version 1.15 or higher, -.Fn event_alloc -will not be set. -.It errstr -If the -.Fn init_session -function returns a value other than 1, the plugin may -store a message describing the failure or error in -.Fa errstr . -The -.Nm sudo -front end will then pass this value to any registered audit plugins. -The string stored in -.Fa errstr -must remain valid until the plugin's -.Fn close -function is called. -.Pp -NOTE: the -.Fa errstr -parameter is only available starting with -API version 1.15. -A plugin -.Sy must -check the API version specified by the -.Nm sudo -front end before using -.Fa errstr . -Failure to do so may result in a crash. -.El -.Pp -.Em Policy Plugin Version Macros -.Bd -literal -/* Plugin API version major/minor. */ -#define SUDO_API_VERSION_MAJOR 1 -#define SUDO_API_VERSION_MINOR 13 -#define SUDO_API_MKVERSION(x, y) ((x << 16) | y) -#define SUDO_API_VERSION SUDO_API_MKVERSION(SUDO_API_VERSION_MAJOR,\e - SUDO_API_VERSION_MINOR) - -/* Getters and setters for API version */ -#define SUDO_API_VERSION_GET_MAJOR(v) ((v) >> 16) -#define SUDO_API_VERSION_GET_MINOR(v) ((v) & 0xffff) -#define SUDO_API_VERSION_SET_MAJOR(vp, n) do { \e - *(vp) = (*(vp) & 0x0000ffff) | ((n) << 16); \e -} while(0) -#define SUDO_API_VERSION_SET_MINOR(vp, n) do { \e - *(vp) = (*(vp) & 0xffff0000) | (n); \e -} while(0) -.Ed -.Ss I/O plugin API -.Bd -literal -struct io_plugin { -#define SUDO_IO_PLUGIN 2 - unsigned int type; /* always SUDO_IO_PLUGIN */ - unsigned int version; /* always SUDO_API_VERSION */ - int (*open)(unsigned int version, sudo_conv_t conversation, - sudo_printf_t plugin_printf, char * const settings[], - char * const user_info[], char * const command_info[], - int argc, char * const argv[], char * const user_env[], - char * const plugin_options[], const char **errstr); - void (*close)(int exit_status, int error); /* wait status or error */ - int (*show_version)(int verbose); - int (*log_ttyin)(const char *buf, unsigned int len, - const char **errstr); - int (*log_ttyout)(const char *buf, unsigned int len, - const char **errstr); - int (*log_stdin)(const char *buf, unsigned int len, - const char **errstr); - int (*log_stdout)(const char *buf, unsigned int len, - const char **errstr); - int (*log_stderr)(const char *buf, unsigned int len, - const char **errstr); - void (*register_hooks)(int version, - int (*register_hook)(struct sudo_hook *hook)); - void (*deregister_hooks)(int version, - int (*deregister_hook)(struct sudo_hook *hook)); - int (*change_winsize)(unsigned int lines, unsigned int cols, - const char **errstr); - int (*log_suspend)(int signo, const char **errstr); - struct sudo_plugin_event * (*event_alloc)(void); -}; -.Ed -.Pp -When an I/O plugin is loaded, -.Nm sudo -runs the command in a pseudo-terminal. -This makes it possible to log the input and output from the user's -session. -If any of the standard input, standard output or standard error do not -correspond to a tty, -.Nm sudo -will open a pipe to capture -the I/O for logging before passing it on. -.Pp -The log_ttyin function receives the raw user input from the terminal -device (note that this will include input even when echo is disabled, -such as when a password is read). -The log_ttyout function receives output from the pseudo-terminal that is -suitable for replaying the user's session at a later time. -The -.Fn log_stdin , -.Fn log_stdout -and -.Fn log_stderr -functions are only called if the standard input, standard output -or standard error respectively correspond to something other than -a tty. -.Pp -Any of the logging functions may be set to the -.Dv NULL -pointer if no logging is to be performed. -If the open function returns 0, no I/O will be sent to the plugin. -.Pp -If a logging function returns an error -.Pq \-1 , -the running command will be terminated and all of the plugin's logging -functions will be disabled. -Other I/O logging plugins will still receive any remaining -input or output that has not yet been processed. -.Pp -If an input logging function rejects the data by returning 0, the -command will be terminated and the data will not be passed to the -command, though it will still be sent to any other I/O logging plugins. -If an output logging function rejects the data by returning 0, the -command will be terminated and the data will not be written to the -terminal, though it will still be sent to any other I/O logging plugins. -.Pp -The audit_plugin struct has the following fields: -.Bl -tag -width 4n -.It type -The -.Li type -field should always be set to -.Dv SUDO_IO_PLUGIN . -.It version -The -.Li version -field should be set to -.Dv SUDO_API_VERSION . -.Pp -This allows -.Nm sudo -to determine the API version the plugin was -built against. -.It open -.Bd -literal -compact -int (*open)(unsigned int version, sudo_conv_t conversation, - sudo_printf_t plugin_printf, char * const settings[], - char * const user_info[], char * const command_info[], - int argc, char * const argv[], char * const user_env[], - char * const plugin_options[]); -.Ed -.Pp -The -.Fn open -function is run before the -.Fn log_ttyin , -.Fn log_ttyout , -.Fn log_stdin , -.Fn log_stdout , -.Fn log_stderr , -.Fn log_suspend , -.Fn change_winsize , -or -.Fn show_version -functions are called. -It is only called if the version is being requested or if the -policy plugin's -.Fn check_policy -function has returned successfully. -It returns 1 on success, 0 on failure, \-1 if a general error occurred, -or \-2 if there was a usage error. -In the latter case, -.Nm sudo -will print a usage message before it exits. -If an error occurs, the plugin may optionally call the -.Fn conversation -or -.Fn plugin_printf -function with -.Dv SUDO_CONF_ERROR_MSG -to present additional error information to the user. -.Pp -The function arguments are as follows: -.Bl -tag -width 4n -.It version -The version passed in by -.Nm sudo -allows the plugin to determine the -major and minor version number of the plugin API supported by -.Nm sudo . -.It conversation -A pointer to the -.Fn conversation -function that may be used by the -.Fn show_version -function to display version information (see -.Fn show_version -below). -The -.Fn conversation -function may also be used to display additional error message to the user. -The -.Fn conversation -function returns 0 on success and \-1 on failure. -.It plugin_printf -A pointer to a -.Fn printf Ns -style -function that may be used by the -.Fn show_version -function to display version information (see -show_version below). -The -.Fn plugin_printf -function may also be used to display additional error message to the user. -The -.Fn plugin_printf -function returns number of characters printed on success and \-1 on failure. -.It settings -A vector of user-supplied -.Nm sudo -settings in the form of -.Dq name=value -strings. -The vector is terminated by a -.Dv NULL -pointer. -These settings correspond to options the user specified when running -.Nm sudo . -As such, they will only be present when the corresponding option has -been specified on the command line. -.Pp -When parsing -.Em settings , -the plugin should split on the -.Sy first -equal sign -.Pq Ql = -since the -.Em name -field will never include one -itself but the -.Em value -might. -.Pp -See the -.Sx Policy plugin API -section for a list of all possible settings. -.It user_info -A vector of information about the user running the command in the form of -.Dq name=value -strings. -The vector is terminated by a -.Dv NULL -pointer. -.Pp -When parsing -.Em user_info , -the plugin should split on the -.Sy first -equal sign -.Pq Ql = -since the -.Em name -field will never include one -itself but the -.Em value -might. -.Pp -See the -.Sx Policy plugin API -section for a list of all possible strings. -.It command_info -A vector of information describing the command being run in the form of -.Dq name=value -strings. -The vector is terminated by a -.Dv NULL -pointer. -.Pp -When parsing -.Em command_info , -the plugin should split on the -.Sy first -equal sign -.Pq Ql = -since the -.Em name -field will never include one -itself but the -.Em value -might. -.Pp -See the -.Sx Policy plugin API -section for a list of all possible strings. -.It argc -The number of elements in -.Em argv , -not counting the final -.Dv NULL -pointer. -It can be zero, when -.Nm sudo -is called with -.Fl V . -.It argv -If -.No non- Ns Dv NULL , -an argument vector describing a command the user -wishes to run in the same form as what would be passed to the -.Xr execve 2 -system call. -.It user_env -The user's environment in the form of a -.Dv NULL Ns -terminated -vector of -.Dq name=value -strings. -.Pp -When parsing -.Em user_env , -the plugin should split on the -.Sy first -equal sign -.Pq Ql = -since the -.Em name -field will never include one -itself but the -.Em value -might. -.It plugin_options -Any (non-comment) strings immediately after the plugin path are -treated as arguments to the plugin. -These arguments are split on a white space boundary and are passed to -the plugin in the form of a -.Dv NULL Ns -terminated -array of strings. -If no arguments were specified, -.Em plugin_options -will be the -.Dv NULL -pointer. -.Pp -NOTE: the -.Em plugin_options -parameter is only available starting with -API version 1.2. -A plugin -.Sy must -check the API version specified -by the -.Nm sudo -front end before using -.Em plugin_options . -Failure to do so may result in a crash. -.It errstr -If the -.Fn open -function returns a value other than 1, the plugin may -store a message describing the failure or error in -.Fa errstr . -The -.Nm sudo -front end will then pass this value to any registered audit plugins. -The string stored in -.Fa errstr -must remain valid until the plugin's -.Fn close -function is called. -.Pp -NOTE: the -.Fa errstr -parameter is only available starting with -API version 1.15. -A plugin -.Sy must -check the API version specified by the -.Nm sudo -front end before using -.Fa errstr . -Failure to do so may result in a crash. -.El -.It close -.Bd -literal -compact -void (*close)(int exit_status, int error); -.Ed -.Pp -The -.Fn close -function is called when -.Nm sudo -is finished, shortly before it exits. -.Pp -The function arguments are as follows: -.Bl -tag -width 4n -.It exit_status -The command's exit status, as returned by the -.Xr wait 2 -system call, or zero if no command was run. -The value of -.Li exit_status -is undefined if -.Li error -is non-zero. -.It error -If the command could not be executed, this is set to the value of -.Li errno -set by the -.Xr execve 2 -system call. -If the command was successfully executed, the value of -.Li error -is zero. -.El -.It show_version -.Bd -literal -compact -int (*show_version)(int verbose); -.Ed -.Pp -The -.Fn show_version -function is called by -.Nm sudo -when the user specifies -the -.Fl V -option. -The plugin may display its version information to the user via the -.Fn conversation -or -.Fn plugin_printf -function using -.Dv SUDO_CONV_INFO_MSG . -.Pp -Returns 1 on success, 0 on failure, \-1 if a general error occurred, -or \-2 if there was a usage error, although the return value is currently -ignored. -.It log_ttyin -.Bd -literal -compact -int (*log_ttyin)(const char *buf, unsigned int len, - const char **errstr); -.Ed -.Pp -The -.Fn log_ttyin -function is called whenever data can be read from -the user but before it is passed to the running command. -This allows the plugin to reject data if it chooses to (for instance -if the input contains banned content). -Returns 1 if the data should be passed to the command, 0 if the data -is rejected (which will terminate the running command) or \-1 if an -error occurred. -.Pp -The function arguments are as follows: -.Bl -tag -width 4n -.It buf -The buffer containing user input. -.It len -The length of -.Em buf -in bytes. -.It errstr -If the -.Fn log_ttyin -function returns a value other than 1, the plugin may -store a message describing the failure or error in -.Fa errstr . -The -.Nm sudo -front end will then pass this value to any registered audit plugins. -The string stored in -.Fa errstr -must remain valid until the plugin's -.Fn close -function is called. -.Pp -NOTE: the -.Fa errstr -parameter is only available starting with -API version 1.15. -A plugin -.Sy must -check the API version specified by the -.Nm sudo -front end before using -.Fa errstr . -Failure to do so may result in a crash. -.El -.It log_ttyout -.Bd -literal -compact -int (*log_ttyout)(const char *buf, unsigned int len, - const char **errstr); -.Ed -.Pp -The -.Fn log_ttyout -function is called whenever data can be read from -the command but before it is written to the user's terminal. -This allows the plugin to reject data if it chooses to (for instance -if the output contains banned content). -Returns 1 if the data should be passed to the user, 0 if the data is rejected -(which will terminate the running command) or \-1 if an error occurred. -.Pp -The function arguments are as follows: -.Bl -tag -width 4n -.It buf -The buffer containing command output. -.It len -The length of -.Em buf -in bytes. -.It errstr -If the -.Fn log_ttyout -function returns a value other than 1, the plugin may -store a message describing the failure or error in -.Fa errstr . -The -.Nm sudo -front end will then pass this value to any registered audit plugins. -The string stored in -.Fa errstr -must remain valid until the plugin's -.Fn close -function is called. -.Pp -NOTE: the -.Fa errstr -parameter is only available starting with -API version 1.15. -A plugin -.Sy must -check the API version specified by the -.Nm sudo -front end before using -.Fa errstr . -Failure to do so may result in a crash. -.El -.It log_stdin -.Bd -literal -compact -int (*log_stdin)(const char *buf, unsigned int len, - const char **errstr); -.Ed -.Pp -The -.Fn log_stdin -function is only used if the standard input does -not correspond to a tty device. -It is called whenever data can be read from the standard input but -before it is passed to the running command. -This allows the plugin to reject data if it chooses to -(for instance if the input contains banned content). -Returns 1 if the data should be passed to the command, 0 if the data is -rejected (which will terminate the running command) or \-1 if an error occurred. -.Pp -The function arguments are as follows: -.Bl -tag -width 4n -.It buf -The buffer containing user input. -.It len -The length of -.Em buf -in bytes. -.It errstr -If the -.Fn log_stdin -function returns a value other than 1, the plugin may -store a message describing the failure or error in -.Fa errstr . -The -.Nm sudo -front end will then pass this value to any registered audit plugins. -The string stored in -.Fa errstr -must remain valid until the plugin's -.Fn close -function is called. -.Pp -NOTE: the -.Fa errstr -parameter is only available starting with -API version 1.15. -A plugin -.Sy must -check the API version specified by the -.Nm sudo -front end before using -.Fa errstr . -Failure to do so may result in a crash. -.El -.It log_stdout -.Bd -literal -compact -int (*log_stdout)(const char *buf, unsigned int len, - const char **errstr); -.Ed -.Pp -The -.Fn log_stdout -function is only used if the standard output does not correspond -to a tty device. -It is called whenever data can be read from the command but before -it is written to the standard output. -This allows the plugin to reject data if it chooses to -(for instance if the output contains banned content). -Returns 1 if the data should be passed to the user, 0 if the data is -rejected (which will terminate the running command) or \-1 if an error occurred. -.Pp -The function arguments are as follows: -.Bl -tag -width 4n -.It buf -The buffer containing command output. -.It len -The length of -.Em buf -in bytes. -.It errstr -If the -.Fn log_stdout -function returns a value other than 1, the plugin may -store a message describing the failure or error in -.Fa errstr . -The -.Nm sudo -front end will then pass this value to any registered audit plugins. -The string stored in -.Fa errstr -must remain valid until the plugin's -.Fn close -function is called. -.Pp -NOTE: the -.Fa errstr -parameter is only available starting with -API version 1.15. -A plugin -.Sy must -check the API version specified by the -.Nm sudo -front end before using -.Fa errstr . -Failure to do so may result in a crash. -.El -.It log_stderr -.Bd -literal -compact -int (*log_stderr)(const char *buf, unsigned int len, - const char **errstr); -.Ed -.Pp -The -.Fn log_stderr -function is only used if the standard error does -not correspond to a tty device. -It is called whenever data can be read from the command but before it -is written to the standard error. -This allows the plugin to reject data if it chooses to -(for instance if the output contains banned content). -Returns 1 if the data should be passed to the user, 0 if the data is -rejected (which will terminate the running command) or \-1 if an error occurred. -.Pp -The function arguments are as follows: -.Bl -tag -width 4n -.It buf -The buffer containing command output. -.It len -The length of -.Em buf -in bytes. -.It errstr -If the -.Fn log_stderr -function returns a value other than 1, the plugin may -store a message describing the failure or error in -.Fa errstr . -The -.Nm sudo -front end will then pass this value to any registered audit plugins. -The string stored in -.Fa errstr -must remain valid until the plugin's -.Fn close -function is called. -.Pp -NOTE: the -.Fa errstr -parameter is only available starting with -API version 1.15. -A plugin -.Sy must -check the API version specified by the -.Nm sudo -front end before using -.Fa errstr . -Failure to do so may result in a crash. -.El -.It register_hooks -See the -.Sx Policy plugin API -section for a description of -.Li register_hooks . -.It deregister_hooks -See the -.Sx Policy plugin API -section for a description of -.Li deregister_hooks . -.It change_winsize -.Bd -literal -compact -int (*change_winsize)(unsigned int lines, unsigned int cols, - const char **errstr); -.Ed -.Pp -The -.Fn change_winsize -function is called whenever the window size of the terminal changes from -the initial values specified in the -.Li user_info -list. -Returns \-1 if an error occurred, in which case no further calls to -.Fn change_winsize -will be made, -.Pp -The function arguments are as follows: -.Bl -tag -width 4n -.It lines -The number of lines (rows) in the re-sized terminal. -.It cols -The number of columns in the re-sized terminal. -.It errstr -If the -.Fn change_winsize -function returns a value other than 1, the plugin may -store a message describing the failure or error in -.Fa errstr . -The -.Nm sudo -front end will then pass this value to any registered audit plugins. -The string stored in -.Fa errstr -must remain valid until the plugin's -.Fn close -function is called. -.Pp -NOTE: the -.Fa errstr -parameter is only available starting with -API version 1.15. -A plugin -.Sy must -check the API version specified by the -.Nm sudo -front end before using -.Fa errstr . -Failure to do so may result in a crash. -.El -.It log_suspend -.Bd -literal -compact -int (*log_suspend)(int signo, const char **errstr); -.Ed -.Pp -The -.Fn log_suspend -function is called whenever a command is suspended or resumed. -Logging this information makes it possible to skip the period of time when -the command was suspended during playback of a session. -Returns \-1 if an error occurred, in which case no further calls to -.Fn log_suspend -will be made, -.Pp -The function arguments are as follows: -.Bl -tag -width 4n -.It signo -The signal that caused the command to be suspended, or -.Dv SIGCONT -if the command was resumed. -.It errstr -If the -.Fn log_suspend -function returns a value other than 1, the plugin may -store a message describing the failure or error in -.Fa errstr . -The -.Nm sudo -front end will then pass this value to any registered audit plugins. -The string stored in -.Fa errstr -must remain valid until the plugin's -.Fn close -function is called. -.Pp -NOTE: the -.Fa errstr -parameter is only available starting with -API version 1.15. -A plugin -.Sy must -check the API version specified by the -.Nm sudo -front end before using -.Fa errstr . -Failure to do so may result in a crash. -.It event_alloc -.Bd -literal -compact -struct sudo_plugin_event * (*event_alloc)(void); -.Ed -.Pp -The -.Fn event_alloc -function is used to allocate a -.Li struct sudo_plugin_event -which provides access to the main -.Nm sudo -event loop. -Unlike the other fields, the -.Fn event_alloc -pointer is filled in by the -.Nm sudo -front end, not by the plugin. -.Pp -See the -.Sx Event API -section below for more information -about events. -.Pp -NOTE: the -.Fn event_alloc -function is only available starting -with API version 1.15. -If the -.Nm sudo -front end doesn't support API -version 1.15 or higher, -.Fn event_alloc -will not be set. -.El -.Pp -.Em I/O Plugin Version Macros -.Pp -Same as for the -.Sx Policy plugin API . -.El -.Ss Audit plugin API -.Bd -literal -/* Audit plugin close function status types. */ -#define SUDO_PLUGIN_NO_STATUS 0 -#define SUDO_PLUGIN_WAIT_STATUS 1 -#define SUDO_PLUGIN_EXEC_ERROR 2 -#define SUDO_PLUGIN_SUDO_ERROR 3 - -#define SUDO_AUDIT_PLUGIN 3 -struct audit_plugin { - unsigned int type; /* always SUDO_AUDIT_PLUGIN */ - unsigned int version; /* always SUDO_API_VERSION */ - int (*open)(unsigned int version, sudo_conv_t conversation, - sudo_printf_t sudo_printf, char * const settings[], - char * const user_info[], int submit_optind, - char * const submit_argv[], char * const submit_envp[], - char * const plugin_options[], const char **errstr); - void (*close)(int status_type, int status); - int (*accept)(const char *plugin_name, - unsigned int plugin_type, char * const command_info[], - char * const run_argv[], char * const run_envp[], - const char **errstr); - int (*reject)(const char *plugin_name, unsigned int plugin_type, - const char *audit_msg, char * const command_info[], - const char **errstr); - int (*error)(const char *plugin_name, unsigned int plugin_type, - const char *audit_msg, char * const command_info[], - const char **errstr); - int (*show_version)(int verbose); - void (*register_hooks)(int version, - int (*register_hook)(struct sudo_hook *hook)); - void (*deregister_hooks)(int version, - int (*deregister_hook)(struct sudo_hook *hook)); - struct sudo_plugin_event * (*event_alloc)(void); -} -.Ed -.Pp -An audit plugin can be used to log successful and unsuccessful attempts -to run -.Nm sudo -independent of the policy or any I/O plugins. -Multiple audit plugins may be specified in -.Xr sudo.conf @mansectform@ . -.Pp -The audit_plugin struct has the following fields: -.Bl -tag -width 4n -.It type -The -.Li type -field should always be set to -.Dv SUDO_AUDIT_PLUGIN . -.It version -The -.Li version -field should be set to -.Dv SUDO_API_VERSION . -.Pp -This allows -.Nm sudo -to determine the API version the plugin was -built against. -.It open -.Bd -literal -compact -int (*open)(unsigned int version, sudo_conv_t conversation, - sudo_printf_t sudo_printf, char * const settings[], - char * const user_info[], int submit_optind, - char * const submit_argv[], char * const submit_envp[], - char * const plugin_options[], const char **errstr); -.Ed -.Pp -The audit -.Fn open -function is run before any other -.Nm sudo -plugin API functions. -This makes it possible to audit failures in the other plugins. -It returns 1 on success, 0 on failure, \-1 if a general error occurred, -or \-2 if there was a usage error. -In the latter case, -.Nm sudo -will print a usage message before it exits. -If an error occurs, the plugin may optionally call the -.Fn conversation -or -.Fn plugin_printf -function with -.Dv SUDO_CONF_ERROR_MSG -to present additional error information to the user. -.Pp -The function arguments are as follows: -.Bl -tag -width 4n -.It version -The version passed in by -.Nm sudo -allows the plugin to determine the -major and minor version number of the plugin API supported by -.Nm sudo . -.It conversation -A pointer to the -.Fn conversation -function that may be used by the -.Fn show_version -function to display version information (see -.Fn show_version -below). -The -.Fn conversation -function may also be used to display additional error message to the user. -The -.Fn conversation -function returns 0 on success and \-1 on failure. -.It plugin_printf -A pointer to a -.Fn printf Ns -style -function that may be used by the -.Fn show_version -function to display version information (see -show_version below). -The -.Fn plugin_printf -function may also be used to display additional error message to the user. -The -.Fn plugin_printf -function returns number of characters printed on success and \-1 on failure. -.It settings -A vector of user-supplied -.Nm sudo -settings in the form of -.Dq name=value -strings. -The vector is terminated by a -.Dv NULL -pointer. -These settings correspond to options the user specified when running -.Nm sudo . -As such, they will only be present when the corresponding option has -been specified on the command line. -.Pp -When parsing -.Em settings , -the plugin should split on the -.Sy first -equal sign -.Pq Ql = -since the -.Em name -field will never include one -itself but the -.Em value -might. -.Pp -See the -.Sx Policy plugin API -section for a list of all possible settings. -.It user_info -A vector of information about the user running the command in the form of -.Dq name=value -strings. -The vector is terminated by a -.Dv NULL -pointer. -.Pp -When parsing -.Em user_info , -the plugin should split on the -.Sy first -equal sign -.Pq Ql = -since the -.Em name -field will never include one -itself but the -.Em value -might. -.Pp -See the -.Sx Policy plugin API -section for a list of all possible strings. -.It submit_optind -The index into -.Fa submit_argv -that corresponds to the first entry that is not a command line option. -If -.Fa submit_argv -only consists of options, which may be the case with the -.Fl l -or -.Fl v -options, -.Li submit_argv[submit_optind] -will evaluate to the NULL pointer. -.It submit_argv -The argument vector -.Nm sudo -was invoked with, including all command line options. -The -.Fa submit_optind -argument can be used to determine the end of the command line options. -.It submit_envp -The invoking user's environment in the form of a -.Dv NULL Ns -terminated -vector of -.Dq name=value -strings. -.Pp -When parsing -.Em submit_envp , -the plugin should split on the -.Sy first -equal sign -.Pq Ql = -since the -.Em name -field will never include one -itself but the -.Em value -might. -.It plugin_options -Any (non-comment) strings immediately after the plugin path are -treated as arguments to the plugin. -These arguments are split on a white space boundary and are passed to -the plugin in the form of a -.Dv NULL Ns -terminated -array of strings. -If no arguments were specified, -.Em plugin_options -will be the -.Dv NULL -pointer. -.It errstr -If the -.Fn open -function returns a value other than 1, the plugin may -store a message describing the failure or error in -.Fa errstr . -The -.Nm sudo -front end will then pass this value to any registered audit plugins. -The string stored in -.Fa errstr -must remain valid until the plugin's -.Fn close -function is called. -.El -.It close -.Bd -literal -compact -void (*close)(int status_type, int status); -.Ed -.Pp -The -.Fn close -function is called when -.Nm sudo -is finished, shortly before it exits. -.Pp -The function arguments are as follows: -.Bl -tag -width 4n -.It status_type -The type of status being passed. -One of -.Dv SUDO_PLUGIN_NO_STATUS , -.Dv SUDO_PLUGIN_WAIT_STATUS , -.Dv SUDO_PLUGIN_EXEC_ERROR -or -.Dv SUDO_PLUGIN_SUDO_ERROR . -.It status -Depending on the value of -.Fa status_type , -this value is either -ignored, the command's exit status as returned by the -.Xr wait 2 -system call, the value of -.Li errno -set by the -.Xr execve 2 -system call, or the value of -.Li errno -resulting from an error in the -.Nm sudo -front end. -.El -.It accept -.Bd -literal -compact -int (*accept)(const char *plugin_name, unsigned int plugin_type, - char * const command_info[], char * const run_argv[], - char * const run_envp[], const char **errstr); -.Ed -.Pp -The -.Fn accept -function is called when a command or action is accepted by a policy -or approval plugin. -The function arguments are as follows: -.Bl -tag -width 4n -.It plugin_name -The name of the plugin that accepted the command or -.Dq sudo -for the -.Nm sudo -front-end. -.It plugin_type -The type of plugin that accepted the command, currently either -.Dv SUDO_POLICY_PLUGIN , -.Dv SUDO_POLICY_APPROVAL -or -.Dv SUDO_FRONT_END . -The -.Fn accept -function is called multiple times--once for each policy or approval -plugin that succeeds and once for the sudo front-end. -When called on behalf of the sudo front-end, -.Fa command_info -may include information from an I/O logging plugin as well. -.Pp -Typically, an audit plugin is interested in either the accept status from -the -.Nm sudo -front-end or from the various policy and approval plugins, but not both. -It is possible for the policy plugin to accept a command that is -later rejected by an approval plugin, in which case the audit -plugin's -.Fn accept -and -.Fn reject -functions will -.Em both -be called. -.It command_info -An optional -vector of information describing the command being run in the form of -.Dq name=value -strings. -The vector is terminated by a -.Dv NULL -pointer. -.Pp -When parsing -.Em command_info , -the plugin should split on the -.Sy first -equal sign -.Pq Ql = -since the -.Em name -field will never include one -itself but the -.Em value -might. -.Pp -See the -.Sx Policy plugin API -section for a list of all possible strings. -.It run_argv -A -.Dv NULL Ns -terminated -argument vector describing a command that will be run in the -same form as what would be passed to the -.Xr execve 2 -system call. -.It run_envp -The environment the command will be run with in the form of a -.Dv NULL Ns -terminated -vector of -.Dq name=value -strings. -.Pp -When parsing -.Em run_envp , -the plugin should split on the -.Sy first -equal sign -.Pq Ql = -since the -.Em name -field will never include one -itself but the -.Em value -might. -.It errstr -If the -.Fn accept -function returns a value other than 1, the plugin may -store a message describing the failure or error in -.Fa errstr . -The -.Nm sudo -front end will then pass this value to any registered audit plugins. -The string stored in -.Fa errstr -must remain valid until the plugin's -.Fn close -function is called. -.El -.It reject -.Bd -literal -compact -int (*reject)(const char *plugin_name, unsigned int plugin_type, - const char *audit_msg, char * const command_info[], - const char **errstr); -.Ed -.Pp -The -.Fn reject -function is called when a command or action is rejected by a plugin. -The function arguments are as follows: -.Bl -tag -width 4n -.It plugin_name -The name of the plugin that rejected the command. -.It plugin_type -The type of plugin that rejected the command, currently either -.Dv SUDO_POLICY_PLUGIN , -.Dv SUDO_APPROVAL_PLUGIN -or -.Dv SUDO_IO_PLUGIN . -.Pp -Unlike the -.Fn accept -function, the -.Fn reject -function is not called on behalf of the -.Nm sudo -front-end. -.It audit_msg -An optional string describing the reason the command was rejected -by the plugin. -If the plugin did not provide a reason, -.Fa audit_msg -will be the -.Dv NULL -pointer. -.It command_info -An optional -vector of information describing the command being run in the form of -.Dq name=value -strings. -The vector is terminated by a -.Dv NULL -pointer. -.Pp -When parsing -.Em command_info , -the plugin should split on the -.Sy first -equal sign -.Pq Ql = -since the -.Em name -field will never include one -itself but the -.Em value -might. -.Pp -See the -.Sx Policy plugin API -section for a list of all possible strings. -.It errstr -If the -.Fn reject -function returns a value other than 1, the plugin may -store a message describing the failure or error in -.Fa errstr . -The -.Nm sudo -front end will then pass this value to any registered audit plugins. -The string stored in -.Fa errstr -must remain valid until the plugin's -.Fn close -function is called. -.El -.It error -.Bd -literal -compact -int (*error)(const char *plugin_name, unsigned int plugin_type, - const char *audit_msg, char * const command_info[], - const char **errstr); -.Ed -.Pp -The -.Fn error -function is called when a plugin or the -.Nm sudo -front-end returns an error. -The function arguments are as follows: -.Bl -tag -width 4n -.It plugin_name -The name of the plugin that generated the error or -.Dq sudo -for the -.Nm sudo -front-end. -.It plugin_type -The type of plugin that generated the error, or -.Dv SUDO_FRONT_END -for the -.Nm sudo -front-end. -.It audit_msg -An optional string describing the plugin error. -If the plugin did not provide a description, -.Fa audit_msg -will be the -.Dv NULL -pointer. -.It command_info -An optional -vector of information describing the command being run in the form of -.Dq name=value -strings. -The vector is terminated by a -.Dv NULL -pointer. -.Pp -When parsing -.Em command_info , -the plugin should split on the -.Sy first -equal sign -.Pq Ql = -since the -.Em name -field will never include one -itself but the -.Em value -might. -.Pp -See the -.Sx Policy plugin API -section for a list of all possible strings. -.It errstr -If the -.Fn error -function returns a value other than 1, the plugin may -store a message describing the failure or error in -.Fa errstr . -The -.Nm sudo -front end will then pass this value to any registered audit plugins. -The string stored in -.Fa errstr -must remain valid until the plugin's -.Fn close -function is called. -.El -.It show_version -.Bd -literal -compact -int (*show_version)(int verbose); -.Ed -.Pp -The -.Fn show_version -function is called by -.Nm sudo -when the user specifies -the -.Fl V -option. -The plugin may display its version information to the user via the -.Fn conversation -or -.Fn plugin_printf -function using -.Dv SUDO_CONV_INFO_MSG . -If the user requests detailed version information, the verbose flag will be set. -.Pp -Returns 1 on success, 0 on failure, \-1 if a general error occurred, -or \-2 if there was a usage error, although the return value is currently -ignored. -.It register_hooks -See the -.Sx Policy plugin API -section for a description of -.Li register_hooks . -.It deregister_hooks -See the -.Sx Policy plugin API -section for a description of -.Li deregister_hooks . -.It event_alloc -.Bd -literal -compact -struct sudo_plugin_event * (*event_alloc)(void); -.Ed -.Pp -The -.Fn event_alloc -function is used to allocate a -.Li struct sudo_plugin_event -which provides access to the main -.Nm sudo -event loop. -Unlike the other fields, the -.Fn event_alloc -pointer is filled in by the -.Nm sudo -front end, not by the plugin. -.Pp -See the -.Sx Event API -section below for more information -about events. -.Pp -NOTE: the -.Fn event_alloc -function is only available starting -with API version 1.17. -If the -.Nm sudo -front end doesn't support API -version 1.17 or higher, -.Fn event_alloc -will not be set. -.El -.Ss Approval plugin API -.Bd -literal -struct approval_plugin { -#define SUDO_APPROVAL_PLUGIN 4 - unsigned int type; /* always SUDO_APPROVAL_PLUGIN */ - unsigned int version; /* always SUDO_API_VERSION */ - int (*open)(unsigned int version, sudo_conv_t conversation, - sudo_printf_t sudo_printf, char * const settings[], - char * const user_info[], int submit_optind, - char * const submit_argv[], char * const submit_envp[], - char * const plugin_options[], const char **errstr); - void (*close)(void); - int (*check)(char * const command_info[], char * const run_argv[], - char * const run_envp[], const char **errstr); - int (*show_version)(int verbose); -}; -.Ed -.Pp -An approval plugin can be used to apply extra constraints after a -command has been accepted by the policy plugin. -Unlike the other plugin types, it does not remain open until the command -completes. -The plugin is opened before a call to -.Fn check -or -.Fn show_version -and closed shortly thereafter (audit plugin functions must be called -before the plugin is closed). -Multiple approval plugins may be specified in -.Xr sudo.conf @mansectform@ . -.Pp -The approval_plugin struct has the following fields: -.Bl -tag -width 4n -.It type -The -.Li type -field should always be set to -.Dv SUDO_APPROVAL_PLUGIN . -.It version -The -.Li version -field should be set to -.Dv SUDO_API_VERSION . -.Pp -This allows -.Nm sudo -to determine the API version the plugin was -built against. -.It open -.Bd -literal -compact -int (*open)(unsigned int version, sudo_conv_t conversation, - sudo_printf_t sudo_printf, char * const settings[], - char * const user_info[], int submit_optind, - char * const submit_argv[], char * const submit_envp[], - char * const plugin_options[], const char **errstr); -.Ed -.Pp -The approval -.Fn open -function is run immediately before a call to the plugin's -.Fn check -or -.Fn show_version -functions. -It is only called if the version is being requested or if the -policy plugin's -.Fn check_policy -function has returned successfully. -It returns 1 on success, 0 on failure, \-1 if a general error occurred, -or \-2 if there was a usage error. -In the latter case, -.Nm sudo -will print a usage message before it exits. -If an error occurs, the plugin may optionally call the -.Fn conversation -or -.Fn plugin_printf -function with -.Dv SUDO_CONF_ERROR_MSG -to present additional error information to the user. -.Pp -The function arguments are as follows: -.Bl -tag -width 4n -.It version -The version passed in by -.Nm sudo -allows the plugin to determine the -major and minor version number of the plugin API supported by -.Nm sudo . -.It conversation -A pointer to the -.Fn conversation -function that can be used by the plugin to interact with the user (see -.Sx Conversation API -for details). -Returns 0 on success and \-1 on failure. -.It plugin_printf -A pointer to a -.Fn printf Ns -style -function that may be used to display informational or error messages (see -.Sx Conversation API -for details). -Returns the number of characters printed on success and \-1 on failure. -.It settings -A vector of user-supplied -.Nm sudo -settings in the form of -.Dq name=value -strings. -The vector is terminated by a -.Dv NULL -pointer. -These settings correspond to options the user specified when running -.Nm sudo . -As such, they will only be present when the corresponding option has -been specified on the command line. -.Pp -When parsing -.Em settings , -the plugin should split on the -.Sy first -equal sign -.Pq Ql = -since the -.Em name -field will never include one -itself but the -.Em value -might. -.Pp -See the -.Sx Policy plugin API -section for a list of all possible settings. -.It user_info -A vector of information about the user running the command in the form of -.Dq name=value -strings. -The vector is terminated by a -.Dv NULL -pointer. -.Pp -When parsing -.Em user_info , -the plugin should split on the -.Sy first -equal sign -.Pq Ql = -since the -.Em name -field will never include one -itself but the -.Em value -might. -.Pp -See the -.Sx Policy plugin API -section for a list of all possible strings. -.It submit_optind -The index into -.Fa submit_argv -that corresponds to the first entry that is not a command line option. -If -.Fa submit_argv -only consists of options, which may be the case with the -.Fl l -or -.Fl v -options, -.Li submit_argv[submit_optind] -will evaluate to the NULL pointer. -.It submit_argv -The argument vector -.Nm sudo -was invoked with, including all command line options. -The -.Fa submit_optind -argument can be used to determine the end of the command line options. -.It submit_envp -The invoking user's environment in the form of a -.Dv NULL Ns -terminated -vector of -.Dq name=value -strings. -.Pp -When parsing -.Em submit_envp , -the plugin should split on the -.Sy first -equal sign -.Pq Ql = -since the -.Em name -field will never include one -itself but the -.Em value -might. -.It plugin_options -Any (non-comment) strings immediately after the plugin path are -treated as arguments to the plugin. -These arguments are split on a white space boundary and are passed to -the plugin in the form of a -.Dv NULL Ns -terminated -array of strings. -If no arguments were specified, -.Em plugin_options -will be the -.Dv NULL -pointer. -.It errstr -If the -.Fn open -function returns a value other than 1, the plugin may -store a message describing the failure or error in -.Fa errstr . -The -.Nm sudo -front end will then pass this value to any registered audit plugins. -The string stored in -.Fa errstr -must remain valid until the plugin's -.Fn close -function is called. -.El -.It close -.Bd -literal -compact -void (*close)(void); -.Ed -.Pp -The -.Fn close -function is called after the approval plugin's -.Fn check -or -.Fn show_version -functions have been called. -It takes no arguments. -The -.Fn close -function is typically used to perform plugin-specific cleanup, -such as the freeing of memory objects allocated by the plugin. -If the plugin does not need to perform any cleanup, -.Fn close -may be set to the -.Dv NULL -pointer. -.It check -.Bd -literal -compact -int (*check)(char * const command_info[], char * const run_argv[], - char * const run_envp[], const char **errstr); -.Ed -.Pp -The approval -.Fn check -function is run after the policy plugin -.Fn check_policy -function and before any I/O logging plugins. -If multiple approval plugins are loaded, they must all succeed for -the command to be allowed. -It returns 1 on success, 0 on failure, \-1 if a general error occurred, -or \-2 if there was a usage error. -In the latter case, -.Nm sudo -will print a usage message before it exits. -If an error occurs, the plugin may optionally call the -.Fn conversation -or -.Fn plugin_printf -function with -.Dv SUDO_CONF_ERROR_MSG -to present additional error information to the user. -.Pp -The function arguments are as follows: -.Bl -tag -width 4n -.It command_info -A vector of information describing the command being run in the form of -.Dq name=value -strings. -The vector is terminated by a -.Dv NULL -pointer. -.Pp -When parsing -.Em command_info , -the plugin should split on the -.Sy first -equal sign -.Pq Ql = -since the -.Em name -field will never include one -itself but the -.Em value -might. -.Pp -See the -.Sx Policy plugin API -section for a list of all possible strings. -.It run_argv -A -.Dv NULL Ns -terminated -argument vector describing a command that will be run in the -same form as what would be passed to the -.Xr execve 2 -system call. -.It run_envp -The environment the command will be run with in the form of a -.Dv NULL Ns -terminated -vector of -.Dq name=value -strings. -.Pp -When parsing -.Em run_envp , -the plugin should split on the -.Sy first -equal sign -.Pq Ql = -since the -.Em name -field will never include one -itself but the -.Em value -might. -.It errstr -If the -.Fn open -function returns a value other than 1, the plugin may -store a message describing the failure or error in -.Fa errstr . -The -.Nm sudo -front end will then pass this value to any registered audit plugins. -The string stored in -.Fa errstr -must remain valid until the plugin's -.Fn close -function is called. -.El -.It show_version -.Bd -literal -compact -int (*show_version)(int verbose); -.Ed -.Pp -The -.Fn show_version -function is called by -.Nm sudo -when the user specifies -the -.Fl V -option. -The plugin may display its version information to the user via the -.Fn conversation -or -.Fn plugin_printf -function using -.Dv SUDO_CONV_INFO_MSG . -If the user requests detailed version information, the verbose flag will be set. -.Pp -Returns 1 on success, 0 on failure, \-1 if a general error occurred, -or \-2 if there was a usage error, although the return value is currently -ignored. -.El -.Ss Signal handlers -The -.Nm sudo -front end installs default signal handlers to trap common signals -while the plugin functions are run. -The following signals are trapped by default before the command is -executed: -.Pp -.Bl -bullet -compact -width 1n -.It -.Dv SIGALRM -.It -.Dv SIGHUP -.It -.Dv SIGINT -.It -.Dv SIGPIPE -.It -.Dv SIGQUIT -.It -.Dv SIGTERM -.It -.Dv SIGTSTP -.It -.Dv SIGUSR1 -.It -.Dv SIGUSR2 -.El -.Pp -If a fatal signal is received before the command is executed, -.Nm sudo -will call the plugin's -.Fn close -function with an exit status of 128 plus the value of the signal -that was received. -This allows for consistent logging of commands killed by a signal -for plugins that log such information in their -.Fn close -function. -An exception to this is -.Ev SIGPIPE , -which is ignored until the command is executed. -.Pp -A plugin may temporarily install its own signal handlers but must -restore the original handler before the plugin function returns. -.Ss Hook function API -Beginning with plugin API version 1.2, it is possible to install -hooks for certain functions called by the -.Nm sudo -front end. -.Pp -Currently, the only supported hooks relate to the handling of -environment variables. -Hooks can be used to intercept attempts to get, set, or remove -environment variables so that these changes can be reflected in -the version of the environment that is used to execute a command. -A future version of the API will support hooking internal -.Nm sudo -front end functions as well. -.Pp -.Em Hook structure -.Pp -Hooks in -.Nm sudo -are described by the following structure: -.Bd -literal -typedef int (*sudo_hook_fn_t)(); - -struct sudo_hook { - unsigned int hook_version; - unsigned int hook_type; - sudo_hook_fn_t hook_fn; - void *closure; -}; -.Ed -.Pp -The -.Li sudo_hook -structure has the following fields: -.Bl -tag -width 4n -.It hook_version -The -.Li hook_version -field should be set to -.Dv SUDO_HOOK_VERSION . -.It hook_type -The -.Li hook_type -field may be one of the following supported hook types: -.Bl -tag -width 4n -.It Dv SUDO_HOOK_SETENV -The C library -.Xr setenv 3 -function. -Any registered hooks will run before the C library implementation. -The -.Li hook_fn -field should -be a function that matches the following typedef: -.Bd -literal -typedef int (*sudo_hook_fn_setenv_t)(const char *name, - const char *value, int overwrite, void *closure); -.Ed -.Pp -If the registered hook does not match the typedef the results are -unspecified. -.It Dv SUDO_HOOK_UNSETENV -The C library -.Xr unsetenv 3 -function. -Any registered hooks will run before the C library implementation. -The -.Li hook_fn -field should -be a function that matches the following typedef: -.Bd -literal -typedef int (*sudo_hook_fn_unsetenv_t)(const char *name, - void *closure); -.Ed -.It Dv SUDO_HOOK_GETENV -The C library -.Xr getenv 3 -function. -Any registered hooks will run before the C library implementation. -The -.Li hook_fn -field should -be a function that matches the following typedef: -.Bd -literal -typedef int (*sudo_hook_fn_getenv_t)(const char *name, - char **value, void *closure); -.Ed -.Pp -If the registered hook does not match the typedef the results are -unspecified. -.It Dv SUDO_HOOK_PUTENV -The C library -.Xr putenv 3 -function. -Any registered hooks will run before the C library implementation. -The -.Li hook_fn -field should -be a function that matches the following typedef: -.Bd -literal -typedef int (*sudo_hook_fn_putenv_t)(char *string, - void *closure); -.Ed -.Pp -If the registered hook does not match the typedef the results are -unspecified. -.El -.It hook_fn -sudo_hook_fn_t hook_fn; -.Pp -The -.Li hook_fn -field should be set to the plugin's hook implementation. -The actual function arguments will vary depending on the -.Li hook_type -(see -.Li hook_type -above). -In all cases, the -.Li closure -field of -.Li struct sudo_hook -is passed as the last function parameter. -This can be used to pass arbitrary data to the plugin's hook implementation. -.Pp -The function return value may be one of the following: -.Bl -tag -width 4n -.It Dv SUDO_HOOK_RET_ERROR -The hook function encountered an error. -.It Dv SUDO_HOOK_RET_NEXT -The hook completed without error, go on to the next hook (including -the system implementation if applicable). -For example, a -.Xr getenv 3 -hook might return -.Dv SUDO_HOOK_RET_NEXT -if the specified variable was not found in the private copy of the environment. -.It Dv SUDO_HOOK_RET_STOP -The hook completed without error, stop processing hooks for this invocation. -This can be used to replace the system implementation. -For example, a -.Li setenv -hook that operates on a private copy of -the environment but leaves -.Li environ -unchanged. -.El -.El -.Pp -Note that it is very easy to create an infinite loop when hooking -C library functions. -For example, a -.Xr getenv 3 -hook that calls the -.Xr snprintf 3 -function may create a loop if the -.Xr snprintf 3 -implementation calls -.Xr getenv 3 -to check the locale. -To prevent this, you may wish to use a static variable in the hook -function to guard against nested calls. -For example: -.Bd -literal -static int in_progress = 0; /* avoid recursion */ -if (in_progress) - return SUDO_HOOK_RET_NEXT; -in_progress = 1; -\&... -in_progress = 0; -return SUDO_HOOK_RET_STOP; -.Ed -.Pp -.Em Hook API Version Macros -.Bd -literal -/* Hook API version major/minor */ -#define SUDO_HOOK_VERSION_MAJOR 1 -#define SUDO_HOOK_VERSION_MINOR 0 -#define SUDO_HOOK_VERSION SUDO_API_MKVERSION(SUDO_HOOK_VERSION_MAJOR,\e - SUDO_HOOK_VERSION_MINOR) -.Ed -.Pp -For getters and setters see the -.Sx Policy plugin API . -.Ss Event API -When -.Nm sudo -runs a command, it uses an event loop to service signals and I/O. -Events may be triggered based on time, a file or socket descriptor -becoming ready, or due to receipt of a signal. -Starting with API version 1.15, it is possible for a plugin to -participate in this event loop by calling the -.Fn event_alloc -function. -.Pp -.Em Event structure -.Pp -Events are described by the following structure: -.Pp -.Bd -literal -compact -typedef void (*sudo_plugin_ev_callback_t)(int fd, int what, void *closure); - -struct sudo_plugin_event { - int (*set)(struct sudo_plugin_event *pev, int fd, int events, - sudo_plugin_ev_callback_t callback, void *closure); - int (*add)(struct sudo_plugin_event *pev, struct timespec *timeout); - int (*del)(struct sudo_plugin_event *pev); - int (*pending)(struct sudo_plugin_event *pev, int events, - struct timespec *ts); - int (*fd)(struct sudo_plugin_event *pev); - void (*setbase)(struct sudo_plugin_event *pev, void *base); - void (*loopbreak)(struct sudo_plugin_event *pev); - void (*free)(struct sudo_plugin_event *pev); -}; -.Ed -.Pp -The sudo_plugin_event struct contains the following function pointers: -.Bl -tag -width 4n -.It Fn set -.Bd -literal -compact -int (*set)(struct sudo_plugin_event *pev, int fd, int events, - sudo_plugin_ev_callback_t callback, void *closure); -.Ed -.Pp -The -.Fn set -function takes the following arguments: -.Bl -tag -width 4n -.It struct sudo_plugin_event * Ns Fa pev -A pointer to the struct sudo_plugin_event itself. -.It Fa fd -The file or socket descriptor for I/O-based events or the signal -number for signal events. -For time-based events, -.Fa fd -must be -1. -.It Fa events -The following values determine what will trigger the event callback: -.Bl -tag -width 4n -.It SUDO_PLUGIN_EV_TIMEOUT -callback is run after the specified timeout expires -.It SUDO_PLUGIN_EV_READ -callback is run when the file descriptor is readable -.It SUDO_PLUGIN_EV_WRITE -callback is run when the file descriptor is writable -.It SUDO_PLUGIN_EV_PERSIST -event is persistent and remains enabled until explicitly deleted -.It SUDO_PLUGIN_EV_SIGNAL -callback is run when the specified signal is received -.El -.Pp -The -.Ev SUDO_PLUGIN_EV_PERSIST -flag may be ORed with any of the event types. -It is also possible to OR -.Ev SUDO_PLUGIN_EV_READ -and -.Ev SUDO_PLUGIN_EV_WRITE -together to run the callback when a descriptor is ready to be -either read from or written to. -All other event values are mutually exclusive. -.It sudo_plugin_ev_callback_t Fa callback -.Bd -literal -compact -typedef void (*sudo_plugin_ev_callback_t)(int fd, int what, - void *closure); -.Ed -.Pp -The function to call when an event is triggered. -The -.Fn callback -function is run with the following arguments: -.Bl -tag -width 4n -.It Fa fd -The file or socket descriptor for I/O-based events or the signal -number for signal events. -.It Fa what -The event type that triggered that callback. -For events that have multiple event types (for example -.Ev SUDO_PLUGIN_EV_READ -and -.Ev SUDO_PLUGIN_EV_WRITE ) -or have an associated timeout, -.Fa what -can be used to determine why the callback was run. -.It Fa closure -The generic pointer that was specified in the -.Fn set -function. -.El -.It closure -A generic pointer that will be passed to the callback function. -.El -.Pp -The -.Fn set -function returns 1 on success, and \-1 if a error occurred. -.It Fn add -.Bd -literal -compact -int (*add)(struct sudo_plugin_event *pev, struct timespec *timeout); -.Ed -.Pp -The -.Fn add -function adds the event -.Fa pev -to -.Nm sudo Ns No 's -event loop. -The event must have previously been initialized via the -.Fn set -function. -If the -.Fa timeout -argument is not NULL, it should specify a (relative) timeout after -which the event will be triggered if the main event criteria has -not been met. -This is often used to implement an I/O timeout where the event -will fire if a descriptor is not ready within a certain time -period. -If the event is already present in the event loop, its -.Fa timeout -will be adjusted to match the new value, if any. -.Pp -The -.Fn add -function returns 1 on success, and \-1 if a error occurred. -.It Fn del -.Bd -literal -compact -int (*del)(struct sudo_plugin_event *pev); -.Ed -.Pp -The -.Fn del -function deletes the event -.Fa pev -from -.Nm sudo Ns No 's -event loop. -Deleted events can be added back via the -.Fn add -function. -.Pp -The -.Fn del -function returns 1 on success, and \-1 if a error occurred. -.It Fn pending -.Bd -literal -compact -int (*pending)(struct sudo_plugin_event *pev, int events, - struct timespec *ts); -.Ed -.Pp -The -.Fn pending -function can be used to determine whether one or more events is pending. -The -.Fa events -argument specifies which events to check for. -See the -.Fn set -function for a list of valid event types. -If -.Dv SUDO_PLUGIN_EV_TIMEOUT -is specified in -.Dv events , -the event has an associated timeout and the -.Fa ts -pointer is non-NULL, it will be filled in with the remaining time. -.It Fn fd -.Bd -literal -compact -int (*fd)(struct sudo_plugin_event *pev); -.Ed -.Pp -The -.Fn fd -function returns the descriptor or signal number associated with -the event -.Fa pev . -.It Fn setbase -.Bd -literal -compact -void (*setbase)(struct sudo_plugin_event *pev, void *base); -.Ed -.Pp -The -.Fn setbase -function sets the underlying event -.Fa base -for -.Fa pev -to the specified value. -This can be used to move an event created via -.Fn event_alloc -to a new event loop allocated by sudo's event subsystem. -If -.Fa base -is -.Dv NULL , -.Fa pev Ns 's -event base is reset to the default value, which corresponds to -.Nm sudo Ns 's -main event loop. -Using this function requires linking the plugin with the sudo_util -library. -It is unlikely to be used outside of the -.Nm sudoers -plugin. -.It Fn loopbreak -.Bd -literal -compact -void (*loopbreak)(struct sudo_plugin_event *pev); -.Ed -.Pp -The -.Fn loopbreak -function causes -.Nm sudo Ns No 's -event loop to exit immediately and the running command to be terminated. -.It Fn free -.Bd -literal -compact -void (*free)(struct sudo_plugin_event *pev); -.Ed -.Pp -The -.Fn free -function deletes the event -.Fa pev -from the event loop and frees the memory associated with it. -.El -.Ss Remote command execution -The -.Nm sudo -front end does not support running remote commands. -However, starting with -.Nm sudo -1.8.8, the -.Fl h -option may be used to specify a remote host that is passed -to the policy plugin. -A plugin may also accept a -.Em runas_user -in the form of -.Dq user@hostname -which will work with older versions of -.Nm sudo . -It is anticipated that remote commands will be supported by executing a -.Dq helper -program. -The policy plugin should setup the execution environment such that the -.Nm sudo -front end will run the helper which, in turn, will connect to the -remote host and run the command. -.Pp -For example, the policy plugin could utilize -.Nm ssh -to perform remote command execution. -The helper program would be responsible for running -.Nm ssh -with the proper options to use a private key or certificate -that the remote host will accept and run a program -on the remote host that would setup the execution environment -accordingly. -.Pp -Note that remote -.Nm sudoedit -functionality must be handled by the policy plugin, not -.Nm sudo -itself as the front end has no knowledge that a remote command is -being executed. -This may be addressed in a future revision of the plugin API. -.Ss Conversation API -If the plugin needs to interact with the user, it may do so via the -.Fn conversation -function. -A plugin should not attempt to read directly from the standard input -or the user's tty (neither of which are guaranteed to exist). -The caller must include a trailing newline in -.Li msg -if one is to be printed. -.Pp -A -.Fn printf Ns -style -function is also available that can be used to display informational -or error messages to the user, which is usually more convenient for -simple messages where no use input is required. -.Pp -.Em Conversation function structures -.Pp -The conversation function takes as arguments pointers to the following -structures: -.Bd -literal -struct sudo_conv_message { -#define SUDO_CONV_PROMPT_ECHO_OFF 0x0001 /* do not echo user input */ -#define SUDO_CONV_PROMPT_ECHO_ON 0x0002 /* echo user input */ -#define SUDO_CONV_ERROR_MSG 0x0003 /* error message */ -#define SUDO_CONV_INFO_MSG 0x0004 /* informational message */ -#define SUDO_CONV_PROMPT_MASK 0x0005 /* mask user input */ -#define SUDO_CONV_PROMPT_ECHO_OK 0x1000 /* flag: allow echo if no tty */ -#define SUDO_CONV_PREFER_TTY 0x2000 /* flag: use tty if possible */ - int msg_type; - int timeout; - const char *msg; -}; - -#define SUDO_CONV_REPL_MAX 1023 - -struct sudo_conv_reply { - char *reply; -}; - -typedef int (*sudo_conv_callback_fn_t)(int signo, void *closure); -struct sudo_conv_callback { - unsigned int version; - void *closure; - sudo_conv_callback_fn_t on_suspend; - sudo_conv_callback_fn_t on_resume; -}; -.Ed -.Pp -Pointers to the -.Fn conversation -and -.Fn printf Ns -style -functions are passed -in to the plugin's -.Fn open -function when the plugin is initialized. -The following type definitions can be used in the declaration of the -.Fn open -function: -.Bd -literal -typedef int (*sudo_conv_t)(int num_msgs, - const struct sudo_conv_message msgs[], - struct sudo_conv_reply replies[], struct sudo_conv_callback *callback); - -typedef int (*sudo_printf_t)(int msg_type, const char *fmt, ...); -.Ed -.Pp -To use the -.Fn conversation -function, the plugin must pass an array of -.Li sudo_conv_message -and -.Li sudo_conv_reply -structures. -There must be a -.Li struct sudo_conv_message -and -.Li struct sudo_conv_reply -for -each message in the conversation, that is, both arrays must have the same -number of elements. -Each -.Li struct sudo_conv_reply -must have its -.Em reply -member initialized to -.Dv NULL . -The -.Li struct sudo_conv_callback -pointer, if not -.Dv NULL , -should contain function pointers to be called when the -.Nm sudo -process is suspended and/or resumed during conversation input. -The -.Fa on_suspend -and -.Fa on_resume -functions are called with the signal that caused -.Nm sudo -to be suspended and the -.Fa closure -pointer from the -.Li struct sudo_conv_callback . -These functions should return 0 on success and \-1 on error. -On error, the conversation will end and the conversation function -will return a value of \-1. -The intended use is to allow the plugin to release resources, such as locks, -that should not be held indefinitely while suspended and then reacquire them -when the process is resumed. -Note that the functions are not actually invoked from within a signal handler. -.Pp -The -.Em msg_type -must be set to one of the following values: -.Bl -tag -width 4n -.It SUDO_CONV_PROMPT_ECHO_OFF -Prompt the user for input with echo disabled; -this is generally used for passwords. -The reply will be stored in the -.Em replies -array, and it will never be -.Dv NULL . -.It SUDO_CONV_PROMPT_ECHO_ON -Prompt the user for input with echo enabled. -The reply will be stored in the -.Em replies -array, and it will never be -.Dv NULL . -.It SUDO_CONV_ERROR_MSG -Display an error message. -The message is written to the standard error unless the -.Dv SUDO_CONV_PREFER_TTY -flag is set, in which case it is written to the user's terminal if possible. -.It SUDO_CONV_INFO_MSG -Display a message. -The message is written to the standard output unless the -.Dv SUDO_CONV_PREFER_TTY -flag is set, in which case it is written to the user's terminal if possible. -.It SUDO_CONV_PROMPT_MASK -Prompt the user for input but echo an asterisk character for each -character read. -The reply will be stored in the -.Em replies -array, and it will never be -.Dv NULL . -This can be used to provide visual feedback to the user while reading -sensitive information that should not be displayed. -.El -.Pp -In addition to the above values, the following flag bits may also be set: -.Bl -tag -width 4n -.It SUDO_CONV_PROMPT_ECHO_OK -Allow input to be read when echo cannot be disabled -when the message type is -.Dv SUDO_CONV_PROMPT_ECHO_OFF -or -.Dv SUDO_CONV_PROMPT_MASK . -By default, -.Nm sudo -will refuse to read input if the echo cannot be disabled for those -message types. -.It SUDO_CONV_PREFER_TTY -When displaying a message via -.Dv SUDO_CONV_ERROR_MSG -or -.Dv SUDO_CONV_INFO_MSG , -try to write the message to the user's terminal. -If the terminal is unavailable, the standard error or standard output -will be used, depending upon whether -The user's terminal is always used when possible for input, -this flag is only used for output. -.Dv SUDO_CONV_ERROR_MSG -or -.Dv SUDO_CONV_INFO_MSG -was used. -.El -.Pp -The -.Em timeout -in seconds until the prompt will wait for no more input. -A zero value implies an infinite timeout. -.Pp -The plugin is responsible for freeing the reply buffer located in each -.Li struct sudo_conv_reply , -if it is not -.Dv NULL . -.Dv SUDO_CONV_REPL_MAX -represents the maximum length of the reply buffer (not including -the trailing NUL character). -In practical terms, this is the longest password -.Nm sudo -will support. -.Pp -The -.Fn printf Ns -style -function uses the same underlying mechanism as the -.Fn conversation -function but only supports -.Dv SUDO_CONV_INFO_MSG -and -.Dv SUDO_CONV_ERROR_MSG -for the -.Em msg_type -parameter. -It can be more convenient than using the -.Fn conversation -function if no user reply is needed and supports standard -.Fn printf -escape sequences. -.Pp -See the sample plugin for an example of the -.Fn conversation -function usage. -.Ss Plugin invocation order -As of -.Nm sudo -1.9.0, the plugin -.Fn open -and -.Fn close -functions are called in the -following order: -.Bl -enum -.It -audit open -.It -policy open -.It -approval open -.It -approval close -.It -I/O log open -.It -command runs -.It -command exits -.It -I/O log close -.It -policy close -.It -audit close -.It -sudo exits -.El -.Pp -Prior to -.Nm sudo -1.9.0, the I/O log -.Fn close -function was called -.Em after -the policy -.Fn close -function. -.Ss Sudoers group plugin API -The -.Nm sudoers -plugin supports its own plugin interface to allow non-Unix -group lookups. -This can be used to query a group source other than the standard Unix -group database. -Two sample group plugins are bundled with -.Nm sudo , -.Em group_file -and -.Em system_group , -are detailed in -.Xr sudoers @mansectform@ . -Third party group plugins include a QAS AD plugin available from Quest Software. -.Pp -A group plugin must declare and populate a -.Li sudoers_group_plugin -struct in the global scope. -This structure contains pointers to the functions that implement plugin -initialization, cleanup and group lookup. -.Bd -literal -struct sudoers_group_plugin { - unsigned int version; - int (*init)(int version, sudo_printf_t sudo_printf, - char *const argv[]); - void (*cleanup)(void); - int (*query)(const char *user, const char *group, - const struct passwd *pwd); -}; -.Ed -.Pp -The -.Li sudoers_group_plugin -struct has the following fields: -.Bl -tag -width 4n -.It version -The -.Li version -field should be set to GROUP_API_VERSION. -.Pp -This allows -.Nm sudoers -to determine the API version the group plugin -was built against. -.It init -.Bd -literal -compact -int (*init)(int version, sudo_printf_t plugin_printf, - char *const argv[]); -.Ed -.Pp -The -.Fn init -function is called after -.Em sudoers -has been parsed but -before any policy checks. -It returns 1 on success, 0 on failure (or if the plugin is not configured), -and \-1 if a error occurred. -If an error occurs, the plugin may call the -.Fn plugin_printf -function with -.Dv SUDO_CONF_ERROR_MSG -to present additional error information to the user. -.Pp -The function arguments are as follows: -.Bl -tag -width 4n -.It version -The version passed in by -.Nm sudoers -allows the plugin to determine the -major and minor version number of the group plugin API supported by -.Nm sudoers . -.It plugin_printf -A pointer to a -.Fn printf Ns -style -function that may be used to display informational or error message to the user. -Returns the number of characters printed on success and \-1 on failure. -.It argv -A -.Dv NULL Ns -terminated -array of arguments generated from the -.Em group_plugin -option in -.Em sudoers . -If no arguments were given, -.Em argv -will be -.Dv NULL . -.El -.It cleanup -.Bd -literal -compact -void (*cleanup)(); -.Ed -.Pp -The -.Fn cleanup -function is called when -.Nm sudoers -has finished its -group checks. -The plugin should free any memory it has allocated and close open file handles. -.It query -.Bd -literal -compact -int (*query)(const char *user, const char *group, - const struct passwd *pwd); -.Ed -.Pp -The -.Fn query -function is used to ask the group plugin whether -.Em user -is a member of -.Em group . -.Pp -The function arguments are as follows: -.Bl -tag -width 4n -.It user -The name of the user being looked up in the external group database. -.It group -The name of the group being queried. -.It pwd -The password database entry for -.Em user , -if any. -If -.Em user -is not -present in the password database, -.Em pwd -will be -.Dv NULL . -.El -.El -.Pp -.Em Group API Version Macros -.Bd -literal -/* Sudoers group plugin version major/minor */ -#define GROUP_API_VERSION_MAJOR 1 -#define GROUP_API_VERSION_MINOR 0 -#define GROUP_API_VERSION ((GROUP_API_VERSION_MAJOR << 16) | \e - GROUP_API_VERSION_MINOR) -.Ed -For getters and setters see the -.Sx Policy plugin API . -.Sh PLUGIN API CHANGELOG -The following revisions have been made to the Sudo Plugin API. -.Bl -tag -width 4n -.It Version 1.0 -Initial API version. -.It Version 1.1 (sudo 1.8.0) -The I/O logging plugin's -.Fn open -function was modified to take the -.Li command_info -list as an argument. -.It Version 1.2 (sudo 1.8.5) -The Policy and I/O logging plugins' -.Fn open -functions are now passed -a list of plugin parameters if any are specified in -.Xr sudo.conf @mansectform@ . -.Pp -A simple hooks API has been introduced to allow plugins to hook in to the -system's environment handling functions. -.Pp -The -.Li init_session -Policy plugin function is now passed a pointer -to the user environment which can be updated as needed. -This can be used to merge in environment variables stored in the PAM -handle before a command is run. -.It Version 1.3 (sudo 1.8.7) -Support for the -.Em exec_background -entry has been added to the -.Li command_info -list. -.Pp -The -.Em max_groups -and -.Em plugin_dir -entries were added to the -.Li settings -list. -.Pp -The -.Fn version -and -.Fn close -functions are now optional. -Previously, a missing -.Fn version -or -.Fn close -function would result in a crash. -If no policy plugin -.Fn close -function is defined, a default -.Fn close -function will be provided by the -.Nm sudo -front end that displays a warning if the command could not be -executed. -.Pp -The -.Nm sudo -front end now installs default signal handlers to trap common signals -while the plugin functions are run. -.It Version 1.4 (sudo 1.8.8) -The -.Em remote_host -entry was added to the -.Li settings -list. -.It Version 1.5 (sudo 1.8.9) -The -.Em preserve_fds -entry was added to the -.Li command_info -list. -.It Version 1.6 (sudo 1.8.11) -The behavior when an I/O logging plugin returns an error -.Pq \-1 -has changed. -Previously, the -.Nm sudo -front end took no action when the -.Fn log_ttyin , -.Fn log_ttyout , -.Fn log_stdin , -.Fn log_stdout , -or -.Fn log_stderr -function returned an error. -.Pp -The behavior when an I/O logging plugin returns 0 has changed. -Previously, output from the command would be displayed to the -terminal even if an output logging function returned 0. -.It Version 1.7 (sudo 1.8.12) -The -.Em plugin_path -entry was added to the -.Li settings -list. -.Pp -The -.Em debug_flags -entry now starts with a debug file path name and may occur multiple -times if there are multiple plugin-specific Debug lines in the -.Xr sudo.conf @mansectform@ file. -.It Version 1.8 (sudo 1.8.15) -The -.Em sudoedit_checkdir -and -.Em sudoedit_follow -entries were added to the -.Li command_info -list. -The default value of -.Em sudoedit_checkdir -was changed to true in sudo 1.8.16. -.Pp -The sudo -.Em conversation -function now takes a pointer to a -.Li struct sudo_conv_callback -as its fourth argument. -The -.Li sudo_conv_t -definition has been updated to match. -The plugin must specify that it supports plugin API version 1.8 or higher -to receive a conversation function pointer that supports this argument. -.It Version 1.9 (sudo 1.8.16) -The -.Em execfd -entry was added to the -.Li command_info -list. -.It Version 1.10 (sudo 1.8.19) -The -.Em umask -entry was added to the -.Li user_info -list. -The -.Em iolog_group , -.Em iolog_mode , -and -.Em iolog_user -entries were added to the -.Li command_info -list. -.It Version 1.11 (sudo 1.8.20) -The -.Em timeout -entry was added to the -.Li settings -list. -.It Version 1.12 (sudo 1.8.21) -The -.Li change_winsize -field was added to the io_plugin struct. -.It Version 1.13 (sudo 1.8.26) -The -.Li log_suspend -field was added to the io_plugin struct. -.It Version 1.14 (sudo 1.8.29) -The -.Em umask_override -entry was added to the -.Li command_info -list. -.It Version 1.15 (sudo 1.9.0) -The -.Em cwd_optional -entry was added to the -.Li command_info -list. -.Pp -The -.Em event_alloc -field was added to the policy_plugin and io_plugin structs. -.Pp -The -.Fa errstr -argument was added to the policy and I/O plugin functions -which the plugin function can use to return an error string. -This string may be used by the audit plugin to report failure or -error conditions set by the other plugins. -.Pp -The -.Fn close -function is now is called regardless of whether or not a command -was actually executed. -This makes it possible for plugins to perform cleanup even when a -command was not run. -.Pp -.Dv SUDO_CONV_REPL_MAX -has increased from 255 to 1023 bytes. -.Pp -Support for audit and approval plugins was added. -.It Version 1.16 (sudo 1.9.3) -Initial resource limit values were added to the -.Li user_info -list. -.Pp -The -.Em cmnd_chroot -and -.Em cmnd_cwd -enties were added to the -.Li settings -list. -.It Version 1.17 (sudo 1.9.4) -The -.Em event_alloc -field was added to the audit_plugin and approval_plugin structs. -.El -.Sh SEE ALSO -.Xr sudo.conf @mansectform@ , -.Xr sudoers @mansectform@ , -.Xr sudo @mansectsu@ -.Sh AUTHORS -Many people have worked on -.Nm sudo -over the years; this version consists of code written primarily by: -.Bd -ragged -offset indent -.An Todd C. Miller -.Ed -.Pp -See the CONTRIBUTORS file in the -.Nm sudo -distribution (https://www.sudo.ws/contributors.html) for an -exhaustive list of people who have contributed to -.Nm sudo . -.Sh BUGS -If you feel you have found a bug in -.Nm sudo , -please submit a bug report at https://bugzilla.sudo.ws/ -.Sh SUPPORT -Limited free support is available via the sudo-users mailing list, -see https://www.sudo.ws/mailman/listinfo/sudo-users to subscribe or -search the archives. -.Sh DISCLAIMER -.Nm sudo -is provided -.Dq AS IS -and any express or implied warranties, including, but not limited -to, the implied warranties of merchantability and fitness for a -particular purpose are disclaimed. -See the LICENSE file distributed with -.Nm sudo -or https://www.sudo.ws/license.html for complete details. diff -Nru sudo-1.9.5p2/doc/sudo_plugin_python.man.in sudo-1.9.9/doc/sudo_plugin_python.man.in --- sudo-1.9.5p2/doc/sudo_plugin_python.man.in 2020-12-17 01:33:43.000000000 +0000 +++ sudo-1.9.9/doc/sudo_plugin_python.man.in 1970-01-01 00:00:00.000000000 +0000 @@ -1,1890 +0,0 @@ -.\" Automatically generated from an mdoc input file. Do not edit. -.\" -.\" SPDX-License-Identifier: ISC -.\" -.\" Copyright (c) 2019-2020 Robert Manner -.\" -.\" Permission to use, copy, modify, and distribute this software for any -.\" purpose with or without fee is hereby granted, provided that the above -.\" copyright notice and this permission notice appear in all copies. -.\" -.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES -.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF -.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR -.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES -.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN -.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF -.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. -.\" -.TH "SUDO_PLUGIN_PYTHON" "5" "February 19, 2020" "Sudo @PACKAGE_VERSION@" "File Formats Manual" -.nh -.if n .ad l -.SH "NAME" -\fBsudo_plugin_python\fR -\- Sudo Plugin API (Python) -.SH "DESCRIPTION" -Starting with version 1.9, -\fBsudo\fR -plugins can be written in python. -The API closely follows the C -\fBsudo\fR -plugin API described by -sudo_plugin(@mansectform@). -.PP -The supported plugins types are: -.PP -.RS 4n -.PD 0 -.TP 3n -\fB\(bu\fR -Policy plugin -.TP 3n -\fB\(bu\fR -I/O plugin -.TP 3n -\fB\(bu\fR -Audit plugin -.TP 3n -\fB\(bu\fR -Approval plugin -.TP 3n -\fB\(bu\fR -Group provider plugin -.RE -.PD -.PP -Python plugin support needs to be explicitly enabled at build time -with the configure option -\(lq--enable-python\(rq. -Python version 3.0 or higher is required. -.SS "Sudo Python Plugin Base" -A plugin written in Python should be a class in a python file that -inherits from -\fIsudo.Plugin\fR. -The -\fIsudo.Plugin\fR -base class has no real purpose other than to identify this class as a plugin. -.PP -The only implemented method is a constructor, which stores the -keyword arguments it receives as fields (member variables) in the object. -This is intended as a convenience to allow you to avoid writing the -constructor yourself. -.PP -For example: -.nf -.sp -.RS 6n -import sudo - -class MySudoPlugin(sudo.Plugin): - # example constructor (optional) - def __init__(self, *args, **kwargs): - super().__init__(*args, **kwargs) - - # example destructor (optional) - def __del__(self): - pass -.RE -.fi -.PP -Both the constructor and destructor are optional and can be omitted. -.PP -The customized Plugin class should define a few plugin-specific methods. -When the plugin loads, -\fBsudo\fR -will create an instance of this class and call the methods. -The actual methods required depent on the type of the plugin, -but most return an -\(lqint\(rq -result code, as documented in -sudo_plugin(@mansctsu@), -that indicates whether or not the method was successful. -The Python sudo module defines the following constants to improve readability: -.RS 4n -.TS -l l. -.PP -\fBDefine\fR \fBValue\fR -.PP -\fRsudo.RC.OK\fR 1 -.PP -\fRsudo.RC.ACCEPT\fR 1 -.PP -\fRsudo.RC.REJECT\fR 0 -.PP -\fRsudo.RC.ERROR\fR -1 -.PP -\fRsudo.RC.USAGE_ERROR\fR -2 -.TE -.RE -.PP -If a function returns -\fINone\fR -(for example, if it does not call return), -it will be considered to have returned -\fRsudo.RC.OK\fR. -If an exception is raised (other than sudo.PluginException), the backtrace will be -shown to the user and the plugin function will return -\fRsudo.RC.ERROR\fR. -If that is not acceptable, you must catch the exception and handle it yourself. -.PP -Instead of just returning -\fRsudo.RC.ERROR\fR -or -\fRsudo.RC.REJECT\fR -result code the plugin can also provide a message describing the problem. -This can be done by raising one of the special exceptions: -.nf -.sp -.RS 6n -raise sudo.PluginError("Message") -raise sudo.PluginReject("Message") -.RE -.fi -.PP -This added message will be used by the audit plugins. -Both exceptions inherit from -\fRsudo.PluginException\fR -.SS "Python Plugin Loader" -Running the Python interpreter and bridging between C and Python is -handled by the -\fBsudo\fR -plugin -\fRpython_plugin.so\fR. -This shared object can be loaded like any other dynamic -\fBsudo\fR -plugin and should receive the path and the class name of the Python -plugin it is loading as arguments. -.PP -Example usage in -sudo.conf(@mansectform@): -.nf -.sp -.RS 6n -Plugin python_policy python_plugin.so ModulePath= ClassName= -Plugin python_io python_plugin.so ModulePath= ClassName= -Plugin python_audit python_plugin.so ModulePath= ClassName= -Plugin python_approval python_plugin.so ModulePath= ClassName= -.RE -.fi -.PP -Example group provider plugin usage in the -\fIsudoers\fR -file: -.nf -.sp -.RS 6n -Defaults group_plugin="python_plugin.so ModulePath= ClassName=" -.RE -.fi -.PP -The plugin arguments are as follows: -.TP 6n -ModulePath -The path of a python file which contains the class of the sudo Python plugin. -It must be either an absolute path or a path relative to the sudo Python plugin -directory: "@plugindir@/python". -.TP 6n -ClassName -(Optional.) The name of the class implementing the sudo Python plugin. -If not supplied, the one and only sudo.Plugin that is present in the module -will be used. -If there are multiple such plugins in the module (or none), it -will result in an error. -.SS "Policy plugin API" -Policy plugins must be registered in -sudo.conf(@mansectform@). -For example: -.nf -.sp -.RS 6n -Plugin python_policy python_plugin.so ModulePath= ClassName= -.RE -.fi -.PP -Currently, only a single policy plugin may be specified in -sudo.conf(@mansectform@). -.PP -A policy plugin may have the following member functions: -.TP 6n -\fBconstructor\fR -.nf -.RS 6n -__init__(self, user_env: Tuple[str, ...], settings: Tuple[str, ...], - version: str, user_info: Tuple[str, ...], - plugin_options: Tuple[str, ...]) -.RE -.fi -.RS 6n -.sp -Implementing this function is optional. -The default constructor will set the keyword arguments it receives -as member variables in the object. -.sp -The constructor matches the -\fBopen\fR() -function in the C sudo plugin API. -.sp -The function arguments are as follows: -.TP 6n -\fIuser_env\fR -The user's environment as a tuple of strings in -\(lqkey=value\(rq -format. -.TP 6n -\fIsettings\fR -A tuple of user-supplied -\fIsudo\fR -settings in the form of -\(lqkey=value\(rq -strings. -.TP 6n -\fIversion\fR -The version of the Python Policy Plugin API. -.TP 6n -\fIuser_info\fR -A tuple of information about the user running the command in the form of -\(lqkey=value\(rq -strings. -.TP 6n -\fIplugin_options\fR -The plugin options passed as arguments in the -sudo.conf(@mansectform@) -plugin registration. -This is a tuple of strings, usually (but not necessarily) in -\(lqkey=value\(rq -format. -.PP -The -\fBsudo.options_as_dict\fR() -convenience function can be used to convert -\(lqkey=value\(rq -pairs to a dictionary. -For a list of recognized keys and their supported values, -see the policy plugin -\fBopen\fR() -documentation in -sudo_plugin(@mansectform@). -.RE -.TP 6n -\fBcheck_policy\fR -.nf -.RS 6n -check_policy(self, argv: Tuple[str, ...], env_add: Tuple[str, ...]) -.RE -.fi -.RS 6n -.sp -The -\fBcheck_policy\fR() -function is called by -\fBsudo\fR -to determine whether the user is allowed to run the specified command. -Implementing this function is mandatory for a policy plugin. -.sp -The function arguments are as follows: -.TP 6n -\fIargv\fR -A tuple describing the command the user wishes to run. -.TP 6n -\fIenv_add\fR -Additional environment variables specified by the user on the command line in -the form of a tuple of -\(lqkey=value\(rq -pairs. -The -\fBsudo.options_as_dict\fR() -convenience function can be used to convert them to a dictionary. -.PP -This function should return a result code or a tuple in the following format: -.nf -.sp -.RS 12n -return (rc, command_info_out, argv_out, user_env_out) -.RE -.fi -.sp -The tuple values are as follows: -.TP 6n -\fIrc\fR -The result of the policy check, one of the -\fRsudo.RC.*\fR -constants. -\fRsudo.RC.ACCEPT\fR -if the command is allowed, -\fRsudo.RC.REJECT\fR -if not allowed, -\fRsudo.RC.ERROR\fR -for a general error, or -\fRsudo.RC.USAGE_ERROR\fR -for a usage error. -.TP 6n -\fIcommand_info_out\fR -Optional (only required when the command is accepted). -Information about the command being run in the form of -\(lqkey=value\(rq -strings. -.sp -To accept a command, at the very minimum the plugin must set in the -\fIcommand\fR, -\fIrunas_uid\fR -and -\fIrunas_gid\fR -keys. -.sp -For a list of recognized keys and supported values, -see the -\fBcheck_policy\fR() -documentation in -sudo_plugin(@mansectform@). -.TP 6n -\fIargv_out\fR -Optional (only required when the command is accepted). -The arguments to pass to the -execve(2) -system call when executing the command. -.TP 6n -\fIuser_env_out\fR -Optional (only required when the command is accepted). -The environment to use when executing the command in the form of a -tuple of strings in -\(lqkey=value\(rq -format. -.PD 0 -.PP -.RE -.PD -.TP 6n -\fBinit_session\fR -.nf -.RS 6n -init_session(self, user_pwd: Tuple, user_env: Tuple[str, ...]) -.RE -.fi -.RS 6n -.sp -Perform session setup (optional). -The -\fBinit_session\fR() -function is called before -\fBsudo\fR -sets up the -execution environment for the command before any uid or gid changes. -.sp -The function arguments are as follows: -.TP 6n -\fIuser_pwd\fR -A tuple describing the user's passwd entry. -Convertible to pwd.struct_passwd or -\fINone\fR -if the user is not present in the password database. -.sp -Example conversion: -.nf -.RS 12n -user_pwd = pwd.struct_passwd(user_pwd) if user_pwd else None -.RE -.fi -.TP 6n -\fIuser_env\fR -The environment the command will run in. -This is a tuple of strings in -\(lqkey=value\(rq -format. -.PP -This function should return a result code or a tuple in the following format: -.nf -.sp -.RS 10n -return (rc, user_env_out) -.RE -.fi -.sp -The tuple values are as follows: -.TP 6n -\fIrc\fR -The result of the session init, one of the -\fRsudo.RC.*\fR -constants. -\fRsudo.RC.OK\fR -on success, 0 on failure, or -\fRsudo.RC.ERROR\fR -if an error occurred. -.TP 6n -\fIuser_env_out\fR -Optional. -If the -\fBinit_session\fR() -function needs to modify the user environment, it can return the new -environment in -\fIuser_env_out\fR. -If this is omitted, no changes will be made to -\fIuser_env\fR. -.PD 0 -.PP -.RE -.PD -.TP 6n -\fBlist\fR -.nf -.RS 6n -list(self, argv: Tuple[str, ...], is_verbose: int, user: str) -.RE -.fi -.RS 6n -.sp -List available privileges for the invoking user. -.sp -The function arguments are as follows: -.TP 6n -\fIargv\fR -If not set to -\fINone\fR, -an argument vector describing a command the user wishes to check -against the policy. -.TP 6n -\fIis_verbose\fR -Flag indicating whether to list in verbose mode or not. -.TP 6n -\fIuser\fR -The name of a different user to list privileges for if the policy allows it. -If -\fINone\fR, -the plugin should list the privileges of the invoking user. -.PD 0 -.PP -.RE -.PD -.TP 6n -\fBvalidate\fR -.nf -.RS 6n -validate(self) -.RE -.fi -.RS 6n -.sp -For policy plugins that cache authentication credentials, this function is used to validate and cache the credentials (optional). -.RE -.TP 6n -\fBinvalidate\fR -.nf -.RS 6n -invalidate(self, remove: int) -.RE -.fi -.RS 6n -.sp -For policy plugins that cache authentication credentials, this function is used to invalidate the credentials (optional). -.sp -The function arguments are as follows: -.TP 6n -\fIremove\fR -If this flag is set, the plugin may remove the credentials instead of simply -invalidating them. -.PD 0 -.PP -.RE -.PD -.TP 6n -\fBshow_version\fR -.nf -.RS 6n -show_version(self, is_verbose: int) -.RE -.fi -.RS 6n -.sp -Display the plugin version information to the user. -The -\fBsudo.log_info\fR() -function should be used. -.sp -The function arguments are as follows: -.TP 6n -\fIis_verbose\fR -A flag to indicate displaying more verbose information. -Currently this is 1 if -\(oqsudo -V\(cq -is run as the root user. -.PD 0 -.PP -.RE -.PD -.TP 6n -\fBclose\fR -.br -.nf -.RS 6n -close(self, exit_status: int, error: int) -.RE -.fi -.RS 6n -.sp -Called when a command finishes executing. -.sp -Works the same as the -\fBclose\fR() -function in the C sudo plugin API, except that it only gets called if -\fBsudo\fR -attempts to execute the command. -.sp -The function arguments are as follows: -.TP 6n -\fIexit_status\fR -The exit status of the command if was executed, otherwise -1. -.TP 6n -\fIerror\fR -.br -If the command could not be executed, this is set to the value of -errno set by the -execve(2) -system call, otherwise 0. -.PD 0 -.PP -.RE -.PD -.SS "Policy plugin example" -Sudo ships with an example Python policy plugin. -To try it, register it by adding the following lines to -\fI@sysconfdir@/sudo.conf\fR: -.nf -.sp -.RS 0n -Plugin python_policy python_plugin.so \e - ModulePath=@prefix@/share/doc/sudo/examples/example_policy_plugin.py \e - ClassName=SudoPolicyPlugin -.RE -.fi -.PP -Be aware, however, that you cannot enable the Python policy plugin -in addition to another policy plugin, such as -sudoers(@mansectform@). -.SS "I/O plugin API" -I/O plugins must be registered in -sudo.conf(@mansectform@). -For example: -.nf -.sp -.RS 6n -Plugin python_io python_plugin.so ModulePath= ClassName= -.RE -.fi -.PP -Sudo supports loading multiple I/O plugins. -Currently only 8 python I/O plugins can be loaded at once. -.PP -An I/O plugin may have the following member functions: -.TP 6n -\fBconstructor\fR -.nf -.RS 6n -__init__(self, user_env: Tuple[str, ...], settings: Tuple[str, ...], - version: str, user_info: Tuple[str, ...], - plugin_options: Tuple[str, ...]) -.RE -.fi -.RS 6n -.sp -Implementing this function is optional. -The default constructor will set the keyword arguments it receives -as member variables in the object. -.sp -The constructor matches the -\fBopen\fR() -function in the C sudo plugin API. -.sp -The function arguments are as follows: -.TP 6n -\fIuser_env\fR -The user's environment as a tuple of strings in -\(lqkey=value\(rq -format. -.TP 6n -\fIsettings\fR -A tuple of user-supplied -\fIsudo\fR -settings in the form of -\(lqkey=value\(rq -strings. -.TP 6n -\fIversion\fR -The version of the Python I/O Plugin API. -.TP 6n -\fIuser_info\fR -A tuple of information about the user running the command in the form of -\(lqkey=value\(rq -strings. -.TP 6n -\fIplugin_options\fR -The plugin options passed as arguments in the -sudo.conf(@mansectform@) -plugin registration. -This is a tuple of strings, usually (but not necessarily) in -\(lqkey=value\(rq -format. -.PP -The -\fBsudo.options_as_dict\fR() -convenience function can be used to convert -\(lqkey=value\(rq -pairs to a dictionary. -For a list of recognized keys and their supported values, -see the I/O plugin -\fBopen\fR() -documentation in -sudo_plugin(@mansectform@). -.RE -.TP 6n -\fBopen\fR -.nf -.RS 6n -open(self, argv: Tuple[str, ...], - command_info: Tuple[str, ...]) -> int -.RE -.fi -.RS 6n -.sp -Receives the command the user wishes to run. -.sp -Works the same as the -\fBopen\fR() -function in the C sudo plugin API except that: -.sp -.RS 10n -.PD 0 -.TP 3n -\fB\(bu\fR -It only gets called before the user would execute some command -(and not for a version query for example). -.TP 3n -\fB\(bu\fR -Other arguments of the C API -\fBopen\fR() -function are received through the constructor. -.RE -.sp -The function arguments are as follows: -.PD -.TP 6n -\fIargv\fR -A tuple of the arguments describing the command the user wishes to run. -.TP 6n -\fIcommand_info\fR -Information about the command being run in the form of -\(lqkey=value\(rq -strings. -.PP -The -\fBsudo.options_as_dict\fR() -convenience function can be used to convert -\(lqkey=value\(rq -pairs to a dictionary. -For a list of recognized keys and their supported values, -see the I/O plugin -\fBopen\fR() -documentation in -sudo_plugin(@mansectform@). -.sp -The -\fBopen\fR() -function should return a result code, one of the -\fRsudo.RC.*\fR -constants. -If the function returns -\fRsudo.RC.REJECT\fR, -no I/O will be sent to the plugin. -.RE -.TP 6n -\fBlog_ttyin\fR, \fBlog_ttyout\fR, \fBlog_stdin\fR, \fBlog_stdout\fR, \fBlog_stderr\fR -.nf -.RS 6n -log_ttyin(self, buf: str) -> int -log_ttyout(self, buf: str) -> int -log_stdin(self, buf: str) -> int -log_stdout(self, buf: str) -> int -log_stderr(self, buf: str) -> int -.RE -.fi -.RS 6n -.sp -Receive the user input or output of the terminal device and -application standard input / output / error. -See the matching calls in -sudo_plugin(@mansectform@). -.sp -The function arguments are as follows: -.TP 6n -\fIbuf\fR -The input (or output) buffer in the form of a string. -.PP -The function should return a result code, one of the -\fRsudo.RC.*\fR -constants. -.sp -If -\fRsudo.RC.ERROR\fR -is returned, the running command will be terminated and all of the plugin's logging -functions will be disabled. -Other I/O logging plugins will still receive any remaining -input or output that has not yet been processed. -.sp -If an input logging function rejects the data by returning -\fRsudo.RC.REJECT\fR, -the command will be terminated and the data will not be passed to the -command, though it will still be sent to any other I/O logging plugins. -If an output logging function rejects the data by returning -\fRsudo.RC.REJECT\fR, -the command will be terminated and the data will not be written to the -terminal, though it will still be sent to any other I/O logging plugins. -.RE -.TP 6n -\fBchange_winsize\fR -.nf -.RS 6n -change_winsize(self, line: int, cols: int) -> int -.RE -.fi -.RS 6n -.sp -Called whenever the window size of the terminal changes. -The function arguments are as follows: -.TP 6n -\fIline\fR -The number of lines of the terminal. -.TP 6n -\fIcols\fR -The number of columns of the terminal. -.PD 0 -.PP -.RE -.PD -.TP 6n -\fBlog_suspend\fR -.nf -.RS 6n -log_suspend(self, signo: int) -> int -.RE -.fi -.RS 6n -Called whenever a command is suspended or resumed. -.sp -The function arguments are as follows: -.TP 6n -\fIsigno\fR -.br -The number of the signal that caused the command to be suspended or -\fRSIGCONT\fR -if the command was resumed. -.PD 0 -.PP -.RE -.PD -.TP 6n -\fBshow_version\fR -.nf -.RS 6n -show_version(self, is_verbose: int) -.RE -.fi -.RS 6n -Display the plugin version information to the user. -The -\fBsudo.log_info\fR() -function should be used. -.sp -The function arguments are as follows: -.TP 6n -\fIis_verbose\fR -A flag to indicate displaying more verbose information. -Currently this is 1 if -\(oqsudo -V\(cq -is run as the root user. -.PD 0 -.PP -.RE -.PD -.TP 6n -\fBclose\fR -.br -.nf -.RS 6n -close(self, exit_status: int, error: int) -> None -.RE -.fi -.RS 6n -Called when a command execution finished. -.sp -Works the same as the -\fBclose\fR() -function in the C sudo plugin API, except that it only gets called if -\fBsudo\fR -attempts to execute the command. -.sp -The function arguments are as follows: -.TP 6n -\fIexit_status\fR -The exit status of the command if was executed, otherwise -1. -.TP 6n -\fIerror\fR -.br -If the command could not be executed, this is set to the value of -errno set by the -execve(2) -system call, otherwise 0. -.PD 0 -.PP -.RE -.PD -.SS "I/O plugin example" -Sudo ships a Python I/O plugin example. -To try it, register it by adding the following lines to -\fI@sysconfdir@/sudo.conf\fR: -.nf -.sp -.RS 6n -Plugin python_io python_plugin.so \e - ModulePath=@prefix@/share/doc/sudo/examples/example_io_plugin.py \e - ClassName=SudoIOPlugin -.RE -.fi -.SS "Audit plugin API" -Audit plugins must be registered in -sudo.conf(@mansectform@). -For example: -.nf -.sp -.RS 6n -Plugin python_audit python_plugin.so ModulePath= ClassName= -.RE -.fi -.PP -Sudo supports loading multiple audit plugins. -Currently only 8 python audit plugins can be loaded at once. -.PP -An audit plugin may have the following member functions (all of them are optional): -.TP 6n -\fBconstructor\fR -.nf -.RS 6n -__init__(self, user_env: Tuple[str, ...], settings: Tuple[str, ...], - version: str, user_info: Tuple[str, ...], plugin_options: Tuple[str, ...]) -.RE -.fi -.RS 6n -.sp -The default constructor will set the keyword arguments it receives -as member variables in the object. -.sp -The constructor matches the -\fBopen\fR() -function in the C sudo plugin API. -.sp -The function arguments are as follows: -.TP 6n -\fIuser_env\fR -The user's environment as a tuple of strings in -\(lqkey=value\(rq -format. -.TP 6n -\fIsettings\fR -A tuple of user-supplied -\fIsudo\fR -settings in the form of -\(lqkey=value\(rq -strings. -.TP 6n -\fIversion\fR -The version of the Python Audit Plugin API. -.TP 6n -\fIuser_info\fR -A tuple of information about the user running the command in the form of -\(lqkey=value\(rq -strings. -.TP 6n -\fIplugin_options\fR -The plugin options passed as arguments in the -sudo.conf(@mansectform@) -plugin registration. -This is a tuple of strings, usually (but not necessarily) in -\(lqkey=value\(rq -format. -.PD 0 -.PP -.RE -.PD -.TP 6n -\fBopen\fR -.nf -.RS 6n -open(self, submit_optind: int, - submit_argv: Tuple[str, ...]) -> int -.RE -.fi -.RS 6n -.sp -The function arguments are as follows: -.TP 6n -\fIsubmit_optind\fR -The index into -\fIsubmit_argv\fR -that corresponds to the first entry that is not a command line option. -.TP 6n -\fIsubmit_argv\fR -The argument vector sudo was invoked with, including all command line options. -.PD 0 -.PP -.RE -.PD -.TP 6n -\fBclose\fR -.br -.nf -.RS 6n -close(self, status_type: int, status: int) -> None -.RE -.fi -.RS 6n -.sp -Called when sudo is finished, shortly before it exits. -.sp -The function arguments are as follows: -.TP 6n -\fIstatus_type\fR -The type of status being passed. -One of the sudo.EXIT_REASON.* constants. -.TP 6n -\fIstatus\fR -Depending on the value of -\fIstatus_type\fR, -this value is either -ignored, the command's exit status as returned by the -wait(2) -system call, the value of -\fRerrno\fR -set by the -execve(2) -system call, or the value of -\fRerrno\fR -resulting from an error in the -\fBsudo\fR -front end. -.PD 0 -.PP -.RE -.PD -.TP 6n -\fBshow_version\fR -.nf -.RS 6n -show_version(self, is_verbose: int) -> int -.RE -.fi -.RS 6n -.sp -Display the plugin version information to the user. -The -\fBsudo.log_info\fR() -function should be used. -.sp -The function arguments are as follows: -.TP 6n -\fIis_verbose\fR -A flag to indicate displaying more verbose information. -Currently this is 1 if -\(oqsudo -V\(cq -is run as the root user. -.PD 0 -.PP -.RE -.PD -.TP 6n -\fBaccept\fR -.nf -.RS 6n -accept(self, plugin_name: str, plugin_type: int, command_info: Tuple[str, ...], - run_argv: Tuple[str, ...], run_envp: Tuple[str, ...]) -> int -.RE -.fi -.RS 6n -.sp -This function is called when a command or action is accepted by a policy -or approval plugin. -The function arguments are as follows: -.TP 6n -plugin_name -The name of the plugin that accepted the command or -\(lqsudo\(rq -for the -\fBsudo\fR -front-end. -.TP 6n -plugin_type -The type of plugin that accepted the command, currently either -\fRsudo.PLUGIN_TYPE.POLICY\fR, -\fRsudo.PLUGIN_TYPE.APPROVAL\fR -or -\fRsudo.PLUGIN_TYPE.SUDO\fR. -The -\fBaccept\fR() -function is called multiple times--once for each policy or approval -plugin that succeeds and once for the sudo front-end. -When called on behalf of the sudo front-end, -\fIcommand_info\fR -may include information from an I/O logging plugin as well. -.sp -Typically, an audit plugin is interested in either the accept status from -the -\fBsudo\fR -front-end or from the various policy and approval plugins, but not both. -It is possible for the policy plugin to accept a command that is -later rejected by an approval plugin, in which case the audit -plugin's -\fBaccept\fR() -and -\fBreject\fR() -functions will -\fIboth\fR -be called. -.TP 6n -command_info -A vector of information describing the command being run. -See the -sudo_plugin(@mansectform@) -manual for possible values. -.TP 6n -run_argv -Argument vector describing a command that will be run. -.TP 6n -run_envp -The environment the command will be run with. -.PD 0 -.PP -.RE -.PD -.TP 6n -\fBreject\fR -.nf -.RS 6n -reject(self, plugin_name: str, plugin_type: int, audit_msg: str, - command_info: Tuple[str, ...]) -> int -.RE -.fi -.RS 6n -.sp -This function is called when a command or action is rejected by the policy -plugin. -The function arguments are as follows: -.TP 6n -plugin_name -The name of the plugin that rejected the command. -.TP 6n -plugin_type -The type of plugin that rejected the command, currently either -\fRsudo.PLUGIN_TYPE.POLICY\fR, -\fRsudo.PLUGIN_TYPE.APPROVAL\fR -or -\fRsudo.PLUGIN_TYPE.IO\fR. -.sp -Unlike the -\fBaccept\fR() -function, the -\fBreject\fR() -function is not called on behalf of the -\fBsudo\fR -front-end. -.TP 6n -audit_msg -An optional string describing the reason the command was rejected by the plugin. -If the plugin did not provide a reason, audit_msg will be -\fINone\fR -.TP 6n -command_info -A vector of information describing the rejected command. -See the -sudo_plugin(@mansectform@) -manual for possible values. -.PD 0 -.PP -.RE -.PD -.TP 6n -\fBerror\fR -.br -.nf -.RS 6n -error(self, plugin_name: str, plugin_type: int, audit_msg: str, - command_info: Tuple[str, ...]) -> int -.RE -.fi -.RS 6n -.sp -This function is called when a plugin or the -\fBsudo\fR -front-end returns an error. -The function arguments are as follows: -.TP 6n -plugin_name -The name of the plugin that generated the error or -\(lqsudo\(rq -for the -\fBsudo\fR -front-end. -.TP 6n -plugin_type -The type of plugin that generated the error, or -\fRSUDO_FRONT_END\fR -for the -\fBsudo\fR -front-end. -.TP 6n -audit_msg -An optional string describing the plugin error. -If the plugin did not provide a description, it will be -\fINone\fR -.TP 6n -command_info -A vector of information describing the command. -See the -sudo_plugin(@mansectform@) -manual for possible values. -.PD 0 -.PP -.RE -.PD -.SS "Audit plugin example" -Sudo ships a Python Audit plugin example. -To try it, register it by adding the following lines to -\fI@sysconfdir@/sudo.conf\fR: -.nf -.sp -.RS 6n -Plugin python_audit python_plugin.so \e - ModulePath=@prefix@/share/doc/sudo/examples/example_audit_plugin.py \e - ClassName=SudoAuditPlugin -.RE -.fi -.PP -It will log the plugin accept / reject / error results to the output. -.SS "Approval plugin API" -Approval plugins must be registered in -sudo.conf(@mansectform@). -For example: -.nf -.sp -.RS 6n -Plugin python_approval python_plugin.so ModulePath= ClassName= -.RE -.fi -.PP -Sudo supports loading multiple approval plugins. -Currently only 8 python approval plugins can be loaded at once. -.PP -An approval plugin may have the following member functions: -.TP 6n -\fBconstructor\fR -.nf -.RS 6n -__init__(self, user_env: Tuple[str, ...], settings: Tuple[str, ...], - version: str, user_info: Tuple[str, ...], plugin_options: Tuple[str, ...], - submit_optind: int, submit_argv: Tuple[str, ...]) -.RE -.fi -.RS 6n -.sp -Optional. -The default constructor will set the keyword arguments it receives -as member variables in the object. -.sp -The constructor matches the -\fBopen\fR() -function in the C sudo plugin API. -.sp -The function arguments are as follows: -.TP 6n -\fIuser_env\fR -The user's environment as a tuple of strings in -\(lqkey=value\(rq -format. -.TP 6n -\fIsettings\fR -A tuple of user-supplied -\fIsudo\fR -settings in the form of -\(lqkey=value\(rq -strings. -.TP 6n -\fIversion\fR -The version of the Python Approval Plugin API. -.TP 6n -\fIuser_info\fR -A tuple of information about the user running the command in the form of -\(lqkey=value\(rq -strings. -.TP 6n -\fIplugin_options\fR -The plugin options passed as arguments in the -sudo.conf(@mansectform@) -plugin registration. -This is a tuple of strings, usually (but not necessarily) in -\(lqkey=value\(rq -format. -.TP 6n -\fIsubmit_optind\fR -The index into -\fIsubmit_argv\fR -that corresponds to the first entry that is not a command line option. -.TP 6n -\fIsubmit_argv\fR -The argument vector sudo was invoked with, including all command line options. -.PD 0 -.PP -.RE -.PD -.TP 6n -\fBshow_version\fR -.nf -.RS 6n -show_version(self, is_verbose: int) -> int -.RE -.fi -.RS 6n -.sp -Display the version. (Same as for all the other plugins.) -.RE -.TP 6n -\fBcheck\fR -.br -.nf -.RS 6n -check(self, command_info: Tuple[str, ...], run_argv: Tuple[str, ...], - run_env: Tuple[str, ...]) -> int -.RE -.fi -.RS 6n -.sp -This function is called after policy plugin's check_policy has succeeded. -It can reject execution of the command by returning sudo.RC.REJECT or -raising the special exception: -.nf -.sp -.RS 12n -raise sudo.PluginReject("some message") -.RE -.fi -.sp -with the message describing the problem. -In the latter case, the audit plugins will get the description. -.sp -The function arguments are as follows: -.TP 6n -command_info -A vector of information describing the command that will run. -See the -sudo_plugin(@mansectform@) -manual for possible values. -.TP 6n -run_argv -Argument vector describing a command that will be run. -.TP 6n -run_env -The environment the command will be run with. -.PD 0 -.PP -.RE -.PD -.SS "Approval plugin example" -Sudo ships a Python Approval plugin example. -To try it, register it by adding the following lines to -\fI@sysconfdir@/sudo.conf\fR: -.nf -.sp -.RS 6n -Plugin python_approval python_plugin.so \e - ModulePath=@prefix@/share/doc/sudo/examples/example_approval_plugin.py \e - ClassName=BusinessHoursApprovalPlugin -.RE -.fi -.PP -It will only allow execution of commands in the "business hours" (from Monday -to Friday between 8:00 and 17:59:59). -.SS "Sudoers group provider plugin API" -A group provider plugin is registered in the -sudoers(@mansectform@) -file. -For example: -.nf -.sp -.RS 6n -Defaults group_plugin="python_plugin.so ModulePath= ClassName=" -.RE -.fi -.PP -Currently, only a single group plugin can be registered in -\fIsudoers\fR. -.PP -A group provider plugin may have the following member functions: -.TP 6n -\fBconstructor\fR -.nf -.RS 6n -__init__(self, args: Tuple[str, ...], version: str) -.RE -.fi -.RS 6n -.sp -Implementing this function is optional. -The default constructor will set the keyword arguments it receives -as member variables in the object. -.sp -The function arguments are as follows: -.TP 6n -\fIargs\fR -The plugin options passed as arguments in the -\fIsudoers\fR -file plugin registration. -All the arguments are free form strings (not necessarily in -\(lqkey=value\(rq -format). -.TP 6n -\fIversion\fR -The version of the Python Group Plugin API. -.PD 0 -.PP -.RE -.PD -.TP 6n -\fBquery\fR -.br -.nf -.RS 6n -query(self, user: str, group: str, user_pwd: Tuple) -.RE -.fi -.RS 6n -.sp -The -\fBquery\fR() -function is used to ask the group plugin whether -\fIuser\fR -is a member of -\fIgroup\fR. -This method is required. -.RE -.PP -The function arguments are as follows: -.TP 6n -\fIuser\fR -The name of the user being looked up in the external group database. -.TP 6n -\fIgroup\fR -.br -The name of the group being queried. -.TP 6n -\fIuser_pwd\fR -The password database entry for the user, if any. -If -\fIuser\fR -is not present in the password database, -\fIuser_pwd\fR -will be -\fRNULL\fR. -.SS "Group plugin example" -Sudo ships a Python group plugin example. -To try it, register it in the -\fIsudoers\fR -file by adding the following lines: -.nf -.sp -.RS 6n -Defaults group_plugin="python_plugin.so \e - ModulePath=@prefix@/share/doc/sudo/examples/example_group_plugin.py \e - ClassName=SudoGroupPlugin" -.RE -.fi -.PP -The example plugin will tell -\fBsudo\fR -that the user -\fItest\fR -is part of the non-unix group -\fImygroup\fR. -If you add a rule that uses this group, it will affect the -\fItest\fR -user. -For example: -.nf -.sp -.RS 6n -%:mygroup ALL=(ALL) NOPASSWD: ALL -.RE -.fi -.PP -Will allow user -\fItest\fR -to run -\fBsudo\fR -without a password. -.SS "Hook function API" -The hook function API is currently not supported for plugins -written in Python. -.SS "Conversation API" -A Python plugin can interact with the user using the -\fBsudo.conv\fR() -function which displays one or more messages described by the -\fBsudo.ConvMessage\fR -class. -This is the Python equivalent of the -\fBconversation\fR() -function in the C sudo plugin API. -A plugin should not attempt to read directly from the standard input or -the user's tty (neither of which are guaranteed to exist). -.PP -The -\fBsudo.ConvMessage\fR -class specifies how the user interaction should occur: -.nf -.sp -.RS 4n -sudo.ConvMessage(msg_type: int, msg: str, timeout: int) -.RE -.fi -.PP -\fBsudo.ConvMessage\fR -member variables: -.TP 6n -\fImsg_type\fR -Specifies the type of the conversation. -See the -\fRsudo.CONV.*\fR -constants below. -.TP 6n -\fImsg\fR -The message to display to the user. -The caller must include a trailing newline in -\fRmsg\fR -if one is to be displayed. -.TP 6n -\fItimeout\fR -Optional. -The maximum amount of time for the conversation in seconds. -If the timeout is exceeded, the -\fBsudo.conv\fR() -function will raise a -\fRsudo.ConversationInterrupted\fR -exception. -The default is to wait forever (no timeout). -.PP -To specify the message type, the following constants are available: -.PP -.RS 4n -.PD 0 -.TP 3n -\fB\(bu\fR -sudo.CONV.PROMPT_ECHO_OFF -.TP 3n -\fB\(bu\fR -sudo.CONV.PROMPT_ECHO_ON -.TP 3n -\fB\(bu\fR -sudo.CONV.ERROR_MSG -.TP 3n -\fB\(bu\fR -sudo.CONV.INFO_MSG -.TP 3n -\fB\(bu\fR -sudo.CONV.PROMPT_MASK -.TP 3n -\fB\(bu\fR -sudo.CONV.PROMPT_ECHO_OK -.TP 3n -\fB\(bu\fR -sudo.CONV.PREFER_TTY -.RE -.PD -.PP -See the -sudo_plugin(@mansectform@) -manual for a description of the message types. -.PP -The -\fBsudo.conv\fR() -function performs the actual user interaction: -.nf -.sp -.RS 4n -sudo.conv(message(s), on_suspend=suspend_function, - on_resume=resume_function) -.RE -.fi -.PP -The function arguments are as follows: -.TP 6n -\fImessage(s)\fR -One of more messages (of type -\fBsudo.ConvMessage\fR), -each describing a conversation. -At least one message is required. -.TP 6n -\fIon_suspend\fR -An optional callback function which gets called if the conversation -is suspended, for example by the user pressing control-Z. -The specified function must take a single argument which will be filled -with the number of the signal that caused the process to be suspended. -.TP 6n -\fIon_resume\fR -An optional callback function which gets called when the previously -suspended conversation is resumed. -The specified function must take a single argument which will be filled -with the number of the signal that caused the process to be suspended. -.PP -The -\fBsudo.conv\fR() -function can raise the following exceptions: -.TP 6n -\fBsudo.SudoException\fR -If the conversation fails, for example when the conversation function is not -available. -.TP 6n -\fBsudo.ConversationInterrupted\fR -If the conversation function returns an error, e.g., the timeout passed -or the user interrupted the conversation by pressing control-C. -.SS "Conversation example" -Sudo ships with an example plugin demonstrating the Python conversation API. -To try it, register it by adding the following lines to -\fI@sysconfdir@/sudo.conf\fR: -.nf -.sp -.RS 6n -Plugin python_io python_plugin.so \e - ModulePath=@prefix@/share/doc/sudo/examples/example_conversation.py \e - ClassName=ReasonLoggerIOPlugin -.RE -.fi -.SS "Information / error display API" -.nf -.RS 0n -sudo.log_info(string(s), sep=" ", end="\en") -sudo.log_error(string(s), sep=" ", end="\en") -.RE -.fi -.PP -To display information to the user, the -\fBsudo.log_info\fR() -function can be used. -To display error messages, use -\fBsudo.log_error\fR(). -The syntax is similar to the Python -\fBprint\fR() -function. -.PP -The function arguments are as follows: -.TP 6n -\fIstring(s)\fR -One or more strings to display. -.TP 6n -\fIsep\fR -An optional string which will be used as the separator between the -specified strings. -The default is a space character, -(\(oq\ \(cq). -.TP 6n -\fIend\fR -An optional string which will be displayed at the end of the message. -The default is a new line character -(\(oq\en\(cq). -.SS "Debug API" -Debug messages are not visible to the user and are only logged debugging -is explicitly enabled in -sudo.conf(@mansectform@). -Python plugins can use the -\fBsudo.debug\fR() -function to make use of -\fBsudo\fR's -debug system. -.PP -\fIEnabling debugging in sudo.conf\fR -.PP -To enable debug messages, add a -\fRDebug\fR -line to -sudo.conf(@mansectform@) -with the program set to -\fIpython_plugin.so\fR. -For example, to store debug output in -\fI/var/log/sudo_python_debug\fR, -use a line like the following: -.nf -.sp -.RS 6n -Debug python_plugin.so /var/log/sudo_python_debug \e - plugin@trace,c_calls@trace -.RE -.fi -.PP -The debug options are in the form of multiple -\(lqsubsystem@level\(rq -strings, separated by commas -(\(oq\&,\(cq). -For example to just see the debug output of -\fBsudo.debug\fR() -calls, use: -.nf -.sp -.RS 6n -Debug python_plugin.so /var/log/sudo_python_debug plugin@trace -.RE -.fi -.PP -See -sudo_conf(@mansectform@) -for more details. -.PP -The most interesting subsystems for Python plugin development are: -.TP 6n -\fIplugin\fR -Logs each -\fBsudo.debug\fR() -API call. -.TP 6n -\fIpy_calls\fR -Logs whenever a C function calls into the python module. -For example, calling the -\fB__init__\fR() -function. -.TP 6n -\fIc_calls\fR -Logs whenever python calls into a C -\fBsudo\fR -API function. -.TP 6n -\fIinternal\fR -Logs internal functions of the python language wrapper plugin. -.TP 6n -\fIsudo_cb\fR -Logs when -\fBsudo\fR -calls into the python plugin API. -.TP 6n -\fIload\fR -Logs python plugin loading / unloading events. -.PP -You can also specify -\(lqall\(rq -as the subsystem name to log debug messages for all subsystems. -.PP -The -\fBsudo.debug\fR() -function is defined as: -.nf -.sp -.RS 4n -sudo.debug(level, message(s)) -.RE -.fi -.PP -The function arguments are as follows: -.TP 6n -\fIlevel\fR -.br -an integer, use one of the log level constants below -.TP 6n -\fImessage(s)\fR -one or more messages to log -.PP -\fIAvailable log levels:\fR -.TS -l l l. -.PP -\fBsudo.conf name\fR \fBPython constant\fR \fBdescription\fR -.PP -crit sudo.DEBUG.CRIT only critical messages -.PP -err sudo.DEBUG.ERROR -.PP -warn sudo.DEBUG.WARN -.PP -notice sudo.DEBUG.NOTICE -.PP -diag sudo.DEBUG.DIAG -.PP -info sudo.DEBUG.INFO -.PP -trace sudo.DEBUG.TRACE -.PP -debug sudo.DEBUG.DEBUG very extreme verbose debugging -.TE -.PP -\fIUsing the logging module\fR -.PP -Alternatively, a plugin can use the built in logging module of Python as well. -Sudo adds its log handler to the root logger, so by default all output of a -logger will get forwarded to sudo log system, as it would call sudo.debug. -.PP -The log handler of sudo will map each Python log level of a message to -the appropriate sudo debug level. -Note however, that sudo debug system will only get the messages not filtered -out by the Python loggers. -For example, the log level of the python logger will be an additional filter -for the log messages, and is usually very different from what level is set in sudo.conf -for the sudo debug system. -.SS "Debug example" -Sudo ships an example debug plugin by default. -To try it, register it by adding the following lines to -\fI@sysconfdir@/sudo.conf\fR: -.nf -.sp -.RS 6n -Plugin python_io python_plugin.so \e - ModulePath=@prefix@/share/doc/sudo/examples/example_debugging.py \e - ClassName=DebugDemoPlugin - -Debug python_plugin.so \e - /var/log/sudo_python_debug plugin@trace,c_calls@trace -.RE -.fi -.SS "Option conversion API" -The Python plugin API includes two convenience functions to -convert options in -\(lqkey=value\(rq -format to a dictionary and vice versa. -.TP 6n -options_as_dict -.nf -.RS 6n -options_as_dict(options) -.RE -.fi -.RS 6n -.sp -The function arguments are as follows: -.TP 6n -\fIoptions\fR -An iterable (tuple, list, etc.) of strings, each in -\(lqkey=value\(rq -format. -This is how the plugin API passes options and settings to a Python plugin. -.PP -The function returns the resulting dictionary. -Each string of the passed in -\fIoptions\fR -will be split at the first equal sign -(\(oq\&=\(cq) -into a -\fIkey\fR -and -\fIvalue\fR. -Dictionary keys will never contain this symbol (but values may). -.RE -.TP 6n -options_from_dict -.nf -.RS 6n -options_from_dict(options_dict) -.RE -.fi -.RS 6n -.sp -The function arguments are as follows: -.TP 6n -\fIoptions_dict\fR -A dictionary where both the key and the value are strings. -Note that the key should not contain an equal sign -(\(oq\&=\(cq), -otherwise the resulting string will have a different meaning. -However, this is not currently enforced. -.PP -The function returns a tuple containing the strings in -\(lqkey=value\(rq -form for each key and value in the -\fIoptions_dict\fR -dictionary passed in. -This is how the plugin API accepts options and settings. -.RE -.SH "PLUGIN API CHANGELOG (Python)" -None yet -.SH "LIMITATIONS" -Only a maximum number of 8 python I/O plugins can be loaded at once. -If -\fI@sysconfdir@/sudo.conf\fR -contains more, those will be rejected with a warning message. -.PP -The Event API and the hook function API is currently not accessible for Python plugins. -.SH "SEE ALSO" -sudo.conf(@mansectform@), -sudo_plugin(@mansectform@), -sudoers(@mansectform@), -sudo(@mansectsu@) -.SH "AUTHORS" -Many people have worked on -\fBsudo\fR -over the years; this version consists of code written primarily by: -.sp -.RS 6n -Todd C. Miller -.RE -.PP -See the CONTRIBUTORS file in the -\fBsudo\fR -distribution (https://www.sudo.ws/contributors.html) for an -exhaustive list of people who have contributed to -\fBsudo\fR. -.SH "BUGS" -Python plugin support is currently considered experimental. -.PP -If you feel you have found a bug in -\fBsudo\fR, -please submit a bug report at https://bugzilla.sudo.ws/ -.SH "SECURITY CONSIDERATIONS" -All Python plugin handling is implemented inside the -\fRpython_plugin.so\fR -dynamic plugin. -Therefore, if no Python plugin is registered in -sudo.conf(@mansectform@) -or the -\fIsudoers\fR -file, -\fBsudo\fR -will not load the Python interpreter or the Python libraries. -.PP -By default, a Python plugin can only import Python modules which are -owned by -\fIroot\fR -and are only writable by the owner. -The reason for this is to prevent a file getting imported accidentally -which is modifiable by a non-root user. -As -\fBsudo\fR -plugins run as -\fIroot\fR, -accidentally importing such file would make it possible for any user -(having write access) to execute any code with administrative rights. -.PP -However, during development of a plugin this might not be very convenient. -The -sudo.conf(@mansectform@) -\fRdeveloper_mode\fR -option can be used to disable it. -For example: -.RS 6n -Set developer_mode true -.RE -.PP -Please note that this creates a security risk, so it is not recommended -on critical systems such as a desktop machine for daily use, but is intended -to be used in development environments (VM, container, etc). -Before enabling developer mode, ensure you understand the implications. -.SH "SUPPORT" -Limited free support is available via the sudo-users mailing list, -see https://www.sudo.ws/mailman/listinfo/sudo-users to subscribe or -search the archives. -.SH "DISCLAIMER" -\fBsudo\fR -is provided -\(lqAS IS\(rq -and any express or implied warranties, including, but not limited -to, the implied warranties of merchantability and fitness for a -particular purpose are disclaimed. -See the LICENSE file distributed with -\fBsudo\fR -or https://www.sudo.ws/license.html for complete details. diff -Nru sudo-1.9.5p2/doc/sudo_plugin_python.mdoc.in sudo-1.9.9/doc/sudo_plugin_python.mdoc.in --- sudo-1.9.5p2/doc/sudo_plugin_python.mdoc.in 2020-12-17 01:33:43.000000000 +0000 +++ sudo-1.9.9/doc/sudo_plugin_python.mdoc.in 1970-01-01 00:00:00.000000000 +0000 @@ -1,1541 +0,0 @@ -.\" -.\" SPDX-License-Identifier: ISC -.\" -.\" Copyright (c) 2019-2020 Robert Manner -.\" -.\" Permission to use, copy, modify, and distribute this software for any -.\" purpose with or without fee is hereby granted, provided that the above -.\" copyright notice and this permission notice appear in all copies. -.\" -.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES -.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF -.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR -.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES -.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN -.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF -.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. -.\" -.Dd February 19, 2020 -.Dt SUDO_PLUGIN_PYTHON @mansectform@ -.Os Sudo @PACKAGE_VERSION@ -.Sh NAME -.Nm sudo_plugin_python -.Nd Sudo Plugin API (Python) -.Sh DESCRIPTION -Starting with version 1.9, -.Nm sudo -plugins can be written in python. -The API closely follows the C -.Nm sudo -plugin API described by -.Xr sudo_plugin @mansectform@ . -.Pp -The supported plugins types are: -.Pp -.Bl -bullet -compact -offset 4n -width 1n -.It -Policy plugin -.It -I/O plugin -.It -Audit plugin -.It -Approval plugin -.It -Group provider plugin -.El -.Pp -Python plugin support needs to be explicitly enabled at build time -with the configure option -.Dq --enable-python . -Python version 3.0 or higher is required. -.Ss Sudo Python Plugin Base -A plugin written in Python should be a class in a python file that -inherits from -.Em sudo.Plugin . -The -.Em sudo.Plugin -base class has no real purpose other than to identify this class as a plugin. -.Pp -The only implemented method is a constructor, which stores the -keyword arguments it receives as fields (member variables) in the object. -This is intended as a convenience to allow you to avoid writing the -constructor yourself. -.Pp -For example: -.Bd -literal -offset indent -import sudo - -class MySudoPlugin(sudo.Plugin): - # example constructor (optional) - def __init__(self, *args, **kwargs): - super().__init__(*args, **kwargs) - - # example destructor (optional) - def __del__(self): - pass -.Ed -.Pp -Both the constructor and destructor are optional and can be omitted. -.Pp -The customized Plugin class should define a few plugin-specific methods. -When the plugin loads, -.Nm sudo -will create an instance of this class and call the methods. -The actual methods required depent on the type of the plugin, -but most return an -.Dq int -result code, as documented in -.Xr sudo_plugin @mansctsu@ , -that indicates whether or not the method was successful. -The Python sudo module defines the following constants to improve readability: -.Bl -column "sudo.RC.USAGE_ERROR" "XXX" -offset 4n -.It Sy Define Ta Sy Value -.It Dv sudo.RC.OK Ta 1 -.It Dv sudo.RC.ACCEPT Ta 1 -.It Dv sudo.RC.REJECT Ta 0 -.It Dv sudo.RC.ERROR Ta -1 -.It Dv sudo.RC.USAGE_ERROR Ta -2 -.El -.Pp -If a function returns -.Em None -(for example, if it does not call return), -it will be considered to have returned -.Dv sudo.RC.OK . -If an exception is raised (other than sudo.PluginException), the backtrace will be -shown to the user and the plugin function will return -.Dv sudo.RC.ERROR . -If that is not acceptable, you must catch the exception and handle it yourself. -.Pp -Instead of just returning -.Dv sudo.RC.ERROR -or -.Dv sudo.RC.REJECT -result code the plugin can also provide a message describing the problem. -This can be done by raising one of the special exceptions: -.Bd -literal -offset indent -raise sudo.PluginError("Message") -raise sudo.PluginReject("Message") -.Ed -.Pp -This added message will be used by the audit plugins. -Both exceptions inherit from -.Dv sudo.PluginException -.Ss Python Plugin Loader -Running the Python interpreter and bridging between C and Python is -handled by the -.Nm sudo -plugin -.Li python_plugin.so . -This shared object can be loaded like any other dynamic -.Nm sudo -plugin and should receive the path and the class name of the Python -plugin it is loading as arguments. -.Pp -Example usage in -.Xr sudo.conf @mansectform@ : -.Bd -literal -offset indent -Plugin python_policy python_plugin.so ModulePath= ClassName= -Plugin python_io python_plugin.so ModulePath= ClassName= -Plugin python_audit python_plugin.so ModulePath= ClassName= -Plugin python_approval python_plugin.so ModulePath= ClassName= -.Ed -.Pp -Example group provider plugin usage in the -.Em sudoers -file: -.Bd -literal -offset indent -Defaults group_plugin="python_plugin.so ModulePath= ClassName=" -.Ed -.Pp -The plugin arguments are as follows: -.Bl -tag -width 4n -.It ModulePath -The path of a python file which contains the class of the sudo Python plugin. -It must be either an absolute path or a path relative to the sudo Python plugin -directory: "@plugindir@/python". -.It ClassName -(Optional.) The name of the class implementing the sudo Python plugin. -If not supplied, the one and only sudo.Plugin that is present in the module -will be used. -If there are multiple such plugins in the module (or none), it -will result in an error. -.El -.Ss Policy plugin API -Policy plugins must be registered in -.Xr sudo.conf @mansectform@ . -For example: -.Bd -literal -offset indent -Plugin python_policy python_plugin.so ModulePath= ClassName= -.Ed -.Pp -Currently, only a single policy plugin may be specified in -.Xr sudo.conf @mansectform@ . -.Pp -A policy plugin may have the following member functions: -.Bl -tag -width 4n -.It Sy constructor -.Bd -literal -__init__(self, user_env: Tuple[str, ...], settings: Tuple[str, ...], - version: str, user_info: Tuple[str, ...], - plugin_options: Tuple[str, ...]) -.Ed -.Pp -Implementing this function is optional. -The default constructor will set the keyword arguments it receives -as member variables in the object. -.Pp -The constructor matches the -.Fn open -function in the C sudo plugin API. -.Pp -The function arguments are as follows: -.Bl -tag -width 4n -.It Fa user_env -The user's environment as a tuple of strings in -.Dq key=value -format. -.It Fa settings -A tuple of user-supplied -.Em sudo -settings in the form of -.Dq key=value -strings. -.It Fa version -The version of the Python Policy Plugin API. -.It Fa user_info -A tuple of information about the user running the command in the form of -.Dq key=value -strings. -.It Fa plugin_options -The plugin options passed as arguments in the -.Xr sudo.conf @mansectform@ -plugin registration. -This is a tuple of strings, usually (but not necessarily) in -.Dq key=value -format. -.El -.Pp -The -.Fn sudo.options_as_dict -convenience function can be used to convert -.Dq key=value -pairs to a dictionary. -For a list of recognized keys and their supported values, -see the policy plugin -.Fn open -documentation in -.Xr sudo_plugin @mansectform@ . -.It Sy check_policy -.Bd -literal -compact -check_policy(self, argv: Tuple[str, ...], env_add: Tuple[str, ...]) -.Ed -.Pp -The -.Fn check_policy -function is called by -.Nm sudo -to determine whether the user is allowed to run the specified command. -Implementing this function is mandatory for a policy plugin. -.Pp -The function arguments are as follows: -.Bl -tag -width 4n -.It Fa argv -A tuple describing the command the user wishes to run. -.It Fa env_add -Additional environment variables specified by the user on the command line in -the form of a tuple of -.Dq key=value -pairs. -The -.Fn sudo.options_as_dict -convenience function can be used to convert them to a dictionary. -.El -.Pp -This function should return a result code or a tuple in the following format: -.Bd -literal -offset indent -return (rc, command_info_out, argv_out, user_env_out) -.Ed -.Pp -The tuple values are as follows: -.Bl -tag -width 4n -.It Fa rc -The result of the policy check, one of the -.Dv sudo.RC.* -constants. -.Dv sudo.RC.ACCEPT -if the command is allowed, -.Dv sudo.RC.REJECT -if not allowed, -.Dv sudo.RC.ERROR -for a general error, or -.Dv sudo.RC.USAGE_ERROR -for a usage error. -.It Fa command_info_out -Optional (only required when the command is accepted). -Information about the command being run in the form of -.Dq key=value -strings. -.Pp -To accept a command, at the very minimum the plugin must set in the -.Em command , -.Em runas_uid -and -.Em runas_gid -keys. -.Pp -For a list of recognized keys and supported values, -see the -.Fn check_policy -documentation in -.Xr sudo_plugin @mansectform@ . -.It Fa argv_out -Optional (only required when the command is accepted). -The arguments to pass to the -.Xr execve 2 -system call when executing the command. -.It Fa user_env_out -Optional (only required when the command is accepted). -The environment to use when executing the command in the form of a -tuple of strings in -.Dq key=value -format. -.El -.It Sy init_session -.Bd -literal -compact -init_session(self, user_pwd: Tuple, user_env: Tuple[str, ...]) -.Ed -.Pp -Perform session setup (optional). -The -.Fn init_session -function is called before -.Nm sudo -sets up the -execution environment for the command before any uid or gid changes. -.Pp -The function arguments are as follows: -.Bl -tag -width 4n -.It Fa user_pwd -A tuple describing the user's passwd entry. -Convertible to pwd.struct_passwd or -.Em None -if the user is not present in the password database. -.Pp -Example conversion: -.Bd -literal -compact -offset indent -user_pwd = pwd.struct_passwd(user_pwd) if user_pwd else None -.Ed -.It Fa user_env -The environment the command will run in. -This is a tuple of strings in -.Dq key=value -format. -.El -.Pp -This function should return a result code or a tuple in the following format: -.Bd -literal -offset 4n -return (rc, user_env_out) -.Ed -.Pp -The tuple values are as follows: -.Bl -tag -width 4n -.It Fa rc -The result of the session init, one of the -.Dv sudo.RC.* -constants. -.Dv sudo.RC.OK -on success, 0 on failure, or -.Dv sudo.RC.ERROR -if an error occurred. -.It Fa user_env_out -Optional. -If the -.Fn init_session -function needs to modify the user environment, it can return the new -environment in -.Fa user_env_out . -If this is omitted, no changes will be made to -.Fa user_env . -.El -.It Sy list -.Bd -literal -compact -list(self, argv: Tuple[str, ...], is_verbose: int, user: str) -.Ed -.Pp -List available privileges for the invoking user. -.Pp -The function arguments are as follows: -.Bl -tag -width 4n -.It Fa argv -If not set to -.Em None , -an argument vector describing a command the user wishes to check -against the policy. -.It Fa is_verbose -Flag indicating whether to list in verbose mode or not. -.It Fa user -The name of a different user to list privileges for if the policy allows it. -If -.Em None , -the plugin should list the privileges of the invoking user. -.El -.It Sy validate -.Bd -literal -compact -validate(self) -.Ed -.Pp -For policy plugins that cache authentication credentials, this function is used to validate and cache the credentials (optional). -.It Sy invalidate -.Bd -literal -compact -invalidate(self, remove: int) -.Ed -.Pp -For policy plugins that cache authentication credentials, this function is used to invalidate the credentials (optional). -.Pp -The function arguments are as follows: -.Bl -tag -width 4n -.It Fa remove -If this flag is set, the plugin may remove the credentials instead of simply -invalidating them. -.El -.It Sy show_version -.Bd -literal -compact -show_version(self, is_verbose: int) -.Ed -.Pp -Display the plugin version information to the user. -The -.Fn sudo.log_info -function should be used. -.Pp -The function arguments are as follows: -.Bl -tag -width 4n -.It Fa is_verbose -A flag to indicate displaying more verbose information. -Currently this is 1 if -.Ql sudo -V -is run as the root user. -.El -.It Sy close -.Bd -literal -compact -close(self, exit_status: int, error: int) -.Ed -.Pp -Called when a command finishes executing. -.Pp -Works the same as the -.Fn close -function in the C sudo plugin API, except that it only gets called if -.Nm sudo -attempts to execute the command. -.Pp -The function arguments are as follows: -.Bl -tag -width 4n -.It Fa exit_status -The exit status of the command if was executed, otherwise -1. -.It Fa error -If the command could not be executed, this is set to the value of -errno set by the -.Xr execve 2 -system call, otherwise 0. -.El -.El -.Ss Policy plugin example -Sudo ships with an example Python policy plugin. -To try it, register it by adding the following lines to -.Pa @sysconfdir@/sudo.conf : -.Bd -literal -Plugin python_policy python_plugin.so \e - ModulePath=@prefix@/share/doc/sudo/examples/example_policy_plugin.py \e - ClassName=SudoPolicyPlugin -.Ed -.Pp -Be aware, however, that you cannot enable the Python policy plugin -in addition to another policy plugin, such as -.Xr sudoers @mansectform@ . -.Ss I/O plugin API -I/O plugins must be registered in -.Xr sudo.conf @mansectform@ . -For example: -.Bd -literal -offset indent -Plugin python_io python_plugin.so ModulePath= ClassName= -.Ed -.Pp -Sudo supports loading multiple I/O plugins. -Currently only 8 python I/O plugins can be loaded at once. -.Pp -An I/O plugin may have the following member functions: -.Bl -tag -width 4n -.It Sy constructor -.Bd -literal -compact -__init__(self, user_env: Tuple[str, ...], settings: Tuple[str, ...], - version: str, user_info: Tuple[str, ...], - plugin_options: Tuple[str, ...]) -.Ed -.Pp -Implementing this function is optional. -The default constructor will set the keyword arguments it receives -as member variables in the object. -.Pp -The constructor matches the -.Fn open -function in the C sudo plugin API. -.Pp -The function arguments are as follows: -.Bl -tag -width 4n -.It Fa user_env -The user's environment as a tuple of strings in -.Dq key=value -format. -.It Fa settings -A tuple of user-supplied -.Em sudo -settings in the form of -.Dq key=value -strings. -.It Fa version -The version of the Python I/O Plugin API. -.It Fa user_info -A tuple of information about the user running the command in the form of -.Dq key=value -strings. -.It Fa plugin_options -The plugin options passed as arguments in the -.Xr sudo.conf @mansectform@ -plugin registration. -This is a tuple of strings, usually (but not necessarily) in -.Dq key=value -format. -.El -.Pp -The -.Fn sudo.options_as_dict -convenience function can be used to convert -.Dq key=value -pairs to a dictionary. -For a list of recognized keys and their supported values, -see the I/O plugin -.Fn open -documentation in -.Xr sudo_plugin @mansectform@ . -.It Sy open -.Bd -literal -compact -open(self, argv: Tuple[str, ...], - command_info: Tuple[str, ...]) -> int -.Ed -.Pp -Receives the command the user wishes to run. -.Pp -Works the same as the -.Fn open -function in the C sudo plugin API except that: -.Pp -.Bl -bullet -compact -offset 4n -width 1n -.It -It only gets called before the user would execute some command -(and not for a version query for example). -.It -Other arguments of the C API -.Fn open -function are received through the constructor. -.El -.Pp -The function arguments are as follows: -.Bl -tag -width 4n -.It Fa argv -A tuple of the arguments describing the command the user wishes to run. -.It Fa command_info -Information about the command being run in the form of -.Dq key=value -strings. -.El -.Pp -The -.Fn sudo.options_as_dict -convenience function can be used to convert -.Dq key=value -pairs to a dictionary. -For a list of recognized keys and their supported values, -see the I/O plugin -.Fn open -documentation in -.Xr sudo_plugin @mansectform@ . -.Pp -The -.Fn open -function should return a result code, one of the -.Dv sudo.RC.* -constants. -If the function returns -.Dv sudo.RC.REJECT , -no I/O will be sent to the plugin. -.It Sy log_ttyin , log_ttyout , log_stdin , log_stdout , log_stderr -.Bd -literal -compact -log_ttyin(self, buf: str) -> int -log_ttyout(self, buf: str) -> int -log_stdin(self, buf: str) -> int -log_stdout(self, buf: str) -> int -log_stderr(self, buf: str) -> int -.Ed -.Pp -Receive the user input or output of the terminal device and -application standard input / output / error. -See the matching calls in -.Xr sudo_plugin @mansectform@ . -.Pp -The function arguments are as follows: -.Bl -tag -width 4n -.It Fa buf -The input (or output) buffer in the form of a string. -.El -.Pp -The function should return a result code, one of the -.Dv sudo.RC.* -constants. -.Pp -If -.Dv sudo.RC.ERROR -is returned, the running command will be terminated and all of the plugin's logging -functions will be disabled. -Other I/O logging plugins will still receive any remaining -input or output that has not yet been processed. -.Pp -If an input logging function rejects the data by returning -.Dv sudo.RC.REJECT , -the command will be terminated and the data will not be passed to the -command, though it will still be sent to any other I/O logging plugins. -If an output logging function rejects the data by returning -.Dv sudo.RC.REJECT , -the command will be terminated and the data will not be written to the -terminal, though it will still be sent to any other I/O logging plugins. -.It Sy change_winsize -.Bd -literal -compact -change_winsize(self, line: int, cols: int) -> int -.Ed -.Pp -Called whenever the window size of the terminal changes. -The function arguments are as follows: -.Bl -tag -width 4n -.It Fa line -The number of lines of the terminal. -.It Fa cols -The number of columns of the terminal. -.El -.It Sy log_suspend -.Bd -literal -compact -log_suspend(self, signo: int) -> int -.Ed -Called whenever a command is suspended or resumed. -.Pp -The function arguments are as follows: -.Bl -tag -width 4n -.It Fa signo -The number of the signal that caused the command to be suspended or -.Dv SIGCONT -if the command was resumed. -.El -.It Sy show_version -.Bd -literal -compact -show_version(self, is_verbose: int) -.Ed -Display the plugin version information to the user. -The -.Fn sudo.log_info -function should be used. -.Pp -The function arguments are as follows: -.Bl -tag -width 4n -.It Fa is_verbose -A flag to indicate displaying more verbose information. -Currently this is 1 if -.Ql sudo -V -is run as the root user. -.El -.It Sy close -.Bd -literal -compact -close(self, exit_status: int, error: int) -> None -.Ed -Called when a command execution finished. -.Pp -Works the same as the -.Fn close -function in the C sudo plugin API, except that it only gets called if -.Nm sudo -attempts to execute the command. -.Pp -The function arguments are as follows: -.Bl -tag -width 4n -.It Fa exit_status -The exit status of the command if was executed, otherwise -1. -.It Fa error -If the command could not be executed, this is set to the value of -errno set by the -.Xr execve 2 -system call, otherwise 0. -.El -.El -.Ss I/O plugin example -Sudo ships a Python I/O plugin example. -To try it, register it by adding the following lines to -.Pa @sysconfdir@/sudo.conf : -.Bd -literal -offset indent -Plugin python_io python_plugin.so \e - ModulePath=@prefix@/share/doc/sudo/examples/example_io_plugin.py \e - ClassName=SudoIOPlugin -.Ed -.Ss Audit plugin API -Audit plugins must be registered in -.Xr sudo.conf @mansectform@ . -For example: -.Bd -literal -offset indent -Plugin python_audit python_plugin.so ModulePath= ClassName= -.Ed -.Pp -Sudo supports loading multiple audit plugins. -Currently only 8 python audit plugins can be loaded at once. -.Pp -An audit plugin may have the following member functions (all of them are optional): -.Bl -tag -width 4n -.It Sy constructor -.Bd -literal -compact -__init__(self, user_env: Tuple[str, ...], settings: Tuple[str, ...], - version: str, user_info: Tuple[str, ...], plugin_options: Tuple[str, ...]) -.Ed -.Pp -The default constructor will set the keyword arguments it receives -as member variables in the object. -.Pp -The constructor matches the -.Fn open -function in the C sudo plugin API. -.Pp -The function arguments are as follows: -.Bl -tag -width 4n -.It Fa user_env -The user's environment as a tuple of strings in -.Dq key=value -format. -.It Fa settings -A tuple of user-supplied -.Em sudo -settings in the form of -.Dq key=value -strings. -.It Fa version -The version of the Python Audit Plugin API. -.It Fa user_info -A tuple of information about the user running the command in the form of -.Dq key=value -strings. -.It Fa plugin_options -The plugin options passed as arguments in the -.Xr sudo.conf @mansectform@ -plugin registration. -This is a tuple of strings, usually (but not necessarily) in -.Dq key=value -format. -.El -.It Sy open -.Bd -literal -compact -open(self, submit_optind: int, - submit_argv: Tuple[str, ...]) -> int -.Ed -.Pp -The function arguments are as follows: -.Bl -tag -width 4n -.It Fa submit_optind -The index into -.Fa submit_argv -that corresponds to the first entry that is not a command line option. -.It Fa submit_argv -The argument vector sudo was invoked with, including all command line options. -.El -.It Sy close -.Bd -literal -compact -close(self, status_type: int, status: int) -> None -.Ed -.Pp -Called when sudo is finished, shortly before it exits. -.Pp -The function arguments are as follows: -.Bl -tag -width 4n -.It Fa status_type -The type of status being passed. -One of the sudo.EXIT_REASON.* constants. -.It Fa status -Depending on the value of -.Fa status_type , -this value is either -ignored, the command's exit status as returned by the -.Xr wait 2 -system call, the value of -.Li errno -set by the -.Xr execve 2 -system call, or the value of -.Li errno -resulting from an error in the -.Nm sudo -front end. -.El -.It Sy show_version -.Bd -literal -compact -show_version(self, is_verbose: int) -> int -.Ed -.Pp -Display the plugin version information to the user. -The -.Fn sudo.log_info -function should be used. -.Pp -The function arguments are as follows: -.Bl -tag -width 4n -.It Fa is_verbose -A flag to indicate displaying more verbose information. -Currently this is 1 if -.Ql sudo -V -is run as the root user. -.El -.It Sy accept -.Bd -literal -compact -accept(self, plugin_name: str, plugin_type: int, command_info: Tuple[str, ...], - run_argv: Tuple[str, ...], run_envp: Tuple[str, ...]) -> int -.Ed -.Pp -This function is called when a command or action is accepted by a policy -or approval plugin. -The function arguments are as follows: -.Bl -tag -width 4n -.It plugin_name -The name of the plugin that accepted the command or -.Dq sudo -for the -.Nm sudo -front-end. -.It plugin_type -The type of plugin that accepted the command, currently either -.Dv sudo.PLUGIN_TYPE.POLICY , -.Dv sudo.PLUGIN_TYPE.APPROVAL -or -.Dv sudo.PLUGIN_TYPE.SUDO . -The -.Fn accept -function is called multiple times--once for each policy or approval -plugin that succeeds and once for the sudo front-end. -When called on behalf of the sudo front-end, -.Fa command_info -may include information from an I/O logging plugin as well. -.Pp -Typically, an audit plugin is interested in either the accept status from -the -.Nm sudo -front-end or from the various policy and approval plugins, but not both. -It is possible for the policy plugin to accept a command that is -later rejected by an approval plugin, in which case the audit -plugin's -.Fn accept -and -.Fn reject -functions will -.Em both -be called. -.It command_info -A vector of information describing the command being run. -See the -.Xr sudo_plugin @mansectform@ -manual for possible values. -.It run_argv -Argument vector describing a command that will be run. -.It run_envp -The environment the command will be run with. -.El -.It Sy reject -.Bd -literal -compact -reject(self, plugin_name: str, plugin_type: int, audit_msg: str, - command_info: Tuple[str, ...]) -> int -.Ed -.Pp -This function is called when a command or action is rejected by the policy -plugin. -The function arguments are as follows: -.Bl -tag -width 4n -.It plugin_name -The name of the plugin that rejected the command. -.It plugin_type -The type of plugin that rejected the command, currently either -.Dv sudo.PLUGIN_TYPE.POLICY , -.Dv sudo.PLUGIN_TYPE.APPROVAL -or -.Dv sudo.PLUGIN_TYPE.IO . -.Pp -Unlike the -.Fn accept -function, the -.Fn reject -function is not called on behalf of the -.Nm sudo -front-end. -.It audit_msg -An optional string describing the reason the command was rejected by the plugin. -If the plugin did not provide a reason, audit_msg will be -.Em None -. -.It command_info -A vector of information describing the rejected command. -See the -.Xr sudo_plugin @mansectform@ -manual for possible values. -.El -.It Sy error -.Bd -literal -compact -error(self, plugin_name: str, plugin_type: int, audit_msg: str, - command_info: Tuple[str, ...]) -> int -.Ed -.Pp -This function is called when a plugin or the -.Nm sudo -front-end returns an error. -The function arguments are as follows: -.Bl -tag -width 4n -.It plugin_name -The name of the plugin that generated the error or -.Dq sudo -for the -.Nm sudo -front-end. -.It plugin_type -The type of plugin that generated the error, or -.Dv SUDO_FRONT_END -for the -.Nm sudo -front-end. -.It audit_msg -An optional string describing the plugin error. -If the plugin did not provide a description, it will be -.Em None -. -.It command_info -A vector of information describing the command. -See the -.Xr sudo_plugin @mansectform@ -manual for possible values. -.El -.El -.Ss Audit plugin example -Sudo ships a Python Audit plugin example. -To try it, register it by adding the following lines to -.Pa @sysconfdir@/sudo.conf : -.Bd -literal -offset indent -Plugin python_audit python_plugin.so \e - ModulePath=@prefix@/share/doc/sudo/examples/example_audit_plugin.py \e - ClassName=SudoAuditPlugin -.Ed -.Pp -It will log the plugin accept / reject / error results to the output. -.Ss Approval plugin API -Approval plugins must be registered in -.Xr sudo.conf @mansectform@ . -For example: -.Bd -literal -offset indent -Plugin python_approval python_plugin.so ModulePath= ClassName= -.Ed -.Pp -Sudo supports loading multiple approval plugins. -Currently only 8 python approval plugins can be loaded at once. -.Pp -An approval plugin may have the following member functions: -.Bl -tag -width 4n -.It Sy constructor -.Bd -literal -compact -__init__(self, user_env: Tuple[str, ...], settings: Tuple[str, ...], - version: str, user_info: Tuple[str, ...], plugin_options: Tuple[str, ...], - submit_optind: int, submit_argv: Tuple[str, ...]) -.Ed -.Pp -Optional. -The default constructor will set the keyword arguments it receives -as member variables in the object. -.Pp -The constructor matches the -.Fn open -function in the C sudo plugin API. -.Pp -The function arguments are as follows: -.Bl -tag -width 4n -.It Fa user_env -The user's environment as a tuple of strings in -.Dq key=value -format. -.It Fa settings -A tuple of user-supplied -.Em sudo -settings in the form of -.Dq key=value -strings. -.It Fa version -The version of the Python Approval Plugin API. -.It Fa user_info -A tuple of information about the user running the command in the form of -.Dq key=value -strings. -.It Fa plugin_options -The plugin options passed as arguments in the -.Xr sudo.conf @mansectform@ -plugin registration. -This is a tuple of strings, usually (but not necessarily) in -.Dq key=value -format. -.It Fa submit_optind -The index into -.Fa submit_argv -that corresponds to the first entry that is not a command line option. -.It Fa submit_argv -The argument vector sudo was invoked with, including all command line options. -.El -.It Sy show_version -.Bd -literal -compact -show_version(self, is_verbose: int) -> int -.Ed -.Pp -Display the version. (Same as for all the other plugins.) -.It Sy check -.Bd -literal -compact -check(self, command_info: Tuple[str, ...], run_argv: Tuple[str, ...], - run_env: Tuple[str, ...]) -> int -.Ed -.Pp -This function is called after policy plugin's check_policy has succeeded. -It can reject execution of the command by returning sudo.RC.REJECT or -raising the special exception: -.Bd -literal -offset indent -raise sudo.PluginReject("some message") -.Ed -.Pp -with the message describing the problem. -In the latter case, the audit plugins will get the description. -.Pp -The function arguments are as follows: -.Bl -tag -width 4n -.It command_info -A vector of information describing the command that will run. -See the -.Xr sudo_plugin @mansectform@ -manual for possible values. -.It run_argv -Argument vector describing a command that will be run. -.It run_env -The environment the command will be run with. -.El -.El -.Ss Approval plugin example -Sudo ships a Python Approval plugin example. -To try it, register it by adding the following lines to -.Pa @sysconfdir@/sudo.conf : -.Bd -literal -offset indent -Plugin python_approval python_plugin.so \e - ModulePath=@prefix@/share/doc/sudo/examples/example_approval_plugin.py \e - ClassName=BusinessHoursApprovalPlugin -.Ed -.Pp -It will only allow execution of commands in the "business hours" (from Monday -to Friday between 8:00 and 17:59:59). -.Ss Sudoers group provider plugin API -A group provider plugin is registered in the -.Xr sudoers @mansectform@ -file. -For example: -.Bd -literal -offset indent -Defaults group_plugin="python_plugin.so ModulePath= ClassName=" -.Ed -.Pp -Currently, only a single group plugin can be registered in -.Em sudoers . -.Pp -A group provider plugin may have the following member functions: -.Bl -tag -width 4n -.It Sy constructor -.Bd -literal -compact -__init__(self, args: Tuple[str, ...], version: str) -.Ed -.Pp -Implementing this function is optional. -The default constructor will set the keyword arguments it receives -as member variables in the object. -.Pp -The function arguments are as follows: -.Bl -tag -width 4n -.It Fa args -The plugin options passed as arguments in the -.Em sudoers -file plugin registration. -All the arguments are free form strings (not necessarily in -.Dq key=value -format). -.It Fa version -The version of the Python Group Plugin API. -.El -.It Sy query -.Bd -literal -compact -query(self, user: str, group: str, user_pwd: Tuple) -.Ed -.Pp -The -.Fn query -function is used to ask the group plugin whether -.Fa user -is a member of -.Fa group . -This method is required. -.El -.Pp -The function arguments are as follows: -.Bl -tag -width 4n -.It Fa user -The name of the user being looked up in the external group database. -.It Fa group -The name of the group being queried. -.It Fa user_pwd -The password database entry for the user, if any. -If -.Fa user -is not present in the password database, -.Fa user_pwd -will be -.Dv NULL . -.El -.Ss Group plugin example -Sudo ships a Python group plugin example. -To try it, register it in the -.Em sudoers -file by adding the following lines: -.Bd -literal -offset indent -Defaults group_plugin="python_plugin.so \e - ModulePath=@prefix@/share/doc/sudo/examples/example_group_plugin.py \e - ClassName=SudoGroupPlugin" -.Ed -.Pp -The example plugin will tell -.Nm sudo -that the user -.Em test -is part of the non-unix group -.Em mygroup . -If you add a rule that uses this group, it will affect the -.Em test -user. -For example: -.Bd -literal -offset indent -%:mygroup ALL=(ALL) NOPASSWD: ALL -.Ed -.Pp -Will allow user -.Em test -to run -.Nm sudo -without a password. -.Ss Hook function API -The hook function API is currently not supported for plugins -written in Python. -.Ss Conversation API -A Python plugin can interact with the user using the -.Fn sudo.conv -function which displays one or more messages described by the -.Sy sudo.ConvMessage -class. -This is the Python equivalent of the -.Fn conversation -function in the C sudo plugin API. -A plugin should not attempt to read directly from the standard input or -the user's tty (neither of which are guaranteed to exist). -.Pp -The -.Sy sudo.ConvMessage -class specifies how the user interaction should occur: -.Bd -literal -offset 4n -sudo.ConvMessage(msg_type: int, msg: str, timeout: int) -.Ed -.Pp -.Sy sudo.ConvMessage -member variables: -.Bl -tag -width 4n -.It Fa msg_type -Specifies the type of the conversation. -See the -.Dv sudo.CONV.* -constants below. -.It Fa msg -The message to display to the user. -The caller must include a trailing newline in -.Li msg -if one is to be displayed. -.It Fa timeout -Optional. -The maximum amount of time for the conversation in seconds. -If the timeout is exceeded, the -.Fn sudo.conv -function will raise a -.Dv sudo.ConversationInterrupted -exception. -The default is to wait forever (no timeout). -.El -.Pp -To specify the message type, the following constants are available: -.Pp -.Bl -bullet -compact -offset 4n -width 1n -.It -sudo.CONV.PROMPT_ECHO_OFF -.It -sudo.CONV.PROMPT_ECHO_ON -.It -sudo.CONV.ERROR_MSG -.It -sudo.CONV.INFO_MSG -.It -sudo.CONV.PROMPT_MASK -.It -sudo.CONV.PROMPT_ECHO_OK -.It -sudo.CONV.PREFER_TTY -.El -.Pp -See the -.Xr sudo_plugin @mansectform@ -manual for a description of the message types. -.Pp -The -.Fn sudo.conv -function performs the actual user interaction: -.Bd -literal -offset 4n -sudo.conv(message(s), on_suspend=suspend_function, - on_resume=resume_function) -.Ed -.Pp -The function arguments are as follows: -.Bl -tag -width 4n -.It Fa message(s) -One of more messages (of type -.Sy sudo.ConvMessage ) , -each describing a conversation. -At least one message is required. -.It Fa on_suspend -An optional callback function which gets called if the conversation -is suspended, for example by the user pressing control-Z. -The specified function must take a single argument which will be filled -with the number of the signal that caused the process to be suspended. -.It Fa on_resume -An optional callback function which gets called when the previously -suspended conversation is resumed. -The specified function must take a single argument which will be filled -with the number of the signal that caused the process to be suspended. -.El -.Pp -The -.Fn sudo.conv -function can raise the following exceptions: -.Bl -tag -width 4n -.It Sy sudo.SudoException -If the conversation fails, for example when the conversation function is not -available. -.It Sy sudo.ConversationInterrupted -If the conversation function returns an error, e.g., the timeout passed -or the user interrupted the conversation by pressing control-C. -.El -.Ss Conversation example -Sudo ships with an example plugin demonstrating the Python conversation API. -To try it, register it by adding the following lines to -.Pa @sysconfdir@/sudo.conf : -.Bd -literal -offset indent -Plugin python_io python_plugin.so \e - ModulePath=@prefix@/share/doc/sudo/examples/example_conversation.py \e - ClassName=ReasonLoggerIOPlugin -.Ed -.Ss Information / error display API -.Bd -literal -sudo.log_info(string(s), sep=" ", end="\en") -sudo.log_error(string(s), sep=" ", end="\en") -.Ed -.Pp -To display information to the user, the -.Fn sudo.log_info -function can be used. -To display error messages, use -.Fn sudo.log_error . -The syntax is similar to the Python -.Fn print -function. -.Pp -The function arguments are as follows: -.Bl -tag -width 4n -.It Fa string(s) -One or more strings to display. -.It Fa sep -An optional string which will be used as the separator between the -specified strings. -The default is a space character, -.Pq Sq \ . -.It Fa end -An optional string which will be displayed at the end of the message. -The default is a new line character -.Pq Sq \en . -.El -.Ss Debug API -Debug messages are not visible to the user and are only logged debugging -is explicitly enabled in -.Xr sudo.conf @mansectform@ . -Python plugins can use the -.Fn sudo.debug -function to make use of -.Nm sudo Ns No 's -debug system. -.Pp -.Em Enabling debugging in sudo.conf -.Pp -To enable debug messages, add a -.Li Debug -line to -.Xr sudo.conf @mansectform@ -with the program set to -.Pa python_plugin.so . -For example, to store debug output in -.Pa /var/log/sudo_python_debug , -use a line like the following: -.Bd -literal -offset indent -Debug python_plugin.so /var/log/sudo_python_debug \e - plugin@trace,c_calls@trace -.Ed -.Pp -The debug options are in the form of multiple -.Dq subsystem@level -strings, separated by commas -.Pq Sq \&, . -For example to just see the debug output of -.Fn sudo.debug -calls, use: -.Bd -literal -offset indent -Debug python_plugin.so /var/log/sudo_python_debug plugin@trace -.Ed -.Pp -See -.Xr sudo_conf @mansectform@ -for more details. -.Pp -The most interesting subsystems for Python plugin development are: -.Bl -tag -width 4n -.It Em plugin -Logs each -.Fn sudo.debug -API call. -.It Em py_calls -Logs whenever a C function calls into the python module. -For example, calling the -.Fn __init__ -function. -.It Em c_calls -Logs whenever python calls into a C -.Nm sudo -API function. -.It Em internal -Logs internal functions of the python language wrapper plugin. -.It Em sudo_cb -Logs when -.Nm sudo -calls into the python plugin API. -.It Em load -Logs python plugin loading / unloading events. -.El -.Pp -You can also specify -.Dq all -as the subsystem name to log debug messages for all subsystems. -.Pp -The -.Fn sudo.debug -function is defined as: -.Bd -literal -offset 4n -sudo.debug(level, message(s)) -.Ed -.Pp -The function arguments are as follows: -.Bl -tag -width 4n -.It Fa level -an integer, use one of the log level constants below -.It Fa message(s) -one or more messages to log -.El -.Pp -.Em Available log levels: -.Bl -column "name in sudo.conf" "Python constant" "only critical messages" -.It Sy sudo.conf name Ta Sy Python constant Ta Sy description -.It crit Ta sudo.DEBUG.CRIT Ta only critical messages -.It err Ta sudo.DEBUG.ERROR Ta -.It warn Ta sudo.DEBUG.WARN Ta -.It notice Ta sudo.DEBUG.NOTICE Ta -.It diag Ta sudo.DEBUG.DIAG Ta -.It info Ta sudo.DEBUG.INFO Ta -.It trace Ta sudo.DEBUG.TRACE Ta -.It debug Ta sudo.DEBUG.DEBUG Ta very extreme verbose debugging -.El -.Pp -.Em Using the logging module -.Pp -Alternatively, a plugin can use the built in logging module of Python as well. -Sudo adds its log handler to the root logger, so by default all output of a -logger will get forwarded to sudo log system, as it would call sudo.debug. -.Pp -The log handler of sudo will map each Python log level of a message to -the appropriate sudo debug level. -Note however, that sudo debug system will only get the messages not filtered -out by the Python loggers. -For example, the log level of the python logger will be an additional filter -for the log messages, and is usually very different from what level is set in sudo.conf -for the sudo debug system. -.Ss Debug example -Sudo ships an example debug plugin by default. -To try it, register it by adding the following lines to -.Pa @sysconfdir@/sudo.conf : -.Bd -literal -offset indent -Plugin python_io python_plugin.so \e - ModulePath=@prefix@/share/doc/sudo/examples/example_debugging.py \e - ClassName=DebugDemoPlugin - -Debug python_plugin.so \e - /var/log/sudo_python_debug plugin@trace,c_calls@trace -.Ed -.Ss Option conversion API -The Python plugin API includes two convenience functions to -convert options in -.Dq key=value -format to a dictionary and vice versa. -.Bl -tag -width 4n -.It options_as_dict -.Bd -literal -compact -options_as_dict(options) -.Ed -.Pp -The function arguments are as follows: -.Bl -tag -width 4n -.It Fa options -An iterable (tuple, list, etc.) of strings, each in -.Dq key=value -format. -This is how the plugin API passes options and settings to a Python plugin. -.El -.Pp -The function returns the resulting dictionary. -Each string of the passed in -.Fa options -will be split at the first equal sign -.Pq Sq \&= -into a -.Em key -and -.Em value . -Dictionary keys will never contain this symbol (but values may). -.It options_from_dict -.Bd -literal -compact -options_from_dict(options_dict) -.Ed -.Pp -The function arguments are as follows: -.Bl -tag -width 4n -.It Fa options_dict -A dictionary where both the key and the value are strings. -Note that the key should not contain an equal sign -.Pq Sq \&= , -otherwise the resulting string will have a different meaning. -However, this is not currently enforced. -.El -.Pp -The function returns a tuple containing the strings in -.Dq key=value -form for each key and value in the -.Fa options_dict -dictionary passed in. -This is how the plugin API accepts options and settings. -.El -.Sh PLUGIN API CHANGELOG (Python) -None yet -.Sh LIMITATIONS -Only a maximum number of 8 python I/O plugins can be loaded at once. -If -.Pa @sysconfdir@/sudo.conf -contains more, those will be rejected with a warning message. -.Pp -The Event API and the hook function API is currently not accessible for Python plugins. -.Sh SEE ALSO -.Xr sudo.conf @mansectform@ , -.Xr sudo_plugin @mansectform@ , -.Xr sudoers @mansectform@ , -.Xr sudo @mansectsu@ -.Sh AUTHORS -Many people have worked on -.Nm sudo -over the years; this version consists of code written primarily by: -.Bd -ragged -offset indent -.An Todd C. Miller -.Ed -.Pp -See the CONTRIBUTORS file in the -.Nm sudo -distribution (https://www.sudo.ws/contributors.html) for an -exhaustive list of people who have contributed to -.Nm sudo . -.Sh BUGS -Python plugin support is currently considered experimental. -.Pp -If you feel you have found a bug in -.Nm sudo , -please submit a bug report at https://bugzilla.sudo.ws/ -.Sh SECURITY CONSIDERATIONS -All Python plugin handling is implemented inside the -.Li python_plugin.so -dynamic plugin. -Therefore, if no Python plugin is registered in -.Xr sudo.conf @mansectform@ -or the -.Em sudoers -file, -.Nm sudo -will not load the Python interpreter or the Python libraries. -.Pp -By default, a Python plugin can only import Python modules which are -owned by -.Em root -and are only writable by the owner. -The reason for this is to prevent a file getting imported accidentally -which is modifiable by a non-root user. -As -.Nm sudo -plugins run as -.Em root , -accidentally importing such file would make it possible for any user -(having write access) to execute any code with administrative rights. -.Pp -However, during development of a plugin this might not be very convenient. -The -.Xr sudo.conf @mansectform@ -.Li developer_mode -option can be used to disable it. -For example: -.Dl Set developer_mode true -.Pp -Please note that this creates a security risk, so it is not recommended -on critical systems such as a desktop machine for daily use, but is intended -to be used in development environments (VM, container, etc). -Before enabling developer mode, ensure you understand the implications. -.Sh SUPPORT -Limited free support is available via the sudo-users mailing list, -see https://www.sudo.ws/mailman/listinfo/sudo-users to subscribe or -search the archives. -.Sh DISCLAIMER -.Nm sudo -is provided -.Dq AS IS -and any express or implied warranties, including, but not limited -to, the implied warranties of merchantability and fitness for a -particular purpose are disclaimed. -See the LICENSE file distributed with -.Nm sudo -or https://www.sudo.ws/license.html for complete details. diff -Nru sudo-1.9.5p2/doc/sudo_sendlog.man.in sudo-1.9.9/doc/sudo_sendlog.man.in --- sudo-1.9.5p2/doc/sudo_sendlog.man.in 2020-12-17 01:33:43.000000000 +0000 +++ sudo-1.9.9/doc/sudo_sendlog.man.in 1970-01-01 00:00:00.000000000 +0000 @@ -1,190 +0,0 @@ -.\" Automatically generated from an mdoc input file. Do not edit. -.\" -.\" SPDX-License-Identifier: ISC -.\" -.\" Copyright (c) 2019-2020 Todd C. Miller -.\" -.\" Permission to use, copy, modify, and distribute this software for any -.\" purpose with or without fee is hereby granted, provided that the above -.\" copyright notice and this permission notice appear in all copies. -.\" -.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES -.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF -.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR -.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES -.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN -.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF -.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. -.\" -.TH "SUDO_SENDLOG" "@mansectsu@" "May 12, 2020" "Sudo @PACKAGE_VERSION@" "System Manager's Manual" -.nh -.if n .ad l -.SH "NAME" -\fBsudo_sendlog\fR -\- send sudo I/O log to log server -.SH "SYNOPSIS" -.HP 13n -\fBsudo_sendlog\fR -[\fB\-AnV\fR] -[\fB\-b\fR\ \fIca_bundle\fR] -[\fB\-c\fR\ \fIcert_file\fR] -[\fB\-h\fR\ \fIhost\fR] -[\fB\-i\fR\ \fIiolog-id\fR] -[\fB\-k\fR\ \fIkey_file\fR] -[\fB\-p\fR\ \fIport\fR] -[\fB\-r\fR\ \fIrestart-point\fR] -[\fB\-R\fR\ \fIreject-reason\fR] -[\fB\-t\fR\ \fInumber\fR] -\fIpath\fR -.SH "DESCRIPTION" -\fBsudo_sendlog\fR -can be used to send the existing -\fBsudoers\fR -I/O log -\fIpath\fR -to a remote log server such as -sudo_logsrvd(@mansectsu@) -for central storage. -.PP -The options are as follows: -.TP 12n -\fB\-A\fR, \fB\--accept-only\fR -Only send the accept event, not the I/O associated with the log. -This can be used to test the logging of accept events without -any associated I/O. -.TP 12n -\fB\-b\fR, \fB\--ca-bundle\fR -The path to a certificate authority bundle file, in PEM format, -to use instead of the system's default certificate authority database -when authenticating the log server. -The default is to use the system's default certificate authority database. -.TP 12n -\fB\-c\fR, \fB\--cert\fR -The path to the client's certificate file in PEM format. -This setting is required when the connection to the remote log server -is secured with TLS. -.TP 12n -\fB\--help\fR -Display a short help message to the standard output and exit. -.TP 12n -\fB\-h\fR, \fB\--host\fR -Connect to the specified -\fIhost\fR -instead of localhost. -.TP 12n -\fB\-i\fR, \fB\--iolog-id\fR -Use the specified -\fIiolog-id\fR -when restarting a log transfer. -The -\fIiolog-id\fR -is reported by the server when it creates the remote I/O log. -This option may only be used in conjunction with the -\fB\-r\fR -option. -.TP 12n -\fB\-k\fR, \fB\--key\fR -.br -The path to the client's private key file in PEM format. -This setting is required when the connection to the remote log server -is secured with TLS. -.TP 12n -\fB\-n\fR, \fB\--no-verify\fR -If specified, the server's certificate will not be verified during -the TLS handshake. -By default, -\fBsudo_sendlog\fR -verifies that the server's certificate is valid and that it contains either -the server's host name or its IP address. -This setting is only supported when the connection to the remote log server -is secured with TLS. -.TP 12n -\fB\-p\fR, \fB\--port\fR -Use the specified network -\fIport\fR -when connecting to the log server instead of the -default, port 30344. -.TP 12n -\fB\-r\fR, \fB\--restart\fR -Restart an interrupted connection to the log server. -The specified -\fIrestart-point\fR -is used to tell the server the point in time at which to continue the log. -The -\fIrestart-point\fR -is specified in the form -\(lqseconds,nanoseconds\(rq -and is usually the last commit point received from the server. -The -\fB\-i\fR -option must also be specified when restarting a transfer. -.TP 12n -\fB\-R\fR, \fB\--reject\fR -Send a reject event for the command using the specified -\fIreject-reason\fR, -even though it was actually accepted locally. -This can be used to test the logging of reject events; no I/O -will be sent. -.TP 12n -\fB\-t\fR, \fB\--test\fR -Open -\fInumber\fR -simultaneous connections to the log server and send the specified -I/O log file on each one. -This option is useful for performance testing. -.TP 12n -\fB\-V\fR, \fB\--version\fR -Print the -\fBsudo_sendlog\fR -version and exit. -.SS "Debugging sendlog" -\fBsudo_sendlog\fR -supports a flexible debugging framework that is configured via -\fRDebug\fR -lines in the -sudo.conf(@mansectform@) -file. -.PP -For more information on configuring -sudo.conf(@mansectform@), -please refer to its manual. -.SH "FILES" -.TP 26n -\fI@sysconfdir@/sudo.conf\fR -Sudo front end configuration -.SH "SEE ALSO" -sudo.conf(@mansectform@), -sudo(@mansectsu@), -sudo_logsrvd(@mansectsu@) -.SH "AUTHORS" -Many people have worked on -\fBsudo\fR -over the years; this version consists of code written primarily by: -.sp -.RS 6n -Todd C. Miller -.RE -.PP -See the CONTRIBUTORS file in the -\fBsudo\fR -distribution (https://www.sudo.ws/contributors.html) for an -exhaustive list of people who have contributed to -\fBsudo\fR. -.SH "BUGS" -If you feel you have found a bug in -\fBsudo_sendlog\fR, -please submit a bug report at https://bugzilla.sudo.ws/ -.SH "SUPPORT" -Limited free support is available via the sudo-users mailing list, -see https://www.sudo.ws/mailman/listinfo/sudo-users to subscribe or -search the archives. -.SH "DISCLAIMER" -\fBsudo_sendlog\fR -is provided -\(lqAS IS\(rq -and any express or implied warranties, including, but not limited -to, the implied warranties of merchantability and fitness for a -particular purpose are disclaimed. -See the LICENSE file distributed with -\fBsudo\fR -or https://www.sudo.ws/license.html for complete details. diff -Nru sudo-1.9.5p2/doc/sudo_sendlog.mdoc.in sudo-1.9.9/doc/sudo_sendlog.mdoc.in --- sudo-1.9.5p2/doc/sudo_sendlog.mdoc.in 2020-12-17 01:33:43.000000000 +0000 +++ sudo-1.9.9/doc/sudo_sendlog.mdoc.in 1970-01-01 00:00:00.000000000 +0000 @@ -1,176 +0,0 @@ -.\" -.\" SPDX-License-Identifier: ISC -.\" -.\" Copyright (c) 2019-2020 Todd C. Miller -.\" -.\" Permission to use, copy, modify, and distribute this software for any -.\" purpose with or without fee is hereby granted, provided that the above -.\" copyright notice and this permission notice appear in all copies. -.\" -.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES -.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF -.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR -.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES -.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN -.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF -.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. -.\" -.Dd May 12, 2020 -.Dt SUDO_SENDLOG @mansectsu@ -.Os Sudo @PACKAGE_VERSION@ -.Sh NAME -.Nm sudo_sendlog -.Nd send sudo I/O log to log server -.Sh SYNOPSIS -.Nm sudo_sendlog -.Op Fl AnV -.Op Fl b Ar ca_bundle -.Op Fl c Ar cert_file -.Op Fl h Ar host -.Op Fl i Ar iolog-id -.Op Fl k Ar key_file -.Op Fl p Ar port -.Op Fl r Ar restart-point -.Op Fl R Ar reject-reason -.Op Fl t Ar number -.Ar path -.Sh DESCRIPTION -.Nm -can be used to send the existing -.Nm sudoers -I/O log -.Ar path -to a remote log server such as -.Xr sudo_logsrvd @mansectsu@ -for central storage. -.Pp -The options are as follows: -.Bl -tag -width Fl -.It Fl A , -accept-only -Only send the accept event, not the I/O associated with the log. -This can be used to test the logging of accept events without -any associated I/O. -.It Fl b , -ca-bundle -The path to a certificate authority bundle file, in PEM format, -to use instead of the system's default certificate authority database -when authenticating the log server. -The default is to use the system's default certificate authority database. -.It Fl c , -cert -The path to the client's certificate file in PEM format. -This setting is required when the connection to the remote log server -is secured with TLS. -.It Fl -help -Display a short help message to the standard output and exit. -.It Fl h , -host -Connect to the specified -.Ar host -instead of localhost. -.It Fl i , -iolog-id -Use the specified -.Ar iolog-id -when restarting a log transfer. -The -.Ar iolog-id -is reported by the server when it creates the remote I/O log. -This option may only be used in conjunction with the -.Fl r -option. -.It Fl k , -key -The path to the client's private key file in PEM format. -This setting is required when the connection to the remote log server -is secured with TLS. -.It Fl n , -no-verify -If specified, the server's certificate will not be verified during -the TLS handshake. -By default, -.Nm -verifies that the server's certificate is valid and that it contains either -the server's host name or its IP address. -This setting is only supported when the connection to the remote log server -is secured with TLS. -.It Fl p , -port -Use the specified network -.Ar port -when connecting to the log server instead of the -default, port 30344. -.It Fl r , -restart -Restart an interrupted connection to the log server. -The specified -.Ar restart-point -is used to tell the server the point in time at which to continue the log. -The -.Ar restart-point -is specified in the form -.Dq seconds,nanoseconds -and is usually the last commit point received from the server. -The -.Fl i -option must also be specified when restarting a transfer. -.It Fl R , -reject -Send a reject event for the command using the specified -.Ar reject-reason , -even though it was actually accepted locally. -This can be used to test the logging of reject events; no I/O -will be sent. -.It Fl t , -test -Open -.Ar number -simultaneous connections to the log server and send the specified -I/O log file on each one. -This option is useful for performance testing. -.It Fl V , -version -Print the -.Nm -version and exit. -.El -.Ss Debugging sendlog -.Nm -supports a flexible debugging framework that is configured via -.Li Debug -lines in the -.Xr sudo.conf @mansectform@ -file. -.Pp -For more information on configuring -.Xr sudo.conf @mansectform@ , -please refer to its manual. -.Sh FILES -.Bl -tag -width 24n -.It Pa @sysconfdir@/sudo.conf -Sudo front end configuration -.El -.Sh SEE ALSO -.Xr sudo.conf @mansectform@ , -.Xr sudo @mansectsu@ , -.Xr sudo_logsrvd @mansectsu@ -.Sh AUTHORS -Many people have worked on -.Nm sudo -over the years; this version consists of code written primarily by: -.Bd -ragged -offset indent -.An Todd C. Miller -.Ed -.Pp -See the CONTRIBUTORS file in the -.Nm sudo -distribution (https://www.sudo.ws/contributors.html) for an -exhaustive list of people who have contributed to -.Nm sudo . -.Sh BUGS -If you feel you have found a bug in -.Nm , -please submit a bug report at https://bugzilla.sudo.ws/ -.Sh SUPPORT -Limited free support is available via the sudo-users mailing list, -see https://www.sudo.ws/mailman/listinfo/sudo-users to subscribe or -search the archives. -.Sh DISCLAIMER -.Nm -is provided -.Dq AS IS -and any express or implied warranties, including, but not limited -to, the implied warranties of merchantability and fitness for a -particular purpose are disclaimed. -See the LICENSE file distributed with -.Nm sudo -or https://www.sudo.ws/license.html for complete details. diff -Nru sudo-1.9.5p2/doc/sudoers.ldap.man.in sudo-1.9.9/doc/sudoers.ldap.man.in --- sudo-1.9.5p2/doc/sudoers.ldap.man.in 2020-12-17 01:33:43.000000000 +0000 +++ sudo-1.9.9/doc/sudoers.ldap.man.in 1970-01-01 00:00:00.000000000 +0000 @@ -1,1727 +0,0 @@ -.\" Automatically generated from an mdoc input file. Do not edit. -.\" -.\" SPDX-License-Identifier: ISC -.\" -.\" Copyright (c) 2003-2020 Todd C. Miller -.\" -.\" Permission to use, copy, modify, and distribute this software for any -.\" purpose with or without fee is hereby granted, provided that the above -.\" copyright notice and this permission notice appear in all copies. -.\" -.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES -.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF -.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR -.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES -.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN -.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF -.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. -.\" -.TH "SUDOERS.LDAP" "@mansectform@" "October 29, 2020" "Sudo @PACKAGE_VERSION@" "File Formats Manual" -.nh -.if n .ad l -.SH "NAME" -\fBsudoers.ldap\fR -\- sudo LDAP configuration -.SH "DESCRIPTION" -In addition to the standard -\fIsudoers\fR -file, -\fBsudo\fR -may be configured -via LDAP. -This can be especially useful for synchronizing -\fIsudoers\fR -in a large, distributed environment. -.PP -Using LDAP for -\fIsudoers\fR -has several benefits: -.TP 3n -\fB\(bu\fR -\fBsudo\fR -no longer needs to read -\fIsudoers\fR -in its entirety. -When LDAP is used, there are only two or three LDAP queries per invocation. -This makes it especially fast and particularly usable in LDAP environments. -.TP 3n -\fB\(bu\fR -\fBsudo\fR -no longer exits if there is a typo in -\fIsudoers\fR. -It is not possible to load LDAP data into the server that does -not conform to the sudoers schema, so proper syntax is guaranteed. -It is still possible to have typos in a user or host name, but -this will not prevent -\fBsudo\fR -from running. -.TP 3n -\fB\(bu\fR -It is possible to specify per-entry options that override the global -default options. -\fI@sysconfdir@/sudoers\fR -only supports default options and limited options associated with -user/host/commands/aliases. -The syntax is complicated and can be difficult for users to understand. -Placing the options directly in the entry is more natural. -.TP 3n -\fB\(bu\fR -The -\fBvisudo\fR -program is no longer needed. -\fBvisudo\fR -provides locking and syntax checking of the -\fI@sysconfdir@/sudoers\fR -file. -Since LDAP updates are atomic, locking is no longer necessary. -Because syntax is checked when the data is inserted into LDAP, there -is no need for a specialized tool to check syntax. -.SS "SUDOers LDAP container" -The -\fIsudoers\fR -configuration is contained in the -\fRou=SUDOers\fR -LDAP container. -.PP -Sudo first looks for the -\fRcn=defaults\fR -entry in the SUDOers container. -If found, the multi-valued -\fRsudoOption\fR -attribute is parsed in the same manner as a global -\fRDefaults\fR -line in -\fI@sysconfdir@/sudoers\fR. -In the following example, the -\fRSSH_AUTH_SOCK\fR -variable will be preserved in the environment for all users. -.nf -.sp -.RS 4n -dn: cn=defaults,ou=SUDOers,dc=my-domain,dc=com -objectClass: top -objectClass: sudoRole -cn: defaults -description: Default sudoOption's go here -sudoOption: env_keep+=SSH_AUTH_SOCK -.RE -.fi -.PP -The equivalent of a sudoer in LDAP is a -\fRsudoRole\fR. -It consists of the following attributes: -.TP 6n -\fBsudoUser\fR -A user name, user-ID (prefixed with -\(oq#\(cq), -Unix group name or ID (prefixed with -\(oq%\(cq -or -\(oq%#\(cq -respectively), user netgroup (prefixed with -\(oq+\(cq), -or non-Unix group name or ID (prefixed with -\(oq%:\(cq -or -\(oq%:#\(cq -respectively). -User netgroups are matched using the user and domain members only; -the host member is not used when matching. -Non-Unix group support is only available when an appropriate -\fIgroup_plugin\fR -is defined in the global -\fIdefaults\fR -\fRsudoRole\fR -object. -.TP 6n -\fBsudoHost\fR -A host name, IP address, IP network, or host netgroup (prefixed with a -\(oq+\(cq). -The special value -\fRALL\fR -will match any host. -Host netgroups are matched using the host (both qualified and unqualified) -and domain members only; the user member is not used when matching. -If a -\fRsudoHost\fR -entry is preceded by an exclamation point, -\(oq\&!\(cq, -and the entry matches, the -\fRsudoRole\fR -in which it resides will be ignored. -Negated -\fRsudoHost\fR -entries are only supported by version 1.8.18 or higher. -.TP 6n -\fBsudoCommand\fR -A fully-qualified Unix command name with optional command line arguments, -potentially including globbing characters (aka wild cards). -If a command name is preceded by an exclamation point, -\(oq\&!\(cq, -the user will be prohibited from running that command. -.sp -The built-in command -\(lq\fRsudoedit\fR\(rq -is used to permit a user to run -\fBsudo\fR -with the -\fB\-e\fR -option (or as -\fBsudoedit\fR). -It may take command line arguments just as a normal command does. -Note that -\(lq\fRsudoedit\fR\(rq -is a command built into -\fBsudo\fR -itself and must be specified in without a leading path. -.sp -The special value -\fRALL\fR -will match any command. -.sp -If a command name is prefixed with a SHA-2 digest, it will -only be allowed if the digest matches. -This may be useful in situations where the user invoking -\fBsudo\fR -has write access to the command or its parent directory. -The following digest formats are supported: sha224, sha256, sha384 and sha512. -The digest name must be followed by a colon -(\(oq:\&\(cq) -and then the actual digest, in either hex or base64 format. -For example, given the following value for sudoCommand: -.nf -.sp -.RS 10n -sha224:0GomF8mNN3wlDt1HD9XldjJ3SNgpFdbjO1+NsQ /bin/ls -.RE -.fi -.RS 6n -.sp -The user may only run -\fI/bin/ls\fR -if its sha224 digest matches the specified value. -Command digests are only supported by version 1.8.7 or higher. -.RE -.TP 6n -\fBsudoOption\fR -Identical in function to the global options described above, but -specific to the -\fRsudoRole\fR -in which it resides. -.TP 6n -\fBsudoRunAsUser\fR -A user name or uid (prefixed with -\(oq#\(cq) -that commands may be run as or a Unix group (prefixed with a -\(oq%\(cq) -or user netgroup (prefixed with a -\(oq+\(cq) -that contains a list of users that commands may be run as. -The special value -\fRALL\fR -will match any user. -If a -\fRsudoRunAsUser\fR -entry is preceded by an exclamation point, -\(oq\&!\(cq, -and the entry matches, the -\fRsudoRole\fR -in which it resides will be ignored. -If -\fRsudoRunAsUser\fR -is specified but empty, it will match the invoking user. -If neither -\fRsudoRunAsUser\fR -nor -\fRsudoRunAsGroup\fR -are present, the value of the -\fIrunas_default\fR -\fRsudoOption\fR -is used (defaults to -\fR@runas_default@\fR). -.sp -The -\fRsudoRunAsUser\fR -attribute is only available in -\fBsudo\fR -versions -1.7.0 and higher. -Older versions of -\fBsudo\fR -use the -\fRsudoRunAs\fR -attribute instead. -Negated -\fRsudoRunAsUser\fR -entries are only supported by version 1.8.26 or higher. -.TP 6n -\fBsudoRunAsGroup\fR -A Unix group or gid (prefixed with -\(oq#\(cq) -that commands may be run as. -The special value -\fRALL\fR -will match any group. -If a -\fRsudoRunAsGroup\fR -entry is preceded by an exclamation point, -\(oq\&!\(cq, -and the entry matches, the -\fRsudoRole\fR -in which it resides will be ignored. -.sp -The -\fRsudoRunAsGroup\fR -attribute is only available in -\fBsudo\fR -versions -1.7.0 and higher. -Negated -\fRsudoRunAsGroup\fR -entries are only supported by version 1.8.26 or higher. -.TP 6n -\fBsudoNotBefore\fR -A timestamp in the form -\fRyyyymmddHHMMSSZ\fR -that can be used to provide a start date/time for when the -\fRsudoRole\fR -will be valid. -If multiple -\fRsudoNotBefore\fR -entries are present, the earliest is used. -Note that timestamps must be in Coordinated Universal Time (UTC), -not the local timezone. -The minute and seconds portions are optional, but some LDAP servers -require that they be present (contrary to the RFC). -.sp -The -\fRsudoNotBefore\fR -attribute is only available in -\fBsudo\fR -versions 1.7.5 and higher and must be explicitly enabled via the -\fBSUDOERS_TIMED\fR -option in -\fI@ldap_conf@\fR. -.TP 6n -\fBsudoNotAfter\fR -A timestamp in the form -\fRyyyymmddHHMMSSZ\fR -that indicates an expiration date/time, after which the -\fRsudoRole\fR -will no longer be valid. -If multiple -\fRsudoNotAfter\fR -entries are present, the last one is used. -Note that timestamps must be in Coordinated Universal Time (UTC), -not the local timezone. -The minute and seconds portions are optional, but some LDAP servers -require that they be present (contrary to the RFC). -.sp -The -\fRsudoNotAfter\fR -attribute is only available in -\fBsudo\fR -versions -1.7.5 and higher and must be explicitly enabled via the -\fBSUDOERS_TIMED\fR -option in -\fI@ldap_conf@\fR. -.TP 6n -\fBsudoOrder\fR -The -\fRsudoRole\fR -entries retrieved from the LDAP directory have no inherent order. -The -\fRsudoOrder\fR -attribute is an integer (or floating point value for LDAP servers -that support it) that is used to sort the matching entries. -This allows LDAP-based sudoers entries to more closely mimic the behavior -of the sudoers file, where the order of the entries influences the result. -If multiple entries match, the entry with the highest -\fRsudoOrder\fR -attribute is chosen. -This corresponds to the -\(lqlast match\(rq -behavior of the sudoers file. -If the -\fRsudoOrder\fR -attribute is not present, a value of 0 is assumed. -.sp -The -\fRsudoOrder\fR -attribute is only available in -\fBsudo\fR -versions 1.7.5 and higher. -.PP -Each attribute listed above should contain a single value, but there -may be multiple instances of each attribute type. -A -\fRsudoRole\fR -must contain at least one -\fRsudoUser\fR, -\fRsudoHost\fR -and -\fRsudoCommand\fR. -.PP -The following example allows users in group wheel to run any command -on any host via -\fBsudo\fR: -.nf -.sp -.RS 4n -dn: cn=%wheel,ou=SUDOers,dc=my-domain,dc=com -objectClass: top -objectClass: sudoRole -cn: %wheel -sudoUser: %wheel -sudoHost: ALL -sudoCommand: ALL -.RE -.fi -.SS "Anatomy of LDAP sudoers lookup" -When looking up a sudoer using LDAP there are only two or three -LDAP queries per invocation. -The first query is to parse the global options. -The second is to match against the user's name and the groups that -the user belongs to. -(The special -\fRALL\fR -tag is matched in this query too.) -If no match is returned for the user's name and groups, a third -query returns all entries containing user netgroups and other -non-Unix groups and checks to see if the user belongs to any of them. -.PP -If timed entries are enabled with the -\fBSUDOERS_TIMED\fR -configuration directive, the LDAP queries include a sub-filter that -limits retrieval to entries that satisfy the time constraints, if any. -.PP -If the -\fBNETGROUP_BASE\fR -configuration directive is present (see -\fIConfiguring ldap.conf\fR -below), queries are performed to determine -the list of netgroups the user belongs to before the sudoers query. -This makes it possible to include netgroups in the sudoers query -string in the same manner as Unix groups. -The third query mentioned above is not performed unless a group provider -plugin is also configured. -The actual LDAP queries performed by -\fBsudo\fR -are as follows: -.TP 5n -1.\& -Match all -\fRnisNetgroup\fR -records with a -\fRnisNetgroupTriple\fR -containing the user, host and NIS domain. -The query will match -\fRnisNetgroupTriple\fR -entries with either the short or long form of the host name or -no host name specified in the tuple. -If the NIS domain is set, the query will match only match entries -that include the domain or for which there is no domain present. -If the NIS domain is -\fInot\fR -set, a wildcard is used to match any domain name but be aware that the -NIS schema used by some LDAP servers may not support wild cards for -\fRnisNetgroupTriple\fR. -.TP 5n -2.\& -Repeated queries are performed to find any nested -\fRnisNetgroup\fR -records with a -\fRmemberNisNetgroup\fR -entry that refers to an already-matched record. -.PP -For sites with a large number of netgroups, using -\fBNETGROUP_BASE\fR -can significantly speed up -\fBsudo\fR's -execution time. -.SS "Differences between LDAP and non-LDAP sudoers" -One of the major differences between LDAP and file-based -\fIsudoers\fR -is that in LDAP, -\fBsudo\fR-specific -Aliases are not supported. -.PP -For the most part, there is little need for -\fBsudo\fR-specific -Aliases. -Unix groups, non-Unix groups (via the -\fIgroup_plugin\fR) -or user netgroups can be used in place of User_Aliases and Runas_Aliases. -Host netgroups can be used in place of Host_Aliases. -Since groups and netgroups can also be stored in LDAP there is no real need for -\fBsudo\fR-specific -aliases. -.PP -There are also some subtle differences in the way sudoers is handled -once in LDAP. -Probably the biggest is that according to the RFC, LDAP ordering -is arbitrary and you cannot expect that Attributes and Entries are -returned in any specific order. -.PP -The order in which different entries are applied can be controlled -using the -\fRsudoOrder\fR -attribute, but there is no way to guarantee the order of attributes -within a specific entry. -If there are conflicting command rules in an entry, the negative -takes precedence. -This is called paranoid behavior (not necessarily the most specific -match). -.PP -Here is an example: -.nf -.sp -.RS 4n -# /etc/sudoers: -# Allow all commands except shell -johnny ALL=(root) ALL,!/bin/sh -# Always allows all commands because ALL is matched last -puddles ALL=(root) !/bin/sh,ALL - -# LDAP equivalent of johnny -# Allows all commands except shell -dn: cn=role1,ou=Sudoers,dc=my-domain,dc=com -objectClass: sudoRole -objectClass: top -cn: role1 -sudoUser: johnny -sudoHost: ALL -sudoCommand: ALL -sudoCommand: !/bin/sh - -# LDAP equivalent of puddles -# Notice that even though ALL comes last, it still behaves like -# role1 since the LDAP code assumes the more paranoid configuration -dn: cn=role2,ou=Sudoers,dc=my-domain,dc=com -objectClass: sudoRole -objectClass: top -cn: role2 -sudoUser: puddles -sudoHost: ALL -sudoCommand: !/bin/sh -sudoCommand: ALL -.RE -.fi -.PP -Another difference is that it is not possible to use negation in a -sudoUser, sudoRunAsUser or sudoRunAsGroup attribute. -For example, the following attributes do not behave the way one might expect. -.nf -.sp -.RS 4n -# does not match all but joe -# rather, does not match anyone -sudoUser: !joe - -# does not match all but joe -# rather, matches everyone including Joe -sudoUser: ALL -sudoUser: !joe -.RE -.fi -.SS "Converting between file-based and LDAP sudoers" -The -cvtsudoers(1) -utility can be used to convert between file-based and LDAP -\fIsudoers\fR. -However, there are features in the file-based sudoers that have -no equivalent in LDAP-based sudoers (and vice versa). -These cannot be converted automatically. -.PP -For example, a Cmnd_Alias in a -\fIsudoers\fR -file may be converted to a -\fRsudoRole\fR -that contains multiple commands. -Multiple users and/or groups may be assigned to the -\fRsudoRole\fR. -.PP -Also, host, user, runas and command-based -\fRDefaults\fR -entries are not supported. -However, a -\fRsudoRole\fR -may contain one or more -\fRsudoOption\fR -attributes which can often serve the same purpose. -.PP -Consider the following -\fIsudoers\fR -lines: -.nf -.sp -.RS 4n -Cmnd_Alias PAGERS = /usr/bin/more, /usr/bin/pg, /usr/bin/less -Defaults!PAGERS noexec -alice, bob ALL = ALL -.RE -.fi -.PP -In this example, alice and bob are allowed to run all commands, but -the commands listed in PAGERS will have the noexec flag set, -preventing shell escapes. -.PP -When converting this to LDAP, two sudoRole objects can be used: -.nf -.sp -.RS 4n -dn: cn=PAGERS,ou=SUDOers,dc=my-domain,dc=com -objectClass: top -objectClass: sudoRole -cn: PAGERS -sudoUser: alice -sudoUser: bob -sudoHost: ALL -sudoCommand: /usr/bin/more -sudoCommand: /usr/bin/pg -sudoCommand: /usr/bin/less -sudoOption: noexec -sudoOrder: 900 - -dn: cn=ADMINS,ou=SUDOers,dc=my-domain,dc=com -objectClass: top -objectClass: sudoRole -cn: ADMINS -sudoUser: alice -sudoUser: bob -sudoHost: ALL -sudoCommand: ALL -sudoOrder: 100 -.RE -.fi -.PP -In the LDAP version, the sudoOrder attribute is used to guarantee -that the PAGERS sudoRole with -\fInoexec\fR -has precedence. -Unlike the -\fIsudoers\fR -version, the LDAP version requires that all users for whom the restriction -should apply be assigned to the PAGERS sudoRole. -Using a Unix group or netgroup in PAGERS rather than listing each -user would make this easier to maintain. -.PP -Per-user -\fRDefaults\fR -entries can be emulated by using one or more sudoOption attributes -in a sudoRole. -Consider the following -\fIsudoers\fR -lines: -.nf -.sp -.RS 4n -User_Alias ADMINS = john, sally -Defaults:ADMINS !authenticate -ADMINS ALL = (ALL:ALL) ALL -.RE -.fi -.PP -In this example, john and sally are allowed to run any command -as any user or group. -.PP -When converting this to LDAP, we can use a Unix group instead -of the User_Alias. -.nf -.sp -.RS 4n -dn: cn=admins,ou=SUDOers,dc=my-domain,dc=com -objectClass: top -objectClass: sudoRole -cn: admins -sudoUser: %admin -sudoHost: ALL -sudoRunAsUser: ALL -sudoRunAsGroup: ALL -sudoCommand: ALL -sudoOption: !authenticate -.RE -.fi -.PP -This assumes that users john and sally are members of the -\(lqadmins\(rq -Unix group. -.SS "Sudoers schema" -In order to use -\fBsudo\fR's -LDAP support, the -\fBsudo\fR -schema must be -installed on your LDAP server. -In addition, be sure to index the -\fRsudoUser\fR -attribute. -.PP -The -\fBsudo\fR -distribution includes versions of the -\fBsudoers\fR -schema for multiple LDAP servers: -.TP 6n -\fIschema.OpenLDAP\fR -OpenLDAP slapd and -OpenBSD -ldapd -.TP 6n -\fIschema.olcSudo\fR -OpenLDAP slapd 2.3 and higher when on-line configuration is enabled -.TP 6n -\fIschema.iPlanet\fR -Netscape-derived servers such as the iPlanet, Oracle, -and 389 Directory Servers -.TP 6n -\fIschema.ActiveDirectory\fR -Microsoft Active Directory -.PP -The schema in OpenLDAP format is also included in the -\fIEXAMPLES\fR -section. -.SS "Configuring ldap.conf" -Sudo reads the -\fI@ldap_conf@\fR -file for LDAP-specific configuration. -Typically, this file is shared between different LDAP-aware clients. -As such, most of the settings are not -\fBsudo\fR-specific. -Note that -\fBsudo\fR -parses -\fI@ldap_conf@\fR -itself and may support options that differ from those described in the -system's -ldap.conf(@mansectform@) -manual. -The path to -\fIldap.conf\fR -may be overridden via the -\fIldap_conf\fR -plugin argument in -sudo.conf(@mansectform@). -.PP -Also note that on systems using the OpenLDAP libraries, default -values specified in -\fI/etc/openldap/ldap.conf\fR -or the user's -\fI.ldaprc\fR -files are not used. -.PP -\fBsudo\fR -supports a variety of LDAP library implementations, including -OpenLDAP, Netscape-derived (also used by Solaris and HP-UX), and -IBM LDAP (aka Tivoli). -Some options are specific to certain LDAP implementations or have -implementation-specific behavior. -These differences are noted below where applicable. -.PP -Only those options explicitly listed in -\fI@ldap_conf@\fR -as being supported by -\fBsudo\fR -are honored. -Configuration options are listed below in upper case but are parsed -in a case-independent manner. -.PP -Lines beginning with a pound sign -(\(oq#\(cq) -are ignored. -Leading white space is removed from the beginning of lines. -.TP 6n -\fBBIND_TIMELIMIT\fR \fIseconds\fR -The -\fBBIND_TIMELIMIT\fR -parameter specifies the amount of time, in seconds, to wait while trying -to connect to an LDAP server. -If multiple -\fBURI\fRs -or -\fBHOST\fRs -are specified, this is the amount of time to wait before trying -the next one in the list. -.TP 6n -\fBBINDDN\fR \fIDN\fR -The -\fBBINDDN\fR -parameter specifies the identity, in the form of a Distinguished Name (DN), -to use when performing LDAP operations. -If not specified, LDAP operations are performed with an anonymous identity. -By default, most LDAP servers will allow anonymous access. -.TP 6n -\fBBINDPW\fR \fIsecret\fR -The -\fBBINDPW\fR -parameter specifies the password to use when performing LDAP operations. -This is typically used in conjunction with the -\fBBINDDN\fR -parameter. -The -\fIsecret\fR -may be a plain text password or a base64-encoded string with a -\(lqbase64:\(rq -prefix. -For example: -.nf -.sp -.RS 10n -BINDPW base64:dGVzdA== -.RE -.fi -.RS 6n -.sp -If a plain text password is used, it should be a simple string without quotes. -Plain text passwords may not include the comment character -(\(oq#\(cq) -and the escaping of special characters with a backslash -(\(oq\e\(cq) -is not supported. -.RE -.TP 6n -\fBDEREF\fR \fInever/searching/finding/always\fR -How alias dereferencing is to be performed when searching. -See the -ldap.conf(@mansectform@) -manual for a full description of this option. -.TP 6n -\fBHOST\fR \fIname[:port] ...\fR -If no -\fBURI\fR -is specified (see below), the -\fBHOST\fR -parameter specifies a white space-delimited list of LDAP servers to connect to. -Each host may include an optional -\fIport\fR -separated by a colon -(\(oq:\&\(cq). -The -\fBHOST\fR -parameter is deprecated in favor of the -\fBURI\fR -specification and is included for backward compatibility only. -.TP 6n -\fBKRB5_CCNAME\fR \fIfile name\fR -The path to the Kerberos 5 credential cache to use when authenticating -with the remote server. -.sp -This option is only relevant when using SASL authentication (see below). -.TP 6n -\fBLDAP_VERSION\fR \fInumber\fR -The version of the LDAP protocol to use when connecting to the server. -The default value is protocol version 3. -.TP 6n -\fBNETGROUP_BASE\fR \fIbase\fR -The base DN to use when performing LDAP netgroup queries. -Typically this is of the form -\fRou=netgroup,dc=my-domain,dc=com\fR -for the domain -\fRmy-domain.com\fR. -Multiple -\fBNETGROUP_BASE\fR -lines may be specified, in which case they are queried in the order specified. -.sp -This option can be used to query a user's netgroups directly via LDAP -which is usually faster than fetching every -\fRsudoRole\fR -object containing a -\fRsudoUser\fR -that begins with a -\(oq+\(cq -prefix. -The NIS schema used by some LDAP servers need a modification to -support querying the -\fRnisNetgroup\fR -object by its -\fRnisNetgroupTriple\fR -member. -OpenLDAP's -\fBslapd\fR -requires the following change to the -\fRnisNetgroupTriple\fR -attribute: -.nf -.sp -.RS 10n -attributetype ( 1.3.6.1.1.1.1.14 NAME 'nisNetgroupTriple' - DESC 'Netgroup triple' - EQUALITY caseIgnoreIA5Match - SUBSTR caseIgnoreIA5SubstringsMatch - SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) -.RE -.fi -.TP 6n -\fBNETGROUP_SEARCH_FILTER\fR \fIldap_filter\fR -An LDAP filter which is used to restrict the set of records returned -when performing an LDAP netgroup query. -Typically, this is of the -form -\fRattribute=value\fR -or -\fR(&(attribute=value)(attribute2=value2))\fR. -The default search filter is: -\fRobjectClass=nisNetgroup\fR. -If -\fIldap_filter\fR -is omitted, no search filter will be used. -.sp -This option is only used when querying netgroups directly via LDAP. -.TP 6n -\fBNETWORK_TIMEOUT\fR \fIseconds\fR -An alias for -\fBBIND_TIMELIMIT\fR -provided for OpenLDAP compatibility. -.TP 6n -\fBPORT\fR \fIport_number\fR -If no -\fBURI\fR -is specified, the -\fBPORT\fR -parameter specifies the default port to connect to on the LDAP server if a -\fBHOST\fR -parameter does not specify the port itself. -If no -\fBPORT\fR -parameter is used, the default is port 389 for LDAP and port 636 for LDAP -over TLS (SSL). -The -\fBPORT\fR -parameter is deprecated in favor of the -\fBURI\fR -specification and is included for backward compatibility only. -.TP 6n -\fBROOTBINDDN\fR \fIDN\fR -The -\fBROOTBINDDN\fR -parameter specifies the identity, in the form of a Distinguished Name (DN), -to use when performing privileged LDAP operations, such as -\fIsudoers\fR -queries. -The password corresponding to the identity should be stored in the -or the path specified by the -\fIldap_secret\fR -plugin argument in -sudo.conf(@mansectform@), -which defaults to -\fI@ldap_secret@\fR. -If no -\fBROOTBINDDN\fR -is specified, the -\fBBINDDN\fR -identity is used (if any). -.TP 6n -\fBROOTUSE_SASL\fR \fIon/true/yes/off/false/no\fR -Enable -\fBROOTUSE_SASL\fR -to enable SASL authentication when connecting -to an LDAP server from a privileged process, such as -\fBsudo\fR. -.TP 6n -\fBSASL_AUTH_ID\fR \fIidentity\fR -The SASL user name to use when connecting to the LDAP server. -By default, -\fBsudo\fR -will use an anonymous connection. -.sp -This option is only relevant when using SASL authentication. -.TP 6n -\fBSASL_MECH\fR \fImechanisms\fR -A white space-delimited list of SASL authentication mechanisms to use. -By default, -\fBsudo\fR -will use -\fRGSSAPI\fR -authentication. -.TP 6n -\fBSASL_SECPROPS\fR \fInone/properties\fR -SASL security properties or -\fInone\fR -for no properties. -See the SASL programmer's manual for details. -.sp -This option is only relevant when using SASL authentication. -.TP 6n -\fBSSL\fR \fIon/true/yes/off/false/no\fR -If the -\fBSSL\fR -parameter is set to -\fRon\fR, -\fRtrue\fR -\fRor\fR -\fRyes\fR, -TLS (SSL) encryption is always used when communicating with the LDAP server. -Typically, this involves connecting to the server on port 636 (ldaps). -.TP 6n -\fBSSL\fR \fIstart_tls\fR -If the -\fBSSL\fR -parameter is set to -\fRstart_tls\fR, -the LDAP server connection is initiated normally and TLS encryption is -begun before the bind credentials are sent. -This has the advantage of not requiring a dedicated port for encrypted -communications. -This parameter is only supported by LDAP servers that honor the -\fIstart_tls\fR -extension, such as the OpenLDAP and IBM Tivoli Directory servers. -.TP 6n -\fBSUDOERS_BASE\fR \fIbase\fR -The base DN to use when performing -\fBsudo\fR -LDAP queries. -Typically this is of the form -\fRou=SUDOers,dc=my-domain,dc=com\fR -for the domain -\fRmy-domain.com\fR. -Multiple -\fBSUDOERS_BASE\fR -lines may be specified, in which case they are queried in the order specified. -.TP 6n -\fBSUDOERS_DEBUG\fR \fIdebug_level\fR -This sets the debug level for -\fBsudo\fR -LDAP queries. -Debugging information is printed to the standard error. -A value of 1 results in a moderate amount of debugging information. -A value of 2 shows the results of the matches themselves. -This parameter should not be set in a production environment as the -extra information is likely to confuse users. -.sp -The -\fBSUDOERS_DEBUG\fR -parameter is deprecated and will be removed in a future release. -The same information is now logged via the -\fBsudo\fR -debugging framework using the -\(lqldap\(rq -subsystem at priorities -\fIdiag\fR -and -\fIinfo\fR -for -\fIdebug_level\fR -values 1 and 2 respectively. -See the -sudo.conf(@mansectform@) -manual for details on how to configure -\fBsudo\fR -debugging. -.TP 6n -\fBSUDOERS_SEARCH_FILTER\fR \fIldap_filter\fR -An LDAP filter which is used to restrict the set of records returned -when performing a -\fBsudo\fR -LDAP query. -Typically, this is of the -form -\fRattribute=value\fR -or -\fR(&(attribute=value)(attribute2=value2))\fR. -The default search filter is: -\fRobjectClass=sudoRole\fR. -If -\fIldap_filter\fR -is omitted, no search filter will be used. -.TP 6n -\fBSUDOERS_TIMED\fR \fIon/true/yes/off/false/no\fR -Whether or not to evaluate the -\fRsudoNotBefore\fR -and -\fRsudoNotAfter\fR -attributes that implement time-dependent sudoers entries. -.TP 6n -\fBTIMELIMIT\fR \fIseconds\fR -The -\fBTIMELIMIT\fR -parameter specifies the amount of time, in seconds, to wait for a -response to an LDAP query. -.TP 6n -\fBTIMEOUT\fR \fIseconds\fR -The -\fBTIMEOUT\fR -parameter specifies the amount of time, in seconds, to wait for a -response from the various LDAP APIs. -.TP 6n -\fBTLS_CACERT\fR \fIfile name\fR -An alias for -\fBTLS_CACERTFILE\fR -for OpenLDAP compatibility. -.TP 6n -\fBTLS_CACERTFILE\fR \fIfile name\fR -The path to a certificate authority bundle which contains the certificates -for all the Certificate Authorities the client knows to be valid, e.g., -\fI/etc/ssl/ca-bundle.pem\fR. -.sp -This option is only supported by the OpenLDAP libraries. -Netscape-derived LDAP libraries use the same certificate -database for CA and client certificates (see -\fBTLS_CERT\fR). -.TP 6n -\fBTLS_CACERTDIR\fR \fIdirectory\fR -Similar to -\fBTLS_CACERTFILE\fR -but instead of a file, it is a directory containing individual -Certificate Authority certificates, e.g., -\fI/etc/ssl/certs\fR. -The directory specified by -\fBTLS_CACERTDIR\fR -is checked after -\fBTLS_CACERTFILE\fR. -.sp -This option is only supported by the OpenLDAP libraries. -.TP 6n -\fBTLS_CERT\fR \fIfile name\fR -The path to a file containing the client certificate which can -be used to authenticate the client to the LDAP server. -The certificate type depends on the LDAP libraries used. -.PP -.RS 6n -.PD 0 -.TP 6n -OpenLDAP: -\fRtls_cert /etc/ssl/client_cert.pem\fR -.PD -.TP 6n -Netscape-derived: -\fRtls_cert /var/ldap/cert7.db\fR -.TP 6n -IBM LDAP: -Unused, the key database specified by -\fBTLS_KEY\fR -contains both keys and certificates. -.PP -When using Netscape-derived libraries, this file may also contain -Certificate Authority certificates. -.RE -.TP 6n -\fBTLS_CHECKPEER\fR \fIon/true/yes/off/false/no\fR -If enabled, -\fBTLS_CHECKPEER\fR -will cause the LDAP server's TLS certificated to be verified. -If the server's TLS certificate cannot be verified (usually because it -is signed by an unknown certificate authority), -\fBsudo\fR -will be unable to connect to it. -If -\fBTLS_CHECKPEER\fR -is disabled, no check is made. -Note that disabling the check creates an opportunity for man-in-the-middle -attacks since the server's identity will not be authenticated. -If possible, the CA's certificate should be installed locally so it can -be verified. -.sp -This option is not supported by the IBM LDAP libraries. -.TP 6n -\fBTLS_KEY\fR \fIfile name\fR -The path to a file containing the private key which matches the -certificate specified by -\fBTLS_CERT\fR. -The private key must not be password-protected. -The key type depends on the LDAP libraries used. -.PP -.RS 6n -.PD 0 -.TP 6n -OpenLDAP: -\fRtls_key /etc/ssl/client_key.pem\fR -.PD -.TP 6n -Netscape-derived: -\fRtls_key /var/ldap/key3.db\fR -.TP 6n -IBM LDAP: -\fRtls_key /usr/ldap/ldapkey.kdb\fR -.PP -When using IBM LDAP libraries, this file may also contain -Certificate Authority and client certificates and may be encrypted. -.RE -.TP 6n -\fBTLS_CIPHERS\fR \fIcipher list\fR -The -\fBTLS_CIPHERS\fR -parameter allows the administer to restrict which encryption algorithms -may be used for TLS (SSL) connections. -See the OpenLDAP or IBM Tivoli Directory Server manual for a list of valid -ciphers. -.sp -This option is not supported by Netscape-derived libraries. -.TP 6n -\fBTLS_KEYPW\fR \fIsecret\fR -The -\fBTLS_KEYPW\fR -contains the password used to decrypt the key database on clients -using the IBM LDAP library. -The -\fIsecret\fR -may be a plain text password or a base64-encoded string with a -\(lqbase64:\(rq -prefix. -For example: -.nf -.sp -.RS 10n -TLS_KEYPW base64:dGVzdA== -.RE -.fi -.RS 6n -.sp -If a plain text password is used, it should be a simple string without quotes. -Plain text passwords may not include the comment character -(\(oq#\(cq) -and the escaping of special characters with a backslash -(\(oq\e\(cq) -is not supported. -If this option is used, -\fI@ldap_conf@\fR -must not be world-readable to avoid exposing the password. -Alternately, a -\fIstash file\fR -can be used to store the password in encrypted form (see below). -.sp -If no -\fBTLS_KEYPW\fR -is specified, a -\fIstash file\fR -will be used if it exists. -The -\fIstash file\fR -must have the same path as the file specified by -\fBTLS_KEY\fR, -but use a -\fR.sth\fR -file extension instead of -\fR.kdb\fR, -e.g., -\fRldapkey.sth\fR. -The default -\fRldapkey.kdb\fR -that ships with the IBM Tivoli Directory Server is encrypted with the password -\fRssl_password\fR. -The -\fIgsk8capicmd\fR -utility can be used to manage the key database and create a -\fIstash file\fR. -.sp -This option is only supported by the IBM LDAP libraries. -.RE -.TP 6n -\fBTLS_REQCERT\fR \fIlevel\fR -The -\fBTLS_REQCERT\fR -parameter controls how the LDAP server's TLS certificated will be -verified (if at all). -If the server's TLS certificate cannot be verified (usually because it -is signed by an unknown certificate authority), -\fBsudo\fR -will be unable to connect to it. -The following -\fIlevel\fR -values are supported: -.RS 10n -.TP 10n -never -The server certificate will not be requested or checked. -.TP 10n -allow -The server certificate will be requested. -A missing or invalid certificate is ignored and not considered an error. -.TP 10n -try -The server certificate will be requested. -A missing certificate is ignored but an invalid certificate will -result in a connection error. -.TP 10n -demand | \fIhard\fR -The server certificate will be requested. -A missing or invalid certificate will result in a connection error. -This is the default behavior. -.RE -.RS 6n -.sp -This option is only supported by the OpenLDAP libraries. -Other LDAP libraries only support the -\fBTLS_CHECKPEER\fR -parameter. -.RE -.TP 6n -\fBTLS_RANDFILE\fR \fIfile name\fR -The -\fBTLS_RANDFILE\fR -parameter specifies the path to an entropy source for systems that lack -a random device. -It is generally used in conjunction with -\fIprngd\fR -or -\fIegd\fR. -.sp -This option is only supported by the OpenLDAP libraries. -.TP 6n -\fBURI\fR \fIldap[s]://[hostname[:port]] ...\fR -Specifies a white space-delimited list of one or more URIs describing -the LDAP server(s) to connect to. -The -\fIprotocol\fR -may be either -\fIldap\fR -\fIldaps\fR, -the latter being for servers that support TLS (SSL) encryption. -If no -\fIport\fR -is specified, the default is port 389 for -\fRldap://\fR -or port 636 for -\fRldaps://\fR. -If no -\fIhostname\fR -is specified, -\fBsudo\fR -will connect to -\fIlocalhost\fR. -Multiple -\fBURI\fR -lines are treated identically to a -\fBURI\fR -line containing multiple entries. -Only systems using the OpenSSL libraries support the mixing of -\fRldap://\fR -and -\fRldaps://\fR -URIs. -Both the Netscape-derived and IBM LDAP libraries used on most commercial -versions of Unix are only capable of supporting one or the other. -.TP 6n -\fBUSE_SASL\fR \fIon/true/yes/off/false/no\fR -Enable -\fBUSE_SASL\fR -for LDAP servers that support SASL authentication. -.TP 6n -\fBROOTSASL_AUTH_ID\fR \fIidentity\fR -The SASL user name to use when -\fBROOTUSE_SASL\fR -is enabled. -.PP -See the -\fIldap.conf\fR -entry in the -\fIEXAMPLES\fR -section. -.SS "Configuring nsswitch.conf" -Unless it is disabled at build time, -\fBsudo\fR -consults the Name Service Switch file, -\fI@nsswitch_conf@\fR, -to specify the -\fIsudoers\fR -search order. -Sudo looks for a line beginning with -\fRsudoers\fR: -and uses this to determine the search order. -Note that -\fBsudo\fR -does -not stop searching after the first match and later matches take -precedence over earlier ones. -The following sources are recognized: -.PP -.RS 4n -.PD 0 -.TP 10n -files -read sudoers from -\fI@sysconfdir@/sudoers\fR -.TP 10n -ldap -read sudoers from LDAP -.RE -.PD -.PP -In addition, the entry -\fR[NOTFOUND=return]\fR -will short-circuit the search if the user was not found in the -preceding source. -.PP -To consult LDAP first followed by the local sudoers file (if it -exists), use: -.nf -.sp -.RS 4n -sudoers: ldap files -.RE -.fi -.PP -The local -\fIsudoers\fR -file can be ignored completely by using: -.nf -.sp -.RS 4n -sudoers: ldap -.RE -.fi -.PP -If the -\fI@nsswitch_conf@\fR -file is not present or there is no sudoers line, the following -default is assumed: -.nf -.sp -.RS 4n -sudoers: files -.RE -.fi -.PP -Note that -\fI@nsswitch_conf@\fR -is supported even when the underlying operating system does not use -an nsswitch.conf file, except on AIX (see below). -.SS "Configuring netsvc.conf" -On AIX systems, the -\fI@netsvc_conf@\fR -file is consulted instead of -\fI@nsswitch_conf@\fR. -\fBsudo\fR -simply treats -\fInetsvc.conf\fR -as a variant of -\fInsswitch.conf\fR; -information in the previous section unrelated to the file format -itself still applies. -.PP -To consult LDAP first followed by the local sudoers file (if it -exists), use: -.nf -.sp -.RS 4n -sudoers = ldap, files -.RE -.fi -.PP -The local -\fIsudoers\fR -file can be ignored completely by using: -.nf -.sp -.RS 4n -sudoers = ldap -.RE -.fi -.PP -To treat LDAP as authoritative and only use the local sudoers file -if the user is not present in LDAP, use: -.nf -.sp -.RS 4n -sudoers = ldap = auth, files -.RE -.fi -.PP -Note that in the above example, the -\fRauth\fR -qualifier only affects user lookups; both LDAP and -\fIsudoers\fR -will be queried for -\fRDefaults\fR -entries. -.PP -If the -\fI@netsvc_conf@\fR -file is not present or there is no sudoers line, the following -default is assumed: -.nf -.sp -.RS 4n -sudoers = files -.RE -.fi -.SS "Integration with sssd" -On systems with the -\fISystem Security Services Daemon\fR -(SSSD) and where -\fBsudo\fR -has been built with SSSD support, -it is possible to use SSSD to cache LDAP -\fIsudoers\fR -rules. -To use SSSD as the -\fIsudoers\fR -source, you should use -\fRsss\fR -instead of -\fRldap\fR -for the sudoers entry in -\fI@nsswitch_conf@\fR. -Note that the -\fI@ldap_conf@\fR -file is not used by the SSSD -\fBsudo\fR -back end. -Please see -sssd-sudo(@mansectform@) -for more information on configuring -\fBsudo\fR -to work with SSSD. -.SH "FILES" -.TP 26n -\fI@ldap_conf@\fR -LDAP configuration file -.TP 26n -\fI@nsswitch_conf@\fR -determines sudoers source order -.TP 26n -\fI@netsvc_conf@\fR -determines sudoers source order on AIX -.SH "EXAMPLES" -.SS "Example ldap.conf" -.nf -.RS 2n -# Either specify one or more URIs or one or more host:port pairs. -# If neither is specified sudo will default to localhost, port 389. -# -#host ldapserver -#host ldapserver1 ldapserver2:390 -# -# Default port if host is specified without one, defaults to 389. -#port 389 -# -# URI will override the host and port settings. -uri ldap://ldapserver -#uri ldaps://secureldapserver -#uri ldaps://secureldapserver ldap://ldapserver -# -# The amount of time, in seconds, to wait while trying to connect to -# an LDAP server. -bind_timelimit 30 -# -# The amount of time, in seconds, to wait while performing an LDAP query. -timelimit 30 -# -# Must be set or sudo will ignore LDAP; may be specified multiple times. -sudoers_base ou=SUDOers,dc=my-domain,dc=com -# -# verbose sudoers matching from ldap -#sudoers_debug 2 -# -# Enable support for time-based entries in sudoers. -#sudoers_timed yes -# -# optional proxy credentials -#binddn -#bindpw -#rootbinddn -# -# LDAP protocol version, defaults to 3 -#ldap_version 3 -# -# Define if you want to use an encrypted LDAP connection. -# Typically, you must also set the port to 636 (ldaps). -#ssl on -# -# Define if you want to use port 389 and switch to -# encryption before the bind credentials are sent. -# Only supported by LDAP servers that support the start_tls -# extension such as OpenLDAP. -#ssl start_tls -# -# Additional TLS options follow that allow tweaking of the -# SSL/TLS connection. -# -#tls_checkpeer yes # verify server SSL certificate -#tls_checkpeer no # ignore server SSL certificate -# -# If you enable tls_checkpeer, specify either tls_cacertfile -# or tls_cacertdir. Only supported when using OpenLDAP. -# -#tls_cacertfile /etc/certs/trusted_signers.pem -#tls_cacertdir /etc/certs -# -# For systems that don't have /dev/random -# use this along with PRNGD or EGD.pl to seed the -# random number pool to generate cryptographic session keys. -# Only supported when using OpenLDAP. -# -#tls_randfile /etc/egd-pool -# -# You may restrict which ciphers are used. Consult your SSL -# documentation for which options go here. -# Only supported when using OpenLDAP. -# -#tls_ciphers -# -# Sudo can provide a client certificate when communicating to -# the LDAP server. -# Tips: -# * Enable both lines at the same time. -# * Do not password protect the key file. -# * Ensure the keyfile is only readable by root. -# -# For OpenLDAP: -#tls_cert /etc/certs/client_cert.pem -#tls_key /etc/certs/client_key.pem -# -# For Netscape-derived LDAP, tls_cert and tls_key may specify either -# a directory, in which case the files in the directory must have the -# default names (e.g., cert8.db and key4.db), or the path to the cert -# and key files themselves. However, a bug in version 5.0 of the LDAP -# SDK will prevent specific file names from working. For this reason -# it is suggested that tls_cert and tls_key be set to a directory, -# not a file name. -# -# The certificate database specified by tls_cert may contain CA certs -# and/or the client's cert. If the client's cert is included, tls_key -# should be specified as well. -# For backward compatibility, "sslpath" may be used in place of tls_cert. -#tls_cert /var/ldap -#tls_key /var/ldap -# -# If using SASL authentication for LDAP (OpenSSL) -# use_sasl yes -# sasl_auth_id -# rootuse_sasl yes -# rootsasl_auth_id -# sasl_secprops none -# krb5_ccname /etc/.ldapcache -.RE -.fi -.SS "Sudoers schema for OpenLDAP" -The following schema, in OpenLDAP format, is included with -\fBsudo\fR -source and binary distributions as -\fIschema.OpenLDAP\fR. -Simply copy -it to the schema directory (e.g., -\fI/etc/openldap/schema\fR), -add the proper -\fRinclude\fR -line in -\fIslapd.conf\fR -and restart -\fBslapd\fR. -Sites using the optional on-line configuration supported by OpenLDAP 2.3 -and higher should apply the -\fIschema.olcSudo\fR -file instead. -.nf -.sp -.RS 2n -attributetype ( 1.3.6.1.4.1.15953.9.1.1 - NAME 'sudoUser' - DESC 'User(s) who may run sudo' - EQUALITY caseExactIA5Match - SUBSTR caseExactIA5SubstringsMatch - SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) - -attributetype ( 1.3.6.1.4.1.15953.9.1.2 - NAME 'sudoHost' - DESC 'Host(s) who may run sudo' - EQUALITY caseExactIA5Match - SUBSTR caseExactIA5SubstringsMatch - SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) - -attributetype ( 1.3.6.1.4.1.15953.9.1.3 - NAME 'sudoCommand' - DESC 'Command(s) to be executed by sudo' - EQUALITY caseExactIA5Match - SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) - -attributetype ( 1.3.6.1.4.1.15953.9.1.4 - NAME 'sudoRunAs' - DESC 'User(s) impersonated by sudo' - EQUALITY caseExactIA5Match - SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) - -attributetype ( 1.3.6.1.4.1.15953.9.1.5 - NAME 'sudoOption' - DESC 'Options(s) followed by sudo' - EQUALITY caseExactIA5Match - SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) - -attributetype ( 1.3.6.1.4.1.15953.9.1.6 - NAME 'sudoRunAsUser' - DESC 'User(s) impersonated by sudo' - EQUALITY caseExactIA5Match - SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) - -attributetype ( 1.3.6.1.4.1.15953.9.1.7 - NAME 'sudoRunAsGroup' - DESC 'Group(s) impersonated by sudo' - EQUALITY caseExactIA5Match - SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) - -attributetype ( 1.3.6.1.4.1.15953.9.1.8 - NAME 'sudoNotBefore' - DESC 'Start of time interval for which the entry is valid' - EQUALITY generalizedTimeMatch - ORDERING generalizedTimeOrderingMatch - SYNTAX 1.3.6.1.4.1.1466.115.121.1.24 ) - -attributetype ( 1.3.6.1.4.1.15953.9.1.9 - NAME 'sudoNotAfter' - DESC 'End of time interval for which the entry is valid' - EQUALITY generalizedTimeMatch - ORDERING generalizedTimeOrderingMatch - SYNTAX 1.3.6.1.4.1.1466.115.121.1.24 ) - -attributetype ( 1.3.6.1.4.1.15953.9.1.10 - NAME 'sudoOrder' - DESC 'an integer to order the sudoRole entries' - EQUALITY integerMatch - ORDERING integerOrderingMatch - SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 ) - -objectclass ( 1.3.6.1.4.1.15953.9.2.1 NAME 'sudoRole' SUP top STRUCTURAL - DESC 'Sudoer Entries' - MUST ( cn ) - MAY ( sudoUser $ sudoHost $ sudoCommand $ sudoRunAs $ sudoRunAsUser $ - sudoRunAsGroup $ sudoOption $ sudoNotBefore $ sudoNotAfter $ - sudoOrder $ description ) - ) -.RE -.fi -.SH "SEE ALSO" -cvtsudoers(1), -ldap.conf(@mansectform@), -sssd-sudo(@mansectform@), -sudo.conf(@mansectform@), -sudoers(@mansectform@) -.SH "AUTHORS" -Many people have worked on -\fBsudo\fR -over the years; this version consists of code written primarily by: -.sp -.RS 6n -Todd C. Miller -.RE -.PP -See the CONTRIBUTORS file in the -\fBsudo\fR -distribution (https://www.sudo.ws/contributors.html) for an -exhaustive list of people who have contributed to -\fBsudo\fR. -.SH "CAVEATS" -Note that there are differences in the way that LDAP-based -\fIsudoers\fR -is parsed compared to file-based -\fIsudoers\fR. -See the -\fIDifferences between LDAP and non-LDAP sudoers\fR -section for more information. -.SH "BUGS" -If you feel you have found a bug in -\fBsudo\fR, -please submit a bug report at https://bugzilla.sudo.ws/ -.SH "SUPPORT" -Limited free support is available via the sudo-users mailing list, -see https://www.sudo.ws/mailman/listinfo/sudo-users to subscribe or -search the archives. -.SH "DISCLAIMER" -\fBsudo\fR -is provided -\(lqAS IS\(rq -and any express or implied warranties, including, but not limited -to, the implied warranties of merchantability and fitness for a -particular purpose are disclaimed. -See the LICENSE file distributed with -\fBsudo\fR -or https://www.sudo.ws/license.html for complete details. diff -Nru sudo-1.9.5p2/doc/sudoers.ldap.mdoc.in sudo-1.9.9/doc/sudoers.ldap.mdoc.in --- sudo-1.9.5p2/doc/sudoers.ldap.mdoc.in 2020-12-17 01:33:43.000000000 +0000 +++ sudo-1.9.9/doc/sudoers.ldap.mdoc.in 1970-01-01 00:00:00.000000000 +0000 @@ -1,1588 +0,0 @@ -.\" -.\" SPDX-License-Identifier: ISC -.\" -.\" Copyright (c) 2003-2020 Todd C. Miller -.\" -.\" Permission to use, copy, modify, and distribute this software for any -.\" purpose with or without fee is hereby granted, provided that the above -.\" copyright notice and this permission notice appear in all copies. -.\" -.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES -.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF -.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR -.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES -.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN -.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF -.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. -.\" -.Dd October 29, 2020 -.Dt SUDOERS.LDAP @mansectform@ -.Os Sudo @PACKAGE_VERSION@ -.Sh NAME -.Nm sudoers.ldap -.Nd sudo LDAP configuration -.Sh DESCRIPTION -In addition to the standard -.Em sudoers -file, -.Nm sudo -may be configured -via LDAP. -This can be especially useful for synchronizing -.Em sudoers -in a large, distributed environment. -.Pp -Using LDAP for -.Em sudoers -has several benefits: -.Bl -bullet -width 1n -.It -.Nm sudo -no longer needs to read -.Em sudoers -in its entirety. -When LDAP is used, there are only two or three LDAP queries per invocation. -This makes it especially fast and particularly usable in LDAP environments. -.It -.Nm sudo -no longer exits if there is a typo in -.Em sudoers . -It is not possible to load LDAP data into the server that does -not conform to the sudoers schema, so proper syntax is guaranteed. -It is still possible to have typos in a user or host name, but -this will not prevent -.Nm sudo -from running. -.It -It is possible to specify per-entry options that override the global -default options. -.Pa @sysconfdir@/sudoers -only supports default options and limited options associated with -user/host/commands/aliases. -The syntax is complicated and can be difficult for users to understand. -Placing the options directly in the entry is more natural. -.It -The -.Nm visudo -program is no longer needed. -.Nm visudo -provides locking and syntax checking of the -.Pa @sysconfdir@/sudoers -file. -Since LDAP updates are atomic, locking is no longer necessary. -Because syntax is checked when the data is inserted into LDAP, there -is no need for a specialized tool to check syntax. -.El -.Ss SUDOers LDAP container -The -.Em sudoers -configuration is contained in the -.Li ou=SUDOers -LDAP container. -.Pp -Sudo first looks for the -.Li cn=defaults -entry in the SUDOers container. -If found, the multi-valued -.Li sudoOption -attribute is parsed in the same manner as a global -.Li Defaults -line in -.Pa @sysconfdir@/sudoers . -In the following example, the -.Ev SSH_AUTH_SOCK -variable will be preserved in the environment for all users. -.Bd -literal -offset 4n -dn: cn=defaults,ou=SUDOers,dc=my-domain,dc=com -objectClass: top -objectClass: sudoRole -cn: defaults -description: Default sudoOption's go here -sudoOption: env_keep+=SSH_AUTH_SOCK -.Ed -.Pp -The equivalent of a sudoer in LDAP is a -.Li sudoRole . -It consists of the following attributes: -.Bl -tag -width 4n -.It Sy sudoUser -A user name, user-ID (prefixed with -.Ql # ) , -Unix group name or ID (prefixed with -.Ql % -or -.Ql %# -respectively), user netgroup (prefixed with -.Ql + ) , -or non-Unix group name or ID (prefixed with -.Ql %: -or -.Ql %:# -respectively). -User netgroups are matched using the user and domain members only; -the host member is not used when matching. -Non-Unix group support is only available when an appropriate -.Em group_plugin -is defined in the global -.Em defaults -.Li sudoRole -object. -.It Sy sudoHost -A host name, IP address, IP network, or host netgroup (prefixed with a -.Ql + ) . -The special value -.Li ALL -will match any host. -Host netgroups are matched using the host (both qualified and unqualified) -and domain members only; the user member is not used when matching. -If a -.Li sudoHost -entry is preceded by an exclamation point, -.Ql \&! , -and the entry matches, the -.Li sudoRole -in which it resides will be ignored. -Negated -.Li sudoHost -entries are only supported by version 1.8.18 or higher. -.It Sy sudoCommand -A fully-qualified Unix command name with optional command line arguments, -potentially including globbing characters (aka wild cards). -If a command name is preceded by an exclamation point, -.Ql \&! , -the user will be prohibited from running that command. -.Pp -The built-in command -.Dq Li sudoedit -is used to permit a user to run -.Nm sudo -with the -.Fl e -option (or as -.Nm sudoedit ) . -It may take command line arguments just as a normal command does. -Note that -.Dq Li sudoedit -is a command built into -.Nm sudo -itself and must be specified in without a leading path. -.Pp -The special value -.Li ALL -will match any command. -.Pp -If a command name is prefixed with a SHA-2 digest, it will -only be allowed if the digest matches. -This may be useful in situations where the user invoking -.Nm sudo -has write access to the command or its parent directory. -The following digest formats are supported: sha224, sha256, sha384 and sha512. -The digest name must be followed by a colon -.Pq Ql :\& -and then the actual digest, in either hex or base64 format. -For example, given the following value for sudoCommand: -.Bd -literal -offset 4n -sha224:0GomF8mNN3wlDt1HD9XldjJ3SNgpFdbjO1+NsQ /bin/ls -.Ed -.Pp -The user may only run -.Pa /bin/ls -if its sha224 digest matches the specified value. -Command digests are only supported by version 1.8.7 or higher. -.It Sy sudoOption -Identical in function to the global options described above, but -specific to the -.Li sudoRole -in which it resides. -.It Sy sudoRunAsUser -A user name or uid (prefixed with -.Ql # ) -that commands may be run as or a Unix group (prefixed with a -.Ql % ) -or user netgroup (prefixed with a -.Ql + ) -that contains a list of users that commands may be run as. -The special value -.Li ALL -will match any user. -If a -.Li sudoRunAsUser -entry is preceded by an exclamation point, -.Ql \&! , -and the entry matches, the -.Li sudoRole -in which it resides will be ignored. -If -.Li sudoRunAsUser -is specified but empty, it will match the invoking user. -If neither -.Li sudoRunAsUser -nor -.Li sudoRunAsGroup -are present, the value of the -.Em runas_default -.Li sudoOption -is used (defaults to -.Li @runas_default@ ) . -.Pp -The -.Li sudoRunAsUser -attribute is only available in -.Nm sudo -versions -1.7.0 and higher. -Older versions of -.Nm sudo -use the -.Li sudoRunAs -attribute instead. -Negated -.Li sudoRunAsUser -entries are only supported by version 1.8.26 or higher. -.It Sy sudoRunAsGroup -A Unix group or gid (prefixed with -.Ql # ) -that commands may be run as. -The special value -.Li ALL -will match any group. -If a -.Li sudoRunAsGroup -entry is preceded by an exclamation point, -.Ql \&! , -and the entry matches, the -.Li sudoRole -in which it resides will be ignored. -.Pp -The -.Li sudoRunAsGroup -attribute is only available in -.Nm sudo -versions -1.7.0 and higher. -Negated -.Li sudoRunAsGroup -entries are only supported by version 1.8.26 or higher. -.It Sy sudoNotBefore -A timestamp in the form -.Li yyyymmddHHMMSSZ -that can be used to provide a start date/time for when the -.Li sudoRole -will be valid. -If multiple -.Li sudoNotBefore -entries are present, the earliest is used. -Note that timestamps must be in Coordinated Universal Time (UTC), -not the local timezone. -The minute and seconds portions are optional, but some LDAP servers -require that they be present (contrary to the RFC). -.Pp -The -.Li sudoNotBefore -attribute is only available in -.Nm sudo -versions 1.7.5 and higher and must be explicitly enabled via the -.Sy SUDOERS_TIMED -option in -.Pa @ldap_conf@ . -.It Sy sudoNotAfter -A timestamp in the form -.Li yyyymmddHHMMSSZ -that indicates an expiration date/time, after which the -.Li sudoRole -will no longer be valid. -If multiple -.Li sudoNotAfter -entries are present, the last one is used. -Note that timestamps must be in Coordinated Universal Time (UTC), -not the local timezone. -The minute and seconds portions are optional, but some LDAP servers -require that they be present (contrary to the RFC). -.Pp -The -.Li sudoNotAfter -attribute is only available in -.Nm sudo -versions -1.7.5 and higher and must be explicitly enabled via the -.Sy SUDOERS_TIMED -option in -.Pa @ldap_conf@ . -.It Sy sudoOrder -The -.Li sudoRole -entries retrieved from the LDAP directory have no inherent order. -The -.Li sudoOrder -attribute is an integer (or floating point value for LDAP servers -that support it) that is used to sort the matching entries. -This allows LDAP-based sudoers entries to more closely mimic the behavior -of the sudoers file, where the order of the entries influences the result. -If multiple entries match, the entry with the highest -.Li sudoOrder -attribute is chosen. -This corresponds to the -.Dq last match -behavior of the sudoers file. -If the -.Li sudoOrder -attribute is not present, a value of 0 is assumed. -.Pp -The -.Li sudoOrder -attribute is only available in -.Nm sudo -versions 1.7.5 and higher. -.El -.Pp -Each attribute listed above should contain a single value, but there -may be multiple instances of each attribute type. -A -.Li sudoRole -must contain at least one -.Li sudoUser , -.Li sudoHost -and -.Li sudoCommand . -.Pp -The following example allows users in group wheel to run any command -on any host via -.Nm sudo : -.Bd -literal -offset 4n -dn: cn=%wheel,ou=SUDOers,dc=my-domain,dc=com -objectClass: top -objectClass: sudoRole -cn: %wheel -sudoUser: %wheel -sudoHost: ALL -sudoCommand: ALL -.Ed -.Ss Anatomy of LDAP sudoers lookup -When looking up a sudoer using LDAP there are only two or three -LDAP queries per invocation. -The first query is to parse the global options. -The second is to match against the user's name and the groups that -the user belongs to. -(The special -.Li ALL -tag is matched in this query too.) -If no match is returned for the user's name and groups, a third -query returns all entries containing user netgroups and other -non-Unix groups and checks to see if the user belongs to any of them. -.Pp -If timed entries are enabled with the -.Sy SUDOERS_TIMED -configuration directive, the LDAP queries include a sub-filter that -limits retrieval to entries that satisfy the time constraints, if any. -.Pp -If the -.Sy NETGROUP_BASE -configuration directive is present (see -.Sx Configuring ldap.conf -below), queries are performed to determine -the list of netgroups the user belongs to before the sudoers query. -This makes it possible to include netgroups in the sudoers query -string in the same manner as Unix groups. -The third query mentioned above is not performed unless a group provider -plugin is also configured. -The actual LDAP queries performed by -.Nm sudo -are as follows: -.Bl -enum -.It -Match all -.Li nisNetgroup -records with a -.Li nisNetgroupTriple -containing the user, host and NIS domain. -The query will match -.Li nisNetgroupTriple -entries with either the short or long form of the host name or -no host name specified in the tuple. -If the NIS domain is set, the query will match only match entries -that include the domain or for which there is no domain present. -If the NIS domain is -.Em not -set, a wildcard is used to match any domain name but be aware that the -NIS schema used by some LDAP servers may not support wild cards for -.Li nisNetgroupTriple . -.It -Repeated queries are performed to find any nested -.Li nisNetgroup -records with a -.Li memberNisNetgroup -entry that refers to an already-matched record. -.El -.Pp -For sites with a large number of netgroups, using -.Sy NETGROUP_BASE -can significantly speed up -.Nm sudo Ns 's -execution time. -.Ss Differences between LDAP and non-LDAP sudoers -One of the major differences between LDAP and file-based -.Em sudoers -is that in LDAP, -.Nm sudo Ns -specific -Aliases are not supported. -.Pp -For the most part, there is little need for -.Nm sudo Ns -specific -Aliases. -Unix groups, non-Unix groups (via the -.Em group_plugin ) -or user netgroups can be used in place of User_Aliases and Runas_Aliases. -Host netgroups can be used in place of Host_Aliases. -Since groups and netgroups can also be stored in LDAP there is no real need for -.Nm sudo Ns -specific -aliases. -.Pp -There are also some subtle differences in the way sudoers is handled -once in LDAP. -Probably the biggest is that according to the RFC, LDAP ordering -is arbitrary and you cannot expect that Attributes and Entries are -returned in any specific order. -.Pp -The order in which different entries are applied can be controlled -using the -.Li sudoOrder -attribute, but there is no way to guarantee the order of attributes -within a specific entry. -If there are conflicting command rules in an entry, the negative -takes precedence. -This is called paranoid behavior (not necessarily the most specific -match). -.Pp -Here is an example: -.Bd -literal -offset 4n -# /etc/sudoers: -# Allow all commands except shell -johnny ALL=(root) ALL,!/bin/sh -# Always allows all commands because ALL is matched last -puddles ALL=(root) !/bin/sh,ALL - -# LDAP equivalent of johnny -# Allows all commands except shell -dn: cn=role1,ou=Sudoers,dc=my-domain,dc=com -objectClass: sudoRole -objectClass: top -cn: role1 -sudoUser: johnny -sudoHost: ALL -sudoCommand: ALL -sudoCommand: !/bin/sh - -# LDAP equivalent of puddles -# Notice that even though ALL comes last, it still behaves like -# role1 since the LDAP code assumes the more paranoid configuration -dn: cn=role2,ou=Sudoers,dc=my-domain,dc=com -objectClass: sudoRole -objectClass: top -cn: role2 -sudoUser: puddles -sudoHost: ALL -sudoCommand: !/bin/sh -sudoCommand: ALL -.Ed -.Pp -Another difference is that it is not possible to use negation in a -sudoUser, sudoRunAsUser or sudoRunAsGroup attribute. -For example, the following attributes do not behave the way one might expect. -.Bd -literal -offset 4n -# does not match all but joe -# rather, does not match anyone -sudoUser: !joe - -# does not match all but joe -# rather, matches everyone including Joe -sudoUser: ALL -sudoUser: !joe -.Ed -.Ss Converting between file-based and LDAP sudoers -The -.Xr cvtsudoers 1 -utility can be used to convert between file-based and LDAP -.Em sudoers . -However, there are features in the file-based sudoers that have -no equivalent in LDAP-based sudoers (and vice versa). -These cannot be converted automatically. -.Pp -For example, a Cmnd_Alias in a -.Em sudoers -file may be converted to a -.Li sudoRole -that contains multiple commands. -Multiple users and/or groups may be assigned to the -.Li sudoRole . -.Pp -Also, host, user, runas and command-based -.Li Defaults -entries are not supported. -However, a -.Li sudoRole -may contain one or more -.Li sudoOption -attributes which can often serve the same purpose. -.Pp -Consider the following -.Em sudoers -lines: -.Bd -literal -offset 4n -Cmnd_Alias PAGERS = /usr/bin/more, /usr/bin/pg, /usr/bin/less -Defaults!PAGERS noexec -alice, bob ALL = ALL -.Ed -.Pp -In this example, alice and bob are allowed to run all commands, but -the commands listed in PAGERS will have the noexec flag set, -preventing shell escapes. -.Pp -When converting this to LDAP, two sudoRole objects can be used: -.Bd -literal -offset 4n -dn: cn=PAGERS,ou=SUDOers,dc=my-domain,dc=com -objectClass: top -objectClass: sudoRole -cn: PAGERS -sudoUser: alice -sudoUser: bob -sudoHost: ALL -sudoCommand: /usr/bin/more -sudoCommand: /usr/bin/pg -sudoCommand: /usr/bin/less -sudoOption: noexec -sudoOrder: 900 - -dn: cn=ADMINS,ou=SUDOers,dc=my-domain,dc=com -objectClass: top -objectClass: sudoRole -cn: ADMINS -sudoUser: alice -sudoUser: bob -sudoHost: ALL -sudoCommand: ALL -sudoOrder: 100 -.Ed -.Pp -In the LDAP version, the sudoOrder attribute is used to guarantee -that the PAGERS sudoRole with -.Em noexec -has precedence. -Unlike the -.Em sudoers -version, the LDAP version requires that all users for whom the restriction -should apply be assigned to the PAGERS sudoRole. -Using a Unix group or netgroup in PAGERS rather than listing each -user would make this easier to maintain. -.Pp -Per-user -.Li Defaults -entries can be emulated by using one or more sudoOption attributes -in a sudoRole. -Consider the following -.Em sudoers -lines: -.Bd -literal -offset 4n -User_Alias ADMINS = john, sally -Defaults:ADMINS !authenticate -ADMINS ALL = (ALL:ALL) ALL -.Ed -.Pp -In this example, john and sally are allowed to run any command -as any user or group. -.Pp -When converting this to LDAP, we can use a Unix group instead -of the User_Alias. -.Bd -literal -offset 4n -dn: cn=admins,ou=SUDOers,dc=my-domain,dc=com -objectClass: top -objectClass: sudoRole -cn: admins -sudoUser: %admin -sudoHost: ALL -sudoRunAsUser: ALL -sudoRunAsGroup: ALL -sudoCommand: ALL -sudoOption: !authenticate -.Ed -.Pp -This assumes that users john and sally are members of the -.Dq admins -Unix group. -.Ss Sudoers schema -In order to use -.Nm sudo Ns 's -LDAP support, the -.Nm sudo -schema must be -installed on your LDAP server. -In addition, be sure to index the -.Li sudoUser -attribute. -.Pp -The -.Nm sudo -distribution includes versions of the -.Nm sudoers -schema for multiple LDAP servers: -.Bl -tag -width 4n -.It Pa schema.OpenLDAP -OpenLDAP slapd and -.Ox -ldapd -.It Pa schema.olcSudo -OpenLDAP slapd 2.3 and higher when on-line configuration is enabled -.It Pa schema.iPlanet -Netscape-derived servers such as the iPlanet, Oracle, -and 389 Directory Servers -.It Pa schema.ActiveDirectory -Microsoft Active Directory -.El -.Pp -The schema in OpenLDAP format is also included in the -.Sx EXAMPLES -section. -.Ss Configuring ldap.conf -Sudo reads the -.Pa @ldap_conf@ -file for LDAP-specific configuration. -Typically, this file is shared between different LDAP-aware clients. -As such, most of the settings are not -.Nm sudo Ns -specific. -Note that -.Nm sudo -parses -.Pa @ldap_conf@ -itself and may support options that differ from those described in the -system's -.Xr ldap.conf @mansectform@ -manual. -The path to -.Pa ldap.conf -may be overridden via the -.Em ldap_conf -plugin argument in -.Xr sudo.conf @mansectform@ . -.Pp -Also note that on systems using the OpenLDAP libraries, default -values specified in -.Pa /etc/openldap/ldap.conf -or the user's -.Pa .ldaprc -files are not used. -.Pp -.Nm sudo -supports a variety of LDAP library implementations, including -OpenLDAP, Netscape-derived (also used by Solaris and HP-UX), and -IBM LDAP (aka Tivoli). -Some options are specific to certain LDAP implementations or have -implementation-specific behavior. -These differences are noted below where applicable. -.Pp -Only those options explicitly listed in -.Pa @ldap_conf@ -as being supported by -.Nm sudo -are honored. -Configuration options are listed below in upper case but are parsed -in a case-independent manner. -.Pp -Lines beginning with a pound sign -.Pq Ql # -are ignored. -Leading white space is removed from the beginning of lines. -.Bl -tag -width 4n -.It Sy BIND_TIMELIMIT Ar seconds -The -.Sy BIND_TIMELIMIT -parameter specifies the amount of time, in seconds, to wait while trying -to connect to an LDAP server. -If multiple -.Sy URI Ns s -or -.Sy HOST Ns s -are specified, this is the amount of time to wait before trying -the next one in the list. -.It Sy BINDDN Ar DN -The -.Sy BINDDN -parameter specifies the identity, in the form of a Distinguished Name (DN), -to use when performing LDAP operations. -If not specified, LDAP operations are performed with an anonymous identity. -By default, most LDAP servers will allow anonymous access. -.It Sy BINDPW Ar secret -The -.Sy BINDPW -parameter specifies the password to use when performing LDAP operations. -This is typically used in conjunction with the -.Sy BINDDN -parameter. -The -.Ar secret -may be a plain text password or a base64-encoded string with a -.Dq base64: -prefix. -For example: -.Bd -literal -offset 4n -BINDPW base64:dGVzdA== -.Ed -.Pp -If a plain text password is used, it should be a simple string without quotes. -Plain text passwords may not include the comment character -.Pq Ql # -and the escaping of special characters with a backslash -.Pq Ql \e -is not supported. -.It Sy DEREF Ar never/searching/finding/always -How alias dereferencing is to be performed when searching. -See the -.Xr ldap.conf @mansectform@ -manual for a full description of this option. -.It Sy HOST Ar name[:port] ... -If no -.Sy URI -is specified (see below), the -.Sy HOST -parameter specifies a white space-delimited list of LDAP servers to connect to. -Each host may include an optional -.Em port -separated by a colon -.Pq Ql :\& . -The -.Sy HOST -parameter is deprecated in favor of the -.Sy URI -specification and is included for backward compatibility only. -.It Sy KRB5_CCNAME Ar file name -The path to the Kerberos 5 credential cache to use when authenticating -with the remote server. -.Pp -This option is only relevant when using SASL authentication (see below). -.It Sy LDAP_VERSION Ar number -The version of the LDAP protocol to use when connecting to the server. -The default value is protocol version 3. -.It Sy NETGROUP_BASE Ar base -The base DN to use when performing LDAP netgroup queries. -Typically this is of the form -.Li ou=netgroup,dc=my-domain,dc=com -for the domain -.Li my-domain.com . -Multiple -.Sy NETGROUP_BASE -lines may be specified, in which case they are queried in the order specified. -.Pp -This option can be used to query a user's netgroups directly via LDAP -which is usually faster than fetching every -.Li sudoRole -object containing a -.Li sudoUser -that begins with a -.Ql + -prefix. -The NIS schema used by some LDAP servers need a modification to -support querying the -.Li nisNetgroup -object by its -.Li nisNetgroupTriple -member. -OpenLDAP's -.Sy slapd -requires the following change to the -.Li nisNetgroupTriple -attribute: -.Bd -literal -offset 4n -attributetype ( 1.3.6.1.1.1.1.14 NAME 'nisNetgroupTriple' - DESC 'Netgroup triple' - EQUALITY caseIgnoreIA5Match - SUBSTR caseIgnoreIA5SubstringsMatch - SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) -.Ed -.It Sy NETGROUP_SEARCH_FILTER Ar ldap_filter -An LDAP filter which is used to restrict the set of records returned -when performing an LDAP netgroup query. -Typically, this is of the -form -.Li attribute=value -or -.Li (&(attribute=value)(attribute2=value2)) . -The default search filter is: -.Li objectClass=nisNetgroup . -If -.Ar ldap_filter -is omitted, no search filter will be used. -.Pp -This option is only used when querying netgroups directly via LDAP. -.It Sy NETWORK_TIMEOUT Ar seconds -An alias for -.Sy BIND_TIMELIMIT -provided for OpenLDAP compatibility. -.It Sy PORT Ar port_number -If no -.Sy URI -is specified, the -.Sy PORT -parameter specifies the default port to connect to on the LDAP server if a -.Sy HOST -parameter does not specify the port itself. -If no -.Sy PORT -parameter is used, the default is port 389 for LDAP and port 636 for LDAP -over TLS (SSL). -The -.Sy PORT -parameter is deprecated in favor of the -.Sy URI -specification and is included for backward compatibility only. -.It Sy ROOTBINDDN Ar DN -The -.Sy ROOTBINDDN -parameter specifies the identity, in the form of a Distinguished Name (DN), -to use when performing privileged LDAP operations, such as -.Em sudoers -queries. -The password corresponding to the identity should be stored in the -or the path specified by the -.Em ldap_secret -plugin argument in -.Xr sudo.conf @mansectform@ , -which defaults to -.Pa @ldap_secret@ . -If no -.Sy ROOTBINDDN -is specified, the -.Sy BINDDN -identity is used (if any). -.It Sy ROOTUSE_SASL Ar on/true/yes/off/false/no -Enable -.Sy ROOTUSE_SASL -to enable SASL authentication when connecting -to an LDAP server from a privileged process, such as -.Nm sudo . -.It Sy SASL_AUTH_ID Ar identity -The SASL user name to use when connecting to the LDAP server. -By default, -.Nm sudo -will use an anonymous connection. -.Pp -This option is only relevant when using SASL authentication. -.It Sy SASL_MECH Ar mechanisms -A white space-delimited list of SASL authentication mechanisms to use. -By default, -.Nm sudo -will use -.Dv GSSAPI -authentication. -.It Sy SASL_SECPROPS Ar none/properties -SASL security properties or -.Em none -for no properties. -See the SASL programmer's manual for details. -.Pp -This option is only relevant when using SASL authentication. -.It Sy SSL Ar on/true/yes/off/false/no -If the -.Sy SSL -parameter is set to -.Li on , -.Li true -.Li or -.Li yes , -TLS (SSL) encryption is always used when communicating with the LDAP server. -Typically, this involves connecting to the server on port 636 (ldaps). -.It Sy SSL Ar start_tls -If the -.Sy SSL -parameter is set to -.Li start_tls , -the LDAP server connection is initiated normally and TLS encryption is -begun before the bind credentials are sent. -This has the advantage of not requiring a dedicated port for encrypted -communications. -This parameter is only supported by LDAP servers that honor the -.Em start_tls -extension, such as the OpenLDAP and IBM Tivoli Directory servers. -.It Sy SUDOERS_BASE Ar base -The base DN to use when performing -.Nm sudo -LDAP queries. -Typically this is of the form -.Li ou=SUDOers,dc=my-domain,dc=com -for the domain -.Li my-domain.com . -Multiple -.Sy SUDOERS_BASE -lines may be specified, in which case they are queried in the order specified. -.It Sy SUDOERS_DEBUG Ar debug_level -This sets the debug level for -.Nm sudo -LDAP queries. -Debugging information is printed to the standard error. -A value of 1 results in a moderate amount of debugging information. -A value of 2 shows the results of the matches themselves. -This parameter should not be set in a production environment as the -extra information is likely to confuse users. -.Pp -The -.Sy SUDOERS_DEBUG -parameter is deprecated and will be removed in a future release. -The same information is now logged via the -.Nm sudo -debugging framework using the -.Dq ldap -subsystem at priorities -.Em diag -and -.Em info -for -.Em debug_level -values 1 and 2 respectively. -See the -.Xr sudo.conf @mansectform@ -manual for details on how to configure -.Nm sudo -debugging. -.It Sy SUDOERS_SEARCH_FILTER Ar ldap_filter -An LDAP filter which is used to restrict the set of records returned -when performing a -.Nm sudo -LDAP query. -Typically, this is of the -form -.Li attribute=value -or -.Li (&(attribute=value)(attribute2=value2)) . -The default search filter is: -.Li objectClass=sudoRole . -If -.Ar ldap_filter -is omitted, no search filter will be used. -.It Sy SUDOERS_TIMED Ar on/true/yes/off/false/no -Whether or not to evaluate the -.Li sudoNotBefore -and -.Li sudoNotAfter -attributes that implement time-dependent sudoers entries. -.It Sy TIMELIMIT Ar seconds -The -.Sy TIMELIMIT -parameter specifies the amount of time, in seconds, to wait for a -response to an LDAP query. -.It Sy TIMEOUT Ar seconds -The -.Sy TIMEOUT -parameter specifies the amount of time, in seconds, to wait for a -response from the various LDAP APIs. -.It Sy TLS_CACERT Ar file name -An alias for -.Sy TLS_CACERTFILE -for OpenLDAP compatibility. -.It Sy TLS_CACERTFILE Ar file name -The path to a certificate authority bundle which contains the certificates -for all the Certificate Authorities the client knows to be valid, e.g., -.Pa /etc/ssl/ca-bundle.pem . -.Pp -This option is only supported by the OpenLDAP libraries. -Netscape-derived LDAP libraries use the same certificate -database for CA and client certificates (see -.Sy TLS_CERT ) . -.It Sy TLS_CACERTDIR Ar directory -Similar to -.Sy TLS_CACERTFILE -but instead of a file, it is a directory containing individual -Certificate Authority certificates, e.g., -.Pa /etc/ssl/certs . -The directory specified by -.Sy TLS_CACERTDIR -is checked after -.Sy TLS_CACERTFILE . -.Pp -This option is only supported by the OpenLDAP libraries. -.It Sy TLS_CERT Ar file name -The path to a file containing the client certificate which can -be used to authenticate the client to the LDAP server. -The certificate type depends on the LDAP libraries used. -.Bl -tag -width 4n -.It OpenLDAP: -.Li tls_cert /etc/ssl/client_cert.pem -.It Netscape-derived: -.Li tls_cert /var/ldap/cert7.db -.It IBM LDAP: -Unused, the key database specified by -.Sy TLS_KEY -contains both keys and certificates. -.El -.Pp -When using Netscape-derived libraries, this file may also contain -Certificate Authority certificates. -.It Sy TLS_CHECKPEER Ar on/true/yes/off/false/no -If enabled, -.Sy TLS_CHECKPEER -will cause the LDAP server's TLS certificated to be verified. -If the server's TLS certificate cannot be verified (usually because it -is signed by an unknown certificate authority), -.Nm sudo -will be unable to connect to it. -If -.Sy TLS_CHECKPEER -is disabled, no check is made. -Note that disabling the check creates an opportunity for man-in-the-middle -attacks since the server's identity will not be authenticated. -If possible, the CA's certificate should be installed locally so it can -be verified. -.Pp -This option is not supported by the IBM LDAP libraries. -.It Sy TLS_KEY Ar file name -The path to a file containing the private key which matches the -certificate specified by -.Sy TLS_CERT . -The private key must not be password-protected. -The key type depends on the LDAP libraries used. -.Bl -tag -width 4n -.It OpenLDAP: -.Li tls_key /etc/ssl/client_key.pem -.It Netscape-derived: -.Li tls_key /var/ldap/key3.db -.It IBM LDAP: -.Li tls_key /usr/ldap/ldapkey.kdb -.El -.Pp -When using IBM LDAP libraries, this file may also contain -Certificate Authority and client certificates and may be encrypted. -.It Sy TLS_CIPHERS Ar cipher list -The -.Sy TLS_CIPHERS -parameter allows the administer to restrict which encryption algorithms -may be used for TLS (SSL) connections. -See the OpenLDAP or IBM Tivoli Directory Server manual for a list of valid -ciphers. -.Pp -This option is not supported by Netscape-derived libraries. -.It Sy TLS_KEYPW Ar secret -The -.Sy TLS_KEYPW -contains the password used to decrypt the key database on clients -using the IBM LDAP library. -The -.Ar secret -may be a plain text password or a base64-encoded string with a -.Dq base64: -prefix. -For example: -.Bd -literal -offset 4n -TLS_KEYPW base64:dGVzdA== -.Ed -.Pp -If a plain text password is used, it should be a simple string without quotes. -Plain text passwords may not include the comment character -.Pq Ql # -and the escaping of special characters with a backslash -.Pq Ql \e -is not supported. -If this option is used, -.Pa @ldap_conf@ -must not be world-readable to avoid exposing the password. -Alternately, a -.Em stash file -can be used to store the password in encrypted form (see below). -.Pp -If no -.Sy TLS_KEYPW -is specified, a -.Em stash file -will be used if it exists. -The -.Em stash file -must have the same path as the file specified by -.Sy TLS_KEY , -but use a -.Li .sth -file extension instead of -.Li .kdb , -e.g., -.Li ldapkey.sth . -The default -.Li ldapkey.kdb -that ships with the IBM Tivoli Directory Server is encrypted with the password -.Li ssl_password . -The -.Em gsk8capicmd -utility can be used to manage the key database and create a -.Em stash file . -.Pp -This option is only supported by the IBM LDAP libraries. -.It Sy TLS_REQCERT Ar level -The -.Sy TLS_REQCERT -parameter controls how the LDAP server's TLS certificated will be -verified (if at all). -If the server's TLS certificate cannot be verified (usually because it -is signed by an unknown certificate authority), -.Nm sudo -will be unable to connect to it. -The following -.Ar level -values are supported: -.Bl -tag -width 8n -offset 4n -.It never -The server certificate will not be requested or checked. -.It allow -The server certificate will be requested. -A missing or invalid certificate is ignored and not considered an error. -.It try -The server certificate will be requested. -A missing certificate is ignored but an invalid certificate will -result in a connection error. -.It demand | Ar hard -The server certificate will be requested. -A missing or invalid certificate will result in a connection error. -This is the default behavior. -.El -.Pp -This option is only supported by the OpenLDAP libraries. -Other LDAP libraries only support the -.Sy TLS_CHECKPEER -parameter. -.It Sy TLS_RANDFILE Ar file name -The -.Sy TLS_RANDFILE -parameter specifies the path to an entropy source for systems that lack -a random device. -It is generally used in conjunction with -.Em prngd -or -.Em egd . -.Pp -This option is only supported by the OpenLDAP libraries. -.It Sy URI Ar ldap[s]://[hostname[:port]] ... -Specifies a white space-delimited list of one or more URIs describing -the LDAP server(s) to connect to. -The -.Em protocol -may be either -.Em ldap -.Em ldaps , -the latter being for servers that support TLS (SSL) encryption. -If no -.Em port -is specified, the default is port 389 for -.Li ldap:// -or port 636 for -.Li ldaps:// . -If no -.Em hostname -is specified, -.Nm sudo -will connect to -.Em localhost . -Multiple -.Sy URI -lines are treated identically to a -.Sy URI -line containing multiple entries. -Only systems using the OpenSSL libraries support the mixing of -.Li ldap:// -and -.Li ldaps:// -URIs. -Both the Netscape-derived and IBM LDAP libraries used on most commercial -versions of Unix are only capable of supporting one or the other. -.It Sy USE_SASL Ar on/true/yes/off/false/no -Enable -.Sy USE_SASL -for LDAP servers that support SASL authentication. -.It Sy ROOTSASL_AUTH_ID Ar identity -The SASL user name to use when -.Sy ROOTUSE_SASL -is enabled. -.El -.Pp -See the -.Pa ldap.conf -entry in the -.Sx EXAMPLES -section. -.Ss Configuring nsswitch.conf -Unless it is disabled at build time, -.Nm sudo -consults the Name Service Switch file, -.Pa @nsswitch_conf@ , -to specify the -.Em sudoers -search order. -Sudo looks for a line beginning with -.Li sudoers : -and uses this to determine the search order. -Note that -.Nm sudo -does -not stop searching after the first match and later matches take -precedence over earlier ones. -The following sources are recognized: -.Pp -.Bl -tag -width 8n -offset 4n -compact -.It files -read sudoers from -.Pa @sysconfdir@/sudoers -.It ldap -read sudoers from LDAP -.El -.Pp -In addition, the entry -.Li [NOTFOUND=return] -will short-circuit the search if the user was not found in the -preceding source. -.Pp -To consult LDAP first followed by the local sudoers file (if it -exists), use: -.Bd -literal -offset 4n -sudoers: ldap files -.Ed -.Pp -The local -.Em sudoers -file can be ignored completely by using: -.Bd -literal -offset 4n -sudoers: ldap -.Ed -.Pp -If the -.Pa @nsswitch_conf@ -file is not present or there is no sudoers line, the following -default is assumed: -.Bd -literal -offset 4n -sudoers: files -.Ed -.Pp -Note that -.Pa @nsswitch_conf@ -is supported even when the underlying operating system does not use -an nsswitch.conf file, except on AIX (see below). -.Ss Configuring netsvc.conf -On AIX systems, the -.Pa @netsvc_conf@ -file is consulted instead of -.Pa @nsswitch_conf@ . -.Nm sudo -simply treats -.Pa netsvc.conf -as a variant of -.Pa nsswitch.conf ; -information in the previous section unrelated to the file format -itself still applies. -.Pp -To consult LDAP first followed by the local sudoers file (if it -exists), use: -.Bd -literal -offset 4n -sudoers = ldap, files -.Ed -.Pp -The local -.Em sudoers -file can be ignored completely by using: -.Bd -literal -offset 4n -sudoers = ldap -.Ed -.Pp -To treat LDAP as authoritative and only use the local sudoers file -if the user is not present in LDAP, use: -.Bd -literal -offset 4n -sudoers = ldap = auth, files -.Ed -.Pp -Note that in the above example, the -.Li auth -qualifier only affects user lookups; both LDAP and -.Em sudoers -will be queried for -.Li Defaults -entries. -.Pp -If the -.Pa @netsvc_conf@ -file is not present or there is no sudoers line, the following -default is assumed: -.Bd -literal -offset 4n -sudoers = files -.Ed -.Ss Integration with sssd -On systems with the -.Em System Security Services Daemon -(SSSD) and where -.Nm sudo -has been built with SSSD support, -it is possible to use SSSD to cache LDAP -.Em sudoers -rules. -To use SSSD as the -.Em sudoers -source, you should use -.Li sss -instead of -.Li ldap -for the sudoers entry in -.Pa @nsswitch_conf@ . -Note that the -.Pa @ldap_conf@ -file is not used by the SSSD -.Nm sudo -back end. -Please see -.Xr sssd-sudo @mansectform@ -for more information on configuring -.Nm sudo -to work with SSSD. -.Sh FILES -.Bl -tag -width 24n -.It Pa @ldap_conf@ -LDAP configuration file -.It Pa @nsswitch_conf@ -determines sudoers source order -.It Pa @netsvc_conf@ -determines sudoers source order on AIX -.El -.Sh EXAMPLES -.Ss Example ldap.conf -.Bd -literal -offset 2n -# Either specify one or more URIs or one or more host:port pairs. -# If neither is specified sudo will default to localhost, port 389. -# -#host ldapserver -#host ldapserver1 ldapserver2:390 -# -# Default port if host is specified without one, defaults to 389. -#port 389 -# -# URI will override the host and port settings. -uri ldap://ldapserver -#uri ldaps://secureldapserver -#uri ldaps://secureldapserver ldap://ldapserver -# -# The amount of time, in seconds, to wait while trying to connect to -# an LDAP server. -bind_timelimit 30 -# -# The amount of time, in seconds, to wait while performing an LDAP query. -timelimit 30 -# -# Must be set or sudo will ignore LDAP; may be specified multiple times. -sudoers_base ou=SUDOers,dc=my-domain,dc=com -# -# verbose sudoers matching from ldap -#sudoers_debug 2 -# -# Enable support for time-based entries in sudoers. -#sudoers_timed yes -# -# optional proxy credentials -#binddn -#bindpw -#rootbinddn -# -# LDAP protocol version, defaults to 3 -#ldap_version 3 -# -# Define if you want to use an encrypted LDAP connection. -# Typically, you must also set the port to 636 (ldaps). -#ssl on -# -# Define if you want to use port 389 and switch to -# encryption before the bind credentials are sent. -# Only supported by LDAP servers that support the start_tls -# extension such as OpenLDAP. -#ssl start_tls -# -# Additional TLS options follow that allow tweaking of the -# SSL/TLS connection. -# -#tls_checkpeer yes # verify server SSL certificate -#tls_checkpeer no # ignore server SSL certificate -# -# If you enable tls_checkpeer, specify either tls_cacertfile -# or tls_cacertdir. Only supported when using OpenLDAP. -# -#tls_cacertfile /etc/certs/trusted_signers.pem -#tls_cacertdir /etc/certs -# -# For systems that don't have /dev/random -# use this along with PRNGD or EGD.pl to seed the -# random number pool to generate cryptographic session keys. -# Only supported when using OpenLDAP. -# -#tls_randfile /etc/egd-pool -# -# You may restrict which ciphers are used. Consult your SSL -# documentation for which options go here. -# Only supported when using OpenLDAP. -# -#tls_ciphers -# -# Sudo can provide a client certificate when communicating to -# the LDAP server. -# Tips: -# * Enable both lines at the same time. -# * Do not password protect the key file. -# * Ensure the keyfile is only readable by root. -# -# For OpenLDAP: -#tls_cert /etc/certs/client_cert.pem -#tls_key /etc/certs/client_key.pem -# -# For Netscape-derived LDAP, tls_cert and tls_key may specify either -# a directory, in which case the files in the directory must have the -# default names (e.g., cert8.db and key4.db), or the path to the cert -# and key files themselves. However, a bug in version 5.0 of the LDAP -# SDK will prevent specific file names from working. For this reason -# it is suggested that tls_cert and tls_key be set to a directory, -# not a file name. -# -# The certificate database specified by tls_cert may contain CA certs -# and/or the client's cert. If the client's cert is included, tls_key -# should be specified as well. -# For backward compatibility, "sslpath" may be used in place of tls_cert. -#tls_cert /var/ldap -#tls_key /var/ldap -# -# If using SASL authentication for LDAP (OpenSSL) -# use_sasl yes -# sasl_auth_id -# rootuse_sasl yes -# rootsasl_auth_id -# sasl_secprops none -# krb5_ccname /etc/.ldapcache -.Ed -.Ss Sudoers schema for OpenLDAP -The following schema, in OpenLDAP format, is included with -.Nm sudo -source and binary distributions as -.Pa schema.OpenLDAP . -Simply copy -it to the schema directory (e.g., -.Pa /etc/openldap/schema ) , -add the proper -.Li include -line in -.Pa slapd.conf -and restart -.Nm slapd . -Sites using the optional on-line configuration supported by OpenLDAP 2.3 -and higher should apply the -.Pa schema.olcSudo -file instead. -.Bd -literal -offset 2n -attributetype ( 1.3.6.1.4.1.15953.9.1.1 - NAME 'sudoUser' - DESC 'User(s) who may run sudo' - EQUALITY caseExactIA5Match - SUBSTR caseExactIA5SubstringsMatch - SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) - -attributetype ( 1.3.6.1.4.1.15953.9.1.2 - NAME 'sudoHost' - DESC 'Host(s) who may run sudo' - EQUALITY caseExactIA5Match - SUBSTR caseExactIA5SubstringsMatch - SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) - -attributetype ( 1.3.6.1.4.1.15953.9.1.3 - NAME 'sudoCommand' - DESC 'Command(s) to be executed by sudo' - EQUALITY caseExactIA5Match - SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) - -attributetype ( 1.3.6.1.4.1.15953.9.1.4 - NAME 'sudoRunAs' - DESC 'User(s) impersonated by sudo' - EQUALITY caseExactIA5Match - SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) - -attributetype ( 1.3.6.1.4.1.15953.9.1.5 - NAME 'sudoOption' - DESC 'Options(s) followed by sudo' - EQUALITY caseExactIA5Match - SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) - -attributetype ( 1.3.6.1.4.1.15953.9.1.6 - NAME 'sudoRunAsUser' - DESC 'User(s) impersonated by sudo' - EQUALITY caseExactIA5Match - SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) - -attributetype ( 1.3.6.1.4.1.15953.9.1.7 - NAME 'sudoRunAsGroup' - DESC 'Group(s) impersonated by sudo' - EQUALITY caseExactIA5Match - SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) - -attributetype ( 1.3.6.1.4.1.15953.9.1.8 - NAME 'sudoNotBefore' - DESC 'Start of time interval for which the entry is valid' - EQUALITY generalizedTimeMatch - ORDERING generalizedTimeOrderingMatch - SYNTAX 1.3.6.1.4.1.1466.115.121.1.24 ) - -attributetype ( 1.3.6.1.4.1.15953.9.1.9 - NAME 'sudoNotAfter' - DESC 'End of time interval for which the entry is valid' - EQUALITY generalizedTimeMatch - ORDERING generalizedTimeOrderingMatch - SYNTAX 1.3.6.1.4.1.1466.115.121.1.24 ) - -attributetype ( 1.3.6.1.4.1.15953.9.1.10 - NAME 'sudoOrder' - DESC 'an integer to order the sudoRole entries' - EQUALITY integerMatch - ORDERING integerOrderingMatch - SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 ) - -objectclass ( 1.3.6.1.4.1.15953.9.2.1 NAME 'sudoRole' SUP top STRUCTURAL - DESC 'Sudoer Entries' - MUST ( cn ) - MAY ( sudoUser $ sudoHost $ sudoCommand $ sudoRunAs $ sudoRunAsUser $ - sudoRunAsGroup $ sudoOption $ sudoNotBefore $ sudoNotAfter $ - sudoOrder $ description ) - ) -.Ed -.Sh SEE ALSO -.Xr cvtsudoers 1 , -.Xr ldap.conf @mansectform@ , -.Xr sssd-sudo @mansectform@ , -.Xr sudo.conf @mansectform@ , -.Xr sudoers @mansectform@ -.Sh AUTHORS -Many people have worked on -.Nm sudo -over the years; this version consists of code written primarily by: -.Bd -ragged -offset indent -.An Todd C. Miller -.Ed -.Pp -See the CONTRIBUTORS file in the -.Nm sudo -distribution (https://www.sudo.ws/contributors.html) for an -exhaustive list of people who have contributed to -.Nm sudo . -.Sh CAVEATS -Note that there are differences in the way that LDAP-based -.Em sudoers -is parsed compared to file-based -.Em sudoers . -See the -.Sx Differences between LDAP and non-LDAP sudoers -section for more information. -.Sh BUGS -If you feel you have found a bug in -.Nm sudo , -please submit a bug report at https://bugzilla.sudo.ws/ -.Sh SUPPORT -Limited free support is available via the sudo-users mailing list, -see https://www.sudo.ws/mailman/listinfo/sudo-users to subscribe or -search the archives. -.Sh DISCLAIMER -.Nm sudo -is provided -.Dq AS IS -and any express or implied warranties, including, but not limited -to, the implied warranties of merchantability and fitness for a -particular purpose are disclaimed. -See the LICENSE file distributed with -.Nm sudo -or https://www.sudo.ws/license.html for complete details. diff -Nru sudo-1.9.5p2/doc/sudoers.man.in sudo-1.9.9/doc/sudoers.man.in --- sudo-1.9.5p2/doc/sudoers.man.in 2021-01-09 20:12:16.000000000 +0000 +++ sudo-1.9.9/doc/sudoers.man.in 1970-01-01 00:00:00.000000000 +0000 @@ -1,6548 +0,0 @@ -.\" Automatically generated from an mdoc input file. Do not edit. -.\" -.\" SPDX-License-Identifier: ISC -.\" -.\" Copyright (c) 1994-1996, 1998-2005, 2007-2021 -.\" Todd C. Miller -.\" -.\" Permission to use, copy, modify, and distribute this software for any -.\" purpose with or without fee is hereby granted, provided that the above -.\" copyright notice and this permission notice appear in all copies. -.\" -.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES -.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF -.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR -.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES -.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN -.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF -.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. -.\" -.\" Sponsored in part by the Defense Advanced Research Projects -.\" Agency (DARPA) and Air Force Research Laboratory, Air Force -.\" Materiel Command, USAF, under agreement number F39502-99-1-0512. -.\" -.nr SL @SEMAN@ -.nr BA @BAMAN@ -.nr LC @LCMAN@ -.nr PS @PSMAN@ -.TH "SUDOERS" "@mansectform@" "January 8, 2020" "Sudo @PACKAGE_VERSION@" "File Formats Manual" -.nh -.if n .ad l -.SH "NAME" -\fBsudoers\fR -\- default sudo security policy plugin -.SH "DESCRIPTION" -The -\fBsudoers\fR -policy plugin determines a user's -\fBsudo\fR -privileges. -It is the default -\fBsudo\fR -policy plugin. -The policy is driven by -the -\fI@sysconfdir@/sudoers\fR -file or, optionally in LDAP. -The policy format is described in detail in the -\fISUDOERS FILE FORMAT\fR -section. -For information on storing -\fBsudoers\fR -policy information -in LDAP, please see -sudoers.ldap(@mansectform@). -.SS "Configuring sudo.conf for sudoers" -\fBsudo\fR -consults the -sudo.conf(@mansectform@) -file to determine which policy and I/O logging plugins to load. -If no -sudo.conf(@mansectform@) -file is present, or if it contains no -\fRPlugin\fR -lines, -\fBsudoers\fR -will be used for policy decisions and I/O logging. -To explicitly configure -sudo.conf(@mansectform@) -to use the -\fBsudoers\fR -plugin, the following configuration can be used. -.nf -.sp -.RS 6n -Plugin sudoers_audit sudoers.so -Plugin sudoers_policy sudoers.so -Plugin sudoers_io sudoers.so -.RE -.fi -.PP -Starting with -\fBsudo\fR -1.8.5, it is possible to specify optional arguments to the -\fBsudoers\fR -plugin in the -sudo.conf(@mansectform@) -file. -Plugin arguments, if any, should be listed after the path to the plugin -(i.e., after -\fIsudoers.so\fR). -The arguments are only effective for the plugin that opens (and parses) the -\fIsudoers\fR -file. -.PP -For -\fBsudo\fR -version 1.9.1 and higher, this is the -\fIsudoers_audit\fR -plugin. -For older versions, it is the -\fIsudoers_policy\fR -plugin. -Multiple arguments may be specified, separated by white space. -For example: -.nf -.sp -.RS 6n -Plugin sudoers_audit sudoers.so sudoers_mode=0400 error_recovery=false -.RE -.fi -.PP -The following plugin arguments are supported: -.TP 10n -error_recovery=bool -The -\fIerror_recovery\fR -argument can be used to control whether -\fBsudoers\fR -should attempt to recover from syntax errors in the -\fIsudoers\fR -file. -If set to -\fItrue\fR -(the default), -\fBsudoers\fR -will try to recover from a syntax error by discarding the portion -of the line that contains the error until the end of the line. -A value of -\fIfalse\fR -will disable error recovery. -Prior to version 1.9.3, no error recovery was performed. -.TP 10n -ldap_conf=pathname -The -\fIldap_conf\fR -argument can be used to override the default path to the -\fIldap.conf\fR -file. -.TP 10n -ldap_secret=pathname -The -\fIldap_secret\fR -argument can be used to override the default path to the -\fIldap.secret\fR -file. -.TP 10n -sudoers_file=pathname -The -\fIsudoers_file\fR -argument can be used to override the default path to the -\fIsudoers\fR -file. -.TP 10n -sudoers_uid=uid -The -\fIsudoers_uid\fR -argument can be used to override the default owner of the sudoers file. -It should be specified as a numeric user-ID. -.TP 10n -sudoers_gid=gid -The -\fIsudoers_gid\fR -argument can be used to override the default group of the sudoers file. -It must be specified as a numeric group-ID (not a group name). -.TP 10n -sudoers_mode=mode -The -\fIsudoers_mode\fR -argument can be used to override the default file mode for the sudoers file. -It should be specified as an octal value. -.PP -For more information on configuring -sudo.conf(@mansectform@), -please refer to its manual. -.SS "User Authentication" -The -\fBsudoers\fR -security policy requires that most users authenticate -themselves before they can use -\fBsudo\fR. -A password is not required -if the invoking user is root, if the target user is the same as the -invoking user, or if the policy has disabled authentication for the -user or command. -Unlike -su(1), -when -\fBsudoers\fR -requires -authentication, it validates the invoking user's credentials, not -the target user's (or root's) credentials. -This can be changed via -the -\fIrootpw\fR, -\fItargetpw\fR -and -\fIrunaspw\fR -flags, described later. -.PP -If a user who is not listed in the policy tries to run a command -via -\fBsudo\fR, -mail is sent to the proper authorities. -The address -used for such mail is configurable via the -\fImailto\fR -Defaults entry -(described later) and defaults to -\fR@mailto@\fR. -.PP -Note that no mail will be sent if an unauthorized user tries to run -\fBsudo\fR -with the -\fB\-l\fR -or -\fB\-v\fR -option unless there is an authentication error and -either the -\fImail_always\fR -or -\fImail_badpass\fR -flags are enabled. -This allows users to -determine for themselves whether or not they are allowed to use -\fBsudo\fR. -By default, all attempts to run -\fBsudo\fR -(successful or not) -are logged, regardless of whether or not mail is sent. -.PP -If -\fBsudo\fR -is run by root and the -\fRSUDO_USER\fR -environment variable -is set, the -\fBsudoers\fR -policy will use this value to determine who -the actual user is. -This can be used by a user to log commands -through sudo even when a root shell has been invoked. -It also -allows the -\fB\-e\fR -option to remain useful even when invoked via a -sudo-run script or program. -Note, however, that the -\fIsudoers\fR -file lookup is still done for root, not the user specified by -\fRSUDO_USER\fR. -.PP -\fBsudoers\fR -uses per-user time stamp files for credential caching. -Once a user has been authenticated, a record is written -containing the user-ID that was used to authenticate, the -terminal session ID, the start time of the session leader -(or parent process) and a time stamp -(using a monotonic clock if one is available). -The user may then use -\fBsudo\fR -without a password for a short period of time -(\fR@timeout@\fR -minutes unless overridden by the -\fItimestamp_timeout\fR -option) -\&. -By default, -\fBsudoers\fR -uses a separate record for each terminal, which means that -a user's login sessions are authenticated separately. -The -\fItimestamp_type\fR -option can be used to select the type of time stamp record -\fBsudoers\fR -will use. -.SS "Logging" -By default, -\fBsudoers\fR -logs both successful and unsuccessful attempts (as well -as errors). -The -\fIlog_allowed\fR -and -\fIlog_denied\fR -flags can be used to control this behavior. -Messages can be logged to -syslog(3), -a log file, or both. -The default is to log to -syslog(3) -but this is configurable via the -\fIsyslog\fR -and -\fIlogfile\fR -settings. -See -\fILOG FORMAT\fR -for a description of the log file format. -.PP -\fBsudoers\fR -is also capable of running a command in a pseudo-terminal and logging all -input and/or output. -The standard input, standard output and standard error can be logged -even when not associated with a terminal. -I/O logging is not on by default but can be enabled using -the -\fIlog_input\fR -and -\fIlog_output\fR -options as well as the -\fRLOG_INPUT\fR -and -\fRLOG_OUTPUT\fR -command tags. -See -\fII/O LOG FILES\fR -for details on how I/O log files are stored. -.PP -Starting with version 1.9, the -\fIlog_servers\fR -setting may be used to send event and I/O log data to a remote server running -\fBsudo_logsrvd\fR -or another service that implements the protocol described by -sudo_logsrv.proto(@mansectform@). -.SS "Command environment" -Since environment variables can influence program behavior, -\fBsudoers\fR -provides a means to restrict which variables from the user's -environment are inherited by the command to be run. -There are two -distinct ways -\fBsudoers\fR -can deal with environment variables. -.PP -By default, the -\fIenv_reset\fR -flag is enabled. -This causes commands -to be executed with a new, minimal environment. -On AIX (and Linux -systems without PAM), the environment is initialized with the -contents of the -\fI/etc/environment\fR -file. -.if \n(LC \{\ -On -BSD -systems, if the -\fIuse_loginclass\fR -flag is enabled, the environment is initialized -based on the -\fIpath\fR -and -\fIsetenv\fR -settings in -\fI/etc/login.conf\fR. -.\} -The -\fRHOME\fR, -\fRMAIL\fR, -\fRSHELL\fR, -\fRLOGNAME\fR -and -\fRUSER\fR -environment variables are initialized based on the target user -and the -\fRSUDO_*\fR -variables are set based on the invoking user. -Additional variables, such as -\fRDISPLAY\fR, -\fRPATH\fR -and -\fRTERM\fR, -are preserved from the invoking user's environment if permitted by the -\fIenv_check\fR -or -\fIenv_keep\fR -options. -A few environment variables are treated specially. -If the -\fRPATH\fR -and -\fRTERM\fR -variables are not preserved from the user's environment, they will be set -to default values. -The -\fRLOGNAME\fR -and -\fRUSER\fR -are handled as a single entity. -If one of them is preserved (or removed) from the user's environment, -the other will be as well. -If -\fRLOGNAME\fR -and -\fRUSER\fR -are to be preserved but only one of them is present in the user's environment, -the other will be set to the same value. -This avoids an inconsistent environment where one of the variables -describing the user name is set to the invoking user and one is -set to the target user. -Environment variables with a value beginning with -\fR()\fR -are removed unless both the name and value parts are matched by -\fIenv_keep\fR -or -\fIenv_check\fR, -as they may be interpreted as functions by the -\fBbash\fR -shell. -Prior to version 1.8.11, such variables were always removed. -.PP -If, however, the -\fIenv_reset\fR -flag is disabled, any variables not -explicitly denied by the -\fIenv_check\fR -and -\fIenv_delete\fR -options are allowed and their values are -inherited from the invoking process. -Prior to version 1.8.21, environment variables with a value beginning with -\fR()\fR -were always removed. -Beginning with version 1.8.21, a pattern in -\fIenv_delete\fR -is used to match -\fBbash\fR -shell functions instead. -Since it is not possible -to block all potentially dangerous environment variables, use -of the default -\fIenv_reset\fR -behavior is encouraged. -.PP -Environment variables specified by -\fIenv_check\fR, -\fIenv_delete\fR, -or -\fIenv_keep\fR -may include one or more -\(oq*\(cq -characters which will match zero or more characters. -No other wildcard characters are supported. -.PP -By default, environment variables are matched by name. -However, if the pattern includes an equal sign -(\(oq=\&\(cq), -both the variables name and value must match. -For example, a -\fBbash\fR -shell function could be matched as follows: -.nf -.sp -.RS 4n -env_keep += "BASH_FUNC_my_func%%=()*" -.RE -.fi -.PP -Without the -\(lq\fR=()*\fR\(rq -suffix, this would not match, as -\fBbash\fR -shell functions are not preserved by default. -.PP -The complete list of environment variables that are preserved or removed, -as modified by global Defaults parameters in -\fIsudoers\fR, -is displayed when -\fBsudo\fR -is run by root with the -\fB\-V\fR -option. -Please note that the list of environment variables to remove -varies based on the operating system -\fBsudo\fR -is running on. -.PP -Other -\fBsudoers\fR -options may influence the command environment, such as -\fIalways_set_home\fR, -\fIsecure_path\fR, -\fIset_logname\fR, -and -\fIset_home\fR. -.PP -On systems that support PAM where the -\fBpam_env\fR -module is enabled for -\fBsudo\fR, -variables in the PAM environment may be merged in to the environment. -If a variable in the PAM environment is already present in the -user's environment, the value will only be overridden if the variable -was not preserved by -\fBsudoers\fR. -When -\fIenv_reset\fR -is enabled, variables preserved from the invoking user's environment -by the -\fIenv_keep\fR -list take precedence over those in the PAM environment. -When -\fIenv_reset\fR -is disabled, variables present the invoking user's environment -take precedence over those in the PAM environment unless they -match a pattern in the -\fIenv_delete\fR -list. -.PP -Note that the dynamic linker on most operating systems will remove -variables that can control dynamic linking from the environment of -set-user-ID executables, including -\fBsudo\fR. -Depending on the operating -system this may include -\fR_RLD*\fR, -\fRDYLD_*\fR, -\fRLD_*\fR, -\fRLDR_*\fR, -\fRLIBPATH\fR, -\fRSHLIB_PATH\fR, -and others. -These type of variables are -removed from the environment before -\fBsudo\fR -even begins execution -and, as such, it is not possible for -\fBsudo\fR -to preserve them. -.PP -As a special case, if the -\fB\-i\fR -option (initial login) is -specified, -\fBsudoers\fR -will initialize the environment regardless -of the value of -\fIenv_reset\fR. -The -\fRDISPLAY\fR, -\fRPATH\fR -and -\fRTERM\fR -variables remain unchanged; -\fRHOME\fR, -\fRMAIL\fR, -\fRSHELL\fR, -\fRUSER\fR, -and -\fRLOGNAME\fR -are set based on the target user. -On AIX (and Linux -systems without PAM), the contents of -\fI/etc/environment\fR -are also -included. -.if \n(LC \{\ -On -BSD -systems, if the -\fIuse_loginclass\fR -flag is -enabled, the -\fIpath\fR -and -\fIsetenv\fR -variables in -\fI/etc/login.conf\fR -are also applied. -.\} -All other environment variables are removed unless permitted by -\fIenv_keep\fR -or -\fIenv_check\fR, -described above. -.PP -Finally, the -\fIrestricted_env_file\fR -and -\fIenv_file\fR -files are applied, if present. -The variables in -\fIrestricted_env_file\fR -are applied first and are subject to the same restrictions as the -invoking user's environment, as detailed above. -The variables in -\fIenv_file\fR -are applied last and are not subject to these restrictions. -In both cases, variables present in the files will only be set to -their specified values if they would not conflict with an existing -environment variable. -.SH "SUDOERS FILE FORMAT" -The -\fIsudoers\fR -file is composed of two types of entries: aliases -(basically variables) and user specifications (which specify who -may run what). -.PP -When multiple entries match for a user, they are applied in order. -Where there are multiple matches, the last match is used (which is -not necessarily the most specific match). -.PP -The -\fIsudoers\fR -file grammar will be described below in Extended Backus-Naur -Form (EBNF). -Don't despair if you are unfamiliar with EBNF; it is fairly simple, -and the definitions below are annotated. -.SS "Quick guide to EBNF" -EBNF is a concise and exact way of describing the grammar of a language. -Each EBNF definition is made up of -\fIproduction rules\fR. -E.g., -.PP -\fRsymbol ::= definition\fR | \fRalternate1\fR | \fRalternate2 ...\fR -.PP -Each -\fIproduction rule\fR -references others and thus makes up a -grammar for the language. -EBNF also contains the following -operators, which many readers will recognize from regular -expressions. -Do not, however, confuse them with -\(lqwildcard\(rq -characters, which have different meanings. -.TP 6n -\fR\&?\fR -Means that the preceding symbol (or group of symbols) is optional. -That is, it may appear once or not at all. -.TP 6n -\fR*\fR -Means that the preceding symbol (or group of symbols) may appear -zero or more times. -.TP 6n -\fR+\fR -Means that the preceding symbol (or group of symbols) may appear -one or more times. -.PP -Parentheses may be used to group symbols together. -For clarity, -we will use single quotes -('') -to designate what is a verbatim character string (as opposed to a symbol name). -.SS "Aliases" -There are four kinds of aliases: -\fRUser_Alias\fR, -\fRRunas_Alias\fR, -\fRHost_Alias\fR -and -\fRCmnd_Alias\fR. -Beginning with -\fBsudo\fR -1.9.0, -\fRCmd_Alias\fR -may be used in place of -\fRCmnd_Alias\fR -if desired. -.nf -.sp -.RS 0n -Alias ::= 'User_Alias' User_Alias_Spec (':' User_Alias_Spec)* | - 'Runas_Alias' Runas_Alias_Spec (':' Runas_Alias_Spec)* | - 'Host_Alias' Host_Alias_Spec (':' Host_Alias_Spec)* | - 'Cmnd_Alias' Cmnd_Alias_Spec (':' Cmnd_Alias_Spec)* | - 'Cmd_Alias' Cmnd_Alias_Spec (':' Cmnd_Alias_Spec)* - -User_Alias ::= NAME - -User_Alias_Spec ::= User_Alias '=' User_List - -Runas_Alias ::= NAME - -Runas_Alias_Spec ::= Runas_Alias '=' Runas_List - -Host_Alias ::= NAME - -Host_Alias_Spec ::= Host_Alias '=' Host_List - -Cmnd_Alias ::= NAME - -Cmnd_Alias_Spec ::= Cmnd_Alias '=' Cmnd_List - -NAME ::= [A-Z]([A-Z][0-9]_)* -.RE -.fi -.PP -Each -\fIalias\fR -definition is of the form -.nf -.sp -.RS 0n -Alias_Type NAME = item1, item2, ... -.RE -.fi -.PP -where -\fIAlias_Type\fR -is one of -\fRUser_Alias\fR, -\fRRunas_Alias\fR, -\fRHost_Alias\fR, -or -\fRCmnd_Alias\fR. -A -\fRNAME\fR -is a string of uppercase letters, numbers, -and underscore characters -(\(oq_\(cq). -A -\fRNAME\fR -\fBmust\fR -start with an -uppercase letter. -It is possible to put several alias definitions -of the same type on a single line, joined by a colon -(\(oq:\&\(cq). -E.g., -.nf -.sp -.RS 0n -Alias_Type NAME = item1, item2, item3 : NAME = item4, item5 -.RE -.fi -.PP -It is a syntax error to redefine an existing -\fIalias\fR. -It is possible to use the same name for -\fIaliases\fR -of different types, but this is not recommended. -.PP -The definitions of what constitutes a valid -\fIalias\fR -member follow. -.nf -.sp -.RS 0n -User_List ::= User | - User ',' User_List - -User ::= '!'* user name | - '!'* #uid | - '!'* %group | - '!'* %#gid | - '!'* +netgroup | - '!'* %:nonunix_group | - '!'* %:#nonunix_gid | - '!'* User_Alias -.RE -.fi -.PP -A -\fRUser_List\fR -is made up of one or more user names, user-IDs -(prefixed with -\(oq#\(cq), -system group names and IDs (prefixed with -\(oq%\(cq -and -\(oq%#\(cq -respectively), netgroups (prefixed with -\(oq+\(cq), -non-Unix group names and IDs (prefixed with -\(oq%:\(cq -and -\(oq%:#\(cq -respectively) and -\fRUser_Alias\fRes. -Each list item may be prefixed with zero or more -\(oq\&!\(cq -operators. -An odd number of -\(oq\&!\(cq -operators negate the value of -the item; an even number just cancel each other out. -User netgroups are matched using the user and domain members only; -the host member is not used when matching. -.PP -A -\fRuser name\fR, -\fRuid\fR, -\fRgroup\fR, -\fRgid\fR, -\fRnetgroup\fR, -\fRnonunix_group\fR -or -\fRnonunix_gid\fR -may be enclosed in double quotes to avoid the -need for escaping special characters. -Alternately, special characters -may be specified in escaped hex mode, e.g., \ex20 for space. -When -using double quotes, any prefix characters must be included inside -the quotes. -.PP -The actual -\fRnonunix_group\fR -and -\fRnonunix_gid\fR -syntax depends on -the underlying group provider plugin. -For instance, the QAS AD plugin supports the following formats: -.TP 3n -\fB\(bu\fR -Group in the same domain: "%:Group Name" -.TP 3n -\fB\(bu\fR -Group in any domain: "%:Group Name@FULLY.QUALIFIED.DOMAIN" -.TP 3n -\fB\(bu\fR -Group SID: "%:S-1-2-34-5678901234-5678901234-5678901234-567" -.PP -See -\fIGROUP PROVIDER PLUGINS\fR -for more information. -.PP -Note that quotes around group names are optional. -Unquoted strings must use a backslash -(\(oq\e\(cq) -to escape spaces and special characters. -See -\fIOther special characters and reserved words\fR -for a list of -characters that need to be escaped. -.nf -.sp -.RS 0n -Runas_List ::= Runas_Member | - Runas_Member ',' Runas_List - -Runas_Member ::= '!'* user name | - '!'* #uid | - '!'* %group | - '!'* %#gid | - '!'* %:nonunix_group | - '!'* %:#nonunix_gid | - '!'* +netgroup | - '!'* Runas_Alias -.RE -.fi -.PP -A -\fRRunas_List\fR -is similar to a -\fRUser_List\fR -except that instead -of -\fRUser_Alias\fRes -it can contain -\fRRunas_Alias\fRes. -Note that -user names and groups are matched as strings. -In other words, two users (groups) with the same user (group) ID -are considered to be distinct. -If you wish to match all user names with the same user-ID (e.g., root and -toor), you can use a user-ID instead of a name (#0 in the example given). -Note that the user-ID or group-ID specified in a -\fRRunas_Member\fR -need not be listed in the password or group database. -.nf -.sp -.RS 0n -Host_List ::= Host | - Host ',' Host_List - -Host ::= '!'* host name | - '!'* ip_addr | - '!'* network(/netmask)? | - '!'* +netgroup | - '!'* Host_Alias -.RE -.fi -.PP -A -\fRHost_List\fR -is made up of one or more host names, IP addresses, -network numbers, netgroups (prefixed with -\(oq+\(cq) -and other aliases. -Again, the value of an item may be negated with the -\(oq\&!\(cq -operator. -Host netgroups are matched using the host (both qualified and unqualified) -and domain members only; the user member is not used when matching. -If you specify a network number without a netmask, -\fBsudo\fR -will query each of the local host's network interfaces and, -if the network number corresponds to one of the hosts's network -interfaces, will use the netmask of that interface. -The netmask may be specified either in standard IP address notation -(e.g., 255.255.255.0 or ffff:ffff:ffff:ffff::), -or CIDR notation (number of bits, e.g., 24 or 64). -A host name may include shell-style wildcards (see the -\fIWildcards\fR -section below), -but unless the -\fRhost name\fR -command on your machine returns the fully -qualified host name, you'll need to use the -\fIfqdn\fR -flag for wildcards to be useful. -Note that -\fBsudo\fR -only inspects actual network interfaces; this means that IP address -127.0.0.1 (localhost) will never match. -Also, the host name -\(lqlocalhost\(rq -will only match if that is the actual host name, which is usually -only the case for non-networked systems. -.nf -.sp -.RS 0n -digest ::= [A-Fa-f0-9]+ | - [A-Za-z0-9\e+/=]+ - -Digest_Spec ::= "sha224" ':' digest | - "sha256" ':' digest | - "sha384" ':' digest | - "sha512" ':' digest - -Digest_List ::= Digest_Spec | - Digest_Spec ',' Digest_List - -Cmnd_List ::= Cmnd | - Cmnd ',' Cmnd_List - -command name ::= file name | - file name args | - file name '""' - -Edit_Spec ::= "sudoedit" file name+ - -Cmnd ::= Digest_List? '!'* command name | - '!'* directory | - '!'* Edit_Spec | - '!'* Cmnd_Alias -.RE -.fi -.PP -A -\fRCmnd_List\fR -is a list of one or more command names, directories, and other aliases. -A command name is a fully qualified file name which may include -shell-style wildcards (see the -\fIWildcards\fR -section below). -A simple file name allows the user to run the command with any -arguments they wish. -However, you may also specify command line arguments (including -wildcards). -Alternately, you can specify -\fR\&""\fR -to indicate that the command -may only be run -\fBwithout\fR -command line arguments. -A directory is a -fully qualified path name ending in a -\(oq/\(cq. -When you specify a directory in a -\fRCmnd_List\fR, -the user will be able to run any file within that directory -(but not in any sub-directories therein). -.PP -If a -\fRCmnd\fR -has associated command line arguments, then the arguments -in the -\fRCmnd\fR -must match exactly those given by the user on the command line -(or match the wildcards if there are any). -Note that the following characters must be escaped with a -\(oq\e\(cq -if they are used in command arguments: -\(oq,\&\(cq, -\(oq:\&\(cq, -\(oq=\&\(cq, -\(oq\e\(cq. -The built-in command -\(lq\fRsudoedit\fR\(rq -is used to permit a user to run -\fBsudo\fR -with the -\fB\-e\fR -option (or as -\fBsudoedit\fR). -It may take command line arguments just as a normal command does. -Note that -\(lq\fRsudoedit\fR\(rq -is a command built into -\fBsudo\fR -itself and must be specified in the -\fIsudoers\fR -file -\fBwithout\fR -a leading path. -If a leading path is present, for example -\fI/usr/bin/sudoedit\fR, -the path name will be silently converted to -\(lq\fRsudoedit\fR\(rq. -A fully-qualified path for -\fBsudoedit\fR -is treated as an error by -\fBvisudo\fR. -.PP -A -\fRcommand name\fR -may be preceded by a -\fRDigest_List\fR, -a comma-separated list of one or more -\fRDigest_Spec\fR -entries. -If a -\fRDigest_List\fR -is present, the command will only match successfully if it can be verified -using one of the SHA-2 digests in the list. -Starting with version 1.9.0, the -\fBALL\fR -reserved word can be used in conjunction with a -\fRDigest_List\fR. -The following digest formats are supported: sha224, sha256, sha384 and sha512. -The string may be specified in either hex or base64 format -(base64 is more compact). -There are several utilities capable of generating SHA-2 digests in hex -format such as openssl, shasum, sha224sum, sha256sum, sha384sum, sha512sum. -.PP -For example, using openssl: -.nf -.sp -.RS 0n -$ openssl dgst -sha224 /bin/ls -SHA224(/bin/ls)= 118187da8364d490b4a7debbf483004e8f3e053ec954309de2c41a25 -.RE -.fi -.PP -It is also possible to use openssl to generate base64 output: -.nf -.sp -.RS 0n -$ openssl dgst -binary -sha224 /bin/ls | openssl base64 -EYGH2oNk1JC0p9679IMATo8+BT7JVDCd4sQaJQ== -.RE -.fi -.PP -Warning, if the user has write access to the command itself (directly or via a -\fBsudo\fR -command), it may be possible for the user to replace the command after the -digest check has been performed but before the command is executed. -A similar race condition exists on systems that lack the -fexecve(2) -system call when the directory in which the command is located -is writable by the user. -See the description of the -\fIfdexec\fR -setting for more information on how -\fBsudo\fR -executes commands that have an associated digest. -.PP -Command digests are only supported by version 1.8.7 or higher. -.SS "Defaults" -Certain configuration options may be changed from their default -values at run-time via one or more -\fRDefault_Entry\fR -lines. -These may affect all users on any host, all users on a specific host, a -specific user, a specific command, or commands being run as a specific user. -Note that per-command entries may not include command line arguments. -If you need to specify arguments, define a -\fRCmnd_Alias\fR -and reference -that instead. -.nf -.sp -.RS 0n -Default_Type ::= 'Defaults' | - 'Defaults' '@' Host_List | - 'Defaults' ':' User_List | - 'Defaults' '!' Cmnd_List | - 'Defaults' '>' Runas_List - -Default_Entry ::= Default_Type Parameter_List - -Parameter_List ::= Parameter | - Parameter ',' Parameter_List - -Parameter ::= Parameter '=' Value | - Parameter '+=' Value | - Parameter '-=' Value | - '!'* Parameter -.RE -.fi -.PP -Parameters may be -\fBflags\fR, -\fBinteger\fR -values, -\fBstrings\fR, -or -\fBlists\fR. -Flags are implicitly boolean and can be turned off via the -\(oq\&!\(cq -operator. -Some integer, string and list parameters may also be -used in a boolean context to disable them. -Values may be enclosed -in double quotes -(\&"") -when they contain multiple words. -Special characters may be escaped with a backslash -(\(oq\e\(cq). -.PP -Lists have two additional assignment operators, -\fR+=\fR -and -\fR-=\fR. -These operators are used to add to and delete from a list respectively. -It is not an error to use the -\fR-=\fR -operator to remove an element -that does not exist in a list. -.PP -Defaults entries are parsed in the following order: generic, host, -user and runas Defaults first, then command defaults. -If there are multiple Defaults settings of the same type, the last -matching setting is used. -The following Defaults settings are parsed before all others since -they may affect subsequent entries: -\fIfqdn\fR, -\fIgroup_plugin\fR, -\fIrunas_default\fR, -\fIsudoers_locale\fR. -.PP -See -\fISUDOERS OPTIONS\fR -for a list of supported Defaults parameters. -.SS "User specification" -.nf -.RS 0n -User_Spec ::= User_List Host_List '=' Cmnd_Spec_List \e - (':' Host_List '=' Cmnd_Spec_List)* - -Cmnd_Spec_List ::= Cmnd_Spec | - Cmnd_Spec ',' Cmnd_Spec_List - -Cmnd_Spec ::= Runas_Spec? Option_Spec* Tag_Spec* Cmnd - -Runas_Spec ::= '(' Runas_List? (':' Runas_List)? ')' - -.ie \n(SL \{\ -.ie \n(PS Option_Spec ::= (SELinux_Spec | Solaris_Priv_Spec | Date_Spec | Timeout_Spec) -.el Option_Spec ::= (SELinux_Spec | Date_Spec | Timeout_Spec) -.\} -.el \{\ -.ie \n(PS Option_Spec ::= (Solaris_Priv_Spec | Date_Spec | Timeout_Spec) -.el Option_Spec ::= (Date_Spec | Timeout_Spec) -.\} - -.if \n(SL \{\ -SELinux_Spec ::= ('ROLE=role' | 'TYPE=type') - -.\} -.if \n(PS \{\ -Solaris_Priv_Spec ::= ('PRIVS=privset' | 'LIMITPRIVS=privset') - -.\} -Date_Spec ::= ('NOTBEFORE=timestamp' | 'NOTAFTER=timestamp') - -Timeout_Spec ::= 'TIMEOUT=timeout' - -Chdir_Spec ::= 'CWD=directory' - -Chroot_Spec ::= 'CHROOT=directory' - -Tag_Spec ::= ('EXEC:' | 'NOEXEC:' | 'FOLLOW:' | 'NOFOLLOW' | - 'LOG_INPUT:' | 'NOLOG_INPUT:' | 'LOG_OUTPUT:' | - 'NOLOG_OUTPUT:' | 'MAIL:' | 'NOMAIL:' | 'PASSWD:' | - 'NOPASSWD:' | 'SETENV:' | 'NOSETENV:') -.RE -.fi -.PP -A -\fBuser specification\fR -determines which commands a user may run -(and as what user) on specified hosts. -By default, commands are -run as -\fBroot\fR, -but this can be changed on a per-command basis. -.PP -The basic structure of a user specification is -\(lqwho where = (as_whom) what\(rq. -Let's break that down into its constituent parts: -.SS "Runas_Spec" -A -\fRRunas_Spec\fR -determines the user and/or the group that a command -may be run as. -A fully-specified -\fRRunas_Spec\fR -consists of two -\fRRunas_List\fRs -(as defined above) separated by a colon -(\(oq:\&\(cq) -and enclosed in a set of parentheses. -The first -\fRRunas_List\fR -indicates which users the command may be run as via the -\fB\-u\fR -option. -The second defines a list of groups that can be specified via the -\fB\-g\fR -option in addition to any of the target user's groups. -If both -\fRRunas_List\fRs -are specified, the command may be run with any combination of users -and groups listed in their respective -\fRRunas_List\fRs. -If only the first is specified, the command may be run as any user -in the list but no -\fB\-g\fR -option -may be specified. -If the first -\fRRunas_List\fR -is empty but the -second is specified, the command may be run as the invoking user -with the group set to any listed in the -\fRRunas_List\fR. -If both -\fRRunas_List\fRs -are empty, the command may only be run as the invoking user. -If no -\fRRunas_Spec\fR -is specified the command may be run as -\fBroot\fR -and -no group may be specified. -.PP -A -\fRRunas_Spec\fR -sets the default for the commands that follow it. -What this means is that for the entry: -.nf -.sp -.RS 0n -dgb boulder = (operator) /bin/ls, /bin/kill, /usr/bin/lprm -.RE -.fi -.PP -The user -\fBdgb\fR -may run -\fI/bin/ls\fR, -\fI/bin/kill\fR, -and -\fI/usr/bin/lprm\fR -on the host -boulder\(embut -only as -\fBoperator\fR. -E.g., -.nf -.sp -.RS 0n -$ sudo -u operator /bin/ls -.RE -.fi -.PP -It is also possible to override a -\fRRunas_Spec\fR -later on in an entry. -If we modify the entry like so: -.nf -.sp -.RS 0n -dgb boulder = (operator) /bin/ls, (root) /bin/kill, /usr/bin/lprm -.RE -.fi -.PP -Then user -\fBdgb\fR -is now allowed to run -\fI/bin/ls\fR -as -\fBoperator\fR, -but -\fI/bin/kill\fR -and -\fI/usr/bin/lprm\fR -as -\fBroot\fR. -.PP -We can extend this to allow -\fBdgb\fR -to run -\fR/bin/ls\fR -with either -the user or group set to -\fBoperator\fR: -.nf -.sp -.RS 0n -dgb boulder = (operator : operator) /bin/ls, (root) /bin/kill,\e - /usr/bin/lprm -.RE -.fi -.PP -Note that while the group portion of the -\fRRunas_Spec\fR -permits the -user to run as command with that group, it does not force the user -to do so. -If no group is specified on the command line, the command -will run with the group listed in the target user's password database -entry. -The following would all be permitted by the sudoers entry above: -.nf -.sp -.RS 0n -$ sudo -u operator /bin/ls -$ sudo -u operator -g operator /bin/ls -$ sudo -g operator /bin/ls -.RE -.fi -.PP -In the following example, user -\fBtcm\fR -may run commands that access -a modem device file with the dialer group. -.nf -.sp -.RS 0n -tcm boulder = (:dialer) /usr/bin/tip, /usr/bin/cu,\e - /usr/local/bin/minicom -.RE -.fi -.PP -Note that in this example only the group will be set, the command -still runs as user -\fBtcm\fR. -E.g.\& -.nf -.sp -.RS 0n -$ sudo -g dialer /usr/bin/cu -.RE -.fi -.PP -Multiple users and groups may be present in a -\fRRunas_Spec\fR, -in which case the user may select any combination of users and groups via the -\fB\-u\fR -and -\fB\-g\fR -options. -In this example: -.nf -.sp -.RS 0n -alan ALL = (root, bin : operator, system) ALL -.RE -.fi -.PP -user -\fBalan\fR -may run any command as either user root or bin, -optionally setting the group to operator or system. -.SS "Option_Spec" -A -\fRCmnd\fR -may have zero or more options associated with it. -Options may consist of -.if \n(SL \{\ -SELinux roles and/or types, -.\} -.if \n(PS \{\ -Solaris privileges sets, -.\} -start and/or end dates and command timeouts. -Once an option is set for a -\fRCmnd\fR, -subsequent -\fRCmnd\fRs -in the -\fRCmnd_Spec_List\fR, -inherit that option unless it is overridden by another option. -Note that the option names are reserved words in -\fIsudoers\fR. -This means that none of the valid option names (see below) can be used -when declaring an alias. -.if \n(SL \{\ -.SS "SELinux_Spec" -On systems with SELinux support, -\fIsudoers\fR -file entries may optionally have an SELinux role and/or type associated -with a command. -If a role or -type is specified with the command it will override any default values -specified in -\fIsudoers\fR. -A role or type specified on the command line, -however, will supersede the values in -\fIsudoers\fR. -.\} -.if \n(PS \{\ -.SS "Solaris_Priv_Spec" -On Solaris systems, -\fIsudoers\fR -file entries may optionally specify Solaris privilege set and/or limit -privilege set associated with a command. -If privileges or limit privileges are specified with the command -it will override any default values specified in -\fIsudoers\fR. -.PP -A privilege set is a comma-separated list of privilege names. -The -ppriv(1) -command can be used to list all privileges known to the system. -For example: -.nf -.sp -.RS 0n -$ ppriv -l -.RE -.fi -.PP -In addition, there are several -\(lqspecial\(rq -privilege strings: -.TP 10n -none -the empty set -.TP 10n -all -the set of all privileges -.TP 10n -zone -the set of all privileges available in the current zone -.TP 10n -basic -the default set of privileges normal users are granted at login time -.PP -Privileges can be excluded from a set by prefixing the privilege -name with either an -\(oq\&!\(cq -or -\(oq\-\(cq -character. -.\} -.SS "Date_Spec" -\fBsudoers\fR -rules can be specified with a start and end date via the -\fRNOTBEFORE\fR -and -\fRNOTAFTER\fR -settings. -The time stamp must be specified in -\fIGeneralized Time\fR -as defined by RFC 4517. -The format is effectively -\fRyyyymmddHHMMSSZ\fR -where the minutes and seconds are optional. -The -\(oqZ\(cq -suffix indicates that the time stamp is in Coordinated Universal Time (UTC). -It is also possible to specify a timezone offset from UTC in hours -and minutes instead of a -\(oqZ\(cq. -For example, -\(oq-0500\(cq -would correspond to Eastern Standard time in the US. -As an extension, if no -\(oqZ\(cq -or timezone offset is specified, local time will be used. -.PP -The following are all valid time stamps: -.nf -.sp -.RS 4n -20170214083000Z -2017021408Z -20160315220000-0500 -20151201235900 -.RE -.fi -.SS "Timeout_Spec" -A command may have a timeout associated with it. -If the timeout expires before the command has exited, the -command will be terminated. -The timeout may be specified in combinations of days, hours, -minutes and seconds with a single-letter case-insensitive suffix -that indicates the unit of time. -For example, a timeout of 7 days, 8 hours, 30 minutes and -10 seconds would be written as -\fR7d8h30m10s\fR. -If a number is specified without a unit, seconds are assumed. -Any of the days, minutes, hours or seconds may be omitted. -The order must be from largest to smallest unit and a unit -may not be specified more than once. -.PP -The following are all -\fIvalid\fR -timeout values: -\fR7d8h30m10s\fR, -\fR14d\fR, -\fR8h30m\fR, -\fR600s\fR, -\fR3600\fR. -The following are -\fIinvalid\fR -timeout values: -\fR12m2w1d\fR, -\fR30s10m4h\fR, -\fR1d2d3h\fR. -.PP -This setting is only supported by version 1.8.20 or higher. -.SS "Chdir_Spec" -The working directory that the command will be run in can be specified -using the -\fRCWD\fR -setting. -The -\fIdirectory\fR -must be a fully-qualified path name beginning with a -\(oq/\(cq -or -\(oq~\(cq -character, or the special value -\(lq*\(rq. -A value of -\(lq*\(rq -indicates that the user may specify the working directory by running -\fBsudo\fR -with the -\fB\-D\fR -option. -By default, commands are run from the invoking user's current working -directory, unless the -\fB\-i\fR -option is given. -Path names of the form -\fR~user/path/name\fR -are interpreted as being relative to the named user's home directory. -If the user name is omitted, the path will be relative to the runas -user's home directory. -.PP -This setting is only supported by version 1.9.3 or higher. -.SS "Chroot_Spec" -The root directory that the command will be run in can be specified -using the -\fRCHROOT\fR -setting. -The -\fIdirectory\fR -must be a fully-qualified path name beginning with a -\(oq/\(cq -or -\(oq~\(cq -character, or the special value -\(lq*\(rq. -A value of -\(lq*\(rq -indicates that the user may specify the root directory by running -\fBsudo\fR -with the -\fB\-R\fR -option. -This setting can be used to run the command in a -chroot(2) -\(lqsandbox\(rq -similar to the -chroot(@mansectsu@) -utility. -Path names of the form -\fR~user/path/name\fR -are interpreted as being relative to the named user's home directory. -If the user name is omitted, the path will be relative to the runas -user's home directory. -.PP -This setting is only supported by version 1.9.3 or higher. -.SS "Tag_Spec" -A command may have zero or more tags associated with it. -The following tag values are supported: -\fREXEC\fR, -\fRNOEXEC\fR, -\fRFOLLOW\fR, -\fRNOFOLLOW\fR, -\fRLOG_INPUT\fR, -\fRNOLOG_INPUT\fR, -\fRLOG_OUTPUT\fR, -\fRNOLOG_OUTPUT\fR, -\fRMAIL\fR, -\fRNOMAIL\fR, -\fRPASSWD\fR, -\fRNOPASSWD\fR, -\fRSETENV\fR, -and -\fRNOSETENV\fR. -Once a tag is set on a -\fRCmnd\fR, -subsequent -\fRCmnd\fRs -in the -\fRCmnd_Spec_List\fR, -inherit the tag unless it is overridden by the opposite tag (in other words, -\fRPASSWD\fR -overrides -\fRNOPASSWD\fR -and -\fRNOEXEC\fR -overrides -\fREXEC\fR). -.TP 2n -\fIEXEC\fR and \fINOEXEC\fR -.sp -If -\fBsudo\fR -has been compiled with -\fInoexec\fR -support and the underlying operating system supports it, the -\fRNOEXEC\fR -tag can be used to prevent a dynamically-linked executable from -running further commands itself. -.sp -In the following example, user -\fBaaron\fR -may run -\fI/usr/bin/more\fR -and -\fI/usr/bin/vi\fR -but shell escapes will be disabled. -.nf -.sp -.RS 2n -aaron shanty = NOEXEC: /usr/bin/more, /usr/bin/vi -.RE -.fi -.RS 2n -.sp -See the -\fIPreventing shell escapes\fR -section below for more details on how -\fRNOEXEC\fR -works and whether or not it will work on your system. -.RE -.TP 2n -\fIFOLLOW\fR and \fINOFOLLOW\fR -Starting with version 1.8.15, -\fBsudoedit\fR -will not open a file that is a symbolic link unless the -\fIsudoedit_follow\fR -flag is enabled. -The -\fIFOLLOW\fR -and -\fINOFOLLOW\fR -tags override the value of -\fIsudoedit_follow\fR -and can be used to permit (or deny) the editing of symbolic links -on a per-command basis. -These tags are only effective for the -\fIsudoedit\fR -command and are ignored for all other commands. -.TP 2n -\fILOG_INPUT\fR and \fINOLOG_INPUT\fR -.sp -These tags override the value of the -\fIlog_input\fR -flag on a per-command basis. -For more information, see the description of -\fIlog_input\fR -in the -\fISUDOERS OPTIONS\fR -section below. -.TP 2n -\fILOG_OUTPUT\fR and \fINOLOG_OUTPUT\fR -.sp -These tags override the value of the -\fIlog_output\fR -flag on a per-command basis. -For more information, see the description of -\fIlog_output\fR -in the -\fISUDOERS OPTIONS\fR -section below. -.TP 2n -\fIMAIL\fR and \fINOMAIL\fR -.sp -These tags provide fine-grained control over whether -mail will be sent when a user runs a command by -overriding the value of the -\fImail_all_cmnds\fR -flag on a per-command basis. -They have no effect when -\fBsudo\fR -is run with the -\fB\-l\fR -or -\fB\-v\fR -options. -A -\fINOMAIL\fR -tag will also override the -\fImail_always\fR -and -\fImail_no_perms\fR -options. -For more information, see the descriptions of -\fImail_all_cmnds\fR, -\fImail_always\fR, -and -\fImail_no_perms\fR -in the -\fISUDOERS OPTIONS\fR -section below. -.TP 2n -\fIPASSWD\fR and \fINOPASSWD\fR -.sp -By default, -\fBsudo\fR -requires that a user authenticate him or herself -before running a command. -This behavior can be modified via the -\fRNOPASSWD\fR -tag. -Like a -\fRRunas_Spec\fR, -the -\fRNOPASSWD\fR -tag sets -a default for the commands that follow it in the -\fRCmnd_Spec_List\fR. -Conversely, the -\fRPASSWD\fR -tag can be used to reverse things. -For example: -.nf -.sp -.RS 2n -ray rushmore = NOPASSWD: /bin/kill, /bin/ls, /usr/bin/lprm -.RE -.fi -.RS 2n -.sp -would allow the user -\fBray\fR -to run -\fI/bin/kill\fR, -\fI/bin/ls\fR, -and -\fI/usr/bin/lprm\fR -as -\fBroot\fR -on the machine rushmore without authenticating himself. -If we only want -\fBray\fR -to be able to -run -\fI/bin/kill\fR -without a password the entry would be: -.nf -.sp -.RS 2n -ray rushmore = NOPASSWD: /bin/kill, PASSWD: /bin/ls, /usr/bin/lprm -.RE -.fi -.sp -Note, however, that the -\fRPASSWD\fR -tag has no effect on users who are in the group specified by the -\fIexempt_group\fR -setting. -.sp -By default, if the -\fRNOPASSWD\fR -tag is applied to any of a user's entries for the current host, -the user will be able to run -\(lq\fRsudo -l\fR\(rq -without a password. -Additionally, a user may only run -\(lq\fRsudo -v\fR\(rq -without a password if all of the user's entries for the current -host have the -\fRNOPASSWD\fR -tag. -This behavior may be overridden via the -\fIverifypw\fR -and -\fIlistpw\fR -options. -.RE -.TP 2n -\fISETENV\fR and \fINOSETENV\fR -.sp -These tags override the value of the -\fIsetenv\fR -flag on a per-command basis. -Note that if -\fRSETENV\fR -has been set for a command, the user may disable the -\fIenv_reset\fR -flag from the command line via the -\fB\-E\fR -option. -Additionally, environment variables set on the command -line are not subject to the restrictions imposed by -\fIenv_check\fR, -\fIenv_delete\fR, -or -\fIenv_keep\fR. -As such, only trusted users should be allowed to set variables in this manner. -If the command matched is -\fBALL\fR, -the -\fRSETENV\fR -tag is implied for that command; this default may be overridden by use of the -\fRNOSETENV\fR -tag. -.SS "Wildcards" -\fBsudo\fR -allows shell-style -\fIwildcards\fR -(aka meta or glob characters) -to be used in host names, path names and command line arguments in the -\fIsudoers\fR -file. -Wildcard matching is done via the -glob(3) -and -fnmatch(3) -functions as specified by -IEEE Std 1003.1 (\(lqPOSIX.1\(rq). -.TP 10n -\fR*\fR -Matches any set of zero or more characters (including white space). -.TP 10n -\fR\&?\fR -Matches any single character (including white space). -.TP 10n -\fR[...]\fR -Matches any character in the specified range. -.TP 10n -\fR[!...]\fR -Matches any character -\fInot\fR -in the specified range. -.TP 10n -\fR\ex\fR -For any character -\(oqx\(cq, -evaluates to -\(oqx\(cq. -This is used to escape special characters such as: -\(oq*\(cq, -\(oq\&?\(cq, -\(oq[\&\(cq, -and -\(oq]\&\(cq. -.PP -\fBNote that these are not regular expressions.\fR -Unlike a regular expression there is no way to match one or more -characters within a range. -.PP -Character classes may be used if your system's -glob(3) -and -fnmatch(3) -functions support them. -However, because the -\(oq:\&\(cq -character has special meaning in -\fIsudoers\fR, -it must be -escaped. -For example: -.nf -.sp -.RS 4n -/bin/ls [[\e:\&alpha\e:\&]]* -.RE -.fi -.PP -Would match any file name beginning with a letter. -.PP -Note that a forward slash -(\(oq/\(cq) -will -\fInot\fR -be matched by -wildcards used in the file name portion of the command. -This is to make a path like: -.nf -.sp -.RS 4n -/usr/bin/* -.RE -.fi -.PP -match -\fI/usr/bin/who\fR -but not -\fI/usr/bin/X11/xterm\fR. -.PP -When matching the command line arguments, however, a slash -\fIdoes\fR -get matched by wildcards since command line arguments may contain -arbitrary strings and not just path names. -.PP -\fBWildcards in command line arguments should be used with care.\fR -.br -Command line arguments are matched as a single, concatenated string. -This mean a wildcard character such as -\(oq\&?\(cq -or -\(oq*\(cq -will match across word boundaries, which may be unexpected. -For example, while a sudoers entry like: -.nf -.sp -.RS 4n -%operator ALL = /bin/cat /var/log/messages* -.RE -.fi -.PP -will allow command like: -.nf -.sp -.RS 4n -$ sudo cat /var/log/messages.1 -.RE -.fi -.PP -It will also allow: -.nf -.sp -.RS 4n -$ sudo cat /var/log/messages /etc/shadow -.RE -.fi -.PP -which is probably not what was intended. -In most cases it is better to do command line processing -outside of the -\fIsudoers\fR -file in a scripting language. -.SS "Exceptions to wildcard rules" -The following exceptions apply to the above rules: -.TP 10n -\fR\&""\fR -If the empty string -\fR\&""\fR -is the only command line argument in the -\fIsudoers\fR -file entry it means that command is not allowed to be run with -\fIany\fR -arguments. -.TP 10n -sudoedit -Command line arguments to the -\fIsudoedit\fR -built-in command should always be path names, so a forward slash -(\(oq/\(cq) -will not be matched by a wildcard. -.SS "Including other files from within sudoers" -It is possible to include other -\fIsudoers\fR -files from within the -\fIsudoers\fR -file currently being parsed using the -\fR@include\fR -and -\fR@includedir\fR -directives. -For compatibility with sudo versions prior to 1.9.1, -\fR#include\fR -and -\fR#includedir\fR -are also accepted. -.PP -An include file can be used, for example, to keep a site-wide -\fIsudoers\fR -file in addition to a local, per-machine file. -For the sake of this example the site-wide -\fIsudoers\fR -file will be -\fI/etc/sudoers\fR -and the per-machine one will be -\fI/etc/sudoers.local\fR. -To include -\fI/etc/sudoers.local\fR -from within -\fI/etc/sudoers\fR -one would use the following line in -\fI/etc/sudoers\fR: -.nf -.sp -.RS 4n -@include /etc/sudoers.local -.RE -.fi -.PP -When -\fBsudo\fR -reaches this line it will suspend processing of the current file -(\fI/etc/sudoers\fR) -and switch to -\fI/etc/sudoers.local\fR. -Upon reaching the end of -\fI/etc/sudoers.local\fR, -the rest of -\fI/etc/sudoers\fR -will be processed. -Files that are included may themselves include other files. -A hard limit of 128 nested include files is enforced to prevent include -file loops. -.PP -The path to the include file may contain white space if it is -escaped with a backslash -(\(oq\e\(cq). -Alternately, the entire path may be enclosed in double quotes -(\&""), -in which case no escaping is necessary. -To include a literal backslash in the path, -\(oq\e\e\(cq -should be used. -.PP -If the path to the include file is not fully-qualified (does not -begin with a -\(oq/\(cq), -it must be located in the same directory as the sudoers file it was -included from. -For example, if -\fI/etc/sudoers\fR -contains the line: -.nf -.sp -.RS 4n -\fR@include sudoers.local\fR -.RE -.fi -.PP -the file that will be included is -\fI/etc/sudoers.local\fR. -.PP -The file name may also include the -\fR%h\fR -escape, signifying the short form of the host name. -In other words, if the machine's host name is -\(lqxerxes\(rq, -then -.nf -.sp -.RS 4n -@include /etc/sudoers.%h -.RE -.fi -.PP -will cause -\fBsudo\fR -to include the file -\fI/etc/sudoers.xerxes\fR. -.PP -The -\fR@includedir\fR -directive can be used to create a -\fIsudoers.d\fR -directory that the system package manager can drop -\fIsudoers\fR -file rules into as part of package installation. -For example, given: -.nf -.sp -.RS 4n -@includedir /etc/sudoers.d -.RE -.fi -.PP -\fBsudo\fR -will suspend processing of the current file and read each file in -\fI/etc/sudoers.d\fR, -skipping file names that end in -\(oq~\(cq -or contain a -\(oq.\&\(cq -character to avoid causing problems with package manager or editor -temporary/backup files. -Files are parsed in sorted lexical order. -That is, -\fI/etc/sudoers.d/01_first\fR -will be parsed before -\fI/etc/sudoers.d/10_second\fR. -Be aware that because the sorting is lexical, not numeric, -\fI/etc/sudoers.d/1_whoops\fR -would be loaded -\fIafter\fR -\fI/etc/sudoers.d/10_second\fR. -Using a consistent number of leading zeroes in the file names can be used -to avoid such problems. -After parsing the files in the directory, control returns to the -file that contained the -\fR@includedir\fR -directive. -.PP -Note that unlike files included via -\fR@include\fR, -\fBvisudo\fR -will not edit the files in a -\fR@includedir\fR -directory unless one of them contains a syntax error. -It is still possible to run -\fBvisudo\fR -with the -\fB\-f\fR -flag to edit the files directly, but this will not catch the -redefinition of an -\fIalias\fR -that is also present in a different file. -.SS "Other special characters and reserved words" -The pound sign -(\(oq#\(cq) -is used to indicate a comment (unless it is part of a #include -directive or unless it occurs in the context of a user name and is -followed by one or more digits, in which case it is treated as a -user-ID). -Both the comment character and any text after it, up to the end of -the line, are ignored. -.PP -The reserved word -\fBALL\fR -is a built-in -\fIalias\fR -that always causes a match to succeed. -It can be used wherever one might otherwise use a -\fRCmnd_Alias\fR, -\fRUser_Alias\fR, -\fRRunas_Alias\fR, -or -\fRHost_Alias\fR. -Attempting to define an -\fIalias\fR -named -\fBALL\fR -will result in a syntax error. -Please note that using -\fBALL\fR -can be dangerous since in a command context, it allows the user to run -\fIany\fR -command on the system. -.PP -The following option names permitted in an -\fROption_Spec\fR -are also considered reserved words: -\fRCHROOT\fR, -.if \n(PS \{\ -\fRPRIVS\fR, -.\} -.if \n(PS \{\ -\fRLIMITPRIVS\fR, -.\} -.if \n(SL \{\ -\fRROLE\fR, -.\} -.if \n(SL \{\ -\fRTYPE\fR, -.\} -\fRTIMEOUT\fR, -\fRCWD\fR, -\fRNOTBEFORE\fR -and -\fRNOTAFTER\fR. -Attempting to define an -\fIalias\fR -with the same name as one of the options will result in a syntax error. -.PP -An exclamation point -(\(oq\&!\(cq) -can be used as a logical -\fInot\fR -operator in a list or -\fIalias\fR -as well as in front of a -\fRCmnd\fR. -This allows one to exclude certain values. -For the -\(oq\&!\(cq -operator to be effective, there must be something for it to exclude. -For example, to match all users except for root one would use: -.nf -.sp -.RS 4n -ALL,!root -.RE -.fi -.PP -If the -\fBALL\fR, -is omitted, as in: -.nf -.sp -.RS 4n -!root -.RE -.fi -.PP -it would explicitly deny root but not match any other users. -This is different from a true -\(lqnegation\(rq -operator. -.PP -Note, however, that using a -\(oq\&!\(cq -in conjunction with the built-in -\fBALL\fR -alias to allow a user to run -\(lqall but a few\(rq -commands rarely works as intended (see -\fISECURITY NOTES\fR -below). -.PP -Long lines can be continued with a backslash -(\(oq\e\(cq) -as the last character on the line. -.PP -White space between elements in a list as well as special syntactic -characters in a -\fIUser Specification\fR -(\(oq=\&\(cq, -\(oq:\&\(cq, -\(oq(\&\(cq, -\(oq)\&\(cq) -is optional. -.PP -The following characters must be escaped with a backslash -(\(oq\e\(cq) -when used as part of a word (e.g., a user name or host name): -\(oq\&!\(cq, -\(oq=\&\(cq, -\(oq:\&\(cq, -\(oq,\&\(cq, -\(oq(\&\(cq, -\(oq)\&\(cq, -\(oq\e\(cq. -.SH "SUDOERS OPTIONS" -\fBsudo\fR's -behavior can be modified by -\fRDefault_Entry\fR -lines, as explained earlier. -A list of all supported Defaults parameters, grouped by type, are listed below. -.PP -\fBBoolean Flags\fR: -.TP 18n -always_query_group_plugin -If a -\fIgroup_plugin\fR -is configured, use it to resolve groups of the form %group as long -as there is not also a system group of the same name. -Normally, only groups of the form %:group are passed to the -\fIgroup_plugin\fR. -This flag is -\fIoff\fR -by default. -.TP 18n -always_set_home -If enabled, -\fBsudo\fR -will set the -\fRHOME\fR -environment variable to the home directory of the target user -(which is the root user unless the -\fB\-u\fR -option is used). -This flag is largely obsolete and has no effect unless the -\fIenv_reset\fR -flag has been disabled or -\fRHOME\fR -is present in the -\fIenv_keep\fR -list, both of which are strongly discouraged. -This flag is -\fIoff\fR -by default. -.TP 18n -authenticate -If set, users must authenticate themselves via a password (or other -means of authentication) before they may run commands. -This default may be overridden via the -\fRPASSWD\fR -and -\fRNOPASSWD\fR -tags. -This flag is -\fIon\fR -by default. -.TP 18n -case_insensitive_group -If enabled, group names in -\fIsudoers\fR -will be matched in a case insensitive manner. -This may be necessary when users are stored in LDAP or AD. -This flag is -\fIon\fR -by default. -.TP 18n -case_insensitive_user -If enabled, user names in -\fIsudoers\fR -will be matched in a case insensitive manner. -This may be necessary when groups are stored in LDAP or AD. -This flag is -\fIon\fR -by default. -.TP 18n -closefrom_override -If set, the user may use the -\fB\-C\fR -option which overrides the default starting point at which -\fBsudo\fR -begins closing open file descriptors. -This flag is -\fIoff\fR -by default. -.TP 18n -compress_io -If set, and -\fBsudo\fR -is configured to log a command's input or output, -the I/O logs will be compressed using -\fBzlib\fR. -This flag is -\fIon\fR -by default when -\fBsudo\fR -is compiled with -\fBzlib\fR -support. -.TP 18n -exec_background -By default, -\fBsudo\fR -runs a command as the foreground process as long as -\fBsudo\fR -itself is running in the foreground. -When the -\fIexec_background\fR -flag is enabled and the command is being run in a pseudo-terminal -(due to I/O logging or the -\fIuse_pty\fR -flag), the command will be run as a background process. -Attempts to read from the controlling terminal (or to change terminal -settings) will result in the command being suspended with the -\fRSIGTTIN\fR -signal (or -\fRSIGTTOU\fR -in the case of terminal settings). -If this happens when -\fBsudo\fR -is a foreground process, the command will be granted the controlling terminal -and resumed in the foreground with no user intervention required. -The advantage of initially running the command in the background is that -\fBsudo\fR -need not read from the terminal unless the command explicitly requests it. -Otherwise, any terminal input must be passed to the command, whether it -has required it or not (the kernel buffers terminals so it is not possible -to tell whether the command really wants the input). -This is different from historic -\fIsudo\fR -behavior or when the command is not being run in a pseudo-terminal. -.sp -For this to work seamlessly, the operating system must support the -automatic restarting of system calls. -Unfortunately, not all operating systems do this by default, -and even those that do may have bugs. -For example, macOS fails to restart the -\fBtcgetattr\fR() -and -\fBtcsetattr\fR() -system calls (this is a bug in macOS). -Furthermore, because this behavior depends on the command stopping with the -\fRSIGTTIN\fR -or -\fRSIGTTOU\fR -signals, programs that catch these signals and suspend themselves -with a different signal (usually -\fRSIGTOP\fR) -will not be automatically foregrounded. -Some versions of the linux -su(1) -command behave this way. -This flag is -\fIoff\fR -by default. -.sp -This setting is only supported by version 1.8.7 or higher. -It has no effect unless I/O logging is enabled or the -\fIuse_pty\fR -flag is enabled. -.TP 18n -env_editor -If set, -\fBvisudo\fR -will use the value of the -\fRSUDO_EDITOR\fR, -\fRVISUAL\fR -or -\fREDITOR\fR -environment variables before falling back on the default editor list. -Note that -\fBvisudo\fR -is typically run as root so this flag may allow a user with -\fBvisudo\fR -privileges to run arbitrary commands as root without logging. -An alternative is to place a colon-separated list of -\(lqsafe\(rq -editors int the -\fIeditor\fR -variable. -\fBvisudo\fR -will then only use -\fRSUDO_EDITOR\fR, -\fRVISUAL\fR -or -\fREDITOR\fR -if they match a value specified in -\fIeditor\fR. -If the -\fIenv_reset\fR -flag is enabled, the -\fRSUDO_EDITOR\fR, -\fRVISUAL\fR -and/or -\fREDITOR\fR -environment variables must be present in the -\fIenv_keep\fR -list for the -\fIenv_editor\fR -flag to function when -\fBvisudo\fR -is invoked via -\fBsudo\fR. -This flag is -\fI@env_editor@\fR -by default. -.TP 18n -env_reset -If set, -\fBsudo\fR -will run the command in a minimal environment containing the -\fRTERM\fR, -\fRPATH\fR, -\fRHOME\fR, -\fRMAIL\fR, -\fRSHELL\fR, -\fRLOGNAME\fR, -\fRUSER\fR -and -\fRSUDO_*\fR -variables. -Any variables in the caller's environment or in the file specified -by the -\fIrestricted_env_file\fR -setting that match the -\fRenv_keep\fR -and -\fRenv_check\fR -lists are then added, followed by any variables present in the file -specified by the -\fIenv_file\fR -setting (if any). -The contents of the -\fRenv_keep\fR -and -\fRenv_check\fR -lists, as modified by global Defaults parameters in -\fIsudoers\fR, -are displayed when -\fBsudo\fR -is run by root with the -\fB\-V\fR -option. -If the -\fIsecure_path\fR -setting is enabled, its value will be used for the -\fRPATH\fR -environment variable. -This flag is -\fI@env_reset@\fR -by default. -.TP 18n -fast_glob -Normally, -\fBsudo\fR -uses the -glob(3) -function to do shell-style globbing when matching path names. -However, since it accesses the file system, -glob(3) -can take a long time to complete for some patterns, especially -when the pattern references a network file system that is mounted -on demand (auto mounted). -The -\fIfast_glob\fR -flag causes -\fBsudo\fR -to use the -fnmatch(3) -function, which does not access the file system to do its matching. -The disadvantage of -\fIfast_glob\fR -is that it is unable to match relative path names such as -\fI./ls\fR -or -\fI../bin/ls\fR. -This has security implications when path names that include globbing -characters are used with the negation operator, -\(oq!\&\(cq, -as such rules can be trivially bypassed. -As such, this flag should not be used when the -\fIsudoers\fR -file contains rules that contain negated path names which include globbing -characters. -This flag is -\fIoff\fR -by default. -.TP 18n -fqdn -Set this flag if you want to put fully qualified host names in the -\fIsudoers\fR -file when the local host name (as returned by the -\fRhostname\fR -command) does not contain the domain name. -In other words, instead of myhost you would use myhost.mydomain.edu. -You may still use the short form if you wish (and even mix the two). -This flag is only effective when the -\(lqcanonical\(rq -host name, as returned by the -\fBgetaddrinfo\fR() -or -\fBgethostbyname\fR() -function, is a fully-qualified domain name. -This is usually the case when the system is configured to use DNS -for host name resolution. -.sp -If the system is configured to use the -\fI/etc/hosts\fR -file in preference to DNS, the -\(lqcanonical\(rq -host name may not be fully-qualified. -The order that sources are queried for host name resolution -is usually specified in the -\fI@nsswitch_conf@\fR, -\fI@netsvc_conf@\fR, -\fI/etc/host.conf\fR, -or, in some cases, -\fI/etc/resolv.conf\fR -file. -In the -\fI/etc/hosts\fR -file, the first host name of the entry is considered to be the -\(lqcanonical\(rq -name; subsequent names are aliases that are not used by -\fBsudoers\fR. -For example, the following hosts file line for the machine -\(lqxyzzy\(rq -has the fully-qualified domain name as the -\(lqcanonical\(rq -host name, and the short version as an alias. -.sp -.RS 24n -192.168.1.1 xyzzy.sudo.ws xyzzy -.RE -.RS 18n -.sp -If the machine's hosts file entry is not formatted properly, the -\fIfqdn\fR -flag will not be effective if it is queried before DNS. -.sp -Beware that when using DNS for host name resolution, turning on -\fIfqdn\fR -requires -\fBsudoers\fR -to make DNS lookups which renders -\fBsudo\fR -unusable if DNS stops working (for example if the machine is disconnected -from the network). -Also note that just like with the hosts file, you must use the -\(lqcanonical\(rq -name as DNS knows it. -That is, you may not use a host alias -(\fRCNAME\fR -entry) -due to performance issues and the fact that there is no way to get all -aliases from DNS. -.sp -This flag is -\fI@fqdn@\fR -by default. -.RE -.TP 18n -ignore_audit_errors -Allow commands to be run even if -\fBsudoers\fR -cannot write to the audit log. -If enabled, an audit log write failure is not treated as a fatal error. -If disabled, a command may only be run after the audit event is successfully -written. -This flag is only effective on systems for which -\fBsudoers\fR -supports audit logging, including -FreeBSD, -Linux, macOS and Solaris. -This flag is -\fIon\fR -by default. -.TP 18n -ignore_dot -If set, -\fBsudo\fR -will ignore "." or "" (both denoting current directory) in the -\fRPATH\fR -environment variable; the -\fRPATH\fR -itself is not modified. -This flag is -\fI@ignore_dot@\fR -by default. -.TP 18n -ignore_iolog_errors -Allow commands to be run even if -\fBsudoers\fR -cannot write to the I/O log (local or remote). -If enabled, an I/O log write failure is not treated as a fatal error. -If disabled, the command will be terminated if the I/O log cannot be written to. -This flag is -\fIoff\fR -by default. -.TP 18n -ignore_logfile_errors -Allow commands to be run even if -\fBsudoers\fR -cannot write to the log file. -If enabled, a log file write failure is not treated as a fatal error. -If disabled, a command may only be run after the log file entry is successfully -written. -This flag only has an effect when -\fBsudoers\fR -is configured to use file-based logging via the -\fIlogfile\fR -setting. -This flag is -\fIon\fR -by default. -.TP 18n -ignore_local_sudoers -If set via LDAP, parsing of -\fI@sysconfdir@/sudoers\fR -will be skipped. -This is intended for Enterprises that wish to prevent the usage of local -sudoers files so that only LDAP is used. -This thwarts the efforts of rogue operators who would attempt to add roles to -\fI@sysconfdir@/sudoers\fR. -When this flag is enabled, -\fI@sysconfdir@/sudoers\fR -does not even need to exist. -Since this flag tells -\fBsudo\fR -how to behave when no specific LDAP entries have been matched, this -sudoOption is only meaningful for the -\fRcn=defaults\fR -section. -This flag is -\fIoff\fR -by default. -.TP 18n -ignore_unknown_defaults -If set, -\fBsudo\fR -will not produce a warning if it encounters an unknown Defaults entry -in the -\fIsudoers\fR -file or an unknown sudoOption in LDAP. -This flag is -\fIoff\fR -by default. -.TP 18n -insults -If set, -\fBsudo\fR -will insult users when they enter an incorrect password. -This flag is -\fI@insults@\fR -by default. -.TP 18n -log_allowed -If set, -\fBsudoers\fR -will log commands allowed by the policy to the system audit log -(where supported) as well as to syslog and/or a log file. -This flag is -\fIon\fR -by default. -.sp -This setting is only supported by version 1.8.29 or higher. -.TP 18n -log_denied -If set, -\fBsudoers\fR -will log commands denied by the policy to the system audit log -(where supported) as well as to syslog and/or a log file. -This flag is -\fIon\fR -by default. -.sp -This setting is only supported by version 1.8.29 or higher. -.TP 18n -log_host -If set, the host name will be included in log entries written to -the file configured by the -\fIlogfile\fR -setting. -This flag is -\fIoff\fR -by default. -.TP 18n -log_input -If set, -\fBsudo\fR -will run the command in a pseudo-terminal and log all user input. -If the standard input is not connected to the user's tty, due to -I/O redirection or because the command is part of a pipeline, that -input is also captured and stored in a separate log file. -Anything sent to the standard input will be consumed, regardless of -whether or not the command run via -\fBsudo\fR -is actually reading the standard input. -This may have unexpected results when using -\fBsudo\fR -in a shell script that expects to process the standard input. -For more information about I/O logging, see the -\fII/O LOG FILES\fR -section. -This flag is -\fIoff\fR -by default. -.TP 18n -log_output -If set, -\fBsudo\fR -will run the command in a pseudo-terminal and log all output that is sent -to the screen, similar to the -script(1) -command. -For more information about I/O logging, see the -\fII/O LOG FILES\fR -section. -This flag is -\fIoff\fR -by default. -.TP 18n -log_server_keepalive -If set, -\fBsudo\fR -will enable the TCP keepalive socket option on the connection to the log server. -This enables the periodic transmission of keepalive messages to the server. -If the server does not respond to a message, the connection will -be closed and the running command will be terminated unless the -\fIignore_iolog_errors\fR -flag (I/O logging enabled) or the -\fIignore_log_errors\fR -flag (I/O logging disabled) is set. -This flag is -\fIon\fR -by default. -.sp -This setting is only supported by version 1.9.0 or higher. -.TP 18n -log_server_verify -.br -If set, the server certificate received during the TLS handshake -must be valid and it must contain either the server name (from -\fIlog_servers\fR) -or its IP address. -If either of these conditions is not met, the TLS handshake will fail. -This flag is -\fIon\fR -by default. -.sp -This setting is only supported by version 1.9.0 or higher. -.TP 18n -log_year -If set, the four-digit year will be logged in the (non-syslog) -\fBsudo\fR -log file. -This flag is -\fIoff\fR -by default. -.TP 18n -long_otp_prompt -When validating with a One Time Password (OTP) scheme such as -\fBS/Key\fR -or -\fBOPIE\fR, -a two-line prompt is used to make it easier -to cut and paste the challenge to a local window. -It's not as pretty as the default but some people find it more convenient. -This flag is -\fI@long_otp_prompt@\fR -by default. -.TP 18n -mail_all_cmnds -Send mail to the -\fImailto\fR -user every time a user attempts to run a command via -\fBsudo\fR -(this includes -\fBsudoedit\fR). -No mail will be sent if the user runs -\fBsudo\fR -with the -\fB\-l\fR -or -\fB\-v\fR -option unless there is an authentication error and the -\fImail_badpass\fR -flag is also set. -This flag is -\fIoff\fR -by default. -.TP 18n -mail_always -Send mail to the -\fImailto\fR -user every time a user runs -\fBsudo\fR. -This flag is -\fIoff\fR -by default. -.TP 18n -mail_badpass -Send mail to the -\fImailto\fR -user if the user running -\fBsudo\fR -does not enter the correct password. -If the command the user is attempting to run is not permitted by -\fBsudoers\fR -and one of the -\fImail_all_cmnds\fR, -\fImail_always\fR, -\fImail_no_host\fR, -\fImail_no_perms\fR -or -\fImail_no_user\fR -flags are set, this flag will have no effect. -This flag is -\fIoff\fR -by default. -.TP 18n -mail_no_host -If set, mail will be sent to the -\fImailto\fR -user if the invoking user exists in the -\fIsudoers\fR -file, but is not allowed to run commands on the current host. -This flag is -\fI@mail_no_host@\fR -by default. -.TP 18n -mail_no_perms -If set, mail will be sent to the -\fImailto\fR -user if the invoking user is allowed to use -\fBsudo\fR -but the command they are trying is not listed in their -\fIsudoers\fR -file entry or is explicitly denied. -This flag is -\fI@mail_no_perms@\fR -by default. -.TP 18n -mail_no_user -If set, mail will be sent to the -\fImailto\fR -user if the invoking user is not in the -\fIsudoers\fR -file. -This flag is -\fI@mail_no_user@\fR -by default. -.TP 18n -match_group_by_gid -By default, -\fBsudoers\fR -will look up each group the user is a member of by group-ID to -determine the group name (this is only done once). -The resulting list of the user's group names is used when matching -groups listed in the -\fIsudoers\fR -file. -This works well on systems where the number of groups listed in the -\fIsudoers\fR -file is larger than the number of groups a typical user belongs to. -On systems where group lookups are slow, where users may belong -to a large number of groups, and where the number of groups listed -in the -\fIsudoers\fR -file is relatively small, it may be prohibitively expensive and -running commands via -\fBsudo\fR -may take longer than normal. -On such systems it may be faster to use the -\fImatch_group_by_gid\fR -flag to avoid resolving the user's group-IDs to group names. -In this case, -\fBsudoers\fR -must look up any group name listed in the -\fIsudoers\fR -file and use the group-ID instead of the group name when determining -whether the user is a member of the group. -.sp -Note that if -\fImatch_group_by_gid\fR -is enabled, group database lookups performed by -\fBsudoers\fR -will be keyed by group name as opposed to group-ID. -On systems where there are multiple sources for the group database, -it is possible to have conflicting group names or group-IDs in the local -\fI/etc/group\fR -file and the remote group database. -On such systems, enabling or disabling -\fImatch_group_by_gid\fR -can be used to choose whether group database queries are performed -by name (enabled) or ID (disabled), which may aid in working around -group entry conflicts. -.sp -The -\fImatch_group_by_gid\fR -flag has no effect when -\fIsudoers\fR -data is stored in LDAP. -This flag is -\fIoff\fR -by default. -.sp -This setting is only supported by version 1.8.18 or higher. -.TP 18n -netgroup_tuple -If set, netgroup lookups will be performed using the full netgroup -tuple: host name, user name and domain (if one is set). -Historically, -\fBsudo\fR -only matched the user name and domain for netgroups used in a -\fRUser_List\fR -and only matched the host name and domain for netgroups used in a -\fRHost_List\fR. -This flag is -\fIoff\fR -by default. -.TP 18n -noexec -If set, all commands run via -\fBsudo\fR -will behave as if the -\fRNOEXEC\fR -tag has been set, unless overridden by an -\fREXEC\fR -tag. -See the description of -\fIEXEC and NOEXEC\fR -above as well as the -\fIPreventing shell escapes\fR -section at the end of this manual. -This flag is -\fIoff\fR -by default. -.TP 18n -pam_acct_mgmt -On systems that use PAM for authentication, -\fBsudo\fR -will perform PAM account validation for the invoking user by default. -The actual checks performed depend on which PAM modules are configured. -If enabled, account validation will be performed regardless of whether -or not a password is required. -This flag is -\fIon\fR -by default. -.sp -This setting is only supported by version 1.8.28 or higher. -.TP 18n -pam_rhost -On systems that use PAM for authentication, -\fBsudo\fR -will set the PAM remote host value to the name of the local host -when the -\fIpam_rhost\fR -flag is enabled. -On Linux systems, enabling -\fIpam_rhost\fR -may result in DNS lookups of the local host name when PAM is initialized. -On Solaris versions prior to Solaris 8, -\fIpam_rhost\fR -must be enabled if -\fIpam_ruser\fR -is also enabled to avoid a crash in the Solaris PAM implementation. -.sp -This flag is -\fIoff\fR -by default on systems other than Solaris. -.sp -This setting is only supported by version 1.9.0 or higher. -.TP 18n -pam_ruser -On systems that use PAM for authentication, -\fBsudo\fR -will set the PAM remote user value to the name of the user that invoked sudo -when the -\fIpam_ruser\fR -flag is enabled. -This flag is -\fIon\fR -by default. -.sp -This setting is only supported by version 1.9.0 or higher. -.TP 18n -pam_session -On systems that use PAM for authentication, -\fBsudo\fR -will create a new PAM session for the command to be run in. -Unless -\fBsudo\fR -is given the -\fB\-i\fR -or -\fB\-s\fR -options, PAM session modules are run with the -\(lqsilent\(rq -flag enabled. -This prevents last login information from being displayed for every -command on some systems. -Disabling -\fIpam_session\fR -may be needed on older PAM implementations or on operating systems where -opening a PAM session changes the utmp or wtmp files. -If PAM session support is disabled, resource limits may not be updated -for the command being run. -If -\fIpam_session\fR, -\fIpam_setcred\fR, -and -\fIuse_pty\fR -are disabled, -\fIlog_servers\fR -has not been set and I/O logging has not been configured, -\fBsudo\fR -will execute the command directly instead of running it as a child -process. -This flag is -\fI@pam_session@\fR -by default. -.sp -This setting is only supported by version 1.8.7 or higher. -.TP 18n -pam_setcred -On systems that use PAM for authentication, -\fBsudo\fR -will attempt to establish credentials for the target user by default, -if supported by the underlying authentication system. -One example of a credential is a Kerberos ticket. -If -\fIpam_session\fR, -\fIpam_setcred\fR, -and -\fIuse_pty\fR -are disabled, -\fIlog_servers\fR -has not been set and I/O logging has not been configured, -\fBsudo\fR -will execute the command directly instead of running it as a child -process. -This flag is -\fIon\fR -by default. -.sp -This setting is only supported by version 1.8.8 or higher. -.TP 18n -passprompt_override -If set, the prompt specified by -\fIpassprompt\fR -or the -\fRSUDO_PROMPT\fR -environment variable will always be used and will replace the -prompt provided by a PAM module or other authentication method. -This flag is -\fIoff\fR -by default. -.TP 18n -path_info -Normally, -\fBsudo\fR -will tell the user when a command could not be -found in their -\fRPATH\fR -environment variable. -Some sites may wish to disable this as it could be used to gather -information on the location of executables that the normal user does -not have access to. -The disadvantage is that if the executable is simply not in the user's -\fRPATH\fR, -\fBsudo\fR -will tell the user that they are not allowed to run it, which can be confusing. -This flag is -\fI@path_info@\fR -by default. -.TP 18n -preserve_groups -By default, -\fBsudo\fR -will initialize the group vector to the list of groups the target user is in. -When -\fIpreserve_groups\fR -is set, the user's existing group vector is left unaltered. -The real and effective group-IDs, however, are still set to match the -target user. -This flag is -\fIoff\fR -by default. -.TP 18n -pwfeedback -By default, -\fBsudo\fR -reads the password like most other Unix programs, -by turning off echo until the user hits the return (or enter) key. -Some users become confused by this as it appears to them that -\fBsudo\fR -has hung at this point. -When -\fIpwfeedback\fR -is set, -\fBsudo\fR -will provide visual feedback when the user presses a key. -Note that this does have a security impact as an onlooker may be able to -determine the length of the password being entered. -This flag is -\fIoff\fR -by default. -.TP 18n -requiretty -If set, -\fBsudo\fR -will only run when the user is logged in to a real tty. -When this flag is set, -\fBsudo\fR -can only be run from a login session and not via other means such as -cron(@mansectsu@) -or cgi-bin scripts. -This flag is -\fIoff\fR -by default. -.TP 18n -root_sudo -If set, root is allowed to run -\fBsudo\fR -too. -Disabling this prevents users from -\(lqchaining\(rq -\fBsudo\fR -commands to get a root shell by doing something like -\(lq\fRsudo sudo /bin/sh\fR\(rq. -Note, however, that turning off -\fIroot_sudo\fR -will also prevent root from running -\fBsudoedit\fR. -Disabling -\fIroot_sudo\fR -provides no real additional security; it exists purely for historical reasons. -This flag is -\fI@root_sudo@\fR -by default. -.TP 18n -rootpw -If set, -\fBsudo\fR -will prompt for the root password instead of the password of the invoking user -when running a command or editing a file. -This flag is -\fIoff\fR -by default. -.TP 18n -runas_allow_unknown_id -If enabled, allow matching of runas user and group IDs that are -not present in the password or group databases. -In addition to explicitly matching unknown user or group IDs in a -\fRRunas_List\fR, -this option also allows the -\fBALL\fR -alias to match unknown IDs. -This flag is -\fIoff\fR -by default. -.sp -This setting is only supported by version 1.8.30 or higher. -Older versions of -\fBsudo\fR -always allowed matching of unknown user and group IDs. -.TP 18n -runas_check_shell -.br -If enabled, -\fBsudo\fR -will only run commands as a user whose shell appears in the -\fI/etc/shells\fR -file, even if the invoking user's -\fRRunas_List\fR -would otherwise permit it. -If no -\fI/etc/shells\fR -file is present, a system-dependent list of built-in default shells is used. -On many operating systems, system users such as -\(lqbin\(rq, -do not have a valid shell and this flag can be used to prevent -commands from being run as those users. -This flag is -\fIoff\fR -by default. -.sp -This setting is only supported by version 1.8.30 or higher. -.TP 18n -runaspw -If set, -\fBsudo\fR -will prompt for the password of the user defined by the -\fIrunas_default\fR -option (defaults to -\fR@runas_default@\fR) -instead of the password of the invoking user -when running a command or editing a file. -This flag is -\fIoff\fR -by default. -.if \n(SL \{\ -.TP 18n -selinux -If enabled, the user may specify an SELinux role and/or type to use -when running the command, as permitted by the SELinux policy. -If SELinux is disabled on the system, this flag has no effect. -This flag is -\fIon\fR -by default. -.\} -.TP 18n -set_home -If enabled and -\fBsudo\fR -is invoked with the -\fB\-s\fR -option, the -\fRHOME\fR -environment variable will be set to the home directory of the target -user (which is the root user unless the -\fB\-u\fR -option is used). -This flag is largely obsolete and has no effect unless the -\fIenv_reset\fR -flag has been disabled or -\fRHOME\fR -is present in the -\fIenv_keep\fR -list, both of which are strongly discouraged. -This flag is -\fIoff\fR -by default. -.TP 18n -set_logname -Normally, -\fBsudo\fR -will set the -\fRLOGNAME\fR -and -\fRUSER\fR -environment variables to the name of the target user (usually root unless the -\fB\-u\fR -option is given). -However, since some programs (including the RCS revision control system) use -\fRLOGNAME\fR -to determine the real identity of the user, it may be desirable to -change this behavior. -This can be done by negating the set_logname option. -Note that -\fIset_logname\fR -will have no effect -if the -\fIenv_reset\fR -option has not been disabled and the -\fIenv_keep\fR -list contains -\fRLOGNAME\fR -or -\fRUSER\fR. -This flag is -\fIon\fR -by default. -.TP 18n -set_utmp -When enabled, -\fBsudo\fR -will create an entry in the utmp (or utmpx) file when a pseudo-terminal -is allocated. -A pseudo-terminal is allocated by -\fBsudo\fR -when it is running in a terminal and one or more of the -\fIlog_input\fR, -\fIlog_output\fR -or -\fIuse_pty\fR -flags is enabled. -By default, the new entry will be a copy of the user's existing utmp -entry (if any), with the tty, time, type and pid fields updated. -This flag is -\fIon\fR -by default. -.TP 18n -setenv -Allow the user to disable the -\fIenv_reset\fR -option from the command line via the -\fB\-E\fR -option. -Additionally, environment variables set via the command line are -not subject to the restrictions imposed by -\fIenv_check\fR, -\fIenv_delete\fR, -or -\fIenv_keep\fR. -As such, only trusted users should be allowed to set variables in this manner. -This flag is -\fIoff\fR -by default. -.TP 18n -shell_noargs -If set and -\fBsudo\fR -is invoked with no arguments it acts as if the -\fB\-s\fR -option had been given. -That is, it runs a shell as root (the shell is determined by the -\fRSHELL\fR -environment variable if it is set, falling back on the shell listed -in the invoking user's /etc/passwd entry if not). -This flag is -\fIoff\fR -by default. -.TP 18n -stay_setuid -Normally, when -\fBsudo\fR -executes a command the real and effective UIDs are set to the target -user (root by default). -This option changes that behavior such that the real UID is left -as the invoking user's UID. -In other words, this makes -\fBsudo\fR -act as a set-user-ID wrapper. -This can be useful on systems that disable some potentially -dangerous functionality when a program is run set-user-ID. -This option is only effective on systems that support either the -setreuid(2) -or -setresuid(2) -system call. -This flag is -\fIoff\fR -by default. -.TP 18n -sudoedit_checkdir -.br -If set, -\fBsudoedit\fR -will check all directory components of the path to be edited for writability -by the invoking user. -Symbolic links will not be followed in writable directories and -\fBsudoedit\fR -will refuse to edit a file located in a writable directory. -These restrictions are not enforced when -\fBsudoedit\fR -is run by root. -On some systems, if all directory components of the path to be edited -are not readable by the target user, -\fBsudoedit\fR -will be unable to edit the file. -This flag is -\fIon\fR -by default. -.sp -This setting was first introduced in version 1.8.15 but initially -suffered from a race condition. -The check for symbolic links in writable intermediate directories -was added in version 1.8.16. -.TP 18n -sudoedit_follow -By default, -\fBsudoedit\fR -will not follow symbolic links when opening files. -The -\fIsudoedit_follow\fR -option can be enabled to allow -\fBsudoedit\fR -to open symbolic links. -It may be overridden on a per-command basis by the -\fIFOLLOW\fR -and -\fINOFOLLOW\fR -tags. -This flag is -\fIoff\fR -by default. -.sp -This setting is only supported by version 1.8.15 or higher. -.TP 18n -syslog_pid -When logging via -syslog(3), -include the process ID in the log entry. -This flag is -\fIoff\fR -by default. -.sp -This setting is only supported by version 1.8.21 or higher. -.TP 18n -targetpw -If set, -\fBsudo\fR -will prompt for the password of the user specified -by the -\fB\-u\fR -option (defaults to -\fRroot\fR) -instead of the password of the invoking user -when running a command or editing a file. -Note that this flag precludes the use of a user-ID not listed in the passwd -database as an argument to the -\fB\-u\fR -option. -This flag is -\fIoff\fR -by default. -.TP 18n -tty_tickets -If set, users must authenticate on a per-tty basis. -With this flag enabled, -\fBsudo\fR -will use a separate record in the time stamp file for each terminal. -If disabled, a single record is used for all login sessions. -.sp -This option has been superseded by the -\fItimestamp_type\fR -option. -.TP 18n -umask_override -If set, -\fBsudo\fR -will set the umask as specified in the -\fIsudoers\fR -file without modification. -This makes it possible to specify a umask in the -\fIsudoers\fR -file that is more permissive than the user's own umask and matches -historical behavior. -If -\fIumask_override\fR -is not set, -\fBsudo\fR -will set the umask to be the union of the user's umask and what is specified in -\fIsudoers\fR. -This flag is -\fI@umask_override@\fR -by default. -.if \n(BA \{\ -.TP 18n -use_loginclass -If set, -\fBsudo\fR -will apply the defaults specified for the target user's login class -if one exists. -Only available if -\fBsudo\fR -is configured with the -\fR--with-logincap\fR -option. -This flag is -\fIoff\fR -by default. -.\} -.TP 18n -use_netgroups -If set, netgroups (prefixed with -\(oq+\(cq), -may be used in place of a user or host. -For LDAP-based sudoers, netgroup support requires an expensive -sub-string match on the server unless the -\fBNETGROUP_BASE\fR -directive is present in the -\fI@ldap_conf@\fR -file. -If netgroups are not needed, this option can be disabled to reduce the -load on the LDAP server. -This flag is -\fIon\fR -by default. -.TP 18n -use_pty -If set, and -\fBsudo\fR -is running in a terminal, the command will be run in a pseudo-terminal -(even if no I/O logging is being done). -If the -\fBsudo\fR -process is not attached to a terminal, -\fIuse_pty\fR -has no effect. -.sp -A malicious program run under -\fBsudo\fR -may be capable of injecting commands into the user's -terminal or running a background process that retains access to the -user's terminal device even after the main program has finished -executing. -By running the command in a separate pseudo-terminal, this attack is -no longer possible. -This flag is -\fIoff\fR -by default. -.TP 18n -user_command_timeouts -If set, the user may specify a timeout on the command line. -If the timeout expires before the command has exited, the -command will be terminated. -If a timeout is specified both in the -\fIsudoers\fR -file and on the command line, the smaller of the two timeouts will be used. -See the -\fRTimeout_Spec\fR -section for a description of the timeout syntax. -This flag is -\fIoff\fR -by default. -.sp -This setting is only supported by version 1.8.20 or higher. -.TP 18n -utmp_runas -If set, -\fBsudo\fR -will store the name of the runas user when updating the utmp (or utmpx) file. -By default, -\fBsudo\fR -stores the name of the invoking user. -This flag is -\fIoff\fR -by default. -.TP 18n -visiblepw -By default, -\fBsudo\fR -will refuse to run if the user must enter a password but it is not -possible to disable echo on the terminal. -If the -\fIvisiblepw\fR -flag is set, -\fBsudo\fR -will prompt for a password even when it would be visible on the screen. -This makes it possible to run things like -\(lq\fRssh somehost sudo ls\fR\(rq -since by default, -ssh(1) -does -not allocate a tty when running a command. -This flag is -\fIoff\fR -by default. -.PP -\fBIntegers\fR: -.TP 18n -closefrom -Before it executes a command, -\fBsudo\fR -will close all open file descriptors other than standard input, -standard output and standard error (ie: file descriptors 0-2). -The -\fIclosefrom\fR -option can be used to specify a different file descriptor at which -to start closing. -The default is -\fR3\fR. -.TP 18n -command_timeout -The maximum amount of time a command is allowed to run before -it is terminated. -See the -\fRTimeout_Spec\fR -section for a description of the timeout syntax. -.sp -This setting is only supported by version 1.8.20 or higher. -.TP 18n -log_server_timeout -The maximum amount of time to wait when connecting to a log server -or waiting for a server response. -See the -\fRTimeout_Spec\fR -section for a description of the timeout syntax. -The default value is 30 seconds. -.sp -This setting is only supported by version 1.9.0 or higher. -.TP 18n -maxseq -The maximum sequence number that will be substituted for the -\(lq\fR%{seq}\fR\(rq -escape in the I/O log file (see the -\fIiolog_dir\fR -description below for more information). -While the value substituted for -\(lq\fR%{seq}\fR\(rq -is in base 36, -\fImaxseq\fR -itself should be expressed in decimal. -Values larger than 2176782336 (which corresponds to the -base 36 sequence number -\(lqZZZZZZ\(rq) -will be silently truncated to 2176782336. -The default value is 2176782336. -.sp -Once the local sequence number reaches the value of -\fImaxseq\fR, -it will -\(lqroll over\(rq -to zero, after which -\fBsudoers\fR -will truncate and re-use any existing I/O log path names. -.sp -This setting is only supported by version 1.8.7 or higher. -.TP 18n -passwd_tries -The number of tries a user gets to enter his/her password before -\fBsudo\fR -logs the failure and exits. -The default is -\fR@passwd_tries@\fR. -.TP 18n -syslog_maxlen -On many systems, -syslog(3) -has a relatively small log buffer. -IETF RFC 5424 states that syslog servers must support messages of -at least 480 bytes and should support messages up to 2048 bytes. -By default, -\fBsudoers\fR -creates log messages up to 980 bytes which corresponds to the -historic -BSD -syslog implementation which used a 1024 byte buffer -to store the message, date, hostname and program name. -To prevent syslog messages from being truncated, -\fBsudoers\fR -will split up log messages that are larger than -\fIsyslog_maxlen\fR -bytes. -When a message is split, additional parts will include the string -\(lq(command continued)\(rq -after the user name and before the continued command line arguments. -.sp -This setting is only supported by version 1.8.19 or higher. -.PP -\fBIntegers that can be used in a boolean context\fR: -.TP 18n -loglinelen -Number of characters per line for the file log. -This value is used to decide when to wrap lines for nicer log files. -This has no effect on the syslog log file, only the file log. -The default is -\fR@loglen@\fR -(use 0 or negate the option to disable word wrap). -.TP 18n -passwd_timeout -Number of minutes before the -\fBsudo\fR -password prompt times out, or -\fR0\fR -for no timeout. -The timeout may include a fractional component -if minute granularity is insufficient, for example -\fR2.5\fR. -The -default is -\fR@password_timeout@\fR. -.TP 18n -timestamp_timeout -.br -Number of minutes that can elapse before -\fBsudo\fR -will ask for a passwd again. -The timeout may include a fractional component if -minute granularity is insufficient, for example -\fR2.5\fR. -The default is -\fR@timeout@\fR. -Set this to -\fR0\fR -to always prompt for a password. -If set to a value less than -\fR0\fR -the user's time stamp will not expire until the system is rebooted. -This can be used to allow users to create or delete their own time stamps via -\(lq\fRsudo -v\fR\(rq -and -\(lq\fRsudo -k\fR\(rq -respectively. -.TP 18n -umask -File mode creation mask to use when running the command. -Negate this option or set it to 0777 to prevent -\fBsudoers\fR -from changing the umask. -Unless the -\fIumask_override\fR -flag is set, the actual umask will be the union of the -user's umask and the value of the -\fIumask\fR -setting, which defaults to -\fR@sudo_umask@\fR. -This guarantees -that -\fBsudo\fR -never lowers the umask when running a command. -.sp -If -\fIumask\fR -is explicitly set in -\fIsudoers\fR, -it will override any umask setting in PAM or login.conf. -If -\fIumask\fR -is not set in -\fIsudoers\fR, -the umask specified by PAM or login.conf will take precedence. -The umask setting in PAM is not used for -\fBsudoedit\fR, -which does not create a new PAM session. -.PP -\fBStrings\fR: -.TP 18n -authfail_message -Message that is displayed after a user fails to authenticate. -The message may include the -\(oq%d\(cq -escape which will expand to the number of failed password attempts. -If set, it overrides the default message, -\fR%d incorrect password attempt(s)\fR. -.TP 18n -badpass_message -Message that is displayed if a user enters an incorrect password. -The default is -\fR@badpass_message@\fR -unless insults are enabled. -.TP 18n -editor -A colon -(\(oq:\&\(cq) -separated list of editors path names used by -\fBsudoedit\fR -and -\fBvisudo\fR. -For -\fBsudoedit\fR, -this list is used to find an editor when none of the -\fRSUDO_EDITOR\fR, -\fRVISUAL\fR -or -\fREDITOR\fR -environment variables are set to an editor that exists and is executable. -For -\fBvisudo\fR, -it is used as a white list of allowed editors; -\fBvisudo\fR -will choose the editor that matches the user's -\fRSUDO_EDITOR\fR, -\fRVISUAL\fR -or -\fREDITOR\fR -environment variable if possible, or the first editor in the -list that exists and is executable if not. -Unless invoked as -\fBsudoedit\fR, -\fBsudo\fR -does not preserve the -\fRSUDO_EDITOR\fR, -\fRVISUAL\fR -or -\fREDITOR\fR -environment variables unless they are present in the -\fIenv_keep\fR -list or the -\fIenv_reset\fR -option is disabled. -The default is -\fI@editor@\fR. -.TP 18n -iolog_dir -The top-level directory to use when constructing the path name for -the input/output log directory. -Only used if the -\fIlog_input\fR -or -\fIlog_output\fR -options are enabled or when the -\fRLOG_INPUT\fR -or -\fRLOG_OUTPUT\fR -tags are present for a command. -The session sequence number, if any, is stored in the directory. -The default is -\fI@iolog_dir@\fR. -.sp -The following percent -(\(oq%\(cq) -escape sequences are supported: -.PP -.RS 18n -.PD 0 -.TP 6n -\fR%{seq}\fR -expanded to a monotonically increasing base-36 sequence number, such as 0100A5, -where every two digits are used to form a new directory, e.g., -\fI01/00/A5\fR -.PD -.TP 6n -\fR%{user}\fR -expanded to the invoking user's login name -.TP 6n -\fR%{group}\fR -expanded to the name of the invoking user's real group-ID -.TP 6n -\fR%{runas_user}\fR -expanded to the login name of the user the command will -be run as (e.g., root) -.TP 6n -\fR%{runas_group}\fR -expanded to the group name of the user the command will -be run as (e.g., wheel) -.TP 6n -\fR%{hostname}\fR -expanded to the local host name without the domain name -.TP 6n -\fR%{command}\fR -expanded to the base name of the command being run -.PP -In addition, any escape sequences supported by the system's -strftime(3) -function will be expanded. -.sp -To include a literal -\(oq%\(cq -character, the string -\(oq%%\(cq -should be used. -.RE -.TP 18n -iolog_file -The path name, relative to -\fIiolog_dir\fR, -in which to store input/output logs when the -\fIlog_input\fR -or -\fIlog_output\fR -options are enabled or when the -\fRLOG_INPUT\fR -or -\fRLOG_OUTPUT\fR -tags are present for a command. -Note that -\fIiolog_file\fR -may contain directory components. -The default is -\(lq\fR%{seq}\fR\(rq. -.sp -See the -\fIiolog_dir\fR -option above for a list of supported percent -(\(oq%\(cq) -escape sequences. -.sp -In addition to the escape sequences, path names that end in six or -more -\fRX\fRs -will have the -\fRX\fRs -replaced with a unique combination of digits and letters, similar to the -mktemp(3) -function. -.sp -If the path created by concatenating -\fIiolog_dir\fR -and -\fIiolog_file\fR -already exists, the existing I/O log file will be truncated and -overwritten unless -\fIiolog_file\fR -ends in six or -more -\fRX\fRs. -.TP 18n -iolog_flush -If set, -\fBsudo\fR -will flush I/O log data to disk after each write instead of buffering it. -This makes it possible to view the logs in real-time as the program -is executing but may significantly reduce the effectiveness of I/O -log compression. -This flag is -\fIoff\fR -by default. -.sp -This setting is only supported by version 1.8.20 or higher. -.TP 18n -iolog_group -The group name to look up when setting the group-ID on new I/O log -files and directories. -If -\fIiolog_group\fR -is not set, -the primary group-ID of the user specified by -\fIiolog_user\fR -is used. -If neither -\fIiolog_group\fR -nor -\fIiolog_user\fR -are set, I/O log files and directories are created with group-ID 0. -.sp -This setting is only supported by version 1.8.19 or higher. -.TP 18n -iolog_mode -The file mode to use when creating I/O log files. -Mode bits for read and write permissions for owner, group or other -are honored, everything else is ignored. -The file permissions will always include the owner read and -write bits, even if they are not present in the specified mode. -When creating I/O log directories, search (execute) bits are added -to match the read and write bits specified by -\fIiolog_mode\fR. -Defaults to 0600 (read and write by user only). -.sp -This setting is only supported by version 1.8.19 or higher. -.TP 18n -iolog_user -The user name to look up when setting the user and group-IDs on new -I/O log files and directories. -If -\fIiolog_group\fR -is set, it will be used instead of the user's primary group-ID. -By default, I/O log files and directories are created with user and -group-ID 0. -.sp -This setting can be useful when the I/O logs are stored on a Network -File System (NFS) share. -Having a dedicated user own the I/O log files means that -\fBsudoers\fR -does not write to the log files as user-ID 0, which is usually -not permitted by NFS. -.sp -This setting is only supported by version 1.8.19 or higher. -.TP 18n -lecture_status_dir -The directory in which -\fBsudo\fR -stores per-user lecture status files. -Once a user has received the lecture, a zero-length file is -created in this directory so that -\fBsudo\fR -will not lecture the user again. -This directory should -\fInot\fR -be cleared when the system reboots. -The default is -\fI@vardir@/lectured\fR. -.if \n(PS \{\ -.TP 18n -limitprivs -The default Solaris limit privileges to use when constructing a new -privilege set for a command. -This bounds all privileges of the executing process. -The default limit privileges may be overridden on a per-command basis in -\fIsudoers\fR. -This option is only available if -\fBsudoers\fR -is built on Solaris 10 or higher. -.\} -.TP 18n -log_server_cabundle -The path to a certificate authority bundle file, in PEM format, -to use instead of the system's default certificate authority database -when authenticating the log server. -The default is to use the system's default certificate authority database. -This setting has no effect unless -\fIlog_servers\fR -is set and the remote log server is secured with TLS. -.sp -This setting is only supported by version 1.9.0 or higher. -.TP 18n -log_server_peer_cert -The path to the client's certificate file, in PEM format. -This setting is required when -\fIlog_servers\fR -is set and the remote log server is secured with TLS. -.sp -This setting is only supported by version 1.9.0 or higher. -.TP 18n -log_server_peer_key -The path to the client's private key file, in PEM format. -This setting is required when -\fIlog_servers\fR -is set and the remote log server is secured with TLS. -.sp -This setting is only supported by version 1.9.0 or higher. -.TP 18n -mailsub -Subject of the mail sent to the -\fImailto\fR -user. -The escape -\fR%h\fR -will expand to the host name of the machine. -Default is -\(lq\fR@mailsub@\fR\(rq. -.TP 18n -noexec_file -As of -\fBsudo\fR -version 1.8.1 this option is no longer supported. -The path to the noexec file should now be set in the -sudo.conf(@mansectform@) -file. -.TP 18n -pam_login_service -.br -On systems that use PAM for authentication, this is the service -name used when the -\fB\-i\fR -option is specified. -The default value is -\(lq\fR@pam_login_service@\fR\(rq. -See the description of -\fIpam_service\fR -for more information. -.sp -This setting is only supported by version 1.8.8 or higher. -.TP 18n -pam_service -On systems that use PAM for authentication, the service name -specifies the PAM policy to apply. -This usually corresponds to an entry in the -\fIpam.conf\fR -file or a file in the -\fI/etc/pam.d\fR -directory. -The default value is -\(lq\fRsudo\fR\(rq. -.sp -This setting is only supported by version 1.8.8 or higher. -.TP 18n -passprompt -The default prompt to use when asking for a password; can be overridden via the -\fB\-p\fR -option or the -\fRSUDO_PROMPT\fR -environment variable. -The following percent -(\(oq%\(cq) -escape sequences are supported: -.PP -.RS 18n -.PD 0 -.TP 6n -\fR%H\fR -expanded to the local host name including the domain name -(only if the machine's host name is fully qualified or the -\fIfqdn\fR -option is set) -.PD -.TP 6n -\fR%h\fR -expanded to the local host name without the domain name -.TP 6n -\fR%p\fR -expanded to the user whose password is being asked for (respects the -\fIrootpw\fR, -\fItargetpw\fR -and -\fIrunaspw\fR -flags in -\fIsudoers\fR) -.TP 6n -\fR\&%U\fR -expanded to the login name of the user the command will -be run as (defaults to root) -.TP 6n -\fR%u\fR -expanded to the invoking user's login name -.TP 6n -\fR%%\fR -two consecutive -\fR%\fR -characters are collapsed into a single -\fR%\fR -character -.PP -On systems that use PAM for authentication, -\fIpassprompt\fR -will only be used if the prompt provided by the PAM module matches the string -\(lqPassword: \(rq -or -\(lqusername's Password: \(rq. -This ensures that the -\fIpassprompt\fR -setting does not interfere with challenge-response style authentication. -The -\fIpassprompt_override\fR -flag can be used to change this behavior. -.sp -The default value is -\(lq\fR@passprompt@\fR\(rq. -.RE -.if \n(PS \{\ -.TP 18n -privs -The default Solaris privileges to use when constructing a new -privilege set for a command. -This is passed to the executing process via the inherited privilege set, -but is bounded by the limit privileges. -If the -\fIprivs\fR -option is specified but the -\fIlimitprivs\fR -option is not, the limit privileges of the executing process is set to -\fIprivs\fR. -The default privileges may be overridden on a per-command basis in -\fIsudoers\fR. -This option is only available if -\fBsudoers\fR -is built on Solaris 10 or higher. -.\} -.if \n(SL \{\ -.TP 18n -role -The default SELinux role to use when constructing a new security -context to run the command. -The default role may be overridden on a per-command basis in the -\fIsudoers\fR -file or via command line options. -This option is only available when -\fBsudo\fR -is built with SELinux support. -.\} -.TP 18n -runas_default -The default user to run commands as if the -\fB\-u\fR -option is not specified on the command line. -This defaults to -\fR@runas_default@\fR. -.TP 18n -sudoers_locale -Locale to use when parsing the sudoers file, logging commands, and -sending email. -Note that changing the locale may affect how sudoers is interpreted. -Defaults to -\(lq\fRC\fR\(rq. -.TP 18n -timestamp_type -\fBsudoers\fR -uses per-user time stamp files for credential caching. -The -\fItimestamp_type\fR -option can be used to specify the type of time stamp record used. -It has the following possible values: -.PP -.RS 18n -.PD 0 -.TP 8n -global -A single time stamp record is used for all of a user's login sessions, -regardless of the terminal or parent process ID. -An additional record is used to serialize password prompts when -\fBsudo\fR -is used multiple times in a pipeline, but this does not affect authentication. -.PD -.TP 8n -ppid -A single time stamp record is used for all processes with the same parent -process ID (usually the shell). -Commands run from the same shell (or other common parent process) -will not require a password for -\fItimestamp_timeout\fR -minutes -(\fR@timeout@\fR -by default) -\&. -Commands run via -\fBsudo\fR -with a different parent process ID, for example from a shell script, -will be authenticated separately. -.TP 8n -tty -One time stamp record is used for each terminal, -which means that a user's login sessions are authenticated separately. -If no terminal is present, the behavior is the same as -\fIppid\fR. -Commands run from the same terminal will not require a password for -\fItimestamp_timeout\fR -minutes -(\fR@timeout@\fR -by default) -\&. -.TP 8n -kernel -The time stamp is stored in the kernel as an attribute of the terminal -device. -If no terminal is present, the behavior is the same as -\fIppid\fR. -Negative -\fItimestamp_timeout\fR -values are not supported and positive values are limited to a maximum -of 60 minutes. -This is currently only supported on -OpenBSD. -.PP -The default value is -\fI@timestamp_type@\fR. -.sp -This setting is only supported by version 1.8.21 or higher. -.RE -.TP 18n -timestampdir -The directory in which -\fBsudo\fR -stores its time stamp files. -This directory should be cleared when the system reboots. -The default is -\fI@rundir@/ts\fR. -.TP 18n -timestampowner -The owner of the lecture status directory, time stamp directory and all -files stored therein. -The default is -\fRroot\fR. -.if \n(SL \{\ -.TP 18n -type -The default SELinux type to use when constructing a new security -context to run the command. -The default type may be overridden on a per-command basis in the -\fIsudoers\fR -file or via command line options. -This option is only available when -\fBsudo\fR -is built with SELinux support. -.PP -\fBStrings that can be used in a boolean context\fR: -.TP 14n -env_file -The -\fIenv_file\fR -option specifies the fully qualified path to a file containing variables -to be set in the environment of the program being run. -Entries in this file should either be of the form -\(lq\fRVARIABLE=value\fR\(rq -or -\(lq\fRexport VARIABLE=value\fR\(rq. -The value may optionally be enclosed in single or double quotes. -Variables in this file are only added if the variable does not already -exist in the environment. -This file is considered to be part of the security policy, -its contents are not subject to other -\fBsudo\fR -environment restrictions such as -\fIenv_keep\fR -and -\fIenv_check\fR. -.TP 14n -exempt_group -Users in this group are exempt from password and PATH requirements. -The group name specified should not include a -\fR%\fR -prefix. -This is not set by default. -.TP 14n -fdexec -Determines whether -\fBsudo\fR -will execute a command by its path or by an open file descriptor. -It has the following possible values: -.PP -.RS 14n -.PD 0 -.TP 8n -always -Always execute by file descriptor. -.PD -.TP 8n -never -Never execute by file descriptor. -.TP 8n -digest_only -Only execute by file descriptor if the command has an associated digest -in the -\fIsudoers\fR -file. -.PP -The default value is -\fIdigest_only\fR. -This avoids a time of check versus time of use race condition when -the command is located in a directory writable by the invoking user. -.sp -Note that -\fIfdexec\fR -will change the first element of the argument vector for scripts -($0 in the shell) due to the way the kernel runs script interpreters. -Instead of being a normal path, it will refer to a file descriptor. -For example, -\fI/dev/fd/4\fR -on Solaris and -\fI/proc/self/fd/4\fR -on Linux. -A workaround is to use the -\fRSUDO_COMMAND\fR -environment variable instead. -.sp -The -\fIfdexec\fR -setting is only used when the command is matched by path name. -It has no effect if the command is matched by the built-in -\fBALL\fR -alias. -.sp -This setting is only supported by version 1.8.20 or higher. -If the operating system does not support the -fexecve(2) -system call, this setting has no effect. -.RE -.TP 14n -group_plugin -A string containing a -\fBsudoers\fR -group plugin with optional arguments. -The string should consist of the plugin -path, either fully-qualified or relative to the -\fI@plugindir@\fR -directory, followed by any configuration arguments the plugin requires. -These arguments (if any) will be passed to the plugin's initialization function. -If arguments are present, the string must be enclosed in double quotes -(\&""). -.sp -For more information see -\fIGROUP PROVIDER PLUGINS\fR. -.TP 14n -lecture -This option controls when a short lecture will be printed along with -the password prompt. -It has the following possible values: -.PP -.RS 14n -.PD 0 -.TP 8n -always -Always lecture the user. -.PD -.TP 8n -never -Never lecture the user. -.TP 8n -once -Only lecture the user the first time they run -\fBsudo\fR. -.PP -If no value is specified, a value of -\fIonce\fR -is implied. -Negating the option results in a value of -\fInever\fR -being used. -The default value is -\fI@lecture@\fR. -.RE -.TP 14n -lecture_file -Path to a file containing an alternate -\fBsudo\fR -lecture that will be used in place of the standard lecture if the named -file exists. -By default, -\fBsudo\fR -uses a built-in lecture. -.TP 14n -listpw -This option controls when a password will be required when a user runs -\fBsudo\fR -with the -\fB\-l\fR -option. -It has the following possible values: -.PP -.RS 14n -.PD 0 -.TP 10n -all -All the user's -\fIsudoers\fR -file entries for the current host must have -the -\fRNOPASSWD\fR -flag set to avoid entering a password. -.PD -.TP 10n -always -The user must always enter a password to use the -\fB\-l\fR -option. -.TP 10n -any -At least one of the user's -\fIsudoers\fR -file entries for the current host -must have the -\fRNOPASSWD\fR -flag set to avoid entering a password. -.TP 10n -never -The user need never enter a password to use the -\fB\-l\fR -option. -.PP -If no value is specified, a value of -\fIany\fR -is implied. -Negating the option results in a value of -\fInever\fR -being used. -The default value is -\fIany\fR. -.RE -.TP 14n -log_format -The event log format. -Supported log formats are: -.PP -.RS 14n -.PD 0 -.TP 10n -json -Logs in JSON format. -JSON log entries contain the full user details as well as the execution -environment if the command was allowed. -Due to limitations of the protocol, JSON events sent via -\fIsyslog\fR -may be truncated. -.PD -.TP 10n -sudo -Traditional sudo-style logs, see -\fILOG FORMAT\fR -for a description of the log file format. -.PP -This setting affects logs sent via -syslog(3) -as well as the file specified by the -\fIlogfile\fR -setting, if any. -The default value is -\fIsudo\fR. -.RE -.TP 14n -logfile -Path to the -\fBsudo\fR -log file (not the syslog log file). -Setting a path turns on logging to a file; -negating this option turns it off. -By default, -\fBsudo\fR -logs via syslog. -.TP 14n -mailerflags -Flags to use when invoking mailer. -Defaults to -\fB\-t\fR. -.TP 14n -mailerpath -Path to mail program used to send warning mail. -Defaults to the path to sendmail found at configure time. -.TP 14n -mailfrom -Address to use for the -\(lqfrom\(rq -address when sending warning and error mail. -The address should be enclosed in double quotes -(\&"") -to protect against -\fBsudo\fR -interpreting the -\fR@\fR -sign. -Defaults to the name of the user running -\fBsudo\fR. -.TP 14n -mailto -Address to send warning and error mail to. -The address should be enclosed in double quotes -(\&"") -to protect against -\fBsudo\fR -interpreting the -\fR@\fR -sign. -Defaults to -\fR@mailto@\fR. -.TP 14n -restricted_env_file -The -\fIrestricted_env_file\fR -option specifies the fully qualified path to a file containing variables -to be set in the environment of the program being run. -Entries in this file should either be of the form -\(lq\fRVARIABLE=value\fR\(rq -or -\(lq\fRexport VARIABLE=value\fR\(rq. -The value may optionally be enclosed in single or double quotes. -Variables in this file are only added if the variable does not already -exist in the environment. -Unlike -\fIenv_file\fR, -the file's contents are not trusted and are processed in a manner -similar to that of the invoking user's environment. -If -\fIenv_reset\fR -is enabled, variables in the file will only be added if they are -matched by either the -\fIenv_check\fR -or -\fIenv_keep\fR -list. -If -\fIenv_reset\fR -is disabled, variables in the file are added as long as they -are not matched by the -\fIenv_delete\fR -list. -In either case, the contents of -\fIrestricted_env_file\fR -are processed before the contents of -\fIenv_file\fR. -.TP 14n -runchroot -If set, -\fBsudo\fR -will use this value for the root directory when running a command. -The special value -\(lq*\(rq -will allow the user to specify the root directory via -\fBsudo\fR's -\fB\-R\fR -option. -See the -\fIChroot_Spec\fR -section for more details. -.sp -It is only possible to use -\fIrunchroot\fR -as a command-specific Defaults setting if the command exists with -the same path both inside and outside the chroot jail. -This restriction does not apply to generic, host or user-based -Defaults settings or to a -\fICmnd_Spec\fR -that includes a -\fIChroot_Spec\fR. -.sp -This setting is only supported by version 1.9.3 or higher. -.TP 14n -runcwd -If set, -\fBsudo\fR -will use this value for the working directory when running a command. -The special value -\(lq*\(rq -will allow the user to specify the working directory via -\fBsudo\fR's -\fB\-D\fR -option. -See the -\fIChdir_Spec\fR -section for more details. -.sp -This setting is only supported by version 1.9.3 or higher. -.TP 14n -secure_path -If set, -\fBsudo\fR -will use this value in place of the user's -\fRPATH\fR -environment variable. -This option can be used to reset the -\fRPATH\fR -to a known good value that contains directories for system administrator -commands such as -\fI/usr/sbin\fR. -.sp -Users in the group specified by the -\fIexempt_group\fR -option are not affected by -\fIsecure_path\fR. -This option is @secure_path@ by default. -.TP 14n -syslog -Syslog facility if syslog is being used for logging (negate to -disable syslog logging). -Defaults to -\fR@logfac@\fR. -.sp -The following syslog facilities are supported: -\fBauthpriv\fR -(if your -OS supports it), -\fBauth\fR, -\fBdaemon\fR, -\fBuser\fR, -\fBlocal0\fR, -\fBlocal1\fR, -\fBlocal2\fR, -\fBlocal3\fR, -\fBlocal4\fR, -\fBlocal5\fR, -\fBlocal6\fR, -and -\fBlocal7\fR. -.TP 14n -syslog_badpri -.br -Syslog priority to use when the user is not allowed to run a command or -when authentication is unsuccessful. -Defaults to -\fR@badpri@\fR. -.sp -The following syslog priorities are supported: -\fBalert\fR, -\fBcrit\fR, -\fBdebug\fR, -\fBemerg\fR, -\fBerr\fR, -\fBinfo\fR, -\fBnotice\fR, -\fBwarning\fR, -and -\fBnone\fR. -Negating the option or setting it to a value of -\fBnone\fR -will disable logging of unsuccessful commands. -.TP 14n -syslog_goodpri -Syslog priority to use when the user is allowed to run a command and -authentication is successful. -Defaults to -\fR@goodpri@\fR. -.sp -See -\fIsyslog_badpri\fR -for the list of supported syslog priorities. -Negating the option or setting it to a value of -\fBnone\fR -will disable logging of successful commands. -.TP 14n -verifypw -This option controls when a password will be required when a user runs -\fBsudo\fR -with the -\fB\-v\fR -option. -It has the following possible values: -.PP -.RS 14n -.PD 0 -.TP 8n -all -All the user's -\fIsudoers\fR -file entries for the current host must have the -\fRNOPASSWD\fR -flag set to avoid entering a password. -.PD -.TP 8n -always -The user must always enter a password to use the -\fB\-v\fR -option. -.TP 8n -any -At least one of the user's -\fIsudoers\fR -file entries for the current host must have the -\fRNOPASSWD\fR -flag set to avoid entering a password. -.TP 8n -never -The user need never enter a password to use the -\fB\-v\fR -option. -.PP -If no value is specified, a value of -\fIall\fR -is implied. -Negating the option results in a value of -\fInever\fR -being used. -The default value is -\fIall\fR. -.RE -.PP -\fBLists that can be used in a boolean context\fR: -.\} -.TP 18n -env_check -Environment variables to be removed from the user's environment -unless they are considered -\(lqsafe\(rq. -For all variables except -\fRTZ\fR, -\(lqsafe\(rq -means that the variable's value does not contain any -\(oq%\(cq -or -\(oq/\(cq -characters. -This can be used to guard against printf-style format vulnerabilities -in poorly-written programs. -The -\fRTZ\fR -variable is considered unsafe if any of the following are true: -.PP -.RS 18n -.PD 0 -.TP 3n -\fB\(bu\fR -It consists of a fully-qualified path name, -optionally prefixed with a colon -(\(oq:\&\(cq), -that does not match the location of the -\fIzoneinfo\fR -directory. -.PD -.TP 3n -\fB\(bu\fR -It contains a -\fI..\fR -path element. -.TP 3n -\fB\(bu\fR -It contains white space or non-printable characters. -.TP 3n -\fB\(bu\fR -It is longer than the value of -\fRPATH_MAX\fR. -.PP -The argument may be a double-quoted, space-separated list or a -single value without double-quotes. -The list can be replaced, added to, deleted from, or disabled by using -the -\fR=\fR, -\fR+=\fR, -\fR-=\fR, -and -\fR\&!\fR -operators respectively. -Regardless of whether the -\fRenv_reset\fR -option is enabled or disabled, variables specified by -\fRenv_check\fR -will be preserved in the environment if they pass the aforementioned check. -The global list of environment variables to check is displayed when -\fBsudo\fR -is run by root with -the -\fB\-V\fR -option. -.RE -.TP 18n -env_delete -Environment variables to be removed from the user's environment when the -\fIenv_reset\fR -option is not in effect. -The argument may be a double-quoted, space-separated list or a -single value without double-quotes. -The list can be replaced, added to, deleted from, or disabled by using the -\fR=\fR, -\fR+=\fR, -\fR-=\fR, -and -\fR\&!\fR -operators respectively. -The global list of environment variables to remove is displayed when -\fBsudo\fR -is run by root with the -\fB\-V\fR -option. -Note that many operating systems will remove potentially dangerous -variables from the environment of any set-user-ID process (such as -\fBsudo\fR). -.TP 18n -env_keep -Environment variables to be preserved in the user's environment when the -\fIenv_reset\fR -option is in effect. -This allows fine-grained control over the environment -\fBsudo\fR-spawned -processes will receive. -The argument may be a double-quoted, space-separated list or a -single value without double-quotes. -The list can be replaced, added to, deleted from, or disabled by using the -\fR=\fR, -\fR+=\fR, -\fR-=\fR, -and -\fR\&!\fR -operators respectively. -The global list of variables to keep -is displayed when -\fBsudo\fR -is run by root with the -\fB\-V\fR -option. -.sp -Preserving the -\fRHOME\fR -environment variable has security implications since many programs use it -when searching for configuration or data files. -Adding -\fRHOME\fR -to -\fIenv_keep\fR -may enable a user to run unrestricted commands via -\fBsudo\fR -and is strongly discouraged. -Users wishing to edit files with -\fBsudo\fR -should run -\fBsudoedit\fR -(or -\fBsudo\fR \fB\-e\fR) -to get their accustomed editor configuration instead of -invoking the editor directly. -.TP 18n -log_servers -A list of one or more servers to use for remote event and I/O log storage, -separated by white space. -Log servers must be running -\fBsudo_logsrvd\fR -or another service that implements the protocol described by -sudo_logsrv.proto(@mansectform@). -.sp -Server addresses should be of the form -\(lqhost[:port][(tls)]\(rq. -The host portion may be a host name, an IPv4 address, or an IPv6 address -in square brackets. -.sp -If the optional -\fItls\fR -flag is present, the connection will be secured -with Transport Layer Security (TLS) version 1.2 or 1.3. -Versions of TLS prior to 1.2 are not supported. -.sp -If a port is specified, it may either be a port number or a well-known -service name as defined by the system service name database. -If no port is specified, port 30343 will be used for plaintext -connections and port 30344 will be used for TLS connections. -.sp -When -\fIlog_servers\fR -is set, event log data will be logged both locally (see the -\fIsyslog\fR -and -\fIlog_file\fR -settings) as well as remotely, but I/O log data will only be logged remotely. -If multiple hosts are specified, they will be attempted in reverse order. -If no log servers are available, the user will not be able to run -a command unless either the -\fIignore_iolog_errors\fR -flag (I/O logging enabled) or the -\fIignore_log_errors\fR -flag (I/O logging disabled) is set. -Likewise, if the connection to the log server is interrupted while -\fBsudo\fR -is running, the command will be terminated unless the -\fIignore_iolog_errors\fR -flag (I/O logging enabled) or the -\fIignore_log_errors\fR -flag (I/O logging disabled) is set. -.sp -This setting is only supported by version 1.9.0 or higher. -.SH "GROUP PROVIDER PLUGINS" -The -\fBsudoers\fR -plugin supports its own plugin interface to allow non-Unix -group lookups which can query a group source other -than the standard Unix group database. -This can be used to implement support for the -\fRnonunix_group\fR -syntax described earlier. -.PP -Group provider plugins are specified via the -\fIgroup_plugin\fR -setting. -The argument to -\fIgroup_plugin\fR -should consist of the plugin path, either fully-qualified or relative to the -\fI@plugindir@\fR -directory, followed by any configuration options the plugin requires. -These options (if specified) will be passed to the plugin's initialization -function. -If options are present, the string must be enclosed in double quotes -(\&""). -.PP -The following group provider plugins are installed by default: -.TP 10n -group_file -The -\fIgroup_file\fR -plugin supports an alternate group file that uses the same syntax as the -\fI/etc/group\fR -file. -The path to the group file should be specified as an option -to the plugin. -For example, if the group file to be used is -\fI/etc/sudo-group\fR: -.nf -.sp -.RS 10n -Defaults group_plugin="group_file.so /etc/sudo-group" -.RE -.fi -.TP 10n -system_group -The -\fIsystem_group\fR -plugin supports group lookups via the standard C library functions -\fBgetgrnam\fR() -and -\fBgetgrid\fR(). -This plugin can be used in instances where the user belongs to -groups not present in the user's supplemental group vector. -This plugin takes no options: -.nf -.sp -.RS 10n -Defaults group_plugin=system_group.so -.RE -.fi -.PP -The group provider plugin API is described in detail in -sudo_plugin(@mansectform@). -.SH "LOG FORMAT" -\fBsudoers\fR -can log events in either JSON or -\fIsudo\fR -format, -this section describes the -\fIsudo\fR -log format. -Depending on -\fIsudoers\fR -configuration, -\fBsudoers\fR -can log events via -syslog(3), -to a local log file, or both. -The log format is almost identical in both cases. -.SS "Accepted command log entries" -Commands that sudo runs are logged using the following format (split -into multiple lines for readability): -.nf -.sp -.RS 4n -date hostname progname: username : TTY=ttyname ; PWD=cwd ; \e - USER=runasuser ; GROUP=runasgroup ; TSID=logid ; \e - ENV=env_vars COMMAND=command -.RE -.fi -.PP -Where the fields are as follows: -.TP 14n -date -The date the command was run. -Typically, this is in the format -\(lqMMM, DD, HH:MM:SS\(rq. -If logging via -syslog(3), -the actual date format is controlled by the syslog daemon. -If logging to a file and the -\fIlog_year\fR -option is enabled, -the date will also include the year. -.TP 14n -hostname -The name of the host -\fBsudo\fR -was run on. -This field is only present when logging via -syslog(3). -.TP 14n -progname -The name of the program, usually -\fIsudo\fR -or -\fIsudoedit\fR. -This field is only present when logging via -syslog(3). -.TP 14n -username -The login name of the user who ran -\fBsudo\fR. -.TP 14n -ttyname -The short name of the terminal (e.g., -\(lqconsole\(rq, -\(lqtty01\(rq, -or -\(lqpts/0\(rq) -\fBsudo\fR -was run on, or -\(lqunknown\(rq -if there was no terminal present. -.TP 14n -cwd -The current working directory that -\fBsudo\fR -was run in. -.TP 14n -runasuser -The user the command was run as. -.TP 14n -runasgroup -The group the command was run as if one was specified on the command line. -.TP 14n -logid -An I/O log identifier that can be used to replay the command's output. -This is only present when the -\fIlog_input\fR -or -\fIlog_output\fR -option is enabled. -.TP 14n -env_vars -A list of environment variables specified on the command line, -if specified. -.TP 14n -command -The actual command that was executed. -.PP -Messages are logged using the locale specified by -\fIsudoers_locale\fR, -which defaults to the -\(lq\fRC\fR\(rq -locale. -.SS "Denied command log entries" -If the user is not allowed to run the command, the reason for the denial -will follow the user name. -Possible reasons include: -.TP 3n -user NOT in sudoers -The user is not listed in the -\fIsudoers\fR -file. -.TP 3n -user NOT authorized on host -The user is listed in the -\fIsudoers\fR -file but is not allowed to run commands on the host. -.TP 3n -command not allowed -The user is listed in the -\fIsudoers\fR -file for the host but they are not allowed to run the specified command. -.TP 3n -3 incorrect password attempts -The user failed to enter their password after 3 tries. -The actual number of tries will vary based on the number of -failed attempts and the value of the -\fIpasswd_tries\fR -option. -.TP 3n -a password is required -The -\fB\-n\fR -option was specified but a password was required. -.TP 3n -sorry, you are not allowed to set the following environment variables -The user specified environment variables on the command line that -were not allowed by -\fIsudoers\fR. -.SS "Error log entries" -If an error occurs, -\fBsudoers\fR -will log a message and, in most cases, send a message to the -administrator via email. -Possible errors include: -.TP 3n -parse error in @sysconfdir@/sudoers near line N -\fBsudoers\fR -encountered an error when parsing the specified file. -In some cases, the actual error may be one line above or below the -line number listed, depending on the type of error. -.TP 3n -problem with defaults entries -The -\fIsudoers\fR -file contains one or more unknown Defaults settings. -This does not prevent -\fBsudo\fR -from running, but the -\fIsudoers\fR -file should be checked using -\fBvisudo\fR. -.TP 3n -timestamp owner (username): \&No such user -The time stamp directory owner, as specified by the -\fItimestampowner\fR -setting, could not be found in the password database. -.TP 3n -unable to open/read @sysconfdir@/sudoers -The -\fIsudoers\fR -file could not be opened for reading. -This can happen when the -\fIsudoers\fR -file is located on a remote file system that maps user-ID 0 to -a different value. -Normally, -\fBsudoers\fR -tries to open the -\fIsudoers\fR -file using group permissions to avoid this problem. -Consider either changing the ownership of -\fI@sysconfdir@/sudoers\fR -or adding an argument like -\(lqsudoers_uid=N\(rq -(where -\(oqN\(cq -is the user-ID that owns the -\fIsudoers\fR -file) to the end of the -\fBsudoers\fR -\fRPlugin\fR -line in the -sudo.conf(@mansectform@) -file. -.TP 3n -unable to stat @sysconfdir@/sudoers -The -\fI@sysconfdir@/sudoers\fR -file is missing. -.TP 3n -@sysconfdir@/sudoers is not a regular file -The -\fI@sysconfdir@/sudoers\fR -file exists but is not a regular file or symbolic link. -.TP 3n -@sysconfdir@/sudoers is owned by uid N, should be 0 -The -\fIsudoers\fR -file has the wrong owner. -If you wish to change the -\fIsudoers\fR -file owner, please add -\(lqsudoers_uid=N\(rq -(where -\(oqN\(cq -is the user-ID that owns the -\fIsudoers\fR -file) to the -\fBsudoers\fR -\fRPlugin\fR -line in the -sudo.conf(@mansectform@) -file. -.TP 3n -@sysconfdir@/sudoers is world writable -The permissions on the -\fIsudoers\fR -file allow all users to write to it. -The -\fIsudoers\fR -file must not be world-writable, the default file mode -is 0440 (readable by owner and group, writable by none). -The default mode may be changed via the -\(lqsudoers_mode\(rq -option to the -\fBsudoers\fR -\fRPlugin\fR -line in the -sudo.conf(@mansectform@) -file. -.TP 3n -@sysconfdir@/sudoers is owned by gid N, should be 1 -The -\fIsudoers\fR -file has the wrong group ownership. -If you wish to change the -\fIsudoers\fR -file group ownership, please add -\(lqsudoers_gid=N\(rq -(where -\(oqN\(cq -is the group-ID that owns the -\fIsudoers\fR -file) to the -\fBsudoers\fR -\fRPlugin\fR -line in the -sudo.conf(@mansectform@) -file. -.TP 3n -unable to open @rundir@/ts/username -\fBsudoers\fR -was unable to read or create the user's time stamp file. -This can happen when -\fItimestampowner\fR -is set to a user other than root and the mode on -\fI@rundir@\fR -is not searchable by group or other. -The default mode for -\fI@rundir@\fR -is 0711. -.TP 3n -unable to write to @rundir@/ts/username -\fBsudoers\fR -was unable to write to the user's time stamp file. -.TP 3n -@rundir@/ts is owned by uid X, should be Y -The time stamp directory is owned by a user other than -\fItimestampowner\fR. -This can occur when the value of -\fItimestampowner\fR -has been changed. -\fBsudoers\fR -will ignore the time stamp directory until the owner is corrected. -.TP 3n -@rundir@/ts is group writable -The time stamp directory is group-writable; it should be writable only by -\fItimestampowner\fR. -The default mode for the time stamp directory is 0700. -\fBsudoers\fR -will ignore the time stamp directory until the mode is corrected. -.SS "Notes on logging via syslog" -By default, -\fBsudoers\fR -logs messages via -syslog(3). -The -\fIdate\fR, -\fIhostname\fR, -and -\fIprogname\fR -fields are added by the system's -\fBsyslog\fR() -function, not -\fBsudoers\fR -itself. -As such, they may vary in format on different systems. -.PP -The maximum size of syslog messages varies from system to system. -The -\fIsyslog_maxlen\fR -setting can be used to change the maximum syslog message size -from the default value of 980 bytes. -For more information, see the description of -\fIsyslog_maxlen\fR. -.SS "Notes on logging to a file" -If the -\fIlogfile\fR -option is set, -\fBsudoers\fR -will log to a local file, such as -\fI/var/log/sudo\fR. -When logging to a file, -\fBsudoers\fR -uses a format similar to -syslog(3), -with a few important differences: -.TP 5n -1.\& -The -\fIprogname\fR -and -\fIhostname\fR -fields are not present. -.TP 5n -2.\& -If the -\fIlog_year\fR -option is enabled, -the date will also include the year. -.TP 5n -3.\& -Lines that are longer than -\fIloglinelen\fR -characters (80 by default) are word-wrapped and continued on the -next line with a four character indent. -This makes entries easier to read for a human being, but makes it -more difficult to use -grep(1) -on the log files. -If the -\fIloglinelen\fR -option is set to 0 (or negated with a -\(oq\&!\(cq), -word wrap will be disabled. -.SH "I/O LOG FILES" -When I/O logging is enabled, -\fBsudo\fR -will run the command in a pseudo-terminal and log all user input and/or output, -depending on which options are enabled. -I/O can be logged either to the local machine or to a remote log server. -For local logs, I/O is logged to the directory specified by the -\fIiolog_dir\fR -option -(\fI@iolog_dir@\fR -by default) -using a unique session ID that is included in the -\fBsudo\fR -log line, prefixed with -\(lq\fRTSID=\fR\(rq. -The -\fIiolog_file\fR -option may be used to control the format of the session ID. -For remote logs, the -\fIlog_servers\fR -setting is used to specify one or more log servers running -\fBsudo_logsrvd\fR -or another server that implements the protocol described by -sudo_logsrv.proto(@mansectform@). -.PP -For both local and remote I/O logs, each log is stored in a separate -directory that contains the following files: -.TP 10n -\fIlog\fR -A text file containing information about the command. -The first line consists of the following colon-delimited fields: -the time the command was run, the name of the user -who ran -\fBsudo\fR, -the name of the target user, the name of the target group (optional), -the terminal that -\fBsudo\fR -was run from, and the number of lines and columns of the terminal. -The second and third lines contain the working directory the command -was run from and the path name of the command itself (with arguments -if present). -.TP 10n -\fIlog.json\fR -A JSON-formatted file containing information about the command. -This is similar to the -\fIlog\fR -file but contains additional information and is easily extensible. -The -\fIlog.json\fR -file will be used by -sudoreplay(@mansectsu@) -in preference to the -\fIlog\fR -file if it exists. -The file may contain the following elements: -.PP -.RS 10n -.PD 0 -.TP 10n -timestamp -.br -A JSON object containing time the command was run. -It consists of two values, -\fIseconds\fR -and -\fInanoseconds\fR. -.PD -.TP 10n -columns -The number of columns of the terminal the command ran on, or zero -if no terminal was present. -.TP 10n -command -The fully-qualified path of the command that was run. -.TP 10n -lines -The number of lines of the terminal the command ran on, or zero -if no terminal was present. -.TP 10n -runargv -A JSON array representing the command's argument vector as passed to the -execve(2) -system call. -.TP 10n -runenv -A JSON array representing the command's environment as passed to the -execve(2) -system call. -.TP 10n -rungid -The group ID the command ran as. -This element is only present when the user specifies a group on the -command line. -.TP 10n -rungroup -The name of the group the command ran as. -This element is only present when the user specifies a group on the -command line. -.TP 10n -runuid -The user ID the command ran as. -.TP 10n -runuser -The name of the user the command ran as. -.TP 10n -submitcwd -.br -The current working directory at the time -\fBsudo\fR -was run. -.TP 10n -submithost -The name of the host the command was run on. -.TP 10n -submituser -The name of the user who ran the command via -\fBsudo\fR. -.TP 10n -ttyname -The path name of the terminal the user invoked -\fBsudo\fR -from. -If the command was run in a pseudo-terminal, -\fIttyname\fR -will be different from the terminal the command actually ran in. -.PD 0 -.PP -.RE -.PD -.TP 10n -\fItiming\fR -Timing information used to replay the session. -Each line consists of the I/O log entry type and amount of time -since the last entry, followed by type-specific data. -The I/O log entry types and their corresponding type-specific data are: -.PP -.RS 10n -.PD 0 -.TP 6n -0 -standard input, number of bytes in the entry -.TP 6n -1 -standard output, number of bytes in the entry -.TP 6n -2 -standard error, number of bytes in the entry -.TP 6n -3 -terminal input, number of bytes in the entry -.TP 6n -4 -terminal output, number of bytes in the entry -.TP 6n -5 -window change, new number lines and columns -.TP 6n -6 -bug compatibility for -\fBsudo\fR -1.8.7 terminal output -.TP 6n -7 -command suspend or resume, signal received -.PP -.RE -.PD -.TP 10n -\fIttyin\fR -Raw input from the user's terminal, exactly as it was received. -No post-processing is performed. -For manual viewing, you may wish to convert carriage return characters -in the log to line feeds. -For example: -\(oqgunzip -c ttyin | tr \&"\er\&" \&"\en\&"\(cq -.TP 10n -\fIstdin\fR -The standard input when no terminal is present, or input redirected from -a pipe or file. -.TP 10n -\fIttyout\fR -Output from the pseudo-terminal (what the command writes to the screen). -Note that terminal-specific post-processing is performed before the -data is logged. -This means that, for example, line feeds are usually converted to -line feed/carriage return pairs and tabs may be expanded to spaces. -.TP 10n -\fIstdout\fR -The standard output when no terminal is present, or output redirected to -a pipe or file. -.TP 10n -\fIstderr\fR -The standard error redirected to a pipe or file. -.PP -All files other than -\fIlog\fR -are compressed in gzip format unless the -\fIcompress_io\fR -flag has been disabled. -Due to buffering, it is not normally possible to display the I/O logs in -real-time as the program is executing. -The I/O log data will not be complete until the program run by -\fBsudo\fR -has exited or has been terminated by a signal. -The -\fIiolog_flush\fR -flag can be used to disable buffering, in which case I/O log data -is written to disk as soon as it is available. -The output portion of an I/O log file can be viewed with the -sudoreplay(@mansectsu@) -utility, which can also be used to list or search the available logs. -.PP -Note that user input may contain sensitive information such as -passwords (even if they are not echoed to the screen), which will -be stored in the log file unencrypted. -In most cases, logging the command output via -\fIlog_output\fR -or -\fRLOG_OUTPUT\fR -is all that is required. -.PP -Since each session's I/O logs are stored in a separate directory, -traditional log rotation utilities cannot be used to limit the -number of I/O logs. -The simplest way to limit the number of I/O is by setting the -\fImaxseq\fR -option to the maximum number of logs you wish to store. -Once the I/O log sequence number reaches -\fImaxseq\fR, -it will be reset to zero and -\fBsudoers\fR -will truncate and re-use any existing I/O logs. -.SH "FILES" -.TP 26n -\fI@sysconfdir@/sudo.conf\fR -Sudo front end configuration -.TP 26n -\fI@sysconfdir@/sudoers\fR -List of who can run what -.TP 26n -\fI/etc/group\fR -Local groups file -.TP 26n -\fI/etc/netgroup\fR -List of network groups -.TP 26n -\fI@iolog_dir@\fR -I/O log files -.TP 26n -\fI@rundir@/ts\fR -Directory containing time stamps for the -\fBsudoers\fR -security policy -.TP 26n -\fI@vardir@/lectured\fR -Directory containing lecture status files for the -\fBsudoers\fR -security policy -.TP 26n -\fI/etc/environment\fR -Initial environment for -\fB\-i\fR -mode on AIX and Linux systems -.SH "EXAMPLES" -Below are example -\fIsudoers\fR -file entries. -Admittedly, some of these are a bit contrived. -First, we allow a few environment variables to pass and then define our -\fIaliases\fR: -.nf -.sp -.RS 0n -# Run X applications through sudo; HOME is used to find the -# .Xauthority file. Note that other programs use HOME to find -# configuration files and this may lead to privilege escalation! -Defaults env_keep += "DISPLAY HOME" - -# User alias specification -User_Alias FULLTIMERS = millert, mikef, dowdy -User_Alias PARTTIMERS = bostley, jwfox, crawl -User_Alias WEBADMIN = will, wendy, wim - -# Runas alias specification -Runas_Alias OP = root, operator -Runas_Alias DB = oracle, sybase -Runas_Alias ADMINGRP = adm, oper - -# Host alias specification -Host_Alias SPARC = bigtime, eclipse, moet, anchor :\e - SGI = grolsch, dandelion, black :\e - ALPHA = widget, thalamus, foobar :\e - HPPA = boa, nag, python -Host_Alias CUNETS = 128.138.0.0/255.255.0.0 -Host_Alias CSNETS = 128.138.243.0, 128.138.204.0/24, 128.138.242.0 -Host_Alias SERVERS = primary, mail, www, ns -Host_Alias CDROM = orion, perseus, hercules - -# Cmnd alias specification -Cmnd_Alias DUMPS = /usr/bin/mt, /usr/sbin/dump, /usr/sbin/rdump,\e - /usr/sbin/restore, /usr/sbin/rrestore,\e - sha224:0GomF8mNN3wlDt1HD9XldjJ3SNgpFdbjO1+NsQ== \e - /home/operator/bin/start_backups -Cmnd_Alias KILL = /usr/bin/kill -Cmnd_Alias PRINTING = /usr/sbin/lpc, /usr/bin/lprm -Cmnd_Alias SHUTDOWN = /usr/sbin/shutdown -Cmnd_Alias HALT = /usr/sbin/halt -Cmnd_Alias REBOOT = /usr/sbin/reboot -Cmnd_Alias SHELLS = /usr/bin/sh, /usr/bin/csh, /usr/bin/ksh,\e - /usr/local/bin/tcsh, /usr/bin/rsh,\e - /usr/local/bin/zsh -Cmnd_Alias SU = /usr/bin/su -Cmnd_Alias PAGERS = /usr/bin/more, /usr/bin/pg, /usr/bin/less -.RE -.fi -.PP -Here we override some of the compiled in default values. -We want -\fBsudo\fR -to log via -syslog(3) -using the -\fIauth\fR -facility in all cases and for commands to be run with -the target user's home directory as the working directory. -We don't want to subject the full time staff to the -\fBsudo\fR -lecture and we want to allow them to run commands in a -chroot(2) -\(lqsandbox\(rq -via the -\fB\-R\fR -option. -User -\fBmillert\fR -need not provide a password and we don't want to reset the -\fRLOGNAME\fR -or -\fRUSER\fR -environment variables when running commands as root. -Additionally, on the machines in the -\fISERVERS\fR -\fRHost_Alias\fR, -we keep an additional local log file and make sure we log the year -in each log line since the log entries will be kept around for several years. -Lastly, we disable shell escapes for the commands in the PAGERS -\fRCmnd_Alias\fR -(\fI/usr/bin/more\fR, -\fI/usr/bin/pg\fR -and -\fI/usr/bin/less\fR) -\&. -Note that this will not effectively constrain users with -\fBsudo\fR -\fBALL\fR -privileges. -.nf -.sp -.RS 0n -# Override built-in defaults -Defaults syslog=auth,runcwd=~ -Defaults>root !set_logname -Defaults:FULLTIMERS !lecture,runchroot=* -Defaults:millert !authenticate -Defaults@SERVERS log_year, logfile=/var/log/sudo.log -Defaults!PAGERS noexec -.RE -.fi -.PP -The -\fIUser specification\fR -is the part that actually determines who may run what. -.nf -.sp -.RS 0n -root ALL = (ALL) ALL -%wheel ALL = (ALL) ALL -.RE -.fi -.PP -We let -\fBroot\fR -and any user in group -\fBwheel\fR -run any command on any host as any user. -.nf -.sp -.RS 0n -FULLTIMERS ALL = NOPASSWD: ALL -.RE -.fi -.PP -Full time sysadmins -(\fBmillert\fR, -\fBmikef\fR, -and -\fBdowdy\fR) -may run any command on any host without authenticating themselves. -.nf -.sp -.RS 0n -PARTTIMERS ALL = ALL -.RE -.fi -.PP -Part time sysadmins -\fBbostley\fR, -\fBjwfox\fR, -and -\fBcrawl\fR) -may run any command on any host but they must authenticate themselves -first (since the entry lacks the -\fRNOPASSWD\fR -tag). -.nf -.sp -.RS 0n -jack CSNETS = ALL -.RE -.fi -.PP -The user -\fBjack\fR -may run any command on the machines in the -\fICSNETS\fR -alias (the networks -\fR128.138.243.0\fR, -\fR128.138.204.0\fR, -and -\fR128.138.242.0\fR). -Of those networks, only -\fR128.138.204.0\fR -has an explicit netmask (in CIDR notation) indicating it is a class C network. -For the other networks in -\fICSNETS\fR, -the local machine's netmask will be used during matching. -.nf -.sp -.RS 0n -lisa CUNETS = ALL -.RE -.fi -.PP -The user -\fBlisa\fR -may run any command on any host in the -\fICUNETS\fR -alias (the class B network -\fR128.138.0.0\fR). -.nf -.sp -.RS 0n -operator ALL = DUMPS, KILL, SHUTDOWN, HALT, REBOOT, PRINTING,\e - sudoedit /etc/printcap, /usr/oper/bin/ -.RE -.fi -.PP -The -\fBoperator\fR -user may run commands limited to simple maintenance. -Here, those are commands related to backups, killing processes, the -printing system, shutting down the system, and any commands in the -directory -\fI/usr/oper/bin/\fR. -Note that one command in the -\fRDUMPS\fR -Cmnd_Alias includes a sha224 digest, -\fI/home/operator/bin/start_backups\fR. -This is because the directory containing the script is writable by the -operator user. -If the script is modified (resulting in a digest mismatch) it will no longer -be possible to run it via -\fBsudo\fR. -.nf -.sp -.RS 0n -joe ALL = /usr/bin/su operator -.RE -.fi -.PP -The user -\fBjoe\fR -may only -su(1) -to operator. -.nf -.sp -.RS 0n -pete HPPA = /usr/bin/passwd [A-Za-z]*, !/usr/bin/passwd *root* - -%opers ALL = (: ADMINGRP) /usr/sbin/ -.RE -.fi -.PP -Users in the -\fBopers\fR -group may run commands in -\fI/usr/sbin/\fR -as themselves -with any group in the -\fIADMINGRP\fR -\fRRunas_Alias\fR -(the -\fBadm\fR -and -\fBoper\fR -groups). -.PP -The user -\fBpete\fR -is allowed to change anyone's password except for -root on the -\fIHPPA\fR -machines. -Because command line arguments are matched as a single, -concatenated string, the -\(oq*\(cq -wildcard will match -\fImultiple\fR -words. -This example assumes that -passwd(1) -does not take multiple user names on the command line. -Note that on GNU systems, options to -passwd(1) -may be specified after the user argument. -As a result, this rule will also allow: -.nf -.sp -.RS 4n -passwd username --expire -.RE -.fi -.PP -which may not be desirable. -.nf -.sp -.RS 0n -bob SPARC = (OP) ALL : SGI = (OP) ALL -.RE -.fi -.PP -The user -\fBbob\fR -may run anything on the -\fISPARC\fR -and -\fISGI\fR -machines as any user listed in the -\fIOP\fR -\fRRunas_Alias\fR -(\fBroot\fR -and -\fBoperator\fR.) -.nf -.sp -.RS 0n -jim +biglab = ALL -.RE -.fi -.PP -The user -\fBjim\fR -may run any command on machines in the -\fIbiglab\fR -netgroup. -\fBsudo\fR -knows that -\(lqbiglab\(rq -is a netgroup due to the -\(oq+\(cq -prefix. -.nf -.sp -.RS 0n -+secretaries ALL = PRINTING, /usr/bin/adduser, /usr/bin/rmuser -.RE -.fi -.PP -Users in the -\fBsecretaries\fR -netgroup need to help manage the printers as well as add and remove users, -so they are allowed to run those commands on all machines. -.nf -.sp -.RS 0n -fred ALL = (DB) NOPASSWD: ALL -.RE -.fi -.PP -The user -\fBfred\fR -can run commands as any user in the -\fIDB\fR -\fRRunas_Alias\fR -(\fBoracle\fR -or -\fBsybase\fR) -without giving a password. -.nf -.sp -.RS 0n -john ALPHA = /usr/bin/su [!-]*, !/usr/bin/su *root* -.RE -.fi -.PP -On the -\fIALPHA\fR -machines, user -\fBjohn\fR -may su to anyone except root but he is not allowed to specify any options -to the -su(1) -command. -.nf -.sp -.RS 0n -jen ALL, !SERVERS = ALL -.RE -.fi -.PP -The user -\fBjen\fR -may run any command on any machine except for those in the -\fISERVERS\fR -\fRHost_Alias\fR -(primary, mail, www and ns). -.nf -.sp -.RS 0n -jill SERVERS = /usr/bin/, !SU, !SHELLS -.RE -.fi -.PP -For any machine in the -\fISERVERS\fR -\fRHost_Alias\fR, -\fBjill\fR -may run -any commands in the directory -\fI/usr/bin/\fR -except for those commands -belonging to the -\fISU\fR -and -\fISHELLS\fR -\fRCmnd_Aliases\fR. -While not specifically mentioned in the rule, the commands in the -\fIPAGERS\fR -\fRCmnd_Alias\fR -all reside in -\fI/usr/bin\fR -and have the -\fInoexec\fR -option set. -.nf -.sp -.RS 0n -steve CSNETS = (operator) /usr/local/op_commands/ -.RE -.fi -.PP -The user -\fBsteve\fR -may run any command in the directory /usr/local/op_commands/ -but only as user operator. -.nf -.sp -.RS 0n -matt valkyrie = KILL -.RE -.fi -.PP -On his personal workstation, valkyrie, -\fBmatt\fR -needs to be able to kill hung processes. -.nf -.sp -.RS 0n -WEBADMIN www = (www) ALL, (root) /usr/bin/su www -.RE -.fi -.PP -On the host www, any user in the -\fIWEBADMIN\fR -\fRUser_Alias\fR -(will, wendy, and wim), may run any command as user www (which owns the -web pages) or simply -su(1) -to www. -.nf -.sp -.RS 0n -ALL CDROM = NOPASSWD: /sbin/umount /CDROM,\e - /sbin/mount -o nosuid\e,nodev /dev/cd0a /CDROM -.RE -.fi -.PP -Any user may mount or unmount a CD-ROM on the machines in the CDROM -\fRHost_Alias\fR -(orion, perseus, hercules) without entering a password. -This is a bit tedious for users to type, so it is a prime candidate -for encapsulating in a shell script. -.SH "SECURITY NOTES" -.SS "Limitations of the \(oq!\&\(cq operator" -It is generally not effective to -\(lqsubtract\(rq -commands from -\fBALL\fR -using the -\(oq!\&\(cq -operator. -A user can trivially circumvent this by copying the desired command -to a different name and then executing that. -For example: -.nf -.sp -.RS 0n -bill ALL = ALL, !SU, !SHELLS -.RE -.fi -.PP -Doesn't really prevent -\fBbill\fR -from running the commands listed in -\fISU\fR -or -\fISHELLS\fR -since he can simply copy those commands to a different name, or use -a shell escape from an editor or other program. -Therefore, these kind of restrictions should be considered -advisory at best (and reinforced by policy). -.PP -In general, if a user has sudo -\fBALL\fR -there is nothing to prevent them from creating their own program that gives -them a root shell (or making their own copy of a shell) regardless of any -\(oq!\&\(cq -elements in the user specification. -.SS "Security implications of \fIfast_glob\fR" -If the -\fIfast_glob\fR -option is in use, it is not possible to reliably negate commands where the -path name includes globbing (aka wildcard) characters. -This is because the C library's -fnmatch(3) -function cannot resolve relative paths. -While this is typically only an inconvenience for rules that grant privileges, -it can result in a security issue for rules that subtract or revoke privileges. -.PP -For example, given the following -\fIsudoers\fR -file entry: -.nf -.sp -.RS 0n -john ALL = /usr/bin/passwd [a-zA-Z0-9]*, /usr/bin/chsh [a-zA-Z0-9]*,\e - /usr/bin/chfn [a-zA-Z0-9]*, !/usr/bin/* root -.RE -.fi -.PP -User -\fBjohn\fR -can still run -\fR/usr/bin/passwd root\fR -if -\fIfast_glob\fR -is enabled by changing to -\fI/usr/bin\fR -and running -\fR./passwd root\fR -instead. -.SS "Preventing shell escapes" -Once -\fBsudo\fR -executes a program, that program is free to do whatever -it pleases, including run other programs. -This can be a security issue since it is not uncommon for a program to -allow shell escapes, which lets a user bypass -\fBsudo\fR's -access control and logging. -Common programs that permit shell escapes include shells (obviously), -editors, paginators, mail and terminal programs. -.PP -There are two basic approaches to this problem: -.TP 10n -restrict -Avoid giving users access to commands that allow the user to run -arbitrary commands. -Many editors have a restricted mode where shell -escapes are disabled, though -\fBsudoedit\fR -is a better solution to -running editors via -\fBsudo\fR. -Due to the large number of programs that -offer shell escapes, restricting users to the set of programs that -do not is often unworkable. -.TP 10n -noexec -Many systems that support shared libraries have the ability to -override default library functions by pointing an environment -variable (usually -\fRLD_PRELOAD\fR) -to an alternate shared library. -On such systems, -\fBsudo\fR's -\fInoexec\fR -functionality can be used to prevent a program run by -\fBsudo\fR -from executing any other programs. -Note, however, that this applies only to dynamically-linked -executables. -Statically-linked executables and executables -running under binary emulation are not affected. -.sp -The -\fInoexec\fR -feature is known to work on SunOS, Solaris, *BSD, -Linux, IRIX, Tru64 UNIX, macOS, HP-UX 11.x and AIX 5.3 and above. -It should be supported on most operating systems that support the -\fRLD_PRELOAD\fR -environment variable. -Check your operating system's manual pages for the dynamic linker -(usually ld.so, ld.so.1, dyld, dld.sl, rld, or loader) to see if -\fRLD_PRELOAD\fR -is supported. -.sp -On Solaris 10 and higher, -\fInoexec\fR -uses Solaris privileges instead of the -\fRLD_PRELOAD\fR -environment variable. -.sp -To enable -\fInoexec\fR -for a command, use the -\fRNOEXEC\fR -tag as documented -in the User Specification section above. -Here is that example again: -.nf -.sp -.RS 10n -aaron shanty = NOEXEC: /usr/bin/more, /usr/bin/vi -.RE -.fi -.RS 10n -.sp -This allows user -\fBaaron\fR -to run -\fI/usr/bin/more\fR -and -\fI/usr/bin/vi\fR -with -\fInoexec\fR -enabled. -This will prevent those two commands from -executing other commands (such as a shell). -If you are unsure whether or not your system is capable of supporting -\fInoexec\fR -you can always just try it out and check whether shell escapes work when -\fInoexec\fR -is enabled. -.RE -.PP -Note that restricting shell escapes is not a panacea. -Programs running as root are still capable of many potentially hazardous -operations (such as changing or overwriting files) that could lead -to unintended privilege escalation. -In the specific case of an editor, a safer approach is to give the -user permission to run -\fBsudoedit\fR -(see below). -.SS "Secure editing" -The -\fBsudoers\fR -plugin includes -\fBsudoedit\fR -support which allows users to securely edit files with the editor -of their choice. -As -\fBsudoedit\fR -is a built-in command, it must be specified in the -\fIsudoers\fR -file without a leading path. -However, it may take command line arguments just as a normal command does. -Wildcards used in -\fIsudoedit\fR -command line arguments are expected to be path names, so a forward slash -(\(oq/\(cq) -will not be matched by a wildcard. -.PP -Unlike other -\fBsudo\fR -commands, the editor is run with the permissions of the invoking -user and with the environment unmodified. -More information may be found in the description of the -\fB\-e\fR -option in -sudo(@mansectsu@). -.PP -For example, to allow user operator to edit the -\(lqmessage of the day\(rq -file: -.nf -.sp -.RS 6n -operator sudoedit /etc/motd -.RE -.fi -.PP -The operator user then runs -\fBsudoedit\fR -as follows: -.nf -.sp -.RS 6n -$ sudoedit /etc/motd -.RE -.fi -.PP -The editor will run as the operator user, not root, on a temporary copy of -\fI/etc/motd\fR. -After the file has been edited, -\fI/etc/motd\fR -will be updated with the contents of the temporary copy. -.PP -Users should -\fInever\fR -be granted -\fBsudoedit\fR -permission to edit a file that resides in a directory the user -has write access to, either directly or via a wildcard. -If the user has write access to the directory it is possible to -replace the legitimate file with a link to another file, -allowing the editing of arbitrary files. -To prevent this, starting with version 1.8.16, symbolic links will -not be followed in writable directories and -\fBsudoedit\fR -will refuse to edit a file located in a writable directory -unless the -\fIsudoedit_checkdir\fR -option has been disabled or the invoking user is root. -Additionally, in version 1.8.15 and higher, -\fBsudoedit\fR -will refuse to open a symbolic link unless either the -\fIsudoedit_follow\fR -option is enabled or the -\fIsudoedit\fR -command is prefixed with the -\fRFOLLOW\fR -tag in the -\fIsudoers\fR -file. -.SS "Time stamp file checks" -\fBsudoers\fR -will check the ownership of its time stamp directory -(\fI@rundir@/ts\fR -by default) -and ignore the directory's contents if it is not owned by root or -if it is writable by a user other than root. -Older versions of -\fBsudo\fR -stored time stamp files in -\fI/tmp\fR; -this is no longer recommended as it may be possible for a user -to create the time stamp themselves on systems that allow -unprivileged users to change the ownership of files they create. -.PP -While the time stamp directory -\fIshould\fR -be cleared at reboot time, not all systems contain a -\fI/run\fR -or -\fI/var/run\fR -directory. -To avoid potential problems, -\fBsudoers\fR -will ignore time stamp files that date from before the machine booted -on systems where the boot time is available. -.PP -Some systems with graphical desktop environments allow unprivileged -users to change the system clock. -Since -\fBsudoers\fR -relies on the system clock for time stamp validation, it may be -possible on such systems for a user to run -\fBsudo\fR -for longer than -\fItimestamp_timeout\fR -by setting the clock back. -To combat this, -\fBsudoers\fR -uses a monotonic clock (which never moves backwards) for its time stamps -if the system supports it. -.PP -\fBsudoers\fR -will not honor time stamps set far in the future. -Time stamps with a date greater than current_time + 2 * -\fRTIMEOUT\fR -will be ignored and -\fBsudoers\fR -will log and complain. -.PP -If the -\fItimestamp_type\fR -option is set to -\(lqtty\(rq, -the time stamp record includes the device number of the terminal -the user authenticated with. -This provides per-terminal granularity but time stamp records may still -outlive the user's session. -.PP -Unless the -\fItimestamp_type\fR -option is set to -\(lqglobal\(rq, -the time stamp record also includes the session ID of the process -that last authenticated. -This prevents processes in different terminal sessions from using -the same time stamp record. -On systems where a process's start time can be queried, -the start time of the session leader -is recorded in the time stamp record. -If no terminal is present or the -\fItimestamp_type\fR -option is set to -\(lqppid\(rq, -the start time of the parent process is used instead. -In most cases this will prevent a time stamp record from being re-used -without the user entering a password when logging out and back in again. -.SH "DEBUGGING" -Versions 1.8.4 and higher of the -\fBsudoers\fR -plugin support a flexible debugging framework that can help track -down what the plugin is doing internally if there is a problem. -This can be configured in the -sudo.conf(@mansectform@) -file. -.PP -The -\fBsudoers\fR -plugin uses the same debug flag format as the -\fBsudo\fR -front-end: -\fIsubsystem\fR@\fIpriority\fR. -.PP -The priorities used by -\fBsudoers\fR, -in order of decreasing severity, -are: -\fIcrit\fR, \fIerr\fR, \fIwarn\fR, \fInotice\fR, \fIdiag\fR, \fIinfo\fR, \fItrace\fR -and -\fIdebug\fR. -Each priority, when specified, also includes all priorities higher -than it. -For example, a priority of -\fInotice\fR -would include debug messages logged at -\fInotice\fR -and higher. -.PP -The following subsystems are used by the -\fBsudoers\fR -plugin: -.TP 10n -\fIalias\fR -\fRUser_Alias\fR, -\fRRunas_Alias\fR, -\fRHost_Alias\fR -and -\fRCmnd_Alias\fR -processing -.TP 10n -\fIall\fR -matches every subsystem -.TP 10n -\fIaudit\fR -BSM and Linux audit code -.TP 10n -\fIauth\fR -user authentication -.TP 10n -\fIdefaults\fR -\fIsudoers\fR -file -\fIDefaults\fR -settings -.TP 10n -\fIenv\fR -environment handling -.TP 10n -\fIldap\fR -LDAP-based sudoers -.TP 10n -\fIlogging\fR -logging support -.TP 10n -\fImatch\fR -matching of users, groups, hosts and netgroups in the -\fIsudoers\fR -file -.TP 10n -\fInetif\fR -network interface handling -.TP 10n -\fInss\fR -network service switch handling in -\fBsudoers\fR -.TP 10n -\fIparser\fR -\fIsudoers\fR -file parsing -.TP 10n -\fIperms\fR -permission setting -.TP 10n -\fIplugin\fR -The equivalent of -\fImain\fR -for the plugin. -.TP 10n -\fIpty\fR -pseudo-terminal related code -.TP 10n -\fIrbtree\fR -redblack tree internals -.TP 10n -\fIsssd\fR -SSSD-based sudoers -.TP 10n -\fIutil\fR -utility functions -.PD 0 -.PP -For example: -.nf -.sp -.RS 0n -Debug sudo /var/log/sudo_debug match@info,nss@info -.RE -.fi -.PD -.PP -For more information, see the -sudo.conf(@mansectform@) -manual. -.SH "SEE ALSO" -ssh(1), -su(1), -fnmatch(3), -glob(3), -mktemp(3), -strftime(3), -sudo.conf(@mansectform@), -sudo_plugin(@mansectform@), -sudoers.ldap(@mansectform@), -sudoers_timestamp(@mansectform@), -sudo(@mansectsu@), -visudo(@mansectsu@) -.SH "AUTHORS" -Many people have worked on -\fBsudo\fR -over the years; this version consists of code written primarily by: -.sp -.RS 6n -Todd C. Miller -.RE -.PP -See the CONTRIBUTORS file in the -\fBsudo\fR -distribution (https://www.sudo.ws/contributors.html) for an -exhaustive list of people who have contributed to -\fBsudo\fR. -.SH "CAVEATS" -The -\fIsudoers\fR -file should -\fBalways\fR -be edited by the -\fBvisudo\fR -utility which locks the file and checks for syntax errors. -If -\fIsudoers\fR -contains syntax errors, -\fBsudo\fR -may refuse to run, which is a serious problem if -\fBsudo\fR -is your only method of obtaining superuser privileges. -Recent versions of -\fBsudoers\fR -will attempt to recover after a syntax error by ignoring the rest of -the line after encountering an error. -Older versions of -\fBsudo\fR -will not run if -\fIsudoers\fR -contains a syntax error. -.PP -When using netgroups of machines (as opposed to users), if you -store fully qualified host name in the netgroup (as is usually the -case), you either need to have the machine's host name be fully qualified -as returned by the -\fRhostname\fR -command or use the -\fIfqdn\fR -option in -\fIsudoers\fR. -.SH "BUGS" -If you feel you have found a bug in -\fBsudo\fR, -please submit a bug report at https://bugzilla.sudo.ws/ -.SH "SUPPORT" -Limited free support is available via the sudo-users mailing list, -see https://www.sudo.ws/mailman/listinfo/sudo-users to subscribe or -search the archives. -.SH "DISCLAIMER" -\fBsudo\fR -is provided -\(lqAS IS\(rq -and any express or implied warranties, including, but not limited -to, the implied warranties of merchantability and fitness for a -particular purpose are disclaimed. -See the LICENSE file distributed with -\fBsudo\fR -or https://www.sudo.ws/license.html for complete details. diff -Nru sudo-1.9.5p2/doc/sudoers.man.in.sed sudo-1.9.9/doc/sudoers.man.in.sed --- sudo-1.9.5p2/doc/sudoers.man.in.sed 2021-01-09 20:12:16.000000000 +0000 +++ sudo-1.9.9/doc/sudoers.man.in.sed 1970-01-01 00:00:00.000000000 +0000 @@ -1,150 +0,0 @@ -s/^\(.TH .*\)/.nr SL @SEMAN@\ -.nr BA @BAMAN@\ -.nr LC @LCMAN@\ -.nr PS @PSMAN@\ -\1/ - -/^On$/N -/^On\nBSD$/,/^.*\.$/ { - /^On\nBSD$/i\ -.if \\n(LC \\{\\ - /\.$/a\ -.\\} -} - -/^\.SS "SELinux_Spec"$/,/^\.SS/ { - /^\.SS / { - /^\.SS "SELinux_Spec"$/i\ -.if \\n(SL \\{\\ - /^\.SS "SELinux_Spec"$/!i\ -.\\} - } -} - -/^\.SS "Solaris_Priv_Spec"$/,/^\.SS/ { - /^\.SS / { - /^\.SS "Solaris_Priv_Spec"$/i\ -.if \\n(PS \\{\\ - /^\.SS "Solaris_Priv_Spec"$/!i\ -.\\} - } -} - -/^Option_Spec ::= / { - s/^.*$/.ie \\n(SL \\{\\\ -.ie \\n(PS Option_Spec ::= (SELinux_Spec | Solaris_Priv_Spec | Date_Spec | Timeout_Spec)\ -.el Option_Spec ::= (SELinux_Spec | Date_Spec | Timeout_Spec)\ -.\\}\ -.el \\{\\\ -.ie \\n(PS Option_Spec ::= (Solaris_Priv_Spec | Date_Spec | Timeout_Spec)\ -.el Option_Spec ::= (Date_Spec | Timeout_Spec)\ -.\\}/ -} - -/^SELinux_Spec ::=/ { - i\ -.if \\n(SL \\{\\ - N - a\ -.\\} -} - -/^Solaris_Priv_Spec ::=/ { - i\ -.if \\n(PS \\{\\ - N - a\ -.\\} -} - -/^SELinux roles.*types,/ { - i\ -.if \\n(SL \\{\\ - a\ -.\\} -} - -/^Solaris privileges sets,/ { - i\ -.if \\n(PS \\{\\ - a\ -.\\} -} - -/^\.TP 18n$/ { - N - /^\.TP 18n\nuse_loginclass$/,/^\.TP 18n/ { - /^\.TP 18n/ { - /^\.TP 18n\nuse_loginclass$/i\ -.if \\n(BA \\{\\ - /^\.TP 18n\nuse_loginclass$/!i\ -.\\} - } - } - /^\.TP 18n\nlimitprivs$/,/^\.TP 18n/ { - /^\.TP 18n/ { - /^\.TP 18n\nlimitprivs$/i\ -.if \\n(PS \\{\\ - /^\.TP 18n\nlimitprivs$/!i\ -.\\} - } - } - /^\.TP 18n\nprivs$/,/^\.TP 18n/ { - /^\.TP 18n/ { - /^\.TP 18n\nprivs$/i\ -.if \\n(PS \\{\\ - /^\.TP 18n\nprivs$/!i\ -.\\} - } - } - /^\.TP 18n\nselinux$/,/^\.TP 18n/ { - /^\.TP 18n/ { - /^\.TP 18n\nselinux$/i\ -.if \\n(SL \\{\\ - /^\.TP 18n\nselinux$/!i\ -.\\} - } - } - /^\.TP 18n\nrole$/,/^\.TP 18n/ { - /^\.TP 18n/ { - /^\.TP 18n\nrole$/i\ -.if \\n(SL \\{\\ - /^\.TP 18n\nrole$/!i\ -.\\} - } - } - /^\.TP 18n\ntype$/,/^\.TP 18n/ { - /^\.TP 18n/ { - /^\.TP 18n\ntype$/i\ -.if \\n(SL \\{\\ - /^\.TP 18n\ntype$/!i\ -.\\} - } - } -} - -/^\\fRPRIVS\\fR,/ { - i\ -.if \\n(PS \\{\\ - a\ -.\\} -} -/^\\fRLIMITPRIVS\\fR,/ { - i\ -.if \\n(PS \\{\\ - a\ -.\\} -} - -/^\\fRROLE\\fR,/ { - i\ -.if \\n(SL \\{\\ - a\ -.\\} -} -/^\\fRTYPE\\fR,/ { - i\ -.if \\n(SL \\{\\ - a\ -.\\} -} diff -Nru sudo-1.9.5p2/doc/sudoers.mdoc.in sudo-1.9.9/doc/sudoers.mdoc.in --- sudo-1.9.5p2/doc/sudoers.mdoc.in 2021-01-09 20:12:16.000000000 +0000 +++ sudo-1.9.9/doc/sudoers.mdoc.in 1970-01-01 00:00:00.000000000 +0000 @@ -1,6051 +0,0 @@ -.\" -.\" SPDX-License-Identifier: ISC -.\" -.\" Copyright (c) 1994-1996, 1998-2005, 2007-2021 -.\" Todd C. Miller -.\" -.\" Permission to use, copy, modify, and distribute this software for any -.\" purpose with or without fee is hereby granted, provided that the above -.\" copyright notice and this permission notice appear in all copies. -.\" -.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES -.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF -.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR -.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES -.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN -.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF -.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. -.\" -.\" Sponsored in part by the Defense Advanced Research Projects -.\" Agency (DARPA) and Air Force Research Laboratory, Air Force -.\" Materiel Command, USAF, under agreement number F39502-99-1-0512. -.\" -.nr SL @SEMAN@ -.nr BA @BAMAN@ -.nr LC @LCMAN@ -.nr PS @PSMAN@ -.Dd January 8, 2020 -.Dt SUDOERS @mansectform@ -.Os Sudo @PACKAGE_VERSION@ -.Sh NAME -.Nm sudoers -.Nd default sudo security policy plugin -.Sh DESCRIPTION -The -.Nm -policy plugin determines a user's -.Nm sudo -privileges. -It is the default -.Nm sudo -policy plugin. -The policy is driven by -the -.Pa @sysconfdir@/sudoers -file or, optionally in LDAP. -The policy format is described in detail in the -.Sx SUDOERS FILE FORMAT -section. -For information on storing -.Nm -policy information -in LDAP, please see -.Xr sudoers.ldap @mansectform@ . -.Ss Configuring sudo.conf for sudoers -.Nm sudo -consults the -.Xr sudo.conf @mansectform@ -file to determine which policy and I/O logging plugins to load. -If no -.Xr sudo.conf @mansectform@ -file is present, or if it contains no -.Li Plugin -lines, -.Nm -will be used for policy decisions and I/O logging. -To explicitly configure -.Xr sudo.conf @mansectform@ -to use the -.Nm -plugin, the following configuration can be used. -.Bd -literal -offset indent -Plugin sudoers_audit sudoers.so -Plugin sudoers_policy sudoers.so -Plugin sudoers_io sudoers.so -.Ed -.Pp -Starting with -.Nm sudo -1.8.5, it is possible to specify optional arguments to the -.Nm -plugin in the -.Xr sudo.conf @mansectform@ -file. -Plugin arguments, if any, should be listed after the path to the plugin -(i.e., after -.Pa sudoers.so ) . -The arguments are only effective for the plugin that opens (and parses) the -.Em sudoers -file. -.Pp -For -.Nm sudo -version 1.9.1 and higher, this is the -.Em sudoers_audit -plugin. -For older versions, it is the -.Em sudoers_policy -plugin. -Multiple arguments may be specified, separated by white space. -For example: -.Bd -literal -offset indent -Plugin sudoers_audit sudoers.so sudoers_mode=0400 error_recovery=false -.Ed -.Pp -The following plugin arguments are supported: -.Bl -tag -width 8n -.It error_recovery=bool -The -.Em error_recovery -argument can be used to control whether -.Nm -should attempt to recover from syntax errors in the -.Em sudoers -file. -If set to -.Em true -(the default), -.Nm -will try to recover from a syntax error by discarding the portion -of the line that contains the error until the end of the line. -A value of -.Em false -will disable error recovery. -Prior to version 1.9.3, no error recovery was performed. -.It ldap_conf=pathname -The -.Em ldap_conf -argument can be used to override the default path to the -.Pa ldap.conf -file. -.It ldap_secret=pathname -The -.Em ldap_secret -argument can be used to override the default path to the -.Pa ldap.secret -file. -.It sudoers_file=pathname -The -.Em sudoers_file -argument can be used to override the default path to the -.Em sudoers -file. -.It sudoers_uid=uid -The -.Em sudoers_uid -argument can be used to override the default owner of the sudoers file. -It should be specified as a numeric user-ID. -.It sudoers_gid=gid -The -.Em sudoers_gid -argument can be used to override the default group of the sudoers file. -It must be specified as a numeric group-ID (not a group name). -.It sudoers_mode=mode -The -.Em sudoers_mode -argument can be used to override the default file mode for the sudoers file. -It should be specified as an octal value. -.El -.Pp -For more information on configuring -.Xr sudo.conf @mansectform@ , -please refer to its manual. -.Ss User Authentication -The -.Nm -security policy requires that most users authenticate -themselves before they can use -.Nm sudo . -A password is not required -if the invoking user is root, if the target user is the same as the -invoking user, or if the policy has disabled authentication for the -user or command. -Unlike -.Xr su 1 , -when -.Nm -requires -authentication, it validates the invoking user's credentials, not -the target user's (or root's) credentials. -This can be changed via -the -.Em rootpw , -.Em targetpw -and -.Em runaspw -flags, described later. -.Pp -If a user who is not listed in the policy tries to run a command -via -.Nm sudo , -mail is sent to the proper authorities. -The address -used for such mail is configurable via the -.Em mailto -Defaults entry -(described later) and defaults to -.Li @mailto@ . -.Pp -Note that no mail will be sent if an unauthorized user tries to run -.Nm sudo -with the -.Fl l -or -.Fl v -option unless there is an authentication error and -either the -.Em mail_always -or -.Em mail_badpass -flags are enabled. -This allows users to -determine for themselves whether or not they are allowed to use -.Nm sudo . -By default, all attempts to run -.Nm sudo -(successful or not) -are logged, regardless of whether or not mail is sent. -.Pp -If -.Nm sudo -is run by root and the -.Ev SUDO_USER -environment variable -is set, the -.Nm -policy will use this value to determine who -the actual user is. -This can be used by a user to log commands -through sudo even when a root shell has been invoked. -It also -allows the -.Fl e -option to remain useful even when invoked via a -sudo-run script or program. -Note, however, that the -.Em sudoers -file lookup is still done for root, not the user specified by -.Ev SUDO_USER . -.Pp -.Nm -uses per-user time stamp files for credential caching. -Once a user has been authenticated, a record is written -containing the user-ID that was used to authenticate, the -terminal session ID, the start time of the session leader -(or parent process) and a time stamp -(using a monotonic clock if one is available). -The user may then use -.Nm sudo -without a password for a short period of time -.Po -.Li @timeout@ -minutes unless overridden by the -.Em timestamp_timeout -option -.Pc . -By default, -.Nm -uses a separate record for each terminal, which means that -a user's login sessions are authenticated separately. -The -.Em timestamp_type -option can be used to select the type of time stamp record -.Nm -will use. -.Ss Logging -By default, -.Nm -logs both successful and unsuccessful attempts (as well -as errors). -The -.Em log_allowed -and -.Em log_denied -flags can be used to control this behavior. -Messages can be logged to -.Xr syslog 3 , -a log file, or both. -The default is to log to -.Xr syslog 3 -but this is configurable via the -.Em syslog -and -.Em logfile -settings. -See -.Sx "LOG FORMAT" -for a description of the log file format. -.Pp -.Nm -is also capable of running a command in a pseudo-terminal and logging all -input and/or output. -The standard input, standard output and standard error can be logged -even when not associated with a terminal. -I/O logging is not on by default but can be enabled using -the -.Em log_input -and -.Em log_output -options as well as the -.Li LOG_INPUT -and -.Li LOG_OUTPUT -command tags. -See -.Sx "I/O LOG FILES" -for details on how I/O log files are stored. -.Pp -Starting with version 1.9, the -.Em log_servers -setting may be used to send event and I/O log data to a remote server running -.Nm sudo_logsrvd -or another service that implements the protocol described by -.Xr sudo_logsrv.proto @mansectform@ . -.Ss Command environment -Since environment variables can influence program behavior, -.Nm -provides a means to restrict which variables from the user's -environment are inherited by the command to be run. -There are two -distinct ways -.Nm -can deal with environment variables. -.Pp -By default, the -.Em env_reset -flag is enabled. -This causes commands -to be executed with a new, minimal environment. -On AIX (and Linux -systems without PAM), the environment is initialized with the -contents of the -.Pa /etc/environment -file. -.if \n(LC \{\ -On -.Bx -systems, if the -.Em use_loginclass -flag is enabled, the environment is initialized -based on the -.Em path -and -.Em setenv -settings in -.Pa /etc/login.conf . -.\} -The -.Ev HOME , -.Ev MAIL , -.Ev SHELL , -.Ev LOGNAME -and -.Ev USER -environment variables are initialized based on the target user -and the -.Ev SUDO_* -variables are set based on the invoking user. -Additional variables, such as -.Ev DISPLAY , -.Ev PATH -and -.Ev TERM , -are preserved from the invoking user's environment if permitted by the -.Em env_check -or -.Em env_keep -options. -A few environment variables are treated specially. -If the -.Ev PATH -and -.Ev TERM -variables are not preserved from the user's environment, they will be set -to default values. -The -.Ev LOGNAME -and -.Ev USER -are handled as a single entity. -If one of them is preserved (or removed) from the user's environment, -the other will be as well. -If -.Ev LOGNAME -and -.Ev USER -are to be preserved but only one of them is present in the user's environment, -the other will be set to the same value. -This avoids an inconsistent environment where one of the variables -describing the user name is set to the invoking user and one is -set to the target user. -Environment variables with a value beginning with -.Li () -are removed unless both the name and value parts are matched by -.Em env_keep -or -.Em env_check , -as they may be interpreted as functions by the -.Sy bash -shell. -Prior to version 1.8.11, such variables were always removed. -.Pp -If, however, the -.Em env_reset -flag is disabled, any variables not -explicitly denied by the -.Em env_check -and -.Em env_delete -options are allowed and their values are -inherited from the invoking process. -Prior to version 1.8.21, environment variables with a value beginning with -.Li () -were always removed. -Beginning with version 1.8.21, a pattern in -.Em env_delete -is used to match -.Sy bash -shell functions instead. -Since it is not possible -to block all potentially dangerous environment variables, use -of the default -.Em env_reset -behavior is encouraged. -.Pp -Environment variables specified by -.Em env_check , -.Em env_delete , -or -.Em env_keep -may include one or more -.Ql * -characters which will match zero or more characters. -No other wildcard characters are supported. -.Pp -By default, environment variables are matched by name. -However, if the pattern includes an equal sign -.Pq Ql =\& , -both the variables name and value must match. -For example, a -.Sy bash -shell function could be matched as follows: -.Bd -literal -offset 4n -env_keep += "BASH_FUNC_my_func%%=()*" -.Ed -.Pp -Without the -.Dq Li =()* -suffix, this would not match, as -.Sy bash -shell functions are not preserved by default. -.Pp -The complete list of environment variables that are preserved or removed, -as modified by global Defaults parameters in -.Em sudoers , -is displayed when -.Nm sudo -is run by root with the -.Fl V -option. -Please note that the list of environment variables to remove -varies based on the operating system -.Nm sudo -is running on. -.Pp -Other -.Nm -options may influence the command environment, such as -.Em always_set_home , -.Em secure_path , -.Em set_logname , -and -.Em set_home . -.Pp -On systems that support PAM where the -.Sy pam_env -module is enabled for -.Nm sudo , -variables in the PAM environment may be merged in to the environment. -If a variable in the PAM environment is already present in the -user's environment, the value will only be overridden if the variable -was not preserved by -.Nm . -When -.Em env_reset -is enabled, variables preserved from the invoking user's environment -by the -.Em env_keep -list take precedence over those in the PAM environment. -When -.Em env_reset -is disabled, variables present the invoking user's environment -take precedence over those in the PAM environment unless they -match a pattern in the -.Em env_delete -list. -.Pp -Note that the dynamic linker on most operating systems will remove -variables that can control dynamic linking from the environment of -set-user-ID executables, including -.Nm sudo . -Depending on the operating -system this may include -.Ev _RLD* , -.Ev DYLD_* , -.Ev LD_* , -.Ev LDR_* , -.Ev LIBPATH , -.Ev SHLIB_PATH , -and others. -These type of variables are -removed from the environment before -.Nm sudo -even begins execution -and, as such, it is not possible for -.Nm sudo -to preserve them. -.Pp -As a special case, if the -.Fl i -option (initial login) is -specified, -.Nm -will initialize the environment regardless -of the value of -.Em env_reset . -The -.Ev DISPLAY , -.Ev PATH -and -.Ev TERM -variables remain unchanged; -.Ev HOME , -.Ev MAIL , -.Ev SHELL , -.Ev USER , -and -.Ev LOGNAME -are set based on the target user. -On AIX (and Linux -systems without PAM), the contents of -.Pa /etc/environment -are also -included. -.if \n(LC \{\ -On -.Bx -systems, if the -.Em use_loginclass -flag is -enabled, the -.Em path -and -.Em setenv -variables in -.Pa /etc/login.conf -are also applied. -.\} -All other environment variables are removed unless permitted by -.Em env_keep -or -.Em env_check , -described above. -.Pp -Finally, the -.Em restricted_env_file -and -.Em env_file -files are applied, if present. -The variables in -.Em restricted_env_file -are applied first and are subject to the same restrictions as the -invoking user's environment, as detailed above. -The variables in -.Em env_file -are applied last and are not subject to these restrictions. -In both cases, variables present in the files will only be set to -their specified values if they would not conflict with an existing -environment variable. -.Sh SUDOERS FILE FORMAT -The -.Em sudoers -file is composed of two types of entries: aliases -(basically variables) and user specifications (which specify who -may run what). -.Pp -When multiple entries match for a user, they are applied in order. -Where there are multiple matches, the last match is used (which is -not necessarily the most specific match). -.Pp -The -.Em sudoers -file grammar will be described below in Extended Backus-Naur -Form (EBNF). -Don't despair if you are unfamiliar with EBNF; it is fairly simple, -and the definitions below are annotated. -.Ss Quick guide to EBNF -EBNF is a concise and exact way of describing the grammar of a language. -Each EBNF definition is made up of -.Em production rules . -E.g., -.Pp -.Li symbol ::= definition | alternate1 | alternate2 ... -.Pp -Each -.Em production rule -references others and thus makes up a -grammar for the language. -EBNF also contains the following -operators, which many readers will recognize from regular -expressions. -Do not, however, confuse them with -.Dq wildcard -characters, which have different meanings. -.Bl -tag -width 4n -.It Li \&? -Means that the preceding symbol (or group of symbols) is optional. -That is, it may appear once or not at all. -.It Li * -Means that the preceding symbol (or group of symbols) may appear -zero or more times. -.It Li + -Means that the preceding symbol (or group of symbols) may appear -one or more times. -.El -.Pp -Parentheses may be used to group symbols together. -For clarity, -we will use single quotes -.Pq '' -to designate what is a verbatim character string (as opposed to a symbol name). -.Ss Aliases -There are four kinds of aliases: -.Li User_Alias , -.Li Runas_Alias , -.Li Host_Alias -and -.Li Cmnd_Alias . -Beginning with -.Nm sudo -1.9.0, -.Li Cmd_Alias -may be used in place of -.Li Cmnd_Alias -if desired. -.Bd -literal -Alias ::= 'User_Alias' User_Alias_Spec (':' User_Alias_Spec)* | - 'Runas_Alias' Runas_Alias_Spec (':' Runas_Alias_Spec)* | - 'Host_Alias' Host_Alias_Spec (':' Host_Alias_Spec)* | - 'Cmnd_Alias' Cmnd_Alias_Spec (':' Cmnd_Alias_Spec)* | - 'Cmd_Alias' Cmnd_Alias_Spec (':' Cmnd_Alias_Spec)* - -User_Alias ::= NAME - -User_Alias_Spec ::= User_Alias '=' User_List - -Runas_Alias ::= NAME - -Runas_Alias_Spec ::= Runas_Alias '=' Runas_List - -Host_Alias ::= NAME - -Host_Alias_Spec ::= Host_Alias '=' Host_List - -Cmnd_Alias ::= NAME - -Cmnd_Alias_Spec ::= Cmnd_Alias '=' Cmnd_List - -NAME ::= [A-Z]([A-Z][0-9]_)* -.Ed -.Pp -Each -.Em alias -definition is of the form -.Bd -literal -Alias_Type NAME = item1, item2, ... -.Ed -.Pp -where -.Em Alias_Type -is one of -.Li User_Alias , -.Li Runas_Alias , -.Li Host_Alias , -or -.Li Cmnd_Alias . -A -.Li NAME -is a string of uppercase letters, numbers, -and underscore characters -.Pq Ql _ . -A -.Li NAME -.Sy must -start with an -uppercase letter. -It is possible to put several alias definitions -of the same type on a single line, joined by a colon -.Pq Ql :\& . -E.g., -.Bd -literal -Alias_Type NAME = item1, item2, item3 : NAME = item4, item5 -.Ed -.Pp -It is a syntax error to redefine an existing -.Em alias . -It is possible to use the same name for -.Em aliases -of different types, but this is not recommended. -.Pp -The definitions of what constitutes a valid -.Em alias -member follow. -.Bd -literal -User_List ::= User | - User ',' User_List - -User ::= '!'* user name | - '!'* #uid | - '!'* %group | - '!'* %#gid | - '!'* +netgroup | - '!'* %:nonunix_group | - '!'* %:#nonunix_gid | - '!'* User_Alias -.Ed -.Pp -A -.Li User_List -is made up of one or more user names, user-IDs -(prefixed with -.Ql # ) , -system group names and IDs (prefixed with -.Ql % -and -.Ql %# -respectively), netgroups (prefixed with -.Ql + ) , -non-Unix group names and IDs (prefixed with -.Ql %: -and -.Ql %:# -respectively) and -.Li User_Alias Ns es. -Each list item may be prefixed with zero or more -.Ql \&! -operators. -An odd number of -.Ql \&! -operators negate the value of -the item; an even number just cancel each other out. -User netgroups are matched using the user and domain members only; -the host member is not used when matching. -.Pp -A -.Li user name , -.Li uid , -.Li group , -.Li gid , -.Li netgroup , -.Li nonunix_group -or -.Li nonunix_gid -may be enclosed in double quotes to avoid the -need for escaping special characters. -Alternately, special characters -may be specified in escaped hex mode, e.g., \ex20 for space. -When -using double quotes, any prefix characters must be included inside -the quotes. -.Pp -The actual -.Li nonunix_group -and -.Li nonunix_gid -syntax depends on -the underlying group provider plugin. -For instance, the QAS AD plugin supports the following formats: -.Bl -bullet -width 1n -.It -Group in the same domain: "%:Group Name" -.It -Group in any domain: "%:Group Name@FULLY.QUALIFIED.DOMAIN" -.It -Group SID: "%:S-1-2-34-5678901234-5678901234-5678901234-567" -.El -.Pp -See -.Sx "GROUP PROVIDER PLUGINS" -for more information. -.Pp -Note that quotes around group names are optional. -Unquoted strings must use a backslash -.Pq Ql \e -to escape spaces and special characters. -See -.Sx Other special characters and reserved words -for a list of -characters that need to be escaped. -.Bd -literal -Runas_List ::= Runas_Member | - Runas_Member ',' Runas_List - -Runas_Member ::= '!'* user name | - '!'* #uid | - '!'* %group | - '!'* %#gid | - '!'* %:nonunix_group | - '!'* %:#nonunix_gid | - '!'* +netgroup | - '!'* Runas_Alias -.Ed -.Pp -A -.Li Runas_List -is similar to a -.Li User_List -except that instead -of -.Li User_Alias Ns es -it can contain -.Li Runas_Alias Ns es . -Note that -user names and groups are matched as strings. -In other words, two users (groups) with the same user (group) ID -are considered to be distinct. -If you wish to match all user names with the same user-ID (e.g., root and -toor), you can use a user-ID instead of a name (#0 in the example given). -Note that the user-ID or group-ID specified in a -.Li Runas_Member -need not be listed in the password or group database. -.Bd -literal -Host_List ::= Host | - Host ',' Host_List - -Host ::= '!'* host name | - '!'* ip_addr | - '!'* network(/netmask)? | - '!'* +netgroup | - '!'* Host_Alias -.Ed -.Pp -A -.Li Host_List -is made up of one or more host names, IP addresses, -network numbers, netgroups (prefixed with -.Ql + ) -and other aliases. -Again, the value of an item may be negated with the -.Ql \&! -operator. -Host netgroups are matched using the host (both qualified and unqualified) -and domain members only; the user member is not used when matching. -If you specify a network number without a netmask, -.Nm sudo -will query each of the local host's network interfaces and, -if the network number corresponds to one of the hosts's network -interfaces, will use the netmask of that interface. -The netmask may be specified either in standard IP address notation -(e.g., 255.255.255.0 or ffff:ffff:ffff:ffff::), -or CIDR notation (number of bits, e.g., 24 or 64). -A host name may include shell-style wildcards (see the -.Sx Wildcards -section below), -but unless the -.Li host name -command on your machine returns the fully -qualified host name, you'll need to use the -.Em fqdn -flag for wildcards to be useful. -Note that -.Nm sudo -only inspects actual network interfaces; this means that IP address -127.0.0.1 (localhost) will never match. -Also, the host name -.Dq localhost -will only match if that is the actual host name, which is usually -only the case for non-networked systems. -.Bd -literal -digest ::= [A-Fa-f0-9]+ | - [A-Za-z0-9\e+/=]+ - -Digest_Spec ::= "sha224" ':' digest | - "sha256" ':' digest | - "sha384" ':' digest | - "sha512" ':' digest - -Digest_List ::= Digest_Spec | - Digest_Spec ',' Digest_List - -Cmnd_List ::= Cmnd | - Cmnd ',' Cmnd_List - -command name ::= file name | - file name args | - file name '""' - -Edit_Spec ::= "sudoedit" file name+ - -Cmnd ::= Digest_List? '!'* command name | - '!'* directory | - '!'* Edit_Spec | - '!'* Cmnd_Alias -.Ed -.Pp -A -.Li Cmnd_List -is a list of one or more command names, directories, and other aliases. -A command name is a fully qualified file name which may include -shell-style wildcards (see the -.Sx Wildcards -section below). -A simple file name allows the user to run the command with any -arguments they wish. -However, you may also specify command line arguments (including -wildcards). -Alternately, you can specify -.Li \&"" -to indicate that the command -may only be run -.Sy without -command line arguments. -A directory is a -fully qualified path name ending in a -.Ql / . -When you specify a directory in a -.Li Cmnd_List , -the user will be able to run any file within that directory -(but not in any sub-directories therein). -.Pp -If a -.Li Cmnd -has associated command line arguments, then the arguments -in the -.Li Cmnd -must match exactly those given by the user on the command line -(or match the wildcards if there are any). -Note that the following characters must be escaped with a -.Ql \e -if they are used in command arguments: -.Ql ,\& , -.Ql :\& , -.Ql =\& , -.Ql \e . -The built-in command -.Dq Li sudoedit -is used to permit a user to run -.Nm sudo -with the -.Fl e -option (or as -.Nm sudoedit ) . -It may take command line arguments just as a normal command does. -Note that -.Dq Li sudoedit -is a command built into -.Nm sudo -itself and must be specified in the -.Em sudoers -file -.Sy without -a leading path. -If a leading path is present, for example -.Pa /usr/bin/sudoedit , -the path name will be silently converted to -.Dq Li sudoedit . -A fully-qualified path for -.Nm sudoedit -is treated as an error by -.Nm visudo . -.Pp -A -.Li command name -may be preceded by a -.Li Digest_List , -a comma-separated list of one or more -.Li Digest_Spec -entries. -If a -.Li Digest_List -is present, the command will only match successfully if it can be verified -using one of the SHA-2 digests in the list. -Starting with version 1.9.0, the -.Sy ALL -reserved word can be used in conjunction with a -.Li Digest_List . -The following digest formats are supported: sha224, sha256, sha384 and sha512. -The string may be specified in either hex or base64 format -(base64 is more compact). -There are several utilities capable of generating SHA-2 digests in hex -format such as openssl, shasum, sha224sum, sha256sum, sha384sum, sha512sum. -.Pp -For example, using openssl: -.Bd -literal -$ openssl dgst -sha224 /bin/ls -SHA224(/bin/ls)= 118187da8364d490b4a7debbf483004e8f3e053ec954309de2c41a25 -.Ed -.Pp -It is also possible to use openssl to generate base64 output: -.Bd -literal -$ openssl dgst -binary -sha224 /bin/ls | openssl base64 -EYGH2oNk1JC0p9679IMATo8+BT7JVDCd4sQaJQ== -.Ed -.Pp -Warning, if the user has write access to the command itself (directly or via a -.Nm sudo -command), it may be possible for the user to replace the command after the -digest check has been performed but before the command is executed. -A similar race condition exists on systems that lack the -.Xr fexecve 2 -system call when the directory in which the command is located -is writable by the user. -See the description of the -.Em fdexec -setting for more information on how -.Nm sudo -executes commands that have an associated digest. -.Pp -Command digests are only supported by version 1.8.7 or higher. -.Ss Defaults -Certain configuration options may be changed from their default -values at run-time via one or more -.Li Default_Entry -lines. -These may affect all users on any host, all users on a specific host, a -specific user, a specific command, or commands being run as a specific user. -Note that per-command entries may not include command line arguments. -If you need to specify arguments, define a -.Li Cmnd_Alias -and reference -that instead. -.Bd -literal -Default_Type ::= 'Defaults' | - 'Defaults' '@' Host_List | - 'Defaults' ':' User_List | - 'Defaults' '!' Cmnd_List | - 'Defaults' '>' Runas_List - -Default_Entry ::= Default_Type Parameter_List - -Parameter_List ::= Parameter | - Parameter ',' Parameter_List - -Parameter ::= Parameter '=' Value | - Parameter '+=' Value | - Parameter '-=' Value | - '!'* Parameter -.Ed -.Pp -Parameters may be -.Sy flags , -.Sy integer -values, -.Sy strings , -or -.Sy lists . -Flags are implicitly boolean and can be turned off via the -.Ql \&! -operator. -Some integer, string and list parameters may also be -used in a boolean context to disable them. -Values may be enclosed -in double quotes -.Pq \&"" -when they contain multiple words. -Special characters may be escaped with a backslash -.Pq Ql \e . -.Pp -Lists have two additional assignment operators, -.Li += -and -.Li -= . -These operators are used to add to and delete from a list respectively. -It is not an error to use the -.Li -= -operator to remove an element -that does not exist in a list. -.Pp -Defaults entries are parsed in the following order: generic, host, -user and runas Defaults first, then command defaults. -If there are multiple Defaults settings of the same type, the last -matching setting is used. -The following Defaults settings are parsed before all others since -they may affect subsequent entries: -.Em fqdn , -.Em group_plugin , -.Em runas_default , -.Em sudoers_locale . -.Pp -See -.Sx SUDOERS OPTIONS -for a list of supported Defaults parameters. -.Ss User specification -.Bd -literal -User_Spec ::= User_List Host_List '=' Cmnd_Spec_List \e - (':' Host_List '=' Cmnd_Spec_List)* - -Cmnd_Spec_List ::= Cmnd_Spec | - Cmnd_Spec ',' Cmnd_Spec_List - -Cmnd_Spec ::= Runas_Spec? Option_Spec* Tag_Spec* Cmnd - -Runas_Spec ::= '(' Runas_List? (':' Runas_List)? ')' - -.ie \n(SL \{\ -.ie \n(PS Option_Spec ::= (SELinux_Spec | Solaris_Priv_Spec | Date_Spec | Timeout_Spec | Chdir_Spec | Chroot_Spec) -.el Option_Spec ::= (SELinux_Spec | Date_Spec | Timeout_Spec | Chdir_Spec | Chroot_Spec) -.\} -.el \{\ -.ie \n(PS Option_Spec ::= (Solaris_Priv_Spec | Date_Spec | Timeout_Spec | Chdir_Spec | Chroot_Spec) -.el Option_Spec ::= (Date_Spec | Timeout_Spec | Chdir_Spec | Chroot_Spec) -.\} - -.if \n(SL \{\ -SELinux_Spec ::= ('ROLE=role' | 'TYPE=type') - -.\} -.if \n(PS \{\ -Solaris_Priv_Spec ::= ('PRIVS=privset' | 'LIMITPRIVS=privset') - -.\} -Date_Spec ::= ('NOTBEFORE=timestamp' | 'NOTAFTER=timestamp') - -Timeout_Spec ::= 'TIMEOUT=timeout' - -Chdir_Spec ::= 'CWD=directory' - -Chroot_Spec ::= 'CHROOT=directory' - -Tag_Spec ::= ('EXEC:' | 'NOEXEC:' | 'FOLLOW:' | 'NOFOLLOW' | - 'LOG_INPUT:' | 'NOLOG_INPUT:' | 'LOG_OUTPUT:' | - 'NOLOG_OUTPUT:' | 'MAIL:' | 'NOMAIL:' | 'PASSWD:' | - 'NOPASSWD:' | 'SETENV:' | 'NOSETENV:') -.Ed -.Pp -A -.Sy user specification -determines which commands a user may run -(and as what user) on specified hosts. -By default, commands are -run as -.Sy root , -but this can be changed on a per-command basis. -.Pp -The basic structure of a user specification is -.Dq who where = (as_whom) what . -Let's break that down into its constituent parts: -.Ss Runas_Spec -A -.Li Runas_Spec -determines the user and/or the group that a command -may be run as. -A fully-specified -.Li Runas_Spec -consists of two -.Li Runas_List Ns s -(as defined above) separated by a colon -.Pq Ql :\& -and enclosed in a set of parentheses. -The first -.Li Runas_List -indicates which users the command may be run as via the -.Fl u -option. -The second defines a list of groups that can be specified via the -.Fl g -option in addition to any of the target user's groups. -If both -.Li Runas_List Ns s -are specified, the command may be run with any combination of users -and groups listed in their respective -.Li Runas_List Ns s. -If only the first is specified, the command may be run as any user -in the list but no -.Fl g -option -may be specified. -If the first -.Li Runas_List -is empty but the -second is specified, the command may be run as the invoking user -with the group set to any listed in the -.Li Runas_List . -If both -.Li Runas_List Ns s -are empty, the command may only be run as the invoking user. -If no -.Li Runas_Spec -is specified the command may be run as -.Sy root -and -no group may be specified. -.Pp -A -.Li Runas_Spec -sets the default for the commands that follow it. -What this means is that for the entry: -.Bd -literal -dgb boulder = (operator) /bin/ls, /bin/kill, /usr/bin/lprm -.Ed -.Pp -The user -.Sy dgb -may run -.Pa /bin/ls , -.Pa /bin/kill , -and -.Pa /usr/bin/lprm -on the host -.No boulder Ns \(em Ns but -only as -.Sy operator . -E.g., -.Bd -literal -$ sudo -u operator /bin/ls -.Ed -.Pp -It is also possible to override a -.Li Runas_Spec -later on in an entry. -If we modify the entry like so: -.Bd -literal -dgb boulder = (operator) /bin/ls, (root) /bin/kill, /usr/bin/lprm -.Ed -.Pp -Then user -.Sy dgb -is now allowed to run -.Pa /bin/ls -as -.Sy operator , -but -.Pa /bin/kill -and -.Pa /usr/bin/lprm -as -.Sy root . -.Pp -We can extend this to allow -.Sy dgb -to run -.Li /bin/ls -with either -the user or group set to -.Sy operator : -.Bd -literal -dgb boulder = (operator : operator) /bin/ls, (root) /bin/kill,\e - /usr/bin/lprm -.Ed -.Pp -Note that while the group portion of the -.Li Runas_Spec -permits the -user to run as command with that group, it does not force the user -to do so. -If no group is specified on the command line, the command -will run with the group listed in the target user's password database -entry. -The following would all be permitted by the sudoers entry above: -.Bd -literal -$ sudo -u operator /bin/ls -$ sudo -u operator -g operator /bin/ls -$ sudo -g operator /bin/ls -.Ed -.Pp -In the following example, user -.Sy tcm -may run commands that access -a modem device file with the dialer group. -.Bd -literal -tcm boulder = (:dialer) /usr/bin/tip, /usr/bin/cu,\e - /usr/local/bin/minicom -.Ed -.Pp -Note that in this example only the group will be set, the command -still runs as user -.Sy tcm . -E.g.\& -.Bd -literal -$ sudo -g dialer /usr/bin/cu -.Ed -.Pp -Multiple users and groups may be present in a -.Li Runas_Spec , -in which case the user may select any combination of users and groups via the -.Fl u -and -.Fl g -options. -In this example: -.Bd -literal -alan ALL = (root, bin : operator, system) ALL -.Ed -.Pp -user -.Sy alan -may run any command as either user root or bin, -optionally setting the group to operator or system. -.Ss Option_Spec -A -.Li Cmnd -may have zero or more options associated with it. -Options may consist of -.if \n(SL \{\ -SELinux roles and/or types, -.\} -.if \n(PS \{\ -Solaris privileges sets, -.\} -start and/or end dates and command timeouts. -Once an option is set for a -.Li Cmnd , -subsequent -.Li Cmnd Ns s -in the -.Li Cmnd_Spec_List , -inherit that option unless it is overridden by another option. -Note that the option names are reserved words in -.Em sudoers . -This means that none of the valid option names (see below) can be used -when declaring an alias. -.if \n(SL \{\ -.Ss SELinux_Spec -On systems with SELinux support, -.Em sudoers -file entries may optionally have an SELinux role and/or type associated -with a command. -If a role or -type is specified with the command it will override any default values -specified in -.Em sudoers . -A role or type specified on the command line, -however, will supersede the values in -.Em sudoers . -.\} -.if \n(PS \{\ -.Ss Solaris_Priv_Spec -On Solaris systems, -.Em sudoers -file entries may optionally specify Solaris privilege set and/or limit -privilege set associated with a command. -If privileges or limit privileges are specified with the command -it will override any default values specified in -.Em sudoers . -.Pp -A privilege set is a comma-separated list of privilege names. -The -.Xr ppriv 1 -command can be used to list all privileges known to the system. -For example: -.Bd -literal -$ ppriv -l -.Ed -.Pp -In addition, there are several -.Dq special -privilege strings: -.Bl -tag -width 8n -.It none -the empty set -.It all -the set of all privileges -.It zone -the set of all privileges available in the current zone -.It basic -the default set of privileges normal users are granted at login time -.El -.Pp -Privileges can be excluded from a set by prefixing the privilege -name with either an -.Ql \&! -or -.Ql \- -character. -.\} -.Ss Date_Spec -.Nm -rules can be specified with a start and end date via the -.Li NOTBEFORE -and -.Li NOTAFTER -settings. -The time stamp must be specified in -.Em Generalized Time -as defined by RFC 4517. -The format is effectively -.Li yyyymmddHHMMSSZ -where the minutes and seconds are optional. -The -.Ql Z -suffix indicates that the time stamp is in Coordinated Universal Time (UTC). -It is also possible to specify a timezone offset from UTC in hours -and minutes instead of a -.Ql Z . -For example, -.Ql -0500 -would correspond to Eastern Standard time in the US. -As an extension, if no -.Ql Z -or timezone offset is specified, local time will be used. -.Pp -The following are all valid time stamps: -.Bd -literal -offset 4n -20170214083000Z -2017021408Z -20160315220000-0500 -20151201235900 -.Ed -.Ss Timeout_Spec -A command may have a timeout associated with it. -If the timeout expires before the command has exited, the -command will be terminated. -The timeout may be specified in combinations of days, hours, -minutes and seconds with a single-letter case-insensitive suffix -that indicates the unit of time. -For example, a timeout of 7 days, 8 hours, 30 minutes and -10 seconds would be written as -.Li 7d8h30m10s . -If a number is specified without a unit, seconds are assumed. -Any of the days, minutes, hours or seconds may be omitted. -The order must be from largest to smallest unit and a unit -may not be specified more than once. -.Pp -The following are all -.Em valid -timeout values: -.Li 7d8h30m10s , -.Li 14d , -.Li 8h30m , -.Li 600s , -.Li 3600 . -The following are -.Em invalid -timeout values: -.Li 12m2w1d , -.Li 30s10m4h , -.Li 1d2d3h . -.Pp -This setting is only supported by version 1.8.20 or higher. -.Ss Chdir_Spec -The working directory that the command will be run in can be specified -using the -.Li CWD -setting. -The -.Fa directory -must be a fully-qualified path name beginning with a -.Sq / -or -.Sq ~ -character, or the special value -.Dq * . -A value of -.Dq * -indicates that the user may specify the working directory by running -.Nm sudo -with the -.Fl D -option. -By default, commands are run from the invoking user's current working -directory, unless the -.Fl i -option is given. -Path names of the form -.Li ~user/path/name -are interpreted as being relative to the named user's home directory. -If the user name is omitted, the path will be relative to the runas -user's home directory. -.Pp -This setting is only supported by version 1.9.3 or higher. -.Ss Chroot_Spec -The root directory that the command will be run in can be specified -using the -.Li CHROOT -setting. -The -.Fa directory -must be a fully-qualified path name beginning with a -.Sq / -or -.Sq ~ -character, or the special value -.Dq * . -A value of -.Dq * -indicates that the user may specify the root directory by running -.Nm sudo -with the -.Fl R -option. -This setting can be used to run the command in a -.Xr chroot 2 -.Dq sandbox -similar to the -.Xr chroot @mansectsu@ -utility. -Path names of the form -.Li ~user/path/name -are interpreted as being relative to the named user's home directory. -If the user name is omitted, the path will be relative to the runas -user's home directory. -.Pp -This setting is only supported by version 1.9.3 or higher. -.Ss Tag_Spec -A command may have zero or more tags associated with it. -The following tag values are supported: -.Li EXEC , -.Li NOEXEC , -.Li FOLLOW , -.Li NOFOLLOW , -.Li LOG_INPUT , -.Li NOLOG_INPUT , -.Li LOG_OUTPUT , -.Li NOLOG_OUTPUT , -.Li MAIL , -.Li NOMAIL , -.Li PASSWD , -.Li NOPASSWD , -.Li SETENV , -and -.Li NOSETENV . -Once a tag is set on a -.Li Cmnd , -subsequent -.Li Cmnd Ns s -in the -.Li Cmnd_Spec_List , -inherit the tag unless it is overridden by the opposite tag (in other words, -.Li PASSWD -overrides -.Li NOPASSWD -and -.Li NOEXEC -overrides -.Li EXEC ) . -.Bl -hang -width 0n -.It Em EXEC No and Em NOEXEC -.sp -If -.Nm sudo -has been compiled with -.Em noexec -support and the underlying operating system supports it, the -.Li NOEXEC -tag can be used to prevent a dynamically-linked executable from -running further commands itself. -.Pp -In the following example, user -.Sy aaron -may run -.Pa /usr/bin/more -and -.Pa /usr/bin/vi -but shell escapes will be disabled. -.Bd -literal -aaron shanty = NOEXEC: /usr/bin/more, /usr/bin/vi -.Ed -.Pp -See the -.Sx Preventing shell escapes -section below for more details on how -.Li NOEXEC -works and whether or not it will work on your system. -.It Em FOLLOW No and Em NOFOLLOW -Starting with version 1.8.15, -.Nm sudoedit -will not open a file that is a symbolic link unless the -.Em sudoedit_follow -flag is enabled. -The -.Em FOLLOW -and -.Em NOFOLLOW -tags override the value of -.Em sudoedit_follow -and can be used to permit (or deny) the editing of symbolic links -on a per-command basis. -These tags are only effective for the -.Em sudoedit -command and are ignored for all other commands. -.It Em LOG_INPUT No and Em NOLOG_INPUT -.sp -These tags override the value of the -.Em log_input -flag on a per-command basis. -For more information, see the description of -.Em log_input -in the -.Sx SUDOERS OPTIONS -section below. -.It Em LOG_OUTPUT No and Em NOLOG_OUTPUT -.sp -These tags override the value of the -.Em log_output -flag on a per-command basis. -For more information, see the description of -.Em log_output -in the -.Sx SUDOERS OPTIONS -section below. -.It Em MAIL No and Em NOMAIL -.sp -These tags provide fine-grained control over whether -mail will be sent when a user runs a command by -overriding the value of the -.Em mail_all_cmnds -flag on a per-command basis. -They have no effect when -.Nm sudo -is run with the -.Fl l -or -.Fl v -options. -A -.Em NOMAIL -tag will also override the -.Em mail_always -and -.Em mail_no_perms -options. -For more information, see the descriptions of -.Em mail_all_cmnds , -.Em mail_always , -and -.Em mail_no_perms -in the -.Sx SUDOERS OPTIONS -section below. -.It Em PASSWD No and Em NOPASSWD -.sp -By default, -.Nm sudo -requires that a user authenticate him or herself -before running a command. -This behavior can be modified via the -.Li NOPASSWD -tag. -Like a -.Li Runas_Spec , -the -.Li NOPASSWD -tag sets -a default for the commands that follow it in the -.Li Cmnd_Spec_List . -Conversely, the -.Li PASSWD -tag can be used to reverse things. -For example: -.Bd -literal -ray rushmore = NOPASSWD: /bin/kill, /bin/ls, /usr/bin/lprm -.Ed -.Pp -would allow the user -.Sy ray -to run -.Pa /bin/kill , -.Pa /bin/ls , -and -.Pa /usr/bin/lprm -as -.Sy root -on the machine rushmore without authenticating himself. -If we only want -.Sy ray -to be able to -run -.Pa /bin/kill -without a password the entry would be: -.Bd -literal -ray rushmore = NOPASSWD: /bin/kill, PASSWD: /bin/ls, /usr/bin/lprm -.Ed -.Pp -Note, however, that the -.Li PASSWD -tag has no effect on users who are in the group specified by the -.Em exempt_group -setting. -.Pp -By default, if the -.Li NOPASSWD -tag is applied to any of a user's entries for the current host, -the user will be able to run -.Dq Li sudo -l -without a password. -Additionally, a user may only run -.Dq Li sudo -v -without a password if all of the user's entries for the current -host have the -.Li NOPASSWD -tag. -This behavior may be overridden via the -.Em verifypw -and -.Em listpw -options. -.It Em SETENV No and Em NOSETENV -.sp -These tags override the value of the -.Em setenv -flag on a per-command basis. -Note that if -.Li SETENV -has been set for a command, the user may disable the -.Em env_reset -flag from the command line via the -.Fl E -option. -Additionally, environment variables set on the command -line are not subject to the restrictions imposed by -.Em env_check , -.Em env_delete , -or -.Em env_keep . -As such, only trusted users should be allowed to set variables in this manner. -If the command matched is -.Sy ALL , -the -.Li SETENV -tag is implied for that command; this default may be overridden by use of the -.Li NOSETENV -tag. -.El -.Ss Wildcards -.Nm sudo -allows shell-style -.Em wildcards -(aka meta or glob characters) -to be used in host names, path names and command line arguments in the -.Em sudoers -file. -Wildcard matching is done via the -.Xr glob 3 -and -.Xr fnmatch 3 -functions as specified by -.St -p1003.1 . -.Bl -tag -width 8n -.It Li * -Matches any set of zero or more characters (including white space). -.It Li \&? -Matches any single character (including white space). -.It Li [...] -Matches any character in the specified range. -.It Li [!...] -Matches any character -.Em not -in the specified range. -.It Li \ex -For any character -.Sq x , -evaluates to -.Sq x . -This is used to escape special characters such as: -.Ql * , -.Ql \&? , -.Ql [\& , -and -.Ql ]\& . -.El -.Pp -.Bf -symbolic -Note that these are not regular expressions. -.Ef -Unlike a regular expression there is no way to match one or more -characters within a range. -.Pp -Character classes may be used if your system's -.Xr glob 3 -and -.Xr fnmatch 3 -functions support them. -However, because the -.Ql :\& -character has special meaning in -.Em sudoers , -it must be -escaped. -For example: -.Bd -literal -offset 4n -/bin/ls [[\e:\&alpha\e:\&]]* -.Ed -.Pp -Would match any file name beginning with a letter. -.Pp -Note that a forward slash -.Pq Ql / -will -.Em not -be matched by -wildcards used in the file name portion of the command. -This is to make a path like: -.Bd -literal -offset 4n -/usr/bin/* -.Ed -.Pp -match -.Pa /usr/bin/who -but not -.Pa /usr/bin/X11/xterm . -.Pp -When matching the command line arguments, however, a slash -.Em does -get matched by wildcards since command line arguments may contain -arbitrary strings and not just path names. -.Pp -.Bf -symbolic -Wildcards in command line arguments should be used with care. -.Ef -.br -Command line arguments are matched as a single, concatenated string. -This mean a wildcard character such as -.Ql \&? -or -.Ql * -will match across word boundaries, which may be unexpected. -For example, while a sudoers entry like: -.Bd -literal -offset 4n -%operator ALL = /bin/cat /var/log/messages* -.Ed -.Pp -will allow command like: -.Bd -literal -offset 4n -$ sudo cat /var/log/messages.1 -.Ed -.Pp -It will also allow: -.Bd -literal -offset 4n -$ sudo cat /var/log/messages /etc/shadow -.Ed -.Pp -which is probably not what was intended. -In most cases it is better to do command line processing -outside of the -.Em sudoers -file in a scripting language. -.Ss Exceptions to wildcard rules -The following exceptions apply to the above rules: -.Bl -tag -width 8n -.It Li \&"" -If the empty string -.Li \&"" -is the only command line argument in the -.Em sudoers -file entry it means that command is not allowed to be run with -.Em any -arguments. -.It sudoedit -Command line arguments to the -.Em sudoedit -built-in command should always be path names, so a forward slash -.Pq Ql / -will not be matched by a wildcard. -.El -.Ss Including other files from within sudoers -It is possible to include other -.Em sudoers -files from within the -.Em sudoers -file currently being parsed using the -.Li @include -and -.Li @includedir -directives. -For compatibility with sudo versions prior to 1.9.1, -.Li #include -and -.Li #includedir -are also accepted. -.Pp -An include file can be used, for example, to keep a site-wide -.Em sudoers -file in addition to a local, per-machine file. -For the sake of this example the site-wide -.Em sudoers -file will be -.Pa /etc/sudoers -and the per-machine one will be -.Pa /etc/sudoers.local . -To include -.Pa /etc/sudoers.local -from within -.Pa /etc/sudoers -one would use the following line in -.Pa /etc/sudoers : -.Bd -literal -offset 4n -@include /etc/sudoers.local -.Ed -.Pp -When -.Nm sudo -reaches this line it will suspend processing of the current file -.Pq Pa /etc/sudoers -and switch to -.Pa /etc/sudoers.local . -Upon reaching the end of -.Pa /etc/sudoers.local , -the rest of -.Pa /etc/sudoers -will be processed. -Files that are included may themselves include other files. -A hard limit of 128 nested include files is enforced to prevent include -file loops. -.Pp -The path to the include file may contain white space if it is -escaped with a backslash -.Pq Ql \e . -Alternately, the entire path may be enclosed in double quotes -.Pq \&"" , -in which case no escaping is necessary. -To include a literal backslash in the path, -.Ql \e\e -should be used. -.Pp -If the path to the include file is not fully-qualified (does not -begin with a -.Ql / ) , -it must be located in the same directory as the sudoers file it was -included from. -For example, if -.Pa /etc/sudoers -contains the line: -.Bd -literal -offset 4n -.Li @include sudoers.local -.Ed -.Pp -the file that will be included is -.Pa /etc/sudoers.local . -.Pp -The file name may also include the -.Li %h -escape, signifying the short form of the host name. -In other words, if the machine's host name is -.Dq xerxes , -then -.Bd -literal -offset 4n -@include /etc/sudoers.%h -.Ed -.Pp -will cause -.Nm sudo -to include the file -.Pa /etc/sudoers.xerxes . -.Pp -The -.Li @includedir -directive can be used to create a -.Pa sudoers.d -directory that the system package manager can drop -.Em sudoers -file rules into as part of package installation. -For example, given: -.Bd -literal -offset 4n -@includedir /etc/sudoers.d -.Ed -.Pp -.Nm sudo -will suspend processing of the current file and read each file in -.Pa /etc/sudoers.d , -skipping file names that end in -.Ql ~ -or contain a -.Ql .\& -character to avoid causing problems with package manager or editor -temporary/backup files. -Files are parsed in sorted lexical order. -That is, -.Pa /etc/sudoers.d/01_first -will be parsed before -.Pa /etc/sudoers.d/10_second . -Be aware that because the sorting is lexical, not numeric, -.Pa /etc/sudoers.d/1_whoops -would be loaded -.Em after -.Pa /etc/sudoers.d/10_second . -Using a consistent number of leading zeroes in the file names can be used -to avoid such problems. -After parsing the files in the directory, control returns to the -file that contained the -.Li @includedir -directive. -.Pp -Note that unlike files included via -.Li @include , -.Nm visudo -will not edit the files in a -.Li @includedir -directory unless one of them contains a syntax error. -It is still possible to run -.Nm visudo -with the -.Fl f -flag to edit the files directly, but this will not catch the -redefinition of an -.Em alias -that is also present in a different file. -.Ss Other special characters and reserved words -The pound sign -.Pq Ql # -is used to indicate a comment (unless it is part of a #include -directive or unless it occurs in the context of a user name and is -followed by one or more digits, in which case it is treated as a -user-ID). -Both the comment character and any text after it, up to the end of -the line, are ignored. -.Pp -The reserved word -.Sy ALL -is a built-in -.Em alias -that always causes a match to succeed. -It can be used wherever one might otherwise use a -.Li Cmnd_Alias , -.Li User_Alias , -.Li Runas_Alias , -or -.Li Host_Alias . -Attempting to define an -.Em alias -named -.Sy ALL -will result in a syntax error. -Please note that using -.Sy ALL -can be dangerous since in a command context, it allows the user to run -.Em any -command on the system. -.Pp -The following option names permitted in an -.Li Option_Spec -are also considered reserved words: -.Li CHROOT , -.if \n(PS \{\ -.Li PRIVS , -.Li LIMITPRIVS , -.\} -.if \n(SL \{\ -.Li ROLE , -.Li TYPE , -.\} -.Li TIMEOUT , -.Li CWD , -.Li NOTBEFORE -and -.Li NOTAFTER . -Attempting to define an -.Em alias -with the same name as one of the options will result in a syntax error. -.Pp -An exclamation point -.Pq Ql \&! -can be used as a logical -.Em not -operator in a list or -.Em alias -as well as in front of a -.Li Cmnd . -This allows one to exclude certain values. -For the -.Ql \&! -operator to be effective, there must be something for it to exclude. -For example, to match all users except for root one would use: -.Bd -literal -offset 4n -ALL,!root -.Ed -.Pp -If the -.Sy ALL , -is omitted, as in: -.Bd -literal -offset 4n -!root -.Ed -.Pp -it would explicitly deny root but not match any other users. -This is different from a true -.Dq negation -operator. -.Pp -Note, however, that using a -.Ql \&! -in conjunction with the built-in -.Sy ALL -alias to allow a user to run -.Dq all but a few -commands rarely works as intended (see -.Sx SECURITY NOTES -below). -.Pp -Long lines can be continued with a backslash -.Pq Ql \e -as the last character on the line. -.Pp -White space between elements in a list as well as special syntactic -characters in a -.Em User Specification -.Po -.Ql =\& , -.Ql :\& , -.Ql (\& , -.Ql )\& -.Pc -is optional. -.Pp -The following characters must be escaped with a backslash -.Pq Ql \e -when used as part of a word (e.g., a user name or host name): -.Ql \&! , -.Ql =\& , -.Ql :\& , -.Ql ,\& , -.Ql (\& , -.Ql )\& , -.Ql \e . -.Sh SUDOERS OPTIONS -.Nm sudo Ns 's -behavior can be modified by -.Li Default_Entry -lines, as explained earlier. -A list of all supported Defaults parameters, grouped by type, are listed below. -.Pp -.Sy Boolean Flags : -.Bl -tag -width 16n -.It always_query_group_plugin -If a -.Em group_plugin -is configured, use it to resolve groups of the form %group as long -as there is not also a system group of the same name. -Normally, only groups of the form %:group are passed to the -.Em group_plugin . -This flag is -.Em off -by default. -.It always_set_home -If enabled, -.Nm sudo -will set the -.Ev HOME -environment variable to the home directory of the target user -(which is the root user unless the -.Fl u -option is used). -This flag is largely obsolete and has no effect unless the -.Em env_reset -flag has been disabled or -.Ev HOME -is present in the -.Em env_keep -list, both of which are strongly discouraged. -This flag is -.Em off -by default. -.It authenticate -If set, users must authenticate themselves via a password (or other -means of authentication) before they may run commands. -This default may be overridden via the -.Li PASSWD -and -.Li NOPASSWD -tags. -This flag is -.Em on -by default. -.It case_insensitive_group -If enabled, group names in -.Em sudoers -will be matched in a case insensitive manner. -This may be necessary when users are stored in LDAP or AD. -This flag is -.Em on -by default. -.It case_insensitive_user -If enabled, user names in -.Em sudoers -will be matched in a case insensitive manner. -This may be necessary when groups are stored in LDAP or AD. -This flag is -.Em on -by default. -.It closefrom_override -If set, the user may use the -.Fl C -option which overrides the default starting point at which -.Nm sudo -begins closing open file descriptors. -This flag is -.Em off -by default. -.It compress_io -If set, and -.Nm sudo -is configured to log a command's input or output, -the I/O logs will be compressed using -.Sy zlib . -This flag is -.Em on -by default when -.Nm sudo -is compiled with -.Sy zlib -support. -.It exec_background -By default, -.Nm sudo -runs a command as the foreground process as long as -.Nm sudo -itself is running in the foreground. -When the -.Em exec_background -flag is enabled and the command is being run in a pseudo-terminal -(due to I/O logging or the -.Em use_pty -flag), the command will be run as a background process. -Attempts to read from the controlling terminal (or to change terminal -settings) will result in the command being suspended with the -.Dv SIGTTIN -signal (or -.Dv SIGTTOU -in the case of terminal settings). -If this happens when -.Nm sudo -is a foreground process, the command will be granted the controlling terminal -and resumed in the foreground with no user intervention required. -The advantage of initially running the command in the background is that -.Nm sudo -need not read from the terminal unless the command explicitly requests it. -Otherwise, any terminal input must be passed to the command, whether it -has required it or not (the kernel buffers terminals so it is not possible -to tell whether the command really wants the input). -This is different from historic -.Em sudo -behavior or when the command is not being run in a pseudo-terminal. -.Pp -For this to work seamlessly, the operating system must support the -automatic restarting of system calls. -Unfortunately, not all operating systems do this by default, -and even those that do may have bugs. -For example, macOS fails to restart the -.Fn tcgetattr -and -.Fn tcsetattr -system calls (this is a bug in macOS). -Furthermore, because this behavior depends on the command stopping with the -.Dv SIGTTIN -or -.Dv SIGTTOU -signals, programs that catch these signals and suspend themselves -with a different signal (usually -.Dv SIGTOP ) -will not be automatically foregrounded. -Some versions of the linux -.Xr su 1 -command behave this way. -This flag is -.Em off -by default. -.Pp -This setting is only supported by version 1.8.7 or higher. -It has no effect unless I/O logging is enabled or the -.Em use_pty -flag is enabled. -.It env_editor -If set, -.Nm visudo -will use the value of the -.Ev SUDO_EDITOR , -.Ev VISUAL -or -.Ev EDITOR -environment variables before falling back on the default editor list. -Note that -.Nm visudo -is typically run as root so this flag may allow a user with -.Nm visudo -privileges to run arbitrary commands as root without logging. -An alternative is to place a colon-separated list of -.Dq safe -editors int the -.Em editor -variable. -.Nm visudo -will then only use -.Ev SUDO_EDITOR , -.Ev VISUAL -or -.Ev EDITOR -if they match a value specified in -.Em editor . -If the -.Em env_reset -flag is enabled, the -.Ev SUDO_EDITOR , -.Ev VISUAL -and/or -.Ev EDITOR -environment variables must be present in the -.Em env_keep -list for the -.Em env_editor -flag to function when -.Nm visudo -is invoked via -.Nm sudo . -This flag is -.Em @env_editor@ -by default. -.It env_reset -If set, -.Nm sudo -will run the command in a minimal environment containing the -.Ev TERM , -.Ev PATH , -.Ev HOME , -.Ev MAIL , -.Ev SHELL , -.Ev LOGNAME , -.Ev USER -and -.Ev SUDO_* -variables. -Any variables in the caller's environment or in the file specified -by the -.Em restricted_env_file -setting that match the -.Li env_keep -and -.Li env_check -lists are then added, followed by any variables present in the file -specified by the -.Em env_file -setting (if any). -The contents of the -.Li env_keep -and -.Li env_check -lists, as modified by global Defaults parameters in -.Em sudoers , -are displayed when -.Nm sudo -is run by root with the -.Fl V -option. -If the -.Em secure_path -setting is enabled, its value will be used for the -.Ev PATH -environment variable. -This flag is -.Em @env_reset@ -by default. -.It fast_glob -Normally, -.Nm sudo -uses the -.Xr glob 3 -function to do shell-style globbing when matching path names. -However, since it accesses the file system, -.Xr glob 3 -can take a long time to complete for some patterns, especially -when the pattern references a network file system that is mounted -on demand (auto mounted). -The -.Em fast_glob -flag causes -.Nm sudo -to use the -.Xr fnmatch 3 -function, which does not access the file system to do its matching. -The disadvantage of -.Em fast_glob -is that it is unable to match relative path names such as -.Pa ./ls -or -.Pa ../bin/ls . -This has security implications when path names that include globbing -characters are used with the negation operator, -.Ql !\& , -as such rules can be trivially bypassed. -As such, this flag should not be used when the -.Em sudoers -file contains rules that contain negated path names which include globbing -characters. -This flag is -.Em off -by default. -.It fqdn -Set this flag if you want to put fully qualified host names in the -.Em sudoers -file when the local host name (as returned by the -.Li hostname -command) does not contain the domain name. -In other words, instead of myhost you would use myhost.mydomain.edu. -You may still use the short form if you wish (and even mix the two). -This flag is only effective when the -.Dq canonical -host name, as returned by the -.Fn getaddrinfo -or -.Fn gethostbyname -function, is a fully-qualified domain name. -This is usually the case when the system is configured to use DNS -for host name resolution. -.Pp -If the system is configured to use the -.Pa /etc/hosts -file in preference to DNS, the -.Dq canonical -host name may not be fully-qualified. -The order that sources are queried for host name resolution -is usually specified in the -.Pa @nsswitch_conf@ , -.Pa @netsvc_conf@ , -.Pa /etc/host.conf , -or, in some cases, -.Pa /etc/resolv.conf -file. -In the -.Pa /etc/hosts -file, the first host name of the entry is considered to be the -.Dq canonical -name; subsequent names are aliases that are not used by -.Nm . -For example, the following hosts file line for the machine -.Dq xyzzy -has the fully-qualified domain name as the -.Dq canonical -host name, and the short version as an alias. -.sp -.Dl 192.168.1.1 xyzzy.sudo.ws xyzzy -.sp -If the machine's hosts file entry is not formatted properly, the -.Em fqdn -flag will not be effective if it is queried before DNS. -.Pp -Beware that when using DNS for host name resolution, turning on -.Em fqdn -requires -.Nm -to make DNS lookups which renders -.Nm sudo -unusable if DNS stops working (for example if the machine is disconnected -from the network). -Also note that just like with the hosts file, you must use the -.Dq canonical -name as DNS knows it. -That is, you may not use a host alias -.Po -.Li CNAME -entry -.Pc -due to performance issues and the fact that there is no way to get all -aliases from DNS. -.Pp -This flag is -.Em @fqdn@ -by default. -.It ignore_audit_errors -Allow commands to be run even if -.Nm -cannot write to the audit log. -If enabled, an audit log write failure is not treated as a fatal error. -If disabled, a command may only be run after the audit event is successfully -written. -This flag is only effective on systems for which -.Nm -supports audit logging, including -.Fx , -Linux, macOS and Solaris. -This flag is -.Em on -by default. -.It ignore_dot -If set, -.Nm sudo -will ignore "." or "" (both denoting current directory) in the -.Ev PATH -environment variable; the -.Ev PATH -itself is not modified. -This flag is -.Em @ignore_dot@ -by default. -.It ignore_iolog_errors -Allow commands to be run even if -.Nm -cannot write to the I/O log (local or remote). -If enabled, an I/O log write failure is not treated as a fatal error. -If disabled, the command will be terminated if the I/O log cannot be written to. -This flag is -.Em off -by default. -.It ignore_logfile_errors -Allow commands to be run even if -.Nm -cannot write to the log file. -If enabled, a log file write failure is not treated as a fatal error. -If disabled, a command may only be run after the log file entry is successfully -written. -This flag only has an effect when -.Nm -is configured to use file-based logging via the -.Em logfile -setting. -This flag is -.Em on -by default. -.It ignore_local_sudoers -If set via LDAP, parsing of -.Pa @sysconfdir@/sudoers -will be skipped. -This is intended for Enterprises that wish to prevent the usage of local -sudoers files so that only LDAP is used. -This thwarts the efforts of rogue operators who would attempt to add roles to -.Pa @sysconfdir@/sudoers . -When this flag is enabled, -.Pa @sysconfdir@/sudoers -does not even need to exist. -Since this flag tells -.Nm sudo -how to behave when no specific LDAP entries have been matched, this -sudoOption is only meaningful for the -.Li cn=defaults -section. -This flag is -.Em off -by default. -.It ignore_unknown_defaults -If set, -.Nm sudo -will not produce a warning if it encounters an unknown Defaults entry -in the -.Em sudoers -file or an unknown sudoOption in LDAP. -This flag is -.Em off -by default. -.It insults -If set, -.Nm sudo -will insult users when they enter an incorrect password. -This flag is -.Em @insults@ -by default. -.It log_allowed -If set, -.Nm -will log commands allowed by the policy to the system audit log -(where supported) as well as to syslog and/or a log file. -This flag is -.Em on -by default. -.Pp -This setting is only supported by version 1.8.29 or higher. -.It log_denied -If set, -.Nm -will log commands denied by the policy to the system audit log -(where supported) as well as to syslog and/or a log file. -This flag is -.Em on -by default. -.Pp -This setting is only supported by version 1.8.29 or higher. -.It log_host -If set, the host name will be included in log entries written to -the file configured by the -.Em logfile -setting. -This flag is -.Em off -by default. -.It log_input -If set, -.Nm sudo -will run the command in a pseudo-terminal and log all user input. -If the standard input is not connected to the user's tty, due to -I/O redirection or because the command is part of a pipeline, that -input is also captured and stored in a separate log file. -Anything sent to the standard input will be consumed, regardless of -whether or not the command run via -.Nm sudo -is actually reading the standard input. -This may have unexpected results when using -.Nm sudo -in a shell script that expects to process the standard input. -For more information about I/O logging, see the -.Sx "I/O LOG FILES" -section. -This flag is -.Em off -by default. -.It log_output -If set, -.Nm sudo -will run the command in a pseudo-terminal and log all output that is sent -to the screen, similar to the -.Xr script 1 -command. -For more information about I/O logging, see the -.Sx "I/O LOG FILES" -section. -This flag is -.Em off -by default. -.It log_server_keepalive -If set, -.Nm sudo -will enable the TCP keepalive socket option on the connection to the log server. -This enables the periodic transmission of keepalive messages to the server. -If the server does not respond to a message, the connection will -be closed and the running command will be terminated unless the -.Em ignore_iolog_errors -flag (I/O logging enabled) or the -.Em ignore_log_errors -flag (I/O logging disabled) is set. -This flag is -.Em on -by default. -.Pp -This setting is only supported by version 1.9.0 or higher. -.It log_server_verify -If set, the server certificate received during the TLS handshake -must be valid and it must contain either the server name (from -.Em log_servers ) -or its IP address. -If either of these conditions is not met, the TLS handshake will fail. -This flag is -.Em on -by default. -.Pp -This setting is only supported by version 1.9.0 or higher. -.It log_year -If set, the four-digit year will be logged in the (non-syslog) -.Nm sudo -log file. -This flag is -.Em off -by default. -.It long_otp_prompt -When validating with a One Time Password (OTP) scheme such as -.Sy S/Key -or -.Sy OPIE , -a two-line prompt is used to make it easier -to cut and paste the challenge to a local window. -It's not as pretty as the default but some people find it more convenient. -This flag is -.Em @long_otp_prompt@ -by default. -.It mail_all_cmnds -Send mail to the -.Em mailto -user every time a user attempts to run a command via -.Nm sudo -(this includes -.Nm sudoedit ) . -No mail will be sent if the user runs -.Nm sudo -with the -.Fl l -or -.Fl v -option unless there is an authentication error and the -.Em mail_badpass -flag is also set. -This flag is -.Em off -by default. -.It mail_always -Send mail to the -.Em mailto -user every time a user runs -.Nm sudo . -This flag is -.Em off -by default. -.It mail_badpass -Send mail to the -.Em mailto -user if the user running -.Nm sudo -does not enter the correct password. -If the command the user is attempting to run is not permitted by -.Nm -and one of the -.Em mail_all_cmnds , -.Em mail_always , -.Em mail_no_host , -.Em mail_no_perms -or -.Em mail_no_user -flags are set, this flag will have no effect. -This flag is -.Em off -by default. -.It mail_no_host -If set, mail will be sent to the -.Em mailto -user if the invoking user exists in the -.Em sudoers -file, but is not allowed to run commands on the current host. -This flag is -.Em @mail_no_host@ -by default. -.It mail_no_perms -If set, mail will be sent to the -.Em mailto -user if the invoking user is allowed to use -.Nm sudo -but the command they are trying is not listed in their -.Em sudoers -file entry or is explicitly denied. -This flag is -.Em @mail_no_perms@ -by default. -.It mail_no_user -If set, mail will be sent to the -.Em mailto -user if the invoking user is not in the -.Em sudoers -file. -This flag is -.Em @mail_no_user@ -by default. -.It match_group_by_gid -By default, -.Nm -will look up each group the user is a member of by group-ID to -determine the group name (this is only done once). -The resulting list of the user's group names is used when matching -groups listed in the -.Em sudoers -file. -This works well on systems where the number of groups listed in the -.Em sudoers -file is larger than the number of groups a typical user belongs to. -On systems where group lookups are slow, where users may belong -to a large number of groups, and where the number of groups listed -in the -.Em sudoers -file is relatively small, it may be prohibitively expensive and -running commands via -.Nm sudo -may take longer than normal. -On such systems it may be faster to use the -.Em match_group_by_gid -flag to avoid resolving the user's group-IDs to group names. -In this case, -.Nm -must look up any group name listed in the -.Em sudoers -file and use the group-ID instead of the group name when determining -whether the user is a member of the group. -.Pp -Note that if -.Em match_group_by_gid -is enabled, group database lookups performed by -.Nm -will be keyed by group name as opposed to group-ID. -On systems where there are multiple sources for the group database, -it is possible to have conflicting group names or group-IDs in the local -.Pa /etc/group -file and the remote group database. -On such systems, enabling or disabling -.Em match_group_by_gid -can be used to choose whether group database queries are performed -by name (enabled) or ID (disabled), which may aid in working around -group entry conflicts. -.Pp -The -.Em match_group_by_gid -flag has no effect when -.Em sudoers -data is stored in LDAP. -This flag is -.Em off -by default. -.Pp -This setting is only supported by version 1.8.18 or higher. -.It netgroup_tuple -If set, netgroup lookups will be performed using the full netgroup -tuple: host name, user name and domain (if one is set). -Historically, -.Nm sudo -only matched the user name and domain for netgroups used in a -.Li User_List -and only matched the host name and domain for netgroups used in a -.Li Host_List . -This flag is -.Em off -by default. -.It noexec -If set, all commands run via -.Nm sudo -will behave as if the -.Li NOEXEC -tag has been set, unless overridden by an -.Li EXEC -tag. -See the description of -.Em EXEC and NOEXEC -above as well as the -.Sx Preventing shell escapes -section at the end of this manual. -This flag is -.Em off -by default. -.It pam_acct_mgmt -On systems that use PAM for authentication, -.Nm sudo -will perform PAM account validation for the invoking user by default. -The actual checks performed depend on which PAM modules are configured. -If enabled, account validation will be performed regardless of whether -or not a password is required. -This flag is -.Em on -by default. -.Pp -This setting is only supported by version 1.8.28 or higher. -.It pam_rhost -On systems that use PAM for authentication, -.Nm sudo -will set the PAM remote host value to the name of the local host -when the -.Em pam_rhost -flag is enabled. -On Linux systems, enabling -.Em pam_rhost -may result in DNS lookups of the local host name when PAM is initialized. -On Solaris versions prior to Solaris 8, -.Em pam_rhost -must be enabled if -.Em pam_ruser -is also enabled to avoid a crash in the Solaris PAM implementation. -.Pp -This flag is -.Em off -by default on systems other than Solaris. -.Pp -This setting is only supported by version 1.9.0 or higher. -.It pam_ruser -On systems that use PAM for authentication, -.Nm sudo -will set the PAM remote user value to the name of the user that invoked sudo -when the -.Em pam_ruser -flag is enabled. -This flag is -.Em on -by default. -.Pp -This setting is only supported by version 1.9.0 or higher. -.It pam_session -On systems that use PAM for authentication, -.Nm sudo -will create a new PAM session for the command to be run in. -Unless -.Nm sudo -is given the -.Fl i -or -.Fl s -options, PAM session modules are run with the -.Dq silent -flag enabled. -This prevents last login information from being displayed for every -command on some systems. -Disabling -.Em pam_session -may be needed on older PAM implementations or on operating systems where -opening a PAM session changes the utmp or wtmp files. -If PAM session support is disabled, resource limits may not be updated -for the command being run. -If -.Em pam_session , -.Em pam_setcred , -and -.Em use_pty -are disabled, -.Em log_servers -has not been set and I/O logging has not been configured, -.Nm sudo -will execute the command directly instead of running it as a child -process. -This flag is -.Em @pam_session@ -by default. -.Pp -This setting is only supported by version 1.8.7 or higher. -.It pam_setcred -On systems that use PAM for authentication, -.Nm sudo -will attempt to establish credentials for the target user by default, -if supported by the underlying authentication system. -One example of a credential is a Kerberos ticket. -If -.Em pam_session , -.Em pam_setcred , -and -.Em use_pty -are disabled, -.Em log_servers -has not been set and I/O logging has not been configured, -.Nm sudo -will execute the command directly instead of running it as a child -process. -This flag is -.Em on -by default. -.Pp -This setting is only supported by version 1.8.8 or higher. -.It passprompt_override -If set, the prompt specified by -.Em passprompt -or the -.Ev SUDO_PROMPT -environment variable will always be used and will replace the -prompt provided by a PAM module or other authentication method. -This flag is -.Em off -by default. -.It path_info -Normally, -.Nm sudo -will tell the user when a command could not be -found in their -.Ev PATH -environment variable. -Some sites may wish to disable this as it could be used to gather -information on the location of executables that the normal user does -not have access to. -The disadvantage is that if the executable is simply not in the user's -.Ev PATH , -.Nm sudo -will tell the user that they are not allowed to run it, which can be confusing. -This flag is -.Em @path_info@ -by default. -.It preserve_groups -By default, -.Nm sudo -will initialize the group vector to the list of groups the target user is in. -When -.Em preserve_groups -is set, the user's existing group vector is left unaltered. -The real and effective group-IDs, however, are still set to match the -target user. -This flag is -.Em off -by default. -.It pwfeedback -By default, -.Nm sudo -reads the password like most other Unix programs, -by turning off echo until the user hits the return (or enter) key. -Some users become confused by this as it appears to them that -.Nm sudo -has hung at this point. -When -.Em pwfeedback -is set, -.Nm sudo -will provide visual feedback when the user presses a key. -Note that this does have a security impact as an onlooker may be able to -determine the length of the password being entered. -This flag is -.Em off -by default. -.It requiretty -If set, -.Nm sudo -will only run when the user is logged in to a real tty. -When this flag is set, -.Nm sudo -can only be run from a login session and not via other means such as -.Xr cron @mansectsu@ -or cgi-bin scripts. -This flag is -.Em off -by default. -.It root_sudo -If set, root is allowed to run -.Nm sudo -too. -Disabling this prevents users from -.Dq chaining -.Nm sudo -commands to get a root shell by doing something like -.Dq Li sudo sudo /bin/sh . -Note, however, that turning off -.Em root_sudo -will also prevent root from running -.Nm sudoedit . -Disabling -.Em root_sudo -provides no real additional security; it exists purely for historical reasons. -This flag is -.Em @root_sudo@ -by default. -.It rootpw -If set, -.Nm sudo -will prompt for the root password instead of the password of the invoking user -when running a command or editing a file. -This flag is -.Em off -by default. -.It runas_allow_unknown_id -If enabled, allow matching of runas user and group IDs that are -not present in the password or group databases. -In addition to explicitly matching unknown user or group IDs in a -.Li Runas_List , -this option also allows the -.Sy ALL -alias to match unknown IDs. -This flag is -.Em off -by default. -.Pp -This setting is only supported by version 1.8.30 or higher. -Older versions of -.Nm sudo -always allowed matching of unknown user and group IDs. -.It runas_check_shell -If enabled, -.Nm sudo -will only run commands as a user whose shell appears in the -.Pa /etc/shells -file, even if the invoking user's -.Li Runas_List -would otherwise permit it. -If no -.Pa /etc/shells -file is present, a system-dependent list of built-in default shells is used. -On many operating systems, system users such as -.Dq bin , -do not have a valid shell and this flag can be used to prevent -commands from being run as those users. -This flag is -.Em off -by default. -.Pp -This setting is only supported by version 1.8.30 or higher. -.It runaspw -If set, -.Nm sudo -will prompt for the password of the user defined by the -.Em runas_default -option (defaults to -.Li @runas_default@ ) -instead of the password of the invoking user -when running a command or editing a file. -This flag is -.Em off -by default. -.if \n(SL \{\ -.It selinux -If enabled, the user may specify an SELinux role and/or type to use -when running the command, as permitted by the SELinux policy. -If SELinux is disabled on the system, this flag has no effect. -This flag is -.Em on -by default. -.\} -.It set_home -If enabled and -.Nm sudo -is invoked with the -.Fl s -option, the -.Ev HOME -environment variable will be set to the home directory of the target -user (which is the root user unless the -.Fl u -option is used). -This flag is largely obsolete and has no effect unless the -.Em env_reset -flag has been disabled or -.Ev HOME -is present in the -.Em env_keep -list, both of which are strongly discouraged. -This flag is -.Em off -by default. -.It set_logname -Normally, -.Nm sudo -will set the -.Ev LOGNAME -and -.Ev USER -environment variables to the name of the target user (usually root unless the -.Fl u -option is given). -However, since some programs (including the RCS revision control system) use -.Ev LOGNAME -to determine the real identity of the user, it may be desirable to -change this behavior. -This can be done by negating the set_logname option. -Note that -.Em set_logname -will have no effect -if the -.Em env_reset -option has not been disabled and the -.Em env_keep -list contains -.Ev LOGNAME -or -.Ev USER . -This flag is -.Em on -by default. -.It set_utmp -When enabled, -.Nm sudo -will create an entry in the utmp (or utmpx) file when a pseudo-terminal -is allocated. -A pseudo-terminal is allocated by -.Nm sudo -when it is running in a terminal and one or more of the -.Em log_input , -.Em log_output -or -.Em use_pty -flags is enabled. -By default, the new entry will be a copy of the user's existing utmp -entry (if any), with the tty, time, type and pid fields updated. -This flag is -.Em on -by default. -.It setenv -Allow the user to disable the -.Em env_reset -option from the command line via the -.Fl E -option. -Additionally, environment variables set via the command line are -not subject to the restrictions imposed by -.Em env_check , -.Em env_delete , -or -.Em env_keep . -As such, only trusted users should be allowed to set variables in this manner. -This flag is -.Em off -by default. -.It shell_noargs -If set and -.Nm sudo -is invoked with no arguments it acts as if the -.Fl s -option had been given. -That is, it runs a shell as root (the shell is determined by the -.Ev SHELL -environment variable if it is set, falling back on the shell listed -in the invoking user's /etc/passwd entry if not). -This flag is -.Em off -by default. -.It stay_setuid -Normally, when -.Nm sudo -executes a command the real and effective UIDs are set to the target -user (root by default). -This option changes that behavior such that the real UID is left -as the invoking user's UID. -In other words, this makes -.Nm sudo -act as a set-user-ID wrapper. -This can be useful on systems that disable some potentially -dangerous functionality when a program is run set-user-ID. -This option is only effective on systems that support either the -.Xr setreuid 2 -or -.Xr setresuid 2 -system call. -This flag is -.Em off -by default. -.It sudoedit_checkdir -If set, -.Nm sudoedit -will check all directory components of the path to be edited for writability -by the invoking user. -Symbolic links will not be followed in writable directories and -.Nm sudoedit -will refuse to edit a file located in a writable directory. -These restrictions are not enforced when -.Nm sudoedit -is run by root. -On some systems, if all directory components of the path to be edited -are not readable by the target user, -.Nm sudoedit -will be unable to edit the file. -This flag is -.Em on -by default. -.Pp -This setting was first introduced in version 1.8.15 but initially -suffered from a race condition. -The check for symbolic links in writable intermediate directories -was added in version 1.8.16. -.It sudoedit_follow -By default, -.Nm sudoedit -will not follow symbolic links when opening files. -The -.Em sudoedit_follow -option can be enabled to allow -.Nm sudoedit -to open symbolic links. -It may be overridden on a per-command basis by the -.Em FOLLOW -and -.Em NOFOLLOW -tags. -This flag is -.Em off -by default. -.Pp -This setting is only supported by version 1.8.15 or higher. -.It syslog_pid -When logging via -.Xr syslog 3 , -include the process ID in the log entry. -This flag is -.Em off -by default. -.Pp -This setting is only supported by version 1.8.21 or higher. -.It targetpw -If set, -.Nm sudo -will prompt for the password of the user specified -by the -.Fl u -option (defaults to -.Li root ) -instead of the password of the invoking user -when running a command or editing a file. -Note that this flag precludes the use of a user-ID not listed in the passwd -database as an argument to the -.Fl u -option. -This flag is -.Em off -by default. -.It tty_tickets -If set, users must authenticate on a per-tty basis. -With this flag enabled, -.Nm sudo -will use a separate record in the time stamp file for each terminal. -If disabled, a single record is used for all login sessions. -.Pp -This option has been superseded by the -.Em timestamp_type -option. -.It umask_override -If set, -.Nm sudo -will set the umask as specified in the -.Em sudoers -file without modification. -This makes it possible to specify a umask in the -.Em sudoers -file that is more permissive than the user's own umask and matches -historical behavior. -If -.Em umask_override -is not set, -.Nm sudo -will set the umask to be the union of the user's umask and what is specified in -.Em sudoers . -This flag is -.Em @umask_override@ -by default. -.if \n(LC \{\ -.It use_loginclass -If set, -.Nm sudo -will apply the defaults specified for the target user's login class -if one exists. -Only available if -.Nm sudo -is configured with the -.Li --with-logincap -option. -This flag is -.Em off -by default. -.\} -.It use_netgroups -If set, netgroups (prefixed with -.Ql + ) , -may be used in place of a user or host. -For LDAP-based sudoers, netgroup support requires an expensive -sub-string match on the server unless the -.Sy NETGROUP_BASE -directive is present in the -.Pa @ldap_conf@ -file. -If netgroups are not needed, this option can be disabled to reduce the -load on the LDAP server. -This flag is -.Em on -by default. -.It use_pty -If set, and -.Nm sudo -is running in a terminal, the command will be run in a pseudo-terminal -(even if no I/O logging is being done). -If the -.Nm sudo -process is not attached to a terminal, -.Em use_pty -has no effect. -.Pp -A malicious program run under -.Nm sudo -may be capable of injecting commands into the user's -terminal or running a background process that retains access to the -user's terminal device even after the main program has finished -executing. -By running the command in a separate pseudo-terminal, this attack is -no longer possible. -This flag is -.Em off -by default. -.It user_command_timeouts -If set, the user may specify a timeout on the command line. -If the timeout expires before the command has exited, the -command will be terminated. -If a timeout is specified both in the -.Pa sudoers -file and on the command line, the smaller of the two timeouts will be used. -See the -.Li Timeout_Spec -section for a description of the timeout syntax. -This flag is -.Em off -by default. -.Pp -This setting is only supported by version 1.8.20 or higher. -.It utmp_runas -If set, -.Nm sudo -will store the name of the runas user when updating the utmp (or utmpx) file. -By default, -.Nm sudo -stores the name of the invoking user. -This flag is -.Em off -by default. -.It visiblepw -By default, -.Nm sudo -will refuse to run if the user must enter a password but it is not -possible to disable echo on the terminal. -If the -.Em visiblepw -flag is set, -.Nm sudo -will prompt for a password even when it would be visible on the screen. -This makes it possible to run things like -.Dq Li ssh somehost sudo ls -since by default, -.Xr ssh 1 -does -not allocate a tty when running a command. -This flag is -.Em off -by default. -.El -.Pp -.Sy Integers : -.Bl -tag -width 16n -.It closefrom -Before it executes a command, -.Nm sudo -will close all open file descriptors other than standard input, -standard output and standard error (ie: file descriptors 0-2). -The -.Em closefrom -option can be used to specify a different file descriptor at which -to start closing. -The default is -.Li 3 . -.It command_timeout -The maximum amount of time a command is allowed to run before -it is terminated. -See the -.Li Timeout_Spec -section for a description of the timeout syntax. -.Pp -This setting is only supported by version 1.8.20 or higher. -.It log_server_timeout -The maximum amount of time to wait when connecting to a log server -or waiting for a server response. -See the -.Li Timeout_Spec -section for a description of the timeout syntax. -The default value is 30 seconds. -.Pp -This setting is only supported by version 1.9.0 or higher. -.It maxseq -The maximum sequence number that will be substituted for the -.Dq Li %{seq} -escape in the I/O log file (see the -.Em iolog_dir -description below for more information). -While the value substituted for -.Dq Li %{seq} -is in base 36, -.Em maxseq -itself should be expressed in decimal. -Values larger than 2176782336 (which corresponds to the -base 36 sequence number -.Dq ZZZZZZ ) -will be silently truncated to 2176782336. -The default value is 2176782336. -.Pp -Once the local sequence number reaches the value of -.Em maxseq , -it will -.Dq roll over -to zero, after which -.Nm -will truncate and re-use any existing I/O log path names. -.Pp -This setting is only supported by version 1.8.7 or higher. -.It passwd_tries -The number of tries a user gets to enter his/her password before -.Nm sudo -logs the failure and exits. -The default is -.Li @passwd_tries@ . -.It syslog_maxlen -On many systems, -.Xr syslog 3 -has a relatively small log buffer. -IETF RFC 5424 states that syslog servers must support messages of -at least 480 bytes and should support messages up to 2048 bytes. -By default, -.Nm -creates log messages up to 980 bytes which corresponds to the -historic -.Bx -syslog implementation which used a 1024 byte buffer -to store the message, date, hostname and program name. -To prevent syslog messages from being truncated, -.Nm -will split up log messages that are larger than -.Em syslog_maxlen -bytes. -When a message is split, additional parts will include the string -.Dq Pq command continued -after the user name and before the continued command line arguments. -.Pp -This setting is only supported by version 1.8.19 or higher. -.El -.Pp -.Sy Integers that can be used in a boolean context : -.Bl -tag -width 16n -.It loglinelen -Number of characters per line for the file log. -This value is used to decide when to wrap lines for nicer log files. -This has no effect on the syslog log file, only the file log. -The default is -.Li @loglen@ -(use 0 or negate the option to disable word wrap). -.It passwd_timeout -Number of minutes before the -.Nm sudo -password prompt times out, or -.Li 0 -for no timeout. -The timeout may include a fractional component -if minute granularity is insufficient, for example -.Li 2.5 . -The -default is -.Li @password_timeout@ . -.It timestamp_timeout -Number of minutes that can elapse before -.Nm sudo -will ask for a passwd again. -The timeout may include a fractional component if -minute granularity is insufficient, for example -.Li 2.5 . -The default is -.Li @timeout@ . -Set this to -.Li 0 -to always prompt for a password. -If set to a value less than -.Li 0 -the user's time stamp will not expire until the system is rebooted. -This can be used to allow users to create or delete their own time stamps via -.Dq Li sudo -v -and -.Dq Li sudo -k -respectively. -.It umask -File mode creation mask to use when running the command. -Negate this option or set it to 0777 to prevent -.Nm -from changing the umask. -Unless the -.Em umask_override -flag is set, the actual umask will be the union of the -user's umask and the value of the -.Em umask -setting, which defaults to -.Li @sudo_umask@ . -This guarantees -that -.Nm sudo -never lowers the umask when running a command. -.Pp -If -.Em umask -is explicitly set in -.Em sudoers , -it will override any umask setting in PAM or login.conf. -If -.Em umask -is not set in -.Em sudoers , -the umask specified by PAM or login.conf will take precedence. -The umask setting in PAM is not used for -.Nm sudoedit , -which does not create a new PAM session. -.El -.Pp -.Sy Strings : -.Bl -tag -width 16n -.It authfail_message -Message that is displayed after a user fails to authenticate. -The message may include the -.Ql %d -escape which will expand to the number of failed password attempts. -If set, it overrides the default message, -.Li %d incorrect password attempt(s) . -.It badpass_message -Message that is displayed if a user enters an incorrect password. -The default is -.Li @badpass_message@ -unless insults are enabled. -.It editor -A colon -.Pq Ql :\& -separated list of editors path names used by -.Nm sudoedit -and -.Nm visudo . -For -.Nm sudoedit , -this list is used to find an editor when none of the -.Ev SUDO_EDITOR , -.Ev VISUAL -or -.Ev EDITOR -environment variables are set to an editor that exists and is executable. -For -.Nm visudo , -it is used as a white list of allowed editors; -.Nm visudo -will choose the editor that matches the user's -.Ev SUDO_EDITOR , -.Ev VISUAL -or -.Ev EDITOR -environment variable if possible, or the first editor in the -list that exists and is executable if not. -Unless invoked as -.Nm sudoedit , -.Nm sudo -does not preserve the -.Ev SUDO_EDITOR , -.Ev VISUAL -or -.Ev EDITOR -environment variables unless they are present in the -.Em env_keep -list or the -.Em env_reset -option is disabled. -The default is -.Pa @editor@ . -.It iolog_dir -The top-level directory to use when constructing the path name for -the input/output log directory. -Only used if the -.Em log_input -or -.Em log_output -options are enabled or when the -.Li LOG_INPUT -or -.Li LOG_OUTPUT -tags are present for a command. -The session sequence number, if any, is stored in the directory. -The default is -.Pa @iolog_dir@ . -.Pp -The following percent -.Pq Ql % -escape sequences are supported: -.Bl -tag -width 4n -.It Li %{seq} -expanded to a monotonically increasing base-36 sequence number, such as 0100A5, -where every two digits are used to form a new directory, e.g., -.Pa 01/00/A5 -.It Li %{user} -expanded to the invoking user's login name -.It Li %{group} -expanded to the name of the invoking user's real group-ID -.It Li %{runas_user} -expanded to the login name of the user the command will -be run as (e.g., root) -.It Li %{runas_group} -expanded to the group name of the user the command will -be run as (e.g., wheel) -.It Li %{hostname} -expanded to the local host name without the domain name -.It Li %{command} -expanded to the base name of the command being run -.El -.Pp -In addition, any escape sequences supported by the system's -.Xr strftime 3 -function will be expanded. -.Pp -To include a literal -.Ql % -character, the string -.Ql %% -should be used. -.It iolog_file -The path name, relative to -.Em iolog_dir , -in which to store input/output logs when the -.Em log_input -or -.Em log_output -options are enabled or when the -.Li LOG_INPUT -or -.Li LOG_OUTPUT -tags are present for a command. -Note that -.Em iolog_file -may contain directory components. -The default is -.Dq Li %{seq} . -.Pp -See the -.Em iolog_dir -option above for a list of supported percent -.Pq Ql % -escape sequences. -.Pp -In addition to the escape sequences, path names that end in six or -more -.Li X Ns s -will have the -.Li X Ns s -replaced with a unique combination of digits and letters, similar to the -.Xr mktemp 3 -function. -.Pp -If the path created by concatenating -.Em iolog_dir -and -.Em iolog_file -already exists, the existing I/O log file will be truncated and -overwritten unless -.Em iolog_file -ends in six or -more -.Li X Ns s . -.It iolog_flush -If set, -.Nm sudo -will flush I/O log data to disk after each write instead of buffering it. -This makes it possible to view the logs in real-time as the program -is executing but may significantly reduce the effectiveness of I/O -log compression. -This flag is -.Em off -by default. -.Pp -This setting is only supported by version 1.8.20 or higher. -.It iolog_group -The group name to look up when setting the group-ID on new I/O log -files and directories. -If -.Em iolog_group -is not set, -the primary group-ID of the user specified by -.Em iolog_user -is used. -If neither -.Em iolog_group -nor -.Em iolog_user -are set, I/O log files and directories are created with group-ID 0. -.Pp -This setting is only supported by version 1.8.19 or higher. -.It iolog_mode -The file mode to use when creating I/O log files. -Mode bits for read and write permissions for owner, group or other -are honored, everything else is ignored. -The file permissions will always include the owner read and -write bits, even if they are not present in the specified mode. -When creating I/O log directories, search (execute) bits are added -to match the read and write bits specified by -.Em iolog_mode . -Defaults to 0600 (read and write by user only). -.Pp -This setting is only supported by version 1.8.19 or higher. -.It iolog_user -The user name to look up when setting the user and group-IDs on new -I/O log files and directories. -If -.Em iolog_group -is set, it will be used instead of the user's primary group-ID. -By default, I/O log files and directories are created with user and -group-ID 0. -.Pp -This setting can be useful when the I/O logs are stored on a Network -File System (NFS) share. -Having a dedicated user own the I/O log files means that -.Nm -does not write to the log files as user-ID 0, which is usually -not permitted by NFS. -.Pp -This setting is only supported by version 1.8.19 or higher. -.It lecture_status_dir -The directory in which -.Nm sudo -stores per-user lecture status files. -Once a user has received the lecture, a zero-length file is -created in this directory so that -.Nm sudo -will not lecture the user again. -This directory should -.Em not -be cleared when the system reboots. -The default is -.Pa @vardir@/lectured . -.if \n(PS \{\ -.It limitprivs -The default Solaris limit privileges to use when constructing a new -privilege set for a command. -This bounds all privileges of the executing process. -The default limit privileges may be overridden on a per-command basis in -.Em sudoers . -This option is only available if -.Nm -is built on Solaris 10 or higher. -.\} -.It log_server_cabundle -The path to a certificate authority bundle file, in PEM format, -to use instead of the system's default certificate authority database -when authenticating the log server. -The default is to use the system's default certificate authority database. -This setting has no effect unless -.Em log_servers -is set and the remote log server is secured with TLS. -.Pp -This setting is only supported by version 1.9.0 or higher. -.It log_server_peer_cert -The path to the client's certificate file, in PEM format. -This setting is required when -.Em log_servers -is set and the remote log server is secured with TLS. -.Pp -This setting is only supported by version 1.9.0 or higher. -.It log_server_peer_key -The path to the client's private key file, in PEM format. -This setting is required when -.Em log_servers -is set and the remote log server is secured with TLS. -.Pp -This setting is only supported by version 1.9.0 or higher. -.It mailsub -Subject of the mail sent to the -.Em mailto -user. -The escape -.Li %h -will expand to the host name of the machine. -Default is -.Dq Li @mailsub@ . -.It noexec_file -As of -.Nm sudo -version 1.8.1 this option is no longer supported. -The path to the noexec file should now be set in the -.Xr sudo.conf @mansectform@ -file. -.It pam_login_service -On systems that use PAM for authentication, this is the service -name used when the -.Fl i -option is specified. -The default value is -.Dq Li @pam_login_service@ . -See the description of -.Em pam_service -for more information. -.Pp -This setting is only supported by version 1.8.8 or higher. -.It pam_service -On systems that use PAM for authentication, the service name -specifies the PAM policy to apply. -This usually corresponds to an entry in the -.Pa pam.conf -file or a file in the -.Pa /etc/pam.d -directory. -The default value is -.Dq Li sudo . -.Pp -This setting is only supported by version 1.8.8 or higher. -.It passprompt -The default prompt to use when asking for a password; can be overridden via the -.Fl p -option or the -.Ev SUDO_PROMPT -environment variable. -The following percent -.Pq Ql % -escape sequences are supported: -.Bl -tag -width 4n -.It Li %H -expanded to the local host name including the domain name -(only if the machine's host name is fully qualified or the -.Em fqdn -option is set) -.It Li %h -expanded to the local host name without the domain name -.It Li %p -expanded to the user whose password is being asked for (respects the -.Em rootpw , -.Em targetpw -and -.Em runaspw -flags in -.Em sudoers ) -.It Li \&%U -expanded to the login name of the user the command will -be run as (defaults to root) -.It Li %u -expanded to the invoking user's login name -.It Li %% -two consecutive -.Li % -characters are collapsed into a single -.Li % -character -.El -.Pp -On systems that use PAM for authentication, -.Em passprompt -will only be used if the prompt provided by the PAM module matches the string -.Dq "Password: " -or -.Dq "username's Password: " . -This ensures that the -.Em passprompt -setting does not interfere with challenge-response style authentication. -The -.Em passprompt_override -flag can be used to change this behavior. -.Pp -The default value is -.Dq Li "@passprompt@" . -.if \n(PS \{\ -.It privs -The default Solaris privileges to use when constructing a new -privilege set for a command. -This is passed to the executing process via the inherited privilege set, -but is bounded by the limit privileges. -If the -.Em privs -option is specified but the -.Em limitprivs -option is not, the limit privileges of the executing process is set to -.Em privs . -The default privileges may be overridden on a per-command basis in -.Em sudoers . -This option is only available if -.Nm -is built on Solaris 10 or higher. -.\} -.if \n(SL \{\ -.It role -The default SELinux role to use when constructing a new security -context to run the command. -The default role may be overridden on a per-command basis in the -.Em sudoers -file or via command line options. -This option is only available when -.Nm sudo -is built with SELinux support. -.\} -.It runas_default -The default user to run commands as if the -.Fl u -option is not specified on the command line. -This defaults to -.Li @runas_default@ . -.It sudoers_locale -Locale to use when parsing the sudoers file, logging commands, and -sending email. -Note that changing the locale may affect how sudoers is interpreted. -Defaults to -.Dq Li C . -.It timestamp_type -.Nm -uses per-user time stamp files for credential caching. -The -.Em timestamp_type -option can be used to specify the type of time stamp record used. -It has the following possible values: -.Bl -tag -width 6n -.It global -A single time stamp record is used for all of a user's login sessions, -regardless of the terminal or parent process ID. -An additional record is used to serialize password prompts when -.Nm sudo -is used multiple times in a pipeline, but this does not affect authentication. -.It ppid -A single time stamp record is used for all processes with the same parent -process ID (usually the shell). -Commands run from the same shell (or other common parent process) -will not require a password for -.Em timestamp_timeout -minutes -.Po -.Li @timeout@ -by default -.Pc . -Commands run via -.Nm sudo -with a different parent process ID, for example from a shell script, -will be authenticated separately. -.It tty -One time stamp record is used for each terminal, -which means that a user's login sessions are authenticated separately. -If no terminal is present, the behavior is the same as -.Em ppid . -Commands run from the same terminal will not require a password for -.Em timestamp_timeout -minutes -.Po -.Li @timeout@ -by default -.Pc . -.It kernel -The time stamp is stored in the kernel as an attribute of the terminal -device. -If no terminal is present, the behavior is the same as -.Em ppid . -Negative -.Em timestamp_timeout -values are not supported and positive values are limited to a maximum -of 60 minutes. -This is currently only supported on -.Ox . -.El -.Pp -The default value is -.Em @timestamp_type@ . -.Pp -This setting is only supported by version 1.8.21 or higher. -.It timestampdir -The directory in which -.Nm sudo -stores its time stamp files. -This directory should be cleared when the system reboots. -The default is -.Pa @rundir@/ts . -.It timestampowner -The owner of the lecture status directory, time stamp directory and all -files stored therein. -The default is -.Li root . -.if \n(SL \{\ -.It type -The default SELinux type to use when constructing a new security -context to run the command. -The default type may be overridden on a per-command basis in the -.Em sudoers -file or via command line options. -This option is only available when -.Nm sudo -is built with SELinux support. -.\} -.El -.Pp -.Sy Strings that can be used in a boolean context : -.Bl -tag -width 12n -.It env_file -The -.Em env_file -option specifies the fully qualified path to a file containing variables -to be set in the environment of the program being run. -Entries in this file should either be of the form -.Dq Li VARIABLE=value -or -.Dq Li export VARIABLE=value . -The value may optionally be enclosed in single or double quotes. -Variables in this file are only added if the variable does not already -exist in the environment. -This file is considered to be part of the security policy, -its contents are not subject to other -.Nm sudo -environment restrictions such as -.Em env_keep -and -.Em env_check . -.It exempt_group -Users in this group are exempt from password and PATH requirements. -The group name specified should not include a -.Li % -prefix. -This is not set by default. -.It fdexec -Determines whether -.Nm sudo -will execute a command by its path or by an open file descriptor. -It has the following possible values: -.Bl -tag -width 6n -.It always -Always execute by file descriptor. -.It never -Never execute by file descriptor. -.It digest_only -Only execute by file descriptor if the command has an associated digest -in the -.Em sudoers -file. -.El -.Pp -The default value is -.Em digest_only . -This avoids a time of check versus time of use race condition when -the command is located in a directory writable by the invoking user. -.Pp -Note that -.Em fdexec -will change the first element of the argument vector for scripts -($0 in the shell) due to the way the kernel runs script interpreters. -Instead of being a normal path, it will refer to a file descriptor. -For example, -.Pa /dev/fd/4 -on Solaris and -.Pa /proc/self/fd/4 -on Linux. -A workaround is to use the -.Dv SUDO_COMMAND -environment variable instead. -.Pp -The -.Em fdexec -setting is only used when the command is matched by path name. -It has no effect if the command is matched by the built-in -.Sy ALL -alias. -.Pp -This setting is only supported by version 1.8.20 or higher. -If the operating system does not support the -.Xr fexecve 2 -system call, this setting has no effect. -.It group_plugin -A string containing a -.Nm -group plugin with optional arguments. -The string should consist of the plugin -path, either fully-qualified or relative to the -.Pa @plugindir@ -directory, followed by any configuration arguments the plugin requires. -These arguments (if any) will be passed to the plugin's initialization function. -If arguments are present, the string must be enclosed in double quotes -.Pq \&"" . -.Pp -For more information see -.Sx "GROUP PROVIDER PLUGINS" . -.It lecture -This option controls when a short lecture will be printed along with -the password prompt. -It has the following possible values: -.Bl -tag -width 6n -.It always -Always lecture the user. -.It never -Never lecture the user. -.It once -Only lecture the user the first time they run -.Nm sudo . -.El -.Pp -If no value is specified, a value of -.Em once -is implied. -Negating the option results in a value of -.Em never -being used. -The default value is -.Em @lecture@ . -.It lecture_file -Path to a file containing an alternate -.Nm sudo -lecture that will be used in place of the standard lecture if the named -file exists. -By default, -.Nm sudo -uses a built-in lecture. -.It listpw -This option controls when a password will be required when a user runs -.Nm sudo -with the -.Fl l -option. -It has the following possible values: -.Bl -tag -width 8n -.It all -All the user's -.Em sudoers -file entries for the current host must have -the -.Li NOPASSWD -flag set to avoid entering a password. -.It always -The user must always enter a password to use the -.Fl l -option. -.It any -At least one of the user's -.Em sudoers -file entries for the current host -must have the -.Li NOPASSWD -flag set to avoid entering a password. -.It never -The user need never enter a password to use the -.Fl l -option. -.El -.Pp -If no value is specified, a value of -.Em any -is implied. -Negating the option results in a value of -.Em never -being used. -The default value is -.Em any . -.It log_format -The event log format. -Supported log formats are: -.Bl -tag -width 8n -.It json -Logs in JSON format. -JSON log entries contain the full user details as well as the execution -environment if the command was allowed. -Due to limitations of the protocol, JSON events sent via -.Em syslog -may be truncated. -.It sudo -Traditional sudo-style logs, see -.Sx "LOG FORMAT" -for a description of the log file format. -.El -.Pp -This setting affects logs sent via -.Xr syslog 3 -as well as the file specified by the -.Em logfile -setting, if any. -The default value is -.Em sudo . -.It logfile -Path to the -.Nm sudo -log file (not the syslog log file). -Setting a path turns on logging to a file; -negating this option turns it off. -By default, -.Nm sudo -logs via syslog. -.It mailerflags -Flags to use when invoking mailer. -Defaults to -.Fl t . -.It mailerpath -Path to mail program used to send warning mail. -Defaults to the path to sendmail found at configure time. -.It mailfrom -Address to use for the -.Dq from -address when sending warning and error mail. -The address should be enclosed in double quotes -.Pq \&"" -to protect against -.Nm sudo -interpreting the -.Li @ -sign. -Defaults to the name of the user running -.Nm sudo . -.It mailto -Address to send warning and error mail to. -The address should be enclosed in double quotes -.Pq \&"" -to protect against -.Nm sudo -interpreting the -.Li @ -sign. -Defaults to -.Li @mailto@ . -.It restricted_env_file -The -.Em restricted_env_file -option specifies the fully qualified path to a file containing variables -to be set in the environment of the program being run. -Entries in this file should either be of the form -.Dq Li VARIABLE=value -or -.Dq Li export VARIABLE=value . -The value may optionally be enclosed in single or double quotes. -Variables in this file are only added if the variable does not already -exist in the environment. -Unlike -.Em env_file , -the file's contents are not trusted and are processed in a manner -similar to that of the invoking user's environment. -If -.Em env_reset -is enabled, variables in the file will only be added if they are -matched by either the -.Em env_check -or -.Em env_keep -list. -If -.Em env_reset -is disabled, variables in the file are added as long as they -are not matched by the -.Em env_delete -list. -In either case, the contents of -.Em restricted_env_file -are processed before the contents of -.Em env_file . -.It runchroot -If set, -.Nm sudo -will use this value for the root directory when running a command. -The special value -.Dq * -will allow the user to specify the root directory via -.Nm sudo Ns 's -.Fl R -option. -See the -.Sx Chroot_Spec -section for more details. -.Pp -It is only possible to use -.Em runchroot -as a command-specific Defaults setting if the command exists with -the same path both inside and outside the chroot jail. -This restriction does not apply to generic, host or user-based -Defaults settings or to a -.Em Cmnd_Spec -that includes a -.Em Chroot_Spec . -.Pp -This setting is only supported by version 1.9.3 or higher. -.It runcwd -If set, -.Nm sudo -will use this value for the working directory when running a command. -The special value -.Dq * -will allow the user to specify the working directory via -.Nm sudo Ns 's -.Fl D -option. -See the -.Sx Chdir_Spec -section for more details. -.Pp -This setting is only supported by version 1.9.3 or higher. -.It secure_path -If set, -.Nm sudo -will use this value in place of the user's -.Ev PATH -environment variable. -This option can be used to reset the -.Ev PATH -to a known good value that contains directories for system administrator -commands such as -.Pa /usr/sbin . -.Pp -Users in the group specified by the -.Em exempt_group -option are not affected by -.Em secure_path . -This option is @secure_path@ by default. -.It syslog -Syslog facility if syslog is being used for logging (negate to -disable syslog logging). -Defaults to -.Li @logfac@ . -.Pp -The following syslog facilities are supported: -.Sy authpriv -(if your -OS supports it), -.Sy auth , -.Sy daemon , -.Sy user , -.Sy local0 , -.Sy local1 , -.Sy local2 , -.Sy local3 , -.Sy local4 , -.Sy local5 , -.Sy local6 , -and -.Sy local7 . -.It syslog_badpri -Syslog priority to use when the user is not allowed to run a command or -when authentication is unsuccessful. -Defaults to -.Li @badpri@ . -.Pp -The following syslog priorities are supported: -.Sy alert , -.Sy crit , -.Sy debug , -.Sy emerg , -.Sy err , -.Sy info , -.Sy notice , -.Sy warning , -and -.Sy none . -Negating the option or setting it to a value of -.Sy none -will disable logging of unsuccessful commands. -.It syslog_goodpri -Syslog priority to use when the user is allowed to run a command and -authentication is successful. -Defaults to -.Li @goodpri@ . -.Pp -See -.Em syslog_badpri -for the list of supported syslog priorities. -Negating the option or setting it to a value of -.Sy none -will disable logging of successful commands. -.It verifypw -This option controls when a password will be required when a user runs -.Nm sudo -with the -.Fl v -option. -It has the following possible values: -.Bl -tag -width 6n -.It all -All the user's -.Em sudoers -file entries for the current host must have the -.Li NOPASSWD -flag set to avoid entering a password. -.It always -The user must always enter a password to use the -.Fl v -option. -.It any -At least one of the user's -.Em sudoers -file entries for the current host must have the -.Li NOPASSWD -flag set to avoid entering a password. -.It never -The user need never enter a password to use the -.Fl v -option. -.El -.Pp -If no value is specified, a value of -.Em all -is implied. -Negating the option results in a value of -.Em never -being used. -The default value is -.Em all . -.El -.Pp -.Sy Lists that can be used in a boolean context : -.Bl -tag -width 16n -.It env_check -Environment variables to be removed from the user's environment -unless they are considered -.Dq safe . -For all variables except -.Li TZ , -.Dq safe -means that the variable's value does not contain any -.Ql % -or -.Ql / -characters. -This can be used to guard against printf-style format vulnerabilities -in poorly-written programs. -The -.Li TZ -variable is considered unsafe if any of the following are true: -.Bl -bullet -width 1n -.It -It consists of a fully-qualified path name, -optionally prefixed with a colon -.Pq Ql :\& , -that does not match the location of the -.Pa zoneinfo -directory. -.It -It contains a -.Pa .. -path element. -.It -It contains white space or non-printable characters. -.It -It is longer than the value of -.Li PATH_MAX . -.El -.Pp -The argument may be a double-quoted, space-separated list or a -single value without double-quotes. -The list can be replaced, added to, deleted from, or disabled by using -the -.Li = , -.Li += , -.Li -= , -and -.Li \&! -operators respectively. -Regardless of whether the -.Li env_reset -option is enabled or disabled, variables specified by -.Li env_check -will be preserved in the environment if they pass the aforementioned check. -The global list of environment variables to check is displayed when -.Nm sudo -is run by root with -the -.Fl V -option. -.It env_delete -Environment variables to be removed from the user's environment when the -.Em env_reset -option is not in effect. -The argument may be a double-quoted, space-separated list or a -single value without double-quotes. -The list can be replaced, added to, deleted from, or disabled by using the -.Li = , -.Li += , -.Li -= , -and -.Li \&! -operators respectively. -The global list of environment variables to remove is displayed when -.Nm sudo -is run by root with the -.Fl V -option. -Note that many operating systems will remove potentially dangerous -variables from the environment of any set-user-ID process (such as -.Nm sudo ) . -.It env_keep -Environment variables to be preserved in the user's environment when the -.Em env_reset -option is in effect. -This allows fine-grained control over the environment -.Nm sudo Ns -spawned -processes will receive. -The argument may be a double-quoted, space-separated list or a -single value without double-quotes. -The list can be replaced, added to, deleted from, or disabled by using the -.Li = , -.Li += , -.Li -= , -and -.Li \&! -operators respectively. -The global list of variables to keep -is displayed when -.Nm sudo -is run by root with the -.Fl V -option. -.Pp -Preserving the -.Ev HOME -environment variable has security implications since many programs use it -when searching for configuration or data files. -Adding -.Ev HOME -to -.Em env_keep -may enable a user to run unrestricted commands via -.Nm sudo -and is strongly discouraged. -Users wishing to edit files with -.Nm sudo -should run -.Nm sudoedit -(or -.Nm sudo Fl e ) -to get their accustomed editor configuration instead of -invoking the editor directly. -.It log_servers -A list of one or more servers to use for remote event and I/O log storage, -separated by white space. -Log servers must be running -.Nm sudo_logsrvd -or another service that implements the protocol described by -.Xr sudo_logsrv.proto @mansectform@ . -.Pp -Server addresses should be of the form -.Dq host Ns Oo : Ns port Oc Ns Op (tls) . -The host portion may be a host name, an IPv4 address, or an IPv6 address -in square brackets. -.Pp -If the optional -.Em tls -flag is present, the connection will be secured -with Transport Layer Security (TLS) version 1.2 or 1.3. -Versions of TLS prior to 1.2 are not supported. -.Pp -If a port is specified, it may either be a port number or a well-known -service name as defined by the system service name database. -If no port is specified, port 30343 will be used for plaintext -connections and port 30344 will be used for TLS connections. -.Pp -When -.Em log_servers -is set, event log data will be logged both locally (see the -.Em syslog -and -.Em log_file -settings) as well as remotely, but I/O log data will only be logged remotely. -If multiple hosts are specified, they will be attempted in reverse order. -If no log servers are available, the user will not be able to run -a command unless either the -.Em ignore_iolog_errors -flag (I/O logging enabled) or the -.Em ignore_log_errors -flag (I/O logging disabled) is set. -Likewise, if the connection to the log server is interrupted while -.Nm sudo -is running, the command will be terminated unless the -.Em ignore_iolog_errors -flag (I/O logging enabled) or the -.Em ignore_log_errors -flag (I/O logging disabled) is set. -.Pp -This setting is only supported by version 1.9.0 or higher. -.El -.Sh GROUP PROVIDER PLUGINS -The -.Nm -plugin supports its own plugin interface to allow non-Unix -group lookups which can query a group source other -than the standard Unix group database. -This can be used to implement support for the -.Li nonunix_group -syntax described earlier. -.Pp -Group provider plugins are specified via the -.Em group_plugin -setting. -The argument to -.Em group_plugin -should consist of the plugin path, either fully-qualified or relative to the -.Pa @plugindir@ -directory, followed by any configuration options the plugin requires. -These options (if specified) will be passed to the plugin's initialization -function. -If options are present, the string must be enclosed in double quotes -.Pq \&"" . -.Pp -The following group provider plugins are installed by default: -.Bl -tag -width 8n -.It group_file -The -.Em group_file -plugin supports an alternate group file that uses the same syntax as the -.Pa /etc/group -file. -The path to the group file should be specified as an option -to the plugin. -For example, if the group file to be used is -.Pa /etc/sudo-group : -.Bd -literal -Defaults group_plugin="group_file.so /etc/sudo-group" -.Ed -.It system_group -The -.Em system_group -plugin supports group lookups via the standard C library functions -.Fn getgrnam -and -.Fn getgrid . -This plugin can be used in instances where the user belongs to -groups not present in the user's supplemental group vector. -This plugin takes no options: -.Bd -literal -Defaults group_plugin=system_group.so -.Ed -.El -.Pp -The group provider plugin API is described in detail in -.Xr sudo_plugin @mansectform@ . -.Sh LOG FORMAT -.Nm -can log events in either JSON or -.Em sudo -format, -this section describes the -.Em sudo -log format. -Depending on -.Em sudoers -configuration, -.Nm -can log events via -.Xr syslog 3 , -to a local log file, or both. -The log format is almost identical in both cases. -.Ss Accepted command log entries -Commands that sudo runs are logged using the following format (split -into multiple lines for readability): -.Bd -literal -offset 4n -date hostname progname: username : TTY=ttyname ; PWD=cwd ; \e - USER=runasuser ; GROUP=runasgroup ; TSID=logid ; \e - ENV=env_vars COMMAND=command -.Ed -.Pp -Where the fields are as follows: -.Bl -tag -width 12n -.It date -The date the command was run. -Typically, this is in the format -.Dq MMM, DD, HH:MM:SS . -If logging via -.Xr syslog 3 , -the actual date format is controlled by the syslog daemon. -If logging to a file and the -.Em log_year -option is enabled, -the date will also include the year. -.It hostname -The name of the host -.Nm sudo -was run on. -This field is only present when logging via -.Xr syslog 3 . -.It progname -The name of the program, usually -.Em sudo -or -.Em sudoedit . -This field is only present when logging via -.Xr syslog 3 . -.It username -The login name of the user who ran -.Nm sudo . -.It ttyname -The short name of the terminal (e.g., -.Dq console , -.Dq tty01 , -or -.Dq pts/0 ) -.Nm sudo -was run on, or -.Dq unknown -if there was no terminal present. -.It cwd -The current working directory that -.Nm sudo -was run in. -.It runasuser -The user the command was run as. -.It runasgroup -The group the command was run as if one was specified on the command line. -.It logid -An I/O log identifier that can be used to replay the command's output. -This is only present when the -.Em log_input -or -.Em log_output -option is enabled. -.It env_vars -A list of environment variables specified on the command line, -if specified. -.It command -The actual command that was executed. -.El -.Pp -Messages are logged using the locale specified by -.Em sudoers_locale , -which defaults to the -.Dq Li C -locale. -.Ss Denied command log entries -If the user is not allowed to run the command, the reason for the denial -will follow the user name. -Possible reasons include: -.Bl -tag -width 4 -.It user NOT in sudoers -The user is not listed in the -.Em sudoers -file. -.It user NOT authorized on host -The user is listed in the -.Em sudoers -file but is not allowed to run commands on the host. -.It command not allowed -The user is listed in the -.Em sudoers -file for the host but they are not allowed to run the specified command. -.It 3 incorrect password attempts -The user failed to enter their password after 3 tries. -The actual number of tries will vary based on the number of -failed attempts and the value of the -.Em passwd_tries -option. -.It a password is required -The -.Fl n -option was specified but a password was required. -.It sorry, you are not allowed to set the following environment variables -The user specified environment variables on the command line that -were not allowed by -.Em sudoers . -.El -.Ss Error log entries -If an error occurs, -.Nm -will log a message and, in most cases, send a message to the -administrator via email. -Possible errors include: -.Bl -tag -width 4 -.It parse error in @sysconfdir@/sudoers near line N -.Nm -encountered an error when parsing the specified file. -In some cases, the actual error may be one line above or below the -line number listed, depending on the type of error. -.It problem with defaults entries -The -.Em sudoers -file contains one or more unknown Defaults settings. -This does not prevent -.Nm sudo -from running, but the -.Em sudoers -file should be checked using -.Nm visudo . -.It timestamp owner (username): \&No such user -The time stamp directory owner, as specified by the -.Em timestampowner -setting, could not be found in the password database. -.It unable to open/read @sysconfdir@/sudoers -The -.Em sudoers -file could not be opened for reading. -This can happen when the -.Em sudoers -file is located on a remote file system that maps user-ID 0 to -a different value. -Normally, -.Nm -tries to open the -.Em sudoers -file using group permissions to avoid this problem. -Consider either changing the ownership of -.Pa @sysconfdir@/sudoers -or adding an argument like -.Dq sudoers_uid=N -(where -.Sq N -is the user-ID that owns the -.Em sudoers -file) to the end of the -.Nm -.Li Plugin -line in the -.Xr sudo.conf @mansectform@ -file. -.It unable to stat @sysconfdir@/sudoers -The -.Pa @sysconfdir@/sudoers -file is missing. -.It @sysconfdir@/sudoers is not a regular file -The -.Pa @sysconfdir@/sudoers -file exists but is not a regular file or symbolic link. -.It @sysconfdir@/sudoers is owned by uid N, should be 0 -The -.Em sudoers -file has the wrong owner. -If you wish to change the -.Em sudoers -file owner, please add -.Dq sudoers_uid=N -(where -.Sq N -is the user-ID that owns the -.Em sudoers -file) to the -.Nm -.Li Plugin -line in the -.Xr sudo.conf @mansectform@ -file. -.It @sysconfdir@/sudoers is world writable -The permissions on the -.Em sudoers -file allow all users to write to it. -The -.Em sudoers -file must not be world-writable, the default file mode -is 0440 (readable by owner and group, writable by none). -The default mode may be changed via the -.Dq sudoers_mode -option to the -.Nm -.Li Plugin -line in the -.Xr sudo.conf @mansectform@ -file. -.It @sysconfdir@/sudoers is owned by gid N, should be 1 -The -.Em sudoers -file has the wrong group ownership. -If you wish to change the -.Em sudoers -file group ownership, please add -.Dq sudoers_gid=N -(where -.Sq N -is the group-ID that owns the -.Em sudoers -file) to the -.Nm -.Li Plugin -line in the -.Xr sudo.conf @mansectform@ -file. -.It unable to open @rundir@/ts/username -.Nm -was unable to read or create the user's time stamp file. -This can happen when -.Em timestampowner -is set to a user other than root and the mode on -.Pa @rundir@ -is not searchable by group or other. -The default mode for -.Pa @rundir@ -is 0711. -.It unable to write to @rundir@/ts/username -.Nm -was unable to write to the user's time stamp file. -.It @rundir@/ts is owned by uid X, should be Y -The time stamp directory is owned by a user other than -.Em timestampowner . -This can occur when the value of -.Em timestampowner -has been changed. -.Nm -will ignore the time stamp directory until the owner is corrected. -.It @rundir@/ts is group writable -The time stamp directory is group-writable; it should be writable only by -.Em timestampowner . -The default mode for the time stamp directory is 0700. -.Nm -will ignore the time stamp directory until the mode is corrected. -.El -.Ss Notes on logging via syslog -By default, -.Nm -logs messages via -.Xr syslog 3 . -The -.Em date , -.Em hostname , -and -.Em progname -fields are added by the system's -.Fn syslog -function, not -.Nm -itself. -As such, they may vary in format on different systems. -.Pp -The maximum size of syslog messages varies from system to system. -The -.Em syslog_maxlen -setting can be used to change the maximum syslog message size -from the default value of 980 bytes. -For more information, see the description of -.Em syslog_maxlen . -.Ss Notes on logging to a file -If the -.Em logfile -option is set, -.Nm -will log to a local file, such as -.Pa /var/log/sudo . -When logging to a file, -.Nm -uses a format similar to -.Xr syslog 3 , -with a few important differences: -.Bl -enum -.It -The -.Em progname -and -.Em hostname -fields are not present. -.It -If the -.Em log_year -option is enabled, -the date will also include the year. -.It -Lines that are longer than -.Em loglinelen -characters (80 by default) are word-wrapped and continued on the -next line with a four character indent. -This makes entries easier to read for a human being, but makes it -more difficult to use -.Xr grep 1 -on the log files. -If the -.Em loglinelen -option is set to 0 (or negated with a -.Ql \&! ) , -word wrap will be disabled. -.El -.Sh I/O LOG FILES -When I/O logging is enabled, -.Nm sudo -will run the command in a pseudo-terminal and log all user input and/or output, -depending on which options are enabled. -I/O can be logged either to the local machine or to a remote log server. -For local logs, I/O is logged to the directory specified by the -.Em iolog_dir -option -.Po -.Pa @iolog_dir@ -by default -.Pc -using a unique session ID that is included in the -.Nm sudo -log line, prefixed with -.Dq Li TSID= . -The -.Em iolog_file -option may be used to control the format of the session ID. -For remote logs, the -.Em log_servers -setting is used to specify one or more log servers running -.Nm sudo_logsrvd -or another server that implements the protocol described by -.Xr sudo_logsrv.proto @mansectform@ . -.Pp -For both local and remote I/O logs, each log is stored in a separate -directory that contains the following files: -.Bl -tag -width 8n -.It Pa log -A text file containing information about the command. -The first line consists of the following colon-delimited fields: -the time the command was run, the name of the user -who ran -.Nm sudo , -the name of the target user, the name of the target group (optional), -the terminal that -.Nm sudo -was run from, and the number of lines and columns of the terminal. -The second and third lines contain the working directory the command -was run from and the path name of the command itself (with arguments -if present). -.It Pa log.json -A JSON-formatted file containing information about the command. -This is similar to the -.Pa log -file but contains additional information and is easily extensible. -The -.Pa log.json -file will be used by -.Xr sudoreplay @mansectsu@ -in preference to the -.Pa log -file if it exists. -The file may contain the following elements: -.Bl -tag -width 8n -.It timestamp -A JSON object containing time the command was run. -It consists of two values, -.Em seconds -and -.Em nanoseconds . -.It columns -The number of columns of the terminal the command ran on, or zero -if no terminal was present. -.It command -The fully-qualified path of the command that was run. -.It lines -The number of lines of the terminal the command ran on, or zero -if no terminal was present. -.It runargv -A JSON array representing the command's argument vector as passed to the -.Xr execve 2 -system call. -.It runenv -A JSON array representing the command's environment as passed to the -.Xr execve 2 -system call. -.It rungid -The group ID the command ran as. -This element is only present when the user specifies a group on the -command line. -.It rungroup -The name of the group the command ran as. -This element is only present when the user specifies a group on the -command line. -.It runuid -The user ID the command ran as. -.It runuser -The name of the user the command ran as. -.It submitcwd -The current working directory at the time -.Nm sudo -was run. -.It submithost -The name of the host the command was run on. -.It submituser -The name of the user who ran the command via -.Nm sudo . -.It ttyname -The path name of the terminal the user invoked -.Nm sudo -from. -If the command was run in a pseudo-terminal, -.Em ttyname -will be different from the terminal the command actually ran in. -.El -.It Pa timing -Timing information used to replay the session. -Each line consists of the I/O log entry type and amount of time -since the last entry, followed by type-specific data. -The I/O log entry types and their corresponding type-specific data are: -.Pp -.Bl -tag -width 4n -compact -.It 0 -standard input, number of bytes in the entry -.It 1 -standard output, number of bytes in the entry -.It 2 -standard error, number of bytes in the entry -.It 3 -terminal input, number of bytes in the entry -.It 4 -terminal output, number of bytes in the entry -.It 5 -window change, new number lines and columns -.It 6 -bug compatibility for -.Nm sudo -1.8.7 terminal output -.It 7 -command suspend or resume, signal received -.El -.It Pa ttyin -Raw input from the user's terminal, exactly as it was received. -No post-processing is performed. -For manual viewing, you may wish to convert carriage return characters -in the log to line feeds. -For example: -.Ql gunzip -c ttyin | tr \&"\er\&" \&"\en\&" -.It Pa stdin -The standard input when no terminal is present, or input redirected from -a pipe or file. -.It Pa ttyout -Output from the pseudo-terminal (what the command writes to the screen). -Note that terminal-specific post-processing is performed before the -data is logged. -This means that, for example, line feeds are usually converted to -line feed/carriage return pairs and tabs may be expanded to spaces. -.It Pa stdout -The standard output when no terminal is present, or output redirected to -a pipe or file. -.It Pa stderr -The standard error redirected to a pipe or file. -.El -.Pp -All files other than -.Pa log -are compressed in gzip format unless the -.Em compress_io -flag has been disabled. -Due to buffering, it is not normally possible to display the I/O logs in -real-time as the program is executing. -The I/O log data will not be complete until the program run by -.Nm sudo -has exited or has been terminated by a signal. -The -.Em iolog_flush -flag can be used to disable buffering, in which case I/O log data -is written to disk as soon as it is available. -The output portion of an I/O log file can be viewed with the -.Xr sudoreplay @mansectsu@ -utility, which can also be used to list or search the available logs. -.Pp -Note that user input may contain sensitive information such as -passwords (even if they are not echoed to the screen), which will -be stored in the log file unencrypted. -In most cases, logging the command output via -.Em log_output -or -.Li LOG_OUTPUT -is all that is required. -.Pp -Since each session's I/O logs are stored in a separate directory, -traditional log rotation utilities cannot be used to limit the -number of I/O logs. -The simplest way to limit the number of I/O is by setting the -.Em maxseq -option to the maximum number of logs you wish to store. -Once the I/O log sequence number reaches -.Em maxseq , -it will be reset to zero and -.Nm -will truncate and re-use any existing I/O logs. -.Sh FILES -.Bl -tag -width 24n -.It Pa @sysconfdir@/sudo.conf -Sudo front end configuration -.It Pa @sysconfdir@/sudoers -List of who can run what -.It Pa /etc/group -Local groups file -.It Pa /etc/netgroup -List of network groups -.It Pa @iolog_dir@ -I/O log files -.It Pa @rundir@/ts -Directory containing time stamps for the -.Nm -security policy -.It Pa @vardir@/lectured -Directory containing lecture status files for the -.Nm -security policy -.It Pa /etc/environment -Initial environment for -.Fl i -mode on AIX and Linux systems -.El -.Sh EXAMPLES -Below are example -.Em sudoers -file entries. -Admittedly, some of these are a bit contrived. -First, we allow a few environment variables to pass and then define our -.Em aliases : -.Bd -literal -# Run X applications through sudo; HOME is used to find the -# .Xauthority file. Note that other programs use HOME to find -# configuration files and this may lead to privilege escalation! -Defaults env_keep += "DISPLAY HOME" - -# User alias specification -User_Alias FULLTIMERS = millert, mikef, dowdy -User_Alias PARTTIMERS = bostley, jwfox, crawl -User_Alias WEBADMIN = will, wendy, wim - -# Runas alias specification -Runas_Alias OP = root, operator -Runas_Alias DB = oracle, sybase -Runas_Alias ADMINGRP = adm, oper - -# Host alias specification -Host_Alias SPARC = bigtime, eclipse, moet, anchor :\e - SGI = grolsch, dandelion, black :\e - ALPHA = widget, thalamus, foobar :\e - HPPA = boa, nag, python -Host_Alias CUNETS = 128.138.0.0/255.255.0.0 -Host_Alias CSNETS = 128.138.243.0, 128.138.204.0/24, 128.138.242.0 -Host_Alias SERVERS = primary, mail, www, ns -Host_Alias CDROM = orion, perseus, hercules - -# Cmnd alias specification -Cmnd_Alias DUMPS = /usr/bin/mt, /usr/sbin/dump, /usr/sbin/rdump,\e - /usr/sbin/restore, /usr/sbin/rrestore,\e - sha224:0GomF8mNN3wlDt1HD9XldjJ3SNgpFdbjO1+NsQ== \e - /home/operator/bin/start_backups -Cmnd_Alias KILL = /usr/bin/kill -Cmnd_Alias PRINTING = /usr/sbin/lpc, /usr/bin/lprm -Cmnd_Alias SHUTDOWN = /usr/sbin/shutdown -Cmnd_Alias HALT = /usr/sbin/halt -Cmnd_Alias REBOOT = /usr/sbin/reboot -Cmnd_Alias SHELLS = /usr/bin/sh, /usr/bin/csh, /usr/bin/ksh,\e - /usr/local/bin/tcsh, /usr/bin/rsh,\e - /usr/local/bin/zsh -Cmnd_Alias SU = /usr/bin/su -Cmnd_Alias PAGERS = /usr/bin/more, /usr/bin/pg, /usr/bin/less -.Ed -.Pp -Here we override some of the compiled in default values. -We want -.Nm sudo -to log via -.Xr syslog 3 -using the -.Em auth -facility in all cases and for commands to be run with -the target user's home directory as the working directory. -We don't want to subject the full time staff to the -.Nm sudo -lecture and we want to allow them to run commands in a -.Xr chroot 2 -.Dq sandbox -via the -.Fl R -option. -User -.Sy millert -need not provide a password and we don't want to reset the -.Ev LOGNAME -or -.Ev USER -environment variables when running commands as root. -Additionally, on the machines in the -.Em SERVERS -.Li Host_Alias , -we keep an additional local log file and make sure we log the year -in each log line since the log entries will be kept around for several years. -Lastly, we disable shell escapes for the commands in the PAGERS -.Li Cmnd_Alias -.Po -.Pa /usr/bin/more , -.Pa /usr/bin/pg -and -.Pa /usr/bin/less -.Pc . -Note that this will not effectively constrain users with -.Nm sudo -.Sy ALL -privileges. -.Bd -literal -# Override built-in defaults -Defaults syslog=auth,runcwd=~ -Defaults>root !set_logname -Defaults:FULLTIMERS !lecture,runchroot=* -Defaults:millert !authenticate -Defaults@SERVERS log_year, logfile=/var/log/sudo.log -Defaults!PAGERS noexec -.Ed -.Pp -The -.Em User specification -is the part that actually determines who may run what. -.Bd -literal -root ALL = (ALL) ALL -%wheel ALL = (ALL) ALL -.Ed -.Pp -We let -.Sy root -and any user in group -.Sy wheel -run any command on any host as any user. -.Bd -literal -FULLTIMERS ALL = NOPASSWD: ALL -.Ed -.Pp -Full time sysadmins -.Po -.Sy millert , -.Sy mikef , -and -.Sy dowdy -.Pc -may run any command on any host without authenticating themselves. -.Bd -literal -PARTTIMERS ALL = ALL -.Ed -.Pp -Part time sysadmins -.Sy bostley , -.Sy jwfox , -and -.Sy crawl ) -may run any command on any host but they must authenticate themselves -first (since the entry lacks the -.Li NOPASSWD -tag). -.Bd -literal -jack CSNETS = ALL -.Ed -.Pp -The user -.Sy jack -may run any command on the machines in the -.Em CSNETS -alias (the networks -.Li 128.138.243.0 , -.Li 128.138.204.0 , -and -.Li 128.138.242.0 ) . -Of those networks, only -.Li 128.138.204.0 -has an explicit netmask (in CIDR notation) indicating it is a class C network. -For the other networks in -.Em CSNETS , -the local machine's netmask will be used during matching. -.Bd -literal -lisa CUNETS = ALL -.Ed -.Pp -The user -.Sy lisa -may run any command on any host in the -.Em CUNETS -alias (the class B network -.Li 128.138.0.0 ) . -.Bd -literal -operator ALL = DUMPS, KILL, SHUTDOWN, HALT, REBOOT, PRINTING,\e - sudoedit /etc/printcap, /usr/oper/bin/ -.Ed -.Pp -The -.Sy operator -user may run commands limited to simple maintenance. -Here, those are commands related to backups, killing processes, the -printing system, shutting down the system, and any commands in the -directory -.Pa /usr/oper/bin/ . -Note that one command in the -.Li DUMPS -Cmnd_Alias includes a sha224 digest, -.Pa /home/operator/bin/start_backups . -This is because the directory containing the script is writable by the -operator user. -If the script is modified (resulting in a digest mismatch) it will no longer -be possible to run it via -.Nm sudo . -.Bd -literal -joe ALL = /usr/bin/su operator -.Ed -.Pp -The user -.Sy joe -may only -.Xr su 1 -to operator. -.Bd -literal -pete HPPA = /usr/bin/passwd [A-Za-z]*, !/usr/bin/passwd *root* - -%opers ALL = (: ADMINGRP) /usr/sbin/ -.Ed -.Pp -Users in the -.Sy opers -group may run commands in -.Pa /usr/sbin/ -as themselves -with any group in the -.Em ADMINGRP -.Li Runas_Alias -(the -.Sy adm -and -.Sy oper -groups). -.Pp -The user -.Sy pete -is allowed to change anyone's password except for -root on the -.Em HPPA -machines. -Because command line arguments are matched as a single, -concatenated string, the -.Ql * -wildcard will match -.Em multiple -words. -This example assumes that -.Xr passwd 1 -does not take multiple user names on the command line. -Note that on GNU systems, options to -.Xr passwd 1 -may be specified after the user argument. -As a result, this rule will also allow: -.Bd -literal -offset 4n -passwd username --expire -.Ed -.Pp -which may not be desirable. -.Bd -literal -bob SPARC = (OP) ALL : SGI = (OP) ALL -.Ed -.Pp -The user -.Sy bob -may run anything on the -.Em SPARC -and -.Em SGI -machines as any user listed in the -.Em OP -.Li Runas_Alias -.Po -.Sy root -and -.Sy operator . -.Pc -.Bd -literal -jim +biglab = ALL -.Ed -.Pp -The user -.Sy jim -may run any command on machines in the -.Em biglab -netgroup. -.Nm sudo -knows that -.Dq biglab -is a netgroup due to the -.Ql + -prefix. -.Bd -literal -+secretaries ALL = PRINTING, /usr/bin/adduser, /usr/bin/rmuser -.Ed -.Pp -Users in the -.Sy secretaries -netgroup need to help manage the printers as well as add and remove users, -so they are allowed to run those commands on all machines. -.Bd -literal -fred ALL = (DB) NOPASSWD: ALL -.Ed -.Pp -The user -.Sy fred -can run commands as any user in the -.Em DB -.Li Runas_Alias -.Po -.Sy oracle -or -.Sy sybase -.Pc -without giving a password. -.Bd -literal -john ALPHA = /usr/bin/su [!-]*, !/usr/bin/su *root* -.Ed -.Pp -On the -.Em ALPHA -machines, user -.Sy john -may su to anyone except root but he is not allowed to specify any options -to the -.Xr su 1 -command. -.Bd -literal -jen ALL, !SERVERS = ALL -.Ed -.Pp -The user -.Sy jen -may run any command on any machine except for those in the -.Em SERVERS -.Li Host_Alias -(primary, mail, www and ns). -.Bd -literal -jill SERVERS = /usr/bin/, !SU, !SHELLS -.Ed -.Pp -For any machine in the -.Em SERVERS -.Li Host_Alias , -.Sy jill -may run -any commands in the directory -.Pa /usr/bin/ -except for those commands -belonging to the -.Em SU -and -.Em SHELLS -.Li Cmnd_Aliases . -While not specifically mentioned in the rule, the commands in the -.Em PAGERS -.Li Cmnd_Alias -all reside in -.Pa /usr/bin -and have the -.Em noexec -option set. -.Bd -literal -steve CSNETS = (operator) /usr/local/op_commands/ -.Ed -.Pp -The user -.Sy steve -may run any command in the directory /usr/local/op_commands/ -but only as user operator. -.Bd -literal -matt valkyrie = KILL -.Ed -.Pp -On his personal workstation, valkyrie, -.Sy matt -needs to be able to kill hung processes. -.Bd -literal -WEBADMIN www = (www) ALL, (root) /usr/bin/su www -.Ed -.Pp -On the host www, any user in the -.Em WEBADMIN -.Li User_Alias -(will, wendy, and wim), may run any command as user www (which owns the -web pages) or simply -.Xr su 1 -to www. -.Bd -literal -ALL CDROM = NOPASSWD: /sbin/umount /CDROM,\e - /sbin/mount -o nosuid\e,nodev /dev/cd0a /CDROM -.Ed -.Pp -Any user may mount or unmount a CD-ROM on the machines in the CDROM -.Li Host_Alias -(orion, perseus, hercules) without entering a password. -This is a bit tedious for users to type, so it is a prime candidate -for encapsulating in a shell script. -.Sh SECURITY NOTES -.Ss Limitations of the So !\& Sc operator -It is generally not effective to -.Dq subtract -commands from -.Sy ALL -using the -.Ql !\& -operator. -A user can trivially circumvent this by copying the desired command -to a different name and then executing that. -For example: -.Bd -literal -bill ALL = ALL, !SU, !SHELLS -.Ed -.Pp -Doesn't really prevent -.Sy bill -from running the commands listed in -.Em SU -or -.Em SHELLS -since he can simply copy those commands to a different name, or use -a shell escape from an editor or other program. -Therefore, these kind of restrictions should be considered -advisory at best (and reinforced by policy). -.Pp -In general, if a user has sudo -.Sy ALL -there is nothing to prevent them from creating their own program that gives -them a root shell (or making their own copy of a shell) regardless of any -.Ql !\& -elements in the user specification. -.Ss Security implications of Em fast_glob -If the -.Em fast_glob -option is in use, it is not possible to reliably negate commands where the -path name includes globbing (aka wildcard) characters. -This is because the C library's -.Xr fnmatch 3 -function cannot resolve relative paths. -While this is typically only an inconvenience for rules that grant privileges, -it can result in a security issue for rules that subtract or revoke privileges. -.Pp -For example, given the following -.Em sudoers -file entry: -.Bd -literal -john ALL = /usr/bin/passwd [a-zA-Z0-9]*, /usr/bin/chsh [a-zA-Z0-9]*,\e - /usr/bin/chfn [a-zA-Z0-9]*, !/usr/bin/* root -.Ed -.Pp -User -.Sy john -can still run -.Li /usr/bin/passwd root -if -.Em fast_glob -is enabled by changing to -.Pa /usr/bin -and running -.Li ./passwd root -instead. -.Ss Preventing shell escapes -Once -.Nm sudo -executes a program, that program is free to do whatever -it pleases, including run other programs. -This can be a security issue since it is not uncommon for a program to -allow shell escapes, which lets a user bypass -.Nm sudo Ns 's -access control and logging. -Common programs that permit shell escapes include shells (obviously), -editors, paginators, mail and terminal programs. -.Pp -There are two basic approaches to this problem: -.Bl -tag -width 8n -.It restrict -Avoid giving users access to commands that allow the user to run -arbitrary commands. -Many editors have a restricted mode where shell -escapes are disabled, though -.Nm sudoedit -is a better solution to -running editors via -.Nm sudo . -Due to the large number of programs that -offer shell escapes, restricting users to the set of programs that -do not is often unworkable. -.It noexec -Many systems that support shared libraries have the ability to -override default library functions by pointing an environment -variable (usually -.Ev LD_PRELOAD ) -to an alternate shared library. -On such systems, -.Nm sudo Ns 's -.Em noexec -functionality can be used to prevent a program run by -.Nm sudo -from executing any other programs. -Note, however, that this applies only to dynamically-linked -executables. -Statically-linked executables and executables -running under binary emulation are not affected. -.Pp -The -.Em noexec -feature is known to work on SunOS, Solaris, *BSD, -Linux, IRIX, Tru64 UNIX, macOS, HP-UX 11.x and AIX 5.3 and above. -It should be supported on most operating systems that support the -.Ev LD_PRELOAD -environment variable. -Check your operating system's manual pages for the dynamic linker -(usually ld.so, ld.so.1, dyld, dld.sl, rld, or loader) to see if -.Ev LD_PRELOAD -is supported. -.Pp -On Solaris 10 and higher, -.Em noexec -uses Solaris privileges instead of the -.Ev LD_PRELOAD -environment variable. -.Pp -To enable -.Em noexec -for a command, use the -.Li NOEXEC -tag as documented -in the User Specification section above. -Here is that example again: -.Bd -literal -aaron shanty = NOEXEC: /usr/bin/more, /usr/bin/vi -.Ed -.Pp -This allows user -.Sy aaron -to run -.Pa /usr/bin/more -and -.Pa /usr/bin/vi -with -.Em noexec -enabled. -This will prevent those two commands from -executing other commands (such as a shell). -If you are unsure whether or not your system is capable of supporting -.Em noexec -you can always just try it out and check whether shell escapes work when -.Em noexec -is enabled. -.El -.Pp -Note that restricting shell escapes is not a panacea. -Programs running as root are still capable of many potentially hazardous -operations (such as changing or overwriting files) that could lead -to unintended privilege escalation. -In the specific case of an editor, a safer approach is to give the -user permission to run -.Nm sudoedit -(see below). -.Ss Secure editing -The -.Nm -plugin includes -.Nm sudoedit -support which allows users to securely edit files with the editor -of their choice. -As -.Nm sudoedit -is a built-in command, it must be specified in the -.Em sudoers -file without a leading path. -However, it may take command line arguments just as a normal command does. -Wildcards used in -.Em sudoedit -command line arguments are expected to be path names, so a forward slash -.Pq Ql / -will not be matched by a wildcard. -.Pp -Unlike other -.Nm sudo -commands, the editor is run with the permissions of the invoking -user and with the environment unmodified. -More information may be found in the description of the -.Fl e -option in -.Xr sudo @mansectsu@ . -.Pp -For example, to allow user operator to edit the -.Dq message of the day -file: -.Bd -literal -offset indent -operator sudoedit /etc/motd -.Ed -.Pp -The operator user then runs -.Nm sudoedit -as follows: -.Bd -literal -offset indent -$ sudoedit /etc/motd -.Ed -.Pp -The editor will run as the operator user, not root, on a temporary copy of -.Pa /etc/motd . -After the file has been edited, -.Pa /etc/motd -will be updated with the contents of the temporary copy. -.Pp -Users should -.Em never -be granted -.Nm sudoedit -permission to edit a file that resides in a directory the user -has write access to, either directly or via a wildcard. -If the user has write access to the directory it is possible to -replace the legitimate file with a link to another file, -allowing the editing of arbitrary files. -To prevent this, starting with version 1.8.16, symbolic links will -not be followed in writable directories and -.Nm sudoedit -will refuse to edit a file located in a writable directory -unless the -.Em sudoedit_checkdir -option has been disabled or the invoking user is root. -Additionally, in version 1.8.15 and higher, -.Nm sudoedit -will refuse to open a symbolic link unless either the -.Em sudoedit_follow -option is enabled or the -.Em sudoedit -command is prefixed with the -.Li FOLLOW -tag in the -.Em sudoers -file. -.Ss Time stamp file checks -.Nm -will check the ownership of its time stamp directory -.Po -.Pa @rundir@/ts -by default -.Pc -and ignore the directory's contents if it is not owned by root or -if it is writable by a user other than root. -Older versions of -.Nm sudo -stored time stamp files in -.Pa /tmp ; -this is no longer recommended as it may be possible for a user -to create the time stamp themselves on systems that allow -unprivileged users to change the ownership of files they create. -.Pp -While the time stamp directory -.Em should -be cleared at reboot time, not all systems contain a -.Pa /run -or -.Pa /var/run -directory. -To avoid potential problems, -.Nm -will ignore time stamp files that date from before the machine booted -on systems where the boot time is available. -.Pp -Some systems with graphical desktop environments allow unprivileged -users to change the system clock. -Since -.Nm -relies on the system clock for time stamp validation, it may be -possible on such systems for a user to run -.Nm sudo -for longer than -.Em timestamp_timeout -by setting the clock back. -To combat this, -.Nm -uses a monotonic clock (which never moves backwards) for its time stamps -if the system supports it. -.Pp -.Nm -will not honor time stamps set far in the future. -Time stamps with a date greater than current_time + 2 * -.Li TIMEOUT -will be ignored and -.Nm -will log and complain. -.Pp -If the -.Em timestamp_type -option is set to -.Dq tty , -the time stamp record includes the device number of the terminal -the user authenticated with. -This provides per-terminal granularity but time stamp records may still -outlive the user's session. -.Pp -Unless the -.Em timestamp_type -option is set to -.Dq global , -the time stamp record also includes the session ID of the process -that last authenticated. -This prevents processes in different terminal sessions from using -the same time stamp record. -On systems where a process's start time can be queried, -the start time of the session leader -is recorded in the time stamp record. -If no terminal is present or the -.Em timestamp_type -option is set to -.Dq ppid , -the start time of the parent process is used instead. -In most cases this will prevent a time stamp record from being re-used -without the user entering a password when logging out and back in again. -.Sh DEBUGGING -Versions 1.8.4 and higher of the -.Nm -plugin support a flexible debugging framework that can help track -down what the plugin is doing internally if there is a problem. -This can be configured in the -.Xr sudo.conf @mansectform@ -file. -.Pp -The -.Nm -plugin uses the same debug flag format as the -.Nm sudo -front-end: -.Em subsystem Ns @ Ns Em priority . -.Pp -The priorities used by -.Nm , -in order of decreasing severity, -are: -.Em crit , err , warn , notice , diag , info , trace -and -.Em debug . -Each priority, when specified, also includes all priorities higher -than it. -For example, a priority of -.Em notice -would include debug messages logged at -.Em notice -and higher. -.Pp -The following subsystems are used by the -.Nm -plugin: -.Bl -tag -width 8n -.It Em alias -.Li User_Alias , -.Li Runas_Alias , -.Li Host_Alias -and -.Li Cmnd_Alias -processing -.It Em all -matches every subsystem -.It Em audit -BSM and Linux audit code -.It Em auth -user authentication -.It Em defaults -.Em sudoers -file -.Em Defaults -settings -.It Em env -environment handling -.It Em ldap -LDAP-based sudoers -.It Em logging -logging support -.It Em match -matching of users, groups, hosts and netgroups in the -.Em sudoers -file -.It Em netif -network interface handling -.It Em nss -network service switch handling in -.Nm -.It Em parser -.Em sudoers -file parsing -.It Em perms -permission setting -.It Em plugin -The equivalent of -.Em main -for the plugin. -.It Em pty -pseudo-terminal related code -.It Em rbtree -redblack tree internals -.It Em sssd -SSSD-based sudoers -.It Em util -utility functions -.El -For example: -.Bd -literal -Debug sudo /var/log/sudo_debug match@info,nss@info -.Ed -.Pp -For more information, see the -.Xr sudo.conf @mansectform@ -manual. -.Sh SEE ALSO -.Xr ssh 1 , -.Xr su 1 , -.Xr fnmatch 3 , -.Xr glob 3 , -.Xr mktemp 3 , -.Xr strftime 3 , -.Xr sudo.conf @mansectform@ , -.Xr sudo_plugin @mansectform@ , -.Xr sudoers.ldap @mansectform@ , -.Xr sudoers_timestamp @mansectform@ , -.Xr sudo @mansectsu@ , -.Xr visudo @mansectsu@ -.Sh AUTHORS -Many people have worked on -.Nm sudo -over the years; this version consists of code written primarily by: -.Bd -ragged -offset indent -.An Todd C. Miller -.Ed -.Pp -See the CONTRIBUTORS file in the -.Nm sudo -distribution (https://www.sudo.ws/contributors.html) for an -exhaustive list of people who have contributed to -.Nm sudo . -.Sh CAVEATS -The -.Em sudoers -file should -.Sy always -be edited by the -.Nm visudo -utility which locks the file and checks for syntax errors. -If -.Em sudoers -contains syntax errors, -.Nm sudo -may refuse to run, which is a serious problem if -.Nm sudo -is your only method of obtaining superuser privileges. -Recent versions of -.Nm -will attempt to recover after a syntax error by ignoring the rest of -the line after encountering an error. -Older versions of -.Nm sudo -will not run if -.Em sudoers -contains a syntax error. -.Pp -When using netgroups of machines (as opposed to users), if you -store fully qualified host name in the netgroup (as is usually the -case), you either need to have the machine's host name be fully qualified -as returned by the -.Li hostname -command or use the -.Em fqdn -option in -.Em sudoers . -.Sh BUGS -If you feel you have found a bug in -.Nm sudo , -please submit a bug report at https://bugzilla.sudo.ws/ -.Sh SUPPORT -Limited free support is available via the sudo-users mailing list, -see https://www.sudo.ws/mailman/listinfo/sudo-users to subscribe or -search the archives. -.Sh DISCLAIMER -.Nm sudo -is provided -.Dq AS IS -and any express or implied warranties, including, but not limited -to, the implied warranties of merchantability and fitness for a -particular purpose are disclaimed. -See the LICENSE file distributed with -.Nm sudo -or https://www.sudo.ws/license.html for complete details. diff -Nru sudo-1.9.5p2/doc/sudoers_timestamp.man.in sudo-1.9.9/doc/sudoers_timestamp.man.in --- sudo-1.9.5p2/doc/sudoers_timestamp.man.in 2020-12-17 01:33:43.000000000 +0000 +++ sudo-1.9.9/doc/sudoers_timestamp.man.in 1970-01-01 00:00:00.000000000 +0000 @@ -1,312 +0,0 @@ -.\" Automatically generated from an mdoc input file. Do not edit. -.\" -.\" SPDX-License-Identifier: ISC -.\" -.\" Copyright (c) 2017-2020 Todd C. Miller -.\" -.\" Permission to use, copy, modify, and distribute this software for any -.\" purpose with or without fee is hereby granted, provided that the above -.\" copyright notice and this permission notice appear in all copies. -.\" -.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES -.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF -.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR -.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES -.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN -.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF -.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. -.\" -.TH "SUDOERS_TIMESTAMP" "@mansectform@" "October 20, 2019" "Sudo @PACKAGE_VERSION@" "File Formats Manual" -.nh -.if n .ad l -.SH "NAME" -\fBsudoers_timestamp\fR -\- Sudoers Time Stamp Format -.SH "DESCRIPTION" -The -\fBsudoers\fR -plugin uses per-user time stamp files for credential caching. -Once a user has been authenticated, they may use -\fBsudo\fR -without a password for a short period of time -(\fR@timeout@\fR -minutes unless overridden by the -\fItimestamp_timeout\fR -option) -\&. -By default, -\fBsudoers\fR -uses a separate record for each terminal, which means that -a user's login sessions are authenticated separately. -The -\fItimestamp_type\fR -option can be used to select the type of time stamp record -\fBsudoers\fR -will use. -.PP -A multi-record time stamp file format was introduced in -\fBsudo\fR -1.8.10 that uses a single file per user. -Previously, a separate file was used for each user and terminal -combination unless tty-based time stamps were disabled. -The new format is extensible and records of multiple types and versions -may coexist within the same file. -.PP -All records, regardless of type or version, begin with a 16-bit version -number and a 16-bit record size. -.PP -Time stamp records have the following structure: -.nf -.sp -.RS 0n -/* Time stamp entry types */ -#define TS_GLOBAL 0x01 /* not restricted by tty or ppid */ -#define TS_TTY 0x02 /* restricted by tty */ -#define TS_PPID 0x03 /* restricted by ppid */ -#define TS_LOCKEXCL 0x04 /* special lock record */ - -/* Time stamp flags */ -#define TS_DISABLED 0x01 /* entry disabled */ -#define TS_ANYUID 0x02 /* ignore uid, only valid in key */ - -struct timestamp_entry { - unsigned short version; /* version number */ - unsigned short size; /* entry size */ - unsigned short type; /* TS_GLOBAL, TS_TTY, TS_PPID */ - unsigned short flags; /* TS_DISABLED, TS_ANYUID */ - uid_t auth_uid; /* uid to authenticate as */ - pid_t sid; /* session ID associated with tty/ppid */ - struct timespec start_time; /* session/ppid start time */ - struct timespec ts; /* time stamp (CLOCK_MONOTONIC) */ - union { - dev_t ttydev; /* tty device number */ - pid_t ppid; /* parent pid */ - } u; -}; -.RE -.fi -.PP -The timestamp_entry struct fields are as follows: -.TP 6n -version -The version number of the timestamp_entry struct. -New entries are created with a version number of 2. -Records with different version numbers may coexist in the -same file but are not inter-operable. -.TP 6n -size -The size of the record in bytes. -.TP 6n -type -The record type, currently -\fRTS_GLOBAL\fR, -\fRTS_TTY\fR, -or -\fRTS_PPID\fR. -.TP 6n -flags -.br -Zero or more record flags which can be bit-wise ORed together. -Supported flags are -\fRTS_DISABLED\fR, -for records disabled via -\fBsudo\fR -\fB\-k\fR -and -\fRTS_ANYUID\fR, -which is used only when matching records. -.TP 6n -auth_uid -The user-ID that was used for authentication. -Depending on the value of the -\fIrootpw\fR, -\fIrunaspw\fR -and -\fItargetpw\fR -options, the user-ID may be that of the invoking user, the root user, -the default runas user or the target user. -.TP 6n -sid -The ID of the user's terminal session, if present. -The session ID is only used when matching records of type -\fRTS_TTY\fR. -.TP 6n -start_time -The start time of the session leader for records of type -\fRTS_TTY\fR -or of the parent process for records of type -\fRTS_PPID\fR. -The -\fIstart_time\fR -is used to help prevent re-use of a time stamp record after a -user has logged out. -Not all systems support a method to easily retrieve a process's -start time. -The -\fIstart_time\fR -field was added in -\fBsudoers\fR -version 1.8.22 for the second revision of the timestamp_entry struct. -.TP 6n -ts -The actual time stamp. -A monotonic time source (which does not move backward) is used if the -system supports it. -Where possible, -\fBsudoers\fR -uses a monotonic timer that increments even while the system -is suspended. -The value of -\fIts\fR -is updated each time a command is run via -\fBsudo\fR. -If the difference between -\fIts\fR -and the current time is less than the value of the -\fItimestamp_timeout\fR -option, no password is required. -.TP 6n -u.ttydev -The device number of the terminal associated with the session for -records of type -\fRTS_TTY\fR. -.TP 6n -u.ppid -The ID of the parent process for records of type -\fRTS_PPID\fR. -.SH "LOCKING" -In -\fBsudoers\fR -versions 1.8.10 through 1.8.14, the entire time stamp file was -locked for exclusive access when reading or writing to the file. -Starting in -\fBsudoers\fR -1.8.15, individual records are locked in the time stamp file instead -of the entire file and the lock is held for a longer period of time. -This scheme is described below. -.PP -The first record in the time stamp file is of type -\fRTS_LOCKEXCL\fR -and is used as a -\fIlock\fR -record to prevent more than one -\fBsudo\fR -process from adding a new record at the same time. -Once the desired time stamp record has been located or created (and -locked), the -\fRTS_LOCKEXCL\fR -record is unlocked. -The lock on the individual time stamp record, however, is held until -authentication is complete. -This allows -\fBsudoers\fR -to avoid prompting for a password multiple times when it -is used more than once in a pipeline. -.PP -Records of type -\fRTS_GLOBAL\fR -cannot be locked for a long period of time since doing so would -interfere with other -\fBsudo\fR -processes. -Instead, a separate lock record is used to prevent multiple -\fBsudo\fR -processes using the same terminal (or parent process ID) from -prompting for a password as the same time. -.SH "SEE ALSO" -sudoers(@mansectform@), -sudo(@mansectsu@) -.SH "HISTORY" -Originally, -\fBsudo\fR -used a single zero-length file per user and the file's modification -time was used as the time stamp. -Later versions of -\fBsudo\fR -added restrictions on the ownership of the time stamp files and -directory as well as checks on the validity of the time stamp itself. -Notable changes were introduced in the following -\fBsudo\fR -versions: -.TP 6n -1.4.0 -.br -Support for tty-based time stamp file was added -by appending the terminal name to the time stamp file name. -.TP 6n -1.6.2 -.br -The time stamp file was replaced by a per-user directory which -contained any tty-based time stamp files. -.TP 6n -1.6.3p2 -The target user name was added to the time stamp file name when the -\fItargetpw\fR -option was set. -.TP 6n -1.7.3 -.br -Information about the terminal device was stored in -tty-based time stamp files for validity checks. -This included the terminal device numbers, inode number and, on systems -where it was not updated when the device was written to, the inode change time. -This helped prevent re-use of the time stamp file after logout. -.TP 6n -1.8.6p7 -The terminal session ID was added to tty-based time stamp files to -prevent re-use of the time stamp by the same user in a different -terminal session. -It also helped prevent re-use of the time stamp file on systems where -the terminal device's inode change time was updated by writing. -.TP 6n -1.8.10 -A new, multi-record time stamp file format was introduced that uses a -single file per user. -The terminal device's change time was not included since most -systems now update the change time after a write is performed -as required by POSIX. -.TP 6n -1.8.15 -Individual records are locked in the time stamp file instead of the -entire file and the lock is held until authentication is complete. -.TP 6n -1.8.22 -The start time of the terminal session leader or parent process is -now stored in non-global time stamp records. -This prevents re-use of the time stamp file after logout in most cases. -.sp -Support was added for the kernel-based tty time stamps available in -OpenBSD -which do not use an on-disk time stamp file. -.SH "AUTHORS" -Many people have worked on -\fBsudo\fR -over the years; this version consists of code written primarily by: -.sp -.RS 6n -Todd C. Miller -.RE -.PP -See the CONTRIBUTORS file in the -\fBsudo\fR -distribution (https://www.sudo.ws/contributors.html) for an -exhaustive list of people who have contributed to -\fBsudo\fR. -.SH "BUGS" -If you feel you have found a bug in -\fBsudo\fR, -please submit a bug report at https://bugzilla.sudo.ws/ -.SH "SUPPORT" -Limited free support is available via the sudo-users mailing list, -see https://www.sudo.ws/mailman/listinfo/sudo-users to subscribe or -search the archives. -.SH "DISCLAIMER" -\fBsudo\fR -is provided -\(lqAS IS\(rq -and any express or implied warranties, including, but not limited -to, the implied warranties of merchantability and fitness for a -particular purpose are disclaimed. -See the LICENSE file distributed with -\fBsudo\fR -or https://www.sudo.ws/license.html for complete details. diff -Nru sudo-1.9.5p2/doc/sudoers_timestamp.mdoc.in sudo-1.9.9/doc/sudoers_timestamp.mdoc.in --- sudo-1.9.5p2/doc/sudoers_timestamp.mdoc.in 2020-12-17 01:33:43.000000000 +0000 +++ sudo-1.9.9/doc/sudoers_timestamp.mdoc.in 1970-01-01 00:00:00.000000000 +0000 @@ -1,290 +0,0 @@ -.\" -.\" SPDX-License-Identifier: ISC -.\" -.\" Copyright (c) 2017-2020 Todd C. Miller -.\" -.\" Permission to use, copy, modify, and distribute this software for any -.\" purpose with or without fee is hereby granted, provided that the above -.\" copyright notice and this permission notice appear in all copies. -.\" -.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES -.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF -.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR -.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES -.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN -.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF -.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. -.\" -.Dd October 20, 2019 -.Dt SUDOERS_TIMESTAMP @mansectform@ -.Os Sudo @PACKAGE_VERSION@ -.Sh NAME -.Nm sudoers_timestamp -.Nd Sudoers Time Stamp Format -.Sh DESCRIPTION -The -.Nm sudoers -plugin uses per-user time stamp files for credential caching. -Once a user has been authenticated, they may use -.Nm sudo -without a password for a short period of time -.Po -.Li @timeout@ -minutes unless overridden by the -.Em timestamp_timeout -option -.Pc . -By default, -.Nm sudoers -uses a separate record for each terminal, which means that -a user's login sessions are authenticated separately. -The -.Em timestamp_type -option can be used to select the type of time stamp record -.Nm sudoers -will use. -.Pp -A multi-record time stamp file format was introduced in -.Nm sudo -1.8.10 that uses a single file per user. -Previously, a separate file was used for each user and terminal -combination unless tty-based time stamps were disabled. -The new format is extensible and records of multiple types and versions -may coexist within the same file. -.Pp -All records, regardless of type or version, begin with a 16-bit version -number and a 16-bit record size. -.Pp -Time stamp records have the following structure: -.Bd -literal -/* Time stamp entry types */ -#define TS_GLOBAL 0x01 /* not restricted by tty or ppid */ -#define TS_TTY 0x02 /* restricted by tty */ -#define TS_PPID 0x03 /* restricted by ppid */ -#define TS_LOCKEXCL 0x04 /* special lock record */ - -/* Time stamp flags */ -#define TS_DISABLED 0x01 /* entry disabled */ -#define TS_ANYUID 0x02 /* ignore uid, only valid in key */ - -struct timestamp_entry { - unsigned short version; /* version number */ - unsigned short size; /* entry size */ - unsigned short type; /* TS_GLOBAL, TS_TTY, TS_PPID */ - unsigned short flags; /* TS_DISABLED, TS_ANYUID */ - uid_t auth_uid; /* uid to authenticate as */ - pid_t sid; /* session ID associated with tty/ppid */ - struct timespec start_time; /* session/ppid start time */ - struct timespec ts; /* time stamp (CLOCK_MONOTONIC) */ - union { - dev_t ttydev; /* tty device number */ - pid_t ppid; /* parent pid */ - } u; -}; -.Ed -.Pp -The timestamp_entry struct fields are as follows: -.Bl -tag -width 4n -.It version -The version number of the timestamp_entry struct. -New entries are created with a version number of 2. -Records with different version numbers may coexist in the -same file but are not inter-operable. -.It size -The size of the record in bytes. -.It type -The record type, currently -.Li TS_GLOBAL , -.Li TS_TTY , -or -.Li TS_PPID . -.It flags -Zero or more record flags which can be bit-wise ORed together. -Supported flags are -.Li TS_DISABLED , -for records disabled via -.Nm sudo -.Fl k -and -.Li TS_ANYUID , -which is used only when matching records. -.It auth_uid -The user-ID that was used for authentication. -Depending on the value of the -.Em rootpw , -.Em runaspw -and -.Em targetpw -options, the user-ID may be that of the invoking user, the root user, -the default runas user or the target user. -.It sid -The ID of the user's terminal session, if present. -The session ID is only used when matching records of type -.Li TS_TTY . -.It start_time -The start time of the session leader for records of type -.Li TS_TTY -or of the parent process for records of type -.Li TS_PPID . -The -.Em start_time -is used to help prevent re-use of a time stamp record after a -user has logged out. -Not all systems support a method to easily retrieve a process's -start time. -The -.Em start_time -field was added in -.Nm sudoers -version 1.8.22 for the second revision of the timestamp_entry struct. -.It ts -The actual time stamp. -A monotonic time source (which does not move backward) is used if the -system supports it. -Where possible, -.Nm sudoers -uses a monotonic timer that increments even while the system -is suspended. -The value of -.Em ts -is updated each time a command is run via -.Nm sudo . -If the difference between -.Em ts -and the current time is less than the value of the -.Em timestamp_timeout -option, no password is required. -.It u.ttydev -The device number of the terminal associated with the session for -records of type -.Li TS_TTY . -.It u.ppid -The ID of the parent process for records of type -.Li TS_PPID . -.El -.Sh LOCKING -In -.Nm sudoers -versions 1.8.10 through 1.8.14, the entire time stamp file was -locked for exclusive access when reading or writing to the file. -Starting in -.Nm sudoers -1.8.15, individual records are locked in the time stamp file instead -of the entire file and the lock is held for a longer period of time. -This scheme is described below. -.Pp -The first record in the time stamp file is of type -.Li TS_LOCKEXCL -and is used as a -.Em lock -record to prevent more than one -.Nm sudo -process from adding a new record at the same time. -Once the desired time stamp record has been located or created (and -locked), the -.Li TS_LOCKEXCL -record is unlocked. -The lock on the individual time stamp record, however, is held until -authentication is complete. -This allows -.Nm sudoers -to avoid prompting for a password multiple times when it -is used more than once in a pipeline. -.Pp -Records of type -.Li TS_GLOBAL -cannot be locked for a long period of time since doing so would -interfere with other -.Nm sudo -processes. -Instead, a separate lock record is used to prevent multiple -.Nm sudo -processes using the same terminal (or parent process ID) from -prompting for a password as the same time. -.Sh SEE ALSO -.Xr sudoers @mansectform@ , -.Xr sudo @mansectsu@ -.Sh HISTORY -Originally, -.Nm sudo -used a single zero-length file per user and the file's modification -time was used as the time stamp. -Later versions of -.Nm sudo -added restrictions on the ownership of the time stamp files and -directory as well as checks on the validity of the time stamp itself. -Notable changes were introduced in the following -.Nm sudo -versions: -.Bl -tag -width 4n -.It 1.4.0 -Support for tty-based time stamp file was added -by appending the terminal name to the time stamp file name. -.It 1.6.2 -The time stamp file was replaced by a per-user directory which -contained any tty-based time stamp files. -.It 1.6.3p2 -The target user name was added to the time stamp file name when the -.Em targetpw -option was set. -.It 1.7.3 -Information about the terminal device was stored in -tty-based time stamp files for validity checks. -This included the terminal device numbers, inode number and, on systems -where it was not updated when the device was written to, the inode change time. -This helped prevent re-use of the time stamp file after logout. -.It 1.8.6p7 -The terminal session ID was added to tty-based time stamp files to -prevent re-use of the time stamp by the same user in a different -terminal session. -It also helped prevent re-use of the time stamp file on systems where -the terminal device's inode change time was updated by writing. -.It 1.8.10 -A new, multi-record time stamp file format was introduced that uses a -single file per user. -The terminal device's change time was not included since most -systems now update the change time after a write is performed -as required by POSIX. -.It 1.8.15 -Individual records are locked in the time stamp file instead of the -entire file and the lock is held until authentication is complete. -.It 1.8.22 -The start time of the terminal session leader or parent process is -now stored in non-global time stamp records. -This prevents re-use of the time stamp file after logout in most cases. -.Pp -Support was added for the kernel-based tty time stamps available in -.Ox -which do not use an on-disk time stamp file. -.El -.Sh AUTHORS -Many people have worked on -.Nm sudo -over the years; this version consists of code written primarily by: -.Bd -ragged -offset indent -.An Todd C. Miller -.Ed -.Pp -See the CONTRIBUTORS file in the -.Nm sudo -distribution (https://www.sudo.ws/contributors.html) for an -exhaustive list of people who have contributed to -.Nm sudo . -.Sh BUGS -If you feel you have found a bug in -.Nm sudo , -please submit a bug report at https://bugzilla.sudo.ws/ -.Sh SUPPORT -Limited free support is available via the sudo-users mailing list, -see https://www.sudo.ws/mailman/listinfo/sudo-users to subscribe or -search the archives. -.Sh DISCLAIMER -.Nm sudo -is provided -.Dq AS IS -and any express or implied warranties, including, but not limited -to, the implied warranties of merchantability and fitness for a -particular purpose are disclaimed. -See the LICENSE file distributed with -.Nm sudo -or https://www.sudo.ws/license.html for complete details. diff -Nru sudo-1.9.5p2/doc/sudoreplay.man.in sudo-1.9.9/doc/sudoreplay.man.in --- sudo-1.9.5p2/doc/sudoreplay.man.in 2020-12-17 01:33:43.000000000 +0000 +++ sudo-1.9.9/doc/sudoreplay.man.in 1970-01-01 00:00:00.000000000 +0000 @@ -1,519 +0,0 @@ -.\" Automatically generated from an mdoc input file. Do not edit. -.\" -.\" SPDX-License-Identifier: ISC -.\" -.\" Copyright (c) 2009-2020 Todd C. Miller -.\" -.\" Permission to use, copy, modify, and distribute this software for any -.\" purpose with or without fee is hereby granted, provided that the above -.\" copyright notice and this permission notice appear in all copies. -.\" -.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES -.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF -.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR -.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES -.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN -.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF -.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. -.\" -.TH "SUDOREPLAY" "@mansectsu@" "May 18, 2020" "Sudo @PACKAGE_VERSION@" "System Manager's Manual" -.nh -.if n .ad l -.SH "NAME" -\fBsudoreplay\fR -\- replay sudo session logs -.SH "SYNOPSIS" -.HP 11n -\fBsudoreplay\fR -[\fB\-FhnRS\fR] -[\fB\-d\fR\ \fIdir\fR] -[\fB\-f\fR\ \fIfilter\fR] -[\fB\-m\fR\ \fInum\fR] -[\fB\-s\fR\ \fInum\fR] -ID -.HP 11n -\fBsudoreplay\fR -[\fB\-h\fR] -[\fB\-d\fR\ \fIdir\fR] -\fB\-l\fR -[search\ expression] -.SH "DESCRIPTION" -\fBsudoreplay\fR -plays back or lists the output logs created by -\fBsudo\fR. -When replaying, -\fBsudoreplay\fR -can play the session back in real-time, or the playback speed may be -adjusted (faster or slower) based on the command line options. -.PP -The -\fIID\fR -should either be a six character sequence of digits and -upper case letters, e.g., -\fR0100A5\fR, -a pattern matching the -\fIiolog_file\fR -option in the -\fIsudoers\fR -file, or a path name. -Path names may be relative to the -\fIiolog_dir\fR -option in the -\fIsudoers\fR -file (unless overridden by the -\fB\-d\fR -option) or fully qualified, beginning with a -\(oq/\(cq -character. -When a command is run via -\fBsudo\fR -with -\fIlog_output\fR -enabled in the -\fIsudoers\fR -file, a -\fRTSID=ID\fR -string is logged via syslog or to the -\fBsudo\fR -log file. -The -\fIID\fR -may also be determined using -\fBsudoreplay\fR's -list mode. -.PP -In list mode, -\fBsudoreplay\fR -can be used to find the ID of a session based on a number of criteria -such as the user, tty or command run. -.PP -In replay mode, if the standard input and output are connected to a terminal -and the -\fB\-n\fR -option is not specified, -\fBsudoreplay\fR -will operate interactively. -In interactive mode, -\fBsudoreplay\fR -will attempt to adjust the terminal size to match that of the session and -write directly to the terminal (not all terminals support this). -Additionally, it will poll the keyboard and act on the following keys: -.TP 14n -\(oq\fR\en\fR\(cq or \(oq\fR\er\fR\(cq -Skip to the next replay event; useful for long pauses. -.TP 14n -\(oq\fR\ \fR\(cq (space) -Pause output; press any key to resume. -.TP 14n -\(oq<\(cq -Reduce the playback speed by one half. -.TP 14n -\(oq>\(cq -Double the playback speed. -.PP -The session can be interrupted via control-C. -When the session has finished, the terminal is restored to its -original size if it was changed during playback. -.PP -The options are as follows: -.TP 12n -\fB\-d\fR \fIdir\fR, \fB\--directory\fR=\fIdir\fR -Store session logs in -\fIdir\fR -instead of the default, -\fI@iolog_dir@\fR. -.TP 12n -\fB\-f\fR \fIfilter\fR, \fB\--filter\fR=\fIfilter\fR -Select which I/O type(s) to display. -By default, -\fBsudoreplay\fR -will display the command's standard output, standard error and tty output. -The -\fIfilter\fR -argument is a comma-separated list, consisting of one or more of following: -\fIstdin\fR, -\fIstdout\fR, -\fIstderr\fR, -\fIttyin\fR, -and -\fIttyout\fR. -.TP 12n -\fB\-F\fR, \fB\--follow\fR -Enable -\(lqfollow mode\(rq. -When replaying a session, -\fBsudoreplay\fR -will ignore end-of-file and keep replaying until the log is complete. -This can be used to replay a session that is still in progress, -similar to -\(lqtail -f\(rq. -An I/O log file is considered to be complete when the write bits -have been cleared on the session's timing file. -Note that versions of -\fBsudo\fR -prior to 1.9.1 do not clear the write bits upon completion. -.TP 12n -\fB\-h\fR, \fB\--help\fR -Display a short help message to the standard output and exit. -.TP 12n -\fB\-l\fR, \fB\--list\fR [\fIsearch expression\fR] -Enable -\(lqlist mode\(rq. -In this mode, -\fBsudoreplay\fR -will list available sessions in a format similar to the -\fBsudo\fR -log file format, sorted by file name (or sequence number). -If a -\fIsearch expression\fR -is specified, it will be used to restrict the IDs that are displayed. -An expression is composed of the following predicates: -.PP -.RS 12n -.PD 0 -.TP 8n -command \fIpattern\fR -Evaluates to true if the command run matches the POSIX extended -regular expression -\fIpattern\fR. -.PD -.TP 8n -cwd \fIdirectory\fR -Evaluates to true if the command was run with the specified current -working directory. -.TP 8n -fromdate \fIdate\fR -Evaluates to true if the command was run on or after -\fIdate\fR. -See -\fIDate and time format\fR -for a description of supported date and time formats. -.TP 8n -group \fIrunas_group\fR -Evaluates to true if the command was run with the specified -\fIrunas_group\fR. -Note that unless a -\fIrunas_group\fR -was explicitly specified when -\fBsudo\fR -was run this field will be empty in the log. -.TP 8n -host \fIhostname\fR -Evaluates to true if the command was run on the specified -\fIhostname\fR. -.TP 8n -runas \fIrunas_user\fR -Evaluates to true if the command was run as the specified -\fIrunas_user\fR. -Note that -\fBsudo\fR -runs commands as user -\fIroot\fR -by default. -.TP 8n -todate \fIdate\fR -Evaluates to true if the command was run on or prior to -\fIdate\fR. -See -\fIDate and time format\fR -for a description of supported date and time formats. -.TP 8n -tty \fItty name\fR -Evaluates to true if the command was run on the specified terminal device. -The -\fItty name\fR -should be specified without the -\fI/dev/\fR -prefix, e.g., -\fItty01\fR -instead of -\fI/dev/tty01\fR. -.TP 8n -user \fIuser name\fR -Evaluates to true if the ID matches a command run by -\fIuser name\fR. -.PP -Predicates may be abbreviated to the shortest unique string. -.sp -Predicates may be combined using -\fIand\fR, -\fIor\fR -and -\fI\&!\fR -operators as well as -\(oq\&(\(cq -and -\(oq\&)\(cq -grouping (note that parentheses must generally be escaped from the shell). -The -\fIand\fR -operator is optional, adjacent predicates have an implied -\fIand\fR -unless separated by an -\fIor\fR. -.RE -.TP 12n -\fB\-m\fR, \fB\--max-wait\fR \fImax_wait\fR -Specify an upper bound on how long to wait between key presses or output data. -By default, -\fBsudoreplay\fR -will accurately reproduce the delays between key presses or program output. -However, this can be tedious when the session includes long pauses. -When the -\fB\-m\fR -option is specified, -\fBsudoreplay\fR -will limit these pauses to at most -\fImax_wait\fR -seconds. -The value may be specified as a floating point number, e.g., -\fI2.5\fR. -A -\fImax_wait\fR -of zero or less will eliminate the pauses entirely. -.TP 12n -\fB\-n\fR, \fB\--non-interactive\fR -Do not prompt for user input or attempt to re-size the terminal. -The session is written to the standard output, not directly to -the user's terminal. -.TP 12n -\fB\-R\fR, \fB\--no-resize\fR -Do not attempt to re-size the terminal to match the terminal size -of the session. -.TP 12n -\fB\-S\fR, \fB\--suspend-wait\fR -Wait while the command was suspended. -By default, -\fBsudoreplay\fR -will ignore the time interval between when the command was suspended -and when it was resumed. -If the -\fB\-S\fR -option is specified, -\fBsudoreplay\fR -will wait instead. -.TP 12n -\fB\-s\fR, \fB\--speed\fR \fIspeed_factor\fR -This option causes -\fBsudoreplay\fR -to adjust the number of seconds it will wait between key presses or -program output. -This can be used to slow down or speed up the display. -For example, a -\fIspeed_factor\fR -of -\fI2\fR -would make the output twice as fast whereas a -\fIspeed_factor\fR -of -\fI.5\fR -would make the output twice as slow. -.TP 12n -\fB\-V\fR, \fB\--version\fR -Print the -\fBsudoreplay\fR -versions version number and exit. -.SS "Date and time format" -The time and date may be specified multiple ways, common formats include: -.TP 8n -HH:MM:SS am MM/DD/CCYY timezone -24 hour time may be used in place of am/pm. -.TP 8n -HH:MM:SS am Month, Day Year timezone -24 hour time may be used in place of am/pm, and month and day names -may be abbreviated. -Note that month and day of the week names must be specified in English. -.TP 8n -CCYY-MM-DD HH:MM:SS -ISO time format -.TP 8n -DD Month CCYY HH:MM:SS -The month name may be abbreviated. -.PP -Either time or date may be omitted, the am/pm and timezone are optional. -If no date is specified, the current day is assumed; if no time is -specified, the first second of the specified date is used. -The less significant parts of both time and date may also be omitted, -in which case zero is assumed. -.PP -The following are all valid time and date specifications: -.TP 8n -now -The current time and date. -.TP 8n -tomorrow -Exactly one day from now. -.TP 8n -yesterday -24 hours ago. -.TP 8n -2 hours ago -2 hours ago. -.TP 8n -next Friday -The first second of the Friday in the next (upcoming) week. -Not to be confused with -\(lqthis Friday\(rq -which would match the Friday of the current week. -.TP 8n -last week -The current time but 7 days ago. -This is equivalent to -\(lqa week ago\(rq. -.TP 8n -a fortnight ago -The current time but 14 days ago. -.TP 8n -10:01 am 9/17/2009 -10:01 am, September 17, 2009. -.TP 8n -10:01 am -10:01 am on the current day. -.TP 8n -10 -10:00 am on the current day. -.TP 8n -9/17/2009 -00:00 am, September 17, 2009. -.TP 8n -10:01 am Sep 17, 2009 -10:01 am, September 17, 2009. -.PP -Note that relative time specifications do not always work as expected. -For example, the -\(lqnext\(rq -qualifier is intended to be used in conjunction with a day such as -\(lqnext Monday\(rq. -When used with units of weeks, months, years, etc -the result will be one more than expected. -For example, -\(lqnext week\(rq -will result in a time exactly two weeks from now, which is probably -not what was intended. -This will be addressed in a future version of -\fBsudoreplay\fR. -.SS "Debugging sudoreplay" -\fBsudoreplay\fR -versions 1.8.4 and higher support a flexible debugging framework -that is configured via -\fRDebug\fR -lines in the -sudo.conf(@mansectform@) -file. -.PP -For more information on configuring -sudo.conf(@mansectform@), -please refer to its manual. -.SH "FILES" -.TP 26n -\fI@sysconfdir@/sudo.conf\fR -Debugging framework configuration -.TP 26n -\fI@iolog_dir@\fR -The default I/O log directory. -.TP 26n -\fI@iolog_dir@/00/00/01/log\fR -Example session log info. -.TP 26n -\fI@iolog_dir@/00/00/01/log.json\fR -Example session log info (JSON format). -.TP 26n -\fI@iolog_dir@/00/00/01/stdin\fR -Example session standard input log. -.TP 26n -\fI@iolog_dir@/00/00/01/stdout\fR -Example session standard output log. -.TP 26n -\fI@iolog_dir@/00/00/01/stderr\fR -Example session standard error log. -.TP 26n -\fI@iolog_dir@/00/00/01/ttyin\fR -Example session tty input file. -.TP 26n -\fI@iolog_dir@/00/00/01/ttyout\fR -Example session tty output file. -.TP 26n -\fI@iolog_dir@/00/00/01/timing\fR -Example session timing file. -.PP -Note that the -\fIstdin\fR, -\fIstdout\fR -and -\fIstderr\fR -files will be empty unless -\fBsudo\fR -was used as part of a pipeline for a particular command. -.SH "EXAMPLES" -List sessions run by user -\fImillert\fR: -.nf -.sp -.RS 6n -# sudoreplay -l user millert -.RE -.fi -.PP -List sessions run by user -\fIbob\fR -with a command containing the string vi: -.nf -.sp -.RS 6n -# sudoreplay -l user bob command vi -.RE -.fi -.PP -List sessions run by user -\fIjeff\fR -that match a regular expression: -.nf -.sp -.RS 6n -# sudoreplay -l user jeff command '/bin/[a-z]*sh' -.RE -.fi -.PP -List sessions run by jeff or bob on the console: -.nf -.sp -.RS 6n -# sudoreplay -l ( user jeff or user bob ) tty console -.RE -.fi -.SH "SEE ALSO" -script(1), -sudo.conf(@mansectform@), -sudo(@mansectsu@) -.SH "AUTHORS" -Many people have worked on -\fBsudo\fR -over the years; this version consists of code written primarily by: -.sp -.RS 6n -Todd C. Miller -.RE -.PP -See the CONTRIBUTORS file in the -\fBsudo\fR -distribution (https://www.sudo.ws/contributors.html) for an -exhaustive list of people who have contributed to -\fBsudo\fR. -.SH "BUGS" -If you feel you have found a bug in -\fBsudoreplay\fR, -please submit a bug report at https://bugzilla.sudo.ws/ -.SH "SUPPORT" -Limited free support is available via the sudo-users mailing list, -see https://www.sudo.ws/mailman/listinfo/sudo-users to subscribe or -search the archives. -.SH "DISCLAIMER" -\fBsudoreplay\fR -is provided -\(lqAS IS\(rq -and any express or implied warranties, including, but not limited -to, the implied warranties of merchantability and fitness for a -particular purpose are disclaimed. -See the LICENSE file distributed with -\fBsudo\fR -or https://www.sudo.ws/license.html for complete details. diff -Nru sudo-1.9.5p2/doc/sudoreplay.mdoc.in sudo-1.9.9/doc/sudoreplay.mdoc.in --- sudo-1.9.5p2/doc/sudoreplay.mdoc.in 2020-12-17 01:33:43.000000000 +0000 +++ sudo-1.9.9/doc/sudoreplay.mdoc.in 1970-01-01 00:00:00.000000000 +0000 @@ -1,461 +0,0 @@ -.\" -.\" SPDX-License-Identifier: ISC -.\" -.\" Copyright (c) 2009-2020 Todd C. Miller -.\" -.\" Permission to use, copy, modify, and distribute this software for any -.\" purpose with or without fee is hereby granted, provided that the above -.\" copyright notice and this permission notice appear in all copies. -.\" -.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES -.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF -.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR -.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES -.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN -.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF -.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. -.\" -.Dd May 18, 2020 -.Dt SUDOREPLAY @mansectsu@ -.Os Sudo @PACKAGE_VERSION@ -.Sh NAME -.Nm sudoreplay -.Nd replay sudo session logs -.Sh SYNOPSIS -.Nm sudoreplay -.Op Fl FhnRS -.Op Fl d Ar dir -.Op Fl f Ar filter -.Op Fl m Ar num -.Op Fl s Ar num -ID -.Pp -.Nm -.Op Fl h -.Op Fl d Ar dir -.Fl l -.Op search expression -.Sh DESCRIPTION -.Nm -plays back or lists the output logs created by -.Nm sudo . -When replaying, -.Nm -can play the session back in real-time, or the playback speed may be -adjusted (faster or slower) based on the command line options. -.Pp -The -.Em ID -should either be a six character sequence of digits and -upper case letters, e.g., -.Li 0100A5 , -a pattern matching the -.Em iolog_file -option in the -.Em sudoers -file, or a path name. -Path names may be relative to the -.Em iolog_dir -option in the -.Em sudoers -file (unless overridden by the -.Fl d -option) or fully qualified, beginning with a -.Ql / -character. -When a command is run via -.Nm sudo -with -.Em log_output -enabled in the -.Em sudoers -file, a -.Li TSID=ID -string is logged via syslog or to the -.Nm sudo -log file. -The -.Em ID -may also be determined using -.Nm sudoreplay Ns 's -list mode. -.Pp -In list mode, -.Nm -can be used to find the ID of a session based on a number of criteria -such as the user, tty or command run. -.Pp -In replay mode, if the standard input and output are connected to a terminal -and the -.Fl n -option is not specified, -.Nm -will operate interactively. -In interactive mode, -.Nm -will attempt to adjust the terminal size to match that of the session and -write directly to the terminal (not all terminals support this). -Additionally, it will poll the keyboard and act on the following keys: -.Bl -tag -width 12n -.It So Li \en Sc No or So Li \er Sc -Skip to the next replay event; useful for long pauses. -.It So Li \ Sc Pq space -Pause output; press any key to resume. -.It Ql < -Reduce the playback speed by one half. -.It Ql > -Double the playback speed. -.El -.Pp -The session can be interrupted via control-C. -When the session has finished, the terminal is restored to its -original size if it was changed during playback. -.Pp -The options are as follows: -.Bl -tag -width Fl -.It Fl d Ar dir , Fl -directory Ns = Ns Ar dir -Store session logs in -.Ar dir -instead of the default, -.Pa @iolog_dir@ . -.It Fl f Ar filter , Fl -filter Ns = Ns Ar filter -Select which I/O type(s) to display. -By default, -.Nm -will display the command's standard output, standard error and tty output. -The -.Ar filter -argument is a comma-separated list, consisting of one or more of following: -.Em stdin , -.Em stdout , -.Em stderr , -.Em ttyin , -and -.Em ttyout . -.It Fl F , -follow -Enable -.Dq follow mode . -When replaying a session, -.Nm -will ignore end-of-file and keep replaying until the log is complete. -This can be used to replay a session that is still in progress, -similar to -.Dq tail -f . -An I/O log file is considered to be complete when the write bits -have been cleared on the session's timing file. -Note that versions of -.Nm sudo -prior to 1.9.1 do not clear the write bits upon completion. -.It Fl h , -help -Display a short help message to the standard output and exit. -.It Fl l , -list Op Ar search expression -Enable -.Dq list mode . -In this mode, -.Nm -will list available sessions in a format similar to the -.Nm sudo -log file format, sorted by file name (or sequence number). -If a -.Ar search expression -is specified, it will be used to restrict the IDs that are displayed. -An expression is composed of the following predicates: -.Bl -tag -width 6n -.It command Ar pattern -Evaluates to true if the command run matches the POSIX extended -regular expression -.Ar pattern . -.It cwd Ar directory -Evaluates to true if the command was run with the specified current -working directory. -.It fromdate Ar date -Evaluates to true if the command was run on or after -.Ar date . -See -.Sx Date and time format -for a description of supported date and time formats. -.It group Ar runas_group -Evaluates to true if the command was run with the specified -.Ar runas_group . -Note that unless a -.Ar runas_group -was explicitly specified when -.Nm sudo -was run this field will be empty in the log. -.It host Ar hostname -Evaluates to true if the command was run on the specified -.Ar hostname . -.It runas Ar runas_user -Evaluates to true if the command was run as the specified -.Ar runas_user . -Note that -.Nm sudo -runs commands as user -.Em root -by default. -.It todate Ar date -Evaluates to true if the command was run on or prior to -.Ar date . -See -.Sx Date and time format -for a description of supported date and time formats. -.It tty Ar tty name -Evaluates to true if the command was run on the specified terminal device. -The -.Ar tty name -should be specified without the -.Pa /dev/ -prefix, e.g., -.Pa tty01 -instead of -.Pa /dev/tty01 . -.It user Ar user name -Evaluates to true if the ID matches a command run by -.Ar user name . -.El -.Pp -Predicates may be abbreviated to the shortest unique string. -.Pp -Predicates may be combined using -.Em and , -.Em or -and -.Em \&! -operators as well as -.Ql \&( -and -.Ql \&) -grouping (note that parentheses must generally be escaped from the shell). -The -.Em and -operator is optional, adjacent predicates have an implied -.Em and -unless separated by an -.Em or . -.It Fl m , -max-wait Ar max_wait -Specify an upper bound on how long to wait between key presses or output data. -By default, -.Nm -will accurately reproduce the delays between key presses or program output. -However, this can be tedious when the session includes long pauses. -When the -.Fl m -option is specified, -.Nm -will limit these pauses to at most -.Em max_wait -seconds. -The value may be specified as a floating point number, e.g., -.Em 2.5 . -A -.Em max_wait -of zero or less will eliminate the pauses entirely. -.It Fl n , -non-interactive -Do not prompt for user input or attempt to re-size the terminal. -The session is written to the standard output, not directly to -the user's terminal. -.It Fl R , -no-resize -Do not attempt to re-size the terminal to match the terminal size -of the session. -.It Fl S , -suspend-wait -Wait while the command was suspended. -By default, -.Nm -will ignore the time interval between when the command was suspended -and when it was resumed. -If the -.Fl S -option is specified, -.Nm -will wait instead. -.It Fl s , -speed Ar speed_factor -This option causes -.Nm -to adjust the number of seconds it will wait between key presses or -program output. -This can be used to slow down or speed up the display. -For example, a -.Ar speed_factor -of -.Em 2 -would make the output twice as fast whereas a -.Ar speed_factor -of -.Em .5 -would make the output twice as slow. -.It Fl V , -version -Print the -.Nm -versions version number and exit. -.El -.Ss Date and time format -The time and date may be specified multiple ways, common formats include: -.Bl -tag -width 6n -.It HH:MM:SS am MM/DD/CCYY timezone -24 hour time may be used in place of am/pm. -.It HH:MM:SS am Month, Day Year timezone -24 hour time may be used in place of am/pm, and month and day names -may be abbreviated. -Note that month and day of the week names must be specified in English. -.It CCYY-MM-DD HH:MM:SS -ISO time format -.It DD Month CCYY HH:MM:SS -The month name may be abbreviated. -.El -.Pp -Either time or date may be omitted, the am/pm and timezone are optional. -If no date is specified, the current day is assumed; if no time is -specified, the first second of the specified date is used. -The less significant parts of both time and date may also be omitted, -in which case zero is assumed. -.Pp -The following are all valid time and date specifications: -.Bl -tag -width 6n -.It now -The current time and date. -.It tomorrow -Exactly one day from now. -.It yesterday -24 hours ago. -.It 2 hours ago -2 hours ago. -.It next Friday -The first second of the Friday in the next (upcoming) week. -Not to be confused with -.Dq this Friday -which would match the Friday of the current week. -.It last week -The current time but 7 days ago. -This is equivalent to -.Dq a week ago . -.It a fortnight ago -The current time but 14 days ago. -.It 10:01 am 9/17/2009 -10:01 am, September 17, 2009. -.It 10:01 am -10:01 am on the current day. -.It 10 -10:00 am on the current day. -.It 9/17/2009 -00:00 am, September 17, 2009. -.It 10:01 am Sep 17, 2009 -10:01 am, September 17, 2009. -.El -.Pp -Note that relative time specifications do not always work as expected. -For example, the -.Dq next -qualifier is intended to be used in conjunction with a day such as -.Dq next Monday . -When used with units of weeks, months, years, etc -the result will be one more than expected. -For example, -.Dq next week -will result in a time exactly two weeks from now, which is probably -not what was intended. -This will be addressed in a future version of -.Nm . -.Ss Debugging sudoreplay -.Nm -versions 1.8.4 and higher support a flexible debugging framework -that is configured via -.Li Debug -lines in the -.Xr sudo.conf @mansectform@ -file. -.Pp -For more information on configuring -.Xr sudo.conf @mansectform@ , -please refer to its manual. -.Sh FILES -.Bl -tag -width 24n -.It Pa @sysconfdir@/sudo.conf -Debugging framework configuration -.It Pa @iolog_dir@ -The default I/O log directory. -.It Pa @iolog_dir@/00/00/01/log -Example session log info. -.It Pa @iolog_dir@/00/00/01/log.json -Example session log info (JSON format). -.It Pa @iolog_dir@/00/00/01/stdin -Example session standard input log. -.It Pa @iolog_dir@/00/00/01/stdout -Example session standard output log. -.It Pa @iolog_dir@/00/00/01/stderr -Example session standard error log. -.It Pa @iolog_dir@/00/00/01/ttyin -Example session tty input file. -.It Pa @iolog_dir@/00/00/01/ttyout -Example session tty output file. -.It Pa @iolog_dir@/00/00/01/timing -Example session timing file. -.El -.Pp -Note that the -.Em stdin , -.Em stdout -and -.Em stderr -files will be empty unless -.Nm sudo -was used as part of a pipeline for a particular command. -.Sh EXAMPLES -List sessions run by user -.Em millert : -.Bd -literal -offset indent -# sudoreplay -l user millert -.Ed -.Pp -List sessions run by user -.Em bob -with a command containing the string vi: -.Bd -literal -offset indent -# sudoreplay -l user bob command vi -.Ed -.Pp -List sessions run by user -.Em jeff -that match a regular expression: -.Bd -literal -offset indent -# sudoreplay -l user jeff command '/bin/[a-z]*sh' -.Ed -.Pp -List sessions run by jeff or bob on the console: -.Bd -literal -offset indent -# sudoreplay -l ( user jeff or user bob ) tty console -.Ed -.Sh SEE ALSO -.Xr script 1 , -.Xr sudo.conf @mansectform@ , -.Xr sudo @mansectsu@ -.Sh AUTHORS -Many people have worked on -.Nm sudo -over the years; this version consists of code written primarily by: -.Bd -ragged -offset indent -.An Todd C. Miller -.Ed -.Pp -See the CONTRIBUTORS file in the -.Nm sudo -distribution (https://www.sudo.ws/contributors.html) for an -exhaustive list of people who have contributed to -.Nm sudo . -.Sh BUGS -If you feel you have found a bug in -.Nm , -please submit a bug report at https://bugzilla.sudo.ws/ -.Sh SUPPORT -Limited free support is available via the sudo-users mailing list, -see https://www.sudo.ws/mailman/listinfo/sudo-users to subscribe or -search the archives. -.Sh DISCLAIMER -.Nm -is provided -.Dq AS IS -and any express or implied warranties, including, but not limited -to, the implied warranties of merchantability and fitness for a -particular purpose are disclaimed. -See the LICENSE file distributed with -.Nm sudo -or https://www.sudo.ws/license.html for complete details. diff -Nru sudo-1.9.5p2/doc/visudo.man.in sudo-1.9.9/doc/visudo.man.in --- sudo-1.9.5p2/doc/visudo.man.in 2020-12-17 01:33:43.000000000 +0000 +++ sudo-1.9.9/doc/visudo.man.in 1970-01-01 00:00:00.000000000 +0000 @@ -1,475 +0,0 @@ -.\" Automatically generated from an mdoc input file. Do not edit. -.\" -.\" SPDX-License-Identifier: ISC -.\" -.\" Copyright (c) 1996,1998-2005, 2007-2020 -.\" Todd C. Miller -.\" -.\" Permission to use, copy, modify, and distribute this software for any -.\" purpose with or without fee is hereby granted, provided that the above -.\" copyright notice and this permission notice appear in all copies. -.\" -.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES -.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF -.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR -.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES -.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN -.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF -.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. -.\" -.\" Sponsored in part by the Defense Advanced Research Projects -.\" Agency (DARPA) and Air Force Research Laboratory, Air Force -.\" Materiel Command, USAF, under agreement number F39502-99-1-0512. -.\" -.TH "VISUDO" "@mansectsu@" "August 27, 2020" "Sudo @PACKAGE_VERSION@" "System Manager's Manual" -.nh -.if n .ad l -.SH "NAME" -\fBvisudo\fR -\- edit the sudoers file -.SH "SYNOPSIS" -.HP 7n -\fBvisudo\fR -[\fB\-chqsV\fR] -[[\fB\-f\fR]\ \fIsudoers\fR] -.SH "DESCRIPTION" -\fBvisudo\fR -edits the -\fIsudoers\fR -file in a safe fashion, analogous to -vipw(@mansectsu@). -\fBvisudo\fR -locks the -\fIsudoers\fR -file against multiple simultaneous edits, performs basic validity checks, -and checks for syntax errors before installing the edited file. -If the -\fIsudoers\fR -file is currently being edited you will receive a message to try again later. -.PP -\fBvisudo\fR -parses the -\fIsudoers\fR -file after editing and will not save the changes if there is a syntax error. -Upon finding an error, -\fBvisudo\fR -will print a message stating the line number(s) -where the error occurred and the user will receive the -\(lqWhat now?\(rq -prompt. -At this point the user may enter -\(oqe\(cq -to re-edit the -\fIsudoers\fR -file, -\(oqx\(cq -to exit without saving the changes, or -\(oqQ\(cq -to quit and save changes. -The -\(oqQ\(cq -option should be used with extreme caution because if -\fBvisudo\fR -believes there to be a syntax error, so will -\fBsudo\fR -and no one will be able to run -\fBsudo\fR -again until the error is fixed. -If -\(oqe\(cq -is typed to edit the -\fIsudoers\fR -file after a syntax error has been detected, the cursor will be placed on -the line where the error occurred (if the editor supports this feature). -.PP -There are two -\fIsudoers\fR -settings that determine which editor -\fBvisudo\fR -will run. -.TP 10n -editor -A colon -(\(oq:\&\(cq) -separated list of editors allowed to be used with -\fBvisudo\fR. -\fBvisudo\fR -will choose the editor that matches the user's -\fRSUDO_EDITOR\fR, -\fRVISUAL\fR -or -\fREDITOR\fR -environment variable if possible, or the first editor in the -list that exists and is executable. -Note that -\fBsudo\fR -does not preserve the -\fRSUDO_EDITOR\fR, -\fRVISUAL\fR -or -\fREDITOR\fR -environment variables unless they are present in the -\fIenv_keep\fR -list or the -\fIenv_reset\fR -option is disabled in the -\fIsudoers\fR -file. -The default editor path is -\fI@editor@\fR -which can be set at compile time via the -\fR--with-editor\fR -configure option. -.TP 10n -env_editor -If set, -\fBvisudo\fR -will use the value of the -\fRSUDO_EDITOR\fR, -\fRVISUAL\fR -or -\fREDITOR\fR -environment variables before falling back on the default editor list. -Note that -\fBvisudo\fR -is typically run as root so this option may allow a user with -\fBvisudo\fR -privileges to run arbitrary commands as root without logging. -An alternative is to place a colon-separated list of -\(lqsafe\(rq -editors int the -\fIeditor\fR -variable. -\fBvisudo\fR -will then only use -\fRSUDO_EDITOR\fR, -\fRVISUAL\fR -or -\fREDITOR\fR -if they match a value specified in -\fIeditor\fR. -If the -\fIenv_reset\fR -flag is enabled, the -\fRSUDO_EDITOR\fR, -\fRVISUAL\fR -and/or -\fREDITOR\fR -environment variables must be present in the -\fIenv_keep\fR -list for the -\fIenv_editor\fR -flag to function when -\fBvisudo\fR -is invoked via -\fBsudo\fR. -The default value is -\fI@env_editor@\fR, -which can be set at compile time via the -\fR--with-env-editor\fR -configure option. -.PP -The options are as follows: -.TP 12n -\fB\-c\fR, \fB\--check\fR -Enable -\fIcheck-only\fR -mode. -The existing -\fIsudoers\fR -file (and any other files it includes) will be -checked for syntax errors. -If the path to the -\fIsudoers\fR -file was not specified, -\fBvisudo\fR -will also check the file owner and mode. -A message will be printed to the standard output describing the status of -\fIsudoers\fR -unless the -\fB\-q\fR -option was specified. -If the check completes successfully, -\fBvisudo\fR -will exit with a value of 0. -If an error is encountered, -\fBvisudo\fR -will exit with a value of 1. -.TP 12n -\fB\-f\fR \fIsudoers\fR, \fB\--file\fR=\fIsudoers\fR -Specify an alternate -\fIsudoers\fR -file location, see below. -As of version 1.8.27, the -\fIsudoers\fR -path can be specified without using the -\fB\-f\fR -option. -.TP 12n -\fB\-h\fR, \fB\--help\fR -Display a short help message to the standard output and exit. -.TP 12n -\fB\-q\fR, \fB\--quiet\fR -Enable -\fIquiet\fR -mode. -In this mode details about syntax errors are not printed. -This option is only useful when combined with -the -\fB\-c\fR -option. -.TP 12n -\fB\-s\fR, \fB\--strict\fR -Enable -\fIstrict\fR -checking of the -\fIsudoers\fR -file. -If an alias is referenced but not actually defined -or if there is a cycle in an alias, -\fBvisudo\fR -will consider this a syntax error. -Note that it is not possible to differentiate between an -alias and a host name or user name that consists solely of uppercase -letters, digits, and the underscore -(\(oq_\(cq) -character. -.TP 12n -\fB\-V\fR, \fB\--version\fR -Print the -\fBvisudo\fR -and -\fIsudoers\fR -grammar versions and exit. -.PP -A -\fIsudoers\fR -file may be specified instead of the default, -\fI@sysconfdir@/sudoers\fR. -The temporary file used is the specified -\fIsudoers\fR -file with -\(lq\.tmp\(rq -appended to it. -In -\fIcheck-only\fR -mode only, -\(oq-\(cq -may be used to indicate that -\fIsudoers\fR -will be read from the standard input. -Because the policy is evaluated in its entirety, it is not sufficient -to check an individual -\fIsudoers\fR -include file for syntax errors. -.SS "Debugging and sudoers plugin arguments" -\fBvisudo\fR -versions 1.8.4 and higher support a flexible debugging framework -that is configured via -\fRDebug\fR -lines in the -sudo.conf(@mansectform@) -file. -.PP -Starting with -\fBsudo\fR -1.8.12, -\fBvisudo\fR -will also parse the arguments to the -\fIsudoers\fR -plugin to override the default -\fIsudoers\fR -path name, UID, GID and file mode. -These arguments, if present, should be listed after the path to the plugin -(i.e., after -\fIsudoers.so\fR). -Multiple arguments may be specified, separated by white space. -For example: -.nf -.sp -.RS 6n -Plugin sudoers_policy sudoers.so sudoers_mode=0400 -.RE -.fi -.PP -The following arguments are supported: -.TP 10n -sudoers_file=pathname -The -\fIsudoers_file\fR -argument can be used to override the default path to the -\fIsudoers\fR -file. -.TP 10n -sudoers_uid=uid -The -\fIsudoers_uid\fR -argument can be used to override the default owner of the sudoers file. -It should be specified as a numeric user-ID. -.TP 10n -sudoers_gid=gid -The -\fIsudoers_gid\fR -argument can be used to override the default group of the sudoers file. -It must be specified as a numeric group-ID (not a group name). -.TP 10n -sudoers_mode=mode -The -\fIsudoers_mode\fR -argument can be used to override the default file mode for the sudoers file. -It should be specified as an octal value. -.PP -For more information on configuring -sudo.conf(@mansectform@), -please refer to its manual. -.SH "ENVIRONMENT" -The following environment variables may be consulted depending on -the value of the -\fIeditor\fR -and -\fIenv_editor\fR -\fIsudoers\fR -settings: -.TP 17n -\fRSUDO_EDITOR\fR -Invoked by -\fBvisudo\fR -as the editor to use -.TP 17n -\fRVISUAL\fR -Used by -\fBvisudo\fR -if -\fRSUDO_EDITOR\fR -is not set -.TP 17n -\fREDITOR\fR -Used by -\fBvisudo\fR -if neither -\fRSUDO_EDITOR\fR -nor -\fRVISUAL\fR -is set -.SH "FILES" -.TP 26n -\fI@sysconfdir@/sudo.conf\fR -Sudo front end configuration -.TP 26n -\fI@sysconfdir@/sudoers\fR -List of who can run what -.TP 26n -\fI@sysconfdir@/sudoers.tmp\fR -Default temporary file used by visudo -.SH "DIAGNOSTICS" -In addition to reporting -\fIsudoers\fR -syntax errors, -\fBvisudo\fR -may produce the following messages: -.TP 6n -\fRsudoers file busy, try again later.\fR -Someone else is currently editing the -\fIsudoers\fR -file. -.TP 6n -\fR@sysconfdir@/sudoers: Permission denied\fR -You didn't run -\fBvisudo\fR -as root. -.TP 6n -\fRyou do not exist in the passwd database\fR -Your user-ID does not appear in the system passwd database. -.TP 6n -\fRWarning: {User,Runas,Host,Cmnd}_Alias referenced but not defined\fR -Either you are trying to use an undeclared {User,Runas,Host,Cmnd}_Alias -or you have a user or host name listed that consists solely of -uppercase letters, digits, and the underscore -(\(oq_\(cq) -character. -In the latter case, you can ignore the warnings -(\fBsudo\fR -will not complain) -\&. -The message is prefixed with the path name of the -\fIsudoers\fR -file and the line number where the undefined alias was used. -In -\fB\-s\fR -(strict) mode these are errors, not warnings. -.TP 6n -\fRWarning: unused {User,Runas,Host,Cmnd}_Alias\fR -The specified {User,Runas,Host,Cmnd}_Alias was defined but never -used. -The message is prefixed with the path name of the -\fIsudoers\fR -file and the line number where the unused alias was defined. -You may wish to comment out or remove the unused alias. -.TP 6n -\fRWarning: cycle in {User,Runas,Host,Cmnd}_Alias\fR -The specified {User,Runas,Host,Cmnd}_Alias includes a reference to -itself, either directly or through an alias it includes. -The message is prefixed with the path name of the -\fIsudoers\fR -file and the line number where the cycle was detected. -This is only a warning unless -\fBvisudo\fR -is run in -\fB\-s\fR -(strict) mode as -\fBsudo\fR -will ignore cycles when parsing -the -\fIsudoers\fR -file. -.TP 6n -\fRunknown defaults entry \&"name\&"\fR -The -\fIsudoers\fR -file contains a -\fRDefaults\fR -setting not recognized by -\fBvisudo\fR. -.SH "SEE ALSO" -vi(1), -sudo.conf(@mansectform@), -sudoers(@mansectform@), -sudo(@mansectsu@), -vipw(@mansectsu@) -.SH "AUTHORS" -Many people have worked on -\fBsudo\fR -over the years; this version consists of code written primarily by: -.sp -.RS 6n -Todd C. Miller -.RE -.PP -See the CONTRIBUTORS file in the -\fBsudo\fR -distribution (https://www.sudo.ws/contributors.html) for an -exhaustive list of people who have contributed to -\fBsudo\fR. -.SH "CAVEATS" -There is no easy way to prevent a user from gaining a root shell if -the editor used by -\fBvisudo\fR -allows shell escapes. -.SH "BUGS" -If you feel you have found a bug in -\fBvisudo\fR, -please submit a bug report at https://bugzilla.sudo.ws/ -.SH "SUPPORT" -Limited free support is available via the sudo-users mailing list, -see https://www.sudo.ws/mailman/listinfo/sudo-users to subscribe or -search the archives. -.SH "DISCLAIMER" -\fBvisudo\fR -is provided -\(lqAS IS\(rq -and any express or implied warranties, including, but not limited -to, the implied warranties of merchantability and fitness for a -particular purpose are disclaimed. -See the LICENSE file distributed with -\fBsudo\fR -or https://www.sudo.ws/license.html for complete details. diff -Nru sudo-1.9.5p2/doc/visudo.mdoc.in sudo-1.9.9/doc/visudo.mdoc.in --- sudo-1.9.5p2/doc/visudo.mdoc.in 2020-12-17 01:33:43.000000000 +0000 +++ sudo-1.9.9/doc/visudo.mdoc.in 1970-01-01 00:00:00.000000000 +0000 @@ -1,457 +0,0 @@ -.\" -.\" SPDX-License-Identifier: ISC -.\" -.\" Copyright (c) 1996,1998-2005, 2007-2020 -.\" Todd C. Miller -.\" -.\" Permission to use, copy, modify, and distribute this software for any -.\" purpose with or without fee is hereby granted, provided that the above -.\" copyright notice and this permission notice appear in all copies. -.\" -.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES -.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF -.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR -.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES -.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN -.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF -.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. -.\" -.\" Sponsored in part by the Defense Advanced Research Projects -.\" Agency (DARPA) and Air Force Research Laboratory, Air Force -.\" Materiel Command, USAF, under agreement number F39502-99-1-0512. -.\" -.Dd August 27, 2020 -.Dt VISUDO @mansectsu@ -.Os Sudo @PACKAGE_VERSION@ -.Sh NAME -.Nm visudo -.Nd edit the sudoers file -.Sh SYNOPSIS -.Nm visudo -.Op Fl chqsV -.Op Bo Fl f Bc Ar sudoers -.Sh DESCRIPTION -.Nm -edits the -.Em sudoers -file in a safe fashion, analogous to -.Xr vipw @mansectsu@ . -.Nm -locks the -.Em sudoers -file against multiple simultaneous edits, performs basic validity checks, -and checks for syntax errors before installing the edited file. -If the -.Em sudoers -file is currently being edited you will receive a message to try again later. -.Pp -.Nm -parses the -.Em sudoers -file after editing and will not save the changes if there is a syntax error. -Upon finding an error, -.Nm -will print a message stating the line number(s) -where the error occurred and the user will receive the -.Dq What now? -prompt. -At this point the user may enter -.Ql e -to re-edit the -.Em sudoers -file, -.Ql x -to exit without saving the changes, or -.Ql Q -to quit and save changes. -The -.Ql Q -option should be used with extreme caution because if -.Nm -believes there to be a syntax error, so will -.Nm sudo -and no one will be able to run -.Nm sudo -again until the error is fixed. -If -.Ql e -is typed to edit the -.Em sudoers -file after a syntax error has been detected, the cursor will be placed on -the line where the error occurred (if the editor supports this feature). -.Pp -There are two -.Em sudoers -settings that determine which editor -.Nm visudo -will run. -.Bl -tag -width 8n -.It editor -A colon -.Pq Ql :\& -separated list of editors allowed to be used with -.Nm . -.Nm -will choose the editor that matches the user's -.Ev SUDO_EDITOR , -.Ev VISUAL -or -.Ev EDITOR -environment variable if possible, or the first editor in the -list that exists and is executable. -Note that -.Nm sudo -does not preserve the -.Ev SUDO_EDITOR , -.Ev VISUAL -or -.Ev EDITOR -environment variables unless they are present in the -.Em env_keep -list or the -.Em env_reset -option is disabled in the -.Em sudoers -file. -The default editor path is -.Pa @editor@ -which can be set at compile time via the -.Li --with-editor -configure option. -.It env_editor -If set, -.Nm -will use the value of the -.Ev SUDO_EDITOR , -.Ev VISUAL -or -.Ev EDITOR -environment variables before falling back on the default editor list. -Note that -.Nm visudo -is typically run as root so this option may allow a user with -.Nm visudo -privileges to run arbitrary commands as root without logging. -An alternative is to place a colon-separated list of -.Dq safe -editors int the -.Em editor -variable. -.Nm -will then only use -.Ev SUDO_EDITOR , -.Ev VISUAL -or -.Ev EDITOR -if they match a value specified in -.Em editor . -If the -.Em env_reset -flag is enabled, the -.Ev SUDO_EDITOR , -.Ev VISUAL -and/or -.Ev EDITOR -environment variables must be present in the -.Em env_keep -list for the -.Em env_editor -flag to function when -.Nm -is invoked via -.Nm sudo . -The default value is -.Em @env_editor@ , -which can be set at compile time via the -.Li --with-env-editor -configure option. -.El -.Pp -The options are as follows: -.Bl -tag -width Fl -.It Fl c , -check -Enable -.Em check-only -mode. -The existing -.Em sudoers -file (and any other files it includes) will be -checked for syntax errors. -If the path to the -.Em sudoers -file was not specified, -.Nm -will also check the file owner and mode. -A message will be printed to the standard output describing the status of -.Em sudoers -unless the -.Fl q -option was specified. -If the check completes successfully, -.Nm -will exit with a value of 0. -If an error is encountered, -.Nm -will exit with a value of 1. -.It Fl f Ar sudoers , Fl -file Ns = Ns Ar sudoers -Specify an alternate -.Em sudoers -file location, see below. -As of version 1.8.27, the -.Em sudoers -path can be specified without using the -.Fl f -option. -.It Fl h , -help -Display a short help message to the standard output and exit. -.It Fl q , -quiet -Enable -.Em quiet -mode. -In this mode details about syntax errors are not printed. -This option is only useful when combined with -the -.Fl c -option. -.It Fl s , -strict -Enable -.Em strict -checking of the -.Em sudoers -file. -If an alias is referenced but not actually defined -or if there is a cycle in an alias, -.Nm -will consider this a syntax error. -Note that it is not possible to differentiate between an -alias and a host name or user name that consists solely of uppercase -letters, digits, and the underscore -.Pq Ql _ -character. -.It Fl V , -version -Print the -.Nm -and -.Em sudoers -grammar versions and exit. -.El -.Pp -A -.Em sudoers -file may be specified instead of the default, -.Pa @sysconfdir@/sudoers . -The temporary file used is the specified -.Em sudoers -file with -.Dq \.tmp -appended to it. -In -.Em check-only -mode only, -.Ql - -may be used to indicate that -.Em sudoers -will be read from the standard input. -Because the policy is evaluated in its entirety, it is not sufficient -to check an individual -.Em sudoers -include file for syntax errors. -.Ss Debugging and sudoers plugin arguments -.Nm -versions 1.8.4 and higher support a flexible debugging framework -that is configured via -.Li Debug -lines in the -.Xr sudo.conf @mansectform@ -file. -.Pp -Starting with -.Nm sudo -1.8.12, -.Nm -will also parse the arguments to the -.Em sudoers -plugin to override the default -.Em sudoers -path name, UID, GID and file mode. -These arguments, if present, should be listed after the path to the plugin -(i.e., after -.Pa sudoers.so ) . -Multiple arguments may be specified, separated by white space. -For example: -.Bd -literal -offset indent -Plugin sudoers_policy sudoers.so sudoers_mode=0400 -.Ed -.Pp -The following arguments are supported: -.Bl -tag -width 8n -.It sudoers_file=pathname -The -.Em sudoers_file -argument can be used to override the default path to the -.Em sudoers -file. -.It sudoers_uid=uid -The -.Em sudoers_uid -argument can be used to override the default owner of the sudoers file. -It should be specified as a numeric user-ID. -.It sudoers_gid=gid -The -.Em sudoers_gid -argument can be used to override the default group of the sudoers file. -It must be specified as a numeric group-ID (not a group name). -.It sudoers_mode=mode -The -.Em sudoers_mode -argument can be used to override the default file mode for the sudoers file. -It should be specified as an octal value. -.El -.Pp -For more information on configuring -.Xr sudo.conf @mansectform@ , -please refer to its manual. -.Sh ENVIRONMENT -The following environment variables may be consulted depending on -the value of the -.Em editor -and -.Em env_editor -.Em sudoers -settings: -.Bl -tag -width 15n -.It Ev SUDO_EDITOR -Invoked by -.Nm -as the editor to use -.It Ev VISUAL -Used by -.Nm -if -.Ev SUDO_EDITOR -is not set -.It Ev EDITOR -Used by -.Nm -if neither -.Ev SUDO_EDITOR -nor -.Ev VISUAL -is set -.El -.Sh FILES -.Bl -tag -width 24n -.It Pa @sysconfdir@/sudo.conf -Sudo front end configuration -.It Pa @sysconfdir@/sudoers -List of who can run what -.It Pa @sysconfdir@/sudoers.tmp -Default temporary file used by visudo -.El -.Sh DIAGNOSTICS -In addition to reporting -.Em sudoers -syntax errors, -.Nm -may produce the following messages: -.Bl -tag -width 4n -.It Li sudoers file busy, try again later. -Someone else is currently editing the -.Em sudoers -file. -.It Li @sysconfdir@/sudoers: Permission denied -You didn't run -.Nm -as root. -.It Li you do not exist in the passwd database -Your user-ID does not appear in the system passwd database. -.It Li Warning: {User,Runas,Host,Cmnd}_Alias referenced but not defined -Either you are trying to use an undeclared {User,Runas,Host,Cmnd}_Alias -or you have a user or host name listed that consists solely of -uppercase letters, digits, and the underscore -.Pq Ql _ -character. -In the latter case, you can ignore the warnings -.Po -.Nm sudo -will not complain -.Pc . -The message is prefixed with the path name of the -.Em sudoers -file and the line number where the undefined alias was used. -In -.Fl s -(strict) mode these are errors, not warnings. -.It Li Warning: unused {User,Runas,Host,Cmnd}_Alias -The specified {User,Runas,Host,Cmnd}_Alias was defined but never -used. -The message is prefixed with the path name of the -.Em sudoers -file and the line number where the unused alias was defined. -You may wish to comment out or remove the unused alias. -.It Li Warning: cycle in {User,Runas,Host,Cmnd}_Alias -The specified {User,Runas,Host,Cmnd}_Alias includes a reference to -itself, either directly or through an alias it includes. -The message is prefixed with the path name of the -.Em sudoers -file and the line number where the cycle was detected. -This is only a warning unless -.Nm -is run in -.Fl s -(strict) mode as -.Nm sudo -will ignore cycles when parsing -the -.Em sudoers -file. -.It Li unknown defaults entry \&"name\&" -The -.Em sudoers -file contains a -.Li Defaults -setting not recognized by -.Nm . -.El -.Sh SEE ALSO -.Xr vi 1 , -.Xr sudo.conf @mansectform@ , -.Xr sudoers @mansectform@ , -.Xr sudo @mansectsu@ , -.Xr vipw @mansectsu@ -.Sh AUTHORS -Many people have worked on -.Nm sudo -over the years; this version consists of code written primarily by: -.Bd -ragged -offset indent -.An Todd C. Miller -.Ed -.Pp -See the CONTRIBUTORS file in the -.Nm sudo -distribution (https://www.sudo.ws/contributors.html) for an -exhaustive list of people who have contributed to -.Nm sudo . -.Sh CAVEATS -There is no easy way to prevent a user from gaining a root shell if -the editor used by -.Nm -allows shell escapes. -.Sh BUGS -If you feel you have found a bug in -.Nm , -please submit a bug report at https://bugzilla.sudo.ws/ -.Sh SUPPORT -Limited free support is available via the sudo-users mailing list, -see https://www.sudo.ws/mailman/listinfo/sudo-users to subscribe or -search the archives. -.Sh DISCLAIMER -.Nm -is provided -.Dq AS IS -and any express or implied warranties, including, but not limited -to, the implied warranties of merchantability and fitness for a -particular purpose are disclaimed. -See the LICENSE file distributed with -.Nm sudo -or https://www.sudo.ws/license.html for complete details. diff -Nru sudo-1.9.5p2/docker/README sudo-1.9.9/docker/README --- sudo-1.9.5p2/docker/README 1970-01-01 00:00:00.000000000 +0000 +++ sudo-1.9.9/docker/README 2022-01-27 21:24:22.000000000 +0000 @@ -0,0 +1,45 @@ +Container images are stored in https://hub.docker.com/repositories as +user sudoproject. Build images are named based on the distro and use +the tag to differentiate between different versions and architectures. +There should always be a "latest" tag (or manifest). + +When creating a new Dockerfile, use one of the Debian or Fedora files +as a template. The examples below use podman rather than docker but it +should be possible to them interchangeably. + +To build Debian containers for both amd64 and i386 (others only have amd64): + + podman build --arch amd64 --pull -t sudoproject/debian:latest.amd64 \ + docker/debian/latest + podman build --arch 386 --pull -t sudoproject/debian:latest.i386 \ + docker/debian/latest + +Then push it to dockerhub (may need to run "podman login" first): + podman push sudoproject/debian:latest.amd64 + podman push sudoproject/debian:latest.i386 + +Multi-arch containers are supported by creating a manifest, e.g.: + podman manifest create sudoproject/debian:latest + podman manifest add sudoproject/debian:latest \ + sudoproject/debian:latest.amd64 + podman manifest add sudoproject/debian:latest \ + sudoproject/debian:latest.i386 + +Finally push the manifest to dockerhub: + podman push sudoproject/debian:latest + +When building bleeding edge images it is possible that the seccomp +filter will be out of date with respect to system calls. It may +be necessary to pass podman the --security-opt=seccomp=unconfined +option in this case. + +Note that memory sanitizer uses ptrace which is not allowed for +non-root containers by default. This will cause a failure when +running the tests if sudo is configured with --enable-sanitizer. +The simplest solution is to run the container with the SYS_PTRACE +capability. E.g. + podman run -it --cap-add SYS_PTRACE ... + +Alternately, disable leak sanitizer by setting + ASAN_OPTIONS=detect_leaks=0 +in the environment of the container doing "make check". diff -Nru sudo-1.9.5p2/docker/debian/latest/Dockerfile sudo-1.9.9/docker/debian/latest/Dockerfile --- sudo-1.9.5p2/docker/debian/latest/Dockerfile 1970-01-01 00:00:00.000000000 +0000 +++ sudo-1.9.9/docker/debian/latest/Dockerfile 2022-01-27 21:24:22.000000000 +0000 @@ -0,0 +1,9 @@ +FROM docker.io/library/debian:latest + +RUN DEBIAN_FRONTEND=noninteractive TZ=America/Denver apt-get update && \ + DEBIAN_FRONTEND=noninteractive TZ=America/Denver apt-get install -y \ + build-essential curl dpkg-dev ed libldap2-dev libpam0g-dev \ + libsasl2-dev libselinux1-dev libsepol1-dev libssl-dev zlib1g-dev \ + libaudit-dev libssl-dev python3-dev libpython3-dev libwolfssl-dev \ + file lsb-release fakeroot pkg-config procps git ssh openssh-client +RUN useradd -ms /bin/bash build diff -Nru sudo-1.9.5p2/docker/debian/testing/Dockerfile sudo-1.9.9/docker/debian/testing/Dockerfile --- sudo-1.9.5p2/docker/debian/testing/Dockerfile 1970-01-01 00:00:00.000000000 +0000 +++ sudo-1.9.9/docker/debian/testing/Dockerfile 2022-01-27 21:24:22.000000000 +0000 @@ -0,0 +1,9 @@ +FROM docker.io/library/debian:testing + +RUN DEBIAN_FRONTEND=noninteractive TZ=America/Denver apt-get update && \ + DEBIAN_FRONTEND=noninteractive TZ=America/Denver apt-get install -y \ + build-essential curl dpkg-dev ed libldap2-dev libpam0g-dev \ + libsasl2-dev libselinux1-dev libsepol1-dev libssl-dev zlib1g-dev \ + libaudit-dev libssl-dev python3-dev libpython3-dev libwolfssl-dev \ + file lsb-release fakeroot pkg-config procps git ssh openssh-client +RUN useradd -ms /bin/bash build diff -Nru sudo-1.9.5p2/docker/fedora/latest/Dockerfile sudo-1.9.9/docker/fedora/latest/Dockerfile --- sudo-1.9.5p2/docker/fedora/latest/Dockerfile 1970-01-01 00:00:00.000000000 +0000 +++ sudo-1.9.9/docker/fedora/latest/Dockerfile 2022-01-27 21:24:22.000000000 +0000 @@ -0,0 +1,8 @@ +FROM docker.io/library/fedora:latest +ENV TZ=America/Denver + +RUN dnf -y install audit-libs-devel cyrus-sasl-devel glibc-devel \ + libasan libubsan libselinux-devel libsepol-devel openldap-devel \ + openssl-devel pam-devel python3-devel rpm-build zlib-devel binutils \ + ed gcc gdb git openssh pkg-config procps which +RUN useradd -ms /bin/bash build diff -Nru sudo-1.9.5p2/docker/fedora/rawhide/Dockerfile sudo-1.9.9/docker/fedora/rawhide/Dockerfile --- sudo-1.9.5p2/docker/fedora/rawhide/Dockerfile 1970-01-01 00:00:00.000000000 +0000 +++ sudo-1.9.9/docker/fedora/rawhide/Dockerfile 2022-01-27 21:24:22.000000000 +0000 @@ -0,0 +1,8 @@ +FROM docker.io/library/fedora:rawhide +ENV TZ=America/Denver + +RUN dnf -y install audit-libs-devel cyrus-sasl-devel glibc-devel \ + libasan libubsan libselinux-devel libsepol-devel openldap-devel \ + openssl-devel pam-devel python3-devel rpm-build zlib-devel binutils \ + ed gcc gdb git openssh pkg-config procps which +RUN useradd -ms /bin/bash build diff -Nru sudo-1.9.5p2/docker/ubuntu/devel/Dockerfile sudo-1.9.9/docker/ubuntu/devel/Dockerfile --- sudo-1.9.5p2/docker/ubuntu/devel/Dockerfile 1970-01-01 00:00:00.000000000 +0000 +++ sudo-1.9.9/docker/ubuntu/devel/Dockerfile 2022-01-27 21:24:22.000000000 +0000 @@ -0,0 +1,9 @@ +FROM docker.io/library/ubuntu:devel + +RUN DEBIAN_FRONTEND=noninteractive TZ=America/Denver apt-get update && \ + DEBIAN_FRONTEND=noninteractive TZ=America/Denver apt-get install -y \ + build-essential curl dpkg-dev ed libldap2-dev libpam0g-dev \ + libsasl2-dev libselinux1-dev libsepol1-dev libssl-dev zlib1g-dev \ + libaudit-dev libssl-dev python3-dev libpython3-dev libwolfssl-dev \ + file lsb-release fakeroot pkg-config procps git ssh openssh-client +RUN useradd -ms /bin/bash build diff -Nru sudo-1.9.5p2/docker/ubuntu/latest/Dockerfile sudo-1.9.9/docker/ubuntu/latest/Dockerfile --- sudo-1.9.5p2/docker/ubuntu/latest/Dockerfile 1970-01-01 00:00:00.000000000 +0000 +++ sudo-1.9.9/docker/ubuntu/latest/Dockerfile 2022-01-27 21:24:22.000000000 +0000 @@ -0,0 +1,9 @@ +FROM docker.io/library/ubuntu:latest + +RUN DEBIAN_FRONTEND=noninteractive TZ=America/Denver apt-get update && \ + DEBIAN_FRONTEND=noninteractive TZ=America/Denver apt-get install -y \ + build-essential curl dpkg-dev ed libldap2-dev libpam0g-dev \ + libsasl2-dev libselinux1-dev libsepol1-dev libssl-dev zlib1g-dev \ + libaudit-dev libssl-dev python3-dev libpython3-dev libwolfssl-dev \ + file lsb-release fakeroot pkg-config procps git ssh openssh-client +RUN useradd -ms /bin/bash build diff -Nru sudo-1.9.5p2/docker/ubuntu/rolling/Dockerfile sudo-1.9.9/docker/ubuntu/rolling/Dockerfile --- sudo-1.9.5p2/docker/ubuntu/rolling/Dockerfile 1970-01-01 00:00:00.000000000 +0000 +++ sudo-1.9.9/docker/ubuntu/rolling/Dockerfile 2022-01-27 21:24:22.000000000 +0000 @@ -0,0 +1,9 @@ +FROM docker.io/library/ubuntu:rolling + +RUN DEBIAN_FRONTEND=noninteractive TZ=America/Denver apt-get update && \ + DEBIAN_FRONTEND=noninteractive TZ=America/Denver apt-get install -y \ + build-essential curl dpkg-dev ed libldap2-dev libpam0g-dev \ + libsasl2-dev libselinux1-dev libsepol1-dev libssl-dev zlib1g-dev \ + libaudit-dev libssl-dev python3-dev libpython3-dev libwolfssl-dev \ + file lsb-release fakeroot pkg-config procps git ssh openssh-client +RUN useradd -ms /bin/bash build diff -Nru sudo-1.9.5p2/docs/CONTRIBUTING.md sudo-1.9.9/docs/CONTRIBUTING.md --- sudo-1.9.5p2/docs/CONTRIBUTING.md 1970-01-01 00:00:00.000000000 +0000 +++ sudo-1.9.9/docs/CONTRIBUTING.md 2022-01-27 21:24:22.000000000 +0000 @@ -0,0 +1,76 @@ +Contributing to Sudo +==================== + +Thank you for your interest in contributing to Sudo! There are a +number of way you can help make Sudo better. + +## Getting started + +To get an overview of Sudo, please read the [README.md](../README.md). +There are multiple ways to contribute, some of which don't require +writing a single line of code. + +## Filing bug reports/issues + +If you find a bug in Sudo, you may open a [GitHub +issue](https://github.com/sudo-project/sudo/issues) or file a +[Bugzilla bug](https://bugzilla.sudo.ws). If you would rather use +email, messages may be sent to the [sudo-workers@sudo.ws +mailing list](https://www.sudo.ws/mailman/listinfo/sudo-workers) +(public) or to sudo@sudo.ws (private). + +For information on reporting security issues, please see +[SECURITY.md](SECURITY.md). + +Please include the version of sudo you are using, the operating +system and/or distro that is affected, and step-by-step instructions +to reproduce the problem. + +## Making changes to Sudo + +If you are interested in making changes to Sudo there are two main +work flows: + + * clone the [sudo repo](https://github.com/sudo-project/sudo), make + your changes, and submit a Pull Request (PR). + + * send a diff with your changes to the [sudo-workers@sudo.ws mailing + list](https://www.sudo.ws/mailman/listinfo/sudo-workers) to start + a discussion. + +In addition to the [GitHub repo](https://github.com/sudo-project/sudo), +there is also a [mercurial repo](https://www.sudo.ws/repos/sudo). + +## sudo-workers mailing list + +If you would like to discuss your changes before submitting a +PR, you may do so on the [sudo-workers@sudo.ws mailing +list](https://www.sudo.ws/mailman/listinfo/sudo-workers). +Otherwise, discussion can simply occur as part of the PR work flow. + +## Fuzzing + +Sudo uses the [oss-fuzz project](https://github.com/google/oss-fuzz.git) +to perform fuzzing. Each commit to the _main_ branch will trigger +a short fuzzing run via the [CIFuzz +action](https://github.com/sudo-project/sudo/actions/workflows/main.yml). +The history of that action shows successful and failed fuzzing runs. + +Longer fuzzing runs occur using the ClusterFuzz infrastructure. These +fuzzing runs are longer than those used by CIFuzz. A [public list of +failures](https://bugs.chromium.org/p/oss-fuzz/issues/list?q=sudoers) +is available. + +For more information, see https://www.sudo.ws/security/fuzzing/. + +## Translations + +The Free Translation Project provides translations for Sudo. If +you would like to contribute to Sudo's translations, please see the +ABOUT-NLS file in the Sudo source tree or visit [the Free Translation +Project's homepage](http://translationproject.org). + +There are currently two translation domains: [one for the sudo +front-end](https://translationproject.org/domain/sudo.html) and a +[separate one for the sudoers module and related +utilities](https://translationproject.org/domain/sudoers.html). diff -Nru sudo-1.9.5p2/docs/CONTRIBUTORS.md sudo-1.9.9/docs/CONTRIBUTORS.md --- sudo-1.9.5p2/docs/CONTRIBUTORS.md 1970-01-01 00:00:00.000000000 +0000 +++ sudo-1.9.9/docs/CONTRIBUTORS.md 2022-01-27 21:24:22.000000000 +0000 @@ -0,0 +1,246 @@ +The following list of people, sorted by last name, have contributed +code or patches to this implementation of sudo since I began +maintaining it in 1993. This list is known to be incomplete--if +you believe you should be listed, please send a note to sudo@sudo.ws. + + Ackeret, Matt + Adler, Mark + Allbery, Russ + Anderson, Jamie + Andrew, Nick + Andric, Dimitry + Barron, Danny + Bates, Tom + Behan, Zdeněk + Bellis, Ray + Benali, Elias + Beverly, Jamie + Boardman, Spider + Bos, Sander + Bostley, P.J. + Bowes, Keith + Boyce, Keith Garry + Brantley, Michael + Braun, Rob + Březina, Pavel + Brooks, Piete + Brown, Jerry + Burr, Michael E + Burton, Ross + Bussjaeger, Andreas + Calvin, Gary + Campbell, Aaron + Chazelas, Stephane + Cheloha, Scott + Čížek, Vítězslav + Coleman, Chris + Corzine, Deven T. + Cusack, Frank + Dai, Wei + Dill, David + Earickson, Jeff + Eckhardt, Drew + Edgington, Ben + Esipovich, Marc + Espie, Marc + Faigon, Ariel + Farrell, Brian + Fobes, Steve + Frysinger, Mike + G., Daniel Richard + Gailly, Jean-loup + Gelman, Stephen + Gerraty, Simon J. + Graber, Stephane + Guillory, B. + Hayman, Randy M. + Henke, Joachim + Hideaki, Yoshifuji + Hieb, Dave + Holloway, Nick + Hoover, Adam + Hunter, Michael T. + Hutchings, Ben + Irrgang, Eric + Jackson, Brian + Jackson, John R. + Jackson, Richard L., Jr. + Janssen, Mark + Jepeway, Chris + Jorge, Joel Peláe + Jover, Guillem + Juhani, Timo + Kikuchi, Ayamura + Kadow, Kevin + Kasal, Stepan + Kienenberger, Mike + King, Dale + King, Michael + Klyachkin, Andrey + Knoble, Jim + Knox, Tim + Komarnitsky, Alek O. + Kondrashov, Nikolai + Kopeček, Daniel + Kranenburg, Paul + Krause, David + Lakin, Eric + Larsen, Case + Levin, Dmitry V. + Libby, Kendall + Lobbes, Phillip E. + McIntyre, Jason + MacKenzie, David J. + McLaughlin, Tom + Makey, Jeff + Mallayya, Sangamesh + Manner, Róbert + Marchionna, Michael D. + Markham, Paul + Martinian, Emin + Meskes, Michael + Michael, David + Miller, Todd C. + Minier, Loïc + Moffat, Darren + Moldung, Jan Thomas + Morris, Charles + Mueller, Andreas + Müller, Dworkin + Nieusma, Jeff + Nikitser, Peter A. + Nussel, Ludwig + Orbán, László + Ouellet, Jean-Philippe + Paquet, Eric + Paradis, Chantal + Pasteleurs, Frederic + Percival, Ted + Perera, Andres + Peron, Christian S.J. + Peschel, Aaron + Peslyak, Alexander + Peterson, Toby + Pettenò, Diego Elio + Pickett, Joel + Plotnick, Alex + de Raadt, Theo + Rasch, Gudleik + Reid, Steve + Richards, Matt + Rossum, Guido van + Rouillard, John P. + Rowe, William A., Jr. + Roy, Alain + Ruusamäe, Elan + Ryabinkin, Eygene + Sato, Yuichi + Sánchez, Wilfredo + Sanders, Miguel + Sasaki, Kan + Saucier, Jean-Francois + Schoenfeld, Patrick + Schuring, Arno + Schwarze, Ingo + Scott, Dougal + Sieger, Nick + Simon, Thor Lancelot + Slemko, Marc + Smith, Andy + Sobrado, Igor + Soulen, Steven + Spangler, Aaron + Spradling, Cloyce D. + Spradling, Michael + Stier, Matthew + Stoeckmann, Tobias + Street, Russell + Stritzky, Tilo + Stroucken, Michael + Tarrall, Robert + Thomas, Matthew + Todd, Giles + Toft, Martin + Torek, Chris + Tucker, Darren + Uhl, Robert + Uzel, Petr + Valery, Reznic + Van Dinter, Theo + Venckus, Martynas + de Vries, Maarten + Wagner, Klaus + Walsh, Dan + Warburton, John + Webb, Kirk + Wetzel, Timm + Wieringen, Marco van + Wilk, Jakub + Winiger, Gary + Wood, David + Zacarias, Gustavo + Zolnowsky, John + +The following people have worked to translate sudo into +other languages as part of the Translation Project, see +https://translationproject.org for more details. + + Albuquerque, Pedro + Blättermann, Mario + Bogusz, Jakub + Buo-ren, Lin + Casagrande, Milo + Castro, Felipe + Cho, Seong-ho + Chornoivan, Yuri + Diéguez, Francisco + Fontenelle, Rafael + García-Fontes, Walter + Gezer, Volkan + Hamasaki, Takeshi + Hamming, Peter + Hansen, Joe + Hantrais, Frédéric + Hein, Jochen + Hufthammer, Karl Ove + Jerovšek, Damir + Karvonen, Jorma + Kazik, Dušan + Kelemen, Gábor + Keçeci, Mehmet + Košir, Klemen + Kozlov, Yuri + Kramer, Jakob + Krznar, Tomislav + Marchal, Frédéric + Margevičius, Algimantas + Maryanov, Pavel + Florentina Mușat + Nurmi, Lauri + Nikolić, Miroslav + Nylander, Daniel + Pan, Yi-Jyun + Písař, Petr + Puente, Enol + Putanec, Božidar + Quân, Trần Ngọc + Rasmussen, Sebastian + Regueiro, Leandro + Sarıer, Özgür + Sendón, Abel + Șerbănescu, Daniel + Shahedany, Eshagh + Sikrom, Åka + Spingos, Dimitris + Taniguchi, Yasuaki + Tomat, Fábio + Úr, Balázs + Uranga, Mikel Olasagasti + Vorotnikov, Artem + Wang, Wylmer + Yang, Boyuan + +The following people designed the artwork used on the sudo website: + + Shield logo: Badger, Trent + Sandwich logo (inspired by xkcd): Stillman, Mark diff -Nru sudo-1.9.5p2/docs/HISTORY.md sudo-1.9.9/docs/HISTORY.md --- sudo-1.9.5p2/docs/HISTORY.md 1970-01-01 00:00:00.000000000 +0000 +++ sudo-1.9.9/docs/HISTORY.md 2022-01-27 21:24:22.000000000 +0000 @@ -0,0 +1,77 @@ +A Brief History of Sudo +======================= + +## The Early Years + +Sudo was first conceived and implemented by Bob Coggeshall and Cliff Spencer +around 1980 at the Department of Computer Science at SUNY/Buffalo. It ran on +a VAX-11/750 running 4.1BSD. An updated version, credited to Phil Betchel, +Cliff Spencer, Gretchen Phillips, John LoVerso, and Don Gworek, was posted to +the net.sources Usenet newsgroup in December of 1985. + +## Sudo at CU-Boulder + +In the Summer of 1986, Garth Snyder released an enhanced version of sudo. +For the next 5 years, sudo was fed and watered by a handful of folks at +CU-Boulder, including Bob Coggeshall, Bob Manchek, and Trent Hein. + +## Root Group Sudo + +In 1991, Dave Hieb and Jeff Nieusma wrote a new version of sudo with an +enhanced sudoers format under contract to a consulting firm called "The Root +Group". This version was later released under the GNU public license. + +## CU Sudo + +In 1994, after maintaining sudo informally within CU-Boulder for some time, +Todd C. Miller made a public release of "CU sudo" (version 1.3) with bug +fixes and support for more operating systems. The "CU" was added to +differentiate it from the "official" version from "The Root Group". + +In 1995, a new parser for the sudoers file was contributed by Chris Jepeway. +The new parser was a proper grammar (unlike the old one) and could work with +both sudo and visudo (previously they had slightly different parsers). + +In 1996, Todd, who had been maintaining sudo for several years in his spare +time, moved distribution of sudo from a CU-Boulder ftp site to his domain, +courtesan.com. + +## Just Plain Sudo + +In 1999, the "CU" prefix was dropped from the name since there had been no +formal release of sudo from "The Root Group" since 1991 (the original +authors now work elsewhere). As of version 1.6, Sudo no longer contains any +of the original "Root Group" code and is available under an ISC-style +license. + +In 2001, the sudo web site, ftp site, and mailing lists were moved from +courtesan.com to the sudo.ws domain (sudo.org was already taken). + +## LDAP Integration + +In 2003, Nationwide Mutual Insurance Company contributed code written by +Aaron Spangler to store the sudoers data in LDAP. These changes were +incorporated into Sudo 1.6.8. + +## New Parser + +In 2005, Todd rewrote the sudoers parser to better support the features that +had been added in the past ten years. This new parser removes some +limitations of the previous one, removes ordering constraints and adds +support for including multiple sudoers files. + +## Quest Sponsorship + +In 2010, Quest Software began sponsoring Sudo development by hiring +Todd to work on Sudo as part of his full-time job. This enabled +the addition of I/O logging, the plugin API, the log server, +additional regression and fuzz tests, support for binary packages +and more regular releases. + +## Present Day + +Sudo, in its current form, is maintained by: + + Todd C. Miller + +Todd continues to enhance sudo and fix bugs. diff -Nru sudo-1.9.5p2/docs/Makefile.in sudo-1.9.9/docs/Makefile.in --- sudo-1.9.5p2/docs/Makefile.in 1970-01-01 00:00:00.000000000 +0000 +++ sudo-1.9.9/docs/Makefile.in 2022-01-27 21:24:22.000000000 +0000 @@ -0,0 +1,431 @@ +# +# SPDX-License-Identifier: ISC +# +# Copyright (c) 2010-2015, 2017-2022 Todd C. Miller +# +# Permission to use, copy, modify, and distribute this software for any +# purpose with or without fee is hereby granted, provided that the above +# copyright notice and this permission notice appear in all copies. +# +# THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES +# WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF +# MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR +# ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES +# WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN +# ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF +# OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. +# +# @configure_input@ +# + +#### Start of system configuration section. #### + +srcdir = @srcdir@ +abs_srcdir = @abs_srcdir@ +top_srcdir = @top_srcdir@ +abs_top_srcdir = @abs_top_srcdir@ +top_builddir = @top_builddir@ +abs_top_builddir = @abs_top_builddir@ +docdir = @docdir@ +scriptdir = $(top_srcdir)/scripts + +# Tools to use +SED = @SED@ +IGOR = igor +MANDOC = @MANDOCPROG@ +MANCOMPRESS = @MANCOMPRESS@ +MANCOMPRESSEXT = @MANCOMPRESSEXT@ +TR = @TRPROG@ + +# Our install program supports extra flags... +INSTALL = $(SHELL) $(scriptdir)/install-sh -c +INSTALL_OWNER = -o $(install_uid) -g $(install_gid) + +# Where to install things... +prefix = @prefix@ +exec_prefix = @exec_prefix@ +bindir = @bindir@ +sbindir = @sbindir@ +sysconfdir = @sysconfdir@ +libexecdir = @libexecdir@ +datarootdir = @datarootdir@ +localstatedir = @localstatedir@ +mandir = @mandir@ + +# Directory in which to install the man page +mantype = @MANTYPE@ +mansectsu = @mansectsu@ +mansectform = @mansectform@ +mandirexe = $(mandir)/@MANDIRTYPE@1 +mandirsu = $(mandir)/@MANDIRTYPE@$(mansectsu) +mandirform = $(mandir)/@MANDIRTYPE@$(mansectform) + +# User and group ids the installed files should be "owned" by +install_uid = 0 +install_gid = 0 + +# Set to non-empty for development mode +DEVEL = @DEVEL@ + +#### End of system configuration section. #### + +SHELL = @SHELL@ + +DOCS = ./cvtsudoers.$(mantype) ./sudo.$(mantype) ./sudo.conf.$(mantype) \ + ./sudo_logsrvd.$(mantype) ./sudo_logsrv.proto.$(mantype) \ + ./sudo_logsrvd.conf.$(mantype) ./sudo_plugin.$(mantype) \ + ./sudo_plugin_python.$(mantype) ./sudo_sendlog.$(mantype) \ + ./sudoers.$(mantype) ./sudoers.ldap.$(mantype) \ + ./sudoers_timestamp.$(mantype) \ + ./sudoreplay.$(mantype) ./visudo.$(mantype) + +DEVDOCS = $(srcdir)/cvtsudoers.man.in $(srcdir)/sudo.conf.man.in \ + $(srcdir)/sudo.man.in $(srcdir)/sudo_logsrvd.man.in \ + $(srcdir)/sudo_logsrv.proto.man.in \ + $(srcdir)/sudo_logsrvd.conf.man.in \ + $(srcdir)/sudo_plugin.man.in $(srcdir)/sudo_plugin_python.man.in \ + $(srcdir)/sudo_sendlog.man.in $(srcdir)/sudoers.ldap.man.in \ + $(srcdir)/sudoers.man.in $(srcdir)/sudoers_timestamp.man.in \ + $(srcdir)/sudoreplay.man.in $(srcdir)/visudo.man.in + +OTHER_DOCS = $(top_srcdir)/ChangeLog $(top_srcdir)/NEWS \ + $(top_srcdir)/README.md $(srcdir)/CONTRIBUTING.md \ + $(top_srcdir)/LICENSE.md $(srcdir)/CONTRIBUTORS.md \ + $(srcdir)/HISTORY.md $(srcdir)/SECURITY.md \ + $(srcdir)/TROUBLESHOOTING.md $(srcdir)/UPGRADE.md + +OTHER_DOCS_LDAP = $(top_srcdir)/README.LDAP.md $(srcdir)/schema.* + +VERSION = @PACKAGE_VERSION@ +PACKAGE_TARNAME = @PACKAGE_TARNAME@ + +all: $(DEVDOCS) $(DOCS) + +igor: all + @if [ "$(mantype)" != "mdoc" ]; then \ + echo "make igor only supported for mdoc manuals" 1>&2; \ + exit 1; \ + else \ + rval=0; \ + for m in $(DOCS); do \ + echo $(IGOR) -D $$m; \ + $(IGOR) -D $$m || rval=`expr $$rval + $$?`; \ + done; \ + exit $$rval; \ + fi + +lint: all + @if [ "$(mantype)" != "mdoc" ]; then \ + echo "make lint only supported for mdoc manuals" 1>&2; \ + exit 1; \ + else \ + rval=0; \ + for m in $(DOCS); do \ + echo $(MANDOC) -Tlint -Wwarning $$m; \ + $(MANDOC) -Tlint -Wwarning $$m || rval=`expr $$rval + $$?`; \ + done; \ + exit $$rval; \ + fi + +depend: + +Makefile: $(srcdir)/Makefile.in + cd $(top_builddir) && ./config.status --file docs/Makefile + +.SUFFIXES: .man + +$(srcdir)/sudo.man.in: $(srcdir)/sudo.mdoc.in $(srcdir)/sudo.man.in.sed + @if [ -n "$(DEVEL)" ]; then \ + echo "Generating $@"; \ + mansectsu=`echo @MANSECTSU@|$(TR) A-Z a-z`; \ + mansectform=`echo @MANSECTFORM@|$(TR) A-Z a-z`; \ + $(SED) -e 's/^\(\.nr [A-Z][A-Z]\) .[A-Z][A-Z]MAN./\1 1/' -e "s/$$mansectsu/8/g" -e "s/$$mansectform/5/g" $(srcdir)/sudo.mdoc.in | $(MANDOC) -Tman | $(SED) -e 's/^\(\.TH "SUDO" \)"8"\(.*\)/\1"'$$mansectsu'"\2/' -e "s/(5)/($$mansectform)/g" -e "s/(8)/($$mansectsu)/g" -f $(srcdir)/sudo.man.in.sed > $@; \ + fi + +fixman.sed: $(srcdir)/fixman.sh + $(SHELL) $(srcdir)/fixman.sh $@ + +./sudo.man: $(top_builddir)/config.status $(srcdir)/sudo.man.in fixman.sed + (cd $(top_builddir) && $(SHELL) config.status --file=-) < $(srcdir)/sudo.man.in | $(SED) -f fixman.sed > $@ + +./sudo.mdoc: $(top_builddir)/config.status $(srcdir)/sudo.mdoc.in + cd $(top_builddir) && $(SHELL) config.status --file=docs/$@ + +$(srcdir)/visudo.man.in: $(srcdir)/visudo.mdoc.in + @if [ -n "$(DEVEL)" ]; then \ + echo "Generating $@"; \ + mansectsu=`echo @MANSECTSU@|$(TR) A-Z a-z`; \ + mansectform=`echo @MANSECTFORM@|$(TR) A-Z a-z`; \ + $(SED) -e "s/$$mansectsu/8/g" -e "s/$$mansectform/5/g" $(srcdir)/visudo.mdoc.in | $(MANDOC) -Tman | $(SED) -e 's/^\(\.TH "VISUDO" \)"8"\(.*\)/\1"'$$mansectsu'"\2/' -e "s/(5)/($$mansectform)/g" -e "s/(8)/($$mansectsu)/g" > $@; \ + fi + +./visudo.man: $(top_builddir)/config.status $(srcdir)/visudo.man.in fixman.sed + (cd $(top_builddir) && $(SHELL) config.status --file=-) < $(srcdir)/visudo.man.in | $(SED) -f fixman.sed > $@ + +./visudo.mdoc: $(top_builddir)/config.status $(srcdir)/visudo.mdoc.in + cd $(top_builddir) && $(SHELL) config.status --file=docs/$@ + +$(srcdir)/sudo.conf.man.in: $(srcdir)/sudo.conf.mdoc.in + @if [ -n "$(DEVEL)" ]; then \ + echo "Generating $@"; \ + mansectsu=`echo @MANSECTSU@|$(TR) A-Z a-z`; \ + mansectform=`echo @MANSECTFORM@|$(TR) A-Z a-z`; \ + $(SED) -e 's/^\(\.nr [A-Z][A-Z]\) .[A-Z][A-Z]MAN./\1 1/' -e "s/$$mansectsu/8/g" -e "s/$$mansectform/5/g" $(srcdir)/sudo.conf.mdoc.in | $(MANDOC) -Tman | $(SED) -e 's/^\(\.TH "SUDO.CONF" \)"5"\(.*\)/\1"'$$mansectform'"\2/' -e "s/(5)/($$mansectform)/g" -e "s/(8)/($$mansectsu)/g" -f $(srcdir)/sudo.conf.man.in.sed > $@; \ + fi + +./sudo.conf.man: $(top_builddir)/config.status $(srcdir)/sudo.conf.man.in fixman.sed + (cd $(top_builddir) && $(SHELL) config.status --file=-) < $(srcdir)/sudo.conf.man.in | $(SED) -f fixman.sed > $@ + +./sudo.conf.mdoc: $(top_builddir)/config.status $(srcdir)/sudo.conf.mdoc.in + cd $(top_builddir) && $(SHELL) config.status --file=docs/$@ + +$(srcdir)/sudoers.man.in: $(srcdir)/sudoers.mdoc.in $(srcdir)/sudoers.man.in.sed + @if [ -n "$(DEVEL)" ]; then \ + echo "Generating $@"; \ + mansectsu=`echo @MANSECTSU@|$(TR) A-Z a-z`; \ + mansectform=`echo @MANSECTFORM@|$(TR) A-Z a-z`; \ + $(SED) -e 's/^\(\.nr [A-Z][A-Z]\) .[A-Z][A-Z]MAN./\1 1/' -e "s/$$mansectsu/8/g" -e "s/$$mansectform/5/g" $(srcdir)/sudoers.mdoc.in | $(MANDOC) -Tman | $(SED) -e 's/^\(\.TH "SUDOERS" \)"5"\(.*\)/\1"'$$mansectform'"\2/' -e "s/(5)/($$mansectform)/g" -e "s/(8)/($$mansectsu)/g" -f $(srcdir)/sudoers.man.in.sed> $@; \ + fi + +./sudoers.man: $(top_builddir)/config.status $(srcdir)/sudoers.man.in fixman.sed + (cd $(top_builddir) && $(SHELL) config.status --file=-) < $(srcdir)/sudoers.man.in | $(SED) -f fixman.sed > $@ + +./sudoers.mdoc: $(top_builddir)/config.status $(srcdir)/sudoers.mdoc.in $(srcdir)/fixmdoc.sed + (cd $(top_builddir) && $(SHELL) config.status --file=-) < $(srcdir)/sudoers.mdoc.in | $(SED) -f $(srcdir)/fixmdoc.sed > $@ + +$(srcdir)/sudoers.ldap.man.in: $(srcdir)/sudoers.ldap.mdoc.in + @if [ -n "$(DEVEL)" ]; then \ + echo "Generating $@"; \ + mansectsu=`echo @MANSECTSU@|$(TR) A-Z a-z`; \ + mansectform=`echo @MANSECTFORM@|$(TR) A-Z a-z`; \ + $(SED) -e "s/$$mansectsu/8/g" -e "s/$$mansectform/5/g" $(srcdir)/sudoers.ldap.mdoc.in | $(MANDOC) -Tman | $(SED) -e 's/^\(\.TH "SUDOERS.LDAP" \)"5"\(.*\)/\1"'$$mansectform'"\2/' -e "s/(5)/($$mansectform)/g" -e "s/(8)/($$mansectsu)/g" > $@; \ + fi + +./sudoers.ldap.man: $(top_builddir)/config.status $(srcdir)/sudoers.ldap.man.in fixman.sed + (cd $(top_builddir) && $(SHELL) config.status --file=-) < $(srcdir)/sudoers.ldap.man.in | $(SED) -f fixman.sed > $@ + +./sudoers.ldap.mdoc: $(top_builddir)/config.status $(srcdir)/sudoers.ldap.mdoc.in + cd $(top_builddir) && $(SHELL) config.status --file=docs/$@ + +$(srcdir)/sudoers_timestamp.man.in: $(srcdir)/sudoers_timestamp.mdoc.in + @if [ -n "$(DEVEL)" ]; then \ + echo "Generating $@"; \ + mansectsu=`echo @MANSECTSU@|$(TR) A-Z a-z`; \ + mansectform=`echo @MANSECTFORM@|$(TR) A-Z a-z`; \ + $(SED) -e "s/$$mansectsu/8/g" -e "s/$$mansectform/5/g" $(srcdir)/sudoers_timestamp.mdoc.in | $(MANDOC) -Tman | $(SED) -e 's/^\(\.TH "SUDOERS_TIMESTAMP" \)"5"\(.*\)/\1"'$$mansectform'"\2/' -e "s/(5)/($$mansectform)/g" -e "s/(8)/($$mansectsu)/g" > $@; \ + fi + +./sudoers_timestamp.man: $(top_builddir)/config.status $(srcdir)/sudoers_timestamp.man.in fixman.sed + (cd $(top_builddir) && $(SHELL) config.status --file=-) < $(srcdir)/sudoers_timestamp.man.in | $(SED) -f fixman.sed > $@ + +./sudoers_timestamp.mdoc: $(top_builddir)/config.status $(srcdir)/sudoers_timestamp.mdoc.in + cd $(top_builddir) && $(SHELL) config.status --file=docs/$@ + +$(srcdir)/cvtsudoers.man.in: $(srcdir)/cvtsudoers.mdoc.in + @if [ -n "$(DEVEL)" ]; then \ + echo "Generating $@"; \ + mansectsu=`echo @MANSECTSU@|$(TR) A-Z a-z`; \ + mansectform=`echo @MANSECTFORM@|$(TR) A-Z a-z`; \ + $(SED) -e "s/$$mansectsu/8/g" -e "s/$$mansectform/5/g" $(srcdir)/cvtsudoers.mdoc.in | $(MANDOC) -Tman | $(SED) -e "s/(5)/($$mansectform)/g" -e "s/(8)/($$mansectsu)/g" > $@; \ + fi + +./cvtsudoers.man: $(top_builddir)/config.status $(srcdir)/cvtsudoers.man.in fixman.sed + (cd $(top_builddir) && $(SHELL) config.status --file=-) < $(srcdir)/cvtsudoers.man.in | $(SED) -f fixman.sed > $@ + +./cvtsudoers.mdoc: $(top_builddir)/config.status $(srcdir)/cvtsudoers.mdoc.in + cd $(top_builddir) && $(SHELL) config.status --file=docs/$@ + +$(srcdir)/sudoreplay.man.in: $(srcdir)/sudoreplay.mdoc.in + @if [ -n "$(DEVEL)" ]; then \ + echo "Generating $@"; \ + mansectsu=`echo @MANSECTSU@|$(TR) A-Z a-z`; \ + mansectform=`echo @MANSECTFORM@|$(TR) A-Z a-z`; \ + $(SED) -e "s/$$mansectsu/8/g" -e "s/$$mansectform/5/g" $(srcdir)/sudoreplay.mdoc.in | $(MANDOC) -Tman | $(SED) -e 's/^\(\.TH "SUDOREPLAY" \)"8"\(.*\)/\1"'$$mansectsu'"\2/' -e "s/(5)/($$mansectform)/g" -e "s/(8)/($$mansectsu)/g" > $@; \ + fi + +./sudoreplay.man: $(top_builddir)/config.status $(srcdir)/sudoreplay.man.in fixman.sed + (cd $(top_builddir) && $(SHELL) config.status --file=-) < $(srcdir)/sudoreplay.man.in | $(SED) -f fixman.sed > $@ + +./sudoreplay.mdoc: $(top_builddir)/config.status $(srcdir)/sudoreplay.mdoc.in + cd $(top_builddir) && $(SHELL) config.status --file=docs/$@ + +$(srcdir)/sudo_logsrvd.man.in: $(srcdir)/sudo_logsrvd.mdoc.in + @if [ -n "$(DEVEL)" ]; then \ + echo "Generating $@"; \ + mansectsu=`echo @MANSECTSU@|$(TR) A-Z a-z`; \ + mansectform=`echo @MANSECTFORM@|$(TR) A-Z a-z`; \ + $(SED) -e "s/$$mansectsu/8/g" -e "s/$$mansectform/5/g" $(srcdir)/sudo_logsrvd.mdoc.in | $(MANDOC) -Tman | $(SED) -e 's/^\(\.TH "SUDO_LOGSRVD" \)"8"\(.*\)/\1"'$$mansectsu'"\2/' -e "s/(5)/($$mansectform)/g" -e "s/(8)/($$mansectsu)/g" > $@; \ + fi + +./sudo_logsrvd.man: $(top_builddir)/config.status $(srcdir)/sudo_logsrvd.man.in fixman.sed + (cd $(top_builddir) && $(SHELL) config.status --file=-) < $(srcdir)/sudo_logsrvd.man.in | $(SED) -f fixman.sed > $@ + +./sudo_logsrvd.mdoc: $(top_builddir)/config.status $(srcdir)/sudo_logsrvd.mdoc.in + cd $(top_builddir) && $(SHELL) config.status --file=docs/$@ + +$(srcdir)/sudo_logsrv.proto.man.in: $(srcdir)/sudo_logsrv.proto.mdoc.in + @if [ -n "$(DEVEL)" ]; then \ + echo "Generating $@"; \ + mansectsu=`echo @MANSECTSU@|$(TR) A-Z a-z`; \ + mansectform=`echo @MANSECTFORM@|$(TR) A-Z a-z`; \ + $(SED) -e "s/$$mansectsu/8/g" -e "s/$$mansectform/5/g" $(srcdir)/sudo_logsrv.proto.mdoc.in | $(MANDOC) -Tman | $(SED) -e 's/^\(\.TH "SUDO_LOGSRV.PROTO" \)"5"\(.*\)/\1"'$$mansectform'"\2/' -e "s/(5)/($$mansectform)/g" -e "s/(5)/($$mansectform)/g" > $@; \ + fi + +./sudo_logsrv.proto.man: $(top_builddir)/config.status $(srcdir)/sudo_logsrv.proto.man.in fixman.sed + (cd $(top_builddir) && $(SHELL) config.status --file=-) < $(srcdir)/sudo_logsrv.proto.man.in | $(SED) -f fixman.sed > $@ + +./sudo_logsrv.proto.mdoc: $(top_builddir)/config.status $(srcdir)/sudo_logsrv.proto.mdoc.in + cd $(top_builddir) && $(SHELL) config.status --file=docs/$@ + +$(srcdir)/sudo_logsrvd.conf.man.in: $(srcdir)/sudo_logsrvd.conf.mdoc.in + @if [ -n "$(DEVEL)" ]; then \ + echo "Generating $@"; \ + mansectsu=`echo @MANSECTSU@|$(TR) A-Z a-z`; \ + mansectform=`echo @MANSECTFORM@|$(TR) A-Z a-z`; \ + $(SED) -e "s/$$mansectsu/8/g" -e "s/$$mansectform/5/g" $(srcdir)/sudo_logsrvd.conf.mdoc.in | $(MANDOC) -Tman | $(SED) -e 's/^\(\.TH "SUDO_LOGSRVD.CONF" \)"5"\(.*\)/\1"'$$mansectform'"\2/' -e "s/(5)/($$mansectform)/g" -e "s/(5)/($$mansectform)/g" > $@; \ + fi + +./sudo_logsrvd.conf.man: $(top_builddir)/config.status $(srcdir)/sudo_logsrvd.conf.man.in fixman.sed + (cd $(top_builddir) && $(SHELL) config.status --file=-) < $(srcdir)/sudo_logsrvd.conf.man.in | $(SED) -f fixman.sed > $@ + +./sudo_logsrvd.conf.mdoc: $(top_builddir)/config.status $(srcdir)/sudo_logsrvd.conf.mdoc.in + cd $(top_builddir) && $(SHELL) config.status --file=docs/$@ + +$(srcdir)/sudo_plugin.man.in: $(srcdir)/sudo_plugin.mdoc.in + @if [ -n "$(DEVEL)" ]; then \ + echo "Generating $@"; \ + mansectsu=`echo @MANSECTSU@|$(TR) A-Z a-z`; \ + mansectform=`echo @MANSECTFORM@|$(TR) A-Z a-z`; \ + $(SED) -e "s/$$mansectsu/8/g" -e "s/$$mansectform/5/g" $(srcdir)/sudo_plugin.mdoc.in | $(MANDOC) -Tman | $(SED) -e 's/^\(\.TH "SUDO_PLUGIN" \)"8"\(.*\)/\1"'$$mansectsu'"\2/' -e "s/(5)/($$mansectform)/g" -e "s/(8)/($$mansectsu)/g" > $@; \ + fi + +./sudo_plugin.man: $(top_builddir)/config.status $(srcdir)/sudo_plugin.man.in fixman.sed + (cd $(top_builddir) && $(SHELL) config.status --file=-) < $(srcdir)/sudo_plugin.man.in | $(SED) -f fixman.sed > $@ + +./sudo_plugin.mdoc: $(top_builddir)/config.status $(srcdir)/sudo_plugin.mdoc.in + cd $(top_builddir) && $(SHELL) config.status --file=docs/$@ + +$(srcdir)/sudo_plugin_python.man.in: $(srcdir)/sudo_plugin_python.mdoc.in + @if [ -n "$(DEVEL)" ]; then \ + echo "Generating $@"; \ + mansectsu=`echo @MANSECTSU@|$(TR) A-Z a-z`; \ + mansectform=`echo @MANSECTFORM@|$(TR) A-Z a-z`; \ + $(SED) -e "s/$$mansectsu/8/g" -e "s/$$mansectform/5/g" $(srcdir)/sudo_plugin_python.mdoc.in | $(MANDOC) -Tman | $(SED) -e 's/^\(\.TH "SUDO_PLUGIN" \)"8"\(.*\)/\1"'$$mansectsu'"\2/' -e "s/(5)/($$mansectform)/g" -e "s/(8)/($$mansectsu)/g" > $@; \ + fi + +./sudo_plugin_python.man: $(top_builddir)/config.status $(srcdir)/sudo_plugin_python.man.in fixman.sed + (cd $(top_builddir) && $(SHELL) config.status --file=-) < $(srcdir)/sudo_plugin_python.man.in | $(SED) -f fixman.sed > $@ + +./sudo_plugin_python.mdoc: $(top_builddir)/config.status $(srcdir)/sudo_plugin_python.mdoc.in + cd $(top_builddir) && $(SHELL) config.status --file=docs/$@ + +$(srcdir)/sudo_sendlog.man.in: $(srcdir)/sudo_sendlog.mdoc.in + @if [ -n "$(DEVEL)" ]; then \ + echo "Generating $@"; \ + mansectsu=`echo @MANSECTSU@|$(TR) A-Z a-z`; \ + mansectform=`echo @MANSECTFORM@|$(TR) A-Z a-z`; \ + $(SED) -e "s/$$mansectsu/8/g" -e "s/$$mansectform/5/g" $(srcdir)/sudo_sendlog.mdoc.in | $(MANDOC) -Tman | $(SED) -e 's/^\(\.TH "SUDO_SENDLOG" \)"8"\(.*\)/\1"'$$mansectsu'"\2/' -e "s/(5)/($$mansectform)/g" -e "s/(8)/($$mansectsu)/g" > $@; \ + fi + +./sudo_sendlog.man: $(top_builddir)/config.status $(srcdir)/sudo_sendlog.man.in fixman.sed + (cd $(top_builddir) && $(SHELL) config.status --file=-) < $(srcdir)/sudo_sendlog.man.in | $(SED) -f fixman.sed > $@ + +./sudo_sendlog.mdoc: $(top_builddir)/config.status $(srcdir)/sudo_sendlog.mdoc.in + cd $(top_builddir) && $(SHELL) config.status --file=docs/$@ + +pre-install: + +install: install-doc + +install-dirs: + $(SHELL) $(scriptdir)/mkinstalldirs $(DESTDIR)$(docdir) \ + $(DESTDIR)$(mandirexe) $(DESTDIR)$(mandirform) $(DESTDIR)$(mandirsu) + +install-binaries: + +install-includes: + +install-doc: install-dirs + for f in $(OTHER_DOCS); do $(INSTALL) $(INSTALL_OWNER) -m 0644 $$f $(DESTDIR)$(docdir); done + @LDAP@for f in $(OTHER_DOCS_LDAP); do $(INSTALL) $(INSTALL_OWNER) -m 0644 $$f $(DESTDIR)$(docdir); done + $(INSTALL) $(INSTALL_OWNER) -m 0644 ./cvtsudoers.$(mantype) $(DESTDIR)$(mandirexe)/cvtsudoers.1 + $(INSTALL) $(INSTALL_OWNER) -m 0644 ./sudo.$(mantype) $(DESTDIR)$(mandirsu)/sudo.$(mansectsu) + @LOGSRV@$(INSTALL) $(INSTALL_OWNER) -m 0644 ./sudo_logsrvd.$(mantype) $(DESTDIR)$(mandirsu)/sudo_logsrvd.$(mansectsu) + $(INSTALL) $(INSTALL_OWNER) -m 0644 ./sudo_plugin.$(mantype) $(DESTDIR)$(mandirsu)/sudo_plugin.$(mansectsu) + @PYTHON_PLUGIN@$(INSTALL) $(INSTALL_OWNER) -m 0644 ./sudo_plugin_python.$(mantype) $(DESTDIR)$(mandirsu)/sudo_plugin_python.$(mansectsu) + $(INSTALL) $(INSTALL_OWNER) -m 0644 ./sudo_sendlog.$(mantype) $(DESTDIR)$(mandirsu)/sudo_sendlog.$(mansectsu) + $(INSTALL) $(INSTALL_OWNER) -m 0644 ./sudoreplay.$(mantype) $(DESTDIR)$(mandirsu)/sudoreplay.$(mansectsu) + $(INSTALL) $(INSTALL_OWNER) -m 0644 ./visudo.$(mantype) $(DESTDIR)$(mandirsu)/visudo.$(mansectsu) + $(INSTALL) $(INSTALL_OWNER) -m 0644 ./sudo.conf.$(mantype) $(DESTDIR)$(mandirform)/sudo.conf.$(mansectform) + @LOGSRV@$(INSTALL) $(INSTALL_OWNER) -m 0644 ./sudo_logsrv.proto.$(mantype) $(DESTDIR)$(mandirform)/sudo_logsrv.proto.$(mansectform) + @LOGSRV@$(INSTALL) $(INSTALL_OWNER) -m 0644 ./sudo_logsrvd.conf.$(mantype) $(DESTDIR)$(mandirform)/sudo_logsrvd.conf.$(mansectform) + $(INSTALL) $(INSTALL_OWNER) -m 0644 ./sudoers.$(mantype) $(DESTDIR)$(mandirform)/sudoers.$(mansectform) + $(INSTALL) $(INSTALL_OWNER) -m 0644 ./sudoers_timestamp.$(mantype) $(DESTDIR)$(mandirform)/sudoers_timestamp.$(mansectform) + @LDAP@$(INSTALL) $(INSTALL_OWNER) -m 0644 ./sudoers.ldap.$(mantype) $(DESTDIR)$(mandirform)/sudoers.ldap.$(mansectform) + @if test -n "$(MANCOMPRESS)"; then \ + for f in $(mandirexe)/cvtsudoers.1 $(mandirsu)/sudo.$(mansectsu) $(mandirsu)/sudo_logsrvd.$(mansectsu) $(mandirsu)/sudo_plugin.$(mansectsu) $(mandirsu)/sudo_plugin_python.$(mansectsu) $(mandirsu)/sudo_sendlog.$(mansectsu) $(mandirsu)/sudoreplay.$(mansectsu) $(mandirsu)/visudo.$(mansectsu) $(mandirform)/sudo.conf.$(mansectform) $(mandirform)/sudo_logsrv.proto.$(mansectform) $(mandirform)/sudo_logsrvd.conf.$(mansectform) $(mandirform)/sudoers.$(mansectform) $(mandirform)/sudoers_timestamp.$(mansectform) $(mandirform)/sudoers.ldap.$(mansectform); do \ + if test -f $(DESTDIR)$$f; then \ + echo $(MANCOMPRESS) -f $(DESTDIR)$$f; \ + $(MANCOMPRESS) -f $(DESTDIR)$$f; \ + fi; \ + done; \ + rm -f $(DESTDIR)$(mandirsu)/sudoedit.$(mansectsu)$(MANCOMPRESSEXT); \ + echo ln -s sudo.$(mansectsu)$(MANCOMPRESSEXT) $(DESTDIR)$(mandirsu)/sudoedit.$(mansectsu)$(MANCOMPRESSEXT); \ + ln -s sudo.$(mansectsu)$(MANCOMPRESSEXT) $(DESTDIR)$(mandirsu)/sudoedit.$(mansectsu)$(MANCOMPRESSEXT); \ + else \ + rm -f $(DESTDIR)$(mandirsu)/sudoedit.$(mansectsu); \ + echo ln -s sudo.$(mansectsu) $(DESTDIR)$(mandirsu)/sudoedit.$(mansectsu); \ + ln -s sudo.$(mansectsu) $(DESTDIR)$(mandirsu)/sudoedit.$(mansectsu); \ + fi + +install-plugin: + +install-fuzzer: + +uninstall: + -rm -rf $(DESTDIR)$(docdir) + -rm -f $(DESTDIR)$(mandirexe)/cvtsudoers.1 \ + $(DESTDIR)$(mandirsu)/sudo.$(mansectsu) \ + $(DESTDIR)$(mandirsu)/sudoedit.$(mansectsu) \ + $(DESTDIR)$(mandirsu)/sudo_logsrvd.$(mansectsu) \ + $(DESTDIR)$(mandirsu)/sudo_plugin.$(mansectsu) \ + $(DESTDIR)$(mandirsu)/sudo_plugin_python.$(mansectsu) \ + $(DESTDIR)$(mandirsu)/sudo_sendlog.$(mansectsu) \ + $(DESTDIR)$(mandirsu)/sudoreplay.$(mansectsu) \ + $(DESTDIR)$(mandirsu)/visudo.$(mansectsu) \ + $(DESTDIR)$(mandirform)/sudo.conf.$(mansectform) \ + $(DESTDIR)$(mandirform)/sudo_logsrv.proto.$(mansectform) \ + $(DESTDIR)$(mandirform)/sudo_logsrvd.conf.$(mansectform) \ + $(DESTDIR)$(mandirform)/sudoers.$(mansectform) \ + $(DESTDIR)$(mandirform)/sudoers_timestamp.$(mansectform) \ + $(DESTDIR)$(mandirform)/sudoers.ldap.$(mansectform) + +splint: + +cppcheck: + +pvs-log-files: + +pvs-studio: + +fuzz: + +check-fuzzer: + +check: check-fuzzer + +clean: + -rm -f fixman.sed + +mostlyclean: clean + +distclean: clean + -rm -rf Makefile config.log *.man *.mdoc + +clobber: distclean + +realclean: distclean + +cleandir: distclean + +.PHONY: clean mostlyclean distclean cleandir clobber realclean diff -Nru sudo-1.9.5p2/docs/SECURITY.md sudo-1.9.9/docs/SECURITY.md --- sudo-1.9.5p2/docs/SECURITY.md 1970-01-01 00:00:00.000000000 +0000 +++ sudo-1.9.9/docs/SECURITY.md 2022-01-27 21:24:22.000000000 +0000 @@ -0,0 +1,37 @@ +Sudo Security Policy +==================== + +The Sudo Project takes security seriously. If you believe you have found a security vulnerability in Sudo, please report it to us as described below. + +## Reporting Security Issues + +**Please do not report security vulnerabilities through public GitHub issues or Bugzilla.** + +Instead, please report them via email to . You may encrypt your message with PGP if you would like. The current PGP key has the fingerprint 59D1 E9CC BA2B 3767 04FD D35B A9F4 C021 CEA4 70FB and may be downloaded from [the sudo.ws web site](https://www.sudo.ws/dist/PGPKEYS) or the [OpenPGP Key Server](https://keys.openpgp.org/search?q=0xa9f4c021cea470fb). + +We try to respond to security issues in a timely manner but please understand that Sudo is a volunteer project. + +Please include as much of the following information as possible to help us better understand the nature and scope of the potential issue: + + * Type of issue (e.g. buffer overflow, privilege escalation, etc.) + * Full paths of source file(s) related to the issue + * The location of the affected source code (tag/branch/commit or direct URL) + * Any special configuration required to reproduce the issue + * The operating system and/or distro affected + * Step-by-step instructions to reproduce the issue + * Proof-of-concept or exploit code (if possible) + * Impact of the issue, including how an attacker might exploit the issue + +This information will help us triage your report more quickly. + +As a volunteer-led project, we are not able to offer bug bounties. +However, we'd be happy to send you Sudo stickers as a way of saying +thank you! + +## Preferred Languages + +We prefer all communications to be in English. + +## Disclosure Policy + +The Sudo Project follows the principle of [Coordinated Vulnerability Disclosure](https://vuls.cert.org/confluence/display/CVD/Executive+Summary). Disclosure is usually coordinated using the [distros mailing list](https://oss-security.openwall.org/wiki/mailing-lists/distros). diff -Nru sudo-1.9.5p2/docs/TROUBLESHOOTING.md sudo-1.9.9/docs/TROUBLESHOOTING.md --- sudo-1.9.5p2/docs/TROUBLESHOOTING.md 1970-01-01 00:00:00.000000000 +0000 +++ sudo-1.9.9/docs/TROUBLESHOOTING.md 2022-01-27 21:24:22.000000000 +0000 @@ -0,0 +1,338 @@ +Troubleshooting tips and FAQ for Sudo +===================================== + +#### When I run configure, it says "C compiler cannot create executables". + +> This usually means you either don't have a working compiler. This +> could be due to the lack of a license or that some component of the +> compiler suite could not be found. Check config.log for clues as +> to why this is happening. On many systems, compiler components live +> in /usr/ccs/bin which may not be in your PATH environment variable. + +#### When I run configure, it says "sudo requires the 'ar' utility to build". + +> As part of the build process, sudo creates a temporary library +> containing objects that are shared amongst the different sudo +> executables. On Unix systems, the 'ar' utility is used to do this. +> This error indicates that 'ar' is missing on your system. On Solaris +> systems, you may need to install the SUNWbtool package. On other +> systems 'ar' may be included in the GNU binutils package. + +#### Sudo compiles and installs successfully but when I try to run it I get: + + The "no new privileges" flag is set, which prevents sudo from + running as root. If sudo is running in a container, you may + need to adjust the container configuration to disable the flag. + +> Sudo was run by a process that has the Linux "no new privileges" +> flag set. This causes the set-user-ID bit to be ignored when running +> an executable, which will prevent sudo from functioning. The most +> likely cause for this is running sudo within a container that sets +> this flag. Check the documentation to see if it is possible to +> configure the container such that the flag is not set. + +#### Sudo compiles and installs successfully but when I try to run it I get: + + /usr/local/bin/sudo must be owned by uid 0 and have the setuid bit set + +> Sudo must be set-user-ID root to do its work. Either `/usr/local/bin/sudo` +> is not owned by user-ID 0 or the set-user-ID bit is not set. This should +> have been done for you by `make install` but you can fix it manually by +> running the following as root: + + chown root /usr/local/bin/sudo; chmod 4755 /usr/local/bin/sudo + +#### Sudo compiles and installs successfully but when I try to run it I get: + + effective uid is not 0, is /usr/local/bin/sudo on a file system with the + 'nosuid' option set or an NFS file system without root privileges? + +> The owner and permissions on the sudo binary appear to be OK but when +> sudo ran, the set-user-ID bit did not have an effect. There are two +> common causes for this. The first is that the file system the sudo +> binary is located on is mounted with the 'nosuid' mount option, which +> disables set-user-ID binaries. The output of the 'mount' command should +> tell you if the file system is mounted with the 'nosuid' option. The +> other possible cause is that sudo is installed on an NFS-mounted file +> system that is exported without root privileges. By default, NFS file +> systems are exported with user-ID 0 mapped to a non-privileged ID (usually +> -2). You should be able to determine whether sudo is located on an +> NFS-mounted filesystem by running "df \`which sudo\`". + +#### Sudo never gives me a chance to enter a password using PAM + +It just says "Sorry, try again." three times and exits. + +> You didn't setup PAM to work with sudo. On RedHat or Fedora Linux +> this generally means installing the sample pam.conf file as +> /etc/pam.d/sudo. See the example pam.conf file for hints on what +> to use for other Linux systems. + +#### Sudo says my account has expired but I know it has not + +> If you get the following error from sudo: + + Account expired or PAM config lacks an 'account' section for sudo, + contact your system administrator` + +> when the account has not expired, your PAM config probably lacks +> an 'account' specification. On Linux this usually means you are +> missing a line in /etc/pam.d/sudo similar to: + + account required pam_unix.so + +#### Sudo is configured use syslog but nothing gets logged + +> Make sure you have an entry in your syslog.conf file to save +> the sudo messages (see the example syslog.conf file). The default +> log facility is authpriv (changeable via configure or in sudoers). +> Don't forget to send a SIGHUP to your syslogd so that it re-reads +> its conf file. Also, remember that syslogd does *not* create +> log files, you need to create the file before syslogd will log +> to it (e.g.: touch /var/log/sudo). + +> Note: the facility (e.g. 'auth.debug') must be separated from +> the destination (e.g. '/var/log/auth' or '@loghost') by tabs, +> *not* spaces. This is a common error. + +#### Sudo won't accept my password, even when entered correctly + +> If you are not using pam and your system uses shadow passwords, +> it is possible that sudo didn't properly detect that shadow +> passwords are in use. Take a look at the generated config.h +> file and verify that the C function used for shadow password +> look ups was detected. For instance, for SVR4-style shadow +> passwords, `HAVE_GETSPNAM` should be defined (you can search for +> the string 'shadow passwords' in config.h with your editor). +> Note that there is no define for 4.4BSD-based shadow passwords +> since that just uses the standard getpw* routines. + +#### Can sudo use the ssh agent instead of asking for the user's password? + +> Not directly, but you can use a PAM module like pam_ssh_agent_auth +> or pam_ssh for this purpose. + +#### I want to place the sudoers file in a directory other than /etc + +> Use the `--sysconfdir` option to configure. For example: + + configure --sysconfdir=/dir/you/want/sudoers/in + +> Alternately, you can set the path in the sudo.conf file as an +> argument to the sudoers.so plugin. For example: + + Plugin sudoers_policy sudoers.so sudoers_file=/path/to/sudoers + +#### Can I put the sudoers file in NIS/NIS+? + +> There is no support for making an NIS/NIS+ map/table out of the sudoers +> file at this time. You can distribute the sudoers file via rsync or rdist. +> It is also possible to NFS-mount the sudoers file. If you use LDAP at your +> site you may be interested in sudo's LDAP sudoers support, see +> [README.LDAP.md](../README.LDAP.md) and the sudoers.ldap manual. + +#### I don't run sendmail, does this mean that I cannot use sudo? + +> No, you just need to disable mailing with a line like: + + Defaults !mailerpath + +> in your sudoers file or run configure with the `--without-sendmail` +> option. + +#### How can I make visudo use a different editor? + +> You can specify the editor to use in visudo in the sudoers file. +> See the 'editor' and 'env_editor' entries in the sudoers manual. +> The defaults can also be set at configure time using the +> `--with-editor` and `--with-env-editor` configure options. + +#### Why does sudo modify the command's environment? + +> By default, sudo runs commands with a new, minimal environment. +> The 'env_keep' setting in sudoers can be used to control which +> environment variables are preserved from the invoking user's +> environment via the 'env_keep' setting in sudoers. +> +> While it is possible to disable the 'env_reset' setting, which +> will preserve all environment variables that don't match a black +> list, doing so is strongly discouraged. See the "Command +> environment" section of the sudoers manual for more information. + +#### Why does sudo reset the HOME environment variable? + +> Many programs use the HOME environment variable to locate +> configuration and data files. Often, these configuration files +> are treated as trusted input that affects how the program operates. +> By controlling the configuration files, a user may be able to +> cause the program to execute other commands without sudo's +> restrictions or logging. +> +> Some programs perform extra checks when the real and effective +> user-IDs differ, but because sudo runs commands with all user-IDs +> set to the target user, these checks are insufficient. +> +> While it is possible to preserve the value of the HOME environment +> variable by adding it to the 'env_keep' list in the sudoers file, +> doing so is strongly discouraged. Users wishing to edit files +> with sudo should run sudoedit (or sudo -e) to get their accustomed +> editor configuration instead of invoking the editor directly. + +#### How can I prevent sudo from asking for a password? + +> To specify this on a per-user (and per-command) basis, use the +> 'NOPASSWD' tag right before the command list in sudoers. See +> the sudoers man page and examples/sudoers for details. To disable +> passwords completely, add '!authenticate' to the Defaults line +> in /etc/sudoers. You can also turn off authentication on a +> per-user or per-host basis using a user or host-specific Defaults +> entry in sudoers. To hard-code the global default, you can +> configure with the `--without-passwd` option. + +#### The configure scripts says `no acceptable cc found in $PATH` + +> /usr/ucb/cc was the only C compiler that configure could find. +> You need to tell configure the path to the 'real' C compiler +> via the `--with-CC option`. On Solaris, the path is probably +> something like /opt/SUNWspro/SC4.0/bin/cc. If you have gcc +> that will also work. + +#### The configure scripts says "config.cache exists from another platform!" + +> configure caches the results of its tests in a file called +> config.cache to make re-running configure speedy. However, +> if you are building sudo for a different platform the results +> in config.cache will be wrong so you need to remove the config.cache file. +> You can do this via `rm config.cache` or `make realclean`. +> Note that `make realclean` will also remove any object files +> and configure temp files that are laying around as well. + +#### When I run 'visudo' it says "sudoers file busy, try again later." + +> Someone else is currently editing the sudoers file with visudo. + +#### When I try to use 'cd' with sudo it says "cd: command not found" + +> 'cd' is a shell built-in command, you can't run it as a command +> since a child process (sudo) cannot affect the current working +> directory of the parent (your shell). + +#### When I try to use 'cd' with sudo nothing happens. + +> Even though 'cd' is a shell built-in command, some operating systems +> include a /usr/bin/cd command for completeness. A standalone +> "cd' command is totally useless since a child process (cd) cannot +> affect the current working directory of the parent (your shell). +> Thus, `sudo cd /foo` will start a child process, change the +> directory and immediately exit without doing anything useful. + +#### How can I run a command via sudo as a user other than root? + +> The default user sudo tries to run things as is always root, even if +> the invoking user can only run commands as a single, specific user. +> This may change in the future but at the present time you have to +> work around this using the 'runas_default' option in sudoers. +> For example, given the following sudoers rule: + + bob ALL=(oracle) ALL + +> You can cause sudo to run all commands as 'oracle' for user 'bob' +> with a sudoers entry like: + + Defaults:bob runas_default=oracle + +#### When I try to run sudo via ssh, I get an error: + + sudo: a terminal is required to read the password; either use the -S + option to read from standard input or configure an askpass helper + +> If sudo needs to authenticate a user, it requires access to the user's +> terminal to disable echo so the password is not displayed to the screen. +> The above message indicates that no terminal was present. + +> When running a command via ssh, a terminal is not allocated by default +> which can cause this message. The '-t' option to ssh will force it to +> allocate a tty. Alternately, you may be able to use the ssh-askpass +> utility to prompt for the password if X11 forwarding is enabled and an +> askpass helper is configured in the sudo.conf file. If you do not mind +> your password being echoed to the screen, you may use sudo's -S option +> to read the password from the standard input. Alternately, you may set +> the 'visiblepw' sudoers option which will allow the password to be entered +> even when echo cannot be disabled, though this is not recommended. + +#### When I try to use SSL-enabled LDAP with sudo I get an error: + + unable to initialize SSL cert and key db: security library: bad database. + you must set TLS_CERT in /etc/ldap.conf to use SSL + +> On systems that use a Mozilla-derived LDAP SDK there must be a +> certificate database in place to use SSL-encrypted LDAP connections. +> This file is usually /var/ldap/cert8.db or /etc/ldap/cert8.db. +> The actual number after 'cert' will vary, depending on the version +> of the LDAP SDK that is being used. If you do not have a certificate +> database you can either copy one from a mozilla-derived browser, such +> as firefox, or create one using the `certutil` command. You can run +> `certutil` as follows and press the (or ) key at the +> password prompt: + + # certutil -N -d /var/ldap + +> Enter a password which will be used to encrypt your keys. +> The password should be at least 8 characters long, +> and should contain at least one non-alphabetic character. + + Enter new password: + Re-enter password: + +#### On HP-UX, the umask setting in sudoers has no effect. + +> If your /etc/pam.conf file has the libpam_hpsec.so.1 session module +> enabled, you may need to a add line like the following to pam.conf: +> sudo session required libpam_hpsec.so.1 bypass_umask + +#### When I run `sudo -i shell_alias` I get "command not found" + +> Commands run via `sudo -i` are executed by the shell in +> non-interactive mode. The bash shell will only parse aliases in +> interactive mode unless the 'expand_aliases' shell option is +> set. If you add `shopt -s expand_aliases` to your .bash_profile +> (or .profile if using that instead) the aliases should now be +> available to `sudo -i`. + +#### When I run sudo on AIX I get the following error: + + setuidx(ID_EFFECTIVE|ID_REAL|ID_SAVED, ROOT_UID): Operation not permitted. + +> AIX's Enhanced RBAC is preventing sudo from running. To fix +> this, add the following entry to /etc/security/privcmds (adjust +> the path to sudo as needed) and run the setkst command as root: + + /usr/local/bin/sudo: + accessauths = ALLOW_ALL + innateprivs = PV_DAC_GID,PV_DAC_R,PV_DAC_UID,PV_DAC_X,PV_FS_CHOWN,PV_PROC_PRIO,PV_NET_PORT,PV_NET_CNTL,PV_SU_UID + secflags = FSF_EPS + +#### Sudo builds without error but when I run it I get a Segmentation fault. + +> If you are on a Linux system, the first thing to try is to run +> configure with the `--disable-pie` option, then `make clean` and +> `make`. If that fixes the problem then your operating system +> does not properly support position independent executables. +> Please send a message to sudo@sudo.ws with system details such +> as the Linux distro, kernel version, and CPU architecture. + +#### When I run configure I get the following error: + + dlopen present but libtool doesn't appear to support your platform. + +> Libtool doesn't know how to support dynamic linking on the operating +> system you are building for. If you are cross-compiling, you need to +> specify the operating system, not just the CPU type. For example, +> `--host powerpc-unknown-linux` +> instead of just: +> `--host powerpc` + +#### How do you pronounce 'sudo'? + +> The official pronunciation is soo-doo (for su 'do'). However, an +> alternate pronunciation, a homophone of 'pseudo', is also common. diff -Nru sudo-1.9.5p2/docs/UPGRADE.md sudo-1.9.9/docs/UPGRADE.md --- sudo-1.9.5p2/docs/UPGRADE.md 1970-01-01 00:00:00.000000000 +0000 +++ sudo-1.9.9/docs/UPGRADE.md 2022-01-27 21:24:22.000000000 +0000 @@ -0,0 +1,570 @@ +Notes on upgrading from an older release +======================================== + + * Upgrading from a version prior to 1.9.9: + + Sudo now runs commands with the core limit resource limit set + to 0 by default. While most operating systems restrict core + dumps of set-user-ID programs like sudo, this protection is + lost when sudo executes a command. By disabling core dumps by + default, it is possible to avoid potential security problems + such as those seen with the Linux logrotate utility, which could + interpret a core dump as a valid configuration file. + + * Upgrading from a version prior to 1.9.7: + + Sudo now links with OpenSSL 1.0.1 or higher by default if it + is present on the system unless it is explicitly disabled (via + `--disable-openssl`), or unless the sudo log client and server + code is disabled (via `--disable-log-client` and `--disable-log-server`). + As a result, the sudo log server (and the client built into the + sudoers plugin) now support TLS connections by default. + + * Upgrading from a version prior to 1.9.3: + + Due to the addition of the CHROOT and CWD options, it is no + longer possible to declare an alias with one of those names. + If a sudoers file has an alias with one of those names, sudo + and visudo will report a syntax error with a message like + "syntax error: unexpected CHROOT, expecting ALIAS". + + Starting with version 1.9.3, sudoers rules must end in either + a newline or the end-of-file. This makes it possible to provide + better error messages. Previously, it was possible to include + multiple rules on a single line, separated by white space. + + Starting with version 1.9.3, sudo will attempt to recover from + a syntax error in the sudoers file by discarding the portion + of the line that contains the error until the end of the line. + To restore the historic behavior of refusing to run when a + syntax error is encountered, add `error_recovery=false` as a + plugin option in sudo.conf for the "sudoers_audit" plugin, (or + "sudoers_policy" if there is no "sudoers_audit" plugin configured). + + * Upgrading from a version prior to 1.9.1: + + Starting with version 1.9.1, sudoers plugin arguments in sudo.conf + should be specified for the "sudoers_audit" plugin, not + "sudoers_policy". This is because the sudoers file is now + opened and parsed by the "sudoers_audit" plugin. Previously, + this was done by the "sudoers_policy" plugin. The use of an + audit plugin makes it possible for the sudoers module to detect + when a command has been rejected by an approval plugin and only + log commands that are allowed by both policy and approval + plugins. + + * Upgrading from a version prior to 1.8.30: + + Starting with version 1.8.30, sudo will no longer allow commands + to be run as a user or group ID that is not in the password or + group databases by default. Previously, sudo would always allow + unknown user or group IDs if the sudoers entry permitted it, + including via the _ALL_ alias. The old behavior can be restored + by setting the new "allow_unknown_runas_id" Defaults setting + in the sudoers file. + + * Upgrading from a version prior to 1.8.29: + + Starting with version 1.8.29, if the umask is explicitly set + in sudoers, that value is used regardless of the umask specified + by PAM or login.conf. However, if the umask is not explicitly + set in sudoers, PAM, or login.conf may now override the default + sudoers umask. Previously, the sudoers umask always overrode + the umask set by PAM, which was not the documented behavior. + + * Upgrading from a version prior to 1.8.28: + + Starting with version 1.8.28, sudo stores the signal that caused + a command to be suspended or resumed as a string in the I/O log + timing file. The version of sudoreplay included with sudo + 1.8.28 can process either type of I/O log file but older versions + of sudoreplay are unable to replay the newer logs. + + Starting with version 1.8.28, sudoedit honors the umask and + umask_override settings in sudoers. Previously, the user's + umask was used as-is. + + * Upgrading from a version prior to 1.8.26: + + Starting with version 1.8.26, sudo no long sets the USERNAME + environment variable when running commands. This is a non-standard + environment variable that was set on some older Linux systems. + Sudo still sets the LOGNAME, USER, and, on AIX systems, LOGIN + environment variables. + + Handling of the LOGNAME, USER (and on AIX, LOGIN) environment + variables has changed slightly in version 1.8.26. Sudo now + treats those variables as a single unit. This means that if + one variable is preserved or removed from the environment using + env_keep, env_check, or env_delete, the others are too. + + * Upgrading from a version prior to 1.8.23: + + In sudo 1.8.23 the "sudoers2ldif" script and the `visudo -x` + functionality has been superseded by the "cvtsudoers" utility. + The cvtsudoers utility is intended to be a drop-in replacement + for "sudoers2ldif". Because it uses the same parser as sudo + and visudo, cvtsudoers can perform a more accurate conversion + than sudoers2ldif could. + + To convert a sudoers file to JSON, the format option must be + specified. For example, instead of: + + visudo -f sudoers_file -x output_file + + one would use: + + cvtsudoers -f json -o output_file sudoers_file + + Note that unlike "visudo -x", "cvtsudoers" reads from the + standard input by default. Also, the base DN may be specified + on the command line, if desired, using the -b option. + + * Upgrading from a version prior to 1.8.20: + + Due to the addition of the TIMEOUT, NOTBEFORE, and NOTAFTTER + options, it is no longer possible to declare an alias with one + of those names. If a sudoers file has an alias with one of + those names, sudo, and visudo will report a syntax error with a + message like "syntax error: unexpected TIMEOUT, expecting ALIAS". + + Starting with version 1.9.3, sudoers rules must end in either + Prior to version 1.8.20, when log_input, log_output, or use_pty + were enabled, if any of the standard input, output, or error + were not connected to a terminal, sudo would use a pipe. The + pipe allows sudo to interpose itself between the old standard + input, output, or error and log the contents. Beginning with + version 1.8.20, a pipe is only used when I/O logging is enabled. + If use_pty is set without log_input or log_output, no pipe will + be used. Additionally, if log_input is set without log_output, + a pipe is only used for the standard input. Likewise, if + log_output is set without log_input, a pipe is only used for + the standard output and standard error. This results in a + noticeable change in behavior if the use_pty flag is set and no + terminal is present when running commands such as scripts that + execute other commands asynchronously (in the background). + Previously, sudo would exit immediately, causing background + commands to terminate with a broken pipe if they attempt to + write to the standard output or standard error. As of version + 1.8.20, a pipe will not be used in this case so the command + will no longer be terminated. + + * Upgrading from a version prior to 1.8.16: + + When editing files with sudoedit, files in a directory that is + writable by the invoking user may no longer be edited by default. + Also, sudoedit will refuse to follow a symbolic link in the + path to be edited if that directory containing the link is + writable by the user. This behavior can be disabled by negating + the sudoedit_checkdir sudoers option, which is now enabled by + default. + + * Upgrading from a version prior to 1.8.15: + + Prior to version 1.8.15, when env_reset was enabled (the default) + and the -s option was not used, the SHELL environment variable + was set to the shell of the invoking user. In 1.8.15 and above, + when env_reset is enabled and the -s option is not used, SHELL + is set based on the target user. + + When editing files with sudoedit, symbolic links will no longer + be followed by default. The old behavior can be restored by + enabling the sudoedit_follow option in sudoers or on a per-command + basis with the FOLLOW and NOFOLLOW tags. + + Prior to version 1.8.15, groups listed in sudoers that were not + found in the system group database were passed to the group + plugin, if any. Starting with 1.8.15, only groups of the form + %:group are resolved via the group plugin by default. The old + behavior can be restored by using the always_query_group_plugin + sudoers option. + + Locking of the time stamp file has changed in sudo 1.8.15. + Previously, the user's entire time stamp file was locked while + retrieving and updating a time stamp record. Now, only a single + record, specific to the tty or parent process ID, is locked. + This lock is held while the user enters their password. If + sudo is suspended at the password prompt (or run in the + background), the lock is dropped until sudo is resumed, at which + point it will be reacquired. This allows sudo to be used in a + pipeline even when a password is required--only one instance + of sudo will prompt for a password. + + * Upgrading from a version prior to 1.8.14: + + On HP-UX, sudo will no longer check for "plugin.sl" if "plugin.so" + is specified but does not exist. This was a temporary hack for + backward compatibility with Sudo 1.8.6 and below when the + plugin path name was not listed in sudo.conf. A plugin path + name that explicitly ends in ".sl" will still work as expected. + + * Upgrading from a version prior to 1.8.12: + + On Solaris, sudo is now able to determine the NIS domain name. + As a result, if you had previously been using netgroups that + do not include the domain, you will need to either set the + domain in the entry or leave the domain part of the tuple blank. + + For example, the following will no longer work: + + my-hosts (foo,-,-) (bar,-,-) (baz,-,-) + + and should be changed to: + + my-hosts (foo,-,) (bar,-,) (baz,-,) + + * Upgrading from a version prior to 1.8.10: + + The time stamp file format has changed in sudo 1.8.10. There + is now a single time stamp file for each user, even when tty-based + time stamps are used. Each time stamp file may contain multiple + records to support tty-based time stamps as well as multiple + authentication users. On systems that support it, monotonic + time is stored instead of wall clock time. As a result, it is + important that the time stamp files not persist when the system + reboots. For this reason, the default location for the time + stamp files has changed back to a directory located in `/var/run`. + Systems that do not have `/var/run` (e.g. AIX) or that do not clear + it on boot (e.g. HP-UX) will need to clear the time stamp + directory via a start up script. Such a script is installed by + default on AIX and HP-UX systems. + + Because there is now a single time stamp file per user, the -K + option will remove all of the user's time stamps, not just the + time stamp for the current terminal. + + Lecture status is now stored separately from the time stamps in a + separate directory: `/var/db/sudo/lectured`, `/var/lib/sudo/lectured` + or `/var/adm/sudo/lectured` depending on what is present on the system. + + LDAP-based sudoers now uses a default search filter of + (objectClass=sudoRole) for more efficient queries. It is + possible to disable the default search filter by specifying + SUDOERS_SEARCH_FILTER in ldap.conf but omitting a value. + + * Upgrading from a version prior to 1.8.7: + + Sudo now stores its libexec files in a "sudo" sub-directory + instead of in libexec itself. For backward compatibility, if + the plugin is not found in the default plugin directory, sudo + will check the parent directory default directory ends in `/sudo`. + + The default sudo plugins now all use the .so extension, regardless + of the extension used by system shared libraries. For backward + compatibility, sudo on HP-UX will also search for a plugin with + an .sl extension if the .so version is not found. + + Handling of users belonging to a large number of groups has + changed. Previously, sudo would only use the group list from + the kernel unless the system_group plugin was enabled in sudoers. + Now, sudo will query the groups database if the user belongs + to the maximum number of groups supported by the kernel. See + the group_source and max_groups settings in the sudo.conf manual + for details. + + * Upgrading from a version prior to 1.8.2: + + When matching Unix groups in the sudoers file, sudo will now + match based on the name of the group as it appears in sudoers + instead of the group-ID. This can substantially reduce the + number of group lookups for sudoers files that contain a large + number of groups. There are a few side effects of this change. + + 1) Unix groups with different names but the same group-ID are + can no longer be used interchangeably. Sudo will look up all + of a user's groups by group-ID and use the resulting group + names when matching sudoers entries. If there are multiple + groups with the same ID, the group name returned by the + system getgrgid() library function is the name that will be + used when matching sudoers entries. + + 2) Unix group names specified in the sudoers file that are + longer than the system maximum will no longer match. For + instance, if there is a Unix group "fireflie" on a system + where group names are limited to eight characters, "%fireflies" + in sudoers will no longer match "fireflie". Previously, a + lookup by name of the group "fireflies" would have matched + the "fireflie" group on most systems. + + The legacy group matching behavior may be restored by enabling + the match_group_by_gid Defaults option in sudoers available + in sudo 1.8.18 and higher. + + * Upgrading from a version prior to 1.8.1: + + Changes in the sudoers parser could result in parse errors for + existing sudoers file. These changes cause certain erroneous + entries to be flagged as errors where before they allowed. + Changes include: + + Combining multiple Defaults entries with a backslash. E.g. + + Defaults set_path \ + Defaults syslog + + which should be: + + Defaults set_path + Defaults syslog + + Also, double-quoted strings with a missing end-quote are now + detected and result in an error. Previously, text starting a + double quote and ending with a newline was ignored. E.g. + + Defaults set_path"foo + + In previous versions of sudo, the _"foo_ portion would have + been ignored. + + To avoid problems, sudo 1.8.1's `make install` will not install + a new sudo binary if the existing sudoers file has errors. + + In Sudo 1.8.1 the _noexec_ functionality has moved out of the + sudoers policy plugin and into the sudo front-end. As a result, + the path to the noexec file is now specified in the sudo.conf + file instead of the sudoers file. If you have a sudoers file + that uses the "noexec_file" option, you will need to move the + definition to the sudo.conf file instead. + + Old style in `/etc/sudoers`: + + Defaults noexec_file=/usr/local/libexec/sudo_noexec.so + + New style in `/etc/sudo.conf`: + + Path noexec /usr/local/libexec/sudo_noexec.so + + * Upgrading from a version prior to 1.8.0: + + Starting with version 1.8.0, sudo uses a modular framework to + support policy and I/O logging plugins. The default policy + plugin is "sudoers" which provides the traditional sudoers + evaluation and I/O logging. Plugins are typically located in + `/usr/libexec` or `/usr/local/libexec`, though this is system-dependent. + The sudoers plugin is named "sudoers.so" on most systems. + + The sudo.conf file, usually stored in `/etc`, is used to configure + plugins. This file is optional--if no plugins are specified + in sudo.conf, the "sudoers" plugin is used. See the example + sudo.conf file in the docs directory or refer to the updated + sudo manual to see how to configure sudo.conf. + + The "askpass" setting has moved from the sudoers file to the + sudo.conf file. If you have a sudoers file that uses the + "askpass" option, you will need to move the definition to the + sudo.conf file. + + Old style in `/etc/sudoers`: + + Defaults askpass=/usr/X11R6/bin/ssh-askpass + + New style in `/etc/sudo.conf`: + + Path askpass /usr/X11R6/bin/ssh-askpass + + * Upgrading from a version prior to 1.7.5: + + Sudo 1.7.5 includes an updated LDAP schema with support for + the sudoNotBefore, sudoNotAfter, and sudoOrder attributes. + + The sudoNotBefore and sudoNotAfter attribute support is only + used when the SUDOERS_TIMED setting is enabled in ldap.conf. + If enabled, those attributes are used directly when constructing + an LDAP filter. As a result, your LDAP server must have the + updated schema if you want to use sudoNotBefore and sudoNotAfter. + + The sudoOrder support does not affect the LDAP filter sudo + constructs and so there is no need to explicitly enable it in + ldap.conf. If the sudoOrder attribute is not present in an + entry, a value of 0 is used. If no entries contain sudoOrder + attributes, the results are in whatever order the LDAP server + returns them, as in past versions of sudo. + + Older versions of sudo will simply ignore the new attributes + if they are present in an entry. There are no compatibility + problems using the updated schema with older versions of sudo. + + * Upgrading from a version prior to 1.7.4: + + Starting with sudo 1.7.4, the time stamp files have moved from + `/var/run/sudo` to either `/var/db/sudo`, `/var/lib/sudo`, or + `/var/adm/sudo`. The directories are checked for existence in + that order. This prevents users from receiving the sudo lecture + every time the system reboots. Time stamp files older than the + boot time are ignored on systems where it is possible to determine + this. + + Additionally, the tty_tickets sudoers option is now enabled by + default. To restore the old behavior (single time stamp per user), + add a line like: + + Defaults !tty_tickets + + to sudoers or use the `--without-tty-tickets` configure option. + + The HOME and MAIL environment variables are now reset based on the + target user's password database entry when the env_reset sudoers option + is enabled (which is the case in the default configuration). Users + wishing to preserve the original values should use a sudoers entry like: + + Defaults env_keep += HOME + + to preserve the old value of HOME and + + Defaults env_keep += MAIL + + to preserve the old value of MAIL. + + NOTE: preserving HOME has security implications since many programs + use it when searching for configuration files. Adding HOME to env_keep + may enable a user to run unrestricted commands via sudo. + + The default syslog facility has changed from "local2" to "authpriv" + (or "auth" if the operating system doesn't have "authpriv"). + The `--with-logfac` configure option can be used to change this + or it can be changed in the sudoers file. + + * Upgrading from a version prior to 1.7.0: + + Starting with sudo 1.7.0, comments in the sudoers file must not + have a digit or minus sign immediately after the comment character + ('#'). Otherwise, the comment may be interpreted as a user or + group-ID. + + When sudo is build with LDAP support the `/etc/nsswitch.conf` file is + now used to determine the sudoers sea ch order. sudo will default to + only using `/etc/sudoers` unless `/etc/nsswitch.conf` says otherwise. + This can be changed with an nsswitch.conf line, e.g.: + + sudoers: ldap files + + Would case LDAP to be searched first, then the sudoers file. + To restore the pre-1.7.0 behavior, run configure with the + `--with-nsswitch=no` flag. + + Sudo now ignores user .ldaprc files as well as system LDAP defaults. + All LDAP configuration is now in `/etc/ldap.conf` (or whichever file + was specified by configure's `--with-ldap-conf-file` option). + If you are using TLS, you may now need to specify: + + tls_checkpeer no + + in sudo's ldap.conf unless ldap.conf references a valid certificate + authority file(s). + + Please also see the NEWS file for a list of new features in + sudo 1.7.0. + + * Upgrading from a version prior to 1.6.9: + + Starting with sudo 1.6.9, if an OS supports a modular authentication + method such as PAM, it will be used by default by configure. + + Environment variable handling has changed significantly in sudo + 1.6.9. Prior to version 1.6.9, sudo would preserve the user's + environment, pruning out potentially dangerous variables. + Beginning with sudo 1.6.9, the environment is reset to a default + set of values with only a small number of "safe" variables + preserved. To preserve specific environment variables, add + them to the "env_keep" list in sudoers. E.g. + + Defaults env_keep += "EDITOR" + + The old behavior can be restored by negating the "env_reset" + option in sudoers. E.g. + + Defaults !env_reset + + There have also been changes to how the "env_keep" and + "env_check" options behave. + + Prior to sudo 1.6.9, the TERM and PATH environment variables + would always be preserved even if the env_keep option was + redefined. That is no longer the case. Consequently, if + env_keep is set with "=" and not simply appended to (i.e. using + "+="), PATH and TERM must be explicitly included in the list + of environment variables to keep. The LOGNAME, SHELL, USER, + and USERNAME environment variables are still always set. + + Additionally, the env_check setting previously had no effect + when env_reset was set (which is now on by default). Starting + with sudo 1.6.9, environment variables listed in env_check are + also preserved in the env_reset case, provided that they do not + contain a '/' or '%' character. Note that it is not necessary + to also list a variable in env_keep--having it in env_check is + sufficient. + + The default lists of variables to be preserved and/or checked + are displayed when sudo is run by root with the -V flag. + + * Upgrading from a version prior to 1.6.8: + + Prior to sudo 1.6.8, if `/var/run` did not exist, sudo would put + the time stamp files in `/tmp/.odus`. As of sudo 1.6.8, the + time stamp files will be placed in `/var/adm/sudo` or `/usr/adm/sudo` + if there is no `/var/run directory`. This directory will be + created if it does not already exist. + + Previously, a sudoers entry that explicitly prohibited running + a command as a certain user did not override a previous entry + allowing the same command. This has been fixed in sudo 1.6.8 + such that the last match is now used (as it is documented). + Hopefully no one was depending on the previous (buggy) behavior. + + * Upgrading from a version prior to 1.6: + + As of sudo 1.6, parsing of runas entries and the NOPASSWD tag + has changed. Prior to 1.6, a runas specifier applied only to + a single command directly following it. Likewise, the NOPASSWD + tag only allowed the command directly following it to be run + without a password. Starting with sudo 1.6, both the runas + specifier and the NOPASSWD tag are "sticky" for an entire + command list. So, given the following line in sudo < 1.6 + + millert ALL=(daemon) NOPASSWD:/usr/bin/whoami,/bin/ls + + millert would be able to run `/usr/bin/whoami` as user daemon + without a password and `/bin/ls` as root with a password. + + As of sudo 1.6, the same line now means that millert is able + to run run both `/usr/bin/whoami` and `/bin/ls` as user daemon + without a password. To expand on this, take the following + example: + + millert ALL=(daemon) NOPASSWD:/usr/bin/whoami, (root) /bin/ls, \ + /sbin/dump + + millert can run `/usr/bin/whoami` as daemon and `/bin/ls` and + `/sbin/dump` as root. No password need be given for either + command. In other words, the "(root)" sets the default runas + user to root for the rest of the list. If we wanted to require + a password for `/bin/ls` and `/sbin/dump` the line could be written + as: + + millert ALL=(daemon) NOPASSWD:/usr/bin/whoami, \ + (root) PASSWD:/bin/ls, /sbin/dump + + Additionally, sudo now uses a per-user time stamp directory + instead of a time stamp file. This allows tty time stamps to + simply be files within the user's time stamp dir. For the + default, non-tty case, the time stamp on the directory itself + is used. + + Also, the temporary file used by visudo is now `/etc/sudoers.tmp` + since some versions of vipw on systems with shadow passwords use + `/etc/stmp` for the temporary shadow file. + + * Upgrading from a version prior to 1.5: + + By default, sudo expects the sudoers file to be mode 0440 and + to be owned by user and group 0. This differs from version 1.4 + and below which expected the sudoers file to be mode 0400 and + to be owned by root. Doing a `make install` will set the sudoers + file to the new mode and group. If sudo encounters a sudoers + file with the old permissions it will attempt to update it to + the new scheme. You cannot, however, use a sudoers file with + the new permissions with an old sudo binary. It is suggested + that if have a means of distributing sudo you distribute the + new binaries first, then the new sudoers file (or you can leave + sudoers as is and sudo will fix the permissions itself as long + as sudoers is on a local file system). diff -Nru sudo-1.9.5p2/docs/cvtsudoers.man.in sudo-1.9.9/docs/cvtsudoers.man.in --- sudo-1.9.5p2/docs/cvtsudoers.man.in 1970-01-01 00:00:00.000000000 +0000 +++ sudo-1.9.9/docs/cvtsudoers.man.in 2022-01-27 21:24:22.000000000 +0000 @@ -0,0 +1,639 @@ +.\" Automatically generated from an mdoc input file. Do not edit. +.\" +.\" SPDX-License-Identifier: ISC +.\" +.\" Copyright (c) 2018, 2021-2022 Todd C. Miller +.\" +.\" Permission to use, copy, modify, and distribute this software for any +.\" purpose with or without fee is hereby granted, provided that the above +.\" copyright notice and this permission notice appear in all copies. +.\" +.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES +.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF +.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR +.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES +.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN +.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF +.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. +.\" +.TH "CVTSUDOERS" "1" "January 19, 2022" "Sudo @PACKAGE_VERSION@" "General Commands Manual" +.nh +.if n .ad l +.SH "NAME" +\fBcvtsudoers\fR +\- convert between sudoers file formats +.SH "SYNOPSIS" +.HP 11n +\fBcvtsudoers\fR +[\fB\-ehMpV\fR] +[\fB\-b\fR\ \fIdn\fR] +[\fB\-c\fR\ \fIconf_file\fR] +[\fB\-d\fR\ \fIdeftypes\fR] +[\fB\-f\fR\ \fIoutput_format\fR] +[\fB\-i\fR\ \fIinput_format\fR] +[\fB\-I\fR\ \fIincrement\fR] +[\fB\-l\fR\ \fIlog_file\fR] +[\fB\-m\fR\ \fIfilter\fR] +[\fB\-o\fR\ \fIoutput_file\fR] +[\fB\-O\fR\ \fIstart_point\fR] +[\fB\-P\fR\ \fIpadding\fR] +[\fB\-s\fR\ \fIsections\fR] +[\fIinput_file\ ...\fR] +.SH "DESCRIPTION" +The +\fBcvtsudoers\fR +utility accepts one or more security policies in either +\fIsudoers\fR +or LDIF format as input, and generates a single +policy of the specified format as output. +The default input format is +\fIsudoers.\fR +The default output format is LDIF. +It is only possible to convert a policy file that is syntactically correct. +.PP +If no +\fIinput_file\fR +is specified, or if it is +\(oq-\(cq, +the policy is read from the standard input. +Input files may be optionally prefixed with a host name followed by a colon +(\(oq:\&\(cq) +to make the policy rules specific to a host when merging multiple files. +By default, the result is written to the standard output. +.PP +The options are as follows: +.TP 12n +\fB\-b\fR \fIdn\fR, \fB\--base\fR=\fIdn\fR +The base DN (distinguished name) that will be used when performing +LDAP queries. +Typically this is of the form +\fRou=SUDOers,dc=my-domain,dc=com\fR +for the domain +\fRmy-domain.com\fR. +If this option is not specified, the value of the +\fRSUDOERS_BASE\fR +environment variable will be used instead. +Only necessary when converting to LDIF format. +.TP 12n +\fB\-c\fR \fIconf_file\fR, \fB\--config\fR=\fIconf_file\fR +Specify the path to the configuration file. +Defaults to +\fI@sysconfdir@/cvtsudoers.conf\fR. +.TP 12n +\fB\-d\fR \fIdeftypes\fR, \fB\--defaults\fR=\fIdeftypes\fR +Only convert +\fRDefaults\fR +entries of the specified types. +One or more +\fRDefaults\fR +types may be specified, separated by a comma +(\(oq\&,\(cq). +The supported types are: +.PP +.RS 12n +.PD 0 +.TP 10n +all +All Defaults entries. +.PD +.TP 10n +global +Global Defaults entries that are applied regardless of +user, runas, host, or command. +.TP 10n +user +Per-user Defaults entries. +.TP 10n +runas +Per-runas user Defaults entries. +.TP 10n +host +Per-host Defaults entries. +.TP 10n +command +Per-command Defaults entries. +.PP +See the +\fBDefaults\fR +section in +sudoers(@mansectform@) +for more information. +.sp +If the +\fB\-d\fR +option is not specified, all +\fRDefaults\fR +entries will be converted. +.RE +.TP 12n +\fB\-e\fR, \fB\--expand-aliases\fR +Expand aliases in +\fIinput_file\fR. +Aliases are preserved by default when the output +\fIformat\fR +is JSON or sudoers. +.TP 12n +\fB\-f\fR \fIoutput_format\fR, \fB\--output-format\fR=\fIoutput_format\fR +Specify the output format (case-insensitive). +The following formats are supported: +.PP +.RS 12n +.PD 0 +.TP 10n +CSV +CSV (comma-separated value) files are often used by spreadsheets +and report generators. +For CSV output, +\fBcvtsudoers\fR +double quotes strings that contain commas. +For each literal double quote character present inside the string, +two double quotes are output. +This method of quoting commas is compatible with most spreadsheet programs. +.PD +.TP 10n +JSON +JSON (JavaScript Object Notation) files are usually easier for +third-party applications to consume than the traditional +\fIsudoers\fR +format. +The various values have explicit types which removes much of the +ambiguity of the +\fIsudoers\fR +format. +.TP 10n +LDIF +LDIF (LDAP Data Interchange Format) files can be imported into an LDAP +server for use with +sudoers.ldap(@mansectform@). +.sp +Conversion to LDIF has the following limitations: +.PP +.RS 10n +.PD 0 +.TP 3n +\fB\(bu\fR +Command, host, runas, and user-specific Defaults lines cannot be +translated as they don't have an equivalent in the sudoers LDAP schema. +.PD +.TP 3n +\fB\(bu\fR +Command, host, runas, and user aliases are not supported by the +sudoers LDAP schema so they are expanded during the conversion. +.PD 0 +.PP +.RE +.PD +.TP 10n +sudoers +Traditional sudoers format. +A new sudoers file will be reconstructed from the parsed input file. +Comments are not preserved and data from any include files will be +output inline. +.PD 0 +.PP +.RE +.PD +.TP 12n +\fB\--group-file\fR=\fIfile\fR +When the +\fB\-M\fR +option is also specified, perform group queries using +\fIfile\fR +instead of the system group database. +.TP 12n +\fB\-h\fR, \fB\--help\fR +Display a short help message to the standard output and exit. +.TP 12n +\fB\-i\fR \fIinput_format\fR, \fB\--input-format\fR=\fIinput_format\fR +Specify the input format. +The following formats are supported: +.PP +.RS 12n +.PD 0 +.TP 10n +LDIF +LDIF (LDAP Data Interchange Format) files can be exported from an LDAP +server to convert security policies used by +sudoers.ldap(@mansectform@). +If a base DN (distinguished name) is specified, only sudoRole objects +that match the base DN will be processed. +Not all sudoOptions specified in a sudoRole can be translated from +LDIF to sudoers format. +.PD +.TP 10n +sudoers +Traditional sudoers format. +This is the default input format. +.PD 0 +.PP +.RE +.PD +.TP 12n +\fB\-I\fR \fIincrement\fR, \fB\--increment\fR=\fIincrement\fR +When generating LDIF output, increment each sudoOrder attribute by +the specified number. +Defaults to an increment of 1. +.TP 12n +\fB\-l\fR \fIlog_file\fR, \fB\--logfile\fR=\fIlog_file\fR +Log conversion warnings to +\fIlog_file\fR +instead of to the standard error. +This is particularly useful when merging multiple +\fIsudoers\fR +files, which can generate a large number of warnings. +.TP 12n +\fB\-m\fR \fIfilter\fR, \fB\--match\fR=\fIfilter\fR +Only output rules that match the specified +\fIfilter\fR. +A +\fIfilter\fR +expression is made up of one or more +\fBkey =\fR \fIvalue\fR +pairs, separated by a comma +(\(oq\&,\(cq). +The +\fBkey\fR +may be +\(lqcmnd\(rq +(or \(lqcmd\(rq), +\(lqhost\(rq, +\(lqgroup\(rq, +or +\(lquser\(rq. +For example, +\fBuser\fR = \fIoperator\fR +or +\fBhost\fR = \fIwww\fR. +An upper-case Cmnd_Alias, Host_alias, or Host_Alias may be specified as the +\(lqcmnd\(rq, +\(lqhost\(rq, +or +\(lquser\(rq. +.sp +A matching +\fIsudoers\fR +rule may also include users, groups, and hosts that are not part of the +\fIfilter\fR. +This can happen when a rule includes multiple users, groups, or hosts. +To prune out any non-matching user, group, or host from the rules, the +\fB\-p\fR +option may be used. +.sp +By default, the password and group databases are not consulted when matching +against the filter so the users and groups do not need to be present +on the local system (see the +\fB\-M\fR +option). +Only aliases that are referenced by the filtered policy rules will +be displayed. +.TP 12n +\fB\-M\fR, \fB\--match-local\fR +When the +\fB\-m\fR +option is also specified, use password and group database information +when matching users and groups in the filter. +Only users and groups in the filter that exist on the local system will match, +and a user's groups will automatically be added to the filter. +If the +\fB\-M\fR +is +\fInot\fR +specified, users and groups in the filter do not need to exist on the +local system, but all groups used for matching must be explicitly listed +in the filter. +.TP 12n +\fB\-o\fR \fIoutput_file\fR, \fB\--output\fR=\fIoutput_file\fR +Write the converted output to +\fIoutput_file\fR. +If no +\fIoutput_file\fR +is specified, or if it is +\(oq-\(cq, +the converted +\fIsudoers\fR +policy will be written to the standard output. +.TP 12n +\fB\-O\fR \fIstart_point\fR, \fB\--order-start\fR=\fIstart_point\fR +When generating LDIF output, use the number specified by +\fIstart_point\fR +in the sudoOrder attribute of the first sudoRole object. +Subsequent sudoRole object use a sudoOrder value generated by adding an +\fIincrement\fR, +see the +\fB\-I\fR +option for details. +Defaults to a starting point of 1. +A starting point of 0 will disable the generation of sudoOrder +attributes in the resulting LDIF file. +.TP 12n +\fB\--passwd-file\fR=\fIfile\fR +When the +\fB\-M\fR +option is also specified, perform passwd queries using +\fIfile\fR +instead of the system passwd database. +.TP 12n +\fB\-p\fR, \fB\--prune-matches\fR +When the +\fB\-m\fR +option is also specified, +\fBcvtsudoers\fR +will prune out non-matching users, groups, and hosts from +matching entries. +.TP 12n +\fB\-P\fR \fIpadding\fR, \fB\--padding\fR=\fIpadding\fR +When generating LDIF output, construct the initial sudoOrder value by +concatenating +\fIorder_start\fR +and +\fIincrement\fR, +padding the +\fIincrement\fR +with zeros until it consists of +\fIpadding\fR +digits. +For example, if +\fIorder_start\fR +is 1027, +\fIpadding\fR +is 3, and +\fIincrement\fR +is 1, the value of sudoOrder for the first entry will be 1027000, +followed by 1027001, 1027002, etc. +If the number of sudoRole entries is larger than the padding would allow, +\fBcvtsudoers\fR +will exit with an error. +By default, no padding is performed. +.TP 12n +\fB\-s\fR \fIsections\fR, \fB\--suppress\fR=\fIsections\fR +Suppress the output of specific +\fIsections\fR +of the security policy. +One or more section names may be specified, separated by a comma +(\(oq\&,\(cq). +The supported section name are: +\fBdefaults\fR, +\fBaliases\fR +and +\fBprivileges\fR +(which may be shortened to +\fBprivs\fR). +.TP 12n +\fB\-V\fR, \fB\--version\fR +Print the +\fBcvtsudoers\fR +and +\fIsudoers\fR +grammar versions and exit. +.SS "Merging multiple files" +When multiple input files are specified, +\fBcvtsudoers\fR +will attempt to merge them into a single policy file. +It is assumed that user and group names are consistent among +the policy files to be merged. +For example, user +\(lqbob\(rq +on one host is the same as user +\(lqbob\(rq +on another host. +.PP +When merging policy files, it is possible to prefix the input file name +with a host name, separated by a colon +(\(oq:\&\(cq). +When the files are merged, the host name will be used to restrict +the policy rules to that specific host where possible. +.PP +The merging process is performed as follows: +.TP 3n +\fB\(bu\fR +Each input file is parsed into internal sudoers data structures. +.TP 3n +\fB\(bu\fR +Aliases are merged and renamed as necessary to avoid conflicts. +In the event of a conflict, the first alias found is left as-is and +subsequent aliases of the same name are renamed with a numeric suffix +separated with a underscore +(\(oq_\(cq). +For example, if there are two different aliases named +\fRSERVERS\fR, +the first will be left as-is and the second will be renamed +\fRSERVERS_1\fR. +References to the renamed alias are also updated in the policy file. +Duplicate aliases (those with identical contents) are pruned. +.TP 3n +\fB\(bu\fR +Defaults settings are merged and duplicates are removed. +If there are conflicts in the Defaults settings, a warning is emitted for +each conflict. +If a host name is specified with the input file, +\fBcvtsudoers\fR +will change the global Defaults settings in that file to be host-specific. +A warning is emitted for command, user, or runas-specific Defaults settings +which cannot be made host-specific. +.TP 3n +\fB\(bu\fR +Per-user rules are merged and duplicates are removed. +If a host name is specified with the input file, +\fBcvtsudoers\fR +will change rules that specify a host name of +\fRALL\fR +to the host name associated with the policy file being merged. +The merging of rules is currently fairly simplistic but will be +improved in a later release. +.PP +It is possible to merge policy files with differing formats. +.SS "The cvtsudoers.conf file" +Options in the form +\(lqkeyword = value\(rq +may also be specified in a configuration file, +\fI@sysconfdir@/cvtsudoers.conf\fR +by default. +The following keywords are recognized: +.TP 6n +\fBdefaults =\fR \fIdeftypes\fR +See the description of the +\fB\-d\fR +command line option. +.TP 6n +\fBexpand_aliases =\fR \fIyes\fR | \fIno\fR +See the description of the +\fB\-e\fR +command line option. +.TP 6n +\fBgroup_file =\fR \fIfile\fR +See the description of the +\fB\--group-file\fR +command line option. +.TP 6n +\fBinput_format =\fR \fIldif\fR | \fIsudoers\fR +See the description of the +\fB\-i\fR +command line option. +.TP 6n +\fBmatch =\fR \fIfilter\fR +See the description of the +\fB\-m\fR +command line option. +.TP 6n +\fBmatch_local =\fR \fIyes\fR | \fIno\fR +See the description of the +\fB\-M\fR +command line option. +.TP 6n +\fBorder_increment =\fR \fIincrement\fR +See the description of the +\fB\-I\fR +command line option. +.TP 6n +\fBorder_start =\fR \fIstart_point\fR +See the description of the +\fB\-O\fR +command line option. +.TP 6n +\fBoutput_format =\fR \fIcsv\fR | \fIjson\fR | \fIldif\fR | \fIsudoers\fR +See the description of the +\fB\-f\fR +command line option. +.TP 6n +\fBpadding =\fR \fIpadding\fR +See the description of the +\fB\-P\fR +command line option. +.TP 6n +\fBpasswd_file =\fR \fIfile\fR +See the description of the +\fB\--passwd-file\fR +command line option. +.TP 6n +\fBprune_matches =\fR \fIyes\fR | \fIno\fR +See the description of the +\fB\-p\fR +command line option. +.TP 6n +\fBsudoers_base =\fR \fIdn\fR +See the description of the +\fB\-b\fR +command line option. +.TP 6n +\fBsuppress =\fR \fIsections\fR +See the description of the +\fB\-s\fR +command line option. +.PP +Options on the command line will override values from the +configuration file. +.SH "FILES" +.TP 26n +\fI@sysconfdir@/cvtsudoers.conf\fR +default configuration for cvtsudoers +.SH "EXAMPLES" +Convert +\fI/etc/sudoers\fR +to LDIF (LDAP Data Interchange Format) where the +\fIldap.conf\fR +file uses a +\fIsudoers_base\fR +of my-domain,dc=com, storing the result in +\fIsudoers.ldif\fR: +.nf +.sp +.RS 6n +$ cvtsudoers -b ou=SUDOers,dc=my-domain,dc=com -o sudoers.ldif \e + /etc/sudoers +.RE +.fi +.PP +Convert +\fI/etc/sudoers\fR +to JSON format, storing the result in +\fIsudoers.json\fR: +.nf +.sp +.RS 6n +$ cvtsudoers -f json -o sudoers.json /etc/sudoers +.RE +.fi +.PP +Parse +\fI/etc/sudoers\fR +and display only rules that match user +\fIambrose\fR +on host +\fIhastur\fR: +.nf +.sp +.RS 6n +$ cvtsudoers -f sudoers -m user=ambrose,host=hastur /etc/sudoers +.RE +.fi +.PP +Same as above, but expand aliases and prune out any non-matching +users and hosts from the expanded entries. +.nf +.sp +.RS 6n +$ cvtsudoers -ep -f sudoers -m user=ambrose,host=hastur /etc/sudoers +.RE +.fi +.PP +Convert +\fIsudoers.ldif\fR +from LDIF to traditional +\fIsudoers\fR +format: +.nf +.sp +.RS 6n +$ cvtsudoers -i ldif -f sudoers -o sudoers.new sudoers.ldif +.RE +.fi +.PP +Merge a global +\fIsudoers\fR +file with two host-specific policy files from the hosts +\(lqxyzzy\(rq +and +\(lqplugh\(rq: +.nf +.sp +.RS 6n +$ cvtsudoers -f sudoers -o sudoers.merged sudoers \e + xyzzy:sudoers.xyzzy plugh:sudoers.plugh +.RE +.fi +.SH "SEE ALSO" +sudoers(@mansectform@), +sudoers.ldap(@mansectform@), +sudo(@mansectsu@) +.SH "AUTHORS" +Many people have worked on +\fBsudo\fR +over the years; this version consists of code written primarily by: +.sp +.RS 6n +Todd C. Miller +.RE +.PP +See the CONTRIBUTORS file in the +\fBsudo\fR +distribution (https://www.sudo.ws/contributors.html) for an +exhaustive list of people who have contributed to +\fBsudo\fR. +.SH "BUGS" +If you feel you have found a bug in +\fBcvtsudoers\fR, +please submit a bug report at https://bugzilla.sudo.ws/ +.SH "SUPPORT" +Limited free support is available via the sudo-users mailing list, +see https://www.sudo.ws/mailman/listinfo/sudo-users to subscribe or +search the archives. +.SH "DISCLAIMER" +\fBcvtsudoers\fR +is provided +\(lqAS IS\(rq +and any express or implied warranties, including, but not limited +to, the implied warranties of merchantability and fitness for a +particular purpose are disclaimed. +See the LICENSE file distributed with +\fBsudo\fR +or https://www.sudo.ws/license.html for complete details. diff -Nru sudo-1.9.5p2/docs/cvtsudoers.mdoc.in sudo-1.9.9/docs/cvtsudoers.mdoc.in --- sudo-1.9.5p2/docs/cvtsudoers.mdoc.in 1970-01-01 00:00:00.000000000 +0000 +++ sudo-1.9.9/docs/cvtsudoers.mdoc.in 2022-01-27 21:24:22.000000000 +0000 @@ -0,0 +1,553 @@ +.\" +.\" SPDX-License-Identifier: ISC +.\" +.\" Copyright (c) 2018, 2021-2022 Todd C. Miller +.\" +.\" Permission to use, copy, modify, and distribute this software for any +.\" purpose with or without fee is hereby granted, provided that the above +.\" copyright notice and this permission notice appear in all copies. +.\" +.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES +.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF +.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR +.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES +.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN +.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF +.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. +.\" +.Dd January 19, 2022 +.Dt CVTSUDOERS 1 +.Os Sudo @PACKAGE_VERSION@ +.Sh NAME +.Nm cvtsudoers +.Nd convert between sudoers file formats +.Sh SYNOPSIS +.Nm cvtsudoers +.Op Fl ehMpV +.Op Fl b Ar dn +.Op Fl c Ar conf_file +.Op Fl d Ar deftypes +.Op Fl f Ar output_format +.Op Fl i Ar input_format +.Op Fl I Ar increment +.Op Fl l Ar log_file +.Op Fl m Ar filter +.Op Fl o Ar output_file +.Op Fl O Ar start_point +.Op Fl P Ar padding +.Op Fl s Ar sections +.Op Ar input_file ... +.Sh DESCRIPTION +The +.Nm +utility accepts one or more security policies in either +.Em sudoers +or LDIF format as input, and generates a single +policy of the specified format as output. +The default input format is +.Em sudoers. +The default output format is LDIF. +It is only possible to convert a policy file that is syntactically correct. +.Pp +If no +.Ar input_file +is specified, or if it is +.Ql - , +the policy is read from the standard input. +Input files may be optionally prefixed with a host name followed by a colon +.Pq Ql :\& +to make the policy rules specific to a host when merging multiple files. +By default, the result is written to the standard output. +.Pp +The options are as follows: +.Bl -tag -width Fl +.It Fl b Ar dn , Fl -base Ns = Ns Ar dn +The base DN (distinguished name) that will be used when performing +LDAP queries. +Typically this is of the form +.Li ou=SUDOers,dc=my-domain,dc=com +for the domain +.Li my-domain.com . +If this option is not specified, the value of the +.Ev SUDOERS_BASE +environment variable will be used instead. +Only necessary when converting to LDIF format. +.It Fl c Ar conf_file , Fl -config Ns = Ns Ar conf_file +Specify the path to the configuration file. +Defaults to +.Pa @sysconfdir@/cvtsudoers.conf . +.It Fl d Ar deftypes , Fl -defaults Ns = Ns Ar deftypes +Only convert +.Li Defaults +entries of the specified types. +One or more +.Li Defaults +types may be specified, separated by a comma +.Pq Ql \&, . +The supported types are: +.Bl -tag -width 8n +.It all +All Defaults entries. +.It global +Global Defaults entries that are applied regardless of +user, runas, host, or command. +.It user +Per-user Defaults entries. +.It runas +Per-runas user Defaults entries. +.It host +Per-host Defaults entries. +.It command +Per-command Defaults entries. +.El +.Pp +See the +.Sy Defaults +section in +.Xr sudoers @mansectform@ +for more information. +.Pp +If the +.Fl d +option is not specified, all +.Li Defaults +entries will be converted. +.It Fl e , Fl -expand-aliases +Expand aliases in +.Ar input_file . +Aliases are preserved by default when the output +.Ar format +is JSON or sudoers. +.It Fl f Ar output_format , Fl -output-format Ns = Ns Ar output_format +Specify the output format (case-insensitive). +The following formats are supported: +.Bl -tag -width 8n +.It CSV +CSV (comma-separated value) files are often used by spreadsheets +and report generators. +For CSV output, +.Nm +double quotes strings that contain commas. +For each literal double quote character present inside the string, +two double quotes are output. +This method of quoting commas is compatible with most spreadsheet programs. +.It JSON +JSON (JavaScript Object Notation) files are usually easier for +third-party applications to consume than the traditional +.Em sudoers +format. +The various values have explicit types which removes much of the +ambiguity of the +.Em sudoers +format. +.It LDIF +LDIF (LDAP Data Interchange Format) files can be imported into an LDAP +server for use with +.Xr sudoers.ldap @mansectform@ . +.Pp +Conversion to LDIF has the following limitations: +.Bl -bullet -width 1n +.It +Command, host, runas, and user-specific Defaults lines cannot be +translated as they don't have an equivalent in the sudoers LDAP schema. +.It +Command, host, runas, and user aliases are not supported by the +sudoers LDAP schema so they are expanded during the conversion. +.El +.It sudoers +Traditional sudoers format. +A new sudoers file will be reconstructed from the parsed input file. +Comments are not preserved and data from any include files will be +output inline. +.El +.It Fl -group-file Ns = Ns Ar file +When the +.Fl M +option is also specified, perform group queries using +.Ar file +instead of the system group database. +.It Fl h , Fl -help +Display a short help message to the standard output and exit. +.It Fl i Ar input_format , Fl -input-format Ns = Ns Ar input_format +Specify the input format. +The following formats are supported: +.Bl -tag -width 8n +.It LDIF +LDIF (LDAP Data Interchange Format) files can be exported from an LDAP +server to convert security policies used by +.Xr sudoers.ldap @mansectform@ . +If a base DN (distinguished name) is specified, only sudoRole objects +that match the base DN will be processed. +Not all sudoOptions specified in a sudoRole can be translated from +LDIF to sudoers format. +.It sudoers +Traditional sudoers format. +This is the default input format. +.El +.It Fl I Ar increment , Fl -increment Ns = Ns Ar increment +When generating LDIF output, increment each sudoOrder attribute by +the specified number. +Defaults to an increment of 1. +.It Fl l Ar log_file , Fl -logfile Ns = Ns Ar log_file +Log conversion warnings to +.Ar log_file +instead of to the standard error. +This is particularly useful when merging multiple +.Em sudoers +files, which can generate a large number of warnings. +.It Fl m Ar filter , Fl -match Ns = Ns Ar filter +Only output rules that match the specified +.Ar filter . +A +.Ar filter +expression is made up of one or more +.Sy key = Ar value +pairs, separated by a comma +.Pq Ql \&, . +The +.Sy key +may be +.Dq cmnd +.Pq or Dq cmd , +.Dq host , +.Dq group , +or +.Dq user . +For example, +.Sy user No = Ar operator +or +.Sy host No = Ar www . +An upper-case Cmnd_Alias, Host_alias, or Host_Alias may be specified as the +.Dq cmnd , +.Dq host , +or +.Dq user . +.Pp +A matching +.Em sudoers +rule may also include users, groups, and hosts that are not part of the +.Ar filter . +This can happen when a rule includes multiple users, groups, or hosts. +To prune out any non-matching user, group, or host from the rules, the +.Fl p +option may be used. +.Pp +By default, the password and group databases are not consulted when matching +against the filter so the users and groups do not need to be present +on the local system (see the +.Fl M +option). +Only aliases that are referenced by the filtered policy rules will +be displayed. +.It Fl M , Fl -match-local +When the +.Fl m +option is also specified, use password and group database information +when matching users and groups in the filter. +Only users and groups in the filter that exist on the local system will match, +and a user's groups will automatically be added to the filter. +If the +.Fl M +is +.Em not +specified, users and groups in the filter do not need to exist on the +local system, but all groups used for matching must be explicitly listed +in the filter. +.It Fl o Ar output_file , Fl -output Ns = Ns Ar output_file +Write the converted output to +.Ar output_file . +If no +.Ar output_file +is specified, or if it is +.Ql - , +the converted +.Em sudoers +policy will be written to the standard output. +.It Fl O Ar start_point , Fl -order-start Ns = Ns Ar start_point +When generating LDIF output, use the number specified by +.Ar start_point +in the sudoOrder attribute of the first sudoRole object. +Subsequent sudoRole object use a sudoOrder value generated by adding an +.Ar increment , +see the +.Fl I +option for details. +Defaults to a starting point of 1. +A starting point of 0 will disable the generation of sudoOrder +attributes in the resulting LDIF file. +.It Fl -passwd-file Ns = Ns Ar file +When the +.Fl M +option is also specified, perform passwd queries using +.Ar file +instead of the system passwd database. +.It Fl p , Fl -prune-matches +When the +.Fl m +option is also specified, +.Nm +will prune out non-matching users, groups, and hosts from +matching entries. +.It Fl P Ar padding , Fl -padding Ns = Ns Ar padding +When generating LDIF output, construct the initial sudoOrder value by +concatenating +.Ar order_start +and +.Ar increment , +padding the +.Ar increment +with zeros until it consists of +.Ar padding +digits. +For example, if +.Ar order_start +is 1027, +.Ar padding +is 3, and +.Ar increment +is 1, the value of sudoOrder for the first entry will be 1027000, +followed by 1027001, 1027002, etc. +If the number of sudoRole entries is larger than the padding would allow, +.Nm +will exit with an error. +By default, no padding is performed. +.It Fl s Ar sections , Fl -suppress Ns = Ns Ar sections +Suppress the output of specific +.Ar sections +of the security policy. +One or more section names may be specified, separated by a comma +.Pq Ql \&, . +The supported section name are: +.Sy defaults , +.Sy aliases +and +.Sy privileges +(which may be shortened to +.Sy privs ) . +.It Fl V , -version +Print the +.Nm +and +.Em sudoers +grammar versions and exit. +.El +.Ss Merging multiple files +When multiple input files are specified, +.Nm +will attempt to merge them into a single policy file. +It is assumed that user and group names are consistent among +the policy files to be merged. +For example, user +.Dq bob +on one host is the same as user +.Dq bob +on another host. +.Pp +When merging policy files, it is possible to prefix the input file name +with a host name, separated by a colon +.Pq Ql :\& . +When the files are merged, the host name will be used to restrict +the policy rules to that specific host where possible. +.Pp +The merging process is performed as follows: +.Bl -bullet -width 1n +.It +Each input file is parsed into internal sudoers data structures. +.It +Aliases are merged and renamed as necessary to avoid conflicts. +In the event of a conflict, the first alias found is left as-is and +subsequent aliases of the same name are renamed with a numeric suffix +separated with a underscore +.Pq Ql _ . +For example, if there are two different aliases named +.Li SERVERS , +the first will be left as-is and the second will be renamed +.Li SERVERS_1 . +References to the renamed alias are also updated in the policy file. +Duplicate aliases (those with identical contents) are pruned. +.It +Defaults settings are merged and duplicates are removed. +If there are conflicts in the Defaults settings, a warning is emitted for +each conflict. +If a host name is specified with the input file, +.Nm +will change the global Defaults settings in that file to be host-specific. +A warning is emitted for command, user, or runas-specific Defaults settings +which cannot be made host-specific. +.It +Per-user rules are merged and duplicates are removed. +If a host name is specified with the input file, +.Nm +will change rules that specify a host name of +.Li ALL +to the host name associated with the policy file being merged. +The merging of rules is currently fairly simplistic but will be +improved in a later release. +.El +.Pp +It is possible to merge policy files with differing formats. +.Ss The cvtsudoers.conf file +Options in the form +.Dq keyword = value +may also be specified in a configuration file, +.Pa @sysconfdir@/cvtsudoers.conf +by default. +The following keywords are recognized: +.Bl -tag -width 4n +.It Sy defaults = Ar deftypes +See the description of the +.Fl d +command line option. +.It Sy expand_aliases = Ar yes | no +See the description of the +.Fl e +command line option. +.It Sy group_file = Ar file +See the description of the +.Fl -group-file +command line option. +.It Sy input_format = Ar ldif | sudoers +See the description of the +.Fl i +command line option. +.It Sy match = Ar filter +See the description of the +.Fl m +command line option. +.It Sy match_local = Ar yes | no +See the description of the +.Fl M +command line option. +.It Sy order_increment = Ar increment +See the description of the +.Fl I +command line option. +.It Sy order_start = Ar start_point +See the description of the +.Fl O +command line option. +.It Sy output_format = Ar csv | json | ldif | sudoers +See the description of the +.Fl f +command line option. +.It Sy padding = Ar padding +See the description of the +.Fl P +command line option. +.It Sy passwd_file = Ar file +See the description of the +.Fl -passwd-file +command line option. +.It Sy prune_matches = Ar yes | no +See the description of the +.Fl p +command line option. +.It Sy sudoers_base = Ar dn +See the description of the +.Fl b +command line option. +.It Sy suppress = Ar sections +See the description of the +.Fl s +command line option. +.El +.Pp +Options on the command line will override values from the +configuration file. +.Sh FILES +.Bl -tag -width 24n +.It Pa @sysconfdir@/cvtsudoers.conf +default configuration for cvtsudoers +.El +.Sh EXAMPLES +Convert +.Pa /etc/sudoers +to LDIF (LDAP Data Interchange Format) where the +.Pa ldap.conf +file uses a +.Em sudoers_base +of my-domain,dc=com, storing the result in +.Pa sudoers.ldif : +.Bd -literal -offset indent +$ cvtsudoers -b ou=SUDOers,dc=my-domain,dc=com -o sudoers.ldif \e + /etc/sudoers +.Ed +.Pp +Convert +.Pa /etc/sudoers +to JSON format, storing the result in +.Pa sudoers.json : +.Bd -literal -offset indent +$ cvtsudoers -f json -o sudoers.json /etc/sudoers +.Ed +.Pp +Parse +.Pa /etc/sudoers +and display only rules that match user +.Em ambrose +on host +.Em hastur : +.Bd -literal -offset indent +$ cvtsudoers -f sudoers -m user=ambrose,host=hastur /etc/sudoers +.Ed +.Pp +Same as above, but expand aliases and prune out any non-matching +users and hosts from the expanded entries. +.Bd -literal -offset indent +$ cvtsudoers -ep -f sudoers -m user=ambrose,host=hastur /etc/sudoers +.Ed +.Pp +Convert +.Pa sudoers.ldif +from LDIF to traditional +.Em sudoers +format: +.Bd -literal -offset indent +$ cvtsudoers -i ldif -f sudoers -o sudoers.new sudoers.ldif +.Ed +.Pp +Merge a global +.Em sudoers +file with two host-specific policy files from the hosts +.Dq xyzzy +and +.Dq plugh : +.Bd -literal -offset indent +$ cvtsudoers -f sudoers -o sudoers.merged sudoers \e + xyzzy:sudoers.xyzzy plugh:sudoers.plugh +.Ed +.Sh SEE ALSO +.Xr sudoers @mansectform@ , +.Xr sudoers.ldap @mansectform@ , +.Xr sudo @mansectsu@ +.Sh AUTHORS +Many people have worked on +.Nm sudo +over the years; this version consists of code written primarily by: +.Bd -ragged -offset indent +.An Todd C. Miller +.Ed +.Pp +See the CONTRIBUTORS file in the +.Nm sudo +distribution (https://www.sudo.ws/contributors.html) for an +exhaustive list of people who have contributed to +.Nm sudo . +.Sh BUGS +If you feel you have found a bug in +.Nm , +please submit a bug report at https://bugzilla.sudo.ws/ +.Sh SUPPORT +Limited free support is available via the sudo-users mailing list, +see https://www.sudo.ws/mailman/listinfo/sudo-users to subscribe or +search the archives. +.Sh DISCLAIMER +.Nm +is provided +.Dq AS IS +and any express or implied warranties, including, but not limited +to, the implied warranties of merchantability and fitness for a +particular purpose are disclaimed. +See the LICENSE file distributed with +.Nm sudo +or https://www.sudo.ws/license.html for complete details. diff -Nru sudo-1.9.5p2/docs/fixman.sh sudo-1.9.9/docs/fixman.sh --- sudo-1.9.5p2/docs/fixman.sh 1970-01-01 00:00:00.000000000 +0000 +++ sudo-1.9.9/docs/fixman.sh 2022-01-27 21:24:22.000000000 +0000 @@ -0,0 +1,39 @@ +#!/bin/sh +# +# SPDX-License-Identifier: ISC +# +# Copyright (c) 2012-2014, 2017 Todd C. Miller +# +# Permission to use, copy, modify, and distribute this software for any +# purpose with or without fee is hereby granted, provided that the above +# copyright notice and this permission notice appear in all copies. +# +# THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES +# WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF +# MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR +# ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES +# WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN +# ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF +# OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. +# + +OUTFILE="$1" +rm -f "$OUTFILE" +> "$OUTFILE" + +# HP-UX friendly header/footer for all man pages +if [ X"`uname 2>&1`" = X"HP-UX" ]; then + cat >>"$OUTFILE" <<-'EOF' + s/^\.TH \("[^"]*"\) \("[^"]*"\) "\([^"]*\)" "\([^"]*\)" \("[^"]*"\)/.TH \1 \2\ + .ds )H \4\ + .ds ]W \3/ +EOF +fi + +# Replace "0 minutes" with "unlimited" +cat >>"$OUTFILE" <<-'EOF' + /^\\fR0\\fR$/ { + N + s/^\\fR0\\fR\nminutes\.$/unlimited./ + } +EOF diff -Nru sudo-1.9.5p2/docs/fixmdoc.sed sudo-1.9.9/docs/fixmdoc.sed --- sudo-1.9.5p2/docs/fixmdoc.sed 1970-01-01 00:00:00.000000000 +0000 +++ sudo-1.9.9/docs/fixmdoc.sed 2022-01-27 21:24:22.000000000 +0000 @@ -0,0 +1,5 @@ +# Replace "0 minutes" with "unlimited" +/^\.Li 0$/ { + N + s/^\.Li 0\nminutes\.$/unlimited./ +} diff -Nru sudo-1.9.5p2/docs/schema.ActiveDirectory sudo-1.9.9/docs/schema.ActiveDirectory --- sudo-1.9.5p2/docs/schema.ActiveDirectory 1970-01-01 00:00:00.000000000 +0000 +++ sudo-1.9.9/docs/schema.ActiveDirectory 2022-01-27 21:24:22.000000000 +0000 @@ -0,0 +1,255 @@ +# +# Active Directory Schema for sudo configuration (sudoers) +# +# To extend your Active Directory schema, run one of the following command +# on your Windows DC (default port - Active Directory): +# +# ldifde -i -f schema.ActiveDirectory -c "CN=Schema,CN=Configuration,DC=X" #schemaNamingContext +# +# or on your Windows DC if using another port (with Active Directory LightWeight Directory Services / ADAM-Active Directory Application Mode) +# Port 50000 by example (or any other port specified when defining the ADLDS/ADAM instance +# +# ldifde -i -f schema.ActiveDirectory -t 50000 -c "CN=Schema,CN=Configuration,DC=X" #schemaNamingContext +# +# or +# +# ldifde -i -f schema.ActiveDirectory -s server:port -c "CN=Schema,CN=Configuration,DC=X" #schemaNamingContext +# +# Can add username domain and password +# +# -b username domain password +# +# Can create Log file in current or any directory +# +# -j . +# + +dn: CN=sudoUser,CN=Schema,CN=Configuration,DC=X +changetype: add +objectClass: top +objectClass: attributeSchema +cn: sudoUser +distinguishedName: CN=sudoUser,CN=Schema,CN=Configuration,DC=X +instanceType: 4 +attributeID: 1.3.6.1.4.1.15953.9.1.1 +attributeSyntax: 2.5.5.5 +isSingleValued: FALSE +showInAdvancedViewOnly: TRUE +adminDisplayName: sudoUser +adminDescription: User(s) who may run sudo +oMSyntax: 22 +searchFlags: 1 +lDAPDisplayName: sudoUser +name: sudoUser +schemaIDGUID:: JrGcaKpnoU+0s+HgeFjAbg== +objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X + +dn: CN=sudoHost,CN=Schema,CN=Configuration,DC=X +changetype: add +objectClass: top +objectClass: attributeSchema +cn: sudoHost +distinguishedName: CN=sudoHost,CN=Schema,CN=Configuration,DC=X +instanceType: 4 +attributeID: 1.3.6.1.4.1.15953.9.1.2 +attributeSyntax: 2.5.5.5 +isSingleValued: FALSE +showInAdvancedViewOnly: TRUE +adminDisplayName: sudoHost +adminDescription: Host(s) who may run sudo +oMSyntax: 22 +lDAPDisplayName: sudoHost +name: sudoHost +schemaIDGUID:: d0TTjg+Y6U28g/Y+ns2k4w== +objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X + +dn: CN=sudoCommand,CN=Schema,CN=Configuration,DC=X +changetype: add +objectClass: top +objectClass: attributeSchema +cn: sudoCommand +distinguishedName: CN=sudoCommand,CN=Schema,CN=Configuration,DC=X +instanceType: 4 +attributeID: 1.3.6.1.4.1.15953.9.1.3 +attributeSyntax: 2.5.5.5 +isSingleValued: FALSE +showInAdvancedViewOnly: TRUE +adminDisplayName: sudoCommand +adminDescription: Command(s) to be executed by sudo +oMSyntax: 22 +lDAPDisplayName: sudoCommand +name: sudoCommand +schemaIDGUID:: D6QR4P5UyUen3RGYJCHCPg== +objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X + +dn: CN=sudoRunAs,CN=Schema,CN=Configuration,DC=X +changetype: add +objectClass: top +objectClass: attributeSchema +cn: sudoRunAs +distinguishedName: CN=sudoRunAs,CN=Schema,CN=Configuration,DC=X +instanceType: 4 +attributeID: 1.3.6.1.4.1.15953.9.1.4 +attributeSyntax: 2.5.5.5 +isSingleValued: FALSE +showInAdvancedViewOnly: TRUE +adminDisplayName: sudoRunAs +adminDescription: User(s) impersonated by sudo (deprecated) +oMSyntax: 22 +lDAPDisplayName: sudoRunAs +name: sudoRunAs +schemaIDGUID:: CP98mCQTyUKKxGrQeM80hQ== +objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X + +dn: CN=sudoOption,CN=Schema,CN=Configuration,DC=X +changetype: add +objectClass: top +objectClass: attributeSchema +cn: sudoOption +distinguishedName: CN=sudoOption,CN=Schema,CN=Configuration,DC=X +instanceType: 4 +attributeID: 1.3.6.1.4.1.15953.9.1.5 +attributeSyntax: 2.5.5.5 +isSingleValued: FALSE +showInAdvancedViewOnly: TRUE +adminDisplayName: sudoOption +adminDescription: Option(s) followed by sudo +oMSyntax: 22 +lDAPDisplayName: sudoOption +name: sudoOption +schemaIDGUID:: ojaPzBBlAEmsvrHxQctLnA== +objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X + +dn: CN=sudoRunAsUser,CN=Schema,CN=Configuration,DC=X +changetype: add +objectClass: top +objectClass: attributeSchema +cn: sudoRunAsUser +distinguishedName: CN=sudoRunAsUser,CN=Schema,CN=Configuration,DC=X +instanceType: 4 +attributeID: 1.3.6.1.4.1.15953.9.1.6 +attributeSyntax: 2.5.5.5 +isSingleValued: FALSE +showInAdvancedViewOnly: TRUE +adminDisplayName: sudoRunAsUser +adminDescription: User(s) impersonated by sudo +oMSyntax: 22 +lDAPDisplayName: sudoRunAsUser +name: sudoRunAsUser +schemaIDGUID:: 9C52yPYd3RG3jMR2VtiVkw== +objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X + +dn: CN=sudoRunAsGroup,CN=Schema,CN=Configuration,DC=X +changetype: add +objectClass: top +objectClass: attributeSchema +cn: sudoRunAsGroup +distinguishedName: CN=sudoRunAsGroup,CN=Schema,CN=Configuration,DC=X +instanceType: 4 +attributeID: 1.3.6.1.4.1.15953.9.1.7 +attributeSyntax: 2.5.5.5 +isSingleValued: FALSE +showInAdvancedViewOnly: TRUE +adminDisplayName: sudoRunAsGroup +adminDescription: Groups(s) impersonated by sudo +oMSyntax: 22 +lDAPDisplayName: sudoRunAsGroup +name: sudoRunAsGroup +schemaIDGUID:: xJhSt/Yd3RGJPTB1VtiVkw== +objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X + +dn: CN=sudoNotBefore,CN=Schema,CN=Configuration,DC=X +changetype: add +objectClass: top +objectClass: attributeSchema +cn: sudoNotBefore +distinguishedName: CN=sudoNotBefore,CN=Schema,CN=Configuration,DC=X +instanceType: 4 +attributeID: 1.3.6.1.4.1.15953.9.1.8 +attributeSyntax: 2.5.5.11 +isSingleValued: TRUE +showInAdvancedViewOnly: TRUE +adminDisplayName: sudoNotBefore +adminDescription: Start of time interval for which the entry is valid +oMSyntax: 24 +lDAPDisplayName: sudoNotBefore +name: sudoNotBefore +schemaIDGUID:: dm1HnRfY4RGf4gopYYhwmw== +objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X + +dn: CN=sudoNotAfter,CN=Schema,CN=Configuration,DC=X +changetype: add +objectClass: top +objectClass: attributeSchema +cn: sudoNotAfter +distinguishedName: CN=sudoNotAfter,CN=Schema,CN=Configuration,DC=X +instanceType: 4 +attributeID: 1.3.6.1.4.1.15953.9.1.9 +attributeSyntax: 2.5.5.11 +isSingleValued: TRUE +showInAdvancedViewOnly: TRUE +adminDisplayName: sudoNotAfter +adminDescription: End of time interval for which the entry is valid +oMSyntax: 24 +lDAPDisplayName: sudoNotAfter +name: sudoNotAfter +schemaIDGUID:: OAr/pBfY4RG9dBIpYYhwmw== +objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X + +dn: CN=sudoOrder,CN=Schema,CN=Configuration,DC=X +changetype: add +objectClass: top +objectClass: attributeSchema +cn: sudoOrder +distinguishedName: CN=sudoOrder,CN=Schema,CN=Configuration,DC=X +instanceType: 4 +attributeID: 1.3.6.1.4.1.15953.9.1.10 +attributeSyntax: 2.5.5.9 +isSingleValued: TRUE +showInAdvancedViewOnly: TRUE +adminDisplayName: sudoOrder +adminDescription: an integer to order the sudoRole entries +oMSyntax: 2 +lDAPDisplayName: sudoOrder +name: sudoOrder +schemaIDGUID:: 0J8yrRfY4RGIYBUpYYhwmw== +objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X + +dn: +changetype: modify +add: schemaUpdateNow +schemaUpdateNow: 1 +- + +dn: CN=sudoRole,CN=Schema,CN=Configuration,DC=X +changetype: add +objectClass: top +objectClass: classSchema +cn: sudoRole +distinguishedName: CN=sudoRole,CN=Schema,CN=Configuration,DC=X +instanceType: 4 +possSuperiors: container +possSuperiors: top +subClassOf: top +governsID: 1.3.6.1.4.1.15953.9.2.1 +mayContain: sudoCommand +mayContain: sudoHost +mayContain: sudoOption +mayContain: sudoRunAs +mayContain: sudoRunAsUser +mayContain: sudoRunAsGroup +mayContain: sudoUser +mayContain: sudoNotBefore +mayContain: sudoNotAfter +mayContain: sudoOrder +rDNAttID: cn +showInAdvancedViewOnly: FALSE +adminDisplayName: sudoRole +adminDescription: Sudoer Entries +objectClassCategory: 1 +lDAPDisplayName: sudoRole +name: sudoRole +schemaIDGUID:: SQn432lnZ0+ukbdh3+gN3w== +systemOnly: FALSE +objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X +defaultObjectCategory: CN=sudoRole,CN=Schema,CN=Configuration,DC=X diff -Nru sudo-1.9.5p2/docs/schema.OpenLDAP sudo-1.9.9/docs/schema.OpenLDAP --- sudo-1.9.5p2/docs/schema.OpenLDAP 1970-01-01 00:00:00.000000000 +0000 +++ sudo-1.9.9/docs/schema.OpenLDAP 2022-01-27 21:24:22.000000000 +0000 @@ -0,0 +1,78 @@ +# +# OpenLDAP schema file for Sudo +# Save as /etc/openldap/schema/sudo.schema and restart slapd. +# For a version that uses online configuration, see schema.olcSudo. +# + +attributetype ( 1.3.6.1.4.1.15953.9.1.1 + NAME 'sudoUser' + DESC 'User(s) who may run sudo' + EQUALITY caseExactIA5Match + SUBSTR caseExactIA5SubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) + +attributetype ( 1.3.6.1.4.1.15953.9.1.2 + NAME 'sudoHost' + DESC 'Host(s) who may run sudo' + EQUALITY caseExactIA5Match + SUBSTR caseExactIA5SubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) + +attributetype ( 1.3.6.1.4.1.15953.9.1.3 + NAME 'sudoCommand' + DESC 'Command(s) to be executed by sudo' + EQUALITY caseExactIA5Match + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) + +attributetype ( 1.3.6.1.4.1.15953.9.1.4 + NAME 'sudoRunAs' + DESC 'User(s) impersonated by sudo (deprecated)' + EQUALITY caseExactIA5Match + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) + +attributetype ( 1.3.6.1.4.1.15953.9.1.5 + NAME 'sudoOption' + DESC 'Options(s) followed by sudo' + EQUALITY caseExactIA5Match + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) + +attributetype ( 1.3.6.1.4.1.15953.9.1.6 + NAME 'sudoRunAsUser' + DESC 'User(s) impersonated by sudo' + EQUALITY caseExactIA5Match + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) + +attributetype ( 1.3.6.1.4.1.15953.9.1.7 + NAME 'sudoRunAsGroup' + DESC 'Group(s) impersonated by sudo' + EQUALITY caseExactIA5Match + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) + +attributetype ( 1.3.6.1.4.1.15953.9.1.8 + NAME 'sudoNotBefore' + DESC 'Start of time interval for which the entry is valid' + EQUALITY generalizedTimeMatch + ORDERING generalizedTimeOrderingMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.24 ) + +attributetype ( 1.3.6.1.4.1.15953.9.1.9 + NAME 'sudoNotAfter' + DESC 'End of time interval for which the entry is valid' + EQUALITY generalizedTimeMatch + ORDERING generalizedTimeOrderingMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.24 ) + +attributetype ( 1.3.6.1.4.1.15953.9.1.10 + NAME 'sudoOrder' + DESC 'an integer to order the sudoRole entries' + EQUALITY integerMatch + ORDERING integerOrderingMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 ) + +objectclass ( 1.3.6.1.4.1.15953.9.2.1 NAME 'sudoRole' SUP top STRUCTURAL + DESC 'Sudoer Entries' + MUST ( cn ) + MAY ( sudoUser $ sudoHost $ sudoCommand $ sudoRunAs $ sudoRunAsUser $ + sudoRunAsGroup $ sudoOption $ sudoOrder $ sudoNotBefore $ + sudoNotAfter $ description ) + ) diff -Nru sudo-1.9.5p2/docs/schema.iPlanet sudo-1.9.9/docs/schema.iPlanet --- sudo-1.9.5p2/docs/schema.iPlanet 1970-01-01 00:00:00.000000000 +0000 +++ sudo-1.9.9/docs/schema.iPlanet 2022-01-27 21:24:22.000000000 +0000 @@ -0,0 +1,12 @@ +dn: cn=schema +attributeTypes: ( 1.3.6.1.4.1.15953.9.1.1 NAME 'sudoUser' DESC 'User(s) who may run sudo' EQUALITY caseExactIA5Match SUBSTR caseExactIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 X-ORIGIN 'SUDO' ) +attributeTypes: ( 1.3.6.1.4.1.15953.9.1.2 NAME 'sudoHost' DESC 'Host(s) who may run sudo' EQUALITY caseExactIA5Match SUBSTR caseExactIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 X-ORIGIN 'SUDO' ) +attributeTypes: ( 1.3.6.1.4.1.15953.9.1.3 NAME 'sudoCommand' DESC 'Command(s) to be executed by sudo' EQUALITY caseExactIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 X-ORIGIN 'SUDO' ) +attributeTypes: ( 1.3.6.1.4.1.15953.9.1.4 NAME 'sudoRunAs' DESC 'User(s) impersonated by sudo (deprecated)' EQUALITY caseExactIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 X-ORIGIN 'SUDO' ) +attributeTypes: ( 1.3.6.1.4.1.15953.9.1.5 NAME 'sudoOption' DESC 'Options(s) followed by sudo' EQUALITY caseExactIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 X-ORIGIN 'SUDO' ) +attributeTypes: ( 1.3.6.1.4.1.15953.9.1.6 NAME 'sudoRunAsUser' DESC 'User(s) impersonated by sudo' EQUALITY caseExactIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 X-ORIGIN 'SUDO' ) +attributeTypes: ( 1.3.6.1.4.1.15953.9.1.7 NAME 'sudoRunAsGroup' DESC 'Group(s) impersonated by sudo' EQUALITY caseExactIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 X-ORIGIN 'SUDO' ) +attributeTypes: ( 1.3.6.1.4.1.15953.9.1.8 NAME 'sudoNotBefore' DESC 'Start of time interval for which the entry is valid' EQUALITY generalizedTimeMatch ORDERING generalizedTimeOrderingMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.24 ) +attributeTypes: ( 1.3.6.1.4.1.15953.9.1.9 NAME 'sudoNotAfter' DESC 'End of time interval for which the entry is valid' EQUALITY generalizedTimeMatch ORDERING generalizedTimeOrderingMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.24 ) +attributeTypes: ( 1.3.6.1.4.1.15953.9.1.10 NAME 'sudoOrder' DESC 'an integer to order the sudoRole entries' EQUALITY integerMatch ORDERING integerOrderingMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 ) +objectClasses: ( 1.3.6.1.4.1.15953.9.2.1 NAME 'sudoRole' SUP top STRUCTURAL DESC 'Sudoer Entries' MUST ( cn ) MAY ( sudoUser $ sudoHost $ sudoCommand $ sudoRunAs $ sudoRunAsUser $ sudoRunAsGroup $ sudoOption $ sudoOrder $ sudoNotBefore $ sudoNotAfter $ description ) X-ORIGIN 'SUDO' ) diff -Nru sudo-1.9.5p2/docs/schema.olcSudo sudo-1.9.9/docs/schema.olcSudo --- sudo-1.9.5p2/docs/schema.olcSudo 1970-01-01 00:00:00.000000000 +0000 +++ sudo-1.9.9/docs/schema.olcSudo 2022-01-27 21:24:22.000000000 +0000 @@ -0,0 +1,79 @@ +dn: cn=sudoschema,cn=schema,cn=config +objectClass: olcSchemaConfig +cn: sudoschema +# +# OpenLDAP schema file for Sudo in on-line configuration (OLC) format. +# Import using ldapadd or another suitable LDAP browser. +# Converted to OLC format by Frederic Pasteleurs +# +olcattributetypes: ( 1.3.6.1.4.1.15953.9.1.1 + NAME 'sudoUser' + DESC 'User(s) who may run sudo' + EQUALITY caseExactIA5Match + SUBSTR caseExactIA5SubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) +# +olcattributetypes: ( 1.3.6.1.4.1.15953.9.1.2 + NAME 'sudoHost' + DESC 'Host(s) who may run sudo' + EQUALITY caseExactIA5Match + SUBSTR caseExactIA5SubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) +# +olcattributetypes: ( 1.3.6.1.4.1.15953.9.1.3 + NAME 'sudoCommand' + DESC 'Command(s) to be executed by sudo' + EQUALITY caseExactIA5Match + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) +# +olcattributetypes: ( 1.3.6.1.4.1.15953.9.1.4 + NAME 'sudoRunAs' + DESC 'User(s) impersonated by sudo (deprecated)' + EQUALITY caseExactIA5Match + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) +# +olcattributetypes: ( 1.3.6.1.4.1.15953.9.1.5 + NAME 'sudoOption' + DESC 'Options(s) followed by sudo' + EQUALITY caseExactIA5Match + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) +# +olcattributetypes: ( 1.3.6.1.4.1.15953.9.1.6 + NAME 'sudoRunAsUser' + DESC 'User(s) impersonated by sudo' + EQUALITY caseExactIA5Match + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) +# +olcattributetypes: ( 1.3.6.1.4.1.15953.9.1.7 + NAME 'sudoRunAsGroup' + DESC 'Group(s) impersonated by sudo' + EQUALITY caseExactIA5Match + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) +# +olcattributetypes: ( 1.3.6.1.4.1.15953.9.1.8 + NAME 'sudoNotBefore' + DESC 'Start of time interval for which the entry is valid' + EQUALITY generalizedTimeMatch + ORDERING generalizedTimeOrderingMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.24 ) +# +olcattributetypes: ( 1.3.6.1.4.1.15953.9.1.9 + NAME 'sudoNotAfter' + DESC 'End of time interval for which the entry is valid' + EQUALITY generalizedTimeMatch + ORDERING generalizedTimeOrderingMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.24 ) +# +olcattributeTypes: ( 1.3.6.1.4.1.15953.9.1.10 + NAME 'sudoOrder' + DESC 'an integer to order the sudoRole entries' + EQUALITY integerMatch + ORDERING integerOrderingMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 ) +# +olcobjectclasses: ( 1.3.6.1.4.1.15953.9.2.1 NAME 'sudoRole' SUP top STRUCTURAL + DESC 'Sudoer Entries' + MUST ( cn ) + MAY ( sudoUser $ sudoHost $ sudoCommand $ sudoRunAs $ sudoRunAsUser $ sudoRunAsGroup $ sudoOption $ sudoOrder $ sudoNotBefore $ sudoNotAfter $ + description ) + ) diff -Nru sudo-1.9.5p2/docs/sudo.conf.man.in sudo-1.9.9/docs/sudo.conf.man.in --- sudo-1.9.5p2/docs/sudo.conf.man.in 1970-01-01 00:00:00.000000000 +0000 +++ sudo-1.9.9/docs/sudo.conf.man.in 2022-01-27 21:24:22.000000000 +0000 @@ -0,0 +1,916 @@ +.\" Automatically generated from an mdoc input file. Do not edit. +.\" +.\" SPDX-License-Identifier: ISC +.\" +.\" Copyright (c) 2010-2022 Todd C. Miller +.\" +.\" Permission to use, copy, modify, and distribute this software for any +.\" purpose with or without fee is hereby granted, provided that the above +.\" copyright notice and this permission notice appear in all copies. +.\" +.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES +.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF +.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR +.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES +.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN +.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF +.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. +.\" +.nr SL @SEMAN@ +.TH "SUDO.CONF" "@mansectform@" "January 20, 2022" "Sudo @PACKAGE_VERSION@" "File Formats Manual" +.nh +.if n .ad l +.SH "NAME" +\fBsudo.conf\fR +\- configuration for sudo front-end +.SH "DESCRIPTION" +The +\fBsudo.conf\fR +file is used to configure the +\fBsudo\fR +front-end. +It is used to configure sudo plugins, plugin-agnostic path names, +debug flags, and other settings. +.PP +The +\fBsudo.conf\fR +file supports the following directives, described in detail below. +.TP 10n +Plugin +an approval, audit, I/O logging, or security policy plugin +.TP 10n +Path +a plugin-agnostic path +.TP 10n +Set +a front-end setting, such as +\fIdisable_coredump\fR +or +\fIgroup_source\fR +.TP 10n +Debug +debug flags to aid in debugging +\fBsudo\fR, +\fBsudoreplay\fR, +\fBvisudo\fR, +and the +\fBsudoers\fR +plugin. +.PP +The pound sign +(\(oq#\(cq) +is used to indicate a comment. +Both the comment character and any text after it, up to the end of +the line, are ignored. +.PP +Long lines can be continued with a backslash +(\(oq\e\(cq) +as the last character on the line. +Note that leading white space is removed from the beginning of lines +even when the continuation character is used. +.PP +Non-comment lines that don't begin with +\fRPlugin\fR, +\fRPath\fR, +\fRDebug\fR, +or +\fRSet\fR +are silently ignored. +.PP +The +\fBsudo.conf\fR +file is always parsed in the +\(lq\fRC\fR\(rq +locale. +.SS "Plugin configuration" +\fBsudo\fR +supports a plugin architecture for security policies and input/output +logging. +Third parties can develop and distribute their own policy and I/O +logging plugins to work seamlessly with the +\fBsudo\fR +front-end. +Plugins are dynamically loaded based on the contents of +\fBsudo.conf\fR. +.PP +A +\fRPlugin\fR +line consists of the +\fRPlugin\fR +keyword, followed by the +\fIsymbol_name\fR +and the +\fIpath\fR +to the dynamic shared object that contains the plugin. +The +\fIsymbol_name\fR +is the name of the +\fRapproval_plugin\fR, +\fRaudit_plugin\fR, +\fRio_plugin\fR, +or +\fRpolicy_plugin\fR +struct contained in the plugin. +If a plugin implements multiple plugin types, there must be a +\fRPlugin\fR +line for each unique symbol name. +The +\fIpath\fR +may be fully qualified or relative. +If not fully qualified, it is relative to the directory +specified by the +\fIplugin_dir\fR +\fRPath\fR +setting, which defaults to +\fI@plugindir@\fR. +In other words: +.nf +.sp +.RS 6n +Plugin sudoers_policy sudoers.so +.RE +.fi +.PP +is equivalent to: +.nf +.sp +.RS 6n +Plugin sudoers_policy @plugindir@/sudoers.so +.RE +.fi +.PP +If the plugin was compiled statically into the +\fBsudo\fR +binary instead of being installed as a dynamic shared object, the +\fIpath\fR +should be specified without a leading directory, +as it does not actually exist in the file system. +For example: +.nf +.sp +.RS 6n +Plugin sudoers_policy sudoers.so +.RE +.fi +.PP +Starting with +\fBsudo\fR +1.8.5, any additional parameters after the +\fIpath\fR +are passed as arguments to the plugin's +\fIopen\fR +function. +For example, to override the compile-time default sudoers file mode: +.nf +.sp +.RS 6n +Plugin sudoers_policy sudoers.so sudoers_mode=0440 +.RE +.fi +.PP +See the +sudoers(@mansectform@) +manual for a list of supported arguments. +.PP +The same dynamic shared object may contain multiple plugins, +each with a different symbol name. +The file must be owned by user-ID 0 and only writable by its owner. +Because of ambiguities that arise from composite policies, only a single +policy plugin may be specified. +This limitation does not apply to I/O plugins. +.PP +If no +\fBsudo.conf\fR +file is present, or if it contains no +\fRPlugin\fR +lines, the +\fBsudoers\fR +plugin will be used as the default security policy, for I/O logging +(if enabled by the policy), and for auditing. +This is equivalent to the following: +.nf +.sp +.RS 6n +Plugin sudoers_policy sudoers.so +Plugin sudoers_io sudoers.so +Plugin sudoers_audit sudoers.so +.RE +.fi +.PP +Starting with +\fBsudo\fR +version 1.9.1, some of the logging functionality of the +\fBsudoers\fR +plugin has been moved from the policy plugin to an audit plugin. +To maintain compatibility with +\fBsudo.conf\fR +files from older +\fBsudo\fR +versions, if +\fBsudoers\fR +is configured as the security policy, it will be used as an audit +plugin as well. +This guarantees that the logging behavior will be consistnet with that of +\fBsudo\fR +versions 1.9.0 and below. +.PP +For more information on the +\fBsudo\fR +plugin architecture, see the +sudo_plugin(@mansectform@) +manual. +.SS "Path settings" +A +\fRPath\fR +line consists of the +\fRPath\fR +keyword, followed by the name of the path to set and its value. +For example: +.nf +.sp +.RS 6n +Path intercept @intercept_file@ +Path noexec @noexec_file@ +Path askpass /usr/X11R6/bin/ssh-askpass +.RE +.fi +.PP +If no path name is specified, features relying on the specified +setting will be disabled. +Disabling +\fRPath\fR +settings is only supported in +\fBsudo\fR +version 1.8.16 and higher. +.PP +The following plugin-agnostic paths may be set in the +\fI@sysconfdir@/sudo.conf\fR +file: +.TP 10n +askpass +The fully qualified path to a helper program used to read the user's +password when no terminal is available. +This may be the case when +\fBsudo\fR +is executed from a graphical (as opposed to text-based) application. +The program specified by +\fIaskpass\fR +should display the argument passed to it as the prompt and write +the user's password to the standard output. +The value of +\fIaskpass\fR +may be overridden by the +\fRSUDO_ASKPASS\fR +environment variable. +.TP 10n +devsearch +.br +An ordered, colon-separated search path of directories to look in for +device nodes. +This is used when mapping the process's tty device number to a device name +on systems that do not provide such a mechanism. +Sudo will +\fInot\fR +recurse into sub-directories. +If terminal devices may be located in a sub-directory of +\fI/dev\fR, +that path must be explicitly listed in +\fIdevsearch\fR. +The default value is +\fR/dev/pts:/dev/vt:/dev/term:/dev/zcons:/dev/pty:/dev\fR +.sp +This option is ignored on systems that support either the +\fBdevname\fR() +or +\fB_ttyname_dev\fR() +functions, for example +BSD, +macOS and Solaris. +.TP 10n +intercept +.br +The fully-qualified path to a shared library containing a wrappers for the +\fBexecl\fR(), +\fBexecle\fR(), +\fBexeclp\fR(), +\fBexecv\fR(), +\fBexecve\fR(), +\fBexecvp\fR(), +and +\fBexecvpe\fR() +library functions that intercepts attempts to run further commands and +performs a policy check before allowing them to be executed. +This is used to implement the +\fIintercept\fR +functionality on systems that support +\fRLD_PRELOAD\fR +or its equivalent. +The default value is +\fI@intercept_file@\fR. +.TP 10n +noexec +The fully-qualified path to a shared library containing wrappers +for the +\fBexecl\fR(), +\fBexecle\fR(), +\fBexeclp\fR(), +\fBexect\fR(), +\fBexecv\fR(), +\fBexecve\fR(), +\fBexecveat\fR(), +\fBexecvP\fR(), +\fBexecvp\fR(), +\fBexecvpe\fR(), +\fBfexecve\fR(), +\fBpopen\fR(), +\fBposix_spawn\fR(), +\fBposix_spawnp\fR(), +\fBsystem\fR(), +and +\fBwordexp\fR() +library functions that prevent the execution of further commands. +This is used to implement the +\fInoexec\fR +functionality on systems that support +\fRLD_PRELOAD\fR +or its equivalent. +The default value is +\fI@noexec_file@\fR. +.TP 10n +plugin_dir +The default directory to use when searching for plugins +that are specified without a fully qualified path name. +The default value is +\fI@plugindir@\fR. +.if \n(SL \{\ +.TP 10n +sesh +The fully-qualified path to the +\fBsesh\fR +binary. +This setting is only used when +\fBsudo\fR +is built with SELinux support. +The default value is +\fI@sesh_file@\fR. +.\} +.SS "Other settings" +The +\fBsudo.conf\fR +file also supports the following front-end settings: +.TP 10n +disable_coredump +Core dumps of +\fBsudo\fR +itself are disabled by default to prevent the disclosure of potentially +sensitive information. +To aid in debugging +\fBsudo\fR +crashes, you may wish to re-enable core dumps by setting +\(lqdisable_coredump\(rq +to false in +\fBsudo.conf\fR +as follows: +.nf +.sp +.RS 16n +Set disable_coredump false +.RE +.fi +.RS 10n +.sp +All modern operating systems place restrictions on core dumps +from set-user-ID processes like +\fBsudo\fR +so this option can be enabled without compromising security. +To actually get a +\fBsudo\fR +core file you will likely need to enable core dumps for set-user-ID processes. +On +BSD +and Linux systems this is accomplished in the +sysctl(@mansectsu@) +command. +On Solaris, the +coreadm(1m) +command is used to configure core dump behavior. +.sp +This setting is only available in +\fBsudo\fR +version 1.8.4 and higher. +.RE +.TP 10n +developer_mode +By default +\fBsudo\fR +refuses to load plugins which can be modified by other than the root user. +The plugin should be owned by root and write access permissions should be +disabled for +\(lqgroup\(rq +and +\(lqother\(rq\&. +To make development of a plugin easier, you can disable that by setting +\(lqdeveloper_mode\(rq +option to true in +\fBsudo.conf\fR +as follows: +.nf +.sp +.RS 16n +Set developer_mode true +.RE +.fi +.RS 10n +.sp +Please note that this creates a security risk, so it is not recommended +on critical systems such as a desktop machine for daily use, but is intended +to be used in development environments (VM, container, etc). +Before enabling developer mode, ensure you understand the implications. +.sp +This setting is only available in +\fBsudo\fR +version 1.9.0 and higher. +.RE +.TP 10n +group_source +\fBsudo\fR +passes the invoking user's group list to the policy and I/O plugins. +On most systems, there is an upper limit to the number of groups that +a user may belong to simultaneously (typically 16 for compatibility +with NFS). +On systems with the +getconf(1) +utility, running: +.RS 16n +getconf NGROUPS_MAX +.RE +.RS 10n +will return the maximum number of groups. +.sp +However, it is still possible to be a member of a larger number of +groups--they simply won't be included in the group list returned +by the kernel for the user. +Starting with +\fBsudo\fR +version 1.8.7, if the user's kernel group list has the maximum number +of entries, +\fBsudo\fR +will consult the group database directly to determine the group list. +This makes it possible for the security policy to perform matching by group +name even when the user is a member of more than the maximum number of groups. +.sp +The +\fIgroup_source\fR +setting allows the administrator to change this default behavior. +Supported values for +\fIgroup_source\fR +are: +.TP 10n +static +Use the static group list that the kernel returns. +Retrieving the group list this way is very fast but it is subject +to an upper limit as described above. +It is +\(lqstatic\(rq +in that it does not reflect changes to the group database made +after the user logs in. +This was the default behavior prior to +\fBsudo\fR +1.8.7. +.TP 10n +dynamic +Always query the group database directly. +It is +\(lqdynamic\(rq +in that changes made to the group database after the user logs in +will be reflected in the group list. +On some systems, querying the group database for all of a user's +groups can be time consuming when querying a network-based group +database. +Most operating systems provide an efficient method of performing +such queries. +Currently, +\fBsudo\fR +supports efficient group queries on AIX, +BSD, +HP-UX, Linux, macOS, and Solaris. +This is the default behavior on macOS in +\fBsudo\fR +1.9.6 and higher. +.TP 10n +adaptive +Only query the group database if the static group list returned +by the kernel has the maximum number of entries. +This is the default behavior on systems other than macOS in +\fBsudo\fR +1.8.7 and higher. +.PP +For example, to cause +\fBsudo\fR +to only use the kernel's static list of groups for the user: +.nf +.sp +.RS 16n +Set group_source static +.RE +.fi +.sp +This setting is only available in +\fBsudo\fR +version 1.8.7 and higher. +.RE +.TP 10n +max_groups +The maximum number of user groups to retrieve from the group database. +Values less than one or larger than 1024 will be ignored. +This setting is only used when querying the group database directly. +It is intended to be used on systems where it is not possible to detect +when the array to be populated with group entries is not sufficiently large. +By default, +\fBsudo\fR +will allocate four times the system's maximum number of groups (see above) +and retry with double that number if the group database query fails. +.sp +This setting is only available in +\fBsudo\fR +version 1.8.7 and higher. +It should not be required in +\fBsudo\fR +versions 1.8.24 and higher and may be removed in a later release. +.TP 10n +probe_interfaces +By default, +\fBsudo\fR +will probe the system's network interfaces and pass the IP address +of each enabled interface to the policy plugin. +This makes it possible for the plugin to match rules based on the IP address +without having to query DNS. +On Linux systems with a large number of virtual interfaces, this may +take a non-negligible amount of time. +If IP-based matching is not required, network interface probing +can be disabled as follows: +.nf +.sp +.RS 16n +Set probe_interfaces false +.RE +.fi +.RS 10n +.sp +This setting is only available in +\fBsudo\fR +version 1.8.10 and higher. +.RE +.SS "Debug settings" +\fBsudo\fR +versions 1.8.4 and higher support a flexible debugging framework +that can log what +\fBsudo\fR +is doing internally if there is a problem. +.PP +A +\fRDebug\fR +line consists of the +\fRDebug\fR +keyword, followed by the name of the program, plugin, or shared object +to debug, the debug file name, and a comma-separated list of debug flags. +The debug flag syntax used by +\fBsudo\fR, +the +\fBsudoers\fR +plugin along with its associated programs and shared objects is +\fIsubsystem\fR@\fIpriority\fR +but a third-party plugin is free to use a different format so long +as it does not include a comma +(\(oq\&,\(cq). +.PP +Examples: +.nf +.sp +.RS 6n +Debug sudo /var/log/sudo_debug all@warn,plugin@info +.RE +.fi +.PP +would log all debugging statements at the +\fIwarn\fR +level and higher in addition to those at the +\fIinfo\fR +level for the plugin subsystem. +.nf +.sp +.RS 6n +Debug sudo_intercept.so /var/log/intercept_debug all@debug +.RE +.fi +.PP +would log all debugging statements, regardless of level, for the +\fIsudo_intercept.so\fR +shared object that implements +\fBsudo\fR's +intercept functionality. +.PP +As of +\fBsudo\fR +1.8.12, multiple +\fRDebug\fR +entries may be specified per program. +Older versions of +\fBsudo\fR +only support a single +\fRDebug\fR +entry per program. +Plugin-specific +\fRDebug\fR +entries are also supported starting with +\fBsudo\fR +1.8.12 and are matched by either the base name of the plugin that was loaded +(for example +\fRsudoers.so\fR) +or by the plugin's fully-qualified path name. +Previously, the +\fBsudoers\fR +plugin shared the same +\fRDebug\fR +entry as the +\fBsudo\fR +front-end and could not be configured separately. +.PP +The following priorities are supported, in order of decreasing severity: +\fIcrit\fR, \fIerr\fR, \fIwarn\fR, \fInotice\fR, \fIdiag\fR, \fIinfo\fR, \fItrace\fR, +and +\fIdebug\fR. +Each priority, when specified, also includes all priorities higher +than it. +For example, a priority of +\fInotice\fR +would include debug messages logged at +\fInotice\fR +and higher. +.PP +The priorities +\fItrace\fR +and +\fIdebug\fR +also include function call tracing which logs when a function is +entered and when it returns. +For example, the following trace is for the +\fBget_user_groups\fR() +function located in src/sudo.c: +.nf +.sp +.RS 6n +sudo[123] -> get_user_groups @ src/sudo.c:385 +sudo[123] <- get_user_groups @ src/sudo.c:429 := groups=10,0,5 +.RE +.fi +.PP +When the function is entered, indicated by a right arrow +\(oq->\(cq, +the program, process ID, function, source file, and line number +are logged. +When the function returns, indicated by a left arrow +\(oq<-\(cq, +the same information is logged along with the return value. +In this case, the return value is a string. +.PP +The following subsystems are used by the +\fBsudo\fR +front-end: +.TP 12n +\fIall\fR +matches every subsystem +.TP 12n +\fIargs\fR +command line argument processing +.TP 12n +\fIconv\fR +user conversation +.TP 12n +\fIedit\fR +sudoedit +.TP 12n +\fIevent\fR +event subsystem +.TP 12n +\fIexec\fR +command execution +.TP 12n +\fImain\fR +\fBsudo\fR +main function +.TP 12n +\fInetif\fR +network interface handling +.TP 12n +\fIpcomm\fR +communication with the plugin +.TP 12n +\fIplugin\fR +plugin configuration +.TP 12n +\fIpty\fR +pseudo-terminal related code +.TP 12n +\fIselinux\fR +SELinux-specific handling +.TP 12n +\fIutil\fR +utility functions +.TP 12n +\fIutmp\fR +utmp handling +.PP +The +sudoers(@mansectform@) +plugin includes support for additional subsystems. +.SH "FILES" +.TP 26n +\fI@sysconfdir@/sudo.conf\fR +\fBsudo\fR +front-end configuration +.SH "EXAMPLES" +.nf +.RS 0n +# +# Default @sysconfdir@/sudo.conf file +# +# Sudo plugins: +# Plugin plugin_name plugin_path plugin_options ... +# +# The plugin_path is relative to @plugindir@ unless +# fully qualified. +# The plugin_name corresponds to a global symbol in the plugin +# that contains the plugin interface structure. +# The plugin_options are optional. +# +# The sudoers plugin is used by default if no Plugin lines are present. +#Plugin sudoers_policy sudoers.so +#Plugin sudoers_io sudoers.so +#Plugin sudoers_audit sudoers.so + +# +# Sudo askpass: +# Path askpass /path/to/askpass +# +# An askpass helper program may be specified to provide a graphical +# password prompt for "sudo -A" support. Sudo does not ship with its +# own askpass program but can use the OpenSSH askpass. +# +# Use the OpenSSH askpass +#Path askpass /usr/X11R6/bin/ssh-askpass +# +# Use the Gnome OpenSSH askpass +#Path askpass /usr/libexec/openssh/gnome-ssh-askpass + +# +# Sudo device search path: +# Path devsearch /dev/path1:/dev/path2:/dev +# +# A colon-separated list of paths to check when searching for a user's +# terminal device. +# +#Path devsearch /dev/pts:/dev/vt:/dev/term:/dev/zcons:/dev/pty:/dev + +# +# Sudo command interception: +# Path intercept /path/to/sudo_intercept.so +# +# Path to a shared library containing replacements for the execv() +# and execve() library functions that perform a policy check to verify +# the command is allowed and simply return an error if not. This is +# used to implement the "intercept" functionality on systems that +# support LD_PRELOAD or its equivalent. +# +# The compiled-in value is usually sufficient and should only be changed +# if you rename or move the sudo_intercept.so file. +# +#Path intercept @plugindir@/sudo_intercept.so + +# +# Sudo noexec: +# Path noexec /path/to/sudo_noexec.so +# +# Path to a shared library containing replacements for the execv() +# family of library functions that just return an error. This is +# used to implement the "noexec" functionality on systems that support +# LD_PRELOAD or its equivalent. +# +# The compiled-in value is usually sufficient and should only be changed +# if you rename or move the sudo_noexec.so file. +# +#Path noexec @plugindir@/sudo_noexec.so + +# +# Sudo plugin directory: +# Path plugin_dir /path/to/plugins +# +# The default directory to use when searching for plugins that are +# specified without a fully qualified path name. +# +#Path plugin_dir @plugindir@ + +# +# Sudo developer mode: +# Set developer_mode true|false +# +# Allow loading of plugins that are owned by non-root or are writable +# by "group" or "other". Should only be used during plugin development. +#Set developer_mode true + +# +# Core dumps: +# Set disable_coredump true|false +# +# By default, sudo disables core dumps while it is executing (they +# are re-enabled for the command that is run). +# To aid in debugging sudo problems, you may wish to enable core +# dumps by setting "disable_coredump" to false. +# +#Set disable_coredump false + +# +# User groups: +# Set group_source static|dynamic|adaptive +# +# Sudo passes the user's group list to the policy plugin. +# If the user is a member of the maximum number of groups (usually 16), +# sudo will query the group database directly to be sure to include +# the full list of groups. +# +# On some systems, this can be expensive so the behavior is configurable. +# The "group_source" setting has three possible values: +# static - use the user's list of groups returned by the kernel. +# dynamic - query the group database to find the list of groups. +# adaptive - if user is in less than the maximum number of groups. +# use the kernel list, else query the group database. +# +#Set group_source static + +# +# Sudo interface probing: +# Set probe_interfaces true|false +# +# By default, sudo will probe the system's network interfaces and +# pass the IP address of each enabled interface to the policy plugin. +# On systems with a large number of virtual interfaces this may take +# a noticeable amount of time. +# +#Set probe_interfaces false + +# +# Sudo debug files: +# Debug program /path/to/debug_log subsystem@priority[,subsyste@priority] +# +# Sudo and related programs support logging debug information to a file. +# The program is typically sudo, sudoers.so, sudoreplay, or visudo. +# +# Subsystems vary based on the program; "all" matches all subsystems. +# Priority may be crit, err, warn, notice, diag, info, trace, or debug. +# Multiple subsystem@priority may be specified, separated by a comma. +# +#Debug sudo /var/log/sudo_debug all@debug +#Debug sudoers.so /var/log/sudoers_debug all@debug +.RE +.fi +.SH "SEE ALSO" +sudo_plugin(@mansectform@), +sudoers(@mansectform@), +sudo(@mansectsu@) +.SH "HISTORY" +See the HISTORY file in the +\fBsudo\fR +distribution (https://www.sudo.ws/history.html) for a brief +history of sudo. +.SH "AUTHORS" +Many people have worked on +\fBsudo\fR +over the years; this version consists of code written primarily by: +.sp +.RS 6n +Todd C. Miller +.RE +.PP +See the CONTRIBUTORS file in the +\fBsudo\fR +distribution (https://www.sudo.ws/contributors.html) for an +exhaustive list of people who have contributed to +\fBsudo\fR. +.SH "BUGS" +If you feel you have found a bug in +\fBsudo\fR, +please submit a bug report at https://bugzilla.sudo.ws/ +.SH "SUPPORT" +Limited free support is available via the sudo-users mailing list, +see https://www.sudo.ws/mailman/listinfo/sudo-users to subscribe or +search the archives. +.SH "DISCLAIMER" +\fBsudo\fR +is provided +\(lqAS IS\(rq +and any express or implied warranties, including, but not limited +to, the implied warranties of merchantability and fitness for a +particular purpose are disclaimed. +See the LICENSE file distributed with +\fBsudo\fR +or https://www.sudo.ws/license.html for complete details. diff -Nru sudo-1.9.5p2/docs/sudo.conf.man.in.sed sudo-1.9.9/docs/sudo.conf.man.in.sed --- sudo-1.9.5p2/docs/sudo.conf.man.in.sed 1970-01-01 00:00:00.000000000 +0000 +++ sudo-1.9.9/docs/sudo.conf.man.in.sed 2022-01-27 21:24:22.000000000 +0000 @@ -0,0 +1,15 @@ +s/^\(.TH .*\)/.nr SL @SEMAN@\ +\1/ + +/^\.TP 10n$/ { + N + /^.TP 10n\nsesh$/ { + i\ +.if \\n(SL \\{\\ + } +} + +/^\\fI@sesh_file@\\fR\.$/ { + a\ +.\\} +} diff -Nru sudo-1.9.5p2/docs/sudo.conf.mdoc.in sudo-1.9.9/docs/sudo.conf.mdoc.in --- sudo-1.9.5p2/docs/sudo.conf.mdoc.in 1970-01-01 00:00:00.000000000 +0000 +++ sudo-1.9.9/docs/sudo.conf.mdoc.in 2022-01-27 21:24:22.000000000 +0000 @@ -0,0 +1,843 @@ +.\" +.\" SPDX-License-Identifier: ISC +.\" +.\" Copyright (c) 2010-2022 Todd C. Miller +.\" +.\" Permission to use, copy, modify, and distribute this software for any +.\" purpose with or without fee is hereby granted, provided that the above +.\" copyright notice and this permission notice appear in all copies. +.\" +.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES +.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF +.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR +.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES +.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN +.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF +.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. +.\" +.nr SL @SEMAN@ +.Dd January 20, 2022 +.Dt SUDO.CONF @mansectform@ +.Os Sudo @PACKAGE_VERSION@ +.Sh NAME +.Nm sudo.conf +.Nd configuration for sudo front-end +.Sh DESCRIPTION +The +.Nm sudo.conf +file is used to configure the +.Nm sudo +front-end. +It is used to configure sudo plugins, plugin-agnostic path names, +debug flags, and other settings. +.Pp +The +.Nm +file supports the following directives, described in detail below. +.Bl -tag -width 8n +.It Plugin +an approval, audit, I/O logging, or security policy plugin +.It Path +a plugin-agnostic path +.It Set +a front-end setting, such as +.Em disable_coredump +or +.Em group_source +.It Debug +debug flags to aid in debugging +.Nm sudo , +.Nm sudoreplay , +.Nm visudo , +and the +.Nm sudoers +plugin. +.El +.Pp +The pound sign +.Pq Ql # +is used to indicate a comment. +Both the comment character and any text after it, up to the end of +the line, are ignored. +.Pp +Long lines can be continued with a backslash +.Pq Ql \e +as the last character on the line. +Note that leading white space is removed from the beginning of lines +even when the continuation character is used. +.Pp +Non-comment lines that don't begin with +.Li Plugin , +.Li Path , +.Li Debug , +or +.Li Set +are silently ignored. +.Pp +The +.Nm +file is always parsed in the +.Dq Li C +locale. +.Ss Plugin configuration +.Nm sudo +supports a plugin architecture for security policies and input/output +logging. +Third parties can develop and distribute their own policy and I/O +logging plugins to work seamlessly with the +.Nm sudo +front-end. +Plugins are dynamically loaded based on the contents of +.Nm . +.Pp +A +.Li Plugin +line consists of the +.Li Plugin +keyword, followed by the +.Em symbol_name +and the +.Em path +to the dynamic shared object that contains the plugin. +The +.Em symbol_name +is the name of the +.Li approval_plugin , +.Li audit_plugin , +.Li io_plugin , +or +.Li policy_plugin +struct contained in the plugin. +If a plugin implements multiple plugin types, there must be a +.Li Plugin +line for each unique symbol name. +The +.Em path +may be fully qualified or relative. +If not fully qualified, it is relative to the directory +specified by the +.Em plugin_dir +.Li Path +setting, which defaults to +.Pa @plugindir@ . +In other words: +.Bd -literal -offset indent +Plugin sudoers_policy sudoers.so +.Ed +.Pp +is equivalent to: +.Bd -literal -offset indent +Plugin sudoers_policy @plugindir@/sudoers.so +.Ed +.Pp +If the plugin was compiled statically into the +.Nm sudo +binary instead of being installed as a dynamic shared object, the +.Em path +should be specified without a leading directory, +as it does not actually exist in the file system. +For example: +.Bd -literal -offset indent +Plugin sudoers_policy sudoers.so +.Ed +.Pp +Starting with +.Nm sudo +1.8.5, any additional parameters after the +.Em path +are passed as arguments to the plugin's +.Em open +function. +For example, to override the compile-time default sudoers file mode: +.Bd -literal -offset indent +Plugin sudoers_policy sudoers.so sudoers_mode=0440 +.Ed +.Pp +See the +.Xr sudoers @mansectform@ +manual for a list of supported arguments. +.Pp +The same dynamic shared object may contain multiple plugins, +each with a different symbol name. +The file must be owned by user-ID 0 and only writable by its owner. +Because of ambiguities that arise from composite policies, only a single +policy plugin may be specified. +This limitation does not apply to I/O plugins. +.Pp +If no +.Nm +file is present, or if it contains no +.Li Plugin +lines, the +.Nm sudoers +plugin will be used as the default security policy, for I/O logging +(if enabled by the policy), and for auditing. +This is equivalent to the following: +.Bd -literal -offset indent +Plugin sudoers_policy sudoers.so +Plugin sudoers_io sudoers.so +Plugin sudoers_audit sudoers.so +.Ed +.Pp +Starting with +.Nm sudo +version 1.9.1, some of the logging functionality of the +.Nm sudoers +plugin has been moved from the policy plugin to an audit plugin. +To maintain compatibility with +.Nm +files from older +.Nm sudo +versions, if +.Nm sudoers +is configured as the security policy, it will be used as an audit +plugin as well. +This guarantees that the logging behavior will be consistnet with that of +.Nm sudo +versions 1.9.0 and below. +.Pp +For more information on the +.Nm sudo +plugin architecture, see the +.Xr sudo_plugin @mansectform@ +manual. +.Ss Path settings +A +.Li Path +line consists of the +.Li Path +keyword, followed by the name of the path to set and its value. +For example: +.Bd -literal -offset indent +Path intercept @intercept_file@ +Path noexec @noexec_file@ +Path askpass /usr/X11R6/bin/ssh-askpass +.Ed +.Pp +If no path name is specified, features relying on the specified +setting will be disabled. +Disabling +.Li Path +settings is only supported in +.Nm sudo +version 1.8.16 and higher. +.Pp +The following plugin-agnostic paths may be set in the +.Pa @sysconfdir@/sudo.conf +file: +.Bl -tag -width 8n +.It askpass +The fully qualified path to a helper program used to read the user's +password when no terminal is available. +This may be the case when +.Nm sudo +is executed from a graphical (as opposed to text-based) application. +The program specified by +.Em askpass +should display the argument passed to it as the prompt and write +the user's password to the standard output. +The value of +.Em askpass +may be overridden by the +.Ev SUDO_ASKPASS +environment variable. +.It devsearch +An ordered, colon-separated search path of directories to look in for +device nodes. +This is used when mapping the process's tty device number to a device name +on systems that do not provide such a mechanism. +Sudo will +.Em not +recurse into sub-directories. +If terminal devices may be located in a sub-directory of +.Pa /dev , +that path must be explicitly listed in +.Em devsearch . +The default value is +.Li /dev/pts:/dev/vt:/dev/term:/dev/zcons:/dev/pty:/dev +.Pp +This option is ignored on systems that support either the +.Fn devname +or +.Fn _ttyname_dev +functions, for example +.Bx , +macOS and Solaris. +.It intercept +The fully-qualified path to a shared library containing a wrappers for the +.Fn execl , +.Fn execle , +.Fn execlp , +.Fn execv , +.Fn execve , +.Fn execvp , +and +.Fn execvpe +library functions that intercepts attempts to run further commands and +performs a policy check before allowing them to be executed. +This is used to implement the +.Em intercept +functionality on systems that support +.Ev LD_PRELOAD +or its equivalent. +The default value is +.Pa @intercept_file@ . +.It noexec +The fully-qualified path to a shared library containing wrappers +for the +.Fn execl , +.Fn execle , +.Fn execlp , +.Fn exect , +.Fn execv , +.Fn execve , +.Fn execveat , +.Fn execvP , +.Fn execvp , +.Fn execvpe , +.Fn fexecve , +.Fn popen , +.Fn posix_spawn , +.Fn posix_spawnp , +.Fn system , +and +.Fn wordexp +library functions that prevent the execution of further commands. +This is used to implement the +.Em noexec +functionality on systems that support +.Ev LD_PRELOAD +or its equivalent. +The default value is +.Pa @noexec_file@ . +.It plugin_dir +The default directory to use when searching for plugins +that are specified without a fully qualified path name. +The default value is +.Pa @plugindir@ . +.if \n(SL \{\ +.It sesh +The fully-qualified path to the +.Nm sesh +binary. +This setting is only used when +.Nm sudo +is built with SELinux support. +The default value is +.Pa @sesh_file@ . +.\} +.El +.Ss Other settings +The +.Nm +file also supports the following front-end settings: +.Bl -tag -width 8n +.It disable_coredump +Core dumps of +.Nm sudo +itself are disabled by default to prevent the disclosure of potentially +sensitive information. +To aid in debugging +.Nm sudo +crashes, you may wish to re-enable core dumps by setting +.Dq disable_coredump +to false in +.Nm +as follows: +.Bd -literal -offset indent +Set disable_coredump false +.Ed +.Pp +All modern operating systems place restrictions on core dumps +from set-user-ID processes like +.Nm sudo +so this option can be enabled without compromising security. +To actually get a +.Nm sudo +core file you will likely need to enable core dumps for set-user-ID processes. +On +.Bx +and Linux systems this is accomplished in the +.Xr sysctl 8 +command. +On Solaris, the +.Xr coreadm 1m +command is used to configure core dump behavior. +.Pp +This setting is only available in +.Nm sudo +version 1.8.4 and higher. +.It developer_mode +By default +.Nm sudo +refuses to load plugins which can be modified by other than the root user. +The plugin should be owned by root and write access permissions should be +disabled for +.Dq group +and +.Sm off +.Dq other +\&. +.Sm on +To make development of a plugin easier, you can disable that by setting +.Dq developer_mode +option to true in +.Nm sudo.conf +as follows: +.Bd -literal -offset indent +Set developer_mode true +.Ed +.Pp +Please note that this creates a security risk, so it is not recommended +on critical systems such as a desktop machine for daily use, but is intended +to be used in development environments (VM, container, etc). +Before enabling developer mode, ensure you understand the implications. +.Pp +This setting is only available in +.Nm sudo +version 1.9.0 and higher. +.It group_source +.Nm sudo +passes the invoking user's group list to the policy and I/O plugins. +On most systems, there is an upper limit to the number of groups that +a user may belong to simultaneously (typically 16 for compatibility +with NFS). +On systems with the +.Xr getconf 1 +utility, running: +.Dl getconf NGROUPS_MAX +will return the maximum number of groups. +.Pp +However, it is still possible to be a member of a larger number of +groups--they simply won't be included in the group list returned +by the kernel for the user. +Starting with +.Nm sudo +version 1.8.7, if the user's kernel group list has the maximum number +of entries, +.Nm sudo +will consult the group database directly to determine the group list. +This makes it possible for the security policy to perform matching by group +name even when the user is a member of more than the maximum number of groups. +.Pp +The +.Em group_source +setting allows the administrator to change this default behavior. +Supported values for +.Em group_source +are: +.Bl -tag -width 8n +.It static +Use the static group list that the kernel returns. +Retrieving the group list this way is very fast but it is subject +to an upper limit as described above. +It is +.Dq static +in that it does not reflect changes to the group database made +after the user logs in. +This was the default behavior prior to +.Nm sudo +1.8.7. +.It dynamic +Always query the group database directly. +It is +.Dq dynamic +in that changes made to the group database after the user logs in +will be reflected in the group list. +On some systems, querying the group database for all of a user's +groups can be time consuming when querying a network-based group +database. +Most operating systems provide an efficient method of performing +such queries. +Currently, +.Nm sudo +supports efficient group queries on AIX, +.Bx , +HP-UX, Linux, macOS, and Solaris. +This is the default behavior on macOS in +.Nm sudo +1.9.6 and higher. +.It adaptive +Only query the group database if the static group list returned +by the kernel has the maximum number of entries. +This is the default behavior on systems other than macOS in +.Nm sudo +1.8.7 and higher. +.El +.Pp +For example, to cause +.Nm sudo +to only use the kernel's static list of groups for the user: +.Bd -literal -offset indent +Set group_source static +.Ed +.Pp +This setting is only available in +.Nm sudo +version 1.8.7 and higher. +.It max_groups +The maximum number of user groups to retrieve from the group database. +Values less than one or larger than 1024 will be ignored. +This setting is only used when querying the group database directly. +It is intended to be used on systems where it is not possible to detect +when the array to be populated with group entries is not sufficiently large. +By default, +.Nm sudo +will allocate four times the system's maximum number of groups (see above) +and retry with double that number if the group database query fails. +.Pp +This setting is only available in +.Nm sudo +version 1.8.7 and higher. +It should not be required in +.Nm sudo +versions 1.8.24 and higher and may be removed in a later release. +.It probe_interfaces +By default, +.Nm sudo +will probe the system's network interfaces and pass the IP address +of each enabled interface to the policy plugin. +This makes it possible for the plugin to match rules based on the IP address +without having to query DNS. +On Linux systems with a large number of virtual interfaces, this may +take a non-negligible amount of time. +If IP-based matching is not required, network interface probing +can be disabled as follows: +.Bd -literal -offset indent +Set probe_interfaces false +.Ed +.Pp +This setting is only available in +.Nm sudo +version 1.8.10 and higher. +.El +.Ss Debug settings +.Nm sudo +versions 1.8.4 and higher support a flexible debugging framework +that can log what +.Nm sudo +is doing internally if there is a problem. +.Pp +A +.Li Debug +line consists of the +.Li Debug +keyword, followed by the name of the program, plugin, or shared object +to debug, the debug file name, and a comma-separated list of debug flags. +The debug flag syntax used by +.Nm sudo , +the +.Nm sudoers +plugin along with its associated programs and shared objects is +.Em subsystem Ns @ Ns Em priority +but a third-party plugin is free to use a different format so long +as it does not include a comma +.Pq Ql \&, . +.Pp +Examples: +.Bd -literal -offset indent +Debug sudo /var/log/sudo_debug all@warn,plugin@info +.Ed +.Pp +would log all debugging statements at the +.Em warn +level and higher in addition to those at the +.Em info +level for the plugin subsystem. +.Bd -literal -offset indent +Debug sudo_intercept.so /var/log/intercept_debug all@debug +.Ed +.Pp +would log all debugging statements, regardless of level, for the +.Pa sudo_intercept.so +shared object that implements +.Nm sudo Ns 's +intercept functionality. +.Pp +As of +.Nm sudo +1.8.12, multiple +.Li Debug +entries may be specified per program. +Older versions of +.Nm sudo +only support a single +.Li Debug +entry per program. +Plugin-specific +.Li Debug +entries are also supported starting with +.Nm sudo +1.8.12 and are matched by either the base name of the plugin that was loaded +(for example +.Li sudoers.so ) +or by the plugin's fully-qualified path name. +Previously, the +.Nm sudoers +plugin shared the same +.Li Debug +entry as the +.Nm sudo +front-end and could not be configured separately. +.Pp +The following priorities are supported, in order of decreasing severity: +.Em crit , err , warn , notice , diag , info , trace , +and +.Em debug . +Each priority, when specified, also includes all priorities higher +than it. +For example, a priority of +.Em notice +would include debug messages logged at +.Em notice +and higher. +.Pp +The priorities +.Em trace +and +.Em debug +also include function call tracing which logs when a function is +entered and when it returns. +For example, the following trace is for the +.Fn get_user_groups +function located in src/sudo.c: +.Bd -literal -offset indent +sudo[123] -> get_user_groups @ src/sudo.c:385 +sudo[123] <- get_user_groups @ src/sudo.c:429 := groups=10,0,5 +.Ed +.Pp +When the function is entered, indicated by a right arrow +.Ql -> , +the program, process ID, function, source file, and line number +are logged. +When the function returns, indicated by a left arrow +.Ql <- , +the same information is logged along with the return value. +In this case, the return value is a string. +.Pp +The following subsystems are used by the +.Nm sudo +front-end: +.Bl -tag -width Fl +.It Em all +matches every subsystem +.It Em args +command line argument processing +.It Em conv +user conversation +.It Em edit +sudoedit +.It Em event +event subsystem +.It Em exec +command execution +.It Em main +.Nm sudo +main function +.It Em netif +network interface handling +.It Em pcomm +communication with the plugin +.It Em plugin +plugin configuration +.It Em pty +pseudo-terminal related code +.It Em selinux +SELinux-specific handling +.It Em util +utility functions +.It Em utmp +utmp handling +.El +.Pp +The +.Xr sudoers @mansectform@ +plugin includes support for additional subsystems. +.Sh FILES +.Bl -tag -width 24n +.It Pa @sysconfdir@/sudo.conf +.Nm sudo +front-end configuration +.El +.Sh EXAMPLES +.Bd -literal +# +# Default @sysconfdir@/sudo.conf file +# +# Sudo plugins: +# Plugin plugin_name plugin_path plugin_options ... +# +# The plugin_path is relative to @plugindir@ unless +# fully qualified. +# The plugin_name corresponds to a global symbol in the plugin +# that contains the plugin interface structure. +# The plugin_options are optional. +# +# The sudoers plugin is used by default if no Plugin lines are present. +#Plugin sudoers_policy sudoers.so +#Plugin sudoers_io sudoers.so +#Plugin sudoers_audit sudoers.so + +# +# Sudo askpass: +# Path askpass /path/to/askpass +# +# An askpass helper program may be specified to provide a graphical +# password prompt for "sudo -A" support. Sudo does not ship with its +# own askpass program but can use the OpenSSH askpass. +# +# Use the OpenSSH askpass +#Path askpass /usr/X11R6/bin/ssh-askpass +# +# Use the Gnome OpenSSH askpass +#Path askpass /usr/libexec/openssh/gnome-ssh-askpass + +# +# Sudo device search path: +# Path devsearch /dev/path1:/dev/path2:/dev +# +# A colon-separated list of paths to check when searching for a user's +# terminal device. +# +#Path devsearch /dev/pts:/dev/vt:/dev/term:/dev/zcons:/dev/pty:/dev + +# +# Sudo command interception: +# Path intercept /path/to/sudo_intercept.so +# +# Path to a shared library containing replacements for the execv() +# and execve() library functions that perform a policy check to verify +# the command is allowed and simply return an error if not. This is +# used to implement the "intercept" functionality on systems that +# support LD_PRELOAD or its equivalent. +# +# The compiled-in value is usually sufficient and should only be changed +# if you rename or move the sudo_intercept.so file. +# +#Path intercept @plugindir@/sudo_intercept.so + +# +# Sudo noexec: +# Path noexec /path/to/sudo_noexec.so +# +# Path to a shared library containing replacements for the execv() +# family of library functions that just return an error. This is +# used to implement the "noexec" functionality on systems that support +# LD_PRELOAD or its equivalent. +# +# The compiled-in value is usually sufficient and should only be changed +# if you rename or move the sudo_noexec.so file. +# +#Path noexec @plugindir@/sudo_noexec.so + +# +# Sudo plugin directory: +# Path plugin_dir /path/to/plugins +# +# The default directory to use when searching for plugins that are +# specified without a fully qualified path name. +# +#Path plugin_dir @plugindir@ + +# +# Sudo developer mode: +# Set developer_mode true|false +# +# Allow loading of plugins that are owned by non-root or are writable +# by "group" or "other". Should only be used during plugin development. +#Set developer_mode true + +# +# Core dumps: +# Set disable_coredump true|false +# +# By default, sudo disables core dumps while it is executing (they +# are re-enabled for the command that is run). +# To aid in debugging sudo problems, you may wish to enable core +# dumps by setting "disable_coredump" to false. +# +#Set disable_coredump false + +# +# User groups: +# Set group_source static|dynamic|adaptive +# +# Sudo passes the user's group list to the policy plugin. +# If the user is a member of the maximum number of groups (usually 16), +# sudo will query the group database directly to be sure to include +# the full list of groups. +# +# On some systems, this can be expensive so the behavior is configurable. +# The "group_source" setting has three possible values: +# static - use the user's list of groups returned by the kernel. +# dynamic - query the group database to find the list of groups. +# adaptive - if user is in less than the maximum number of groups. +# use the kernel list, else query the group database. +# +#Set group_source static + +# +# Sudo interface probing: +# Set probe_interfaces true|false +# +# By default, sudo will probe the system's network interfaces and +# pass the IP address of each enabled interface to the policy plugin. +# On systems with a large number of virtual interfaces this may take +# a noticeable amount of time. +# +#Set probe_interfaces false + +# +# Sudo debug files: +# Debug program /path/to/debug_log subsystem@priority[,subsyste@priority] +# +# Sudo and related programs support logging debug information to a file. +# The program is typically sudo, sudoers.so, sudoreplay, or visudo. +# +# Subsystems vary based on the program; "all" matches all subsystems. +# Priority may be crit, err, warn, notice, diag, info, trace, or debug. +# Multiple subsystem@priority may be specified, separated by a comma. +# +#Debug sudo /var/log/sudo_debug all@debug +#Debug sudoers.so /var/log/sudoers_debug all@debug +.Ed +.Sh SEE ALSO +.Xr sudo_plugin @mansectform@ , +.Xr sudoers @mansectform@ , +.Xr sudo @mansectsu@ +.Sh HISTORY +See the HISTORY file in the +.Nm sudo +distribution (https://www.sudo.ws/history.html) for a brief +history of sudo. +.Sh AUTHORS +Many people have worked on +.Nm sudo +over the years; this version consists of code written primarily by: +.Bd -ragged -offset indent +.An Todd C. Miller +.Ed +.Pp +See the CONTRIBUTORS file in the +.Nm sudo +distribution (https://www.sudo.ws/contributors.html) for an +exhaustive list of people who have contributed to +.Nm sudo . +.Sh BUGS +If you feel you have found a bug in +.Nm sudo , +please submit a bug report at https://bugzilla.sudo.ws/ +.Sh SUPPORT +Limited free support is available via the sudo-users mailing list, +see https://www.sudo.ws/mailman/listinfo/sudo-users to subscribe or +search the archives. +.Sh DISCLAIMER +.Nm sudo +is provided +.Dq AS IS +and any express or implied warranties, including, but not limited +to, the implied warranties of merchantability and fitness for a +particular purpose are disclaimed. +See the LICENSE file distributed with +.Nm sudo +or https://www.sudo.ws/license.html for complete details. diff -Nru sudo-1.9.5p2/docs/sudo.man.in sudo-1.9.9/docs/sudo.man.in --- sudo-1.9.5p2/docs/sudo.man.in 1970-01-01 00:00:00.000000000 +0000 +++ sudo-1.9.9/docs/sudo.man.in 2022-01-27 21:24:22.000000000 +0000 @@ -0,0 +1,1524 @@ +.\" Automatically generated from an mdoc input file. Do not edit. +.\" +.\" SPDX-License-Identifier: ISC +.\" +.\" Copyright (c) 1994-1996, 1998-2005, 2007-2022 +.\" Todd C. Miller +.\" +.\" Permission to use, copy, modify, and distribute this software for any +.\" purpose with or without fee is hereby granted, provided that the above +.\" copyright notice and this permission notice appear in all copies. +.\" +.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES +.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF +.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR +.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES +.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN +.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF +.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. +.\" +.\" Sponsored in part by the Defense Advanced Research Projects +.\" Agency (DARPA) and Air Force Research Laboratory, Air Force +.\" Materiel Command, USAF, under agreement number F39502-99-1-0512. +.\" +.nr SL @SEMAN@ +.nr BA @BAMAN@ +.nr LC @LCMAN@ +.nr PS @PSMAN@ +.TH "SUDO" "@mansectsu@" "January 19, 2022" "Sudo @PACKAGE_VERSION@" "System Manager's Manual" +.nh +.if n .ad l +.SH "NAME" +\fBsudo\fR, +\fBsudoedit\fR +\- execute a command as another user +.SH "SYNOPSIS" +.HP 5n +\fBsudo\fR +\fB\-h\fR\ |\ \fB\-K\fR\ |\ \fB\-k\fR\ |\ \fB\-V\fR +.br +.PD 0 +.HP 5n +\fBsudo\fR +\fB\-v\fR +[\fB\-ABknS\fR] +.if \n(BA [\fB\-a\fR\ \fItype\fR] +[\fB\-g\fR\ \fIgroup\fR] +[\fB\-h\fR\ \fIhost\fR] +[\fB\-p\fR\ \fIprompt\fR] +[\fB\-u\fR\ \fIuser\fR] +.br +.HP 5n +\fBsudo\fR +\fB\-l\fR +[\fB\-ABknS\fR] +.if \n(BA [\fB\-a\fR\ \fItype\fR] +[\fB\-g\fR\ \fIgroup\fR] +[\fB\-h\fR\ \fIhost\fR] +[\fB\-p\fR\ \fIprompt\fR] +[\fB\-U\fR\ \fIuser\fR] +[\fB\-u\fR\ \fIuser\fR] +[\fIcommand\fR] +.br +.HP 5n +\fBsudo\fR +[\fB\-ABbEHnPS\fR] +.if \n(BA [\fB\-a\fR\ \fItype\fR] +[\fB\-C\fR\ \fInum\fR] +.if \n(LC [\fB\-c\fR\ \fIclass\fR] +[\fB\-D\fR\ \fIdirectory\fR] +[\fB\-g\fR\ \fIgroup\fR] +[\fB\-h\fR\ \fIhost\fR] +[\fB\-p\fR\ \fIprompt\fR] +[\fB\-R\fR\ \fIdirectory\fR] +.if \n(SL [\fB\-r\fR\ \fIrole\fR] +.if \n(SL [\fB\-t\fR\ \fItype\fR] +[\fB\-T\fR\ \fItimeout\fR] +[\fB\-u\fR\ \fIuser\fR] +[\fIVAR\fR=\fIvalue\fR] +[\fB\-i\fR\ |\ \fB\-s\fR] +[\fIcommand\fR] +.br +.HP 9n +\fBsudoedit\fR +[\fB\-ABknS\fR] +.if \n(BA [\fB\-a\fR\ \fItype\fR] +[\fB\-C\fR\ \fInum\fR] +.if \n(LC [\fB\-c\fR\ \fIclass\fR] +[\fB\-D\fR\ \fIdirectory\fR] +[\fB\-g\fR\ \fIgroup\fR] +[\fB\-h\fR\ \fIhost\fR] +[\fB\-p\fR\ \fIprompt\fR] +[\fB\-R\fR\ \fIdirectory\fR] +.if \n(SL [\fB\-r\fR\ \fIrole\fR] +.if \n(SL [\fB\-t\fR\ \fItype\fR] +[\fB\-T\fR\ \fItimeout\fR] +[\fB\-u\fR\ \fIuser\fR] +\fIfile\ ...\fR +.PD +.SH "DESCRIPTION" +\fBsudo\fR +allows a permitted user to execute a +\fIcommand\fR +as the superuser or another user, as specified by the security +policy. +The invoking user's real +(\fInot\fR effective) +user-ID is used to determine the user name with which +to query the security policy. +.PP +\fBsudo\fR +supports a plugin architecture for security policies, auditing, +and input/output logging. +Third parties can develop and distribute their own plugins to work +seamlessly with the +\fBsudo\fR +front-end. +The default security policy is +\fIsudoers\fR, +which is configured via the file +\fI@sysconfdir@/sudoers\fR, +or via LDAP. +See the +\fIPlugins\fR +section for more information. +.PP +The security policy determines what privileges, if any, a user has +to run +\fBsudo\fR. +The policy may require that users authenticate themselves with a +password or another authentication mechanism. +If authentication is required, +\fBsudo\fR +will exit if the user's password is not entered within a configurable +time limit. +This limit is policy-specific; the default password prompt timeout +for the +\fIsudoers\fR +security policy is +\fR@password_timeout@\fR +minutes. +.PP +Security policies may support credential caching to allow the user +to run +\fBsudo\fR +again for a period of time without requiring authentication. +By default, the +\fIsudoers\fR +policy caches credentials on a per-terminal basis for +\fR@timeout@\fR +minutes. +See the +\fItimestamp_type\fR +and +\fItimestamp_timeout\fR +options in +sudoers(@mansectform@) +for more information. +By running +\fBsudo\fR +with the +\fB\-v\fR +option, a user can update the cached credentials without running a +\fIcommand\fR. +.PP +On systems where +\fBsudo\fR +is the primary method of gaining superuser privileges, it is imperative +to avoid syntax errors in the security policy configuration files. +For the default security policy, +sudoers(@mansectform@), +changes to the configuration files should be made using the +visudo(@mansectsu@) +utility which will ensure that no syntax errors are introduced. +.PP +When invoked as +\fBsudoedit\fR, +the +\fB\-e\fR +option (described below), is implied. +.PP +Security policies and audit plugins may log successful and failed attempts +to run +\fBsudo\fR. +If an I/O plugin is configured, the running command's input and +output may be logged as well. +.PP +The options are as follows: +.TP 12n +\fB\-A\fR, \fB\--askpass\fR +Normally, if +\fBsudo\fR +requires a password, it will read it from the user's terminal. +If the +\fB\-A\fR (\fIaskpass\fR) +option is specified, a (possibly graphical) helper program is +executed to read the user's password and output the password to the +standard output. +If the +\fRSUDO_ASKPASS\fR +environment variable is set, it specifies the path to the helper +program. +Otherwise, if +sudo.conf(@mansectform@) +contains a line specifying the askpass program, that value will be +used. +For example: +.nf +.sp +.RS 16n +# Path to askpass helper program +Path askpass /usr/X11R6/bin/ssh-askpass +.RE +.fi +.RS 12n +.sp +If no askpass program is available, +\fBsudo\fR +will exit with an error. +.RE +.if \n(BA \{\ +.TP 12n +\fB\-a\fR \fItype\fR, \fB\--auth-type\fR=\fItype\fR +Use the specified +BSD +authentication +\fItype\fR +when validating the user, if allowed by +\fI/etc/login.conf\fR. +The system administrator may specify a list of sudo-specific +authentication methods by adding an +\(lqauth-sudo\(rq +entry in +\fI/etc/login.conf\fR. +This option is only available on systems that support +BSD +authentication. +.\} +.TP 12n +\fB\-B\fR, \fB\--bell\fR +Ring the bell as part of the password prompt when a terminal is present. +This option has no effect if an askpass program is used. +.TP 12n +\fB\-b\fR, \fB\--background\fR +Run the given command in the background. +Note that it is not possible to use shell job control to manipulate +background processes started by +\fBsudo\fR. +Most interactive commands will fail to work properly in background +mode. +.TP 12n +\fB\-C\fR \fInum\fR, \fB\--close-from\fR=\fInum\fR +Close all file descriptors greater than or equal to +\fInum\fR +before executing a command. +Values less than three are not permitted. +By default, +\fBsudo\fR +will close all open file descriptors other than standard input, +standard output, and standard error when executing a command. +The security policy may restrict the user's ability to use this option. +The +\fIsudoers\fR +policy only permits use of the +\fB\-C\fR +option when the administrator has enabled the +\fIclosefrom_override\fR +option. +.if \n(LC \{\ +.TP 12n +\fB\-c\fR \fIclass\fR, \fB\--login-class\fR=\fIclass\fR +Run the command with resource limits and scheduling priority of +the specified login +\fIclass\fR. +The +\fIclass\fR +argument can be either a class name as defined in +\fI/etc/login.conf\fR, +or a single +\(oq\-\(cq +character. +If +\fIclass\fR +is +\fB-\fR, +the default login class of the target user will be used. +Otherwise, the command must be run as the superuser (user-ID 0), or +\fBsudo\fR +must be run from a shell that is already running as the superuser. +If the command is being run as a login shell, additional +\fI/etc/login.conf\fR +settings, such as the umask and environment variables, will +be applied, if present. +This option is only available on systems with +BSD +login classes. +.\} +.TP 12n +\fB\-D\fR \fIdirectory\fR, \fB\--chdir\fR=\fIdirectory\fR +Run the command in the specified +\fIdirectory\fR +instead of the current working directory. +The security policy may return an error if the user does not have +permission to specify the working directory. +.TP 12n +\fB\-E\fR, \fB\--preserve-env\fR +Indicates to the security policy that the user wishes to +preserve their existing environment variables. +The security policy may return an error if the user does not have +permission to preserve the environment. +.TP 12n +\fB\--preserve-env=list\fR +Indicates to the security policy that the user wishes to add the +comma-separated list of environment variables to those preserved +from the user's environment. +The security policy may return an error if the user does not have +permission to preserve the environment. +This option may be specified multiple times. +.TP 12n +\fB\-e\fR, \fB\--edit\fR +Edit one or more files instead of running a command. +In lieu of a path name, the string "sudoedit" is used when consulting +the security policy. +If the user is authorized by the policy, the following steps are +taken: +.RS 16n +.TP 5n +1.\& +Temporary copies are made of the files to be edited with the owner +set to the invoking user. +.TP 5n +2.\& +The editor specified by the policy is run to edit the temporary +files. +The +\fIsudoers\fR +policy uses the +\fRSUDO_EDITOR\fR, +\fRVISUAL\fR +and +\fREDITOR\fR +environment variables (in that order). +If none of +\fRSUDO_EDITOR\fR, +\fRVISUAL\fR +or +\fREDITOR\fR +are set, the first program listed in the +\fIeditor\fR +sudoers(@mansectform@) +option is used. +.TP 5n +3.\& +If they have been modified, the temporary files are copied back to +their original location and the temporary versions are removed. +.RE +.RS 12n +.sp +To help prevent the editing of unauthorized files, the following +restrictions are enforced unless explicitly allowed by the security policy: +.RS 16n +.TP 3n +\fB\(bu\fR +Symbolic links may not be edited (version 1.8.15 and higher). +.TP 3n +\fB\(bu\fR +Symbolic links along the path to be edited are not followed when the +parent directory is writable by the invoking user unless that user +is root (version 1.8.16 and higher). +.TP 3n +\fB\(bu\fR +Files located in a directory that is writable by the invoking user may +not be edited unless that user is root (version 1.8.16 and higher). +.RE +.sp +Users are never allowed to edit device special files. +.sp +If the specified file does not exist, it will be created. +Note that unlike most commands run by +\fIsudo\fR, +the editor is run with the invoking user's environment unmodified. +If the temporary file becomes empty after editing, the user will +be prompted before it is installed. +If, for some reason, +\fBsudo\fR +is unable to update a file with its edited version, the user will +receive a warning and the edited copy will remain in a temporary +file. +.RE +.TP 12n +\fB\-g\fR \fIgroup\fR, \fB\--group\fR=\fIgroup\fR +Run the command with the primary group set to +\fIgroup\fR +instead of the primary group specified by the target +user's password database entry. +The +\fIgroup\fR +may be either a group name or a numeric group-ID +(GID) +prefixed with the +\(oq#\(cq +character (e.g., +\fR#0\fR +for GID 0). +When running a command as a GID, many shells require that the +\(oq#\(cq +be escaped with a backslash +(\(oq\e\(cq). +If no +\fB\-u\fR +option is specified, the command will be run as the invoking user. +In either case, the primary group will be set to +\fIgroup\fR. +The +\fIsudoers\fR +policy permits any of the target user's groups to be specified via +the +\fB\-g\fR +option as long as the +\fB\-P\fR +option is not in use. +.TP 12n +\fB\-H\fR, \fB\--set-home\fR +Request that the security policy set the +\fRHOME\fR +environment variable to the home directory specified by the target +user's password database entry. +Depending on the policy, this may be the default behavior. +.TP 12n +\fB\-h\fR, \fB\--help\fR +Display a short help message to the standard output and exit. +.TP 12n +\fB\-h\fR \fIhost\fR, \fB\--host\fR=\fIhost\fR +Run the command on the specified +\fIhost\fR +if the security policy plugin supports remote commands. +Note that the +\fIsudoers\fR +plugin does not currently support running remote commands. +This may also be used in conjunction with the +\fB\-l\fR +option to list a user's privileges for the remote host. +.TP 12n +\fB\-i\fR, \fB\--login\fR +Run the shell specified by the target user's password database entry +as a login shell. +This means that login-specific resource files such as +\fI.profile\fR, +\fI.bash_profile\fR, +or +\fI.login\fR +will be read by the shell. +If a command is specified, it is passed to the shell as a simple +command using the +\fB\-c\fR +option. +The command and any arguments are concatenated, separated by spaces, +after escaping each character +(including white space) +with a backslash +(\(oq\e\(cq) +except for alphanumerics, underscores, +hyphens, and dollar signs. +If no command is specified, an interactive shell is executed. +\fBsudo\fR +attempts to change to that user's home directory before running the +shell. +The command is run with an environment similar to the one +a user would receive at log in. +Note that most shells behave differently when a command is specified +as compared to an interactive session; consult the shell's manual +for details. +The +\fICommand environment\fR +section in the +sudoers(@mansectform@) +manual documents how the +\fB\-i\fR +option affects the environment in which a command is run when the +\fIsudoers\fR +policy is in use. +.TP 12n +\fB\-K\fR, \fB\--remove-timestamp\fR +Similar to the +\fB\-k\fR +option, except that it removes the user's cached credentials entirely +and may not be used in conjunction with a command or other option. +This option does not require a password. +Not all security policies support credential caching. +.TP 12n +\fB\-k\fR, \fB\--reset-timestamp\fR +When used without a command, invalidates the user's cached credentials. +In other words, the next time +\fBsudo\fR +is run a password will be required. +This option does not require a password, and was added to allow a +user to revoke +\fBsudo\fR +permissions from a +\fI.logout\fR +file. +.sp +When used in conjunction with a command or an option that may require +a password, this option will cause +\fBsudo\fR +to ignore the user's cached credentials. +As a result, +\fBsudo\fR +will prompt for a password (if one is required by the security +policy) and will not update the user's cached credentials. +.sp +Not all security policies support credential caching. +.TP 12n +\fB\-l\fR, \fB\--list\fR +If no +\fIcommand\fR +is specified, +list the allowed (and forbidden) commands for the +invoking user (or the user specified by the +\fB\-U\fR +option) on the current host. +A longer list format is used if this option is specified multiple times +and the security policy supports a verbose output format. +.sp +If a +\fIcommand\fR +is specified and is permitted by the security policy, the fully-qualified +path to the command is displayed along with any command line +arguments. +If a +\fIcommand\fR +is specified but not allowed by the policy, +\fBsudo\fR +will exit with a status value of 1. +.TP 12n +\fB\-n\fR, \fB\--non-interactive\fR +Avoid prompting the user for input of any kind. +If a password is required for the command to run, +\fBsudo\fR +will display an error message and exit. +.TP 12n +\fB\-P\fR, \fB\--preserve-groups\fR +Preserve the invoking user's group vector unaltered. +By default, the +\fIsudoers\fR +policy will initialize the group vector to the list of groups the +target user is a member of. +The real and effective group-IDs, however, are still set to match +the target user. +.TP 12n +\fB\-p\fR \fIprompt\fR, \fB\--prompt\fR=\fIprompt\fR +Use a custom password prompt with optional escape sequences. +The following percent +(\(oq%\(cq) +escape sequences are supported by the +\fIsudoers\fR +policy: +.PP +.RS 12n +.PD 0 +.TP 4n +\fR%H\fR +expanded to the host name including the domain name (only if the +machine's host name is fully qualified or the +\fIfqdn\fR +option is set in +sudoers(@mansectform@)) +.PD +.TP 4n +\fR%h\fR +expanded to the local host name without the domain name +.TP 4n +\fR%p\fR +expanded to the name of the user whose password is being requested +(respects the +\fIrootpw\fR, +\fItargetpw\fR, +and +\fIrunaspw\fR +flags in +sudoers(@mansectform@)) +.TP 4n +\fR\&%U\fR +expanded to the login name of the user the command will be run as +(defaults to root unless the +\fB\-u\fR +option is also specified) +.TP 4n +\fR%u\fR +expanded to the invoking user's login name +.TP 4n +\fR%%\fR +two consecutive +\(oq%\(cq +characters are collapsed into a single +\(oq%\(cq +character +.PP +The custom prompt will override the default prompt specified by either +the security policy or the +\fRSUDO_PROMPT\fR +environment variable. +On systems that use PAM, the custom prompt will also override the prompt +specified by a PAM module unless the +\fIpassprompt_override\fR +flag is disabled in +\fIsudoers\fR. +.RE +.TP 12n +\fB\-R\fR \fIdirectory\fR, \fB\--chroot\fR=\fIdirectory\fR +Change to the specified root +\fIdirectory\fR +(see +chroot(@mansectsu@)) +before running the command. +The security policy may return an error if the user does not have +permission to specify the root directory. +.if \n(SL \{\ +.TP 12n +\fB\-r\fR \fIrole\fR, \fB\--role\fR=\fIrole\fR +Run the command with an SELinux security context that includes +the specified +\fIrole\fR. +.\} +.TP 12n +\fB\-S\fR, \fB\--stdin\fR +Write the prompt to the standard error and read the password from the +standard input instead of using the terminal device. +.TP 12n +\fB\-s\fR, \fB\--shell\fR +Run the shell specified by the +\fRSHELL\fR +environment variable if it is set or the shell specified by the +invoking user's password database entry. +If a command is specified, it is passed to the shell as a simple +command using the +\fB\-c\fR +option. +The command and any arguments are concatenated, separated by spaces, +after escaping each character +(including white space) +with a backslash +(\(oq\e\(cq) +except for alphanumerics, underscores, +hyphens, and dollar signs. +If no command is specified, an interactive shell is executed. +Note that most shells behave differently when a command is specified +as compared to an interactive session; consult the shell's manual +for details. +.if \n(SL \{\ +.TP 12n +\fB\-t\fR \fItype\fR, \fB\--type\fR=\fItype\fR +Run the command with an SELinux security context that includes +the specified +\fItype\fR. +If no +\fItype\fR +is specified, the default type is derived from the role. +.\} +.TP 12n +\fB\-U\fR \fIuser\fR, \fB\--other-user\fR=\fIuser\fR +Used in conjunction with the +\fB\-l\fR +option to list the privileges for +\fIuser\fR +instead of for the invoking user. +The security policy may restrict listing other users' privileges. +The +\fIsudoers\fR +policy only allows root or a user with the +\fRALL\fR +privilege on the current host to use this option. +.TP 12n +\fB\-T\fR \fItimeout\fR, \fB\--command-timeout\fR=\fItimeout\fR +Used to set a timeout for the command. +If the timeout expires before the command has exited, the +command will be terminated. +The security policy may restrict the ability to set command timeouts. +The +\fIsudoers\fR +policy requires that user-specified timeouts be explicitly enabled. +.TP 12n +\fB\-u\fR \fIuser\fR, \fB\--user\fR=\fIuser\fR +Run the command as a user other than the default target user +(usually +\fIroot\fR). +The +\fIuser\fR +may be either a user name or a numeric user-ID +(UID) +prefixed with the +\(oq#\(cq +character (e.g., +\fR#0\fR +for UID 0). +When running commands as a UID, many shells require that the +\(oq#\(cq +be escaped with a backslash +(\(oq\e\(cq). +Some security policies may restrict UIDs +to those listed in the password database. +The +\fIsudoers\fR +policy allows UIDs that are not in the password database as long as the +\fItargetpw\fR +option is not set. +Other security policies may not support this. +.TP 12n +\fB\-V\fR, \fB\--version\fR +Print the +\fBsudo\fR +version string as well as the version string of any configured plugins. +If the invoking user is already root, the +\fB\-V\fR +option will display the arguments passed to configure when +\fBsudo\fR +was built; plugins may display additional information such as +default options. +.TP 12n +\fB\-v\fR, \fB\--validate\fR +Update the user's cached credentials, authenticating the user +if necessary. +For the +\fIsudoers\fR +plugin, this extends the +\fBsudo\fR +timeout for another +\fR@timeout@\fR +minutes by default, but does not run a command. +Not all security policies support cached credentials. +.TP 12n +\fB\--\fR +The +\fB\--\fR +option indicates that +\fBsudo\fR +should stop processing command line arguments. +.PP +Options that take a value may only be specified once unless +otherwise indicated in the description. +This is to help guard against problems caused by poorly written +scripts that invoke +\fBsudo\fR +with user-controlled input. +.PP +Environment variables to be set for the command may also be passed +on the command line in the form of +\fIVAR\fR=\fIvalue\fR, +e.g., +\fRLD_LIBRARY_PATH\fR=\fI/usr/local/pkg/lib\fR. +Variables passed on the command line are subject to restrictions +imposed by the security policy plugin. +The +\fIsudoers\fR +policy subjects variables passed on the command line to the same +restrictions as normal environment variables with one important +exception. +If the +\fIsetenv\fR +option is set in +\fIsudoers\fR, +the command to be run has the +\fRSETENV\fR +tag set or the command matched is +\fRALL\fR, +the user may set variables that would otherwise be forbidden. +See +sudoers(@mansectform@) +for more information. +.SH "COMMAND EXECUTION" +When +\fBsudo\fR +executes a command, the security policy specifies the execution +environment for the command. +Typically, the real and effective user and group and IDs are set to +match those of the target user, as specified in the password database, +and the group vector is initialized based on the group database +(unless the +\fB\-P\fR +option was specified). +.PP +The following parameters may be specified by security policy: +.TP 3n +\fB\(bu\fR +real and effective user-ID +.TP 3n +\fB\(bu\fR +real and effective group-ID +.TP 3n +\fB\(bu\fR +supplementary group-IDs +.TP 3n +\fB\(bu\fR +the environment list +.TP 3n +\fB\(bu\fR +current working directory +.TP 3n +\fB\(bu\fR +file creation mode mask (umask) +.if \n(SL \{\ +.TP 3n +\fB\(bu\fR +SELinux role and type +.\} +.if \n(PS \{\ +.TP 3n +\fB\(bu\fR +Solaris project +.\} +.if \n(PS \{\ +.TP 3n +\fB\(bu\fR +Solaris privileges +.\} +.if \n(LC \{\ +.TP 3n +\fB\(bu\fR +BSD +login class +.\} +.TP 3n +\fB\(bu\fR +scheduling priority (aka nice value) +.SS "Process model" +There are two distinct ways +\fBsudo\fR +can run a command. +.PP +If an I/O logging plugin is configured or if the security policy +explicitly requests it, a new pseudo-terminal +(\(lqpty\(rq) +is allocated and +fork(2) +is used to create a second +\fBsudo\fR +process, referred to as the +\fImonitor\fR. +The +\fImonitor\fR +creates a new terminal session with itself as the leader and the pty as its +controlling terminal, calls +fork(2), +sets up the execution environment as described above, and then uses the +execve(2) +system call to run the command in the child process. +The +\fImonitor\fR +exists to relay job control signals between the user's +existing terminal and the pty the command is being run in. +This makes it possible to suspend and resume the command. +Without the monitor, the command would be in what POSIX terms an +\(lqorphaned process group\(rq +and it would not receive any job control signals from the kernel. +When the command exits or is terminated by a signal, the +\fImonitor\fR +passes the command's exit status to the main +\fBsudo\fR +process and exits. +After receiving the command's exit status, the main +\fBsudo\fR +passes the command's exit status to the security policy's close function +and exits. +.PP +If no pty is used, +\fBsudo\fR +calls +fork(2), +sets up the execution environment as described above, and uses the +execve(2) +system call to run the command in the child process. +The main +\fBsudo\fR +process waits until the command has completed, then passes the +command's exit status to the security policy's close function and exits. +As a special case, if the policy plugin does not define a close +function, +\fBsudo\fR +will execute the command directly instead of calling +fork(2) +first. +The +\fIsudoers\fR +policy plugin will only define a close function when I/O logging +is enabled, a pty is required, an SELinux role is specified, the +command has an associated timeout, or the +\fIpam_session\fR +or +\fIpam_setcred\fR +options are enabled. +Note that +\fIpam_session\fR +and +\fIpam_setcred\fR +are enabled by default on systems using PAM. +.PP +On systems that use PAM, the security policy's close function +is responsible for closing the PAM session. +It may also log the command's exit status. +.SS "Signal handling" +When the command is run as a child of the +\fBsudo\fR +process, +\fBsudo\fR +will relay signals it receives to the command. +The +\fRSIGINT\fR +and +\fRSIGQUIT\fR +signals are only relayed when the command is being run in a new pty +or when the signal was sent by a user process, not the kernel. +This prevents the command from receiving +\fRSIGINT\fR +twice each time the user enters control-C. +Some signals, such as +\fRSIGSTOP\fR +and +\fRSIGKILL\fR, +cannot be caught and thus will not be relayed to the command. +As a general rule, +\fRSIGTSTP\fR +should be used instead of +\fRSIGSTOP\fR +when you wish to suspend a command being run by +\fBsudo\fR. +.PP +As a special case, +\fBsudo\fR +will not relay signals that were sent by the command it is running. +This prevents the command from accidentally killing itself. +On some systems, the +reboot(@mansectsu@) +command sends +\fRSIGTERM\fR +to all non-system processes other than itself before rebooting +the system. +This prevents +\fBsudo\fR +from relaying the +\fRSIGTERM\fR +signal it received back to +reboot(@mansectsu@), +which might then exit before the system was actually rebooted, +leaving it in a half-dead state similar to single user mode. +Note, however, that this check only applies to the command run by +\fBsudo\fR +and not any other processes that the command may create. +As a result, running a script that calls +reboot(@mansectsu@) +or +shutdown(@mansectsu@) +via +\fBsudo\fR +may cause the system to end up in this undefined state unless the +reboot(@mansectsu@) +or +shutdown(@mansectsu@) +are run using the +\fBexec\fR() +family of functions instead of +\fBsystem\fR() +(which interposes a shell between the command and the calling process). +.PP +If no I/O logging plugins are loaded and the policy plugin has not +defined a +\fBclose\fR() +function, set a command timeout, or required that the command be +run in a new pty, +\fBsudo\fR +may execute the command directly instead of running it as a child process. +.SS "Plugins" +Plugins may be specified via +\fRPlugin\fR +directives in the +sudo.conf(@mansectform@) +file. +They may be loaded as dynamic shared objects (on systems that support them), +or compiled directly into the +\fBsudo\fR +binary. +If no +sudo.conf(@mansectform@) +file is present, or if it doesn't contain any +\fRPlugin\fR +lines, +\fBsudo\fR +will use +sudoers(@mansectform@) +for the policy, auditing, and I/O logging plugins. +See the +sudo.conf(@mansectform@) +manual for details of the +\fI@sysconfdir@/sudo.conf\fR +file and the +sudo_plugin(@mansectform@) +manual for more information about the +\fBsudo\fR +plugin architecture. +.SH "EXIT VALUE" +Upon successful execution of a command, the exit status from +\fBsudo\fR +will be the exit status of the program that was executed. +If the command terminated due to receipt of a signal, +\fBsudo\fR +will send itself the same signal that terminated the command. +.PP +If the +\fB\-l\fR +option was specified without a command, +\fBsudo\fR +will exit with a value of 0 if the user is allowed to run +\fBsudo\fR +and they authenticated successfully (as required by the security policy). +If a command is specified with the +\fB\-l\fR +option, the exit value will only be 0 if the command is permitted by the +security policy, otherwise it will be 1. +.PP +If there is an authentication failure, a configuration/permission +problem, or if the given command cannot be executed, +\fBsudo\fR +exits with a value of 1. +In the latter case, the error string is printed to the standard error. +If +\fBsudo\fR +cannot +stat(2) +one or more entries in the user's +\fRPATH\fR, +an error is printed to the standard error. +(If the directory does not exist or if it is not really a directory, +the entry is ignored and no error is printed.) +This should not happen under normal circumstances. +The most common reason for +stat(2) +to return +\(lqpermission denied\(rq +is if you are running an automounter and one of the directories in +your +\fRPATH\fR +is on a machine that is currently unreachable. +.SH "SECURITY NOTES" +\fBsudo\fR +tries to be safe when executing external commands. +.PP +To prevent command spoofing, +\fBsudo\fR +checks "." and "" (both denoting current directory) last when +searching for a command in the user's +\fRPATH\fR +(if one or both are in the +\fRPATH\fR). +Depending on the security policy, the user's +\fRPATH\fR +environment variable may be modified, replaced, +or passed unchanged to the program that +\fBsudo\fR +executes. +.PP +Users should +\fInever\fR +be granted +\fBsudo\fR +privileges to execute files that are writable by the user or +that reside in a directory that is writable by the user. +If the user can modify or replace the command there is no way +to limit what additional commands they can run. +.PP +Please note that +\fBsudo\fR +will normally only log the command it explicitly runs. +If a user runs a command such as +\fRsudo su\fR +or +\fRsudo sh\fR, +subsequent commands run from that shell are not subject to +\fBsudo\fR's +security policy. +The same is true for commands that offer shell escapes (including +most editors). +If I/O logging is enabled, subsequent commands will have their input and/or +output logged, but there will not be traditional logs for those commands. +Because of this, care must be taken when giving users access to commands via +\fBsudo\fR +to verify that the command does not inadvertently give the user an +effective root shell. +For information on ways to address this, please see the +\fIPreventing shell escapes\fR +section in +sudoers(@mansectform@). +.PP +To prevent the disclosure of potentially sensitive information, +\fBsudo\fR +disables core dumps by default while it is executing (they are +re-enabled for the command that is run). +This historical practice dates from a time when most operating +systems allowed set-user-ID processes to dump core by default. +To aid in debugging +\fBsudo\fR +crashes, you may wish to re-enable core dumps by setting +\(lqdisable_coredump\(rq +to false in the +sudo.conf(@mansectform@) +file as follows: +.nf +.sp +.RS 6n +Set disable_coredump false +.RE +.fi +.PP +See the +sudo.conf(@mansectform@) +manual for more information. +.SH "ENVIRONMENT" +\fBsudo\fR +utilizes the following environment variables. +The security policy has control over the actual content of the command's +environment. +.TP 17n +\fREDITOR\fR +Default editor to use in +\fB\-e\fR +(sudoedit) mode if neither +\fRSUDO_EDITOR\fR +nor +\fRVISUAL\fR +is set. +.TP 17n +\fRMAIL\fR +Set to the mail spool of the target user when the +\fB\-i\fR +option is specified, or when +\fIenv_reset\fR +is enabled in +\fIsudoers\fR +(unless +\fRMAIL\fR +is present in the +\fIenv_keep\fR +list). +.TP 17n +\fRHOME\fR +Set to the home directory of the target user when the +\fB\-i\fR +or +\fB\-H\fR +options are specified, when the +\fB\-s\fR +option is specified and +\fIset_home\fR +is set in +\fIsudoers\fR, +when +\fIalways_set_home\fR +is enabled in +\fIsudoers\fR, +or when +\fIenv_reset\fR +is enabled in +\fIsudoers\fR +and +\fIHOME\fR +is not present in the +\fIenv_keep\fR +list. +.TP 17n +\fRLOGNAME\fR +Set to the login name of the target user when the +\fB\-i\fR +option is specified, when the +\fIset_logname\fR +option is enabled in +\fIsudoers\fR, +or when the +\fIenv_reset\fR +option is enabled in +\fIsudoers\fR +(unless +\fRLOGNAME\fR +is present in the +\fIenv_keep\fR +list). +.TP 17n +\fRPATH\fR +May be overridden by the security policy. +.TP 17n +\fRSHELL\fR +Used to determine shell to run with +\fB\-s\fR +option. +.TP 17n +\fRSUDO_ASKPASS\fR +Specifies the path to a helper program used to read the password +if no terminal is available or if the +\fB\-A\fR +option is specified. +.TP 17n +\fRSUDO_COMMAND\fR +Set to the command run by sudo, including command line arguments. +The command line arguments are truncated at 4096 characters to +prevent a potential execution error. +.TP 17n +\fRSUDO_EDITOR\fR +Default editor to use in +\fB\-e\fR +(sudoedit) mode. +.TP 17n +\fRSUDO_GID\fR +Set to the group-ID of the user who invoked sudo. +.TP 17n +\fRSUDO_PROMPT\fR +Used as the default password prompt unless +the +\fB\-p\fR +option was specified. +.TP 17n +\fRSUDO_PS1\fR +If set, +\fRPS1\fR +will be set to its value for the program being run. +.TP 17n +\fRSUDO_UID\fR +Set to the user-ID of the user who invoked sudo. +.TP 17n +\fRSUDO_USER\fR +Set to the login name of the user who invoked sudo. +.TP 17n +\fRUSER\fR +Set to the same value as +\fRLOGNAME\fR, +described above. +.TP 17n +\fRVISUAL\fR +Default editor to use in +\fB\-e\fR +(sudoedit) mode if +\fRSUDO_EDITOR\fR +is not set. +.SH "FILES" +.TP 26n +\fI@sysconfdir@/sudo.conf\fR +\fBsudo\fR +front-end configuration +.SH "EXAMPLES" +Note: the following examples assume a properly configured security +policy. +.PP +To get a file listing of an unreadable directory: +.nf +.sp +.RS 6n +$ sudo ls /usr/local/protected +.RE +.fi +.PP +To list the home directory of user yaz on a machine where the file +system holding ~yaz is not exported as root: +.nf +.sp +.RS 6n +$ sudo -u yaz ls ~yaz +.RE +.fi +.PP +To edit the +\fIindex.html\fR +file as user www: +.nf +.sp +.RS 6n +$ sudoedit -u www ~www/htdocs/index.html +.RE +.fi +.PP +To view system logs only accessible to root and users in the adm +group: +.nf +.sp +.RS 6n +$ sudo -g adm more /var/log/syslog +.RE +.fi +.PP +To run an editor as jim with a different primary group: +.nf +.sp +.RS 6n +$ sudoedit -u jim -g audio ~jim/sound.txt +.RE +.fi +.PP +To shut down a machine: +.nf +.sp +.RS 6n +$ sudo shutdown -r +15 "quick reboot" +.RE +.fi +.PP +To make a usage listing of the directories in the /home partition. +Note that this runs the commands in a sub-shell to make the +\fRcd\fR +and file redirection work. +.nf +.sp +.RS 6n +$ sudo sh -c "cd /home ; du -s * | sort -rn > USAGE" +.RE +.fi +.SH "DIAGNOSTICS" +Error messages produced by +\fBsudo\fR +include: +.TP 6n +\fRediting files in a writable directory is not permitted\fR +By default, +\fBsudoedit\fR +does not permit editing a file when any of the parent directories are writable +by the invoking user. +This avoids a race condition that could allow the user to overwrite +an arbitrary file. +See the +\fIsudoedit_checkdir\fR +option in +sudoers(@mansectform@) +for more information. +.TP 6n +\fRediting symbolic links is not permitted\fR +By default, +\fBsudoedit\fR +does not follow symbolic links when opening files. +See the +\fIsudoedit_follow\fR +option in +sudoers(@mansectform@) +for more information. +.TP 6n +\fReffective uid is not 0, is sudo installed setuid root?\fR +\fBsudo\fR +was not run with root privileges. +The +\fBsudo\fR +binary must be owned by the root user and have the set-user-ID bit set. +Also, it must not be located on a file system mounted with the +\(oqnosuid\(cq +option or on an NFS file system that maps uid 0 to an unprivileged uid. +.TP 6n +\fReffective uid is not 0, is sudo on a file system with the 'nosuid' option set or an NFS file system without root privileges?\fR +\fBsudo\fR +was not run with root privileges. +The +\fBsudo\fR +binary has the proper owner and permissions but it still did not run +with root privileges. +The most common reason for this is that the file system the +\fBsudo\fR +binary is located on is mounted with the +\(oqnosuid\(cq +option or it is an NFS file system that maps uid 0 to an unprivileged uid. +.TP 6n +\fRfatal error, unable to load plugins\fR +An error occurred while loading or initializing the plugins specified in +sudo.conf(@mansectform@). +.TP 6n +\fRinvalid environment variable name\fR +One or more environment variable names specified via the +\fB\-E\fR +option contained an equal sign +(\(oq=\(cq). +The arguments to the +\fB\-E\fR +option should be environment variable names without an associated value. +.TP 6n +\fRno password was provided\fR +When +\fBsudo\fR +tried to read the password, it did not receive any characters. +This may happen if no terminal is available (or the +\fB\-S\fR +option is specified) and the standard input has been redirected from +\fI/dev/null\fR. +.TP 6n +\fRa terminal is required to read the password\fR +\fBsudo\fR +needs to read the password but there is no mechanism available for it +to do so. +A terminal is not present to read the password from, +\fBsudo\fR +has not been configured to read from the standard input, +the +\fB\-S\fR +option was not used, and no askpass helper has been specified either via the +sudo.conf(@mansectform@) +file or the +\fRSUDO_ASKPASS\fR +environment variable. +.TP 6n +\fRno writable temporary directory found\fR +\fBsudoedit\fR +was unable to find a usable temporary directory in which to store its +intermediate files. +.TP 6n +\fRThe\fR \(lqno new privileges\(rq flag is set, which prevents sudo from running as root. +\fBsudo\fR +was run by a process that has the Linux +\(lqno new privileges\(rq +flag is set. +This causes the set-user-ID bit to be ignored when running an executable, +which will prevent +\fBsudo\fR +from functioning. +The most likely cause for this is running +\fBsudo\fR +within a container that sets this flag. +Check the documentation to see if it is possible to configure the +container such that the flag is not set. +.TP 6n +\fRsudo must be owned by uid 0 and have the setuid bit set\fR +\fBsudo\fR +was not run with root privileges. +The +\fBsudo\fR +binary does not have the correct owner or permissions. +It must be owned by the root user and have the set-user-ID bit set. +.TP 6n +\fRsudoedit is not supported on this platform\fR +It is only possible to run +\fBsudoedit\fR +on systems that support setting the effective user-ID. +.TP 6n +\fRtimed out reading password\fR +The user did not enter a password before the password timeout +(5 minutes by default) expired. +.TP 6n +\fRyou do not exist in the passwd database\fR +Your user-ID does not appear in the system passwd database. +.TP 6n +\fRyou may not specify environment variables in edit mode\fR +It is only possible to specify environment variables when running +a command. +When editing a file, the editor is run with the user's environment unmodified. +.SH "SEE ALSO" +su(1), +stat(2), +login_cap(3), +passwd(@mansectform@), +sudo.conf(@mansectform@), +sudo_plugin(@mansectform@), +sudoers(@mansectform@), +sudoers_timestamp(@mansectform@), +sudoreplay(@mansectsu@), +visudo(@mansectsu@) +.SH "HISTORY" +See the HISTORY file in the +\fBsudo\fR +distribution (https://www.sudo.ws/history.html) for a brief +history of sudo. +.SH "AUTHORS" +Many people have worked on +\fBsudo\fR +over the years; this version consists of code written primarily by: +.sp +.RS 6n +Todd C. Miller +.RE +.PP +See the CONTRIBUTORS file in the +\fBsudo\fR +distribution (https://www.sudo.ws/contributors.html) for an +exhaustive list of people who have contributed to +\fBsudo\fR. +.SH "CAVEATS" +There is no easy way to prevent a user from gaining a root shell +if that user is allowed to run arbitrary commands via +\fBsudo\fR. +Also, many programs (such as editors) allow the user to run commands +via shell escapes, thus avoiding +\fBsudo\fR's +checks. +However, on most systems it is possible to prevent shell escapes with the +sudoers(@mansectform@) +plugin's +\fInoexec\fR +functionality. +.PP +It is not meaningful to run the +\fRcd\fR +command directly via sudo, e.g., +.nf +.sp +.RS 6n +$ sudo cd /usr/local/protected +.RE +.fi +.PP +since when the command exits the parent process (your shell) will +still be the same. +Please see the +\fIEXAMPLES\fR +section for more information. +.PP +Running shell scripts via +\fBsudo\fR +can expose the same kernel bugs that make set-user-ID shell scripts +unsafe on some operating systems (if your OS has a /dev/fd/ directory, +set-user-ID shell scripts are generally safe). +.SH "BUGS" +If you feel you have found a bug in +\fBsudo\fR, +please submit a bug report at https://bugzilla.sudo.ws/ +.SH "SUPPORT" +Limited free support is available via the sudo-users mailing list, +see https://www.sudo.ws/mailman/listinfo/sudo-users to subscribe or +search the archives. +.SH "DISCLAIMER" +\fBsudo\fR +is provided +\(lqAS IS\(rq +and any express or implied warranties, including, but not limited +to, the implied warranties of merchantability and fitness for a +particular purpose are disclaimed. +See the LICENSE file distributed with +\fBsudo\fR +or https://www.sudo.ws/license.html for complete details. diff -Nru sudo-1.9.5p2/docs/sudo.man.in.sed sudo-1.9.9/docs/sudo.man.in.sed --- sudo-1.9.5p2/docs/sudo.man.in.sed 1970-01-01 00:00:00.000000000 +0000 +++ sudo-1.9.9/docs/sudo.man.in.sed 2022-01-27 21:24:22.000000000 +0000 @@ -0,0 +1,76 @@ +s/^\(.TH .*\)/.nr SL @SEMAN@\ +.nr BA @BAMAN@\ +.nr LC @LCMAN@\ +.nr PS @PSMAN@\ +\1/ + +s/^\(\[\\fB\\-a\\fR.*\\fItype\\fR\]\) *$/.if \\n(BA \1/ +s/^\(\[\\fB\\-c\\fR.*\\fIclass\\fR\]\) *$/.if \\n(LC \1/ +s/^\(\[\\fB\\-r\\fR.*\\fIrole\\fR\]\) *$/.if \\n(SL \1/ +s/^\(\[\\fB\\-t\\fR.*\\fItype\\fR\]\) *$/.if \\n(SL \1/ + +/^\.TP 12n$/ { + N + /^\.TP 12n\n\\fB\\-a\\fR.*\\fItype\\fR$/,/^\.TP 12n/ { + /^\.TP 12n/ { + /^\.TP 12n\n\\fB\\-a\\fR.*\\fItype\\fR$/i\ +.if \\n(BA \\{\\ + /^\.TP 12n\n\\fB\\-a\\fR.*\\fItype\\fR$/!i\ +.\\} + } + } + /^\.TP 12n\n\\fB\\-c\\fR.*\\fIclass\\fR$/,/^\.TP 12n/ { + /^\.TP 12n/ { + /^\.TP 12n\n\\fB\\-c\\fR.*\\fIclass\\fR$/i\ +.if \\n(LC \\{\\ + /^\.TP 12n\n\\fB\\-c\\fR.*\\fIclass\\fR$/!i\ +.\\} + } + } + /^\.TP 12n\n\\fB\\-r\\fR.*\\fIrole\\fR$/,/^\.TP 12n/ { + /^\.TP 12n/ { + /^\.TP 12n\n\\fB\\-r\\fR.*\\fIrole\\fR$/i\ +.if \\n(SL \\{\\ + /^\.TP 12n\n\\fB\\-r\\fR.*\\fIrole\\fR$/!i\ +.\\} + } + } + /^\.TP 12n\n\\fB\\-t\\fR.*\\fItype\\fR$/,/^\.TP 12n/ { + /^\.TP 12n/ { + /^\.TP 12n\n\\fB\\-t\\fR.*\\fItype\\fR$/i\ +.if \\n(SL \\{\\ + /^\.TP 12n\n\\fB\\-t\\fR.*\\fItype\\fR$/!i\ +.\\} + } + } +} + +/^\.TP 3n$/ { + N + N + /^.TP 3n\n\\fB\\(bu\\fR\nSELinux role and type$/ { + i\ +.if \\n(SL \\{\\ + a\ +.\\} + } + /^.TP 3n\n\\fB\\(bu\\fR\nSolaris project$/ { + i\ +.if \\n(PS \\{\\ + a\ +.\\} + } + /^.TP 3n\n\\fB\\(bu\\fR\nSolaris privileges$/ { + i\ +.if \\n(PS \\{\\ + a\ +.\\} + } + /^.TP 3n\n\\fB\\(bu\\fR\nBSD$/ { + N + i\ +.if \\n(LC \\{\\ + a\ +.\\} + } +} diff -Nru sudo-1.9.5p2/docs/sudo.mdoc.in sudo-1.9.9/docs/sudo.mdoc.in --- sudo-1.9.5p2/docs/sudo.mdoc.in 1970-01-01 00:00:00.000000000 +0000 +++ sudo-1.9.9/docs/sudo.mdoc.in 2022-01-27 21:24:22.000000000 +0000 @@ -0,0 +1,1411 @@ +.\" +.\" SPDX-License-Identifier: ISC +.\" +.\" Copyright (c) 1994-1996, 1998-2005, 2007-2022 +.\" Todd C. Miller +.\" +.\" Permission to use, copy, modify, and distribute this software for any +.\" purpose with or without fee is hereby granted, provided that the above +.\" copyright notice and this permission notice appear in all copies. +.\" +.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES +.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF +.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR +.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES +.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN +.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF +.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. +.\" +.\" Sponsored in part by the Defense Advanced Research Projects +.\" Agency (DARPA) and Air Force Research Laboratory, Air Force +.\" Materiel Command, USAF, under agreement number F39502-99-1-0512. +.\" +.nr SL @SEMAN@ +.nr BA @BAMAN@ +.nr LC @LCMAN@ +.nr PS @PSMAN@ +.Dd January 19, 2022 +.Dt SUDO @mansectsu@ +.Os Sudo @PACKAGE_VERSION@ +.Sh NAME +.Nm sudo , +.Nm sudoedit +.Nd execute a command as another user +.Sh SYNOPSIS +.Nm sudo +.Fl h | K | k | V +.Nm sudo +.Fl v +.Op Fl ABknS +.if \n(BA \{\ +.Op Fl a Ar type +.\} +.Op Fl g Ar group +.Op Fl h Ar host +.Op Fl p Ar prompt +.Op Fl u Ar user +.Nm sudo +.Fl l +.Op Fl ABknS +.if \n(BA \{\ +.Op Fl a Ar type +.\} +.Op Fl g Ar group +.Op Fl h Ar host +.Op Fl p Ar prompt +.Op Fl U Ar user +.Op Fl u Ar user +.Op Ar command +.Nm sudo +.Op Fl ABbEHnPS +.if \n(BA \{\ +.Op Fl a Ar type +.\} +.Op Fl C Ar num +.if \n(LC \{\ +.Op Fl c Ar class +.\} +.Op Fl D Ar directory +.Op Fl g Ar group +.Op Fl h Ar host +.Op Fl p Ar prompt +.Op Fl R Ar directory +.if \n(SL \{\ +.Op Fl r Ar role +.Op Fl t Ar type +.\} +.Op Fl T Ar timeout +.Op Fl u Ar user +.Op Ar VAR Ns = Ns Ar value +.Op Fl i | s +.Op Ar command +.Nm sudoedit +.Op Fl ABknS +.if \n(BA \{\ +.Op Fl a Ar type +.\} +.Op Fl C Ar num +.if \n(LC \{\ +.Op Fl c Ar class +.\} +.Op Fl D Ar directory +.Op Fl g Ar group +.Op Fl h Ar host +.Op Fl p Ar prompt +.Op Fl R Ar directory +.if \n(SL \{\ +.Op Fl r Ar role +.Op Fl t Ar type +.\} +.Op Fl T Ar timeout +.Op Fl u Ar user +.Ar +.Sh DESCRIPTION +.Nm +allows a permitted user to execute a +.Ar command +as the superuser or another user, as specified by the security +policy. +The invoking user's real +.Pq Em not No effective +user-ID is used to determine the user name with which +to query the security policy. +.Pp +.Nm +supports a plugin architecture for security policies, auditing, +and input/output logging. +Third parties can develop and distribute their own plugins to work +seamlessly with the +.Nm +front-end. +The default security policy is +.Em sudoers , +which is configured via the file +.Pa @sysconfdir@/sudoers , +or via LDAP. +See the +.Sx Plugins +section for more information. +.Pp +The security policy determines what privileges, if any, a user has +to run +.Nm . +The policy may require that users authenticate themselves with a +password or another authentication mechanism. +If authentication is required, +.Nm +will exit if the user's password is not entered within a configurable +time limit. +This limit is policy-specific; the default password prompt timeout +for the +.Em sudoers +security policy is +.Li @password_timeout@ +minutes. +.Pp +Security policies may support credential caching to allow the user +to run +.Nm +again for a period of time without requiring authentication. +By default, the +.Em sudoers +policy caches credentials on a per-terminal basis for +.Li @timeout@ +minutes. +See the +.Em timestamp_type +and +.Em timestamp_timeout +options in +.Xr sudoers @mansectform@ +for more information. +By running +.Nm +with the +.Fl v +option, a user can update the cached credentials without running a +.Ar command . +.Pp +On systems where +.Nm +is the primary method of gaining superuser privileges, it is imperative +to avoid syntax errors in the security policy configuration files. +For the default security policy, +.Xr sudoers @mansectform@ , +changes to the configuration files should be made using the +.Xr visudo @mansectsu@ +utility which will ensure that no syntax errors are introduced. +.Pp +When invoked as +.Nm sudoedit , +the +.Fl e +option (described below), is implied. +.Pp +Security policies and audit plugins may log successful and failed attempts +to run +.Nm . +If an I/O plugin is configured, the running command's input and +output may be logged as well. +.Pp +The options are as follows: +.Bl -tag -width Fl +.It Fl A , -askpass +Normally, if +.Nm +requires a password, it will read it from the user's terminal. +If the +.Fl A Pq Em askpass +option is specified, a (possibly graphical) helper program is +executed to read the user's password and output the password to the +standard output. +If the +.Ev SUDO_ASKPASS +environment variable is set, it specifies the path to the helper +program. +Otherwise, if +.Xr sudo.conf @mansectform@ +contains a line specifying the askpass program, that value will be +used. +For example: +.Bd -literal -offset 4n +# Path to askpass helper program +Path askpass /usr/X11R6/bin/ssh-askpass +.Ed +.Pp +If no askpass program is available, +.Nm +will exit with an error. +.if \n(BA \{\ +.It Fl a Ar type , Fl -auth-type Ns = Ns Ar type +Use the specified +.Bx +authentication +.Ar type +when validating the user, if allowed by +.Pa /etc/login.conf . +The system administrator may specify a list of sudo-specific +authentication methods by adding an +.Dq auth-sudo +entry in +.Pa /etc/login.conf . +This option is only available on systems that support +.Bx +authentication. +.\} +.It Fl B , -bell +Ring the bell as part of the password prompt when a terminal is present. +This option has no effect if an askpass program is used. +.It Fl b , -background +Run the given command in the background. +Note that it is not possible to use shell job control to manipulate +background processes started by +.Nm . +Most interactive commands will fail to work properly in background +mode. +.It Fl C Ar num , Fl -close-from Ns = Ns Ar num +Close all file descriptors greater than or equal to +.Ar num +before executing a command. +Values less than three are not permitted. +By default, +.Nm +will close all open file descriptors other than standard input, +standard output, and standard error when executing a command. +The security policy may restrict the user's ability to use this option. +The +.Em sudoers +policy only permits use of the +.Fl C +option when the administrator has enabled the +.Em closefrom_override +option. +.if \n(LC \{\ +.It Fl c Ar class , Fl -login-class Ns = Ns Ar class +Run the command with resource limits and scheduling priority of +the specified login +.Ar class . +The +.Ar class +argument can be either a class name as defined in +.Pa /etc/login.conf , +or a single +.Ql \- +character. +If +.Ar class +is +.Cm - , +the default login class of the target user will be used. +Otherwise, the command must be run as the superuser (user-ID 0), or +.Nm +must be run from a shell that is already running as the superuser. +If the command is being run as a login shell, additional +.Pa /etc/login.conf +settings, such as the umask and environment variables, will +be applied, if present. +This option is only available on systems with +.Bx +login classes. +.\} +.It Fl D Ar directory , Fl -chdir Ns = Ns Ar directory +Run the command in the specified +.Ar directory +instead of the current working directory. +The security policy may return an error if the user does not have +permission to specify the working directory. +.It Fl E , -preserve-env +Indicates to the security policy that the user wishes to +preserve their existing environment variables. +The security policy may return an error if the user does not have +permission to preserve the environment. +.It Fl -preserve-env=list +Indicates to the security policy that the user wishes to add the +comma-separated list of environment variables to those preserved +from the user's environment. +The security policy may return an error if the user does not have +permission to preserve the environment. +This option may be specified multiple times. +.It Fl e , -edit +Edit one or more files instead of running a command. +In lieu of a path name, the string "sudoedit" is used when consulting +the security policy. +If the user is authorized by the policy, the following steps are +taken: +.Bl -enum -offset 4 +.It +Temporary copies are made of the files to be edited with the owner +set to the invoking user. +.It +The editor specified by the policy is run to edit the temporary +files. +The +.Em sudoers +policy uses the +.Ev SUDO_EDITOR , +.Ev VISUAL +and +.Ev EDITOR +environment variables (in that order). +If none of +.Ev SUDO_EDITOR , +.Ev VISUAL +or +.Ev EDITOR +are set, the first program listed in the +.Em editor +.Xr sudoers @mansectform@ +option is used. +.It +If they have been modified, the temporary files are copied back to +their original location and the temporary versions are removed. +.El +.Pp +To help prevent the editing of unauthorized files, the following +restrictions are enforced unless explicitly allowed by the security policy: +.Bl -bullet -offset 4 -width 1n +.It +Symbolic links may not be edited (version 1.8.15 and higher). +.It +Symbolic links along the path to be edited are not followed when the +parent directory is writable by the invoking user unless that user +is root (version 1.8.16 and higher). +.It +Files located in a directory that is writable by the invoking user may +not be edited unless that user is root (version 1.8.16 and higher). +.El +.Pp +Users are never allowed to edit device special files. +.Pp +If the specified file does not exist, it will be created. +Note that unlike most commands run by +.Em sudo , +the editor is run with the invoking user's environment unmodified. +If the temporary file becomes empty after editing, the user will +be prompted before it is installed. +If, for some reason, +.Nm +is unable to update a file with its edited version, the user will +receive a warning and the edited copy will remain in a temporary +file. +.It Fl g Ar group , Fl -group Ns = Ns Ar group +Run the command with the primary group set to +.Ar group +instead of the primary group specified by the target +user's password database entry. +The +.Ar group +may be either a group name or a numeric group-ID +.Pq GID +prefixed with the +.Ql # +character (e.g., +.Li #0 +for GID 0). +When running a command as a GID, many shells require that the +.Ql # +be escaped with a backslash +.Pq Ql \e . +If no +.Fl u +option is specified, the command will be run as the invoking user. +In either case, the primary group will be set to +.Ar group . +The +.Em sudoers +policy permits any of the target user's groups to be specified via +the +.Fl g +option as long as the +.Fl P +option is not in use. +.It Fl H , -set-home +Request that the security policy set the +.Ev HOME +environment variable to the home directory specified by the target +user's password database entry. +Depending on the policy, this may be the default behavior. +.It Fl h , -help +Display a short help message to the standard output and exit. +.It Fl h Ar host , Fl -host Ns = Ns Ar host +Run the command on the specified +.Ar host +if the security policy plugin supports remote commands. +Note that the +.Em sudoers +plugin does not currently support running remote commands. +This may also be used in conjunction with the +.Fl l +option to list a user's privileges for the remote host. +.It Fl i , -login +Run the shell specified by the target user's password database entry +as a login shell. +This means that login-specific resource files such as +.Pa .profile , +.Pa .bash_profile , +or +.Pa .login +will be read by the shell. +If a command is specified, it is passed to the shell as a simple +command using the +.Fl c +option. +The command and any arguments are concatenated, separated by spaces, +after escaping each character +.Pq including white space +with a backslash +.Pq Ql \e +except for alphanumerics, underscores, +hyphens, and dollar signs. +If no command is specified, an interactive shell is executed. +.Nm +attempts to change to that user's home directory before running the +shell. +The command is run with an environment similar to the one +a user would receive at log in. +Note that most shells behave differently when a command is specified +as compared to an interactive session; consult the shell's manual +for details. +The +.Em Command environment +section in the +.Xr sudoers @mansectform@ +manual documents how the +.Fl i +option affects the environment in which a command is run when the +.Em sudoers +policy is in use. +.It Fl K , -remove-timestamp +Similar to the +.Fl k +option, except that it removes the user's cached credentials entirely +and may not be used in conjunction with a command or other option. +This option does not require a password. +Not all security policies support credential caching. +.It Fl k , -reset-timestamp +When used without a command, invalidates the user's cached credentials. +In other words, the next time +.Nm +is run a password will be required. +This option does not require a password, and was added to allow a +user to revoke +.Nm +permissions from a +.Pa .logout +file. +.Pp +When used in conjunction with a command or an option that may require +a password, this option will cause +.Nm +to ignore the user's cached credentials. +As a result, +.Nm +will prompt for a password (if one is required by the security +policy) and will not update the user's cached credentials. +.Pp +Not all security policies support credential caching. +.It Fl l , Fl -list +If no +.Ar command +is specified, +list the allowed (and forbidden) commands for the +invoking user (or the user specified by the +.Fl U +option) on the current host. +A longer list format is used if this option is specified multiple times +and the security policy supports a verbose output format. +.Pp +If a +.Ar command +is specified and is permitted by the security policy, the fully-qualified +path to the command is displayed along with any command line +arguments. +If a +.Ar command +is specified but not allowed by the policy, +.Nm +will exit with a status value of 1. +.It Fl n , -non-interactive +Avoid prompting the user for input of any kind. +If a password is required for the command to run, +.Nm +will display an error message and exit. +.It Fl P , -preserve-groups +Preserve the invoking user's group vector unaltered. +By default, the +.Em sudoers +policy will initialize the group vector to the list of groups the +target user is a member of. +The real and effective group-IDs, however, are still set to match +the target user. +.It Fl p Ar prompt , Fl -prompt Ns = Ns Ar prompt +Use a custom password prompt with optional escape sequences. +The following percent +.Pq Ql % +escape sequences are supported by the +.Em sudoers +policy: +.Bl -tag -width 2n +.It Li %H +expanded to the host name including the domain name (only if the +machine's host name is fully qualified or the +.Em fqdn +option is set in +.Xr sudoers @mansectform@ ) +.It Li %h +expanded to the local host name without the domain name +.It Li %p +expanded to the name of the user whose password is being requested +(respects the +.Em rootpw , +.Em targetpw , +and +.Em runaspw +flags in +.Xr sudoers @mansectform@ ) +.It Li \&%U +expanded to the login name of the user the command will be run as +(defaults to root unless the +.Fl u +option is also specified) +.It Li %u +expanded to the invoking user's login name +.It Li %% +two consecutive +.Ql % +characters are collapsed into a single +.Ql % +character +.El +.Pp +The custom prompt will override the default prompt specified by either +the security policy or the +.Ev SUDO_PROMPT +environment variable. +On systems that use PAM, the custom prompt will also override the prompt +specified by a PAM module unless the +.Em passprompt_override +flag is disabled in +.Em sudoers . +.It Fl R Ar directory , Fl -chroot Ns = Ns Ar directory +Change to the specified root +.Ar directory +(see +.Xr chroot @mansectsu@ ) +before running the command. +The security policy may return an error if the user does not have +permission to specify the root directory. +.if \n(SL \{\ +.It Fl r Ar role , Fl -role Ns = Ns Ar role +Run the command with an SELinux security context that includes +the specified +.Ar role . +.\} +.It Fl S , -stdin +Write the prompt to the standard error and read the password from the +standard input instead of using the terminal device. +.It Fl s , -shell +Run the shell specified by the +.Ev SHELL +environment variable if it is set or the shell specified by the +invoking user's password database entry. +If a command is specified, it is passed to the shell as a simple +command using the +.Fl c +option. +The command and any arguments are concatenated, separated by spaces, +after escaping each character +.Pq including white space +with a backslash +.Pq Ql \e +except for alphanumerics, underscores, +hyphens, and dollar signs. +If no command is specified, an interactive shell is executed. +Note that most shells behave differently when a command is specified +as compared to an interactive session; consult the shell's manual +for details. +.if \n(SL \{\ +.It Fl t Ar type , Fl -type Ns = Ns Ar type +Run the command with an SELinux security context that includes +the specified +.Ar type . +If no +.Ar type +is specified, the default type is derived from the role. +.\} +.It Fl U Ar user , Fl -other-user Ns = Ns Ar user +Used in conjunction with the +.Fl l +option to list the privileges for +.Ar user +instead of for the invoking user. +The security policy may restrict listing other users' privileges. +The +.Em sudoers +policy only allows root or a user with the +.Li ALL +privilege on the current host to use this option. +.It Fl T Ar timeout , Fl -command-timeout Ns = Ns Ar timeout +Used to set a timeout for the command. +If the timeout expires before the command has exited, the +command will be terminated. +The security policy may restrict the ability to set command timeouts. +The +.Em sudoers +policy requires that user-specified timeouts be explicitly enabled. +.It Fl u Ar user , Fl -user Ns = Ns Ar user +Run the command as a user other than the default target user +(usually +.Em root ) . +The +.Ar user +may be either a user name or a numeric user-ID +.Pq UID +prefixed with the +.Ql # +character (e.g., +.Li #0 +for UID 0). +When running commands as a UID, many shells require that the +.Ql # +be escaped with a backslash +.Pq Ql \e . +Some security policies may restrict UIDs +to those listed in the password database. +The +.Em sudoers +policy allows UIDs that are not in the password database as long as the +.Em targetpw +option is not set. +Other security policies may not support this. +.It Fl V , -version +Print the +.Nm +version string as well as the version string of any configured plugins. +If the invoking user is already root, the +.Fl V +option will display the arguments passed to configure when +.Nm +was built; plugins may display additional information such as +default options. +.It Fl v , -validate +Update the user's cached credentials, authenticating the user +if necessary. +For the +.Em sudoers +plugin, this extends the +.Nm +timeout for another +.Li @timeout@ +minutes by default, but does not run a command. +Not all security policies support cached credentials. +.It Fl - +The +.Fl - +option indicates that +.Nm +should stop processing command line arguments. +.El +.Pp +Options that take a value may only be specified once unless +otherwise indicated in the description. +This is to help guard against problems caused by poorly written +scripts that invoke +.Nm sudo +with user-controlled input. +.Pp +Environment variables to be set for the command may also be passed +on the command line in the form of +.Ar VAR Ns = Ns Ar value , +e.g., +.Ev LD_LIBRARY_PATH Ns = Ns Pa /usr/local/pkg/lib . +Variables passed on the command line are subject to restrictions +imposed by the security policy plugin. +The +.Em sudoers +policy subjects variables passed on the command line to the same +restrictions as normal environment variables with one important +exception. +If the +.Em setenv +option is set in +.Em sudoers , +the command to be run has the +.Li SETENV +tag set or the command matched is +.Li ALL , +the user may set variables that would otherwise be forbidden. +See +.Xr sudoers @mansectform@ +for more information. +.Sh COMMAND EXECUTION +When +.Nm +executes a command, the security policy specifies the execution +environment for the command. +Typically, the real and effective user and group and IDs are set to +match those of the target user, as specified in the password database, +and the group vector is initialized based on the group database +(unless the +.Fl P +option was specified). +.Pp +The following parameters may be specified by security policy: +.Bl -bullet -width 1n +.It +real and effective user-ID +.It +real and effective group-ID +.It +supplementary group-IDs +.It +the environment list +.It +current working directory +.It +file creation mode mask (umask) +.if \n(SL \{\ +.It +SELinux role and type +.\} +.if \n(PS \{\ +.It +Solaris project +.It +Solaris privileges +.\} +.if \n(LC \{\ +.It +.Bx +login class +.\} +.It +scheduling priority (aka nice value) +.El +.Ss Process model +There are two distinct ways +.Nm +can run a command. +.Pp +If an I/O logging plugin is configured or if the security policy +explicitly requests it, a new pseudo-terminal +.Pq Dq pty +is allocated and +.Xr fork 2 +is used to create a second +.Nm +process, referred to as the +.Em monitor . +The +.Em monitor +creates a new terminal session with itself as the leader and the pty as its +controlling terminal, calls +.Xr fork 2 , +sets up the execution environment as described above, and then uses the +.Xr execve 2 +system call to run the command in the child process. +The +.Em monitor +exists to relay job control signals between the user's +existing terminal and the pty the command is being run in. +This makes it possible to suspend and resume the command. +Without the monitor, the command would be in what POSIX terms an +.Dq orphaned process group +and it would not receive any job control signals from the kernel. +When the command exits or is terminated by a signal, the +.Em monitor +passes the command's exit status to the main +.Nm +process and exits. +After receiving the command's exit status, the main +.Nm +passes the command's exit status to the security policy's close function +and exits. +.Pp +If no pty is used, +.Nm +calls +.Xr fork 2 , +sets up the execution environment as described above, and uses the +.Xr execve 2 +system call to run the command in the child process. +The main +.Nm +process waits until the command has completed, then passes the +command's exit status to the security policy's close function and exits. +As a special case, if the policy plugin does not define a close +function, +.Nm +will execute the command directly instead of calling +.Xr fork 2 +first. +The +.Em sudoers +policy plugin will only define a close function when I/O logging +is enabled, a pty is required, an SELinux role is specified, the +command has an associated timeout, or the +.Em pam_session +or +.Em pam_setcred +options are enabled. +Note that +.Em pam_session +and +.Em pam_setcred +are enabled by default on systems using PAM. +.Pp +On systems that use PAM, the security policy's close function +is responsible for closing the PAM session. +It may also log the command's exit status. +.Ss Signal handling +When the command is run as a child of the +.Nm +process, +.Nm +will relay signals it receives to the command. +The +.Dv SIGINT +and +.Dv SIGQUIT +signals are only relayed when the command is being run in a new pty +or when the signal was sent by a user process, not the kernel. +This prevents the command from receiving +.Dv SIGINT +twice each time the user enters control-C. +Some signals, such as +.Dv SIGSTOP +and +.Dv SIGKILL , +cannot be caught and thus will not be relayed to the command. +As a general rule, +.Dv SIGTSTP +should be used instead of +.Dv SIGSTOP +when you wish to suspend a command being run by +.Nm . +.Pp +As a special case, +.Nm +will not relay signals that were sent by the command it is running. +This prevents the command from accidentally killing itself. +On some systems, the +.Xr reboot @mansectsu@ +command sends +.Dv SIGTERM +to all non-system processes other than itself before rebooting +the system. +This prevents +.Nm +from relaying the +.Dv SIGTERM +signal it received back to +.Xr reboot @mansectsu@ , +which might then exit before the system was actually rebooted, +leaving it in a half-dead state similar to single user mode. +Note, however, that this check only applies to the command run by +.Nm +and not any other processes that the command may create. +As a result, running a script that calls +.Xr reboot @mansectsu@ +or +.Xr shutdown @mansectsu@ +via +.Nm +may cause the system to end up in this undefined state unless the +.Xr reboot @mansectsu@ +or +.Xr shutdown @mansectsu@ +are run using the +.Fn exec +family of functions instead of +.Fn system +(which interposes a shell between the command and the calling process). +.Pp +If no I/O logging plugins are loaded and the policy plugin has not +defined a +.Fn close +function, set a command timeout, or required that the command be +run in a new pty, +.Nm +may execute the command directly instead of running it as a child process. +.Ss Plugins +Plugins may be specified via +.Li Plugin +directives in the +.Xr sudo.conf @mansectform@ +file. +They may be loaded as dynamic shared objects (on systems that support them), +or compiled directly into the +.Nm +binary. +If no +.Xr sudo.conf @mansectform@ +file is present, or if it doesn't contain any +.Li Plugin +lines, +.Nm +will use +.Xr sudoers @mansectform@ +for the policy, auditing, and I/O logging plugins. +See the +.Xr sudo.conf @mansectform@ +manual for details of the +.Pa @sysconfdir@/sudo.conf +file and the +.Xr sudo_plugin @mansectform@ +manual for more information about the +.Nm +plugin architecture. +.Sh EXIT VALUE +Upon successful execution of a command, the exit status from +.Nm +will be the exit status of the program that was executed. +If the command terminated due to receipt of a signal, +.Nm +will send itself the same signal that terminated the command. +.Pp +If the +.Fl l +option was specified without a command, +.Nm +will exit with a value of 0 if the user is allowed to run +.Nm +and they authenticated successfully (as required by the security policy). +If a command is specified with the +.Fl l +option, the exit value will only be 0 if the command is permitted by the +security policy, otherwise it will be 1. +.Pp +If there is an authentication failure, a configuration/permission +problem, or if the given command cannot be executed, +.Nm +exits with a value of 1. +In the latter case, the error string is printed to the standard error. +If +.Nm +cannot +.Xr stat 2 +one or more entries in the user's +.Ev PATH , +an error is printed to the standard error. +(If the directory does not exist or if it is not really a directory, +the entry is ignored and no error is printed.) +This should not happen under normal circumstances. +The most common reason for +.Xr stat 2 +to return +.Dq permission denied +is if you are running an automounter and one of the directories in +your +.Ev PATH +is on a machine that is currently unreachable. +.Sh SECURITY NOTES +.Nm +tries to be safe when executing external commands. +.Pp +To prevent command spoofing, +.Nm +checks "." and "" (both denoting current directory) last when +searching for a command in the user's +.Ev PATH +(if one or both are in the +.Ev PATH ) . +Depending on the security policy, the user's +.Ev PATH +environment variable may be modified, replaced, +or passed unchanged to the program that +.Nm +executes. +.Pp +Users should +.Em never +be granted +.Nm +privileges to execute files that are writable by the user or +that reside in a directory that is writable by the user. +If the user can modify or replace the command there is no way +to limit what additional commands they can run. +.Pp +Please note that +.Nm +will normally only log the command it explicitly runs. +If a user runs a command such as +.Li sudo su +or +.Li sudo sh , +subsequent commands run from that shell are not subject to +.Nm sudo Ns 's +security policy. +The same is true for commands that offer shell escapes (including +most editors). +If I/O logging is enabled, subsequent commands will have their input and/or +output logged, but there will not be traditional logs for those commands. +Because of this, care must be taken when giving users access to commands via +.Nm +to verify that the command does not inadvertently give the user an +effective root shell. +For information on ways to address this, please see the +.Em Preventing shell escapes +section in +.Xr sudoers @mansectform@ . +.Pp +To prevent the disclosure of potentially sensitive information, +.Nm +disables core dumps by default while it is executing (they are +re-enabled for the command that is run). +This historical practice dates from a time when most operating +systems allowed set-user-ID processes to dump core by default. +To aid in debugging +.Nm +crashes, you may wish to re-enable core dumps by setting +.Dq disable_coredump +to false in the +.Xr sudo.conf @mansectform@ +file as follows: +.Bd -literal -offset indent +Set disable_coredump false +.Ed +.Pp +See the +.Xr sudo.conf @mansectform@ +manual for more information. +.Sh ENVIRONMENT +.Nm +utilizes the following environment variables. +The security policy has control over the actual content of the command's +environment. +.Bl -tag -width 15n +.It Ev EDITOR +Default editor to use in +.Fl e +(sudoedit) mode if neither +.Ev SUDO_EDITOR +nor +.Ev VISUAL +is set. +.It Ev MAIL +Set to the mail spool of the target user when the +.Fl i +option is specified, or when +.Em env_reset +is enabled in +.Em sudoers +(unless +.Ev MAIL +is present in the +.Em env_keep +list). +.It Ev HOME +Set to the home directory of the target user when the +.Fl i +or +.Fl H +options are specified, when the +.Fl s +option is specified and +.Em set_home +is set in +.Em sudoers , +when +.Em always_set_home +is enabled in +.Em sudoers , +or when +.Em env_reset +is enabled in +.Em sudoers +and +.Em HOME +is not present in the +.Em env_keep +list. +.It Ev LOGNAME +Set to the login name of the target user when the +.Fl i +option is specified, when the +.Em set_logname +option is enabled in +.Em sudoers , +or when the +.Em env_reset +option is enabled in +.Em sudoers +(unless +.Ev LOGNAME +is present in the +.Em env_keep +list). +.It Ev PATH +May be overridden by the security policy. +.It Ev SHELL +Used to determine shell to run with +.Fl s +option. +.It Ev SUDO_ASKPASS +Specifies the path to a helper program used to read the password +if no terminal is available or if the +.Fl A +option is specified. +.It Ev SUDO_COMMAND +Set to the command run by sudo, including command line arguments. +The command line arguments are truncated at 4096 characters to +prevent a potential execution error. +.It Ev SUDO_EDITOR +Default editor to use in +.Fl e +(sudoedit) mode. +.It Ev SUDO_GID +Set to the group-ID of the user who invoked sudo. +.It Ev SUDO_PROMPT +Used as the default password prompt unless +the +.Fl p +option was specified. +.It Ev SUDO_PS1 +If set, +.Ev PS1 +will be set to its value for the program being run. +.It Ev SUDO_UID +Set to the user-ID of the user who invoked sudo. +.It Ev SUDO_USER +Set to the login name of the user who invoked sudo. +.It Ev USER +Set to the same value as +.Ev LOGNAME , +described above. +.It Ev VISUAL +Default editor to use in +.Fl e +(sudoedit) mode if +.Ev SUDO_EDITOR +is not set. +.El +.Sh FILES +.Bl -tag -width 24n +.It Pa @sysconfdir@/sudo.conf +.Nm +front-end configuration +.El +.Sh EXAMPLES +Note: the following examples assume a properly configured security +policy. +.Pp +To get a file listing of an unreadable directory: +.Bd -literal -offset indent +$ sudo ls /usr/local/protected +.Ed +.Pp +To list the home directory of user yaz on a machine where the file +system holding ~yaz is not exported as root: +.Bd -literal -offset indent +$ sudo -u yaz ls ~yaz +.Ed +.Pp +To edit the +.Pa index.html +file as user www: +.Bd -literal -offset indent +$ sudoedit -u www ~www/htdocs/index.html +.Ed +.Pp +To view system logs only accessible to root and users in the adm +group: +.Bd -literal -offset indent +$ sudo -g adm more /var/log/syslog +.Ed +.Pp +To run an editor as jim with a different primary group: +.Bd -literal -offset indent +$ sudoedit -u jim -g audio ~jim/sound.txt +.Ed +.Pp +To shut down a machine: +.Bd -literal -offset indent +$ sudo shutdown -r +15 "quick reboot" +.Ed +.Pp +To make a usage listing of the directories in the /home partition. +Note that this runs the commands in a sub-shell to make the +.Li cd +and file redirection work. +.Bd -literal -offset indent +$ sudo sh -c "cd /home ; du -s * | sort -rn > USAGE" +.Ed +.Sh DIAGNOSTICS +Error messages produced by +.Nm +include: +.Bl -tag -width 4n +.It Li editing files in a writable directory is not permitted +By default, +.Nm sudoedit +does not permit editing a file when any of the parent directories are writable +by the invoking user. +This avoids a race condition that could allow the user to overwrite +an arbitrary file. +See the +.Em sudoedit_checkdir +option in +.Xr sudoers @mansectform@ +for more information. +.It Li editing symbolic links is not permitted +By default, +.Nm sudoedit +does not follow symbolic links when opening files. +See the +.Em sudoedit_follow +option in +.Xr sudoers @mansectform@ +for more information. +.It Li effective uid is not 0, is sudo installed setuid root? +.Nm +was not run with root privileges. +The +.Nm +binary must be owned by the root user and have the set-user-ID bit set. +Also, it must not be located on a file system mounted with the +.Sq nosuid +option or on an NFS file system that maps uid 0 to an unprivileged uid. +.It Li effective uid is not 0, is sudo on a file system with the 'nosuid' option set or an NFS file system without root privileges? +.Nm +was not run with root privileges. +The +.Nm +binary has the proper owner and permissions but it still did not run +with root privileges. +The most common reason for this is that the file system the +.Nm +binary is located on is mounted with the +.Sq nosuid +option or it is an NFS file system that maps uid 0 to an unprivileged uid. +.It Li fatal error, unable to load plugins +An error occurred while loading or initializing the plugins specified in +.Xr sudo.conf @mansectform@ . +.It Li invalid environment variable name +One or more environment variable names specified via the +.Fl E +option contained an equal sign +.Pq Ql = . +The arguments to the +.Fl E +option should be environment variable names without an associated value. +.It Li no password was provided +When +.Nm +tried to read the password, it did not receive any characters. +This may happen if no terminal is available (or the +.Fl S +option is specified) and the standard input has been redirected from +.Pa /dev/null . +.It Li a terminal is required to read the password +.Nm +needs to read the password but there is no mechanism available for it +to do so. +A terminal is not present to read the password from, +.Nm +has not been configured to read from the standard input, +the +.Fl S +option was not used, and no askpass helper has been specified either via the +.Xr sudo.conf @mansectform@ +file or the +.Ev SUDO_ASKPASS +environment variable. +.It Li no writable temporary directory found +.Nm sudoedit +was unable to find a usable temporary directory in which to store its +intermediate files. +.It Li The Do "no new privileges" Dc "flag is set, which prevents sudo from running as root." +.Nm +was run by a process that has the Linux +.Dq no new privileges +flag is set. +This causes the set-user-ID bit to be ignored when running an executable, +which will prevent +.Nm +from functioning. +The most likely cause for this is running +.Nm +within a container that sets this flag. +Check the documentation to see if it is possible to configure the +container such that the flag is not set. +.It Li sudo must be owned by uid 0 and have the setuid bit set +.Nm +was not run with root privileges. +The +.Nm +binary does not have the correct owner or permissions. +It must be owned by the root user and have the set-user-ID bit set. +.It Li sudoedit is not supported on this platform +It is only possible to run +.Nm sudoedit +on systems that support setting the effective user-ID. +.It Li timed out reading password +The user did not enter a password before the password timeout +(5 minutes by default) expired. +.It Li you do not exist in the passwd database +Your user-ID does not appear in the system passwd database. +.It Li you may not specify environment variables in edit mode +It is only possible to specify environment variables when running +a command. +When editing a file, the editor is run with the user's environment unmodified. +.El +.Sh SEE ALSO +.Xr su 1 , +.Xr stat 2 , +.Xr login_cap 3 , +.Xr passwd @mansectform@ , +.Xr sudo.conf @mansectform@ , +.Xr sudo_plugin @mansectform@ , +.Xr sudoers @mansectform@ , +.Xr sudoers_timestamp @mansectform@ , +.Xr sudoreplay @mansectsu@ , +.Xr visudo @mansectsu@ +.Sh HISTORY +See the HISTORY file in the +.Nm +distribution (https://www.sudo.ws/history.html) for a brief +history of sudo. +.Sh AUTHORS +Many people have worked on +.Nm +over the years; this version consists of code written primarily by: +.Bd -ragged -offset indent +.An Todd C. Miller +.Ed +.Pp +See the CONTRIBUTORS file in the +.Nm +distribution (https://www.sudo.ws/contributors.html) for an +exhaustive list of people who have contributed to +.Nm . +.Sh CAVEATS +There is no easy way to prevent a user from gaining a root shell +if that user is allowed to run arbitrary commands via +.Nm . +Also, many programs (such as editors) allow the user to run commands +via shell escapes, thus avoiding +.Nm sudo Ns 's +checks. +However, on most systems it is possible to prevent shell escapes with the +.Xr sudoers @mansectform@ +plugin's +.Em noexec +functionality. +.Pp +It is not meaningful to run the +.Li cd +command directly via sudo, e.g., +.Bd -literal -offset indent +$ sudo cd /usr/local/protected +.Ed +.Pp +since when the command exits the parent process (your shell) will +still be the same. +Please see the +.Sx EXAMPLES +section for more information. +.Pp +Running shell scripts via +.Nm +can expose the same kernel bugs that make set-user-ID shell scripts +unsafe on some operating systems (if your OS has a /dev/fd/ directory, +set-user-ID shell scripts are generally safe). +.Sh BUGS +If you feel you have found a bug in +.Nm , +please submit a bug report at https://bugzilla.sudo.ws/ +.Sh SUPPORT +Limited free support is available via the sudo-users mailing list, +see https://www.sudo.ws/mailman/listinfo/sudo-users to subscribe or +search the archives. +.Sh DISCLAIMER +.Nm +is provided +.Dq AS IS +and any express or implied warranties, including, but not limited +to, the implied warranties of merchantability and fitness for a +particular purpose are disclaimed. +See the LICENSE file distributed with +.Nm +or https://www.sudo.ws/license.html for complete details. diff -Nru sudo-1.9.5p2/docs/sudo_logsrv.proto.man.in sudo-1.9.9/docs/sudo_logsrv.proto.man.in --- sudo-1.9.5p2/docs/sudo_logsrv.proto.man.in 1970-01-01 00:00:00.000000000 +0000 +++ sudo-1.9.9/docs/sudo_logsrv.proto.man.in 2022-01-27 21:24:22.000000000 +0000 @@ -0,0 +1,918 @@ +.\" Automatically generated from an mdoc input file. Do not edit. +.\" +.\" SPDX-License-Identifier: ISC +.\" +.\" Copyright (c) 2019-2022 Todd C. Miller +.\" +.\" Permission to use, copy, modify, and distribute this software for any +.\" purpose with or without fee is hereby granted, provided that the above +.\" copyright notice and this permission notice appear in all copies. +.\" +.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES +.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF +.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR +.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES +.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN +.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF +.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. +.\" +.TH "SUDO_LOGSRV.PROTO" "@mansectform@" "January 19, 2022" "Sudo @PACKAGE_VERSION@" "File Formats Manual" +.nh +.if n .ad l +.SH "NAME" +\fBsudo_logsrv.proto\fR +\- Sudo log server protocol +.SH "DESCRIPTION" +Starting with version 1.9.0, +\fBsudo\fR +supports sending event and I/O logs to a log server. +The protocol used is written in Google's Protocol Buffers domain +specific language. +The +\fIEXAMPLES\fR +section includes a complete description of the protocol in Protocol +Buffers format. +.PP +Because there is no way to determine message boundaries when using +Protocol Buffers, the wire size of each message is sent immediately +preceding the message itself as a 32-bit unsigned integer in network +byte order. +This is referred to as +\(lqlength-prefix framing\(rq +and is how Google suggests handling the lack of message delimiters. +.PP +The protocol is made up of two basic messages, +\fIClientMessage\fR +and +\fIServerMessage\fR, +described below. +The server must accept messages up to two megabytes in size. +The server may return an error if the client tries to send a message +larger than two megabytes. +.SH "Client Messages" +A +\fIClientMessage\fR +is a container used to encapsulate all the possible message types +a client may send to the server. +.nf +.sp +.RS 0n +message ClientMessage { + oneof type { + AcceptMessage accept_msg = 1; + RejectMessage reject_msg = 2; + ExitMessage exit_msg = 3; + RestartMessage restart_msg = 4; + AlertMessage alert_msg = 5; + IoBuffer ttyin_buf = 6; + IoBuffer ttyout_buf = 7; + IoBuffer stdin_buf = 8; + IoBuffer stdout_buf = 9; + IoBuffer stderr_buf = 10; + ChangeWindowSize winsize_event = 11; + CommandSuspend suspend_event = 12; + ClientHello hello_msg = 13; + } +} +.RE +.fi +.PP +The different +\fIClientMessage\fR +sub-messages the client may sent to the server are described below. +.SS "TimeSpec" +.nf +.RS 0n +message TimeSpec { + int64 tv_sec = 1; + int32 tv_nsec = 2; +} +.RE +.fi +.PP +A +\fITimeSpec\fR +is the equivalent of a POSIX +\fRstruct timespec\fR, +containing seconds and nanoseconds members. +The +\fItv_sec\fR +member is a 64-bit integer to support dates after the year 2038. +.SS "InfoMessage" +.nf +.RS 0n +message InfoMessage { + message StringList { + repeated string strings = 1; + } + message NumberList { + repeated int64 numbers = 1; + } + string key = 1; + oneof value { + int64 numval = 2; + string strval = 3; + StringList strlistval = 4; + NumberList numlistval = 5; + } +} +.RE +.fi +.PP +An +\fIInfoMessage\fR +is used to represent information about the invoking user as well as the +execution environment the command runs in the form of key-value pairs. +The key is always a string but the value may be a 64-bit integer, +a string, an array of strings, or an array of 64-bit integers. +The event log data is composed of +\fIInfoMessage\fR +entries. +See the +\fIEVENT LOG VARIABLES\fR +section for more information. +.SS "ClientHello hello_msg" +.nf +.RS 0n +message ClientHello { + string client_id = 1; +} +.RE +.fi +.PP +A +\fIClientHello\fR +message consists of client information that may be sent to the +server when the client first connects. +.TP 8n +client_id +A free-form client description. +This usually includes the name and version of the client implementation. +.SS "AcceptMessage accept_msg" +.nf +.RS 0n +message AcceptMessage { + TimeSpec submit_time = 1; + repeated InfoMessage info_msgs = 2; + bool expect_iobufs = 3; +} +.RE +.fi +.PP +An +\fIAcceptMessage\fR +is sent by the client when a command is allowed by the security policy. +It contains the following members: +.TP 8n +submit_time +The wall clock time when the command was submitted to the security policy. +.TP 8n +info_msgs +An array of +\fIInfoMessage\fR +describing the user who submitted the command as well as the execution +environment of the command. +This information is used to generate an event log entry and may also be +used by server to determine where and how the I/O log is stored. +.TP 8n +expect_iobufs +Set to true if the server should expect +\fIIoBuffer\fR +messages to follow (for I/O logging) or false if the server should only +store the event log. +.PP +If an +\fIAcceptMessage\fR +is sent, the client must not send a +\fIRejectMessage\fR +or +\fIRestartMessage\fR. +.SS "RejectMessage reject_msg" +.nf +.RS 0n +message RejectMessage { + TimeSpec submit_time = 1; + string reason = 2; + repeated InfoMessage info_msgs = 3; +} +.RE +.fi +.PP +A +\fIRejectMessage\fR +is sent by the client when a command is denied by the security policy. +It contains the following members: +.TP 8n +submit_time +The wall clock time when the command was submitted to the security policy. +.TP 8n +reason +The reason the security policy gave for denying the command. +.TP 8n +info_msgs +An array of +\fIInfoMessage\fR +describing the user who submitted the command as well as the execution +environment of the command. +This information is used to generate an event log entry. +.PP +If a +\fIRejectMessage\fR +is sent, the client must not send an +\fIAcceptMessage\fR +or +\fIRestartMessage\fR. +.SS "ExitMessage exit_msg" +.nf +.RS 0n +message ExitMessage { + TimeSpec run_time = 1; + int32 exit_value = 2; + bool dumped_core = 3; + string signal = 4; + string error = 5; +} +.PP +.RE +.fi +An +\fIExitMessage\fR +is sent by the client after the command has exited or has been +terminated by a signal. +It contains the following members: +.TP 8n +run_time +The total amount of elapsed time since the command started, +calculated using a monotonic clock where possible. +This is not the wall clock time. +.TP 8n +exit_value +The command's exit value in the range 0-255. +.TP 8n +dumped_core +True if the command was terminated by a signal and dumped core. +.TP 8n +signal +If the command was terminated by a signal, this is set to the +name of the signal without the leading +\(lqSIG\(rq. +For example, +\fRINT\fR, +\fRTERM\fR, +\fRKILL\fR, +\fRSEGV\fR. +.TP 8n +error +A message from the client indicating that the command was terminated +unexpectedly due to an error. +.PP +When performing I/O logging, the client should wait for a +\fIcommit_point\fR +corresponding to the final +\fIIoBuffer\fR +before closing the connection unless the final +\fIcommit_point\fR +has already been received. +.SS "RestartMessage restart_msg" +.nf +.RS 0n +message RestartMessage { + string log_id = 1; + TimeSpec resume_point = 2; +} +.RE +.fi +.PP +A +\fIRestartMessage\fR +is sent by the client to resume sending an existing I/O log that +was previously interrupted. +It contains the following members: +.TP 8n +log_id +The the server-side name for an I/O log that was previously +sent to the client by the server. +This may be a path name on the server or some other kind of server-side +identifier. +.TP 8n +resume_point +The point in time after which to resume the I/O log. +This is in the form of a +\fITimeSpec\fR +representing the amount of time since the command started, not +the wall clock time. +The +\fIresume_point\fR +should correspond to a +\fIcommit_point\fR +previously sent to the client by the server. +If the server receives a +\fIRestartMessage\fR +containing a +\fIresume_point\fR +it has not previously seen, an error will be returned to the client +and the connection will be dropped. +.PP +If a +\fIRestartMessage\fR +is sent, the client must not send an +\fIAcceptMessage\fR +or +\fIRejectMessage\fR. +.SS "AlertMessage alert_msg" +.nf +.RS 0n +message AlertMessage { + TimeSpec alert_time = 1; + string reason = 2; + repeated InfoMessage info_msgs = 3; +} +.RE +.fi +.PP +An +\fIAlertMessage\fR +is sent by the client to indicate a problem detected by the security +policy while the command is running that should be stored in the event log. +It contains the following members: +.TP 8n +alert_time +The wall clock time when the alert occurred. +.TP 8n +reason +The reason for the alert. +.TP 8n +info_msgs +An optional array of +\fIInfoMessage\fR +describing the user who submitted the command as well as the execution +environment of the command. +This information is used to generate an event log entry. +.SS "IoBuffer ttyin_buf | ttyout_buf | stdin_buf | stdout_buf | stderr_buf" +.nf +.RS 0n +message IoBuffer { + TimeSpec delay = 1; + bytes data = 2; +} +.RE +.fi +.PP +An +\fIIoBuffer\fR +is used to represent data from terminal input, terminal +output, standard input, standard output, or standard error. +It contains the following members: +.TP 8n +delay +The elapsed time since the last record in the form of a +\fITimeSpec\fR. +The +\fIdelay\fR +should be calculated using a monotonic clock where possible. +.TP 8n +data +The binary I/O log data from terminal input, terminal output, +standard input, standard output, or standard error. +.SS "ChangeWindowSize winsize_event" +.nf +.RS 0n +message ChangeWindowSize { + TimeSpec delay = 1; + int32 rows = 2; + int32 cols = 3; +} +.RE +.fi +.PP +A +\fIChangeWindowSize\fR +message is sent by the client when the terminal running the command +changes size. +It contains the following members: +.TP 8n +delay +The elapsed time since the last record in the form of a +\fITimeSpec\fR. +The +\fIdelay\fR +should be calculated using a monotonic clock where possible. +.TP 8n +rows +The new number of terminal rows. +.TP 8n +cols +The new number of terminal columns. +.SS "CommandSuspend suspend_event" +.nf +.RS 0n +message CommandSuspend { + TimeSpec delay = 1; + string signal = 2; +} +.RE +.fi +.PP +A +\fICommandSuspend\fR +message is sent by the client when the command is either suspended +or resumed. +It contains the following members: +.TP 8n +delay +The elapsed time since the last record in the form of a +\fITimeSpec\fR. +The +\fIdelay\fR +should be calculated using a monotonic clock where possible. +.TP 8n +signal +The signal name without the leading +\(lqSIG\(rq. +For example, +\fRSTOP\fR, +\fRTSTP\fR, +\fRCONT\fR. +.SH "Server Messages" +A +\fIServerMessage\fR +is a container used to encapsulate all the possible message types +the server may send to a client. +.nf +.sp +.RS 0n +message ServerMessage { + oneof type { + ServerHello hello = 1; + TimeSpec commit_point = 2; + string log_id = 3; + string error = 4; + string abort = 5; + } +} +.RE +.fi +.PP +The different +\fIServerMessage\fR +sub-messages the server may sent to the client are described below. +.SS "ServerHello hello" +.nf +.RS 0n +message ServerHello { + string server_id = 1; + string redirect = 2; + repeated string servers = 3; + bool subcommands = 4; +} +.RE +.fi +.PP +The +\fIServerHello\fR +message consists of server information sent when the client first connects. +It contains the following members: +.TP 8n +server_id +A free-form server description. +Usually this includes the name and version of the implementation +running on the log server. +This member is always present. +.TP 8n +redirect +A host and port separated by a colon +(\(oq\(cq): +that the client should connect to instead. +The host may be a host name, an IPv4 address, or an IPv6 address +in square brackets. +This may be used for server load balancing. +The server will disconnect after sending the +\fIServerHello\fR +when it includes a +\fBredirect\fR. +.TP 8n +servers +.br +A list of other known log servers. +This can be used to implement log server redundancy and allows the +client to discover all other log servers simply by connecting to +one known server. +This member may be omitted when there is only a single log server. +.TP 8n +subcommands +If set, the server supports logging additional commands during a session. +The client may send an +\fIAcceptMessage\fR +or +\fIRejectMessage\fR +when +\fBsudo\fR +is running in +\fIintercept\fR +mode. +In this mode, commands spawned from the initial command authorized by +\fBsudo\fR +are subject to policy restrictions and/or are logged. +If +\fIsubcommands\fR +is false, the client must not attempt to log additional commands. +.SS "TimeSpec commit_point" +A periodic time stamp sent by the server to indicate when I/O log +buffers have been committed to storage. +This message is not sent after every +\fIIoBuffer\fR +but rather at a server-configurable interval. +When the server receives an +\fIExitMessage\fR, +it will respond with a +\fIcommit_point\fR +corresponding to the last received +\fIIoBuffer\fR +before closing the connection. +.SS "string log_id" +The server-side ID of the I/O log being stored, sent in response +to an +\fIAcceptMessage\fR +where +\fIexpect_iobufs\fR +is true. +.SS "string error" +A fatal server-side error. +The server will close the connection after sending the +\fIerror\fR +message. +.SS "string abort" +An +\fIabort\fR +message from the server indicates that the client should kill the +command and terminate the session. +It may be used to implement simple server-side policy. +The server will close the connection after sending the +\fIabort\fR +message. +.SH "Protocol flow of control" +The expected protocol flow is as follows: +.TP 5n +1.\& +Client connects to the first available server. +If the client is configured to use TLS, a TLS handshake will be +attempted. +.TP 5n +2.\& +Client sends +\fIClientHello\fR. +This is currently optional but allows the server to detect a +non-TLS connection on the TLS port. +.TP 5n +3.\& +Server sends +\fIServerHello\fR. +.TP 5n +4.\& +Client responds with either +\fIAcceptMessage\fR, +\fIRejectMessage\fR, +or +\fIRestartMessage\fR. +.TP 5n +5.\& +If client sent a +\fIAcceptMessage\fR +with +\fIexpect_iobufs\fR +set, server creates a new I/O log and responds with a +\fIlog_id\fR. +.TP 5n +6.\& +Client sends zero or more +\fIIoBuffer\fR +messages. +.TP 5n +7.\& +Server periodically responds to +\fIIoBuffer\fR +messages with a +\fIcommit_point\fR. +.TP 5n +8.\& +Client sends an +\fIExitMessage\fR +when the command exits or is killed. +.TP 5n +9.\& +Server sends the final +\fIcommit_point\fR +if one is pending. +.TP 5n +10.\& +Server closes the connection. +After receiving the final +\fIcommit_point\fR, +the client shuts down its side of the TLS connection if TLS +is in use, and closes the connection. +.TP 5n +11.\& +Server shuts down its side of the TLS connection if TLS is in use, +and closes the connection. +.PP +At any point, the server may send an +\fIerror\fR +or +\fIabort\fR +message to the client at which point the server will close the +connection. +If an +\fIabort\fR +message is received, the client should terminate the running command. +.SH "EVENT LOG VARIABLES" +\fIAcceptMessage\fR, +\fIAlertMessage\fR +and +\fIRejectMessage\fR +classes contain an array of +\fIInfoMessage\fR +that should contain information about the user who submitted the command +as well as information about the execution environment of the command +if it was accepted. +.PP +Some variables have a +\fIclient\fR, +\fIrun\fR, +or +\fIsubmit\fR +prefix. +These prefixes are used to eliminate ambiguity for variables that +could apply to the client program, the user submitting the command, +or the command being run. +Variables with a +\fIclient\fR +prefix pertain to the program performing the connection to the log +server, for example +\fBsudo\fR. +Variables with a +\fIrun\fR +prefix pertain to the command that the user requested be run. +Variables with a +\fIsubmit\fR +prefix pertain to the user submitting the request +(the user running \fBsudo\fR). +.PP +The following +\fIInfoMessage\fR +entries are required: +.TS +l l l. +.PP +\fBKey\fR \fBType\fR \fBDescription\fR +.PP +command string command that was submitted +.PP +runuser string name of user the command was run as +.PP +submithost string name of host the command was submitted on +.PP +submituser string name of user submitting the command +.TE +.PP +The following +\fIInfoMessage\fR +entries are recognized, but not required: +.TS +l l l. +.PP +\fBKey\fR \fBType\fR \fBDescription\fR +.PP +clientargv StringList client's original argument vector +.PP +clientpid int64 client's process ID +.PP +clientppid int64 client's parent process ID +.PP +clientsid int64 client's terminal session ID +.PP +columns int64 number of columns in the terminal +.PP +lines int64 number of lines in the terminal +.PP +runargv StringList argument vector of command to run +.PP +runchroot string root directory of command to run +.PP +runcwd string running command's working directory +.PP +runenv StringList the running command's environment +.PP +rungid int64 primary group-ID of the command +.PP +rungids NumberList supplementary group-IDs for the command +.PP +rungroup string primary group name of the command +.PP +rungroups StringList supplementary group names for the command +.PP +runuid int64 run user's user-ID +.PP +submitcwd string submit user's current working directory +.PP +submitenv StringList the submit user's environment +.PP +submitgid int64 submit user's primary group-ID +.PP +submitgids NumberList submit user's supplementary group-IDs +.PP +submitgroup string submitting user's primary group name +.PP +submitgroups StringList submit user's supplementary group names +.PP +submituid int64 submit user's user-ID +.PP +ttyname string the terminal the command was submitted from +.TE +.PP +The server must accept other variables not listed above but may +ignore them. +.SH "EXAMPLES" +The Protocol Buffers description of the log server protocol is included +in full below. +Note that this uses the newer +\(lqproto3\(rq +syntax. +.nf +.sp +.RS 0n +syntax = "proto3"; + +/* + * Client message to the server. Messages on the wire are + * prefixed with a 32-bit size in network byte order. + */ +message ClientMessage { + oneof type { + AcceptMessage accept_msg = 1; + RejectMessage reject_msg = 2; + ExitMessage exit_msg = 3; + RestartMessage restart_msg = 4; + AlertMessage alert_msg = 5; + IoBuffer ttyin_buf = 6; + IoBuffer ttyout_buf = 7; + IoBuffer stdin_buf = 8; + IoBuffer stdout_buf = 9; + IoBuffer stderr_buf = 10; + ChangeWindowSize winsize_event = 11; + CommandSuspend suspend_event = 12; + } +} + +/* Equivalent of POSIX struct timespec */ +message TimeSpec { + int64 tv_sec = 1; /* seconds */ + int32 tv_nsec = 2; /* nanoseconds */ +} + +/* I/O buffer with keystroke data */ +message IoBuffer { + TimeSpec delay = 1; /* elapsed time since last record */ + bytes data = 2; /* keystroke data */ +} + +/* + * Key/value pairs, like Privilege Manager struct info. + * The value may be a number, a string, or a list of strings. + */ +message InfoMessage { + message StringList { + repeated string strings = 1; + } + message NumberList { + repeated int64 numbers = 1; + } + string key = 1; + oneof value { + int64 numval = 2; + string strval = 3; + StringList strlistval = 4; + NumberList numlistval = 5; + } +} + +/* + * Event log data for command accepted by the policy. + */ +message AcceptMessage { + TimeSpec submit_time = 1; /* when command was submitted */ + repeated InfoMessage info_msgs = 2; /* key,value event log data */ + bool expect_iobufs = 3; /* true if I/O logging enabled */ +} + +/* + * Event log data for command rejected by the policy. + */ +message RejectMessage { + TimeSpec submit_time = 1; /* when command was submitted */ + string reason = 2; /* reason command was rejected */ + repeated InfoMessage info_msgs = 3; /* key,value event log data */ +} + +/* Message sent by client when command exits. */ +/* Might revisit runtime and use end_time instead */ +message ExitMessage { + TimeSpec run_time = 1; /* total elapsed run time */ + int32 exit_value = 2; /* 0-255 */ + bool dumped_core = 3; /* true if command dumped core */ + string signal = 4; /* signal name if killed by signal */ + string error = 5; /* if killed due to other error */ +} + +/* Alert message, policy module-specific. */ +message AlertMessage { + TimeSpec alert_time = 1; /* time alert message occurred */ + string reason = 2; /* policy alert error string */ + repeated InfoMessage info_msgs = 3; /* key,value event log data */ +} + +/* Used to restart an existing I/O log on the server. */ +message RestartMessage { + string log_id = 1; /* ID of log being restarted */ + TimeSpec resume_point = 2; /* resume point (elapsed time) */ +} + +/* Window size change event. */ +message ChangeWindowSize { + TimeSpec delay = 1; /* elapsed time since last record */ + int32 rows = 2; /* new number of rows */ + int32 cols = 3; /* new number of columns */ +} + +/* Command suspend/resume event. */ +message CommandSuspend { + TimeSpec delay = 1; /* elapsed time since last record */ + string signal = 2; /* signal that caused suspend/resume */ +} + +/* + * Server messages to the client. Messages on the wire are + * prefixed with a 32-bit size in network byte order. + */ +message ServerMessage { + oneof type { + ServerHello hello = 1; /* server hello message */ + TimeSpec commit_point = 2; /* cumulative time of records stored */ + string log_id = 3; /* ID of server-side I/O log */ + string error = 4; /* error message from server */ + string abort = 5; /* abort message, kill command */ + } +} + +/* Hello message from server when client connects. */ +message ServerHello { + string server_id = 1; /* free-form server description */ + string redirect = 2; /* optional redirect if busy */ + repeated string servers = 3; /* optional list of known servers */ +} +.RE +.fi +.SH "SEE ALSO" +sudo_logsrvd.conf(@mansectform@), +sudoers(@mansectform@), +sudo(8), +sudo_logsrvd(8) +.PP +\fIProtocol Buffers\fR, +https://developers.google.com/protocol-buffers/. +.SH "HISTORY" +See the HISTORY file in the +\fBsudo\fR +distribution (https://www.sudo.ws/history.html) for a brief +history of sudo. +.SH "AUTHORS" +Many people have worked on +\fBsudo\fR +over the years; this version consists of code written primarily by: +.sp +.RS 6n +Todd C. Miller +.RE +.PP +See the CONTRIBUTORS file in the +\fBsudo\fR +distribution (https://www.sudo.ws/contributors.html) for an +exhaustive list of people who have contributed to +\fBsudo\fR. +.SH "BUGS" +If you feel you have found a bug in +\fBsudo\fR, +please submit a bug report at https://bugzilla.sudo.ws/ +.SH "SUPPORT" +Limited free support is available via the sudo-users mailing list, +see https://www.sudo.ws/mailman/listinfo/sudo-users to subscribe or +search the archives. +.SH "DISCLAIMER" +\fBsudo\fR +is provided +\(lqAS IS\(rq +and any express or implied warranties, including, but not limited +to, the implied warranties of merchantability and fitness for a +particular purpose are disclaimed. +See the LICENSE file distributed with +\fBsudo\fR +or https://www.sudo.ws/license.html for complete details. diff -Nru sudo-1.9.5p2/docs/sudo_logsrv.proto.mdoc.in sudo-1.9.9/docs/sudo_logsrv.proto.mdoc.in --- sudo-1.9.5p2/docs/sudo_logsrv.proto.mdoc.in 1970-01-01 00:00:00.000000000 +0000 +++ sudo-1.9.9/docs/sudo_logsrv.proto.mdoc.in 2022-01-27 21:24:22.000000000 +0000 @@ -0,0 +1,835 @@ +.\" +.\" SPDX-License-Identifier: ISC +.\" +.\" Copyright (c) 2019-2022 Todd C. Miller +.\" +.\" Permission to use, copy, modify, and distribute this software for any +.\" purpose with or without fee is hereby granted, provided that the above +.\" copyright notice and this permission notice appear in all copies. +.\" +.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES +.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF +.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR +.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES +.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN +.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF +.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. +.\" +.Dd January 19, 2022 +.Dt SUDO_LOGSRV.PROTO @mansectform@ +.Os Sudo @PACKAGE_VERSION@ +.Sh NAME +.Nm sudo_logsrv.proto +.Nd Sudo log server protocol +.Sh DESCRIPTION +Starting with version 1.9.0, +.Nm sudo +supports sending event and I/O logs to a log server. +The protocol used is written in Google's Protocol Buffers domain +specific language. +The +.Sx EXAMPLES +section includes a complete description of the protocol in Protocol +Buffers format. +.Pp +Because there is no way to determine message boundaries when using +Protocol Buffers, the wire size of each message is sent immediately +preceding the message itself as a 32-bit unsigned integer in network +byte order. +This is referred to as +.Dq length-prefix framing +and is how Google suggests handling the lack of message delimiters. +.Pp +The protocol is made up of two basic messages, +.Em ClientMessage +and +.Em ServerMessage , +described below. +The server must accept messages up to two megabytes in size. +The server may return an error if the client tries to send a message +larger than two megabytes. +.Sh Client Messages +A +.Em ClientMessage +is a container used to encapsulate all the possible message types +a client may send to the server. +.Bd -literal +message ClientMessage { + oneof type { + AcceptMessage accept_msg = 1; + RejectMessage reject_msg = 2; + ExitMessage exit_msg = 3; + RestartMessage restart_msg = 4; + AlertMessage alert_msg = 5; + IoBuffer ttyin_buf = 6; + IoBuffer ttyout_buf = 7; + IoBuffer stdin_buf = 8; + IoBuffer stdout_buf = 9; + IoBuffer stderr_buf = 10; + ChangeWindowSize winsize_event = 11; + CommandSuspend suspend_event = 12; + ClientHello hello_msg = 13; + } +} +.Ed +.Pp +The different +.Em ClientMessage +sub-messages the client may sent to the server are described below. +.Ss TimeSpec +.Bd -literal +message TimeSpec { + int64 tv_sec = 1; + int32 tv_nsec = 2; +} +.Ed +.Pp +A +.Em TimeSpec +is the equivalent of a POSIX +.Li struct timespec , +containing seconds and nanoseconds members. +The +.Em tv_sec +member is a 64-bit integer to support dates after the year 2038. +.Ss InfoMessage +.Bd -literal +message InfoMessage { + message StringList { + repeated string strings = 1; + } + message NumberList { + repeated int64 numbers = 1; + } + string key = 1; + oneof value { + int64 numval = 2; + string strval = 3; + StringList strlistval = 4; + NumberList numlistval = 5; + } +} +.Ed +.Pp +An +.Em InfoMessage +is used to represent information about the invoking user as well as the +execution environment the command runs in the form of key-value pairs. +The key is always a string but the value may be a 64-bit integer, +a string, an array of strings, or an array of 64-bit integers. +The event log data is composed of +.Em InfoMessage +entries. +See the +.Sx EVENT LOG VARIABLES +section for more information. +.Ss ClientHello hello_msg +.Bd -literal +message ClientHello { + string client_id = 1; +} +.Ed +.Pp +A +.Em ClientHello +message consists of client information that may be sent to the +server when the client first connects. +.Bl -tag -width Ds +.It client_id +A free-form client description. +This usually includes the name and version of the client implementation. +.El +.Ss AcceptMessage accept_msg +.Bd -literal +message AcceptMessage { + TimeSpec submit_time = 1; + repeated InfoMessage info_msgs = 2; + bool expect_iobufs = 3; +} +.Ed +.Pp +An +.Em AcceptMessage +is sent by the client when a command is allowed by the security policy. +It contains the following members: +.Bl -tag -width Ds +.It submit_time +The wall clock time when the command was submitted to the security policy. +.It info_msgs +An array of +.Em InfoMessage +describing the user who submitted the command as well as the execution +environment of the command. +This information is used to generate an event log entry and may also be +used by server to determine where and how the I/O log is stored. +.It expect_iobufs +Set to true if the server should expect +.Em IoBuffer +messages to follow (for I/O logging) or false if the server should only +store the event log. +.El +.Pp +If an +.Em AcceptMessage +is sent, the client must not send a +.Em RejectMessage +or +.Em RestartMessage . +.Ss RejectMessage reject_msg +.Bd -literal +message RejectMessage { + TimeSpec submit_time = 1; + string reason = 2; + repeated InfoMessage info_msgs = 3; +} +.Ed +.Pp +A +.Em RejectMessage +is sent by the client when a command is denied by the security policy. +It contains the following members: +.Bl -tag -width Ds +.It submit_time +The wall clock time when the command was submitted to the security policy. +.It reason +The reason the security policy gave for denying the command. +.It info_msgs +An array of +.Em InfoMessage +describing the user who submitted the command as well as the execution +environment of the command. +This information is used to generate an event log entry. +.El +.Pp +If a +.Em RejectMessage +is sent, the client must not send an +.Em AcceptMessage +or +.Em RestartMessage . +.Ss ExitMessage exit_msg +.Bd -literal +message ExitMessage { + TimeSpec run_time = 1; + int32 exit_value = 2; + bool dumped_core = 3; + string signal = 4; + string error = 5; +} +.Pp +.Ed +An +.Em ExitMessage +is sent by the client after the command has exited or has been +terminated by a signal. +It contains the following members: +.Bl -tag -width Ds +.It run_time +The total amount of elapsed time since the command started, +calculated using a monotonic clock where possible. +This is not the wall clock time. +.It exit_value +The command's exit value in the range 0-255. +.It dumped_core +True if the command was terminated by a signal and dumped core. +.It signal +If the command was terminated by a signal, this is set to the +name of the signal without the leading +.Dq SIG . +For example, +.Li INT , +.Li TERM , +.Li KILL , +.Li SEGV . +.It error +A message from the client indicating that the command was terminated +unexpectedly due to an error. +.El +.Pp +When performing I/O logging, the client should wait for a +.Em commit_point +corresponding to the final +.Em IoBuffer +before closing the connection unless the final +.Em commit_point +has already been received. +.Ss RestartMessage restart_msg +.Bd -literal +message RestartMessage { + string log_id = 1; + TimeSpec resume_point = 2; +} +.Ed +.Pp +A +.Em RestartMessage +is sent by the client to resume sending an existing I/O log that +was previously interrupted. +It contains the following members: +.Bl -tag -width Ds +.It log_id +The the server-side name for an I/O log that was previously +sent to the client by the server. +This may be a path name on the server or some other kind of server-side +identifier. +.It resume_point +The point in time after which to resume the I/O log. +This is in the form of a +.Em TimeSpec +representing the amount of time since the command started, not +the wall clock time. +The +.Em resume_point +should correspond to a +.Em commit_point +previously sent to the client by the server. +If the server receives a +.Em RestartMessage +containing a +.Em resume_point +it has not previously seen, an error will be returned to the client +and the connection will be dropped. +.El +.Pp +If a +.Em RestartMessage +is sent, the client must not send an +.Em AcceptMessage +or +.Em RejectMessage . +.Ss AlertMessage alert_msg +.Bd -literal +message AlertMessage { + TimeSpec alert_time = 1; + string reason = 2; + repeated InfoMessage info_msgs = 3; +} +.Ed +.Pp +An +.Em AlertMessage +is sent by the client to indicate a problem detected by the security +policy while the command is running that should be stored in the event log. +It contains the following members: +.Bl -tag -width Ds +.It alert_time +The wall clock time when the alert occurred. +.It reason +The reason for the alert. +.It info_msgs +An optional array of +.Em InfoMessage +describing the user who submitted the command as well as the execution +environment of the command. +This information is used to generate an event log entry. +.El +.Ss IoBuffer ttyin_buf | ttyout_buf | stdin_buf | stdout_buf | stderr_buf +.Bd -literal +message IoBuffer { + TimeSpec delay = 1; + bytes data = 2; +} +.Ed +.Pp +An +.Em IoBuffer +is used to represent data from terminal input, terminal +output, standard input, standard output, or standard error. +It contains the following members: +.Bl -tag -width Ds +.It delay +The elapsed time since the last record in the form of a +.Em TimeSpec . +The +.Em delay +should be calculated using a monotonic clock where possible. +.It data +The binary I/O log data from terminal input, terminal output, +standard input, standard output, or standard error. +.El +.Ss ChangeWindowSize winsize_event +.Bd -literal +message ChangeWindowSize { + TimeSpec delay = 1; + int32 rows = 2; + int32 cols = 3; +} +.Ed +.Pp +A +.Em ChangeWindowSize +message is sent by the client when the terminal running the command +changes size. +It contains the following members: +.Bl -tag -width Ds +.It delay +The elapsed time since the last record in the form of a +.Em TimeSpec . +The +.Em delay +should be calculated using a monotonic clock where possible. +.It rows +The new number of terminal rows. +.It cols +The new number of terminal columns. +.El +.Ss CommandSuspend suspend_event +.Bd -literal +message CommandSuspend { + TimeSpec delay = 1; + string signal = 2; +} +.Ed +.Pp +A +.Em CommandSuspend +message is sent by the client when the command is either suspended +or resumed. +It contains the following members: +.Bl -tag -width Ds +.It delay +The elapsed time since the last record in the form of a +.Em TimeSpec . +The +.Em delay +should be calculated using a monotonic clock where possible. +.It signal +The signal name without the leading +.Dq SIG . +For example, +.Li STOP , +.Li TSTP , +.Li CONT . +.El +.Sh Server Messages +A +.Em ServerMessage +is a container used to encapsulate all the possible message types +the server may send to a client. +.Bd -literal +message ServerMessage { + oneof type { + ServerHello hello = 1; + TimeSpec commit_point = 2; + string log_id = 3; + string error = 4; + string abort = 5; + } +} +.Ed +.Pp +The different +.Em ServerMessage +sub-messages the server may sent to the client are described below. +.Ss ServerHello hello +.Bd -literal +message ServerHello { + string server_id = 1; + string redirect = 2; + repeated string servers = 3; + bool subcommands = 4; +} +.Ed +.Pp +The +.Em ServerHello +message consists of server information sent when the client first connects. +It contains the following members: +.Bl -tag -width Ds +.It server_id +A free-form server description. +Usually this includes the name and version of the implementation +running on the log server. +This member is always present. +.It redirect +A host and port separated by a colon +.Pq Ql : +that the client should connect to instead. +The host may be a host name, an IPv4 address, or an IPv6 address +in square brackets. +This may be used for server load balancing. +The server will disconnect after sending the +.Em ServerHello +when it includes a +.Sy redirect . +.It servers +A list of other known log servers. +This can be used to implement log server redundancy and allows the +client to discover all other log servers simply by connecting to +one known server. +This member may be omitted when there is only a single log server. +.It subcommands +If set, the server supports logging additional commands during a session. +The client may send an +.Em AcceptMessage +or +.Em RejectMessage +when +.Nm sudo +is running in +.Em intercept +mode. +In this mode, commands spawned from the initial command authorized by +.Nm sudo +are subject to policy restrictions and/or are logged. +If +.Em subcommands +is false, the client must not attempt to log additional commands. +.El +.Ss TimeSpec commit_point +A periodic time stamp sent by the server to indicate when I/O log +buffers have been committed to storage. +This message is not sent after every +.Em IoBuffer +but rather at a server-configurable interval. +When the server receives an +.Em ExitMessage , +it will respond with a +.Em commit_point +corresponding to the last received +.Em IoBuffer +before closing the connection. +.Ss string log_id +The server-side ID of the I/O log being stored, sent in response +to an +.Em AcceptMessage +where +.Em expect_iobufs +is true. +.Ss string error +A fatal server-side error. +The server will close the connection after sending the +.Em error +message. +.Ss string abort +An +.Em abort +message from the server indicates that the client should kill the +command and terminate the session. +It may be used to implement simple server-side policy. +The server will close the connection after sending the +.Em abort +message. +.Sh Protocol flow of control +The expected protocol flow is as follows: +.Bl -enum +.It +Client connects to the first available server. +If the client is configured to use TLS, a TLS handshake will be +attempted. +.It +Client sends +.Em ClientHello . +This is currently optional but allows the server to detect a +non-TLS connection on the TLS port. +.It +Server sends +.Em ServerHello . +.It +Client responds with either +.Em AcceptMessage , +.Em RejectMessage , +or +.Em RestartMessage . +.It +If client sent a +.Em AcceptMessage +with +.Em expect_iobufs +set, server creates a new I/O log and responds with a +.Em log_id . +.It +Client sends zero or more +.Em IoBuffer +messages. +.It +Server periodically responds to +.Em IoBuffer +messages with a +.Em commit_point . +.It +Client sends an +.Em ExitMessage +when the command exits or is killed. +.It +Server sends the final +.Em commit_point +if one is pending. +.It +Server closes the connection. +After receiving the final +.Em commit_point , +the client shuts down its side of the TLS connection if TLS +is in use, and closes the connection. +.It +Server shuts down its side of the TLS connection if TLS is in use, +and closes the connection. +.El +.Pp +At any point, the server may send an +.Em error +or +.Em abort +message to the client at which point the server will close the +connection. +If an +.Em abort +message is received, the client should terminate the running command. +.Sh EVENT LOG VARIABLES +.Em AcceptMessage , +.Em AlertMessage +and +.Em RejectMessage +classes contain an array of +.Em InfoMessage +that should contain information about the user who submitted the command +as well as information about the execution environment of the command +if it was accepted. +.Pp +Some variables have a +.Em client , +.Em run , +or +.Em submit +prefix. +These prefixes are used to eliminate ambiguity for variables that +could apply to the client program, the user submitting the command, +or the command being run. +Variables with a +.Em client +prefix pertain to the program performing the connection to the log +server, for example +.Nm sudo . +Variables with a +.Em run +prefix pertain to the command that the user requested be run. +Variables with a +.Em submit +prefix pertain to the user submitting the request +.Pq the user running Nm sudo . +.Pp +The following +.Em InfoMessage +entries are required: +.Bl -column "submitgroup" "stringlist" "name of host the command was submitted on" +.It Sy Key Ta Sy Type Ta Sy Description +.It command Ta string Ta command that was submitted +.It runuser Ta string Ta name of user the command was run as +.It submithost Ta string Ta name of host the command was submitted on +.It submituser Ta string Ta name of user submitting the command +.El +.Pp +The following +.Em InfoMessage +entries are recognized, but not required: +.Bl -column "submitgroup" "stringlist" "name of host the command was submitted on" +.It Sy Key Ta Sy Type Ta Sy Description +.It clientargv Ta StringList Ta client's original argument vector +.It clientpid Ta int64 Ta client's process ID +.It clientppid Ta int64 Ta client's parent process ID +.It clientsid Ta int64 Ta client's terminal session ID +.It columns Ta int64 Ta number of columns in the terminal +.It lines Ta int64 Ta number of lines in the terminal +.It runargv Ta StringList Ta argument vector of command to run +.It runchroot Ta string Ta root directory of command to run +.It runcwd Ta string Ta running command's working directory +.It runenv Ta StringList Ta the running command's environment +.It rungid Ta int64 Ta primary group-ID of the command +.It rungids Ta NumberList Ta supplementary group-IDs for the command +.It rungroup Ta string Ta primary group name of the command +.It rungroups Ta StringList Ta supplementary group names for the command +.It runuid Ta int64 Ta run user's user-ID +.It submitcwd Ta string Ta submit user's current working directory +.It submitenv Ta StringList Ta the submit user's environment +.It submitgid Ta int64 Ta submit user's primary group-ID +.It submitgids Ta NumberList Ta submit user's supplementary group-IDs +.It submitgroup Ta string Ta submitting user's primary group name +.It submitgroups Ta StringList Ta submit user's supplementary group names +.It submituid Ta int64 Ta submit user's user-ID +.It ttyname Ta string Ta the terminal the command was submitted from +.El +.Pp +The server must accept other variables not listed above but may +ignore them. +.Sh EXAMPLES +The Protocol Buffers description of the log server protocol is included +in full below. +Note that this uses the newer +.Dq proto3 +syntax. +.Bd -literal +syntax = "proto3"; + +/* + * Client message to the server. Messages on the wire are + * prefixed with a 32-bit size in network byte order. + */ +message ClientMessage { + oneof type { + AcceptMessage accept_msg = 1; + RejectMessage reject_msg = 2; + ExitMessage exit_msg = 3; + RestartMessage restart_msg = 4; + AlertMessage alert_msg = 5; + IoBuffer ttyin_buf = 6; + IoBuffer ttyout_buf = 7; + IoBuffer stdin_buf = 8; + IoBuffer stdout_buf = 9; + IoBuffer stderr_buf = 10; + ChangeWindowSize winsize_event = 11; + CommandSuspend suspend_event = 12; + } +} + +/* Equivalent of POSIX struct timespec */ +message TimeSpec { + int64 tv_sec = 1; /* seconds */ + int32 tv_nsec = 2; /* nanoseconds */ +} + +/* I/O buffer with keystroke data */ +message IoBuffer { + TimeSpec delay = 1; /* elapsed time since last record */ + bytes data = 2; /* keystroke data */ +} + +/* + * Key/value pairs, like Privilege Manager struct info. + * The value may be a number, a string, or a list of strings. + */ +message InfoMessage { + message StringList { + repeated string strings = 1; + } + message NumberList { + repeated int64 numbers = 1; + } + string key = 1; + oneof value { + int64 numval = 2; + string strval = 3; + StringList strlistval = 4; + NumberList numlistval = 5; + } +} + +/* + * Event log data for command accepted by the policy. + */ +message AcceptMessage { + TimeSpec submit_time = 1; /* when command was submitted */ + repeated InfoMessage info_msgs = 2; /* key,value event log data */ + bool expect_iobufs = 3; /* true if I/O logging enabled */ +} + +/* + * Event log data for command rejected by the policy. + */ +message RejectMessage { + TimeSpec submit_time = 1; /* when command was submitted */ + string reason = 2; /* reason command was rejected */ + repeated InfoMessage info_msgs = 3; /* key,value event log data */ +} + +/* Message sent by client when command exits. */ +/* Might revisit runtime and use end_time instead */ +message ExitMessage { + TimeSpec run_time = 1; /* total elapsed run time */ + int32 exit_value = 2; /* 0-255 */ + bool dumped_core = 3; /* true if command dumped core */ + string signal = 4; /* signal name if killed by signal */ + string error = 5; /* if killed due to other error */ +} + +/* Alert message, policy module-specific. */ +message AlertMessage { + TimeSpec alert_time = 1; /* time alert message occurred */ + string reason = 2; /* policy alert error string */ + repeated InfoMessage info_msgs = 3; /* key,value event log data */ +} + +/* Used to restart an existing I/O log on the server. */ +message RestartMessage { + string log_id = 1; /* ID of log being restarted */ + TimeSpec resume_point = 2; /* resume point (elapsed time) */ +} + +/* Window size change event. */ +message ChangeWindowSize { + TimeSpec delay = 1; /* elapsed time since last record */ + int32 rows = 2; /* new number of rows */ + int32 cols = 3; /* new number of columns */ +} + +/* Command suspend/resume event. */ +message CommandSuspend { + TimeSpec delay = 1; /* elapsed time since last record */ + string signal = 2; /* signal that caused suspend/resume */ +} + +/* + * Server messages to the client. Messages on the wire are + * prefixed with a 32-bit size in network byte order. + */ +message ServerMessage { + oneof type { + ServerHello hello = 1; /* server hello message */ + TimeSpec commit_point = 2; /* cumulative time of records stored */ + string log_id = 3; /* ID of server-side I/O log */ + string error = 4; /* error message from server */ + string abort = 5; /* abort message, kill command */ + } +} + +/* Hello message from server when client connects. */ +message ServerHello { + string server_id = 1; /* free-form server description */ + string redirect = 2; /* optional redirect if busy */ + repeated string servers = 3; /* optional list of known servers */ +} +.Ed +.Sh SEE ALSO +.Xr sudo_logsrvd.conf @mansectform@ , +.Xr sudoers @mansectform@ , +.Xr sudo @mansectsu@ , +.Xr sudo_logsrvd @mansectsu@ +.Rs +.%T Protocol Buffers +.%U https://developers.google.com/protocol-buffers/ +.Re +.Sh HISTORY +See the HISTORY file in the +.Nm sudo +distribution (https://www.sudo.ws/history.html) for a brief +history of sudo. +.Sh AUTHORS +Many people have worked on +.Nm sudo +over the years; this version consists of code written primarily by: +.Bd -ragged -offset indent +.An Todd C. Miller +.Ed +.Pp +See the CONTRIBUTORS file in the +.Nm sudo +distribution (https://www.sudo.ws/contributors.html) for an +exhaustive list of people who have contributed to +.Nm sudo . +.Sh BUGS +If you feel you have found a bug in +.Nm sudo , +please submit a bug report at https://bugzilla.sudo.ws/ +.Sh SUPPORT +Limited free support is available via the sudo-users mailing list, +see https://www.sudo.ws/mailman/listinfo/sudo-users to subscribe or +search the archives. +.Sh DISCLAIMER +.Nm sudo +is provided +.Dq AS IS +and any express or implied warranties, including, but not limited +to, the implied warranties of merchantability and fitness for a +particular purpose are disclaimed. +See the LICENSE file distributed with +.Nm sudo +or https://www.sudo.ws/license.html for complete details. diff -Nru sudo-1.9.5p2/docs/sudo_logsrvd.conf.man.in sudo-1.9.9/docs/sudo_logsrvd.conf.man.in --- sudo-1.9.5p2/docs/sudo_logsrvd.conf.man.in 1970-01-01 00:00:00.000000000 +0000 +++ sudo-1.9.9/docs/sudo_logsrvd.conf.man.in 2022-01-27 21:24:22.000000000 +0000 @@ -0,0 +1,1056 @@ +.\" Automatically generated from an mdoc input file. Do not edit. +.\" +.\" SPDX-License-Identifier: ISC +.\" +.\" Copyright (c) 2019-2022 Todd C. Miller +.\" +.\" Permission to use, copy, modify, and distribute this software for any +.\" purpose with or without fee is hereby granted, provided that the above +.\" copyright notice and this permission notice appear in all copies. +.\" +.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES +.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF +.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR +.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES +.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN +.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF +.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. +.\" +.TH "SUDO_LOGSRVD.CONF" "@mansectform@" "January 19, 2022" "Sudo @PACKAGE_VERSION@" "File Formats Manual" +.nh +.if n .ad l +.SH "NAME" +\fBsudo_logsrvd.conf\fR +\- configuration for sudo_logsrvd +.SH "DESCRIPTION" +The +\fBsudo_logsrvd.conf\fR +file is used to configure the +\fBsudo_logsrvd\fR +log server. +It uses an INI-style format made up of sections in square brackets and +\(lqkey = value\(rq +pairs specific to each section below the section name. +Depending on the key, values may be integers, booleans, or strings. +Section and key names are not case sensitive, but values are. +.PP +The pound sign +(\(oq#\(cq) +is used to indicate a comment. +Both the comment character and any text after it, up to the end of +the line, are ignored. +Lines beginning with a semi-colon +(\(oq\&;\(cq) +are also ignored. +.PP +Long lines can be continued with a backslash +(\(oq\e\(cq) +as the last character on the line. +Note that leading white space is removed from the beginning of lines +even when the continuation character is used. +.PP +The +\fIEXAMPLES\fR +section contains a copy of the default +\fBsudo_logsrvd.conf\fR +file. +.PP +The following configuration sections are recognized: +.PP +.RS 6n +.PD 0 +.TP 4n +\fB\(bu\fR +server +.TP 4n +\fB\(bu\fR +relay +.TP 4n +\fB\(bu\fR +iolog +.TP 4n +\fB\(bu\fR +eventlog +.TP 4n +\fB\(bu\fR +syslog +.TP 4n +\fB\(bu\fR +logfile +.RE +.PD +.PP +Each section is described in detail below. +.SS "server" +The +\fIserver\fR +section configures the address and port the server will listen on. +The following keys are recognized: +.TP 10n +listen_address = host[:port][(tls)] +The host name or IP address, optional port to listen on and +an optional Transport Layer Security (TLS) flag in parentheses. +.sp +The host may be a host name, an IPv4 address, an IPv6 address +in square brackets or the wild card entry +\(oq*\(cq. +A host setting of +\(oq*\(cq +will cause +\fBsudo_logsrvd\fR +to listen on all configured network interfaces. +.sp +If the optional tls flag is present, +\fBsudo_logsrvd\fR +will secure the connection with TLS version 1.2 or 1.3. +Versions of TLS prior to 1.2 are not supported. +See +sudo_logsrvd(8) +for details on generating TLS keys and certificates. +.sp +If a port is specified, it may either be a port number or a known +service name as defined by the system service name database. +If no port is specified, port 30343 will be used for plaintext +connections and port 30344 will be used for TLS connections. +.sp +The default value is: +.nf +.RS 16n +listen_address = *:30343 +listen_address = *:30344(tls) +.RE +.fi +.RS 10n +which will listen on all configured network interfaces for both +plaintext and TLS connections. +Multiple +\fIlisten_address\fR +lines may be specified to listen on more than one port or interface. +.RE +.TP 10n +server_log = string +Where to log server warning and error messages. +Supported values are +\fInone\fR, +\fIstderr\fR, +\fIsyslog\fR, +or a path name beginning with the +\(oq/\(cq +character. +Note that a value of +\fIstderr\fR +is only effective when used in conjunction with the +\fB\-n\fR +option. +The default value is +\fIsyslog\fR. +.TP 10n +pid_file = path +The path to the file containing the process ID of the running +\fBsudo_logsrvd\fR. +If set to an empty value, or if +\fBsudo_logsrvd\fR +is run with the +\fB\-n\fR +option, no +\fIpid_file\fR +will be created. +If +\fIpid_file\fR +refers to a symbolic link, it will be ignored. +The default value is +\fI@rundir@/sudo_logsrvd.pid\fR. +.TP 10n +tcp_keepalive = boolean +If true, +\fBsudo_logsrvd\fR +will enable the TCP keepalive socket option on the client connection. +This enables the periodic transmission of keepalive messages to the client. +If the client does not respond to a message in time, the connection will +be closed. +Defaults to true. +.TP 10n +timeout = number +The amount of time, in seconds, +\fBsudo_logsrvd\fR +will wait for the client to respond. +A value of 0 will disable the timeout. +The default value is 30. +.TP 10n +tls_cacert = path +The path to a certificate authority bundle file, in PEM format, +to use instead of the system's default certificate authority database +when authenticating clients. +The default is to use +\fI/etc/ssl/sudo/cacert.pem\fR +if it exists, otherwise the system's default certificate authority +database is used. +.TP 10n +tls_cert = path +The path to the server's certificate file, in PEM format. +The default value is +\fI/etc/ssl/sudo/certs/logsrvd_cert.pem\fR. +.TP 10n +tls_checkpeer = bool +If true, client certificates will be validated by +\fBsudo_logsrvd\fR; +clients without a valid certificate will be unable to connect. +If false, no validation of client certificates will be performed. +It true and client certificates are created using a private certificate +authority, the +\fItls_cacert\fR +setting must be set to a CA bundle that contains the CA certificate +used to generate the client certificate. +The default value is +\fRfalse\fR. +.TP 10n +tls_ciphers_v12 = string +A list of ciphers to use for connections secured by TLS version 1.2 only, +separated by a colon +\(oq:\&\(cq. +See the +\fICIPHER LIST FORMAT\fR +section in +openssl-ciphers(1) +for full details. +The default value is +\fRHIGH:!aNULL\fR +which consists of encryption cipher suites with key lengths larger than +128 bits, and some cipher suites with 128-bit keys. +Cipher suites that offer no authentication are excluded. +.TP 10n +tls_ciphers_v13 = string +A list of ciphers to use for connections secured by TLS version 1.3 only, +separated by a colon +\(oq:\&\(cq. +Supported cipher suites depend on the version of OpenSSL used, +but should include the following: +.sp +.RS 16n +.PD 0 +.TP 10n +TLS_AES_128_GCM_SHA256 +.TP 10n +TLS_AES_256_GCM_SHA384 +.TP 10n +TLS_CHACHA20_POLY1305_SHA256 +.TP 10n +TLS_AES_128_CCM_SHA256 +.TP 10n +TLS_AES_128_CCM_8_SHA256 +.RE +.RS 10n +.sp +The default cipher suite is TLS_AES_256_GCM_SHA384. +.RE +.PD +.TP 10n +tls_dhparams = path +The path to a file containing custom Diffie-Hellman parameters in PEM format. +This file can be created with the following command: +.nf +.sp +.RS 10n +openssl dhparam -out /etc/sudo_logsrvd_dhparams.pem 2048 +.RE +.fi +.RS 10n +.sp +By default, +\fBsudo_logsrvd\fR +will use the OpenSSL defaults for Diffie-Hellman key generation. +.RE +.TP 10n +tls_key = path +The path to the server's private key file, in PEM format. +The default value is +\fI/etc/ssl/sudo/private/logsrvd_key.pem\fR. +.TP 10n +tls_verify = bool +If true, +\fBsudo_logsrvd.conf\fR +will validate its own certificate at startup time or when the +configuration is changed. +If false, no verification is performed of the server certificate. +When using self-signed certificates without a certificate authority, +this setting should be set to false. +The default value is true. +.SS "relay" +The +\fIrelay\fR +section configures the optional logsrv relay host and port the server will +connect to. +The TLS configuration keys are optional, by default the corresponding +keys in the +\fIserver\fR +section will be used. +They are only present in this section to make it possible for the relay +connection to use a different set of TLS parameters from the client-facing +server. +The following keys are recognized: +.TP 10n +connect_timeout = number +The amount of time, in seconds, +\fBsudo_logsrvd\fR +will wait for the connection to a +\fIrelay_host\fR +(see below) to complete. +Once the connection is complete, the +\fItimeout\fR +setting controls the amount of time +\fBsudo_logsrvd\fR +will wait for the relay to respond. +A value of 0 will disable the timeout. +The default value is 30. +.TP 10n +relay_dir = path +The directory in which log messages are temporarily stored before they +are sent to the relay host. +Messages are stored in the wire format specified by +sudo_logsrv.proto(@mansectform@) +The default value is +\fI@relay_dir@\fR. +.TP 10n +relay_host = host[:port][(tls)] +The relay host name or IP address, optional port to connect to and +an optional Transport Layer Security (TLS) flag in parentheses. +The syntax is identical to +\fIlisten_address\fR +in the +\fIserver\fR +section with one exception: the wild card +\(oq*\(cq +syntax is not supported. +.sp +When this setting is enabled, messages from the client will be forwarded +to one of the specified relay hosts instead of being stored locally. +The +\fIhost\fR +could be running an instance of +\fBsudo_logsrvd\fR +or another server that supports the +sudo_logsrv.proto(@mansectform@) +protocol. +.sp +If multiple +\fIrelay_host\fR +lines are specified, the first available relay host will be used. +.TP 10n +retry_interval = number +The number of seconds to wait after a connection error before making +a new attempt to forward a message to a relay host. +The default value is 30 seconds. +.TP 10n +store_first = boolean +If true, +\fBsudo_logsrvd\fR +will store logs locally before relaying them. +Once the log is complete, a connection to the relay host is opened +and the log is relayed. +If the network connection is interrupted before the log can be fully +transferred, it will be retransmitted later. +The default is to relay logs in real-time. +.TP 10n +tcp_keepalive = boolean +If true, +\fBsudo_logsrvd\fR +will enable the TCP keepalive socket option on the relay connection. +This enables the periodic transmission of keepalive messages to the relay +server. +If the relay does not respond to a message in time, the connection will +be closed. +.TP 10n +timeout = number +The amount of time, in seconds, +\fBsudo_logsrvd\fR +will wait for the relay server to respond after a connection has succeeded. +A value of 0 will disable the timeout. +The default value is 30. +.TP 10n +tls_cacert = path +The path to a certificate authority bundle file, in PEM format, +to use instead of the system's default certificate authority database +when authenticating clients. +The default is to use the value specified in the +\fIserver\fR +section, or the system's default certificate authority database if +no value is set. +.TP 10n +tls_cert = path +The path to the server's certificate file, in PEM format. +The default is to use the value specified in the +\fIserver\fR +section. +.TP 10n +tls_checkpeer = bool +If true, the relay host's certificate will be validated by +\fBsudo_logsrvd\fR; +connections to a relay without a valid certificate will fail. +If false, no validation of relay certificates will be performed. +It true and relay certificates are created using a private certificate +authority, the +\fItls_cacert\fR +setting must be set to a CA bundle that contains the CA certificate +used to generate the relay certificate. +The default is to use the value specified in the +\fIserver\fR +section. +.TP 10n +tls_ciphers_v12 = string +A list of ciphers to use for connections secured by TLS version 1.2 only, +separated by a colon +\(oq:\&\(cq. +See the +\fICIPHER LIST FORMAT\fR +section in +openssl-ciphers(1) +for full details. +The default is to use the value specified in the +\fIserver\fR +section. +.TP 10n +tls_ciphers_v13 = string +A list of ciphers to use for connections secured by TLS version 1.3 only, +separated by a colon +\(oq:\&\(cq. +Supported cipher suites depend on the version of OpenSSL used, +see the +\fIserver\fR +section for more information. +The default is to use the value specified in the +\fIserver\fR +section. +.TP 10n +tls_dhparams = path +The path to a file containing custom Diffie-Hellman parameters in PEM format. +The default is to use the value specified in the +\fIserver\fR +section. +.TP 10n +tls_key = path +The path to the server's private key file, in PEM format. +The default is to use the value specified in the +\fIserver\fR +section. +.TP 10n +tls_verify = bool +If true, the server's certificate used for relaying will be verified at startup. +If false, no verification is performed of the server certificate. +When using self-signed certificates without a certificate authority, +this setting should be set to false. +The default is to use the value specified in the +\fIserver\fR +section. +.SS "iolog" +The +\fIiolog\fR +section configures I/O log parameters. +These settings are identical to the I/O configuration in +sudoers(@mansectform@). +The following keys are recognized: +.TP 10n +iolog_compress = boolean +If set, I/O logs will be compressed using +\fBzlib\fR. +Enabling compression can make it harder to view the logs in real-time as +the program is executing due to buffering. +The default value is +\fRfalse\fR. +.TP 10n +iolog_dir = path +The top-level directory to use when constructing the path +name for the I/O log directory. +The session sequence number, if any, is stored in the directory. +The default value is +\fI@iolog_dir@\fR. +.sp +The following percent +(\(oq%\(cq) +escape sequences are supported: +.PP +.RS 10n +.PD 0 +.TP 6n +\fR%{seq}\fR +expanded to a monotonically increasing base-36 sequence number, such as 0100A5, +where every two digits are used to form a new directory, e.g., +\fI01/00/A5\fR +.PD +.TP 6n +\fR%{user}\fR +expanded to the invoking user's login name +.TP 6n +\fR%{group}\fR +expanded to the name of the invoking user's real group-ID +.TP 6n +\fR%{runas_user}\fR +expanded to the login name of the user the command will +be run as (e.g., root) +.TP 6n +\fR%{runas_group}\fR +expanded to the group name of the user the command will +be run as (e.g., wheel) +.TP 6n +\fR%{hostname}\fR +expanded to the local host name without the domain name +.TP 6n +\fR%{command}\fR +expanded to the base name of the command being run +.PP +In addition, any escape sequences supported by the system's +strftime(3) +function will be expanded. +.sp +To include a literal +\(oq%\(cq +character, the string +\(oq%%\(cq +should be used. +.RE +.TP 10n +iolog_file = path +The path name, relative to +\fIiolog_dir\fR, +in which to store I/O logs. +Note that +\fIiolog_file\fR +may contain directory components. +The default value is +\fR%{seq}\fR. +.sp +See the +\fIiolog_dir\fR +setting above for a list of supported percent +(\(oq%\(cq) +escape sequences. +.sp +In addition to the escape sequences, path names that end in six or +more +\fRX\fRs +will have the +\fRX\fRs +replaced with a unique combination of digits and letters, similar to the +mktemp(3) +function. +.sp +If the path created by concatenating +\fIiolog_dir\fR +and +\fIiolog_file\fR +already exists, the existing I/O log file will be truncated and +overwritten unless +\fIiolog_file\fR +ends in six or +more +\fRX\fRs. +.TP 10n +iolog_flush = boolean +If set, I/O log data is flushed to disk after each write instead of +buffering it. +This makes it possible to view the logs in real-time as the program is +executing but may significantly reduce the effectiveness +of I/O log compression. +I/O logs are always flushed before sending a commit point to the client +regardless of this setting. +The default value is +\fRtrue\fR. +.TP 10n +iolog_group = name +The group name to look up when setting the group-ID on new I/O log +files and directories. +If +\fIiolog_group\fR +is not set, +the primary group-ID of the user specified by +\fIiolog_user is used.\fR +If neither +\fIiolog_group\fR +nor +\fIiolog_user\fR +are set, I/O log files and directories are created with group-ID 0. +.TP 10n +iolog_mode = mode +The file mode to use when creating I/O log files. +Mode bits for read and write permissions for owner, group, or other +are honored, everything else is ignored. +The file permissions will always include the owner read and +write bits, even if they are not present in the specified mode. +When creating I/O log directories, search (execute) bits are added +to match the read and write bits specified by +\fIiolog_mode\fR. +The default value is +\fR0600\fR. +.TP 10n +iolog_user = name +The user name to look up when setting the owner of new +I/O log files and directories. +If +\fIiolog_group\fR +is set, it will be used instead of the user's primary group-ID. +By default, I/O log files and directories are created with user and +group-ID 0. +.TP 10n +maxseq = number +The maximum sequence number that will be substituted for the +\(lq\fR%{seq}\fR\(rq +escape in the I/O log file (see the +\fIiolog_dir\fR +description above for more information). +While the value substituted for +\(lq\fR%{seq}\fR\(rq +is in base 36, +\fImaxseq\fR +itself should be expressed in decimal. +Values larger than 2176782336 (which corresponds to the +base 36 sequence number +\(lqZZZZZZ\(rq) +will be silently truncated to 2176782336. +The default value is 2176782336. +.SS "eventlog" +The +\fIeventlog\fR +section configures how (and if) security policy events are logged. +.TP 6n +log_type = string +Where to log accept, reject, and alert events reported by the policy. +Supported values are +\fIsyslog\fR, +\fIlogfile\fR, +and +\fInone\fR. +The default value is +\fIsyslog\fR. +.TP 6n +log_exit = boolean +If true, +\fBsudo_logsrvd\fR +will log an event when a command exits or is terminated by a signal. +Defaults to false. +.TP 6n +log_format = string +The event log format. +Supported log formats are +\(lqsudo\(rq +for traditional sudo-style logs and +\(lqjson\(rq +for JSON-format logs. +The JSON log entries contain the full contents of the accept, reject, exit +and alert messages. +The default value is +\fIsudo\fR. +.SS "syslog" +The +\fIsyslog\fR +section configures how events are logged via +syslog(3). +.TP 6n +facility = string +Syslog facility if syslog is being used for logging. +Defaults to +\fR@logfac@\fR. +.sp +The following syslog facilities are supported: +\fBauthpriv\fR +(if your +OS supports it), +\fBauth\fR, +\fBdaemon\fR, +\fBuser\fR, +\fBlocal0\fR, +\fBlocal1\fR, +\fBlocal2\fR, +\fBlocal3\fR, +\fBlocal4\fR, +\fBlocal5\fR, +\fBlocal6\fR, +and +\fBlocal7\fR. +.TP 6n +accept_priority = string +Syslog priority to use when the user is allowed to run a command and +authentication is successful. +Defaults to +\fR@goodpri@\fR. +.sp +The following syslog priorities are supported: +\fBalert\fR, +\fBcrit\fR, +\fBdebug\fR, +\fBemerg\fR, +\fBerr\fR, +\fBinfo\fR, +\fBnotice\fR, +\fBwarning\fR, +and +\fBnone\fR. +Setting it to a value of +\fBnone\fR +will disable logging of successful commands. +.TP 6n +reject_priority = string +Syslog priority to use when the user is not allowed to run a command or +when authentication is unsuccessful. +Defaults to +\fR@badpri@\fR. +.sp +See +\fIaccept_priority\fR +for the list of supported syslog priorities. +.TP 6n +alert_priority = string +Syslog priority to use for event log alert messages received from the client. +Defaults to +\fR@badpri@\fR. +.sp +See +\fIaccept_priority\fR +for the list of supported syslog priorities. +.TP 6n +maxlen = number +On many systems, +syslog(3) +has a relatively small log buffer. +IETF RFC 5424 states that syslog servers must support messages of +at least 480 bytes and should support messages up to 2048 bytes. +By default, +\fBsudo_logsrvd\fR +creates log messages up to 960 bytes which corresponds to the +historic +BSD +syslog implementation which used a 1024 byte buffer +to store the message, date, hostname, and program name. +.sp +To prevent syslog messages from being truncated, +\fBsudo_logsrvd\fR +will split up sudo-style log messages that are larger than +\fImaxlen\fR +bytes. +When a message is split, additional parts will include the string +\(lq(command continued)\(rq +after the user name and before the continued command line arguments. +JSON-format log entries are never split and are not affected by +\fImaxlen\fR. +.TP 6n +server_facility = string +Syslog facility if syslog is being used for server warning messages. +See above for a list of supported facilities. +Defaults to +\fRdaemon\fR +.SS "logfile" +The +\fIlogfile\fR +section consists of settings related to logging to a plain file +(not syslog). +.TP 6n +path = string +The path to the file-based event log. +This path must be fully-qualified and start with a +\(oq/\(cq +character. +The default value is +\fI@logpath@\fR. +.TP 6n +time_format = string +The string used when formatting the date and time for file-based event logs. +Formatting is performed via the system's +strftime(3) +function so any escape sequences supported by that function will be expanded. +The default value is +\(lq\fR%h %e %T\fR\(rq +which produces dates like +\(lqOct 3 07:15:24\(rq +in the C locale. +.SH "FILES" +.TP 26n +\fI@sysconfdir@/sudo_logsrvd.conf\fR +Sudo log server configuration file +.SH "EXAMPLES" +.nf +.RS 0n +# +# sudo logsrv daemon configuration +# + +[server] +# The host name or IP address and port to listen on with an optional TLS +# flag. If no port is specified, port 30343 will be used for plaintext +# connections and port 30344 will be used to TLS connections. +# The following forms are accepted: +# listen_address = hostname(tls) +# listen_address = hostname:port(tls) +# listen_address = IPv4_address(tls) +# listen_address = IPv4_address:port(tls) +# listen_address = [IPv6_address](tls) +# listen_address = [IPv6_address]:port(tls) +# +# The (tls) suffix should be omitted for plaintext connections. +# +# Multiple listen_address settings may be specified. +# The default is to listen on all addresses. +#listen_address = *:30343 +#listen_address = *:30344(tls) + +# The file containing the ID of the running sudo_logsrvd process. +#pid_file = @rundir@/sudo_logsrvd.pid + +# Where to log server warnings: none, stderr, syslog, or a path name. +#server_log = syslog + +# If true, enable the SO_KEEPALIVE socket option on client connections. +# Defaults to true. +#tcp_keepalive = true + +# The amount of time, in seconds, the server will wait for the client to +# respond. A value of 0 will disable the timeout. The default value is 30. +#timeout = 30 + +# If true, the server will validate its own certificate at startup. +# Defaults to true. +#tls_verify = true + +# If true, client certificates will be validated by the server; +# clients without a valid certificate will be unable to connect. +# By default, client certs are not checked. +#tls_checkpeer = false + +# Path to a certificate authority bundle file in PEM format to use +# instead of the system's default certificate authority database. +#tls_cacert = /etc/ssl/sudo/cacert.pem + +# Path to the server's certificate file in PEM format. +# Required for TLS connections. +#tls_cert = /etc/ssl/sudo/certs/logsrvd_cert.pem + +# Path to the server's private key file in PEM format. +# Required for TLS connections. +#tls_key = /etc/ssl/sudo/private/logsrvd_key.pem + +# TLS cipher list (see "CIPHER LIST FORMAT" in the openssl-ciphers manual). +# NOTE that this setting is only effective if the negotiated protocol +# is TLS version 1.2. +# The default cipher list is HIGH:!aNULL. +#tls_ciphers_v12 = HIGH:!aNULL + +# TLS cipher list if the negotiated protocol is TLS version 1.3. +# The default cipher list is TLS_AES_256_GCM_SHA384. +#tls_ciphers_v13 = TLS_AES_256_GCM_SHA384 + +# Path to the Diffie-Hellman parameter file in PEM format. +# If not set, the server will use the OpenSSL defaults. +#tls_dhparams = /etc/ssl/sudo/logsrvd_dhparams.pem + +[relay] +# The host name or IP address and port to send logs to in relay mode. +# The syntax is identical to listen_address with the exception of +# the wild card ('*') syntax. When this setting is enabled, logs will +# be relayed to the specified host instead of being stored locally. +# This setting is not enabled by default. +#relay_host = relayhost.dom.ain +#relay_host = relayhost.dom.ain(tls) + +# The amount of time, in seconds, the server will wait for a connection +# to the relay server to complete. A value of 0 will disable the timeout. +# The default value is 30. +#connect_timeout = 30 + +# The directory to store messages in before they are sent to the relay. +# Messages are stored in wire format. +# The default value is /var/log/sudo_logsrvd. +#relay_dir = /var/log/sudo_logsrvd + +# The number of seconds to wait after a connection error before +# making a new attempt to forward a message to a relay host. +# The default value is 30. +#retry_interval = 30 + +# Whether to store the log before relaying it. If true, enable store +# and forward mode. If false, the client connection is immediately +# relayed. Defaults to false. +#store_first = true + +# If true, enable the SO_KEEPALIVE socket option on relay connections. +# Defaults to true. +#tcp_keepalive = true + +# The amount of time, in seconds, the server will wait for the relay to +# respond. A value of 0 will disable the timeout. The default value is 30. +#timeout = 30 + +# If true, the server's relay certificate will be verified at startup. +# The default is to use the value in the [server] section. +#tls_verify = true + +# Whether to verify the relay's certificate for TLS connections. +# The default is to use the value in the [server] section. +#tls_checkpeer = false + +# Path to a certificate authority bundle file in PEM format to use +# instead of the system's default certificate authority database. +# The default is to use the value in the [server] section. +#tls_cacert = /etc/ssl/sudo/cacert.pem + +# Path to the server's certificate file in PEM format. +# The default is to use the certificate in the [server] section. +#tls_cert = /etc/ssl/sudo/certs/logsrvd_cert.pem + +# Path to the server's private key file in PEM format. +# The default is to use the key in the [server] section. +#tls_key = /etc/ssl/sudo/private/logsrvd_key.pem + +# TLS cipher list (see "CIPHER LIST FORMAT" in the openssl-ciphers manual). +# NOTE that this setting is only effective if the negotiated protocol +# is TLS version 1.2. +# The default is to use the value in the [server] section. +#tls_ciphers_v12 = HIGH:!aNULL + +# TLS cipher list if the negotiated protocol is TLS version 1.3. +# The default is to use the value in the [server] section. +#tls_ciphers_v13 = TLS_AES_256_GCM_SHA384 + +# Path to the Diffie-Hellman parameter file in PEM format. +# The default is to use the value in the [server] section. +#tls_dhparams = /etc/ssl/sudo/logsrvd_dhparams.pem + +[iolog] +# The top-level directory to use when constructing the path name for the +# I/O log directory. The session sequence number, if any, is stored here. +#iolog_dir = /var/log/sudo-io + +# The path name, relative to iolog_dir, in which to store I/O logs. +# Note that iolog_file may contain directory components. +#iolog_file = %{seq} + +# If set, I/O logs will be compressed using zlib. Enabling compression can +# make it harder to view the logs in real-time as the program is executing. +#iolog_compress = false + +# If set, I/O log data is flushed to disk after each write instead of +# buffering it. This makes it possible to view the logs in real-time +# as the program is executing but reduces the effectiveness of compression. +#iolog_flush = true + +# The group to use when creating new I/O log files and directories. +# If iolog_group is not set, the primary group-ID of the user specified +# by iolog_user is used. If neither iolog_group nor iolog_user +# are set, I/O log files and directories are created with group-ID 0. +#iolog_group = wheel + +# The user to use when setting the user-ID and group-ID of new I/O +# log files and directories. If iolog_group is set, it will be used +# instead of the user's primary group-ID. By default, I/O log files +# and directories are created with user and group-ID 0. +#iolog_user = root + +# The file mode to use when creating I/O log files. The file permissions +# will always include the owner read and write bits, even if they are +# not present in the specified mode. When creating I/O log directories, +# search (execute) bits are added to match the read and write bits +# specified by iolog_mode. +#iolog_mode = 0600 + +# The maximum sequence number that will be substituted for the "%{seq}" +# escape in the I/O log file. While the value substituted for "%{seq}" +# is in base 36, maxseq itself should be expressed in decimal. Values +# larger than 2176782336 (which corresponds to the base 36 sequence +# number "ZZZZZZ") will be silently truncated to 2176782336. +#maxseq = 2176782336 + +[eventlog] +# Where to log accept, reject, exit, and alert events. +# Accepted values are syslog, logfile, or none. +# Defaults to syslog +#log_type = syslog + +# Whether to log an event when a command exits or is terminated by a signal. +# Defaults to false +#log_exit = true + +# Event log format. +# Currently only sudo-style event logs are supported. +#log_format = sudo + +[syslog] +# The maximum length of a syslog payload. +# On many systems, syslog(3) has a relatively small log buffer. +# IETF RFC 5424 states that syslog servers must support messages +# of at least 480 bytes and should support messages up to 2048 bytes. +# Messages larger than this value will be split into multiple messages. +#maxlen = 960 + +# The syslog facility to use for event log messages. +# The following syslog facilities are supported: authpriv (if your OS +# supports it), auth, daemon, user, local0, local1, local2, local3, +# local4, local5, local6, and local7. +#facility = authpriv + +# Syslog priority to use for event log accept messages, when the command +# is allowed by the security policy. The following syslog priorities are +# supported: alert, crit, debug, emerg, err, info, notice, warning, none. +#accept_priority = notice + +# Syslog priority to use for event log reject messages, when the command +# is not allowed by the security policy. +#reject_priority = alert + +# Syslog priority to use for event log alert messages reported by the +# client. +#alert_priority = alert + +# The syslog facility to use for server warning messages. +# Defaults to daemon. +#server_facility = daemon + +[logfile] +# The path to the file-based event log. +# This path must be fully-qualified and start with a '/' character. +#path = /var/log/sudo + +# The format string used when formatting the date and time for +# file-based event logs. Formatting is performed via strftime(3) so +# any format string supported by that function is allowed. +#time_format = %h %e %T +.RE +.fi +.SH "SEE ALSO" +strftime(3), +sudo.conf(@mansectform@), +sudoers(@mansectform@), +sudo(8), +sudo_logsrvd(8) +.SH "HISTORY" +See the HISTORY file in the +\fBsudo\fR +distribution (https://www.sudo.ws/history.html) for a brief +history of sudo. +.SH "AUTHORS" +Many people have worked on +\fBsudo\fR +over the years; this version consists of code written primarily by: +.sp +.RS 6n +Todd C. Miller +.RE +.PP +See the CONTRIBUTORS file in the +\fBsudo\fR +distribution (https://www.sudo.ws/contributors.html) for an +exhaustive list of people who have contributed to +\fBsudo\fR. +.SH "BUGS" +If you feel you have found a bug in +\fBsudo\fR, +please submit a bug report at https://bugzilla.sudo.ws/ +.SH "SUPPORT" +Limited free support is available via the sudo-users mailing list, +see https://www.sudo.ws/mailman/listinfo/sudo-users to subscribe or +search the archives. +.SH "DISCLAIMER" +\fBsudo\fR +is provided +\(lqAS IS\(rq +and any express or implied warranties, including, but not limited +to, the implied warranties of merchantability and fitness for a +particular purpose are disclaimed. +See the LICENSE file distributed with +\fBsudo\fR +or https://www.sudo.ws/license.html for complete details. diff -Nru sudo-1.9.5p2/docs/sudo_logsrvd.conf.mdoc.in sudo-1.9.9/docs/sudo_logsrvd.conf.mdoc.in --- sudo-1.9.5p2/docs/sudo_logsrvd.conf.mdoc.in 1970-01-01 00:00:00.000000000 +0000 +++ sudo-1.9.9/docs/sudo_logsrvd.conf.mdoc.in 2022-01-27 21:24:22.000000000 +0000 @@ -0,0 +1,982 @@ +.\" +.\" SPDX-License-Identifier: ISC +.\" +.\" Copyright (c) 2019-2022 Todd C. Miller +.\" +.\" Permission to use, copy, modify, and distribute this software for any +.\" purpose with or without fee is hereby granted, provided that the above +.\" copyright notice and this permission notice appear in all copies. +.\" +.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES +.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF +.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR +.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES +.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN +.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF +.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. +.\" +.Dd January 19, 2022 +.Dt SUDO_LOGSRVD.CONF @mansectform@ +.Os Sudo @PACKAGE_VERSION@ +.Sh NAME +.Nm sudo_logsrvd.conf +.Nd configuration for sudo_logsrvd +.Sh DESCRIPTION +The +.Nm sudo_logsrvd.conf +file is used to configure the +.Nm sudo_logsrvd +log server. +It uses an INI-style format made up of sections in square brackets and +.Dq key = value +pairs specific to each section below the section name. +Depending on the key, values may be integers, booleans, or strings. +Section and key names are not case sensitive, but values are. +.Pp +The pound sign +.Pq Ql # +is used to indicate a comment. +Both the comment character and any text after it, up to the end of +the line, are ignored. +Lines beginning with a semi-colon +.Pq Ql \&; +are also ignored. +.Pp +Long lines can be continued with a backslash +.Pq Ql \e +as the last character on the line. +Note that leading white space is removed from the beginning of lines +even when the continuation character is used. +.Pp +The +.Sx EXAMPLES +section contains a copy of the default +.Nm +file. +.Pp +The following configuration sections are recognized: +.Pp +.Bl -bullet -compact -offset indent +.It +server +.It +relay +.It +iolog +.It +eventlog +.It +syslog +.It +logfile +.El +.Pp +Each section is described in detail below. +.Ss server +The +.Em server +section configures the address and port the server will listen on. +The following keys are recognized: +.Bl -tag -width 8n +.It listen_address = host Ns Oo : Ns port Oc Ns Op (tls) +The host name or IP address, optional port to listen on and +an optional Transport Layer Security (TLS) flag in parentheses. +.Pp +The host may be a host name, an IPv4 address, an IPv6 address +in square brackets or the wild card entry +.Ql * . +A host setting of +.Ql * +will cause +.Nm sudo_logsrvd +to listen on all configured network interfaces. +.Pp +If the optional tls flag is present, +.Nm sudo_logsrvd +will secure the connection with TLS version 1.2 or 1.3. +Versions of TLS prior to 1.2 are not supported. +See +.Xr sudo_logsrvd @mansectsu@ +for details on generating TLS keys and certificates. +.Pp +If a port is specified, it may either be a port number or a known +service name as defined by the system service name database. +If no port is specified, port 30343 will be used for plaintext +connections and port 30344 will be used for TLS connections. +.Pp +The default value is: +.Bd -literal -compact -offset indent +listen_address = *:30343 +listen_address = *:30344(tls) +.Ed +which will listen on all configured network interfaces for both +plaintext and TLS connections. +Multiple +.Em listen_address +lines may be specified to listen on more than one port or interface. +.It server_log = string +Where to log server warning and error messages. +Supported values are +.Em none , +.Em stderr , +.Em syslog , +or a path name beginning with the +.Ql / +character. +Note that a value of +.Em stderr +is only effective when used in conjunction with the +.Fl n +option. +The default value is +.Em syslog . +.It pid_file = path +The path to the file containing the process ID of the running +.Nm sudo_logsrvd . +If set to an empty value, or if +.Nm sudo_logsrvd +is run with the +.Fl n +option, no +.Em pid_file +will be created. +If +.Em pid_file +refers to a symbolic link, it will be ignored. +The default value is +.Pa @rundir@/sudo_logsrvd.pid . +.It tcp_keepalive = boolean +If true, +.Nm sudo_logsrvd +will enable the TCP keepalive socket option on the client connection. +This enables the periodic transmission of keepalive messages to the client. +If the client does not respond to a message in time, the connection will +be closed. +Defaults to true. +.It timeout = number +The amount of time, in seconds, +.Nm sudo_logsrvd +will wait for the client to respond. +A value of 0 will disable the timeout. +The default value is 30. +.It tls_cacert = path +The path to a certificate authority bundle file, in PEM format, +to use instead of the system's default certificate authority database +when authenticating clients. +The default is to use +.Pa /etc/ssl/sudo/cacert.pem +if it exists, otherwise the system's default certificate authority +database is used. +.It tls_cert = path +The path to the server's certificate file, in PEM format. +The default value is +.Pa /etc/ssl/sudo/certs/logsrvd_cert.pem . +.It tls_checkpeer = bool +If true, client certificates will be validated by +.Nm sudo_logsrvd ; +clients without a valid certificate will be unable to connect. +If false, no validation of client certificates will be performed. +It true and client certificates are created using a private certificate +authority, the +.Em tls_cacert +setting must be set to a CA bundle that contains the CA certificate +used to generate the client certificate. +The default value is +.Li false . +.It tls_ciphers_v12 = string +A list of ciphers to use for connections secured by TLS version 1.2 only, +separated by a colon +.Ql :\& . +See the +.Sx CIPHER LIST FORMAT +section in +.Xr openssl-ciphers 1 +for full details. +The default value is +.Li HIGH:!aNULL +which consists of encryption cipher suites with key lengths larger than +128 bits, and some cipher suites with 128-bit keys. +Cipher suites that offer no authentication are excluded. +.It tls_ciphers_v13 = string +A list of ciphers to use for connections secured by TLS version 1.3 only, +separated by a colon +.Ql :\& . +Supported cipher suites depend on the version of OpenSSL used, +but should include the following: +.Pp +.Bl -tag -compact -width 8n -offset indent +.It TLS_AES_128_GCM_SHA256 +.It TLS_AES_256_GCM_SHA384 +.It TLS_CHACHA20_POLY1305_SHA256 +.It TLS_AES_128_CCM_SHA256 +.It TLS_AES_128_CCM_8_SHA256 +.El +.Pp +The default cipher suite is TLS_AES_256_GCM_SHA384. +.It tls_dhparams = path +The path to a file containing custom Diffie-Hellman parameters in PEM format. +This file can be created with the following command: +.Bd -literal +openssl dhparam -out /etc/sudo_logsrvd_dhparams.pem 2048 +.Ed +.Pp +By default, +.Nm sudo_logsrvd +will use the OpenSSL defaults for Diffie-Hellman key generation. +.It tls_key = path +The path to the server's private key file, in PEM format. +The default value is +.Pa /etc/ssl/sudo/private/logsrvd_key.pem . +.It tls_verify = bool +If true, +.Nm +will validate its own certificate at startup time or when the +configuration is changed. +If false, no verification is performed of the server certificate. +When using self-signed certificates without a certificate authority, +this setting should be set to false. +The default value is true. +.El +.Ss relay +The +.Em relay +section configures the optional logsrv relay host and port the server will +connect to. +The TLS configuration keys are optional, by default the corresponding +keys in the +.Sx server +section will be used. +They are only present in this section to make it possible for the relay +connection to use a different set of TLS parameters from the client-facing +server. +The following keys are recognized: +.Bl -tag -width 8n +.It connect_timeout = number +The amount of time, in seconds, +.Nm sudo_logsrvd +will wait for the connection to a +.Em relay_host +(see below) to complete. +Once the connection is complete, the +.Em timeout +setting controls the amount of time +.Nm sudo_logsrvd +will wait for the relay to respond. +A value of 0 will disable the timeout. +The default value is 30. +.It relay_dir = path +The directory in which log messages are temporarily stored before they +are sent to the relay host. +Messages are stored in the wire format specified by +.Xr sudo_logsrv.proto @mansectform@ +The default value is +.Pa @relay_dir@ . +.It relay_host = host Ns Oo : Ns port Oc Ns Op (tls) +The relay host name or IP address, optional port to connect to and +an optional Transport Layer Security (TLS) flag in parentheses. +The syntax is identical to +.Em listen_address +in the +.Sx server +section with one exception: the wild card +.Ql * +syntax is not supported. +.Pp +When this setting is enabled, messages from the client will be forwarded +to one of the specified relay hosts instead of being stored locally. +The +.Ar host +could be running an instance of +.Nm sudo_logsrvd +or another server that supports the +.Xr sudo_logsrv.proto @mansectform@ +protocol. +.Pp +If multiple +.Em relay_host +lines are specified, the first available relay host will be used. +.It retry_interval = number +The number of seconds to wait after a connection error before making +a new attempt to forward a message to a relay host. +The default value is 30 seconds. +.It store_first = boolean +If true, +.Nm sudo_logsrvd +will store logs locally before relaying them. +Once the log is complete, a connection to the relay host is opened +and the log is relayed. +If the network connection is interrupted before the log can be fully +transferred, it will be retransmitted later. +The default is to relay logs in real-time. +.It tcp_keepalive = boolean +If true, +.Nm sudo_logsrvd +will enable the TCP keepalive socket option on the relay connection. +This enables the periodic transmission of keepalive messages to the relay +server. +If the relay does not respond to a message in time, the connection will +be closed. +.It timeout = number +The amount of time, in seconds, +.Nm sudo_logsrvd +will wait for the relay server to respond after a connection has succeeded. +A value of 0 will disable the timeout. +The default value is 30. +.It tls_cacert = path +The path to a certificate authority bundle file, in PEM format, +to use instead of the system's default certificate authority database +when authenticating clients. +The default is to use the value specified in the +.Sx server +section, or the system's default certificate authority database if +no value is set. +.It tls_cert = path +The path to the server's certificate file, in PEM format. +The default is to use the value specified in the +.Sx server +section. +.It tls_checkpeer = bool +If true, the relay host's certificate will be validated by +.Nm sudo_logsrvd ; +connections to a relay without a valid certificate will fail. +If false, no validation of relay certificates will be performed. +It true and relay certificates are created using a private certificate +authority, the +.Em tls_cacert +setting must be set to a CA bundle that contains the CA certificate +used to generate the relay certificate. +The default is to use the value specified in the +.Sx server +section. +.It tls_ciphers_v12 = string +A list of ciphers to use for connections secured by TLS version 1.2 only, +separated by a colon +.Ql :\& . +See the +.Sx CIPHER LIST FORMAT +section in +.Xr openssl-ciphers 1 +for full details. +The default is to use the value specified in the +.Sx server +section. +.It tls_ciphers_v13 = string +A list of ciphers to use for connections secured by TLS version 1.3 only, +separated by a colon +.Ql :\& . +Supported cipher suites depend on the version of OpenSSL used, +see the +.Sx server +section for more information. +The default is to use the value specified in the +.Sx server +section. +.It tls_dhparams = path +The path to a file containing custom Diffie-Hellman parameters in PEM format. +The default is to use the value specified in the +.Sx server +section. +.It tls_key = path +The path to the server's private key file, in PEM format. +The default is to use the value specified in the +.Sx server +section. +.It tls_verify = bool +If true, the server's certificate used for relaying will be verified at startup. +If false, no verification is performed of the server certificate. +When using self-signed certificates without a certificate authority, +this setting should be set to false. +The default is to use the value specified in the +.Sx server +section. +.El +.Ss iolog +The +.Em iolog +section configures I/O log parameters. +These settings are identical to the I/O configuration in +.Xr sudoers @mansectform@ . +The following keys are recognized: +.Bl -tag -width 8n +.It iolog_compress = boolean +If set, I/O logs will be compressed using +.Sy zlib . +Enabling compression can make it harder to view the logs in real-time as +the program is executing due to buffering. +The default value is +.Li false . +.It iolog_dir = path +The top-level directory to use when constructing the path +name for the I/O log directory. +The session sequence number, if any, is stored in the directory. +The default value is +.Pa @iolog_dir@ . +.Pp +The following percent +.Pq Ql % +escape sequences are supported: +.Bl -tag -width 4n +.It Li %{seq} +expanded to a monotonically increasing base-36 sequence number, such as 0100A5, +where every two digits are used to form a new directory, e.g., +.Pa 01/00/A5 +.It Li %{user} +expanded to the invoking user's login name +.It Li %{group} +expanded to the name of the invoking user's real group-ID +.It Li %{runas_user} +expanded to the login name of the user the command will +be run as (e.g., root) +.It Li %{runas_group} +expanded to the group name of the user the command will +be run as (e.g., wheel) +.It Li %{hostname} +expanded to the local host name without the domain name +.It Li %{command} +expanded to the base name of the command being run +.El +.Pp +In addition, any escape sequences supported by the system's +.Xr strftime 3 +function will be expanded. +.Pp +To include a literal +.Ql % +character, the string +.Ql %% +should be used. +.It iolog_file = path +The path name, relative to +.Em iolog_dir , +in which to store I/O logs. +Note that +.Em iolog_file +may contain directory components. +The default value is +.Li %{seq} . +.Pp +See the +.Em iolog_dir +setting above for a list of supported percent +.Pq Ql % +escape sequences. +.Pp +In addition to the escape sequences, path names that end in six or +more +.Li X Ns s +will have the +.Li X Ns s +replaced with a unique combination of digits and letters, similar to the +.Xr mktemp 3 +function. +.Pp +If the path created by concatenating +.Em iolog_dir +and +.Em iolog_file +already exists, the existing I/O log file will be truncated and +overwritten unless +.Em iolog_file +ends in six or +more +.Li X Ns s . +.It iolog_flush = boolean +If set, I/O log data is flushed to disk after each write instead of +buffering it. +This makes it possible to view the logs in real-time as the program is +executing but may significantly reduce the effectiveness +of I/O log compression. +I/O logs are always flushed before sending a commit point to the client +regardless of this setting. +The default value is +.Li true . +.It iolog_group = name +The group name to look up when setting the group-ID on new I/O log +files and directories. +If +.Em iolog_group +is not set, +the primary group-ID of the user specified by +.Em iolog_user is used. +If neither +.Em iolog_group +nor +.Em iolog_user +are set, I/O log files and directories are created with group-ID 0. +.It iolog_mode = mode +The file mode to use when creating I/O log files. +Mode bits for read and write permissions for owner, group, or other +are honored, everything else is ignored. +The file permissions will always include the owner read and +write bits, even if they are not present in the specified mode. +When creating I/O log directories, search (execute) bits are added +to match the read and write bits specified by +.Em iolog_mode . +The default value is +.Li 0600 . +.It iolog_user = name +The user name to look up when setting the owner of new +I/O log files and directories. +If +.Em iolog_group +is set, it will be used instead of the user's primary group-ID. +By default, I/O log files and directories are created with user and +group-ID 0. +.It maxseq = number +The maximum sequence number that will be substituted for the +.Dq Li %{seq} +escape in the I/O log file (see the +.Em iolog_dir +description above for more information). +While the value substituted for +.Dq Li %{seq} +is in base 36, +.Em maxseq +itself should be expressed in decimal. +Values larger than 2176782336 (which corresponds to the +base 36 sequence number +.Dq ZZZZZZ ) +will be silently truncated to 2176782336. +The default value is 2176782336. +.El +.Ss eventlog +The +.Em eventlog +section configures how (and if) security policy events are logged. +.Bl -tag -width 4n +.It log_type = string +Where to log accept, reject, and alert events reported by the policy. +Supported values are +.Em syslog , +.Em logfile , +and +.Em none . +The default value is +.Em syslog . +.It log_exit = boolean +If true, +.Nm sudo_logsrvd +will log an event when a command exits or is terminated by a signal. +Defaults to false. +.It log_format = string +The event log format. +Supported log formats are +.Dq sudo +for traditional sudo-style logs and +.Dq json +for JSON-format logs. +The JSON log entries contain the full contents of the accept, reject, exit +and alert messages. +The default value is +.Em sudo . +.El +.Ss syslog +The +.Em syslog +section configures how events are logged via +.Xr syslog 3 . +.Bl -tag -width 4n +.It facility = string +Syslog facility if syslog is being used for logging. +Defaults to +.Li @logfac@ . +.Pp +The following syslog facilities are supported: +.Sy authpriv +(if your +OS supports it), +.Sy auth , +.Sy daemon , +.Sy user , +.Sy local0 , +.Sy local1 , +.Sy local2 , +.Sy local3 , +.Sy local4 , +.Sy local5 , +.Sy local6 , +and +.Sy local7 . +.It accept_priority = string +Syslog priority to use when the user is allowed to run a command and +authentication is successful. +Defaults to +.Li @goodpri@ . +.Pp +The following syslog priorities are supported: +.Sy alert , +.Sy crit , +.Sy debug , +.Sy emerg , +.Sy err , +.Sy info , +.Sy notice , +.Sy warning , +and +.Sy none . +Setting it to a value of +.Sy none +will disable logging of successful commands. +.It reject_priority = string +Syslog priority to use when the user is not allowed to run a command or +when authentication is unsuccessful. +Defaults to +.Li @badpri@ . +.Pp +See +.Em accept_priority +for the list of supported syslog priorities. +.It alert_priority = string +Syslog priority to use for event log alert messages received from the client. +Defaults to +.Li @badpri@ . +.Pp +See +.Em accept_priority +for the list of supported syslog priorities. +.It maxlen = number +On many systems, +.Xr syslog 3 +has a relatively small log buffer. +IETF RFC 5424 states that syslog servers must support messages of +at least 480 bytes and should support messages up to 2048 bytes. +By default, +.Nm sudo_logsrvd +creates log messages up to 960 bytes which corresponds to the +historic +.Bx +syslog implementation which used a 1024 byte buffer +to store the message, date, hostname, and program name. +.Pp +To prevent syslog messages from being truncated, +.Nm sudo_logsrvd +will split up sudo-style log messages that are larger than +.Em maxlen +bytes. +When a message is split, additional parts will include the string +.Dq Pq command continued +after the user name and before the continued command line arguments. +JSON-format log entries are never split and are not affected by +.Em maxlen . +.It server_facility = string +Syslog facility if syslog is being used for server warning messages. +See above for a list of supported facilities. +Defaults to +.Li daemon +.El +.Ss logfile +The +.Em logfile +section consists of settings related to logging to a plain file +(not syslog). +.Bl -tag -width 4n +.It path = string +The path to the file-based event log. +This path must be fully-qualified and start with a +.Sq / +character. +The default value is +.Pa @logpath@ . +.It time_format = string +The string used when formatting the date and time for file-based event logs. +Formatting is performed via the system's +.Xr strftime 3 +function so any escape sequences supported by that function will be expanded. +The default value is +.Dq Li "%h %e %T" +which produces dates like +.Dq Oct 3 07:15:24 +in the C locale. +.El +.Sh FILES +.Bl -tag -width 24n +.It Pa @sysconfdir@/sudo_logsrvd.conf +Sudo log server configuration file +.El +.Sh EXAMPLES +.Bd -literal +# +# sudo logsrv daemon configuration +# + +[server] +# The host name or IP address and port to listen on with an optional TLS +# flag. If no port is specified, port 30343 will be used for plaintext +# connections and port 30344 will be used to TLS connections. +# The following forms are accepted: +# listen_address = hostname(tls) +# listen_address = hostname:port(tls) +# listen_address = IPv4_address(tls) +# listen_address = IPv4_address:port(tls) +# listen_address = [IPv6_address](tls) +# listen_address = [IPv6_address]:port(tls) +# +# The (tls) suffix should be omitted for plaintext connections. +# +# Multiple listen_address settings may be specified. +# The default is to listen on all addresses. +#listen_address = *:30343 +#listen_address = *:30344(tls) + +# The file containing the ID of the running sudo_logsrvd process. +#pid_file = @rundir@/sudo_logsrvd.pid + +# Where to log server warnings: none, stderr, syslog, or a path name. +#server_log = syslog + +# If true, enable the SO_KEEPALIVE socket option on client connections. +# Defaults to true. +#tcp_keepalive = true + +# The amount of time, in seconds, the server will wait for the client to +# respond. A value of 0 will disable the timeout. The default value is 30. +#timeout = 30 + +# If true, the server will validate its own certificate at startup. +# Defaults to true. +#tls_verify = true + +# If true, client certificates will be validated by the server; +# clients without a valid certificate will be unable to connect. +# By default, client certs are not checked. +#tls_checkpeer = false + +# Path to a certificate authority bundle file in PEM format to use +# instead of the system's default certificate authority database. +#tls_cacert = /etc/ssl/sudo/cacert.pem + +# Path to the server's certificate file in PEM format. +# Required for TLS connections. +#tls_cert = /etc/ssl/sudo/certs/logsrvd_cert.pem + +# Path to the server's private key file in PEM format. +# Required for TLS connections. +#tls_key = /etc/ssl/sudo/private/logsrvd_key.pem + +# TLS cipher list (see "CIPHER LIST FORMAT" in the openssl-ciphers manual). +# NOTE that this setting is only effective if the negotiated protocol +# is TLS version 1.2. +# The default cipher list is HIGH:!aNULL. +#tls_ciphers_v12 = HIGH:!aNULL + +# TLS cipher list if the negotiated protocol is TLS version 1.3. +# The default cipher list is TLS_AES_256_GCM_SHA384. +#tls_ciphers_v13 = TLS_AES_256_GCM_SHA384 + +# Path to the Diffie-Hellman parameter file in PEM format. +# If not set, the server will use the OpenSSL defaults. +#tls_dhparams = /etc/ssl/sudo/logsrvd_dhparams.pem + +[relay] +# The host name or IP address and port to send logs to in relay mode. +# The syntax is identical to listen_address with the exception of +# the wild card ('*') syntax. When this setting is enabled, logs will +# be relayed to the specified host instead of being stored locally. +# This setting is not enabled by default. +#relay_host = relayhost.dom.ain +#relay_host = relayhost.dom.ain(tls) + +# The amount of time, in seconds, the server will wait for a connection +# to the relay server to complete. A value of 0 will disable the timeout. +# The default value is 30. +#connect_timeout = 30 + +# The directory to store messages in before they are sent to the relay. +# Messages are stored in wire format. +# The default value is /var/log/sudo_logsrvd. +#relay_dir = /var/log/sudo_logsrvd + +# The number of seconds to wait after a connection error before +# making a new attempt to forward a message to a relay host. +# The default value is 30. +#retry_interval = 30 + +# Whether to store the log before relaying it. If true, enable store +# and forward mode. If false, the client connection is immediately +# relayed. Defaults to false. +#store_first = true + +# If true, enable the SO_KEEPALIVE socket option on relay connections. +# Defaults to true. +#tcp_keepalive = true + +# The amount of time, in seconds, the server will wait for the relay to +# respond. A value of 0 will disable the timeout. The default value is 30. +#timeout = 30 + +# If true, the server's relay certificate will be verified at startup. +# The default is to use the value in the [server] section. +#tls_verify = true + +# Whether to verify the relay's certificate for TLS connections. +# The default is to use the value in the [server] section. +#tls_checkpeer = false + +# Path to a certificate authority bundle file in PEM format to use +# instead of the system's default certificate authority database. +# The default is to use the value in the [server] section. +#tls_cacert = /etc/ssl/sudo/cacert.pem + +# Path to the server's certificate file in PEM format. +# The default is to use the certificate in the [server] section. +#tls_cert = /etc/ssl/sudo/certs/logsrvd_cert.pem + +# Path to the server's private key file in PEM format. +# The default is to use the key in the [server] section. +#tls_key = /etc/ssl/sudo/private/logsrvd_key.pem + +# TLS cipher list (see "CIPHER LIST FORMAT" in the openssl-ciphers manual). +# NOTE that this setting is only effective if the negotiated protocol +# is TLS version 1.2. +# The default is to use the value in the [server] section. +#tls_ciphers_v12 = HIGH:!aNULL + +# TLS cipher list if the negotiated protocol is TLS version 1.3. +# The default is to use the value in the [server] section. +#tls_ciphers_v13 = TLS_AES_256_GCM_SHA384 + +# Path to the Diffie-Hellman parameter file in PEM format. +# The default is to use the value in the [server] section. +#tls_dhparams = /etc/ssl/sudo/logsrvd_dhparams.pem + +[iolog] +# The top-level directory to use when constructing the path name for the +# I/O log directory. The session sequence number, if any, is stored here. +#iolog_dir = /var/log/sudo-io + +# The path name, relative to iolog_dir, in which to store I/O logs. +# Note that iolog_file may contain directory components. +#iolog_file = %{seq} + +# If set, I/O logs will be compressed using zlib. Enabling compression can +# make it harder to view the logs in real-time as the program is executing. +#iolog_compress = false + +# If set, I/O log data is flushed to disk after each write instead of +# buffering it. This makes it possible to view the logs in real-time +# as the program is executing but reduces the effectiveness of compression. +#iolog_flush = true + +# The group to use when creating new I/O log files and directories. +# If iolog_group is not set, the primary group-ID of the user specified +# by iolog_user is used. If neither iolog_group nor iolog_user +# are set, I/O log files and directories are created with group-ID 0. +#iolog_group = wheel + +# The user to use when setting the user-ID and group-ID of new I/O +# log files and directories. If iolog_group is set, it will be used +# instead of the user's primary group-ID. By default, I/O log files +# and directories are created with user and group-ID 0. +#iolog_user = root + +# The file mode to use when creating I/O log files. The file permissions +# will always include the owner read and write bits, even if they are +# not present in the specified mode. When creating I/O log directories, +# search (execute) bits are added to match the read and write bits +# specified by iolog_mode. +#iolog_mode = 0600 + +# The maximum sequence number that will be substituted for the "%{seq}" +# escape in the I/O log file. While the value substituted for "%{seq}" +# is in base 36, maxseq itself should be expressed in decimal. Values +# larger than 2176782336 (which corresponds to the base 36 sequence +# number "ZZZZZZ") will be silently truncated to 2176782336. +#maxseq = 2176782336 + +[eventlog] +# Where to log accept, reject, exit, and alert events. +# Accepted values are syslog, logfile, or none. +# Defaults to syslog +#log_type = syslog + +# Whether to log an event when a command exits or is terminated by a signal. +# Defaults to false +#log_exit = true + +# Event log format. +# Currently only sudo-style event logs are supported. +#log_format = sudo + +[syslog] +# The maximum length of a syslog payload. +# On many systems, syslog(3) has a relatively small log buffer. +# IETF RFC 5424 states that syslog servers must support messages +# of at least 480 bytes and should support messages up to 2048 bytes. +# Messages larger than this value will be split into multiple messages. +#maxlen = 960 + +# The syslog facility to use for event log messages. +# The following syslog facilities are supported: authpriv (if your OS +# supports it), auth, daemon, user, local0, local1, local2, local3, +# local4, local5, local6, and local7. +#facility = authpriv + +# Syslog priority to use for event log accept messages, when the command +# is allowed by the security policy. The following syslog priorities are +# supported: alert, crit, debug, emerg, err, info, notice, warning, none. +#accept_priority = notice + +# Syslog priority to use for event log reject messages, when the command +# is not allowed by the security policy. +#reject_priority = alert + +# Syslog priority to use for event log alert messages reported by the +# client. +#alert_priority = alert + +# The syslog facility to use for server warning messages. +# Defaults to daemon. +#server_facility = daemon + +[logfile] +# The path to the file-based event log. +# This path must be fully-qualified and start with a '/' character. +#path = /var/log/sudo + +# The format string used when formatting the date and time for +# file-based event logs. Formatting is performed via strftime(3) so +# any format string supported by that function is allowed. +#time_format = %h %e %T +.Ed +.Sh SEE ALSO +.Xr strftime 3 , +.Xr sudo.conf @mansectform@ , +.Xr sudoers @mansectform@ , +.Xr sudo @mansectsu@ , +.Xr sudo_logsrvd @mansectsu@ +.Sh HISTORY +See the HISTORY file in the +.Nm sudo +distribution (https://www.sudo.ws/history.html) for a brief +history of sudo. +.Sh AUTHORS +Many people have worked on +.Nm sudo +over the years; this version consists of code written primarily by: +.Bd -ragged -offset indent +.An Todd C. Miller +.Ed +.Pp +See the CONTRIBUTORS file in the +.Nm sudo +distribution (https://www.sudo.ws/contributors.html) for an +exhaustive list of people who have contributed to +.Nm sudo . +.Sh BUGS +If you feel you have found a bug in +.Nm sudo , +please submit a bug report at https://bugzilla.sudo.ws/ +.Sh SUPPORT +Limited free support is available via the sudo-users mailing list, +see https://www.sudo.ws/mailman/listinfo/sudo-users to subscribe or +search the archives. +.Sh DISCLAIMER +.Nm sudo +is provided +.Dq AS IS +and any express or implied warranties, including, but not limited +to, the implied warranties of merchantability and fitness for a +particular purpose are disclaimed. +See the LICENSE file distributed with +.Nm sudo +or https://www.sudo.ws/license.html for complete details. diff -Nru sudo-1.9.5p2/docs/sudo_logsrvd.man.in sudo-1.9.9/docs/sudo_logsrvd.man.in --- sudo-1.9.5p2/docs/sudo_logsrvd.man.in 1970-01-01 00:00:00.000000000 +0000 +++ sudo-1.9.9/docs/sudo_logsrvd.man.in 2022-01-27 21:24:22.000000000 +0000 @@ -0,0 +1,462 @@ +.\" Automatically generated from an mdoc input file. Do not edit. +.\" +.\" SPDX-License-Identifier: ISC +.\" +.\" Copyright (c) 2019-2021 Todd C. Miller +.\" +.\" Permission to use, copy, modify, and distribute this software for any +.\" purpose with or without fee is hereby granted, provided that the above +.\" copyright notice and this permission notice appear in all copies. +.\" +.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES +.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF +.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR +.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES +.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN +.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF +.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. +.\" +.TH "SUDO_LOGSRVD" "@mansectsu@" "September 17, 2021" "Sudo @PACKAGE_VERSION@" "System Manager's Manual" +.nh +.if n .ad l +.SH "NAME" +\fBsudo_logsrvd\fR +\- sudo event and I/O log server +.SH "SYNOPSIS" +.HP 13n +\fBsudo_logsrvd\fR +[\fB\-hnV\fR] +[\fB\-f\fR\ \fIfile\fR] +[\fB\-R\fR\ \fIpercentage\fR] +.SH "DESCRIPTION" +\fBsudo_logsrvd\fR +is a high-performance log server that accepts event and I/O logs from +\fBsudo\fR. +It can be used to implement centralized logging of +\fBsudo\fR +logs. +The server has two modes of operation: local and relay. +By default, +\fBsudo_logsrvd\fR +stores the logs locally but it can also be configured to +relay them to another server that supports the +sudo_logsrv.proto(@mansectform@) +protocol. +.PP +When not relaying, event log entries may be logged either via +syslog(3) +or to a local file. +I/O Logs stored locally by +\fBsudo_logsrvd\fR +can be replayed via the +sudoreplay(@mansectsu@) +utility in the same way as logs generated directly by the +\fBsudoers\fR +plugin. +.PP +The server also supports restarting interrupted log transfers. +To distinguish completed I/O logs from incomplete ones, the +I/O log timing file is set to be read-only when the log is complete. +.PP +Configuration parameters for +\fBsudo_logsrvd\fR +may be specified in the +sudo_logsrvd.conf(@mansectform@) +file or the file specified via the +\fB\-f\fR +option. +.PP +\fBsudo_logsrvd\fR +rereads its configuration file when it receives SIGHUP and writes server +state to the debug file (if one is configured) when it receives SIGUSR1. +.PP +The options are as follows: +.TP 12n +\fB\-f\fR \fIfile\fR, \fB\--file\fR=\fIfile\fR +Read configuration from +\fIfile\fR +instead of the default, +\fI@sysconfdir@/sudo_logsrvd.conf\fR. +.TP 12n +\fB\-h\fR, \fB\--help\fR +Display a short help message to the standard output and exit. +.TP 12n +\fB\-n\fR, \fB\--no-fork\fR +Run +\fBsudo_logsrvd\fR +in the foreground instead of detaching from the terminal and becoming +a daemon. +.TP 12n +\fB\-R\fR \fIpercentage\fR, \fB\--random-drop\fR=\fIpercentage\fR +For each message, there is a +\fIpercentage\fR +chance that the server will drop the connection. +This is only intended for debugging the ability of a +client to restart a connection. +.TP 12n +\fB\-V\fR, \fB\--version\fR +Print the +\fBsudo_logsrvd\fR +version and exit. +.SS "Securing server connections" +The I/O log data sent to +\fBsudo_logsrvd\fR +may contain sensitive information such as passwords and should be +secured using Transport Layer Security (TLS). +Doing so requires having a signed certificate on the server and, if +\fItls_checkpeer\fR +is enabled in +sudo_logsrvd.conf(@mansectform@), +a signed certificate on the client as well. +.PP +The certificates can either be signed by a well-known Certificate +Authority (CA), or a private CA can be used. +Instructions for creating a private CA are included below in the +\fIEXAMPLES\fR +section. +.SS "Debugging sudo_logsrvd" +\fBsudo_logsrvd\fR +supports a flexible debugging framework that is configured via +\fRDebug\fR +lines in the +sudo.conf(@mansectform@) +file. +.PP +For more information on configuring +sudo.conf(@mansectform@), +please refer to its manual. +.SH "FILES" +.TP 26n +\fI@sysconfdir@/sudo.conf\fR +Sudo front-end configuration +.TP 26n +\fI@sysconfdir@/sudo_logsrvd.conf\fR +Sudo log server configuration file +.TP 26n +\fI@relay_dir@/incoming\fR +Directory where new journals are stored when the +\fIstore_first relay\fR +setting is enabled. +.TP 26n +\fI@relay_dir@/outgoing\fR +Directory where completed journals are stored when the +\fIstore_first relay\fR +setting is enabled. +.TP 26n +\fI@iolog_dir@\fR +Default I/O log file location +.TP 26n +\fI@rundir@/sudo_logsrvd.pid\fR +.br +Process ID file for +\fBsudo_logsrvd\fR +.SH "EXAMPLES" +.SS "Creating self-signed certificates" +Unless you are using certificates signed by a well-known Certificate +Authority (or a local enterprise CA), you will need to create your +own CA that can sign the certificates used by +\fBsudo_logsrvd\fR, +\fBsudo_sendlog\fR, +and the +\fBsudoers\fR +plugin. +The following steps use the +openssl(1) +command to create keys and certificates. +.SS "Initial setup" +First, we need to create a directory structure to store the +files for the CA. +We'll create a new directory hierarchy in +\fI/etc/ssl/sudo\fR +for this purpose. +.nf +.sp +.RS 6n +# mkdir /etc/ssl/sudo +# cd /etc/ssl/sudo +# mkdir certs csr newcerts private +# chmod 700 private +# touch index.txt +# echo 1000 > serial +.RE +.fi +.PP +The serial and index.txt files are used to keep track of signed certificates. +.PP +Next, we need to make a copy of the openssl.conf file and customize +it for our new CA. +The path to openssl.cnf is system-dependent but +\fI/etc/ssl/openssl.cnf\fR +is the most common location. +You will need to adjust the example below if it has a different location on +your system. +.nf +.sp +.RS 6n +# cp /etc/ssl/openssl.cnf . +.RE +.fi +.PP +Now edit the +\fIopenssl.cnf\fR +file in the current directory and make sure it contains +\(lqca\(rq +and +\(lqCA_default\(rq +sections. +Those sections should include the following settings: +.nf +.sp +.RS 6n +[ ca ] +default_ca = CA_default + +[ CA_default ] +dir = /etc/ssl/sudo +certs = $dir/certs +database = $dir/index.txt +certificate = $dir/cacert.pem +serial = $dir/serial +.RE +.fi +.PP +If your +\fIopenssl.conf\fR +file already has a +\(lqCA_default\(rq +section, you may only need to modify the +\(lqdir\(rq +setting. +.SS "Creating the CA key and certificate" +In order to create and sign our own certificates, we need to create +a private key and a certificate for the root of the CA. +First, create the private key and protect it with a pass phrase: +.nf +.sp +.RS 6n +# openssl genrsa -aes256 -out private/cakey.pem 4096 +# chmod 400 private/cakey.pem +.RE +.fi +.PP +Next, generate the root certificate, using appropriate values for +the site-specific fields: +.nf +.sp +.RS 6n +# openssl req -config openssl.cnf -key private/cakey.pem \e + -new -x509 -days 7300 -sha256 -extensions v3_ca \e + -out cacert.pem + +Enter pass phrase for private/cakey.pem: +You are about to be asked to enter information that will be +incorporated into your certificate request. +What you are about to enter is what is called a Distinguished Name +or a DN. +There are quite a few fields but you can leave some blank. +For some fields there will be a default value, +If you enter '.', the field will be left blank. +----- +Country Name (2 letter code) [AU]:US +State or Province Name (full name) [Some-State]:Colorado +Locality Name (eg, city) []: +Organization Name (eg, company) [Internet Widgits Pty Ltd]:sudo +Organizational Unit Name (eg, section) []:sudo Certificate Authority +Common Name (e.g., server FQDN or YOUR name) []:sudo Root CA +Email Address []: + +# chmod 444 cacert.pem +.RE +.fi +.PP +Finally, verify the root certificate: +.nf +.sp +.RS 6n +# openssl x509 -noout -text -in cacert.pem +.RE +.fi +.SS "Creating and signing certificates" +The server and client certificates will be signed by the previously +created root CA. +Usually, the root CA is not used to sign server/client certificates +directly. +Instead, intermediate certificates are created and signed with the +root CA and the intermediate certs are used to sign CSRs (Certificate +Signing Request). +In this example we'll skip this part for simplicity's sake and sign the +CSRs with the root CA. +.PP +First, generate the private key without a pass phrase. +.nf +.sp +.RS 6n +# openssl genrsa -out private/logsrvd_key.pem 2048 +# chmod 400 private/logsrvd_key.pem +.RE +.fi +.PP +Next, create a certificate signing request (CSR) for the server's certificate. +The organization name must match the name given in the root certificate. +The common name should be either the server's IP address or a fully +qualified domain name. +.nf +.sp +.RS 6n +# openssl req -config openssl.cnf -key private/logsrvd_key.pem -new \e + -sha256 -out csr/logsrvd_csr.pem + +Enter pass phrase for private/logsrvd_key.pem: +You are about to be asked to enter information that will be +incorporated into your certificate request. +What you are about to enter is what is called a Distinguished Name +or a DN. +There are quite a few fields but you can leave some blank. +For some fields there will be a default value, +If you enter '.', the field will be left blank. +----- +Country Name (2 letter code) [AU]:US +State or Province Name (full name) [Some-State]:Colorado +Locality Name (eg, city) []: +Organization Name (eg, company) [Internet Widgits Pty Ltd]:sudo +Organizational Unit Name (eg, section) []:sudo log server +Common Name (e.g., server FQDN or YOUR name) []:logserver.example.com +Email Address []: + +Please enter the following 'extra' attributes +to be sent with your certificate request +A challenge password []: +An optional company name []: +.RE +.fi +.PP +Now sign the CSR that was just created: +.nf +.sp +.RS 6n +# openssl ca -config openssl.cnf -days 375 -notext -md sha256 \e + -in csr/logsrvd_csr.pem -out certs/logsrvd_cert.pem + +Using configuration from openssl.cnf +Enter pass phrase for ./private/cakey.pem: +Check that the request matches the signature +Signature ok +Certificate Details: + Serial Number: 4096 (0x1000) + Validity + Not Before: Nov 11 14:05:05 2019 GMT + Not After : Nov 20 14:05:05 2020 GMT + Subject: + countryName = US + stateOrProvinceName = Colorado + organizationName = sudo + organizationalUnitName = sudo log server + commonName = logserve.example.com + X509v3 extensions: + X509v3 Basic Constraints: + CA:FALSE + Netscape Comment: + OpenSSL Generated Certificate + X509v3 Subject Key Identifier: + 4C:50:F9:D0:BE:1A:4C:B2:AC:90:76:56:C7:9E:16:AE:E6:9E:E5:B5 + X509v3 Authority Key Identifier: + keyid:D7:91:24:16:B1:03:06:65:1A:7A:6E:CF:51:E9:5C:CB:7A:95:3E:0C + +Certificate is to be certified until Nov 20 14:05:05 2020 GMT (375 days) +Sign the certificate? [y/n]:y + +1 out of 1 certificate requests certified, commit? [y/n]y +Write out database with 1 new entries +Data Base Updated +.RE +.fi +.PP +Finally, verify the new certificate: +.nf +.sp +.RS 6n +# openssl verify -CAfile cacert.pem certs/logsrvd_cert.pem +certs/logsrvd_cert.pem: OK +.RE +.fi +.PP +The +\fI/etc/ssl/sudo/certs\fR +directory now contains a signed and verified certificate for use with +\fBsudo_logsrvd\fR. +.PP +To generate a client certificate, repeat the process above using +a different file name. +.SS "Configuring sudo_logsrvd to use TLS" +To use TLS for client/server communication, both +\fBsudo_logsrvd\fR +and the +\fBsudoers\fR +plugin need to be configured to use TLS. +Configuring +\fBsudo_logsrvd\fR +for TLS requires the following settings, assuming the same path +names used earlier: +.nf +.sp +.RS 6n +# Listen on port 30344 for TLS connections to any address. +listen_address = *:30344(tls) + +# Path to the certificate authority bundle file in PEM format. +tls_cacert = /etc/ssl/sudo/cacert.pem + +# Path to the server's certificate file in PEM format. +tls_cert = /etc/ssl/sudo/certs/logsrvd_cert.pem + +# Path to the server's private key file in PEM format. +tls_key = /etc/ssl/sudo/private/logsrvd_key.pem +.RE +.fi +.PP +The root CA cert +(\fIcacert.pem\fR) +must be installed on the system running +\fBsudo_logsrvd\fR. +If peer authentication is enabled on the client, a copy of +\fIcacert.pem\fR +must be present on the client system too. +.SH "SEE ALSO" +sudo.conf(@mansectform@), +sudo_logsrvd.conf(@mansectform@), +sudoers(@mansectform@), +sudo(@mansectsu@), +sudo_sendlog(@mansectsu@), +sudoreplay(@mansectsu@) +.SH "AUTHORS" +Many people have worked on +\fBsudo\fR +over the years; this version consists of code written primarily by: +.sp +.RS 6n +Todd C. Miller +.RE +.PP +See the CONTRIBUTORS file in the +\fBsudo\fR +distribution (https://www.sudo.ws/contributors.html) for an +exhaustive list of people who have contributed to +\fBsudo\fR. +.SH "BUGS" +If you feel you have found a bug in +\fBsudo_logsrvd\fR, +please submit a bug report at https://bugzilla.sudo.ws/ +.SH "SUPPORT" +Limited free support is available via the sudo-users mailing list, +see https://www.sudo.ws/mailman/listinfo/sudo-users to subscribe or +search the archives. +.SH "DISCLAIMER" +\fBsudo_logsrvd\fR +is provided +\(lqAS IS\(rq +and any express or implied warranties, including, but not limited +to, the implied warranties of merchantability and fitness for a +particular purpose are disclaimed. +See the LICENSE file distributed with +\fBsudo\fR +or https://www.sudo.ws/license.html for complete details. diff -Nru sudo-1.9.5p2/docs/sudo_logsrvd.mdoc.in sudo-1.9.9/docs/sudo_logsrvd.mdoc.in --- sudo-1.9.5p2/docs/sudo_logsrvd.mdoc.in 1970-01-01 00:00:00.000000000 +0000 +++ sudo-1.9.9/docs/sudo_logsrvd.mdoc.in 2022-01-27 21:24:22.000000000 +0000 @@ -0,0 +1,418 @@ +.\" +.\" SPDX-License-Identifier: ISC +.\" +.\" Copyright (c) 2019-2021 Todd C. Miller +.\" +.\" Permission to use, copy, modify, and distribute this software for any +.\" purpose with or without fee is hereby granted, provided that the above +.\" copyright notice and this permission notice appear in all copies. +.\" +.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES +.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF +.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR +.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES +.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN +.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF +.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. +.\" +.Dd September 17, 2021 +.Dt SUDO_LOGSRVD @mansectsu@ +.Os Sudo @PACKAGE_VERSION@ +.Sh NAME +.Nm sudo_logsrvd +.Nd sudo event and I/O log server +.Sh SYNOPSIS +.Nm sudo_logsrvd +.Op Fl hnV +.Op Fl f Ar file +.Op Fl R Ar percentage +.Sh DESCRIPTION +.Nm +is a high-performance log server that accepts event and I/O logs from +.Nm sudo . +It can be used to implement centralized logging of +.Nm sudo +logs. +The server has two modes of operation: local and relay. +By default, +.Nm +stores the logs locally but it can also be configured to +relay them to another server that supports the +.Xr sudo_logsrv.proto @mansectform@ +protocol. +.Pp +When not relaying, event log entries may be logged either via +.Xr syslog 3 +or to a local file. +I/O Logs stored locally by +.Nm +can be replayed via the +.Xr sudoreplay @mansectsu@ +utility in the same way as logs generated directly by the +.Nm sudoers +plugin. +.Pp +The server also supports restarting interrupted log transfers. +To distinguish completed I/O logs from incomplete ones, the +I/O log timing file is set to be read-only when the log is complete. +.Pp +Configuration parameters for +.Nm +may be specified in the +.Xr sudo_logsrvd.conf @mansectform@ +file or the file specified via the +.Fl f +option. +.Pp +.Nm +rereads its configuration file when it receives SIGHUP and writes server +state to the debug file (if one is configured) when it receives SIGUSR1. +.Pp +The options are as follows: +.Bl -tag -width Fl +.It Fl f Ar file , Fl -file Ns = Ns Ar file +Read configuration from +.Ar file +instead of the default, +.Pa @sysconfdir@/sudo_logsrvd.conf . +.It Fl h , -help +Display a short help message to the standard output and exit. +.It Fl n , -no-fork +Run +.Nm +in the foreground instead of detaching from the terminal and becoming +a daemon. +.It Fl R Ar percentage , Fl -random-drop Ns = Ns Ar percentage +For each message, there is a +.Ar percentage +chance that the server will drop the connection. +This is only intended for debugging the ability of a +client to restart a connection. +.It Fl V , -version +Print the +.Nm +version and exit. +.El +.Ss Securing server connections +The I/O log data sent to +.Nm +may contain sensitive information such as passwords and should be +secured using Transport Layer Security (TLS). +Doing so requires having a signed certificate on the server and, if +.Em tls_checkpeer +is enabled in +.Xr sudo_logsrvd.conf @mansectform@ , +a signed certificate on the client as well. +.Pp +The certificates can either be signed by a well-known Certificate +Authority (CA), or a private CA can be used. +Instructions for creating a private CA are included below in the +.Sx EXAMPLES +section. +.Ss Debugging sudo_logsrvd +.Nm +supports a flexible debugging framework that is configured via +.Li Debug +lines in the +.Xr sudo.conf @mansectform@ +file. +.Pp +For more information on configuring +.Xr sudo.conf @mansectform@ , +please refer to its manual. +.Sh FILES +.Bl -tag -width 24n +.It Pa @sysconfdir@/sudo.conf +Sudo front-end configuration +.It Pa @sysconfdir@/sudo_logsrvd.conf +Sudo log server configuration file +.It Pa @relay_dir@/incoming +Directory where new journals are stored when the +.Em store_first relay +setting is enabled. +.It Pa @relay_dir@/outgoing +Directory where completed journals are stored when the +.Em store_first relay +setting is enabled. +.It Pa @iolog_dir@ +Default I/O log file location +.It Pa @rundir@/sudo_logsrvd.pid +Process ID file for +.Nm +.El +.Sh EXAMPLES +.Ss Creating self-signed certificates +Unless you are using certificates signed by a well-known Certificate +Authority (or a local enterprise CA), you will need to create your +own CA that can sign the certificates used by +.Nm , +.Nm sudo_sendlog , +and the +.Nm sudoers +plugin. +The following steps use the +.Xr openssl 1 +command to create keys and certificates. +.Ss Initial setup +First, we need to create a directory structure to store the +files for the CA. +We'll create a new directory hierarchy in +.Pa /etc/ssl/sudo +for this purpose. +.Bd -literal -offset indent +# mkdir /etc/ssl/sudo +# cd /etc/ssl/sudo +# mkdir certs csr newcerts private +# chmod 700 private +# touch index.txt +# echo 1000 > serial +.Ed +.Pp +The serial and index.txt files are used to keep track of signed certificates. +.Pp +Next, we need to make a copy of the openssl.conf file and customize +it for our new CA. +The path to openssl.cnf is system-dependent but +.Pa /etc/ssl/openssl.cnf +is the most common location. +You will need to adjust the example below if it has a different location on +your system. +.Bd -literal -offset indent +# cp /etc/ssl/openssl.cnf . +.Ed +.Pp +Now edit the +.Pa openssl.cnf +file in the current directory and make sure it contains +.Dq ca +and +.Dq CA_default +sections. +Those sections should include the following settings: +.Bd -literal -offset indent +[ ca ] +default_ca = CA_default + +[ CA_default ] +dir = /etc/ssl/sudo +certs = $dir/certs +database = $dir/index.txt +certificate = $dir/cacert.pem +serial = $dir/serial +.Ed +.Pp +If your +.Pa openssl.conf +file already has a +.Dq CA_default +section, you may only need to modify the +.Dq dir +setting. +.Ss Creating the CA key and certificate +In order to create and sign our own certificates, we need to create +a private key and a certificate for the root of the CA. +First, create the private key and protect it with a pass phrase: +.Bd -literal -offset indent +# openssl genrsa -aes256 -out private/cakey.pem 4096 +# chmod 400 private/cakey.pem +.Ed +.Pp +Next, generate the root certificate, using appropriate values for +the site-specific fields: +.Bd -literal -offset indent +# openssl req -config openssl.cnf -key private/cakey.pem \e + -new -x509 -days 7300 -sha256 -extensions v3_ca \e + -out cacert.pem + +Enter pass phrase for private/cakey.pem: +You are about to be asked to enter information that will be +incorporated into your certificate request. +What you are about to enter is what is called a Distinguished Name +or a DN. +There are quite a few fields but you can leave some blank. +For some fields there will be a default value, +If you enter '.', the field will be left blank. +----- +Country Name (2 letter code) [AU]:US +State or Province Name (full name) [Some-State]:Colorado +Locality Name (eg, city) []: +Organization Name (eg, company) [Internet Widgits Pty Ltd]:sudo +Organizational Unit Name (eg, section) []:sudo Certificate Authority +Common Name (e.g., server FQDN or YOUR name) []:sudo Root CA +Email Address []: + +# chmod 444 cacert.pem +.Ed +.Pp +Finally, verify the root certificate: +.Bd -literal -offset indent +# openssl x509 -noout -text -in cacert.pem +.Ed +.Ss Creating and signing certificates +The server and client certificates will be signed by the previously +created root CA. +Usually, the root CA is not used to sign server/client certificates +directly. +Instead, intermediate certificates are created and signed with the +root CA and the intermediate certs are used to sign CSRs (Certificate +Signing Request). +In this example we'll skip this part for simplicity's sake and sign the +CSRs with the root CA. +.Pp +First, generate the private key without a pass phrase. +.Bd -literal -offset indent +# openssl genrsa -out private/logsrvd_key.pem 2048 +# chmod 400 private/logsrvd_key.pem +.Ed +.Pp +Next, create a certificate signing request (CSR) for the server's certificate. +The organization name must match the name given in the root certificate. +The common name should be either the server's IP address or a fully +qualified domain name. +.Bd -literal -offset indent +# openssl req -config openssl.cnf -key private/logsrvd_key.pem -new \e + -sha256 -out csr/logsrvd_csr.pem + +Enter pass phrase for private/logsrvd_key.pem: +You are about to be asked to enter information that will be +incorporated into your certificate request. +What you are about to enter is what is called a Distinguished Name +or a DN. +There are quite a few fields but you can leave some blank. +For some fields there will be a default value, +If you enter '.', the field will be left blank. +----- +Country Name (2 letter code) [AU]:US +State or Province Name (full name) [Some-State]:Colorado +Locality Name (eg, city) []: +Organization Name (eg, company) [Internet Widgits Pty Ltd]:sudo +Organizational Unit Name (eg, section) []:sudo log server +Common Name (e.g., server FQDN or YOUR name) []:logserver.example.com +Email Address []: + +Please enter the following 'extra' attributes +to be sent with your certificate request +A challenge password []: +An optional company name []: +.Ed +.Pp +Now sign the CSR that was just created: +.Bd -literal -offset indent +# openssl ca -config openssl.cnf -days 375 -notext -md sha256 \e + -in csr/logsrvd_csr.pem -out certs/logsrvd_cert.pem + +Using configuration from openssl.cnf +Enter pass phrase for ./private/cakey.pem: +Check that the request matches the signature +Signature ok +Certificate Details: + Serial Number: 4096 (0x1000) + Validity + Not Before: Nov 11 14:05:05 2019 GMT + Not After : Nov 20 14:05:05 2020 GMT + Subject: + countryName = US + stateOrProvinceName = Colorado + organizationName = sudo + organizationalUnitName = sudo log server + commonName = logserve.example.com + X509v3 extensions: + X509v3 Basic Constraints: + CA:FALSE + Netscape Comment: + OpenSSL Generated Certificate + X509v3 Subject Key Identifier: + 4C:50:F9:D0:BE:1A:4C:B2:AC:90:76:56:C7:9E:16:AE:E6:9E:E5:B5 + X509v3 Authority Key Identifier: + keyid:D7:91:24:16:B1:03:06:65:1A:7A:6E:CF:51:E9:5C:CB:7A:95:3E:0C + +Certificate is to be certified until Nov 20 14:05:05 2020 GMT (375 days) +Sign the certificate? [y/n]:y + +1 out of 1 certificate requests certified, commit? [y/n]y +Write out database with 1 new entries +Data Base Updated +.Ed +.Pp +Finally, verify the new certificate: +.Bd -literal -offset indent +# openssl verify -CAfile cacert.pem certs/logsrvd_cert.pem +certs/logsrvd_cert.pem: OK +.Ed +.Pp +The +.Pa /etc/ssl/sudo/certs +directory now contains a signed and verified certificate for use with +.Nm sudo_logsrvd . +.Pp +To generate a client certificate, repeat the process above using +a different file name. +.Ss Configuring sudo_logsrvd to use TLS +To use TLS for client/server communication, both +.Nm +and the +.Nm sudoers +plugin need to be configured to use TLS. +Configuring +.Nm +for TLS requires the following settings, assuming the same path +names used earlier: +.Bd -literal -offset indent +# Listen on port 30344 for TLS connections to any address. +listen_address = *:30344(tls) + +# Path to the certificate authority bundle file in PEM format. +tls_cacert = /etc/ssl/sudo/cacert.pem + +# Path to the server's certificate file in PEM format. +tls_cert = /etc/ssl/sudo/certs/logsrvd_cert.pem + +# Path to the server's private key file in PEM format. +tls_key = /etc/ssl/sudo/private/logsrvd_key.pem +.Ed +.Pp +The root CA cert +.Pq Pa cacert.pem +must be installed on the system running +.Nm . +If peer authentication is enabled on the client, a copy of +.Pa cacert.pem +must be present on the client system too. +.Sh SEE ALSO +.Xr sudo.conf @mansectform@ , +.Xr sudo_logsrvd.conf @mansectform@ , +.Xr sudoers @mansectform@ , +.Xr sudo @mansectsu@ , +.Xr sudo_sendlog @mansectsu@ , +.Xr sudoreplay @mansectsu@ +.Sh AUTHORS +Many people have worked on +.Nm sudo +over the years; this version consists of code written primarily by: +.Bd -ragged -offset indent +.An Todd C. Miller +.Ed +.Pp +See the CONTRIBUTORS file in the +.Nm sudo +distribution (https://www.sudo.ws/contributors.html) for an +exhaustive list of people who have contributed to +.Nm sudo . +.Sh BUGS +If you feel you have found a bug in +.Nm , +please submit a bug report at https://bugzilla.sudo.ws/ +.Sh SUPPORT +Limited free support is available via the sudo-users mailing list, +see https://www.sudo.ws/mailman/listinfo/sudo-users to subscribe or +search the archives. +.Sh DISCLAIMER +.Nm +is provided +.Dq AS IS +and any express or implied warranties, including, but not limited +to, the implied warranties of merchantability and fitness for a +particular purpose are disclaimed. +See the LICENSE file distributed with +.Nm sudo +or https://www.sudo.ws/license.html for complete details. diff -Nru sudo-1.9.5p2/docs/sudo_plugin.man.in sudo-1.9.9/docs/sudo_plugin.man.in --- sudo-1.9.5p2/docs/sudo_plugin.man.in 1970-01-01 00:00:00.000000000 +0000 +++ sudo-1.9.9/docs/sudo_plugin.man.in 2022-01-27 21:24:22.000000000 +0000 @@ -0,0 +1,5332 @@ +.\" Automatically generated from an mdoc input file. Do not edit. +.\" +.\" SPDX-License-Identifier: ISC +.\" +.\" Copyright (c) 2009-2022 Todd C. Miller +.\" +.\" Permission to use, copy, modify, and distribute this software for any +.\" purpose with or without fee is hereby granted, provided that the above +.\" copyright notice and this permission notice appear in all copies. +.\" +.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES +.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF +.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR +.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES +.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN +.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF +.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. +.\" +.TH "SUDO_PLUGIN" "5" "January 20, 2022" "Sudo @PACKAGE_VERSION@" "File Formats Manual" +.nh +.if n .ad l +.SH "NAME" +\fBsudo_plugin\fR +\- Sudo Plugin API +.SH "DESCRIPTION" +Starting with version 1.8, +\fBsudo\fR +supports a plugin API +for policy and session logging. +Plugins may be compiled as dynamic shared objects (the default on +systems that support them) or compiled statically into the +\fBsudo\fR +binary itself. +By default, the +\fBsudoers\fR +plugin provides audit, security policy and I/O logging capabilities. +Via the plugin API, +\fBsudo\fR +can be configured to use alternate plugins provided by third parties. +The plugins to be used are specified in the +sudo.conf(@mansectform@) +file. +.PP +The API is versioned with a major and minor number. +The minor version number is incremented when additions are made. +The major number is incremented when incompatible changes are made. +A plugin should be check the version passed to it and make sure that the +major version matches. +.PP +The plugin API is defined by the +\fRsudo_plugin.h\fR +header file. +.SS "Policy plugin API" +A policy plugin must declare and populate a +\fRpolicy_plugin\fR +struct in the global scope. +This structure contains pointers to the functions that implement the +\fBsudo\fR +policy checks. +The name of the symbol should be specified in +sudo.conf(@mansectform@) +along with a path to the plugin so that +\fBsudo\fR +can load it. +.nf +.sp +.RS 0n +struct policy_plugin { +#define SUDO_POLICY_PLUGIN 1 + unsigned int type; /* always SUDO_POLICY_PLUGIN */ + unsigned int version; /* always SUDO_API_VERSION */ + int (*open)(unsigned int version, sudo_conv_t conversation, + sudo_printf_t plugin_printf, char * const settings[], + char * const user_info[], char * const user_env[], + char * const plugin_options[], const char **errstr); + void (*close)(int exit_status, int error); + int (*show_version)(int verbose); + int (*check_policy)(int argc, char * const argv[], + char *env_add[], char **command_info[], + char **argv_out[], char **user_env_out[], const char **errstr); + int (*list)(int argc, char * const argv[], int verbose, + const char *list_user, const char **errstr); + int (*validate)(const char **errstr); + void (*invalidate)(int remove); + int (*init_session)(struct passwd *pwd, char **user_env[], + const char **errstr); + void (*register_hooks)(int version, + int (*register_hook)(struct sudo_hook *hook)); + void (*deregister_hooks)(int version, + int (*deregister_hook)(struct sudo_hook *hook)); + struct sudo_plugin_event * (*event_alloc)(void); +}; +.RE +.fi +.PP +The policy_plugin struct has the following fields: +.TP 6n +type +The +\fRtype\fR +field should always be set to SUDO_POLICY_PLUGIN. +.TP 6n +version +The +\fRversion\fR +field should be set to +\fRSUDO_API_VERSION\fR. +.sp +This allows +\fBsudo\fR +to determine the API version the plugin was +built against. +.TP 6n +open +.nf +.RS 6n +int (*open)(unsigned int version, sudo_conv_t conversation, + sudo_printf_t plugin_printf, char * const settings[], + char * const user_info[], char * const user_env[], + char * const plugin_options[], const char **errstr); +.RE +.fi +.RS 6n +.sp +Returns 1 on success, 0 on failure, \-1 if a general error occurred, +or \-2 if there was a usage error. +In the latter case, +\fBsudo\fR +will print a usage message before it exits. +If an error occurs, the plugin may optionally call the +\fBconversation\fR() +or +\fBplugin_printf\fR() +function with +\fRSUDO_CONF_ERROR_MSG\fR +to present additional error information to the user. +.sp +The function arguments are as follows: +.TP 6n +version +The version passed in by +\fBsudo\fR +allows the plugin to determine the +major and minor version number of the plugin API supported by +\fBsudo\fR. +.TP 6n +conversation +A pointer to the +\fBconversation\fR() +function that can be used by the plugin to interact with the user (see +\fIConversation API\fR +for details). +Returns 0 on success and \-1 on failure. +.TP 6n +plugin_printf +A pointer to a +\fBprintf\fR()-style +function that may be used to display informational or error messages (see +\fIConversation API\fR +for details). +Returns the number of characters printed on success and \-1 on failure. +.TP 6n +settings +A vector of user-supplied +\fBsudo\fR +settings in the form of +\(lqname=value\(rq +strings. +The vector is terminated by a +\fRNULL\fR +pointer. +These settings correspond to options the user specified when running +\fBsudo\fR. +As such, they will only be present when the corresponding option has +been specified on the command line. +.sp +When parsing +\fIsettings\fR, +the plugin should split on the +\fBfirst\fR +equal sign +(\(oq=\(cq) +since the +\fIname\fR +field will never include one +itself but the +\fIvalue\fR +might. +.sp +The following values may be set by +\fBsudo\fR: +.PP +.RS 6n +.PD 0 +.TP 6n +bsdauth_type=string +Authentication type, if specified by the +\fB\-a\fR +option, to use on +systems where +BSD +authentication is supported. +.PD +.TP 6n +closefrom=number +If specified, the user has requested via the +\fB\-C\fR +option that +\fBsudo\fR +close all files descriptors with a value of +\fInumber\fR +or higher. +The plugin may optionally pass this, or another value, back in the +\fIcommand_info\fR +list. +.TP 6n +cmnd_chroot=string +The root directory (see +chroot(2)) +to run the command in, as specified by the user via the +\fB\-R\fR +option. +The plugin may ignore or restrict the user's ability to specify a new +root directory. +Only available starting with API version 1.16. +.TP 6n +cmnd_cwd=string +The working directory to run the command in, as specified by the user via the +\fB\-D\fR +option. +The plugin may ignore or restrict the user's ability to specify a new +working directory. +Only available starting with API version 1.16. +.TP 6n +debug_flags=string +A debug file path name followed by a space and a comma-separated +list of debug flags that correspond to the plugin's +\fRDebug\fR +entry in +sudo.conf(@mansectform@), +if there is one. +The flags are passed to the plugin exactly as they appear in +sudo.conf(@mansectform@). +The syntax used by +\fBsudo\fR +and the +\fBsudoers\fR +plugin is +\fIsubsystem\fR@\fIpriority\fR +but a plugin is free to use a different +format so long as it does not include a comma +(\(oq,\&\(cq). +Prior to +\fBsudo\fR +1.8.12, there was no way to specify plugin-specific +\fIdebug_flags\fR +so the value was always the same as that used by the +\fBsudo\fR +front-end and did not include a path name, only the flags themselves. +As of version 1.7 of the plugin interface, +\fBsudo\fR +will only pass +\fIdebug_flags\fR +if +sudo.conf(@mansectform@) +contains a plugin-specific +\fRDebug\fR +entry. +.TP 6n +ignore_ticket=bool +Set to true if the user specified the +\fB\-k\fR +option along with a +command, indicating that the user wishes to ignore any cached +authentication credentials. +\fIimplied_shell\fR +to true. +This allows +\fBsudo\fR +with no arguments +to be used similarly to +su(1). +If the plugin does not to support this usage, it may return a value of \-2 +from the +\fBcheck_policy\fR() +function, which will cause +\fBsudo\fR +to print a usage message and exit. +.TP 6n +implied_shell=bool +If the user does not specify a program on the command line, +\fBsudo\fR +will pass the plugin the path to the user's shell and set +.TP 6n +login_class=string +BSD +login class to use when setting resource limits and nice value, +if specified by the +\fB\-c\fR +option. +.TP 6n +login_shell=bool +Set to true if the user specified the +\fB\-i\fR +option, indicating that +the user wishes to run a login shell. +.TP 6n +max_groups=int +The maximum number of groups a user may belong to. +This will only be present if there is a corresponding setting in +sudo.conf(@mansectform@). +.TP 6n +network_addrs=list +A space-separated list of IP network addresses and netmasks in the +form +\(lqaddr/netmask\(rq, +e.g., +\(lq192.168.1.2/255.255.255.0\(rq. +The address and netmask pairs may be either IPv4 or IPv6, depending on +what the operating system supports. +If the address contains a colon +(\(oq:\&\(cq), +it is an IPv6 address, else it is IPv4. +.TP 6n +noninteractive=bool +Set to true if the user specified the +\fB\-n\fR +option, indicating that +\fBsudo\fR +should operate in non-interactive mode. +The plugin may reject a command run in non-interactive mode if user +interaction is required. +.TP 6n +plugin_dir=string +The default plugin directory used by the +\fBsudo\fR +front-end. +This is the default directory set at compile time and may not +correspond to the directory the running plugin was loaded from. +It may be used by a plugin to locate support files. +.TP 6n +plugin_path=string +The path name of plugin loaded by the +\fBsudo\fR +front-end. +The path name will be a fully-qualified unless the plugin was +statically compiled into +\fBsudo\fR. +.TP 6n +preserve_environment=bool +Set to true if the user specified the +\fB\-E\fR +option, indicating that +the user wishes to preserve the environment. +.TP 6n +preserve_groups=bool +Set to true if the user specified the +\fB\-P\fR +option, indicating that +the user wishes to preserve the group vector instead of setting it +based on the runas user. +.TP 6n +progname=string +The command name that sudo was run as, typically +\(lqsudo\(rq +or +\(lqsudoedit\(rq. +.TP 6n +prompt=string +The prompt to use when requesting a password, if specified via +the +\fB\-p\fR +option. +.TP 6n +remote_host=string +The name of the remote host to run the command on, if specified via +the +\fB\-h\fR +option. +Support for running the command on a remote host is meant to be implemented +via a helper program that is executed in place of the user-specified command. +The +\fBsudo\fR +front-end is only capable of executing commands on the local host. +Only available starting with API version 1.4. +.TP 6n +run_shell=bool +Set to true if the user specified the +\fB\-s\fR +option, indicating that the user wishes to run a shell. +.TP 6n +runas_group=string +The group name or group-ID to run the command as, if specified via +the +\fB\-g\fR +option. +.TP 6n +runas_user=string +The user name or user-ID to run the command as, if specified via the +\fB\-u\fR +option. +.TP 6n +selinux_role=string +SELinux role to use when executing the command, if specified by +the +\fB\-r\fR +option. +.TP 6n +selinux_type=string +SELinux type to use when executing the command, if specified by +the +\fB\-t\fR +option. +.TP 6n +set_home=bool +Set to true if the user specified the +\fB\-H\fR +option. +If true, set the +\fRHOME\fR +environment variable to the target user's home directory. +.TP 6n +sudoedit=bool +Set to true when the +\fB\-e\fR +option is specified or if invoked as +\fBsudoedit\fR. +The plugin shall substitute an editor into +\fIargv\fR +in the +\fBcheck_policy\fR() +function or return \-2 with a usage error +if the plugin does not support +\fIsudoedit\fR. +For more information, see the +\fIcheck_policy\fR +section. +.TP 6n +timeout=string +Command timeout specified by the user via the +\fB\-T\fR +option. +Not all plugins support command timeouts and the ability of the +user to set a timeout may be restricted by policy. +The format of the timeout string is plugin-specific. +.PP +Additional settings may be added in the future so the plugin should +silently ignore settings that it does not recognize. +.RE +.TP 6n +user_info +A vector of information about the user running the command in the form of +\(lqname=value\(rq +strings. +The vector is terminated by a +\fRNULL\fR +pointer. +.sp +When parsing +\fIuser_info\fR, +the plugin should split on the +\fBfirst\fR +equal sign +(\(oq=\(cq) +since the +\fIname\fR +field will never include one +itself but the +\fIvalue\fR +might. +.sp +The following values may be set by +\fBsudo\fR: +.PP +.RS 6n +.PD 0 +.TP 6n +cols=int +The number of columns the user's terminal supports. +If there is no terminal device available, a default value of 80 is used. +.PD +.TP 6n +cwd=string +The user's current working directory. +.TP 6n +egid=gid_t +The effective group-ID of the user invoking +\fBsudo\fR. +.TP 6n +euid=uid_t +The effective user-ID of the user invoking +\fBsudo\fR. +.TP 6n +gid=gid_t +The real group-ID of the user invoking +\fBsudo\fR. +.TP 6n +groups=list +The user's supplementary group list formatted as a string of +comma-separated group-IDs. +.TP 6n +host=string +The local machine's hostname as returned by the +gethostname(2) +system call. +.TP 6n +lines=int +The number of lines the user's terminal supports. +If there is +no terminal device available, a default value of 24 is used. +.TP 6n +pgid=int +The ID of the process group that the running +\fBsudo\fR +process is a member of. +Only available starting with API version 1.2. +.TP 6n +pid=int +The process ID of the running +\fBsudo\fR +process. +Only available starting with API version 1.2. +.TP 6n +ppid=int +The parent process ID of the running +\fBsudo\fR +process. +Only available starting with API version 1.2. +.TP 6n +rlimit_as=soft,hard +The maximum size to which the process's address space may grow (in bytes), +if supported by the operating system. +The soft and hard limits are separated by a comma. +A value of +\(lqinfinity\(rq +indicates that there is no limit. +Only available starting with API version 1.16. +.TP 6n +rlimit_core=soft,hard +The largest size core dump file that may be created (in bytes). +The soft and hard limits are separated by a comma. +A value of +\(lqinfinity\(rq +indicates that there is no limit. +Only available starting with API version 1.16. +.TP 6n +rlimit_cpu=soft,hard +The maximum amount of CPU time that the process may use (in seconds). +The soft and hard limits are separated by a comma. +A value of +\(lqinfinity\(rq +indicates that there is no limit. +Only available starting with API version 1.16. +.TP 6n +rlimit_data=soft,hard +The maximum size of the data segment for the process (in bytes). +The soft and hard limits are separated by a comma. +A value of +\(lqinfinity\(rq +indicates that there is no limit. +Only available starting with API version 1.16. +.TP 6n +rlimit_fsize=soft,hard +The largest size file that the process may create (in bytes). +The soft and hard limits are separated by a comma. +A value of +\(lqinfinity\(rq +indicates that there is no limit. +Only available starting with API version 1.16. +.TP 6n +rlimit_locks=soft,hard +The maximum number of locks that the process may establish, +if supported by the operating system. +The soft and hard limits are separated by a comma. +A value of +\(lqinfinity\(rq +indicates that there is no limit. +Only available starting with API version 1.16. +.TP 6n +rlimit_memlock=soft,hard +The maximum size that the process may lock in memory (in bytes), +if supported by the operating system. +The soft and hard limits are separated by a comma. +A value of +\(lqinfinity\(rq +indicates that there is no limit. +Only available starting with API version 1.16. +.TP 6n +rlimit_nofile=soft,hard +The maximum number of files that the process may have open. +The soft and hard limits are separated by a comma. +A value of +\(lqinfinity\(rq +indicates that there is no limit. +Only available starting with API version 1.16. +.TP 6n +rlimit_nproc=soft,hard +The maximum number of processes that the user may run simultaneously. +The soft and hard limits are separated by a comma. +A value of +\(lqinfinity\(rq +indicates that there is no limit. +Only available starting with API version 1.16. +.TP 6n +rlimit_rss=soft,hard +The maximum size to which the process's resident set size may grow (in bytes). +The soft and hard limits are separated by a comma. +A value of +\(lqinfinity\(rq +indicates that there is no limit. +Only available starting with API version 1.16. +.TP 6n +rlimit_stack=soft,hard +The maximum size to which the process's stack may grow (in bytes). +The soft and hard limits are separated by a comma. +A value of +\(lqinfinity\(rq +indicates that there is no limit. +Only available starting with API version 1.16. +.TP 6n +sid=int +The session ID of the running +\fBsudo\fR +process or 0 if +\fBsudo\fR +is not part of a POSIX job control session. +Only available starting with API version 1.2. +.TP 6n +tcpgid=int +The ID of the foreground process group associated with the terminal +device associated with the +\fBsudo\fR +process or 0 if there is no terminal present. +Only available starting with API version 1.2. +.TP 6n +tty=string +The path to the user's terminal device. +If the user has no terminal device associated with the session, +the value will be empty, as in +\(lq\fRtty=\fR\(rq. +.TP 6n +uid=uid_t +The real user-ID of the user invoking +\fBsudo\fR. +.TP 6n +umask=octal +The invoking user's file creation mask. +Only available starting with API version 1.10. +.TP 6n +user=string +The name of the user invoking +\fBsudo\fR. +.PD 0 +.PP +.RE +.PD +.TP 6n +user_env +The user's environment in the form of a +\fRNULL\fR-terminated vector of +\(lqname=value\(rq +strings. +.sp +When parsing +\fIuser_env\fR, +the plugin should split on the +\fBfirst\fR +equal sign +(\(oq=\(cq) +since the +\fIname\fR +field will never include one +itself but the +\fIvalue\fR +might. +.TP 6n +plugin_options +Any (non-comment) strings immediately after the plugin path are +passed as arguments to the plugin. +These arguments are split on a white space boundary and are passed to +the plugin in the form of a +\fRNULL\fR-terminated +array of strings. +If no arguments were +specified, +\fIplugin_options\fR +will be the +\fRNULL\fR +pointer. +.sp +NOTE: the +\fIplugin_options\fR +parameter is only available starting with +API version 1.2. +A plugin +\fBmust\fR +check the API version specified +by the +\fBsudo\fR +front-end before using +\fIplugin_options\fR. +Failure to do so may result in a crash. +.TP 6n +errstr +If the +\fBopen\fR() +function returns a value other than 1, the plugin may +store a message describing the failure or error in +\fIerrstr\fR. +The +\fBsudo\fR +front-end will then pass this value to any registered audit plugins. +The string stored in +\fIerrstr\fR +must remain valid until the plugin's +\fBclose\fR() +function is called. +.sp +NOTE: the +\fIerrstr\fR +parameter is only available starting with +API version 1.15. +A plugin +\fBmust\fR +check the API version specified by the +\fBsudo\fR +front-end before using +\fIerrstr\fR. +Failure to do so may result in a crash. +.PD 0 +.PP +.RE +.PD +.TP 6n +close +.br +.nf +.RS 6n +void (*close)(int exit_status, int error); +.RE +.fi +.RS 6n +.sp +The +\fBclose\fR() +function is called when +\fBsudo\fR +is finished, shortly before it exits. +Starting with API version 1.15, +\fBclose\fR() +is called regardless of whether or not a command was actually executed. +This makes it possible for plugins to perform cleanup even when a +command was not run. +It is not possible to tell whether a command was run based solely +on the arguments passed to the +\fBclose\fR() +function. +To determine if a command was actually run, +the plugin must keep track of whether or not the +\fBcheck_policy\fR() +function returned successfully. +.sp +The function arguments are as follows: +.TP 6n +exit_status +The command's exit status, as returned by the +wait(2) +system call, or zero if no command was run. +The value of +\fRexit_status\fR +is undefined if +\fRerror\fR +is non-zero. +.TP 6n +error +.br +If the command could not be executed, this is set to the value of +\fRerrno\fR +set by the +execve(2) +system call. +The plugin is responsible for displaying error information via the +\fBconversation\fR() +or +\fBplugin_printf\fR() +function. +If the command was successfully executed, the value of +\fRerror\fR +is zero. +.PP +If no +\fBclose\fR() +function is defined, no I/O logging plugins are loaded, +and neither the +\fItimeout\fR +not +\fIuse_pty\fR +options are set in the +\fRcommand_info\fR +list, the +\fBsudo\fR +front-end may execute the command directly instead of running +it as a child process. +.RE +.TP 6n +show_version +.nf +.RS 6n +int (*show_version)(int verbose); +.RE +.fi +.RS 6n +.sp +The +\fBshow_version\fR() +function is called by +\fBsudo\fR +when the user specifies +the +\fB\-V\fR +option. +The plugin may display its version information to the user via the +\fBconversation\fR() +or +\fBplugin_printf\fR() +function using +\fRSUDO_CONV_INFO_MSG\fR. +If the user requests detailed version information, the verbose flag will be set. +.sp +Returns 1 on success, 0 on failure, \-1 if a general error occurred, +or \-2 if there was a usage error, although the return value is currently +ignored. +.RE +.TP 6n +check_policy +.nf +.RS 6n +int (*check_policy)(int argc, char * const argv[], char *env_add[], + char **command_info[], char **argv_out[], char **user_env_out[], + const char **errstr); +.RE +.fi +.RS 6n +.sp +The +\fBcheck_policy\fR() +function is called by +\fBsudo\fR +to determine +whether the user is allowed to run the specified commands. +.sp +If the +\fIsudoedit\fR +option was enabled in the +\fIsettings\fR +array +passed to the +\fBopen\fR() +function, the user has requested +\fIsudoedit\fR +mode. +\fIsudoedit\fR +is a mechanism for editing one or more files +where an editor is run with the user's credentials instead of with +elevated privileges. +\fBsudo\fR +achieves this by creating user-writable +temporary copies of the files to be edited and then overwriting the +originals with the temporary copies after editing is complete. +If the plugin supports +\fIsudoedit\fR, +it should choose the editor to be used, potentially from a variable +in the user's environment, such as +\fREDITOR\fR, +and include it in +\fIargv_out\fR +(note that environment +variables may include command line options). +The files to be edited should be copied from +\fIargv\fR +into +\fIargv_out\fR, +separated from the +editor and its arguments by a +\(lq\fR--\fR\(rq +element. +The +\(lq\fR--\fR\(rq +will +be removed by +\fBsudo\fR +before the editor is executed. +The plugin should also set +\fIsudoedit=true\fR +in the +\fIcommand_info\fR +list. +.sp +The +\fBcheck_policy\fR() +function returns 1 if the command is allowed, +0 if not allowed, \-1 for a general error, or \-2 for a usage error +or if +\fIsudoedit\fR +was specified but is unsupported by the plugin. +In the latter case, +\fBsudo\fR +will print a usage message before it +exits. +If an error occurs, the plugin may optionally call the +\fBconversation\fR() +or +\fBplugin_printf\fR() +function with +\fRSUDO_CONF_ERROR_MSG\fR +to present additional error information to the user. +.sp +The function arguments are as follows: +.TP 6n +argc +The number of elements in +\fIargv\fR, +not counting the final +\fRNULL\fR +pointer. +.TP 6n +argv +The argument vector describing the command the user wishes to run, +in the same form as what would be passed to the +execve(2) +system call. +The vector is terminated by a +\fRNULL\fR +pointer. +.TP 6n +env_add +Additional environment variables specified by the user on the command +line in the form of a +\fRNULL\fR-terminated +vector of +\(lqname=value\(rq +strings. +The plugin may reject the command if one or more variables +are not allowed to be set, or it may silently ignore such variables. +.sp +When parsing +\fIenv_add\fR, +the plugin should split on the +\fBfirst\fR +equal sign +(\(oq=\(cq) +since the +\fIname\fR +field will never include one +itself but the +\fIvalue\fR +might. +.TP 6n +command_info +Information about the command being run in the form of +\(lqname=value\(rq +strings. +These values are used by +\fBsudo\fR +to set the execution +environment when running a command. +The plugin is responsible for creating and populating the vector, +which must be terminated with a +\fRNULL\fR +pointer. +The following values are recognized by +\fBsudo\fR: +.PP +.RS 6n +.PD 0 +.TP 6n +chroot=string +The root directory to use when running the command. +.PD +.TP 6n +closefrom=number +If specified, +\fBsudo\fR +will close all files descriptors with a value +of +\fInumber\fR +or higher. +.TP 6n +command=string +Fully qualified path to the command to be executed. +.TP 6n +cwd=string +The current working directory to change to when executing the command. +If +\fBsudo\fR +is unable to change to the new working directory, the command will +not be run unless +\fIcwd_optional\fR +is also set (see below). +.TP 6n +cwd_optional=bool +If enabled, +\fBsudo\fR +will treat an inability to change to the new working directory as a +non-fatal error. +This setting has no effect unless +\fIcwd\fR +is also set. +.TP 6n +exec_background=bool +By default, +\fBsudo\fR +runs a command as the foreground process as long as +\fBsudo\fR +itself is running in the foreground. +When +\fIexec_background\fR +is enabled and the command is being run in a pseudo-terminal +(due to I/O logging or the +\fIuse_pty\fR +setting), the command will be run as a background process. +Attempts to read from the controlling terminal (or to change terminal +settings) will result in the command being suspended with the +\fRSIGTTIN\fR +signal (or +\fRSIGTTOU\fR +in the case of terminal settings). +If this happens when +\fBsudo\fR +is a foreground process, the command will be granted the controlling terminal +and resumed in the foreground with no user intervention required. +The advantage of initially running the command in the background is that +\fBsudo\fR +need not read from the terminal unless the command explicitly requests it. +Otherwise, any terminal input must be passed to the command, whether it +has required it or not (the kernel buffers terminals so it is not possible +to tell whether the command really wants the input). +This is different from historic +\fIsudo\fR +behavior or when the command is not being run in a pseudo-terminal. +.sp +For this to work seamlessly, the operating system must support the +automatic restarting of system calls. +Unfortunately, not all operating systems do this by default, +and even those that do may have bugs. +For example, macOS fails to restart the +\fBtcgetattr\fR() +and +\fBtcsetattr\fR() +system calls (this is a bug in macOS). +Furthermore, because this behavior depends on the command stopping with the +\fRSIGTTIN\fR +or +\fRSIGTTOU\fR +signals, programs that catch these signals and suspend themselves +with a different signal (usually +\fRSIGTOP\fR) +will not be automatically foregrounded. +Some versions of the linux +su(1) +command behave this way. +Because of this, a plugin should not set +\fIexec_background\fR +unless it is explicitly enabled by the administrator and there should +be a way to enabled or disable it on a per-command basis. +.sp +This setting has no effect unless I/O logging is enabled or +\fIuse_pty\fR +is enabled. +.TP 6n +execfd=number +If specified, +\fBsudo\fR +will use the +fexecve(2) +system call to execute the command instead of +execve(2). +The specified +\fInumber\fR +must refer to an open file descriptor. +.TP 6n +iolog_compress=bool +Set to true if the I/O logging plugins, if any, should compress the +log data. +This is a hint to the I/O logging plugin which may choose to ignore it. +.TP 6n +iolog_group=string +The group that will own newly created I/O log files and directories. +This is a hint to the I/O logging plugin which may choose to ignore it. +.TP 6n +iolog_mode=octal +The file permission mode to use when creating I/O log files and directories. +This is a hint to the I/O logging plugin which may choose to ignore it. +.TP 6n +iolog_user=string +The user that will own newly created I/O log files and directories. +This is a hint to the I/O logging plugin which may choose to ignore it. +.TP 6n +iolog_path=string +Fully qualified path to the file or directory in which I/O log is +to be stored. +This is a hint to the I/O logging plugin which may choose to ignore it. +If no I/O logging plugin is loaded, this setting has no effect. +.TP 6n +iolog_stdin=bool +Set to true if the I/O logging plugins, if any, should log the +standard input if it is not connected to a terminal device. +This is a hint to the I/O logging plugin which may choose to ignore it. +.TP 6n +iolog_stdout=bool +Set to true if the I/O logging plugins, if any, should log the +standard output if it is not connected to a terminal device. +This is a hint to the I/O logging plugin which may choose to ignore it. +.TP 6n +iolog_stderr=bool +Set to true if the I/O logging plugins, if any, should log the +standard error if it is not connected to a terminal device. +This is a hint to the I/O logging plugin which may choose to ignore it. +.TP 6n +iolog_ttyin=bool +Set to true if the I/O logging plugins, if any, should log all +terminal input. +This only includes input typed by the user and not from a pipe or +redirected from a file. +This is a hint to the I/O logging plugin which may choose to ignore it. +.TP 6n +iolog_ttyout=bool +Set to true if the I/O logging plugins, if any, should log all +terminal output. +This only includes output to the screen, not output to a pipe or file. +This is a hint to the I/O logging plugin which may choose to ignore it. +.TP 6n +login_class=string +BSD +login class to use when setting resource limits and nice value (optional). +This option is only set on systems that support login classes. +.TP 6n +nice=int +Nice value (priority) to use when executing the command. +The nice value, if specified, overrides the priority associated with the +\fIlogin_class\fR +on +BSD +systems. +.TP 6n +noexec=bool +If set, prevent the command from executing other programs. +.TP 6n +preserve_fds=list +A comma-separated list of file descriptors that should be +preserved, regardless of the value of the +\fIclosefrom\fR +setting. +Only available starting with API version 1.5. +.TP 6n +preserve_groups=bool +If set, +\fBsudo\fR +will preserve the user's group vector instead of +initializing the group vector based on +\fRrunas_user\fR. +.TP 6n +rlimit_as=soft,hard +The maximum size to which the process's address space may grow (in bytes), +if supported by the operating system. +The soft and hard limits are separated by a comma. +If only a single value is specified, both the hard and soft limits are set. +A value of +\(lqinfinity\(rq +indicates that there is no limit. +A value of +\(lquser\(rq +will cause the invoking user's resource limit to be preserved. +A value of +\(lqdefault\(rq +will cause the target user's default resource limit to be used +on systems that allow per-user resource limits to be configured. +Only available starting with API version 1.17. +.TP 6n +rlimit_core=soft,hard +The largest size core dump file that may be created (in bytes). +The soft and hard limits are separated by a comma. +If only a single value is specified, both the hard and soft limits are set. +A value of +\(lqinfinity\(rq +indicates that there is no limit. +A value of +\(lquser\(rq +will cause the invoking user's resource limit to be preserved. +A value of +\(lqdefault\(rq +will cause the target user's default resource limit to be used +on systems that allow per-user resource limits to be configured. +Only available starting with API version 1.17. +.TP 6n +rlimit_cpu=soft,hard +The maximum amount of CPU time that the process may use (in seconds). +The soft and hard limits are separated by a comma. +If only a single value is specified, both the hard and soft limits are set. +A value of +\(lqinfinity\(rq +indicates that there is no limit. +A value of +\(lquser\(rq +will cause the invoking user's resource limit to be preserved. +A value of +\(lqdefault\(rq +will cause the target user's default resource limit to be used +on systems that allow per-user resource limits to be configured. +Only available starting with API version 1.17. +.TP 6n +rlimit_data=soft,hard +The maximum size of the data segment for the process (in bytes). +The soft and hard limits are separated by a comma. +If only a single value is specified, both the hard and soft limits are set. +A value of +\(lqinfinity\(rq +indicates that there is no limit. +A value of +\(lquser\(rq +will cause the invoking user's resource limit to be preserved. +A value of +\(lqdefault\(rq +will cause the target user's default resource limit to be used +on systems that allow per-user resource limits to be configured. +Only available starting with API version 1.17. +.TP 6n +rlimit_fsize=soft,hard +The largest size file that the process may create (in bytes). +The soft and hard limits are separated by a comma. +If only a single value is specified, both the hard and soft limits are set. +A value of +\(lqinfinity\(rq +indicates that there is no limit. +A value of +\(lquser\(rq +will cause the invoking user's resource limit to be preserved. +A value of +\(lqdefault\(rq +will cause the target user's default resource limit to be used +on systems that allow per-user resource limits to be configured. +Only available starting with API version 1.17. +.TP 6n +rlimit_locks=soft,hard +The maximum number of locks that the process may establish, +if supported by the operating system. +The soft and hard limits are separated by a comma. +If only a single value is specified, both the hard and soft limits are set. +A value of +\(lqinfinity\(rq +indicates that there is no limit. +A value of +\(lquser\(rq +will cause the invoking user's resource limit to be preserved. +A value of +\(lqdefault\(rq +will cause the target user's default resource limit to be used +on systems that allow per-user resource limits to be configured. +Only available starting with API version 1.17. +.TP 6n +rlimit_memlock=soft,hard +The maximum size that the process may lock in memory (in bytes), +if supported by the operating system. +The soft and hard limits are separated by a comma. +If only a single value is specified, both the hard and soft limits are set. +A value of +\(lqinfinity\(rq +indicates that there is no limit. +A value of +\(lquser\(rq +will cause the invoking user's resource limit to be preserved. +A value of +\(lqdefault\(rq +will cause the target user's default resource limit to be used +on systems that allow per-user resource limits to be configured. +Only available starting with API version 1.17. +.TP 6n +rlimit_nofile=soft,hard +The maximum number of files that the process may have open. +The soft and hard limits are separated by a comma. +If only a single value is specified, both the hard and soft limits are set. +A value of +\(lqinfinity\(rq +indicates that there is no limit. +A value of +\(lquser\(rq +will cause the invoking user's resource limit to be preserved. +A value of +\(lqdefault\(rq +will cause the target user's default resource limit to be used +on systems that allow per-user resource limits to be configured. +Only available starting with API version 1.17. +.TP 6n +rlimit_nproc=soft,hard +The maximum number of processes that the user may run simultaneously. +The soft and hard limits are separated by a comma. +If only a single value is specified, both the hard and soft limits are set. +A value of +\(lqinfinity\(rq +indicates that there is no limit. +A value of +\(lquser\(rq +will cause the invoking user's resource limit to be preserved. +A value of +\(lqdefault\(rq +will cause the target user's default resource limit to be used +on systems that allow per-user resource limits to be configured. +Only available starting with API version 1.17. +.TP 6n +rlimit_rss=soft,hard +The maximum size to which the process's resident set size may grow (in bytes). +The soft and hard limits are separated by a comma. +If only a single value is specified, both the hard and soft limits are set. +A value of +\(lqinfinity\(rq +indicates that there is no limit. +A value of +\(lquser\(rq +will cause the invoking user's resource limit to be preserved. +A value of +\(lqdefault\(rq +will cause the target user's default resource limit to be used +on systems that allow per-user resource limits to be configured. +Only available starting with API version 1.17. +.TP 6n +rlimit_stack=soft,hard +The maximum size to which the process's stack may grow (in bytes). +The soft and hard limits are separated by a comma. +If only a single value is specified, both the hard and soft limits are set. +A value of +\(lqinfinity\(rq +indicates that there is no limit. +A value of +\(lquser\(rq +will cause the invoking user's resource limit to be preserved. +A value of +\(lqdefault\(rq +will cause the target user's default resource limit to be used +on systems that allow per-user resource limits to be configured. +Only available starting with API version 1.17. +.TP 6n +runas_egid=gid +Effective group-ID to run the command as. +If not specified, the value of +\fIrunas_gid\fR +is used. +.TP 6n +runas_euid=uid +Effective user-ID to run the command as. +If not specified, the value of +\fIrunas_uid\fR +is used. +.TP 6n +runas_gid=gid +Group-ID to run the command as. +.TP 6n +runas_group=string +The name of the group the command will run as, if it is different +from the +\fIrunas_user\fR's +default group. +This value is provided for auditing purposes only, the +\fBsudo\fR +front-end uses +\fIrunas_egid\fR +and +\fIrunas_gid\fR +when executing the command. +.TP 6n +runas_groups=list +The supplementary group vector to use for the command in the form +of a comma-separated list of group-IDs. +If +\fIpreserve_groups\fR +is set, this option is ignored. +.TP 6n +runas_uid=uid +User-ID to run the command as. +.TP 6n +runas_user=string +The name of the user the command will run as, which should correspond to +\fIrunas_euid\fR +(or +\fIrunas_uid\fR +if +\fIrunas_euid\fR +is not set). +This value is provided for auditing purposes only, the +\fBsudo\fR +front-end uses +\fIrunas_euid\fR +and +\fIrunas_uid\fR +when executing the command. +.TP 6n +selinux_role=string +SELinux role to use when executing the command. +.TP 6n +selinux_type=string +SELinux type to use when executing the command. +.TP 6n +set_utmp=bool +Create a utmp (or utmpx) entry when a pseudo-terminal is allocated. +By default, the new entry will be a copy of the user's existing utmp +entry (if any), with the tty, time, type, and pid fields updated. +.TP 6n +sudoedit=bool +Set to true when in +\fIsudoedit\fR +mode. +The plugin may enable +\fIsudoedit\fR +mode even if +\fBsudo\fR +was not invoked as +\fBsudoedit\fR. +This allows the plugin to perform command substitution and transparently +enable +\fIsudoedit\fR +when the user attempts to run an editor. +.TP 6n +sudoedit_checkdir=bool +Set to false to disable directory writability checks in +\fBsudoedit\fR. +By default, +\fBsudoedit\fR +1.8.16 and higher will check all directory components of the path to be +edited for writability by the invoking user. +Symbolic links will not be followed in writable directories and +\fBsudoedit\fR +will refuse to edit a file located in a writable directory. +These restrictions are not enforced when +\fBsudoedit\fR +is run by root. +The +\fIsudoedit_follow\fR +option can be set to false to disable this check. +Only available starting with API version 1.8. +.TP 6n +sudoedit_follow=bool +Set to true to allow +\fBsudoedit\fR +to edit files that are symbolic links. +By default, +\fBsudoedit\fR +1.8.15 and higher will refuse to open a symbolic link. +The +\fIsudoedit_follow\fR +option can be used to restore the older behavior and allow +\fBsudoedit\fR +to open symbolic links. +Only available starting with API version 1.8. +.TP 6n +timeout=int +Command timeout. +If non-zero then when the timeout expires the command will be killed. +.TP 6n +umask=octal +The file creation mask to use when executing the command. +This value may be overridden by PAM or login.conf on some systems +unless the +\fIumask_override\fR +option is also set. +.TP 6n +umask_override=bool +Force the value specified by the +\fIumask\fR +option to override any umask set by PAM or login.conf. +.TP 6n +use_pty=bool +Allocate a pseudo-terminal to run the command in, regardless of whether +or not I/O logging is in use. +By default, +\fBsudo\fR +will only run +the command in a pseudo-terminal when an I/O log plugin is loaded. +.TP 6n +utmp_user=string +User name to use when constructing a new utmp (or utmpx) entry when +\fIset_utmp\fR +is enabled. +This option can be used to set the user field in the utmp entry to +the user the command runs as rather than the invoking user. +If not set, +\fBsudo\fR +will base the new entry on +the invoking user's existing entry. +.PP +Unsupported values will be ignored. +.RE +.TP 6n +argv_out +The +\fRNULL\fR-terminated +argument vector to pass to the +execve(2) +system call when executing the command. +The plugin is responsible for allocating and populating the vector. +.TP 6n +user_env_out +The +\fRNULL\fR-terminated +environment vector to use when executing the command. +The plugin is responsible for allocating and populating the vector. +.TP 6n +errstr +If the +\fBcheck_policy\fR() +function returns a value other than 1, the plugin may +store a message describing the failure or error in +\fIerrstr\fR. +The +\fBsudo\fR +front-end will then pass this value to any registered audit plugins. +The string stored in +\fIerrstr\fR +must remain valid until the plugin's +\fBclose\fR() +function is called. +.sp +NOTE: the +\fIerrstr\fR +parameter is only available starting with +API version 1.15. +A plugin +\fBmust\fR +check the API version specified by the +\fBsudo\fR +front-end before using +\fIerrstr\fR. +Failure to do so may result in a crash. +.PD 0 +.PP +.RE +.PD +.TP 6n +list +.nf +.RS 6n +int (*list)(int argc, char * const argv[], int verbose, + const char *list_user, const char **errstr); +.RE +.fi +.RS 6n +.sp +List available privileges for the invoking user. +Returns 1 on success, 0 on failure, and \-1 on error. +On error, the plugin may optionally call the +\fBconversation\fR() +or +\fBplugin_printf\fR() +function with +\fRSUDO_CONF_ERROR_MSG\fR +to present additional error information to +the user. +.sp +Privileges should be output via the +\fBconversation\fR() +or +\fBplugin_printf\fR() +function using +\fRSUDO_CONV_INFO_MSG\fR. +.sp +The function arguments are as follows: +.TP 6n +argc +The number of elements in +\fIargv\fR, +not counting the final +\fRNULL\fR +pointer. +.TP 6n +argv +If +non-\fRNULL\fR, +an argument vector describing a command the user +wishes to check against the policy in the same form as what would +be passed to the +execve(2) +system call. +If the command is permitted by the policy, the fully-qualified path +to the command should be displayed along with any command line arguments. +.TP 6n +verbose +Flag indicating whether to list in verbose mode or not. +.TP 6n +list_user +The name of a different user to list privileges for if the policy +allows it. +If +\fRNULL\fR, +the plugin should list the privileges of the invoking user. +.TP 6n +errstr +If the +\fBlist\fR() +function returns a value other than 1, the plugin may +store a message describing the failure or error in +\fIerrstr\fR. +The +\fBsudo\fR +front-end will then pass this value to any registered audit plugins. +The string stored in +\fIerrstr\fR +must remain valid until the plugin's +\fBclose\fR() +function is called. +.sp +NOTE: the +\fIerrstr\fR +parameter is only available starting with +API version 1.15. +A plugin +\fBmust\fR +check the API version specified by the +\fBsudo\fR +front-end before using +\fIerrstr\fR. +Failure to do so may result in a crash. +.PD 0 +.PP +.RE +.PD +.TP 6n +validate +.nf +.RS 6n +int (*validate)(const char **errstr); +.RE +.fi +.RS 6n +.sp +The +\fBvalidate\fR() +function is called when +\fBsudo\fR +is run with the +\fB\-v\fR +option. +For policy plugins such as +\fBsudoers\fR +that cache +authentication credentials, this function will validate and cache +the credentials. +.sp +The +\fBvalidate\fR() +function should be +\fRNULL\fR +if the plugin does not support credential caching. +.sp +Returns 1 on success, 0 on failure, and \-1 on error. +On error, the plugin may optionally call the +\fBconversation\fR() +or +\fBplugin_printf\fR() +function with +\fRSUDO_CONF_ERROR_MSG\fR +to present additional +error information to the user. +.sp +The function arguments are as follows: +.TP 6n +errstr +If the +\fBvalidate\fR() +function returns a value other than 1, the plugin may +store a message describing the failure or error in +\fIerrstr\fR. +The +\fBsudo\fR +front-end will then pass this value to any registered audit plugins. +The string stored in +\fIerrstr\fR +must remain valid until the plugin's +\fBclose\fR() +function is called. +.sp +NOTE: the +\fIerrstr\fR +parameter is only available starting with +API version 1.15. +A plugin +\fBmust\fR +check the API version specified by the +\fBsudo\fR +front-end before using +\fIerrstr\fR. +Failure to do so may result in a crash. +.PD 0 +.PP +.RE +.PD +.TP 6n +invalidate +.nf +.RS 6n +void (*invalidate)(int remove); +.RE +.fi +.RS 6n +.sp +The +\fBinvalidate\fR() +function is called when +\fBsudo\fR +is run with the +\fB\-k\fR +or +\fB\-K\fR +option. +For policy plugins such as +\fBsudoers\fR +that +cache authentication credentials, this function will invalidate the +credentials. +If the +\fIremove\fR +flag is set, the plugin may remove +the credentials instead of simply invalidating them. +.sp +The +\fBinvalidate\fR() +function should be +\fRNULL\fR +if the plugin does not support credential caching. +.RE +.TP 6n +init_session +.nf +.RS 6n +int (*init_session)(struct passwd *pwd, char **user_env_out[]); +.RE +.fi +.RS 6n +.sp +The +\fBinit_session\fR() +function is called before +\fBsudo\fR +sets up the +execution environment for the command. +It is run in the parent +\fBsudo\fR +process and before any user-ID or group-ID changes. +This can be used to perform session setup that is not supported by +\fIcommand_info\fR, +such as opening the PAM session. +The +\fBclose\fR() +function can be +used to tear down the session that was opened by +\fRinit_session\fR. +.sp +The +\fIpwd\fR +argument points to a passwd struct for the user the +command will be run as if the user-ID the command will run as was found +in the password database, otherwise it will be +\fRNULL\fR. +.sp +The +\fIuser_env_out\fR +argument points to the environment the command will +run in, in the form of a +\fRNULL\fR-terminated +vector of +\(lqname=value\(rq +strings. +This is the same string passed back to the front-end via +the Policy Plugin's +\fIuser_env_out\fR +parameter. +If the +\fBinit_session\fR() +function needs to modify the user environment, it should update the +pointer stored in +\fIuser_env_out\fR. +The expected use case is to merge the contents of the PAM environment +(if any) with the contents of +\fIuser_env_out\fR. +NOTE: the +\fIuser_env_out\fR +parameter is only available +starting with API version 1.2. +A plugin +\fBmust\fR +check the API +version specified by the +\fBsudo\fR +front-end before using +\fIuser_env_out\fR. +Failure to do so may result in a crash. +.sp +Returns 1 on success, 0 on failure, and \-1 on error. +On error, the plugin may optionally call the +\fBconversation\fR() +or +\fBplugin_printf\fR() +function with +\fRSUDO_CONF_ERROR_MSG\fR +to present additional +error information to the user. +.RE +.TP 6n +register_hooks +.nf +.RS 6n +void (*register_hooks)(int version, + int (*register_hook)(struct sudo_hook *hook)); +.RE +.fi +.RS 6n +.sp +The +\fBregister_hooks\fR() +function is called by the sudo front-end to +register any hooks the plugin needs. +If the plugin does not support hooks, +\fRregister_hooks\fR +should be set to the +\fRNULL\fR +pointer. +.sp +The +\fIversion\fR +argument describes the version of the hooks API +supported by the +\fBsudo\fR +front-end. +.sp +The +\fBregister_hook\fR() +function should be used to register any supported +hooks the plugin needs. +It returns 0 on success, 1 if the hook type is not supported, and \-1 +if the major version in +\fRstruct hook\fR +does not match the front-end's major hook API version. +.sp +See the +\fIHook function API\fR +section below for more information +about hooks. +.sp +NOTE: the +\fBregister_hooks\fR() +function is only available starting +with API version 1.2. +If the +\fBsudo\fR +front-end doesn't support API +version 1.2 or higher, +\fRregister_hooks\fR +will not be called. +.RE +.TP 6n +deregister_hooks +.nf +.RS 6n +void (*deregister_hooks)(int version, + int (*deregister_hook)(struct sudo_hook *hook)); +.RE +.fi +.RS 6n +.sp +The +\fBderegister_hooks\fR() +function is called by the sudo front-end +to deregister any hooks the plugin has registered. +If the plugin does not support hooks, +\fRderegister_hooks\fR +should be set to the +\fRNULL\fR +pointer. +.sp +The +\fIversion\fR +argument describes the version of the hooks API +supported by the +\fBsudo\fR +front-end. +.sp +The +\fBderegister_hook\fR() +function should be used to deregister any +hooks that were put in place by the +\fBregister_hook\fR() +function. +If the plugin tries to deregister a hook that the front-end does not support, +\fRderegister_hook\fR +will return an error. +.sp +See the +\fIHook function API\fR +section below for more information +about hooks. +.sp +NOTE: the +\fBderegister_hooks\fR() +function is only available starting +with API version 1.2. +If the +\fBsudo\fR +front-end doesn't support API +version 1.2 or higher, +\fRderegister_hooks\fR +will not be called. +.RE +.TP 6n +event_alloc +.nf +.RS 6n +struct sudo_plugin_event * (*event_alloc)(void); +.RE +.fi +.RS 6n +.sp +The +\fBevent_alloc\fR() +function is used to allocate a +\fRstruct sudo_plugin_event\fR +which provides access to the main +\fBsudo\fR +event loop. +Unlike the other fields, the +\fBevent_alloc\fR() +pointer is filled in by the +\fBsudo\fR +front-end, not by the plugin. +.sp +See the +\fIEvent API\fR +section below for more information +about events. +.sp +NOTE: the +\fBevent_alloc\fR() +function is only available starting +with API version 1.15. +If the +\fBsudo\fR +front-end doesn't support API +version 1.15 or higher, +\fBevent_alloc\fR() +will not be set. +.RE +.TP 6n +errstr +If the +\fBinit_session\fR() +function returns a value other than 1, the plugin may +store a message describing the failure or error in +\fIerrstr\fR. +The +\fBsudo\fR +front-end will then pass this value to any registered audit plugins. +The string stored in +\fIerrstr\fR +must remain valid until the plugin's +\fBclose\fR() +function is called. +.sp +NOTE: the +\fIerrstr\fR +parameter is only available starting with +API version 1.15. +A plugin +\fBmust\fR +check the API version specified by the +\fBsudo\fR +front-end before using +\fIerrstr\fR. +Failure to do so may result in a crash. +.PP +\fIPolicy Plugin Version Macros\fR +.nf +.sp +.RS 0n +/* Plugin API version major/minor. */ +#define SUDO_API_VERSION_MAJOR 1 +#define SUDO_API_VERSION_MINOR 13 +#define SUDO_API_MKVERSION(x, y) ((x << 16) | y) +#define SUDO_API_VERSION SUDO_API_MKVERSION(SUDO_API_VERSION_MAJOR,\e + SUDO_API_VERSION_MINOR) + +/* Getters and setters for API version */ +#define SUDO_API_VERSION_GET_MAJOR(v) ((v) >> 16) +#define SUDO_API_VERSION_GET_MINOR(v) ((v) & 0xffff) +#define SUDO_API_VERSION_SET_MAJOR(vp, n) do { \e + *(vp) = (*(vp) & 0x0000ffff) | ((n) << 16); \e +} while(0) +#define SUDO_API_VERSION_SET_MINOR(vp, n) do { \e + *(vp) = (*(vp) & 0xffff0000) | (n); \e +} while(0) +.RE +.fi +.SS "I/O plugin API" +.nf +.RS 0n +struct io_plugin { +#define SUDO_IO_PLUGIN 2 + unsigned int type; /* always SUDO_IO_PLUGIN */ + unsigned int version; /* always SUDO_API_VERSION */ + int (*open)(unsigned int version, sudo_conv_t conversation, + sudo_printf_t plugin_printf, char * const settings[], + char * const user_info[], char * const command_info[], + int argc, char * const argv[], char * const user_env[], + char * const plugin_options[], const char **errstr); + void (*close)(int exit_status, int error); /* wait status or error */ + int (*show_version)(int verbose); + int (*log_ttyin)(const char *buf, unsigned int len, + const char **errstr); + int (*log_ttyout)(const char *buf, unsigned int len, + const char **errstr); + int (*log_stdin)(const char *buf, unsigned int len, + const char **errstr); + int (*log_stdout)(const char *buf, unsigned int len, + const char **errstr); + int (*log_stderr)(const char *buf, unsigned int len, + const char **errstr); + void (*register_hooks)(int version, + int (*register_hook)(struct sudo_hook *hook)); + void (*deregister_hooks)(int version, + int (*deregister_hook)(struct sudo_hook *hook)); + int (*change_winsize)(unsigned int lines, unsigned int cols, + const char **errstr); + int (*log_suspend)(int signo, const char **errstr); + struct sudo_plugin_event * (*event_alloc)(void); +}; +.RE +.fi +.PP +When an I/O plugin is loaded, +\fBsudo\fR +runs the command in a pseudo-terminal. +This makes it possible to log the input and output from the user's +session. +If any of the standard input, standard output, or standard error do not +correspond to a tty, +\fBsudo\fR +will open a pipe to capture +the I/O for logging before passing it on. +.PP +The log_ttyin function receives the raw user input from the terminal +device (note that this will include input even when echo is disabled, +such as when a password is read). +The log_ttyout function receives output from the pseudo-terminal that is +suitable for replaying the user's session at a later time. +The +\fBlog_stdin\fR(), +\fBlog_stdout\fR(), +and +\fBlog_stderr\fR() +functions are only called if the standard input, standard output, +or standard error respectively correspond to something other than +a tty. +.PP +Any of the logging functions may be set to the +\fRNULL\fR +pointer if no logging is to be performed. +If the open function returns 0, no I/O will be sent to the plugin. +.PP +If a logging function returns an error +(\-1), +the running command will be terminated and all of the plugin's logging +functions will be disabled. +Other I/O logging plugins will still receive any remaining +input or output that has not yet been processed. +.PP +If an input logging function rejects the data by returning 0, the +command will be terminated and the data will not be passed to the +command, though it will still be sent to any other I/O logging plugins. +If an output logging function rejects the data by returning 0, the +command will be terminated and the data will not be written to the +terminal, though it will still be sent to any other I/O logging plugins. +.PP +The audit_plugin struct has the following fields: +.TP 6n +type +The +\fRtype\fR +field should always be set to +\fRSUDO_IO_PLUGIN\fR. +.TP 6n +version +The +\fRversion\fR +field should be set to +\fRSUDO_API_VERSION\fR. +.sp +This allows +\fBsudo\fR +to determine the API version the plugin was +built against. +.TP 6n +open +.nf +.RS 6n +int (*open)(unsigned int version, sudo_conv_t conversation, + sudo_printf_t plugin_printf, char * const settings[], + char * const user_info[], char * const command_info[], + int argc, char * const argv[], char * const user_env[], + char * const plugin_options[]); +.RE +.fi +.RS 6n +.sp +The +\fBopen\fR() +function is run before the +\fBlog_ttyin\fR(), +\fBlog_ttyout\fR(), +\fBlog_stdin\fR(), +\fBlog_stdout\fR(), +\fBlog_stderr\fR(), +\fBlog_suspend\fR(), +\fBchange_winsize\fR(), +or +\fBshow_version\fR() +functions are called. +It is only called if the version is being requested or if the +policy plugin's +\fBcheck_policy\fR() +function has returned successfully. +It returns 1 on success, 0 on failure, \-1 if a general error occurred, +or \-2 if there was a usage error. +In the latter case, +\fBsudo\fR +will print a usage message before it exits. +If an error occurs, the plugin may optionally call the +\fBconversation\fR() +or +\fBplugin_printf\fR() +function with +\fRSUDO_CONF_ERROR_MSG\fR +to present additional error information to the user. +.sp +The function arguments are as follows: +.TP 6n +version +The version passed in by +\fBsudo\fR +allows the plugin to determine the +major and minor version number of the plugin API supported by +\fBsudo\fR. +.TP 6n +conversation +A pointer to the +\fBconversation\fR() +function that may be used by the +\fBshow_version\fR() +function to display version information (see +\fBshow_version\fR() +below). +The +\fBconversation\fR() +function may also be used to display additional error message to the user. +The +\fBconversation\fR() +function returns 0 on success and \-1 on failure. +.TP 6n +plugin_printf +A pointer to a +\fBprintf\fR()-style +function that may be used by the +\fBshow_version\fR() +function to display version information (see +show_version below). +The +\fBplugin_printf\fR() +function may also be used to display additional error message to the user. +The +\fBplugin_printf\fR() +function returns number of characters printed on success and \-1 on failure. +.TP 6n +settings +A vector of user-supplied +\fBsudo\fR +settings in the form of +\(lqname=value\(rq +strings. +The vector is terminated by a +\fRNULL\fR +pointer. +These settings correspond to options the user specified when running +\fBsudo\fR. +As such, they will only be present when the corresponding option has +been specified on the command line. +.sp +When parsing +\fIsettings\fR, +the plugin should split on the +\fBfirst\fR +equal sign +(\(oq=\(cq) +since the +\fIname\fR +field will never include one +itself but the +\fIvalue\fR +might. +.sp +See the +\fIPolicy plugin API\fR +section for a list of all possible settings. +.TP 6n +user_info +A vector of information about the user running the command in the form of +\(lqname=value\(rq +strings. +The vector is terminated by a +\fRNULL\fR +pointer. +.sp +When parsing +\fIuser_info\fR, +the plugin should split on the +\fBfirst\fR +equal sign +(\(oq=\(cq) +since the +\fIname\fR +field will never include one +itself but the +\fIvalue\fR +might. +.sp +See the +\fIPolicy plugin API\fR +section for a list of all possible strings. +.TP 6n +command_info +A vector of information describing the command being run in the form of +\(lqname=value\(rq +strings. +The vector is terminated by a +\fRNULL\fR +pointer. +.sp +When parsing +\fIcommand_info\fR, +the plugin should split on the +\fBfirst\fR +equal sign +(\(oq=\(cq) +since the +\fIname\fR +field will never include one +itself but the +\fIvalue\fR +might. +.sp +See the +\fIPolicy plugin API\fR +section for a list of all possible strings. +.TP 6n +argc +The number of elements in +\fIargv\fR, +not counting the final +\fRNULL\fR +pointer. +It can be zero, when +\fBsudo\fR +is called with +\fB\-V\fR. +.TP 6n +argv +If +non-\fRNULL\fR, +an argument vector describing a command the user +wishes to run in the same form as what would be passed to the +execve(2) +system call. +.TP 6n +user_env +The user's environment in the form of a +\fRNULL\fR-terminated +vector of +\(lqname=value\(rq +strings. +.sp +When parsing +\fIuser_env\fR, +the plugin should split on the +\fBfirst\fR +equal sign +(\(oq=\(cq) +since the +\fIname\fR +field will never include one +itself but the +\fIvalue\fR +might. +.TP 6n +plugin_options +Any (non-comment) strings immediately after the plugin path are +treated as arguments to the plugin. +These arguments are split on a white space boundary and are passed to +the plugin in the form of a +\fRNULL\fR-terminated +array of strings. +If no arguments were specified, +\fIplugin_options\fR +will be the +\fRNULL\fR +pointer. +.sp +NOTE: the +\fIplugin_options\fR +parameter is only available starting with +API version 1.2. +A plugin +\fBmust\fR +check the API version specified +by the +\fBsudo\fR +front-end before using +\fIplugin_options\fR. +Failure to do so may result in a crash. +.TP 6n +errstr +If the +\fBopen\fR() +function returns a value other than 1, the plugin may +store a message describing the failure or error in +\fIerrstr\fR. +The +\fBsudo\fR +front-end will then pass this value to any registered audit plugins. +The string stored in +\fIerrstr\fR +must remain valid until the plugin's +\fBclose\fR() +function is called. +.sp +NOTE: the +\fIerrstr\fR +parameter is only available starting with +API version 1.15. +A plugin +\fBmust\fR +check the API version specified by the +\fBsudo\fR +front-end before using +\fIerrstr\fR. +Failure to do so may result in a crash. +.PD 0 +.PP +.RE +.PD +.TP 6n +close +.br +.nf +.RS 6n +void (*close)(int exit_status, int error); +.RE +.fi +.RS 6n +.sp +The +\fBclose\fR() +function is called when +\fBsudo\fR +is finished, shortly before it exits. +.sp +The function arguments are as follows: +.TP 6n +exit_status +The command's exit status, as returned by the +wait(2) +system call, or zero if no command was run. +The value of +\fRexit_status\fR +is undefined if +\fRerror\fR +is non-zero. +.TP 6n +error +.br +If the command could not be executed, this is set to the value of +\fRerrno\fR +set by the +execve(2) +system call. +If the command was successfully executed, the value of +\fRerror\fR +is zero. +.PD 0 +.PP +.RE +.PD +.TP 6n +show_version +.nf +.RS 6n +int (*show_version)(int verbose); +.RE +.fi +.RS 6n +.sp +The +\fBshow_version\fR() +function is called by +\fBsudo\fR +when the user specifies +the +\fB\-V\fR +option. +The plugin may display its version information to the user via the +\fBconversation\fR() +or +\fBplugin_printf\fR() +function using +\fRSUDO_CONV_INFO_MSG\fR. +.sp +Returns 1 on success, 0 on failure, \-1 if a general error occurred, +or \-2 if there was a usage error, although the return value is currently +ignored. +.RE +.TP 6n +log_ttyin +.nf +.RS 6n +int (*log_ttyin)(const char *buf, unsigned int len, + const char **errstr); +.RE +.fi +.RS 6n +.sp +The +\fBlog_ttyin\fR() +function is called whenever data can be read from +the user but before it is passed to the running command. +This allows the plugin to reject data if it chooses to (for instance +if the input contains banned content). +Returns 1 if the data should be passed to the command, 0 if the data +is rejected (which will terminate the running command), or \-1 if an +error occurred. +.sp +The function arguments are as follows: +.TP 6n +buf +The buffer containing user input. +.TP 6n +len +The length of +\fIbuf\fR +in bytes. +.TP 6n +errstr +If the +\fBlog_ttyin\fR() +function returns a value other than 1, the plugin may +store a message describing the failure or error in +\fIerrstr\fR. +The +\fBsudo\fR +front-end will then pass this value to any registered audit plugins. +The string stored in +\fIerrstr\fR +must remain valid until the plugin's +\fBclose\fR() +function is called. +.sp +NOTE: the +\fIerrstr\fR +parameter is only available starting with +API version 1.15. +A plugin +\fBmust\fR +check the API version specified by the +\fBsudo\fR +front-end before using +\fIerrstr\fR. +Failure to do so may result in a crash. +.PD 0 +.PP +.RE +.PD +.TP 6n +log_ttyout +.nf +.RS 6n +int (*log_ttyout)(const char *buf, unsigned int len, + const char **errstr); +.RE +.fi +.RS 6n +.sp +The +\fBlog_ttyout\fR() +function is called whenever data can be read from +the command but before it is written to the user's terminal. +This allows the plugin to reject data if it chooses to (for instance +if the output contains banned content). +Returns 1 if the data should be passed to the user, 0 if the data is rejected +(which will terminate the running command), or \-1 if an error occurred. +.sp +The function arguments are as follows: +.TP 6n +buf +The buffer containing command output. +.TP 6n +len +The length of +\fIbuf\fR +in bytes. +.TP 6n +errstr +If the +\fBlog_ttyout\fR() +function returns a value other than 1, the plugin may +store a message describing the failure or error in +\fIerrstr\fR. +The +\fBsudo\fR +front-end will then pass this value to any registered audit plugins. +The string stored in +\fIerrstr\fR +must remain valid until the plugin's +\fBclose\fR() +function is called. +.sp +NOTE: the +\fIerrstr\fR +parameter is only available starting with +API version 1.15. +A plugin +\fBmust\fR +check the API version specified by the +\fBsudo\fR +front-end before using +\fIerrstr\fR. +Failure to do so may result in a crash. +.PD 0 +.PP +.RE +.PD +.TP 6n +log_stdin +.nf +.RS 6n +int (*log_stdin)(const char *buf, unsigned int len, + const char **errstr); +.RE +.fi +.RS 6n +.sp +The +\fBlog_stdin\fR() +function is only used if the standard input does +not correspond to a tty device. +It is called whenever data can be read from the standard input but +before it is passed to the running command. +This allows the plugin to reject data if it chooses to +(for instance if the input contains banned content). +Returns 1 if the data should be passed to the command, 0 if the +data is rejected (which will terminate the running command), or \-1 +if an error occurred. +.sp +The function arguments are as follows: +.TP 6n +buf +The buffer containing user input. +.TP 6n +len +The length of +\fIbuf\fR +in bytes. +.TP 6n +errstr +If the +\fBlog_stdin\fR() +function returns a value other than 1, the plugin may +store a message describing the failure or error in +\fIerrstr\fR. +The +\fBsudo\fR +front-end will then pass this value to any registered audit plugins. +The string stored in +\fIerrstr\fR +must remain valid until the plugin's +\fBclose\fR() +function is called. +.sp +NOTE: the +\fIerrstr\fR +parameter is only available starting with +API version 1.15. +A plugin +\fBmust\fR +check the API version specified by the +\fBsudo\fR +front-end before using +\fIerrstr\fR. +Failure to do so may result in a crash. +.PD 0 +.PP +.RE +.PD +.TP 6n +log_stdout +.nf +.RS 6n +int (*log_stdout)(const char *buf, unsigned int len, + const char **errstr); +.RE +.fi +.RS 6n +.sp +The +\fBlog_stdout\fR() +function is only used if the standard output does not correspond +to a tty device. +It is called whenever data can be read from the command but before +it is written to the standard output. +This allows the plugin to reject data if it chooses to +(for instance if the output contains banned content). +Returns 1 if the data should be passed to the user, 0 if the data +is rejected (which will terminate the running command), or \-1 if +an error occurred. +.sp +The function arguments are as follows: +.TP 6n +buf +The buffer containing command output. +.TP 6n +len +The length of +\fIbuf\fR +in bytes. +.TP 6n +errstr +If the +\fBlog_stdout\fR() +function returns a value other than 1, the plugin may +store a message describing the failure or error in +\fIerrstr\fR. +The +\fBsudo\fR +front-end will then pass this value to any registered audit plugins. +The string stored in +\fIerrstr\fR +must remain valid until the plugin's +\fBclose\fR() +function is called. +.sp +NOTE: the +\fIerrstr\fR +parameter is only available starting with +API version 1.15. +A plugin +\fBmust\fR +check the API version specified by the +\fBsudo\fR +front-end before using +\fIerrstr\fR. +Failure to do so may result in a crash. +.PD 0 +.PP +.RE +.PD +.TP 6n +log_stderr +.nf +.RS 6n +int (*log_stderr)(const char *buf, unsigned int len, + const char **errstr); +.RE +.fi +.RS 6n +.sp +The +\fBlog_stderr\fR() +function is only used if the standard error does +not correspond to a tty device. +It is called whenever data can be read from the command but before it +is written to the standard error. +This allows the plugin to reject data if it chooses to +(for instance if the output contains banned content). +Returns 1 if the data should be passed to the user, 0 if the data +is rejected (which will terminate the running command), or \-1 if +an error occurred. +.sp +The function arguments are as follows: +.TP 6n +buf +The buffer containing command output. +.TP 6n +len +The length of +\fIbuf\fR +in bytes. +.TP 6n +errstr +If the +\fBlog_stderr\fR() +function returns a value other than 1, the plugin may +store a message describing the failure or error in +\fIerrstr\fR. +The +\fBsudo\fR +front-end will then pass this value to any registered audit plugins. +The string stored in +\fIerrstr\fR +must remain valid until the plugin's +\fBclose\fR() +function is called. +.sp +NOTE: the +\fIerrstr\fR +parameter is only available starting with +API version 1.15. +A plugin +\fBmust\fR +check the API version specified by the +\fBsudo\fR +front-end before using +\fIerrstr\fR. +Failure to do so may result in a crash. +.PD 0 +.PP +.RE +.PD +.TP 6n +register_hooks +See the +\fIPolicy plugin API\fR +section for a description of +\fRregister_hooks\fR. +.TP 6n +deregister_hooks +See the +\fIPolicy plugin API\fR +section for a description of +\fRderegister_hooks\fR. +.TP 6n +change_winsize +.nf +.RS 6n +int (*change_winsize)(unsigned int lines, unsigned int cols, + const char **errstr); +.RE +.fi +.RS 6n +.sp +The +\fBchange_winsize\fR() +function is called whenever the window size of the terminal changes from +the initial values specified in the +\fRuser_info\fR +list. +Returns \-1 if an error occurred, in which case no further calls to +\fBchange_winsize\fR() +will be made, +.sp +The function arguments are as follows: +.TP 6n +lines +.br +The number of lines (rows) in the re-sized terminal. +.TP 6n +cols +The number of columns in the re-sized terminal. +.TP 6n +errstr +If the +\fBchange_winsize\fR() +function returns a value other than 1, the plugin may +store a message describing the failure or error in +\fIerrstr\fR. +The +\fBsudo\fR +front-end will then pass this value to any registered audit plugins. +The string stored in +\fIerrstr\fR +must remain valid until the plugin's +\fBclose\fR() +function is called. +.sp +NOTE: the +\fIerrstr\fR +parameter is only available starting with +API version 1.15. +A plugin +\fBmust\fR +check the API version specified by the +\fBsudo\fR +front-end before using +\fIerrstr\fR. +Failure to do so may result in a crash. +.PD 0 +.PP +.RE +.PD +.TP 6n +log_suspend +.nf +.RS 6n +int (*log_suspend)(int signo, const char **errstr); +.RE +.fi +.RS 6n +.sp +The +\fBlog_suspend\fR() +function is called whenever a command is suspended or resumed. +Logging this information makes it possible to skip the period of time when +the command was suspended during playback of a session. +Returns \-1 if an error occurred, in which case no further calls to +\fBlog_suspend\fR() +will be made, +.sp +The function arguments are as follows: +.TP 6n +signo +.br +The signal that caused the command to be suspended, or +\fRSIGCONT\fR +if the command was resumed. +.TP 6n +errstr +If the +\fBlog_suspend\fR() +function returns a value other than 1, the plugin may +store a message describing the failure or error in +\fIerrstr\fR. +The +\fBsudo\fR +front-end will then pass this value to any registered audit plugins. +The string stored in +\fIerrstr\fR +must remain valid until the plugin's +\fBclose\fR() +function is called. +.sp +NOTE: the +\fIerrstr\fR +parameter is only available starting with +API version 1.15. +A plugin +\fBmust\fR +check the API version specified by the +\fBsudo\fR +front-end before using +\fIerrstr\fR. +Failure to do so may result in a crash. +.TP 6n +event_alloc +.nf +.RS 6n +struct sudo_plugin_event * (*event_alloc)(void); +.RE +.fi +.RS 6n +.sp +The +\fBevent_alloc\fR() +function is used to allocate a +\fRstruct sudo_plugin_event\fR +which provides access to the main +\fBsudo\fR +event loop. +Unlike the other fields, the +\fBevent_alloc\fR() +pointer is filled in by the +\fBsudo\fR +front-end, not by the plugin. +.sp +See the +\fIEvent API\fR +section below for more information +about events. +.sp +NOTE: the +\fBevent_alloc\fR() +function is only available starting +with API version 1.15. +If the +\fBsudo\fR +front-end doesn't support API +version 1.15 or higher, +\fBevent_alloc\fR() +will not be set. +.RE +.PP +\fII/O Plugin Version Macros\fR +.sp +Same as for the +\fIPolicy plugin API\fR. +.RE +.SS "Audit plugin API" +.nf +.RS 0n +/* Audit plugin close function status types. */ +#define SUDO_PLUGIN_NO_STATUS 0 +#define SUDO_PLUGIN_WAIT_STATUS 1 +#define SUDO_PLUGIN_EXEC_ERROR 2 +#define SUDO_PLUGIN_SUDO_ERROR 3 + +#define SUDO_AUDIT_PLUGIN 3 +struct audit_plugin { + unsigned int type; /* always SUDO_AUDIT_PLUGIN */ + unsigned int version; /* always SUDO_API_VERSION */ + int (*open)(unsigned int version, sudo_conv_t conversation, + sudo_printf_t sudo_printf, char * const settings[], + char * const user_info[], int submit_optind, + char * const submit_argv[], char * const submit_envp[], + char * const plugin_options[], const char **errstr); + void (*close)(int status_type, int status); + int (*accept)(const char *plugin_name, + unsigned int plugin_type, char * const command_info[], + char * const run_argv[], char * const run_envp[], + const char **errstr); + int (*reject)(const char *plugin_name, unsigned int plugin_type, + const char *audit_msg, char * const command_info[], + const char **errstr); + int (*error)(const char *plugin_name, unsigned int plugin_type, + const char *audit_msg, char * const command_info[], + const char **errstr); + int (*show_version)(int verbose); + void (*register_hooks)(int version, + int (*register_hook)(struct sudo_hook *hook)); + void (*deregister_hooks)(int version, + int (*deregister_hook)(struct sudo_hook *hook)); + struct sudo_plugin_event * (*event_alloc)(void); +} +.RE +.fi +.PP +An audit plugin can be used to log successful and unsuccessful attempts +to run +\fBsudo\fR +independent of the policy or any I/O plugins. +Multiple audit plugins may be specified in +sudo.conf(@mansectform@). +.PP +The audit_plugin struct has the following fields: +.TP 6n +type +The +\fRtype\fR +field should always be set to +\fRSUDO_AUDIT_PLUGIN\fR. +.TP 6n +version +The +\fRversion\fR +field should be set to +\fRSUDO_API_VERSION\fR. +.sp +This allows +\fBsudo\fR +to determine the API version the plugin was +built against. +.TP 6n +open +.nf +.RS 6n +int (*open)(unsigned int version, sudo_conv_t conversation, + sudo_printf_t sudo_printf, char * const settings[], + char * const user_info[], int submit_optind, + char * const submit_argv[], char * const submit_envp[], + char * const plugin_options[], const char **errstr); +.RE +.fi +.RS 6n +.sp +The audit +\fBopen\fR() +function is run before any other +\fBsudo\fR +plugin API functions. +This makes it possible to audit failures in the other plugins. +It returns 1 on success, 0 on failure, \-1 if a general error occurred, +or \-2 if there was a usage error. +In the latter case, +\fBsudo\fR +will print a usage message before it exits. +If an error occurs, the plugin may optionally call the +\fBconversation\fR() +or +\fBplugin_printf\fR() +function with +\fRSUDO_CONF_ERROR_MSG\fR +to present additional error information to the user. +.sp +The function arguments are as follows: +.TP 6n +version +The version passed in by +\fBsudo\fR +allows the plugin to determine the +major and minor version number of the plugin API supported by +\fBsudo\fR. +.TP 6n +conversation +A pointer to the +\fBconversation\fR() +function that may be used by the +\fBshow_version\fR() +function to display version information (see +\fBshow_version\fR() +below). +The +\fBconversation\fR() +function may also be used to display additional error message to the user. +The +\fBconversation\fR() +function returns 0 on success, and \-1 on failure. +.TP 6n +plugin_printf +A pointer to a +\fBprintf\fR()-style +function that may be used by the +\fBshow_version\fR() +function to display version information (see +show_version below). +The +\fBplugin_printf\fR() +function may also be used to display additional error message to the user. +The +\fBplugin_printf\fR() +function returns number of characters printed on success and \-1 on failure. +.TP 6n +settings +A vector of user-supplied +\fBsudo\fR +settings in the form of +\(lqname=value\(rq +strings. +The vector is terminated by a +\fRNULL\fR +pointer. +These settings correspond to options the user specified when running +\fBsudo\fR. +As such, they will only be present when the corresponding option has +been specified on the command line. +.sp +When parsing +\fIsettings\fR, +the plugin should split on the +\fBfirst\fR +equal sign +(\(oq=\(cq) +since the +\fIname\fR +field will never include one +itself but the +\fIvalue\fR +might. +.sp +See the +\fIPolicy plugin API\fR +section for a list of all possible settings. +.TP 6n +user_info +A vector of information about the user running the command in the form of +\(lqname=value\(rq +strings. +The vector is terminated by a +\fRNULL\fR +pointer. +.sp +When parsing +\fIuser_info\fR, +the plugin should split on the +\fBfirst\fR +equal sign +(\(oq=\(cq) +since the +\fIname\fR +field will never include one +itself but the +\fIvalue\fR +might. +.sp +See the +\fIPolicy plugin API\fR +section for a list of all possible strings. +.TP 6n +submit_optind +The index into +\fIsubmit_argv\fR +that corresponds to the first entry that is not a command line option. +If +\fIsubmit_argv\fR +only consists of options, which may be the case with the +\fB\-l\fR +or +\fB\-v\fR +options, +\fRsubmit_argv[submit_optind]\fR +will evaluate to the NULL pointer. +.TP 6n +submit_argv +The argument vector +\fBsudo\fR +was invoked with, including all command line options. +The +\fIsubmit_optind\fR +argument can be used to determine the end of the command line options. +.TP 6n +submit_envp +The invoking user's environment in the form of a +\fRNULL\fR-terminated +vector of +\(lqname=value\(rq +strings. +.sp +When parsing +\fIsubmit_envp\fR, +the plugin should split on the +\fBfirst\fR +equal sign +(\(oq=\(cq) +since the +\fIname\fR +field will never include one +itself but the +\fIvalue\fR +might. +.TP 6n +plugin_options +Any (non-comment) strings immediately after the plugin path are +treated as arguments to the plugin. +These arguments are split on a white space boundary and are passed to +the plugin in the form of a +\fRNULL\fR-terminated +array of strings. +If no arguments were specified, +\fIplugin_options\fR +will be the +\fRNULL\fR +pointer. +.TP 6n +errstr +If the +\fBopen\fR() +function returns a value other than 1, the plugin may +store a message describing the failure or error in +\fIerrstr\fR. +The +\fBsudo\fR +front-end will then pass this value to any registered audit plugins. +The string stored in +\fIerrstr\fR +must remain valid until the plugin's +\fBclose\fR() +function is called. +.PD 0 +.PP +.RE +.PD +.TP 6n +close +.br +.nf +.RS 6n +void (*close)(int status_type, int status); +.RE +.fi +.RS 6n +.sp +The +\fBclose\fR() +function is called when +\fBsudo\fR +is finished, shortly before it exits. +.sp +The function arguments are as follows: +.TP 6n +status_type +The type of status being passed. +One of +\fRSUDO_PLUGIN_NO_STATUS\fR, +\fRSUDO_PLUGIN_WAIT_STATUS\fR, +\fRSUDO_PLUGIN_EXEC_ERROR\fR +or +\fRSUDO_PLUGIN_SUDO_ERROR\fR. +.TP 6n +status +Depending on the value of +\fIstatus_type\fR, +this value is either +ignored, the command's exit status as returned by the +wait(2) +system call, the value of +\fRerrno\fR +set by the +execve(2) +system call, or the value of +\fRerrno\fR +resulting from an error in the +\fBsudo\fR +front-end. +.PD 0 +.PP +.RE +.PD +.TP 6n +accept +.nf +.RS 6n +int (*accept)(const char *plugin_name, unsigned int plugin_type, + char * const command_info[], char * const run_argv[], + char * const run_envp[], const char **errstr); +.RE +.fi +.RS 6n +.sp +The +\fBaccept\fR() +function is called when a command or action is accepted by a policy +or approval plugin. +The function arguments are as follows: +.TP 6n +plugin_name +The name of the plugin that accepted the command or +\(lqsudo\(rq +for the +\fBsudo\fR +front-end. +.TP 6n +plugin_type +The type of plugin that accepted the command, currently either +\fRSUDO_POLICY_PLUGIN\fR, +\fRSUDO_POLICY_APPROVAL\fR, +or +\fRSUDO_FRONT_END\fR. +The +\fBaccept\fR() +function is called multiple times--once for each policy or approval +plugin that succeeds and once for the sudo front-end. +When called on behalf of the sudo front-end, +\fIcommand_info\fR +may include information from an I/O logging plugin as well. +.sp +Typically, an audit plugin is interested in either the accept status from +the +\fBsudo\fR +front-end or from the various policy and approval plugins, but not both. +It is possible for the policy plugin to accept a command that is +later rejected by an approval plugin, in which case the audit +plugin's +\fBaccept\fR() +and +\fBreject\fR() +functions will +\fIboth\fR +be called. +.TP 6n +command_info +An optional +vector of information describing the command being run in the form of +\(lqname=value\(rq +strings. +The vector is terminated by a +\fRNULL\fR +pointer. +.sp +When parsing +\fIcommand_info\fR, +the plugin should split on the +\fBfirst\fR +equal sign +(\(oq=\(cq) +since the +\fIname\fR +field will never include one +itself but the +\fIvalue\fR +might. +.sp +See the +\fIPolicy plugin API\fR +section for a list of all possible strings. +.TP 6n +run_argv +A +\fRNULL\fR-terminated +argument vector describing a command that will be run in the +same form as what would be passed to the +execve(2) +system call. +.TP 6n +run_envp +The environment the command will be run with in the form of a +\fRNULL\fR-terminated +vector of +\(lqname=value\(rq +strings. +.sp +When parsing +\fIrun_envp\fR, +the plugin should split on the +\fBfirst\fR +equal sign +(\(oq=\(cq) +since the +\fIname\fR +field will never include one +itself but the +\fIvalue\fR +might. +.TP 6n +errstr +If the +\fBaccept\fR() +function returns a value other than 1, the plugin may +store a message describing the failure or error in +\fIerrstr\fR. +The +\fBsudo\fR +front-end will then pass this value to any registered audit plugins. +The string stored in +\fIerrstr\fR +must remain valid until the plugin's +\fBclose\fR() +function is called. +.PD 0 +.PP +.RE +.PD +.TP 6n +reject +.nf +.RS 6n +int (*reject)(const char *plugin_name, unsigned int plugin_type, + const char *audit_msg, char * const command_info[], + const char **errstr); +.RE +.fi +.RS 6n +.sp +The +\fBreject\fR() +function is called when a command or action is rejected by a plugin. +The function arguments are as follows: +.TP 6n +plugin_name +The name of the plugin that rejected the command. +.TP 6n +plugin_type +The type of plugin that rejected the command, currently either +\fRSUDO_POLICY_PLUGIN\fR, +\fRSUDO_APPROVAL_PLUGIN\fR, +or +\fRSUDO_IO_PLUGIN\fR. +.sp +Unlike the +\fBaccept\fR() +function, the +\fBreject\fR() +function is not called on behalf of the +\fBsudo\fR +front-end. +.TP 6n +audit_msg +An optional string describing the reason the command was rejected +by the plugin. +If the plugin did not provide a reason, +\fIaudit_msg\fR +will be the +\fRNULL\fR +pointer. +.TP 6n +command_info +An optional +vector of information describing the command being run in the form of +\(lqname=value\(rq +strings. +The vector is terminated by a +\fRNULL\fR +pointer. +.sp +When parsing +\fIcommand_info\fR, +the plugin should split on the +\fBfirst\fR +equal sign +(\(oq=\(cq) +since the +\fIname\fR +field will never include one +itself but the +\fIvalue\fR +might. +.sp +See the +\fIPolicy plugin API\fR +section for a list of all possible strings. +.TP 6n +errstr +If the +\fBreject\fR() +function returns a value other than 1, the plugin may +store a message describing the failure or error in +\fIerrstr\fR. +The +\fBsudo\fR +front-end will then pass this value to any registered audit plugins. +The string stored in +\fIerrstr\fR +must remain valid until the plugin's +\fBclose\fR() +function is called. +.PD 0 +.PP +.RE +.PD +.TP 6n +error +.br +.nf +.RS 6n +int (*error)(const char *plugin_name, unsigned int plugin_type, + const char *audit_msg, char * const command_info[], + const char **errstr); +.RE +.fi +.RS 6n +.sp +The +\fBerror\fR() +function is called when a plugin or the +\fBsudo\fR +front-end returns an error. +The function arguments are as follows: +.TP 6n +plugin_name +The name of the plugin that generated the error or +\(lqsudo\(rq +for the +\fBsudo\fR +front-end. +.TP 6n +plugin_type +The type of plugin that generated the error, or +\fRSUDO_FRONT_END\fR +for the +\fBsudo\fR +front-end. +.TP 6n +audit_msg +An optional string describing the plugin error. +If the plugin did not provide a description, +\fIaudit_msg\fR +will be the +\fRNULL\fR +pointer. +.TP 6n +command_info +An optional +vector of information describing the command being run in the form of +\(lqname=value\(rq +strings. +The vector is terminated by a +\fRNULL\fR +pointer. +.sp +When parsing +\fIcommand_info\fR, +the plugin should split on the +\fBfirst\fR +equal sign +(\(oq=\(cq) +since the +\fIname\fR +field will never include one +itself but the +\fIvalue\fR +might. +.sp +See the +\fIPolicy plugin API\fR +section for a list of all possible strings. +.TP 6n +errstr +If the +\fBerror\fR() +function returns a value other than 1, the plugin may +store a message describing the failure or error in +\fIerrstr\fR. +The +\fBsudo\fR +front-end will then pass this value to any registered audit plugins. +The string stored in +\fIerrstr\fR +must remain valid until the plugin's +\fBclose\fR() +function is called. +.PD 0 +.PP +.RE +.PD +.TP 6n +show_version +.nf +.RS 6n +int (*show_version)(int verbose); +.RE +.fi +.RS 6n +.sp +The +\fBshow_version\fR() +function is called by +\fBsudo\fR +when the user specifies +the +\fB\-V\fR +option. +The plugin may display its version information to the user via the +\fBconversation\fR() +or +\fBplugin_printf\fR() +function using +\fRSUDO_CONV_INFO_MSG\fR. +If the user requests detailed version information, the verbose flag will be set. +.sp +Returns 1 on success, 0 on failure, \-1 if a general error occurred, +or \-2 if there was a usage error, although the return value is currently +ignored. +.RE +.TP 6n +register_hooks +See the +\fIPolicy plugin API\fR +section for a description of +\fRregister_hooks\fR. +.TP 6n +deregister_hooks +See the +\fIPolicy plugin API\fR +section for a description of +\fRderegister_hooks\fR. +.TP 6n +event_alloc +.nf +.RS 6n +struct sudo_plugin_event * (*event_alloc)(void); +.RE +.fi +.RS 6n +.sp +The +\fBevent_alloc\fR() +function is used to allocate a +\fRstruct sudo_plugin_event\fR +which provides access to the main +\fBsudo\fR +event loop. +Unlike the other fields, the +\fBevent_alloc\fR() +pointer is filled in by the +\fBsudo\fR +front-end, not by the plugin. +.sp +See the +\fIEvent API\fR +section below for more information +about events. +.sp +NOTE: the +\fBevent_alloc\fR() +function is only available starting +with API version 1.17. +If the +\fBsudo\fR +front-end doesn't support API +version 1.17 or higher, +\fBevent_alloc\fR() +will not be set. +.RE +.SS "Approval plugin API" +.nf +.RS 0n +struct approval_plugin { +#define SUDO_APPROVAL_PLUGIN 4 + unsigned int type; /* always SUDO_APPROVAL_PLUGIN */ + unsigned int version; /* always SUDO_API_VERSION */ + int (*open)(unsigned int version, sudo_conv_t conversation, + sudo_printf_t sudo_printf, char * const settings[], + char * const user_info[], int submit_optind, + char * const submit_argv[], char * const submit_envp[], + char * const plugin_options[], const char **errstr); + void (*close)(void); + int (*check)(char * const command_info[], char * const run_argv[], + char * const run_envp[], const char **errstr); + int (*show_version)(int verbose); +}; +.RE +.fi +.PP +An approval plugin can be used to apply extra constraints after a +command has been accepted by the policy plugin. +Unlike the other plugin types, it does not remain open until the command +completes. +The plugin is opened before a call to +\fBcheck\fR() +or +\fBshow_version\fR() +and closed shortly thereafter (audit plugin functions must be called +before the plugin is closed). +Multiple approval plugins may be specified in +sudo.conf(@mansectform@). +.PP +The approval_plugin struct has the following fields: +.TP 6n +type +The +\fRtype\fR +field should always be set to +\fRSUDO_APPROVAL_PLUGIN\fR. +.TP 6n +version +The +\fRversion\fR +field should be set to +\fRSUDO_API_VERSION\fR. +.sp +This allows +\fBsudo\fR +to determine the API version the plugin was +built against. +.TP 6n +open +.nf +.RS 6n +int (*open)(unsigned int version, sudo_conv_t conversation, + sudo_printf_t sudo_printf, char * const settings[], + char * const user_info[], int submit_optind, + char * const submit_argv[], char * const submit_envp[], + char * const plugin_options[], const char **errstr); +.RE +.fi +.RS 6n +.sp +The approval +\fBopen\fR() +function is run immediately before a call to the plugin's +\fBcheck\fR() +or +\fBshow_version\fR() +functions. +It is only called if the version is being requested or if the +policy plugin's +\fBcheck_policy\fR() +function has returned successfully. +It returns 1 on success, 0 on failure, \-1 if a general error occurred, +or \-2 if there was a usage error. +In the latter case, +\fBsudo\fR +will print a usage message before it exits. +If an error occurs, the plugin may optionally call the +\fBconversation\fR() +or +\fBplugin_printf\fR() +function with +\fRSUDO_CONF_ERROR_MSG\fR +to present additional error information to the user. +.sp +The function arguments are as follows: +.TP 6n +version +The version passed in by +\fBsudo\fR +allows the plugin to determine the +major and minor version number of the plugin API supported by +\fBsudo\fR. +.TP 6n +conversation +A pointer to the +\fBconversation\fR() +function that can be used by the plugin to interact with the user (see +\fIConversation API\fR +for details). +Returns 0 on success and \-1 on failure. +.TP 6n +plugin_printf +A pointer to a +\fBprintf\fR()-style +function that may be used to display informational or error messages (see +\fIConversation API\fR +for details). +Returns the number of characters printed on success and \-1 on failure. +.TP 6n +settings +A vector of user-supplied +\fBsudo\fR +settings in the form of +\(lqname=value\(rq +strings. +The vector is terminated by a +\fRNULL\fR +pointer. +These settings correspond to options the user specified when running +\fBsudo\fR. +As such, they will only be present when the corresponding option has +been specified on the command line. +.sp +When parsing +\fIsettings\fR, +the plugin should split on the +\fBfirst\fR +equal sign +(\(oq=\(cq) +since the +\fIname\fR +field will never include one +itself but the +\fIvalue\fR +might. +.sp +See the +\fIPolicy plugin API\fR +section for a list of all possible settings. +.TP 6n +user_info +A vector of information about the user running the command in the form of +\(lqname=value\(rq +strings. +The vector is terminated by a +\fRNULL\fR +pointer. +.sp +When parsing +\fIuser_info\fR, +the plugin should split on the +\fBfirst\fR +equal sign +(\(oq=\(cq) +since the +\fIname\fR +field will never include one +itself but the +\fIvalue\fR +might. +.sp +See the +\fIPolicy plugin API\fR +section for a list of all possible strings. +.TP 6n +submit_optind +The index into +\fIsubmit_argv\fR +that corresponds to the first entry that is not a command line option. +If +\fIsubmit_argv\fR +only consists of options, which may be the case with the +\fB\-l\fR +or +\fB\-v\fR +options, +\fRsubmit_argv[submit_optind]\fR +will evaluate to the NULL pointer. +.TP 6n +submit_argv +The argument vector +\fBsudo\fR +was invoked with, including all command line options. +The +\fIsubmit_optind\fR +argument can be used to determine the end of the command line options. +.TP 6n +submit_envp +The invoking user's environment in the form of a +\fRNULL\fR-terminated +vector of +\(lqname=value\(rq +strings. +.sp +When parsing +\fIsubmit_envp\fR, +the plugin should split on the +\fBfirst\fR +equal sign +(\(oq=\(cq) +since the +\fIname\fR +field will never include one +itself but the +\fIvalue\fR +might. +.TP 6n +plugin_options +Any (non-comment) strings immediately after the plugin path are +treated as arguments to the plugin. +These arguments are split on a white space boundary and are passed to +the plugin in the form of a +\fRNULL\fR-terminated +array of strings. +If no arguments were specified, +\fIplugin_options\fR +will be the +\fRNULL\fR +pointer. +.TP 6n +errstr +If the +\fBopen\fR() +function returns a value other than 1, the plugin may +store a message describing the failure or error in +\fIerrstr\fR. +The +\fBsudo\fR +front-end will then pass this value to any registered audit plugins. +The string stored in +\fIerrstr\fR +must remain valid until the plugin's +\fBclose\fR() +function is called. +.PD 0 +.PP +.RE +.PD +.TP 6n +close +.br +.nf +.RS 6n +void (*close)(void); +.RE +.fi +.RS 6n +.sp +The +\fBclose\fR() +function is called after the approval plugin's +\fBcheck\fR() +or +\fBshow_version\fR() +functions have been called. +It takes no arguments. +The +\fBclose\fR() +function is typically used to perform plugin-specific cleanup, +such as the freeing of memory objects allocated by the plugin. +If the plugin does not need to perform any cleanup, +\fBclose\fR() +may be set to the +\fRNULL\fR +pointer. +.RE +.TP 6n +check +.br +.nf +.RS 6n +int (*check)(char * const command_info[], char * const run_argv[], + char * const run_envp[], const char **errstr); +.RE +.fi +.RS 6n +.sp +The approval +\fBcheck\fR() +function is run after the policy plugin +\fBcheck_policy\fR() +function and before any I/O logging plugins. +If multiple approval plugins are loaded, they must all succeed for +the command to be allowed. +It returns 1 on success, 0 on failure, \-1 if a general error occurred, +or \-2 if there was a usage error. +In the latter case, +\fBsudo\fR +will print a usage message before it exits. +If an error occurs, the plugin may optionally call the +\fBconversation\fR() +or +\fBplugin_printf\fR() +function with +\fRSUDO_CONF_ERROR_MSG\fR +to present additional error information to the user. +.sp +The function arguments are as follows: +.TP 6n +command_info +A vector of information describing the command being run in the form of +\(lqname=value\(rq +strings. +The vector is terminated by a +\fRNULL\fR +pointer. +.sp +When parsing +\fIcommand_info\fR, +the plugin should split on the +\fBfirst\fR +equal sign +(\(oq=\(cq) +since the +\fIname\fR +field will never include one +itself but the +\fIvalue\fR +might. +.sp +See the +\fIPolicy plugin API\fR +section for a list of all possible strings. +.TP 6n +run_argv +A +\fRNULL\fR-terminated +argument vector describing a command that will be run in the +same form as what would be passed to the +execve(2) +system call. +.TP 6n +run_envp +The environment the command will be run with in the form of a +\fRNULL\fR-terminated +vector of +\(lqname=value\(rq +strings. +.sp +When parsing +\fIrun_envp\fR, +the plugin should split on the +\fBfirst\fR +equal sign +(\(oq=\(cq) +since the +\fIname\fR +field will never include one +itself but the +\fIvalue\fR +might. +.TP 6n +errstr +If the +\fBopen\fR() +function returns a value other than 1, the plugin may +store a message describing the failure or error in +\fIerrstr\fR. +The +\fBsudo\fR +front-end will then pass this value to any registered audit plugins. +The string stored in +\fIerrstr\fR +must remain valid until the plugin's +\fBclose\fR() +function is called. +.PD 0 +.PP +.RE +.PD +.TP 6n +show_version +.nf +.RS 6n +int (*show_version)(int verbose); +.RE +.fi +.RS 6n +.sp +The +\fBshow_version\fR() +function is called by +\fBsudo\fR +when the user specifies +the +\fB\-V\fR +option. +The plugin may display its version information to the user via the +\fBconversation\fR() +or +\fBplugin_printf\fR() +function using +\fRSUDO_CONV_INFO_MSG\fR. +If the user requests detailed version information, the verbose flag will be set. +.sp +Returns 1 on success, 0 on failure, \-1 if a general error occurred, +or \-2 if there was a usage error, although the return value is currently +ignored. +.RE +.SS "Signal handlers" +The +\fBsudo\fR +front-end installs default signal handlers to trap common signals +while the plugin functions are run. +The following signals are trapped by default before the command is +executed: +.TP 3n +\fB\(bu\fR +\fRSIGALRM\fR +.PD 0 +.TP 3n +\fB\(bu\fR +\fRSIGHUP\fR +.TP 3n +\fB\(bu\fR +\fRSIGINT\fR +.TP 3n +\fB\(bu\fR +\fRSIGPIPE\fR +.TP 3n +\fB\(bu\fR +\fRSIGQUIT\fR +.TP 3n +\fB\(bu\fR +\fRSIGTERM\fR +.TP 3n +\fB\(bu\fR +\fRSIGTSTP\fR +.TP 3n +\fB\(bu\fR +\fRSIGUSR1\fR +.TP 3n +\fB\(bu\fR +\fRSIGUSR2\fR +.PD +.PP +If a fatal signal is received before the command is executed, +\fBsudo\fR +will call the plugin's +\fBclose\fR() +function with an exit status of 128 plus the value of the signal +that was received. +This allows for consistent logging of commands killed by a signal +for plugins that log such information in their +\fBclose\fR() +function. +An exception to this is +\fRSIGPIPE\fR, +which is ignored until the command is executed. +.PP +A plugin may temporarily install its own signal handlers but must +restore the original handler before the plugin function returns. +.SS "Hook function API" +Beginning with plugin API version 1.2, it is possible to install +hooks for certain functions called by the +\fBsudo\fR +front-end. +.PP +Currently, the only supported hooks relate to the handling of +environment variables. +Hooks can be used to intercept attempts to get, set, or remove +environment variables so that these changes can be reflected in +the version of the environment that is used to execute a command. +A future version of the API will support hooking internal +\fBsudo\fR +front-end functions as well. +.PP +\fIHook structure\fR +.PP +Hooks in +\fBsudo\fR +are described by the following structure: +.nf +.sp +.RS 0n +typedef int (*sudo_hook_fn_t)(); + +struct sudo_hook { + unsigned int hook_version; + unsigned int hook_type; + sudo_hook_fn_t hook_fn; + void *closure; +}; +.RE +.fi +.PP +The +\fRsudo_hook\fR +structure has the following fields: +.TP 6n +hook_version +The +\fRhook_version\fR +field should be set to +\fRSUDO_HOOK_VERSION\fR. +.TP 6n +hook_type +The +\fRhook_type\fR +field may be one of the following supported hook types: +.PP +.RS 6n +.PD 0 +.TP 6n +\fRSUDO_HOOK_SETENV\fR +The C library +setenv(3) +function. +Any registered hooks will run before the C library implementation. +The +\fRhook_fn\fR +field should +be a function that matches the following typedef: +.nf +.sp +.RS 6n +typedef int (*sudo_hook_fn_setenv_t)(const char *name, + const char *value, int overwrite, void *closure); +.RE +.fi +.RS 6n +.sp +If the registered hook does not match the typedef the results are +unspecified. +.RE +.PD +.TP 6n +\fRSUDO_HOOK_UNSETENV\fR +The C library +unsetenv(3) +function. +Any registered hooks will run before the C library implementation. +The +\fRhook_fn\fR +field should +be a function that matches the following typedef: +.nf +.sp +.RS 6n +typedef int (*sudo_hook_fn_unsetenv_t)(const char *name, + void *closure); +.RE +.fi +.TP 6n +\fRSUDO_HOOK_GETENV\fR +The C library +getenv(3) +function. +Any registered hooks will run before the C library implementation. +The +\fRhook_fn\fR +field should +be a function that matches the following typedef: +.nf +.sp +.RS 6n +typedef int (*sudo_hook_fn_getenv_t)(const char *name, + char **value, void *closure); +.RE +.fi +.RS 6n +.sp +If the registered hook does not match the typedef the results are +unspecified. +.RE +.TP 6n +\fRSUDO_HOOK_PUTENV\fR +The C library +putenv(3) +function. +Any registered hooks will run before the C library implementation. +The +\fRhook_fn\fR +field should +be a function that matches the following typedef: +.nf +.sp +.RS 6n +typedef int (*sudo_hook_fn_putenv_t)(char *string, + void *closure); +.RE +.fi +.RS 6n +.sp +If the registered hook does not match the typedef the results are +unspecified. +.RE +.PD 0 +.PP +.RE +.PD +.TP 6n +hook_fn +sudo_hook_fn_t hook_fn; +.sp +The +\fRhook_fn\fR +field should be set to the plugin's hook implementation. +The actual function arguments will vary depending on the +\fRhook_type\fR +(see +\fRhook_type\fR +above). +In all cases, the +\fRclosure\fR +field of +\fRstruct sudo_hook\fR +is passed as the last function parameter. +This can be used to pass arbitrary data to the plugin's hook implementation. +.sp +The function return value may be one of the following: +.PP +.RS 6n +.PD 0 +.TP 6n +\fRSUDO_HOOK_RET_ERROR\fR +The hook function encountered an error. +.PD +.TP 6n +\fRSUDO_HOOK_RET_NEXT\fR +The hook completed without error, go on to the next hook (including +the system implementation if applicable). +For example, a +getenv(3) +hook might return +\fRSUDO_HOOK_RET_NEXT\fR +if the specified variable was not found in the private copy of the environment. +.TP 6n +\fRSUDO_HOOK_RET_STOP\fR +The hook completed without error, stop processing hooks for this invocation. +This can be used to replace the system implementation. +For example, a +\fRsetenv\fR +hook that operates on a private copy of +the environment but leaves +\fRenviron\fR +unchanged. +.PD 0 +.PP +.RE +.PD +.PP +Note that it is very easy to create an infinite loop when hooking +C library functions. +For example, a +getenv(3) +hook that calls the +snprintf(3) +function may create a loop if the +snprintf(3) +implementation calls +getenv(3) +to check the locale. +To prevent this, you may wish to use a static variable in the hook +function to guard against nested calls. +For example: +.nf +.sp +.RS 0n +static int in_progress = 0; /* avoid recursion */ +if (in_progress) + return SUDO_HOOK_RET_NEXT; +in_progress = 1; +\&... +in_progress = 0; +return SUDO_HOOK_RET_STOP; +.RE +.fi +.PP +\fIHook API Version Macros\fR +.nf +.sp +.RS 0n +/* Hook API version major/minor */ +#define SUDO_HOOK_VERSION_MAJOR 1 +#define SUDO_HOOK_VERSION_MINOR 0 +#define SUDO_HOOK_VERSION SUDO_API_MKVERSION(SUDO_HOOK_VERSION_MAJOR,\e + SUDO_HOOK_VERSION_MINOR) +.RE +.fi +.PP +For getters and setters see the +\fIPolicy plugin API\fR. +.SS "Event API" +When +\fBsudo\fR +runs a command, it uses an event loop to service signals and I/O. +Events may be triggered based on time, a file or socket descriptor +becoming ready, or due to receipt of a signal. +Starting with API version 1.15, it is possible for a plugin to +participate in this event loop by calling the +\fBevent_alloc\fR() +function. +.PP +\fIEvent structure\fR +.PP +Events are described by the following structure: +.nf +.RS 0n +typedef void (*sudo_plugin_ev_callback_t)(int fd, int what, void *closure); + +struct sudo_plugin_event { + int (*set)(struct sudo_plugin_event *pev, int fd, int events, + sudo_plugin_ev_callback_t callback, void *closure); + int (*add)(struct sudo_plugin_event *pev, struct timespec *timeout); + int (*del)(struct sudo_plugin_event *pev); + int (*pending)(struct sudo_plugin_event *pev, int events, + struct timespec *ts); + int (*fd)(struct sudo_plugin_event *pev); + void (*setbase)(struct sudo_plugin_event *pev, void *base); + void (*loopbreak)(struct sudo_plugin_event *pev); + void (*free)(struct sudo_plugin_event *pev); +}; +.RE +.fi +.PP +The sudo_plugin_event struct contains the following function pointers: +.TP 6n +\fBset\fR() +.br +.nf +.RS 6n +int (*set)(struct sudo_plugin_event *pev, int fd, int events, + sudo_plugin_ev_callback_t callback, void *closure); +.RE +.fi +.RS 6n +.sp +The +\fBset\fR() +function takes the following arguments: +.TP 6n +struct sudo_plugin_event *\fIpev\fR +A pointer to the struct sudo_plugin_event itself. +.TP 6n +\fIfd\fR +The file or socket descriptor for I/O-based events or the signal +number for signal events. +For time-based events, +\fIfd\fR +must be \-1. +.TP 6n +\fIevents\fR +The following values determine what will trigger the event callback: +.PP +.RS 6n +.PD 0 +.TP 6n +SUDO_PLUGIN_EV_TIMEOUT +callback is run after the specified timeout expires +.PD +.TP 6n +SUDO_PLUGIN_EV_READ +callback is run when the file descriptor is readable +.TP 6n +SUDO_PLUGIN_EV_WRITE +callback is run when the file descriptor is writable +.TP 6n +SUDO_PLUGIN_EV_PERSIST +event is persistent and remains enabled until explicitly deleted +.TP 6n +SUDO_PLUGIN_EV_SIGNAL +callback is run when the specified signal is received +.PP +The +\fRSUDO_PLUGIN_EV_PERSIST\fR +flag may be ORed with any of the event types. +It is also possible to OR +\fRSUDO_PLUGIN_EV_READ\fR +and +\fRSUDO_PLUGIN_EV_WRITE\fR +together to run the callback when a descriptor is ready to be +either read from or written to. +All other event values are mutually exclusive. +.RE +.TP 6n +sudo_plugin_ev_callback_t \fIcallback\fR +.nf +.RS 6n +typedef void (*sudo_plugin_ev_callback_t)(int fd, int what, + void *closure); +.RE +.fi +.RS 6n +.sp +The function to call when an event is triggered. +The +\fBcallback\fR() +function is run with the following arguments: +.TP 6n +\fIfd\fR +The file or socket descriptor for I/O-based events or the signal +number for signal events. +.TP 6n +\fIwhat\fR +The event type that triggered that callback. +For events that have multiple event types (for example +\fRSUDO_PLUGIN_EV_READ\fR +and +\fRSUDO_PLUGIN_EV_WRITE\fR) +or have an associated timeout, +\fIwhat\fR +can be used to determine why the callback was run. +.TP 6n +\fIclosure\fR +The generic pointer that was specified in the +\fBset\fR() +function. +.PD 0 +.PP +.RE +.PD +.TP 6n +closure +A generic pointer that will be passed to the callback function. +.PP +The +\fBset\fR() +function returns 1 on success, and \-1 if a error occurred. +.RE +.TP 6n +\fBadd\fR() +.br +.nf +.RS 6n +int (*add)(struct sudo_plugin_event *pev, struct timespec *timeout); +.RE +.fi +.RS 6n +.sp +The +\fBadd\fR() +function adds the event +\fIpev\fR +to +\fBsudo\fR's +event loop. +The event must have previously been initialized via the +\fBset\fR() +function. +If the +\fItimeout\fR +argument is not NULL, it should specify a (relative) timeout after +which the event will be triggered if the main event criteria has +not been met. +This is often used to implement an I/O timeout where the event +will fire if a descriptor is not ready within a certain time +period. +If the event is already present in the event loop, its +\fItimeout\fR +will be adjusted to match the new value, if any. +.sp +The +\fBadd\fR() +function returns 1 on success, and \-1 if a error occurred. +.RE +.TP 6n +\fBdel\fR() +.br +.nf +.RS 6n +int (*del)(struct sudo_plugin_event *pev); +.RE +.fi +.RS 6n +.sp +The +\fBdel\fR() +function deletes the event +\fIpev\fR +from +\fBsudo\fR's +event loop. +Deleted events can be added back via the +\fBadd\fR() +function. +.sp +The +\fBdel\fR() +function returns 1 on success, and \-1 if a error occurred. +.RE +.TP 6n +\fBpending\fR() +.nf +.RS 6n +int (*pending)(struct sudo_plugin_event *pev, int events, + struct timespec *ts); +.RE +.fi +.RS 6n +.sp +The +\fBpending\fR() +function can be used to determine whether one or more events is pending. +The +\fIevents\fR +argument specifies which events to check for. +See the +\fBset\fR() +function for a list of valid event types. +If +\fRSUDO_PLUGIN_EV_TIMEOUT\fR +is specified in +\fRevents\fR, +the event has an associated timeout and the +\fIts\fR +pointer is non-NULL, it will be filled in with the remaining time. +.RE +.TP 6n +\fBfd\fR() +.nf +.RS 6n +int (*fd)(struct sudo_plugin_event *pev); +.RE +.fi +.RS 6n +.sp +The +\fBfd\fR() +function returns the descriptor or signal number associated with +the event +\fIpev\fR. +.RE +.TP 6n +\fBsetbase\fR() +.nf +.RS 6n +void (*setbase)(struct sudo_plugin_event *pev, void *base); +.RE +.fi +.RS 6n +.sp +The +\fBsetbase\fR() +function sets the underlying event +\fIbase\fR +for +\fIpev\fR +to the specified value. +This can be used to move an event created via +\fBevent_alloc\fR() +to a new event loop allocated by sudo's event subsystem. +If +\fIbase\fR +is +\fRNULL\fR, +\fIpev\fR's +event base is reset to the default value, which corresponds to +\fBsudo\fR's +main event loop. +Using this function requires linking the plugin with the sudo_util +library. +It is unlikely to be used outside of the +\fBsudoers\fR +plugin. +.RE +.TP 6n +\fBloopbreak\fR() +.nf +.RS 6n +void (*loopbreak)(struct sudo_plugin_event *pev); +.RE +.fi +.RS 6n +.sp +The +\fBloopbreak\fR() +function causes +\fBsudo\fR's +event loop to exit immediately and the running command to be terminated. +.RE +.TP 6n +\fBfree\fR() +.nf +.RS 6n +void (*free)(struct sudo_plugin_event *pev); +.RE +.fi +.RS 6n +.sp +The +\fBfree\fR() +function deletes the event +\fIpev\fR +from the event loop and frees the memory associated with it. +.RE +.SS "Remote command execution" +The +\fBsudo\fR +front-end does not support running remote commands. +However, starting with +\fBsudo\fR +1.8.8, the +\fB\-h\fR +option may be used to specify a remote host that is passed +to the policy plugin. +A plugin may also accept a +\fIrunas_user\fR +in the form of +\(lquser@hostname\(rq +which will work with older versions of +\fBsudo\fR. +It is anticipated that remote commands will be supported by executing a +\(lqhelper\(rq +program. +The policy plugin should setup the execution environment such that the +\fBsudo\fR +front-end will run the helper which, in turn, will connect to the +remote host and run the command. +.PP +For example, the policy plugin could utilize +\fBssh\fR +to perform remote command execution. +The helper program would be responsible for running +\fBssh\fR +with the proper options to use a private key or certificate +that the remote host will accept and run a program +on the remote host that would setup the execution environment +accordingly. +.PP +Note that remote +\fBsudoedit\fR +functionality must be handled by the policy plugin, not +\fBsudo\fR +itself as the front-end has no knowledge that a remote command is +being executed. +This may be addressed in a future revision of the plugin API. +.SS "Conversation API" +If the plugin needs to interact with the user, it may do so via the +\fBconversation\fR() +function. +A plugin should not attempt to read directly from the standard input +or the user's tty (neither of which are guaranteed to exist). +The caller must include a trailing newline in +\fRmsg\fR +if one is to be printed. +.PP +A +\fBprintf\fR()-style +function is also available that can be used to display informational +or error messages to the user, which is usually more convenient for +simple messages where no use input is required. +.PP +\fIConversation function structures\fR +.PP +The conversation function takes as arguments pointers to the following +structures: +.nf +.sp +.RS 0n +struct sudo_conv_message { +#define SUDO_CONV_PROMPT_ECHO_OFF 0x0001 /* do not echo user input */ +#define SUDO_CONV_PROMPT_ECHO_ON 0x0002 /* echo user input */ +#define SUDO_CONV_ERROR_MSG 0x0003 /* error message */ +#define SUDO_CONV_INFO_MSG 0x0004 /* informational message */ +#define SUDO_CONV_PROMPT_MASK 0x0005 /* mask user input */ +#define SUDO_CONV_PROMPT_ECHO_OK 0x1000 /* flag: allow echo if no tty */ +#define SUDO_CONV_PREFER_TTY 0x2000 /* flag: use tty if possible */ + int msg_type; + int timeout; + const char *msg; +}; + +#define SUDO_CONV_REPL_MAX 1023 + +struct sudo_conv_reply { + char *reply; +}; + +typedef int (*sudo_conv_callback_fn_t)(int signo, void *closure); +struct sudo_conv_callback { + unsigned int version; + void *closure; + sudo_conv_callback_fn_t on_suspend; + sudo_conv_callback_fn_t on_resume; +}; +.RE +.fi +.PP +Pointers to the +\fBconversation\fR() +and +\fBprintf\fR()-style +functions are passed +in to the plugin's +\fBopen\fR() +function when the plugin is initialized. +The following type definitions can be used in the declaration of the +\fBopen\fR() +function: +.nf +.sp +.RS 0n +typedef int (*sudo_conv_t)(int num_msgs, + const struct sudo_conv_message msgs[], + struct sudo_conv_reply replies[], struct sudo_conv_callback *callback); + +typedef int (*sudo_printf_t)(int msg_type, const char *fmt, ...); +.RE +.fi +.PP +To use the +\fBconversation\fR() +function, the plugin must pass an array of +\fRsudo_conv_message\fR +and +\fRsudo_conv_reply\fR +structures. +There must be a +\fRstruct sudo_conv_message\fR +and +\fRstruct sudo_conv_reply\fR +for +each message in the conversation, that is, both arrays must have the same +number of elements. +Each +\fRstruct sudo_conv_reply\fR +must have its +\fIreply\fR +member initialized to +\fRNULL\fR. +The +\fRstruct sudo_conv_callback\fR +pointer, if not +\fRNULL\fR, +should contain function pointers to be called when the +\fBsudo\fR +process is suspended and/or resumed during conversation input. +The +\fIon_suspend\fR +and +\fIon_resume\fR +functions are called with the signal that caused +\fBsudo\fR +to be suspended and the +\fIclosure\fR +pointer from the +\fRstruct sudo_conv_callback\fR. +These functions should return 0 on success and \-1 on error. +On error, the conversation will end and the conversation function +will return a value of \-1. +The intended use is to allow the plugin to release resources, such as locks, +that should not be held indefinitely while suspended and then reacquire them +when the process is resumed. +Note that the functions are not actually invoked from within a signal handler. +.PP +The +\fImsg_type\fR +must be set to one of the following values: +.TP 6n +SUDO_CONV_PROMPT_ECHO_OFF +Prompt the user for input with echo disabled; +this is generally used for passwords. +The reply will be stored in the +\fIreplies\fR +array, and it will never be +\fRNULL\fR. +.TP 6n +SUDO_CONV_PROMPT_ECHO_ON +Prompt the user for input with echo enabled. +The reply will be stored in the +\fIreplies\fR +array, and it will never be +\fRNULL\fR. +.TP 6n +SUDO_CONV_ERROR_MSG +Display an error message. +The message is written to the standard error unless the +\fRSUDO_CONV_PREFER_TTY\fR +flag is set, in which case it is written to the user's terminal if possible. +.TP 6n +SUDO_CONV_INFO_MSG +Display a message. +The message is written to the standard output unless the +\fRSUDO_CONV_PREFER_TTY\fR +flag is set, in which case it is written to the user's terminal if possible. +.TP 6n +SUDO_CONV_PROMPT_MASK +Prompt the user for input but echo an asterisk character for each +character read. +The reply will be stored in the +\fIreplies\fR +array, and it will never be +\fRNULL\fR. +This can be used to provide visual feedback to the user while reading +sensitive information that should not be displayed. +.PP +In addition to the above values, the following flag bits may also be set: +.TP 6n +SUDO_CONV_PROMPT_ECHO_OK +Allow input to be read when echo cannot be disabled +when the message type is +\fRSUDO_CONV_PROMPT_ECHO_OFF\fR +or +\fRSUDO_CONV_PROMPT_MASK\fR. +By default, +\fBsudo\fR +will refuse to read input if the echo cannot be disabled for those +message types. +.TP 6n +SUDO_CONV_PREFER_TTY +When displaying a message via +\fRSUDO_CONV_ERROR_MSG\fR +or +\fRSUDO_CONV_INFO_MSG\fR, +try to write the message to the user's terminal. +If the terminal is unavailable, the standard error or standard output +will be used, depending upon whether +\fRSUDO_CONV_ERROR_MSG\fR +or +\fRSUDO_CONV_INFO_MSG\fR +was used. +The user's terminal is always used when possible for input, +this flag is only used for output. +.PP +The +\fItimeout\fR +in seconds until the prompt will wait for no more input. +A zero value implies an infinite timeout. +.PP +The plugin is responsible for freeing the reply buffer located in each +\fRstruct sudo_conv_reply\fR, +if it is not +\fRNULL\fR. +\fRSUDO_CONV_REPL_MAX\fR +represents the maximum length of the reply buffer (not including +the trailing NUL character). +In practical terms, this is the longest password +\fBsudo\fR +will support. +.PP +The +\fBprintf\fR()-style +function uses the same underlying mechanism as the +\fBconversation\fR() +function but only supports +\fRSUDO_CONV_INFO_MSG\fR +and +\fRSUDO_CONV_ERROR_MSG\fR +for the +\fImsg_type\fR +parameter. +It can be more convenient than using the +\fBconversation\fR() +function if no user reply is needed and supports standard +\fBprintf\fR() +escape sequences. +.PP +See the sample plugin for an example of the +\fBconversation\fR() +function usage. +.SS "Plugin invocation order" +As of +\fBsudo\fR +1.9.0, the plugin +\fBopen\fR() +and +\fBclose\fR() +functions are called in the +following order: +.TP 5n +1.\& +audit open +.TP 5n +2.\& +policy open +.TP 5n +3.\& +approval open +.TP 5n +4.\& +approval close +.TP 5n +5.\& +I/O log open +.TP 5n +6.\& +command runs +.TP 5n +7.\& +command exits +.TP 5n +8.\& +I/O log close +.TP 5n +9.\& +policy close +.TP 5n +10.\& +audit close +.TP 5n +11.\& +sudo exits +.PP +Prior to +\fBsudo\fR +1.9.0, the I/O log +\fBclose\fR() +function was called +\fIafter\fR +the policy +\fBclose\fR() +function. +.SS "Sudoers group plugin API" +The +\fBsudoers\fR +plugin supports its own plugin interface to allow non-Unix +group lookups. +This can be used to query a group source other than the standard Unix +group database. +Two sample group plugins are bundled with +\fBsudo\fR, +\fIgroup_file\fR, +and +\fIsystem_group\fR, +are detailed in +sudoers(@mansectform@). +Third party group plugins include a QAS AD plugin available from Quest Software. +.PP +A group plugin must declare and populate a +\fRsudoers_group_plugin\fR +struct in the global scope. +This structure contains pointers to the functions that implement plugin +initialization, cleanup, and group lookup. +.nf +.sp +.RS 0n +struct sudoers_group_plugin { + unsigned int version; + int (*init)(int version, sudo_printf_t sudo_printf, + char *const argv[]); + void (*cleanup)(void); + int (*query)(const char *user, const char *group, + const struct passwd *pwd); +}; +.RE +.fi +.PP +The +\fRsudoers_group_plugin\fR +struct has the following fields: +.TP 6n +version +The +\fRversion\fR +field should be set to GROUP_API_VERSION. +.sp +This allows +\fBsudoers\fR +to determine the API version the group plugin +was built against. +.TP 6n +init +.nf +.RS 6n +int (*init)(int version, sudo_printf_t plugin_printf, + char *const argv[]); +.RE +.fi +.RS 6n +.sp +The +\fBinit\fR() +function is called after +\fIsudoers\fR +has been parsed but +before any policy checks. +It returns 1 on success, 0 on failure (or if the plugin is not configured), +and \-1 if a error occurred. +If an error occurs, the plugin may call the +\fBplugin_printf\fR() +function with +\fRSUDO_CONF_ERROR_MSG\fR +to present additional error information to the user. +.sp +The function arguments are as follows: +.TP 6n +version +The version passed in by +\fBsudoers\fR +allows the plugin to determine the +major and minor version number of the group plugin API supported by +\fBsudoers\fR. +.TP 6n +plugin_printf +A pointer to a +\fBprintf\fR()-style +function that may be used to display informational or error message to the user. +Returns the number of characters printed on success and \-1 on failure. +.TP 6n +argv +A +\fRNULL\fR-terminated +array of arguments generated from the +\fIgroup_plugin\fR +option in +\fIsudoers\fR. +If no arguments were given, +\fIargv\fR +will be +\fRNULL\fR. +.PD 0 +.PP +.RE +.PD +.TP 6n +cleanup +.nf +.RS 6n +void (*cleanup)(); +.RE +.fi +.RS 6n +.sp +The +\fBcleanup\fR() +function is called when +\fBsudoers\fR +has finished its +group checks. +The plugin should free any memory it has allocated and close open file handles. +.RE +.TP 6n +query +.br +.nf +.RS 6n +int (*query)(const char *user, const char *group, + const struct passwd *pwd); +.RE +.fi +.RS 6n +.sp +The +\fBquery\fR() +function is used to ask the group plugin whether +\fIuser\fR +is a member of +\fIgroup\fR. +.sp +The function arguments are as follows: +.TP 6n +user +The name of the user being looked up in the external group database. +.TP 6n +group +.br +The name of the group being queried. +.TP 6n +pwd +The password database entry for +\fIuser\fR, +if any. +If +\fIuser\fR +is not +present in the password database, +\fIpwd\fR +will be +\fRNULL\fR. +.PD 0 +.PP +.RE +.PD +.PP +\fIGroup API Version Macros\fR +.nf +.sp +.RS 0n +/* Sudoers group plugin version major/minor */ +#define GROUP_API_VERSION_MAJOR 1 +#define GROUP_API_VERSION_MINOR 0 +#define GROUP_API_VERSION ((GROUP_API_VERSION_MAJOR << 16) | \e + GROUP_API_VERSION_MINOR) +.RE +.fi +For getters and setters see the +\fIPolicy plugin API\fR. +.SH "PLUGIN API CHANGELOG" +The following revisions have been made to the Sudo Plugin API. +.TP 6n +Version 1.0 +Initial API version. +.TP 6n +Version 1.1 (sudo 1.8.0) +The I/O logging plugin's +\fBopen\fR() +function was modified to take the +\fRcommand_info\fR +list as an argument. +.TP 6n +Version 1.2 (sudo 1.8.5) +The Policy and I/O logging plugins' +\fBopen\fR() +functions are now passed +a list of plugin parameters if any are specified in +sudo.conf(@mansectform@). +.sp +A simple hooks API has been introduced to allow plugins to hook in to the +system's environment handling functions. +.sp +The +\fRinit_session\fR +Policy plugin function is now passed a pointer +to the user environment which can be updated as needed. +This can be used to merge in environment variables stored in the PAM +handle before a command is run. +.TP 6n +Version 1.3 (sudo 1.8.7) +Support for the +\fIexec_background\fR +entry has been added to the +\fRcommand_info\fR +list. +.sp +The +\fImax_groups\fR +and +\fIplugin_dir\fR +entries were added to the +\fRsettings\fR +list. +.sp +The +\fBversion\fR() +and +\fBclose\fR() +functions are now optional. +Previously, a missing +\fBversion\fR() +or +\fBclose\fR() +function would result in a crash. +If no policy plugin +\fBclose\fR() +function is defined, a default +\fBclose\fR() +function will be provided by the +\fBsudo\fR +front-end that displays a warning if the command could not be +executed. +.sp +The +\fBsudo\fR +front-end now installs default signal handlers to trap common signals +while the plugin functions are run. +.TP 6n +Version 1.4 (sudo 1.8.8) +The +\fIremote_host\fR +entry was added to the +\fRsettings\fR +list. +.TP 6n +Version 1.5 (sudo 1.8.9) +The +\fIpreserve_fds\fR +entry was added to the +\fRcommand_info\fR +list. +.TP 6n +Version 1.6 (sudo 1.8.11) +The behavior when an I/O logging plugin returns an error +(\-1) +has changed. +Previously, the +\fBsudo\fR +front-end took no action when the +\fBlog_ttyin\fR(), +\fBlog_ttyout\fR(), +\fBlog_stdin\fR(), +\fBlog_stdout\fR(), +or +\fBlog_stderr\fR() +function returned an error. +.sp +The behavior when an I/O logging plugin returns 0 has changed. +Previously, output from the command would be displayed to the +terminal even if an output logging function returned 0. +.TP 6n +Version 1.7 (sudo 1.8.12) +The +\fIplugin_path\fR +entry was added to the +\fRsettings\fR +list. +.sp +The +\fIdebug_flags\fR +entry now starts with a debug file path name and may occur multiple +times if there are multiple plugin-specific Debug lines in the +sudo.conf(@mansectform@) file. +.TP 6n +Version 1.8 (sudo 1.8.15) +The +\fIsudoedit_checkdir\fR +and +\fIsudoedit_follow\fR +entries were added to the +\fRcommand_info\fR +list. +The default value of +\fIsudoedit_checkdir\fR +was changed to true in sudo 1.8.16. +.sp +The sudo +\fIconversation\fR +function now takes a pointer to a +\fRstruct sudo_conv_callback\fR +as its fourth argument. +The +\fRsudo_conv_t\fR +definition has been updated to match. +The plugin must specify that it supports plugin API version 1.8 or higher +to receive a conversation function pointer that supports this argument. +.TP 6n +Version 1.9 (sudo 1.8.16) +The +\fIexecfd\fR +entry was added to the +\fRcommand_info\fR +list. +.TP 6n +Version 1.10 (sudo 1.8.19) +The +\fIumask\fR +entry was added to the +\fRuser_info\fR +list. +The +\fIiolog_group\fR, +\fIiolog_mode\fR, +and +\fIiolog_user\fR +entries were added to the +\fRcommand_info\fR +list. +.TP 6n +Version 1.11 (sudo 1.8.20) +The +\fItimeout\fR +entry was added to the +\fRsettings\fR +list. +.TP 6n +Version 1.12 (sudo 1.8.21) +The +\fRchange_winsize\fR +field was added to the io_plugin struct. +.TP 6n +Version 1.13 (sudo 1.8.26) +The +\fRlog_suspend\fR +field was added to the io_plugin struct. +.TP 6n +Version 1.14 (sudo 1.8.29) +The +\fIumask_override\fR +entry was added to the +\fRcommand_info\fR +list. +.TP 6n +Version 1.15 (sudo 1.9.0) +The +\fIcwd_optional\fR +entry was added to the +\fRcommand_info\fR +list. +.sp +The +\fIevent_alloc\fR +field was added to the policy_plugin and io_plugin structs. +.sp +The +\fIerrstr\fR +argument was added to the policy and I/O plugin functions +which the plugin function can use to return an error string. +This string may be used by the audit plugin to report failure or +error conditions set by the other plugins. +.sp +The +\fBclose\fR() +function is now is called regardless of whether or not a command +was actually executed. +This makes it possible for plugins to perform cleanup even when a +command was not run. +.sp +\fRSUDO_CONV_REPL_MAX\fR +has increased from 255 to 1023 bytes. +.sp +Support for audit and approval plugins was added. +.TP 6n +Version 1.16 (sudo 1.9.3) +Initial resource limit values were added to the +\fRuser_info\fR +list. +.sp +The +\fIcmnd_chroot\fR +and +\fIcmnd_cwd\fR +enties were added to the +\fRsettings\fR +list. +.TP 6n +Version 1.17 (sudo 1.9.4) +The +\fIevent_alloc\fR +field was added to the audit_plugin and approval_plugin structs. +.TP 6n +Version 1.18 (sudo 1.9.9) +The policy may now set resource limit values in the +\fRcommand_info\fR +list. +.SH "SEE ALSO" +sudo.conf(@mansectform@), +sudoers(@mansectform@), +sudo(@mansectsu@) +.SH "AUTHORS" +Many people have worked on +\fBsudo\fR +over the years; this version consists of code written primarily by: +.sp +.RS 6n +Todd C. Miller +.RE +.PP +See the CONTRIBUTORS file in the +\fBsudo\fR +distribution (https://www.sudo.ws/contributors.html) for an +exhaustive list of people who have contributed to +\fBsudo\fR. +.SH "BUGS" +If you feel you have found a bug in +\fBsudo\fR, +please submit a bug report at https://bugzilla.sudo.ws/ +.SH "SUPPORT" +Limited free support is available via the sudo-users mailing list, +see https://www.sudo.ws/mailman/listinfo/sudo-users to subscribe or +search the archives. +.SH "DISCLAIMER" +\fBsudo\fR +is provided +\(lqAS IS\(rq +and any express or implied warranties, including, but not limited +to, the implied warranties of merchantability and fitness for a +particular purpose are disclaimed. +See the LICENSE file distributed with +\fBsudo\fR +or https://www.sudo.ws/license.html for complete details. diff -Nru sudo-1.9.5p2/docs/sudo_plugin.mdoc.in sudo-1.9.9/docs/sudo_plugin.mdoc.in --- sudo-1.9.5p2/docs/sudo_plugin.mdoc.in 1970-01-01 00:00:00.000000000 +0000 +++ sudo-1.9.9/docs/sudo_plugin.mdoc.in 2022-01-27 21:24:22.000000000 +0000 @@ -0,0 +1,4726 @@ +.\" +.\" SPDX-License-Identifier: ISC +.\" +.\" Copyright (c) 2009-2022 Todd C. Miller +.\" +.\" Permission to use, copy, modify, and distribute this software for any +.\" purpose with or without fee is hereby granted, provided that the above +.\" copyright notice and this permission notice appear in all copies. +.\" +.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES +.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF +.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR +.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES +.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN +.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF +.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. +.\" +.Dd January 20, 2022 +.Dt SUDO_PLUGIN @mansectform@ +.Os Sudo @PACKAGE_VERSION@ +.Sh NAME +.Nm sudo_plugin +.Nd Sudo Plugin API +.Sh DESCRIPTION +Starting with version 1.8, +.Nm sudo +supports a plugin API +for policy and session logging. +Plugins may be compiled as dynamic shared objects (the default on +systems that support them) or compiled statically into the +.Nm sudo +binary itself. +By default, the +.Nm sudoers +plugin provides audit, security policy and I/O logging capabilities. +Via the plugin API, +.Nm sudo +can be configured to use alternate plugins provided by third parties. +The plugins to be used are specified in the +.Xr sudo.conf @mansectform@ +file. +.Pp +The API is versioned with a major and minor number. +The minor version number is incremented when additions are made. +The major number is incremented when incompatible changes are made. +A plugin should be check the version passed to it and make sure that the +major version matches. +.Pp +The plugin API is defined by the +.Li sudo_plugin.h +header file. +.Ss Policy plugin API +A policy plugin must declare and populate a +.Li policy_plugin +struct in the global scope. +This structure contains pointers to the functions that implement the +.Nm sudo +policy checks. +The name of the symbol should be specified in +.Xr sudo.conf @mansectform@ +along with a path to the plugin so that +.Nm sudo +can load it. +.Bd -literal +struct policy_plugin { +#define SUDO_POLICY_PLUGIN 1 + unsigned int type; /* always SUDO_POLICY_PLUGIN */ + unsigned int version; /* always SUDO_API_VERSION */ + int (*open)(unsigned int version, sudo_conv_t conversation, + sudo_printf_t plugin_printf, char * const settings[], + char * const user_info[], char * const user_env[], + char * const plugin_options[], const char **errstr); + void (*close)(int exit_status, int error); + int (*show_version)(int verbose); + int (*check_policy)(int argc, char * const argv[], + char *env_add[], char **command_info[], + char **argv_out[], char **user_env_out[], const char **errstr); + int (*list)(int argc, char * const argv[], int verbose, + const char *list_user, const char **errstr); + int (*validate)(const char **errstr); + void (*invalidate)(int remove); + int (*init_session)(struct passwd *pwd, char **user_env[], + const char **errstr); + void (*register_hooks)(int version, + int (*register_hook)(struct sudo_hook *hook)); + void (*deregister_hooks)(int version, + int (*deregister_hook)(struct sudo_hook *hook)); + struct sudo_plugin_event * (*event_alloc)(void); +}; +.Ed +.Pp +The policy_plugin struct has the following fields: +.Bl -tag -width 4n +.It type +The +.Li type +field should always be set to SUDO_POLICY_PLUGIN. +.It version +The +.Li version +field should be set to +.Dv SUDO_API_VERSION . +.Pp +This allows +.Nm sudo +to determine the API version the plugin was +built against. +.It open +.Bd -literal -compact +int (*open)(unsigned int version, sudo_conv_t conversation, + sudo_printf_t plugin_printf, char * const settings[], + char * const user_info[], char * const user_env[], + char * const plugin_options[], const char **errstr); +.Ed +.Pp +Returns 1 on success, 0 on failure, \-1 if a general error occurred, +or \-2 if there was a usage error. +In the latter case, +.Nm sudo +will print a usage message before it exits. +If an error occurs, the plugin may optionally call the +.Fn conversation +or +.Fn plugin_printf +function with +.Dv SUDO_CONF_ERROR_MSG +to present additional error information to the user. +.Pp +The function arguments are as follows: +.Bl -tag -width 4n +.It version +The version passed in by +.Nm sudo +allows the plugin to determine the +major and minor version number of the plugin API supported by +.Nm sudo . +.It conversation +A pointer to the +.Fn conversation +function that can be used by the plugin to interact with the user (see +.Sx Conversation API +for details). +Returns 0 on success and \-1 on failure. +.It plugin_printf +A pointer to a +.Fn printf Ns -style +function that may be used to display informational or error messages (see +.Sx Conversation API +for details). +Returns the number of characters printed on success and \-1 on failure. +.It settings +A vector of user-supplied +.Nm sudo +settings in the form of +.Dq name=value +strings. +The vector is terminated by a +.Dv NULL +pointer. +These settings correspond to options the user specified when running +.Nm sudo . +As such, they will only be present when the corresponding option has +been specified on the command line. +.Pp +When parsing +.Em settings , +the plugin should split on the +.Sy first +equal sign +.Pq Ql = +since the +.Em name +field will never include one +itself but the +.Em value +might. +.Pp +The following values may be set by +.Nm sudo : +.Bl -tag -width 4n +.It bsdauth_type=string +Authentication type, if specified by the +.Fl a +option, to use on +systems where +.Bx +authentication is supported. +.It closefrom=number +If specified, the user has requested via the +.Fl C +option that +.Nm sudo +close all files descriptors with a value of +.Em number +or higher. +The plugin may optionally pass this, or another value, back in the +.Em command_info +list. +.It cmnd_chroot=string +The root directory (see +.Xr chroot 2 ) +to run the command in, as specified by the user via the +.Fl R +option. +The plugin may ignore or restrict the user's ability to specify a new +root directory. +Only available starting with API version 1.16. +.It cmnd_cwd=string +The working directory to run the command in, as specified by the user via the +.Fl D +option. +The plugin may ignore or restrict the user's ability to specify a new +working directory. +Only available starting with API version 1.16. +.It debug_flags=string +A debug file path name followed by a space and a comma-separated +list of debug flags that correspond to the plugin's +.Li Debug +entry in +.Xr sudo.conf @mansectform@ , +if there is one. +The flags are passed to the plugin exactly as they appear in +.Xr sudo.conf @mansectform@ . +The syntax used by +.Nm sudo +and the +.Nm sudoers +plugin is +.Em subsystem Ns @ Ns Em priority +but a plugin is free to use a different +format so long as it does not include a comma +.Pq Ql ,\& . +Prior to +.Nm sudo +1.8.12, there was no way to specify plugin-specific +.Em debug_flags +so the value was always the same as that used by the +.Nm sudo +front-end and did not include a path name, only the flags themselves. +As of version 1.7 of the plugin interface, +.Nm sudo +will only pass +.Em debug_flags +if +.Xr sudo.conf @mansectform@ +contains a plugin-specific +.Li Debug +entry. +.It ignore_ticket=bool +Set to true if the user specified the +.Fl k +option along with a +command, indicating that the user wishes to ignore any cached +authentication credentials. +.Em implied_shell +to true. +This allows +.Nm sudo +with no arguments +to be used similarly to +.Xr su 1 . +If the plugin does not to support this usage, it may return a value of \-2 +from the +.Fn check_policy +function, which will cause +.Nm sudo +to print a usage message and exit. +.It implied_shell=bool +If the user does not specify a program on the command line, +.Nm sudo +will pass the plugin the path to the user's shell and set +.It login_class=string +.Bx +login class to use when setting resource limits and nice value, +if specified by the +.Fl c +option. +.It login_shell=bool +Set to true if the user specified the +.Fl i +option, indicating that +the user wishes to run a login shell. +.It max_groups=int +The maximum number of groups a user may belong to. +This will only be present if there is a corresponding setting in +.Xr sudo.conf @mansectform@ . +.It network_addrs=list +A space-separated list of IP network addresses and netmasks in the +form +.Dq addr/netmask , +e.g., +.Dq 192.168.1.2/255.255.255.0 . +The address and netmask pairs may be either IPv4 or IPv6, depending on +what the operating system supports. +If the address contains a colon +.Pq Ql :\& , +it is an IPv6 address, else it is IPv4. +.It noninteractive=bool +Set to true if the user specified the +.Fl n +option, indicating that +.Nm sudo +should operate in non-interactive mode. +The plugin may reject a command run in non-interactive mode if user +interaction is required. +.It plugin_dir=string +The default plugin directory used by the +.Nm sudo +front-end. +This is the default directory set at compile time and may not +correspond to the directory the running plugin was loaded from. +It may be used by a plugin to locate support files. +.It plugin_path=string +The path name of plugin loaded by the +.Nm sudo +front-end. +The path name will be a fully-qualified unless the plugin was +statically compiled into +.Nm sudo . +.It preserve_environment=bool +Set to true if the user specified the +.Fl E +option, indicating that +the user wishes to preserve the environment. +.It preserve_groups=bool +Set to true if the user specified the +.Fl P +option, indicating that +the user wishes to preserve the group vector instead of setting it +based on the runas user. +.It progname=string +The command name that sudo was run as, typically +.Dq sudo +or +.Dq sudoedit . +.It prompt=string +The prompt to use when requesting a password, if specified via +the +.Fl p +option. +.It remote_host=string +The name of the remote host to run the command on, if specified via +the +.Fl h +option. +Support for running the command on a remote host is meant to be implemented +via a helper program that is executed in place of the user-specified command. +The +.Nm sudo +front-end is only capable of executing commands on the local host. +Only available starting with API version 1.4. +.It run_shell=bool +Set to true if the user specified the +.Fl s +option, indicating that the user wishes to run a shell. +.It runas_group=string +The group name or group-ID to run the command as, if specified via +the +.Fl g +option. +.It runas_user=string +The user name or user-ID to run the command as, if specified via the +.Fl u +option. +.It selinux_role=string +SELinux role to use when executing the command, if specified by +the +.Fl r +option. +.It selinux_type=string +SELinux type to use when executing the command, if specified by +the +.Fl t +option. +.It set_home=bool +Set to true if the user specified the +.Fl H +option. +If true, set the +.Li HOME +environment variable to the target user's home directory. +.It sudoedit=bool +Set to true when the +.Fl e +option is specified or if invoked as +.Nm sudoedit . +The plugin shall substitute an editor into +.Em argv +in the +.Fn check_policy +function or return \-2 with a usage error +if the plugin does not support +.Em sudoedit . +For more information, see the +.Em check_policy +section. +.It timeout=string +Command timeout specified by the user via the +.Fl T +option. +Not all plugins support command timeouts and the ability of the +user to set a timeout may be restricted by policy. +The format of the timeout string is plugin-specific. +.El +.Pp +Additional settings may be added in the future so the plugin should +silently ignore settings that it does not recognize. +.It user_info +A vector of information about the user running the command in the form of +.Dq name=value +strings. +The vector is terminated by a +.Dv NULL +pointer. +.Pp +When parsing +.Em user_info , +the plugin should split on the +.Sy first +equal sign +.Pq Ql = +since the +.Em name +field will never include one +itself but the +.Em value +might. +.Pp +The following values may be set by +.Nm sudo : +.Bl -tag -width 4n +.It cols=int +The number of columns the user's terminal supports. +If there is no terminal device available, a default value of 80 is used. +.It cwd=string +The user's current working directory. +.It egid=gid_t +The effective group-ID of the user invoking +.Nm sudo . +.It euid=uid_t +The effective user-ID of the user invoking +.Nm sudo . +.It gid=gid_t +The real group-ID of the user invoking +.Nm sudo . +.It groups=list +The user's supplementary group list formatted as a string of +comma-separated group-IDs. +.It host=string +The local machine's hostname as returned by the +.Xr gethostname 2 +system call. +.It lines=int +The number of lines the user's terminal supports. +If there is +no terminal device available, a default value of 24 is used. +.It pgid=int +The ID of the process group that the running +.Nm sudo +process is a member of. +Only available starting with API version 1.2. +.It pid=int +The process ID of the running +.Nm sudo +process. +Only available starting with API version 1.2. +.It ppid=int +The parent process ID of the running +.Nm sudo +process. +Only available starting with API version 1.2. +.It rlimit_as=soft,hard +The maximum size to which the process's address space may grow (in bytes), +if supported by the operating system. +The soft and hard limits are separated by a comma. +A value of +.Dq infinity +indicates that there is no limit. +Only available starting with API version 1.16. +.It rlimit_core=soft,hard +The largest size core dump file that may be created (in bytes). +The soft and hard limits are separated by a comma. +A value of +.Dq infinity +indicates that there is no limit. +Only available starting with API version 1.16. +.It rlimit_cpu=soft,hard +The maximum amount of CPU time that the process may use (in seconds). +The soft and hard limits are separated by a comma. +A value of +.Dq infinity +indicates that there is no limit. +Only available starting with API version 1.16. +.It rlimit_data=soft,hard +The maximum size of the data segment for the process (in bytes). +The soft and hard limits are separated by a comma. +A value of +.Dq infinity +indicates that there is no limit. +Only available starting with API version 1.16. +.It rlimit_fsize=soft,hard +The largest size file that the process may create (in bytes). +The soft and hard limits are separated by a comma. +A value of +.Dq infinity +indicates that there is no limit. +Only available starting with API version 1.16. +.It rlimit_locks=soft,hard +The maximum number of locks that the process may establish, +if supported by the operating system. +The soft and hard limits are separated by a comma. +A value of +.Dq infinity +indicates that there is no limit. +Only available starting with API version 1.16. +.It rlimit_memlock=soft,hard +The maximum size that the process may lock in memory (in bytes), +if supported by the operating system. +The soft and hard limits are separated by a comma. +A value of +.Dq infinity +indicates that there is no limit. +Only available starting with API version 1.16. +.It rlimit_nofile=soft,hard +The maximum number of files that the process may have open. +The soft and hard limits are separated by a comma. +A value of +.Dq infinity +indicates that there is no limit. +Only available starting with API version 1.16. +.It rlimit_nproc=soft,hard +The maximum number of processes that the user may run simultaneously. +The soft and hard limits are separated by a comma. +A value of +.Dq infinity +indicates that there is no limit. +Only available starting with API version 1.16. +.It rlimit_rss=soft,hard +The maximum size to which the process's resident set size may grow (in bytes). +The soft and hard limits are separated by a comma. +A value of +.Dq infinity +indicates that there is no limit. +Only available starting with API version 1.16. +.It rlimit_stack=soft,hard +The maximum size to which the process's stack may grow (in bytes). +The soft and hard limits are separated by a comma. +A value of +.Dq infinity +indicates that there is no limit. +Only available starting with API version 1.16. +.It sid=int +The session ID of the running +.Nm sudo +process or 0 if +.Nm sudo +is not part of a POSIX job control session. +Only available starting with API version 1.2. +.It tcpgid=int +The ID of the foreground process group associated with the terminal +device associated with the +.Nm sudo +process or 0 if there is no terminal present. +Only available starting with API version 1.2. +.It tty=string +The path to the user's terminal device. +If the user has no terminal device associated with the session, +the value will be empty, as in +.Dq Li tty= . +.It uid=uid_t +The real user-ID of the user invoking +.Nm sudo . +.It umask=octal +The invoking user's file creation mask. +Only available starting with API version 1.10. +.It user=string +The name of the user invoking +.Nm sudo . +.El +.It user_env +The user's environment in the form of a +.Dv NULL Ns -terminated vector of +.Dq name=value +strings. +.Pp +When parsing +.Em user_env , +the plugin should split on the +.Sy first +equal sign +.Pq Ql = +since the +.Em name +field will never include one +itself but the +.Em value +might. +.It plugin_options +Any (non-comment) strings immediately after the plugin path are +passed as arguments to the plugin. +These arguments are split on a white space boundary and are passed to +the plugin in the form of a +.Dv NULL Ns -terminated +array of strings. +If no arguments were +specified, +.Em plugin_options +will be the +.Dv NULL +pointer. +.Pp +NOTE: the +.Em plugin_options +parameter is only available starting with +API version 1.2. +A plugin +.Sy must +check the API version specified +by the +.Nm sudo +front-end before using +.Em plugin_options . +Failure to do so may result in a crash. +.It errstr +If the +.Fn open +function returns a value other than 1, the plugin may +store a message describing the failure or error in +.Fa errstr . +The +.Nm sudo +front-end will then pass this value to any registered audit plugins. +The string stored in +.Fa errstr +must remain valid until the plugin's +.Fn close +function is called. +.Pp +NOTE: the +.Fa errstr +parameter is only available starting with +API version 1.15. +A plugin +.Sy must +check the API version specified by the +.Nm sudo +front-end before using +.Fa errstr . +Failure to do so may result in a crash. +.El +.It close +.Bd -literal -compact +void (*close)(int exit_status, int error); +.Ed +.Pp +The +.Fn close +function is called when +.Nm sudo +is finished, shortly before it exits. +Starting with API version 1.15, +.Fn close +is called regardless of whether or not a command was actually executed. +This makes it possible for plugins to perform cleanup even when a +command was not run. +It is not possible to tell whether a command was run based solely +on the arguments passed to the +.Fn close +function. +To determine if a command was actually run, +the plugin must keep track of whether or not the +.Fn check_policy +function returned successfully. +.Pp +The function arguments are as follows: +.Bl -tag -width 4n +.It exit_status +The command's exit status, as returned by the +.Xr wait 2 +system call, or zero if no command was run. +The value of +.Li exit_status +is undefined if +.Li error +is non-zero. +.It error +If the command could not be executed, this is set to the value of +.Li errno +set by the +.Xr execve 2 +system call. +The plugin is responsible for displaying error information via the +.Fn conversation +or +.Fn plugin_printf +function. +If the command was successfully executed, the value of +.Li error +is zero. +.El +.Pp +If no +.Fn close +function is defined, no I/O logging plugins are loaded, +and neither the +.Em timeout +not +.Em use_pty +options are set in the +.Li command_info +list, the +.Nm sudo +front-end may execute the command directly instead of running +it as a child process. +.It show_version +.Bd -literal -compact +int (*show_version)(int verbose); +.Ed +.Pp +The +.Fn show_version +function is called by +.Nm sudo +when the user specifies +the +.Fl V +option. +The plugin may display its version information to the user via the +.Fn conversation +or +.Fn plugin_printf +function using +.Dv SUDO_CONV_INFO_MSG . +If the user requests detailed version information, the verbose flag will be set. +.Pp +Returns 1 on success, 0 on failure, \-1 if a general error occurred, +or \-2 if there was a usage error, although the return value is currently +ignored. +.It check_policy +.Bd -literal -compact +int (*check_policy)(int argc, char * const argv[], char *env_add[], + char **command_info[], char **argv_out[], char **user_env_out[], + const char **errstr); +.Ed +.Pp +The +.Fn check_policy +function is called by +.Nm sudo +to determine +whether the user is allowed to run the specified commands. +.Pp +If the +.Em sudoedit +option was enabled in the +.Em settings +array +passed to the +.Fn open +function, the user has requested +.Em sudoedit +mode. +.Em sudoedit +is a mechanism for editing one or more files +where an editor is run with the user's credentials instead of with +elevated privileges. +.Nm sudo +achieves this by creating user-writable +temporary copies of the files to be edited and then overwriting the +originals with the temporary copies after editing is complete. +If the plugin supports +.Em sudoedit , +it should choose the editor to be used, potentially from a variable +in the user's environment, such as +.Li EDITOR , +and include it in +.Em argv_out +(note that environment +variables may include command line options). +The files to be edited should be copied from +.Em argv +into +.Em argv_out , +separated from the +editor and its arguments by a +.Dq Li -- +element. +The +.Dq Li -- +will +be removed by +.Nm sudo +before the editor is executed. +The plugin should also set +.Em sudoedit=true +in the +.Em command_info +list. +.Pp +The +.Fn check_policy +function returns 1 if the command is allowed, +0 if not allowed, \-1 for a general error, or \-2 for a usage error +or if +.Em sudoedit +was specified but is unsupported by the plugin. +In the latter case, +.Nm sudo +will print a usage message before it +exits. +If an error occurs, the plugin may optionally call the +.Fn conversation +or +.Fn plugin_printf +function with +.Dv SUDO_CONF_ERROR_MSG +to present additional error information to the user. +.Pp +The function arguments are as follows: +.Bl -tag -width 4n +.It argc +The number of elements in +.Em argv , +not counting the final +.Dv NULL +pointer. +.It argv +The argument vector describing the command the user wishes to run, +in the same form as what would be passed to the +.Xr execve 2 +system call. +The vector is terminated by a +.Dv NULL +pointer. +.It env_add +Additional environment variables specified by the user on the command +line in the form of a +.Dv NULL Ns -terminated +vector of +.Dq name=value +strings. +The plugin may reject the command if one or more variables +are not allowed to be set, or it may silently ignore such variables. +.Pp +When parsing +.Em env_add , +the plugin should split on the +.Sy first +equal sign +.Pq Ql = +since the +.Em name +field will never include one +itself but the +.Em value +might. +.It command_info +Information about the command being run in the form of +.Dq name=value +strings. +These values are used by +.Nm sudo +to set the execution +environment when running a command. +The plugin is responsible for creating and populating the vector, +which must be terminated with a +.Dv NULL +pointer. +The following values are recognized by +.Nm sudo : +.Bl -tag -width 4n +.It chroot=string +The root directory to use when running the command. +.It closefrom=number +If specified, +.Nm sudo +will close all files descriptors with a value +of +.Em number +or higher. +.It command=string +Fully qualified path to the command to be executed. +.It cwd=string +The current working directory to change to when executing the command. +If +.Nm sudo +is unable to change to the new working directory, the command will +not be run unless +.Em cwd_optional +is also set (see below). +.It cwd_optional=bool +If enabled, +.Nm sudo +will treat an inability to change to the new working directory as a +non-fatal error. +This setting has no effect unless +.Em cwd +is also set. +.It exec_background=bool +By default, +.Nm sudo +runs a command as the foreground process as long as +.Nm sudo +itself is running in the foreground. +When +.Em exec_background +is enabled and the command is being run in a pseudo-terminal +(due to I/O logging or the +.Em use_pty +setting), the command will be run as a background process. +Attempts to read from the controlling terminal (or to change terminal +settings) will result in the command being suspended with the +.Dv SIGTTIN +signal (or +.Dv SIGTTOU +in the case of terminal settings). +If this happens when +.Nm sudo +is a foreground process, the command will be granted the controlling terminal +and resumed in the foreground with no user intervention required. +The advantage of initially running the command in the background is that +.Nm sudo +need not read from the terminal unless the command explicitly requests it. +Otherwise, any terminal input must be passed to the command, whether it +has required it or not (the kernel buffers terminals so it is not possible +to tell whether the command really wants the input). +This is different from historic +.Em sudo +behavior or when the command is not being run in a pseudo-terminal. +.Pp +For this to work seamlessly, the operating system must support the +automatic restarting of system calls. +Unfortunately, not all operating systems do this by default, +and even those that do may have bugs. +For example, macOS fails to restart the +.Fn tcgetattr +and +.Fn tcsetattr +system calls (this is a bug in macOS). +Furthermore, because this behavior depends on the command stopping with the +.Dv SIGTTIN +or +.Dv SIGTTOU +signals, programs that catch these signals and suspend themselves +with a different signal (usually +.Dv SIGTOP ) +will not be automatically foregrounded. +Some versions of the linux +.Xr su 1 +command behave this way. +Because of this, a plugin should not set +.Em exec_background +unless it is explicitly enabled by the administrator and there should +be a way to enabled or disable it on a per-command basis. +.Pp +This setting has no effect unless I/O logging is enabled or +.Em use_pty +is enabled. +.It execfd=number +If specified, +.Nm sudo +will use the +.Xr fexecve 2 +system call to execute the command instead of +.Xr execve 2 . +The specified +.Em number +must refer to an open file descriptor. +.It iolog_compress=bool +Set to true if the I/O logging plugins, if any, should compress the +log data. +This is a hint to the I/O logging plugin which may choose to ignore it. +.It iolog_group=string +The group that will own newly created I/O log files and directories. +This is a hint to the I/O logging plugin which may choose to ignore it. +.It iolog_mode=octal +The file permission mode to use when creating I/O log files and directories. +This is a hint to the I/O logging plugin which may choose to ignore it. +.It iolog_user=string +The user that will own newly created I/O log files and directories. +This is a hint to the I/O logging plugin which may choose to ignore it. +.It iolog_path=string +Fully qualified path to the file or directory in which I/O log is +to be stored. +This is a hint to the I/O logging plugin which may choose to ignore it. +If no I/O logging plugin is loaded, this setting has no effect. +.It iolog_stdin=bool +Set to true if the I/O logging plugins, if any, should log the +standard input if it is not connected to a terminal device. +This is a hint to the I/O logging plugin which may choose to ignore it. +.It iolog_stdout=bool +Set to true if the I/O logging plugins, if any, should log the +standard output if it is not connected to a terminal device. +This is a hint to the I/O logging plugin which may choose to ignore it. +.It iolog_stderr=bool +Set to true if the I/O logging plugins, if any, should log the +standard error if it is not connected to a terminal device. +This is a hint to the I/O logging plugin which may choose to ignore it. +.It iolog_ttyin=bool +Set to true if the I/O logging plugins, if any, should log all +terminal input. +This only includes input typed by the user and not from a pipe or +redirected from a file. +This is a hint to the I/O logging plugin which may choose to ignore it. +.It iolog_ttyout=bool +Set to true if the I/O logging plugins, if any, should log all +terminal output. +This only includes output to the screen, not output to a pipe or file. +This is a hint to the I/O logging plugin which may choose to ignore it. +.It login_class=string +.Bx +login class to use when setting resource limits and nice value (optional). +This option is only set on systems that support login classes. +.It nice=int +Nice value (priority) to use when executing the command. +The nice value, if specified, overrides the priority associated with the +.Em login_class +on +.Bx +systems. +.It noexec=bool +If set, prevent the command from executing other programs. +.It preserve_fds=list +A comma-separated list of file descriptors that should be +preserved, regardless of the value of the +.Em closefrom +setting. +Only available starting with API version 1.5. +.It preserve_groups=bool +If set, +.Nm sudo +will preserve the user's group vector instead of +initializing the group vector based on +.Li runas_user . +.It rlimit_as=soft,hard +The maximum size to which the process's address space may grow (in bytes), +if supported by the operating system. +The soft and hard limits are separated by a comma. +If only a single value is specified, both the hard and soft limits are set. +A value of +.Dq infinity +indicates that there is no limit. +A value of +.Dq user +will cause the invoking user's resource limit to be preserved. +A value of +.Dq default +will cause the target user's default resource limit to be used +on systems that allow per-user resource limits to be configured. +Only available starting with API version 1.17. +.It rlimit_core=soft,hard +The largest size core dump file that may be created (in bytes). +The soft and hard limits are separated by a comma. +If only a single value is specified, both the hard and soft limits are set. +A value of +.Dq infinity +indicates that there is no limit. +A value of +.Dq user +will cause the invoking user's resource limit to be preserved. +A value of +.Dq default +will cause the target user's default resource limit to be used +on systems that allow per-user resource limits to be configured. +Only available starting with API version 1.17. +.It rlimit_cpu=soft,hard +The maximum amount of CPU time that the process may use (in seconds). +The soft and hard limits are separated by a comma. +If only a single value is specified, both the hard and soft limits are set. +A value of +.Dq infinity +indicates that there is no limit. +A value of +.Dq user +will cause the invoking user's resource limit to be preserved. +A value of +.Dq default +will cause the target user's default resource limit to be used +on systems that allow per-user resource limits to be configured. +Only available starting with API version 1.17. +.It rlimit_data=soft,hard +The maximum size of the data segment for the process (in bytes). +The soft and hard limits are separated by a comma. +If only a single value is specified, both the hard and soft limits are set. +A value of +.Dq infinity +indicates that there is no limit. +A value of +.Dq user +will cause the invoking user's resource limit to be preserved. +A value of +.Dq default +will cause the target user's default resource limit to be used +on systems that allow per-user resource limits to be configured. +Only available starting with API version 1.17. +.It rlimit_fsize=soft,hard +The largest size file that the process may create (in bytes). +The soft and hard limits are separated by a comma. +If only a single value is specified, both the hard and soft limits are set. +A value of +.Dq infinity +indicates that there is no limit. +A value of +.Dq user +will cause the invoking user's resource limit to be preserved. +A value of +.Dq default +will cause the target user's default resource limit to be used +on systems that allow per-user resource limits to be configured. +Only available starting with API version 1.17. +.It rlimit_locks=soft,hard +The maximum number of locks that the process may establish, +if supported by the operating system. +The soft and hard limits are separated by a comma. +If only a single value is specified, both the hard and soft limits are set. +A value of +.Dq infinity +indicates that there is no limit. +A value of +.Dq user +will cause the invoking user's resource limit to be preserved. +A value of +.Dq default +will cause the target user's default resource limit to be used +on systems that allow per-user resource limits to be configured. +Only available starting with API version 1.17. +.It rlimit_memlock=soft,hard +The maximum size that the process may lock in memory (in bytes), +if supported by the operating system. +The soft and hard limits are separated by a comma. +If only a single value is specified, both the hard and soft limits are set. +A value of +.Dq infinity +indicates that there is no limit. +A value of +.Dq user +will cause the invoking user's resource limit to be preserved. +A value of +.Dq default +will cause the target user's default resource limit to be used +on systems that allow per-user resource limits to be configured. +Only available starting with API version 1.17. +.It rlimit_nofile=soft,hard +The maximum number of files that the process may have open. +The soft and hard limits are separated by a comma. +If only a single value is specified, both the hard and soft limits are set. +A value of +.Dq infinity +indicates that there is no limit. +A value of +.Dq user +will cause the invoking user's resource limit to be preserved. +A value of +.Dq default +will cause the target user's default resource limit to be used +on systems that allow per-user resource limits to be configured. +Only available starting with API version 1.17. +.It rlimit_nproc=soft,hard +The maximum number of processes that the user may run simultaneously. +The soft and hard limits are separated by a comma. +If only a single value is specified, both the hard and soft limits are set. +A value of +.Dq infinity +indicates that there is no limit. +A value of +.Dq user +will cause the invoking user's resource limit to be preserved. +A value of +.Dq default +will cause the target user's default resource limit to be used +on systems that allow per-user resource limits to be configured. +Only available starting with API version 1.17. +.It rlimit_rss=soft,hard +The maximum size to which the process's resident set size may grow (in bytes). +The soft and hard limits are separated by a comma. +If only a single value is specified, both the hard and soft limits are set. +A value of +.Dq infinity +indicates that there is no limit. +A value of +.Dq user +will cause the invoking user's resource limit to be preserved. +A value of +.Dq default +will cause the target user's default resource limit to be used +on systems that allow per-user resource limits to be configured. +Only available starting with API version 1.17. +.It rlimit_stack=soft,hard +The maximum size to which the process's stack may grow (in bytes). +The soft and hard limits are separated by a comma. +If only a single value is specified, both the hard and soft limits are set. +A value of +.Dq infinity +indicates that there is no limit. +A value of +.Dq user +will cause the invoking user's resource limit to be preserved. +A value of +.Dq default +will cause the target user's default resource limit to be used +on systems that allow per-user resource limits to be configured. +Only available starting with API version 1.17. +.It runas_egid=gid +Effective group-ID to run the command as. +If not specified, the value of +.Em runas_gid +is used. +.It runas_euid=uid +Effective user-ID to run the command as. +If not specified, the value of +.Em runas_uid +is used. +.It runas_gid=gid +Group-ID to run the command as. +.It runas_group=string +The name of the group the command will run as, if it is different +from the +.Em runas_user Ns 's +default group. +This value is provided for auditing purposes only, the +.Nm sudo +front-end uses +.Em runas_egid +and +.Em runas_gid +when executing the command. +.It runas_groups=list +The supplementary group vector to use for the command in the form +of a comma-separated list of group-IDs. +If +.Em preserve_groups +is set, this option is ignored. +.It runas_uid=uid +User-ID to run the command as. +.It runas_user=string +The name of the user the command will run as, which should correspond to +.Em runas_euid +(or +.Em runas_uid +if +.Em runas_euid +is not set). +This value is provided for auditing purposes only, the +.Nm sudo +front-end uses +.Em runas_euid +and +.Em runas_uid +when executing the command. +.It selinux_role=string +SELinux role to use when executing the command. +.It selinux_type=string +SELinux type to use when executing the command. +.It set_utmp=bool +Create a utmp (or utmpx) entry when a pseudo-terminal is allocated. +By default, the new entry will be a copy of the user's existing utmp +entry (if any), with the tty, time, type, and pid fields updated. +.It sudoedit=bool +Set to true when in +.Em sudoedit +mode. +The plugin may enable +.Em sudoedit +mode even if +.Nm sudo +was not invoked as +.Nm sudoedit . +This allows the plugin to perform command substitution and transparently +enable +.Em sudoedit +when the user attempts to run an editor. +.It sudoedit_checkdir=bool +Set to false to disable directory writability checks in +.Nm sudoedit . +By default, +.Nm sudoedit +1.8.16 and higher will check all directory components of the path to be +edited for writability by the invoking user. +Symbolic links will not be followed in writable directories and +.Nm sudoedit +will refuse to edit a file located in a writable directory. +These restrictions are not enforced when +.Nm sudoedit +is run by root. +The +.Em sudoedit_follow +option can be set to false to disable this check. +Only available starting with API version 1.8. +.It sudoedit_follow=bool +Set to true to allow +.Nm sudoedit +to edit files that are symbolic links. +By default, +.Nm sudoedit +1.8.15 and higher will refuse to open a symbolic link. +The +.Em sudoedit_follow +option can be used to restore the older behavior and allow +.Nm sudoedit +to open symbolic links. +Only available starting with API version 1.8. +.It timeout=int +Command timeout. +If non-zero then when the timeout expires the command will be killed. +.It umask=octal +The file creation mask to use when executing the command. +This value may be overridden by PAM or login.conf on some systems +unless the +.Em umask_override +option is also set. +.It umask_override=bool +Force the value specified by the +.Em umask +option to override any umask set by PAM or login.conf. +.It use_pty=bool +Allocate a pseudo-terminal to run the command in, regardless of whether +or not I/O logging is in use. +By default, +.Nm sudo +will only run +the command in a pseudo-terminal when an I/O log plugin is loaded. +.It utmp_user=string +User name to use when constructing a new utmp (or utmpx) entry when +.Em set_utmp +is enabled. +This option can be used to set the user field in the utmp entry to +the user the command runs as rather than the invoking user. +If not set, +.Nm sudo +will base the new entry on +the invoking user's existing entry. +.El +.Pp +Unsupported values will be ignored. +.It argv_out +The +.Dv NULL Ns -terminated +argument vector to pass to the +.Xr execve 2 +system call when executing the command. +The plugin is responsible for allocating and populating the vector. +.It user_env_out +The +.Dv NULL Ns -terminated +environment vector to use when executing the command. +The plugin is responsible for allocating and populating the vector. +.It errstr +If the +.Fn check_policy +function returns a value other than 1, the plugin may +store a message describing the failure or error in +.Fa errstr . +The +.Nm sudo +front-end will then pass this value to any registered audit plugins. +The string stored in +.Fa errstr +must remain valid until the plugin's +.Fn close +function is called. +.Pp +NOTE: the +.Fa errstr +parameter is only available starting with +API version 1.15. +A plugin +.Sy must +check the API version specified by the +.Nm sudo +front-end before using +.Fa errstr . +Failure to do so may result in a crash. +.El +.It list +.Bd -literal -compact +int (*list)(int argc, char * const argv[], int verbose, + const char *list_user, const char **errstr); +.Ed +.Pp +List available privileges for the invoking user. +Returns 1 on success, 0 on failure, and \-1 on error. +On error, the plugin may optionally call the +.Fn conversation +or +.Fn plugin_printf +function with +.Dv SUDO_CONF_ERROR_MSG +to present additional error information to +the user. +.Pp +Privileges should be output via the +.Fn conversation +or +.Fn plugin_printf +function using +.Dv SUDO_CONV_INFO_MSG . +.Pp +The function arguments are as follows: +.Bl -tag -width 4n +.It argc +The number of elements in +.Em argv , +not counting the final +.Dv NULL +pointer. +.It argv +If +.No non- Ns Dv NULL , +an argument vector describing a command the user +wishes to check against the policy in the same form as what would +be passed to the +.Xr execve 2 +system call. +If the command is permitted by the policy, the fully-qualified path +to the command should be displayed along with any command line arguments. +.It verbose +Flag indicating whether to list in verbose mode or not. +.It list_user +The name of a different user to list privileges for if the policy +allows it. +If +.Dv NULL , +the plugin should list the privileges of the invoking user. +.It errstr +If the +.Fn list +function returns a value other than 1, the plugin may +store a message describing the failure or error in +.Fa errstr . +The +.Nm sudo +front-end will then pass this value to any registered audit plugins. +The string stored in +.Fa errstr +must remain valid until the plugin's +.Fn close +function is called. +.Pp +NOTE: the +.Fa errstr +parameter is only available starting with +API version 1.15. +A plugin +.Sy must +check the API version specified by the +.Nm sudo +front-end before using +.Fa errstr . +Failure to do so may result in a crash. +.El +.It validate +.Bd -literal -compact +int (*validate)(const char **errstr); +.Ed +.Pp +The +.Fn validate +function is called when +.Nm sudo +is run with the +.Fl v +option. +For policy plugins such as +.Nm sudoers +that cache +authentication credentials, this function will validate and cache +the credentials. +.Pp +The +.Fn validate +function should be +.Dv NULL +if the plugin does not support credential caching. +.Pp +Returns 1 on success, 0 on failure, and \-1 on error. +On error, the plugin may optionally call the +.Fn conversation +or +.Fn plugin_printf +function with +.Dv SUDO_CONF_ERROR_MSG +to present additional +error information to the user. +.Pp +The function arguments are as follows: +.Bl -tag -width 4n +.It errstr +If the +.Fn validate +function returns a value other than 1, the plugin may +store a message describing the failure or error in +.Fa errstr . +The +.Nm sudo +front-end will then pass this value to any registered audit plugins. +The string stored in +.Fa errstr +must remain valid until the plugin's +.Fn close +function is called. +.Pp +NOTE: the +.Fa errstr +parameter is only available starting with +API version 1.15. +A plugin +.Sy must +check the API version specified by the +.Nm sudo +front-end before using +.Fa errstr . +Failure to do so may result in a crash. +.El +.It invalidate +.Bd -literal -compact +void (*invalidate)(int remove); +.Ed +.Pp +The +.Fn invalidate +function is called when +.Nm sudo +is run with the +.Fl k +or +.Fl K +option. +For policy plugins such as +.Nm sudoers +that +cache authentication credentials, this function will invalidate the +credentials. +If the +.Em remove +flag is set, the plugin may remove +the credentials instead of simply invalidating them. +.Pp +The +.Fn invalidate +function should be +.Dv NULL +if the plugin does not support credential caching. +.It init_session +.Bd -literal -compact +int (*init_session)(struct passwd *pwd, char **user_env_out[]); +.Ed +.Pp +The +.Fn init_session +function is called before +.Nm sudo +sets up the +execution environment for the command. +It is run in the parent +.Nm sudo +process and before any user-ID or group-ID changes. +This can be used to perform session setup that is not supported by +.Em command_info , +such as opening the PAM session. +The +.Fn close +function can be +used to tear down the session that was opened by +.Li init_session . +.Pp +The +.Em pwd +argument points to a passwd struct for the user the +command will be run as if the user-ID the command will run as was found +in the password database, otherwise it will be +.Dv NULL . +.Pp +The +.Em user_env_out +argument points to the environment the command will +run in, in the form of a +.Dv NULL Ns -terminated +vector of +.Dq name=value +strings. +This is the same string passed back to the front-end via +the Policy Plugin's +.Em user_env_out +parameter. +If the +.Fn init_session +function needs to modify the user environment, it should update the +pointer stored in +.Em user_env_out . +The expected use case is to merge the contents of the PAM environment +(if any) with the contents of +.Em user_env_out . +NOTE: the +.Em user_env_out +parameter is only available +starting with API version 1.2. +A plugin +.Sy must +check the API +version specified by the +.Nm sudo +front-end before using +.Em user_env_out . +Failure to do so may result in a crash. +.Pp +Returns 1 on success, 0 on failure, and \-1 on error. +On error, the plugin may optionally call the +.Fn conversation +or +.Fn plugin_printf +function with +.Dv SUDO_CONF_ERROR_MSG +to present additional +error information to the user. +.It register_hooks +.Bd -literal -compact +void (*register_hooks)(int version, + int (*register_hook)(struct sudo_hook *hook)); +.Ed +.Pp +The +.Fn register_hooks +function is called by the sudo front-end to +register any hooks the plugin needs. +If the plugin does not support hooks, +.Li register_hooks +should be set to the +.Dv NULL +pointer. +.Pp +The +.Em version +argument describes the version of the hooks API +supported by the +.Nm sudo +front-end. +.Pp +The +.Fn register_hook +function should be used to register any supported +hooks the plugin needs. +It returns 0 on success, 1 if the hook type is not supported, and \-1 +if the major version in +.Li struct hook +does not match the front-end's major hook API version. +.Pp +See the +.Sx Hook function API +section below for more information +about hooks. +.Pp +NOTE: the +.Fn register_hooks +function is only available starting +with API version 1.2. +If the +.Nm sudo +front-end doesn't support API +version 1.2 or higher, +.Li register_hooks +will not be called. +.It deregister_hooks +.Bd -literal -compact +void (*deregister_hooks)(int version, + int (*deregister_hook)(struct sudo_hook *hook)); +.Ed +.Pp +The +.Fn deregister_hooks +function is called by the sudo front-end +to deregister any hooks the plugin has registered. +If the plugin does not support hooks, +.Li deregister_hooks +should be set to the +.Dv NULL +pointer. +.Pp +The +.Em version +argument describes the version of the hooks API +supported by the +.Nm sudo +front-end. +.Pp +The +.Fn deregister_hook +function should be used to deregister any +hooks that were put in place by the +.Fn register_hook +function. +If the plugin tries to deregister a hook that the front-end does not support, +.Li deregister_hook +will return an error. +.Pp +See the +.Sx Hook function API +section below for more information +about hooks. +.Pp +NOTE: the +.Fn deregister_hooks +function is only available starting +with API version 1.2. +If the +.Nm sudo +front-end doesn't support API +version 1.2 or higher, +.Li deregister_hooks +will not be called. +.It event_alloc +.Bd -literal -compact +struct sudo_plugin_event * (*event_alloc)(void); +.Ed +.Pp +The +.Fn event_alloc +function is used to allocate a +.Li struct sudo_plugin_event +which provides access to the main +.Nm sudo +event loop. +Unlike the other fields, the +.Fn event_alloc +pointer is filled in by the +.Nm sudo +front-end, not by the plugin. +.Pp +See the +.Sx Event API +section below for more information +about events. +.Pp +NOTE: the +.Fn event_alloc +function is only available starting +with API version 1.15. +If the +.Nm sudo +front-end doesn't support API +version 1.15 or higher, +.Fn event_alloc +will not be set. +.It errstr +If the +.Fn init_session +function returns a value other than 1, the plugin may +store a message describing the failure or error in +.Fa errstr . +The +.Nm sudo +front-end will then pass this value to any registered audit plugins. +The string stored in +.Fa errstr +must remain valid until the plugin's +.Fn close +function is called. +.Pp +NOTE: the +.Fa errstr +parameter is only available starting with +API version 1.15. +A plugin +.Sy must +check the API version specified by the +.Nm sudo +front-end before using +.Fa errstr . +Failure to do so may result in a crash. +.El +.Pp +.Em Policy Plugin Version Macros +.Bd -literal +/* Plugin API version major/minor. */ +#define SUDO_API_VERSION_MAJOR 1 +#define SUDO_API_VERSION_MINOR 13 +#define SUDO_API_MKVERSION(x, y) ((x << 16) | y) +#define SUDO_API_VERSION SUDO_API_MKVERSION(SUDO_API_VERSION_MAJOR,\e + SUDO_API_VERSION_MINOR) + +/* Getters and setters for API version */ +#define SUDO_API_VERSION_GET_MAJOR(v) ((v) >> 16) +#define SUDO_API_VERSION_GET_MINOR(v) ((v) & 0xffff) +#define SUDO_API_VERSION_SET_MAJOR(vp, n) do { \e + *(vp) = (*(vp) & 0x0000ffff) | ((n) << 16); \e +} while(0) +#define SUDO_API_VERSION_SET_MINOR(vp, n) do { \e + *(vp) = (*(vp) & 0xffff0000) | (n); \e +} while(0) +.Ed +.Ss I/O plugin API +.Bd -literal +struct io_plugin { +#define SUDO_IO_PLUGIN 2 + unsigned int type; /* always SUDO_IO_PLUGIN */ + unsigned int version; /* always SUDO_API_VERSION */ + int (*open)(unsigned int version, sudo_conv_t conversation, + sudo_printf_t plugin_printf, char * const settings[], + char * const user_info[], char * const command_info[], + int argc, char * const argv[], char * const user_env[], + char * const plugin_options[], const char **errstr); + void (*close)(int exit_status, int error); /* wait status or error */ + int (*show_version)(int verbose); + int (*log_ttyin)(const char *buf, unsigned int len, + const char **errstr); + int (*log_ttyout)(const char *buf, unsigned int len, + const char **errstr); + int (*log_stdin)(const char *buf, unsigned int len, + const char **errstr); + int (*log_stdout)(const char *buf, unsigned int len, + const char **errstr); + int (*log_stderr)(const char *buf, unsigned int len, + const char **errstr); + void (*register_hooks)(int version, + int (*register_hook)(struct sudo_hook *hook)); + void (*deregister_hooks)(int version, + int (*deregister_hook)(struct sudo_hook *hook)); + int (*change_winsize)(unsigned int lines, unsigned int cols, + const char **errstr); + int (*log_suspend)(int signo, const char **errstr); + struct sudo_plugin_event * (*event_alloc)(void); +}; +.Ed +.Pp +When an I/O plugin is loaded, +.Nm sudo +runs the command in a pseudo-terminal. +This makes it possible to log the input and output from the user's +session. +If any of the standard input, standard output, or standard error do not +correspond to a tty, +.Nm sudo +will open a pipe to capture +the I/O for logging before passing it on. +.Pp +The log_ttyin function receives the raw user input from the terminal +device (note that this will include input even when echo is disabled, +such as when a password is read). +The log_ttyout function receives output from the pseudo-terminal that is +suitable for replaying the user's session at a later time. +The +.Fn log_stdin , +.Fn log_stdout , +and +.Fn log_stderr +functions are only called if the standard input, standard output, +or standard error respectively correspond to something other than +a tty. +.Pp +Any of the logging functions may be set to the +.Dv NULL +pointer if no logging is to be performed. +If the open function returns 0, no I/O will be sent to the plugin. +.Pp +If a logging function returns an error +.Pq \-1 , +the running command will be terminated and all of the plugin's logging +functions will be disabled. +Other I/O logging plugins will still receive any remaining +input or output that has not yet been processed. +.Pp +If an input logging function rejects the data by returning 0, the +command will be terminated and the data will not be passed to the +command, though it will still be sent to any other I/O logging plugins. +If an output logging function rejects the data by returning 0, the +command will be terminated and the data will not be written to the +terminal, though it will still be sent to any other I/O logging plugins. +.Pp +The audit_plugin struct has the following fields: +.Bl -tag -width 4n +.It type +The +.Li type +field should always be set to +.Dv SUDO_IO_PLUGIN . +.It version +The +.Li version +field should be set to +.Dv SUDO_API_VERSION . +.Pp +This allows +.Nm sudo +to determine the API version the plugin was +built against. +.It open +.Bd -literal -compact +int (*open)(unsigned int version, sudo_conv_t conversation, + sudo_printf_t plugin_printf, char * const settings[], + char * const user_info[], char * const command_info[], + int argc, char * const argv[], char * const user_env[], + char * const plugin_options[]); +.Ed +.Pp +The +.Fn open +function is run before the +.Fn log_ttyin , +.Fn log_ttyout , +.Fn log_stdin , +.Fn log_stdout , +.Fn log_stderr , +.Fn log_suspend , +.Fn change_winsize , +or +.Fn show_version +functions are called. +It is only called if the version is being requested or if the +policy plugin's +.Fn check_policy +function has returned successfully. +It returns 1 on success, 0 on failure, \-1 if a general error occurred, +or \-2 if there was a usage error. +In the latter case, +.Nm sudo +will print a usage message before it exits. +If an error occurs, the plugin may optionally call the +.Fn conversation +or +.Fn plugin_printf +function with +.Dv SUDO_CONF_ERROR_MSG +to present additional error information to the user. +.Pp +The function arguments are as follows: +.Bl -tag -width 4n +.It version +The version passed in by +.Nm sudo +allows the plugin to determine the +major and minor version number of the plugin API supported by +.Nm sudo . +.It conversation +A pointer to the +.Fn conversation +function that may be used by the +.Fn show_version +function to display version information (see +.Fn show_version +below). +The +.Fn conversation +function may also be used to display additional error message to the user. +The +.Fn conversation +function returns 0 on success and \-1 on failure. +.It plugin_printf +A pointer to a +.Fn printf Ns -style +function that may be used by the +.Fn show_version +function to display version information (see +show_version below). +The +.Fn plugin_printf +function may also be used to display additional error message to the user. +The +.Fn plugin_printf +function returns number of characters printed on success and \-1 on failure. +.It settings +A vector of user-supplied +.Nm sudo +settings in the form of +.Dq name=value +strings. +The vector is terminated by a +.Dv NULL +pointer. +These settings correspond to options the user specified when running +.Nm sudo . +As such, they will only be present when the corresponding option has +been specified on the command line. +.Pp +When parsing +.Em settings , +the plugin should split on the +.Sy first +equal sign +.Pq Ql = +since the +.Em name +field will never include one +itself but the +.Em value +might. +.Pp +See the +.Sx Policy plugin API +section for a list of all possible settings. +.It user_info +A vector of information about the user running the command in the form of +.Dq name=value +strings. +The vector is terminated by a +.Dv NULL +pointer. +.Pp +When parsing +.Em user_info , +the plugin should split on the +.Sy first +equal sign +.Pq Ql = +since the +.Em name +field will never include one +itself but the +.Em value +might. +.Pp +See the +.Sx Policy plugin API +section for a list of all possible strings. +.It command_info +A vector of information describing the command being run in the form of +.Dq name=value +strings. +The vector is terminated by a +.Dv NULL +pointer. +.Pp +When parsing +.Em command_info , +the plugin should split on the +.Sy first +equal sign +.Pq Ql = +since the +.Em name +field will never include one +itself but the +.Em value +might. +.Pp +See the +.Sx Policy plugin API +section for a list of all possible strings. +.It argc +The number of elements in +.Em argv , +not counting the final +.Dv NULL +pointer. +It can be zero, when +.Nm sudo +is called with +.Fl V . +.It argv +If +.No non- Ns Dv NULL , +an argument vector describing a command the user +wishes to run in the same form as what would be passed to the +.Xr execve 2 +system call. +.It user_env +The user's environment in the form of a +.Dv NULL Ns -terminated +vector of +.Dq name=value +strings. +.Pp +When parsing +.Em user_env , +the plugin should split on the +.Sy first +equal sign +.Pq Ql = +since the +.Em name +field will never include one +itself but the +.Em value +might. +.It plugin_options +Any (non-comment) strings immediately after the plugin path are +treated as arguments to the plugin. +These arguments are split on a white space boundary and are passed to +the plugin in the form of a +.Dv NULL Ns -terminated +array of strings. +If no arguments were specified, +.Em plugin_options +will be the +.Dv NULL +pointer. +.Pp +NOTE: the +.Em plugin_options +parameter is only available starting with +API version 1.2. +A plugin +.Sy must +check the API version specified +by the +.Nm sudo +front-end before using +.Em plugin_options . +Failure to do so may result in a crash. +.It errstr +If the +.Fn open +function returns a value other than 1, the plugin may +store a message describing the failure or error in +.Fa errstr . +The +.Nm sudo +front-end will then pass this value to any registered audit plugins. +The string stored in +.Fa errstr +must remain valid until the plugin's +.Fn close +function is called. +.Pp +NOTE: the +.Fa errstr +parameter is only available starting with +API version 1.15. +A plugin +.Sy must +check the API version specified by the +.Nm sudo +front-end before using +.Fa errstr . +Failure to do so may result in a crash. +.El +.It close +.Bd -literal -compact +void (*close)(int exit_status, int error); +.Ed +.Pp +The +.Fn close +function is called when +.Nm sudo +is finished, shortly before it exits. +.Pp +The function arguments are as follows: +.Bl -tag -width 4n +.It exit_status +The command's exit status, as returned by the +.Xr wait 2 +system call, or zero if no command was run. +The value of +.Li exit_status +is undefined if +.Li error +is non-zero. +.It error +If the command could not be executed, this is set to the value of +.Li errno +set by the +.Xr execve 2 +system call. +If the command was successfully executed, the value of +.Li error +is zero. +.El +.It show_version +.Bd -literal -compact +int (*show_version)(int verbose); +.Ed +.Pp +The +.Fn show_version +function is called by +.Nm sudo +when the user specifies +the +.Fl V +option. +The plugin may display its version information to the user via the +.Fn conversation +or +.Fn plugin_printf +function using +.Dv SUDO_CONV_INFO_MSG . +.Pp +Returns 1 on success, 0 on failure, \-1 if a general error occurred, +or \-2 if there was a usage error, although the return value is currently +ignored. +.It log_ttyin +.Bd -literal -compact +int (*log_ttyin)(const char *buf, unsigned int len, + const char **errstr); +.Ed +.Pp +The +.Fn log_ttyin +function is called whenever data can be read from +the user but before it is passed to the running command. +This allows the plugin to reject data if it chooses to (for instance +if the input contains banned content). +Returns 1 if the data should be passed to the command, 0 if the data +is rejected (which will terminate the running command), or \-1 if an +error occurred. +.Pp +The function arguments are as follows: +.Bl -tag -width 4n +.It buf +The buffer containing user input. +.It len +The length of +.Em buf +in bytes. +.It errstr +If the +.Fn log_ttyin +function returns a value other than 1, the plugin may +store a message describing the failure or error in +.Fa errstr . +The +.Nm sudo +front-end will then pass this value to any registered audit plugins. +The string stored in +.Fa errstr +must remain valid until the plugin's +.Fn close +function is called. +.Pp +NOTE: the +.Fa errstr +parameter is only available starting with +API version 1.15. +A plugin +.Sy must +check the API version specified by the +.Nm sudo +front-end before using +.Fa errstr . +Failure to do so may result in a crash. +.El +.It log_ttyout +.Bd -literal -compact +int (*log_ttyout)(const char *buf, unsigned int len, + const char **errstr); +.Ed +.Pp +The +.Fn log_ttyout +function is called whenever data can be read from +the command but before it is written to the user's terminal. +This allows the plugin to reject data if it chooses to (for instance +if the output contains banned content). +Returns 1 if the data should be passed to the user, 0 if the data is rejected +(which will terminate the running command), or \-1 if an error occurred. +.Pp +The function arguments are as follows: +.Bl -tag -width 4n +.It buf +The buffer containing command output. +.It len +The length of +.Em buf +in bytes. +.It errstr +If the +.Fn log_ttyout +function returns a value other than 1, the plugin may +store a message describing the failure or error in +.Fa errstr . +The +.Nm sudo +front-end will then pass this value to any registered audit plugins. +The string stored in +.Fa errstr +must remain valid until the plugin's +.Fn close +function is called. +.Pp +NOTE: the +.Fa errstr +parameter is only available starting with +API version 1.15. +A plugin +.Sy must +check the API version specified by the +.Nm sudo +front-end before using +.Fa errstr . +Failure to do so may result in a crash. +.El +.It log_stdin +.Bd -literal -compact +int (*log_stdin)(const char *buf, unsigned int len, + const char **errstr); +.Ed +.Pp +The +.Fn log_stdin +function is only used if the standard input does +not correspond to a tty device. +It is called whenever data can be read from the standard input but +before it is passed to the running command. +This allows the plugin to reject data if it chooses to +(for instance if the input contains banned content). +Returns 1 if the data should be passed to the command, 0 if the +data is rejected (which will terminate the running command), or \-1 +if an error occurred. +.Pp +The function arguments are as follows: +.Bl -tag -width 4n +.It buf +The buffer containing user input. +.It len +The length of +.Em buf +in bytes. +.It errstr +If the +.Fn log_stdin +function returns a value other than 1, the plugin may +store a message describing the failure or error in +.Fa errstr . +The +.Nm sudo +front-end will then pass this value to any registered audit plugins. +The string stored in +.Fa errstr +must remain valid until the plugin's +.Fn close +function is called. +.Pp +NOTE: the +.Fa errstr +parameter is only available starting with +API version 1.15. +A plugin +.Sy must +check the API version specified by the +.Nm sudo +front-end before using +.Fa errstr . +Failure to do so may result in a crash. +.El +.It log_stdout +.Bd -literal -compact +int (*log_stdout)(const char *buf, unsigned int len, + const char **errstr); +.Ed +.Pp +The +.Fn log_stdout +function is only used if the standard output does not correspond +to a tty device. +It is called whenever data can be read from the command but before +it is written to the standard output. +This allows the plugin to reject data if it chooses to +(for instance if the output contains banned content). +Returns 1 if the data should be passed to the user, 0 if the data +is rejected (which will terminate the running command), or \-1 if +an error occurred. +.Pp +The function arguments are as follows: +.Bl -tag -width 4n +.It buf +The buffer containing command output. +.It len +The length of +.Em buf +in bytes. +.It errstr +If the +.Fn log_stdout +function returns a value other than 1, the plugin may +store a message describing the failure or error in +.Fa errstr . +The +.Nm sudo +front-end will then pass this value to any registered audit plugins. +The string stored in +.Fa errstr +must remain valid until the plugin's +.Fn close +function is called. +.Pp +NOTE: the +.Fa errstr +parameter is only available starting with +API version 1.15. +A plugin +.Sy must +check the API version specified by the +.Nm sudo +front-end before using +.Fa errstr . +Failure to do so may result in a crash. +.El +.It log_stderr +.Bd -literal -compact +int (*log_stderr)(const char *buf, unsigned int len, + const char **errstr); +.Ed +.Pp +The +.Fn log_stderr +function is only used if the standard error does +not correspond to a tty device. +It is called whenever data can be read from the command but before it +is written to the standard error. +This allows the plugin to reject data if it chooses to +(for instance if the output contains banned content). +Returns 1 if the data should be passed to the user, 0 if the data +is rejected (which will terminate the running command), or \-1 if +an error occurred. +.Pp +The function arguments are as follows: +.Bl -tag -width 4n +.It buf +The buffer containing command output. +.It len +The length of +.Em buf +in bytes. +.It errstr +If the +.Fn log_stderr +function returns a value other than 1, the plugin may +store a message describing the failure or error in +.Fa errstr . +The +.Nm sudo +front-end will then pass this value to any registered audit plugins. +The string stored in +.Fa errstr +must remain valid until the plugin's +.Fn close +function is called. +.Pp +NOTE: the +.Fa errstr +parameter is only available starting with +API version 1.15. +A plugin +.Sy must +check the API version specified by the +.Nm sudo +front-end before using +.Fa errstr . +Failure to do so may result in a crash. +.El +.It register_hooks +See the +.Sx Policy plugin API +section for a description of +.Li register_hooks . +.It deregister_hooks +See the +.Sx Policy plugin API +section for a description of +.Li deregister_hooks . +.It change_winsize +.Bd -literal -compact +int (*change_winsize)(unsigned int lines, unsigned int cols, + const char **errstr); +.Ed +.Pp +The +.Fn change_winsize +function is called whenever the window size of the terminal changes from +the initial values specified in the +.Li user_info +list. +Returns \-1 if an error occurred, in which case no further calls to +.Fn change_winsize +will be made, +.Pp +The function arguments are as follows: +.Bl -tag -width 4n +.It lines +The number of lines (rows) in the re-sized terminal. +.It cols +The number of columns in the re-sized terminal. +.It errstr +If the +.Fn change_winsize +function returns a value other than 1, the plugin may +store a message describing the failure or error in +.Fa errstr . +The +.Nm sudo +front-end will then pass this value to any registered audit plugins. +The string stored in +.Fa errstr +must remain valid until the plugin's +.Fn close +function is called. +.Pp +NOTE: the +.Fa errstr +parameter is only available starting with +API version 1.15. +A plugin +.Sy must +check the API version specified by the +.Nm sudo +front-end before using +.Fa errstr . +Failure to do so may result in a crash. +.El +.It log_suspend +.Bd -literal -compact +int (*log_suspend)(int signo, const char **errstr); +.Ed +.Pp +The +.Fn log_suspend +function is called whenever a command is suspended or resumed. +Logging this information makes it possible to skip the period of time when +the command was suspended during playback of a session. +Returns \-1 if an error occurred, in which case no further calls to +.Fn log_suspend +will be made, +.Pp +The function arguments are as follows: +.Bl -tag -width 4n +.It signo +The signal that caused the command to be suspended, or +.Dv SIGCONT +if the command was resumed. +.It errstr +If the +.Fn log_suspend +function returns a value other than 1, the plugin may +store a message describing the failure or error in +.Fa errstr . +The +.Nm sudo +front-end will then pass this value to any registered audit plugins. +The string stored in +.Fa errstr +must remain valid until the plugin's +.Fn close +function is called. +.Pp +NOTE: the +.Fa errstr +parameter is only available starting with +API version 1.15. +A plugin +.Sy must +check the API version specified by the +.Nm sudo +front-end before using +.Fa errstr . +Failure to do so may result in a crash. +.It event_alloc +.Bd -literal -compact +struct sudo_plugin_event * (*event_alloc)(void); +.Ed +.Pp +The +.Fn event_alloc +function is used to allocate a +.Li struct sudo_plugin_event +which provides access to the main +.Nm sudo +event loop. +Unlike the other fields, the +.Fn event_alloc +pointer is filled in by the +.Nm sudo +front-end, not by the plugin. +.Pp +See the +.Sx Event API +section below for more information +about events. +.Pp +NOTE: the +.Fn event_alloc +function is only available starting +with API version 1.15. +If the +.Nm sudo +front-end doesn't support API +version 1.15 or higher, +.Fn event_alloc +will not be set. +.El +.Pp +.Em I/O Plugin Version Macros +.Pp +Same as for the +.Sx Policy plugin API . +.El +.Ss Audit plugin API +.Bd -literal +/* Audit plugin close function status types. */ +#define SUDO_PLUGIN_NO_STATUS 0 +#define SUDO_PLUGIN_WAIT_STATUS 1 +#define SUDO_PLUGIN_EXEC_ERROR 2 +#define SUDO_PLUGIN_SUDO_ERROR 3 + +#define SUDO_AUDIT_PLUGIN 3 +struct audit_plugin { + unsigned int type; /* always SUDO_AUDIT_PLUGIN */ + unsigned int version; /* always SUDO_API_VERSION */ + int (*open)(unsigned int version, sudo_conv_t conversation, + sudo_printf_t sudo_printf, char * const settings[], + char * const user_info[], int submit_optind, + char * const submit_argv[], char * const submit_envp[], + char * const plugin_options[], const char **errstr); + void (*close)(int status_type, int status); + int (*accept)(const char *plugin_name, + unsigned int plugin_type, char * const command_info[], + char * const run_argv[], char * const run_envp[], + const char **errstr); + int (*reject)(const char *plugin_name, unsigned int plugin_type, + const char *audit_msg, char * const command_info[], + const char **errstr); + int (*error)(const char *plugin_name, unsigned int plugin_type, + const char *audit_msg, char * const command_info[], + const char **errstr); + int (*show_version)(int verbose); + void (*register_hooks)(int version, + int (*register_hook)(struct sudo_hook *hook)); + void (*deregister_hooks)(int version, + int (*deregister_hook)(struct sudo_hook *hook)); + struct sudo_plugin_event * (*event_alloc)(void); +} +.Ed +.Pp +An audit plugin can be used to log successful and unsuccessful attempts +to run +.Nm sudo +independent of the policy or any I/O plugins. +Multiple audit plugins may be specified in +.Xr sudo.conf @mansectform@ . +.Pp +The audit_plugin struct has the following fields: +.Bl -tag -width 4n +.It type +The +.Li type +field should always be set to +.Dv SUDO_AUDIT_PLUGIN . +.It version +The +.Li version +field should be set to +.Dv SUDO_API_VERSION . +.Pp +This allows +.Nm sudo +to determine the API version the plugin was +built against. +.It open +.Bd -literal -compact +int (*open)(unsigned int version, sudo_conv_t conversation, + sudo_printf_t sudo_printf, char * const settings[], + char * const user_info[], int submit_optind, + char * const submit_argv[], char * const submit_envp[], + char * const plugin_options[], const char **errstr); +.Ed +.Pp +The audit +.Fn open +function is run before any other +.Nm sudo +plugin API functions. +This makes it possible to audit failures in the other plugins. +It returns 1 on success, 0 on failure, \-1 if a general error occurred, +or \-2 if there was a usage error. +In the latter case, +.Nm sudo +will print a usage message before it exits. +If an error occurs, the plugin may optionally call the +.Fn conversation +or +.Fn plugin_printf +function with +.Dv SUDO_CONF_ERROR_MSG +to present additional error information to the user. +.Pp +The function arguments are as follows: +.Bl -tag -width 4n +.It version +The version passed in by +.Nm sudo +allows the plugin to determine the +major and minor version number of the plugin API supported by +.Nm sudo . +.It conversation +A pointer to the +.Fn conversation +function that may be used by the +.Fn show_version +function to display version information (see +.Fn show_version +below). +The +.Fn conversation +function may also be used to display additional error message to the user. +The +.Fn conversation +function returns 0 on success, and \-1 on failure. +.It plugin_printf +A pointer to a +.Fn printf Ns -style +function that may be used by the +.Fn show_version +function to display version information (see +show_version below). +The +.Fn plugin_printf +function may also be used to display additional error message to the user. +The +.Fn plugin_printf +function returns number of characters printed on success and \-1 on failure. +.It settings +A vector of user-supplied +.Nm sudo +settings in the form of +.Dq name=value +strings. +The vector is terminated by a +.Dv NULL +pointer. +These settings correspond to options the user specified when running +.Nm sudo . +As such, they will only be present when the corresponding option has +been specified on the command line. +.Pp +When parsing +.Em settings , +the plugin should split on the +.Sy first +equal sign +.Pq Ql = +since the +.Em name +field will never include one +itself but the +.Em value +might. +.Pp +See the +.Sx Policy plugin API +section for a list of all possible settings. +.It user_info +A vector of information about the user running the command in the form of +.Dq name=value +strings. +The vector is terminated by a +.Dv NULL +pointer. +.Pp +When parsing +.Em user_info , +the plugin should split on the +.Sy first +equal sign +.Pq Ql = +since the +.Em name +field will never include one +itself but the +.Em value +might. +.Pp +See the +.Sx Policy plugin API +section for a list of all possible strings. +.It submit_optind +The index into +.Fa submit_argv +that corresponds to the first entry that is not a command line option. +If +.Fa submit_argv +only consists of options, which may be the case with the +.Fl l +or +.Fl v +options, +.Li submit_argv[submit_optind] +will evaluate to the NULL pointer. +.It submit_argv +The argument vector +.Nm sudo +was invoked with, including all command line options. +The +.Fa submit_optind +argument can be used to determine the end of the command line options. +.It submit_envp +The invoking user's environment in the form of a +.Dv NULL Ns -terminated +vector of +.Dq name=value +strings. +.Pp +When parsing +.Em submit_envp , +the plugin should split on the +.Sy first +equal sign +.Pq Ql = +since the +.Em name +field will never include one +itself but the +.Em value +might. +.It plugin_options +Any (non-comment) strings immediately after the plugin path are +treated as arguments to the plugin. +These arguments are split on a white space boundary and are passed to +the plugin in the form of a +.Dv NULL Ns -terminated +array of strings. +If no arguments were specified, +.Em plugin_options +will be the +.Dv NULL +pointer. +.It errstr +If the +.Fn open +function returns a value other than 1, the plugin may +store a message describing the failure or error in +.Fa errstr . +The +.Nm sudo +front-end will then pass this value to any registered audit plugins. +The string stored in +.Fa errstr +must remain valid until the plugin's +.Fn close +function is called. +.El +.It close +.Bd -literal -compact +void (*close)(int status_type, int status); +.Ed +.Pp +The +.Fn close +function is called when +.Nm sudo +is finished, shortly before it exits. +.Pp +The function arguments are as follows: +.Bl -tag -width 4n +.It status_type +The type of status being passed. +One of +.Dv SUDO_PLUGIN_NO_STATUS , +.Dv SUDO_PLUGIN_WAIT_STATUS , +.Dv SUDO_PLUGIN_EXEC_ERROR +or +.Dv SUDO_PLUGIN_SUDO_ERROR . +.It status +Depending on the value of +.Fa status_type , +this value is either +ignored, the command's exit status as returned by the +.Xr wait 2 +system call, the value of +.Li errno +set by the +.Xr execve 2 +system call, or the value of +.Li errno +resulting from an error in the +.Nm sudo +front-end. +.El +.It accept +.Bd -literal -compact +int (*accept)(const char *plugin_name, unsigned int plugin_type, + char * const command_info[], char * const run_argv[], + char * const run_envp[], const char **errstr); +.Ed +.Pp +The +.Fn accept +function is called when a command or action is accepted by a policy +or approval plugin. +The function arguments are as follows: +.Bl -tag -width 4n +.It plugin_name +The name of the plugin that accepted the command or +.Dq sudo +for the +.Nm sudo +front-end. +.It plugin_type +The type of plugin that accepted the command, currently either +.Dv SUDO_POLICY_PLUGIN , +.Dv SUDO_POLICY_APPROVAL , +or +.Dv SUDO_FRONT_END . +The +.Fn accept +function is called multiple times--once for each policy or approval +plugin that succeeds and once for the sudo front-end. +When called on behalf of the sudo front-end, +.Fa command_info +may include information from an I/O logging plugin as well. +.Pp +Typically, an audit plugin is interested in either the accept status from +the +.Nm sudo +front-end or from the various policy and approval plugins, but not both. +It is possible for the policy plugin to accept a command that is +later rejected by an approval plugin, in which case the audit +plugin's +.Fn accept +and +.Fn reject +functions will +.Em both +be called. +.It command_info +An optional +vector of information describing the command being run in the form of +.Dq name=value +strings. +The vector is terminated by a +.Dv NULL +pointer. +.Pp +When parsing +.Em command_info , +the plugin should split on the +.Sy first +equal sign +.Pq Ql = +since the +.Em name +field will never include one +itself but the +.Em value +might. +.Pp +See the +.Sx Policy plugin API +section for a list of all possible strings. +.It run_argv +A +.Dv NULL Ns -terminated +argument vector describing a command that will be run in the +same form as what would be passed to the +.Xr execve 2 +system call. +.It run_envp +The environment the command will be run with in the form of a +.Dv NULL Ns -terminated +vector of +.Dq name=value +strings. +.Pp +When parsing +.Em run_envp , +the plugin should split on the +.Sy first +equal sign +.Pq Ql = +since the +.Em name +field will never include one +itself but the +.Em value +might. +.It errstr +If the +.Fn accept +function returns a value other than 1, the plugin may +store a message describing the failure or error in +.Fa errstr . +The +.Nm sudo +front-end will then pass this value to any registered audit plugins. +The string stored in +.Fa errstr +must remain valid until the plugin's +.Fn close +function is called. +.El +.It reject +.Bd -literal -compact +int (*reject)(const char *plugin_name, unsigned int plugin_type, + const char *audit_msg, char * const command_info[], + const char **errstr); +.Ed +.Pp +The +.Fn reject +function is called when a command or action is rejected by a plugin. +The function arguments are as follows: +.Bl -tag -width 4n +.It plugin_name +The name of the plugin that rejected the command. +.It plugin_type +The type of plugin that rejected the command, currently either +.Dv SUDO_POLICY_PLUGIN , +.Dv SUDO_APPROVAL_PLUGIN , +or +.Dv SUDO_IO_PLUGIN . +.Pp +Unlike the +.Fn accept +function, the +.Fn reject +function is not called on behalf of the +.Nm sudo +front-end. +.It audit_msg +An optional string describing the reason the command was rejected +by the plugin. +If the plugin did not provide a reason, +.Fa audit_msg +will be the +.Dv NULL +pointer. +.It command_info +An optional +vector of information describing the command being run in the form of +.Dq name=value +strings. +The vector is terminated by a +.Dv NULL +pointer. +.Pp +When parsing +.Em command_info , +the plugin should split on the +.Sy first +equal sign +.Pq Ql = +since the +.Em name +field will never include one +itself but the +.Em value +might. +.Pp +See the +.Sx Policy plugin API +section for a list of all possible strings. +.It errstr +If the +.Fn reject +function returns a value other than 1, the plugin may +store a message describing the failure or error in +.Fa errstr . +The +.Nm sudo +front-end will then pass this value to any registered audit plugins. +The string stored in +.Fa errstr +must remain valid until the plugin's +.Fn close +function is called. +.El +.It error +.Bd -literal -compact +int (*error)(const char *plugin_name, unsigned int plugin_type, + const char *audit_msg, char * const command_info[], + const char **errstr); +.Ed +.Pp +The +.Fn error +function is called when a plugin or the +.Nm sudo +front-end returns an error. +The function arguments are as follows: +.Bl -tag -width 4n +.It plugin_name +The name of the plugin that generated the error or +.Dq sudo +for the +.Nm sudo +front-end. +.It plugin_type +The type of plugin that generated the error, or +.Dv SUDO_FRONT_END +for the +.Nm sudo +front-end. +.It audit_msg +An optional string describing the plugin error. +If the plugin did not provide a description, +.Fa audit_msg +will be the +.Dv NULL +pointer. +.It command_info +An optional +vector of information describing the command being run in the form of +.Dq name=value +strings. +The vector is terminated by a +.Dv NULL +pointer. +.Pp +When parsing +.Em command_info , +the plugin should split on the +.Sy first +equal sign +.Pq Ql = +since the +.Em name +field will never include one +itself but the +.Em value +might. +.Pp +See the +.Sx Policy plugin API +section for a list of all possible strings. +.It errstr +If the +.Fn error +function returns a value other than 1, the plugin may +store a message describing the failure or error in +.Fa errstr . +The +.Nm sudo +front-end will then pass this value to any registered audit plugins. +The string stored in +.Fa errstr +must remain valid until the plugin's +.Fn close +function is called. +.El +.It show_version +.Bd -literal -compact +int (*show_version)(int verbose); +.Ed +.Pp +The +.Fn show_version +function is called by +.Nm sudo +when the user specifies +the +.Fl V +option. +The plugin may display its version information to the user via the +.Fn conversation +or +.Fn plugin_printf +function using +.Dv SUDO_CONV_INFO_MSG . +If the user requests detailed version information, the verbose flag will be set. +.Pp +Returns 1 on success, 0 on failure, \-1 if a general error occurred, +or \-2 if there was a usage error, although the return value is currently +ignored. +.It register_hooks +See the +.Sx Policy plugin API +section for a description of +.Li register_hooks . +.It deregister_hooks +See the +.Sx Policy plugin API +section for a description of +.Li deregister_hooks . +.It event_alloc +.Bd -literal -compact +struct sudo_plugin_event * (*event_alloc)(void); +.Ed +.Pp +The +.Fn event_alloc +function is used to allocate a +.Li struct sudo_plugin_event +which provides access to the main +.Nm sudo +event loop. +Unlike the other fields, the +.Fn event_alloc +pointer is filled in by the +.Nm sudo +front-end, not by the plugin. +.Pp +See the +.Sx Event API +section below for more information +about events. +.Pp +NOTE: the +.Fn event_alloc +function is only available starting +with API version 1.17. +If the +.Nm sudo +front-end doesn't support API +version 1.17 or higher, +.Fn event_alloc +will not be set. +.El +.Ss Approval plugin API +.Bd -literal +struct approval_plugin { +#define SUDO_APPROVAL_PLUGIN 4 + unsigned int type; /* always SUDO_APPROVAL_PLUGIN */ + unsigned int version; /* always SUDO_API_VERSION */ + int (*open)(unsigned int version, sudo_conv_t conversation, + sudo_printf_t sudo_printf, char * const settings[], + char * const user_info[], int submit_optind, + char * const submit_argv[], char * const submit_envp[], + char * const plugin_options[], const char **errstr); + void (*close)(void); + int (*check)(char * const command_info[], char * const run_argv[], + char * const run_envp[], const char **errstr); + int (*show_version)(int verbose); +}; +.Ed +.Pp +An approval plugin can be used to apply extra constraints after a +command has been accepted by the policy plugin. +Unlike the other plugin types, it does not remain open until the command +completes. +The plugin is opened before a call to +.Fn check +or +.Fn show_version +and closed shortly thereafter (audit plugin functions must be called +before the plugin is closed). +Multiple approval plugins may be specified in +.Xr sudo.conf @mansectform@ . +.Pp +The approval_plugin struct has the following fields: +.Bl -tag -width 4n +.It type +The +.Li type +field should always be set to +.Dv SUDO_APPROVAL_PLUGIN . +.It version +The +.Li version +field should be set to +.Dv SUDO_API_VERSION . +.Pp +This allows +.Nm sudo +to determine the API version the plugin was +built against. +.It open +.Bd -literal -compact +int (*open)(unsigned int version, sudo_conv_t conversation, + sudo_printf_t sudo_printf, char * const settings[], + char * const user_info[], int submit_optind, + char * const submit_argv[], char * const submit_envp[], + char * const plugin_options[], const char **errstr); +.Ed +.Pp +The approval +.Fn open +function is run immediately before a call to the plugin's +.Fn check +or +.Fn show_version +functions. +It is only called if the version is being requested or if the +policy plugin's +.Fn check_policy +function has returned successfully. +It returns 1 on success, 0 on failure, \-1 if a general error occurred, +or \-2 if there was a usage error. +In the latter case, +.Nm sudo +will print a usage message before it exits. +If an error occurs, the plugin may optionally call the +.Fn conversation +or +.Fn plugin_printf +function with +.Dv SUDO_CONF_ERROR_MSG +to present additional error information to the user. +.Pp +The function arguments are as follows: +.Bl -tag -width 4n +.It version +The version passed in by +.Nm sudo +allows the plugin to determine the +major and minor version number of the plugin API supported by +.Nm sudo . +.It conversation +A pointer to the +.Fn conversation +function that can be used by the plugin to interact with the user (see +.Sx Conversation API +for details). +Returns 0 on success and \-1 on failure. +.It plugin_printf +A pointer to a +.Fn printf Ns -style +function that may be used to display informational or error messages (see +.Sx Conversation API +for details). +Returns the number of characters printed on success and \-1 on failure. +.It settings +A vector of user-supplied +.Nm sudo +settings in the form of +.Dq name=value +strings. +The vector is terminated by a +.Dv NULL +pointer. +These settings correspond to options the user specified when running +.Nm sudo . +As such, they will only be present when the corresponding option has +been specified on the command line. +.Pp +When parsing +.Em settings , +the plugin should split on the +.Sy first +equal sign +.Pq Ql = +since the +.Em name +field will never include one +itself but the +.Em value +might. +.Pp +See the +.Sx Policy plugin API +section for a list of all possible settings. +.It user_info +A vector of information about the user running the command in the form of +.Dq name=value +strings. +The vector is terminated by a +.Dv NULL +pointer. +.Pp +When parsing +.Em user_info , +the plugin should split on the +.Sy first +equal sign +.Pq Ql = +since the +.Em name +field will never include one +itself but the +.Em value +might. +.Pp +See the +.Sx Policy plugin API +section for a list of all possible strings. +.It submit_optind +The index into +.Fa submit_argv +that corresponds to the first entry that is not a command line option. +If +.Fa submit_argv +only consists of options, which may be the case with the +.Fl l +or +.Fl v +options, +.Li submit_argv[submit_optind] +will evaluate to the NULL pointer. +.It submit_argv +The argument vector +.Nm sudo +was invoked with, including all command line options. +The +.Fa submit_optind +argument can be used to determine the end of the command line options. +.It submit_envp +The invoking user's environment in the form of a +.Dv NULL Ns -terminated +vector of +.Dq name=value +strings. +.Pp +When parsing +.Em submit_envp , +the plugin should split on the +.Sy first +equal sign +.Pq Ql = +since the +.Em name +field will never include one +itself but the +.Em value +might. +.It plugin_options +Any (non-comment) strings immediately after the plugin path are +treated as arguments to the plugin. +These arguments are split on a white space boundary and are passed to +the plugin in the form of a +.Dv NULL Ns -terminated +array of strings. +If no arguments were specified, +.Em plugin_options +will be the +.Dv NULL +pointer. +.It errstr +If the +.Fn open +function returns a value other than 1, the plugin may +store a message describing the failure or error in +.Fa errstr . +The +.Nm sudo +front-end will then pass this value to any registered audit plugins. +The string stored in +.Fa errstr +must remain valid until the plugin's +.Fn close +function is called. +.El +.It close +.Bd -literal -compact +void (*close)(void); +.Ed +.Pp +The +.Fn close +function is called after the approval plugin's +.Fn check +or +.Fn show_version +functions have been called. +It takes no arguments. +The +.Fn close +function is typically used to perform plugin-specific cleanup, +such as the freeing of memory objects allocated by the plugin. +If the plugin does not need to perform any cleanup, +.Fn close +may be set to the +.Dv NULL +pointer. +.It check +.Bd -literal -compact +int (*check)(char * const command_info[], char * const run_argv[], + char * const run_envp[], const char **errstr); +.Ed +.Pp +The approval +.Fn check +function is run after the policy plugin +.Fn check_policy +function and before any I/O logging plugins. +If multiple approval plugins are loaded, they must all succeed for +the command to be allowed. +It returns 1 on success, 0 on failure, \-1 if a general error occurred, +or \-2 if there was a usage error. +In the latter case, +.Nm sudo +will print a usage message before it exits. +If an error occurs, the plugin may optionally call the +.Fn conversation +or +.Fn plugin_printf +function with +.Dv SUDO_CONF_ERROR_MSG +to present additional error information to the user. +.Pp +The function arguments are as follows: +.Bl -tag -width 4n +.It command_info +A vector of information describing the command being run in the form of +.Dq name=value +strings. +The vector is terminated by a +.Dv NULL +pointer. +.Pp +When parsing +.Em command_info , +the plugin should split on the +.Sy first +equal sign +.Pq Ql = +since the +.Em name +field will never include one +itself but the +.Em value +might. +.Pp +See the +.Sx Policy plugin API +section for a list of all possible strings. +.It run_argv +A +.Dv NULL Ns -terminated +argument vector describing a command that will be run in the +same form as what would be passed to the +.Xr execve 2 +system call. +.It run_envp +The environment the command will be run with in the form of a +.Dv NULL Ns -terminated +vector of +.Dq name=value +strings. +.Pp +When parsing +.Em run_envp , +the plugin should split on the +.Sy first +equal sign +.Pq Ql = +since the +.Em name +field will never include one +itself but the +.Em value +might. +.It errstr +If the +.Fn open +function returns a value other than 1, the plugin may +store a message describing the failure or error in +.Fa errstr . +The +.Nm sudo +front-end will then pass this value to any registered audit plugins. +The string stored in +.Fa errstr +must remain valid until the plugin's +.Fn close +function is called. +.El +.It show_version +.Bd -literal -compact +int (*show_version)(int verbose); +.Ed +.Pp +The +.Fn show_version +function is called by +.Nm sudo +when the user specifies +the +.Fl V +option. +The plugin may display its version information to the user via the +.Fn conversation +or +.Fn plugin_printf +function using +.Dv SUDO_CONV_INFO_MSG . +If the user requests detailed version information, the verbose flag will be set. +.Pp +Returns 1 on success, 0 on failure, \-1 if a general error occurred, +or \-2 if there was a usage error, although the return value is currently +ignored. +.El +.Ss Signal handlers +The +.Nm sudo +front-end installs default signal handlers to trap common signals +while the plugin functions are run. +The following signals are trapped by default before the command is +executed: +.Pp +.Bl -bullet -compact -width 1n +.It +.Dv SIGALRM +.It +.Dv SIGHUP +.It +.Dv SIGINT +.It +.Dv SIGPIPE +.It +.Dv SIGQUIT +.It +.Dv SIGTERM +.It +.Dv SIGTSTP +.It +.Dv SIGUSR1 +.It +.Dv SIGUSR2 +.El +.Pp +If a fatal signal is received before the command is executed, +.Nm sudo +will call the plugin's +.Fn close +function with an exit status of 128 plus the value of the signal +that was received. +This allows for consistent logging of commands killed by a signal +for plugins that log such information in their +.Fn close +function. +An exception to this is +.Ev SIGPIPE , +which is ignored until the command is executed. +.Pp +A plugin may temporarily install its own signal handlers but must +restore the original handler before the plugin function returns. +.Ss Hook function API +Beginning with plugin API version 1.2, it is possible to install +hooks for certain functions called by the +.Nm sudo +front-end. +.Pp +Currently, the only supported hooks relate to the handling of +environment variables. +Hooks can be used to intercept attempts to get, set, or remove +environment variables so that these changes can be reflected in +the version of the environment that is used to execute a command. +A future version of the API will support hooking internal +.Nm sudo +front-end functions as well. +.Pp +.Em Hook structure +.Pp +Hooks in +.Nm sudo +are described by the following structure: +.Bd -literal +typedef int (*sudo_hook_fn_t)(); + +struct sudo_hook { + unsigned int hook_version; + unsigned int hook_type; + sudo_hook_fn_t hook_fn; + void *closure; +}; +.Ed +.Pp +The +.Li sudo_hook +structure has the following fields: +.Bl -tag -width 4n +.It hook_version +The +.Li hook_version +field should be set to +.Dv SUDO_HOOK_VERSION . +.It hook_type +The +.Li hook_type +field may be one of the following supported hook types: +.Bl -tag -width 4n +.It Dv SUDO_HOOK_SETENV +The C library +.Xr setenv 3 +function. +Any registered hooks will run before the C library implementation. +The +.Li hook_fn +field should +be a function that matches the following typedef: +.Bd -literal +typedef int (*sudo_hook_fn_setenv_t)(const char *name, + const char *value, int overwrite, void *closure); +.Ed +.Pp +If the registered hook does not match the typedef the results are +unspecified. +.It Dv SUDO_HOOK_UNSETENV +The C library +.Xr unsetenv 3 +function. +Any registered hooks will run before the C library implementation. +The +.Li hook_fn +field should +be a function that matches the following typedef: +.Bd -literal +typedef int (*sudo_hook_fn_unsetenv_t)(const char *name, + void *closure); +.Ed +.It Dv SUDO_HOOK_GETENV +The C library +.Xr getenv 3 +function. +Any registered hooks will run before the C library implementation. +The +.Li hook_fn +field should +be a function that matches the following typedef: +.Bd -literal +typedef int (*sudo_hook_fn_getenv_t)(const char *name, + char **value, void *closure); +.Ed +.Pp +If the registered hook does not match the typedef the results are +unspecified. +.It Dv SUDO_HOOK_PUTENV +The C library +.Xr putenv 3 +function. +Any registered hooks will run before the C library implementation. +The +.Li hook_fn +field should +be a function that matches the following typedef: +.Bd -literal +typedef int (*sudo_hook_fn_putenv_t)(char *string, + void *closure); +.Ed +.Pp +If the registered hook does not match the typedef the results are +unspecified. +.El +.It hook_fn +sudo_hook_fn_t hook_fn; +.Pp +The +.Li hook_fn +field should be set to the plugin's hook implementation. +The actual function arguments will vary depending on the +.Li hook_type +(see +.Li hook_type +above). +In all cases, the +.Li closure +field of +.Li struct sudo_hook +is passed as the last function parameter. +This can be used to pass arbitrary data to the plugin's hook implementation. +.Pp +The function return value may be one of the following: +.Bl -tag -width 4n +.It Dv SUDO_HOOK_RET_ERROR +The hook function encountered an error. +.It Dv SUDO_HOOK_RET_NEXT +The hook completed without error, go on to the next hook (including +the system implementation if applicable). +For example, a +.Xr getenv 3 +hook might return +.Dv SUDO_HOOK_RET_NEXT +if the specified variable was not found in the private copy of the environment. +.It Dv SUDO_HOOK_RET_STOP +The hook completed without error, stop processing hooks for this invocation. +This can be used to replace the system implementation. +For example, a +.Li setenv +hook that operates on a private copy of +the environment but leaves +.Li environ +unchanged. +.El +.El +.Pp +Note that it is very easy to create an infinite loop when hooking +C library functions. +For example, a +.Xr getenv 3 +hook that calls the +.Xr snprintf 3 +function may create a loop if the +.Xr snprintf 3 +implementation calls +.Xr getenv 3 +to check the locale. +To prevent this, you may wish to use a static variable in the hook +function to guard against nested calls. +For example: +.Bd -literal +static int in_progress = 0; /* avoid recursion */ +if (in_progress) + return SUDO_HOOK_RET_NEXT; +in_progress = 1; +\&... +in_progress = 0; +return SUDO_HOOK_RET_STOP; +.Ed +.Pp +.Em Hook API Version Macros +.Bd -literal +/* Hook API version major/minor */ +#define SUDO_HOOK_VERSION_MAJOR 1 +#define SUDO_HOOK_VERSION_MINOR 0 +#define SUDO_HOOK_VERSION SUDO_API_MKVERSION(SUDO_HOOK_VERSION_MAJOR,\e + SUDO_HOOK_VERSION_MINOR) +.Ed +.Pp +For getters and setters see the +.Sx Policy plugin API . +.Ss Event API +When +.Nm sudo +runs a command, it uses an event loop to service signals and I/O. +Events may be triggered based on time, a file or socket descriptor +becoming ready, or due to receipt of a signal. +Starting with API version 1.15, it is possible for a plugin to +participate in this event loop by calling the +.Fn event_alloc +function. +.Pp +.Em Event structure +.Pp +Events are described by the following structure: +.Pp +.Bd -literal -compact +typedef void (*sudo_plugin_ev_callback_t)(int fd, int what, void *closure); + +struct sudo_plugin_event { + int (*set)(struct sudo_plugin_event *pev, int fd, int events, + sudo_plugin_ev_callback_t callback, void *closure); + int (*add)(struct sudo_plugin_event *pev, struct timespec *timeout); + int (*del)(struct sudo_plugin_event *pev); + int (*pending)(struct sudo_plugin_event *pev, int events, + struct timespec *ts); + int (*fd)(struct sudo_plugin_event *pev); + void (*setbase)(struct sudo_plugin_event *pev, void *base); + void (*loopbreak)(struct sudo_plugin_event *pev); + void (*free)(struct sudo_plugin_event *pev); +}; +.Ed +.Pp +The sudo_plugin_event struct contains the following function pointers: +.Bl -tag -width 4n +.It Fn set +.Bd -literal -compact +int (*set)(struct sudo_plugin_event *pev, int fd, int events, + sudo_plugin_ev_callback_t callback, void *closure); +.Ed +.Pp +The +.Fn set +function takes the following arguments: +.Bl -tag -width 4n +.It struct sudo_plugin_event * Ns Fa pev +A pointer to the struct sudo_plugin_event itself. +.It Fa fd +The file or socket descriptor for I/O-based events or the signal +number for signal events. +For time-based events, +.Fa fd +must be \-1. +.It Fa events +The following values determine what will trigger the event callback: +.Bl -tag -width 4n +.It SUDO_PLUGIN_EV_TIMEOUT +callback is run after the specified timeout expires +.It SUDO_PLUGIN_EV_READ +callback is run when the file descriptor is readable +.It SUDO_PLUGIN_EV_WRITE +callback is run when the file descriptor is writable +.It SUDO_PLUGIN_EV_PERSIST +event is persistent and remains enabled until explicitly deleted +.It SUDO_PLUGIN_EV_SIGNAL +callback is run when the specified signal is received +.El +.Pp +The +.Ev SUDO_PLUGIN_EV_PERSIST +flag may be ORed with any of the event types. +It is also possible to OR +.Ev SUDO_PLUGIN_EV_READ +and +.Ev SUDO_PLUGIN_EV_WRITE +together to run the callback when a descriptor is ready to be +either read from or written to. +All other event values are mutually exclusive. +.It sudo_plugin_ev_callback_t Fa callback +.Bd -literal -compact +typedef void (*sudo_plugin_ev_callback_t)(int fd, int what, + void *closure); +.Ed +.Pp +The function to call when an event is triggered. +The +.Fn callback +function is run with the following arguments: +.Bl -tag -width 4n +.It Fa fd +The file or socket descriptor for I/O-based events or the signal +number for signal events. +.It Fa what +The event type that triggered that callback. +For events that have multiple event types (for example +.Ev SUDO_PLUGIN_EV_READ +and +.Ev SUDO_PLUGIN_EV_WRITE ) +or have an associated timeout, +.Fa what +can be used to determine why the callback was run. +.It Fa closure +The generic pointer that was specified in the +.Fn set +function. +.El +.It closure +A generic pointer that will be passed to the callback function. +.El +.Pp +The +.Fn set +function returns 1 on success, and \-1 if a error occurred. +.It Fn add +.Bd -literal -compact +int (*add)(struct sudo_plugin_event *pev, struct timespec *timeout); +.Ed +.Pp +The +.Fn add +function adds the event +.Fa pev +to +.Nm sudo Ns No 's +event loop. +The event must have previously been initialized via the +.Fn set +function. +If the +.Fa timeout +argument is not NULL, it should specify a (relative) timeout after +which the event will be triggered if the main event criteria has +not been met. +This is often used to implement an I/O timeout where the event +will fire if a descriptor is not ready within a certain time +period. +If the event is already present in the event loop, its +.Fa timeout +will be adjusted to match the new value, if any. +.Pp +The +.Fn add +function returns 1 on success, and \-1 if a error occurred. +.It Fn del +.Bd -literal -compact +int (*del)(struct sudo_plugin_event *pev); +.Ed +.Pp +The +.Fn del +function deletes the event +.Fa pev +from +.Nm sudo Ns No 's +event loop. +Deleted events can be added back via the +.Fn add +function. +.Pp +The +.Fn del +function returns 1 on success, and \-1 if a error occurred. +.It Fn pending +.Bd -literal -compact +int (*pending)(struct sudo_plugin_event *pev, int events, + struct timespec *ts); +.Ed +.Pp +The +.Fn pending +function can be used to determine whether one or more events is pending. +The +.Fa events +argument specifies which events to check for. +See the +.Fn set +function for a list of valid event types. +If +.Dv SUDO_PLUGIN_EV_TIMEOUT +is specified in +.Dv events , +the event has an associated timeout and the +.Fa ts +pointer is non-NULL, it will be filled in with the remaining time. +.It Fn fd +.Bd -literal -compact +int (*fd)(struct sudo_plugin_event *pev); +.Ed +.Pp +The +.Fn fd +function returns the descriptor or signal number associated with +the event +.Fa pev . +.It Fn setbase +.Bd -literal -compact +void (*setbase)(struct sudo_plugin_event *pev, void *base); +.Ed +.Pp +The +.Fn setbase +function sets the underlying event +.Fa base +for +.Fa pev +to the specified value. +This can be used to move an event created via +.Fn event_alloc +to a new event loop allocated by sudo's event subsystem. +If +.Fa base +is +.Dv NULL , +.Fa pev Ns 's +event base is reset to the default value, which corresponds to +.Nm sudo Ns 's +main event loop. +Using this function requires linking the plugin with the sudo_util +library. +It is unlikely to be used outside of the +.Nm sudoers +plugin. +.It Fn loopbreak +.Bd -literal -compact +void (*loopbreak)(struct sudo_plugin_event *pev); +.Ed +.Pp +The +.Fn loopbreak +function causes +.Nm sudo Ns No 's +event loop to exit immediately and the running command to be terminated. +.It Fn free +.Bd -literal -compact +void (*free)(struct sudo_plugin_event *pev); +.Ed +.Pp +The +.Fn free +function deletes the event +.Fa pev +from the event loop and frees the memory associated with it. +.El +.Ss Remote command execution +The +.Nm sudo +front-end does not support running remote commands. +However, starting with +.Nm sudo +1.8.8, the +.Fl h +option may be used to specify a remote host that is passed +to the policy plugin. +A plugin may also accept a +.Em runas_user +in the form of +.Dq user@hostname +which will work with older versions of +.Nm sudo . +It is anticipated that remote commands will be supported by executing a +.Dq helper +program. +The policy plugin should setup the execution environment such that the +.Nm sudo +front-end will run the helper which, in turn, will connect to the +remote host and run the command. +.Pp +For example, the policy plugin could utilize +.Nm ssh +to perform remote command execution. +The helper program would be responsible for running +.Nm ssh +with the proper options to use a private key or certificate +that the remote host will accept and run a program +on the remote host that would setup the execution environment +accordingly. +.Pp +Note that remote +.Nm sudoedit +functionality must be handled by the policy plugin, not +.Nm sudo +itself as the front-end has no knowledge that a remote command is +being executed. +This may be addressed in a future revision of the plugin API. +.Ss Conversation API +If the plugin needs to interact with the user, it may do so via the +.Fn conversation +function. +A plugin should not attempt to read directly from the standard input +or the user's tty (neither of which are guaranteed to exist). +The caller must include a trailing newline in +.Li msg +if one is to be printed. +.Pp +A +.Fn printf Ns -style +function is also available that can be used to display informational +or error messages to the user, which is usually more convenient for +simple messages where no use input is required. +.Pp +.Em Conversation function structures +.Pp +The conversation function takes as arguments pointers to the following +structures: +.Bd -literal +struct sudo_conv_message { +#define SUDO_CONV_PROMPT_ECHO_OFF 0x0001 /* do not echo user input */ +#define SUDO_CONV_PROMPT_ECHO_ON 0x0002 /* echo user input */ +#define SUDO_CONV_ERROR_MSG 0x0003 /* error message */ +#define SUDO_CONV_INFO_MSG 0x0004 /* informational message */ +#define SUDO_CONV_PROMPT_MASK 0x0005 /* mask user input */ +#define SUDO_CONV_PROMPT_ECHO_OK 0x1000 /* flag: allow echo if no tty */ +#define SUDO_CONV_PREFER_TTY 0x2000 /* flag: use tty if possible */ + int msg_type; + int timeout; + const char *msg; +}; + +#define SUDO_CONV_REPL_MAX 1023 + +struct sudo_conv_reply { + char *reply; +}; + +typedef int (*sudo_conv_callback_fn_t)(int signo, void *closure); +struct sudo_conv_callback { + unsigned int version; + void *closure; + sudo_conv_callback_fn_t on_suspend; + sudo_conv_callback_fn_t on_resume; +}; +.Ed +.Pp +Pointers to the +.Fn conversation +and +.Fn printf Ns -style +functions are passed +in to the plugin's +.Fn open +function when the plugin is initialized. +The following type definitions can be used in the declaration of the +.Fn open +function: +.Bd -literal +typedef int (*sudo_conv_t)(int num_msgs, + const struct sudo_conv_message msgs[], + struct sudo_conv_reply replies[], struct sudo_conv_callback *callback); + +typedef int (*sudo_printf_t)(int msg_type, const char *fmt, ...); +.Ed +.Pp +To use the +.Fn conversation +function, the plugin must pass an array of +.Li sudo_conv_message +and +.Li sudo_conv_reply +structures. +There must be a +.Li struct sudo_conv_message +and +.Li struct sudo_conv_reply +for +each message in the conversation, that is, both arrays must have the same +number of elements. +Each +.Li struct sudo_conv_reply +must have its +.Em reply +member initialized to +.Dv NULL . +The +.Li struct sudo_conv_callback +pointer, if not +.Dv NULL , +should contain function pointers to be called when the +.Nm sudo +process is suspended and/or resumed during conversation input. +The +.Fa on_suspend +and +.Fa on_resume +functions are called with the signal that caused +.Nm sudo +to be suspended and the +.Fa closure +pointer from the +.Li struct sudo_conv_callback . +These functions should return 0 on success and \-1 on error. +On error, the conversation will end and the conversation function +will return a value of \-1. +The intended use is to allow the plugin to release resources, such as locks, +that should not be held indefinitely while suspended and then reacquire them +when the process is resumed. +Note that the functions are not actually invoked from within a signal handler. +.Pp +The +.Em msg_type +must be set to one of the following values: +.Bl -tag -width 4n +.It SUDO_CONV_PROMPT_ECHO_OFF +Prompt the user for input with echo disabled; +this is generally used for passwords. +The reply will be stored in the +.Em replies +array, and it will never be +.Dv NULL . +.It SUDO_CONV_PROMPT_ECHO_ON +Prompt the user for input with echo enabled. +The reply will be stored in the +.Em replies +array, and it will never be +.Dv NULL . +.It SUDO_CONV_ERROR_MSG +Display an error message. +The message is written to the standard error unless the +.Dv SUDO_CONV_PREFER_TTY +flag is set, in which case it is written to the user's terminal if possible. +.It SUDO_CONV_INFO_MSG +Display a message. +The message is written to the standard output unless the +.Dv SUDO_CONV_PREFER_TTY +flag is set, in which case it is written to the user's terminal if possible. +.It SUDO_CONV_PROMPT_MASK +Prompt the user for input but echo an asterisk character for each +character read. +The reply will be stored in the +.Em replies +array, and it will never be +.Dv NULL . +This can be used to provide visual feedback to the user while reading +sensitive information that should not be displayed. +.El +.Pp +In addition to the above values, the following flag bits may also be set: +.Bl -tag -width 4n +.It SUDO_CONV_PROMPT_ECHO_OK +Allow input to be read when echo cannot be disabled +when the message type is +.Dv SUDO_CONV_PROMPT_ECHO_OFF +or +.Dv SUDO_CONV_PROMPT_MASK . +By default, +.Nm sudo +will refuse to read input if the echo cannot be disabled for those +message types. +.It SUDO_CONV_PREFER_TTY +When displaying a message via +.Dv SUDO_CONV_ERROR_MSG +or +.Dv SUDO_CONV_INFO_MSG , +try to write the message to the user's terminal. +If the terminal is unavailable, the standard error or standard output +will be used, depending upon whether +.Dv SUDO_CONV_ERROR_MSG +or +.Dv SUDO_CONV_INFO_MSG +was used. +The user's terminal is always used when possible for input, +this flag is only used for output. +.El +.Pp +The +.Em timeout +in seconds until the prompt will wait for no more input. +A zero value implies an infinite timeout. +.Pp +The plugin is responsible for freeing the reply buffer located in each +.Li struct sudo_conv_reply , +if it is not +.Dv NULL . +.Dv SUDO_CONV_REPL_MAX +represents the maximum length of the reply buffer (not including +the trailing NUL character). +In practical terms, this is the longest password +.Nm sudo +will support. +.Pp +The +.Fn printf Ns -style +function uses the same underlying mechanism as the +.Fn conversation +function but only supports +.Dv SUDO_CONV_INFO_MSG +and +.Dv SUDO_CONV_ERROR_MSG +for the +.Em msg_type +parameter. +It can be more convenient than using the +.Fn conversation +function if no user reply is needed and supports standard +.Fn printf +escape sequences. +.Pp +See the sample plugin for an example of the +.Fn conversation +function usage. +.Ss Plugin invocation order +As of +.Nm sudo +1.9.0, the plugin +.Fn open +and +.Fn close +functions are called in the +following order: +.Bl -enum +.It +audit open +.It +policy open +.It +approval open +.It +approval close +.It +I/O log open +.It +command runs +.It +command exits +.It +I/O log close +.It +policy close +.It +audit close +.It +sudo exits +.El +.Pp +Prior to +.Nm sudo +1.9.0, the I/O log +.Fn close +function was called +.Em after +the policy +.Fn close +function. +.Ss Sudoers group plugin API +The +.Nm sudoers +plugin supports its own plugin interface to allow non-Unix +group lookups. +This can be used to query a group source other than the standard Unix +group database. +Two sample group plugins are bundled with +.Nm sudo , +.Em group_file , +and +.Em system_group , +are detailed in +.Xr sudoers @mansectform@ . +Third party group plugins include a QAS AD plugin available from Quest Software. +.Pp +A group plugin must declare and populate a +.Li sudoers_group_plugin +struct in the global scope. +This structure contains pointers to the functions that implement plugin +initialization, cleanup, and group lookup. +.Bd -literal +struct sudoers_group_plugin { + unsigned int version; + int (*init)(int version, sudo_printf_t sudo_printf, + char *const argv[]); + void (*cleanup)(void); + int (*query)(const char *user, const char *group, + const struct passwd *pwd); +}; +.Ed +.Pp +The +.Li sudoers_group_plugin +struct has the following fields: +.Bl -tag -width 4n +.It version +The +.Li version +field should be set to GROUP_API_VERSION. +.Pp +This allows +.Nm sudoers +to determine the API version the group plugin +was built against. +.It init +.Bd -literal -compact +int (*init)(int version, sudo_printf_t plugin_printf, + char *const argv[]); +.Ed +.Pp +The +.Fn init +function is called after +.Em sudoers +has been parsed but +before any policy checks. +It returns 1 on success, 0 on failure (or if the plugin is not configured), +and \-1 if a error occurred. +If an error occurs, the plugin may call the +.Fn plugin_printf +function with +.Dv SUDO_CONF_ERROR_MSG +to present additional error information to the user. +.Pp +The function arguments are as follows: +.Bl -tag -width 4n +.It version +The version passed in by +.Nm sudoers +allows the plugin to determine the +major and minor version number of the group plugin API supported by +.Nm sudoers . +.It plugin_printf +A pointer to a +.Fn printf Ns -style +function that may be used to display informational or error message to the user. +Returns the number of characters printed on success and \-1 on failure. +.It argv +A +.Dv NULL Ns -terminated +array of arguments generated from the +.Em group_plugin +option in +.Em sudoers . +If no arguments were given, +.Em argv +will be +.Dv NULL . +.El +.It cleanup +.Bd -literal -compact +void (*cleanup)(); +.Ed +.Pp +The +.Fn cleanup +function is called when +.Nm sudoers +has finished its +group checks. +The plugin should free any memory it has allocated and close open file handles. +.It query +.Bd -literal -compact +int (*query)(const char *user, const char *group, + const struct passwd *pwd); +.Ed +.Pp +The +.Fn query +function is used to ask the group plugin whether +.Em user +is a member of +.Em group . +.Pp +The function arguments are as follows: +.Bl -tag -width 4n +.It user +The name of the user being looked up in the external group database. +.It group +The name of the group being queried. +.It pwd +The password database entry for +.Em user , +if any. +If +.Em user +is not +present in the password database, +.Em pwd +will be +.Dv NULL . +.El +.El +.Pp +.Em Group API Version Macros +.Bd -literal +/* Sudoers group plugin version major/minor */ +#define GROUP_API_VERSION_MAJOR 1 +#define GROUP_API_VERSION_MINOR 0 +#define GROUP_API_VERSION ((GROUP_API_VERSION_MAJOR << 16) | \e + GROUP_API_VERSION_MINOR) +.Ed +For getters and setters see the +.Sx Policy plugin API . +.Sh PLUGIN API CHANGELOG +The following revisions have been made to the Sudo Plugin API. +.Bl -tag -width 4n +.It Version 1.0 +Initial API version. +.It Version 1.1 (sudo 1.8.0) +The I/O logging plugin's +.Fn open +function was modified to take the +.Li command_info +list as an argument. +.It Version 1.2 (sudo 1.8.5) +The Policy and I/O logging plugins' +.Fn open +functions are now passed +a list of plugin parameters if any are specified in +.Xr sudo.conf @mansectform@ . +.Pp +A simple hooks API has been introduced to allow plugins to hook in to the +system's environment handling functions. +.Pp +The +.Li init_session +Policy plugin function is now passed a pointer +to the user environment which can be updated as needed. +This can be used to merge in environment variables stored in the PAM +handle before a command is run. +.It Version 1.3 (sudo 1.8.7) +Support for the +.Em exec_background +entry has been added to the +.Li command_info +list. +.Pp +The +.Em max_groups +and +.Em plugin_dir +entries were added to the +.Li settings +list. +.Pp +The +.Fn version +and +.Fn close +functions are now optional. +Previously, a missing +.Fn version +or +.Fn close +function would result in a crash. +If no policy plugin +.Fn close +function is defined, a default +.Fn close +function will be provided by the +.Nm sudo +front-end that displays a warning if the command could not be +executed. +.Pp +The +.Nm sudo +front-end now installs default signal handlers to trap common signals +while the plugin functions are run. +.It Version 1.4 (sudo 1.8.8) +The +.Em remote_host +entry was added to the +.Li settings +list. +.It Version 1.5 (sudo 1.8.9) +The +.Em preserve_fds +entry was added to the +.Li command_info +list. +.It Version 1.6 (sudo 1.8.11) +The behavior when an I/O logging plugin returns an error +.Pq \-1 +has changed. +Previously, the +.Nm sudo +front-end took no action when the +.Fn log_ttyin , +.Fn log_ttyout , +.Fn log_stdin , +.Fn log_stdout , +or +.Fn log_stderr +function returned an error. +.Pp +The behavior when an I/O logging plugin returns 0 has changed. +Previously, output from the command would be displayed to the +terminal even if an output logging function returned 0. +.It Version 1.7 (sudo 1.8.12) +The +.Em plugin_path +entry was added to the +.Li settings +list. +.Pp +The +.Em debug_flags +entry now starts with a debug file path name and may occur multiple +times if there are multiple plugin-specific Debug lines in the +.Xr sudo.conf @mansectform@ file. +.It Version 1.8 (sudo 1.8.15) +The +.Em sudoedit_checkdir +and +.Em sudoedit_follow +entries were added to the +.Li command_info +list. +The default value of +.Em sudoedit_checkdir +was changed to true in sudo 1.8.16. +.Pp +The sudo +.Em conversation +function now takes a pointer to a +.Li struct sudo_conv_callback +as its fourth argument. +The +.Li sudo_conv_t +definition has been updated to match. +The plugin must specify that it supports plugin API version 1.8 or higher +to receive a conversation function pointer that supports this argument. +.It Version 1.9 (sudo 1.8.16) +The +.Em execfd +entry was added to the +.Li command_info +list. +.It Version 1.10 (sudo 1.8.19) +The +.Em umask +entry was added to the +.Li user_info +list. +The +.Em iolog_group , +.Em iolog_mode , +and +.Em iolog_user +entries were added to the +.Li command_info +list. +.It Version 1.11 (sudo 1.8.20) +The +.Em timeout +entry was added to the +.Li settings +list. +.It Version 1.12 (sudo 1.8.21) +The +.Li change_winsize +field was added to the io_plugin struct. +.It Version 1.13 (sudo 1.8.26) +The +.Li log_suspend +field was added to the io_plugin struct. +.It Version 1.14 (sudo 1.8.29) +The +.Em umask_override +entry was added to the +.Li command_info +list. +.It Version 1.15 (sudo 1.9.0) +The +.Em cwd_optional +entry was added to the +.Li command_info +list. +.Pp +The +.Em event_alloc +field was added to the policy_plugin and io_plugin structs. +.Pp +The +.Fa errstr +argument was added to the policy and I/O plugin functions +which the plugin function can use to return an error string. +This string may be used by the audit plugin to report failure or +error conditions set by the other plugins. +.Pp +The +.Fn close +function is now is called regardless of whether or not a command +was actually executed. +This makes it possible for plugins to perform cleanup even when a +command was not run. +.Pp +.Dv SUDO_CONV_REPL_MAX +has increased from 255 to 1023 bytes. +.Pp +Support for audit and approval plugins was added. +.It Version 1.16 (sudo 1.9.3) +Initial resource limit values were added to the +.Li user_info +list. +.Pp +The +.Em cmnd_chroot +and +.Em cmnd_cwd +enties were added to the +.Li settings +list. +.It Version 1.17 (sudo 1.9.4) +The +.Em event_alloc +field was added to the audit_plugin and approval_plugin structs. +.It Version 1.18 (sudo 1.9.9) +The policy may now set resource limit values in the +.Li command_info +list. +.El +.Sh SEE ALSO +.Xr sudo.conf @mansectform@ , +.Xr sudoers @mansectform@ , +.Xr sudo @mansectsu@ +.Sh AUTHORS +Many people have worked on +.Nm sudo +over the years; this version consists of code written primarily by: +.Bd -ragged -offset indent +.An Todd C. Miller +.Ed +.Pp +See the CONTRIBUTORS file in the +.Nm sudo +distribution (https://www.sudo.ws/contributors.html) for an +exhaustive list of people who have contributed to +.Nm sudo . +.Sh BUGS +If you feel you have found a bug in +.Nm sudo , +please submit a bug report at https://bugzilla.sudo.ws/ +.Sh SUPPORT +Limited free support is available via the sudo-users mailing list, +see https://www.sudo.ws/mailman/listinfo/sudo-users to subscribe or +search the archives. +.Sh DISCLAIMER +.Nm sudo +is provided +.Dq AS IS +and any express or implied warranties, including, but not limited +to, the implied warranties of merchantability and fitness for a +particular purpose are disclaimed. +See the LICENSE file distributed with +.Nm sudo +or https://www.sudo.ws/license.html for complete details. diff -Nru sudo-1.9.5p2/docs/sudo_plugin_python.man.in sudo-1.9.9/docs/sudo_plugin_python.man.in --- sudo-1.9.5p2/docs/sudo_plugin_python.man.in 1970-01-01 00:00:00.000000000 +0000 +++ sudo-1.9.9/docs/sudo_plugin_python.man.in 2022-01-27 21:24:22.000000000 +0000 @@ -0,0 +1,1891 @@ +.\" Automatically generated from an mdoc input file. Do not edit. +.\" +.\" SPDX-License-Identifier: ISC +.\" +.\" Copyright (c) 2019-2021 Robert Manner +.\" Copyright (c) 2019-2022 Todd C. Miller +.\" +.\" Permission to use, copy, modify, and distribute this software for any +.\" purpose with or without fee is hereby granted, provided that the above +.\" copyright notice and this permission notice appear in all copies. +.\" +.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES +.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF +.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR +.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES +.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN +.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF +.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. +.\" +.TH "SUDO_PLUGIN_PYTHON" "5" "January 20, 2022" "Sudo @PACKAGE_VERSION@" "File Formats Manual" +.nh +.if n .ad l +.SH "NAME" +\fBsudo_plugin_python\fR +\- Sudo Plugin API (Python) +.SH "DESCRIPTION" +Starting with version 1.9, +\fBsudo\fR +plugins can be written in python. +The API closely follows the C +\fBsudo\fR +plugin API described by +sudo_plugin(@mansectform@). +.PP +The supported plugins types are: +.PP +.RS 4n +.PD 0 +.TP 3n +\fB\(bu\fR +Policy plugin +.TP 3n +\fB\(bu\fR +I/O plugin +.TP 3n +\fB\(bu\fR +Audit plugin +.TP 3n +\fB\(bu\fR +Approval plugin +.TP 3n +\fB\(bu\fR +Group provider plugin +.RE +.PD +.PP +Python plugin support needs to be explicitly enabled at build time +with the configure option +\(lq--enable-python\(rq. +Python version 3.0 or higher is required. +.SS "Sudo Python Plugin Base" +A plugin written in Python should be a class in a python file that +inherits from +\fIsudo.Plugin\fR. +The +\fIsudo.Plugin\fR +base class has no real purpose other than to identify this class as a plugin. +.PP +The only implemented method is a constructor, which stores the +keyword arguments it receives as fields (member variables) in the object. +This is intended as a convenience to allow you to avoid writing the +constructor yourself. +.PP +For example: +.nf +.sp +.RS 6n +import sudo + +class MySudoPlugin(sudo.Plugin): + # example constructor (optional) + def __init__(self, *args, **kwargs): + super().__init__(*args, **kwargs) + + # example destructor (optional) + def __del__(self): + pass +.RE +.fi +.PP +Both the constructor and destructor are optional and can be omitted. +.PP +The customized Plugin class should define a few plugin-specific methods. +When the plugin loads, +\fBsudo\fR +will create an instance of this class and call the methods. +The actual methods required depent on the type of the plugin, +but most return an +\(lqint\(rq +result code, as documented in +sudo_plugin(@mansectsu@), +that indicates whether or not the method was successful. +The Python sudo module defines the following constants to improve readability: +.RS 4n +.TS +l l. +.PP +\fBDefine\fR \fBValue\fR +.PP +\fRsudo.RC.OK\fR 1 +.PP +\fRsudo.RC.ACCEPT\fR 1 +.PP +\fRsudo.RC.REJECT\fR 0 +.PP +\fRsudo.RC.ERROR\fR \-1 +.PP +\fRsudo.RC.USAGE_ERROR\fR \-2 +.TE +.RE +.PP +If a function returns +\fINone\fR +(for example, if it does not call return), +it will be considered to have returned +\fRsudo.RC.OK\fR. +If an exception is raised (other than sudo.PluginException), the backtrace will be +shown to the user and the plugin function will return +\fRsudo.RC.ERROR\fR. +If that is not acceptable, you must catch the exception and handle it yourself. +.PP +Instead of just returning +\fRsudo.RC.ERROR\fR +or +\fRsudo.RC.REJECT\fR +result code the plugin can also provide a message describing the problem. +This can be done by raising one of the special exceptions: +.nf +.sp +.RS 6n +raise sudo.PluginError("Message") +raise sudo.PluginReject("Message") +.RE +.fi +.PP +This added message will be used by the audit plugins. +Both exceptions inherit from +\fRsudo.PluginException\fR +.SS "Python Plugin Loader" +Running the Python interpreter and bridging between C and Python is +handled by the +\fBsudo\fR +plugin +\fRpython_plugin.so\fR. +This shared object can be loaded like any other dynamic +\fBsudo\fR +plugin and should receive the path and the class name of the Python +plugin it is loading as arguments. +.PP +Example usage in +sudo.conf(@mansectform@): +.nf +.sp +.RS 6n +Plugin python_policy python_plugin.so ModulePath= ClassName= +Plugin python_io python_plugin.so ModulePath= ClassName= +Plugin python_audit python_plugin.so ModulePath= ClassName= +Plugin python_approval python_plugin.so ModulePath= ClassName= +.RE +.fi +.PP +Example group provider plugin usage in the +\fIsudoers\fR +file: +.nf +.sp +.RS 6n +Defaults group_plugin="python_plugin.so ModulePath= ClassName=" +.RE +.fi +.PP +The plugin arguments are as follows: +.TP 6n +ModulePath +The path of a python file which contains the class of the sudo Python plugin. +It must be either an absolute path or a path relative to the sudo Python plugin +directory: "@plugindir@/python". +.TP 6n +ClassName +(Optional.) The name of the class implementing the sudo Python plugin. +If not supplied, the one and only sudo.Plugin that is present in the module +will be used. +If there are multiple such plugins in the module (or none), it +will result in an error. +.SS "Policy plugin API" +Policy plugins must be registered in +sudo.conf(@mansectform@). +For example: +.nf +.sp +.RS 6n +Plugin python_policy python_plugin.so ModulePath= ClassName= +.RE +.fi +.PP +Currently, only a single policy plugin may be specified in +sudo.conf(@mansectform@). +.PP +A policy plugin may have the following member functions: +.TP 6n +\fBconstructor\fR +.nf +.RS 6n +__init__(self, user_env: Tuple[str, ...], settings: Tuple[str, ...], + version: str, user_info: Tuple[str, ...], + plugin_options: Tuple[str, ...]) +.RE +.fi +.RS 6n +.sp +Implementing this function is optional. +The default constructor will set the keyword arguments it receives +as member variables in the object. +.sp +The constructor matches the +\fBopen\fR() +function in the C sudo plugin API. +.sp +The function arguments are as follows: +.TP 6n +\fIuser_env\fR +The user's environment as a tuple of strings in +\(lqkey=value\(rq +format. +.TP 6n +\fIsettings\fR +A tuple of user-supplied +\fIsudo\fR +settings in the form of +\(lqkey=value\(rq +strings. +.TP 6n +\fIversion\fR +The version of the Python Policy Plugin API. +.TP 6n +\fIuser_info\fR +A tuple of information about the user running the command in the form of +\(lqkey=value\(rq +strings. +.TP 6n +\fIplugin_options\fR +The plugin options passed as arguments in the +sudo.conf(@mansectform@) +plugin registration. +This is a tuple of strings, usually (but not necessarily) in +\(lqkey=value\(rq +format. +.PP +The +\fBsudo.options_as_dict\fR() +convenience function can be used to convert +\(lqkey=value\(rq +pairs to a dictionary. +For a list of recognized keys and their supported values, +see the policy plugin +\fBopen\fR() +documentation in +sudo_plugin(@mansectform@). +.RE +.TP 6n +\fBcheck_policy\fR +.nf +.RS 6n +check_policy(self, argv: Tuple[str, ...], env_add: Tuple[str, ...]) +.RE +.fi +.RS 6n +.sp +The +\fBcheck_policy\fR() +function is called by +\fBsudo\fR +to determine whether the user is allowed to run the specified command. +Implementing this function is mandatory for a policy plugin. +.sp +The function arguments are as follows: +.TP 6n +\fIargv\fR +A tuple describing the command the user wishes to run. +.TP 6n +\fIenv_add\fR +Additional environment variables specified by the user on the command line in +the form of a tuple of +\(lqkey=value\(rq +pairs. +The +\fBsudo.options_as_dict\fR() +convenience function can be used to convert them to a dictionary. +.PP +This function should return a result code or a tuple in the following format: +.nf +.sp +.RS 12n +return (rc, command_info_out, argv_out, user_env_out) +.RE +.fi +.sp +The tuple values are as follows: +.TP 6n +\fIrc\fR +The result of the policy check, one of the +\fRsudo.RC.*\fR +constants. +\fRsudo.RC.ACCEPT\fR +if the command is allowed, +\fRsudo.RC.REJECT\fR +if not allowed, +\fRsudo.RC.ERROR\fR +for a general error, or +\fRsudo.RC.USAGE_ERROR\fR +for a usage error. +.TP 6n +\fIcommand_info_out\fR +Optional (only required when the command is accepted). +Information about the command being run in the form of +\(lqkey=value\(rq +strings. +.sp +To accept a command, at the very minimum the plugin must set in the +\fIcommand\fR, +\fIrunas_uid\fR, +and +\fIrunas_gid\fR +keys. +.sp +For a list of recognized keys and supported values, +see the +\fBcheck_policy\fR() +documentation in +sudo_plugin(@mansectform@). +.TP 6n +\fIargv_out\fR +Optional (only required when the command is accepted). +The arguments to pass to the +execve(2) +system call when executing the command. +.TP 6n +\fIuser_env_out\fR +Optional (only required when the command is accepted). +The environment to use when executing the command in the form of a +tuple of strings in +\(lqkey=value\(rq +format. +.PD 0 +.PP +.RE +.PD +.TP 6n +\fBinit_session\fR +.nf +.RS 6n +init_session(self, user_pwd: Tuple, user_env: Tuple[str, ...]) +.RE +.fi +.RS 6n +.sp +Perform session setup (optional). +The +\fBinit_session\fR() +function is called before +\fBsudo\fR +sets up the +execution environment for the command before any user-ID or group-ID changes. +.sp +The function arguments are as follows: +.TP 6n +\fIuser_pwd\fR +A tuple describing the user's passwd entry. +Convertible to pwd.struct_passwd or +\fINone\fR +if the user is not present in the password database. +.sp +Example conversion: +.nf +.RS 12n +user_pwd = pwd.struct_passwd(user_pwd) if user_pwd else None +.RE +.fi +.TP 6n +\fIuser_env\fR +The environment the command will run in. +This is a tuple of strings in +\(lqkey=value\(rq +format. +.PP +This function should return a result code or a tuple in the following format: +.nf +.sp +.RS 10n +return (rc, user_env_out) +.RE +.fi +.sp +The tuple values are as follows: +.TP 6n +\fIrc\fR +The result of the session init, one of the +\fRsudo.RC.*\fR +constants. +\fRsudo.RC.OK\fR +on success, 0 on failure, or +\fRsudo.RC.ERROR\fR +if an error occurred. +.TP 6n +\fIuser_env_out\fR +Optional. +If the +\fBinit_session\fR() +function needs to modify the user environment, it can return the new +environment in +\fIuser_env_out\fR. +If this is omitted, no changes will be made to +\fIuser_env\fR. +.PD 0 +.PP +.RE +.PD +.TP 6n +\fBlist\fR +.nf +.RS 6n +list(self, argv: Tuple[str, ...], is_verbose: int, user: str) +.RE +.fi +.RS 6n +.sp +List available privileges for the invoking user. +.sp +The function arguments are as follows: +.TP 6n +\fIargv\fR +If not set to +\fINone\fR, +an argument vector describing a command the user wishes to check +against the policy. +.TP 6n +\fIis_verbose\fR +Flag indicating whether to list in verbose mode or not. +.TP 6n +\fIuser\fR +The name of a different user to list privileges for if the policy allows it. +If +\fINone\fR, +the plugin should list the privileges of the invoking user. +.PD 0 +.PP +.RE +.PD +.TP 6n +\fBvalidate\fR +.nf +.RS 6n +validate(self) +.RE +.fi +.RS 6n +.sp +For policy plugins that cache authentication credentials, this function is used to validate and cache the credentials (optional). +.RE +.TP 6n +\fBinvalidate\fR +.nf +.RS 6n +invalidate(self, remove: int) +.RE +.fi +.RS 6n +.sp +For policy plugins that cache authentication credentials, this function is used to invalidate the credentials (optional). +.sp +The function arguments are as follows: +.TP 6n +\fIremove\fR +If this flag is set, the plugin may remove the credentials instead of simply +invalidating them. +.PD 0 +.PP +.RE +.PD +.TP 6n +\fBshow_version\fR +.nf +.RS 6n +show_version(self, is_verbose: int) +.RE +.fi +.RS 6n +.sp +Display the plugin version information to the user. +The +\fBsudo.log_info\fR() +function should be used. +.sp +The function arguments are as follows: +.TP 6n +\fIis_verbose\fR +A flag to indicate displaying more verbose information. +Currently this is 1 if +\(oqsudo -V\(cq +is run as the root user. +.PD 0 +.PP +.RE +.PD +.TP 6n +\fBclose\fR +.br +.nf +.RS 6n +close(self, exit_status: int, error: int) +.RE +.fi +.RS 6n +.sp +Called when a command finishes executing. +.sp +Works the same as the +\fBclose\fR() +function in the C sudo plugin API, except that it only gets called if +\fBsudo\fR +attempts to execute the command. +.sp +The function arguments are as follows: +.TP 6n +\fIexit_status\fR +The exit status of the command if was executed, otherwise \-1. +.TP 6n +\fIerror\fR +.br +If the command could not be executed, this is set to the value of +errno set by the +execve(2) +system call, otherwise 0. +.PD 0 +.PP +.RE +.PD +.SS "Policy plugin example" +Sudo ships with an example Python policy plugin. +To try it, register it by adding the following lines to +\fI@sysconfdir@/sudo.conf\fR: +.nf +.sp +.RS 0n +Plugin python_policy python_plugin.so \e + ModulePath=@prefix@/share/doc/sudo/examples/example_policy_plugin.py \e + ClassName=SudoPolicyPlugin +.RE +.fi +.PP +Be aware, however, that you cannot enable the Python policy plugin +in addition to another policy plugin, such as +sudoers(@mansectform@). +.SS "I/O plugin API" +I/O plugins must be registered in +sudo.conf(@mansectform@). +For example: +.nf +.sp +.RS 6n +Plugin python_io python_plugin.so ModulePath= ClassName= +.RE +.fi +.PP +Sudo supports loading multiple I/O plugins. +Currently only 8 python I/O plugins can be loaded at once. +.PP +An I/O plugin may have the following member functions: +.TP 6n +\fBconstructor\fR +.nf +.RS 6n +__init__(self, user_env: Tuple[str, ...], settings: Tuple[str, ...], + version: str, user_info: Tuple[str, ...], + plugin_options: Tuple[str, ...]) +.RE +.fi +.RS 6n +.sp +Implementing this function is optional. +The default constructor will set the keyword arguments it receives +as member variables in the object. +.sp +The constructor matches the +\fBopen\fR() +function in the C sudo plugin API. +.sp +The function arguments are as follows: +.TP 6n +\fIuser_env\fR +The user's environment as a tuple of strings in +\(lqkey=value\(rq +format. +.TP 6n +\fIsettings\fR +A tuple of user-supplied +\fIsudo\fR +settings in the form of +\(lqkey=value\(rq +strings. +.TP 6n +\fIversion\fR +The version of the Python I/O Plugin API. +.TP 6n +\fIuser_info\fR +A tuple of information about the user running the command in the form of +\(lqkey=value\(rq +strings. +.TP 6n +\fIplugin_options\fR +The plugin options passed as arguments in the +sudo.conf(@mansectform@) +plugin registration. +This is a tuple of strings, usually (but not necessarily) in +\(lqkey=value\(rq +format. +.PP +The +\fBsudo.options_as_dict\fR() +convenience function can be used to convert +\(lqkey=value\(rq +pairs to a dictionary. +For a list of recognized keys and their supported values, +see the I/O plugin +\fBopen\fR() +documentation in +sudo_plugin(@mansectform@). +.RE +.TP 6n +\fBopen\fR +.nf +.RS 6n +open(self, argv: Tuple[str, ...], + command_info: Tuple[str, ...]) -> int +.RE +.fi +.RS 6n +.sp +Receives the command the user wishes to run. +.sp +Works the same as the +\fBopen\fR() +function in the C sudo plugin API except that: +.sp +.RS 10n +.PD 0 +.TP 3n +\fB\(bu\fR +It only gets called before the user would execute some command +(and not for a version query for example). +.TP 3n +\fB\(bu\fR +Other arguments of the C API +\fBopen\fR() +function are received through the constructor. +.RE +.sp +The function arguments are as follows: +.PD +.TP 6n +\fIargv\fR +A tuple of the arguments describing the command the user wishes to run. +.TP 6n +\fIcommand_info\fR +Information about the command being run in the form of +\(lqkey=value\(rq +strings. +.PP +The +\fBsudo.options_as_dict\fR() +convenience function can be used to convert +\(lqkey=value\(rq +pairs to a dictionary. +For a list of recognized keys and their supported values, +see the I/O plugin +\fBopen\fR() +documentation in +sudo_plugin(@mansectform@). +.sp +The +\fBopen\fR() +function should return a result code, one of the +\fRsudo.RC.*\fR +constants. +If the function returns +\fRsudo.RC.REJECT\fR, +no I/O will be sent to the plugin. +.RE +.TP 6n +\fBlog_ttyin\fR, \fBlog_ttyout\fR, \fBlog_stdin\fR, \fBlog_stdout\fR, \fBlog_stderr\fR +.nf +.RS 6n +log_ttyin(self, buf: str) -> int +log_ttyout(self, buf: str) -> int +log_stdin(self, buf: str) -> int +log_stdout(self, buf: str) -> int +log_stderr(self, buf: str) -> int +.RE +.fi +.RS 6n +.sp +Receive the user input or output of the terminal device and +application standard input, standard output, or standard error. +See the matching calls in +sudo_plugin(@mansectform@). +.sp +The function arguments are as follows: +.TP 6n +\fIbuf\fR +The input (or output) buffer in the form of a string. +.PP +The function should return a result code, one of the +\fRsudo.RC.*\fR +constants. +.sp +If +\fRsudo.RC.ERROR\fR +is returned, the running command will be terminated and all of the plugin's logging +functions will be disabled. +Other I/O logging plugins will still receive any remaining +input or output that has not yet been processed. +.sp +If an input logging function rejects the data by returning +\fRsudo.RC.REJECT\fR, +the command will be terminated and the data will not be passed to the +command, though it will still be sent to any other I/O logging plugins. +If an output logging function rejects the data by returning +\fRsudo.RC.REJECT\fR, +the command will be terminated and the data will not be written to the +terminal, though it will still be sent to any other I/O logging plugins. +.RE +.TP 6n +\fBchange_winsize\fR +.nf +.RS 6n +change_winsize(self, line: int, cols: int) -> int +.RE +.fi +.RS 6n +.sp +Called whenever the window size of the terminal changes. +The function arguments are as follows: +.TP 6n +\fIline\fR +The number of lines of the terminal. +.TP 6n +\fIcols\fR +The number of columns of the terminal. +.PD 0 +.PP +.RE +.PD +.TP 6n +\fBlog_suspend\fR +.nf +.RS 6n +log_suspend(self, signo: int) -> int +.RE +.fi +.RS 6n +Called whenever a command is suspended or resumed. +.sp +The function arguments are as follows: +.TP 6n +\fIsigno\fR +.br +The number of the signal that caused the command to be suspended or +\fRSIGCONT\fR +if the command was resumed. +.PD 0 +.PP +.RE +.PD +.TP 6n +\fBshow_version\fR +.nf +.RS 6n +show_version(self, is_verbose: int) +.RE +.fi +.RS 6n +Display the plugin version information to the user. +The +\fBsudo.log_info\fR() +function should be used. +.sp +The function arguments are as follows: +.TP 6n +\fIis_verbose\fR +A flag to indicate displaying more verbose information. +Currently this is 1 if +\(oqsudo -V\(cq +is run as the root user. +.PD 0 +.PP +.RE +.PD +.TP 6n +\fBclose\fR +.br +.nf +.RS 6n +close(self, exit_status: int, error: int) -> None +.RE +.fi +.RS 6n +Called when a command execution finished. +.sp +Works the same as the +\fBclose\fR() +function in the C sudo plugin API, except that it only gets called if +\fBsudo\fR +attempts to execute the command. +.sp +The function arguments are as follows: +.TP 6n +\fIexit_status\fR +The exit status of the command if was executed, otherwise \-1. +.TP 6n +\fIerror\fR +.br +If the command could not be executed, this is set to the value of +errno set by the +execve(2) +system call, otherwise 0. +.PD 0 +.PP +.RE +.PD +.SS "I/O plugin example" +Sudo ships a Python I/O plugin example. +To try it, register it by adding the following lines to +\fI@sysconfdir@/sudo.conf\fR: +.nf +.sp +.RS 6n +Plugin python_io python_plugin.so \e + ModulePath=@prefix@/share/doc/sudo/examples/example_io_plugin.py \e + ClassName=SudoIOPlugin +.RE +.fi +.SS "Audit plugin API" +Audit plugins must be registered in +sudo.conf(@mansectform@). +For example: +.nf +.sp +.RS 6n +Plugin python_audit python_plugin.so ModulePath= ClassName= +.RE +.fi +.PP +Sudo supports loading multiple audit plugins. +Currently only 8 python audit plugins can be loaded at once. +.PP +An audit plugin may have the following member functions (all of them are optional): +.TP 6n +\fBconstructor\fR +.nf +.RS 6n +__init__(self, user_env: Tuple[str, ...], settings: Tuple[str, ...], + version: str, user_info: Tuple[str, ...], plugin_options: Tuple[str, ...]) +.RE +.fi +.RS 6n +.sp +The default constructor will set the keyword arguments it receives +as member variables in the object. +.sp +The constructor matches the +\fBopen\fR() +function in the C sudo plugin API. +.sp +The function arguments are as follows: +.TP 6n +\fIuser_env\fR +The user's environment as a tuple of strings in +\(lqkey=value\(rq +format. +.TP 6n +\fIsettings\fR +A tuple of user-supplied +\fIsudo\fR +settings in the form of +\(lqkey=value\(rq +strings. +.TP 6n +\fIversion\fR +The version of the Python Audit Plugin API. +.TP 6n +\fIuser_info\fR +A tuple of information about the user running the command in the form of +\(lqkey=value\(rq +strings. +.TP 6n +\fIplugin_options\fR +The plugin options passed as arguments in the +sudo.conf(@mansectform@) +plugin registration. +This is a tuple of strings, usually (but not necessarily) in +\(lqkey=value\(rq +format. +.PD 0 +.PP +.RE +.PD +.TP 6n +\fBopen\fR +.nf +.RS 6n +open(self, submit_optind: int, + submit_argv: Tuple[str, ...]) -> int +.RE +.fi +.RS 6n +.sp +The function arguments are as follows: +.TP 6n +\fIsubmit_optind\fR +The index into +\fIsubmit_argv\fR +that corresponds to the first entry that is not a command line option. +.TP 6n +\fIsubmit_argv\fR +The argument vector sudo was invoked with, including all command line options. +.PD 0 +.PP +.RE +.PD +.TP 6n +\fBclose\fR +.br +.nf +.RS 6n +close(self, status_type: int, status: int) -> None +.RE +.fi +.RS 6n +.sp +Called when sudo is finished, shortly before it exits. +.sp +The function arguments are as follows: +.TP 6n +\fIstatus_type\fR +The type of status being passed. +One of the sudo.EXIT_REASON.* constants. +.TP 6n +\fIstatus\fR +Depending on the value of +\fIstatus_type\fR, +this value is either +ignored, the command's exit status as returned by the +wait(2) +system call, the value of +\fRerrno\fR +set by the +execve(2) +system call, or the value of +\fRerrno\fR +resulting from an error in the +\fBsudo\fR +front-end. +.PD 0 +.PP +.RE +.PD +.TP 6n +\fBshow_version\fR +.nf +.RS 6n +show_version(self, is_verbose: int) -> int +.RE +.fi +.RS 6n +.sp +Display the plugin version information to the user. +The +\fBsudo.log_info\fR() +function should be used. +.sp +The function arguments are as follows: +.TP 6n +\fIis_verbose\fR +A flag to indicate displaying more verbose information. +Currently this is 1 if +\(oqsudo -V\(cq +is run as the root user. +.PD 0 +.PP +.RE +.PD +.TP 6n +\fBaccept\fR +.nf +.RS 6n +accept(self, plugin_name: str, plugin_type: int, command_info: Tuple[str, ...], + run_argv: Tuple[str, ...], run_envp: Tuple[str, ...]) -> int +.RE +.fi +.RS 6n +.sp +This function is called when a command or action is accepted by a policy +or approval plugin. +The function arguments are as follows: +.TP 6n +plugin_name +The name of the plugin that accepted the command or +\(lqsudo\(rq +for the +\fBsudo\fR +front-end. +.TP 6n +plugin_type +The type of plugin that accepted the command, currently either +\fRsudo.PLUGIN_TYPE.POLICY\fR, +\fRsudo.PLUGIN_TYPE.APPROVAL\fR, +or +\fRsudo.PLUGIN_TYPE.SUDO\fR. +The +\fBaccept\fR() +function is called multiple times--once for each policy or approval +plugin that succeeds and once for the sudo front-end. +When called on behalf of the sudo front-end, +\fIcommand_info\fR +may include information from an I/O logging plugin as well. +.sp +Typically, an audit plugin is interested in either the accept status from +the +\fBsudo\fR +front-end or from the various policy and approval plugins, but not both. +It is possible for the policy plugin to accept a command that is +later rejected by an approval plugin, in which case the audit +plugin's +\fBaccept\fR() +and +\fBreject\fR() +functions will +\fIboth\fR +be called. +.TP 6n +command_info +A vector of information describing the command being run. +See the +sudo_plugin(@mansectform@) +manual for possible values. +.TP 6n +run_argv +Argument vector describing a command that will be run. +.TP 6n +run_envp +The environment the command will be run with. +.PD 0 +.PP +.RE +.PD +.TP 6n +\fBreject\fR +.nf +.RS 6n +reject(self, plugin_name: str, plugin_type: int, audit_msg: str, + command_info: Tuple[str, ...]) -> int +.RE +.fi +.RS 6n +.sp +This function is called when a command or action is rejected by the policy +plugin. +The function arguments are as follows: +.TP 6n +plugin_name +The name of the plugin that rejected the command. +.TP 6n +plugin_type +The type of plugin that rejected the command, currently either +\fRsudo.PLUGIN_TYPE.POLICY\fR, +\fRsudo.PLUGIN_TYPE.APPROVAL\fR, +or +\fRsudo.PLUGIN_TYPE.IO\fR. +.sp +Unlike the +\fBaccept\fR() +function, the +\fBreject\fR() +function is not called on behalf of the +\fBsudo\fR +front-end. +.TP 6n +audit_msg +An optional string describing the reason the command was rejected by the plugin. +If the plugin did not provide a reason, audit_msg will be +\fINone\fR +.TP 6n +command_info +A vector of information describing the rejected command. +See the +sudo_plugin(@mansectform@) +manual for possible values. +.PD 0 +.PP +.RE +.PD +.TP 6n +\fBerror\fR +.br +.nf +.RS 6n +error(self, plugin_name: str, plugin_type: int, audit_msg: str, + command_info: Tuple[str, ...]) -> int +.RE +.fi +.RS 6n +.sp +This function is called when a plugin or the +\fBsudo\fR +front-end returns an error. +The function arguments are as follows: +.TP 6n +plugin_name +The name of the plugin that generated the error or +\(lqsudo\(rq +for the +\fBsudo\fR +front-end. +.TP 6n +plugin_type +The type of plugin that generated the error, or +\fRSUDO_FRONT_END\fR +for the +\fBsudo\fR +front-end. +.TP 6n +audit_msg +An optional string describing the plugin error. +If the plugin did not provide a description, it will be +\fINone\fR +.TP 6n +command_info +A vector of information describing the command. +See the +sudo_plugin(@mansectform@) +manual for possible values. +.PD 0 +.PP +.RE +.PD +.SS "Audit plugin example" +Sudo ships a Python Audit plugin example. +To try it, register it by adding the following lines to +\fI@sysconfdir@/sudo.conf\fR: +.nf +.sp +.RS 6n +Plugin python_audit python_plugin.so \e + ModulePath=@prefix@/share/doc/sudo/examples/example_audit_plugin.py \e + ClassName=SudoAuditPlugin +.RE +.fi +.PP +It will log the plugin accept / reject / error results to the output. +.SS "Approval plugin API" +Approval plugins must be registered in +sudo.conf(@mansectform@). +For example: +.nf +.sp +.RS 6n +Plugin python_approval python_plugin.so ModulePath= ClassName= +.RE +.fi +.PP +Sudo supports loading multiple approval plugins. +Currently only 8 python approval plugins can be loaded at once. +.PP +An approval plugin may have the following member functions: +.TP 6n +\fBconstructor\fR +.nf +.RS 6n +__init__(self, user_env: Tuple[str, ...], settings: Tuple[str, ...], + version: str, user_info: Tuple[str, ...], plugin_options: Tuple[str, ...], + submit_optind: int, submit_argv: Tuple[str, ...]) +.RE +.fi +.RS 6n +.sp +Optional. +The default constructor will set the keyword arguments it receives +as member variables in the object. +.sp +The constructor matches the +\fBopen\fR() +function in the C sudo plugin API. +.sp +The function arguments are as follows: +.TP 6n +\fIuser_env\fR +The user's environment as a tuple of strings in +\(lqkey=value\(rq +format. +.TP 6n +\fIsettings\fR +A tuple of user-supplied +\fIsudo\fR +settings in the form of +\(lqkey=value\(rq +strings. +.TP 6n +\fIversion\fR +The version of the Python Approval Plugin API. +.TP 6n +\fIuser_info\fR +A tuple of information about the user running the command in the form of +\(lqkey=value\(rq +strings. +.TP 6n +\fIplugin_options\fR +The plugin options passed as arguments in the +sudo.conf(@mansectform@) +plugin registration. +This is a tuple of strings, usually (but not necessarily) in +\(lqkey=value\(rq +format. +.TP 6n +\fIsubmit_optind\fR +The index into +\fIsubmit_argv\fR +that corresponds to the first entry that is not a command line option. +.TP 6n +\fIsubmit_argv\fR +The argument vector sudo was invoked with, including all command line options. +.PD 0 +.PP +.RE +.PD +.TP 6n +\fBshow_version\fR +.nf +.RS 6n +show_version(self, is_verbose: int) -> int +.RE +.fi +.RS 6n +.sp +Display the version. (Same as for all the other plugins.) +.RE +.TP 6n +\fBcheck\fR +.br +.nf +.RS 6n +check(self, command_info: Tuple[str, ...], run_argv: Tuple[str, ...], + run_env: Tuple[str, ...]) -> int +.RE +.fi +.RS 6n +.sp +This function is called after policy plugin's check_policy has succeeded. +It can reject execution of the command by returning sudo.RC.REJECT or +raising the special exception: +.nf +.sp +.RS 12n +raise sudo.PluginReject("some message") +.RE +.fi +.sp +with the message describing the problem. +In the latter case, the audit plugins will get the description. +.sp +The function arguments are as follows: +.TP 6n +command_info +A vector of information describing the command that will run. +See the +sudo_plugin(@mansectform@) +manual for possible values. +.TP 6n +run_argv +Argument vector describing a command that will be run. +.TP 6n +run_env +The environment the command will be run with. +.PD 0 +.PP +.RE +.PD +.SS "Approval plugin example" +Sudo ships a Python Approval plugin example. +To try it, register it by adding the following lines to +\fI@sysconfdir@/sudo.conf\fR: +.nf +.sp +.RS 6n +Plugin python_approval python_plugin.so \e + ModulePath=@prefix@/share/doc/sudo/examples/example_approval_plugin.py \e + ClassName=BusinessHoursApprovalPlugin +.RE +.fi +.PP +It will only allow execution of commands in the "business hours" (from Monday +to Friday between 8:00 and 17:59:59). +.SS "Sudoers group provider plugin API" +A group provider plugin is registered in the +sudoers(@mansectform@) +file. +For example: +.nf +.sp +.RS 6n +Defaults group_plugin="python_plugin.so ModulePath= ClassName=" +.RE +.fi +.PP +Currently, only a single group plugin can be registered in +\fIsudoers\fR. +.PP +A group provider plugin may have the following member functions: +.TP 6n +\fBconstructor\fR +.nf +.RS 6n +__init__(self, args: Tuple[str, ...], version: str) +.RE +.fi +.RS 6n +.sp +Implementing this function is optional. +The default constructor will set the keyword arguments it receives +as member variables in the object. +.sp +The function arguments are as follows: +.TP 6n +\fIargs\fR +The plugin options passed as arguments in the +\fIsudoers\fR +file plugin registration. +All the arguments are free form strings (not necessarily in +\(lqkey=value\(rq +format). +.TP 6n +\fIversion\fR +The version of the Python Group Plugin API. +.PD 0 +.PP +.RE +.PD +.TP 6n +\fBquery\fR +.br +.nf +.RS 6n +query(self, user: str, group: str, user_pwd: Tuple) +.RE +.fi +.RS 6n +.sp +The +\fBquery\fR() +function is used to ask the group plugin whether +\fIuser\fR +is a member of +\fIgroup\fR. +This method is required. +.RE +.PP +The function arguments are as follows: +.TP 6n +\fIuser\fR +The name of the user being looked up in the external group database. +.TP 6n +\fIgroup\fR +.br +The name of the group being queried. +.TP 6n +\fIuser_pwd\fR +The password database entry for the user, if any. +If +\fIuser\fR +is not present in the password database, +\fIuser_pwd\fR +will be +\fRNULL\fR. +.SS "Group plugin example" +Sudo ships a Python group plugin example. +To try it, register it in the +\fIsudoers\fR +file by adding the following lines: +.nf +.sp +.RS 6n +Defaults group_plugin="python_plugin.so \e + ModulePath=@prefix@/share/doc/sudo/examples/example_group_plugin.py \e + ClassName=SudoGroupPlugin" +.RE +.fi +.PP +The example plugin will tell +\fBsudo\fR +that the user +\fItest\fR +is part of the non-unix group +\fImygroup\fR. +If you add a rule that uses this group, it will affect the +\fItest\fR +user. +For example: +.nf +.sp +.RS 6n +%:mygroup ALL=(ALL) NOPASSWD: ALL +.RE +.fi +.PP +Will allow user +\fItest\fR +to run +\fBsudo\fR +without a password. +.SS "Hook function API" +The hook function API is currently not supported for plugins +written in Python. +.SS "Conversation API" +A Python plugin can interact with the user using the +\fBsudo.conv\fR() +function which displays one or more messages described by the +\fBsudo.ConvMessage\fR +class. +This is the Python equivalent of the +\fBconversation\fR() +function in the C sudo plugin API. +A plugin should not attempt to read directly from the standard input or +the user's tty (neither of which are guaranteed to exist). +.PP +The +\fBsudo.ConvMessage\fR +class specifies how the user interaction should occur: +.nf +.sp +.RS 4n +sudo.ConvMessage(msg_type: int, msg: str, timeout: int) +.RE +.fi +.PP +\fBsudo.ConvMessage\fR +member variables: +.TP 6n +\fImsg_type\fR +Specifies the type of the conversation. +See the +\fRsudo.CONV.*\fR +constants below. +.TP 6n +\fImsg\fR +The message to display to the user. +The caller must include a trailing newline in +\fRmsg\fR +if one is to be displayed. +.TP 6n +\fItimeout\fR +Optional. +The maximum amount of time for the conversation in seconds. +If the timeout is exceeded, the +\fBsudo.conv\fR() +function will raise a +\fRsudo.ConversationInterrupted\fR +exception. +The default is to wait forever (no timeout). +.PP +To specify the message type, the following constants are available: +.PP +.RS 4n +.PD 0 +.TP 3n +\fB\(bu\fR +sudo.CONV.PROMPT_ECHO_OFF +.TP 3n +\fB\(bu\fR +sudo.CONV.PROMPT_ECHO_ON +.TP 3n +\fB\(bu\fR +sudo.CONV.ERROR_MSG +.TP 3n +\fB\(bu\fR +sudo.CONV.INFO_MSG +.TP 3n +\fB\(bu\fR +sudo.CONV.PROMPT_MASK +.TP 3n +\fB\(bu\fR +sudo.CONV.PROMPT_ECHO_OK +.TP 3n +\fB\(bu\fR +sudo.CONV.PREFER_TTY +.RE +.PD +.PP +See the +sudo_plugin(@mansectform@) +manual for a description of the message types. +.PP +The +\fBsudo.conv\fR() +function performs the actual user interaction: +.nf +.sp +.RS 4n +sudo.conv(message(s), on_suspend=suspend_function, + on_resume=resume_function) +.RE +.fi +.PP +The function arguments are as follows: +.TP 6n +\fImessage(s)\fR +One of more messages (of type +\fBsudo.ConvMessage\fR), +each describing a conversation. +At least one message is required. +.TP 6n +\fIon_suspend\fR +An optional callback function which gets called if the conversation +is suspended, for example by the user pressing control-Z. +The specified function must take a single argument which will be filled +with the number of the signal that caused the process to be suspended. +.TP 6n +\fIon_resume\fR +An optional callback function which gets called when the previously +suspended conversation is resumed. +The specified function must take a single argument which will be filled +with the number of the signal that caused the process to be suspended. +.PP +The +\fBsudo.conv\fR() +function can raise the following exceptions: +.TP 6n +\fBsudo.SudoException\fR +If the conversation fails, for example when the conversation function is not +available. +.TP 6n +\fBsudo.ConversationInterrupted\fR +If the conversation function returns an error, e.g., the timeout passed +or the user interrupted the conversation by pressing control-C. +.SS "Conversation example" +Sudo ships with an example plugin demonstrating the Python conversation API. +To try it, register it by adding the following lines to +\fI@sysconfdir@/sudo.conf\fR: +.nf +.sp +.RS 6n +Plugin python_io python_plugin.so \e + ModulePath=@prefix@/share/doc/sudo/examples/example_conversation.py \e + ClassName=ReasonLoggerIOPlugin +.RE +.fi +.SS "Information / error display API" +.nf +.RS 0n +sudo.log_info(string(s), sep=" ", end="\en") +sudo.log_error(string(s), sep=" ", end="\en") +.RE +.fi +.PP +To display information to the user, the +\fBsudo.log_info\fR() +function can be used. +To display error messages, use +\fBsudo.log_error\fR(). +The syntax is similar to the Python +\fBprint\fR() +function. +.PP +The function arguments are as follows: +.TP 6n +\fIstring(s)\fR +One or more strings to display. +.TP 6n +\fIsep\fR +An optional string which will be used as the separator between the +specified strings. +The default is a space character, +(\(oq\ \(cq). +.TP 6n +\fIend\fR +An optional string which will be displayed at the end of the message. +The default is a new line character +(\(oq\en\(cq). +.SS "Debug API" +Debug messages are not visible to the user and are only logged debugging +is explicitly enabled in +sudo.conf(@mansectform@). +Python plugins can use the +\fBsudo.debug\fR() +function to make use of +\fBsudo\fR's +debug system. +.PP +\fIEnabling debugging in sudo.conf\fR +.PP +To enable debug messages, add a +\fRDebug\fR +line to +sudo.conf(@mansectform@) +with the program set to +\fIpython_plugin.so\fR. +For example, to store debug output in +\fI/var/log/sudo_python_debug\fR, +use a line like the following: +.nf +.sp +.RS 6n +Debug python_plugin.so /var/log/sudo_python_debug \e + plugin@trace,c_calls@trace +.RE +.fi +.PP +The debug options are in the form of multiple +\(lqsubsystem@level\(rq +strings, separated by commas +(\(oq\&,\(cq). +For example to just see the debug output of +\fBsudo.debug\fR() +calls, use: +.nf +.sp +.RS 6n +Debug python_plugin.so /var/log/sudo_python_debug plugin@trace +.RE +.fi +.PP +See +sudo_conf(@mansectform@) +for more details. +.PP +The most interesting subsystems for Python plugin development are: +.TP 6n +\fIplugin\fR +Logs each +\fBsudo.debug\fR() +API call. +.TP 6n +\fIpy_calls\fR +Logs whenever a C function calls into the python module. +For example, calling the +\fB__init__\fR() +function. +.TP 6n +\fIc_calls\fR +Logs whenever python calls into a C +\fBsudo\fR +API function. +.TP 6n +\fIinternal\fR +Logs internal functions of the python language wrapper plugin. +.TP 6n +\fIsudo_cb\fR +Logs when +\fBsudo\fR +calls into the python plugin API. +.TP 6n +\fIload\fR +Logs python plugin loading / unloading events. +.PP +You can also specify +\(lqall\(rq +as the subsystem name to log debug messages for all subsystems. +.PP +The +\fBsudo.debug\fR() +function is defined as: +.nf +.sp +.RS 4n +sudo.debug(level, message(s)) +.RE +.fi +.PP +The function arguments are as follows: +.TP 6n +\fIlevel\fR +.br +an integer, use one of the log level constants below +.TP 6n +\fImessage(s)\fR +one or more messages to log +.PP +\fIAvailable log levels:\fR +.TS +l l l. +.PP +\fBsudo.conf name\fR \fBPython constant\fR \fBdescription\fR +.PP +crit sudo.DEBUG.CRIT only critical messages +.PP +err sudo.DEBUG.ERROR +.PP +warn sudo.DEBUG.WARN +.PP +notice sudo.DEBUG.NOTICE +.PP +diag sudo.DEBUG.DIAG +.PP +info sudo.DEBUG.INFO +.PP +trace sudo.DEBUG.TRACE +.PP +debug sudo.DEBUG.DEBUG very extreme verbose debugging +.TE +.PP +\fIUsing the logging module\fR +.PP +Alternatively, a plugin can use the built in logging module of Python as well. +Sudo adds its log handler to the root logger, so by default all output of a +logger will get forwarded to sudo log system, as it would call sudo.debug. +.PP +The log handler of sudo will map each Python log level of a message to +the appropriate sudo debug level. +Note however, that sudo debug system will only get the messages not filtered +out by the Python loggers. +For example, the log level of the python logger will be an additional filter +for the log messages, and is usually very different from what level is set in sudo.conf +for the sudo debug system. +.SS "Debug example" +Sudo ships an example debug plugin by default. +To try it, register it by adding the following lines to +\fI@sysconfdir@/sudo.conf\fR: +.nf +.sp +.RS 6n +Plugin python_io python_plugin.so \e + ModulePath=@prefix@/share/doc/sudo/examples/example_debugging.py \e + ClassName=DebugDemoPlugin + +Debug python_plugin.so \e + /var/log/sudo_python_debug plugin@trace,c_calls@trace +.RE +.fi +.SS "Option conversion API" +The Python plugin API includes two convenience functions to +convert options in +\(lqkey=value\(rq +format to a dictionary and vice versa. +.TP 6n +options_as_dict +.nf +.RS 6n +options_as_dict(options) +.RE +.fi +.RS 6n +.sp +The function arguments are as follows: +.TP 6n +\fIoptions\fR +An iterable (tuple, list, etc.) of strings, each in +\(lqkey=value\(rq +format. +This is how the plugin API passes options and settings to a Python plugin. +.PP +The function returns the resulting dictionary. +Each string of the passed in +\fIoptions\fR +will be split at the first equal sign +(\(oq\&=\(cq) +into a +\fIkey\fR +and +\fIvalue\fR. +Dictionary keys will never contain this symbol (but values may). +.RE +.TP 6n +options_from_dict +.nf +.RS 6n +options_from_dict(options_dict) +.RE +.fi +.RS 6n +.sp +The function arguments are as follows: +.TP 6n +\fIoptions_dict\fR +A dictionary where both the key and the value are strings. +Note that the key should not contain an equal sign +(\(oq\&=\(cq), +otherwise the resulting string will have a different meaning. +However, this is not currently enforced. +.PP +The function returns a tuple containing the strings in +\(lqkey=value\(rq +form for each key and value in the +\fIoptions_dict\fR +dictionary passed in. +This is how the plugin API accepts options and settings. +.RE +.SH "PLUGIN API CHANGELOG (Python)" +None yet +.SH "LIMITATIONS" +Only a maximum number of 8 python I/O plugins can be loaded at once. +If +\fI@sysconfdir@/sudo.conf\fR +contains more, those will be rejected with a warning message. +.PP +The Event API and the hook function API is currently not accessible for Python plugins. +.SH "SEE ALSO" +sudo.conf(@mansectform@), +sudo_plugin(@mansectform@), +sudoers(@mansectform@), +sudo(@mansectsu@) +.SH "AUTHORS" +Many people have worked on +\fBsudo\fR +over the years; this version consists of code written primarily by: +.sp +.RS 6n +Todd C. Miller +.RE +.PP +See the CONTRIBUTORS file in the +\fBsudo\fR +distribution (https://www.sudo.ws/contributors.html) for an +exhaustive list of people who have contributed to +\fBsudo\fR. +.SH "BUGS" +Python plugin support is currently considered experimental. +.PP +If you feel you have found a bug in +\fBsudo\fR, +please submit a bug report at https://bugzilla.sudo.ws/ +.SH "SECURITY CONSIDERATIONS" +All Python plugin handling is implemented inside the +\fRpython_plugin.so\fR +dynamic plugin. +Therefore, if no Python plugin is registered in +sudo.conf(@mansectform@) +or the +\fIsudoers\fR +file, +\fBsudo\fR +will not load the Python interpreter or the Python libraries. +.PP +By default, a Python plugin can only import Python modules which are +owned by +\fIroot\fR +and are only writable by the owner. +The reason for this is to prevent a file getting imported accidentally +which is modifiable by a non-root user. +As +\fBsudo\fR +plugins run as +\fIroot\fR, +accidentally importing such file would make it possible for any user +(having write access) to execute any code with administrative rights. +.PP +However, during development of a plugin this might not be very convenient. +The +sudo.conf(@mansectform@) +\fRdeveloper_mode\fR +option can be used to disable it. +For example: +.RS 6n +Set developer_mode true +.RE +.PP +Please note that this creates a security risk, so it is not recommended +on critical systems such as a desktop machine for daily use, but is intended +to be used in development environments (VM, container, etc). +Before enabling developer mode, ensure you understand the implications. +.SH "SUPPORT" +Limited free support is available via the sudo-users mailing list, +see https://www.sudo.ws/mailman/listinfo/sudo-users to subscribe or +search the archives. +.SH "DISCLAIMER" +\fBsudo\fR +is provided +\(lqAS IS\(rq +and any express or implied warranties, including, but not limited +to, the implied warranties of merchantability and fitness for a +particular purpose are disclaimed. +See the LICENSE file distributed with +\fBsudo\fR +or https://www.sudo.ws/license.html for complete details. diff -Nru sudo-1.9.5p2/docs/sudo_plugin_python.mdoc.in sudo-1.9.9/docs/sudo_plugin_python.mdoc.in --- sudo-1.9.5p2/docs/sudo_plugin_python.mdoc.in 1970-01-01 00:00:00.000000000 +0000 +++ sudo-1.9.9/docs/sudo_plugin_python.mdoc.in 2022-01-27 21:24:22.000000000 +0000 @@ -0,0 +1,1542 @@ +.\" +.\" SPDX-License-Identifier: ISC +.\" +.\" Copyright (c) 2019-2021 Robert Manner +.\" Copyright (c) 2019-2022 Todd C. Miller +.\" +.\" Permission to use, copy, modify, and distribute this software for any +.\" purpose with or without fee is hereby granted, provided that the above +.\" copyright notice and this permission notice appear in all copies. +.\" +.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES +.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF +.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR +.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES +.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN +.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF +.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. +.\" +.Dd January 20, 2022 +.Dt SUDO_PLUGIN_PYTHON @mansectform@ +.Os Sudo @PACKAGE_VERSION@ +.Sh NAME +.Nm sudo_plugin_python +.Nd Sudo Plugin API (Python) +.Sh DESCRIPTION +Starting with version 1.9, +.Nm sudo +plugins can be written in python. +The API closely follows the C +.Nm sudo +plugin API described by +.Xr sudo_plugin @mansectform@ . +.Pp +The supported plugins types are: +.Pp +.Bl -bullet -compact -offset 4n -width 1n +.It +Policy plugin +.It +I/O plugin +.It +Audit plugin +.It +Approval plugin +.It +Group provider plugin +.El +.Pp +Python plugin support needs to be explicitly enabled at build time +with the configure option +.Dq --enable-python . +Python version 3.0 or higher is required. +.Ss Sudo Python Plugin Base +A plugin written in Python should be a class in a python file that +inherits from +.Em sudo.Plugin . +The +.Em sudo.Plugin +base class has no real purpose other than to identify this class as a plugin. +.Pp +The only implemented method is a constructor, which stores the +keyword arguments it receives as fields (member variables) in the object. +This is intended as a convenience to allow you to avoid writing the +constructor yourself. +.Pp +For example: +.Bd -literal -offset indent +import sudo + +class MySudoPlugin(sudo.Plugin): + # example constructor (optional) + def __init__(self, *args, **kwargs): + super().__init__(*args, **kwargs) + + # example destructor (optional) + def __del__(self): + pass +.Ed +.Pp +Both the constructor and destructor are optional and can be omitted. +.Pp +The customized Plugin class should define a few plugin-specific methods. +When the plugin loads, +.Nm sudo +will create an instance of this class and call the methods. +The actual methods required depent on the type of the plugin, +but most return an +.Dq int +result code, as documented in +.Xr sudo_plugin @mansectsu@ , +that indicates whether or not the method was successful. +The Python sudo module defines the following constants to improve readability: +.Bl -column "sudo.RC.USAGE_ERROR" "XXX" -offset 4n +.It Sy Define Ta Sy Value +.It Dv sudo.RC.OK Ta 1 +.It Dv sudo.RC.ACCEPT Ta 1 +.It Dv sudo.RC.REJECT Ta 0 +.It Dv sudo.RC.ERROR Ta \-1 +.It Dv sudo.RC.USAGE_ERROR Ta \-2 +.El +.Pp +If a function returns +.Em None +(for example, if it does not call return), +it will be considered to have returned +.Dv sudo.RC.OK . +If an exception is raised (other than sudo.PluginException), the backtrace will be +shown to the user and the plugin function will return +.Dv sudo.RC.ERROR . +If that is not acceptable, you must catch the exception and handle it yourself. +.Pp +Instead of just returning +.Dv sudo.RC.ERROR +or +.Dv sudo.RC.REJECT +result code the plugin can also provide a message describing the problem. +This can be done by raising one of the special exceptions: +.Bd -literal -offset indent +raise sudo.PluginError("Message") +raise sudo.PluginReject("Message") +.Ed +.Pp +This added message will be used by the audit plugins. +Both exceptions inherit from +.Dv sudo.PluginException +.Ss Python Plugin Loader +Running the Python interpreter and bridging between C and Python is +handled by the +.Nm sudo +plugin +.Li python_plugin.so . +This shared object can be loaded like any other dynamic +.Nm sudo +plugin and should receive the path and the class name of the Python +plugin it is loading as arguments. +.Pp +Example usage in +.Xr sudo.conf @mansectform@ : +.Bd -literal -offset indent +Plugin python_policy python_plugin.so ModulePath= ClassName= +Plugin python_io python_plugin.so ModulePath= ClassName= +Plugin python_audit python_plugin.so ModulePath= ClassName= +Plugin python_approval python_plugin.so ModulePath= ClassName= +.Ed +.Pp +Example group provider plugin usage in the +.Em sudoers +file: +.Bd -literal -offset indent +Defaults group_plugin="python_plugin.so ModulePath= ClassName=" +.Ed +.Pp +The plugin arguments are as follows: +.Bl -tag -width 4n +.It ModulePath +The path of a python file which contains the class of the sudo Python plugin. +It must be either an absolute path or a path relative to the sudo Python plugin +directory: "@plugindir@/python". +.It ClassName +(Optional.) The name of the class implementing the sudo Python plugin. +If not supplied, the one and only sudo.Plugin that is present in the module +will be used. +If there are multiple such plugins in the module (or none), it +will result in an error. +.El +.Ss Policy plugin API +Policy plugins must be registered in +.Xr sudo.conf @mansectform@ . +For example: +.Bd -literal -offset indent +Plugin python_policy python_plugin.so ModulePath= ClassName= +.Ed +.Pp +Currently, only a single policy plugin may be specified in +.Xr sudo.conf @mansectform@ . +.Pp +A policy plugin may have the following member functions: +.Bl -tag -width 4n +.It Sy constructor +.Bd -literal +__init__(self, user_env: Tuple[str, ...], settings: Tuple[str, ...], + version: str, user_info: Tuple[str, ...], + plugin_options: Tuple[str, ...]) +.Ed +.Pp +Implementing this function is optional. +The default constructor will set the keyword arguments it receives +as member variables in the object. +.Pp +The constructor matches the +.Fn open +function in the C sudo plugin API. +.Pp +The function arguments are as follows: +.Bl -tag -width 4n +.It Fa user_env +The user's environment as a tuple of strings in +.Dq key=value +format. +.It Fa settings +A tuple of user-supplied +.Em sudo +settings in the form of +.Dq key=value +strings. +.It Fa version +The version of the Python Policy Plugin API. +.It Fa user_info +A tuple of information about the user running the command in the form of +.Dq key=value +strings. +.It Fa plugin_options +The plugin options passed as arguments in the +.Xr sudo.conf @mansectform@ +plugin registration. +This is a tuple of strings, usually (but not necessarily) in +.Dq key=value +format. +.El +.Pp +The +.Fn sudo.options_as_dict +convenience function can be used to convert +.Dq key=value +pairs to a dictionary. +For a list of recognized keys and their supported values, +see the policy plugin +.Fn open +documentation in +.Xr sudo_plugin @mansectform@ . +.It Sy check_policy +.Bd -literal -compact +check_policy(self, argv: Tuple[str, ...], env_add: Tuple[str, ...]) +.Ed +.Pp +The +.Fn check_policy +function is called by +.Nm sudo +to determine whether the user is allowed to run the specified command. +Implementing this function is mandatory for a policy plugin. +.Pp +The function arguments are as follows: +.Bl -tag -width 4n +.It Fa argv +A tuple describing the command the user wishes to run. +.It Fa env_add +Additional environment variables specified by the user on the command line in +the form of a tuple of +.Dq key=value +pairs. +The +.Fn sudo.options_as_dict +convenience function can be used to convert them to a dictionary. +.El +.Pp +This function should return a result code or a tuple in the following format: +.Bd -literal -offset indent +return (rc, command_info_out, argv_out, user_env_out) +.Ed +.Pp +The tuple values are as follows: +.Bl -tag -width 4n +.It Fa rc +The result of the policy check, one of the +.Dv sudo.RC.* +constants. +.Dv sudo.RC.ACCEPT +if the command is allowed, +.Dv sudo.RC.REJECT +if not allowed, +.Dv sudo.RC.ERROR +for a general error, or +.Dv sudo.RC.USAGE_ERROR +for a usage error. +.It Fa command_info_out +Optional (only required when the command is accepted). +Information about the command being run in the form of +.Dq key=value +strings. +.Pp +To accept a command, at the very minimum the plugin must set in the +.Em command , +.Em runas_uid , +and +.Em runas_gid +keys. +.Pp +For a list of recognized keys and supported values, +see the +.Fn check_policy +documentation in +.Xr sudo_plugin @mansectform@ . +.It Fa argv_out +Optional (only required when the command is accepted). +The arguments to pass to the +.Xr execve 2 +system call when executing the command. +.It Fa user_env_out +Optional (only required when the command is accepted). +The environment to use when executing the command in the form of a +tuple of strings in +.Dq key=value +format. +.El +.It Sy init_session +.Bd -literal -compact +init_session(self, user_pwd: Tuple, user_env: Tuple[str, ...]) +.Ed +.Pp +Perform session setup (optional). +The +.Fn init_session +function is called before +.Nm sudo +sets up the +execution environment for the command before any user-ID or group-ID changes. +.Pp +The function arguments are as follows: +.Bl -tag -width 4n +.It Fa user_pwd +A tuple describing the user's passwd entry. +Convertible to pwd.struct_passwd or +.Em None +if the user is not present in the password database. +.Pp +Example conversion: +.Bd -literal -compact -offset indent +user_pwd = pwd.struct_passwd(user_pwd) if user_pwd else None +.Ed +.It Fa user_env +The environment the command will run in. +This is a tuple of strings in +.Dq key=value +format. +.El +.Pp +This function should return a result code or a tuple in the following format: +.Bd -literal -offset 4n +return (rc, user_env_out) +.Ed +.Pp +The tuple values are as follows: +.Bl -tag -width 4n +.It Fa rc +The result of the session init, one of the +.Dv sudo.RC.* +constants. +.Dv sudo.RC.OK +on success, 0 on failure, or +.Dv sudo.RC.ERROR +if an error occurred. +.It Fa user_env_out +Optional. +If the +.Fn init_session +function needs to modify the user environment, it can return the new +environment in +.Fa user_env_out . +If this is omitted, no changes will be made to +.Fa user_env . +.El +.It Sy list +.Bd -literal -compact +list(self, argv: Tuple[str, ...], is_verbose: int, user: str) +.Ed +.Pp +List available privileges for the invoking user. +.Pp +The function arguments are as follows: +.Bl -tag -width 4n +.It Fa argv +If not set to +.Em None , +an argument vector describing a command the user wishes to check +against the policy. +.It Fa is_verbose +Flag indicating whether to list in verbose mode or not. +.It Fa user +The name of a different user to list privileges for if the policy allows it. +If +.Em None , +the plugin should list the privileges of the invoking user. +.El +.It Sy validate +.Bd -literal -compact +validate(self) +.Ed +.Pp +For policy plugins that cache authentication credentials, this function is used to validate and cache the credentials (optional). +.It Sy invalidate +.Bd -literal -compact +invalidate(self, remove: int) +.Ed +.Pp +For policy plugins that cache authentication credentials, this function is used to invalidate the credentials (optional). +.Pp +The function arguments are as follows: +.Bl -tag -width 4n +.It Fa remove +If this flag is set, the plugin may remove the credentials instead of simply +invalidating them. +.El +.It Sy show_version +.Bd -literal -compact +show_version(self, is_verbose: int) +.Ed +.Pp +Display the plugin version information to the user. +The +.Fn sudo.log_info +function should be used. +.Pp +The function arguments are as follows: +.Bl -tag -width 4n +.It Fa is_verbose +A flag to indicate displaying more verbose information. +Currently this is 1 if +.Ql sudo -V +is run as the root user. +.El +.It Sy close +.Bd -literal -compact +close(self, exit_status: int, error: int) +.Ed +.Pp +Called when a command finishes executing. +.Pp +Works the same as the +.Fn close +function in the C sudo plugin API, except that it only gets called if +.Nm sudo +attempts to execute the command. +.Pp +The function arguments are as follows: +.Bl -tag -width 4n +.It Fa exit_status +The exit status of the command if was executed, otherwise \-1. +.It Fa error +If the command could not be executed, this is set to the value of +errno set by the +.Xr execve 2 +system call, otherwise 0. +.El +.El +.Ss Policy plugin example +Sudo ships with an example Python policy plugin. +To try it, register it by adding the following lines to +.Pa @sysconfdir@/sudo.conf : +.Bd -literal +Plugin python_policy python_plugin.so \e + ModulePath=@prefix@/share/doc/sudo/examples/example_policy_plugin.py \e + ClassName=SudoPolicyPlugin +.Ed +.Pp +Be aware, however, that you cannot enable the Python policy plugin +in addition to another policy plugin, such as +.Xr sudoers @mansectform@ . +.Ss I/O plugin API +I/O plugins must be registered in +.Xr sudo.conf @mansectform@ . +For example: +.Bd -literal -offset indent +Plugin python_io python_plugin.so ModulePath= ClassName= +.Ed +.Pp +Sudo supports loading multiple I/O plugins. +Currently only 8 python I/O plugins can be loaded at once. +.Pp +An I/O plugin may have the following member functions: +.Bl -tag -width 4n +.It Sy constructor +.Bd -literal -compact +__init__(self, user_env: Tuple[str, ...], settings: Tuple[str, ...], + version: str, user_info: Tuple[str, ...], + plugin_options: Tuple[str, ...]) +.Ed +.Pp +Implementing this function is optional. +The default constructor will set the keyword arguments it receives +as member variables in the object. +.Pp +The constructor matches the +.Fn open +function in the C sudo plugin API. +.Pp +The function arguments are as follows: +.Bl -tag -width 4n +.It Fa user_env +The user's environment as a tuple of strings in +.Dq key=value +format. +.It Fa settings +A tuple of user-supplied +.Em sudo +settings in the form of +.Dq key=value +strings. +.It Fa version +The version of the Python I/O Plugin API. +.It Fa user_info +A tuple of information about the user running the command in the form of +.Dq key=value +strings. +.It Fa plugin_options +The plugin options passed as arguments in the +.Xr sudo.conf @mansectform@ +plugin registration. +This is a tuple of strings, usually (but not necessarily) in +.Dq key=value +format. +.El +.Pp +The +.Fn sudo.options_as_dict +convenience function can be used to convert +.Dq key=value +pairs to a dictionary. +For a list of recognized keys and their supported values, +see the I/O plugin +.Fn open +documentation in +.Xr sudo_plugin @mansectform@ . +.It Sy open +.Bd -literal -compact +open(self, argv: Tuple[str, ...], + command_info: Tuple[str, ...]) -> int +.Ed +.Pp +Receives the command the user wishes to run. +.Pp +Works the same as the +.Fn open +function in the C sudo plugin API except that: +.Pp +.Bl -bullet -compact -offset 4n -width 1n +.It +It only gets called before the user would execute some command +(and not for a version query for example). +.It +Other arguments of the C API +.Fn open +function are received through the constructor. +.El +.Pp +The function arguments are as follows: +.Bl -tag -width 4n +.It Fa argv +A tuple of the arguments describing the command the user wishes to run. +.It Fa command_info +Information about the command being run in the form of +.Dq key=value +strings. +.El +.Pp +The +.Fn sudo.options_as_dict +convenience function can be used to convert +.Dq key=value +pairs to a dictionary. +For a list of recognized keys and their supported values, +see the I/O plugin +.Fn open +documentation in +.Xr sudo_plugin @mansectform@ . +.Pp +The +.Fn open +function should return a result code, one of the +.Dv sudo.RC.* +constants. +If the function returns +.Dv sudo.RC.REJECT , +no I/O will be sent to the plugin. +.It Sy log_ttyin , log_ttyout , log_stdin , log_stdout , log_stderr +.Bd -literal -compact +log_ttyin(self, buf: str) -> int +log_ttyout(self, buf: str) -> int +log_stdin(self, buf: str) -> int +log_stdout(self, buf: str) -> int +log_stderr(self, buf: str) -> int +.Ed +.Pp +Receive the user input or output of the terminal device and +application standard input, standard output, or standard error. +See the matching calls in +.Xr sudo_plugin @mansectform@ . +.Pp +The function arguments are as follows: +.Bl -tag -width 4n +.It Fa buf +The input (or output) buffer in the form of a string. +.El +.Pp +The function should return a result code, one of the +.Dv sudo.RC.* +constants. +.Pp +If +.Dv sudo.RC.ERROR +is returned, the running command will be terminated and all of the plugin's logging +functions will be disabled. +Other I/O logging plugins will still receive any remaining +input or output that has not yet been processed. +.Pp +If an input logging function rejects the data by returning +.Dv sudo.RC.REJECT , +the command will be terminated and the data will not be passed to the +command, though it will still be sent to any other I/O logging plugins. +If an output logging function rejects the data by returning +.Dv sudo.RC.REJECT , +the command will be terminated and the data will not be written to the +terminal, though it will still be sent to any other I/O logging plugins. +.It Sy change_winsize +.Bd -literal -compact +change_winsize(self, line: int, cols: int) -> int +.Ed +.Pp +Called whenever the window size of the terminal changes. +The function arguments are as follows: +.Bl -tag -width 4n +.It Fa line +The number of lines of the terminal. +.It Fa cols +The number of columns of the terminal. +.El +.It Sy log_suspend +.Bd -literal -compact +log_suspend(self, signo: int) -> int +.Ed +Called whenever a command is suspended or resumed. +.Pp +The function arguments are as follows: +.Bl -tag -width 4n +.It Fa signo +The number of the signal that caused the command to be suspended or +.Dv SIGCONT +if the command was resumed. +.El +.It Sy show_version +.Bd -literal -compact +show_version(self, is_verbose: int) +.Ed +Display the plugin version information to the user. +The +.Fn sudo.log_info +function should be used. +.Pp +The function arguments are as follows: +.Bl -tag -width 4n +.It Fa is_verbose +A flag to indicate displaying more verbose information. +Currently this is 1 if +.Ql sudo -V +is run as the root user. +.El +.It Sy close +.Bd -literal -compact +close(self, exit_status: int, error: int) -> None +.Ed +Called when a command execution finished. +.Pp +Works the same as the +.Fn close +function in the C sudo plugin API, except that it only gets called if +.Nm sudo +attempts to execute the command. +.Pp +The function arguments are as follows: +.Bl -tag -width 4n +.It Fa exit_status +The exit status of the command if was executed, otherwise \-1. +.It Fa error +If the command could not be executed, this is set to the value of +errno set by the +.Xr execve 2 +system call, otherwise 0. +.El +.El +.Ss I/O plugin example +Sudo ships a Python I/O plugin example. +To try it, register it by adding the following lines to +.Pa @sysconfdir@/sudo.conf : +.Bd -literal -offset indent +Plugin python_io python_plugin.so \e + ModulePath=@prefix@/share/doc/sudo/examples/example_io_plugin.py \e + ClassName=SudoIOPlugin +.Ed +.Ss Audit plugin API +Audit plugins must be registered in +.Xr sudo.conf @mansectform@ . +For example: +.Bd -literal -offset indent +Plugin python_audit python_plugin.so ModulePath= ClassName= +.Ed +.Pp +Sudo supports loading multiple audit plugins. +Currently only 8 python audit plugins can be loaded at once. +.Pp +An audit plugin may have the following member functions (all of them are optional): +.Bl -tag -width 4n +.It Sy constructor +.Bd -literal -compact +__init__(self, user_env: Tuple[str, ...], settings: Tuple[str, ...], + version: str, user_info: Tuple[str, ...], plugin_options: Tuple[str, ...]) +.Ed +.Pp +The default constructor will set the keyword arguments it receives +as member variables in the object. +.Pp +The constructor matches the +.Fn open +function in the C sudo plugin API. +.Pp +The function arguments are as follows: +.Bl -tag -width 4n +.It Fa user_env +The user's environment as a tuple of strings in +.Dq key=value +format. +.It Fa settings +A tuple of user-supplied +.Em sudo +settings in the form of +.Dq key=value +strings. +.It Fa version +The version of the Python Audit Plugin API. +.It Fa user_info +A tuple of information about the user running the command in the form of +.Dq key=value +strings. +.It Fa plugin_options +The plugin options passed as arguments in the +.Xr sudo.conf @mansectform@ +plugin registration. +This is a tuple of strings, usually (but not necessarily) in +.Dq key=value +format. +.El +.It Sy open +.Bd -literal -compact +open(self, submit_optind: int, + submit_argv: Tuple[str, ...]) -> int +.Ed +.Pp +The function arguments are as follows: +.Bl -tag -width 4n +.It Fa submit_optind +The index into +.Fa submit_argv +that corresponds to the first entry that is not a command line option. +.It Fa submit_argv +The argument vector sudo was invoked with, including all command line options. +.El +.It Sy close +.Bd -literal -compact +close(self, status_type: int, status: int) -> None +.Ed +.Pp +Called when sudo is finished, shortly before it exits. +.Pp +The function arguments are as follows: +.Bl -tag -width 4n +.It Fa status_type +The type of status being passed. +One of the sudo.EXIT_REASON.* constants. +.It Fa status +Depending on the value of +.Fa status_type , +this value is either +ignored, the command's exit status as returned by the +.Xr wait 2 +system call, the value of +.Li errno +set by the +.Xr execve 2 +system call, or the value of +.Li errno +resulting from an error in the +.Nm sudo +front-end. +.El +.It Sy show_version +.Bd -literal -compact +show_version(self, is_verbose: int) -> int +.Ed +.Pp +Display the plugin version information to the user. +The +.Fn sudo.log_info +function should be used. +.Pp +The function arguments are as follows: +.Bl -tag -width 4n +.It Fa is_verbose +A flag to indicate displaying more verbose information. +Currently this is 1 if +.Ql sudo -V +is run as the root user. +.El +.It Sy accept +.Bd -literal -compact +accept(self, plugin_name: str, plugin_type: int, command_info: Tuple[str, ...], + run_argv: Tuple[str, ...], run_envp: Tuple[str, ...]) -> int +.Ed +.Pp +This function is called when a command or action is accepted by a policy +or approval plugin. +The function arguments are as follows: +.Bl -tag -width 4n +.It plugin_name +The name of the plugin that accepted the command or +.Dq sudo +for the +.Nm sudo +front-end. +.It plugin_type +The type of plugin that accepted the command, currently either +.Dv sudo.PLUGIN_TYPE.POLICY , +.Dv sudo.PLUGIN_TYPE.APPROVAL , +or +.Dv sudo.PLUGIN_TYPE.SUDO . +The +.Fn accept +function is called multiple times--once for each policy or approval +plugin that succeeds and once for the sudo front-end. +When called on behalf of the sudo front-end, +.Fa command_info +may include information from an I/O logging plugin as well. +.Pp +Typically, an audit plugin is interested in either the accept status from +the +.Nm sudo +front-end or from the various policy and approval plugins, but not both. +It is possible for the policy plugin to accept a command that is +later rejected by an approval plugin, in which case the audit +plugin's +.Fn accept +and +.Fn reject +functions will +.Em both +be called. +.It command_info +A vector of information describing the command being run. +See the +.Xr sudo_plugin @mansectform@ +manual for possible values. +.It run_argv +Argument vector describing a command that will be run. +.It run_envp +The environment the command will be run with. +.El +.It Sy reject +.Bd -literal -compact +reject(self, plugin_name: str, plugin_type: int, audit_msg: str, + command_info: Tuple[str, ...]) -> int +.Ed +.Pp +This function is called when a command or action is rejected by the policy +plugin. +The function arguments are as follows: +.Bl -tag -width 4n +.It plugin_name +The name of the plugin that rejected the command. +.It plugin_type +The type of plugin that rejected the command, currently either +.Dv sudo.PLUGIN_TYPE.POLICY , +.Dv sudo.PLUGIN_TYPE.APPROVAL , +or +.Dv sudo.PLUGIN_TYPE.IO . +.Pp +Unlike the +.Fn accept +function, the +.Fn reject +function is not called on behalf of the +.Nm sudo +front-end. +.It audit_msg +An optional string describing the reason the command was rejected by the plugin. +If the plugin did not provide a reason, audit_msg will be +.Em None +. +.It command_info +A vector of information describing the rejected command. +See the +.Xr sudo_plugin @mansectform@ +manual for possible values. +.El +.It Sy error +.Bd -literal -compact +error(self, plugin_name: str, plugin_type: int, audit_msg: str, + command_info: Tuple[str, ...]) -> int +.Ed +.Pp +This function is called when a plugin or the +.Nm sudo +front-end returns an error. +The function arguments are as follows: +.Bl -tag -width 4n +.It plugin_name +The name of the plugin that generated the error or +.Dq sudo +for the +.Nm sudo +front-end. +.It plugin_type +The type of plugin that generated the error, or +.Dv SUDO_FRONT_END +for the +.Nm sudo +front-end. +.It audit_msg +An optional string describing the plugin error. +If the plugin did not provide a description, it will be +.Em None +. +.It command_info +A vector of information describing the command. +See the +.Xr sudo_plugin @mansectform@ +manual for possible values. +.El +.El +.Ss Audit plugin example +Sudo ships a Python Audit plugin example. +To try it, register it by adding the following lines to +.Pa @sysconfdir@/sudo.conf : +.Bd -literal -offset indent +Plugin python_audit python_plugin.so \e + ModulePath=@prefix@/share/doc/sudo/examples/example_audit_plugin.py \e + ClassName=SudoAuditPlugin +.Ed +.Pp +It will log the plugin accept / reject / error results to the output. +.Ss Approval plugin API +Approval plugins must be registered in +.Xr sudo.conf @mansectform@ . +For example: +.Bd -literal -offset indent +Plugin python_approval python_plugin.so ModulePath= ClassName= +.Ed +.Pp +Sudo supports loading multiple approval plugins. +Currently only 8 python approval plugins can be loaded at once. +.Pp +An approval plugin may have the following member functions: +.Bl -tag -width 4n +.It Sy constructor +.Bd -literal -compact +__init__(self, user_env: Tuple[str, ...], settings: Tuple[str, ...], + version: str, user_info: Tuple[str, ...], plugin_options: Tuple[str, ...], + submit_optind: int, submit_argv: Tuple[str, ...]) +.Ed +.Pp +Optional. +The default constructor will set the keyword arguments it receives +as member variables in the object. +.Pp +The constructor matches the +.Fn open +function in the C sudo plugin API. +.Pp +The function arguments are as follows: +.Bl -tag -width 4n +.It Fa user_env +The user's environment as a tuple of strings in +.Dq key=value +format. +.It Fa settings +A tuple of user-supplied +.Em sudo +settings in the form of +.Dq key=value +strings. +.It Fa version +The version of the Python Approval Plugin API. +.It Fa user_info +A tuple of information about the user running the command in the form of +.Dq key=value +strings. +.It Fa plugin_options +The plugin options passed as arguments in the +.Xr sudo.conf @mansectform@ +plugin registration. +This is a tuple of strings, usually (but not necessarily) in +.Dq key=value +format. +.It Fa submit_optind +The index into +.Fa submit_argv +that corresponds to the first entry that is not a command line option. +.It Fa submit_argv +The argument vector sudo was invoked with, including all command line options. +.El +.It Sy show_version +.Bd -literal -compact +show_version(self, is_verbose: int) -> int +.Ed +.Pp +Display the version. (Same as for all the other plugins.) +.It Sy check +.Bd -literal -compact +check(self, command_info: Tuple[str, ...], run_argv: Tuple[str, ...], + run_env: Tuple[str, ...]) -> int +.Ed +.Pp +This function is called after policy plugin's check_policy has succeeded. +It can reject execution of the command by returning sudo.RC.REJECT or +raising the special exception: +.Bd -literal -offset indent +raise sudo.PluginReject("some message") +.Ed +.Pp +with the message describing the problem. +In the latter case, the audit plugins will get the description. +.Pp +The function arguments are as follows: +.Bl -tag -width 4n +.It command_info +A vector of information describing the command that will run. +See the +.Xr sudo_plugin @mansectform@ +manual for possible values. +.It run_argv +Argument vector describing a command that will be run. +.It run_env +The environment the command will be run with. +.El +.El +.Ss Approval plugin example +Sudo ships a Python Approval plugin example. +To try it, register it by adding the following lines to +.Pa @sysconfdir@/sudo.conf : +.Bd -literal -offset indent +Plugin python_approval python_plugin.so \e + ModulePath=@prefix@/share/doc/sudo/examples/example_approval_plugin.py \e + ClassName=BusinessHoursApprovalPlugin +.Ed +.Pp +It will only allow execution of commands in the "business hours" (from Monday +to Friday between 8:00 and 17:59:59). +.Ss Sudoers group provider plugin API +A group provider plugin is registered in the +.Xr sudoers @mansectform@ +file. +For example: +.Bd -literal -offset indent +Defaults group_plugin="python_plugin.so ModulePath= ClassName=" +.Ed +.Pp +Currently, only a single group plugin can be registered in +.Em sudoers . +.Pp +A group provider plugin may have the following member functions: +.Bl -tag -width 4n +.It Sy constructor +.Bd -literal -compact +__init__(self, args: Tuple[str, ...], version: str) +.Ed +.Pp +Implementing this function is optional. +The default constructor will set the keyword arguments it receives +as member variables in the object. +.Pp +The function arguments are as follows: +.Bl -tag -width 4n +.It Fa args +The plugin options passed as arguments in the +.Em sudoers +file plugin registration. +All the arguments are free form strings (not necessarily in +.Dq key=value +format). +.It Fa version +The version of the Python Group Plugin API. +.El +.It Sy query +.Bd -literal -compact +query(self, user: str, group: str, user_pwd: Tuple) +.Ed +.Pp +The +.Fn query +function is used to ask the group plugin whether +.Fa user +is a member of +.Fa group . +This method is required. +.El +.Pp +The function arguments are as follows: +.Bl -tag -width 4n +.It Fa user +The name of the user being looked up in the external group database. +.It Fa group +The name of the group being queried. +.It Fa user_pwd +The password database entry for the user, if any. +If +.Fa user +is not present in the password database, +.Fa user_pwd +will be +.Dv NULL . +.El +.Ss Group plugin example +Sudo ships a Python group plugin example. +To try it, register it in the +.Em sudoers +file by adding the following lines: +.Bd -literal -offset indent +Defaults group_plugin="python_plugin.so \e + ModulePath=@prefix@/share/doc/sudo/examples/example_group_plugin.py \e + ClassName=SudoGroupPlugin" +.Ed +.Pp +The example plugin will tell +.Nm sudo +that the user +.Em test +is part of the non-unix group +.Em mygroup . +If you add a rule that uses this group, it will affect the +.Em test +user. +For example: +.Bd -literal -offset indent +%:mygroup ALL=(ALL) NOPASSWD: ALL +.Ed +.Pp +Will allow user +.Em test +to run +.Nm sudo +without a password. +.Ss Hook function API +The hook function API is currently not supported for plugins +written in Python. +.Ss Conversation API +A Python plugin can interact with the user using the +.Fn sudo.conv +function which displays one or more messages described by the +.Sy sudo.ConvMessage +class. +This is the Python equivalent of the +.Fn conversation +function in the C sudo plugin API. +A plugin should not attempt to read directly from the standard input or +the user's tty (neither of which are guaranteed to exist). +.Pp +The +.Sy sudo.ConvMessage +class specifies how the user interaction should occur: +.Bd -literal -offset 4n +sudo.ConvMessage(msg_type: int, msg: str, timeout: int) +.Ed +.Pp +.Sy sudo.ConvMessage +member variables: +.Bl -tag -width 4n +.It Fa msg_type +Specifies the type of the conversation. +See the +.Dv sudo.CONV.* +constants below. +.It Fa msg +The message to display to the user. +The caller must include a trailing newline in +.Li msg +if one is to be displayed. +.It Fa timeout +Optional. +The maximum amount of time for the conversation in seconds. +If the timeout is exceeded, the +.Fn sudo.conv +function will raise a +.Dv sudo.ConversationInterrupted +exception. +The default is to wait forever (no timeout). +.El +.Pp +To specify the message type, the following constants are available: +.Pp +.Bl -bullet -compact -offset 4n -width 1n +.It +sudo.CONV.PROMPT_ECHO_OFF +.It +sudo.CONV.PROMPT_ECHO_ON +.It +sudo.CONV.ERROR_MSG +.It +sudo.CONV.INFO_MSG +.It +sudo.CONV.PROMPT_MASK +.It +sudo.CONV.PROMPT_ECHO_OK +.It +sudo.CONV.PREFER_TTY +.El +.Pp +See the +.Xr sudo_plugin @mansectform@ +manual for a description of the message types. +.Pp +The +.Fn sudo.conv +function performs the actual user interaction: +.Bd -literal -offset 4n +sudo.conv(message(s), on_suspend=suspend_function, + on_resume=resume_function) +.Ed +.Pp +The function arguments are as follows: +.Bl -tag -width 4n +.It Fa message(s) +One of more messages (of type +.Sy sudo.ConvMessage ) , +each describing a conversation. +At least one message is required. +.It Fa on_suspend +An optional callback function which gets called if the conversation +is suspended, for example by the user pressing control-Z. +The specified function must take a single argument which will be filled +with the number of the signal that caused the process to be suspended. +.It Fa on_resume +An optional callback function which gets called when the previously +suspended conversation is resumed. +The specified function must take a single argument which will be filled +with the number of the signal that caused the process to be suspended. +.El +.Pp +The +.Fn sudo.conv +function can raise the following exceptions: +.Bl -tag -width 4n +.It Sy sudo.SudoException +If the conversation fails, for example when the conversation function is not +available. +.It Sy sudo.ConversationInterrupted +If the conversation function returns an error, e.g., the timeout passed +or the user interrupted the conversation by pressing control-C. +.El +.Ss Conversation example +Sudo ships with an example plugin demonstrating the Python conversation API. +To try it, register it by adding the following lines to +.Pa @sysconfdir@/sudo.conf : +.Bd -literal -offset indent +Plugin python_io python_plugin.so \e + ModulePath=@prefix@/share/doc/sudo/examples/example_conversation.py \e + ClassName=ReasonLoggerIOPlugin +.Ed +.Ss Information / error display API +.Bd -literal +sudo.log_info(string(s), sep=" ", end="\en") +sudo.log_error(string(s), sep=" ", end="\en") +.Ed +.Pp +To display information to the user, the +.Fn sudo.log_info +function can be used. +To display error messages, use +.Fn sudo.log_error . +The syntax is similar to the Python +.Fn print +function. +.Pp +The function arguments are as follows: +.Bl -tag -width 4n +.It Fa string(s) +One or more strings to display. +.It Fa sep +An optional string which will be used as the separator between the +specified strings. +The default is a space character, +.Pq Sq \ . +.It Fa end +An optional string which will be displayed at the end of the message. +The default is a new line character +.Pq Sq \en . +.El +.Ss Debug API +Debug messages are not visible to the user and are only logged debugging +is explicitly enabled in +.Xr sudo.conf @mansectform@ . +Python plugins can use the +.Fn sudo.debug +function to make use of +.Nm sudo Ns No 's +debug system. +.Pp +.Em Enabling debugging in sudo.conf +.Pp +To enable debug messages, add a +.Li Debug +line to +.Xr sudo.conf @mansectform@ +with the program set to +.Pa python_plugin.so . +For example, to store debug output in +.Pa /var/log/sudo_python_debug , +use a line like the following: +.Bd -literal -offset indent +Debug python_plugin.so /var/log/sudo_python_debug \e + plugin@trace,c_calls@trace +.Ed +.Pp +The debug options are in the form of multiple +.Dq subsystem@level +strings, separated by commas +.Pq Sq \&, . +For example to just see the debug output of +.Fn sudo.debug +calls, use: +.Bd -literal -offset indent +Debug python_plugin.so /var/log/sudo_python_debug plugin@trace +.Ed +.Pp +See +.Xr sudo_conf @mansectform@ +for more details. +.Pp +The most interesting subsystems for Python plugin development are: +.Bl -tag -width 4n +.It Em plugin +Logs each +.Fn sudo.debug +API call. +.It Em py_calls +Logs whenever a C function calls into the python module. +For example, calling the +.Fn __init__ +function. +.It Em c_calls +Logs whenever python calls into a C +.Nm sudo +API function. +.It Em internal +Logs internal functions of the python language wrapper plugin. +.It Em sudo_cb +Logs when +.Nm sudo +calls into the python plugin API. +.It Em load +Logs python plugin loading / unloading events. +.El +.Pp +You can also specify +.Dq all +as the subsystem name to log debug messages for all subsystems. +.Pp +The +.Fn sudo.debug +function is defined as: +.Bd -literal -offset 4n +sudo.debug(level, message(s)) +.Ed +.Pp +The function arguments are as follows: +.Bl -tag -width 4n +.It Fa level +an integer, use one of the log level constants below +.It Fa message(s) +one or more messages to log +.El +.Pp +.Em Available log levels: +.Bl -column "name in sudo.conf" "Python constant" "only critical messages" +.It Sy sudo.conf name Ta Sy Python constant Ta Sy description +.It crit Ta sudo.DEBUG.CRIT Ta only critical messages +.It err Ta sudo.DEBUG.ERROR Ta +.It warn Ta sudo.DEBUG.WARN Ta +.It notice Ta sudo.DEBUG.NOTICE Ta +.It diag Ta sudo.DEBUG.DIAG Ta +.It info Ta sudo.DEBUG.INFO Ta +.It trace Ta sudo.DEBUG.TRACE Ta +.It debug Ta sudo.DEBUG.DEBUG Ta very extreme verbose debugging +.El +.Pp +.Em Using the logging module +.Pp +Alternatively, a plugin can use the built in logging module of Python as well. +Sudo adds its log handler to the root logger, so by default all output of a +logger will get forwarded to sudo log system, as it would call sudo.debug. +.Pp +The log handler of sudo will map each Python log level of a message to +the appropriate sudo debug level. +Note however, that sudo debug system will only get the messages not filtered +out by the Python loggers. +For example, the log level of the python logger will be an additional filter +for the log messages, and is usually very different from what level is set in sudo.conf +for the sudo debug system. +.Ss Debug example +Sudo ships an example debug plugin by default. +To try it, register it by adding the following lines to +.Pa @sysconfdir@/sudo.conf : +.Bd -literal -offset indent +Plugin python_io python_plugin.so \e + ModulePath=@prefix@/share/doc/sudo/examples/example_debugging.py \e + ClassName=DebugDemoPlugin + +Debug python_plugin.so \e + /var/log/sudo_python_debug plugin@trace,c_calls@trace +.Ed +.Ss Option conversion API +The Python plugin API includes two convenience functions to +convert options in +.Dq key=value +format to a dictionary and vice versa. +.Bl -tag -width 4n +.It options_as_dict +.Bd -literal -compact +options_as_dict(options) +.Ed +.Pp +The function arguments are as follows: +.Bl -tag -width 4n +.It Fa options +An iterable (tuple, list, etc.) of strings, each in +.Dq key=value +format. +This is how the plugin API passes options and settings to a Python plugin. +.El +.Pp +The function returns the resulting dictionary. +Each string of the passed in +.Fa options +will be split at the first equal sign +.Pq Sq \&= +into a +.Em key +and +.Em value . +Dictionary keys will never contain this symbol (but values may). +.It options_from_dict +.Bd -literal -compact +options_from_dict(options_dict) +.Ed +.Pp +The function arguments are as follows: +.Bl -tag -width 4n +.It Fa options_dict +A dictionary where both the key and the value are strings. +Note that the key should not contain an equal sign +.Pq Sq \&= , +otherwise the resulting string will have a different meaning. +However, this is not currently enforced. +.El +.Pp +The function returns a tuple containing the strings in +.Dq key=value +form for each key and value in the +.Fa options_dict +dictionary passed in. +This is how the plugin API accepts options and settings. +.El +.Sh PLUGIN API CHANGELOG (Python) +None yet +.Sh LIMITATIONS +Only a maximum number of 8 python I/O plugins can be loaded at once. +If +.Pa @sysconfdir@/sudo.conf +contains more, those will be rejected with a warning message. +.Pp +The Event API and the hook function API is currently not accessible for Python plugins. +.Sh SEE ALSO +.Xr sudo.conf @mansectform@ , +.Xr sudo_plugin @mansectform@ , +.Xr sudoers @mansectform@ , +.Xr sudo @mansectsu@ +.Sh AUTHORS +Many people have worked on +.Nm sudo +over the years; this version consists of code written primarily by: +.Bd -ragged -offset indent +.An Todd C. Miller +.Ed +.Pp +See the CONTRIBUTORS file in the +.Nm sudo +distribution (https://www.sudo.ws/contributors.html) for an +exhaustive list of people who have contributed to +.Nm sudo . +.Sh BUGS +Python plugin support is currently considered experimental. +.Pp +If you feel you have found a bug in +.Nm sudo , +please submit a bug report at https://bugzilla.sudo.ws/ +.Sh SECURITY CONSIDERATIONS +All Python plugin handling is implemented inside the +.Li python_plugin.so +dynamic plugin. +Therefore, if no Python plugin is registered in +.Xr sudo.conf @mansectform@ +or the +.Em sudoers +file, +.Nm sudo +will not load the Python interpreter or the Python libraries. +.Pp +By default, a Python plugin can only import Python modules which are +owned by +.Em root +and are only writable by the owner. +The reason for this is to prevent a file getting imported accidentally +which is modifiable by a non-root user. +As +.Nm sudo +plugins run as +.Em root , +accidentally importing such file would make it possible for any user +(having write access) to execute any code with administrative rights. +.Pp +However, during development of a plugin this might not be very convenient. +The +.Xr sudo.conf @mansectform@ +.Li developer_mode +option can be used to disable it. +For example: +.Dl Set developer_mode true +.Pp +Please note that this creates a security risk, so it is not recommended +on critical systems such as a desktop machine for daily use, but is intended +to be used in development environments (VM, container, etc). +Before enabling developer mode, ensure you understand the implications. +.Sh SUPPORT +Limited free support is available via the sudo-users mailing list, +see https://www.sudo.ws/mailman/listinfo/sudo-users to subscribe or +search the archives. +.Sh DISCLAIMER +.Nm sudo +is provided +.Dq AS IS +and any express or implied warranties, including, but not limited +to, the implied warranties of merchantability and fitness for a +particular purpose are disclaimed. +See the LICENSE file distributed with +.Nm sudo +or https://www.sudo.ws/license.html for complete details. diff -Nru sudo-1.9.5p2/docs/sudo_sendlog.man.in sudo-1.9.9/docs/sudo_sendlog.man.in --- sudo-1.9.5p2/docs/sudo_sendlog.man.in 1970-01-01 00:00:00.000000000 +0000 +++ sudo-1.9.9/docs/sudo_sendlog.man.in 2022-01-27 21:24:22.000000000 +0000 @@ -0,0 +1,204 @@ +.\" Automatically generated from an mdoc input file. Do not edit. +.\" +.\" SPDX-License-Identifier: ISC +.\" +.\" Copyright (c) 2019-2021 Todd C. Miller +.\" +.\" Permission to use, copy, modify, and distribute this software for any +.\" purpose with or without fee is hereby granted, provided that the above +.\" copyright notice and this permission notice appear in all copies. +.\" +.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES +.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF +.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR +.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES +.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN +.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF +.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. +.\" +.TH "SUDO_SENDLOG" "@mansectsu@" "September 17, 2021" "Sudo @PACKAGE_VERSION@" "System Manager's Manual" +.nh +.if n .ad l +.SH "NAME" +\fBsudo_sendlog\fR +\- send sudo I/O log to log server +.SH "SYNOPSIS" +.HP 13n +\fBsudo_sendlog\fR +[\fB\-AnV\fR] +[\fB\-b\fR\ \fIca_bundle\fR] +[\fB\-c\fR\ \fIcert_file\fR] +[\fB\-h\fR\ \fIhost\fR] +[\fB\-i\fR\ \fIiolog-id\fR] +[\fB\-k\fR\ \fIkey_file\fR] +[\fB\-p\fR\ \fIport\fR] +[\fB\-r\fR\ \fIrestart-point\fR] +[\fB\-R\fR\ \fIreject-reason\fR] +[\fB\-s\fR\ \fIstop-point\fR] +[\fB\-t\fR\ \fInumber\fR] +\fIpath\fR +.SH "DESCRIPTION" +\fBsudo_sendlog\fR +can be used to send the existing +\fBsudoers\fR +I/O log +\fIpath\fR +to a remote log server such as +sudo_logsrvd(@mansectsu@) +for central storage. +.PP +The options are as follows: +.TP 12n +\fB\-A\fR, \fB\--accept-only\fR +Only send the accept event, not the I/O associated with the log. +This can be used to test the logging of accept events without +any associated I/O. +.TP 12n +\fB\-b\fR, \fB\--ca-bundle\fR +The path to a certificate authority bundle file, in PEM format, +to use instead of the system's default certificate authority database +when authenticating the log server. +The default is to use the system's default certificate authority database. +.TP 12n +\fB\-c\fR, \fB\--cert\fR +The path to the client's certificate file in PEM format. +This setting is required when the connection to the remote log server +is secured with TLS. +.TP 12n +\fB\--help\fR +Display a short help message to the standard output and exit. +.TP 12n +\fB\-h\fR, \fB\--host\fR +Connect to the specified +\fIhost\fR +instead of localhost. +.TP 12n +\fB\-i\fR, \fB\--iolog-id\fR +Use the specified +\fIiolog-id\fR +when restarting a log transfer. +The +\fIiolog-id\fR +is reported by the server when it creates the remote I/O log. +This option may only be used in conjunction with the +\fB\-r\fR +option. +.TP 12n +\fB\-k\fR, \fB\--key\fR +.br +The path to the client's private key file in PEM format. +This setting is required when the connection to the remote log server +is secured with TLS. +.TP 12n +\fB\-n\fR, \fB\--no-verify\fR +If specified, the server's certificate will not be verified during +the TLS handshake. +By default, +\fBsudo_sendlog\fR +verifies that the server's certificate is valid and that it contains either +the server's host name or its IP address. +This setting is only supported when the connection to the remote log server +is secured with TLS. +.TP 12n +\fB\-p\fR, \fB\--port\fR +Use the specified network +\fIport\fR +when connecting to the log server instead of the +default, port 30344. +.TP 12n +\fB\-r\fR, \fB\--restart\fR +Restart an interrupted connection to the log server. +The specified +\fIrestart-point\fR +is used to tell the server the point in time at which to continue the log. +The +\fIrestart-point\fR +is specified in the form +\(lqseconds,nanoseconds\(rq +and is usually the last commit point received from the server. +The +\fB\-i\fR +option must also be specified when restarting a transfer. +.TP 12n +\fB\-R\fR, \fB\--reject\fR +Send a reject event for the command using the specified +\fIreject-reason\fR, +even though it was actually accepted locally. +This can be used to test the logging of reject events; no I/O +will be sent. +.TP 12n +\fB\-s\fR, \fB\--stop-after\fR +Stop sending log records and close the connection when +\fIstop-point\fR +is reached. +This can be used for testing purposes to send a partial I/O log to the server. +Partial logs can be restarted using the +\fB\-r\fR +option. +The +\fIstop-point\fR +is an elapsed time specified in the form +\(lqseconds,nanoseconds\(rq. +.TP 12n +\fB\-t\fR, \fB\--test\fR +Open +\fInumber\fR +simultaneous connections to the log server and send the specified +I/O log file on each one. +This option is useful for performance testing. +.TP 12n +\fB\-V\fR, \fB\--version\fR +Print the +\fBsudo_sendlog\fR +version and exit. +.SS "Debugging sendlog" +\fBsudo_sendlog\fR +supports a flexible debugging framework that is configured via +\fRDebug\fR +lines in the +sudo.conf(@mansectform@) +file. +.PP +For more information on configuring +sudo.conf(@mansectform@), +please refer to its manual. +.SH "FILES" +.TP 26n +\fI@sysconfdir@/sudo.conf\fR +Sudo front-end configuration +.SH "SEE ALSO" +sudo.conf(@mansectform@), +sudo(@mansectsu@), +sudo_logsrvd(@mansectsu@) +.SH "AUTHORS" +Many people have worked on +\fBsudo\fR +over the years; this version consists of code written primarily by: +.sp +.RS 6n +Todd C. Miller +.RE +.PP +See the CONTRIBUTORS file in the +\fBsudo\fR +distribution (https://www.sudo.ws/contributors.html) for an +exhaustive list of people who have contributed to +\fBsudo\fR. +.SH "BUGS" +If you feel you have found a bug in +\fBsudo_sendlog\fR, +please submit a bug report at https://bugzilla.sudo.ws/ +.SH "SUPPORT" +Limited free support is available via the sudo-users mailing list, +see https://www.sudo.ws/mailman/listinfo/sudo-users to subscribe or +search the archives. +.SH "DISCLAIMER" +\fBsudo_sendlog\fR +is provided +\(lqAS IS\(rq +and any express or implied warranties, including, but not limited +to, the implied warranties of merchantability and fitness for a +particular purpose are disclaimed. +See the LICENSE file distributed with +\fBsudo\fR +or https://www.sudo.ws/license.html for complete details. diff -Nru sudo-1.9.5p2/docs/sudo_sendlog.mdoc.in sudo-1.9.9/docs/sudo_sendlog.mdoc.in --- sudo-1.9.5p2/docs/sudo_sendlog.mdoc.in 1970-01-01 00:00:00.000000000 +0000 +++ sudo-1.9.9/docs/sudo_sendlog.mdoc.in 2022-01-27 21:24:22.000000000 +0000 @@ -0,0 +1,189 @@ +.\" +.\" SPDX-License-Identifier: ISC +.\" +.\" Copyright (c) 2019-2021 Todd C. Miller +.\" +.\" Permission to use, copy, modify, and distribute this software for any +.\" purpose with or without fee is hereby granted, provided that the above +.\" copyright notice and this permission notice appear in all copies. +.\" +.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES +.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF +.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR +.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES +.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN +.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF +.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. +.\" +.Dd September 17, 2021 +.Dt SUDO_SENDLOG @mansectsu@ +.Os Sudo @PACKAGE_VERSION@ +.Sh NAME +.Nm sudo_sendlog +.Nd send sudo I/O log to log server +.Sh SYNOPSIS +.Nm sudo_sendlog +.Op Fl AnV +.Op Fl b Ar ca_bundle +.Op Fl c Ar cert_file +.Op Fl h Ar host +.Op Fl i Ar iolog-id +.Op Fl k Ar key_file +.Op Fl p Ar port +.Op Fl r Ar restart-point +.Op Fl R Ar reject-reason +.Op Fl s Ar stop-point +.Op Fl t Ar number +.Ar path +.Sh DESCRIPTION +.Nm +can be used to send the existing +.Nm sudoers +I/O log +.Ar path +to a remote log server such as +.Xr sudo_logsrvd @mansectsu@ +for central storage. +.Pp +The options are as follows: +.Bl -tag -width Fl +.It Fl A , -accept-only +Only send the accept event, not the I/O associated with the log. +This can be used to test the logging of accept events without +any associated I/O. +.It Fl b , -ca-bundle +The path to a certificate authority bundle file, in PEM format, +to use instead of the system's default certificate authority database +when authenticating the log server. +The default is to use the system's default certificate authority database. +.It Fl c , -cert +The path to the client's certificate file in PEM format. +This setting is required when the connection to the remote log server +is secured with TLS. +.It Fl -help +Display a short help message to the standard output and exit. +.It Fl h , -host +Connect to the specified +.Ar host +instead of localhost. +.It Fl i , -iolog-id +Use the specified +.Ar iolog-id +when restarting a log transfer. +The +.Ar iolog-id +is reported by the server when it creates the remote I/O log. +This option may only be used in conjunction with the +.Fl r +option. +.It Fl k , -key +The path to the client's private key file in PEM format. +This setting is required when the connection to the remote log server +is secured with TLS. +.It Fl n , -no-verify +If specified, the server's certificate will not be verified during +the TLS handshake. +By default, +.Nm +verifies that the server's certificate is valid and that it contains either +the server's host name or its IP address. +This setting is only supported when the connection to the remote log server +is secured with TLS. +.It Fl p , -port +Use the specified network +.Ar port +when connecting to the log server instead of the +default, port 30344. +.It Fl r , -restart +Restart an interrupted connection to the log server. +The specified +.Ar restart-point +is used to tell the server the point in time at which to continue the log. +The +.Ar restart-point +is specified in the form +.Dq seconds,nanoseconds +and is usually the last commit point received from the server. +The +.Fl i +option must also be specified when restarting a transfer. +.It Fl R , -reject +Send a reject event for the command using the specified +.Ar reject-reason , +even though it was actually accepted locally. +This can be used to test the logging of reject events; no I/O +will be sent. +.It Fl s , -stop-after +Stop sending log records and close the connection when +.Ar stop-point +is reached. +This can be used for testing purposes to send a partial I/O log to the server. +Partial logs can be restarted using the +.Fl r +option. +The +.Ar stop-point +is an elapsed time specified in the form +.Dq seconds,nanoseconds . +.It Fl t , -test +Open +.Ar number +simultaneous connections to the log server and send the specified +I/O log file on each one. +This option is useful for performance testing. +.It Fl V , -version +Print the +.Nm +version and exit. +.El +.Ss Debugging sendlog +.Nm +supports a flexible debugging framework that is configured via +.Li Debug +lines in the +.Xr sudo.conf @mansectform@ +file. +.Pp +For more information on configuring +.Xr sudo.conf @mansectform@ , +please refer to its manual. +.Sh FILES +.Bl -tag -width 24n +.It Pa @sysconfdir@/sudo.conf +Sudo front-end configuration +.El +.Sh SEE ALSO +.Xr sudo.conf @mansectform@ , +.Xr sudo @mansectsu@ , +.Xr sudo_logsrvd @mansectsu@ +.Sh AUTHORS +Many people have worked on +.Nm sudo +over the years; this version consists of code written primarily by: +.Bd -ragged -offset indent +.An Todd C. Miller +.Ed +.Pp +See the CONTRIBUTORS file in the +.Nm sudo +distribution (https://www.sudo.ws/contributors.html) for an +exhaustive list of people who have contributed to +.Nm sudo . +.Sh BUGS +If you feel you have found a bug in +.Nm , +please submit a bug report at https://bugzilla.sudo.ws/ +.Sh SUPPORT +Limited free support is available via the sudo-users mailing list, +see https://www.sudo.ws/mailman/listinfo/sudo-users to subscribe or +search the archives. +.Sh DISCLAIMER +.Nm +is provided +.Dq AS IS +and any express or implied warranties, including, but not limited +to, the implied warranties of merchantability and fitness for a +particular purpose are disclaimed. +See the LICENSE file distributed with +.Nm sudo +or https://www.sudo.ws/license.html for complete details. diff -Nru sudo-1.9.5p2/docs/sudoers.ldap.man.in sudo-1.9.9/docs/sudoers.ldap.man.in --- sudo-1.9.5p2/docs/sudoers.ldap.man.in 1970-01-01 00:00:00.000000000 +0000 +++ sudo-1.9.9/docs/sudoers.ldap.man.in 2022-01-27 21:24:22.000000000 +0000 @@ -0,0 +1,1730 @@ +.\" Automatically generated from an mdoc input file. Do not edit. +.\" +.\" SPDX-License-Identifier: ISC +.\" +.\" Copyright (c) 2003-2022 Todd C. Miller +.\" +.\" Permission to use, copy, modify, and distribute this software for any +.\" purpose with or without fee is hereby granted, provided that the above +.\" copyright notice and this permission notice appear in all copies. +.\" +.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES +.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF +.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR +.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES +.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN +.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF +.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. +.\" +.TH "SUDOERS.LDAP" "@mansectform@" "January 27, 2022" "Sudo @PACKAGE_VERSION@" "File Formats Manual" +.nh +.if n .ad l +.SH "NAME" +\fBsudoers.ldap\fR +\- sudo LDAP configuration +.SH "DESCRIPTION" +In addition to the standard +\fIsudoers\fR +file, +\fBsudo\fR +may be configured +via LDAP. +This can be especially useful for synchronizing +\fIsudoers\fR +in a large, distributed environment. +.PP +Using LDAP for +\fIsudoers\fR +has several benefits: +.TP 3n +\fB\(bu\fR +\fBsudo\fR +no longer needs to read +\fIsudoers\fR +in its entirety. +When LDAP is used, there are only two or three LDAP queries per invocation. +This makes it especially fast and particularly usable in LDAP environments. +.TP 3n +\fB\(bu\fR +It is possible to specify per-entry options that override the global +default options. +\fI@sysconfdir@/sudoers\fR +only supports default options and limited options associated with +user/host/commands/aliases. +The syntax is complicated and can be difficult for users to understand. +Placing the options directly in the entry is more natural. +.TP 3n +\fB\(bu\fR +The +\fBvisudo\fR +program is no longer needed. +\fBvisudo\fR +provides locking and syntax checking of the +\fI@sysconfdir@/sudoers\fR +file. +Since LDAP updates are atomic, locking is no longer necessary. +Because syntax is checked when the data is inserted into LDAP, there +is no need for a specialized tool to check syntax. +.SS "SUDOers LDAP container" +The +\fIsudoers\fR +configuration is contained in the +\fRou=SUDOers\fR +LDAP container. +.PP +Sudo first looks for the +\fRcn=defaults\fR +entry in the SUDOers container. +If found, the multi-valued +\fRsudoOption\fR +attribute is parsed in the same manner as a global +\fRDefaults\fR +line in +\fI@sysconfdir@/sudoers\fR. +In the following example, the +\fRSSH_AUTH_SOCK\fR +variable will be preserved in the environment for all users. +.nf +.sp +.RS 4n +dn: cn=defaults,ou=SUDOers,dc=my-domain,dc=com +objectClass: top +objectClass: sudoRole +cn: defaults +description: Default sudoOption's go here +sudoOption: env_keep+=SSH_AUTH_SOCK +.RE +.fi +.PP +The equivalent of a sudoer in LDAP is a +\fRsudoRole\fR. +It consists of the following attributes: +.TP 6n +\fBsudoUser\fR +A user name, user-ID (prefixed with +\(oq#\(cq), +Unix group name or ID (prefixed with +\(oq%\(cq +or +\(oq%#\(cq +respectively), user netgroup (prefixed with +\(oq+\(cq), +or non-Unix group name or ID (prefixed with +\(oq%:\(cq +or +\(oq%:#\(cq +respectively). +User netgroups are matched using the user and domain members only; +the host member is not used when matching. +Non-Unix group support is only available when an appropriate +\fIgroup_plugin\fR +is defined in the global +\fIdefaults\fR +\fRsudoRole\fR +object. +If a +\fRsudoUser\fR +entry is preceded by an exclamation point, +\(oq\&!\(cq, +and the entry matches, the +\fRsudoRole\fR +in which it resides will be ignored. +Negated +\fRsudoUser\fR +entries are only supported by version 1.9.9 or higher. +.TP 6n +\fBsudoHost\fR +A host name, IP address, IP network, or host netgroup (prefixed with a +\(oq+\(cq). +The special value +\fRALL\fR +will match any host. +Host netgroups are matched using the host (both qualified and unqualified) +and domain members only; the user member is not used when matching. +If a +\fRsudoHost\fR +entry is preceded by an exclamation point, +\(oq\&!\(cq, +and the entry matches, the +\fRsudoRole\fR +in which it resides will be ignored. +Negated +\fRsudoHost\fR +entries are only supported by version 1.8.18 or higher. +.TP 6n +\fBsudoCommand\fR +A fully-qualified Unix command name with optional command line arguments, +potentially including globbing characters (aka wild cards). +If a command name is preceded by an exclamation point, +\(oq\&!\(cq, +the user will be prohibited from running that command. +.sp +The built-in command +\(lq\fRsudoedit\fR\(rq +is used to permit a user to run +\fBsudo\fR +with the +\fB\-e\fR +option (or as +\fBsudoedit\fR). +It may take command line arguments just as a normal command does. +Note that +\(lq\fRsudoedit\fR\(rq +is a command built into +\fBsudo\fR +itself and must be specified in without a leading path. +.sp +The special value +\fRALL\fR +will match any command. +.sp +If a command name is prefixed with a SHA-2 digest, it will +only be allowed if the digest matches. +This may be useful in situations where the user invoking +\fBsudo\fR +has write access to the command or its parent directory. +The following digest formats are supported: sha224, sha256, sha384, and sha512. +The digest name must be followed by a colon +(\(oq:\&\(cq) +and then the actual digest, in either hex or base64 format. +For example, given the following value for sudoCommand: +.nf +.sp +.RS 10n +sha224:0GomF8mNN3wlDt1HD9XldjJ3SNgpFdbjO1+NsQ /bin/ls +.RE +.fi +.RS 6n +.sp +The user may only run +\fI/bin/ls\fR +if its sha224 digest matches the specified value. +Command digests are only supported by version 1.8.7 or higher. +.RE +.TP 6n +\fBsudoOption\fR +Identical in function to the global options described above, but +specific to the +\fRsudoRole\fR +in which it resides. +.TP 6n +\fBsudoRunAsUser\fR +A user name or user-ID (prefixed with +\(oq#\(cq) +that commands may be run as or a Unix group (prefixed with a +\(oq%\(cq) +or user netgroup (prefixed with a +\(oq+\(cq) +that contains a list of users that commands may be run as. +The special value +\fRALL\fR +will match any user. +If a +\fRsudoRunAsUser\fR +entry is preceded by an exclamation point, +\(oq\&!\(cq, +and the entry matches, the +\fRsudoRole\fR +in which it resides will be ignored. +If +\fRsudoRunAsUser\fR +is specified but empty, it will match the invoking user. +If neither +\fRsudoRunAsUser\fR +nor +\fRsudoRunAsGroup\fR +are present, the value of the +\fIrunas_default\fR +\fRsudoOption\fR +is used (defaults to +\fR@runas_default@\fR). +.sp +The +\fRsudoRunAsUser\fR +attribute is only available in +\fBsudo\fR +versions +1.7.0 and higher. +Older versions of +\fBsudo\fR +use the +\fRsudoRunAs\fR +attribute instead. +Negated +\fRsudoRunAsUser\fR +entries are only supported by version 1.8.26 or higher. +.TP 6n +\fBsudoRunAsGroup\fR +A Unix group or group-ID (prefixed with +\(oq#\(cq) +that commands may be run as. +The special value +\fRALL\fR +will match any group. +If a +\fRsudoRunAsGroup\fR +entry is preceded by an exclamation point, +\(oq\&!\(cq, +and the entry matches, the +\fRsudoRole\fR +in which it resides will be ignored. +.sp +The +\fRsudoRunAsGroup\fR +attribute is only available in +\fBsudo\fR +versions +1.7.0 and higher. +Negated +\fRsudoRunAsGroup\fR +entries are only supported by version 1.8.26 or higher. +.TP 6n +\fBsudoNotBefore\fR +A timestamp in the form +\fRyyyymmddHHMMSSZ\fR +that can be used to provide a start date/time for when the +\fRsudoRole\fR +will be valid. +If multiple +\fRsudoNotBefore\fR +entries are present, the earliest is used. +Note that timestamps must be in Coordinated Universal Time (UTC), +not the local timezone. +The minute and seconds portions are optional, but some LDAP servers +require that they be present (contrary to the RFC). +.sp +The +\fRsudoNotBefore\fR +attribute is only available in +\fBsudo\fR +versions 1.7.5 and higher and must be explicitly enabled via the +\fBSUDOERS_TIMED\fR +option in +\fI@ldap_conf@\fR. +.TP 6n +\fBsudoNotAfter\fR +A timestamp in the form +\fRyyyymmddHHMMSSZ\fR +that indicates an expiration date/time, after which the +\fRsudoRole\fR +will no longer be valid. +If multiple +\fRsudoNotAfter\fR +entries are present, the last one is used. +Note that timestamps must be in Coordinated Universal Time (UTC), +not the local timezone. +The minute and seconds portions are optional, but some LDAP servers +require that they be present (contrary to the RFC). +.sp +The +\fRsudoNotAfter\fR +attribute is only available in +\fBsudo\fR +versions +1.7.5 and higher and must be explicitly enabled via the +\fBSUDOERS_TIMED\fR +option in +\fI@ldap_conf@\fR. +.TP 6n +\fBsudoOrder\fR +The +\fRsudoRole\fR +entries retrieved from the LDAP directory have no inherent order. +The +\fRsudoOrder\fR +attribute is an integer (or floating point value for LDAP servers +that support it) that is used to sort the matching entries. +This allows LDAP-based sudoers entries to more closely mimic the behavior +of the sudoers file, where the order of the entries influences the result. +If multiple entries match, the entry with the highest +\fRsudoOrder\fR +attribute is chosen. +This corresponds to the +\(lqlast match\(rq +behavior of the sudoers file. +If the +\fRsudoOrder\fR +attribute is not present, a value of 0 is assumed. +.sp +The +\fRsudoOrder\fR +attribute is only available in +\fBsudo\fR +versions 1.7.5 and higher. +.PP +Each attribute listed above should contain a single value, but there +may be multiple instances of each attribute type. +A +\fRsudoRole\fR +must contain at least one +\fRsudoUser\fR, +\fRsudoHost\fR, +and +\fRsudoCommand\fR. +.PP +The following example allows users in group wheel to run any command +on any host via +\fBsudo\fR: +.nf +.sp +.RS 4n +dn: cn=%wheel,ou=SUDOers,dc=my-domain,dc=com +objectClass: top +objectClass: sudoRole +cn: %wheel +sudoUser: %wheel +sudoHost: ALL +sudoCommand: ALL +.RE +.fi +.SS "Anatomy of LDAP sudoers lookup" +When looking up a sudoer using LDAP there are only two or three +LDAP queries per invocation. +The first query is to parse the global options. +The second is to match against the user's name and the groups that +the user belongs to. +(The special +\fRALL\fR +tag is matched in this query too.) +If no match is returned for the user's name and groups, a third +query returns all entries containing user netgroups and other +non-Unix groups and checks to see if the user belongs to any of them. +.PP +If timed entries are enabled with the +\fBSUDOERS_TIMED\fR +configuration directive, the LDAP queries include a sub-filter that +limits retrieval to entries that satisfy the time constraints, if any. +.PP +If the +\fBNETGROUP_BASE\fR +configuration directive is present (see +\fIConfiguring ldap.conf\fR +below), queries are performed to determine +the list of netgroups the user belongs to before the sudoers query. +This makes it possible to include netgroups in the sudoers query +string in the same manner as Unix groups. +The third query mentioned above is not performed unless a group provider +plugin is also configured. +The actual LDAP queries performed by +\fBsudo\fR +are as follows: +.TP 5n +1.\& +Match all +\fRnisNetgroup\fR +records with a +\fRnisNetgroupTriple\fR +containing the user, host, and NIS domain. +The query will match +\fRnisNetgroupTriple\fR +entries with either the short or long form of the host name or +no host name specified in the tuple. +If the NIS domain is set, the query will match only match entries +that include the domain or for which there is no domain present. +If the NIS domain is +\fInot\fR +set, a wildcard is used to match any domain name but be aware that the +NIS schema used by some LDAP servers may not support wild cards for +\fRnisNetgroupTriple\fR. +.TP 5n +2.\& +Repeated queries are performed to find any nested +\fRnisNetgroup\fR +records with a +\fRmemberNisNetgroup\fR +entry that refers to an already-matched record. +.PP +For sites with a large number of netgroups, using +\fBNETGROUP_BASE\fR +can significantly speed up +\fBsudo\fR's +execution time. +.SS "Differences between LDAP and non-LDAP sudoers" +One of the major differences between LDAP and file-based +\fIsudoers\fR +is that in LDAP, +\fBsudo\fR-specific +Aliases are not supported. +.PP +For the most part, there is little need for +\fBsudo\fR-specific +Aliases. +Unix groups, non-Unix groups (via the +\fIgroup_plugin\fR), +or user netgroups can be used in place of User_Aliases and Runas_Aliases. +Host netgroups can be used in place of Host_Aliases. +Since groups and netgroups can also be stored in LDAP there is no real need for +\fBsudo\fR-specific +aliases. +.PP +There are also some subtle differences in the way sudoers is handled +once in LDAP. +Probably the biggest is that according to the RFC, LDAP ordering +is arbitrary and you cannot expect that Attributes and Entries are +returned in any specific order. +.PP +The order in which different entries are applied can be controlled +using the +\fRsudoOrder\fR +attribute, but there is no way to guarantee the order of attributes +within a specific entry. +If there are conflicting command rules in an entry, the negative +takes precedence. +This is called paranoid behavior (not necessarily the most specific +match). +.PP +Here is an example: +.nf +.sp +.RS 4n +# /etc/sudoers: +# Allow all commands except shell +johnny ALL=(root) ALL,!/bin/sh +# Always allows all commands because ALL is matched last +puddles ALL=(root) !/bin/sh,ALL + +# LDAP equivalent of johnny +# Allows all commands except shell +dn: cn=role1,ou=Sudoers,dc=my-domain,dc=com +objectClass: sudoRole +objectClass: top +cn: role1 +sudoUser: johnny +sudoHost: ALL +sudoCommand: ALL +sudoCommand: !/bin/sh + +# LDAP equivalent of puddles +# Notice that even though ALL comes last, it still behaves like +# role1 since the LDAP code assumes the more paranoid configuration +dn: cn=role2,ou=Sudoers,dc=my-domain,dc=com +objectClass: sudoRole +objectClass: top +cn: role2 +sudoUser: puddles +sudoHost: ALL +sudoCommand: !/bin/sh +sudoCommand: ALL +.RE +.fi +.SS "Converting between file-based and LDAP sudoers" +The +cvtsudoers(1) +utility can be used to convert between file-based and LDAP +\fIsudoers\fR. +However, there are features in the file-based sudoers that have +no equivalent in LDAP-based sudoers (and vice versa). +These cannot be converted automatically. +.PP +For example, a Cmnd_Alias in a +\fIsudoers\fR +file may be converted to a +\fRsudoRole\fR +that contains multiple commands. +Multiple users and/or groups may be assigned to the +\fRsudoRole\fR. +.PP +Also, host, user, runas, and command-based +\fRDefaults\fR +entries are not supported. +However, a +\fRsudoRole\fR +may contain one or more +\fRsudoOption\fR +attributes which can often serve the same purpose. +.PP +Consider the following +\fIsudoers\fR +lines: +.nf +.sp +.RS 4n +Cmnd_Alias PAGERS = /usr/bin/more, /usr/bin/pg, /usr/bin/less +Defaults!PAGERS noexec +alice, bob ALL = ALL +.RE +.fi +.PP +In this example, alice and bob are allowed to run all commands, but +the commands listed in PAGERS will have the noexec flag set, +preventing shell escapes. +.PP +When converting this to LDAP, two sudoRole objects can be used: +.nf +.sp +.RS 4n +dn: cn=PAGERS,ou=SUDOers,dc=my-domain,dc=com +objectClass: top +objectClass: sudoRole +cn: PAGERS +sudoUser: alice +sudoUser: bob +sudoHost: ALL +sudoCommand: /usr/bin/more +sudoCommand: /usr/bin/pg +sudoCommand: /usr/bin/less +sudoOption: noexec +sudoOrder: 900 + +dn: cn=ADMINS,ou=SUDOers,dc=my-domain,dc=com +objectClass: top +objectClass: sudoRole +cn: ADMINS +sudoUser: alice +sudoUser: bob +sudoHost: ALL +sudoCommand: ALL +sudoOrder: 100 +.RE +.fi +.PP +In the LDAP version, the sudoOrder attribute is used to guarantee +that the PAGERS sudoRole with +\fInoexec\fR +has precedence. +Unlike the +\fIsudoers\fR +version, the LDAP version requires that all users for whom the restriction +should apply be assigned to the PAGERS sudoRole. +Using a Unix group or netgroup in PAGERS rather than listing each +user would make this easier to maintain. +.PP +Per-user +\fRDefaults\fR +entries can be emulated by using one or more sudoOption attributes +in a sudoRole. +Consider the following +\fIsudoers\fR +lines: +.nf +.sp +.RS 4n +User_Alias ADMINS = john, sally +Defaults:ADMINS !authenticate +ADMINS ALL = (ALL:ALL) ALL +.RE +.fi +.PP +In this example, john and sally are allowed to run any command +as any user or group. +.PP +When converting this to LDAP, we can use a Unix group instead +of the User_Alias. +.nf +.sp +.RS 4n +dn: cn=admins,ou=SUDOers,dc=my-domain,dc=com +objectClass: top +objectClass: sudoRole +cn: admins +sudoUser: %admin +sudoHost: ALL +sudoRunAsUser: ALL +sudoRunAsGroup: ALL +sudoCommand: ALL +sudoOption: !authenticate +.RE +.fi +.PP +This assumes that users john and sally are members of the +\(lqadmins\(rq +Unix group. +.SS "Sudoers schema" +In order to use +\fBsudo\fR's +LDAP support, the +\fBsudo\fR +schema must be +installed on your LDAP server. +In addition, be sure to index the +\fRsudoUser\fR +attribute. +.PP +The +\fBsudo\fR +distribution includes versions of the +\fBsudoers\fR +schema for multiple LDAP servers: +.TP 6n +\fIschema.OpenLDAP\fR +OpenLDAP slapd and +OpenBSD +ldapd +.TP 6n +\fIschema.olcSudo\fR +OpenLDAP slapd 2.3 and higher when on-line configuration is enabled +.TP 6n +\fIschema.iPlanet\fR +Netscape-derived servers such as the iPlanet, Oracle, +and 389 Directory Servers +.TP 6n +\fIschema.ActiveDirectory\fR +Microsoft Active Directory +.PP +The schema in OpenLDAP format is also included in the +\fIEXAMPLES\fR +section. +.SS "Configuring ldap.conf" +Sudo reads the +\fI@ldap_conf@\fR +file for LDAP-specific configuration. +Typically, this file is shared between different LDAP-aware clients. +As such, most of the settings are not +\fBsudo\fR-specific. +Note that +\fBsudo\fR +parses +\fI@ldap_conf@\fR +itself and may support options that differ from those described in the +system's +ldap.conf(@mansectform@) +manual. +The path to +\fIldap.conf\fR +may be overridden via the +\fIldap_conf\fR +plugin argument in +sudo.conf(@mansectform@). +.PP +Also note that on systems using the OpenLDAP libraries, default +values specified in +\fI/etc/openldap/ldap.conf\fR +or the user's +\fI.ldaprc\fR +files are not used. +.PP +\fBsudo\fR +supports a variety of LDAP library implementations, including +OpenLDAP, Netscape-derived (also used by Solaris and HP-UX), and +IBM LDAP (aka Tivoli). +Some options are specific to certain LDAP implementations or have +implementation-specific behavior. +These differences are noted below where applicable. +.PP +Only those options explicitly listed in +\fI@ldap_conf@\fR +as being supported by +\fBsudo\fR +are honored. +Configuration options are listed below in upper case but are parsed +in a case-independent manner. +.PP +Lines beginning with a pound sign +(\(oq#\(cq) +are ignored. +Leading white space is removed from the beginning of lines. +.TP 6n +\fBBIND_TIMELIMIT\fR \fIseconds\fR +The +\fBBIND_TIMELIMIT\fR +parameter specifies the amount of time, in seconds, to wait while trying +to connect to an LDAP server. +If multiple +\fBURI\fRs +or +\fBHOST\fRs +are specified, this is the amount of time to wait before trying +the next one in the list. +.TP 6n +\fBBINDDN\fR \fIDN\fR +The +\fBBINDDN\fR +parameter specifies the identity, in the form of a Distinguished Name (DN), +to use when performing LDAP operations. +If not specified, LDAP operations are performed with an anonymous identity. +By default, most LDAP servers will allow anonymous access. +.TP 6n +\fBBINDPW\fR \fIsecret\fR +The +\fBBINDPW\fR +parameter specifies the password to use when performing LDAP operations. +This is typically used in conjunction with the +\fBBINDDN\fR +parameter. +The +\fIsecret\fR +may be a plaintext password or a base64-encoded string with a +\(lqbase64:\(rq +prefix. +For example: +.nf +.sp +.RS 10n +BINDPW base64:dGVzdA== +.RE +.fi +.RS 6n +.sp +If a plaintext password is used, it should be a simple string without quotes. +Plain text passwords may not include the comment character +(\(oq#\(cq) +and the escaping of special characters with a backslash +(\(oq\e\(cq) +is not supported. +.RE +.TP 6n +\fBDEREF\fR \fInever/searching/finding/always\fR +How alias dereferencing is to be performed when searching. +See the +ldap.conf(@mansectform@) +manual for a full description of this option. +.TP 6n +\fBHOST\fR \fIname[:port] ...\fR +If no +\fBURI\fR +is specified (see below), the +\fBHOST\fR +parameter specifies a white space-delimited list of LDAP servers to connect to. +Each host may include an optional +\fIport\fR +separated by a colon +(\(oq:\&\(cq). +The +\fBHOST\fR +parameter is deprecated in favor of the +\fBURI\fR +specification and is included for backward compatibility only. +.TP 6n +\fBKRB5_CCNAME\fR \fIfile name\fR +The path to the Kerberos 5 credential cache to use when authenticating +with the remote server. +.sp +This option is only relevant when using SASL authentication (see below). +.TP 6n +\fBLDAP_VERSION\fR \fInumber\fR +The version of the LDAP protocol to use when connecting to the server. +The default value is protocol version 3. +.TP 6n +\fBNETGROUP_BASE\fR \fIbase\fR +The base DN to use when performing LDAP netgroup queries. +Typically this is of the form +\fRou=netgroup,dc=my-domain,dc=com\fR +for the domain +\fRmy-domain.com\fR. +Multiple +\fBNETGROUP_BASE\fR +lines may be specified, in which case they are queried in the order specified. +.sp +This option can be used to query a user's netgroups directly via LDAP +which is usually faster than fetching every +\fRsudoRole\fR +object containing a +\fRsudoUser\fR +that begins with a +\(oq+\(cq +prefix. +The NIS schema used by some LDAP servers need a modification to +support querying the +\fRnisNetgroup\fR +object by its +\fRnisNetgroupTriple\fR +member. +OpenLDAP's +\fBslapd\fR +requires the following change to the +\fRnisNetgroupTriple\fR +attribute: +.nf +.sp +.RS 10n +attributetype ( 1.3.6.1.1.1.1.14 NAME 'nisNetgroupTriple' + DESC 'Netgroup triple' + EQUALITY caseIgnoreIA5Match + SUBSTR caseIgnoreIA5SubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) +.RE +.fi +.TP 6n +\fBNETGROUP_SEARCH_FILTER\fR \fIldap_filter\fR +An LDAP filter which is used to restrict the set of records returned +when performing an LDAP netgroup query. +Typically, this is of the +form +\fRattribute=value\fR +or +\fR(&(attribute=value)(attribute2=value2))\fR. +The default search filter is: +\fRobjectClass=nisNetgroup\fR. +If +\fIldap_filter\fR +is omitted, no search filter will be used. +.sp +This option is only used when querying netgroups directly via LDAP. +.TP 6n +\fBNETWORK_TIMEOUT\fR \fIseconds\fR +An alias for +\fBBIND_TIMELIMIT\fR +provided for OpenLDAP compatibility. +.TP 6n +\fBPORT\fR \fIport_number\fR +If no +\fBURI\fR +is specified, the +\fBPORT\fR +parameter specifies the default port to connect to on the LDAP server if a +\fBHOST\fR +parameter does not specify the port itself. +If no +\fBPORT\fR +parameter is used, the default is port 389 for LDAP and port 636 for LDAP +over TLS (SSL). +The +\fBPORT\fR +parameter is deprecated in favor of the +\fBURI\fR +specification and is included for backward compatibility only. +.TP 6n +\fBROOTBINDDN\fR \fIDN\fR +The +\fBROOTBINDDN\fR +parameter specifies the identity, in the form of a Distinguished Name (DN), +to use when performing privileged LDAP operations, such as +\fIsudoers\fR +queries. +The password corresponding to the identity should be stored in the +or the path specified by the +\fIldap_secret\fR +plugin argument in +sudo.conf(@mansectform@), +which defaults to +\fI@ldap_secret@\fR. +If no +\fBROOTBINDDN\fR +is specified, the +\fBBINDDN\fR +identity is used (if any). +.TP 6n +\fBROOTUSE_SASL\fR \fIon/true/yes/off/false/no\fR +Enable +\fBROOTUSE_SASL\fR +to enable SASL authentication when connecting +to an LDAP server from a privileged process, such as +\fBsudo\fR. +.TP 6n +\fBSASL_AUTH_ID\fR \fIidentity\fR +The SASL user name to use when connecting to the LDAP server. +By default, +\fBsudo\fR +will use an anonymous connection. +.sp +This option is only relevant when using SASL authentication. +.TP 6n +\fBSASL_MECH\fR \fImechanisms\fR +A white space-delimited list of SASL authentication mechanisms to use. +By default, +\fBsudo\fR +will use +\fRGSSAPI\fR +authentication. +.TP 6n +\fBSASL_SECPROPS\fR \fInone/properties\fR +SASL security properties or +\fInone\fR +for no properties. +See the SASL programmer's manual for details. +.sp +This option is only relevant when using SASL authentication. +.TP 6n +\fBSSL\fR \fIon/true/yes/off/false/no\fR +If the +\fBSSL\fR +parameter is set to +\fRon\fR, +\fRtrue\fR, +or +\fRyes\fR +TLS (SSL) encryption is always used when communicating with the LDAP server. +Typically, this involves connecting to the server on port 636 (ldaps). +.TP 6n +\fBSSL\fR \fIstart_tls\fR +If the +\fBSSL\fR +parameter is set to +\fRstart_tls\fR, +the LDAP server connection is initiated normally and TLS encryption is +begun before the bind credentials are sent. +This has the advantage of not requiring a dedicated port for encrypted +communications. +This parameter is only supported by LDAP servers that honor the +\fIstart_tls\fR +extension, such as the OpenLDAP and IBM Tivoli Directory servers. +.TP 6n +\fBSUDOERS_BASE\fR \fIbase\fR +The base DN to use when performing +\fBsudo\fR +LDAP queries. +Typically this is of the form +\fRou=SUDOers,dc=my-domain,dc=com\fR +for the domain +\fRmy-domain.com\fR. +Multiple +\fBSUDOERS_BASE\fR +lines may be specified, in which case they are queried in the order specified. +.TP 6n +\fBSUDOERS_DEBUG\fR \fIdebug_level\fR +This sets the debug level for +\fBsudo\fR +LDAP queries. +Debugging information is printed to the standard error. +A value of 1 results in a moderate amount of debugging information. +A value of 2 shows the results of the matches themselves. +This parameter should not be set in a production environment as the +extra information is likely to confuse users. +.sp +The +\fBSUDOERS_DEBUG\fR +parameter is deprecated and will be removed in a future release. +The same information is now logged via the +\fBsudo\fR +debugging framework using the +\(lqldap\(rq +subsystem at priorities +\fIdiag\fR +and +\fIinfo\fR +for +\fIdebug_level\fR +values 1 and 2 respectively. +See the +sudo.conf(@mansectform@) +manual for details on how to configure +\fBsudo\fR +debugging. +.TP 6n +\fBSUDOERS_SEARCH_FILTER\fR \fIldap_filter\fR +An LDAP filter which is used to restrict the set of records returned +when performing a +\fBsudo\fR +LDAP query. +Typically, this is of the +form +\fRattribute=value\fR +or +\fR(&(attribute=value)(attribute2=value2))\fR. +The default search filter is: +\fRobjectClass=sudoRole\fR. +If +\fIldap_filter\fR +is omitted, no search filter will be used. +.TP 6n +\fBSUDOERS_TIMED\fR \fIon/true/yes/off/false/no\fR +Whether or not to evaluate the +\fRsudoNotBefore\fR +and +\fRsudoNotAfter\fR +attributes that implement time-dependent sudoers entries. +.TP 6n +\fBTIMELIMIT\fR \fIseconds\fR +The +\fBTIMELIMIT\fR +parameter specifies the amount of time, in seconds, to wait for a +response to an LDAP query. +.TP 6n +\fBTIMEOUT\fR \fIseconds\fR +The +\fBTIMEOUT\fR +parameter specifies the amount of time, in seconds, to wait for a +response from the various LDAP APIs. +.TP 6n +\fBTLS_CACERT\fR \fIfile name\fR +An alias for +\fBTLS_CACERTFILE\fR +for OpenLDAP compatibility. +.TP 6n +\fBTLS_CACERTFILE\fR \fIfile name\fR +The path to a certificate authority bundle which contains the certificates +for all the Certificate Authorities the client knows to be valid, e.g., +\fI/etc/ssl/ca-bundle.pem\fR. +.sp +This option is only supported by the OpenLDAP libraries. +Netscape-derived LDAP libraries use the same certificate +database for CA and client certificates (see +\fBTLS_CERT\fR). +.TP 6n +\fBTLS_CACERTDIR\fR \fIdirectory\fR +Similar to +\fBTLS_CACERTFILE\fR +but instead of a file, it is a directory containing individual +Certificate Authority certificates, e.g., +\fI/etc/ssl/certs\fR. +The directory specified by +\fBTLS_CACERTDIR\fR +is checked after +\fBTLS_CACERTFILE\fR. +.sp +This option is only supported by the OpenLDAP libraries. +.TP 6n +\fBTLS_CERT\fR \fIfile name\fR +The path to a file containing the client certificate which can +be used to authenticate the client to the LDAP server. +The certificate type depends on the LDAP libraries used. +.PP +.RS 6n +.PD 0 +.TP 6n +OpenLDAP: +\fRtls_cert /etc/ssl/client_cert.pem\fR +.PD +.TP 6n +Netscape-derived: +\fRtls_cert /var/ldap/cert7.db\fR +.TP 6n +IBM LDAP: +Unused, the key database specified by +\fBTLS_KEY\fR +contains both keys and certificates. +.PP +When using Netscape-derived libraries, this file may also contain +Certificate Authority certificates. +.RE +.TP 6n +\fBTLS_CHECKPEER\fR \fIon/true/yes/off/false/no\fR +If enabled, +\fBTLS_CHECKPEER\fR +will cause the LDAP server's TLS certificated to be verified. +If the server's TLS certificate cannot be verified (usually because it +is signed by an unknown certificate authority), +\fBsudo\fR +will be unable to connect to it. +If +\fBTLS_CHECKPEER\fR +is disabled, no check is made. +Note that disabling the check creates an opportunity for man-in-the-middle +attacks since the server's identity will not be authenticated. +If possible, the CA's certificate should be installed locally so it can +be verified. +.sp +This option is not supported by the IBM LDAP libraries. +.TP 6n +\fBTLS_KEY\fR \fIfile name\fR +The path to a file containing the private key which matches the +certificate specified by +\fBTLS_CERT\fR. +The private key must not be password-protected. +The key type depends on the LDAP libraries used. +.PP +.RS 6n +.PD 0 +.TP 6n +OpenLDAP: +\fRtls_key /etc/ssl/client_key.pem\fR +.PD +.TP 6n +Netscape-derived: +\fRtls_key /var/ldap/key3.db\fR +.TP 6n +IBM LDAP: +\fRtls_key /usr/ldap/ldapkey.kdb\fR +.PP +When using IBM LDAP libraries, this file may also contain +Certificate Authority and client certificates and may be encrypted. +.RE +.TP 6n +\fBTLS_CIPHERS\fR \fIcipher list\fR +The +\fBTLS_CIPHERS\fR +parameter allows the administer to restrict which encryption algorithms +may be used for TLS (SSL) connections. +See the OpenLDAP or IBM Tivoli Directory Server manual for a list of valid +ciphers. +.sp +This option is not supported by Netscape-derived libraries. +.TP 6n +\fBTLS_KEYPW\fR \fIsecret\fR +The +\fBTLS_KEYPW\fR +contains the password used to decrypt the key database on clients +using the IBM LDAP library. +The +\fIsecret\fR +may be a plaintext password or a base64-encoded string with a +\(lqbase64:\(rq +prefix. +For example: +.nf +.sp +.RS 10n +TLS_KEYPW base64:dGVzdA== +.RE +.fi +.RS 6n +.sp +If a plaintext password is used, it should be a simple string without quotes. +Plain text passwords may not include the comment character +(\(oq#\(cq) +and the escaping of special characters with a backslash +(\(oq\e\(cq) +is not supported. +If this option is used, +\fI@ldap_conf@\fR +must not be world-readable to avoid exposing the password. +Alternately, a +\fIstash file\fR +can be used to store the password in encrypted form (see below). +.sp +If no +\fBTLS_KEYPW\fR +is specified, a +\fIstash file\fR +will be used if it exists. +The +\fIstash file\fR +must have the same path as the file specified by +\fBTLS_KEY\fR, +but use a +\fR.sth\fR +file extension instead of +\fR.kdb\fR, +e.g., +\fRldapkey.sth\fR. +The default +\fRldapkey.kdb\fR +that ships with the IBM Tivoli Directory Server is encrypted with the password +\fRssl_password\fR. +The +\fIgsk8capicmd\fR +utility can be used to manage the key database and create a +\fIstash file\fR. +.sp +This option is only supported by the IBM LDAP libraries. +.RE +.TP 6n +\fBTLS_REQCERT\fR \fIlevel\fR +The +\fBTLS_REQCERT\fR +parameter controls how the LDAP server's TLS certificated will be +verified (if at all). +If the server's TLS certificate cannot be verified (usually because it +is signed by an unknown certificate authority), +\fBsudo\fR +will be unable to connect to it. +The following +\fIlevel\fR +values are supported: +.RS 10n +.TP 10n +never +The server certificate will not be requested or checked. +.TP 10n +allow +The server certificate will be requested. +A missing or invalid certificate is ignored and not considered an error. +.TP 10n +try +The server certificate will be requested. +A missing certificate is ignored but an invalid certificate will +result in a connection error. +.TP 10n +demand | \fIhard\fR +The server certificate will be requested. +A missing or invalid certificate will result in a connection error. +This is the default behavior. +.RE +.RS 6n +.sp +This option is only supported by the OpenLDAP libraries. +Other LDAP libraries only support the +\fBTLS_CHECKPEER\fR +parameter. +.RE +.TP 6n +\fBTLS_RANDFILE\fR \fIfile name\fR +The +\fBTLS_RANDFILE\fR +parameter specifies the path to an entropy source for systems that lack +a random device. +It is generally used in conjunction with +\fIprngd\fR +or +\fIegd\fR. +.sp +This option is only supported by the OpenLDAP libraries. +.TP 6n +\fBURI\fR \fIldap[s]://[hostname[:port]] ...\fR +Specifies a white space-delimited list of one or more URIs describing +the LDAP server(s) to connect to. +The +\fIprotocol\fR +may be either +\fIldap\fR +\fIldaps\fR, +the latter being for servers that support TLS (SSL) encryption. +If no +\fIport\fR +is specified, the default is port 389 for +\fRldap://\fR +or port 636 for +\fRldaps://\fR. +If no +\fIhostname\fR +is specified, +\fBsudo\fR +will connect to +\fIlocalhost\fR. +Multiple +\fBURI\fR +lines are treated identically to a +\fBURI\fR +line containing multiple entries. +Only systems using the OpenSSL libraries support the mixing of +\fRldap://\fR +and +\fRldaps://\fR +URIs. +Both the Netscape-derived and IBM LDAP libraries used on most commercial +versions of Unix are only capable of supporting one or the other. +.TP 6n +\fBUSE_SASL\fR \fIon/true/yes/off/false/no\fR +Enable +\fBUSE_SASL\fR +for LDAP servers that support SASL authentication. +.TP 6n +\fBROOTSASL_AUTH_ID\fR \fIidentity\fR +The SASL user name to use when +\fBROOTUSE_SASL\fR +is enabled. +.PP +See the +\fIldap.conf\fR +entry in the +\fIEXAMPLES\fR +section. +.SS "Configuring nsswitch.conf" +Unless it is disabled at build time, +\fBsudo\fR +consults the Name Service Switch file, +\fI@nsswitch_conf@\fR, +to specify the +\fIsudoers\fR +search order. +Sudo looks for a line beginning with +\fRsudoers\fR: +and uses this to determine the search order. +Note that by default, +\fBsudo\fR +does not stop searching after the first match and later matches take +precedence over earlier ones (unless +\fR[SUCCESS=return]\fR +is used, see below). +The following sources are recognized: +.PP +.RS 4n +.PD 0 +.TP 10n +files +read sudoers from +\fI@sysconfdir@/sudoers\fR +.TP 10n +ldap +read sudoers from LDAP +.RE +.PD +.PP +In addition, a subset of +\fInsswitch.conf\fR-style +action statements is supported, specifically +\fR[SUCCESS=return]\fR +and +\fR[NOTFOUND=return]\fR. +These will unconditionally terminate the search if the user was either +found +(\fR[SUCCESS=return]\fR) +or not found +(\fR[NOTFOUND=return]\fR) +in the immediately preceding source. +Other action statements tokens are not supported, nor is test +negation with +\(oq\&!\(cq. +.PP +To consult LDAP first followed by the local sudoers file (if it +exists), use: +.nf +.sp +.RS 4n +sudoers: ldap files +.RE +.fi +.PP +To consult LDAP only when no match is found in the local sudoers +file (if it exists), use: +.nf +.sp +.RS 4n +sudoers: files [SUCCESS=return] ldap +.RE +.fi +.PP +The local +\fIsudoers\fR +file can be ignored completely by using: +.nf +.sp +.RS 4n +sudoers: ldap +.RE +.fi +.PP +If the +\fI@nsswitch_conf@\fR +file is not present or there is no sudoers line, the following +default is assumed: +.nf +.sp +.RS 4n +sudoers: files +.RE +.fi +.PP +Note that +\fI@nsswitch_conf@\fR +is supported even when the underlying operating system does not use +an nsswitch.conf file, except on AIX (see below). +.SS "Configuring netsvc.conf" +On AIX systems, the +\fI@netsvc_conf@\fR +file is consulted instead of +\fI@nsswitch_conf@\fR. +\fBsudo\fR +simply treats +\fInetsvc.conf\fR +as a variant of +\fInsswitch.conf\fR; +information in the previous section unrelated to the file format +itself still applies. +.PP +To consult LDAP first followed by the local sudoers file (if it +exists), use: +.nf +.sp +.RS 4n +sudoers = ldap, files +.RE +.fi +.PP +The local +\fIsudoers\fR +file can be ignored completely by using: +.nf +.sp +.RS 4n +sudoers = ldap +.RE +.fi +.PP +To treat LDAP as authoritative and only use the local sudoers file +if the user is not present in LDAP, use: +.nf +.sp +.RS 4n +sudoers = ldap = auth, files +.RE +.fi +.PP +Note that in the above example, the +\fRauth\fR +qualifier only affects user lookups; both LDAP and +\fIsudoers\fR +will be queried for +\fRDefaults\fR +entries. +.PP +If the +\fI@netsvc_conf@\fR +file is not present or there is no sudoers line, the following +default is assumed: +.nf +.sp +.RS 4n +sudoers = files +.RE +.fi +.SS "Integration with sssd" +On systems with the +\fISystem Security Services Daemon\fR +(SSSD) and where +\fBsudo\fR +has been built with SSSD support, +it is possible to use SSSD to cache LDAP +\fIsudoers\fR +rules. +To use SSSD as the +\fIsudoers\fR +source, you should use +\fRsss\fR +instead of +\fRldap\fR +for the sudoers entry in +\fI@nsswitch_conf@\fR. +Note that the +\fI@ldap_conf@\fR +file is not used by the SSSD +\fBsudo\fR +back end. +Please see +sssd-sudo(@mansectform@) +for more information on configuring +\fBsudo\fR +to work with SSSD. +.SH "FILES" +.TP 26n +\fI@ldap_conf@\fR +LDAP configuration file +.TP 26n +\fI@nsswitch_conf@\fR +determines sudoers source order +.TP 26n +\fI@netsvc_conf@\fR +determines sudoers source order on AIX +.SH "EXAMPLES" +.SS "Example ldap.conf" +.nf +.RS 2n +# Either specify one or more URIs or one or more host:port pairs. +# If neither is specified sudo will default to localhost, port 389. +# +#host ldapserver +#host ldapserver1 ldapserver2:390 +# +# Default port if host is specified without one, defaults to 389. +#port 389 +# +# URI will override the host and port settings. +uri ldap://ldapserver +#uri ldaps://secureldapserver +#uri ldaps://secureldapserver ldap://ldapserver +# +# The amount of time, in seconds, to wait while trying to connect to +# an LDAP server. +bind_timelimit 30 +# +# The amount of time, in seconds, to wait while performing an LDAP query. +timelimit 30 +# +# Must be set or sudo will ignore LDAP; may be specified multiple times. +sudoers_base ou=SUDOers,dc=my-domain,dc=com +# +# verbose sudoers matching from ldap +#sudoers_debug 2 +# +# Enable support for time-based entries in sudoers. +#sudoers_timed yes +# +# optional proxy credentials +#binddn +#bindpw +#rootbinddn +# +# LDAP protocol version, defaults to 3 +#ldap_version 3 +# +# Define if you want to use an encrypted LDAP connection. +# Typically, you must also set the port to 636 (ldaps). +#ssl on +# +# Define if you want to use port 389 and switch to +# encryption before the bind credentials are sent. +# Only supported by LDAP servers that support the start_tls +# extension such as OpenLDAP. +#ssl start_tls +# +# Additional TLS options follow that allow tweaking of the +# SSL/TLS connection. +# +#tls_checkpeer yes # verify server SSL certificate +#tls_checkpeer no # ignore server SSL certificate +# +# If you enable tls_checkpeer, specify either tls_cacertfile +# or tls_cacertdir. Only supported when using OpenLDAP. +# +#tls_cacertfile /etc/certs/trusted_signers.pem +#tls_cacertdir /etc/certs +# +# For systems that don't have /dev/random +# use this along with PRNGD or EGD.pl to seed the +# random number pool to generate cryptographic session keys. +# Only supported when using OpenLDAP. +# +#tls_randfile /etc/egd-pool +# +# You may restrict which ciphers are used. Consult your SSL +# documentation for which options go here. +# Only supported when using OpenLDAP. +# +#tls_ciphers +# +# Sudo can provide a client certificate when communicating to +# the LDAP server. +# Tips: +# * Enable both lines at the same time. +# * Do not password protect the key file. +# * Ensure the keyfile is only readable by root. +# +# For OpenLDAP: +#tls_cert /etc/certs/client_cert.pem +#tls_key /etc/certs/client_key.pem +# +# For Netscape-derived LDAP, tls_cert and tls_key may specify either +# a directory, in which case the files in the directory must have the +# default names (e.g., cert8.db and key4.db), or the path to the cert +# and key files themselves. However, a bug in version 5.0 of the LDAP +# SDK will prevent specific file names from working. For this reason +# it is suggested that tls_cert and tls_key be set to a directory, +# not a file name. +# +# The certificate database specified by tls_cert may contain CA certs +# and/or the client's cert. If the client's cert is included, tls_key +# should be specified as well. +# For backward compatibility, "sslpath" may be used in place of tls_cert. +#tls_cert /var/ldap +#tls_key /var/ldap +# +# If using SASL authentication for LDAP (OpenSSL) +# use_sasl yes +# sasl_auth_id +# rootuse_sasl yes +# rootsasl_auth_id +# sasl_secprops none +# krb5_ccname /etc/.ldapcache +.RE +.fi +.SS "Sudoers schema for OpenLDAP" +The following schema, in OpenLDAP format, is included with +\fBsudo\fR +source and binary distributions as +\fIschema.OpenLDAP\fR. +Simply copy +it to the schema directory (e.g., +\fI/etc/openldap/schema\fR), +add the proper +\fRinclude\fR +line in +\fIslapd.conf\fR +and restart +\fBslapd\fR. +Sites using the optional on-line configuration supported by OpenLDAP 2.3 +and higher should apply the +\fIschema.olcSudo\fR +file instead. +.nf +.sp +.RS 2n +attributetype ( 1.3.6.1.4.1.15953.9.1.1 + NAME 'sudoUser' + DESC 'User(s) who may run sudo' + EQUALITY caseExactIA5Match + SUBSTR caseExactIA5SubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) + +attributetype ( 1.3.6.1.4.1.15953.9.1.2 + NAME 'sudoHost' + DESC 'Host(s) who may run sudo' + EQUALITY caseExactIA5Match + SUBSTR caseExactIA5SubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) + +attributetype ( 1.3.6.1.4.1.15953.9.1.3 + NAME 'sudoCommand' + DESC 'Command(s) to be executed by sudo' + EQUALITY caseExactIA5Match + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) + +attributetype ( 1.3.6.1.4.1.15953.9.1.4 + NAME 'sudoRunAs' + DESC 'User(s) impersonated by sudo' + EQUALITY caseExactIA5Match + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) + +attributetype ( 1.3.6.1.4.1.15953.9.1.5 + NAME 'sudoOption' + DESC 'Options(s) followed by sudo' + EQUALITY caseExactIA5Match + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) + +attributetype ( 1.3.6.1.4.1.15953.9.1.6 + NAME 'sudoRunAsUser' + DESC 'User(s) impersonated by sudo' + EQUALITY caseExactIA5Match + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) + +attributetype ( 1.3.6.1.4.1.15953.9.1.7 + NAME 'sudoRunAsGroup' + DESC 'Group(s) impersonated by sudo' + EQUALITY caseExactIA5Match + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) + +attributetype ( 1.3.6.1.4.1.15953.9.1.8 + NAME 'sudoNotBefore' + DESC 'Start of time interval for which the entry is valid' + EQUALITY generalizedTimeMatch + ORDERING generalizedTimeOrderingMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.24 ) + +attributetype ( 1.3.6.1.4.1.15953.9.1.9 + NAME 'sudoNotAfter' + DESC 'End of time interval for which the entry is valid' + EQUALITY generalizedTimeMatch + ORDERING generalizedTimeOrderingMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.24 ) + +attributetype ( 1.3.6.1.4.1.15953.9.1.10 + NAME 'sudoOrder' + DESC 'an integer to order the sudoRole entries' + EQUALITY integerMatch + ORDERING integerOrderingMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 ) + +objectclass ( 1.3.6.1.4.1.15953.9.2.1 NAME 'sudoRole' SUP top STRUCTURAL + DESC 'Sudoer Entries' + MUST ( cn ) + MAY ( sudoUser $ sudoHost $ sudoCommand $ sudoRunAs $ sudoRunAsUser $ + sudoRunAsGroup $ sudoOption $ sudoNotBefore $ sudoNotAfter $ + sudoOrder $ description ) + ) +.RE +.fi +.SH "SEE ALSO" +cvtsudoers(1), +ldap.conf(@mansectform@), +sssd-sudo(@mansectform@), +sudo.conf(@mansectform@), +sudoers(@mansectform@) +.SH "AUTHORS" +Many people have worked on +\fBsudo\fR +over the years; this version consists of code written primarily by: +.sp +.RS 6n +Todd C. Miller +.RE +.PP +See the CONTRIBUTORS file in the +\fBsudo\fR +distribution (https://www.sudo.ws/contributors.html) for an +exhaustive list of people who have contributed to +\fBsudo\fR. +.SH "CAVEATS" +Note that there are differences in the way that LDAP-based +\fIsudoers\fR +is parsed compared to file-based +\fIsudoers\fR. +See the +\fIDifferences between LDAP and non-LDAP sudoers\fR +section for more information. +.SH "BUGS" +If you feel you have found a bug in +\fBsudo\fR, +please submit a bug report at https://bugzilla.sudo.ws/ +.SH "SUPPORT" +Limited free support is available via the sudo-users mailing list, +see https://www.sudo.ws/mailman/listinfo/sudo-users to subscribe or +search the archives. +.SH "DISCLAIMER" +\fBsudo\fR +is provided +\(lqAS IS\(rq +and any express or implied warranties, including, but not limited +to, the implied warranties of merchantability and fitness for a +particular purpose are disclaimed. +See the LICENSE file distributed with +\fBsudo\fR +or https://www.sudo.ws/license.html for complete details. diff -Nru sudo-1.9.5p2/docs/sudoers.ldap.mdoc.in sudo-1.9.9/docs/sudoers.ldap.mdoc.in --- sudo-1.9.5p2/docs/sudoers.ldap.mdoc.in 1970-01-01 00:00:00.000000000 +0000 +++ sudo-1.9.9/docs/sudoers.ldap.mdoc.in 2022-01-27 21:24:22.000000000 +0000 @@ -0,0 +1,1592 @@ +.\" +.\" SPDX-License-Identifier: ISC +.\" +.\" Copyright (c) 2003-2022 Todd C. Miller +.\" +.\" Permission to use, copy, modify, and distribute this software for any +.\" purpose with or without fee is hereby granted, provided that the above +.\" copyright notice and this permission notice appear in all copies. +.\" +.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES +.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF +.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR +.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES +.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN +.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF +.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. +.\" +.Dd January 27, 2022 +.Dt SUDOERS.LDAP @mansectform@ +.Os Sudo @PACKAGE_VERSION@ +.Sh NAME +.Nm sudoers.ldap +.Nd sudo LDAP configuration +.Sh DESCRIPTION +In addition to the standard +.Em sudoers +file, +.Nm sudo +may be configured +via LDAP. +This can be especially useful for synchronizing +.Em sudoers +in a large, distributed environment. +.Pp +Using LDAP for +.Em sudoers +has several benefits: +.Bl -bullet -width 1n +.It +.Nm sudo +no longer needs to read +.Em sudoers +in its entirety. +When LDAP is used, there are only two or three LDAP queries per invocation. +This makes it especially fast and particularly usable in LDAP environments. +.It +It is possible to specify per-entry options that override the global +default options. +.Pa @sysconfdir@/sudoers +only supports default options and limited options associated with +user/host/commands/aliases. +The syntax is complicated and can be difficult for users to understand. +Placing the options directly in the entry is more natural. +.It +The +.Nm visudo +program is no longer needed. +.Nm visudo +provides locking and syntax checking of the +.Pa @sysconfdir@/sudoers +file. +Since LDAP updates are atomic, locking is no longer necessary. +Because syntax is checked when the data is inserted into LDAP, there +is no need for a specialized tool to check syntax. +.El +.Ss SUDOers LDAP container +The +.Em sudoers +configuration is contained in the +.Li ou=SUDOers +LDAP container. +.Pp +Sudo first looks for the +.Li cn=defaults +entry in the SUDOers container. +If found, the multi-valued +.Li sudoOption +attribute is parsed in the same manner as a global +.Li Defaults +line in +.Pa @sysconfdir@/sudoers . +In the following example, the +.Ev SSH_AUTH_SOCK +variable will be preserved in the environment for all users. +.Bd -literal -offset 4n +dn: cn=defaults,ou=SUDOers,dc=my-domain,dc=com +objectClass: top +objectClass: sudoRole +cn: defaults +description: Default sudoOption's go here +sudoOption: env_keep+=SSH_AUTH_SOCK +.Ed +.Pp +The equivalent of a sudoer in LDAP is a +.Li sudoRole . +It consists of the following attributes: +.Bl -tag -width 4n +.It Sy sudoUser +A user name, user-ID (prefixed with +.Ql # ) , +Unix group name or ID (prefixed with +.Ql % +or +.Ql %# +respectively), user netgroup (prefixed with +.Ql + ) , +or non-Unix group name or ID (prefixed with +.Ql %: +or +.Ql %:# +respectively). +User netgroups are matched using the user and domain members only; +the host member is not used when matching. +Non-Unix group support is only available when an appropriate +.Em group_plugin +is defined in the global +.Em defaults +.Li sudoRole +object. +If a +.Li sudoUser +entry is preceded by an exclamation point, +.Ql \&! , +and the entry matches, the +.Li sudoRole +in which it resides will be ignored. +Negated +.Li sudoUser +entries are only supported by version 1.9.9 or higher. +.It Sy sudoHost +A host name, IP address, IP network, or host netgroup (prefixed with a +.Ql + ) . +The special value +.Li ALL +will match any host. +Host netgroups are matched using the host (both qualified and unqualified) +and domain members only; the user member is not used when matching. +If a +.Li sudoHost +entry is preceded by an exclamation point, +.Ql \&! , +and the entry matches, the +.Li sudoRole +in which it resides will be ignored. +Negated +.Li sudoHost +entries are only supported by version 1.8.18 or higher. +.It Sy sudoCommand +A fully-qualified Unix command name with optional command line arguments, +potentially including globbing characters (aka wild cards). +If a command name is preceded by an exclamation point, +.Ql \&! , +the user will be prohibited from running that command. +.Pp +The built-in command +.Dq Li sudoedit +is used to permit a user to run +.Nm sudo +with the +.Fl e +option (or as +.Nm sudoedit ) . +It may take command line arguments just as a normal command does. +Note that +.Dq Li sudoedit +is a command built into +.Nm sudo +itself and must be specified in without a leading path. +.Pp +The special value +.Li ALL +will match any command. +.Pp +If a command name is prefixed with a SHA-2 digest, it will +only be allowed if the digest matches. +This may be useful in situations where the user invoking +.Nm sudo +has write access to the command or its parent directory. +The following digest formats are supported: sha224, sha256, sha384, and sha512. +The digest name must be followed by a colon +.Pq Ql :\& +and then the actual digest, in either hex or base64 format. +For example, given the following value for sudoCommand: +.Bd -literal -offset 4n +sha224:0GomF8mNN3wlDt1HD9XldjJ3SNgpFdbjO1+NsQ /bin/ls +.Ed +.Pp +The user may only run +.Pa /bin/ls +if its sha224 digest matches the specified value. +Command digests are only supported by version 1.8.7 or higher. +.It Sy sudoOption +Identical in function to the global options described above, but +specific to the +.Li sudoRole +in which it resides. +.It Sy sudoRunAsUser +A user name or user-ID (prefixed with +.Ql # ) +that commands may be run as or a Unix group (prefixed with a +.Ql % ) +or user netgroup (prefixed with a +.Ql + ) +that contains a list of users that commands may be run as. +The special value +.Li ALL +will match any user. +If a +.Li sudoRunAsUser +entry is preceded by an exclamation point, +.Ql \&! , +and the entry matches, the +.Li sudoRole +in which it resides will be ignored. +If +.Li sudoRunAsUser +is specified but empty, it will match the invoking user. +If neither +.Li sudoRunAsUser +nor +.Li sudoRunAsGroup +are present, the value of the +.Em runas_default +.Li sudoOption +is used (defaults to +.Li @runas_default@ ) . +.Pp +The +.Li sudoRunAsUser +attribute is only available in +.Nm sudo +versions +1.7.0 and higher. +Older versions of +.Nm sudo +use the +.Li sudoRunAs +attribute instead. +Negated +.Li sudoRunAsUser +entries are only supported by version 1.8.26 or higher. +.It Sy sudoRunAsGroup +A Unix group or group-ID (prefixed with +.Ql # ) +that commands may be run as. +The special value +.Li ALL +will match any group. +If a +.Li sudoRunAsGroup +entry is preceded by an exclamation point, +.Ql \&! , +and the entry matches, the +.Li sudoRole +in which it resides will be ignored. +.Pp +The +.Li sudoRunAsGroup +attribute is only available in +.Nm sudo +versions +1.7.0 and higher. +Negated +.Li sudoRunAsGroup +entries are only supported by version 1.8.26 or higher. +.It Sy sudoNotBefore +A timestamp in the form +.Li yyyymmddHHMMSSZ +that can be used to provide a start date/time for when the +.Li sudoRole +will be valid. +If multiple +.Li sudoNotBefore +entries are present, the earliest is used. +Note that timestamps must be in Coordinated Universal Time (UTC), +not the local timezone. +The minute and seconds portions are optional, but some LDAP servers +require that they be present (contrary to the RFC). +.Pp +The +.Li sudoNotBefore +attribute is only available in +.Nm sudo +versions 1.7.5 and higher and must be explicitly enabled via the +.Sy SUDOERS_TIMED +option in +.Pa @ldap_conf@ . +.It Sy sudoNotAfter +A timestamp in the form +.Li yyyymmddHHMMSSZ +that indicates an expiration date/time, after which the +.Li sudoRole +will no longer be valid. +If multiple +.Li sudoNotAfter +entries are present, the last one is used. +Note that timestamps must be in Coordinated Universal Time (UTC), +not the local timezone. +The minute and seconds portions are optional, but some LDAP servers +require that they be present (contrary to the RFC). +.Pp +The +.Li sudoNotAfter +attribute is only available in +.Nm sudo +versions +1.7.5 and higher and must be explicitly enabled via the +.Sy SUDOERS_TIMED +option in +.Pa @ldap_conf@ . +.It Sy sudoOrder +The +.Li sudoRole +entries retrieved from the LDAP directory have no inherent order. +The +.Li sudoOrder +attribute is an integer (or floating point value for LDAP servers +that support it) that is used to sort the matching entries. +This allows LDAP-based sudoers entries to more closely mimic the behavior +of the sudoers file, where the order of the entries influences the result. +If multiple entries match, the entry with the highest +.Li sudoOrder +attribute is chosen. +This corresponds to the +.Dq last match +behavior of the sudoers file. +If the +.Li sudoOrder +attribute is not present, a value of 0 is assumed. +.Pp +The +.Li sudoOrder +attribute is only available in +.Nm sudo +versions 1.7.5 and higher. +.El +.Pp +Each attribute listed above should contain a single value, but there +may be multiple instances of each attribute type. +A +.Li sudoRole +must contain at least one +.Li sudoUser , +.Li sudoHost , +and +.Li sudoCommand . +.Pp +The following example allows users in group wheel to run any command +on any host via +.Nm sudo : +.Bd -literal -offset 4n +dn: cn=%wheel,ou=SUDOers,dc=my-domain,dc=com +objectClass: top +objectClass: sudoRole +cn: %wheel +sudoUser: %wheel +sudoHost: ALL +sudoCommand: ALL +.Ed +.Ss Anatomy of LDAP sudoers lookup +When looking up a sudoer using LDAP there are only two or three +LDAP queries per invocation. +The first query is to parse the global options. +The second is to match against the user's name and the groups that +the user belongs to. +(The special +.Li ALL +tag is matched in this query too.) +If no match is returned for the user's name and groups, a third +query returns all entries containing user netgroups and other +non-Unix groups and checks to see if the user belongs to any of them. +.Pp +If timed entries are enabled with the +.Sy SUDOERS_TIMED +configuration directive, the LDAP queries include a sub-filter that +limits retrieval to entries that satisfy the time constraints, if any. +.Pp +If the +.Sy NETGROUP_BASE +configuration directive is present (see +.Sx Configuring ldap.conf +below), queries are performed to determine +the list of netgroups the user belongs to before the sudoers query. +This makes it possible to include netgroups in the sudoers query +string in the same manner as Unix groups. +The third query mentioned above is not performed unless a group provider +plugin is also configured. +The actual LDAP queries performed by +.Nm sudo +are as follows: +.Bl -enum +.It +Match all +.Li nisNetgroup +records with a +.Li nisNetgroupTriple +containing the user, host, and NIS domain. +The query will match +.Li nisNetgroupTriple +entries with either the short or long form of the host name or +no host name specified in the tuple. +If the NIS domain is set, the query will match only match entries +that include the domain or for which there is no domain present. +If the NIS domain is +.Em not +set, a wildcard is used to match any domain name but be aware that the +NIS schema used by some LDAP servers may not support wild cards for +.Li nisNetgroupTriple . +.It +Repeated queries are performed to find any nested +.Li nisNetgroup +records with a +.Li memberNisNetgroup +entry that refers to an already-matched record. +.El +.Pp +For sites with a large number of netgroups, using +.Sy NETGROUP_BASE +can significantly speed up +.Nm sudo Ns 's +execution time. +.Ss Differences between LDAP and non-LDAP sudoers +One of the major differences between LDAP and file-based +.Em sudoers +is that in LDAP, +.Nm sudo Ns -specific +Aliases are not supported. +.Pp +For the most part, there is little need for +.Nm sudo Ns -specific +Aliases. +Unix groups, non-Unix groups (via the +.Em group_plugin ) , +or user netgroups can be used in place of User_Aliases and Runas_Aliases. +Host netgroups can be used in place of Host_Aliases. +Since groups and netgroups can also be stored in LDAP there is no real need for +.Nm sudo Ns -specific +aliases. +.Pp +There are also some subtle differences in the way sudoers is handled +once in LDAP. +Probably the biggest is that according to the RFC, LDAP ordering +is arbitrary and you cannot expect that Attributes and Entries are +returned in any specific order. +.Pp +The order in which different entries are applied can be controlled +using the +.Li sudoOrder +attribute, but there is no way to guarantee the order of attributes +within a specific entry. +If there are conflicting command rules in an entry, the negative +takes precedence. +This is called paranoid behavior (not necessarily the most specific +match). +.Pp +Here is an example: +.Bd -literal -offset 4n +# /etc/sudoers: +# Allow all commands except shell +johnny ALL=(root) ALL,!/bin/sh +# Always allows all commands because ALL is matched last +puddles ALL=(root) !/bin/sh,ALL + +# LDAP equivalent of johnny +# Allows all commands except shell +dn: cn=role1,ou=Sudoers,dc=my-domain,dc=com +objectClass: sudoRole +objectClass: top +cn: role1 +sudoUser: johnny +sudoHost: ALL +sudoCommand: ALL +sudoCommand: !/bin/sh + +# LDAP equivalent of puddles +# Notice that even though ALL comes last, it still behaves like +# role1 since the LDAP code assumes the more paranoid configuration +dn: cn=role2,ou=Sudoers,dc=my-domain,dc=com +objectClass: sudoRole +objectClass: top +cn: role2 +sudoUser: puddles +sudoHost: ALL +sudoCommand: !/bin/sh +sudoCommand: ALL +.Ed +.Ss Converting between file-based and LDAP sudoers +The +.Xr cvtsudoers 1 +utility can be used to convert between file-based and LDAP +.Em sudoers . +However, there are features in the file-based sudoers that have +no equivalent in LDAP-based sudoers (and vice versa). +These cannot be converted automatically. +.Pp +For example, a Cmnd_Alias in a +.Em sudoers +file may be converted to a +.Li sudoRole +that contains multiple commands. +Multiple users and/or groups may be assigned to the +.Li sudoRole . +.Pp +Also, host, user, runas, and command-based +.Li Defaults +entries are not supported. +However, a +.Li sudoRole +may contain one or more +.Li sudoOption +attributes which can often serve the same purpose. +.Pp +Consider the following +.Em sudoers +lines: +.Bd -literal -offset 4n +Cmnd_Alias PAGERS = /usr/bin/more, /usr/bin/pg, /usr/bin/less +Defaults!PAGERS noexec +alice, bob ALL = ALL +.Ed +.Pp +In this example, alice and bob are allowed to run all commands, but +the commands listed in PAGERS will have the noexec flag set, +preventing shell escapes. +.Pp +When converting this to LDAP, two sudoRole objects can be used: +.Bd -literal -offset 4n +dn: cn=PAGERS,ou=SUDOers,dc=my-domain,dc=com +objectClass: top +objectClass: sudoRole +cn: PAGERS +sudoUser: alice +sudoUser: bob +sudoHost: ALL +sudoCommand: /usr/bin/more +sudoCommand: /usr/bin/pg +sudoCommand: /usr/bin/less +sudoOption: noexec +sudoOrder: 900 + +dn: cn=ADMINS,ou=SUDOers,dc=my-domain,dc=com +objectClass: top +objectClass: sudoRole +cn: ADMINS +sudoUser: alice +sudoUser: bob +sudoHost: ALL +sudoCommand: ALL +sudoOrder: 100 +.Ed +.Pp +In the LDAP version, the sudoOrder attribute is used to guarantee +that the PAGERS sudoRole with +.Em noexec +has precedence. +Unlike the +.Em sudoers +version, the LDAP version requires that all users for whom the restriction +should apply be assigned to the PAGERS sudoRole. +Using a Unix group or netgroup in PAGERS rather than listing each +user would make this easier to maintain. +.Pp +Per-user +.Li Defaults +entries can be emulated by using one or more sudoOption attributes +in a sudoRole. +Consider the following +.Em sudoers +lines: +.Bd -literal -offset 4n +User_Alias ADMINS = john, sally +Defaults:ADMINS !authenticate +ADMINS ALL = (ALL:ALL) ALL +.Ed +.Pp +In this example, john and sally are allowed to run any command +as any user or group. +.Pp +When converting this to LDAP, we can use a Unix group instead +of the User_Alias. +.Bd -literal -offset 4n +dn: cn=admins,ou=SUDOers,dc=my-domain,dc=com +objectClass: top +objectClass: sudoRole +cn: admins +sudoUser: %admin +sudoHost: ALL +sudoRunAsUser: ALL +sudoRunAsGroup: ALL +sudoCommand: ALL +sudoOption: !authenticate +.Ed +.Pp +This assumes that users john and sally are members of the +.Dq admins +Unix group. +.Ss Sudoers schema +In order to use +.Nm sudo Ns 's +LDAP support, the +.Nm sudo +schema must be +installed on your LDAP server. +In addition, be sure to index the +.Li sudoUser +attribute. +.Pp +The +.Nm sudo +distribution includes versions of the +.Nm sudoers +schema for multiple LDAP servers: +.Bl -tag -width 4n +.It Pa schema.OpenLDAP +OpenLDAP slapd and +.Ox +ldapd +.It Pa schema.olcSudo +OpenLDAP slapd 2.3 and higher when on-line configuration is enabled +.It Pa schema.iPlanet +Netscape-derived servers such as the iPlanet, Oracle, +and 389 Directory Servers +.It Pa schema.ActiveDirectory +Microsoft Active Directory +.El +.Pp +The schema in OpenLDAP format is also included in the +.Sx EXAMPLES +section. +.Ss Configuring ldap.conf +Sudo reads the +.Pa @ldap_conf@ +file for LDAP-specific configuration. +Typically, this file is shared between different LDAP-aware clients. +As such, most of the settings are not +.Nm sudo Ns -specific. +Note that +.Nm sudo +parses +.Pa @ldap_conf@ +itself and may support options that differ from those described in the +system's +.Xr ldap.conf @mansectform@ +manual. +The path to +.Pa ldap.conf +may be overridden via the +.Em ldap_conf +plugin argument in +.Xr sudo.conf @mansectform@ . +.Pp +Also note that on systems using the OpenLDAP libraries, default +values specified in +.Pa /etc/openldap/ldap.conf +or the user's +.Pa .ldaprc +files are not used. +.Pp +.Nm sudo +supports a variety of LDAP library implementations, including +OpenLDAP, Netscape-derived (also used by Solaris and HP-UX), and +IBM LDAP (aka Tivoli). +Some options are specific to certain LDAP implementations or have +implementation-specific behavior. +These differences are noted below where applicable. +.Pp +Only those options explicitly listed in +.Pa @ldap_conf@ +as being supported by +.Nm sudo +are honored. +Configuration options are listed below in upper case but are parsed +in a case-independent manner. +.Pp +Lines beginning with a pound sign +.Pq Ql # +are ignored. +Leading white space is removed from the beginning of lines. +.Bl -tag -width 4n +.It Sy BIND_TIMELIMIT Ar seconds +The +.Sy BIND_TIMELIMIT +parameter specifies the amount of time, in seconds, to wait while trying +to connect to an LDAP server. +If multiple +.Sy URI Ns s +or +.Sy HOST Ns s +are specified, this is the amount of time to wait before trying +the next one in the list. +.It Sy BINDDN Ar DN +The +.Sy BINDDN +parameter specifies the identity, in the form of a Distinguished Name (DN), +to use when performing LDAP operations. +If not specified, LDAP operations are performed with an anonymous identity. +By default, most LDAP servers will allow anonymous access. +.It Sy BINDPW Ar secret +The +.Sy BINDPW +parameter specifies the password to use when performing LDAP operations. +This is typically used in conjunction with the +.Sy BINDDN +parameter. +The +.Ar secret +may be a plaintext password or a base64-encoded string with a +.Dq base64: +prefix. +For example: +.Bd -literal -offset 4n +BINDPW base64:dGVzdA== +.Ed +.Pp +If a plaintext password is used, it should be a simple string without quotes. +Plain text passwords may not include the comment character +.Pq Ql # +and the escaping of special characters with a backslash +.Pq Ql \e +is not supported. +.It Sy DEREF Ar never/searching/finding/always +How alias dereferencing is to be performed when searching. +See the +.Xr ldap.conf @mansectform@ +manual for a full description of this option. +.It Sy HOST Ar name[:port] ... +If no +.Sy URI +is specified (see below), the +.Sy HOST +parameter specifies a white space-delimited list of LDAP servers to connect to. +Each host may include an optional +.Em port +separated by a colon +.Pq Ql :\& . +The +.Sy HOST +parameter is deprecated in favor of the +.Sy URI +specification and is included for backward compatibility only. +.It Sy KRB5_CCNAME Ar file name +The path to the Kerberos 5 credential cache to use when authenticating +with the remote server. +.Pp +This option is only relevant when using SASL authentication (see below). +.It Sy LDAP_VERSION Ar number +The version of the LDAP protocol to use when connecting to the server. +The default value is protocol version 3. +.It Sy NETGROUP_BASE Ar base +The base DN to use when performing LDAP netgroup queries. +Typically this is of the form +.Li ou=netgroup,dc=my-domain,dc=com +for the domain +.Li my-domain.com . +Multiple +.Sy NETGROUP_BASE +lines may be specified, in which case they are queried in the order specified. +.Pp +This option can be used to query a user's netgroups directly via LDAP +which is usually faster than fetching every +.Li sudoRole +object containing a +.Li sudoUser +that begins with a +.Ql + +prefix. +The NIS schema used by some LDAP servers need a modification to +support querying the +.Li nisNetgroup +object by its +.Li nisNetgroupTriple +member. +OpenLDAP's +.Sy slapd +requires the following change to the +.Li nisNetgroupTriple +attribute: +.Bd -literal -offset 4n +attributetype ( 1.3.6.1.1.1.1.14 NAME 'nisNetgroupTriple' + DESC 'Netgroup triple' + EQUALITY caseIgnoreIA5Match + SUBSTR caseIgnoreIA5SubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) +.Ed +.It Sy NETGROUP_SEARCH_FILTER Ar ldap_filter +An LDAP filter which is used to restrict the set of records returned +when performing an LDAP netgroup query. +Typically, this is of the +form +.Li attribute=value +or +.Li (&(attribute=value)(attribute2=value2)) . +The default search filter is: +.Li objectClass=nisNetgroup . +If +.Ar ldap_filter +is omitted, no search filter will be used. +.Pp +This option is only used when querying netgroups directly via LDAP. +.It Sy NETWORK_TIMEOUT Ar seconds +An alias for +.Sy BIND_TIMELIMIT +provided for OpenLDAP compatibility. +.It Sy PORT Ar port_number +If no +.Sy URI +is specified, the +.Sy PORT +parameter specifies the default port to connect to on the LDAP server if a +.Sy HOST +parameter does not specify the port itself. +If no +.Sy PORT +parameter is used, the default is port 389 for LDAP and port 636 for LDAP +over TLS (SSL). +The +.Sy PORT +parameter is deprecated in favor of the +.Sy URI +specification and is included for backward compatibility only. +.It Sy ROOTBINDDN Ar DN +The +.Sy ROOTBINDDN +parameter specifies the identity, in the form of a Distinguished Name (DN), +to use when performing privileged LDAP operations, such as +.Em sudoers +queries. +The password corresponding to the identity should be stored in the +or the path specified by the +.Em ldap_secret +plugin argument in +.Xr sudo.conf @mansectform@ , +which defaults to +.Pa @ldap_secret@ . +If no +.Sy ROOTBINDDN +is specified, the +.Sy BINDDN +identity is used (if any). +.It Sy ROOTUSE_SASL Ar on/true/yes/off/false/no +Enable +.Sy ROOTUSE_SASL +to enable SASL authentication when connecting +to an LDAP server from a privileged process, such as +.Nm sudo . +.It Sy SASL_AUTH_ID Ar identity +The SASL user name to use when connecting to the LDAP server. +By default, +.Nm sudo +will use an anonymous connection. +.Pp +This option is only relevant when using SASL authentication. +.It Sy SASL_MECH Ar mechanisms +A white space-delimited list of SASL authentication mechanisms to use. +By default, +.Nm sudo +will use +.Dv GSSAPI +authentication. +.It Sy SASL_SECPROPS Ar none/properties +SASL security properties or +.Em none +for no properties. +See the SASL programmer's manual for details. +.Pp +This option is only relevant when using SASL authentication. +.It Sy SSL Ar on/true/yes/off/false/no +If the +.Sy SSL +parameter is set to +.Li on , +.Li true , +or +.Li yes +TLS (SSL) encryption is always used when communicating with the LDAP server. +Typically, this involves connecting to the server on port 636 (ldaps). +.It Sy SSL Ar start_tls +If the +.Sy SSL +parameter is set to +.Li start_tls , +the LDAP server connection is initiated normally and TLS encryption is +begun before the bind credentials are sent. +This has the advantage of not requiring a dedicated port for encrypted +communications. +This parameter is only supported by LDAP servers that honor the +.Em start_tls +extension, such as the OpenLDAP and IBM Tivoli Directory servers. +.It Sy SUDOERS_BASE Ar base +The base DN to use when performing +.Nm sudo +LDAP queries. +Typically this is of the form +.Li ou=SUDOers,dc=my-domain,dc=com +for the domain +.Li my-domain.com . +Multiple +.Sy SUDOERS_BASE +lines may be specified, in which case they are queried in the order specified. +.It Sy SUDOERS_DEBUG Ar debug_level +This sets the debug level for +.Nm sudo +LDAP queries. +Debugging information is printed to the standard error. +A value of 1 results in a moderate amount of debugging information. +A value of 2 shows the results of the matches themselves. +This parameter should not be set in a production environment as the +extra information is likely to confuse users. +.Pp +The +.Sy SUDOERS_DEBUG +parameter is deprecated and will be removed in a future release. +The same information is now logged via the +.Nm sudo +debugging framework using the +.Dq ldap +subsystem at priorities +.Em diag +and +.Em info +for +.Em debug_level +values 1 and 2 respectively. +See the +.Xr sudo.conf @mansectform@ +manual for details on how to configure +.Nm sudo +debugging. +.It Sy SUDOERS_SEARCH_FILTER Ar ldap_filter +An LDAP filter which is used to restrict the set of records returned +when performing a +.Nm sudo +LDAP query. +Typically, this is of the +form +.Li attribute=value +or +.Li (&(attribute=value)(attribute2=value2)) . +The default search filter is: +.Li objectClass=sudoRole . +If +.Ar ldap_filter +is omitted, no search filter will be used. +.It Sy SUDOERS_TIMED Ar on/true/yes/off/false/no +Whether or not to evaluate the +.Li sudoNotBefore +and +.Li sudoNotAfter +attributes that implement time-dependent sudoers entries. +.It Sy TIMELIMIT Ar seconds +The +.Sy TIMELIMIT +parameter specifies the amount of time, in seconds, to wait for a +response to an LDAP query. +.It Sy TIMEOUT Ar seconds +The +.Sy TIMEOUT +parameter specifies the amount of time, in seconds, to wait for a +response from the various LDAP APIs. +.It Sy TLS_CACERT Ar file name +An alias for +.Sy TLS_CACERTFILE +for OpenLDAP compatibility. +.It Sy TLS_CACERTFILE Ar file name +The path to a certificate authority bundle which contains the certificates +for all the Certificate Authorities the client knows to be valid, e.g., +.Pa /etc/ssl/ca-bundle.pem . +.Pp +This option is only supported by the OpenLDAP libraries. +Netscape-derived LDAP libraries use the same certificate +database for CA and client certificates (see +.Sy TLS_CERT ) . +.It Sy TLS_CACERTDIR Ar directory +Similar to +.Sy TLS_CACERTFILE +but instead of a file, it is a directory containing individual +Certificate Authority certificates, e.g., +.Pa /etc/ssl/certs . +The directory specified by +.Sy TLS_CACERTDIR +is checked after +.Sy TLS_CACERTFILE . +.Pp +This option is only supported by the OpenLDAP libraries. +.It Sy TLS_CERT Ar file name +The path to a file containing the client certificate which can +be used to authenticate the client to the LDAP server. +The certificate type depends on the LDAP libraries used. +.Bl -tag -width 4n +.It OpenLDAP: +.Li tls_cert /etc/ssl/client_cert.pem +.It Netscape-derived: +.Li tls_cert /var/ldap/cert7.db +.It IBM LDAP: +Unused, the key database specified by +.Sy TLS_KEY +contains both keys and certificates. +.El +.Pp +When using Netscape-derived libraries, this file may also contain +Certificate Authority certificates. +.It Sy TLS_CHECKPEER Ar on/true/yes/off/false/no +If enabled, +.Sy TLS_CHECKPEER +will cause the LDAP server's TLS certificated to be verified. +If the server's TLS certificate cannot be verified (usually because it +is signed by an unknown certificate authority), +.Nm sudo +will be unable to connect to it. +If +.Sy TLS_CHECKPEER +is disabled, no check is made. +Note that disabling the check creates an opportunity for man-in-the-middle +attacks since the server's identity will not be authenticated. +If possible, the CA's certificate should be installed locally so it can +be verified. +.Pp +This option is not supported by the IBM LDAP libraries. +.It Sy TLS_KEY Ar file name +The path to a file containing the private key which matches the +certificate specified by +.Sy TLS_CERT . +The private key must not be password-protected. +The key type depends on the LDAP libraries used. +.Bl -tag -width 4n +.It OpenLDAP: +.Li tls_key /etc/ssl/client_key.pem +.It Netscape-derived: +.Li tls_key /var/ldap/key3.db +.It IBM LDAP: +.Li tls_key /usr/ldap/ldapkey.kdb +.El +.Pp +When using IBM LDAP libraries, this file may also contain +Certificate Authority and client certificates and may be encrypted. +.It Sy TLS_CIPHERS Ar cipher list +The +.Sy TLS_CIPHERS +parameter allows the administer to restrict which encryption algorithms +may be used for TLS (SSL) connections. +See the OpenLDAP or IBM Tivoli Directory Server manual for a list of valid +ciphers. +.Pp +This option is not supported by Netscape-derived libraries. +.It Sy TLS_KEYPW Ar secret +The +.Sy TLS_KEYPW +contains the password used to decrypt the key database on clients +using the IBM LDAP library. +The +.Ar secret +may be a plaintext password or a base64-encoded string with a +.Dq base64: +prefix. +For example: +.Bd -literal -offset 4n +TLS_KEYPW base64:dGVzdA== +.Ed +.Pp +If a plaintext password is used, it should be a simple string without quotes. +Plain text passwords may not include the comment character +.Pq Ql # +and the escaping of special characters with a backslash +.Pq Ql \e +is not supported. +If this option is used, +.Pa @ldap_conf@ +must not be world-readable to avoid exposing the password. +Alternately, a +.Em stash file +can be used to store the password in encrypted form (see below). +.Pp +If no +.Sy TLS_KEYPW +is specified, a +.Em stash file +will be used if it exists. +The +.Em stash file +must have the same path as the file specified by +.Sy TLS_KEY , +but use a +.Li .sth +file extension instead of +.Li .kdb , +e.g., +.Li ldapkey.sth . +The default +.Li ldapkey.kdb +that ships with the IBM Tivoli Directory Server is encrypted with the password +.Li ssl_password . +The +.Em gsk8capicmd +utility can be used to manage the key database and create a +.Em stash file . +.Pp +This option is only supported by the IBM LDAP libraries. +.It Sy TLS_REQCERT Ar level +The +.Sy TLS_REQCERT +parameter controls how the LDAP server's TLS certificated will be +verified (if at all). +If the server's TLS certificate cannot be verified (usually because it +is signed by an unknown certificate authority), +.Nm sudo +will be unable to connect to it. +The following +.Ar level +values are supported: +.Bl -tag -width 8n -offset 4n +.It never +The server certificate will not be requested or checked. +.It allow +The server certificate will be requested. +A missing or invalid certificate is ignored and not considered an error. +.It try +The server certificate will be requested. +A missing certificate is ignored but an invalid certificate will +result in a connection error. +.It demand | Ar hard +The server certificate will be requested. +A missing or invalid certificate will result in a connection error. +This is the default behavior. +.El +.Pp +This option is only supported by the OpenLDAP libraries. +Other LDAP libraries only support the +.Sy TLS_CHECKPEER +parameter. +.It Sy TLS_RANDFILE Ar file name +The +.Sy TLS_RANDFILE +parameter specifies the path to an entropy source for systems that lack +a random device. +It is generally used in conjunction with +.Em prngd +or +.Em egd . +.Pp +This option is only supported by the OpenLDAP libraries. +.It Sy URI Ar ldap[s]://[hostname[:port]] ... +Specifies a white space-delimited list of one or more URIs describing +the LDAP server(s) to connect to. +The +.Em protocol +may be either +.Em ldap +.Em ldaps , +the latter being for servers that support TLS (SSL) encryption. +If no +.Em port +is specified, the default is port 389 for +.Li ldap:// +or port 636 for +.Li ldaps:// . +If no +.Em hostname +is specified, +.Nm sudo +will connect to +.Em localhost . +Multiple +.Sy URI +lines are treated identically to a +.Sy URI +line containing multiple entries. +Only systems using the OpenSSL libraries support the mixing of +.Li ldap:// +and +.Li ldaps:// +URIs. +Both the Netscape-derived and IBM LDAP libraries used on most commercial +versions of Unix are only capable of supporting one or the other. +.It Sy USE_SASL Ar on/true/yes/off/false/no +Enable +.Sy USE_SASL +for LDAP servers that support SASL authentication. +.It Sy ROOTSASL_AUTH_ID Ar identity +The SASL user name to use when +.Sy ROOTUSE_SASL +is enabled. +.El +.Pp +See the +.Pa ldap.conf +entry in the +.Sx EXAMPLES +section. +.Ss Configuring nsswitch.conf +Unless it is disabled at build time, +.Nm sudo +consults the Name Service Switch file, +.Pa @nsswitch_conf@ , +to specify the +.Em sudoers +search order. +Sudo looks for a line beginning with +.Li sudoers : +and uses this to determine the search order. +Note that by default, +.Nm sudo +does not stop searching after the first match and later matches take +precedence over earlier ones (unless +.Li [SUCCESS=return] +is used, see below). +The following sources are recognized: +.Pp +.Bl -tag -width 8n -offset 4n -compact +.It files +read sudoers from +.Pa @sysconfdir@/sudoers +.It ldap +read sudoers from LDAP +.El +.Pp +In addition, a subset of +.Pa nsswitch.conf Ns -style +action statements is supported, specifically +.Li [SUCCESS=return] +and +.Li [NOTFOUND=return] . +These will unconditionally terminate the search if the user was either +found +.Pq Li [SUCCESS=return] +or not found +.Pq Li [NOTFOUND=return] +in the immediately preceding source. +Other action statements tokens are not supported, nor is test +negation with +.Ql \&! . +.Pp +To consult LDAP first followed by the local sudoers file (if it +exists), use: +.Bd -literal -offset 4n +sudoers: ldap files +.Ed +.Pp +To consult LDAP only when no match is found in the local sudoers +file (if it exists), use: +.Bd -literal -offset 4n +sudoers: files [SUCCESS=return] ldap +.Ed +.Pp +The local +.Em sudoers +file can be ignored completely by using: +.Bd -literal -offset 4n +sudoers: ldap +.Ed +.Pp +If the +.Pa @nsswitch_conf@ +file is not present or there is no sudoers line, the following +default is assumed: +.Bd -literal -offset 4n +sudoers: files +.Ed +.Pp +Note that +.Pa @nsswitch_conf@ +is supported even when the underlying operating system does not use +an nsswitch.conf file, except on AIX (see below). +.Ss Configuring netsvc.conf +On AIX systems, the +.Pa @netsvc_conf@ +file is consulted instead of +.Pa @nsswitch_conf@ . +.Nm sudo +simply treats +.Pa netsvc.conf +as a variant of +.Pa nsswitch.conf ; +information in the previous section unrelated to the file format +itself still applies. +.Pp +To consult LDAP first followed by the local sudoers file (if it +exists), use: +.Bd -literal -offset 4n +sudoers = ldap, files +.Ed +.Pp +The local +.Em sudoers +file can be ignored completely by using: +.Bd -literal -offset 4n +sudoers = ldap +.Ed +.Pp +To treat LDAP as authoritative and only use the local sudoers file +if the user is not present in LDAP, use: +.Bd -literal -offset 4n +sudoers = ldap = auth, files +.Ed +.Pp +Note that in the above example, the +.Li auth +qualifier only affects user lookups; both LDAP and +.Em sudoers +will be queried for +.Li Defaults +entries. +.Pp +If the +.Pa @netsvc_conf@ +file is not present or there is no sudoers line, the following +default is assumed: +.Bd -literal -offset 4n +sudoers = files +.Ed +.Ss Integration with sssd +On systems with the +.Em System Security Services Daemon +(SSSD) and where +.Nm sudo +has been built with SSSD support, +it is possible to use SSSD to cache LDAP +.Em sudoers +rules. +To use SSSD as the +.Em sudoers +source, you should use +.Li sss +instead of +.Li ldap +for the sudoers entry in +.Pa @nsswitch_conf@ . +Note that the +.Pa @ldap_conf@ +file is not used by the SSSD +.Nm sudo +back end. +Please see +.Xr sssd-sudo @mansectform@ +for more information on configuring +.Nm sudo +to work with SSSD. +.Sh FILES +.Bl -tag -width 24n +.It Pa @ldap_conf@ +LDAP configuration file +.It Pa @nsswitch_conf@ +determines sudoers source order +.It Pa @netsvc_conf@ +determines sudoers source order on AIX +.El +.Sh EXAMPLES +.Ss Example ldap.conf +.Bd -literal -offset 2n +# Either specify one or more URIs or one or more host:port pairs. +# If neither is specified sudo will default to localhost, port 389. +# +#host ldapserver +#host ldapserver1 ldapserver2:390 +# +# Default port if host is specified without one, defaults to 389. +#port 389 +# +# URI will override the host and port settings. +uri ldap://ldapserver +#uri ldaps://secureldapserver +#uri ldaps://secureldapserver ldap://ldapserver +# +# The amount of time, in seconds, to wait while trying to connect to +# an LDAP server. +bind_timelimit 30 +# +# The amount of time, in seconds, to wait while performing an LDAP query. +timelimit 30 +# +# Must be set or sudo will ignore LDAP; may be specified multiple times. +sudoers_base ou=SUDOers,dc=my-domain,dc=com +# +# verbose sudoers matching from ldap +#sudoers_debug 2 +# +# Enable support for time-based entries in sudoers. +#sudoers_timed yes +# +# optional proxy credentials +#binddn +#bindpw +#rootbinddn +# +# LDAP protocol version, defaults to 3 +#ldap_version 3 +# +# Define if you want to use an encrypted LDAP connection. +# Typically, you must also set the port to 636 (ldaps). +#ssl on +# +# Define if you want to use port 389 and switch to +# encryption before the bind credentials are sent. +# Only supported by LDAP servers that support the start_tls +# extension such as OpenLDAP. +#ssl start_tls +# +# Additional TLS options follow that allow tweaking of the +# SSL/TLS connection. +# +#tls_checkpeer yes # verify server SSL certificate +#tls_checkpeer no # ignore server SSL certificate +# +# If you enable tls_checkpeer, specify either tls_cacertfile +# or tls_cacertdir. Only supported when using OpenLDAP. +# +#tls_cacertfile /etc/certs/trusted_signers.pem +#tls_cacertdir /etc/certs +# +# For systems that don't have /dev/random +# use this along with PRNGD or EGD.pl to seed the +# random number pool to generate cryptographic session keys. +# Only supported when using OpenLDAP. +# +#tls_randfile /etc/egd-pool +# +# You may restrict which ciphers are used. Consult your SSL +# documentation for which options go here. +# Only supported when using OpenLDAP. +# +#tls_ciphers +# +# Sudo can provide a client certificate when communicating to +# the LDAP server. +# Tips: +# * Enable both lines at the same time. +# * Do not password protect the key file. +# * Ensure the keyfile is only readable by root. +# +# For OpenLDAP: +#tls_cert /etc/certs/client_cert.pem +#tls_key /etc/certs/client_key.pem +# +# For Netscape-derived LDAP, tls_cert and tls_key may specify either +# a directory, in which case the files in the directory must have the +# default names (e.g., cert8.db and key4.db), or the path to the cert +# and key files themselves. However, a bug in version 5.0 of the LDAP +# SDK will prevent specific file names from working. For this reason +# it is suggested that tls_cert and tls_key be set to a directory, +# not a file name. +# +# The certificate database specified by tls_cert may contain CA certs +# and/or the client's cert. If the client's cert is included, tls_key +# should be specified as well. +# For backward compatibility, "sslpath" may be used in place of tls_cert. +#tls_cert /var/ldap +#tls_key /var/ldap +# +# If using SASL authentication for LDAP (OpenSSL) +# use_sasl yes +# sasl_auth_id +# rootuse_sasl yes +# rootsasl_auth_id +# sasl_secprops none +# krb5_ccname /etc/.ldapcache +.Ed +.Ss Sudoers schema for OpenLDAP +The following schema, in OpenLDAP format, is included with +.Nm sudo +source and binary distributions as +.Pa schema.OpenLDAP . +Simply copy +it to the schema directory (e.g., +.Pa /etc/openldap/schema ) , +add the proper +.Li include +line in +.Pa slapd.conf +and restart +.Nm slapd . +Sites using the optional on-line configuration supported by OpenLDAP 2.3 +and higher should apply the +.Pa schema.olcSudo +file instead. +.Bd -literal -offset 2n +attributetype ( 1.3.6.1.4.1.15953.9.1.1 + NAME 'sudoUser' + DESC 'User(s) who may run sudo' + EQUALITY caseExactIA5Match + SUBSTR caseExactIA5SubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) + +attributetype ( 1.3.6.1.4.1.15953.9.1.2 + NAME 'sudoHost' + DESC 'Host(s) who may run sudo' + EQUALITY caseExactIA5Match + SUBSTR caseExactIA5SubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) + +attributetype ( 1.3.6.1.4.1.15953.9.1.3 + NAME 'sudoCommand' + DESC 'Command(s) to be executed by sudo' + EQUALITY caseExactIA5Match + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) + +attributetype ( 1.3.6.1.4.1.15953.9.1.4 + NAME 'sudoRunAs' + DESC 'User(s) impersonated by sudo' + EQUALITY caseExactIA5Match + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) + +attributetype ( 1.3.6.1.4.1.15953.9.1.5 + NAME 'sudoOption' + DESC 'Options(s) followed by sudo' + EQUALITY caseExactIA5Match + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) + +attributetype ( 1.3.6.1.4.1.15953.9.1.6 + NAME 'sudoRunAsUser' + DESC 'User(s) impersonated by sudo' + EQUALITY caseExactIA5Match + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) + +attributetype ( 1.3.6.1.4.1.15953.9.1.7 + NAME 'sudoRunAsGroup' + DESC 'Group(s) impersonated by sudo' + EQUALITY caseExactIA5Match + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) + +attributetype ( 1.3.6.1.4.1.15953.9.1.8 + NAME 'sudoNotBefore' + DESC 'Start of time interval for which the entry is valid' + EQUALITY generalizedTimeMatch + ORDERING generalizedTimeOrderingMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.24 ) + +attributetype ( 1.3.6.1.4.1.15953.9.1.9 + NAME 'sudoNotAfter' + DESC 'End of time interval for which the entry is valid' + EQUALITY generalizedTimeMatch + ORDERING generalizedTimeOrderingMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.24 ) + +attributetype ( 1.3.6.1.4.1.15953.9.1.10 + NAME 'sudoOrder' + DESC 'an integer to order the sudoRole entries' + EQUALITY integerMatch + ORDERING integerOrderingMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 ) + +objectclass ( 1.3.6.1.4.1.15953.9.2.1 NAME 'sudoRole' SUP top STRUCTURAL + DESC 'Sudoer Entries' + MUST ( cn ) + MAY ( sudoUser $ sudoHost $ sudoCommand $ sudoRunAs $ sudoRunAsUser $ + sudoRunAsGroup $ sudoOption $ sudoNotBefore $ sudoNotAfter $ + sudoOrder $ description ) + ) +.Ed +.Sh SEE ALSO +.Xr cvtsudoers 1 , +.Xr ldap.conf @mansectform@ , +.Xr sssd-sudo @mansectform@ , +.Xr sudo.conf @mansectform@ , +.Xr sudoers @mansectform@ +.Sh AUTHORS +Many people have worked on +.Nm sudo +over the years; this version consists of code written primarily by: +.Bd -ragged -offset indent +.An Todd C. Miller +.Ed +.Pp +See the CONTRIBUTORS file in the +.Nm sudo +distribution (https://www.sudo.ws/contributors.html) for an +exhaustive list of people who have contributed to +.Nm sudo . +.Sh CAVEATS +Note that there are differences in the way that LDAP-based +.Em sudoers +is parsed compared to file-based +.Em sudoers . +See the +.Sx Differences between LDAP and non-LDAP sudoers +section for more information. +.Sh BUGS +If you feel you have found a bug in +.Nm sudo , +please submit a bug report at https://bugzilla.sudo.ws/ +.Sh SUPPORT +Limited free support is available via the sudo-users mailing list, +see https://www.sudo.ws/mailman/listinfo/sudo-users to subscribe or +search the archives. +.Sh DISCLAIMER +.Nm sudo +is provided +.Dq AS IS +and any express or implied warranties, including, but not limited +to, the implied warranties of merchantability and fitness for a +particular purpose are disclaimed. +See the LICENSE file distributed with +.Nm sudo +or https://www.sudo.ws/license.html for complete details. diff -Nru sudo-1.9.5p2/docs/sudoers.man.in sudo-1.9.9/docs/sudoers.man.in --- sudo-1.9.5p2/docs/sudoers.man.in 1970-01-01 00:00:00.000000000 +0000 +++ sudo-1.9.9/docs/sudoers.man.in 2022-01-27 21:24:22.000000000 +0000 @@ -0,0 +1,7025 @@ +.\" Automatically generated from an mdoc input file. Do not edit. +.\" +.\" SPDX-License-Identifier: ISC +.\" +.\" Copyright (c) 1994-1996, 1998-2005, 2007-2022 +.\" Todd C. Miller +.\" +.\" Permission to use, copy, modify, and distribute this software for any +.\" purpose with or without fee is hereby granted, provided that the above +.\" copyright notice and this permission notice appear in all copies. +.\" +.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES +.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF +.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR +.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES +.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN +.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF +.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. +.\" +.\" Sponsored in part by the Defense Advanced Research Projects +.\" Agency (DARPA) and Air Force Research Laboratory, Air Force +.\" Materiel Command, USAF, under agreement number F39502-99-1-0512. +.\" +.nr SL @SEMAN@ +.nr BA @BAMAN@ +.nr LC @LCMAN@ +.nr PS @PSMAN@ +.TH "SUDOERS" "@mansectform@" "January 20, 2022" "Sudo @PACKAGE_VERSION@" "File Formats Manual" +.nh +.if n .ad l +.SH "NAME" +\fBsudoers\fR +\- default sudo security policy plugin +.SH "DESCRIPTION" +The +\fBsudoers\fR +policy plugin determines a user's +\fBsudo\fR +privileges. +It is the default +\fBsudo\fR +policy plugin. +The policy is driven by +the +\fI@sysconfdir@/sudoers\fR +file or, optionally, in LDAP. +The policy format is described in detail in the +\fISUDOERS FILE FORMAT\fR +section. +For information on storing +\fBsudoers\fR +policy information +in LDAP, please see +sudoers.ldap(@mansectform@). +.SS "Configuring sudo.conf for sudoers" +\fBsudo\fR +consults the +sudo.conf(@mansectform@) +file to determine which plugins to load. +If no +sudo.conf(@mansectform@) +file is present, or if it contains no +\fRPlugin\fR +lines, +\fBsudoers\fR +will be used for auditing, policy decisions and I/O logging. +To explicitly configure +sudo.conf(@mansectform@) +to use the +\fBsudoers\fR +plugin, the following configuration can be used. +.nf +.sp +.RS 6n +Plugin sudoers_audit sudoers.so +Plugin sudoers_policy sudoers.so +Plugin sudoers_io sudoers.so +.RE +.fi +.PP +Starting with +\fBsudo\fR +1.8.5, it is possible to specify optional arguments to the +\fBsudoers\fR +plugin in the +sudo.conf(@mansectform@) +file. +Plugin arguments, if any, should be listed after the path to the plugin +(i.e., after +\fIsudoers.so\fR). +The arguments are only effective for the plugin that opens (and parses) the +\fIsudoers\fR +file. +.PP +For +\fBsudo\fR +version 1.9.1 and higher, this is the +\fIsudoers_audit\fR +plugin. +For older versions, it is the +\fIsudoers_policy\fR +plugin. +Multiple arguments may be specified, separated by white space. +For example: +.nf +.sp +.RS 6n +Plugin sudoers_audit sudoers.so sudoers_mode=0400 error_recovery=false +.RE +.fi +.PP +The following plugin arguments are supported: +.TP 10n +error_recovery=bool +The +\fIerror_recovery\fR +argument can be used to control whether +\fBsudoers\fR +should attempt to recover from syntax errors in the +\fIsudoers\fR +file. +If set to +\fItrue\fR +(the default), +\fBsudoers\fR +will try to recover from a syntax error by discarding the portion +of the line that contains the error until the end of the line. +A value of +\fIfalse\fR +will disable error recovery. +Prior to version 1.9.3, no error recovery was performed. +.TP 10n +ldap_conf=pathname +The +\fIldap_conf\fR +argument can be used to override the default path to the +\fIldap.conf\fR +file. +.TP 10n +ldap_secret=pathname +The +\fIldap_secret\fR +argument can be used to override the default path to the +\fIldap.secret\fR +file. +.TP 10n +sudoers_file=pathname +The +\fIsudoers_file\fR +argument can be used to override the default path to the +\fIsudoers\fR +file. +.TP 10n +sudoers_uid=user-ID +The +\fIsudoers_uid\fR +argument can be used to override the default owner of the sudoers file. +It should be specified as a numeric user-ID. +.TP 10n +sudoers_gid=group-ID +The +\fIsudoers_gid\fR +argument can be used to override the default group of the sudoers file. +It must be specified as a numeric group-ID (not a group name). +.TP 10n +sudoers_mode=mode +The +\fIsudoers_mode\fR +argument can be used to override the default file mode for the sudoers file. +It should be specified as an octal value. +.PP +For more information on configuring +sudo.conf(@mansectform@), +please refer to its manual. +.SS "User Authentication" +The +\fBsudoers\fR +security policy requires that most users authenticate +themselves before they can use +\fBsudo\fR. +A password is not required +if the invoking user is root, if the target user is the same as the +invoking user, or if the policy has disabled authentication for the +user or command. +Unlike +su(1), +when +\fBsudoers\fR +requires +authentication, it validates the invoking user's credentials, not +the target user's (or root's) credentials. +This can be changed via +the +\fIrootpw\fR, +\fItargetpw\fR +and +\fIrunaspw\fR +flags, described later. +.PP +If a user who is not listed in the policy tries to run a command +via +\fBsudo\fR, +mail is sent to the proper authorities. +The address +used for such mail is configurable via the +\fImailto\fR +Defaults entry +(described later) and defaults to +\fR@mailto@\fR. +.PP +Note that no mail will be sent if an unauthorized user tries to run +\fBsudo\fR +with the +\fB\-l\fR +or +\fB\-v\fR +option unless there is an authentication error and +either the +\fImail_always\fR +or +\fImail_badpass\fR +flags are enabled. +This allows users to +determine for themselves whether or not they are allowed to use +\fBsudo\fR. +By default, all attempts to run +\fBsudo\fR +(successful or not) +are logged, regardless of whether or not mail is sent. +.PP +If +\fBsudo\fR +is run by root and the +\fRSUDO_USER\fR +environment variable +is set, the +\fBsudoers\fR +policy will use this value to determine who +the actual user is. +This can be used by a user to log commands +through sudo even when a root shell has been invoked. +It also +allows the +\fB\-e\fR +option to remain useful even when invoked via a +sudo-run script or program. +Note, however, that the +\fIsudoers\fR +file lookup is still done for root, not the user specified by +\fRSUDO_USER\fR. +.PP +\fBsudoers\fR +uses per-user time stamp files for credential caching. +Once a user has been authenticated, a record is written +containing the user-ID that was used to authenticate, the +terminal session ID, the start time of the session leader +(or parent process) and a time stamp +(using a monotonic clock if one is available). +The user may then use +\fBsudo\fR +without a password for a short period of time +(\fR@timeout@\fR +minutes unless overridden by the +\fItimestamp_timeout\fR +option) +\&. +By default, +\fBsudoers\fR +uses a separate record for each terminal, which means that +a user's login sessions are authenticated separately. +The +\fItimestamp_type\fR +option can be used to select the type of time stamp record +\fBsudoers\fR +will use. +.SS "Logging" +By default, +\fBsudoers\fR +logs both successful and unsuccessful attempts (as well +as errors). +The +\fIlog_allowed\fR +and +\fIlog_denied\fR +flags can be used to control this behavior. +Messages can be logged to +syslog(3), +a log file, or both. +The default is to log to +syslog(3) +but this is configurable via the +\fIsyslog\fR +and +\fIlogfile\fR +settings. +See +\fILOG FORMAT\fR +for a description of the log file format. +.PP +\fBsudoers\fR +is also capable of running a command in a pseudo-terminal and logging all +input and/or output. +The standard input, standard output, and standard error can be logged +even when not associated with a terminal. +I/O logging is not on by default but can be enabled using +the +\fIlog_input\fR +and +\fIlog_output\fR +options as well as the +\fRLOG_INPUT\fR +and +\fRLOG_OUTPUT\fR +command tags. +See +\fII/O LOG FILES\fR +for details on how I/O log files are stored. +.PP +Starting with version 1.9, the +\fIlog_servers\fR +setting may be used to send event and I/O log data to a remote server running +\fBsudo_logsrvd\fR +or another service that implements the protocol described by +sudo_logsrv.proto(@mansectform@). +.SS "Command environment" +Since environment variables can influence program behavior, +\fBsudoers\fR +provides a means to restrict which variables from the user's +environment are inherited by the command to be run. +There are two +distinct ways +\fBsudoers\fR +can deal with environment variables. +.PP +By default, the +\fIenv_reset\fR +flag is enabled. +This causes commands +to be executed with a new, minimal environment. +On AIX (and Linux +systems without PAM), the environment is initialized with the +contents of the +\fI/etc/environment\fR +file. +.if \n(LC \{\ +On +BSD +systems, if the +\fIuse_loginclass\fR +flag is enabled, the environment is initialized +based on the +\fIpath\fR +and +\fIsetenv\fR +settings in +\fI/etc/login.conf\fR. +.\} +The +\fRHOME\fR, +\fRMAIL\fR, +\fRSHELL\fR, +\fRLOGNAME\fR +and +\fRUSER\fR +environment variables are initialized based on the target user +and the +\fRSUDO_*\fR +variables are set based on the invoking user. +Additional variables, such as +\fRDISPLAY\fR, +\fRPATH\fR +and +\fRTERM\fR, +are preserved from the invoking user's environment if permitted by the +\fIenv_check\fR, +or +\fIenv_keep\fR +options. +A few environment variables are treated specially. +If the +\fRPATH\fR +and +\fRTERM\fR +variables are not preserved from the user's environment, they will be set +to default values. +The +\fRLOGNAME\fR +and +\fRUSER\fR +are handled as a single entity. +If one of them is preserved (or removed) from the user's environment, +the other will be as well. +If +\fRLOGNAME\fR +and +\fRUSER\fR +are to be preserved but only one of them is present in the user's environment, +the other will be set to the same value. +This avoids an inconsistent environment where one of the variables +describing the user name is set to the invoking user and one is +set to the target user. +Environment variables with a value beginning with +\fR()\fR +are removed unless both the name and value parts are matched by +\fIenv_keep\fR +or +\fIenv_check\fR, +as they may be interpreted as functions by the +\fBbash\fR +shell. +Prior to version 1.8.11, such variables were always removed. +.PP +If, however, the +\fIenv_reset\fR +flag is disabled, any variables not +explicitly denied by the +\fIenv_check\fR +and +\fIenv_delete\fR +options are allowed and their values are +inherited from the invoking process. +Prior to version 1.8.21, environment variables with a value beginning with +\fR()\fR +were always removed. +Beginning with version 1.8.21, a pattern in +\fIenv_delete\fR +is used to match +\fBbash\fR +shell functions instead. +Since it is not possible +to block all potentially dangerous environment variables, use +of the default +\fIenv_reset\fR +behavior is encouraged. +.PP +Environment variables specified by +\fIenv_check\fR, +\fIenv_delete\fR, +or +\fIenv_keep\fR +may include one or more +\(oq*\(cq +characters which will match zero or more characters. +No other wildcard characters are supported. +.PP +By default, environment variables are matched by name. +However, if the pattern includes an equal sign +(\(oq=\&\(cq), +both the variables name and value must match. +For example, a +\fBbash\fR +shell function could be matched as follows: +.nf +.sp +.RS 4n +env_keep += "BASH_FUNC_my_func%%=()*" +.RE +.fi +.PP +Without the +\(lq\fR=()*\fR\(rq +suffix, this would not match, as +\fBbash\fR +shell functions are not preserved by default. +.PP +The complete list of environment variables that are preserved or removed, +as modified by global Defaults parameters in +\fIsudoers\fR, +is displayed when +\fBsudo\fR +is run by root with the +\fB\-V\fR +option. +Please note that the list of environment variables to remove +varies based on the operating system +\fBsudo\fR +is running on. +.PP +Other +\fBsudoers\fR +options may influence the command environment, such as +\fIalways_set_home\fR, +\fIsecure_path\fR, +\fIset_logname\fR, +and +\fIset_home\fR. +.PP +On systems that support PAM where the +\fBpam_env\fR +module is enabled for +\fBsudo\fR, +variables in the PAM environment may be merged in to the environment. +If a variable in the PAM environment is already present in the +user's environment, the value will only be overridden if the variable +was not preserved by +\fBsudoers\fR. +When +\fIenv_reset\fR +is enabled, variables preserved from the invoking user's environment +by the +\fIenv_keep\fR +list take precedence over those in the PAM environment. +When +\fIenv_reset\fR +is disabled, variables present the invoking user's environment +take precedence over those in the PAM environment unless they +match a pattern in the +\fIenv_delete\fR +list. +.PP +Note that the dynamic linker on most operating systems will remove +variables that can control dynamic linking from the environment of +set-user-ID executables, including +\fBsudo\fR. +Depending on the operating +system this may include +\fR_RLD*\fR, +\fRDYLD_*\fR, +\fRLD_*\fR, +\fRLDR_*\fR, +\fRLIBPATH\fR, +\fRSHLIB_PATH\fR, +and others. +These type of variables are +removed from the environment before +\fBsudo\fR +even begins execution +and, as such, it is not possible for +\fBsudo\fR +to preserve them. +.PP +As a special case, if the +\fB\-i\fR +option (initial login) is +specified, +\fBsudoers\fR +will initialize the environment regardless +of the value of +\fIenv_reset\fR. +The +\fRDISPLAY\fR, +\fRPATH\fR +and +\fRTERM\fR +variables remain unchanged; +\fRHOME\fR, +\fRMAIL\fR, +\fRSHELL\fR, +\fRUSER\fR, +and +\fRLOGNAME\fR +are set based on the target user. +On AIX (and Linux +systems without PAM), the contents of +\fI/etc/environment\fR +are also +included. +.if \n(LC \{\ +On +BSD +systems, if the +\fIuse_loginclass\fR +flag is +enabled, the +\fIpath\fR +and +\fIsetenv\fR +variables in +\fI/etc/login.conf\fR +are also applied. +.\} +All other environment variables are removed unless permitted by +\fIenv_keep\fR +or +\fIenv_check\fR, +described above. +.PP +Finally, the +\fIrestricted_env_file\fR +and +\fIenv_file\fR +files are applied, if present. +The variables in +\fIrestricted_env_file\fR +are applied first and are subject to the same restrictions as the +invoking user's environment, as detailed above. +The variables in +\fIenv_file\fR +are applied last and are not subject to these restrictions. +In both cases, variables present in the files will only be set to +their specified values if they would not conflict with an existing +environment variable. +.SH "SUDOERS FILE FORMAT" +The +\fIsudoers\fR +file is composed of two types of entries: aliases +(basically variables) and user specifications (which specify who +may run what). +.PP +When multiple entries match for a user, they are applied in order. +Where there are multiple matches, the last match is used (which is +not necessarily the most specific match). +.PP +The +\fIsudoers\fR +file grammar will be described below in Extended Backus-Naur +Form (EBNF). +Don't despair if you are unfamiliar with EBNF; it is fairly simple, +and the definitions below are annotated. +.SS "Resource limits" +By default, +\fBsudoers\fR +uses the operating system's native method of setting resource limits +for the target user. +On Linux systems, resource limits are usually set by the +\fRpam_limits.so\fR +PAM module. +On some BSD systems, the +\fI/etc/login.conf\fR +file specifies resource limits for the user. +On AIX systems, resource limits are configured in the +\fI/etc/security/limits\fR +file. +If there is no system mechanism to set per-user resource limits, +the command will run with the same limits as the invoking user. +The one exception to this is the core dump file size, which is set by +\fBsudoers\fR +to 0 by default. +Disabling core dumps by default makes it possible to avoid potential +security problems where the core file is treated as trusted input. +.PP +Resource limits may also be set in the +\fIsudoers\fR +file itself, in which case they override those set by the system. +See the +\fIrlimit_as,\fR +\fIrlimit_core,\fR +\fIrlimit_cpu,\fR +\fIrlimit_data,\fR +\fIrlimit_fsize,\fR +\fIrlimit_locks,\fR +\fIrlimit_memlock,\fR +\fIrlimit_nofile,\fR +\fIrlimit_nproc,\fR +\fIrlimit_rss,\fR +\fIrlimit_stack\fR +options described below. +Resource limits in +\fBsudoers\fR +may be specified in one of the following formats: +.TP 8n +\(lqvalue\(rq +Both the soft and hard resource limits are set to the same value. +The special value +\(lqinfinity\(rq +can be used to indicate that the value is unlimited. +.TP 8n +\(lqsoft,hard\(rq +Two comma-separated values. +The soft limit is set to the first value and the hard limit is set +to the second. +Both values must either be enclosed in a set of double quotes, +or the comma must be escaped with a backslash +(\(oq\e\(cq). +The special value +\(lqinfinity\(rq +may be used in place of either value. +.TP 8n +\(lqdefault\(rq +The default resource limit for the user will be used. +This may be a user-specific value (see above) or the value of the +resource limit when +\fBsudo\fR +was invoked for systems that don't support per-user limits. +.TP 8n +\(lquser\(rq +The invoking user's resource limits will be preserved when running +the command. +.PP +For example, to restore the historic core dump file size behavior, +a line like the following may be used. +.sp +.RS 6n +Defaults rlimit_core=default +.RE +.PP +Resource limits in +\fBsudoers\fR +are only supported by version 1.8.7 or higher. +.SS "Quick guide to EBNF" +EBNF is a concise and exact way of describing the grammar of a language. +Each EBNF definition is made up of +\fIproduction rules\fR. +E.g., +.PP +\fRsymbol ::= definition\fR | \fRalternate1\fR | \fRalternate2 ...\fR +.PP +Each +\fIproduction rule\fR +references others and thus makes up a +grammar for the language. +EBNF also contains the following +operators, which many readers will recognize from regular +expressions. +Do not, however, confuse them with +\(lqwildcard\(rq +characters, which have different meanings. +.TP 6n +\fR\&?\fR +Means that the preceding symbol (or group of symbols) is optional. +That is, it may appear once or not at all. +.TP 6n +\fR*\fR +Means that the preceding symbol (or group of symbols) may appear +zero or more times. +.TP 6n +\fR+\fR +Means that the preceding symbol (or group of symbols) may appear +one or more times. +.PP +Parentheses may be used to group symbols together. +For clarity, +we will use single quotes +('') +to designate what is a verbatim character string (as opposed to a symbol name). +.SS "Aliases" +There are four kinds of aliases: +\fRUser_Alias\fR, +\fRRunas_Alias\fR, +\fRHost_Alias\fR +and +\fRCmnd_Alias\fR. +Beginning with +\fBsudo\fR +1.9.0, +\fRCmd_Alias\fR +may be used in place of +\fRCmnd_Alias\fR +if desired. +.nf +.sp +.RS 0n +Alias ::= 'User_Alias' User_Alias_Spec (':' User_Alias_Spec)* | + 'Runas_Alias' Runas_Alias_Spec (':' Runas_Alias_Spec)* | + 'Host_Alias' Host_Alias_Spec (':' Host_Alias_Spec)* | + 'Cmnd_Alias' Cmnd_Alias_Spec (':' Cmnd_Alias_Spec)* | + 'Cmd_Alias' Cmnd_Alias_Spec (':' Cmnd_Alias_Spec)* + +User_Alias ::= NAME + +User_Alias_Spec ::= User_Alias '=' User_List + +Runas_Alias ::= NAME + +Runas_Alias_Spec ::= Runas_Alias '=' Runas_List + +Host_Alias ::= NAME + +Host_Alias_Spec ::= Host_Alias '=' Host_List + +Cmnd_Alias ::= NAME + +Cmnd_Alias_Spec ::= Cmnd_Alias '=' Cmnd_List + +NAME ::= [A-Z]([A-Z][0-9]_)* +.RE +.fi +.PP +Each +\fIalias\fR +definition is of the form +.nf +.sp +.RS 0n +Alias_Type NAME = item1, item2, ... +.RE +.fi +.PP +where +\fIAlias_Type\fR +is one of +\fRUser_Alias\fR, +\fRRunas_Alias\fR, +\fRHost_Alias\fR, +or +\fRCmnd_Alias\fR. +A +\fRNAME\fR +is a string of uppercase letters, numbers, +and underscore characters +(\(oq_\(cq). +A +\fRNAME\fR +\fBmust\fR +start with an +uppercase letter. +It is possible to put several alias definitions +of the same type on a single line, joined by a colon +(\(oq:\&\(cq). +E.g., +.nf +.sp +.RS 0n +Alias_Type NAME = item1, item2, item3 : NAME = item4, item5 +.RE +.fi +.PP +It is a syntax error to redefine an existing +\fIalias\fR. +It is possible to use the same name for +\fIaliases\fR +of different types, but this is not recommended. +.PP +The definitions of what constitutes a valid +\fIalias\fR +member follow. +.nf +.sp +.RS 0n +User_List ::= User | + User ',' User_List + +User ::= '!'* user name | + '!'* #user-ID | + '!'* %group | + '!'* %#group-ID | + '!'* +netgroup | + '!'* %:nonunix_group | + '!'* %:#nonunix_gid | + '!'* User_Alias +.RE +.fi +.PP +A +\fRUser_List\fR +is made up of one or more user names, user-IDs +(prefixed with +\(oq#\(cq), +system group names and IDs (prefixed with +\(oq%\(cq +and +\(oq%#\(cq +respectively), netgroups (prefixed with +\(oq+\(cq), +non-Unix group names and IDs (prefixed with +\(oq%:\(cq +and +\(oq%:#\(cq +respectively), and +\fRUser_Alias\fRes. +Each list item may be prefixed with zero or more +\(oq\&!\(cq +operators. +An odd number of +\(oq\&!\(cq +operators negate the value of +the item; an even number just cancel each other out. +User netgroups are matched using the user and domain members only; +the host member is not used when matching. +.PP +A +\fRuser name\fR, +\fRuser-ID\fR, +\fRgroup\fR, +\fRgroup-ID\fR, +\fRnetgroup\fR, +\fRnonunix_group\fR +or +\fRnonunix_gid\fR +may be enclosed in double quotes to avoid the +need for escaping special characters. +Alternately, special characters +may be specified in escaped hex mode, e.g., \ex20 for space. +When +using double quotes, any prefix characters must be included inside +the quotes. +.PP +The actual +\fRnonunix_group\fR +and +\fRnonunix_gid\fR +syntax depends on +the underlying group provider plugin. +For instance, the QAS AD plugin supports the following formats: +.TP 3n +\fB\(bu\fR +Group in the same domain: "%:Group Name" +.TP 3n +\fB\(bu\fR +Group in any domain: "%:Group Name@FULLY.QUALIFIED.DOMAIN" +.TP 3n +\fB\(bu\fR +Group SID: "%:S-1-2-34-5678901234-5678901234-5678901234-567" +.PP +See +\fIGROUP PROVIDER PLUGINS\fR +for more information. +.PP +Note that quotes around group names are optional. +Unquoted strings must use a backslash +(\(oq\e\(cq) +to escape spaces and special characters. +See +\fIOther special characters and reserved words\fR +for a list of +characters that need to be escaped. +.nf +.sp +.RS 0n +Runas_List ::= Runas_Member | + Runas_Member ',' Runas_List + +Runas_Member ::= '!'* user name | + '!'* #user-ID | + '!'* %group | + '!'* %#group-ID | + '!'* %:nonunix_group | + '!'* %:#nonunix_gid | + '!'* +netgroup | + '!'* Runas_Alias +.RE +.fi +.PP +A +\fRRunas_List\fR +is similar to a +\fRUser_List\fR +except that instead +of +\fRUser_Alias\fRes +it can contain +\fRRunas_Alias\fRes. +Note that +user names and groups are matched as strings. +In other words, two users (groups) with the same user (group) ID +are considered to be distinct. +If you wish to match all user names with the same user-ID (e.g., root and +toor), you can use a user-ID instead of a name (#0 in the example given). +Note that the user-ID or group-ID specified in a +\fRRunas_Member\fR +need not be listed in the password or group database. +.nf +.sp +.RS 0n +Host_List ::= Host | + Host ',' Host_List + +Host ::= '!'* host name | + '!'* ip_addr | + '!'* network(/netmask)? | + '!'* +netgroup | + '!'* Host_Alias +.RE +.fi +.PP +A +\fRHost_List\fR +is made up of one or more host names, IP addresses, +network numbers, netgroups (prefixed with +\(oq+\(cq), +and other aliases. +Again, the value of an item may be negated with the +\(oq\&!\(cq +operator. +Host netgroups are matched using the host (both qualified and unqualified) +and domain members only; the user member is not used when matching. +If you specify a network number without a netmask, +\fBsudo\fR +will query each of the local host's network interfaces and, +if the network number corresponds to one of the hosts's network +interfaces, will use the netmask of that interface. +The netmask may be specified either in standard IP address notation +(e.g., 255.255.255.0 or ffff:ffff:ffff:ffff::), +or CIDR notation (number of bits, e.g., 24 or 64). +A host name may include shell-style wildcards (see the +\fIWildcards\fR +section below), +but unless the +\fRhost name\fR +command on your machine returns the fully +qualified host name, you'll need to use the +\fIfqdn\fR +flag for wildcards to be useful. +Note that +\fBsudo\fR +only inspects actual network interfaces; this means that IP address +127.0.0.1 (localhost) will never match. +Also, the host name +\(lqlocalhost\(rq +will only match if that is the actual host name, which is usually +only the case for non-networked systems. +.nf +.sp +.RS 0n +digest ::= [A-Fa-f0-9]+ | + [A-Za-z0-9\e+/=]+ + +Digest_Spec ::= "sha224" ':' digest | + "sha256" ':' digest | + "sha384" ':' digest | + "sha512" ':' digest + +Digest_List ::= Digest_Spec | + Digest_Spec ',' Digest_List + +Cmnd_List ::= Cmnd | + Cmnd ',' Cmnd_List + +command name ::= file name | + file name args | + file name '""' + +Edit_Spec ::= "sudoedit" file name+ + +Cmnd ::= Digest_List? '!'* command name | + '!'* directory | + '!'* Edit_Spec | + '!'* Cmnd_Alias +.RE +.fi +.PP +A +\fRCmnd_List\fR +is a list of one or more command names, directories, and other aliases. +A command name is a fully qualified file name which may include +shell-style wildcards (see the +\fIWildcards\fR +section below). +A simple file name allows the user to run the command with any +arguments they wish. +However, you may also specify command line arguments (including +wildcards). +Alternately, you can specify +\fR\&""\fR +to indicate that the command +may only be run +\fBwithout\fR +command line arguments. +A directory is a +fully qualified path name ending in a +\(oq/\(cq. +When you specify a directory in a +\fRCmnd_List\fR, +the user will be able to run any file within that directory +(but not in any sub-directories therein). +.PP +If a +\fRCmnd\fR +has associated command line arguments, then the arguments +in the +\fRCmnd\fR +must match exactly those given by the user on the command line +(or match the wildcards if there are any). +Note that the following characters must be escaped with a +\(oq\e\(cq +if they are used in command arguments: +\(oq,\&\(cq, +\(oq:\&\(cq, +\(oq=\&\(cq, +\(oq\e\(cq. +The built-in command +\(lq\fRsudoedit\fR\(rq +is used to permit a user to run +\fBsudo\fR +with the +\fB\-e\fR +option (or as +\fBsudoedit\fR). +It may take command line arguments just as a normal command does. +Note that +\(lq\fRsudoedit\fR\(rq +is a command built into +\fBsudo\fR +itself and must be specified in the +\fIsudoers\fR +file +\fBwithout\fR +a leading path. +If a leading path is present, for example +\fI/usr/bin/sudoedit\fR, +the path name will be silently converted to +\(lq\fRsudoedit\fR\(rq. +A fully-qualified path for +\fBsudoedit\fR +is treated as an error by +\fBvisudo\fR. +.PP +A +\fRcommand name\fR +may be preceded by a +\fRDigest_List\fR, +a comma-separated list of one or more +\fRDigest_Spec\fR +entries. +If a +\fRDigest_List\fR +is present, the command will only match successfully if it can be verified +using one of the SHA-2 digests in the list. +Starting with version 1.9.0, the +\fBALL\fR +reserved word can be used in conjunction with a +\fRDigest_List\fR. +The following digest formats are supported: sha224, sha256, sha384, and sha512. +The string may be specified in either hex or base64 format +(base64 is more compact). +There are several utilities capable of generating SHA-2 digests in hex +format such as openssl, shasum, sha224sum, sha256sum, sha384sum, sha512sum. +.PP +For example, using openssl: +.nf +.sp +.RS 0n +$ openssl dgst -sha224 /bin/ls +SHA224(/bin/ls)= 118187da8364d490b4a7debbf483004e8f3e053ec954309de2c41a25 +.RE +.fi +.PP +It is also possible to use openssl to generate base64 output: +.nf +.sp +.RS 0n +$ openssl dgst -binary -sha224 /bin/ls | openssl base64 +EYGH2oNk1JC0p9679IMATo8+BT7JVDCd4sQaJQ== +.RE +.fi +.PP +Warning, if the user has write access to the command itself (directly or via a +\fBsudo\fR +command), it may be possible for the user to replace the command after the +digest check has been performed but before the command is executed. +A similar race condition exists on systems that lack the +\fBfexecve\fR() +system call when the directory in which the command is located +is writable by the user. +See the description of the +\fIfdexec\fR +setting for more information on how +\fBsudo\fR +executes commands that have an associated digest. +.PP +Command digests are only supported by version 1.8.7 or higher. +.SS "Defaults" +Certain configuration options may be changed from their default +values at run-time via one or more +\fRDefault_Entry\fR +lines. +These may affect all users on any host, all users on a specific host, a +specific user, a specific command, or commands being run as a specific user. +Note that per-command entries may not include command line arguments. +If you need to specify arguments, define a +\fRCmnd_Alias\fR +and reference +that instead. +.nf +.sp +.RS 0n +Default_Type ::= 'Defaults' | + 'Defaults' '@' Host_List | + 'Defaults' ':' User_List | + 'Defaults' '!' Cmnd_List | + 'Defaults' '>' Runas_List + +Default_Entry ::= Default_Type Parameter_List + +Parameter_List ::= Parameter | + Parameter ',' Parameter_List + +Parameter ::= Parameter '=' Value | + Parameter '+=' Value | + Parameter '-=' Value | + '!'* Parameter +.RE +.fi +.PP +Parameters may be +\fBflags\fR, +\fBinteger\fR +values, +\fBstrings\fR, +or +\fBlists\fR. +Flags are implicitly boolean and can be turned off via the +\(oq\&!\(cq +operator. +Some integer, string and list parameters may also be +used in a boolean context to disable them. +Values may be enclosed +in double quotes +(\&"") +when they contain multiple words. +Special characters may be escaped with a backslash +(\(oq\e\(cq). +.PP +To include a literal backslash character in a command line argument +you must escape the backslash twice. +For example, to match +\(oq\en\(cq +as part of a command line argument, you must use +\(oq\e\e\e\en\(cq +in the +\fIsudoers\fR +file. +This is due to there being two levels of escaping, one in the +\fIsudoers\fR +parser itself and another when command line arguments are matched by the +fnmatch(3) +function. +.PP +Lists have two additional assignment operators, +\fR+=\fR +and +\fR-=\fR. +These operators are used to add to and delete from a list respectively. +It is not an error to use the +\fR-=\fR +operator to remove an element +that does not exist in a list. +.PP +Defaults entries are parsed in the following order: generic, host, +user, and runas Defaults first, then command defaults. +If there are multiple Defaults settings of the same type, the last +matching setting is used. +The following Defaults settings are parsed before all others since +they may affect subsequent entries: +\fIfqdn\fR, +\fIgroup_plugin\fR, +\fIrunas_default\fR, +\fIsudoers_locale\fR. +.PP +See +\fISUDOERS OPTIONS\fR +for a list of supported Defaults parameters. +.SS "User specification" +.nf +.RS 0n +User_Spec ::= User_List Host_List '=' Cmnd_Spec_List \e + (':' Host_List '=' Cmnd_Spec_List)* + +Cmnd_Spec_List ::= Cmnd_Spec | + Cmnd_Spec ',' Cmnd_Spec_List + +Cmnd_Spec ::= Runas_Spec? Option_Spec* Tag_Spec* Cmnd + +Runas_Spec ::= '(' Runas_List? (':' Runas_List)? ')' + +.ie \n(SL \{\ +.ie \n(PS Option_Spec ::= (SELinux_Spec | Solaris_Priv_Spec | Date_Spec | Timeout_Spec) +.el Option_Spec ::= (SELinux_Spec | Date_Spec | Timeout_Spec) +.\} +.el \{\ +.ie \n(PS Option_Spec ::= (Solaris_Priv_Spec | Date_Spec | Timeout_Spec) +.el Option_Spec ::= (Date_Spec | Timeout_Spec) +.\} + +.if \n(SL \{\ +SELinux_Spec ::= ('ROLE=role' | 'TYPE=type') + +.\} +.if \n(PS \{\ +Solaris_Priv_Spec ::= ('PRIVS=privset' | 'LIMITPRIVS=privset') + +.\} +Date_Spec ::= ('NOTBEFORE=timestamp' | 'NOTAFTER=timestamp') + +Timeout_Spec ::= 'TIMEOUT=timeout' + +Chdir_Spec ::= 'CWD=directory' + +Chroot_Spec ::= 'CHROOT=directory' + +Tag_Spec ::= ('EXEC:' | 'NOEXEC:' | 'FOLLOW:' | 'NOFOLLOW' | + 'LOG_INPUT:' | 'NOLOG_INPUT:' | 'LOG_OUTPUT:' | + 'NOLOG_OUTPUT:' | 'MAIL:' | 'NOMAIL:' | 'INTERCEPT:' | + 'NOINTERCEPT:' | 'PASSWD:' | 'NOPASSWD:' | 'SETENV:' | + 'NOSETENV:') +.RE +.fi +.PP +A +\fBuser specification\fR +determines which commands a user may run +(and as what user) on specified hosts. +By default, commands are +run as +\fBroot\fR, +but this can be changed on a per-command basis. +.PP +The basic structure of a user specification is +\(lqwho where = (as_whom) what\(rq. +Let's break that down into its constituent parts: +.SS "Runas_Spec" +A +\fRRunas_Spec\fR +determines the user and/or the group that a command +may be run as. +A fully-specified +\fRRunas_Spec\fR +consists of two +\fRRunas_List\fRs +(as defined above) separated by a colon +(\(oq:\&\(cq) +and enclosed in a set of parentheses. +The first +\fRRunas_List\fR +indicates which users the command may be run as via the +\fB\-u\fR +option. +The second defines a list of groups that may be specified via the +\fB\-g\fR +option (in addition to any of the target user's groups). +If both +\fRRunas_List\fRs +are specified, the command may be run with any combination of users +and groups listed in their respective +\fRRunas_List\fRs. +If only the first is specified, the command may be run as any user +in the list and, optionally, with any group the target user belongs to. +If the first +\fRRunas_List\fR +is empty but the +second is specified, the command may be run as the invoking user +with the group set to any listed in the +\fRRunas_List\fR. +If both +\fRRunas_List\fRs +are empty, the command may only be run as the invoking user and the +group, if specified, must be one that the invoking user is a member of. +If no +\fRRunas_Spec\fR +is specified, the command may only be run as +\fBroot\fR +and the group, if specified, must be one that +\fBroot\fR +is a member of. +.PP +A +\fRRunas_Spec\fR +sets the default for the commands that follow it. +What this means is that for the entry: +.nf +.sp +.RS 0n +dgb boulder = (operator) /bin/ls, /bin/kill, /usr/bin/lprm +.RE +.fi +.PP +The user +\fBdgb\fR +may run +\fI/bin/ls\fR, +\fI/bin/kill\fR, +and +\fI/usr/bin/lprm\fR +on the host +boulder\(embut +only as +\fBoperator\fR. +E.g., +.nf +.sp +.RS 0n +$ sudo -u operator /bin/ls +.RE +.fi +.PP +It is also possible to override a +\fRRunas_Spec\fR +later on in an entry. +If we modify the entry like so: +.nf +.sp +.RS 0n +dgb boulder = (operator) /bin/ls, (root) /bin/kill, /usr/bin/lprm +.RE +.fi +.PP +Then user +\fBdgb\fR +is now allowed to run +\fI/bin/ls\fR +as +\fBoperator\fR, +but +\fI/bin/kill\fR +and +\fI/usr/bin/lprm\fR +as +\fBroot\fR. +.PP +We can extend this to allow +\fBdgb\fR +to run +\fR/bin/ls\fR +with either +the user or group set to +\fBoperator\fR: +.nf +.sp +.RS 0n +dgb boulder = (operator : operator) /bin/ls, (root) /bin/kill,\e + /usr/bin/lprm +.RE +.fi +.PP +Note that while the group portion of the +\fRRunas_Spec\fR +permits the +user to run as command with that group, it does not force the user +to do so. +If no group is specified on the command line, the command +will run with the group listed in the target user's password database +entry. +The following would all be permitted by the sudoers entry above: +.nf +.sp +.RS 0n +$ sudo -u operator /bin/ls +$ sudo -u operator -g operator /bin/ls +$ sudo -g operator /bin/ls +.RE +.fi +.PP +In the following example, user +\fBtcm\fR +may run commands that access +a modem device file with the dialer group. +.nf +.sp +.RS 0n +tcm boulder = (:dialer) /usr/bin/tip, /usr/bin/cu,\e + /usr/local/bin/minicom +.RE +.fi +.PP +Note that in this example only the group will be set, the command +still runs as user +\fBtcm\fR. +E.g.\& +.nf +.sp +.RS 0n +$ sudo -g dialer /usr/bin/cu +.RE +.fi +.PP +Multiple users and groups may be present in a +\fRRunas_Spec\fR, +in which case the user may select any combination of users and groups via the +\fB\-u\fR +and +\fB\-g\fR +options. +In this example: +.nf +.sp +.RS 0n +alan ALL = (root, bin : operator, system) ALL +.RE +.fi +.PP +user +\fBalan\fR +may run any command as either user root or bin, +optionally setting the group to operator or system. +.SS "Option_Spec" +A +\fRCmnd\fR +may have zero or more options associated with it. +Options may consist of +.if \n(SL \{\ +SELinux roles and/or types, +.\} +.if \n(PS \{\ +Solaris privileges sets, +.\} +start and/or end dates and command timeouts. +Once an option is set for a +\fRCmnd\fR, +subsequent +\fRCmnd\fRs +in the +\fRCmnd_Spec_List\fR, +inherit that option unless it is overridden by another option. +Note that the option names are reserved words in +\fIsudoers\fR. +This means that none of the valid option names (see below) can be used +when declaring an alias. +.if \n(SL \{\ +.SS "SELinux_Spec" +On systems with SELinux support, +\fIsudoers\fR +file entries may optionally have an SELinux role and/or type associated +with a command. +This can be used to implement a form of role-based access control (RBAC). +If a role or +type is specified with the command it will override any default values +specified in +\fIsudoers\fR. +A role or type specified on the command line, +however, will supersede the values in +\fIsudoers\fR. +.\} +.if \n(PS \{\ +.SS "Solaris_Priv_Spec" +On Solaris systems, +\fIsudoers\fR +file entries may optionally specify Solaris privilege set and/or limit +privilege set associated with a command. +If privileges or limit privileges are specified with the command +it will override any default values specified in +\fIsudoers\fR. +.PP +A privilege set is a comma-separated list of privilege names. +The +ppriv(1) +command can be used to list all privileges known to the system. +For example: +.nf +.sp +.RS 0n +$ ppriv -l +.RE +.fi +.PP +In addition, there are several +\(lqspecial\(rq +privilege strings: +.TP 10n +none +the empty set +.TP 10n +all +the set of all privileges +.TP 10n +zone +the set of all privileges available in the current zone +.TP 10n +basic +the default set of privileges normal users are granted at login time +.PP +Privileges can be excluded from a set by prefixing the privilege +name with either an +\(oq\&!\(cq +or +\(oq\-\(cq +character. +.\} +.SS "Date_Spec" +\fBsudoers\fR +rules can be specified with a start and end date via the +\fRNOTBEFORE\fR +and +\fRNOTAFTER\fR +settings. +The time stamp must be specified in +\fIGeneralized Time\fR +as defined by RFC 4517. +The format is effectively +\fRyyyymmddHHMMSSZ\fR +where the minutes and seconds are optional. +The +\(oqZ\(cq +suffix indicates that the time stamp is in Coordinated Universal Time (UTC). +It is also possible to specify a timezone offset from UTC in hours +and minutes instead of a +\(oqZ\(cq. +For example, +\(oq-0500\(cq +would correspond to Eastern Standard time in the US. +As an extension, if no +\(oqZ\(cq +or timezone offset is specified, local time will be used. +.PP +The following are all valid time stamps: +.nf +.sp +.RS 4n +20170214083000Z +2017021408Z +20160315220000-0500 +20151201235900 +.RE +.fi +.SS "Timeout_Spec" +A command may have a timeout associated with it. +If the timeout expires before the command has exited, the +command will be terminated. +The timeout may be specified in combinations of days, hours, +minutes, and seconds with a single-letter case-insensitive suffix +that indicates the unit of time. +For example, a timeout of 7 days, 8 hours, 30 minutes, and +10 seconds would be written as +\fR7d8h30m10s\fR. +If a number is specified without a unit, seconds are assumed. +Any of the days, minutes, hours, or seconds may be omitted. +The order must be from largest to smallest unit and a unit +may not be specified more than once. +.PP +The following are all +\fIvalid\fR +timeout values: +\fR7d8h30m10s\fR, +\fR14d\fR, +\fR8h30m\fR, +\fR600s\fR, +\fR3600\fR. +The following are +\fIinvalid\fR +timeout values: +\fR12m2w1d\fR, +\fR30s10m4h\fR, +\fR1d2d3h\fR. +.PP +This setting is only supported by version 1.8.20 or higher. +.SS "Chdir_Spec" +The working directory that the command will be run in can be specified +using the +\fRCWD\fR +setting. +The +\fIdirectory\fR +must be a fully-qualified path name beginning with a +\(oq/\(cq +or +\(oq~\(cq +character, or the special value +\(lq*\(rq. +A value of +\(lq*\(rq +indicates that the user may specify the working directory by running +\fBsudo\fR +with the +\fB\-D\fR +option. +By default, commands are run from the invoking user's current working +directory, unless the +\fB\-i\fR +option is given. +Path names of the form +\fR~user/path/name\fR +are interpreted as being relative to the named user's home directory. +If the user name is omitted, the path will be relative to the runas +user's home directory. +.PP +This setting is only supported by version 1.9.3 or higher. +.SS "Chroot_Spec" +The root directory that the command will be run in can be specified +using the +\fRCHROOT\fR +setting. +The +\fIdirectory\fR +must be a fully-qualified path name beginning with a +\(oq/\(cq +or +\(oq~\(cq +character, or the special value +\(lq*\(rq. +A value of +\(lq*\(rq +indicates that the user may specify the root directory by running +\fBsudo\fR +with the +\fB\-R\fR +option. +This setting can be used to run the command in a +chroot(2) +\(lqsandbox\(rq +similar to the +chroot(@mansectsu@) +utility. +Path names of the form +\fR~user/path/name\fR +are interpreted as being relative to the named user's home directory. +If the user name is omitted, the path will be relative to the runas +user's home directory. +.PP +This setting is only supported by version 1.9.3 or higher. +.SS "Tag_Spec" +A command may have zero or more tags associated with it. +The following tag values are supported: +\fREXEC\fR, +\fRNOEXEC\fR, +\fRFOLLOW\fR, +\fRNOFOLLOW\fR, +\fRLOG_INPUT\fR, +\fRNOLOG_INPUT\fR, +\fRLOG_OUTPUT\fR, +\fRNOLOG_OUTPUT\fR, +\fRMAIL\fR, +\fRNOMAIL\fR, +\fRINTERCEPT\fR, +\fRNOINTERCEPT\fR, +\fRPASSWD\fR, +\fRNOPASSWD\fR, +\fRSETENV\fR, +and +\fRNOSETENV\fR. +Once a tag is set on a +\fRCmnd\fR, +subsequent +\fRCmnd\fRs +in the +\fRCmnd_Spec_List\fR, +inherit the tag unless it is overridden by the opposite tag (in other words, +\fRPASSWD\fR +overrides +\fRNOPASSWD\fR +and +\fRNOEXEC\fR +overrides +\fREXEC\fR). +.TP 2n +\fIEXEC\fR and \fINOEXEC\fR +.sp +If +\fBsudo\fR +has been compiled with +\fInoexec\fR +support and the underlying operating system supports it, the +\fRNOEXEC\fR +tag can be used to prevent a dynamically-linked executable from +running further commands itself. +.sp +In the following example, user +\fBaaron\fR +may run +\fI/usr/bin/more\fR +and +\fI/usr/bin/vi\fR +but shell escapes will be disabled. +.nf +.sp +.RS 2n +aaron shanty = NOEXEC: /usr/bin/more, /usr/bin/vi +.RE +.fi +.RS 2n +.sp +See the +\fIPreventing shell escapes\fR +section below for more details on how +\fRNOEXEC\fR +works and whether or not it will work on your system. +.RE +.TP 2n +\fIFOLLOW\fR and \fINOFOLLOW\fR +Starting with version 1.8.15, +\fBsudoedit\fR +will not open a file that is a symbolic link unless the +\fIsudoedit_follow\fR +flag is enabled. +The +\fIFOLLOW\fR +and +\fINOFOLLOW\fR +tags override the value of +\fIsudoedit_follow\fR +and can be used to permit (or deny) the editing of symbolic links +on a per-command basis. +These tags are only effective for the +\fIsudoedit\fR +command and are ignored for all other commands. +.TP 2n +\fILOG_INPUT\fR and \fINOLOG_INPUT\fR +.sp +These tags override the value of the +\fIlog_input\fR +flag on a per-command basis. +For more information, see the description of +\fIlog_input\fR +in the +\fISUDOERS OPTIONS\fR +section below. +.TP 2n +\fILOG_OUTPUT\fR and \fINOLOG_OUTPUT\fR +.sp +These tags override the value of the +\fIlog_output\fR +flag on a per-command basis. +For more information, see the description of +\fIlog_output\fR +in the +\fISUDOERS OPTIONS\fR +section below. +.TP 2n +\fIMAIL\fR and \fINOMAIL\fR +.sp +These tags provide fine-grained control over whether +mail will be sent when a user runs a command by +overriding the value of the +\fImail_all_cmnds\fR +flag on a per-command basis. +They have no effect when +\fBsudo\fR +is run with the +\fB\-l\fR +or +\fB\-v\fR +options. +A +\fINOMAIL\fR +tag will also override the +\fImail_always\fR +and +\fImail_no_perms\fR +options. +For more information, see the descriptions of +\fImail_all_cmnds\fR, +\fImail_always\fR, +and +\fImail_no_perms\fR +in the +\fISUDOERS OPTIONS\fR +section below. +.TP 2n +\fIPASSWD\fR and \fINOPASSWD\fR +.sp +By default, +\fBsudo\fR +requires that a user authenticate +before running a command. +This behavior can be modified via the +\fRNOPASSWD\fR +tag. +Like a +\fRRunas_Spec\fR, +the +\fRNOPASSWD\fR +tag sets +a default for the commands that follow it in the +\fRCmnd_Spec_List\fR. +Conversely, the +\fRPASSWD\fR +tag can be used to reverse things. +For example: +.nf +.sp +.RS 2n +ray rushmore = NOPASSWD: /bin/kill, /bin/ls, /usr/bin/lprm +.RE +.fi +.RS 2n +.sp +would allow the user +\fBray\fR +to run +\fI/bin/kill\fR, +\fI/bin/ls\fR, +and +\fI/usr/bin/lprm\fR +as +\fBroot\fR +on the machine +\(lqrushmore\(rq +without authenticating himself. +If we only want +\fBray\fR +to be able to +run +\fI/bin/kill\fR +without a password the entry would be: +.nf +.sp +.RS 2n +ray rushmore = NOPASSWD: /bin/kill, PASSWD: /bin/ls, /usr/bin/lprm +.RE +.fi +.sp +Note, however, that the +\fRPASSWD\fR +tag has no effect on users who are in the group specified by the +\fIexempt_group\fR +setting. +.sp +By default, if the +\fRNOPASSWD\fR +tag is applied to any of a user's entries for the current host, +the user will be able to run +\(lq\fRsudo -l\fR\(rq +without a password. +Additionally, a user may only run +\(lq\fRsudo -v\fR\(rq +without a password if all of the user's entries for the current +host have the +\fRNOPASSWD\fR +tag. +This behavior may be overridden via the +\fIverifypw\fR +and +\fIlistpw\fR +options. +.RE +.TP 2n +\fISETENV\fR and \fINOSETENV\fR +.sp +These tags override the value of the +\fIsetenv\fR +flag on a per-command basis. +Note that if +\fRSETENV\fR +has been set for a command, the user may disable the +\fIenv_reset\fR +flag from the command line via the +\fB\-E\fR +option. +Additionally, environment variables set on the command +line are not subject to the restrictions imposed by +\fIenv_check\fR, +\fIenv_delete\fR, +or +\fIenv_keep\fR. +As such, only trusted users should be allowed to set variables in this manner. +If the command matched is +\fBALL\fR, +the +\fRSETENV\fR +tag is implied for that command; this default may be overridden by use of the +\fRNOSETENV\fR +tag. +.TP 2n +\fIINTERCEPT\fR and \fINOINTERCEPT\fR +.sp +If +\fBsudo\fR +has been compiled with +\fIintercept\fR +support and the underlying operating system supports it, the +\fRINTERCEPT\fR +tag can be used to cause programs spawned by a command to be validated against +\fIsudoers\fR +and logged just like they would be if run through +\fBsudo\fR +directly. +This is useful in conjunction with commands that allow shell escapes +such as editors, shells, and paginators. +.sp +In the following example, user +\fBchuck\fR +may run any command on the machine +\(lqresearch\(rq +in intercept mode. +.nf +.sp +.RS 2n +chuck research = INTERCEPT: ALL +.RE +.fi +.RS 2n +.sp +See the +\fIPreventing shell escapes\fR +section below for more details on how +\fRINTERCEPT\fR +works and whether or not it will work on your system. +.RE +.SS "Wildcards" +\fBsudo\fR +allows shell-style +\fIwildcards\fR +(aka meta or glob characters) +to be used in host names, path names, and command line arguments in the +\fIsudoers\fR +file. +Wildcard matching is done via the +glob(3) +and +fnmatch(3) +functions as specified by +IEEE Std 1003.1 (\(lqPOSIX.1\(rq). +.TP 10n +\fR*\fR +Matches any set of zero or more characters (including white space). +.TP 10n +\fR\&?\fR +Matches any single character (including white space). +.TP 10n +\fR[...]\fR +Matches any character in the specified range. +.TP 10n +\fR[!...]\fR +Matches any character +\fInot\fR +in the specified range. +.TP 10n +\fR\ex\fR +For any character +\(oqx\(cq, +evaluates to +\(oqx\(cq. +This is used to escape special characters such as: +\(oq*\(cq, +\(oq\&?\(cq, +\(oq[\&\(cq, +and +\(oq]\&\(cq. +.PP +\fBNote that these are not regular expressions.\fR +Unlike a regular expression there is no way to match one or more +characters within a range. +.PP +Character classes may be used if your system's +glob(3) +and +fnmatch(3) +functions support them. +However, because the +\(oq:\&\(cq +character has special meaning in +\fIsudoers\fR, +it must be +escaped. +For example: +.nf +.sp +.RS 4n +/bin/ls [[\e:\&alpha\e:\&]]* +.RE +.fi +.PP +Would match any file name beginning with a letter. +.PP +Note that a forward slash +(\(oq/\(cq) +will +\fInot\fR +be matched by +wildcards used in the file name portion of the command. +This is to make a path like: +.nf +.sp +.RS 4n +/usr/bin/* +.RE +.fi +.PP +match +\fI/usr/bin/who\fR +but not +\fI/usr/bin/X11/xterm\fR. +.PP +When matching the command line arguments, however, a slash +\fIdoes\fR +get matched by wildcards since command line arguments may contain +arbitrary strings and not just path names. +.PP +\fBWildcards in command line arguments should be used with care.\fR +.br +Command line arguments are matched as a single, concatenated string. +This mean a wildcard character such as +\(oq\&?\(cq +or +\(oq*\(cq +will match across word boundaries, which may be unexpected. +For example, while a sudoers entry like: +.nf +.sp +.RS 4n +%operator ALL = /bin/cat /var/log/messages* +.RE +.fi +.PP +will allow command like: +.nf +.sp +.RS 4n +$ sudo cat /var/log/messages.1 +.RE +.fi +.PP +It will also allow: +.nf +.sp +.RS 4n +$ sudo cat /var/log/messages /etc/shadow +.RE +.fi +.PP +which is probably not what was intended. +In most cases it is better to do command line processing +outside of the +\fIsudoers\fR +file in a scripting language. +.SS "Exceptions to wildcard rules" +The following exceptions apply to the above rules: +.TP 10n +\fR\&""\fR +If the empty string +\fR\&""\fR +is the only command line argument in the +\fIsudoers\fR +file entry it means that command is not allowed to be run with +\fIany\fR +arguments. +.TP 10n +sudoedit +Command line arguments to the +\fIsudoedit\fR +built-in command should always be path names, so a forward slash +(\(oq/\(cq) +will not be matched by a wildcard. +.SS "Including other files from within sudoers" +It is possible to include other +\fIsudoers\fR +files from within the +\fIsudoers\fR +file currently being parsed using the +\fR@include\fR +and +\fR@includedir\fR +directives. +For compatibility with sudo versions prior to 1.9.1, +\fR#include\fR +and +\fR#includedir\fR +are also accepted. +.PP +An include file can be used, for example, to keep a site-wide +\fIsudoers\fR +file in addition to a local, per-machine file. +For the sake of this example the site-wide +\fIsudoers\fR +file will be +\fI/etc/sudoers\fR +and the per-machine one will be +\fI/etc/sudoers.local\fR. +To include +\fI/etc/sudoers.local\fR +from within +\fI/etc/sudoers\fR +one would use the following line in +\fI/etc/sudoers\fR: +.nf +.sp +.RS 4n +@include /etc/sudoers.local +.RE +.fi +.PP +When +\fBsudo\fR +reaches this line it will suspend processing of the current file +(\fI/etc/sudoers\fR) +and switch to +\fI/etc/sudoers.local\fR. +Upon reaching the end of +\fI/etc/sudoers.local\fR, +the rest of +\fI/etc/sudoers\fR +will be processed. +Files that are included may themselves include other files. +A hard limit of 128 nested include files is enforced to prevent include +file loops. +.PP +Starting with version 1.9.1, the path to the include file may contain +white space if it is escaped with a backslash +(\(oq\e\(cq). +Alternately, the entire path may be enclosed in double quotes +(\&""), +in which case no escaping is necessary. +To include a literal backslash in the path, +\(oq\e\e\(cq +should be used. +.PP +If the path to the include file is not fully-qualified (does not +begin with a +\(oq/\(cq), +it must be located in the same directory as the sudoers file it was +included from. +For example, if +\fI/etc/sudoers\fR +contains the line: +.nf +.sp +.RS 4n +\fR@include sudoers.local\fR +.RE +.fi +.PP +the file that will be included is +\fI/etc/sudoers.local\fR. +.PP +The file name may also include the +\fR%h\fR +escape, signifying the short form of the host name. +In other words, if the machine's host name is +\(lqxerxes\(rq, +then +.nf +.sp +.RS 4n +@include /etc/sudoers.%h +.RE +.fi +.PP +will cause +\fBsudo\fR +to include the file +\fI/etc/sudoers.xerxes\fR. +.PP +The +\fR@includedir\fR +directive can be used to create a +\fIsudoers.d\fR +directory that the system package manager can drop +\fIsudoers\fR +file rules into as part of package installation. +For example, given: +.nf +.sp +.RS 4n +@includedir /etc/sudoers.d +.RE +.fi +.PP +\fBsudo\fR +will suspend processing of the current file and read each file in +\fI/etc/sudoers.d\fR, +skipping file names that end in +\(oq~\(cq +or contain a +\(oq.\&\(cq +character to avoid causing problems with package manager or editor +temporary/backup files. +Files are parsed in sorted lexical order. +That is, +\fI/etc/sudoers.d/01_first\fR +will be parsed before +\fI/etc/sudoers.d/10_second\fR. +Be aware that because the sorting is lexical, not numeric, +\fI/etc/sudoers.d/1_whoops\fR +would be loaded +\fIafter\fR +\fI/etc/sudoers.d/10_second\fR. +Using a consistent number of leading zeroes in the file names can be used +to avoid such problems. +After parsing the files in the directory, control returns to the +file that contained the +\fR@includedir\fR +directive. +.PP +Note that unlike files included via +\fR@include\fR, +\fBvisudo\fR +will not edit the files in a +\fR@includedir\fR +directory unless one of them contains a syntax error. +It is still possible to run +\fBvisudo\fR +with the +\fB\-f\fR +flag to edit the files directly, but this will not catch the +redefinition of an +\fIalias\fR +that is also present in a different file. +.SS "Other special characters and reserved words" +The pound sign +(\(oq#\(cq) +is used to indicate a comment (unless it is part of a #include +directive or unless it occurs in the context of a user name and is +followed by one or more digits, in which case it is treated as a +user-ID). +Both the comment character and any text after it, up to the end of +the line, are ignored. +.PP +The reserved word +\fBALL\fR +is a built-in +\fIalias\fR +that always causes a match to succeed. +It can be used wherever one might otherwise use a +\fRCmnd_Alias\fR, +\fRUser_Alias\fR, +\fRRunas_Alias\fR, +or +\fRHost_Alias\fR. +Attempting to define an +\fIalias\fR +named +\fBALL\fR +will result in a syntax error. +Please note that using +\fBALL\fR +can be dangerous since in a command context, it allows the user to run +\fIany\fR +command on the system. +.PP +The following option names permitted in an +\fROption_Spec\fR +are also considered reserved words: +\fRCHROOT\fR, +.if \n(PS \{\ +\fRPRIVS\fR, +.\} +.if \n(PS \{\ +\fRLIMITPRIVS\fR, +.\} +.if \n(SL \{\ +\fRROLE\fR, +.\} +.if \n(SL \{\ +\fRTYPE\fR, +.\} +\fRTIMEOUT\fR, +\fRCWD\fR, +\fRNOTBEFORE\fR +and +\fRNOTAFTER\fR. +Attempting to define an +\fIalias\fR +with the same name as one of the options will result in a syntax error. +.PP +An exclamation point +(\(oq\&!\(cq) +can be used as a logical +\fInot\fR +operator in a list or +\fIalias\fR +as well as in front of a +\fRCmnd\fR. +This allows one to exclude certain values. +For the +\(oq\&!\(cq +operator to be effective, there must be something for it to exclude. +For example, to match all users except for root one would use: +.nf +.sp +.RS 4n +ALL,!root +.RE +.fi +.PP +If the +\fBALL\fR, +is omitted, as in: +.nf +.sp +.RS 4n +!root +.RE +.fi +.PP +it would explicitly deny root but not match any other users. +This is different from a true +\(lqnegation\(rq +operator. +.PP +Note, however, that using a +\(oq\&!\(cq +in conjunction with the built-in +\fBALL\fR +alias to allow a user to run +\(lqall but a few\(rq +commands rarely works as intended (see +\fISECURITY NOTES\fR +below). +.PP +Long lines can be continued with a backslash +(\(oq\e\(cq) +as the last character on the line. +.PP +White space between elements in a list as well as special syntactic +characters in a +\fIUser Specification\fR +(\(oq=\&\(cq, +\(oq:\&\(cq, +\(oq(\&\(cq, +\(oq)\&\(cq) +is optional. +.PP +The following characters must be escaped with a backslash +(\(oq\e\(cq) +when used as part of a word (e.g., a user name or host name): +\(oq\&!\(cq, +\(oq=\&\(cq, +\(oq:\&\(cq, +\(oq,\&\(cq, +\(oq(\&\(cq, +\(oq)\&\(cq, +\(oq\e\(cq. +.SH "SUDOERS OPTIONS" +\fBsudo\fR's +behavior can be modified by +\fRDefault_Entry\fR +lines, as explained earlier. +A list of all supported Defaults parameters, grouped by type, are listed below. +.PP +\fBBoolean Flags\fR: +.TP 18n +always_query_group_plugin +If a +\fIgroup_plugin\fR +is configured, use it to resolve groups of the form %group as long +as there is not also a system group of the same name. +Normally, only groups of the form %:group are passed to the +\fIgroup_plugin\fR. +This flag is +\fIoff\fR +by default. +.TP 18n +always_set_home +If enabled, +\fBsudo\fR +will set the +\fRHOME\fR +environment variable to the home directory of the target user +(which is the root user unless the +\fB\-u\fR +option is used). +This flag is largely obsolete and has no effect unless the +\fIenv_reset\fR +flag has been disabled or +\fRHOME\fR +is present in the +\fIenv_keep\fR +list, both of which are strongly discouraged. +This flag is +\fIoff\fR +by default. +.TP 18n +authenticate +If set, users must authenticate themselves via a password (or other +means of authentication) before they may run commands. +This default may be overridden via the +\fRPASSWD\fR +and +\fRNOPASSWD\fR +tags. +This flag is +\fIon\fR +by default. +.TP 18n +case_insensitive_group +If enabled, group names in +\fIsudoers\fR +will be matched in a case insensitive manner. +This may be necessary when users are stored in LDAP or AD. +This flag is +\fIon\fR +by default. +.TP 18n +case_insensitive_user +If enabled, user names in +\fIsudoers\fR +will be matched in a case insensitive manner. +This may be necessary when groups are stored in LDAP or AD. +This flag is +\fIon\fR +by default. +.TP 18n +closefrom_override +If set, the user may use the +\fB\-C\fR +option which overrides the default starting point at which +\fBsudo\fR +begins closing open file descriptors. +This flag is +\fIoff\fR +by default. +.TP 18n +compress_io +If set, and +\fBsudo\fR +is configured to log a command's input or output, +the I/O logs will be compressed using +\fBzlib\fR. +This flag is +\fIon\fR +by default when +\fBsudo\fR +is compiled with +\fBzlib\fR +support. +.TP 18n +exec_background +By default, +\fBsudo\fR +runs a command as the foreground process as long as +\fBsudo\fR +itself is running in the foreground. +When the +\fIexec_background\fR +flag is enabled and the command is being run in a pseudo-terminal +(due to I/O logging or the +\fIuse_pty\fR +flag), the command will be run as a background process. +Attempts to read from the controlling terminal (or to change terminal +settings) will result in the command being suspended with the +\fRSIGTTIN\fR +signal (or +\fRSIGTTOU\fR +in the case of terminal settings). +If this happens when +\fBsudo\fR +is a foreground process, the command will be granted the controlling terminal +and resumed in the foreground with no user intervention required. +The advantage of initially running the command in the background is that +\fBsudo\fR +need not read from the terminal unless the command explicitly requests it. +Otherwise, any terminal input must be passed to the command, whether it +has required it or not (the kernel buffers terminals so it is not possible +to tell whether the command really wants the input). +This is different from historic +\fIsudo\fR +behavior or when the command is not being run in a pseudo-terminal. +.sp +For this to work seamlessly, the operating system must support the +automatic restarting of system calls. +Unfortunately, not all operating systems do this by default, +and even those that do may have bugs. +For example, macOS fails to restart the +\fBtcgetattr\fR() +and +\fBtcsetattr\fR() +system calls (this is a bug in macOS). +Furthermore, because this behavior depends on the command stopping with the +\fRSIGTTIN\fR +or +\fRSIGTTOU\fR +signals, programs that catch these signals and suspend themselves +with a different signal (usually +\fRSIGTOP\fR) +will not be automatically foregrounded. +Some versions of the linux +su(1) +command behave this way. +This flag is +\fIoff\fR +by default. +.sp +This setting is only supported by version 1.8.7 or higher. +It has no effect unless I/O logging is enabled or the +\fIuse_pty\fR +flag is enabled. +.TP 18n +env_editor +If set, +\fBvisudo\fR +will use the value of the +\fRSUDO_EDITOR\fR, +\fRVISUAL\fR +or +\fREDITOR\fR +environment variables before falling back on the default editor list. +Note that +\fBvisudo\fR +is typically run as root so this flag may allow a user with +\fBvisudo\fR +privileges to run arbitrary commands as root without logging. +An alternative is to place a colon-separated list of +\(lqsafe\(rq +editors int the +\fIeditor\fR +setting. +\fBvisudo\fR +will then only use +\fRSUDO_EDITOR\fR, +\fRVISUAL\fR +or +\fREDITOR\fR +if they match a value specified in +\fIeditor\fR. +If the +\fIenv_reset\fR +flag is enabled, the +\fRSUDO_EDITOR\fR, +\fRVISUAL\fR +and/or +\fREDITOR\fR +environment variables must be present in the +\fIenv_keep\fR +list for the +\fIenv_editor\fR +flag to function when +\fBvisudo\fR +is invoked via +\fBsudo\fR. +This flag is +\fI@env_editor@\fR +by default. +.TP 18n +env_reset +If set, +\fBsudo\fR +will run the command in a minimal environment containing the +\fRTERM\fR, +\fRPATH\fR, +\fRHOME\fR, +\fRMAIL\fR, +\fRSHELL\fR, +\fRLOGNAME\fR, +\fRUSER\fR +and +\fRSUDO_*\fR +variables. +Any variables in the caller's environment or in the file specified +by the +\fIrestricted_env_file\fR +setting that match the +\fRenv_keep\fR +and +\fRenv_check\fR +lists are then added, followed by any variables present in the file +specified by the +\fIenv_file\fR +setting (if any). +The contents of the +\fRenv_keep\fR +and +\fRenv_check\fR +lists, as modified by global Defaults parameters in +\fIsudoers\fR, +are displayed when +\fBsudo\fR +is run by root with the +\fB\-V\fR +option. +If the +\fIsecure_path\fR +setting is enabled, its value will be used for the +\fRPATH\fR +environment variable. +This flag is +\fI@env_reset@\fR +by default. +.TP 18n +fast_glob +Normally, +\fBsudo\fR +uses the +glob(3) +function to do shell-style globbing when matching path names. +However, since it accesses the file system, +glob(3) +can take a long time to complete for some patterns, especially +when the pattern references a network file system that is mounted +on demand (auto mounted). +The +\fIfast_glob\fR +flag causes +\fBsudo\fR +to use the +fnmatch(3) +function, which does not access the file system to do its matching. +The disadvantage of +\fIfast_glob\fR +is that it is unable to match relative path names such as +\fI./ls\fR +or +\fI../bin/ls\fR. +This has security implications when path names that include globbing +characters are used with the negation operator, +\(oq!\&\(cq, +as such rules can be trivially bypassed. +As such, this flag should not be used when the +\fIsudoers\fR +file contains rules that contain negated path names which include globbing +characters. +This flag is +\fIoff\fR +by default. +.TP 18n +fqdn +Set this flag if you want to put fully qualified host names in the +\fIsudoers\fR +file when the local host name (as returned by the +\fRhostname\fR +command) does not contain the domain name. +In other words, instead of myhost you would use myhost.mydomain.edu. +You may still use the short form if you wish (and even mix the two). +This flag is only effective when the +\(lqcanonical\(rq +host name, as returned by the +\fBgetaddrinfo\fR() +or +\fBgethostbyname\fR() +function, is a fully-qualified domain name. +This is usually the case when the system is configured to use DNS +for host name resolution. +.sp +If the system is configured to use the +\fI/etc/hosts\fR +file in preference to DNS, the +\(lqcanonical\(rq +host name may not be fully-qualified. +The order that sources are queried for host name resolution +is usually specified in the +\fI@nsswitch_conf@\fR, +\fI@netsvc_conf@\fR, +\fI/etc/host.conf\fR, +or, in some cases, +\fI/etc/resolv.conf\fR +file. +In the +\fI/etc/hosts\fR +file, the first host name of the entry is considered to be the +\(lqcanonical\(rq +name; subsequent names are aliases that are not used by +\fBsudoers\fR. +For example, the following hosts file line for the machine +\(lqxyzzy\(rq +has the fully-qualified domain name as the +\(lqcanonical\(rq +host name, and the short version as an alias. +.sp +.RS 24n +192.168.1.1 xyzzy.sudo.ws xyzzy +.RE +.RS 18n +.sp +If the machine's hosts file entry is not formatted properly, the +\fIfqdn\fR +flag will not be effective if it is queried before DNS. +.sp +Beware that when using DNS for host name resolution, turning on +\fIfqdn\fR +requires +\fBsudoers\fR +to make DNS lookups which renders +\fBsudo\fR +unusable if DNS stops working (for example if the machine is disconnected +from the network). +Also note that just like with the hosts file, you must use the +\(lqcanonical\(rq +name as DNS knows it. +That is, you may not use a host alias +(\fRCNAME\fR +entry) +due to performance issues and the fact that there is no way to get all +aliases from DNS. +.sp +This flag is +\fI@fqdn@\fR +by default. +.RE +.TP 18n +ignore_audit_errors +Allow commands to be run even if +\fBsudoers\fR +cannot write to the audit log. +If enabled, an audit log write failure is not treated as a fatal error. +If disabled, a command may only be run after the audit event is successfully +written. +This flag is only effective on systems for which +\fBsudoers\fR +supports audit logging, including +FreeBSD, +Linux, macOS, and Solaris. +This flag is +\fIon\fR +by default. +.TP 18n +ignore_dot +If set, +\fBsudo\fR +will ignore "." or "" (both denoting current directory) in the +\fRPATH\fR +environment variable; the +\fRPATH\fR +itself is not modified. +This flag is +\fI@ignore_dot@\fR +by default. +.TP 18n +ignore_iolog_errors +Allow commands to be run even if +\fBsudoers\fR +cannot write to the I/O log (local or remote). +If enabled, an I/O log write failure is not treated as a fatal error. +If disabled, the command will be terminated if the I/O log cannot be written to. +This flag is +\fIoff\fR +by default. +.TP 18n +ignore_logfile_errors +Allow commands to be run even if +\fBsudoers\fR +cannot write to the log file. +If enabled, a log file write failure is not treated as a fatal error. +If disabled, a command may only be run after the log file entry is successfully +written. +This flag only has an effect when +\fBsudoers\fR +is configured to use file-based logging via the +\fIlogfile\fR +setting. +This flag is +\fIon\fR +by default. +.TP 18n +ignore_local_sudoers +If set via LDAP, parsing of +\fI@sysconfdir@/sudoers\fR +will be skipped. +This is intended for Enterprises that wish to prevent the usage of local +sudoers files so that only LDAP is used. +This thwarts the efforts of rogue operators who would attempt to add roles to +\fI@sysconfdir@/sudoers\fR. +When this flag is enabled, +\fI@sysconfdir@/sudoers\fR +does not even need to exist. +Since this flag tells +\fBsudo\fR +how to behave when no specific LDAP entries have been matched, this +sudoOption is only meaningful for the +\fRcn=defaults\fR +section. +This flag is +\fIoff\fR +by default. +.TP 18n +ignore_unknown_defaults +If set, +\fBsudo\fR +will not produce a warning if it encounters an unknown Defaults entry +in the +\fIsudoers\fR +file or an unknown sudoOption in LDAP. +This flag is +\fIoff\fR +by default. +.TP 18n +insults +If set, +\fBsudo\fR +will insult users when they enter an incorrect password. +This flag is +\fI@insults@\fR +by default. +.TP 18n +log_allowed +If set, +\fBsudoers\fR +will log commands allowed by the policy to the system audit log +(where supported) as well as to syslog and/or a log file. +This flag is +\fIon\fR +by default. +.sp +This setting is only supported by version 1.8.29 or higher. +.TP 18n +log_denied +If set, +\fBsudoers\fR +will log commands denied by the policy to the system audit log +(where supported) as well as to syslog and/or a log file. +This flag is +\fIon\fR +by default. +.sp +This setting is only supported by version 1.8.29 or higher. +.TP 18n +log_exit_status +If set, +\fBsudoers\fR +will log the exit value of commands that are run to syslog and/or a log file. +If a command was terminated by a signal, the signal name is logged as well. +This flag is +\fIoff\fR +by default. +.sp +This setting is only supported by version 1.9.8 or higher. +.TP 18n +log_host +If set, the host name will be included in log entries written to +the file configured by the +\fIlogfile\fR +setting. +This flag is +\fIoff\fR +by default. +.TP 18n +log_input +If set, +\fBsudo\fR +will run the command in a pseudo-terminal and log all user input. +If the standard input is not connected to the user's tty, due to +I/O redirection or because the command is part of a pipeline, that +input is also captured and stored in a separate log file. +Anything sent to the standard input will be consumed, regardless of +whether or not the command run via +\fBsudo\fR +is actually reading the standard input. +This may have unexpected results when using +\fBsudo\fR +in a shell script that expects to process the standard input. +For more information about I/O logging, see the +\fII/O LOG FILES\fR +section. +This flag is +\fIoff\fR +by default. +.TP 18n +log_output +If set, +\fBsudo\fR +will run the command in a pseudo-terminal and log all output that is sent +to the screen, similar to the +script(1) +command. +For more information about I/O logging, see the +\fII/O LOG FILES\fR +section. +This flag is +\fIoff\fR +by default. +.TP 18n +log_server_keepalive +If set, +\fBsudo\fR +will enable the TCP keepalive socket option on the connection to the log server. +This enables the periodic transmission of keepalive messages to the server. +If the server does not respond to a message, the connection will +be closed and the running command will be terminated unless the +\fIignore_iolog_errors\fR +flag (I/O logging enabled) or the +\fIignore_log_errors\fR +flag (I/O logging disabled) is set. +This flag is +\fIon\fR +by default. +.sp +This setting is only supported by version 1.9.0 or higher. +.TP 18n +log_server_verify +.br +If set, the server certificate received during the TLS handshake +must be valid and it must contain either the server name (from +\fIlog_servers\fR) +or its IP address. +If either of these conditions is not met, the TLS handshake will fail. +This flag is +\fIon\fR +by default. +.sp +This setting is only supported by version 1.9.0 or higher. +.TP 18n +log_subcmds +If set, +\fBsudoers\fR +will log when a command spawns a child process and executes a program +using the +\fBexecl\fR(), +\fBexecle\fR(), +\fBexeclp\fR(), +\fBexecv\fR(), +\fBexecve\fR(), +\fBexecvp\fR(), +or +\fBexecvpe\fR() +library functions. +For example, if a shell is run by +\fBsudo\fR, +the individual commands run via the shell will be logged. +This flag is +\fIoff\fR +by default. +.sp +The +\fIlog_subcmds\fR +flag uses the same underlying mechanism as the +\fIintercept\fR +setting. +See +\fIPreventing shell escapes\fR +for more information on what systems support this option and its limitations. +This setting is only supported by version 1.9.8 or higher +and is incompatible with SELinux RBAC support. +.TP 18n +log_year +If set, the four-digit year will be logged in the (non-syslog) +\fBsudo\fR +log file. +This flag is +\fIoff\fR +by default. +.TP 18n +long_otp_prompt +When validating with a One Time Password (OTP) scheme such as +\fBS/Key\fR +or +\fBOPIE\fR, +a two-line prompt is used to make it easier +to cut and paste the challenge to a local window. +It's not as pretty as the default but some people find it more convenient. +This flag is +\fI@long_otp_prompt@\fR +by default. +.TP 18n +mail_all_cmnds +Send mail to the +\fImailto\fR +user every time a user attempts to run a command via +\fBsudo\fR +(this includes +\fBsudoedit\fR). +No mail will be sent if the user runs +\fBsudo\fR +with the +\fB\-l\fR +or +\fB\-v\fR +option unless there is an authentication error and the +\fImail_badpass\fR +flag is also set. +This flag is +\fIoff\fR +by default. +.TP 18n +mail_always +Send mail to the +\fImailto\fR +user every time a user runs +\fBsudo\fR. +This flag is +\fIoff\fR +by default. +.TP 18n +mail_badpass +Send mail to the +\fImailto\fR +user if the user running +\fBsudo\fR +does not enter the correct password. +If the command the user is attempting to run is not permitted by +\fBsudoers\fR +and one of the +\fImail_all_cmnds\fR, +\fImail_always\fR, +\fImail_no_host\fR, +\fImail_no_perms\fR +or +\fImail_no_user\fR +flags are set, this flag will have no effect. +This flag is +\fIoff\fR +by default. +.TP 18n +mail_no_host +If set, mail will be sent to the +\fImailto\fR +user if the invoking user exists in the +\fIsudoers\fR +file, but is not allowed to run commands on the current host. +This flag is +\fI@mail_no_host@\fR +by default. +.TP 18n +mail_no_perms +If set, mail will be sent to the +\fImailto\fR +user if the invoking user is allowed to use +\fBsudo\fR +but the command they are trying is not listed in their +\fIsudoers\fR +file entry or is explicitly denied. +This flag is +\fI@mail_no_perms@\fR +by default. +.TP 18n +mail_no_user +If set, mail will be sent to the +\fImailto\fR +user if the invoking user is not in the +\fIsudoers\fR +file. +This flag is +\fI@mail_no_user@\fR +by default. +.TP 18n +match_group_by_gid +By default, +\fBsudoers\fR +will look up each group the user is a member of by group-ID to +determine the group name (this is only done once). +The resulting list of the user's group names is used when matching +groups listed in the +\fIsudoers\fR +file. +This works well on systems where the number of groups listed in the +\fIsudoers\fR +file is larger than the number of groups a typical user belongs to. +On systems where group lookups are slow, where users may belong +to a large number of groups, and where the number of groups listed +in the +\fIsudoers\fR +file is relatively small, it may be prohibitively expensive and +running commands via +\fBsudo\fR +may take longer than normal. +On such systems it may be faster to use the +\fImatch_group_by_gid\fR +flag to avoid resolving the user's group-IDs to group names. +In this case, +\fBsudoers\fR +must look up any group name listed in the +\fIsudoers\fR +file and use the group-ID instead of the group name when determining +whether the user is a member of the group. +.sp +Note that if +\fImatch_group_by_gid\fR +is enabled, group database lookups performed by +\fBsudoers\fR +will be keyed by group name as opposed to group-ID. +On systems where there are multiple sources for the group database, +it is possible to have conflicting group names or group-IDs in the local +\fI/etc/group\fR +file and the remote group database. +On such systems, enabling or disabling +\fImatch_group_by_gid\fR +can be used to choose whether group database queries are performed +by name (enabled) or ID (disabled), which may aid in working around +group entry conflicts. +.sp +The +\fImatch_group_by_gid\fR +flag has no effect when +\fIsudoers\fR +data is stored in LDAP. +This flag is +\fIoff\fR +by default. +.sp +This setting is only supported by version 1.8.18 or higher. +.TP 18n +intercept +If set, all commands run via +\fBsudo\fR +will behave as if the +\fRINTERCEPT\fR +tag has been set, unless overridden by an +\fRNOINTERCEPT\fR +tag. +See the description of +\fIINTERCEPT and NOINTERCEPT\fR +above as well as the +\fIPreventing shell escapes\fR +section at the end of this manual. +This flag is +\fIoff\fR +by default. +.sp +This setting is only supported by version 1.9.8 or higher +and is incompatible with SELinux RBAC support. +.TP 18n +intercept_allow_setid +On most systems, the dynamic loader will ignore +\fRLD_PRELOAD\fR +(or the equivalent) when running set-user-ID and set-group-ID +programs, effectively disabling intercept mode. +To prevent this from happening, +\fBsudoers\fR +will not permit a set-user-ID or set-group-ID program to be run in +intercept mode unless +\fIintercept_allow_setid\fR +is set. +This flag has no effect unless the +\fIintercept\fR +flag is enabled or the +\fIINTERCEPT\fR +tag has been set for the command. +This flag is +\fIon\fR +by default. +.sp +This setting is only supported by version 1.9.8 or higher. +.TP 18n +intercept_authenticate +If set, commands run by an intercepted process must be authenticated +when the user's time stamp is not current. +For example, if a shell is run with +\fIintercept\fR +enabled, as soon as the invoking user's time stamp is out of date, +subsequent commands will need to be authenticated. +This flag has no effect unless the +\fIintercept\fR +flag is enabled or the +\fIINTERCEPT\fR +tag has been set for the command. +This flag is +\fIoff\fR +by default. +.sp +This setting is only supported by version 1.9.8 or higher. +.TP 18n +netgroup_tuple +If set, netgroup lookups will be performed using the full netgroup +tuple: host name, user name, and domain (if one is set). +Historically, +\fBsudo\fR +only matched the user name and domain for netgroups used in a +\fRUser_List\fR +and only matched the host name and domain for netgroups used in a +\fRHost_List\fR. +This flag is +\fIoff\fR +by default. +.TP 18n +noexec +If set, all commands run via +\fBsudo\fR +will behave as if the +\fRNOEXEC\fR +tag has been set, unless overridden by an +\fREXEC\fR +tag. +See the description of +\fIEXEC and NOEXEC\fR +above as well as the +\fIPreventing shell escapes\fR +section at the end of this manual. +This flag is +\fIoff\fR +by default. +.TP 18n +pam_acct_mgmt +On systems that use PAM for authentication, +\fBsudo\fR +will perform PAM account validation for the invoking user by default. +The actual checks performed depend on which PAM modules are configured. +If enabled, account validation will be performed regardless of whether +or not a password is required. +This flag is +\fIon\fR +by default. +.sp +This setting is only supported by version 1.8.28 or higher. +.TP 18n +pam_rhost +On systems that use PAM for authentication, +\fBsudo\fR +will set the PAM remote host value to the name of the local host +when the +\fIpam_rhost\fR +flag is enabled. +On Linux systems, enabling +\fIpam_rhost\fR +may result in DNS lookups of the local host name when PAM is initialized. +On Solaris versions prior to Solaris 8, +\fIpam_rhost\fR +must be enabled if +\fIpam_ruser\fR +is also enabled to avoid a crash in the Solaris PAM implementation. +.sp +This flag is +\fIoff\fR +by default on systems other than Solaris. +.sp +This setting is only supported by version 1.9.0 or higher. +.TP 18n +pam_ruser +On systems that use PAM for authentication, +\fBsudo\fR +will set the PAM remote user value to the name of the user that invoked sudo +when the +\fIpam_ruser\fR +flag is enabled. +This flag is +\fIon\fR +by default. +.sp +This setting is only supported by version 1.9.0 or higher. +.TP 18n +pam_session +On systems that use PAM for authentication, +\fBsudo\fR +will create a new PAM session for the command to be run in. +Unless +\fBsudo\fR +is given the +\fB\-i\fR +or +\fB\-s\fR +options, PAM session modules are run with the +\(lqsilent\(rq +flag enabled. +This prevents last login information from being displayed for every +command on some systems. +Disabling +\fIpam_session\fR +may be needed on older PAM implementations or on operating systems where +opening a PAM session changes the utmp or wtmp files. +If PAM session support is disabled, resource limits may not be updated +for the command being run. +If +\fIpam_session\fR, +\fIpam_setcred\fR, +and +\fIuse_pty\fR +are disabled, +\fIlog_servers\fR +has not been set and I/O logging has not been configured, +\fBsudo\fR +will execute the command directly instead of running it as a child +process. +This flag is +\fI@pam_session@\fR +by default. +.sp +This setting is only supported by version 1.8.7 or higher. +.TP 18n +pam_setcred +On systems that use PAM for authentication, +\fBsudo\fR +will attempt to establish credentials for the target user by default, +if supported by the underlying authentication system. +One example of a credential is a Kerberos ticket. +If +\fIpam_session\fR, +\fIpam_setcred\fR, +and +\fIuse_pty\fR +are disabled, +\fIlog_servers\fR +has not been set and I/O logging has not been configured, +\fBsudo\fR +will execute the command directly instead of running it as a child +process. +This flag is +\fIon\fR +by default. +.sp +This setting is only supported by version 1.8.8 or higher. +.TP 18n +passprompt_override +If set, the prompt specified by +\fIpassprompt\fR +or the +\fRSUDO_PROMPT\fR +environment variable will always be used and will replace the +prompt provided by a PAM module or other authentication method. +This flag is +\fIoff\fR +by default. +.TP 18n +path_info +Normally, +\fBsudo\fR +will tell the user when a command could not be +found in their +\fRPATH\fR +environment variable. +Some sites may wish to disable this as it could be used to gather +information on the location of executables that the normal user does +not have access to. +The disadvantage is that if the executable is simply not in the user's +\fRPATH\fR, +\fBsudo\fR +will tell the user that they are not allowed to run it, which can be confusing. +This flag is +\fI@path_info@\fR +by default. +.TP 18n +preserve_groups +By default, +\fBsudo\fR +will initialize the group vector to the list of groups the target user is in. +When +\fIpreserve_groups\fR +is set, the user's existing group vector is left unaltered. +The real and effective group-IDs, however, are still set to match the +target user. +This flag is +\fIoff\fR +by default. +.TP 18n +pwfeedback +By default, +\fBsudo\fR +reads the password like most other Unix programs, +by turning off echo until the user hits the return (or enter) key. +Some users become confused by this as it appears to them that +\fBsudo\fR +has hung at this point. +When +\fIpwfeedback\fR +is set, +\fBsudo\fR +will provide visual feedback when the user presses a key. +Note that this does have a security impact as an onlooker may be able to +determine the length of the password being entered. +This flag is +\fIoff\fR +by default. +.TP 18n +requiretty +If set, +\fBsudo\fR +will only run when the user is logged in to a real tty. +When this flag is set, +\fBsudo\fR +can only be run from a login session and not via other means such as +cron(@mansectsu@) +or cgi-bin scripts. +This flag is +\fIoff\fR +by default. +.TP 18n +root_sudo +If set, root is allowed to run +\fBsudo\fR +too. +Disabling this prevents users from +\(lqchaining\(rq +\fBsudo\fR +commands to get a root shell by doing something like +\(lq\fRsudo sudo /bin/sh\fR\(rq. +Note, however, that turning off +\fIroot_sudo\fR +will also prevent root from running +\fBsudoedit\fR. +Disabling +\fIroot_sudo\fR +provides no real additional security; it exists purely for historical reasons. +This flag is +\fI@root_sudo@\fR +by default. +.TP 18n +rootpw +If set, +\fBsudo\fR +will prompt for the root password instead of the password of the invoking user +when running a command or editing a file. +This flag is +\fIoff\fR +by default. +.TP 18n +runas_allow_unknown_id +If enabled, allow matching of runas user and group IDs that are +not present in the password or group databases. +In addition to explicitly matching unknown user or group IDs in a +\fRRunas_List\fR, +this option also allows the +\fBALL\fR +alias to match unknown IDs. +This flag is +\fIoff\fR +by default. +.sp +This setting is only supported by version 1.8.30 or higher. +Older versions of +\fBsudo\fR +always allowed matching of unknown user and group IDs. +.TP 18n +runas_check_shell +.br +If enabled, +\fBsudo\fR +will only run commands as a user whose shell appears in the +\fI/etc/shells\fR +file, even if the invoking user's +\fRRunas_List\fR +would otherwise permit it. +If no +\fI/etc/shells\fR +file is present, a system-dependent list of built-in default shells is used. +On many operating systems, system users such as +\(lqbin\(rq, +do not have a valid shell and this flag can be used to prevent +commands from being run as those users. +This flag is +\fIoff\fR +by default. +.sp +This setting is only supported by version 1.8.30 or higher. +.TP 18n +runaspw +If set, +\fBsudo\fR +will prompt for the password of the user defined by the +\fIrunas_default\fR +option (defaults to +\fR@runas_default@\fR) +instead of the password of the invoking user +when running a command or editing a file. +This flag is +\fIoff\fR +by default. +.if \n(SL \{\ +.TP 18n +selinux +If enabled, the user may specify an SELinux role and/or type to use +when running the command, as permitted by the SELinux policy. +If SELinux is disabled on the system, this flag has no effect. +This flag is +\fIon\fR +by default. +.\} +.TP 18n +set_home +If enabled and +\fBsudo\fR +is invoked with the +\fB\-s\fR +option, the +\fRHOME\fR +environment variable will be set to the home directory of the target +user (which is the root user unless the +\fB\-u\fR +option is used). +This flag is largely obsolete and has no effect unless the +\fIenv_reset\fR +flag has been disabled or +\fRHOME\fR +is present in the +\fIenv_keep\fR +list, both of which are strongly discouraged. +This flag is +\fIoff\fR +by default. +.TP 18n +set_logname +Normally, +\fBsudo\fR +will set the +\fRLOGNAME\fR +and +\fRUSER\fR +environment variables to the name of the target user (usually root unless the +\fB\-u\fR +option is given). +However, since some programs (including the RCS revision control system) use +\fRLOGNAME\fR +to determine the real identity of the user, it may be desirable to +change this behavior. +This can be done by negating the set_logname option. +Note that +\fIset_logname\fR +will have no effect +if the +\fIenv_reset\fR +option has not been disabled and the +\fIenv_keep\fR +list contains +\fRLOGNAME\fR +or +\fRUSER\fR. +This flag is +\fIon\fR +by default. +.TP 18n +set_utmp +When enabled, +\fBsudo\fR +will create an entry in the utmp (or utmpx) file when a pseudo-terminal +is allocated. +A pseudo-terminal is allocated by +\fBsudo\fR +when it is running in a terminal and one or more of the +\fIlog_input\fR, +\fIlog_output\fR, +or +\fIuse_pty\fR +flags is enabled. +By default, the new entry will be a copy of the user's existing utmp +entry (if any), with the tty, time, type, and pid fields updated. +This flag is +\fIon\fR +by default. +.TP 18n +setenv +Allow the user to disable the +\fIenv_reset\fR +option from the command line via the +\fB\-E\fR +option. +Additionally, environment variables set via the command line are +not subject to the restrictions imposed by +\fIenv_check\fR, +\fIenv_delete\fR, +or +\fIenv_keep\fR. +As such, only trusted users should be allowed to set variables in this manner. +This flag is +\fIoff\fR +by default. +.TP 18n +shell_noargs +If set and +\fBsudo\fR +is invoked with no arguments it acts as if the +\fB\-s\fR +option had been given. +That is, it runs a shell as root (the shell is determined by the +\fRSHELL\fR +environment variable if it is set, falling back on the shell listed +in the invoking user's /etc/passwd entry if not). +This flag is +\fIoff\fR +by default. +.TP 18n +stay_setuid +Normally, when +\fBsudo\fR +executes a command the real and effective user-IDs are set to the target +user (root by default). +This option changes that behavior such that the real user-ID is left +as the invoking user's user-ID. +In other words, this makes +\fBsudo\fR +act as a set-user-ID wrapper. +This can be useful on systems that disable some potentially +dangerous functionality when a program is run set-user-ID. +This option is only effective on systems that support either the +setreuid(2) +or +setresuid(2) +system call. +This flag is +\fIoff\fR +by default. +.TP 18n +sudoedit_checkdir +.br +If set, +\fBsudoedit\fR +will check all directory components of the path to be edited for writability +by the invoking user. +Symbolic links will not be followed in writable directories and +\fBsudoedit\fR +will refuse to edit a file located in a writable directory. +These restrictions are not enforced when +\fBsudoedit\fR +is run by root. +On some systems, if all directory components of the path to be edited +are not readable by the target user, +\fBsudoedit\fR +will be unable to edit the file. +This flag is +\fIon\fR +by default. +.sp +This setting was first introduced in version 1.8.15 but initially +suffered from a race condition. +The check for symbolic links in writable intermediate directories +was added in version 1.8.16. +.TP 18n +sudoedit_follow +By default, +\fBsudoedit\fR +will not follow symbolic links when opening files. +The +\fIsudoedit_follow\fR +option can be enabled to allow +\fBsudoedit\fR +to open symbolic links. +It may be overridden on a per-command basis by the +\fIFOLLOW\fR +and +\fINOFOLLOW\fR +tags. +This flag is +\fIoff\fR +by default. +.sp +This setting is only supported by version 1.8.15 or higher. +.TP 18n +syslog_pid +When logging via +syslog(3), +include the process ID in the log entry. +This flag is +\fIoff\fR +by default. +.sp +This setting is only supported by version 1.8.21 or higher. +.TP 18n +targetpw +If set, +\fBsudo\fR +will prompt for the password of the user specified +by the +\fB\-u\fR +option (defaults to +\fRroot\fR) +instead of the password of the invoking user +when running a command or editing a file. +Note that this flag precludes the use of a user-ID not listed in the passwd +database as an argument to the +\fB\-u\fR +option. +This flag is +\fIoff\fR +by default. +.TP 18n +tty_tickets +If set, users must authenticate on a per-tty basis. +With this flag enabled, +\fBsudo\fR +will use a separate record in the time stamp file for each terminal. +If disabled, a single record is used for all login sessions. +.sp +This option has been superseded by the +\fItimestamp_type\fR +option. +.TP 18n +umask_override +If set, +\fBsudo\fR +will set the umask as specified in the +\fIsudoers\fR +file without modification. +This makes it possible to specify a umask in the +\fIsudoers\fR +file that is more permissive than the user's own umask and matches +historical behavior. +If +\fIumask_override\fR +is not set, +\fBsudo\fR +will set the umask to be the union of the user's umask and what is specified in +\fIsudoers\fR. +This flag is +\fI@umask_override@\fR +by default. +.if \n(BA \{\ +.TP 18n +use_loginclass +If set, +\fBsudo\fR +will apply the defaults specified for the target user's login class +if one exists. +Only available if +\fBsudo\fR +is configured with the +\fR--with-logincap\fR +option. +This flag is +\fIoff\fR +by default. +.\} +.TP 18n +use_netgroups +If set, netgroups (prefixed with +\(oq+\(cq), +may be used in place of a user or host. +For LDAP-based sudoers, netgroup support requires an expensive +sub-string match on the server unless the +\fBNETGROUP_BASE\fR +directive is present in the +\fI@ldap_conf@\fR +file. +If netgroups are not needed, this option can be disabled to reduce the +load on the LDAP server. +This flag is +\fIon\fR +by default. +.TP 18n +use_pty +If set, and +\fBsudo\fR +is running in a terminal, the command will be run in a pseudo-terminal +(even if no I/O logging is being done). +If the +\fBsudo\fR +process is not attached to a terminal, +\fIuse_pty\fR +has no effect. +.sp +A malicious program run under +\fBsudo\fR +may be capable of injecting commands into the user's +terminal or running a background process that retains access to the +user's terminal device even after the main program has finished +executing. +By running the command in a separate pseudo-terminal, this attack is +no longer possible. +This flag is +\fIoff\fR +by default. +.TP 18n +user_command_timeouts +If set, the user may specify a timeout on the command line. +If the timeout expires before the command has exited, the +command will be terminated. +If a timeout is specified both in the +\fIsudoers\fR +file and on the command line, the smaller of the two timeouts will be used. +See the +\fRTimeout_Spec\fR +section for a description of the timeout syntax. +This flag is +\fIoff\fR +by default. +.sp +This setting is only supported by version 1.8.20 or higher. +.TP 18n +utmp_runas +If set, +\fBsudo\fR +will store the name of the runas user when updating the utmp (or utmpx) file. +By default, +\fBsudo\fR +stores the name of the invoking user. +This flag is +\fIoff\fR +by default. +.TP 18n +visiblepw +By default, +\fBsudo\fR +will refuse to run if the user must enter a password but it is not +possible to disable echo on the terminal. +If the +\fIvisiblepw\fR +flag is set, +\fBsudo\fR +will prompt for a password even when it would be visible on the screen. +This makes it possible to run things like +\(lq\fRssh somehost sudo ls\fR\(rq +since by default, +ssh(1) +does +not allocate a tty when running a command. +This flag is +\fIoff\fR +by default. +.PP +\fBIntegers\fR: +.TP 18n +closefrom +Before it executes a command, +\fBsudo\fR +will close all open file descriptors other than standard input, +standard output, and standard error (file descriptors 0-2). +The +\fIclosefrom\fR +option can be used to specify a different file descriptor at which +to start closing. +The default is +\fR3\fR. +.TP 18n +command_timeout +The maximum amount of time a command is allowed to run before +it is terminated. +See the +\fRTimeout_Spec\fR +section for a description of the timeout syntax. +.sp +This setting is only supported by version 1.8.20 or higher. +.TP 18n +log_server_timeout +The maximum amount of time to wait when connecting to a log server +or waiting for a server response. +See the +\fRTimeout_Spec\fR +section for a description of the timeout syntax. +The default value is 30 seconds. +.sp +This setting is only supported by version 1.9.0 or higher. +.TP 18n +maxseq +The maximum sequence number that will be substituted for the +\(lq\fR%{seq}\fR\(rq +escape in the I/O log file (see the +\fIiolog_dir\fR +description below for more information). +While the value substituted for +\(lq\fR%{seq}\fR\(rq +is in base 36, +\fImaxseq\fR +itself should be expressed in decimal. +Values larger than 2176782336 (which corresponds to the +base 36 sequence number +\(lqZZZZZZ\(rq) +will be silently truncated to 2176782336. +The default value is 2176782336. +.sp +Once the local sequence number reaches the value of +\fImaxseq\fR, +it will +\(lqroll over\(rq +to zero, after which +\fBsudoers\fR +will truncate and re-use any existing I/O log path names. +.sp +This setting is only supported by version 1.8.7 or higher. +.TP 18n +passwd_tries +The number of tries a user gets to enter his/her password before +\fBsudo\fR +logs the failure and exits. +The default is +\fR@passwd_tries@\fR. +.TP 18n +syslog_maxlen +On many systems, +syslog(3) +has a relatively small log buffer. +IETF RFC 5424 states that syslog servers must support messages of +at least 480 bytes and should support messages up to 2048 bytes. +By default, +\fBsudoers\fR +creates log messages up to 980 bytes which corresponds to the +historic +BSD +syslog implementation which used a 1024 byte buffer +to store the message, date, hostname, and program name. +To prevent syslog messages from being truncated, +\fBsudoers\fR +will split up log messages that are larger than +\fIsyslog_maxlen\fR +bytes. +When a message is split, additional parts will include the string +\(lq(command continued)\(rq +after the user name and before the continued command line arguments. +.sp +This setting is only supported by version 1.8.19 or higher. +.PP +\fBIntegers that can be used in a boolean context\fR: +.TP 18n +loglinelen +Number of characters per line for the file log. +This value is used to decide when to wrap lines for nicer log files. +This has no effect on the syslog log file, only the file log. +The default is +\fR@loglen@\fR +(use 0 or negate the option to disable word wrap). +.TP 18n +passwd_timeout +Number of minutes before the +\fBsudo\fR +password prompt times out, or +\fR0\fR +for no timeout. +The timeout may include a fractional component +if minute granularity is insufficient, for example +\fR2.5\fR. +The +default is +\fR@password_timeout@\fR. +.TP 18n +timestamp_timeout +.br +Number of minutes that can elapse before +\fBsudo\fR +will ask for a passwd again. +The timeout may include a fractional component if +minute granularity is insufficient, for example +\fR2.5\fR. +The default is +\fR@timeout@\fR. +Set this to +\fR0\fR +to always prompt for a password. +If set to a value less than +\fR0\fR +the user's time stamp will not expire until the system is rebooted. +This can be used to allow users to create or delete their own time stamps via +\(lq\fRsudo -v\fR\(rq +and +\(lq\fRsudo -k\fR\(rq +respectively. +.TP 18n +umask +File mode creation mask to use when running the command. +Negate this option or set it to 0777 to prevent +\fBsudoers\fR +from changing the umask. +Unless the +\fIumask_override\fR +flag is set, the actual umask will be the union of the +user's umask and the value of the +\fIumask\fR +setting, which defaults to +\fR@sudo_umask@\fR. +This guarantees +that +\fBsudo\fR +never lowers the umask when running a command. +.sp +If +\fIumask\fR +is explicitly set in +\fIsudoers\fR, +it will override any umask setting in PAM or login.conf. +If +\fIumask\fR +is not set in +\fIsudoers\fR, +the umask specified by PAM or login.conf will take precedence. +The umask setting in PAM is not used for +\fBsudoedit\fR, +which does not create a new PAM session. +.PP +\fBStrings\fR: +.TP 18n +authfail_message +Message that is displayed after a user fails to authenticate. +The message may include the +\(oq%d\(cq +escape which will expand to the number of failed password attempts. +If set, it overrides the default message, +\fR%d incorrect password attempt(s)\fR. +.TP 18n +badpass_message +Message that is displayed if a user enters an incorrect password. +The default is +\fR@badpass_message@\fR +unless insults are enabled. +.TP 18n +editor +A colon +(\(oq:\&\(cq) +separated list of editors path names used by +\fBsudoedit\fR +and +\fBvisudo\fR. +For +\fBsudoedit\fR, +this list is used to find an editor when none of the +\fRSUDO_EDITOR\fR, +\fRVISUAL\fR +or +\fREDITOR\fR +environment variables are set to an editor that exists and is executable. +For +\fBvisudo\fR, +it is used as a white list of allowed editors; +\fBvisudo\fR +will choose the editor that matches the user's +\fRSUDO_EDITOR\fR, +\fRVISUAL\fR +or +\fREDITOR\fR +environment variable if possible, or the first editor in the +list that exists and is executable if not. +Unless invoked as +\fBsudoedit\fR, +\fBsudo\fR +does not preserve the +\fRSUDO_EDITOR\fR, +\fRVISUAL\fR +or +\fREDITOR\fR +environment variables unless they are present in the +\fIenv_keep\fR +list or the +\fIenv_reset\fR +option is disabled. +The default is +\fI@editor@\fR. +.TP 18n +iolog_dir +The top-level directory to use when constructing the path name for +the input/output log directory. +Only used if the +\fIlog_input\fR +or +\fIlog_output\fR +options are enabled or when the +\fRLOG_INPUT\fR +or +\fRLOG_OUTPUT\fR +tags are present for a command. +The session sequence number, if any, is stored in the directory. +The default is +\fI@iolog_dir@\fR. +.sp +The following percent +(\(oq%\(cq) +escape sequences are supported: +.PP +.RS 18n +.PD 0 +.TP 6n +\fR%{seq}\fR +expanded to a monotonically increasing base-36 sequence number, such as 0100A5, +where every two digits are used to form a new directory, e.g., +\fI01/00/A5\fR +.PD +.TP 6n +\fR%{user}\fR +expanded to the invoking user's login name +.TP 6n +\fR%{group}\fR +expanded to the name of the invoking user's real group-ID +.TP 6n +\fR%{runas_user}\fR +expanded to the login name of the user the command will +be run as (e.g., root) +.TP 6n +\fR%{runas_group}\fR +expanded to the group name of the user the command will +be run as (e.g., wheel) +.TP 6n +\fR%{hostname}\fR +expanded to the local host name without the domain name +.TP 6n +\fR%{command}\fR +expanded to the base name of the command being run +.PP +In addition, any escape sequences supported by the system's +strftime(3) +function will be expanded. +.sp +To include a literal +\(oq%\(cq +character, the string +\(oq%%\(cq +should be used. +.RE +.TP 18n +iolog_file +The path name, relative to +\fIiolog_dir\fR, +in which to store input/output logs when the +\fIlog_input\fR +or +\fIlog_output\fR +options are enabled or when the +\fRLOG_INPUT\fR +or +\fRLOG_OUTPUT\fR +tags are present for a command. +Note that +\fIiolog_file\fR +may contain directory components. +The default is +\(lq\fR%{seq}\fR\(rq. +.sp +See the +\fIiolog_dir\fR +option above for a list of supported percent +(\(oq%\(cq) +escape sequences. +.sp +In addition to the escape sequences, path names that end in six or +more +\fRX\fRs +will have the +\fRX\fRs +replaced with a unique combination of digits and letters, similar to the +mktemp(3) +function. +.sp +If the path created by concatenating +\fIiolog_dir\fR +and +\fIiolog_file\fR +already exists, the existing I/O log file will be truncated and +overwritten unless +\fIiolog_file\fR +ends in six or +more +\fRX\fRs. +.TP 18n +iolog_flush +If set, +\fBsudo\fR +will flush I/O log data to disk after each write instead of buffering it. +This makes it possible to view the logs in real-time as the program +is executing but may significantly reduce the effectiveness of I/O +log compression. +This flag is +\fIoff\fR +by default. +.sp +This setting is only supported by version 1.8.20 or higher. +.TP 18n +iolog_group +The group name to look up when setting the group-ID on new I/O log +files and directories. +If +\fIiolog_group\fR +is not set, +the primary group-ID of the user specified by +\fIiolog_user\fR +is used. +If neither +\fIiolog_group\fR +nor +\fIiolog_user\fR +are set, I/O log files and directories are created with group-ID 0. +.sp +This setting is only supported by version 1.8.19 or higher. +.TP 18n +iolog_mode +The file mode to use when creating I/O log files. +Mode bits for read and write permissions for owner, group, or other +are honored, everything else is ignored. +The file permissions will always include the owner read and +write bits, even if they are not present in the specified mode. +When creating I/O log directories, search (execute) bits are added +to match the read and write bits specified by +\fIiolog_mode\fR. +Defaults to 0600 (read and write by user only). +.sp +This setting is only supported by version 1.8.19 or higher. +.TP 18n +iolog_user +The user name to look up when setting the user and group-IDs on new +I/O log files and directories. +If +\fIiolog_group\fR +is set, it will be used instead of the user's primary group-ID. +By default, I/O log files and directories are created with user and +group-ID 0. +.sp +This setting can be useful when the I/O logs are stored on a Network +File System (NFS) share. +Having a dedicated user own the I/O log files means that +\fBsudoers\fR +does not write to the log files as user-ID 0, which is usually +not permitted by NFS. +.sp +This setting is only supported by version 1.8.19 or higher. +.TP 18n +lecture_status_dir +The directory in which +\fBsudo\fR +stores per-user lecture status files. +Once a user has received the lecture, a zero-length file is +created in this directory so that +\fBsudo\fR +will not lecture the user again. +This directory should +\fInot\fR +be cleared when the system reboots. +The default is +\fI@vardir@/lectured\fR. +.if \n(PS \{\ +.TP 18n +limitprivs +The default Solaris limit privileges to use when constructing a new +privilege set for a command. +This bounds all privileges of the executing process. +The default limit privileges may be overridden on a per-command basis in +\fIsudoers\fR. +This option is only available if +\fBsudoers\fR +is built on Solaris 10 or higher. +.\} +.TP 18n +log_server_cabundle +The path to a certificate authority bundle file, in PEM format, +to use instead of the system's default certificate authority database +when authenticating the log server. +The default is to use the system's default certificate authority database. +This setting has no effect unless +\fIlog_servers\fR +is set and the remote log server is secured with TLS. +.sp +This setting is only supported by version 1.9.0 or higher. +.TP 18n +log_server_peer_cert +The path to the +\fBsudo\fR +client's certificate file, in PEM format. +This setting is required when the remote log server is secured +with TLS and client certificate validation is enabled. +For +\fBsudo_logsrvd\fR, +client certificate validation is controlled by the +\fItls_checkpeer\fR +option, which defaults to +\fIfalse\fR. +.sp +This setting is only supported by version 1.9.0 or higher. +.TP 18n +log_server_peer_key +The path to the +\fBsudo\fR +client's private key file, in PEM format. +This setting is required when the remote log server is secured +with TLS and client certificate validation is enabled. +For +\fBsudo_logsrvd\fR, +client certificate validation is controlled by the +\fItls_checkpeer\fR +option, which defaults to +\fIfalse\fR. +.sp +This setting is only supported by version 1.9.0 or higher. +.TP 18n +mailsub +Subject of the mail sent to the +\fImailto\fR +user. +The escape +\fR%h\fR +will expand to the host name of the machine. +Default is +\(lq\fR@mailsub@\fR\(rq. +.TP 18n +noexec_file +As of +\fBsudo\fR +version 1.8.1 this option is no longer supported. +The path to the noexec file should now be set in the +sudo.conf(@mansectform@) +file. +.TP 18n +pam_askpass_service +On systems that use PAM for authentication, this is the service +name used when the +\fB\-A\fR +option is specified. +The default value is either +\(lq\fR@pam_service@\fR\(rq +or +\(lq\fR@pam_login_service@\fR\(rq, +depending on whether or not the +\fB\-i\fR +option is also specified. +See the description of +\fIpam_service\fR +for more information. +.sp +This setting is only supported by version 1.9.9 or higher. +.TP 18n +pam_login_service +.br +On systems that use PAM for authentication, this is the service +name used when the +\fB\-i\fR +option is specified. +The default value is +\(lq\fR@pam_login_service@\fR\(rq. +See the description of +\fIpam_service\fR +for more information. +.sp +This setting is only supported by version 1.8.8 or higher. +.TP 18n +pam_service +On systems that use PAM for authentication, the service name +specifies the PAM policy to apply. +This usually corresponds to an entry in the +\fIpam.conf\fR +file or a file in the +\fI/etc/pam.d\fR +directory. +The default value is +\(lq\fRsudo\fR\(rq. +.sp +This setting is only supported by version 1.8.8 or higher. +.TP 18n +passprompt +The default prompt to use when asking for a password; can be overridden via the +\fB\-p\fR +option or the +\fRSUDO_PROMPT\fR +environment variable. +The following percent +(\(oq%\(cq) +escape sequences are supported: +.PP +.RS 18n +.PD 0 +.TP 6n +\fR%H\fR +expanded to the local host name including the domain name +(only if the machine's host name is fully qualified or the +\fIfqdn\fR +option is set) +.PD +.TP 6n +\fR%h\fR +expanded to the local host name without the domain name +.TP 6n +\fR%p\fR +expanded to the user whose password is being asked for (respects the +\fIrootpw\fR, +\fItargetpw\fR +and +\fIrunaspw\fR +flags in +\fIsudoers\fR) +.TP 6n +\fR\&%U\fR +expanded to the login name of the user the command will +be run as (defaults to root) +.TP 6n +\fR%u\fR +expanded to the invoking user's login name +.TP 6n +\fR%%\fR +two consecutive +\fR%\fR +characters are collapsed into a single +\fR%\fR +character +.PP +On systems that use PAM for authentication, +\fIpassprompt\fR +will only be used if the prompt provided by the PAM module matches the string +\(lqPassword: \(rq +or +\(lqusername's Password: \(rq. +This ensures that the +\fIpassprompt\fR +setting does not interfere with challenge-response style authentication. +The +\fIpassprompt_override\fR +flag can be used to change this behavior. +.sp +The default value is +\(lq\fR@passprompt@\fR\(rq. +.RE +.if \n(PS \{\ +.TP 18n +privs +The default Solaris privileges to use when constructing a new +privilege set for a command. +This is passed to the executing process via the inherited privilege set, +but is bounded by the limit privileges. +If the +\fIprivs\fR +option is specified but the +\fIlimitprivs\fR +option is not, the limit privileges of the executing process is set to +\fIprivs\fR. +The default privileges may be overridden on a per-command basis in +\fIsudoers\fR. +This option is only available if +\fBsudoers\fR +is built on Solaris 10 or higher. +.\} +.if \n(SL \{\ +.TP 18n +role +The default SELinux role to use when constructing a new security +context to run the command. +The default role may be overridden on a per-command basis in the +\fIsudoers\fR +file or via command line options. +This option is only available when +\fBsudo\fR +is built with SELinux support. +.\} +.TP 18n +runas_default +The default user to run commands as if the +\fB\-u\fR +option is not specified on the command line. +This defaults to +\fR@runas_default@\fR. +.TP 18n +sudoers_locale +Locale to use when parsing the sudoers file, logging commands, and +sending email. +Note that changing the locale may affect how sudoers is interpreted. +Defaults to +\(lq\fRC\fR\(rq. +.TP 18n +timestamp_type +\fBsudoers\fR +uses per-user time stamp files for credential caching. +The +\fItimestamp_type\fR +option can be used to specify the type of time stamp record used. +It has the following possible values: +.PP +.RS 18n +.PD 0 +.TP 8n +global +A single time stamp record is used for all of a user's login sessions, +regardless of the terminal or parent process ID. +An additional record is used to serialize password prompts when +\fBsudo\fR +is used multiple times in a pipeline, but this does not affect authentication. +.PD +.TP 8n +ppid +A single time stamp record is used for all processes with the same parent +process ID (usually the shell). +Commands run from the same shell (or other common parent process) +will not require a password for +\fItimestamp_timeout\fR +minutes +(\fR@timeout@\fR +by default) +\&. +Commands run via +\fBsudo\fR +with a different parent process ID, for example from a shell script, +will be authenticated separately. +.TP 8n +tty +One time stamp record is used for each terminal, +which means that a user's login sessions are authenticated separately. +If no terminal is present, the behavior is the same as +\fIppid\fR. +Commands run from the same terminal will not require a password for +\fItimestamp_timeout\fR +minutes +(\fR@timeout@\fR +by default) +\&. +.TP 8n +kernel +The time stamp is stored in the kernel as an attribute of the terminal +device. +If no terminal is present, the behavior is the same as +\fIppid\fR. +Negative +\fItimestamp_timeout\fR +values are not supported and positive values are limited to a maximum +of 60 minutes. +This is currently only supported on +OpenBSD. +.PP +The default value is +\fI@timestamp_type@\fR. +.sp +This setting is only supported by version 1.8.21 or higher. +.RE +.TP 18n +timestampdir +The directory in which +\fBsudo\fR +stores its time stamp files. +This directory should be cleared when the system reboots. +The default is +\fI@rundir@/ts\fR. +.TP 18n +timestampowner +The owner of the lecture status directory, time stamp directory and all +files stored therein. +The default is +\fRroot\fR. +.if \n(SL \{\ +.TP 18n +type +The default SELinux type to use when constructing a new security +context to run the command. +The default type may be overridden on a per-command basis in the +\fIsudoers\fR +file or via command line options. +This option is only available when +\fBsudo\fR +is built with SELinux support. +.PP +\fBStrings that can be used in a boolean context\fR: +.TP 14n +admin_flag +The +\fIadmin_flag\fR +option specifies the path to a file that is created the first time +a user that is a member of the +\fIsudo\fR +or +\fIadmin\fR +groups runs +\fBsudo\fR. +Only available if +\fBsudo\fR +is configured with the +\fR--enable-admin-flag\fR +option. +The default value is +\fR~/.sudo_as_admin_successful\fR. +.TP 14n +env_file +The +\fIenv_file\fR +option specifies the fully qualified path to a file containing variables +to be set in the environment of the program being run. +Entries in this file should either be of the form +\(lq\fRVARIABLE=value\fR\(rq +or +\(lq\fRexport VARIABLE=value\fR\(rq. +The value may optionally be enclosed in single or double quotes. +Variables in this file are only added if the variable does not already +exist in the environment. +This file is considered to be part of the security policy, +its contents are not subject to other +\fBsudo\fR +environment restrictions such as +\fIenv_keep\fR +and +\fIenv_check\fR. +.TP 14n +exempt_group +Users in this group are exempt from password and PATH requirements. +The group name specified should not include a +\fR%\fR +prefix. +This is not set by default. +.TP 14n +fdexec +Determines whether +\fBsudo\fR +will execute a command by its path or by an open file descriptor. +It has the following possible values: +.PP +.RS 14n +.PD 0 +.TP 8n +always +Always execute by file descriptor. +.PD +.TP 8n +never +Never execute by file descriptor. +.TP 8n +digest_only +Only execute by file descriptor if the command has an associated digest +in the +\fIsudoers\fR +file. +.PP +The default value is +\fIdigest_only\fR. +This avoids a time of check versus time of use race condition when +the command is located in a directory writable by the invoking user. +.sp +Note that +\fIfdexec\fR +will change the first element of the argument vector for scripts +($0 in the shell) due to the way the kernel runs script interpreters. +Instead of being a normal path, it will refer to a file descriptor. +For example, +\fI/dev/fd/4\fR +on Solaris and +\fI/proc/self/fd/4\fR +on Linux. +A workaround is to use the +\fRSUDO_COMMAND\fR +environment variable instead. +.sp +The +\fIfdexec\fR +setting is only used when the command is matched by path name. +It has no effect if the command is matched by the built-in +\fBALL\fR +alias. +.sp +This setting is only supported by version 1.8.20 or higher. +If the operating system does not support the +\fBfexecve\fR() +system call, this setting has no effect. +.RE +.TP 14n +group_plugin +A string containing a +\fBsudoers\fR +group plugin with optional arguments. +The string should consist of the plugin +path, either fully-qualified or relative to the +\fI@plugindir@\fR +directory, followed by any configuration arguments the plugin requires. +These arguments (if any) will be passed to the plugin's initialization function. +If arguments are present, the string must be enclosed in double quotes +(\&""). +.sp +For more information see +\fIGROUP PROVIDER PLUGINS\fR. +.TP 14n +lecture +This option controls when a short lecture will be printed along with +the password prompt. +It has the following possible values: +.PP +.RS 14n +.PD 0 +.TP 8n +always +Always lecture the user. +.PD +.TP 8n +never +Never lecture the user. +.TP 8n +once +Only lecture the user the first time they run +\fBsudo\fR. +.PP +If no value is specified, a value of +\fIonce\fR +is implied. +Negating the option results in a value of +\fInever\fR +being used. +The default value is +\fI@lecture@\fR. +.RE +.TP 14n +lecture_file +Path to a file containing an alternate +\fBsudo\fR +lecture that will be used in place of the standard lecture if the named +file exists. +By default, +\fBsudo\fR +uses a built-in lecture. +.TP 14n +listpw +This option controls when a password will be required when a user runs +\fBsudo\fR +with the +\fB\-l\fR +option. +It has the following possible values: +.PP +.RS 14n +.PD 0 +.TP 10n +all +All the user's +\fIsudoers\fR +file entries for the current host must have +the +\fRNOPASSWD\fR +flag set to avoid entering a password. +.PD +.TP 10n +always +The user must always enter a password to use the +\fB\-l\fR +option. +.TP 10n +any +At least one of the user's +\fIsudoers\fR +file entries for the current host +must have the +\fRNOPASSWD\fR +flag set to avoid entering a password. +.TP 10n +never +The user need never enter a password to use the +\fB\-l\fR +option. +.PP +If no value is specified, a value of +\fIany\fR +is implied. +Negating the option results in a value of +\fInever\fR +being used. +The default value is +\fIany\fR. +.RE +.TP 14n +log_format +The event log format. +Supported log formats are: +.PP +.RS 14n +.PD 0 +.TP 10n +json +Logs in JSON format. +JSON log entries contain the full user details as well as the execution +environment if the command was allowed. +Due to limitations of the protocol, JSON events sent via +\fIsyslog\fR +may be truncated. +.PD +.TP 10n +sudo +Traditional sudo-style logs, see +\fILOG FORMAT\fR +for a description of the log file format. +.PP +This setting affects logs sent via +syslog(3) +as well as the file specified by the +\fIlogfile\fR +setting, if any. +The default value is +\fIsudo\fR. +.RE +.TP 14n +logfile +Path to the +\fBsudo\fR +log file (not the syslog log file). +Setting a path turns on logging to a file; +negating this option turns it off. +By default, +\fBsudo\fR +logs via syslog. +.TP 14n +mailerflags +Flags to use when invoking mailer. +Defaults to +\fB\-t\fR. +.TP 14n +mailerpath +Path to mail program used to send warning mail. +Defaults to the path to sendmail found at configure time. +.TP 14n +mailfrom +Address to use for the +\(lqfrom\(rq +address when sending warning and error mail. +The address should be enclosed in double quotes +(\&"") +to protect against +\fBsudo\fR +interpreting the +\fR@\fR +sign. +Defaults to the name of the user running +\fBsudo\fR. +.TP 14n +mailto +Address to send warning and error mail to. +The address should be enclosed in double quotes +(\&"") +to protect against +\fBsudo\fR +interpreting the +\fR@\fR +sign. +Defaults to +\fR@mailto@\fR. +.TP 14n +rlimit_as +The maximum size to which the process's address space may grow (in bytes), +if supported by the operating system. +See +\fIResource limits\fR +for more information. +.TP 14n +rlimit_core +The largest size core dump file that may be created (in bytes). +See +\fIResource limits\fR +for more information. +Defaults to 0 (no core dump created). +.TP 14n +rlimit_cpu +The maximum amount of CPU time that the process may use (in seconds). +See +\fIResource limits\fR +for more information. +.TP 14n +rlimit_data +The maximum size of the data segment for the process (in bytes). +See +\fIResource limits\fR +for more information. +.TP 14n +rlimit_fsize +The largest size file that the process may create (in bytes). +See +\fIResource limits\fR +for more information. +.TP 14n +rlimit_locks +The maximum number of locks that the process may establish, +if supported by the operating system. +See +\fIResource limits\fR +for more information. +.TP 14n +rlimit_memlock +The maximum size that the process may lock in memory (in bytes), +if supported by the operating system. +See +\fIResource limits\fR +for more information. +.TP 14n +rlimit_nofile +.br +The maximum number of files that the process may have open. +See +\fIResource limits\fR +for more information. +.TP 14n +rlimit_nproc +The maximum number of processes that the user may run simultaneously. +See +\fIResource limits\fR +for more information. +.TP 14n +rlimit_rss +The maximum size to which the process's resident set size may grow (in bytes). +See +\fIResource limits\fR +for more information. +.TP 14n +rlimit_stack +The maximum size to which the process's stack may grow (in bytes). +See +\fIResource limits\fR +for more information. +.TP 14n +restricted_env_file +The +\fIrestricted_env_file\fR +option specifies the fully qualified path to a file containing variables +to be set in the environment of the program being run. +Entries in this file should either be of the form +\(lq\fRVARIABLE=value\fR\(rq +or +\(lq\fRexport VARIABLE=value\fR\(rq. +The value may optionally be enclosed in single or double quotes. +Variables in this file are only added if the variable does not already +exist in the environment. +Unlike +\fIenv_file\fR, +the file's contents are not trusted and are processed in a manner +similar to that of the invoking user's environment. +If +\fIenv_reset\fR +is enabled, variables in the file will only be added if they are +matched by either the +\fIenv_check\fR +or +\fIenv_keep\fR +list. +If +\fIenv_reset\fR +is disabled, variables in the file are added as long as they +are not matched by the +\fIenv_delete\fR +list. +In either case, the contents of +\fIrestricted_env_file\fR +are processed before the contents of +\fIenv_file\fR. +.TP 14n +runchroot +If set, +\fBsudo\fR +will use this value for the root directory when running a command. +The special value +\(lq*\(rq +will allow the user to specify the root directory via +\fBsudo\fR's +\fB\-R\fR +option. +See the +\fIChroot_Spec\fR +section for more details. +.sp +It is only possible to use +\fIrunchroot\fR +as a command-specific Defaults setting if the command exists with +the same path both inside and outside the chroot jail. +This restriction does not apply to generic, host, or user-based +Defaults settings or to a +\fICmnd_Spec\fR +that includes a +\fIChroot_Spec\fR. +.sp +This setting is only supported by version 1.9.3 or higher. +.TP 14n +runcwd +If set, +\fBsudo\fR +will use this value for the working directory when running a command. +The special value +\(lq*\(rq +will allow the user to specify the working directory via +\fBsudo\fR's +\fB\-D\fR +option. +See the +\fIChdir_Spec\fR +section for more details. +.sp +This setting is only supported by version 1.9.3 or higher. +.TP 14n +secure_path +If set, +\fBsudo\fR +will use this value in place of the user's +\fRPATH\fR +environment variable. +This option can be used to reset the +\fRPATH\fR +to a known good value that contains directories for system administrator +commands such as +\fI/usr/sbin\fR. +.sp +Users in the group specified by the +\fIexempt_group\fR +option are not affected by +\fIsecure_path\fR. +This option is @secure_path@ by default. +.TP 14n +syslog +Syslog facility if syslog is being used for logging (negate to +disable syslog logging). +Defaults to +\fR@logfac@\fR. +.sp +The following syslog facilities are supported: +\fBauthpriv\fR +(if your +OS supports it), +\fBauth\fR, +\fBdaemon\fR, +\fBuser\fR, +\fBlocal0\fR, +\fBlocal1\fR, +\fBlocal2\fR, +\fBlocal3\fR, +\fBlocal4\fR, +\fBlocal5\fR, +\fBlocal6\fR, +and +\fBlocal7\fR. +.TP 14n +syslog_badpri +.br +Syslog priority to use when the user is not allowed to run a command or +when authentication is unsuccessful. +Defaults to +\fR@badpri@\fR. +.sp +The following syslog priorities are supported: +\fBalert\fR, +\fBcrit\fR, +\fBdebug\fR, +\fBemerg\fR, +\fBerr\fR, +\fBinfo\fR, +\fBnotice\fR, +\fBwarning\fR, +and +\fBnone\fR. +Negating the option or setting it to a value of +\fBnone\fR +will disable logging of unsuccessful commands. +.TP 14n +syslog_goodpri +Syslog priority to use when the user is allowed to run a command and +authentication is successful. +Defaults to +\fR@goodpri@\fR. +.sp +See +\fIsyslog_badpri\fR +for the list of supported syslog priorities. +Negating the option or setting it to a value of +\fBnone\fR +will disable logging of successful commands. +.TP 14n +verifypw +This option controls when a password will be required when a user runs +\fBsudo\fR +with the +\fB\-v\fR +option. +It has the following possible values: +.PP +.RS 14n +.PD 0 +.TP 8n +all +All the user's +\fIsudoers\fR +file entries for the current host must have the +\fRNOPASSWD\fR +flag set to avoid entering a password. +.PD +.TP 8n +always +The user must always enter a password to use the +\fB\-v\fR +option. +.TP 8n +any +At least one of the user's +\fIsudoers\fR +file entries for the current host must have the +\fRNOPASSWD\fR +flag set to avoid entering a password. +.TP 8n +never +The user need never enter a password to use the +\fB\-v\fR +option. +.PP +If no value is specified, a value of +\fIall\fR +is implied. +Negating the option results in a value of +\fInever\fR +being used. +The default value is +\fIall\fR. +.RE +.PP +\fBLists that can be used in a boolean context\fR: +.\} +.TP 18n +env_check +Environment variables to be removed from the user's environment +unless they are considered +\(lqsafe\(rq. +For all variables except +\fRTZ\fR, +\(lqsafe\(rq +means that the variable's value does not contain any +\(oq%\(cq +or +\(oq/\(cq +characters. +This can be used to guard against printf-style format vulnerabilities +in poorly-written programs. +The +\fRTZ\fR +variable is considered unsafe if any of the following are true: +.PP +.RS 18n +.PD 0 +.TP 3n +\fB\(bu\fR +It consists of a fully-qualified path name, +optionally prefixed with a colon +(\(oq:\&\(cq), +that does not match the location of the +\fIzoneinfo\fR +directory. +.PD +.TP 3n +\fB\(bu\fR +It contains a +\fI..\fR +path element. +.TP 3n +\fB\(bu\fR +It contains white space or non-printable characters. +.TP 3n +\fB\(bu\fR +It is longer than the value of +\fRPATH_MAX\fR. +.PP +The argument may be a double-quoted, space-separated list or a +single value without double-quotes. +The list can be replaced, added to, deleted from, or disabled by using +the +\fR=\fR, +\fR+=\fR, +\fR-=\fR, +and +\fR\&!\fR +operators respectively. +Regardless of whether the +\fRenv_reset\fR +option is enabled or disabled, variables specified by +\fRenv_check\fR +will be preserved in the environment if they pass the aforementioned check. +The global list of environment variables to check is displayed when +\fBsudo\fR +is run by root with +the +\fB\-V\fR +option. +.RE +.TP 18n +env_delete +Environment variables to be removed from the user's environment when the +\fIenv_reset\fR +option is not in effect. +The argument may be a double-quoted, space-separated list or a +single value without double-quotes. +The list can be replaced, added to, deleted from, or disabled by using the +\fR=\fR, +\fR+=\fR, +\fR-=\fR, +and +\fR\&!\fR +operators respectively. +The global list of environment variables to remove is displayed when +\fBsudo\fR +is run by root with the +\fB\-V\fR +option. +Note that many operating systems will remove potentially dangerous +variables from the environment of any set-user-ID process (such as +\fBsudo\fR). +.TP 18n +env_keep +Environment variables to be preserved in the user's environment when the +\fIenv_reset\fR +option is in effect. +This allows fine-grained control over the environment +\fBsudo\fR-spawned +processes will receive. +The argument may be a double-quoted, space-separated list or a +single value without double-quotes. +The list can be replaced, added to, deleted from, or disabled by using the +\fR=\fR, +\fR+=\fR, +\fR-=\fR, +and +\fR\&!\fR +operators respectively. +The global list of variables to keep +is displayed when +\fBsudo\fR +is run by root with the +\fB\-V\fR +option. +.sp +Preserving the +\fRHOME\fR +environment variable has security implications since many programs use it +when searching for configuration or data files. +Adding +\fRHOME\fR +to +\fIenv_keep\fR +may enable a user to run unrestricted commands via +\fBsudo\fR +and is strongly discouraged. +Users wishing to edit files with +\fBsudo\fR +should run +\fBsudoedit\fR +(or +\fBsudo\fR \fB\-e\fR) +to get their accustomed editor configuration instead of +invoking the editor directly. +.TP 18n +log_servers +A list of one or more servers to use for remote event and I/O log storage, +separated by white space. +Log servers must be running +\fBsudo_logsrvd\fR +or another service that implements the protocol described by +sudo_logsrv.proto(@mansectform@). +.sp +Server addresses should be of the form +\(lqhost[:port][(tls)]\(rq. +The host portion may be a host name, an IPv4 address, or an IPv6 address +in square brackets. +.sp +If the optional +\fItls\fR +flag is present, the connection will be secured +with Transport Layer Security (TLS) version 1.2 or 1.3. +Versions of TLS prior to 1.2 are not supported. +.sp +If a port is specified, it may either be a port number or a well-known +service name as defined by the system service name database. +If no port is specified, port 30343 will be used for plaintext +connections and port 30344 will be used for TLS connections. +.sp +When +\fIlog_servers\fR +is set, event log data will be logged both locally (see the +\fIsyslog\fR +and +\fIlog_file\fR +settings) as well as remotely, but I/O log data will only be logged remotely. +If multiple hosts are specified, they will be attempted in reverse order. +If no log servers are available, the user will not be able to run +a command unless either the +\fIignore_iolog_errors\fR +flag (I/O logging enabled) or the +\fIignore_log_errors\fR +flag (I/O logging disabled) is set. +Likewise, if the connection to the log server is interrupted while +\fBsudo\fR +is running, the command will be terminated unless the +\fIignore_iolog_errors\fR +flag (I/O logging enabled) or the +\fIignore_log_errors\fR +flag (I/O logging disabled) is set. +.sp +This setting is only supported by version 1.9.0 or higher. +.SH "GROUP PROVIDER PLUGINS" +The +\fBsudoers\fR +plugin supports its own plugin interface to allow non-Unix +group lookups which can query a group source other +than the standard Unix group database. +This can be used to implement support for the +\fRnonunix_group\fR +syntax described earlier. +.PP +Group provider plugins are specified via the +\fIgroup_plugin\fR +setting. +The argument to +\fIgroup_plugin\fR +should consist of the plugin path, either fully-qualified or relative to the +\fI@plugindir@\fR +directory, followed by any configuration options the plugin requires. +These options (if specified) will be passed to the plugin's initialization +function. +If options are present, the string must be enclosed in double quotes +(\&""). +.PP +The following group provider plugins are installed by default: +.TP 10n +group_file +The +\fIgroup_file\fR +plugin supports an alternate group file that uses the same syntax as the +\fI/etc/group\fR +file. +The path to the group file should be specified as an option +to the plugin. +For example, if the group file to be used is +\fI/etc/sudo-group\fR: +.nf +.sp +.RS 10n +Defaults group_plugin="group_file.so /etc/sudo-group" +.RE +.fi +.TP 10n +system_group +The +\fIsystem_group\fR +plugin supports group lookups via the standard C library functions +\fBgetgrnam\fR() +and +\fBgetgrid\fR(). +This plugin can be used in instances where the user belongs to +groups not present in the user's supplemental group vector. +This plugin takes no options: +.nf +.sp +.RS 10n +Defaults group_plugin=system_group.so +.RE +.fi +.PP +The group provider plugin API is described in detail in +sudo_plugin(@mansectform@). +.SH "LOG FORMAT" +\fBsudoers\fR +can log events in either JSON or +\fIsudo\fR +format, +this section describes the +\fIsudo\fR +log format. +Depending on +\fIsudoers\fR +configuration, +\fBsudoers\fR +can log events via +syslog(3), +to a local log file, or both. +The log format is almost identical in both cases. +.SS "Accepted command log entries" +Commands that sudo runs are logged using the following format (split +into multiple lines for readability): +.nf +.sp +.RS 4n +date hostname progname: username : TTY=ttyname ; PWD=cwd ; \e + USER=runasuser ; GROUP=runasgroup ; TSID=logid ; \e + ENV=env_vars COMMAND=command +.RE +.fi +.PP +Where the fields are as follows: +.TP 14n +date +The date the command was run. +Typically, this is in the format +\(lqMMM, DD, HH:MM:SS\(rq. +If logging via +syslog(3), +the actual date format is controlled by the syslog daemon. +If logging to a file and the +\fIlog_year\fR +option is enabled, +the date will also include the year. +.TP 14n +hostname +The name of the host +\fBsudo\fR +was run on. +This field is only present when logging via +syslog(3). +.TP 14n +progname +The name of the program, usually +\fIsudo\fR +or +\fIsudoedit\fR. +This field is only present when logging via +syslog(3). +.TP 14n +username +The login name of the user who ran +\fBsudo\fR. +.TP 14n +ttyname +The short name of the terminal (e.g., +\(lqconsole\(rq, +\(lqtty01\(rq, +or +\(lqpts/0\(rq) +\fBsudo\fR +was run on, or +\(lqunknown\(rq +if there was no terminal present. +.TP 14n +cwd +The current working directory that +\fBsudo\fR +was run in. +.TP 14n +runasuser +The user the command was run as. +.TP 14n +runasgroup +The group the command was run as if one was specified on the command line. +.TP 14n +logid +An I/O log identifier that can be used to replay the command's output. +This is only present when the +\fIlog_input\fR +or +\fIlog_output\fR +option is enabled. +.TP 14n +env_vars +A list of environment variables specified on the command line, +if specified. +.TP 14n +command +The actual command that was executed. +.PP +Messages are logged using the locale specified by +\fIsudoers_locale\fR, +which defaults to the +\(lq\fRC\fR\(rq +locale. +.SS "Denied command log entries" +If the user is not allowed to run the command, the reason for the denial +will follow the user name. +Possible reasons include: +.TP 3n +user NOT in sudoers +The user is not listed in the +\fIsudoers\fR +file. +.TP 3n +user NOT authorized on host +The user is listed in the +\fIsudoers\fR +file but is not allowed to run commands on the host. +.TP 3n +command not allowed +The user is listed in the +\fIsudoers\fR +file for the host but they are not allowed to run the specified command. +.TP 3n +3 incorrect password attempts +The user failed to enter their password after 3 tries. +The actual number of tries will vary based on the number of +failed attempts and the value of the +\fIpasswd_tries\fR +option. +.TP 3n +a password is required +The +\fB\-n\fR +option was specified but a password was required. +.TP 3n +sorry, you are not allowed to set the following environment variables +The user specified environment variables on the command line that +were not allowed by +\fIsudoers\fR. +.SS "Error log entries" +If an error occurs, +\fBsudoers\fR +will log a message and, in most cases, send a message to the +administrator via email. +Possible errors include: +.TP 3n +parse error in @sysconfdir@/sudoers near line N +\fBsudoers\fR +encountered an error when parsing the specified file. +In some cases, the actual error may be one line above or below the +line number listed, depending on the type of error. +.TP 3n +problem with defaults entries +The +\fIsudoers\fR +file contains one or more unknown Defaults settings. +This does not prevent +\fBsudo\fR +from running, but the +\fIsudoers\fR +file should be checked using +\fBvisudo\fR. +.TP 3n +timestamp owner (username): \&No such user +The time stamp directory owner, as specified by the +\fItimestampowner\fR +setting, could not be found in the password database. +.TP 3n +unable to open/read @sysconfdir@/sudoers +The +\fIsudoers\fR +file could not be opened for reading. +This can happen when the +\fIsudoers\fR +file is located on a remote file system that maps user-ID 0 to +a different value. +Normally, +\fBsudoers\fR +tries to open the +\fIsudoers\fR +file using group permissions to avoid this problem. +Consider either changing the ownership of +\fI@sysconfdir@/sudoers\fR +or adding an argument like +\(lqsudoers_uid=N\(rq +(where +\(oqN\(cq +is the user-ID that owns the +\fIsudoers\fR +file) to the end of the +\fBsudoers\fR +\fRPlugin\fR +line in the +sudo.conf(@mansectform@) +file. +.TP 3n +unable to stat @sysconfdir@/sudoers +The +\fI@sysconfdir@/sudoers\fR +file is missing. +.TP 3n +@sysconfdir@/sudoers is not a regular file +The +\fI@sysconfdir@/sudoers\fR +file exists but is not a regular file or symbolic link. +.TP 3n +@sysconfdir@/sudoers is owned by uid N, should be 0 +The +\fIsudoers\fR +file has the wrong owner. +If you wish to change the +\fIsudoers\fR +file owner, please add +\(lqsudoers_uid=N\(rq +(where +\(oqN\(cq +is the user-ID that owns the +\fIsudoers\fR +file) to the +\fBsudoers\fR +\fRPlugin\fR +line in the +sudo.conf(@mansectform@) +file. +.TP 3n +@sysconfdir@/sudoers is world writable +The permissions on the +\fIsudoers\fR +file allow all users to write to it. +The +\fIsudoers\fR +file must not be world-writable, the default file mode +is 0440 (readable by owner and group, writable by none). +The default mode may be changed via the +\(lqsudoers_mode\(rq +option to the +\fBsudoers\fR +\fRPlugin\fR +line in the +sudo.conf(@mansectform@) +file. +.TP 3n +@sysconfdir@/sudoers is owned by gid N, should be 1 +The +\fIsudoers\fR +file has the wrong group ownership. +If you wish to change the +\fIsudoers\fR +file group ownership, please add +\(lqsudoers_gid=N\(rq +(where +\(oqN\(cq +is the group-ID that owns the +\fIsudoers\fR +file) to the +\fBsudoers\fR +\fRPlugin\fR +line in the +sudo.conf(@mansectform@) +file. +.TP 3n +unable to open @rundir@/ts/username +\fBsudoers\fR +was unable to read or create the user's time stamp file. +This can happen when +\fItimestampowner\fR +is set to a user other than root and the mode on +\fI@rundir@\fR +is not searchable by group or other. +The default mode for +\fI@rundir@\fR +is 0711. +.TP 3n +unable to write to @rundir@/ts/username +\fBsudoers\fR +was unable to write to the user's time stamp file. +.TP 3n +@rundir@/ts is owned by uid X, should be Y +The time stamp directory is owned by a user other than +\fItimestampowner\fR. +This can occur when the value of +\fItimestampowner\fR +has been changed. +\fBsudoers\fR +will ignore the time stamp directory until the owner is corrected. +.TP 3n +@rundir@/ts is group writable +The time stamp directory is group-writable; it should be writable only by +\fItimestampowner\fR. +The default mode for the time stamp directory is 0700. +\fBsudoers\fR +will ignore the time stamp directory until the mode is corrected. +.SS "Notes on logging via syslog" +By default, +\fBsudoers\fR +logs messages via +syslog(3). +The +\fIdate\fR, +\fIhostname\fR, +and +\fIprogname\fR +fields are added by the system's +\fBsyslog\fR() +function, not +\fBsudoers\fR +itself. +As such, they may vary in format on different systems. +.PP +The maximum size of syslog messages varies from system to system. +The +\fIsyslog_maxlen\fR +setting can be used to change the maximum syslog message size +from the default value of 980 bytes. +For more information, see the description of +\fIsyslog_maxlen\fR. +.SS "Notes on logging to a file" +If the +\fIlogfile\fR +option is set, +\fBsudoers\fR +will log to a local file, such as +\fI/var/log/sudo\fR. +When logging to a file, +\fBsudoers\fR +uses a format similar to +syslog(3), +with a few important differences: +.TP 5n +1.\& +The +\fIprogname\fR +and +\fIhostname\fR +fields are not present. +.TP 5n +2.\& +If the +\fIlog_year\fR +option is enabled, +the date will also include the year. +.TP 5n +3.\& +Lines that are longer than +\fIloglinelen\fR +characters (80 by default) are word-wrapped and continued on the +next line with a four character indent. +This makes entries easier to read for a human being, but makes it +more difficult to use +grep(1) +on the log files. +If the +\fIloglinelen\fR +option is set to 0 (or negated with a +\(oq\&!\(cq), +word wrap will be disabled. +.SH "I/O LOG FILES" +When I/O logging is enabled, +\fBsudo\fR +will run the command in a pseudo-terminal and log all user input and/or output, +depending on which options are enabled. +I/O can be logged either to the local machine or to a remote log server. +For local logs, I/O is logged to the directory specified by the +\fIiolog_dir\fR +option +(\fI@iolog_dir@\fR +by default) +using a unique session ID that is included in the +\fBsudo\fR +log line, prefixed with +\(lq\fRTSID=\fR\(rq. +The +\fIiolog_file\fR +option may be used to control the format of the session ID. +For remote logs, the +\fIlog_servers\fR +setting is used to specify one or more log servers running +\fBsudo_logsrvd\fR +or another server that implements the protocol described by +sudo_logsrv.proto(@mansectform@). +.PP +For both local and remote I/O logs, each log is stored in a separate +directory that contains the following files: +.TP 10n +\fIlog\fR +A text file containing information about the command. +The first line consists of the following colon-delimited fields: +the time the command was run, the name of the user +who ran +\fBsudo\fR, +the name of the target user, the name of the target group (optional), +the terminal that +\fBsudo\fR +was run from, and the number of lines and columns of the terminal. +The second and third lines contain the working directory the command +was run from and the path name of the command itself (with arguments +if present). +.TP 10n +\fIlog.json\fR +A JSON-formatted file containing information about the command. +This is similar to the +\fIlog\fR +file but contains additional information and is easily extensible. +The +\fIlog.json\fR +file will be used by +sudoreplay(@mansectsu@) +in preference to the +\fIlog\fR +file if it exists. +The file may contain the following elements: +.PP +.RS 10n +.PD 0 +.TP 10n +timestamp +.br +A JSON object containing time the command was run. +It consists of two values, +\fIseconds\fR +and +\fInanoseconds\fR. +.PD +.TP 10n +columns +The number of columns of the terminal the command ran on, or zero +if no terminal was present. +.TP 10n +command +The fully-qualified path of the command that was run. +.TP 10n +lines +The number of lines of the terminal the command ran on, or zero +if no terminal was present. +.TP 10n +runargv +A JSON array representing the command's argument vector as passed to the +\fBexecve\fR() +system call. +.TP 10n +runenv +A JSON array representing the command's environment as passed to the +\fBexecve\fR() +system call. +.TP 10n +rungid +The group ID the command ran as. +This element is only present when the user specifies a group on the +command line. +.TP 10n +rungroup +The name of the group the command ran as. +This element is only present when the user specifies a group on the +command line. +.TP 10n +runuid +The user ID the command ran as. +.TP 10n +runuser +The name of the user the command ran as. +.TP 10n +submitcwd +.br +The current working directory at the time +\fBsudo\fR +was run. +.TP 10n +submithost +The name of the host the command was run on. +.TP 10n +submituser +The name of the user who ran the command via +\fBsudo\fR. +.TP 10n +ttyname +The path name of the terminal the user invoked +\fBsudo\fR +from. +If the command was run in a pseudo-terminal, +\fIttyname\fR +will be different from the terminal the command actually ran in. +.PD 0 +.PP +.RE +.PD +.TP 10n +\fItiming\fR +Timing information used to replay the session. +Each line consists of the I/O log entry type and amount of time +since the last entry, followed by type-specific data. +The I/O log entry types and their corresponding type-specific data are: +.PP +.RS 10n +.PD 0 +.TP 6n +0 +standard input, number of bytes in the entry +.TP 6n +1 +standard output, number of bytes in the entry +.TP 6n +2 +standard error, number of bytes in the entry +.TP 6n +3 +terminal input, number of bytes in the entry +.TP 6n +4 +terminal output, number of bytes in the entry +.TP 6n +5 +window change, new number lines and columns +.TP 6n +6 +bug compatibility for +\fBsudo\fR +1.8.7 terminal output +.TP 6n +7 +command suspend or resume, signal received +.PP +.RE +.PD +.TP 10n +\fIttyin\fR +Raw input from the user's terminal, exactly as it was received. +No post-processing is performed. +For manual viewing, you may wish to convert carriage return characters +in the log to line feeds. +For example: +\(oqgunzip -c ttyin | tr \&"\er\&" \&"\en\&"\(cq +.TP 10n +\fIstdin\fR +The standard input when no terminal is present, or input redirected from +a pipe or file. +.TP 10n +\fIttyout\fR +Output from the pseudo-terminal (what the command writes to the screen). +Note that terminal-specific post-processing is performed before the +data is logged. +This means that, for example, line feeds are usually converted to +line feed/carriage return pairs and tabs may be expanded to spaces. +.TP 10n +\fIstdout\fR +The standard output when no terminal is present, or output redirected to +a pipe or file. +.TP 10n +\fIstderr\fR +The standard error redirected to a pipe or file. +.PP +All files other than +\fIlog\fR +are compressed in gzip format unless the +\fIcompress_io\fR +flag has been disabled. +Due to buffering, it is not normally possible to display the I/O logs in +real-time as the program is executing. +The I/O log data will not be complete until the program run by +\fBsudo\fR +has exited or has been terminated by a signal. +The +\fIiolog_flush\fR +flag can be used to disable buffering, in which case I/O log data +is written to disk as soon as it is available. +The output portion of an I/O log file can be viewed with the +sudoreplay(@mansectsu@) +utility, which can also be used to list or search the available logs. +.PP +Note that user input may contain sensitive information such as +passwords (even if they are not echoed to the screen), which will +be stored in the log file unencrypted. +In most cases, logging the command output via +\fIlog_output\fR +or +\fRLOG_OUTPUT\fR +is all that is required. +.PP +Since each session's I/O logs are stored in a separate directory, +traditional log rotation utilities cannot be used to limit the +number of I/O logs. +The simplest way to limit the number of I/O is by setting the +\fImaxseq\fR +option to the maximum number of logs you wish to store. +Once the I/O log sequence number reaches +\fImaxseq\fR, +it will be reset to zero and +\fBsudoers\fR +will truncate and re-use any existing I/O logs. +.SH "FILES" +.TP 26n +\fI@sysconfdir@/sudo.conf\fR +Sudo front-end configuration +.TP 26n +\fI@sysconfdir@/sudoers\fR +List of who can run what +.TP 26n +\fI/etc/group\fR +Local groups file +.TP 26n +\fI/etc/netgroup\fR +List of network groups +.TP 26n +\fI@iolog_dir@\fR +I/O log files +.TP 26n +\fI@rundir@/ts\fR +Directory containing time stamps for the +\fBsudoers\fR +security policy +.TP 26n +\fI@vardir@/lectured\fR +Directory containing lecture status files for the +\fBsudoers\fR +security policy +.TP 26n +\fI/etc/environment\fR +Initial environment for +\fB\-i\fR +mode on AIX and Linux systems +.SH "EXAMPLES" +Below are example +\fIsudoers\fR +file entries. +Admittedly, some of these are a bit contrived. +First, we allow a few environment variables to pass and then define our +\fIaliases\fR: +.nf +.sp +.RS 0n +# Run X applications through sudo; HOME is used to find the +# .Xauthority file. Note that other programs use HOME to find +# configuration files and this may lead to privilege escalation! +Defaults env_keep += "DISPLAY HOME" + +# User alias specification +User_Alias FULLTIMERS = millert, mikef, dowdy +User_Alias PARTTIMERS = bostley, jwfox, crawl +User_Alias WEBADMIN = will, wendy, wim + +# Runas alias specification +Runas_Alias OP = root, operator +Runas_Alias DB = oracle, sybase +Runas_Alias ADMINGRP = adm, oper + +# Host alias specification +Host_Alias SPARC = bigtime, eclipse, moet, anchor :\e + SGI = grolsch, dandelion, black :\e + ALPHA = widget, thalamus, foobar :\e + HPPA = boa, nag, python +Host_Alias CUNETS = 128.138.0.0/255.255.0.0 +Host_Alias CSNETS = 128.138.243.0, 128.138.204.0/24, 128.138.242.0 +Host_Alias SERVERS = primary, mail, www, ns +Host_Alias CDROM = orion, perseus, hercules + +# Cmnd alias specification +Cmnd_Alias DUMPS = /usr/bin/mt, /usr/sbin/dump, /usr/sbin/rdump,\e + /usr/sbin/restore, /usr/sbin/rrestore,\e + sha224:0GomF8mNN3wlDt1HD9XldjJ3SNgpFdbjO1+NsQ== \e + /home/operator/bin/start_backups +Cmnd_Alias KILL = /usr/bin/kill +Cmnd_Alias PRINTING = /usr/sbin/lpc, /usr/bin/lprm +Cmnd_Alias SHUTDOWN = /usr/sbin/shutdown +Cmnd_Alias HALT = /usr/sbin/halt +Cmnd_Alias REBOOT = /usr/sbin/reboot +Cmnd_Alias SHELLS = /usr/bin/sh, /usr/bin/csh, /usr/bin/ksh,\e + /usr/local/bin/tcsh, /usr/bin/rsh,\e + /usr/local/bin/zsh +Cmnd_Alias SU = /usr/bin/su +Cmnd_Alias PAGERS = /usr/bin/more, /usr/bin/pg, /usr/bin/less +.RE +.fi +.PP +Here we override some of the compiled in default values. +We want +\fBsudo\fR +to log via +syslog(3) +using the +\fIauth\fR +facility in all cases and for commands to be run with +the target user's home directory as the working directory. +We don't want to subject the full time staff to the +\fBsudo\fR +lecture and we want to allow them to run commands in a +chroot(2) +\(lqsandbox\(rq +via the +\fB\-R\fR +option. +User +\fBmillert\fR +need not provide a password and we don't want to reset the +\fRLOGNAME\fR +or +\fRUSER\fR +environment variables when running commands as root. +Additionally, on the machines in the +\fISERVERS\fR +\fRHost_Alias\fR, +we keep an additional local log file and make sure we log the year +in each log line since the log entries will be kept around for several years. +Lastly, we disable shell escapes for the commands in the PAGERS +\fRCmnd_Alias\fR +(\fI/usr/bin/more\fR, +\fI/usr/bin/pg\fR +and +\fI/usr/bin/less\fR) +\&. +Note that this will not effectively constrain users with +\fBsudo\fR +\fBALL\fR +privileges. +.nf +.sp +.RS 0n +# Override built-in defaults +Defaults syslog=auth,runcwd=~ +Defaults>root !set_logname +Defaults:FULLTIMERS !lecture,runchroot=* +Defaults:millert !authenticate +Defaults@SERVERS log_year, logfile=/var/log/sudo.log +Defaults!PAGERS noexec +.RE +.fi +.PP +The +\fIUser specification\fR +is the part that actually determines who may run what. +.nf +.sp +.RS 0n +root ALL = (ALL) ALL +%wheel ALL = (ALL) ALL +.RE +.fi +.PP +We let +\fBroot\fR +and any user in group +\fBwheel\fR +run any command on any host as any user. +.nf +.sp +.RS 0n +FULLTIMERS ALL = NOPASSWD: ALL +.RE +.fi +.PP +Full time sysadmins +(\fBmillert\fR, +\fBmikef\fR, +and +\fBdowdy\fR) +may run any command on any host without authenticating themselves. +.nf +.sp +.RS 0n +PARTTIMERS ALL = ALL +.RE +.fi +.PP +Part time sysadmins +\fBbostley\fR, +\fBjwfox\fR, +and +\fBcrawl\fR) +may run any command on any host but they must authenticate themselves +first (since the entry lacks the +\fRNOPASSWD\fR +tag). +.nf +.sp +.RS 0n +jack CSNETS = ALL +.RE +.fi +.PP +The user +\fBjack\fR +may run any command on the machines in the +\fICSNETS\fR +alias (the networks +\fR128.138.243.0\fR, +\fR128.138.204.0\fR, +and +\fR128.138.242.0\fR). +Of those networks, only +\fR128.138.204.0\fR +has an explicit netmask (in CIDR notation) indicating it is a class C network. +For the other networks in +\fICSNETS\fR, +the local machine's netmask will be used during matching. +.nf +.sp +.RS 0n +lisa CUNETS = ALL +.RE +.fi +.PP +The user +\fBlisa\fR +may run any command on any host in the +\fICUNETS\fR +alias (the class B network +\fR128.138.0.0\fR). +.nf +.sp +.RS 0n +operator ALL = DUMPS, KILL, SHUTDOWN, HALT, REBOOT, PRINTING,\e + sudoedit /etc/printcap, /usr/oper/bin/ +.RE +.fi +.PP +The +\fBoperator\fR +user may run commands limited to simple maintenance. +Here, those are commands related to backups, killing processes, the +printing system, shutting down the system, and any commands in the +directory +\fI/usr/oper/bin/\fR. +Note that one command in the +\fRDUMPS\fR +Cmnd_Alias includes a sha224 digest, +\fI/home/operator/bin/start_backups\fR. +This is because the directory containing the script is writable by the +operator user. +If the script is modified (resulting in a digest mismatch) it will no longer +be possible to run it via +\fBsudo\fR. +.nf +.sp +.RS 0n +joe ALL = /usr/bin/su operator +.RE +.fi +.PP +The user +\fBjoe\fR +may only +su(1) +to operator. +.nf +.sp +.RS 0n +pete HPPA = /usr/bin/passwd [A-Za-z]*, !/usr/bin/passwd *root* + +%opers ALL = (: ADMINGRP) /usr/sbin/ +.RE +.fi +.PP +Users in the +\fBopers\fR +group may run commands in +\fI/usr/sbin/\fR +as themselves +with any group in the +\fIADMINGRP\fR +\fRRunas_Alias\fR +(the +\fBadm\fR +and +\fBoper\fR +groups). +.PP +The user +\fBpete\fR +is allowed to change anyone's password except for +root on the +\fIHPPA\fR +machines. +Because command line arguments are matched as a single, +concatenated string, the +\(oq*\(cq +wildcard will match +\fImultiple\fR +words. +This example assumes that +passwd(1) +does not take multiple user names on the command line. +Note that on GNU systems, options to +passwd(1) +may be specified after the user argument. +As a result, this rule will also allow: +.nf +.sp +.RS 4n +passwd username --expire +.RE +.fi +.PP +which may not be desirable. +.nf +.sp +.RS 0n +bob SPARC = (OP) ALL : SGI = (OP) ALL +.RE +.fi +.PP +The user +\fBbob\fR +may run anything on the +\fISPARC\fR +and +\fISGI\fR +machines as any user listed in the +\fIOP\fR +\fRRunas_Alias\fR +(\fBroot\fR +and +\fBoperator\fR.) +.nf +.sp +.RS 0n +jim +biglab = ALL +.RE +.fi +.PP +The user +\fBjim\fR +may run any command on machines in the +\fIbiglab\fR +netgroup. +\fBsudo\fR +knows that +\(lqbiglab\(rq +is a netgroup due to the +\(oq+\(cq +prefix. +.nf +.sp +.RS 0n ++secretaries ALL = PRINTING, /usr/bin/adduser, /usr/bin/rmuser +.RE +.fi +.PP +Users in the +\fBsecretaries\fR +netgroup need to help manage the printers as well as add and remove users, +so they are allowed to run those commands on all machines. +.nf +.sp +.RS 0n +fred ALL = (DB) NOPASSWD: ALL +.RE +.fi +.PP +The user +\fBfred\fR +can run commands as any user in the +\fIDB\fR +\fRRunas_Alias\fR +(\fBoracle\fR +or +\fBsybase\fR) +without giving a password. +.nf +.sp +.RS 0n +john ALPHA = /usr/bin/su [!-]*, !/usr/bin/su *root* +.RE +.fi +.PP +On the +\fIALPHA\fR +machines, user +\fBjohn\fR +may su to anyone except root but he is not allowed to specify any options +to the +su(1) +command. +.nf +.sp +.RS 0n +jen ALL, !SERVERS = ALL +.RE +.fi +.PP +The user +\fBjen\fR +may run any command on any machine except for those in the +\fISERVERS\fR +\fRHost_Alias\fR +(primary, mail, www, and ns). +.nf +.sp +.RS 0n +jill SERVERS = /usr/bin/, !SU, !SHELLS +.RE +.fi +.PP +For any machine in the +\fISERVERS\fR +\fRHost_Alias\fR, +\fBjill\fR +may run +any commands in the directory +\fI/usr/bin/\fR +except for those commands +belonging to the +\fISU\fR +and +\fISHELLS\fR +\fRCmnd_Aliases\fR. +While not specifically mentioned in the rule, the commands in the +\fIPAGERS\fR +\fRCmnd_Alias\fR +all reside in +\fI/usr/bin\fR +and have the +\fInoexec\fR +option set. +.nf +.sp +.RS 0n +steve CSNETS = (operator) /usr/local/op_commands/ +.RE +.fi +.PP +The user +\fBsteve\fR +may run any command in the directory /usr/local/op_commands/ +but only as user operator. +.nf +.sp +.RS 0n +matt valkyrie = KILL +.RE +.fi +.PP +On his personal workstation, valkyrie, +\fBmatt\fR +needs to be able to kill hung processes. +.nf +.sp +.RS 0n +WEBADMIN www = (www) ALL, (root) /usr/bin/su www +.RE +.fi +.PP +On the host www, any user in the +\fIWEBADMIN\fR +\fRUser_Alias\fR +(will, wendy, and wim), may run any command as user www (which owns the +web pages) or simply +su(1) +to www. +.nf +.sp +.RS 0n +ALL CDROM = NOPASSWD: /sbin/umount /CDROM,\e + /sbin/mount -o nosuid\e,nodev /dev/cd0a /CDROM +.RE +.fi +.PP +Any user may mount or unmount a CD-ROM on the machines in the CDROM +\fRHost_Alias\fR +(orion, perseus, hercules) without entering a password. +This is a bit tedious for users to type, so it is a prime candidate +for encapsulating in a shell script. +.SH "SECURITY NOTES" +.SS "Limitations of the \(oq!\&\(cq operator" +It is generally not effective to +\(lqsubtract\(rq +commands from +\fBALL\fR +using the +\(oq!\&\(cq +operator. +A user can trivially circumvent this by copying the desired command +to a different name and then executing that. +For example: +.nf +.sp +.RS 0n +bill ALL = ALL, !SU, !SHELLS +.RE +.fi +.PP +Doesn't really prevent +\fBbill\fR +from running the commands listed in +\fISU\fR +or +\fISHELLS\fR +since he can simply copy those commands to a different name, or use +a shell escape from an editor or other program. +Therefore, these kind of restrictions should be considered +advisory at best (and reinforced by policy). +.PP +In general, if a user has sudo +\fBALL\fR +there is nothing to prevent them from creating their own program that gives +them a root shell (or making their own copy of a shell) regardless of any +\(oq!\&\(cq +elements in the user specification. +.SS "Security implications of \fIfast_glob\fR" +If the +\fIfast_glob\fR +option is in use, it is not possible to reliably negate commands where the +path name includes globbing (aka wildcard) characters. +This is because the C library's +fnmatch(3) +function cannot resolve relative paths. +While this is typically only an inconvenience for rules that grant privileges, +it can result in a security issue for rules that subtract or revoke privileges. +.PP +For example, given the following +\fIsudoers\fR +file entry: +.nf +.sp +.RS 0n +john ALL = /usr/bin/passwd [a-zA-Z0-9]*, /usr/bin/chsh [a-zA-Z0-9]*,\e + /usr/bin/chfn [a-zA-Z0-9]*, !/usr/bin/* root +.RE +.fi +.PP +User +\fBjohn\fR +can still run +\fR/usr/bin/passwd root\fR +if +\fIfast_glob\fR +is enabled by changing to +\fI/usr/bin\fR +and running +\fR./passwd root\fR +instead. +.SS "Preventing shell escapes" +Once +\fBsudo\fR +executes a program, that program is free to do whatever +it pleases, including run other programs. +This can be a security issue since it is not uncommon for a program to +allow shell escapes, which lets a user bypass +\fBsudo\fR's +access control and logging. +Common programs that permit shell escapes include shells (obviously), +editors, paginators, mail, and terminal programs. +.PP +There are four basic approaches to this problem: +.TP 10n +restrict +Avoid giving users access to commands that allow the user to run +arbitrary commands. +Many editors have a restricted mode where shell +escapes are disabled, though +\fBsudoedit\fR +is a better solution to +running editors via +\fBsudo\fR. +Due to the large number of programs that +offer shell escapes, restricting users to the set of programs that +do not is often unworkable. +.TP 10n +intercept +.br +Many systems that support shared libraries have the ability to +override default library functions by pointing an environment +variable (usually +\fRLD_PRELOAD\fR) +to an alternate shared library. +On such systems, +\fBsudo\fR's +\fIintercept\fR +functionality can be used to transparently intercept an attempt to +run a new command, allow or deny it based on +\fIsudoers\fR +rules, and log the result. +For example, this can be used to restrict the commands run from +within a privileged shell. +Note, however, that this applies only to dynamically-linked +executables. +Statically-linked executables and executables +running under binary emulation are not affected. +Also, most shells support built-in commands and the ability to read +or write sensitive files that cannot be intercepted by +\fBsudo\fR. +.sp +Currently, +\fBsudo\fR's +\fIintercept\fR +functionality only works for programs that use the +\fBexecl\fR(), +\fBexecle\fR(), +\fBexeclp\fR(), +\fBexecv\fR(), +\fBexecve\fR(), +\fBexecvp\fR(), +or +\fBexecvpe\fR() +library functions to run the new command. +This may be expanded in a future release of +\fBsudo\fR. +Because most dynamic loaders ignore +\fRLD_PRELOAD\fR +(or the equivalent) when running set-user-ID and set-group-ID programs, +\fBsudoers\fR +will not permit such programs to be run in +\fIintercept\fR +mode. +.sp +The +\fIintercept\fR +feature is known to work on Solaris, *BSD, Linux, macOS, HP-UX 11.x +and AIX 5.3 and above. +It should be supported on most operating systems that support the +\fRLD_PRELOAD\fR +environment variable. +Check your operating system's manual pages for the dynamic linker +(usually ld.so, ld.so.1, dyld, dld.sl, rld, or loader) to see if +\fRLD_PRELOAD\fR +is supported. +It is +\fInot\fR +supported when +\fBsudo\fR's +SELinux RBAC support is in use due to a fundamental incompatibility. +.sp +To enable intercept mode on a per-command basis, use the +\fRINTERCEPT\fR +tag as documented in the User Specification section above. +Here is that example again: +.nf +.sp +.RS 10n +chuck research = INTERCEPT: ALL +.RE +.fi +.RS 10n +.sp +This allows user +\fBchuck\fR +to run any command on the machine +\(lqresearch\(rq +in intercept mode. +Any commands run via shell escapes will be validated and logged by +\fBsudo\fR. +If you are unsure whether or not your system is capable of supporting +\fIintercept\fR, +you can always just try it out and check whether or not external +commands run via a shell are logged when +\fIintercept\fR +is enabled. +.RE +.TP 10n +log +There are two separate but related ways to log additional commands. +The first is to enable I/O logging using the +\fIlog_output\fR +flag. +This will log the command's output but will not create an event log +entry when the additional command is run. +The second is to enable the +\fIlog_subcmds\fR +flag in +\fIsudoers\fR +which will create an event log entry every time a new command is run. +If I/O logging is also enabled, the log entry will include a time offset +into the I/O log to indicate when the command was run. +This offset can be passed to the +sudoreplay(@mansectsu@) +utility to replay the I/O log at the exact moment when the command was run. +The +\fIlog_subcmds\fR +flag uses the same mechanism as +\fIintercept\fR +(see above) and has the same limitations. +.TP 10n +noexec +\fBsudo\fR's +\fInoexec\fR +functionality can be used to prevent a program run by +\fBsudo\fR +from executing any other programs. +On most systems, it uses the same mechanism as +\fIintercept\fR +(see above) and thus the same caveats apply. +The +\fInoexec\fR +functionality +is capable of blocking execution of commands run via the +\fBexecl\fR(), +\fBexecle\fR(), +\fBexeclp\fR(), +\fBexect\fR(), +\fBexecv\fR(), +\fBexecve\fR(), +\fBexecveat\fR(), +\fBexecvP\fR(), +\fBexecvp\fR(), +\fBexecvpe\fR(), +\fBfexecve\fR(), +\fBpopen\fR(), +\fBposix_spawn\fR(), +\fBposix_spawnp\fR(), +\fBsystem\fR(), +and +\fBwordexp\fR() +functions. +On Linux, a +\fBseccomp\fR() +filter is used to implement +\fInoexec\fR. +On Solaris 10 and higher, +\fInoexec\fR +uses Solaris privileges instead of the +\fRLD_PRELOAD\fR +environment variable. +.sp +To enable +\fInoexec\fR +for a command, use the +\fRNOEXEC\fR +tag as documented in the User Specification section above. +Here is that example again: +.nf +.sp +.RS 10n +aaron shanty = NOEXEC: /usr/bin/more, /usr/bin/vi +.RE +.fi +.RS 10n +.sp +This allows user +\fBaaron\fR +to run +\fI/usr/bin/more\fR +and +\fI/usr/bin/vi\fR +with +\fInoexec\fR +enabled. +This will prevent those two commands from +executing other commands (such as a shell). +If you are unsure whether or not your system is capable of supporting +\fInoexec\fR +you can always just try it out and check whether shell escapes work when +\fInoexec\fR +is enabled. +.RE +.PP +Note that restricting shell escapes is not a panacea. +Programs running as root are still capable of many potentially hazardous +operations (such as changing or overwriting files) that could lead +to unintended privilege escalation. +In the specific case of an editor, a safer approach is to give the +user permission to run +\fBsudoedit\fR +(see below). +.SS "Secure editing" +The +\fBsudoers\fR +plugin includes +\fBsudoedit\fR +support which allows users to securely edit files with the editor +of their choice. +As +\fBsudoedit\fR +is a built-in command, it must be specified in the +\fIsudoers\fR +file without a leading path. +However, it may take command line arguments just as a normal command does. +Wildcards used in +\fIsudoedit\fR +command line arguments are expected to be path names, so a forward slash +(\(oq/\(cq) +will not be matched by a wildcard. +.PP +Unlike other +\fBsudo\fR +commands, the editor is run with the permissions of the invoking +user and with the environment unmodified. +More information may be found in the description of the +\fB\-e\fR +option in +sudo(@mansectsu@). +.PP +For example, to allow user operator to edit the +\(lqmessage of the day\(rq +file: +.nf +.sp +.RS 6n +operator sudoedit /etc/motd +.RE +.fi +.PP +The operator user then runs +\fBsudoedit\fR +as follows: +.nf +.sp +.RS 6n +$ sudoedit /etc/motd +.RE +.fi +.PP +The editor will run as the operator user, not root, on a temporary copy of +\fI/etc/motd\fR. +After the file has been edited, +\fI/etc/motd\fR +will be updated with the contents of the temporary copy. +.PP +Users should +\fInever\fR +be granted +\fBsudoedit\fR +permission to edit a file that resides in a directory the user +has write access to, either directly or via a wildcard. +If the user has write access to the directory it is possible to +replace the legitimate file with a link to another file, +allowing the editing of arbitrary files. +To prevent this, starting with version 1.8.16, symbolic links will +not be followed in writable directories and +\fBsudoedit\fR +will refuse to edit a file located in a writable directory +unless the +\fIsudoedit_checkdir\fR +option has been disabled or the invoking user is root. +Additionally, in version 1.8.15 and higher, +\fBsudoedit\fR +will refuse to open a symbolic link unless either the +\fIsudoedit_follow\fR +option is enabled or the +\fIsudoedit\fR +command is prefixed with the +\fRFOLLOW\fR +tag in the +\fIsudoers\fR +file. +.SS "Time stamp file checks" +\fBsudoers\fR +will check the ownership of its time stamp directory +(\fI@rundir@/ts\fR +by default) +and ignore the directory's contents if it is not owned by root or +if it is writable by a user other than root. +Older versions of +\fBsudo\fR +stored time stamp files in +\fI/tmp\fR; +this is no longer recommended as it may be possible for a user +to create the time stamp themselves on systems that allow +unprivileged users to change the ownership of files they create. +.PP +While the time stamp directory +\fIshould\fR +be cleared at reboot time, not all systems contain a +\fI/run\fR +or +\fI/var/run\fR +directory. +To avoid potential problems, +\fBsudoers\fR +will ignore time stamp files that date from before the machine booted +on systems where the boot time is available. +.PP +Some systems with graphical desktop environments allow unprivileged +users to change the system clock. +Since +\fBsudoers\fR +relies on the system clock for time stamp validation, it may be +possible on such systems for a user to run +\fBsudo\fR +for longer than +\fItimestamp_timeout\fR +by setting the clock back. +To combat this, +\fBsudoers\fR +uses a monotonic clock (which never moves backwards) for its time stamps +if the system supports it. +.PP +\fBsudoers\fR +will not honor time stamps set far in the future. +Time stamps with a date greater than current_time + 2 * +\fRTIMEOUT\fR +will be ignored and +\fBsudoers\fR +will log and complain. +.PP +If the +\fItimestamp_type\fR +option is set to +\(lqtty\(rq, +the time stamp record includes the device number of the terminal +the user authenticated with. +This provides per-terminal granularity but time stamp records may still +outlive the user's session. +.PP +Unless the +\fItimestamp_type\fR +option is set to +\(lqglobal\(rq, +the time stamp record also includes the session ID of the process +that last authenticated. +This prevents processes in different terminal sessions from using +the same time stamp record. +On systems where a process's start time can be queried, +the start time of the session leader +is recorded in the time stamp record. +If no terminal is present or the +\fItimestamp_type\fR +option is set to +\(lqppid\(rq, +the start time of the parent process is used instead. +In most cases this will prevent a time stamp record from being re-used +without the user entering a password when logging out and back in again. +.SH "DEBUGGING" +Versions 1.8.4 and higher of the +\fBsudoers\fR +plugin support a flexible debugging framework that can help track +down what the plugin is doing internally if there is a problem. +This can be configured in the +sudo.conf(@mansectform@) +file. +.PP +The +\fBsudoers\fR +plugin uses the same debug flag format as the +\fBsudo\fR +front-end: +\fIsubsystem\fR@\fIpriority\fR. +.PP +The priorities used by +\fBsudoers\fR, +in order of decreasing severity, +are: +\fIcrit\fR, \fIerr\fR, \fIwarn\fR, \fInotice\fR, \fIdiag\fR, \fIinfo\fR, \fItrace\fR, +and +\fIdebug\fR. +Each priority, when specified, also includes all priorities higher +than it. +For example, a priority of +\fInotice\fR +would include debug messages logged at +\fInotice\fR +and higher. +.PP +The following subsystems are used by the +\fBsudoers\fR +plugin: +.TP 10n +\fIalias\fR +\fRUser_Alias\fR, +\fRRunas_Alias\fR, +\fRHost_Alias\fR +and +\fRCmnd_Alias\fR +processing +.TP 10n +\fIall\fR +matches every subsystem +.TP 10n +\fIaudit\fR +BSM and Linux audit code +.TP 10n +\fIauth\fR +user authentication +.TP 10n +\fIdefaults\fR +\fIsudoers\fR +file +\fIDefaults\fR +settings +.TP 10n +\fIenv\fR +environment handling +.TP 10n +\fIldap\fR +LDAP-based sudoers +.TP 10n +\fIlogging\fR +logging support +.TP 10n +\fImatch\fR +matching of users, groups, hosts, and netgroups in the +\fIsudoers\fR +file +.TP 10n +\fInetif\fR +network interface handling +.TP 10n +\fInss\fR +network service switch handling in +\fBsudoers\fR +.TP 10n +\fIparser\fR +\fIsudoers\fR +file parsing +.TP 10n +\fIperms\fR +permission setting +.TP 10n +\fIplugin\fR +The equivalent of +\fImain\fR +for the plugin. +.TP 10n +\fIpty\fR +pseudo-terminal related code +.TP 10n +\fIrbtree\fR +redblack tree internals +.TP 10n +\fIsssd\fR +SSSD-based sudoers +.TP 10n +\fIutil\fR +utility functions +.PP +For example: +.nf +.sp +.RS 0n +Debug sudoers.so /var/log/sudoers_debug match@info,nss@info +.RE +.fi +.PP +For more information, see the +sudo.conf(@mansectform@) +manual. +.SH "SEE ALSO" +ssh(1), +su(1), +fnmatch(3), +glob(3), +mktemp(3), +strftime(3), +sudo.conf(@mansectform@), +sudo_plugin(@mansectform@), +sudoers.ldap(@mansectform@), +sudoers_timestamp(@mansectform@), +sudo(@mansectsu@), +visudo(@mansectsu@) +.SH "AUTHORS" +Many people have worked on +\fBsudo\fR +over the years; this version consists of code written primarily by: +.sp +.RS 6n +Todd C. Miller +.RE +.PP +See the CONTRIBUTORS file in the +\fBsudo\fR +distribution (https://www.sudo.ws/contributors.html) for an +exhaustive list of people who have contributed to +\fBsudo\fR. +.SH "CAVEATS" +The +\fIsudoers\fR +file should +\fBalways\fR +be edited by the +\fBvisudo\fR +utility which locks the file and checks for syntax errors. +If +\fIsudoers\fR +contains syntax errors, +\fBsudo\fR +may refuse to run, which is a serious problem if +\fBsudo\fR +is your only method of obtaining superuser privileges. +Recent versions of +\fBsudoers\fR +will attempt to recover after a syntax error by ignoring the rest of +the line after encountering an error. +Older versions of +\fBsudo\fR +will not run if +\fIsudoers\fR +contains a syntax error. +.PP +When using netgroups of machines (as opposed to users), if you +store fully qualified host name in the netgroup (as is usually the +case), you either need to have the machine's host name be fully qualified +as returned by the +\fRhostname\fR +command or use the +\fIfqdn\fR +option in +\fIsudoers\fR. +.SH "BUGS" +If you feel you have found a bug in +\fBsudo\fR, +please submit a bug report at https://bugzilla.sudo.ws/ +.SH "SUPPORT" +Limited free support is available via the sudo-users mailing list, +see https://www.sudo.ws/mailman/listinfo/sudo-users to subscribe or +search the archives. +.SH "DISCLAIMER" +\fBsudo\fR +is provided +\(lqAS IS\(rq +and any express or implied warranties, including, but not limited +to, the implied warranties of merchantability and fitness for a +particular purpose are disclaimed. +See the LICENSE file distributed with +\fBsudo\fR +or https://www.sudo.ws/license.html for complete details. diff -Nru sudo-1.9.5p2/docs/sudoers.man.in.sed sudo-1.9.9/docs/sudoers.man.in.sed --- sudo-1.9.5p2/docs/sudoers.man.in.sed 1970-01-01 00:00:00.000000000 +0000 +++ sudo-1.9.9/docs/sudoers.man.in.sed 2022-01-27 21:24:22.000000000 +0000 @@ -0,0 +1,150 @@ +s/^\(.TH .*\)/.nr SL @SEMAN@\ +.nr BA @BAMAN@\ +.nr LC @LCMAN@\ +.nr PS @PSMAN@\ +\1/ + +/^On$/N +/^On\nBSD$/,/^.*\.$/ { + /^On\nBSD$/i\ +.if \\n(LC \\{\\ + /\.$/a\ +.\\} +} + +/^\.SS "SELinux_Spec"$/,/^\.SS/ { + /^\.SS / { + /^\.SS "SELinux_Spec"$/i\ +.if \\n(SL \\{\\ + /^\.SS "SELinux_Spec"$/!i\ +.\\} + } +} + +/^\.SS "Solaris_Priv_Spec"$/,/^\.SS/ { + /^\.SS / { + /^\.SS "Solaris_Priv_Spec"$/i\ +.if \\n(PS \\{\\ + /^\.SS "Solaris_Priv_Spec"$/!i\ +.\\} + } +} + +/^Option_Spec ::= / { + s/^.*$/.ie \\n(SL \\{\\\ +.ie \\n(PS Option_Spec ::= (SELinux_Spec | Solaris_Priv_Spec | Date_Spec | Timeout_Spec)\ +.el Option_Spec ::= (SELinux_Spec | Date_Spec | Timeout_Spec)\ +.\\}\ +.el \\{\\\ +.ie \\n(PS Option_Spec ::= (Solaris_Priv_Spec | Date_Spec | Timeout_Spec)\ +.el Option_Spec ::= (Date_Spec | Timeout_Spec)\ +.\\}/ +} + +/^SELinux_Spec ::=/ { + i\ +.if \\n(SL \\{\\ + N + a\ +.\\} +} + +/^Solaris_Priv_Spec ::=/ { + i\ +.if \\n(PS \\{\\ + N + a\ +.\\} +} + +/^SELinux roles.*types,/ { + i\ +.if \\n(SL \\{\\ + a\ +.\\} +} + +/^Solaris privileges sets,/ { + i\ +.if \\n(PS \\{\\ + a\ +.\\} +} + +/^\.TP 18n$/ { + N + /^\.TP 18n\nuse_loginclass$/,/^\.TP 18n/ { + /^\.TP 18n/ { + /^\.TP 18n\nuse_loginclass$/i\ +.if \\n(BA \\{\\ + /^\.TP 18n\nuse_loginclass$/!i\ +.\\} + } + } + /^\.TP 18n\nlimitprivs$/,/^\.TP 18n/ { + /^\.TP 18n/ { + /^\.TP 18n\nlimitprivs$/i\ +.if \\n(PS \\{\\ + /^\.TP 18n\nlimitprivs$/!i\ +.\\} + } + } + /^\.TP 18n\nprivs$/,/^\.TP 18n/ { + /^\.TP 18n/ { + /^\.TP 18n\nprivs$/i\ +.if \\n(PS \\{\\ + /^\.TP 18n\nprivs$/!i\ +.\\} + } + } + /^\.TP 18n\nselinux$/,/^\.TP 18n/ { + /^\.TP 18n/ { + /^\.TP 18n\nselinux$/i\ +.if \\n(SL \\{\\ + /^\.TP 18n\nselinux$/!i\ +.\\} + } + } + /^\.TP 18n\nrole$/,/^\.TP 18n/ { + /^\.TP 18n/ { + /^\.TP 18n\nrole$/i\ +.if \\n(SL \\{\\ + /^\.TP 18n\nrole$/!i\ +.\\} + } + } + /^\.TP 18n\ntype$/,/^\.TP 18n/ { + /^\.TP 18n/ { + /^\.TP 18n\ntype$/i\ +.if \\n(SL \\{\\ + /^\.TP 18n\ntype$/!i\ +.\\} + } + } +} + +/^\\fRPRIVS\\fR,/ { + i\ +.if \\n(PS \\{\\ + a\ +.\\} +} +/^\\fRLIMITPRIVS\\fR,/ { + i\ +.if \\n(PS \\{\\ + a\ +.\\} +} + +/^\\fRROLE\\fR,/ { + i\ +.if \\n(SL \\{\\ + a\ +.\\} +} +/^\\fRTYPE\\fR,/ { + i\ +.if \\n(SL \\{\\ + a\ +.\\} +} diff -Nru sudo-1.9.5p2/docs/sudoers.mdoc.in sudo-1.9.9/docs/sudoers.mdoc.in --- sudo-1.9.5p2/docs/sudoers.mdoc.in 1970-01-01 00:00:00.000000000 +0000 +++ sudo-1.9.9/docs/sudoers.mdoc.in 2022-01-27 21:24:22.000000000 +0000 @@ -0,0 +1,6494 @@ +.\" +.\" SPDX-License-Identifier: ISC +.\" +.\" Copyright (c) 1994-1996, 1998-2005, 2007-2022 +.\" Todd C. Miller +.\" +.\" Permission to use, copy, modify, and distribute this software for any +.\" purpose with or without fee is hereby granted, provided that the above +.\" copyright notice and this permission notice appear in all copies. +.\" +.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES +.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF +.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR +.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES +.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN +.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF +.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. +.\" +.\" Sponsored in part by the Defense Advanced Research Projects +.\" Agency (DARPA) and Air Force Research Laboratory, Air Force +.\" Materiel Command, USAF, under agreement number F39502-99-1-0512. +.\" +.nr SL @SEMAN@ +.nr BA @BAMAN@ +.nr LC @LCMAN@ +.nr PS @PSMAN@ +.Dd January 20, 2022 +.Dt SUDOERS @mansectform@ +.Os Sudo @PACKAGE_VERSION@ +.Sh NAME +.Nm sudoers +.Nd default sudo security policy plugin +.Sh DESCRIPTION +The +.Nm +policy plugin determines a user's +.Nm sudo +privileges. +It is the default +.Nm sudo +policy plugin. +The policy is driven by +the +.Pa @sysconfdir@/sudoers +file or, optionally, in LDAP. +The policy format is described in detail in the +.Sx SUDOERS FILE FORMAT +section. +For information on storing +.Nm +policy information +in LDAP, please see +.Xr sudoers.ldap @mansectform@ . +.Ss Configuring sudo.conf for sudoers +.Nm sudo +consults the +.Xr sudo.conf @mansectform@ +file to determine which plugins to load. +If no +.Xr sudo.conf @mansectform@ +file is present, or if it contains no +.Li Plugin +lines, +.Nm +will be used for auditing, policy decisions and I/O logging. +To explicitly configure +.Xr sudo.conf @mansectform@ +to use the +.Nm +plugin, the following configuration can be used. +.Bd -literal -offset indent +Plugin sudoers_audit sudoers.so +Plugin sudoers_policy sudoers.so +Plugin sudoers_io sudoers.so +.Ed +.Pp +Starting with +.Nm sudo +1.8.5, it is possible to specify optional arguments to the +.Nm +plugin in the +.Xr sudo.conf @mansectform@ +file. +Plugin arguments, if any, should be listed after the path to the plugin +(i.e., after +.Pa sudoers.so ) . +The arguments are only effective for the plugin that opens (and parses) the +.Em sudoers +file. +.Pp +For +.Nm sudo +version 1.9.1 and higher, this is the +.Em sudoers_audit +plugin. +For older versions, it is the +.Em sudoers_policy +plugin. +Multiple arguments may be specified, separated by white space. +For example: +.Bd -literal -offset indent +Plugin sudoers_audit sudoers.so sudoers_mode=0400 error_recovery=false +.Ed +.Pp +The following plugin arguments are supported: +.Bl -tag -width 8n +.It error_recovery=bool +The +.Em error_recovery +argument can be used to control whether +.Nm +should attempt to recover from syntax errors in the +.Em sudoers +file. +If set to +.Em true +(the default), +.Nm +will try to recover from a syntax error by discarding the portion +of the line that contains the error until the end of the line. +A value of +.Em false +will disable error recovery. +Prior to version 1.9.3, no error recovery was performed. +.It ldap_conf=pathname +The +.Em ldap_conf +argument can be used to override the default path to the +.Pa ldap.conf +file. +.It ldap_secret=pathname +The +.Em ldap_secret +argument can be used to override the default path to the +.Pa ldap.secret +file. +.It sudoers_file=pathname +The +.Em sudoers_file +argument can be used to override the default path to the +.Em sudoers +file. +.It sudoers_uid=user-ID +The +.Em sudoers_uid +argument can be used to override the default owner of the sudoers file. +It should be specified as a numeric user-ID. +.It sudoers_gid=group-ID +The +.Em sudoers_gid +argument can be used to override the default group of the sudoers file. +It must be specified as a numeric group-ID (not a group name). +.It sudoers_mode=mode +The +.Em sudoers_mode +argument can be used to override the default file mode for the sudoers file. +It should be specified as an octal value. +.El +.Pp +For more information on configuring +.Xr sudo.conf @mansectform@ , +please refer to its manual. +.Ss User Authentication +The +.Nm +security policy requires that most users authenticate +themselves before they can use +.Nm sudo . +A password is not required +if the invoking user is root, if the target user is the same as the +invoking user, or if the policy has disabled authentication for the +user or command. +Unlike +.Xr su 1 , +when +.Nm +requires +authentication, it validates the invoking user's credentials, not +the target user's (or root's) credentials. +This can be changed via +the +.Em rootpw , +.Em targetpw +and +.Em runaspw +flags, described later. +.Pp +If a user who is not listed in the policy tries to run a command +via +.Nm sudo , +mail is sent to the proper authorities. +The address +used for such mail is configurable via the +.Em mailto +Defaults entry +(described later) and defaults to +.Li @mailto@ . +.Pp +Note that no mail will be sent if an unauthorized user tries to run +.Nm sudo +with the +.Fl l +or +.Fl v +option unless there is an authentication error and +either the +.Em mail_always +or +.Em mail_badpass +flags are enabled. +This allows users to +determine for themselves whether or not they are allowed to use +.Nm sudo . +By default, all attempts to run +.Nm sudo +(successful or not) +are logged, regardless of whether or not mail is sent. +.Pp +If +.Nm sudo +is run by root and the +.Ev SUDO_USER +environment variable +is set, the +.Nm +policy will use this value to determine who +the actual user is. +This can be used by a user to log commands +through sudo even when a root shell has been invoked. +It also +allows the +.Fl e +option to remain useful even when invoked via a +sudo-run script or program. +Note, however, that the +.Em sudoers +file lookup is still done for root, not the user specified by +.Ev SUDO_USER . +.Pp +.Nm +uses per-user time stamp files for credential caching. +Once a user has been authenticated, a record is written +containing the user-ID that was used to authenticate, the +terminal session ID, the start time of the session leader +(or parent process) and a time stamp +(using a monotonic clock if one is available). +The user may then use +.Nm sudo +without a password for a short period of time +.Po +.Li @timeout@ +minutes unless overridden by the +.Em timestamp_timeout +option +.Pc . +By default, +.Nm +uses a separate record for each terminal, which means that +a user's login sessions are authenticated separately. +The +.Em timestamp_type +option can be used to select the type of time stamp record +.Nm +will use. +.Ss Logging +By default, +.Nm +logs both successful and unsuccessful attempts (as well +as errors). +The +.Em log_allowed +and +.Em log_denied +flags can be used to control this behavior. +Messages can be logged to +.Xr syslog 3 , +a log file, or both. +The default is to log to +.Xr syslog 3 +but this is configurable via the +.Em syslog +and +.Em logfile +settings. +See +.Sx "LOG FORMAT" +for a description of the log file format. +.Pp +.Nm +is also capable of running a command in a pseudo-terminal and logging all +input and/or output. +The standard input, standard output, and standard error can be logged +even when not associated with a terminal. +I/O logging is not on by default but can be enabled using +the +.Em log_input +and +.Em log_output +options as well as the +.Li LOG_INPUT +and +.Li LOG_OUTPUT +command tags. +See +.Sx "I/O LOG FILES" +for details on how I/O log files are stored. +.Pp +Starting with version 1.9, the +.Em log_servers +setting may be used to send event and I/O log data to a remote server running +.Nm sudo_logsrvd +or another service that implements the protocol described by +.Xr sudo_logsrv.proto @mansectform@ . +.Ss Command environment +Since environment variables can influence program behavior, +.Nm +provides a means to restrict which variables from the user's +environment are inherited by the command to be run. +There are two +distinct ways +.Nm +can deal with environment variables. +.Pp +By default, the +.Em env_reset +flag is enabled. +This causes commands +to be executed with a new, minimal environment. +On AIX (and Linux +systems without PAM), the environment is initialized with the +contents of the +.Pa /etc/environment +file. +.if \n(LC \{\ +On +.Bx +systems, if the +.Em use_loginclass +flag is enabled, the environment is initialized +based on the +.Em path +and +.Em setenv +settings in +.Pa /etc/login.conf . +.\} +The +.Ev HOME , +.Ev MAIL , +.Ev SHELL , +.Ev LOGNAME +and +.Ev USER +environment variables are initialized based on the target user +and the +.Ev SUDO_* +variables are set based on the invoking user. +Additional variables, such as +.Ev DISPLAY , +.Ev PATH +and +.Ev TERM , +are preserved from the invoking user's environment if permitted by the +.Em env_check , +or +.Em env_keep +options. +A few environment variables are treated specially. +If the +.Ev PATH +and +.Ev TERM +variables are not preserved from the user's environment, they will be set +to default values. +The +.Ev LOGNAME +and +.Ev USER +are handled as a single entity. +If one of them is preserved (or removed) from the user's environment, +the other will be as well. +If +.Ev LOGNAME +and +.Ev USER +are to be preserved but only one of them is present in the user's environment, +the other will be set to the same value. +This avoids an inconsistent environment where one of the variables +describing the user name is set to the invoking user and one is +set to the target user. +Environment variables with a value beginning with +.Li () +are removed unless both the name and value parts are matched by +.Em env_keep +or +.Em env_check , +as they may be interpreted as functions by the +.Sy bash +shell. +Prior to version 1.8.11, such variables were always removed. +.Pp +If, however, the +.Em env_reset +flag is disabled, any variables not +explicitly denied by the +.Em env_check +and +.Em env_delete +options are allowed and their values are +inherited from the invoking process. +Prior to version 1.8.21, environment variables with a value beginning with +.Li () +were always removed. +Beginning with version 1.8.21, a pattern in +.Em env_delete +is used to match +.Sy bash +shell functions instead. +Since it is not possible +to block all potentially dangerous environment variables, use +of the default +.Em env_reset +behavior is encouraged. +.Pp +Environment variables specified by +.Em env_check , +.Em env_delete , +or +.Em env_keep +may include one or more +.Ql * +characters which will match zero or more characters. +No other wildcard characters are supported. +.Pp +By default, environment variables are matched by name. +However, if the pattern includes an equal sign +.Pq Ql =\& , +both the variables name and value must match. +For example, a +.Sy bash +shell function could be matched as follows: +.Bd -literal -offset 4n +env_keep += "BASH_FUNC_my_func%%=()*" +.Ed +.Pp +Without the +.Dq Li =()* +suffix, this would not match, as +.Sy bash +shell functions are not preserved by default. +.Pp +The complete list of environment variables that are preserved or removed, +as modified by global Defaults parameters in +.Em sudoers , +is displayed when +.Nm sudo +is run by root with the +.Fl V +option. +Please note that the list of environment variables to remove +varies based on the operating system +.Nm sudo +is running on. +.Pp +Other +.Nm +options may influence the command environment, such as +.Em always_set_home , +.Em secure_path , +.Em set_logname , +and +.Em set_home . +.Pp +On systems that support PAM where the +.Sy pam_env +module is enabled for +.Nm sudo , +variables in the PAM environment may be merged in to the environment. +If a variable in the PAM environment is already present in the +user's environment, the value will only be overridden if the variable +was not preserved by +.Nm . +When +.Em env_reset +is enabled, variables preserved from the invoking user's environment +by the +.Em env_keep +list take precedence over those in the PAM environment. +When +.Em env_reset +is disabled, variables present the invoking user's environment +take precedence over those in the PAM environment unless they +match a pattern in the +.Em env_delete +list. +.Pp +Note that the dynamic linker on most operating systems will remove +variables that can control dynamic linking from the environment of +set-user-ID executables, including +.Nm sudo . +Depending on the operating +system this may include +.Ev _RLD* , +.Ev DYLD_* , +.Ev LD_* , +.Ev LDR_* , +.Ev LIBPATH , +.Ev SHLIB_PATH , +and others. +These type of variables are +removed from the environment before +.Nm sudo +even begins execution +and, as such, it is not possible for +.Nm sudo +to preserve them. +.Pp +As a special case, if the +.Fl i +option (initial login) is +specified, +.Nm +will initialize the environment regardless +of the value of +.Em env_reset . +The +.Ev DISPLAY , +.Ev PATH +and +.Ev TERM +variables remain unchanged; +.Ev HOME , +.Ev MAIL , +.Ev SHELL , +.Ev USER , +and +.Ev LOGNAME +are set based on the target user. +On AIX (and Linux +systems without PAM), the contents of +.Pa /etc/environment +are also +included. +.if \n(LC \{\ +On +.Bx +systems, if the +.Em use_loginclass +flag is +enabled, the +.Em path +and +.Em setenv +variables in +.Pa /etc/login.conf +are also applied. +.\} +All other environment variables are removed unless permitted by +.Em env_keep +or +.Em env_check , +described above. +.Pp +Finally, the +.Em restricted_env_file +and +.Em env_file +files are applied, if present. +The variables in +.Em restricted_env_file +are applied first and are subject to the same restrictions as the +invoking user's environment, as detailed above. +The variables in +.Em env_file +are applied last and are not subject to these restrictions. +In both cases, variables present in the files will only be set to +their specified values if they would not conflict with an existing +environment variable. +.Sh SUDOERS FILE FORMAT +The +.Em sudoers +file is composed of two types of entries: aliases +(basically variables) and user specifications (which specify who +may run what). +.Pp +When multiple entries match for a user, they are applied in order. +Where there are multiple matches, the last match is used (which is +not necessarily the most specific match). +.Pp +The +.Em sudoers +file grammar will be described below in Extended Backus-Naur +Form (EBNF). +Don't despair if you are unfamiliar with EBNF; it is fairly simple, +and the definitions below are annotated. +.Ss Resource limits +By default, +.Nm +uses the operating system's native method of setting resource limits +for the target user. +On Linux systems, resource limits are usually set by the +.Li pam_limits.so +PAM module. +On some BSD systems, the +.Pa /etc/login.conf +file specifies resource limits for the user. +On AIX systems, resource limits are configured in the +.Pa /etc/security/limits +file. +If there is no system mechanism to set per-user resource limits, +the command will run with the same limits as the invoking user. +The one exception to this is the core dump file size, which is set by +.Nm +to 0 by default. +Disabling core dumps by default makes it possible to avoid potential +security problems where the core file is treated as trusted input. +.Pp +Resource limits may also be set in the +.Em sudoers +file itself, in which case they override those set by the system. +See the +.Em rlimit_as, +.Em rlimit_core, +.Em rlimit_cpu, +.Em rlimit_data, +.Em rlimit_fsize, +.Em rlimit_locks, +.Em rlimit_memlock, +.Em rlimit_nofile, +.Em rlimit_nproc, +.Em rlimit_rss, +.Em rlimit_stack +options described below. +Resource limits in +.Nm +may be specified in one of the following formats: +.Bl -tag -width 6n +.It Dq value +Both the soft and hard resource limits are set to the same value. +The special value +.Dq infinity +can be used to indicate that the value is unlimited. +.It Dq soft,hard +Two comma-separated values. +The soft limit is set to the first value and the hard limit is set +to the second. +Both values must either be enclosed in a set of double quotes, +or the comma must be escaped with a backslash +.Pq Ql \e . +The special value +.Dq infinity +may be used in place of either value. +.It Dq default +The default resource limit for the user will be used. +This may be a user-specific value (see above) or the value of the +resource limit when +.Nm sudo +was invoked for systems that don't support per-user limits. +.It Dq user +The invoking user's resource limits will be preserved when running +the command. +.El +.Pp +For example, to restore the historic core dump file size behavior, +a line like the following may be used. +.sp +.Dl Defaults rlimit_core=default +.Pp +Resource limits in +.Nm +are only supported by version 1.8.7 or higher. +.Ss Quick guide to EBNF +EBNF is a concise and exact way of describing the grammar of a language. +Each EBNF definition is made up of +.Em production rules . +E.g., +.Pp +.Li symbol ::= definition | alternate1 | alternate2 ... +.Pp +Each +.Em production rule +references others and thus makes up a +grammar for the language. +EBNF also contains the following +operators, which many readers will recognize from regular +expressions. +Do not, however, confuse them with +.Dq wildcard +characters, which have different meanings. +.Bl -tag -width 4n +.It Li \&? +Means that the preceding symbol (or group of symbols) is optional. +That is, it may appear once or not at all. +.It Li * +Means that the preceding symbol (or group of symbols) may appear +zero or more times. +.It Li + +Means that the preceding symbol (or group of symbols) may appear +one or more times. +.El +.Pp +Parentheses may be used to group symbols together. +For clarity, +we will use single quotes +.Pq '' +to designate what is a verbatim character string (as opposed to a symbol name). +.Ss Aliases +There are four kinds of aliases: +.Li User_Alias , +.Li Runas_Alias , +.Li Host_Alias +and +.Li Cmnd_Alias . +Beginning with +.Nm sudo +1.9.0, +.Li Cmd_Alias +may be used in place of +.Li Cmnd_Alias +if desired. +.Bd -literal +Alias ::= 'User_Alias' User_Alias_Spec (':' User_Alias_Spec)* | + 'Runas_Alias' Runas_Alias_Spec (':' Runas_Alias_Spec)* | + 'Host_Alias' Host_Alias_Spec (':' Host_Alias_Spec)* | + 'Cmnd_Alias' Cmnd_Alias_Spec (':' Cmnd_Alias_Spec)* | + 'Cmd_Alias' Cmnd_Alias_Spec (':' Cmnd_Alias_Spec)* + +User_Alias ::= NAME + +User_Alias_Spec ::= User_Alias '=' User_List + +Runas_Alias ::= NAME + +Runas_Alias_Spec ::= Runas_Alias '=' Runas_List + +Host_Alias ::= NAME + +Host_Alias_Spec ::= Host_Alias '=' Host_List + +Cmnd_Alias ::= NAME + +Cmnd_Alias_Spec ::= Cmnd_Alias '=' Cmnd_List + +NAME ::= [A-Z]([A-Z][0-9]_)* +.Ed +.Pp +Each +.Em alias +definition is of the form +.Bd -literal +Alias_Type NAME = item1, item2, ... +.Ed +.Pp +where +.Em Alias_Type +is one of +.Li User_Alias , +.Li Runas_Alias , +.Li Host_Alias , +or +.Li Cmnd_Alias . +A +.Li NAME +is a string of uppercase letters, numbers, +and underscore characters +.Pq Ql _ . +A +.Li NAME +.Sy must +start with an +uppercase letter. +It is possible to put several alias definitions +of the same type on a single line, joined by a colon +.Pq Ql :\& . +E.g., +.Bd -literal +Alias_Type NAME = item1, item2, item3 : NAME = item4, item5 +.Ed +.Pp +It is a syntax error to redefine an existing +.Em alias . +It is possible to use the same name for +.Em aliases +of different types, but this is not recommended. +.Pp +The definitions of what constitutes a valid +.Em alias +member follow. +.Bd -literal +User_List ::= User | + User ',' User_List + +User ::= '!'* user name | + '!'* #user-ID | + '!'* %group | + '!'* %#group-ID | + '!'* +netgroup | + '!'* %:nonunix_group | + '!'* %:#nonunix_gid | + '!'* User_Alias +.Ed +.Pp +A +.Li User_List +is made up of one or more user names, user-IDs +(prefixed with +.Ql # ) , +system group names and IDs (prefixed with +.Ql % +and +.Ql %# +respectively), netgroups (prefixed with +.Ql + ) , +non-Unix group names and IDs (prefixed with +.Ql %: +and +.Ql %:# +respectively), and +.Li User_Alias Ns es. +Each list item may be prefixed with zero or more +.Ql \&! +operators. +An odd number of +.Ql \&! +operators negate the value of +the item; an even number just cancel each other out. +User netgroups are matched using the user and domain members only; +the host member is not used when matching. +.Pp +A +.Li user name , +.Li user-ID , +.Li group , +.Li group-ID , +.Li netgroup , +.Li nonunix_group +or +.Li nonunix_gid +may be enclosed in double quotes to avoid the +need for escaping special characters. +Alternately, special characters +may be specified in escaped hex mode, e.g., \ex20 for space. +When +using double quotes, any prefix characters must be included inside +the quotes. +.Pp +The actual +.Li nonunix_group +and +.Li nonunix_gid +syntax depends on +the underlying group provider plugin. +For instance, the QAS AD plugin supports the following formats: +.Bl -bullet -width 1n +.It +Group in the same domain: "%:Group Name" +.It +Group in any domain: "%:Group Name@FULLY.QUALIFIED.DOMAIN" +.It +Group SID: "%:S-1-2-34-5678901234-5678901234-5678901234-567" +.El +.Pp +See +.Sx "GROUP PROVIDER PLUGINS" +for more information. +.Pp +Note that quotes around group names are optional. +Unquoted strings must use a backslash +.Pq Ql \e +to escape spaces and special characters. +See +.Sx Other special characters and reserved words +for a list of +characters that need to be escaped. +.Bd -literal +Runas_List ::= Runas_Member | + Runas_Member ',' Runas_List + +Runas_Member ::= '!'* user name | + '!'* #user-ID | + '!'* %group | + '!'* %#group-ID | + '!'* %:nonunix_group | + '!'* %:#nonunix_gid | + '!'* +netgroup | + '!'* Runas_Alias +.Ed +.Pp +A +.Li Runas_List +is similar to a +.Li User_List +except that instead +of +.Li User_Alias Ns es +it can contain +.Li Runas_Alias Ns es . +Note that +user names and groups are matched as strings. +In other words, two users (groups) with the same user (group) ID +are considered to be distinct. +If you wish to match all user names with the same user-ID (e.g., root and +toor), you can use a user-ID instead of a name (#0 in the example given). +Note that the user-ID or group-ID specified in a +.Li Runas_Member +need not be listed in the password or group database. +.Bd -literal +Host_List ::= Host | + Host ',' Host_List + +Host ::= '!'* host name | + '!'* ip_addr | + '!'* network(/netmask)? | + '!'* +netgroup | + '!'* Host_Alias +.Ed +.Pp +A +.Li Host_List +is made up of one or more host names, IP addresses, +network numbers, netgroups (prefixed with +.Ql + ) , +and other aliases. +Again, the value of an item may be negated with the +.Ql \&! +operator. +Host netgroups are matched using the host (both qualified and unqualified) +and domain members only; the user member is not used when matching. +If you specify a network number without a netmask, +.Nm sudo +will query each of the local host's network interfaces and, +if the network number corresponds to one of the hosts's network +interfaces, will use the netmask of that interface. +The netmask may be specified either in standard IP address notation +(e.g., 255.255.255.0 or ffff:ffff:ffff:ffff::), +or CIDR notation (number of bits, e.g., 24 or 64). +A host name may include shell-style wildcards (see the +.Sx Wildcards +section below), +but unless the +.Li host name +command on your machine returns the fully +qualified host name, you'll need to use the +.Em fqdn +flag for wildcards to be useful. +Note that +.Nm sudo +only inspects actual network interfaces; this means that IP address +127.0.0.1 (localhost) will never match. +Also, the host name +.Dq localhost +will only match if that is the actual host name, which is usually +only the case for non-networked systems. +.Bd -literal +digest ::= [A-Fa-f0-9]+ | + [A-Za-z0-9\e+/=]+ + +Digest_Spec ::= "sha224" ':' digest | + "sha256" ':' digest | + "sha384" ':' digest | + "sha512" ':' digest + +Digest_List ::= Digest_Spec | + Digest_Spec ',' Digest_List + +Cmnd_List ::= Cmnd | + Cmnd ',' Cmnd_List + +command name ::= file name | + file name args | + file name '""' + +Edit_Spec ::= "sudoedit" file name+ + +Cmnd ::= Digest_List? '!'* command name | + '!'* directory | + '!'* Edit_Spec | + '!'* Cmnd_Alias +.Ed +.Pp +A +.Li Cmnd_List +is a list of one or more command names, directories, and other aliases. +A command name is a fully qualified file name which may include +shell-style wildcards (see the +.Sx Wildcards +section below). +A simple file name allows the user to run the command with any +arguments they wish. +However, you may also specify command line arguments (including +wildcards). +Alternately, you can specify +.Li \&"" +to indicate that the command +may only be run +.Sy without +command line arguments. +A directory is a +fully qualified path name ending in a +.Ql / . +When you specify a directory in a +.Li Cmnd_List , +the user will be able to run any file within that directory +(but not in any sub-directories therein). +.Pp +If a +.Li Cmnd +has associated command line arguments, then the arguments +in the +.Li Cmnd +must match exactly those given by the user on the command line +(or match the wildcards if there are any). +Note that the following characters must be escaped with a +.Ql \e +if they are used in command arguments: +.Ql ,\& , +.Ql :\& , +.Ql =\& , +.Ql \e . +The built-in command +.Dq Li sudoedit +is used to permit a user to run +.Nm sudo +with the +.Fl e +option (or as +.Nm sudoedit ) . +It may take command line arguments just as a normal command does. +Note that +.Dq Li sudoedit +is a command built into +.Nm sudo +itself and must be specified in the +.Em sudoers +file +.Sy without +a leading path. +If a leading path is present, for example +.Pa /usr/bin/sudoedit , +the path name will be silently converted to +.Dq Li sudoedit . +A fully-qualified path for +.Nm sudoedit +is treated as an error by +.Nm visudo . +.Pp +A +.Li command name +may be preceded by a +.Li Digest_List , +a comma-separated list of one or more +.Li Digest_Spec +entries. +If a +.Li Digest_List +is present, the command will only match successfully if it can be verified +using one of the SHA-2 digests in the list. +Starting with version 1.9.0, the +.Sy ALL +reserved word can be used in conjunction with a +.Li Digest_List . +The following digest formats are supported: sha224, sha256, sha384, and sha512. +The string may be specified in either hex or base64 format +(base64 is more compact). +There are several utilities capable of generating SHA-2 digests in hex +format such as openssl, shasum, sha224sum, sha256sum, sha384sum, sha512sum. +.Pp +For example, using openssl: +.Bd -literal +$ openssl dgst -sha224 /bin/ls +SHA224(/bin/ls)= 118187da8364d490b4a7debbf483004e8f3e053ec954309de2c41a25 +.Ed +.Pp +It is also possible to use openssl to generate base64 output: +.Bd -literal +$ openssl dgst -binary -sha224 /bin/ls | openssl base64 +EYGH2oNk1JC0p9679IMATo8+BT7JVDCd4sQaJQ== +.Ed +.Pp +Warning, if the user has write access to the command itself (directly or via a +.Nm sudo +command), it may be possible for the user to replace the command after the +digest check has been performed but before the command is executed. +A similar race condition exists on systems that lack the +.Fn fexecve +system call when the directory in which the command is located +is writable by the user. +See the description of the +.Em fdexec +setting for more information on how +.Nm sudo +executes commands that have an associated digest. +.Pp +Command digests are only supported by version 1.8.7 or higher. +.Ss Defaults +Certain configuration options may be changed from their default +values at run-time via one or more +.Li Default_Entry +lines. +These may affect all users on any host, all users on a specific host, a +specific user, a specific command, or commands being run as a specific user. +Note that per-command entries may not include command line arguments. +If you need to specify arguments, define a +.Li Cmnd_Alias +and reference +that instead. +.Bd -literal +Default_Type ::= 'Defaults' | + 'Defaults' '@' Host_List | + 'Defaults' ':' User_List | + 'Defaults' '!' Cmnd_List | + 'Defaults' '>' Runas_List + +Default_Entry ::= Default_Type Parameter_List + +Parameter_List ::= Parameter | + Parameter ',' Parameter_List + +Parameter ::= Parameter '=' Value | + Parameter '+=' Value | + Parameter '-=' Value | + '!'* Parameter +.Ed +.Pp +Parameters may be +.Sy flags , +.Sy integer +values, +.Sy strings , +or +.Sy lists . +Flags are implicitly boolean and can be turned off via the +.Ql \&! +operator. +Some integer, string and list parameters may also be +used in a boolean context to disable them. +Values may be enclosed +in double quotes +.Pq \&"" +when they contain multiple words. +Special characters may be escaped with a backslash +.Pq Ql \e . +.Pp +To include a literal backslash character in a command line argument +you must escape the backslash twice. +For example, to match +.Ql \en +as part of a command line argument, you must use +.Ql \e\e\e\en +in the +.Em sudoers +file. +This is due to there being two levels of escaping, one in the +.Em sudoers +parser itself and another when command line arguments are matched by the +.Xr fnmatch 3 +function. +.Pp +Lists have two additional assignment operators, +.Li += +and +.Li -= . +These operators are used to add to and delete from a list respectively. +It is not an error to use the +.Li -= +operator to remove an element +that does not exist in a list. +.Pp +Defaults entries are parsed in the following order: generic, host, +user, and runas Defaults first, then command defaults. +If there are multiple Defaults settings of the same type, the last +matching setting is used. +The following Defaults settings are parsed before all others since +they may affect subsequent entries: +.Em fqdn , +.Em group_plugin , +.Em runas_default , +.Em sudoers_locale . +.Pp +See +.Sx SUDOERS OPTIONS +for a list of supported Defaults parameters. +.Ss User specification +.Bd -literal +User_Spec ::= User_List Host_List '=' Cmnd_Spec_List \e + (':' Host_List '=' Cmnd_Spec_List)* + +Cmnd_Spec_List ::= Cmnd_Spec | + Cmnd_Spec ',' Cmnd_Spec_List + +Cmnd_Spec ::= Runas_Spec? Option_Spec* Tag_Spec* Cmnd + +Runas_Spec ::= '(' Runas_List? (':' Runas_List)? ')' + +.ie \n(SL \{\ +.ie \n(PS Option_Spec ::= (SELinux_Spec | Solaris_Priv_Spec | Date_Spec | Timeout_Spec | Chdir_Spec | Chroot_Spec) +.el Option_Spec ::= (SELinux_Spec | Date_Spec | Timeout_Spec | Chdir_Spec | Chroot_Spec) +.\} +.el \{\ +.ie \n(PS Option_Spec ::= (Solaris_Priv_Spec | Date_Spec | Timeout_Spec | Chdir_Spec | Chroot_Spec) +.el Option_Spec ::= (Date_Spec | Timeout_Spec | Chdir_Spec | Chroot_Spec) +.\} + +.if \n(SL \{\ +SELinux_Spec ::= ('ROLE=role' | 'TYPE=type') + +.\} +.if \n(PS \{\ +Solaris_Priv_Spec ::= ('PRIVS=privset' | 'LIMITPRIVS=privset') + +.\} +Date_Spec ::= ('NOTBEFORE=timestamp' | 'NOTAFTER=timestamp') + +Timeout_Spec ::= 'TIMEOUT=timeout' + +Chdir_Spec ::= 'CWD=directory' + +Chroot_Spec ::= 'CHROOT=directory' + +Tag_Spec ::= ('EXEC:' | 'NOEXEC:' | 'FOLLOW:' | 'NOFOLLOW' | + 'LOG_INPUT:' | 'NOLOG_INPUT:' | 'LOG_OUTPUT:' | + 'NOLOG_OUTPUT:' | 'MAIL:' | 'NOMAIL:' | 'INTERCEPT:' | + 'NOINTERCEPT:' | 'PASSWD:' | 'NOPASSWD:' | 'SETENV:' | + 'NOSETENV:') +.Ed +.Pp +A +.Sy user specification +determines which commands a user may run +(and as what user) on specified hosts. +By default, commands are +run as +.Sy root , +but this can be changed on a per-command basis. +.Pp +The basic structure of a user specification is +.Dq who where = (as_whom) what . +Let's break that down into its constituent parts: +.Ss Runas_Spec +A +.Li Runas_Spec +determines the user and/or the group that a command +may be run as. +A fully-specified +.Li Runas_Spec +consists of two +.Li Runas_List Ns s +(as defined above) separated by a colon +.Pq Ql :\& +and enclosed in a set of parentheses. +The first +.Li Runas_List +indicates which users the command may be run as via the +.Fl u +option. +The second defines a list of groups that may be specified via the +.Fl g +option (in addition to any of the target user's groups). +If both +.Li Runas_List Ns s +are specified, the command may be run with any combination of users +and groups listed in their respective +.Li Runas_List Ns s. +If only the first is specified, the command may be run as any user +in the list and, optionally, with any group the target user belongs to. +If the first +.Li Runas_List +is empty but the +second is specified, the command may be run as the invoking user +with the group set to any listed in the +.Li Runas_List . +If both +.Li Runas_List Ns s +are empty, the command may only be run as the invoking user and the +group, if specified, must be one that the invoking user is a member of. +If no +.Li Runas_Spec +is specified, the command may only be run as +.Sy root +and the group, if specified, must be one that +.Sy root +is a member of. +.Pp +A +.Li Runas_Spec +sets the default for the commands that follow it. +What this means is that for the entry: +.Bd -literal +dgb boulder = (operator) /bin/ls, /bin/kill, /usr/bin/lprm +.Ed +.Pp +The user +.Sy dgb +may run +.Pa /bin/ls , +.Pa /bin/kill , +and +.Pa /usr/bin/lprm +on the host +.No boulder Ns \(em Ns but +only as +.Sy operator . +E.g., +.Bd -literal +$ sudo -u operator /bin/ls +.Ed +.Pp +It is also possible to override a +.Li Runas_Spec +later on in an entry. +If we modify the entry like so: +.Bd -literal +dgb boulder = (operator) /bin/ls, (root) /bin/kill, /usr/bin/lprm +.Ed +.Pp +Then user +.Sy dgb +is now allowed to run +.Pa /bin/ls +as +.Sy operator , +but +.Pa /bin/kill +and +.Pa /usr/bin/lprm +as +.Sy root . +.Pp +We can extend this to allow +.Sy dgb +to run +.Li /bin/ls +with either +the user or group set to +.Sy operator : +.Bd -literal +dgb boulder = (operator : operator) /bin/ls, (root) /bin/kill,\e + /usr/bin/lprm +.Ed +.Pp +Note that while the group portion of the +.Li Runas_Spec +permits the +user to run as command with that group, it does not force the user +to do so. +If no group is specified on the command line, the command +will run with the group listed in the target user's password database +entry. +The following would all be permitted by the sudoers entry above: +.Bd -literal +$ sudo -u operator /bin/ls +$ sudo -u operator -g operator /bin/ls +$ sudo -g operator /bin/ls +.Ed +.Pp +In the following example, user +.Sy tcm +may run commands that access +a modem device file with the dialer group. +.Bd -literal +tcm boulder = (:dialer) /usr/bin/tip, /usr/bin/cu,\e + /usr/local/bin/minicom +.Ed +.Pp +Note that in this example only the group will be set, the command +still runs as user +.Sy tcm . +E.g.\& +.Bd -literal +$ sudo -g dialer /usr/bin/cu +.Ed +.Pp +Multiple users and groups may be present in a +.Li Runas_Spec , +in which case the user may select any combination of users and groups via the +.Fl u +and +.Fl g +options. +In this example: +.Bd -literal +alan ALL = (root, bin : operator, system) ALL +.Ed +.Pp +user +.Sy alan +may run any command as either user root or bin, +optionally setting the group to operator or system. +.Ss Option_Spec +A +.Li Cmnd +may have zero or more options associated with it. +Options may consist of +.if \n(SL \{\ +SELinux roles and/or types, +.\} +.if \n(PS \{\ +Solaris privileges sets, +.\} +start and/or end dates and command timeouts. +Once an option is set for a +.Li Cmnd , +subsequent +.Li Cmnd Ns s +in the +.Li Cmnd_Spec_List , +inherit that option unless it is overridden by another option. +Note that the option names are reserved words in +.Em sudoers . +This means that none of the valid option names (see below) can be used +when declaring an alias. +.if \n(SL \{\ +.Ss SELinux_Spec +On systems with SELinux support, +.Em sudoers +file entries may optionally have an SELinux role and/or type associated +with a command. +This can be used to implement a form of role-based access control (RBAC). +If a role or +type is specified with the command it will override any default values +specified in +.Em sudoers . +A role or type specified on the command line, +however, will supersede the values in +.Em sudoers . +.\} +.if \n(PS \{\ +.Ss Solaris_Priv_Spec +On Solaris systems, +.Em sudoers +file entries may optionally specify Solaris privilege set and/or limit +privilege set associated with a command. +If privileges or limit privileges are specified with the command +it will override any default values specified in +.Em sudoers . +.Pp +A privilege set is a comma-separated list of privilege names. +The +.Xr ppriv 1 +command can be used to list all privileges known to the system. +For example: +.Bd -literal +$ ppriv -l +.Ed +.Pp +In addition, there are several +.Dq special +privilege strings: +.Bl -tag -width 8n +.It none +the empty set +.It all +the set of all privileges +.It zone +the set of all privileges available in the current zone +.It basic +the default set of privileges normal users are granted at login time +.El +.Pp +Privileges can be excluded from a set by prefixing the privilege +name with either an +.Ql \&! +or +.Ql \- +character. +.\} +.Ss Date_Spec +.Nm +rules can be specified with a start and end date via the +.Li NOTBEFORE +and +.Li NOTAFTER +settings. +The time stamp must be specified in +.Em Generalized Time +as defined by RFC 4517. +The format is effectively +.Li yyyymmddHHMMSSZ +where the minutes and seconds are optional. +The +.Ql Z +suffix indicates that the time stamp is in Coordinated Universal Time (UTC). +It is also possible to specify a timezone offset from UTC in hours +and minutes instead of a +.Ql Z . +For example, +.Ql -0500 +would correspond to Eastern Standard time in the US. +As an extension, if no +.Ql Z +or timezone offset is specified, local time will be used. +.Pp +The following are all valid time stamps: +.Bd -literal -offset 4n +20170214083000Z +2017021408Z +20160315220000-0500 +20151201235900 +.Ed +.Ss Timeout_Spec +A command may have a timeout associated with it. +If the timeout expires before the command has exited, the +command will be terminated. +The timeout may be specified in combinations of days, hours, +minutes, and seconds with a single-letter case-insensitive suffix +that indicates the unit of time. +For example, a timeout of 7 days, 8 hours, 30 minutes, and +10 seconds would be written as +.Li 7d8h30m10s . +If a number is specified without a unit, seconds are assumed. +Any of the days, minutes, hours, or seconds may be omitted. +The order must be from largest to smallest unit and a unit +may not be specified more than once. +.Pp +The following are all +.Em valid +timeout values: +.Li 7d8h30m10s , +.Li 14d , +.Li 8h30m , +.Li 600s , +.Li 3600 . +The following are +.Em invalid +timeout values: +.Li 12m2w1d , +.Li 30s10m4h , +.Li 1d2d3h . +.Pp +This setting is only supported by version 1.8.20 or higher. +.Ss Chdir_Spec +The working directory that the command will be run in can be specified +using the +.Li CWD +setting. +The +.Fa directory +must be a fully-qualified path name beginning with a +.Sq / +or +.Sq ~ +character, or the special value +.Dq * . +A value of +.Dq * +indicates that the user may specify the working directory by running +.Nm sudo +with the +.Fl D +option. +By default, commands are run from the invoking user's current working +directory, unless the +.Fl i +option is given. +Path names of the form +.Li ~user/path/name +are interpreted as being relative to the named user's home directory. +If the user name is omitted, the path will be relative to the runas +user's home directory. +.Pp +This setting is only supported by version 1.9.3 or higher. +.Ss Chroot_Spec +The root directory that the command will be run in can be specified +using the +.Li CHROOT +setting. +The +.Fa directory +must be a fully-qualified path name beginning with a +.Sq / +or +.Sq ~ +character, or the special value +.Dq * . +A value of +.Dq * +indicates that the user may specify the root directory by running +.Nm sudo +with the +.Fl R +option. +This setting can be used to run the command in a +.Xr chroot 2 +.Dq sandbox +similar to the +.Xr chroot @mansectsu@ +utility. +Path names of the form +.Li ~user/path/name +are interpreted as being relative to the named user's home directory. +If the user name is omitted, the path will be relative to the runas +user's home directory. +.Pp +This setting is only supported by version 1.9.3 or higher. +.Ss Tag_Spec +A command may have zero or more tags associated with it. +The following tag values are supported: +.Li EXEC , +.Li NOEXEC , +.Li FOLLOW , +.Li NOFOLLOW , +.Li LOG_INPUT , +.Li NOLOG_INPUT , +.Li LOG_OUTPUT , +.Li NOLOG_OUTPUT , +.Li MAIL , +.Li NOMAIL , +.Li INTERCEPT , +.Li NOINTERCEPT , +.Li PASSWD , +.Li NOPASSWD , +.Li SETENV , +and +.Li NOSETENV . +Once a tag is set on a +.Li Cmnd , +subsequent +.Li Cmnd Ns s +in the +.Li Cmnd_Spec_List , +inherit the tag unless it is overridden by the opposite tag (in other words, +.Li PASSWD +overrides +.Li NOPASSWD +and +.Li NOEXEC +overrides +.Li EXEC ) . +.Bl -hang -width 0n +.It Em EXEC No and Em NOEXEC +.sp +If +.Nm sudo +has been compiled with +.Em noexec +support and the underlying operating system supports it, the +.Li NOEXEC +tag can be used to prevent a dynamically-linked executable from +running further commands itself. +.Pp +In the following example, user +.Sy aaron +may run +.Pa /usr/bin/more +and +.Pa /usr/bin/vi +but shell escapes will be disabled. +.Bd -literal +aaron shanty = NOEXEC: /usr/bin/more, /usr/bin/vi +.Ed +.Pp +See the +.Sx Preventing shell escapes +section below for more details on how +.Li NOEXEC +works and whether or not it will work on your system. +.It Em FOLLOW No and Em NOFOLLOW +Starting with version 1.8.15, +.Nm sudoedit +will not open a file that is a symbolic link unless the +.Em sudoedit_follow +flag is enabled. +The +.Em FOLLOW +and +.Em NOFOLLOW +tags override the value of +.Em sudoedit_follow +and can be used to permit (or deny) the editing of symbolic links +on a per-command basis. +These tags are only effective for the +.Em sudoedit +command and are ignored for all other commands. +.It Em LOG_INPUT No and Em NOLOG_INPUT +.sp +These tags override the value of the +.Em log_input +flag on a per-command basis. +For more information, see the description of +.Em log_input +in the +.Sx SUDOERS OPTIONS +section below. +.It Em LOG_OUTPUT No and Em NOLOG_OUTPUT +.sp +These tags override the value of the +.Em log_output +flag on a per-command basis. +For more information, see the description of +.Em log_output +in the +.Sx SUDOERS OPTIONS +section below. +.It Em MAIL No and Em NOMAIL +.sp +These tags provide fine-grained control over whether +mail will be sent when a user runs a command by +overriding the value of the +.Em mail_all_cmnds +flag on a per-command basis. +They have no effect when +.Nm sudo +is run with the +.Fl l +or +.Fl v +options. +A +.Em NOMAIL +tag will also override the +.Em mail_always +and +.Em mail_no_perms +options. +For more information, see the descriptions of +.Em mail_all_cmnds , +.Em mail_always , +and +.Em mail_no_perms +in the +.Sx SUDOERS OPTIONS +section below. +.It Em PASSWD No and Em NOPASSWD +.sp +By default, +.Nm sudo +requires that a user authenticate +before running a command. +This behavior can be modified via the +.Li NOPASSWD +tag. +Like a +.Li Runas_Spec , +the +.Li NOPASSWD +tag sets +a default for the commands that follow it in the +.Li Cmnd_Spec_List . +Conversely, the +.Li PASSWD +tag can be used to reverse things. +For example: +.Bd -literal +ray rushmore = NOPASSWD: /bin/kill, /bin/ls, /usr/bin/lprm +.Ed +.Pp +would allow the user +.Sy ray +to run +.Pa /bin/kill , +.Pa /bin/ls , +and +.Pa /usr/bin/lprm +as +.Sy root +on the machine +.Dq rushmore +without authenticating himself. +If we only want +.Sy ray +to be able to +run +.Pa /bin/kill +without a password the entry would be: +.Bd -literal +ray rushmore = NOPASSWD: /bin/kill, PASSWD: /bin/ls, /usr/bin/lprm +.Ed +.Pp +Note, however, that the +.Li PASSWD +tag has no effect on users who are in the group specified by the +.Em exempt_group +setting. +.Pp +By default, if the +.Li NOPASSWD +tag is applied to any of a user's entries for the current host, +the user will be able to run +.Dq Li sudo -l +without a password. +Additionally, a user may only run +.Dq Li sudo -v +without a password if all of the user's entries for the current +host have the +.Li NOPASSWD +tag. +This behavior may be overridden via the +.Em verifypw +and +.Em listpw +options. +.It Em SETENV No and Em NOSETENV +.sp +These tags override the value of the +.Em setenv +flag on a per-command basis. +Note that if +.Li SETENV +has been set for a command, the user may disable the +.Em env_reset +flag from the command line via the +.Fl E +option. +Additionally, environment variables set on the command +line are not subject to the restrictions imposed by +.Em env_check , +.Em env_delete , +or +.Em env_keep . +As such, only trusted users should be allowed to set variables in this manner. +If the command matched is +.Sy ALL , +the +.Li SETENV +tag is implied for that command; this default may be overridden by use of the +.Li NOSETENV +tag. +.It Em INTERCEPT No and Em NOINTERCEPT +.sp +If +.Nm sudo +has been compiled with +.Em intercept +support and the underlying operating system supports it, the +.Li INTERCEPT +tag can be used to cause programs spawned by a command to be validated against +.Em sudoers +and logged just like they would be if run through +.Nm sudo +directly. +This is useful in conjunction with commands that allow shell escapes +such as editors, shells, and paginators. +.Pp +In the following example, user +.Sy chuck +may run any command on the machine +.Dq research +in intercept mode. +.Bd -literal +chuck research = INTERCEPT: ALL +.Ed +.Pp +See the +.Sx Preventing shell escapes +section below for more details on how +.Li INTERCEPT +works and whether or not it will work on your system. +.El +.Ss Wildcards +.Nm sudo +allows shell-style +.Em wildcards +(aka meta or glob characters) +to be used in host names, path names, and command line arguments in the +.Em sudoers +file. +Wildcard matching is done via the +.Xr glob 3 +and +.Xr fnmatch 3 +functions as specified by +.St -p1003.1 . +.Bl -tag -width 8n +.It Li * +Matches any set of zero or more characters (including white space). +.It Li \&? +Matches any single character (including white space). +.It Li [...] +Matches any character in the specified range. +.It Li [!...] +Matches any character +.Em not +in the specified range. +.It Li \ex +For any character +.Sq x , +evaluates to +.Sq x . +This is used to escape special characters such as: +.Ql * , +.Ql \&? , +.Ql [\& , +and +.Ql ]\& . +.El +.Pp +.Bf -symbolic +Note that these are not regular expressions. +.Ef +Unlike a regular expression there is no way to match one or more +characters within a range. +.Pp +Character classes may be used if your system's +.Xr glob 3 +and +.Xr fnmatch 3 +functions support them. +However, because the +.Ql :\& +character has special meaning in +.Em sudoers , +it must be +escaped. +For example: +.Bd -literal -offset 4n +/bin/ls [[\e:\&alpha\e:\&]]* +.Ed +.Pp +Would match any file name beginning with a letter. +.Pp +Note that a forward slash +.Pq Ql / +will +.Em not +be matched by +wildcards used in the file name portion of the command. +This is to make a path like: +.Bd -literal -offset 4n +/usr/bin/* +.Ed +.Pp +match +.Pa /usr/bin/who +but not +.Pa /usr/bin/X11/xterm . +.Pp +When matching the command line arguments, however, a slash +.Em does +get matched by wildcards since command line arguments may contain +arbitrary strings and not just path names. +.Pp +.Bf -symbolic +Wildcards in command line arguments should be used with care. +.Ef +.br +Command line arguments are matched as a single, concatenated string. +This mean a wildcard character such as +.Ql \&? +or +.Ql * +will match across word boundaries, which may be unexpected. +For example, while a sudoers entry like: +.Bd -literal -offset 4n +%operator ALL = /bin/cat /var/log/messages* +.Ed +.Pp +will allow command like: +.Bd -literal -offset 4n +$ sudo cat /var/log/messages.1 +.Ed +.Pp +It will also allow: +.Bd -literal -offset 4n +$ sudo cat /var/log/messages /etc/shadow +.Ed +.Pp +which is probably not what was intended. +In most cases it is better to do command line processing +outside of the +.Em sudoers +file in a scripting language. +.Ss Exceptions to wildcard rules +The following exceptions apply to the above rules: +.Bl -tag -width 8n +.It Li \&"" +If the empty string +.Li \&"" +is the only command line argument in the +.Em sudoers +file entry it means that command is not allowed to be run with +.Em any +arguments. +.It sudoedit +Command line arguments to the +.Em sudoedit +built-in command should always be path names, so a forward slash +.Pq Ql / +will not be matched by a wildcard. +.El +.Ss Including other files from within sudoers +It is possible to include other +.Em sudoers +files from within the +.Em sudoers +file currently being parsed using the +.Li @include +and +.Li @includedir +directives. +For compatibility with sudo versions prior to 1.9.1, +.Li #include +and +.Li #includedir +are also accepted. +.Pp +An include file can be used, for example, to keep a site-wide +.Em sudoers +file in addition to a local, per-machine file. +For the sake of this example the site-wide +.Em sudoers +file will be +.Pa /etc/sudoers +and the per-machine one will be +.Pa /etc/sudoers.local . +To include +.Pa /etc/sudoers.local +from within +.Pa /etc/sudoers +one would use the following line in +.Pa /etc/sudoers : +.Bd -literal -offset 4n +@include /etc/sudoers.local +.Ed +.Pp +When +.Nm sudo +reaches this line it will suspend processing of the current file +.Pq Pa /etc/sudoers +and switch to +.Pa /etc/sudoers.local . +Upon reaching the end of +.Pa /etc/sudoers.local , +the rest of +.Pa /etc/sudoers +will be processed. +Files that are included may themselves include other files. +A hard limit of 128 nested include files is enforced to prevent include +file loops. +.Pp +Starting with version 1.9.1, the path to the include file may contain +white space if it is escaped with a backslash +.Pq Ql \e . +Alternately, the entire path may be enclosed in double quotes +.Pq \&"" , +in which case no escaping is necessary. +To include a literal backslash in the path, +.Ql \e\e +should be used. +.Pp +If the path to the include file is not fully-qualified (does not +begin with a +.Ql / ) , +it must be located in the same directory as the sudoers file it was +included from. +For example, if +.Pa /etc/sudoers +contains the line: +.Bd -literal -offset 4n +.Li @include sudoers.local +.Ed +.Pp +the file that will be included is +.Pa /etc/sudoers.local . +.Pp +The file name may also include the +.Li %h +escape, signifying the short form of the host name. +In other words, if the machine's host name is +.Dq xerxes , +then +.Bd -literal -offset 4n +@include /etc/sudoers.%h +.Ed +.Pp +will cause +.Nm sudo +to include the file +.Pa /etc/sudoers.xerxes . +.Pp +The +.Li @includedir +directive can be used to create a +.Pa sudoers.d +directory that the system package manager can drop +.Em sudoers +file rules into as part of package installation. +For example, given: +.Bd -literal -offset 4n +@includedir /etc/sudoers.d +.Ed +.Pp +.Nm sudo +will suspend processing of the current file and read each file in +.Pa /etc/sudoers.d , +skipping file names that end in +.Ql ~ +or contain a +.Ql .\& +character to avoid causing problems with package manager or editor +temporary/backup files. +Files are parsed in sorted lexical order. +That is, +.Pa /etc/sudoers.d/01_first +will be parsed before +.Pa /etc/sudoers.d/10_second . +Be aware that because the sorting is lexical, not numeric, +.Pa /etc/sudoers.d/1_whoops +would be loaded +.Em after +.Pa /etc/sudoers.d/10_second . +Using a consistent number of leading zeroes in the file names can be used +to avoid such problems. +After parsing the files in the directory, control returns to the +file that contained the +.Li @includedir +directive. +.Pp +Note that unlike files included via +.Li @include , +.Nm visudo +will not edit the files in a +.Li @includedir +directory unless one of them contains a syntax error. +It is still possible to run +.Nm visudo +with the +.Fl f +flag to edit the files directly, but this will not catch the +redefinition of an +.Em alias +that is also present in a different file. +.Ss Other special characters and reserved words +The pound sign +.Pq Ql # +is used to indicate a comment (unless it is part of a #include +directive or unless it occurs in the context of a user name and is +followed by one or more digits, in which case it is treated as a +user-ID). +Both the comment character and any text after it, up to the end of +the line, are ignored. +.Pp +The reserved word +.Sy ALL +is a built-in +.Em alias +that always causes a match to succeed. +It can be used wherever one might otherwise use a +.Li Cmnd_Alias , +.Li User_Alias , +.Li Runas_Alias , +or +.Li Host_Alias . +Attempting to define an +.Em alias +named +.Sy ALL +will result in a syntax error. +Please note that using +.Sy ALL +can be dangerous since in a command context, it allows the user to run +.Em any +command on the system. +.Pp +The following option names permitted in an +.Li Option_Spec +are also considered reserved words: +.Li CHROOT , +.if \n(PS \{\ +.Li PRIVS , +.Li LIMITPRIVS , +.\} +.if \n(SL \{\ +.Li ROLE , +.Li TYPE , +.\} +.Li TIMEOUT , +.Li CWD , +.Li NOTBEFORE +and +.Li NOTAFTER . +Attempting to define an +.Em alias +with the same name as one of the options will result in a syntax error. +.Pp +An exclamation point +.Pq Ql \&! +can be used as a logical +.Em not +operator in a list or +.Em alias +as well as in front of a +.Li Cmnd . +This allows one to exclude certain values. +For the +.Ql \&! +operator to be effective, there must be something for it to exclude. +For example, to match all users except for root one would use: +.Bd -literal -offset 4n +ALL,!root +.Ed +.Pp +If the +.Sy ALL , +is omitted, as in: +.Bd -literal -offset 4n +!root +.Ed +.Pp +it would explicitly deny root but not match any other users. +This is different from a true +.Dq negation +operator. +.Pp +Note, however, that using a +.Ql \&! +in conjunction with the built-in +.Sy ALL +alias to allow a user to run +.Dq all but a few +commands rarely works as intended (see +.Sx SECURITY NOTES +below). +.Pp +Long lines can be continued with a backslash +.Pq Ql \e +as the last character on the line. +.Pp +White space between elements in a list as well as special syntactic +characters in a +.Em User Specification +.Po +.Ql =\& , +.Ql :\& , +.Ql (\& , +.Ql )\& +.Pc +is optional. +.Pp +The following characters must be escaped with a backslash +.Pq Ql \e +when used as part of a word (e.g., a user name or host name): +.Ql \&! , +.Ql =\& , +.Ql :\& , +.Ql ,\& , +.Ql (\& , +.Ql )\& , +.Ql \e . +.Sh SUDOERS OPTIONS +.Nm sudo Ns 's +behavior can be modified by +.Li Default_Entry +lines, as explained earlier. +A list of all supported Defaults parameters, grouped by type, are listed below. +.Pp +.Sy Boolean Flags : +.Bl -tag -width 16n +.It always_query_group_plugin +If a +.Em group_plugin +is configured, use it to resolve groups of the form %group as long +as there is not also a system group of the same name. +Normally, only groups of the form %:group are passed to the +.Em group_plugin . +This flag is +.Em off +by default. +.It always_set_home +If enabled, +.Nm sudo +will set the +.Ev HOME +environment variable to the home directory of the target user +(which is the root user unless the +.Fl u +option is used). +This flag is largely obsolete and has no effect unless the +.Em env_reset +flag has been disabled or +.Ev HOME +is present in the +.Em env_keep +list, both of which are strongly discouraged. +This flag is +.Em off +by default. +.It authenticate +If set, users must authenticate themselves via a password (or other +means of authentication) before they may run commands. +This default may be overridden via the +.Li PASSWD +and +.Li NOPASSWD +tags. +This flag is +.Em on +by default. +.It case_insensitive_group +If enabled, group names in +.Em sudoers +will be matched in a case insensitive manner. +This may be necessary when users are stored in LDAP or AD. +This flag is +.Em on +by default. +.It case_insensitive_user +If enabled, user names in +.Em sudoers +will be matched in a case insensitive manner. +This may be necessary when groups are stored in LDAP or AD. +This flag is +.Em on +by default. +.It closefrom_override +If set, the user may use the +.Fl C +option which overrides the default starting point at which +.Nm sudo +begins closing open file descriptors. +This flag is +.Em off +by default. +.It compress_io +If set, and +.Nm sudo +is configured to log a command's input or output, +the I/O logs will be compressed using +.Sy zlib . +This flag is +.Em on +by default when +.Nm sudo +is compiled with +.Sy zlib +support. +.It exec_background +By default, +.Nm sudo +runs a command as the foreground process as long as +.Nm sudo +itself is running in the foreground. +When the +.Em exec_background +flag is enabled and the command is being run in a pseudo-terminal +(due to I/O logging or the +.Em use_pty +flag), the command will be run as a background process. +Attempts to read from the controlling terminal (or to change terminal +settings) will result in the command being suspended with the +.Dv SIGTTIN +signal (or +.Dv SIGTTOU +in the case of terminal settings). +If this happens when +.Nm sudo +is a foreground process, the command will be granted the controlling terminal +and resumed in the foreground with no user intervention required. +The advantage of initially running the command in the background is that +.Nm sudo +need not read from the terminal unless the command explicitly requests it. +Otherwise, any terminal input must be passed to the command, whether it +has required it or not (the kernel buffers terminals so it is not possible +to tell whether the command really wants the input). +This is different from historic +.Em sudo +behavior or when the command is not being run in a pseudo-terminal. +.Pp +For this to work seamlessly, the operating system must support the +automatic restarting of system calls. +Unfortunately, not all operating systems do this by default, +and even those that do may have bugs. +For example, macOS fails to restart the +.Fn tcgetattr +and +.Fn tcsetattr +system calls (this is a bug in macOS). +Furthermore, because this behavior depends on the command stopping with the +.Dv SIGTTIN +or +.Dv SIGTTOU +signals, programs that catch these signals and suspend themselves +with a different signal (usually +.Dv SIGTOP ) +will not be automatically foregrounded. +Some versions of the linux +.Xr su 1 +command behave this way. +This flag is +.Em off +by default. +.Pp +This setting is only supported by version 1.8.7 or higher. +It has no effect unless I/O logging is enabled or the +.Em use_pty +flag is enabled. +.It env_editor +If set, +.Nm visudo +will use the value of the +.Ev SUDO_EDITOR , +.Ev VISUAL +or +.Ev EDITOR +environment variables before falling back on the default editor list. +Note that +.Nm visudo +is typically run as root so this flag may allow a user with +.Nm visudo +privileges to run arbitrary commands as root without logging. +An alternative is to place a colon-separated list of +.Dq safe +editors int the +.Em editor +setting. +.Nm visudo +will then only use +.Ev SUDO_EDITOR , +.Ev VISUAL +or +.Ev EDITOR +if they match a value specified in +.Em editor . +If the +.Em env_reset +flag is enabled, the +.Ev SUDO_EDITOR , +.Ev VISUAL +and/or +.Ev EDITOR +environment variables must be present in the +.Em env_keep +list for the +.Em env_editor +flag to function when +.Nm visudo +is invoked via +.Nm sudo . +This flag is +.Em @env_editor@ +by default. +.It env_reset +If set, +.Nm sudo +will run the command in a minimal environment containing the +.Ev TERM , +.Ev PATH , +.Ev HOME , +.Ev MAIL , +.Ev SHELL , +.Ev LOGNAME , +.Ev USER +and +.Ev SUDO_* +variables. +Any variables in the caller's environment or in the file specified +by the +.Em restricted_env_file +setting that match the +.Li env_keep +and +.Li env_check +lists are then added, followed by any variables present in the file +specified by the +.Em env_file +setting (if any). +The contents of the +.Li env_keep +and +.Li env_check +lists, as modified by global Defaults parameters in +.Em sudoers , +are displayed when +.Nm sudo +is run by root with the +.Fl V +option. +If the +.Em secure_path +setting is enabled, its value will be used for the +.Ev PATH +environment variable. +This flag is +.Em @env_reset@ +by default. +.It fast_glob +Normally, +.Nm sudo +uses the +.Xr glob 3 +function to do shell-style globbing when matching path names. +However, since it accesses the file system, +.Xr glob 3 +can take a long time to complete for some patterns, especially +when the pattern references a network file system that is mounted +on demand (auto mounted). +The +.Em fast_glob +flag causes +.Nm sudo +to use the +.Xr fnmatch 3 +function, which does not access the file system to do its matching. +The disadvantage of +.Em fast_glob +is that it is unable to match relative path names such as +.Pa ./ls +or +.Pa ../bin/ls . +This has security implications when path names that include globbing +characters are used with the negation operator, +.Ql !\& , +as such rules can be trivially bypassed. +As such, this flag should not be used when the +.Em sudoers +file contains rules that contain negated path names which include globbing +characters. +This flag is +.Em off +by default. +.It fqdn +Set this flag if you want to put fully qualified host names in the +.Em sudoers +file when the local host name (as returned by the +.Li hostname +command) does not contain the domain name. +In other words, instead of myhost you would use myhost.mydomain.edu. +You may still use the short form if you wish (and even mix the two). +This flag is only effective when the +.Dq canonical +host name, as returned by the +.Fn getaddrinfo +or +.Fn gethostbyname +function, is a fully-qualified domain name. +This is usually the case when the system is configured to use DNS +for host name resolution. +.Pp +If the system is configured to use the +.Pa /etc/hosts +file in preference to DNS, the +.Dq canonical +host name may not be fully-qualified. +The order that sources are queried for host name resolution +is usually specified in the +.Pa @nsswitch_conf@ , +.Pa @netsvc_conf@ , +.Pa /etc/host.conf , +or, in some cases, +.Pa /etc/resolv.conf +file. +In the +.Pa /etc/hosts +file, the first host name of the entry is considered to be the +.Dq canonical +name; subsequent names are aliases that are not used by +.Nm . +For example, the following hosts file line for the machine +.Dq xyzzy +has the fully-qualified domain name as the +.Dq canonical +host name, and the short version as an alias. +.sp +.Dl 192.168.1.1 xyzzy.sudo.ws xyzzy +.sp +If the machine's hosts file entry is not formatted properly, the +.Em fqdn +flag will not be effective if it is queried before DNS. +.Pp +Beware that when using DNS for host name resolution, turning on +.Em fqdn +requires +.Nm +to make DNS lookups which renders +.Nm sudo +unusable if DNS stops working (for example if the machine is disconnected +from the network). +Also note that just like with the hosts file, you must use the +.Dq canonical +name as DNS knows it. +That is, you may not use a host alias +.Po +.Li CNAME +entry +.Pc +due to performance issues and the fact that there is no way to get all +aliases from DNS. +.Pp +This flag is +.Em @fqdn@ +by default. +.It ignore_audit_errors +Allow commands to be run even if +.Nm +cannot write to the audit log. +If enabled, an audit log write failure is not treated as a fatal error. +If disabled, a command may only be run after the audit event is successfully +written. +This flag is only effective on systems for which +.Nm +supports audit logging, including +.Fx , +Linux, macOS, and Solaris. +This flag is +.Em on +by default. +.It ignore_dot +If set, +.Nm sudo +will ignore "." or "" (both denoting current directory) in the +.Ev PATH +environment variable; the +.Ev PATH +itself is not modified. +This flag is +.Em @ignore_dot@ +by default. +.It ignore_iolog_errors +Allow commands to be run even if +.Nm +cannot write to the I/O log (local or remote). +If enabled, an I/O log write failure is not treated as a fatal error. +If disabled, the command will be terminated if the I/O log cannot be written to. +This flag is +.Em off +by default. +.It ignore_logfile_errors +Allow commands to be run even if +.Nm +cannot write to the log file. +If enabled, a log file write failure is not treated as a fatal error. +If disabled, a command may only be run after the log file entry is successfully +written. +This flag only has an effect when +.Nm +is configured to use file-based logging via the +.Em logfile +setting. +This flag is +.Em on +by default. +.It ignore_local_sudoers +If set via LDAP, parsing of +.Pa @sysconfdir@/sudoers +will be skipped. +This is intended for Enterprises that wish to prevent the usage of local +sudoers files so that only LDAP is used. +This thwarts the efforts of rogue operators who would attempt to add roles to +.Pa @sysconfdir@/sudoers . +When this flag is enabled, +.Pa @sysconfdir@/sudoers +does not even need to exist. +Since this flag tells +.Nm sudo +how to behave when no specific LDAP entries have been matched, this +sudoOption is only meaningful for the +.Li cn=defaults +section. +This flag is +.Em off +by default. +.It ignore_unknown_defaults +If set, +.Nm sudo +will not produce a warning if it encounters an unknown Defaults entry +in the +.Em sudoers +file or an unknown sudoOption in LDAP. +This flag is +.Em off +by default. +.It insults +If set, +.Nm sudo +will insult users when they enter an incorrect password. +This flag is +.Em @insults@ +by default. +.It log_allowed +If set, +.Nm +will log commands allowed by the policy to the system audit log +(where supported) as well as to syslog and/or a log file. +This flag is +.Em on +by default. +.Pp +This setting is only supported by version 1.8.29 or higher. +.It log_denied +If set, +.Nm +will log commands denied by the policy to the system audit log +(where supported) as well as to syslog and/or a log file. +This flag is +.Em on +by default. +.Pp +This setting is only supported by version 1.8.29 or higher. +.It log_exit_status +If set, +.Nm +will log the exit value of commands that are run to syslog and/or a log file. +If a command was terminated by a signal, the signal name is logged as well. +This flag is +.Em off +by default. +.Pp +This setting is only supported by version 1.9.8 or higher. +.It log_host +If set, the host name will be included in log entries written to +the file configured by the +.Em logfile +setting. +This flag is +.Em off +by default. +.It log_input +If set, +.Nm sudo +will run the command in a pseudo-terminal and log all user input. +If the standard input is not connected to the user's tty, due to +I/O redirection or because the command is part of a pipeline, that +input is also captured and stored in a separate log file. +Anything sent to the standard input will be consumed, regardless of +whether or not the command run via +.Nm sudo +is actually reading the standard input. +This may have unexpected results when using +.Nm sudo +in a shell script that expects to process the standard input. +For more information about I/O logging, see the +.Sx "I/O LOG FILES" +section. +This flag is +.Em off +by default. +.It log_output +If set, +.Nm sudo +will run the command in a pseudo-terminal and log all output that is sent +to the screen, similar to the +.Xr script 1 +command. +For more information about I/O logging, see the +.Sx "I/O LOG FILES" +section. +This flag is +.Em off +by default. +.It log_server_keepalive +If set, +.Nm sudo +will enable the TCP keepalive socket option on the connection to the log server. +This enables the periodic transmission of keepalive messages to the server. +If the server does not respond to a message, the connection will +be closed and the running command will be terminated unless the +.Em ignore_iolog_errors +flag (I/O logging enabled) or the +.Em ignore_log_errors +flag (I/O logging disabled) is set. +This flag is +.Em on +by default. +.Pp +This setting is only supported by version 1.9.0 or higher. +.It log_server_verify +If set, the server certificate received during the TLS handshake +must be valid and it must contain either the server name (from +.Em log_servers ) +or its IP address. +If either of these conditions is not met, the TLS handshake will fail. +This flag is +.Em on +by default. +.Pp +This setting is only supported by version 1.9.0 or higher. +.It log_subcmds +If set, +.Nm +will log when a command spawns a child process and executes a program +using the +.Fn execl , +.Fn execle , +.Fn execlp , +.Fn execv , +.Fn execve , +.Fn execvp , +or +.Fn execvpe +library functions. +For example, if a shell is run by +.Nm sudo , +the individual commands run via the shell will be logged. +This flag is +.Em off +by default. +.Pp +The +.Em log_subcmds +flag uses the same underlying mechanism as the +.Em intercept +setting. +See +.Sx Preventing shell escapes +for more information on what systems support this option and its limitations. +This setting is only supported by version 1.9.8 or higher +and is incompatible with SELinux RBAC support. +.It log_year +If set, the four-digit year will be logged in the (non-syslog) +.Nm sudo +log file. +This flag is +.Em off +by default. +.It long_otp_prompt +When validating with a One Time Password (OTP) scheme such as +.Sy S/Key +or +.Sy OPIE , +a two-line prompt is used to make it easier +to cut and paste the challenge to a local window. +It's not as pretty as the default but some people find it more convenient. +This flag is +.Em @long_otp_prompt@ +by default. +.It mail_all_cmnds +Send mail to the +.Em mailto +user every time a user attempts to run a command via +.Nm sudo +(this includes +.Nm sudoedit ) . +No mail will be sent if the user runs +.Nm sudo +with the +.Fl l +or +.Fl v +option unless there is an authentication error and the +.Em mail_badpass +flag is also set. +This flag is +.Em off +by default. +.It mail_always +Send mail to the +.Em mailto +user every time a user runs +.Nm sudo . +This flag is +.Em off +by default. +.It mail_badpass +Send mail to the +.Em mailto +user if the user running +.Nm sudo +does not enter the correct password. +If the command the user is attempting to run is not permitted by +.Nm +and one of the +.Em mail_all_cmnds , +.Em mail_always , +.Em mail_no_host , +.Em mail_no_perms +or +.Em mail_no_user +flags are set, this flag will have no effect. +This flag is +.Em off +by default. +.It mail_no_host +If set, mail will be sent to the +.Em mailto +user if the invoking user exists in the +.Em sudoers +file, but is not allowed to run commands on the current host. +This flag is +.Em @mail_no_host@ +by default. +.It mail_no_perms +If set, mail will be sent to the +.Em mailto +user if the invoking user is allowed to use +.Nm sudo +but the command they are trying is not listed in their +.Em sudoers +file entry or is explicitly denied. +This flag is +.Em @mail_no_perms@ +by default. +.It mail_no_user +If set, mail will be sent to the +.Em mailto +user if the invoking user is not in the +.Em sudoers +file. +This flag is +.Em @mail_no_user@ +by default. +.It match_group_by_gid +By default, +.Nm +will look up each group the user is a member of by group-ID to +determine the group name (this is only done once). +The resulting list of the user's group names is used when matching +groups listed in the +.Em sudoers +file. +This works well on systems where the number of groups listed in the +.Em sudoers +file is larger than the number of groups a typical user belongs to. +On systems where group lookups are slow, where users may belong +to a large number of groups, and where the number of groups listed +in the +.Em sudoers +file is relatively small, it may be prohibitively expensive and +running commands via +.Nm sudo +may take longer than normal. +On such systems it may be faster to use the +.Em match_group_by_gid +flag to avoid resolving the user's group-IDs to group names. +In this case, +.Nm +must look up any group name listed in the +.Em sudoers +file and use the group-ID instead of the group name when determining +whether the user is a member of the group. +.Pp +Note that if +.Em match_group_by_gid +is enabled, group database lookups performed by +.Nm +will be keyed by group name as opposed to group-ID. +On systems where there are multiple sources for the group database, +it is possible to have conflicting group names or group-IDs in the local +.Pa /etc/group +file and the remote group database. +On such systems, enabling or disabling +.Em match_group_by_gid +can be used to choose whether group database queries are performed +by name (enabled) or ID (disabled), which may aid in working around +group entry conflicts. +.Pp +The +.Em match_group_by_gid +flag has no effect when +.Em sudoers +data is stored in LDAP. +This flag is +.Em off +by default. +.Pp +This setting is only supported by version 1.8.18 or higher. +.It intercept +If set, all commands run via +.Nm sudo +will behave as if the +.Li INTERCEPT +tag has been set, unless overridden by an +.Li NOINTERCEPT +tag. +See the description of +.Em INTERCEPT and NOINTERCEPT +above as well as the +.Sx Preventing shell escapes +section at the end of this manual. +This flag is +.Em off +by default. +.Pp +This setting is only supported by version 1.9.8 or higher +and is incompatible with SELinux RBAC support. +.It intercept_allow_setid +On most systems, the dynamic loader will ignore +.Ev LD_PRELOAD +(or the equivalent) when running set-user-ID and set-group-ID +programs, effectively disabling intercept mode. +To prevent this from happening, +.Nm +will not permit a set-user-ID or set-group-ID program to be run in +intercept mode unless +.Em intercept_allow_setid +is set. +This flag has no effect unless the +.Em intercept +flag is enabled or the +.Em INTERCEPT +tag has been set for the command. +This flag is +.Em on +by default. +.Pp +This setting is only supported by version 1.9.8 or higher. +.It intercept_authenticate +If set, commands run by an intercepted process must be authenticated +when the user's time stamp is not current. +For example, if a shell is run with +.Em intercept +enabled, as soon as the invoking user's time stamp is out of date, +subsequent commands will need to be authenticated. +This flag has no effect unless the +.Em intercept +flag is enabled or the +.Em INTERCEPT +tag has been set for the command. +This flag is +.Em off +by default. +.Pp +This setting is only supported by version 1.9.8 or higher. +.It netgroup_tuple +If set, netgroup lookups will be performed using the full netgroup +tuple: host name, user name, and domain (if one is set). +Historically, +.Nm sudo +only matched the user name and domain for netgroups used in a +.Li User_List +and only matched the host name and domain for netgroups used in a +.Li Host_List . +This flag is +.Em off +by default. +.It noexec +If set, all commands run via +.Nm sudo +will behave as if the +.Li NOEXEC +tag has been set, unless overridden by an +.Li EXEC +tag. +See the description of +.Em EXEC and NOEXEC +above as well as the +.Sx Preventing shell escapes +section at the end of this manual. +This flag is +.Em off +by default. +.It pam_acct_mgmt +On systems that use PAM for authentication, +.Nm sudo +will perform PAM account validation for the invoking user by default. +The actual checks performed depend on which PAM modules are configured. +If enabled, account validation will be performed regardless of whether +or not a password is required. +This flag is +.Em on +by default. +.Pp +This setting is only supported by version 1.8.28 or higher. +.It pam_rhost +On systems that use PAM for authentication, +.Nm sudo +will set the PAM remote host value to the name of the local host +when the +.Em pam_rhost +flag is enabled. +On Linux systems, enabling +.Em pam_rhost +may result in DNS lookups of the local host name when PAM is initialized. +On Solaris versions prior to Solaris 8, +.Em pam_rhost +must be enabled if +.Em pam_ruser +is also enabled to avoid a crash in the Solaris PAM implementation. +.Pp +This flag is +.Em off +by default on systems other than Solaris. +.Pp +This setting is only supported by version 1.9.0 or higher. +.It pam_ruser +On systems that use PAM for authentication, +.Nm sudo +will set the PAM remote user value to the name of the user that invoked sudo +when the +.Em pam_ruser +flag is enabled. +This flag is +.Em on +by default. +.Pp +This setting is only supported by version 1.9.0 or higher. +.It pam_session +On systems that use PAM for authentication, +.Nm sudo +will create a new PAM session for the command to be run in. +Unless +.Nm sudo +is given the +.Fl i +or +.Fl s +options, PAM session modules are run with the +.Dq silent +flag enabled. +This prevents last login information from being displayed for every +command on some systems. +Disabling +.Em pam_session +may be needed on older PAM implementations or on operating systems where +opening a PAM session changes the utmp or wtmp files. +If PAM session support is disabled, resource limits may not be updated +for the command being run. +If +.Em pam_session , +.Em pam_setcred , +and +.Em use_pty +are disabled, +.Em log_servers +has not been set and I/O logging has not been configured, +.Nm sudo +will execute the command directly instead of running it as a child +process. +This flag is +.Em @pam_session@ +by default. +.Pp +This setting is only supported by version 1.8.7 or higher. +.It pam_setcred +On systems that use PAM for authentication, +.Nm sudo +will attempt to establish credentials for the target user by default, +if supported by the underlying authentication system. +One example of a credential is a Kerberos ticket. +If +.Em pam_session , +.Em pam_setcred , +and +.Em use_pty +are disabled, +.Em log_servers +has not been set and I/O logging has not been configured, +.Nm sudo +will execute the command directly instead of running it as a child +process. +This flag is +.Em on +by default. +.Pp +This setting is only supported by version 1.8.8 or higher. +.It passprompt_override +If set, the prompt specified by +.Em passprompt +or the +.Ev SUDO_PROMPT +environment variable will always be used and will replace the +prompt provided by a PAM module or other authentication method. +This flag is +.Em off +by default. +.It path_info +Normally, +.Nm sudo +will tell the user when a command could not be +found in their +.Ev PATH +environment variable. +Some sites may wish to disable this as it could be used to gather +information on the location of executables that the normal user does +not have access to. +The disadvantage is that if the executable is simply not in the user's +.Ev PATH , +.Nm sudo +will tell the user that they are not allowed to run it, which can be confusing. +This flag is +.Em @path_info@ +by default. +.It preserve_groups +By default, +.Nm sudo +will initialize the group vector to the list of groups the target user is in. +When +.Em preserve_groups +is set, the user's existing group vector is left unaltered. +The real and effective group-IDs, however, are still set to match the +target user. +This flag is +.Em off +by default. +.It pwfeedback +By default, +.Nm sudo +reads the password like most other Unix programs, +by turning off echo until the user hits the return (or enter) key. +Some users become confused by this as it appears to them that +.Nm sudo +has hung at this point. +When +.Em pwfeedback +is set, +.Nm sudo +will provide visual feedback when the user presses a key. +Note that this does have a security impact as an onlooker may be able to +determine the length of the password being entered. +This flag is +.Em off +by default. +.It requiretty +If set, +.Nm sudo +will only run when the user is logged in to a real tty. +When this flag is set, +.Nm sudo +can only be run from a login session and not via other means such as +.Xr cron @mansectsu@ +or cgi-bin scripts. +This flag is +.Em off +by default. +.It root_sudo +If set, root is allowed to run +.Nm sudo +too. +Disabling this prevents users from +.Dq chaining +.Nm sudo +commands to get a root shell by doing something like +.Dq Li sudo sudo /bin/sh . +Note, however, that turning off +.Em root_sudo +will also prevent root from running +.Nm sudoedit . +Disabling +.Em root_sudo +provides no real additional security; it exists purely for historical reasons. +This flag is +.Em @root_sudo@ +by default. +.It rootpw +If set, +.Nm sudo +will prompt for the root password instead of the password of the invoking user +when running a command or editing a file. +This flag is +.Em off +by default. +.It runas_allow_unknown_id +If enabled, allow matching of runas user and group IDs that are +not present in the password or group databases. +In addition to explicitly matching unknown user or group IDs in a +.Li Runas_List , +this option also allows the +.Sy ALL +alias to match unknown IDs. +This flag is +.Em off +by default. +.Pp +This setting is only supported by version 1.8.30 or higher. +Older versions of +.Nm sudo +always allowed matching of unknown user and group IDs. +.It runas_check_shell +If enabled, +.Nm sudo +will only run commands as a user whose shell appears in the +.Pa /etc/shells +file, even if the invoking user's +.Li Runas_List +would otherwise permit it. +If no +.Pa /etc/shells +file is present, a system-dependent list of built-in default shells is used. +On many operating systems, system users such as +.Dq bin , +do not have a valid shell and this flag can be used to prevent +commands from being run as those users. +This flag is +.Em off +by default. +.Pp +This setting is only supported by version 1.8.30 or higher. +.It runaspw +If set, +.Nm sudo +will prompt for the password of the user defined by the +.Em runas_default +option (defaults to +.Li @runas_default@ ) +instead of the password of the invoking user +when running a command or editing a file. +This flag is +.Em off +by default. +.if \n(SL \{\ +.It selinux +If enabled, the user may specify an SELinux role and/or type to use +when running the command, as permitted by the SELinux policy. +If SELinux is disabled on the system, this flag has no effect. +This flag is +.Em on +by default. +.\} +.It set_home +If enabled and +.Nm sudo +is invoked with the +.Fl s +option, the +.Ev HOME +environment variable will be set to the home directory of the target +user (which is the root user unless the +.Fl u +option is used). +This flag is largely obsolete and has no effect unless the +.Em env_reset +flag has been disabled or +.Ev HOME +is present in the +.Em env_keep +list, both of which are strongly discouraged. +This flag is +.Em off +by default. +.It set_logname +Normally, +.Nm sudo +will set the +.Ev LOGNAME +and +.Ev USER +environment variables to the name of the target user (usually root unless the +.Fl u +option is given). +However, since some programs (including the RCS revision control system) use +.Ev LOGNAME +to determine the real identity of the user, it may be desirable to +change this behavior. +This can be done by negating the set_logname option. +Note that +.Em set_logname +will have no effect +if the +.Em env_reset +option has not been disabled and the +.Em env_keep +list contains +.Ev LOGNAME +or +.Ev USER . +This flag is +.Em on +by default. +.It set_utmp +When enabled, +.Nm sudo +will create an entry in the utmp (or utmpx) file when a pseudo-terminal +is allocated. +A pseudo-terminal is allocated by +.Nm sudo +when it is running in a terminal and one or more of the +.Em log_input , +.Em log_output , +or +.Em use_pty +flags is enabled. +By default, the new entry will be a copy of the user's existing utmp +entry (if any), with the tty, time, type, and pid fields updated. +This flag is +.Em on +by default. +.It setenv +Allow the user to disable the +.Em env_reset +option from the command line via the +.Fl E +option. +Additionally, environment variables set via the command line are +not subject to the restrictions imposed by +.Em env_check , +.Em env_delete , +or +.Em env_keep . +As such, only trusted users should be allowed to set variables in this manner. +This flag is +.Em off +by default. +.It shell_noargs +If set and +.Nm sudo +is invoked with no arguments it acts as if the +.Fl s +option had been given. +That is, it runs a shell as root (the shell is determined by the +.Ev SHELL +environment variable if it is set, falling back on the shell listed +in the invoking user's /etc/passwd entry if not). +This flag is +.Em off +by default. +.It stay_setuid +Normally, when +.Nm sudo +executes a command the real and effective user-IDs are set to the target +user (root by default). +This option changes that behavior such that the real user-ID is left +as the invoking user's user-ID. +In other words, this makes +.Nm sudo +act as a set-user-ID wrapper. +This can be useful on systems that disable some potentially +dangerous functionality when a program is run set-user-ID. +This option is only effective on systems that support either the +.Xr setreuid 2 +or +.Xr setresuid 2 +system call. +This flag is +.Em off +by default. +.It sudoedit_checkdir +If set, +.Nm sudoedit +will check all directory components of the path to be edited for writability +by the invoking user. +Symbolic links will not be followed in writable directories and +.Nm sudoedit +will refuse to edit a file located in a writable directory. +These restrictions are not enforced when +.Nm sudoedit +is run by root. +On some systems, if all directory components of the path to be edited +are not readable by the target user, +.Nm sudoedit +will be unable to edit the file. +This flag is +.Em on +by default. +.Pp +This setting was first introduced in version 1.8.15 but initially +suffered from a race condition. +The check for symbolic links in writable intermediate directories +was added in version 1.8.16. +.It sudoedit_follow +By default, +.Nm sudoedit +will not follow symbolic links when opening files. +The +.Em sudoedit_follow +option can be enabled to allow +.Nm sudoedit +to open symbolic links. +It may be overridden on a per-command basis by the +.Em FOLLOW +and +.Em NOFOLLOW +tags. +This flag is +.Em off +by default. +.Pp +This setting is only supported by version 1.8.15 or higher. +.It syslog_pid +When logging via +.Xr syslog 3 , +include the process ID in the log entry. +This flag is +.Em off +by default. +.Pp +This setting is only supported by version 1.8.21 or higher. +.It targetpw +If set, +.Nm sudo +will prompt for the password of the user specified +by the +.Fl u +option (defaults to +.Li root ) +instead of the password of the invoking user +when running a command or editing a file. +Note that this flag precludes the use of a user-ID not listed in the passwd +database as an argument to the +.Fl u +option. +This flag is +.Em off +by default. +.It tty_tickets +If set, users must authenticate on a per-tty basis. +With this flag enabled, +.Nm sudo +will use a separate record in the time stamp file for each terminal. +If disabled, a single record is used for all login sessions. +.Pp +This option has been superseded by the +.Em timestamp_type +option. +.It umask_override +If set, +.Nm sudo +will set the umask as specified in the +.Em sudoers +file without modification. +This makes it possible to specify a umask in the +.Em sudoers +file that is more permissive than the user's own umask and matches +historical behavior. +If +.Em umask_override +is not set, +.Nm sudo +will set the umask to be the union of the user's umask and what is specified in +.Em sudoers . +This flag is +.Em @umask_override@ +by default. +.if \n(LC \{\ +.It use_loginclass +If set, +.Nm sudo +will apply the defaults specified for the target user's login class +if one exists. +Only available if +.Nm sudo +is configured with the +.Li --with-logincap +option. +This flag is +.Em off +by default. +.\} +.It use_netgroups +If set, netgroups (prefixed with +.Ql + ) , +may be used in place of a user or host. +For LDAP-based sudoers, netgroup support requires an expensive +sub-string match on the server unless the +.Sy NETGROUP_BASE +directive is present in the +.Pa @ldap_conf@ +file. +If netgroups are not needed, this option can be disabled to reduce the +load on the LDAP server. +This flag is +.Em on +by default. +.It use_pty +If set, and +.Nm sudo +is running in a terminal, the command will be run in a pseudo-terminal +(even if no I/O logging is being done). +If the +.Nm sudo +process is not attached to a terminal, +.Em use_pty +has no effect. +.Pp +A malicious program run under +.Nm sudo +may be capable of injecting commands into the user's +terminal or running a background process that retains access to the +user's terminal device even after the main program has finished +executing. +By running the command in a separate pseudo-terminal, this attack is +no longer possible. +This flag is +.Em off +by default. +.It user_command_timeouts +If set, the user may specify a timeout on the command line. +If the timeout expires before the command has exited, the +command will be terminated. +If a timeout is specified both in the +.Pa sudoers +file and on the command line, the smaller of the two timeouts will be used. +See the +.Li Timeout_Spec +section for a description of the timeout syntax. +This flag is +.Em off +by default. +.Pp +This setting is only supported by version 1.8.20 or higher. +.It utmp_runas +If set, +.Nm sudo +will store the name of the runas user when updating the utmp (or utmpx) file. +By default, +.Nm sudo +stores the name of the invoking user. +This flag is +.Em off +by default. +.It visiblepw +By default, +.Nm sudo +will refuse to run if the user must enter a password but it is not +possible to disable echo on the terminal. +If the +.Em visiblepw +flag is set, +.Nm sudo +will prompt for a password even when it would be visible on the screen. +This makes it possible to run things like +.Dq Li ssh somehost sudo ls +since by default, +.Xr ssh 1 +does +not allocate a tty when running a command. +This flag is +.Em off +by default. +.El +.Pp +.Sy Integers : +.Bl -tag -width 16n +.It closefrom +Before it executes a command, +.Nm sudo +will close all open file descriptors other than standard input, +standard output, and standard error (file descriptors 0-2). +The +.Em closefrom +option can be used to specify a different file descriptor at which +to start closing. +The default is +.Li 3 . +.It command_timeout +The maximum amount of time a command is allowed to run before +it is terminated. +See the +.Li Timeout_Spec +section for a description of the timeout syntax. +.Pp +This setting is only supported by version 1.8.20 or higher. +.It log_server_timeout +The maximum amount of time to wait when connecting to a log server +or waiting for a server response. +See the +.Li Timeout_Spec +section for a description of the timeout syntax. +The default value is 30 seconds. +.Pp +This setting is only supported by version 1.9.0 or higher. +.It maxseq +The maximum sequence number that will be substituted for the +.Dq Li %{seq} +escape in the I/O log file (see the +.Em iolog_dir +description below for more information). +While the value substituted for +.Dq Li %{seq} +is in base 36, +.Em maxseq +itself should be expressed in decimal. +Values larger than 2176782336 (which corresponds to the +base 36 sequence number +.Dq ZZZZZZ ) +will be silently truncated to 2176782336. +The default value is 2176782336. +.Pp +Once the local sequence number reaches the value of +.Em maxseq , +it will +.Dq roll over +to zero, after which +.Nm +will truncate and re-use any existing I/O log path names. +.Pp +This setting is only supported by version 1.8.7 or higher. +.It passwd_tries +The number of tries a user gets to enter his/her password before +.Nm sudo +logs the failure and exits. +The default is +.Li @passwd_tries@ . +.It syslog_maxlen +On many systems, +.Xr syslog 3 +has a relatively small log buffer. +IETF RFC 5424 states that syslog servers must support messages of +at least 480 bytes and should support messages up to 2048 bytes. +By default, +.Nm +creates log messages up to 980 bytes which corresponds to the +historic +.Bx +syslog implementation which used a 1024 byte buffer +to store the message, date, hostname, and program name. +To prevent syslog messages from being truncated, +.Nm +will split up log messages that are larger than +.Em syslog_maxlen +bytes. +When a message is split, additional parts will include the string +.Dq Pq command continued +after the user name and before the continued command line arguments. +.Pp +This setting is only supported by version 1.8.19 or higher. +.El +.Pp +.Sy Integers that can be used in a boolean context : +.Bl -tag -width 16n +.It loglinelen +Number of characters per line for the file log. +This value is used to decide when to wrap lines for nicer log files. +This has no effect on the syslog log file, only the file log. +The default is +.Li @loglen@ +(use 0 or negate the option to disable word wrap). +.It passwd_timeout +Number of minutes before the +.Nm sudo +password prompt times out, or +.Li 0 +for no timeout. +The timeout may include a fractional component +if minute granularity is insufficient, for example +.Li 2.5 . +The +default is +.Li @password_timeout@ . +.It timestamp_timeout +Number of minutes that can elapse before +.Nm sudo +will ask for a passwd again. +The timeout may include a fractional component if +minute granularity is insufficient, for example +.Li 2.5 . +The default is +.Li @timeout@ . +Set this to +.Li 0 +to always prompt for a password. +If set to a value less than +.Li 0 +the user's time stamp will not expire until the system is rebooted. +This can be used to allow users to create or delete their own time stamps via +.Dq Li sudo -v +and +.Dq Li sudo -k +respectively. +.It umask +File mode creation mask to use when running the command. +Negate this option or set it to 0777 to prevent +.Nm +from changing the umask. +Unless the +.Em umask_override +flag is set, the actual umask will be the union of the +user's umask and the value of the +.Em umask +setting, which defaults to +.Li @sudo_umask@ . +This guarantees +that +.Nm sudo +never lowers the umask when running a command. +.Pp +If +.Em umask +is explicitly set in +.Em sudoers , +it will override any umask setting in PAM or login.conf. +If +.Em umask +is not set in +.Em sudoers , +the umask specified by PAM or login.conf will take precedence. +The umask setting in PAM is not used for +.Nm sudoedit , +which does not create a new PAM session. +.El +.Pp +.Sy Strings : +.Bl -tag -width 16n +.It authfail_message +Message that is displayed after a user fails to authenticate. +The message may include the +.Ql %d +escape which will expand to the number of failed password attempts. +If set, it overrides the default message, +.Li %d incorrect password attempt(s) . +.It badpass_message +Message that is displayed if a user enters an incorrect password. +The default is +.Li @badpass_message@ +unless insults are enabled. +.It editor +A colon +.Pq Ql :\& +separated list of editors path names used by +.Nm sudoedit +and +.Nm visudo . +For +.Nm sudoedit , +this list is used to find an editor when none of the +.Ev SUDO_EDITOR , +.Ev VISUAL +or +.Ev EDITOR +environment variables are set to an editor that exists and is executable. +For +.Nm visudo , +it is used as a white list of allowed editors; +.Nm visudo +will choose the editor that matches the user's +.Ev SUDO_EDITOR , +.Ev VISUAL +or +.Ev EDITOR +environment variable if possible, or the first editor in the +list that exists and is executable if not. +Unless invoked as +.Nm sudoedit , +.Nm sudo +does not preserve the +.Ev SUDO_EDITOR , +.Ev VISUAL +or +.Ev EDITOR +environment variables unless they are present in the +.Em env_keep +list or the +.Em env_reset +option is disabled. +The default is +.Pa @editor@ . +.It iolog_dir +The top-level directory to use when constructing the path name for +the input/output log directory. +Only used if the +.Em log_input +or +.Em log_output +options are enabled or when the +.Li LOG_INPUT +or +.Li LOG_OUTPUT +tags are present for a command. +The session sequence number, if any, is stored in the directory. +The default is +.Pa @iolog_dir@ . +.Pp +The following percent +.Pq Ql % +escape sequences are supported: +.Bl -tag -width 4n +.It Li %{seq} +expanded to a monotonically increasing base-36 sequence number, such as 0100A5, +where every two digits are used to form a new directory, e.g., +.Pa 01/00/A5 +.It Li %{user} +expanded to the invoking user's login name +.It Li %{group} +expanded to the name of the invoking user's real group-ID +.It Li %{runas_user} +expanded to the login name of the user the command will +be run as (e.g., root) +.It Li %{runas_group} +expanded to the group name of the user the command will +be run as (e.g., wheel) +.It Li %{hostname} +expanded to the local host name without the domain name +.It Li %{command} +expanded to the base name of the command being run +.El +.Pp +In addition, any escape sequences supported by the system's +.Xr strftime 3 +function will be expanded. +.Pp +To include a literal +.Ql % +character, the string +.Ql %% +should be used. +.It iolog_file +The path name, relative to +.Em iolog_dir , +in which to store input/output logs when the +.Em log_input +or +.Em log_output +options are enabled or when the +.Li LOG_INPUT +or +.Li LOG_OUTPUT +tags are present for a command. +Note that +.Em iolog_file +may contain directory components. +The default is +.Dq Li %{seq} . +.Pp +See the +.Em iolog_dir +option above for a list of supported percent +.Pq Ql % +escape sequences. +.Pp +In addition to the escape sequences, path names that end in six or +more +.Li X Ns s +will have the +.Li X Ns s +replaced with a unique combination of digits and letters, similar to the +.Xr mktemp 3 +function. +.Pp +If the path created by concatenating +.Em iolog_dir +and +.Em iolog_file +already exists, the existing I/O log file will be truncated and +overwritten unless +.Em iolog_file +ends in six or +more +.Li X Ns s . +.It iolog_flush +If set, +.Nm sudo +will flush I/O log data to disk after each write instead of buffering it. +This makes it possible to view the logs in real-time as the program +is executing but may significantly reduce the effectiveness of I/O +log compression. +This flag is +.Em off +by default. +.Pp +This setting is only supported by version 1.8.20 or higher. +.It iolog_group +The group name to look up when setting the group-ID on new I/O log +files and directories. +If +.Em iolog_group +is not set, +the primary group-ID of the user specified by +.Em iolog_user +is used. +If neither +.Em iolog_group +nor +.Em iolog_user +are set, I/O log files and directories are created with group-ID 0. +.Pp +This setting is only supported by version 1.8.19 or higher. +.It iolog_mode +The file mode to use when creating I/O log files. +Mode bits for read and write permissions for owner, group, or other +are honored, everything else is ignored. +The file permissions will always include the owner read and +write bits, even if they are not present in the specified mode. +When creating I/O log directories, search (execute) bits are added +to match the read and write bits specified by +.Em iolog_mode . +Defaults to 0600 (read and write by user only). +.Pp +This setting is only supported by version 1.8.19 or higher. +.It iolog_user +The user name to look up when setting the user and group-IDs on new +I/O log files and directories. +If +.Em iolog_group +is set, it will be used instead of the user's primary group-ID. +By default, I/O log files and directories are created with user and +group-ID 0. +.Pp +This setting can be useful when the I/O logs are stored on a Network +File System (NFS) share. +Having a dedicated user own the I/O log files means that +.Nm +does not write to the log files as user-ID 0, which is usually +not permitted by NFS. +.Pp +This setting is only supported by version 1.8.19 or higher. +.It lecture_status_dir +The directory in which +.Nm sudo +stores per-user lecture status files. +Once a user has received the lecture, a zero-length file is +created in this directory so that +.Nm sudo +will not lecture the user again. +This directory should +.Em not +be cleared when the system reboots. +The default is +.Pa @vardir@/lectured . +.if \n(PS \{\ +.It limitprivs +The default Solaris limit privileges to use when constructing a new +privilege set for a command. +This bounds all privileges of the executing process. +The default limit privileges may be overridden on a per-command basis in +.Em sudoers . +This option is only available if +.Nm +is built on Solaris 10 or higher. +.\} +.It log_server_cabundle +The path to a certificate authority bundle file, in PEM format, +to use instead of the system's default certificate authority database +when authenticating the log server. +The default is to use the system's default certificate authority database. +This setting has no effect unless +.Em log_servers +is set and the remote log server is secured with TLS. +.Pp +This setting is only supported by version 1.9.0 or higher. +.It log_server_peer_cert +The path to the +.Nm sudo +client's certificate file, in PEM format. +This setting is required when the remote log server is secured +with TLS and client certificate validation is enabled. +For +.Nm sudo_logsrvd , +client certificate validation is controlled by the +.Em tls_checkpeer +option, which defaults to +.Em false . +.Pp +This setting is only supported by version 1.9.0 or higher. +.It log_server_peer_key +The path to the +.Nm sudo +client's private key file, in PEM format. +This setting is required when the remote log server is secured +with TLS and client certificate validation is enabled. +For +.Nm sudo_logsrvd , +client certificate validation is controlled by the +.Em tls_checkpeer +option, which defaults to +.Em false . +.Pp +This setting is only supported by version 1.9.0 or higher. +.It mailsub +Subject of the mail sent to the +.Em mailto +user. +The escape +.Li %h +will expand to the host name of the machine. +Default is +.Dq Li @mailsub@ . +.It noexec_file +As of +.Nm sudo +version 1.8.1 this option is no longer supported. +The path to the noexec file should now be set in the +.Xr sudo.conf @mansectform@ +file. +.It pam_askpass_service +On systems that use PAM for authentication, this is the service +name used when the +.Fl A +option is specified. +The default value is either +.Dq Li @pam_service@ +or +.Dq Li @pam_login_service@ , +depending on whether or not the +.Fl i +option is also specified. +See the description of +.Em pam_service +for more information. +.Pp +This setting is only supported by version 1.9.9 or higher. +.It pam_login_service +On systems that use PAM for authentication, this is the service +name used when the +.Fl i +option is specified. +The default value is +.Dq Li @pam_login_service@ . +See the description of +.Em pam_service +for more information. +.Pp +This setting is only supported by version 1.8.8 or higher. +.It pam_service +On systems that use PAM for authentication, the service name +specifies the PAM policy to apply. +This usually corresponds to an entry in the +.Pa pam.conf +file or a file in the +.Pa /etc/pam.d +directory. +The default value is +.Dq Li sudo . +.Pp +This setting is only supported by version 1.8.8 or higher. +.It passprompt +The default prompt to use when asking for a password; can be overridden via the +.Fl p +option or the +.Ev SUDO_PROMPT +environment variable. +The following percent +.Pq Ql % +escape sequences are supported: +.Bl -tag -width 4n +.It Li %H +expanded to the local host name including the domain name +(only if the machine's host name is fully qualified or the +.Em fqdn +option is set) +.It Li %h +expanded to the local host name without the domain name +.It Li %p +expanded to the user whose password is being asked for (respects the +.Em rootpw , +.Em targetpw +and +.Em runaspw +flags in +.Em sudoers ) +.It Li \&%U +expanded to the login name of the user the command will +be run as (defaults to root) +.It Li %u +expanded to the invoking user's login name +.It Li %% +two consecutive +.Li % +characters are collapsed into a single +.Li % +character +.El +.Pp +On systems that use PAM for authentication, +.Em passprompt +will only be used if the prompt provided by the PAM module matches the string +.Dq "Password: " +or +.Dq "username's Password: " . +This ensures that the +.Em passprompt +setting does not interfere with challenge-response style authentication. +The +.Em passprompt_override +flag can be used to change this behavior. +.Pp +The default value is +.Dq Li "@passprompt@" . +.if \n(PS \{\ +.It privs +The default Solaris privileges to use when constructing a new +privilege set for a command. +This is passed to the executing process via the inherited privilege set, +but is bounded by the limit privileges. +If the +.Em privs +option is specified but the +.Em limitprivs +option is not, the limit privileges of the executing process is set to +.Em privs . +The default privileges may be overridden on a per-command basis in +.Em sudoers . +This option is only available if +.Nm +is built on Solaris 10 or higher. +.\} +.if \n(SL \{\ +.It role +The default SELinux role to use when constructing a new security +context to run the command. +The default role may be overridden on a per-command basis in the +.Em sudoers +file or via command line options. +This option is only available when +.Nm sudo +is built with SELinux support. +.\} +.It runas_default +The default user to run commands as if the +.Fl u +option is not specified on the command line. +This defaults to +.Li @runas_default@ . +.It sudoers_locale +Locale to use when parsing the sudoers file, logging commands, and +sending email. +Note that changing the locale may affect how sudoers is interpreted. +Defaults to +.Dq Li C . +.It timestamp_type +.Nm +uses per-user time stamp files for credential caching. +The +.Em timestamp_type +option can be used to specify the type of time stamp record used. +It has the following possible values: +.Bl -tag -width 6n +.It global +A single time stamp record is used for all of a user's login sessions, +regardless of the terminal or parent process ID. +An additional record is used to serialize password prompts when +.Nm sudo +is used multiple times in a pipeline, but this does not affect authentication. +.It ppid +A single time stamp record is used for all processes with the same parent +process ID (usually the shell). +Commands run from the same shell (or other common parent process) +will not require a password for +.Em timestamp_timeout +minutes +.Po +.Li @timeout@ +by default +.Pc . +Commands run via +.Nm sudo +with a different parent process ID, for example from a shell script, +will be authenticated separately. +.It tty +One time stamp record is used for each terminal, +which means that a user's login sessions are authenticated separately. +If no terminal is present, the behavior is the same as +.Em ppid . +Commands run from the same terminal will not require a password for +.Em timestamp_timeout +minutes +.Po +.Li @timeout@ +by default +.Pc . +.It kernel +The time stamp is stored in the kernel as an attribute of the terminal +device. +If no terminal is present, the behavior is the same as +.Em ppid . +Negative +.Em timestamp_timeout +values are not supported and positive values are limited to a maximum +of 60 minutes. +This is currently only supported on +.Ox . +.El +.Pp +The default value is +.Em @timestamp_type@ . +.Pp +This setting is only supported by version 1.8.21 or higher. +.It timestampdir +The directory in which +.Nm sudo +stores its time stamp files. +This directory should be cleared when the system reboots. +The default is +.Pa @rundir@/ts . +.It timestampowner +The owner of the lecture status directory, time stamp directory and all +files stored therein. +The default is +.Li root . +.if \n(SL \{\ +.It type +The default SELinux type to use when constructing a new security +context to run the command. +The default type may be overridden on a per-command basis in the +.Em sudoers +file or via command line options. +This option is only available when +.Nm sudo +is built with SELinux support. +.\} +.El +.Pp +.Sy Strings that can be used in a boolean context : +.Bl -tag -width 12n +.It admin_flag +The +.Em admin_flag +option specifies the path to a file that is created the first time +a user that is a member of the +.Em sudo +or +.Em admin +groups runs +.Nm sudo . +Only available if +.Nm sudo +is configured with the +.Li --enable-admin-flag +option. +The default value is +.Li ~/.sudo_as_admin_successful . +.It env_file +The +.Em env_file +option specifies the fully qualified path to a file containing variables +to be set in the environment of the program being run. +Entries in this file should either be of the form +.Dq Li VARIABLE=value +or +.Dq Li export VARIABLE=value . +The value may optionally be enclosed in single or double quotes. +Variables in this file are only added if the variable does not already +exist in the environment. +This file is considered to be part of the security policy, +its contents are not subject to other +.Nm sudo +environment restrictions such as +.Em env_keep +and +.Em env_check . +.It exempt_group +Users in this group are exempt from password and PATH requirements. +The group name specified should not include a +.Li % +prefix. +This is not set by default. +.It fdexec +Determines whether +.Nm sudo +will execute a command by its path or by an open file descriptor. +It has the following possible values: +.Bl -tag -width 6n +.It always +Always execute by file descriptor. +.It never +Never execute by file descriptor. +.It digest_only +Only execute by file descriptor if the command has an associated digest +in the +.Em sudoers +file. +.El +.Pp +The default value is +.Em digest_only . +This avoids a time of check versus time of use race condition when +the command is located in a directory writable by the invoking user. +.Pp +Note that +.Em fdexec +will change the first element of the argument vector for scripts +($0 in the shell) due to the way the kernel runs script interpreters. +Instead of being a normal path, it will refer to a file descriptor. +For example, +.Pa /dev/fd/4 +on Solaris and +.Pa /proc/self/fd/4 +on Linux. +A workaround is to use the +.Dv SUDO_COMMAND +environment variable instead. +.Pp +The +.Em fdexec +setting is only used when the command is matched by path name. +It has no effect if the command is matched by the built-in +.Sy ALL +alias. +.Pp +This setting is only supported by version 1.8.20 or higher. +If the operating system does not support the +.Fn fexecve +system call, this setting has no effect. +.It group_plugin +A string containing a +.Nm +group plugin with optional arguments. +The string should consist of the plugin +path, either fully-qualified or relative to the +.Pa @plugindir@ +directory, followed by any configuration arguments the plugin requires. +These arguments (if any) will be passed to the plugin's initialization function. +If arguments are present, the string must be enclosed in double quotes +.Pq \&"" . +.Pp +For more information see +.Sx "GROUP PROVIDER PLUGINS" . +.It lecture +This option controls when a short lecture will be printed along with +the password prompt. +It has the following possible values: +.Bl -tag -width 6n +.It always +Always lecture the user. +.It never +Never lecture the user. +.It once +Only lecture the user the first time they run +.Nm sudo . +.El +.Pp +If no value is specified, a value of +.Em once +is implied. +Negating the option results in a value of +.Em never +being used. +The default value is +.Em @lecture@ . +.It lecture_file +Path to a file containing an alternate +.Nm sudo +lecture that will be used in place of the standard lecture if the named +file exists. +By default, +.Nm sudo +uses a built-in lecture. +.It listpw +This option controls when a password will be required when a user runs +.Nm sudo +with the +.Fl l +option. +It has the following possible values: +.Bl -tag -width 8n +.It all +All the user's +.Em sudoers +file entries for the current host must have +the +.Li NOPASSWD +flag set to avoid entering a password. +.It always +The user must always enter a password to use the +.Fl l +option. +.It any +At least one of the user's +.Em sudoers +file entries for the current host +must have the +.Li NOPASSWD +flag set to avoid entering a password. +.It never +The user need never enter a password to use the +.Fl l +option. +.El +.Pp +If no value is specified, a value of +.Em any +is implied. +Negating the option results in a value of +.Em never +being used. +The default value is +.Em any . +.It log_format +The event log format. +Supported log formats are: +.Bl -tag -width 8n +.It json +Logs in JSON format. +JSON log entries contain the full user details as well as the execution +environment if the command was allowed. +Due to limitations of the protocol, JSON events sent via +.Em syslog +may be truncated. +.It sudo +Traditional sudo-style logs, see +.Sx "LOG FORMAT" +for a description of the log file format. +.El +.Pp +This setting affects logs sent via +.Xr syslog 3 +as well as the file specified by the +.Em logfile +setting, if any. +The default value is +.Em sudo . +.It logfile +Path to the +.Nm sudo +log file (not the syslog log file). +Setting a path turns on logging to a file; +negating this option turns it off. +By default, +.Nm sudo +logs via syslog. +.It mailerflags +Flags to use when invoking mailer. +Defaults to +.Fl t . +.It mailerpath +Path to mail program used to send warning mail. +Defaults to the path to sendmail found at configure time. +.It mailfrom +Address to use for the +.Dq from +address when sending warning and error mail. +The address should be enclosed in double quotes +.Pq \&"" +to protect against +.Nm sudo +interpreting the +.Li @ +sign. +Defaults to the name of the user running +.Nm sudo . +.It mailto +Address to send warning and error mail to. +The address should be enclosed in double quotes +.Pq \&"" +to protect against +.Nm sudo +interpreting the +.Li @ +sign. +Defaults to +.Li @mailto@ . +.It rlimit_as +The maximum size to which the process's address space may grow (in bytes), +if supported by the operating system. +See +.Sx "Resource limits" +for more information. +.It rlimit_core +The largest size core dump file that may be created (in bytes). +See +.Sx "Resource limits" +for more information. +Defaults to 0 (no core dump created). +.It rlimit_cpu +The maximum amount of CPU time that the process may use (in seconds). +See +.Sx "Resource limits" +for more information. +.It rlimit_data +The maximum size of the data segment for the process (in bytes). +See +.Sx "Resource limits" +for more information. +.It rlimit_fsize +The largest size file that the process may create (in bytes). +See +.Sx "Resource limits" +for more information. +.It rlimit_locks +The maximum number of locks that the process may establish, +if supported by the operating system. +See +.Sx "Resource limits" +for more information. +.It rlimit_memlock +The maximum size that the process may lock in memory (in bytes), +if supported by the operating system. +See +.Sx "Resource limits" +for more information. +.It rlimit_nofile +The maximum number of files that the process may have open. +See +.Sx "Resource limits" +for more information. +.It rlimit_nproc +The maximum number of processes that the user may run simultaneously. +See +.Sx "Resource limits" +for more information. +.It rlimit_rss +The maximum size to which the process's resident set size may grow (in bytes). +See +.Sx "Resource limits" +for more information. +.It rlimit_stack +The maximum size to which the process's stack may grow (in bytes). +See +.Sx "Resource limits" +for more information. +.It restricted_env_file +The +.Em restricted_env_file +option specifies the fully qualified path to a file containing variables +to be set in the environment of the program being run. +Entries in this file should either be of the form +.Dq Li VARIABLE=value +or +.Dq Li export VARIABLE=value . +The value may optionally be enclosed in single or double quotes. +Variables in this file are only added if the variable does not already +exist in the environment. +Unlike +.Em env_file , +the file's contents are not trusted and are processed in a manner +similar to that of the invoking user's environment. +If +.Em env_reset +is enabled, variables in the file will only be added if they are +matched by either the +.Em env_check +or +.Em env_keep +list. +If +.Em env_reset +is disabled, variables in the file are added as long as they +are not matched by the +.Em env_delete +list. +In either case, the contents of +.Em restricted_env_file +are processed before the contents of +.Em env_file . +.It runchroot +If set, +.Nm sudo +will use this value for the root directory when running a command. +The special value +.Dq * +will allow the user to specify the root directory via +.Nm sudo Ns 's +.Fl R +option. +See the +.Sx Chroot_Spec +section for more details. +.Pp +It is only possible to use +.Em runchroot +as a command-specific Defaults setting if the command exists with +the same path both inside and outside the chroot jail. +This restriction does not apply to generic, host, or user-based +Defaults settings or to a +.Em Cmnd_Spec +that includes a +.Em Chroot_Spec . +.Pp +This setting is only supported by version 1.9.3 or higher. +.It runcwd +If set, +.Nm sudo +will use this value for the working directory when running a command. +The special value +.Dq * +will allow the user to specify the working directory via +.Nm sudo Ns 's +.Fl D +option. +See the +.Sx Chdir_Spec +section for more details. +.Pp +This setting is only supported by version 1.9.3 or higher. +.It secure_path +If set, +.Nm sudo +will use this value in place of the user's +.Ev PATH +environment variable. +This option can be used to reset the +.Ev PATH +to a known good value that contains directories for system administrator +commands such as +.Pa /usr/sbin . +.Pp +Users in the group specified by the +.Em exempt_group +option are not affected by +.Em secure_path . +This option is @secure_path@ by default. +.It syslog +Syslog facility if syslog is being used for logging (negate to +disable syslog logging). +Defaults to +.Li @logfac@ . +.Pp +The following syslog facilities are supported: +.Sy authpriv +(if your +OS supports it), +.Sy auth , +.Sy daemon , +.Sy user , +.Sy local0 , +.Sy local1 , +.Sy local2 , +.Sy local3 , +.Sy local4 , +.Sy local5 , +.Sy local6 , +and +.Sy local7 . +.It syslog_badpri +Syslog priority to use when the user is not allowed to run a command or +when authentication is unsuccessful. +Defaults to +.Li @badpri@ . +.Pp +The following syslog priorities are supported: +.Sy alert , +.Sy crit , +.Sy debug , +.Sy emerg , +.Sy err , +.Sy info , +.Sy notice , +.Sy warning , +and +.Sy none . +Negating the option or setting it to a value of +.Sy none +will disable logging of unsuccessful commands. +.It syslog_goodpri +Syslog priority to use when the user is allowed to run a command and +authentication is successful. +Defaults to +.Li @goodpri@ . +.Pp +See +.Em syslog_badpri +for the list of supported syslog priorities. +Negating the option or setting it to a value of +.Sy none +will disable logging of successful commands. +.It verifypw +This option controls when a password will be required when a user runs +.Nm sudo +with the +.Fl v +option. +It has the following possible values: +.Bl -tag -width 6n +.It all +All the user's +.Em sudoers +file entries for the current host must have the +.Li NOPASSWD +flag set to avoid entering a password. +.It always +The user must always enter a password to use the +.Fl v +option. +.It any +At least one of the user's +.Em sudoers +file entries for the current host must have the +.Li NOPASSWD +flag set to avoid entering a password. +.It never +The user need never enter a password to use the +.Fl v +option. +.El +.Pp +If no value is specified, a value of +.Em all +is implied. +Negating the option results in a value of +.Em never +being used. +The default value is +.Em all . +.El +.Pp +.Sy Lists that can be used in a boolean context : +.Bl -tag -width 16n +.It env_check +Environment variables to be removed from the user's environment +unless they are considered +.Dq safe . +For all variables except +.Li TZ , +.Dq safe +means that the variable's value does not contain any +.Ql % +or +.Ql / +characters. +This can be used to guard against printf-style format vulnerabilities +in poorly-written programs. +The +.Li TZ +variable is considered unsafe if any of the following are true: +.Bl -bullet -width 1n +.It +It consists of a fully-qualified path name, +optionally prefixed with a colon +.Pq Ql :\& , +that does not match the location of the +.Pa zoneinfo +directory. +.It +It contains a +.Pa .. +path element. +.It +It contains white space or non-printable characters. +.It +It is longer than the value of +.Li PATH_MAX . +.El +.Pp +The argument may be a double-quoted, space-separated list or a +single value without double-quotes. +The list can be replaced, added to, deleted from, or disabled by using +the +.Li = , +.Li += , +.Li -= , +and +.Li \&! +operators respectively. +Regardless of whether the +.Li env_reset +option is enabled or disabled, variables specified by +.Li env_check +will be preserved in the environment if they pass the aforementioned check. +The global list of environment variables to check is displayed when +.Nm sudo +is run by root with +the +.Fl V +option. +.It env_delete +Environment variables to be removed from the user's environment when the +.Em env_reset +option is not in effect. +The argument may be a double-quoted, space-separated list or a +single value without double-quotes. +The list can be replaced, added to, deleted from, or disabled by using the +.Li = , +.Li += , +.Li -= , +and +.Li \&! +operators respectively. +The global list of environment variables to remove is displayed when +.Nm sudo +is run by root with the +.Fl V +option. +Note that many operating systems will remove potentially dangerous +variables from the environment of any set-user-ID process (such as +.Nm sudo ) . +.It env_keep +Environment variables to be preserved in the user's environment when the +.Em env_reset +option is in effect. +This allows fine-grained control over the environment +.Nm sudo Ns -spawned +processes will receive. +The argument may be a double-quoted, space-separated list or a +single value without double-quotes. +The list can be replaced, added to, deleted from, or disabled by using the +.Li = , +.Li += , +.Li -= , +and +.Li \&! +operators respectively. +The global list of variables to keep +is displayed when +.Nm sudo +is run by root with the +.Fl V +option. +.Pp +Preserving the +.Ev HOME +environment variable has security implications since many programs use it +when searching for configuration or data files. +Adding +.Ev HOME +to +.Em env_keep +may enable a user to run unrestricted commands via +.Nm sudo +and is strongly discouraged. +Users wishing to edit files with +.Nm sudo +should run +.Nm sudoedit +(or +.Nm sudo Fl e ) +to get their accustomed editor configuration instead of +invoking the editor directly. +.It log_servers +A list of one or more servers to use for remote event and I/O log storage, +separated by white space. +Log servers must be running +.Nm sudo_logsrvd +or another service that implements the protocol described by +.Xr sudo_logsrv.proto @mansectform@ . +.Pp +Server addresses should be of the form +.Dq host Ns Oo : Ns port Oc Ns Op (tls) . +The host portion may be a host name, an IPv4 address, or an IPv6 address +in square brackets. +.Pp +If the optional +.Em tls +flag is present, the connection will be secured +with Transport Layer Security (TLS) version 1.2 or 1.3. +Versions of TLS prior to 1.2 are not supported. +.Pp +If a port is specified, it may either be a port number or a well-known +service name as defined by the system service name database. +If no port is specified, port 30343 will be used for plaintext +connections and port 30344 will be used for TLS connections. +.Pp +When +.Em log_servers +is set, event log data will be logged both locally (see the +.Em syslog +and +.Em log_file +settings) as well as remotely, but I/O log data will only be logged remotely. +If multiple hosts are specified, they will be attempted in reverse order. +If no log servers are available, the user will not be able to run +a command unless either the +.Em ignore_iolog_errors +flag (I/O logging enabled) or the +.Em ignore_log_errors +flag (I/O logging disabled) is set. +Likewise, if the connection to the log server is interrupted while +.Nm sudo +is running, the command will be terminated unless the +.Em ignore_iolog_errors +flag (I/O logging enabled) or the +.Em ignore_log_errors +flag (I/O logging disabled) is set. +.Pp +This setting is only supported by version 1.9.0 or higher. +.El +.Sh GROUP PROVIDER PLUGINS +The +.Nm +plugin supports its own plugin interface to allow non-Unix +group lookups which can query a group source other +than the standard Unix group database. +This can be used to implement support for the +.Li nonunix_group +syntax described earlier. +.Pp +Group provider plugins are specified via the +.Em group_plugin +setting. +The argument to +.Em group_plugin +should consist of the plugin path, either fully-qualified or relative to the +.Pa @plugindir@ +directory, followed by any configuration options the plugin requires. +These options (if specified) will be passed to the plugin's initialization +function. +If options are present, the string must be enclosed in double quotes +.Pq \&"" . +.Pp +The following group provider plugins are installed by default: +.Bl -tag -width 8n +.It group_file +The +.Em group_file +plugin supports an alternate group file that uses the same syntax as the +.Pa /etc/group +file. +The path to the group file should be specified as an option +to the plugin. +For example, if the group file to be used is +.Pa /etc/sudo-group : +.Bd -literal +Defaults group_plugin="group_file.so /etc/sudo-group" +.Ed +.It system_group +The +.Em system_group +plugin supports group lookups via the standard C library functions +.Fn getgrnam +and +.Fn getgrid . +This plugin can be used in instances where the user belongs to +groups not present in the user's supplemental group vector. +This plugin takes no options: +.Bd -literal +Defaults group_plugin=system_group.so +.Ed +.El +.Pp +The group provider plugin API is described in detail in +.Xr sudo_plugin @mansectform@ . +.Sh LOG FORMAT +.Nm +can log events in either JSON or +.Em sudo +format, +this section describes the +.Em sudo +log format. +Depending on +.Em sudoers +configuration, +.Nm +can log events via +.Xr syslog 3 , +to a local log file, or both. +The log format is almost identical in both cases. +.Ss Accepted command log entries +Commands that sudo runs are logged using the following format (split +into multiple lines for readability): +.Bd -literal -offset 4n +date hostname progname: username : TTY=ttyname ; PWD=cwd ; \e + USER=runasuser ; GROUP=runasgroup ; TSID=logid ; \e + ENV=env_vars COMMAND=command +.Ed +.Pp +Where the fields are as follows: +.Bl -tag -width 12n +.It date +The date the command was run. +Typically, this is in the format +.Dq MMM, DD, HH:MM:SS . +If logging via +.Xr syslog 3 , +the actual date format is controlled by the syslog daemon. +If logging to a file and the +.Em log_year +option is enabled, +the date will also include the year. +.It hostname +The name of the host +.Nm sudo +was run on. +This field is only present when logging via +.Xr syslog 3 . +.It progname +The name of the program, usually +.Em sudo +or +.Em sudoedit . +This field is only present when logging via +.Xr syslog 3 . +.It username +The login name of the user who ran +.Nm sudo . +.It ttyname +The short name of the terminal (e.g., +.Dq console , +.Dq tty01 , +or +.Dq pts/0 ) +.Nm sudo +was run on, or +.Dq unknown +if there was no terminal present. +.It cwd +The current working directory that +.Nm sudo +was run in. +.It runasuser +The user the command was run as. +.It runasgroup +The group the command was run as if one was specified on the command line. +.It logid +An I/O log identifier that can be used to replay the command's output. +This is only present when the +.Em log_input +or +.Em log_output +option is enabled. +.It env_vars +A list of environment variables specified on the command line, +if specified. +.It command +The actual command that was executed. +.El +.Pp +Messages are logged using the locale specified by +.Em sudoers_locale , +which defaults to the +.Dq Li C +locale. +.Ss Denied command log entries +If the user is not allowed to run the command, the reason for the denial +will follow the user name. +Possible reasons include: +.Bl -tag -width 4 +.It user NOT in sudoers +The user is not listed in the +.Em sudoers +file. +.It user NOT authorized on host +The user is listed in the +.Em sudoers +file but is not allowed to run commands on the host. +.It command not allowed +The user is listed in the +.Em sudoers +file for the host but they are not allowed to run the specified command. +.It 3 incorrect password attempts +The user failed to enter their password after 3 tries. +The actual number of tries will vary based on the number of +failed attempts and the value of the +.Em passwd_tries +option. +.It a password is required +The +.Fl n +option was specified but a password was required. +.It sorry, you are not allowed to set the following environment variables +The user specified environment variables on the command line that +were not allowed by +.Em sudoers . +.El +.Ss Error log entries +If an error occurs, +.Nm +will log a message and, in most cases, send a message to the +administrator via email. +Possible errors include: +.Bl -tag -width 4 +.It parse error in @sysconfdir@/sudoers near line N +.Nm +encountered an error when parsing the specified file. +In some cases, the actual error may be one line above or below the +line number listed, depending on the type of error. +.It problem with defaults entries +The +.Em sudoers +file contains one or more unknown Defaults settings. +This does not prevent +.Nm sudo +from running, but the +.Em sudoers +file should be checked using +.Nm visudo . +.It timestamp owner (username): \&No such user +The time stamp directory owner, as specified by the +.Em timestampowner +setting, could not be found in the password database. +.It unable to open/read @sysconfdir@/sudoers +The +.Em sudoers +file could not be opened for reading. +This can happen when the +.Em sudoers +file is located on a remote file system that maps user-ID 0 to +a different value. +Normally, +.Nm +tries to open the +.Em sudoers +file using group permissions to avoid this problem. +Consider either changing the ownership of +.Pa @sysconfdir@/sudoers +or adding an argument like +.Dq sudoers_uid=N +(where +.Sq N +is the user-ID that owns the +.Em sudoers +file) to the end of the +.Nm +.Li Plugin +line in the +.Xr sudo.conf @mansectform@ +file. +.It unable to stat @sysconfdir@/sudoers +The +.Pa @sysconfdir@/sudoers +file is missing. +.It @sysconfdir@/sudoers is not a regular file +The +.Pa @sysconfdir@/sudoers +file exists but is not a regular file or symbolic link. +.It @sysconfdir@/sudoers is owned by uid N, should be 0 +The +.Em sudoers +file has the wrong owner. +If you wish to change the +.Em sudoers +file owner, please add +.Dq sudoers_uid=N +(where +.Sq N +is the user-ID that owns the +.Em sudoers +file) to the +.Nm +.Li Plugin +line in the +.Xr sudo.conf @mansectform@ +file. +.It @sysconfdir@/sudoers is world writable +The permissions on the +.Em sudoers +file allow all users to write to it. +The +.Em sudoers +file must not be world-writable, the default file mode +is 0440 (readable by owner and group, writable by none). +The default mode may be changed via the +.Dq sudoers_mode +option to the +.Nm +.Li Plugin +line in the +.Xr sudo.conf @mansectform@ +file. +.It @sysconfdir@/sudoers is owned by gid N, should be 1 +The +.Em sudoers +file has the wrong group ownership. +If you wish to change the +.Em sudoers +file group ownership, please add +.Dq sudoers_gid=N +(where +.Sq N +is the group-ID that owns the +.Em sudoers +file) to the +.Nm +.Li Plugin +line in the +.Xr sudo.conf @mansectform@ +file. +.It unable to open @rundir@/ts/username +.Nm +was unable to read or create the user's time stamp file. +This can happen when +.Em timestampowner +is set to a user other than root and the mode on +.Pa @rundir@ +is not searchable by group or other. +The default mode for +.Pa @rundir@ +is 0711. +.It unable to write to @rundir@/ts/username +.Nm +was unable to write to the user's time stamp file. +.It @rundir@/ts is owned by uid X, should be Y +The time stamp directory is owned by a user other than +.Em timestampowner . +This can occur when the value of +.Em timestampowner +has been changed. +.Nm +will ignore the time stamp directory until the owner is corrected. +.It @rundir@/ts is group writable +The time stamp directory is group-writable; it should be writable only by +.Em timestampowner . +The default mode for the time stamp directory is 0700. +.Nm +will ignore the time stamp directory until the mode is corrected. +.El +.Ss Notes on logging via syslog +By default, +.Nm +logs messages via +.Xr syslog 3 . +The +.Em date , +.Em hostname , +and +.Em progname +fields are added by the system's +.Fn syslog +function, not +.Nm +itself. +As such, they may vary in format on different systems. +.Pp +The maximum size of syslog messages varies from system to system. +The +.Em syslog_maxlen +setting can be used to change the maximum syslog message size +from the default value of 980 bytes. +For more information, see the description of +.Em syslog_maxlen . +.Ss Notes on logging to a file +If the +.Em logfile +option is set, +.Nm +will log to a local file, such as +.Pa /var/log/sudo . +When logging to a file, +.Nm +uses a format similar to +.Xr syslog 3 , +with a few important differences: +.Bl -enum +.It +The +.Em progname +and +.Em hostname +fields are not present. +.It +If the +.Em log_year +option is enabled, +the date will also include the year. +.It +Lines that are longer than +.Em loglinelen +characters (80 by default) are word-wrapped and continued on the +next line with a four character indent. +This makes entries easier to read for a human being, but makes it +more difficult to use +.Xr grep 1 +on the log files. +If the +.Em loglinelen +option is set to 0 (or negated with a +.Ql \&! ) , +word wrap will be disabled. +.El +.Sh I/O LOG FILES +When I/O logging is enabled, +.Nm sudo +will run the command in a pseudo-terminal and log all user input and/or output, +depending on which options are enabled. +I/O can be logged either to the local machine or to a remote log server. +For local logs, I/O is logged to the directory specified by the +.Em iolog_dir +option +.Po +.Pa @iolog_dir@ +by default +.Pc +using a unique session ID that is included in the +.Nm sudo +log line, prefixed with +.Dq Li TSID= . +The +.Em iolog_file +option may be used to control the format of the session ID. +For remote logs, the +.Em log_servers +setting is used to specify one or more log servers running +.Nm sudo_logsrvd +or another server that implements the protocol described by +.Xr sudo_logsrv.proto @mansectform@ . +.Pp +For both local and remote I/O logs, each log is stored in a separate +directory that contains the following files: +.Bl -tag -width 8n +.It Pa log +A text file containing information about the command. +The first line consists of the following colon-delimited fields: +the time the command was run, the name of the user +who ran +.Nm sudo , +the name of the target user, the name of the target group (optional), +the terminal that +.Nm sudo +was run from, and the number of lines and columns of the terminal. +The second and third lines contain the working directory the command +was run from and the path name of the command itself (with arguments +if present). +.It Pa log.json +A JSON-formatted file containing information about the command. +This is similar to the +.Pa log +file but contains additional information and is easily extensible. +The +.Pa log.json +file will be used by +.Xr sudoreplay @mansectsu@ +in preference to the +.Pa log +file if it exists. +The file may contain the following elements: +.Bl -tag -width 8n +.It timestamp +A JSON object containing time the command was run. +It consists of two values, +.Em seconds +and +.Em nanoseconds . +.It columns +The number of columns of the terminal the command ran on, or zero +if no terminal was present. +.It command +The fully-qualified path of the command that was run. +.It lines +The number of lines of the terminal the command ran on, or zero +if no terminal was present. +.It runargv +A JSON array representing the command's argument vector as passed to the +.Fn execve +system call. +.It runenv +A JSON array representing the command's environment as passed to the +.Fn execve +system call. +.It rungid +The group ID the command ran as. +This element is only present when the user specifies a group on the +command line. +.It rungroup +The name of the group the command ran as. +This element is only present when the user specifies a group on the +command line. +.It runuid +The user ID the command ran as. +.It runuser +The name of the user the command ran as. +.It submitcwd +The current working directory at the time +.Nm sudo +was run. +.It submithost +The name of the host the command was run on. +.It submituser +The name of the user who ran the command via +.Nm sudo . +.It ttyname +The path name of the terminal the user invoked +.Nm sudo +from. +If the command was run in a pseudo-terminal, +.Em ttyname +will be different from the terminal the command actually ran in. +.El +.It Pa timing +Timing information used to replay the session. +Each line consists of the I/O log entry type and amount of time +since the last entry, followed by type-specific data. +The I/O log entry types and their corresponding type-specific data are: +.Pp +.Bl -tag -width 4n -compact +.It 0 +standard input, number of bytes in the entry +.It 1 +standard output, number of bytes in the entry +.It 2 +standard error, number of bytes in the entry +.It 3 +terminal input, number of bytes in the entry +.It 4 +terminal output, number of bytes in the entry +.It 5 +window change, new number lines and columns +.It 6 +bug compatibility for +.Nm sudo +1.8.7 terminal output +.It 7 +command suspend or resume, signal received +.El +.It Pa ttyin +Raw input from the user's terminal, exactly as it was received. +No post-processing is performed. +For manual viewing, you may wish to convert carriage return characters +in the log to line feeds. +For example: +.Ql gunzip -c ttyin | tr \&"\er\&" \&"\en\&" +.It Pa stdin +The standard input when no terminal is present, or input redirected from +a pipe or file. +.It Pa ttyout +Output from the pseudo-terminal (what the command writes to the screen). +Note that terminal-specific post-processing is performed before the +data is logged. +This means that, for example, line feeds are usually converted to +line feed/carriage return pairs and tabs may be expanded to spaces. +.It Pa stdout +The standard output when no terminal is present, or output redirected to +a pipe or file. +.It Pa stderr +The standard error redirected to a pipe or file. +.El +.Pp +All files other than +.Pa log +are compressed in gzip format unless the +.Em compress_io +flag has been disabled. +Due to buffering, it is not normally possible to display the I/O logs in +real-time as the program is executing. +The I/O log data will not be complete until the program run by +.Nm sudo +has exited or has been terminated by a signal. +The +.Em iolog_flush +flag can be used to disable buffering, in which case I/O log data +is written to disk as soon as it is available. +The output portion of an I/O log file can be viewed with the +.Xr sudoreplay @mansectsu@ +utility, which can also be used to list or search the available logs. +.Pp +Note that user input may contain sensitive information such as +passwords (even if they are not echoed to the screen), which will +be stored in the log file unencrypted. +In most cases, logging the command output via +.Em log_output +or +.Li LOG_OUTPUT +is all that is required. +.Pp +Since each session's I/O logs are stored in a separate directory, +traditional log rotation utilities cannot be used to limit the +number of I/O logs. +The simplest way to limit the number of I/O is by setting the +.Em maxseq +option to the maximum number of logs you wish to store. +Once the I/O log sequence number reaches +.Em maxseq , +it will be reset to zero and +.Nm +will truncate and re-use any existing I/O logs. +.Sh FILES +.Bl -tag -width 24n +.It Pa @sysconfdir@/sudo.conf +Sudo front-end configuration +.It Pa @sysconfdir@/sudoers +List of who can run what +.It Pa /etc/group +Local groups file +.It Pa /etc/netgroup +List of network groups +.It Pa @iolog_dir@ +I/O log files +.It Pa @rundir@/ts +Directory containing time stamps for the +.Nm +security policy +.It Pa @vardir@/lectured +Directory containing lecture status files for the +.Nm +security policy +.It Pa /etc/environment +Initial environment for +.Fl i +mode on AIX and Linux systems +.El +.Sh EXAMPLES +Below are example +.Em sudoers +file entries. +Admittedly, some of these are a bit contrived. +First, we allow a few environment variables to pass and then define our +.Em aliases : +.Bd -literal +# Run X applications through sudo; HOME is used to find the +# .Xauthority file. Note that other programs use HOME to find +# configuration files and this may lead to privilege escalation! +Defaults env_keep += "DISPLAY HOME" + +# User alias specification +User_Alias FULLTIMERS = millert, mikef, dowdy +User_Alias PARTTIMERS = bostley, jwfox, crawl +User_Alias WEBADMIN = will, wendy, wim + +# Runas alias specification +Runas_Alias OP = root, operator +Runas_Alias DB = oracle, sybase +Runas_Alias ADMINGRP = adm, oper + +# Host alias specification +Host_Alias SPARC = bigtime, eclipse, moet, anchor :\e + SGI = grolsch, dandelion, black :\e + ALPHA = widget, thalamus, foobar :\e + HPPA = boa, nag, python +Host_Alias CUNETS = 128.138.0.0/255.255.0.0 +Host_Alias CSNETS = 128.138.243.0, 128.138.204.0/24, 128.138.242.0 +Host_Alias SERVERS = primary, mail, www, ns +Host_Alias CDROM = orion, perseus, hercules + +# Cmnd alias specification +Cmnd_Alias DUMPS = /usr/bin/mt, /usr/sbin/dump, /usr/sbin/rdump,\e + /usr/sbin/restore, /usr/sbin/rrestore,\e + sha224:0GomF8mNN3wlDt1HD9XldjJ3SNgpFdbjO1+NsQ== \e + /home/operator/bin/start_backups +Cmnd_Alias KILL = /usr/bin/kill +Cmnd_Alias PRINTING = /usr/sbin/lpc, /usr/bin/lprm +Cmnd_Alias SHUTDOWN = /usr/sbin/shutdown +Cmnd_Alias HALT = /usr/sbin/halt +Cmnd_Alias REBOOT = /usr/sbin/reboot +Cmnd_Alias SHELLS = /usr/bin/sh, /usr/bin/csh, /usr/bin/ksh,\e + /usr/local/bin/tcsh, /usr/bin/rsh,\e + /usr/local/bin/zsh +Cmnd_Alias SU = /usr/bin/su +Cmnd_Alias PAGERS = /usr/bin/more, /usr/bin/pg, /usr/bin/less +.Ed +.Pp +Here we override some of the compiled in default values. +We want +.Nm sudo +to log via +.Xr syslog 3 +using the +.Em auth +facility in all cases and for commands to be run with +the target user's home directory as the working directory. +We don't want to subject the full time staff to the +.Nm sudo +lecture and we want to allow them to run commands in a +.Xr chroot 2 +.Dq sandbox +via the +.Fl R +option. +User +.Sy millert +need not provide a password and we don't want to reset the +.Ev LOGNAME +or +.Ev USER +environment variables when running commands as root. +Additionally, on the machines in the +.Em SERVERS +.Li Host_Alias , +we keep an additional local log file and make sure we log the year +in each log line since the log entries will be kept around for several years. +Lastly, we disable shell escapes for the commands in the PAGERS +.Li Cmnd_Alias +.Po +.Pa /usr/bin/more , +.Pa /usr/bin/pg +and +.Pa /usr/bin/less +.Pc . +Note that this will not effectively constrain users with +.Nm sudo +.Sy ALL +privileges. +.Bd -literal +# Override built-in defaults +Defaults syslog=auth,runcwd=~ +Defaults>root !set_logname +Defaults:FULLTIMERS !lecture,runchroot=* +Defaults:millert !authenticate +Defaults@SERVERS log_year, logfile=/var/log/sudo.log +Defaults!PAGERS noexec +.Ed +.Pp +The +.Em User specification +is the part that actually determines who may run what. +.Bd -literal +root ALL = (ALL) ALL +%wheel ALL = (ALL) ALL +.Ed +.Pp +We let +.Sy root +and any user in group +.Sy wheel +run any command on any host as any user. +.Bd -literal +FULLTIMERS ALL = NOPASSWD: ALL +.Ed +.Pp +Full time sysadmins +.Po +.Sy millert , +.Sy mikef , +and +.Sy dowdy +.Pc +may run any command on any host without authenticating themselves. +.Bd -literal +PARTTIMERS ALL = ALL +.Ed +.Pp +Part time sysadmins +.Sy bostley , +.Sy jwfox , +and +.Sy crawl ) +may run any command on any host but they must authenticate themselves +first (since the entry lacks the +.Li NOPASSWD +tag). +.Bd -literal +jack CSNETS = ALL +.Ed +.Pp +The user +.Sy jack +may run any command on the machines in the +.Em CSNETS +alias (the networks +.Li 128.138.243.0 , +.Li 128.138.204.0 , +and +.Li 128.138.242.0 ) . +Of those networks, only +.Li 128.138.204.0 +has an explicit netmask (in CIDR notation) indicating it is a class C network. +For the other networks in +.Em CSNETS , +the local machine's netmask will be used during matching. +.Bd -literal +lisa CUNETS = ALL +.Ed +.Pp +The user +.Sy lisa +may run any command on any host in the +.Em CUNETS +alias (the class B network +.Li 128.138.0.0 ) . +.Bd -literal +operator ALL = DUMPS, KILL, SHUTDOWN, HALT, REBOOT, PRINTING,\e + sudoedit /etc/printcap, /usr/oper/bin/ +.Ed +.Pp +The +.Sy operator +user may run commands limited to simple maintenance. +Here, those are commands related to backups, killing processes, the +printing system, shutting down the system, and any commands in the +directory +.Pa /usr/oper/bin/ . +Note that one command in the +.Li DUMPS +Cmnd_Alias includes a sha224 digest, +.Pa /home/operator/bin/start_backups . +This is because the directory containing the script is writable by the +operator user. +If the script is modified (resulting in a digest mismatch) it will no longer +be possible to run it via +.Nm sudo . +.Bd -literal +joe ALL = /usr/bin/su operator +.Ed +.Pp +The user +.Sy joe +may only +.Xr su 1 +to operator. +.Bd -literal +pete HPPA = /usr/bin/passwd [A-Za-z]*, !/usr/bin/passwd *root* + +%opers ALL = (: ADMINGRP) /usr/sbin/ +.Ed +.Pp +Users in the +.Sy opers +group may run commands in +.Pa /usr/sbin/ +as themselves +with any group in the +.Em ADMINGRP +.Li Runas_Alias +(the +.Sy adm +and +.Sy oper +groups). +.Pp +The user +.Sy pete +is allowed to change anyone's password except for +root on the +.Em HPPA +machines. +Because command line arguments are matched as a single, +concatenated string, the +.Ql * +wildcard will match +.Em multiple +words. +This example assumes that +.Xr passwd 1 +does not take multiple user names on the command line. +Note that on GNU systems, options to +.Xr passwd 1 +may be specified after the user argument. +As a result, this rule will also allow: +.Bd -literal -offset 4n +passwd username --expire +.Ed +.Pp +which may not be desirable. +.Bd -literal +bob SPARC = (OP) ALL : SGI = (OP) ALL +.Ed +.Pp +The user +.Sy bob +may run anything on the +.Em SPARC +and +.Em SGI +machines as any user listed in the +.Em OP +.Li Runas_Alias +.Po +.Sy root +and +.Sy operator . +.Pc +.Bd -literal +jim +biglab = ALL +.Ed +.Pp +The user +.Sy jim +may run any command on machines in the +.Em biglab +netgroup. +.Nm sudo +knows that +.Dq biglab +is a netgroup due to the +.Ql + +prefix. +.Bd -literal ++secretaries ALL = PRINTING, /usr/bin/adduser, /usr/bin/rmuser +.Ed +.Pp +Users in the +.Sy secretaries +netgroup need to help manage the printers as well as add and remove users, +so they are allowed to run those commands on all machines. +.Bd -literal +fred ALL = (DB) NOPASSWD: ALL +.Ed +.Pp +The user +.Sy fred +can run commands as any user in the +.Em DB +.Li Runas_Alias +.Po +.Sy oracle +or +.Sy sybase +.Pc +without giving a password. +.Bd -literal +john ALPHA = /usr/bin/su [!-]*, !/usr/bin/su *root* +.Ed +.Pp +On the +.Em ALPHA +machines, user +.Sy john +may su to anyone except root but he is not allowed to specify any options +to the +.Xr su 1 +command. +.Bd -literal +jen ALL, !SERVERS = ALL +.Ed +.Pp +The user +.Sy jen +may run any command on any machine except for those in the +.Em SERVERS +.Li Host_Alias +(primary, mail, www, and ns). +.Bd -literal +jill SERVERS = /usr/bin/, !SU, !SHELLS +.Ed +.Pp +For any machine in the +.Em SERVERS +.Li Host_Alias , +.Sy jill +may run +any commands in the directory +.Pa /usr/bin/ +except for those commands +belonging to the +.Em SU +and +.Em SHELLS +.Li Cmnd_Aliases . +While not specifically mentioned in the rule, the commands in the +.Em PAGERS +.Li Cmnd_Alias +all reside in +.Pa /usr/bin +and have the +.Em noexec +option set. +.Bd -literal +steve CSNETS = (operator) /usr/local/op_commands/ +.Ed +.Pp +The user +.Sy steve +may run any command in the directory /usr/local/op_commands/ +but only as user operator. +.Bd -literal +matt valkyrie = KILL +.Ed +.Pp +On his personal workstation, valkyrie, +.Sy matt +needs to be able to kill hung processes. +.Bd -literal +WEBADMIN www = (www) ALL, (root) /usr/bin/su www +.Ed +.Pp +On the host www, any user in the +.Em WEBADMIN +.Li User_Alias +(will, wendy, and wim), may run any command as user www (which owns the +web pages) or simply +.Xr su 1 +to www. +.Bd -literal +ALL CDROM = NOPASSWD: /sbin/umount /CDROM,\e + /sbin/mount -o nosuid\e,nodev /dev/cd0a /CDROM +.Ed +.Pp +Any user may mount or unmount a CD-ROM on the machines in the CDROM +.Li Host_Alias +(orion, perseus, hercules) without entering a password. +This is a bit tedious for users to type, so it is a prime candidate +for encapsulating in a shell script. +.Sh SECURITY NOTES +.Ss Limitations of the So !\& Sc operator +It is generally not effective to +.Dq subtract +commands from +.Sy ALL +using the +.Ql !\& +operator. +A user can trivially circumvent this by copying the desired command +to a different name and then executing that. +For example: +.Bd -literal +bill ALL = ALL, !SU, !SHELLS +.Ed +.Pp +Doesn't really prevent +.Sy bill +from running the commands listed in +.Em SU +or +.Em SHELLS +since he can simply copy those commands to a different name, or use +a shell escape from an editor or other program. +Therefore, these kind of restrictions should be considered +advisory at best (and reinforced by policy). +.Pp +In general, if a user has sudo +.Sy ALL +there is nothing to prevent them from creating their own program that gives +them a root shell (or making their own copy of a shell) regardless of any +.Ql !\& +elements in the user specification. +.Ss Security implications of Em fast_glob +If the +.Em fast_glob +option is in use, it is not possible to reliably negate commands where the +path name includes globbing (aka wildcard) characters. +This is because the C library's +.Xr fnmatch 3 +function cannot resolve relative paths. +While this is typically only an inconvenience for rules that grant privileges, +it can result in a security issue for rules that subtract or revoke privileges. +.Pp +For example, given the following +.Em sudoers +file entry: +.Bd -literal +john ALL = /usr/bin/passwd [a-zA-Z0-9]*, /usr/bin/chsh [a-zA-Z0-9]*,\e + /usr/bin/chfn [a-zA-Z0-9]*, !/usr/bin/* root +.Ed +.Pp +User +.Sy john +can still run +.Li /usr/bin/passwd root +if +.Em fast_glob +is enabled by changing to +.Pa /usr/bin +and running +.Li ./passwd root +instead. +.Ss Preventing shell escapes +Once +.Nm sudo +executes a program, that program is free to do whatever +it pleases, including run other programs. +This can be a security issue since it is not uncommon for a program to +allow shell escapes, which lets a user bypass +.Nm sudo Ns 's +access control and logging. +Common programs that permit shell escapes include shells (obviously), +editors, paginators, mail, and terminal programs. +.Pp +There are four basic approaches to this problem: +.Bl -tag -width 8n +.It restrict +Avoid giving users access to commands that allow the user to run +arbitrary commands. +Many editors have a restricted mode where shell +escapes are disabled, though +.Nm sudoedit +is a better solution to +running editors via +.Nm sudo . +Due to the large number of programs that +offer shell escapes, restricting users to the set of programs that +do not is often unworkable. +.It intercept +Many systems that support shared libraries have the ability to +override default library functions by pointing an environment +variable (usually +.Ev LD_PRELOAD ) +to an alternate shared library. +On such systems, +.Nm sudo Ns 's +.Em intercept +functionality can be used to transparently intercept an attempt to +run a new command, allow or deny it based on +.Em sudoers +rules, and log the result. +For example, this can be used to restrict the commands run from +within a privileged shell. +Note, however, that this applies only to dynamically-linked +executables. +Statically-linked executables and executables +running under binary emulation are not affected. +Also, most shells support built-in commands and the ability to read +or write sensitive files that cannot be intercepted by +.Nm sudo . +.Pp +Currently, +.Nm sudo Ns 's +.Em intercept +functionality only works for programs that use the +.Fn execl , +.Fn execle , +.Fn execlp , +.Fn execv , +.Fn execve , +.Fn execvp , +or +.Fn execvpe +library functions to run the new command. +This may be expanded in a future release of +.Nm sudo . +Because most dynamic loaders ignore +.Ev LD_PRELOAD +(or the equivalent) when running set-user-ID and set-group-ID programs, +.Nm +will not permit such programs to be run in +.Em intercept +mode. +.Pp +The +.Em intercept +feature is known to work on Solaris, *BSD, Linux, macOS, HP-UX 11.x +and AIX 5.3 and above. +It should be supported on most operating systems that support the +.Ev LD_PRELOAD +environment variable. +Check your operating system's manual pages for the dynamic linker +(usually ld.so, ld.so.1, dyld, dld.sl, rld, or loader) to see if +.Ev LD_PRELOAD +is supported. +It is +.Em not +supported when +.Nm sudo Ns 's +SELinux RBAC support is in use due to a fundamental incompatibility. +.Pp +To enable intercept mode on a per-command basis, use the +.Li INTERCEPT +tag as documented in the User Specification section above. +Here is that example again: +.Bd -literal +chuck research = INTERCEPT: ALL +.Ed +.Pp +This allows user +.Sy chuck +to run any command on the machine +.Dq research +in intercept mode. +Any commands run via shell escapes will be validated and logged by +.Nm sudo . +If you are unsure whether or not your system is capable of supporting +.Em intercept , +you can always just try it out and check whether or not external +commands run via a shell are logged when +.Em intercept +is enabled. +.It log +There are two separate but related ways to log additional commands. +The first is to enable I/O logging using the +.Em log_output +flag. +This will log the command's output but will not create an event log +entry when the additional command is run. +The second is to enable the +.Em log_subcmds +flag in +.Em sudoers +which will create an event log entry every time a new command is run. +If I/O logging is also enabled, the log entry will include a time offset +into the I/O log to indicate when the command was run. +This offset can be passed to the +.Xr sudoreplay @mansectsu@ +utility to replay the I/O log at the exact moment when the command was run. +The +.Em log_subcmds +flag uses the same mechanism as +.Em intercept +(see above) and has the same limitations. +.It noexec +.Nm sudo Ns 's +.Em noexec +functionality can be used to prevent a program run by +.Nm sudo +from executing any other programs. +On most systems, it uses the same mechanism as +.Em intercept +(see above) and thus the same caveats apply. +The +.Em noexec +functionality +is capable of blocking execution of commands run via the +.Fn execl , +.Fn execle , +.Fn execlp , +.Fn exect , +.Fn execv , +.Fn execve , +.Fn execveat , +.Fn execvP , +.Fn execvp , +.Fn execvpe , +.Fn fexecve , +.Fn popen , +.Fn posix_spawn , +.Fn posix_spawnp , +.Fn system , +and +.Fn wordexp +functions. +On Linux, a +.Fn seccomp +filter is used to implement +.Em noexec . +On Solaris 10 and higher, +.Em noexec +uses Solaris privileges instead of the +.Ev LD_PRELOAD +environment variable. +.Pp +To enable +.Em noexec +for a command, use the +.Li NOEXEC +tag as documented in the User Specification section above. +Here is that example again: +.Bd -literal +aaron shanty = NOEXEC: /usr/bin/more, /usr/bin/vi +.Ed +.Pp +This allows user +.Sy aaron +to run +.Pa /usr/bin/more +and +.Pa /usr/bin/vi +with +.Em noexec +enabled. +This will prevent those two commands from +executing other commands (such as a shell). +If you are unsure whether or not your system is capable of supporting +.Em noexec +you can always just try it out and check whether shell escapes work when +.Em noexec +is enabled. +.El +.Pp +Note that restricting shell escapes is not a panacea. +Programs running as root are still capable of many potentially hazardous +operations (such as changing or overwriting files) that could lead +to unintended privilege escalation. +In the specific case of an editor, a safer approach is to give the +user permission to run +.Nm sudoedit +(see below). +.Ss Secure editing +The +.Nm +plugin includes +.Nm sudoedit +support which allows users to securely edit files with the editor +of their choice. +As +.Nm sudoedit +is a built-in command, it must be specified in the +.Em sudoers +file without a leading path. +However, it may take command line arguments just as a normal command does. +Wildcards used in +.Em sudoedit +command line arguments are expected to be path names, so a forward slash +.Pq Ql / +will not be matched by a wildcard. +.Pp +Unlike other +.Nm sudo +commands, the editor is run with the permissions of the invoking +user and with the environment unmodified. +More information may be found in the description of the +.Fl e +option in +.Xr sudo @mansectsu@ . +.Pp +For example, to allow user operator to edit the +.Dq message of the day +file: +.Bd -literal -offset indent +operator sudoedit /etc/motd +.Ed +.Pp +The operator user then runs +.Nm sudoedit +as follows: +.Bd -literal -offset indent +$ sudoedit /etc/motd +.Ed +.Pp +The editor will run as the operator user, not root, on a temporary copy of +.Pa /etc/motd . +After the file has been edited, +.Pa /etc/motd +will be updated with the contents of the temporary copy. +.Pp +Users should +.Em never +be granted +.Nm sudoedit +permission to edit a file that resides in a directory the user +has write access to, either directly or via a wildcard. +If the user has write access to the directory it is possible to +replace the legitimate file with a link to another file, +allowing the editing of arbitrary files. +To prevent this, starting with version 1.8.16, symbolic links will +not be followed in writable directories and +.Nm sudoedit +will refuse to edit a file located in a writable directory +unless the +.Em sudoedit_checkdir +option has been disabled or the invoking user is root. +Additionally, in version 1.8.15 and higher, +.Nm sudoedit +will refuse to open a symbolic link unless either the +.Em sudoedit_follow +option is enabled or the +.Em sudoedit +command is prefixed with the +.Li FOLLOW +tag in the +.Em sudoers +file. +.Ss Time stamp file checks +.Nm +will check the ownership of its time stamp directory +.Po +.Pa @rundir@/ts +by default +.Pc +and ignore the directory's contents if it is not owned by root or +if it is writable by a user other than root. +Older versions of +.Nm sudo +stored time stamp files in +.Pa /tmp ; +this is no longer recommended as it may be possible for a user +to create the time stamp themselves on systems that allow +unprivileged users to change the ownership of files they create. +.Pp +While the time stamp directory +.Em should +be cleared at reboot time, not all systems contain a +.Pa /run +or +.Pa /var/run +directory. +To avoid potential problems, +.Nm +will ignore time stamp files that date from before the machine booted +on systems where the boot time is available. +.Pp +Some systems with graphical desktop environments allow unprivileged +users to change the system clock. +Since +.Nm +relies on the system clock for time stamp validation, it may be +possible on such systems for a user to run +.Nm sudo +for longer than +.Em timestamp_timeout +by setting the clock back. +To combat this, +.Nm +uses a monotonic clock (which never moves backwards) for its time stamps +if the system supports it. +.Pp +.Nm +will not honor time stamps set far in the future. +Time stamps with a date greater than current_time + 2 * +.Li TIMEOUT +will be ignored and +.Nm +will log and complain. +.Pp +If the +.Em timestamp_type +option is set to +.Dq tty , +the time stamp record includes the device number of the terminal +the user authenticated with. +This provides per-terminal granularity but time stamp records may still +outlive the user's session. +.Pp +Unless the +.Em timestamp_type +option is set to +.Dq global , +the time stamp record also includes the session ID of the process +that last authenticated. +This prevents processes in different terminal sessions from using +the same time stamp record. +On systems where a process's start time can be queried, +the start time of the session leader +is recorded in the time stamp record. +If no terminal is present or the +.Em timestamp_type +option is set to +.Dq ppid , +the start time of the parent process is used instead. +In most cases this will prevent a time stamp record from being re-used +without the user entering a password when logging out and back in again. +.Sh DEBUGGING +Versions 1.8.4 and higher of the +.Nm +plugin support a flexible debugging framework that can help track +down what the plugin is doing internally if there is a problem. +This can be configured in the +.Xr sudo.conf @mansectform@ +file. +.Pp +The +.Nm +plugin uses the same debug flag format as the +.Nm sudo +front-end: +.Em subsystem Ns @ Ns Em priority . +.Pp +The priorities used by +.Nm , +in order of decreasing severity, +are: +.Em crit , err , warn , notice , diag , info , trace , +and +.Em debug . +Each priority, when specified, also includes all priorities higher +than it. +For example, a priority of +.Em notice +would include debug messages logged at +.Em notice +and higher. +.Pp +The following subsystems are used by the +.Nm +plugin: +.Bl -tag -width 8n +.It Em alias +.Li User_Alias , +.Li Runas_Alias , +.Li Host_Alias +and +.Li Cmnd_Alias +processing +.It Em all +matches every subsystem +.It Em audit +BSM and Linux audit code +.It Em auth +user authentication +.It Em defaults +.Em sudoers +file +.Em Defaults +settings +.It Em env +environment handling +.It Em ldap +LDAP-based sudoers +.It Em logging +logging support +.It Em match +matching of users, groups, hosts, and netgroups in the +.Em sudoers +file +.It Em netif +network interface handling +.It Em nss +network service switch handling in +.Nm +.It Em parser +.Em sudoers +file parsing +.It Em perms +permission setting +.It Em plugin +The equivalent of +.Em main +for the plugin. +.It Em pty +pseudo-terminal related code +.It Em rbtree +redblack tree internals +.It Em sssd +SSSD-based sudoers +.It Em util +utility functions +.El +.Pp +For example: +.Bd -literal +Debug sudoers.so /var/log/sudoers_debug match@info,nss@info +.Ed +.Pp +For more information, see the +.Xr sudo.conf @mansectform@ +manual. +.Sh SEE ALSO +.Xr ssh 1 , +.Xr su 1 , +.Xr fnmatch 3 , +.Xr glob 3 , +.Xr mktemp 3 , +.Xr strftime 3 , +.Xr sudo.conf @mansectform@ , +.Xr sudo_plugin @mansectform@ , +.Xr sudoers.ldap @mansectform@ , +.Xr sudoers_timestamp @mansectform@ , +.Xr sudo @mansectsu@ , +.Xr visudo @mansectsu@ +.Sh AUTHORS +Many people have worked on +.Nm sudo +over the years; this version consists of code written primarily by: +.Bd -ragged -offset indent +.An Todd C. Miller +.Ed +.Pp +See the CONTRIBUTORS file in the +.Nm sudo +distribution (https://www.sudo.ws/contributors.html) for an +exhaustive list of people who have contributed to +.Nm sudo . +.Sh CAVEATS +The +.Em sudoers +file should +.Sy always +be edited by the +.Nm visudo +utility which locks the file and checks for syntax errors. +If +.Em sudoers +contains syntax errors, +.Nm sudo +may refuse to run, which is a serious problem if +.Nm sudo +is your only method of obtaining superuser privileges. +Recent versions of +.Nm +will attempt to recover after a syntax error by ignoring the rest of +the line after encountering an error. +Older versions of +.Nm sudo +will not run if +.Em sudoers +contains a syntax error. +.Pp +When using netgroups of machines (as opposed to users), if you +store fully qualified host name in the netgroup (as is usually the +case), you either need to have the machine's host name be fully qualified +as returned by the +.Li hostname +command or use the +.Em fqdn +option in +.Em sudoers . +.Sh BUGS +If you feel you have found a bug in +.Nm sudo , +please submit a bug report at https://bugzilla.sudo.ws/ +.Sh SUPPORT +Limited free support is available via the sudo-users mailing list, +see https://www.sudo.ws/mailman/listinfo/sudo-users to subscribe or +search the archives. +.Sh DISCLAIMER +.Nm sudo +is provided +.Dq AS IS +and any express or implied warranties, including, but not limited +to, the implied warranties of merchantability and fitness for a +particular purpose are disclaimed. +See the LICENSE file distributed with +.Nm sudo +or https://www.sudo.ws/license.html for complete details. diff -Nru sudo-1.9.5p2/docs/sudoers_timestamp.man.in sudo-1.9.9/docs/sudoers_timestamp.man.in --- sudo-1.9.5p2/docs/sudoers_timestamp.man.in 1970-01-01 00:00:00.000000000 +0000 +++ sudo-1.9.9/docs/sudoers_timestamp.man.in 2022-01-27 21:24:22.000000000 +0000 @@ -0,0 +1,312 @@ +.\" Automatically generated from an mdoc input file. Do not edit. +.\" +.\" SPDX-License-Identifier: ISC +.\" +.\" Copyright (c) 2017-2020 Todd C. Miller +.\" +.\" Permission to use, copy, modify, and distribute this software for any +.\" purpose with or without fee is hereby granted, provided that the above +.\" copyright notice and this permission notice appear in all copies. +.\" +.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES +.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF +.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR +.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES +.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN +.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF +.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. +.\" +.TH "SUDOERS_TIMESTAMP" "@mansectform@" "October 20, 2019" "Sudo @PACKAGE_VERSION@" "File Formats Manual" +.nh +.if n .ad l +.SH "NAME" +\fBsudoers_timestamp\fR +\- Sudoers Time Stamp Format +.SH "DESCRIPTION" +The +\fBsudoers\fR +plugin uses per-user time stamp files for credential caching. +Once a user has been authenticated, they may use +\fBsudo\fR +without a password for a short period of time +(\fR@timeout@\fR +minutes unless overridden by the +\fItimestamp_timeout\fR +option) +\&. +By default, +\fBsudoers\fR +uses a separate record for each terminal, which means that +a user's login sessions are authenticated separately. +The +\fItimestamp_type\fR +option can be used to select the type of time stamp record +\fBsudoers\fR +will use. +.PP +A multi-record time stamp file format was introduced in +\fBsudo\fR +1.8.10 that uses a single file per user. +Previously, a separate file was used for each user and terminal +combination unless tty-based time stamps were disabled. +The new format is extensible and records of multiple types and versions +may coexist within the same file. +.PP +All records, regardless of type or version, begin with a 16-bit version +number and a 16-bit record size. +.PP +Time stamp records have the following structure: +.nf +.sp +.RS 0n +/* Time stamp entry types */ +#define TS_GLOBAL 0x01 /* not restricted by tty or ppid */ +#define TS_TTY 0x02 /* restricted by tty */ +#define TS_PPID 0x03 /* restricted by ppid */ +#define TS_LOCKEXCL 0x04 /* special lock record */ + +/* Time stamp flags */ +#define TS_DISABLED 0x01 /* entry disabled */ +#define TS_ANYUID 0x02 /* ignore uid, only valid in key */ + +struct timestamp_entry { + unsigned short version; /* version number */ + unsigned short size; /* entry size */ + unsigned short type; /* TS_GLOBAL, TS_TTY, TS_PPID */ + unsigned short flags; /* TS_DISABLED, TS_ANYUID */ + uid_t auth_uid; /* uid to authenticate as */ + pid_t sid; /* session ID associated with tty/ppid */ + struct timespec start_time; /* session/ppid start time */ + struct timespec ts; /* time stamp (CLOCK_MONOTONIC) */ + union { + dev_t ttydev; /* tty device number */ + pid_t ppid; /* parent pid */ + } u; +}; +.RE +.fi +.PP +The timestamp_entry struct fields are as follows: +.TP 6n +version +The version number of the timestamp_entry struct. +New entries are created with a version number of 2. +Records with different version numbers may coexist in the +same file but are not inter-operable. +.TP 6n +size +The size of the record in bytes. +.TP 6n +type +The record type, currently +\fRTS_GLOBAL\fR, +\fRTS_TTY\fR, +or +\fRTS_PPID\fR. +.TP 6n +flags +.br +Zero or more record flags which can be bit-wise ORed together. +Supported flags are +\fRTS_DISABLED\fR, +for records disabled via +\fBsudo\fR +\fB\-k\fR +and +\fRTS_ANYUID\fR, +which is used only when matching records. +.TP 6n +auth_uid +The user-ID that was used for authentication. +Depending on the value of the +\fIrootpw\fR, +\fIrunaspw\fR +and +\fItargetpw\fR +options, the user-ID may be that of the invoking user, the root user, +the default runas user or the target user. +.TP 6n +sid +The ID of the user's terminal session, if present. +The session ID is only used when matching records of type +\fRTS_TTY\fR. +.TP 6n +start_time +The start time of the session leader for records of type +\fRTS_TTY\fR +or of the parent process for records of type +\fRTS_PPID\fR. +The +\fIstart_time\fR +is used to help prevent re-use of a time stamp record after a +user has logged out. +Not all systems support a method to easily retrieve a process's +start time. +The +\fIstart_time\fR +field was added in +\fBsudoers\fR +version 1.8.22 for the second revision of the timestamp_entry struct. +.TP 6n +ts +The actual time stamp. +A monotonic time source (which does not move backward) is used if the +system supports it. +Where possible, +\fBsudoers\fR +uses a monotonic timer that increments even while the system +is suspended. +The value of +\fIts\fR +is updated each time a command is run via +\fBsudo\fR. +If the difference between +\fIts\fR +and the current time is less than the value of the +\fItimestamp_timeout\fR +option, no password is required. +.TP 6n +u.ttydev +The device number of the terminal associated with the session for +records of type +\fRTS_TTY\fR. +.TP 6n +u.ppid +The ID of the parent process for records of type +\fRTS_PPID\fR. +.SH "LOCKING" +In +\fBsudoers\fR +versions 1.8.10 through 1.8.14, the entire time stamp file was +locked for exclusive access when reading or writing to the file. +Starting in +\fBsudoers\fR +1.8.15, individual records are locked in the time stamp file instead +of the entire file and the lock is held for a longer period of time. +This scheme is described below. +.PP +The first record in the time stamp file is of type +\fRTS_LOCKEXCL\fR +and is used as a +\fIlock\fR +record to prevent more than one +\fBsudo\fR +process from adding a new record at the same time. +Once the desired time stamp record has been located or created (and +locked), the +\fRTS_LOCKEXCL\fR +record is unlocked. +The lock on the individual time stamp record, however, is held until +authentication is complete. +This allows +\fBsudoers\fR +to avoid prompting for a password multiple times when it +is used more than once in a pipeline. +.PP +Records of type +\fRTS_GLOBAL\fR +cannot be locked for a long period of time since doing so would +interfere with other +\fBsudo\fR +processes. +Instead, a separate lock record is used to prevent multiple +\fBsudo\fR +processes using the same terminal (or parent process ID) from +prompting for a password as the same time. +.SH "SEE ALSO" +sudoers(@mansectform@), +sudo(@mansectsu@) +.SH "HISTORY" +Originally, +\fBsudo\fR +used a single zero-length file per user and the file's modification +time was used as the time stamp. +Later versions of +\fBsudo\fR +added restrictions on the ownership of the time stamp files and +directory as well as checks on the validity of the time stamp itself. +Notable changes were introduced in the following +\fBsudo\fR +versions: +.TP 6n +1.4.0 +.br +Support for tty-based time stamp file was added +by appending the terminal name to the time stamp file name. +.TP 6n +1.6.2 +.br +The time stamp file was replaced by a per-user directory which +contained any tty-based time stamp files. +.TP 6n +1.6.3p2 +The target user name was added to the time stamp file name when the +\fItargetpw\fR +option was set. +.TP 6n +1.7.3 +.br +Information about the terminal device was stored in +tty-based time stamp files for validity checks. +This included the terminal device numbers, inode number and, on systems +where it was not updated when the device was written to, the inode change time. +This helped prevent re-use of the time stamp file after logout. +.TP 6n +1.8.6p7 +The terminal session ID was added to tty-based time stamp files to +prevent re-use of the time stamp by the same user in a different +terminal session. +It also helped prevent re-use of the time stamp file on systems where +the terminal device's inode change time was updated by writing. +.TP 6n +1.8.10 +A new, multi-record time stamp file format was introduced that uses a +single file per user. +The terminal device's change time was not included since most +systems now update the change time after a write is performed +as required by POSIX. +.TP 6n +1.8.15 +Individual records are locked in the time stamp file instead of the +entire file and the lock is held until authentication is complete. +.TP 6n +1.8.22 +The start time of the terminal session leader or parent process is +now stored in non-global time stamp records. +This prevents re-use of the time stamp file after logout in most cases. +.sp +Support was added for the kernel-based tty time stamps available in +OpenBSD +which do not use an on-disk time stamp file. +.SH "AUTHORS" +Many people have worked on +\fBsudo\fR +over the years; this version consists of code written primarily by: +.sp +.RS 6n +Todd C. Miller +.RE +.PP +See the CONTRIBUTORS file in the +\fBsudo\fR +distribution (https://www.sudo.ws/contributors.html) for an +exhaustive list of people who have contributed to +\fBsudo\fR. +.SH "BUGS" +If you feel you have found a bug in +\fBsudo\fR, +please submit a bug report at https://bugzilla.sudo.ws/ +.SH "SUPPORT" +Limited free support is available via the sudo-users mailing list, +see https://www.sudo.ws/mailman/listinfo/sudo-users to subscribe or +search the archives. +.SH "DISCLAIMER" +\fBsudo\fR +is provided +\(lqAS IS\(rq +and any express or implied warranties, including, but not limited +to, the implied warranties of merchantability and fitness for a +particular purpose are disclaimed. +See the LICENSE file distributed with +\fBsudo\fR +or https://www.sudo.ws/license.html for complete details. diff -Nru sudo-1.9.5p2/docs/sudoers_timestamp.mdoc.in sudo-1.9.9/docs/sudoers_timestamp.mdoc.in --- sudo-1.9.5p2/docs/sudoers_timestamp.mdoc.in 1970-01-01 00:00:00.000000000 +0000 +++ sudo-1.9.9/docs/sudoers_timestamp.mdoc.in 2022-01-27 21:24:22.000000000 +0000 @@ -0,0 +1,290 @@ +.\" +.\" SPDX-License-Identifier: ISC +.\" +.\" Copyright (c) 2017-2020 Todd C. Miller +.\" +.\" Permission to use, copy, modify, and distribute this software for any +.\" purpose with or without fee is hereby granted, provided that the above +.\" copyright notice and this permission notice appear in all copies. +.\" +.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES +.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF +.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR +.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES +.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN +.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF +.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. +.\" +.Dd October 20, 2019 +.Dt SUDOERS_TIMESTAMP @mansectform@ +.Os Sudo @PACKAGE_VERSION@ +.Sh NAME +.Nm sudoers_timestamp +.Nd Sudoers Time Stamp Format +.Sh DESCRIPTION +The +.Nm sudoers +plugin uses per-user time stamp files for credential caching. +Once a user has been authenticated, they may use +.Nm sudo +without a password for a short period of time +.Po +.Li @timeout@ +minutes unless overridden by the +.Em timestamp_timeout +option +.Pc . +By default, +.Nm sudoers +uses a separate record for each terminal, which means that +a user's login sessions are authenticated separately. +The +.Em timestamp_type +option can be used to select the type of time stamp record +.Nm sudoers +will use. +.Pp +A multi-record time stamp file format was introduced in +.Nm sudo +1.8.10 that uses a single file per user. +Previously, a separate file was used for each user and terminal +combination unless tty-based time stamps were disabled. +The new format is extensible and records of multiple types and versions +may coexist within the same file. +.Pp +All records, regardless of type or version, begin with a 16-bit version +number and a 16-bit record size. +.Pp +Time stamp records have the following structure: +.Bd -literal +/* Time stamp entry types */ +#define TS_GLOBAL 0x01 /* not restricted by tty or ppid */ +#define TS_TTY 0x02 /* restricted by tty */ +#define TS_PPID 0x03 /* restricted by ppid */ +#define TS_LOCKEXCL 0x04 /* special lock record */ + +/* Time stamp flags */ +#define TS_DISABLED 0x01 /* entry disabled */ +#define TS_ANYUID 0x02 /* ignore uid, only valid in key */ + +struct timestamp_entry { + unsigned short version; /* version number */ + unsigned short size; /* entry size */ + unsigned short type; /* TS_GLOBAL, TS_TTY, TS_PPID */ + unsigned short flags; /* TS_DISABLED, TS_ANYUID */ + uid_t auth_uid; /* uid to authenticate as */ + pid_t sid; /* session ID associated with tty/ppid */ + struct timespec start_time; /* session/ppid start time */ + struct timespec ts; /* time stamp (CLOCK_MONOTONIC) */ + union { + dev_t ttydev; /* tty device number */ + pid_t ppid; /* parent pid */ + } u; +}; +.Ed +.Pp +The timestamp_entry struct fields are as follows: +.Bl -tag -width 4n +.It version +The version number of the timestamp_entry struct. +New entries are created with a version number of 2. +Records with different version numbers may coexist in the +same file but are not inter-operable. +.It size +The size of the record in bytes. +.It type +The record type, currently +.Li TS_GLOBAL , +.Li TS_TTY , +or +.Li TS_PPID . +.It flags +Zero or more record flags which can be bit-wise ORed together. +Supported flags are +.Li TS_DISABLED , +for records disabled via +.Nm sudo +.Fl k +and +.Li TS_ANYUID , +which is used only when matching records. +.It auth_uid +The user-ID that was used for authentication. +Depending on the value of the +.Em rootpw , +.Em runaspw +and +.Em targetpw +options, the user-ID may be that of the invoking user, the root user, +the default runas user or the target user. +.It sid +The ID of the user's terminal session, if present. +The session ID is only used when matching records of type +.Li TS_TTY . +.It start_time +The start time of the session leader for records of type +.Li TS_TTY +or of the parent process for records of type +.Li TS_PPID . +The +.Em start_time +is used to help prevent re-use of a time stamp record after a +user has logged out. +Not all systems support a method to easily retrieve a process's +start time. +The +.Em start_time +field was added in +.Nm sudoers +version 1.8.22 for the second revision of the timestamp_entry struct. +.It ts +The actual time stamp. +A monotonic time source (which does not move backward) is used if the +system supports it. +Where possible, +.Nm sudoers +uses a monotonic timer that increments even while the system +is suspended. +The value of +.Em ts +is updated each time a command is run via +.Nm sudo . +If the difference between +.Em ts +and the current time is less than the value of the +.Em timestamp_timeout +option, no password is required. +.It u.ttydev +The device number of the terminal associated with the session for +records of type +.Li TS_TTY . +.It u.ppid +The ID of the parent process for records of type +.Li TS_PPID . +.El +.Sh LOCKING +In +.Nm sudoers +versions 1.8.10 through 1.8.14, the entire time stamp file was +locked for exclusive access when reading or writing to the file. +Starting in +.Nm sudoers +1.8.15, individual records are locked in the time stamp file instead +of the entire file and the lock is held for a longer period of time. +This scheme is described below. +.Pp +The first record in the time stamp file is of type +.Li TS_LOCKEXCL +and is used as a +.Em lock +record to prevent more than one +.Nm sudo +process from adding a new record at the same time. +Once the desired time stamp record has been located or created (and +locked), the +.Li TS_LOCKEXCL +record is unlocked. +The lock on the individual time stamp record, however, is held until +authentication is complete. +This allows +.Nm sudoers +to avoid prompting for a password multiple times when it +is used more than once in a pipeline. +.Pp +Records of type +.Li TS_GLOBAL +cannot be locked for a long period of time since doing so would +interfere with other +.Nm sudo +processes. +Instead, a separate lock record is used to prevent multiple +.Nm sudo +processes using the same terminal (or parent process ID) from +prompting for a password as the same time. +.Sh SEE ALSO +.Xr sudoers @mansectform@ , +.Xr sudo @mansectsu@ +.Sh HISTORY +Originally, +.Nm sudo +used a single zero-length file per user and the file's modification +time was used as the time stamp. +Later versions of +.Nm sudo +added restrictions on the ownership of the time stamp files and +directory as well as checks on the validity of the time stamp itself. +Notable changes were introduced in the following +.Nm sudo +versions: +.Bl -tag -width 4n +.It 1.4.0 +Support for tty-based time stamp file was added +by appending the terminal name to the time stamp file name. +.It 1.6.2 +The time stamp file was replaced by a per-user directory which +contained any tty-based time stamp files. +.It 1.6.3p2 +The target user name was added to the time stamp file name when the +.Em targetpw +option was set. +.It 1.7.3 +Information about the terminal device was stored in +tty-based time stamp files for validity checks. +This included the terminal device numbers, inode number and, on systems +where it was not updated when the device was written to, the inode change time. +This helped prevent re-use of the time stamp file after logout. +.It 1.8.6p7 +The terminal session ID was added to tty-based time stamp files to +prevent re-use of the time stamp by the same user in a different +terminal session. +It also helped prevent re-use of the time stamp file on systems where +the terminal device's inode change time was updated by writing. +.It 1.8.10 +A new, multi-record time stamp file format was introduced that uses a +single file per user. +The terminal device's change time was not included since most +systems now update the change time after a write is performed +as required by POSIX. +.It 1.8.15 +Individual records are locked in the time stamp file instead of the +entire file and the lock is held until authentication is complete. +.It 1.8.22 +The start time of the terminal session leader or parent process is +now stored in non-global time stamp records. +This prevents re-use of the time stamp file after logout in most cases. +.Pp +Support was added for the kernel-based tty time stamps available in +.Ox +which do not use an on-disk time stamp file. +.El +.Sh AUTHORS +Many people have worked on +.Nm sudo +over the years; this version consists of code written primarily by: +.Bd -ragged -offset indent +.An Todd C. Miller +.Ed +.Pp +See the CONTRIBUTORS file in the +.Nm sudo +distribution (https://www.sudo.ws/contributors.html) for an +exhaustive list of people who have contributed to +.Nm sudo . +.Sh BUGS +If you feel you have found a bug in +.Nm sudo , +please submit a bug report at https://bugzilla.sudo.ws/ +.Sh SUPPORT +Limited free support is available via the sudo-users mailing list, +see https://www.sudo.ws/mailman/listinfo/sudo-users to subscribe or +search the archives. +.Sh DISCLAIMER +.Nm sudo +is provided +.Dq AS IS +and any express or implied warranties, including, but not limited +to, the implied warranties of merchantability and fitness for a +particular purpose are disclaimed. +See the LICENSE file distributed with +.Nm sudo +or https://www.sudo.ws/license.html for complete details. diff -Nru sudo-1.9.5p2/docs/sudoreplay.man.in sudo-1.9.9/docs/sudoreplay.man.in --- sudo-1.9.5p2/docs/sudoreplay.man.in 1970-01-01 00:00:00.000000000 +0000 +++ sudo-1.9.9/docs/sudoreplay.man.in 2022-01-27 21:24:22.000000000 +0000 @@ -0,0 +1,523 @@ +.\" Automatically generated from an mdoc input file. Do not edit. +.\" +.\" SPDX-License-Identifier: ISC +.\" +.\" Copyright (c) 2009-2022 Todd C. Miller +.\" +.\" Permission to use, copy, modify, and distribute this software for any +.\" purpose with or without fee is hereby granted, provided that the above +.\" copyright notice and this permission notice appear in all copies. +.\" +.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES +.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF +.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR +.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES +.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN +.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF +.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. +.\" +.TH "SUDOREPLAY" "@mansectsu@" "January 19, 2022" "Sudo @PACKAGE_VERSION@" "System Manager's Manual" +.nh +.if n .ad l +.SH "NAME" +\fBsudoreplay\fR +\- replay sudo session logs +.SH "SYNOPSIS" +.HP 11n +\fBsudoreplay\fR +[\fB\-FhnRS\fR] +[\fB\-d\fR\ \fIdir\fR] +[\fB\-f\fR\ \fIfilter\fR] +[\fB\-m\fR\ \fInum\fR] +[\fB\-s\fR\ \fInum\fR] +ID[\fI@offset\fR] +.HP 11n +\fBsudoreplay\fR +[\fB\-h\fR] +[\fB\-d\fR\ \fIdir\fR] +\fB\-l\fR +[search\ expression] +.SH "DESCRIPTION" +\fBsudoreplay\fR +plays back or lists the output logs created by +\fBsudo\fR. +When replaying, +\fBsudoreplay\fR +can play the session back in real-time, or the playback speed may be +adjusted (faster or slower) based on the command line options. +.PP +The +\fIID\fR +should either be a six character sequence of digits and +upper case letters, e.g., +\fR0100A5\fR +or a path name. +The +\fIID\fR +may include an optional +\fI@offset\fR +suffix which may be used to start replaying at a specific time offset. +The +\fI@offset\fR +is specified as a number in seconds since the start of the session +with an optional decimal fraction. +.PP +Path names may be relative to the I/O log directory +\fI@iolog_dir@\fR +(unless overridden by the +\fB\-d\fR +option) or fully qualified, beginning with a +\(oq/\(cq +character. +When a command is run via +\fBsudo\fR +with +\fIlog_output\fR +enabled in the +\fIsudoers\fR +file, a +\fRTSID=ID\fR +string is logged via syslog or to the +\fBsudo\fR +log file. +The +\fIID\fR +may also be determined using +\fBsudoreplay\fR's +list mode. +.PP +In list mode, +\fBsudoreplay\fR +can be used to find the ID of a session based on a number of criteria +such as the user, tty, or command run. +.PP +In replay mode, if the standard input and output are connected to a terminal +and the +\fB\-n\fR +option is not specified, +\fBsudoreplay\fR +will operate interactively. +In interactive mode, +\fBsudoreplay\fR +will attempt to adjust the terminal size to match that of the session and +write directly to the terminal (not all terminals support this). +Additionally, it will poll the keyboard and act on the following keys: +.TP 14n +\(oq\fR\en\fR\(cq or \(oq\fR\er\fR\(cq +Skip to the next replay event; useful for long pauses. +.TP 14n +\(oq\fR\ \fR\(cq (space) +Pause output; press any key to resume. +.TP 14n +\(oq<\(cq +Reduce the playback speed by one half. +.TP 14n +\(oq>\(cq +Double the playback speed. +.PP +The session can be interrupted via control-C. +When the session has finished, the terminal is restored to its +original size if it was changed during playback. +.PP +The options are as follows: +.TP 12n +\fB\-d\fR \fIdir\fR, \fB\--directory\fR=\fIdir\fR +Store session logs in +\fIdir\fR +instead of the default, +\fI@iolog_dir@\fR. +.TP 12n +\fB\-f\fR \fIfilter\fR, \fB\--filter\fR=\fIfilter\fR +Select which I/O type(s) to display. +By default, +\fBsudoreplay\fR +will display the command's standard output, standard error, and tty output. +The +\fIfilter\fR +argument is a comma-separated list, consisting of one or more of following: +\fIstdin\fR, +\fIstdout\fR, +\fIstderr\fR, +\fIttyin\fR, +and +\fIttyout\fR. +.TP 12n +\fB\-F\fR, \fB\--follow\fR +Enable +\(lqfollow mode\(rq. +When replaying a session, +\fBsudoreplay\fR +will ignore end-of-file and keep replaying until the log is complete. +This can be used to replay a session that is still in progress, +similar to +\(lqtail -f\(rq. +An I/O log file is considered to be complete when the write bits +have been cleared on the session's timing file. +Note that versions of +\fBsudo\fR +prior to 1.9.1 do not clear the write bits upon completion. +.TP 12n +\fB\-h\fR, \fB\--help\fR +Display a short help message to the standard output and exit. +.TP 12n +\fB\-l\fR, \fB\--list\fR [\fIsearch expression\fR] +Enable +\(lqlist mode\(rq. +In this mode, +\fBsudoreplay\fR +will list available sessions in a format similar to the +\fBsudo\fR +log file format, sorted by file name (or sequence number). +If a +\fIsearch expression\fR +is specified, it will be used to restrict the IDs that are displayed. +An expression is composed of the following predicates: +.PP +.RS 12n +.PD 0 +.TP 8n +command \fIpattern\fR +Evaluates to true if the command run matches the POSIX extended +regular expression +\fIpattern\fR. +.PD +.TP 8n +cwd \fIdirectory\fR +Evaluates to true if the command was run with the specified current +working directory. +.TP 8n +fromdate \fIdate\fR +Evaluates to true if the command was run on or after +\fIdate\fR. +See +\fIDate and time format\fR +for a description of supported date and time formats. +.TP 8n +group \fIrunas_group\fR +Evaluates to true if the command was run with the specified +\fIrunas_group\fR. +Note that unless a +\fIrunas_group\fR +was explicitly specified when +\fBsudo\fR +was run this field will be empty in the log. +.TP 8n +host \fIhostname\fR +Evaluates to true if the command was run on the specified +\fIhostname\fR. +.TP 8n +runas \fIrunas_user\fR +Evaluates to true if the command was run as the specified +\fIrunas_user\fR. +Note that +\fBsudo\fR +runs commands as user +\fIroot\fR +by default. +.TP 8n +todate \fIdate\fR +Evaluates to true if the command was run on or prior to +\fIdate\fR. +See +\fIDate and time format\fR +for a description of supported date and time formats. +.TP 8n +tty \fItty name\fR +Evaluates to true if the command was run on the specified terminal device. +The +\fItty name\fR +should be specified without the +\fI/dev/\fR +prefix, e.g., +\fItty01\fR +instead of +\fI/dev/tty01\fR. +.TP 8n +user \fIuser name\fR +Evaluates to true if the ID matches a command run by +\fIuser name\fR. +.PP +Predicates may be abbreviated to the shortest unique string. +.sp +Predicates may be combined using +\fIand\fR, +\fIor\fR, +and +\fI\&!\fR +operators as well as +\(oq\&(\(cq +and +\(oq\&)\(cq +grouping (note that parentheses must generally be escaped from the shell). +The +\fIand\fR +operator is optional, adjacent predicates have an implied +\fIand\fR +unless separated by an +\fIor\fR. +.RE +.TP 12n +\fB\-m\fR, \fB\--max-wait\fR \fImax_wait\fR +Specify an upper bound on how long to wait between key presses or output data. +By default, +\fBsudoreplay\fR +will accurately reproduce the delays between key presses or program output. +However, this can be tedious when the session includes long pauses. +When the +\fB\-m\fR +option is specified, +\fBsudoreplay\fR +will limit these pauses to at most +\fImax_wait\fR +seconds. +The value may be specified as a floating point number, e.g., +\fI2.5\fR. +A +\fImax_wait\fR +of zero or less will eliminate the pauses entirely. +.TP 12n +\fB\-n\fR, \fB\--non-interactive\fR +Do not prompt for user input or attempt to re-size the terminal. +The session is written to the standard output, not directly to +the user's terminal. +.TP 12n +\fB\-R\fR, \fB\--no-resize\fR +Do not attempt to re-size the terminal to match the terminal size +of the session. +.TP 12n +\fB\-S\fR, \fB\--suspend-wait\fR +Wait while the command was suspended. +By default, +\fBsudoreplay\fR +will ignore the time interval between when the command was suspended +and when it was resumed. +If the +\fB\-S\fR +option is specified, +\fBsudoreplay\fR +will wait instead. +.TP 12n +\fB\-s\fR, \fB\--speed\fR \fIspeed_factor\fR +This option causes +\fBsudoreplay\fR +to adjust the number of seconds it will wait between key presses or +program output. +This can be used to slow down or speed up the display. +For example, a +\fIspeed_factor\fR +of +\fI2\fR +would make the output twice as fast whereas a +\fIspeed_factor\fR +of +\fI.5\fR +would make the output twice as slow. +.TP 12n +\fB\-V\fR, \fB\--version\fR +Print the +\fBsudoreplay\fR +versions version number and exit. +.SS "Date and time format" +The time and date may be specified multiple ways, common formats include: +.TP 8n +HH:MM:SS am MM/DD/CCYY timezone +24 hour time may be used in place of am/pm. +.TP 8n +HH:MM:SS am Month, Day Year timezone +24 hour time may be used in place of am/pm, and month and day names +may be abbreviated. +Note that month and day of the week names must be specified in English. +.TP 8n +CCYY-MM-DD HH:MM:SS +ISO time format +.TP 8n +DD Month CCYY HH:MM:SS +The month name may be abbreviated. +.PP +Either time or date may be omitted, the am/pm and timezone are optional. +If no date is specified, the current day is assumed; if no time is +specified, the first second of the specified date is used. +The less significant parts of both time and date may also be omitted, +in which case zero is assumed. +.PP +The following are all valid time and date specifications: +.TP 8n +now +The current time and date. +.TP 8n +tomorrow +Exactly one day from now. +.TP 8n +yesterday +24 hours ago. +.TP 8n +2 hours ago +2 hours ago. +.TP 8n +next Friday +The first second of the Friday in the next (upcoming) week. +Not to be confused with +\(lqthis Friday\(rq +which would match the Friday of the current week. +.TP 8n +last week +The current time but 7 days ago. +This is equivalent to +\(lqa week ago\(rq. +.TP 8n +a fortnight ago +The current time but 14 days ago. +.TP 8n +10:01 am 9/17/2009 +10:01 am, September 17, 2009. +.TP 8n +10:01 am +10:01 am on the current day. +.TP 8n +10 +10:00 am on the current day. +.TP 8n +9/17/2009 +00:00 am, September 17, 2009. +.TP 8n +10:01 am Sep 17, 2009 +10:01 am, September 17, 2009. +.PP +Note that relative time specifications do not always work as expected. +For example, the +\(lqnext\(rq +qualifier is intended to be used in conjunction with a day such as +\(lqnext Monday\(rq. +When used with units of weeks, months, years, etc +the result will be one more than expected. +For example, +\(lqnext week\(rq +will result in a time exactly two weeks from now, which is probably +not what was intended. +This will be addressed in a future version of +\fBsudoreplay\fR. +.SS "Debugging sudoreplay" +\fBsudoreplay\fR +versions 1.8.4 and higher support a flexible debugging framework +that is configured via +\fRDebug\fR +lines in the +sudo.conf(@mansectform@) +file. +.PP +For more information on configuring +sudo.conf(@mansectform@), +please refer to its manual. +.SH "FILES" +.TP 26n +\fI@sysconfdir@/sudo.conf\fR +Debugging framework configuration +.TP 26n +\fI@iolog_dir@\fR +The default I/O log directory. +.TP 26n +\fI@iolog_dir@/00/00/01/log\fR +Example session log info. +.TP 26n +\fI@iolog_dir@/00/00/01/log.json\fR +Example session log info (JSON format). +.TP 26n +\fI@iolog_dir@/00/00/01/stdin\fR +Example session standard input log. +.TP 26n +\fI@iolog_dir@/00/00/01/stdout\fR +Example session standard output log. +.TP 26n +\fI@iolog_dir@/00/00/01/stderr\fR +Example session standard error log. +.TP 26n +\fI@iolog_dir@/00/00/01/ttyin\fR +Example session tty input file. +.TP 26n +\fI@iolog_dir@/00/00/01/ttyout\fR +Example session tty output file. +.TP 26n +\fI@iolog_dir@/00/00/01/timing\fR +Example session timing file. +.PP +Note that the +\fIstdin\fR, +\fIstdout\fR +and +\fIstderr\fR +files will be empty unless +\fBsudo\fR +was used as part of a pipeline for a particular command. +.SH "EXAMPLES" +List sessions run by user +\fImillert\fR: +.nf +.sp +.RS 6n +# sudoreplay -l user millert +.RE +.fi +.PP +List sessions run by user +\fIbob\fR +with a command containing the string vi: +.nf +.sp +.RS 6n +# sudoreplay -l user bob command vi +.RE +.fi +.PP +List sessions run by user +\fIjeff\fR +that match a regular expression: +.nf +.sp +.RS 6n +# sudoreplay -l user jeff command '/bin/[a-z]*sh' +.RE +.fi +.PP +List sessions run by jeff or bob on the console: +.nf +.sp +.RS 6n +# sudoreplay -l ( user jeff or user bob ) tty console +.RE +.fi +.SH "SEE ALSO" +script(1), +sudo.conf(@mansectform@), +sudo(@mansectsu@) +.SH "AUTHORS" +Many people have worked on +\fBsudo\fR +over the years; this version consists of code written primarily by: +.sp +.RS 6n +Todd C. Miller +.RE +.PP +See the CONTRIBUTORS file in the +\fBsudo\fR +distribution (https://www.sudo.ws/contributors.html) for an +exhaustive list of people who have contributed to +\fBsudo\fR. +.SH "BUGS" +If you feel you have found a bug in +\fBsudoreplay\fR, +please submit a bug report at https://bugzilla.sudo.ws/ +.SH "SUPPORT" +Limited free support is available via the sudo-users mailing list, +see https://www.sudo.ws/mailman/listinfo/sudo-users to subscribe or +search the archives. +.SH "DISCLAIMER" +\fBsudoreplay\fR +is provided +\(lqAS IS\(rq +and any express or implied warranties, including, but not limited +to, the implied warranties of merchantability and fitness for a +particular purpose are disclaimed. +See the LICENSE file distributed with +\fBsudo\fR +or https://www.sudo.ws/license.html for complete details. diff -Nru sudo-1.9.5p2/docs/sudoreplay.mdoc.in sudo-1.9.9/docs/sudoreplay.mdoc.in --- sudo-1.9.5p2/docs/sudoreplay.mdoc.in 1970-01-01 00:00:00.000000000 +0000 +++ sudo-1.9.9/docs/sudoreplay.mdoc.in 2022-01-27 21:24:22.000000000 +0000 @@ -0,0 +1,465 @@ +.\" +.\" SPDX-License-Identifier: ISC +.\" +.\" Copyright (c) 2009-2022 Todd C. Miller +.\" +.\" Permission to use, copy, modify, and distribute this software for any +.\" purpose with or without fee is hereby granted, provided that the above +.\" copyright notice and this permission notice appear in all copies. +.\" +.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES +.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF +.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR +.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES +.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN +.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF +.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. +.\" +.Dd January 19, 2022 +.Dt SUDOREPLAY @mansectsu@ +.Os Sudo @PACKAGE_VERSION@ +.Sh NAME +.Nm sudoreplay +.Nd replay sudo session logs +.Sh SYNOPSIS +.Nm sudoreplay +.Op Fl FhnRS +.Op Fl d Ar dir +.Op Fl f Ar filter +.Op Fl m Ar num +.Op Fl s Ar num +.No ID Ns Op Ar @offset +.Pp +.Nm +.Op Fl h +.Op Fl d Ar dir +.Fl l +.Op search expression +.Sh DESCRIPTION +.Nm +plays back or lists the output logs created by +.Nm sudo . +When replaying, +.Nm +can play the session back in real-time, or the playback speed may be +adjusted (faster or slower) based on the command line options. +.Pp +The +.Em ID +should either be a six character sequence of digits and +upper case letters, e.g., +.Li 0100A5 +or a path name. +The +.Em ID +may include an optional +.Ar @offset +suffix which may be used to start replaying at a specific time offset. +The +.Ar @offset +is specified as a number in seconds since the start of the session +with an optional decimal fraction. +.Pp +Path names may be relative to the I/O log directory +.Pa @iolog_dir@ +(unless overridden by the +.Fl d +option) or fully qualified, beginning with a +.Ql / +character. +When a command is run via +.Nm sudo +with +.Em log_output +enabled in the +.Em sudoers +file, a +.Li TSID=ID +string is logged via syslog or to the +.Nm sudo +log file. +The +.Em ID +may also be determined using +.Nm sudoreplay Ns 's +list mode. +.Pp +In list mode, +.Nm +can be used to find the ID of a session based on a number of criteria +such as the user, tty, or command run. +.Pp +In replay mode, if the standard input and output are connected to a terminal +and the +.Fl n +option is not specified, +.Nm +will operate interactively. +In interactive mode, +.Nm +will attempt to adjust the terminal size to match that of the session and +write directly to the terminal (not all terminals support this). +Additionally, it will poll the keyboard and act on the following keys: +.Bl -tag -width 12n +.It So Li \en Sc No or So Li \er Sc +Skip to the next replay event; useful for long pauses. +.It So Li \ Sc Pq space +Pause output; press any key to resume. +.It Ql < +Reduce the playback speed by one half. +.It Ql > +Double the playback speed. +.El +.Pp +The session can be interrupted via control-C. +When the session has finished, the terminal is restored to its +original size if it was changed during playback. +.Pp +The options are as follows: +.Bl -tag -width Fl +.It Fl d Ar dir , Fl -directory Ns = Ns Ar dir +Store session logs in +.Ar dir +instead of the default, +.Pa @iolog_dir@ . +.It Fl f Ar filter , Fl -filter Ns = Ns Ar filter +Select which I/O type(s) to display. +By default, +.Nm +will display the command's standard output, standard error, and tty output. +The +.Ar filter +argument is a comma-separated list, consisting of one or more of following: +.Em stdin , +.Em stdout , +.Em stderr , +.Em ttyin , +and +.Em ttyout . +.It Fl F , -follow +Enable +.Dq follow mode . +When replaying a session, +.Nm +will ignore end-of-file and keep replaying until the log is complete. +This can be used to replay a session that is still in progress, +similar to +.Dq tail -f . +An I/O log file is considered to be complete when the write bits +have been cleared on the session's timing file. +Note that versions of +.Nm sudo +prior to 1.9.1 do not clear the write bits upon completion. +.It Fl h , -help +Display a short help message to the standard output and exit. +.It Fl l , -list Op Ar search expression +Enable +.Dq list mode . +In this mode, +.Nm +will list available sessions in a format similar to the +.Nm sudo +log file format, sorted by file name (or sequence number). +If a +.Ar search expression +is specified, it will be used to restrict the IDs that are displayed. +An expression is composed of the following predicates: +.Bl -tag -width 6n +.It command Ar pattern +Evaluates to true if the command run matches the POSIX extended +regular expression +.Ar pattern . +.It cwd Ar directory +Evaluates to true if the command was run with the specified current +working directory. +.It fromdate Ar date +Evaluates to true if the command was run on or after +.Ar date . +See +.Sx Date and time format +for a description of supported date and time formats. +.It group Ar runas_group +Evaluates to true if the command was run with the specified +.Ar runas_group . +Note that unless a +.Ar runas_group +was explicitly specified when +.Nm sudo +was run this field will be empty in the log. +.It host Ar hostname +Evaluates to true if the command was run on the specified +.Ar hostname . +.It runas Ar runas_user +Evaluates to true if the command was run as the specified +.Ar runas_user . +Note that +.Nm sudo +runs commands as user +.Em root +by default. +.It todate Ar date +Evaluates to true if the command was run on or prior to +.Ar date . +See +.Sx Date and time format +for a description of supported date and time formats. +.It tty Ar tty name +Evaluates to true if the command was run on the specified terminal device. +The +.Ar tty name +should be specified without the +.Pa /dev/ +prefix, e.g., +.Pa tty01 +instead of +.Pa /dev/tty01 . +.It user Ar user name +Evaluates to true if the ID matches a command run by +.Ar user name . +.El +.Pp +Predicates may be abbreviated to the shortest unique string. +.Pp +Predicates may be combined using +.Em and , +.Em or , +and +.Em \&! +operators as well as +.Ql \&( +and +.Ql \&) +grouping (note that parentheses must generally be escaped from the shell). +The +.Em and +operator is optional, adjacent predicates have an implied +.Em and +unless separated by an +.Em or . +.It Fl m , -max-wait Ar max_wait +Specify an upper bound on how long to wait between key presses or output data. +By default, +.Nm +will accurately reproduce the delays between key presses or program output. +However, this can be tedious when the session includes long pauses. +When the +.Fl m +option is specified, +.Nm +will limit these pauses to at most +.Em max_wait +seconds. +The value may be specified as a floating point number, e.g., +.Em 2.5 . +A +.Em max_wait +of zero or less will eliminate the pauses entirely. +.It Fl n , -non-interactive +Do not prompt for user input or attempt to re-size the terminal. +The session is written to the standard output, not directly to +the user's terminal. +.It Fl R , -no-resize +Do not attempt to re-size the terminal to match the terminal size +of the session. +.It Fl S , -suspend-wait +Wait while the command was suspended. +By default, +.Nm +will ignore the time interval between when the command was suspended +and when it was resumed. +If the +.Fl S +option is specified, +.Nm +will wait instead. +.It Fl s , -speed Ar speed_factor +This option causes +.Nm +to adjust the number of seconds it will wait between key presses or +program output. +This can be used to slow down or speed up the display. +For example, a +.Ar speed_factor +of +.Em 2 +would make the output twice as fast whereas a +.Ar speed_factor +of +.Em .5 +would make the output twice as slow. +.It Fl V , -version +Print the +.Nm +versions version number and exit. +.El +.Ss Date and time format +The time and date may be specified multiple ways, common formats include: +.Bl -tag -width 6n +.It HH:MM:SS am MM/DD/CCYY timezone +24 hour time may be used in place of am/pm. +.It HH:MM:SS am Month, Day Year timezone +24 hour time may be used in place of am/pm, and month and day names +may be abbreviated. +Note that month and day of the week names must be specified in English. +.It CCYY-MM-DD HH:MM:SS +ISO time format +.It DD Month CCYY HH:MM:SS +The month name may be abbreviated. +.El +.Pp +Either time or date may be omitted, the am/pm and timezone are optional. +If no date is specified, the current day is assumed; if no time is +specified, the first second of the specified date is used. +The less significant parts of both time and date may also be omitted, +in which case zero is assumed. +.Pp +The following are all valid time and date specifications: +.Bl -tag -width 6n +.It now +The current time and date. +.It tomorrow +Exactly one day from now. +.It yesterday +24 hours ago. +.It 2 hours ago +2 hours ago. +.It next Friday +The first second of the Friday in the next (upcoming) week. +Not to be confused with +.Dq this Friday +which would match the Friday of the current week. +.It last week +The current time but 7 days ago. +This is equivalent to +.Dq a week ago . +.It a fortnight ago +The current time but 14 days ago. +.It 10:01 am 9/17/2009 +10:01 am, September 17, 2009. +.It 10:01 am +10:01 am on the current day. +.It 10 +10:00 am on the current day. +.It 9/17/2009 +00:00 am, September 17, 2009. +.It 10:01 am Sep 17, 2009 +10:01 am, September 17, 2009. +.El +.Pp +Note that relative time specifications do not always work as expected. +For example, the +.Dq next +qualifier is intended to be used in conjunction with a day such as +.Dq next Monday . +When used with units of weeks, months, years, etc +the result will be one more than expected. +For example, +.Dq next week +will result in a time exactly two weeks from now, which is probably +not what was intended. +This will be addressed in a future version of +.Nm . +.Ss Debugging sudoreplay +.Nm +versions 1.8.4 and higher support a flexible debugging framework +that is configured via +.Li Debug +lines in the +.Xr sudo.conf @mansectform@ +file. +.Pp +For more information on configuring +.Xr sudo.conf @mansectform@ , +please refer to its manual. +.Sh FILES +.Bl -tag -width 24n +.It Pa @sysconfdir@/sudo.conf +Debugging framework configuration +.It Pa @iolog_dir@ +The default I/O log directory. +.It Pa @iolog_dir@/00/00/01/log +Example session log info. +.It Pa @iolog_dir@/00/00/01/log.json +Example session log info (JSON format). +.It Pa @iolog_dir@/00/00/01/stdin +Example session standard input log. +.It Pa @iolog_dir@/00/00/01/stdout +Example session standard output log. +.It Pa @iolog_dir@/00/00/01/stderr +Example session standard error log. +.It Pa @iolog_dir@/00/00/01/ttyin +Example session tty input file. +.It Pa @iolog_dir@/00/00/01/ttyout +Example session tty output file. +.It Pa @iolog_dir@/00/00/01/timing +Example session timing file. +.El +.Pp +Note that the +.Em stdin , +.Em stdout +and +.Em stderr +files will be empty unless +.Nm sudo +was used as part of a pipeline for a particular command. +.Sh EXAMPLES +List sessions run by user +.Em millert : +.Bd -literal -offset indent +# sudoreplay -l user millert +.Ed +.Pp +List sessions run by user +.Em bob +with a command containing the string vi: +.Bd -literal -offset indent +# sudoreplay -l user bob command vi +.Ed +.Pp +List sessions run by user +.Em jeff +that match a regular expression: +.Bd -literal -offset indent +# sudoreplay -l user jeff command '/bin/[a-z]*sh' +.Ed +.Pp +List sessions run by jeff or bob on the console: +.Bd -literal -offset indent +# sudoreplay -l ( user jeff or user bob ) tty console +.Ed +.Sh SEE ALSO +.Xr script 1 , +.Xr sudo.conf @mansectform@ , +.Xr sudo @mansectsu@ +.Sh AUTHORS +Many people have worked on +.Nm sudo +over the years; this version consists of code written primarily by: +.Bd -ragged -offset indent +.An Todd C. Miller +.Ed +.Pp +See the CONTRIBUTORS file in the +.Nm sudo +distribution (https://www.sudo.ws/contributors.html) for an +exhaustive list of people who have contributed to +.Nm sudo . +.Sh BUGS +If you feel you have found a bug in +.Nm , +please submit a bug report at https://bugzilla.sudo.ws/ +.Sh SUPPORT +Limited free support is available via the sudo-users mailing list, +see https://www.sudo.ws/mailman/listinfo/sudo-users to subscribe or +search the archives. +.Sh DISCLAIMER +.Nm +is provided +.Dq AS IS +and any express or implied warranties, including, but not limited +to, the implied warranties of merchantability and fitness for a +particular purpose are disclaimed. +See the LICENSE file distributed with +.Nm sudo +or https://www.sudo.ws/license.html for complete details. diff -Nru sudo-1.9.5p2/docs/visudo.man.in sudo-1.9.9/docs/visudo.man.in --- sudo-1.9.5p2/docs/visudo.man.in 1970-01-01 00:00:00.000000000 +0000 +++ sudo-1.9.9/docs/visudo.man.in 2022-01-27 21:24:22.000000000 +0000 @@ -0,0 +1,500 @@ +.\" Automatically generated from an mdoc input file. Do not edit. +.\" +.\" SPDX-License-Identifier: ISC +.\" +.\" Copyright (c) 1996,1998-2005, 2007-2022 +.\" Todd C. Miller +.\" +.\" Permission to use, copy, modify, and distribute this software for any +.\" purpose with or without fee is hereby granted, provided that the above +.\" copyright notice and this permission notice appear in all copies. +.\" +.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES +.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF +.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR +.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES +.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN +.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF +.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. +.\" +.\" Sponsored in part by the Defense Advanced Research Projects +.\" Agency (DARPA) and Air Force Research Laboratory, Air Force +.\" Materiel Command, USAF, under agreement number F39502-99-1-0512. +.\" +.TH "VISUDO" "@mansectsu@" "January 20, 2022" "Sudo @PACKAGE_VERSION@" "System Manager's Manual" +.nh +.if n .ad l +.SH "NAME" +\fBvisudo\fR +\- edit the sudoers file +.SH "SYNOPSIS" +.HP 7n +\fBvisudo\fR +[\fB\-chOPqsV\fR] +[[\fB\-f\fR]\ \fIsudoers\fR] +.SH "DESCRIPTION" +\fBvisudo\fR +edits the +\fIsudoers\fR +file in a safe fashion, analogous to +vipw(@mansectsu@). +\fBvisudo\fR +locks the +\fIsudoers\fR +file against multiple simultaneous edits, performs basic validity checks, +and checks for syntax errors before installing the edited file. +If the +\fIsudoers\fR +file is currently being edited you will receive a message to try again later. +.PP +\fBvisudo\fR +parses the +\fIsudoers\fR +file after editing and will not save the changes if there is a syntax error. +Upon finding an error, +\fBvisudo\fR +will print a message stating the line number(s) +where the error occurred and the user will receive the +\(lqWhat now?\(rq +prompt. +At this point the user may enter +\(oqe\(cq +to re-edit the +\fIsudoers\fR +file, +\(oqx\(cq +to exit without saving the changes, or +\(oqQ\(cq +to quit and save changes. +The +\(oqQ\(cq +option should be used with extreme caution because if +\fBvisudo\fR +believes there to be a syntax error, so will +\fBsudo\fR. +If +\(oqe\(cq +is typed to edit the +\fIsudoers\fR +file after a syntax error has been detected, the cursor will be placed on +the line where the error occurred (if the editor supports this feature). +.PP +There are two +\fIsudoers\fR +settings that determine which editor +\fBvisudo\fR +will run. +.TP 10n +editor +A colon +(\(oq:\&\(cq) +separated list of editors allowed to be used with +\fBvisudo\fR. +\fBvisudo\fR +will choose the editor that matches the user's +\fRSUDO_EDITOR\fR, +\fRVISUAL\fR, +or +\fREDITOR\fR +environment variable if possible, or the first editor in the +list that exists and is executable. +Note that +\fBsudo\fR +does not preserve the +\fRSUDO_EDITOR\fR, +\fRVISUAL\fR, +or +\fREDITOR\fR +environment variables unless they are present in the +\fIenv_keep\fR +list or the +\fIenv_reset\fR +option is disabled in the +\fIsudoers\fR +file. +The default editor path is +\fI@editor@\fR +which can be set at compile time via the +\fR--with-editor\fR +configure option. +.TP 10n +env_editor +If set, +\fBvisudo\fR +will use the value of the +\fRSUDO_EDITOR\fR, +\fRVISUAL\fR, +or +\fREDITOR\fR +environment variables before falling back on the default editor list. +Note that +\fBvisudo\fR +is typically run as root so this option may allow a user with +\fBvisudo\fR +privileges to run arbitrary commands as root without logging. +An alternative is to place a colon-separated list of +\(lqsafe\(rq +editors int the +\fIeditor\fR +variable. +\fBvisudo\fR +will then only use +\fRSUDO_EDITOR\fR, +\fRVISUAL\fR, +or +\fREDITOR\fR +if they match a value specified in +\fIeditor\fR. +If the +\fIenv_reset\fR +flag is enabled, the +\fRSUDO_EDITOR\fR, +\fRVISUAL\fR, +and/or +\fREDITOR\fR +environment variables must be present in the +\fIenv_keep\fR +list for the +\fIenv_editor\fR +flag to function when +\fBvisudo\fR +is invoked via +\fBsudo\fR. +The default value is +\fI@env_editor@\fR, +which can be set at compile time via the +\fR--with-env-editor\fR +configure option. +.PP +The options are as follows: +.TP 12n +\fB\-c\fR, \fB\--check\fR +Enable +\fIcheck-only\fR +mode. +The existing +\fIsudoers\fR +file (and any other files it includes) will be +checked for syntax errors. +If the path to the +\fIsudoers\fR +file was not specified, +\fBvisudo\fR +will also check the file ownership and permissions (see the +\fB\-O\fR +and +\fB\-P\fR +options). +A message will be printed to the standard output describing the status of +\fIsudoers\fR +unless the +\fB\-q\fR +option was specified. +If the check completes successfully, +\fBvisudo\fR +will exit with a value of 0. +If an error is encountered, +\fBvisudo\fR +will exit with a value of 1. +.TP 12n +\fB\-f\fR \fIsudoers\fR, \fB\--file\fR=\fIsudoers\fR +Specify an alternate +\fIsudoers\fR +file location, see below. +As of version 1.8.27, the +\fIsudoers\fR +path can be specified without using the +\fB\-f\fR +option. +.TP 12n +\fB\-h\fR, \fB\--help\fR +Display a short help message to the standard output and exit. +.TP 12n +\fB\-O\fR, \fB\--owner\fR +Enforce the default ownership (user and group) of the +\fIsudoers\fR +file. +In edit mode, the owner of the edited file will be set to the default. +In check mode +(\fB\-c\fR), +an error will be reported if the owner is incorrect. +This option is enabled by default if the +\fIsudoers\fR +file was not specified. +.TP 12n +\fB\-P\fR, \fB\--perms\fR +Enforce the default permissions (mode) of the +\fIsudoers\fR +file. +In edit mode, the permissions of the edited file will be set to the default. +In check mode +(\fB\-c\fR), +an error will be reported if the file permissions are incorrect. +This option is enabled by default if the +\fIsudoers\fR +file was not specified. +.TP 12n +\fB\-q\fR, \fB\--quiet\fR +Enable +\fIquiet\fR +mode. +In this mode details about syntax errors are not printed. +This option is only useful when combined with +the +\fB\-c\fR +option. +.TP 12n +\fB\-s\fR, \fB\--strict\fR +Enable +\fIstrict\fR +checking of the +\fIsudoers\fR +file. +If an alias is referenced but not actually defined +or if there is a cycle in an alias, +\fBvisudo\fR +will consider this a syntax error. +Note that it is not possible to differentiate between an +alias and a host name or user name that consists solely of uppercase +letters, digits, and the underscore +(\(oq_\(cq) +character. +.TP 12n +\fB\-V\fR, \fB\--version\fR +Print the +\fBvisudo\fR +and +\fIsudoers\fR +grammar versions and exit. +.PP +A +\fIsudoers\fR +file may be specified instead of the default, +\fI@sysconfdir@/sudoers\fR. +The temporary file used is the specified +\fIsudoers\fR +file with +\(lq\.tmp\(rq +appended to it. +In +\fIcheck-only\fR +mode only, +\(oq-\(cq +may be used to indicate that +\fIsudoers\fR +will be read from the standard input. +Because the policy is evaluated in its entirety, it is not sufficient +to check an individual +\fIsudoers\fR +include file for syntax errors. +.SS "Debugging and sudoers plugin arguments" +\fBvisudo\fR +versions 1.8.4 and higher support a flexible debugging framework +that is configured via +\fRDebug\fR +lines in the +sudo.conf(@mansectform@) +file. +.PP +Starting with +\fBsudo\fR +1.8.12, +\fBvisudo\fR +will also parse the arguments to the +\fIsudoers\fR +plugin to override the default +\fIsudoers\fR +path name, user-ID, group-ID, and file mode. +These arguments, if present, should be listed after the path to the plugin +(i.e., after +\fIsudoers.so\fR). +Multiple arguments may be specified, separated by white space. +For example: +.nf +.sp +.RS 6n +Plugin sudoers_policy sudoers.so sudoers_mode=0400 +.RE +.fi +.PP +The following arguments are supported: +.TP 10n +sudoers_file=pathname +The +\fIsudoers_file\fR +argument can be used to override the default path to the +\fIsudoers\fR +file. +.TP 10n +sudoers_uid=user-ID +The +\fIsudoers_uid\fR +argument can be used to override the default owner of the sudoers file. +It should be specified as a numeric user-ID. +.TP 10n +sudoers_gid=group-ID +The +\fIsudoers_gid\fR +argument can be used to override the default group of the sudoers file. +It must be specified as a numeric group-ID (not a group name). +.TP 10n +sudoers_mode=mode +The +\fIsudoers_mode\fR +argument can be used to override the default file mode for the sudoers file. +It should be specified as an octal value. +.PP +For more information on configuring +sudo.conf(@mansectform@), +please refer to its manual. +.SH "ENVIRONMENT" +The following environment variables may be consulted depending on +the value of the +\fIeditor\fR +and +\fIenv_editor\fR +\fIsudoers\fR +settings: +.TP 17n +\fRSUDO_EDITOR\fR +Invoked by +\fBvisudo\fR +as the editor to use +.TP 17n +\fRVISUAL\fR +Used by +\fBvisudo\fR +if +\fRSUDO_EDITOR\fR +is not set +.TP 17n +\fREDITOR\fR +Used by +\fBvisudo\fR +if neither +\fRSUDO_EDITOR\fR +nor +\fRVISUAL\fR +is set +.SH "FILES" +.TP 26n +\fI@sysconfdir@/sudo.conf\fR +Sudo front-end configuration +.TP 26n +\fI@sysconfdir@/sudoers\fR +List of who can run what +.TP 26n +\fI@sysconfdir@/sudoers.tmp\fR +Default temporary file used by visudo +.SH "DIAGNOSTICS" +In addition to reporting +\fIsudoers\fR +syntax errors, +\fBvisudo\fR +may produce the following messages: +.TP 6n +\fRsudoers file busy, try again later.\fR +Someone else is currently editing the +\fIsudoers\fR +file. +.TP 6n +\fR@sysconfdir@/sudoers: Permission denied\fR +You didn't run +\fBvisudo\fR +as root. +.TP 6n +\fRyou do not exist in the passwd database\fR +Your user-ID does not appear in the system passwd database. +.TP 6n +\fRWarning: {User,Runas,Host,Cmnd}_Alias referenced but not defined\fR +Either you are trying to use an undeclared {User,Runas,Host,Cmnd}_Alias +or you have a user or host name listed that consists solely of +uppercase letters, digits, and the underscore +(\(oq_\(cq) +character. +In the latter case, you can ignore the warnings +(\fBsudo\fR +will not complain) +\&. +The message is prefixed with the path name of the +\fIsudoers\fR +file and the line number where the undefined alias was used. +In +\fB\-s\fR +(strict) mode these are errors, not warnings. +.TP 6n +\fRWarning: unused {User,Runas,Host,Cmnd}_Alias\fR +The specified {User,Runas,Host,Cmnd}_Alias was defined but never +used. +The message is prefixed with the path name of the +\fIsudoers\fR +file and the line number where the unused alias was defined. +You may wish to comment out or remove the unused alias. +.TP 6n +\fRWarning: cycle in {User,Runas,Host,Cmnd}_Alias\fR +The specified {User,Runas,Host,Cmnd}_Alias includes a reference to +itself, either directly or through an alias it includes. +The message is prefixed with the path name of the +\fIsudoers\fR +file and the line number where the cycle was detected. +This is only a warning unless +\fBvisudo\fR +is run in +\fB\-s\fR +(strict) mode as +\fBsudo\fR +will ignore cycles when parsing +the +\fIsudoers\fR +file. +.TP 6n +\fRunknown defaults entry \&"name\&"\fR +The +\fIsudoers\fR +file contains a +\fRDefaults\fR +setting not recognized by +\fBvisudo\fR. +.SH "SEE ALSO" +vi(1), +sudo.conf(@mansectform@), +sudoers(@mansectform@), +sudo(@mansectsu@), +vipw(@mansectsu@) +.SH "AUTHORS" +Many people have worked on +\fBsudo\fR +over the years; this version consists of code written primarily by: +.sp +.RS 6n +Todd C. Miller +.RE +.PP +See the CONTRIBUTORS file in the +\fBsudo\fR +distribution (https://www.sudo.ws/contributors.html) for an +exhaustive list of people who have contributed to +\fBsudo\fR. +.SH "CAVEATS" +There is no easy way to prevent a user from gaining a root shell if +the editor used by +\fBvisudo\fR +allows shell escapes. +.SH "BUGS" +If you feel you have found a bug in +\fBvisudo\fR, +please submit a bug report at https://bugzilla.sudo.ws/ +.SH "SUPPORT" +Limited free support is available via the sudo-users mailing list, +see https://www.sudo.ws/mailman/listinfo/sudo-users to subscribe or +search the archives. +.SH "DISCLAIMER" +\fBvisudo\fR +is provided +\(lqAS IS\(rq +and any express or implied warranties, including, but not limited +to, the implied warranties of merchantability and fitness for a +particular purpose are disclaimed. +See the LICENSE file distributed with +\fBsudo\fR +or https://www.sudo.ws/license.html for complete details. diff -Nru sudo-1.9.5p2/docs/visudo.mdoc.in sudo-1.9.9/docs/visudo.mdoc.in --- sudo-1.9.5p2/docs/visudo.mdoc.in 1970-01-01 00:00:00.000000000 +0000 +++ sudo-1.9.9/docs/visudo.mdoc.in 2022-01-27 21:24:22.000000000 +0000 @@ -0,0 +1,480 @@ +.\" +.\" SPDX-License-Identifier: ISC +.\" +.\" Copyright (c) 1996,1998-2005, 2007-2022 +.\" Todd C. Miller +.\" +.\" Permission to use, copy, modify, and distribute this software for any +.\" purpose with or without fee is hereby granted, provided that the above +.\" copyright notice and this permission notice appear in all copies. +.\" +.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES +.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF +.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR +.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES +.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN +.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF +.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. +.\" +.\" Sponsored in part by the Defense Advanced Research Projects +.\" Agency (DARPA) and Air Force Research Laboratory, Air Force +.\" Materiel Command, USAF, under agreement number F39502-99-1-0512. +.\" +.Dd January 20, 2022 +.Dt VISUDO @mansectsu@ +.Os Sudo @PACKAGE_VERSION@ +.Sh NAME +.Nm visudo +.Nd edit the sudoers file +.Sh SYNOPSIS +.Nm visudo +.Op Fl chOPqsV +.Op Bo Fl f Bc Ar sudoers +.Sh DESCRIPTION +.Nm +edits the +.Em sudoers +file in a safe fashion, analogous to +.Xr vipw @mansectsu@ . +.Nm +locks the +.Em sudoers +file against multiple simultaneous edits, performs basic validity checks, +and checks for syntax errors before installing the edited file. +If the +.Em sudoers +file is currently being edited you will receive a message to try again later. +.Pp +.Nm +parses the +.Em sudoers +file after editing and will not save the changes if there is a syntax error. +Upon finding an error, +.Nm +will print a message stating the line number(s) +where the error occurred and the user will receive the +.Dq What now? +prompt. +At this point the user may enter +.Ql e +to re-edit the +.Em sudoers +file, +.Ql x +to exit without saving the changes, or +.Ql Q +to quit and save changes. +The +.Ql Q +option should be used with extreme caution because if +.Nm +believes there to be a syntax error, so will +.Nm sudo . +If +.Ql e +is typed to edit the +.Em sudoers +file after a syntax error has been detected, the cursor will be placed on +the line where the error occurred (if the editor supports this feature). +.Pp +There are two +.Em sudoers +settings that determine which editor +.Nm visudo +will run. +.Bl -tag -width 8n +.It editor +A colon +.Pq Ql :\& +separated list of editors allowed to be used with +.Nm . +.Nm +will choose the editor that matches the user's +.Ev SUDO_EDITOR , +.Ev VISUAL , +or +.Ev EDITOR +environment variable if possible, or the first editor in the +list that exists and is executable. +Note that +.Nm sudo +does not preserve the +.Ev SUDO_EDITOR , +.Ev VISUAL , +or +.Ev EDITOR +environment variables unless they are present in the +.Em env_keep +list or the +.Em env_reset +option is disabled in the +.Em sudoers +file. +The default editor path is +.Pa @editor@ +which can be set at compile time via the +.Li --with-editor +configure option. +.It env_editor +If set, +.Nm +will use the value of the +.Ev SUDO_EDITOR , +.Ev VISUAL , +or +.Ev EDITOR +environment variables before falling back on the default editor list. +Note that +.Nm visudo +is typically run as root so this option may allow a user with +.Nm visudo +privileges to run arbitrary commands as root without logging. +An alternative is to place a colon-separated list of +.Dq safe +editors int the +.Em editor +variable. +.Nm +will then only use +.Ev SUDO_EDITOR , +.Ev VISUAL , +or +.Ev EDITOR +if they match a value specified in +.Em editor . +If the +.Em env_reset +flag is enabled, the +.Ev SUDO_EDITOR , +.Ev VISUAL , +and/or +.Ev EDITOR +environment variables must be present in the +.Em env_keep +list for the +.Em env_editor +flag to function when +.Nm +is invoked via +.Nm sudo . +The default value is +.Em @env_editor@ , +which can be set at compile time via the +.Li --with-env-editor +configure option. +.El +.Pp +The options are as follows: +.Bl -tag -width Fl +.It Fl c , -check +Enable +.Em check-only +mode. +The existing +.Em sudoers +file (and any other files it includes) will be +checked for syntax errors. +If the path to the +.Em sudoers +file was not specified, +.Nm +will also check the file ownership and permissions (see the +.Fl O +and +.Fl P +options). +A message will be printed to the standard output describing the status of +.Em sudoers +unless the +.Fl q +option was specified. +If the check completes successfully, +.Nm +will exit with a value of 0. +If an error is encountered, +.Nm +will exit with a value of 1. +.It Fl f Ar sudoers , Fl -file Ns = Ns Ar sudoers +Specify an alternate +.Em sudoers +file location, see below. +As of version 1.8.27, the +.Em sudoers +path can be specified without using the +.Fl f +option. +.It Fl h , -help +Display a short help message to the standard output and exit. +.It Fl O , -owner +Enforce the default ownership (user and group) of the +.Em sudoers +file. +In edit mode, the owner of the edited file will be set to the default. +In check mode +.Pq Fl c , +an error will be reported if the owner is incorrect. +This option is enabled by default if the +.Em sudoers +file was not specified. +.It Fl P , -perms +Enforce the default permissions (mode) of the +.Em sudoers +file. +In edit mode, the permissions of the edited file will be set to the default. +In check mode +.Pq Fl c , +an error will be reported if the file permissions are incorrect. +This option is enabled by default if the +.Em sudoers +file was not specified. +.It Fl q , -quiet +Enable +.Em quiet +mode. +In this mode details about syntax errors are not printed. +This option is only useful when combined with +the +.Fl c +option. +.It Fl s , -strict +Enable +.Em strict +checking of the +.Em sudoers +file. +If an alias is referenced but not actually defined +or if there is a cycle in an alias, +.Nm +will consider this a syntax error. +Note that it is not possible to differentiate between an +alias and a host name or user name that consists solely of uppercase +letters, digits, and the underscore +.Pq Ql _ +character. +.It Fl V , -version +Print the +.Nm +and +.Em sudoers +grammar versions and exit. +.El +.Pp +A +.Em sudoers +file may be specified instead of the default, +.Pa @sysconfdir@/sudoers . +The temporary file used is the specified +.Em sudoers +file with +.Dq \.tmp +appended to it. +In +.Em check-only +mode only, +.Ql - +may be used to indicate that +.Em sudoers +will be read from the standard input. +Because the policy is evaluated in its entirety, it is not sufficient +to check an individual +.Em sudoers +include file for syntax errors. +.Ss Debugging and sudoers plugin arguments +.Nm +versions 1.8.4 and higher support a flexible debugging framework +that is configured via +.Li Debug +lines in the +.Xr sudo.conf @mansectform@ +file. +.Pp +Starting with +.Nm sudo +1.8.12, +.Nm +will also parse the arguments to the +.Em sudoers +plugin to override the default +.Em sudoers +path name, user-ID, group-ID, and file mode. +These arguments, if present, should be listed after the path to the plugin +(i.e., after +.Pa sudoers.so ) . +Multiple arguments may be specified, separated by white space. +For example: +.Bd -literal -offset indent +Plugin sudoers_policy sudoers.so sudoers_mode=0400 +.Ed +.Pp +The following arguments are supported: +.Bl -tag -width 8n +.It sudoers_file=pathname +The +.Em sudoers_file +argument can be used to override the default path to the +.Em sudoers +file. +.It sudoers_uid=user-ID +The +.Em sudoers_uid +argument can be used to override the default owner of the sudoers file. +It should be specified as a numeric user-ID. +.It sudoers_gid=group-ID +The +.Em sudoers_gid +argument can be used to override the default group of the sudoers file. +It must be specified as a numeric group-ID (not a group name). +.It sudoers_mode=mode +The +.Em sudoers_mode +argument can be used to override the default file mode for the sudoers file. +It should be specified as an octal value. +.El +.Pp +For more information on configuring +.Xr sudo.conf @mansectform@ , +please refer to its manual. +.Sh ENVIRONMENT +The following environment variables may be consulted depending on +the value of the +.Em editor +and +.Em env_editor +.Em sudoers +settings: +.Bl -tag -width 15n +.It Ev SUDO_EDITOR +Invoked by +.Nm +as the editor to use +.It Ev VISUAL +Used by +.Nm +if +.Ev SUDO_EDITOR +is not set +.It Ev EDITOR +Used by +.Nm +if neither +.Ev SUDO_EDITOR +nor +.Ev VISUAL +is set +.El +.Sh FILES +.Bl -tag -width 24n +.It Pa @sysconfdir@/sudo.conf +Sudo front-end configuration +.It Pa @sysconfdir@/sudoers +List of who can run what +.It Pa @sysconfdir@/sudoers.tmp +Default temporary file used by visudo +.El +.Sh DIAGNOSTICS +In addition to reporting +.Em sudoers +syntax errors, +.Nm +may produce the following messages: +.Bl -tag -width 4n +.It Li sudoers file busy, try again later. +Someone else is currently editing the +.Em sudoers +file. +.It Li @sysconfdir@/sudoers: Permission denied +You didn't run +.Nm +as root. +.It Li you do not exist in the passwd database +Your user-ID does not appear in the system passwd database. +.It Li Warning: {User,Runas,Host,Cmnd}_Alias referenced but not defined +Either you are trying to use an undeclared {User,Runas,Host,Cmnd}_Alias +or you have a user or host name listed that consists solely of +uppercase letters, digits, and the underscore +.Pq Ql _ +character. +In the latter case, you can ignore the warnings +.Po +.Nm sudo +will not complain +.Pc . +The message is prefixed with the path name of the +.Em sudoers +file and the line number where the undefined alias was used. +In +.Fl s +(strict) mode these are errors, not warnings. +.It Li Warning: unused {User,Runas,Host,Cmnd}_Alias +The specified {User,Runas,Host,Cmnd}_Alias was defined but never +used. +The message is prefixed with the path name of the +.Em sudoers +file and the line number where the unused alias was defined. +You may wish to comment out or remove the unused alias. +.It Li Warning: cycle in {User,Runas,Host,Cmnd}_Alias +The specified {User,Runas,Host,Cmnd}_Alias includes a reference to +itself, either directly or through an alias it includes. +The message is prefixed with the path name of the +.Em sudoers +file and the line number where the cycle was detected. +This is only a warning unless +.Nm +is run in +.Fl s +(strict) mode as +.Nm sudo +will ignore cycles when parsing +the +.Em sudoers +file. +.It Li unknown defaults entry \&"name\&" +The +.Em sudoers +file contains a +.Li Defaults +setting not recognized by +.Nm . +.El +.Sh SEE ALSO +.Xr vi 1 , +.Xr sudo.conf @mansectform@ , +.Xr sudoers @mansectform@ , +.Xr sudo @mansectsu@ , +.Xr vipw @mansectsu@ +.Sh AUTHORS +Many people have worked on +.Nm sudo +over the years; this version consists of code written primarily by: +.Bd -ragged -offset indent +.An Todd C. Miller +.Ed +.Pp +See the CONTRIBUTORS file in the +.Nm sudo +distribution (https://www.sudo.ws/contributors.html) for an +exhaustive list of people who have contributed to +.Nm sudo . +.Sh CAVEATS +There is no easy way to prevent a user from gaining a root shell if +the editor used by +.Nm +allows shell escapes. +.Sh BUGS +If you feel you have found a bug in +.Nm , +please submit a bug report at https://bugzilla.sudo.ws/ +.Sh SUPPORT +Limited free support is available via the sudo-users mailing list, +see https://www.sudo.ws/mailman/listinfo/sudo-users to subscribe or +search the archives. +.Sh DISCLAIMER +.Nm +is provided +.Dq AS IS +and any express or implied warranties, including, but not limited +to, the implied warranties of merchantability and fitness for a +particular purpose are disclaimed. +See the LICENSE file distributed with +.Nm sudo +or https://www.sudo.ws/license.html for complete details. diff -Nru sudo-1.9.5p2/etc/codespell.exclude sudo-1.9.9/etc/codespell.exclude --- sudo-1.9.5p2/etc/codespell.exclude 2020-12-17 01:33:43.000000000 +0000 +++ sudo-1.9.9/etc/codespell.exclude 2022-01-27 21:24:22.000000000 +0000 @@ -2,6 +2,7 @@ * Returns true if any tags set in nt differ between ot and nt, else false. #define TAGS_CHANGED(ot, nt) \ ((TAG_SET((nt).follow) && (nt).follow != (ot).follow) || \ + (TAG_SET((nt).intercept) && (nt).intercept != (ot).intercept) || \ (TAG_SET((nt).log_input) && (nt).log_input != (ot).log_input) || \ (TAG_SET((nt).log_output) && (nt).log_output != (ot).log_output) || \ (TAG_SET((nt).noexec) && (nt).noexec != (ot).noexec) || \ @@ -15,7 +16,7 @@ .nr BA @BAMAN@ .if \n(BA \{\ .Nd convert between sudoers file formats -.Nd configuration for sudo front end +.Nd configuration for sudo front-end .Nd execute a command as another user .Nd Sudo log server protocol .Nd configuration for sudo_logsrvd diff -Nru sudo-1.9.5p2/etc/codespell.ignore sudo-1.9.9/etc/codespell.ignore --- sudo-1.9.5p2/etc/codespell.ignore 2020-12-17 01:33:43.000000000 +0000 +++ sudo-1.9.9/etc/codespell.ignore 2022-01-27 21:24:22.000000000 +0000 @@ -12,3 +12,4 @@ toke vas wit +statics diff -Nru sudo-1.9.5p2/etc/codespell.skip sudo-1.9.9/etc/codespell.skip --- sudo-1.9.5p2/etc/codespell.skip 2020-12-17 01:33:43.000000000 +0000 +++ sudo-1.9.9/etc/codespell.skip 2022-01-27 21:24:22.000000000 +0000 @@ -5,21 +5,21 @@ ^MANIFEST$ ^aclocal\.m4$ ^autogen\.sh$ -^config\.guess$ ^config\.h\.in$ -^config\.sub$ ^configure$ -^doc/.*\.man\.in$ -^doc/CONTRIBUTORS$ +^docs/.*\.man\.in$ +^docs/CONTRIBUTORS$ ^etc/codespell ^lib/util/fnmatch\.c$ ^lib/util/getaddrinfo\.c$ ^lib/zlib/ ^libtool$ -^ltmain\.sh$ ^m4/libtool\.m4$ ^m4/lt.*\.m4$ -^mkinstalldirs$ ^plugins/sudoers/po/ ^po/ +^scripts/config\.guess$ +^scripts/config\.sub$ +^scripts/ltmain\.sh$ +^scripts/mkinstalldirs$ ^scripts/pp$ Binary files /tmp/tmpi0rdlgnl/ugezXHF7Xt/sudo-1.9.5p2/etc/macos-background.png and /tmp/tmpi0rdlgnl/jboyaHmwzR/sudo-1.9.9/etc/macos-background.png differ diff -Nru sudo-1.9.5p2/etc/sudo-logsrvd.pp sudo-1.9.9/etc/sudo-logsrvd.pp --- sudo-1.9.5p2/etc/sudo-logsrvd.pp 2021-01-09 20:12:16.000000000 +0000 +++ sudo-1.9.9/etc/sudo-logsrvd.pp 2022-01-27 21:24:22.000000000 +0000 @@ -76,6 +76,15 @@ odocdir="${docdir}" oexampledir="${exampledir}" + # docdir and exampledir are installed with "sudo" as the package + # name which may not be correct. + docdir="`echo \"${docdir}\" | sed 's#/sudo$#/'\"${name}\"'#'`" + if test "${exampledir}" = "${odocdir}/examples"; then + exampledir="${docdir}/examples" + else + exampledir="`echo \"${exampledir}\" | sed 's#/sudo$#/'\"${name}\"'#'`" + fi + # For RedHat the doc dir is expected to include version and release case "$pp_rpm_distro" in centos*|rhel*|f[0-9]*) @@ -84,11 +93,6 @@ ;; esac - # docdir and exampledir are installed with "sudo" as the package - # name which may not be correct. - docdir="`echo \"${docdir}\" | sed \"s#/sudo#/${name}#g\"`" - exampledir="`echo \"${exampledir}\" | sed \"s#/sudo#/${name}#g\"`" - # Copy docdir and exampledir to new names if needed if test ! -d "${pp_destdir}${docdir}"; then cp -R ${pp_destdir}${odocdir} ${pp_destdir}${docdir} @@ -104,7 +108,7 @@ pp_deb_release="$pp_rpm_release" pp_deb_version="$pp_rpm_version" pp_deb_section=admin - install -D -m 644 ${pp_destdir}$docdir/LICENSE ${pp_wrkdir}/${name}/usr/share/doc/${name}/copyright + install -D -m 644 ${pp_destdir}$docdir/LICENSE.md ${pp_wrkdir}/${name}/usr/share/doc/${name}/copyright install -D -m 644 ${pp_destdir}$docdir/ChangeLog ${pp_wrkdir}/${name}/usr/share/doc/${name}/changelog gzip -9f ${pp_wrkdir}/${name}/usr/share/doc/${name}/changelog printf "$name ($pp_deb_version-$pp_deb_release) admin; urgency=low\n\n * see upstream changelog\n\n -- $pp_deb_maintainer `date '+%a, %d %b %Y %T %z'`\n" > ${pp_wrkdir}/${name}/usr/share/doc/${name}/changelog.Debian @@ -117,6 +121,10 @@ $name: unstripped-binary-or-object EOF chmod 644 ${pp_wrkdir}/${name}/usr/share/lintian/overrides/${name} + # If libssl_dep not passed in, try to figure it out + if test -z "$libssl_dep"; then + libssl_dep="`ldd $libexecdir/sudo/sudoers.so 2>&1 | sed -n 's/^[ ]*libssl\.so\([0-9.]*\).*/libssl\1/p'`" + fi %endif %if [rpm] @@ -133,10 +141,12 @@ %endif %if [macos] + pp_macos_pkg_type=flat pp_macos_bundle_id=ws.sudo.pkg.sudo-logsrvd - pp_macos_pkg_license=${pp_destdir}$docdir/LICENSE + pp_macos_pkg_background=${srcdir}/etc/macos-background.png + pp_macos_pkg_background_dark=${srcdir}/etc/macos-background.png + pp_macos_pkg_license=${pp_destdir}$docdir/LICENSE.md pp_macos_pkg_readme=${pp_wrkdir}/ReadMe.txt - pp_macos_pkg_type=flat perl -pe 'last if (/^What/i && $seen++)' ${pp_destdir}$docdir/NEWS > ${pp_wrkdir}/ReadMe.txt %endif @@ -146,6 +156,7 @@ ln -s -f ${sbindir}/sudo_logsrvd ${pp_destdir}/usr/sbin %endif +%if [!rpm,deb] # Package parent directories when not installing under /usr if test "${prefix}" != "/usr"; then extradirs=`echo ${pp_destdir}${mandir}/[mc]* | sed "s#${pp_destdir}##g"` @@ -159,6 +170,7 @@ done parentdirs=`echo $parentdirs | tr " " "\n" | sort -u` fi +%endif %depend [deb] libc6, zlib1g, sudo diff -Nru sudo-1.9.5p2/etc/sudo-python.pp sudo-1.9.9/etc/sudo-python.pp --- sudo-1.9.5p2/etc/sudo-python.pp 2021-01-09 20:12:16.000000000 +0000 +++ sudo-1.9.9/etc/sudo-python.pp 2022-01-27 21:24:22.000000000 +0000 @@ -36,6 +36,15 @@ odocdir="${docdir}" oexampledir="${exampledir}" + # docdir and exampledir are installed with "sudo" as the package + # name which may not be correct. + docdir="`echo \"${docdir}\" | sed 's#/sudo$#/'\"${name}\"'#'`" + if test "${exampledir}" = "${odocdir}/examples"; then + exampledir="${docdir}/examples" + else + exampledir="`echo \"${exampledir}\" | sed 's#/sudo$#/'\"${name}\"'#'`" + fi + # For RedHat the doc dir is expected to include version and release case "$pp_rpm_distro" in centos*|rhel*|f[0-9]*) @@ -44,11 +53,6 @@ ;; esac - # docdir and exampledir are installed with "sudo" as the package - # name which may not be correct. - docdir="`echo \"${docdir}\" | sed \"s#/sudo#/${name}#g\"`" - exampledir="`echo \"${exampledir}\" | sed \"s#/sudo#/${name}#g\"`" - # Copy docdir and exampledir to new names if needed if test ! -d "${pp_destdir}${docdir}"; then cp -R ${pp_destdir}${odocdir} ${pp_destdir}${docdir} @@ -64,7 +68,7 @@ pp_deb_release="$pp_rpm_release" pp_deb_version="$pp_rpm_version" pp_deb_section=admin - install -D -m 644 ${pp_destdir}$docdir/LICENSE ${pp_wrkdir}/${name}/usr/share/doc/${name}/copyright + install -D -m 644 ${pp_destdir}$docdir/LICENSE.md ${pp_wrkdir}/${name}/usr/share/doc/${name}/copyright install -D -m 644 ${pp_destdir}$docdir/ChangeLog ${pp_wrkdir}/${name}/usr/share/doc/${name}/changelog gzip -9f ${pp_wrkdir}/${name}/usr/share/doc/${name}/changelog printf "$name ($pp_deb_version-$pp_deb_release) admin; urgency=low\n\n * see upstream changelog\n\n -- $pp_deb_maintainer `date '+%a, %d %b %Y %T %z'`\n" > ${pp_wrkdir}/${name}/usr/share/doc/${name}/changelog.Debian @@ -95,11 +99,14 @@ %if [macos] pp_macos_pkg_type=flat pp_macos_bundle_id=ws.sudo.pkg.sudo-python - pp_macos_pkg_license=${pp_destdir}$docdir/LICENSE + pp_macos_pkg_background=${srcdir}/etc/macos-background.png + pp_macos_pkg_background_dark=${srcdir}/etc/macos-background.png + pp_macos_pkg_license=${pp_destdir}$docdir/LICENSE.md pp_macos_pkg_readme=${pp_wrkdir}/ReadMe.txt perl -pe 'last if (/^What/i && $seen++)' ${pp_destdir}$docdir/NEWS > ${pp_wrkdir}/ReadMe.txt %endif +%if [!rpm,deb] # Package parent directories when not installing under /usr if test "${prefix}" != "/usr"; then extradirs=`echo ${pp_destdir}${mandir}/[mc]* | sed "s#${pp_destdir}##g"` @@ -113,6 +120,7 @@ done parentdirs=`echo $parentdirs | tr " " "\n" | sort -u` fi +%endif %depend [deb] libc6, libpython@PYTHON_VERSION@, sudo diff -Nru sudo-1.9.5p2/etc/sudo.pp sudo-1.9.9/etc/sudo.pp --- sudo-1.9.5p2/etc/sudo.pp 2021-01-09 20:12:16.000000000 +0000 +++ sudo-1.9.9/etc/sudo.pp 2022-01-27 21:24:22.000000000 +0000 @@ -90,9 +90,6 @@ if test -n "$linux_audit"; then pp_rpm_requires="audit-libs >= $linux_audit" fi - if test -z "$libssl_dep"; then - libssl_dep="libssl1.1" - fi # The package manager will handle an existing sudoers file rm -f ${pp_destdir}$sudoersdir/sudoers.dist %else @@ -136,7 +133,7 @@ pp_deb_release="$pp_rpm_release" pp_deb_version="$pp_rpm_version" pp_deb_section=admin - install -D -m 644 ${pp_destdir}$docdir/LICENSE ${pp_wrkdir}/${name}/usr/share/doc/${name}/copyright + install -D -m 644 ${pp_destdir}$docdir/LICENSE.md ${pp_wrkdir}/${name}/usr/share/doc/${name}/copyright install -D -m 644 ${pp_destdir}$docdir/ChangeLog ${pp_wrkdir}/${name}/usr/share/doc/${name}/changelog gzip -9f ${pp_wrkdir}/${name}/usr/share/doc/${name}/changelog printf "$name ($pp_deb_version-$pp_deb_release) admin; urgency=low\n\n * see upstream changelog\n\n -- $pp_deb_maintainer `date '+%a, %d %b %Y %T %z'`\n" > ${pp_wrkdir}/${name}/usr/share/doc/${name}/changelog.Debian @@ -155,6 +152,10 @@ $name: unstripped-binary-or-object EOF chmod 644 ${pp_wrkdir}/${name}/usr/share/lintian/overrides/${name} + # If libssl_dep not passed in, try to figure it out + if test -z "$libssl_dep"; then + libssl_dep="`ldd $libexecdir/sudo/sudoers.so 2>&1 | sed -n 's/^[ ]*libssl\.so\([0-9.]*\).*/libssl\1/p'`" + fi %endif %if [rpm] @@ -299,7 +300,9 @@ %if [macos] pp_macos_pkg_type=flat pp_macos_bundle_id=ws.sudo.pkg.sudo - pp_macos_pkg_license=${pp_destdir}$docdir/LICENSE + pp_macos_pkg_background=${srcdir}/etc/macos-background.png + pp_macos_pkg_background_dark=${srcdir}/etc/macos-background.png + pp_macos_pkg_license=${pp_destdir}$docdir/LICENSE.md pp_macos_pkg_readme=${pp_wrkdir}/ReadMe.txt perl -pe 'last if (/^What/i && $seen++)' ${pp_destdir}$docdir/NEWS > ${pp_wrkdir}/ReadMe.txt %endif @@ -315,6 +318,7 @@ ln -s -f ${sbindir}/visudo ${pp_destdir}/usr/sbin %endif +%if [!rpm,deb] # Package parent directories when not installing under /usr if test "${prefix}" != "/usr"; then extradirs=`echo ${pp_destdir}${mandir}/[mc]* | sed "s#${pp_destdir}##g"` @@ -329,6 +333,7 @@ done parentdirs=`echo $parentdirs | tr " " "\n" | sort -u` fi +%endif %depend [deb] libc6, libpam0g, libpam-modules, zlib1g, libselinux1 @@ -399,7 +404,7 @@ $docdir/ 0755 $docdir/** 0644 %if [deb] - $docdir/LICENSE ignore,ignore-others + $docdir/LICENSE.md ignore,ignore-others $docdir/ChangeLog ignore,ignore-others %endif %if X"$exampledir" != X"$docdir/examples" @@ -509,7 +514,7 @@ print "On Debian we normally use gid 27 for \"sudo\".\n"; $gname = getgrgid(27); print "However, on your system gid 27 is group \"$gname\".\n\n"; - print "Would you like me to stop configuring sudo so that you can change this? [n] "; + print "Would you like me to stop configuring sudo so that you can change this? [n] "; $ans = ; if ($ans =~ /^[yY]/) { print "\"dpkg --pending --configure\" will restart the configuration.\n\n"; diff -Nru sudo-1.9.5p2/examples/Makefile.in sudo-1.9.9/examples/Makefile.in --- sudo-1.9.5p2/examples/Makefile.in 2020-12-17 01:33:43.000000000 +0000 +++ sudo-1.9.9/examples/Makefile.in 2022-01-27 21:24:22.000000000 +0000 @@ -1,7 +1,7 @@ # # SPDX-License-Identifier: ISC # -# Copyright (c) 2014, 2017-2020 Todd C. Miller +# Copyright (c) 2014, 2017-2021 Todd C. Miller # # Permission to use, copy, modify, and distribute this software for any # purpose with or without fee is hereby granted, provided that the above @@ -31,7 +31,7 @@ scriptdir = $(top_srcdir)/scripts # Our install program supports extra flags... -INSTALL = $(SHELL) $(top_srcdir)/install-sh -c +INSTALL = $(SHELL) $(scriptdir)/install-sh -c INSTALL_OWNER = -o $(install_uid) -g $(install_gid) # Where to install things... @@ -54,9 +54,9 @@ LOGSRVD_CONF = @LOGSRVD_CONF@ -EXAMPLES = $(srcdir)/pam.conf sudo.conf $(LOGSRVD_CONF) \ - $(srcdir)/sudoers $(srcdir)/syslog.conf - +EXAMPLES = $(srcdir)/cvtsudoers.conf $(srcdir)/pam.conf sudo.conf \ + $(LOGSRVD_CONF) $(srcdir)/sudoers $(srcdir)/syslog.conf + VERSION = @PACKAGE_VERSION@ PACKAGE_TARNAME = @PACKAGE_TARNAME@ @@ -91,6 +91,8 @@ install-plugin: +install-fuzzer: + uninstall: -rm -rf $(DESTDIR)$(exampledir) @@ -102,17 +104,23 @@ pvs-studio: -check: +fuzz: + +check-fuzzer: + +check: check-fuzzer clean: mostlyclean: clean distclean: clean - -rm -rf Makefile + -rm -rf Makefile sudo.conf clobber: distclean realclean: distclean cleandir: distclean + +.PHONY: clean mostlyclean distclean cleandir clobber realclean diff -Nru sudo-1.9.5p2/examples/cvtsudoers.conf sudo-1.9.9/examples/cvtsudoers.conf --- sudo-1.9.5p2/examples/cvtsudoers.conf 1970-01-01 00:00:00.000000000 +0000 +++ sudo-1.9.9/examples/cvtsudoers.conf 2022-01-27 21:24:22.000000000 +0000 @@ -0,0 +1,82 @@ +# +# Example /etc/cvtsudoers.conf file +# +# This file is optional and allows you to override the cvtsudoers +# default values. +# + +# Only convert Defaults entries of the specified types. +# One or more Defaults types may be specified, separated by a comma (','). +# The supported types are: all, global, user, runas, host, command. +#defaults = all + +# Expand aliases in input_file. Aliases are preserved by +# default when the output format is JSON or sudoers. +#expand_aliases = no + +# Use an alternate group file. When "match_local" is also enabled, perform +# group queries using the specified file instead of the system group database. +#group_file = /etc/group + +# Default input format. Only the sudoers and LDIF formats are supported. +#input_format = sudoers + +# Only output rules that match the specified filter. A filter expression +# is made up of one or more key = value pairs, separated by a comma (','). +# The key may be "cmnd" (or "cmd"), "host", "group", or "user". +#match = user=www,group=wheel + +# Match locally. If enabled, use password and group database information +# when matching users and groups in the filter. Only users and groups +# in the filter that exist on the local system will match, and a user's +# groups will automatically be added to the filter. By default, users and +# groups in the filter do not need to exist on the local system, but all +# groups used for matching must be explicitly listed in the filter. +#match_local = no + +# When generating LDIF output, increment each sudoOrder attribute by the +# specified number. Defaults to an increment of 1. +#order_increment = 1 + +# When generating LDIF output, use the number specified by "start_point" +# in the sudoOrder attribute of the first sudoRole object. Subsequent +# sudoRole object use a sudoOrder value generated by adding the +# increment set by "order_increment". Defaults to a starting point +# of 1. A starting point of 0 will disable the generation of sudoOrder +# attributes in the resulting LDIF file. +#order_start = 1 + +# Specify the default output format (case-insensitive). The following +# formats are supported: csv | json | ldif | sudoers. +# Defaults to LDIF. +#output_format = ldif + +# When generating LDIF output, construct the initial sudoOrder value +# by concatenating order_start and increment, padding the increment +# with zeros until it consists of padding digits. For example, if +# order_start is 1027, padding is 3, and increment is 1, the value +# of sudoOrder for the first entry will be 1027000, followed by +# 1027001, 1027002, etc. If the number of sudoRole entries is larger +# than the padding would allow, cvtsudoers will exit with an error. +# By default, no padding is performed. +#padding = 0 + +# Use an alternate passwd file. When "match_local" is also enabled, perform +# passwd queries using the specified file instead of the system passwd database. +#passwd_file = /etc/passwd + +# When "match_local" is also enabled, cvtsudoers will prune +# out non-matching users, groups and hosts from matching entries. +# Defaults to no. +#prune_matches = no + +# The base DN (distinguished name) that will be used when performing LDAP +# queries. If this option is not specified, the value of the SUDOERS_BASE +# environment variable will be used instead. +#sudoers_base = ou=SUDOers,dc=my-domain,dc=com + +# Suppress the output of specific sections of the security policy. +# One or more section names may be specified, separated by a comma (','). +# The supported section name are: defaults, aliases and privileges +# (which may be shortened to privs). +#suppress = defaults,aliases,privs diff -Nru sudo-1.9.5p2/examples/sudo.conf.in sudo-1.9.9/examples/sudo.conf.in --- sudo-1.9.5p2/examples/sudo.conf.in 2020-12-17 01:34:30.000000000 +0000 +++ sudo-1.9.9/examples/sudo.conf.in 2022-01-27 21:24:22.000000000 +0000 @@ -39,6 +39,21 @@ #Path devsearch /dev/pts:/dev/vt:/dev/term:/dev/zcons:/dev/pty:/dev # +# Sudo command interception: +# Path intercept /path/to/sudo_intercept.so +# +# Path to a shared library containing replacements for the execv(), +# execve() and fexecve() library functions that perform a policy check +# to verify the command is allowed and simply return an error if not. +# This is used to implement the "intercept" functionality on systems that +# support LD_PRELOAD or its equivalent. +# +# The compiled-in value is usually sufficient and should only be changed +# if you rename or move the sudo_intercept.so file. +# +#Path intercept @plugindir@/sudo_intercept.so + +# # Sudo noexec: # Path noexec /path/to/sudo_noexec.so # @@ -114,10 +129,10 @@ # Debug program /path/to/debug_log subsystem@priority[,subsyste@priority] # # Sudo and related programs support logging debug information to a file. -# The program is typically sudo, sudoers.so, sudoreplay or visudo. +# The program is typically sudo, sudoers.so, sudoreplay, or visudo. # # Subsystems vary based on the program; "all" matches all subsystems. -# Priority may be crit, err, warn, notice, diag, info, trace or debug. +# Priority may be crit, err, warn, notice, diag, info, trace, or debug. # Multiple subsystem@priority may be specified, separated by a comma. # #Debug sudo /var/log/sudo_debug all@debug diff -Nru sudo-1.9.5p2/examples/sudo_logsrvd.conf sudo-1.9.9/examples/sudo_logsrvd.conf --- sudo-1.9.5p2/examples/sudo_logsrvd.conf 2020-12-17 01:33:43.000000000 +0000 +++ sudo-1.9.9/examples/sudo_logsrvd.conf 2022-01-27 21:24:22.000000000 +0000 @@ -1,5 +1,5 @@ # -# sudo logsrv configuration +# sudo logsrv daemon configuration # [server] @@ -24,24 +24,28 @@ # The file containing the ID of the running sudo_logsrvd process. #pid_file = /var/run/sudo/sudo_logsrvd.pid -# If set, enable the SO_KEEPALIVE socket option on the connected socket. +# Where to log server warnings: none, stderr, syslog, or a path name. +#server_log = syslog + +# If true, enable the SO_KEEPALIVE socket option on client connections. +# Defaults to true. #tcp_keepalive = true # The amount of time, in seconds, the server will wait for the client to # respond. A value of 0 will disable the timeout. The default value is 30. #timeout = 30 -# If set, server certificate will be verified at server startup and -# also connecting clients will perform server authentication by -# verifying the server's certificate and identity. +# If true, the server will validate its own certificate at startup. +# Defaults to true. #tls_verify = true -# Whether to verify client certificates for TLS connections. -# By default client certs are not checked. +# If true, client certificates will be validated by the server; +# clients without a valid certificate will be unable to connect. +# By default, client certs are not checked. #tls_checkpeer = false -# Path to the certificate authority bundle file in PEM format. -# Required if 'tls_verify' or 'tls_checkpeer' is set. +# Path to a certificate authority bundle file in PEM format to use +# instead of the system's default certificate authority database. #tls_cacert = /etc/ssl/sudo/cacert.pem # Path to the server's certificate file in PEM format. @@ -66,6 +70,78 @@ # If not set, the server will use the OpenSSL defaults. #tls_dhparams = /etc/ssl/sudo/logsrvd_dhparams.pem +[relay] +# The host name or IP address and port to send logs to in relay mode. +# The syntax is identical to listen_address with the exception of +# the wild card ('*') syntax. When this setting is enabled, logs will +# be relayed to the specified host instead of being stored locally. +# This setting is not enabled by default. +#relay_host = relayhost.dom.ain +#relay_host = relayhost.dom.ain(tls) + +# The amount of time, in seconds, the server will wait for a connection +# to the relay server to complete. A value of 0 will disable the timeout. +# The default value is 30. +#connect_timeout = 30 + +# The directory to store messages in before they are sent to the relay. +# Messages are stored in wire format. +# The default value is /var/log/sudo_logsrvd. +#relay_dir = /var/log/sudo_logsrvd + +# The number of seconds to wait after a connection error before +# making a new attempt to forward a message to a relay host. +# The default value is 30. +#retry_interval = 30 + +# Whether to store the log before relaying it. If true, enable store +# and forward mode. If false, the client connection is immediately +# relayed. Defaults to false. +#store_first = true + +# If true, enable the SO_KEEPALIVE socket option on relay connections. +# Defaults to true. +#tcp_keepalive = true + +# The amount of time, in seconds, the server will wait for the relay to +# respond. A value of 0 will disable the timeout. The default value is 30. +#timeout = 30 + +# If true, the server's relay certificate will be verified at startup. +# The default is to use the value in the [server] section. +#tls_verify = true + +# Whether to verify the relay's certificate for TLS connections. +# The default is to use the value in the [server] section. +#tls_checkpeer = false + +# Path to a certificate authority bundle file in PEM format to use +# instead of the system's default certificate authority database. +# The default is to use the value in the [server] section. +#tls_cacert = /etc/ssl/sudo/cacert.pem + +# Path to the server's certificate file in PEM format. +# The default is to use the certificate in the [server] section. +#tls_cert = /etc/ssl/sudo/certs/logsrvd_cert.pem + +# Path to the server's private key file in PEM format. +# The default is to use the key in the [server] section. +#tls_key = /etc/ssl/sudo/private/logsrvd_key.pem + +# TLS cipher list (see "CIPHER LIST FORMAT" in the openssl-ciphers manual). +# NOTE that this setting is only effective if the negotiated protocol +# is TLS version 1.2. +# The default is to use the value in the [server] section. +#tls_ciphers_v12 = HIGH:!aNULL + +# TLS cipher list if the negotiated protocol is TLS version 1.3. +# The default is to use the value in the [server] section. +#tls_ciphers_v13 = TLS_AES_256_GCM_SHA384 + +# Path to the Diffie-Hellman parameter file in PEM format. +# The default is to use the value in the [server] section. +#tls_dhparams = /etc/ssl/sudo/logsrvd_dhparams.pem + [iolog] # The top-level directory to use when constructing the path name for the # I/O log directory. The session sequence number, if any, is stored here. @@ -111,11 +187,15 @@ #maxseq = 2176782336 [eventlog] -# Where to log accept, reject and alert events. +# Where to log accept, reject, exit, and alert events. # Accepted values are syslog, logfile, or none. # Defaults to syslog #log_type = syslog +# Whether to log an event when a command exits or is terminated by a signal. +# Defaults to false +#log_exit = true + # Event log format. # Supported log formats are "sudo" and "json" # Defaults to sudo @@ -148,6 +228,10 @@ # client. #alert_priority = alert +# The syslog facility to use for server warning messages. +# Defaults to daemon. +#server_facility = daemon + [logfile] # The path to the file-based event log. # This path must be fully-qualified and start with a '/' character. diff -Nru sudo-1.9.5p2/include/Makefile.in sudo-1.9.9/include/Makefile.in --- sudo-1.9.5p2/include/Makefile.in 2020-12-17 01:33:43.000000000 +0000 +++ sudo-1.9.9/include/Makefile.in 2022-01-27 21:24:06.000000000 +0000 @@ -31,7 +31,7 @@ cross_compiling = @CROSS_COMPILING@ # Our install program supports extra flags... -INSTALL = $(SHELL) $(top_srcdir)/install-sh -c +INSTALL = $(SHELL) $(scriptdir)/install-sh -c INSTALL_OWNER = -o $(install_uid) -g $(install_gid) # Where to install things... @@ -77,6 +77,8 @@ install-plugin: +install-fuzzer: + uninstall: -rm -f $(DESTDIR)$(includedir)/sudo_plugin.h @@ -88,7 +90,11 @@ pvs-studio: -check: +fuzz: + +check-fuzzer: + +check: check-fuzzer clean: @@ -102,3 +108,5 @@ realclean: distclean cleandir: distclean + +.PHONY: clean mostlyclean distclean cleandir clobber realclean diff -Nru sudo-1.9.5p2/include/compat/nss_dbdefs.h sudo-1.9.9/include/compat/nss_dbdefs.h --- sudo-1.9.5p2/include/compat/nss_dbdefs.h 2020-12-17 01:33:43.000000000 +0000 +++ sudo-1.9.9/include/compat/nss_dbdefs.h 2022-01-27 21:24:06.000000000 +0000 @@ -35,7 +35,8 @@ typedef enum { NSS_SUCCESS, NSS_NOTFOUND, - NSS_UNAVAIL + NSS_UNAVAIL, + NSS_TRYAGAIN } nss_status_t; typedef struct nss_db_params { @@ -55,19 +56,20 @@ gid_t *gid_array; int maxgids; int force_slow_way; - int (*str2ent)(const char *, int, void *, char *, int); - nss_status_t (*process_cstr)(const char *, int, struct nss_groupsbymem *); + int (*str2ent)(const char *instr, int instr_len, void *ent, char *buffer, int buflen); + nss_status_t (*process_cstr)(const char *instr, int instr_len, struct nss_groupsbymem *); int numgids; }; typedef struct { void *result; /* group struct to fill in. */ char *buffer; /* string buffer for above */ - size_t buflen; /* string buffer size */ + int buflen; /* string buffer size */ } nss_XbyY_buf_t; +struct nss_db_state; typedef struct { - void *state; /* really struct nss_db_state * */ + struct nss_db_state *s; #ifdef NEED_HPUX_MUTEX lwp_mutex_t lock; #endif @@ -78,7 +80,7 @@ #else # define NSS_DB_ROOT_INIT { 0 } #endif -# define DEFINE_NSS_DB_ROOT(name) nss_db_root_t name = NSS_DB_ROOT_INIT +#define DEFINE_NSS_DB_ROOT(name) nss_db_root_t name = NSS_DB_ROOT_INIT /* Backend function to find all groups a user belongs to for initgroups(). */ #define NSS_DBOP_GROUP_BYMEMBER 6 @@ -101,8 +103,8 @@ #endif typedef void (*nss_db_initf_t)(nss_db_params_t *); -extern nss_status_t nss_search(nss_db_root_t *, nss_db_initf_t, int, void *); -extern nss_XbyY_buf_t *_nss_XbyY_buf_alloc(int, int); +extern nss_status_t nss_search(nss_db_root_t *, nss_db_initf_t, int search_fnum, void *search_args); +extern nss_XbyY_buf_t *_nss_XbyY_buf_alloc(int struct_size, int buffer_size); extern void _nss_XbyY_buf_free(nss_XbyY_buf_t *); #endif /* COMPAT_NSS_DBDEFS_H */ diff -Nru sudo-1.9.5p2/include/intercept.pb-c.h sudo-1.9.9/include/intercept.pb-c.h --- sudo-1.9.5p2/include/intercept.pb-c.h 1970-01-01 00:00:00.000000000 +0000 +++ sudo-1.9.9/include/intercept.pb-c.h 2022-01-27 21:24:06.000000000 +0000 @@ -0,0 +1,367 @@ +/* Generated by the protocol buffer compiler. DO NOT EDIT! */ +/* Generated from: intercept.proto */ + +#ifndef PROTOBUF_C_intercept_2eproto__INCLUDED +#define PROTOBUF_C_intercept_2eproto__INCLUDED + +#include + +PROTOBUF_C__BEGIN_DECLS + +#if PROTOBUF_C_VERSION_NUMBER < 1003000 +# error This file was generated by a newer version of protoc-c which is incompatible with your libprotobuf-c headers. Please update your headers. +#elif 1003003 < PROTOBUF_C_MIN_COMPILER_VERSION +# error This file was generated by an older version of protoc-c which is incompatible with your libprotobuf-c headers. Please regenerate this file with a newer version of protoc-c. +#endif + + +typedef struct _InterceptRequest InterceptRequest; +typedef struct _InterceptHello InterceptHello; +typedef struct _HelloResponse HelloResponse; +typedef struct _PolicyCheckRequest PolicyCheckRequest; +typedef struct _PolicyAcceptMessage PolicyAcceptMessage; +typedef struct _PolicyRejectMessage PolicyRejectMessage; +typedef struct _PolicyErrorMessage PolicyErrorMessage; +typedef struct _InterceptResponse InterceptResponse; + + +/* --- enums --- */ + + +/* --- messages --- */ + +typedef enum { + INTERCEPT_REQUEST__TYPE__NOT_SET = 0, + INTERCEPT_REQUEST__TYPE_POLICY_CHECK_REQ = 1, + INTERCEPT_REQUEST__TYPE_HELLO = 2 + PROTOBUF_C__FORCE_ENUM_TO_BE_INT_SIZE(INTERCEPT_REQUEST__TYPE) +} InterceptRequest__TypeCase; + +/* + * Intercept message from sudo_intercept.so. Messages on the + * wire are prefixed with a 32-bit size in network byte order. + */ +struct _InterceptRequest +{ + ProtobufCMessage base; + InterceptRequest__TypeCase type_case; + union { + PolicyCheckRequest *policy_check_req; + InterceptHello *hello; + } u; +}; +#define INTERCEPT_REQUEST__INIT \ + { PROTOBUF_C_MESSAGE_INIT (&intercept_request__descriptor) \ + , INTERCEPT_REQUEST__TYPE__NOT_SET, {0} } + + +/* + * Hello message from sudo_intercept.so to main sudo process. + * Sudo sends back the token and localhost port number. + */ +struct _InterceptHello +{ + ProtobufCMessage base; + int32_t pid; +}; +#define INTERCEPT_HELLO__INIT \ + { PROTOBUF_C_MESSAGE_INIT (&intercept_hello__descriptor) \ + , 0 } + + +/* + * Sudo response to an InterceptHello from sudo_intercept.so. + * The client uses the port number and token to connect back to sudo. + */ +struct _HelloResponse +{ + ProtobufCMessage base; + uint64_t token_lo; + uint64_t token_hi; + int32_t portno; +}; +#define HELLO_RESPONSE__INIT \ + { PROTOBUF_C_MESSAGE_INIT (&hello_response__descriptor) \ + , 0, 0, 0 } + + +/* + * Policy check request from sudo_intercept.so. + * Note that the plugin API only currently supports passing + * the new environment in to the open() function. + */ +struct _PolicyCheckRequest +{ + ProtobufCMessage base; + char *command; + char *cwd; + size_t n_argv; + char **argv; + size_t n_envp; + char **envp; + int32_t intercept_fd; +}; +#define POLICY_CHECK_REQUEST__INIT \ + { PROTOBUF_C_MESSAGE_INIT (&policy_check_request__descriptor) \ + , (char *)protobuf_c_empty_string, (char *)protobuf_c_empty_string, 0,NULL, 0,NULL, 0 } + + +struct _PolicyAcceptMessage +{ + ProtobufCMessage base; + char *run_command; + size_t n_run_argv; + char **run_argv; + size_t n_run_envp; + char **run_envp; +}; +#define POLICY_ACCEPT_MESSAGE__INIT \ + { PROTOBUF_C_MESSAGE_INIT (&policy_accept_message__descriptor) \ + , (char *)protobuf_c_empty_string, 0,NULL, 0,NULL } + + +struct _PolicyRejectMessage +{ + ProtobufCMessage base; + char *reject_message; +}; +#define POLICY_REJECT_MESSAGE__INIT \ + { PROTOBUF_C_MESSAGE_INIT (&policy_reject_message__descriptor) \ + , (char *)protobuf_c_empty_string } + + +struct _PolicyErrorMessage +{ + ProtobufCMessage base; + char *error_message; +}; +#define POLICY_ERROR_MESSAGE__INIT \ + { PROTOBUF_C_MESSAGE_INIT (&policy_error_message__descriptor) \ + , (char *)protobuf_c_empty_string } + + +typedef enum { + INTERCEPT_RESPONSE__TYPE__NOT_SET = 0, + INTERCEPT_RESPONSE__TYPE_HELLO_RESP = 1, + INTERCEPT_RESPONSE__TYPE_ACCEPT_MSG = 2, + INTERCEPT_RESPONSE__TYPE_REJECT_MSG = 3, + INTERCEPT_RESPONSE__TYPE_ERROR_MSG = 4 + PROTOBUF_C__FORCE_ENUM_TO_BE_INT_SIZE(INTERCEPT_RESPONSE__TYPE) +} InterceptResponse__TypeCase; + +/* + * Response sent back to sudo_intercept.so. + */ +struct _InterceptResponse +{ + ProtobufCMessage base; + InterceptResponse__TypeCase type_case; + union { + HelloResponse *hello_resp; + PolicyAcceptMessage *accept_msg; + PolicyRejectMessage *reject_msg; + PolicyErrorMessage *error_msg; + } u; +}; +#define INTERCEPT_RESPONSE__INIT \ + { PROTOBUF_C_MESSAGE_INIT (&intercept_response__descriptor) \ + , INTERCEPT_RESPONSE__TYPE__NOT_SET, {0} } + + +/* InterceptRequest methods */ +void intercept_request__init + (InterceptRequest *message); +size_t intercept_request__get_packed_size + (const InterceptRequest *message); +size_t intercept_request__pack + (const InterceptRequest *message, + uint8_t *out); +size_t intercept_request__pack_to_buffer + (const InterceptRequest *message, + ProtobufCBuffer *buffer); +InterceptRequest * + intercept_request__unpack + (ProtobufCAllocator *allocator, + size_t len, + const uint8_t *data); +void intercept_request__free_unpacked + (InterceptRequest *message, + ProtobufCAllocator *allocator); +/* InterceptHello methods */ +void intercept_hello__init + (InterceptHello *message); +size_t intercept_hello__get_packed_size + (const InterceptHello *message); +size_t intercept_hello__pack + (const InterceptHello *message, + uint8_t *out); +size_t intercept_hello__pack_to_buffer + (const InterceptHello *message, + ProtobufCBuffer *buffer); +InterceptHello * + intercept_hello__unpack + (ProtobufCAllocator *allocator, + size_t len, + const uint8_t *data); +void intercept_hello__free_unpacked + (InterceptHello *message, + ProtobufCAllocator *allocator); +/* HelloResponse methods */ +void hello_response__init + (HelloResponse *message); +size_t hello_response__get_packed_size + (const HelloResponse *message); +size_t hello_response__pack + (const HelloResponse *message, + uint8_t *out); +size_t hello_response__pack_to_buffer + (const HelloResponse *message, + ProtobufCBuffer *buffer); +HelloResponse * + hello_response__unpack + (ProtobufCAllocator *allocator, + size_t len, + const uint8_t *data); +void hello_response__free_unpacked + (HelloResponse *message, + ProtobufCAllocator *allocator); +/* PolicyCheckRequest methods */ +void policy_check_request__init + (PolicyCheckRequest *message); +size_t policy_check_request__get_packed_size + (const PolicyCheckRequest *message); +size_t policy_check_request__pack + (const PolicyCheckRequest *message, + uint8_t *out); +size_t policy_check_request__pack_to_buffer + (const PolicyCheckRequest *message, + ProtobufCBuffer *buffer); +PolicyCheckRequest * + policy_check_request__unpack + (ProtobufCAllocator *allocator, + size_t len, + const uint8_t *data); +void policy_check_request__free_unpacked + (PolicyCheckRequest *message, + ProtobufCAllocator *allocator); +/* PolicyAcceptMessage methods */ +void policy_accept_message__init + (PolicyAcceptMessage *message); +size_t policy_accept_message__get_packed_size + (const PolicyAcceptMessage *message); +size_t policy_accept_message__pack + (const PolicyAcceptMessage *message, + uint8_t *out); +size_t policy_accept_message__pack_to_buffer + (const PolicyAcceptMessage *message, + ProtobufCBuffer *buffer); +PolicyAcceptMessage * + policy_accept_message__unpack + (ProtobufCAllocator *allocator, + size_t len, + const uint8_t *data); +void policy_accept_message__free_unpacked + (PolicyAcceptMessage *message, + ProtobufCAllocator *allocator); +/* PolicyRejectMessage methods */ +void policy_reject_message__init + (PolicyRejectMessage *message); +size_t policy_reject_message__get_packed_size + (const PolicyRejectMessage *message); +size_t policy_reject_message__pack + (const PolicyRejectMessage *message, + uint8_t *out); +size_t policy_reject_message__pack_to_buffer + (const PolicyRejectMessage *message, + ProtobufCBuffer *buffer); +PolicyRejectMessage * + policy_reject_message__unpack + (ProtobufCAllocator *allocator, + size_t len, + const uint8_t *data); +void policy_reject_message__free_unpacked + (PolicyRejectMessage *message, + ProtobufCAllocator *allocator); +/* PolicyErrorMessage methods */ +void policy_error_message__init + (PolicyErrorMessage *message); +size_t policy_error_message__get_packed_size + (const PolicyErrorMessage *message); +size_t policy_error_message__pack + (const PolicyErrorMessage *message, + uint8_t *out); +size_t policy_error_message__pack_to_buffer + (const PolicyErrorMessage *message, + ProtobufCBuffer *buffer); +PolicyErrorMessage * + policy_error_message__unpack + (ProtobufCAllocator *allocator, + size_t len, + const uint8_t *data); +void policy_error_message__free_unpacked + (PolicyErrorMessage *message, + ProtobufCAllocator *allocator); +/* InterceptResponse methods */ +void intercept_response__init + (InterceptResponse *message); +size_t intercept_response__get_packed_size + (const InterceptResponse *message); +size_t intercept_response__pack + (const InterceptResponse *message, + uint8_t *out); +size_t intercept_response__pack_to_buffer + (const InterceptResponse *message, + ProtobufCBuffer *buffer); +InterceptResponse * + intercept_response__unpack + (ProtobufCAllocator *allocator, + size_t len, + const uint8_t *data); +void intercept_response__free_unpacked + (InterceptResponse *message, + ProtobufCAllocator *allocator); +/* --- per-message closures --- */ + +typedef void (*InterceptRequest_Closure) + (const InterceptRequest *message, + void *closure_data); +typedef void (*InterceptHello_Closure) + (const InterceptHello *message, + void *closure_data); +typedef void (*HelloResponse_Closure) + (const HelloResponse *message, + void *closure_data); +typedef void (*PolicyCheckRequest_Closure) + (const PolicyCheckRequest *message, + void *closure_data); +typedef void (*PolicyAcceptMessage_Closure) + (const PolicyAcceptMessage *message, + void *closure_data); +typedef void (*PolicyRejectMessage_Closure) + (const PolicyRejectMessage *message, + void *closure_data); +typedef void (*PolicyErrorMessage_Closure) + (const PolicyErrorMessage *message, + void *closure_data); +typedef void (*InterceptResponse_Closure) + (const InterceptResponse *message, + void *closure_data); + +/* --- services --- */ + + +/* --- descriptors --- */ + +extern const ProtobufCMessageDescriptor intercept_request__descriptor; +extern const ProtobufCMessageDescriptor intercept_hello__descriptor; +extern const ProtobufCMessageDescriptor hello_response__descriptor; +extern const ProtobufCMessageDescriptor policy_check_request__descriptor; +extern const ProtobufCMessageDescriptor policy_accept_message__descriptor; +extern const ProtobufCMessageDescriptor policy_reject_message__descriptor; +extern const ProtobufCMessageDescriptor policy_error_message__descriptor; +extern const ProtobufCMessageDescriptor intercept_response__descriptor; + +PROTOBUF_C__END_DECLS + + +#endif /* PROTOBUF_C_intercept_2eproto__INCLUDED */ diff -Nru sudo-1.9.5p2/include/log_server.pb-c.h sudo-1.9.9/include/log_server.pb-c.h --- sudo-1.9.5p2/include/log_server.pb-c.h 2020-12-17 01:33:43.000000000 +0000 +++ sudo-1.9.9/include/log_server.pb-c.h 2022-01-27 21:24:06.000000000 +0000 @@ -429,10 +429,14 @@ */ size_t n_servers; char **servers; + /* + * flag: server supports sub-commands + */ + protobuf_c_boolean subcommands; }; #define SERVER_HELLO__INIT \ { PROTOBUF_C_MESSAGE_INIT (&server_hello__descriptor) \ - , (char *)protobuf_c_empty_string, (char *)protobuf_c_empty_string, 0,NULL } + , (char *)protobuf_c_empty_string, (char *)protobuf_c_empty_string, 0,NULL, 0 } /* ClientMessage methods */ diff -Nru sudo-1.9.5p2/include/sudo_compat.h sudo-1.9.9/include/sudo_compat.h --- sudo-1.9.5p2/include/sudo_compat.h 2021-01-09 20:12:16.000000000 +0000 +++ sudo-1.9.9/include/sudo_compat.h 2022-01-27 21:24:22.000000000 +0000 @@ -24,7 +24,8 @@ #ifndef SUDO_COMPAT_H #define SUDO_COMPAT_H -#include /* for gid_t, mode_t, size_t, ssize_t, uid_t */ +#include /* for gid_t, mode_t, size_t, ssize_t, time_t, uid_t */ +#include /* to avoid problems with mismatched headers and libc */ #include #if !defined(HAVE_VSNPRINTF) || !defined(HAVE_VASPRINTF) || \ !defined(HAVE_VSYSLOG) || defined(PREFER_PORTABLE_SNPRINTF) @@ -91,14 +92,34 @@ /* * Pre-C99 compilers may lack a va_copy macro. */ -#ifndef va_copy -# ifdef __va_copy +#ifndef HAVE_VA_COPY +# ifdef HAVE___VA_COPY # define va_copy(d, s) __va_copy(d, s) # else # define va_copy(d, s) memcpy(&(d), &(s), sizeof(d)); # endif #endif +#ifndef CMSG_ALIGN +# define CMSG_ALIGN(p) \ + (((size_t)(p) + sizeof(size_t) - 1) & ~(sizeof(size_t) - 1)) +#endif + +/* Length of the contents of a control message of length len. */ +#ifndef CMSG_LEN +# define CMSG_LEN(len) (CMSG_ALIGN(sizeof(struct cmsghdr)) + (len)) +#endif + +/* Length of the space taken up by a padded control message of length len. */ +#ifndef CMSG_SPACE +# define CMSG_SPACE(len) (CMSG_ALIGN(sizeof(struct cmsghdr)) + CMSG_ALIGN(len)) +#endif + +/* Given a pointer to struct cmsghdr, return a pointer to data. */ +#ifndef CMSG_DATA +# define CMSG_DATA(cmsg) ((unsigned char *)(cmsg) + CMSG_ALIGN(sizeof(struct cmsghdr))) +#endif + /* * Some systems lack full limit definitions. */ @@ -134,6 +155,10 @@ # endif #endif +#if defined(HAVE_DECL_SSIZE_MAX) && !HAVE_DECL_SSIZE_MAX +# define SIZE_MAX LONG_MAX +#endif + #if defined(HAVE_DECL_PATH_MAX) && !HAVE_DECL_PATH_MAX # if defined(HAVE_DECL__POSIX_PATH_MAX) && HAVE_DECL__POSIX_PATH_MAX # define PATH_MAX _POSIX_PATH_MAX @@ -142,48 +167,12 @@ # endif #endif -/* - * POSIX versions for those without... - */ -#ifndef _S_IFMT -# define _S_IFMT S_IFMT -#endif /* _S_IFMT */ -#ifndef _S_IFREG -# define _S_IFREG S_IFREG -#endif /* _S_IFREG */ -#ifndef _S_IFDIR -# define _S_IFDIR S_IFDIR -#endif /* _S_IFDIR */ -#ifndef _S_IFLNK -# define _S_IFLNK S_IFLNK -#endif /* _S_IFLNK */ -#ifndef _S_IFIFO -# define _S_IFIFO S_IFIFO -#endif /* _S_IFIFO */ -#ifndef S_ISREG -# define S_ISREG(m) (((m) & _S_IFMT) == _S_IFREG) -#endif /* S_ISREG */ -#ifndef S_ISDIR -# define S_ISDIR(m) (((m) & _S_IFMT) == _S_IFDIR) -#endif /* S_ISDIR */ -#ifndef S_ISLNK -# define S_ISLNK(m) (((m) & _S_IFMT) == _S_IFLNK) -#endif /* S_ISLNK */ -#ifndef S_ISFIFO -# define S_ISFIFO(m) (((m) & _S_IFMT) == _S_IFIFO) -#endif /* S_ISLNK */ -#ifndef S_ISTXT -# define S_ISTXT 0001000 -#endif /* S_ISTXT */ - -/* - * ACCESSPERMS (00777) and ALLPERMS (07777) are handy BSDisms - */ +/* ACCESSPERMS and ALLPERMS are handy BSDisms. */ #ifndef ACCESSPERMS -# define ACCESSPERMS (S_IRWXU|S_IRWXG|S_IRWXO) +# define ACCESSPERMS 00777 #endif /* ACCESSPERMS */ #ifndef ALLPERMS -# define ALLPERMS (S_ISUID|S_ISGID|S_ISTXT|S_IRWXU|S_IRWXG|S_IRWXO) +# define ALLPERMS 07777 #endif /* ALLPERMS */ /* For futimens() and utimensat() emulation. */ @@ -359,17 +348,23 @@ #endif /* - * HP-UX 11.00 has broken pread/pwrite that can't handle a 64-bit off_t - * on 32-bit machines. + * HP-UX 11.00 has broken pread/pwrite on 32-bit machines when + * _FILE_OFFSET_BITS == 64. Use pread64/pwrite64 instead. */ #if defined(__hpux) && !defined(__LP64__) # ifdef HAVE_PREAD64 # undef pread # define pread(_a, _b, _c, _d) pread64((_a), (_b), (_c), (_d)) +# if defined(HAVE_DECL_PREAD64) && !HAVE_DECL_PREAD64 + ssize_t pread64(int fd, void *buf, size_t nbytes, off64_t offset); +# endif # endif # ifdef HAVE_PWRITE64 # undef pwrite # define pwrite(_a, _b, _c, _d) pwrite64((_a), (_b), (_c), (_d)) +# if defined(HAVE_DECL_PWRITE64) && !HAVE_DECL_PWRITE64 + ssize_t pwrite64(int fd, const void *buf, size_t nbytes, off64_t offset); +# endif # endif #endif /* __hpux && !__LP64__ */ @@ -383,20 +378,17 @@ /* * Compatibility defines for OpenSSL 1.0.2 (not needed for 1.1.x) */ -#if defined(HAVE_OPENSSL) +#if defined(HAVE_OPENSSL) && !defined(HAVE_WOLFSSL) # ifndef HAVE_X509_STORE_CTX_GET0_CERT # define X509_STORE_CTX_get0_cert(x) ((x)->cert) # endif # ifndef HAVE_ASN1_STRING_GET0_DATA # define ASN1_STRING_get0_data(x) ASN1_STRING_data(x) # endif -# ifndef HAVE_TLS_CLIENT_METHOD -# define TLS_client_method() SSLv23_client_method() -# endif -# ifndef HAVE_TLS_SERVER_METHOD -# define TLS_server_method() SSLv23_server_method() +# ifndef HAVE_TLS_METHOD +# define TLS_method() SSLv23_method() # endif -#endif /* HAVE_OPENSSL */ +#endif /* HAVE_OPENSSL && !HAVE_WOLFSSL */ /* * Functions "missing" from libc. @@ -407,6 +399,7 @@ struct stat; struct timespec; struct termios; +struct tm; #ifndef HAVE_CFMAKERAW sudo_dso_public void sudo_cfmakeraw(struct termios *term); @@ -456,7 +449,25 @@ sudo_dso_public void sudo_endusershell(void); # undef endusershell # define endusershell() sudo_endusershell() +#elif HAVE_DECL_GETUSERSHELL == 0 +/* Older Solaris has getusershell() et al but does not declare it. */ +char *getusershell(void); +void setusershell(void); +void endusershell(void); #endif /* HAVE_GETUSERSHELL */ +#ifndef HAVE_GMTIME_R +sudo_dso_public struct tm *sudo_gmtime_r(const time_t *, struct tm *); +# undef gmtime_r +# define gmtime_r(_a, _b) sudo_gmtime_r((_a), (_b)) +#endif /* HAVE_GMTIME_R */ +#ifndef HAVE_LOCALTIME_R +sudo_dso_public struct tm *sudo_localtime_r(const time_t *, struct tm *); +# undef localtime_r +# define localtime_r(_a, _b) sudo_localtime_r((_a), (_b)) +#endif /* HAVE_LOCALTIME_R */ +#ifndef HAVE_TIMEGM +sudo_dso_public time_t sudo_timegm(struct tm *); +#endif /* HAVE_TIMEGM */ #ifndef HAVE_UTIMENSAT sudo_dso_public int sudo_utimensat(int fd, const char *file, const struct timespec *times, int flag); # undef utimensat @@ -522,6 +533,11 @@ # undef memrchr # define memrchr(_a, _b, _c) sudo_memrchr((_a), (_b), (_c)) #endif /* HAVE_MEMRCHR */ +#ifndef HAVE_MKDIRAT +sudo_dso_public int sudo_mkdirat(int dfd, const char *path, mode_t mode); +# undef mkdirat +# define mkdirat(_a, _b, _c) sudo_mkdirat((_a), (_b), (_c)) +#endif /* HAVE_MKDIRAT */ #if !defined(HAVE_MKDTEMP) || !defined(HAVE_MKSTEMPS) sudo_dso_public char *sudo_mkdtemp(char *path); # undef mkdtemp @@ -585,11 +601,6 @@ # undef reallocarray # define reallocarray(_a, _b, _c) sudo_reallocarray((_a), (_b), (_c)) #endif /* HAVE_REALLOCARRAY */ -#ifndef HAVE_VSYSLOG -sudo_dso_public void sudo_vsyslog(int pri, const char *fmt, va_list ap); -# undef vsyslog -# define vsyslog(_a, _b, _c) sudo_vsyslog((_a), (_b), (_c)) -#endif /* HAVE_VSYSLOG */ #ifndef HAVE_DUP3 sudo_dso_public int sudo_dup3(int oldd, int newd, int flags); # undef dup3 @@ -601,12 +612,12 @@ # define pipe2(_a, _b) sudo_pipe2((_a), (_b)) #endif /* HAVE_PIPE2 */ #ifndef HAVE_PREAD -sudo_dso_public int sudo_pread(int fd, void *buf, size_t nbytes, off_t offset); +sudo_dso_public ssize_t sudo_pread(int fd, void *buf, size_t nbytes, off_t offset); # undef pread # define pread(_a, _b, _c, _d) sudo_pread((_a), (_b), (_c), (_d)) #endif /* HAVE_PREAD */ #ifndef HAVE_PWRITE -sudo_dso_public int sudo_pwrite(int fd, const void *buf, size_t nbytes, off_t offset); +sudo_dso_public ssize_t sudo_pwrite(int fd, const void *buf, size_t nbytes, off_t offset); # undef pwrite # define pwrite(_a, _b, _c, _d) sudo_pwrite((_a), (_b), (_c), (_d)) #endif /* HAVE_PWRITE */ diff -Nru sudo-1.9.5p2/include/sudo_conf.h sudo-1.9.9/include/sudo_conf.h --- sudo-1.9.5p2/include/sudo_conf.h 2020-12-17 01:33:43.000000000 +0000 +++ sudo-1.9.9/include/sudo_conf.h 2022-01-27 21:24:06.000000000 +0000 @@ -1,7 +1,7 @@ /* * SPDX-License-Identifier: ISC * - * Copyright (c) 2011-2014 Todd C. Miller + * Copyright (c) 2011-2017, 2019-2021 Todd C. Miller * * Permission to use, copy, modify, and distribute this software for any * purpose with or without fee is hereby granted, provided that the above @@ -65,6 +65,7 @@ /* Accessor functions. */ sudo_dso_public const char *sudo_conf_askpass_path_v1(void); sudo_dso_public const char *sudo_conf_sesh_path_v1(void); +sudo_dso_public const char *sudo_conf_intercept_path_v1(void); sudo_dso_public const char *sudo_conf_noexec_path_v1(void); sudo_dso_public const char *sudo_conf_plugin_dir_path_v1(void); sudo_dso_public const char *sudo_conf_devsearch_path_v1(void); @@ -79,6 +80,7 @@ sudo_dso_public void sudo_conf_clear_paths_v1(void); #define sudo_conf_askpass_path() sudo_conf_askpass_path_v1() #define sudo_conf_sesh_path() sudo_conf_sesh_path_v1() +#define sudo_conf_intercept_path() sudo_conf_intercept_path_v1() #define sudo_conf_noexec_path() sudo_conf_noexec_path_v1() #define sudo_conf_plugin_dir_path() sudo_conf_plugin_dir_path_v1() #define sudo_conf_devsearch_path() sudo_conf_devsearch_path_v1() diff -Nru sudo-1.9.5p2/include/sudo_debug.h sudo-1.9.9/include/sudo_debug.h --- sudo-1.9.5p2/include/sudo_debug.h 2020-12-17 01:33:43.000000000 +0000 +++ sudo-1.9.9/include/sudo_debug.h 2022-01-27 21:24:06.000000000 +0000 @@ -267,6 +267,7 @@ sudo_dso_public void sudo_debug_printf2_v1(const char *func, const char *file, int line, int level, const char *fmt, ...) __printf0like(5, 6); sudo_dso_public void sudo_debug_printf_nvm_v1(int pri, const char *fmt, ...) __printf0like(2, 3); sudo_dso_public int sudo_debug_register_v1(const char *program, const char *const subsystems[], unsigned int ids[], struct sudo_conf_debug_file_list *debug_files); +sudo_dso_public int sudo_debug_register_v2(const char *program, const char *const subsystems[], unsigned int ids[], struct sudo_conf_debug_file_list *debug_files, int minfd); sudo_dso_public int sudo_debug_set_active_instance_v1(int inst); sudo_dso_public void sudo_debug_update_fd_v1(int ofd, int nfd); sudo_dso_public void sudo_debug_vprintf2_v1(const char *func, const char *file, int line, int level, const char *fmt, va_list ap) __printf0like(5, 0); @@ -295,7 +296,7 @@ #define sudo_debug_parse_flags(_a, _b) sudo_debug_parse_flags_v1((_a), (_b)) #define sudo_debug_printf2 sudo_debug_printf2_v1 #define sudo_debug_printf_nvm sudo_debug_printf_nvm_v1 -#define sudo_debug_register(_a, _b, _c, _d) sudo_debug_register_v1((_a), (_b), (_c), (_d)) +#define sudo_debug_register(_a, _b, _c, _d, _e) sudo_debug_register_v2((_a), (_b), (_c), (_d), (_e)) #define sudo_debug_set_active_instance(_a) sudo_debug_set_active_instance_v1((_a)) #define sudo_debug_update_fd(_a, _b) sudo_debug_update_fd_v1((_a), (_b)) #define sudo_debug_vprintf2(_a, _b, _c, _d, _e, _f) sudo_debug_vprintf2_v1((_a), (_b), (_c), (_d), (_e), (_f)) diff -Nru sudo-1.9.5p2/include/sudo_eventlog.h sudo-1.9.9/include/sudo_eventlog.h --- sudo-1.9.5p2/include/sudo_eventlog.h 2020-12-17 01:33:43.000000000 +0000 +++ sudo-1.9.9/include/sudo_eventlog.h 2022-01-27 21:24:22.000000000 +0000 @@ -1,7 +1,7 @@ /* * SPDX-License-Identifier: ISC * - * Copyright (c) 2020 Todd C. Miller + * Copyright (c) 2020-2021 Todd C. Miller * * Permission to use, copy, modify, and distribute this software for any * purpose with or without fee is hereby granted, provided that the above @@ -31,6 +31,7 @@ enum event_type { EVLOG_ACCEPT, EVLOG_REJECT, + EVLOG_EXIT, EVLOG_ALERT }; @@ -66,7 +67,7 @@ #define EVENTLOG_INDENT " " /* - * Event log config, used with eventlog_setconf() + * Event log config, used with eventlog_getconf() */ struct eventlog_config { int type; @@ -101,6 +102,8 @@ char *runcwd; char *rungroup; char *runuser; + char *peeraddr; + char *signal_name; char *submithost; char *submituser; char *submitgroup; @@ -109,11 +112,16 @@ char **env_add; char **envp; struct timespec submit_time; + struct timespec iolog_offset; + struct timespec run_time; + int exit_value; int lines; int columns; uid_t runuid; gid_t rungid; + bool dumped_core; char sessid[7]; + char uuid_str[37]; }; /* Callback from eventlog code to write log info */ @@ -121,6 +129,7 @@ typedef bool (*eventlog_json_callback_t)(struct json_container *, void *); bool eventlog_accept(const struct eventlog *evlog, int flags, eventlog_json_callback_t info_cb, void *info); +bool eventlog_exit(const struct eventlog *evlog, int flags); bool eventlog_alert(const struct eventlog *evlog, int flags, struct timespec *alert_time, const char *reason, const char *errstr); bool eventlog_reject(const struct eventlog *evlog, int flags, const char *reason, eventlog_json_callback_t info_cb, void *info); bool eventlog_store_json(struct json_container *json, const struct eventlog *evlog); @@ -144,5 +153,6 @@ void eventlog_set_mailsub(const char *subject); void eventlog_set_open_log(FILE *(*fn)(int type, const char *)); void eventlog_set_close_log(void (*fn)(int type, FILE *)); +const struct eventlog_config *eventlog_getconf(void); #endif /* SUDO_EVENTLOG_H */ diff -Nru sudo-1.9.5p2/include/sudo_iolog.h sudo-1.9.9/include/sudo_iolog.h --- sudo-1.9.5p2/include/sudo_iolog.h 2020-12-17 01:33:43.000000000 +0000 +++ sudo-1.9.9/include/sudo_iolog.h 2022-01-27 21:24:22.000000000 +0000 @@ -101,6 +101,7 @@ int iolog_read_timing_record(struct iolog_file *iol, struct timing_closure *timing); struct eventlog *iolog_parse_loginfo(int dfd, const char *iolog_dir); bool iolog_parse_loginfo_json(FILE *fp, const char *iolog_dir, struct eventlog *evlog); +bool iolog_parse_loginfo_legacy(FILE *fp, const char *iolog_dir, struct eventlog *evlog); void iolog_adjust_delay(struct timespec *delay, struct timespec *max_delay, double scale_factor); /* iolog_fileio.c */ @@ -110,9 +111,8 @@ bool iolog_eof(struct iolog_file *iol); bool iolog_mkdtemp(char *path); bool iolog_mkpath(char *path); -bool iolog_nextid(char *iolog_dir, char sessid[7]); +bool iolog_nextid(const char *iolog_dir, char sessid[7]); bool iolog_open(struct iolog_file *iol, int dfd, int iofd, const char *mode); -bool iolog_rename(const char *from, const char *to); bool iolog_write_info_file(int dfd, struct eventlog *evlog); char *iolog_gets(struct iolog_file *iol, char *buf, size_t nbytes, const char **errsttr); const char *iolog_fd_to_name(int iofd); @@ -121,7 +121,15 @@ ssize_t iolog_read(struct iolog_file *iol, void *buf, size_t nbytes, const char **errstr); ssize_t iolog_write(struct iolog_file *iol, const void *buf, size_t len, const char **errstr); void iolog_clearerr(struct iolog_file *iol); +bool iolog_flush(struct iolog_file *iol, const char **errstr); void iolog_rewind(struct iolog_file *iol); +unsigned int iolog_get_maxseq(void); +uid_t iolog_get_uid(void); +gid_t iolog_get_gid(void); +mode_t iolog_get_file_mode(void); +mode_t iolog_get_dir_mode(void); +bool iolog_get_compress(void); +bool iolog_get_flush(void); void iolog_set_compress(bool); void iolog_set_defaults(void); void iolog_set_flush(bool); @@ -129,5 +137,7 @@ void iolog_set_maxseq(unsigned int maxval); void iolog_set_mode(mode_t mode); void iolog_set_owner(uid_t uid, uid_t gid); +bool iolog_swapids(bool restore); +bool iolog_mkdirs(char *path); #endif /* SUDO_IOLOG_H */ diff -Nru sudo-1.9.5p2/include/sudo_plugin.h sudo-1.9.9/include/sudo_plugin.h --- sudo-1.9.5p2/include/sudo_plugin.h 2020-12-17 01:33:43.000000000 +0000 +++ sudo-1.9.9/include/sudo_plugin.h 2022-01-27 21:24:22.000000000 +0000 @@ -21,7 +21,7 @@ /* API version major/minor */ #define SUDO_API_VERSION_MAJOR 1 -#define SUDO_API_VERSION_MINOR 17 +#define SUDO_API_VERSION_MINOR 18 #define SUDO_API_MKVERSION(x, y) (((x) << 16) | (y)) #define SUDO_API_VERSION SUDO_API_MKVERSION(SUDO_API_VERSION_MAJOR, SUDO_API_VERSION_MINOR) diff -Nru sudo-1.9.5p2/include/sudo_util.h sudo-1.9.9/include/sudo_util.h --- sudo-1.9.5p2/include/sudo_util.h 2021-01-09 20:12:16.000000000 +0000 +++ sudo-1.9.9/include/sudo_util.h 2022-01-27 21:24:22.000000000 +0000 @@ -188,6 +188,10 @@ sudo_dso_public int aix_setauthdb_v2(char *user, char *registry); #define aix_setauthdb(_a, _b) aix_setauthdb_v2((_a), (_b)) +/* basename.c */ +sudo_dso_public char *sudo_basename_v1(const char *filename); +#define sudo_basename(_a) sudo_basename_v1(_a) + /* gethostname.c */ sudo_dso_public char *sudo_gethostname_v1(void); #define sudo_gethostname() sudo_gethostname_v1() @@ -234,7 +238,7 @@ #define sudo_logpri2str(_a) sudo_logpri2str_v1((_a)) /* mkdir_parents.c */ -sudo_dso_public bool sudo_mkdir_parents_v1(char *path, uid_t uid, gid_t gid, mode_t mode, bool quiet); +sudo_dso_public bool sudo_mkdir_parents_v1(const char *path, uid_t uid, gid_t gid, mode_t mode, bool quiet); #define sudo_mkdir_parents(_a, _b, _c, _d, _e) sudo_mkdir_parents_v1((_a), (_b), (_c), (_d), (_e)) /* parseln.c */ @@ -246,6 +250,12 @@ sudo_dso_public void initprogname(const char *); sudo_dso_public void initprogname2(const char *, const char * const *); +/* rcstr.c */ +sudo_dso_public char *sudo_rcstr_dup(const char *src); +sudo_dso_public char *sudo_rcstr_alloc(size_t len); +sudo_dso_public char *sudo_rcstr_addref(const char *s); +sudo_dso_public void sudo_rcstr_delref(const char *s); + /* roundup.c */ sudo_dso_public unsigned int sudo_pow2_roundup_v1(unsigned int len); #define sudo_pow2_roundup(_a) sudo_pow2_roundup_v1((_a)) diff -Nru sudo-1.9.5p2/install-sh sudo-1.9.9/install-sh --- sudo-1.9.5p2/install-sh 2020-12-17 01:33:43.000000000 +0000 +++ sudo-1.9.9/install-sh 1970-01-01 00:00:00.000000000 +0000 @@ -1,239 +0,0 @@ -#! /bin/sh - -## (From INN-1.4, written by Rich Salz) -## $Revision$ -## A script to install files and directories. - -PROGNAME=`basename $0` - -## Paths to programs. CHOWN, STRIP and WHOAMI are checked below. -CHOWN=chown -CHGRP=chgrp -CHMOD=chmod -CP=cp -LN=ln -MKDIR=mkdir -MV=mv -RM=rm -STRIP=strip -WHOAMI="echo root" - -## Some systems don't support -x, so we have to use -f. -for d in /sbin /etc /usr/sbin /usr/etc; do - if [ -f $d/chown ]; then - CHOWN=${d}/chown - break - fi -done - -for d in /usr/bin /bin /usr/ucb /usr/bsd; do - if [ -f $d/whoami ]; then - WHOAMI=${d}/whoami - break - elif [ -f $d/id ]; then - WHOAMI=${d}/id | sed -n 's/^[^(]*(\([^)]*\)).*/\1/p' - fi -done - -for d in /usr/ccs/bin /usr/bin /bin; do - if [ -f $d/strip ]; then - STRIP=${d}/strip - break - fi -done - -## Defaults. -CHOWNIT=false -CHGROUPIT=false -CHMODIT=false -STRIPIT=false -BACKIT=false -TOUCHIT=true -DIRMODE=false - -# INSTALL_BACKUP is like -b but for use with libtool -if test X"${INSTALL_BACKUP}" != X""; then - BACKIT=true - BACKUP="${INSTALL_BACKUP}" -fi - -case `${WHOAMI}` in -root) - ROOT=true - ;; -*) - ROOT=false - ;; -esac - -## Process JCL. -MORETODO=true -while ${MORETODO} ; do - case X"$1" in - X-b) - BACKIT=true - BACKUP="$2" - shift - ;; - X-b*) - BACKIT=true - BACKUP="`echo \"$1\" | sed 's/^..//'`" - ;; - X-c) - # backward compatibility - ;; - X-d) - DIRMODE=true - ;; - X-g) - GROUP="$2" - CHGROUPIT=true - shift - ;; - X-g*) - GROUP="`echo \"$1\" | sed 's/^..//'`" - CHGROUPIT=true - ;; - X-G) - GROUP="$2" - shift - ${ROOT} && CHGROUPIT=true - ;; - X-G*) - if ${ROOT} ; then - GROUP="`echo \"$1\" | sed 's/^..//'`" - CHGROUPIT=true - fi - ;; - X-m) - MODE="$2" - CHMODIT=true - shift - ;; - X-m*) - MODE="`echo \"$1\" | sed 's/^..//'`" - CHMODIT=true - ;; - X-M) - MODE="$2" - ${ROOT} && CHMODIT=true - shift - ;; - X-M*) - MODE="`echo \"$1\" | sed 's/^..//'`" - ${ROOT} && CHMODIT=true - ;; - X-n) - TOUCHIT=false - ;; - X-o) - OWNER="$2" - CHOWNIT=true - shift - ;; - X-o*) - OWNER="`echo \"$1\" | sed 's/^..//'`" - CHOWNIT=true - ;; - X-O) - OWNER="$2" - shift - ${ROOT} && CHOWNIT=true - ;; - X-O*) - if ${ROOT} ; then - OWNER="`echo \"$1\" | sed 's/^..//'`" - CHOWNIT=true - fi - ;; - X-s) - STRIPIT=true - ;; - X--) - shift - MORETODO=false - ;; - X-*) - echo "${PROGNAME}: Unknown flag $1" 1>&2 - exit 1 - ;; - *) - MORETODO=false - ;; - esac - ${MORETODO} && shift -done - -## Making a directory? -if ${DIRMODE} ; then - while test $# != 0; do - DEST="$1" - if [ ! -d "${DEST}" ] ; then - ${MKDIR} "${DEST}" || exit 1 - fi - if ${CHOWNIT} ; then - ${CHOWN} "${OWNER}" "${DEST}" || exit 1 - fi - if ${CHGROUPIT} ; then - ${CHGRP} "${GROUP}" "${DEST}" || exit 1 - fi - if ${CHMODIT} ; then - ${CHMOD} "${MODE}" "${DEST}" || exit 1 - fi - shift; - done - exit 0 -fi - -## Process arguments. -if [ $# -ne 2 ] ; then - echo "Usage: ${PROGNAME} [flags] source destination" - exit 1 -fi - -## Get the destination and a temp file in the destination directory. -if [ -d "$2" ] ; then - DEST="$2/`basename $1`" - TEMP="$2/$$.tmp" -else - DEST="$2" - TEMP="`expr "$2" : '\(.*\)/.*'`/$$.tmp" -fi - -## If not given the same name, we must try to copy. -if [ X"$1" != X"$2" ] ; then - if cmp -s "$1" "${DEST}" ; then - ## Files are same; touch or not. - ${TOUCHIT} && touch "${DEST}" - else - ## If destination exists and we wish to backup, link to backup. - if [ -f "${DEST}" ] ; then - if ${BACKIT} ; then - ${RM} -f "${DEST}${BACKUP}" - ${LN} "${DEST}" "${DEST}${BACKUP}" - fi - fi - ## Copy source to the right dir, then move to right spot. - ## Done in two parts so we can hope for atomicity. - ## We need to rm DEST due to bugs in "mv -f" on some systems. - ${RM} -f "${TEMP}" || exit 1 - ${CP} "$1" "${TEMP}" || exit 1 - ${RM} -f "${DEST}" || exit 1 - ${MV} -f "${TEMP}" "${DEST}" || exit 1 - fi -fi - -## Strip and set the owner/mode. -if ${STRIPIT} ; then - ${STRIP} "${DEST}" || exit 1 -fi -if ${CHOWNIT} ; then - ${CHOWN} "${OWNER}" "${DEST}" || exit 1 -fi -if ${CHGROUPIT} ; then - ${CHGRP} "${GROUP}" "${DEST}" || exit 1 -fi -if ${CHMODIT} ; then - ${CHMOD} "${MODE}" "${DEST}" || exit 1 -fi -exit 0 diff -Nru sudo-1.9.5p2/lib/eventlog/Makefile.in sudo-1.9.9/lib/eventlog/Makefile.in --- sudo-1.9.5p2/lib/eventlog/Makefile.in 2021-01-23 15:45:11.000000000 +0000 +++ sudo-1.9.9/lib/eventlog/Makefile.in 2022-01-27 21:24:06.000000000 +0000 @@ -82,14 +82,12 @@ TEST_PROGS = check_wrap -LIBEVENTLOG_OBJS = eventlog.lo logwrap.lo +LIBEVENTLOG_OBJS = eventlog.lo eventlog_conf.lo eventlog_free.lo logwrap.lo IOBJS = $(LIBEVENTLOG_OBJS:.lo=.i) POBJS = $(IOBJS:.i=.plog) -GENERATED = log_server.pb-c.h log_server.pb-c.c - CHECK_WRAP_OBJS = check_wrap.lo logwrap.lo all: libsudo_eventlog.la @@ -118,21 +116,7 @@ .i.plog: ifile=$<; rm -f $@; pvs-studio --cfg $(PVS_CFG) --sourcetree-root $(top_srcdir) --skip-cl-exe yes --source-file $${ifile%i}c --i-file $< --output-file $@ -$(devdir)/log_server.pb-c.c: $(srcdir)/log_server.proto - @if [ -n "$(DEVEL)" ]; then \ - cmd='protoc-c --c_out=$(devdir) --proto_path=$(srcdir) $(srcdir)/log_server.proto'; \ - echo "$$cmd"; eval $$cmd; \ - cmd='$(scriptdir)/unanon $(devdir)/log_server.pb-c.h $(devdir)/log_server.pb-c.c'; \ - echo "$$cmd"; eval $$cmd; \ - if [ "$(devdir)" == "$(srcdir)" ]; then \ - cmd='mv -f $(devdir)/log_server.pb-c.h $(incdir)/log_server.pb-c.h'; \ - else \ - cmd='mv -f $(devdir)/log_server.pb-c.h $(top_builddir)/log_server.pb-c.h'; \ - fi; \ - echo "$$cmd"; eval $$cmd; \ - fi - -libsudo_eventlog.la: $(LIBEVENTLOG_OBJS) +libsudo_eventlog.la: $(LIBEVENTLOG_OBJS) $(LT_LIBS) $(LIBTOOL) $(LTFLAGS) --mode=link $(CC) -o $@ $(LIBEVENTLOG_OBJS) $(LT_LIBS) check_wrap: $(CHECK_WRAP_OBJS) $(LIBUTIL) @@ -150,6 +134,8 @@ install-plugin: +install-fuzzer: + uninstall: splint: @@ -160,9 +146,17 @@ pvs-log-files: $(POBJS) -check: $(TEST_PROGS) +fuzz: + +check-fuzzer: + +check: $(TEST_PROGS) check-fuzzer @if test X"$(cross_compiling)" != X"yes"; then \ - LC_ALL=C; export LC_ALL; \ + if locale -a 2>&1 | grep '^C.UTF-8$$' >/dev/null 2>&1; then \ + LC_ALL=C.UTF-8; export LC_ALL; \ + else \ + LC_ALL=C; export LC_ALL; \ + fi; \ unset LANG || LANG=; \ MALLOC_OPTIONS=S; export MALLOC_OPTIONS; \ MALLOC_CONF="abort:true,junk:true"; export MALLOC_CONF; \ @@ -175,17 +169,13 @@ fi clean: - -$(LIBTOOL) $(LTFLAGS) --mode=clean rm -f *.lo *.o *.la - -rm -f *.i *.plog stamp-* core *.core core.* + -$(LIBTOOL) $(LTFLAGS) --mode=clean rm -f *.lo *.o *.la $(TEST_PROGS) + -rm -f *.i *.plog stamp-* core *.core core.* regress/*/*.out mostlyclean: clean distclean: clean -rm -rf Makefile .libs - @if [ -n "$(DEVEL)" -a "$(devdir)" != "$(srcdir)" ]; then \ - cmd='rm -rf $(GENERATED)'; \ - echo "$$cmd"; eval $$cmd; \ - fi clobber: distclean @@ -194,6 +184,8 @@ cleandir: realclean +.PHONY: clean mostlyclean distclean cleandir clobber realclean + # Autogenerated dependencies, do not modify check_wrap.lo: $(srcdir)/regress/logwrap/check_wrap.c \ $(incdir)/compat/stdbool.h $(incdir)/sudo_compat.h \ @@ -227,6 +219,36 @@ $(CC) -E -o $@ $(CPPFLAGS) $< eventlog.plog: eventlog.i rm -f $@; pvs-studio --cfg $(PVS_CFG) --sourcetree-root $(top_srcdir) --skip-cl-exe yes --source-file $(srcdir)/eventlog.c --i-file $< --output-file $@ +eventlog_conf.lo: $(srcdir)/eventlog_conf.c $(incdir)/compat/stdbool.h \ + $(incdir)/sudo_compat.h $(incdir)/sudo_debug.h \ + $(incdir)/sudo_eventlog.h $(incdir)/sudo_fatal.h \ + $(incdir)/sudo_gettext.h $(incdir)/sudo_json.h \ + $(incdir)/sudo_plugin.h $(incdir)/sudo_queue.h \ + $(incdir)/sudo_util.h $(top_builddir)/config.h \ + $(top_builddir)/pathnames.h + $(LIBTOOL) $(LTFLAGS) --mode=compile $(CC) -c -o $@ $(CPPFLAGS) $(CFLAGS) $(ASAN_CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(srcdir)/eventlog_conf.c +eventlog_conf.i: $(srcdir)/eventlog_conf.c $(incdir)/compat/stdbool.h \ + $(incdir)/sudo_compat.h $(incdir)/sudo_debug.h \ + $(incdir)/sudo_eventlog.h $(incdir)/sudo_fatal.h \ + $(incdir)/sudo_gettext.h $(incdir)/sudo_json.h \ + $(incdir)/sudo_plugin.h $(incdir)/sudo_queue.h \ + $(incdir)/sudo_util.h $(top_builddir)/config.h \ + $(top_builddir)/pathnames.h + $(CC) -E -o $@ $(CPPFLAGS) $< +eventlog_conf.plog: eventlog_conf.i + rm -f $@; pvs-studio --cfg $(PVS_CFG) --sourcetree-root $(top_srcdir) --skip-cl-exe yes --source-file $(srcdir)/eventlog_conf.c --i-file $< --output-file $@ +eventlog_free.lo: $(srcdir)/eventlog_free.c $(incdir)/compat/stdbool.h \ + $(incdir)/sudo_compat.h $(incdir)/sudo_debug.h \ + $(incdir)/sudo_eventlog.h $(incdir)/sudo_queue.h \ + $(incdir)/sudo_util.h $(top_builddir)/config.h + $(LIBTOOL) $(LTFLAGS) --mode=compile $(CC) -c -o $@ $(CPPFLAGS) $(CFLAGS) $(ASAN_CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(srcdir)/eventlog_free.c +eventlog_free.i: $(srcdir)/eventlog_free.c $(incdir)/compat/stdbool.h \ + $(incdir)/sudo_compat.h $(incdir)/sudo_debug.h \ + $(incdir)/sudo_eventlog.h $(incdir)/sudo_queue.h \ + $(incdir)/sudo_util.h $(top_builddir)/config.h + $(CC) -E -o $@ $(CPPFLAGS) $< +eventlog_free.plog: eventlog_free.i + rm -f $@; pvs-studio --cfg $(PVS_CFG) --sourcetree-root $(top_srcdir) --skip-cl-exe yes --source-file $(srcdir)/eventlog_free.c --i-file $< --output-file $@ logwrap.lo: $(srcdir)/logwrap.c $(incdir)/compat/stdbool.h \ $(incdir)/sudo_compat.h $(incdir)/sudo_debug.h \ $(incdir)/sudo_eventlog.h $(incdir)/sudo_queue.h \ diff -Nru sudo-1.9.5p2/lib/eventlog/eventlog.c sudo-1.9.9/lib/eventlog/eventlog.c --- sudo-1.9.5p2/lib/eventlog/eventlog.c 2021-01-09 20:12:16.000000000 +0000 +++ sudo-1.9.9/lib/eventlog/eventlog.c 2022-01-27 21:24:22.000000000 +0000 @@ -1,7 +1,7 @@ /* * SPDX-License-Identifier: ISC * - * Copyright (c) 1994-1996, 1998-2020 Todd C. Miller + * Copyright (c) 1994-1996, 1998-2021 Todd C. Miller * * Permission to use, copy, modify, and distribute this software for any * purpose with or without fee is hereby granted, provided that the above @@ -66,6 +66,8 @@ #define LL_ENV_STR "ENV=" #define LL_CMND_STR "COMMAND=" #define LL_TSID_STR "TSID=" +#define LL_EXIT_STR "EXIT=" +#define LL_SIGNAL_STR "SIGNAL=" #define IS_SESSID(s) ( \ isalnum((unsigned char)(s)[0]) && isalnum((unsigned char)(s)[1]) && \ @@ -75,62 +77,46 @@ isalnum((unsigned char)(s)[6]) && isalnum((unsigned char)(s)[7]) && \ (s)[8] == '\0') -static FILE *eventlog_stub_open_log(int type, const char *logfile); -static void eventlog_stub_close_log(int type, FILE *fp); - -/* Eventlog config settings (default values). */ -static struct eventlog_config evl_conf = { - EVLOG_NONE, /* type */ - EVLOG_SUDO, /* format */ - LOG_NOTICE, /* syslog_acceptpri */ - LOG_ALERT, /* syslog_rejectpri */ - LOG_ALERT, /* syslog_alertpri */ - MAXSYSLOGLEN, /* syslog_maxlen */ - 0, /* file_maxlen */ - ROOT_UID, /* mailuid */ - false, /* omit_hostname */ - _PATH_SUDO_LOGFILE, /* logpath */ - "%h %e %T", /* time_fmt */ -#ifdef _PATH_SUDO_SENDMAIL - _PATH_SUDO_SENDMAIL, /* mailerpath */ -#else - NULL, /* mailerpath (disabled) */ -#endif - "-t", /* mailerflags */ - NULL, /* mailfrom */ - MAILTO, /* mailto */ - N_(MAILSUBJECT), /* mailsub */ - eventlog_stub_open_log, /* open_log */ - eventlog_stub_close_log /* close_log */ +struct eventlog_args { + const char *reason; + const char *errstr; + const struct timespec *event_time; + eventlog_json_callback_t json_info_cb; + void *json_info; }; /* * Allocate and fill in a new logline. */ static char * -new_logline(int flags, const char *message, const char *errstr, +new_logline(int event_type, int flags, struct eventlog_args *args, const struct eventlog *evlog) { + const struct eventlog_config *evl_conf = eventlog_getconf(); char *line = NULL, *evstr = NULL; - const char *iolog_file = evlog->iolog_file; + const char *iolog_file; const char *tty, *tsid = NULL; - char sessid[7]; + char exit_str[(((sizeof(int) * 8) + 2) / 3) + 2]; + char sessid[7], offsetstr[64] = ""; size_t len = 0; int i; debug_decl(new_logline, SUDO_DEBUG_UTIL); - if (ISSET(flags, EVLOG_RAW)) { - if (errstr != NULL) { - if (asprintf(&line, "%s: %s", message, errstr) == -1) - goto oom; - } else { - if ((line = strdup(message)) == NULL) - goto oom; + if (ISSET(flags, EVLOG_RAW) || evlog == NULL) { + if (args->reason != NULL) { + if (args->errstr != NULL) { + if (asprintf(&line, "%s: %s", args->reason, args->errstr) == -1) + goto oom; + } else { + if ((line = strdup(args->reason)) == NULL) + goto oom; + } } debug_return_str(line); } /* A TSID may be a sudoers-style session ID or a free-form string. */ + iolog_file = evlog->iolog_file; if (iolog_file != NULL) { if (IS_SESSID(iolog_file)) { sessid[0] = iolog_file[0]; @@ -144,6 +130,17 @@ } else { tsid = iolog_file; } + if (sudo_timespecisset(&evlog->iolog_offset)) { + /* Only write up to two significant digits for the decimal part. */ + if (evlog->iolog_offset.tv_nsec > 10000000) { + (void)snprintf(offsetstr, sizeof(offsetstr), "@%lld.%02ld", + (long long)evlog->iolog_offset.tv_sec, + evlog->iolog_offset.tv_nsec / 10000000); + } else if (evlog->iolog_offset.tv_sec != 0) { + (void)snprintf(offsetstr, sizeof(offsetstr), "@%lld", + (long long)evlog->iolog_offset.tv_sec); + } + } } /* Sudo-format logs use the short form of the ttyname. */ @@ -155,11 +152,11 @@ /* * Compute line length */ - if (message != NULL) - len += strlen(message) + 3; - if (errstr != NULL) - len += strlen(errstr) + 3; - if (evlog->submithost != NULL && !evl_conf.omit_hostname) + if (args->reason != NULL) + len += strlen(args->reason) + 3; + if (args->errstr != NULL) + len += strlen(args->errstr) + 3; + if (evlog->submithost != NULL && !evl_conf->omit_hostname) len += sizeof(LL_HOST_STR) + 2 + strlen(evlog->submithost); if (tty != NULL) len += sizeof(LL_TTY_STR) + 2 + strlen(tty); @@ -171,8 +168,9 @@ len += sizeof(LL_USER_STR) + 2 + strlen(evlog->runuser); if (evlog->rungroup != NULL) len += sizeof(LL_GROUP_STR) + 2 + strlen(evlog->rungroup); - if (tsid != NULL) - len += sizeof(LL_TSID_STR) + 2 + strlen(tsid); + if (tsid != NULL) { + len += sizeof(LL_TSID_STR) + 2 + strlen(tsid) + strlen(offsetstr); + } if (evlog->env_add != NULL) { size_t evlen = 0; char * const *ep; @@ -195,10 +193,18 @@ } if (evlog->command != NULL) { len += sizeof(LL_CMND_STR) - 1 + strlen(evlog->command); - if (evlog->argv != NULL) { + if (evlog->argv != NULL && evlog->argv[0] != NULL) { for (i = 1; evlog->argv[i] != NULL; i++) len += strlen(evlog->argv[i]) + 1; } + if (event_type == EVLOG_EXIT) { + if (evlog->signal_name != NULL) + len += sizeof(LL_SIGNAL_STR) + 2 + strlen(evlog->signal_name); + if (evlog->exit_value != -1) { + (void)snprintf(exit_str, sizeof(exit_str), "%d", evlog->exit_value); + len += sizeof(LL_EXIT_STR) + 2 + strlen(exit_str); + } + } } /* @@ -208,17 +214,17 @@ goto oom; line[0] = '\0'; - if (message != NULL) { - if (strlcat(line, message, len) >= len || - strlcat(line, errstr ? " : " : " ; ", len) >= len) + if (args->reason != NULL) { + if (strlcat(line, args->reason, len) >= len || + strlcat(line, args->errstr ? " : " : " ; ", len) >= len) goto toobig; } - if (errstr != NULL) { - if (strlcat(line, errstr, len) >= len || + if (args->errstr != NULL) { + if (strlcat(line, args->errstr, len) >= len || strlcat(line, " ; ", len) >= len) goto toobig; } - if (evlog->submithost != NULL && !evl_conf.omit_hostname) { + if (evlog->submithost != NULL && !evl_conf->omit_hostname) { if (strlcat(line, LL_HOST_STR, len) >= len || strlcat(line, evlog->submithost, len) >= len || strlcat(line, " ; ", len) >= len) @@ -257,6 +263,7 @@ if (tsid != NULL) { if (strlcat(line, LL_TSID_STR, len) >= len || strlcat(line, tsid, len) >= len || + strlcat(line, offsetstr, len) >= len || strlcat(line, " ; ", len) >= len) goto toobig; } @@ -273,13 +280,27 @@ goto toobig; if (strlcat(line, evlog->command, len) >= len) goto toobig; - if (evlog->argv != NULL) { + if (evlog->argv != NULL && evlog->argv[0] != NULL) { for (i = 1; evlog->argv[i] != NULL; i++) { if (strlcat(line, " ", len) >= len || strlcat(line, evlog->argv[i], len) >= len) goto toobig; } } + if (event_type == EVLOG_EXIT) { + if (evlog->signal_name != NULL) { + if (strlcat(line, " ; ", len) >= len || + strlcat(line, LL_SIGNAL_STR, len) >= len || + strlcat(line, evlog->signal_name, len) >= len) + goto toobig; + } + if (evlog->exit_value != -1) { + if (strlcat(line, " ; ", len) >= len || + strlcat(line, LL_EXIT_STR, len) >= len || + strlcat(line, exit_str, len) >= len) + goto toobig; + } + } } debug_return_str(line); @@ -331,8 +352,9 @@ static void __attribute__((__noreturn__)) exec_mailer(int pipein) { + const struct eventlog_config *evl_conf = eventlog_getconf(); char *last, *mflags, *p, *argv[MAX_MAILFLAGS + 1]; - const char *mpath = evl_conf.mailerpath; + const char *mpath = evl_conf->mailerpath; int i; char * const root_envp[] = { "HOME=/", @@ -356,15 +378,12 @@ } /* Build up an argv based on the mailer path and flags */ - if ((mflags = strdup(evl_conf.mailerflags)) == NULL) { + if ((mflags = strdup(evl_conf->mailerflags)) == NULL) { syslog(LOG_ERR, _("unable to allocate memory")); // -V618 sudo_debug_exit(__func__, __FILE__, __LINE__, sudo_debug_subsys); _exit(127); } - if ((argv[0] = strrchr(mpath, '/'))) - argv[0]++; - else - argv[0] = (char *)mpath; + argv[0] = sudo_basename(mpath); i = 1; if ((p = strtok_r(mflags, " \t", &last))) { @@ -382,14 +401,14 @@ sudo_debug_printf(SUDO_DEBUG_ERROR, "unable to change uid to %u", ROOT_UID); } - if (evl_conf.mailuid != ROOT_UID) { - if (setuid(evl_conf.mailuid) != 0) { + if (evl_conf->mailuid != ROOT_UID) { + if (setuid(evl_conf->mailuid) != 0) { sudo_debug_printf(SUDO_DEBUG_ERROR, "unable to change uid to %u", - (unsigned int)evl_conf.mailuid); + (unsigned int)evl_conf->mailuid); } } sudo_debug_exit(__func__, __FILE__, __LINE__, sudo_debug_subsys); - if (evl_conf.mailuid == ROOT_UID) + if (evl_conf->mailuid == ROOT_UID) execve(mpath, argv, root_envp); else execv(mpath, argv); @@ -399,16 +418,17 @@ _exit(127); } -/* Send a message to MAILTO user */ +/* Send a message to the mailto user */ static bool send_mail(const struct eventlog *evlog, const char *fmt, ...) { - const char *cp, *timefmt = evl_conf.time_fmt; + const struct eventlog_config *evl_conf = eventlog_getconf(); + const char *cp, *timefmt = evl_conf->time_fmt; char timebuf[1024]; - struct tm *tm; + struct tm tm; time_t now; FILE *mail; - int fd, pfd[2], status; + int fd, len, pfd[2], status; pid_t pid, rv; struct stat sb; va_list ap; @@ -418,15 +438,15 @@ debug_decl(send_mail, SUDO_DEBUG_UTIL); /* If mailer is disabled just return. */ - if (evl_conf.mailerpath == NULL || evl_conf.mailto == NULL) + if (evl_conf->mailerpath == NULL || evl_conf->mailto == NULL) debug_return_bool(true); /* Make sure the mailer exists and is a regular file. */ - if (stat(evl_conf.mailerpath, &sb) != 0 || !S_ISREG(sb.st_mode)) + if (stat(evl_conf->mailerpath, &sb) != 0 || !S_ISREG(sb.st_mode)) debug_return_bool(false); time(&now); - if ((tm = gmtime(&now)) == NULL) + if (localtime_r(&now, &tm) == NULL) debug_return_bool(false); /* Fork and return, child will daemonize. */ @@ -519,11 +539,11 @@ /* Pipes are all setup, send message. */ (void) fprintf(mail, "To: %s\nFrom: %s\nAuto-Submitted: %s\nSubject: ", - evl_conf.mailto, - evl_conf.mailfrom ? evl_conf.mailfrom : + evl_conf->mailto, + evl_conf->mailfrom ? evl_conf->mailfrom : (evlog ? evlog->submituser : "root"), "auto-generated"); - for (cp = _(evl_conf.mailsub); *cp; cp++) { + for (cp = _(evl_conf->mailsub); *cp; cp++) { /* Expand escapes in the subject */ if (*cp == '%' && *(cp+1) != '%') { switch (*(++cp)) { @@ -549,7 +569,18 @@ (void) fprintf(mail, "\nContent-Type: text/plain; charset=\"%s\"\nContent-Transfer-Encoding: 8bit", nl_langinfo(CODESET)); #endif /* HAVE_NL_LANGINFO && CODESET */ - strftime(timebuf, sizeof(timebuf), timefmt, tm); + timebuf[sizeof(timebuf) - 1] = '\0'; + len = strftime(timebuf, sizeof(timebuf), timefmt, &tm); + if (len == 0 || timebuf[sizeof(timebuf) - 1] != '\0') { + sudo_debug_printf(SUDO_DEBUG_INFO|SUDO_DEBUG_ERROR, + "strftime() failed to format time: %s", timefmt); + /* Fall back to default time format string. */ + timebuf[sizeof(timebuf) - 1] = '\0'; + len = strftime(timebuf, sizeof(timebuf), "%h %e %T", &tm); + if (len == 0 || timebuf[sizeof(timebuf) - 1] != '\0') { + timebuf[0] = '\0'; /* give up */ + } + } if (evlog != NULL) { (void) fprintf(mail, "\n\n%s : %s : %s : ", evlog->submithost, timebuf, evlog->submituser); @@ -577,18 +608,12 @@ static bool json_add_timestamp(struct json_container *json, const char *name, - const struct timespec *ts) + const struct timespec *ts, bool format_timestamp) { - const char *timefmt = evl_conf.time_fmt; struct json_value json_value; - time_t secs = ts->tv_sec; - char timebuf[1024]; - struct tm *tm; + int len; debug_decl(json_add_timestamp, SUDO_DEBUG_PLUGIN); - if ((tm = gmtime(&secs)) == NULL) - debug_return_bool(false); - if (!sudo_json_open_object(json, name)) goto oom; @@ -602,17 +627,35 @@ if (!sudo_json_add_value(json, "nanoseconds", &json_value)) goto oom; - strftime(timebuf, sizeof(timebuf), "%Y%m%d%H%M%SZ", tm); - json_value.type = JSON_STRING; - json_value.u.string = timebuf; - if (!sudo_json_add_value(json, "iso8601", &json_value)) - goto oom; + if (format_timestamp) { + const struct eventlog_config *evl_conf = eventlog_getconf(); + const char *timefmt = evl_conf->time_fmt; + time_t secs = ts->tv_sec; + char timebuf[1024]; + struct tm tm; + + if (gmtime_r(&secs, &tm) != NULL) { + timebuf[sizeof(timebuf) - 1] = '\0'; + len = strftime(timebuf, sizeof(timebuf), "%Y%m%d%H%M%SZ", &tm); + if (len != 0 && timebuf[sizeof(timebuf) - 1] == '\0') { + json_value.type = JSON_STRING; + json_value.u.string = timebuf; // -V507 + if (!sudo_json_add_value(json, "iso8601", &json_value)) + goto oom; + } + } - strftime(timebuf, sizeof(timebuf), timefmt, tm); - json_value.type = JSON_STRING; - json_value.u.string = timebuf; - if (!sudo_json_add_value(json, "localtime", &json_value)) - goto oom; + if (localtime_r(&secs, &tm) != NULL) { + timebuf[sizeof(timebuf) - 1] = '\0'; + len = strftime(timebuf, sizeof(timebuf), timefmt, &tm); + if (len != 0 && timebuf[sizeof(timebuf) - 1] == '\0') { + json_value.type = JSON_STRING; + json_value.u.string = timebuf; // -V507 + if (!sudo_json_add_value(json, "localtime", &json_value)) + goto oom; + } + } + } if (!sudo_json_close_object(json)) goto oom; @@ -769,14 +812,14 @@ } static char * -format_json(int event_type, const char *reason, const char *errstr, - const struct eventlog *evlog, const struct timespec *event_time, - eventlog_json_callback_t info_cb, void *info, bool compact) +format_json(int event_type, struct eventlog_args *args, + const struct eventlog *evlog, bool compact) { - const char *type_str; - const char *time_str; + eventlog_json_callback_t info_cb = args->json_info_cb; + void *info = args->json_info; struct json_container json = { 0 }; struct json_value json_value; + const char *time_str, *type_str; struct timespec now; debug_decl(format_json, SUDO_DEBUG_UTIL); @@ -804,6 +847,10 @@ type_str = "alert"; time_str = "alert_time"; break; + case EVLOG_EXIT: + type_str = "exit"; + time_str = "exit_time"; + break; default: sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO, "unexpected event type %d", event_type); @@ -815,19 +862,28 @@ if (!sudo_json_open_object(&json, type_str)) goto bad; + if (evlog != NULL && evlog->uuid_str[0] != '\0') { + json_value.type = JSON_STRING; + json_value.u.string = evlog->uuid_str; + if (!sudo_json_add_value(&json, "uuid", &json_value)) + goto bad; + } + /* Reject and Alert events include a reason and optional error string. */ - if (reason != NULL) { + if (args->reason != NULL) { char *ereason = NULL; - if (errstr != NULL) { - if (asprintf(&ereason, _("%s: %s"), reason, errstr) == -1) { + if (args->errstr != NULL) { + const int len = asprintf(&ereason, _("%s: %s"), args->reason, + args->errstr); + if (len == -1) { sudo_warnx(U_("%s: %s"), __func__, U_("unable to allocate memory")); goto bad; } } json_value.type = JSON_STRING; - json_value.u.string = ereason ? ereason : reason; + json_value.u.string = ereason ? ereason : args->reason; if (!sudo_json_add_value(&json, "reason", &json_value)) { free(ereason); goto bad; @@ -835,32 +891,80 @@ free(ereason); } - /* XXX - create and log uuid? */ - /* Log event time on server (set earlier) */ - if (!json_add_timestamp(&json, "server_time", &now)) { - sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_ERRNO|SUDO_DEBUG_LINENO, + if (!json_add_timestamp(&json, "server_time", &now, true)) { + sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO, "unable format timestamp"); goto bad; } /* Log event time from client */ - if (!json_add_timestamp(&json, time_str, event_time)) { - sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_ERRNO|SUDO_DEBUG_LINENO, - "unable format timestamp"); - goto bad; + if (args->event_time != NULL) { + if (!json_add_timestamp(&json, time_str, args->event_time, true)) { + sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO, + "unable format timestamp"); + goto bad; + } + } + + if (event_type == EVLOG_EXIT) { + /* Exit events don't need evlog details if there is a UUID. */ + if (evlog != NULL && evlog->uuid_str[0] != '\0') { + if (args->json_info == NULL) + info = NULL; + } + + if (sudo_timespecisset(&evlog->run_time)) { + if (!json_add_timestamp(&json, "run_time", &evlog->run_time, false)) { + sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO, + "unable format timestamp"); + goto bad; + } + } + if (evlog->signal_name != NULL) { + json_value.type = JSON_STRING; + json_value.u.string = evlog->signal_name; + if (!sudo_json_add_value(&json, "signal", &json_value)) + goto bad; + + json_value.type = JSON_BOOL; + json_value.u.boolean = evlog->dumped_core; + if (!sudo_json_add_value(&json, "dumped_core", &json_value)) + goto bad; + } + json_value.type = JSON_NUMBER; + json_value.u.number = evlog->exit_value; + if (!sudo_json_add_value(&json, "exit_value", &json_value)) + goto bad; } /* Event log info may be missing for alert messages. */ if (evlog != NULL) { + if (evlog->peeraddr != NULL) { + json_value.type = JSON_STRING; + json_value.u.string = evlog->peeraddr; + if (!sudo_json_add_value(&json, "peeraddr", &json_value)) + goto bad; + } + if (evlog->iolog_path != NULL) { json_value.type = JSON_STRING; json_value.u.string = evlog->iolog_path; if (!sudo_json_add_value(&json, "iolog_path", &json_value)) goto bad; + + if (sudo_timespecisset(&evlog->iolog_offset)) { + if (!json_add_timestamp(&json, "iolog_offset", &evlog->iolog_offset, false)) { + sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO, + "unable format timestamp"); + goto bad; + } + } } + } - /* Write log info. */ + /* Write log info. */ + if (info != NULL) { if (!info_cb(&json, info)) goto bad; } @@ -883,12 +987,13 @@ static bool do_syslog_sudo(int pri, char *logline, const struct eventlog *evlog) { + const struct eventlog_config *evl_conf = eventlog_getconf(); size_t len, maxlen; char *p, *tmp, save; const char *fmt; debug_decl(do_syslog_sudo, SUDO_DEBUG_UTIL); - evl_conf.open_log(EVLOG_SYSLOG, NULL); + evl_conf->open_log(EVLOG_SYSLOG, NULL); if (evlog == NULL) { /* Not a command, just log it as-is. */ @@ -900,7 +1005,7 @@ * Log the full line, breaking into multiple syslog(3) calls if necessary */ fmt = _("%8s : %s"); - maxlen = evl_conf.syslog_maxlen - + maxlen = evl_conf->syslog_maxlen - (strlen(fmt) - 5 + strlen(evlog->submituser)); for (p = logline; *p != '\0'; ) { len = strlen(p); @@ -929,35 +1034,33 @@ p += len; } fmt = _("%8s : (command continued) %s"); - maxlen = evl_conf.syslog_maxlen - + maxlen = evl_conf->syslog_maxlen - (strlen(fmt) - 5 + strlen(evlog->submituser)); } done: - evl_conf.close_log(EVLOG_SYSLOG, NULL); + evl_conf->close_log(EVLOG_SYSLOG, NULL); debug_return_bool(true); } static bool -do_syslog_json(int pri, int event_type, const char *reason, - const char *errstr, const struct eventlog *evlog, - const struct timespec *event_time, - eventlog_json_callback_t info_cb, void *info) +do_syslog_json(int pri, int event_type, struct eventlog_args *args, + const struct eventlog *evlog) { + const struct eventlog_config *evl_conf = eventlog_getconf(); char *json_str; debug_decl(do_syslog_json, SUDO_DEBUG_UTIL); /* Format as a compact JSON message (no newlines) */ - json_str = format_json(event_type, reason, errstr, evlog, event_time, - info_cb, info, true); + json_str = format_json(event_type, args, evlog, true); if (json_str == NULL) debug_return_bool(false); - /* Syslog it with a @cee: prefix */ - /* TODO: use evl_conf.syslog_maxlen to break up long messages. */ - evl_conf.open_log(EVLOG_SYSLOG, NULL); - syslog(pri, "@cee:{%s}", json_str); - evl_conf.close_log(EVLOG_SYSLOG, NULL); + /* Syslog it in a sudo object with a @cee: prefix. */ + /* TODO: use evl_conf->syslog_maxlen to break up long messages. */ + evl_conf->open_log(EVLOG_SYSLOG, NULL); + syslog(pri, "@cee:{\"sudo\":{%s}}", json_str); + evl_conf->close_log(EVLOG_SYSLOG, NULL); free(json_str); debug_return_bool(true); } @@ -966,18 +1069,18 @@ * Log a message to syslog in either sudo or JSON format. */ static bool -do_syslog(int event_type, int flags, const char *reason, const char *errstr, - const struct eventlog *evlog, const struct timespec *event_time, - eventlog_json_callback_t info_cb, void *info) +do_syslog(int event_type, int flags, struct eventlog_args *args, + const struct eventlog *evlog) { + const struct eventlog_config *evl_conf = eventlog_getconf(); char *logline = NULL; bool ret = false; int pri; debug_decl(do_syslog, SUDO_DEBUG_UTIL); /* Sudo format logs and mailed logs use the same log line format. */ - if (evl_conf.format == EVLOG_SUDO || ISSET(flags, EVLOG_MAIL)) { - logline = new_logline(flags, reason, errstr, evlog); + if (evl_conf->format == EVLOG_SUDO || ISSET(flags, EVLOG_MAIL)) { + logline = new_logline(event_type, flags, args, evlog); if (logline == NULL) debug_return_bool(false); @@ -995,13 +1098,14 @@ switch (event_type) { case EVLOG_ACCEPT: - pri = evl_conf.syslog_acceptpri; + case EVLOG_EXIT: + pri = evl_conf->syslog_acceptpri; break; case EVLOG_REJECT: - pri = evl_conf.syslog_rejectpri; + pri = evl_conf->syslog_rejectpri; break; case EVLOG_ALERT: - pri = evl_conf.syslog_alertpri; + pri = evl_conf->syslog_alertpri; break; default: sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO, @@ -1015,17 +1119,16 @@ debug_return_bool(true); } - switch (evl_conf.format) { + switch (evl_conf->format) { case EVLOG_SUDO: ret = do_syslog_sudo(pri, logline, evlog); break; case EVLOG_JSON: - ret = do_syslog_json(pri, event_type, reason, errstr, evlog, - event_time, info_cb, info); + ret = do_syslog_json(pri, event_type, args, evlog); break; default: sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO, - "unexpected eventlog format %d", evl_conf.format); + "unexpected eventlog format %d", evl_conf->format); break; } free(logline); @@ -1037,17 +1140,17 @@ do_logfile_sudo(const char *logline, const struct eventlog *evlog, const struct timespec *event_time) { + const struct eventlog_config *evl_conf = eventlog_getconf(); char *full_line, timebuf[8192], *timestr = NULL; - const char *timefmt = evl_conf.time_fmt; - const char *logfile = evl_conf.logpath; - time_t tv_sec = event_time->tv_sec; - struct tm *timeptr; + const char *timefmt = evl_conf->time_fmt; + const char *logfile = evl_conf->logpath; + struct tm tm; bool ret = false; FILE *fp; int len; debug_decl(do_logfile_sudo, SUDO_DEBUG_UTIL); - if ((fp = evl_conf.open_log(EVLOG_FILE, logfile)) == NULL) + if ((fp = evl_conf->open_log(EVLOG_FILE, logfile)) == NULL) debug_return_bool(false); if (!sudo_lock_file(fileno(fp), SUDO_LOCK)) { @@ -1056,12 +1159,15 @@ goto done; } - if ((timeptr = localtime(&tv_sec)) != NULL) { - /* strftime() does not guarantee to NUL-terminate so we must check. */ - timebuf[sizeof(timebuf) - 1] = '\0'; - if (strftime(timebuf, sizeof(timebuf), timefmt, timeptr) != 0 && - timebuf[sizeof(timebuf) - 1] == '\0') { - timestr = timebuf; + if (event_time != NULL) { + time_t tv_sec = event_time->tv_sec; + if (localtime_r(&tv_sec, &tm) != NULL) { + /* strftime() does not guarantee to NUL-terminate so we must check. */ + timebuf[sizeof(timebuf) - 1] = '\0'; + if (strftime(timebuf, sizeof(timebuf), timefmt, &tm) != 0 && + timebuf[sizeof(timebuf) - 1] == '\0') { + timestr = timebuf; + } } } len = asprintf(&full_line, "%s : %s : %s", @@ -1070,7 +1176,7 @@ sudo_warnx(U_("%s: %s"), __func__, U_("unable to allocate memory")); goto done; } - eventlog_writeln(fp, full_line, len, evl_conf.file_maxlen); + eventlog_writeln(fp, full_line, len, evl_conf->file_maxlen); (void)fflush(fp); if (ferror(fp)) { sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO|SUDO_DEBUG_ERRNO, @@ -1081,27 +1187,26 @@ done: (void)sudo_lock_file(fileno(fp), SUDO_UNLOCK); - evl_conf.close_log(EVLOG_FILE, fp); + evl_conf->close_log(EVLOG_FILE, fp); debug_return_bool(ret); } static bool -do_logfile_json(int event_type, const char *reason, const char *errstr, - const struct eventlog *evlog, const struct timespec *event_time, - eventlog_json_callback_t info_cb, void *info) +do_logfile_json(int event_type, struct eventlog_args *args, + const struct eventlog *evlog) { - const char *logfile = evl_conf.logpath; + const struct eventlog_config *evl_conf = eventlog_getconf(); + const char *logfile = evl_conf->logpath; struct stat sb; char *json_str; int ret = false; FILE *fp; debug_decl(do_logfile_json, SUDO_DEBUG_UTIL); - if ((fp = evl_conf.open_log(EVLOG_FILE, logfile)) == NULL) + if ((fp = evl_conf->open_log(EVLOG_FILE, logfile)) == NULL) debug_return_bool(false); - json_str = format_json(event_type, reason, errstr, evlog, event_time, - info_cb, info, false); + json_str = format_json(event_type, args, evlog, false); if (json_str == NULL) goto done; @@ -1138,22 +1243,22 @@ done: free(json_str); (void)sudo_lock_file(fileno(fp), SUDO_UNLOCK); - evl_conf.close_log(EVLOG_FILE, fp); + evl_conf->close_log(EVLOG_FILE, fp); debug_return_bool(ret); } static bool -do_logfile(int event_type, int flags, const char *reason, const char *errstr, - const struct eventlog *evlog, const struct timespec *event_time, - eventlog_json_callback_t info_cb, void *info) +do_logfile(int event_type, int flags, struct eventlog_args *args, + const struct eventlog *evlog) { + const struct eventlog_config *evl_conf = eventlog_getconf(); bool ret = false; char *logline = NULL; debug_decl(do_logfile, SUDO_DEBUG_UTIL); /* Sudo format logs and mailed logs use the same log line format. */ - if (evl_conf.format == EVLOG_SUDO || ISSET(flags, EVLOG_MAIL)) { - logline = new_logline(flags, reason, errstr, evlog); + if (evl_conf->format == EVLOG_SUDO || ISSET(flags, EVLOG_MAIL)) { + logline = new_logline(event_type, flags, args, evlog); if (logline == NULL) debug_return_bool(false); @@ -1169,17 +1274,17 @@ } } - switch (evl_conf.format) { + switch (evl_conf->format) { case EVLOG_SUDO: - ret = do_logfile_sudo(logline ? logline : reason, evlog, event_time); + ret = do_logfile_sudo(logline ? logline : args->reason, evlog, + args->event_time); break; case EVLOG_JSON: - ret = do_logfile_json(event_type, reason, errstr, evlog, - event_time, info_cb, info); + ret = do_logfile_json(event_type, args, evlog); break; default: sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO, - "unexpected eventlog format %d", evl_conf.format); + "unexpected eventlog format %d", evl_conf->format); break; } free(logline); @@ -1191,22 +1296,23 @@ eventlog_accept(const struct eventlog *evlog, int flags, eventlog_json_callback_t info_cb, void *info) { - const int log_type = evl_conf.type; + const struct eventlog_config *evl_conf = eventlog_getconf(); + const int log_type = evl_conf->type; + struct eventlog_args args = { NULL }; bool ret = true; debug_decl(log_accept, SUDO_DEBUG_UTIL); - if (log_type == EVLOG_NONE) - debug_return_bool(true); + args.event_time = &evlog->submit_time; + args.json_info_cb = info_cb; + args.json_info = info; if (ISSET(log_type, EVLOG_SYSLOG)) { - if (!do_syslog(EVLOG_ACCEPT, flags, NULL, NULL, evlog, - &evlog->submit_time, info_cb, info)) + if (!do_syslog(EVLOG_ACCEPT, flags, &args, evlog)) ret = false; CLR(flags, EVLOG_MAIL); } if (ISSET(log_type, EVLOG_FILE)) { - if (!do_logfile(EVLOG_ACCEPT, flags, NULL, NULL, evlog, - &evlog->submit_time, info_cb, info)) + if (!do_logfile(EVLOG_ACCEPT, flags, &args, evlog)) ret = false; } @@ -1217,19 +1323,24 @@ eventlog_reject(const struct eventlog *evlog, int flags, const char *reason, eventlog_json_callback_t info_cb, void *info) { - const int log_type = evl_conf.type; + const struct eventlog_config *evl_conf = eventlog_getconf(); + const int log_type = evl_conf->type; + struct eventlog_args args = { NULL }; bool ret = true; debug_decl(log_reject, SUDO_DEBUG_UTIL); + args.reason = reason; + args.event_time = &evlog->submit_time; + args.json_info_cb = info_cb; + args.json_info = info; + if (ISSET(log_type, EVLOG_SYSLOG)) { - if (!do_syslog(EVLOG_REJECT, flags, reason, NULL, evlog, - &evlog->submit_time, info_cb, info)) + if (!do_syslog(EVLOG_REJECT, flags, &args, evlog)) ret = false; CLR(flags, EVLOG_MAIL); } if (ISSET(log_type, EVLOG_FILE)) { - if (!do_logfile(EVLOG_REJECT, flags, reason, NULL, evlog, - &evlog->submit_time, info_cb, info)) + if (!do_logfile(EVLOG_REJECT, flags, &args, evlog)) ret = false; } @@ -1240,224 +1351,53 @@ eventlog_alert(const struct eventlog *evlog, int flags, struct timespec *alert_time, const char *reason, const char *errstr) { - const int log_type = evl_conf.type; + const struct eventlog_config *evl_conf = eventlog_getconf(); + const int log_type = evl_conf->type; + struct eventlog_args args = { NULL }; bool ret = true; debug_decl(log_alert, SUDO_DEBUG_UTIL); + args.reason = reason; + args.errstr = errstr; + args.event_time = alert_time; + if (ISSET(log_type, EVLOG_SYSLOG)) { - if (!do_syslog(EVLOG_ALERT, flags, reason, errstr, evlog, alert_time, - NULL, NULL)) + if (!do_syslog(EVLOG_ALERT, flags, &args, evlog)) ret = false; CLR(flags, EVLOG_MAIL); } if (ISSET(log_type, EVLOG_FILE)) { - if (!do_logfile(EVLOG_ALERT, flags, reason, errstr, evlog, alert_time, - NULL, NULL)) + if (!do_logfile(EVLOG_ALERT, flags, &args, evlog)) ret = false; } debug_return_bool(ret); } -/* - * Free the strings in a struct eventlog. - */ -void -eventlog_free(struct eventlog *evlog) -{ - int i; - debug_decl(eventlog_free, SUDO_DEBUG_UTIL); - - if (evlog != NULL) { - free(evlog->iolog_path); - free(evlog->command); - free(evlog->cwd); - free(evlog->runchroot); - free(evlog->runcwd); - free(evlog->rungroup); - free(evlog->runuser); - free(evlog->submithost); - free(evlog->submituser); - free(evlog->submitgroup); - free(evlog->ttyname); - if (evlog->argv != NULL) { - for (i = 0; evlog->argv[i] != NULL; i++) - free(evlog->argv[i]); - free(evlog->argv); - } - if (evlog->envp != NULL) { - for (i = 0; evlog->envp[i] != NULL; i++) - free(evlog->envp[i]); - free(evlog->envp); - } - free(evlog); - } - - debug_return; -} - -static FILE * -eventlog_stub_open_log(int type, const char *logfile) -{ - debug_decl(eventlog_stub_open_log, SUDO_DEBUG_UTIL); - sudo_debug_printf(SUDO_DEBUG_WARN|SUDO_DEBUG_LINENO, - "open_log not set, using stub"); - debug_return_ptr(NULL); -} - -static void -eventlog_stub_close_log(int type, FILE *fp) -{ - debug_decl(eventlog_stub_close_log, SUDO_DEBUG_UTIL); - sudo_debug_printf(SUDO_DEBUG_WARN|SUDO_DEBUG_LINENO, - "close_log not set, using stub"); - debug_return; -} - -/* - * Set eventlog config settings. - */ - -void -eventlog_set_type(int type) -{ - evl_conf.type = type; -} - -void -eventlog_set_format(enum eventlog_format format) -{ - evl_conf.format = format; -} - -void -eventlog_set_syslog_acceptpri(int pri) -{ - evl_conf.syslog_acceptpri = pri; -} - -void -eventlog_set_syslog_rejectpri(int pri) -{ - evl_conf.syslog_rejectpri = pri; -} - -void -eventlog_set_syslog_alertpri(int pri) -{ - evl_conf.syslog_alertpri = pri; -} - -void -eventlog_set_syslog_maxlen(int len) -{ - evl_conf.syslog_maxlen = len; -} - -void -eventlog_set_file_maxlen(int len) -{ - evl_conf.file_maxlen = len; -} - -void -eventlog_set_mailuid(uid_t uid) -{ - evl_conf.mailuid = uid; -} - -void -eventlog_set_omit_hostname(bool omit_hostname) -{ - evl_conf.omit_hostname = omit_hostname; -} - -void -eventlog_set_logpath(const char *path) -{ - evl_conf.logpath = path; -} - -void -eventlog_set_time_fmt(const char *fmt) -{ - evl_conf.time_fmt = fmt; -} - -void -eventlog_set_mailerpath(const char *path) -{ - evl_conf.mailerpath = path; -} - -void -eventlog_set_mailerflags(const char *mflags) -{ - evl_conf.mailerflags = mflags; -} - -void -eventlog_set_mailfrom(const char *from_addr) -{ - evl_conf.mailfrom = from_addr; -} - -void -eventlog_set_mailto(const char *to_addr) -{ - evl_conf.mailto = to_addr; -} - -void -eventlog_set_mailsub(const char *subject) -{ - evl_conf.mailsub = subject; -} - -void -eventlog_set_open_log(FILE *(*fn)(int type, const char *)) -{ - evl_conf.open_log = fn; -} - -void -eventlog_set_close_log(void (*fn)(int type, FILE *)) -{ - evl_conf.close_log = fn; -} - bool -eventlog_setconf(struct eventlog_config *conf) +eventlog_exit(const struct eventlog *evlog, int flags) { - debug_decl(eventlog_setconf, SUDO_DEBUG_UTIL); + const struct eventlog_config *evl_conf = eventlog_getconf(); + const int log_type = evl_conf->type; + struct eventlog_args args = { NULL }; + struct timespec exit_time; + bool ret = true; + debug_decl(eventlog_exit, SUDO_DEBUG_UTIL); - if (conf != NULL) { - memcpy(&evl_conf, conf, sizeof(evl_conf)); - } else { - memset(&evl_conf, 0, sizeof(evl_conf)); + if (sudo_timespecisset(&evlog->run_time)) { + sudo_timespecadd(&evlog->submit_time, &evlog->run_time, &exit_time); + args.event_time = &exit_time; } - /* Apply default values where possible. */ - if (evl_conf.syslog_maxlen == 0) - evl_conf.syslog_maxlen = MAXSYSLOGLEN; - if (evl_conf.logpath == NULL) - evl_conf.logpath = _PATH_SUDO_LOGFILE; - if (evl_conf.time_fmt == NULL) - evl_conf.time_fmt = "%h %e %T"; -#ifdef _PATH_SUDO_SENDMAIL - if (evl_conf.mailerpath == NULL) - evl_conf.mailerpath = _PATH_SUDO_SENDMAIL; -#endif - if (evl_conf.mailerflags == NULL) - evl_conf.mailerflags = "-t"; - if (evl_conf.mailto == NULL) - evl_conf.mailto = MAILTO; - if (evl_conf.mailsub == NULL) - evl_conf.mailsub = N_(MAILSUBJECT); - if (evl_conf.open_log == NULL) - evl_conf.open_log = eventlog_stub_open_log; - if (evl_conf.close_log == NULL) - evl_conf.close_log = eventlog_stub_close_log; + if (ISSET(log_type, EVLOG_SYSLOG)) { + if (!do_syslog(EVLOG_EXIT, flags, &args, evlog)) + ret = false; + CLR(flags, EVLOG_MAIL); + } + if (ISSET(log_type, EVLOG_FILE)) { + if (!do_logfile(EVLOG_EXIT, flags, &args, evlog)) + ret = false; + } - debug_return_bool(true); + debug_return_bool(ret); } diff -Nru sudo-1.9.5p2/lib/eventlog/eventlog_conf.c sudo-1.9.9/lib/eventlog/eventlog_conf.c --- sudo-1.9.5p2/lib/eventlog/eventlog_conf.c 1970-01-01 00:00:00.000000000 +0000 +++ sudo-1.9.9/lib/eventlog/eventlog_conf.c 2022-01-27 21:24:06.000000000 +0000 @@ -0,0 +1,226 @@ +/* + * SPDX-License-Identifier: ISC + * + * Copyright (c) 1994-1996, 1998-2020 Todd C. Miller + * + * Permission to use, copy, modify, and distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR + * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN + * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF + * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + * + * Sponsored in part by the Defense Advanced Research Projects + * Agency (DARPA) and Air Force Research Laboratory, Air Force + * Materiel Command, USAF, under agreement number F39502-99-1-0512. + */ + +/* + * This is an open source non-commercial project. Dear PVS-Studio, please check it. + * PVS-Studio Static Code Analyzer for C, C++ and C#: http://www.viva64.com + */ + +#include + +#include +#include +#include +#include +#include + +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include + +#include "pathnames.h" +#include "sudo_compat.h" +#include "sudo_debug.h" +#include "sudo_eventlog.h" +#include "sudo_fatal.h" +#include "sudo_gettext.h" +#include "sudo_json.h" +#include "sudo_queue.h" +#include "sudo_util.h" + +static FILE *eventlog_stub_open_log(int type, const char *logfile); +static void eventlog_stub_close_log(int type, FILE *fp); + +/* Eventlog config settings (default values). */ +static struct eventlog_config evl_conf = { + EVLOG_NONE, /* type */ + EVLOG_SUDO, /* format */ + LOG_NOTICE, /* syslog_acceptpri */ + LOG_ALERT, /* syslog_rejectpri */ + LOG_ALERT, /* syslog_alertpri */ + MAXSYSLOGLEN, /* syslog_maxlen */ + 0, /* file_maxlen */ + ROOT_UID, /* mailuid */ + false, /* omit_hostname */ + _PATH_SUDO_LOGFILE, /* logpath */ + "%h %e %T", /* time_fmt */ +#ifdef _PATH_SUDO_SENDMAIL + _PATH_SUDO_SENDMAIL, /* mailerpath */ +#else + NULL, /* mailerpath (disabled) */ +#endif + "-t", /* mailerflags */ + NULL, /* mailfrom */ + MAILTO, /* mailto */ + N_(MAILSUBJECT), /* mailsub */ + eventlog_stub_open_log, /* open_log */ + eventlog_stub_close_log /* close_log */ +}; + +static FILE * +eventlog_stub_open_log(int type, const char *logfile) +{ + debug_decl(eventlog_stub_open_log, SUDO_DEBUG_UTIL); + sudo_debug_printf(SUDO_DEBUG_WARN|SUDO_DEBUG_LINENO, + "open_log not set, using stub"); + debug_return_ptr(NULL); +} + +static void +eventlog_stub_close_log(int type, FILE *fp) +{ + debug_decl(eventlog_stub_close_log, SUDO_DEBUG_UTIL); + sudo_debug_printf(SUDO_DEBUG_WARN|SUDO_DEBUG_LINENO, + "close_log not set, using stub"); + debug_return; +} + +/* + * eventlog config setters. + */ + +void +eventlog_set_type(int type) +{ + evl_conf.type = type; +} + +void +eventlog_set_format(enum eventlog_format format) +{ + evl_conf.format = format; +} + +void +eventlog_set_syslog_acceptpri(int pri) +{ + evl_conf.syslog_acceptpri = pri; +} + +void +eventlog_set_syslog_rejectpri(int pri) +{ + evl_conf.syslog_rejectpri = pri; +} + +void +eventlog_set_syslog_alertpri(int pri) +{ + evl_conf.syslog_alertpri = pri; +} + +void +eventlog_set_syslog_maxlen(int len) +{ + evl_conf.syslog_maxlen = len; +} + +void +eventlog_set_file_maxlen(int len) +{ + evl_conf.file_maxlen = len; +} + +void +eventlog_set_mailuid(uid_t uid) +{ + evl_conf.mailuid = uid; +} + +void +eventlog_set_omit_hostname(bool omit_hostname) +{ + evl_conf.omit_hostname = omit_hostname; +} + +void +eventlog_set_logpath(const char *path) +{ + evl_conf.logpath = path; +} + +void +eventlog_set_time_fmt(const char *fmt) +{ + evl_conf.time_fmt = fmt; +} + +void +eventlog_set_mailerpath(const char *path) +{ + evl_conf.mailerpath = path; +} + +void +eventlog_set_mailerflags(const char *mflags) +{ + evl_conf.mailerflags = mflags; +} + +void +eventlog_set_mailfrom(const char *from_addr) +{ + evl_conf.mailfrom = from_addr; +} + +void +eventlog_set_mailto(const char *to_addr) +{ + evl_conf.mailto = to_addr; +} + +void +eventlog_set_mailsub(const char *subject) +{ + evl_conf.mailsub = subject; +} + +void +eventlog_set_open_log(FILE *(*fn)(int type, const char *)) +{ + evl_conf.open_log = fn; +} + +void +eventlog_set_close_log(void (*fn)(int type, FILE *)) +{ + evl_conf.close_log = fn; +} + +/* + * get eventlog config. + */ +const struct eventlog_config * +eventlog_getconf(void) +{ + return &evl_conf; +} diff -Nru sudo-1.9.5p2/lib/eventlog/eventlog_free.c sudo-1.9.9/lib/eventlog/eventlog_free.c --- sudo-1.9.5p2/lib/eventlog/eventlog_free.c 1970-01-01 00:00:00.000000000 +0000 +++ sudo-1.9.9/lib/eventlog/eventlog_free.c 2022-01-27 21:24:22.000000000 +0000 @@ -0,0 +1,74 @@ +/* + * SPDX-License-Identifier: ISC + * + * Copyright (c) 2020 Todd C. Miller + * + * Permission to use, copy, modify, and distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR + * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN + * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF + * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + * + * Sponsored in part by the Defense Advanced Research Projects + * Agency (DARPA) and Air Force Research Laboratory, Air Force + * Materiel Command, USAF, under agreement number F39502-99-1-0512. + */ + +/* + * This is an open source non-commercial project. Dear PVS-Studio, please check it. + * PVS-Studio Static Code Analyzer for C, C++ and C#: http://www.viva64.com + */ + +#include + +#include +#include + +#include "sudo_compat.h" +#include "sudo_debug.h" +#include "sudo_eventlog.h" +#include "sudo_util.h" + +/* + * Free the strings in a struct eventlog. + */ +void +eventlog_free(struct eventlog *evlog) +{ + int i; + debug_decl(eventlog_free, SUDO_DEBUG_UTIL); + + if (evlog != NULL) { + free(evlog->iolog_path); + free(evlog->command); + free(evlog->cwd); + free(evlog->runchroot); + free(evlog->runcwd); + free(evlog->rungroup); + free(evlog->runuser); + free(evlog->signal_name); + free(evlog->submithost); + free(evlog->submituser); + free(evlog->submitgroup); + free(evlog->ttyname); + if (evlog->argv != NULL) { + for (i = 0; evlog->argv[i] != NULL; i++) + free(evlog->argv[i]); + free(evlog->argv); + } + if (evlog->envp != NULL) { + for (i = 0; evlog->envp[i] != NULL; i++) + free(evlog->envp[i]); + free(evlog->envp); + } + free(evlog); + } + + debug_return; +} diff -Nru sudo-1.9.5p2/lib/eventlog/logwrap.c sudo-1.9.9/lib/eventlog/logwrap.c --- sudo-1.9.5p2/lib/eventlog/logwrap.c 2020-12-17 01:33:43.000000000 +0000 +++ sudo-1.9.9/lib/eventlog/logwrap.c 2022-01-27 21:24:06.000000000 +0000 @@ -46,9 +46,9 @@ /* Maximum length too small, disable wrapping. */ outlen = fwrite(line, 1, linelen, fp); if (outlen != linelen) - debug_return_size_t(-1); + debug_return_ssize_t(-1); if (fputc('\n', fp) == EOF) - debug_return_size_t(-1); + debug_return_ssize_t(-1); debug_return_int(outlen + 1); } @@ -67,7 +67,7 @@ } len = fprintf(fp, "%s%.*s\n", indent, (int)(end - beg), beg); if (len < 0) - debug_return_size_t(-1); + debug_return_ssize_t(-1); outlen += len; while (*end == ' ') end++; @@ -82,7 +82,7 @@ if (linelen) { len = fprintf(fp, "%s%s\n", indent, beg); if (len < 0) - debug_return_size_t(-1); + debug_return_ssize_t(-1); outlen += len; } diff -Nru sudo-1.9.5p2/lib/fuzzstub/Makefile.in sudo-1.9.9/lib/fuzzstub/Makefile.in --- sudo-1.9.5p2/lib/fuzzstub/Makefile.in 1970-01-01 00:00:00.000000000 +0000 +++ sudo-1.9.9/lib/fuzzstub/Makefile.in 2022-01-27 21:24:06.000000000 +0000 @@ -0,0 +1,176 @@ +# +# SPDX-License-Identifier: ISC +# +# Copyright (c) 2021 Todd C. Miller +# +# Permission to use, copy, modify, and distribute this software for any +# purpose with or without fee is hereby granted, provided that the above +# copyright notice and this permission notice appear in all copies. +# +# THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES +# WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF +# MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR +# ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES +# WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN +# ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF +# OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. +# +# @configure_input@ +# + +#### Start of system configuration section. #### + +srcdir = @srcdir@ +abs_srcdir = @abs_srcdir@ +top_srcdir = @top_srcdir@ +abs_top_srcdir = @abs_top_srcdir@ +top_builddir = @top_builddir@ +abs_top_builddir = @abs_top_builddir@ +devdir = @devdir@ +scriptdir = $(top_srcdir)/scripts +incdir = $(top_srcdir)/include + +# Compiler & tools to use +CC = @CC@ +LIBTOOL = @LIBTOOL@ + +# C preprocessor flags +CPPFLAGS = -I$(incdir) -I$(top_builddir) -I$(srcdir) -I$(top_srcdir) @CPPFLAGS@ + +# Usually -O and/or -g +CFLAGS = @CFLAGS@ + +# Flags to pass to the link stage +LDFLAGS = @LDFLAGS@ + +# Flags to pass to libtool +LTFLAGS = @LT_STATIC@ + +# Libraries +LT_LIBS = +LIBS = $(LT_LIBS) + +# Address sanitizer flags +ASAN_CFLAGS = @ASAN_CFLAGS@ +ASAN_LDFLAGS = @ASAN_LDFLAGS@ + +# PIE flags +PIE_CFLAGS = @PIE_CFLAGS@ +PIE_LDFLAGS = @PIE_LDFLAGS@ + +# Stack smashing protection flags +SSP_CFLAGS = @SSP_CFLAGS@ +SSP_LDFLAGS = @SSP_LDFLAGS@ + +# cppcheck options, usually set in the top-level Makefile +CPPCHECK_OPTS = -q --enable=warning,performance,portability --suppress=constStatement --suppress=compareBoolExpressionWithInt --error-exitcode=1 --inline-suppr -Dva_copy=va_copy -U__cplusplus -UQUAD_MAX -UQUAD_MIN -UUQUAD_MAX -U_POSIX_HOST_NAME_MAX -U_POSIX_PATH_MAX -U__NBBY -DNSIG=64 + +# splint options, usually set in the top-level Makefile +SPLINT_OPTS = -D__restrict= -checks + +# PVS-studio options +PVS_CFG = $(top_srcdir)/PVS-Studio.cfg +PVS_IGNORE = 'V707,V011,V002,V536' +PVS_LOG_OPTS = -a 'GA:1,2' -e -t errorfile -d $(PVS_IGNORE) + +# Set to non-empty for development mode +DEVEL = @DEVEL@ + +#### End of system configuration section. #### + +SHELL = @SHELL@ + +LIBFUZZSTUB_OBJS = fuzzstub.lo + +IOBJS = $(LIBFUZZSTUB_OBJS:.lo=.i) + +POBJS = $(IOBJS:.i=.plog) + +all: libsudo_fuzzstub.la + +pvs-log-files: $(POBJS) + +pvs-studio: $(POBJS) + plog-converter $(PVS_LOG_OPTS) $(POBJS) + +depend: + $(scriptdir)/mkdep.pl --srcdir=$(abs_top_srcdir) \ + --builddir=$(abs_top_builddir) lib/fuzzstub/Makefile.in + cd $(top_builddir) && ./config.status --file lib/fuzzstub/Makefile + +Makefile: $(srcdir)/Makefile.in + cd $(top_builddir) && ./config.status --file lib/fuzzstub/Makefile + +.SUFFIXES: .c .h .i .lo .plog + +.c.lo: + $(LIBTOOL) $(LTFLAGS) --mode=compile $(CC) -c -o $@ $(CPPFLAGS) $(CFLAGS) $(ASAN_CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $< + +.c.i: + $(CC) -E -o $@ $(CPPFLAGS) $< + +.i.plog: + ifile=$<; rm -f $@; pvs-studio --cfg $(PVS_CFG) --sourcetree-root $(top_srcdir) --skip-cl-exe yes --source-file $${ifile%i}c --i-file $< --output-file $@ + +libsudo_fuzzstub.la: $(LIBFUZZSTUB_OBJS) + $(LIBTOOL) $(LTFLAGS) --mode=link $(CC) -o $@ $(LIBFUZZSTUB_OBJS) $(LT_LIBS) + +pre-install: + +install: + +install-binaries: + +install-includes: + +install-doc: + +install-plugin: + +install-fuzzer: + +uninstall: + +splint: + splint $(SPLINT_OPTS) -I$(incdir) -I$(top_builddir) -I$(top_srcdir) $(srcdir)/*.c + +cppcheck: + cppcheck $(CPPCHECK_OPTS) -I$(incdir) -I$(top_builddir) -I$(top_srcdir) $(srcdir)/*.c + +pvs-log-files: $(POBJS) + +fuzz: + +check-fuzzer: + +check: check-fuzzer + +clean: + -$(LIBTOOL) $(LTFLAGS) --mode=clean rm -f *.lo *.o *.la + -rm -f *.i *.plog stamp-* core *.core core.* + +mostlyclean: clean + +distclean: clean + -rm -rf Makefile .libs + +clobber: distclean + +realclean: distclean + rm -f TAGS tags + +cleandir: realclean + +.PHONY: clean mostlyclean distclean cleandir clobber realclean + +# Autogenerated dependencies, do not modify +fuzzstub.lo: $(srcdir)/fuzzstub.c $(incdir)/compat/stdbool.h \ + $(incdir)/sudo_compat.h $(incdir)/sudo_util.h \ + $(top_builddir)/config.h + $(LIBTOOL) $(LTFLAGS) --mode=compile $(CC) -c -o $@ $(CPPFLAGS) $(CFLAGS) $(ASAN_CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(srcdir)/fuzzstub.c +fuzzstub.i: $(srcdir)/fuzzstub.c $(incdir)/compat/stdbool.h \ + $(incdir)/sudo_compat.h $(incdir)/sudo_util.h \ + $(top_builddir)/config.h + $(CC) -E -o $@ $(CPPFLAGS) $< +fuzzstub.plog: fuzzstub.i + rm -f $@; pvs-studio --cfg $(PVS_CFG) --sourcetree-root $(top_srcdir) --skip-cl-exe yes --source-file $(srcdir)/fuzzstub.c --i-file $< --output-file $@ diff -Nru sudo-1.9.5p2/lib/fuzzstub/fuzzstub.c sudo-1.9.9/lib/fuzzstub/fuzzstub.c --- sudo-1.9.5p2/lib/fuzzstub/fuzzstub.c 1970-01-01 00:00:00.000000000 +0000 +++ sudo-1.9.9/lib/fuzzstub/fuzzstub.c 2022-01-27 21:24:06.000000000 +0000 @@ -0,0 +1,121 @@ +/* + * SPDX-License-Identifier: ISC + * + * Copyright (c) 2021 Todd C. Miller + * + * Permission to use, copy, modify, and distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR + * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN + * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF + * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + */ + +/* + * This is an open source non-commercial project. Dear PVS-Studio, please check it. + * PVS-Studio Static Code Analyzer for C, C++ and C#: http://www.viva64.com + */ + +#include + +#include + +#include +#include +#include +#include +#include +#include +#include +#include +#if defined(HAVE_STDINT_H) +# include +#elif defined(HAVE_INTTYPES_H) +# include +#endif + +#include "sudo_compat.h" +#include "sudo_util.h" + +int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size); + +sudo_dso_public int main(int argc, char *argv[]); + +/* + * Simple driver for fuzzers built for LLVM libfuzzer. + * This stub library allows fuzz targets to be built and run without + * libfuzzer. No actual fuzzing will occur but the provided inputs + * will be tested. + */ +int +main(int argc, char *argv[]) +{ + struct timespec start_time, stop_time; + size_t filesize, bufsize = 0; + ssize_t nread; + struct stat sb; + uint8_t *buf = NULL; + int fd, i, errors = 0; + long ms; + + /* Test provided input files. */ + for (i = 1; i < argc; i++) { + fd = open(argv[i], O_RDONLY); + if (fd == -1 || fstat(fd, &sb) != 0) { + fprintf(stderr, "open %s: %s\n", argv[i], strerror(errno)); + if (fd != -1) + close(fd); + errors++; + continue; + } +#ifndef __LP64__ + if (sizeof(sb.st_size) > sizeof(size_t) && sb.st_size > SSIZE_MAX) { + errno = E2BIG; + fprintf(stderr, "%s: %s\n", argv[i], strerror(errno)); + close(fd); + errors++; + continue; + } +#endif + filesize = sb.st_size; + if (bufsize < filesize) { + void *tmp = realloc(buf, filesize); + if (tmp == NULL) { + fprintf(stderr, "realloc: %s\n", strerror(errno)); + close(fd); + errors++; + continue; + } + buf = tmp; + bufsize = filesize; + } + nread = read(fd, buf, filesize); + if ((size_t)nread != filesize) { + if (nread == -1) + fprintf(stderr, "read %s: %s\n", argv[i], strerror(errno)); + else + fprintf(stderr, "read %s: short read\n", argv[i]); + close(fd); + errors++; + continue; + } + close(fd); + + /* NOTE: doesn't support LLVMFuzzerInitialize() (but we don't use it) */ + fprintf(stderr, "Running: %s\n", argv[i]); + sudo_gettime_mono(&start_time); + LLVMFuzzerTestOneInput(buf, nread); + sudo_gettime_mono(&stop_time); + sudo_timespecsub(&stop_time, &start_time, &stop_time); + ms = (stop_time.tv_sec * 1000) + (stop_time.tv_nsec / 1000000); + fprintf(stderr, "Executed %s in %ld ms\n", argv[i], ms); + } + free(buf); + + return errors; +} diff -Nru sudo-1.9.5p2/lib/iolog/Makefile.in sudo-1.9.9/lib/iolog/Makefile.in --- sudo-1.9.5p2/lib/iolog/Makefile.in 2021-01-09 20:12:16.000000000 +0000 +++ sudo-1.9.9/lib/iolog/Makefile.in 2022-01-27 21:24:22.000000000 +0000 @@ -1,7 +1,7 @@ # # SPDX-License-Identifier: ISC # -# Copyright (c) 2011-2020 Todd C. Miller +# Copyright (c) 2011-2021 Todd C. Miller # # Permission to use, copy, modify, and distribute this software for any # purpose with or without fee is hereby granted, provided that the above @@ -34,9 +34,12 @@ # Compiler & tools to use CC = @CC@ LIBTOOL = @LIBTOOL@ +SHA1SUM = @SHA1SUM@ +SED = @SED@ # Libraries -LT_LIBS = $(top_builddir)/lib/util/libsudo_util.la +LT_LIBS = $(top_builddir)/lib/eventlog/libsudo_eventlog.la \ + $(top_builddir)/lib/util/libsudo_util.la LIBS = @LIBS@ @ZLIB@ $(LT_LIBS) # C preprocessor flags @@ -75,10 +78,20 @@ PVS_LOG_OPTS = -a 'GA:1,2' -e -t errorfile -d $(PVS_IGNORE) # Regression tests -TEST_PROGS = check_iolog_json check_iolog_mkpath check_iolog_path check_iolog_util host_port_test -TEST_LIBS = @LIBS@ $(top_builddir)/lib/eventlog/libsudo_eventlog.la +TEST_PROGS = check_iolog_json check_iolog_mkpath check_iolog_path check_iolog_timing host_port_test +TEST_LIBS = @LIBS@ TEST_LDFLAGS = @LDFLAGS@ +# Fuzzers +LIBFUZZSTUB = $(top_builddir)/lib/fuzzstub/libsudo_fuzzstub.la +LIB_FUZZING_ENGINE = @FUZZ_ENGINE@ +FUZZ_PROGS = fuzz_iolog_json fuzz_iolog_legacy fuzz_iolog_timing +FUZZ_SEED_CORPUS = ${FUZZ_PROGS:=_seed_corpus.zip} +FUZZ_LIBS = $(LIB_FUZZING_ENGINE) @LIBS@ +FUZZ_LDFLAGS = @LDFLAGS@ +FUZZ_MAX_LEN = 4096 +FUZZ_RUNS = 8192 + # Set to non-empty for development mode DEVEL = @DEVEL@ @@ -86,22 +99,39 @@ SHELL = @SHELL@ -LIBIOLOG_OBJS = iolog_fileio.lo iolog_json.lo iolog_path.lo iolog_util.lo \ - host_port.lo hostcheck.lo +LIBIOLOG_OBJS = host_port.lo hostcheck.lo iolog_clearerr.lo iolog_close.lo \ + iolog_conf.lo iolog_eof.lo iolog_flush.lo iolog_gets.lo \ + iolog_json.lo iolog_legacy.lo iolog_loginfo.lo iolog_mkdirs.lo \ + iolog_mkdtemp.lo iolog_mkpath.lo iolog_nextid.lo \ + iolog_open.lo iolog_openat.lo iolog_path.lo iolog_read.lo \ + iolog_seek.lo iolog_swapids.lo iolog_timing.lo iolog_util.lo \ + iolog_write.lo IOBJS = $(LIBIOLOG_OBJS:.lo=.i) POBJS = $(IOBJS:.i=.plog) -CHECK_IOLOG_MKPATH_OBJS = check_iolog_mkpath.lo iolog_fileio.lo +CHECK_IOLOG_MKPATH_OBJS = check_iolog_mkpath.lo + +CHECK_IOLOG_PATH_OBJS = check_iolog_path.lo + +CHECK_IOLOG_TIMING_OBJS = check_iolog_timing.lo + +CHECK_IOLOG_JSON_OBJS = check_iolog_json.lo + +HOST_PORT_TEST_OBJS = host_port_test.lo + +FUZZ_IOLOG_JSON_OBJS = fuzz_iolog_json.lo -CHECK_IOLOG_PATH_OBJS = check_iolog_path.lo iolog_path.lo +FUZZ_IOLOG_JSON_CORPUS = $(srcdir)/regress/corpus/seed/log_json/*.json -CHECK_IOLOG_UTIL_OBJS = check_iolog_util.lo iolog_json.lo iolog_util.lo +FUZZ_IOLOG_LEGACY_OBJS = fuzz_iolog_legacy.lo -CHECK_IOLOG_JSON_OBJS = check_iolog_json.lo iolog_json.lo +FUZZ_IOLOG_LEGACY_CORPUS = $(srcdir)/regress/corpus/seed/log_legacy/*.log -HOST_PORT_TEST_OBJS = host_port_test.lo host_port.lo +FUZZ_IOLOG_TIMING_OBJS = fuzz_iolog_timing.lo + +FUZZ_IOLOG_TIMING_CORPUS = $(srcdir)/regress/corpus/seed/timing/timing.* all: libsudo_iolog.la @@ -129,7 +159,7 @@ .i.plog: ifile=$<; rm -f $@; pvs-studio --cfg $(PVS_CFG) --sourcetree-root $(top_srcdir) --skip-cl-exe yes --source-file $${ifile%i}c --i-file $< --output-file $@ -libsudo_iolog.la: $(LIBIOLOG_OBJS) +libsudo_iolog.la: $(LIBIOLOG_OBJS) $(LT_LIBS) $(LIBTOOL) $(LTFLAGS) --mode=link $(CC) -o $@ $(LIBIOLOG_OBJS) $(LT_LIBS) @ZLIB@ @NET_LIBS@ check_iolog_path: $(CHECK_IOLOG_PATH_OBJS) libsudo_iolog.la @@ -138,8 +168,8 @@ check_iolog_mkpath: $(CHECK_IOLOG_MKPATH_OBJS) libsudo_iolog.la $(LIBTOOL) $(LTFLAGS) --mode=link $(CC) -o $@ $(CHECK_IOLOG_MKPATH_OBJS) libsudo_iolog.la $(ASAN_LDFLAGS) $(PIE_LDFLAGS) $(SSP_LDFLAGS) $(TEST_LDFLAGS) $(TEST_LIBS) -check_iolog_util: $(CHECK_IOLOG_UTIL_OBJS) libsudo_iolog.la - $(LIBTOOL) $(LTFLAGS) --mode=link $(CC) -o $@ $(CHECK_IOLOG_UTIL_OBJS) libsudo_iolog.la $(ASAN_LDFLAGS) $(PIE_LDFLAGS) $(SSP_LDFLAGS) $(TEST_LDFLAGS) $(TEST_LIBS) +check_iolog_timing: $(CHECK_IOLOG_TIMING_OBJS) libsudo_iolog.la + $(LIBTOOL) $(LTFLAGS) --mode=link $(CC) -o $@ $(CHECK_IOLOG_TIMING_OBJS) libsudo_iolog.la $(ASAN_LDFLAGS) $(PIE_LDFLAGS) $(SSP_LDFLAGS) $(TEST_LDFLAGS) $(TEST_LIBS) check_iolog_json: $(CHECK_IOLOG_JSON_OBJS) libsudo_iolog.la $(LIBTOOL) $(LTFLAGS) --mode=link $(CC) -o $@ $(CHECK_IOLOG_JSON_OBJS) libsudo_iolog.la $(ASAN_LDFLAGS) $(PIE_LDFLAGS) $(SSP_LDFLAGS) $(TEST_LDFLAGS) $(TEST_LIBS) @@ -147,6 +177,93 @@ host_port_test: $(HOST_PORT_TEST_OBJS) libsudo_iolog.la $(LIBTOOL) $(LTFLAGS) --mode=link $(CC) -o $@ $(HOST_PORT_TEST_OBJS) libsudo_iolog.la $(ASAN_LDFLAGS) $(PIE_LDFLAGS) $(SSP_LDFLAGS) $(TEST_LDFLAGS) $(TEST_LIBS) +fuzz_iolog_json: $(FUZZ_IOLOG_JSON_OBJS) $(LIBFUZZSTUB) libsudo_iolog.la + $(LIBTOOL) $(LTFLAGS) --mode=link @FUZZ_LD@ -o $@ $(FUZZ_IOLOG_JSON_OBJS) $(ASAN_LDFLAGS) $(PIE_LDFLAGS) $(SSP_LDFLAGS) $(FUZZ_LDFLAGS) $(FUZZ_LIBS) libsudo_iolog.la + +fuzz_iolog_legacy: $(FUZZ_IOLOG_LEGACY_OBJS) $(LIBFUZZSTUB) libsudo_iolog.la + $(LIBTOOL) $(LTFLAGS) --mode=link @FUZZ_LD@ -o $@ $(FUZZ_IOLOG_LEGACY_OBJS) $(ASAN_LDFLAGS) $(PIE_LDFLAGS) $(SSP_LDFLAGS) $(FUZZ_LDFLAGS) $(FUZZ_LIBS) libsudo_iolog.la + +fuzz_iolog_timing: $(FUZZ_IOLOG_TIMING_OBJS) $(LIBFUZZSTUB) libsudo_iolog.la + $(LIBTOOL) $(LTFLAGS) --mode=link @FUZZ_LD@ -o $@ $(FUZZ_IOLOG_TIMING_OBJS) $(ASAN_LDFLAGS) $(PIE_LDFLAGS) $(SSP_LDFLAGS) $(FUZZ_LDFLAGS) $(FUZZ_LIBS) libsudo_iolog.la + +fuzz_iolog_json_seed_corpus.zip: + tdir=fuzz_iolog_json.$$$$; \ + mkdir $$tdir; \ + for f in $(FUZZ_IOLOG_JSON_CORPUS); do \ + cp $$f $$tdir/`$(SHA1SUM) $$f | $(SED) -e 's/^.*= *//' -e 's/ .*//'`; \ + done; \ + zip -j $@ $$tdir/*; \ + rm -rf $$tdir + +run-fuzz_iolog_json: fuzz_iolog_json + if locale -a 2>&1 | grep '^C.UTF-8$$' >/dev/null 2>&1; then \ + LC_ALL=C.UTF-8; export LC_ALL; \ + else \ + LC_ALL=C; export LC_ALL; \ + fi; \ + unset LANG || LANG=; \ + MALLOC_OPTIONS=S; export MALLOC_OPTIONS; \ + MALLOC_CONF="abort:true,junk:true"; export MALLOC_CONF; \ + umask 022; \ + corpus=regress/corpus/iolog_json; \ + mkdir -p $$corpus; \ + for f in $(FUZZ_IOLOG_JSON_CORPUS); do \ + cp $$f $$corpus; \ + done; \ + ./fuzz_iolog_json -dict=$(srcdir)/regress/fuzz/fuzz_iolog_json.dict -max_len=$(FUZZ_MAX_LEN) -runs=$(FUZZ_RUNS) $$corpus + +fuzz_iolog_legacy_seed_corpus.zip: + tdir=fuzz_iolog_legacy.$$$$; \ + mkdir $$tdir; \ + for f in $(FUZZ_IOLOG_LEGACY_CORPUS); do \ + cp $$f $$tdir/`$(SHA1SUM) $$f | $(SED) -e 's/^.*= *//' -e 's/ .*//'`; \ + done; \ + zip -j $@ $$tdir/*; \ + rm -rf $$tdir + +run-fuzz_iolog_legacy: fuzz_iolog_legacy + if locale -a 2>&1 | grep '^C.UTF-8$$' >/dev/null 2>&1; then \ + LC_ALL=C.UTF-8; export LC_ALL; \ + else \ + LC_ALL=C; export LC_ALL; \ + fi; \ + unset LANG || LANG=; \ + MALLOC_OPTIONS=S; export MALLOC_OPTIONS; \ + MALLOC_CONF="abort:true,junk:true"; export MALLOC_CONF; \ + umask 022; \ + corpus=regress/corpus/iolog_legacy; \ + mkdir -p $$corpus; \ + for f in $(FUZZ_IOLOG_LEGACY_CORPUS); do \ + cp $$f $$corpus; \ + done; \ + ./fuzz_iolog_legacy -max_len=$(FUZZ_MAX_LEN) -runs=$(FUZZ_RUNS) $$corpus + +fuzz_iolog_timing_seed_corpus.zip: + tdir=fuzz_iolog_timing.$$$$; \ + mkdir $$tdir; \ + for f in $(FUZZ_IOLOG_TIMING_CORPUS); do \ + cp $$f $$tdir/`$(SHA1SUM) $$f | $(SED) -e 's/^.*= *//' -e 's/ .*//'`; \ + done; \ + zip -j $@ $$tdir/*; \ + rm -rf $$tdir + +run-fuzz_iolog_timing: fuzz_iolog_timing + if locale -a 2>&1 | grep '^C.UTF-8$$' >/dev/null 2>&1; then \ + LC_ALL=C.UTF-8; export LC_ALL; \ + else \ + LC_ALL=C; export LC_ALL; \ + fi; \ + unset LANG || LANG=; \ + MALLOC_OPTIONS=S; export MALLOC_OPTIONS; \ + MALLOC_CONF="abort:true,junk:true"; export MALLOC_CONF; \ + umask 022; \ + corpus=regress/corpus/iolog_timing; \ + mkdir -p $$corpus; \ + for f in $(FUZZ_IOLOG_TIMING_CORPUS); do \ + cp $$f $$corpus; \ + done; \ + ./fuzz_iolog_timing -max_len=$(FUZZ_MAX_LEN) -runs=$(FUZZ_RUNS) $$corpus + pre-install: install: @@ -159,6 +276,14 @@ install-plugin: +install-fuzzer: $(FUZZ_PROGS) $(FUZZ_SEED_CORPUS) + @if test X"$(FUZZ_DESTDIR)" = X""; then \ + echo "must set FUZZ_DESTDIR for install-fuzzer target"; \ + else \ + cp $(FUZZ_PROGS) $(FUZZ_SEED_CORPUS) $(FUZZ_DESTDIR); \ + cp $(srcdir)/regress/fuzz/*.dict $(FUZZ_DESTDIR); \ + fi + uninstall: splint: @@ -169,23 +294,51 @@ pvs-log-files: $(POBJS) -check: $(TEST_PROGS) +fuzz: run-fuzz_iolog_json run-fuzz_iolog_legacy run-fuzz_iolog_timing + +check-fuzzer: $(FUZZ_PROGS) @if test X"$(cross_compiling)" != X"yes"; then \ - LC_ALL=C; export LC_ALL; \ + if locale -a 2>&1 | grep '^C.UTF-8$$' >/dev/null 2>&1; then \ + LC_ALL=C.UTF-8; export LC_ALL; \ + else \ + LC_ALL=C; export LC_ALL; \ + fi; \ unset LANG || LANG=; \ + MALLOC_OPTIONS=S; export MALLOC_OPTIONS; \ + MALLOC_CONF="abort:true,junk:true"; export MALLOC_CONF; \ + echo "fuzz_iolog_legacy: verifying corpus"; \ + ./fuzz_iolog_legacy $(FUZZ_IOLOG_LEGACY_CORPUS); \ + echo "fuzz_iolog_json: verifying corpus"; \ + ./fuzz_iolog_json $(FUZZ_IOLOG_JSON_CORPUS); \ + echo "fuzz_iolog_timing: verifying corpus"; \ + ./fuzz_iolog_timing $(FUZZ_IOLOG_TIMING_CORPUS); \ + fi + +check: $(TEST_PROGS) check-fuzzer + @if test X"$(cross_compiling)" != X"yes"; then \ + if locale -a 2>&1 | grep '^C.UTF-8$$' >/dev/null 2>&1; then \ + LC_ALL=C.UTF-8; export LC_ALL; \ + else \ + LC_ALL=C; export LC_ALL; \ + fi; \ + unset LANG || LANG=; \ + MALLOC_OPTIONS=S; export MALLOC_OPTIONS; \ + MALLOC_CONF="abort:true,junk:true"; export MALLOC_CONF; \ rval=0; \ ./check_iolog_json $(srcdir)/regress/iolog_json/*.in || rval=`expr $$rval + $$?`; \ ./check_iolog_path $(srcdir)/regress/iolog_path/data || rval=`expr $$rval + $$?`; \ ./check_iolog_mkpath || rval=`expr $$rval + $$?`; \ - ./check_iolog_util || rval=`expr $$rval + $$?`; \ + ./check_iolog_timing || rval=`expr $$rval + $$?`; \ ./host_port_test || rval=`expr $$rval + $$?`; \ exit $$rval; \ fi clean: - -$(LIBTOOL) $(LTFLAGS) --mode=clean rm -f $(TEST_PROGS) *.lo *.o *.la + -$(LIBTOOL) $(LTFLAGS) --mode=clean rm -f $(TEST_PROGS) $(FUZZ_PROGS) \ + *.lo *.o *.la -rm -f *.i *.plog stamp-* core *.core core.* regress/*/*.out \ - regress/*/*.err + regress/*/*.err regress/corpus/iolog_json \ + regress/corpus/iolog_legacy regress/corpus/iolog_timing mostlyclean: clean @@ -199,6 +352,10 @@ cleandir: realclean +.PHONY: clean mostlyclean distclean cleandir clobber realclean \ + $(FUZZ_SEED_CORPUS) run-fuzz_iolog_json run-fuzz_iolog_legacy \ + run-fuzz_iolog_timing + # Autogenerated dependencies, do not modify check_iolog_json.lo: $(srcdir)/regress/iolog_json/check_iolog_json.c \ $(incdir)/compat/stdbool.h $(incdir)/sudo_compat.h \ @@ -244,20 +401,70 @@ $(CC) -E -o $@ $(CPPFLAGS) $< check_iolog_path.plog: check_iolog_path.i rm -f $@; pvs-studio --cfg $(PVS_CFG) --sourcetree-root $(top_srcdir) --skip-cl-exe yes --source-file $(srcdir)/regress/iolog_path/check_iolog_path.c --i-file $< --output-file $@ -check_iolog_util.lo: $(srcdir)/regress/iolog_util/check_iolog_util.c \ - $(incdir)/compat/stdbool.h $(incdir)/sudo_compat.h \ - $(incdir)/sudo_fatal.h $(incdir)/sudo_iolog.h \ - $(incdir)/sudo_plugin.h $(incdir)/sudo_util.h \ - $(top_builddir)/config.h - $(LIBTOOL) $(LTFLAGS) --mode=compile $(CC) -c -o $@ $(CPPFLAGS) $(CFLAGS) $(ASAN_CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(srcdir)/regress/iolog_util/check_iolog_util.c -check_iolog_util.i: $(srcdir)/regress/iolog_util/check_iolog_util.c \ - $(incdir)/compat/stdbool.h $(incdir)/sudo_compat.h \ - $(incdir)/sudo_fatal.h $(incdir)/sudo_iolog.h \ - $(incdir)/sudo_plugin.h $(incdir)/sudo_util.h \ - $(top_builddir)/config.h +check_iolog_timing.lo: $(srcdir)/regress/iolog_timing/check_iolog_timing.c \ + $(incdir)/compat/stdbool.h $(incdir)/sudo_compat.h \ + $(incdir)/sudo_fatal.h $(incdir)/sudo_iolog.h \ + $(incdir)/sudo_plugin.h $(incdir)/sudo_util.h \ + $(top_builddir)/config.h + $(LIBTOOL) $(LTFLAGS) --mode=compile $(CC) -c -o $@ $(CPPFLAGS) $(CFLAGS) $(ASAN_CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(srcdir)/regress/iolog_timing/check_iolog_timing.c +check_iolog_timing.i: $(srcdir)/regress/iolog_timing/check_iolog_timing.c \ + $(incdir)/compat/stdbool.h $(incdir)/sudo_compat.h \ + $(incdir)/sudo_fatal.h $(incdir)/sudo_iolog.h \ + $(incdir)/sudo_plugin.h $(incdir)/sudo_util.h \ + $(top_builddir)/config.h $(CC) -E -o $@ $(CPPFLAGS) $< -check_iolog_util.plog: check_iolog_util.i - rm -f $@; pvs-studio --cfg $(PVS_CFG) --sourcetree-root $(top_srcdir) --skip-cl-exe yes --source-file $(srcdir)/regress/iolog_util/check_iolog_util.c --i-file $< --output-file $@ +check_iolog_timing.plog: check_iolog_timing.i + rm -f $@; pvs-studio --cfg $(PVS_CFG) --sourcetree-root $(top_srcdir) --skip-cl-exe yes --source-file $(srcdir)/regress/iolog_timing/check_iolog_timing.c --i-file $< --output-file $@ +fuzz_iolog_json.lo: $(srcdir)/regress/fuzz/fuzz_iolog_json.c \ + $(incdir)/compat/stdbool.h $(incdir)/sudo_compat.h \ + $(incdir)/sudo_debug.h $(incdir)/sudo_eventlog.h \ + $(incdir)/sudo_fatal.h $(incdir)/sudo_iolog.h \ + $(incdir)/sudo_json.h $(incdir)/sudo_plugin.h \ + $(incdir)/sudo_queue.h $(incdir)/sudo_util.h \ + $(srcdir)/iolog_json.h $(top_builddir)/config.h + $(LIBTOOL) $(LTFLAGS) --mode=compile $(CC) -c -o $@ $(CPPFLAGS) $(CFLAGS) $(ASAN_CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(srcdir)/regress/fuzz/fuzz_iolog_json.c +fuzz_iolog_json.i: $(srcdir)/regress/fuzz/fuzz_iolog_json.c \ + $(incdir)/compat/stdbool.h $(incdir)/sudo_compat.h \ + $(incdir)/sudo_debug.h $(incdir)/sudo_eventlog.h \ + $(incdir)/sudo_fatal.h $(incdir)/sudo_iolog.h \ + $(incdir)/sudo_json.h $(incdir)/sudo_plugin.h \ + $(incdir)/sudo_queue.h $(incdir)/sudo_util.h \ + $(srcdir)/iolog_json.h $(top_builddir)/config.h + $(CC) -E -o $@ $(CPPFLAGS) $< +fuzz_iolog_json.plog: fuzz_iolog_json.i + rm -f $@; pvs-studio --cfg $(PVS_CFG) --sourcetree-root $(top_srcdir) --skip-cl-exe yes --source-file $(srcdir)/regress/fuzz/fuzz_iolog_json.c --i-file $< --output-file $@ +fuzz_iolog_legacy.lo: $(srcdir)/regress/fuzz/fuzz_iolog_legacy.c \ + $(incdir)/compat/stdbool.h $(incdir)/sudo_compat.h \ + $(incdir)/sudo_debug.h $(incdir)/sudo_eventlog.h \ + $(incdir)/sudo_fatal.h $(incdir)/sudo_iolog.h \ + $(incdir)/sudo_plugin.h $(incdir)/sudo_queue.h \ + $(incdir)/sudo_util.h $(top_builddir)/config.h + $(LIBTOOL) $(LTFLAGS) --mode=compile $(CC) -c -o $@ $(CPPFLAGS) $(CFLAGS) $(ASAN_CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(srcdir)/regress/fuzz/fuzz_iolog_legacy.c +fuzz_iolog_legacy.i: $(srcdir)/regress/fuzz/fuzz_iolog_legacy.c \ + $(incdir)/compat/stdbool.h $(incdir)/sudo_compat.h \ + $(incdir)/sudo_debug.h $(incdir)/sudo_eventlog.h \ + $(incdir)/sudo_fatal.h $(incdir)/sudo_iolog.h \ + $(incdir)/sudo_plugin.h $(incdir)/sudo_queue.h \ + $(incdir)/sudo_util.h $(top_builddir)/config.h + $(CC) -E -o $@ $(CPPFLAGS) $< +fuzz_iolog_legacy.plog: fuzz_iolog_legacy.i + rm -f $@; pvs-studio --cfg $(PVS_CFG) --sourcetree-root $(top_srcdir) --skip-cl-exe yes --source-file $(srcdir)/regress/fuzz/fuzz_iolog_legacy.c --i-file $< --output-file $@ +fuzz_iolog_timing.lo: $(srcdir)/regress/fuzz/fuzz_iolog_timing.c \ + $(incdir)/compat/stdbool.h $(incdir)/sudo_compat.h \ + $(incdir)/sudo_debug.h $(incdir)/sudo_eventlog.h \ + $(incdir)/sudo_fatal.h $(incdir)/sudo_iolog.h \ + $(incdir)/sudo_plugin.h $(incdir)/sudo_queue.h \ + $(incdir)/sudo_util.h $(top_builddir)/config.h + $(LIBTOOL) $(LTFLAGS) --mode=compile $(CC) -c -o $@ $(CPPFLAGS) $(CFLAGS) $(ASAN_CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(srcdir)/regress/fuzz/fuzz_iolog_timing.c +fuzz_iolog_timing.i: $(srcdir)/regress/fuzz/fuzz_iolog_timing.c \ + $(incdir)/compat/stdbool.h $(incdir)/sudo_compat.h \ + $(incdir)/sudo_debug.h $(incdir)/sudo_eventlog.h \ + $(incdir)/sudo_fatal.h $(incdir)/sudo_iolog.h \ + $(incdir)/sudo_plugin.h $(incdir)/sudo_queue.h \ + $(incdir)/sudo_util.h $(top_builddir)/config.h + $(CC) -E -o $@ $(CPPFLAGS) $< +fuzz_iolog_timing.plog: fuzz_iolog_timing.i + rm -f $@; pvs-studio --cfg $(PVS_CFG) --sourcetree-root $(top_srcdir) --skip-cl-exe yes --source-file $(srcdir)/regress/fuzz/fuzz_iolog_timing.c --i-file $< --output-file $@ host_port.lo: $(srcdir)/host_port.c $(incdir)/compat/stdbool.h \ $(incdir)/sudo_compat.h $(incdir)/sudo_debug.h \ $(incdir)/sudo_gettext.h $(incdir)/sudo_queue.h \ @@ -296,26 +503,80 @@ $(CC) -E -o $@ $(CPPFLAGS) $< hostcheck.plog: hostcheck.i rm -f $@; pvs-studio --cfg $(PVS_CFG) --sourcetree-root $(top_srcdir) --skip-cl-exe yes --source-file $(srcdir)/hostcheck.c --i-file $< --output-file $@ -iolog_fileio.lo: $(srcdir)/iolog_fileio.c $(incdir)/compat/stdbool.h \ - $(incdir)/sudo_compat.h $(incdir)/sudo_conf.h \ - $(incdir)/sudo_debug.h $(incdir)/sudo_eventlog.h \ - $(incdir)/sudo_fatal.h $(incdir)/sudo_gettext.h \ - $(incdir)/sudo_iolog.h $(incdir)/sudo_json.h \ - $(incdir)/sudo_plugin.h $(incdir)/sudo_queue.h \ - $(incdir)/sudo_util.h $(top_builddir)/config.h \ - $(top_builddir)/pathnames.h - $(LIBTOOL) $(LTFLAGS) --mode=compile $(CC) -c -o $@ $(CPPFLAGS) $(CFLAGS) $(ASAN_CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(srcdir)/iolog_fileio.c -iolog_fileio.i: $(srcdir)/iolog_fileio.c $(incdir)/compat/stdbool.h \ - $(incdir)/sudo_compat.h $(incdir)/sudo_conf.h \ - $(incdir)/sudo_debug.h $(incdir)/sudo_eventlog.h \ - $(incdir)/sudo_fatal.h $(incdir)/sudo_gettext.h \ - $(incdir)/sudo_iolog.h $(incdir)/sudo_json.h \ - $(incdir)/sudo_plugin.h $(incdir)/sudo_queue.h \ - $(incdir)/sudo_util.h $(top_builddir)/config.h \ - $(top_builddir)/pathnames.h +iolog_clearerr.lo: $(srcdir)/iolog_clearerr.c $(incdir)/compat/stdbool.h \ + $(incdir)/sudo_compat.h $(incdir)/sudo_debug.h \ + $(incdir)/sudo_iolog.h $(incdir)/sudo_queue.h \ + $(top_builddir)/config.h + $(LIBTOOL) $(LTFLAGS) --mode=compile $(CC) -c -o $@ $(CPPFLAGS) $(CFLAGS) $(ASAN_CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(srcdir)/iolog_clearerr.c +iolog_clearerr.i: $(srcdir)/iolog_clearerr.c $(incdir)/compat/stdbool.h \ + $(incdir)/sudo_compat.h $(incdir)/sudo_debug.h \ + $(incdir)/sudo_iolog.h $(incdir)/sudo_queue.h \ + $(top_builddir)/config.h $(CC) -E -o $@ $(CPPFLAGS) $< -iolog_fileio.plog: iolog_fileio.i - rm -f $@; pvs-studio --cfg $(PVS_CFG) --sourcetree-root $(top_srcdir) --skip-cl-exe yes --source-file $(srcdir)/iolog_fileio.c --i-file $< --output-file $@ +iolog_clearerr.plog: iolog_clearerr.i + rm -f $@; pvs-studio --cfg $(PVS_CFG) --sourcetree-root $(top_srcdir) --skip-cl-exe yes --source-file $(srcdir)/iolog_clearerr.c --i-file $< --output-file $@ +iolog_close.lo: $(srcdir)/iolog_close.c $(incdir)/compat/stdbool.h \ + $(incdir)/sudo_compat.h $(incdir)/sudo_debug.h \ + $(incdir)/sudo_iolog.h $(incdir)/sudo_queue.h \ + $(top_builddir)/config.h + $(LIBTOOL) $(LTFLAGS) --mode=compile $(CC) -c -o $@ $(CPPFLAGS) $(CFLAGS) $(ASAN_CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(srcdir)/iolog_close.c +iolog_close.i: $(srcdir)/iolog_close.c $(incdir)/compat/stdbool.h \ + $(incdir)/sudo_compat.h $(incdir)/sudo_debug.h \ + $(incdir)/sudo_iolog.h $(incdir)/sudo_queue.h \ + $(top_builddir)/config.h + $(CC) -E -o $@ $(CPPFLAGS) $< +iolog_close.plog: iolog_close.i + rm -f $@; pvs-studio --cfg $(PVS_CFG) --sourcetree-root $(top_srcdir) --skip-cl-exe yes --source-file $(srcdir)/iolog_close.c --i-file $< --output-file $@ +iolog_conf.lo: $(srcdir)/iolog_conf.c $(incdir)/compat/stdbool.h \ + $(incdir)/sudo_compat.h $(incdir)/sudo_debug.h \ + $(incdir)/sudo_iolog.h $(incdir)/sudo_queue.h \ + $(incdir)/sudo_util.h $(top_builddir)/config.h \ + $(top_builddir)/pathnames.h + $(LIBTOOL) $(LTFLAGS) --mode=compile $(CC) -c -o $@ $(CPPFLAGS) $(CFLAGS) $(ASAN_CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(srcdir)/iolog_conf.c +iolog_conf.i: $(srcdir)/iolog_conf.c $(incdir)/compat/stdbool.h \ + $(incdir)/sudo_compat.h $(incdir)/sudo_debug.h \ + $(incdir)/sudo_iolog.h $(incdir)/sudo_queue.h \ + $(incdir)/sudo_util.h $(top_builddir)/config.h \ + $(top_builddir)/pathnames.h + $(CC) -E -o $@ $(CPPFLAGS) $< +iolog_conf.plog: iolog_conf.i + rm -f $@; pvs-studio --cfg $(PVS_CFG) --sourcetree-root $(top_srcdir) --skip-cl-exe yes --source-file $(srcdir)/iolog_conf.c --i-file $< --output-file $@ +iolog_eof.lo: $(srcdir)/iolog_eof.c $(incdir)/compat/stdbool.h \ + $(incdir)/sudo_compat.h $(incdir)/sudo_debug.h \ + $(incdir)/sudo_iolog.h $(incdir)/sudo_queue.h \ + $(top_builddir)/config.h + $(LIBTOOL) $(LTFLAGS) --mode=compile $(CC) -c -o $@ $(CPPFLAGS) $(CFLAGS) $(ASAN_CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(srcdir)/iolog_eof.c +iolog_eof.i: $(srcdir)/iolog_eof.c $(incdir)/compat/stdbool.h \ + $(incdir)/sudo_compat.h $(incdir)/sudo_debug.h \ + $(incdir)/sudo_iolog.h $(incdir)/sudo_queue.h \ + $(top_builddir)/config.h + $(CC) -E -o $@ $(CPPFLAGS) $< +iolog_eof.plog: iolog_eof.i + rm -f $@; pvs-studio --cfg $(PVS_CFG) --sourcetree-root $(top_srcdir) --skip-cl-exe yes --source-file $(srcdir)/iolog_eof.c --i-file $< --output-file $@ +iolog_flush.lo: $(srcdir)/iolog_flush.c $(incdir)/compat/stdbool.h \ + $(incdir)/sudo_compat.h $(incdir)/sudo_debug.h \ + $(incdir)/sudo_iolog.h $(incdir)/sudo_queue.h \ + $(top_builddir)/config.h + $(LIBTOOL) $(LTFLAGS) --mode=compile $(CC) -c -o $@ $(CPPFLAGS) $(CFLAGS) $(ASAN_CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(srcdir)/iolog_flush.c +iolog_flush.i: $(srcdir)/iolog_flush.c $(incdir)/compat/stdbool.h \ + $(incdir)/sudo_compat.h $(incdir)/sudo_debug.h \ + $(incdir)/sudo_iolog.h $(incdir)/sudo_queue.h \ + $(top_builddir)/config.h + $(CC) -E -o $@ $(CPPFLAGS) $< +iolog_flush.plog: iolog_flush.i + rm -f $@; pvs-studio --cfg $(PVS_CFG) --sourcetree-root $(top_srcdir) --skip-cl-exe yes --source-file $(srcdir)/iolog_flush.c --i-file $< --output-file $@ +iolog_gets.lo: $(srcdir)/iolog_gets.c $(incdir)/compat/stdbool.h \ + $(incdir)/sudo_compat.h $(incdir)/sudo_debug.h \ + $(incdir)/sudo_iolog.h $(incdir)/sudo_queue.h \ + $(top_builddir)/config.h + $(LIBTOOL) $(LTFLAGS) --mode=compile $(CC) -c -o $@ $(CPPFLAGS) $(CFLAGS) $(ASAN_CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(srcdir)/iolog_gets.c +iolog_gets.i: $(srcdir)/iolog_gets.c $(incdir)/compat/stdbool.h \ + $(incdir)/sudo_compat.h $(incdir)/sudo_debug.h \ + $(incdir)/sudo_iolog.h $(incdir)/sudo_queue.h \ + $(top_builddir)/config.h + $(CC) -E -o $@ $(CPPFLAGS) $< +iolog_gets.plog: iolog_gets.i + rm -f $@; pvs-studio --cfg $(PVS_CFG) --sourcetree-root $(top_srcdir) --skip-cl-exe yes --source-file $(srcdir)/iolog_gets.c --i-file $< --output-file $@ iolog_json.lo: $(srcdir)/iolog_json.c $(incdir)/compat/stdbool.h \ $(incdir)/sudo_compat.h $(incdir)/sudo_debug.h \ $(incdir)/sudo_eventlog.h $(incdir)/sudo_fatal.h \ @@ -334,6 +595,128 @@ $(CC) -E -o $@ $(CPPFLAGS) $< iolog_json.plog: iolog_json.i rm -f $@; pvs-studio --cfg $(PVS_CFG) --sourcetree-root $(top_srcdir) --skip-cl-exe yes --source-file $(srcdir)/iolog_json.c --i-file $< --output-file $@ +iolog_legacy.lo: $(srcdir)/iolog_legacy.c $(incdir)/compat/stdbool.h \ + $(incdir)/sudo_compat.h $(incdir)/sudo_debug.h \ + $(incdir)/sudo_eventlog.h $(incdir)/sudo_fatal.h \ + $(incdir)/sudo_gettext.h $(incdir)/sudo_iolog.h \ + $(incdir)/sudo_plugin.h $(incdir)/sudo_queue.h \ + $(incdir)/sudo_util.h $(top_builddir)/config.h + $(LIBTOOL) $(LTFLAGS) --mode=compile $(CC) -c -o $@ $(CPPFLAGS) $(CFLAGS) $(ASAN_CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(srcdir)/iolog_legacy.c +iolog_legacy.i: $(srcdir)/iolog_legacy.c $(incdir)/compat/stdbool.h \ + $(incdir)/sudo_compat.h $(incdir)/sudo_debug.h \ + $(incdir)/sudo_eventlog.h $(incdir)/sudo_fatal.h \ + $(incdir)/sudo_gettext.h $(incdir)/sudo_iolog.h \ + $(incdir)/sudo_plugin.h $(incdir)/sudo_queue.h \ + $(incdir)/sudo_util.h $(top_builddir)/config.h + $(CC) -E -o $@ $(CPPFLAGS) $< +iolog_legacy.plog: iolog_legacy.i + rm -f $@; pvs-studio --cfg $(PVS_CFG) --sourcetree-root $(top_srcdir) --skip-cl-exe yes --source-file $(srcdir)/iolog_legacy.c --i-file $< --output-file $@ +iolog_loginfo.lo: $(srcdir)/iolog_loginfo.c $(incdir)/compat/stdbool.h \ + $(incdir)/sudo_compat.h $(incdir)/sudo_debug.h \ + $(incdir)/sudo_eventlog.h $(incdir)/sudo_fatal.h \ + $(incdir)/sudo_gettext.h $(incdir)/sudo_iolog.h \ + $(incdir)/sudo_json.h $(incdir)/sudo_plugin.h \ + $(incdir)/sudo_queue.h $(incdir)/sudo_util.h \ + $(top_builddir)/config.h + $(LIBTOOL) $(LTFLAGS) --mode=compile $(CC) -c -o $@ $(CPPFLAGS) $(CFLAGS) $(ASAN_CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(srcdir)/iolog_loginfo.c +iolog_loginfo.i: $(srcdir)/iolog_loginfo.c $(incdir)/compat/stdbool.h \ + $(incdir)/sudo_compat.h $(incdir)/sudo_debug.h \ + $(incdir)/sudo_eventlog.h $(incdir)/sudo_fatal.h \ + $(incdir)/sudo_gettext.h $(incdir)/sudo_iolog.h \ + $(incdir)/sudo_json.h $(incdir)/sudo_plugin.h \ + $(incdir)/sudo_queue.h $(incdir)/sudo_util.h \ + $(top_builddir)/config.h + $(CC) -E -o $@ $(CPPFLAGS) $< +iolog_loginfo.plog: iolog_loginfo.i + rm -f $@; pvs-studio --cfg $(PVS_CFG) --sourcetree-root $(top_srcdir) --skip-cl-exe yes --source-file $(srcdir)/iolog_loginfo.c --i-file $< --output-file $@ +iolog_mkdirs.lo: $(srcdir)/iolog_mkdirs.c $(incdir)/compat/stdbool.h \ + $(incdir)/sudo_compat.h $(incdir)/sudo_debug.h \ + $(incdir)/sudo_fatal.h $(incdir)/sudo_gettext.h \ + $(incdir)/sudo_iolog.h $(incdir)/sudo_plugin.h \ + $(incdir)/sudo_queue.h $(incdir)/sudo_util.h \ + $(top_builddir)/config.h + $(LIBTOOL) $(LTFLAGS) --mode=compile $(CC) -c -o $@ $(CPPFLAGS) $(CFLAGS) $(ASAN_CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(srcdir)/iolog_mkdirs.c +iolog_mkdirs.i: $(srcdir)/iolog_mkdirs.c $(incdir)/compat/stdbool.h \ + $(incdir)/sudo_compat.h $(incdir)/sudo_debug.h \ + $(incdir)/sudo_fatal.h $(incdir)/sudo_gettext.h \ + $(incdir)/sudo_iolog.h $(incdir)/sudo_plugin.h \ + $(incdir)/sudo_queue.h $(incdir)/sudo_util.h \ + $(top_builddir)/config.h + $(CC) -E -o $@ $(CPPFLAGS) $< +iolog_mkdirs.plog: iolog_mkdirs.i + rm -f $@; pvs-studio --cfg $(PVS_CFG) --sourcetree-root $(top_srcdir) --skip-cl-exe yes --source-file $(srcdir)/iolog_mkdirs.c --i-file $< --output-file $@ +iolog_mkdtemp.lo: $(srcdir)/iolog_mkdtemp.c $(incdir)/compat/stdbool.h \ + $(incdir)/sudo_compat.h $(incdir)/sudo_debug.h \ + $(incdir)/sudo_fatal.h $(incdir)/sudo_gettext.h \ + $(incdir)/sudo_iolog.h $(incdir)/sudo_plugin.h \ + $(incdir)/sudo_queue.h $(incdir)/sudo_util.h \ + $(top_builddir)/config.h + $(LIBTOOL) $(LTFLAGS) --mode=compile $(CC) -c -o $@ $(CPPFLAGS) $(CFLAGS) $(ASAN_CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(srcdir)/iolog_mkdtemp.c +iolog_mkdtemp.i: $(srcdir)/iolog_mkdtemp.c $(incdir)/compat/stdbool.h \ + $(incdir)/sudo_compat.h $(incdir)/sudo_debug.h \ + $(incdir)/sudo_fatal.h $(incdir)/sudo_gettext.h \ + $(incdir)/sudo_iolog.h $(incdir)/sudo_plugin.h \ + $(incdir)/sudo_queue.h $(incdir)/sudo_util.h \ + $(top_builddir)/config.h + $(CC) -E -o $@ $(CPPFLAGS) $< +iolog_mkdtemp.plog: iolog_mkdtemp.i + rm -f $@; pvs-studio --cfg $(PVS_CFG) --sourcetree-root $(top_srcdir) --skip-cl-exe yes --source-file $(srcdir)/iolog_mkdtemp.c --i-file $< --output-file $@ +iolog_mkpath.lo: $(srcdir)/iolog_mkpath.c $(incdir)/compat/stdbool.h \ + $(incdir)/sudo_compat.h $(incdir)/sudo_debug.h \ + $(incdir)/sudo_iolog.h $(incdir)/sudo_queue.h \ + $(top_builddir)/config.h + $(LIBTOOL) $(LTFLAGS) --mode=compile $(CC) -c -o $@ $(CPPFLAGS) $(CFLAGS) $(ASAN_CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(srcdir)/iolog_mkpath.c +iolog_mkpath.i: $(srcdir)/iolog_mkpath.c $(incdir)/compat/stdbool.h \ + $(incdir)/sudo_compat.h $(incdir)/sudo_debug.h \ + $(incdir)/sudo_iolog.h $(incdir)/sudo_queue.h \ + $(top_builddir)/config.h + $(CC) -E -o $@ $(CPPFLAGS) $< +iolog_mkpath.plog: iolog_mkpath.i + rm -f $@; pvs-studio --cfg $(PVS_CFG) --sourcetree-root $(top_srcdir) --skip-cl-exe yes --source-file $(srcdir)/iolog_mkpath.c --i-file $< --output-file $@ +iolog_nextid.lo: $(srcdir)/iolog_nextid.c $(incdir)/compat/stdbool.h \ + $(incdir)/sudo_compat.h $(incdir)/sudo_debug.h \ + $(incdir)/sudo_fatal.h $(incdir)/sudo_gettext.h \ + $(incdir)/sudo_iolog.h $(incdir)/sudo_plugin.h \ + $(incdir)/sudo_queue.h $(incdir)/sudo_util.h \ + $(top_builddir)/config.h + $(LIBTOOL) $(LTFLAGS) --mode=compile $(CC) -c -o $@ $(CPPFLAGS) $(CFLAGS) $(ASAN_CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(srcdir)/iolog_nextid.c +iolog_nextid.i: $(srcdir)/iolog_nextid.c $(incdir)/compat/stdbool.h \ + $(incdir)/sudo_compat.h $(incdir)/sudo_debug.h \ + $(incdir)/sudo_fatal.h $(incdir)/sudo_gettext.h \ + $(incdir)/sudo_iolog.h $(incdir)/sudo_plugin.h \ + $(incdir)/sudo_queue.h $(incdir)/sudo_util.h \ + $(top_builddir)/config.h + $(CC) -E -o $@ $(CPPFLAGS) $< +iolog_nextid.plog: iolog_nextid.i + rm -f $@; pvs-studio --cfg $(PVS_CFG) --sourcetree-root $(top_srcdir) --skip-cl-exe yes --source-file $(srcdir)/iolog_nextid.c --i-file $< --output-file $@ +iolog_open.lo: $(srcdir)/iolog_open.c $(incdir)/compat/stdbool.h \ + $(incdir)/sudo_compat.h $(incdir)/sudo_debug.h \ + $(incdir)/sudo_iolog.h $(incdir)/sudo_queue.h \ + $(incdir)/sudo_util.h $(top_builddir)/config.h + $(LIBTOOL) $(LTFLAGS) --mode=compile $(CC) -c -o $@ $(CPPFLAGS) $(CFLAGS) $(ASAN_CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(srcdir)/iolog_open.c +iolog_open.i: $(srcdir)/iolog_open.c $(incdir)/compat/stdbool.h \ + $(incdir)/sudo_compat.h $(incdir)/sudo_debug.h \ + $(incdir)/sudo_iolog.h $(incdir)/sudo_queue.h \ + $(incdir)/sudo_util.h $(top_builddir)/config.h + $(CC) -E -o $@ $(CPPFLAGS) $< +iolog_open.plog: iolog_open.i + rm -f $@; pvs-studio --cfg $(PVS_CFG) --sourcetree-root $(top_srcdir) --skip-cl-exe yes --source-file $(srcdir)/iolog_open.c --i-file $< --output-file $@ +iolog_openat.lo: $(srcdir)/iolog_openat.c $(incdir)/compat/stdbool.h \ + $(incdir)/sudo_compat.h $(incdir)/sudo_debug.h \ + $(incdir)/sudo_fatal.h $(incdir)/sudo_gettext.h \ + $(incdir)/sudo_iolog.h $(incdir)/sudo_plugin.h \ + $(incdir)/sudo_queue.h $(incdir)/sudo_util.h \ + $(top_builddir)/config.h + $(LIBTOOL) $(LTFLAGS) --mode=compile $(CC) -c -o $@ $(CPPFLAGS) $(CFLAGS) $(ASAN_CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(srcdir)/iolog_openat.c +iolog_openat.i: $(srcdir)/iolog_openat.c $(incdir)/compat/stdbool.h \ + $(incdir)/sudo_compat.h $(incdir)/sudo_debug.h \ + $(incdir)/sudo_fatal.h $(incdir)/sudo_gettext.h \ + $(incdir)/sudo_iolog.h $(incdir)/sudo_plugin.h \ + $(incdir)/sudo_queue.h $(incdir)/sudo_util.h \ + $(top_builddir)/config.h + $(CC) -E -o $@ $(CPPFLAGS) $< +iolog_openat.plog: iolog_openat.i + rm -f $@; pvs-studio --cfg $(PVS_CFG) --sourcetree-root $(top_srcdir) --skip-cl-exe yes --source-file $(srcdir)/iolog_openat.c --i-file $< --output-file $@ iolog_path.lo: $(srcdir)/iolog_path.c $(incdir)/compat/stdbool.h \ $(incdir)/sudo_compat.h $(incdir)/sudo_debug.h \ $(incdir)/sudo_fatal.h $(incdir)/sudo_gettext.h \ @@ -350,19 +733,81 @@ $(CC) -E -o $@ $(CPPFLAGS) $< iolog_path.plog: iolog_path.i rm -f $@; pvs-studio --cfg $(PVS_CFG) --sourcetree-root $(top_srcdir) --skip-cl-exe yes --source-file $(srcdir)/iolog_path.c --i-file $< --output-file $@ +iolog_read.lo: $(srcdir)/iolog_read.c $(incdir)/compat/stdbool.h \ + $(incdir)/sudo_compat.h $(incdir)/sudo_debug.h \ + $(incdir)/sudo_iolog.h $(incdir)/sudo_queue.h \ + $(top_builddir)/config.h + $(LIBTOOL) $(LTFLAGS) --mode=compile $(CC) -c -o $@ $(CPPFLAGS) $(CFLAGS) $(ASAN_CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(srcdir)/iolog_read.c +iolog_read.i: $(srcdir)/iolog_read.c $(incdir)/compat/stdbool.h \ + $(incdir)/sudo_compat.h $(incdir)/sudo_debug.h \ + $(incdir)/sudo_iolog.h $(incdir)/sudo_queue.h \ + $(top_builddir)/config.h + $(CC) -E -o $@ $(CPPFLAGS) $< +iolog_read.plog: iolog_read.i + rm -f $@; pvs-studio --cfg $(PVS_CFG) --sourcetree-root $(top_srcdir) --skip-cl-exe yes --source-file $(srcdir)/iolog_read.c --i-file $< --output-file $@ +iolog_seek.lo: $(srcdir)/iolog_seek.c $(incdir)/compat/stdbool.h \ + $(incdir)/sudo_compat.h $(incdir)/sudo_debug.h \ + $(incdir)/sudo_iolog.h $(incdir)/sudo_queue.h \ + $(top_builddir)/config.h + $(LIBTOOL) $(LTFLAGS) --mode=compile $(CC) -c -o $@ $(CPPFLAGS) $(CFLAGS) $(ASAN_CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(srcdir)/iolog_seek.c +iolog_seek.i: $(srcdir)/iolog_seek.c $(incdir)/compat/stdbool.h \ + $(incdir)/sudo_compat.h $(incdir)/sudo_debug.h \ + $(incdir)/sudo_iolog.h $(incdir)/sudo_queue.h \ + $(top_builddir)/config.h + $(CC) -E -o $@ $(CPPFLAGS) $< +iolog_seek.plog: iolog_seek.i + rm -f $@; pvs-studio --cfg $(PVS_CFG) --sourcetree-root $(top_srcdir) --skip-cl-exe yes --source-file $(srcdir)/iolog_seek.c --i-file $< --output-file $@ +iolog_swapids.lo: $(srcdir)/iolog_swapids.c $(incdir)/compat/stdbool.h \ + $(incdir)/sudo_compat.h $(incdir)/sudo_debug.h \ + $(incdir)/sudo_fatal.h $(incdir)/sudo_gettext.h \ + $(incdir)/sudo_iolog.h $(incdir)/sudo_plugin.h \ + $(incdir)/sudo_queue.h $(top_builddir)/config.h + $(LIBTOOL) $(LTFLAGS) --mode=compile $(CC) -c -o $@ $(CPPFLAGS) $(CFLAGS) $(ASAN_CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(srcdir)/iolog_swapids.c +iolog_swapids.i: $(srcdir)/iolog_swapids.c $(incdir)/compat/stdbool.h \ + $(incdir)/sudo_compat.h $(incdir)/sudo_debug.h \ + $(incdir)/sudo_fatal.h $(incdir)/sudo_gettext.h \ + $(incdir)/sudo_iolog.h $(incdir)/sudo_plugin.h \ + $(incdir)/sudo_queue.h $(top_builddir)/config.h + $(CC) -E -o $@ $(CPPFLAGS) $< +iolog_swapids.plog: iolog_swapids.i + rm -f $@; pvs-studio --cfg $(PVS_CFG) --sourcetree-root $(top_srcdir) --skip-cl-exe yes --source-file $(srcdir)/iolog_swapids.c --i-file $< --output-file $@ +iolog_timing.lo: $(srcdir)/iolog_timing.c $(incdir)/compat/stdbool.h \ + $(incdir)/sudo_compat.h $(incdir)/sudo_debug.h \ + $(incdir)/sudo_eventlog.h $(incdir)/sudo_fatal.h \ + $(incdir)/sudo_gettext.h $(incdir)/sudo_iolog.h \ + $(incdir)/sudo_plugin.h $(incdir)/sudo_queue.h \ + $(incdir)/sudo_util.h $(top_builddir)/config.h + $(LIBTOOL) $(LTFLAGS) --mode=compile $(CC) -c -o $@ $(CPPFLAGS) $(CFLAGS) $(ASAN_CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(srcdir)/iolog_timing.c +iolog_timing.i: $(srcdir)/iolog_timing.c $(incdir)/compat/stdbool.h \ + $(incdir)/sudo_compat.h $(incdir)/sudo_debug.h \ + $(incdir)/sudo_eventlog.h $(incdir)/sudo_fatal.h \ + $(incdir)/sudo_gettext.h $(incdir)/sudo_iolog.h \ + $(incdir)/sudo_plugin.h $(incdir)/sudo_queue.h \ + $(incdir)/sudo_util.h $(top_builddir)/config.h + $(CC) -E -o $@ $(CPPFLAGS) $< +iolog_timing.plog: iolog_timing.i + rm -f $@; pvs-studio --cfg $(PVS_CFG) --sourcetree-root $(top_srcdir) --skip-cl-exe yes --source-file $(srcdir)/iolog_timing.c --i-file $< --output-file $@ iolog_util.lo: $(srcdir)/iolog_util.c $(incdir)/compat/stdbool.h \ $(incdir)/sudo_compat.h $(incdir)/sudo_debug.h \ - $(incdir)/sudo_eventlog.h $(incdir)/sudo_fatal.h \ - $(incdir)/sudo_gettext.h $(incdir)/sudo_iolog.h \ - $(incdir)/sudo_plugin.h $(incdir)/sudo_queue.h \ - $(incdir)/sudo_util.h $(top_builddir)/config.h + $(incdir)/sudo_iolog.h $(incdir)/sudo_queue.h \ + $(top_builddir)/config.h $(LIBTOOL) $(LTFLAGS) --mode=compile $(CC) -c -o $@ $(CPPFLAGS) $(CFLAGS) $(ASAN_CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(srcdir)/iolog_util.c iolog_util.i: $(srcdir)/iolog_util.c $(incdir)/compat/stdbool.h \ $(incdir)/sudo_compat.h $(incdir)/sudo_debug.h \ - $(incdir)/sudo_eventlog.h $(incdir)/sudo_fatal.h \ - $(incdir)/sudo_gettext.h $(incdir)/sudo_iolog.h \ - $(incdir)/sudo_plugin.h $(incdir)/sudo_queue.h \ - $(incdir)/sudo_util.h $(top_builddir)/config.h + $(incdir)/sudo_iolog.h $(incdir)/sudo_queue.h \ + $(top_builddir)/config.h $(CC) -E -o $@ $(CPPFLAGS) $< iolog_util.plog: iolog_util.i rm -f $@; pvs-studio --cfg $(PVS_CFG) --sourcetree-root $(top_srcdir) --skip-cl-exe yes --source-file $(srcdir)/iolog_util.c --i-file $< --output-file $@ +iolog_write.lo: $(srcdir)/iolog_write.c $(incdir)/compat/stdbool.h \ + $(incdir)/sudo_compat.h $(incdir)/sudo_debug.h \ + $(incdir)/sudo_iolog.h $(incdir)/sudo_queue.h \ + $(top_builddir)/config.h + $(LIBTOOL) $(LTFLAGS) --mode=compile $(CC) -c -o $@ $(CPPFLAGS) $(CFLAGS) $(ASAN_CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(srcdir)/iolog_write.c +iolog_write.i: $(srcdir)/iolog_write.c $(incdir)/compat/stdbool.h \ + $(incdir)/sudo_compat.h $(incdir)/sudo_debug.h \ + $(incdir)/sudo_iolog.h $(incdir)/sudo_queue.h \ + $(top_builddir)/config.h + $(CC) -E -o $@ $(CPPFLAGS) $< +iolog_write.plog: iolog_write.i + rm -f $@; pvs-studio --cfg $(PVS_CFG) --sourcetree-root $(top_srcdir) --skip-cl-exe yes --source-file $(srcdir)/iolog_write.c --i-file $< --output-file $@ diff -Nru sudo-1.9.5p2/lib/iolog/hostcheck.c sudo-1.9.9/lib/iolog/hostcheck.c --- sudo-1.9.5p2/lib/iolog/hostcheck.c 2020-12-17 01:33:43.000000000 +0000 +++ sudo-1.9.9/lib/iolog/hostcheck.c 2022-01-27 21:24:22.000000000 +0000 @@ -22,8 +22,12 @@ #include "config.h" #if defined(HAVE_OPENSSL) +# if defined(HAVE_WOLFSSL) +# include +# endif # include # include +# include # include # include # include @@ -36,6 +40,13 @@ # include "sudo_util.h" # include "hostcheck.h" +#ifndef INET_ADDRSTRLEN +# define INET_ADDRSTRLEN 16 +#endif +#ifndef INET6_ADDRSTRLEN +# define INET6_ADDRSTRLEN 46 +#endif + /** * @brief Checks if given hostname resolves to the given IP address. * diff -Nru sudo-1.9.5p2/lib/iolog/iolog_clearerr.c sudo-1.9.9/lib/iolog/iolog_clearerr.c --- sudo-1.9.5p2/lib/iolog/iolog_clearerr.c 1970-01-01 00:00:00.000000000 +0000 +++ sudo-1.9.9/lib/iolog/iolog_clearerr.c 2022-01-27 21:24:06.000000000 +0000 @@ -0,0 +1,45 @@ +/* + * SPDX-License-Identifier: ISC + * + * Copyright (c) 2009-2021 Todd C. Miller + * + * Permission to use, copy, modify, and distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR + * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN + * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF + * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + */ + +/* + * This is an open source non-commercial project. Dear PVS-Studio, please check it. + * PVS-Studio Static Code Analyzer for C, C++ and C#: http://www.viva64.com + */ + +#include + +#include +#include + +#include "sudo_compat.h" +#include "sudo_debug.h" +#include "sudo_iolog.h" + +void +iolog_clearerr(struct iolog_file *iol) +{ + debug_decl(iolog_eof, SUDO_DEBUG_UTIL); + +#ifdef HAVE_ZLIB_H + if (iol->compressed) + gzclearerr(iol->fd.g); + else +#endif + clearerr(iol->fd.f); + debug_return; +} diff -Nru sudo-1.9.5p2/lib/iolog/iolog_close.c sudo-1.9.9/lib/iolog/iolog_close.c --- sudo-1.9.5p2/lib/iolog/iolog_close.c 1970-01-01 00:00:00.000000000 +0000 +++ sudo-1.9.9/lib/iolog/iolog_close.c 2022-01-27 21:24:06.000000000 +0000 @@ -0,0 +1,80 @@ +/* + * SPDX-License-Identifier: ISC + * + * Copyright (c) 2009-2021 Todd C. Miller + * + * Permission to use, copy, modify, and distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR + * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN + * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF + * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + */ + +/* + * This is an open source non-commercial project. Dear PVS-Studio, please check it. + * PVS-Studio Static Code Analyzer for C, C++ and C#: http://www.viva64.com + */ + +#include + +#include +#include +#ifdef HAVE_STDBOOL_H +# include +#else +# include "compat/stdbool.h" +#endif +#include +#include +#include + +#include "sudo_compat.h" +#include "sudo_debug.h" +#include "sudo_iolog.h" + +/* + * Close an I/O log. + */ +bool +iolog_close(struct iolog_file *iol, const char **errstr) +{ + bool ret = true; + debug_decl(iolog_close, SUDO_DEBUG_UTIL); + +#ifdef HAVE_ZLIB_H + if (iol->compressed) { + int errnum; + + /* Must check error indicator before closing. */ + if (iol->writable) { + if (gzflush(iol->fd.g, Z_SYNC_FLUSH) != Z_OK) { + ret = false; + if (errstr != NULL) { + *errstr = gzerror(iol->fd.g, &errnum); + if (errnum == Z_ERRNO) + *errstr = strerror(errno); + } + } + } + errnum = gzclose(iol->fd.g); + if (ret && errnum != Z_OK) { + ret = false; + if (errstr != NULL) + *errstr = errnum == Z_ERRNO ? strerror(errno) : "unknown error"; + } + } else +#endif + if (fclose(iol->fd.f) != 0) { + ret = false; + if (errstr != NULL) + *errstr = strerror(errno); + } + + debug_return_bool(ret); +} diff -Nru sudo-1.9.5p2/lib/iolog/iolog_conf.c sudo-1.9.9/lib/iolog/iolog_conf.c --- sudo-1.9.5p2/lib/iolog/iolog_conf.c 1970-01-01 00:00:00.000000000 +0000 +++ sudo-1.9.9/lib/iolog/iolog_conf.c 2022-01-27 21:24:22.000000000 +0000 @@ -0,0 +1,202 @@ +/* + * SPDX-License-Identifier: ISC + * + * Copyright (c) 2009-2021 Todd C. Miller + * + * Permission to use, copy, modify, and distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR + * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN + * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF + * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + */ + +/* + * This is an open source non-commercial project. Dear PVS-Studio, please check it. + * PVS-Studio Static Code Analyzer for C, C++ and C#: http://www.viva64.com + */ + +#include + +#include +#include +#include +#include +#ifdef HAVE_STDBOOL_H +# include +#else +# include "compat/stdbool.h" +#endif + +#include "pathnames.h" +#include "sudo_compat.h" +#include "sudo_debug.h" +#include "sudo_util.h" +#include "sudo_iolog.h" + +static unsigned int sessid_max = SESSID_MAX; +static mode_t iolog_filemode = S_IRUSR|S_IWUSR; +static mode_t iolog_dirmode = S_IRWXU; +static uid_t iolog_uid = ROOT_UID; +static gid_t iolog_gid = ROOT_GID; +static bool iolog_gid_set; +static bool iolog_docompress; +static bool iolog_doflush; + +/* + * Reset I/O log settings to default values. + */ +void +iolog_set_defaults(void) +{ + sessid_max = SESSID_MAX; + iolog_filemode = S_IRUSR|S_IWUSR; + iolog_dirmode = S_IRWXU; + iolog_uid = ROOT_UID; + iolog_gid = ROOT_GID; + iolog_gid_set = false; + iolog_docompress = false; + iolog_doflush = false; +} + +/* + * Set max sequence number (aka session ID) + */ +void +iolog_set_maxseq(unsigned int newval) +{ + debug_decl(iolog_set_maxseq, SUDO_DEBUG_UTIL); + + /* Clamp to SESSID_MAX as documented. */ + if (newval > SESSID_MAX) + newval = SESSID_MAX; + sessid_max = newval; + + debug_return; +} + +/* + * Set iolog_uid (and iolog_gid if gid not explicitly set). + */ +void +iolog_set_owner(uid_t uid, gid_t gid) +{ + debug_decl(iolog_set_owner, SUDO_DEBUG_UTIL); + + iolog_uid = uid; + if (!iolog_gid_set) + iolog_gid = gid; + + debug_return; +} + +/* + * Set iolog_gid. + */ +void +iolog_set_gid(gid_t gid) +{ + debug_decl(iolog_set_gid, SUDO_DEBUG_UTIL); + + iolog_gid = gid; + iolog_gid_set = true; + + debug_return; +} + +/* + * Set iolog_filemode and iolog_dirmode. + */ +void +iolog_set_mode(mode_t mode) +{ + debug_decl(iolog_set_mode, SUDO_DEBUG_UTIL); + + /* I/O log files must be readable and writable by owner. */ + iolog_filemode = S_IRUSR|S_IWUSR; + + /* Add in group and other read/write if specified. */ + iolog_filemode |= mode & (S_IRGRP|S_IWGRP|S_IROTH|S_IWOTH); + + /* For directory mode, add execute bits as needed. */ + iolog_dirmode = iolog_filemode | S_IXUSR; + if (iolog_dirmode & (S_IRGRP|S_IWGRP)) + iolog_dirmode |= S_IXGRP; + if (iolog_dirmode & (S_IROTH|S_IWOTH)) + iolog_dirmode |= S_IXOTH; + + debug_return; +} + +/* + * Set iolog_docompress + */ +void +iolog_set_compress(bool newval) +{ + debug_decl(iolog_set_compress, SUDO_DEBUG_UTIL); + iolog_docompress = newval; + debug_return; +} + +/* + * Set iolog_doflush + */ +void +iolog_set_flush(bool newval) +{ + debug_decl(iolog_set_flush, SUDO_DEBUG_UTIL); + iolog_doflush = newval; + debug_return; +} + +/* + * Getters. + */ + +unsigned int +iolog_get_maxseq(void) +{ + return sessid_max; +} + +uid_t +iolog_get_uid(void) +{ + return iolog_uid; +} + +gid_t +iolog_get_gid(void) +{ + return iolog_gid; +} + +mode_t +iolog_get_file_mode(void) +{ + return iolog_filemode; +} + +mode_t +iolog_get_dir_mode(void) +{ + return iolog_dirmode; +} + +bool +iolog_get_compress(void) +{ + return iolog_docompress; +} + +bool +iolog_get_flush(void) +{ + return iolog_doflush; +} diff -Nru sudo-1.9.5p2/lib/iolog/iolog_eof.c sudo-1.9.9/lib/iolog/iolog_eof.c --- sudo-1.9.5p2/lib/iolog/iolog_eof.c 1970-01-01 00:00:00.000000000 +0000 +++ sudo-1.9.9/lib/iolog/iolog_eof.c 2022-01-27 21:24:06.000000000 +0000 @@ -0,0 +1,54 @@ +/* + * SPDX-License-Identifier: ISC + * + * Copyright (c) 2009-2021 Todd C. Miller + * + * Permission to use, copy, modify, and distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR + * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN + * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF + * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + */ + +/* + * This is an open source non-commercial project. Dear PVS-Studio, please check it. + * PVS-Studio Static Code Analyzer for C, C++ and C#: http://www.viva64.com + */ + +#include + +#include +#ifdef HAVE_STDBOOL_H +# include +#else +# include "compat/stdbool.h" +#endif +#include + +#include "sudo_compat.h" +#include "sudo_debug.h" +#include "sudo_iolog.h" + +/* + * Returns true if at end of I/O log file, else false. + */ +bool +iolog_eof(struct iolog_file *iol) +{ + bool ret; + debug_decl(iolog_eof, SUDO_DEBUG_UTIL); + +#ifdef HAVE_ZLIB_H + if (iol->compressed) + ret = gzeof(iol->fd.g) != 0; + else +#endif + ret = feof(iol->fd.f) != 0; + debug_return_int(ret); +} diff -Nru sudo-1.9.5p2/lib/iolog/iolog_fileio.c sudo-1.9.9/lib/iolog/iolog_fileio.c --- sudo-1.9.5p2/lib/iolog/iolog_fileio.c 2021-01-09 20:12:16.000000000 +0000 +++ sudo-1.9.9/lib/iolog/iolog_fileio.c 1970-01-01 00:00:00.000000000 +0000 @@ -1,1061 +0,0 @@ -/* - * SPDX-License-Identifier: ISC - * - * Copyright (c) 2009-2020 Todd C. Miller - * - * Permission to use, copy, modify, and distribute this software for any - * purpose with or without fee is hereby granted, provided that the above - * copyright notice and this permission notice appear in all copies. - * - * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES - * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF - * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR - * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES - * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN - * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF - * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. - */ - -/* - * This is an open source non-commercial project. Dear PVS-Studio, please check it. - * PVS-Studio Static Code Analyzer for C, C++ and C#: http://www.viva64.com - */ - -#include - -#include -#include -#include -#ifdef HAVE_STDBOOL_H -# include -#else -# include "compat/stdbool.h" -#endif -#include -#include -#include -#include -#include - -#include "pathnames.h" -#include "sudo_compat.h" -#include "sudo_conf.h" -#include "sudo_debug.h" -#include "sudo_eventlog.h" -#include "sudo_fatal.h" -#include "sudo_gettext.h" -#include "sudo_iolog.h" -#include "sudo_json.h" -#include "sudo_queue.h" -#include "sudo_util.h" - -static unsigned char const gzip_magic[2] = {0x1f, 0x8b}; -static unsigned int sessid_max = SESSID_MAX; -static mode_t iolog_filemode = S_IRUSR|S_IWUSR; -static mode_t iolog_dirmode = S_IRWXU; -static uid_t iolog_uid = ROOT_UID; -static gid_t iolog_gid = ROOT_GID; -static bool iolog_gid_set; -static bool iolog_compress; -static bool iolog_flush; - -/* - * Set effective user and group-IDs to iolog_uid and iolog_gid. - * If restore flag is set, swap them back. - */ -static bool -io_swapids(bool restore) -{ -#ifdef HAVE_SETEUID - static uid_t user_euid = (uid_t)-1; - static gid_t user_egid = (gid_t)-1; - debug_decl(io_swapids, SUDO_DEBUG_UTIL); - - if (user_euid == (uid_t)-1) - user_euid = geteuid(); - if (user_egid == (gid_t)-1) - user_egid = getegid(); - - if (restore) { - if (seteuid(user_euid) == -1) { - sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_ERRNO, - "%s: unable to restore effective uid to %d", __func__, - (int)user_euid); - sudo_warn("seteuid() %d -> %d", (int)iolog_uid, (int)user_euid); - debug_return_bool(false); - } - if (setegid(user_egid) == -1) { - sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_ERRNO, - "%s: unable to restore effective gid to %d", __func__, - (int)user_egid); - sudo_warn("setegid() %d -> %d", (int)iolog_gid, (int)user_egid); - debug_return_bool(false); - } - } else { - /* Fail silently if the user has insufficient privileges. */ - if (setegid(iolog_gid) == -1) { - sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_ERRNO, - "%s: unable to set effective gid to %d", __func__, - (int)iolog_gid); - debug_return_bool(false); - } - if (seteuid(iolog_uid) == -1) { - sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_ERRNO, - "%s: unable to set effective uid to %d", __func__, - (int)iolog_uid); - debug_return_bool(false); - } - } - debug_return_bool(true); -#else - return false; -#endif -} - -/* - * Create directory and any parent directories as needed. - */ -static bool -iolog_mkdirs(char *path) -{ - mode_t omask; - struct stat sb; - int dfd; - bool ok = true, uid_changed = false; - debug_decl(iolog_mkdirs, SUDO_DEBUG_UTIL); - - dfd = open(path, O_RDONLY|O_NONBLOCK); - if (dfd == -1 && errno == EACCES) { - /* Try again as the I/O log owner (for NFS). */ - if (io_swapids(false)) { - dfd = open(path, O_RDONLY|O_NONBLOCK); - if (!io_swapids(true)) { - ok = false; - goto done; - } - } - } - if (dfd != -1 && fstat(dfd, &sb) != -1) { - if (S_ISDIR(sb.st_mode)) { - if (sb.st_uid != iolog_uid || sb.st_gid != iolog_gid) { - if (fchown(dfd, iolog_uid, iolog_gid) != 0) { - sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_ERRNO, - "%s: unable to chown %d:%d %s", __func__, - (int)iolog_uid, (int)iolog_gid, path); - } - } - if ((sb.st_mode & ALLPERMS) != iolog_dirmode) { - if (fchmod(dfd, iolog_dirmode) != 0) { - sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_ERRNO, - "%s: unable to chmod 0%o %s", __func__, - (int)iolog_dirmode, path); - } - } - } else { - sudo_warnx(U_("%s exists but is not a directory (0%o)"), - path, (unsigned int) sb.st_mode); - ok = false; - } - goto done; - } - - /* umask must not be more restrictive than the file modes. */ - omask = umask(ACCESSPERMS & ~(iolog_filemode|iolog_dirmode)); - - ok = sudo_mkdir_parents(path, iolog_uid, iolog_gid, iolog_dirmode, true); - if (!ok && errno == EACCES) { - /* Try again as the I/O log owner (for NFS). */ - uid_changed = io_swapids(false); - if (uid_changed) - ok = sudo_mkdir_parents(path, -1, -1, iolog_dirmode, false); - } - if (ok) { - /* Create final path component. */ - sudo_debug_printf(SUDO_DEBUG_DEBUG|SUDO_DEBUG_LINENO, - "mkdir %s, mode 0%o", path, (unsigned int) iolog_dirmode); - ok = mkdir(path, iolog_dirmode) == 0 || errno == EEXIST; - if (!ok) { - if (errno == EACCES && !uid_changed) { - /* Try again as the I/O log owner (for NFS). */ - uid_changed = io_swapids(false); - if (uid_changed) - ok = mkdir(path, iolog_dirmode) == 0 || errno == EEXIST; - } - if (!ok) - sudo_warn(U_("unable to mkdir %s"), path); - } else { - if (chown(path, iolog_uid, iolog_gid) != 0) { - sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_ERRNO, - "%s: unable to chown %d:%d %s", __func__, - (int)iolog_uid, (int)iolog_gid, path); - } - } - } - if (uid_changed) { - if (!io_swapids(true)) - ok = false; - } - - umask(omask); - -done: - if (dfd != -1) - close(dfd); - debug_return_bool(ok); -} - -/* - * Create temporary directory and any parent directories as needed. - */ -bool -iolog_mkdtemp(char *path) -{ - bool ok, uid_changed = false; - debug_decl(iolog_mkdtemp, SUDO_DEBUG_UTIL); - - ok = sudo_mkdir_parents(path, iolog_uid, iolog_gid, iolog_dirmode, true); - if (!ok && errno == EACCES) { - /* Try again as the I/O log owner (for NFS). */ - uid_changed = io_swapids(false); - if (uid_changed) - ok = sudo_mkdir_parents(path, -1, -1, iolog_dirmode, false); - } - if (ok) { - /* Create final path component. */ - sudo_debug_printf(SUDO_DEBUG_DEBUG|SUDO_DEBUG_LINENO, - "mkdtemp %s", path); - /* We cannot retry mkdtemp() so always open as iolog user */ - if (!uid_changed) - uid_changed = io_swapids(false); - if (mkdtemp(path) == NULL) { - sudo_warn(U_("unable to mkdir %s"), path); - ok = false; - } else { - if (chmod(path, iolog_dirmode) != 0) { - sudo_warn(U_("unable to change mode of %s to 0%o"), - path, (unsigned int)iolog_dirmode); - } - } - } - - if (uid_changed) { - if (!io_swapids(true)) - ok = false; - } - debug_return_bool(ok); -} - -/* - * Like rename(2) but changes UID as needed. - */ -bool -iolog_rename(const char *from, const char *to) -{ - bool ok, uid_changed = false; - debug_decl(iolog_rename, SUDO_DEBUG_UTIL); - - ok = rename(from, to) == 0; - if (!ok && errno == EACCES) { - uid_changed = io_swapids(false); - if (uid_changed) - ok = rename(from, to) == 0; - } - - if (uid_changed) { - if (!io_swapids(true)) - ok = false; - } - debug_return_bool(ok); -} - -/* - * Reset I/O log settings to default values. - */ -void -iolog_set_defaults(void) -{ - sessid_max = SESSID_MAX; - iolog_filemode = S_IRUSR|S_IWUSR; - iolog_dirmode = S_IRWXU; - iolog_uid = ROOT_UID; - iolog_gid = ROOT_GID; - iolog_gid_set = false; - iolog_compress = false; - iolog_flush = false; -} - -/* - * Set max sequence number (aka session ID) - */ -void -iolog_set_maxseq(unsigned int newval) -{ - debug_decl(iolog_set_maxseq, SUDO_DEBUG_UTIL); - - /* Clamp to SESSID_MAX as documented. */ - if (newval > SESSID_MAX) - newval = SESSID_MAX; - sessid_max = newval; - - debug_return; -} - -/* - * Set iolog_uid (and iolog_gid if gid not explicitly set). - */ -void -iolog_set_owner(uid_t uid, gid_t gid) -{ - debug_decl(iolog_set_owner, SUDO_DEBUG_UTIL); - - iolog_uid = uid; - if (!iolog_gid_set) - iolog_gid = gid; - - debug_return; -} - -/* - * Set iolog_gid. - */ -void -iolog_set_gid(gid_t gid) -{ - debug_decl(iolog_set_gid, SUDO_DEBUG_UTIL); - - iolog_gid = gid; - iolog_gid_set = true; - - debug_return; -} - -/* - * Set iolog_filemode and iolog_dirmode. - */ -void -iolog_set_mode(mode_t mode) -{ - debug_decl(iolog_set_mode, SUDO_DEBUG_UTIL); - - /* I/O log files must be readable and writable by owner. */ - iolog_filemode = S_IRUSR|S_IWUSR; - - /* Add in group and other read/write if specified. */ - iolog_filemode |= mode & (S_IRGRP|S_IWGRP|S_IROTH|S_IWOTH); - - /* For directory mode, add execute bits as needed. */ - iolog_dirmode = iolog_filemode | S_IXUSR; - if (iolog_dirmode & (S_IRGRP|S_IWGRP)) - iolog_dirmode |= S_IXGRP; - if (iolog_dirmode & (S_IROTH|S_IWOTH)) - iolog_dirmode |= S_IXOTH; - - debug_return; -} - -/* - * Set iolog_compress - */ -void -iolog_set_compress(bool newval) -{ - debug_decl(iolog_set_compress, SUDO_DEBUG_UTIL); - iolog_compress = newval; - debug_return; -} - -/* - * Set iolog_flush - */ -void -iolog_set_flush(bool newval) -{ - debug_decl(iolog_set_flush, SUDO_DEBUG_UTIL); - iolog_flush = newval; - debug_return; -} - -/* - * Wrapper for openat(2) that sets umask and retries as iolog_uid/iolog_gid - * if openat(2) returns EACCES. - */ -int -iolog_openat(int dfd, const char *path, int flags) -{ - int fd; - mode_t omask = S_IRWXG|S_IRWXO; - debug_decl(iolog_openat, SUDO_DEBUG_UTIL); - - if (ISSET(flags, O_CREAT)) { - /* umask must not be more restrictive than the file modes. */ - omask = umask(ACCESSPERMS & ~(iolog_filemode|iolog_dirmode)); - } - fd = openat(dfd, path, flags, iolog_filemode); - if (fd == -1 && errno == EACCES) { - /* Enable write bit if it is missing. */ - struct stat sb; - if (fstatat(dfd, path, &sb, 0) == 0) { - mode_t write_bits = iolog_filemode & (S_IWUSR|S_IWGRP|S_IWOTH); - if ((sb.st_mode & write_bits) != write_bits) { - if (fchmodat(dfd, path, iolog_filemode, 0) == 0) - fd = openat(dfd, path, flags, iolog_filemode); - } - } - } - if (fd == -1 && errno == EACCES) { - /* Try again as the I/O log owner (for NFS). */ - if (io_swapids(false)) { - fd = openat(dfd, path, flags, iolog_filemode); - if (!io_swapids(true)) { - /* io_swapids() warns on error. */ - if (fd != -1) { - close(fd); - fd = -1; - } - } - } - } - if (ISSET(flags, O_CREAT)) - umask(omask); - debug_return_int(fd); -} - -/* - * Read the on-disk sequence number, set sessid to the next - * number, and update the on-disk copy. - * Uses file locking to avoid sequence number collisions. - */ -bool -iolog_nextid(char *iolog_dir, char sessid[7]) -{ - char buf[32], *ep; - int i, len, fd = -1; - unsigned long id = 0; - ssize_t nread; - bool ret = false; - char pathbuf[PATH_MAX]; - static const char b36char[] = "0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZ"; - debug_decl(iolog_nextid, SUDO_DEBUG_UTIL); - - /* - * Create I/O log directory if it doesn't already exist. - */ - if (!iolog_mkdirs(iolog_dir)) - goto done; - - /* - * Open sequence file - */ - len = snprintf(pathbuf, sizeof(pathbuf), "%s/seq", iolog_dir); - if (len < 0 || len >= ssizeof(pathbuf)) { - errno = ENAMETOOLONG; - sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_ERRNO, - "%s: %s/seq", __func__, iolog_dir); - goto done; - } - fd = iolog_openat(AT_FDCWD, pathbuf, O_RDWR|O_CREAT); - if (fd == -1) { - sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_ERRNO, - "%s: unable to open %s", __func__, pathbuf); - goto done; - } - if (!sudo_lock_file(fd, SUDO_LOCK)) { - sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO, - "unable to lock %s", pathbuf); - goto done; - } - if (fchown(fd, iolog_uid, iolog_gid) != 0) { - sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_ERRNO, - "%s: unable to fchown %d:%d %s", __func__, - (int)iolog_uid, (int)iolog_gid, pathbuf); - } - - /* Read current seq number (base 36). */ - nread = read(fd, buf, sizeof(buf) - 1); - if (nread != 0) { - if (nread == -1) { - goto done; - } - if (buf[nread - 1] == '\n') - nread--; - buf[nread] = '\0'; - id = strtoul(buf, &ep, 36); - if (ep == buf || *ep != '\0' || id >= sessid_max) { - sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO, - "%s: bad sequence number: %s", pathbuf, buf); - id = 0; - } - } - id++; - - /* - * Convert id to a string and stash in sessid. - * Note that that least significant digits go at the end of the string. - */ - for (i = 5; i >= 0; i--) { - buf[i] = b36char[id % 36]; - id /= 36; - } - buf[6] = '\n'; - - /* Stash id for logging purposes. */ - memcpy(sessid, buf, 6); - sessid[6] = '\0'; - - /* Rewind and overwrite old seq file, including the NUL byte. */ -#ifdef HAVE_PWRITE - if (pwrite(fd, buf, 7, 0) != 7) { -#else - if (lseek(fd, 0, SEEK_SET) == -1 || write(fd, buf, 7) != 7) { -#endif - sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_ERRNO, - "%s: unable to write %s", __func__, pathbuf); - goto done; - } - ret = true; - -done: - if (fd != -1) - close(fd); - debug_return_bool(ret); -} - -/* - * Create path and any intermediate directories. - * If path ends in 'XXXXXX', use mkdtemp(). - */ -bool -iolog_mkpath(char *path) -{ - size_t len; - bool ret; - debug_decl(iolog_mkpath, SUDO_DEBUG_UTIL); - - /* - * Create path and intermediate subdirs as needed. - * If path ends in at least 6 Xs (ala POSIX mktemp), use mkdtemp(). - * Sets iolog_gid (if it is not already set) as a side effect. - */ - len = strlen(path); - if (len >= 6 && strcmp(&path[len - 6], "XXXXXX") == 0) - ret = iolog_mkdtemp(path); - else - ret = iolog_mkdirs(path); - - sudo_debug_printf(SUDO_DEBUG_INFO|SUDO_DEBUG_LINENO, "iolog path %s", path); - - debug_return_bool(ret); -} - -/* - * Append suffix to pathbuf after len chars and open the resulting file. - * Note that the size of pathbuf is assumed to be PATH_MAX. - * Stores the open file handle which has the close-on-exec flag set. - * XXX - move enabled logic into caller? - */ -bool -iolog_open(struct iolog_file *iol, int dfd, int iofd, const char *mode) -{ - int flags; - const char *file; - unsigned char magic[2]; - debug_decl(iolog_open, SUDO_DEBUG_UTIL); - - if (mode[0] == 'r') { - flags = mode[1] == '+' ? O_RDWR : O_RDONLY; - } else if (mode[0] == 'w') { - flags = O_CREAT|O_TRUNC; - flags |= mode[1] == '+' ? O_RDWR : O_WRONLY; - } else { - sudo_debug_printf(SUDO_DEBUG_ERROR, - "%s: invalid I/O mode %s", __func__, mode); - debug_return_bool(false); - } - if ((file = iolog_fd_to_name(iofd)) == NULL) { - sudo_debug_printf(SUDO_DEBUG_ERROR, - "%s: invalid iofd %d", __func__, iofd); - debug_return_bool(false); - } - - iol->writable = false; - iol->compressed = false; - if (iol->enabled) { - int fd = iolog_openat(dfd, file, flags); - if (fd != -1) { - if (*mode == 'w') { - if (fchown(fd, iolog_uid, iolog_gid) != 0) { - sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_ERRNO, - "%s: unable to fchown %d:%d %s", __func__, - (int)iolog_uid, (int)iolog_gid, file); - } - iol->compressed = iolog_compress; - } else { - /* check for gzip magic number */ - if (pread(fd, magic, sizeof(magic), 0) == ssizeof(magic)) { - if (magic[0] == gzip_magic[0] && magic[1] == gzip_magic[1]) - iol->compressed = true; - } - } - if (fcntl(fd, F_SETFD, FD_CLOEXEC) != -1) { -#ifdef HAVE_ZLIB_H - if (iol->compressed) - iol->fd.g = gzdopen(fd, mode); - else -#endif - iol->fd.f = fdopen(fd, mode); - } - if (iol->fd.v != NULL) { - switch ((flags & O_ACCMODE)) { - case O_WRONLY: - case O_RDWR: - iol->writable = true; - break; - } - } else { - int save_errno = errno; - close(fd); - errno = save_errno; - fd = -1; - } - } - if (fd == -1) { - iol->enabled = false; - debug_return_bool(false); - } - } else { - if (*mode == 'w') { - /* Remove old log file in case we recycled sequence numbers. */ - (void)unlinkat(dfd, file, 0); - } - } - debug_return_bool(true); -} - -#ifdef HAVE_ZLIB_H -static const char * -gzstrerror(gzFile file) -{ - const char *errstr; - int errnum; - - errstr = gzerror(file, &errnum); - if (errnum == Z_ERRNO) - errstr = strerror(errno); - - return errstr; -} -#endif /* HAVE_ZLIB_H */ - -/* - * Close an I/O log. - */ -bool -iolog_close(struct iolog_file *iol, const char **errstr) -{ - bool ret = true; - debug_decl(iolog_close, SUDO_DEBUG_UTIL); - -#ifdef HAVE_ZLIB_H - if (iol->compressed) { - int errnum; - - /* Must check error indicator before closing. */ - if (iol->writable) { - if (gzflush(iol->fd.g, Z_SYNC_FLUSH) != Z_OK) { - ret = false; - if (errstr != NULL) - *errstr = gzstrerror(iol->fd.g); - } - } - errnum = gzclose(iol->fd.g); - if (ret && errnum != Z_OK) { - ret = false; - if (errstr != NULL) - *errstr = errnum == Z_ERRNO ? strerror(errno) : "unknown error"; - } - } else -#endif - if (fclose(iol->fd.f) != 0) { - ret = false; - if (errstr != NULL) - *errstr = strerror(errno); - } - - debug_return_bool(ret); -} - -/* - * I/O log wrapper for fseek/gzseek. - */ -off_t -iolog_seek(struct iolog_file *iol, off_t offset, int whence) -{ - off_t ret; - //debug_decl(iolog_seek, SUDO_DEBUG_UTIL); - -#ifdef HAVE_ZLIB_H - if (iol->compressed) - ret = gzseek(iol->fd.g, offset, whence); - else -#endif - ret = fseeko(iol->fd.f, offset, whence); - - //debug_return_off_t(ret); - return ret; -} - -/* - * I/O log wrapper for rewind/gzrewind. - */ -void -iolog_rewind(struct iolog_file *iol) -{ - debug_decl(iolog_rewind, SUDO_DEBUG_UTIL); - -#ifdef HAVE_ZLIB_H - if (iol->compressed) - (void)gzrewind(iol->fd.g); - else -#endif - rewind(iol->fd.f); - - debug_return; -} - -/* - * Read from a (possibly compressed) I/O log file. - */ -ssize_t -iolog_read(struct iolog_file *iol, void *buf, size_t nbytes, - const char **errstr) -{ - ssize_t nread; - debug_decl(iolog_read, SUDO_DEBUG_UTIL); - - if (nbytes > UINT_MAX) { - errno = EINVAL; - if (errstr != NULL) - *errstr = strerror(errno); - debug_return_ssize_t(-1); - } - -#ifdef HAVE_ZLIB_H - if (iol->compressed) { - if ((nread = gzread(iol->fd.g, buf, nbytes)) == -1) { - if (errstr != NULL) - *errstr = gzstrerror(iol->fd.g); - } - } else -#endif - { - nread = (ssize_t)fread(buf, 1, nbytes, iol->fd.f); - if (nread == 0 && ferror(iol->fd.f)) { - nread = -1; - if (errstr != NULL) - *errstr = strerror(errno); - } - } - debug_return_ssize_t(nread); -} - -/* - * Write to an I/O log, optionally compressing. - */ -ssize_t -iolog_write(struct iolog_file *iol, const void *buf, size_t len, - const char **errstr) -{ - ssize_t ret; - debug_decl(iolog_write, SUDO_DEBUG_UTIL); - - if (len > UINT_MAX) { - errno = EINVAL; - if (errstr != NULL) - *errstr = strerror(errno); - debug_return_ssize_t(-1); - } - -#ifdef HAVE_ZLIB_H - if (iol->compressed) { - ret = gzwrite(iol->fd.g, (const voidp)buf, len); - if (ret == 0) { - ret = -1; - if (errstr != NULL) - *errstr = gzstrerror(iol->fd.g); - goto done; - } - if (iolog_flush) { - if (gzflush(iol->fd.g, Z_SYNC_FLUSH) != Z_OK) { - ret = -1; - if (errstr != NULL) - *errstr = gzstrerror(iol->fd.g); - goto done; - } - } - } else -#endif - { - ret = fwrite(buf, 1, len, iol->fd.f); - if (ret == 0) { - ret = -1; - if (errstr != NULL) - *errstr = strerror(errno); - goto done; - } - if (iolog_flush) { - if (fflush(iol->fd.f) != 0) { - ret = -1; - if (errstr != NULL) - *errstr = strerror(errno); - goto done; - } - } - } - -done: - debug_return_ssize_t(ret); -} - -/* - * Returns true if at end of I/O log file, else false. - */ -bool -iolog_eof(struct iolog_file *iol) -{ - bool ret; - debug_decl(iolog_eof, SUDO_DEBUG_UTIL); - -#ifdef HAVE_ZLIB_H - if (iol->compressed) - ret = gzeof(iol->fd.g) == 1; - else -#endif - ret = feof(iol->fd.f) == 1; - debug_return_int(ret); -} - -void -iolog_clearerr(struct iolog_file *iol) -{ - debug_decl(iolog_eof, SUDO_DEBUG_UTIL); - -#ifdef HAVE_ZLIB_H - if (iol->compressed) - gzclearerr(iol->fd.g); - else -#endif - clearerr(iol->fd.f); - debug_return; -} - -/* - * Like gets() but for struct iolog_file. - */ -char * -iolog_gets(struct iolog_file *iol, char *buf, size_t nbytes, - const char **errstr) -{ - char *str; - debug_decl(iolog_gets, SUDO_DEBUG_UTIL); - - if (nbytes > UINT_MAX) { - errno = EINVAL; - if (errstr != NULL) - *errstr = strerror(errno); - debug_return_str(NULL); - } - -#ifdef HAVE_ZLIB_H - if (iol->compressed) { - if ((str = gzgets(iol->fd.g, buf, nbytes)) == NULL) { - if (errstr != NULL) - *errstr = gzstrerror(iol->fd.g); - } - } else -#endif - { - if ((str = fgets(buf, nbytes, iol->fd.f)) == NULL) { - if (errstr != NULL) - *errstr = strerror(errno); - } - } - debug_return_str(str); -} - -/* - * Write the legacy I/O log file that contains the user and command info. - * This file is not compressed. - */ -static bool -iolog_write_info_file_legacy(int dfd, struct eventlog *evlog) -{ - char * const *av; - FILE *fp; - int error, fd; - debug_decl(iolog_info_write_log, SUDO_DEBUG_UTIL); - - fd = iolog_openat(dfd, "log", O_CREAT|O_TRUNC|O_WRONLY); - if (fd == -1 || (fp = fdopen(fd, "w")) == NULL) { - sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO|SUDO_DEBUG_ERRNO, - "unable to open %s/log", evlog->iolog_path); - if (fd != -1) - close(fd); - debug_return_bool(false); - } - if (fchown(fd, iolog_uid, iolog_gid) != 0) { - sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_ERRNO, - "%s: unable to fchown %d:%d %s/log", __func__, - (int)iolog_uid, (int)iolog_gid, evlog->iolog_path); - } - - fprintf(fp, "%lld:%s:%s:%s:%s:%d:%d\n%s\n", - (long long)evlog->submit_time.tv_sec, - evlog->submituser ? evlog->submituser : "unknown", - evlog->runuser ? evlog->runuser : RUNAS_DEFAULT, - evlog->rungroup ? evlog->rungroup : "", - evlog->ttyname ? evlog->ttyname : "unknown", - evlog->lines, evlog->columns, - evlog->cwd ? evlog->cwd : "unknown"); - fputs(evlog->command ? evlog->command : "unknown", fp); - for (av = evlog->argv + 1; *av != NULL; av++) { - fputc(' ', fp); - fputs(*av, fp); - } - fputc('\n', fp); - fflush(fp); - if ((error = ferror(fp))) { - sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO|SUDO_DEBUG_ERRNO, - "unable to write to I/O log file %s/log", evlog->iolog_path); - } - fclose(fp); - - debug_return_bool(!error); -} - -/* - * Write the "log.json" file that contains the user and command info. - * This file is not compressed. - */ -static bool -iolog_write_info_file_json(int dfd, struct eventlog *evlog) -{ - struct json_container json; - struct json_value json_value; - bool ret = false; - FILE *fp = NULL; - int fd = -1; - debug_decl(iolog_write_info_file_json, SUDO_DEBUG_UTIL); - - if (!sudo_json_init(&json, 4, false, false)) - debug_return_bool(false); - - /* Timestamp */ - if (!sudo_json_open_object(&json, "timestamp")) - goto oom; - - json_value.type = JSON_NUMBER; - json_value.u.number = evlog->submit_time.tv_sec; - if (!sudo_json_add_value(&json, "seconds", &json_value)) - goto oom; - - json_value.type = JSON_NUMBER; - json_value.u.number = evlog->submit_time.tv_nsec; - if (!sudo_json_add_value(&json, "nanoseconds", &json_value)) - goto oom; - - if (!sudo_json_close_object(&json)) - goto oom; - - if (!eventlog_store_json(&json, evlog)) - goto done; - - fd = iolog_openat(dfd, "log.json", O_CREAT|O_TRUNC|O_WRONLY); - if (fd == -1 || (fp = fdopen(fd, "w")) == NULL) { - sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO|SUDO_DEBUG_ERRNO, - "unable to open %s/log.json", evlog->iolog_path); - goto done; - } - - if (fchown(fd, iolog_uid, iolog_gid) != 0) { - sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_ERRNO, - "%s: unable to fchown %d:%d %s/log", __func__, - (int)iolog_uid, (int)iolog_gid, evlog->iolog_path); - } - fd = -1; - - fprintf(fp, "{%s\n}\n", sudo_json_get_buf(&json)); - fflush(fp); - if (ferror(fp)) { - sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO|SUDO_DEBUG_ERRNO, - "unable to write to I/O log file %s/log.json", evlog->iolog_path); - goto done; - } - - ret = true; - goto done; - -oom: - sudo_warnx(U_("%s: %s"), __func__, U_("unable to allocate memory")); -done: - sudo_json_free(&json); - if (fp != NULL) - fclose(fp); - if (fd != -1) - close(fd); - - debug_return_bool(ret); -} - -/* - * Write the I/O log and log.json files that contain user and command info. - * These files are not compressed. - */ -bool -iolog_write_info_file(int dfd, struct eventlog *evlog) -{ - debug_decl(iolog_write_info_file, SUDO_DEBUG_UTIL); - - if (!iolog_write_info_file_legacy(dfd, evlog)) - debug_return_bool(false); - if (!iolog_write_info_file_json(dfd, evlog)) - debug_return_bool(false); - - debug_return_bool(true); -} - -/* - * Map IOFD_* -> name. - */ -const char * -iolog_fd_to_name(int iofd) -{ - const char *ret; - debug_decl(iolog_fd_to_name, SUDO_DEBUG_UTIL); - - switch (iofd) { - case IOFD_STDIN: - ret = "stdin"; - break; - case IOFD_STDOUT: - ret = "stdout"; - break; - case IOFD_STDERR: - ret = "stderr"; - break; - case IOFD_TTYIN: - ret = "ttyin"; - break; - case IOFD_TTYOUT: - ret = "ttyout"; - break; - case IOFD_TIMING: - ret = "timing"; - break; - default: - ret = "unknown"; - sudo_debug_printf(SUDO_DEBUG_ERROR, "%s: unexpected iofd %d", - __func__, iofd); - break; - } - debug_return_const_str(ret); -} diff -Nru sudo-1.9.5p2/lib/iolog/iolog_flush.c sudo-1.9.9/lib/iolog/iolog_flush.c --- sudo-1.9.5p2/lib/iolog/iolog_flush.c 1970-01-01 00:00:00.000000000 +0000 +++ sudo-1.9.9/lib/iolog/iolog_flush.c 2022-01-27 21:24:22.000000000 +0000 @@ -0,0 +1,66 @@ +/* + * SPDX-License-Identifier: ISC + * + * Copyright (c) 2021 Todd C. Miller + * + * Permission to use, copy, modify, and distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR + * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN + * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF + * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + */ + +/* + * This is an open source non-commercial project. Dear PVS-Studio, please check it. + * PVS-Studio Static Code Analyzer for C, C++ and C#: http://www.viva64.com + */ + +#include + +#include +#include +#include +#include + +#include "sudo_compat.h" +#include "sudo_debug.h" +#include "sudo_iolog.h" + +/* + * I/O log wrapper for fflush/gzflush. + */ +bool +iolog_flush(struct iolog_file *iol, const char **errstr) +{ + debug_decl(iolog_flush, SUDO_DEBUG_UTIL); + bool ret = true; + +#ifdef HAVE_ZLIB_H + if (iol->compressed) { + int errnum; + if (gzflush(iol->fd.g, Z_SYNC_FLUSH) != Z_OK) { + if (errstr != NULL) { + *errstr = gzerror(iol->fd.g, &errnum); + if (errnum == Z_ERRNO) + *errstr = strerror(errno); + } + ret = false; + } + } else +#endif + { + if (fflush(iol->fd.f) != 0) { + if (errstr != NULL) + *errstr = strerror(errno); + ret = false; + } + } + + debug_return_bool(ret); +} diff -Nru sudo-1.9.5p2/lib/iolog/iolog_gets.c sudo-1.9.9/lib/iolog/iolog_gets.c --- sudo-1.9.5p2/lib/iolog/iolog_gets.c 1970-01-01 00:00:00.000000000 +0000 +++ sudo-1.9.9/lib/iolog/iolog_gets.c 2022-01-27 21:24:06.000000000 +0000 @@ -0,0 +1,78 @@ +/* + * SPDX-License-Identifier: ISC + * + * Copyright (c) 2009-2021 Todd C. Miller + * + * Permission to use, copy, modify, and distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR + * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN + * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF + * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + */ + +/* + * This is an open source non-commercial project. Dear PVS-Studio, please check it. + * PVS-Studio Static Code Analyzer for C, C++ and C#: http://www.viva64.com + */ + +#include + +#include +#include +#ifdef HAVE_STDBOOL_H +# include +#else +# include "compat/stdbool.h" +#endif +#include +#include +#include +#include + +#include "sudo_compat.h" +#include "sudo_debug.h" +#include "sudo_iolog.h" + +/* + * Like gets() but for struct iolog_file. + */ +char * +iolog_gets(struct iolog_file *iol, char *buf, size_t nbytes, + const char **errstr) +{ + char *str; + debug_decl(iolog_gets, SUDO_DEBUG_UTIL); + + if (nbytes > UINT_MAX) { + errno = EINVAL; + if (errstr != NULL) + *errstr = strerror(errno); + debug_return_str(NULL); + } + +#ifdef HAVE_ZLIB_H + if (iol->compressed) { + if ((str = gzgets(iol->fd.g, buf, nbytes)) == NULL) { + if (errstr != NULL) { + int errnum; + *errstr = gzerror(iol->fd.g, &errnum); + if (errnum == Z_ERRNO) + *errstr = strerror(errno); + } + } + } else +#endif + { + if ((str = fgets(buf, nbytes, iol->fd.f)) == NULL) { + if (errstr != NULL) + *errstr = strerror(errno); + } + } + debug_return_str(str); +} diff -Nru sudo-1.9.5p2/lib/iolog/iolog_json.c sudo-1.9.9/lib/iolog/iolog_json.c --- sudo-1.9.5p2/lib/iolog/iolog_json.c 2020-12-17 01:33:43.000000000 +0000 +++ sudo-1.9.9/lib/iolog/iolog_json.c 2022-01-27 21:24:22.000000000 +0000 @@ -1,7 +1,7 @@ /* * SPDX-License-Identifier: ISC * - * Copyright (c) 2020 Todd C. Miller + * Copyright (c) 2020-2021 Todd C. Miller * * Permission to use, copy, modify, and distribute this software for any * purpose with or without fee is hereby granted, provided that the above @@ -79,12 +79,38 @@ * Note: struct eventlog must store command + args. * We don't have argv yet so we append the args later. */ + free(evlog->command); evlog->command = item->u.string; item->u.string = NULL; debug_return_bool(true); } static bool +json_store_dumped_core(struct json_item *item, struct eventlog *evlog) +{ + debug_decl(json_store_dumped_core, SUDO_DEBUG_UTIL); + + evlog->dumped_core = item->u.boolean; + debug_return_bool(true); +} + +static bool +json_store_exit_value(struct json_item *item, struct eventlog *evlog) +{ + debug_decl(json_store_exit_value, SUDO_DEBUG_UTIL); + + if (item->u.number < 0 || item->u.number > INT_MAX) { + sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO, + "exit value %lld: out of range", item->u.number); + evlog->exit_value = -1; + debug_return_bool(false); + } + + evlog->exit_value = item->u.number; + debug_return_bool(true); +} + +static bool json_store_lines(struct json_item *item, struct eventlog *evlog) { debug_decl(json_store_lines, SUDO_DEBUG_UTIL); @@ -114,7 +140,11 @@ sudo_warnx(U_("expected JSON_STRING, got %d"), item->type); debug_return_ptr(NULL); } - len++; + /* Prevent integer overflow. */ + if (++len == INT_MAX) { + sudo_warnx("%s", U_("JSON_ARRAY too large")); + debug_return_ptr(NULL); + } } if ((ret = reallocarray(NULL, len + 1, sizeof(char *))) == NULL) { sudo_warnx(U_("%s: %s"), __func__, U_("unable to allocate memory")); @@ -133,8 +163,14 @@ static bool json_store_runargv(struct json_item *item, struct eventlog *evlog) { + int i; debug_decl(json_store_runargv, SUDO_DEBUG_UTIL); + if (evlog->argv != NULL) { + for (i = 0; evlog->argv[i] != NULL; i++) + free(evlog->argv[i]); + free(evlog->argv); + } evlog->argv = json_array_to_strvec(&item->u.child); debug_return_bool(evlog->argv != NULL); @@ -143,8 +179,14 @@ static bool json_store_runenv(struct json_item *item, struct eventlog *evlog) { + int i; debug_decl(json_store_runenv, SUDO_DEBUG_UTIL); + if (evlog->envp != NULL) { + for (i = 0; evlog->envp[i] != NULL; i++) + free(evlog->envp[i]); + free(evlog->envp); + } evlog->envp = json_array_to_strvec(&item->u.child); debug_return_bool(evlog->envp != NULL); @@ -164,6 +206,7 @@ { debug_decl(json_store_rungroup, SUDO_DEBUG_UTIL); + free(evlog->rungroup); evlog->rungroup = item->u.string; item->u.string = NULL; debug_return_bool(true); @@ -183,6 +226,7 @@ { debug_decl(json_store_runuser, SUDO_DEBUG_UTIL); + free(evlog->runuser); evlog->runuser = item->u.string; item->u.string = NULL; debug_return_bool(true); @@ -193,6 +237,7 @@ { debug_decl(json_store_runchroot, SUDO_DEBUG_UTIL); + free(evlog->runchroot); evlog->runchroot = item->u.string; item->u.string = NULL; debug_return_bool(true); @@ -203,16 +248,29 @@ { debug_decl(json_store_runcwd, SUDO_DEBUG_UTIL); + free(evlog->runcwd); evlog->runcwd = item->u.string; item->u.string = NULL; debug_return_bool(true); } static bool +json_store_signal(struct json_item *item, struct eventlog *evlog) +{ + debug_decl(json_store_signal, SUDO_DEBUG_UTIL); + + free(evlog->signal_name); + evlog->signal_name = item->u.string; + item->u.string = NULL; + debug_return_bool(true); +} + +static bool json_store_submitcwd(struct json_item *item, struct eventlog *evlog) { debug_decl(json_store_submitcwd, SUDO_DEBUG_UTIL); + free(evlog->cwd); evlog->cwd = item->u.string; item->u.string = NULL; debug_return_bool(true); @@ -223,6 +281,7 @@ { debug_decl(json_store_submithost, SUDO_DEBUG_UTIL); + free(evlog->submithost); evlog->submithost = item->u.string; item->u.string = NULL; debug_return_bool(true); @@ -233,27 +292,28 @@ { debug_decl(json_store_submituser, SUDO_DEBUG_UTIL); + free(evlog->submituser); evlog->submituser = item->u.string; item->u.string = NULL; debug_return_bool(true); } static bool -json_store_timestamp(struct json_item *item, struct eventlog *evlog) +json_store_timespec(struct json_item *item, struct timespec *ts) { struct json_object *object; - debug_decl(json_store_timestamp, SUDO_DEBUG_UTIL); + debug_decl(json_store_timespec, SUDO_DEBUG_UTIL); object = &item->u.child; TAILQ_FOREACH(item, &object->items, entries) { if (item->type != JSON_NUMBER) continue; if (strcmp(item->name, "seconds") == 0) { - evlog->submit_time.tv_sec = item->u.number; + ts->tv_sec = item->u.number; continue; } if (strcmp(item->name, "nanoseconds") == 0) { - evlog->submit_time.tv_nsec = item->u.number; + ts->tv_nsec = item->u.number; continue; } } @@ -261,10 +321,23 @@ } static bool +json_store_run_time(struct json_item *item, struct eventlog *evlog) +{ + return json_store_timespec(item, &evlog->run_time); +} + +static bool +json_store_timestamp(struct json_item *item, struct eventlog *evlog) +{ + return json_store_timespec(item, &evlog->submit_time); +} + +static bool json_store_ttyname(struct json_item *item, struct eventlog *evlog) { debug_decl(json_store_ttyname, SUDO_DEBUG_UTIL); + free(evlog->ttyname); evlog->ttyname = item->u.string; item->u.string = NULL; debug_return_bool(true); @@ -277,7 +350,10 @@ } iolog_json_keys[] = { { "columns", JSON_NUMBER, json_store_columns }, { "command", JSON_STRING, json_store_command }, + { "dumped_core", JSON_BOOL, json_store_dumped_core }, + { "exit_value", JSON_NUMBER, json_store_exit_value }, { "lines", JSON_NUMBER, json_store_lines }, + { "run_time", JSON_OBJECT, json_store_run_time }, { "runargv", JSON_ARRAY, json_store_runargv }, { "runenv", JSON_ARRAY, json_store_runenv }, { "rungid", JSON_ID, json_store_rungid }, @@ -286,6 +362,7 @@ { "runuser", JSON_STRING, json_store_runuser }, { "runchroot", JSON_STRING, json_store_runchroot }, { "runcwd", JSON_STRING, json_store_runcwd }, + { "signal", JSON_STRING, json_store_signal }, { "submitcwd", JSON_STRING, json_store_submitcwd }, { "submithost", JSON_STRING, json_store_submithost }, { "submituser", JSON_STRING, json_store_submituser }, @@ -331,8 +408,10 @@ /* Copy string, flattening escaped chars. */ dst = ret = malloc(len + 1); - if (dst == NULL) - sudo_fatalx(U_("%s: %s"), __func__, U_("unable to allocate memory")); + if (dst == NULL) { + sudo_warnx(U_("%s: %s"), __func__, U_("unable to allocate memory")); + debug_return_str(NULL); + } while (src < end) { char ch = *src++; /* TODO: handle unicode escapes */ @@ -391,7 +470,15 @@ case JSON_OBJECT: free_json_items(&item->u.child.items); break; + case JSON_ID: + case JSON_NUMBER: + case JSON_BOOL: + case JSON_NULL: + /* Nothing to free. */ + break; default: + sudo_warnx("%s: internal error, invalid JSON type %d", + __func__, item->type); break; } free(item->name); @@ -410,6 +497,10 @@ /* First object holds all the actual data. */ item = TAILQ_FIRST(&object->items); + if (item == NULL) { + sudo_warnx("%s", U_("missing JSON_OBJECT")); + goto done; + } if (item->type != JSON_OBJECT) { sudo_warnx(U_("expected JSON_OBJECT, got %d"), item->type); goto done; @@ -419,6 +510,13 @@ TAILQ_FOREACH(item, &object->items, entries) { struct iolog_json_key *key; + /* expecting key:value pairs */ + if (item->name == NULL) { + sudo_debug_printf(SUDO_DEBUG_WARN|SUDO_DEBUG_LINENO, + "%s: missing object name", __func__); + goto done; + } + /* lookup name */ for (key = iolog_json_keys; key->name != NULL; key++) { if (strcmp(item->name, key->name) == 0) @@ -444,32 +542,42 @@ } /* Merge cmd and argv as sudoreplay expects. */ - if (evlog->command != NULL && evlog->argv != NULL) { - size_t len = strlen(evlog->command) + 1; - char *newcmd; + if (evlog->command != NULL && evlog->argv != NULL && evlog->argv[0] != NULL) { + size_t len, bufsize = strlen(evlog->command) + 1; + char *cp, *buf; int ac; /* Skip argv[0], we use evlog->command instead. */ for (ac = 1; evlog->argv[ac] != NULL; ac++) - len += strlen(evlog->argv[ac]) + 1; + bufsize += strlen(evlog->argv[ac]) + 1; - if ((newcmd = malloc(len)) == NULL) { + if ((buf = malloc(bufsize)) == NULL) { sudo_warnx(U_("%s: %s"), __func__, U_("unable to allocate memory")); goto done; } + cp = buf; - /* TODO: optimize this. */ - if (strlcpy(newcmd, evlog->command, len) >= len) + len = strlcpy(cp, evlog->command, bufsize); + if (len >= bufsize) sudo_fatalx(U_("internal error, %s overflow"), __func__); + cp += len; + bufsize -= len; + for (ac = 1; evlog->argv[ac] != NULL; ac++) { - if (strlcat(newcmd, " ", len) >= len) + if (bufsize < 2) sudo_fatalx(U_("internal error, %s overflow"), __func__); - if (strlcat(newcmd, evlog->argv[ac], len) >= len) + *cp++ = ' '; + bufsize--; + + len = strlcpy(cp, evlog->argv[ac], bufsize); + if (len >= bufsize) sudo_fatalx(U_("internal error, %s overflow"), __func__); + cp += len; + bufsize -= len; } free(evlog->command); - evlog->command = newcmd; + evlog->command = buf; } ret = true; @@ -546,7 +654,13 @@ unsigned int lineno) { struct json_item *item; - debug_decl(iolog_parse_loginfo_json, SUDO_DEBUG_UTIL); + debug_decl(json_stack_push, SUDO_DEBUG_UTIL); + + /* We limit the stack size rather than expanding it. */ + if (stack->depth >= stack->maxdepth) { + sudo_warnx(U_("json stack exhausted (max %u frames)"), stack->maxdepth); + debug_return_ptr(NULL); + } /* Allocate a new item and insert it into the list. */ if ((item = new_json_item(type, name, lineno)) == NULL) @@ -555,9 +669,7 @@ item->u.child.parent = item; TAILQ_INSERT_TAIL(items, item, entries); - /* Push the current frame onto the stack. */ - if (stack->depth == stack->maxdepth) - sudo_fatalx(U_("internal error, %s overflow"), __func__); + /* Push the current frame onto the stack (depth check performed above). */ stack->frames[stack->depth++] = frame; /* Return the new frame */ @@ -574,10 +686,11 @@ struct json_stack stack = JSON_STACK_INTIALIZER(stack); unsigned int lineno = 0; char *name = NULL; - char *buf = NULL; + char *cp, *buf = NULL; size_t bufsize = 0; ssize_t len; bool ret = false; + bool saw_comma = false; long long num; char ch; debug_decl(iolog_parse_json, SUDO_DEBUG_UTIL); @@ -586,8 +699,8 @@ TAILQ_INIT(&root->items); while ((len = getdelim(&buf, &bufsize, '\n', fp)) != -1) { - char *cp = buf; char *ep = buf + len - 1; + cp = buf; lineno++; @@ -603,143 +716,205 @@ while (isspace((unsigned char)*cp)) cp++; - /* Strip out commas. TODO: require commas between values. */ + /* Check for comma separator and strip it out. */ if (*cp == ',') { + saw_comma = true; cp++; while (isspace((unsigned char)*cp)) cp++; } + /* End of line? */ if (*cp == '\0') break; switch (*cp) { case '{': + if (name == NULL && frame->parent != NULL) { + sudo_warnx("%s:%u:%td: %s", filename, lineno, cp - buf, + U_("objects must consist of name:value pairs")); + goto done; + } + if (!saw_comma && !TAILQ_EMPTY(&frame->items)) { + sudo_warnx("%s:%u:%td: %s", filename, lineno, cp - buf, + U_("missing separator between values")); + goto done; + } cp++; + saw_comma = false; frame = json_stack_push(&stack, &frame->items, frame, JSON_OBJECT, name, lineno); if (frame == NULL) - goto parse_error; + goto done; name = NULL; break; case '}': - cp++; if (stack.depth == 0 || frame->parent == NULL || frame->parent->type != JSON_OBJECT) { - sudo_warnx("%s", U_("unmatched close brace")); - goto parse_error; + sudo_warnx("%s:%u:%td: %s", filename, lineno, cp - buf, + U_("unmatched close brace")); + goto done; } + cp++; frame = stack.frames[--stack.depth]; + saw_comma = false; break; case '[': - cp++; if (frame->parent == NULL) { /* Must have an enclosing object. */ - sudo_warnx("%s", U_("unexpected array")); - goto parse_error; + sudo_warnx("%s:%u:%td: %s", filename, lineno, cp - buf, + U_("unexpected array")); + goto done; + } + if (!saw_comma && !TAILQ_EMPTY(&frame->items)) { + sudo_warnx("%s:%u:%td: %s", filename, lineno, cp - buf, + U_("missing separator between values")); + goto done; } + cp++; + saw_comma = false; frame = json_stack_push(&stack, &frame->items, frame, JSON_ARRAY, name, lineno); if (frame == NULL) - goto parse_error; + goto done; name = NULL; break; case ']': - cp++; if (stack.depth == 0 || frame->parent == NULL || frame->parent->type != JSON_ARRAY) { - sudo_warnx("%s", U_("unmatched close bracket")); - goto parse_error; + sudo_warnx("%s:%u:%td: %s", filename, lineno, cp - buf, + U_("unmatched close bracket")); + goto done; } + cp++; frame = stack.frames[--stack.depth]; + saw_comma = false; break; case '"': if (frame->parent == NULL) { /* Must have an enclosing object. */ - sudo_warnx("%s", U_("unexpected string")); - goto parse_error; + sudo_warnx("%s:%u:%td: %s", filename, lineno, cp - buf, + U_("unexpected string")); + goto done; } if (!expect_value) { /* Parse "name": */ if ((name = json_parse_string(&cp)) == NULL) - goto parse_error; + goto done; /* TODO: allow colon on next line? */ - if (*cp++ != ':') { - sudo_warnx("%s", U_("missing colon after name")); - goto parse_error; + if (*cp != ':') { + sudo_warnx("%s:%u:%td: %s", filename, lineno, cp - buf, + U_("missing colon after name")); + goto done; } + cp++; } else { + if (!saw_comma && !TAILQ_EMPTY(&frame->items)) { + sudo_warnx("%s:%u:%td: %s", filename, lineno, cp - buf, + U_("missing separator between values")); + goto done; + } + saw_comma = false; if (!json_insert_str(&frame->items, name, &cp, lineno)) - goto parse_error; + goto done; name = NULL; } break; case 't': - if (!expect_value) { - sudo_warnx("%s", U_("unexpected boolean")); - goto parse_error; - } if (strncmp(cp, "true", sizeof("true") - 1) != 0) goto parse_error; + if (!expect_value) { + sudo_warnx("%s:%u:%td: %s", filename, lineno, cp - buf, + U_("unexpected boolean")); + goto done; + } cp += sizeof("true") - 1; if (*cp != ',' && !isspace((unsigned char)*cp) && *cp != '\0') goto parse_error; + if (!saw_comma && !TAILQ_EMPTY(&frame->items)) { + sudo_warnx("%s:%u:%td: %s", filename, lineno, cp - buf, + U_("missing separator between values")); + goto done; + } + saw_comma = false; if (!json_insert_bool(&frame->items, name, true, lineno)) - goto parse_error; + goto done; name = NULL; break; case 'f': - if (!expect_value) { - sudo_warnx("%s", U_("unexpected boolean")); - goto parse_error; - } if (strncmp(cp, "false", sizeof("false") - 1) != 0) goto parse_error; + if (!expect_value) { + sudo_warnx("%s:%u:%td: %s", filename, lineno, cp - buf, + U_("unexpected boolean")); + goto done; + } cp += sizeof("false") - 1; if (*cp != ',' && !isspace((unsigned char)*cp) && *cp != '\0') goto parse_error; + if (!saw_comma && !TAILQ_EMPTY(&frame->items)) { + sudo_warnx("%s:%u:%td: %s", filename, lineno, cp - buf, + U_("missing separator between values")); + goto done; + } + saw_comma = false; if (!json_insert_bool(&frame->items, name, false, lineno)) - goto parse_error; + goto done; name = NULL; break; case 'n': - if (!expect_value) { - sudo_warnx("%s", U_("unexpected boolean")); - goto parse_error; - } if (strncmp(cp, "null", sizeof("null") - 1) != 0) goto parse_error; + if (!expect_value) { + sudo_warnx("%s:%u:%td: %s", filename, lineno, cp - buf, + U_("unexpected null")); + goto done; + } cp += sizeof("null") - 1; if (*cp != ',' && !isspace((unsigned char)*cp) && *cp != '\0') goto parse_error; + if (!saw_comma && !TAILQ_EMPTY(&frame->items)) { + sudo_warnx("%s:%u:%td: %s", filename, lineno, cp - buf, + U_("missing separator between values")); + goto done; + } + saw_comma = false; if (!json_insert_null(&frame->items, name, lineno)) - goto parse_error; + goto done; name = NULL; break; case '+': case '-': case '0': case '1': case '2': case '3': case '4': case '5': case '6': case '7': case '8': case '9': if (!expect_value) { - sudo_warnx("%s", U_("unexpected number")); - goto parse_error; + sudo_warnx("%s:%u:%td: %s", filename, lineno, cp - buf, + U_("unexpected number")); + goto done; } /* XXX - strtonumx() would be simpler here. */ len = strcspn(cp, " \f\n\r\t\v,"); ch = cp[len]; cp[len] = '\0'; + if (!saw_comma && !TAILQ_EMPTY(&frame->items)) { + sudo_warnx("%s:%u:%td: %s", filename, lineno, cp - buf, + U_("missing separator between values")); + goto done; + } + saw_comma = false; num = sudo_strtonum(cp, LLONG_MIN, LLONG_MAX, &errstr); if (errstr != NULL) { - sudo_warnx(U_("%s: %s"), cp, U_(errstr)); - goto parse_error; + sudo_warnx("%s:%u:%td: %s: %s", filename, lineno, cp - buf, + cp, U_(errstr)); + goto done; } cp += len; *cp = ch; if (!json_insert_num(&frame->items, name, num, lineno)) - goto parse_error; + goto done; name = NULL; break; default: @@ -749,18 +924,21 @@ } if (stack.depth != 0) { frame = stack.frames[stack.depth - 1]; - if (frame->parent == NULL || frame->parent->type == JSON_OBJECT) - sudo_warnx("%s", U_("unmatched close brace")); - else - sudo_warnx("%s", U_("unmatched close bracket")); - goto parse_error; + if (frame->parent == NULL || frame->parent->type == JSON_OBJECT) { + sudo_warnx("%s:%u:%td: %s", filename, lineno, cp - buf, + U_("unmatched close brace")); + } else { + sudo_warnx("%s:%u:%td: %s", filename, lineno, cp - buf, + U_("unmatched close bracket")); + } + goto done; } ret = true; goto done; parse_error: - sudo_warnx(U_("%s:%u unable to parse \"%s\""), filename, lineno, buf); + sudo_warnx("%s:%u:%td: %s", filename, lineno, cp - buf, U_("parse error")); done: free(buf); free(name); diff -Nru sudo-1.9.5p2/lib/iolog/iolog_legacy.c sudo-1.9.9/lib/iolog/iolog_legacy.c --- sudo-1.9.5p2/lib/iolog/iolog_legacy.c 1970-01-01 00:00:00.000000000 +0000 +++ sudo-1.9.9/lib/iolog/iolog_legacy.c 2022-01-27 21:24:06.000000000 +0000 @@ -0,0 +1,168 @@ +/* + * SPDX-License-Identifier: ISC + * + * Copyright (c) 2009-2020 Todd C. Miller + * + * Permission to use, copy, modify, and distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR + * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN + * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF + * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + */ + +/* + * This is an open source non-commercial project. Dear PVS-Studio, please check it. + * PVS-Studio Static Code Analyzer for C, C++ and C#: http://www.viva64.com + */ + +#include + +#include +#include +#ifdef HAVE_STDBOOL_H +# include +#else +# include "compat/stdbool.h" +#endif /* HAVE_STDBOOL_H */ +#include +#include +#include +#include + +#include "sudo_compat.h" +#include "sudo_debug.h" +#include "sudo_eventlog.h" +#include "sudo_fatal.h" +#include "sudo_gettext.h" +#include "sudo_iolog.h" +#include "sudo_util.h" + +bool +iolog_parse_loginfo_legacy(FILE *fp, const char *iolog_dir, + struct eventlog *evlog) +{ + char *buf = NULL, *cp, *ep; + const char *errstr; + size_t bufsize = 0, cwdsize = 0, cmdsize = 0; + bool ret = false; + debug_decl(iolog_parse_loginfo_legacy, SUDO_DEBUG_UTIL); + + /* + * Info file has three lines: + * 1) a log info line + * 2) cwd + * 3) command with args + */ + if (getdelim(&buf, &bufsize, '\n', fp) == -1 || + getdelim(&evlog->cwd, &cwdsize, '\n', fp) == -1 || + getdelim(&evlog->command, &cmdsize, '\n', fp) == -1) { + sudo_warn(U_("%s: invalid log file"), iolog_dir); + goto done; + } + + /* Strip the newline from the cwd and command. */ + evlog->cwd[strcspn(evlog->cwd, "\n")] = '\0'; + evlog->command[strcspn(evlog->command, "\n")] = '\0'; + + /* + * Crack the log line (lines and cols not present in old versions). + * timestamp:user:runas_user:runas_group:tty:lines:cols + * XXX - probably better to use strtok and switch on the state. + */ + buf[strcspn(buf, "\n")] = '\0'; + cp = buf; + + /* timestamp */ + if ((ep = strchr(cp, ':')) == NULL) { + sudo_warn(U_("%s: time stamp field is missing"), iolog_dir); + goto done; + } + *ep = '\0'; + evlog->submit_time.tv_sec = sudo_strtonum(cp, 0, TIME_T_MAX, &errstr); + if (errstr != NULL) { + sudo_warn(U_("%s: time stamp %s: %s"), iolog_dir, cp, errstr); + goto done; + } + + /* submit user */ + cp = ep + 1; + if ((ep = strchr(cp, ':')) == NULL) { + sudo_warn(U_("%s: user field is missing"), iolog_dir); + goto done; + } + if ((evlog->submituser = strndup(cp, (size_t)(ep - cp))) == NULL) { + sudo_warnx(U_("%s: %s"), __func__, U_("unable to allocate memory")); + goto done; + } + + /* runas user */ + cp = ep + 1; + if ((ep = strchr(cp, ':')) == NULL) { + sudo_warn(U_("%s: runas user field is missing"), iolog_dir); + goto done; + } + if ((evlog->runuser = strndup(cp, (size_t)(ep - cp))) == NULL) { + sudo_warnx(U_("%s: %s"), __func__, U_("unable to allocate memory")); + goto done; + } + + /* runas group */ + cp = ep + 1; + if ((ep = strchr(cp, ':')) == NULL) { + sudo_warn(U_("%s: runas group field is missing"), iolog_dir); + goto done; + } + if (cp != ep) { + if ((evlog->rungroup = strndup(cp, (size_t)(ep - cp))) == NULL) { + sudo_warnx(U_("%s: %s"), __func__, U_("unable to allocate memory")); + goto done; + } + } + + /* tty, followed by optional lines + cols */ + cp = ep + 1; + if ((ep = strchr(cp, ':')) == NULL) { + /* just the tty */ + if ((evlog->ttyname = strdup(cp)) == NULL) { + sudo_warnx(U_("%s: %s"), __func__, U_("unable to allocate memory")); + goto done; + } + } else { + /* tty followed by lines + cols */ + if ((evlog->ttyname = strndup(cp, (size_t)(ep - cp))) == NULL) { + sudo_warnx(U_("%s: %s"), __func__, U_("unable to allocate memory")); + goto done; + } + cp = ep + 1; + /* need to NULL out separator to use sudo_strtonum() */ + /* XXX - use sudo_strtonumx */ + if ((ep = strchr(cp, ':')) != NULL) { + *ep = '\0'; + } + evlog->lines = sudo_strtonum(cp, 1, INT_MAX, &errstr); + if (errstr != NULL) { + sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO, + "%s: tty lines %s: %s", iolog_dir, cp, errstr); + } + if (ep != NULL) { + cp = ep + 1; + evlog->columns = sudo_strtonum(cp, 1, INT_MAX, &errstr); + if (errstr != NULL) { + sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO, + "%s: tty cols %s: %s", iolog_dir, cp, errstr); + } + } + } + + ret = true; + +done: + free(buf); + debug_return_bool(ret); +} diff -Nru sudo-1.9.5p2/lib/iolog/iolog_loginfo.c sudo-1.9.9/lib/iolog/iolog_loginfo.c --- sudo-1.9.5p2/lib/iolog/iolog_loginfo.c 1970-01-01 00:00:00.000000000 +0000 +++ sudo-1.9.9/lib/iolog/iolog_loginfo.c 2022-01-27 21:24:22.000000000 +0000 @@ -0,0 +1,238 @@ +/* + * SPDX-License-Identifier: ISC + * + * Copyright (c) 2009-2020 Todd C. Miller + * + * Permission to use, copy, modify, and distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR + * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN + * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF + * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + */ + +/* + * This is an open source non-commercial project. Dear PVS-Studio, please check it. + * PVS-Studio Static Code Analyzer for C, C++ and C#: http://www.viva64.com + */ + +#include + +#include +#include +#ifdef HAVE_STDBOOL_H +# include +#else +# include "compat/stdbool.h" +#endif /* HAVE_STDBOOL_H */ +#include +#include +#include + +#include "sudo_compat.h" +#include "sudo_debug.h" +#include "sudo_eventlog.h" +#include "sudo_fatal.h" +#include "sudo_gettext.h" +#include "sudo_json.h" +#include "sudo_iolog.h" +#include "sudo_util.h" + +struct eventlog * +iolog_parse_loginfo(int dfd, const char *iolog_dir) +{ + struct eventlog *evlog = NULL; + FILE *fp = NULL; + int fd = -1; + int tmpfd = -1; + bool ok, legacy = false; + debug_decl(iolog_parse_loginfo, SUDO_DEBUG_UTIL); + + if (dfd == -1) { + if ((tmpfd = open(iolog_dir, O_RDONLY)) == -1) { + sudo_warn("%s", iolog_dir); + goto bad; + } + dfd = tmpfd; + } + if ((fd = openat(dfd, "log.json", O_RDONLY, 0)) == -1) { + fd = openat(dfd, "log", O_RDONLY, 0); + legacy = true; + } + if (tmpfd != -1) + close(tmpfd); + if (fd == -1 || (fp = fdopen(fd, "r")) == NULL) { + sudo_warn("%s/log", iolog_dir); + goto bad; + } + fd = -1; + + if ((evlog = calloc(1, sizeof(*evlog))) == NULL) { + sudo_warnx(U_("%s: %s"), __func__, U_("unable to allocate memory")); + goto bad; + } + evlog->runuid = (uid_t)-1; + evlog->rungid = (gid_t)-1; + evlog->exit_value = -1; + + ok = legacy ? iolog_parse_loginfo_legacy(fp, iolog_dir, evlog) : + iolog_parse_loginfo_json(fp, iolog_dir, evlog); + if (ok) { + fclose(fp); + debug_return_ptr(evlog); + } + +bad: + if (fd != -1) + close(fd); + if (fp != NULL) + fclose(fp); + eventlog_free(evlog); + debug_return_ptr(NULL); +} + +/* + * Write the legacy I/O log file that contains the user and command info. + * This file is not compressed. + */ +static bool +iolog_write_info_file_legacy(int dfd, struct eventlog *evlog) +{ + char * const *av; + FILE *fp; + int error, fd; + debug_decl(iolog_info_write_log, SUDO_DEBUG_UTIL); + + fd = iolog_openat(dfd, "log", O_CREAT|O_TRUNC|O_WRONLY); + if (fd == -1 || (fp = fdopen(fd, "w")) == NULL) { + sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO|SUDO_DEBUG_ERRNO, + "unable to %sopen %s/log", fd == -1 ? "" : "fd", evlog->iolog_path); + if (fd != -1) + close(fd); + debug_return_bool(false); + } + if (fchown(fd, iolog_get_uid(), iolog_get_gid()) != 0) { + sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_ERRNO, + "%s: unable to fchown %d:%d %s/log", __func__, + (int)iolog_get_uid(), (int)iolog_get_gid(), evlog->iolog_path); + } + + fprintf(fp, "%lld:%s:%s:%s:%s:%d:%d\n%s\n", + (long long)evlog->submit_time.tv_sec, + evlog->submituser ? evlog->submituser : "unknown", + evlog->runuser ? evlog->runuser : RUNAS_DEFAULT, + evlog->rungroup ? evlog->rungroup : "", + evlog->ttyname ? evlog->ttyname : "unknown", + evlog->lines, evlog->columns, + evlog->cwd ? evlog->cwd : "unknown"); + fputs(evlog->command ? evlog->command : "unknown", fp); + for (av = evlog->argv + 1; *av != NULL; av++) { + fputc(' ', fp); + fputs(*av, fp); + } + fputc('\n', fp); + fflush(fp); + if ((error = ferror(fp))) { + sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO|SUDO_DEBUG_ERRNO, + "unable to write to I/O log file %s/log", evlog->iolog_path); + } + fclose(fp); + + debug_return_bool(!error); +} + +/* + * Write the "log.json" file that contains the user and command info. + * This file is not compressed. + */ +static bool +iolog_write_info_file_json(int dfd, struct eventlog *evlog) +{ + struct json_container json; + struct json_value json_value; + bool ret = false; + FILE *fp = NULL; + int fd = -1; + debug_decl(iolog_write_info_file_json, SUDO_DEBUG_UTIL); + + if (!sudo_json_init(&json, 4, false, false)) + debug_return_bool(false); + + /* Timestamp */ + if (!sudo_json_open_object(&json, "timestamp")) + goto oom; + + json_value.type = JSON_NUMBER; + json_value.u.number = evlog->submit_time.tv_sec; + if (!sudo_json_add_value(&json, "seconds", &json_value)) + goto oom; + + json_value.type = JSON_NUMBER; + json_value.u.number = evlog->submit_time.tv_nsec; + if (!sudo_json_add_value(&json, "nanoseconds", &json_value)) + goto oom; + + if (!sudo_json_close_object(&json)) + goto oom; + + if (!eventlog_store_json(&json, evlog)) + goto done; + + fd = iolog_openat(dfd, "log.json", O_CREAT|O_TRUNC|O_WRONLY); + if (fd == -1 || (fp = fdopen(fd, "w")) == NULL) { + sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO|SUDO_DEBUG_ERRNO, + "unable to %sopen %s/log.json", fd == -1 ? "" : "fd", + evlog->iolog_path); + goto done; + } + if (fchown(fd, iolog_get_uid(), iolog_get_gid()) != 0) { + sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_ERRNO, + "%s: unable to fchown %d:%d %s/log.json", __func__, + (int)iolog_get_uid(), (int)iolog_get_gid(), evlog->iolog_path); + } + fd = -1; + + fprintf(fp, "{%s\n}\n", sudo_json_get_buf(&json)); + fflush(fp); + if (ferror(fp)) { + sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO|SUDO_DEBUG_ERRNO, + "unable to write to I/O log file %s/log.json", evlog->iolog_path); + goto done; + } + + ret = true; + goto done; + +oom: + sudo_warnx(U_("%s: %s"), __func__, U_("unable to allocate memory")); +done: + sudo_json_free(&json); + if (fp != NULL) + fclose(fp); + if (fd != -1) + close(fd); + + debug_return_bool(ret); +} + +/* + * Write the I/O log and log.json files that contain user and command info. + * These files are not compressed. + */ +bool +iolog_write_info_file(int dfd, struct eventlog *evlog) +{ + debug_decl(iolog_write_info_file, SUDO_DEBUG_UTIL); + + if (!iolog_write_info_file_legacy(dfd, evlog)) + debug_return_bool(false); + if (!iolog_write_info_file_json(dfd, evlog)) + debug_return_bool(false); + + debug_return_bool(true); +} diff -Nru sudo-1.9.5p2/lib/iolog/iolog_mkdirs.c sudo-1.9.9/lib/iolog/iolog_mkdirs.c --- sudo-1.9.5p2/lib/iolog/iolog_mkdirs.c 1970-01-01 00:00:00.000000000 +0000 +++ sudo-1.9.9/lib/iolog/iolog_mkdirs.c 2022-01-27 21:24:06.000000000 +0000 @@ -0,0 +1,139 @@ +/* + * SPDX-License-Identifier: ISC + * + * Copyright (c) 2009-2021 Todd C. Miller + * + * Permission to use, copy, modify, and distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR + * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN + * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF + * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + */ + +/* + * This is an open source non-commercial project. Dear PVS-Studio, please check it. + * PVS-Studio Static Code Analyzer for C, C++ and C#: http://www.viva64.com + */ + +#include + +#include +#include +#include +#ifdef HAVE_STDBOOL_H +# include +#else +# include "compat/stdbool.h" +#endif +#include +#include +#include + +#include "sudo_compat.h" +#include "sudo_debug.h" +#include "sudo_fatal.h" +#include "sudo_gettext.h" +#include "sudo_iolog.h" +#include "sudo_util.h" + +/* + * Create directory and any parent directories as needed. + */ +bool +iolog_mkdirs(char *path) +{ + const mode_t iolog_filemode = iolog_get_file_mode(); + const mode_t iolog_dirmode = iolog_get_dir_mode(); + const uid_t iolog_uid = iolog_get_uid(); + const gid_t iolog_gid = iolog_get_gid(); + bool ok = true, uid_changed = false; + struct stat sb; + mode_t omask; + int dfd; + debug_decl(iolog_mkdirs, SUDO_DEBUG_UTIL); + + dfd = open(path, O_RDONLY|O_NONBLOCK); + if (dfd == -1 && errno == EACCES) { + /* Try again as the I/O log owner (for NFS). */ + if (iolog_swapids(false)) { + dfd = open(path, O_RDONLY|O_NONBLOCK); + if (!iolog_swapids(true)) { + ok = false; + goto done; + } + } + } + if (dfd != -1 && fstat(dfd, &sb) != -1) { + if (S_ISDIR(sb.st_mode)) { + if (sb.st_uid != iolog_uid || sb.st_gid != iolog_gid) { + if (fchown(dfd, iolog_uid, iolog_gid) != 0) { + sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_ERRNO, + "%s: unable to chown %d:%d %s", __func__, + (int)iolog_uid, (int)iolog_gid, path); + } + } + if ((sb.st_mode & ALLPERMS) != iolog_dirmode) { + if (fchmod(dfd, iolog_dirmode) != 0) { + sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_ERRNO, + "%s: unable to chmod 0%o %s", __func__, + (int)iolog_dirmode, path); + } + } + } else { + sudo_warnx(U_("%s exists but is not a directory (0%o)"), + path, (unsigned int) sb.st_mode); + ok = false; + } + goto done; + } + + /* umask must not be more restrictive than the file modes. */ + omask = umask(ACCESSPERMS & ~(iolog_filemode|iolog_dirmode)); + + ok = sudo_mkdir_parents(path, iolog_uid, iolog_gid, iolog_dirmode, true); + if (!ok && errno == EACCES) { + /* Try again as the I/O log owner (for NFS). */ + uid_changed = iolog_swapids(false); + if (uid_changed) + ok = sudo_mkdir_parents(path, -1, -1, iolog_dirmode, false); + } + if (ok) { + /* Create final path component. */ + sudo_debug_printf(SUDO_DEBUG_DEBUG|SUDO_DEBUG_LINENO, + "mkdir %s, mode 0%o", path, (unsigned int) iolog_dirmode); + ok = mkdir(path, iolog_dirmode) == 0 || errno == EEXIST; + if (!ok) { + if (errno == EACCES && !uid_changed) { + /* Try again as the I/O log owner (for NFS). */ + uid_changed = iolog_swapids(false); + if (uid_changed) + ok = mkdir(path, iolog_dirmode) == 0 || errno == EEXIST; + } + if (!ok) + sudo_warn(U_("unable to mkdir %s"), path); + } else { + if (chown(path, iolog_uid, iolog_gid) != 0) { + sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_ERRNO, + "%s: unable to chown %d:%d %s", __func__, + (int)iolog_uid, (int)iolog_gid, path); + } + } + } + if (uid_changed) { + if (!iolog_swapids(true)) + ok = false; + } + + umask(omask); + +done: + if (dfd != -1) + close(dfd); + debug_return_bool(ok); +} diff -Nru sudo-1.9.5p2/lib/iolog/iolog_mkdtemp.c sudo-1.9.9/lib/iolog/iolog_mkdtemp.c --- sudo-1.9.5p2/lib/iolog/iolog_mkdtemp.c 1970-01-01 00:00:00.000000000 +0000 +++ sudo-1.9.9/lib/iolog/iolog_mkdtemp.c 2022-01-27 21:24:06.000000000 +0000 @@ -0,0 +1,94 @@ +/* + * SPDX-License-Identifier: ISC + * + * Copyright (c) 2009-2021 Todd C. Miller + * + * Permission to use, copy, modify, and distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR + * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN + * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF + * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + */ + +/* + * This is an open source non-commercial project. Dear PVS-Studio, please check it. + * PVS-Studio Static Code Analyzer for C, C++ and C#: http://www.viva64.com + */ + +#include + +#include +#include +#include +#include +#ifdef HAVE_STDBOOL_H +# include +#else +# include "compat/stdbool.h" +#endif +#include +#include + +#include "sudo_compat.h" +#include "sudo_debug.h" +#include "sudo_fatal.h" +#include "sudo_gettext.h" +#include "sudo_util.h" +#include "sudo_iolog.h" + +/* + * Create temporary directory and any parent directories as needed. + */ +bool +iolog_mkdtemp(char *path) +{ + const mode_t iolog_filemode = iolog_get_file_mode(); + const mode_t iolog_dirmode = iolog_get_dir_mode(); + const uid_t iolog_uid = iolog_get_uid(); + const gid_t iolog_gid = iolog_get_gid(); + bool ok, uid_changed = false; + mode_t omask; + debug_decl(iolog_mkdtemp, SUDO_DEBUG_UTIL); + + /* umask must not be more restrictive than the file modes. */ + omask = umask(ACCESSPERMS & ~(iolog_filemode|iolog_dirmode)); + + ok = sudo_mkdir_parents(path, iolog_uid, iolog_gid, iolog_dirmode, true); + if (!ok && errno == EACCES) { + /* Try again as the I/O log owner (for NFS). */ + uid_changed = iolog_swapids(false); + if (uid_changed) + ok = sudo_mkdir_parents(path, -1, -1, iolog_dirmode, false); + } + if (ok) { + /* Create final path component. */ + sudo_debug_printf(SUDO_DEBUG_DEBUG|SUDO_DEBUG_LINENO, + "mkdtemp %s", path); + /* We cannot retry mkdtemp() so always open as iolog user */ + if (!uid_changed) + uid_changed = iolog_swapids(false); + if (mkdtemp(path) == NULL) { + sudo_warn(U_("unable to mkdir %s"), path); + ok = false; + } else { + if (chmod(path, iolog_dirmode) != 0) { + sudo_warn(U_("unable to change mode of %s to 0%o"), + path, (unsigned int)iolog_dirmode); + } + } + } + + umask(omask); + + if (uid_changed) { + if (!iolog_swapids(true)) + ok = false; + } + debug_return_bool(ok); +} diff -Nru sudo-1.9.5p2/lib/iolog/iolog_mkpath.c sudo-1.9.9/lib/iolog/iolog_mkpath.c --- sudo-1.9.5p2/lib/iolog/iolog_mkpath.c 1970-01-01 00:00:00.000000000 +0000 +++ sudo-1.9.9/lib/iolog/iolog_mkpath.c 2022-01-27 21:24:06.000000000 +0000 @@ -0,0 +1,65 @@ +/* + * SPDX-License-Identifier: ISC + * + * Copyright (c) 2009-2021 Todd C. Miller + * + * Permission to use, copy, modify, and distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR + * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN + * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF + * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + */ + +/* + * This is an open source non-commercial project. Dear PVS-Studio, please check it. + * PVS-Studio Static Code Analyzer for C, C++ and C#: http://www.viva64.com + */ + +#include + +#include +#include +#include +#ifdef HAVE_STDBOOL_H +# include +#else +# include "compat/stdbool.h" +#endif +#include + +#include "sudo_compat.h" +#include "sudo_debug.h" +#include "sudo_iolog.h" + +/* + * Create path and any intermediate directories. + * If path ends in 'XXXXXX', use mkdtemp(). + */ +bool +iolog_mkpath(char *path) +{ + size_t len; + bool ret; + debug_decl(iolog_mkpath, SUDO_DEBUG_UTIL); + + /* + * Create path and intermediate subdirs as needed. + * If path ends in at least 6 Xs (ala POSIX mktemp), use mkdtemp(). + * Sets iolog_gid (if it is not already set) as a side effect. + */ + len = strlen(path); + if (len >= 6 && strcmp(&path[len - 6], "XXXXXX") == 0) + ret = iolog_mkdtemp(path); + else + ret = iolog_mkdirs(path); + + sudo_debug_printf(SUDO_DEBUG_INFO|SUDO_DEBUG_LINENO, "iolog path %s", path); + + debug_return_bool(ret); +} diff -Nru sudo-1.9.5p2/lib/iolog/iolog_nextid.c sudo-1.9.9/lib/iolog/iolog_nextid.c --- sudo-1.9.5p2/lib/iolog/iolog_nextid.c 1970-01-01 00:00:00.000000000 +0000 +++ sudo-1.9.9/lib/iolog/iolog_nextid.c 2022-01-27 21:24:22.000000000 +0000 @@ -0,0 +1,151 @@ +/* + * SPDX-License-Identifier: ISC + * + * Copyright (c) 2009-2021 Todd C. Miller + * + * Permission to use, copy, modify, and distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR + * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN + * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF + * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + */ + +/* + * This is an open source non-commercial project. Dear PVS-Studio, please check it. + * PVS-Studio Static Code Analyzer for C, C++ and C#: http://www.viva64.com + */ + +#include + +#include +#include +#include +#ifdef HAVE_STDBOOL_H +# include +#else +# include "compat/stdbool.h" +#endif +#include +#include +#include +#include +#include + +#include "sudo_compat.h" +#include "sudo_debug.h" +#include "sudo_fatal.h" +#include "sudo_gettext.h" +#include "sudo_iolog.h" +#include "sudo_util.h" + +/* + * Read the on-disk sequence number, set sessid to the next + * number, and update the on-disk copy. + * Uses file locking to avoid sequence number collisions. + */ +bool +iolog_nextid(const char *iolog_dir, char sessid[7]) +{ + char buf[32], *ep; + int i, fd = -1; + unsigned long id = 0; + size_t len; + ssize_t nread; + bool ret = false; + char pathbuf[PATH_MAX]; + static const char b36char[] = "0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZ"; + const uid_t iolog_uid = iolog_get_uid(); + const gid_t iolog_gid = iolog_get_gid(); + debug_decl(iolog_nextid, SUDO_DEBUG_UTIL); + + /* + * Create I/O log directory if it doesn't already exist. + */ + len = strlcpy(pathbuf, iolog_dir, sizeof(pathbuf)); + if (len >= sizeof(pathbuf)) { + errno = ENAMETOOLONG; + sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_ERRNO, + "%s: %s", __func__, iolog_dir); + goto done; + } + if (!iolog_mkdirs(pathbuf)) + goto done; + + /* + * Open sequence file + */ + len = strlcat(pathbuf, "/seq", sizeof(pathbuf)); + if (len >= sizeof(pathbuf)) { + errno = ENAMETOOLONG; + sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_ERRNO, + "%s: %s/seq", __func__, iolog_dir); + goto done; + } + fd = iolog_openat(AT_FDCWD, pathbuf, O_RDWR|O_CREAT); + if (fd == -1) { + sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_ERRNO, + "%s: unable to open %s", __func__, pathbuf); + goto done; + } + if (!sudo_lock_file(fd, SUDO_LOCK)) { + sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO, + "unable to lock %s", pathbuf); + goto done; + } + if (fchown(fd, iolog_uid, iolog_gid) != 0) { + sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_ERRNO, + "%s: unable to fchown %d:%d %s", __func__, + (int)iolog_uid, (int)iolog_gid, pathbuf); + } + + /* Read current seq number (base 36). */ + nread = read(fd, buf, sizeof(buf) - 1); + if (nread != 0) { + if (nread == -1) { + goto done; + } + if (buf[nread - 1] == '\n') + nread--; + buf[nread] = '\0'; + id = strtoul(buf, &ep, 36); + if (ep == buf || *ep != '\0' || id >= iolog_get_maxseq()) { + sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO, + "%s: bad sequence number: %s", pathbuf, buf); + id = 0; + } + } + id++; + + /* + * Convert id to a string and stash in sessid. + * Note that that least significant digits go at the end of the string. + */ + for (i = 5; i >= 0; i--) { + buf[i] = b36char[id % 36]; + id /= 36; + } + buf[6] = '\n'; + + /* Stash id for logging purposes. */ + memcpy(sessid, buf, 6); + sessid[6] = '\0'; + + /* Rewind and overwrite old seq file, including the NUL byte. */ + if (pwrite(fd, buf, 7, 0) != 7) { + sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_ERRNO, + "%s: unable to write %s", __func__, pathbuf); + goto done; + } + ret = true; + +done: + if (fd != -1) + close(fd); + debug_return_bool(ret); +} diff -Nru sudo-1.9.5p2/lib/iolog/iolog_open.c sudo-1.9.9/lib/iolog/iolog_open.c --- sudo-1.9.5p2/lib/iolog/iolog_open.c 1970-01-01 00:00:00.000000000 +0000 +++ sudo-1.9.9/lib/iolog/iolog_open.c 2022-01-27 21:24:06.000000000 +0000 @@ -0,0 +1,127 @@ +/* + * SPDX-License-Identifier: ISC + * + * Copyright (c) 2009-2021 Todd C. Miller + * + * Permission to use, copy, modify, and distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR + * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN + * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF + * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + */ + +/* + * This is an open source non-commercial project. Dear PVS-Studio, please check it. + * PVS-Studio Static Code Analyzer for C, C++ and C#: http://www.viva64.com + */ + +#include + +#include +#include +#ifdef HAVE_STDBOOL_H +# include +#else +# include "compat/stdbool.h" +#endif +#include +#include +#include +#include + +#include "sudo_compat.h" +#include "sudo_debug.h" +#include "sudo_iolog.h" +#include "sudo_util.h" + +static unsigned char const gzip_magic[2] = {0x1f, 0x8b}; + +/* + * Open the specified I/O log file and store in iol. + * Stores the open file handle which has the close-on-exec flag set. + */ +bool +iolog_open(struct iolog_file *iol, int dfd, int iofd, const char *mode) +{ + int flags; + const char *file; + unsigned char magic[2]; + const uid_t iolog_uid = iolog_get_uid(); + const gid_t iolog_gid = iolog_get_gid(); + debug_decl(iolog_open, SUDO_DEBUG_UTIL); + + if (mode[0] == 'r') { + flags = mode[1] == '+' ? O_RDWR : O_RDONLY; + } else if (mode[0] == 'w') { + flags = O_CREAT|O_TRUNC; + flags |= mode[1] == '+' ? O_RDWR : O_WRONLY; + } else { + sudo_debug_printf(SUDO_DEBUG_ERROR, + "%s: invalid I/O mode %s", __func__, mode); + debug_return_bool(false); + } + if ((file = iolog_fd_to_name(iofd)) == NULL) { + sudo_debug_printf(SUDO_DEBUG_ERROR, + "%s: invalid iofd %d", __func__, iofd); + debug_return_bool(false); + } + + iol->writable = false; + iol->compressed = false; + if (iol->enabled) { + int fd = iolog_openat(dfd, file, flags); + if (fd != -1) { + if (*mode == 'w') { + if (fchown(fd, iolog_uid, iolog_gid) != 0) { + sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_ERRNO, + "%s: unable to fchown %d:%d %s", __func__, + (int)iolog_uid, (int)iolog_gid, file); + } + iol->compressed = iolog_get_compress(); + } else { + /* check for gzip magic number */ + if (pread(fd, magic, sizeof(magic), 0) == ssizeof(magic)) { + if (magic[0] == gzip_magic[0] && magic[1] == gzip_magic[1]) + iol->compressed = true; + } + } + if (fcntl(fd, F_SETFD, FD_CLOEXEC) != -1) { +#ifdef HAVE_ZLIB_H + if (iol->compressed) + iol->fd.g = gzdopen(fd, mode); + else +#endif + iol->fd.f = fdopen(fd, mode); + } + if (iol->fd.v != NULL) { + switch ((flags & O_ACCMODE)) { + case O_WRONLY: + case O_RDWR: + iol->writable = true; + break; + } + } else { + int save_errno = errno; + close(fd); + errno = save_errno; + fd = -1; + } + } + if (fd == -1) { + iol->enabled = false; + debug_return_bool(false); + } + } else { + if (*mode == 'w') { + /* Remove old log file in case we recycled sequence numbers. */ + (void)unlinkat(dfd, file, 0); + } + } + debug_return_bool(true); +} diff -Nru sudo-1.9.5p2/lib/iolog/iolog_openat.c sudo-1.9.9/lib/iolog/iolog_openat.c --- sudo-1.9.5p2/lib/iolog/iolog_openat.c 1970-01-01 00:00:00.000000000 +0000 +++ sudo-1.9.9/lib/iolog/iolog_openat.c 2022-01-27 21:24:06.000000000 +0000 @@ -0,0 +1,90 @@ +/* + * SPDX-License-Identifier: ISC + * + * Copyright (c) 2009-2021 Todd C. Miller + * + * Permission to use, copy, modify, and distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR + * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN + * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF + * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + */ + +/* + * This is an open source non-commercial project. Dear PVS-Studio, please check it. + * PVS-Studio Static Code Analyzer for C, C++ and C#: http://www.viva64.com + */ + +#include + +#include +#include +#include +#ifdef HAVE_STDBOOL_H +# include +#else +# include "compat/stdbool.h" +#endif +#include +#include +#include + +#include "sudo_compat.h" +#include "sudo_debug.h" +#include "sudo_fatal.h" +#include "sudo_gettext.h" +#include "sudo_iolog.h" +#include "sudo_util.h" + +/* + * Wrapper for openat(2) that sets umask and retries as iolog_uid/iolog_gid + * if openat(2) returns EACCES. + */ +int +iolog_openat(int dfd, const char *path, int flags) +{ + const mode_t iolog_filemode = iolog_get_file_mode(); + const mode_t iolog_dirmode = iolog_get_dir_mode(); + mode_t omask = S_IRWXG|S_IRWXO; + int fd; + debug_decl(iolog_openat, SUDO_DEBUG_UTIL); + + if (ISSET(flags, O_CREAT)) { + /* umask must not be more restrictive than the file modes. */ + omask = umask(ACCESSPERMS & ~(iolog_filemode|iolog_dirmode)); + } + fd = openat(dfd, path, flags, iolog_filemode); + if (fd == -1 && errno == EACCES) { + /* Enable write bit if it is missing. */ + struct stat sb; + if (fstatat(dfd, path, &sb, 0) == 0) { + mode_t write_bits = iolog_filemode & (S_IWUSR|S_IWGRP|S_IWOTH); + if ((sb.st_mode & write_bits) != write_bits) { + if (fchmodat(dfd, path, iolog_filemode, 0) == 0) + fd = openat(dfd, path, flags, iolog_filemode); + } + } + } + if (fd == -1 && errno == EACCES) { + /* Try again as the I/O log owner (for NFS). */ + if (iolog_swapids(false)) { + fd = openat(dfd, path, flags, iolog_filemode); + if (!iolog_swapids(true)) { + /* iolog_swapids() warns on error. */ + if (fd != -1) { + close(fd); + fd = -1; + } + } + } + } + if (ISSET(flags, O_CREAT)) + umask(omask); + debug_return_int(fd); +} diff -Nru sudo-1.9.5p2/lib/iolog/iolog_path.c sudo-1.9.9/lib/iolog/iolog_path.c --- sudo-1.9.5p2/lib/iolog/iolog_path.c 2020-12-17 01:33:43.000000000 +0000 +++ sudo-1.9.9/lib/iolog/iolog_path.c 2022-01-27 21:24:22.000000000 +0000 @@ -103,16 +103,16 @@ /* Expand strftime escapes as needed. */ if (strfit) { + struct tm tm; time_t now; - struct tm *timeptr; time(&now); - if ((timeptr = localtime(&now)) == NULL) + if (localtime_r(&now, &tm) == NULL) goto bad; /* We only call strftime() on the current part of the buffer. */ tmpbuf[sizeof(tmpbuf) - 1] = '\0'; - len = strftime(tmpbuf, sizeof(tmpbuf), path, timeptr); + len = strftime(tmpbuf, sizeof(tmpbuf), path, &tm); if (len == 0 || tmpbuf[sizeof(tmpbuf) - 1] != '\0') goto bad; /* strftime() failed, buf too small? */ diff -Nru sudo-1.9.5p2/lib/iolog/iolog_read.c sudo-1.9.9/lib/iolog/iolog_read.c --- sudo-1.9.5p2/lib/iolog/iolog_read.c 1970-01-01 00:00:00.000000000 +0000 +++ sudo-1.9.9/lib/iolog/iolog_read.c 2022-01-27 21:24:06.000000000 +0000 @@ -0,0 +1,79 @@ +/* + * SPDX-License-Identifier: ISC + * + * Copyright (c) 2009-2021 Todd C. Miller + * + * Permission to use, copy, modify, and distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR + * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN + * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF + * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + */ + +/* + * This is an open source non-commercial project. Dear PVS-Studio, please check it. + * PVS-Studio Static Code Analyzer for C, C++ and C#: http://www.viva64.com + */ + +#include + +#include +#ifdef HAVE_STDBOOL_H +# include +#else +# include "compat/stdbool.h" +#endif +#include +#include +#include +#include + +#include "sudo_compat.h" +#include "sudo_debug.h" +#include "sudo_iolog.h" + +/* + * Read from a (possibly compressed) I/O log file. + */ +ssize_t +iolog_read(struct iolog_file *iol, void *buf, size_t nbytes, + const char **errstr) +{ + ssize_t nread; + debug_decl(iolog_read, SUDO_DEBUG_UTIL); + + if (nbytes > UINT_MAX) { + errno = EINVAL; + if (errstr != NULL) + *errstr = strerror(errno); + debug_return_ssize_t(-1); + } + +#ifdef HAVE_ZLIB_H + if (iol->compressed) { + if ((nread = gzread(iol->fd.g, buf, nbytes)) == -1) { + if (errstr != NULL) { + int errnum; + *errstr = gzerror(iol->fd.g, &errnum); + if (errnum == Z_ERRNO) + *errstr = strerror(errno); + } + } + } else +#endif + { + nread = (ssize_t)fread(buf, 1, nbytes, iol->fd.f); + if (nread == 0 && ferror(iol->fd.f)) { + nread = -1; + if (errstr != NULL) + *errstr = strerror(errno); + } + } + debug_return_ssize_t(nread); +} diff -Nru sudo-1.9.5p2/lib/iolog/iolog_seek.c sudo-1.9.9/lib/iolog/iolog_seek.c --- sudo-1.9.5p2/lib/iolog/iolog_seek.c 1970-01-01 00:00:00.000000000 +0000 +++ sudo-1.9.9/lib/iolog/iolog_seek.c 2022-01-27 21:24:06.000000000 +0000 @@ -0,0 +1,69 @@ +/* + * SPDX-License-Identifier: ISC + * + * Copyright (c) 2009-2021 Todd C. Miller + * + * Permission to use, copy, modify, and distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR + * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN + * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF + * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + */ + +/* + * This is an open source non-commercial project. Dear PVS-Studio, please check it. + * PVS-Studio Static Code Analyzer for C, C++ and C#: http://www.viva64.com + */ + +#include + +#include +#include + +#include "sudo_compat.h" +#include "sudo_debug.h" +#include "sudo_iolog.h" + +/* + * I/O log wrapper for fseek/gzseek. + */ +off_t +iolog_seek(struct iolog_file *iol, off_t offset, int whence) +{ + off_t ret; + //debug_decl(iolog_seek, SUDO_DEBUG_UTIL); + +#ifdef HAVE_ZLIB_H + if (iol->compressed) + ret = gzseek(iol->fd.g, offset, whence); + else +#endif + ret = fseeko(iol->fd.f, offset, whence); + + //debug_return_off_t(ret); + return ret; +} + +/* + * I/O log wrapper for rewind/gzrewind. + */ +void +iolog_rewind(struct iolog_file *iol) +{ + debug_decl(iolog_rewind, SUDO_DEBUG_UTIL); + +#ifdef HAVE_ZLIB_H + if (iol->compressed) + (void)gzrewind(iol->fd.g); + else +#endif + rewind(iol->fd.f); + + debug_return; +} diff -Nru sudo-1.9.5p2/lib/iolog/iolog_swapids.c sudo-1.9.9/lib/iolog/iolog_swapids.c --- sudo-1.9.5p2/lib/iolog/iolog_swapids.c 1970-01-01 00:00:00.000000000 +0000 +++ sudo-1.9.9/lib/iolog/iolog_swapids.c 2022-01-27 21:24:06.000000000 +0000 @@ -0,0 +1,95 @@ +/* + * SPDX-License-Identifier: ISC + * + * Copyright (c) 2009-2021 Todd C. Miller + * + * Permission to use, copy, modify, and distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR + * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN + * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF + * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + */ + +/* + * This is an open source non-commercial project. Dear PVS-Studio, please check it. + * PVS-Studio Static Code Analyzer for C, C++ and C#: http://www.viva64.com + */ + +#include + +#include +#include +#ifdef HAVE_STDBOOL_H +# include +#else +# include "compat/stdbool.h" +#endif +#include +#include + +#include "sudo_compat.h" +#include "sudo_debug.h" +#include "sudo_fatal.h" +#include "sudo_gettext.h" +#include "sudo_iolog.h" + +/* + * Set effective user and group-IDs to iolog_uid and iolog_gid. + * If restore flag is set, swap them back. + */ +bool +iolog_swapids(bool restore) +{ +#ifdef HAVE_SETEUID + static uid_t user_euid = (uid_t)-1; + static gid_t user_egid = (gid_t)-1; + const uid_t iolog_uid = iolog_get_uid(); + const gid_t iolog_gid = iolog_get_gid(); + debug_decl(io_swapids, SUDO_DEBUG_UTIL); + + if (user_euid == (uid_t)-1) + user_euid = geteuid(); + if (user_egid == (gid_t)-1) + user_egid = getegid(); + + if (restore) { + if (seteuid(user_euid) == -1) { + sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_ERRNO, + "%s: unable to restore effective uid to %d", __func__, + (int)user_euid); + sudo_warn("seteuid() %d -> %d", (int)iolog_uid, (int)user_euid); + debug_return_bool(false); + } + if (setegid(user_egid) == -1) { + sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_ERRNO, + "%s: unable to restore effective gid to %d", __func__, + (int)user_egid); + sudo_warn("setegid() %d -> %d", (int)iolog_gid, (int)user_egid); + debug_return_bool(false); + } + } else { + /* Fail silently if the user has insufficient privileges. */ + if (setegid(iolog_gid) == -1) { + sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_ERRNO, + "%s: unable to set effective gid to %d", __func__, + (int)iolog_gid); + debug_return_bool(false); + } + if (seteuid(iolog_uid) == -1) { + sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_ERRNO, + "%s: unable to set effective uid to %d", __func__, + (int)iolog_uid); + debug_return_bool(false); + } + } + debug_return_bool(true); +#else + return false; +#endif +} diff -Nru sudo-1.9.5p2/lib/iolog/iolog_timing.c sudo-1.9.9/lib/iolog/iolog_timing.c --- sudo-1.9.5p2/lib/iolog/iolog_timing.c 1970-01-01 00:00:00.000000000 +0000 +++ sudo-1.9.9/lib/iolog/iolog_timing.c 2022-01-27 21:24:06.000000000 +0000 @@ -0,0 +1,273 @@ +/* + * SPDX-License-Identifier: ISC + * + * Copyright (c) 2009-2020 Todd C. Miller + * + * Permission to use, copy, modify, and distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR + * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN + * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF + * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + */ + +/* + * This is an open source non-commercial project. Dear PVS-Studio, please check it. + * PVS-Studio Static Code Analyzer for C, C++ and C#: http://www.viva64.com + */ + +#include + +#include +#include +#ifdef HAVE_STDBOOL_H +# include +#else +# include "compat/stdbool.h" +#endif /* HAVE_STDBOOL_H */ +#include +#include +#include +#include +#include +#include +#include +#include + +#include "sudo_compat.h" +#include "sudo_debug.h" +#include "sudo_eventlog.h" +#include "sudo_fatal.h" +#include "sudo_gettext.h" +#include "sudo_iolog.h" +#include "sudo_util.h" + +static int timing_event_adj; + +void +iolog_adjust_delay(struct timespec *delay, struct timespec *max_delay, + double scale_factor) +{ + double seconds; + debug_decl(iolog_adjust_delay, SUDO_DEBUG_UTIL); + + if (scale_factor != 1.0) { + /* Order is important: we don't want to double the remainder. */ + seconds = (double)delay->tv_sec / scale_factor; + delay->tv_sec = (time_t)seconds; + delay->tv_nsec /= scale_factor; + delay->tv_nsec += (seconds - delay->tv_sec) * 1000000000; + while (delay->tv_nsec >= 1000000000) { + delay->tv_sec++; + delay->tv_nsec -= 1000000000; + } + } + + /* Clamp to max delay. */ + if (max_delay != NULL) { + if (sudo_timespeccmp(delay, max_delay, >)) { + delay->tv_sec = max_delay->tv_sec; + delay->tv_nsec = max_delay->tv_nsec; + } + } + + debug_return; +} + +/* + * Parse the delay as seconds and nanoseconds: %lld.%09ld + * Sudo used to write this as a double, but since timing data is logged + * in the C locale this may not match the current locale. + */ +char * +iolog_parse_delay(const char *cp, struct timespec *delay, + const char *decimal_point) +{ + char numbuf[(((sizeof(long long) * 8) + 2) / 3) + 2]; + const char *errstr, *ep; + long long llval; + size_t len; + debug_decl(iolog_parse_delay, SUDO_DEBUG_UTIL); + + /* Parse seconds (whole number portion). */ + for (ep = cp; isdigit((unsigned char)*ep); ep++) + continue; + len = (size_t)(ep - cp); + if (len >= sizeof(numbuf)) { + sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO, + "%s: number of seconds is too large", cp); + debug_return_ptr(NULL); + } + memcpy(numbuf, cp, len); + numbuf[len] = '\0'; + delay->tv_sec = sudo_strtonum(numbuf, 0, TIME_T_MAX, &errstr); + if (errstr != NULL) { + sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO, + "%s: number of seconds is %s", numbuf, errstr); + debug_return_ptr(NULL); + } + + /* Radix may be in user's locale for sudo < 1.7.4 so accept that too. */ + if (*ep != '.' && *ep != *decimal_point) { + if (*ep == '\0' || isspace((unsigned char)*ep)) { + /* No fractional part. */ + delay->tv_nsec = 0; + goto done; + } + sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO, + "invalid characters after seconds: %s", ep); + debug_return_ptr(NULL); + } + cp = ep + 1; + + /* Parse fractional part, we may read more precision than we can store. */ + for (ep = cp; isdigit((unsigned char)*ep); ep++) + continue; + len = (size_t)(ep - cp); + if (len >= sizeof(numbuf)) { + sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO, + "%s: number of nanoseconds is too large", cp); + debug_return_ptr(NULL); + } + memcpy(numbuf, cp, len); + numbuf[len] = '\0'; + llval = sudo_strtonum(numbuf, 0, LLONG_MAX, &errstr); + if (errstr != NULL) { + sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO, + "%s: number of nanoseconds is %s", numbuf, errstr); + debug_return_ptr(NULL); + } + + /* Adjust fractional part to nanosecond precision. */ + if (len < 9) { + /* Convert to nanosecond precision. */ + do { + llval *= 10; + } while (++len < 9); + } else if (len > 9) { + /* Clamp to nanoseconds. */ + do { + llval /= 10; + } while (--len > 9); + } + delay->tv_nsec = (long)llval; + +done: + /* Advance to the next field. */ + while (isspace((unsigned char)*ep)) + ep++; + + debug_return_str((char *)ep); +} + +/* + * Parse a timing line, which is formatted as: + * IO_EVENT_TTYOUT sleep_time num_bytes + * IO_EVENT_WINSIZE sleep_time lines cols + * IO_EVENT_SUSPEND sleep_time signo + * Where type is IO_EVENT_*, sleep_time is the number of seconds to sleep + * before writing the data and num_bytes is the number of bytes to output. + * Returns true on success and false on failure. + */ +bool +iolog_parse_timing(const char *line, struct timing_closure *timing) +{ + unsigned long ulval; + char *cp, *ep; + debug_decl(iolog_parse_timing, SUDO_DEBUG_UTIL); + + /* Clear iolog descriptor. */ + timing->iol = NULL; + + /* Parse event type. */ + ulval = strtoul(line, &ep, 10); + if (ep == line || !isspace((unsigned char) *ep)) + goto bad; + if (ulval >= IO_EVENT_COUNT) + goto bad; + if (ulval == IO_EVENT_TTYOUT_1_8_7) { + /* work around a bug in timing files generated by sudo 1.8.7 */ + timing_event_adj = 2; + } + timing->event = (int)ulval - timing_event_adj; + for (cp = ep + 1; isspace((unsigned char) *cp); cp++) + continue; + + /* Parse delay, returns the next field or NULL on error. */ + if ((cp = iolog_parse_delay(cp, &timing->delay, timing->decimal)) == NULL) + goto bad; + + switch (timing->event) { + case IO_EVENT_SUSPEND: + /* Signal name (no leading SIG prefix) or number. */ + if (str2sig(cp, &timing->u.signo) == -1) + goto bad; + break; + case IO_EVENT_WINSIZE: + ulval = strtoul(cp, &ep, 10); + if (ep == cp || !isspace((unsigned char) *ep)) + goto bad; + if (ulval > INT_MAX) + goto bad; + timing->u.winsize.lines = (int)ulval; + for (cp = ep + 1; isspace((unsigned char) *cp); cp++) + continue; + + ulval = strtoul(cp, &ep, 10); + if (ep == cp || *ep != '\0') + goto bad; + if (ulval > INT_MAX) + goto bad; + timing->u.winsize.cols = (int)ulval; + break; + default: + errno = 0; + ulval = strtoul(cp, &ep, 10); + if (ep == cp || *ep != '\0') + goto bad; + /* Note: assumes SIZE_MAX == ULONG_MAX */ + if (errno == ERANGE && ulval == ULONG_MAX) + goto bad; + timing->u.nbytes = (size_t)ulval; + break; + } + + debug_return_bool(true); +bad: + debug_return_bool(false); +} + +/* + * Read the next record from the timing file. + * Return 0 on success, 1 on EOF and -1 on error. + */ +int +iolog_read_timing_record(struct iolog_file *iol, struct timing_closure *timing) +{ + char line[LINE_MAX]; + const char *errstr; + debug_decl(iolog_read_timing_record, SUDO_DEBUG_UTIL); + + /* Read next record from timing file. */ + if (iolog_gets(iol, line, sizeof(line), &errstr) == NULL) { + /* EOF or error reading timing file, we are done. */ + if (iolog_eof(iol)) + debug_return_int(1); + sudo_warnx(U_("error reading timing file: %s"), errstr); + debug_return_int(-1); + } + + /* Parse timing file record. */ + line[strcspn(line, "\n")] = '\0'; + if (!iolog_parse_timing(line, timing)) { + sudo_warnx(U_("invalid timing file line: %s"), line); + debug_return_int(-1); + } + + debug_return_int(0); +} diff -Nru sudo-1.9.5p2/lib/iolog/iolog_util.c sudo-1.9.9/lib/iolog/iolog_util.c --- sudo-1.9.5p2/lib/iolog/iolog_util.c 2020-12-17 01:33:43.000000000 +0000 +++ sudo-1.9.9/lib/iolog/iolog_util.c 2022-01-27 21:24:06.000000000 +0000 @@ -1,7 +1,7 @@ /* * SPDX-License-Identifier: ISC * - * Copyright (c) 2009-2020 Todd C. Miller + * Copyright (c) 2009-2021 Todd C. Miller * * Permission to use, copy, modify, and distribute this software for any * purpose with or without fee is hereby granted, provided that the above @@ -29,403 +29,46 @@ # include #else # include "compat/stdbool.h" -#endif /* HAVE_STDBOOL_H */ -#include -#include -#include -#include -#include -#include -#include +#endif #include #include "sudo_compat.h" #include "sudo_debug.h" -#include "sudo_eventlog.h" -#include "sudo_fatal.h" -#include "sudo_gettext.h" #include "sudo_iolog.h" -#include "sudo_util.h" - -static int timing_event_adj; - -static bool -iolog_parse_loginfo_legacy(FILE *fp, const char *iolog_dir, - struct eventlog *evlog) -{ - char *buf = NULL, *cp, *ep; - const char *errstr; - size_t bufsize = 0, cwdsize = 0, cmdsize = 0; - bool ret = false; - debug_decl(iolog_parse_loginfo_legacy, SUDO_DEBUG_UTIL); - - /* - * Info file has three lines: - * 1) a log info line - * 2) cwd - * 3) command with args - */ - if (getdelim(&buf, &bufsize, '\n', fp) == -1 || - getdelim(&evlog->cwd, &cwdsize, '\n', fp) == -1 || - getdelim(&evlog->command, &cmdsize, '\n', fp) == -1) { - sudo_warn(U_("%s: invalid log file"), iolog_dir); - goto done; - } - - /* Strip the newline from the cwd and command. */ - evlog->cwd[strcspn(evlog->cwd, "\n")] = '\0'; - evlog->command[strcspn(evlog->command, "\n")] = '\0'; - - /* - * Crack the log line (lines and cols not present in old versions). - * timestamp:user:runas_user:runas_group:tty:lines:cols - * XXX - probably better to use strtok and switch on the state. - */ - buf[strcspn(buf, "\n")] = '\0'; - cp = buf; - - /* timestamp */ - if ((ep = strchr(cp, ':')) == NULL) { - sudo_warn(U_("%s: time stamp field is missing"), iolog_dir); - goto done; - } - *ep = '\0'; - evlog->submit_time.tv_sec = sudo_strtonum(cp, 0, TIME_T_MAX, &errstr); - if (errstr != NULL) { - sudo_warn(U_("%s: time stamp %s: %s"), iolog_dir, cp, errstr); - goto done; - } - - /* submit user */ - cp = ep + 1; - if ((ep = strchr(cp, ':')) == NULL) { - sudo_warn(U_("%s: user field is missing"), iolog_dir); - goto done; - } - if ((evlog->submituser = strndup(cp, (size_t)(ep - cp))) == NULL) - sudo_fatalx(U_("%s: %s"), __func__, U_("unable to allocate memory")); - - /* runas user */ - cp = ep + 1; - if ((ep = strchr(cp, ':')) == NULL) { - sudo_warn(U_("%s: runas user field is missing"), iolog_dir); - goto done; - } - if ((evlog->runuser = strndup(cp, (size_t)(ep - cp))) == NULL) - sudo_fatalx(U_("%s: %s"), __func__, U_("unable to allocate memory")); - - /* runas group */ - cp = ep + 1; - if ((ep = strchr(cp, ':')) == NULL) { - sudo_warn(U_("%s: runas group field is missing"), iolog_dir); - goto done; - } - if (cp != ep) { - if ((evlog->rungroup = strndup(cp, (size_t)(ep - cp))) == NULL) - sudo_fatalx(U_("%s: %s"), __func__, U_("unable to allocate memory")); - } - - /* tty, followed by optional lines + cols */ - cp = ep + 1; - if ((ep = strchr(cp, ':')) == NULL) { - /* just the tty */ - if ((evlog->ttyname = strdup(cp)) == NULL) - sudo_fatalx(U_("%s: %s"), __func__, U_("unable to allocate memory")); - } else { - /* tty followed by lines + cols */ - if ((evlog->ttyname = strndup(cp, (size_t)(ep - cp))) == NULL) - sudo_fatalx(U_("%s: %s"), __func__, U_("unable to allocate memory")); - cp = ep + 1; - /* need to NULL out separator to use sudo_strtonum() */ - /* XXX - use sudo_strtonumx */ - if ((ep = strchr(cp, ':')) != NULL) { - *ep = '\0'; - } - evlog->lines = sudo_strtonum(cp, 1, INT_MAX, &errstr); - if (errstr != NULL) { - sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO, - "%s: tty lines %s: %s", iolog_dir, cp, errstr); - } - if (ep != NULL) { - cp = ep + 1; - evlog->columns = sudo_strtonum(cp, 1, INT_MAX, &errstr); - if (errstr != NULL) { - sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO, - "%s: tty cols %s: %s", iolog_dir, cp, errstr); - } - } - } - - ret = true; - -done: - free(buf); - debug_return_bool(ret); -} - -struct eventlog * -iolog_parse_loginfo(int dfd, const char *iolog_dir) -{ - struct eventlog *evlog = NULL; - FILE *fp = NULL; - int fd = -1; - int tmpfd = -1; - bool ok, legacy = false; - debug_decl(iolog_parse_loginfo, SUDO_DEBUG_UTIL); - - if (dfd == -1) { - if ((tmpfd = open(iolog_dir, O_RDONLY)) == -1) { - sudo_warn("%s", iolog_dir); - goto bad; - } - dfd = tmpfd; - } - if ((fd = openat(dfd, "log.json", O_RDONLY, 0)) == -1) { - fd = openat(dfd, "log", O_RDONLY, 0); - legacy = true; - } - if (tmpfd != -1) - close(tmpfd); - if (fd == -1 || (fp = fdopen(fd, "r")) == NULL) { - sudo_warn("%s/log", iolog_dir); - goto bad; - } - fd = -1; - - if ((evlog = calloc(1, sizeof(*evlog))) == NULL) - sudo_fatalx(U_("%s: %s"), __func__, U_("unable to allocate memory")); - evlog->runuid = (uid_t)-1; - evlog->rungid = (gid_t)-1; - - ok = legacy ? iolog_parse_loginfo_legacy(fp, iolog_dir, evlog) : - iolog_parse_loginfo_json(fp, iolog_dir, evlog); - if (ok) { - fclose(fp); - debug_return_ptr(evlog); - } - -bad: - if (fd != -1) - close(fd); - if (fp != NULL) - fclose(fp); - eventlog_free(evlog); - debug_return_ptr(NULL); -} - -void -iolog_adjust_delay(struct timespec *delay, struct timespec *max_delay, - double scale_factor) -{ - double seconds; - debug_decl(iolog_adjust_delay, SUDO_DEBUG_UTIL); - - if (scale_factor != 1.0) { - /* Order is important: we don't want to double the remainder. */ - seconds = (double)delay->tv_sec / scale_factor; - delay->tv_sec = (time_t)seconds; - delay->tv_nsec /= scale_factor; - delay->tv_nsec += (seconds - delay->tv_sec) * 1000000000; - while (delay->tv_nsec >= 1000000000) { - delay->tv_sec++; - delay->tv_nsec -= 1000000000; - } - } - - /* Clamp to max delay. */ - if (max_delay != NULL) { - if (sudo_timespeccmp(delay, max_delay, >)) { - delay->tv_sec = max_delay->tv_sec; - delay->tv_nsec = max_delay->tv_nsec; - } - } - - debug_return; -} - -/* - * Parse the delay as seconds and nanoseconds: %lld.%09ld - * Sudo used to write this as a double, but since timing data is logged - * in the C locale this may not match the current locale. - */ -char * -iolog_parse_delay(const char *cp, struct timespec *delay, - const char *decimal_point) -{ - char numbuf[(((sizeof(long long) * 8) + 2) / 3) + 2]; - const char *errstr, *ep; - long long llval; - size_t len; - debug_decl(iolog_parse_delay, SUDO_DEBUG_UTIL); - - /* Parse seconds (whole number portion). */ - for (ep = cp; isdigit((unsigned char)*ep); ep++) - continue; - len = (size_t)(ep - cp); - if (len >= sizeof(numbuf)) { - sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO, - "%s: number of seconds is too large", cp); - debug_return_ptr(NULL); - } - memcpy(numbuf, cp, len); - numbuf[len] = '\0'; - delay->tv_sec = sudo_strtonum(numbuf, 0, TIME_T_MAX, &errstr); - if (errstr != NULL) { - sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO, - "%s: number of seconds is %s", numbuf, errstr); - debug_return_ptr(NULL); - } - - /* Radix may be in user's locale for sudo < 1.7.4 so accept that too. */ - if (*ep != '.' && *ep != *decimal_point) { - sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO, - "invalid characters after seconds: %s", ep); - debug_return_ptr(NULL); - } - cp = ep + 1; - - /* Parse fractional part, we may read more precision than we can store. */ - for (ep = cp; isdigit((unsigned char)*ep); ep++) - continue; - len = (size_t)(ep - cp); - if (len >= sizeof(numbuf)) { - sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO, - "%s: number of nanoseconds is too large", cp); - debug_return_ptr(NULL); - } - memcpy(numbuf, cp, len); - numbuf[len] = '\0'; - llval = sudo_strtonum(numbuf, 0, LLONG_MAX, &errstr); - if (errstr != NULL) { - sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO, - "%s: number of nanoseconds is %s", numbuf, errstr); - debug_return_ptr(NULL); - } - - /* Adjust fractional part to nanosecond precision. */ - if (len < 9) { - /* Convert to nanosecond precision. */ - do { - llval *= 10; - } while (++len < 9); - } else if (len > 9) { - /* Clamp to nanoseconds. */ - do { - llval /= 10; - } while (--len > 9); - } - delay->tv_nsec = (long)llval; - - /* Advance to the next field. */ - while (isspace((unsigned char)*ep)) - ep++; - - debug_return_str((char *)ep); -} /* - * Parse a timing line, which is formatted as: - * IO_EVENT_TTYOUT sleep_time num_bytes - * IO_EVENT_WINSIZE sleep_time lines cols - * IO_EVENT_SUSPEND sleep_time signo - * Where type is IO_EVENT_*, sleep_time is the number of seconds to sleep - * before writing the data and num_bytes is the number of bytes to output. - * Returns true on success and false on failure. + * Map IOFD_* -> name. */ -bool -iolog_parse_timing(const char *line, struct timing_closure *timing) +const char * +iolog_fd_to_name(int iofd) { - unsigned long ulval; - char *cp, *ep; - debug_decl(iolog_parse_timing, SUDO_DEBUG_UTIL); - - /* Clear iolog descriptor. */ - timing->iol = NULL; + const char *ret; + debug_decl(iolog_fd_to_name, SUDO_DEBUG_UTIL); - /* Parse event type. */ - ulval = strtoul(line, &ep, 10); - if (ep == line || !isspace((unsigned char) *ep)) - goto bad; - if (ulval >= IO_EVENT_COUNT) - goto bad; - if (ulval == IO_EVENT_TTYOUT_1_8_7) { - /* work around a bug in timing files generated by sudo 1.8.7 */ - timing_event_adj = 2; - } - timing->event = (int)ulval - timing_event_adj; - for (cp = ep + 1; isspace((unsigned char) *cp); cp++) - continue; - - /* Parse delay, returns the next field or NULL on error. */ - if ((cp = iolog_parse_delay(cp, &timing->delay, timing->decimal)) == NULL) - goto bad; - - switch (timing->event) { - case IO_EVENT_SUSPEND: - /* Signal name (no leading SIG prefix) or number. */ - if (str2sig(cp, &timing->u.signo) == -1) - goto bad; + switch (iofd) { + case IOFD_STDIN: + ret = "stdin"; break; - case IO_EVENT_WINSIZE: - ulval = strtoul(cp, &ep, 10); - if (ep == cp || !isspace((unsigned char) *ep)) - goto bad; - if (ulval > INT_MAX) - goto bad; - timing->u.winsize.lines = (int)ulval; - for (cp = ep + 1; isspace((unsigned char) *cp); cp++) - continue; - - ulval = strtoul(cp, &ep, 10); - if (ep == cp || *ep != '\0') - goto bad; - if (ulval > INT_MAX) - goto bad; - timing->u.winsize.cols = (int)ulval; + case IOFD_STDOUT: + ret = "stdout"; + break; + case IOFD_STDERR: + ret = "stderr"; + break; + case IOFD_TTYIN: + ret = "ttyin"; + break; + case IOFD_TTYOUT: + ret = "ttyout"; + break; + case IOFD_TIMING: + ret = "timing"; break; default: - errno = 0; - ulval = strtoul(cp, &ep, 10); - if (ep == cp || *ep != '\0') - goto bad; - /* Note: assumes SIZE_MAX == ULONG_MAX */ - if (errno == ERANGE && ulval == ULONG_MAX) - goto bad; - timing->u.nbytes = (size_t)ulval; + ret = "unknown"; + sudo_debug_printf(SUDO_DEBUG_ERROR, "%s: unexpected iofd %d", + __func__, iofd); break; } - - debug_return_bool(true); -bad: - debug_return_bool(false); -} - -/* - * Read the next record from the timing file. - * Return 0 on success, 1 on EOF and -1 on error. - */ -int -iolog_read_timing_record(struct iolog_file *iol, struct timing_closure *timing) -{ - char line[LINE_MAX]; - const char *errstr; - debug_decl(iolog_read_timing_record, SUDO_DEBUG_UTIL); - - /* Read next record from timing file. */ - if (iolog_gets(iol, line, sizeof(line), &errstr) == NULL) { - /* EOF or error reading timing file, we are done. */ - if (iolog_eof(iol)) - debug_return_int(1); - sudo_warnx(U_("error reading timing file: %s"), errstr); - debug_return_int(-1); - } - - /* Parse timing file record. */ - line[strcspn(line, "\n")] = '\0'; - if (!iolog_parse_timing(line, timing)) { - sudo_warnx(U_("invalid timing file line: %s"), line); - debug_return_int(-1); - } - - debug_return_int(0); + debug_return_const_str(ret); } diff -Nru sudo-1.9.5p2/lib/iolog/iolog_write.c sudo-1.9.9/lib/iolog/iolog_write.c --- sudo-1.9.5p2/lib/iolog/iolog_write.c 1970-01-01 00:00:00.000000000 +0000 +++ sudo-1.9.9/lib/iolog/iolog_write.c 2022-01-27 21:24:06.000000000 +0000 @@ -0,0 +1,105 @@ +/* + * SPDX-License-Identifier: ISC + * + * Copyright (c) 2009-2021 Todd C. Miller + * + * Permission to use, copy, modify, and distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR + * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN + * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF + * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + */ + +/* + * This is an open source non-commercial project. Dear PVS-Studio, please check it. + * PVS-Studio Static Code Analyzer for C, C++ and C#: http://www.viva64.com + */ + +#include + +#include +#ifdef HAVE_STDBOOL_H +# include +#else +# include "compat/stdbool.h" +#endif +#include +#include +#include +#include + +#include "sudo_compat.h" +#include "sudo_debug.h" +#include "sudo_iolog.h" + +/* + * Write to an I/O log, optionally compressing. + */ +ssize_t +iolog_write(struct iolog_file *iol, const void *buf, size_t len, + const char **errstr) +{ + ssize_t ret; + debug_decl(iolog_write, SUDO_DEBUG_UTIL); + + if (len > UINT_MAX) { + errno = EINVAL; + if (errstr != NULL) + *errstr = strerror(errno); + debug_return_ssize_t(-1); + } + +#ifdef HAVE_ZLIB_H + if (iol->compressed) { + int errnum; + + ret = gzwrite(iol->fd.g, (const voidp)buf, len); + if (ret == 0) { + ret = -1; + if (errstr != NULL) { + *errstr = gzerror(iol->fd.g, &errnum); + if (errnum == Z_ERRNO) + *errstr = strerror(errno); + } + goto done; + } + if (iolog_get_flush()) { + if (gzflush(iol->fd.g, Z_SYNC_FLUSH) != Z_OK) { + ret = -1; + if (errstr != NULL) { + *errstr = gzerror(iol->fd.g, &errnum); + if (errnum == Z_ERRNO) + *errstr = strerror(errno); + } + goto done; + } + } + } else +#endif + { + ret = fwrite(buf, 1, len, iol->fd.f); + if (ret == 0) { + ret = -1; + if (errstr != NULL) + *errstr = strerror(errno); + goto done; + } + if (iolog_get_flush()) { + if (fflush(iol->fd.f) != 0) { + ret = -1; + if (errstr != NULL) + *errstr = strerror(errno); + goto done; + } + } + } + +done: + debug_return_ssize_t(ret); +} diff -Nru sudo-1.9.5p2/lib/iolog/regress/corpus/seed/log_json/id.json sudo-1.9.9/lib/iolog/regress/corpus/seed/log_json/id.json --- sudo-1.9.5p2/lib/iolog/regress/corpus/seed/log_json/id.json 1970-01-01 00:00:00.000000000 +0000 +++ sudo-1.9.9/lib/iolog/regress/corpus/seed/log_json/id.json 2022-01-27 21:24:06.000000000 +0000 @@ -0,0 +1,36 @@ +{ + "timestamp": { + "seconds": 1603746837, + "nanoseconds": 16450063 + }, + "columns": 80, + "command": "/usr/bin/id", + "lines": 24, + "runargv": [ + "id" + ], + "runenv": [ + "PATH=/home/millert/bin/OpenBSD.amd64:/home/millert/bin:/home/millert/bin/scripts:/home/millert/node_modules/.bin:/usr/local/gnu/bin:/usr/local/bin:/usr/local/sbin:/usr/local/etc:/usr/local/rcs/bin:/usr/local/nmh/bin:/usr/local/news/bin:/usr/local/emacs/bin:/usr/local/netpbm/bin:/usr/local/mtools/bin:/usr/local/netscape/bin:/usr/local/ghostscript/bin:/usr/local/frame-5.5.6/bin:/usr/local/teTeX/bin:/usr/local/cvs-1.10.1/bin:/usr/local/games/bin:/usr/local/archivers/bin:/usr/local/skey/bin:/usr/local/audio/bin:/usr/local/rtty/bin:/bin:/sbin:/usr/games:/usr/bin:/usr/sbin:/usr/etc:/etc:/usr/X11R6/bin:/usr/local/bin:/usr/obj/bin:/usr/src/bin", + "TERM=xterm-color", + "LANG=en_US.UTF-8", + "MAIL=/var/mail/root", + "LOGNAME=root", + "USER=root", + "HOME=/root", + "SHELL=/bin/ksh", + "SUDO_COMMAND=/usr/bin/id", + "SUDO_USER=millert", + "SUDO_UID=8036", + "SUDO_GID=20", + "KRB5CCNAME=bogus" + ], + "runuid": 0, + "rungid": 0, + "runcwd": "/usr/src/local/millert/sudo/trunk/lib/eventlog/regress", + "runuser": "root", + "rungroup": "wheel", + "submitcwd": "/usr/src/local/millert/sudo/trunk/lib/eventlog/regress", + "submithost": "xerxes.sudo.ws", + "submituser": "millert", + "ttyname": "/dev/ttypb" +} diff -Nru sudo-1.9.5p2/lib/iolog/regress/corpus/seed/log_json/ls.json sudo-1.9.9/lib/iolog/regress/corpus/seed/log_json/ls.json --- sudo-1.9.5p2/lib/iolog/regress/corpus/seed/log_json/ls.json 1970-01-01 00:00:00.000000000 +0000 +++ sudo-1.9.9/lib/iolog/regress/corpus/seed/log_json/ls.json 2022-01-27 21:24:06.000000000 +0000 @@ -0,0 +1,31 @@ +{ + "timestamp": { + "seconds": 1584790549, + "nanoseconds": 782859154 + }, + "columns": 80, + "command": "/bin/ls", + "lines": 24, + "runargv": [ "ls" ], + "runenv": [ + "LANG=en_US.UTF-8", + "TERM=tmux", + "PATH=/home/millert/bin/OpenBSD.amd64:/home/millert/bin:/home/millert/bin/scripts:/home/millert/node_modules/.bin:/usr/local/gnu/bin:/usr/local/bin:/usr/local/sbin:/usr/local/etc:/usr/local/rcs/bin:/usr/local/nmh/bin:/usr/local/news/bin:/usr/local/emacs/bin:/usr/local/netpbm/bin:/usr/local/mtools/bin:/usr/local/netscape/bin:/usr/local/ghostscript/bin:/usr/local/frame-5.5.6/bin:/usr/local/teTeX/bin:/usr/local/cvs-1.10.1/bin:/usr/local/games/bin:/usr/local/archivers/bin:/usr/local/skey/bin:/usr/local/audio/bin:/usr/local/rtty/bin:/bin:/sbin:/usr/games:/usr/bin:/usr/sbin:/usr/etc:/etc:/usr/X11R6/bin:/usr/local/bin:/usr/obj/bin:/usr/src/bin", + "MAIL=/var/mail/root", + "LOGNAME=root", + "USER=root", + "HOME=/root", + "SHELL=/bin/ksh", + "SUDO_COMMAND=/bin/ls", + "SUDO_USER=millert", + "SUDO_UID=8036", + "SUDO_GID=20", + "KRB5CCNAME=bogus" + ], + "runuid": 0, + "runuser": "root", + "submitcwd": "/usr/src/local/millert/hg/sudo/1.7", + "submithost": "xerxes.sudo.ws", + "submituser": "millert", + "ttyname": "/dev/ttyp3" +} diff -Nru sudo-1.9.5p2/lib/iolog/regress/corpus/seed/log_json/mailq.json sudo-1.9.9/lib/iolog/regress/corpus/seed/log_json/mailq.json --- sudo-1.9.5p2/lib/iolog/regress/corpus/seed/log_json/mailq.json 1970-01-01 00:00:00.000000000 +0000 +++ sudo-1.9.9/lib/iolog/regress/corpus/seed/log_json/mailq.json 2022-01-27 21:24:06.000000000 +0000 @@ -0,0 +1,31 @@ +{ + "timestamp": { + "seconds": 1584884264, + "nanoseconds": 499794755 + }, + "columns": 80, + "command": "/usr/bin/mailq", + "lines": 24, + "runargv": [ "mailq" ], + "runenv": [ + "LANG=en_US.UTF-8", + "PATH=/home/millert/bin/OpenBSD.amd64:/home/millert/bin:/home/millert/bin/scripts:/home/millert/node_modules/.bin:/usr/local/gnu/bin:/usr/local/bin:/usr/local/sbin:/usr/local/etc:/usr/local/rcs/bin:/usr/local/nmh/bin:/usr/local/news/bin:/usr/local/emacs/bin:/usr/local/netpbm/bin:/usr/local/mtools/bin:/usr/local/netscape/bin:/usr/local/ghostscript/bin:/usr/local/frame-5.5.6/bin:/usr/local/teTeX/bin:/usr/local/cvs-1.10.1/bin:/usr/local/games/bin:/usr/local/archivers/bin:/usr/local/skey/bin:/usr/local/audio/bin:/usr/local/rtty/bin:/bin:/sbin:/usr/games:/usr/bin:/usr/sbin:/usr/etc:/etc:/usr/X11R6/bin:/usr/local/bin:/usr/obj/bin:/usr/src/bin", + "TERM=tmux", + "MAIL=/var/mail/root", + "LOGNAME=root", + "USER=root", + "HOME=/root", + "SHELL=/bin/ksh", + "SUDO_COMMAND=/usr/bin/mailq", + "SUDO_USER=millert", + "SUDO_UID=8036", + "SUDO_GID=20", + "KRB5CCNAME=bogus" + ], + "runuid": 0, + "runuser": "root", + "submitcwd": "/home/millert", + "submithost": "xerxes.sudo.ws", + "submituser": "millert", + "ttyname": "/dev/ttyp3" +} diff -Nru sudo-1.9.5p2/lib/iolog/regress/corpus/seed/log_json/make.json sudo-1.9.9/lib/iolog/regress/corpus/seed/log_json/make.json --- sudo-1.9.5p2/lib/iolog/regress/corpus/seed/log_json/make.json 1970-01-01 00:00:00.000000000 +0000 +++ sudo-1.9.9/lib/iolog/regress/corpus/seed/log_json/make.json 2022-01-27 21:24:06.000000000 +0000 @@ -0,0 +1,36 @@ +{ + "timestamp": { + "seconds": 1584977889, + "nanoseconds": 510217787 + }, + "columns": 80, + "command": "/usr/bin/make", + "lines": 24, + "runargv": [ + "make", + "-C", + "/usr/src/usr.bin/sort", + "install" + ], + "runenv": [ + "PATH=/home/millert/bin/OpenBSD.amd64:/home/millert/bin:/home/millert/bin/scripts:/home/millert/node_modules/.bin:/usr/local/gnu/bin:/usr/local/bin:/usr/local/sbin:/usr/local/etc:/usr/local/rcs/bin:/usr/local/nmh/bin:/usr/local/news/bin:/usr/local/emacs/bin:/usr/local/netpbm/bin:/usr/local/mtools/bin:/usr/local/netscape/bin:/usr/local/ghostscript/bin:/usr/local/frame-5.5.6/bin:/usr/local/teTeX/bin:/usr/local/cvs-1.10.1/bin:/usr/local/games/bin:/usr/local/archivers/bin:/usr/local/skey/bin:/usr/local/audio/bin:/usr/local/rtty/bin:/bin:/sbin:/usr/games:/usr/bin:/usr/sbin:/usr/etc:/etc:/usr/X11R6/bin:/usr/local/bin:/usr/obj/bin:/usr/src/bin", + "TERM=xterm-color", + "LANG=en_US.UTF-8", + "MAIL=/var/mail/root", + "LOGNAME=root", + "USER=root", + "HOME=/root", + "SHELL=/bin/ksh", + "SUDO_COMMAND=/usr/bin/make -C /usr/src/usr.bin/sort install", + "SUDO_USER=millert", + "SUDO_UID=8036", + "SUDO_GID=20", + "KRB5CCNAME=bogus" + ], + "runuid": 0, + "runuser": "root", + "submitcwd": "/home/millert/tmp/src/usr.bin/sort", + "submithost": "xerxes.sudo.ws", + "submituser": "millert", + "ttyname": "/dev/ttypi" +} diff -Nru sudo-1.9.5p2/lib/iolog/regress/corpus/seed/log_json/pkg_add.json sudo-1.9.9/lib/iolog/regress/corpus/seed/log_json/pkg_add.json --- sudo-1.9.5p2/lib/iolog/regress/corpus/seed/log_json/pkg_add.json 1970-01-01 00:00:00.000000000 +0000 +++ sudo-1.9.9/lib/iolog/regress/corpus/seed/log_json/pkg_add.json 2022-01-27 21:24:06.000000000 +0000 @@ -0,0 +1,34 @@ +{ + "timestamp": { + "seconds": 1595281300, + "nanoseconds": 130458256 + }, + "columns": 80, + "command": "/usr/sbin/pkg_add", + "lines": 24, + "runargv": [ + "pkg_add", + "p5-PDF-API2" + ], + "runenv": [ + "PATH=/home/millert/bin/OpenBSD.amd64:/home/millert/bin:/home/millert/bin/scripts:/home/millert/node_modules/.bin:/usr/local/gnu/bin:/usr/local/bin:/usr/local/sbin:/usr/local/etc:/usr/local/rcs/bin:/usr/local/nmh/bin:/usr/local/news/bin:/usr/local/emacs/bin:/usr/local/netpbm/bin:/usr/local/mtools/bin:/usr/local/netscape/bin:/usr/local/ghostscript/bin:/usr/local/frame-5.5.6/bin:/usr/local/teTeX/bin:/usr/local/cvs-1.10.1/bin:/usr/local/games/bin:/usr/local/archivers/bin:/usr/local/skey/bin:/usr/local/audio/bin:/usr/local/rtty/bin:/bin:/sbin:/usr/games:/usr/bin:/usr/sbin:/usr/etc:/etc:/usr/X11R6/bin:/usr/local/bin:/usr/obj/bin:/usr/src/bin", + "TERM=xterm-color", + "LANG=en_US.UTF-8", + "MAIL=/var/mail/root", + "LOGNAME=root", + "USER=root", + "HOME=/root", + "SHELL=/bin/ksh", + "SUDO_COMMAND=/usr/sbin/pkg_add p5-PDF-API2", + "SUDO_USER=millert", + "SUDO_UID=8036", + "SUDO_GID=20", + "KRB5CCNAME=bogus" + ], + "runuid": 0, + "runuser": "root", + "submitcwd": "/usr/src/local/Music/chordpro", + "submithost": "xerxes.sudo.ws", + "submituser": "millert", + "ttyname": "/dev/ttypd" +} diff -Nru sudo-1.9.5p2/lib/iolog/regress/corpus/seed/log_json/pkg_delete.json sudo-1.9.9/lib/iolog/regress/corpus/seed/log_json/pkg_delete.json --- sudo-1.9.5p2/lib/iolog/regress/corpus/seed/log_json/pkg_delete.json 1970-01-01 00:00:00.000000000 +0000 +++ sudo-1.9.9/lib/iolog/regress/corpus/seed/log_json/pkg_delete.json 2022-01-27 21:24:06.000000000 +0000 @@ -0,0 +1,34 @@ +{ + "timestamp": { + "seconds": 1595620314, + "nanoseconds": 965982512 + }, + "columns": 80, + "command": "/usr/sbin/pkg_delete", + "lines": 24, + "runargv": [ + "pkg_delete", + "chordpro" + ], + "runenv": [ + "PATH=/home/millert/bin/OpenBSD.amd64:/home/millert/bin:/home/millert/bin/scripts:/home/millert/node_modules/.bin:/usr/local/gnu/bin:/usr/local/bin:/usr/local/sbin:/usr/local/etc:/usr/local/rcs/bin:/usr/local/nmh/bin:/usr/local/news/bin:/usr/local/emacs/bin:/usr/local/netpbm/bin:/usr/local/mtools/bin:/usr/local/netscape/bin:/usr/local/ghostscript/bin:/usr/local/frame-5.5.6/bin:/usr/local/teTeX/bin:/usr/local/cvs-1.10.1/bin:/usr/local/games/bin:/usr/local/archivers/bin:/usr/local/skey/bin:/usr/local/audio/bin:/usr/local/rtty/bin:/bin:/sbin:/usr/games:/usr/bin:/usr/sbin:/usr/etc:/etc:/usr/X11R6/bin:/usr/local/bin:/usr/obj/bin:/usr/src/bin", + "TERM=xterm-color", + "LANG=en_US.UTF-8", + "MAIL=/var/mail/root", + "LOGNAME=root", + "USER=root", + "HOME=/root", + "SHELL=/bin/ksh", + "SUDO_COMMAND=/usr/sbin/pkg_delete chordpro", + "SUDO_USER=millert", + "SUDO_UID=8036", + "SUDO_GID=20", + "KRB5CCNAME=bogus" + ], + "runuid": 0, + "runuser": "root", + "submitcwd": "/usr/ports/textproc/chordpro/pkg", + "submithost": "xerxes.sudo.ws", + "submituser": "millert", + "ttyname": "/dev/ttypd" +} diff -Nru sudo-1.9.5p2/lib/iolog/regress/corpus/seed/log_json/printenv.json sudo-1.9.9/lib/iolog/regress/corpus/seed/log_json/printenv.json --- sudo-1.9.5p2/lib/iolog/regress/corpus/seed/log_json/printenv.json 1970-01-01 00:00:00.000000000 +0000 +++ sudo-1.9.9/lib/iolog/regress/corpus/seed/log_json/printenv.json 2022-01-27 21:24:06.000000000 +0000 @@ -0,0 +1,34 @@ +{ + "timestamp": { + "seconds": 1601411718, + "nanoseconds": 269131020 + }, + "columns": 80, + "command": "/usr/bin/printenv", + "lines": 24, + "runargv": [ + "/usr/bin/printenv" + ], + "runenv": [ + "KRB5CCNAME=bogus", + "LANG=en_US.UTF-8", + "PATH=/tmp", + "TERM=xterm-color", + "MAIL=/var/mail/root", + "LOGNAME=root", + "USER=root", + "HOME=/root", + "SHELL=/bin/ksh", + "SUDO_COMMAND=/usr/bin/printenv", + "SUDO_USER=testdude", + "SUDO_UID=1000", + "SUDO_GID=1000" + ], + "runuid": 0, + "runcwd": "/usr/src/local/millert/sudo/trunk/plugins/sudoers", + "runuser": "root", + "submitcwd": "/usr/src/local/millert/sudo/trunk/plugins/sudoers", + "submithost": "xerxes.sudo.ws", + "submituser": "testdude", + "ttyname": "/dev/ttypb" +} diff -Nru sudo-1.9.5p2/lib/iolog/regress/corpus/seed/log_legacy/id.log sudo-1.9.9/lib/iolog/regress/corpus/seed/log_legacy/id.log --- sudo-1.9.5p2/lib/iolog/regress/corpus/seed/log_legacy/id.log 1970-01-01 00:00:00.000000000 +0000 +++ sudo-1.9.9/lib/iolog/regress/corpus/seed/log_legacy/id.log 2022-01-27 21:24:06.000000000 +0000 @@ -0,0 +1,3 @@ +1603746837:millert:root::/dev/ttypb:24:80 +/usr/src/local/millert/sudo/trunk/lib/eventlog/regress +/usr/bin/id diff -Nru sudo-1.9.5p2/lib/iolog/regress/corpus/seed/log_legacy/ls.log sudo-1.9.9/lib/iolog/regress/corpus/seed/log_legacy/ls.log --- sudo-1.9.5p2/lib/iolog/regress/corpus/seed/log_legacy/ls.log 1970-01-01 00:00:00.000000000 +0000 +++ sudo-1.9.9/lib/iolog/regress/corpus/seed/log_legacy/ls.log 2022-01-27 21:24:06.000000000 +0000 @@ -0,0 +1,3 @@ +1584790549:millert:root::/dev/ttyp3:24:80 +/usr/src/local/millert/hg/sudo/1.7 +/bin/ls diff -Nru sudo-1.9.5p2/lib/iolog/regress/corpus/seed/log_legacy/mailq.log sudo-1.9.9/lib/iolog/regress/corpus/seed/log_legacy/mailq.log --- sudo-1.9.5p2/lib/iolog/regress/corpus/seed/log_legacy/mailq.log 1970-01-01 00:00:00.000000000 +0000 +++ sudo-1.9.9/lib/iolog/regress/corpus/seed/log_legacy/mailq.log 2022-01-27 21:24:06.000000000 +0000 @@ -0,0 +1,3 @@ +1584884264:millert:root::/dev/ttyp3:24:80 +/home/millert +/usr/bin/mailq diff -Nru sudo-1.9.5p2/lib/iolog/regress/corpus/seed/log_legacy/make.log sudo-1.9.9/lib/iolog/regress/corpus/seed/log_legacy/make.log --- sudo-1.9.5p2/lib/iolog/regress/corpus/seed/log_legacy/make.log 1970-01-01 00:00:00.000000000 +0000 +++ sudo-1.9.9/lib/iolog/regress/corpus/seed/log_legacy/make.log 2022-01-27 21:24:06.000000000 +0000 @@ -0,0 +1,3 @@ +1584977889:millert:root::/dev/ttypi:24:80 +/home/millert/tmp/src/usr.bin/sort +/usr/bin/make -C /usr/src/usr.bin/sort install diff -Nru sudo-1.9.5p2/lib/iolog/regress/corpus/seed/log_legacy/pkg_add.log sudo-1.9.9/lib/iolog/regress/corpus/seed/log_legacy/pkg_add.log --- sudo-1.9.5p2/lib/iolog/regress/corpus/seed/log_legacy/pkg_add.log 1970-01-01 00:00:00.000000000 +0000 +++ sudo-1.9.9/lib/iolog/regress/corpus/seed/log_legacy/pkg_add.log 2022-01-27 21:24:06.000000000 +0000 @@ -0,0 +1,3 @@ +1595281300:millert:root::/dev/ttypd:24:80 +/usr/src/local/Music/chordpro +/usr/sbin/pkg_add p5-PDF-API2 diff -Nru sudo-1.9.5p2/lib/iolog/regress/corpus/seed/log_legacy/pkg_delete.log sudo-1.9.9/lib/iolog/regress/corpus/seed/log_legacy/pkg_delete.log --- sudo-1.9.5p2/lib/iolog/regress/corpus/seed/log_legacy/pkg_delete.log 1970-01-01 00:00:00.000000000 +0000 +++ sudo-1.9.9/lib/iolog/regress/corpus/seed/log_legacy/pkg_delete.log 2022-01-27 21:24:06.000000000 +0000 @@ -0,0 +1,3 @@ +1595620314:millert:root::/dev/ttypd:24:80 +/usr/ports/textproc/chordpro/pkg +/usr/sbin/pkg_delete chordpro diff -Nru sudo-1.9.5p2/lib/iolog/regress/corpus/seed/log_legacy/printenv.log sudo-1.9.9/lib/iolog/regress/corpus/seed/log_legacy/printenv.log --- sudo-1.9.5p2/lib/iolog/regress/corpus/seed/log_legacy/printenv.log 1970-01-01 00:00:00.000000000 +0000 +++ sudo-1.9.9/lib/iolog/regress/corpus/seed/log_legacy/printenv.log 2022-01-27 21:24:06.000000000 +0000 @@ -0,0 +1,3 @@ +1601411718:testdude:root::/dev/ttypb:24:80 +/usr/src/local/millert/sudo/trunk/plugins/sudoers +/usr/bin/printenv diff -Nru sudo-1.9.5p2/lib/iolog/regress/corpus/seed/timing/timing.1 sudo-1.9.9/lib/iolog/regress/corpus/seed/timing/timing.1 --- sudo-1.9.5p2/lib/iolog/regress/corpus/seed/timing/timing.1 1970-01-01 00:00:00.000000000 +0000 +++ sudo-1.9.9/lib/iolog/regress/corpus/seed/timing/timing.1 2022-01-27 21:24:06.000000000 +0000 @@ -0,0 +1,51 @@ +4 0.032200538 32 +4 0.000461816 917 +4 0.000260488 41 +3 0.748747801 1 +4 0.002709345 1040 +3 0.605486330 1 +4 0.002136958 792 +3 0.981620620 1 +4 0.001898021 39 +7 0.002496718 TSTP +7 11.781181911 CONT +5 0.000331519 59 120 +4 0.002261240 7 +4 0.005713594 7 +4 0.001005416 974 +4 0.004255422 2064 +4 0.001929362 445 +3 0.632938830 1 +4 0.001316335 15 +3 0.989972022 1 +4 0.001419091 39 +7 0.002164759 TSTP +7 1.195700989 CONT +4 0.001525087 7 +7 0.002025577 TTOU +7 0.908621867 CONT +4 0.001755079 7 +4 0.001712634 2064 +4 0.001236879 467 +3 0.347054501 1 +4 0.003931829 2082 +3 0.236017124 1 +4 0.002960088 618 +3 0.285032645 1 +4 0.000951230 1 +3 0.470931231 1 +4 0.001103587 8 +3 0.142977268 1 +4 0.001048037 1 +3 0.126189543 1 +4 0.000255520 1 +4 0.000641997 2064 +4 0.000298772 176 +3 3.183861587 1 +4 0.001098032 9 +3 0.142511842 1 +4 0.000995141 1 +3 0.191337037 1 +4 0.001096192 1 +4 0.001180378 7 +4 0.000838979 28 diff -Nru sudo-1.9.5p2/lib/iolog/regress/corpus/seed/timing/timing.2 sudo-1.9.9/lib/iolog/regress/corpus/seed/timing/timing.2 --- sudo-1.9.5p2/lib/iolog/regress/corpus/seed/timing/timing.2 1970-01-01 00:00:00.000000000 +0000 +++ sudo-1.9.9/lib/iolog/regress/corpus/seed/timing/timing.2 2022-01-27 21:24:06.000000000 +0000 @@ -0,0 +1,196 @@ +4 0.017420446 378 +4 0.101673410 78 +4 0.020237132 106 +4 32.406835619 258 +4 0.071903094 51 +4 0.044405150 53 +4 0.002465527 153 +4 0.061104878 37 +4 0.037284253 3 +4 0.035933494 3 +4 0.035405047 3 +4 0.035096439 3 +4 0.035427343 3 +4 0.035278610 3 +4 0.035503923 3 +4 0.034726429 3 +4 0.035415822 3 +4 0.035642850 4 +4 0.035104123 3 +4 0.035177940 3 +4 0.035114787 3 +4 0.035398463 3 +4 0.035774228 3 +4 0.034687088 3 +4 0.035231607 3 +4 0.035235355 3 +4 0.035430098 3 +4 0.035238761 3 +4 0.035310472 3 +4 0.035678834 6 +4 0.035098980 3 +4 0.034974643 3 +4 0.034769832 3 +4 0.035066706 3 +4 0.034910781 3 +4 0.034939164 3 +4 0.035387880 3 +4 0.036229124 3 +4 0.035210123 6 +4 0.034996626 6 +4 0.034484929 2 +4 0.014762481 40 +4 0.034798156 3 +4 0.035382724 3 +4 0.035200992 3 +4 0.035793731 3 +4 0.036046635 3 +4 0.035232505 3 +4 0.035596184 3 +4 0.034359958 3 +4 0.034881742 3 +4 0.036581308 4 +4 0.035716612 3 +4 0.034981224 3 +4 0.034653311 3 +4 0.035700405 3 +4 0.035204600 3 +4 0.035080066 3 +4 0.035072298 3 +4 0.035950557 3 +4 0.034524949 3 +4 0.035231401 3 +4 0.035918148 6 +4 0.035009022 3 +4 0.034086126 3 +4 0.034031601 3 +4 0.035507794 3 +4 0.035359991 3 +4 0.035451670 3 +4 0.034207436 3 +4 0.036154464 3 +4 0.034687026 6 +4 0.034511000 6 +4 0.035712971 2 +4 0.001114632 280 +4 0.013357954 70 +4 0.009099934 250 +4 0.345595767 59 +4 0.014672692 168 +4 0.165009111 119 +4 0.037129573 168 +4 0.163729717 119 +4 0.046685595 70 +4 0.010058716 205 +4 0.335682997 62 +4 0.009757680 403 +4 0.764539162 234 +4 0.126274733 133 +4 0.035954324 133 +4 0.160744133 706 +4 0.012594228 389 +4 0.000600099 337 +4 0.008974842 70 +4 0.009992828 205 +4 0.333655416 62 +4 0.009799688 415 +4 0.768206552 251 +4 0.123329919 133 +4 0.036529633 133 +4 0.131658603 706 +4 0.009965871 452 +4 0.000352099 274 +4 0.006881291 70 +4 0.007616147 210 +4 0.258108895 67 +4 0.007582335 418 +4 0.592632286 244 +4 0.096206429 143 +4 0.028539423 143 +4 0.124772846 706 +4 0.009854967 389 +4 0.000365510 337 +4 0.038009729 245 +4 0.044260031 73 +4 0.013835442 72 +4 0.013734457 81 +4 0.013966252 260 +4 0.233058895 59 +4 0.007278138 869 +4 1.481039643 148 +4 0.089258162 158 +4 0.082642822 151 +4 0.051838211 2202 +4 0.164269353 45 +4 0.014776451 127 +4 0.033523033 127 +4 0.102601946 706 +4 0.009758392 475 +4 0.000371524 251 +4 0.006895216 149 +4 0.101515800 117 +4 0.049231011 149 +4 0.100724385 117 +4 0.028593605 142 +4 0.100398116 110 +4 0.033582408 74 +4 0.013919259 82 +4 0.020859788 63 +4 0.007864945 70 +4 0.007803279 207 +4 0.258587972 64 +4 0.007479117 409 +4 0.590341346 238 +4 0.095587884 137 +4 0.028246058 137 +4 0.125974303 706 +4 0.009846897 475 +4 0.000398383 251 +4 0.007711302 101 +4 0.013103236 208 +4 0.261674900 65 +4 0.007528283 730 +4 0.890361622 601 +4 0.126547307 139 +4 0.034250610 139 +4 0.126209288 706 +4 0.009859395 475 +4 0.000386854 251 +4 0.002122077 310 +4 0.153210769 179 +4 0.014128026 253 +4 0.007009755 152 +4 0.127577685 103 +4 0.029587241 31 +4 0.001733173 36 +4 0.001730350 187 +4 0.002311429 334 +4 0.002449265 165 +4 0.089927714 131 +4 0.028627022 132 +4 0.124746485 706 +4 0.009744954 452 +4 0.000377336 274 +4 0.006732444 62 +4 0.006519788 106 +4 0.024636847 130 +4 0.018143227 294 +4 0.177574909 150 +4 0.124543833 104 +4 0.021106187 92 +4 0.021020993 108 +4 0.019733705 106 +4 0.021929696 120 +4 0.021340851 108 +4 0.020144663 104 +4 0.019972905 96 +4 0.019911985 102 +4 0.020978336 118 +4 0.020270010 118 +4 0.020800394 98 +4 0.023331698 118 +4 0.020625734 108 +4 0.024362590 45 +4 0.006712794 74 +4 0.008052322 209 +4 0.088262080 95 diff -Nru sudo-1.9.5p2/lib/iolog/regress/corpus/seed/timing/timing.3 sudo-1.9.9/lib/iolog/regress/corpus/seed/timing/timing.3 --- sudo-1.9.5p2/lib/iolog/regress/corpus/seed/timing/timing.3 1970-01-01 00:00:00.000000000 +0000 +++ sudo-1.9.9/lib/iolog/regress/corpus/seed/timing/timing.3 2022-01-27 21:24:06.000000000 +0000 @@ -0,0 +1,988 @@ +4 0.004667517 65 +1 0.000204598 16384 +1 0.000232870 16384 +1 0.000182715 16384 +1 0.000233631 16384 +1 0.000180381 16384 +1 0.000175649 16384 +1 0.000175959 16384 +1 0.000214345 16384 +1 0.000184234 16384 +1 0.000227610 16384 +1 0.000185340 16384 +1 0.000176307 16384 +1 0.000175898 16384 +1 0.000268993 16384 +1 0.000183674 16384 +1 0.000215319 16384 +1 0.000175147 16384 +1 0.000175248 16384 +1 0.000175224 16384 +1 0.000215165 16384 +1 0.000186660 16384 +1 0.000175657 16384 +1 0.000212448 16384 +1 0.000176406 16384 +1 0.000176418 16384 +1 0.000175909 16384 +1 0.000233918 16384 +1 0.000175175 16384 +1 0.000210767 16384 +1 0.000176349 16384 +1 0.000175932 16384 +1 0.000223892 16384 +1 0.000204215 16384 +1 0.000182071 16384 +1 0.000174307 16384 +1 0.000212948 16384 +1 0.000174008 16384 +1 0.000183305 16384 +1 0.000210859 16384 +1 0.000173624 16384 +1 0.000174269 16384 +1 0.000173759 16384 +1 0.000211001 16384 +1 0.000188432 16384 +1 0.000208482 16384 +1 0.000173818 16384 +1 0.000173706 16384 +1 0.000172848 16384 +1 0.000219983 16384 +1 0.000173715 16384 +1 0.000173231 16384 +1 0.000207740 16384 +1 0.000172355 16384 +1 0.000173862 16384 +1 0.000218171 16384 +1 0.000172711 16384 +1 0.000171980 16384 +1 0.000173769 16384 +1 0.000209693 16384 +1 0.000182913 16384 +1 0.000213414 16384 +1 0.000174563 16384 +1 0.000176066 16384 +1 0.000178416 16384 +1 0.000211025 16384 +1 0.000184019 16384 +1 0.000172715 16384 +1 0.000211906 16384 +1 0.000172898 16384 +1 0.000172698 16384 +1 0.000172687 16384 +1 0.000219835 16384 +1 0.000175073 16384 +1 0.000172194 16384 +1 0.000210039 16384 +1 0.000172651 16384 +1 0.000180363 16384 +1 0.000207814 16384 +1 0.000181339 16384 +1 0.000172957 16384 +1 0.000210462 16384 +1 0.000173359 16384 +1 0.000183117 16384 +1 0.000211472 16384 +1 0.000172785 16384 +1 0.000173065 16384 +1 0.000172556 16384 +1 0.000219412 16384 +1 0.000175049 16384 +1 0.000172688 16384 +1 0.000212409 16384 +1 0.000173995 16384 +1 0.000173362 16384 +1 0.000217888 16384 +1 0.000174519 16384 +1 0.000179535 16384 +1 0.000210660 16384 +1 0.000173236 16384 +1 0.000172656 16384 +1 0.000218333 16384 +1 0.000175598 16384 +1 0.000173390 16384 +1 0.000174078 16384 +1 0.000210326 16384 +1 0.000182926 16384 +1 0.000173350 16384 +1 0.000211036 16384 +1 0.000174038 16384 +1 0.000173647 16384 +1 0.000173506 16384 +1 0.000219713 16384 +1 0.000173048 16384 +1 0.000216544 16384 +1 0.000173473 16384 +1 0.000173584 16384 +1 0.000217290 16384 +1 0.000221436 16384 +1 0.000181452 16384 +1 0.000175981 16384 +1 0.000216787 16384 +1 0.000176126 16384 +1 0.000192080 16384 +1 0.000218372 16384 +1 0.000176383 16384 +1 0.000175741 16384 +1 0.000176882 16384 +1 0.000211760 16384 +1 0.000180460 16384 +1 0.000171301 16384 +1 0.000217254 16384 +1 0.000171345 16384 +1 0.000171068 16384 +1 0.000217296 16384 +1 0.000171584 16384 +1 0.000171382 16384 +1 0.000211004 16384 +1 0.000171735 16384 +1 0.000171288 16384 +1 0.000217634 16384 +1 0.000171509 16384 +1 0.000171665 16384 +1 0.000171047 16384 +1 0.000232622 16384 +1 0.000200850 16384 +1 0.000186185 16384 +1 0.000236223 16384 +1 0.000189277 16384 +1 0.000184901 16384 +1 0.000218248 16384 +1 0.000186495 16384 +1 0.000197206 16384 +1 0.000211952 16384 +1 0.000175248 16384 +1 0.000173748 16384 +1 0.000174236 16384 +1 0.000222111 16384 +1 0.000174574 16384 +1 0.000174434 16384 +1 0.000212226 16384 +1 0.000174342 16384 +1 0.000184829 16384 +1 0.000213260 16384 +1 0.000173502 16384 +1 0.000173093 16384 +1 0.000221162 16384 +1 0.000174153 16384 +1 0.000182299 16384 +1 0.000210864 16384 +1 0.000203068 16384 +1 0.000219136 16384 +1 0.000174002 16384 +1 0.000213188 16384 +1 0.000183505 16384 +1 0.000172565 16384 +1 0.000209734 16384 +1 0.000174341 16384 +1 0.000172264 16384 +1 0.000221781 16384 +1 0.000174790 16384 +1 0.000172739 16384 +1 0.000174020 16384 +1 0.000221785 16384 +1 0.000172995 16384 +1 0.000222941 16384 +1 0.000173977 16384 +1 0.000172728 16384 +1 0.000173524 16384 +1 0.000214508 16384 +1 0.000180455 16384 +1 0.000173688 16384 +1 0.000218400 16384 +1 0.000173836 16384 +1 0.000173021 16384 +1 0.000174233 16384 +1 0.000211773 16384 +1 0.000173345 16384 +1 0.000172586 16384 +1 0.000209547 16384 +1 0.000173828 16384 +1 0.000177025 16384 +1 0.000219995 16384 +1 0.000172918 16384 +1 0.000173449 16384 +1 0.000209423 16384 +1 0.000181676 16384 +1 0.000183441 16384 +1 0.000209581 16384 +1 0.000173832 16384 +1 0.000173270 16384 +1 0.000172904 16384 +1 0.000210702 16384 +1 0.000182215 16384 +1 0.000189641 16384 +1 0.000284181 16384 +1 0.000175365 16384 +1 0.000172881 16384 +1 0.000228551 16384 +1 0.000183598 16384 +1 0.000212813 16384 +1 0.000171234 16384 +1 0.000171113 16384 +1 0.000265216 16384 +1 0.000256766 16384 +1 0.000177761 16384 +1 0.000176795 16384 +1 0.000216366 16384 +1 0.000176847 16384 +1 0.000176382 16384 +1 0.000196256 16384 +1 0.000185652 16384 +1 0.000191254 16384 +1 0.000184776 16384 +1 0.000217719 16384 +1 0.000196783 16384 +1 0.000214624 16384 +1 0.000176543 16384 +1 0.000176621 16384 +1 0.000176781 16384 +1 0.000214375 16384 +1 0.000187073 16384 +1 0.000175881 16384 +1 0.000214427 16384 +1 0.000176819 16384 +1 0.000186002 16384 +1 0.000223983 16384 +1 0.000173340 16384 +1 0.000180282 16384 +1 0.000175780 16384 +1 0.000216125 16384 +1 0.000176193 16384 +1 0.000234609 16384 +1 0.000175698 16384 +1 0.000174926 16384 +1 0.000175740 16384 +1 0.000213854 16384 +1 0.000176984 16384 +1 0.000186810 16384 +1 0.000210152 16384 +1 0.000174875 16384 +1 0.000174813 16384 +1 0.000175036 16384 +1 0.000226974 16384 +1 0.000174660 16384 +1 0.000174744 16384 +1 0.000204522 16384 +1 0.000174780 16384 +1 0.000174814 16384 +1 0.000221269 16384 +1 0.000188334 16384 +1 0.000175739 16384 +1 0.000209695 16384 +1 0.000193824 16384 +1 0.000188632 16384 +1 0.000210526 16384 +1 0.000174158 16384 +1 0.000174339 16384 +1 0.000174180 16384 +1 0.000206907 16384 +1 0.000182368 16384 +1 0.000173833 16384 +1 0.000209012 16384 +1 0.000173131 16384 +1 0.000172859 16384 +1 0.000172674 16384 +1 0.000219815 16384 +1 0.000182668 16384 +1 0.000212487 16384 +1 0.000173833 16384 +1 0.000173242 16384 +1 0.000221886 16384 +1 0.000174126 16384 +1 0.000173782 16384 +1 0.000173083 16384 +1 0.000212048 16384 +1 0.000173991 16384 +1 0.000183737 16384 +1 0.000212986 16384 +1 0.000175737 16384 +1 0.000171877 16384 +1 0.000173977 16384 +1 0.000212917 16384 +1 0.000183401 16384 +1 0.000220644 16384 +1 0.000174845 16384 +1 0.000173519 16384 +1 0.000173358 16384 +1 0.000221424 16384 +1 0.000174225 16384 +1 0.000174026 16384 +1 0.000181262 16384 +1 0.000181238 16384 +1 0.000179989 16384 +1 0.000234088 16384 +1 0.000174627 16384 +1 0.000174688 16384 +1 0.000175388 16384 +1 0.000214217 16384 +1 0.000182064 16384 +1 0.000175192 16384 +1 0.000221012 16384 +1 0.000175500 16384 +1 0.000173344 16384 +1 0.000212621 16384 +1 0.000182532 16384 +1 0.000174054 16384 +1 0.000213046 16384 +1 0.000178598 16384 +1 0.000172744 16384 +1 0.000174442 16384 +1 0.000224111 16384 +1 0.000174925 16384 +1 0.000173327 16384 +1 0.000212011 16384 +1 0.000174397 16384 +1 0.000183846 16384 +1 0.000211973 16384 +1 0.000174197 16384 +1 0.000181158 16384 +1 0.000211734 16384 +1 0.000174521 16384 +1 0.000185459 16384 +1 0.000210420 16384 +1 0.000173614 16384 +1 0.000174063 16384 +1 0.000173928 16384 +1 0.000221641 16384 +1 0.000174892 16384 +1 0.000173602 16384 +1 0.000213548 16384 +1 0.000173288 16384 +1 0.000174566 16384 +1 0.000221746 16384 +1 0.000173691 16384 +1 0.000172544 16384 +1 0.000221593 16384 +1 0.000174859 16384 +1 0.000174593 16384 +1 0.000221470 16384 +1 0.000174906 16384 +1 0.000174414 16384 +1 0.000174643 16384 +1 0.000180381 16384 +1 0.000228118 16384 +1 0.000174372 16384 +1 0.000172894 16384 +1 0.000174088 16384 +1 0.000210179 16384 +1 0.000173018 16384 +1 0.000183585 16384 +1 0.000212582 16384 +1 0.000174028 16384 +1 0.000180274 16384 +1 0.000210011 16384 +1 0.000181061 16384 +1 0.000171667 16384 +1 0.000212975 16384 +1 0.000173474 16384 +1 0.000174824 16384 +1 0.000174770 16384 +1 0.000259517 16384 +1 0.000175254 16384 +1 0.000174674 16384 +1 0.000211257 16384 +1 0.000173914 16384 +1 0.000173226 16384 +1 0.000218736 16384 +1 0.000174777 16384 +1 0.000174287 16384 +1 0.000173806 16384 +1 0.000223350 16384 +1 0.000182470 16384 +1 0.000173368 16384 +1 0.000210632 16384 +1 0.000173962 16384 +1 0.000174398 16384 +1 0.000173870 16384 +1 0.000219226 16384 +1 0.000174328 16384 +1 0.000173605 16384 +1 0.000207352 16384 +1 0.000175893 16384 +1 0.000181901 16384 +1 0.000210141 16384 +1 0.000174263 16384 +1 0.000174436 16384 +1 0.000173800 16384 +1 0.000218953 16384 +1 0.000182143 16384 +1 0.000209929 16384 +1 0.000181286 16384 +1 0.000175206 16384 +1 0.000175289 16384 +1 0.000211021 16384 +1 0.000184189 16384 +1 0.000173899 16384 +1 0.000208349 16384 +1 0.000173540 16384 +1 0.000173470 16384 +1 0.000218306 16384 +1 0.000174466 16384 +1 0.000173733 16384 +1 0.000174997 16384 +1 0.000208404 16384 +1 0.000183404 16384 +1 0.000216987 16384 +1 0.000174787 16384 +1 0.000172001 16384 +1 0.000174352 16384 +1 0.000210113 16384 +1 0.000174975 16384 +1 0.000181474 16384 +1 0.000208027 16384 +1 0.000220815 16384 +1 0.000182672 16384 +1 0.000177670 16384 +1 0.000226754 16384 +1 0.000176226 16384 +1 0.000176257 16384 +1 0.000213945 16384 +1 0.000177178 16384 +1 0.000184848 16384 +1 0.000227104 16384 +1 0.000176737 16384 +1 0.000176047 16384 +1 0.000213861 16384 +1 0.000176249 16384 +1 0.000192460 16384 +1 0.000213055 16384 +1 0.000176122 16384 +1 0.000175803 16384 +1 0.000176855 16384 +1 0.000213759 16384 +1 0.000183896 16384 +1 0.000176042 16384 +1 0.000215572 16384 +1 0.000177052 16384 +1 0.000176248 16384 +1 0.000176225 16384 +1 0.000232080 16384 +1 0.000175961 16384 +1 0.000214198 16384 +1 0.000176799 16384 +1 0.000175935 16384 +1 0.000223226 16384 +1 0.000176909 16384 +1 0.000176795 16384 +1 0.000176510 16384 +1 0.000214109 16384 +1 0.000176961 16384 +1 0.000186460 16384 +1 0.000211960 16384 +1 0.000176559 16384 +1 0.000175660 16384 +1 0.000176204 16384 +1 0.000219927 16384 +1 0.000189594 16384 +1 0.000214824 16384 +1 0.000176935 16384 +1 0.000176513 16384 +1 0.000176800 16384 +1 0.000224628 16384 +1 0.000176509 16384 +1 0.000175911 16384 +1 0.000214526 16384 +1 0.000185996 16384 +1 0.000177260 16384 +1 0.000222187 16384 +1 0.000176306 16384 +1 0.000175852 16384 +1 0.000176047 16384 +1 0.000213267 16384 +1 0.000187775 16384 +1 0.000223034 16384 +1 0.000178203 16384 +1 0.000176681 16384 +1 0.000176577 16384 +1 0.000211623 16384 +1 0.000187933 16384 +1 0.000176091 16384 +1 0.000213563 16384 +1 0.000176665 16384 +1 0.000175972 16384 +1 0.000221236 16384 +1 0.000177542 16384 +1 0.000176816 16384 +1 0.000176855 16384 +1 0.000214626 16384 +1 0.000176270 16384 +1 0.000187315 16384 +1 0.000213606 16384 +1 0.000185588 16384 +1 0.000175148 16384 +1 0.000211150 16384 +1 0.000175119 16384 +1 0.000186448 16384 +1 0.000212381 16384 +1 0.000177247 16384 +1 0.000175999 16384 +1 0.000176495 16384 +1 0.000222973 16384 +1 0.000175776 16384 +1 0.000176586 16384 +1 0.000212810 16384 +1 0.000176501 16384 +1 0.000176409 16384 +1 0.000223551 16384 +1 0.000177325 16384 +1 0.000185881 16384 +1 0.000212232 16384 +1 0.000176149 16384 +1 0.000182616 16384 +1 0.000216249 16384 +1 0.000183941 16384 +1 0.000179989 16384 +1 0.000176223 16384 +1 0.000212771 16384 +1 0.000187318 16384 +1 0.000336166 16384 +1 0.000219610 16384 +1 0.000176123 16384 +1 0.000176534 16384 +1 0.000176734 16384 +1 0.000224839 16384 +1 0.000176819 16384 +1 0.000222734 16384 +1 0.000177474 16384 +1 0.000176537 16384 +1 0.000225175 16384 +1 0.000177148 16384 +1 0.000176676 16384 +1 0.000176364 16384 +1 0.000211976 16384 +1 0.000176519 16384 +1 0.000186739 16384 +1 0.000213745 16384 +1 0.000176337 16384 +1 0.000175372 16384 +1 0.000175256 16384 +1 0.000191167 16384 +1 0.000227098 16384 +1 0.000203959 16384 +1 0.000194934 16384 +1 0.000214879 16384 +1 0.000174297 16384 +1 0.000184364 16384 +1 0.000215725 16384 +1 0.000173186 16384 +1 0.000174405 16384 +1 0.000173021 16384 +1 0.000212846 16384 +1 0.000181787 16384 +1 0.000173693 16384 +1 0.000211996 16384 +1 0.000174205 16384 +1 0.000175232 16384 +1 0.000222319 16384 +1 0.000174473 16384 +1 0.000173905 16384 +1 0.000174245 16384 +1 0.000222767 16384 +1 0.000174680 16384 +1 0.000217322 16384 +1 0.000175657 16384 +1 0.000172138 16384 +1 0.000173154 16384 +1 0.000181922 16384 +1 0.000211261 16384 +1 0.000184041 16384 +1 0.000173746 16384 +1 0.000243145 16384 +1 0.000179559 16384 +1 0.000176514 16384 +1 0.000228488 16384 +1 0.000177394 16384 +1 0.000177116 16384 +1 0.000176330 16384 +1 0.000223859 16384 +1 0.000182981 16384 +1 0.000227680 16384 +1 0.000177529 16384 +1 0.000177276 16384 +1 0.000176643 16384 +1 0.000213851 16384 +1 0.000184064 16384 +1 0.000178917 16384 +1 0.000183389 16384 +1 0.000213760 16384 +1 0.000176615 16384 +1 0.000177014 16384 +1 0.000222460 16384 +1 0.000177618 16384 +1 0.000177433 16384 +1 0.000176751 16384 +1 0.000220289 16384 +1 0.000183874 16384 +1 0.000223291 16384 +1 0.000176584 16384 +1 0.000175356 16384 +1 0.000176131 16384 +1 0.000238184 16384 +1 0.000193171 16384 +1 0.000174034 16384 +1 0.000215225 16384 +1 0.000174230 16384 +1 0.000174692 16384 +1 0.000175198 16384 +1 0.000220923 16384 +1 0.000174519 16384 +1 0.000173328 16384 +1 0.000210593 16384 +1 0.000175280 16384 +1 0.000223725 16384 +1 0.000174043 16384 +1 0.000172213 16384 +1 0.000174386 16384 +1 0.000210062 16384 +1 0.000172668 16384 +1 0.000182741 16384 +1 0.000209600 16384 +1 0.000173388 16384 +1 0.000174516 16384 +1 0.000204938 16384 +1 0.000219722 16384 +1 0.000186264 16384 +1 0.000175835 16384 +1 0.000216579 16384 +1 0.000176859 16384 +1 0.000185424 16384 +1 0.000256274 16384 +1 0.000177038 16384 +1 0.000177028 16384 +1 0.000177097 16384 +1 0.000218396 16384 +1 0.000176244 16384 +1 0.000186753 16384 +1 0.000216613 16384 +1 0.000177165 16384 +1 0.000175987 16384 +1 0.000176194 16384 +1 0.000224954 16384 +1 0.000176241 16384 +1 0.000179706 16384 +1 0.000215687 16384 +1 0.000176822 16384 +1 0.000176959 16384 +1 0.000238809 16384 +1 0.000176021 16384 +1 0.000176005 16384 +1 0.000215081 16384 +1 0.000176917 16384 +1 0.000176841 16384 +1 0.000226806 16384 +1 0.000176823 16384 +1 0.000176219 16384 +1 0.000176206 16384 +1 0.000215191 16384 +1 0.000187089 16384 +1 0.000175357 16384 +1 0.000215160 16384 +1 0.000175506 16384 +1 0.000176262 16384 +1 0.000176893 16384 +1 0.000234077 16384 +1 0.000179820 16384 +1 0.000216583 16384 +1 0.000179626 16384 +1 0.000177220 16384 +1 0.000176652 16384 +1 0.000227752 16384 +1 0.000176586 16384 +1 0.000176687 16384 +1 0.000214614 16384 +1 0.000177012 16384 +1 0.000195925 16384 +1 0.000217877 16384 +1 0.000176660 16384 +1 0.000176628 16384 +1 0.000176518 16384 +1 0.000215128 16384 +1 0.000187158 16384 +1 0.000225865 16384 +1 0.000176883 16384 +1 0.000176479 16384 +1 0.000176918 16384 +1 0.000224584 16384 +1 0.000180642 16384 +1 0.000176575 16384 +1 0.000244591 16384 +1 0.000178884 16384 +1 0.000174478 16384 +1 0.000226308 16384 +1 0.000174493 16384 +1 0.000174253 16384 +1 0.000176100 16384 +1 0.000215833 16384 +1 0.000176009 16384 +1 0.000183651 16384 +1 0.000223742 16384 +1 0.000174847 16384 +1 0.000174555 16384 +1 0.000213911 16384 +1 0.000182787 16384 +1 0.000174312 16384 +1 0.000213740 16384 +1 0.000175147 16384 +1 0.000174444 16384 +1 0.000174608 16384 +1 0.000222736 16384 +1 0.000174226 16384 +1 0.000174346 16384 +1 0.000216076 16384 +1 0.000174753 16384 +1 0.000182164 16384 +1 0.000217255 16384 +1 0.000182199 16384 +1 0.000176654 16384 +1 0.000184926 16384 +1 0.000214193 16384 +1 0.000184332 16384 +1 0.000175061 16384 +1 0.000214842 16384 +1 0.000174290 16384 +1 0.000175230 16384 +1 0.000174584 16384 +1 0.000222141 16384 +1 0.000175004 16384 +1 0.000221859 16384 +1 0.000215405 16384 +1 0.000174805 16384 +1 0.000184484 16384 +1 0.000212251 16384 +1 0.000173998 16384 +1 0.000179855 16384 +1 0.000214218 16384 +1 0.000173891 16384 +1 0.000183743 16384 +1 0.000213744 16384 +1 0.000173599 16384 +1 0.000173705 16384 +1 0.000172790 16384 +1 0.000220443 16384 +1 0.000176454 16384 +1 0.000174052 16384 +1 0.000182942 16384 +1 0.000182499 16384 +1 0.000182752 16384 +1 0.000218520 16384 +1 0.000174344 16384 +1 0.000174067 16384 +1 0.000221027 16384 +1 0.000174479 16384 +1 0.000173231 16384 +1 0.000219055 16384 +1 0.000173519 16384 +1 0.000173592 16384 +1 0.000187641 16384 +1 0.000180615 16384 +1 0.000221532 16384 +1 0.000173358 16384 +1 0.000173716 16384 +1 0.000212930 16384 +1 0.000173799 16384 +1 0.000173265 16384 +1 0.000220938 16384 +1 0.000174478 16384 +1 0.000174193 16384 +1 0.000218225 16384 +1 0.000175334 16384 +1 0.000174731 16384 +1 0.000221306 16384 +1 0.000173339 16384 +1 0.000172534 16384 +1 0.000174621 16384 +1 0.000211371 16384 +1 0.000184274 16384 +1 0.000173693 16384 +1 0.000210738 16384 +1 0.000172870 16384 +1 0.000173658 16384 +1 0.000174610 16384 +1 0.000227013 16384 +1 0.000174377 16384 +1 0.000173774 16384 +1 0.000216715 16384 +1 0.000174562 16384 +1 0.000184457 16384 +1 0.000212227 16384 +1 0.000174285 16384 +1 0.000172947 16384 +1 0.000172874 16384 +1 0.000209950 16384 +1 0.000183721 16384 +1 0.000173842 16384 +1 0.000181812 16384 +1 0.000209234 16384 +1 0.000173865 16384 +1 0.000174440 16384 +1 0.000219158 16384 +1 0.000173688 16384 +1 0.000186204 16384 +1 0.000187117 16384 +1 0.000224835 16384 +1 0.000186466 16384 +1 0.000215016 16384 +1 0.000173500 16384 +1 0.000172877 16384 +1 0.000173607 16384 +1 0.000212322 16384 +1 0.000183453 16384 +1 0.000173058 16384 +1 0.000212908 16384 +1 0.000174174 16384 +1 0.000173832 16384 +1 0.000220095 16384 +1 0.000174213 16384 +1 0.000173628 16384 +1 0.000173636 16384 +1 0.000214330 16384 +1 0.000181537 16384 +1 0.000218378 16384 +1 0.000176719 16384 +1 0.000173799 16384 +1 0.000175342 16384 +1 0.000180003 16384 +1 0.000180824 16384 +1 0.000206418 16384 +1 0.000180934 16384 +1 0.000213981 16384 +1 0.000173692 16384 +1 0.000174841 16384 +1 0.000219890 16384 +1 0.000174085 16384 +1 0.000178707 16384 +1 0.000173240 16384 +1 0.000212296 16384 +1 0.000183092 16384 +1 0.000223713 16384 +1 0.000174196 16384 +1 0.000174774 16384 +1 0.000176585 16384 +1 0.000213063 16384 +1 0.000181023 16384 +1 0.000174437 16384 +1 0.000212119 16384 +1 0.000174637 16384 +1 0.000174680 16384 +1 0.000172043 16384 +1 0.000225831 16384 +1 0.000174957 16384 +1 0.000173717 16384 +1 0.000204836 16384 +1 0.000174480 16384 +1 0.000174503 16384 +1 0.000227562 16384 +1 0.000174648 16384 +1 0.000173883 16384 +1 0.000210909 16384 +1 0.000175163 16384 +1 0.000185280 16384 +1 0.000188143 16384 +1 0.000213442 16384 +1 0.000175698 16384 +1 0.000174523 16384 +1 0.000173744 16384 +1 0.000222276 16384 +1 0.000173932 16384 +1 0.000174101 16384 +1 0.000228212 16384 +1 0.000179652 16384 +1 0.000182744 16384 +1 0.000219840 16384 +1 0.000171827 16384 +1 0.000172109 16384 +1 0.000213111 16384 +1 0.000175428 16384 +1 0.000182643 16384 +1 0.000180712 16384 +1 0.000212075 16384 +1 0.000174431 16384 +1 0.000174165 16384 +1 0.000173958 16384 +1 0.000221502 16384 +1 0.000174430 16384 +1 0.000172987 16384 +1 0.000213347 16384 +1 0.000179394 16384 +1 0.000184413 16384 +1 0.000221817 16384 +1 0.000173676 16384 +1 0.000173467 16384 +1 0.000211345 16384 +1 0.000173427 16384 +1 0.000183070 16384 +1 0.000214273 16384 +1 0.000173861 16384 +1 0.000172542 16384 +1 0.000172972 16384 +1 0.000212044 16384 +1 0.000179707 16384 +1 0.000173853 16384 +1 0.000214614 16384 +1 0.000175333 16384 +1 0.000174546 16384 +1 0.000219227 16384 +1 0.000182069 16384 +1 0.000174346 16384 +1 0.000213209 16384 +1 0.000174893 16384 +1 0.000173416 16384 +1 0.000220164 16384 +1 0.000174433 16384 +1 0.000173567 16384 +1 0.000174038 16384 +1 0.000211480 16384 +1 0.000181584 16384 +1 0.000174524 16384 +1 0.000212783 16384 +1 0.000173224 16384 +1 0.000173899 16384 +1 0.000173311 16384 +1 0.000227583 16384 +1 0.000173853 16384 +1 0.000181100 16384 +1 0.000210033 16384 +1 0.000173540 16384 +1 0.000173247 16384 +1 0.000216875 16384 +1 0.000176372 16384 +1 0.000174152 16384 +1 0.000173313 16384 +1 0.000180973 16384 +1 0.000219101 16384 +1 0.000174160 16384 +1 0.000173459 16384 +1 0.000208939 16384 +1 0.000173989 16384 +1 0.000173410 16384 +1 0.000218716 16384 +1 0.000177116 16384 +1 0.000182663 16384 +1 0.000212028 16384 +1 0.000173705 16384 +1 0.000181046 16384 +1 0.000209238 16384 +1 0.000174394 16384 +1 0.000174024 16384 +1 0.000173850 16384 +1 0.000210442 16384 +1 0.000181175 16384 +1 0.000171863 16384 +1 0.000211097 16384 +1 0.000174362 16384 +1 0.000174110 16384 +1 0.000174258 16384 +1 0.000222086 16384 +1 0.000173989 16384 +1 0.000232996 16384 +1 0.000178935 16384 +1 0.000174268 16384 +1 0.000224038 16384 +1 0.000174040 16384 +1 0.000174231 16384 +1 0.000174277 16384 +1 0.000216674 16384 +1 0.000175634 16384 +4 0.000634865 54 +1 0.000552527 10240 diff -Nru sudo-1.9.5p2/lib/iolog/regress/corpus/seed/timing/timing.4 sudo-1.9.9/lib/iolog/regress/corpus/seed/timing/timing.4 --- sudo-1.9.5p2/lib/iolog/regress/corpus/seed/timing/timing.4 1970-01-01 00:00:00.000000000 +0000 +++ sudo-1.9.9/lib/iolog/regress/corpus/seed/timing/timing.4 2022-01-27 21:24:06.000000000 +0000 @@ -0,0 +1,8 @@ +2 0.025750192 5 +0 0.670737828 2 +0 2.832110312 2 +0 0.903947334 2 +0 1.727798521 3 +0 2.040329883 2 +2 0.001192523 2 +1 0.001253839 77 diff -Nru sudo-1.9.5p2/lib/iolog/regress/fuzz/fuzz_iolog_json.c sudo-1.9.9/lib/iolog/regress/fuzz/fuzz_iolog_json.c --- sudo-1.9.5p2/lib/iolog/regress/fuzz/fuzz_iolog_json.c 1970-01-01 00:00:00.000000000 +0000 +++ sudo-1.9.9/lib/iolog/regress/fuzz/fuzz_iolog_json.c 2022-01-27 21:24:22.000000000 +0000 @@ -0,0 +1,120 @@ +/* + * Copyright (c) 2021 Todd C. Miller + * + * Permission to use, copy, modify, and distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR + * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN + * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF + * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + */ + +#include + +#include +#include +#include +#include +#if defined(HAVE_STDINT_H) +# include +#elif defined(HAVE_INTTYPES_H) +# include +#endif + +#include "sudo_compat.h" +#include "sudo_debug.h" +#include "sudo_eventlog.h" +#include "sudo_fatal.h" +#include "sudo_iolog.h" +#include "sudo_plugin.h" +#include "sudo_util.h" + +#include "iolog_json.h" + +static FILE * +open_data(const uint8_t *data, size_t size) +{ +#ifdef HAVE_FMEMOPEN + /* Operate in-memory. */ + return fmemopen((void *)data, size, "r"); +#else + char tempfile[] = "/tmp/json.XXXXXX"; + size_t nwritten; + int fd; + + /* Use (unlinked) temporary file. */ + fd = mkstemp(tempfile); + if (fd == -1) + return NULL; + unlink(tempfile); + nwritten = write(fd, data, size); + if (nwritten != size) { + close(fd); + return NULL; + } + lseek(fd, 0, SEEK_SET); + return fdopen(fd, "r"); +#endif +} + +static int +fuzz_conversation(int num_msgs, const struct sudo_conv_message msgs[], + struct sudo_conv_reply replies[], struct sudo_conv_callback *callback) +{ + int n; + + for (n = 0; n < num_msgs; n++) { + const struct sudo_conv_message *msg = &msgs[n]; + + switch (msg->msg_type & 0xff) { + case SUDO_CONV_PROMPT_ECHO_ON: + case SUDO_CONV_PROMPT_MASK: + case SUDO_CONV_PROMPT_ECHO_OFF: + /* input not supported */ + return -1; + case SUDO_CONV_ERROR_MSG: + case SUDO_CONV_INFO_MSG: + /* no output for fuzzers */ + break; + default: + return -1; + } + } + return 0; +} + +int +LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) +{ + struct eventlog *evlog = NULL; + FILE *fp; + + setprogname("fuzz_iolog_json"); + sudo_warn_set_conversation(fuzz_conversation); + + fp = open_data(data, size); + if (fp == NULL) + return 0; + + /* Parsed contents of an log.json file are stored in evlog. */ + evlog = calloc(1, sizeof(*evlog)); + if (evlog != NULL) { + evlog->runuid = (uid_t)-1; + evlog->rungid = (gid_t)-1; + evlog->exit_value = -1; + + /* Try to parse buffer as a JSON-format I/O log info file. */ + iolog_parse_loginfo_json(fp, "fuzz.json", evlog); + eventlog_free(evlog); + } + fclose(fp); + + fflush(stdout); + + return 0; +} diff -Nru sudo-1.9.5p2/lib/iolog/regress/fuzz/fuzz_iolog_json.dict sudo-1.9.9/lib/iolog/regress/fuzz/fuzz_iolog_json.dict --- sudo-1.9.5p2/lib/iolog/regress/fuzz/fuzz_iolog_json.dict 1970-01-01 00:00:00.000000000 +0000 +++ sudo-1.9.9/lib/iolog/regress/fuzz/fuzz_iolog_json.dict 2022-01-27 21:24:22.000000000 +0000 @@ -0,0 +1,21 @@ +# I/O log JSON keywords +"\"columns\"" +"\"command\"" +"\"dumped_core\"" +"\"exit_value\"" +"\"lines\"" +"\"run_time\"" +"\"runargv\"" +"\"runenv\"" +"\"rungid\"" +"\"rungroup\"" +"\"runuid\"" +"\"runuser\"" +"\"runchroot\"" +"\"runcwd\"" +"\"signal\"" +"\"submitcwd\"" +"\"submithost\"" +"\"submituser\"" +"\"timestamp\"" +"\"ttyname\""" diff -Nru sudo-1.9.5p2/lib/iolog/regress/fuzz/fuzz_iolog_legacy.c sudo-1.9.9/lib/iolog/regress/fuzz/fuzz_iolog_legacy.c --- sudo-1.9.5p2/lib/iolog/regress/fuzz/fuzz_iolog_legacy.c 1970-01-01 00:00:00.000000000 +0000 +++ sudo-1.9.9/lib/iolog/regress/fuzz/fuzz_iolog_legacy.c 2022-01-27 21:24:22.000000000 +0000 @@ -0,0 +1,116 @@ +/* + * Copyright (c) 2021 Todd C. Miller + * + * Permission to use, copy, modify, and distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR + * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN + * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF + * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + */ + +#include + +#include +#include +#include +#include +#if defined(HAVE_STDINT_H) +# include +#elif defined(HAVE_INTTYPES_H) +# include +#endif + +#include "sudo_compat.h" +#include "sudo_debug.h" +#include "sudo_eventlog.h" +#include "sudo_fatal.h" +#include "sudo_iolog.h" +#include "sudo_plugin.h" +#include "sudo_util.h" + +static FILE * +open_data(const uint8_t *data, size_t size) +{ +#ifdef HAVE_FMEMOPEN + /* Operate in-memory. */ + return fmemopen((void *)data, size, "r"); +#else + char tempfile[] = "/tmp/legacy.XXXXXX"; + size_t nwritten; + int fd; + + /* Use (unlinked) temporary file. */ + fd = mkstemp(tempfile); + if (fd == -1) + return NULL; + unlink(tempfile); + nwritten = write(fd, data, size); + if (nwritten != size) { + close(fd); + return NULL; + } + lseek(fd, 0, SEEK_SET); + return fdopen(fd, "r"); +#endif +} + +static int +fuzz_conversation(int num_msgs, const struct sudo_conv_message msgs[], + struct sudo_conv_reply replies[], struct sudo_conv_callback *callback) +{ + int n; + + for (n = 0; n < num_msgs; n++) { + const struct sudo_conv_message *msg = &msgs[n]; + + switch (msg->msg_type & 0xff) { + case SUDO_CONV_PROMPT_ECHO_ON: + case SUDO_CONV_PROMPT_MASK: + case SUDO_CONV_PROMPT_ECHO_OFF: + /* input not supported */ + return -1; + case SUDO_CONV_ERROR_MSG: + case SUDO_CONV_INFO_MSG: + /* no output for fuzzers */ + break; + default: + return -1; + } + } + return 0; +} + +int +LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) +{ + struct eventlog *evlog = NULL; + FILE *fp; + + setprogname("fuzz_iolog_legacy"); + sudo_warn_set_conversation(fuzz_conversation); + + fp = open_data(data, size); + if (fp == NULL) + return 0; + + /* Parsed contents of an I/O log info file are stored in evlog. */ + evlog = calloc(1, sizeof(*evlog)); + if (evlog != NULL) { + evlog->runuid = (uid_t)-1; + evlog->rungid = (gid_t)-1; + + /* Try to parse buffer as a legacy-format I/O log info file. */ + iolog_parse_loginfo_legacy(fp, "fuzz.legacy", evlog); + eventlog_free(evlog); + } + fclose(fp); + fflush(stdout); + + return 0; +} diff -Nru sudo-1.9.5p2/lib/iolog/regress/fuzz/fuzz_iolog_timing.c sudo-1.9.9/lib/iolog/regress/fuzz/fuzz_iolog_timing.c --- sudo-1.9.5p2/lib/iolog/regress/fuzz/fuzz_iolog_timing.c 1970-01-01 00:00:00.000000000 +0000 +++ sudo-1.9.9/lib/iolog/regress/fuzz/fuzz_iolog_timing.c 2022-01-27 21:24:22.000000000 +0000 @@ -0,0 +1,129 @@ +/* + * Copyright (c) 2021 Todd C. Miller + * + * Permission to use, copy, modify, and distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR + * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN + * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF + * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + */ + +#include + +#include +#include +#include +#include +#include +#include +#if defined(HAVE_STDINT_H) +# include +#elif defined(HAVE_INTTYPES_H) +# include +#endif +#ifdef HAVE_STDBOOL_H +# include +#else +# include "compat/stdbool.h" +#endif /* HAVE_STDBOOL_H */ + +#include "sudo_compat.h" +#include "sudo_debug.h" +#include "sudo_eventlog.h" +#include "sudo_fatal.h" +#include "sudo_iolog.h" +#include "sudo_plugin.h" +#include "sudo_util.h" + +static int +fuzz_conversation(int num_msgs, const struct sudo_conv_message msgs[], + struct sudo_conv_reply replies[], struct sudo_conv_callback *callback) +{ + int n; + + for (n = 0; n < num_msgs; n++) { + const struct sudo_conv_message *msg = &msgs[n]; + + switch (msg->msg_type & 0xff) { + case SUDO_CONV_PROMPT_ECHO_ON: + case SUDO_CONV_PROMPT_MASK: + case SUDO_CONV_PROMPT_ECHO_OFF: + /* input not supported */ + return -1; + case SUDO_CONV_ERROR_MSG: + case SUDO_CONV_INFO_MSG: + /* no output for fuzzers */ + break; + default: + return -1; + } + } + return 0; +} + +int +LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) +{ + struct iolog_file iolog_file = { true }; + struct timing_closure closure; + char logdir[] = "/tmp/timing.XXXXXX"; + int dfd = -1, fd = -1; + + setprogname("fuzz_iolog_timing"); + sudo_warn_set_conversation(fuzz_conversation); + + /* I/O logs consist of multiple files in a directory. */ + if (mkdtemp(logdir) == NULL) + return 0; + + /* Create a timing file from the supplied data. */ + dfd = open(logdir, O_RDONLY); + if (dfd == -1) + goto cleanup; + + fd = openat(dfd, "timing", O_WRONLY|O_CREAT|O_EXCL, S_IRWXU); + if (fd == -1) + goto cleanup; + + if (write(fd, data, size) != (ssize_t)size) + goto cleanup; + close(fd); + fd = -1; + + /* Open the timing file we wrote and try to parse it. */ + if (!iolog_open(&iolog_file, dfd, IOFD_TIMING, "r")) + goto cleanup; + + memset(&closure, 0, sizeof(closure)); + closure.decimal = "."; + for (;;) { + if (iolog_read_timing_record(&iolog_file, &closure) != 0) + break; + } + iolog_close(&iolog_file, NULL); + +cleanup: + if (dfd != -1) { + if (fd != -1) + close(fd); + unlinkat(dfd, "timing", 0); + close(dfd); + } + rmdir(logdir); + fflush(stdout); + + return 0; +} + +/* STUB */ +bool +iolog_swapids(bool restore) +{ + return false; +} diff -Nru sudo-1.9.5p2/lib/iolog/regress/iolog_json/check_iolog_json.c sudo-1.9.9/lib/iolog/regress/iolog_json/check_iolog_json.c --- sudo-1.9.5p2/lib/iolog/regress/iolog_json/check_iolog_json.c 2020-12-17 01:33:43.000000000 +0000 +++ sudo-1.9.9/lib/iolog/regress/iolog_json/check_iolog_json.c 2022-01-27 21:24:06.000000000 +0000 @@ -209,9 +209,9 @@ /* Parse input file. */ if ((infp = fopen(infile, "r")) == NULL) { - sudo_warn("%s", argv[1]); + sudo_warn("%s", argv[i]); errors++; - goto next; + continue; } if (!iolog_parse_json(infp, infile, &root)) { errors++; diff -Nru sudo-1.9.5p2/lib/iolog/regress/iolog_path/check_iolog_path.c sudo-1.9.9/lib/iolog/regress/iolog_path/check_iolog_path.c --- sudo-1.9.5p2/lib/iolog/regress/iolog_path/check_iolog_path.c 2020-12-17 01:33:43.000000000 +0000 +++ sudo-1.9.9/lib/iolog/regress/iolog_path/check_iolog_path.c 2022-01-27 21:24:22.000000000 +0000 @@ -128,22 +128,30 @@ static int do_check(char *dir_in, char *file_in, char *tdir_out, char *tfile_out) { - char dir[PATH_MAX], dir_out[PATH_MAX]; - char file[PATH_MAX], file_out[PATH_MAX]; - struct tm *timeptr; - time_t now; + char dir[PATH_MAX], dir_out[PATH_MAX] = ""; + char file[PATH_MAX], file_out[PATH_MAX] = ""; int error = 0; + struct tm tm; + time_t now; + int len; /* * Expand any strftime(3) escapes - * XXX - want to pass timeptr to expand_iolog_path + * XXX - want to pass tm to expand_iolog_path */ time(&now); - timeptr = localtime(&now); - if (timeptr == NULL) - sudo_fatalx("localtime returned NULL"); - strftime(dir_out, sizeof(dir_out), tdir_out, timeptr); - strftime(file_out, sizeof(file_out), tfile_out, timeptr); + if (localtime_r(&now, &tm) == NULL) + sudo_fatal("localtime_r"); + if (tdir_out[0] != '\0') { + len = strftime(dir_out, sizeof(dir_out), tdir_out, &tm); + if (len == 0 || dir_out[sizeof(dir_out) - 1] != '\0') + sudo_fatalx("dir_out: strftime overflow"); + } + if (tfile_out[0] != '\0') { + len = strftime(file_out, sizeof(file_out), tfile_out, &tm); + if (len == 0 || file_out[sizeof(file_out) - 1] != '\0') + sudo_fatalx("file_out: strftime overflow"); + } if (!expand_iolog_path(dir_in, dir, sizeof(dir), &path_escapes[1], NULL)) sudo_fatalx("unable to expand I/O log dir"); diff -Nru sudo-1.9.5p2/lib/iolog/regress/iolog_timing/check_iolog_timing.c sudo-1.9.9/lib/iolog/regress/iolog_timing/check_iolog_timing.c --- sudo-1.9.5p2/lib/iolog/regress/iolog_timing/check_iolog_timing.c 1970-01-01 00:00:00.000000000 +0000 +++ sudo-1.9.9/lib/iolog/regress/iolog_timing/check_iolog_timing.c 2022-01-27 21:24:06.000000000 +0000 @@ -0,0 +1,148 @@ +/* + * SPDX-License-Identifier: ISC + * + * Copyright (c) 2018 Todd C. Miller + * + * Permission to use, copy, modify, and distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR + * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN + * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF + * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + */ + +#include + +#include +#include +#include +#include +#include + +#define SUDO_ERROR_WRAP 0 + +#include "sudo_compat.h" +#include "sudo_util.h" +#include "sudo_fatal.h" +#include "sudo_iolog.h" + +sudo_dso_public int main(int argc, char *argv[]); + +static struct parse_delay_test { + const char *input; + const char *next_field; + struct timespec expected_delay; +} parse_delay_tests[] = { + { "10.99999999999 X", "X", { 10, 999999999 } }, /* clamp to nsec */ + { "10.999999999 X", "X", { 10, 999999999 } }, /* nsec */ + { "10.999999 X", "X", { 10, 999999000 } }, /* usec -> nsec */ + { "10.000999999 X", "X", { 10, 999999 } }, + { "10.9 X", "X", { 10, 900000000 } }, + { "10.0 X", "X", { 10, 0 } } +}; + +/* + * Test iolog_parse_delay() + */ +void +test_parse_delay(int *ntests, int *nerrors) +{ + unsigned int i; + + for (i = 0; i < nitems(parse_delay_tests); i++) { + struct timespec delay; + struct parse_delay_test *test = &parse_delay_tests[i]; + char *cp = iolog_parse_delay(test->input, &delay, "."); + if (cp == NULL) { + sudo_warnx("%s:%u failed to parse delay: %s", __func__, + i, test->input); + (*nerrors)++; + continue; + } + if (strcmp(cp, test->next_field) != 0) { + sudo_warnx("%s:%u next field (want \"%s\", got \"%s\"", __func__, + i, test->next_field, cp); + (*nerrors)++; + continue; + } + if (delay.tv_sec != test->expected_delay.tv_sec) { + sudo_warnx("%s:%u wrong seconds (want %lld, got %lld)", __func__, + i, (long long)test->expected_delay.tv_sec, + (long long)delay.tv_sec); + (*nerrors)++; + continue; + } + if (delay.tv_nsec != test->expected_delay.tv_nsec) { + sudo_warnx("%s:%u wrong nanoseconds (want %ld, got %ld)", __func__, + i, test->expected_delay.tv_nsec, delay.tv_nsec); + (*nerrors)++; + continue; + } + } + (*ntests) += i; +} + +static struct adjust_delay_test { + struct timespec in_delay; + struct timespec out_delay; + struct timespec max_delay; + double scale_factor; +} adjust_delay_tests[] = { + { { 10, 300 }, { 10, 300 }, { 0, 0 }, 1.0 }, + { { 10, 300 }, { 5, 150 }, { 0, 0 }, 2.0 }, + { { 5, 300 }, { 2, 500000150 }, { 0, 0 }, 2.0 }, + { { 0, 1000000 }, { 0, 333333 }, { 0, 0 }, 3 }, + { { 10, 1000000 }, { 3, 333666666 }, { 0, 0 }, 3 }, + { { 5, 150 }, { 10, 300 }, { 0, 0 }, 0.5 }, + { { 5, 500000000 }, { 11, 0 }, { 0, 0 }, 0.5 }, + { { 5, 150 }, { 5, 0 }, { 5, 0 }, 0.5 } +}; + +/* + * Test iolog_adjust_delay() + */ +void +test_adjust_delay(int *ntests, int *nerrors) +{ + unsigned int i; + + for (i = 0; i < nitems(adjust_delay_tests); i++) { + struct adjust_delay_test *test = &adjust_delay_tests[i]; + + iolog_adjust_delay(&test->in_delay, + sudo_timespecisset(&test->max_delay) ? &test->max_delay : NULL, + test->scale_factor); + if (!sudo_timespeccmp(&test->in_delay, &test->out_delay, ==)) { + sudo_warnx("%s:%u want {%lld, %ld}, got {%lld, %ld}", __func__, i, + (long long)test->out_delay.tv_sec, test->out_delay.tv_nsec, + (long long)test->in_delay.tv_sec, test->in_delay.tv_nsec); + (*nerrors)++; + } + } + (*ntests) += i; +} + +int +main(int argc, char *argv[]) +{ + int tests = 0, errors = 0; + + initprogname(argc > 0 ? argv[0] : "check_iolog_timing"); + + test_parse_delay(&tests, &errors); + + test_adjust_delay(&tests, &errors); + + if (tests != 0) { + printf("iolog_timing: %d test%s run, %d errors, %d%% success rate\n", + tests, tests == 1 ? "" : "s", errors, + (tests - errors) * 100 / tests); + } + + exit(errors); +} diff -Nru sudo-1.9.5p2/lib/iolog/regress/iolog_util/check_iolog_util.c sudo-1.9.9/lib/iolog/regress/iolog_util/check_iolog_util.c --- sudo-1.9.5p2/lib/iolog/regress/iolog_util/check_iolog_util.c 2020-12-17 01:33:43.000000000 +0000 +++ sudo-1.9.9/lib/iolog/regress/iolog_util/check_iolog_util.c 1970-01-01 00:00:00.000000000 +0000 @@ -1,148 +0,0 @@ -/* - * SPDX-License-Identifier: ISC - * - * Copyright (c) 2018 Todd C. Miller - * - * Permission to use, copy, modify, and distribute this software for any - * purpose with or without fee is hereby granted, provided that the above - * copyright notice and this permission notice appear in all copies. - * - * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES - * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF - * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR - * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES - * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN - * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF - * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. - */ - -#include - -#include -#include -#include -#include -#include - -#define SUDO_ERROR_WRAP 0 - -#include "sudo_compat.h" -#include "sudo_util.h" -#include "sudo_fatal.h" -#include "sudo_iolog.h" - -sudo_dso_public int main(int argc, char *argv[]); - -static struct parse_delay_test { - const char *input; - const char *next_field; - struct timespec expected_delay; -} parse_delay_tests[] = { - { "10.99999999999 X", "X", { 10, 999999999 } }, /* clamp to nsec */ - { "10.999999999 X", "X", { 10, 999999999 } }, /* nsec */ - { "10.999999 X", "X", { 10, 999999000 } }, /* usec -> nsec */ - { "10.000999999 X", "X", { 10, 999999 } }, - { "10.9 X", "X", { 10, 900000000 } }, - { "10.0 X", "X", { 10, 0 } } -}; - -/* - * Test iolog_parse_delay() - */ -void -test_parse_delay(int *ntests, int *nerrors) -{ - unsigned int i; - - for (i = 0; i < nitems(parse_delay_tests); i++) { - struct timespec delay; - struct parse_delay_test *test = &parse_delay_tests[i]; - char *cp = iolog_parse_delay(test->input, &delay, "."); - if (cp == NULL) { - sudo_warnx("%s:%u failed to parse delay: %s", __func__, - i, test->input); - (*nerrors)++; - continue; - } - if (strcmp(cp, test->next_field) != 0) { - sudo_warnx("%s:%u next field (want \"%s\", got \"%s\"", __func__, - i, test->next_field, cp); - (*nerrors)++; - continue; - } - if (delay.tv_sec != test->expected_delay.tv_sec) { - sudo_warnx("%s:%u wrong seconds (want %lld, got %lld)", __func__, - i, (long long)test->expected_delay.tv_sec, - (long long)delay.tv_sec); - (*nerrors)++; - continue; - } - if (delay.tv_nsec != test->expected_delay.tv_nsec) { - sudo_warnx("%s:%u wrong nanoseconds (want %ld, got %ld)", __func__, - i, test->expected_delay.tv_nsec, delay.tv_nsec); - (*nerrors)++; - continue; - } - } - (*ntests) += i; -} - -static struct adjust_delay_test { - struct timespec in_delay; - struct timespec out_delay; - struct timespec max_delay; - double scale_factor; -} adjust_delay_tests[] = { - { { 10, 300 }, { 10, 300 }, { 0, 0 }, 1.0 }, - { { 10, 300 }, { 5, 150 }, { 0, 0 }, 2.0 }, - { { 5, 300 }, { 2, 500000150 }, { 0, 0 }, 2.0 }, - { { 0, 1000000 }, { 0, 333333 }, { 0, 0 }, 3 }, - { { 10, 1000000 }, { 3, 333666666 }, { 0, 0 }, 3 }, - { { 5, 150 }, { 10, 300 }, { 0, 0 }, 0.5 }, - { { 5, 500000000 }, { 11, 0 }, { 0, 0 }, 0.5 }, - { { 5, 150 }, { 5, 0 }, { 5, 0 }, 0.5 } -}; - -/* - * Test iolog_adjust_delay() - */ -void -test_adjust_delay(int *ntests, int *nerrors) -{ - unsigned int i; - - for (i = 0; i < nitems(adjust_delay_tests); i++) { - struct adjust_delay_test *test = &adjust_delay_tests[i]; - - iolog_adjust_delay(&test->in_delay, - sudo_timespecisset(&test->max_delay) ? &test->max_delay : NULL, - test->scale_factor); - if (!sudo_timespeccmp(&test->in_delay, &test->out_delay, ==)) { - sudo_warnx("%s:%u want {%lld, %ld}, got {%lld, %ld}", __func__, i, - (long long)test->out_delay.tv_sec, test->out_delay.tv_nsec, - (long long)test->in_delay.tv_sec, test->in_delay.tv_nsec); - (*nerrors)++; - } - } - (*ntests) += i; -} - -int -main(int argc, char *argv[]) -{ - int tests = 0, errors = 0; - - initprogname(argc > 0 ? argv[0] : "check_iolog_util"); - - test_parse_delay(&tests, &errors); - - test_adjust_delay(&tests, &errors); - - if (tests != 0) { - printf("iolog_util: %d test%s run, %d errors, %d%% success rate\n", - tests, tests == 1 ? "" : "s", errors, - (tests - errors) * 100 / tests); - } - - exit(errors); -} diff -Nru sudo-1.9.5p2/lib/logsrv/Makefile.in sudo-1.9.9/lib/logsrv/Makefile.in --- sudo-1.9.5p2/lib/logsrv/Makefile.in 2021-01-09 20:12:16.000000000 +0000 +++ sudo-1.9.9/lib/logsrv/Makefile.in 2022-01-27 21:24:06.000000000 +0000 @@ -34,6 +34,9 @@ CC = @CC@ LIBTOOL = @LIBTOOL@ +# Libraries +LT_LIBS = $(top_builddir)/lib/protobuf-c/libprotobuf-c.la + # C preprocessor flags CPPFLAGS = -I$(incdir) -I$(top_builddir) -I$(srcdir) -I$(top_srcdir) @CPPFLAGS@ @@ -73,7 +76,7 @@ SHELL = @SHELL@ -LIBLOGSRV_OBJS = protobuf-c.lo log_server.pb-c.lo +LIBLOGSRV_OBJS = log_server.pb-c.lo IOBJS = $(LIBLOGSRV_OBJS:.lo=.i) @@ -121,8 +124,8 @@ echo "$$cmd"; eval $$cmd; \ fi -liblogsrv.la: $(LIBLOGSRV_OBJS) - $(LIBTOOL) $(LTFLAGS) --mode=link $(CC) -o $@ $(LIBLOGSRV_OBJS) +liblogsrv.la: $(LIBLOGSRV_OBJS) $(LT_LIBS) + $(LIBTOOL) $(LTFLAGS) --mode=link $(CC) -o $@ $(LIBLOGSRV_OBJS) $(LT_LIBS) pre-install: @@ -136,6 +139,8 @@ install-plugin: +install-fuzzer: + uninstall: splint: @@ -146,7 +151,11 @@ pvs-log-files: $(POBJS) -check: +fuzz: + +check-fuzzer: + +check: check-fuzzer clean: -$(LIBTOOL) $(LTFLAGS) --mode=clean rm -f *.lo *.o *.la @@ -168,6 +177,8 @@ cleandir: realclean +.PHONY: clean mostlyclean distclean cleandir clobber realclean + # Autogenerated dependencies, do not modify log_server.pb-c.lo: $(srcdir)/log_server.pb-c.c $(incdir)/log_server.pb-c.h \ $(incdir)/protobuf-c/protobuf-c.h @@ -177,11 +188,3 @@ $(CC) -E -o $@ $(CPPFLAGS) $< log_server.pb-c.plog: log_server.pb-c.i rm -f $@; pvs-studio --cfg $(PVS_CFG) --sourcetree-root $(top_srcdir) --skip-cl-exe yes --source-file $(srcdir)/log_server.pb-c.c --i-file $< --output-file $@ -protobuf-c.lo: $(srcdir)/protobuf-c.c $(incdir)/protobuf-c/protobuf-c.h \ - $(top_builddir)/config.h - $(LIBTOOL) $(LTFLAGS) --mode=compile $(CC) -c -o $@ $(CPPFLAGS) $(CFLAGS) $(ASAN_CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(srcdir)/protobuf-c.c -protobuf-c.i: $(srcdir)/protobuf-c.c $(incdir)/protobuf-c/protobuf-c.h \ - $(top_builddir)/config.h - $(CC) -E -o $@ $(CPPFLAGS) $< -protobuf-c.plog: protobuf-c.i - rm -f $@; pvs-studio --cfg $(PVS_CFG) --sourcetree-root $(top_srcdir) --skip-cl-exe yes --source-file $(srcdir)/protobuf-c.c --i-file $< --output-file $@ diff -Nru sudo-1.9.5p2/lib/logsrv/log_server.pb-c.c sudo-1.9.9/lib/logsrv/log_server.pb-c.c --- sudo-1.9.5p2/lib/logsrv/log_server.pb-c.c 2020-12-17 01:33:43.000000000 +0000 +++ sudo-1.9.9/lib/logsrv/log_server.pb-c.c 2022-01-27 21:24:06.000000000 +0000 @@ -1687,7 +1687,7 @@ (ProtobufCMessageInit) server_message__init, NULL,NULL,NULL /* reserved[123] */ }; -static const ProtobufCFieldDescriptor server_hello__field_descriptors[3] = +static const ProtobufCFieldDescriptor server_hello__field_descriptors[4] = { { "server_id", @@ -1725,16 +1725,29 @@ 0, /* flags */ 0,NULL,NULL /* reserved1,reserved2, etc */ }, + { + "subcommands", + 4, + PROTOBUF_C_LABEL_NONE, + PROTOBUF_C_TYPE_BOOL, + 0, /* quantifier_offset */ + offsetof(ServerHello, subcommands), + NULL, + NULL, + 0, /* flags */ + 0,NULL,NULL /* reserved1,reserved2, etc */ + }, }; static const unsigned server_hello__field_indices_by_name[] = { 1, /* field[1] = redirect */ 0, /* field[0] = server_id */ 2, /* field[2] = servers */ + 3, /* field[3] = subcommands */ }; static const ProtobufCIntRange server_hello__number_ranges[1 + 1] = { { 1, 0 }, - { 0, 3 } + { 0, 4 } }; const ProtobufCMessageDescriptor server_hello__descriptor = { @@ -1744,7 +1757,7 @@ "ServerHello", "", sizeof(ServerHello), - 3, + 4, server_hello__field_descriptors, server_hello__field_indices_by_name, 1, server_hello__number_ranges, diff -Nru sudo-1.9.5p2/lib/logsrv/log_server.proto sudo-1.9.9/lib/logsrv/log_server.proto --- sudo-1.9.5p2/lib/logsrv/log_server.proto 2020-12-17 01:33:43.000000000 +0000 +++ sudo-1.9.9/lib/logsrv/log_server.proto 2022-01-27 21:24:06.000000000 +0000 @@ -132,4 +132,5 @@ string server_id = 1; /* free-form server description */ string redirect = 2; /* optional redirect if busy */ repeated string servers = 3; /* optional list of known servers */ + bool subcommands = 4; /* flag: server supports sub-commands */ } diff -Nru sudo-1.9.5p2/lib/logsrv/protobuf-c.c sudo-1.9.9/lib/logsrv/protobuf-c.c --- sudo-1.9.5p2/lib/logsrv/protobuf-c.c 2020-12-17 01:33:43.000000000 +0000 +++ sudo-1.9.9/lib/logsrv/protobuf-c.c 1970-01-01 00:00:00.000000000 +0000 @@ -1,3662 +0,0 @@ -/* - * Copyright (c) 2008-2015, Dave Benson and the protobuf-c authors. - * All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions are - * met: - * - * * Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * * Redistributions in binary form must reproduce the above - * copyright notice, this list of conditions and the following disclaimer - * in the documentation and/or other materials provided with the - * distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS - * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT - * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR - * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT - * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT - * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, - * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY - * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE - * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ - -/*! \file - * Support library for `protoc-c` generated code. - * - * This file implements the public API used by the code generated - * by `protoc-c`. - * - * \authors Dave Benson and the protobuf-c authors - * - * \copyright 2008-2014. Licensed under the terms of the [BSD-2-Clause] license. - */ - -/** - * \todo 64-BIT OPTIMIZATION: certain implementations use 32-bit math - * even on 64-bit platforms (uint64_size, uint64_pack, parse_uint64). - * - * \todo Use size_t consistently. - */ - -#include - -#include /* for malloc, free */ -#include /* for strcmp, strlen, memcpy, memmove, memset */ - -#include "protobuf-c/protobuf-c.h" - -#define TRUE 1 -#define FALSE 0 - -#define PROTOBUF_C__ASSERT_NOT_REACHED() assert(0) - -/* Workaround for Microsoft compilers. */ -#ifdef _MSC_VER -# define inline __inline -#endif - -/** - * \defgroup internal Internal functions and macros - * - * These are not exported by the library but are useful to developers working - * on `libprotobuf-c` itself. - */ - -/** - * \defgroup macros Utility macros for manipulating structures - * - * Macros and constants used to manipulate the base "classes" generated by - * `protobuf-c`. They also define limits and check correctness. - * - * \ingroup internal - * @{ - */ - -/** The maximum length of a 64-bit integer in varint encoding. */ -#define MAX_UINT64_ENCODED_SIZE 10 - -#ifndef PROTOBUF_C_UNPACK_ERROR -# define PROTOBUF_C_UNPACK_ERROR(...) -#endif - -const char protobuf_c_empty_string[] = ""; - -/** - * Internal `ProtobufCMessage` manipulation macro. - * - * Base macro for manipulating a `ProtobufCMessage`. Used by STRUCT_MEMBER() and - * STRUCT_MEMBER_PTR(). - */ -#define STRUCT_MEMBER_P(struct_p, struct_offset) \ - ((void *) ((uint8_t *) (struct_p) + (struct_offset))) - -/** - * Return field in a `ProtobufCMessage` based on offset. - * - * Take a pointer to a `ProtobufCMessage` and find the field at the offset. - * Cast it to the passed type. - */ -#define STRUCT_MEMBER(member_type, struct_p, struct_offset) \ - (*(member_type *) STRUCT_MEMBER_P((struct_p), (struct_offset))) - -/** - * Return field in a `ProtobufCMessage` based on offset. - * - * Take a pointer to a `ProtobufCMessage` and find the field at the offset. Cast - * it to a pointer to the passed type. - */ -#define STRUCT_MEMBER_PTR(member_type, struct_p, struct_offset) \ - ((member_type *) STRUCT_MEMBER_P((struct_p), (struct_offset))) - -/* Assertions for magic numbers. */ - -#define ASSERT_IS_ENUM_DESCRIPTOR(desc) \ - assert((desc)->magic == PROTOBUF_C__ENUM_DESCRIPTOR_MAGIC) - -#define ASSERT_IS_MESSAGE_DESCRIPTOR(desc) \ - assert((desc)->magic == PROTOBUF_C__MESSAGE_DESCRIPTOR_MAGIC) - -#define ASSERT_IS_MESSAGE(message) \ - ASSERT_IS_MESSAGE_DESCRIPTOR((message)->descriptor) - -#define ASSERT_IS_SERVICE_DESCRIPTOR(desc) \ - assert((desc)->magic == PROTOBUF_C__SERVICE_DESCRIPTOR_MAGIC) - -/**@}*/ - -/* --- version --- */ - -const char * -protobuf_c_version(void) -{ - return PROTOBUF_C_VERSION; -} - -uint32_t -protobuf_c_version_number(void) -{ - return PROTOBUF_C_VERSION_NUMBER; -} - -/* --- allocator --- */ - -static void * -system_alloc(void *allocator_data, size_t size) -{ - return malloc(size); -} - -static void -system_free(void *allocator_data, void *data) -{ - free(data); -} - -static inline void * -do_alloc(ProtobufCAllocator *allocator, size_t size) -{ - return allocator->alloc(allocator->allocator_data, size); -} - -static inline void -do_free(ProtobufCAllocator *allocator, void *data) -{ - if (data != NULL) - allocator->free(allocator->allocator_data, data); -} - -/* - * This allocator uses the system's malloc() and free(). It is the default - * allocator used if NULL is passed as the ProtobufCAllocator to an exported - * function. - */ -static ProtobufCAllocator protobuf_c__allocator = { - .alloc = &system_alloc, - .free = &system_free, - .allocator_data = NULL, -}; - -/* === buffer-simple === */ - -void -protobuf_c_buffer_simple_append(ProtobufCBuffer *buffer, - size_t len, const uint8_t *data) -{ - ProtobufCBufferSimple *simp = (ProtobufCBufferSimple *) buffer; - size_t new_len = simp->len + len; - - if (new_len > simp->alloced) { - ProtobufCAllocator *allocator = simp->allocator; - size_t new_alloced = simp->alloced * 2; - uint8_t *new_data; - - if (allocator == NULL) - allocator = &protobuf_c__allocator; - while (new_alloced < new_len) - new_alloced += new_alloced; - new_data = do_alloc(allocator, new_alloced); - if (!new_data) - return; - memcpy(new_data, simp->data, simp->len); - if (simp->must_free_data) - do_free(allocator, simp->data); - else - simp->must_free_data = TRUE; - simp->data = new_data; - simp->alloced = new_alloced; - } - memcpy(simp->data + simp->len, data, len); - simp->len = new_len; -} - -/** - * \defgroup packedsz protobuf_c_message_get_packed_size() implementation - * - * Routines mainly used by protobuf_c_message_get_packed_size(). - * - * \ingroup internal - * @{ - */ - -/** - * Return the number of bytes required to store the tag for the field. Includes - * 3 bits for the wire-type, and a single bit that denotes the end-of-tag. - * - * \param number - * Field tag to encode. - * \return - * Number of bytes required. - */ -static inline size_t -get_tag_size(uint32_t number) -{ - if (number < (1UL << 4)) { - return 1; - } else if (number < (1UL << 11)) { - return 2; - } else if (number < (1UL << 18)) { - return 3; - } else if (number < (1UL << 25)) { - return 4; - } else { - return 5; - } -} - -/** - * Return the number of bytes required to store a variable-length unsigned - * 32-bit integer in base-128 varint encoding. - * - * \param v - * Value to encode. - * \return - * Number of bytes required. - */ -static inline size_t -uint32_size(uint32_t v) -{ - if (v < (1UL << 7)) { - return 1; - } else if (v < (1UL << 14)) { - return 2; - } else if (v < (1UL << 21)) { - return 3; - } else if (v < (1UL << 28)) { - return 4; - } else { - return 5; - } -} - -/** - * Return the number of bytes required to store a variable-length signed 32-bit - * integer in base-128 varint encoding. - * - * \param v - * Value to encode. - * \return - * Number of bytes required. - */ -static inline size_t -int32_size(int32_t v) -{ - if (v < 0) { - return 10; - } else if (v < (1L << 7)) { - return 1; - } else if (v < (1L << 14)) { - return 2; - } else if (v < (1L << 21)) { - return 3; - } else if (v < (1L << 28)) { - return 4; - } else { - return 5; - } -} - -/** - * Return the ZigZag-encoded 32-bit unsigned integer form of a 32-bit signed - * integer. - * - * \param v - * Value to encode. - * \return - * ZigZag encoded integer. - */ -static inline uint32_t -zigzag32(int32_t v) -{ - // Note: the right-shift must be arithmetic - // Note: left shift must be unsigned because of overflow - return ((uint32_t)(v) << 1) ^ (uint32_t)(v >> 31); -} - -/** - * Return the number of bytes required to store a signed 32-bit integer, - * converted to an unsigned 32-bit integer with ZigZag encoding, using base-128 - * varint encoding. - * - * \param v - * Value to encode. - * \return - * Number of bytes required. - */ -static inline size_t -sint32_size(int32_t v) -{ - return uint32_size(zigzag32(v)); -} - -/** - * Return the number of bytes required to store a 64-bit unsigned integer in - * base-128 varint encoding. - * - * \param v - * Value to encode. - * \return - * Number of bytes required. - */ -static inline size_t -uint64_size(uint64_t v) -{ - uint32_t upper_v = (uint32_t) (v >> 32); - - if (upper_v == 0) { - return uint32_size((uint32_t) v); - } else if (upper_v < (1UL << 3)) { - return 5; - } else if (upper_v < (1UL << 10)) { - return 6; - } else if (upper_v < (1UL << 17)) { - return 7; - } else if (upper_v < (1UL << 24)) { - return 8; - } else if (upper_v < (1UL << 31)) { - return 9; - } else { - return 10; - } -} - -/** - * Return the ZigZag-encoded 64-bit unsigned integer form of a 64-bit signed - * integer. - * - * \param v - * Value to encode. - * \return - * ZigZag encoded integer. - */ -static inline uint64_t -zigzag64(int64_t v) -{ - // Note: the right-shift must be arithmetic - // Note: left shift must be unsigned because of overflow - return ((uint64_t)(v) << 1) ^ (uint64_t)(v >> 63); -} - -/** - * Return the number of bytes required to store a signed 64-bit integer, - * converted to an unsigned 64-bit integer with ZigZag encoding, using base-128 - * varint encoding. - * - * \param v - * Value to encode. - * \return - * Number of bytes required. - */ -static inline size_t -sint64_size(int64_t v) -{ - return uint64_size(zigzag64(v)); -} - -/** - * Calculate the serialized size of a single required message field, including - * the space needed by the preceding tag. - * - * \param field - * Field descriptor for member. - * \param member - * Field to encode. - * \return - * Number of bytes required. - */ -static size_t -required_field_get_packed_size(const ProtobufCFieldDescriptor *field, - const void *member) -{ - size_t rv = get_tag_size(field->id); - - switch (field->type) { - case PROTOBUF_C_TYPE_SINT32: - return rv + sint32_size(*(const int32_t *) member); - case PROTOBUF_C_TYPE_ENUM: - case PROTOBUF_C_TYPE_INT32: - return rv + int32_size(*(const int32_t *) member); - case PROTOBUF_C_TYPE_UINT32: - return rv + uint32_size(*(const uint32_t *) member); - case PROTOBUF_C_TYPE_SINT64: - return rv + sint64_size(*(const int64_t *) member); - case PROTOBUF_C_TYPE_INT64: - case PROTOBUF_C_TYPE_UINT64: - return rv + uint64_size(*(const uint64_t *) member); - case PROTOBUF_C_TYPE_SFIXED32: - case PROTOBUF_C_TYPE_FIXED32: - return rv + 4; - case PROTOBUF_C_TYPE_SFIXED64: - case PROTOBUF_C_TYPE_FIXED64: - return rv + 8; - case PROTOBUF_C_TYPE_BOOL: - return rv + 1; - case PROTOBUF_C_TYPE_FLOAT: - return rv + 4; - case PROTOBUF_C_TYPE_DOUBLE: - return rv + 8; - case PROTOBUF_C_TYPE_STRING: { - const char *str = *(char * const *) member; - size_t len = str ? strlen(str) : 0; - return rv + uint32_size(len) + len; - } - case PROTOBUF_C_TYPE_BYTES: { - size_t len = ((const ProtobufCBinaryData *) member)->len; - return rv + uint32_size(len) + len; - } - case PROTOBUF_C_TYPE_MESSAGE: { - const ProtobufCMessage *msg = *(ProtobufCMessage * const *) member; - size_t subrv = msg ? protobuf_c_message_get_packed_size(msg) : 0; - return rv + uint32_size(subrv) + subrv; - } - } - PROTOBUF_C__ASSERT_NOT_REACHED(); - return 0; -} - -/** - * Calculate the serialized size of a single oneof message field, including - * the space needed by the preceding tag. Returns 0 if the oneof field isn't - * selected or is not set. - * - * \param field - * Field descriptor for member. - * \param oneof_case - * Enum value that selects the field in the oneof. - * \param member - * Field to encode. - * \return - * Number of bytes required. - */ -static size_t -oneof_field_get_packed_size(const ProtobufCFieldDescriptor *field, - uint32_t oneof_case, - const void *member) -{ - if (oneof_case != field->id) { - return 0; - } - if (field->type == PROTOBUF_C_TYPE_MESSAGE || - field->type == PROTOBUF_C_TYPE_STRING) - { - const void *ptr = *(const void * const *) member; - if (ptr == NULL || ptr == field->default_value) - return 0; - } - return required_field_get_packed_size(field, member); -} - -/** - * Calculate the serialized size of a single optional message field, including - * the space needed by the preceding tag. Returns 0 if the optional field isn't - * set. - * - * \param field - * Field descriptor for member. - * \param has - * True if the field exists, false if not. - * \param member - * Field to encode. - * \return - * Number of bytes required. - */ -static size_t -optional_field_get_packed_size(const ProtobufCFieldDescriptor *field, - const protobuf_c_boolean has, - const void *member) -{ - if (field->type == PROTOBUF_C_TYPE_MESSAGE || - field->type == PROTOBUF_C_TYPE_STRING) - { - const void *ptr = *(const void * const *) member; - if (ptr == NULL || ptr == field->default_value) - return 0; - } else { - if (!has) - return 0; - } - return required_field_get_packed_size(field, member); -} - -static protobuf_c_boolean -field_is_zeroish(const ProtobufCFieldDescriptor *field, - const void *member) -{ - protobuf_c_boolean ret = FALSE; - - switch (field->type) { - case PROTOBUF_C_TYPE_BOOL: - ret = (0 == *(const protobuf_c_boolean *) member); - break; - case PROTOBUF_C_TYPE_ENUM: - case PROTOBUF_C_TYPE_SINT32: - case PROTOBUF_C_TYPE_INT32: - case PROTOBUF_C_TYPE_UINT32: - case PROTOBUF_C_TYPE_SFIXED32: - case PROTOBUF_C_TYPE_FIXED32: - ret = (0 == *(const uint32_t *) member); - break; - case PROTOBUF_C_TYPE_SINT64: - case PROTOBUF_C_TYPE_INT64: - case PROTOBUF_C_TYPE_UINT64: - case PROTOBUF_C_TYPE_SFIXED64: - case PROTOBUF_C_TYPE_FIXED64: - ret = (0 == *(const uint64_t *) member); - break; - case PROTOBUF_C_TYPE_FLOAT: - ret = (0 == *(const float *) member); - break; - case PROTOBUF_C_TYPE_DOUBLE: - ret = (0 == *(const double *) member); - break; - case PROTOBUF_C_TYPE_STRING: - ret = (NULL == *(const char * const *) member) || - ('\0' == **(const char * const *) member); - break; - case PROTOBUF_C_TYPE_BYTES: - case PROTOBUF_C_TYPE_MESSAGE: - ret = (NULL == *(const void * const *) member); - break; - default: - ret = TRUE; - break; - } - - return ret; -} - -/** - * Calculate the serialized size of a single unlabeled message field, including - * the space needed by the preceding tag. Returns 0 if the field isn't set or - * if it is set to a "zeroish" value (null pointer or 0 for numerical values). - * Unlabeled fields are supported only in proto3. - * - * \param field - * Field descriptor for member. - * \param member - * Field to encode. - * \return - * Number of bytes required. - */ -static size_t -unlabeled_field_get_packed_size(const ProtobufCFieldDescriptor *field, - const void *member) -{ - if (field_is_zeroish(field, member)) - return 0; - return required_field_get_packed_size(field, member); -} - -/** - * Calculate the serialized size of repeated message fields, which may consist - * of any number of values (including 0). Includes the space needed by the - * preceding tags (as needed). - * - * \param field - * Field descriptor for member. - * \param count - * Number of repeated field members. - * \param member - * Field to encode. - * \return - * Number of bytes required. - */ -static size_t -repeated_field_get_packed_size(const ProtobufCFieldDescriptor *field, - size_t count, const void *member) -{ - size_t header_size; - size_t rv = 0; - unsigned i; - void *array = *(void * const *) member; - - if (count == 0) - return 0; - header_size = get_tag_size(field->id); - if (0 == (field->flags & PROTOBUF_C_FIELD_FLAG_PACKED)) - header_size *= count; - - switch (field->type) { - case PROTOBUF_C_TYPE_SINT32: - for (i = 0; i < count; i++) - rv += sint32_size(((int32_t *) array)[i]); - break; - case PROTOBUF_C_TYPE_ENUM: - case PROTOBUF_C_TYPE_INT32: - for (i = 0; i < count; i++) - rv += int32_size(((int32_t *) array)[i]); - break; - case PROTOBUF_C_TYPE_UINT32: - for (i = 0; i < count; i++) - rv += uint32_size(((uint32_t *) array)[i]); - break; - case PROTOBUF_C_TYPE_SINT64: - for (i = 0; i < count; i++) - rv += sint64_size(((int64_t *) array)[i]); - break; - case PROTOBUF_C_TYPE_INT64: - case PROTOBUF_C_TYPE_UINT64: - for (i = 0; i < count; i++) - rv += uint64_size(((uint64_t *) array)[i]); - break; - case PROTOBUF_C_TYPE_SFIXED32: - case PROTOBUF_C_TYPE_FIXED32: - case PROTOBUF_C_TYPE_FLOAT: - rv += 4 * count; - break; - case PROTOBUF_C_TYPE_SFIXED64: - case PROTOBUF_C_TYPE_FIXED64: - case PROTOBUF_C_TYPE_DOUBLE: - rv += 8 * count; - break; - case PROTOBUF_C_TYPE_BOOL: - rv += count; - break; - case PROTOBUF_C_TYPE_STRING: - for (i = 0; i < count; i++) { - size_t len = strlen(((char **) array)[i]); - rv += uint32_size(len) + len; - } - break; - case PROTOBUF_C_TYPE_BYTES: - for (i = 0; i < count; i++) { - size_t len = ((ProtobufCBinaryData *) array)[i].len; - rv += uint32_size(len) + len; - } - break; - case PROTOBUF_C_TYPE_MESSAGE: - for (i = 0; i < count; i++) { - size_t len = protobuf_c_message_get_packed_size( - ((ProtobufCMessage **) array)[i]); - rv += uint32_size(len) + len; - } - break; - } - - if (0 != (field->flags & PROTOBUF_C_FIELD_FLAG_PACKED)) - header_size += uint32_size(rv); - return header_size + rv; -} - -/** - * Calculate the serialized size of an unknown field, i.e. one that is passed - * through mostly uninterpreted. This is required for forward compatibility if - * new fields are added to the message descriptor. - * - * \param field - * Unknown field type. - * \return - * Number of bytes required. - */ -static inline size_t -unknown_field_get_packed_size(const ProtobufCMessageUnknownField *field) -{ - return get_tag_size(field->tag) + field->len; -} - -/**@}*/ - -/* - * Calculate the serialized size of the message. - */ -size_t protobuf_c_message_get_packed_size(const ProtobufCMessage *message) -{ - unsigned i; - size_t rv = 0; - - ASSERT_IS_MESSAGE(message); - for (i = 0; i < message->descriptor->n_fields; i++) { - const ProtobufCFieldDescriptor *field = - message->descriptor->fields + i; - const void *member = - ((const char *) message) + field->offset; - const void *qmember = - ((const char *) message) + field->quantifier_offset; - - if (field->label == PROTOBUF_C_LABEL_REQUIRED) { - rv += required_field_get_packed_size(field, member); - } else if ((field->label == PROTOBUF_C_LABEL_OPTIONAL || - field->label == PROTOBUF_C_LABEL_NONE) && - (0 != (field->flags & PROTOBUF_C_FIELD_FLAG_ONEOF))) { - rv += oneof_field_get_packed_size( - field, - *(const uint32_t *) qmember, - member - ); - } else if (field->label == PROTOBUF_C_LABEL_OPTIONAL) { - rv += optional_field_get_packed_size( - field, - *(protobuf_c_boolean *) qmember, - member - ); - } else if (field->label == PROTOBUF_C_LABEL_NONE) { - rv += unlabeled_field_get_packed_size( - field, - member - ); - } else { - rv += repeated_field_get_packed_size( - field, - *(const size_t *) qmember, - member - ); - } - } - for (i = 0; i < message->n_unknown_fields; i++) - rv += unknown_field_get_packed_size(&message->unknown_fields[i]); - return rv; -} - -/** - * \defgroup pack protobuf_c_message_pack() implementation - * - * Routines mainly used by protobuf_c_message_pack(). - * - * \ingroup internal - * @{ - */ - -/** - * Pack an unsigned 32-bit integer in base-128 varint encoding and return the - * number of bytes written, which must be 5 or less. - * - * \param value - * Value to encode. - * \param[out] out - * Packed value. - * \return - * Number of bytes written to `out`. - */ -static inline size_t -uint32_pack(uint32_t value, uint8_t *out) -{ - unsigned rv = 0; - - if (value >= 0x80) { - out[rv++] = value | 0x80; - value >>= 7; - if (value >= 0x80) { - out[rv++] = value | 0x80; - value >>= 7; - if (value >= 0x80) { - out[rv++] = value | 0x80; - value >>= 7; - if (value >= 0x80) { - out[rv++] = value | 0x80; - value >>= 7; - } - } - } - } - /* assert: value<128 */ - out[rv++] = value; - return rv; -} - -/** - * Pack a signed 32-bit integer and return the number of bytes written. - * Negative numbers are encoded as two's complement 64-bit integers. - * - * \param value - * Value to encode. - * \param[out] out - * Packed value. - * \return - * Number of bytes written to `out`. - */ -static inline size_t -int32_pack(int32_t value, uint8_t *out) -{ - if (value < 0) { - out[0] = value | 0x80; - out[1] = (value >> 7) | 0x80; - out[2] = (value >> 14) | 0x80; - out[3] = (value >> 21) | 0x80; - out[4] = (value >> 28) | 0x80; - out[5] = out[6] = out[7] = out[8] = 0xff; - out[9] = 0x01; - return 10; - } else { - return uint32_pack(value, out); - } -} - -/** - * Pack a signed 32-bit integer using ZigZag encoding and return the number of - * bytes written. - * - * \param value - * Value to encode. - * \param[out] out - * Packed value. - * \return - * Number of bytes written to `out`. - */ -static inline size_t -sint32_pack(int32_t value, uint8_t *out) -{ - return uint32_pack(zigzag32(value), out); -} - -/** - * Pack a 64-bit unsigned integer using base-128 varint encoding and return the - * number of bytes written. - * - * \param value - * Value to encode. - * \param[out] out - * Packed value. - * \return - * Number of bytes written to `out`. - */ -static size_t -uint64_pack(uint64_t value, uint8_t *out) -{ - uint32_t hi = (uint32_t) (value >> 32); - uint32_t lo = (uint32_t) value; - unsigned rv; - - if (hi == 0) - return uint32_pack((uint32_t) lo, out); - out[0] = (lo) | 0x80; - out[1] = (lo >> 7) | 0x80; - out[2] = (lo >> 14) | 0x80; - out[3] = (lo >> 21) | 0x80; - if (hi < 8) { - out[4] = (hi << 4) | (lo >> 28); - return 5; - } else { - out[4] = ((hi & 7) << 4) | (lo >> 28) | 0x80; - hi >>= 3; - } - rv = 5; - while (hi >= 128) { - out[rv++] = hi | 0x80; - hi >>= 7; - } - out[rv++] = hi; - return rv; -} - -/** - * Pack a 64-bit signed integer in ZigZag encoding and return the number of - * bytes written. - * - * \param value - * Value to encode. - * \param[out] out - * Packed value. - * \return - * Number of bytes written to `out`. - */ -static inline size_t -sint64_pack(int64_t value, uint8_t *out) -{ - return uint64_pack(zigzag64(value), out); -} - -/** - * Pack a 32-bit quantity in little-endian byte order. Used for protobuf wire - * types fixed32, sfixed32, float. Similar to "htole32". - * - * \param value - * Value to encode. - * \param[out] out - * Packed value. - * \return - * Number of bytes written to `out`. - */ -static inline size_t -fixed32_pack(uint32_t value, void *out) -{ -#if !defined(WORDS_BIGENDIAN) - memcpy(out, &value, 4); -#else - uint8_t *buf = out; - - buf[0] = value; - buf[1] = value >> 8; - buf[2] = value >> 16; - buf[3] = value >> 24; -#endif - return 4; -} - -/** - * Pack a 64-bit quantity in little-endian byte order. Used for protobuf wire - * types fixed64, sfixed64, double. Similar to "htole64". - * - * \todo The big-endian impl is really only good for 32-bit machines, a 64-bit - * version would be appreciated, plus a way to decide to use 64-bit math where - * convenient. - * - * \param value - * Value to encode. - * \param[out] out - * Packed value. - * \return - * Number of bytes written to `out`. - */ -static inline size_t -fixed64_pack(uint64_t value, void *out) -{ -#if !defined(WORDS_BIGENDIAN) - memcpy(out, &value, 8); -#else - fixed32_pack(value, out); - fixed32_pack(value >> 32, ((char *) out) + 4); -#endif - return 8; -} - -/** - * Pack a boolean value as an integer and return the number of bytes written. - * - * \todo Perhaps on some platforms *out = !!value would be a better impl, b/c - * that is idiomatic C++ in some STL implementations. - * - * \param value - * Value to encode. - * \param[out] out - * Packed value. - * \return - * Number of bytes written to `out`. - */ -static inline size_t -boolean_pack(protobuf_c_boolean value, uint8_t *out) -{ - *out = value ? TRUE : FALSE; - return 1; -} - -/** - * Pack a NUL-terminated C string and return the number of bytes written. The - * output includes a length delimiter. - * - * The NULL pointer is treated as an empty string. This isn't really necessary, - * but it allows people to leave required strings blank. (See Issue #13 in the - * bug tracker for a little more explanation). - * - * \param str - * String to encode. - * \param[out] out - * Packed value. - * \return - * Number of bytes written to `out`. - */ -static inline size_t -string_pack(const char *str, uint8_t *out) -{ - if (str == NULL) { - out[0] = 0; - return 1; - } else { - size_t len = strlen(str); - size_t rv = uint32_pack(len, out); - memcpy(out + rv, str, len); - return rv + len; - } -} - -/** - * Pack a ProtobufCBinaryData and return the number of bytes written. The output - * includes a length delimiter. - * - * \param bd - * ProtobufCBinaryData to encode. - * \param[out] out - * Packed value. - * \return - * Number of bytes written to `out`. - */ -static inline size_t -binary_data_pack(const ProtobufCBinaryData *bd, uint8_t *out) -{ - size_t len = bd->len; - size_t rv = uint32_pack(len, out); - memcpy(out + rv, bd->data, len); - return rv + len; -} - -/** - * Pack a ProtobufCMessage and return the number of bytes written. The output - * includes a length delimiter. - * - * \param message - * ProtobufCMessage object to pack. - * \param[out] out - * Packed message. - * \return - * Number of bytes written to `out`. - */ -static inline size_t -prefixed_message_pack(const ProtobufCMessage *message, uint8_t *out) -{ - if (message == NULL) { - out[0] = 0; - return 1; - } else { - size_t rv = protobuf_c_message_pack(message, out + 1); - uint32_t rv_packed_size = uint32_size(rv); - if (rv_packed_size != 1) - memmove(out + rv_packed_size, out + 1, rv); - return uint32_pack(rv, out) + rv; - } -} - -/** - * Pack a field tag. - * - * Wire-type will be added in required_field_pack(). - * - * \todo Just call uint64_pack on 64-bit platforms. - * - * \param id - * Tag value to encode. - * \param[out] out - * Packed value. - * \return - * Number of bytes written to `out`. - */ -static size_t -tag_pack(uint32_t id, uint8_t *out) -{ - if (id < (1UL << (32 - 3))) - return uint32_pack(id << 3, out); - else - return uint64_pack(((uint64_t) id) << 3, out); -} - -/** - * Pack a required field and return the number of bytes written. - * - * \param field - * Field descriptor. - * \param member - * The field member. - * \param[out] out - * Packed value. - * \return - * Number of bytes written to `out`. - */ -static size_t -required_field_pack(const ProtobufCFieldDescriptor *field, - const void *member, uint8_t *out) -{ - size_t rv = tag_pack(field->id, out); - - switch (field->type) { - case PROTOBUF_C_TYPE_SINT32: - out[0] |= PROTOBUF_C_WIRE_TYPE_VARINT; - return rv + sint32_pack(*(const int32_t *) member, out + rv); - case PROTOBUF_C_TYPE_ENUM: - case PROTOBUF_C_TYPE_INT32: - out[0] |= PROTOBUF_C_WIRE_TYPE_VARINT; - return rv + int32_pack(*(const int32_t *) member, out + rv); - case PROTOBUF_C_TYPE_UINT32: - out[0] |= PROTOBUF_C_WIRE_TYPE_VARINT; - return rv + uint32_pack(*(const uint32_t *) member, out + rv); - case PROTOBUF_C_TYPE_SINT64: - out[0] |= PROTOBUF_C_WIRE_TYPE_VARINT; - return rv + sint64_pack(*(const int64_t *) member, out + rv); - case PROTOBUF_C_TYPE_INT64: - case PROTOBUF_C_TYPE_UINT64: - out[0] |= PROTOBUF_C_WIRE_TYPE_VARINT; - return rv + uint64_pack(*(const uint64_t *) member, out + rv); - case PROTOBUF_C_TYPE_SFIXED32: - case PROTOBUF_C_TYPE_FIXED32: - case PROTOBUF_C_TYPE_FLOAT: - out[0] |= PROTOBUF_C_WIRE_TYPE_32BIT; - return rv + fixed32_pack(*(const uint32_t *) member, out + rv); - case PROTOBUF_C_TYPE_SFIXED64: - case PROTOBUF_C_TYPE_FIXED64: - case PROTOBUF_C_TYPE_DOUBLE: - out[0] |= PROTOBUF_C_WIRE_TYPE_64BIT; - return rv + fixed64_pack(*(const uint64_t *) member, out + rv); - case PROTOBUF_C_TYPE_BOOL: - out[0] |= PROTOBUF_C_WIRE_TYPE_VARINT; - return rv + boolean_pack(*(const protobuf_c_boolean *) member, out + rv); - case PROTOBUF_C_TYPE_STRING: - out[0] |= PROTOBUF_C_WIRE_TYPE_LENGTH_PREFIXED; - return rv + string_pack(*(char *const *) member, out + rv); - case PROTOBUF_C_TYPE_BYTES: - out[0] |= PROTOBUF_C_WIRE_TYPE_LENGTH_PREFIXED; - return rv + binary_data_pack((const ProtobufCBinaryData *) member, out + rv); - case PROTOBUF_C_TYPE_MESSAGE: - out[0] |= PROTOBUF_C_WIRE_TYPE_LENGTH_PREFIXED; - return rv + prefixed_message_pack(*(ProtobufCMessage * const *) member, out + rv); - } - PROTOBUF_C__ASSERT_NOT_REACHED(); - return 0; -} - -/** - * Pack a oneof field and return the number of bytes written. Only packs the - * field that is selected by the case enum. - * - * \param field - * Field descriptor. - * \param oneof_case - * Enum value that selects the field in the oneof. - * \param member - * The field member. - * \param[out] out - * Packed value. - * \return - * Number of bytes written to `out`. - */ -static size_t -oneof_field_pack(const ProtobufCFieldDescriptor *field, - uint32_t oneof_case, - const void *member, uint8_t *out) -{ - if (oneof_case != field->id) { - return 0; - } - if (field->type == PROTOBUF_C_TYPE_MESSAGE || - field->type == PROTOBUF_C_TYPE_STRING) - { - const void *ptr = *(const void * const *) member; - if (ptr == NULL || ptr == field->default_value) - return 0; - } - return required_field_pack(field, member, out); -} - -/** - * Pack an optional field and return the number of bytes written. - * - * \param field - * Field descriptor. - * \param has - * Whether the field is set. - * \param member - * The field member. - * \param[out] out - * Packed value. - * \return - * Number of bytes written to `out`. - */ -static size_t -optional_field_pack(const ProtobufCFieldDescriptor *field, - const protobuf_c_boolean has, - const void *member, uint8_t *out) -{ - if (field->type == PROTOBUF_C_TYPE_MESSAGE || - field->type == PROTOBUF_C_TYPE_STRING) - { - const void *ptr = *(const void * const *) member; - if (ptr == NULL || ptr == field->default_value) - return 0; - } else { - if (!has) - return 0; - } - return required_field_pack(field, member, out); -} - -/** - * Pack an unlabeled field and return the number of bytes written. - * - * \param field - * Field descriptor. - * \param member - * The field member. - * \param[out] out - * Packed value. - * \return - * Number of bytes written to `out`. - */ -static size_t -unlabeled_field_pack(const ProtobufCFieldDescriptor *field, - const void *member, uint8_t *out) -{ - if (field_is_zeroish(field, member)) - return 0; - return required_field_pack(field, member, out); -} - -/** - * Given a field type, return the in-memory size. - * - * \todo Implement as a table lookup. - * - * \param type - * Field type. - * \return - * Size of the field. - */ -static inline size_t -sizeof_elt_in_repeated_array(ProtobufCType type) -{ - switch (type) { - case PROTOBUF_C_TYPE_SINT32: - case PROTOBUF_C_TYPE_INT32: - case PROTOBUF_C_TYPE_UINT32: - case PROTOBUF_C_TYPE_SFIXED32: - case PROTOBUF_C_TYPE_FIXED32: - case PROTOBUF_C_TYPE_FLOAT: - case PROTOBUF_C_TYPE_ENUM: - return 4; - case PROTOBUF_C_TYPE_SINT64: - case PROTOBUF_C_TYPE_INT64: - case PROTOBUF_C_TYPE_UINT64: - case PROTOBUF_C_TYPE_SFIXED64: - case PROTOBUF_C_TYPE_FIXED64: - case PROTOBUF_C_TYPE_DOUBLE: - return 8; - case PROTOBUF_C_TYPE_BOOL: - return sizeof(protobuf_c_boolean); - case PROTOBUF_C_TYPE_STRING: - case PROTOBUF_C_TYPE_MESSAGE: - return sizeof(void *); - case PROTOBUF_C_TYPE_BYTES: - return sizeof(ProtobufCBinaryData); - } - PROTOBUF_C__ASSERT_NOT_REACHED(); - return 0; -} - -/** - * Pack an array of 32-bit quantities. - * - * \param[out] out - * Destination. - * \param[in] in - * Source. - * \param[in] n - * Number of elements in the source array. - */ -static void -copy_to_little_endian_32(void *out, const void *in, const unsigned n) -{ -#if !defined(WORDS_BIGENDIAN) - memcpy(out, in, n * 4); -#else - unsigned i; - const uint32_t *ini = in; - for (i = 0; i < n; i++) - fixed32_pack(ini[i], (uint32_t *) out + i); -#endif -} - -/** - * Pack an array of 64-bit quantities. - * - * \param[out] out - * Destination. - * \param[in] in - * Source. - * \param[in] n - * Number of elements in the source array. - */ -static void -copy_to_little_endian_64(void *out, const void *in, const unsigned n) -{ -#if !defined(WORDS_BIGENDIAN) - memcpy(out, in, n * 8); -#else - unsigned i; - const uint64_t *ini = in; - for (i = 0; i < n; i++) - fixed64_pack(ini[i], (uint64_t *) out + i); -#endif -} - -/** - * Get the minimum number of bytes required to pack a field value of a - * particular type. - * - * \param type - * Field type. - * \return - * Number of bytes. - */ -static unsigned -get_type_min_size(ProtobufCType type) -{ - if (type == PROTOBUF_C_TYPE_SFIXED32 || - type == PROTOBUF_C_TYPE_FIXED32 || - type == PROTOBUF_C_TYPE_FLOAT) - { - return 4; - } - if (type == PROTOBUF_C_TYPE_SFIXED64 || - type == PROTOBUF_C_TYPE_FIXED64 || - type == PROTOBUF_C_TYPE_DOUBLE) - { - return 8; - } - return 1; -} - -/** - * Packs the elements of a repeated field and returns the serialised field and - * its length. - * - * \param field - * Field descriptor. - * \param count - * Number of elements in the repeated field array. - * \param member - * Pointer to the elements for this repeated field. - * \param[out] out - * Serialised representation of the repeated field. - * \return - * Number of bytes serialised to `out`. - */ -static size_t -repeated_field_pack(const ProtobufCFieldDescriptor *field, - size_t count, const void *member, uint8_t *out) -{ - void *array = *(void * const *) member; - unsigned i; - - if (0 != (field->flags & PROTOBUF_C_FIELD_FLAG_PACKED)) { - unsigned header_len; - unsigned len_start; - unsigned min_length; - unsigned payload_len; - unsigned length_size_min; - unsigned actual_length_size; - uint8_t *payload_at; - - if (count == 0) - return 0; - header_len = tag_pack(field->id, out); - out[0] |= PROTOBUF_C_WIRE_TYPE_LENGTH_PREFIXED; - len_start = header_len; - min_length = get_type_min_size(field->type) * count; - length_size_min = uint32_size(min_length); - header_len += length_size_min; - payload_at = out + header_len; - - switch (field->type) { - case PROTOBUF_C_TYPE_SFIXED32: - case PROTOBUF_C_TYPE_FIXED32: - case PROTOBUF_C_TYPE_FLOAT: - copy_to_little_endian_32(payload_at, array, count); - payload_at += count * 4; - break; - case PROTOBUF_C_TYPE_SFIXED64: - case PROTOBUF_C_TYPE_FIXED64: - case PROTOBUF_C_TYPE_DOUBLE: - copy_to_little_endian_64(payload_at, array, count); - payload_at += count * 8; - break; - case PROTOBUF_C_TYPE_ENUM: - case PROTOBUF_C_TYPE_INT32: { - const int32_t *arr = (const int32_t *) array; - for (i = 0; i < count; i++) - payload_at += int32_pack(arr[i], payload_at); - break; - } - case PROTOBUF_C_TYPE_SINT32: { - const int32_t *arr = (const int32_t *) array; - for (i = 0; i < count; i++) - payload_at += sint32_pack(arr[i], payload_at); - break; - } - case PROTOBUF_C_TYPE_SINT64: { - const int64_t *arr = (const int64_t *) array; - for (i = 0; i < count; i++) - payload_at += sint64_pack(arr[i], payload_at); - break; - } - case PROTOBUF_C_TYPE_UINT32: { - const uint32_t *arr = (const uint32_t *) array; - for (i = 0; i < count; i++) - payload_at += uint32_pack(arr[i], payload_at); - break; - } - case PROTOBUF_C_TYPE_INT64: - case PROTOBUF_C_TYPE_UINT64: { - const uint64_t *arr = (const uint64_t *) array; - for (i = 0; i < count; i++) - payload_at += uint64_pack(arr[i], payload_at); - break; - } - case PROTOBUF_C_TYPE_BOOL: { - const protobuf_c_boolean *arr = (const protobuf_c_boolean *) array; - for (i = 0; i < count; i++) - payload_at += boolean_pack(arr[i], payload_at); - break; - } - default: - PROTOBUF_C__ASSERT_NOT_REACHED(); - } - - payload_len = payload_at - (out + header_len); - actual_length_size = uint32_size(payload_len); - if (length_size_min != actual_length_size) { - assert(actual_length_size == length_size_min + 1); - memmove(out + header_len + 1, out + header_len, - payload_len); - header_len++; - } - uint32_pack(payload_len, out + len_start); - return header_len + payload_len; - } else { - /* not "packed" cased */ - /* CONSIDER: optimize this case a bit (by putting the loop inside the switch) */ - size_t rv = 0; - unsigned siz = sizeof_elt_in_repeated_array(field->type); - - for (i = 0; i < count; i++) { - rv += required_field_pack(field, array, out + rv); - array = (char *)array + siz; - } - return rv; - } -} - -static size_t -unknown_field_pack(const ProtobufCMessageUnknownField *field, uint8_t *out) -{ - size_t rv = tag_pack(field->tag, out); - out[0] |= field->wire_type; - memcpy(out + rv, field->data, field->len); - return rv + field->len; -} - -/**@}*/ - -size_t -protobuf_c_message_pack(const ProtobufCMessage *message, uint8_t *out) -{ - unsigned i; - size_t rv = 0; - - ASSERT_IS_MESSAGE(message); - for (i = 0; i < message->descriptor->n_fields; i++) { - const ProtobufCFieldDescriptor *field = - message->descriptor->fields + i; - const void *member = ((const char *) message) + field->offset; - - /* - * It doesn't hurt to compute qmember (a pointer to the - * quantifier field of the structure), but the pointer is only - * valid if the field is: - * - a repeated field, or - * - a field that is part of a oneof - * - an optional field that isn't a pointer type - * (Meaning: not a message or a string). - */ - const void *qmember = - ((const char *) message) + field->quantifier_offset; - - if (field->label == PROTOBUF_C_LABEL_REQUIRED) { - rv += required_field_pack(field, member, out + rv); - } else if ((field->label == PROTOBUF_C_LABEL_OPTIONAL || - field->label == PROTOBUF_C_LABEL_NONE) && - (0 != (field->flags & PROTOBUF_C_FIELD_FLAG_ONEOF))) { - rv += oneof_field_pack( - field, - *(const uint32_t *) qmember, - member, - out + rv - ); - } else if (field->label == PROTOBUF_C_LABEL_OPTIONAL) { - rv += optional_field_pack( - field, - *(const protobuf_c_boolean *) qmember, - member, - out + rv - ); - } else if (field->label == PROTOBUF_C_LABEL_NONE) { - rv += unlabeled_field_pack(field, member, out + rv); - } else { - rv += repeated_field_pack(field, *(const size_t *) qmember, - member, out + rv); - } - } - for (i = 0; i < message->n_unknown_fields; i++) - rv += unknown_field_pack(&message->unknown_fields[i], out + rv); - return rv; -} - -/** - * \defgroup packbuf protobuf_c_message_pack_to_buffer() implementation - * - * Routines mainly used by protobuf_c_message_pack_to_buffer(). - * - * \ingroup internal - * @{ - */ - -/** - * Pack a required field to a virtual buffer. - * - * \param field - * Field descriptor. - * \param member - * The element to be packed. - * \param[out] buffer - * Virtual buffer to append data to. - * \return - * Number of bytes packed. - */ -static size_t -required_field_pack_to_buffer(const ProtobufCFieldDescriptor *field, - const void *member, ProtobufCBuffer *buffer) -{ - size_t rv; - uint8_t scratch[MAX_UINT64_ENCODED_SIZE * 2]; - - rv = tag_pack(field->id, scratch); - switch (field->type) { - case PROTOBUF_C_TYPE_SINT32: - scratch[0] |= PROTOBUF_C_WIRE_TYPE_VARINT; - rv += sint32_pack(*(const int32_t *) member, scratch + rv); - buffer->append(buffer, rv, scratch); - break; - case PROTOBUF_C_TYPE_ENUM: - case PROTOBUF_C_TYPE_INT32: - scratch[0] |= PROTOBUF_C_WIRE_TYPE_VARINT; - rv += int32_pack(*(const int32_t *) member, scratch + rv); - buffer->append(buffer, rv, scratch); - break; - case PROTOBUF_C_TYPE_UINT32: - scratch[0] |= PROTOBUF_C_WIRE_TYPE_VARINT; - rv += uint32_pack(*(const uint32_t *) member, scratch + rv); - buffer->append(buffer, rv, scratch); - break; - case PROTOBUF_C_TYPE_SINT64: - scratch[0] |= PROTOBUF_C_WIRE_TYPE_VARINT; - rv += sint64_pack(*(const int64_t *) member, scratch + rv); - buffer->append(buffer, rv, scratch); - break; - case PROTOBUF_C_TYPE_INT64: - case PROTOBUF_C_TYPE_UINT64: - scratch[0] |= PROTOBUF_C_WIRE_TYPE_VARINT; - rv += uint64_pack(*(const uint64_t *) member, scratch + rv); - buffer->append(buffer, rv, scratch); - break; - case PROTOBUF_C_TYPE_SFIXED32: - case PROTOBUF_C_TYPE_FIXED32: - case PROTOBUF_C_TYPE_FLOAT: - scratch[0] |= PROTOBUF_C_WIRE_TYPE_32BIT; - rv += fixed32_pack(*(const uint32_t *) member, scratch + rv); - buffer->append(buffer, rv, scratch); - break; - case PROTOBUF_C_TYPE_SFIXED64: - case PROTOBUF_C_TYPE_FIXED64: - case PROTOBUF_C_TYPE_DOUBLE: - scratch[0] |= PROTOBUF_C_WIRE_TYPE_64BIT; - rv += fixed64_pack(*(const uint64_t *) member, scratch + rv); - buffer->append(buffer, rv, scratch); - break; - case PROTOBUF_C_TYPE_BOOL: - scratch[0] |= PROTOBUF_C_WIRE_TYPE_VARINT; - rv += boolean_pack(*(const protobuf_c_boolean *) member, scratch + rv); - buffer->append(buffer, rv, scratch); - break; - case PROTOBUF_C_TYPE_STRING: { - const char *str = *(char *const *) member; - size_t sublen = str ? strlen(str) : 0; - - scratch[0] |= PROTOBUF_C_WIRE_TYPE_LENGTH_PREFIXED; - rv += uint32_pack(sublen, scratch + rv); - buffer->append(buffer, rv, scratch); - buffer->append(buffer, sublen, (const uint8_t *) str); - rv += sublen; - break; - } - case PROTOBUF_C_TYPE_BYTES: { - const ProtobufCBinaryData *bd = ((const ProtobufCBinaryData *) member); - size_t sublen = bd->len; - - scratch[0] |= PROTOBUF_C_WIRE_TYPE_LENGTH_PREFIXED; - rv += uint32_pack(sublen, scratch + rv); - buffer->append(buffer, rv, scratch); - buffer->append(buffer, sublen, bd->data); - rv += sublen; - break; - } - case PROTOBUF_C_TYPE_MESSAGE: { - uint8_t simple_buffer_scratch[256]; - size_t sublen; - const ProtobufCMessage *msg = *(ProtobufCMessage * const *) member; - ProtobufCBufferSimple simple_buffer = - PROTOBUF_C_BUFFER_SIMPLE_INIT(simple_buffer_scratch); - - scratch[0] |= PROTOBUF_C_WIRE_TYPE_LENGTH_PREFIXED; - if (msg == NULL) - sublen = 0; - else - sublen = protobuf_c_message_pack_to_buffer(msg, &simple_buffer.base); - rv += uint32_pack(sublen, scratch + rv); - buffer->append(buffer, rv, scratch); - buffer->append(buffer, sublen, simple_buffer.data); - rv += sublen; - PROTOBUF_C_BUFFER_SIMPLE_CLEAR(&simple_buffer); - break; - } - default: - PROTOBUF_C__ASSERT_NOT_REACHED(); - } - return rv; -} - -/** - * Pack a oneof field to a buffer. Only packs the field that is selected by the case enum. - * - * \param field - * Field descriptor. - * \param oneof_case - * Enum value that selects the field in the oneof. - * \param member - * The element to be packed. - * \param[out] buffer - * Virtual buffer to append data to. - * \return - * Number of bytes serialised to `buffer`. - */ -static size_t -oneof_field_pack_to_buffer(const ProtobufCFieldDescriptor *field, - uint32_t oneof_case, - const void *member, ProtobufCBuffer *buffer) -{ - if (oneof_case != field->id) { - return 0; - } - if (field->type == PROTOBUF_C_TYPE_MESSAGE || - field->type == PROTOBUF_C_TYPE_STRING) - { - const void *ptr = *(const void *const *) member; - if (ptr == NULL || ptr == field->default_value) - return 0; - } - return required_field_pack_to_buffer(field, member, buffer); -} - -/** - * Pack an optional field to a buffer. - * - * \param field - * Field descriptor. - * \param has - * Whether the field is set. - * \param member - * The element to be packed. - * \param[out] buffer - * Virtual buffer to append data to. - * \return - * Number of bytes serialised to `buffer`. - */ -static size_t -optional_field_pack_to_buffer(const ProtobufCFieldDescriptor *field, - const protobuf_c_boolean has, - const void *member, ProtobufCBuffer *buffer) -{ - if (field->type == PROTOBUF_C_TYPE_MESSAGE || - field->type == PROTOBUF_C_TYPE_STRING) - { - const void *ptr = *(const void *const *) member; - if (ptr == NULL || ptr == field->default_value) - return 0; - } else { - if (!has) - return 0; - } - return required_field_pack_to_buffer(field, member, buffer); -} - -/** - * Pack an unlabeled field to a buffer. - * - * \param field - * Field descriptor. - * \param member - * The element to be packed. - * \param[out] buffer - * Virtual buffer to append data to. - * \return - * Number of bytes serialised to `buffer`. - */ -static size_t -unlabeled_field_pack_to_buffer(const ProtobufCFieldDescriptor *field, - const void *member, ProtobufCBuffer *buffer) -{ - if (field_is_zeroish(field, member)) - return 0; - return required_field_pack_to_buffer(field, member, buffer); -} - -/** - * Get the packed size of an array of same field type. - * - * \param field - * Field descriptor. - * \param count - * Number of elements of this type. - * \param array - * The elements to get the size of. - * \return - * Number of bytes required. - */ -static size_t -get_packed_payload_length(const ProtobufCFieldDescriptor *field, - unsigned count, const void *array) -{ - unsigned rv = 0; - unsigned i; - - switch (field->type) { - case PROTOBUF_C_TYPE_SFIXED32: - case PROTOBUF_C_TYPE_FIXED32: - case PROTOBUF_C_TYPE_FLOAT: - return count * 4; - case PROTOBUF_C_TYPE_SFIXED64: - case PROTOBUF_C_TYPE_FIXED64: - case PROTOBUF_C_TYPE_DOUBLE: - return count * 8; - case PROTOBUF_C_TYPE_ENUM: - case PROTOBUF_C_TYPE_INT32: { - const int32_t *arr = (const int32_t *) array; - for (i = 0; i < count; i++) - rv += int32_size(arr[i]); - break; - } - case PROTOBUF_C_TYPE_SINT32: { - const int32_t *arr = (const int32_t *) array; - for (i = 0; i < count; i++) - rv += sint32_size(arr[i]); - break; - } - case PROTOBUF_C_TYPE_UINT32: { - const uint32_t *arr = (const uint32_t *) array; - for (i = 0; i < count; i++) - rv += uint32_size(arr[i]); - break; - } - case PROTOBUF_C_TYPE_SINT64: { - const int64_t *arr = (const int64_t *) array; - for (i = 0; i < count; i++) - rv += sint64_size(arr[i]); - break; - } - case PROTOBUF_C_TYPE_INT64: - case PROTOBUF_C_TYPE_UINT64: { - const uint64_t *arr = (const uint64_t *) array; - for (i = 0; i < count; i++) - rv += uint64_size(arr[i]); - break; - } - case PROTOBUF_C_TYPE_BOOL: - return count; - default: - PROTOBUF_C__ASSERT_NOT_REACHED(); - } - return rv; -} - -/** - * Pack an array of same field type to a virtual buffer. - * - * \param field - * Field descriptor. - * \param count - * Number of elements of this type. - * \param array - * The elements to get the size of. - * \param[out] buffer - * Virtual buffer to append data to. - * \return - * Number of bytes packed. - */ -static size_t -pack_buffer_packed_payload(const ProtobufCFieldDescriptor *field, - unsigned count, const void *array, - ProtobufCBuffer *buffer) -{ - uint8_t scratch[16]; - size_t rv = 0; - unsigned i; - - switch (field->type) { - case PROTOBUF_C_TYPE_SFIXED32: - case PROTOBUF_C_TYPE_FIXED32: - case PROTOBUF_C_TYPE_FLOAT: -#if !defined(WORDS_BIGENDIAN) - rv = count * 4; - goto no_packing_needed; -#else - for (i = 0; i < count; i++) { - unsigned len = fixed32_pack(((uint32_t *) array)[i], scratch); - buffer->append(buffer, len, scratch); - rv += len; - } - break; -#endif - case PROTOBUF_C_TYPE_SFIXED64: - case PROTOBUF_C_TYPE_FIXED64: - case PROTOBUF_C_TYPE_DOUBLE: -#if !defined(WORDS_BIGENDIAN) - rv = count * 8; - goto no_packing_needed; -#else - for (i = 0; i < count; i++) { - unsigned len = fixed64_pack(((uint64_t *) array)[i], scratch); - buffer->append(buffer, len, scratch); - rv += len; - } - break; -#endif - case PROTOBUF_C_TYPE_ENUM: - case PROTOBUF_C_TYPE_INT32: - for (i = 0; i < count; i++) { - unsigned len = int32_pack(((int32_t *) array)[i], scratch); - buffer->append(buffer, len, scratch); - rv += len; - } - break; - case PROTOBUF_C_TYPE_SINT32: - for (i = 0; i < count; i++) { - unsigned len = sint32_pack(((int32_t *) array)[i], scratch); - buffer->append(buffer, len, scratch); - rv += len; - } - break; - case PROTOBUF_C_TYPE_UINT32: - for (i = 0; i < count; i++) { - unsigned len = uint32_pack(((uint32_t *) array)[i], scratch); - buffer->append(buffer, len, scratch); - rv += len; - } - break; - case PROTOBUF_C_TYPE_SINT64: - for (i = 0; i < count; i++) { - unsigned len = sint64_pack(((int64_t *) array)[i], scratch); - buffer->append(buffer, len, scratch); - rv += len; - } - break; - case PROTOBUF_C_TYPE_INT64: - case PROTOBUF_C_TYPE_UINT64: - for (i = 0; i < count; i++) { - unsigned len = uint64_pack(((uint64_t *) array)[i], scratch); - buffer->append(buffer, len, scratch); - rv += len; - } - break; - case PROTOBUF_C_TYPE_BOOL: - for (i = 0; i < count; i++) { - unsigned len = boolean_pack(((protobuf_c_boolean *) array)[i], scratch); - buffer->append(buffer, len, scratch); - rv += len; - } - return count; - default: - PROTOBUF_C__ASSERT_NOT_REACHED(); - } - return rv; - -#if !defined(WORDS_BIGENDIAN) -no_packing_needed: - buffer->append(buffer, rv, array); - return rv; -#endif -} - -static size_t -repeated_field_pack_to_buffer(const ProtobufCFieldDescriptor *field, - unsigned count, const void *member, - ProtobufCBuffer *buffer) -{ - char *array = *(char * const *) member; - - if (count == 0) - return 0; - if (0 != (field->flags & PROTOBUF_C_FIELD_FLAG_PACKED)) { - uint8_t scratch[MAX_UINT64_ENCODED_SIZE * 2]; - size_t rv = tag_pack(field->id, scratch); - size_t payload_len = get_packed_payload_length(field, count, array); - size_t tmp; - - scratch[0] |= PROTOBUF_C_WIRE_TYPE_LENGTH_PREFIXED; - rv += uint32_pack(payload_len, scratch + rv); - buffer->append(buffer, rv, scratch); - tmp = pack_buffer_packed_payload(field, count, array, buffer); - assert(tmp == payload_len); - return rv + payload_len; - } else { - size_t siz; - unsigned i; - /* CONSIDER: optimize this case a bit (by putting the loop inside the switch) */ - unsigned rv = 0; - - siz = sizeof_elt_in_repeated_array(field->type); - for (i = 0; i < count; i++) { - rv += required_field_pack_to_buffer(field, array, buffer); - array += siz; - } - return rv; - } -} - -static size_t -unknown_field_pack_to_buffer(const ProtobufCMessageUnknownField *field, - ProtobufCBuffer *buffer) -{ - uint8_t header[MAX_UINT64_ENCODED_SIZE]; - size_t rv = tag_pack(field->tag, header); - - header[0] |= field->wire_type; - buffer->append(buffer, rv, header); - buffer->append(buffer, field->len, field->data); - return rv + field->len; -} - -/**@}*/ - -size_t -protobuf_c_message_pack_to_buffer(const ProtobufCMessage *message, - ProtobufCBuffer *buffer) -{ - unsigned i; - size_t rv = 0; - - ASSERT_IS_MESSAGE(message); - for (i = 0; i < message->descriptor->n_fields; i++) { - const ProtobufCFieldDescriptor *field = - message->descriptor->fields + i; - const void *member = - ((const char *) message) + field->offset; - const void *qmember = - ((const char *) message) + field->quantifier_offset; - - if (field->label == PROTOBUF_C_LABEL_REQUIRED) { - rv += required_field_pack_to_buffer(field, member, buffer); - } else if ((field->label == PROTOBUF_C_LABEL_OPTIONAL || - field->label == PROTOBUF_C_LABEL_NONE) && - (0 != (field->flags & PROTOBUF_C_FIELD_FLAG_ONEOF))) { - rv += oneof_field_pack_to_buffer( - field, - *(const uint32_t *) qmember, - member, - buffer - ); - } else if (field->label == PROTOBUF_C_LABEL_OPTIONAL) { - rv += optional_field_pack_to_buffer( - field, - *(const protobuf_c_boolean *) qmember, - member, - buffer - ); - } else if (field->label == PROTOBUF_C_LABEL_NONE) { - rv += unlabeled_field_pack_to_buffer( - field, - member, - buffer - ); - } else { - rv += repeated_field_pack_to_buffer( - field, - *(const size_t *) qmember, - member, - buffer - ); - } - } - for (i = 0; i < message->n_unknown_fields; i++) - rv += unknown_field_pack_to_buffer(&message->unknown_fields[i], buffer); - - return rv; -} - -/** - * \defgroup unpack unpacking implementation - * - * Routines mainly used by the unpacking functions. - * - * \ingroup internal - * @{ - */ - -static inline int -int_range_lookup(unsigned n_ranges, const ProtobufCIntRange *ranges, int value) -{ - unsigned n; - unsigned start; - - if (n_ranges == 0) - return -1; - start = 0; - n = n_ranges; - while (n > 1) { - unsigned mid = start + n / 2; - - if (value < ranges[mid].start_value) { - n = mid - start; - } else if (value >= ranges[mid].start_value + - (int) (ranges[mid + 1].orig_index - - ranges[mid].orig_index)) - { - unsigned new_start = mid + 1; - n = start + n - new_start; - start = new_start; - } else - return (value - ranges[mid].start_value) + - ranges[mid].orig_index; - } - if (n > 0) { - unsigned start_orig_index = ranges[start].orig_index; - unsigned range_size = - ranges[start + 1].orig_index - start_orig_index; - - if (ranges[start].start_value <= value && - value < (int) (ranges[start].start_value + range_size)) - { - return (value - ranges[start].start_value) + - start_orig_index; - } - } - return -1; -} - -static size_t -parse_tag_and_wiretype(size_t len, - const uint8_t *data, - uint32_t *tag_out, - ProtobufCWireType *wiretype_out) -{ - unsigned max_rv = len > 5 ? 5 : len; - uint32_t tag = (data[0] & 0x7f) >> 3; - unsigned shift = 4; - unsigned rv; - - /* 0 is not a valid tag value */ - if ((data[0] & 0xf8) == 0) { - return 0; - } - - *wiretype_out = data[0] & 7; - if ((data[0] & 0x80) == 0) { - *tag_out = tag; - return 1; - } - for (rv = 1; rv < max_rv; rv++) { - if (data[rv] & 0x80) { - tag |= (data[rv] & 0x7f) << shift; - shift += 7; - } else { - tag |= data[rv] << shift; - *tag_out = tag; - return rv + 1; - } - } - return 0; /* error: bad header */ -} - -/* sizeof(ScannedMember) must be <= (1UL< INT_MAX) { - // Protobuf messages should always be less than 2 GiB in size. - // We also want to return early here so that hdr_len + val does - // not overflow on 32-bit systems. - PROTOBUF_C_UNPACK_ERROR("length prefix of %lu is too large", val); - return 0; - } - if (hdr_len + val > len) { - PROTOBUF_C_UNPACK_ERROR("data too short after length-prefix of %lu", val); - return 0; - } - return hdr_len + val; -} - -static size_t -max_b128_numbers(size_t len, const uint8_t *data) -{ - size_t rv = 0; - while (len--) - if ((*data++ & 0x80) == 0) - ++rv; - return rv; -} - -/**@}*/ - -/** - * Merge earlier message into a latter message. - * - * For numeric types and strings, if the same value appears multiple - * times, the parser accepts the last value it sees. For embedded - * message fields, the parser merges multiple instances of the same - * field. That is, all singular scalar fields in the latter instance - * replace those in the former, singular embedded messages are merged, - * and repeated fields are concatenated. - * - * The earlier message should be freed after calling this function, as - * some of its fields may have been reused and changed to their default - * values during the merge. - */ -static protobuf_c_boolean -merge_messages(ProtobufCMessage *earlier_msg, - ProtobufCMessage *latter_msg, - ProtobufCAllocator *allocator) -{ - unsigned i; - const ProtobufCFieldDescriptor *fields = - latter_msg->descriptor->fields; - for (i = 0; i < latter_msg->descriptor->n_fields; i++) { - if (fields[i].label == PROTOBUF_C_LABEL_REPEATED) { - size_t *n_earlier = - STRUCT_MEMBER_PTR(size_t, earlier_msg, - fields[i].quantifier_offset); - uint8_t **p_earlier = - STRUCT_MEMBER_PTR(uint8_t *, earlier_msg, - fields[i].offset); - size_t *n_latter = - STRUCT_MEMBER_PTR(size_t, latter_msg, - fields[i].quantifier_offset); - uint8_t **p_latter = - STRUCT_MEMBER_PTR(uint8_t *, latter_msg, - fields[i].offset); - - if (*n_earlier > 0) { - if (*n_latter > 0) { - /* Concatenate the repeated field */ - size_t el_size = - sizeof_elt_in_repeated_array(fields[i].type); - uint8_t *new_field; - - new_field = do_alloc(allocator, - (*n_earlier + *n_latter) * el_size); - if (!new_field) - return FALSE; - - memcpy(new_field, *p_earlier, - *n_earlier * el_size); - memcpy(new_field + - *n_earlier * el_size, - *p_latter, - *n_latter * el_size); - - do_free(allocator, *p_latter); - do_free(allocator, *p_earlier); - *p_latter = new_field; - *n_latter = *n_earlier + *n_latter; - } else { - /* Zero copy the repeated field from the earlier message */ - *n_latter = *n_earlier; - *p_latter = *p_earlier; - } - /* Make sure the field does not get double freed */ - *n_earlier = 0; - *p_earlier = 0; - } - } else if (fields[i].label == PROTOBUF_C_LABEL_OPTIONAL || - fields[i].label == PROTOBUF_C_LABEL_NONE) { - const ProtobufCFieldDescriptor *field; - uint32_t *earlier_case_p = STRUCT_MEMBER_PTR(uint32_t, - earlier_msg, - fields[i]. - quantifier_offset); - uint32_t *latter_case_p = STRUCT_MEMBER_PTR(uint32_t, - latter_msg, - fields[i]. - quantifier_offset); - protobuf_c_boolean need_to_merge = FALSE; - void *earlier_elem; - void *latter_elem; - const void *def_val; - - if (fields[i].flags & PROTOBUF_C_FIELD_FLAG_ONEOF) { - if (*latter_case_p == 0) { - /* lookup correct oneof field */ - int field_index = - int_range_lookup( - latter_msg->descriptor - ->n_field_ranges, - latter_msg->descriptor - ->field_ranges, - *earlier_case_p); - if (field_index < 0) - return FALSE; - field = latter_msg->descriptor->fields + - field_index; - } else { - /* Oneof is present in the latter message, move on */ - continue; - } - } else { - field = &fields[i]; - } - - earlier_elem = STRUCT_MEMBER_P(earlier_msg, field->offset); - latter_elem = STRUCT_MEMBER_P(latter_msg, field->offset); - def_val = field->default_value; - - switch (field->type) { - case PROTOBUF_C_TYPE_MESSAGE: { - ProtobufCMessage *em = *(ProtobufCMessage **) earlier_elem; - ProtobufCMessage *lm = *(ProtobufCMessage **) latter_elem; - if (em != NULL) { - if (lm != NULL) { - if (!merge_messages(em, lm, allocator)) - return FALSE; - /* Already merged */ - need_to_merge = FALSE; - } else { - /* Zero copy the message */ - need_to_merge = TRUE; - } - } - break; - } - case PROTOBUF_C_TYPE_BYTES: { - uint8_t *e_data = - ((ProtobufCBinaryData *) earlier_elem)->data; - uint8_t *l_data = - ((ProtobufCBinaryData *) latter_elem)->data; - const ProtobufCBinaryData *d_bd = - (ProtobufCBinaryData *) def_val; - - need_to_merge = - (e_data != NULL && - (d_bd == NULL || - e_data != d_bd->data)) && - (l_data == NULL || - (d_bd != NULL && - l_data == d_bd->data)); - break; - } - case PROTOBUF_C_TYPE_STRING: { - char *e_str = *(char **) earlier_elem; - char *l_str = *(char **) latter_elem; - const char *d_str = def_val; - - need_to_merge = e_str != d_str && l_str == d_str; - break; - } - default: { - /* Could be has field or case enum, the logic is - * equivalent, since 0 (FALSE) means not set for - * oneof */ - need_to_merge = (*earlier_case_p != 0) && - (*latter_case_p == 0); - break; - } - } - - if (need_to_merge) { - size_t el_size = - sizeof_elt_in_repeated_array(field->type); - memcpy(latter_elem, earlier_elem, el_size); - /* - * Reset the element from the old message to 0 - * to make sure earlier message deallocation - * doesn't corrupt zero-copied data in the new - * message, earlier message will be freed after - * this function is called anyway - */ - memset(earlier_elem, 0, el_size); - - if (field->quantifier_offset != 0) { - /* Set the has field or the case enum, - * if applicable */ - *latter_case_p = *earlier_case_p; - *earlier_case_p = 0; - } - } - } - } - return TRUE; -} - -/** - * Count packed elements. - * - * Given a raw slab of packed-repeated values, determine the number of - * elements. This function detects certain kinds of errors but not - * others; the remaining error checking is done by - * parse_packed_repeated_member(). - */ -static protobuf_c_boolean -count_packed_elements(ProtobufCType type, - size_t len, const uint8_t *data, size_t *count_out) -{ - switch (type) { - case PROTOBUF_C_TYPE_SFIXED32: - case PROTOBUF_C_TYPE_FIXED32: - case PROTOBUF_C_TYPE_FLOAT: - if (len % 4 != 0) { - PROTOBUF_C_UNPACK_ERROR("length must be a multiple of 4 for fixed-length 32-bit types"); - return FALSE; - } - *count_out = len / 4; - return TRUE; - case PROTOBUF_C_TYPE_SFIXED64: - case PROTOBUF_C_TYPE_FIXED64: - case PROTOBUF_C_TYPE_DOUBLE: - if (len % 8 != 0) { - PROTOBUF_C_UNPACK_ERROR("length must be a multiple of 8 for fixed-length 64-bit types"); - return FALSE; - } - *count_out = len / 8; - return TRUE; - case PROTOBUF_C_TYPE_ENUM: - case PROTOBUF_C_TYPE_INT32: - case PROTOBUF_C_TYPE_SINT32: - case PROTOBUF_C_TYPE_UINT32: - case PROTOBUF_C_TYPE_INT64: - case PROTOBUF_C_TYPE_SINT64: - case PROTOBUF_C_TYPE_UINT64: - *count_out = max_b128_numbers(len, data); - return TRUE; - case PROTOBUF_C_TYPE_BOOL: - *count_out = len; - return TRUE; - case PROTOBUF_C_TYPE_STRING: - case PROTOBUF_C_TYPE_BYTES: - case PROTOBUF_C_TYPE_MESSAGE: - default: - PROTOBUF_C_UNPACK_ERROR("bad protobuf-c type %u for packed-repeated", type); - return FALSE; - } -} - -static inline uint32_t -parse_uint32(unsigned len, const uint8_t *data) -{ - uint32_t rv = data[0] & 0x7f; - if (len > 1) { - rv |= ((uint32_t) (data[1] & 0x7f) << 7); - if (len > 2) { - rv |= ((uint32_t) (data[2] & 0x7f) << 14); - if (len > 3) { - rv |= ((uint32_t) (data[3] & 0x7f) << 21); - if (len > 4) - rv |= ((uint32_t) (data[4]) << 28); - } - } - } - return rv; -} - -static inline uint32_t -parse_int32(unsigned len, const uint8_t *data) -{ - return parse_uint32(len, data); -} - -static inline int32_t -unzigzag32(uint32_t v) -{ - // Note: Using unsigned types prevents undefined behavior - return (int32_t)((v >> 1) ^ (~(v & 1) + 1)); -} - -static inline uint32_t -parse_fixed_uint32(const uint8_t *data) -{ -#if !defined(WORDS_BIGENDIAN) - uint32_t t; - memcpy(&t, data, 4); - return t; -#else - return data[0] | - ((uint32_t) (data[1]) << 8) | - ((uint32_t) (data[2]) << 16) | - ((uint32_t) (data[3]) << 24); -#endif -} - -static uint64_t -parse_uint64(unsigned len, const uint8_t *data) -{ - unsigned shift, i; - uint64_t rv; - - if (len < 5) - return parse_uint32(len, data); - rv = ((uint64_t) (data[0] & 0x7f)) | - ((uint64_t) (data[1] & 0x7f) << 7) | - ((uint64_t) (data[2] & 0x7f) << 14) | - ((uint64_t) (data[3] & 0x7f) << 21); - shift = 28; - for (i = 4; i < len; i++) { - rv |= (((uint64_t) (data[i] & 0x7f)) << shift); - shift += 7; - } - return rv; -} - -static inline int64_t -unzigzag64(uint64_t v) -{ - // Note: Using unsigned types prevents undefined behavior - return (int64_t)((v >> 1) ^ (~(v & 1) + 1)); -} - -static inline uint64_t -parse_fixed_uint64(const uint8_t *data) -{ -#if !defined(WORDS_BIGENDIAN) - uint64_t t; - memcpy(&t, data, 8); - return t; -#else - return (uint64_t) parse_fixed_uint32(data) | - (((uint64_t) parse_fixed_uint32(data + 4)) << 32); -#endif -} - -static protobuf_c_boolean -parse_boolean(unsigned len, const uint8_t *data) -{ - unsigned i; - for (i = 0; i < len; i++) - if (data[i] & 0x7f) - return TRUE; - return FALSE; -} - -static protobuf_c_boolean -parse_required_member(ScannedMember *scanned_member, - void *member, - ProtobufCAllocator *allocator, - protobuf_c_boolean maybe_clear) -{ - unsigned len = scanned_member->len; - const uint8_t *data = scanned_member->data; - ProtobufCWireType wire_type = scanned_member->wire_type; - - switch (scanned_member->field->type) { - case PROTOBUF_C_TYPE_ENUM: - case PROTOBUF_C_TYPE_INT32: - if (wire_type != PROTOBUF_C_WIRE_TYPE_VARINT) - return FALSE; - *(int32_t *) member = parse_int32(len, data); - return TRUE; - case PROTOBUF_C_TYPE_UINT32: - if (wire_type != PROTOBUF_C_WIRE_TYPE_VARINT) - return FALSE; - *(uint32_t *) member = parse_uint32(len, data); - return TRUE; - case PROTOBUF_C_TYPE_SINT32: - if (wire_type != PROTOBUF_C_WIRE_TYPE_VARINT) - return FALSE; - *(int32_t *) member = unzigzag32(parse_uint32(len, data)); - return TRUE; - case PROTOBUF_C_TYPE_SFIXED32: - case PROTOBUF_C_TYPE_FIXED32: - case PROTOBUF_C_TYPE_FLOAT: - if (wire_type != PROTOBUF_C_WIRE_TYPE_32BIT) - return FALSE; - *(uint32_t *) member = parse_fixed_uint32(data); - return TRUE; - case PROTOBUF_C_TYPE_INT64: - case PROTOBUF_C_TYPE_UINT64: - if (wire_type != PROTOBUF_C_WIRE_TYPE_VARINT) - return FALSE; - *(uint64_t *) member = parse_uint64(len, data); - return TRUE; - case PROTOBUF_C_TYPE_SINT64: - if (wire_type != PROTOBUF_C_WIRE_TYPE_VARINT) - return FALSE; - *(int64_t *) member = unzigzag64(parse_uint64(len, data)); - return TRUE; - case PROTOBUF_C_TYPE_SFIXED64: - case PROTOBUF_C_TYPE_FIXED64: - case PROTOBUF_C_TYPE_DOUBLE: - if (wire_type != PROTOBUF_C_WIRE_TYPE_64BIT) - return FALSE; - *(uint64_t *) member = parse_fixed_uint64(data); - return TRUE; - case PROTOBUF_C_TYPE_BOOL: - *(protobuf_c_boolean *) member = parse_boolean(len, data); - return TRUE; - case PROTOBUF_C_TYPE_STRING: { - char **pstr = member; - unsigned pref_len = scanned_member->length_prefix_len; - - if (wire_type != PROTOBUF_C_WIRE_TYPE_LENGTH_PREFIXED) - return FALSE; - - if (maybe_clear && *pstr != NULL) { - const char *def = scanned_member->field->default_value; - if (*pstr != NULL && *pstr != def) - do_free(allocator, *pstr); - } - *pstr = do_alloc(allocator, len - pref_len + 1); - if (*pstr == NULL) - return FALSE; - memcpy(*pstr, data + pref_len, len - pref_len); - (*pstr)[len - pref_len] = 0; - return TRUE; - } - case PROTOBUF_C_TYPE_BYTES: { - ProtobufCBinaryData *bd = member; - const ProtobufCBinaryData *def_bd; - unsigned pref_len = scanned_member->length_prefix_len; - - if (wire_type != PROTOBUF_C_WIRE_TYPE_LENGTH_PREFIXED) - return FALSE; - - def_bd = scanned_member->field->default_value; - if (maybe_clear && - bd->data != NULL && - (def_bd == NULL || bd->data != def_bd->data)) - { - do_free(allocator, bd->data); - } - if (len - pref_len > 0) { - bd->data = do_alloc(allocator, len - pref_len); - if (bd->data == NULL) - return FALSE; - memcpy(bd->data, data + pref_len, len - pref_len); - } else { - bd->data = NULL; - } - bd->len = len - pref_len; - return TRUE; - } - case PROTOBUF_C_TYPE_MESSAGE: { - ProtobufCMessage **pmessage = member; - ProtobufCMessage *subm; - const ProtobufCMessage *def_mess; - protobuf_c_boolean merge_successful = TRUE; - unsigned pref_len = scanned_member->length_prefix_len; - - if (wire_type != PROTOBUF_C_WIRE_TYPE_LENGTH_PREFIXED) - return FALSE; - - def_mess = scanned_member->field->default_value; - subm = protobuf_c_message_unpack(scanned_member->field->descriptor, - allocator, - len - pref_len, - data + pref_len); - - if (maybe_clear && - *pmessage != NULL && - *pmessage != def_mess) - { - if (subm != NULL) - merge_successful = merge_messages(*pmessage, subm, allocator); - /* Delete the previous message */ - protobuf_c_message_free_unpacked(*pmessage, allocator); - } - *pmessage = subm; - if (subm == NULL || !merge_successful) - return FALSE; - return TRUE; - } - } - return FALSE; -} - -static protobuf_c_boolean -parse_oneof_member (ScannedMember *scanned_member, - void *member, - ProtobufCMessage *message, - ProtobufCAllocator *allocator) -{ - uint32_t *oneof_case = STRUCT_MEMBER_PTR(uint32_t, message, - scanned_member->field->quantifier_offset); - - /* If we have already parsed a member of this oneof, free it. */ - if (*oneof_case != 0) { - const ProtobufCFieldDescriptor *old_field; - size_t el_size; - /* lookup field */ - int field_index = - int_range_lookup(message->descriptor->n_field_ranges, - message->descriptor->field_ranges, - *oneof_case); - if (field_index < 0) - return FALSE; - old_field = message->descriptor->fields + field_index; - el_size = sizeof_elt_in_repeated_array(old_field->type); - - switch (old_field->type) { - case PROTOBUF_C_TYPE_STRING: { - char **pstr = member; - const char *def = old_field->default_value; - if (*pstr != NULL && *pstr != def) - do_free(allocator, *pstr); - break; - } - case PROTOBUF_C_TYPE_BYTES: { - ProtobufCBinaryData *bd = member; - const ProtobufCBinaryData *def_bd = old_field->default_value; - if (bd->data != NULL && - (def_bd == NULL || bd->data != def_bd->data)) - { - do_free(allocator, bd->data); - } - break; - } - case PROTOBUF_C_TYPE_MESSAGE: { - ProtobufCMessage **pmessage = member; - const ProtobufCMessage *def_mess = old_field->default_value; - if (*pmessage != NULL && *pmessage != def_mess) - protobuf_c_message_free_unpacked(*pmessage, allocator); - break; - } - default: - break; - } - - memset (member, 0, el_size); - } - if (!parse_required_member (scanned_member, member, allocator, TRUE)) - return FALSE; - - *oneof_case = scanned_member->tag; - return TRUE; -} - - -static protobuf_c_boolean -parse_optional_member(ScannedMember *scanned_member, - void *member, - ProtobufCMessage *message, - ProtobufCAllocator *allocator) -{ - if (!parse_required_member(scanned_member, member, allocator, TRUE)) - return FALSE; - if (scanned_member->field->quantifier_offset != 0) - STRUCT_MEMBER(protobuf_c_boolean, - message, - scanned_member->field->quantifier_offset) = TRUE; - return TRUE; -} - -static protobuf_c_boolean -parse_repeated_member(ScannedMember *scanned_member, - void *member, - ProtobufCMessage *message, - ProtobufCAllocator *allocator) -{ - const ProtobufCFieldDescriptor *field = scanned_member->field; - size_t *p_n = STRUCT_MEMBER_PTR(size_t, message, field->quantifier_offset); - size_t siz = sizeof_elt_in_repeated_array(field->type); - char *array = *(char **) member; - - if (!parse_required_member(scanned_member, array + siz * (*p_n), - allocator, FALSE)) - { - return FALSE; - } - *p_n += 1; - return TRUE; -} - -static unsigned -scan_varint(unsigned len, const uint8_t *data) -{ - unsigned i; - if (len > 10) - len = 10; - for (i = 0; i < len; i++) - if ((data[i] & 0x80) == 0) - break; - if (i == len) - return 0; - return i + 1; -} - -static protobuf_c_boolean -parse_packed_repeated_member(ScannedMember *scanned_member, - void *member, - ProtobufCMessage *message) -{ - const ProtobufCFieldDescriptor *field = scanned_member->field; - size_t *p_n = STRUCT_MEMBER_PTR(size_t, message, field->quantifier_offset); - size_t siz = sizeof_elt_in_repeated_array(field->type); - void *array = *(char **) member + siz * (*p_n); - const uint8_t *at = scanned_member->data + scanned_member->length_prefix_len; - size_t rem = scanned_member->len - scanned_member->length_prefix_len; - size_t count = 0; - unsigned i; - - switch (field->type) { - case PROTOBUF_C_TYPE_SFIXED32: - case PROTOBUF_C_TYPE_FIXED32: - case PROTOBUF_C_TYPE_FLOAT: - count = (scanned_member->len - scanned_member->length_prefix_len) / 4; -#if !defined(WORDS_BIGENDIAN) - goto no_unpacking_needed; -#else - for (i = 0; i < count; i++) { - ((uint32_t *) array)[i] = parse_fixed_uint32(at); - at += 4; - } - break; -#endif - case PROTOBUF_C_TYPE_SFIXED64: - case PROTOBUF_C_TYPE_FIXED64: - case PROTOBUF_C_TYPE_DOUBLE: - count = (scanned_member->len - scanned_member->length_prefix_len) / 8; -#if !defined(WORDS_BIGENDIAN) - goto no_unpacking_needed; -#else - for (i = 0; i < count; i++) { - ((uint64_t *) array)[i] = parse_fixed_uint64(at); - at += 8; - } - break; -#endif - case PROTOBUF_C_TYPE_ENUM: - case PROTOBUF_C_TYPE_INT32: - while (rem > 0) { - unsigned s = scan_varint(rem, at); - if (s == 0) { - PROTOBUF_C_UNPACK_ERROR("bad packed-repeated int32 value"); - return FALSE; - } - ((int32_t *) array)[count++] = parse_int32(s, at); - at += s; - rem -= s; - } - break; - case PROTOBUF_C_TYPE_SINT32: - while (rem > 0) { - unsigned s = scan_varint(rem, at); - if (s == 0) { - PROTOBUF_C_UNPACK_ERROR("bad packed-repeated sint32 value"); - return FALSE; - } - ((int32_t *) array)[count++] = unzigzag32(parse_uint32(s, at)); - at += s; - rem -= s; - } - break; - case PROTOBUF_C_TYPE_UINT32: - while (rem > 0) { - unsigned s = scan_varint(rem, at); - if (s == 0) { - PROTOBUF_C_UNPACK_ERROR("bad packed-repeated enum or uint32 value"); - return FALSE; - } - ((uint32_t *) array)[count++] = parse_uint32(s, at); - at += s; - rem -= s; - } - break; - - case PROTOBUF_C_TYPE_SINT64: - while (rem > 0) { - unsigned s = scan_varint(rem, at); - if (s == 0) { - PROTOBUF_C_UNPACK_ERROR("bad packed-repeated sint64 value"); - return FALSE; - } - ((int64_t *) array)[count++] = unzigzag64(parse_uint64(s, at)); - at += s; - rem -= s; - } - break; - case PROTOBUF_C_TYPE_INT64: - case PROTOBUF_C_TYPE_UINT64: - while (rem > 0) { - unsigned s = scan_varint(rem, at); - if (s == 0) { - PROTOBUF_C_UNPACK_ERROR("bad packed-repeated int64/uint64 value"); - return FALSE; - } - ((int64_t *) array)[count++] = parse_uint64(s, at); - at += s; - rem -= s; - } - break; - case PROTOBUF_C_TYPE_BOOL: - count = rem; - for (i = 0; i < count; i++) { - if (at[i] > 1) { - PROTOBUF_C_UNPACK_ERROR("bad packed-repeated boolean value"); - return FALSE; - } - ((protobuf_c_boolean *) array)[i] = at[i]; - } - break; - default: - PROTOBUF_C__ASSERT_NOT_REACHED(); - } - *p_n += count; - return TRUE; - -#if !defined(WORDS_BIGENDIAN) -no_unpacking_needed: - memcpy(array, at, count * siz); - *p_n += count; - return TRUE; -#endif -} - -static protobuf_c_boolean -is_packable_type(ProtobufCType type) -{ - return - type != PROTOBUF_C_TYPE_STRING && - type != PROTOBUF_C_TYPE_BYTES && - type != PROTOBUF_C_TYPE_MESSAGE; -} - -static protobuf_c_boolean -parse_member(ScannedMember *scanned_member, - ProtobufCMessage *message, - ProtobufCAllocator *allocator) -{ - const ProtobufCFieldDescriptor *field = scanned_member->field; - void *member; - - if (field == NULL) { - ProtobufCMessageUnknownField *ufield = - message->unknown_fields + - (message->n_unknown_fields++); - ufield->tag = scanned_member->tag; - ufield->wire_type = scanned_member->wire_type; - ufield->len = scanned_member->len; - ufield->data = do_alloc(allocator, scanned_member->len); - if (ufield->data == NULL) - return FALSE; - memcpy(ufield->data, scanned_member->data, ufield->len); - return TRUE; - } - member = (char *) message + field->offset; - switch (field->label) { - case PROTOBUF_C_LABEL_REQUIRED: - return parse_required_member(scanned_member, member, - allocator, TRUE); - case PROTOBUF_C_LABEL_OPTIONAL: - case PROTOBUF_C_LABEL_NONE: - if (0 != (field->flags & PROTOBUF_C_FIELD_FLAG_ONEOF)) { - return parse_oneof_member(scanned_member, member, - message, allocator); - } else { - return parse_optional_member(scanned_member, member, - message, allocator); - } - case PROTOBUF_C_LABEL_REPEATED: - if (scanned_member->wire_type == - PROTOBUF_C_WIRE_TYPE_LENGTH_PREFIXED && - (0 != (field->flags & PROTOBUF_C_FIELD_FLAG_PACKED) || - is_packable_type(field->type))) - { - return parse_packed_repeated_member(scanned_member, - member, message); - } else { - return parse_repeated_member(scanned_member, - member, message, - allocator); - } - } - PROTOBUF_C__ASSERT_NOT_REACHED(); - return 0; -} - -/** - * Initialise messages generated by old code. - * - * This function is used if desc->message_init == NULL (which occurs - * for old code, and which would be useful to support allocating - * descriptors dynamically). - */ -static void -message_init_generic(const ProtobufCMessageDescriptor *desc, - ProtobufCMessage *message) -{ - unsigned i; - - memset(message, 0, desc->sizeof_message); - message->descriptor = desc; - for (i = 0; i < desc->n_fields; i++) { - if (desc->fields[i].default_value != NULL && - desc->fields[i].label != PROTOBUF_C_LABEL_REPEATED) - { - void *field = - STRUCT_MEMBER_P(message, desc->fields[i].offset); - const void *dv = desc->fields[i].default_value; - - switch (desc->fields[i].type) { - case PROTOBUF_C_TYPE_INT32: - case PROTOBUF_C_TYPE_SINT32: - case PROTOBUF_C_TYPE_SFIXED32: - case PROTOBUF_C_TYPE_UINT32: - case PROTOBUF_C_TYPE_FIXED32: - case PROTOBUF_C_TYPE_FLOAT: - case PROTOBUF_C_TYPE_ENUM: - memcpy(field, dv, 4); - break; - case PROTOBUF_C_TYPE_INT64: - case PROTOBUF_C_TYPE_SINT64: - case PROTOBUF_C_TYPE_SFIXED64: - case PROTOBUF_C_TYPE_UINT64: - case PROTOBUF_C_TYPE_FIXED64: - case PROTOBUF_C_TYPE_DOUBLE: - memcpy(field, dv, 8); - break; - case PROTOBUF_C_TYPE_BOOL: - memcpy(field, dv, sizeof(protobuf_c_boolean)); - break; - case PROTOBUF_C_TYPE_BYTES: - memcpy(field, dv, sizeof(ProtobufCBinaryData)); - break; - - case PROTOBUF_C_TYPE_STRING: - case PROTOBUF_C_TYPE_MESSAGE: - /* - * The next line essentially implements a cast - * from const, which is totally unavoidable. - */ - *(const void **) field = dv; - break; - } - } - } -} - -/**@}*/ - -/* - * ScannedMember slabs (an unpacking implementation detail). Before doing real - * unpacking, we first scan through the elements to see how many there are (for - * repeated fields), and which field to use (for non-repeated fields given - * twice). - * - * In order to avoid allocations for small messages, we keep a stack-allocated - * slab of ScannedMembers of size FIRST_SCANNED_MEMBER_SLAB_SIZE (16). After we - * fill that up, we allocate each slab twice as large as the previous one. - */ -#define FIRST_SCANNED_MEMBER_SLAB_SIZE_LOG2 4 - -/* - * The number of slabs, including the stack-allocated ones; choose the number so - * that we would overflow if we needed a slab larger than provided. - */ -#define MAX_SCANNED_MEMBER_SLAB \ - (sizeof(unsigned int)*8 - 1 \ - - BOUND_SIZEOF_SCANNED_MEMBER_LOG2 \ - - FIRST_SCANNED_MEMBER_SLAB_SIZE_LOG2) - -#define REQUIRED_FIELD_BITMAP_SET(index) \ - (required_fields_bitmap[(index)/8] |= (1UL<<((index)%8))) - -#define REQUIRED_FIELD_BITMAP_IS_SET(index) \ - (required_fields_bitmap[(index)/8] & (1UL<<((index)%8))) - -ProtobufCMessage * -protobuf_c_message_unpack(const ProtobufCMessageDescriptor *desc, - ProtobufCAllocator *allocator, - size_t len, const uint8_t *data) -{ - ProtobufCMessage *rv; - size_t rem = len; - const uint8_t *at = data; - const ProtobufCFieldDescriptor *last_field = desc->fields + 0; - ScannedMember first_member_slab[1UL << - FIRST_SCANNED_MEMBER_SLAB_SIZE_LOG2]; - - /* - * scanned_member_slabs[i] is an array of arrays of ScannedMember. - * The first slab (scanned_member_slabs[0] is just a pointer to - * first_member_slab), above. All subsequent slabs will be allocated - * using the allocator. - */ - ScannedMember *scanned_member_slabs[MAX_SCANNED_MEMBER_SLAB + 1]; - unsigned which_slab = 0; /* the slab we are currently populating */ - unsigned in_slab_index = 0; /* number of members in the slab */ - size_t n_unknown = 0; - unsigned f; - unsigned j; - unsigned i_slab; - unsigned last_field_index = 0; - unsigned required_fields_bitmap_len; - unsigned char required_fields_bitmap_stack[16]; - unsigned char *required_fields_bitmap = required_fields_bitmap_stack; - protobuf_c_boolean required_fields_bitmap_alloced = FALSE; - - ASSERT_IS_MESSAGE_DESCRIPTOR(desc); - - if (allocator == NULL) - allocator = &protobuf_c__allocator; - - rv = do_alloc(allocator, desc->sizeof_message); - if (!rv) - return (NULL); - scanned_member_slabs[0] = first_member_slab; - - required_fields_bitmap_len = (desc->n_fields + 7) / 8; - if (required_fields_bitmap_len > sizeof(required_fields_bitmap_stack)) { - required_fields_bitmap = do_alloc(allocator, required_fields_bitmap_len); - if (!required_fields_bitmap) { - do_free(allocator, rv); - return (NULL); - } - required_fields_bitmap_alloced = TRUE; - } - memset(required_fields_bitmap, 0, required_fields_bitmap_len); - - /* - * Generated code always defines "message_init". However, we provide a - * fallback for (1) users of old protobuf-c generated-code that do not - * provide the function, and (2) descriptors constructed from some other - * source (most likely, direct construction from the .proto file). - */ - if (desc->message_init != NULL) - protobuf_c_message_init(desc, rv); - else - message_init_generic(desc, rv); - - while (rem > 0) { - uint32_t tag; - ProtobufCWireType wire_type; - size_t used = parse_tag_and_wiretype(rem, at, &tag, &wire_type); - const ProtobufCFieldDescriptor *field; - ScannedMember tmp; - - if (used == 0) { - PROTOBUF_C_UNPACK_ERROR("error parsing tag/wiretype at offset %u", - (unsigned) (at - data)); - goto error_cleanup_during_scan; - } - /* - * \todo Consider optimizing for field[1].id == tag, if field[1] - * exists! - */ - if (last_field == NULL || last_field->id != tag) { - /* lookup field */ - int field_index = - int_range_lookup(desc->n_field_ranges, - desc->field_ranges, - tag); - if (field_index < 0) { - field = NULL; - n_unknown++; - } else { - field = desc->fields + field_index; - last_field = field; - last_field_index = field_index; - } - } else { - field = last_field; - } - - if (field != NULL && field->label == PROTOBUF_C_LABEL_REQUIRED) - REQUIRED_FIELD_BITMAP_SET(last_field_index); - - at += used; - rem -= used; - tmp.tag = tag; - tmp.wire_type = wire_type; - tmp.field = field; - tmp.data = at; - tmp.length_prefix_len = 0; - - switch (wire_type) { - case PROTOBUF_C_WIRE_TYPE_VARINT: { - unsigned max_len = rem < 10 ? rem : 10; - unsigned i; - - for (i = 0; i < max_len; i++) - if ((at[i] & 0x80) == 0) - break; - if (i == max_len) { - PROTOBUF_C_UNPACK_ERROR("unterminated varint at offset %u", - (unsigned) (at - data)); - goto error_cleanup_during_scan; - } - tmp.len = i + 1; - break; - } - case PROTOBUF_C_WIRE_TYPE_64BIT: - if (rem < 8) { - PROTOBUF_C_UNPACK_ERROR("too short after 64bit wiretype at offset %u", - (unsigned) (at - data)); - goto error_cleanup_during_scan; - } - tmp.len = 8; - break; - case PROTOBUF_C_WIRE_TYPE_LENGTH_PREFIXED: { - size_t pref_len; - - tmp.len = scan_length_prefixed_data(rem, at, &pref_len); - if (tmp.len == 0) { - /* NOTE: scan_length_prefixed_data calls UNPACK_ERROR */ - goto error_cleanup_during_scan; - } - tmp.length_prefix_len = pref_len; - break; - } - case PROTOBUF_C_WIRE_TYPE_32BIT: - if (rem < 4) { - PROTOBUF_C_UNPACK_ERROR("too short after 32bit wiretype at offset %u", - (unsigned) (at - data)); - goto error_cleanup_during_scan; - } - tmp.len = 4; - break; - default: - PROTOBUF_C_UNPACK_ERROR("unsupported tag %u at offset %u", - wire_type, (unsigned) (at - data)); - goto error_cleanup_during_scan; - } - - if (in_slab_index == (1UL << - (which_slab + FIRST_SCANNED_MEMBER_SLAB_SIZE_LOG2))) - { - size_t size; - - in_slab_index = 0; - if (which_slab == MAX_SCANNED_MEMBER_SLAB) { - PROTOBUF_C_UNPACK_ERROR("too many fields"); - goto error_cleanup_during_scan; - } - which_slab++; - size = sizeof(ScannedMember) - << (which_slab + FIRST_SCANNED_MEMBER_SLAB_SIZE_LOG2); - scanned_member_slabs[which_slab] = do_alloc(allocator, size); - if (scanned_member_slabs[which_slab] == NULL) - goto error_cleanup_during_scan; - } - scanned_member_slabs[which_slab][in_slab_index++] = tmp; - - if (field != NULL && field->label == PROTOBUF_C_LABEL_REPEATED) { - size_t *n = STRUCT_MEMBER_PTR(size_t, rv, - field->quantifier_offset); - if (wire_type == PROTOBUF_C_WIRE_TYPE_LENGTH_PREFIXED && - (0 != (field->flags & PROTOBUF_C_FIELD_FLAG_PACKED) || - is_packable_type(field->type))) - { - size_t count; - if (!count_packed_elements(field->type, - tmp.len - - tmp.length_prefix_len, - tmp.data + - tmp.length_prefix_len, - &count)) - { - PROTOBUF_C_UNPACK_ERROR("counting packed elements"); - goto error_cleanup_during_scan; - } - *n += count; - } else { - *n += 1; - } - } - - at += tmp.len; - rem -= tmp.len; - } - - /* allocate space for repeated fields, also check that all required fields have been set */ - for (f = 0; f < desc->n_fields; f++) { - const ProtobufCFieldDescriptor *field = desc->fields + f; - if (field->label == PROTOBUF_C_LABEL_REPEATED) { - size_t siz = - sizeof_elt_in_repeated_array(field->type); - size_t *n_ptr = - STRUCT_MEMBER_PTR(size_t, rv, - field->quantifier_offset); - if (*n_ptr != 0) { - unsigned n = *n_ptr; - void *a; - *n_ptr = 0; - assert(rv->descriptor != NULL); -#define CLEAR_REMAINING_N_PTRS() \ - for(f++;f < desc->n_fields; f++) \ - { \ - field = desc->fields + f; \ - if (field->label == PROTOBUF_C_LABEL_REPEATED) \ - STRUCT_MEMBER (size_t, rv, field->quantifier_offset) = 0; \ - } - a = do_alloc(allocator, siz * n); - if (!a) { - CLEAR_REMAINING_N_PTRS(); - goto error_cleanup; - } - STRUCT_MEMBER(void *, rv, field->offset) = a; - } - } else if (field->label == PROTOBUF_C_LABEL_REQUIRED) { - if (field->default_value == NULL && - !REQUIRED_FIELD_BITMAP_IS_SET(f)) - { - CLEAR_REMAINING_N_PTRS(); - PROTOBUF_C_UNPACK_ERROR("message '%s': missing required field '%s'", - desc->name, field->name); - goto error_cleanup; - } - } - } -#undef CLEAR_REMAINING_N_PTRS - - /* allocate space for unknown fields */ - if (n_unknown) { - rv->unknown_fields = do_alloc(allocator, - n_unknown * sizeof(ProtobufCMessageUnknownField)); - if (rv->unknown_fields == NULL) - goto error_cleanup; - } - - /* do real parsing */ - for (i_slab = 0; i_slab <= which_slab; i_slab++) { - unsigned max = (i_slab == which_slab) ? - in_slab_index : (1UL << (i_slab + 4)); - ScannedMember *slab = scanned_member_slabs[i_slab]; - - for (j = 0; j < max; j++) { - if (!parse_member(slab + j, rv, allocator)) { - PROTOBUF_C_UNPACK_ERROR("error parsing member %s of %s", - slab->field ? slab->field->name : "*unknown-field*", - desc->name); - goto error_cleanup; - } - } - } - - /* cleanup */ - for (j = 1; j <= which_slab; j++) - do_free(allocator, scanned_member_slabs[j]); - if (required_fields_bitmap_alloced) - do_free(allocator, required_fields_bitmap); - return rv; - -error_cleanup: - protobuf_c_message_free_unpacked(rv, allocator); - for (j = 1; j <= which_slab; j++) - do_free(allocator, scanned_member_slabs[j]); - if (required_fields_bitmap_alloced) - do_free(allocator, required_fields_bitmap); - return NULL; - -error_cleanup_during_scan: - do_free(allocator, rv); - for (j = 1; j <= which_slab; j++) - do_free(allocator, scanned_member_slabs[j]); - if (required_fields_bitmap_alloced) - do_free(allocator, required_fields_bitmap); - return NULL; -} - -void -protobuf_c_message_free_unpacked(ProtobufCMessage *message, - ProtobufCAllocator *allocator) -{ - const ProtobufCMessageDescriptor *desc; - unsigned f; - - if (message == NULL) - return; - - desc = message->descriptor; - - ASSERT_IS_MESSAGE(message); - - if (allocator == NULL) - allocator = &protobuf_c__allocator; - message->descriptor = NULL; - for (f = 0; f < desc->n_fields; f++) { - if (0 != (desc->fields[f].flags & PROTOBUF_C_FIELD_FLAG_ONEOF) && - desc->fields[f].id != - STRUCT_MEMBER(uint32_t, message, desc->fields[f].quantifier_offset)) - { - /* This is not the selected oneof, skip it */ - continue; - } - - if (desc->fields[f].label == PROTOBUF_C_LABEL_REPEATED) { - size_t n = STRUCT_MEMBER(size_t, - message, - desc->fields[f].quantifier_offset); - void *arr = STRUCT_MEMBER(void *, - message, - desc->fields[f].offset); - - if (arr != NULL) { - if (desc->fields[f].type == PROTOBUF_C_TYPE_STRING) { - unsigned i; - for (i = 0; i < n; i++) - do_free(allocator, ((char **) arr)[i]); - } else if (desc->fields[f].type == PROTOBUF_C_TYPE_BYTES) { - unsigned i; - for (i = 0; i < n; i++) - do_free(allocator, ((ProtobufCBinaryData *) arr)[i].data); - } else if (desc->fields[f].type == PROTOBUF_C_TYPE_MESSAGE) { - unsigned i; - for (i = 0; i < n; i++) - protobuf_c_message_free_unpacked( - ((ProtobufCMessage **) arr)[i], - allocator - ); - } - do_free(allocator, arr); - } - } else if (desc->fields[f].type == PROTOBUF_C_TYPE_STRING) { - char *str = STRUCT_MEMBER(char *, message, - desc->fields[f].offset); - - if (str && str != desc->fields[f].default_value) - do_free(allocator, str); - } else if (desc->fields[f].type == PROTOBUF_C_TYPE_BYTES) { - void *data = STRUCT_MEMBER(ProtobufCBinaryData, message, - desc->fields[f].offset).data; - const ProtobufCBinaryData *default_bd; - - default_bd = desc->fields[f].default_value; - if (data != NULL && - (default_bd == NULL || - default_bd->data != data)) - { - do_free(allocator, data); - } - } else if (desc->fields[f].type == PROTOBUF_C_TYPE_MESSAGE) { - ProtobufCMessage *sm; - - sm = STRUCT_MEMBER(ProtobufCMessage *, message, - desc->fields[f].offset); - if (sm && sm != desc->fields[f].default_value) - protobuf_c_message_free_unpacked(sm, allocator); - } - } - - for (f = 0; f < message->n_unknown_fields; f++) - do_free(allocator, message->unknown_fields[f].data); - if (message->unknown_fields != NULL) - do_free(allocator, message->unknown_fields); - - do_free(allocator, message); -} - -void -protobuf_c_message_init(const ProtobufCMessageDescriptor * descriptor, - void *message) -{ - descriptor->message_init((ProtobufCMessage *) (message)); -} - -protobuf_c_boolean -protobuf_c_message_check(const ProtobufCMessage *message) -{ - unsigned i; - - if (!message || - !message->descriptor || - message->descriptor->magic != PROTOBUF_C__MESSAGE_DESCRIPTOR_MAGIC) - { - return FALSE; - } - - for (i = 0; i < message->descriptor->n_fields; i++) { - const ProtobufCFieldDescriptor *f = message->descriptor->fields + i; - ProtobufCType type = f->type; - ProtobufCLabel label = f->label; - void *field = STRUCT_MEMBER_P (message, f->offset); - - if (f->flags & PROTOBUF_C_FIELD_FLAG_ONEOF) { - const uint32_t *oneof_case = STRUCT_MEMBER_P (message, f->quantifier_offset); - if (f->id != *oneof_case) { - continue; //Do not check if it is an unpopulated oneof member. - } - } - - if (label == PROTOBUF_C_LABEL_REPEATED) { - size_t *quantity = STRUCT_MEMBER_P (message, f->quantifier_offset); - - if (*quantity > 0 && *(void **) field == NULL) { - return FALSE; - } - - if (type == PROTOBUF_C_TYPE_MESSAGE) { - ProtobufCMessage **submessage = *(ProtobufCMessage ***) field; - unsigned j; - for (j = 0; j < *quantity; j++) { - if (!protobuf_c_message_check(submessage[j])) - return FALSE; - } - } else if (type == PROTOBUF_C_TYPE_STRING) { - char **string = *(char ***) field; - unsigned j; - for (j = 0; j < *quantity; j++) { - if (!string[j]) - return FALSE; - } - } else if (type == PROTOBUF_C_TYPE_BYTES) { - ProtobufCBinaryData *bd = *(ProtobufCBinaryData **) field; - unsigned j; - for (j = 0; j < *quantity; j++) { - if (bd[j].len > 0 && bd[j].data == NULL) - return FALSE; - } - } - - } else { /* PROTOBUF_C_LABEL_REQUIRED or PROTOBUF_C_LABEL_OPTIONAL */ - - if (type == PROTOBUF_C_TYPE_MESSAGE) { - ProtobufCMessage *submessage = *(ProtobufCMessage **) field; - if (label == PROTOBUF_C_LABEL_REQUIRED || submessage != NULL) { - if (!protobuf_c_message_check(submessage)) - return FALSE; - } - } else if (type == PROTOBUF_C_TYPE_STRING) { - char *string = *(char **) field; - if (label == PROTOBUF_C_LABEL_REQUIRED && string == NULL) - return FALSE; - } else if (type == PROTOBUF_C_TYPE_BYTES) { - protobuf_c_boolean *has = STRUCT_MEMBER_P (message, f->quantifier_offset); - ProtobufCBinaryData *bd = field; - if (label == PROTOBUF_C_LABEL_REQUIRED || *has == TRUE) { - if (bd->len > 0 && bd->data == NULL) - return FALSE; - } - } - } - } - - return TRUE; -} - -/* === services === */ - -typedef void (*GenericHandler) (void *service, - const ProtobufCMessage *input, - ProtobufCClosure closure, - void *closure_data); -void -protobuf_c_service_invoke_internal(ProtobufCService *service, - unsigned method_index, - const ProtobufCMessage *input, - ProtobufCClosure closure, - void *closure_data) -{ - GenericHandler *handlers; - GenericHandler handler; - - /* - * Verify that method_index is within range. If this fails, you are - * likely invoking a newly added method on an old service. (Although - * other memory corruption bugs can cause this assertion too.) - */ - assert(method_index < service->descriptor->n_methods); - - /* - * Get the array of virtual methods (which are enumerated by the - * generated code). - */ - handlers = (GenericHandler *) (service + 1); - - /* - * Get our method and invoke it. - * \todo Seems like handler == NULL is a situation that needs handling. - */ - handler = handlers[method_index]; - (*handler)(service, input, closure, closure_data); -} - -void -protobuf_c_service_generated_init(ProtobufCService *service, - const ProtobufCServiceDescriptor *descriptor, - ProtobufCServiceDestroy destroy) -{ - ASSERT_IS_SERVICE_DESCRIPTOR(descriptor); - service->descriptor = descriptor; - service->destroy = destroy; - service->invoke = protobuf_c_service_invoke_internal; - memset(service + 1, 0, descriptor->n_methods * sizeof(GenericHandler)); -} - -void protobuf_c_service_destroy(ProtobufCService *service) -{ - service->destroy(service); -} - -/* --- querying the descriptors --- */ - -const ProtobufCEnumValue * -protobuf_c_enum_descriptor_get_value_by_name(const ProtobufCEnumDescriptor *desc, - const char *name) -{ - unsigned start = 0; - unsigned count; - - if (desc == NULL || desc->values_by_name == NULL) - return NULL; - - count = desc->n_value_names; - - while (count > 1) { - unsigned mid = start + count / 2; - int rv = strcmp(desc->values_by_name[mid].name, name); - if (rv == 0) - return desc->values + desc->values_by_name[mid].index; - else if (rv < 0) { - count = start + count - (mid + 1); - start = mid + 1; - } else - count = mid - start; - } - if (count == 0) - return NULL; - if (strcmp(desc->values_by_name[start].name, name) == 0) - return desc->values + desc->values_by_name[start].index; - return NULL; -} - -const ProtobufCEnumValue * -protobuf_c_enum_descriptor_get_value(const ProtobufCEnumDescriptor *desc, - int value) -{ - int rv = int_range_lookup(desc->n_value_ranges, desc->value_ranges, value); - if (rv < 0) - return NULL; - return desc->values + rv; -} - -const ProtobufCFieldDescriptor * -protobuf_c_message_descriptor_get_field_by_name(const ProtobufCMessageDescriptor *desc, - const char *name) -{ - unsigned start = 0; - unsigned count; - const ProtobufCFieldDescriptor *field; - - if (desc == NULL || desc->fields_sorted_by_name == NULL) - return NULL; - - count = desc->n_fields; - - while (count > 1) { - unsigned mid = start + count / 2; - int rv; - field = desc->fields + desc->fields_sorted_by_name[mid]; - rv = strcmp(field->name, name); - if (rv == 0) - return field; - else if (rv < 0) { - count = start + count - (mid + 1); - start = mid + 1; - } else - count = mid - start; - } - if (count == 0) - return NULL; - field = desc->fields + desc->fields_sorted_by_name[start]; - if (strcmp(field->name, name) == 0) - return field; - return NULL; -} - -const ProtobufCFieldDescriptor * -protobuf_c_message_descriptor_get_field(const ProtobufCMessageDescriptor *desc, - unsigned value) -{ - int rv = int_range_lookup(desc->n_field_ranges,desc->field_ranges, value); - if (rv < 0) - return NULL; - return desc->fields + rv; -} - -const ProtobufCMethodDescriptor * -protobuf_c_service_descriptor_get_method_by_name(const ProtobufCServiceDescriptor *desc, - const char *name) -{ - unsigned start = 0; - unsigned count; - - if (desc == NULL || desc->method_indices_by_name == NULL) - return NULL; - - count = desc->n_methods; - - while (count > 1) { - unsigned mid = start + count / 2; - unsigned mid_index = desc->method_indices_by_name[mid]; - const char *mid_name = desc->methods[mid_index].name; - int rv = strcmp(mid_name, name); - - if (rv == 0) - return desc->methods + desc->method_indices_by_name[mid]; - if (rv < 0) { - count = start + count - (mid + 1); - start = mid + 1; - } else { - count = mid - start; - } - } - if (count == 0) - return NULL; - if (strcmp(desc->methods[desc->method_indices_by_name[start]].name, name) == 0) - return desc->methods + desc->method_indices_by_name[start]; - return NULL; -} diff -Nru sudo-1.9.5p2/lib/protobuf-c/Makefile.in sudo-1.9.9/lib/protobuf-c/Makefile.in --- sudo-1.9.5p2/lib/protobuf-c/Makefile.in 1970-01-01 00:00:00.000000000 +0000 +++ sudo-1.9.9/lib/protobuf-c/Makefile.in 2022-01-27 21:24:06.000000000 +0000 @@ -0,0 +1,181 @@ +# +# SPDX-License-Identifier: ISC +# +# Copyright (c) 2019-2020 Todd C. Miller +# +# Permission to use, copy, modify, and distribute this software for any +# purpose with or without fee is hereby granted, provided that the above +# copyright notice and this permission notice appear in all copies. +# +# THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES +# WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF +# MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR +# ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES +# WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN +# ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF +# OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. +# +# @configure_input@ +# + +#### Start of system configuration section. #### + +srcdir = @srcdir@ +abs_srcdir = @abs_srcdir@ +top_srcdir = @top_srcdir@ +abs_top_srcdir = @abs_top_srcdir@ +top_builddir = @top_builddir@ +abs_top_builddir = @abs_top_builddir@ +devdir = @devdir@ +scriptdir = $(top_srcdir)/scripts +incdir = $(top_srcdir)/include + +# Compiler & tools to use +CC = @CC@ +LIBTOOL = @LIBTOOL@ + +# C preprocessor flags +CPPFLAGS = -I$(incdir) -I$(top_builddir) -I$(srcdir) -I$(top_srcdir) @CPPFLAGS@ + +# Usually -O and/or -g +CFLAGS = @CFLAGS@ + +# Flags to pass to libtool +LTFLAGS = @LT_STATIC@ + +# Address sanitizer flags +ASAN_CFLAGS = @ASAN_CFLAGS@ +ASAN_LDFLAGS = @ASAN_LDFLAGS@ + +# PIE flags +PIE_CFLAGS = @PIE_CFLAGS@ +PIE_LDFLAGS = @PIE_LDFLAGS@ + +# Stack smashing protection flags +SSP_CFLAGS = @SSP_CFLAGS@ +SSP_LDFLAGS = @SSP_LDFLAGS@ + +# cppcheck options, usually set in the top-level Makefile +CPPCHECK_OPTS = -q --enable=warning,performance,portability --suppress=constStatement --suppress=compareBoolExpressionWithInt --error-exitcode=1 --inline-suppr -Dva_copy=va_copy -U__cplusplus -UQUAD_MAX -UQUAD_MIN -UUQUAD_MAX -U_POSIX_HOST_NAME_MAX -U_POSIX_PATH_MAX -U__NBBY -DNSIG=64 + +# splint options, usually set in the top-level Makefile +SPLINT_OPTS = -D__restrict= -checks + +# PVS-studio options +PVS_CFG = $(top_srcdir)/PVS-Studio.cfg +PVS_IGNORE = 'V707,V011,V002,V536' +PVS_LOG_OPTS = -a 'GA:1,2' -e -t errorfile -d $(PVS_IGNORE) + +# Set to non-empty for development mode +DEVEL = @DEVEL@ + +#### End of system configuration section. #### + +SHELL = @SHELL@ + +LIBPROTOBUF_C_OBJS = protobuf-c.lo + +IOBJS = $(LIBPROTOBUF_C_OBJS:.lo=.i) + +POBJS = $(IOBJS:.i=.plog) + +all: libprotobuf-c.la + +pvs-log-files: $(POBJS) + +pvs-studio: $(POBJS) + plog-converter $(PVS_LOG_OPTS) $(POBJS) + +depend: + $(scriptdir)/mkdep.pl --srcdir=$(abs_top_srcdir) \ + --builddir=$(abs_top_builddir) lib/protobuf-c/Makefile.in + cd $(top_builddir) && ./config.status --file lib/protobuf-c/Makefile + +Makefile: $(srcdir)/Makefile.in + cd $(top_builddir) && ./config.status --file lib/protobuf-c/Makefile + +.SUFFIXES: .c .h .i .lo .plog + +.c.lo: + $(LIBTOOL) $(LTFLAGS) --mode=compile $(CC) -c -o $@ $(CPPFLAGS) $(CFLAGS) $(ASAN_CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $< + +.c.i: + $(CC) -E -o $@ $(CPPFLAGS) $< + +.i.plog: + ifile=$<; rm -f $@; pvs-studio --cfg $(PVS_CFG) --sourcetree-root $(top_srcdir) --skip-cl-exe yes --source-file $${ifile%i}c --i-file $< --output-file $@ + +$(devdir)/log_server.pb-c.c: $(srcdir)/log_server.proto + @if [ -n "$(DEVEL)" ]; then \ + cmd='protoc-c --c_out=$(devdir) --proto_path=$(srcdir) $(srcdir)/log_server.proto'; \ + echo "$$cmd"; eval $$cmd; \ + cmd='$(scriptdir)/unanon $(devdir)/log_server.pb-c.h $(devdir)/log_server.pb-c.c'; \ + echo "$$cmd"; eval $$cmd; \ + if [ "$(devdir)" == "$(srcdir)" ]; then \ + cmd='mv -f $(devdir)/log_server.pb-c.h $(incdir)/log_server.pb-c.h'; \ + else \ + cmd='mv -f $(devdir)/log_server.pb-c.h $(top_builddir)/log_server.pb-c.h'; \ + fi; \ + echo "$$cmd"; eval $$cmd; \ + fi + +libprotobuf-c.la: $(LIBPROTOBUF_C_OBJS) + $(LIBTOOL) $(LTFLAGS) --mode=link $(CC) -o $@ $(LIBPROTOBUF_C_OBJS) + +pre-install: + +install: + +install-binaries: + +install-includes: + +install-doc: + +install-plugin: + +install-fuzzer: + +uninstall: + +splint: + splint $(SPLINT_OPTS) -I$(incdir) -I$(top_builddir) -I$(top_srcdir) $(srcdir)/*.c + +cppcheck: + cppcheck $(CPPCHECK_OPTS) -I$(incdir) -I$(top_builddir) -I$(top_srcdir) $(srcdir)/*.c + +pvs-log-files: $(POBJS) + +fuzz: + +check-fuzzer: + +check: check-fuzzer + +clean: + -$(LIBTOOL) $(LTFLAGS) --mode=clean rm -f *.lo *.o *.la + -rm -f *.i *.plog stamp-* core *.core core.* + +mostlyclean: clean + +distclean: clean + -rm -rf Makefile .libs + +clobber: distclean + +realclean: distclean + rm -f TAGS tags + +cleandir: realclean + +.PHONY: clean mostlyclean distclean cleandir clobber realclean + +# Autogenerated dependencies, do not modify +protobuf-c.lo: $(srcdir)/protobuf-c.c $(incdir)/protobuf-c/protobuf-c.h \ + $(top_builddir)/config.h + $(LIBTOOL) $(LTFLAGS) --mode=compile $(CC) -c -o $@ $(CPPFLAGS) $(CFLAGS) $(ASAN_CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(srcdir)/protobuf-c.c +protobuf-c.i: $(srcdir)/protobuf-c.c $(incdir)/protobuf-c/protobuf-c.h \ + $(top_builddir)/config.h + $(CC) -E -o $@ $(CPPFLAGS) $< +protobuf-c.plog: protobuf-c.i + rm -f $@; pvs-studio --cfg $(PVS_CFG) --sourcetree-root $(top_srcdir) --skip-cl-exe yes --source-file $(srcdir)/protobuf-c.c --i-file $< --output-file $@ diff -Nru sudo-1.9.5p2/lib/protobuf-c/protobuf-c.c sudo-1.9.9/lib/protobuf-c/protobuf-c.c --- sudo-1.9.5p2/lib/protobuf-c/protobuf-c.c 1970-01-01 00:00:00.000000000 +0000 +++ sudo-1.9.9/lib/protobuf-c/protobuf-c.c 2022-01-27 21:24:06.000000000 +0000 @@ -0,0 +1,3662 @@ +/* + * Copyright (c) 2008-2015, Dave Benson and the protobuf-c authors. + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions are + * met: + * + * * Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * * Redistributions in binary form must reproduce the above + * copyright notice, this list of conditions and the following disclaimer + * in the documentation and/or other materials provided with the + * distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR + * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT + * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT + * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, + * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY + * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE + * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ + +/*! \file + * Support library for `protoc-c` generated code. + * + * This file implements the public API used by the code generated + * by `protoc-c`. + * + * \authors Dave Benson and the protobuf-c authors + * + * \copyright 2008-2014. Licensed under the terms of the [BSD-2-Clause] license. + */ + +/** + * \todo 64-BIT OPTIMIZATION: certain implementations use 32-bit math + * even on 64-bit platforms (uint64_size, uint64_pack, parse_uint64). + * + * \todo Use size_t consistently. + */ + +#include + +#include /* for malloc, free */ +#include /* for strcmp, strlen, memcpy, memmove, memset */ + +#include "protobuf-c/protobuf-c.h" + +#define TRUE 1 +#define FALSE 0 + +#define PROTOBUF_C__ASSERT_NOT_REACHED() assert(0) + +/* Workaround for Microsoft compilers. */ +#ifdef _MSC_VER +# define inline __inline +#endif + +/** + * \defgroup internal Internal functions and macros + * + * These are not exported by the library but are useful to developers working + * on `libprotobuf-c` itself. + */ + +/** + * \defgroup macros Utility macros for manipulating structures + * + * Macros and constants used to manipulate the base "classes" generated by + * `protobuf-c`. They also define limits and check correctness. + * + * \ingroup internal + * @{ + */ + +/** The maximum length of a 64-bit integer in varint encoding. */ +#define MAX_UINT64_ENCODED_SIZE 10 + +#ifndef PROTOBUF_C_UNPACK_ERROR +# define PROTOBUF_C_UNPACK_ERROR(...) +#endif + +const char protobuf_c_empty_string[] = ""; + +/** + * Internal `ProtobufCMessage` manipulation macro. + * + * Base macro for manipulating a `ProtobufCMessage`. Used by STRUCT_MEMBER() and + * STRUCT_MEMBER_PTR(). + */ +#define STRUCT_MEMBER_P(struct_p, struct_offset) \ + ((void *) ((uint8_t *) (struct_p) + (struct_offset))) + +/** + * Return field in a `ProtobufCMessage` based on offset. + * + * Take a pointer to a `ProtobufCMessage` and find the field at the offset. + * Cast it to the passed type. + */ +#define STRUCT_MEMBER(member_type, struct_p, struct_offset) \ + (*(member_type *) STRUCT_MEMBER_P((struct_p), (struct_offset))) + +/** + * Return field in a `ProtobufCMessage` based on offset. + * + * Take a pointer to a `ProtobufCMessage` and find the field at the offset. Cast + * it to a pointer to the passed type. + */ +#define STRUCT_MEMBER_PTR(member_type, struct_p, struct_offset) \ + ((member_type *) STRUCT_MEMBER_P((struct_p), (struct_offset))) + +/* Assertions for magic numbers. */ + +#define ASSERT_IS_ENUM_DESCRIPTOR(desc) \ + assert((desc)->magic == PROTOBUF_C__ENUM_DESCRIPTOR_MAGIC) + +#define ASSERT_IS_MESSAGE_DESCRIPTOR(desc) \ + assert((desc)->magic == PROTOBUF_C__MESSAGE_DESCRIPTOR_MAGIC) + +#define ASSERT_IS_MESSAGE(message) \ + ASSERT_IS_MESSAGE_DESCRIPTOR((message)->descriptor) + +#define ASSERT_IS_SERVICE_DESCRIPTOR(desc) \ + assert((desc)->magic == PROTOBUF_C__SERVICE_DESCRIPTOR_MAGIC) + +/**@}*/ + +/* --- version --- */ + +const char * +protobuf_c_version(void) +{ + return PROTOBUF_C_VERSION; +} + +uint32_t +protobuf_c_version_number(void) +{ + return PROTOBUF_C_VERSION_NUMBER; +} + +/* --- allocator --- */ + +static void * +system_alloc(void *allocator_data, size_t size) +{ + return malloc(size); +} + +static void +system_free(void *allocator_data, void *data) +{ + free(data); +} + +static inline void * +do_alloc(ProtobufCAllocator *allocator, size_t size) +{ + return allocator->alloc(allocator->allocator_data, size); +} + +static inline void +do_free(ProtobufCAllocator *allocator, void *data) +{ + if (data != NULL) + allocator->free(allocator->allocator_data, data); +} + +/* + * This allocator uses the system's malloc() and free(). It is the default + * allocator used if NULL is passed as the ProtobufCAllocator to an exported + * function. + */ +static ProtobufCAllocator protobuf_c__allocator = { + .alloc = &system_alloc, + .free = &system_free, + .allocator_data = NULL, +}; + +/* === buffer-simple === */ + +void +protobuf_c_buffer_simple_append(ProtobufCBuffer *buffer, + size_t len, const uint8_t *data) +{ + ProtobufCBufferSimple *simp = (ProtobufCBufferSimple *) buffer; + size_t new_len = simp->len + len; + + if (new_len > simp->alloced) { + ProtobufCAllocator *allocator = simp->allocator; + size_t new_alloced = simp->alloced * 2; + uint8_t *new_data; + + if (allocator == NULL) + allocator = &protobuf_c__allocator; + while (new_alloced < new_len) + new_alloced += new_alloced; + new_data = do_alloc(allocator, new_alloced); + if (!new_data) + return; + memcpy(new_data, simp->data, simp->len); + if (simp->must_free_data) + do_free(allocator, simp->data); + else + simp->must_free_data = TRUE; + simp->data = new_data; + simp->alloced = new_alloced; + } + memcpy(simp->data + simp->len, data, len); + simp->len = new_len; +} + +/** + * \defgroup packedsz protobuf_c_message_get_packed_size() implementation + * + * Routines mainly used by protobuf_c_message_get_packed_size(). + * + * \ingroup internal + * @{ + */ + +/** + * Return the number of bytes required to store the tag for the field. Includes + * 3 bits for the wire-type, and a single bit that denotes the end-of-tag. + * + * \param number + * Field tag to encode. + * \return + * Number of bytes required. + */ +static inline size_t +get_tag_size(uint32_t number) +{ + if (number < (1UL << 4)) { + return 1; + } else if (number < (1UL << 11)) { + return 2; + } else if (number < (1UL << 18)) { + return 3; + } else if (number < (1UL << 25)) { + return 4; + } else { + return 5; + } +} + +/** + * Return the number of bytes required to store a variable-length unsigned + * 32-bit integer in base-128 varint encoding. + * + * \param v + * Value to encode. + * \return + * Number of bytes required. + */ +static inline size_t +uint32_size(uint32_t v) +{ + if (v < (1UL << 7)) { + return 1; + } else if (v < (1UL << 14)) { + return 2; + } else if (v < (1UL << 21)) { + return 3; + } else if (v < (1UL << 28)) { + return 4; + } else { + return 5; + } +} + +/** + * Return the number of bytes required to store a variable-length signed 32-bit + * integer in base-128 varint encoding. + * + * \param v + * Value to encode. + * \return + * Number of bytes required. + */ +static inline size_t +int32_size(int32_t v) +{ + if (v < 0) { + return 10; + } else if (v < (1L << 7)) { + return 1; + } else if (v < (1L << 14)) { + return 2; + } else if (v < (1L << 21)) { + return 3; + } else if (v < (1L << 28)) { + return 4; + } else { + return 5; + } +} + +/** + * Return the ZigZag-encoded 32-bit unsigned integer form of a 32-bit signed + * integer. + * + * \param v + * Value to encode. + * \return + * ZigZag encoded integer. + */ +static inline uint32_t +zigzag32(int32_t v) +{ + // Note: the right-shift must be arithmetic + // Note: left shift must be unsigned because of overflow + return ((uint32_t)(v) << 1) ^ (uint32_t)(v >> 31); +} + +/** + * Return the number of bytes required to store a signed 32-bit integer, + * converted to an unsigned 32-bit integer with ZigZag encoding, using base-128 + * varint encoding. + * + * \param v + * Value to encode. + * \return + * Number of bytes required. + */ +static inline size_t +sint32_size(int32_t v) +{ + return uint32_size(zigzag32(v)); +} + +/** + * Return the number of bytes required to store a 64-bit unsigned integer in + * base-128 varint encoding. + * + * \param v + * Value to encode. + * \return + * Number of bytes required. + */ +static inline size_t +uint64_size(uint64_t v) +{ + uint32_t upper_v = (uint32_t) (v >> 32); + + if (upper_v == 0) { + return uint32_size((uint32_t) v); + } else if (upper_v < (1UL << 3)) { + return 5; + } else if (upper_v < (1UL << 10)) { + return 6; + } else if (upper_v < (1UL << 17)) { + return 7; + } else if (upper_v < (1UL << 24)) { + return 8; + } else if (upper_v < (1UL << 31)) { + return 9; + } else { + return 10; + } +} + +/** + * Return the ZigZag-encoded 64-bit unsigned integer form of a 64-bit signed + * integer. + * + * \param v + * Value to encode. + * \return + * ZigZag encoded integer. + */ +static inline uint64_t +zigzag64(int64_t v) +{ + // Note: the right-shift must be arithmetic + // Note: left shift must be unsigned because of overflow + return ((uint64_t)(v) << 1) ^ (uint64_t)(v >> 63); +} + +/** + * Return the number of bytes required to store a signed 64-bit integer, + * converted to an unsigned 64-bit integer with ZigZag encoding, using base-128 + * varint encoding. + * + * \param v + * Value to encode. + * \return + * Number of bytes required. + */ +static inline size_t +sint64_size(int64_t v) +{ + return uint64_size(zigzag64(v)); +} + +/** + * Calculate the serialized size of a single required message field, including + * the space needed by the preceding tag. + * + * \param field + * Field descriptor for member. + * \param member + * Field to encode. + * \return + * Number of bytes required. + */ +static size_t +required_field_get_packed_size(const ProtobufCFieldDescriptor *field, + const void *member) +{ + size_t rv = get_tag_size(field->id); + + switch (field->type) { + case PROTOBUF_C_TYPE_SINT32: + return rv + sint32_size(*(const int32_t *) member); + case PROTOBUF_C_TYPE_ENUM: + case PROTOBUF_C_TYPE_INT32: + return rv + int32_size(*(const int32_t *) member); + case PROTOBUF_C_TYPE_UINT32: + return rv + uint32_size(*(const uint32_t *) member); + case PROTOBUF_C_TYPE_SINT64: + return rv + sint64_size(*(const int64_t *) member); + case PROTOBUF_C_TYPE_INT64: + case PROTOBUF_C_TYPE_UINT64: + return rv + uint64_size(*(const uint64_t *) member); + case PROTOBUF_C_TYPE_SFIXED32: + case PROTOBUF_C_TYPE_FIXED32: + return rv + 4; + case PROTOBUF_C_TYPE_SFIXED64: + case PROTOBUF_C_TYPE_FIXED64: + return rv + 8; + case PROTOBUF_C_TYPE_BOOL: + return rv + 1; + case PROTOBUF_C_TYPE_FLOAT: + return rv + 4; + case PROTOBUF_C_TYPE_DOUBLE: + return rv + 8; + case PROTOBUF_C_TYPE_STRING: { + const char *str = *(char * const *) member; + size_t len = str ? strlen(str) : 0; + return rv + uint32_size(len) + len; + } + case PROTOBUF_C_TYPE_BYTES: { + size_t len = ((const ProtobufCBinaryData *) member)->len; + return rv + uint32_size(len) + len; + } + case PROTOBUF_C_TYPE_MESSAGE: { + const ProtobufCMessage *msg = *(ProtobufCMessage * const *) member; + size_t subrv = msg ? protobuf_c_message_get_packed_size(msg) : 0; + return rv + uint32_size(subrv) + subrv; + } + } + PROTOBUF_C__ASSERT_NOT_REACHED(); + return 0; +} + +/** + * Calculate the serialized size of a single oneof message field, including + * the space needed by the preceding tag. Returns 0 if the oneof field isn't + * selected or is not set. + * + * \param field + * Field descriptor for member. + * \param oneof_case + * Enum value that selects the field in the oneof. + * \param member + * Field to encode. + * \return + * Number of bytes required. + */ +static size_t +oneof_field_get_packed_size(const ProtobufCFieldDescriptor *field, + uint32_t oneof_case, + const void *member) +{ + if (oneof_case != field->id) { + return 0; + } + if (field->type == PROTOBUF_C_TYPE_MESSAGE || + field->type == PROTOBUF_C_TYPE_STRING) + { + const void *ptr = *(const void * const *) member; + if (ptr == NULL || ptr == field->default_value) + return 0; + } + return required_field_get_packed_size(field, member); +} + +/** + * Calculate the serialized size of a single optional message field, including + * the space needed by the preceding tag. Returns 0 if the optional field isn't + * set. + * + * \param field + * Field descriptor for member. + * \param has + * True if the field exists, false if not. + * \param member + * Field to encode. + * \return + * Number of bytes required. + */ +static size_t +optional_field_get_packed_size(const ProtobufCFieldDescriptor *field, + const protobuf_c_boolean has, + const void *member) +{ + if (field->type == PROTOBUF_C_TYPE_MESSAGE || + field->type == PROTOBUF_C_TYPE_STRING) + { + const void *ptr = *(const void * const *) member; + if (ptr == NULL || ptr == field->default_value) + return 0; + } else { + if (!has) + return 0; + } + return required_field_get_packed_size(field, member); +} + +static protobuf_c_boolean +field_is_zeroish(const ProtobufCFieldDescriptor *field, + const void *member) +{ + protobuf_c_boolean ret = FALSE; + + switch (field->type) { + case PROTOBUF_C_TYPE_BOOL: + ret = (0 == *(const protobuf_c_boolean *) member); + break; + case PROTOBUF_C_TYPE_ENUM: + case PROTOBUF_C_TYPE_SINT32: + case PROTOBUF_C_TYPE_INT32: + case PROTOBUF_C_TYPE_UINT32: + case PROTOBUF_C_TYPE_SFIXED32: + case PROTOBUF_C_TYPE_FIXED32: + ret = (0 == *(const uint32_t *) member); + break; + case PROTOBUF_C_TYPE_SINT64: + case PROTOBUF_C_TYPE_INT64: + case PROTOBUF_C_TYPE_UINT64: + case PROTOBUF_C_TYPE_SFIXED64: + case PROTOBUF_C_TYPE_FIXED64: + ret = (0 == *(const uint64_t *) member); + break; + case PROTOBUF_C_TYPE_FLOAT: + ret = (0 == *(const float *) member); + break; + case PROTOBUF_C_TYPE_DOUBLE: + ret = (0 == *(const double *) member); + break; + case PROTOBUF_C_TYPE_STRING: + ret = (NULL == *(const char * const *) member) || + ('\0' == **(const char * const *) member); + break; + case PROTOBUF_C_TYPE_BYTES: + case PROTOBUF_C_TYPE_MESSAGE: + ret = (NULL == *(const void * const *) member); + break; + default: + ret = TRUE; + break; + } + + return ret; +} + +/** + * Calculate the serialized size of a single unlabeled message field, including + * the space needed by the preceding tag. Returns 0 if the field isn't set or + * if it is set to a "zeroish" value (null pointer or 0 for numerical values). + * Unlabeled fields are supported only in proto3. + * + * \param field + * Field descriptor for member. + * \param member + * Field to encode. + * \return + * Number of bytes required. + */ +static size_t +unlabeled_field_get_packed_size(const ProtobufCFieldDescriptor *field, + const void *member) +{ + if (field_is_zeroish(field, member)) + return 0; + return required_field_get_packed_size(field, member); +} + +/** + * Calculate the serialized size of repeated message fields, which may consist + * of any number of values (including 0). Includes the space needed by the + * preceding tags (as needed). + * + * \param field + * Field descriptor for member. + * \param count + * Number of repeated field members. + * \param member + * Field to encode. + * \return + * Number of bytes required. + */ +static size_t +repeated_field_get_packed_size(const ProtobufCFieldDescriptor *field, + size_t count, const void *member) +{ + size_t header_size; + size_t rv = 0; + unsigned i; + void *array = *(void * const *) member; + + if (count == 0) + return 0; + header_size = get_tag_size(field->id); + if (0 == (field->flags & PROTOBUF_C_FIELD_FLAG_PACKED)) + header_size *= count; + + switch (field->type) { + case PROTOBUF_C_TYPE_SINT32: + for (i = 0; i < count; i++) + rv += sint32_size(((int32_t *) array)[i]); + break; + case PROTOBUF_C_TYPE_ENUM: + case PROTOBUF_C_TYPE_INT32: + for (i = 0; i < count; i++) + rv += int32_size(((int32_t *) array)[i]); + break; + case PROTOBUF_C_TYPE_UINT32: + for (i = 0; i < count; i++) + rv += uint32_size(((uint32_t *) array)[i]); + break; + case PROTOBUF_C_TYPE_SINT64: + for (i = 0; i < count; i++) + rv += sint64_size(((int64_t *) array)[i]); + break; + case PROTOBUF_C_TYPE_INT64: + case PROTOBUF_C_TYPE_UINT64: + for (i = 0; i < count; i++) + rv += uint64_size(((uint64_t *) array)[i]); + break; + case PROTOBUF_C_TYPE_SFIXED32: + case PROTOBUF_C_TYPE_FIXED32: + case PROTOBUF_C_TYPE_FLOAT: + rv += 4 * count; + break; + case PROTOBUF_C_TYPE_SFIXED64: + case PROTOBUF_C_TYPE_FIXED64: + case PROTOBUF_C_TYPE_DOUBLE: + rv += 8 * count; + break; + case PROTOBUF_C_TYPE_BOOL: + rv += count; + break; + case PROTOBUF_C_TYPE_STRING: + for (i = 0; i < count; i++) { + size_t len = strlen(((char **) array)[i]); + rv += uint32_size(len) + len; + } + break; + case PROTOBUF_C_TYPE_BYTES: + for (i = 0; i < count; i++) { + size_t len = ((ProtobufCBinaryData *) array)[i].len; + rv += uint32_size(len) + len; + } + break; + case PROTOBUF_C_TYPE_MESSAGE: + for (i = 0; i < count; i++) { + size_t len = protobuf_c_message_get_packed_size( + ((ProtobufCMessage **) array)[i]); + rv += uint32_size(len) + len; + } + break; + } + + if (0 != (field->flags & PROTOBUF_C_FIELD_FLAG_PACKED)) + header_size += uint32_size(rv); + return header_size + rv; +} + +/** + * Calculate the serialized size of an unknown field, i.e. one that is passed + * through mostly uninterpreted. This is required for forward compatibility if + * new fields are added to the message descriptor. + * + * \param field + * Unknown field type. + * \return + * Number of bytes required. + */ +static inline size_t +unknown_field_get_packed_size(const ProtobufCMessageUnknownField *field) +{ + return get_tag_size(field->tag) + field->len; +} + +/**@}*/ + +/* + * Calculate the serialized size of the message. + */ +size_t protobuf_c_message_get_packed_size(const ProtobufCMessage *message) +{ + unsigned i; + size_t rv = 0; + + ASSERT_IS_MESSAGE(message); + for (i = 0; i < message->descriptor->n_fields; i++) { + const ProtobufCFieldDescriptor *field = + message->descriptor->fields + i; + const void *member = + ((const char *) message) + field->offset; + const void *qmember = + ((const char *) message) + field->quantifier_offset; + + if (field->label == PROTOBUF_C_LABEL_REQUIRED) { + rv += required_field_get_packed_size(field, member); + } else if ((field->label == PROTOBUF_C_LABEL_OPTIONAL || + field->label == PROTOBUF_C_LABEL_NONE) && + (0 != (field->flags & PROTOBUF_C_FIELD_FLAG_ONEOF))) { + rv += oneof_field_get_packed_size( + field, + *(const uint32_t *) qmember, + member + ); + } else if (field->label == PROTOBUF_C_LABEL_OPTIONAL) { + rv += optional_field_get_packed_size( + field, + *(protobuf_c_boolean *) qmember, + member + ); + } else if (field->label == PROTOBUF_C_LABEL_NONE) { + rv += unlabeled_field_get_packed_size( + field, + member + ); + } else { + rv += repeated_field_get_packed_size( + field, + *(const size_t *) qmember, + member + ); + } + } + for (i = 0; i < message->n_unknown_fields; i++) + rv += unknown_field_get_packed_size(&message->unknown_fields[i]); + return rv; +} + +/** + * \defgroup pack protobuf_c_message_pack() implementation + * + * Routines mainly used by protobuf_c_message_pack(). + * + * \ingroup internal + * @{ + */ + +/** + * Pack an unsigned 32-bit integer in base-128 varint encoding and return the + * number of bytes written, which must be 5 or less. + * + * \param value + * Value to encode. + * \param[out] out + * Packed value. + * \return + * Number of bytes written to `out`. + */ +static inline size_t +uint32_pack(uint32_t value, uint8_t *out) +{ + unsigned rv = 0; + + if (value >= 0x80) { + out[rv++] = value | 0x80; + value >>= 7; + if (value >= 0x80) { + out[rv++] = value | 0x80; + value >>= 7; + if (value >= 0x80) { + out[rv++] = value | 0x80; + value >>= 7; + if (value >= 0x80) { + out[rv++] = value | 0x80; + value >>= 7; + } + } + } + } + /* assert: value<128 */ + out[rv++] = value; + return rv; +} + +/** + * Pack a signed 32-bit integer and return the number of bytes written. + * Negative numbers are encoded as two's complement 64-bit integers. + * + * \param value + * Value to encode. + * \param[out] out + * Packed value. + * \return + * Number of bytes written to `out`. + */ +static inline size_t +int32_pack(int32_t value, uint8_t *out) +{ + if (value < 0) { + out[0] = value | 0x80; + out[1] = (value >> 7) | 0x80; + out[2] = (value >> 14) | 0x80; + out[3] = (value >> 21) | 0x80; + out[4] = (value >> 28) | 0x80; + out[5] = out[6] = out[7] = out[8] = 0xff; + out[9] = 0x01; + return 10; + } else { + return uint32_pack(value, out); + } +} + +/** + * Pack a signed 32-bit integer using ZigZag encoding and return the number of + * bytes written. + * + * \param value + * Value to encode. + * \param[out] out + * Packed value. + * \return + * Number of bytes written to `out`. + */ +static inline size_t +sint32_pack(int32_t value, uint8_t *out) +{ + return uint32_pack(zigzag32(value), out); +} + +/** + * Pack a 64-bit unsigned integer using base-128 varint encoding and return the + * number of bytes written. + * + * \param value + * Value to encode. + * \param[out] out + * Packed value. + * \return + * Number of bytes written to `out`. + */ +static size_t +uint64_pack(uint64_t value, uint8_t *out) +{ + uint32_t hi = (uint32_t) (value >> 32); + uint32_t lo = (uint32_t) value; + unsigned rv; + + if (hi == 0) + return uint32_pack((uint32_t) lo, out); + out[0] = (lo) | 0x80; + out[1] = (lo >> 7) | 0x80; + out[2] = (lo >> 14) | 0x80; + out[3] = (lo >> 21) | 0x80; + if (hi < 8) { + out[4] = (hi << 4) | (lo >> 28); + return 5; + } else { + out[4] = ((hi & 7) << 4) | (lo >> 28) | 0x80; + hi >>= 3; + } + rv = 5; + while (hi >= 128) { + out[rv++] = hi | 0x80; + hi >>= 7; + } + out[rv++] = hi; + return rv; +} + +/** + * Pack a 64-bit signed integer in ZigZag encoding and return the number of + * bytes written. + * + * \param value + * Value to encode. + * \param[out] out + * Packed value. + * \return + * Number of bytes written to `out`. + */ +static inline size_t +sint64_pack(int64_t value, uint8_t *out) +{ + return uint64_pack(zigzag64(value), out); +} + +/** + * Pack a 32-bit quantity in little-endian byte order. Used for protobuf wire + * types fixed32, sfixed32, float. Similar to "htole32". + * + * \param value + * Value to encode. + * \param[out] out + * Packed value. + * \return + * Number of bytes written to `out`. + */ +static inline size_t +fixed32_pack(uint32_t value, void *out) +{ +#if !defined(WORDS_BIGENDIAN) + memcpy(out, &value, 4); +#else + uint8_t *buf = out; + + buf[0] = value; + buf[1] = value >> 8; + buf[2] = value >> 16; + buf[3] = value >> 24; +#endif + return 4; +} + +/** + * Pack a 64-bit quantity in little-endian byte order. Used for protobuf wire + * types fixed64, sfixed64, double. Similar to "htole64". + * + * \todo The big-endian impl is really only good for 32-bit machines, a 64-bit + * version would be appreciated, plus a way to decide to use 64-bit math where + * convenient. + * + * \param value + * Value to encode. + * \param[out] out + * Packed value. + * \return + * Number of bytes written to `out`. + */ +static inline size_t +fixed64_pack(uint64_t value, void *out) +{ +#if !defined(WORDS_BIGENDIAN) + memcpy(out, &value, 8); +#else + fixed32_pack(value, out); + fixed32_pack(value >> 32, ((char *) out) + 4); +#endif + return 8; +} + +/** + * Pack a boolean value as an integer and return the number of bytes written. + * + * \todo Perhaps on some platforms *out = !!value would be a better impl, b/c + * that is idiomatic C++ in some STL implementations. + * + * \param value + * Value to encode. + * \param[out] out + * Packed value. + * \return + * Number of bytes written to `out`. + */ +static inline size_t +boolean_pack(protobuf_c_boolean value, uint8_t *out) +{ + *out = value ? TRUE : FALSE; + return 1; +} + +/** + * Pack a NUL-terminated C string and return the number of bytes written. The + * output includes a length delimiter. + * + * The NULL pointer is treated as an empty string. This isn't really necessary, + * but it allows people to leave required strings blank. (See Issue #13 in the + * bug tracker for a little more explanation). + * + * \param str + * String to encode. + * \param[out] out + * Packed value. + * \return + * Number of bytes written to `out`. + */ +static inline size_t +string_pack(const char *str, uint8_t *out) +{ + if (str == NULL) { + out[0] = 0; + return 1; + } else { + size_t len = strlen(str); + size_t rv = uint32_pack(len, out); + memcpy(out + rv, str, len); + return rv + len; + } +} + +/** + * Pack a ProtobufCBinaryData and return the number of bytes written. The output + * includes a length delimiter. + * + * \param bd + * ProtobufCBinaryData to encode. + * \param[out] out + * Packed value. + * \return + * Number of bytes written to `out`. + */ +static inline size_t +binary_data_pack(const ProtobufCBinaryData *bd, uint8_t *out) +{ + size_t len = bd->len; + size_t rv = uint32_pack(len, out); + memcpy(out + rv, bd->data, len); + return rv + len; +} + +/** + * Pack a ProtobufCMessage and return the number of bytes written. The output + * includes a length delimiter. + * + * \param message + * ProtobufCMessage object to pack. + * \param[out] out + * Packed message. + * \return + * Number of bytes written to `out`. + */ +static inline size_t +prefixed_message_pack(const ProtobufCMessage *message, uint8_t *out) +{ + if (message == NULL) { + out[0] = 0; + return 1; + } else { + size_t rv = protobuf_c_message_pack(message, out + 1); + uint32_t rv_packed_size = uint32_size(rv); + if (rv_packed_size != 1) + memmove(out + rv_packed_size, out + 1, rv); + return uint32_pack(rv, out) + rv; + } +} + +/** + * Pack a field tag. + * + * Wire-type will be added in required_field_pack(). + * + * \todo Just call uint64_pack on 64-bit platforms. + * + * \param id + * Tag value to encode. + * \param[out] out + * Packed value. + * \return + * Number of bytes written to `out`. + */ +static size_t +tag_pack(uint32_t id, uint8_t *out) +{ + if (id < (1UL << (32 - 3))) + return uint32_pack(id << 3, out); + else + return uint64_pack(((uint64_t) id) << 3, out); +} + +/** + * Pack a required field and return the number of bytes written. + * + * \param field + * Field descriptor. + * \param member + * The field member. + * \param[out] out + * Packed value. + * \return + * Number of bytes written to `out`. + */ +static size_t +required_field_pack(const ProtobufCFieldDescriptor *field, + const void *member, uint8_t *out) +{ + size_t rv = tag_pack(field->id, out); + + switch (field->type) { + case PROTOBUF_C_TYPE_SINT32: + out[0] |= PROTOBUF_C_WIRE_TYPE_VARINT; + return rv + sint32_pack(*(const int32_t *) member, out + rv); + case PROTOBUF_C_TYPE_ENUM: + case PROTOBUF_C_TYPE_INT32: + out[0] |= PROTOBUF_C_WIRE_TYPE_VARINT; + return rv + int32_pack(*(const int32_t *) member, out + rv); + case PROTOBUF_C_TYPE_UINT32: + out[0] |= PROTOBUF_C_WIRE_TYPE_VARINT; + return rv + uint32_pack(*(const uint32_t *) member, out + rv); + case PROTOBUF_C_TYPE_SINT64: + out[0] |= PROTOBUF_C_WIRE_TYPE_VARINT; + return rv + sint64_pack(*(const int64_t *) member, out + rv); + case PROTOBUF_C_TYPE_INT64: + case PROTOBUF_C_TYPE_UINT64: + out[0] |= PROTOBUF_C_WIRE_TYPE_VARINT; + return rv + uint64_pack(*(const uint64_t *) member, out + rv); + case PROTOBUF_C_TYPE_SFIXED32: + case PROTOBUF_C_TYPE_FIXED32: + case PROTOBUF_C_TYPE_FLOAT: + out[0] |= PROTOBUF_C_WIRE_TYPE_32BIT; + return rv + fixed32_pack(*(const uint32_t *) member, out + rv); + case PROTOBUF_C_TYPE_SFIXED64: + case PROTOBUF_C_TYPE_FIXED64: + case PROTOBUF_C_TYPE_DOUBLE: + out[0] |= PROTOBUF_C_WIRE_TYPE_64BIT; + return rv + fixed64_pack(*(const uint64_t *) member, out + rv); + case PROTOBUF_C_TYPE_BOOL: + out[0] |= PROTOBUF_C_WIRE_TYPE_VARINT; + return rv + boolean_pack(*(const protobuf_c_boolean *) member, out + rv); + case PROTOBUF_C_TYPE_STRING: + out[0] |= PROTOBUF_C_WIRE_TYPE_LENGTH_PREFIXED; + return rv + string_pack(*(char *const *) member, out + rv); + case PROTOBUF_C_TYPE_BYTES: + out[0] |= PROTOBUF_C_WIRE_TYPE_LENGTH_PREFIXED; + return rv + binary_data_pack((const ProtobufCBinaryData *) member, out + rv); + case PROTOBUF_C_TYPE_MESSAGE: + out[0] |= PROTOBUF_C_WIRE_TYPE_LENGTH_PREFIXED; + return rv + prefixed_message_pack(*(ProtobufCMessage * const *) member, out + rv); + } + PROTOBUF_C__ASSERT_NOT_REACHED(); + return 0; +} + +/** + * Pack a oneof field and return the number of bytes written. Only packs the + * field that is selected by the case enum. + * + * \param field + * Field descriptor. + * \param oneof_case + * Enum value that selects the field in the oneof. + * \param member + * The field member. + * \param[out] out + * Packed value. + * \return + * Number of bytes written to `out`. + */ +static size_t +oneof_field_pack(const ProtobufCFieldDescriptor *field, + uint32_t oneof_case, + const void *member, uint8_t *out) +{ + if (oneof_case != field->id) { + return 0; + } + if (field->type == PROTOBUF_C_TYPE_MESSAGE || + field->type == PROTOBUF_C_TYPE_STRING) + { + const void *ptr = *(const void * const *) member; + if (ptr == NULL || ptr == field->default_value) + return 0; + } + return required_field_pack(field, member, out); +} + +/** + * Pack an optional field and return the number of bytes written. + * + * \param field + * Field descriptor. + * \param has + * Whether the field is set. + * \param member + * The field member. + * \param[out] out + * Packed value. + * \return + * Number of bytes written to `out`. + */ +static size_t +optional_field_pack(const ProtobufCFieldDescriptor *field, + const protobuf_c_boolean has, + const void *member, uint8_t *out) +{ + if (field->type == PROTOBUF_C_TYPE_MESSAGE || + field->type == PROTOBUF_C_TYPE_STRING) + { + const void *ptr = *(const void * const *) member; + if (ptr == NULL || ptr == field->default_value) + return 0; + } else { + if (!has) + return 0; + } + return required_field_pack(field, member, out); +} + +/** + * Pack an unlabeled field and return the number of bytes written. + * + * \param field + * Field descriptor. + * \param member + * The field member. + * \param[out] out + * Packed value. + * \return + * Number of bytes written to `out`. + */ +static size_t +unlabeled_field_pack(const ProtobufCFieldDescriptor *field, + const void *member, uint8_t *out) +{ + if (field_is_zeroish(field, member)) + return 0; + return required_field_pack(field, member, out); +} + +/** + * Given a field type, return the in-memory size. + * + * \todo Implement as a table lookup. + * + * \param type + * Field type. + * \return + * Size of the field. + */ +static inline size_t +sizeof_elt_in_repeated_array(ProtobufCType type) +{ + switch (type) { + case PROTOBUF_C_TYPE_SINT32: + case PROTOBUF_C_TYPE_INT32: + case PROTOBUF_C_TYPE_UINT32: + case PROTOBUF_C_TYPE_SFIXED32: + case PROTOBUF_C_TYPE_FIXED32: + case PROTOBUF_C_TYPE_FLOAT: + case PROTOBUF_C_TYPE_ENUM: + return 4; + case PROTOBUF_C_TYPE_SINT64: + case PROTOBUF_C_TYPE_INT64: + case PROTOBUF_C_TYPE_UINT64: + case PROTOBUF_C_TYPE_SFIXED64: + case PROTOBUF_C_TYPE_FIXED64: + case PROTOBUF_C_TYPE_DOUBLE: + return 8; + case PROTOBUF_C_TYPE_BOOL: + return sizeof(protobuf_c_boolean); + case PROTOBUF_C_TYPE_STRING: + case PROTOBUF_C_TYPE_MESSAGE: + return sizeof(void *); + case PROTOBUF_C_TYPE_BYTES: + return sizeof(ProtobufCBinaryData); + } + PROTOBUF_C__ASSERT_NOT_REACHED(); + return 0; +} + +/** + * Pack an array of 32-bit quantities. + * + * \param[out] out + * Destination. + * \param[in] in + * Source. + * \param[in] n + * Number of elements in the source array. + */ +static void +copy_to_little_endian_32(void *out, const void *in, const unsigned n) +{ +#if !defined(WORDS_BIGENDIAN) + memcpy(out, in, n * 4); +#else + unsigned i; + const uint32_t *ini = in; + for (i = 0; i < n; i++) + fixed32_pack(ini[i], (uint32_t *) out + i); +#endif +} + +/** + * Pack an array of 64-bit quantities. + * + * \param[out] out + * Destination. + * \param[in] in + * Source. + * \param[in] n + * Number of elements in the source array. + */ +static void +copy_to_little_endian_64(void *out, const void *in, const unsigned n) +{ +#if !defined(WORDS_BIGENDIAN) + memcpy(out, in, n * 8); +#else + unsigned i; + const uint64_t *ini = in; + for (i = 0; i < n; i++) + fixed64_pack(ini[i], (uint64_t *) out + i); +#endif +} + +/** + * Get the minimum number of bytes required to pack a field value of a + * particular type. + * + * \param type + * Field type. + * \return + * Number of bytes. + */ +static unsigned +get_type_min_size(ProtobufCType type) +{ + if (type == PROTOBUF_C_TYPE_SFIXED32 || + type == PROTOBUF_C_TYPE_FIXED32 || + type == PROTOBUF_C_TYPE_FLOAT) + { + return 4; + } + if (type == PROTOBUF_C_TYPE_SFIXED64 || + type == PROTOBUF_C_TYPE_FIXED64 || + type == PROTOBUF_C_TYPE_DOUBLE) + { + return 8; + } + return 1; +} + +/** + * Packs the elements of a repeated field and returns the serialised field and + * its length. + * + * \param field + * Field descriptor. + * \param count + * Number of elements in the repeated field array. + * \param member + * Pointer to the elements for this repeated field. + * \param[out] out + * Serialised representation of the repeated field. + * \return + * Number of bytes serialised to `out`. + */ +static size_t +repeated_field_pack(const ProtobufCFieldDescriptor *field, + size_t count, const void *member, uint8_t *out) +{ + void *array = *(void * const *) member; + unsigned i; + + if (0 != (field->flags & PROTOBUF_C_FIELD_FLAG_PACKED)) { + unsigned header_len; + unsigned len_start; + unsigned min_length; + unsigned payload_len; + unsigned length_size_min; + unsigned actual_length_size; + uint8_t *payload_at; + + if (count == 0) + return 0; + header_len = tag_pack(field->id, out); + out[0] |= PROTOBUF_C_WIRE_TYPE_LENGTH_PREFIXED; + len_start = header_len; + min_length = get_type_min_size(field->type) * count; + length_size_min = uint32_size(min_length); + header_len += length_size_min; + payload_at = out + header_len; + + switch (field->type) { + case PROTOBUF_C_TYPE_SFIXED32: + case PROTOBUF_C_TYPE_FIXED32: + case PROTOBUF_C_TYPE_FLOAT: + copy_to_little_endian_32(payload_at, array, count); + payload_at += count * 4; + break; + case PROTOBUF_C_TYPE_SFIXED64: + case PROTOBUF_C_TYPE_FIXED64: + case PROTOBUF_C_TYPE_DOUBLE: + copy_to_little_endian_64(payload_at, array, count); + payload_at += count * 8; + break; + case PROTOBUF_C_TYPE_ENUM: + case PROTOBUF_C_TYPE_INT32: { + const int32_t *arr = (const int32_t *) array; + for (i = 0; i < count; i++) + payload_at += int32_pack(arr[i], payload_at); + break; + } + case PROTOBUF_C_TYPE_SINT32: { + const int32_t *arr = (const int32_t *) array; + for (i = 0; i < count; i++) + payload_at += sint32_pack(arr[i], payload_at); + break; + } + case PROTOBUF_C_TYPE_SINT64: { + const int64_t *arr = (const int64_t *) array; + for (i = 0; i < count; i++) + payload_at += sint64_pack(arr[i], payload_at); + break; + } + case PROTOBUF_C_TYPE_UINT32: { + const uint32_t *arr = (const uint32_t *) array; + for (i = 0; i < count; i++) + payload_at += uint32_pack(arr[i], payload_at); + break; + } + case PROTOBUF_C_TYPE_INT64: + case PROTOBUF_C_TYPE_UINT64: { + const uint64_t *arr = (const uint64_t *) array; + for (i = 0; i < count; i++) + payload_at += uint64_pack(arr[i], payload_at); + break; + } + case PROTOBUF_C_TYPE_BOOL: { + const protobuf_c_boolean *arr = (const protobuf_c_boolean *) array; + for (i = 0; i < count; i++) + payload_at += boolean_pack(arr[i], payload_at); + break; + } + default: + PROTOBUF_C__ASSERT_NOT_REACHED(); + } + + payload_len = payload_at - (out + header_len); + actual_length_size = uint32_size(payload_len); + if (length_size_min != actual_length_size) { + assert(actual_length_size == length_size_min + 1); + memmove(out + header_len + 1, out + header_len, + payload_len); + header_len++; + } + uint32_pack(payload_len, out + len_start); + return header_len + payload_len; + } else { + /* not "packed" cased */ + /* CONSIDER: optimize this case a bit (by putting the loop inside the switch) */ + size_t rv = 0; + unsigned siz = sizeof_elt_in_repeated_array(field->type); + + for (i = 0; i < count; i++) { + rv += required_field_pack(field, array, out + rv); + array = (char *)array + siz; + } + return rv; + } +} + +static size_t +unknown_field_pack(const ProtobufCMessageUnknownField *field, uint8_t *out) +{ + size_t rv = tag_pack(field->tag, out); + out[0] |= field->wire_type; + memcpy(out + rv, field->data, field->len); + return rv + field->len; +} + +/**@}*/ + +size_t +protobuf_c_message_pack(const ProtobufCMessage *message, uint8_t *out) +{ + unsigned i; + size_t rv = 0; + + ASSERT_IS_MESSAGE(message); + for (i = 0; i < message->descriptor->n_fields; i++) { + const ProtobufCFieldDescriptor *field = + message->descriptor->fields + i; + const void *member = ((const char *) message) + field->offset; + + /* + * It doesn't hurt to compute qmember (a pointer to the + * quantifier field of the structure), but the pointer is only + * valid if the field is: + * - a repeated field, or + * - a field that is part of a oneof + * - an optional field that isn't a pointer type + * (Meaning: not a message or a string). + */ + const void *qmember = + ((const char *) message) + field->quantifier_offset; + + if (field->label == PROTOBUF_C_LABEL_REQUIRED) { + rv += required_field_pack(field, member, out + rv); + } else if ((field->label == PROTOBUF_C_LABEL_OPTIONAL || + field->label == PROTOBUF_C_LABEL_NONE) && + (0 != (field->flags & PROTOBUF_C_FIELD_FLAG_ONEOF))) { + rv += oneof_field_pack( + field, + *(const uint32_t *) qmember, + member, + out + rv + ); + } else if (field->label == PROTOBUF_C_LABEL_OPTIONAL) { + rv += optional_field_pack( + field, + *(const protobuf_c_boolean *) qmember, + member, + out + rv + ); + } else if (field->label == PROTOBUF_C_LABEL_NONE) { + rv += unlabeled_field_pack(field, member, out + rv); + } else { + rv += repeated_field_pack(field, *(const size_t *) qmember, + member, out + rv); + } + } + for (i = 0; i < message->n_unknown_fields; i++) + rv += unknown_field_pack(&message->unknown_fields[i], out + rv); + return rv; +} + +/** + * \defgroup packbuf protobuf_c_message_pack_to_buffer() implementation + * + * Routines mainly used by protobuf_c_message_pack_to_buffer(). + * + * \ingroup internal + * @{ + */ + +/** + * Pack a required field to a virtual buffer. + * + * \param field + * Field descriptor. + * \param member + * The element to be packed. + * \param[out] buffer + * Virtual buffer to append data to. + * \return + * Number of bytes packed. + */ +static size_t +required_field_pack_to_buffer(const ProtobufCFieldDescriptor *field, + const void *member, ProtobufCBuffer *buffer) +{ + size_t rv; + uint8_t scratch[MAX_UINT64_ENCODED_SIZE * 2]; + + rv = tag_pack(field->id, scratch); + switch (field->type) { + case PROTOBUF_C_TYPE_SINT32: + scratch[0] |= PROTOBUF_C_WIRE_TYPE_VARINT; + rv += sint32_pack(*(const int32_t *) member, scratch + rv); + buffer->append(buffer, rv, scratch); + break; + case PROTOBUF_C_TYPE_ENUM: + case PROTOBUF_C_TYPE_INT32: + scratch[0] |= PROTOBUF_C_WIRE_TYPE_VARINT; + rv += int32_pack(*(const int32_t *) member, scratch + rv); + buffer->append(buffer, rv, scratch); + break; + case PROTOBUF_C_TYPE_UINT32: + scratch[0] |= PROTOBUF_C_WIRE_TYPE_VARINT; + rv += uint32_pack(*(const uint32_t *) member, scratch + rv); + buffer->append(buffer, rv, scratch); + break; + case PROTOBUF_C_TYPE_SINT64: + scratch[0] |= PROTOBUF_C_WIRE_TYPE_VARINT; + rv += sint64_pack(*(const int64_t *) member, scratch + rv); + buffer->append(buffer, rv, scratch); + break; + case PROTOBUF_C_TYPE_INT64: + case PROTOBUF_C_TYPE_UINT64: + scratch[0] |= PROTOBUF_C_WIRE_TYPE_VARINT; + rv += uint64_pack(*(const uint64_t *) member, scratch + rv); + buffer->append(buffer, rv, scratch); + break; + case PROTOBUF_C_TYPE_SFIXED32: + case PROTOBUF_C_TYPE_FIXED32: + case PROTOBUF_C_TYPE_FLOAT: + scratch[0] |= PROTOBUF_C_WIRE_TYPE_32BIT; + rv += fixed32_pack(*(const uint32_t *) member, scratch + rv); + buffer->append(buffer, rv, scratch); + break; + case PROTOBUF_C_TYPE_SFIXED64: + case PROTOBUF_C_TYPE_FIXED64: + case PROTOBUF_C_TYPE_DOUBLE: + scratch[0] |= PROTOBUF_C_WIRE_TYPE_64BIT; + rv += fixed64_pack(*(const uint64_t *) member, scratch + rv); + buffer->append(buffer, rv, scratch); + break; + case PROTOBUF_C_TYPE_BOOL: + scratch[0] |= PROTOBUF_C_WIRE_TYPE_VARINT; + rv += boolean_pack(*(const protobuf_c_boolean *) member, scratch + rv); + buffer->append(buffer, rv, scratch); + break; + case PROTOBUF_C_TYPE_STRING: { + const char *str = *(char *const *) member; + size_t sublen = str ? strlen(str) : 0; + + scratch[0] |= PROTOBUF_C_WIRE_TYPE_LENGTH_PREFIXED; + rv += uint32_pack(sublen, scratch + rv); + buffer->append(buffer, rv, scratch); + buffer->append(buffer, sublen, (const uint8_t *) str); + rv += sublen; + break; + } + case PROTOBUF_C_TYPE_BYTES: { + const ProtobufCBinaryData *bd = ((const ProtobufCBinaryData *) member); + size_t sublen = bd->len; + + scratch[0] |= PROTOBUF_C_WIRE_TYPE_LENGTH_PREFIXED; + rv += uint32_pack(sublen, scratch + rv); + buffer->append(buffer, rv, scratch); + buffer->append(buffer, sublen, bd->data); + rv += sublen; + break; + } + case PROTOBUF_C_TYPE_MESSAGE: { + uint8_t simple_buffer_scratch[256]; + size_t sublen; + const ProtobufCMessage *msg = *(ProtobufCMessage * const *) member; + ProtobufCBufferSimple simple_buffer = + PROTOBUF_C_BUFFER_SIMPLE_INIT(simple_buffer_scratch); + + scratch[0] |= PROTOBUF_C_WIRE_TYPE_LENGTH_PREFIXED; + if (msg == NULL) + sublen = 0; + else + sublen = protobuf_c_message_pack_to_buffer(msg, &simple_buffer.base); + rv += uint32_pack(sublen, scratch + rv); + buffer->append(buffer, rv, scratch); + buffer->append(buffer, sublen, simple_buffer.data); + rv += sublen; + PROTOBUF_C_BUFFER_SIMPLE_CLEAR(&simple_buffer); + break; + } + default: + PROTOBUF_C__ASSERT_NOT_REACHED(); + } + return rv; +} + +/** + * Pack a oneof field to a buffer. Only packs the field that is selected by the case enum. + * + * \param field + * Field descriptor. + * \param oneof_case + * Enum value that selects the field in the oneof. + * \param member + * The element to be packed. + * \param[out] buffer + * Virtual buffer to append data to. + * \return + * Number of bytes serialised to `buffer`. + */ +static size_t +oneof_field_pack_to_buffer(const ProtobufCFieldDescriptor *field, + uint32_t oneof_case, + const void *member, ProtobufCBuffer *buffer) +{ + if (oneof_case != field->id) { + return 0; + } + if (field->type == PROTOBUF_C_TYPE_MESSAGE || + field->type == PROTOBUF_C_TYPE_STRING) + { + const void *ptr = *(const void *const *) member; + if (ptr == NULL || ptr == field->default_value) + return 0; + } + return required_field_pack_to_buffer(field, member, buffer); +} + +/** + * Pack an optional field to a buffer. + * + * \param field + * Field descriptor. + * \param has + * Whether the field is set. + * \param member + * The element to be packed. + * \param[out] buffer + * Virtual buffer to append data to. + * \return + * Number of bytes serialised to `buffer`. + */ +static size_t +optional_field_pack_to_buffer(const ProtobufCFieldDescriptor *field, + const protobuf_c_boolean has, + const void *member, ProtobufCBuffer *buffer) +{ + if (field->type == PROTOBUF_C_TYPE_MESSAGE || + field->type == PROTOBUF_C_TYPE_STRING) + { + const void *ptr = *(const void *const *) member; + if (ptr == NULL || ptr == field->default_value) + return 0; + } else { + if (!has) + return 0; + } + return required_field_pack_to_buffer(field, member, buffer); +} + +/** + * Pack an unlabeled field to a buffer. + * + * \param field + * Field descriptor. + * \param member + * The element to be packed. + * \param[out] buffer + * Virtual buffer to append data to. + * \return + * Number of bytes serialised to `buffer`. + */ +static size_t +unlabeled_field_pack_to_buffer(const ProtobufCFieldDescriptor *field, + const void *member, ProtobufCBuffer *buffer) +{ + if (field_is_zeroish(field, member)) + return 0; + return required_field_pack_to_buffer(field, member, buffer); +} + +/** + * Get the packed size of an array of same field type. + * + * \param field + * Field descriptor. + * \param count + * Number of elements of this type. + * \param array + * The elements to get the size of. + * \return + * Number of bytes required. + */ +static size_t +get_packed_payload_length(const ProtobufCFieldDescriptor *field, + unsigned count, const void *array) +{ + unsigned rv = 0; + unsigned i; + + switch (field->type) { + case PROTOBUF_C_TYPE_SFIXED32: + case PROTOBUF_C_TYPE_FIXED32: + case PROTOBUF_C_TYPE_FLOAT: + return count * 4; + case PROTOBUF_C_TYPE_SFIXED64: + case PROTOBUF_C_TYPE_FIXED64: + case PROTOBUF_C_TYPE_DOUBLE: + return count * 8; + case PROTOBUF_C_TYPE_ENUM: + case PROTOBUF_C_TYPE_INT32: { + const int32_t *arr = (const int32_t *) array; + for (i = 0; i < count; i++) + rv += int32_size(arr[i]); + break; + } + case PROTOBUF_C_TYPE_SINT32: { + const int32_t *arr = (const int32_t *) array; + for (i = 0; i < count; i++) + rv += sint32_size(arr[i]); + break; + } + case PROTOBUF_C_TYPE_UINT32: { + const uint32_t *arr = (const uint32_t *) array; + for (i = 0; i < count; i++) + rv += uint32_size(arr[i]); + break; + } + case PROTOBUF_C_TYPE_SINT64: { + const int64_t *arr = (const int64_t *) array; + for (i = 0; i < count; i++) + rv += sint64_size(arr[i]); + break; + } + case PROTOBUF_C_TYPE_INT64: + case PROTOBUF_C_TYPE_UINT64: { + const uint64_t *arr = (const uint64_t *) array; + for (i = 0; i < count; i++) + rv += uint64_size(arr[i]); + break; + } + case PROTOBUF_C_TYPE_BOOL: + return count; + default: + PROTOBUF_C__ASSERT_NOT_REACHED(); + } + return rv; +} + +/** + * Pack an array of same field type to a virtual buffer. + * + * \param field + * Field descriptor. + * \param count + * Number of elements of this type. + * \param array + * The elements to get the size of. + * \param[out] buffer + * Virtual buffer to append data to. + * \return + * Number of bytes packed. + */ +static size_t +pack_buffer_packed_payload(const ProtobufCFieldDescriptor *field, + unsigned count, const void *array, + ProtobufCBuffer *buffer) +{ + uint8_t scratch[16]; + size_t rv = 0; + unsigned i; + + switch (field->type) { + case PROTOBUF_C_TYPE_SFIXED32: + case PROTOBUF_C_TYPE_FIXED32: + case PROTOBUF_C_TYPE_FLOAT: +#if !defined(WORDS_BIGENDIAN) + rv = count * 4; + goto no_packing_needed; +#else + for (i = 0; i < count; i++) { + unsigned len = fixed32_pack(((uint32_t *) array)[i], scratch); + buffer->append(buffer, len, scratch); + rv += len; + } + break; +#endif + case PROTOBUF_C_TYPE_SFIXED64: + case PROTOBUF_C_TYPE_FIXED64: + case PROTOBUF_C_TYPE_DOUBLE: +#if !defined(WORDS_BIGENDIAN) + rv = count * 8; + goto no_packing_needed; +#else + for (i = 0; i < count; i++) { + unsigned len = fixed64_pack(((uint64_t *) array)[i], scratch); + buffer->append(buffer, len, scratch); + rv += len; + } + break; +#endif + case PROTOBUF_C_TYPE_ENUM: + case PROTOBUF_C_TYPE_INT32: + for (i = 0; i < count; i++) { + unsigned len = int32_pack(((int32_t *) array)[i], scratch); + buffer->append(buffer, len, scratch); + rv += len; + } + break; + case PROTOBUF_C_TYPE_SINT32: + for (i = 0; i < count; i++) { + unsigned len = sint32_pack(((int32_t *) array)[i], scratch); + buffer->append(buffer, len, scratch); + rv += len; + } + break; + case PROTOBUF_C_TYPE_UINT32: + for (i = 0; i < count; i++) { + unsigned len = uint32_pack(((uint32_t *) array)[i], scratch); + buffer->append(buffer, len, scratch); + rv += len; + } + break; + case PROTOBUF_C_TYPE_SINT64: + for (i = 0; i < count; i++) { + unsigned len = sint64_pack(((int64_t *) array)[i], scratch); + buffer->append(buffer, len, scratch); + rv += len; + } + break; + case PROTOBUF_C_TYPE_INT64: + case PROTOBUF_C_TYPE_UINT64: + for (i = 0; i < count; i++) { + unsigned len = uint64_pack(((uint64_t *) array)[i], scratch); + buffer->append(buffer, len, scratch); + rv += len; + } + break; + case PROTOBUF_C_TYPE_BOOL: + for (i = 0; i < count; i++) { + unsigned len = boolean_pack(((protobuf_c_boolean *) array)[i], scratch); + buffer->append(buffer, len, scratch); + rv += len; + } + return count; + default: + PROTOBUF_C__ASSERT_NOT_REACHED(); + } + return rv; + +#if !defined(WORDS_BIGENDIAN) +no_packing_needed: + buffer->append(buffer, rv, array); + return rv; +#endif +} + +static size_t +repeated_field_pack_to_buffer(const ProtobufCFieldDescriptor *field, + unsigned count, const void *member, + ProtobufCBuffer *buffer) +{ + char *array = *(char * const *) member; + + if (count == 0) + return 0; + if (0 != (field->flags & PROTOBUF_C_FIELD_FLAG_PACKED)) { + uint8_t scratch[MAX_UINT64_ENCODED_SIZE * 2]; + size_t rv = tag_pack(field->id, scratch); + size_t payload_len = get_packed_payload_length(field, count, array); + size_t tmp; + + scratch[0] |= PROTOBUF_C_WIRE_TYPE_LENGTH_PREFIXED; + rv += uint32_pack(payload_len, scratch + rv); + buffer->append(buffer, rv, scratch); + tmp = pack_buffer_packed_payload(field, count, array, buffer); + assert(tmp == payload_len); + return rv + payload_len; + } else { + size_t siz; + unsigned i; + /* CONSIDER: optimize this case a bit (by putting the loop inside the switch) */ + unsigned rv = 0; + + siz = sizeof_elt_in_repeated_array(field->type); + for (i = 0; i < count; i++) { + rv += required_field_pack_to_buffer(field, array, buffer); + array += siz; + } + return rv; + } +} + +static size_t +unknown_field_pack_to_buffer(const ProtobufCMessageUnknownField *field, + ProtobufCBuffer *buffer) +{ + uint8_t header[MAX_UINT64_ENCODED_SIZE]; + size_t rv = tag_pack(field->tag, header); + + header[0] |= field->wire_type; + buffer->append(buffer, rv, header); + buffer->append(buffer, field->len, field->data); + return rv + field->len; +} + +/**@}*/ + +size_t +protobuf_c_message_pack_to_buffer(const ProtobufCMessage *message, + ProtobufCBuffer *buffer) +{ + unsigned i; + size_t rv = 0; + + ASSERT_IS_MESSAGE(message); + for (i = 0; i < message->descriptor->n_fields; i++) { + const ProtobufCFieldDescriptor *field = + message->descriptor->fields + i; + const void *member = + ((const char *) message) + field->offset; + const void *qmember = + ((const char *) message) + field->quantifier_offset; + + if (field->label == PROTOBUF_C_LABEL_REQUIRED) { + rv += required_field_pack_to_buffer(field, member, buffer); + } else if ((field->label == PROTOBUF_C_LABEL_OPTIONAL || + field->label == PROTOBUF_C_LABEL_NONE) && + (0 != (field->flags & PROTOBUF_C_FIELD_FLAG_ONEOF))) { + rv += oneof_field_pack_to_buffer( + field, + *(const uint32_t *) qmember, + member, + buffer + ); + } else if (field->label == PROTOBUF_C_LABEL_OPTIONAL) { + rv += optional_field_pack_to_buffer( + field, + *(const protobuf_c_boolean *) qmember, + member, + buffer + ); + } else if (field->label == PROTOBUF_C_LABEL_NONE) { + rv += unlabeled_field_pack_to_buffer( + field, + member, + buffer + ); + } else { + rv += repeated_field_pack_to_buffer( + field, + *(const size_t *) qmember, + member, + buffer + ); + } + } + for (i = 0; i < message->n_unknown_fields; i++) + rv += unknown_field_pack_to_buffer(&message->unknown_fields[i], buffer); + + return rv; +} + +/** + * \defgroup unpack unpacking implementation + * + * Routines mainly used by the unpacking functions. + * + * \ingroup internal + * @{ + */ + +static inline int +int_range_lookup(unsigned n_ranges, const ProtobufCIntRange *ranges, int value) +{ + unsigned n; + unsigned start; + + if (n_ranges == 0) + return -1; + start = 0; + n = n_ranges; + while (n > 1) { + unsigned mid = start + n / 2; + + if (value < ranges[mid].start_value) { + n = mid - start; + } else if (value >= ranges[mid].start_value + + (int) (ranges[mid + 1].orig_index - + ranges[mid].orig_index)) + { + unsigned new_start = mid + 1; + n = start + n - new_start; + start = new_start; + } else + return (value - ranges[mid].start_value) + + ranges[mid].orig_index; + } + if (n > 0) { + unsigned start_orig_index = ranges[start].orig_index; + unsigned range_size = + ranges[start + 1].orig_index - start_orig_index; + + if (ranges[start].start_value <= value && + value < (int) (ranges[start].start_value + range_size)) + { + return (value - ranges[start].start_value) + + start_orig_index; + } + } + return -1; +} + +static size_t +parse_tag_and_wiretype(size_t len, + const uint8_t *data, + uint32_t *tag_out, + ProtobufCWireType *wiretype_out) +{ + unsigned max_rv = len > 5 ? 5 : len; + uint32_t tag = (data[0] & 0x7f) >> 3; + unsigned shift = 4; + unsigned rv; + + /* 0 is not a valid tag value */ + if ((data[0] & 0xf8) == 0) { + return 0; + } + + *wiretype_out = data[0] & 7; + if ((data[0] & 0x80) == 0) { + *tag_out = tag; + return 1; + } + for (rv = 1; rv < max_rv; rv++) { + if (data[rv] & 0x80) { + tag |= (data[rv] & 0x7f) << shift; + shift += 7; + } else { + tag |= data[rv] << shift; + *tag_out = tag; + return rv + 1; + } + } + return 0; /* error: bad header */ +} + +/* sizeof(ScannedMember) must be <= (1UL< INT_MAX) { + // Protobuf messages should always be less than 2 GiB in size. + // We also want to return early here so that hdr_len + val does + // not overflow on 32-bit systems. + PROTOBUF_C_UNPACK_ERROR("length prefix of %lu is too large", val); + return 0; + } + if (hdr_len + val > len) { + PROTOBUF_C_UNPACK_ERROR("data too short after length-prefix of %lu", val); + return 0; + } + return hdr_len + val; +} + +static size_t +max_b128_numbers(size_t len, const uint8_t *data) +{ + size_t rv = 0; + while (len--) + if ((*data++ & 0x80) == 0) + ++rv; + return rv; +} + +/**@}*/ + +/** + * Merge earlier message into a latter message. + * + * For numeric types and strings, if the same value appears multiple + * times, the parser accepts the last value it sees. For embedded + * message fields, the parser merges multiple instances of the same + * field. That is, all singular scalar fields in the latter instance + * replace those in the former, singular embedded messages are merged, + * and repeated fields are concatenated. + * + * The earlier message should be freed after calling this function, as + * some of its fields may have been reused and changed to their default + * values during the merge. + */ +static protobuf_c_boolean +merge_messages(ProtobufCMessage *earlier_msg, + ProtobufCMessage *latter_msg, + ProtobufCAllocator *allocator) +{ + unsigned i; + const ProtobufCFieldDescriptor *fields = + latter_msg->descriptor->fields; + for (i = 0; i < latter_msg->descriptor->n_fields; i++) { + if (fields[i].label == PROTOBUF_C_LABEL_REPEATED) { + size_t *n_earlier = + STRUCT_MEMBER_PTR(size_t, earlier_msg, + fields[i].quantifier_offset); + uint8_t **p_earlier = + STRUCT_MEMBER_PTR(uint8_t *, earlier_msg, + fields[i].offset); + size_t *n_latter = + STRUCT_MEMBER_PTR(size_t, latter_msg, + fields[i].quantifier_offset); + uint8_t **p_latter = + STRUCT_MEMBER_PTR(uint8_t *, latter_msg, + fields[i].offset); + + if (*n_earlier > 0) { + if (*n_latter > 0) { + /* Concatenate the repeated field */ + size_t el_size = + sizeof_elt_in_repeated_array(fields[i].type); + uint8_t *new_field; + + new_field = do_alloc(allocator, + (*n_earlier + *n_latter) * el_size); + if (!new_field) + return FALSE; + + memcpy(new_field, *p_earlier, + *n_earlier * el_size); + memcpy(new_field + + *n_earlier * el_size, + *p_latter, + *n_latter * el_size); + + do_free(allocator, *p_latter); + do_free(allocator, *p_earlier); + *p_latter = new_field; + *n_latter = *n_earlier + *n_latter; + } else { + /* Zero copy the repeated field from the earlier message */ + *n_latter = *n_earlier; + *p_latter = *p_earlier; + } + /* Make sure the field does not get double freed */ + *n_earlier = 0; + *p_earlier = 0; + } + } else if (fields[i].label == PROTOBUF_C_LABEL_OPTIONAL || + fields[i].label == PROTOBUF_C_LABEL_NONE) { + const ProtobufCFieldDescriptor *field; + uint32_t *earlier_case_p = STRUCT_MEMBER_PTR(uint32_t, + earlier_msg, + fields[i]. + quantifier_offset); + uint32_t *latter_case_p = STRUCT_MEMBER_PTR(uint32_t, + latter_msg, + fields[i]. + quantifier_offset); + protobuf_c_boolean need_to_merge = FALSE; + void *earlier_elem; + void *latter_elem; + const void *def_val; + + if (fields[i].flags & PROTOBUF_C_FIELD_FLAG_ONEOF) { + if (*latter_case_p == 0) { + /* lookup correct oneof field */ + int field_index = + int_range_lookup( + latter_msg->descriptor + ->n_field_ranges, + latter_msg->descriptor + ->field_ranges, + *earlier_case_p); + if (field_index < 0) + return FALSE; + field = latter_msg->descriptor->fields + + field_index; + } else { + /* Oneof is present in the latter message, move on */ + continue; + } + } else { + field = &fields[i]; + } + + earlier_elem = STRUCT_MEMBER_P(earlier_msg, field->offset); + latter_elem = STRUCT_MEMBER_P(latter_msg, field->offset); + def_val = field->default_value; + + switch (field->type) { + case PROTOBUF_C_TYPE_MESSAGE: { + ProtobufCMessage *em = *(ProtobufCMessage **) earlier_elem; + ProtobufCMessage *lm = *(ProtobufCMessage **) latter_elem; + if (em != NULL) { + if (lm != NULL) { + if (!merge_messages(em, lm, allocator)) + return FALSE; + /* Already merged */ + need_to_merge = FALSE; + } else { + /* Zero copy the message */ + need_to_merge = TRUE; + } + } + break; + } + case PROTOBUF_C_TYPE_BYTES: { + uint8_t *e_data = + ((ProtobufCBinaryData *) earlier_elem)->data; + uint8_t *l_data = + ((ProtobufCBinaryData *) latter_elem)->data; + const ProtobufCBinaryData *d_bd = + (ProtobufCBinaryData *) def_val; + + need_to_merge = + (e_data != NULL && + (d_bd == NULL || + e_data != d_bd->data)) && + (l_data == NULL || + (d_bd != NULL && + l_data == d_bd->data)); + break; + } + case PROTOBUF_C_TYPE_STRING: { + char *e_str = *(char **) earlier_elem; + char *l_str = *(char **) latter_elem; + const char *d_str = def_val; + + need_to_merge = e_str != d_str && l_str == d_str; + break; + } + default: { + /* Could be has field or case enum, the logic is + * equivalent, since 0 (FALSE) means not set for + * oneof */ + need_to_merge = (*earlier_case_p != 0) && + (*latter_case_p == 0); + break; + } + } + + if (need_to_merge) { + size_t el_size = + sizeof_elt_in_repeated_array(field->type); + memcpy(latter_elem, earlier_elem, el_size); + /* + * Reset the element from the old message to 0 + * to make sure earlier message deallocation + * doesn't corrupt zero-copied data in the new + * message, earlier message will be freed after + * this function is called anyway + */ + memset(earlier_elem, 0, el_size); + + if (field->quantifier_offset != 0) { + /* Set the has field or the case enum, + * if applicable */ + *latter_case_p = *earlier_case_p; + *earlier_case_p = 0; + } + } + } + } + return TRUE; +} + +/** + * Count packed elements. + * + * Given a raw slab of packed-repeated values, determine the number of + * elements. This function detects certain kinds of errors but not + * others; the remaining error checking is done by + * parse_packed_repeated_member(). + */ +static protobuf_c_boolean +count_packed_elements(ProtobufCType type, + size_t len, const uint8_t *data, size_t *count_out) +{ + switch (type) { + case PROTOBUF_C_TYPE_SFIXED32: + case PROTOBUF_C_TYPE_FIXED32: + case PROTOBUF_C_TYPE_FLOAT: + if (len % 4 != 0) { + PROTOBUF_C_UNPACK_ERROR("length must be a multiple of 4 for fixed-length 32-bit types"); + return FALSE; + } + *count_out = len / 4; + return TRUE; + case PROTOBUF_C_TYPE_SFIXED64: + case PROTOBUF_C_TYPE_FIXED64: + case PROTOBUF_C_TYPE_DOUBLE: + if (len % 8 != 0) { + PROTOBUF_C_UNPACK_ERROR("length must be a multiple of 8 for fixed-length 64-bit types"); + return FALSE; + } + *count_out = len / 8; + return TRUE; + case PROTOBUF_C_TYPE_ENUM: + case PROTOBUF_C_TYPE_INT32: + case PROTOBUF_C_TYPE_SINT32: + case PROTOBUF_C_TYPE_UINT32: + case PROTOBUF_C_TYPE_INT64: + case PROTOBUF_C_TYPE_SINT64: + case PROTOBUF_C_TYPE_UINT64: + *count_out = max_b128_numbers(len, data); + return TRUE; + case PROTOBUF_C_TYPE_BOOL: + *count_out = len; + return TRUE; + case PROTOBUF_C_TYPE_STRING: + case PROTOBUF_C_TYPE_BYTES: + case PROTOBUF_C_TYPE_MESSAGE: + default: + PROTOBUF_C_UNPACK_ERROR("bad protobuf-c type %u for packed-repeated", type); + return FALSE; + } +} + +static inline uint32_t +parse_uint32(unsigned len, const uint8_t *data) +{ + uint32_t rv = data[0] & 0x7f; + if (len > 1) { + rv |= ((uint32_t) (data[1] & 0x7f) << 7); + if (len > 2) { + rv |= ((uint32_t) (data[2] & 0x7f) << 14); + if (len > 3) { + rv |= ((uint32_t) (data[3] & 0x7f) << 21); + if (len > 4) + rv |= ((uint32_t) (data[4]) << 28); + } + } + } + return rv; +} + +static inline uint32_t +parse_int32(unsigned len, const uint8_t *data) +{ + return parse_uint32(len, data); +} + +static inline int32_t +unzigzag32(uint32_t v) +{ + // Note: Using unsigned types prevents undefined behavior + return (int32_t)((v >> 1) ^ (~(v & 1) + 1)); +} + +static inline uint32_t +parse_fixed_uint32(const uint8_t *data) +{ +#if !defined(WORDS_BIGENDIAN) + uint32_t t; + memcpy(&t, data, 4); + return t; +#else + return data[0] | + ((uint32_t) (data[1]) << 8) | + ((uint32_t) (data[2]) << 16) | + ((uint32_t) (data[3]) << 24); +#endif +} + +static uint64_t +parse_uint64(unsigned len, const uint8_t *data) +{ + unsigned shift, i; + uint64_t rv; + + if (len < 5) + return parse_uint32(len, data); + rv = ((uint64_t) (data[0] & 0x7f)) | + ((uint64_t) (data[1] & 0x7f) << 7) | + ((uint64_t) (data[2] & 0x7f) << 14) | + ((uint64_t) (data[3] & 0x7f) << 21); + shift = 28; + for (i = 4; i < len; i++) { + rv |= (((uint64_t) (data[i] & 0x7f)) << shift); + shift += 7; + } + return rv; +} + +static inline int64_t +unzigzag64(uint64_t v) +{ + // Note: Using unsigned types prevents undefined behavior + return (int64_t)((v >> 1) ^ (~(v & 1) + 1)); +} + +static inline uint64_t +parse_fixed_uint64(const uint8_t *data) +{ +#if !defined(WORDS_BIGENDIAN) + uint64_t t; + memcpy(&t, data, 8); + return t; +#else + return (uint64_t) parse_fixed_uint32(data) | + (((uint64_t) parse_fixed_uint32(data + 4)) << 32); +#endif +} + +static protobuf_c_boolean +parse_boolean(unsigned len, const uint8_t *data) +{ + unsigned i; + for (i = 0; i < len; i++) + if (data[i] & 0x7f) + return TRUE; + return FALSE; +} + +static protobuf_c_boolean +parse_required_member(ScannedMember *scanned_member, + void *member, + ProtobufCAllocator *allocator, + protobuf_c_boolean maybe_clear) +{ + unsigned len = scanned_member->len; + const uint8_t *data = scanned_member->data; + ProtobufCWireType wire_type = scanned_member->wire_type; + + switch (scanned_member->field->type) { + case PROTOBUF_C_TYPE_ENUM: + case PROTOBUF_C_TYPE_INT32: + if (wire_type != PROTOBUF_C_WIRE_TYPE_VARINT) + return FALSE; + *(int32_t *) member = parse_int32(len, data); + return TRUE; + case PROTOBUF_C_TYPE_UINT32: + if (wire_type != PROTOBUF_C_WIRE_TYPE_VARINT) + return FALSE; + *(uint32_t *) member = parse_uint32(len, data); + return TRUE; + case PROTOBUF_C_TYPE_SINT32: + if (wire_type != PROTOBUF_C_WIRE_TYPE_VARINT) + return FALSE; + *(int32_t *) member = unzigzag32(parse_uint32(len, data)); + return TRUE; + case PROTOBUF_C_TYPE_SFIXED32: + case PROTOBUF_C_TYPE_FIXED32: + case PROTOBUF_C_TYPE_FLOAT: + if (wire_type != PROTOBUF_C_WIRE_TYPE_32BIT) + return FALSE; + *(uint32_t *) member = parse_fixed_uint32(data); + return TRUE; + case PROTOBUF_C_TYPE_INT64: + case PROTOBUF_C_TYPE_UINT64: + if (wire_type != PROTOBUF_C_WIRE_TYPE_VARINT) + return FALSE; + *(uint64_t *) member = parse_uint64(len, data); + return TRUE; + case PROTOBUF_C_TYPE_SINT64: + if (wire_type != PROTOBUF_C_WIRE_TYPE_VARINT) + return FALSE; + *(int64_t *) member = unzigzag64(parse_uint64(len, data)); + return TRUE; + case PROTOBUF_C_TYPE_SFIXED64: + case PROTOBUF_C_TYPE_FIXED64: + case PROTOBUF_C_TYPE_DOUBLE: + if (wire_type != PROTOBUF_C_WIRE_TYPE_64BIT) + return FALSE; + *(uint64_t *) member = parse_fixed_uint64(data); + return TRUE; + case PROTOBUF_C_TYPE_BOOL: + *(protobuf_c_boolean *) member = parse_boolean(len, data); + return TRUE; + case PROTOBUF_C_TYPE_STRING: { + char **pstr = member; + unsigned pref_len = scanned_member->length_prefix_len; + + if (wire_type != PROTOBUF_C_WIRE_TYPE_LENGTH_PREFIXED) + return FALSE; + + if (maybe_clear && *pstr != NULL) { + const char *def = scanned_member->field->default_value; + if (*pstr != NULL && *pstr != def) + do_free(allocator, *pstr); + } + *pstr = do_alloc(allocator, len - pref_len + 1); + if (*pstr == NULL) + return FALSE; + memcpy(*pstr, data + pref_len, len - pref_len); + (*pstr)[len - pref_len] = 0; + return TRUE; + } + case PROTOBUF_C_TYPE_BYTES: { + ProtobufCBinaryData *bd = member; + const ProtobufCBinaryData *def_bd; + unsigned pref_len = scanned_member->length_prefix_len; + + if (wire_type != PROTOBUF_C_WIRE_TYPE_LENGTH_PREFIXED) + return FALSE; + + def_bd = scanned_member->field->default_value; + if (maybe_clear && + bd->data != NULL && + (def_bd == NULL || bd->data != def_bd->data)) + { + do_free(allocator, bd->data); + } + if (len - pref_len > 0) { + bd->data = do_alloc(allocator, len - pref_len); + if (bd->data == NULL) + return FALSE; + memcpy(bd->data, data + pref_len, len - pref_len); + } else { + bd->data = NULL; + } + bd->len = len - pref_len; + return TRUE; + } + case PROTOBUF_C_TYPE_MESSAGE: { + ProtobufCMessage **pmessage = member; + ProtobufCMessage *subm; + const ProtobufCMessage *def_mess; + protobuf_c_boolean merge_successful = TRUE; + unsigned pref_len = scanned_member->length_prefix_len; + + if (wire_type != PROTOBUF_C_WIRE_TYPE_LENGTH_PREFIXED) + return FALSE; + + def_mess = scanned_member->field->default_value; + subm = protobuf_c_message_unpack(scanned_member->field->descriptor, + allocator, + len - pref_len, + data + pref_len); + + if (maybe_clear && + *pmessage != NULL && + *pmessage != def_mess) + { + if (subm != NULL) + merge_successful = merge_messages(*pmessage, subm, allocator); + /* Delete the previous message */ + protobuf_c_message_free_unpacked(*pmessage, allocator); + } + *pmessage = subm; + if (subm == NULL || !merge_successful) + return FALSE; + return TRUE; + } + } + return FALSE; +} + +static protobuf_c_boolean +parse_oneof_member (ScannedMember *scanned_member, + void *member, + ProtobufCMessage *message, + ProtobufCAllocator *allocator) +{ + uint32_t *oneof_case = STRUCT_MEMBER_PTR(uint32_t, message, + scanned_member->field->quantifier_offset); + + /* If we have already parsed a member of this oneof, free it. */ + if (*oneof_case != 0) { + const ProtobufCFieldDescriptor *old_field; + size_t el_size; + /* lookup field */ + int field_index = + int_range_lookup(message->descriptor->n_field_ranges, + message->descriptor->field_ranges, + *oneof_case); + if (field_index < 0) + return FALSE; + old_field = message->descriptor->fields + field_index; + el_size = sizeof_elt_in_repeated_array(old_field->type); + + switch (old_field->type) { + case PROTOBUF_C_TYPE_STRING: { + char **pstr = member; + const char *def = old_field->default_value; + if (*pstr != NULL && *pstr != def) + do_free(allocator, *pstr); + break; + } + case PROTOBUF_C_TYPE_BYTES: { + ProtobufCBinaryData *bd = member; + const ProtobufCBinaryData *def_bd = old_field->default_value; + if (bd->data != NULL && + (def_bd == NULL || bd->data != def_bd->data)) + { + do_free(allocator, bd->data); + } + break; + } + case PROTOBUF_C_TYPE_MESSAGE: { + ProtobufCMessage **pmessage = member; + const ProtobufCMessage *def_mess = old_field->default_value; + if (*pmessage != NULL && *pmessage != def_mess) + protobuf_c_message_free_unpacked(*pmessage, allocator); + break; + } + default: + break; + } + + memset (member, 0, el_size); + } + if (!parse_required_member (scanned_member, member, allocator, TRUE)) + return FALSE; + + *oneof_case = scanned_member->tag; + return TRUE; +} + + +static protobuf_c_boolean +parse_optional_member(ScannedMember *scanned_member, + void *member, + ProtobufCMessage *message, + ProtobufCAllocator *allocator) +{ + if (!parse_required_member(scanned_member, member, allocator, TRUE)) + return FALSE; + if (scanned_member->field->quantifier_offset != 0) + STRUCT_MEMBER(protobuf_c_boolean, + message, + scanned_member->field->quantifier_offset) = TRUE; + return TRUE; +} + +static protobuf_c_boolean +parse_repeated_member(ScannedMember *scanned_member, + void *member, + ProtobufCMessage *message, + ProtobufCAllocator *allocator) +{ + const ProtobufCFieldDescriptor *field = scanned_member->field; + size_t *p_n = STRUCT_MEMBER_PTR(size_t, message, field->quantifier_offset); + size_t siz = sizeof_elt_in_repeated_array(field->type); + char *array = *(char **) member; + + if (!parse_required_member(scanned_member, array + siz * (*p_n), + allocator, FALSE)) + { + return FALSE; + } + *p_n += 1; + return TRUE; +} + +static unsigned +scan_varint(unsigned len, const uint8_t *data) +{ + unsigned i; + if (len > 10) + len = 10; + for (i = 0; i < len; i++) + if ((data[i] & 0x80) == 0) + break; + if (i == len) + return 0; + return i + 1; +} + +static protobuf_c_boolean +parse_packed_repeated_member(ScannedMember *scanned_member, + void *member, + ProtobufCMessage *message) +{ + const ProtobufCFieldDescriptor *field = scanned_member->field; + size_t *p_n = STRUCT_MEMBER_PTR(size_t, message, field->quantifier_offset); + size_t siz = sizeof_elt_in_repeated_array(field->type); + void *array = *(char **) member + siz * (*p_n); + const uint8_t *at = scanned_member->data + scanned_member->length_prefix_len; + size_t rem = scanned_member->len - scanned_member->length_prefix_len; + size_t count = 0; + unsigned i; + + switch (field->type) { + case PROTOBUF_C_TYPE_SFIXED32: + case PROTOBUF_C_TYPE_FIXED32: + case PROTOBUF_C_TYPE_FLOAT: + count = (scanned_member->len - scanned_member->length_prefix_len) / 4; +#if !defined(WORDS_BIGENDIAN) + goto no_unpacking_needed; +#else + for (i = 0; i < count; i++) { + ((uint32_t *) array)[i] = parse_fixed_uint32(at); + at += 4; + } + break; +#endif + case PROTOBUF_C_TYPE_SFIXED64: + case PROTOBUF_C_TYPE_FIXED64: + case PROTOBUF_C_TYPE_DOUBLE: + count = (scanned_member->len - scanned_member->length_prefix_len) / 8; +#if !defined(WORDS_BIGENDIAN) + goto no_unpacking_needed; +#else + for (i = 0; i < count; i++) { + ((uint64_t *) array)[i] = parse_fixed_uint64(at); + at += 8; + } + break; +#endif + case PROTOBUF_C_TYPE_ENUM: + case PROTOBUF_C_TYPE_INT32: + while (rem > 0) { + unsigned s = scan_varint(rem, at); + if (s == 0) { + PROTOBUF_C_UNPACK_ERROR("bad packed-repeated int32 value"); + return FALSE; + } + ((int32_t *) array)[count++] = parse_int32(s, at); + at += s; + rem -= s; + } + break; + case PROTOBUF_C_TYPE_SINT32: + while (rem > 0) { + unsigned s = scan_varint(rem, at); + if (s == 0) { + PROTOBUF_C_UNPACK_ERROR("bad packed-repeated sint32 value"); + return FALSE; + } + ((int32_t *) array)[count++] = unzigzag32(parse_uint32(s, at)); + at += s; + rem -= s; + } + break; + case PROTOBUF_C_TYPE_UINT32: + while (rem > 0) { + unsigned s = scan_varint(rem, at); + if (s == 0) { + PROTOBUF_C_UNPACK_ERROR("bad packed-repeated enum or uint32 value"); + return FALSE; + } + ((uint32_t *) array)[count++] = parse_uint32(s, at); + at += s; + rem -= s; + } + break; + + case PROTOBUF_C_TYPE_SINT64: + while (rem > 0) { + unsigned s = scan_varint(rem, at); + if (s == 0) { + PROTOBUF_C_UNPACK_ERROR("bad packed-repeated sint64 value"); + return FALSE; + } + ((int64_t *) array)[count++] = unzigzag64(parse_uint64(s, at)); + at += s; + rem -= s; + } + break; + case PROTOBUF_C_TYPE_INT64: + case PROTOBUF_C_TYPE_UINT64: + while (rem > 0) { + unsigned s = scan_varint(rem, at); + if (s == 0) { + PROTOBUF_C_UNPACK_ERROR("bad packed-repeated int64/uint64 value"); + return FALSE; + } + ((int64_t *) array)[count++] = parse_uint64(s, at); + at += s; + rem -= s; + } + break; + case PROTOBUF_C_TYPE_BOOL: + count = rem; + for (i = 0; i < count; i++) { + if (at[i] > 1) { + PROTOBUF_C_UNPACK_ERROR("bad packed-repeated boolean value"); + return FALSE; + } + ((protobuf_c_boolean *) array)[i] = at[i]; + } + break; + default: + PROTOBUF_C__ASSERT_NOT_REACHED(); + } + *p_n += count; + return TRUE; + +#if !defined(WORDS_BIGENDIAN) +no_unpacking_needed: + memcpy(array, at, count * siz); + *p_n += count; + return TRUE; +#endif +} + +static protobuf_c_boolean +is_packable_type(ProtobufCType type) +{ + return + type != PROTOBUF_C_TYPE_STRING && + type != PROTOBUF_C_TYPE_BYTES && + type != PROTOBUF_C_TYPE_MESSAGE; +} + +static protobuf_c_boolean +parse_member(ScannedMember *scanned_member, + ProtobufCMessage *message, + ProtobufCAllocator *allocator) +{ + const ProtobufCFieldDescriptor *field = scanned_member->field; + void *member; + + if (field == NULL) { + ProtobufCMessageUnknownField *ufield = + message->unknown_fields + + (message->n_unknown_fields++); + ufield->tag = scanned_member->tag; + ufield->wire_type = scanned_member->wire_type; + ufield->len = scanned_member->len; + ufield->data = do_alloc(allocator, scanned_member->len); + if (ufield->data == NULL) + return FALSE; + memcpy(ufield->data, scanned_member->data, ufield->len); + return TRUE; + } + member = (char *) message + field->offset; + switch (field->label) { + case PROTOBUF_C_LABEL_REQUIRED: + return parse_required_member(scanned_member, member, + allocator, TRUE); + case PROTOBUF_C_LABEL_OPTIONAL: + case PROTOBUF_C_LABEL_NONE: + if (0 != (field->flags & PROTOBUF_C_FIELD_FLAG_ONEOF)) { + return parse_oneof_member(scanned_member, member, + message, allocator); + } else { + return parse_optional_member(scanned_member, member, + message, allocator); + } + case PROTOBUF_C_LABEL_REPEATED: + if (scanned_member->wire_type == + PROTOBUF_C_WIRE_TYPE_LENGTH_PREFIXED && + (0 != (field->flags & PROTOBUF_C_FIELD_FLAG_PACKED) || + is_packable_type(field->type))) + { + return parse_packed_repeated_member(scanned_member, + member, message); + } else { + return parse_repeated_member(scanned_member, + member, message, + allocator); + } + } + PROTOBUF_C__ASSERT_NOT_REACHED(); + return 0; +} + +/** + * Initialise messages generated by old code. + * + * This function is used if desc->message_init == NULL (which occurs + * for old code, and which would be useful to support allocating + * descriptors dynamically). + */ +static void +message_init_generic(const ProtobufCMessageDescriptor *desc, + ProtobufCMessage *message) +{ + unsigned i; + + memset(message, 0, desc->sizeof_message); + message->descriptor = desc; + for (i = 0; i < desc->n_fields; i++) { + if (desc->fields[i].default_value != NULL && + desc->fields[i].label != PROTOBUF_C_LABEL_REPEATED) + { + void *field = + STRUCT_MEMBER_P(message, desc->fields[i].offset); + const void *dv = desc->fields[i].default_value; + + switch (desc->fields[i].type) { + case PROTOBUF_C_TYPE_INT32: + case PROTOBUF_C_TYPE_SINT32: + case PROTOBUF_C_TYPE_SFIXED32: + case PROTOBUF_C_TYPE_UINT32: + case PROTOBUF_C_TYPE_FIXED32: + case PROTOBUF_C_TYPE_FLOAT: + case PROTOBUF_C_TYPE_ENUM: + memcpy(field, dv, 4); + break; + case PROTOBUF_C_TYPE_INT64: + case PROTOBUF_C_TYPE_SINT64: + case PROTOBUF_C_TYPE_SFIXED64: + case PROTOBUF_C_TYPE_UINT64: + case PROTOBUF_C_TYPE_FIXED64: + case PROTOBUF_C_TYPE_DOUBLE: + memcpy(field, dv, 8); + break; + case PROTOBUF_C_TYPE_BOOL: + memcpy(field, dv, sizeof(protobuf_c_boolean)); + break; + case PROTOBUF_C_TYPE_BYTES: + memcpy(field, dv, sizeof(ProtobufCBinaryData)); + break; + + case PROTOBUF_C_TYPE_STRING: + case PROTOBUF_C_TYPE_MESSAGE: + /* + * The next line essentially implements a cast + * from const, which is totally unavoidable. + */ + *(const void **) field = dv; + break; + } + } + } +} + +/**@}*/ + +/* + * ScannedMember slabs (an unpacking implementation detail). Before doing real + * unpacking, we first scan through the elements to see how many there are (for + * repeated fields), and which field to use (for non-repeated fields given + * twice). + * + * In order to avoid allocations for small messages, we keep a stack-allocated + * slab of ScannedMembers of size FIRST_SCANNED_MEMBER_SLAB_SIZE (16). After we + * fill that up, we allocate each slab twice as large as the previous one. + */ +#define FIRST_SCANNED_MEMBER_SLAB_SIZE_LOG2 4 + +/* + * The number of slabs, including the stack-allocated ones; choose the number so + * that we would overflow if we needed a slab larger than provided. + */ +#define MAX_SCANNED_MEMBER_SLAB \ + (sizeof(unsigned int)*8 - 1 \ + - BOUND_SIZEOF_SCANNED_MEMBER_LOG2 \ + - FIRST_SCANNED_MEMBER_SLAB_SIZE_LOG2) + +#define REQUIRED_FIELD_BITMAP_SET(index) \ + (required_fields_bitmap[(index)/8] |= (1UL<<((index)%8))) + +#define REQUIRED_FIELD_BITMAP_IS_SET(index) \ + (required_fields_bitmap[(index)/8] & (1UL<<((index)%8))) + +ProtobufCMessage * +protobuf_c_message_unpack(const ProtobufCMessageDescriptor *desc, + ProtobufCAllocator *allocator, + size_t len, const uint8_t *data) +{ + ProtobufCMessage *rv; + size_t rem = len; + const uint8_t *at = data; + const ProtobufCFieldDescriptor *last_field = desc->fields + 0; + ScannedMember first_member_slab[1UL << + FIRST_SCANNED_MEMBER_SLAB_SIZE_LOG2]; + + /* + * scanned_member_slabs[i] is an array of arrays of ScannedMember. + * The first slab (scanned_member_slabs[0] is just a pointer to + * first_member_slab), above. All subsequent slabs will be allocated + * using the allocator. + */ + ScannedMember *scanned_member_slabs[MAX_SCANNED_MEMBER_SLAB + 1]; + unsigned which_slab = 0; /* the slab we are currently populating */ + unsigned in_slab_index = 0; /* number of members in the slab */ + size_t n_unknown = 0; + unsigned f; + unsigned j; + unsigned i_slab; + unsigned last_field_index = 0; + unsigned required_fields_bitmap_len; + unsigned char required_fields_bitmap_stack[16]; + unsigned char *required_fields_bitmap = required_fields_bitmap_stack; + protobuf_c_boolean required_fields_bitmap_alloced = FALSE; + + ASSERT_IS_MESSAGE_DESCRIPTOR(desc); + + if (allocator == NULL) + allocator = &protobuf_c__allocator; + + rv = do_alloc(allocator, desc->sizeof_message); + if (!rv) + return (NULL); + scanned_member_slabs[0] = first_member_slab; + + required_fields_bitmap_len = (desc->n_fields + 7) / 8; + if (required_fields_bitmap_len > sizeof(required_fields_bitmap_stack)) { + required_fields_bitmap = do_alloc(allocator, required_fields_bitmap_len); + if (!required_fields_bitmap) { + do_free(allocator, rv); + return (NULL); + } + required_fields_bitmap_alloced = TRUE; + } + memset(required_fields_bitmap, 0, required_fields_bitmap_len); + + /* + * Generated code always defines "message_init". However, we provide a + * fallback for (1) users of old protobuf-c generated-code that do not + * provide the function, and (2) descriptors constructed from some other + * source (most likely, direct construction from the .proto file). + */ + if (desc->message_init != NULL) + protobuf_c_message_init(desc, rv); + else + message_init_generic(desc, rv); + + while (rem > 0) { + uint32_t tag; + ProtobufCWireType wire_type; + size_t used = parse_tag_and_wiretype(rem, at, &tag, &wire_type); + const ProtobufCFieldDescriptor *field; + ScannedMember tmp; + + if (used == 0) { + PROTOBUF_C_UNPACK_ERROR("error parsing tag/wiretype at offset %u", + (unsigned) (at - data)); + goto error_cleanup_during_scan; + } + /* + * \todo Consider optimizing for field[1].id == tag, if field[1] + * exists! + */ + if (last_field == NULL || last_field->id != tag) { + /* lookup field */ + int field_index = + int_range_lookup(desc->n_field_ranges, + desc->field_ranges, + tag); + if (field_index < 0) { + field = NULL; + n_unknown++; + } else { + field = desc->fields + field_index; + last_field = field; + last_field_index = field_index; + } + } else { + field = last_field; + } + + if (field != NULL && field->label == PROTOBUF_C_LABEL_REQUIRED) + REQUIRED_FIELD_BITMAP_SET(last_field_index); + + at += used; + rem -= used; + tmp.tag = tag; + tmp.wire_type = wire_type; + tmp.field = field; + tmp.data = at; + tmp.length_prefix_len = 0; + + switch (wire_type) { + case PROTOBUF_C_WIRE_TYPE_VARINT: { + unsigned max_len = rem < 10 ? rem : 10; + unsigned i; + + for (i = 0; i < max_len; i++) + if ((at[i] & 0x80) == 0) + break; + if (i == max_len) { + PROTOBUF_C_UNPACK_ERROR("unterminated varint at offset %u", + (unsigned) (at - data)); + goto error_cleanup_during_scan; + } + tmp.len = i + 1; + break; + } + case PROTOBUF_C_WIRE_TYPE_64BIT: + if (rem < 8) { + PROTOBUF_C_UNPACK_ERROR("too short after 64bit wiretype at offset %u", + (unsigned) (at - data)); + goto error_cleanup_during_scan; + } + tmp.len = 8; + break; + case PROTOBUF_C_WIRE_TYPE_LENGTH_PREFIXED: { + size_t pref_len; + + tmp.len = scan_length_prefixed_data(rem, at, &pref_len); + if (tmp.len == 0) { + /* NOTE: scan_length_prefixed_data calls UNPACK_ERROR */ + goto error_cleanup_during_scan; + } + tmp.length_prefix_len = pref_len; + break; + } + case PROTOBUF_C_WIRE_TYPE_32BIT: + if (rem < 4) { + PROTOBUF_C_UNPACK_ERROR("too short after 32bit wiretype at offset %u", + (unsigned) (at - data)); + goto error_cleanup_during_scan; + } + tmp.len = 4; + break; + default: + PROTOBUF_C_UNPACK_ERROR("unsupported tag %u at offset %u", + wire_type, (unsigned) (at - data)); + goto error_cleanup_during_scan; + } + + if (in_slab_index == (1UL << + (which_slab + FIRST_SCANNED_MEMBER_SLAB_SIZE_LOG2))) + { + size_t size; + + in_slab_index = 0; + if (which_slab == MAX_SCANNED_MEMBER_SLAB) { + PROTOBUF_C_UNPACK_ERROR("too many fields"); + goto error_cleanup_during_scan; + } + which_slab++; + size = sizeof(ScannedMember) + << (which_slab + FIRST_SCANNED_MEMBER_SLAB_SIZE_LOG2); + scanned_member_slabs[which_slab] = do_alloc(allocator, size); + if (scanned_member_slabs[which_slab] == NULL) + goto error_cleanup_during_scan; + } + scanned_member_slabs[which_slab][in_slab_index++] = tmp; + + if (field != NULL && field->label == PROTOBUF_C_LABEL_REPEATED) { + size_t *n = STRUCT_MEMBER_PTR(size_t, rv, + field->quantifier_offset); + if (wire_type == PROTOBUF_C_WIRE_TYPE_LENGTH_PREFIXED && + (0 != (field->flags & PROTOBUF_C_FIELD_FLAG_PACKED) || + is_packable_type(field->type))) + { + size_t count; + if (!count_packed_elements(field->type, + tmp.len - + tmp.length_prefix_len, + tmp.data + + tmp.length_prefix_len, + &count)) + { + PROTOBUF_C_UNPACK_ERROR("counting packed elements"); + goto error_cleanup_during_scan; + } + *n += count; + } else { + *n += 1; + } + } + + at += tmp.len; + rem -= tmp.len; + } + + /* allocate space for repeated fields, also check that all required fields have been set */ + for (f = 0; f < desc->n_fields; f++) { + const ProtobufCFieldDescriptor *field = desc->fields + f; + if (field->label == PROTOBUF_C_LABEL_REPEATED) { + size_t siz = + sizeof_elt_in_repeated_array(field->type); + size_t *n_ptr = + STRUCT_MEMBER_PTR(size_t, rv, + field->quantifier_offset); + if (*n_ptr != 0) { + unsigned n = *n_ptr; + void *a; + *n_ptr = 0; + assert(rv->descriptor != NULL); +#define CLEAR_REMAINING_N_PTRS() \ + for(f++;f < desc->n_fields; f++) \ + { \ + field = desc->fields + f; \ + if (field->label == PROTOBUF_C_LABEL_REPEATED) \ + STRUCT_MEMBER (size_t, rv, field->quantifier_offset) = 0; \ + } + a = do_alloc(allocator, siz * n); + if (!a) { + CLEAR_REMAINING_N_PTRS(); + goto error_cleanup; + } + STRUCT_MEMBER(void *, rv, field->offset) = a; + } + } else if (field->label == PROTOBUF_C_LABEL_REQUIRED) { + if (field->default_value == NULL && + !REQUIRED_FIELD_BITMAP_IS_SET(f)) + { + CLEAR_REMAINING_N_PTRS(); + PROTOBUF_C_UNPACK_ERROR("message '%s': missing required field '%s'", + desc->name, field->name); + goto error_cleanup; + } + } + } +#undef CLEAR_REMAINING_N_PTRS + + /* allocate space for unknown fields */ + if (n_unknown) { + rv->unknown_fields = do_alloc(allocator, + n_unknown * sizeof(ProtobufCMessageUnknownField)); + if (rv->unknown_fields == NULL) + goto error_cleanup; + } + + /* do real parsing */ + for (i_slab = 0; i_slab <= which_slab; i_slab++) { + unsigned max = (i_slab == which_slab) ? + in_slab_index : (1UL << (i_slab + 4)); + ScannedMember *slab = scanned_member_slabs[i_slab]; + + for (j = 0; j < max; j++) { + if (!parse_member(slab + j, rv, allocator)) { + PROTOBUF_C_UNPACK_ERROR("error parsing member %s of %s", + slab->field ? slab->field->name : "*unknown-field*", + desc->name); + goto error_cleanup; + } + } + } + + /* cleanup */ + for (j = 1; j <= which_slab; j++) + do_free(allocator, scanned_member_slabs[j]); + if (required_fields_bitmap_alloced) + do_free(allocator, required_fields_bitmap); + return rv; + +error_cleanup: + protobuf_c_message_free_unpacked(rv, allocator); + for (j = 1; j <= which_slab; j++) + do_free(allocator, scanned_member_slabs[j]); + if (required_fields_bitmap_alloced) + do_free(allocator, required_fields_bitmap); + return NULL; + +error_cleanup_during_scan: + do_free(allocator, rv); + for (j = 1; j <= which_slab; j++) + do_free(allocator, scanned_member_slabs[j]); + if (required_fields_bitmap_alloced) + do_free(allocator, required_fields_bitmap); + return NULL; +} + +void +protobuf_c_message_free_unpacked(ProtobufCMessage *message, + ProtobufCAllocator *allocator) +{ + const ProtobufCMessageDescriptor *desc; + unsigned f; + + if (message == NULL) + return; + + desc = message->descriptor; + + ASSERT_IS_MESSAGE(message); + + if (allocator == NULL) + allocator = &protobuf_c__allocator; + message->descriptor = NULL; + for (f = 0; f < desc->n_fields; f++) { + if (0 != (desc->fields[f].flags & PROTOBUF_C_FIELD_FLAG_ONEOF) && + desc->fields[f].id != + STRUCT_MEMBER(uint32_t, message, desc->fields[f].quantifier_offset)) + { + /* This is not the selected oneof, skip it */ + continue; + } + + if (desc->fields[f].label == PROTOBUF_C_LABEL_REPEATED) { + size_t n = STRUCT_MEMBER(size_t, + message, + desc->fields[f].quantifier_offset); + void *arr = STRUCT_MEMBER(void *, + message, + desc->fields[f].offset); + + if (arr != NULL) { + if (desc->fields[f].type == PROTOBUF_C_TYPE_STRING) { + unsigned i; + for (i = 0; i < n; i++) + do_free(allocator, ((char **) arr)[i]); + } else if (desc->fields[f].type == PROTOBUF_C_TYPE_BYTES) { + unsigned i; + for (i = 0; i < n; i++) + do_free(allocator, ((ProtobufCBinaryData *) arr)[i].data); + } else if (desc->fields[f].type == PROTOBUF_C_TYPE_MESSAGE) { + unsigned i; + for (i = 0; i < n; i++) + protobuf_c_message_free_unpacked( + ((ProtobufCMessage **) arr)[i], + allocator + ); + } + do_free(allocator, arr); + } + } else if (desc->fields[f].type == PROTOBUF_C_TYPE_STRING) { + char *str = STRUCT_MEMBER(char *, message, + desc->fields[f].offset); + + if (str && str != desc->fields[f].default_value) + do_free(allocator, str); + } else if (desc->fields[f].type == PROTOBUF_C_TYPE_BYTES) { + void *data = STRUCT_MEMBER(ProtobufCBinaryData, message, + desc->fields[f].offset).data; + const ProtobufCBinaryData *default_bd; + + default_bd = desc->fields[f].default_value; + if (data != NULL && + (default_bd == NULL || + default_bd->data != data)) + { + do_free(allocator, data); + } + } else if (desc->fields[f].type == PROTOBUF_C_TYPE_MESSAGE) { + ProtobufCMessage *sm; + + sm = STRUCT_MEMBER(ProtobufCMessage *, message, + desc->fields[f].offset); + if (sm && sm != desc->fields[f].default_value) + protobuf_c_message_free_unpacked(sm, allocator); + } + } + + for (f = 0; f < message->n_unknown_fields; f++) + do_free(allocator, message->unknown_fields[f].data); + if (message->unknown_fields != NULL) + do_free(allocator, message->unknown_fields); + + do_free(allocator, message); +} + +void +protobuf_c_message_init(const ProtobufCMessageDescriptor * descriptor, + void *message) +{ + descriptor->message_init((ProtobufCMessage *) (message)); +} + +protobuf_c_boolean +protobuf_c_message_check(const ProtobufCMessage *message) +{ + unsigned i; + + if (!message || + !message->descriptor || + message->descriptor->magic != PROTOBUF_C__MESSAGE_DESCRIPTOR_MAGIC) + { + return FALSE; + } + + for (i = 0; i < message->descriptor->n_fields; i++) { + const ProtobufCFieldDescriptor *f = message->descriptor->fields + i; + ProtobufCType type = f->type; + ProtobufCLabel label = f->label; + void *field = STRUCT_MEMBER_P (message, f->offset); + + if (f->flags & PROTOBUF_C_FIELD_FLAG_ONEOF) { + const uint32_t *oneof_case = STRUCT_MEMBER_P (message, f->quantifier_offset); + if (f->id != *oneof_case) { + continue; //Do not check if it is an unpopulated oneof member. + } + } + + if (label == PROTOBUF_C_LABEL_REPEATED) { + size_t *quantity = STRUCT_MEMBER_P (message, f->quantifier_offset); + + if (*quantity > 0 && *(void **) field == NULL) { + return FALSE; + } + + if (type == PROTOBUF_C_TYPE_MESSAGE) { + ProtobufCMessage **submessage = *(ProtobufCMessage ***) field; + unsigned j; + for (j = 0; j < *quantity; j++) { + if (!protobuf_c_message_check(submessage[j])) + return FALSE; + } + } else if (type == PROTOBUF_C_TYPE_STRING) { + char **string = *(char ***) field; + unsigned j; + for (j = 0; j < *quantity; j++) { + if (!string[j]) + return FALSE; + } + } else if (type == PROTOBUF_C_TYPE_BYTES) { + ProtobufCBinaryData *bd = *(ProtobufCBinaryData **) field; + unsigned j; + for (j = 0; j < *quantity; j++) { + if (bd[j].len > 0 && bd[j].data == NULL) + return FALSE; + } + } + + } else { /* PROTOBUF_C_LABEL_REQUIRED or PROTOBUF_C_LABEL_OPTIONAL */ + + if (type == PROTOBUF_C_TYPE_MESSAGE) { + ProtobufCMessage *submessage = *(ProtobufCMessage **) field; + if (label == PROTOBUF_C_LABEL_REQUIRED || submessage != NULL) { + if (!protobuf_c_message_check(submessage)) + return FALSE; + } + } else if (type == PROTOBUF_C_TYPE_STRING) { + char *string = *(char **) field; + if (label == PROTOBUF_C_LABEL_REQUIRED && string == NULL) + return FALSE; + } else if (type == PROTOBUF_C_TYPE_BYTES) { + protobuf_c_boolean *has = STRUCT_MEMBER_P (message, f->quantifier_offset); + ProtobufCBinaryData *bd = field; + if (label == PROTOBUF_C_LABEL_REQUIRED || *has == TRUE) { + if (bd->len > 0 && bd->data == NULL) + return FALSE; + } + } + } + } + + return TRUE; +} + +/* === services === */ + +typedef void (*GenericHandler) (void *service, + const ProtobufCMessage *input, + ProtobufCClosure closure, + void *closure_data); +void +protobuf_c_service_invoke_internal(ProtobufCService *service, + unsigned method_index, + const ProtobufCMessage *input, + ProtobufCClosure closure, + void *closure_data) +{ + GenericHandler *handlers; + GenericHandler handler; + + /* + * Verify that method_index is within range. If this fails, you are + * likely invoking a newly added method on an old service. (Although + * other memory corruption bugs can cause this assertion too.) + */ + assert(method_index < service->descriptor->n_methods); + + /* + * Get the array of virtual methods (which are enumerated by the + * generated code). + */ + handlers = (GenericHandler *) (service + 1); + + /* + * Get our method and invoke it. + * \todo Seems like handler == NULL is a situation that needs handling. + */ + handler = handlers[method_index]; + (*handler)(service, input, closure, closure_data); +} + +void +protobuf_c_service_generated_init(ProtobufCService *service, + const ProtobufCServiceDescriptor *descriptor, + ProtobufCServiceDestroy destroy) +{ + ASSERT_IS_SERVICE_DESCRIPTOR(descriptor); + service->descriptor = descriptor; + service->destroy = destroy; + service->invoke = protobuf_c_service_invoke_internal; + memset(service + 1, 0, descriptor->n_methods * sizeof(GenericHandler)); +} + +void protobuf_c_service_destroy(ProtobufCService *service) +{ + service->destroy(service); +} + +/* --- querying the descriptors --- */ + +const ProtobufCEnumValue * +protobuf_c_enum_descriptor_get_value_by_name(const ProtobufCEnumDescriptor *desc, + const char *name) +{ + unsigned start = 0; + unsigned count; + + if (desc == NULL || desc->values_by_name == NULL) + return NULL; + + count = desc->n_value_names; + + while (count > 1) { + unsigned mid = start + count / 2; + int rv = strcmp(desc->values_by_name[mid].name, name); + if (rv == 0) + return desc->values + desc->values_by_name[mid].index; + else if (rv < 0) { + count = start + count - (mid + 1); + start = mid + 1; + } else + count = mid - start; + } + if (count == 0) + return NULL; + if (strcmp(desc->values_by_name[start].name, name) == 0) + return desc->values + desc->values_by_name[start].index; + return NULL; +} + +const ProtobufCEnumValue * +protobuf_c_enum_descriptor_get_value(const ProtobufCEnumDescriptor *desc, + int value) +{ + int rv = int_range_lookup(desc->n_value_ranges, desc->value_ranges, value); + if (rv < 0) + return NULL; + return desc->values + rv; +} + +const ProtobufCFieldDescriptor * +protobuf_c_message_descriptor_get_field_by_name(const ProtobufCMessageDescriptor *desc, + const char *name) +{ + unsigned start = 0; + unsigned count; + const ProtobufCFieldDescriptor *field; + + if (desc == NULL || desc->fields_sorted_by_name == NULL) + return NULL; + + count = desc->n_fields; + + while (count > 1) { + unsigned mid = start + count / 2; + int rv; + field = desc->fields + desc->fields_sorted_by_name[mid]; + rv = strcmp(field->name, name); + if (rv == 0) + return field; + else if (rv < 0) { + count = start + count - (mid + 1); + start = mid + 1; + } else + count = mid - start; + } + if (count == 0) + return NULL; + field = desc->fields + desc->fields_sorted_by_name[start]; + if (strcmp(field->name, name) == 0) + return field; + return NULL; +} + +const ProtobufCFieldDescriptor * +protobuf_c_message_descriptor_get_field(const ProtobufCMessageDescriptor *desc, + unsigned value) +{ + int rv = int_range_lookup(desc->n_field_ranges,desc->field_ranges, value); + if (rv < 0) + return NULL; + return desc->fields + rv; +} + +const ProtobufCMethodDescriptor * +protobuf_c_service_descriptor_get_method_by_name(const ProtobufCServiceDescriptor *desc, + const char *name) +{ + unsigned start = 0; + unsigned count; + + if (desc == NULL || desc->method_indices_by_name == NULL) + return NULL; + + count = desc->n_methods; + + while (count > 1) { + unsigned mid = start + count / 2; + unsigned mid_index = desc->method_indices_by_name[mid]; + const char *mid_name = desc->methods[mid_index].name; + int rv = strcmp(mid_name, name); + + if (rv == 0) + return desc->methods + desc->method_indices_by_name[mid]; + if (rv < 0) { + count = start + count - (mid + 1); + start = mid + 1; + } else { + count = mid - start; + } + } + if (count == 0) + return NULL; + if (strcmp(desc->methods[desc->method_indices_by_name[start]].name, name) == 0) + return desc->methods + desc->method_indices_by_name[start]; + return NULL; +} diff -Nru sudo-1.9.5p2/lib/util/Makefile.in sudo-1.9.9/lib/util/Makefile.in --- sudo-1.9.5p2/lib/util/Makefile.in 2021-01-09 20:12:16.000000000 +0000 +++ sudo-1.9.9/lib/util/Makefile.in 2022-01-27 21:24:22.000000000 +0000 @@ -1,7 +1,7 @@ # # SPDX-License-Identifier: ISC # -# Copyright (c) 2011-2020 Todd C. Miller +# Copyright (c) 2011-2021 Todd C. Miller # # Permission to use, copy, modify, and distribute this software for any # purpose with or without fee is hereby granted, provided that the above @@ -50,12 +50,16 @@ # Compiler & tools to use CC = @CC@ +HOSTCC = @CC_FOR_BUILD@ +CPP = @CPP@ +HOSTCPP = @CPP_FOR_BUILD@ LIBTOOL = @LIBTOOL@ +SHA1SUM = @SHA1SUM@ SED = @SED@ AWK = @AWK@ # Our install program supports extra flags... -INSTALL = $(SHELL) $(top_srcdir)/install-sh -c +INSTALL = $(SHELL) $(scriptdir)/install-sh -c INSTALL_OWNER = -o $(install_uid) -g $(install_gid) INSTALL_BACKUP = @INSTALL_BACKUP@ @@ -63,11 +67,14 @@ CPPDEFS = -D_PATH_SUDO_CONF=\"$(sysconfdir)/sudo.conf\" # C preprocessor flags -CPPFLAGS = -I$(incdir) -I$(top_builddir) -I$(srcdir) $(CPPDEFS) @CPPFLAGS@ \ - -DDEFAULT_TEXT_DOMAIN=\"@PACKAGE_NAME@\" +CPPFLAGS = -I$(incdir) -I$(top_builddir) -I. -I$(srcdir) $(CPPDEFS) \ + @CPPFLAGS@ -DDEFAULT_TEXT_DOMAIN=\"@PACKAGE_NAME@\" +HOSTCPPFLAGS = -I$(incdir) -I$(top_builddir) -I. -I$(srcdir) $(CPPDEFS) \ + @CPPFLAGS_FOR_BUILD@ -DDEFAULT_TEXT_DOMAIN=\"@PACKAGE_NAME@\" # Usually -O and/or -g CFLAGS = @CFLAGS@ +HOSTCFLAGS = @CFLAGS_FOR_BUILD@ # Flags to pass to the link stage LDFLAGS = @LDFLAGS@ @@ -103,12 +110,23 @@ PVS_LOG_OPTS = -a 'GA:1,2' -e -t errorfile -d $(PVS_IGNORE) # Regression tests -TEST_PROGS = conf_test hltq_test parseln_test progname_test strsplit_test \ - strtobool_test strtoid_test strtomode_test strtonum_test \ - parse_gids_test getgrouplist_test @COMPAT_TEST_PROGS@ +TEST_PROGS = conf_test hltq_test parseln_test progname_test \ + strsplit_test strtobool_test strtoid_test strtomode_test \ + strtonum_test parse_gids_test getgids getgrouplist_test \ + uuid_test @COMPAT_TEST_PROGS@ TEST_LIBS = @LIBS@ TEST_LDFLAGS = @LDFLAGS@ +# Fuzzers +LIBFUZZSTUB = $(top_builddir)/lib/fuzzstub/libsudo_fuzzstub.la +LIB_FUZZING_ENGINE = @FUZZ_ENGINE@ +FUZZ_PROGS = fuzz_sudo_conf +FUZZ_SEED_CORPUS = ${FUZZ_PROGS:=_seed_corpus.zip} +FUZZ_LIBS = $(LIB_FUZZING_ENGINE) @LIBS@ +FUZZ_LDFLAGS = @LDFLAGS@ +FUZZ_MAX_LEN = 4096 +FUZZ_RUNS = 8192 + # User and group ids the installed files should be "owned" by install_uid = 0 install_gid = 0 @@ -120,9 +138,9 @@ SHELL = @SHELL@ -LTOBJS = @DIGEST@ event.lo fatal.lo key_val.lo gethostname.lo gettime.lo \ - getgrouplist.lo gidlist.lo json.lo lbuf.lo locking.lo \ - logfac.lo logpri.lo mkdir_parents.lo parseln.lo progname.lo \ +LTOBJS = basename.lo @DIGEST@ event.lo fatal.lo key_val.lo gethostname.lo \ + gettime.lo getgrouplist.lo gidlist.lo json.lo lbuf.lo locking.lo \ + logfac.lo logpri.lo mkdir_parents.lo parseln.lo progname.lo rcstr.lo \ roundup.lo secure_path.lo setgroups.lo strsplit.lo strtobool.lo \ strtoid.lo strtomode.lo strtonum.lo sudo_conf.lo \ sudo_debug.lo sudo_dso.lo term.lo ttyname_dev.lo \ @@ -136,7 +154,7 @@ PARSELN_TEST_OBJS = parseln_test.lo parseln.lo -PROGNAME_TEST_OBJS = progname_test.lo progname.lo +PROGNAME_TEST_OBJS = progname_test.lo progname.lo basename.lo CONF_TEST_OBJS = conf_test.lo sudo_conf.lo @@ -160,11 +178,17 @@ PARSE_GIDS_TEST_OBJS = parse_gids_test.lo gidlist.lo +GETGIDS_OBJS = getgids.lo getgrouplist.lo + GETGROUPLIST_TEST_OBJS = getgrouplist_test.lo getgrouplist.lo STRSIG_TEST_OBJS = strsig_test.lo sig2str.lo str2sig.lo @SIGNAME@ -VSYSLOG_TEST_OBJS = vsyslog_test.lo vsyslog.lo +UUID_TEST_OBJS = uuid_test.lo uuid.lo + +FUZZ_SUDO_CONF_OBJS = fuzz_sudo_conf.lo + +FUZZ_SUDO_CONF_CORPUS = $(srcdir)/regress/corpus/seed/sudo_conf/sudo.conf.* all: libsudo_util.la @@ -201,9 +225,9 @@ libsudo_util.la: $(LTOBJS) @LT_LDDEP@ case "$(LT_LDFLAGS)" in \ *-no-install*) \ - $(LIBTOOL) $(LTFLAGS) --mode=link $(CC) -o $@ $(LDFLAGS) $(LT_LDFLAGS) $(LTOBJS) @LT_DEP_LIBS@ @LIBINTL@ @LIBMD@ @LIBPTHREAD@ @LIBDL@ @LIBRT@ @NET_LIBS@;; \ + $(LIBTOOL) $(LTFLAGS) --mode=link $(CC) -o $@ $(LDFLAGS) $(LT_LDFLAGS) $(LTOBJS) @LT_DEP_LIBS@ @LIBINTL@ @LIBMD@ @LIBCRYPTO@ @LIBPTHREAD@ @LIBDL@ @LIBRT@ @NET_LIBS@;; \ *) \ - $(LIBTOOL) $(LTFLAGS) --mode=link $(CC) -o $@ $(LDFLAGS) $(ASAN_LDFLAGS) $(SSP_LDFLAGS) $(LT_LDFLAGS) $(LTOBJS) -version-info $(SHLIB_VERSION) -rpath $(libexecdir)/sudo @LT_DEP_LIBS@ @LIBINTL@ @LIBMD@ @LIBPTHREAD@ @LIBDL@ @LIBRT@ @NET_LIBS@;; \ + $(LIBTOOL) $(LTFLAGS) --mode=link $(CC) -o $@ $(LDFLAGS) $(ASAN_LDFLAGS) $(SSP_LDFLAGS) $(LT_LDFLAGS) $(LTOBJS) -version-info $(SHLIB_VERSION) -rpath $(libexecdir)/sudo @LT_DEP_LIBS@ @LIBINTL@ @LIBMD@ @LIBCRYPTO@ @LIBPTHREAD@ @LIBDL@ @LIBRT@ @NET_LIBS@;; \ esac siglist.c: mksiglist @@ -212,22 +236,28 @@ signame.c: mksigname ./mksigname > $@ -mksiglist: $(srcdir)/mksiglist.c $(srcdir)/mksiglist.h $(incdir)/sudo_compat.h $(top_builddir)/config.h - $(CC) $(CPPFLAGS) $(CFLAGS) $(srcdir)/mksiglist.c -o $@ +mksiglist: $(srcdir)/mksiglist.c mksiglist.h $(incdir)/sudo_compat.h $(top_builddir)/config.h + $(HOSTCC) $(HOSTCPPFLAGS) $(HOSTCFLAGS) $(srcdir)/mksiglist.c -o $@ -mksigname: $(srcdir)/mksigname.c $(srcdir)/mksigname.h $(incdir)/sudo_compat.h $(top_builddir)/config.h - $(CC) $(CPPFLAGS) $(CFLAGS) $(srcdir)/mksigname.c -o $@ +mksigname: $(srcdir)/mksigname.c mksigname.h $(incdir)/sudo_compat.h $(top_builddir)/config.h + $(HOSTCC) $(HOSTCPPFLAGS) $(HOSTCFLAGS) $(srcdir)/mksigname.c -o $@ -$(srcdir)/mksiglist.h: $(srcdir)/siglist.in +$(srcdir)/sys_siglist.h: $(srcdir)/siglist.in @if [ -n "$(DEVEL)" ]; then \ - $(AWK) 'BEGIN {print "/* public domain */\n"} /^ [A-Z]/ {printf("#ifdef SIG%s\n if (sudo_sys_siglist[SIG%s] == NULL)\n\tsudo_sys_siglist[SIG%s] = \"%s\";\n#endif\n", $$1, $$1, $$1, substr($$0, 13))}' < $(srcdir)/siglist.in > $@; \ + $(AWK) 'BEGIN {print "/* public domain */\n\n#include \n#include \n#include \n#include \"sudo_compat.h\"\n\nint sudo_end_of_headers;\nstatic char *sudo_sys_siglist[NSIG];\n"} /^ [A-Z]/ {printf("#ifdef SIG%s\n if (sudo_sys_siglist[SIG%s] == NULL)\n\tsudo_sys_siglist[SIG%s] = \"%s\";\n#endif\n", $$1, $$1, $$1, substr($$0, 13))}' < $(srcdir)/siglist.in > $@; \ fi -$(srcdir)/mksigname.h: $(srcdir)/siglist.in +$(srcdir)/sys_signame.h: $(srcdir)/siglist.in @if [ -n "$(DEVEL)" ]; then \ - $(AWK) 'BEGIN {print "/* public domain */\n"} /^ [A-Z]/ {printf("#ifdef SIG%s\n if (sudo_sys_signame[SIG%s] == NULL)\n\tsudo_sys_signame[SIG%s] = \"%s\";\n#endif\n", $$1, $$1, $$1, $$1)}' < $(srcdir)/siglist.in > $@; \ + $(AWK) 'BEGIN {print "/* public domain */\n\n#include \n#include \n#include \n#include \"sudo_compat.h\"\n\nint sudo_end_of_headers;\nstatic char *sudo_sys_signame[NSIG];\n"} /^ [A-Z]/ {printf("#ifdef SIG%s\n if (sudo_sys_signame[SIG%s] == NULL)\n\tsudo_sys_signame[SIG%s] = \"%s\";\n#endif\n", $$1, $$1, $$1, $$1)}' < $(srcdir)/siglist.in > $@; \ fi +mksiglist.h: $(srcdir)/sys_siglist.h + $(CPP) $(CPPFLAGS) $(srcdir)/sys_siglist.h | $(SED) -e '1,/^int sudo_end_of_headers;/d' -e '/^#/d' > mksiglist.h + +mksigname.h: $(srcdir)/sys_signame.h + $(CPP) $(CPPFLAGS) $(srcdir)/sys_signame.h | $(SED) -e '1,/^int sudo_end_of_headers;/d' -e '/^#/d' > mksigname.h + conf_test: $(CONF_TEST_OBJS) libsudo_util.la $(LIBTOOL) $(LTFLAGS) --mode=link $(CC) -o $@ $(CONF_TEST_OBJS) libsudo_util.la $(ASAN_LDFLAGS) $(PIE_LDFLAGS) $(SSP_LDFLAGS) $(TEST_LDFLAGS) $(TEST_LIBS) @@ -255,6 +285,9 @@ parse_gids_test: $(PARSE_GIDS_TEST_OBJS) libsudo_util.la $(LIBTOOL) $(LTFLAGS) --mode=link $(CC) -o $@ $(PARSE_GIDS_TEST_OBJS) libsudo_util.la $(ASAN_LDFLAGS) $(PIE_LDFLAGS) $(SSP_LDFLAGS) $(TEST_LDFLAGS) $(TEST_LIBS) +getgids: $(GETGIDS_OBJS) libsudo_util.la + $(LIBTOOL) $(LTFLAGS) --mode=link $(CC) -o $@ $(GETGIDS_OBJS) libsudo_util.la $(ASAN_LDFLAGS) $(PIE_LDFLAGS) $(SSP_LDFLAGS) $(TEST_LDFLAGS) $(TEST_LIBS) + getgrouplist_test: $(GETGROUPLIST_TEST_OBJS) libsudo_util.la $(LIBTOOL) $(LTFLAGS) --mode=link $(CC) -o $@ $(GETGROUPLIST_TEST_OBJS) libsudo_util.la $(ASAN_LDFLAGS) $(PIE_LDFLAGS) $(SSP_LDFLAGS) $(TEST_LDFLAGS) $(TEST_LIBS) @@ -276,8 +309,37 @@ strtoid_test: $(STRTOID_TEST_OBJS) libsudo_util.la $(LIBTOOL) $(LTFLAGS) --mode=link $(CC) -o $@ $(STRTOID_TEST_OBJS) libsudo_util.la $(ASAN_LDFLAGS) $(PIE_LDFLAGS) $(SSP_LDFLAGS) $(TEST_LDFLAGS) $(TEST_LIBS) -vsyslog_test: $(VSYSLOG_TEST_OBJS) libsudo_util.la - $(LIBTOOL) $(LTFLAGS) --mode=link $(CC) -o $@ $(VSYSLOG_TEST_OBJS) libsudo_util.la $(ASAN_LDFLAGS) $(PIE_LDFLAGS) $(SSP_LDFLAGS) $(TEST_LDFLAGS) $(TEST_LIBS) +uuid_test: $(UUID_TEST_OBJS) libsudo_util.la + $(LIBTOOL) $(LTFLAGS) --mode=link $(CC) -o $@ $(UUID_TEST_OBJS) libsudo_util.la $(ASAN_LDFLAGS) $(PIE_LDFLAGS) $(SSP_LDFLAGS) $(TEST_LDFLAGS) $(TEST_LIBS) + +fuzz_sudo_conf: $(FUZZ_SUDO_CONF_OBJS) $(LIBFUZZSTUB) libsudo_util.la + $(LIBTOOL) $(LTFLAGS) --mode=link $(CC) -o $@ $(FUZZ_SUDO_CONF_OBJS) $(ASAN_LDFLAGS) $(PIE_LDFLAGS) $(SSP_LDFLAGS) $(FUZZ_LDFLAGS) $(FUZZ_LIBS) libsudo_util.la + +fuzz_sudo_conf_seed_corpus.zip: + tdir=fuzz_sudo_conf.$$$$; \ + mkdir $$tdir; \ + for f in $(FUZZ_SUDO_CONF_CORPUS); do \ + cp $$f $$tdir/`$(SHA1SUM) $$f | $(SED) -e 's/^.*= *//' -e 's/ .*//'`; \ + done; \ + zip -j $@ $$tdir/*; \ + rm -rf $$tdir + +run-fuzz_sudo_conf: fuzz_sudo_conf + if locale -a 2>&1 | grep '^C.UTF-8$$' >/dev/null 2>&1; then \ + LC_ALL=C.UTF-8; export LC_ALL; \ + else \ + LC_ALL=C; export LC_ALL; \ + fi; \ + unset LANG || LANG=; \ + MALLOC_OPTIONS=S; export MALLOC_OPTIONS; \ + MALLOC_CONF="abort:true,junk:true"; export MALLOC_CONF; \ + umask 022; \ + corpus=regress/corpus/sudo_conf; \ + mkdir -p $$corpus; \ + for f in $(FUZZ_SUDO_CONF_CORPUS); do \ + cp $$f $$corpus; \ + done; \ + ./fuzz_sudo_conf -dict=$(srcdir)/regress/fuzz/fuzz_sudo_conf.dict -max_len=$(FUZZ_MAX_LEN) -runs=$(FUZZ_RUNS) $$corpus pre-install: @@ -300,6 +362,14 @@ install-plugin: +install-fuzzer: $(FUZZ_PROGS) $(FUZZ_SEED_CORPUS) + @if test X"$(FUZZ_DESTDIR)" = X""; then \ + echo "must set FUZZ_DESTDIR for install-fuzzer target"; \ + else \ + cp $(FUZZ_PROGS) $(FUZZ_SEED_CORPUS) $(FUZZ_DESTDIR); \ + cp $(srcdir)/regress/fuzz/*.dict $(FUZZ_DESTDIR); \ + fi + uninstall: $(LIBTOOL) $(LTFLAGS) --mode=uninstall rm -f $(DESTDIR)$(libexecdir)/sudo/libsudo_util.la -test -z "$(INSTALL_BACKUP)" || \ @@ -313,9 +383,31 @@ pvs-log-files: $(POBJS) +fuzz: run-fuzz_sudo_conf + +check-fuzzer: $(FUZZ_PROGS) + @if test X"$(cross_compiling)" != X"yes"; then \ + if locale -a 2>&1 | grep '^C.UTF-8$$' >/dev/null 2>&1; then \ + LC_ALL=C.UTF-8; export LC_ALL; \ + else \ + LC_ALL=C; export LC_ALL; \ + fi; \ + unset LANG || LANG=; \ + MALLOC_OPTIONS=S; export MALLOC_OPTIONS; \ + MALLOC_CONF="abort:true,junk:true"; export MALLOC_CONF; \ + echo "fuzz_sudo_conf: verifying corpus"; \ + ./fuzz_sudo_conf $(FUZZ_SUDO_CONF_CORPUS); \ + fi + # Note: some regress checks are run from srcdir for consistent error messages -check: $(TEST_PROGS) +check: $(TEST_PROGS) check-fuzzer @if test X"$(cross_compiling)" != X"yes"; then \ + if locale -a 2>&1 | grep '^C.UTF-8$$' >/dev/null 2>&1; then \ + LC_ALL=C.UTF-8; export LC_ALL; \ + else \ + LC_ALL=C; export LC_ALL; \ + fi; \ + unset LANG || LANG=; \ MALLOC_OPTIONS=S; export MALLOC_OPTIONS; \ MALLOC_CONF="abort:true,junk:true"; export MALLOC_CONF; \ rval=0; \ @@ -351,14 +443,12 @@ ./strtoid_test || rval=`expr $$rval + $$?`; \ ./strtomode_test || rval=`expr $$rval + $$?`; \ ./strtonum_test || rval=`expr $$rval + $$?`; \ + ./uuid_test || rval=`expr $$rval + $$?`; \ ./hltq_test || rval=`expr $$rval + $$?`; \ ./progname_test || rval=`expr $$rval + $$?`; \ rm -f ./progname_test2; ln -s ./progname_test ./progname_test2; \ ./progname_test2 || rval=`expr $$rval + $$?`; \ rm -f ./progname_test2; \ - if test -f vsyslog_test; then \ - ./vsyslog_test || rval=`expr $$rval + $$?`; \ - fi; \ build_dir=`pwd`; \ cd $(srcdir); \ for dir in sudo_conf sudo_parseln; do \ @@ -409,15 +499,17 @@ fi clean: - -$(LIBTOOL) $(LTFLAGS) --mode=clean rm -f $(TEST_PROGS) *.lo *.o *.la + -$(LIBTOOL) $(LTFLAGS) --mode=clean rm -f $(TEST_PROGS) $(FUZZ_PROGS) \ + *.lo *.o *.la -rm -f *.i *.plog stamp-* core *.core core.* regress/*/*.out \ regress/*/*.err + -rm -rf regress/corpus/sudo_conf mostlyclean: clean distclean: clean - -rm -rf Makefile mksiglist siglist.c mksigname signame.c .libs \ - $(shlib_exp) $(shlib_map) $(shlib_opt) + -rm -rf Makefile mksiglist mksiglist.h siglist.c mksigname \ + mksigname.h signame.c .libs $(shlib_exp) $(shlib_map) $(shlib_opt) clobber: distclean @@ -426,6 +518,9 @@ cleandir: realclean +.PHONY: clean mostlyclean distclean cleandir clobber realclean \ + $(FUZZ_SEED_CORPUS) run-fuzz_sudo_conf + # Autogenerated dependencies, do not modify aix.lo: $(srcdir)/aix.c $(incdir)/compat/stdbool.h $(incdir)/sudo_compat.h \ $(incdir)/sudo_debug.h $(incdir)/sudo_fatal.h $(incdir)/sudo_gettext.h \ @@ -439,16 +534,26 @@ $(CC) -E -o $@ $(CPPFLAGS) $< aix.plog: aix.i rm -f $@; pvs-studio --cfg $(PVS_CFG) --sourcetree-root $(top_srcdir) --skip-cl-exe yes --source-file $(srcdir)/aix.c --i-file $< --output-file $@ -arc4random.lo: $(srcdir)/arc4random.c $(incdir)/sudo_compat.h \ - $(incdir)/sudo_rand.h $(srcdir)/chacha_private.h \ - $(top_builddir)/config.h +arc4random.lo: $(srcdir)/arc4random.c $(incdir)/compat/stdbool.h \ + $(incdir)/sudo_compat.h $(incdir)/sudo_fatal.h \ + $(incdir)/sudo_plugin.h $(incdir)/sudo_rand.h \ + $(srcdir)/chacha_private.h $(top_builddir)/config.h $(LIBTOOL) $(LTFLAGS) --mode=compile $(CC) -c -o $@ $(CPPFLAGS) $(CFLAGS) $(ASAN_CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(srcdir)/arc4random.c -arc4random.i: $(srcdir)/arc4random.c $(incdir)/sudo_compat.h \ - $(incdir)/sudo_rand.h $(srcdir)/chacha_private.h \ - $(top_builddir)/config.h +arc4random.i: $(srcdir)/arc4random.c $(incdir)/compat/stdbool.h \ + $(incdir)/sudo_compat.h $(incdir)/sudo_fatal.h \ + $(incdir)/sudo_plugin.h $(incdir)/sudo_rand.h \ + $(srcdir)/chacha_private.h $(top_builddir)/config.h $(CC) -E -o $@ $(CPPFLAGS) $< arc4random.plog: arc4random.i rm -f $@; pvs-studio --cfg $(PVS_CFG) --sourcetree-root $(top_srcdir) --skip-cl-exe yes --source-file $(srcdir)/arc4random.c --i-file $< --output-file $@ +arc4random_buf.lo: $(srcdir)/arc4random_buf.c $(incdir)/sudo_compat.h \ + $(incdir)/sudo_rand.h $(top_builddir)/config.h + $(LIBTOOL) $(LTFLAGS) --mode=compile $(CC) -c -o $@ $(CPPFLAGS) $(CFLAGS) $(ASAN_CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(srcdir)/arc4random_buf.c +arc4random_buf.i: $(srcdir)/arc4random_buf.c $(incdir)/sudo_compat.h \ + $(incdir)/sudo_rand.h $(top_builddir)/config.h + $(CC) -E -o $@ $(CPPFLAGS) $< +arc4random_buf.plog: arc4random_buf.i + rm -f $@; pvs-studio --cfg $(PVS_CFG) --sourcetree-root $(top_srcdir) --skip-cl-exe yes --source-file $(srcdir)/arc4random_buf.c --i-file $< --output-file $@ arc4random_uniform.lo: $(srcdir)/arc4random_uniform.c $(incdir)/sudo_compat.h \ $(incdir)/sudo_rand.h $(top_builddir)/config.h $(LIBTOOL) $(LTFLAGS) --mode=compile $(CC) -c -o $@ $(CPPFLAGS) $(CFLAGS) $(ASAN_CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(srcdir)/arc4random_uniform.c @@ -457,6 +562,16 @@ $(CC) -E -o $@ $(CPPFLAGS) $< arc4random_uniform.plog: arc4random_uniform.i rm -f $@; pvs-studio --cfg $(PVS_CFG) --sourcetree-root $(top_srcdir) --skip-cl-exe yes --source-file $(srcdir)/arc4random_uniform.c --i-file $< --output-file $@ +basename.lo: $(srcdir)/basename.c $(incdir)/compat/stdbool.h \ + $(incdir)/sudo_compat.h $(incdir)/sudo_util.h \ + $(top_builddir)/config.h + $(LIBTOOL) $(LTFLAGS) --mode=compile $(CC) -c -o $@ $(CPPFLAGS) $(CFLAGS) $(ASAN_CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(srcdir)/basename.c +basename.i: $(srcdir)/basename.c $(incdir)/compat/stdbool.h \ + $(incdir)/sudo_compat.h $(incdir)/sudo_util.h \ + $(top_builddir)/config.h + $(CC) -E -o $@ $(CPPFLAGS) $< +basename.plog: basename.i + rm -f $@; pvs-studio --cfg $(PVS_CFG) --sourcetree-root $(top_srcdir) --skip-cl-exe yes --source-file $(srcdir)/basename.c --i-file $< --output-file $@ cfmakeraw.lo: $(srcdir)/cfmakeraw.c $(incdir)/sudo_compat.h \ $(top_builddir)/config.h $(LIBTOOL) $(LTFLAGS) --mode=compile $(CC) -c -o $@ $(CPPFLAGS) $(CFLAGS) $(ASAN_CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(srcdir)/cfmakeraw.c @@ -635,6 +750,22 @@ $(CC) -E -o $@ $(CPPFLAGS) $< fstatat.plog: fstatat.i rm -f $@; pvs-studio --cfg $(PVS_CFG) --sourcetree-root $(top_srcdir) --skip-cl-exe yes --source-file $(srcdir)/fstatat.c --i-file $< --output-file $@ +fuzz_sudo_conf.lo: $(srcdir)/regress/fuzz/fuzz_sudo_conf.c \ + $(incdir)/compat/stdbool.h $(incdir)/sudo_compat.h \ + $(incdir)/sudo_conf.h $(incdir)/sudo_debug.h \ + $(incdir)/sudo_fatal.h $(incdir)/sudo_plugin.h \ + $(incdir)/sudo_queue.h $(incdir)/sudo_util.h \ + $(top_builddir)/config.h + $(LIBTOOL) $(LTFLAGS) --mode=compile $(CC) -c -o $@ $(CPPFLAGS) $(CFLAGS) $(ASAN_CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(srcdir)/regress/fuzz/fuzz_sudo_conf.c +fuzz_sudo_conf.i: $(srcdir)/regress/fuzz/fuzz_sudo_conf.c \ + $(incdir)/compat/stdbool.h $(incdir)/sudo_compat.h \ + $(incdir)/sudo_conf.h $(incdir)/sudo_debug.h \ + $(incdir)/sudo_fatal.h $(incdir)/sudo_plugin.h \ + $(incdir)/sudo_queue.h $(incdir)/sudo_util.h \ + $(top_builddir)/config.h + $(CC) -E -o $@ $(CPPFLAGS) $< +fuzz_sudo_conf.plog: fuzz_sudo_conf.i + rm -f $@; pvs-studio --cfg $(PVS_CFG) --sourcetree-root $(top_srcdir) --skip-cl-exe yes --source-file $(srcdir)/regress/fuzz/fuzz_sudo_conf.c --i-file $< --output-file $@ getaddrinfo.lo: $(srcdir)/getaddrinfo.c $(incdir)/compat/getaddrinfo.h \ $(incdir)/sudo_compat.h $(top_builddir)/config.h $(LIBTOOL) $(LTFLAGS) --mode=compile $(CC) -c -o $@ $(CPPFLAGS) $(CFLAGS) $(ASAN_CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(srcdir)/getaddrinfo.c @@ -679,12 +810,26 @@ $(CC) -E -o $@ $(CPPFLAGS) $< getentropy.plog: getentropy.i rm -f $@; pvs-studio --cfg $(PVS_CFG) --sourcetree-root $(top_srcdir) --skip-cl-exe yes --source-file $(srcdir)/getentropy.c --i-file $< --output-file $@ +getgids.lo: $(srcdir)/regress/getgrouplist/getgids.c \ + $(incdir)/compat/stdbool.h $(incdir)/sudo_compat.h \ + $(incdir)/sudo_fatal.h $(incdir)/sudo_plugin.h \ + $(incdir)/sudo_util.h $(top_builddir)/config.h + $(LIBTOOL) $(LTFLAGS) --mode=compile $(CC) -c -o $@ $(CPPFLAGS) $(CFLAGS) $(ASAN_CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(srcdir)/regress/getgrouplist/getgids.c +getgids.i: $(srcdir)/regress/getgrouplist/getgids.c \ + $(incdir)/compat/stdbool.h $(incdir)/sudo_compat.h \ + $(incdir)/sudo_fatal.h $(incdir)/sudo_plugin.h \ + $(incdir)/sudo_util.h $(top_builddir)/config.h + $(CC) -E -o $@ $(CPPFLAGS) $< +getgids.plog: getgids.i + rm -f $@; pvs-studio --cfg $(PVS_CFG) --sourcetree-root $(top_srcdir) --skip-cl-exe yes --source-file $(srcdir)/regress/getgrouplist/getgids.c --i-file $< --output-file $@ getgrouplist.lo: $(srcdir)/getgrouplist.c $(incdir)/compat/nss_dbdefs.h \ $(incdir)/compat/stdbool.h $(incdir)/sudo_compat.h \ + $(incdir)/sudo_debug.h $(incdir)/sudo_queue.h \ $(incdir)/sudo_util.h $(top_builddir)/config.h $(LIBTOOL) $(LTFLAGS) --mode=compile $(CC) -c -o $@ $(CPPFLAGS) $(CFLAGS) $(ASAN_CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(srcdir)/getgrouplist.c getgrouplist.i: $(srcdir)/getgrouplist.c $(incdir)/compat/nss_dbdefs.h \ $(incdir)/compat/stdbool.h $(incdir)/sudo_compat.h \ + $(incdir)/sudo_debug.h $(incdir)/sudo_queue.h \ $(incdir)/sudo_util.h $(top_builddir)/config.h $(CC) -E -o $@ $(CPPFLAGS) $< getgrouplist.plog: getgrouplist.i @@ -779,6 +924,16 @@ $(CC) -E -o $@ $(CPPFLAGS) $< globtest.plog: globtest.i rm -f $@; pvs-studio --cfg $(PVS_CFG) --sourcetree-root $(top_srcdir) --skip-cl-exe yes --source-file $(srcdir)/regress/glob/globtest.c --i-file $< --output-file $@ +gmtime_r.lo: $(srcdir)/gmtime_r.c $(incdir)/compat/stdbool.h \ + $(incdir)/sudo_compat.h $(incdir)/sudo_util.h \ + $(top_builddir)/config.h + $(LIBTOOL) $(LTFLAGS) --mode=compile $(CC) -c -o $@ $(CPPFLAGS) $(CFLAGS) $(ASAN_CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(srcdir)/gmtime_r.c +gmtime_r.i: $(srcdir)/gmtime_r.c $(incdir)/compat/stdbool.h \ + $(incdir)/sudo_compat.h $(incdir)/sudo_util.h \ + $(top_builddir)/config.h + $(CC) -E -o $@ $(CPPFLAGS) $< +gmtime_r.plog: gmtime_r.i + rm -f $@; pvs-studio --cfg $(PVS_CFG) --sourcetree-root $(top_srcdir) --skip-cl-exe yes --source-file $(srcdir)/gmtime_r.c --i-file $< --output-file $@ hltq_test.lo: $(srcdir)/regress/tailq/hltq_test.c $(incdir)/compat/stdbool.h \ $(incdir)/sudo_compat.h $(incdir)/sudo_fatal.h \ $(incdir)/sudo_plugin.h $(incdir)/sudo_queue.h \ @@ -841,6 +996,16 @@ $(CC) -E -o $@ $(CPPFLAGS) $< lbuf.plog: lbuf.i rm -f $@; pvs-studio --cfg $(PVS_CFG) --sourcetree-root $(top_srcdir) --skip-cl-exe yes --source-file $(srcdir)/lbuf.c --i-file $< --output-file $@ +localtime_r.lo: $(srcdir)/localtime_r.c $(incdir)/compat/stdbool.h \ + $(incdir)/sudo_compat.h $(incdir)/sudo_util.h \ + $(top_builddir)/config.h + $(LIBTOOL) $(LTFLAGS) --mode=compile $(CC) -c -o $@ $(CPPFLAGS) $(CFLAGS) $(ASAN_CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(srcdir)/localtime_r.c +localtime_r.i: $(srcdir)/localtime_r.c $(incdir)/compat/stdbool.h \ + $(incdir)/sudo_compat.h $(incdir)/sudo_util.h \ + $(top_builddir)/config.h + $(CC) -E -o $@ $(CPPFLAGS) $< +localtime_r.plog: localtime_r.i + rm -f $@; pvs-studio --cfg $(PVS_CFG) --sourcetree-root $(top_srcdir) --skip-cl-exe yes --source-file $(srcdir)/localtime_r.c --i-file $< --output-file $@ locking.lo: $(srcdir)/locking.c $(incdir)/compat/stdbool.h \ $(incdir)/sudo_compat.h $(incdir)/sudo_debug.h \ $(incdir)/sudo_queue.h $(incdir)/sudo_util.h \ @@ -893,6 +1058,12 @@ $(CC) -E -o $@ $(CPPFLAGS) $< mkdir_parents.plog: mkdir_parents.i rm -f $@; pvs-studio --cfg $(PVS_CFG) --sourcetree-root $(top_srcdir) --skip-cl-exe yes --source-file $(srcdir)/mkdir_parents.c --i-file $< --output-file $@ +mkdirat.lo: $(srcdir)/mkdirat.c $(incdir)/sudo_compat.h $(top_builddir)/config.h + $(LIBTOOL) $(LTFLAGS) --mode=compile $(CC) -c -o $@ $(CPPFLAGS) $(CFLAGS) $(ASAN_CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(srcdir)/mkdirat.c +mkdirat.i: $(srcdir)/mkdirat.c $(incdir)/sudo_compat.h $(top_builddir)/config.h + $(CC) -E -o $@ $(CPPFLAGS) $< +mkdirat.plog: mkdirat.i + rm -f $@; pvs-studio --cfg $(PVS_CFG) --sourcetree-root $(top_srcdir) --skip-cl-exe yes --source-file $(srcdir)/mkdirat.c --i-file $< --output-file $@ mksiglist.lo: $(srcdir)/mksiglist.c $(incdir)/sudo_compat.h \ $(srcdir)/mksiglist.h $(top_builddir)/config.h $(LIBTOOL) $(LTFLAGS) --mode=compile $(CC) -c -o $@ $(CPPFLAGS) $(CFLAGS) $(ASAN_CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(srcdir)/mksiglist.c @@ -1023,6 +1194,16 @@ $(CC) -E -o $@ $(CPPFLAGS) $< pwrite.plog: pwrite.i rm -f $@; pvs-studio --cfg $(PVS_CFG) --sourcetree-root $(top_srcdir) --skip-cl-exe yes --source-file $(srcdir)/pwrite.c --i-file $< --output-file $@ +rcstr.lo: $(srcdir)/rcstr.c $(incdir)/compat/stdbool.h $(incdir)/sudo_compat.h \ + $(incdir)/sudo_debug.h $(incdir)/sudo_queue.h $(incdir)/sudo_util.h \ + $(top_builddir)/config.h + $(LIBTOOL) $(LTFLAGS) --mode=compile $(CC) -c -o $@ $(CPPFLAGS) $(CFLAGS) $(ASAN_CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(srcdir)/rcstr.c +rcstr.i: $(srcdir)/rcstr.c $(incdir)/compat/stdbool.h $(incdir)/sudo_compat.h \ + $(incdir)/sudo_debug.h $(incdir)/sudo_queue.h $(incdir)/sudo_util.h \ + $(top_builddir)/config.h + $(CC) -E -o $@ $(CPPFLAGS) $< +rcstr.plog: rcstr.i + rm -f $@; pvs-studio --cfg $(PVS_CFG) --sourcetree-root $(top_srcdir) --skip-cl-exe yes --source-file $(srcdir)/rcstr.c --i-file $< --output-file $@ reallocarray.lo: $(srcdir)/reallocarray.c $(incdir)/sudo_compat.h \ $(top_builddir)/config.h $(LIBTOOL) $(LTFLAGS) --mode=compile $(CC) -c -o $@ $(CPPFLAGS) $(CFLAGS) $(ASAN_CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(srcdir)/reallocarray.c @@ -1085,15 +1266,15 @@ $(CC) -E -o $@ $(CPPFLAGS) $< sig2str.plog: sig2str.i rm -f $@; pvs-studio --cfg $(PVS_CFG) --sourcetree-root $(top_srcdir) --skip-cl-exe yes --source-file $(srcdir)/sig2str.c --i-file $< --output-file $@ -siglist.lo: siglist.c $(incdir)/sudo_compat.h $(top_builddir)/config.h +siglist.lo: siglist.c $(LIBTOOL) $(LTFLAGS) --mode=compile $(CC) -c -o $@ $(CPPFLAGS) $(CFLAGS) $(ASAN_CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) siglist.c -siglist.i: siglist.c $(incdir)/sudo_compat.h $(top_builddir)/config.h +siglist.i: siglist.c $(CC) -E -o $@ $(CPPFLAGS) $< siglist.plog: siglist.i rm -f $@; pvs-studio --cfg $(PVS_CFG) --sourcetree-root $(top_srcdir) --skip-cl-exe yes --source-file siglist.c --i-file $< --output-file $@ -signame.lo: signame.c $(incdir)/sudo_compat.h $(top_builddir)/config.h +signame.lo: signame.c $(LIBTOOL) $(LTFLAGS) --mode=compile $(CC) -c -o $@ $(CPPFLAGS) $(CFLAGS) $(ASAN_CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) signame.c -signame.i: signame.c $(incdir)/sudo_compat.h $(top_builddir)/config.h +signame.i: signame.c $(CC) -E -o $@ $(CPPFLAGS) $< signame.plog: signame.i rm -f $@; pvs-studio --cfg $(PVS_CFG) --sourcetree-root $(top_srcdir) --skip-cl-exe yes --source-file signame.c --i-file $< --output-file $@ @@ -1327,6 +1508,16 @@ $(CC) -E -o $@ $(CPPFLAGS) $< term.plog: term.i rm -f $@; pvs-studio --cfg $(PVS_CFG) --sourcetree-root $(top_srcdir) --skip-cl-exe yes --source-file $(srcdir)/term.c --i-file $< --output-file $@ +timegm.lo: $(srcdir)/timegm.c $(incdir)/compat/stdbool.h \ + $(incdir)/sudo_compat.h $(incdir)/sudo_debug.h \ + $(incdir)/sudo_queue.h $(top_builddir)/config.h + $(LIBTOOL) $(LTFLAGS) --mode=compile $(CC) -c -o $@ $(CPPFLAGS) $(CFLAGS) $(ASAN_CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(srcdir)/timegm.c +timegm.i: $(srcdir)/timegm.c $(incdir)/compat/stdbool.h \ + $(incdir)/sudo_compat.h $(incdir)/sudo_debug.h \ + $(incdir)/sudo_queue.h $(top_builddir)/config.h + $(CC) -E -o $@ $(CPPFLAGS) $< +timegm.plog: timegm.i + rm -f $@; pvs-studio --cfg $(PVS_CFG) --sourcetree-root $(top_srcdir) --skip-cl-exe yes --source-file $(srcdir)/timegm.c --i-file $< --output-file $@ ttyname_dev.lo: $(srcdir)/ttyname_dev.c $(incdir)/compat/stdbool.h \ $(incdir)/sudo_compat.h $(incdir)/sudo_conf.h \ $(incdir)/sudo_debug.h $(incdir)/sudo_queue.h \ @@ -1379,21 +1570,15 @@ $(CC) -E -o $@ $(CPPFLAGS) $< uuid.plog: uuid.i rm -f $@; pvs-studio --cfg $(PVS_CFG) --sourcetree-root $(top_srcdir) --skip-cl-exe yes --source-file $(srcdir)/uuid.c --i-file $< --output-file $@ -vsyslog.lo: $(srcdir)/vsyslog.c $(incdir)/sudo_compat.h $(top_builddir)/config.h - $(LIBTOOL) $(LTFLAGS) --mode=compile $(CC) -c -o $@ $(CPPFLAGS) $(CFLAGS) $(ASAN_CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(srcdir)/vsyslog.c -vsyslog.i: $(srcdir)/vsyslog.c $(incdir)/sudo_compat.h $(top_builddir)/config.h - $(CC) -E -o $@ $(CPPFLAGS) $< -vsyslog.plog: vsyslog.i - rm -f $@; pvs-studio --cfg $(PVS_CFG) --sourcetree-root $(top_srcdir) --skip-cl-exe yes --source-file $(srcdir)/vsyslog.c --i-file $< --output-file $@ -vsyslog_test.lo: $(srcdir)/regress/vsyslog/vsyslog_test.c \ - $(incdir)/compat/stdbool.h $(incdir)/sudo_compat.h \ - $(incdir)/sudo_fatal.h $(incdir)/sudo_plugin.h \ - $(incdir)/sudo_util.h $(top_builddir)/config.h - $(LIBTOOL) $(LTFLAGS) --mode=compile $(CC) -c -o $@ $(CPPFLAGS) $(CFLAGS) $(ASAN_CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(srcdir)/regress/vsyslog/vsyslog_test.c -vsyslog_test.i: $(srcdir)/regress/vsyslog/vsyslog_test.c \ - $(incdir)/compat/stdbool.h $(incdir)/sudo_compat.h \ - $(incdir)/sudo_fatal.h $(incdir)/sudo_plugin.h \ - $(incdir)/sudo_util.h $(top_builddir)/config.h +uuid_test.lo: $(srcdir)/regress/uuid/uuid_test.c $(incdir)/compat/stdbool.h \ + $(incdir)/sudo_compat.h $(incdir)/sudo_fatal.h \ + $(incdir)/sudo_plugin.h $(incdir)/sudo_util.h \ + $(top_builddir)/config.h + $(LIBTOOL) $(LTFLAGS) --mode=compile $(CC) -c -o $@ $(CPPFLAGS) $(CFLAGS) $(ASAN_CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(srcdir)/regress/uuid/uuid_test.c +uuid_test.i: $(srcdir)/regress/uuid/uuid_test.c $(incdir)/compat/stdbool.h \ + $(incdir)/sudo_compat.h $(incdir)/sudo_fatal.h \ + $(incdir)/sudo_plugin.h $(incdir)/sudo_util.h \ + $(top_builddir)/config.h $(CC) -E -o $@ $(CPPFLAGS) $< -vsyslog_test.plog: vsyslog_test.i - rm -f $@; pvs-studio --cfg $(PVS_CFG) --sourcetree-root $(top_srcdir) --skip-cl-exe yes --source-file $(srcdir)/regress/vsyslog/vsyslog_test.c --i-file $< --output-file $@ +uuid_test.plog: uuid_test.i + rm -f $@; pvs-studio --cfg $(PVS_CFG) --sourcetree-root $(top_srcdir) --skip-cl-exe yes --source-file $(srcdir)/regress/uuid/uuid_test.c --i-file $< --output-file $@ diff -Nru sudo-1.9.5p2/lib/util/arc4random.c sudo-1.9.9/lib/util/arc4random.c --- sudo-1.9.5p2/lib/util/arc4random.c 2021-01-09 20:12:16.000000000 +0000 +++ sudo-1.9.9/lib/util/arc4random.c 2022-01-27 21:24:22.000000000 +0000 @@ -51,6 +51,7 @@ #endif #include "sudo_compat.h" +#include "sudo_fatal.h" #include "sudo_rand.h" #define KEYSTREAM_ONLY @@ -96,7 +97,7 @@ unsigned char rnd[KEYSZ + IVSZ]; if (getentropy(rnd, sizeof rnd) == -1) - raise(SIGKILL); + sudo_fatal_nodebug("getentropy"); if (!rs_initialized) { rs_initialized = 1; diff -Nru sudo-1.9.5p2/lib/util/arc4random_buf.c sudo-1.9.9/lib/util/arc4random_buf.c --- sudo-1.9.5p2/lib/util/arc4random_buf.c 2020-12-17 01:33:43.000000000 +0000 +++ sudo-1.9.9/lib/util/arc4random_buf.c 2022-01-27 21:24:22.000000000 +0000 @@ -35,6 +35,8 @@ #include "sudo_compat.h" #include "sudo_rand.h" +#define minimum(a, b) ((a) < (b) ? (a) : (b)) + /* * Call arc4random() repeatedly to fill buf with n bytes of random data. */ diff -Nru sudo-1.9.5p2/lib/util/basename.c sudo-1.9.9/lib/util/basename.c --- sudo-1.9.5p2/lib/util/basename.c 1970-01-01 00:00:00.000000000 +0000 +++ sudo-1.9.9/lib/util/basename.c 2022-01-27 21:24:06.000000000 +0000 @@ -0,0 +1,52 @@ +/* + * SPDX-License-Identifier: ISC + * + * Copyright (c) 2021 Todd C. Miller + * + * Permission to use, copy, modify, and distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR + * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN + * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF + * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + */ + +/* + * This is an open source non-commercial project. Dear PVS-Studio, please check it. + * PVS-Studio Static Code Analyzer for C, C++ and C#: http://www.viva64.com + */ + +#include + +#include +#include +#include +#include +#include +#include + +#include "sudo_compat.h" +#include "sudo_util.h" + +/* + * GNU-compatible basename(3) + * Unlike the POSIX version, this version never modifies its argument + * and returns an empty string if filename ends in a slash. + */ +char * +sudo_basename_v1(const char *filename) +{ + char *base; + + if ((base = strrchr(filename, '/')) != NULL) + base++; + else + base = (char *)filename; + + return base; +} diff -Nru sudo-1.9.5p2/lib/util/closefrom.c sudo-1.9.9/lib/util/closefrom.c --- sudo-1.9.5p2/lib/util/closefrom.c 2020-12-17 01:33:43.000000000 +0000 +++ sudo-1.9.9/lib/util/closefrom.c 2022-01-27 21:24:22.000000000 +0000 @@ -1,7 +1,7 @@ /* * SPDX-License-Identifier: ISC * - * Copyright (c) 2004-2005, 2007, 2010, 2012-2015, 2017-2018 + * Copyright (c) 2004-2005, 2007, 2010, 2012-2015, 2017-2021 * Todd C. Miller * * Permission to use, copy, modify, and distribute this software for any @@ -29,12 +29,16 @@ #include #include #include +#include #include #ifdef HAVE_PSTAT_GETPROC # include #else # include #endif +#ifdef HAVE_LIBPROC_H +# include +#endif #include "sudo_compat.h" #include "sudo_util.h" @@ -44,6 +48,13 @@ # define OPEN_MAX 256 #endif +/* Avoid potential libdispatch crash on macOS when we close its fds. */ +#ifdef __APPLE__ +# define closefrom_close(x) fcntl((x), F_SETFD, FD_CLOEXEC) +#else +# define closefrom_close(x) close(x) +#endif + /* * Close all file descriptors greater than or equal to lowfd. * This is the expensive (fallback) method. @@ -69,12 +80,7 @@ maxfd = INT_MAX; for (fd = lowfd; fd < maxfd; fd++) { -#ifdef __APPLE__ - /* Avoid potential libdispatch crash when we close its fds. */ - (void) fcntl((int) fd, F_SETFD, FD_CLOEXEC); -#else - (void) close((int) fd); -#endif + (void)closefrom_close((int)fd); } } @@ -91,12 +97,45 @@ const char *path; DIR *dirp; #endif +#if defined(HAVE_PROC_PIDINFO) + struct proc_fdinfo *buf = NULL; + const pid_t pid = getpid(); + int i, n, len; +#endif /* Try the fast method first, if possible. */ #if defined(HAVE_FCNTL_CLOSEM) if (fcntl(lowfd, F_CLOSEM, 0) != -1) return; -#endif +#elif defined(HAVE_PROC_PIDINFO) + len = proc_pidinfo(pid, PROC_PIDLISTFDS, 0, NULL, 0); + switch (len) { + case 0: + /* No open files. */ + return; + case -1: + /* Fall back on other methods. */ + break; + default: + /* Allocate space for 4 extra fds to leave some wiggle room. */ + buf = malloc(len + (PROC_PIDLISTFD_SIZE * 4)); + if (buf == NULL) + break; + n = proc_pidinfo(pid, PROC_PIDLISTFDS, 0, buf, len); + if (n == -1 || n > len) { + free(buf); + break; + } + n /= PROC_PIDLISTFD_SIZE; + for (i = 0; i < n; i++) { + if (buf[i].proc_fd >= lowfd) { + (void)closefrom_close(buf[i].proc_fd); + } + } + free(buf); + return; + } +#endif /* HAVE_PROC_PIDINFO */ #if defined(HAVE_PSTAT_GETPROC) /* * EOVERFLOW is not a fatal error for the fields we use. @@ -107,7 +146,7 @@ int fd; for (fd = lowfd; fd <= pst.pst_highestfd; fd++) - (void) close(fd); + (void)closefrom_close(fd); return; } #elif defined(HAVE_DIRFD) @@ -123,15 +162,10 @@ const char *errstr; int fd = sudo_strtonum(dent->d_name, lowfd, INT_MAX, &errstr); if (errstr == NULL && fd != dirfd(dirp)) { -# ifdef __APPLE__ - /* Avoid potential libdispatch crash when we close its fds. */ - (void) fcntl(fd, F_SETFD, FD_CLOEXEC); -# else - (void) close(fd); -# endif + (void)closefrom_close(fd); } } - (void) closedir(dirp); + (void)closedir(dirp); return; } #endif /* HAVE_DIRFD */ diff -Nru sudo-1.9.5p2/lib/util/digest_openssl.c sudo-1.9.9/lib/util/digest_openssl.c --- sudo-1.9.5p2/lib/util/digest_openssl.c 2020-12-17 01:33:43.000000000 +0000 +++ sudo-1.9.9/lib/util/digest_openssl.c 2022-01-27 21:24:22.000000000 +0000 @@ -1,7 +1,7 @@ /* * SPDX-License-Identifier: ISC * - * Copyright (c) 2013-2018 Todd C. Miller + * Copyright (c) 2013-2021 Todd C. Miller * * Permission to use, copy, modify, and distribute this software for any * purpose with or without fee is hereby granted, provided that the above @@ -26,78 +26,71 @@ #include #include -#include +#if defined(HAVE_WOLFSSL) +# include +#endif +#include #include "sudo_compat.h" #include "sudo_debug.h" #include "sudo_digest.h" -union ANY_CTX { - SHA256_CTX sha256; - SHA512_CTX sha512; +struct sudo_digest { + EVP_MD_CTX *ctx; + const EVP_MD *md; }; -static struct digest_function { - const unsigned int digest_len; - int (*init)(union ANY_CTX *); - int (*update)(union ANY_CTX *, const void *, size_t); - int (*final)(unsigned char *, union ANY_CTX *); -} digest_functions[] = { - { - SHA224_DIGEST_LENGTH, - (int (*)(union ANY_CTX *))SHA224_Init, - (int (*)(union ANY_CTX *, const void *, size_t))SHA224_Update, - (int (*)(unsigned char *, union ANY_CTX *))SHA224_Final - }, { - SHA256_DIGEST_LENGTH, - (int (*)(union ANY_CTX *))SHA256_Init, - (int (*)(union ANY_CTX *, const void *, size_t))SHA256_Update, - (int (*)(unsigned char *, union ANY_CTX *))SHA256_Final - }, { - SHA384_DIGEST_LENGTH, - (int (*)(union ANY_CTX *))SHA384_Init, - (int (*)(union ANY_CTX *, const void *, size_t))SHA384_Update, - (int (*)(unsigned char *, union ANY_CTX *))SHA384_Final - }, { - SHA512_DIGEST_LENGTH, - (int (*)(union ANY_CTX *))SHA512_Init, - (int (*)(union ANY_CTX *, const void *, size_t))SHA512_Update, - (int (*)(unsigned char *, union ANY_CTX *))SHA512_Final - }, { - 0 - } -}; +static const EVP_MD * +sudo_digest_type_to_md(int digest_type) +{ + const EVP_MD *md = NULL; + debug_decl(sudo_digest_type_to_md, SUDO_DEBUG_UTIL); -struct sudo_digest { - struct digest_function *func; - union ANY_CTX ctx; -}; + switch (digest_type) { + case SUDO_DIGEST_SHA224: + md = EVP_sha224(); + break; + case SUDO_DIGEST_SHA256: + md = EVP_sha256(); + break; + case SUDO_DIGEST_SHA384: + md = EVP_sha384(); + break; + case SUDO_DIGEST_SHA512: + md = EVP_sha512(); + break; + default: + errno = EINVAL; + break; + } + debug_return_const_ptr(md); +} struct sudo_digest * sudo_digest_alloc_v1(int digest_type) { - debug_decl(sudo_digest_alloc, SUDO_DEBUG_UTIL); - struct digest_function *func = NULL; struct sudo_digest *dig; - int i; + EVP_MD_CTX *mdctx = NULL; + const EVP_MD *md; + debug_decl(sudo_digest_alloc, SUDO_DEBUG_UTIL); - for (i = 0; digest_functions[i].digest_len != 0; i++) { - if (digest_type == i) { - func = &digest_functions[i]; - break; - } - } - if (func == NULL) { - errno = EINVAL; - debug_return_ptr(NULL); - } + md = sudo_digest_type_to_md(digest_type); + if (md == NULL) + goto bad; + + mdctx = EVP_MD_CTX_new(); + if (mdctx == NULL || !EVP_DigestInit_ex(mdctx, md, NULL)) + goto bad; if ((dig = malloc(sizeof(*dig))) == NULL) - debug_return_ptr(NULL); - func->init(&dig->ctx); - dig->func = func; + goto bad; + dig->md = md; + dig->ctx = mdctx; debug_return_ptr(dig); +bad: + EVP_MD_CTX_free(mdctx); + debug_return_ptr(NULL); } void @@ -105,7 +98,10 @@ { debug_decl(sudo_digest_free, SUDO_DEBUG_UTIL); - free(dig); + if (dig != NULL) { + EVP_MD_CTX_free(dig->ctx); + free(dig); + } debug_return; } @@ -115,22 +111,24 @@ { debug_decl(sudo_digest_reset, SUDO_DEBUG_UTIL); - dig->func->init(&dig->ctx); + /* These cannot fail. */ + EVP_MD_CTX_reset(dig->ctx); + EVP_DigestInit_ex(dig->ctx, dig->md, NULL); debug_return; } + int sudo_digest_getlen_v1(int digest_type) { + const EVP_MD *md; debug_decl(sudo_digest_getlen, SUDO_DEBUG_UTIL); - int i; - for (i = 0; digest_functions[i].digest_len != 0; i++) { - if (digest_type == i) - debug_return_int(digest_functions[i].digest_len); - } + md = sudo_digest_type_to_md(digest_type); + if (md == NULL) + debug_return_int(-1); - debug_return_int(-1); + debug_return_int(EVP_MD_size(md)); } void @@ -138,7 +136,7 @@ { debug_decl(sudo_digest_update, SUDO_DEBUG_UTIL); - dig->func->update(&dig->ctx, data, len); + EVP_DigestUpdate(dig->ctx, data, len); debug_return; } @@ -148,7 +146,7 @@ { debug_decl(sudo_digest_final, SUDO_DEBUG_UTIL); - dig->func->final(md, &dig->ctx); + EVP_DigestFinal_ex(dig->ctx, md, NULL); debug_return; } diff -Nru sudo-1.9.5p2/lib/util/fatal.c sudo-1.9.9/lib/util/fatal.c --- sudo-1.9.5p2/lib/util/fatal.c 2021-01-09 20:12:16.000000000 +0000 +++ sudo-1.9.9/lib/util/fatal.c 2022-01-27 21:24:06.000000000 +0000 @@ -183,6 +183,7 @@ warning(const char *errstr, const char *fmt, va_list ap) { int cookie; + const int saved_errno = errno; /* Set user locale if setter was specified. */ if (sudo_warn_setlocale != NULL) @@ -246,6 +247,9 @@ /* Restore old locale as needed. */ if (sudo_warn_setlocale != NULL) sudo_warn_setlocale(true, &cookie); + + /* Do not clobber errno. */ + errno = saved_errno; } /* diff -Nru sudo-1.9.5p2/lib/util/getcwd.c sudo-1.9.9/lib/util/getcwd.c --- sudo-1.9.5p2/lib/util/getcwd.c 2020-12-17 01:33:43.000000000 +0000 +++ sudo-1.9.9/lib/util/getcwd.c 2022-01-27 21:24:22.000000000 +0000 @@ -137,7 +137,7 @@ * as necessary. Max length is 3 for "../", the largest * possible component name, plus a trailing NULL. */ - if (bup + 3 + MAXNAMLEN + 1 >= eup) { + if (bup + 3 + NAME_MAX + 1 >= eup) { char *nup; if ((nup = reallocarray(up, upsize, 2)) == NULL) diff -Nru sudo-1.9.5p2/lib/util/getdelim.c sudo-1.9.9/lib/util/getdelim.c --- sudo-1.9.5p2/lib/util/getdelim.c 2020-12-17 01:33:43.000000000 +0000 +++ sudo-1.9.9/lib/util/getdelim.c 2022-01-27 21:24:06.000000000 +0000 @@ -53,9 +53,10 @@ char *tmp = reallocarray(*buf, *bufsize, 2); if (tmp == NULL) goto bad; + *bufsize *= 2; cp = tmp + (cp - *buf); + ep = cp + *bufsize; *buf = tmp; - *bufsize *= 2; } if ((ch = getc(fp)) == EOF) { if (feof(fp)) diff -Nru sudo-1.9.5p2/lib/util/getentropy.c sudo-1.9.9/lib/util/getentropy.c --- sudo-1.9.5p2/lib/util/getentropy.c 2020-12-17 01:33:43.000000000 +0000 +++ sudo-1.9.9/lib/util/getentropy.c 2022-01-27 21:24:22.000000000 +0000 @@ -29,7 +29,7 @@ #include #include #include -#ifdef HAVE_SYSCTL +#ifdef HAVE_SYS_SYSCTL_H # include #endif #ifdef HAVE_SYS_STATVFS_H @@ -64,6 +64,12 @@ #ifdef HAVE_DL_ITERATE_PHDR # include #endif +#ifdef HAVE_OPENSSL +# if defined(HAVE_WOLFSSL) +# include +# endif +# include +#endif #include "sudo_compat.h" #include "sudo_digest.h" @@ -73,6 +79,10 @@ # define MAP_ANON MAP_ANONYMOUS #endif +#ifndef MAP_FAILED +# define MAP_FAILED ((void *) -1) +#endif + #define REPEAT 5 #define min(a, b) (((a) < (b)) ? (a) : (b)) @@ -130,6 +140,11 @@ if (ret != -1) return (ret); +#ifdef HAVE_OPENSSL + if (RAND_bytes(buf, len) == 1) + return (0); +#endif + ret = getentropy_sysctl(buf, len); if (ret != -1) return (ret); @@ -615,7 +630,7 @@ done: sudo_digest_free(ctx); if (results != NULL) - freezero(results, sizeof(results)); + freezero(results, digest_len); return (ret); } diff -Nru sudo-1.9.5p2/lib/util/getgrouplist.c sudo-1.9.9/lib/util/getgrouplist.c --- sudo-1.9.5p2/lib/util/getgrouplist.c 2020-12-17 01:33:43.000000000 +0000 +++ sudo-1.9.9/lib/util/getgrouplist.c 2022-01-27 21:24:06.000000000 +0000 @@ -1,7 +1,7 @@ /* * SPDX-License-Identifier: ISC * - * Copyright (c) 2010, 2011, 2013-2018 + * Copyright (c) 2010, 2011, 2013-2021 * Todd C. Miller * * Permission to use, copy, modify, and distribute this software for any @@ -41,6 +41,7 @@ #endif #include "sudo_compat.h" +#include "sudo_debug.h" #include "sudo_util.h" #ifndef HAVE_GETGROUPLIST @@ -70,16 +71,17 @@ #ifndef HAVE_GETGROUPLIST_2 int grpsize, tries; #endif + debug_decl(sudo_getgrouplist2, SUDO_DEBUG_UTIL); /* For static group vector, just use getgrouplist(3). */ if (groups != NULL) - return getgrouplist(name, basegid, groups, ngroupsp); + debug_return_int(getgrouplist(name, basegid, groups, ngroupsp)); #ifdef HAVE_GETGROUPLIST_2 if ((ngroups = getgrouplist_2(name, basegid, groupsp)) == -1) - return -1; + debug_return_int(-1); *ngroupsp = ngroups; - return 0; + debug_return_int(0); #else grpsize = (int)sysconf(_SC_NGROUPS_MAX); if (grpsize < 0) @@ -93,12 +95,12 @@ free(groups); groups = reallocarray(NULL, grpsize, sizeof(*groups)); if (groups == NULL) - return -1; + debug_return_int(-1); ngroups = grpsize; if (getgrouplist(name, basegid, groups, &ngroups) != -1) { *groupsp = groups; *ngroupsp = ngroups; - return 0; + debug_return_int(0); } if (ngroups == grpsize) { /* Failed for some reason other than ngroups too small. */ @@ -108,7 +110,7 @@ grpsize = ngroups; } free(groups); - return -1; + debug_return_int(-1); #endif /* HAVE_GETGROUPLIST_2 */ } @@ -128,6 +130,7 @@ int grpsize = *ngroupsp; int ret = -1; gid_t gid; + debug_decl(sudo_getgrouplist2, SUDO_DEBUG_UTIL); #ifdef HAVE_SETAUTHDB aix_setauthdb((char *) name, NULL); @@ -147,11 +150,11 @@ } groups = reallocarray(NULL, grpsize, sizeof(*groups)); if (groups == NULL) - return -1; + debug_return_int(-1); } else { /* Static group vector. */ if (grpsize < 1) - return -1; + debug_return_int(-1); } /* We support BSD semantics where the first element is the base gid */ @@ -175,7 +178,7 @@ *groupsp = groups; *ngroupsp = ngroups; - return ret; + debug_return_int(ret); } #elif defined(HAVE_NSS_SEARCH) @@ -211,11 +214,12 @@ const char *errstr; int yp = 0; id_t id; + debug_decl(str2grp, SUDO_DEBUG_UTIL); /* Must at least have space to copy instr -> buf. */ if (inlen >= buflen) - return NSS_STR_PARSE_ERANGE; - + debug_return_int(NSS_STR_PARSE_ERANGE); + /* Paranoia: buf and instr should be distinct. */ if (buf != instr) { memmove(buf, instr, inlen); @@ -223,7 +227,7 @@ } if ((fieldsep = strchr(cp = fieldsep, ':')) == NULL) - return NSS_STR_PARSE_PARSE; + debug_return_int(NSS_STR_PARSE_PARSE); *fieldsep++ = '\0'; grp->gr_name = cp; @@ -237,12 +241,12 @@ } if ((fieldsep = strchr(cp = fieldsep, ':')) == NULL) - return yp ? NSS_STR_PARSE_SUCCESS : NSS_STR_PARSE_PARSE; + debug_return_int(yp ? NSS_STR_PARSE_SUCCESS : NSS_STR_PARSE_PARSE); *fieldsep++ = '\0'; grp->gr_passwd = cp; if ((fieldsep = strchr(cp = fieldsep, ':')) == NULL) - return yp ? NSS_STR_PARSE_SUCCESS : NSS_STR_PARSE_PARSE; + debug_return_int(yp ? NSS_STR_PARSE_SUCCESS : NSS_STR_PARSE_PARSE); *fieldsep++ = '\0'; id = sudo_strtoid(cp, &errstr); if (errstr != NULL) { @@ -251,8 +255,8 @@ * at the end of YP entries since it has no meaning. */ if (errno == ERANGE) - return NSS_STR_PARSE_ERANGE; - return yp ? NSS_STR_PARSE_SUCCESS : NSS_STR_PARSE_PARSE; + debug_return_int(NSS_STR_PARSE_ERANGE); + debug_return_int(yp ? NSS_STR_PARSE_SUCCESS : NSS_STR_PARSE_PARSE); } #ifdef GID_NOBODY /* Negative gids get mapped to nobody on Solaris. */ @@ -266,10 +270,10 @@ grp->gr_mem = NULL; if (*fieldsep != '\0') { grp->gr_mem = gr_mem = (char **)ALIGN(buf + inlen + 1); - gr_end = (char **)((unsigned long)(buf + buflen) & ~ALIGNBYTES); + gr_end = (char **)((unsigned long)(buf + buflen) & ~ALIGNBYTES) - 1; for (;;) { - if (gr_mem == gr_end) - return NSS_STR_PARSE_ERANGE; /* out of space! */ + if (gr_mem >= gr_end) + debug_return_int(NSS_STR_PARSE_ERANGE); /* out of space! */ *gr_mem++ = cp; if (fieldsep == NULL) break; @@ -278,7 +282,7 @@ } *gr_mem = NULL; } - return NSS_STR_PARSE_SUCCESS; + debug_return_int(NSS_STR_PARSE_SUCCESS); } static nss_status_t @@ -291,6 +295,10 @@ struct group *grp; char **gr_mem; int error, i; + debug_decl(process_cstr, SUDO_DEBUG_UTIL); + + sudo_debug_printf(SUDO_DEBUG_INFO, "%s: parsing %.*s", __func__, + inlen, instr); /* Hack to let us check whether the query was handled by nscd or us. */ if (gbm->force_slow_way != 0) @@ -298,18 +306,20 @@ buf = _nss_XbyY_buf_alloc(sizeof(struct group), NSS_BUFLEN_GROUP); if (buf == NULL) - return NSS_UNAVAIL; + debug_return_int(NSS_UNAVAIL); /* Parse groups file string -> struct group. */ grp = buf->result; error = (*gbm->str2ent)(instr, inlen, grp, buf->buffer, buf->buflen); - if (error || grp->gr_mem == NULL) + if (error != NSS_STR_PARSE_SUCCESS || grp->gr_mem == NULL) goto done; for (gr_mem = grp->gr_mem; *gr_mem != NULL; gr_mem++) { if (strcmp(*gr_mem, user) == 0) { + const int numgids = MIN(gbm->numgids, gbm->maxgids); + /* Append to gid_array unless gr_gid is a dupe. */ - for (i = 0; i < gbm->numgids; i++) { + for (i = 0; i < numgids; i++) { if (gbm->gid_array[i] == grp->gr_gid) goto done; /* already present */ } @@ -334,7 +344,7 @@ } done: _nss_XbyY_buf_free(buf); - return ret; + debug_return_int(ret); } static nss_status_t @@ -358,6 +368,7 @@ { struct nss_groupsbymem gbm; static DEFINE_NSS_DB_ROOT(db_root); + debug_decl(sudo_getgrouplist2, SUDO_DEBUG_UTIL); memset(&gbm, 0, sizeof(gbm)); gbm.username = name; @@ -374,13 +385,13 @@ gbm.maxgids = NGROUPS_MAX; gbm.gid_array = reallocarray(NULL, gbm.maxgids, 4 * sizeof(GETGROUPS_T)); if (gbm.gid_array == NULL) - return -1; + debug_return_int(-1); gbm.maxgids <<= 2; gbm.process_cstr = process_cstr_dynamic; } else { /* Static group vector. */ if (gbm.maxgids <= 0) - return -1; + debug_return_int(-1); gbm.process_cstr = process_cstr_static; } @@ -414,7 +425,7 @@ tmp = reallocarray(gbm.gid_array, gbm.maxgids, 2 * sizeof(GETGROUPS_T)); if (tmp == NULL) { free(gbm.gid_array); - return -1; + debug_return_int(-1); } gbm.gid_array = tmp; gbm.maxgids <<= 1; @@ -424,10 +435,10 @@ *groupsp = gbm.gid_array; if (gbm.numgids <= gbm.maxgids) { *ngroupsp = gbm.numgids; - return 0; + debug_return_int(0); } *ngroupsp = gbm.maxgids; - return -1; + debug_return_int(-1); } #else /* !HAVE_GETGROUPLIST && !HAVE_GETGRSET && !HAVE__GETGROUPSBYMEMBER */ @@ -444,6 +455,7 @@ int i, ngroups = 1; int ret = -1; struct group *grp; + debug_decl(sudo_getgrouplist2, SUDO_DEBUG_UTIL); if (groups == NULL) { /* Dynamically-sized group vector. */ @@ -452,12 +464,12 @@ grpsize = NGROUPS_MAX; groups = reallocarray(NULL, grpsize, 4 * sizeof(*groups)); if (groups == NULL) - return -1; + debug_return_int(-1); grpsize <<= 2; } else { /* Static group vector. */ if (grpsize < 1) - return -1; + debug_return_int(-1); } /* We support BSD semantics where the first element is the base gid */ @@ -508,6 +520,6 @@ *groupsp = groups; *ngroupsp = ngroups; - return ret; + debug_return_int(ret); } #endif /* !HAVE_GETGROUPLIST && !HAVE_GETGRSET && !HAVE__GETGROUPSBYMEMBER */ diff -Nru sudo-1.9.5p2/lib/util/gmtime_r.c sudo-1.9.9/lib/util/gmtime_r.c --- sudo-1.9.5p2/lib/util/gmtime_r.c 1970-01-01 00:00:00.000000000 +0000 +++ sudo-1.9.9/lib/util/gmtime_r.c 2022-01-27 21:24:22.000000000 +0000 @@ -0,0 +1,49 @@ +/* + * SPDX-License-Identifier: ISC + * + * Copyright (c) 2021 Todd C. Miller + * + * Permission to use, copy, modify, and distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR + * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN + * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF + * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + */ + +/* + * This is an open source non-commercial project. Dear PVS-Studio, please check it. + * PVS-Studio Static Code Analyzer for C, C++ and C#: http://www.viva64.com + */ + +#include + +#ifndef HAVE_GMTIME_R + +#include +#include + +#include "sudo_compat.h" +#include "sudo_util.h" + +/* + * Fake gmtime_r() that just stores the result. + * Still has the normal gmtime() side effects. + */ +struct tm * +sudo_gmtime_r(const time_t *timer, struct tm *result) +{ + struct tm *tm; + + if ((tm = gmtime(timer)) == NULL) + return NULL; + memcpy(result, tm, sizeof(struct tm)); + + return result; +} +#endif /* HAVE_GMTIME_T */ diff -Nru sudo-1.9.5p2/lib/util/inet_ntop.c sudo-1.9.9/lib/util/inet_ntop.c --- sudo-1.9.5p2/lib/util/inet_ntop.c 2020-12-17 01:33:43.000000000 +0000 +++ sudo-1.9.9/lib/util/inet_ntop.c 2022-01-27 21:24:22.000000000 +0000 @@ -52,9 +52,6 @@ # define NS_INT16SZ 2 # endif #endif -#ifndef INET6_ADDRSTRLEN -# define INET6_ADDRSTRLEN 46 -#endif /* * WARNING: Don't even consider trying to compile this on a system where diff -Nru sudo-1.9.5p2/lib/util/lbuf.c sudo-1.9.9/lib/util/lbuf.c --- sudo-1.9.5p2/lib/util/lbuf.c 2020-12-17 01:33:43.000000000 +0000 +++ sudo-1.9.9/lib/util/lbuf.c 2022-01-27 21:24:06.000000000 +0000 @@ -55,6 +55,9 @@ debug_decl(sudo_lbuf_destroy, SUDO_DEBUG_UTIL); free(lbuf->buf); + lbuf->error = 0; + lbuf->len = 0; + lbuf->size = 0; lbuf->buf = NULL; debug_return; diff -Nru sudo-1.9.5p2/lib/util/localtime_r.c sudo-1.9.9/lib/util/localtime_r.c --- sudo-1.9.5p2/lib/util/localtime_r.c 1970-01-01 00:00:00.000000000 +0000 +++ sudo-1.9.9/lib/util/localtime_r.c 2022-01-27 21:24:22.000000000 +0000 @@ -0,0 +1,49 @@ +/* + * SPDX-License-Identifier: ISC + * + * Copyright (c) 2021 Todd C. Miller + * + * Permission to use, copy, modify, and distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR + * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN + * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF + * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + */ + +/* + * This is an open source non-commercial project. Dear PVS-Studio, please check it. + * PVS-Studio Static Code Analyzer for C, C++ and C#: http://www.viva64.com + */ + +#include + +#ifndef HAVE_LOCALTIME_R + +#include +#include + +#include "sudo_compat.h" +#include "sudo_util.h" + +/* + * Fake localtime_r() that just stores the result. + * Still has the normal localtime() side effects. + */ +struct tm * +sudo_localtime_r(const time_t *timer, struct tm *result) +{ + struct tm *tm; + + if ((tm = localtime(timer)) == NULL) + return NULL; + memcpy(result, tm, sizeof(struct tm)); + + return result; +} +#endif /* HAVE_LOCALTIME_T */ diff -Nru sudo-1.9.5p2/lib/util/mkdir_parents.c sudo-1.9.9/lib/util/mkdir_parents.c --- sudo-1.9.5p2/lib/util/mkdir_parents.c 2020-12-17 01:33:43.000000000 +0000 +++ sudo-1.9.9/lib/util/mkdir_parents.c 2022-01-27 21:24:22.000000000 +0000 @@ -1,7 +1,7 @@ /* * SPDX-License-Identifier: ISC * - * Copyright (c) 2009-2017 Todd C. Miller + * Copyright (c) 2009-2021 Todd C. Miller * * Permission to use, copy, modify, and distribute this software for any * purpose with or without fee is hereby granted, provided that the above @@ -33,8 +33,10 @@ #endif /* HAVE_STDBOOL_H */ #include #include +#include #include #include +#include #include "sudo_compat.h" #include "sudo_fatal.h" @@ -42,70 +44,135 @@ #include "sudo_debug.h" #include "sudo_util.h" +#ifndef O_NOFOLLOW +# define O_NOFOLLOW 0 +#endif + +/* + * Returns true if fd is a directory, else false. + * Warns on failure if not quiet. + */ +static bool +is_dir(int dfd, const char *name, int namelen, bool quiet) +{ + struct stat sb; + debug_decl(is_dir, SUDO_DEBUG_UTIL); + + if (fstat(dfd, &sb) != 0) { + if (!quiet) { + sudo_warn(U_("unable to stat %.*s"), namelen, name); + } + debug_return_bool(false); + } + if (!S_ISDIR(sb.st_mode)) { + if (!quiet) { + sudo_warnx(U_("%.*s exists but is not a directory (0%o)"), + namelen, name, (unsigned int) sb.st_mode); + } + debug_return_bool(false); + } + + debug_return_bool(true); +} + /* * Create any parent directories needed by path (but not path itself). - * Note that path is modified but is restored before it returns. */ bool -sudo_mkdir_parents_v1(char *path, uid_t uid, gid_t gid, mode_t mode, bool quiet) +sudo_mkdir_parents_v1(const char *path, uid_t uid, gid_t gid, mode_t mode, bool quiet) { - char *slash = path; + const char *cp, *ep, *pathend; + char name[PATH_MAX]; + bool ret = false; + int parentfd; debug_decl(sudo_mkdir_parents, SUDO_DEBUG_UTIL); - /* cppcheck-suppress nullPointerRedundantCheck */ - while ((slash = strchr(slash + 1, '/')) != NULL) { - struct stat sb; - int dfd; + /* Starting parent dir is either root or cwd. */ + cp = path; + if (*cp == '/') { + do { + cp++; + } while (*cp == '/'); + parentfd = open("/", O_RDONLY|O_NONBLOCK); + } else { + parentfd = open(".", O_RDONLY|O_NONBLOCK); + } + if (parentfd == -1) { + if (!quiet) + sudo_warn(U_("unable to open %s"), *path == '/' ? "/" : "."); + debug_return_bool(false); + } + + /* Iterate over path components, skipping the last one. */ + pathend = cp + strlen(cp); + for (cp = sudo_strsplit(cp, pathend, "/", &ep); cp != NULL && ep != NULL; + cp = sudo_strsplit(NULL, pathend, "/", &ep)) { + int dfd, len; - *slash = '\0'; sudo_debug_printf(SUDO_DEBUG_DEBUG|SUDO_DEBUG_LINENO, - "mkdir %s, mode 0%o, uid %d, gid %d", path, (unsigned int)mode, - (int)uid, (int)gid); + "mkdir %.*s, mode 0%o, uid %d, gid %d", (int)(ep - path), + path, (unsigned int)mode, (int)uid, (int)gid); + len = snprintf(name, sizeof(name), "%.*s", (int)(ep - cp), cp); + if (len >= ssizeof(name)) { + errno = ENAMETOOLONG; + if (!quiet) + sudo_warn(U_("unable to open %.*s"), (int)(ep - path), path); + goto done; + } reopen: - dfd = open(path, O_RDONLY|O_NONBLOCK); + dfd = openat(parentfd, name, O_RDONLY|O_NONBLOCK, 0); if (dfd == -1) { if (errno != ENOENT) { - if (!quiet) - sudo_warn(U_("unable to open %s"), path); - goto bad; + if (!quiet) { + sudo_warn(U_("unable to open %.*s"), + (int)(ep - path), path); + } + goto done; } - if (mkdir(path, mode) == 0) { + if (mkdirat(parentfd, name, mode) == 0) { + dfd = openat(parentfd, name, O_RDONLY|O_NONBLOCK|O_NOFOLLOW, 0); + if (dfd == -1) { + if (!quiet) { + sudo_warn(U_("unable to open %.*s"), + (int)(ep - path), path); + } + goto done; + } + /* Make sure the path we created is still a directory. */ + if (!is_dir(dfd, path, ep - path, quiet)) { + close(dfd); + goto done; + } if (uid != (uid_t)-1 && gid != (gid_t)-1) { - if (chown(path, uid, gid) != 0) { + if (fchown(dfd, uid, gid) != 0) { sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_ERRNO, - "%s: unable to chown %d:%d %s", __func__, - (int)uid, (int)gid, path); + "%s: unable to chown %d:%d %.*s", __func__, + (int)uid, (int)gid, (int)(ep - path), path); } } } else { if (errno == EEXIST) goto reopen; - if (!quiet) - sudo_warn(U_("unable to mkdir %s"), path); - goto bad; + if (!quiet) { + sudo_warn(U_("unable to mkdir %.*s"), + (int)(ep - path), path); + } + goto done; } } else { /* Already exists, make sure it is a directory. */ - int rc = fstat(dfd, &sb); - close(dfd); - if (rc != 0) { - if (!quiet) - sudo_warn(U_("unable to stat %s"), path); - goto bad; - } - if (!S_ISDIR(sb.st_mode)) { - if (!quiet) - sudo_warnx(U_("%s exists but is not a directory (0%o)"), - path, (unsigned int) sb.st_mode); - goto bad; + if (!is_dir(dfd, path, ep - path, quiet)) { + close(dfd); + goto done; } } - *slash = '/'; + close(parentfd); + parentfd = dfd; } + ret = true; - debug_return_bool(true); -bad: - /* We must restore the path before we return. */ - *slash = '/'; - debug_return_bool(false); +done: + if (parentfd != -1) + close(parentfd); + debug_return_bool(ret); } diff -Nru sudo-1.9.5p2/lib/util/mkdirat.c sudo-1.9.9/lib/util/mkdirat.c --- sudo-1.9.5p2/lib/util/mkdirat.c 1970-01-01 00:00:00.000000000 +0000 +++ sudo-1.9.9/lib/util/mkdirat.c 2022-01-27 21:24:22.000000000 +0000 @@ -0,0 +1,61 @@ +/* + * SPDX-License-Identifier: ISC + * + * Copyright (c) 2015, 2019-2021 Todd C. Miller + * + * Permission to use, copy, modify, and distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR + * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN + * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF + * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + */ + +/* + * This is an open source non-commercial project. Dear PVS-Studio, please check it. + * PVS-Studio Static Code Analyzer for C, C++ and C#: http://www.viva64.com + */ + +#include + +#include +#include +#include + +#include "sudo_compat.h" + +#ifndef HAVE_MKDIRAT +int +sudo_mkdirat(int dfd, const char *path, mode_t mode) +{ + int ret, odfd; + + if (dfd == (int)AT_FDCWD) + return mkdir(path, mode); + + /* Save cwd */ + if ((odfd = open(".", O_RDONLY)) == -1) + return -1; + + if (fchdir(dfd) == -1) { + close(odfd); + return -1; + } + + ret = mkdir(path, mode); + + /* Restore cwd */ + if (fchdir(odfd) == -1) { + /* Should not happen */ + ret = -1; + } + close(odfd); + + return ret; +} +#endif /* HAVE_MKDIRAT */ diff -Nru sudo-1.9.5p2/lib/util/mksiglist.c sudo-1.9.9/lib/util/mksiglist.c --- sudo-1.9.5p2/lib/util/mksiglist.c 2020-12-17 01:33:43.000000000 +0000 +++ sudo-1.9.9/lib/util/mksiglist.c 2022-01-27 21:24:06.000000000 +0000 @@ -1,7 +1,7 @@ /* * SPDX-License-Identifier: ISC * - * Copyright (c) 2010-2012, 2015 Todd C. Miller + * Copyright (c) 2010-2012, 2015, 2021 Todd C. Miller * * Permission to use, copy, modify, and distribute this software for any * purpose with or without fee is hereby granted, provided that the above @@ -34,21 +34,16 @@ int main(int argc, char *argv[]) { - static char *sudo_sys_siglist[NSIG]; - int i; + unsigned int i; #include "mksiglist.h" - printf("#include \n"); - printf("#include \n"); - printf("#include \n"); - printf("#include \"sudo_compat.h\"\n\n"); - printf("const char *const sudo_sys_siglist[NSIG] = {\n"); - for (i = 0; i < NSIG; i++) { + printf("const char *const sudo_sys_siglist[] = {\n"); + for (i = 0; i < nitems(sudo_sys_siglist); i++) { if (sudo_sys_siglist[i] != NULL) { printf(" \"%s\",\n", sudo_sys_siglist[i]); } else { - printf(" \"Signal %d\",\n", i); + printf(" \"Signal %u\",\n", i); } } printf("};\n"); diff -Nru sudo-1.9.5p2/lib/util/mksiglist.h sudo-1.9.9/lib/util/mksiglist.h --- sudo-1.9.5p2/lib/util/mksiglist.h 2020-12-17 01:33:43.000000000 +0000 +++ sudo-1.9.9/lib/util/mksiglist.h 1970-01-01 00:00:00.000000000 +0000 @@ -1,174 +0,0 @@ -/* public domain */ - -#ifdef SIGHUP - if (sudo_sys_siglist[SIGHUP] == NULL) - sudo_sys_siglist[SIGHUP] = "Hangup"; -#endif -#ifdef SIGINT - if (sudo_sys_siglist[SIGINT] == NULL) - sudo_sys_siglist[SIGINT] = "Interrupt"; -#endif -#ifdef SIGQUIT - if (sudo_sys_siglist[SIGQUIT] == NULL) - sudo_sys_siglist[SIGQUIT] = "Quit"; -#endif -#ifdef SIGILL - if (sudo_sys_siglist[SIGILL] == NULL) - sudo_sys_siglist[SIGILL] = "Illegal instruction"; -#endif -#ifdef SIGTRAP - if (sudo_sys_siglist[SIGTRAP] == NULL) - sudo_sys_siglist[SIGTRAP] = "Trace trap"; -#endif -#ifdef SIGABRT - if (sudo_sys_siglist[SIGABRT] == NULL) - sudo_sys_siglist[SIGABRT] = "Abort"; -#endif -#ifdef SIGIOT - if (sudo_sys_siglist[SIGIOT] == NULL) - sudo_sys_siglist[SIGIOT] = "IOT instruction"; -#endif -#ifdef SIGEMT - if (sudo_sys_siglist[SIGEMT] == NULL) - sudo_sys_siglist[SIGEMT] = "EMT trap"; -#endif -#ifdef SIGFPE - if (sudo_sys_siglist[SIGFPE] == NULL) - sudo_sys_siglist[SIGFPE] = "Floating point exception"; -#endif -#ifdef SIGKILL - if (sudo_sys_siglist[SIGKILL] == NULL) - sudo_sys_siglist[SIGKILL] = "Killed"; -#endif -#ifdef SIGBUS - if (sudo_sys_siglist[SIGBUS] == NULL) - sudo_sys_siglist[SIGBUS] = "Bus error"; -#endif -#ifdef SIGSEGV - if (sudo_sys_siglist[SIGSEGV] == NULL) - sudo_sys_siglist[SIGSEGV] = "Memory fault"; -#endif -#ifdef SIGSYS - if (sudo_sys_siglist[SIGSYS] == NULL) - sudo_sys_siglist[SIGSYS] = "Bad system call"; -#endif -#ifdef SIGUNUSED - if (sudo_sys_siglist[SIGUNUSED] == NULL) - sudo_sys_siglist[SIGUNUSED] = "Unused"; -#endif -#ifdef SIGPIPE - if (sudo_sys_siglist[SIGPIPE] == NULL) - sudo_sys_siglist[SIGPIPE] = "Broken pipe"; -#endif -#ifdef SIGALRM - if (sudo_sys_siglist[SIGALRM] == NULL) - sudo_sys_siglist[SIGALRM] = "Alarm clock"; -#endif -#ifdef SIGTERM - if (sudo_sys_siglist[SIGTERM] == NULL) - sudo_sys_siglist[SIGTERM] = "Terminated"; -#endif -#ifdef SIGSTKFLT - if (sudo_sys_siglist[SIGSTKFLT] == NULL) - sudo_sys_siglist[SIGSTKFLT] = "Stack fault"; -#endif -#ifdef SIGIO - if (sudo_sys_siglist[SIGIO] == NULL) - sudo_sys_siglist[SIGIO] = "I/O possible"; -#endif -#ifdef SIGXCPU - if (sudo_sys_siglist[SIGXCPU] == NULL) - sudo_sys_siglist[SIGXCPU] = "CPU time limit exceeded"; -#endif -#ifdef SIGXFSZ - if (sudo_sys_siglist[SIGXFSZ] == NULL) - sudo_sys_siglist[SIGXFSZ] = "File size limit exceeded"; -#endif -#ifdef SIGVTALRM - if (sudo_sys_siglist[SIGVTALRM] == NULL) - sudo_sys_siglist[SIGVTALRM] = "Virtual timer expired"; -#endif -#ifdef SIGPROF - if (sudo_sys_siglist[SIGPROF] == NULL) - sudo_sys_siglist[SIGPROF] = "Profiling timer expired"; -#endif -#ifdef SIGWINCH - if (sudo_sys_siglist[SIGWINCH] == NULL) - sudo_sys_siglist[SIGWINCH] = "Window size change"; -#endif -#ifdef SIGLOST - if (sudo_sys_siglist[SIGLOST] == NULL) - sudo_sys_siglist[SIGLOST] = "File lock lost"; -#endif -#ifdef SIGUSR1 - if (sudo_sys_siglist[SIGUSR1] == NULL) - sudo_sys_siglist[SIGUSR1] = "User defined signal 1"; -#endif -#ifdef SIGUSR2 - if (sudo_sys_siglist[SIGUSR2] == NULL) - sudo_sys_siglist[SIGUSR2] = "User defined signal 2"; -#endif -#ifdef SIGPWR - if (sudo_sys_siglist[SIGPWR] == NULL) - sudo_sys_siglist[SIGPWR] = "Power-fail/Restart"; -#endif -#ifdef SIGPOLL - if (sudo_sys_siglist[SIGPOLL] == NULL) - sudo_sys_siglist[SIGPOLL] = "Pollable event occurred"; -#endif -#ifdef SIGSTOP - if (sudo_sys_siglist[SIGSTOP] == NULL) - sudo_sys_siglist[SIGSTOP] = "Stopped (signal)"; -#endif -#ifdef SIGTSTP - if (sudo_sys_siglist[SIGTSTP] == NULL) - sudo_sys_siglist[SIGTSTP] = "Stopped"; -#endif -#ifdef SIGCONT - if (sudo_sys_siglist[SIGCONT] == NULL) - sudo_sys_siglist[SIGCONT] = "Continued"; -#endif -#ifdef SIGCHLD - if (sudo_sys_siglist[SIGCHLD] == NULL) - sudo_sys_siglist[SIGCHLD] = "Child exited"; -#endif -#ifdef SIGCLD - if (sudo_sys_siglist[SIGCLD] == NULL) - sudo_sys_siglist[SIGCLD] = "Child exited"; -#endif -#ifdef SIGTTIN - if (sudo_sys_siglist[SIGTTIN] == NULL) - sudo_sys_siglist[SIGTTIN] = "Stopped (tty input)"; -#endif -#ifdef SIGTTOU - if (sudo_sys_siglist[SIGTTOU] == NULL) - sudo_sys_siglist[SIGTTOU] = "Stopped (tty output)"; -#endif -#ifdef SIGINFO - if (sudo_sys_siglist[SIGINFO] == NULL) - sudo_sys_siglist[SIGINFO] = "Information request"; -#endif -#ifdef SIGURG - if (sudo_sys_siglist[SIGURG] == NULL) - sudo_sys_siglist[SIGURG] = "Urgent I/O condition"; -#endif -#ifdef SIGWAITING - if (sudo_sys_siglist[SIGWAITING] == NULL) - sudo_sys_siglist[SIGWAITING] = "No runnable LWPs"; -#endif -#ifdef SIGLWP - if (sudo_sys_siglist[SIGLWP] == NULL) - sudo_sys_siglist[SIGLWP] = "Inter-LWP signal"; -#endif -#ifdef SIGFREEZE - if (sudo_sys_siglist[SIGFREEZE] == NULL) - sudo_sys_siglist[SIGFREEZE] = "Checkpoint freeze"; -#endif -#ifdef SIGTHAW - if (sudo_sys_siglist[SIGTHAW] == NULL) - sudo_sys_siglist[SIGTHAW] = "Checkpoint thaw"; -#endif -#ifdef SIGCANCEL - if (sudo_sys_siglist[SIGCANCEL] == NULL) - sudo_sys_siglist[SIGCANCEL] = "Thread cancellation"; -#endif diff -Nru sudo-1.9.5p2/lib/util/mksigname.c sudo-1.9.9/lib/util/mksigname.c --- sudo-1.9.5p2/lib/util/mksigname.c 2020-12-17 01:33:43.000000000 +0000 +++ sudo-1.9.9/lib/util/mksigname.c 2022-01-27 21:24:22.000000000 +0000 @@ -1,7 +1,7 @@ /* * SPDX-License-Identifier: ISC * - * Copyright (c) 2010-2012, 2015 Todd C. Miller + * Copyright (c) 2010-2012, 2015, 2021 Todd C. Miller * * Permission to use, copy, modify, and distribute this software for any * purpose with or without fee is hereby granted, provided that the above @@ -34,21 +34,16 @@ int main(int argc, char *argv[]) { - static char *sudo_sys_signame[NSIG]; - int i; + unsigned int i; #include "mksigname.h" - printf("#include \n"); - printf("#include \n"); - printf("#include \n"); - printf("#include \"sudo_compat.h\"\n\n"); - printf("const char *const sudo_sys_signame[NSIG] = {\n"); - for (i = 0; i < NSIG; i++) { + printf("const char *const sudo_sys_signame[] = {\n"); + for (i = 0; i < nitems(sudo_sys_signame); i++) { if (sudo_sys_signame[i] != NULL) { printf(" \"%s\",\n", sudo_sys_signame[i]); } else { - printf(" \"Signal %d\",\n", i); + printf(" \"Signal %u\",\n", i); } } printf("};\n"); diff -Nru sudo-1.9.5p2/lib/util/mksigname.h sudo-1.9.9/lib/util/mksigname.h --- sudo-1.9.5p2/lib/util/mksigname.h 2020-12-17 01:33:43.000000000 +0000 +++ sudo-1.9.9/lib/util/mksigname.h 1970-01-01 00:00:00.000000000 +0000 @@ -1,175 +0,0 @@ -/* public domain */ - -sudo_sys_signame[0] = "Signal 0"; -#ifdef SIGHUP - if (sudo_sys_signame[SIGHUP] == NULL) - sudo_sys_signame[SIGHUP] = "HUP"; -#endif -#ifdef SIGINT - if (sudo_sys_signame[SIGINT] == NULL) - sudo_sys_signame[SIGINT] = "INT"; -#endif -#ifdef SIGQUIT - if (sudo_sys_signame[SIGQUIT] == NULL) - sudo_sys_signame[SIGQUIT] = "QUIT"; -#endif -#ifdef SIGILL - if (sudo_sys_signame[SIGILL] == NULL) - sudo_sys_signame[SIGILL] = "ILL"; -#endif -#ifdef SIGTRAP - if (sudo_sys_signame[SIGTRAP] == NULL) - sudo_sys_signame[SIGTRAP] = "TRAP"; -#endif -#ifdef SIGABRT - if (sudo_sys_signame[SIGABRT] == NULL) - sudo_sys_signame[SIGABRT] = "ABRT"; -#endif -#ifdef SIGIOT - if (sudo_sys_signame[SIGIOT] == NULL) - sudo_sys_signame[SIGIOT] = "IOT"; -#endif -#ifdef SIGEMT - if (sudo_sys_signame[SIGEMT] == NULL) - sudo_sys_signame[SIGEMT] = "EMT"; -#endif -#ifdef SIGFPE - if (sudo_sys_signame[SIGFPE] == NULL) - sudo_sys_signame[SIGFPE] = "FPE"; -#endif -#ifdef SIGKILL - if (sudo_sys_signame[SIGKILL] == NULL) - sudo_sys_signame[SIGKILL] = "KILL"; -#endif -#ifdef SIGBUS - if (sudo_sys_signame[SIGBUS] == NULL) - sudo_sys_signame[SIGBUS] = "BUS"; -#endif -#ifdef SIGSEGV - if (sudo_sys_signame[SIGSEGV] == NULL) - sudo_sys_signame[SIGSEGV] = "SEGV"; -#endif -#ifdef SIGSYS - if (sudo_sys_signame[SIGSYS] == NULL) - sudo_sys_signame[SIGSYS] = "SYS"; -#endif -#ifdef SIGUNUSED - if (sudo_sys_signame[SIGUNUSED] == NULL) - sudo_sys_signame[SIGUNUSED] = "UNUSED"; -#endif -#ifdef SIGPIPE - if (sudo_sys_signame[SIGPIPE] == NULL) - sudo_sys_signame[SIGPIPE] = "PIPE"; -#endif -#ifdef SIGALRM - if (sudo_sys_signame[SIGALRM] == NULL) - sudo_sys_signame[SIGALRM] = "ALRM"; -#endif -#ifdef SIGTERM - if (sudo_sys_signame[SIGTERM] == NULL) - sudo_sys_signame[SIGTERM] = "TERM"; -#endif -#ifdef SIGSTKFLT - if (sudo_sys_signame[SIGSTKFLT] == NULL) - sudo_sys_signame[SIGSTKFLT] = "STKFLT"; -#endif -#ifdef SIGIO - if (sudo_sys_signame[SIGIO] == NULL) - sudo_sys_signame[SIGIO] = "IO"; -#endif -#ifdef SIGXCPU - if (sudo_sys_signame[SIGXCPU] == NULL) - sudo_sys_signame[SIGXCPU] = "XCPU"; -#endif -#ifdef SIGXFSZ - if (sudo_sys_signame[SIGXFSZ] == NULL) - sudo_sys_signame[SIGXFSZ] = "XFSZ"; -#endif -#ifdef SIGVTALRM - if (sudo_sys_signame[SIGVTALRM] == NULL) - sudo_sys_signame[SIGVTALRM] = "VTALRM"; -#endif -#ifdef SIGPROF - if (sudo_sys_signame[SIGPROF] == NULL) - sudo_sys_signame[SIGPROF] = "PROF"; -#endif -#ifdef SIGWINCH - if (sudo_sys_signame[SIGWINCH] == NULL) - sudo_sys_signame[SIGWINCH] = "WINCH"; -#endif -#ifdef SIGLOST - if (sudo_sys_signame[SIGLOST] == NULL) - sudo_sys_signame[SIGLOST] = "LOST"; -#endif -#ifdef SIGUSR1 - if (sudo_sys_signame[SIGUSR1] == NULL) - sudo_sys_signame[SIGUSR1] = "USR1"; -#endif -#ifdef SIGUSR2 - if (sudo_sys_signame[SIGUSR2] == NULL) - sudo_sys_signame[SIGUSR2] = "USR2"; -#endif -#ifdef SIGPWR - if (sudo_sys_signame[SIGPWR] == NULL) - sudo_sys_signame[SIGPWR] = "PWR"; -#endif -#ifdef SIGPOLL - if (sudo_sys_signame[SIGPOLL] == NULL) - sudo_sys_signame[SIGPOLL] = "POLL"; -#endif -#ifdef SIGSTOP - if (sudo_sys_signame[SIGSTOP] == NULL) - sudo_sys_signame[SIGSTOP] = "STOP"; -#endif -#ifdef SIGTSTP - if (sudo_sys_signame[SIGTSTP] == NULL) - sudo_sys_signame[SIGTSTP] = "TSTP"; -#endif -#ifdef SIGCONT - if (sudo_sys_signame[SIGCONT] == NULL) - sudo_sys_signame[SIGCONT] = "CONT"; -#endif -#ifdef SIGCHLD - if (sudo_sys_signame[SIGCHLD] == NULL) - sudo_sys_signame[SIGCHLD] = "CHLD"; -#endif -#ifdef SIGCLD - if (sudo_sys_signame[SIGCLD] == NULL) - sudo_sys_signame[SIGCLD] = "CLD"; -#endif -#ifdef SIGTTIN - if (sudo_sys_signame[SIGTTIN] == NULL) - sudo_sys_signame[SIGTTIN] = "TTIN"; -#endif -#ifdef SIGTTOU - if (sudo_sys_signame[SIGTTOU] == NULL) - sudo_sys_signame[SIGTTOU] = "TTOU"; -#endif -#ifdef SIGINFO - if (sudo_sys_signame[SIGINFO] == NULL) - sudo_sys_signame[SIGINFO] = "INFO"; -#endif -#ifdef SIGURG - if (sudo_sys_signame[SIGURG] == NULL) - sudo_sys_signame[SIGURG] = "URG"; -#endif -#ifdef SIGWAITING - if (sudo_sys_signame[SIGWAITING] == NULL) - sudo_sys_signame[SIGWAITING] = "WAITING"; -#endif -#ifdef SIGLWP - if (sudo_sys_signame[SIGLWP] == NULL) - sudo_sys_signame[SIGLWP] = "LWP"; -#endif -#ifdef SIGFREEZE - if (sudo_sys_signame[SIGFREEZE] == NULL) - sudo_sys_signame[SIGFREEZE] = "FREEZE"; -#endif -#ifdef SIGTHAW - if (sudo_sys_signame[SIGTHAW] == NULL) - sudo_sys_signame[SIGTHAW] = "THAW"; -#endif -#ifdef SIGCANCEL - if (sudo_sys_signame[SIGCANCEL] == NULL) - sudo_sys_signame[SIGCANCEL] = "CANCEL"; -#endif diff -Nru sudo-1.9.5p2/lib/util/progname.c sudo-1.9.9/lib/util/progname.c --- sudo-1.9.5p2/lib/util/progname.c 2021-01-23 15:45:11.000000000 +0000 +++ sudo-1.9.9/lib/util/progname.c 2022-01-27 21:24:06.000000000 +0000 @@ -1,7 +1,7 @@ /* * SPDX-License-Identifier: ISC * - * Copyright (c) 2013-2015 Todd C. Miller + * Copyright (c) 2013-2015, 2020-2021 Todd C. Miller * * Permission to use, copy, modify, and distribute this software for any * purpose with or without fee is hereby granted, provided that the above @@ -29,19 +29,33 @@ #include "sudo_compat.h" #include "sudo_util.h" -#ifdef HAVE_GETPROGNAME - -# ifndef HAVE_SETPROGNAME -/* Assume __progname if have getprogname(3) but not setprogname(3). */ +/* + * Declare/define __progname[] if necessary. + * Assumes __progname[] is present if we have getprogname(3). + */ +#ifndef HAVE_SETPROGNAME +# if defined(HAVE_GETPROGNAME) || defined(HAVE___PROGNAME) extern const char *__progname; +# else +static const char *__progname = ""; +# endif /* HAVE_GETPROGNAME || HAVE___PROGNAME */ +#endif /* HAVE_SETPROGNAME */ +#ifndef HAVE_GETPROGNAME +const char * +sudo_getprogname(void) +{ + return __progname; +} +#endif + +#ifndef HAVE_SETPROGNAME void sudo_setprogname(const char *name) { - const char *slash = strrchr(name, '/'); - __progname = slash ? slash + 1 : name; + __progname = sudo_basename(name); } -# endif +#endif void initprogname2(const char *name, const char * const * allowed) @@ -50,8 +64,12 @@ int i; /* Fall back on "name" if getprogname() returns an empty string. */ - if ((progname = getprogname()) != NULL && *progname != '\0') + if ((progname = getprogname()) != NULL && *progname != '\0') { name = progname; + } else { + /* Make sure user-specified name is relative. */ + name = sudo_basename(name); + } /* Check for libtool prefix and strip it if present. */ if (name[0] == 'l' && name[1] == 't' && name[2] == '-' && name[3] != '\0') @@ -75,59 +93,6 @@ return; } -#else /* !HAVE_GETPROGNAME */ - -static const char *progname = ""; - -void -initprogname2(const char *name, const char * const * allowed) -{ - int i; -# ifdef HAVE___PROGNAME - extern const char *__progname; - - if (__progname != NULL && *__progname != '\0') - progname = __progname; - else -# endif - if ((progname = strrchr(name, '/')) != NULL) { - progname++; - } else { - progname = name; - } - - /* Check for libtool prefix and strip it if present. */ - if (progname[0] == 'l' && progname[1] == 't' && progname[2] == '-' && - progname[3] != '\0') - progname += 3; - - /* Check allow list if present (first element is the default). */ - if (allowed != NULL) { - for (i = 0; ; i++) { - if (allowed[i] == NULL) { - progname = allowed[0]; - break; - } - if (strcmp(allowed[i], progname) == 0) - break; - } - } -} - -const char * -sudo_getprogname(void) -{ - return progname; -} - -void -sudo_setprogname(const char *name) -{ - const char *slash = strrchr(name, '/'); - progname = slash ? slash + 1 : name; -} -#endif /* !HAVE_GETPROGNAME */ - void initprogname(const char *name) { diff -Nru sudo-1.9.5p2/lib/util/rcstr.c sudo-1.9.9/lib/util/rcstr.c --- sudo-1.9.5p2/lib/util/rcstr.c 1970-01-01 00:00:00.000000000 +0000 +++ sudo-1.9.9/lib/util/rcstr.c 2022-01-27 21:24:06.000000000 +0000 @@ -0,0 +1,102 @@ +/* + * SPDX-License-Identifier: ISC + * + * Copyright (c) 2016-2018 Todd C. Miller + * + * Permission to use, copy, modify, and distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR + * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN + * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF + * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + */ + +/* + * This is an open source non-commercial project. Dear PVS-Studio, please check it. + * PVS-Studio Static Code Analyzer for C, C++ and C#: http://www.viva64.com + */ + +#include + +#include +#include +#include + +#include "sudo_compat.h" +#include "sudo_debug.h" +#include "sudo_util.h" + +/* Trivial reference-counted strings. */ +struct rcstr { + int refcnt; + char str[1]; /* actually bigger */ +}; + +/* + * Allocate a reference-counted string and copy src to it. + * Returns the newly-created string with a refcnt of 1. + */ +char * +sudo_rcstr_dup(const char *src) +{ + size_t len = strlen(src); + char *dst; + debug_decl(sudo_rcstr_dup, SUDO_DEBUG_UTIL); + + dst = sudo_rcstr_alloc(len); + memcpy(dst, src, len); + dst[len] = '\0'; + debug_return_ptr(dst); +} + +char * +sudo_rcstr_alloc(size_t len) +{ + struct rcstr *rcs; + debug_decl(sudo_rcstr_dup, SUDO_DEBUG_UTIL); + + /* Note: sizeof(struct rcstr) includes space for the NUL */ + rcs = malloc(sizeof(struct rcstr) + len); + if (rcs == NULL) + return NULL; + + rcs->refcnt = 1; + rcs->str[0] = '\0'; + /* cppcheck-suppress memleak */ + debug_return_ptr(rcs->str); // -V773 +} + +char * +sudo_rcstr_addref(const char *s) +{ + struct rcstr *rcs; + debug_decl(sudo_rcstr_dup, SUDO_DEBUG_UTIL); + + if (s == NULL) + debug_return_ptr(NULL); + + rcs = __containerof((const void *)s, struct rcstr, str); + rcs->refcnt++; + debug_return_ptr(rcs->str); +} + +void +sudo_rcstr_delref(const char *s) +{ + struct rcstr *rcs; + debug_decl(sudo_rcstr_dup, SUDO_DEBUG_UTIL); + + if (s != NULL) { + rcs = __containerof((const void *)s, struct rcstr, str); + if (--rcs->refcnt == 0) { + rcs->str[0] = '\0'; + free(rcs); + } + } + debug_return; +} diff -Nru sudo-1.9.5p2/lib/util/regress/corpus/seed/sudo_conf/sudo.conf.1 sudo-1.9.9/lib/util/regress/corpus/seed/sudo_conf/sudo.conf.1 --- sudo-1.9.5p2/lib/util/regress/corpus/seed/sudo_conf/sudo.conf.1 1970-01-01 00:00:00.000000000 +0000 +++ sudo-1.9.9/lib/util/regress/corpus/seed/sudo_conf/sudo.conf.1 2022-01-27 21:24:06.000000000 +0000 @@ -0,0 +1,124 @@ +# +# Default /etc/sudo.conf file +# +# Sudo plugins: +# Plugin plugin_name plugin_path plugin_options ... +# +# The plugin_path is relative to /usr/local/libexec/sudo unless +# fully qualified. +# The plugin_name corresponds to a global symbol in the plugin +# that contains the plugin interface structure. +# The plugin_options are optional. +# +# The sudoers plugin is used by default if no Plugin lines are present. +#Plugin sudoers_policy sudoers.so +#Plugin sudoers_io sudoers.so +#Plugin sudoers_audit sudoers.so + +# +# Sudo askpass: +# Path askpass /path/to/askpass +# +# An askpass helper program may be specified to provide a graphical +# password prompt for "sudo -A" support. Sudo does not ship with its +# own askpass program but can use the OpenSSH askpass. +# +# Use the OpenSSH askpass +#Path askpass /usr/X11R6/bin/ssh-askpass +# +# Use the Gnome OpenSSH askpass +#Path askpass /usr/libexec/openssh/gnome-ssh-askpass + +# +# Sudo device search path: +# Path devsearch /dev/path1:/dev/path2:/dev +# +# A colon-separated list of paths to check when searching for a user's +# terminal device. +# +#Path devsearch /dev/pts:/dev/vt:/dev/term:/dev/zcons:/dev/pty:/dev + +# +# Sudo noexec: +# Path noexec /path/to/sudo_noexec.so +# +# Path to a shared library containing replacements for the execv(), +# execve() and fexecve() library functions that just return an error. +# This is used to implement the "noexec" functionality on systems that +# support LD_PRELOAD or its equivalent. +# +# The compiled-in value is usually sufficient and should only be changed +# if you rename or move the sudo_noexec.so file. +# +#Path noexec /usr/local/libexec/sudo/sudo_noexec.so + +# +# Sudo plugin directory: +# Path plugin_dir /path/to/plugins +# +# The default directory to use when searching for plugins that are +# specified without a fully qualified path name. +# +#Path plugin_dir /usr/local/libexec/sudo + +# +# Sudo developer mode: +# Set developer_mode true|false +# +# Allow loading of plugins that are owned by non-root or are writable +# by "group" or "other". Should only be used during plugin development. +#Set developer_mode true + +# +# Core dumps: +# Set disable_coredump true|false +# +# By default, sudo disables core dumps while it is executing (they +# are re-enabled for the command that is run). +# To aid in debugging sudo problems, you may wish to enable core +# dumps by setting "disable_coredump" to false. +# +#Set disable_coredump false + +# +# User groups: +# Set group_source static|dynamic|adaptive +# +# Sudo passes the user's group list to the policy plugin. +# If the user is a member of the maximum number of groups (usually 16), +# sudo will query the group database directly to be sure to include +# the full list of groups. +# +# On some systems, this can be expensive so the behavior is configurable. +# The "group_source" setting has three possible values: +# static - use the user's list of groups returned by the kernel. +# dynamic - query the group database to find the list of groups. +# adaptive - if user is in less than the maximum number of groups. +# use the kernel list, else query the group database. +# +#Set group_source static + +# +# Sudo interface probing: +# Set probe_interfaces true|false +# +# By default, sudo will probe the system's network interfaces and +# pass the IP address of each enabled interface to the policy plugin. +# On systems with a large number of virtual interfaces this may take +# a noticeable amount of time. +# +#Set probe_interfaces false + +# +# Sudo debug files: +# Debug program /path/to/debug_log subsystem@priority[,subsyste@priority] +# +# Sudo and related programs support logging debug information to a file. +# The program is typically sudo, sudoers.so, sudoreplay or visudo. +# +# Subsystems vary based on the program; "all" matches all subsystems. +# Priority may be crit, err, warn, notice, diag, info, trace or debug. +# Multiple subsystem@priority may be specified, separated by a comma. +# +#Debug sudo /var/log/sudo_debug all@debug +#Debug sudoers.so /var/log/sudoers_debug all@debug diff -Nru sudo-1.9.5p2/lib/util/regress/corpus/seed/sudo_conf/sudo.conf.2 sudo-1.9.9/lib/util/regress/corpus/seed/sudo_conf/sudo.conf.2 --- sudo-1.9.5p2/lib/util/regress/corpus/seed/sudo_conf/sudo.conf.2 1970-01-01 00:00:00.000000000 +0000 +++ sudo-1.9.9/lib/util/regress/corpus/seed/sudo_conf/sudo.conf.2 2022-01-27 21:24:06.000000000 +0000 @@ -0,0 +1,124 @@ +# +# Default /etc/sudo.conf file +# +# Sudo plugins: +# Plugin plugin_name plugin_path plugin_options ... +# +# The plugin_path is relative to /usr/local/libexec/sudo unless +# fully qualified. +# The plugin_name corresponds to a global symbol in the plugin +# that contains the plugin interface structure. +# The plugin_options are optional. +# +# The sudoers plugin is used by default if no Plugin lines are present. +Plugin sudoers_policy sudoers.so +Plugin sudoers_io sudoers.so +Plugin sudoers_audit sudoers.so + +# +# Sudo askpass: +# Path askpass /path/to/askpass +# +# An askpass helper program may be specified to provide a graphical +# password prompt for "sudo -A" support. Sudo does not ship with its +# own askpass program but can use the OpenSSH askpass. +# +# Use the OpenSSH askpass +Path askpass /usr/X11R6/bin/ssh-askpass +# +# Use the Gnome OpenSSH askpass +Path askpass /usr/libexec/openssh/gnome-ssh-askpass + +# +# Sudo device search path: +# Path devsearch /dev/path1:/dev/path2:/dev +# +# A colon-separated list of paths to check when searching for a user's +# terminal device. +# +Path devsearch /dev/pts:/dev/vt:/dev/term:/dev/zcons:/dev/pty:/dev + +# +# Sudo noexec: +# Path noexec /path/to/sudo_noexec.so +# +# Path to a shared library containing replacements for the execv(), +# execve() and fexecve() library functions that just return an error. +# This is used to implement the "noexec" functionality on systems that +# support LD_PRELOAD or its equivalent. +# +# The compiled-in value is usually sufficient and should only be changed +# if you rename or move the sudo_noexec.so file. +# +Path noexec /usr/local/libexec/sudo/sudo_noexec.so + +# +# Sudo plugin directory: +# Path plugin_dir /path/to/plugins +# +# The default directory to use when searching for plugins that are +# specified without a fully qualified path name. +# +Path plugin_dir /usr/local/libexec/sudo + +# +# Sudo developer mode: +# Set developer_mode true|false +# +# Allow loading of plugins that are owned by non-root or are writable +# by "group" or "other". Should only be used during plugin development. +Set developer_mode true + +# +# Core dumps: +# Set disable_coredump true|false +# +# By default, sudo disables core dumps while it is executing (they +# are re-enabled for the command that is run). +# To aid in debugging sudo problems, you may wish to enable core +# dumps by setting "disable_coredump" to false. +# +Set disable_coredump false + +# +# User groups: +# Set group_source static|dynamic|adaptive +# +# Sudo passes the user's group list to the policy plugin. +# If the user is a member of the maximum number of groups (usually 16), +# sudo will query the group database directly to be sure to include +# the full list of groups. +# +# On some systems, this can be expensive so the behavior is configurable. +# The "group_source" setting has three possible values: +# static - use the user's list of groups returned by the kernel. +# dynamic - query the group database to find the list of groups. +# adaptive - if user is in less than the maximum number of groups. +# use the kernel list, else query the group database. +# +Set group_source static + +# +# Sudo interface probing: +# Set probe_interfaces true|false +# +# By default, sudo will probe the system's network interfaces and +# pass the IP address of each enabled interface to the policy plugin. +# On systems with a large number of virtual interfaces this may take +# a noticeable amount of time. +# +Set probe_interfaces false + +# +# Sudo debug files: +# Debug program /path/to/debug_log subsystem@priority[,subsyste@priority] +# +# Sudo and related programs support logging debug information to a file. +# The program is typically sudo, sudoers.so, sudoreplay or visudo. +# +# Subsystems vary based on the program; "all" matches all subsystems. +# Priority may be crit, err, warn, notice, diag, info, trace or debug. +# Multiple subsystem@priority may be specified, separated by a comma. +# +Debug sudo /var/log/sudo_debug all@debug +Debug sudoers.so /var/log/sudoers_debug all@debug diff -Nru sudo-1.9.5p2/lib/util/regress/corpus/seed/sudo_conf/sudo.conf.3 sudo-1.9.9/lib/util/regress/corpus/seed/sudo_conf/sudo.conf.3 --- sudo-1.9.5p2/lib/util/regress/corpus/seed/sudo_conf/sudo.conf.3 1970-01-01 00:00:00.000000000 +0000 +++ sudo-1.9.9/lib/util/regress/corpus/seed/sudo_conf/sudo.conf.3 2022-01-27 21:24:06.000000000 +0000 @@ -0,0 +1,134 @@ +# +# Default /etc/sudo.conf file +# +# Sudo plugins: +# Plugin plugin_name plugin_path plugin_options ... +# +# The plugin_path is relative to /usr/local/libexec/sudo unless +# fully qualified. +# The plugin_name corresponds to a global symbol in the plugin +# that contains the plugin interface structure. +# The plugin_options are optional. +# +# The sudoers plugin is used by default if no Plugin lines are present. +Plugin sudoers_policy sudoers.so +Plugin sudoers_io sudoers.so +Plugin sudoers_audit sudoers.so + +# +# Sudo askpass: +# Path askpass /path/to/askpass +# +# An askpass helper program may be specified to provide a graphical +# password prompt for "sudo -A" support. Sudo does not ship with its +# own askpass program but can use the OpenSSH askpass. +# +# Use the OpenSSH askpass +Path askpass /usr/X11R6/bin/ssh-askpass +# +# Use the Gnome OpenSSH askpass +Path askpass /usr/libexec/openssh/gnome-ssh-askpass + +# +# Sudo device search path: +# Path devsearch /dev/path1:/dev/path2:/dev +# +# A colon-separated list of paths to check when searching for a user's +# terminal device. +# +Path devsearch /dev/pts:/dev/vt:/dev/term:/dev/zcons:/dev/pty:/dev + +# +# Sudo noexec: +# Path noexec /path/to/sudo_noexec.so +# +# Path to a shared library containing replacements for the execv(), +# execve() and fexecve() library functions that just return an error. +# This is used to implement the "noexec" functionality on systems that +# support LD_PRELOAD or its equivalent. +# +# The compiled-in value is usually sufficient and should only be changed +# if you rename or move the sudo_noexec.so file. +# +Path noexec /usr/local/libexec/sudo/sudo_noexec.so + +# +# Sudo plugin directory: +# Path plugin_dir /path/to/plugins +# +# The default directory to use when searching for plugins that are +# specified without a fully qualified path name. +# +Path plugin_dir /usr/local/libexec/sudo + +# +# Path to the sesh binary for SELinux support +# +Path sesh /usr/local/libexec/sudo/sesh + +# +# Sudo developer mode: +# Set developer_mode true|false +# +# Allow loading of plugins that are owned by non-root or are writable +# by "group" or "other". Should only be used during plugin development. +Set developer_mode true + +# +# Core dumps: +# Set disable_coredump true|false +# +# By default, sudo disables core dumps while it is executing (they +# are re-enabled for the command that is run). +# To aid in debugging sudo problems, you may wish to enable core +# dumps by setting "disable_coredump" to false. +# +Set disable_coredump true + +# +# User groups: +# Set group_source static|dynamic|adaptive +# +# Sudo passes the user's group list to the policy plugin. +# If the user is a member of the maximum number of groups (usually 16), +# sudo will query the group database directly to be sure to include +# the full list of groups. +# +# On some systems, this can be expensive so the behavior is configurable. +# The "group_source" setting has three possible values: +# static - use the user's list of groups returned by the kernel. +# dynamic - query the group database to find the list of groups. +# adaptive - if user is in less than the maximum number of groups. +# use the kernel list, else query the group database. +# +Set group_source dynamic + +# +# Maximum number of groups to use +# +Set max_groups 8 + +# +# Sudo interface probing: +# Set probe_interfaces true|false +# +# By default, sudo will probe the system's network interfaces and +# pass the IP address of each enabled interface to the policy plugin. +# On systems with a large number of virtual interfaces this may take +# a noticeable amount of time. +# +Set probe_interfaces true + +# +# Sudo debug files: +# Debug program /path/to/debug_log subsystem@priority[,subsyste@priority] +# +# Sudo and related programs support logging debug information to a file. +# The program is typically sudo, sudoers.so, sudoreplay or visudo. +# +# Subsystems vary based on the program; "all" matches all subsystems. +# Priority may be crit, err, warn, notice, diag, info, trace or debug. +# Multiple subsystem@priority may be specified, separated by a comma. +# +Debug sudo /var/log/sudo_debug all@debug +Debug sudoers.so /var/log/sudoers_debug all@debug diff -Nru sudo-1.9.5p2/lib/util/regress/fuzz/fuzz_sudo_conf.c sudo-1.9.9/lib/util/regress/fuzz/fuzz_sudo_conf.c --- sudo-1.9.5p2/lib/util/regress/fuzz/fuzz_sudo_conf.c 1970-01-01 00:00:00.000000000 +0000 +++ sudo-1.9.9/lib/util/regress/fuzz/fuzz_sudo_conf.c 2022-01-27 21:24:22.000000000 +0000 @@ -0,0 +1,92 @@ +/* + * Copyright (c) 2021 Todd C. Miller + * + * Permission to use, copy, modify, and distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR + * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN + * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF + * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + */ + +#include + +#include +#include +#include +#include +#if defined(HAVE_STDINT_H) +# include +#elif defined(HAVE_INTTYPES_H) +# include +#endif + +#include "sudo_compat.h" +#include "sudo_conf.h" +#include "sudo_debug.h" +#include "sudo_fatal.h" +#include "sudo_plugin.h" +#include "sudo_util.h" + +static int +fuzz_conversation(int num_msgs, const struct sudo_conv_message msgs[], + struct sudo_conv_reply replies[], struct sudo_conv_callback *callback) +{ + int n; + + for (n = 0; n < num_msgs; n++) { + const struct sudo_conv_message *msg = &msgs[n]; + + switch (msg->msg_type & 0xff) { + case SUDO_CONV_PROMPT_ECHO_ON: + case SUDO_CONV_PROMPT_MASK: + case SUDO_CONV_PROMPT_ECHO_OFF: + /* input not supported */ + return -1; + case SUDO_CONV_ERROR_MSG: + case SUDO_CONV_INFO_MSG: + /* no output for fuzzers */ + break; + default: + return -1; + } + } + return 0; +} + +int +LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) +{ + char tempfile[] = "/tmp/sudo_conf.XXXXXX"; + size_t nwritten; + int fd; + + setprogname("fuzz_sudo_conf"); + sudo_warn_set_conversation(fuzz_conversation); + + /* sudo_conf_read() uses a conf file path, not an open file. */ + fd = mkstemp(tempfile); + if (fd == -1) + return 0; + nwritten = write(fd, data, size); + if (nwritten != size) { + close(fd); + return 0; + } + close(fd); + + /* sudo_conf_read() will re-init and free old data each time it runs. */ + sudo_conf_clear_paths(); + sudo_conf_read(tempfile, SUDO_CONF_ALL); + + unlink(tempfile); + + fflush(stdout); + + return 0; +} diff -Nru sudo-1.9.5p2/lib/util/regress/fuzz/fuzz_sudo_conf.dict sudo-1.9.9/lib/util/regress/fuzz/fuzz_sudo_conf.dict --- sudo-1.9.5p2/lib/util/regress/fuzz/fuzz_sudo_conf.dict 1970-01-01 00:00:00.000000000 +0000 +++ sudo-1.9.9/lib/util/regress/fuzz/fuzz_sudo_conf.dict 2022-01-27 21:24:06.000000000 +0000 @@ -0,0 +1,19 @@ +# sudo.conf keywords +"Debug" +"Path" +"Plugin" +"Set" + +# Paths +"askpass" +"sesh" +"noexec" +"plugin_dir" +"devsearch" + +# Variables +"developer_mode" +"disable_coredump" +"group_source" +"max_groups" +"probe_interfaces" diff -Nru sudo-1.9.5p2/lib/util/regress/getdelim/getdelim_test.c sudo-1.9.9/lib/util/regress/getdelim/getdelim_test.c --- sudo-1.9.5p2/lib/util/regress/getdelim/getdelim_test.c 2020-12-17 01:33:43.000000000 +0000 +++ sudo-1.9.9/lib/util/regress/getdelim/getdelim_test.c 2022-01-27 21:24:06.000000000 +0000 @@ -29,6 +29,7 @@ #else # include "compat/stdbool.h" #endif +#include #include #include "sudo_compat.h" @@ -47,15 +48,13 @@ int delim; }; -/* - * TODO: test error case. - * test realloc case (buf > LINE_MAX) - */ +static char longstr[LINE_MAX * 2]; static struct getdelim_test test_data[] = { { "a\nb\nc\n", { "a\n", "b\n", "c\n", NULL }, '\n' }, { "a\nb\nc", { "a\n", "b\n", "c", NULL }, '\n' }, { "a\tb\tc\t", { "a\t", "b\t", "c\t", NULL }, '\t' }, { "a\tb\tc", { "a\t", "b\t", "c", NULL }, '\t' }, + { longstr, { longstr, NULL }, '\n' }, { NULL, { NULL }, '\0' } }; @@ -68,6 +67,11 @@ pid_t pid; FILE *fp; + /* Exercise realloc case by injecting an entry > LINE_MAX. */ + memset(longstr, 'A', sizeof(longstr) - 2); + longstr[sizeof(longstr) - 2] = '\n'; + longstr[sizeof(longstr) - 1] = '\0'; + for (i = 0; test_data[i].input != NULL; i++) { if (socketpair(PF_UNIX, SOCK_STREAM, 0, sv) == -1) sudo_fatal_nodebug("socketpair"); @@ -105,6 +109,7 @@ errors++; } } + /* test EOF */ ntests++; alarm(30); @@ -119,6 +124,25 @@ errors++; } } + + /* test error by closing the underlying fd. */ + clearerr(fp); + close(fileno(fp)); + ntests++; + alarm(30); + if (getdelim(buf, buflen, test_data[i].delim, fp) != -1) { + sudo_warnx_nodebug("failed test #%d: expected error, got %s", + ntests, *buf); + errors++; + } else { + /* Use feof(3), not ferror(3) so we can detect out of memory. */ + if (feof(fp)) { + sudo_warn_nodebug("failed test #%d: expected error, got EOF", + ntests); + errors++; + } + } + fclose(fp); waitpid(pid, NULL, 0); alarm(0); diff -Nru sudo-1.9.5p2/lib/util/regress/getgrouplist/getgids.c sudo-1.9.9/lib/util/regress/getgrouplist/getgids.c --- sudo-1.9.5p2/lib/util/regress/getgrouplist/getgids.c 1970-01-01 00:00:00.000000000 +0000 +++ sudo-1.9.9/lib/util/regress/getgrouplist/getgids.c 2022-01-27 21:24:06.000000000 +0000 @@ -0,0 +1,81 @@ +/* + * SPDX-License-Identifier: ISC + * + * Copyright (c) 2021 Todd C. Miller + * + * Permission to use, copy, modify, and distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR + * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN + * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF + * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + */ + +#include + +#include +#include +#include +#ifdef HAVE_STDBOOL_H +# include +#else +# include "compat/stdbool.h" +#endif +#include +#include +#include + +#define SUDO_ERROR_WRAP 0 + +#include "sudo_compat.h" +#include "sudo_fatal.h" +#include "sudo_util.h" + +sudo_dso_public int main(int argc, char *argv[]); + +/* + * Implement "id -G" using sudo_getgrouplist2(). + */ + +int +main(int argc, char *argv[]) +{ + char *username = NULL; + GETGROUPS_T *groups = NULL; + struct passwd *pw; + int i, ngroups; + gid_t basegid; + initprogname(argc > 0 ? argv[0] : "getgids"); + + if (getopt(argc, argv, "") != -1) { + fprintf(stderr, "usage: %s [user]\n", getprogname()); + return EXIT_FAILURE; + } + if (argc > 1) + username = argv[1]; + + if (username != NULL) { + if ((pw = getpwnam(username)) == NULL) + sudo_fatalx("unknown user name %s", username); + } else { + if ((pw = getpwuid(getuid())) == NULL) + sudo_fatalx("unknown user ID %u", (unsigned int)getuid()); + } + basegid = pw->pw_gid; + if ((username = strdup(pw->pw_name)) == NULL) + sudo_fatal(NULL); + + if (sudo_getgrouplist2(username, basegid, &groups, &ngroups) == -1) + sudo_fatal("sudo_getgroulist2"); + + for (i = 0; i < ngroups; i++) { + printf("%s%u", i ? " " : "", (unsigned int)groups[i]); + } + putchar('\n'); + return EXIT_SUCCESS; +} diff -Nru sudo-1.9.5p2/lib/util/regress/getgrouplist/getgrouplist_test.c sudo-1.9.9/lib/util/regress/getgrouplist/getgrouplist_test.c --- sudo-1.9.5p2/lib/util/regress/getgrouplist/getgrouplist_test.c 2020-12-17 01:33:43.000000000 +0000 +++ sudo-1.9.9/lib/util/regress/getgrouplist/getgrouplist_test.c 2022-01-27 21:24:06.000000000 +0000 @@ -91,7 +91,7 @@ continue; } } - if (errors != 0) { + if (ntests != 0) { printf("%s: %d tests run, %d errors, %d%% success rate\n", getprogname(), ntests, errors, (ntests - errors) * 100 / ntests); } diff -Nru sudo-1.9.5p2/lib/util/regress/mktemp/mktemp_test.c sudo-1.9.9/lib/util/regress/mktemp/mktemp_test.c --- sudo-1.9.5p2/lib/util/regress/mktemp/mktemp_test.c 2020-12-17 01:33:43.000000000 +0000 +++ sudo-1.9.9/lib/util/regress/mktemp/mktemp_test.c 2022-01-27 21:24:22.000000000 +0000 @@ -31,6 +31,10 @@ # endif #endif +#ifndef MAP_FAILED +# define MAP_FAILED ((void *) -1) +#endif + #define MAX_TEMPLATE_LEN 10 #define MAX_TRIES 100 #define MIN_Xs 6 diff -Nru sudo-1.9.5p2/lib/util/regress/progname/progname_test.c sudo-1.9.9/lib/util/regress/progname/progname_test.c --- sudo-1.9.5p2/lib/util/regress/progname/progname_test.c 2020-12-17 01:33:43.000000000 +0000 +++ sudo-1.9.9/lib/util/regress/progname/progname_test.c 2022-01-27 21:24:06.000000000 +0000 @@ -37,12 +37,8 @@ { char *progbase = "progname_test"; - if (argc > 0) { - if ((progbase = strrchr(argv[0], '/')) != NULL) - progbase++; - else - progbase = argv[0]; - } + if (argc > 0) + progbase = sudo_basename(argv[0]); initprogname(progbase); /* Make sure getprogname() matches basename of argv[0]. */ diff -Nru sudo-1.9.5p2/lib/util/regress/sudo_conf/conf_test.c sudo-1.9.9/lib/util/regress/sudo_conf/conf_test.c --- sudo-1.9.5p2/lib/util/regress/sudo_conf/conf_test.c 2020-12-17 01:33:43.000000000 +0000 +++ sudo-1.9.9/lib/util/regress/sudo_conf/conf_test.c 2022-01-27 21:24:06.000000000 +0000 @@ -31,6 +31,12 @@ sudo_dso_public int main(int argc, char *argv[]); +/* Awful hack for macOS where the default group source is dynamic. */ +#ifdef __APPLE__ +# undef GROUP_SOURCE_ADAPTIVE +# define GROUP_SOURCE_ADAPTIVE GROUP_SOURCE_DYNAMIC +#endif + /* * Simple test driver for sudo_conf(). * Parses the given configuration file and dumps the resulting diff -Nru sudo-1.9.5p2/lib/util/regress/tailq/hltq_test.c sudo-1.9.9/lib/util/regress/tailq/hltq_test.c --- sudo-1.9.5p2/lib/util/regress/tailq/hltq_test.c 2020-12-17 01:33:43.000000000 +0000 +++ sudo-1.9.9/lib/util/regress/tailq/hltq_test.c 2022-01-27 21:24:06.000000000 +0000 @@ -183,8 +183,10 @@ } ntests++; - printf("%s: %d tests run, %d errors, %d%% success rate\n", getprogname(), - ntests, errors, (ntests - errors) * 100 / ntests); + if (ntests != 0) { + printf("%s: %d tests run, %d errors, %d%% success rate\n", + getprogname(), ntests, errors, (ntests - errors) * 100 / ntests); + } exit(errors); } diff -Nru sudo-1.9.5p2/lib/util/regress/uuid/uuid_test.c sudo-1.9.9/lib/util/regress/uuid/uuid_test.c --- sudo-1.9.5p2/lib/util/regress/uuid/uuid_test.c 1970-01-01 00:00:00.000000000 +0000 +++ sudo-1.9.9/lib/util/regress/uuid/uuid_test.c 2022-01-27 21:24:06.000000000 +0000 @@ -0,0 +1,92 @@ +/* + * SPDX-License-Identifier: ISC + * + * Copyright (c) 2021 Todd C. Miller + * + * Permission to use, copy, modify, and distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR + * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN + * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF + * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + */ + +#include + +#include +#if defined(HAVE_STDINT_H) +# include +#elif defined(HAVE_INTTYPES_H) +# include +#endif +#include + +#define SUDO_ERROR_WRAP 0 + +#include "sudo_compat.h" +#include "sudo_fatal.h" +#include "sudo_util.h" + +sudo_dso_public int main(int argc, char *argv[]); + +/* + * Test that sudo_uuid_create() generates a variant 1, version 4 uuid. + */ + +/* From RFC 4122. */ +struct uuid { + uint32_t time_low; + uint16_t time_mid; + uint16_t time_hi_and_version; + uint8_t clock_seq_hi_and_reserved; + uint8_t clock_seq_low; + uint8_t node[6]; +}; + +int +main(int argc, char *argv[]) +{ + union { + struct uuid id; + unsigned char u8[16]; + } uuid; + int errors = 0; + int ntests = 0; + + initprogname(argc > 0 ? argv[0] : "uuid_test"); + + /* Do 16 passes. */ + for (ntests = 0; ntests < 16; ntests++) { + sudo_uuid_create(uuid.u8); + + /* Variant: two most significant bits (6 and 7) are 0 and 1. */ + if (ISSET(uuid.id.clock_seq_hi_and_reserved, (1 << 6))) { + sudo_warnx("uuid bit 6 set, should be clear"); + errors++; + continue; + } + if (!ISSET(uuid.id.clock_seq_hi_and_reserved, (1 << 7))) { + sudo_warnx("uuid bit 7 clear, should be set"); + errors++; + continue; + } + + /* Version: bits 12-15 are 0010. */ + if ((uuid.id.time_hi_and_version & 0xf000) != 0x4000) { + sudo_warnx("bad version: 0x%x", uuid.id.time_hi_and_version & 0xf000); + errors++; + continue; + } + } + + if (ntests != 0) { + printf("%s: %d tests run, %d errors, %d%% success rate\n", + getprogname(), ntests, errors, (ntests - errors) * 100 / ntests); + } + return 0; +} diff -Nru sudo-1.9.5p2/lib/util/regress/vsyslog/vsyslog_test.c sudo-1.9.9/lib/util/regress/vsyslog/vsyslog_test.c --- sudo-1.9.5p2/lib/util/regress/vsyslog/vsyslog_test.c 2020-12-17 01:33:43.000000000 +0000 +++ sudo-1.9.9/lib/util/regress/vsyslog/vsyslog_test.c 1970-01-01 00:00:00.000000000 +0000 @@ -1,130 +0,0 @@ -/* - * SPDX-License-Identifier: ISC - * - * Copyright (c) 2017-2020 Todd C. Miller - * - * Permission to use, copy, modify, and distribute this software for any - * purpose with or without fee is hereby granted, provided that the above - * copyright notice and this permission notice appear in all copies. - * - * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES - * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF - * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR - * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES - * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN - * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF - * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. - */ - -#include - -#include -#include -#include -#include -#include - -#include "sudo_compat.h" -#include "sudo_fatal.h" -#include "sudo_util.h" - -sudo_dso_public int main(int argc, char *argv[]); - -/* - * Test that sudo_vsyslog() works as expected. - */ -static char *expected_result; -static int errors; -static int ntests; - -/* - * Replacement for syslog(3) that just verifies the message - */ -void -syslog(int priority, const char *fmt, ...) -{ - va_list ap; - const char *msg; - - if (strcmp(fmt, "%s") != 0) - sudo_fatalx_nodebug("Expected syslog format \"%%s\", got \"%s\"", fmt); - - va_start(ap, fmt); - msg = va_arg(ap, char *); - if (strcmp(msg, expected_result) != 0) { - sudo_warnx_nodebug("Expected \"%s\", got \"%s\"", expected_result, msg); - errors++; - } else { - ntests++; - } - va_end(ap); -} - -static void -test_vsyslog(int priority, const char *fmt, ...) -{ - va_list ap; - - va_start(ap, fmt); - sudo_vsyslog(priority, fmt, ap); - va_end(ap); -} - -int -main(int argc, char *argv[]) -{ - int len; - char buf1[1024 * 16], buf2[1024 * 16]; - - initprogname(argc > 0 ? argv[0] : "vsyslog_test"); - - /* Test small buffer. */ - expected_result = "sudo: millert : TTY=ttypa ; PWD=/etc/mail ; USER=root ; TSID=000AB0 ; COMMAND=/usr/sbin/newaliases"; - test_vsyslog(0, - "%s: %s : TTY=%s ; PWD=%s ; USER=%s ; TSID=%s ; COMMAND=%s", - "sudo", "millert", "ttypa", "/etc/mail", "root", "000AB0", - "/usr/sbin/newaliases"); - - /* Test small buffer w/ errno. */ - len = snprintf(buf1, sizeof(buf1), - "unable to open %s: %s", "/var/log/sudo-io/seq", strerror(ENOENT)); - if (len < 0 || len >= ssizeof(buf1)) - sudo_warnx_nodebug("buf1 truncated at %s:%d", __FILE__, __LINE__); - expected_result = buf1; - errno = ENOENT; - test_vsyslog(0, "unable to open %s: %m", "/var/log/sudo-io/seq"); - - /* Test large buffer > 8192 bytes. */ - memset(buf1, 'a', 8192); - buf1[8192] = '\0'; - expected_result = buf1; - test_vsyslog(0, "%s", buf1); - - /* Test large buffer w/ errno > 8192 bytes. */ - memset(buf1, 'b', 8184); - buf1[8184] = '\0'; - len = snprintf(buf2, sizeof(buf2), "%s: %s", buf1, strerror(EINVAL)); - if (len < 0 || len >= ssizeof(buf2)) - sudo_warnx_nodebug("buf2 truncated at %s:%d", __FILE__, __LINE__); - expected_result = buf2; - errno = EINVAL; - test_vsyslog(0, "%s: %m", buf1); - - /* Test large format string > 8192 bytes, expect truncation to 2048. */ - memset(buf1, 'b', 8184); - buf1[8184] = '\0'; - len = snprintf(buf2, sizeof(buf2), "%.*s", 2047, buf1); - if (len < 0 || len >= ssizeof(buf2)) - sudo_warnx_nodebug("buf2 truncated at %s:%d", __FILE__, __LINE__); - expected_result = buf2; - test_vsyslog(0, buf1); - - if (ntests != 0) { - printf("%s: %d tests run, %d errors, %d%% success rate\n", - getprogname(), ntests, errors, (ntests - errors) * 100 / ntests); - } else { - printf("%s: error, no tests run!\n", getprogname()); - errors = 1; - } - exit(errors); -} diff -Nru sudo-1.9.5p2/lib/util/secure_path.c sudo-1.9.9/lib/util/secure_path.c --- sudo-1.9.5p2/lib/util/secure_path.c 2020-12-17 01:33:43.000000000 +0000 +++ sudo-1.9.9/lib/util/secure_path.c 2022-01-27 21:24:06.000000000 +0000 @@ -41,7 +41,7 @@ debug_decl(sudo_secure_path, SUDO_DEBUG_UTIL); if (path != NULL && stat(path, &sb) == 0) { - if ((sb.st_mode & _S_IFMT) != type) { + if ((sb.st_mode & S_IFMT) != type) { ret = SUDO_PATH_BAD_TYPE; } else if (uid != (uid_t)-1 && sb.st_uid != uid) { ret = SUDO_PATH_WRONG_OWNER; @@ -66,7 +66,7 @@ int sudo_secure_file_v1(const char *path, uid_t uid, gid_t gid, struct stat *sbp) { - return sudo_secure_path(path, _S_IFREG, uid, gid, sbp); + return sudo_secure_path(path, S_IFREG, uid, gid, sbp); } /* @@ -75,5 +75,5 @@ int sudo_secure_dir_v1(const char *path, uid_t uid, gid_t gid, struct stat *sbp) { - return sudo_secure_path(path, _S_IFDIR, uid, gid, sbp); + return sudo_secure_path(path, S_IFDIR, uid, gid, sbp); } diff -Nru sudo-1.9.5p2/lib/util/siglist.in sudo-1.9.9/lib/util/siglist.in --- sudo-1.9.5p2/lib/util/siglist.in 2020-12-17 01:33:43.000000000 +0000 +++ sudo-1.9.9/lib/util/siglist.in 2022-01-27 21:24:06.000000000 +0000 @@ -17,11 +17,11 @@ EMT EMT trap FPE Floating point exception KILL Killed -# before BUS (Older Linux doesn't really have a BUS, but defines it to UNUSED) - UNUSED Unused BUS Bus error SEGV Memory fault +# before UNUSED (SYS and UNUSED share the same value in musl libc). SYS Bad system call + UNUSED Unused PIPE Broken pipe ALRM Alarm clock TERM Terminated diff -Nru sudo-1.9.5p2/lib/util/snprintf.c sudo-1.9.9/lib/util/snprintf.c --- sudo-1.9.5p2/lib/util/snprintf.c 2020-12-17 01:33:43.000000000 +0000 +++ sudo-1.9.9/lib/util/snprintf.c 2022-01-27 21:24:22.000000000 +0000 @@ -116,6 +116,10 @@ # define MAP_ANON MAP_ANONYMOUS #endif +#ifndef MAP_FAILED +# define MAP_FAILED ((void *) -1) +#endif + /* * Allocate "size" bytes via mmap. */ diff -Nru sudo-1.9.5p2/lib/util/sudo_conf.c sudo-1.9.9/lib/util/sudo_conf.c --- sudo-1.9.5p2/lib/util/sudo_conf.c 2020-12-17 01:33:43.000000000 +0000 +++ sudo-1.9.9/lib/util/sudo_conf.c 2022-01-27 21:24:06.000000000 +0000 @@ -1,7 +1,7 @@ /* * SPDX-License-Identifier: ISC * - * Copyright (c) 2009-2017 Todd C. Miller + * Copyright (c) 2009-2021 Todd C. Miller * * Permission to use, copy, modify, and distribute this software for any * purpose with or without fee is hereby granted, provided that the above @@ -51,6 +51,13 @@ #include "sudo_util.h" #include "pathnames.h" +#ifndef _PATH_SUDO_INTERCEPT +# define _PATH_SUDO_INTERCEPT NULL +#endif +#ifndef _PATH_SUDO_NOEXEC +# define _PATH_SUDO_NOEXEC NULL +#endif + struct sudo_conf_table { const char *name; unsigned int namelen; @@ -104,25 +111,38 @@ /* Indexes into path_table[] below (order is important). */ #define SUDO_CONF_PATH_ASKPASS 0 #define SUDO_CONF_PATH_SESH 1 -#define SUDO_CONF_PATH_NOEXEC 2 -#define SUDO_CONF_PATH_PLUGIN_DIR 3 -#define SUDO_CONF_PATH_DEVSEARCH 4 +#define SUDO_CONF_PATH_INTERCEPT 2 +#define SUDO_CONF_PATH_NOEXEC 3 +#define SUDO_CONF_PATH_PLUGIN_DIR 4 +#define SUDO_CONF_PATH_DEVSEARCH 5 #define SUDO_CONF_PATH_INITIALIZER { \ { "askpass", sizeof("askpass") - 1, false, _PATH_SUDO_ASKPASS }, \ { "sesh", sizeof("sesh") - 1, false, _PATH_SUDO_SESH }, \ + { "intercept", sizeof("intercept") - 1, false, _PATH_SUDO_INTERCEPT }, \ { "noexec", sizeof("noexec") - 1, false, _PATH_SUDO_NOEXEC }, \ { "plugin_dir", sizeof("plugin_dir") - 1, false, _PATH_SUDO_PLUGIN_DIR }, \ { "devsearch", sizeof("devsearch") - 1, false, _PATH_SUDO_DEVSEARCH }, \ { NULL } \ } +/* + * getgroups(2) on macOS is flakey with respect to non-local groups. + * Even with _DARWIN_UNLIMITED_GETGROUPS set we may not get all groups./ + * See bug #946 for details. + */ +#ifdef __APPLE__ +# define GROUP_SOURCE_DEFAULT GROUP_SOURCE_DYNAMIC +#else +# define GROUP_SOURCE_DEFAULT GROUP_SOURCE_ADAPTIVE +#endif + #define SUDO_CONF_SETTINGS_INITIALIZER { \ false, /* updated */ \ false, /* developer_mode */ \ true, /* disable_coredump */ \ true, /* probe_interfaces */ \ - GROUP_SOURCE_ADAPTIVE, /* group_source */ \ + GROUP_SOURCE_DEFAULT, /* group_source */ \ -1 /* max_groups */ \ } @@ -130,7 +150,7 @@ struct sudo_conf_settings settings; struct sudo_conf_debug_list debugging; struct plugin_info_list plugins; - struct sudo_conf_path_table path_table[6]; + struct sudo_conf_path_table path_table[7]; } sudo_conf_data = { SUDO_CONF_SETTINGS_INITIALIZER, TAILQ_HEAD_INITIALIZER(sudo_conf_data.debugging), @@ -431,7 +451,7 @@ int max_groups; debug_decl(set_var_max_groups, SUDO_DEBUG_UTIL); - max_groups = sudo_strtonum(strval, 1, INT_MAX, NULL); + max_groups = sudo_strtonum(strval, 1, 1024, NULL); if (max_groups <= 0) { sudo_warnx(U_("invalid max groups \"%s\" in %s, line %u"), strval, conf_file, lineno); @@ -470,6 +490,12 @@ } const char * +sudo_conf_intercept_path_v1(void) +{ + return sudo_conf_data.path_table[SUDO_CONF_PATH_INTERCEPT].pval; +} + +const char * sudo_conf_noexec_path_v1(void) { return sudo_conf_data.path_table[SUDO_CONF_PATH_NOEXEC].pval; @@ -516,33 +542,25 @@ sudo_conf_debug_files_v1(const char *progname) { struct sudo_conf_debug *debug_spec; - size_t prognamelen, progbaselen; - const char *progbase = progname; + const char *progbase; debug_decl(sudo_conf_debug_files, SUDO_DEBUG_UTIL); /* Determine basename if program is fully qualified (like for plugins). */ - prognamelen = progbaselen = strlen(progname); - if (*progname == '/') { - progbase = strrchr(progname, '/'); - progbaselen = strlen(++progbase); - } + progbase = progname[0] == '/' ? sudo_basename(progname) : progname; + /* Convert sudoedit -> sudo. */ - if (progbaselen > 4 && strcmp(progbase + 4, "edit") == 0) { - progbaselen -= 4; - } + if (strcmp(progbase, "sudoedit") == 0) + progbase = "sudo"; + TAILQ_FOREACH(debug_spec, &sudo_conf_data.debugging, entries) { const char *prog = progbase; - size_t len = progbaselen; if (debug_spec->progname[0] == '/') { /* Match fully-qualified name, if possible. */ prog = progname; - len = prognamelen; } - if (strncmp(debug_spec->progname, prog, len) == 0 && - debug_spec->progname[len] == '\0') { + if (strcmp(debug_spec->progname, prog) == 0) debug_return_ptr(&debug_spec->debug_files); - } } debug_return_ptr(NULL); } diff -Nru sudo-1.9.5p2/lib/util/sudo_debug.c sudo-1.9.9/lib/util/sudo_debug.c --- sudo-1.9.5p2/lib/util/sudo_debug.c 2021-01-09 20:12:16.000000000 +0000 +++ sudo-1.9.9/lib/util/sudo_debug.c 2022-01-27 21:24:22.000000000 +0000 @@ -24,6 +24,7 @@ #include #include +#include #include #include #include @@ -45,6 +46,7 @@ #include "sudo_plugin.h" #include "sudo_util.h" +#ifndef FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION /* * The debug priorities and subsystems are currently hard-coded. * In the future we might consider allowing plugins to register their @@ -141,7 +143,7 @@ */ static struct sudo_debug_output * sudo_debug_new_output(struct sudo_debug_instance *instance, - struct sudo_debug_file *debug_file) + struct sudo_debug_file *debug_file, int minfd) { char *buf, *cp, *last, *subsys, *pri; struct sudo_debug_output *output; @@ -180,6 +182,15 @@ } ignore_result(fchown(output->fd, (uid_t)-1, 0)); } + if (output->fd < minfd) { + int newfd = fcntl(output->fd, F_DUPFD, minfd); + if (newfd == -1) { + sudo_warn_nodebug("%s", output->filename); + goto bad; + } + close(output->fd); + output->fd = newfd; + } if (fcntl(output->fd, F_SETFD, FD_CLOEXEC) == -1) { sudo_warn_nodebug("%s", output->filename); goto bad; @@ -258,8 +269,9 @@ * on error. */ int -sudo_debug_register_v1(const char *program, const char *const subsystems[], - unsigned int ids[], struct sudo_conf_debug_file_list *debug_files) +sudo_debug_register_v2(const char *program, const char *const subsystems[], + unsigned int ids[], struct sudo_conf_debug_file_list *debug_files, + int minfd) { struct sudo_debug_instance *instance = NULL; struct sudo_debug_output *output; @@ -345,7 +357,7 @@ } TAILQ_FOREACH(debug_file, debug_files, entries) { - output = sudo_debug_new_output(instance, debug_file); + output = sudo_debug_new_output(instance, debug_file, minfd); if (output != NULL) SLIST_INSERT_HEAD(&instance->outputs, output, entries); } @@ -363,6 +375,13 @@ return idx; } +int +sudo_debug_register_v1(const char *program, const char *const subsystems[], + unsigned int ids[], struct sudo_conf_debug_file_list *debug_files) +{ + return sudo_debug_register_v2(program, subsystems, ids, debug_files, -1); +} + /* * De-register the specified instance from the debug subsystem * and free up any associated data structures. @@ -588,11 +607,33 @@ sudo_debug_write2_v1(int fd, const char *func, const char *file, int lineno, const char *str, int len, int errnum) { - char *timestr, numbuf[(((sizeof(int) * 8) + 2) / 3) + 2]; - time_t now; + char numbuf[(((sizeof(int) * 8) + 2) / 3) + 2]; + char timebuf[64]; + struct timeval tv; struct iovec iov[12]; int iovcnt = 3; + /* Cannot use sudo_gettime_real() here since it calls sudo_debug. */ + timebuf[0] = '\0'; + if (gettimeofday(&tv, NULL) != -1) { + time_t now = tv.tv_sec; + struct tm tm; + size_t tlen; + if (localtime_r(&now, &tm) != NULL) { + timebuf[sizeof(timebuf) - 1] = '\0'; + tlen = strftime(timebuf, sizeof(timebuf), "%b %e %H:%M:%S", &tm); + if (tlen == 0 || timebuf[sizeof(timebuf) - 1] != '\0') { + /* contents are undefined on error */ + timebuf[0] = '\0'; + } else { + (void)snprintf(timebuf + tlen, sizeof(timebuf) - tlen, + ".%03d ", (int)tv.tv_usec / 1000); + } + } + } + iov[0].iov_base = timebuf; + iov[0].iov_len = strlen(timebuf); + /* Prepend program name and pid with a trailing space. */ iov[1].iov_base = (char *)getprogname(); iov[1].iov_len = strlen(iov[1].iov_base); @@ -649,14 +690,6 @@ iov[iovcnt].iov_len = 1; iovcnt++; - /* Do timestamp last due to ctime's static buffer. */ - time(&now); - timestr = ctime(&now) + 4; - timestr[15] = ' '; /* replace year with a space */ - timestr[16] = '\0'; - iov[0].iov_base = timestr; - iov[0].iov_len = 16; - /* Write message in a single syscall */ ignore_result(writev(fd, iov, iovcnt)); } @@ -960,3 +993,175 @@ *fds = sudo_debug_fds; return sudo_debug_max_fd; } +#else /* FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION */ +int +sudo_debug_register_v2(const char *program, const char *const subsystems[], + unsigned int ids[], struct sudo_conf_debug_file_list *debug_files, + int minfd) +{ + return SUDO_DEBUG_INSTANCE_INITIALIZER; +} + +int +sudo_debug_register_v1(const char *program, const char *const subsystems[], + unsigned int ids[], struct sudo_conf_debug_file_list *debug_files) +{ + return SUDO_DEBUG_INSTANCE_INITIALIZER; +} + +int +sudo_debug_deregister_v1(int idx) +{ + return -1; +} + +int +sudo_debug_parse_flags_v1(struct sudo_conf_debug_file_list *debug_files, + const char *entry) +{ + return 0; +} + +int +sudo_debug_get_instance_v1(const char *program) +{ + return SUDO_DEBUG_INSTANCE_INITIALIZER; +} + +pid_t +sudo_debug_fork_v1(void) +{ + return fork(); +} + +void +sudo_debug_enter_v1(const char *func, const char *file, int line, + int subsys) +{ +} + +void +sudo_debug_exit_v1(const char *func, const char *file, int line, + int subsys) +{ +} + +void +sudo_debug_exit_int_v1(const char *func, const char *file, int line, + int subsys, int ret) +{ +} + +void +sudo_debug_exit_long_v1(const char *func, const char *file, int line, + int subsys, long ret) +{ +} + +void +sudo_debug_exit_id_t_v1(const char *func, const char *file, int line, + int subsys, id_t ret) +{ +} + +void +sudo_debug_exit_size_t_v1(const char *func, const char *file, int line, + int subsys, size_t ret) +{ +} + +void +sudo_debug_exit_ssize_t_v1(const char *func, const char *file, int line, + int subsys, ssize_t ret) +{ +} + +void +sudo_debug_exit_time_t_v1(const char *func, const char *file, int line, + int subsys, time_t ret) +{ +} + +void +sudo_debug_exit_bool_v1(const char *func, const char *file, int line, + int subsys, bool ret) +{ +} + +void +sudo_debug_exit_str_v1(const char *func, const char *file, int line, + int subsys, const char *ret) +{ +} + +void +sudo_debug_exit_str_masked_v1(const char *func, const char *file, int line, + int subsys, const char *ret) +{ +} + +void +sudo_debug_exit_ptr_v1(const char *func, const char *file, int line, + int subsys, const void *ret) +{ +} + +void +sudo_debug_write2_v1(int fd, const char *func, const char *file, int lineno, + const char *str, int len, int errnum) +{ +} + +bool +sudo_debug_needed_v1(int level) +{ + return false; +} + +void +sudo_debug_vprintf2_v1(const char *func, const char *file, int lineno, int level, + const char *fmt, va_list ap) +{ +} + +#ifdef NO_VARIADIC_MACROS +void +sudo_debug_printf_nvm_v1(int pri, const char *fmt, ...) +{ +} +#endif /* NO_VARIADIC_MACROS */ + +void +sudo_debug_printf2_v1(const char *func, const char *file, int lineno, int level, + const char *fmt, ...) +{ +} + +void +sudo_debug_execve2_v1(int level, const char *path, char *const argv[], char *const envp[]) +{ +} + +int +sudo_debug_get_active_instance_v1(void) +{ + return SUDO_DEBUG_INSTANCE_INITIALIZER; +} + +int +sudo_debug_set_active_instance_v1(int idx) +{ + return SUDO_DEBUG_INSTANCE_INITIALIZER; +} + +void +sudo_debug_update_fd_v1(int ofd, int nfd) +{ +} + +int +sudo_debug_get_fds_v1(unsigned char **fds) +{ + return -1; +} +#endif /* FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION */ diff -Nru sudo-1.9.5p2/lib/util/sudo_dso.c sudo-1.9.9/lib/util/sudo_dso.c --- sudo-1.9.5p2/lib/util/sudo_dso.c 2020-12-17 01:33:43.000000000 +0000 +++ sudo-1.9.9/lib/util/sudo_dso.c 2022-01-27 21:24:06.000000000 +0000 @@ -160,11 +160,24 @@ # define RTLD_GLOBAL 0 # endif +/* Default member names for AIX when dlopen()ing an ar (.a) file. */ +# ifdef RTLD_MEMBER +# ifdef __LP64__ +# define SUDO_DSO_MEMBER "shr_64.o" +# else +# define SUDO_DSO_MEMBER "shr.o" +# endif +# endif + void * sudo_dso_load_v1(const char *path, int mode) { struct sudo_preload_table *pt; int flags = 0; + void *ret; +#ifdef RTLD_MEMBER + char *cp; +#endif /* Check prelinked symbols first. */ if (preload_table != NULL) { @@ -176,15 +189,38 @@ /* Map SUDO_DSO_* -> RTLD_* */ if (ISSET(mode, SUDO_DSO_LAZY)) - flags |= RTLD_LAZY; + SET(flags, RTLD_LAZY); if (ISSET(mode, SUDO_DSO_NOW)) - flags |= RTLD_NOW; + SET(flags, RTLD_NOW); if (ISSET(mode, SUDO_DSO_GLOBAL)) - flags |= RTLD_GLOBAL; + SET(flags, RTLD_GLOBAL); if (ISSET(mode, SUDO_DSO_LOCAL)) - flags |= RTLD_LOCAL; + SET(flags, RTLD_LOCAL); + +#ifdef RTLD_MEMBER + /* Check for AIX path(module) syntax and add RTLD_MEMBER for a module. */ + cp = strrchr(path, '('); + if (cp != NULL) { + size_t len = strlen(cp); + if (len > 2 && cp[len - 1] == '\0') + SET(flags, RTLD_MEMBER); + } +#endif /* RTLD_MEMBER */ + ret = dlopen(path, flags); +#ifdef RTLD_MEMBER + /* + * If we try to dlopen() an AIX .a file without an explicit member + * it will fail with ENOEXEC. Try again using the default member. + */ + if (ret == NULL && !ISSET(flags, RTLD_MEMBER) && errno == ENOEXEC) { + if (asprintf(&cp, "%s(%s)", path, SUDO_DSO_MEMBER) != -1) { + ret = dlopen(cp, flags|RTLD_MEMBER); + free(cp); + } + } +#endif /* RTLD_MEMBER */ - return dlopen(path, flags); + return ret; } int diff -Nru sudo-1.9.5p2/lib/util/sys_siglist.h sudo-1.9.9/lib/util/sys_siglist.h --- sudo-1.9.5p2/lib/util/sys_siglist.h 1970-01-01 00:00:00.000000000 +0000 +++ sudo-1.9.9/lib/util/sys_siglist.h 2022-01-27 21:24:06.000000000 +0000 @@ -0,0 +1,182 @@ +/* public domain */ + +#include +#include +#include +#include "sudo_compat.h" + +int sudo_end_of_headers; +static char *sudo_sys_siglist[NSIG]; + +#ifdef SIGHUP + if (sudo_sys_siglist[SIGHUP] == NULL) + sudo_sys_siglist[SIGHUP] = "Hangup"; +#endif +#ifdef SIGINT + if (sudo_sys_siglist[SIGINT] == NULL) + sudo_sys_siglist[SIGINT] = "Interrupt"; +#endif +#ifdef SIGQUIT + if (sudo_sys_siglist[SIGQUIT] == NULL) + sudo_sys_siglist[SIGQUIT] = "Quit"; +#endif +#ifdef SIGILL + if (sudo_sys_siglist[SIGILL] == NULL) + sudo_sys_siglist[SIGILL] = "Illegal instruction"; +#endif +#ifdef SIGTRAP + if (sudo_sys_siglist[SIGTRAP] == NULL) + sudo_sys_siglist[SIGTRAP] = "Trace trap"; +#endif +#ifdef SIGABRT + if (sudo_sys_siglist[SIGABRT] == NULL) + sudo_sys_siglist[SIGABRT] = "Abort"; +#endif +#ifdef SIGIOT + if (sudo_sys_siglist[SIGIOT] == NULL) + sudo_sys_siglist[SIGIOT] = "IOT instruction"; +#endif +#ifdef SIGEMT + if (sudo_sys_siglist[SIGEMT] == NULL) + sudo_sys_siglist[SIGEMT] = "EMT trap"; +#endif +#ifdef SIGFPE + if (sudo_sys_siglist[SIGFPE] == NULL) + sudo_sys_siglist[SIGFPE] = "Floating point exception"; +#endif +#ifdef SIGKILL + if (sudo_sys_siglist[SIGKILL] == NULL) + sudo_sys_siglist[SIGKILL] = "Killed"; +#endif +#ifdef SIGBUS + if (sudo_sys_siglist[SIGBUS] == NULL) + sudo_sys_siglist[SIGBUS] = "Bus error"; +#endif +#ifdef SIGSEGV + if (sudo_sys_siglist[SIGSEGV] == NULL) + sudo_sys_siglist[SIGSEGV] = "Memory fault"; +#endif +#ifdef SIGSYS + if (sudo_sys_siglist[SIGSYS] == NULL) + sudo_sys_siglist[SIGSYS] = "Bad system call"; +#endif +#ifdef SIGUNUSED + if (sudo_sys_siglist[SIGUNUSED] == NULL) + sudo_sys_siglist[SIGUNUSED] = "Unused"; +#endif +#ifdef SIGPIPE + if (sudo_sys_siglist[SIGPIPE] == NULL) + sudo_sys_siglist[SIGPIPE] = "Broken pipe"; +#endif +#ifdef SIGALRM + if (sudo_sys_siglist[SIGALRM] == NULL) + sudo_sys_siglist[SIGALRM] = "Alarm clock"; +#endif +#ifdef SIGTERM + if (sudo_sys_siglist[SIGTERM] == NULL) + sudo_sys_siglist[SIGTERM] = "Terminated"; +#endif +#ifdef SIGSTKFLT + if (sudo_sys_siglist[SIGSTKFLT] == NULL) + sudo_sys_siglist[SIGSTKFLT] = "Stack fault"; +#endif +#ifdef SIGIO + if (sudo_sys_siglist[SIGIO] == NULL) + sudo_sys_siglist[SIGIO] = "I/O possible"; +#endif +#ifdef SIGXCPU + if (sudo_sys_siglist[SIGXCPU] == NULL) + sudo_sys_siglist[SIGXCPU] = "CPU time limit exceeded"; +#endif +#ifdef SIGXFSZ + if (sudo_sys_siglist[SIGXFSZ] == NULL) + sudo_sys_siglist[SIGXFSZ] = "File size limit exceeded"; +#endif +#ifdef SIGVTALRM + if (sudo_sys_siglist[SIGVTALRM] == NULL) + sudo_sys_siglist[SIGVTALRM] = "Virtual timer expired"; +#endif +#ifdef SIGPROF + if (sudo_sys_siglist[SIGPROF] == NULL) + sudo_sys_siglist[SIGPROF] = "Profiling timer expired"; +#endif +#ifdef SIGWINCH + if (sudo_sys_siglist[SIGWINCH] == NULL) + sudo_sys_siglist[SIGWINCH] = "Window size change"; +#endif +#ifdef SIGLOST + if (sudo_sys_siglist[SIGLOST] == NULL) + sudo_sys_siglist[SIGLOST] = "File lock lost"; +#endif +#ifdef SIGUSR1 + if (sudo_sys_siglist[SIGUSR1] == NULL) + sudo_sys_siglist[SIGUSR1] = "User defined signal 1"; +#endif +#ifdef SIGUSR2 + if (sudo_sys_siglist[SIGUSR2] == NULL) + sudo_sys_siglist[SIGUSR2] = "User defined signal 2"; +#endif +#ifdef SIGPWR + if (sudo_sys_siglist[SIGPWR] == NULL) + sudo_sys_siglist[SIGPWR] = "Power-fail/Restart"; +#endif +#ifdef SIGPOLL + if (sudo_sys_siglist[SIGPOLL] == NULL) + sudo_sys_siglist[SIGPOLL] = "Pollable event occurred"; +#endif +#ifdef SIGSTOP + if (sudo_sys_siglist[SIGSTOP] == NULL) + sudo_sys_siglist[SIGSTOP] = "Stopped (signal)"; +#endif +#ifdef SIGTSTP + if (sudo_sys_siglist[SIGTSTP] == NULL) + sudo_sys_siglist[SIGTSTP] = "Stopped"; +#endif +#ifdef SIGCONT + if (sudo_sys_siglist[SIGCONT] == NULL) + sudo_sys_siglist[SIGCONT] = "Continued"; +#endif +#ifdef SIGCHLD + if (sudo_sys_siglist[SIGCHLD] == NULL) + sudo_sys_siglist[SIGCHLD] = "Child exited"; +#endif +#ifdef SIGCLD + if (sudo_sys_siglist[SIGCLD] == NULL) + sudo_sys_siglist[SIGCLD] = "Child exited"; +#endif +#ifdef SIGTTIN + if (sudo_sys_siglist[SIGTTIN] == NULL) + sudo_sys_siglist[SIGTTIN] = "Stopped (tty input)"; +#endif +#ifdef SIGTTOU + if (sudo_sys_siglist[SIGTTOU] == NULL) + sudo_sys_siglist[SIGTTOU] = "Stopped (tty output)"; +#endif +#ifdef SIGINFO + if (sudo_sys_siglist[SIGINFO] == NULL) + sudo_sys_siglist[SIGINFO] = "Information request"; +#endif +#ifdef SIGURG + if (sudo_sys_siglist[SIGURG] == NULL) + sudo_sys_siglist[SIGURG] = "Urgent I/O condition"; +#endif +#ifdef SIGWAITING + if (sudo_sys_siglist[SIGWAITING] == NULL) + sudo_sys_siglist[SIGWAITING] = "No runnable LWPs"; +#endif +#ifdef SIGLWP + if (sudo_sys_siglist[SIGLWP] == NULL) + sudo_sys_siglist[SIGLWP] = "Inter-LWP signal"; +#endif +#ifdef SIGFREEZE + if (sudo_sys_siglist[SIGFREEZE] == NULL) + sudo_sys_siglist[SIGFREEZE] = "Checkpoint freeze"; +#endif +#ifdef SIGTHAW + if (sudo_sys_siglist[SIGTHAW] == NULL) + sudo_sys_siglist[SIGTHAW] = "Checkpoint thaw"; +#endif +#ifdef SIGCANCEL + if (sudo_sys_siglist[SIGCANCEL] == NULL) + sudo_sys_siglist[SIGCANCEL] = "Thread cancellation"; +#endif diff -Nru sudo-1.9.5p2/lib/util/sys_signame.h sudo-1.9.9/lib/util/sys_signame.h --- sudo-1.9.5p2/lib/util/sys_signame.h 1970-01-01 00:00:00.000000000 +0000 +++ sudo-1.9.9/lib/util/sys_signame.h 2022-01-27 21:24:06.000000000 +0000 @@ -0,0 +1,182 @@ +/* public domain */ + +#include +#include +#include +#include "sudo_compat.h" + +int sudo_end_of_headers; +static char *sudo_sys_signame[NSIG]; + +#ifdef SIGHUP + if (sudo_sys_signame[SIGHUP] == NULL) + sudo_sys_signame[SIGHUP] = "HUP"; +#endif +#ifdef SIGINT + if (sudo_sys_signame[SIGINT] == NULL) + sudo_sys_signame[SIGINT] = "INT"; +#endif +#ifdef SIGQUIT + if (sudo_sys_signame[SIGQUIT] == NULL) + sudo_sys_signame[SIGQUIT] = "QUIT"; +#endif +#ifdef SIGILL + if (sudo_sys_signame[SIGILL] == NULL) + sudo_sys_signame[SIGILL] = "ILL"; +#endif +#ifdef SIGTRAP + if (sudo_sys_signame[SIGTRAP] == NULL) + sudo_sys_signame[SIGTRAP] = "TRAP"; +#endif +#ifdef SIGABRT + if (sudo_sys_signame[SIGABRT] == NULL) + sudo_sys_signame[SIGABRT] = "ABRT"; +#endif +#ifdef SIGIOT + if (sudo_sys_signame[SIGIOT] == NULL) + sudo_sys_signame[SIGIOT] = "IOT"; +#endif +#ifdef SIGEMT + if (sudo_sys_signame[SIGEMT] == NULL) + sudo_sys_signame[SIGEMT] = "EMT"; +#endif +#ifdef SIGFPE + if (sudo_sys_signame[SIGFPE] == NULL) + sudo_sys_signame[SIGFPE] = "FPE"; +#endif +#ifdef SIGKILL + if (sudo_sys_signame[SIGKILL] == NULL) + sudo_sys_signame[SIGKILL] = "KILL"; +#endif +#ifdef SIGBUS + if (sudo_sys_signame[SIGBUS] == NULL) + sudo_sys_signame[SIGBUS] = "BUS"; +#endif +#ifdef SIGSEGV + if (sudo_sys_signame[SIGSEGV] == NULL) + sudo_sys_signame[SIGSEGV] = "SEGV"; +#endif +#ifdef SIGSYS + if (sudo_sys_signame[SIGSYS] == NULL) + sudo_sys_signame[SIGSYS] = "SYS"; +#endif +#ifdef SIGUNUSED + if (sudo_sys_signame[SIGUNUSED] == NULL) + sudo_sys_signame[SIGUNUSED] = "UNUSED"; +#endif +#ifdef SIGPIPE + if (sudo_sys_signame[SIGPIPE] == NULL) + sudo_sys_signame[SIGPIPE] = "PIPE"; +#endif +#ifdef SIGALRM + if (sudo_sys_signame[SIGALRM] == NULL) + sudo_sys_signame[SIGALRM] = "ALRM"; +#endif +#ifdef SIGTERM + if (sudo_sys_signame[SIGTERM] == NULL) + sudo_sys_signame[SIGTERM] = "TERM"; +#endif +#ifdef SIGSTKFLT + if (sudo_sys_signame[SIGSTKFLT] == NULL) + sudo_sys_signame[SIGSTKFLT] = "STKFLT"; +#endif +#ifdef SIGIO + if (sudo_sys_signame[SIGIO] == NULL) + sudo_sys_signame[SIGIO] = "IO"; +#endif +#ifdef SIGXCPU + if (sudo_sys_signame[SIGXCPU] == NULL) + sudo_sys_signame[SIGXCPU] = "XCPU"; +#endif +#ifdef SIGXFSZ + if (sudo_sys_signame[SIGXFSZ] == NULL) + sudo_sys_signame[SIGXFSZ] = "XFSZ"; +#endif +#ifdef SIGVTALRM + if (sudo_sys_signame[SIGVTALRM] == NULL) + sudo_sys_signame[SIGVTALRM] = "VTALRM"; +#endif +#ifdef SIGPROF + if (sudo_sys_signame[SIGPROF] == NULL) + sudo_sys_signame[SIGPROF] = "PROF"; +#endif +#ifdef SIGWINCH + if (sudo_sys_signame[SIGWINCH] == NULL) + sudo_sys_signame[SIGWINCH] = "WINCH"; +#endif +#ifdef SIGLOST + if (sudo_sys_signame[SIGLOST] == NULL) + sudo_sys_signame[SIGLOST] = "LOST"; +#endif +#ifdef SIGUSR1 + if (sudo_sys_signame[SIGUSR1] == NULL) + sudo_sys_signame[SIGUSR1] = "USR1"; +#endif +#ifdef SIGUSR2 + if (sudo_sys_signame[SIGUSR2] == NULL) + sudo_sys_signame[SIGUSR2] = "USR2"; +#endif +#ifdef SIGPWR + if (sudo_sys_signame[SIGPWR] == NULL) + sudo_sys_signame[SIGPWR] = "PWR"; +#endif +#ifdef SIGPOLL + if (sudo_sys_signame[SIGPOLL] == NULL) + sudo_sys_signame[SIGPOLL] = "POLL"; +#endif +#ifdef SIGSTOP + if (sudo_sys_signame[SIGSTOP] == NULL) + sudo_sys_signame[SIGSTOP] = "STOP"; +#endif +#ifdef SIGTSTP + if (sudo_sys_signame[SIGTSTP] == NULL) + sudo_sys_signame[SIGTSTP] = "TSTP"; +#endif +#ifdef SIGCONT + if (sudo_sys_signame[SIGCONT] == NULL) + sudo_sys_signame[SIGCONT] = "CONT"; +#endif +#ifdef SIGCHLD + if (sudo_sys_signame[SIGCHLD] == NULL) + sudo_sys_signame[SIGCHLD] = "CHLD"; +#endif +#ifdef SIGCLD + if (sudo_sys_signame[SIGCLD] == NULL) + sudo_sys_signame[SIGCLD] = "CLD"; +#endif +#ifdef SIGTTIN + if (sudo_sys_signame[SIGTTIN] == NULL) + sudo_sys_signame[SIGTTIN] = "TTIN"; +#endif +#ifdef SIGTTOU + if (sudo_sys_signame[SIGTTOU] == NULL) + sudo_sys_signame[SIGTTOU] = "TTOU"; +#endif +#ifdef SIGINFO + if (sudo_sys_signame[SIGINFO] == NULL) + sudo_sys_signame[SIGINFO] = "INFO"; +#endif +#ifdef SIGURG + if (sudo_sys_signame[SIGURG] == NULL) + sudo_sys_signame[SIGURG] = "URG"; +#endif +#ifdef SIGWAITING + if (sudo_sys_signame[SIGWAITING] == NULL) + sudo_sys_signame[SIGWAITING] = "WAITING"; +#endif +#ifdef SIGLWP + if (sudo_sys_signame[SIGLWP] == NULL) + sudo_sys_signame[SIGLWP] = "LWP"; +#endif +#ifdef SIGFREEZE + if (sudo_sys_signame[SIGFREEZE] == NULL) + sudo_sys_signame[SIGFREEZE] = "FREEZE"; +#endif +#ifdef SIGTHAW + if (sudo_sys_signame[SIGTHAW] == NULL) + sudo_sys_signame[SIGTHAW] = "THAW"; +#endif +#ifdef SIGCANCEL + if (sudo_sys_signame[SIGCANCEL] == NULL) + sudo_sys_signame[SIGCANCEL] = "CANCEL"; +#endif diff -Nru sudo-1.9.5p2/lib/util/timegm.c sudo-1.9.9/lib/util/timegm.c --- sudo-1.9.5p2/lib/util/timegm.c 1970-01-01 00:00:00.000000000 +0000 +++ sudo-1.9.9/lib/util/timegm.c 2022-01-27 21:24:22.000000000 +0000 @@ -0,0 +1,98 @@ +/* + * SPDX-License-Identifier: ISC + * + * Copyright (c) 2017, 2021 Todd C. Miller + * + * Permission to use, copy, modify, and distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR + * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN + * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF + * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + */ + +/* + * This is an open source non-commercial project. Dear PVS-Studio, please check it. + * PVS-Studio Static Code Analyzer for C, C++ and C#: http://www.viva64.com + */ + +#include + +#ifndef HAVE_TIMEGM + +#include +#include + +#include "sudo_compat.h" +#include "sudo_debug.h" + +/* + * Returns the offset from GMT in seconds (algorithm taken from sendmail). + */ +#ifdef HAVE_STRUCT_TM_TM_GMTOFF +static long +get_gmtoff(time_t *when) +{ + struct tm local; + + if (localtime_r(when, &local) == NULL) + return 0; + + /* Adjust for DST. */ + if (local.tm_isdst != 0) + local.tm_gmtoff -= local.tm_isdst * 3600; + + return local.tm_gmtoff; +} +#else +static long +get_gmtoff(time_t *when) +{ + struct tm gmt, local; + long offset; + + if (gmtime_r(when, &gmt) == NULL) + return 0; + if (localtime_r(when, &local) == NULL) + return 0; + + offset = (local.tm_sec - gmt.tm_sec) + + ((local.tm_min - gmt.tm_min) * 60) + + ((local.tm_hour - gmt.tm_hour) * 3600); + + /* Timezone may cause year rollover to happen on a different day. */ + if (local.tm_year < gmt.tm_year) + offset -= 24 * 3600; + else if (local.tm_year > gmt.tm_year) + offset -= 24 * 3600; + else if (local.tm_yday < gmt.tm_yday) + offset -= 24 * 3600; + else if (local.tm_yday > gmt.tm_yday) + offset += 24 * 3600; + + /* Adjust for DST. */ + if (local.tm_isdst != 0) + offset -= local.tm_isdst * 3600; + + return offset; +} +#endif /* HAVE_TM_GMTOFF */ + +time_t +sudo_timegm(struct tm *tm) +{ + time_t result; + + result = mktime(tm); + if (result != -1) + result += get_gmtoff(&result); + + return result; +} + +#endif /* HAVE_TIMEGM */ diff -Nru sudo-1.9.5p2/lib/util/util.exp.in sudo-1.9.9/lib/util/util.exp.in --- sudo-1.9.5p2/lib/util/util.exp.in 2021-01-09 20:12:16.000000000 +0000 +++ sudo-1.9.9/lib/util/util.exp.in 2022-01-27 21:24:06.000000000 +0000 @@ -1,5 +1,6 @@ @COMPAT_EXP@initprogname initprogname2 +sudo_basename_v1 sudo_conf_askpass_path_v1 sudo_conf_clear_paths_v1 sudo_conf_debug_files_v1 @@ -8,6 +9,7 @@ sudo_conf_devsearch_path_v1 sudo_conf_disable_coredump_v1 sudo_conf_group_source_v1 +sudo_conf_intercept_path_v1 sudo_conf_max_groups_v1 sudo_conf_noexec_path_v1 sudo_conf_plugin_dir_path_v1 @@ -37,6 +39,7 @@ sudo_debug_parse_flags_v1 sudo_debug_printf2_v1 sudo_debug_register_v1 +sudo_debug_register_v2 sudo_debug_set_active_instance_v1 sudo_debug_update_fd_v1 sudo_debug_vprintf2_v1 @@ -112,6 +115,10 @@ sudo_parseln_v1 sudo_parseln_v2 sudo_pow2_roundup_v1 +sudo_rcstr_addref +sudo_rcstr_alloc +sudo_rcstr_delref +sudo_rcstr_dup sudo_secure_dir_v1 sudo_secure_file_v1 sudo_setgroups_v1 diff -Nru sudo-1.9.5p2/lib/util/uuid.c sudo-1.9.9/lib/util/uuid.c --- sudo-1.9.5p2/lib/util/uuid.c 2020-12-17 01:33:43.000000000 +0000 +++ sudo-1.9.9/lib/util/uuid.c 2022-01-27 21:24:22.000000000 +0000 @@ -39,43 +39,31 @@ struct uuid { uint32_t time_low; uint16_t time_mid; - uint16_t time_high_and_version; - uint16_t clock_seq_and_variant; - unsigned char node[6]; + uint16_t time_hi_and_version; + uint8_t clock_seq_hi_and_reserved; + uint8_t clock_seq_low; + uint8_t node[6]; }; /* * Create a type 4 (random), variant 1 universally unique identifier (UUID). + * As per RFC 4122 section 4.4. */ void sudo_uuid_create_v1(unsigned char uuid_out[16]) { - union { - struct uuid id; - unsigned char u8[16]; - } uuid; + struct uuid uuid; arc4random_buf(&uuid, sizeof(uuid)); - /* Convert fields to host by order. */ - uuid.id.time_low = ntohl(uuid.id.time_low); - uuid.id.time_mid = ntohs(uuid.id.time_mid); - uuid.id.time_high_and_version = ntohs(uuid.id.time_high_and_version); - uuid.id.clock_seq_and_variant = ntohs(uuid.id.clock_seq_and_variant); - - /* Set version to 4 (random) in the high nibble. */ - uuid.id.time_high_and_version &= 0x0fff; - uuid.id.time_high_and_version |= 0x4000; - - /* Set variant to 1 (first two bits are 10) */ - uuid.id.clock_seq_and_variant &= 0x3fff; - uuid.id.clock_seq_and_variant |= 0x8000; - - /* Store fields in network byte order (big endian). */ - uuid.id.time_low = htonl(uuid.id.time_low); - uuid.id.time_mid = htons(uuid.id.time_mid); - uuid.id.time_high_and_version = htons(uuid.id.time_high_and_version); - uuid.id.clock_seq_and_variant = htons(uuid.id.clock_seq_and_variant); + /* Set version to 4 (random), 4 most significant bits (12-15) are 0010. */ + uuid.time_hi_and_version &= 0x0fff; + uuid.time_hi_and_version |= 0x4000; + + /* Set variant to 1: two most significant bits (6 and 7) are 01. */ + uuid.clock_seq_hi_and_reserved &= 0x3f; + uuid.clock_seq_hi_and_reserved |= 0x80; + memcpy(uuid_out, &uuid, 16); } diff -Nru sudo-1.9.5p2/lib/util/vsyslog.c sudo-1.9.9/lib/util/vsyslog.c --- sudo-1.9.5p2/lib/util/vsyslog.c 2020-12-17 01:33:43.000000000 +0000 +++ sudo-1.9.9/lib/util/vsyslog.c 1970-01-01 00:00:00.000000000 +0000 @@ -1,79 +0,0 @@ -/* - * SPDX-License-Identifier: ISC - * - * Copyright (c) 2016-2017 Todd C. Miller - * - * Permission to use, copy, modify, and distribute this software for any - * purpose with or without fee is hereby granted, provided that the above - * copyright notice and this permission notice appear in all copies. - * - * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES - * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF - * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR - * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES - * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN - * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF - * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. - */ - -/* - * This is an open source non-commercial project. Dear PVS-Studio, please check it. - * PVS-Studio Static Code Analyzer for C, C++ and C#: http://www.viva64.com - */ - -#include - -#include -#include -#include -#include -#include -#include - -#include "sudo_compat.h" - -#ifndef HAVE_VSYSLOG -void -sudo_vsyslog(int pri, const char *fmt, va_list ap) -{ - int saved_errno = errno; - char *cp, *ep, msgbuf[8192], new_fmt[2048]; - va_list ap2; - size_t len; - - /* Rewrite fmt, replacing %m with an errno string. */ - for (cp = new_fmt, ep = new_fmt + sizeof(new_fmt); *fmt != '\0'; fmt++) { - if (fmt[0] == '%' && fmt[1] == 'm') { - fmt++; - len = strlcpy(cp, strerror(saved_errno), (ep - cp)); - if (len >= (size_t)(ep - cp)) - len = (size_t)(ep - cp) - 1; - cp += len; - } else { - if (fmt[0] == '%' && fmt[1] == '%') { - fmt++; - if (cp < ep - 1) - *cp++ = '%'; - } - if (cp < ep - 1) - *cp++ = *fmt; - } - } - *cp = '\0'; - - /* Format message and log it, using a static buffer if possible. */ - va_copy(ap2, ap); - len = (size_t)vsnprintf(msgbuf, sizeof(msgbuf), new_fmt, ap2); - va_end(ap2); - if (len < sizeof(msgbuf)) { - syslog(pri, "%s", msgbuf); - } else { - /* Too big for static buffer? */ - char *buf; - if (vasprintf(&buf, new_fmt, ap) != -1) { - syslog(pri, "%s", buf); - free(buf); - } - } -} -#endif /* HAVE_VSYSLOG */ diff -Nru sudo-1.9.5p2/lib/zlib/Makefile.in sudo-1.9.9/lib/zlib/Makefile.in --- sudo-1.9.5p2/lib/zlib/Makefile.in 2020-12-17 01:33:43.000000000 +0000 +++ sudo-1.9.9/lib/zlib/Makefile.in 2022-01-27 21:24:06.000000000 +0000 @@ -53,7 +53,7 @@ AWK = @AWK@ # Our install program supports extra flags... -INSTALL = $(SHELL) $(top_srcdir)/install-sh -c +INSTALL = $(SHELL) $(scriptdir)/install-sh -c INSTALL_OWNER = -o $(install_uid) -g $(install_gid) INSTALL_BACKUP = @INSTALL_BACKUP@ @@ -146,6 +146,8 @@ install-plugin: +install-fuzzer: + uninstall: $(LIBTOOL) $(LTFLAGS) --mode=uninstall rm -f $(DESTDIR)$(libexecdir)/sudo/libsudo_z.la -test -z "$(INSTALL_BACKUP)" || \ @@ -159,7 +161,11 @@ pvs-studio: -check: +fuzz: + +check-fuzzer: + +check: check-fuzzer clean: -$(LIBTOOL) $(LTFLAGS) --mode=clean rm -f *.lo *.o *.la @@ -177,6 +183,8 @@ cleandir: realclean +.PHONY: clean mostlyclean distclean cleandir clobber realclean + # Autogenerated dependencies, do not modify adler32.lo: $(srcdir)/adler32.c $(srcdir)/zlib.h $(srcdir)/zutil.h ./zconf.h $(LIBTOOL) $(LTFLAGS) --mode=compile $(CC) -c -o $@ $(CPPFLAGS) $(CFLAGS) $(ASAN_CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(srcdir)/adler32.c diff -Nru sudo-1.9.5p2/logsrvd/Makefile.in sudo-1.9.9/logsrvd/Makefile.in --- sudo-1.9.5p2/logsrvd/Makefile.in 2021-01-09 20:12:16.000000000 +0000 +++ sudo-1.9.9/logsrvd/Makefile.in 2022-01-27 21:24:22.000000000 +0000 @@ -1,7 +1,7 @@ # # SPDX-License-Identifier: ISC # -# Copyright (c) 2019-2020 Todd C. Miller +# Copyright (c) 2019-2021 Todd C. Miller # # Permission to use, copy, modify, and distribute this software for any # purpose with or without fee is hereby granted, provided that the above @@ -35,16 +35,16 @@ # Compiler & tools to use CC = @CC@ LIBTOOL = @LIBTOOL@ +SHA1SUM = @SHA1SUM@ SED = @SED@ # Our install program supports extra flags... -INSTALL = $(SHELL) $(top_srcdir)/install-sh -c +INSTALL = $(SHELL) $(scriptdir)/install-sh -c INSTALL_OWNER = -o $(install_uid) -g $(install_gid) INSTALL_BACKUP = @INSTALL_BACKUP@ # Libraries LT_LIBS = $(top_builddir)/lib/iolog/libsudo_iolog.la \ - $(top_builddir)/lib/eventlog/libsudo_eventlog.la \ $(top_builddir)/lib/logsrv/liblogsrv.la LIBS = $(LT_LIBS) @LIBTLS@ @@ -100,6 +100,16 @@ localedir = @localedir@ localstatedir = @localstatedir@ +# Fuzzers +LIBFUZZSTUB = $(top_builddir)/lib/fuzzstub/libsudo_fuzzstub.la +LIB_FUZZING_ENGINE = @FUZZ_ENGINE@ +FUZZ_PROGS = fuzz_logsrvd_conf +FUZZ_SEED_CORPUS = ${FUZZ_PROGS:=_seed_corpus.zip} +FUZZ_LIBS = $(LIB_FUZZING_ENGINE) $(LIBS) +FUZZ_LDFLAGS = $(LDFLAGS) +FUZZ_MAX_LEN = 4096 +FUZZ_RUNS = 8192 + # User and group IDs the installed files should be "owned" by install_uid = 0 install_gid = 0 @@ -110,9 +120,11 @@ PROGS = sudo_logsrvd sudo_sendlog -LOGSRVD_OBJS = logsrv_util.o iolog_writer.o logsrvd.o logsrvd_conf.o +LOGSRVD_OBJS = logsrv_util.o iolog_writer.o logsrvd.o logsrvd_conf.o \ + logsrvd_journal.o logsrvd_local.o logsrvd_relay.o \ + logsrvd_queue.o tls_client.o tls_init.o -SENDLOG_OBJS = logsrv_util.o sendlog.o +SENDLOG_OBJS = logsrv_util.o sendlog.o tls_client.o tls_init.o IOBJS = $(LOGSRVD_OBJS:.o=.i) $(SENDLOG_OBJS:.o=.i) @@ -122,6 +134,10 @@ VERSION = @PACKAGE_VERSION@ +FUZZ_LOGSRVD_CONF_OBJS = fuzz_logsrvd_conf.o logsrvd_conf.o tls_init.o + +FUZZ_LOGSRVD_CONF_CORPUS = $(srcdir)/regress/corpus/seed/logsrvd_conf/logsrvd.conf.* + all: $(PROGS) depend: @@ -152,6 +168,35 @@ sudo_sendlog: $(SENDLOG_OBJS) $(LT_LIBS) $(LIBTOOL) $(LTFLAGS) --mode=link $(CC) -o $@ $(SENDLOG_OBJS) $(LDFLAGS) $(ASAN_LDFLAGS) $(PIE_LDFLAGS) $(SSP_LDFLAGS) $(LIBS) +fuzz_logsrvd_conf: $(FUZZ_LOGSRVD_CONF_OBJS) $(LIBFUZZSTUB) $(LT_LIBS) + $(LIBTOOL) $(LTFLAGS) --mode=link $(CC) -o $@ $(FUZZ_LOGSRVD_CONF_OBJS) $(ASAN_LDFLAGS) $(PIE_LDFLAGS) $(SSP_LDFLAGS) $(FUZZ_LDFLAGS) $(FUZZ_LIBS) + +fuzz_logsrvd_conf_seed_corpus.zip: + tdir=fuzz_logsrvd_conf.$$$$; \ + mkdir $$tdir; \ + for f in $(FUZZ_LOGSRVD_CONF_CORPUS); do \ + cp $$f $$tdir/`$(SHA1SUM) $$f | $(SED) -e 's/^.*= *//' -e 's/ .*//'`; \ + done; \ + zip -j $@ $$tdir/*; \ + rm -rf $$tdir + +run-fuzz_logsrvd_conf: fuzz_logsrvd_conf + if locale -a 2>&1 | grep '^C.UTF-8$$' >/dev/null 2>&1; then \ + LC_ALL=C.UTF-8; export LC_ALL; \ + else \ + LC_ALL=C; export LC_ALL; \ + fi; \ + unset LANG || LANG=; \ + MALLOC_OPTIONS=S; export MALLOC_OPTIONS; \ + MALLOC_CONF="abort:true,junk:true"; export MALLOC_CONF; \ + umask 022; \ + corpus=regress/corpus/logsrvd_conf; \ + mkdir -p $$corpus; \ + for f in $(FUZZ_LOGSRVD_CONF_CORPUS); do \ + cp $$f $$corpus; \ + done; \ + ./fuzz_logsrvd_conf -dict=$(srcdir)/regress/fuzz/fuzz_logsrvd_conf.dict -max_len=$(FUZZ_MAX_LEN) -runs=$(FUZZ_RUNS) $$corpus + pre-install: install: install-binaries @@ -169,6 +214,13 @@ install-plugin: +install-fuzzer: $(FUZZ_PROGS) $(FUZZ_SEED_CORPUS) + @if test X"$(FUZZ_DESTDIR)" = X""; then \ + echo "must set FUZZ_DESTDIR for install-fuzzer target"; \ + else \ + cp $(FUZZ_PROGS) $(FUZZ_SEED_CORPUS) $(FUZZ_DESTDIR); \ + fi + uninstall: -rm -f $(DESTDIR)$(sbindir)/sudo_logsrvd \ $(DESTDIR)$(sbindir)/sudo_sendlog @@ -187,11 +239,29 @@ pvs-studio: $(POBJS) plog-converter $(PVS_LOG_OPTS) $(POBJS) -check: +fuzz: run-fuzz_logsrvd_conf + +check-fuzzer: $(FUZZ_PROGS) + @if test X"$(cross_compiling)" != X"yes"; then \ + if locale -a 2>&1 | grep '^C.UTF-8$$' >/dev/null 2>&1; then \ + LC_ALL=C.UTF-8; export LC_ALL; \ + else \ + LC_ALL=C; export LC_ALL; \ + fi; \ + unset LANG || LANG=; \ + MALLOC_OPTIONS=S; export MALLOC_OPTIONS; \ + MALLOC_CONF="abort:true,junk:true"; export MALLOC_CONF; \ + echo "fuzz_logsrvd_conf: verifying corpus (expect 3 errors)"; \ + ./fuzz_logsrvd_conf $(FUZZ_LOGSRVD_CONF_CORPUS); \ + fi + +check: check-fuzzer clean: - -$(LIBTOOL) $(LTFLAGS) --mode=clean rm -f $(PROGS) *.lo *.o *.la + -$(LIBTOOL) $(LTFLAGS) --mode=clean rm -f $(PROGS) $(FUZZ_PROGS) \ + *.lo *.o *.la -rm -f *.i *.plog stamp-* core *.core core.* + -rm -rf regress/corpus/logsrvd_conf mostlyclean: clean @@ -205,22 +275,51 @@ cleandir: realclean +.PHONY: clean mostlyclean distclean cleandir clobber realclean \ + $(FUZZ_SEED_CORPUS) run-fuzz_logsrvd_conf + # Autogenerated dependencies, do not modify +fuzz_logsrvd_conf.o: $(srcdir)/regress/fuzz/fuzz_logsrvd_conf.c \ + $(incdir)/compat/stdbool.h $(incdir)/log_server.pb-c.h \ + $(incdir)/protobuf-c/protobuf-c.h $(incdir)/sudo_compat.h \ + $(incdir)/sudo_conf.h $(incdir)/sudo_debug.h \ + $(incdir)/sudo_eventlog.h $(incdir)/sudo_fatal.h \ + $(incdir)/sudo_iolog.h $(incdir)/sudo_plugin.h \ + $(incdir)/sudo_queue.h $(incdir)/sudo_util.h \ + $(srcdir)/logsrv_util.h $(srcdir)/logsrvd.h \ + $(srcdir)/tls_common.h $(top_builddir)/config.h + $(CC) -c $(CPPFLAGS) $(CFLAGS) $(ASAN_CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(srcdir)/regress/fuzz/fuzz_logsrvd_conf.c +fuzz_logsrvd_conf.i: $(srcdir)/regress/fuzz/fuzz_logsrvd_conf.c \ + $(incdir)/compat/stdbool.h $(incdir)/log_server.pb-c.h \ + $(incdir)/protobuf-c/protobuf-c.h $(incdir)/sudo_compat.h \ + $(incdir)/sudo_conf.h $(incdir)/sudo_debug.h \ + $(incdir)/sudo_eventlog.h $(incdir)/sudo_fatal.h \ + $(incdir)/sudo_iolog.h $(incdir)/sudo_plugin.h \ + $(incdir)/sudo_queue.h $(incdir)/sudo_util.h \ + $(srcdir)/logsrv_util.h $(srcdir)/logsrvd.h \ + $(srcdir)/tls_common.h $(top_builddir)/config.h + $(CC) -E -o $@ $(CPPFLAGS) $< +fuzz_logsrvd_conf.plog: fuzz_logsrvd_conf.i + rm -f $@; pvs-studio --cfg $(PVS_CFG) --sourcetree-root $(top_srcdir) --skip-cl-exe yes --source-file $(srcdir)/regress/fuzz/fuzz_logsrvd_conf.c --i-file $< --output-file $@ iolog_writer.o: $(srcdir)/iolog_writer.c $(incdir)/compat/stdbool.h \ $(incdir)/log_server.pb-c.h $(incdir)/protobuf-c/protobuf-c.h \ $(incdir)/sudo_compat.h $(incdir)/sudo_debug.h \ - $(incdir)/sudo_eventlog.h $(incdir)/sudo_gettext.h \ - $(incdir)/sudo_iolog.h $(incdir)/sudo_queue.h \ + $(incdir)/sudo_eventlog.h $(incdir)/sudo_fatal.h \ + $(incdir)/sudo_gettext.h $(incdir)/sudo_iolog.h \ + $(incdir)/sudo_plugin.h $(incdir)/sudo_queue.h \ $(incdir)/sudo_util.h $(srcdir)/logsrv_util.h \ - $(srcdir)/logsrvd.h $(top_builddir)/config.h + $(srcdir)/logsrvd.h $(srcdir)/tls_common.h \ + $(top_builddir)/config.h $(CC) -c $(CPPFLAGS) $(CFLAGS) $(ASAN_CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(srcdir)/iolog_writer.c iolog_writer.i: $(srcdir)/iolog_writer.c $(incdir)/compat/stdbool.h \ $(incdir)/log_server.pb-c.h $(incdir)/protobuf-c/protobuf-c.h \ $(incdir)/sudo_compat.h $(incdir)/sudo_debug.h \ - $(incdir)/sudo_eventlog.h $(incdir)/sudo_gettext.h \ - $(incdir)/sudo_iolog.h $(incdir)/sudo_queue.h \ + $(incdir)/sudo_eventlog.h $(incdir)/sudo_fatal.h \ + $(incdir)/sudo_gettext.h $(incdir)/sudo_iolog.h \ + $(incdir)/sudo_plugin.h $(incdir)/sudo_queue.h \ $(incdir)/sudo_util.h $(srcdir)/logsrv_util.h \ - $(srcdir)/logsrvd.h $(top_builddir)/config.h + $(srcdir)/logsrvd.h $(srcdir)/tls_common.h \ + $(top_builddir)/config.h $(CC) -E -o $@ $(CPPFLAGS) $< iolog_writer.plog: iolog_writer.i rm -f $@; pvs-studio --cfg $(PVS_CFG) --sourcetree-root $(top_srcdir) --skip-cl-exe yes --source-file $(srcdir)/iolog_writer.c --i-file $< --output-file $@ @@ -249,7 +348,7 @@ $(incdir)/sudo_gettext.h $(incdir)/sudo_iolog.h \ $(incdir)/sudo_json.h $(incdir)/sudo_plugin.h \ $(incdir)/sudo_queue.h $(incdir)/sudo_rand.h $(incdir)/sudo_util.h \ - $(srcdir)/logsrv_util.h $(srcdir)/logsrvd.h \ + $(srcdir)/logsrv_util.h $(srcdir)/logsrvd.h $(srcdir)/tls_common.h \ $(top_builddir)/config.h $(top_builddir)/pathnames.h $(CC) -c $(CPPFLAGS) $(CFLAGS) $(ASAN_CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(srcdir)/logsrvd.c logsrvd.i: $(srcdir)/logsrvd.c $(incdir)/compat/getopt.h \ @@ -261,7 +360,7 @@ $(incdir)/sudo_gettext.h $(incdir)/sudo_iolog.h \ $(incdir)/sudo_json.h $(incdir)/sudo_plugin.h \ $(incdir)/sudo_queue.h $(incdir)/sudo_rand.h $(incdir)/sudo_util.h \ - $(srcdir)/logsrv_util.h $(srcdir)/logsrvd.h \ + $(srcdir)/logsrv_util.h $(srcdir)/logsrvd.h $(srcdir)/tls_common.h \ $(top_builddir)/config.h $(top_builddir)/pathnames.h $(CC) -E -o $@ $(CPPFLAGS) $< logsrvd.plog: logsrvd.i @@ -274,7 +373,8 @@ $(incdir)/sudo_iolog.h $(incdir)/sudo_plugin.h \ $(incdir)/sudo_queue.h $(incdir)/sudo_util.h \ $(srcdir)/logsrv_util.h $(srcdir)/logsrvd.h \ - $(top_builddir)/config.h $(top_builddir)/pathnames.h + $(srcdir)/tls_common.h $(top_builddir)/config.h \ + $(top_builddir)/pathnames.h $(CC) -c $(CPPFLAGS) $(CFLAGS) $(ASAN_CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(srcdir)/logsrvd_conf.c logsrvd_conf.i: $(srcdir)/logsrvd_conf.c $(incdir)/compat/getaddrinfo.h \ $(incdir)/compat/stdbool.h $(incdir)/log_server.pb-c.h \ @@ -284,10 +384,107 @@ $(incdir)/sudo_iolog.h $(incdir)/sudo_plugin.h \ $(incdir)/sudo_queue.h $(incdir)/sudo_util.h \ $(srcdir)/logsrv_util.h $(srcdir)/logsrvd.h \ - $(top_builddir)/config.h $(top_builddir)/pathnames.h + $(srcdir)/tls_common.h $(top_builddir)/config.h \ + $(top_builddir)/pathnames.h $(CC) -E -o $@ $(CPPFLAGS) $< logsrvd_conf.plog: logsrvd_conf.i rm -f $@; pvs-studio --cfg $(PVS_CFG) --sourcetree-root $(top_srcdir) --skip-cl-exe yes --source-file $(srcdir)/logsrvd_conf.c --i-file $< --output-file $@ +logsrvd_journal.o: $(srcdir)/logsrvd_journal.c $(incdir)/compat/stdbool.h \ + $(incdir)/log_server.pb-c.h \ + $(incdir)/protobuf-c/protobuf-c.h $(incdir)/sudo_compat.h \ + $(incdir)/sudo_conf.h $(incdir)/sudo_debug.h \ + $(incdir)/sudo_event.h $(incdir)/sudo_eventlog.h \ + $(incdir)/sudo_fatal.h $(incdir)/sudo_gettext.h \ + $(incdir)/sudo_iolog.h $(incdir)/sudo_plugin.h \ + $(incdir)/sudo_queue.h $(incdir)/sudo_util.h \ + $(srcdir)/logsrv_util.h $(srcdir)/logsrvd.h \ + $(srcdir)/tls_common.h $(top_builddir)/config.h + $(CC) -c $(CPPFLAGS) $(CFLAGS) $(ASAN_CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(srcdir)/logsrvd_journal.c +logsrvd_journal.i: $(srcdir)/logsrvd_journal.c $(incdir)/compat/stdbool.h \ + $(incdir)/log_server.pb-c.h \ + $(incdir)/protobuf-c/protobuf-c.h $(incdir)/sudo_compat.h \ + $(incdir)/sudo_conf.h $(incdir)/sudo_debug.h \ + $(incdir)/sudo_event.h $(incdir)/sudo_eventlog.h \ + $(incdir)/sudo_fatal.h $(incdir)/sudo_gettext.h \ + $(incdir)/sudo_iolog.h $(incdir)/sudo_plugin.h \ + $(incdir)/sudo_queue.h $(incdir)/sudo_util.h \ + $(srcdir)/logsrv_util.h $(srcdir)/logsrvd.h \ + $(srcdir)/tls_common.h $(top_builddir)/config.h + $(CC) -E -o $@ $(CPPFLAGS) $< +logsrvd_journal.plog: logsrvd_journal.i + rm -f $@; pvs-studio --cfg $(PVS_CFG) --sourcetree-root $(top_srcdir) --skip-cl-exe yes --source-file $(srcdir)/logsrvd_journal.c --i-file $< --output-file $@ +logsrvd_local.o: $(srcdir)/logsrvd_local.c $(incdir)/compat/stdbool.h \ + $(incdir)/log_server.pb-c.h $(incdir)/protobuf-c/protobuf-c.h \ + $(incdir)/sudo_compat.h $(incdir)/sudo_conf.h \ + $(incdir)/sudo_debug.h $(incdir)/sudo_event.h \ + $(incdir)/sudo_eventlog.h $(incdir)/sudo_fatal.h \ + $(incdir)/sudo_gettext.h $(incdir)/sudo_iolog.h \ + $(incdir)/sudo_json.h $(incdir)/sudo_plugin.h \ + $(incdir)/sudo_queue.h $(incdir)/sudo_rand.h \ + $(incdir)/sudo_util.h $(srcdir)/logsrv_util.h \ + $(srcdir)/logsrvd.h $(srcdir)/tls_common.h \ + $(top_builddir)/config.h + $(CC) -c $(CPPFLAGS) $(CFLAGS) $(ASAN_CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(srcdir)/logsrvd_local.c +logsrvd_local.i: $(srcdir)/logsrvd_local.c $(incdir)/compat/stdbool.h \ + $(incdir)/log_server.pb-c.h $(incdir)/protobuf-c/protobuf-c.h \ + $(incdir)/sudo_compat.h $(incdir)/sudo_conf.h \ + $(incdir)/sudo_debug.h $(incdir)/sudo_event.h \ + $(incdir)/sudo_eventlog.h $(incdir)/sudo_fatal.h \ + $(incdir)/sudo_gettext.h $(incdir)/sudo_iolog.h \ + $(incdir)/sudo_json.h $(incdir)/sudo_plugin.h \ + $(incdir)/sudo_queue.h $(incdir)/sudo_rand.h \ + $(incdir)/sudo_util.h $(srcdir)/logsrv_util.h \ + $(srcdir)/logsrvd.h $(srcdir)/tls_common.h \ + $(top_builddir)/config.h + $(CC) -E -o $@ $(CPPFLAGS) $< +logsrvd_local.plog: logsrvd_local.i + rm -f $@; pvs-studio --cfg $(PVS_CFG) --sourcetree-root $(top_srcdir) --skip-cl-exe yes --source-file $(srcdir)/logsrvd_local.c --i-file $< --output-file $@ +logsrvd_queue.o: $(srcdir)/logsrvd_queue.c $(incdir)/compat/stdbool.h \ + $(incdir)/log_server.pb-c.h $(incdir)/protobuf-c/protobuf-c.h \ + $(incdir)/sudo_compat.h $(incdir)/sudo_conf.h \ + $(incdir)/sudo_debug.h $(incdir)/sudo_event.h \ + $(incdir)/sudo_eventlog.h $(incdir)/sudo_fatal.h \ + $(incdir)/sudo_gettext.h $(incdir)/sudo_iolog.h \ + $(incdir)/sudo_plugin.h $(incdir)/sudo_queue.h \ + $(incdir)/sudo_util.h $(srcdir)/logsrv_util.h \ + $(srcdir)/logsrvd.h $(srcdir)/tls_common.h \ + $(top_builddir)/config.h + $(CC) -c $(CPPFLAGS) $(CFLAGS) $(ASAN_CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(srcdir)/logsrvd_queue.c +logsrvd_queue.i: $(srcdir)/logsrvd_queue.c $(incdir)/compat/stdbool.h \ + $(incdir)/log_server.pb-c.h $(incdir)/protobuf-c/protobuf-c.h \ + $(incdir)/sudo_compat.h $(incdir)/sudo_conf.h \ + $(incdir)/sudo_debug.h $(incdir)/sudo_event.h \ + $(incdir)/sudo_eventlog.h $(incdir)/sudo_fatal.h \ + $(incdir)/sudo_gettext.h $(incdir)/sudo_iolog.h \ + $(incdir)/sudo_plugin.h $(incdir)/sudo_queue.h \ + $(incdir)/sudo_util.h $(srcdir)/logsrv_util.h \ + $(srcdir)/logsrvd.h $(srcdir)/tls_common.h \ + $(top_builddir)/config.h + $(CC) -E -o $@ $(CPPFLAGS) $< +logsrvd_queue.plog: logsrvd_queue.i + rm -f $@; pvs-studio --cfg $(PVS_CFG) --sourcetree-root $(top_srcdir) --skip-cl-exe yes --source-file $(srcdir)/logsrvd_queue.c --i-file $< --output-file $@ +logsrvd_relay.o: $(srcdir)/logsrvd_relay.c $(incdir)/compat/stdbool.h \ + $(incdir)/log_server.pb-c.h $(incdir)/protobuf-c/protobuf-c.h \ + $(incdir)/sudo_compat.h $(incdir)/sudo_debug.h \ + $(incdir)/sudo_event.h $(incdir)/sudo_eventlog.h \ + $(incdir)/sudo_fatal.h $(incdir)/sudo_gettext.h \ + $(incdir)/sudo_iolog.h $(incdir)/sudo_plugin.h \ + $(incdir)/sudo_queue.h $(incdir)/sudo_util.h \ + $(srcdir)/logsrv_util.h $(srcdir)/logsrvd.h \ + $(srcdir)/tls_common.h $(top_builddir)/config.h + $(CC) -c $(CPPFLAGS) $(CFLAGS) $(ASAN_CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(srcdir)/logsrvd_relay.c +logsrvd_relay.i: $(srcdir)/logsrvd_relay.c $(incdir)/compat/stdbool.h \ + $(incdir)/log_server.pb-c.h $(incdir)/protobuf-c/protobuf-c.h \ + $(incdir)/sudo_compat.h $(incdir)/sudo_debug.h \ + $(incdir)/sudo_event.h $(incdir)/sudo_eventlog.h \ + $(incdir)/sudo_fatal.h $(incdir)/sudo_gettext.h \ + $(incdir)/sudo_iolog.h $(incdir)/sudo_plugin.h \ + $(incdir)/sudo_queue.h $(incdir)/sudo_util.h \ + $(srcdir)/logsrv_util.h $(srcdir)/logsrvd.h \ + $(srcdir)/tls_common.h $(top_builddir)/config.h + $(CC) -E -o $@ $(CPPFLAGS) $< +logsrvd_relay.plog: logsrvd_relay.i + rm -f $@; pvs-studio --cfg $(PVS_CFG) --sourcetree-root $(top_srcdir) --skip-cl-exe yes --source-file $(srcdir)/logsrvd_relay.c --i-file $< --output-file $@ sendlog.o: $(srcdir)/sendlog.c $(incdir)/compat/getaddrinfo.h \ $(incdir)/compat/getopt.h $(incdir)/compat/stdbool.h \ $(incdir)/hostcheck.h $(incdir)/log_server.pb-c.h \ @@ -297,7 +494,7 @@ $(incdir)/sudo_gettext.h $(incdir)/sudo_iolog.h \ $(incdir)/sudo_plugin.h $(incdir)/sudo_queue.h \ $(incdir)/sudo_util.h $(srcdir)/logsrv_util.h $(srcdir)/sendlog.h \ - $(top_builddir)/config.h + $(srcdir)/tls_common.h $(top_builddir)/config.h $(CC) -c $(CPPFLAGS) $(CFLAGS) $(ASAN_CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(srcdir)/sendlog.c sendlog.i: $(srcdir)/sendlog.c $(incdir)/compat/getaddrinfo.h \ $(incdir)/compat/getopt.h $(incdir)/compat/stdbool.h \ @@ -308,7 +505,41 @@ $(incdir)/sudo_gettext.h $(incdir)/sudo_iolog.h \ $(incdir)/sudo_plugin.h $(incdir)/sudo_queue.h \ $(incdir)/sudo_util.h $(srcdir)/logsrv_util.h $(srcdir)/sendlog.h \ - $(top_builddir)/config.h + $(srcdir)/tls_common.h $(top_builddir)/config.h $(CC) -E -o $@ $(CPPFLAGS) $< sendlog.plog: sendlog.i rm -f $@; pvs-studio --cfg $(PVS_CFG) --sourcetree-root $(top_srcdir) --skip-cl-exe yes --source-file $(srcdir)/sendlog.c --i-file $< --output-file $@ +tls_client.o: $(srcdir)/tls_client.c $(incdir)/compat/stdbool.h \ + $(incdir)/hostcheck.h $(incdir)/sudo_compat.h \ + $(incdir)/sudo_debug.h $(incdir)/sudo_event.h \ + $(incdir)/sudo_fatal.h $(incdir)/sudo_gettext.h \ + $(incdir)/sudo_plugin.h $(incdir)/sudo_queue.h \ + $(incdir)/sudo_util.h $(srcdir)/logsrv_util.h \ + $(srcdir)/tls_common.h $(top_builddir)/config.h + $(CC) -c $(CPPFLAGS) $(CFLAGS) $(ASAN_CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(srcdir)/tls_client.c +tls_client.i: $(srcdir)/tls_client.c $(incdir)/compat/stdbool.h \ + $(incdir)/hostcheck.h $(incdir)/sudo_compat.h \ + $(incdir)/sudo_debug.h $(incdir)/sudo_event.h \ + $(incdir)/sudo_fatal.h $(incdir)/sudo_gettext.h \ + $(incdir)/sudo_plugin.h $(incdir)/sudo_queue.h \ + $(incdir)/sudo_util.h $(srcdir)/logsrv_util.h \ + $(srcdir)/tls_common.h $(top_builddir)/config.h + $(CC) -E -o $@ $(CPPFLAGS) $< +tls_client.plog: tls_client.i + rm -f $@; pvs-studio --cfg $(PVS_CFG) --sourcetree-root $(top_srcdir) --skip-cl-exe yes --source-file $(srcdir)/tls_client.c --i-file $< --output-file $@ +tls_init.o: $(srcdir)/tls_init.c $(incdir)/compat/stdbool.h \ + $(incdir)/hostcheck.h $(incdir)/sudo_compat.h \ + $(incdir)/sudo_debug.h $(incdir)/sudo_event.h \ + $(incdir)/sudo_fatal.h $(incdir)/sudo_gettext.h \ + $(incdir)/sudo_plugin.h $(incdir)/sudo_queue.h \ + $(srcdir)/tls_common.h $(top_builddir)/config.h + $(CC) -c $(CPPFLAGS) $(CFLAGS) $(ASAN_CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(srcdir)/tls_init.c +tls_init.i: $(srcdir)/tls_init.c $(incdir)/compat/stdbool.h \ + $(incdir)/hostcheck.h $(incdir)/sudo_compat.h \ + $(incdir)/sudo_debug.h $(incdir)/sudo_event.h \ + $(incdir)/sudo_fatal.h $(incdir)/sudo_gettext.h \ + $(incdir)/sudo_plugin.h $(incdir)/sudo_queue.h \ + $(srcdir)/tls_common.h $(top_builddir)/config.h + $(CC) -E -o $@ $(CPPFLAGS) $< +tls_init.plog: tls_init.i + rm -f $@; pvs-studio --cfg $(PVS_CFG) --sourcetree-root $(top_srcdir) --skip-cl-exe yes --source-file $(srcdir)/tls_init.c --i-file $< --output-file $@ diff -Nru sudo-1.9.5p2/logsrvd/iolog_writer.c sudo-1.9.9/logsrvd/iolog_writer.c --- sudo-1.9.5p2/logsrvd/iolog_writer.c 2020-12-17 01:33:43.000000000 +0000 +++ sudo-1.9.9/logsrvd/iolog_writer.c 2022-01-27 21:24:22.000000000 +0000 @@ -1,7 +1,7 @@ /* * SPDX-License-Identifier: ISC * - * Copyright (c) 2019-2020 Todd C. Miller + * Copyright (c) 2019-2021 Todd C. Miller * * Permission to use, copy, modify, and distribute this software for any * purpose with or without fee is hereby granted, provided that the above @@ -43,10 +43,10 @@ #include "sudo_eventlog.h" #include "sudo_gettext.h" #include "sudo_iolog.h" +#include "sudo_fatal.h" #include "sudo_queue.h" #include "sudo_util.h" -#include "log_server.pb-c.h" #include "logsrvd.h" static inline bool @@ -81,14 +81,12 @@ dst = reallocarray(NULL, len + 1, sizeof(char *)); if (dst == NULL) { - sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO|SUDO_DEBUG_ERRNO, - "reallocarray(NULL, %zu, %zu)", len + 1, sizeof(char *)); + sudo_warnx(U_("%s: %s"), __func__, U_("unable to allocate memory")); goto bad; } for (i = 0; i < len; i++) { if ((dst[i] = strdup(src[i])) == NULL) { - sudo_debug_printf( - SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO|SUDO_DEBUG_ERRNO, "strdup"); + sudo_warnx(U_("%s: %s"), __func__, U_("unable to allocate memory")); goto bad; } } @@ -110,19 +108,31 @@ * Returns true on success and false on failure. */ struct eventlog * -evlog_new(TimeSpec *submit_time, InfoMessage **info_msgs, size_t infolen) +evlog_new(TimeSpec *submit_time, InfoMessage **info_msgs, size_t infolen, + struct connection_closure *closure) { + const char *source = closure->journal_path ? closure->journal_path : + closure->ipaddr; struct eventlog *evlog; + unsigned char uuid[16]; size_t idx; debug_decl(evlog_new, SUDO_DEBUG_UTIL); evlog = calloc(1, sizeof(*evlog)); if (evlog == NULL) { - sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO|SUDO_DEBUG_ERRNO, - "calloc(1, %zu)", sizeof(*evlog)); + sudo_warnx(U_("%s: %s"), __func__, U_("unable to allocate memory")); goto bad; } - memset(evlog, 0, sizeof(*evlog)); + + /* Create a UUID to store in the event log. */ + sudo_uuid_create(uuid); + if (sudo_uuid_to_string(uuid, evlog->uuid_str, sizeof(evlog->uuid_str)) == NULL) { + sudo_warnx("%s", U_("unable to generate UUID")); + goto bad; + } + + /* Client/peer IP address. */ + evlog->peeraddr = closure->ipaddr; /* Submit time. */ if (submit_time != NULL) { @@ -135,6 +145,7 @@ evlog->columns = 80; evlog->runuid = (uid_t)-1; evlog->rungid = (gid_t)-1; + evlog->exit_value = -1; /* Pull out values by key from info array. */ for (idx = 0; idx < infolen; idx++) { @@ -144,11 +155,11 @@ case 'c': if (strcmp(key, "columns") == 0) { if (!has_numval(info)) { - sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO, - "columns specified but not a number"); + sudo_warnx(U_("%s: protocol error: wrong type for %s"), + source, "columns"); } else if (info->u.numval <= 0 || info->u.numval > INT_MAX) { - sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO, - "columns (%" PRId64 ") out of range", info->u.numval); + errno = ERANGE; + sudo_warn(U_("%s: %s"), source, "columns"); } else { evlog->columns = info->u.numval; } @@ -157,14 +168,13 @@ if (strcmp(key, "command") == 0) { if (has_strval(info)) { if ((evlog->command = strdup(info->u.strval)) == NULL) { - sudo_debug_printf( - SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO|SUDO_DEBUG_ERRNO, - "strdup"); + sudo_warnx(U_("%s: %s"), __func__, + U_("unable to allocate memory")); goto bad; } } else { - sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO, - "command specified but not a string"); + sudo_warnx(U_("%s: protocol error: wrong type for %s"), + source, "command"); } continue; } @@ -172,11 +182,11 @@ case 'l': if (strcmp(key, "lines") == 0) { if (!has_numval(info)) { - sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO, - "lines specified but not a number"); + sudo_warnx(U_("%s: protocol error: wrong type for %s"), + source, "lines"); } else if (info->u.numval <= 0 || info->u.numval > INT_MAX) { - sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO, - "lines (%" PRId64 ") out of range", info->u.numval); + errno = ERANGE; + sudo_warn(U_("%s: %s"), source, "lines"); } else { evlog->lines = info->u.numval; } @@ -190,36 +200,34 @@ if (evlog->argv == NULL) goto bad; } else { - sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO, - "runargv specified but not a string list"); + sudo_warnx(U_("%s: protocol error: wrong type for %s"), + source, "runargv"); } continue; } if (strcmp(key, "runchroot") == 0) { if (has_strval(info)) { if ((evlog->runchroot = strdup(info->u.strval)) == NULL) { - sudo_debug_printf( - SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO|SUDO_DEBUG_ERRNO, - "strdup"); + sudo_warnx(U_("%s: %s"), __func__, + U_("unable to allocate memory")); goto bad; } } else { - sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO, - "runchroot specified but not a string"); + sudo_warnx(U_("%s: protocol error: wrong type for %s"), + source, "runchroot"); } continue; } if (strcmp(key, "runcwd") == 0) { if (has_strval(info)) { if ((evlog->runcwd = strdup(info->u.strval)) == NULL) { - sudo_debug_printf( - SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO|SUDO_DEBUG_ERRNO, - "strdup"); + sudo_warnx(U_("%s: %s"), __func__, + U_("unable to allocate memory")); goto bad; } } else { - sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO, - "runcwd specified but not a string"); + sudo_warnx(U_("%s: protocol error: wrong type for %s"), + source, "runcwd"); } continue; } @@ -229,18 +237,18 @@ if (evlog->envp == NULL) goto bad; } else { - sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO, - "runenv specified but not a string list"); + sudo_warnx(U_("%s: protocol error: wrong type for %s"), + source, "runenv"); } continue; } if (strcmp(key, "rungid") == 0) { if (!has_numval(info)) { - sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO, - "rungid specified but not a number"); + sudo_warnx(U_("%s: protocol error: wrong type for %s"), + source, "rungid"); } else if (info->u.numval < 0 || info->u.numval > INT_MAX) { - sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO, - "rungid (%" PRId64 ") out of range", info->u.numval); + errno = ERANGE; + sudo_warn(U_("%s: %s"), source, "rungid"); } else { evlog->rungid = info->u.numval; } @@ -249,24 +257,23 @@ if (strcmp(key, "rungroup") == 0) { if (has_strval(info)) { if ((evlog->rungroup = strdup(info->u.strval)) == NULL) { - sudo_debug_printf( - SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO|SUDO_DEBUG_ERRNO, - "strdup"); + sudo_warnx(U_("%s: %s"), __func__, + U_("unable to allocate memory")); goto bad; } } else { - sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO, - "rungroup specified but not a string"); + sudo_warnx(U_("%s: protocol error: wrong type for %s"), + source, "rungroup"); } continue; } if (strcmp(key, "runuid") == 0) { if (!has_numval(info)) { - sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO, - "runuid specified but not a number"); + sudo_warnx(U_("%s: protocol error: wrong type for %s"), + source, "runuid"); } else if (info->u.numval < 0 || info->u.numval > INT_MAX) { - sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO, - "runuid (%" PRId64 ") out of range", info->u.numval); + errno = ERANGE; + sudo_warn(U_("%s: %s"), source, "runuid"); } else { evlog->runuid = info->u.numval; } @@ -275,14 +282,13 @@ if (strcmp(key, "runuser") == 0) { if (has_strval(info)) { if ((evlog->runuser = strdup(info->u.strval)) == NULL) { - sudo_debug_printf( - SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO|SUDO_DEBUG_ERRNO, - "strdup"); + sudo_warnx(U_("%s: %s"), __func__, + U_("unable to allocate memory")); goto bad; } } else { - sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO, - "runuser specified but not a string"); + sudo_warnx(U_("%s: protocol error: wrong type for %s"), + source, "runuser"); } continue; } @@ -291,56 +297,52 @@ if (strcmp(key, "submitcwd") == 0) { if (has_strval(info)) { if ((evlog->cwd = strdup(info->u.strval)) == NULL) { - sudo_debug_printf( - SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO|SUDO_DEBUG_ERRNO, - "strdup"); + sudo_warnx(U_("%s: %s"), __func__, + U_("unable to allocate memory")); goto bad; } } else { - sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO, - "submitcwd specified but not a string"); + sudo_warnx(U_("%s: protocol error: wrong type for %s"), + source, "submitcwd"); } continue; } if (strcmp(key, "submitgroup") == 0) { if (has_strval(info)) { if ((evlog->submitgroup = strdup(info->u.strval)) == NULL) { - sudo_debug_printf( - SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO|SUDO_DEBUG_ERRNO, - "strdup"); + sudo_warnx(U_("%s: %s"), __func__, + U_("unable to allocate memory")); goto bad; } } else { - sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO, - "submitgroup specified but not a string"); + sudo_warnx(U_("%s: protocol error: wrong type for %s"), + source, "submitgroup"); } continue; } if (strcmp(key, "submithost") == 0) { if (has_strval(info)) { if ((evlog->submithost = strdup(info->u.strval)) == NULL) { - sudo_debug_printf( - SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO|SUDO_DEBUG_ERRNO, - "strdup"); + sudo_warnx(U_("%s: %s"), __func__, + U_("unable to allocate memory")); goto bad; } } else { - sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO, - "submithost specified but not a string"); + sudo_warnx(U_("%s: protocol error: wrong type for %s"), + source, "submithost"); } continue; } if (strcmp(key, "submituser") == 0) { if (has_strval(info)) { if ((evlog->submituser = strdup(info->u.strval)) == NULL) { - sudo_debug_printf( - SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO|SUDO_DEBUG_ERRNO, - "strdup"); + sudo_warnx(U_("%s: %s"), __func__, + U_("unable to allocate memory")); goto bad; } } else { - sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO, - "submituser specified but not a string"); + sudo_warnx(U_("%s: protocol error: wrong type for %s"), + source, "submituser"); } continue; } @@ -349,14 +351,13 @@ if (strcmp(key, "ttyname") == 0) { if (has_strval(info)) { if ((evlog->ttyname = strdup(info->u.strval)) == NULL) { - sudo_debug_printf( - SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO|SUDO_DEBUG_ERRNO, - "strdup"); + sudo_warnx(U_("%s: %s"), __func__, + U_("unable to allocate memory")); goto bad; } } else { - sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO, - "ttyname specified but not a string"); + sudo_warnx(U_("%s: protocol error: wrong type for %s"), + source, "ttyname"); } continue; } @@ -366,57 +367,49 @@ /* Check for required settings */ if (evlog->submituser == NULL) { - sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO, - "missing submituser in AcceptMessage"); + sudo_warnx(U_("%s: protocol error: %s missing from AcceptMessage"), + source, "submituser"); goto bad; } if (evlog->submithost == NULL) { - sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO, - "missing submithost in AcceptMessage"); + sudo_warnx(U_("%s: protocol error: %s missing from AcceptMessage"), + source, "submithost"); goto bad; } if (evlog->runuser == NULL) { - sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO, - "missing runuser in AcceptMessage"); + sudo_warnx(U_("%s: protocol error: %s missing from AcceptMessage"), + source, "runuser"); goto bad; } if (evlog->command == NULL) { - sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO, - "missing command in AcceptMessage"); + sudo_warnx(U_("%s: protocol error: %s missing from AcceptMessage"), + source, "command"); goto bad; } /* Other settings that must exist for event logging. */ if (evlog->cwd == NULL) { if ((evlog->cwd = strdup("unknown")) == NULL) { - sudo_debug_printf( - SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO|SUDO_DEBUG_ERRNO, - "strdup"); + sudo_warnx(U_("%s: %s"), __func__, U_("unable to allocate memory")); goto bad; } } if (evlog->runcwd == NULL) { if ((evlog->runcwd = strdup(evlog->cwd)) == NULL) { - sudo_debug_printf( - SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO|SUDO_DEBUG_ERRNO, - "strdup"); + sudo_warnx(U_("%s: %s"), __func__, U_("unable to allocate memory")); goto bad; } } if (evlog->submitgroup == NULL) { /* TODO: make submitgroup required */ if ((evlog->submitgroup = strdup("unknown")) == NULL) { - sudo_debug_printf( - SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO|SUDO_DEBUG_ERRNO, - "strdup"); + sudo_warnx(U_("%s: %s"), __func__, U_("unable to allocate memory")); goto bad; } } if (evlog->ttyname == NULL) { if ((evlog->ttyname = strdup("unknown")) == NULL) { - sudo_debug_printf( - SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO|SUDO_DEBUG_ERRNO, - "strdup"); + sudo_warnx(U_("%s: %s"), __func__, U_("unable to allocate memory")); goto bad; } } @@ -450,8 +443,7 @@ len = snprintf(str, strsize, "%c%c/%c%c/%c%c", sessid[0], sessid[1], sessid[2], sessid[3], sessid[4], sessid[5]); if (len < 0 || len >= (ssize_t)strsize) { - sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO, - "unable to format session id"); + sudo_warnx(U_("%s: unable to format session id"), __func__); debug_return_size_t(strsize); /* handle non-standard snprintf() */ } debug_return_size_t(len); @@ -465,8 +457,7 @@ debug_decl(fill_user, SUDO_DEBUG_UTIL); if (evlog->submituser == NULL) { - sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO, - "submituser not set"); + sudo_warnx(U_("%s: %s is not set"), __func__, "submituser"); debug_return_size_t(strsize); } debug_return_size_t(strlcpy(str, evlog->submituser, strsize)); @@ -480,8 +471,7 @@ debug_decl(fill_group, SUDO_DEBUG_UTIL); if (evlog->submitgroup == NULL) { - sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO, - "submitgroup not set"); + sudo_warnx(U_("%s: %s is not set"), __func__, "submitgroup"); debug_return_size_t(strsize); } debug_return_size_t(strlcpy(str, evlog->submitgroup, strsize)); @@ -495,8 +485,7 @@ debug_decl(fill_runas_user, SUDO_DEBUG_UTIL); if (evlog->runuser == NULL) { - sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO, - "runuser not set"); + sudo_warnx(U_("%s: %s is not set"), __func__, "runuser"); debug_return_size_t(strsize); } debug_return_size_t(strlcpy(str, evlog->runuser, strsize)); @@ -511,8 +500,7 @@ /* FIXME: rungroup not guaranteed to be set */ if (evlog->rungroup == NULL) { - sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO, - "rungroup not set"); + sudo_warnx(U_("%s: %s is not set"), __func__, "rungroup"); debug_return_size_t(strsize); } debug_return_size_t(strlcpy(str, evlog->rungroup, strsize)); @@ -526,8 +514,7 @@ debug_decl(fill_hostname, SUDO_DEBUG_UTIL); if (evlog->submithost == NULL) { - sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO, - "submithost not set"); + sudo_warnx(U_("%s: %s is not set"), __func__, "submithost"); debug_return_size_t(strsize); } debug_return_size_t(strlcpy(str, evlog->submithost, strsize)); @@ -541,8 +528,7 @@ debug_decl(fill_command, SUDO_DEBUG_UTIL); if (evlog->command == NULL) { - sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO, - "command not set"); + sudo_warnx(U_("%s: %s is not set"), __func__, "command"); debug_return_size_t(strsize); } debug_return_size_t(strlcpy(str, evlog->command, strsize)); @@ -578,15 +564,15 @@ if (!expand_iolog_path(logsrvd_conf_iolog_dir(), expanded_dir, sizeof(expanded_dir), &path_escapes[1], &path_closure)) { - sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO, - "unable to expand iolog dir %s", logsrvd_conf_iolog_dir()); + sudo_warnx(U_("unable to expand iolog path %s"), + logsrvd_conf_iolog_dir()); goto bad; } if (!expand_iolog_path(logsrvd_conf_iolog_file(), expanded_file, sizeof(expanded_file), &path_escapes[0], &path_closure)) { - sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO, - "unable to expand iolog dir %s", logsrvd_conf_iolog_file()); + sudo_warnx(U_("unable to expand iolog path %s"), + logsrvd_conf_iolog_file()); goto bad; } @@ -594,8 +580,7 @@ expanded_file); if (len >= sizeof(pathbuf)) { errno = ENAMETOOLONG; - sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO|SUDO_DEBUG_ERRNO, - "%s/%s", expanded_dir, expanded_file); + sudo_warn("%s/%s", expanded_dir, expanded_file); goto bad; } @@ -604,13 +589,11 @@ * Calls mkdtemp() if pathbuf ends in XXXXXX. */ if (!iolog_mkpath(pathbuf)) { - sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO|SUDO_DEBUG_ERRNO, - "unable to mkdir iolog path %s", pathbuf); + sudo_warnx(U_("unable to create iolog path %s"), pathbuf); goto bad; } if ((evlog->iolog_path = strdup(pathbuf)) == NULL) { - sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO|SUDO_DEBUG_ERRNO, - "strdup"); + sudo_warnx(U_("%s: %s"), __func__, U_("unable to allocate memory")); goto bad; } evlog->iolog_file = evlog->iolog_path + strlen(expanded_dir) + 1; @@ -619,8 +602,7 @@ closure->iolog_dir_fd = iolog_openat(AT_FDCWD, evlog->iolog_path, O_RDONLY); if (closure->iolog_dir_fd == -1) { - sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO|SUDO_DEBUG_ERRNO, - "%s", evlog->iolog_path); + sudo_warn("%s", evlog->iolog_path); goto bad; } @@ -631,14 +613,13 @@ debug_return_bool(false); } -static bool +bool iolog_create(int iofd, struct connection_closure *closure) { debug_decl(iolog_create, SUDO_DEBUG_UTIL); if (iofd < 0 || iofd >= IOFD_MAX) { - sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO, - "invalid iofd %d", iofd); + sudo_warnx(U_("invalid iofd %d"), iofd); debug_return_bool(false); } @@ -652,14 +633,13 @@ { const char *errstr; int i; - debug_decl(iolog_close, SUDO_DEBUG_UTIL); + debug_decl(iolog_close_all, SUDO_DEBUG_UTIL); for (i = 0; i < IOFD_MAX; i++) { if (!closure->iolog_files[i].enabled) continue; if (!iolog_close(&closure->iolog_files[i], &errstr)) { - sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO, - "error closing iofd %d: %s", i, errstr); + sudo_warnx(U_("error closing iofd %d: %s"), i, errstr); } } if (closure->iolog_dir_fd != -1) @@ -669,6 +649,25 @@ } bool +iolog_flush_all(struct connection_closure *closure) +{ + const char *errstr; + int i, ret = true; + debug_decl(iolog_flush_all, SUDO_DEBUG_UTIL); + + for (i = 0; i < IOFD_MAX; i++) { + if (!closure->iolog_files[i].enabled) + continue; + if (!iolog_flush(&closure->iolog_files[i], &errstr)) { + sudo_warnx(U_("error flushing iofd %d: %s"), i, errstr); + ret = false; + } + } + + debug_return_bool(ret); +} + +bool iolog_init(AcceptMessage *msg, struct connection_closure *closure) { struct eventlog *evlog = closure->evlog; @@ -727,8 +726,31 @@ debug_return_bool(true); } -/* Compressed logs don't support random access, need to rewrite them. */ +/* + * Like rename(2) but changes UID as needed. + */ static bool +iolog_rename(const char *from, const char *to) +{ + bool ok, uid_changed = false; + debug_decl(iolog_rename, SUDO_DEBUG_UTIL); + + ok = rename(from, to) == 0; + if (!ok && errno == EACCES) { + uid_changed = iolog_swapids(false); + if (uid_changed) + ok = rename(from, to) == 0; + } + + if (uid_changed) { + if (!iolog_swapids(true)) + ok = false; + } + debug_return_bool(ok); +} + +/* Compressed logs don't support random access, need to rewrite them. */ +bool iolog_rewrite(const struct timespec *target, struct connection_closure *closure) { const struct eventlog *evlog = closure->evlog; @@ -752,8 +774,8 @@ if (timing.event < IOFD_TIMING) { if (!closure->iolog_files[timing.event].enabled) { /* Missing log file. */ - sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO, - "iofd %d referenced but not open", timing.event); + sudo_warnx(U_("invalid I/O log %s: %s referenced but not present"), + evlog->iolog_path, iolog_fd_to_name(timing.event)); goto done; } iolog_file_sizes[timing.event] += timing.u.nbytes; @@ -764,11 +786,8 @@ break; /* Mismatch between resume point and stored log. */ - sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO, - "resume point mismatch, target [%lld, %ld], have [%lld, %ld]", - (long long)target->tv_sec, target->tv_nsec, - (long long)closure->elapsed_time.tv_sec, - closure->elapsed_time.tv_nsec); + sudo_warnx(U_("%s: unable to find resume point [%lld, %ld]"), + evlog->iolog_path, (long long)target->tv_sec, target->tv_nsec); goto done; } } @@ -780,18 +799,16 @@ len = snprintf(tmpdir, sizeof(tmpdir), "%s/restart.XXXXXX", evlog->iolog_path); if (len < 0 || len >= ssizeof(tmpdir)) { - sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO, - "unable to format %s/restart.XXXXXX", evlog->iolog_path); + errno = ENAMETOOLONG; + sudo_warn("%s/restart.XXXXXX", evlog->iolog_path); goto done; } if (!iolog_mkdtemp(tmpdir)) { - sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO|SUDO_DEBUG_ERRNO, - "unable to mkdtemp %s", tmpdir); + sudo_warn(U_("unable to mkdir %s"), tmpdir); goto done; } if ((tmpdir_fd = iolog_openat(AT_FDCWD, tmpdir, O_RDONLY)) == -1) { - sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO|SUDO_DEBUG_ERRNO, - "unable to open %s", tmpdir); + sudo_warn(U_("unable to open %s"), tmpdir); goto done; } @@ -803,9 +820,8 @@ new_iolog_files[iofd].enabled = true; if (!iolog_open(&new_iolog_files[iofd], tmpdir_fd, iofd, "w")) { if (errno != ENOENT) { - sudo_debug_printf( - SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO|SUDO_DEBUG_ERRNO, - "unable to open %s/%s", tmpdir, iolog_fd_to_name(iofd)); + sudo_warn(U_("unable to open %s/%s"), + tmpdir, iolog_fd_to_name(iofd)); goto done; } } @@ -817,8 +833,7 @@ if (!iolog_copy(&closure->iolog_files[iofd], &new_iolog_files[iofd], iolog_file_sizes[iofd], &errstr)) { name = iolog_fd_to_name(iofd); - sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO, - "unable to copy %s/%s to %s/%s: %s", + sudo_warnx(U_("unable to copy %s/%s to %s/%s: %s"), evlog->iolog_path, name, tmpdir, name, errstr); goto done; } @@ -835,21 +850,19 @@ name = iolog_fd_to_name(iofd); len = snprintf(from, sizeof(from), "%s/%s", tmpdir, name); if (len < 0 || len >= ssizeof(from)) { - sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO, - "unable to format %s/%s", tmpdir, name); + errno = ENAMETOOLONG; + sudo_warn("%s/%s", tmpdir, name); goto done; } len = snprintf(to, sizeof(to), "%s/%s", evlog->iolog_path, name); if (len < 0 || len >= ssizeof(from)) { - sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO, - "unable to format %s/%s", evlog->iolog_path, name); + errno = ENAMETOOLONG; + sudo_warn("%s/%s", evlog->iolog_path, name); goto done; } if (!iolog_rename(from, to)) { - sudo_debug_printf( - SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO|SUDO_DEBUG_ERRNO, - "unable to rename %s to %s", from, to); + sudo_warn(U_("unable to rename %s to %s"), from, to); goto done; } } @@ -880,82 +893,11 @@ debug_return_bool(ret); } -bool -iolog_restart(RestartMessage *msg, struct connection_closure *closure) -{ - struct eventlog *evlog = closure->evlog; - struct timespec target; - struct stat sb; - int iofd; - debug_decl(iolog_restart, SUDO_DEBUG_UTIL); - - target.tv_sec = msg->resume_point->tv_sec; - target.tv_nsec = msg->resume_point->tv_nsec; - - if ((evlog->iolog_path = strdup(msg->log_id)) == NULL) { - sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO|SUDO_DEBUG_ERRNO, - "strdup"); - goto bad; - } - - /* We use iolog_dir_fd in calls to openat(2) */ - closure->iolog_dir_fd = - iolog_openat(AT_FDCWD, evlog->iolog_path, O_RDONLY); - if (closure->iolog_dir_fd == -1) { - sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO|SUDO_DEBUG_ERRNO, - "%s", evlog->iolog_path); - goto bad; - } - - /* If the timing file write bit is clear, log is already complete. */ - if (fstatat(closure->iolog_dir_fd, "timing", &sb, 0) == -1) { - sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO|SUDO_DEBUG_ERRNO, - "unable to stat %s/timing", evlog->iolog_path); - goto bad; - } - if (!ISSET(sb.st_mode, S_IWUSR)) { - sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO, - "%s already complete", evlog->iolog_path); - closure->errstr = _("log is already complete, cannot be restarted"); - goto bad; - } - - /* Open existing I/O log files. */ - if (!iolog_open_all(closure->iolog_dir_fd, evlog->iolog_path, - closure->iolog_files, "r+")) - goto bad; - - /* Compressed logs don't support random access, so rewrite them. */ - for (iofd = 0; iofd < IOFD_MAX; iofd++) { - if (closure->iolog_files[iofd].compressed) - debug_return_bool(iolog_rewrite(&target, closure)); - } - - /* Parse timing file until we reach the target point. */ - if (!iolog_seekto(closure->iolog_dir_fd, evlog->iolog_path, - closure->iolog_files, &closure->elapsed_time, &target)) - goto bad; - - /* Must seek or flush before switching from read -> write. */ - if (iolog_seek(&closure->iolog_files[IOFD_TIMING], 0, SEEK_CUR) == -1) { - sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO|SUDO_DEBUG_ERRNO, - "lseek(IOFD_TIMING, 0, SEEK_CUR)"); - goto bad; - } - - /* Ready to log I/O buffers. */ - debug_return_bool(true); -bad: - if (closure->errstr == NULL) - closure->errstr = _("unable to restart log"); - debug_return_bool(false); -} - /* * Add given delta to elapsed time. * We cannot use timespecadd here since delta is not struct timespec. */ -static void +void update_elapsed_time(TimeSpec *delta, struct timespec *elapsed) { debug_decl(update_elapsed_time, SUDO_DEBUG_UTIL); @@ -970,119 +912,3 @@ debug_return; } - -int -store_iobuf(int iofd, IoBuffer *msg, struct connection_closure *closure) -{ - const struct eventlog *evlog = closure->evlog; - const char *errstr; - char tbuf[1024]; - int len; - debug_decl(store_iobuf, SUDO_DEBUG_UTIL); - - /* Open log file as needed. */ - if (!closure->iolog_files[iofd].enabled) { - if (!iolog_create(iofd, closure)) - debug_return_int(-1); - } - - /* Format timing data. */ - /* FIXME - assumes IOFD_* matches IO_EVENT_* */ - len = snprintf(tbuf, sizeof(tbuf), "%d %lld.%09d %zu\n", - iofd, (long long)msg->delay->tv_sec, (int)msg->delay->tv_nsec, - msg->data.len); - if (len < 0 || len >= ssizeof(tbuf)) { - sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO, - "unable to format timing buffer, len %d", len); - debug_return_int(-1); - } - - /* Write to specified I/O log file. */ - if (!iolog_write(&closure->iolog_files[iofd], msg->data.data, - msg->data.len, &errstr)) { - sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO, - "unable to write to %s/%s: %s", evlog->iolog_path, - iolog_fd_to_name(iofd), errstr); - debug_return_int(-1); - } - - /* Write timing data. */ - if (!iolog_write(&closure->iolog_files[IOFD_TIMING], tbuf, - len, &errstr)) { - sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO, - "unable to write to %s/%s: %s", evlog->iolog_path, - iolog_fd_to_name(IOFD_TIMING), errstr); - debug_return_int(-1); - } - - update_elapsed_time(msg->delay, &closure->elapsed_time); - - debug_return_int(0); -} - -int -store_suspend(CommandSuspend *msg, struct connection_closure *closure) -{ - const struct eventlog *evlog = closure->evlog; - const char *errstr; - char tbuf[1024]; - int len; - debug_decl(store_suspend, SUDO_DEBUG_UTIL); - - /* Format timing data including suspend signal. */ - len = snprintf(tbuf, sizeof(tbuf), "%d %lld.%09d %s\n", IO_EVENT_SUSPEND, - (long long)msg->delay->tv_sec, (int)msg->delay->tv_nsec, - msg->signal); - if (len < 0 || len >= ssizeof(tbuf)) { - sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO, - "unable to format timing buffer, len %d, signal %s", - len, msg->signal); - debug_return_int(-1); - } - - /* Write timing data. */ - if (!iolog_write(&closure->iolog_files[IOFD_TIMING], tbuf, - len, &errstr)) { - sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO, - "unable to write to %s/%s: %s", evlog->iolog_path, - iolog_fd_to_name(IOFD_TIMING), errstr); - debug_return_int(-1); - } - - update_elapsed_time(msg->delay, &closure->elapsed_time); - - debug_return_int(0); -} - -int -store_winsize(ChangeWindowSize *msg, struct connection_closure *closure) -{ - const struct eventlog *evlog = closure->evlog; - const char *errstr; - char tbuf[1024]; - int len; - debug_decl(store_winsize, SUDO_DEBUG_UTIL); - - /* Format timing data including new window size. */ - len = snprintf(tbuf, sizeof(tbuf), "%d %lld.%09d %d %d\n", IO_EVENT_WINSIZE, - (long long)msg->delay->tv_sec, (int)msg->delay->tv_nsec, - msg->rows, msg->cols); - if (len < 0 || len >= ssizeof(tbuf)) { - sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO, - "unable to format timing buffer, len %d", len); - debug_return_int(-1); - } - - /* Write timing data. */ - if (!iolog_write(&closure->iolog_files[IOFD_TIMING], tbuf, - len, &errstr)) { - sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO, - "unable to write to %s/%s: %s", evlog->iolog_path, - iolog_fd_to_name(IOFD_TIMING), errstr); - debug_return_int(-1); - } - - update_elapsed_time(msg->delay, &closure->elapsed_time); - - debug_return_int(0); -} diff -Nru sudo-1.9.5p2/logsrvd/logsrv_util.c sudo-1.9.9/logsrvd/logsrv_util.c --- sudo-1.9.5p2/logsrvd/logsrv_util.c 2020-12-17 01:33:43.000000000 +0000 +++ sudo-1.9.9/logsrvd/logsrv_util.c 2022-01-27 21:24:22.000000000 +0000 @@ -58,19 +58,20 @@ if (buf->size < needed) { /* Expand buffer. */ needed = sudo_pow2_roundup(needed); + sudo_debug_printf(SUDO_DEBUG_INFO|SUDO_DEBUG_LINENO, + "expanding buffer from %u to %u", buf->size, needed); if ((newdata = malloc(needed)) == NULL) { - sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_ERRNO, - "%s: unable to malloc %u", __func__, needed); + sudo_warnx(U_("%s: %s"), __func__, U_("unable to allocate memory")); debug_return_bool(false); } - if (buf->off > 0) + if (buf->len - buf->off > 0) memcpy(newdata, buf->data + buf->off, buf->len - buf->off); free(buf->data); buf->data = newdata; buf->size = needed; } else { /* Just reset existing buffer. */ - if (buf->off > 0) { + if (buf->len - buf->off > 0) { memmove(buf->data, buf->data + buf->off, buf->len - buf->off); } @@ -122,11 +123,28 @@ off_t pos; debug_decl(iolog_seekto, SUDO_DEBUG_UTIL); + if (!sudo_timespecisset(target)) { + sudo_debug_printf(SUDO_DEBUG_INFO|SUDO_DEBUG_LINENO, + "resuming at start of file [0, 0]"); + debug_return_bool(true); + } + /* Parse timing file until we reach the target point. */ for (;;) { - if (iolog_read_timing_record(&iolog_files[IOFD_TIMING], &timing) != 0) + switch (iolog_read_timing_record(&iolog_files[IOFD_TIMING], &timing)) { + case 0: + break; + case 1: + /* EOF reading timing file. */ + sudo_warnx(U_("%s/%s: unable to find resume point [%lld, %ld]"), + iolog_path, "timing", (long long)target->tv_sec, + target->tv_nsec); goto bad; - sudo_timespecadd(&timing.delay, elapsed_time, elapsed_time); + default: + /* Error printed by iolog_read_timing_record(). */ + goto bad; + } + sudo_timespecadd(elapsed_time, &timing.delay, elapsed_time); if (timing.event < IOFD_TIMING) { if (!iolog_files[timing.event].enabled) { /* Missing log file. */ @@ -147,9 +165,9 @@ break; /* Mismatch between resume point and stored log. */ - sudo_warnx(U_("unable to find resume point [%lld, %ld] in %s/%s"), - (long long)target->tv_sec, target->tv_nsec, iolog_path, - "timing"); + sudo_warnx(U_("%s/%s: unable to find resume point [%lld, %ld]"), + iolog_path, "timing", (long long)target->tv_sec, + target->tv_nsec); goto bad; } } diff -Nru sudo-1.9.5p2/logsrvd/logsrv_util.h sudo-1.9.9/logsrvd/logsrv_util.h --- sudo-1.9.5p2/logsrvd/logsrv_util.h 2020-12-17 01:33:43.000000000 +0000 +++ sudo-1.9.9/logsrvd/logsrv_util.h 2022-01-27 21:24:22.000000000 +0000 @@ -19,6 +19,15 @@ #ifndef SUDO_LOGSRV_UTIL_H #define SUDO_LOGSRV_UTIL_H +#include /* for INET_ADDRSTRLEN and INET6_ADDRSTRLEN */ + +#ifndef INET_ADDRSTRLEN +# define INET_ADDRSTRLEN 16 +#endif +#ifndef INET6_ADDRSTRLEN +# define INET6_ADDRSTRLEN 46 +#endif + /* Default ports to listen on */ #define DEFAULT_PORT "30343" #define DEFAULT_PORT_TLS "30344" @@ -26,12 +35,23 @@ /* Maximum message size (2Mb) */ #define MESSAGE_SIZE_MAX (2 * 1024 * 1024) +struct peer_info { + const char *name; +#if defined(HAVE_STRUCT_IN6_ADDR) + char ipaddr[INET6_ADDRSTRLEN]; +#else + char ipaddr[INET_ADDRSTRLEN]; +#endif +}; + struct connection_buffer { + TAILQ_ENTRY(connection_buffer) entries; uint8_t *data; unsigned int size; unsigned int len; unsigned int off; }; +TAILQ_HEAD(connection_buffer_list, connection_buffer); /* logsrv_util.c */ struct iolog_file; diff -Nru sudo-1.9.5p2/logsrvd/logsrvd.c sudo-1.9.9/logsrvd/logsrvd.c --- sudo-1.9.5p2/logsrvd/logsrvd.c 2021-01-09 20:12:16.000000000 +0000 +++ sudo-1.9.9/logsrvd/logsrvd.c 2022-01-27 21:24:22.000000000 +0000 @@ -1,7 +1,7 @@ /* * SPDX-License-Identifier: ISC * - * Copyright (c) 2019-2020 Todd C. Miller + * Copyright (c) 2019-2021 Todd C. Miller * * Permission to use, copy, modify, and distribute this software for any * purpose with or without fee is hereby granted, provided that the above @@ -49,11 +49,6 @@ # include "compat/getopt.h" #endif /* HAVE_GETOPT_LONG */ -#if defined(HAVE_OPENSSL) -# include -# include -#endif - #define NEED_INET_NTOP /* to expose sudo_inet_ntop in sudo_compat.h */ #include "pathnames.h" @@ -70,14 +65,8 @@ #include "sudo_rand.h" #include "sudo_util.h" -#include "log_server.pb-c.h" -#include "hostcheck.h" #include "logsrvd.h" - -#if defined(HAVE_OPENSSL) -# define LOGSRVD_DEFAULT_CIPHER_LST12 "HIGH:!aNULL" -# define LOGSRVD_DEFAULT_CIPHER_LST13 "TLS_AES_256_GCM_SHA384" -#endif +#include "hostcheck.h" #ifndef O_NOFOLLOW # define O_NOFOLLOW 0 @@ -92,10 +81,14 @@ static struct listener_list listeners = TAILQ_HEAD_INITIALIZER(listeners); static const char server_id[] = "Sudo Audit Server " PACKAGE_VERSION; static const char *conf_file = _PATH_SUDO_LOGSRVD_CONF; -static double random_drop; -/* Server callback may redirect to client callback for TLS. */ +/* Event loop callbacks. */ static void client_msg_cb(int fd, int what, void *v); +static void server_msg_cb(int fd, int what, void *v); +static void server_commit_cb(int fd, int what, void *v); +#if defined(HAVE_OPENSSL) +static void tls_handshake_cb(int fd, int what, void *v); +#endif /* * Free a struct connection_closure container and its contents. @@ -108,15 +101,30 @@ if (closure != NULL) { bool shutting_down = closure->state == SHUTDOWN; struct sudo_event_base *evbase = closure->evbase; + struct connection_buffer *buf; TAILQ_REMOVE(&connections, closure, entries); + + if (closure->state == CONNECTING && closure->journal != NULL) { + /* Failed to relay journal file, retry later. */ + logsrvd_queue_insert(closure); + } + if (closure->relay_closure != NULL) + relay_closure_free(closure->relay_closure); #if defined(HAVE_OPENSSL) - if (closure->tls) { - SSL_shutdown(closure->ssl); + if (closure->ssl != NULL) { + /* Must call SSL_shutdown() before closing closure->sock. */ + sudo_debug_printf(SUDO_DEBUG_INFO|SUDO_DEBUG_LINENO, + "closing down TLS connection from %s", closure->ipaddr); + if (SSL_shutdown(closure->ssl) == 0) + SSL_shutdown(closure->ssl); SSL_free(closure->ssl); } #endif - close(closure->sock); + if (closure->sock != -1) { + shutdown(closure->sock, SHUT_RDWR); + close(closure->sock); + } iolog_close_all(closure); sudo_ev_free(closure->commit_ev); sudo_ev_free(closure->read_ev); @@ -126,7 +134,21 @@ #endif eventlog_free(closure->evlog); free(closure->read_buf.data); - free(closure->write_buf.data); + while ((buf = TAILQ_FIRST(&closure->write_bufs)) != NULL) { + sudo_debug_printf(SUDO_DEBUG_WARN|SUDO_DEBUG_LINENO, + "discarding write buffer %p, len %u", buf, buf->len - buf->off); + TAILQ_REMOVE(&closure->write_bufs, buf, entries); + free(buf->data); + free(buf); + } + while ((buf = TAILQ_FIRST(&closure->free_bufs)) != NULL) { + TAILQ_REMOVE(&closure->free_bufs, buf, entries); + free(buf->data); + free(buf); + } + free(closure->journal_path); + if (closure->journal != NULL) + fclose(closure->journal); free(closure); if (shutting_down && TAILQ_EMPTY(&connections)) @@ -136,24 +158,171 @@ debug_return; } -static bool -fmt_server_message(struct connection_buffer *buf, ServerMessage *msg) +/* + * Allocate a new connection closure. + */ +struct connection_closure * +connection_closure_alloc(int fd, bool tls, bool relay_only, + struct sudo_event_base *base) { + struct connection_closure *closure; + debug_decl(connection_closure_alloc, SUDO_DEBUG_UTIL); + + if ((closure = calloc(1, sizeof(*closure))) == NULL) + debug_return_ptr(NULL); + + closure->iolog_dir_fd = -1; + closure->sock = relay_only ? -1 : fd; + closure->evbase = base; + TAILQ_INIT(&closure->write_bufs); + TAILQ_INIT(&closure->free_bufs); + + /* Use different message handlers depending on the operating mode. */ + if (relay_only) { + closure->cms = &cms_relay; + } else if (logsrvd_conf_relay_store_first()) { + closure->store_first = true; + closure->cms = &cms_journal; + } else { + closure->cms = &cms_local; + } + + TAILQ_INSERT_TAIL(&connections, closure, entries); + + closure->read_buf.size = 64 * 1024; + closure->read_buf.data = malloc(closure->read_buf.size); + if (closure->read_buf.data == NULL) + goto bad; + + closure->read_ev = sudo_ev_alloc(fd, SUDO_EV_READ|SUDO_EV_PERSIST, + client_msg_cb, closure); + if (closure->read_ev == NULL) + goto bad; + + if (!relay_only) { + closure->write_ev = sudo_ev_alloc(fd, SUDO_EV_WRITE|SUDO_EV_PERSIST, + server_msg_cb, closure); + if (closure->write_ev == NULL) + goto bad; + + closure->commit_ev = sudo_ev_alloc(-1, SUDO_EV_TIMEOUT, + server_commit_cb, closure); + if (closure->commit_ev == NULL) + goto bad; + } +#if defined(HAVE_OPENSSL) + if (tls) { + closure->ssl_accept_ev = sudo_ev_alloc(fd, SUDO_EV_READ, + tls_handshake_cb, closure); + if (closure->ssl_accept_ev == NULL) + goto bad; + } +#endif + + debug_return_ptr(closure); +bad: + connection_closure_free(closure); + debug_return_ptr(NULL); +} + +/* + * Close the client connection when finished. + * If in store-and-forward mode, initiate a relay connection. + * Otherwise, free the connection closure, removing any events. + */ +void +connection_close(struct connection_closure *closure) +{ + struct connection_closure *new_closure; + debug_decl(connection_close, SUDO_DEBUG_UTIL); + + if (closure == NULL) + debug_return; + + /* Final state should be FINISHED except on error. */ + sudo_debug_printf(SUDO_DEBUG_INFO|SUDO_DEBUG_LINENO, + "%s: closure %p, final state %d, relay_closure %p, " + "journal file %p, journal path %s", __func__, closure, + closure->state, closure->relay_closure, closure->journal, + closure->journal_path ? closure->journal_path : ""); + + /* + * If we finished a client connection in store-and-forward mode, + * create a new connection for the relay and replay the journal. + */ + if (closure->store_first && closure->state == FINISHED && + closure->relay_closure == NULL && closure->journal != NULL) { + new_closure = connection_closure_alloc(fileno(closure->journal), false, + true, closure->evbase); + if (new_closure != NULL) { + /* Re-parent journal settings. */ + new_closure->journal = closure->journal; + closure->journal = NULL; + new_closure->journal_path = closure->journal_path; + closure->journal_path = NULL; + + /* Connect to the first relay available asynchronously. */ + if (!connect_relay(new_closure)) { + sudo_warnx(U_("unable to connect to relay")); + connection_closure_free(new_closure); + } + } + } + if (closure->state == FINISHED && closure->journal_path != NULL) { + /* Journal relayed successfully, remove backing file. */ + sudo_debug_printf(SUDO_DEBUG_INFO|SUDO_DEBUG_LINENO, + "removing journal file %s", closure->journal_path); + unlink(closure->journal_path); + + /* Process the next outgoing file (if any). */ + logsrvd_queue_enable(0, closure->evbase); + } + connection_closure_free(closure); + + debug_return; +} + +struct connection_buffer * +get_free_buf(size_t len, struct connection_closure *closure) +{ + struct connection_buffer *buf; + debug_decl(get_free_buf, SUDO_DEBUG_UTIL); + + buf = TAILQ_FIRST(&closure->free_bufs); + if (buf != NULL) { + TAILQ_REMOVE(&closure->free_bufs, buf, entries); + } else { + if ((buf = calloc(1, sizeof(*buf))) == NULL) { + sudo_warnx(U_("%s: %s"), __func__, U_("unable to allocate memory")); + debug_return_ptr(NULL); + } + } + + if (len > buf->size) { + free(buf->data); + buf->size = sudo_pow2_roundup(len); + if ((buf->data = malloc(buf->size)) == NULL) { + sudo_warnx(U_("%s: %s"), __func__, U_("unable to allocate memory")); + free(buf); + buf = NULL; + } + } + + debug_return_ptr(buf); +} + +bool +fmt_server_message(struct connection_closure *closure, ServerMessage *msg) +{ + struct connection_buffer *buf = NULL; uint32_t msg_len; bool ret = false; size_t len; debug_decl(fmt_server_message, SUDO_DEBUG_UTIL); - if (buf->len != 0) { - sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO, - "pending write, unable to format ServerMessage"); - debug_return_bool(false); - } - len = server_message__get_packed_size(msg); if (len > MESSAGE_SIZE_MAX) { - sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO, - "server message too large: %zu", len); + sudo_warnx(U_("server message too large: %zu"), len); goto done; } @@ -161,23 +330,19 @@ msg_len = htonl((uint32_t)len); len += sizeof(msg_len); - /* Resize buffer as needed. */ - if (len > buf->size) { - free(buf->data); - buf->size = sudo_pow2_roundup(len); - if ((buf->data = malloc(buf->size)) == NULL) { - sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO, - "unable to malloc %u", buf->size); - buf->size = 0; - goto done; - } - } sudo_debug_printf(SUDO_DEBUG_INFO|SUDO_DEBUG_LINENO, "size + server message %zu bytes", len); + if ((buf = get_free_buf(len, closure)) == NULL) { + sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO, + "unable to allocate connection_buffer"); + goto done; + } memcpy(buf->data, &msg_len, sizeof(msg_len)); server_message__pack(msg, buf->data + sizeof(msg_len)); buf->len = len; + TAILQ_INSERT_TAIL(&closure->write_bufs, buf, entries); + ret = true; done: @@ -185,7 +350,7 @@ } static bool -fmt_hello_message(struct connection_buffer *buf, bool tls) +fmt_hello_message(struct connection_closure *closure) { ServerMessage msg = SERVER_MESSAGE__INIT; ServerHello hello = SERVER_HELLO__INIT; @@ -193,14 +358,15 @@ /* TODO: implement redirect and servers array. */ hello.server_id = (char *)server_id; + hello.subcommands = true; msg.u.hello = &hello; msg.type_case = SERVER_MESSAGE__TYPE_HELLO; - debug_return_bool(fmt_server_message(buf, &msg)); + debug_return_bool(fmt_server_message(closure, &msg)); } -static bool -fmt_log_id_message(const char *id, struct connection_buffer *buf) +bool +fmt_log_id_message(const char *id, struct connection_closure *closure) { ServerMessage msg = SERVER_MESSAGE__INIT; debug_decl(fmt_log_id_message, SUDO_DEBUG_UTIL); @@ -208,11 +374,11 @@ msg.u.log_id = (char *)id; msg.type_case = SERVER_MESSAGE__TYPE_LOG_ID; - debug_return_bool(fmt_server_message(buf, &msg)); + debug_return_bool(fmt_server_message(closure, &msg)); } static bool -fmt_error_message(const char *errstr, struct connection_buffer *buf) +fmt_error_message(const char *errstr, struct connection_closure *closure) { ServerMessage msg = SERVER_MESSAGE__INIT; debug_decl(fmt_error_message, SUDO_DEBUG_UTIL); @@ -220,419 +386,338 @@ msg.u.error = (char *)errstr; msg.type_case = SERVER_MESSAGE__TYPE_ERROR; - debug_return_bool(fmt_server_message(buf, &msg)); + debug_return_bool(fmt_server_message(closure, &msg)); } -struct logsrvd_info_closure { - InfoMessage **info_msgs; - size_t infolen; -}; - -static bool -logsrvd_json_log_cb(struct json_container *json, void *v) +/* + * Format a ServerMessage with the error string and add it to the write queue. + * Also sets the error flag state to true. + * Returns true if successfully scheduled, else false. + */ +bool +schedule_error_message(const char *errstr, struct connection_closure *closure) { - struct logsrvd_info_closure *closure = v; - struct json_value json_value; - size_t idx; - debug_decl(logsrvd_json_log_cb, SUDO_DEBUG_UTIL); - - for (idx = 0; idx < closure->infolen; idx++) { - InfoMessage *info = closure->info_msgs[idx]; - - switch (info->value_case) { - case INFO_MESSAGE__VALUE_NUMVAL: - json_value.type = JSON_NUMBER; - json_value.u.number = info->u.numval; - if (!sudo_json_add_value(json, info->key, &json_value)) - goto bad; - break; - case INFO_MESSAGE__VALUE_STRVAL: - json_value.type = JSON_STRING; - json_value.u.string = info->u.strval; - if (!sudo_json_add_value(json, info->key, &json_value)) - goto bad; - break; - case INFO_MESSAGE__VALUE_STRLISTVAL: { - InfoMessage__StringList *strlist = info->u.strlistval; - size_t n; + bool ret = false; + debug_decl(schedule_error_message, SUDO_DEBUG_UTIL); - if (!sudo_json_open_array(json, info->key)) - goto bad; - for (n = 0; n < strlist->n_strings; n++) { - json_value.type = JSON_STRING; - json_value.u.string = strlist->strings[n]; - if (!sudo_json_add_value(json, NULL, &json_value)) - goto bad; - } - if (!sudo_json_close_array(json)) - goto bad; - break; - } - default: - sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO, - "unexpected value case %d", info->value_case); - goto bad; - } + sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO, + "send error to client: %s", errstr ? errstr : "none"); + + /* Prevent further reads from the client, just write the error. */ + sudo_ev_del(closure->evbase, closure->read_ev); + + if (errstr == NULL || closure->error || closure->write_ev == NULL) + goto done; + + /* Format error message and add to the write queue. */ + if (!fmt_error_message(errstr, closure)) + goto done; + if (sudo_ev_add(closure->evbase, closure->write_ev, + logsrvd_conf_server_timeout(), true) == -1) { + sudo_warnx("%s", U_("unable to add event to queue")); + goto done; } - debug_return_bool(true); -bad: - debug_return_bool(false); + ret = true; + +done: + closure->error = true; + debug_return_bool(ret); } /* - * Parse an AcceptMessage + * AcceptMessage handler. */ static bool -handle_accept(AcceptMessage *msg, struct connection_closure *closure) +handle_accept(AcceptMessage *msg, uint8_t *buf, size_t len, + struct connection_closure *closure) { - struct logsrvd_info_closure info = { msg->info_msgs, msg->n_info_msgs }; + const char *source = closure->journal_path ? closure->journal_path : + closure->ipaddr; + bool ret; debug_decl(handle_accept, SUDO_DEBUG_UTIL); - if (closure->state != INITIAL) { - sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO, - "unexpected state %d", closure->state); + /* We can get an AcceptMessage for a sub-command during a session. */ + if (closure->state == EXITED || closure->state == FINISHED) { + sudo_warnx(U_("unexpected state %d for %s"), closure->state, source); closure->errstr = _("state machine error"); debug_return_bool(false); } /* Check that message is valid. */ if (msg->submit_time == NULL || msg->n_info_msgs == 0) { - sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO, - "invalid AcceptMessage, submit_time: %p, n_info_msgs: %zu", - msg->submit_time, msg->n_info_msgs); + sudo_warnx(U_("%s: %s"), source, U_("invalid AcceptMessage")); closure->errstr = _("invalid AcceptMessage"); debug_return_bool(false); } - sudo_debug_printf(SUDO_DEBUG_INFO, "%s: received AcceptMessage", __func__); + sudo_debug_printf(SUDO_DEBUG_INFO, "%s: received AcceptMessage from %s", + __func__, source); - closure->evlog = evlog_new(msg->submit_time, msg->info_msgs, - msg->n_info_msgs); - if (closure->evlog == NULL) { - closure->errstr = _("error parsing AcceptMessage"); - debug_return_bool(false); + ret = closure->cms->accept(msg, buf, len, closure); + if (ret && closure->state == INITIAL) { + if (msg->expect_iobufs) + closure->log_io = true; + closure->state = RUNNING; } - - /* Create I/O log info file and parent directories. */ - if (msg->expect_iobufs) { - if (!iolog_init(msg, closure)) { - closure->errstr = _("error creating I/O log"); - debug_return_bool(false); - } - closure->log_io = true; - } - - if (!eventlog_accept(closure->evlog, 0, logsrvd_json_log_cb, &info)) { - closure->errstr = _("error logging accept event"); - debug_return_bool(false); - } - - if (msg->expect_iobufs) { - /* Send log ID to client for restarting connections. */ - if (!fmt_log_id_message(closure->evlog->iolog_path, &closure->write_buf)) - debug_return_bool(false); - if (sudo_ev_add(closure->evbase, closure->write_ev, - logsrvd_conf_get_sock_timeout(), false) == -1) { - sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO, - "unable to add server write event"); - debug_return_bool(false); - } - } - - closure->state = RUNNING; - debug_return_bool(true); + debug_return_bool(ret); } /* - * Parse a RejectMessage + * RejectMessage handler. */ static bool -handle_reject(RejectMessage *msg, struct connection_closure *closure) +handle_reject(RejectMessage *msg, uint8_t *buf, size_t len, + struct connection_closure *closure) { - struct logsrvd_info_closure info = { msg->info_msgs, msg->n_info_msgs }; + const char *source = closure->journal_path ? closure->journal_path : + closure->ipaddr; + bool ret; debug_decl(handle_reject, SUDO_DEBUG_UTIL); - if (closure->state != INITIAL) { - sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO, - "unexpected state %d", closure->state); + /* We can get a RejectMessage for a sub-command during a session. */ + if (closure->state == EXITED || closure->state == FINISHED) { + sudo_warnx(U_("unexpected state %d for %s"), closure->state, source); closure->errstr = _("state machine error"); debug_return_bool(false); } /* Check that message is valid. */ if (msg->submit_time == NULL || msg->n_info_msgs == 0) { - sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO, - "invalid RejectMessage, submit_time: %p, n_info_msgs: %zu", - msg->submit_time, msg->n_info_msgs); + sudo_warnx(U_("%s: %s"), source, U_("invalid RejectMessage")); closure->errstr = _("invalid RejectMessage"); debug_return_bool(false); } - sudo_debug_printf(SUDO_DEBUG_INFO, "%s: received RejectMessage", __func__); + sudo_debug_printf(SUDO_DEBUG_INFO, "%s: received RejectMessage from %s", + __func__, source); - closure->evlog = evlog_new(msg->submit_time, msg->info_msgs, - msg->n_info_msgs); - if (closure->evlog == NULL) { - closure->errstr = _("error parsing RejectMessage"); - debug_return_bool(false); - } - - if (!eventlog_reject(closure->evlog, 0, msg->reason, - logsrvd_json_log_cb, &info)) { - closure->errstr = _("error logging reject event"); - debug_return_bool(false); + ret = closure->cms->reject(msg, buf, len, closure); + if (ret && closure->state == INITIAL) { + closure->state = FINISHED; } - closure->state = FINISHED; - debug_return_bool(true); + debug_return_bool(ret); } static bool -handle_exit(ExitMessage *msg, struct connection_closure *closure) +handle_exit(ExitMessage *msg, uint8_t *buf, size_t len, + struct connection_closure *closure) { - struct timespec tv = { 0, 0 }; - mode_t mode; + const char *source = closure->journal_path ? closure->journal_path : + closure->ipaddr; + bool ret; debug_decl(handle_exit, SUDO_DEBUG_UTIL); if (closure->state != RUNNING) { - sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO, - "unexpected state %d", closure->state); + sudo_warnx(U_("unexpected state %d for %s"), closure->state, source); closure->errstr = _("state machine error"); debug_return_bool(false); } - sudo_debug_printf(SUDO_DEBUG_INFO, "%s: received ExitMessage", __func__); + sudo_debug_printf(SUDO_DEBUG_INFO, "%s: received ExitMessage from %s", + source, __func__); - /* Sudo I/O logs don't store this info. */ - if (msg->signal != NULL && msg->signal[0] != '\0') { - sudo_debug_printf(SUDO_DEBUG_INFO|SUDO_DEBUG_LINENO, - "command was killed by SIG%s%s", msg->signal, - msg->dumped_core ? " (core dumped)" : ""); - } else { - sudo_debug_printf(SUDO_DEBUG_INFO|SUDO_DEBUG_LINENO, - "command exited with %d", msg->exit_value); - } - - if (closure->log_io) { - /* No more data, command exited. */ - closure->state = EXITED; - sudo_ev_del(closure->evbase, closure->read_ev); - - sudo_debug_printf(SUDO_DEBUG_INFO, "%s: elapsed time: %lld, %ld", - __func__, (long long)closure->elapsed_time.tv_sec, - closure->elapsed_time.tv_nsec); - - /* Clear write bits from I/O timing file to indicate completion. */ - mode = logsrvd_conf_iolog_mode(); - CLR(mode, S_IWUSR|S_IWGRP|S_IWOTH); - if (fchmodat(closure->iolog_dir_fd, "timing", mode, 0) == -1) { - sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO|SUDO_DEBUG_ERRNO, - "unable to fchmodat timing file"); + ret = closure->cms->exit(msg, buf, len, closure); + if (ret) { + if (sudo_timespecisset(&closure->elapsed_time)) { + sudo_debug_printf(SUDO_DEBUG_INFO, "%s: elapsed time: [%lld, %ld]", + __func__, (long long)closure->elapsed_time.tv_sec, + closure->elapsed_time.tv_nsec); } - /* Schedule the final commit point event immediately. */ - if (sudo_ev_add(closure->evbase, closure->commit_ev, &tv, false) == -1) { - sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO, - "unable to add commit point event"); - debug_return_bool(false); + if (closure->log_io) { + /* Command exited, client waiting for final commit point. */ + closure->state = EXITED; + + /* Relay host will send the final commit point. */ + if (closure->relay_closure == NULL) { + struct timespec tv = { 0, 0 }; + if (sudo_ev_add(closure->evbase, closure->commit_ev, &tv, false) == -1) { + sudo_warnx("%s", U_("unable to add event to queue")); + ret = false; + } + } + } else { + /* No commit point to send to client, we are finished. */ + closure->state = FINISHED; } - } else { - /* Command exited, no I/O logs to flush. */ - closure->state = FINISHED; } + sudo_ev_del(closure->evbase, closure->read_ev); - debug_return_bool(true); + debug_return_bool(ret); } static bool -handle_restart(RestartMessage *msg, struct connection_closure *closure) +handle_restart(RestartMessage *msg, uint8_t *buf, size_t len, + struct connection_closure *closure) { + const char *source = closure->journal_path ? closure->journal_path : + closure->ipaddr; + bool ret = true; debug_decl(handle_restart, SUDO_DEBUG_UTIL); if (closure->state != INITIAL) { - sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO, - "unexpected state %d", closure->state); + sudo_warnx(U_("unexpected state %d for %s"), closure->state, source); closure->errstr = _("state machine error"); debug_return_bool(false); } - sudo_debug_printf(SUDO_DEBUG_INFO, "%s: received RestartMessage for %s", - __func__, msg->log_id); - - if (!iolog_restart(msg, closure)) { - sudo_debug_printf(SUDO_DEBUG_WARN, "%s: unable to restart I/O log", __func__); - /* XXX - structured error message so client can send from beginning */ - if (!fmt_error_message(closure->errstr, &closure->write_buf)) - debug_return_bool(false); - sudo_ev_del(closure->evbase, closure->read_ev); - if (sudo_ev_add(closure->evbase, closure->write_ev, - logsrvd_conf_get_sock_timeout(), false) == -1) { - sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO, - "unable to add server write event"); - debug_return_bool(false); - } - closure->state = ERROR; - debug_return_bool(true); + sudo_debug_printf(SUDO_DEBUG_INFO, + "%s: received RestartMessage for %s from %s", __func__, msg->log_id, + source); + + /* Only I/O logs are restartable. */ + closure->log_io = true; + + if (closure->cms->restart(msg, buf, len, closure)) { + /* Successfully restarted. */ + closure->state = RUNNING; + } else { + /* Report error to client before closing the connection. */ + sudo_debug_printf(SUDO_DEBUG_WARN, "%s: unable to restart I/O log", + __func__); + if (!schedule_error_message(closure->errstr, closure)) + ret = false; } - closure->state = RUNNING; - debug_return_bool(true); + debug_return_bool(ret); } static bool -handle_alert(AlertMessage *msg, struct connection_closure *closure) +handle_alert(AlertMessage *msg, uint8_t *buf, size_t len, + struct connection_closure *closure) { - struct timespec alert_time; + const char *source = closure->journal_path ? closure->journal_path : + closure->ipaddr; debug_decl(handle_alert, SUDO_DEBUG_UTIL); /* Check that message is valid. */ if (msg->alert_time == NULL || msg->reason == NULL) { - sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO, - "invalid AlertMessage, alert_time: %p, reason: %p", - msg->alert_time, msg->reason); + sudo_warnx(U_("%s: %s"), source, U_("invalid AlertMessage")); closure->errstr = _("invalid AlertMessage"); debug_return_bool(false); } - sudo_debug_printf(SUDO_DEBUG_INFO, "%s: received AlertMessage", __func__); + sudo_debug_printf(SUDO_DEBUG_INFO, "%s: received AlertMessage from %s", + source, __func__); - if (msg->info_msgs != NULL && msg->n_info_msgs != 0) { - closure->evlog = evlog_new(NULL, msg->info_msgs, msg->n_info_msgs); - if (closure->evlog == NULL) { - closure->errstr = _("error parsing AlertMessage"); - debug_return_bool(false); - } - } + debug_return_bool(closure->cms->alert(msg, buf, len, closure)); +} - alert_time.tv_sec = msg->alert_time->tv_sec; - alert_time.tv_nsec = msg->alert_time->tv_nsec; - if (!eventlog_alert(closure->evlog, 0, &alert_time, msg->reason, NULL)) { - closure->errstr = _("error logging alert event"); - debug_return_bool(false); - } +/* Enable a commit event if not relaying and it is not already pending. */ +static bool +enable_commit(struct connection_closure *closure) +{ + debug_decl(enable_commit, SUDO_DEBUG_UTIL); + if (closure->relay_closure == NULL) { + if (!ISSET(closure->commit_ev->flags, SUDO_EVQ_INSERTED)) { + struct timespec tv = { ACK_FREQUENCY, 0 }; + if (sudo_ev_add(closure->evbase, closure->commit_ev, &tv, false) == -1) { + sudo_warnx("%s", U_("unable to add event to queue")); + debug_return_bool(false); + } + } + } debug_return_bool(true); } static bool -handle_iobuf(int iofd, IoBuffer *msg, struct connection_closure *closure) +handle_iobuf(int iofd, IoBuffer *iobuf, uint8_t *buf, size_t len, + struct connection_closure *closure) { + const char *source = closure->journal_path ? closure->journal_path : + closure->ipaddr; debug_decl(handle_iobuf, SUDO_DEBUG_UTIL); if (closure->state != RUNNING) { - sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO, - "unexpected state %d", closure->state); + sudo_warnx(U_("unexpected state %d for %s"), closure->state, source); closure->errstr = _("state machine error"); debug_return_bool(false); } if (!closure->log_io) { - sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO, - "not logging I/O"); + sudo_warnx(U_("%s: unexpected IoBuffer"), source); closure->errstr = _("protocol error"); debug_return_bool(false); } - sudo_debug_printf(SUDO_DEBUG_INFO, "%s: received IoBuffer", __func__); + sudo_debug_printf(SUDO_DEBUG_INFO, "%s: received IoBuffer from %s", + source, __func__); - /* Store IoBuffer in log. */ - if (store_iobuf(iofd, msg, closure) == -1) { - sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO, - "failed to store IoBuffer"); - closure->errstr = _("error writing IoBuffer"); + if (!closure->cms->iobuf(iofd, iobuf, buf, len, closure)) + debug_return_bool(false); + if (!enable_commit(closure)) debug_return_bool(false); - } - - /* Random drop is a debugging tool to test client restart. */ - if (random_drop > 0.0) { - double randval = arc4random() / (double)UINT32_MAX; - if (randval < random_drop) { - sudo_debug_printf(SUDO_DEBUG_WARN|SUDO_DEBUG_LINENO, - "randomly dropping connection (%f < %f)", randval, random_drop); - debug_return_bool(false); - } - } - - /* Schedule a commit point in 10 sec if one is not already pending. */ - if (!ISSET(closure->commit_ev->flags, SUDO_EVQ_INSERTED)) { - struct timespec tv = { ACK_FREQUENCY, 0 }; - if (sudo_ev_add(closure->evbase, closure->commit_ev, &tv, false) == -1) { - sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO, - "unable to add commit point event"); - debug_return_bool(false); - } - } debug_return_bool(true); } static bool -handle_winsize(ChangeWindowSize *msg, struct connection_closure *closure) +handle_winsize(ChangeWindowSize *msg, uint8_t *buf, size_t len, + struct connection_closure *closure) { + const char *source = closure->journal_path ? closure->journal_path : + closure->ipaddr; debug_decl(handle_winsize, SUDO_DEBUG_UTIL); if (closure->state != RUNNING) { - sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO, - "unexpected state %d", closure->state); + sudo_warnx(U_("unexpected state %d for %s"), closure->state, source); closure->errstr = _("state machine error"); debug_return_bool(false); } if (!closure->log_io) { - sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO, - "not logging I/O"); + sudo_warnx(U_("%s: unexpected IoBuffer"), source); closure->errstr = _("protocol error"); debug_return_bool(false); } - sudo_debug_printf(SUDO_DEBUG_INFO, "%s: received ChangeWindowSize", - __func__); + sudo_debug_printf(SUDO_DEBUG_INFO, "%s: received ChangeWindowSize from %s", + source, __func__); - /* Store new window size in log. */ - if (store_winsize(msg, closure) == -1) { - sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO, - "failed to store ChangeWindowSize"); - closure->errstr = _("error writing ChangeWindowSize"); + if (!closure->cms->winsize(msg, buf, len, closure)) + debug_return_bool(false); + if (!enable_commit(closure)) debug_return_bool(false); - } debug_return_bool(true); } static bool -handle_suspend(CommandSuspend *msg, struct connection_closure *closure) +handle_suspend(CommandSuspend *msg, uint8_t *buf, size_t len, + struct connection_closure *closure) { - debug_decl(handle_suspend, SUDO_DEBUG_UTIL); + const char *source = closure->journal_path ? closure->journal_path : + closure->ipaddr; + debug_decl(handle_syspend, SUDO_DEBUG_UTIL); if (closure->state != RUNNING) { - sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO, - "unexpected state %d", closure->state); + sudo_warnx(U_("unexpected state %d for %s"), closure->state, source); closure->errstr = _("state machine error"); debug_return_bool(false); } if (!closure->log_io) { - sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO, - "not logging I/O"); + sudo_warnx(U_("%s: unexpected IoBuffer"), source); closure->errstr = _("protocol error"); debug_return_bool(false); } - sudo_debug_printf(SUDO_DEBUG_INFO, "%s: received CommandSuspend", - __func__); + sudo_debug_printf(SUDO_DEBUG_INFO, "%s: received CommandSuspend from %s", + source, __func__); - /* Store suspend signal in log. */ - if (store_suspend(msg, closure) == -1) { - sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO, - "failed to store CommandSuspend"); - closure->errstr = _("error writing CommandSuspend"); + if (!closure->cms->suspend(msg, buf, len, closure)) + debug_return_bool(false); + if (!enable_commit(closure)) debug_return_bool(false); - } debug_return_bool(true); } static bool -handle_client_hello(ClientHello *msg, struct connection_closure *closure) +handle_client_hello(ClientHello *msg, uint8_t *buf, size_t len, + struct connection_closure *closure) { + const char *source = closure->journal_path ? closure->journal_path : + closure->ipaddr; debug_decl(handle_client_hello, SUDO_DEBUG_UTIL); if (closure->state != INITIAL) { - sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO, - "unexpected state %d", closure->state); + sudo_warnx(U_("unexpected state %d for %s"), closure->state, source); closure->errstr = _("state machine error"); debug_return_bool(false); } @@ -649,60 +734,62 @@ handle_client_message(uint8_t *buf, size_t len, struct connection_closure *closure) { + const char *source = closure->journal_path ? closure->journal_path : + closure->ipaddr; ClientMessage *msg; bool ret = false; debug_decl(handle_client_message, SUDO_DEBUG_UTIL); + /* TODO: can we extract type_case without unpacking for relay case? */ msg = client_message__unpack(NULL, len, buf); if (msg == NULL) { - sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO, - "unable to unpack ClientMessage size %zu", len); + sudo_warnx("unable to unpack %s size %zu", "ClientMessage", len); debug_return_bool(false); } switch (msg->type_case) { case CLIENT_MESSAGE__TYPE_ACCEPT_MSG: - ret = handle_accept(msg->u.accept_msg, closure); + ret = handle_accept(msg->u.accept_msg, buf, len, closure); break; case CLIENT_MESSAGE__TYPE_REJECT_MSG: - ret = handle_reject(msg->u.reject_msg, closure); + ret = handle_reject(msg->u.reject_msg, buf, len, closure); break; case CLIENT_MESSAGE__TYPE_EXIT_MSG: - ret = handle_exit(msg->u.exit_msg, closure); + ret = handle_exit(msg->u.exit_msg, buf, len, closure); break; case CLIENT_MESSAGE__TYPE_RESTART_MSG: - ret = handle_restart(msg->u.restart_msg, closure); + ret = handle_restart(msg->u.restart_msg, buf, len, closure); break; case CLIENT_MESSAGE__TYPE_ALERT_MSG: - ret = handle_alert(msg->u.alert_msg, closure); + ret = handle_alert(msg->u.alert_msg, buf, len, closure); break; case CLIENT_MESSAGE__TYPE_TTYIN_BUF: - ret = handle_iobuf(IOFD_TTYIN, msg->u.ttyin_buf, closure); + ret = handle_iobuf(IOFD_TTYIN, msg->u.ttyin_buf, buf, len, closure); break; case CLIENT_MESSAGE__TYPE_TTYOUT_BUF: - ret = handle_iobuf(IOFD_TTYOUT, msg->u.ttyout_buf, closure); + ret = handle_iobuf(IOFD_TTYOUT, msg->u.ttyout_buf, buf, len, closure); break; case CLIENT_MESSAGE__TYPE_STDIN_BUF: - ret = handle_iobuf(IOFD_STDIN, msg->u.stdin_buf, closure); + ret = handle_iobuf(IOFD_STDIN, msg->u.stdin_buf, buf, len, closure); break; case CLIENT_MESSAGE__TYPE_STDOUT_BUF: - ret = handle_iobuf(IOFD_STDOUT, msg->u.stdout_buf, closure); + ret = handle_iobuf(IOFD_STDOUT, msg->u.stdout_buf, buf, len, closure); break; case CLIENT_MESSAGE__TYPE_STDERR_BUF: - ret = handle_iobuf(IOFD_STDERR, msg->u.stderr_buf, closure); + ret = handle_iobuf(IOFD_STDERR, msg->u.stderr_buf, buf, len, closure); break; case CLIENT_MESSAGE__TYPE_WINSIZE_EVENT: - ret = handle_winsize(msg->u.winsize_event, closure); + ret = handle_winsize(msg->u.winsize_event, buf, len, closure); break; case CLIENT_MESSAGE__TYPE_SUSPEND_EVENT: - ret = handle_suspend(msg->u.suspend_event, closure); + ret = handle_suspend(msg->u.suspend_event, buf, len, closure); break; case CLIENT_MESSAGE__TYPE_HELLO_MSG: - ret = handle_client_hello(msg->u.hello_msg, closure); + ret = handle_client_hello(msg->u.hello_msg, buf, len, closure); break; default: - sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO, - "unexpected type_case value %d", msg->type_case); + sudo_warnx(U_("unexpected type_case value %d in %s from %s"), + msg->type_case, "ClientMessage", source); closure->errstr = _("unrecognized ClientMessage type"); break; } @@ -717,13 +804,6 @@ struct sudo_event_base *base = v; debug_decl(shutdown_cb, SUDO_DEBUG_UTIL); -#if defined(HAVE_OPENSSL) - /* deallocate server's SSL context object */ - struct logsrvd_tls_runtime *tls_runtime = logsrvd_get_tls_runtime(); - if (tls_runtime != NULL) { - SSL_CTX_free(tls_runtime->ssl_ctx); - } -#endif sudo_ev_loopbreak(base); debug_return; @@ -748,16 +828,17 @@ TAILQ_FOREACH_SAFE(closure, &connections, entries, next) { closure->state = SHUTDOWN; sudo_ev_del(base, closure->read_ev); - if (closure->log_io) { + if (closure->relay_closure != NULL) { + /* Connection being relayed, check for pending I/O. */ + relay_shutdown(closure); + } else if (closure->log_io) { /* Schedule final commit point for the connection. */ if (sudo_ev_add(base, closure->commit_ev, &tv, false) == -1) { - sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO, - "unable to add commit point event"); + sudo_warnx("%s", U_("unable to add event to queue")); } } else { /* No commit point, close connection immediately. */ - sudo_ev_del(closure->evbase, closure->write_ev); - connection_closure_free(closure); + connection_close(closure); } } @@ -767,8 +848,7 @@ if (ev != NULL) { tv.tv_sec = SHUTDOWN_TIMEO; if (sudo_ev_add(base, ev, &tv, false) == -1) { - sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO, - "unable to add shutdown event"); + sudo_warnx("%s", U_("unable to add event to queue")); } } } @@ -783,7 +863,7 @@ server_msg_cb(int fd, int what, void *v) { struct connection_closure *closure = v; - struct connection_buffer *buf = &closure->write_buf; + struct connection_buffer *buf; ssize_t nwritten; debug_decl(server_msg_cb, SUDO_DEBUG_UTIL); @@ -800,19 +880,24 @@ } if (what == SUDO_EV_TIMEOUT) { - sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO, - "Writing to client timed out"); + sudo_warnx(U_("timed out writing to client %s"), closure->ipaddr); goto finished; } - sudo_debug_printf(SUDO_DEBUG_INFO, "%s: sending %u bytes to client", - __func__, buf->len - buf->off); + if ((buf = TAILQ_FIRST(&closure->write_bufs)) == NULL) { + sudo_warnx(U_("missing write buffer for client %s"), closure->ipaddr); + goto finished; + } + + sudo_debug_printf(SUDO_DEBUG_INFO, "%s: sending %u bytes to client (%s)", + __func__, buf->len - buf->off, closure->ipaddr); #if defined(HAVE_OPENSSL) - if (closure->tls) { + if (closure->ssl != NULL) { nwritten = SSL_write(closure->ssl, buf->data + buf->off, buf->len - buf->off); if (nwritten <= 0) { + const char *errstr; int err = SSL_get_error(closure->ssl, nwritten); switch (err) { case SSL_ERROR_WANT_READ: @@ -828,45 +913,46 @@ "SSL_write returns SSL_ERROR_WANT_WRITE"); debug_return; case SSL_ERROR_SYSCALL: - sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO, - "unexpected error during SSL_write(): %d (%s)", - err, strerror(errno)); + sudo_warn("%s: SSL_write", closure->ipaddr); goto finished; default: - sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO, - "unexpected error during SSL_write(): %d (%s)", - err, ERR_error_string(ERR_get_error(), NULL)); + errstr = ERR_reason_error_string(ERR_get_error()); + sudo_warnx("%s: SSL_write: %s", closure->ipaddr, errstr); goto finished; } } } else #endif { - nwritten = send(fd, buf->data + buf->off, buf->len - buf->off, 0); + nwritten = write(fd, buf->data + buf->off, buf->len - buf->off); } if (nwritten == -1) { - sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO|SUDO_DEBUG_ERRNO, - "unable to send %u bytes", buf->len - buf->off); + sudo_warn("%s: write", closure->ipaddr); goto finished; } buf->off += nwritten; if (buf->off == buf->len) { - /* sent entire message */ + /* sent entire message, move buf to free list */ sudo_debug_printf(SUDO_DEBUG_INFO, "%s: finished sending %u bytes to client", __func__, buf->len); buf->off = 0; buf->len = 0; - sudo_ev_del(closure->evbase, closure->write_ev); - if (closure->state == FINISHED || closure->state == SHUTDOWN || - closure->state == ERROR) - goto finished; + TAILQ_REMOVE(&closure->write_bufs, buf, entries); + TAILQ_INSERT_TAIL(&closure->free_bufs, buf, entries); + if (TAILQ_EMPTY(&closure->write_bufs)) { + /* Write queue empty, check state. */ + sudo_ev_del(closure->evbase, closure->write_ev); + if (closure->error || closure->state == FINISHED || + closure->state == SHUTDOWN) + goto finished; + } } debug_return; finished: - connection_closure_free(closure); + connection_close(closure); debug_return; } @@ -878,6 +964,8 @@ { struct connection_closure *closure = v; struct connection_buffer *buf = &closure->read_buf; + const char *source = closure->journal_path ? closure->journal_path : + closure->ipaddr; uint32_t msg_len; ssize_t nread; debug_decl(client_msg_cb, SUDO_DEBUG_UTIL); @@ -890,15 +978,15 @@ } if (what == SUDO_EV_TIMEOUT) { - sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO, - "Reading from client timed out"); - goto finished; + sudo_warnx(U_("timed out reading from client %s"), closure->ipaddr); + goto close_connection; } #if defined(HAVE_OPENSSL) - if (closure->tls) { + if (closure->ssl != NULL) { nread = SSL_read(closure->ssl, buf->data + buf->len, buf->size); if (nread <= 0) { + const char *errstr; int err = SSL_get_error(closure->ssl, nread); switch (err) { case SSL_ERROR_ZERO_RETURN: @@ -918,10 +1006,10 @@ if (!sudo_ev_pending(closure->write_ev, SUDO_EV_WRITE, NULL)) { /* Enable a temporary write event. */ if (sudo_ev_add(closure->evbase, closure->write_ev, - logsrvd_conf_get_sock_timeout(), false) == -1) { - sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO, - "unable to add event to queue"); - goto finished; + logsrvd_conf_server_timeout(), false) == -1) { + sudo_warnx("%s", U_("unable to add event to queue")); + closure->errstr = _("unable to allocate memory"); + goto send_error; } closure->temporary_write_event = true; } @@ -929,38 +1017,40 @@ closure->read_instead_of_write = true; debug_return; case SSL_ERROR_SYSCALL: - sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO, - "unexpected error during SSL_read(): %d (%s)", - err, strerror(errno)); - goto finished; + if (nread == 0) { + /* EOF, handled below */ + sudo_warnx(U_("EOF from %s without proper TLS shutdown"), + closure->ipaddr); + break; + } + sudo_warn("%s: SSL_read", closure->ipaddr); + goto close_connection; default: - sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO, - "unexpected error during SSL_read(): %d (%s)", - err, ERR_error_string(ERR_get_error(), NULL)); - goto finished; + errstr = ERR_reason_error_string(ERR_get_error()); + sudo_warnx("%s: SSL_read: %s", closure->ipaddr, errstr); + goto close_connection; } } } else #endif { - nread = recv(fd, buf->data + buf->len, buf->size - buf->len, 0); + nread = read(fd, buf->data + buf->len, buf->size - buf->len); } - sudo_debug_printf(SUDO_DEBUG_INFO, "%s: received %zd bytes from client", - __func__, nread); + sudo_debug_printf(SUDO_DEBUG_INFO, "%s: received %zd bytes from client %s", + __func__, nread, closure->ipaddr); switch (nread) { case -1: if (errno == EAGAIN) debug_return; - sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO|SUDO_DEBUG_ERRNO, - "unable to receive %u bytes", buf->size - buf->len); - goto finished; + sudo_warn("%s: read", closure->ipaddr); + goto close_connection; case 0: if (closure->state != FINISHED) { sudo_debug_printf(SUDO_DEBUG_WARN|SUDO_DEBUG_LINENO, "unexpected EOF"); } - goto finished; + goto close_connection; default: break; } @@ -972,26 +1062,27 @@ msg_len = ntohl(msg_len); if (msg_len > MESSAGE_SIZE_MAX) { - sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO, - "client message too large: %u", msg_len); + sudo_warnx(U_("client message too large: %zu"), (size_t)msg_len); closure->errstr = _("client message too large"); goto send_error; } if (msg_len + sizeof(msg_len) > buf->len - buf->off) { /* Incomplete message, we'll read the rest next time. */ - if (!expand_buf(buf, msg_len + sizeof(msg_len))) - goto finished; + if (!expand_buf(buf, msg_len + sizeof(msg_len))) { + closure->errstr = _("unable to allocate memory"); + goto send_error; + } debug_return; } - /* Parse ClientMessage, could be zero bytes. */ + /* Parse ClientMessage (could be zero bytes). */ sudo_debug_printf(SUDO_DEBUG_INFO, "%s: parsing ClientMessage, size %u", __func__, msg_len); buf->off += sizeof(msg_len); if (!handle_client_message(buf->data + buf->off, msg_len, closure)) { - sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO, - "unable to parse ClientMessage, size %u", msg_len); + sudo_warnx(U_("%s: %s"), source, U_("invalid ClientMessage")); + closure->errstr = _("invalid ClientMessage"); goto send_error; } buf->off += msg_len; @@ -1000,65 +1091,78 @@ buf->off = 0; if (closure->state == FINISHED) - goto finished; + goto close_connection; debug_return; + send_error: - if (closure->errstr == NULL) - goto finished; - if (fmt_error_message(closure->errstr, &closure->write_buf)) { - sudo_ev_del(closure->evbase, closure->read_ev); + /* + * Try to send client an error message before closing the connection. + */ + if (!schedule_error_message(closure->errstr, closure)) + goto close_connection; + debug_return; + +close_connection: + connection_close(closure); + debug_return; +} + +/* + * Format and schedule a commit_point message. + */ +bool +schedule_commit_point(TimeSpec *commit_point, + struct connection_closure *closure) +{ + debug_decl(schedule_commit_point, SUDO_DEBUG_UTIL); + + if (closure->write_ev != NULL) { + /* Send an acknowledgement of what we've committed to disk. */ + ServerMessage msg = SERVER_MESSAGE__INIT; + msg.u.commit_point = commit_point; + msg.type_case = SERVER_MESSAGE__TYPE_COMMIT_POINT; + + sudo_debug_printf(SUDO_DEBUG_INFO, + "%s: sending commit point [%lld, %ld]", __func__, + (long long)commit_point->tv_sec, (long)commit_point->tv_nsec); + + if (!fmt_server_message(closure, &msg)) + goto bad; if (sudo_ev_add(closure->evbase, closure->write_ev, - logsrvd_conf_get_sock_timeout(), false) == -1) { - sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO, - "unable to add server write event"); + logsrvd_conf_server_timeout(), false) == -1) { + sudo_warnx("%s", U_("unable to add event to queue")); + goto bad; } } -finished: - connection_closure_free(closure); - debug_return; + + if (closure->state == EXITED) + closure->state = FINISHED; + debug_return_bool(true); +bad: + debug_return_bool(false); } /* - * Format and schedule a commit_point message. + * Time-based event that fires periodically to report to the client + * what has been committed to disk. */ static void server_commit_cb(int unused, int what, void *v) { - ServerMessage msg = SERVER_MESSAGE__INIT; - TimeSpec commit_point = TIME_SPEC__INIT; struct connection_closure *closure = v; - + TimeSpec commit_point = TIME_SPEC__INIT; debug_decl(server_commit_cb, SUDO_DEBUG_UTIL); - /* Send the client an acknowledgement of what has been committed to disk. */ + /* Flush I/O logs before sending commit point if needed. */ + if (!iolog_get_flush()) + iolog_flush_all(closure); + commit_point.tv_sec = closure->elapsed_time.tv_sec; commit_point.tv_nsec = closure->elapsed_time.tv_nsec; - msg.u.commit_point = &commit_point; - msg.type_case = SERVER_MESSAGE__TYPE_COMMIT_POINT; - - sudo_debug_printf(SUDO_DEBUG_INFO, "%s: sending commit point [%lld, %ld]", - __func__, (long long)closure->elapsed_time.tv_sec, - closure->elapsed_time.tv_nsec); + if (!schedule_commit_point(&commit_point, closure)) + connection_close(closure); - /* XXX - assumes no other server message pending, use a queue instead? */ - if (!fmt_server_message(&closure->write_buf, &msg)) { - sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO, - "unable to format ServerMessage (commit point)"); - goto bad; - } - if (sudo_ev_add(closure->evbase, closure->write_ev, - logsrvd_conf_get_sock_timeout(), false) == -1) { - sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO, - "unable to add server write event"); - goto bad; - } - - if (closure->state == EXITED) - closure->state = FINISHED; - debug_return; -bad: - connection_closure_free(closure); debug_return; } @@ -1067,17 +1171,27 @@ * When we enter the event loop the ServerHello message will be written * and any pending ClientMessage will be read. */ -static bool +bool start_protocol(struct connection_closure *closure) { - const struct timespec *timeout = logsrvd_conf_get_sock_timeout(); + const struct timespec *timeout = logsrvd_conf_server_timeout(); debug_decl(start_protocol, SUDO_DEBUG_UTIL); - if (!fmt_hello_message(&closure->write_buf, closure->tls)) - debug_return_bool(false); + if (closure->relay_closure != NULL && closure->relay_closure->relays != NULL) { + /* No longer need the stashed relays list. */ + address_list_delref(closure->relay_closure->relays); + closure->relay_closure->relays = NULL; + closure->relay_closure->relay_addr = NULL; + } - if (sudo_ev_add(closure->evbase, closure->write_ev, timeout, false) == -1) - debug_return_bool(false); + /* When replaying a journal there is no write event. */ + if (closure->write_ev != NULL) { + if (!fmt_hello_message(closure)) + debug_return_bool(false); + + if (sudo_ev_add(closure->evbase, closure->write_ev, timeout, false) == -1) + debug_return_bool(false); + } /* No read timeout, client messages may happen at arbitrary times. */ if (sudo_ev_add(closure->evbase, closure->read_ev, NULL, false) == -1) @@ -1129,296 +1243,48 @@ } } -static bool -verify_server_cert(SSL_CTX *ctx, const struct logsrvd_tls_config *tls_config) -{ -#ifdef HAVE_SSL_CTX_GET0_CERTIFICATE - bool ret = false; - X509_STORE_CTX *store_ctx = NULL; - X509_STORE *ca_store; - STACK_OF(X509) *chain_certs; - X509 *x509; - debug_decl(verify_server_cert, SUDO_DEBUG_UTIL); - - if ((x509 = SSL_CTX_get0_certificate(ctx)) == NULL) { - sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO, - "unable to get X509 object from SSL_CTX: %s", - ERR_error_string(ERR_get_error(), NULL)); - goto exit; - } - - if ((store_ctx = X509_STORE_CTX_new()) == NULL) { - sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO, - "unable to allocate X509_STORE_CTX object: %s", - ERR_error_string(ERR_get_error(), NULL)); - goto exit; - } - - if (!SSL_CTX_get0_chain_certs(ctx, &chain_certs)) { - sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO, - "unable to get chain certs: %s", - ERR_error_string(ERR_get_error(), NULL)); - goto exit; - } - - if ((ca_store = SSL_CTX_get_cert_store(ctx)) != NULL) - X509_STORE_set_flags(ca_store, X509_V_FLAG_X509_STRICT); - - if (!X509_STORE_CTX_init(store_ctx, ca_store, x509, chain_certs)) { - sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO, - "unable to initialize X509_STORE_CTX object: %s", - ERR_error_string(ERR_get_error(), NULL)); - goto exit; - } - - if (X509_verify_cert(store_ctx) <= 0) { - sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO, - "unable to verify cert %s: %s", tls_config->cert_path, - ERR_error_string(ERR_get_error(), NULL)); - goto exit; - } - - ret = true; -exit: - X509_STORE_CTX_free(store_ctx); - - debug_return_bool(ret); -#else - /* TODO: verify server cert with old OpenSSL */ - return true; -#endif /* HAVE_SSL_CTX_GET0_CERTIFICATE */ -} - -static bool -init_tls_ciphersuites(SSL_CTX *ctx, const struct logsrvd_tls_config *tls_config) -{ - const char *errstr; - int success = 0; - debug_decl(init_tls_ciphersuites, SUDO_DEBUG_UTIL); - - if (tls_config->ciphers_v12) { - /* try to set TLS v1.2 ciphersuite list from config if given */ - success = SSL_CTX_set_cipher_list(ctx, tls_config->ciphers_v12); - if (success) { - sudo_debug_printf(SUDO_DEBUG_INFO|SUDO_DEBUG_LINENO, - "TLS 1.2 ciphersuite list set to %s", tls_config->ciphers_v12); - } else { - errstr = ERR_reason_error_string(ERR_get_error()); - sudo_warnx(U_("unable to set TLS 1.2 ciphersuite to %s: %s"), - tls_config->ciphers_v12, errstr); - } - } - if (!success) { - /* fallback to default ciphersuites for TLS v1.2 */ - if (SSL_CTX_set_cipher_list(ctx, LOGSRVD_DEFAULT_CIPHER_LST12) <= 0) { - errstr = ERR_reason_error_string(ERR_get_error()); - sudo_warnx(U_("unable to set TLS 1.2 ciphersuite to %s: %s"), - LOGSRVD_DEFAULT_CIPHER_LST12, errstr); - debug_return_bool(false); - } else { - sudo_debug_printf(SUDO_DEBUG_INFO|SUDO_DEBUG_LINENO, - "TLS v1.2 ciphersuite list set to %s (default)", - LOGSRVD_DEFAULT_CIPHER_LST12); - } - } - -# if defined(HAVE_SSL_CTX_SET_CIPHERSUITES) - success = 0; - if (tls_config->ciphers_v13) { - /* try to set TLSv1.3 ciphersuite list from config */ - success = SSL_CTX_set_ciphersuites(ctx, tls_config->ciphers_v13); - if (success) { - sudo_debug_printf(SUDO_DEBUG_INFO|SUDO_DEBUG_LINENO, - "TLS v1.3 ciphersuite list set to %s", tls_config->ciphers_v13); - } else { - errstr = ERR_reason_error_string(ERR_get_error()); - sudo_warnx(U_("unable to set TLS 1.3 ciphersuite to %s: %s"), - tls_config->ciphers_v13, errstr); - } - } - if (!success) { - /* fallback to default ciphersuites for TLS v1.3 */ - if (SSL_CTX_set_ciphersuites(ctx, LOGSRVD_DEFAULT_CIPHER_LST13) <= 0) { - errstr = ERR_reason_error_string(ERR_get_error()); - sudo_warnx(U_("unable to set TLS 1.3 ciphersuite to %s: %s"), - LOGSRVD_DEFAULT_CIPHER_LST13, errstr); - debug_return_bool(false); - } else { - sudo_debug_printf(SUDO_DEBUG_INFO|SUDO_DEBUG_LINENO, - "TLS v1.3 ciphersuite list set to %s (default)", - LOGSRVD_DEFAULT_CIPHER_LST13); - } - } -# endif - - debug_return_bool(true); -} - /* - * Calls series of openssl initialization functions in order to - * be able to establish configured network connections over TLS + * Set the TLS verify callback to verify_peer_identity(). */ -static bool -init_tls_server_context(void) +static void +set_tls_verify_peer(void) { - const SSL_METHOD *method; - FILE *dhparam_file = NULL; - SSL_CTX *ctx = NULL; - struct logsrvd_tls_runtime *tls_runtime = logsrvd_get_tls_runtime(); - const struct logsrvd_tls_config *tls_config = logsrvd_get_tls_config(); - bool ca_bundle_required = tls_config->verify | tls_config->check_peer; - const char *errstr; - debug_decl(init_tls_server_context, SUDO_DEBUG_UTIL); - - SSL_library_init(); - OpenSSL_add_all_algorithms(); - SSL_load_error_strings(); - - if ((method = TLS_server_method()) == NULL) { - errstr = ERR_reason_error_string(ERR_get_error()); - sudo_warnx(U_("unable to get TLS server method: %s"), errstr); - goto bad; - } - if ((ctx = SSL_CTX_new(method)) == NULL) { - errstr = ERR_reason_error_string(ERR_get_error()); - sudo_warnx(U_("unable to create TLS context: %s"), errstr); - goto bad; + SSL_CTX *server_ctx = logsrvd_server_tls_ctx(); + SSL_CTX *relay_ctx = logsrvd_relay_tls_ctx(); + debug_decl(set_tls_verify_peer, SUDO_DEBUG_UTIL); + + if (server_ctx != NULL && logsrvd_conf_server_tls_check_peer()) { + /* Verify server cert during the handshake. */ + SSL_CTX_set_verify(server_ctx, + SSL_VERIFY_PEER|SSL_VERIFY_FAIL_IF_NO_PEER_CERT, + verify_peer_identity); + } + if (relay_ctx != NULL && logsrvd_conf_relay_tls_check_peer()) { + /* Verify relay cert during the handshake. */ + SSL_CTX_set_verify(relay_ctx, + SSL_VERIFY_PEER|SSL_VERIFY_FAIL_IF_NO_PEER_CERT, + verify_peer_identity); } - if (SSL_CTX_use_certificate_chain_file(ctx, tls_config->cert_path) <= 0) { - errstr = ERR_reason_error_string(ERR_get_error()); - sudo_warnx(U_("%s: %s"), tls_config->cert_path, errstr); - sudo_warnx(U_("unable to load certificate %s"), tls_config->cert_path); - goto bad; - } - - /* if server or client authentication is required, CA bundle file has to be prepared */ - if (ca_bundle_required) { - if (tls_config->cacert_path != NULL) { - STACK_OF(X509_NAME) *cacerts = - SSL_load_client_CA_file(tls_config->cacert_path); - - if (cacerts == NULL) { - errstr = ERR_reason_error_string(ERR_get_error()); - sudo_warnx(U_("%s: %s"), tls_config->cacert_path, errstr); - sudo_warnx(U_("unable to load certificate authority bundle %s"), - tls_config->cacert_path); - goto bad; - } - SSL_CTX_set_client_CA_list(ctx, cacerts); - - /* set the location of the CA bundle file for verification */ - if (SSL_CTX_load_verify_locations(ctx, tls_config->cacert_path, NULL) <= 0) { - errstr = ERR_reason_error_string(ERR_get_error()); - sudo_warnx("SSL_CTX_load_verify_locations: %s", errstr); - goto bad; - } - } else { - if (!SSL_CTX_set_default_verify_paths(ctx)) { - errstr = ERR_reason_error_string(ERR_get_error()); - sudo_warnx("SSL_CTX_set_default_verify_paths: %s", errstr); - goto bad; - } - } - - /* only verify server cert if it is set in the configuration */ - if (tls_config->verify) { - if (!verify_server_cert(ctx, tls_config)) - goto bad; - } else { - sudo_debug_printf(SUDO_DEBUG_INFO|SUDO_DEBUG_LINENO, - "skipping server cert check"); - } - } - - /* if peer authentication is enabled, verify client cert during TLS handshake - * The last parameter is a callback, where identity validation (hostname/ip) - * will be performed, because it is not automatically done by openssl. - */ - if (tls_config->check_peer) { - SSL_CTX_set_verify(ctx, SSL_VERIFY_PEER | SSL_VERIFY_FAIL_IF_NO_PEER_CERT, verify_peer_identity); - } - - /* if private key file was not set, assume that the cert file contains the private key */ - char* pkey = (tls_config->pkey_path == NULL ? tls_config->cert_path : tls_config->pkey_path); - - if (!SSL_CTX_use_PrivateKey_file(ctx, pkey, SSL_FILETYPE_PEM) || - !SSL_CTX_check_private_key(ctx)) { - errstr = ERR_reason_error_string(ERR_get_error()); - sudo_warnx(U_("%s: %s"), pkey, errstr); - sudo_warnx(U_("unable to load private key %s"), pkey); - goto bad; - } - - /* initialize TLSv1.2 and TLSv1.3 ciphersuites */ - if (!init_tls_ciphersuites(ctx, tls_config)) { - goto bad; - } - - /* try to load and set diffie-hellman parameters */ - if (tls_config->dhparams_path != NULL) - dhparam_file = fopen(tls_config->dhparams_path, "r"); - if (dhparam_file != NULL) { - DH *dhparams = PEM_read_DHparams(dhparam_file, NULL, NULL, NULL); - if (dhparams != NULL) { - if (!SSL_CTX_set_tmp_dh(ctx, dhparams)) { - errstr = ERR_reason_error_string(ERR_get_error()); - sudo_warnx(U_("unable to set diffie-hellman parameters: %s"), - errstr); - DH_free(dhparams); - } else { - sudo_debug_printf(SUDO_DEBUG_INFO|SUDO_DEBUG_LINENO, - "diffie-hellman parameters are loaded"); - } - } else { - errstr = ERR_reason_error_string(ERR_get_error()); - sudo_warnx(U_("unable to set diffie-hellman parameters: %s"), - errstr); - } - fclose(dhparam_file); - } else { - sudo_debug_printf(SUDO_DEBUG_WARN|SUDO_DEBUG_LINENO, - "dhparam file not found, will use default parameters"); - } - - /* audit server supports TLS version 1.2 or higher */ -#ifdef HAVE_SSL_CTX_SET_MIN_PROTO_VERSION - if (!SSL_CTX_set_min_proto_version(ctx, TLS1_2_VERSION)) { - errstr = ERR_reason_error_string(ERR_get_error()); - sudo_warnx(U_("unable to set minimum protocol version to TLS 1.2: %s"), - errstr); - goto bad; - } -#else - SSL_CTX_set_options(ctx, - SSL_OP_NO_SSLv2|SSL_OP_NO_SSLv3|SSL_OP_NO_TLSv1|SSL_OP_NO_TLSv1_1); -#endif - - tls_runtime->ssl_ctx = ctx; - - debug_return_bool(true); - -bad: - SSL_CTX_free(ctx); - - debug_return_bool(false); + debug_return; } static void tls_handshake_cb(int fd, int what, void *v) { struct connection_closure *closure = v; + const char *errstr; + int err, handshake_status; debug_decl(tls_handshake_cb, SUDO_DEBUG_UTIL); if (what == SUDO_EV_TIMEOUT) { - sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO, - "TLS handshake timed out"); + sudo_warnx("TLS handshake with %s timed out", closure->ipaddr); goto bad; } - int handshake_status = SSL_accept(closure->ssl); - int err = SSL_ERROR_NONE; - switch (err = SSL_get_error(closure->ssl, handshake_status)) { + handshake_status = SSL_accept(closure->ssl); + err = SSL_get_error(closure->ssl, handshake_status); + switch (err) { case SSL_ERROR_NONE: /* ssl handshake was successful */ sudo_debug_printf(SUDO_DEBUG_INFO|SUDO_DEBUG_LINENO, @@ -1437,9 +1303,8 @@ } } if (sudo_ev_add(closure->evbase, closure->ssl_accept_ev, - logsrvd_conf_get_sock_timeout(), false) == -1) { - sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO, - "unable to add ssl_accept_ev to queue"); + logsrvd_conf_server_timeout(), false) == -1) { + sudo_warnx("%s", U_("unable to add event to queue")); goto bad; } debug_return; @@ -1456,21 +1321,17 @@ } } if (sudo_ev_add(closure->evbase, closure->ssl_accept_ev, - logsrvd_conf_get_sock_timeout(), false) == -1) { - sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO, - "unable to add ssl_accept_ev to queue"); + logsrvd_conf_server_timeout(), false) == -1) { + sudo_warnx("%s", U_("unable to add event to queue")); goto bad; } debug_return; case SSL_ERROR_SYSCALL: - sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO, - "unexpected error during TLS handshake: %d (%s)", - err, strerror(errno)); + sudo_warn("%s: SSL_accept", closure->ipaddr); goto bad; default: - sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO, - "unexpected error during TLS handshake: %d (%s)", - err, ERR_error_string(ERR_get_error(), NULL)); + errstr = ERR_reason_error_string(ERR_get_error()); + sudo_warnx("%s: SSL_accept: %s", closure->ipaddr, errstr); goto bad; } @@ -1480,71 +1341,22 @@ SSL_get_cipher(closure->ssl)); /* Start the actual protocol now that the TLS handshake is complete. */ - if (!start_protocol(closure)) - goto bad; + if (!TAILQ_EMPTY(logsrvd_conf_relay_address()) && !closure->store_first) { + if (!connect_relay(closure)) + goto bad; + } else { + if (!start_protocol(closure)) + goto bad; + } debug_return; bad: - connection_closure_free(closure); + connection_close(closure); debug_return; } #endif /* HAVE_OPENSSL */ /* - * Allocate a new connection closure. - */ -static struct connection_closure * -connection_closure_alloc(int sock, bool tls, struct sudo_event_base *base) -{ - struct connection_closure *closure; - debug_decl(connection_closure_alloc, SUDO_DEBUG_UTIL); - - if ((closure = calloc(1, sizeof(*closure))) == NULL) - debug_return_ptr(NULL); - - closure->iolog_dir_fd = -1; - closure->sock = sock; - closure->tls = tls; - closure->evbase = base; - - TAILQ_INSERT_TAIL(&connections, closure, entries); - - closure->read_buf.size = 64 * 1024; - closure->read_buf.data = malloc(closure->read_buf.size); - if (closure->read_buf.data == NULL) - goto bad; - - closure->commit_ev = sudo_ev_alloc(-1, SUDO_EV_TIMEOUT, - server_commit_cb, closure); - if (closure->commit_ev == NULL) - goto bad; - - closure->read_ev = sudo_ev_alloc(sock, SUDO_EV_READ|SUDO_EV_PERSIST, - client_msg_cb, closure); - if (closure->read_ev == NULL) - goto bad; - - closure->write_ev = sudo_ev_alloc(sock, SUDO_EV_WRITE|SUDO_EV_PERSIST, - server_msg_cb, closure); - if (closure->write_ev == NULL) - goto bad; - -#if defined(HAVE_OPENSSL) - if (tls) { - closure->ssl_accept_ev = sudo_ev_alloc(sock, SUDO_EV_READ, - tls_handshake_cb, closure); - if (closure->ssl_accept_ev == NULL) - goto bad; - } -#endif - - debug_return_ptr(closure); -bad: - connection_closure_free(closure); - debug_return_ptr(NULL); -} - -/* * New connection. * Allocate a connection closure and optionally perform TLS handshake. */ @@ -1555,7 +1367,7 @@ struct connection_closure *closure; debug_decl(new_connection, SUDO_DEBUG_UTIL); - if ((closure = connection_closure_alloc(sock, tls, evbase)) == NULL) + if ((closure = connection_closure_alloc(sock, tls, false, evbase)) == NULL) goto bad; /* store the peer's IP address in the closure object */ @@ -1570,7 +1382,8 @@ sizeof(closure->ipaddr)); #endif /* HAVE_STRUCT_IN6_ADDR */ } else { - sudo_fatal("%s", U_("unable to get remote IP addr")); + errno = EAFNOSUPPORT; + sudo_warn("%s", U_("unable to get remote IP addr")); goto bad; } sudo_debug_printf(SUDO_DEBUG_INFO|SUDO_DEBUG_LINENO, @@ -1579,18 +1392,18 @@ #if defined(HAVE_OPENSSL) /* If TLS is enabled, perform the TLS handshake first. */ if (tls) { + const char *errstr; + /* Create the SSL object for the closure and attach it to the socket */ - if ((closure->ssl = SSL_new(logsrvd_get_tls_runtime()->ssl_ctx)) == NULL) { - sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO, - "unable to create new ssl object: %s", - ERR_error_string(ERR_get_error(), NULL)); + if ((closure->ssl = SSL_new(logsrvd_server_tls_ctx())) == NULL) { + errstr = ERR_reason_error_string(ERR_get_error()); + sudo_warnx(U_("%s: %s"), "SSL_new", errstr); goto bad; } if (SSL_set_fd(closure->ssl, closure->sock) != 1) { - sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO, - "unable to set fd for TLS: %s", - ERR_error_string(ERR_get_error(), NULL)); + errstr = ERR_reason_error_string(ERR_get_error()); + sudo_warnx(U_("%s: %s"), "SSL_set_fd", errstr); goto bad; } @@ -1598,33 +1411,39 @@ available during hostname matching */ if (SSL_set_ex_data(closure->ssl, 1, closure) <= 0) { + errstr = ERR_reason_error_string(ERR_get_error()); sudo_warnx(U_("Unable to attach user data to the ssl object: %s"), - ERR_error_string(ERR_get_error(), NULL)); + errstr); goto bad; } /* Enable SSL_accept to begin handshake with client. */ if (sudo_ev_add(evbase, closure->ssl_accept_ev, - logsrvd_conf_get_sock_timeout(), false) == -1) { - sudo_fatal("%s", U_("unable to add event to queue")); + logsrvd_conf_server_timeout(), false) == -1) { + sudo_warnx("%s", U_("unable to add event to queue")); goto bad; } } #endif /* If no TLS handshake, start the protocol immediately. */ if (!tls) { - if (!start_protocol(closure)) - goto bad; + if (!TAILQ_EMPTY(logsrvd_conf_relay_address()) && !closure->store_first) { + if (!connect_relay(closure)) + goto bad; + } else { + if (!start_protocol(closure)) + goto bad; + } } debug_return_bool(true); bad: - connection_closure_free(closure); + connection_close(closure); debug_return_bool(false); } static int -create_listener(struct listen_address *addr) +create_listener(struct server_address *addr) { int flags, on, sock; const char *family = "inet4"; @@ -1683,13 +1502,11 @@ sock = accept(fd, &s_un.sa, &salen); if (sock != -1) { - /* set keepalive socket option on socket returned by accept */ - if (logsrvd_conf_tcp_keepalive()) { + if (logsrvd_conf_server_tcp_keepalive()) { int keepalive = 1; if (setsockopt(sock, SOL_SOCKET, SO_KEEPALIVE, &keepalive, sizeof(keepalive)) == -1) { - sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO|SUDO_DEBUG_ERRNO, - "unable to set SO_KEEPALIVE option"); + sudo_warn("SO_KEEPALIVE"); } } if (!new_connection(sock, l->tls, &s_un.sa, evbase)) { @@ -1698,10 +1515,8 @@ "unable to start new connection"); } } else { - if (errno != EAGAIN) { - sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO|SUDO_DEBUG_ERRNO, - "unable to accept new connection"); - } + if (errno != EAGAIN) + sudo_warn("accept"); /* TODO: pause accepting on ENFILE and EMFILE */ } @@ -1709,7 +1524,7 @@ } static bool -register_listener(struct listen_address *addr, struct sudo_event_base *evbase) +register_listener(struct server_address *addr, struct sudo_event_base *evbase) { struct listener *l; int sock; @@ -1735,15 +1550,15 @@ } /* - * Register listeners and init the TLS context. + * Register listeners and set the TLS verify callback. */ static bool server_setup(struct sudo_event_base *base) { - struct listen_address *addr; + struct server_address *addr; struct listener *l; int nlisteners = 0; - bool ret, config_tls = false; + bool ret; debug_decl(server_setup, SUDO_DEBUG_UTIL); /* Free old listeners (if any) and register new ones. */ @@ -1753,45 +1568,125 @@ close(l->sock); free(l); } - TAILQ_FOREACH(addr, logsrvd_conf_listen_address(), entries) { + TAILQ_FOREACH(addr, logsrvd_conf_server_listen_address(), entries) { nlisteners += register_listener(addr, base); - if (addr->tls) - config_tls = true; } ret = nlisteners > 0; - if (ret && config_tls) { #if defined(HAVE_OPENSSL) - if (!init_tls_server_context()) - ret = false; + if (ret) + set_tls_verify_peer(); #endif - } debug_return_bool(ret); } /* - * Reload config and re-initialize listeners and TLS context. + * Reload config and re-initialize listeners. */ static void -server_reload(struct sudo_event_base *base) +server_reload(struct sudo_event_base *evbase) { debug_decl(server_reload, SUDO_DEBUG_UTIL); sudo_debug_printf(SUDO_DEBUG_INFO, "reloading server config"); if (logsrvd_conf_read(conf_file)) { - /* Re-initialize listeners and TLS context. */ - if (!server_setup(base)) - sudo_fatalx("%s", U_("unable setup listen socket")); + /* Re-initialize listeners. */ + if (!server_setup(evbase)) + sudo_fatalx("%s", U_("unable to setup listen socket")); /* Re-read sudo.conf and re-initialize debugging. */ sudo_debug_deregister(logsrvd_debug_instance); logsrvd_debug_instance = SUDO_DEBUG_INSTANCE_INITIALIZER; if (sudo_conf_read(NULL, SUDO_CONF_DEBUG) != -1) { logsrvd_debug_instance = sudo_debug_register(getprogname(), - NULL, NULL, sudo_conf_debug_files(getprogname())); + NULL, NULL, sudo_conf_debug_files(getprogname()), -1); + } + } + + debug_return; +} + +/* + * Dump server information to the debug file. + * Includes information about listeners and client connections. + */ +static void +server_dump_stats(void) +{ + struct server_address *addr; + struct connection_closure *closure; + int n; + debug_decl(server_dump_stats, SUDO_DEBUG_UTIL); + + sudo_debug_printf(SUDO_DEBUG_INFO, "%s", server_id); + sudo_debug_printf(SUDO_DEBUG_INFO, "configuration file: %s", conf_file); + + sudo_debug_printf(SUDO_DEBUG_INFO, "listen addresses:"); + n = 0; + TAILQ_FOREACH(addr, logsrvd_conf_server_listen_address(), entries) { + union sockaddr_union *sa_un = &addr->sa_un; + char ipaddr[INET6_ADDRSTRLEN]; + + switch (sa_un->sa.sa_family) { + case AF_INET: + inet_ntop(AF_INET, &sa_un->sin.sin_addr, ipaddr, sizeof(ipaddr)); + break; + case AF_INET6: + inet_ntop(AF_INET6, &sa_un->sin6.sin6_addr, ipaddr, sizeof(ipaddr)); + break; + default: + (void)strlcpy(ipaddr, "[unknown]", sizeof(ipaddr)); + break; + } + sudo_debug_printf(SUDO_DEBUG_INFO, " %d: %s [%s]", ++n, + addr->sa_str, ipaddr); + } + + if (!TAILQ_EMPTY(&connections)) { + n = 0; + sudo_debug_printf(SUDO_DEBUG_INFO, "client connections:"); + TAILQ_FOREACH(closure, &connections, entries) { + struct relay_closure *relay_closure = closure->relay_closure; + + n++; + if (closure->sock == -1) { + sudo_debug_printf(SUDO_DEBUG_INFO, " %2d: journal %s", n, + closure->journal_path ? closure->journal_path : "none"); + sudo_debug_printf(SUDO_DEBUG_INFO, " %2d: fd %d", n, + closure->journal ? fileno(closure->journal) : -1); + } else { + sudo_debug_printf(SUDO_DEBUG_INFO, " %2d: addr %s%s", n, + closure->ipaddr, closure->tls ? " (TLS)" : ""); + sudo_debug_printf(SUDO_DEBUG_INFO, " %2d: sock %d", n, + closure->sock); + } + if (relay_closure != NULL) { + sudo_debug_printf(SUDO_DEBUG_INFO, " relay: %s (%s)", + relay_closure->relay_name.name, + relay_closure->relay_name.ipaddr); + sudo_debug_printf(SUDO_DEBUG_INFO, " relay sock: %d", + relay_closure->sock); + } + sudo_debug_printf(SUDO_DEBUG_INFO, " state: %d", closure->state); + if (closure->errstr != NULL) { + sudo_debug_printf(SUDO_DEBUG_INFO, " error: %s", + closure->errstr); + } + sudo_debug_printf(SUDO_DEBUG_INFO, " log I/O: %s", + closure->log_io ? "true" : "false"); + sudo_debug_printf(SUDO_DEBUG_INFO, " store first: %s", + closure->store_first ? "true" : "false"); + if (sudo_timespecisset(&closure->elapsed_time)) { + sudo_debug_printf(SUDO_DEBUG_INFO, + " elapsed time: [%lld, %ld]", + (long long)closure->elapsed_time.tv_sec, + (long)closure->elapsed_time.tv_nsec); + } } + sudo_debug_printf(SUDO_DEBUG_INFO, "%d client connection(s)\n", n); } + logsrvd_queue_dump(); debug_return; } @@ -1811,9 +1706,11 @@ /* Shut down active connections. */ server_shutdown(base); break; + case SIGUSR1: + server_dump_stats(); + break; default: - sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO, - "unexpected signal %d", signo); + sudo_warnx(U_("unexpected signal %d"), signo); break; } @@ -1852,13 +1749,16 @@ FILE *fp; int fd; bool success; - char *pid_file = (char *)logsrvd_conf_pid_file(); + mode_t oldmask; + const char *pid_file = logsrvd_conf_pid_file(); debug_decl(write_pidfile, SUDO_DEBUG_UTIL); if (pid_file == NULL) debug_return; - /* sudo_mkdir_parents() modifies the path but restores it before return. */ + /* Default logsrvd umask is more restrictive (077). */ + oldmask = umask(S_IWGRP|S_IWOTH); + success = sudo_mkdir_parents(pid_file, ROOT_UID, ROOT_GID, S_IRWXU|S_IXGRP|S_IXOTH, false); if (success) { @@ -1875,6 +1775,8 @@ fclose(fp); } } + umask(oldmask); + debug_return; } @@ -1887,8 +1789,11 @@ int fd; debug_decl(daemonize, SUDO_DEBUG_UTIL); + if (chdir("/") == -1) + sudo_warn("chdir(\"/\")"); + if (!nofork) { - switch (fork()) { + switch (sudo_debug_fork()) { case -1: sudo_fatal("fork"); case 0: @@ -1903,18 +1808,30 @@ if (setsid() == -1) sudo_fatal("setsid"); write_pidfile(); - } - if (chdir("/") == -1) - sudo_warn("chdir(\"/\")"); - if ((fd = open(_PATH_DEVNULL, O_RDWR)) != -1) { - (void) dup2(fd, STDIN_FILENO); - (void) dup2(fd, STDOUT_FILENO); - (void) dup2(fd, STDERR_FILENO); - if (fd > STDERR_FILENO) - (void) close(fd); + if ((fd = open(_PATH_DEVNULL, O_RDWR)) != -1) { + (void) dup2(fd, STDIN_FILENO); + (void) dup2(fd, STDOUT_FILENO); + (void) dup2(fd, STDERR_FILENO); + if (fd > STDERR_FILENO) + (void) close(fd); + } + } else { + if ((fd = open(_PATH_DEVNULL, O_RDWR)) != -1) { + /* Preserve stdout/stderr in nofork mode (if open). */ + (void) dup2(fd, STDIN_FILENO); + if (fcntl(STDOUT_FILENO, F_GETFL) == -1) + (void) dup2(fd, STDOUT_FILENO); + if (fcntl(STDERR_FILENO, F_GETFL) == -1) + (void) dup2(fd, STDERR_FILENO); + if (fd > STDERR_FILENO) + (void) close(fd); + } } + /* Disable logging to stderr after we become a daemon. */ + logsrvd_warn_stderr(false); + debug_return; } @@ -1930,15 +1847,20 @@ static void help(void) { - (void)printf(_("%s - send sudo I/O log to remote server\n\n"), - getprogname()); + printf("%s - %s\n\n", getprogname(), _("sudo log server")); usage(false); - (void)puts(_("\nOptions:\n" - " -f, --file path to configuration file\n" - " -h --help display help message and exit\n" - " -n, --no-fork do not fork, run in the foreground\n" - " -R, --random-drop percent chance connections will drop\n" - " -V, --version display version information and exit\n")); + printf("\n%s\n", _("Options:")); + printf(" -f, --file %s\n", + _("path to configuration file")); + printf(" -h, --help %s\n", + _("display help message and exit")); + printf(" -n, --no-fork %s\n", + _("do not fork, run in the foreground")); + printf(" -R, --random-drop %s\n", + _("percent chance connections will drop")); + printf(" -V, --version %s\n", + _("display version information and exit")); + putchar('\n'); exit(EXIT_SUCCESS); } @@ -1959,7 +1881,6 @@ { struct sudo_event_base *evbase; bool nofork = false; - char *ep; int ch; debug_decl_vars(main, SUDO_DEBUG_MAIN); @@ -1975,6 +1896,9 @@ bindtextdomain("sudo", LOCALEDIR); /* XXX - add logsrvd domain */ textdomain("sudo"); + /* Create files readable/writable only by owner. */ + umask(S_IRWXG|S_IRWXO); + /* Register fatal/fatalx callback. */ sudo_fatal_callback_register(logsrvd_cleanup); @@ -1982,7 +1906,7 @@ if (sudo_conf_read(NULL, SUDO_CONF_DEBUG) == -1) exit(EXIT_FAILURE); logsrvd_debug_instance = sudo_debug_register(getprogname(), NULL, NULL, - sudo_conf_debug_files(getprogname())); + sudo_conf_debug_files(getprogname()), -1); if (protobuf_c_version_number() < 1003000) sudo_fatalx("%s", U_("Protobuf-C version 1.3 or higher required")); @@ -2000,11 +1924,8 @@ break; case 'R': /* random connection drop probability as a percentage (debug) */ - errno = 0; - random_drop = strtod(optarg, &ep); - if (*ep != '\0' || errno != 0) + if (!set_random_drop(optarg)) sudo_fatalx(U_("invalid random drop value: %s"), optarg); - random_drop /= 100.0; /* convert from percentage */ break; case 'V': (void)printf(_("%s version %s\n"), getprogname(), @@ -2022,21 +1943,24 @@ if ((evbase = sudo_ev_base_alloc()) == NULL) sudo_fatal(NULL); - /* Initialize listeners and TLS context. */ + /* Initialize listeners. */ if (!server_setup(evbase)) - sudo_fatalx("%s", U_("unable setup listen socket")); + sudo_fatalx("%s", U_("unable to setup listen socket")); register_signal(SIGHUP, evbase); register_signal(SIGINT, evbase); register_signal(SIGTERM, evbase); + register_signal(SIGUSR1, evbase); /* Point of no return. */ daemonize(nofork); signal(SIGPIPE, SIG_IGN); + logsrvd_queue_scan(evbase); sudo_ev_dispatch(evbase); if (!nofork && logsrvd_conf_pid_file() != NULL) unlink(logsrvd_conf_pid_file()); + logsrvd_conf_cleanup(); debug_return_int(1); } diff -Nru sudo-1.9.5p2/logsrvd/logsrvd.h sudo-1.9.9/logsrvd/logsrvd.h --- sudo-1.9.5p2/logsrvd/logsrvd.h 2020-12-17 01:33:43.000000000 +0000 +++ sudo-1.9.9/logsrvd/logsrvd.h 2022-01-27 21:24:22.000000000 +0000 @@ -1,7 +1,7 @@ /* * SPDX-License-Identifier: ISC * - * Copyright (c) 2019-2020 Todd C. Miller + * Copyright (c) 2019-2021 Todd C. Miller * * Permission to use, copy, modify, and distribute this software for any * purpose with or without fee is hereby granted, provided that the above @@ -19,6 +19,7 @@ #ifndef SUDO_LOGSRVD_H #define SUDO_LOGSRVD_H +#include "log_server.pb-c.h" #if PROTOBUF_C_VERSION_NUMBER < 1003000 # error protobuf-c version 1.30 or higher required #endif @@ -26,10 +27,15 @@ #include "config.h" #if defined(HAVE_OPENSSL) +# if defined(HAVE_WOLFSSL) +# include +# endif # include +# include #endif #include "logsrv_util.h" +#include "tls_common.h" /* Default timeout value for server socket */ #define DEFAULT_SOCKET_TIMEOUT_SEC 30 @@ -40,17 +46,41 @@ /* Shutdown timeout (in seconds) in case client connections time out. */ #define SHUTDOWN_TIMEO 10 +/* Template for mkstemp(3) when creating temporary files. */ +#define RELAY_TEMPLATE "relay.XXXXXXXX" + /* * Connection status. * In the RUNNING state we expect I/O log buffers. */ enum connection_status { INITIAL, + CONNECTING, RUNNING, EXITED, SHUTDOWN, - FINISHED, - ERROR + FINISHED +}; + +/* + * Per-connection relay state. + */ +struct relay_closure { + struct server_address_list *relays; + struct server_address *relay_addr; + struct sudo_event *read_ev; + struct sudo_event *write_ev; + struct sudo_event *connect_ev; + struct connection_buffer read_buf; + struct connection_buffer_list write_bufs; + struct peer_info relay_name; +#if defined(HAVE_OPENSSL) + struct tls_client_closure tls_client; +#endif + int sock; + bool read_instead_of_write; + bool write_instead_of_read; + bool temporary_write_event; }; /* @@ -58,10 +88,13 @@ */ struct connection_closure { TAILQ_ENTRY(connection_closure) entries; + struct client_message_switch *cms; + struct relay_closure *relay_closure; struct eventlog *evlog; struct timespec elapsed_time; struct connection_buffer read_buf; - struct connection_buffer write_buf; + struct connection_buffer_list write_bufs; + struct connection_buffer_list free_bufs; struct sudo_event_base *evbase; struct sudo_event *commit_ev; struct sudo_event *read_ev; @@ -71,20 +104,44 @@ SSL *ssl; #endif const char *errstr; + FILE *journal; + char *journal_path; struct iolog_file iolog_files[IOFD_MAX]; + int iolog_dir_fd; + int sock; + enum connection_status state; + bool error; bool tls; bool log_io; + bool store_first; bool read_instead_of_write; bool write_instead_of_read; bool temporary_write_event; - int iolog_dir_fd; - int sock; #ifdef HAVE_STRUCT_IN6_ADDR char ipaddr[INET6_ADDRSTRLEN]; #else char ipaddr[INET_ADDRSTRLEN]; #endif - enum connection_status state; +}; + +/* Client message switch. */ +struct client_message_switch { + bool (*accept)(AcceptMessage *msg, uint8_t *buf, size_t len, + struct connection_closure *closure); + bool (*reject)(RejectMessage *msg, uint8_t *buf, size_t len, + struct connection_closure *closure); + bool (*exit)(ExitMessage *msg, uint8_t *buf, size_t len, + struct connection_closure *closure); + bool (*restart)(RestartMessage *msg, uint8_t *buf, size_t len, + struct connection_closure *closure); + bool (*alert)(AlertMessage *msg, uint8_t *buf, size_t len, + struct connection_closure *closure); + bool (*iobuf)(int iofd, IoBuffer *iobuf, uint8_t *buf, size_t len, + struct connection_closure *closure); + bool (*suspend)(CommandSuspend *msg, uint8_t *buf, size_t len, + struct connection_closure *closure); + bool (*winsize)(ChangeWindowSize *msg, uint8_t *buf, size_t len, + struct connection_closure *closure); }; union sockaddr_union { @@ -96,16 +153,17 @@ }; /* - * List of listen addresses. + * List of server addresses. */ -struct listen_address { - TAILQ_ENTRY(listen_address) entries; +struct server_address { + TAILQ_ENTRY(server_address) entries; + char *sa_host; char *sa_str; union sockaddr_union sa_un; socklen_t sa_size; bool tls; }; -TAILQ_HEAD(listen_address_list, listen_address); +TAILQ_HEAD(server_address_list, server_address); /* * List of active network listeners. @@ -118,45 +176,89 @@ }; TAILQ_HEAD(listener_list, listener); -#if defined(HAVE_OPENSSL) -/* parameters to configure tls */ -struct logsrvd_tls_config { - char *pkey_path; - char *cert_path; - char *cacert_path; - char *dhparams_path; - char *ciphers_v12; - char *ciphers_v13; - bool verify; - bool check_peer; -}; - -struct logsrvd_tls_runtime { - SSL_CTX *ssl_ctx; +/* + * Queue of finished journal files to be relayed. + */ +struct outgoing_journal { + TAILQ_ENTRY(outgoing_journal) entries; + char *journal_path; }; -#endif +TAILQ_HEAD(outgoing_journal_queue, outgoing_journal); /* iolog_writer.c */ -struct eventlog *evlog_new(TimeSpec *submit_time, InfoMessage **info_msgs, size_t infolen); +struct eventlog *evlog_new(TimeSpec *submit_time, InfoMessage **info_msgs, size_t infolen, struct connection_closure *closure); bool iolog_init(AcceptMessage *msg, struct connection_closure *closure); -bool iolog_restart(RestartMessage *msg, struct connection_closure *closure); -int store_iobuf(int iofd, IoBuffer *msg, struct connection_closure *closure); -int store_suspend(CommandSuspend *msg, struct connection_closure *closure); -int store_winsize(ChangeWindowSize *msg, struct connection_closure *closure); +bool iolog_create(int iofd, struct connection_closure *closure); void iolog_close_all(struct connection_closure *closure); +bool iolog_flush_all(struct connection_closure *closure); +bool iolog_rewrite(const struct timespec *target, struct connection_closure *closure); +void update_elapsed_time(TimeSpec *delta, struct timespec *elapsed); + +/* logsrvd.c */ +extern struct client_message_switch cms_local; +bool start_protocol(struct connection_closure *closure); +void connection_close(struct connection_closure *closure); +bool schedule_commit_point(TimeSpec *commit_point, struct connection_closure *closure); +bool fmt_log_id_message(const char *id, struct connection_closure *closure); +bool schedule_error_message(const char *errstr, struct connection_closure *closure); +struct connection_buffer *get_free_buf(size_t, struct connection_closure *closure); +struct connection_closure *connection_closure_alloc(int fd, bool tls, bool relay_only, struct sudo_event_base *base); /* logsrvd_conf.c */ bool logsrvd_conf_read(const char *path); const char *logsrvd_conf_iolog_dir(void); const char *logsrvd_conf_iolog_file(void); -struct listen_address_list *logsrvd_conf_listen_address(void); -bool logsrvd_conf_tcp_keepalive(void); +struct server_address_list *logsrvd_conf_server_listen_address(void); +struct server_address_list *logsrvd_conf_relay_address(void); +const char *logsrvd_conf_relay_dir(void); +bool logsrvd_conf_relay_store_first(void); +bool logsrvd_conf_relay_tcp_keepalive(void); +bool logsrvd_conf_server_tcp_keepalive(void); const char *logsrvd_conf_pid_file(void); -struct timespec *logsrvd_conf_get_sock_timeout(void); +struct timespec *logsrvd_conf_server_timeout(void); +struct timespec *logsrvd_conf_relay_connect_timeout(void); +struct timespec *logsrvd_conf_relay_timeout(void); +time_t logsrvd_conf_relay_retry_interval(void); #if defined(HAVE_OPENSSL) -const struct logsrvd_tls_config *logsrvd_get_tls_config(void); -struct logsrvd_tls_runtime *logsrvd_get_tls_runtime(void); +bool logsrvd_conf_server_tls_check_peer(void); +SSL_CTX *logsrvd_server_tls_ctx(void); +bool logsrvd_conf_relay_tls_check_peer(void); +SSL_CTX *logsrvd_relay_tls_ctx(void); #endif +bool logsrvd_conf_log_exit(void); +uid_t logsrvd_conf_iolog_uid(void); +gid_t logsrvd_conf_iolog_gid(void); mode_t logsrvd_conf_iolog_mode(void); +void address_list_addref(struct server_address_list *); +void address_list_delref(struct server_address_list *); +void logsrvd_conf_cleanup(void); +void logsrvd_warn_stderr(bool enabled); + +/* logsrvd_journal.c */ +extern struct client_message_switch cms_journal; + +/* logsrvd_local.c */ +extern struct client_message_switch cms_local; +bool set_random_drop(const char *dropstr); +bool store_accept_local(AcceptMessage *msg, uint8_t *buf, size_t len, struct connection_closure *closure); +bool store_reject_local(RejectMessage *msg, uint8_t *buf, size_t len, struct connection_closure *closure); +bool store_exit_local(ExitMessage *msg, uint8_t *buf, size_t len, struct connection_closure *closure); +bool store_restart_local(RestartMessage *msg, uint8_t *buf, size_t len, struct connection_closure *closure); +bool store_alert_local(AlertMessage *msg, uint8_t *buf, size_t len, struct connection_closure *closure); +bool store_iobuf_local(int iofd, IoBuffer *iobuf, uint8_t *buf, size_t len, struct connection_closure *closure); +bool store_winsize_local(ChangeWindowSize *msg, uint8_t *buf, size_t len, struct connection_closure *closure); +bool store_suspend_local(CommandSuspend *msg, uint8_t *buf, size_t len, struct connection_closure *closure); + +/* logsrvd_queue.c */ +bool logsrvd_queue_enable(time_t timeout, struct sudo_event_base *evbase); +bool logsrvd_queue_insert(struct connection_closure *closure); +bool logsrvd_queue_scan(struct sudo_event_base *evbase); +void logsrvd_queue_dump(void); + +/* logsrvd_relay.c */ +extern struct client_message_switch cms_relay; +void relay_closure_free(struct relay_closure *relay_closure); +bool connect_relay(struct connection_closure *closure); +bool relay_shutdown(struct connection_closure *closure); #endif /* SUDO_LOGSRVD_H */ diff -Nru sudo-1.9.5p2/logsrvd/logsrvd_conf.c sudo-1.9.9/logsrvd/logsrvd_conf.c --- sudo-1.9.5p2/logsrvd/logsrvd_conf.c 2020-12-17 01:33:43.000000000 +0000 +++ sudo-1.9.9/logsrvd/logsrvd_conf.c 2022-01-27 21:24:22.000000000 +0000 @@ -1,7 +1,7 @@ /* * SPDX-License-Identifier: ISC * - * Copyright (c) 2019-2020 Todd C. Miller + * Copyright (c) 2019-2021 Todd C. Miller * * Permission to use, copy, modify, and distribute this software for any * purpose with or without fee is hereby granted, provided that the above @@ -33,10 +33,12 @@ #else # include "compat/stdbool.h" #endif +#include #include #include #include #include +#include #include #include #include @@ -53,21 +55,42 @@ #include "sudo_iolog.h" #include "sudo_util.h" -#include "log_server.pb-c.h" #include "logsrvd.h" #if defined(HAVE_OPENSSL) # define DEFAULT_CA_CERT_PATH "/etc/ssl/sudo/cacert.pem" # define DEFAULT_SERVER_CERT_PATH "/etc/ssl/sudo/certs/logsrvd_cert.pem" # define DEFAULT_SERVER_KEY_PATH "/etc/ssl/sudo/private/logsrvd_key.pem" + +/* Evaluates to true if at least one TLS field is set, else false. */ +# define TLS_CONFIGURED(_s) \ + ((_s).tls_key_path != NULL || (_s).tls_cert_path != NULL || \ + (_s).tls_cacert_path != NULL || (_s).tls_dhparams_path != NULL || \ + (_s).tls_ciphers_v12 != NULL || (_s).tls_ciphers_v13 != NULL || \ + (_s).tls_verify != -1) + +/* Evaluates to the relay-specific TLS setting, falling back to server. */ +# define TLS_RELAY_STR(_c, _f) \ + ((_c)->relay._f != NULL ? (_c)->relay._f : (_c)->server._f) + +# define TLS_RELAY_INT(_c, _f) \ + ((_c)->relay._f != -1 ? (_c)->relay._f : (_c)->server._f) #endif +enum server_log_type { + SERVER_LOG_NONE, + SERVER_LOG_STDERR, + SERVER_LOG_SYSLOG, + SERVER_LOG_FILE +}; + struct logsrvd_config; -typedef bool (*logsrvd_conf_cb_t)(struct logsrvd_config *config, const char *); +typedef bool (*logsrvd_conf_cb_t)(struct logsrvd_config *, const char *, size_t); struct logsrvd_config_entry { char *conf_str; logsrvd_conf_cb_t setter; + size_t offset; }; struct logsrvd_config_section { @@ -75,18 +98,52 @@ struct logsrvd_config_entry *entries; }; +struct address_list_container { + unsigned int refcnt; + struct server_address_list addrs; +}; + static struct logsrvd_config { struct logsrvd_config_server { - struct listen_address_list addresses; + struct address_list_container addresses; struct timespec timeout; bool tcp_keepalive; + enum server_log_type log_type; + FILE *log_stream; + char *log_file; char *pid_file; #if defined(HAVE_OPENSSL) - bool tls; - struct logsrvd_tls_config tls_config; - struct logsrvd_tls_runtime tls_runtime; + char *tls_key_path; + char *tls_cert_path; + char *tls_cacert_path; + char *tls_dhparams_path; + char *tls_ciphers_v12; + char *tls_ciphers_v13; + int tls_check_peer; + int tls_verify; + SSL_CTX *ssl_ctx; #endif } server; + struct logsrvd_config_relay { + struct address_list_container relays; + struct timespec connect_timeout; + struct timespec timeout; + time_t retry_interval; + char *relay_dir; + bool tcp_keepalive; + bool store_first; +#if defined(HAVE_OPENSSL) + char *tls_key_path; + char *tls_cert_path; + char *tls_cacert_path; + char *tls_dhparams_path; + char *tls_ciphers_v12; + char *tls_ciphers_v13; + int tls_check_peer; + int tls_verify; + SSL_CTX *ssl_ctx; +#endif + } relay; struct logsrvd_config_iolog { bool compress; bool flush; @@ -100,10 +157,12 @@ } iolog; struct logsrvd_config_eventlog { int log_type; + bool log_exit; enum eventlog_format log_format; } eventlog; struct logsrvd_config_syslog { unsigned int maxlen; + int server_facility; int facility; int acceptpri; int rejectpri; @@ -116,7 +175,28 @@ } logfile; } *logsrvd_config; +static bool logsrvd_warn_enable_stderr = true; + +/* eventlog getters */ +bool +logsrvd_conf_log_exit(void) +{ + return logsrvd_config->eventlog.log_exit; +} + /* iolog getters */ +uid_t +logsrvd_conf_iolog_uid(void) +{ + return logsrvd_config->iolog.uid; +} + +gid_t +logsrvd_conf_iolog_gid(void) +{ + return logsrvd_config->iolog.gid; +} + mode_t logsrvd_conf_iolog_mode(void) { @@ -136,14 +216,14 @@ } /* server getters */ -struct listen_address_list * -logsrvd_conf_listen_address(void) +struct server_address_list * +logsrvd_conf_server_listen_address(void) { - return &logsrvd_config->server.addresses; + return &logsrvd_config->server.addresses.addrs; } bool -logsrvd_conf_tcp_keepalive(void) +logsrvd_conf_server_tcp_keepalive(void) { return logsrvd_config->server.tcp_keepalive; } @@ -155,32 +235,101 @@ } struct timespec * -logsrvd_conf_get_sock_timeout(void) +logsrvd_conf_server_timeout(void) { if (sudo_timespecisset(&logsrvd_config->server.timeout)) { - return &(logsrvd_config->server.timeout); + return &logsrvd_config->server.timeout; } return NULL; } #if defined(HAVE_OPENSSL) -const struct logsrvd_tls_config * -logsrvd_get_tls_config(void) +SSL_CTX * +logsrvd_server_tls_ctx(void) { - return &logsrvd_config->server.tls_config; + return logsrvd_config->server.ssl_ctx; } -struct logsrvd_tls_runtime * -logsrvd_get_tls_runtime(void) +bool +logsrvd_conf_server_tls_check_peer(void) { - return &logsrvd_config->server.tls_runtime; + return logsrvd_config->server.tls_check_peer; +} +#endif + +/* relay getters */ +struct server_address_list * +logsrvd_conf_relay_address(void) +{ + return &logsrvd_config->relay.relays.addrs; +} + +const char * +logsrvd_conf_relay_dir(void) +{ + return logsrvd_config->relay.relay_dir; +} + +bool +logsrvd_conf_relay_store_first(void) +{ + return logsrvd_config->relay.store_first; +} + +bool +logsrvd_conf_relay_tcp_keepalive(void) +{ + return logsrvd_config->relay.tcp_keepalive; +} + +struct timespec * +logsrvd_conf_relay_timeout(void) +{ + if (sudo_timespecisset(&logsrvd_config->relay.timeout)) { + return &logsrvd_config->relay.timeout; + } + + return NULL; +} + +struct timespec * +logsrvd_conf_relay_connect_timeout(void) +{ + if (sudo_timespecisset(&logsrvd_config->relay.connect_timeout)) { + return &logsrvd_config->relay.connect_timeout; + } + + return NULL; +} + +time_t +logsrvd_conf_relay_retry_interval(void) +{ + return logsrvd_config->relay.retry_interval; +} + +#if defined(HAVE_OPENSSL) +SSL_CTX * +logsrvd_relay_tls_ctx(void) +{ + if (logsrvd_config->relay.ssl_ctx != NULL) + return logsrvd_config->relay.ssl_ctx; + return logsrvd_config->server.ssl_ctx; +} + +bool +logsrvd_conf_relay_tls_check_peer(void) +{ + if (logsrvd_config->relay.tls_check_peer != -1) + return logsrvd_config->relay.tls_check_peer; + return logsrvd_config->server.tls_check_peer; } #endif /* I/O log callbacks */ static bool -cb_iolog_dir(struct logsrvd_config *config, const char *path) +cb_iolog_dir(struct logsrvd_config *config, const char *path, size_t offset) { debug_decl(cb_iolog_dir, SUDO_DEBUG_UTIL); @@ -193,7 +342,7 @@ } static bool -cb_iolog_file(struct logsrvd_config *config, const char *path) +cb_iolog_file(struct logsrvd_config *config, const char *path, size_t offset) { debug_decl(cb_iolog_file, SUDO_DEBUG_UTIL); @@ -206,7 +355,7 @@ } static bool -cb_iolog_compress(struct logsrvd_config *config, const char *str) +cb_iolog_compress(struct logsrvd_config *config, const char *str, size_t offset) { int val; debug_decl(cb_iolog_compress, SUDO_DEBUG_UTIL); @@ -219,7 +368,7 @@ } static bool -cb_iolog_flush(struct logsrvd_config *config, const char *str) +cb_iolog_flush(struct logsrvd_config *config, const char *str, size_t offset) { int val; debug_decl(cb_iolog_flush, SUDO_DEBUG_UTIL); @@ -232,14 +381,13 @@ } static bool -cb_iolog_user(struct logsrvd_config *config, const char *user) +cb_iolog_user(struct logsrvd_config *config, const char *user, size_t offset) { struct passwd *pw; debug_decl(cb_iolog_user, SUDO_DEBUG_UTIL); if ((pw = getpwnam(user)) == NULL) { - sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO, - "unknown user %s", user); + sudo_warnx(U_("unknown user %s"), user); debug_return_bool(false); } config->iolog.uid = pw->pw_uid; @@ -250,14 +398,13 @@ } static bool -cb_iolog_group(struct logsrvd_config *config, const char *group) +cb_iolog_group(struct logsrvd_config *config, const char *group, size_t offset) { struct group *gr; debug_decl(cb_iolog_group, SUDO_DEBUG_UTIL); if ((gr = getgrnam(group)) == NULL) { - sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO, - "unknown group %s", group); + sudo_warnx(U_("unknown group %s"), group); debug_return_bool(false); } config->iolog.gid = gr->gr_gid; @@ -267,7 +414,7 @@ } static bool -cb_iolog_mode(struct logsrvd_config *config, const char *str) +cb_iolog_mode(struct logsrvd_config *config, const char *str, size_t offset) { const char *errstr; mode_t mode; @@ -275,8 +422,7 @@ mode = sudo_strtomode(str, &errstr); if (errstr != NULL) { - sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO, - "unable to parse iolog mode %s", str); + sudo_warnx(U_("unable to parse iolog mode %s"), str); debug_return_bool(false); } config->iolog.mode = mode; @@ -284,7 +430,7 @@ } static bool -cb_iolog_maxseq(struct logsrvd_config *config, const char *str) +cb_iolog_maxseq(struct logsrvd_config *config, const char *str, size_t offset) { const char *errstr; unsigned int value; @@ -293,8 +439,7 @@ value = sudo_strtonum(str, 0, SESSID_MAX, &errstr); if (errstr != NULL) { if (errno != ERANGE) { - sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO, - "bad maxseq: %s: %s", str, errstr); + sudo_warnx(U_("invalid value for %s: %s"), "maxseq", errstr); debug_return_bool(false); } /* Out of range, clamp to SESSID_MAX as documented. */ @@ -306,13 +451,15 @@ /* Server callbacks */ static bool -cb_listen_address(struct logsrvd_config *config, const char *str) +append_address(struct server_address_list *addresses, const char *str, + bool allow_wildcard) { struct addrinfo hints, *res, *res0 = NULL; + char *sa_str = NULL, *sa_host = NULL; char *copy, *host, *port; bool tls, ret = false; int error; - debug_decl(cb_iolog_mode, SUDO_DEBUG_UTIL); + debug_decl(append_address, SUDO_DEBUG_UTIL); if ((copy = strdup(str)) == NULL) { sudo_warn(NULL); @@ -323,8 +470,11 @@ if (!iolog_parse_host_port(copy, &host, &port, &tls, DEFAULT_PORT, DEFAULT_PORT_TLS)) goto done; - if (host[0] == '*' && host[1] == '\0') + if (host[0] == '*' && host[1] == '\0') { + if (!allow_wildcard) + goto done; host = NULL; + } #if !defined(HAVE_OPENSSL) if (tls) { @@ -333,6 +483,16 @@ } #endif + /* Only make a single copy of the string + host for all addresses. */ + if ((sa_str = sudo_rcstr_dup(str)) == NULL) { + sudo_warn(NULL); + goto done; + } + if (host != NULL && (sa_host = sudo_rcstr_dup(host)) == NULL) { + sudo_warn(NULL); + goto done; + } + /* Resolve host (and port if it is a service). */ memset(&hints, 0, sizeof(hints)); hints.ai_family = AF_UNSPEC; @@ -344,25 +504,25 @@ goto done; } for (res = res0; res != NULL; res = res->ai_next) { - struct listen_address *addr; + struct server_address *addr; if ((addr = malloc(sizeof(*addr))) == NULL) { sudo_warn(NULL); goto done; } - if ((addr->sa_str = strdup(str)) == NULL) { - sudo_warn(NULL); - free(addr); - goto done; - } + addr->sa_str = sudo_rcstr_addref(sa_str); + addr->sa_host = sudo_rcstr_addref(sa_host); + memcpy(&addr->sa_un, res->ai_addr, res->ai_addrlen); addr->sa_size = res->ai_addrlen; addr->tls = tls; - TAILQ_INSERT_TAIL(&config->server.addresses, addr, entries); + TAILQ_INSERT_TAIL(addresses, addr, entries); } ret = true; done: + sudo_rcstr_delref(sa_str); + sudo_rcstr_delref(sa_host); if (res0 != NULL) freeaddrinfo(res0); free(copy); @@ -370,11 +530,17 @@ } static bool -cb_timeout(struct logsrvd_config *config, const char *str) +cb_server_listen_address(struct logsrvd_config *config, const char *str, size_t offset) +{ + return append_address(&config->server.addresses.addrs, str, true); +} + +static bool +cb_server_timeout(struct logsrvd_config *config, const char *str, size_t offset) { int timeout; const char* errstr; - debug_decl(cb_timeout, SUDO_DEBUG_UTIL); + debug_decl(cb_server_timeout, SUDO_DEBUG_UTIL); timeout = sudo_strtonum(str, 0, UINT_MAX, &errstr); if (errstr != NULL) @@ -386,10 +552,10 @@ } static bool -cb_keepalive(struct logsrvd_config *config, const char *str) +cb_server_keepalive(struct logsrvd_config *config, const char *str, size_t offset) { int val; - debug_decl(cb_keepalive, SUDO_DEBUG_UTIL); + debug_decl(cb_server_keepalive, SUDO_DEBUG_UTIL); if ((val = sudo_strtobool(str)) == -1) debug_return_bool(false); @@ -399,10 +565,10 @@ } static bool -cb_pid_file(struct logsrvd_config *config, const char *str) +cb_server_pid_file(struct logsrvd_config *config, const char *str, size_t offset) { char *copy = NULL; - debug_decl(cb_pid_file, SUDO_DEBUG_UTIL); + debug_decl(cb_server_pid_file, SUDO_DEBUG_UTIL); /* An empty value means to disable the pid file. */ if (*str != '\0') { @@ -422,14 +588,46 @@ debug_return_bool(true); } +static bool +cb_server_log(struct logsrvd_config *config, const char *str, size_t offset) +{ + char *copy = NULL; + enum server_log_type log_type = SERVER_LOG_NONE; + debug_decl(cb_server_log, SUDO_DEBUG_UTIL); + + /* An empty value means to disable the server log. */ + if (*str != '\0') { + if (*str != '/') { + log_type = SERVER_LOG_FILE; + if ((copy = strdup(str)) == NULL) { + sudo_warn(NULL); + debug_return_bool(false); + } + } else if (strcmp(str, "stderr") == 0) { + log_type = SERVER_LOG_STDERR; + } else if (strcmp(str, "syslog") == 0) { + log_type = SERVER_LOG_SYSLOG; + } else { + debug_return_bool(false); + } + } + + free(config->server.log_file); + config->server.log_file = copy; + config->server.log_type = log_type; + + debug_return_bool(true); +} + #if defined(HAVE_OPENSSL) static bool -cb_tls_key(struct logsrvd_config *config, const char *path) +cb_tls_key(struct logsrvd_config *config, const char *path, size_t offset) { + char **p = (char **)((char *)config + offset); debug_decl(cb_tls_key, SUDO_DEBUG_UTIL); - free(config->server.tls_config.pkey_path); - if ((config->server.tls_config.pkey_path = strdup(path)) == NULL) { + free(*p); + if ((*p = strdup(path)) == NULL) { sudo_warn(NULL); debug_return_bool(false); } @@ -437,12 +635,13 @@ } static bool -cb_tls_cacert(struct logsrvd_config *config, const char *path) +cb_tls_cacert(struct logsrvd_config *config, const char *path, size_t offset) { + char **p = (char **)((char *)config + offset); debug_decl(cb_tls_cacert, SUDO_DEBUG_UTIL); - free(config->server.tls_config.cacert_path); - if ((config->server.tls_config.cacert_path = strdup(path)) == NULL) { + free(*p); + if ((*p = strdup(path)) == NULL) { sudo_warn(NULL); debug_return_bool(false); } @@ -450,12 +649,13 @@ } static bool -cb_tls_cert(struct logsrvd_config *config, const char *path) +cb_tls_cert(struct logsrvd_config *config, const char *path, size_t offset) { + char **p = (char **)((char *)config + offset); debug_decl(cb_tls_cert, SUDO_DEBUG_UTIL); - free(config->server.tls_config.cert_path); - if ((config->server.tls_config.cert_path = strdup(path)) == NULL) { + free(*p); + if ((*p = strdup(path)) == NULL) { sudo_warn(NULL); debug_return_bool(false); } @@ -463,12 +663,13 @@ } static bool -cb_tls_dhparam(struct logsrvd_config *config, const char *path) +cb_tls_dhparams(struct logsrvd_config *config, const char *path, size_t offset) { - debug_decl(cb_tls_dhparam, SUDO_DEBUG_UTIL); + char **p = (char **)((char *)config + offset); + debug_decl(cb_tls_dhparams, SUDO_DEBUG_UTIL); - free(config->server.tls_config.dhparams_path); - if ((config->server.tls_config.dhparams_path = strdup(path)) == NULL) { + free(*p); + if ((*p = strdup(path)) == NULL) { sudo_warn(NULL); debug_return_bool(false); } @@ -476,12 +677,13 @@ } static bool -cb_tls_ciphers12(struct logsrvd_config *config, const char *str) +cb_tls_ciphers12(struct logsrvd_config *config, const char *str, size_t offset) { + char **p = (char **)((char *)config + offset); debug_decl(cb_tls_ciphers12, SUDO_DEBUG_UTIL); - free(config->server.tls_config.ciphers_v12); - if ((config->server.tls_config.ciphers_v12 = strdup(str)) == NULL) { + free(*p); + if ((*p = strdup(str)) == NULL) { sudo_warn(NULL); debug_return_bool(false); } @@ -489,12 +691,13 @@ } static bool -cb_tls_ciphers13(struct logsrvd_config *config, const char *str) +cb_tls_ciphers13(struct logsrvd_config *config, const char *str, size_t offset) { + char **p = (char **)((char *)config + offset); debug_decl(cb_tls_ciphers13, SUDO_DEBUG_UTIL); - free(config->server.tls_config.ciphers_v13); - if ((config->server.tls_config.ciphers_v13 = strdup(str)) == NULL) { + free(*p); + if ((*p = strdup(str)) == NULL) { sudo_warn(NULL); debug_return_bool(false); } @@ -502,35 +705,119 @@ } static bool -cb_tls_verify(struct logsrvd_config *config, const char *str) +cb_tls_verify(struct logsrvd_config *config, const char *str, size_t offset) { + int *p = (int *)((char *)config + offset); int val; debug_decl(cb_tls_verify, SUDO_DEBUG_UTIL); if ((val = sudo_strtobool(str)) == -1) debug_return_bool(false); - config->server.tls_config.verify = val; + *p = val; debug_return_bool(true); } static bool -cb_tls_checkpeer(struct logsrvd_config *config, const char *str) +cb_tls_checkpeer(struct logsrvd_config *config, const char *str, size_t offset) { + int *p = (int *)((char *)config + offset); int val; debug_decl(cb_tls_checkpeer, SUDO_DEBUG_UTIL); if ((val = sudo_strtobool(str)) == -1) debug_return_bool(false); - config->server.tls_config.check_peer = val; + *p = val; debug_return_bool(true); } #endif +/* relay callbacks */ +static bool +cb_relay_host(struct logsrvd_config *config, const char *str, size_t offset) +{ + return append_address(&config->relay.relays.addrs, str, false); +} + +static bool +cb_relay_timeout(struct logsrvd_config *config, const char *str, size_t offset) +{ + int timeout; + const char* errstr; + debug_decl(cb_relay_timeout, SUDO_DEBUG_UTIL); + + timeout = sudo_strtonum(str, 0, UINT_MAX, &errstr); + if (errstr != NULL) + debug_return_bool(false); + + config->server.timeout.tv_sec = timeout; + + debug_return_bool(true); +} + +static bool +cb_relay_connect_timeout(struct logsrvd_config *config, const char *str, size_t offset) +{ + int timeout; + const char* errstr; + debug_decl(cb_relay_connect_timeout, SUDO_DEBUG_UTIL); + + timeout = sudo_strtonum(str, 0, UINT_MAX, &errstr); + if (errstr != NULL) + debug_return_bool(false); + + config->relay.connect_timeout.tv_sec = timeout; + + debug_return_bool(true); +} + +static bool +cb_relay_dir(struct logsrvd_config *config, const char *str, size_t offset) +{ + char *copy = NULL; + debug_decl(cb_relay_dir, SUDO_DEBUG_UTIL); + + if ((copy = strdup(str)) == NULL) { + sudo_warn(NULL); + debug_return_bool(false); + } + + free(config->relay.relay_dir); + config->relay.relay_dir = copy; + + debug_return_bool(true); +} + +static bool +cb_relay_store_first(struct logsrvd_config *config, const char *str, size_t offset) +{ + int val; + debug_decl(cb_relay_store_first, SUDO_DEBUG_UTIL); + + if ((val = sudo_strtobool(str)) == -1) + debug_return_bool(false); + + config->relay.store_first = val; + debug_return_bool(true); +} + +static bool +cb_relay_keepalive(struct logsrvd_config *config, const char *str, size_t offset) +{ + int val; + debug_decl(cb_relay_keepalive, SUDO_DEBUG_UTIL); + + if ((val = sudo_strtobool(str)) == -1) + debug_return_bool(false); + + config->relay.tcp_keepalive = val; + debug_return_bool(true); +} + /* eventlog callbacks */ static bool -cb_eventlog_type(struct logsrvd_config *config, const char *str) +cb_eventlog_type(struct logsrvd_config *config, const char *str, size_t offset) { debug_decl(cb_eventlog_type, SUDO_DEBUG_UTIL); @@ -547,7 +834,7 @@ } static bool -cb_eventlog_format(struct logsrvd_config *config, const char *str) +cb_eventlog_format(struct logsrvd_config *config, const char *str, size_t offset) { debug_decl(cb_eventlog_format, SUDO_DEBUG_UTIL); @@ -561,9 +848,22 @@ debug_return_bool(true); } +static bool +cb_eventlog_exit(struct logsrvd_config *config, const char *str, size_t offset) +{ + int val; + debug_decl(cb_eventlog_exit, SUDO_DEBUG_UTIL); + + if ((val = sudo_strtobool(str)) == -1) + debug_return_bool(false); + + config->eventlog.log_exit = val; + debug_return_bool(true); +} + /* syslog callbacks */ static bool -cb_syslog_maxlen(struct logsrvd_config *config, const char *str) +cb_syslog_maxlen(struct logsrvd_config *config, const char *str, size_t offset) { unsigned int maxlen; const char *errstr; @@ -579,14 +879,29 @@ } static bool -cb_syslog_facility(struct logsrvd_config *config, const char *str) +cb_syslog_server_facility(struct logsrvd_config *config, const char *str, size_t offset) +{ + int logfac; + debug_decl(cb_syslog_server_facility, SUDO_DEBUG_UTIL); + + if (!sudo_str2logfac(str, &logfac)) { + sudo_warnx(U_("unknown syslog facility %s"), str); + debug_return_bool(false); + } + + config->syslog.server_facility = logfac; + + debug_return_bool(true); +} + +static bool +cb_syslog_facility(struct logsrvd_config *config, const char *str, size_t offset) { int logfac; debug_decl(cb_syslog_facility, SUDO_DEBUG_UTIL); if (!sudo_str2logfac(str, &logfac)) { - sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO, - "invalid syslog priority %s", str); + sudo_warnx(U_("unknown syslog facility %s"), str); debug_return_bool(false); } @@ -596,14 +911,13 @@ } static bool -cb_syslog_acceptpri(struct logsrvd_config *config, const char *str) +cb_syslog_acceptpri(struct logsrvd_config *config, const char *str, size_t offset) { int logpri; debug_decl(cb_syslog_acceptpri, SUDO_DEBUG_UTIL); if (!sudo_str2logpri(str, &logpri)) { - sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO, - "invalid syslog priority %s", str); + sudo_warnx(U_("unknown syslog priority %s"), str); debug_return_bool(false); } @@ -613,13 +927,15 @@ } static bool -cb_syslog_rejectpri(struct logsrvd_config *config, const char *str) +cb_syslog_rejectpri(struct logsrvd_config *config, const char *str, size_t offset) { int logpri; debug_decl(cb_syslog_rejectpri, SUDO_DEBUG_UTIL); - if (!sudo_str2logpri(str, &logpri)) + if (!sudo_str2logpri(str, &logpri)) { + sudo_warnx(U_("unknown syslog priority %s"), str); debug_return_bool(false); + } config->syslog.rejectpri = logpri; @@ -627,14 +943,13 @@ } static bool -cb_syslog_alertpri(struct logsrvd_config *config, const char *str) +cb_syslog_alertpri(struct logsrvd_config *config, const char *str, size_t offset) { int logpri; debug_decl(cb_syslog_alertpri, SUDO_DEBUG_UTIL); if (!sudo_str2logpri(str, &logpri)) { - sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO, - "invalid syslog priority %s", str); + sudo_warnx(U_("unknown syslog priority %s"), str); debug_return_bool(false); } @@ -645,7 +960,7 @@ /* logfile callbacks */ static bool -cb_logfile_path(struct logsrvd_config *config, const char *str) +cb_logfile_path(struct logsrvd_config *config, const char *str, size_t offset) { char *copy = NULL; debug_decl(cb_logfile_path, SUDO_DEBUG_UTIL); @@ -667,7 +982,7 @@ } static bool -cb_logfile_time_format(struct logsrvd_config *config, const char *str) +cb_logfile_time_format(struct logsrvd_config *config, const char *str, size_t offset) { char *copy = NULL; debug_decl(cb_logfile_time_format, SUDO_DEBUG_UTIL); @@ -683,20 +998,65 @@ debug_return_bool(true); } +void +address_list_addref(struct server_address_list *al) +{ + struct address_list_container *container = + __containerof(al, struct address_list_container, addrs); + container->refcnt++; +} + +void +address_list_delref(struct server_address_list *al) +{ + struct address_list_container *container = + __containerof(al, struct address_list_container, addrs); + if (--container->refcnt == 0) { + struct server_address *addr; + while ((addr = TAILQ_FIRST(al))) { + TAILQ_REMOVE(al, addr, entries); + sudo_rcstr_delref(addr->sa_str); + sudo_rcstr_delref(addr->sa_host); + free(addr); + } + } +} + static struct logsrvd_config_entry server_conf_entries[] = { - { "listen_address", cb_listen_address }, - { "timeout", cb_timeout }, - { "tcp_keepalive", cb_keepalive }, - { "pid_file", cb_pid_file }, + { "listen_address", cb_server_listen_address }, + { "timeout", cb_server_timeout }, + { "tcp_keepalive", cb_server_keepalive }, + { "pid_file", cb_server_pid_file }, + { "server_log", cb_server_log }, +#if defined(HAVE_OPENSSL) + { "tls_key", cb_tls_key, offsetof(struct logsrvd_config, server.tls_key_path) }, + { "tls_cacert", cb_tls_cacert, offsetof(struct logsrvd_config, server.tls_cacert_path) }, + { "tls_cert", cb_tls_cert, offsetof(struct logsrvd_config, server.tls_cert_path) }, + { "tls_dhparams", cb_tls_dhparams, offsetof(struct logsrvd_config, server.tls_dhparams_path) }, + { "tls_ciphers_v12", cb_tls_ciphers12, offsetof(struct logsrvd_config, server.tls_ciphers_v12) }, + { "tls_ciphers_v13", cb_tls_ciphers13, offsetof(struct logsrvd_config, server.tls_ciphers_v13) }, + { "tls_checkpeer", cb_tls_checkpeer, offsetof(struct logsrvd_config, server.tls_check_peer) }, + { "tls_verify", cb_tls_verify, offsetof(struct logsrvd_config, server.tls_verify) }, +#endif + { NULL } +}; + +static struct logsrvd_config_entry relay_conf_entries[] = { + { "relay_host", cb_relay_host }, + { "timeout", cb_relay_timeout }, + { "connect_timeout", cb_relay_connect_timeout }, + { "relay_dir", cb_relay_dir }, + { "store_first", cb_relay_store_first }, + { "tcp_keepalive", cb_relay_keepalive }, #if defined(HAVE_OPENSSL) - { "tls_key", cb_tls_key }, - { "tls_cacert", cb_tls_cacert }, - { "tls_cert", cb_tls_cert }, - { "tls_dhparams", cb_tls_dhparam }, - { "tls_ciphers_v12", cb_tls_ciphers12 }, - { "tls_ciphers_v13", cb_tls_ciphers13 }, - { "tls_checkpeer", cb_tls_checkpeer }, - { "tls_verify", cb_tls_verify }, + { "tls_key", cb_tls_key, offsetof(struct logsrvd_config, relay.tls_key_path) }, + { "tls_cacert", cb_tls_cacert, offsetof(struct logsrvd_config, relay.tls_cacert_path) }, + { "tls_cert", cb_tls_cert, offsetof(struct logsrvd_config, relay.tls_cert_path) }, + { "tls_dhparams", cb_tls_dhparams, offsetof(struct logsrvd_config, relay.tls_dhparams_path) }, + { "tls_ciphers_v12", cb_tls_ciphers12, offsetof(struct logsrvd_config, relay.tls_ciphers_v12) }, + { "tls_ciphers_v13", cb_tls_ciphers13, offsetof(struct logsrvd_config, relay.tls_ciphers_v13) }, + { "tls_checkpeer", cb_tls_checkpeer, offsetof(struct logsrvd_config, relay.tls_check_peer) }, + { "tls_verify", cb_tls_verify, offsetof(struct logsrvd_config, relay.tls_verify) }, #endif { NULL } }; @@ -716,11 +1076,13 @@ static struct logsrvd_config_entry eventlog_conf_entries[] = { { "log_type", cb_eventlog_type }, { "log_format", cb_eventlog_format }, + { "log_exit", cb_eventlog_exit }, { NULL } }; static struct logsrvd_config_entry syslog_conf_entries[] = { { "maxlen", cb_syslog_maxlen }, + { "server_facility", cb_syslog_server_facility }, { "facility", cb_syslog_facility }, { "reject_priority", cb_syslog_rejectpri }, { "accept_priority", cb_syslog_acceptpri }, @@ -736,6 +1098,7 @@ static struct logsrvd_config_section logsrvd_config_sections[] = { { "server", server_conf_entries }, + { "relay", relay_conf_entries }, { "iolog", iolog_conf_entries }, { "eventlog", eventlog_conf_entries }, { "syslog", syslog_conf_entries }, @@ -804,7 +1167,7 @@ *ep = '\0'; for (entry = conf_section->entries; entry->conf_str != NULL; entry++) { if (strcasecmp(line, entry->conf_str) == 0) { - if (!entry->setter(config, val)) { + if (!entry->setter(config, val, entry->offset)) { sudo_warnx(U_("invalid value for %s: %s"), entry->conf_str, val); goto done; @@ -813,7 +1176,8 @@ } } if (entry->conf_str == NULL) { - sudo_warnx(U_("%s:%d unknown key: %s"), path, lineno, line); + sudo_warnx(U_("%s:%d [%s] illegal key: %s"), path, lineno, + conf_section->name, line); goto done; } } @@ -825,28 +1189,24 @@ } static FILE * -logsrvd_open_eventlog(struct logsrvd_config *config) +logsrvd_open_log_file(const char *path, int flags) { mode_t oldmask; FILE *fp = NULL; const char *omode; - int fd, flags; - debug_decl(logsrvd_open_eventlog, SUDO_DEBUG_UTIL); + int fd; + debug_decl(logsrvd_open_log_file, SUDO_DEBUG_UTIL); - /* Cannot append to a JSON file. */ - if (config->eventlog.log_format == EVLOG_JSON) { - flags = O_RDWR|O_CREAT; - omode = "w"; - } else { - flags = O_WRONLY|O_APPEND|O_CREAT; + if (ISSET(flags, O_APPEND)) { omode = "a"; + } else { + omode = "w"; } oldmask = umask(S_IRWXG|S_IRWXO); - fd = open(config->logfile.path, flags, S_IRUSR|S_IWUSR); + fd = open(path, flags, S_IRUSR|S_IWUSR); (void)umask(oldmask); if (fd == -1 || (fp = fdopen(fd, omode)) == NULL) { - sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO|SUDO_DEBUG_ERRNO, - "unable to open log file %s", config->logfile.path); + sudo_warn(U_("unable to open log file %s"), path); if (fd != -1) close(fd); } @@ -855,6 +1215,21 @@ } static FILE * +logsrvd_open_eventlog(struct logsrvd_config *config) +{ + int flags; + debug_decl(logsrvd_open_eventlog, SUDO_DEBUG_UTIL); + + /* Cannot append to a JSON file. */ + if (config->eventlog.log_format == EVLOG_JSON) { + flags = O_RDWR|O_CREAT; + } else { + flags = O_WRONLY|O_APPEND|O_CREAT; + } + debug_return_ptr(logsrvd_open_log_file(config->logfile.path, flags)); +} + +static FILE * logsrvd_stub_open_log(int type, const char *logfile) { /* Actual open already done by logsrvd_open_eventlog() */ @@ -887,23 +1262,223 @@ debug_return; } +/* + * Conversation function for use by sudo_warn/sudo_fatal. + * Logs to stdout/stderr. + */ +static int +logsrvd_conv_stderr(int num_msgs, const struct sudo_conv_message msgs[], + struct sudo_conv_reply replies[], struct sudo_conv_callback *callback) +{ + int i; + debug_decl(logsrvd_conv_stderr, SUDO_DEBUG_UTIL); + + for (i = 0; i < num_msgs; i++) { + if (fputs(msgs[i].msg, stderr) == EOF) + debug_return_int(-1); + } + + debug_return_int(0); +} + +/* + * Conversation function for use by sudo_warn/sudo_fatal. + * Acts as a no-op log sink. + */ +static int +logsrvd_conv_none(int num_msgs, const struct sudo_conv_message msgs[], + struct sudo_conv_reply replies[], struct sudo_conv_callback *callback) +{ + /* Also write to stderr if still in the foreground. */ + if (logsrvd_warn_enable_stderr) { + (void)logsrvd_conv_stderr(num_msgs, msgs, replies, callback); + } + + return 0; +} + +/* + * Conversation function for use by sudo_warn/sudo_fatal. + * Logs to syslog. + */ +static int +logsrvd_conv_syslog(int num_msgs, const struct sudo_conv_message msgs[], + struct sudo_conv_reply replies[], struct sudo_conv_callback *callback) +{ + char *buf = NULL, *cp = NULL; + const char *progname; + size_t proglen, bufsize = 0; + int i; + debug_decl(logsrvd_conv_syslog, SUDO_DEBUG_UTIL); + + if (logsrvd_config == NULL) { + debug_return_int(logsrvd_conv_stderr(num_msgs, msgs, replies, callback)); + } + + /* Also write to stderr if still in the foreground. */ + if (logsrvd_warn_enable_stderr) { + (void)logsrvd_conv_stderr(num_msgs, msgs, replies, callback); + } + + /* + * Concat messages into a flag string that we can syslog. + */ + progname = getprogname(); + proglen = strlen(progname); + for (i = 0; i < num_msgs; i++) { + const char *msg = msgs[i].msg; + size_t len = strlen(msg); + size_t used = (size_t)(cp - buf); + + /* Strip leading "sudo_logsrvd: " prefix. */ + if (strncmp(msg, progname, proglen) == 0) { + msg += proglen; + len -= proglen; + if (len == 0) { + /* Skip over ": " string that follows program name. */ + if (i + 1 < num_msgs && strcmp(msgs[i + 1].msg, ": ") == 0) { + i++; + continue; + } + } else if (msg[0] == ':' && msg[1] == ' ') { + /* Handle "progname: " */ + msg += 2; + len -= 2; + } + } + + /* Strip off trailing newlines. */ + while (len > 1 && msg[len - 1] == '\n') + len--; + if (len == 0) + continue; + + if (len >= bufsize - used) { + bufsize += 1024; + char *tmp = realloc(buf, bufsize); + if (tmp == NULL) { + sudo_warnx(U_("%s: %s"), __func__, U_("unable to allocate memory")); + free(buf); + debug_return_int(-1); + } + buf = tmp; + cp = tmp + used; + } + memcpy(cp, msg, len); + cp[len] = '\0'; + cp += len; + } + if (buf != NULL) { + openlog(progname, 0, logsrvd_config->syslog.server_facility); + syslog(LOG_ERR, "%s", buf); + free(buf); + + /* Restore old syslog settings. */ + if (logsrvd_config->eventlog.log_type == EVLOG_SYSLOG) + openlog("sudo", 0, logsrvd_config->syslog.facility); + } + + debug_return_int(0); +} + +/* + * Conversation function for use by sudo_warn/sudo_fatal. + * Logs to an already-open log file. + */ +static int +logsrvd_conv_logfile(int num_msgs, const struct sudo_conv_message msgs[], + struct sudo_conv_reply replies[], struct sudo_conv_callback *callback) +{ + const char *progname; + size_t proglen; + int i; + debug_decl(logsrvd_conv_logfile, SUDO_DEBUG_UTIL); + + if (logsrvd_config == NULL) { + debug_return_int(logsrvd_conv_stderr(num_msgs, msgs, replies, callback)); + } + + /* Also write to stderr if still in the foreground. */ + if (logsrvd_warn_enable_stderr) { + (void)logsrvd_conv_stderr(num_msgs, msgs, replies, callback); + } + + if (logsrvd_config->server.log_stream == NULL) { + errno = EBADF; + debug_return_int(-1); + } + + progname = getprogname(); + proglen = strlen(progname); + for (i = 0; i < num_msgs; i++) { + const char *msg = msgs[i].msg; + size_t len = strlen(msg); + + /* Strip leading "sudo_logsrvd: " prefix. */ + if (strncmp(msg, progname, proglen) == 0) { + msg += proglen; + len -= proglen; + if (len == 0) { + /* Skip over ": " string that follows program name. */ + if (i + 1 < num_msgs && strcmp(msgs[i + 1].msg, ": ") == 0) { + i++; + continue; + } + } else if (msg[0] == ':' && msg[1] == ' ') { + /* Handle "progname: " */ + msg += 2; + len -= 2; + } + } + + if (fwrite(msg, len, 1, logsrvd_config->server.log_stream) != 1) + debug_return_int(-1); + } + + debug_return_int(0); +} + /* Free the specified struct logsrvd_config and its contents. */ -void +static void logsrvd_conf_free(struct logsrvd_config *config) { - struct listen_address *addr; debug_decl(logsrvd_conf_free, SUDO_DEBUG_UTIL); if (config == NULL) debug_return; /* struct logsrvd_config_server */ - while ((addr = TAILQ_FIRST(&config->server.addresses))) { - TAILQ_REMOVE(&config->server.addresses, addr, entries); - free(addr->sa_str); - free(addr); - } + address_list_delref(&config->server.addresses.addrs); free(config->server.pid_file); + free(config->server.log_file); + if (config->server.log_stream != NULL) + fclose(config->server.log_stream); +#if defined(HAVE_OPENSSL) + free(config->server.tls_key_path); + free(config->server.tls_cert_path); + free(config->server.tls_cacert_path); + free(config->server.tls_dhparams_path); + free(config->server.tls_ciphers_v12); + free(config->server.tls_ciphers_v13); + + if (config->server.ssl_ctx != NULL) + SSL_CTX_free(config->server.ssl_ctx); +#endif + + /* struct logsrvd_config_relay */ + address_list_delref(&config->relay.relays.addrs); + free(config->relay.relay_dir); +#if defined(HAVE_OPENSSL) + free(config->relay.tls_key_path); + free(config->relay.tls_cert_path); + free(config->relay.tls_cacert_path); + free(config->relay.tls_dhparams_path); + free(config->relay.tls_ciphers_v12); + free(config->relay.tls_ciphers_v13); + + if (config->relay.ssl_ctx != NULL) + SSL_CTX_free(config->relay.ssl_ctx); +#endif /* struct logsrvd_config_iolog */ free(config->iolog.iolog_dir); @@ -915,25 +1490,13 @@ if (config->logfile.stream != NULL) fclose(config->logfile.stream); -#if defined(HAVE_OPENSSL) - free(config->server.tls_config.pkey_path); - free(config->server.tls_config.cert_path); - free(config->server.tls_config.cacert_path); - free(config->server.tls_config.dhparams_path); - free(config->server.tls_config.ciphers_v12); - free(config->server.tls_config.ciphers_v13); - - if (config->server.tls_runtime.ssl_ctx != NULL) - SSL_CTX_free(config->server.tls_runtime.ssl_ctx); -#endif - free(config); debug_return; } /* Allocate a new struct logsrvd_config and set default values. */ -struct logsrvd_config * +static struct logsrvd_config * logsrvd_conf_alloc(void) { struct logsrvd_config *config; @@ -944,10 +1507,26 @@ debug_return_ptr(NULL); } + /* Relay defaults */ + TAILQ_INIT(&config->relay.relays.addrs); + config->relay.relays.refcnt = 1; + config->relay.timeout.tv_sec = DEFAULT_SOCKET_TIMEOUT_SEC; + config->relay.connect_timeout.tv_sec = DEFAULT_SOCKET_TIMEOUT_SEC; + config->relay.tcp_keepalive = true; + config->relay.retry_interval = 30; + if (!cb_relay_dir(config, _PATH_SUDO_RELAY_DIR, 0)) + goto bad; +#if defined(HAVE_OPENSSL) + config->relay.tls_verify = -1; + config->relay.tls_check_peer = -1; +#endif + /* Server defaults */ - TAILQ_INIT(&config->server.addresses); + TAILQ_INIT(&config->server.addresses.addrs); + config->server.addresses.refcnt = 1; config->server.timeout.tv_sec = DEFAULT_SOCKET_TIMEOUT_SEC; config->server.tcp_keepalive = true; + config->server.log_type = SERVER_LOG_SYSLOG; config->server.pid_file = strdup(_PATH_SUDO_LOGSRVD_PID); if (config->server.pid_file == NULL) { sudo_warn(NULL); @@ -960,26 +1539,26 @@ * This ensures we don't enable TLS by default when it is not configured. */ if (access(DEFAULT_CA_CERT_PATH, R_OK) == 0) { - config->server.tls_config.cacert_path = strdup(DEFAULT_CA_CERT_PATH); - if (config->server.tls_config.cacert_path == NULL) { + config->server.tls_cacert_path = strdup(DEFAULT_CA_CERT_PATH); + if (config->server.tls_cacert_path == NULL) { sudo_warn(NULL); goto bad; } } if (access(DEFAULT_SERVER_CERT_PATH, R_OK) == 0) { - config->server.tls_config.cert_path = strdup(DEFAULT_SERVER_CERT_PATH); - if (config->server.tls_config.cert_path == NULL) { + config->server.tls_cert_path = strdup(DEFAULT_SERVER_CERT_PATH); + if (config->server.tls_cert_path == NULL) { sudo_warn(NULL); goto bad; } } - config->server.tls_config.pkey_path = strdup(DEFAULT_SERVER_KEY_PATH); - if (config->server.tls_config.pkey_path == NULL) { + config->server.tls_key_path = strdup(DEFAULT_SERVER_KEY_PATH); + if (config->server.tls_key_path == NULL) { sudo_warn(NULL); goto bad; } - config->server.tls_config.verify = true; - config->server.tls_config.check_peer = false; + config->server.tls_verify = true; + config->server.tls_check_peer = false; #endif /* I/O log defaults */ @@ -987,9 +1566,9 @@ config->iolog.flush = true; config->iolog.mode = S_IRUSR|S_IWUSR; config->iolog.maxseq = SESSID_MAX; - if (!cb_iolog_dir(config, _PATH_SUDO_IO_LOGDIR)) + if (!cb_iolog_dir(config, _PATH_SUDO_IO_LOGDIR, 0)) goto bad; - if (!cb_iolog_file(config, "%{seq}")) + if (!cb_iolog_file(config, "%{seq}", 0)) goto bad; config->iolog.uid = ROOT_UID; config->iolog.gid = ROOT_GID; @@ -998,30 +1577,32 @@ /* Event log defaults */ config->eventlog.log_type = EVLOG_SYSLOG; config->eventlog.log_format = EVLOG_SUDO; + config->eventlog.log_exit = false; /* Syslog defaults */ config->syslog.maxlen = 960; - if (!cb_syslog_facility(config, LOGFAC)) { + config->syslog.server_facility = LOG_DAEMON; + if (!cb_syslog_facility(config, LOGFAC, 0)) { sudo_warnx(U_("unknown syslog facility %s"), LOGFAC); goto bad; } - if (!cb_syslog_acceptpri(config, PRI_SUCCESS)) { + if (!cb_syslog_acceptpri(config, PRI_SUCCESS, 0)) { sudo_warnx(U_("unknown syslog priority %s"), PRI_SUCCESS); goto bad; } - if (!cb_syslog_rejectpri(config, PRI_FAILURE)) { + if (!cb_syslog_rejectpri(config, PRI_FAILURE, 0)) { sudo_warnx(U_("unknown syslog priority %s"), PRI_FAILURE); goto bad; } - if (!cb_syslog_alertpri(config, PRI_FAILURE)) { + if (!cb_syslog_alertpri(config, PRI_FAILURE, 0)) { sudo_warnx(U_("unknown syslog priority %s"), PRI_FAILURE); goto bad; } /* Log file defaults */ - if (!cb_logfile_time_format(config, "%h %e %T")) + if (!cb_logfile_time_format(config, "%h %e %T", 0)) goto bad; - if (!cb_logfile_path(config, _PATH_SUDO_LOGFILE)) + if (!cb_logfile_path(config, _PATH_SUDO_LOGFILE, 0)) goto bad; debug_return_ptr(config); @@ -1030,44 +1611,113 @@ debug_return_ptr(NULL); } -bool +static bool logsrvd_conf_apply(struct logsrvd_config *config) { +#if defined(HAVE_OPENSSL) + struct server_address *addr; +#endif debug_decl(logsrvd_conf_apply, SUDO_DEBUG_UTIL); /* There can be multiple addresses so we can't set a default earlier. */ - if (TAILQ_EMPTY(&config->server.addresses)) { + if (TAILQ_EMPTY(&config->server.addresses.addrs)) { /* Enable plaintext listender. */ - if (!cb_listen_address(config, "*:" DEFAULT_PORT)) + if (!cb_server_listen_address(config, "*:" DEFAULT_PORT, 0)) debug_return_bool(false); #if defined(HAVE_OPENSSL) /* If a certificate was specified, enable the TLS listener too. */ - if (config->server.tls_config.cert_path != NULL) { - if (!cb_listen_address(config, "*:" DEFAULT_PORT_TLS "(tls)")) + if (config->server.tls_cert_path != NULL) { + if (!cb_server_listen_address(config, "*:" DEFAULT_PORT_TLS "(tls)", 0)) debug_return_bool(false); } } else { - struct listen_address *addr; - /* Check that TLS configuration is valid. */ - TAILQ_FOREACH(addr, &config->server.addresses, entries) { + TAILQ_FOREACH(addr, &config->server.addresses.addrs, entries) { if (!addr->tls) continue; /* * If a TLS listener was explicitly enabled but the cert path * was not, use the default. */ - if (config->server.tls_config.cert_path == NULL) { - config->server.tls_config.cert_path = + if (config->server.tls_cert_path == NULL) { + config->server.tls_cert_path = strdup(DEFAULT_SERVER_CERT_PATH); - if (config->server.tls_config.cert_path == NULL) { + if (config->server.tls_cert_path == NULL) { sudo_warn(NULL); debug_return_bool(false); } } break; } -#endif +#endif /* HAVE_OPENSSL */ + } + +#if defined(HAVE_OPENSSL) + TAILQ_FOREACH(addr, &config->server.addresses.addrs, entries) { + if (!addr->tls) + continue; + /* Create a TLS context for the server. */ + config->server.ssl_ctx = init_tls_context( + config->server.tls_cacert_path, config->server.tls_cert_path, + config->server.tls_key_path, config->server.tls_dhparams_path, + config->server.tls_ciphers_v12, config->server.tls_ciphers_v13, + config->server.tls_verify); + if (config->server.ssl_ctx == NULL) { + sudo_warnx(U_("unable to initialize server TLS context")); + debug_return_bool(false); + } + break; + } + + if (TLS_CONFIGURED(config->relay)) { + TAILQ_FOREACH(addr, &config->relay.relays.addrs, entries) { + if (!addr->tls) + continue; + /* Create a TLS context for the relay. */ + config->relay.ssl_ctx = init_tls_context( + TLS_RELAY_STR(config, tls_cacert_path), + TLS_RELAY_STR(config, tls_cert_path), + TLS_RELAY_STR(config, tls_key_path), + TLS_RELAY_STR(config, tls_dhparams_path), + TLS_RELAY_STR(config, tls_ciphers_v12), + TLS_RELAY_STR(config, tls_ciphers_v13), + TLS_RELAY_INT(config, tls_verify)); + if (config->relay.ssl_ctx == NULL) { + sudo_warnx(U_("unable to initialize relay TLS context")); + debug_return_bool(false); + } + break; + } + } +#endif /* HAVE_OPENSSL */ + + /* Clear store_first if not relaying. */ + if (TAILQ_EMPTY(&config->relay.relays.addrs)) + config->relay.store_first = false; + + /* Open server log if specified. */ + switch (config->server.log_type) { + case SERVER_LOG_SYSLOG: + sudo_warn_set_conversation(logsrvd_conv_syslog); + break; + case SERVER_LOG_FILE: + config->server.log_stream = + logsrvd_open_log_file(config->server.log_file, O_WRONLY|O_APPEND|O_CREAT); + if (config->server.log_stream == NULL) + debug_return_bool(false); + sudo_warn_set_conversation(logsrvd_conv_logfile); + break; + case SERVER_LOG_NONE: + sudo_warn_set_conversation(logsrvd_conv_none); + break; + case SERVER_LOG_STDERR: + /* Default is stderr. */ + sudo_warn_set_conversation(NULL); + break; + default: + sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO, + "cannot open unknown log type %d", config->eventlog.log_type); + break; } /* Open event log if specified. */ @@ -1141,3 +1791,20 @@ fclose(fp); debug_return_bool(ret); } + +void +logsrvd_conf_cleanup(void) +{ + debug_decl(logsrvd_conf_cleanup, SUDO_DEBUG_UTIL); + + logsrvd_conf_free(logsrvd_config); + logsrvd_config = NULL; + + debug_return; +} + +void +logsrvd_warn_stderr(bool enabled) +{ + logsrvd_warn_enable_stderr = enabled; +} diff -Nru sudo-1.9.5p2/logsrvd/logsrvd_journal.c sudo-1.9.9/logsrvd/logsrvd_journal.c --- sudo-1.9.5p2/logsrvd/logsrvd_journal.c 1970-01-01 00:00:00.000000000 +0000 +++ sudo-1.9.9/logsrvd/logsrvd_journal.c 2022-01-27 21:24:22.000000000 +0000 @@ -0,0 +1,596 @@ +/* + * SPDX-License-Identifier: ISC + * + * Copyright (c) 2021 Todd C. Miller + * + * Permission to use, copy, modify, and distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR + * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN + * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF + * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + */ + +#include "config.h" + +#include +#include +#include +#include +#include +#include + +#include +#include +#include +#ifdef HAVE_STDBOOL_H +# include +#else +# include "compat/stdbool.h" +#endif /* HAVE_STDBOOL_H */ +#if defined(HAVE_STDINT_H) +# include +#elif defined(HAVE_INTTYPES_H) +# include +#endif +#include +#include +#include +#include +#include + +#include "sudo_compat.h" +#include "sudo_conf.h" +#include "sudo_debug.h" +#include "sudo_event.h" +#include "sudo_eventlog.h" +#include "sudo_fatal.h" +#include "sudo_gettext.h" +#include "sudo_iolog.h" +#include "sudo_util.h" + +#include "logsrvd.h" + +/* + * Helper function to set closure->journal and closure->journal_path. + */ +static bool +journal_fdopen(int fd, const char *journal_path, + struct connection_closure *closure) +{ + debug_decl(journal_fdopen, SUDO_DEBUG_UTIL); + + closure->journal_path = strdup(journal_path); + if (closure->journal_path == NULL) { + sudo_warnx(U_("%s: %s"), __func__, U_("unable to allocate memory")); + debug_return_bool(false); + } + + /* Defer fdopen() until last--it cannot be undone. */ + if ((closure->journal = fdopen(fd, "r+")) == NULL) { + sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO|SUDO_DEBUG_ERRNO, + "unable to fdopen journal file %s", journal_path); + debug_return_bool(false); + } + + debug_return_bool(true); +} + +static int +journal_mkstemp(const char *parent_dir, char *pathbuf, int pathlen) +{ + int len, fd = -1; + mode_t dirmode, oldmask; + debug_decl(journal_mkstemp, SUDO_DEBUG_UTIL); + + /* umask must not be more restrictive than the file modes. */ + dirmode = logsrvd_conf_iolog_mode() | S_IXUSR; + if (dirmode & (S_IRGRP|S_IWGRP)) + dirmode |= S_IXGRP; + if (dirmode & (S_IROTH|S_IWOTH)) + dirmode |= S_IXOTH; + oldmask = umask(ACCESSPERMS & ~dirmode); + + len = snprintf(pathbuf, pathlen, "%s/%s/%s", + logsrvd_conf_relay_dir(), parent_dir, RELAY_TEMPLATE); + if (len >= pathlen) { + errno = ENAMETOOLONG; + sudo_warn("%s/%s/%s", logsrvd_conf_relay_dir(), parent_dir, + RELAY_TEMPLATE); + goto done; + } + if (!sudo_mkdir_parents(pathbuf, logsrvd_conf_iolog_uid(), + logsrvd_conf_iolog_gid(), S_IRWXU|S_IXGRP|S_IXOTH, false)) { + sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO|SUDO_DEBUG_ERRNO, + "unable to create parent dir for %s", pathbuf); + goto done; + } + if ((fd = mkstemp(pathbuf)) == -1) { + sudo_warn(U_("%s: %s"), "mkstemp", pathbuf); + goto done; + } + +done: + umask(oldmask); + + debug_return_int(fd); +} + +/* + * Create a temporary file in the relay dir and store it in the closure. + */ +static bool +journal_create(struct connection_closure *closure) +{ + char journal_path[PATH_MAX]; + int fd; + debug_decl(journal_create, SUDO_DEBUG_UTIL); + + fd = journal_mkstemp("incoming", journal_path, sizeof(journal_path)); + if (fd == -1) { + closure->errstr = _("unable to create journal file"); + debug_return_bool(false); + } + if (!sudo_lock_file(fd, SUDO_TLOCK)) { + sudo_warn(U_("unable to lock %s"), journal_path); + unlink(journal_path); + close(fd); + closure->errstr = _("unable to lock journal file"); + debug_return_bool(false); + } + if (!journal_fdopen(fd, journal_path, closure)) { + sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO|SUDO_DEBUG_ERRNO, + "unable to fdopen journal file %s", journal_path); + unlink(journal_path); + close(fd); + closure->errstr = _("unable to open journal file"); + debug_return_bool(false); + } + + debug_return_bool(true); +} + +/* + * Flush any buffered data, rewind journal to the beginning and + * move to the outgoing directory. + * The actual open file is closed in connection_closure_free(). + */ +static bool +journal_finish(struct connection_closure *closure) +{ + char outgoing_path[PATH_MAX]; + size_t len; + int fd; + debug_decl(journal_finish, SUDO_DEBUG_UTIL); + + if (fflush(closure->journal) != 0) { + closure->errstr = _("unable to write journal file"); + debug_return_bool(false); + } + rewind(closure->journal); + + /* Move journal to the outgoing directory. */ + fd = journal_mkstemp("outgoing", outgoing_path, sizeof(outgoing_path)); + if (fd == -1) { + closure->errstr = _("unable to rename journal file"); + debug_return_bool(false); + } + close(fd); + if (rename(closure->journal_path, outgoing_path) == -1) { + sudo_warn(U_("unable to rename %s to %s"), closure->journal_path, + outgoing_path); + closure->errstr = _("unable to rename journal file"); + unlink(outgoing_path); + debug_return_bool(false); + } + sudo_debug_printf(SUDO_DEBUG_INFO|SUDO_DEBUG_LINENO, + "renamed %s -> %s", closure->journal_path, outgoing_path); + len = strlen(outgoing_path); + if (strlen(closure->journal_path) == len) { + /* This should always be true. */ + memcpy(closure->journal_path, outgoing_path, len); + } else { + sudo_debug_printf(SUDO_DEBUG_WARN|SUDO_DEBUG_LINENO, + "length mismatch %zu != %zu", strlen(closure->journal_path), len); + free(closure->journal_path); + closure->journal_path = strdup(outgoing_path); + if (closure->journal_path == NULL) { + sudo_warnx(U_("%s: %s"), __func__, U_("unable to allocate memory")); + closure->errstr = _("unable to allocate memory"); + debug_return_bool(false); + } + } + + debug_return_bool(true); +} + +/* + * Seek ahead in the journal to the specified target time. + * Returns true if we reached the target time exactly, else false. + */ +static bool +journal_seek(struct timespec *target, struct connection_closure *closure) +{ + ClientMessage *msg = NULL; + size_t nread, bufsize = 0; + uint8_t *buf = NULL; + uint32_t msg_len; + bool ret = false; + debug_decl(journal_seek, SUDO_DEBUG_UTIL); + + for (;;) { + TimeSpec *delay = NULL; + + /* Read message size (uint32_t in network byte order). */ + nread = fread(&msg_len, sizeof(msg_len), 1, closure->journal); + if (nread != 1) { + if (feof(closure->journal)) { + sudo_warnx(U_("%s: %s"), closure->journal_path, + U_("unexpected EOF reading journal file")); + closure->errstr = _("unexpected EOF reading journal file"); + } else { + sudo_warn(U_("%s: %s"), closure->journal_path, + U_("error reading journal file")); + closure->errstr = _("error reading journal file"); + } + break; + } + msg_len = ntohl(msg_len); + if (msg_len > MESSAGE_SIZE_MAX) { + sudo_warnx(U_("%s: %s"), closure->journal_path, + U_("client message too large")); + closure->errstr = _("client message too large"); + break; + } + + /* Read actual message now that we know the size. */ + if (msg_len != 0) { + sudo_debug_printf(SUDO_DEBUG_DEBUG|SUDO_DEBUG_LINENO, + "%s: reading message %u bytes", closure->journal_path, msg_len); + + if (msg_len > bufsize) { + bufsize = sudo_pow2_roundup(msg_len); + free(buf); + if ((buf = malloc(bufsize)) == NULL) { + closure->errstr = _("unable to allocate memory"); + break; + } + } + + nread = fread(buf, msg_len, 1, closure->journal); + if (nread != 1) { + if (feof(closure->journal)) { + sudo_warnx(U_("%s: %s"), closure->journal_path, + U_("unexpected EOF reading journal file")); + closure->errstr = _("unexpected EOF reading journal file"); + } else { + sudo_warn(U_("%s: %s"), closure->journal_path, + U_("error reading journal file")); + closure->errstr = _("error reading journal file"); + } + break; + } + } + + client_message__free_unpacked(msg, NULL); + msg = client_message__unpack(NULL, msg_len, buf); + if (msg == NULL) { + sudo_warnx("unable to unpack %s size %zu", "ClientMessage", + (size_t)msg_len); + closure->errstr = _("invalid journal file, unable to restart"); + break; + } + + switch (msg->type_case) { + case CLIENT_MESSAGE__TYPE_HELLO_MSG: + sudo_debug_printf(SUDO_DEBUG_DEBUG|SUDO_DEBUG_LINENO, + "seeking past ClientHello (%d)", msg->type_case); + break; + case CLIENT_MESSAGE__TYPE_ACCEPT_MSG: + sudo_debug_printf(SUDO_DEBUG_DEBUG|SUDO_DEBUG_LINENO, + "seeking past AcceptMessage (%d)", msg->type_case); + break; + case CLIENT_MESSAGE__TYPE_REJECT_MSG: + sudo_debug_printf(SUDO_DEBUG_DEBUG|SUDO_DEBUG_LINENO, + "seeking past RejectMessage (%d)", msg->type_case); + break; + case CLIENT_MESSAGE__TYPE_EXIT_MSG: + sudo_debug_printf(SUDO_DEBUG_DEBUG|SUDO_DEBUG_LINENO, + "seeking past ExitMessage (%d)", msg->type_case); + break; + case CLIENT_MESSAGE__TYPE_RESTART_MSG: + sudo_debug_printf(SUDO_DEBUG_DEBUG|SUDO_DEBUG_LINENO, + "seeking past RestartMessage (%d)", msg->type_case); + break; + case CLIENT_MESSAGE__TYPE_ALERT_MSG: + sudo_debug_printf(SUDO_DEBUG_DEBUG|SUDO_DEBUG_LINENO, + "seeking past AlertMessage (%d)", msg->type_case); + break; + case CLIENT_MESSAGE__TYPE_TTYIN_BUF: + delay = msg->u.ttyin_buf->delay; + sudo_debug_printf(SUDO_DEBUG_DEBUG|SUDO_DEBUG_LINENO, + "read IoBuffer (%d), delay [%lld, %ld]", msg->type_case, + (long long)delay->tv_sec, (long)delay->tv_nsec); + break; + case CLIENT_MESSAGE__TYPE_TTYOUT_BUF: + delay = msg->u.ttyout_buf->delay; + sudo_debug_printf(SUDO_DEBUG_DEBUG|SUDO_DEBUG_LINENO, + "read IoBuffer (%d), delay [%lld, %ld]", msg->type_case, + (long long)delay->tv_sec, (long)delay->tv_nsec); + break; + case CLIENT_MESSAGE__TYPE_STDIN_BUF: + delay = msg->u.stdin_buf->delay; + sudo_debug_printf(SUDO_DEBUG_DEBUG|SUDO_DEBUG_LINENO, + "read IoBuffer (%d), delay [%lld, %ld]", msg->type_case, + (long long)delay->tv_sec, (long)delay->tv_nsec); + break; + case CLIENT_MESSAGE__TYPE_STDOUT_BUF: + delay = msg->u.stdout_buf->delay; + sudo_debug_printf(SUDO_DEBUG_DEBUG|SUDO_DEBUG_LINENO, + "read stdout_buf (%d), delay [%lld, %ld]", msg->type_case, + (long long)delay->tv_sec, (long)delay->tv_nsec); + break; + case CLIENT_MESSAGE__TYPE_STDERR_BUF: + delay = msg->u.stderr_buf->delay; + sudo_debug_printf(SUDO_DEBUG_DEBUG|SUDO_DEBUG_LINENO, + "read stderr_buf (%d), delay [%lld, %ld]", msg->type_case, + (long long)delay->tv_sec, (long)delay->tv_nsec); + break; + case CLIENT_MESSAGE__TYPE_WINSIZE_EVENT: + delay = msg->u.winsize_event->delay; + sudo_debug_printf(SUDO_DEBUG_DEBUG|SUDO_DEBUG_LINENO, + "read ChangeWindowSize (%d), delay [%lld, %ld]", msg->type_case, + (long long)delay->tv_sec, (long)delay->tv_nsec); + break; + case CLIENT_MESSAGE__TYPE_SUSPEND_EVENT: + delay = msg->u.suspend_event->delay; + sudo_debug_printf(SUDO_DEBUG_DEBUG|SUDO_DEBUG_LINENO, + "read CommandSuspend (%d), delay [%lld, %ld]", msg->type_case, + (long long)delay->tv_sec, (long)delay->tv_nsec); + break; + default: + sudo_warnx(U_("unexpected type_case value %d in %s from %s"), + msg->type_case, "ClientMessage", closure->journal_path); + break; + } + if (delay != NULL) { + update_elapsed_time(delay, &closure->elapsed_time); + sudo_debug_printf(SUDO_DEBUG_DEBUG|SUDO_DEBUG_LINENO, + "%s: elapsed time now [%lld, %ld]", closure->journal_path, + (long long)closure->elapsed_time.tv_sec, + closure->elapsed_time.tv_nsec); + } + + if (sudo_timespeccmp(&closure->elapsed_time, target, >=)) { + if (sudo_timespeccmp(&closure->elapsed_time, target, ==)) { + ret = true; + break; + } + + /* Mismatch between resume point and stored log. */ + closure->errstr = _("invalid journal file, unable to restart"); + sudo_warnx(U_("%s: unable to find resume point [%lld, %ld]"), + closure->journal_path, (long long)target->tv_sec, + target->tv_nsec); + break; + } + } + + client_message__free_unpacked(msg, NULL); + free(buf); + + debug_return_bool(ret); +} + +/* + * Restart an existing journal. + * Seeks to the resume_point in RestartMessage before continuing. + * Returns true if we reached the target time exactly, else false. + */ +static bool +journal_restart(RestartMessage *msg, uint8_t *buf, size_t buflen, + struct connection_closure *closure) +{ + struct timespec target; + int fd, len; + char *cp, journal_path[PATH_MAX]; + debug_decl(journal_restart, SUDO_DEBUG_UTIL); + + /* Strip off leading hostname from log_id. */ + if ((cp = strchr(msg->log_id, '/')) != NULL) { + if (cp != msg->log_id) + cp++; + } else { + cp = msg->log_id; + } + len = snprintf(journal_path, sizeof(journal_path), "%s/incoming/%s", + logsrvd_conf_relay_dir(), cp); + if (len >= ssizeof(journal_path)) { + errno = ENAMETOOLONG; + sudo_warn("%s/incoming/%s", logsrvd_conf_relay_dir(), cp); + closure->errstr = _("unable to create journal file"); + debug_return_bool(false); + } + if ((fd = open(journal_path, O_RDWR)) == -1) { + sudo_warn(U_("unable to open %s"), journal_path); + closure->errstr = _("unable to create journal file"); + debug_return_bool(false); + } + if (!journal_fdopen(fd, journal_path, closure)) { + sudo_warnx(U_("%s: %s"), __func__, U_("unable to allocate memory")); + close(fd); + closure->errstr = _("unable to allocate memory"); + debug_return_bool(false); + } + + /* Seek forward to resume point. */ + target.tv_sec = msg->resume_point->tv_sec; + target.tv_nsec = msg->resume_point->tv_nsec; + if (!journal_seek(&target, closure)) { + sudo_warn(U_("unable to seek to [%lld, %ld] in journal file %s"), + (long long)target.tv_sec, target.tv_nsec, journal_path); + debug_return_bool(false); + } + + debug_return_bool(true); +} + +static bool +journal_write(uint8_t *buf, size_t len, struct connection_closure *closure) +{ + uint32_t msg_len; + debug_decl(journal_write, SUDO_DEBUG_UTIL); + + /* 32-bit message length in network byte order. */ + msg_len = htonl((uint32_t)len); + if (fwrite(&msg_len, 1, sizeof(msg_len), closure->journal) != sizeof(msg_len)) { + closure->errstr = _("unable to write journal file"); + debug_return_bool(false); + } + /* message payload */ + if (fwrite(buf, 1, len, closure->journal) != len) { + closure->errstr = _("unable to write journal file"); + debug_return_bool(false); + } + debug_return_bool(true); +} + +/* + * Store an AcceptMessage from the client in the journal. + */ +static bool +journal_accept(AcceptMessage *msg, uint8_t *buf, size_t len, + struct connection_closure *closure) +{ + debug_decl(journal_accept, SUDO_DEBUG_UTIL); + + if (closure->journal_path != NULL) { + /* Re-use existing journal file. */ + debug_return_bool(journal_write(buf, len, closure)); + } + + /* Store message in a journal for later relaying. */ + if (!journal_create(closure)) + debug_return_bool(false); + if (!journal_write(buf, len, closure)) + debug_return_bool(false); + + if (msg->expect_iobufs) { + /* Send log ID to client for restarting connections. */ + if (!fmt_log_id_message(closure->journal_path, closure)) + debug_return_bool(false); + if (sudo_ev_add(closure->evbase, closure->write_ev, + logsrvd_conf_server_timeout(), false) == -1) { + sudo_warnx("%s", U_("unable to add event to queue")); + debug_return_bool(false); + } + } + + debug_return_bool(true); +} + +/* + * Store a RejectMessage from the client in the journal. + */ +static bool +journal_reject(RejectMessage *msg, uint8_t *buf, size_t len, + struct connection_closure *closure) +{ + debug_decl(journal_reject, SUDO_DEBUG_UTIL); + + /* Store message in a journal for later relaying. */ + if (closure->journal_path == NULL) { + if (!journal_create(closure)) + debug_return_bool(false); + } + if (!journal_write(buf, len, closure)) + debug_return_bool(false); + + debug_return_bool(true); +} + +/* + * Store an ExitMessage from the client in the journal. + */ +static bool +journal_exit(ExitMessage *msg, uint8_t *buf, size_t len, + struct connection_closure *closure) +{ + debug_decl(journal_exit, SUDO_DEBUG_UTIL); + + /* Store exit message in journal. */ + if (!journal_write(buf, len, closure)) + debug_return_bool(false); + if (!journal_finish(closure)) + debug_return_bool(false); + + debug_return_bool(true); +} + +/* + * Store an AlertMessage from the client in the journal. + */ +static bool +journal_alert(AlertMessage *msg, uint8_t *buf, size_t len, + struct connection_closure *closure) +{ + debug_decl(journal_alert, SUDO_DEBUG_UTIL); + + debug_return_bool(journal_write(buf, len, closure)); +} + +/* + * Store an IoBuffer from the client in the journal. + */ +static bool +journal_iobuf(int iofd, IoBuffer *iobuf, uint8_t *buf, size_t len, + struct connection_closure *closure) +{ + debug_decl(journal_iobuf, SUDO_DEBUG_UTIL); + + if (!journal_write(buf, len, closure)) + debug_return_bool(false); + update_elapsed_time(iobuf->delay, &closure->elapsed_time); + + debug_return_bool(true); +} + +/* + * Store a CommandSuspend message from the client in the journal. + */ +static bool +journal_suspend(CommandSuspend *msg, uint8_t *buf, size_t len, + struct connection_closure *closure) +{ + debug_decl(journal_suspend, SUDO_DEBUG_UTIL); + + debug_return_bool(journal_write(buf, len, closure)); +} + +/* + * Store a ChangeWindowSize message from the client in the journal. + */ +static bool +journal_winsize(ChangeWindowSize *msg, uint8_t *buf, size_t len, + struct connection_closure *closure) +{ + debug_decl(journal_winsize, SUDO_DEBUG_UTIL); + + debug_return_bool(journal_write(buf, len, closure)); +} + +struct client_message_switch cms_journal = { + journal_accept, + journal_reject, + journal_exit, + journal_restart, + journal_alert, + journal_iobuf, + journal_suspend, + journal_winsize +}; diff -Nru sudo-1.9.5p2/logsrvd/logsrvd_local.c sudo-1.9.9/logsrvd/logsrvd_local.c --- sudo-1.9.5p2/logsrvd/logsrvd_local.c 1970-01-01 00:00:00.000000000 +0000 +++ sudo-1.9.9/logsrvd/logsrvd_local.c 2022-01-27 21:24:22.000000000 +0000 @@ -0,0 +1,661 @@ +/* + * SPDX-License-Identifier: ISC + * + * Copyright (c) 2019-2021 Todd C. Miller + * + * Permission to use, copy, modify, and distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR + * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN + * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF + * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + */ + +#include "config.h" + +#include +#include +#include +#include +#include +#include +#include + +#include +#include +#include +#ifdef HAVE_STDBOOL_H +# include +#else +# include "compat/stdbool.h" +#endif /* HAVE_STDBOOL_H */ +#if defined(HAVE_STDINT_H) +# include +#elif defined(HAVE_INTTYPES_H) +# include +#endif +#include +#include +#include +#include +#include + +#include "sudo_compat.h" +#include "sudo_conf.h" +#include "sudo_debug.h" +#include "sudo_event.h" +#include "sudo_eventlog.h" +#include "sudo_fatal.h" +#include "sudo_gettext.h" +#include "sudo_json.h" +#include "sudo_iolog.h" +#include "sudo_rand.h" +#include "sudo_util.h" + +#include "logsrvd.h" + +struct logsrvd_info_closure { + InfoMessage **info_msgs; + size_t infolen; +}; + +static double random_drop; + +bool +set_random_drop(const char *dropstr) +{ + char *ep; + debug_decl(set_random_drop, SUDO_DEBUG_UTIL); + + errno = 0; + random_drop = strtod(dropstr, &ep); + if (*ep != '\0' || errno != 0) + debug_return_bool(false); + random_drop /= 100.0; /* convert from percentage */ + + debug_return_bool(true); +} + +static bool +logsrvd_json_log_cb(struct json_container *json, void *v) +{ + struct logsrvd_info_closure *closure = v; + struct json_value json_value; + size_t idx; + debug_decl(logsrvd_json_log_cb, SUDO_DEBUG_UTIL); + + for (idx = 0; idx < closure->infolen; idx++) { + InfoMessage *info = closure->info_msgs[idx]; + + switch (info->value_case) { + case INFO_MESSAGE__VALUE_NUMVAL: + json_value.type = JSON_NUMBER; + json_value.u.number = info->u.numval; + if (!sudo_json_add_value(json, info->key, &json_value)) + goto bad; + break; + case INFO_MESSAGE__VALUE_STRVAL: + json_value.type = JSON_STRING; + json_value.u.string = info->u.strval; + if (!sudo_json_add_value(json, info->key, &json_value)) + goto bad; + break; + case INFO_MESSAGE__VALUE_STRLISTVAL: { + InfoMessage__StringList *strlist = info->u.strlistval; + size_t n; + + if (!sudo_json_open_array(json, info->key)) + goto bad; + for (n = 0; n < strlist->n_strings; n++) { + json_value.type = JSON_STRING; + json_value.u.string = strlist->strings[n]; + if (!sudo_json_add_value(json, NULL, &json_value)) + goto bad; + } + if (!sudo_json_close_array(json)) + goto bad; + break; + } + default: + sudo_warnx(U_("unexpected type_case value %d in %s from %s"), + info->value_case, "InfoMessage", "local"); + goto bad; + } + } + debug_return_bool(true); +bad: + debug_return_bool(false); +} + +/* + * Parse and store an AcceptMessage locally. + */ +bool +store_accept_local(AcceptMessage *msg, uint8_t *buf, size_t len, + struct connection_closure *closure) +{ + struct logsrvd_info_closure info = { msg->info_msgs, msg->n_info_msgs }; + bool new_session = closure->evlog == NULL; + struct eventlog *evlog = NULL; + char *log_id = NULL; + bool ret = false; + debug_decl(store_accept_local, SUDO_DEBUG_UTIL); + + /* Store sudo-style event and I/O logs. */ + evlog = evlog_new(msg->submit_time, msg->info_msgs, msg->n_info_msgs, + closure); + if (evlog == NULL) { + closure->errstr = _("error parsing AcceptMessage"); + goto done; + } + + /* Additional setup for the initial command in the session. */ + if (new_session) { + closure->evlog = evlog; + + /* Create I/O log info file and parent directories. */ + if (msg->expect_iobufs) { + if (!iolog_init(msg, closure)) { + closure->errstr = _("error creating I/O log"); + goto done; + } + closure->log_io = true; + log_id = closure->evlog->iolog_path; + } + } else if (closure->log_io) { + /* Sub-command from an existing session, set iolog and offset. */ + evlog->iolog_path = strdup(closure->evlog->iolog_path); + if (evlog->iolog_path == NULL) { + sudo_warnx(U_("%s: %s"), __func__, U_("unable to allocate memory")); + closure->errstr = _("unable to allocate memory"); + goto done; + } + if (closure->evlog->iolog_file != NULL) { + evlog->iolog_file = evlog->iolog_path + + (closure->evlog->iolog_file - closure->evlog->iolog_path); + } + sudo_timespecsub(&evlog->submit_time, &closure->evlog->submit_time, + &evlog->iolog_offset); + } + + if (!eventlog_accept(evlog, 0, logsrvd_json_log_cb, &info)) { + closure->errstr = _("error logging accept event"); + goto done; + } + + if (new_session && log_id != NULL) { + /* Send log ID to client for restarting connections. */ + if (!fmt_log_id_message(log_id, closure)) + goto done; + if (sudo_ev_add(closure->evbase, closure->write_ev, + logsrvd_conf_server_timeout(), false) == -1) { + sudo_warnx("%s", U_("unable to add event to queue")); + goto done; + } + } + + ret = true; + +done: + if (closure->evlog != evlog) + eventlog_free(evlog); + + debug_return_bool(ret); +} + +/* + * Parse and store a RejectMessage locally. + */ +bool +store_reject_local(RejectMessage *msg, uint8_t *buf, size_t len, + struct connection_closure *closure) +{ + struct logsrvd_info_closure info = { msg->info_msgs, msg->n_info_msgs }; + struct eventlog *evlog = NULL; + bool ret = false; + debug_decl(store_reject_local, SUDO_DEBUG_UTIL); + + evlog = evlog_new(msg->submit_time, msg->info_msgs, msg->n_info_msgs, + closure); + if (evlog == NULL) { + closure->errstr = _("error parsing RejectMessage"); + goto done; + } + + if (closure->evlog == NULL) { + /* Initial command in session. */ + closure->evlog = evlog; + } else if (closure->log_io) { + /* Sub-command from an existing session, set iolog and offset. */ + evlog->iolog_path = strdup(closure->evlog->iolog_path); + if (evlog->iolog_path == NULL) { + sudo_warnx(U_("%s: %s"), __func__, U_("unable to allocate memory")); + closure->errstr = _("unable to allocate memory"); + goto done; + } + if (closure->evlog->iolog_file != NULL) { + evlog->iolog_file = evlog->iolog_path + + (closure->evlog->iolog_file - closure->evlog->iolog_path); + } + sudo_timespecsub(&evlog->submit_time, &closure->evlog->submit_time, + &evlog->iolog_offset); + } + + if (!eventlog_reject(evlog, 0, msg->reason, logsrvd_json_log_cb, &info)) { + closure->errstr = _("error logging reject event"); + goto done; + } + + ret = true; + +done: + if (closure->evlog != evlog) + eventlog_free(evlog); + + debug_return_bool(ret); +} + +static bool +store_exit_info_json(int dfd, struct eventlog *evlog) +{ + struct json_container json = { 0 }; + struct json_value json_value; + struct iovec iov[3]; + bool ret = false; + int fd = -1; + off_t pos; + debug_decl(store_exit_info_json, SUDO_DEBUG_UTIL); + + if (!sudo_json_init(&json, 4, false, false)) + goto done; + + fd = iolog_openat(dfd, "log.json", O_RDWR); + if (fd == -1) { + sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO|SUDO_DEBUG_ERRNO, + "unable to open to %s/log.json", evlog->iolog_path); + if (errno == ENOENT) { + /* Ignore missing log.json file. */ + ret = true; + } + goto done; + } + + if (sudo_timespecisset(&evlog->run_time)) { + if (!sudo_json_open_object(&json, "run_time")) + goto done; + + json_value.type = JSON_NUMBER; + json_value.u.number = evlog->run_time.tv_sec; + if (!sudo_json_add_value(&json, "seconds", &json_value)) + goto done; + + json_value.type = JSON_NUMBER; + json_value.u.number = evlog->run_time.tv_nsec; + if (!sudo_json_add_value(&json, "nanoseconds", &json_value)) + goto done; + + if (!sudo_json_close_object(&json)) + goto done; + } + + if (evlog->signal_name != NULL) { + json_value.type = JSON_STRING; + json_value.u.string = evlog->signal_name; + if (!sudo_json_add_value(&json, "signal", &json_value)) + goto done; + + json_value.type = JSON_BOOL; + json_value.u.boolean = evlog->dumped_core; + if (!sudo_json_add_value(&json, "dumped_core", &json_value)) + goto done; + } + + json_value.type = JSON_NUMBER; + json_value.u.number = evlog->exit_value; + if (!sudo_json_add_value(&json, "exit_value", &json_value)) + goto done; + + /* Back up to overwrite the final "\n}\n" */ + pos = lseek(fd, -3, SEEK_END); + if (pos == -1) { + sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO|SUDO_DEBUG_ERRNO, + "unable to rewind %s/log.json 3 bytes", evlog->iolog_path); + goto done; + } + + /* Append the exit data and close the object. */ + iov[0].iov_base = ","; + iov[0].iov_len = 1; + iov[1].iov_base = sudo_json_get_buf(&json); + iov[1].iov_len = sudo_json_get_len(&json); + iov[2].iov_base = "\n}\n"; + iov[2].iov_len = 3; + if (writev(fd, iov, 3) == -1) { + sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO|SUDO_DEBUG_ERRNO, + "unable to write %s/log.json", evlog->iolog_path); + /* Back up and try to restore to original state. */ + if (lseek(fd, pos, SEEK_SET) != -1) { + ignore_result(write(fd, "\n}\n", 3)); + } + goto done; + } + + ret = true; + +done: + if (fd != -1) + close(fd); + sudo_json_free(&json); + debug_return_bool(ret); +} + +bool +store_exit_local(ExitMessage *msg, uint8_t *buf, size_t len, + struct connection_closure *closure) +{ + struct eventlog *evlog = closure->evlog; + int flags = 0; + debug_decl(store_exit_local, SUDO_DEBUG_UTIL); + + if (msg->run_time != NULL) { + evlog->run_time.tv_sec = msg->run_time->tv_sec; + evlog->run_time.tv_nsec = msg->run_time->tv_nsec; + } + evlog->exit_value = msg->exit_value; + if (msg->signal != NULL && msg->signal[0] != '\0') { + sudo_debug_printf(SUDO_DEBUG_INFO|SUDO_DEBUG_LINENO, + "command was killed by SIG%s%s", msg->signal, + msg->dumped_core ? " (core dumped)" : ""); + evlog->signal_name = strdup(msg->signal); + if (evlog->signal_name == NULL) { + closure->errstr = _("unable to allocate memory"); + debug_return_bool(false); + } + evlog->dumped_core = msg->dumped_core; + } else { + sudo_debug_printf(SUDO_DEBUG_INFO|SUDO_DEBUG_LINENO, + "command exited with %d", msg->exit_value); + } + if (logsrvd_conf_log_exit()) { + if (!eventlog_exit(closure->evlog, flags)) { + closure->errstr = _("error logging exit event"); + debug_return_bool(false); + } + } + + if (closure->log_io) { + /* Store the run time and exit status in log.json. */ + if (!store_exit_info_json(closure->iolog_dir_fd, evlog)) { + closure->errstr = _("error logging exit event"); + debug_return_bool(false); + } + + /* Clear write bits from I/O timing file to indicate completion. */ + mode_t mode = logsrvd_conf_iolog_mode(); + CLR(mode, S_IWUSR|S_IWGRP|S_IWOTH); + if (fchmodat(closure->iolog_dir_fd, "timing", mode, 0) == -1) { + sudo_warn("chmod 0%o %s/%s", (unsigned int)mode, "timing", + logsrvd_conf_iolog_dir()); + } + } + + debug_return_bool(true); +} + +bool +store_restart_local(RestartMessage *msg, uint8_t *buf, size_t len, + struct connection_closure *closure) +{ + struct timespec target; + struct stat sb; + int iofd; + debug_decl(store_restart_local, SUDO_DEBUG_UTIL); + + target.tv_sec = msg->resume_point->tv_sec; + target.tv_nsec = msg->resume_point->tv_nsec; + + /* We must allocate closure->evlog for iolog_path. */ + closure->evlog = calloc(1, sizeof(*closure->evlog)); + if (closure->evlog == NULL) { + sudo_warnx(U_("%s: %s"), __func__, U_("unable to allocate memory")); + closure->errstr = _("unable to allocate memory"); + goto bad; + } + closure->evlog->iolog_path = strdup(msg->log_id); + if (closure->evlog->iolog_path == NULL) { + sudo_warnx(U_("%s: %s"), __func__, U_("unable to allocate memory")); + closure->errstr = _("unable to allocate memory"); + goto bad; + } + + /* We use iolog_dir_fd in calls to openat(2) */ + closure->iolog_dir_fd = + iolog_openat(AT_FDCWD, closure->evlog->iolog_path, O_RDONLY); + if (closure->iolog_dir_fd == -1) { + sudo_warn("%s", closure->evlog->iolog_path); + goto bad; + } + + /* If the timing file write bit is clear, log is already complete. */ + if (fstatat(closure->iolog_dir_fd, "timing", &sb, 0) == -1) { + sudo_warn("%s/timing", closure->evlog->iolog_path); + goto bad; + } + if (!ISSET(sb.st_mode, S_IWUSR)) { + sudo_warn(U_("%s: %s"), closure->evlog->iolog_path, + U_("log is already complete, cannot be restarted")); + closure->errstr = _("log is already complete, cannot be restarted"); + goto bad; + } + + /* Open existing I/O log files. */ + if (!iolog_open_all(closure->iolog_dir_fd, closure->evlog->iolog_path, + closure->iolog_files, "r+")) + goto bad; + + /* Compressed logs don't support random access, so rewrite them. */ + for (iofd = 0; iofd < IOFD_MAX; iofd++) { + if (closure->iolog_files[iofd].compressed) + debug_return_bool(iolog_rewrite(&target, closure)); + } + + /* Parse timing file until we reach the target point. */ + if (!iolog_seekto(closure->iolog_dir_fd, closure->evlog->iolog_path, + closure->iolog_files, &closure->elapsed_time, &target)) + goto bad; + + /* Must seek or flush before switching from read -> write. */ + if (iolog_seek(&closure->iolog_files[IOFD_TIMING], 0, SEEK_CUR) == -1) { + sudo_warn("%s/timing", closure->evlog->iolog_path); + goto bad; + } + + /* Ready to log I/O buffers. */ + debug_return_bool(true); +bad: + if (closure->errstr == NULL) + closure->errstr = _("unable to restart log"); + debug_return_bool(false); +} + +bool +store_alert_local(AlertMessage *msg, uint8_t *buf, size_t len, + struct connection_closure *closure) +{ + struct eventlog *evlog = NULL; + struct timespec alert_time; + bool ret = false; + debug_decl(store_alert_local, SUDO_DEBUG_UTIL); + + if (msg->info_msgs != NULL && msg->n_info_msgs != 0) { + evlog = evlog_new(NULL, msg->info_msgs, msg->n_info_msgs, closure); + if (evlog == NULL) { + closure->errstr = _("error parsing AlertMessage"); + goto done; + } + if (closure->evlog == NULL) + closure->evlog = evlog; + } + alert_time.tv_sec = msg->alert_time->tv_sec; + alert_time.tv_nsec = msg->alert_time->tv_nsec; + + if (!eventlog_alert(evlog, 0, &alert_time, msg->reason, NULL)) { + closure->errstr = _("error logging alert event"); + goto done; + } + + ret = true; + +done: + if (closure->evlog != evlog) + eventlog_free(evlog); + + debug_return_bool(ret); +} + +bool +store_iobuf_local(int iofd, IoBuffer *iobuf, uint8_t *buf, size_t buflen, + struct connection_closure *closure) +{ + const struct eventlog *evlog = closure->evlog; + const char *errstr; + char tbuf[1024]; + int len; + debug_decl(store_iobuf_local, SUDO_DEBUG_UTIL); + + /* Open log file as needed. */ + if (!closure->iolog_files[iofd].enabled) { + if (!iolog_create(iofd, closure)) + goto bad; + } + + /* Format timing data. */ + /* FIXME - assumes IOFD_* matches IO_EVENT_* */ + len = snprintf(tbuf, sizeof(tbuf), "%d %lld.%09d %zu\n", + iofd, (long long)iobuf->delay->tv_sec, (int)iobuf->delay->tv_nsec, + iobuf->data.len); + if (len < 0 || len >= ssizeof(tbuf)) { + sudo_warnx(U_("unable to format timing buffer, length %d"), len); + goto bad; + } + + /* Write to specified I/O log file. */ + if (!iolog_write(&closure->iolog_files[iofd], iobuf->data.data, + iobuf->data.len, &errstr)) { + sudo_warnx(U_("%s/%s: %s"), evlog->iolog_path, iolog_fd_to_name(iofd), + errstr); + goto bad; + } + + /* Write timing data. */ + if (!iolog_write(&closure->iolog_files[IOFD_TIMING], tbuf, + len, &errstr)) { + sudo_warnx(U_("%s/%s: %s"), evlog->iolog_path, + iolog_fd_to_name(IOFD_TIMING), errstr); + goto bad; + } + + update_elapsed_time(iobuf->delay, &closure->elapsed_time); + + /* Random drop is a debugging tool to test client restart. */ + if (random_drop > 0.0) { + double randval = arc4random() / (double)UINT32_MAX; + if (randval < random_drop) { + sudo_debug_printf(SUDO_DEBUG_WARN|SUDO_DEBUG_LINENO, + "randomly dropping connection (%f < %f)", randval, random_drop); + debug_return_bool(false); + } + } + + debug_return_bool(true); +bad: + if (closure->errstr == NULL) + closure->errstr = _("error writing IoBuffer"); + debug_return_bool(false); +} + +bool +store_winsize_local(ChangeWindowSize *msg, uint8_t *buf, size_t buflen, + struct connection_closure *closure) +{ + const char *errstr; + char tbuf[1024]; + int len; + debug_decl(store_winsize_local, SUDO_DEBUG_UTIL); + + /* Format timing data including new window size. */ + len = snprintf(tbuf, sizeof(tbuf), "%d %lld.%09d %d %d\n", IO_EVENT_WINSIZE, + (long long)msg->delay->tv_sec, (int)msg->delay->tv_nsec, + msg->rows, msg->cols); + if (len < 0 || len >= ssizeof(tbuf)) { + sudo_warnx(U_("unable to format timing buffer, length %d"), len); + goto bad; + } + + /* Write timing data. */ + if (!iolog_write(&closure->iolog_files[IOFD_TIMING], tbuf, + len, &errstr)) { + sudo_warnx(U_("%s/%s: %s"), closure->evlog->iolog_path, + iolog_fd_to_name(IOFD_TIMING), errstr); + goto bad; + } + + update_elapsed_time(msg->delay, &closure->elapsed_time); + + debug_return_bool(true); +bad: + if (closure->errstr == NULL) + closure->errstr = _("error writing ChangeWindowSize"); + debug_return_bool(false); +} + +bool +store_suspend_local(CommandSuspend *msg, uint8_t *buf, size_t buflen, + struct connection_closure *closure) +{ + const char *errstr; + char tbuf[1024]; + int len; + debug_decl(store_suspend_local, SUDO_DEBUG_UTIL); + + /* Format timing data including suspend signal. */ + len = snprintf(tbuf, sizeof(tbuf), "%d %lld.%09d %s\n", IO_EVENT_SUSPEND, + (long long)msg->delay->tv_sec, (int)msg->delay->tv_nsec, + msg->signal); + if (len < 0 || len >= ssizeof(tbuf)) { + sudo_warnx(U_("unable to format timing buffer, length %d"), len); + goto bad; + } + + /* Write timing data. */ + if (!iolog_write(&closure->iolog_files[IOFD_TIMING], tbuf, + len, &errstr)) { + sudo_warnx(U_("%s/%s: %s"), closure->evlog->iolog_path, + iolog_fd_to_name(IOFD_TIMING), errstr); + goto bad; + } + + update_elapsed_time(msg->delay, &closure->elapsed_time); + + debug_return_bool(true); +bad: + if (closure->errstr == NULL) + closure->errstr = _("error writing CommandSuspend"); + debug_return_bool(false); +} + +struct client_message_switch cms_local = { + store_accept_local, + store_reject_local, + store_exit_local, + store_restart_local, + store_alert_local, + store_iobuf_local, + store_suspend_local, + store_winsize_local +}; diff -Nru sudo-1.9.5p2/logsrvd/logsrvd_queue.c sudo-1.9.9/logsrvd/logsrvd_queue.c --- sudo-1.9.5p2/logsrvd/logsrvd_queue.c 1970-01-01 00:00:00.000000000 +0000 +++ sudo-1.9.9/logsrvd/logsrvd_queue.c 2022-01-27 21:24:22.000000000 +0000 @@ -0,0 +1,282 @@ +/* + * SPDX-License-Identifier: ISC + * + * Copyright (c) 2021 Todd C. Miller + * + * Permission to use, copy, modify, and distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR + * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN + * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF + * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + */ + +#include "config.h" + +#include +#include +#include +#include +#include +#include + +#include +#include +#include +#ifdef HAVE_STDBOOL_H +# include +#else +# include "compat/stdbool.h" +#endif /* HAVE_STDBOOL_H */ +#if defined(HAVE_STDINT_H) +# include +#elif defined(HAVE_INTTYPES_H) +# include +#endif +#include +#include +#include +#include +#include +#include + +#include "sudo_compat.h" +#include "sudo_conf.h" +#include "sudo_debug.h" +#include "sudo_event.h" +#include "sudo_eventlog.h" +#include "sudo_fatal.h" +#include "sudo_gettext.h" +#include "sudo_iolog.h" +#include "sudo_queue.h" +#include "sudo_util.h" + +#include "logsrvd.h" + +#if defined(HAVE_STRUCT_DIRENT_D_NAMLEN) && HAVE_STRUCT_DIRENT_D_NAMLEN +# define NAMLEN(dirent) (dirent)->d_namlen +#else +# define NAMLEN(dirent) strlen((dirent)->d_name) +#endif + +static struct outgoing_journal_queue outgoing_journal_queue = + TAILQ_HEAD_INITIALIZER(outgoing_journal_queue); + +static struct sudo_event *outgoing_queue_event; + +/* + * Callback that runs when the outgoing queue retry timer fires. + * Tries to relay the first entry in the outgoing queue. + */ +static void +outgoing_queue_cb(int unused, int what, void *v) +{ + struct connection_closure *closure; + struct outgoing_journal *oj, *next; + struct sudo_event_base *evbase = v; + bool success = false; + debug_decl(outgoing_queue_cb, SUDO_DEBUG_UTIL); + + /* Must have at least one relay server. */ + if (TAILQ_EMPTY(logsrvd_conf_relay_address())) + debug_return; + + /* Process first journal. */ + TAILQ_FOREACH_SAFE(oj, &outgoing_journal_queue, entries, next) { + FILE *fp; + int fd; + + fd = open(oj->journal_path, O_RDWR); + if (fd == -1) { + if (errno == ENOENT) { + TAILQ_REMOVE(&outgoing_journal_queue, oj, entries); + free(oj->journal_path); + free(oj); + } + continue; + } + if (!sudo_lock_file(fd, SUDO_TLOCK)) { + sudo_warn(U_("unable to lock %s"), oj->journal_path); + close(fd); + continue; + } + fp = fdopen(fd, "r"); + if (fp == NULL) { + sudo_warn(U_("unable to open %s"), oj->journal_path); + close(fd); + break; + } + + /* Allocate a connection closure and fill in journal vars. */ + closure = connection_closure_alloc(fd, false, true, evbase); + if (closure == NULL) { + fclose(fp); + break; + } + closure->journal = fp; + closure->journal_path = oj->journal_path; + + /* Done with oj now, closure owns journal_path. */ + TAILQ_REMOVE(&outgoing_journal_queue, oj, entries); + free(oj); + + success = connect_relay(closure); + if (!success) { + sudo_warnx(U_("unable to connect to relay")); + connection_close(closure); + } + break; + } +} + +/* + * Schedule the outgoing_queue_event, creating it as necessary. + * The event will fire after the specified timeout elapses. + */ +bool +logsrvd_queue_enable(time_t timeout, struct sudo_event_base *evbase) +{ + debug_decl(logsrvd_queue_enable, SUDO_DEBUG_UTIL); + + if (!TAILQ_EMPTY(&outgoing_journal_queue)) { + struct timespec tv = { timeout, 0 }; + + if (outgoing_queue_event == NULL) { + outgoing_queue_event = sudo_ev_alloc(-1, SUDO_EV_TIMEOUT, + outgoing_queue_cb, evbase); + if (outgoing_queue_event == NULL) { + sudo_warnx(U_("%s: %s"), __func__, + U_("unable to allocate memory")); + debug_return_bool(false); + } + } + if (sudo_ev_add(evbase, outgoing_queue_event, &tv, false) == -1) { + sudo_warnx("%s", U_("unable to add event to queue")); + debug_return_bool(false); + } + } + debug_return_bool(true); +} + +/* + * Allocate a queue item based on the connection and push it on + * the outgoing queue. + * Consumes journal_path from the closure. + */ +bool +logsrvd_queue_insert(struct connection_closure *closure) +{ + struct outgoing_journal *oj; + debug_decl(logsrvd_queue_insert, SUDO_DEBUG_UTIL); + + if (closure->journal_path == NULL) { + sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO, + "missing journal_path for closure %p", closure); + debug_return_bool(false); + } + + if ((oj = malloc(sizeof(*oj))) == NULL) { + sudo_warnx(U_("%s: %s"), __func__, U_("unable to allocate memory")); + debug_return_bool(false); + } + oj->journal_path = closure->journal_path; + closure->journal_path = NULL; + TAILQ_INSERT_TAIL(&outgoing_journal_queue, oj, entries); + + if (!logsrvd_queue_enable(logsrvd_conf_relay_retry_interval(), + closure->evbase)) + debug_return_bool(false); + + debug_return_bool(true); +} + +/* + * Scan the outgoing queue at startup and populate the + * outgoing_journal_queue. + */ +bool +logsrvd_queue_scan(struct sudo_event_base *evbase) +{ + char path[PATH_MAX]; + struct dirent *dent; + size_t prefix_len; + int dirlen; + DIR *dirp; + debug_decl(logsrvd_queue_scan, SUDO_DEBUG_UTIL); + + /* Must have at least one relay server. */ + if (TAILQ_EMPTY(logsrvd_conf_relay_address())) + debug_return_bool(true); + + dirlen = snprintf(path, sizeof(path), "%s/outgoing/%s", + logsrvd_conf_relay_dir(), RELAY_TEMPLATE); + if (dirlen >= ssizeof(path)) { + errno = ENAMETOOLONG; + sudo_warn("%s/outgoing/%s", logsrvd_conf_relay_dir(), RELAY_TEMPLATE); + debug_return_bool(false); + } + dirlen -= sizeof(RELAY_TEMPLATE) - 1; + path[dirlen] = '\0'; + + dirp = opendir(path); + if (dirp == NULL) { + sudo_warn("opendir %s", path); + debug_return_bool(false); + } + prefix_len = strcspn(RELAY_TEMPLATE, "X"); + while ((dent = readdir(dirp)) != NULL) { + struct outgoing_journal *oj; + + /* Skip anything that is not a relay temp file. */ + if (NAMLEN(dent) != sizeof(RELAY_TEMPLATE) - 1) + continue; + if (strncmp(dent->d_name, RELAY_TEMPLATE, prefix_len) != 0) + continue; + + /* Add to queue. */ + path[dirlen] = '\0'; + if (strlcat(path, dent->d_name, sizeof(path)) >= sizeof(path)) + continue; + if ((oj = malloc(sizeof(*oj))) == NULL) + goto oom; + if ((oj->journal_path = strdup(path)) == NULL) { + free(oj); + goto oom; + } + TAILQ_INSERT_TAIL(&outgoing_journal_queue, oj, entries); + } + closedir(dirp); + + /* Process the queue immediately. */ + if (!logsrvd_queue_enable(0, evbase)) + debug_return_bool(false); + + debug_return_bool(true); +oom: + sudo_warnx(U_("%s: %s"), __func__, U_("unable to allocate memory")); + closedir(dirp); + debug_return_bool(false); +} + +/* + * Dump outgoing queue in response to SIGUSR1. + */ +void +logsrvd_queue_dump(void) +{ + struct outgoing_journal *oj; + debug_decl(logsrvd_queue_dump, SUDO_DEBUG_UTIL); + + if (TAILQ_EMPTY(&outgoing_journal_queue)) + debug_return; + + sudo_debug_printf(SUDO_DEBUG_INFO, "outgoing journal queue:"); + TAILQ_FOREACH(oj, &outgoing_journal_queue, entries) { + sudo_debug_printf(SUDO_DEBUG_INFO, " %s", oj->journal_path); + } +} diff -Nru sudo-1.9.5p2/logsrvd/logsrvd_relay.c sudo-1.9.9/logsrvd/logsrvd_relay.c --- sudo-1.9.5p2/logsrvd/logsrvd_relay.c 1970-01-01 00:00:00.000000000 +0000 +++ sudo-1.9.9/logsrvd/logsrvd_relay.c 2022-01-27 21:24:22.000000000 +0000 @@ -0,0 +1,1245 @@ +/* + * SPDX-License-Identifier: ISC + * + * Copyright (c) 2019-2021 Todd C. Miller + * + * Permission to use, copy, modify, and distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR + * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN + * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF + * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + */ + +#include "config.h" + +#include +#include +#include +#include +#include +#include + +#include +#include +#include +#ifdef HAVE_STDBOOL_H +# include +#else +# include "compat/stdbool.h" +#endif /* HAVE_STDBOOL_H */ +#if defined(HAVE_STDINT_H) +# include +#elif defined(HAVE_INTTYPES_H) +# include +#endif +#include +#include +#include +#include +#include + +#define NEED_INET_NTOP /* to expose sudo_inet_ntop in sudo_compat.h */ + +#include "sudo_compat.h" +#include "sudo_debug.h" +#include "sudo_event.h" +#include "sudo_eventlog.h" +#include "sudo_gettext.h" +#include "sudo_iolog.h" +#include "sudo_fatal.h" +#include "sudo_queue.h" +#include "sudo_util.h" + +#include "logsrvd.h" + +static void relay_client_msg_cb(int fd, int what, void *v); +static void relay_server_msg_cb(int fd, int what, void *v); +static void connect_cb(int sock, int what, void *v); +static bool start_relay(int sock, struct connection_closure *closure); + +/* + * Free a struct relay_closure container and its contents. + */ +void +relay_closure_free(struct relay_closure *relay_closure) +{ + struct connection_buffer *buf; + debug_decl(relay_closure_free, SUDO_DEBUG_UTIL); + +#if defined(HAVE_OPENSSL) + if (relay_closure->tls_client.ssl != NULL) { + sudo_debug_printf(SUDO_DEBUG_INFO|SUDO_DEBUG_LINENO, + "closing down TLS connection to %s", + relay_closure->relay_name.name); + if (SSL_shutdown(relay_closure->tls_client.ssl) == 0) + SSL_shutdown(relay_closure->tls_client.ssl); + SSL_free(relay_closure->tls_client.ssl); + } +#endif + if (relay_closure->relays != NULL) + address_list_delref(relay_closure->relays); + sudo_rcstr_delref(relay_closure->relay_name.name); + sudo_ev_free(relay_closure->read_ev); + sudo_ev_free(relay_closure->write_ev); + sudo_ev_free(relay_closure->connect_ev); + free(relay_closure->read_buf.data); + while ((buf = TAILQ_FIRST(&relay_closure->write_bufs)) != NULL) { + TAILQ_REMOVE(&relay_closure->write_bufs, buf, entries); + free(buf->data); + free(buf); + } + if (relay_closure->sock != -1) { + shutdown(relay_closure->sock, SHUT_RDWR); + close(relay_closure->sock); + } + free(relay_closure); + + debug_return; +} + +/* + * Allocate a relay closure. + * Note that allocation of the events is deferred until we know the socket. + */ +static struct relay_closure * +relay_closure_alloc(void) +{ + struct relay_closure *relay_closure; + debug_decl(relay_closure_alloc, SUDO_DEBUG_UTIL); + + if ((relay_closure = calloc(1, sizeof(*relay_closure))) == NULL) + debug_return_ptr(NULL); + + /* We take a reference to relays so it doesn't change while connecting. */ + relay_closure->sock = -1; + relay_closure->relays = logsrvd_conf_relay_address(); + address_list_addref(relay_closure->relays); + TAILQ_INIT(&relay_closure->write_bufs); + + relay_closure->read_buf.size = 8 * 1024; + relay_closure->read_buf.data = malloc(relay_closure->read_buf.size); + if (relay_closure->read_buf.data == NULL) + goto bad; + + debug_return_ptr(relay_closure); +bad: + relay_closure_free(relay_closure); + debug_return_ptr(NULL); +} + +/* + * Allocate a new buffer, copy buf to it and insert on the write queue. + * On success the relay write event is enabled. + * The length parameter does not include space for the message's wire size. + */ +static bool +relay_enqueue_write(uint8_t *msgbuf, size_t len, + struct connection_closure *closure) +{ + struct relay_closure *relay_closure = closure->relay_closure; + struct connection_buffer *buf; + uint32_t msg_len; + bool ret = false; + debug_decl(relay_enqueue_write, SUDO_DEBUG_UTIL); + + /* Wire message size is used for length encoding, precedes message. */ + msg_len = htonl((uint32_t)len); + + sudo_debug_printf(SUDO_DEBUG_INFO|SUDO_DEBUG_LINENO, + "size + client message %zu bytes", len); + + if ((buf = get_free_buf(sizeof(msg_len) + len, closure)) == NULL) { + sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO, + "unable to allocate connection_buffer"); + goto done; + } + memcpy(buf->data, &msg_len, sizeof(msg_len)); + memcpy(buf->data + sizeof(msg_len), msgbuf, len); + buf->len = sizeof(msg_len) + len; + + if (sudo_ev_add(closure->evbase, relay_closure->write_ev, NULL, false) == -1) { + sudo_warnx("%s", U_("unable to add event to queue")); + goto done; + } + + TAILQ_INSERT_TAIL(&relay_closure->write_bufs, buf, entries); + buf = NULL; + + ret = true; + +done: + if (buf != NULL) { + free(buf->data); + free(buf); + } + debug_return_bool(ret); +} + +/* + * Format a ClientMessage and store the wire format message in buf. + * Returns true on success, false on failure. + */ +static bool +fmt_client_message(struct connection_closure *closure, ClientMessage *msg) +{ + struct relay_closure *relay_closure = closure->relay_closure; + struct connection_buffer *buf = NULL; + uint32_t msg_len; + bool ret = false; + size_t len; + debug_decl(fmt_client_message, SUDO_DEBUG_UTIL); + + len = client_message__get_packed_size(msg); + if (len > MESSAGE_SIZE_MAX) { + sudo_warnx(U_("client message too large: %zu"), len); + goto done; + } + + /* Wire message size is used for length encoding, precedes message. */ + msg_len = htonl((uint32_t)len); + len += sizeof(msg_len); + + sudo_debug_printf(SUDO_DEBUG_INFO|SUDO_DEBUG_LINENO, + "size + client message %zu bytes", len); + + if ((buf = get_free_buf(len, closure)) == NULL) { + sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO, + "unable to allocate connection_buffer"); + goto done; + } + memcpy(buf->data, &msg_len, sizeof(msg_len)); + client_message__pack(msg, buf->data + sizeof(msg_len)); + buf->len = len; + TAILQ_INSERT_TAIL(&relay_closure->write_bufs, buf, entries); + + ret = true; + +done: + debug_return_bool(ret); +} + +static bool +fmt_client_hello(struct connection_closure *closure) +{ + struct relay_closure *relay_closure = closure->relay_closure; + ClientMessage client_msg = CLIENT_MESSAGE__INIT; + ClientHello hello_msg = CLIENT_HELLO__INIT; + bool ret; + debug_decl(fmt_client_hello, SUDO_DEBUG_UTIL); + + sudo_debug_printf(SUDO_DEBUG_INFO, "%s: sending ClientHello", __func__); + hello_msg.client_id = "Sudo Logsrvd " PACKAGE_VERSION; + + client_msg.u.hello_msg = &hello_msg; + client_msg.type_case = CLIENT_MESSAGE__TYPE_HELLO_MSG; + ret = fmt_client_message(closure, &client_msg); + if (ret) { + if (sudo_ev_add(closure->evbase, relay_closure->read_ev, NULL, false) == -1) { + sudo_warnx("%s", U_("unable to add event to queue")); + ret = false; + } + if (sudo_ev_add(closure->evbase, relay_closure->write_ev, NULL, false) == -1) { + sudo_warnx("%s", U_("unable to add event to queue")); + ret = false; + } + } + + debug_return_bool(ret); +} + +#if defined(HAVE_OPENSSL) +/* Wrapper for start_relay() called via tls_connect_cb() */ +static bool +tls_client_start_fn(struct tls_client_closure *tls_client) +{ + sudo_ev_free(tls_client->tls_connect_ev); + tls_client->tls_connect_ev = NULL; + return start_relay(SSL_get_fd(tls_client->ssl), tls_client->parent_closure); +} + +/* Perform TLS connection to the relay host. */ +static bool +connect_relay_tls(struct connection_closure *closure) +{ + struct tls_client_closure *tls_client = &closure->relay_closure->tls_client; + SSL_CTX *ssl_ctx = logsrvd_relay_tls_ctx(); + debug_decl(connect_relay_tls, SUDO_DEBUG_UTIL); + + /* Populate struct tls_client_closure. */ + tls_client->parent_closure = closure; + tls_client->evbase = closure->evbase; + tls_client->tls_connect_ev = sudo_ev_alloc(closure->relay_closure->sock, + SUDO_EV_WRITE, tls_connect_cb, tls_client); + if (tls_client->tls_connect_ev == NULL) + goto bad; + tls_client->peer_name = &closure->relay_closure->relay_name; + tls_client->connect_timeout = *logsrvd_conf_relay_connect_timeout(); + tls_client->start_fn = tls_client_start_fn; + if (!tls_ctx_client_setup(ssl_ctx, closure->relay_closure->sock, tls_client)) + goto bad; + + debug_return_bool(true); +bad: + debug_return_bool(false); +} +#endif /* HAVE_OPENSSL */ + +/* + * Try to connect to the next relay host. + * Returns 0 on success, -1 on error, setting errno. + * If there is no next relay, errno is set to ENOENT. + */ +int +connect_relay_next(struct connection_closure *closure) +{ + struct relay_closure *relay_closure = closure->relay_closure; + struct server_address *relay; + int ret, sock = -1; + char *addr; + debug_decl(connect_relay_next, SUDO_DEBUG_UTIL); + + /* Get next relay or return ENOENT none are left. */ + if (relay_closure->relay_addr != NULL) { + relay = TAILQ_NEXT(relay_closure->relay_addr, entries); + } else { + relay = TAILQ_FIRST(relay_closure->relays); + } + if (relay == NULL) { + errno = ENOENT; + goto bad; + } + relay_closure->relay_addr = relay; + + sock = socket(relay->sa_un.sa.sa_family, SOCK_STREAM, 0); + if (sock == -1) { + sudo_warn("socket"); + goto bad; + } + if (logsrvd_conf_relay_tcp_keepalive()) { + int keepalive = 1; + if (setsockopt(sock, SOL_SOCKET, SO_KEEPALIVE, &keepalive, + sizeof(keepalive)) == -1) { + sudo_warn("SO_KEEPALIVE"); + } + } + ret = fcntl(sock, F_GETFL, 0); + if (ret == -1 || fcntl(sock, F_SETFL, ret | O_NONBLOCK) == -1) { + sudo_warn("fcntl(O_NONBLOCK)"); + goto bad; + } + + ret = connect(sock, &relay->sa_un.sa, relay->sa_size); + if (ret == -1 && errno != EINPROGRESS) + goto bad; + + switch (relay->sa_un.sa.sa_family) { + case AF_INET: + addr = (char *)&relay->sa_un.sin.sin_addr; + break; + case AF_INET6: + addr = (char *)&relay->sa_un.sin6.sin6_addr; + break; + default: + errno = EAFNOSUPPORT; + sudo_warn("connect"); + goto bad; + } + inet_ntop(relay->sa_un.sa.sa_family, addr, + relay_closure->relay_name.ipaddr, + sizeof(relay_closure->relay_name.ipaddr)); + relay_closure->relay_name.name = sudo_rcstr_addref(relay->sa_host); + + if (ret == 0) { + if (relay_closure->sock != -1) { + shutdown(relay_closure->sock, SHUT_RDWR); + close(relay_closure->sock); + } + relay_closure->sock = sock; +#if defined(HAVE_OPENSSL) + /* Relay connection succeeded, start TLS handshake. */ + if (relay_closure->relay_addr->tls) { + if (!connect_relay_tls(closure)) + goto bad; + } else +#endif + { + /* Connection succeeded without blocking. */ + if (!start_relay(sock, closure)) + goto bad; + } + } else { + /* Connection will be completed in connect_cb(). */ + relay_closure->connect_ev = sudo_ev_alloc(sock, SUDO_EV_WRITE, + connect_cb, closure); + if (relay_closure->connect_ev == NULL) + goto bad; + if (sudo_ev_add(closure->evbase, relay_closure->connect_ev, + logsrvd_conf_relay_connect_timeout(), false) == -1) { + sudo_warnx("%s", U_("unable to add event to queue")); + goto bad; + } + if (relay_closure->sock != -1) { + shutdown(relay_closure->sock, SHUT_RDWR); + close(relay_closure->sock); + } + relay_closure->sock = sock; + closure->state = CONNECTING; + } + debug_return_int(ret); + +bad: + /* Connection or system error. */ + if (sock != -1) { + shutdown(sock, SHUT_RDWR); + close(sock); + } + sudo_rcstr_delref(relay_closure->relay_name.name); + relay_closure->relay_name.name = NULL; + sudo_ev_free(relay_closure->connect_ev); + relay_closure->connect_ev = NULL; + debug_return_int(-1); +} + +static void +connect_cb(int sock, int what, void *v) +{ + struct connection_closure *closure = v; + struct relay_closure *relay_closure = closure->relay_closure; + int errnum, optval, ret; + socklen_t optlen = sizeof(optval); + debug_decl(connect_cb, SUDO_DEBUG_UTIL); + + if (what == SUDO_EV_TIMEOUT) { + errnum = ETIMEDOUT; + } else { + ret = getsockopt(sock, SOL_SOCKET, SO_ERROR, &optval, &optlen); + errnum = ret == 0 ? optval : errno; + } + if (errnum == 0) { + closure->state = INITIAL; +#if defined(HAVE_OPENSSL) + /* Relay connection succeeded, start TLS handshake. */ + if (relay_closure->relay_addr->tls) { + if (!connect_relay_tls(closure)) { + closure->errstr = _("TLS handshake with relay host failed"); + if (!schedule_error_message(closure->errstr, closure)) + connection_close(closure); + } + } else +#endif + { + /* Relay connection succeeded, start talking to the client. */ + if (!start_relay(sock, closure)) { + closure->errstr = _("unable to allocate memory"); + if (!schedule_error_message(closure->errstr, closure)) + connection_close(closure); + } + } + } else { + /* Connection failed, try next relay (if any). */ + int res; + sudo_debug_printf(SUDO_DEBUG_WARN|SUDO_DEBUG_LINENO, + "unable to connect to relay %s (%s): %s", + relay_closure->relay_name.name, relay_closure->relay_name.ipaddr, + strerror(errnum)); + while ((res = connect_relay_next(closure)) == -1) { + if (errno == ENOENT || errno == EINPROGRESS) { + /* Out of relays or connecting asynchronously. */ + break; + } + } + if (res == -1 && errno != EINPROGRESS) { + closure->errstr = _("unable to connect to relay host"); + if (!schedule_error_message(closure->errstr, closure)) + connection_close(closure); + } + } + + debug_return; +} + +/* Connect to the first available relay host. */ +bool +connect_relay(struct connection_closure *closure) +{ + struct relay_closure *relay_closure; + int res; + debug_decl(connect_relay, SUDO_DEBUG_UTIL); + + relay_closure = closure->relay_closure = relay_closure_alloc(); + if (relay_closure == NULL) + debug_return_bool(false); + + while ((res = connect_relay_next(closure)) == -1) { + if (errno == ENOENT || errno == EINPROGRESS) { + /* Out of relays or connecting asynchronously. */ + break; + } + } + + if (res == -1 && errno != EINPROGRESS) + debug_return_bool(false); + + /* Switch to relay client message handlers. */ + closure->cms = &cms_relay; + debug_return_bool(true); +} + +/* + * Respond to a ServerHello message from the relay. + * Returns true on success, false on error. + */ +static bool +handle_server_hello(ServerHello *msg, struct connection_closure *closure) +{ + struct relay_closure *relay_closure = closure->relay_closure; + debug_decl(handle_server_hello, SUDO_DEBUG_UTIL); + + if (closure->state != INITIAL) { + sudo_warnx(U_("unexpected state %d for %s"), closure->state, + relay_closure->relay_name.ipaddr); + closure->errstr = _("state machine error"); + debug_return_bool(false); + } + + /* Check that ServerHello is valid. */ + if (msg->server_id == NULL || msg->server_id[0] == '\0') { + sudo_warnx(U_("%s: invalid ServerHello, missing server_id"), + relay_closure->relay_name.ipaddr); + closure->errstr = _("invalid ServerHello"); + debug_return_bool(false); + } + + sudo_debug_printf(SUDO_DEBUG_INFO|SUDO_DEBUG_LINENO, + "relay server %s (%s) ID %s", relay_closure->relay_name.name, + relay_closure->relay_name.ipaddr, msg->server_id); + + /* TODO: handle redirect */ + + debug_return_bool(true); +} + +/* + * Respond to a CommitPoint message from the relay. + * Returns true on success, false on error. + */ +static bool +handle_commit_point(TimeSpec *commit_point, struct connection_closure *closure) +{ + debug_decl(handle_commit_point, SUDO_DEBUG_UTIL); + + if (closure->state < RUNNING) { + sudo_warnx(U_("unexpected state %d for %s"), closure->state, + closure->relay_closure->relay_name.ipaddr); + closure->errstr = _("state machine error"); + debug_return_bool(false); + } + + /* Pass commit point from relay to client. */ + debug_return_bool(schedule_commit_point(commit_point, closure)); +} + +/* + * Respond to a LogId message from the relay. + * Always returns true. + */ +static bool +handle_log_id(char *id, struct connection_closure *closure) +{ + char *new_id; + bool ret = false; + int len; + debug_decl(handle_log_id, SUDO_DEBUG_UTIL); + + sudo_debug_printf(SUDO_DEBUG_INFO|SUDO_DEBUG_LINENO, + "log ID %s from relay %s (%s)", id, + closure->relay_closure->relay_name.name, + closure->relay_closure->relay_name.ipaddr); + + /* No client connection when replaying a journaled entry. */ + if (closure->write_ev == NULL) + debug_return_bool(true); + + /* Generate a new log ID that includes the relay host. */ + len = asprintf(&new_id, "%s/%s", id, + closure->relay_closure->relay_name.name); + if (len != -1) { + if (fmt_log_id_message(id, closure)) { + if (sudo_ev_add(closure->evbase, closure->write_ev, + logsrvd_conf_relay_timeout(), false) == -1) { + sudo_warnx("%s", U_("unable to add event to queue")); + } else { + ret = true; + } + } + free(new_id); + } + + debug_return_bool(ret); +} + +/* + * Respond to a ServerError message from the relay. + * Always returns false. + */ +static bool +handle_server_error(char *errmsg, struct connection_closure *closure) +{ + struct relay_closure *relay_closure = closure->relay_closure; + debug_decl(handle_server_error, SUDO_DEBUG_UTIL); + + sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO, + "error message received from relay %s (%s): %s", + relay_closure->relay_name.name, relay_closure->relay_name.ipaddr, + errmsg); + + /* Server will drop connection after the error message. */ + sudo_ev_del(closure->evbase, closure->relay_closure->read_ev); + sudo_ev_del(closure->evbase, closure->relay_closure->write_ev); + + if (!schedule_error_message(errmsg, closure)) + debug_return_bool(false); + + debug_return_bool(true); +} + +/* + * Respond to a ServerAbort message from the server. + * Always returns false. + */ +static bool +handle_server_abort(char *errmsg, struct connection_closure *closure) +{ + struct relay_closure *relay_closure = closure->relay_closure; + debug_decl(handle_server_abort, SUDO_DEBUG_UTIL); + + sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO, + "abort message received from relay %s (%s): %s", + relay_closure->relay_name.name, relay_closure->relay_name.ipaddr, + errmsg); + + if (!schedule_error_message(errmsg, closure)) + debug_return_bool(false); + + debug_return_bool(true); +} + +/* + * Respond to a ServerMessage from the relay. + * Returns true on success, false on error. + */ +static bool +handle_server_message(uint8_t *buf, size_t len, struct connection_closure *closure) +{ + ServerMessage *msg; + bool ret = false; + debug_decl(handle_server_message, SUDO_DEBUG_UTIL); + + sudo_debug_printf(SUDO_DEBUG_INFO, "%s: unpacking ServerMessage", __func__); + msg = server_message__unpack(NULL, len, buf); + if (msg == NULL) { + sudo_warnx("unable to unpack %s size %zu", "ServerMessage", len); + debug_return_bool(false); + } + + switch (msg->type_case) { + case SERVER_MESSAGE__TYPE_HELLO: + if ((ret = handle_server_hello(msg->u.hello, closure))) { + /* Relay server said hello, start talking to client. */ + ret = start_protocol(closure); + } + break; + case SERVER_MESSAGE__TYPE_COMMIT_POINT: + ret = handle_commit_point(msg->u.commit_point, closure); + break; + case SERVER_MESSAGE__TYPE_LOG_ID: + ret = handle_log_id(msg->u.log_id, closure); + break; + case SERVER_MESSAGE__TYPE_ERROR: + ret = handle_server_error(msg->u.error, closure); + break; + case SERVER_MESSAGE__TYPE_ABORT: + ret = handle_server_abort(msg->u.abort, closure); + break; + default: + sudo_warnx(U_("unexpected type_case value %d in %s from %s"), + msg->type_case, "ServerMessage", + closure->relay_closure->relay_name.ipaddr); + closure->errstr = _("unrecognized ServerMessage type"); + break; + } + + server_message__free_unpacked(msg, NULL); + debug_return_bool(ret); +} + +/* + * Read and unpack a ServerMessage from the relay (read callback). + */ +static void +relay_server_msg_cb(int fd, int what, void *v) +{ + struct connection_closure *closure = v; + struct relay_closure *relay_closure = closure->relay_closure; + struct connection_buffer *buf = &relay_closure->read_buf; + ssize_t nread; + uint32_t msg_len; + debug_decl(relay_server_msg_cb, SUDO_DEBUG_UTIL); + + /* For TLS we may need to read as part of SSL_write(). */ + if (relay_closure->write_instead_of_read) { + relay_closure->write_instead_of_read = false; + relay_client_msg_cb(fd, what, v); + debug_return; + } + + if (what == SUDO_EV_TIMEOUT) { + sudo_warnx(U_("timed out reading from relay %s (%s)"), + relay_closure->relay_name.name, relay_closure->relay_name.ipaddr); + closure->errstr = _("timeout reading from relay"); + goto send_error; + } + +#if defined(HAVE_OPENSSL) + if (relay_closure->tls_client.ssl != NULL) { + SSL *ssl = relay_closure->tls_client.ssl; + sudo_debug_printf(SUDO_DEBUG_INFO, + "%s: ServerMessage from relay %s (%s) [TLS]", __func__, + relay_closure->relay_name.name, relay_closure->relay_name.ipaddr); + nread = SSL_read(ssl, buf->data + buf->len, buf->size - buf->len); + if (nread <= 0) { + const char *errstr; + int err; + + switch (SSL_get_error(ssl, nread)) { + case SSL_ERROR_ZERO_RETURN: + /* ssl connection shutdown cleanly */ + nread = 0; + break; + case SSL_ERROR_WANT_READ: + /* ssl wants to read more, read event is always active */ + sudo_debug_printf(SUDO_DEBUG_NOTICE|SUDO_DEBUG_LINENO, + "SSL_read returns SSL_ERROR_WANT_READ"); + debug_return; + case SSL_ERROR_WANT_WRITE: + /* ssl wants to write, schedule a write if not pending */ + sudo_debug_printf(SUDO_DEBUG_NOTICE|SUDO_DEBUG_LINENO, + "SSL_read returns SSL_ERROR_WANT_WRITE"); + if (!sudo_ev_pending(relay_closure->write_ev, SUDO_EV_WRITE, NULL)) { + /* Enable a temporary write event. */ + if (sudo_ev_add(closure->evbase, relay_closure->write_ev, NULL, false) == -1) { + sudo_warnx("%s", U_("unable to add event to queue")); + closure->errstr = _("unable to allocate memory"); + goto send_error; + } + relay_closure->temporary_write_event = true; + } + /* Redirect write event to finish SSL_read() */ + relay_closure->read_instead_of_write = true; + debug_return; + case SSL_ERROR_SSL: + /* + * For TLS 1.3, if the cert verify function on the server + * returns an error, OpenSSL will send an internal error + * alert when we read ServerHello. Convert to a more useful + * message and hope that no actual internal error occurs. + */ + err = ERR_get_error(); +#if !defined(HAVE_WOLFSSL) + if (closure->state == INITIAL && + ERR_GET_REASON(err) == SSL_R_TLSV1_ALERT_INTERNAL_ERROR) { + errstr = _("relay host name does not match certificate"); + closure->errstr = errstr; + } else +#endif + { + errstr = ERR_reason_error_string(err); + closure->errstr = _("error reading from relay"); + } + sudo_warnx("%s: SSL_read: %s", + relay_closure->relay_name.ipaddr, errstr); + goto send_error; + case SSL_ERROR_SYSCALL: + if (nread == 0) { + /* EOF, handled below */ + sudo_warnx(U_("EOF from %s without proper TLS shutdown"), + relay_closure->relay_name.ipaddr); + break; + } + sudo_warn("%s: SSL_read", relay_closure->relay_name.ipaddr); + closure->errstr = _("error reading from relay"); + goto send_error; + default: + errstr = ERR_reason_error_string(ERR_get_error()); + sudo_warnx("%s: SSL_read: %s", + relay_closure->relay_name.ipaddr, errstr); + closure->errstr = _("error reading from relay"); + goto send_error; + } + } + } else +#endif + { + sudo_debug_printf(SUDO_DEBUG_INFO, + "%s: ServerMessage from relay %s (%s)", __func__, + relay_closure->relay_name.name, relay_closure->relay_name.ipaddr); + nread = read(fd, buf->data + buf->len, buf->size - buf->len); + } + + sudo_debug_printf(SUDO_DEBUG_INFO, + "%s: received %zd bytes from relay %s (%s)", __func__, nread, + relay_closure->relay_name.name, relay_closure->relay_name.ipaddr); + switch (nread) { + case -1: + if (errno == EAGAIN) + debug_return; + sudo_warn("%s: read", relay_closure->relay_name.ipaddr); + closure->errstr = _("unable to read from relay"); + goto send_error; + case 0: + /* EOF from relay server, close the socket. */ + shutdown(relay_closure->sock, SHUT_RDWR); + close(relay_closure->sock); + relay_closure->sock = -1; + sudo_ev_del(closure->evbase, relay_closure->read_ev); + sudo_ev_del(closure->evbase, relay_closure->write_ev); + + if (closure->state != FINISHED) { + sudo_debug_printf(SUDO_DEBUG_WARN|SUDO_DEBUG_LINENO, + "premature EOF from %s (%s) [state %d]", + relay_closure->relay_name.name, + relay_closure->relay_name.ipaddr, closure->state); + closure->errstr = _("relay server closed connection"); + goto send_error; + } + if (closure->sock == -1) + connection_close(closure); + debug_return; + default: + break; + } + buf->len += nread; + + while (buf->len - buf->off >= sizeof(msg_len)) { + /* Read wire message size (uint32_t in network byte order). */ + memcpy(&msg_len, buf->data + buf->off, sizeof(msg_len)); + msg_len = ntohl(msg_len); + + if (msg_len > MESSAGE_SIZE_MAX) { + sudo_warnx(U_("server message too large: %zu"), (size_t)msg_len); + closure->errstr = _("server message too large"); + goto send_error; + } + + if (msg_len + sizeof(msg_len) > buf->len - buf->off) { + /* Incomplete message, we'll read the rest next time. */ + if (!expand_buf(buf, msg_len + sizeof(msg_len))) { + closure->errstr = _("unable to allocate memory"); + goto send_error; + } + debug_return; + } + + /* Parse ServerMessage (could be zero bytes). */ + sudo_debug_printf(SUDO_DEBUG_INFO, + "%s: parsing ServerMessage, size %u", __func__, msg_len); + buf->off += sizeof(msg_len); + if (!handle_server_message(buf->data + buf->off, msg_len, closure)) + goto send_error; + buf->off += msg_len; + } + buf->len -= buf->off; + buf->off = 0; + debug_return; + +send_error: + /* + * Try to send client an error message before closing connection. + * If we are already in an error state, just give up. + */ + if (!schedule_error_message(closure->errstr, closure)) + goto close_connection; + debug_return; + +close_connection: + connection_close(closure); + debug_return; +} + +/* + * Forward a ClientMessage to the relay (write callback). + */ +static void +relay_client_msg_cb(int fd, int what, void *v) +{ + struct connection_closure *closure = v; + struct relay_closure *relay_closure = closure->relay_closure; + struct connection_buffer *buf; + ssize_t nwritten; + debug_decl(relay_client_msg_cb, SUDO_DEBUG_UTIL); + + /* For TLS we may need to write as part of SSL_read(). */ + if (relay_closure->read_instead_of_write) { + relay_closure->read_instead_of_write = false; + /* Delete write event if it was only due to SSL_read(). */ + if (relay_closure->temporary_write_event) { + relay_closure->temporary_write_event = false; + sudo_ev_del(closure->evbase, relay_closure->write_ev); + } + relay_server_msg_cb(fd, what, v); + debug_return; + } + + if (what == SUDO_EV_TIMEOUT) { + sudo_warnx(U_("timed out writing to relay %s (%s)"), + relay_closure->relay_name.name, relay_closure->relay_name.ipaddr); + closure->errstr = _("timeout writing to relay"); + goto send_error; + } + + if ((buf = TAILQ_FIRST(&relay_closure->write_bufs)) == NULL) { + sudo_warnx(U_("missing write buffer for client %s"), + relay_closure->relay_name.ipaddr); + goto close_connection; + } + + sudo_debug_printf(SUDO_DEBUG_INFO, "%s: sending %u bytes to server %s (%s)", + __func__, buf->len - buf->off, relay_closure->relay_name.name, + relay_closure->relay_name.ipaddr); + +#if defined(HAVE_OPENSSL) + if (relay_closure->tls_client.ssl != NULL) { + SSL *ssl = relay_closure->tls_client.ssl; + nwritten = SSL_write(ssl, buf->data + buf->off, buf->len - buf->off); + if (nwritten <= 0) { + const char *errstr; + + switch (SSL_get_error(ssl, nwritten)) { + case SSL_ERROR_ZERO_RETURN: + /* ssl connection shutdown cleanly */ + shutdown(relay_closure->sock, SHUT_RDWR); + close(relay_closure->sock); + relay_closure->sock = -1; + sudo_ev_del(closure->evbase, relay_closure->read_ev); + sudo_ev_del(closure->evbase, relay_closure->write_ev); + + if (closure->state != FINISHED) { + sudo_debug_printf(SUDO_DEBUG_WARN|SUDO_DEBUG_LINENO, + "premature EOF from %s (state %d)", + relay_closure->relay_name.ipaddr, closure->state); + closure->errstr = _("relay server closed connection"); + goto send_error; + } + debug_return; + case SSL_ERROR_WANT_READ: + /* ssl wants to read, read event always active */ + sudo_debug_printf(SUDO_DEBUG_NOTICE|SUDO_DEBUG_LINENO, + "SSL_write returns SSL_ERROR_WANT_READ"); + /* Redirect read event to finish SSL_write() */ + relay_closure->write_instead_of_read = true; + debug_return; + case SSL_ERROR_WANT_WRITE: + /* ssl wants to write more, write event remains active */ + sudo_debug_printf(SUDO_DEBUG_NOTICE|SUDO_DEBUG_LINENO, + "SSL_write returns SSL_ERROR_WANT_WRITE"); + debug_return; + case SSL_ERROR_SYSCALL: + sudo_warn("%s: SSL_write", + relay_closure->relay_name.ipaddr); + closure->errstr = _("error writing to relay"); + goto send_error; + default: + errstr = ERR_reason_error_string(ERR_get_error()); + sudo_warnx("%s: SSL_write: %s", + relay_closure->relay_name.ipaddr, errstr); + closure->errstr = _("error writing to relay"); + goto send_error; + } + } + } else +#endif + { + nwritten = write(fd, buf->data + buf->off, buf->len - buf->off); + if (nwritten == -1) { + sudo_warn("%s: write", relay_closure->relay_name.ipaddr); + closure->errstr = _("error writing to relay"); + goto send_error; + } + } + buf->off += nwritten; + + if (buf->off == buf->len) { + /* sent entire message, move buf to free list */ + sudo_debug_printf(SUDO_DEBUG_INFO, + "%s: finished sending %u bytes to server", __func__, buf->len); + buf->off = 0; + buf->len = 0; + TAILQ_REMOVE(&relay_closure->write_bufs, buf, entries); + TAILQ_INSERT_TAIL(&closure->free_bufs, buf, entries); + if (TAILQ_EMPTY(&relay_closure->write_bufs)) + sudo_ev_del(closure->evbase, relay_closure->write_ev); + } + debug_return; + +send_error: + /* + * Try to send client an error message before closing connection. + * If we are already in an error state, just give up. + */ + if (!schedule_error_message(closure->errstr, closure)) + goto close_connection; + debug_return; + +close_connection: + connection_close(closure); + debug_return; +} + +/* Begin the conversation with the relay host. */ +static bool +start_relay(int sock, struct connection_closure *closure) +{ + struct relay_closure *relay_closure = closure->relay_closure; + debug_decl(start_relay, SUDO_DEBUG_UTIL); + + /* No longer need the connect event. */ + sudo_ev_free(relay_closure->connect_ev); + relay_closure->connect_ev = NULL; + + /* Allocate relay read/write events now that we know the socket. */ + relay_closure->read_ev = sudo_ev_alloc(sock, SUDO_EV_READ|SUDO_EV_PERSIST, + relay_server_msg_cb, closure); + relay_closure->write_ev = sudo_ev_alloc(sock, SUDO_EV_WRITE|SUDO_EV_PERSIST, + relay_client_msg_cb, closure); + if (relay_closure->read_ev == NULL || relay_closure->write_ev == NULL) + debug_return_bool(false); + + /* Start communication with the relay server by saying hello. */ + debug_return_bool(fmt_client_hello(closure)); +} + +/* + * Relay an AcceptMessage from the client to the relay server. + */ +static bool +relay_accept(AcceptMessage *msg, uint8_t *buf, size_t len, + struct connection_closure *closure) +{ + struct relay_closure *relay_closure = closure->relay_closure; + const char *source = closure->journal_path ? closure->journal_path : + closure->ipaddr; + debug_decl(relay_accept, SUDO_DEBUG_UTIL); + + sudo_debug_printf(SUDO_DEBUG_INFO, + "%s: relaying AcceptMessage from %s to %s (%s)", __func__, source, + relay_closure->relay_name.name, relay_closure->relay_name.ipaddr); + + debug_return_bool(relay_enqueue_write(buf, len, closure)); +} + +/* + * Relay a RejectMessage from the client to the relay server. + */ +static bool +relay_reject(RejectMessage *msg, uint8_t *buf, size_t len, + struct connection_closure *closure) +{ + struct relay_closure *relay_closure = closure->relay_closure; + const char *source = closure->journal_path ? closure->journal_path : + closure->ipaddr; + debug_decl(relay_reject, SUDO_DEBUG_UTIL); + + sudo_debug_printf(SUDO_DEBUG_INFO, + "%s: relaying RejectMessage from %s to %s (%s)", __func__, source, + relay_closure->relay_name.name, relay_closure->relay_name.ipaddr); + + debug_return_bool(relay_enqueue_write(buf, len, closure)); +} + +/* + * Relay an ExitMessage from the client to the relay server. + */ +static bool +relay_exit(ExitMessage *msg, uint8_t *buf, size_t len, + struct connection_closure *closure) +{ + struct relay_closure *relay_closure = closure->relay_closure; + const char *source = closure->journal_path ? closure->journal_path : + closure->ipaddr; + debug_decl(relay_exit, SUDO_DEBUG_UTIL); + + sudo_debug_printf(SUDO_DEBUG_INFO, + "%s: relaying ExitMessage from %s to %s (%s)", __func__, source, + relay_closure->relay_name.name, relay_closure->relay_name.ipaddr); + + debug_return_bool(relay_enqueue_write(buf, len, closure)); +} + +/* + * Relay a RestartMessage from the client to the relay server. + * We must rebuild the packed message because the log_id is modified. + */ +static bool +relay_restart(RestartMessage *msg, uint8_t *buf, size_t len, + struct connection_closure *closure) +{ + struct relay_closure *relay_closure = closure->relay_closure; + const char *source = closure->journal_path ? closure->journal_path : + closure->ipaddr; + struct sudo_event_base *evbase = closure->evbase; + ClientMessage client_msg = CLIENT_MESSAGE__INIT; + RestartMessage restart_msg = *msg; + char *cp; + bool ret; + debug_decl(relay_restart, SUDO_DEBUG_UTIL); + + sudo_debug_printf(SUDO_DEBUG_INFO, + "%s: relaying RestartMessage from %s to %s (%s)", __func__, source, + relay_closure->relay_name.name, relay_closure->relay_name.ipaddr); + + /* + * We prepend "relayhost/" to the log ID before relaying it to + * the client. Perform the reverse operation before passing the + * log ID to the relay host. + */ + if ((cp = strchr(restart_msg.log_id, '/')) != NULL) { + if (cp != restart_msg.log_id) + restart_msg.log_id = cp + 1; + } + + client_msg.u.restart_msg = &restart_msg; + client_msg.type_case = CLIENT_MESSAGE__TYPE_RESTART_MSG; + ret = fmt_client_message(closure, &client_msg); + if (ret) { + if (sudo_ev_add(evbase, relay_closure->write_ev, NULL, false) == -1) { + sudo_warnx("%s", U_("unable to add event to queue")); + ret = false; + } + } + + debug_return_bool(ret); +} + +/* + * Relay an AlertMessage from the client to the relay server. + */ +static bool +relay_alert(AlertMessage *msg, uint8_t *buf, size_t len, + struct connection_closure *closure) +{ + struct relay_closure *relay_closure = closure->relay_closure; + const char *source = closure->journal_path ? closure->journal_path : + closure->ipaddr; + bool ret; + debug_decl(relay_alert, SUDO_DEBUG_UTIL); + + sudo_debug_printf(SUDO_DEBUG_INFO, + "%s: relaying AlertMessage from %s to %s (%s)", __func__, source, + relay_closure->relay_name.name, relay_closure->relay_name.ipaddr); + + ret = relay_enqueue_write(buf, len, closure); + + debug_return_bool(ret); +} + +/* + * Relay a CommandSuspend from the client to the relay server. + */ +static bool +relay_suspend(CommandSuspend *msg, uint8_t *buf, size_t len, + struct connection_closure *closure) +{ + struct relay_closure *relay_closure = closure->relay_closure; + const char *source = closure->journal_path ? closure->journal_path : + closure->ipaddr; + bool ret; + debug_decl(relay_suspend, SUDO_DEBUG_UTIL); + + sudo_debug_printf(SUDO_DEBUG_INFO, + "%s: relaying CommandSuspend from %s to %s (%s)", __func__, source, + relay_closure->relay_name.name, relay_closure->relay_name.ipaddr); + + ret = relay_enqueue_write(buf, len, closure); + + debug_return_bool(ret); +} + +/* + * Relay a ChangeWindowSize from the client to the relay server. + */ +static bool +relay_winsize(ChangeWindowSize *msg, uint8_t *buf, size_t len, + struct connection_closure *closure) +{ + struct relay_closure *relay_closure = closure->relay_closure; + const char *source = closure->journal_path ? closure->journal_path : + closure->ipaddr; + bool ret; + debug_decl(relay_winsize, SUDO_DEBUG_UTIL); + + sudo_debug_printf(SUDO_DEBUG_INFO, + "%s: relaying ChangeWindowSize from %s to %s (%s)", __func__, source, + relay_closure->relay_name.name, relay_closure->relay_name.ipaddr); + + ret = relay_enqueue_write(buf, len, closure); + + debug_return_bool(ret); +} + +/* + * Relay an IoBuffer from the client to the relay server. + */ +static bool +relay_iobuf(int iofd, IoBuffer *iobuf, uint8_t *buf, size_t len, + struct connection_closure *closure) +{ + struct relay_closure *relay_closure = closure->relay_closure; + const char *source = closure->journal_path ? closure->journal_path : + closure->ipaddr; + bool ret; + debug_decl(relay_iobuf, SUDO_DEBUG_UTIL); + + sudo_debug_printf(SUDO_DEBUG_INFO, + "%s: relaying IoBuffer from %s to %s (%s)", __func__, source, + relay_closure->relay_name.name, relay_closure->relay_name.ipaddr); + + ret = relay_enqueue_write(buf, len, closure); + + debug_return_bool(ret); +} + +/* + * Shutdown relay connection when server is exiting. + */ +bool +relay_shutdown(struct connection_closure *closure) +{ + struct relay_closure *relay_closure = closure->relay_closure; + debug_decl(relay_shutdown, SUDO_DEBUG_UTIL); + + /* Close connection unless relay events are pending. */ + if (!sudo_ev_pending(relay_closure->read_ev, SUDO_EV_READ, NULL) && + !sudo_ev_pending(relay_closure->write_ev, SUDO_EV_WRITE, NULL) && + TAILQ_EMPTY(&relay_closure->write_bufs)) { + connection_close(closure); + } + + debug_return_bool(true); +} + +struct client_message_switch cms_relay = { + relay_accept, + relay_reject, + relay_exit, + relay_restart, + relay_alert, + relay_iobuf, + relay_suspend, + relay_winsize +}; diff -Nru sudo-1.9.5p2/logsrvd/regress/corpus/seed/logsrvd_conf/logsrvd.conf.1 sudo-1.9.9/logsrvd/regress/corpus/seed/logsrvd_conf/logsrvd.conf.1 --- sudo-1.9.5p2/logsrvd/regress/corpus/seed/logsrvd_conf/logsrvd.conf.1 1970-01-01 00:00:00.000000000 +0000 +++ sudo-1.9.9/logsrvd/regress/corpus/seed/logsrvd_conf/logsrvd.conf.1 2022-01-27 21:24:06.000000000 +0000 @@ -0,0 +1,215 @@ +# +# sudo logsrv daemon configuration +# + +[server] +# The host name or IP address and port to listen on with an optional TLS +# flag. If no port is specified, port 30343 will be used for plaintext +# connections and port 30344 will be used to TLS connections. +# The following forms are accepted: +# listen_address = hostname(tls) +# listen_address = hostname:port(tls) +# listen_address = IPv4_address(tls) +# listen_address = IPv4_address:port(tls) +# listen_address = [IPv6_address](tls) +# listen_address = [IPv6_address]:port(tls) +# +# The (tls) suffix should be omitted for plaintext connections. +# +# Multiple listen_address settings may be specified. +# The default is to listen on all addresses. +#listen_address = *:30343 +#listen_address = *:30344(tls) + +# The file containing the ID of the running sudo_logsrvd process. +#pid_file = /var/run/sudo/sudo_logsrvd.pid + +# If true, enable the SO_KEEPALIVE socket option on client connections. +#tcp_keepalive = true + +# The amount of time, in seconds, the server will wait for the client to +# respond. A value of 0 will disable the timeout. The default value is 30. +#timeout = 30 + +# If true, the server certificate will be verified at startup and clients +# will authenticate the server by verifying its certificate and identity. +#tls_verify = true + +# If true, client certificates will be validated by the server; +# clients without a valid certificate will be unable to connect. +# By default, client certs are not checked. +#tls_checkpeer = false + +# Path to a certificate authority bundle file in PEM format to use +# instead of the system's default certificate authority database. +#tls_cacert = /etc/ssl/sudo/cacert.pem + +# Path to the server's certificate file in PEM format. +# Required for TLS connections. +#tls_cert = /etc/ssl/sudo/certs/logsrvd_cert.pem + +# Path to the server's private key file in PEM format. +# Required for TLS connections. +#tls_key = /etc/ssl/sudo/private/logsrvd_key.pem + +# TLS cipher list (see "CIPHER LIST FORMAT" in the openssl-ciphers manual). +# NOTE that this setting is only effective if the negotiated protocol +# is TLS version 1.2. +# The default cipher list is HIGH:!aNULL. +#tls_ciphers_v12 = HIGH:!aNULL + +# TLS cipher list if the negotiated protocol is TLS version 1.3. +# The default cipher list is TLS_AES_256_GCM_SHA384. +#tls_ciphers_v13 = TLS_AES_256_GCM_SHA384 + +# Path to the Diffie-Hellman parameter file in PEM format. +# If not set, the server will use the OpenSSL defaults. +#tls_dhparams = /etc/ssl/sudo/logsrvd_dhparams.pem + +[relay] +# The host name or IP address and port to send logs to in relay mode. +# The syntax is identical to listen_address with the exception of +# the wild card ('*') syntax. When this setting is enabled, logs will +# be relayed to the specified host instead of being stored locally. +# This setting is not enabled by default. +#relay_host = relayhost.dom.ain +#relay_host = relayhost.dom.ain(tls) + +# The amount of time, in seconds, the server will wait for a connection +# to the relay server to complete. A value of 0 will disable the timeout. +# The default value is 30. +#connect_timeout = 30 + +# If true, enable the SO_KEEPALIVE socket option on relay connections. +#tcp_keepalive = true + +# The amount of time, in seconds, the server will wait for the relay to +# respond. A value of 0 will disable the timeout. The default value is 30. +#timeout = 30 + +# If true, the server's relay certificate will be verified at startup. +# The default is to use the value in the [server] section. +#tls_verify = true + +# Whether to verify the relay's certificate for TLS connections. +# The default is to use the value in the [server] section. +#tls_checkpeer = false + +# Path to a certificate authority bundle file in PEM format to use +# instead of the system's default certificate authority database. +# The default is to use the value in the [server] section. +#tls_cacert = /etc/ssl/sudo/cacert.pem + +# Path to the server's certificate file in PEM format. +# The default is to use the certificate in the [server] section. +#tls_cert = /etc/ssl/sudo/certs/logsrvd_cert.pem + +# Path to the server's private key file in PEM format. +# The default is to use the key in the [server] section. +#tls_key = /etc/ssl/sudo/private/logsrvd_key.pem + +# TLS cipher list (see "CIPHER LIST FORMAT" in the openssl-ciphers manual). +# NOTE that this setting is only effective if the negotiated protocol +# is TLS version 1.2. +# The default is to use the value in the [server] section. +#tls_ciphers_v12 = HIGH:!aNULL + +# TLS cipher list if the negotiated protocol is TLS version 1.3. +# The default is to use the value in the [server] section. +#tls_ciphers_v13 = TLS_AES_256_GCM_SHA384 + +# Path to the Diffie-Hellman parameter file in PEM format. +# The default is to use the value in the [server] section. +#tls_dhparams = /etc/ssl/sudo/logsrvd_dhparams.pem + +[iolog] +# The top-level directory to use when constructing the path name for the +# I/O log directory. The session sequence number, if any, is stored here. +#iolog_dir = /var/log/sudo-io + +# The path name, relative to iolog_dir, in which to store I/O logs. +# Note that iolog_file may contain directory components. +#iolog_file = %{seq} + +# If set, I/O logs will be compressed using zlib. Enabling compression can +# make it harder to view the logs in real-time as the program is executing. +#iolog_compress = false + +# If set, I/O log data is flushed to disk after each write instead of +# buffering it. This makes it possible to view the logs in real-time +# as the program is executing but reduces the effectiveness of compression. +#iolog_flush = true + +# The group to use when creating new I/O log files and directories. +# If iolog_group is not set, the primary group-ID of the user specified +# by iolog_user is used. If neither iolog_group nor iolog_user +# are set, I/O log files and directories are created with group-ID 0. +#iolog_group = wheel + +# The user to use when setting the user-ID and group-ID of new I/O +# log files and directories. If iolog_group is set, it will be used +# instead of the user's primary group-ID. By default, I/O log files +# and directories are created with user and group-ID 0. +#iolog_user = root + +# The file mode to use when creating I/O log files. The file permissions +# will always include the owner read and write bits, even if they are +# not present in the specified mode. When creating I/O log directories, +# search (execute) bits are added to match the read and write bits +# specified by iolog_mode. +#iolog_mode = 0600 + +# The maximum sequence number that will be substituted for the "%{seq}" +# escape in the I/O log file. While the value substituted for "%{seq}" +# is in base 36, maxseq itself should be expressed in decimal. Values +# larger than 2176782336 (which corresponds to the base 36 sequence +# number "ZZZZZZ") will be silently truncated to 2176782336. +#maxseq = 2176782336 + +[eventlog] +# Where to log accept, reject and alert events. +# Accepted values are syslog, logfile, or none. +# Defaults to syslog +#log_type = syslog + +# Event log format. +# Supported log formats are "sudo" and "json" +# Defaults to sudo +#log_format = sudo + +[syslog] +# The maximum length of a syslog payload. +# On many systems, syslog(3) has a relatively small log buffer. +# IETF RFC 5424 states that syslog servers must support messages +# of at least 480 bytes and should support messages up to 2048 bytes. +# Messages larger than this value will be split into multiple messages. +#maxlen = 960 + +# The syslog facility to use for event log messages. +# The following syslog facilities are supported: authpriv (if your OS +# supports it), auth, daemon, user, local0, local1, local2, local3, +# local4, local5, local6, and local7. +#facility = authpriv + +# Syslog priority to use for event log accept messages, when the command +# is allowed by the security policy. The following syslog priorities are +# supported: alert, crit, debug, emerg, err, info, notice, warning, none. +#accept_priority = notice + +# Syslog priority to use for event log reject messages, when the command +# is not allowed by the security policy. +#reject_priority = alert + +# Syslog priority to use for event log alert messages reported by the +# client. +#alert_priority = alert + +[logfile] +# The path to the file-based event log. +# This path must be fully-qualified and start with a '/' character. +#path = /var/log/sudo + +# The format string used when formatting the date and time for +# file-based event logs. Formatting is performed via strftime(3) so +# any format string supported by that function is allowed. +#time_format = %h %e %T diff -Nru sudo-1.9.5p2/logsrvd/regress/corpus/seed/logsrvd_conf/logsrvd.conf.2 sudo-1.9.9/logsrvd/regress/corpus/seed/logsrvd_conf/logsrvd.conf.2 --- sudo-1.9.5p2/logsrvd/regress/corpus/seed/logsrvd_conf/logsrvd.conf.2 1970-01-01 00:00:00.000000000 +0000 +++ sudo-1.9.9/logsrvd/regress/corpus/seed/logsrvd_conf/logsrvd.conf.2 2022-01-27 21:24:06.000000000 +0000 @@ -0,0 +1,216 @@ +# +# sudo logsrv daemon configuration +# + +[server] +# The host name or IP address and port to listen on with an optional TLS +# flag. If no port is specified, port 30343 will be used for plaintext +# connections and port 30344 will be used to TLS connections. +# The following forms are accepted: +# listen_address = hostname(tls) +# listen_address = hostname:port(tls) +# listen_address = IPv4_address(tls) +# listen_address = IPv4_address:port(tls) +# listen_address = [IPv6_address](tls) +# listen_address = [IPv6_address]:port(tls) +# +# The (tls) suffix should be omitted for plaintext connections. +# +# Multiple listen_address settings may be specified. +# The default is to listen on all addresses. +#listen_address = *:30343 +listen_address = *:30344(tls) + +# The file containing the ID of the running sudo_logsrvd process. +pid_file = /var/run/sudo/sudo_logsrvd.pid + +# If true, enable the SO_KEEPALIVE socket option on client connections. +tcp_keepalive = true + +# The amount of time, in seconds, the server will wait for the client to +# respond. A value of 0 will disable the timeout. The default value is 30. +timeout = 30 + +# If true, the server certificate will be verified at startup and clients +# will authenticate the server by verifying its certificate and identity. +tls_verify = true + +# If true, client certificates will be validated by the server; +# clients without a valid certificate will be unable to connect. +# By default, client certs are not checked. +tls_checkpeer = false + +# Path to a certificate authority bundle file in PEM format to use +# instead of the system's default certificate authority database. +tls_cacert = /etc/ssl/sudo/cacert.pem + +# Path to the server's certificate file in PEM format. +# Required for TLS connections. +tls_cert = /etc/ssl/sudo/certs/logsrvd_cert.pem + +# Path to the server's private key file in PEM format. +# Required for TLS connections. +tls_key = /etc/ssl/sudo/private/logsrvd_key.pem + +# TLS cipher list (see "CIPHER LIST FORMAT" in the openssl-ciphers manual). +# NOTE that this setting is only effective if the negotiated protocol +# is TLS version 1.2. +# The default cipher list is HIGH:!aNULL. +tls_ciphers_v12 = HIGH:!aNULL + +# TLS cipher list if the negotiated protocol is TLS version 1.3. +# The default cipher list is TLS_AES_256_GCM_SHA384. +tls_ciphers_v13 = TLS_AES_256_GCM_SHA384 + +# Path to the Diffie-Hellman parameter file in PEM format. +# If not set, the server will use the OpenSSL defaults. +tls_dhparams = /etc/ssl/sudo/logsrvd_dhparams.pem + +[relay] +# The host name or IP address and port to send logs to in relay mode. +# The syntax is identical to listen_address with the exception of +# the wild card ('*') syntax. When this setting is enabled, logs will +# be relayed to the specified host instead of being stored locally. +# This setting is not enabled by default. +#relay_host = relayhost.dom.ain +#relay_host = relayhost.dom.ain(tls) +relay_host = localhost(tls) + +# The amount of time, in seconds, the server will wait for a connection +# to the relay server to complete. A value of 0 will disable the timeout. +# The default value is 30. +connect_timeout = 30 + +# If true, enable the SO_KEEPALIVE socket option on relay connections. +tcp_keepalive = true + +# The amount of time, in seconds, the server will wait for the relay to +# respond. A value of 0 will disable the timeout. The default value is 30. +timeout = 30 + +# If true, the server's relay certificate will be verified at startup. +# The default is to use the value in the [server] section. +#tls_verify = true + +# Whether to verify the relay's certificate for TLS connections. +# The default is to use the value in the [server] section. +#tls_checkpeer = false + +# Path to a certificate authority bundle file in PEM format to use +# instead of the system's default certificate authority database. +# The default is to use the value in the [server] section. +#tls_cacert = /etc/ssl/sudo/cacert.pem + +# Path to the server's certificate file in PEM format. +# The default is to use the certificate in the [server] section. +#tls_cert = /etc/ssl/sudo/certs/logsrvd_cert.pem + +# Path to the server's private key file in PEM format. +# The default is to use the key in the [server] section. +#tls_key = /etc/ssl/sudo/private/logsrvd_key.pem + +# TLS cipher list (see "CIPHER LIST FORMAT" in the openssl-ciphers manual). +# NOTE that this setting is only effective if the negotiated protocol +# is TLS version 1.2. +# The default is to use the value in the [server] section. +#tls_ciphers_v12 = HIGH:!aNULL + +# TLS cipher list if the negotiated protocol is TLS version 1.3. +# The default is to use the value in the [server] section. +#tls_ciphers_v13 = TLS_AES_256_GCM_SHA384 + +# Path to the Diffie-Hellman parameter file in PEM format. +# The default is to use the value in the [server] section. +#tls_dhparams = /etc/ssl/sudo/logsrvd_dhparams.pem + +[iolog] +# The top-level directory to use when constructing the path name for the +# I/O log directory. The session sequence number, if any, is stored here. +iolog_dir = /var/log/sudo-io + +# The path name, relative to iolog_dir, in which to store I/O logs. +# Note that iolog_file may contain directory components. +iolog_file = %{seq} + +# If set, I/O logs will be compressed using zlib. Enabling compression can +# make it harder to view the logs in real-time as the program is executing. +iolog_compress = false + +# If set, I/O log data is flushed to disk after each write instead of +# buffering it. This makes it possible to view the logs in real-time +# as the program is executing but reduces the effectiveness of compression. +iolog_flush = true + +# The group to use when creating new I/O log files and directories. +# If iolog_group is not set, the primary group-ID of the user specified +# by iolog_user is used. If neither iolog_group nor iolog_user +# are set, I/O log files and directories are created with group-ID 0. +iolog_group = wheel + +# The user to use when setting the user-ID and group-ID of new I/O +# log files and directories. If iolog_group is set, it will be used +# instead of the user's primary group-ID. By default, I/O log files +# and directories are created with user and group-ID 0. +iolog_user = root + +# The file mode to use when creating I/O log files. The file permissions +# will always include the owner read and write bits, even if they are +# not present in the specified mode. When creating I/O log directories, +# search (execute) bits are added to match the read and write bits +# specified by iolog_mode. +iolog_mode = 0600 + +# The maximum sequence number that will be substituted for the "%{seq}" +# escape in the I/O log file. While the value substituted for "%{seq}" +# is in base 36, maxseq itself should be expressed in decimal. Values +# larger than 2176782336 (which corresponds to the base 36 sequence +# number "ZZZZZZ") will be silently truncated to 2176782336. +maxseq = 2176782336 + +[eventlog] +# Where to log accept, reject and alert events. +# Accepted values are syslog, logfile, or none. +# Defaults to syslog +log_type = syslog + +# Event log format. +# Supported log formats are "sudo" and "json" +# Defaults to sudo +log_format = sudo + +[syslog] +# The maximum length of a syslog payload. +# On many systems, syslog(3) has a relatively small log buffer. +# IETF RFC 5424 states that syslog servers must support messages +# of at least 480 bytes and should support messages up to 2048 bytes. +# Messages larger than this value will be split into multiple messages. +maxlen = 960 + +# The syslog facility to use for event log messages. +# The following syslog facilities are supported: authpriv (if your OS +# supports it), auth, daemon, user, local0, local1, local2, local3, +# local4, local5, local6, and local7. +facility = authpriv + +# Syslog priority to use for event log accept messages, when the command +# is allowed by the security policy. The following syslog priorities are +# supported: alert, crit, debug, emerg, err, info, notice, warning, none. +accept_priority = notice + +# Syslog priority to use for event log reject messages, when the command +# is not allowed by the security policy. +reject_priority = alert + +# Syslog priority to use for event log alert messages reported by the +# client. +alert_priority = alert + +[logfile] +# The path to the file-based event log. +# This path must be fully-qualified and start with a '/' character. +path = /var/log/sudo + +# The format string used when formatting the date and time for +# file-based event logs. Formatting is performed via strftime(3) so +# any format string supported by that function is allowed. +time_format = %h %e %T diff -Nru sudo-1.9.5p2/logsrvd/regress/corpus/seed/logsrvd_conf/logsrvd.conf.3 sudo-1.9.9/logsrvd/regress/corpus/seed/logsrvd_conf/logsrvd.conf.3 --- sudo-1.9.5p2/logsrvd/regress/corpus/seed/logsrvd_conf/logsrvd.conf.3 1970-01-01 00:00:00.000000000 +0000 +++ sudo-1.9.9/logsrvd/regress/corpus/seed/logsrvd_conf/logsrvd.conf.3 2022-01-27 21:24:06.000000000 +0000 @@ -0,0 +1,215 @@ +# +# sudo logsrv daemon configuration +# + +[server] +# The host name or IP address and port to listen on with an optional TLS +# flag. If no port is specified, port 30343 will be used for plaintext +# connections and port 30344 will be used to TLS connections. +# The following forms are accepted: +# listen_address = hostname(tls) +# listen_address = hostname:port(tls) +# listen_address = IPv4_address(tls) +# listen_address = IPv4_address:port(tls) +# listen_address = [IPv6_address](tls) +# listen_address = [IPv6_address]:port(tls) +# +# The (tls) suffix should be omitted for plaintext connections. +# +# Multiple listen_address settings may be specified. +# The default is to listen on all addresses. +listen_address = *:30343 +#listen_address = *:30344(tls) + +# The file containing the ID of the running sudo_logsrvd process. +pid_file = /var/run/sudo/sudo_logsrvd.pid + +# If true, enable the SO_KEEPALIVE socket option on client connections. +tcp_keepalive = true + +# The amount of time, in seconds, the server will wait for the client to +# respond. A value of 0 will disable the timeout. The default value is 30. +timeout = 0 + +# If true, the server certificate will be verified at startup and clients +# will authenticate the server by verifying its certificate and identity. +#tls_verify = true + +# If true, client certificates will be validated by the server; +# clients without a valid certificate will be unable to connect. +# By default, client certs are not checked. +#tls_checkpeer = false + +# Path to a certificate authority bundle file in PEM format to use +# instead of the system's default certificate authority database. +#tls_cacert = /etc/ssl/sudo/cacert.pem + +# Path to the server's certificate file in PEM format. +# Required for TLS connections. +#tls_cert = /etc/ssl/sudo/certs/logsrvd_cert.pem + +# Path to the server's private key file in PEM format. +# Required for TLS connections. +#tls_key = /etc/ssl/sudo/private/logsrvd_key.pem + +# TLS cipher list (see "CIPHER LIST FORMAT" in the openssl-ciphers manual). +# NOTE that this setting is only effective if the negotiated protocol +# is TLS version 1.2. +# The default cipher list is HIGH:!aNULL. +#tls_ciphers_v12 = HIGH:!aNULL + +# TLS cipher list if the negotiated protocol is TLS version 1.3. +# The default cipher list is TLS_AES_256_GCM_SHA384. +#tls_ciphers_v13 = TLS_AES_256_GCM_SHA384 + +# Path to the Diffie-Hellman parameter file in PEM format. +# If not set, the server will use the OpenSSL defaults. +#tls_dhparams = /etc/ssl/sudo/logsrvd_dhparams.pem + +[relay] +# The host name or IP address and port to send logs to in relay mode. +# The syntax is identical to listen_address with the exception of +# the wild card ('*') syntax. When this setting is enabled, logs will +# be relayed to the specified host instead of being stored locally. +# This setting is not enabled by default. +#relay_host = relayhost.dom.ain +#relay_host = relayhost.dom.ain(tls) + +# The amount of time, in seconds, the server will wait for a connection +# to the relay server to complete. A value of 0 will disable the timeout. +# The default value is 30. +#connect_timeout = 30 + +# If true, enable the SO_KEEPALIVE socket option on relay connections. +#tcp_keepalive = true + +# The amount of time, in seconds, the server will wait for the relay to +# respond. A value of 0 will disable the timeout. The default value is 30. +#timeout = 30 + +# If true, the server's relay certificate will be verified at startup. +# The default is to use the value in the [server] section. +#tls_verify = true + +# Whether to verify the relay's certificate for TLS connections. +# The default is to use the value in the [server] section. +#tls_checkpeer = false + +# Path to a certificate authority bundle file in PEM format to use +# instead of the system's default certificate authority database. +# The default is to use the value in the [server] section. +#tls_cacert = /etc/ssl/sudo/cacert.pem + +# Path to the server's certificate file in PEM format. +# The default is to use the certificate in the [server] section. +#tls_cert = /etc/ssl/sudo/certs/logsrvd_cert.pem + +# Path to the server's private key file in PEM format. +# The default is to use the key in the [server] section. +#tls_key = /etc/ssl/sudo/private/logsrvd_key.pem + +# TLS cipher list (see "CIPHER LIST FORMAT" in the openssl-ciphers manual). +# NOTE that this setting is only effective if the negotiated protocol +# is TLS version 1.2. +# The default is to use the value in the [server] section. +#tls_ciphers_v12 = HIGH:!aNULL + +# TLS cipher list if the negotiated protocol is TLS version 1.3. +# The default is to use the value in the [server] section. +#tls_ciphers_v13 = TLS_AES_256_GCM_SHA384 + +# Path to the Diffie-Hellman parameter file in PEM format. +# The default is to use the value in the [server] section. +#tls_dhparams = /etc/ssl/sudo/logsrvd_dhparams.pem + +[iolog] +# The top-level directory to use when constructing the path name for the +# I/O log directory. The session sequence number, if any, is stored here. +iolog_dir = /var/log/sudo-io/%{hostname}/%{user} + +# The path name, relative to iolog_dir, in which to store I/O logs. +# Note that iolog_file may contain directory components. +iolog_file = %{seq} + +# If set, I/O logs will be compressed using zlib. Enabling compression can +# make it harder to view the logs in real-time as the program is executing. +iolog_compress = true + +# If set, I/O log data is flushed to disk after each write instead of +# buffering it. This makes it possible to view the logs in real-time +# as the program is executing but reduces the effectiveness of compression. +iolog_flush = false + +# The group to use when creating new I/O log files and directories. +# If iolog_group is not set, the primary group-ID of the user specified +# by iolog_user is used. If neither iolog_group nor iolog_user +# are set, I/O log files and directories are created with group-ID 0. +#iolog_group = sudo + +# The user to use when setting the user-ID and group-ID of new I/O +# log files and directories. If iolog_group is set, it will be used +# instead of the user's primary group-ID. By default, I/O log files +# and directories are created with user and group-ID 0. +#iolog_user = sudo + +# The file mode to use when creating I/O log files. The file permissions +# will always include the owner read and write bits, even if they are +# not present in the specified mode. When creating I/O log directories, +# search (execute) bits are added to match the read and write bits +# specified by iolog_mode. +iolog_mode = 0640 + +# The maximum sequence number that will be substituted for the "%{seq}" +# escape in the I/O log file. While the value substituted for "%{seq}" +# is in base 36, maxseq itself should be expressed in decimal. Values +# larger than 2176782336 (which corresponds to the base 36 sequence +# number "ZZZZZZ") will be silently truncated to 2176782336. +maxseq = 999999999 + +[eventlog] +# Where to log accept, reject and alert events. +# Accepted values are syslog, logfile, or none. +# Defaults to syslog +log_type = logfile + +# Event log format. +# Supported log formats are "sudo" and "json" +# Defaults to sudo +log_format = json + +[syslog] +# The maximum length of a syslog payload. +# On many systems, syslog(3) has a relatively small log buffer. +# IETF RFC 5424 states that syslog servers must support messages +# of at least 480 bytes and should support messages up to 2048 bytes. +# Messages larger than this value will be split into multiple messages. +#maxlen = 960 + +# The syslog facility to use for event log messages. +# The following syslog facilities are supported: authpriv (if your OS +# supports it), auth, daemon, user, local0, local1, local2, local3, +# local4, local5, local6, and local7. +#facility = authpriv + +# Syslog priority to use for event log accept messages, when the command +# is allowed by the security policy. The following syslog priorities are +# supported: alert, crit, debug, emerg, err, info, notice, warning, none. +#accept_priority = notice + +# Syslog priority to use for event log reject messages, when the command +# is not allowed by the security policy. +#reject_priority = alert + +# Syslog priority to use for event log alert messages reported by the +# client. +#alert_priority = alert + +[logfile] +# The path to the file-based event log. +# This path must be fully-qualified and start with a '/' character. +path = /var/log/sudo.log + +# The format string used when formatting the date and time for +# file-based event logs. Formatting is performed via strftime(3) so +# any format string supported by that function is allowed. +time_format = %a %b %e %H:%M:%S %Z diff -Nru sudo-1.9.5p2/logsrvd/regress/corpus/seed/logsrvd_conf/logsrvd.conf.4 sudo-1.9.9/logsrvd/regress/corpus/seed/logsrvd_conf/logsrvd.conf.4 --- sudo-1.9.5p2/logsrvd/regress/corpus/seed/logsrvd_conf/logsrvd.conf.4 1970-01-01 00:00:00.000000000 +0000 +++ sudo-1.9.9/logsrvd/regress/corpus/seed/logsrvd_conf/logsrvd.conf.4 2022-01-27 21:24:06.000000000 +0000 @@ -0,0 +1,215 @@ +# +# sudo logsrv daemon configuration +# + +[server] +# The host name or IP address and port to listen on with an optional TLS +# flag. If no port is specified, port 30343 will be used for plaintext +# connections and port 30344 will be used to TLS connections. +# The following forms are accepted: +# listen_address = hostname(tls) +# listen_address = hostname:port(tls) +# listen_address = IPv4_address(tls) +# listen_address = IPv4_address:port(tls) +# listen_address = [IPv6_address](tls) +# listen_address = [IPv6_address]:port(tls) +# +# The (tls) suffix should be omitted for plaintext connections. +# +# Multiple listen_address settings may be specified. +# The default is to listen on all addresses. +#listen_address = *:30343 +listen_address = *:30344(tls) + +# The file containing the ID of the running sudo_logsrvd process. +pid_file = /var/run/sudo/sudo_logsrvd.pid + +# If true, enable the SO_KEEPALIVE socket option on client connections. +tcp_keepalive = true + +# The amount of time, in seconds, the server will wait for the client to +# respond. A value of 0 will disable the timeout. The default value is 30. +timeout = 30 + +# If true, the server certificate will be verified at startup and clients +# will authenticate the server by verifying its certificate and identity. +tls_verify = true + +# If true, client certificates will be validated by the server; +# clients without a valid certificate will be unable to connect. +# By default, client certs are not checked. +tls_checkpeer = false + +# Path to a certificate authority bundle file in PEM format to use +# instead of the system's default certificate authority database. +tls_cacert = /etc/ssl/sudo/cacert.pem + +# Path to the server's certificate file in PEM format. +# Required for TLS connections. +tls_cert = /etc/ssl/sudo/certs/logsrvd_cert.pem + +# Path to the server's private key file in PEM format. +# Required for TLS connections. +tls_key = /etc/ssl/sudo/private/logsrvd_key.pem + +# TLS cipher list (see "CIPHER LIST FORMAT" in the openssl-ciphers manual). +# NOTE that this setting is only effective if the negotiated protocol +# is TLS version 1.2. +# The default cipher list is HIGH:!aNULL. +tls_ciphers_v12 = HIGH:!aNULL + +# TLS cipher list if the negotiated protocol is TLS version 1.3. +# The default cipher list is TLS_AES_256_GCM_SHA384. +tls_ciphers_v13 = TLS_AES_256_GCM_SHA384 + +# Path to the Diffie-Hellman parameter file in PEM format. +# If not set, the server will use the OpenSSL defaults. +tls_dhparams = /etc/ssl/sudo/logsrvd_dhparams.pem + +[relay] +# The host name or IP address and port to send logs to in relay mode. +# The syntax is identical to listen_address with the exception of +# the wild card ('*') syntax. When this setting is enabled, logs will +# be relayed to the specified host instead of being stored locally. +# This setting is not enabled by default. +#relay_host = relayhost.dom.ain +relay_host = localhost(tls) + +# The amount of time, in seconds, the server will wait for a connection +# to the relay server to complete. A value of 0 will disable the timeout. +# The default value is 30. +connect_timeout = 30 + +# If true, enable the SO_KEEPALIVE socket option on relay connections. +tcp_keepalive = true + +# The amount of time, in seconds, the server will wait for the relay to +# respond. A value of 0 will disable the timeout. The default value is 30. +timeout = 30 + +# If true, the server's relay certificate will be verified at startup. +# The default is to use the value in the [server] section. +tls_verify = true + +# Whether to verify the relay's certificate for TLS connections. +# The default is to use the value in the [server] section. +tls_checkpeer = false + +# Path to a certificate authority bundle file in PEM format to use +# instead of the system's default certificate authority database. +# The default is to use the value in the [server] section. +tls_cacert = /etc/ssl/sudo/cacert.pem + +# Path to the server's certificate file in PEM format. +# The default is to use the certificate in the [server] section. +tls_cert = /etc/ssl/sudo/certs/logsrvd_cert.pem + +# Path to the server's private key file in PEM format. +# The default is to use the key in the [server] section. +tls_key = /etc/ssl/sudo/private/logsrvd_key.pem + +# TLS cipher list (see "CIPHER LIST FORMAT" in the openssl-ciphers manual). +# NOTE that this setting is only effective if the negotiated protocol +# is TLS version 1.2. +# The default is to use the value in the [server] section. +tls_ciphers_v12 = HIGH:!aNULL + +# TLS cipher list if the negotiated protocol is TLS version 1.3. +# The default is to use the value in the [server] section. +tls_ciphers_v13 = TLS_AES_256_GCM_SHA384 + +# Path to the Diffie-Hellman parameter file in PEM format. +# The default is to use the value in the [server] section. +tls_dhparams = /etc/ssl/sudo/logsrvd_dhparams.pem + +[iolog] +# The top-level directory to use when constructing the path name for the +# I/O log directory. The session sequence number, if any, is stored here. +iolog_dir = /var/log/sudo-io + +# The path name, relative to iolog_dir, in which to store I/O logs. +# Note that iolog_file may contain directory components. +iolog_file = %{seq} + +# If set, I/O logs will be compressed using zlib. Enabling compression can +# make it harder to view the logs in real-time as the program is executing. +iolog_compress = false + +# If set, I/O log data is flushed to disk after each write instead of +# buffering it. This makes it possible to view the logs in real-time +# as the program is executing but reduces the effectiveness of compression. +iolog_flush = true + +# The group to use when creating new I/O log files and directories. +# If iolog_group is not set, the primary group-ID of the user specified +# by iolog_user is used. If neither iolog_group nor iolog_user +# are set, I/O log files and directories are created with group-ID 0. +#iolog_group = wheel + +# The user to use when setting the user-ID and group-ID of new I/O +# log files and directories. If iolog_group is set, it will be used +# instead of the user's primary group-ID. By default, I/O log files +# and directories are created with user and group-ID 0. +iolog_user = root + +# The file mode to use when creating I/O log files. The file permissions +# will always include the owner read and write bits, even if they are +# not present in the specified mode. When creating I/O log directories, +# search (execute) bits are added to match the read and write bits +# specified by iolog_mode. +iolog_mode = 0600 + +# The maximum sequence number that will be substituted for the "%{seq}" +# escape in the I/O log file. While the value substituted for "%{seq}" +# is in base 36, maxseq itself should be expressed in decimal. Values +# larger than 2176782336 (which corresponds to the base 36 sequence +# number "ZZZZZZ") will be silently truncated to 2176782336. +maxseq = 2176782336 + +[eventlog] +# Where to log accept, reject and alert events. +# Accepted values are syslog, logfile, or none. +# Defaults to syslog +log_type = syslog + +# Event log format. +# Supported log formats are "sudo" and "json" +# Defaults to sudo +log_format = sudo + +[syslog] +# The maximum length of a syslog payload. +# On many systems, syslog(3) has a relatively small log buffer. +# IETF RFC 5424 states that syslog servers must support messages +# of at least 480 bytes and should support messages up to 2048 bytes. +# Messages larger than this value will be split into multiple messages. +maxlen = 960 + +# The syslog facility to use for event log messages. +# The following syslog facilities are supported: authpriv (if your OS +# supports it), auth, daemon, user, local0, local1, local2, local3, +# local4, local5, local6, and local7. +facility = unknown + +# Syslog priority to use for event log accept messages, when the command +# is allowed by the security policy. The following syslog priorities are +# supported: alert, crit, debug, emerg, err, info, notice, warning, none. +accept_priority = notice + +# Syslog priority to use for event log reject messages, when the command +# is not allowed by the security policy. +reject_priority = alert + +# Syslog priority to use for event log alert messages reported by the +# client. +alert_priority = alert + +[logfile] +# The path to the file-based event log. +# This path must be fully-qualified and start with a '/' character. +path = /var/log/sudo + +# The format string used when formatting the date and time for +# file-based event logs. Formatting is performed via strftime(3) so +# any format string supported by that function is allowed. +time_format = %h %e %T diff -Nru sudo-1.9.5p2/logsrvd/regress/corpus/seed/logsrvd_conf/logsrvd.conf.5 sudo-1.9.9/logsrvd/regress/corpus/seed/logsrvd_conf/logsrvd.conf.5 --- sudo-1.9.5p2/logsrvd/regress/corpus/seed/logsrvd_conf/logsrvd.conf.5 1970-01-01 00:00:00.000000000 +0000 +++ sudo-1.9.9/logsrvd/regress/corpus/seed/logsrvd_conf/logsrvd.conf.5 2022-01-27 21:24:06.000000000 +0000 @@ -0,0 +1,215 @@ +# +# sudo logsrv daemon configuration +# + +[server] +# The host name or IP address and port to listen on with an optional TLS +# flag. If no port is specified, port 30343 will be used for plaintext +# connections and port 30344 will be used to TLS connections. +# The following forms are accepted: +# listen_address = hostname(tls) +# listen_address = hostname:port(tls) +# listen_address = IPv4_address(tls) +# listen_address = IPv4_address:port(tls) +# listen_address = [IPv6_address](tls) +# listen_address = [IPv6_address]:port(tls) +# +# The (tls) suffix should be omitted for plaintext connections. +# +# Multiple listen_address settings may be specified. +# The default is to listen on all addresses. +#listen_address = *:30343 +listen_address = *:30344(tls) + +# The file containing the ID of the running sudo_logsrvd process. +pid_file = /var/run/sudo/sudo_logsrvd.pid + +# If true, enable the SO_KEEPALIVE socket option on client connections. +tcp_keepalive = true + +# The amount of time, in seconds, the server will wait for the client to +# respond. A value of 0 will disable the timeout. The default value is 30. +timeout = 30 + +# If true, the server certificate will be verified at startup and clients +# will authenticate the server by verifying its certificate and identity. +tls_verify = true + +# If true, client certificates will be validated by the server; +# clients without a valid certificate will be unable to connect. +# By default, client certs are not checked. +tls_checkpeer = false + +# Path to a certificate authority bundle file in PEM format to use +# instead of the system's default certificate authority database. +tls_cacert = /etc/ssl/sudo/cacert.pem + +# Path to the server's certificate file in PEM format. +# Required for TLS connections. +tls_cert = /etc/ssl/sudo/certs/logsrvd_cert.pem + +# Path to the server's private key file in PEM format. +# Required for TLS connections. +tls_key = /etc/ssl/sudo/private/logsrvd_key.pem + +# TLS cipher list (see "CIPHER LIST FORMAT" in the openssl-ciphers manual). +# NOTE that this setting is only effective if the negotiated protocol +# is TLS version 1.2. +# The default cipher list is HIGH:!aNULL. +tls_ciphers_v12 = HIGH:!aNULL + +# TLS cipher list if the negotiated protocol is TLS version 1.3. +# The default cipher list is TLS_AES_256_GCM_SHA384. +tls_ciphers_v13 = TLS_AES_256_GCM_SHA384 + +# Path to the Diffie-Hellman parameter file in PEM format. +# If not set, the server will use the OpenSSL defaults. +tls_dhparams = /etc/ssl/sudo/logsrvd_dhparams.pem + +[relay] +# The host name or IP address and port to send logs to in relay mode. +# The syntax is identical to listen_address with the exception of +# the wild card ('*') syntax. When this setting is enabled, logs will +# be relayed to the specified host instead of being stored locally. +# This setting is not enabled by default. +#relay_host = relayhost.dom.ain +relay_host = localhost(tls) + +# The amount of time, in seconds, the server will wait for a connection +# to the relay server to complete. A value of 0 will disable the timeout. +# The default value is 30. +connect_timeout = 30 + +# If true, enable the SO_KEEPALIVE socket option on relay connections. +tcp_keepalive = true + +# The amount of time, in seconds, the server will wait for the relay to +# respond. A value of 0 will disable the timeout. The default value is 30. +timeout = 30 + +# If true, the server's relay certificate will be verified at startup. +# The default is to use the value in the [server] section. +tls_verify = true + +# Whether to verify the relay's certificate for TLS connections. +# The default is to use the value in the [server] section. +tls_checkpeer = false + +# Path to a certificate authority bundle file in PEM format to use +# instead of the system's default certificate authority database. +# The default is to use the value in the [server] section. +tls_cacert = /etc/ssl/sudo/cacert.pem + +# Path to the server's certificate file in PEM format. +# The default is to use the certificate in the [server] section. +tls_cert = /etc/ssl/sudo/certs/logsrvd_cert.pem + +# Path to the server's private key file in PEM format. +# The default is to use the key in the [server] section. +tls_key = /etc/ssl/sudo/private/logsrvd_key.pem + +# TLS cipher list (see "CIPHER LIST FORMAT" in the openssl-ciphers manual). +# NOTE that this setting is only effective if the negotiated protocol +# is TLS version 1.2. +# The default is to use the value in the [server] section. +tls_ciphers_v12 = HIGH:!aNULL + +# TLS cipher list if the negotiated protocol is TLS version 1.3. +# The default is to use the value in the [server] section. +tls_ciphers_v13 = TLS_AES_256_GCM_SHA384 + +# Path to the Diffie-Hellman parameter file in PEM format. +# The default is to use the value in the [server] section. +tls_dhparams = /etc/ssl/sudo/logsrvd_dhparams.pem + +[iolog] +# The top-level directory to use when constructing the path name for the +# I/O log directory. The session sequence number, if any, is stored here. +iolog_dir = /var/log/sudo-io + +# The path name, relative to iolog_dir, in which to store I/O logs. +# Note that iolog_file may contain directory components. +iolog_file = %{seq} + +# If set, I/O logs will be compressed using zlib. Enabling compression can +# make it harder to view the logs in real-time as the program is executing. +iolog_compress = false + +# If set, I/O log data is flushed to disk after each write instead of +# buffering it. This makes it possible to view the logs in real-time +# as the program is executing but reduces the effectiveness of compression. +iolog_flush = true + +# The group to use when creating new I/O log files and directories. +# If iolog_group is not set, the primary group-ID of the user specified +# by iolog_user is used. If neither iolog_group nor iolog_user +# are set, I/O log files and directories are created with group-ID 0. +#iolog_group = wheel + +# The user to use when setting the user-ID and group-ID of new I/O +# log files and directories. If iolog_group is set, it will be used +# instead of the user's primary group-ID. By default, I/O log files +# and directories are created with user and group-ID 0. +iolog_user = root + +# The file mode to use when creating I/O log files. The file permissions +# will always include the owner read and write bits, even if they are +# not present in the specified mode. When creating I/O log directories, +# search (execute) bits are added to match the read and write bits +# specified by iolog_mode. +iolog_mode = 0600 + +# The maximum sequence number that will be substituted for the "%{seq}" +# escape in the I/O log file. While the value substituted for "%{seq}" +# is in base 36, maxseq itself should be expressed in decimal. Values +# larger than 2176782336 (which corresponds to the base 36 sequence +# number "ZZZZZZ") will be silently truncated to 2176782336. +maxseq = 2176782336 + +[eventlog] +# Where to log accept, reject and alert events. +# Accepted values are syslog, logfile, or none. +# Defaults to syslog +log_type = syslog + +# Event log format. +# Supported log formats are "sudo" and "json" +# Defaults to sudo +log_format = sudo + +[syslog] +# The maximum length of a syslog payload. +# On many systems, syslog(3) has a relatively small log buffer. +# IETF RFC 5424 states that syslog servers must support messages +# of at least 480 bytes and should support messages up to 2048 bytes. +# Messages larger than this value will be split into multiple messages. +maxlen = 960 + +# The syslog facility to use for event log messages. +# The following syslog facilities are supported: authpriv (if your OS +# supports it), auth, daemon, user, local0, local1, local2, local3, +# local4, local5, local6, and local7. +facility = authpriv + +# Syslog priority to use for event log accept messages, when the command +# is allowed by the security policy. The following syslog priorities are +# supported: alert, crit, debug, emerg, err, info, notice, warning, none. +accept_priority = low + +# Syslog priority to use for event log reject messages, when the command +# is not allowed by the security policy. +reject_priority = alert + +# Syslog priority to use for event log alert messages reported by the +# client. +alert_priority = alert + +[logfile] +# The path to the file-based event log. +# This path must be fully-qualified and start with a '/' character. +path = /var/log/sudo + +# The format string used when formatting the date and time for +# file-based event logs. Formatting is performed via strftime(3) so +# any format string supported by that function is allowed. +time_format = %h %e %T diff -Nru sudo-1.9.5p2/logsrvd/regress/corpus/seed/logsrvd_conf/logsrvd.conf.6 sudo-1.9.9/logsrvd/regress/corpus/seed/logsrvd_conf/logsrvd.conf.6 --- sudo-1.9.5p2/logsrvd/regress/corpus/seed/logsrvd_conf/logsrvd.conf.6 1970-01-01 00:00:00.000000000 +0000 +++ sudo-1.9.9/logsrvd/regress/corpus/seed/logsrvd_conf/logsrvd.conf.6 2022-01-27 21:24:06.000000000 +0000 @@ -0,0 +1,215 @@ +# +# sudo logsrv daemon configuration +# + +[server] +# The host name or IP address and port to listen on with an optional TLS +# flag. If no port is specified, port 30343 will be used for plaintext +# connections and port 30344 will be used to TLS connections. +# The following forms are accepted: +# listen_address = hostname(tls) +# listen_address = hostname:port(tls) +# listen_address = IPv4_address(tls) +# listen_address = IPv4_address:port(tls) +# listen_address = [IPv6_address](tls) +# listen_address = [IPv6_address]:port(tls) +# +# The (tls) suffix should be omitted for plaintext connections. +# +# Multiple listen_address settings may be specified. +# The default is to listen on all addresses. +#listen_address = *:30343 +listen_address = *:30344(tls) + +# The file containing the ID of the running sudo_logsrvd process. +pid_file = /var/run/sudo/sudo_logsrvd.pid + +# If true, enable the SO_KEEPALIVE socket option on client connections. +tcp_keepalive = true + +# The amount of time, in seconds, the server will wait for the client to +# respond. A value of 0 will disable the timeout. The default value is 30. +timeout = 30 + +# If true, the server certificate will be verified at startup and clients +# will authenticate the server by verifying its certificate and identity. +tls_verify = true + +# If true, client certificates will be validated by the server; +# clients without a valid certificate will be unable to connect. +# By default, client certs are not checked. +tls_checkpeer = false + +# Path to a certificate authority bundle file in PEM format to use +# instead of the system's default certificate authority database. +tls_cacert = /etc/ssl/sudo/cacert.pem + +# Path to the server's certificate file in PEM format. +# Required for TLS connections. +tls_cert = /etc/ssl/sudo/certs/logsrvd_cert.pem + +# Path to the server's private key file in PEM format. +# Required for TLS connections. +tls_key = /etc/ssl/sudo/private/logsrvd_key.pem + +# TLS cipher list (see "CIPHER LIST FORMAT" in the openssl-ciphers manual). +# NOTE that this setting is only effective if the negotiated protocol +# is TLS version 1.2. +# The default cipher list is HIGH:!aNULL. +tls_ciphers_v12 = HIGH:!aNULL + +# TLS cipher list if the negotiated protocol is TLS version 1.3. +# The default cipher list is TLS_AES_256_GCM_SHA384. +tls_ciphers_v13 = TLS_AES_256_GCM_SHA384 + +# Path to the Diffie-Hellman parameter file in PEM format. +# If not set, the server will use the OpenSSL defaults. +tls_dhparams = /etc/ssl/sudo/logsrvd_dhparams.pem + +[relay] +# The host name or IP address and port to send logs to in relay mode. +# The syntax is identical to listen_address with the exception of +# the wild card ('*') syntax. When this setting is enabled, logs will +# be relayed to the specified host instead of being stored locally. +# This setting is not enabled by default. +#relay_host = relayhost.dom.ain +relay_host = localhost(tls) + +# The amount of time, in seconds, the server will wait for a connection +# to the relay server to complete. A value of 0 will disable the timeout. +# The default value is 30. +connect_timeout = 30 + +# If true, enable the SO_KEEPALIVE socket option on relay connections. +tcp_keepalive = true + +# The amount of time, in seconds, the server will wait for the relay to +# respond. A value of 0 will disable the timeout. The default value is 30. +timeout = 30 + +# If true, the server's relay certificate will be verified at startup. +# The default is to use the value in the [server] section. +tls_verify = true + +# Whether to verify the relay's certificate for TLS connections. +# The default is to use the value in the [server] section. +tls_checkpeer = false + +# Path to a certificate authority bundle file in PEM format to use +# instead of the system's default certificate authority database. +# The default is to use the value in the [server] section. +tls_cacert = /etc/ssl/sudo/cacert.pem + +# Path to the server's certificate file in PEM format. +# The default is to use the certificate in the [server] section. +tls_cert = /etc/ssl/sudo/certs/logsrvd_cert.pem + +# Path to the server's private key file in PEM format. +# The default is to use the key in the [server] section. +tls_key = /etc/ssl/sudo/private/logsrvd_key.pem + +# TLS cipher list (see "CIPHER LIST FORMAT" in the openssl-ciphers manual). +# NOTE that this setting is only effective if the negotiated protocol +# is TLS version 1.2. +# The default is to use the value in the [server] section. +tls_ciphers_v12 = HIGH:!aNULL + +# TLS cipher list if the negotiated protocol is TLS version 1.3. +# The default is to use the value in the [server] section. +tls_ciphers_v13 = TLS_AES_256_GCM_SHA384 + +# Path to the Diffie-Hellman parameter file in PEM format. +# The default is to use the value in the [server] section. +tls_dhparams = /etc/ssl/sudo/logsrvd_dhparams.pem + +[iolog] +# The top-level directory to use when constructing the path name for the +# I/O log directory. The session sequence number, if any, is stored here. +iolog_dir = /var/log/sudo-io + +# The path name, relative to iolog_dir, in which to store I/O logs. +# Note that iolog_file may contain directory components. +iolog_file = %{seq} + +# If set, I/O logs will be compressed using zlib. Enabling compression can +# make it harder to view the logs in real-time as the program is executing. +iolog_compress = false + +# If set, I/O log data is flushed to disk after each write instead of +# buffering it. This makes it possible to view the logs in real-time +# as the program is executing but reduces the effectiveness of compression. +iolog_flush = true + +# The group to use when creating new I/O log files and directories. +# If iolog_group is not set, the primary group-ID of the user specified +# by iolog_user is used. If neither iolog_group nor iolog_user +# are set, I/O log files and directories are created with group-ID 0. +#iolog_group = wheel + +# The user to use when setting the user-ID and group-ID of new I/O +# log files and directories. If iolog_group is set, it will be used +# instead of the user's primary group-ID. By default, I/O log files +# and directories are created with user and group-ID 0. +iolog_user = root + +# The file mode to use when creating I/O log files. The file permissions +# will always include the owner read and write bits, even if they are +# not present in the specified mode. When creating I/O log directories, +# search (execute) bits are added to match the read and write bits +# specified by iolog_mode. +iolog_mode = 0600 + +# The maximum sequence number that will be substituted for the "%{seq}" +# escape in the I/O log file. While the value substituted for "%{seq}" +# is in base 36, maxseq itself should be expressed in decimal. Values +# larger than 2176782336 (which corresponds to the base 36 sequence +# number "ZZZZZZ") will be silently truncated to 2176782336. +maxseq = 2176782336 + +[eventlog] +# Where to log accept, reject and alert events. +# Accepted values are syslog, logfile, or none. +# Defaults to syslog +log_type = syslog + +# Event log format. +# Supported log formats are "sudo" and "json" +# Defaults to sudo +log_format = sudo + +[syslog] +# The maximum length of a syslog payload. +# On many systems, syslog(3) has a relatively small log buffer. +# IETF RFC 5424 states that syslog servers must support messages +# of at least 480 bytes and should support messages up to 2048 bytes. +# Messages larger than this value will be split into multiple messages. +maxlen = 960 + +# The syslog facility to use for event log messages. +# The following syslog facilities are supported: authpriv (if your OS +# supports it), auth, daemon, user, local0, local1, local2, local3, +# local4, local5, local6, and local7. +facility = authpriv + +# Syslog priority to use for event log accept messages, when the command +# is allowed by the security policy. The following syslog priorities are +# supported: alert, crit, debug, emerg, err, info, notice, warning, none. +accept_priority = notice + +# Syslog priority to use for event log reject messages, when the command +# is not allowed by the security policy. +reject_priority = alert + +# Syslog priority to use for event log alert messages reported by the +# client. +alert_priority = high + +[logfile] +# The path to the file-based event log. +# This path must be fully-qualified and start with a '/' character. +path = /var/log/sudo + +# The format string used when formatting the date and time for +# file-based event logs. Formatting is performed via strftime(3) so +# any format string supported by that function is allowed. +time_format = %h %e %T diff -Nru sudo-1.9.5p2/logsrvd/regress/fuzz/fuzz_logsrvd_conf.c sudo-1.9.9/logsrvd/regress/fuzz/fuzz_logsrvd_conf.c --- sudo-1.9.5p2/logsrvd/regress/fuzz/fuzz_logsrvd_conf.c 1970-01-01 00:00:00.000000000 +0000 +++ sudo-1.9.9/logsrvd/regress/fuzz/fuzz_logsrvd_conf.c 2022-01-27 21:24:22.000000000 +0000 @@ -0,0 +1,115 @@ +/* + * Copyright (c) 2021 Todd C. Miller + * + * Permission to use, copy, modify, and distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR + * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN + * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF + * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + */ + +#include + +#include +#include +#include + +#include +#include +#include +#include +#include +#if defined(HAVE_STDINT_H) +# include +#elif defined(HAVE_INTTYPES_H) +# include +#endif + +#include "sudo_compat.h" +#include "sudo_conf.h" +#include "sudo_debug.h" +#include "sudo_eventlog.h" +#include "sudo_fatal.h" +#include "sudo_iolog.h" +#include "sudo_plugin.h" +#include "sudo_util.h" + +#include "logsrvd.h" + +static int +fuzz_conversation(int num_msgs, const struct sudo_conv_message msgs[], + struct sudo_conv_reply replies[], struct sudo_conv_callback *callback) +{ + int n; + + for (n = 0; n < num_msgs; n++) { + const struct sudo_conv_message *msg = &msgs[n]; + + switch (msg->msg_type & 0xff) { + case SUDO_CONV_PROMPT_ECHO_ON: + case SUDO_CONV_PROMPT_MASK: + case SUDO_CONV_PROMPT_ECHO_OFF: + /* input not supported */ + return -1; + case SUDO_CONV_ERROR_MSG: + case SUDO_CONV_INFO_MSG: + /* no output for fuzzers */ + break; + default: + return -1; + } + } + return 0; +} + +int +LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) +{ + char tempfile[] = "/tmp/logsrvd_conf.XXXXXX"; + size_t nwritten; + int fd; + + setprogname("fuzz_logsrvd_conf"); + sudo_warn_set_conversation(fuzz_conversation); + + /* logsrvd_conf_read() uses a conf file path, not an open file. */ + fd = mkstemp(tempfile); + if (fd == -1) + return 0; + nwritten = write(fd, data, size); + if (nwritten != size) { + close(fd); + return 0; + } + close(fd); + + if (logsrvd_conf_read(tempfile)) { + /* public config getters */ + logsrvd_conf_iolog_dir(); + logsrvd_conf_iolog_file(); + logsrvd_conf_iolog_mode(); + logsrvd_conf_pid_file(); + logsrvd_conf_relay_address(); + logsrvd_conf_relay_connect_timeout(); + logsrvd_conf_relay_tcp_keepalive(); + logsrvd_conf_relay_timeout(); + logsrvd_conf_server_listen_address(); + logsrvd_conf_server_tcp_keepalive(); + logsrvd_conf_server_timeout(); + + /* free config */ + logsrvd_conf_cleanup(); + } + + unlink(tempfile); + + fflush(stdout); + + return 0; +} diff -Nru sudo-1.9.5p2/logsrvd/regress/fuzz/fuzz_logsrvd_conf.dict sudo-1.9.9/logsrvd/regress/fuzz/fuzz_logsrvd_conf.dict --- sudo-1.9.5p2/logsrvd/regress/fuzz/fuzz_logsrvd_conf.dict 1970-01-01 00:00:00.000000000 +0000 +++ sudo-1.9.9/logsrvd/regress/fuzz/fuzz_logsrvd_conf.dict 2022-01-27 21:24:06.000000000 +0000 @@ -0,0 +1,42 @@ +"[server]" +"listen_address" +"pid_file" +"tcp_keepalive" +"timeout" +"tls_verify" +"tls_checkpeer" +"tls_cacert" +"tls_cert" +"tls_key" +"tls_ciphers_v12" +"tls_ciphers_v13" +"tls_dhparams" + +"[relay]" +"relay_host" +"connect_timeout" + +"[iolog]" +"iolog_dir" +"iolog_file" +"iolog_compress" +"iolog_flush" +"iolog_group" +"iolog_user" +"iolog_mode" +"maxseq" + +"[eventlog]" +"log_type" +"log_format" + +"[syslog]" +"maxlen" +"facility" +"accept_priority" +"reject_priority" +"alert_priority" + +"[logfile]" +"path" +"time_format" diff -Nru sudo-1.9.5p2/logsrvd/sendlog.c sudo-1.9.9/logsrvd/sendlog.c --- sudo-1.9.5p2/logsrvd/sendlog.c 2020-12-17 01:33:43.000000000 +0000 +++ sudo-1.9.9/logsrvd/sendlog.c 2022-01-27 21:24:22.000000000 +0000 @@ -1,7 +1,7 @@ /* * SPDX-License-Identifier: ISC * - * Copyright (c) 2019-2020 Todd C. Miller + * Copyright (c) 2019-2021 Todd C. Miller * * Permission to use, copy, modify, and distribute this software for any * purpose with or without fee is hereby granted, provided that the above @@ -54,11 +54,6 @@ # include "compat/getopt.h" #endif /* HAVE_GETOPT_LONG */ -#if defined(HAVE_OPENSSL) -# include -# include -#endif - #include "sudo_compat.h" #include "sudo_conf.h" #include "sudo_debug.h" @@ -69,9 +64,8 @@ #include "sudo_iolog.h" #include "sudo_util.h" -#include "hostcheck.h" -#include "log_server.pb-c.h" #include "sendlog.h" +#include "hostcheck.h" #if defined(HAVE_OPENSSL) # define TLS_HANDSHAKE_TIMEO_SEC 10 @@ -80,12 +74,7 @@ TAILQ_HEAD(connection_list, client_closure); static struct connection_list connections = TAILQ_HEAD_INITIALIZER(connections); -static const char *server_name = "localhost"; -#if defined(HAVE_STRUCT_IN6_ADDR) -static char server_ip[INET6_ADDRSTRLEN]; -#else -static char server_ip[INET_ADDRSTRLEN]; -#endif +static struct peer_info server_info = { "localhost" }; static char *iolog_dir; static bool testrun = false; static int nr_of_conns = 1; @@ -112,7 +101,7 @@ #else fprintf(stderr, "usage: %s [-AnV] [-h host] [-i iolog-id] [-p port] " #endif - "[-r restart-point] [-R reject-reason] [-t number] /path/to/iolog\n", + "[-r restart-point] [-R reject-reason] [-s stop-point] [-t number] /path/to/iolog\n", getprogname()); if (fatal) exit(EXIT_FAILURE); @@ -121,25 +110,43 @@ static void help(void) { - (void)printf(_("%s - send sudo I/O log to remote server\n\n"), - getprogname()); + printf("%s - %s\n\n", getprogname(), + _("send sudo I/O log to remote server")); usage(false); - (void)puts(_("\nOptions:\n" - " --help display help message and exit\n" - " -A, --accept only send an accept event (no I/O)\n" - " -h, --host host to send logs to\n" - " -i, --iolog_id remote ID of I/O log to be resumed\n" - " -p, --port port to use when connecting to host\n" - " -r, --restart restart previous I/O log transfer\n" - " -R, --reject reject the command with the given reason\n" + printf("\n%s\n", _("Options:")); + printf(" --help %s\n", + _("display help message and exit")); + printf(" -A, --accept %s\n", + _("only send an accept event (no I/O)")); #if defined(HAVE_OPENSSL) - " -b, --ca-bundle certificate bundle file to verify server's cert against\n" - " -c, --cert certificate file for TLS handshake\n" - " -k, --key private key file\n" - " -n, --no-verify do not verify server certificate\n" + printf(" -b, --ca-bundle %s\n", + _("certificate bundle file to verify server's cert against")); + printf(" -c, --cert %s\n", + _("certificate file for TLS handshake")); #endif - " -t, --test test audit server by sending selected I/O log n times in parallel\n" - " -V, --version display version information and exit\n")); + printf(" -h, --host %s\n", + _("host to send logs to")); + printf(" -i, --iolog_id %s\n", + _("remote ID of I/O log to be resumed")); +#if defined(HAVE_OPENSSL) + printf(" -k, --key %s\n", + _("private key file")); + printf(" -n, --no-verify %s\n", + _("do not verify server certificate")); +#endif + printf(" -p, --port %s\n", + _("port to use when connecting to host")); + printf(" -r, --restart %s\n", + _("restart previous I/O log transfer")); + printf(" -R, --reject %s\n", + _("reject the command with the given reason")); + printf(" -s, --stop-after %s\n", + _("stop transfer after reaching this time")); + printf(" -t, --test %s\n", + _("test audit server by sending selected I/O log n times in parallel")); + printf(" -V, --version %s\n", + _("display version information and exit")); + putchar('\n'); exit(EXIT_SUCCESS); } @@ -149,7 +156,7 @@ * Returns open socket or -1 on error. */ static int -connect_server(const char *host, const char *port) +connect_server(struct peer_info *server, const char *port) { struct addrinfo hints, *res, *res0; const char *addr, *cause = "getaddrinfo"; @@ -159,9 +166,9 @@ memset(&hints, 0, sizeof(hints)); hints.ai_family = AF_UNSPEC; hints.ai_socktype = SOCK_STREAM; - error = getaddrinfo(host, port, &hints, &res0); + error = getaddrinfo(server->name, port, &hints, &res0); if (error != 0) { - sudo_warnx(U_("unable to look up %s:%s: %s"), host, port, + sudo_warnx(U_("unable to look up %s:%s: %s"), server->name, port, gai_strerror(error)); debug_return_int(-1); } @@ -181,7 +188,7 @@ sock = -1; continue; } - if (*server_ip == '\0') { + if (server->ipaddr[0] == '\0') { switch (res->ai_family) { case AF_INET: addr = (char *)&((struct sockaddr_in *)res->ai_addr)->sin_addr; @@ -197,8 +204,8 @@ sock = -1; continue; } - if (inet_ntop(res->ai_family, addr, server_ip, - sizeof(server_ip)) == NULL) { + if (inet_ntop(res->ai_family, addr, server->ipaddr, + sizeof(server->ipaddr)) == NULL) { sudo_warnx("%s", U_("unable to get server IP addr")); } } @@ -223,6 +230,38 @@ } /* + * Get a buffer from the free list if possible, else allocate a new one. + */ +struct connection_buffer * +get_free_buf(size_t len, struct client_closure *closure) +{ + struct connection_buffer *buf; + debug_decl(get_free_buf, SUDO_DEBUG_UTIL); + + buf = TAILQ_FIRST(&closure->free_bufs); + if (buf != NULL) { + TAILQ_REMOVE(&closure->free_bufs, buf, entries); + } else { + if ((buf = calloc(1, sizeof(*buf))) == NULL) { + sudo_warnx(U_("%s: %s"), __func__, U_("unable to allocate memory")); + debug_return_ptr(NULL); + } + } + + if (len > buf->size) { + free(buf->data); + buf->size = sudo_pow2_roundup(len); + if ((buf->data = malloc(buf->size)) == NULL) { + sudo_warnx(U_("%s: %s"), __func__, U_("unable to allocate memory")); + free(buf); + buf = NULL; + } + } + + debug_return_ptr(buf); +} + +/* * Read the next I/O buffer as described by closure->timing. */ static bool @@ -265,8 +304,9 @@ * Returns true on success, false on failure. */ static bool -fmt_client_message(struct connection_buffer *buf, ClientMessage *msg) +fmt_client_message(struct client_closure *closure, ClientMessage *msg) { + struct connection_buffer *buf = NULL; uint32_t msg_len; bool ret = false; size_t len; @@ -281,61 +321,31 @@ msg_len = htonl((uint32_t)len); len += sizeof(msg_len); - /* Resize buffer as needed. */ - if (len > buf->size) { - free(buf->data); - buf->size = sudo_pow2_roundup(len); - if ((buf->data = malloc(buf->size)) == NULL) { - sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO, - "unable to malloc %u", buf->size); - buf->size = 0; + if (!TAILQ_EMPTY(&closure->write_bufs)) { + buf = TAILQ_FIRST(&closure->write_bufs); + if (len > buf->size - buf->len) { + /* Too small. */ + buf = NULL; + } + } + if (buf == NULL) { + if ((buf = get_free_buf(len, closure)) == NULL) { + sudo_warnx(U_("%s: %s"), __func__, U_("unable to allocate memory")); goto done; } + TAILQ_INSERT_TAIL(&closure->write_bufs, buf, entries); } - memcpy(buf->data, &msg_len, sizeof(msg_len)); - client_message__pack(msg, buf->data + sizeof(msg_len)); - buf->len = len; + memcpy(buf->data + buf->len, &msg_len, sizeof(msg_len)); + client_message__pack(msg, buf->data + buf->len + sizeof(msg_len)); + buf->len += len; + ret = true; done: debug_return_bool(ret); } -/* - * Split command + args into an array of strings. - * Returns an array containing command and args, reusing space in "command". - * Note that the returned array does not end with a terminating NULL. - */ -static char ** -split_command(char *command, size_t *lenp) -{ - char *cp; - char **args; - size_t len; - debug_decl(split_command, SUDO_DEBUG_UTIL); - - for (cp = command, len = 0;;) { - len++; - if ((cp = strchr(cp, ' ')) == NULL) - break; - cp++; - } - args = reallocarray(NULL, len, sizeof(char *)); - if (args == NULL) - debug_return_ptr(NULL); - - for (cp = command, len = 0;;) { - args[len++] = cp; - if ((cp = strchr(cp, ' ')) == NULL) - break; - *cp++ = '\0'; - } - - *lenp = len; - debug_return_ptr(args); -} - static bool fmt_client_hello(struct client_closure *closure) { @@ -350,7 +360,7 @@ /* Schedule ClientMessage */ client_msg.u.hello_msg = &hello_msg; client_msg.type_case = CLIENT_MESSAGE__TYPE_HELLO_MSG; - ret = fmt_client_message(&closure->write_buf, &client_msg); + ret = fmt_client_message(closure, &client_msg); if (ret) { if (sudo_ev_add(closure->evbase, closure->read_ev, NULL, false) == -1) ret = false; @@ -361,6 +371,15 @@ debug_return_bool(ret); } +#if defined(HAVE_OPENSSL) +/* Wrapper for fmt_client_hello() called via tls_connect_cb() */ +static bool +tls_start_fn(struct tls_client_closure *tls_client) +{ + return fmt_client_hello(tls_client->parent_closure); +} +#endif /* HAVE_OPENSSL */ + static void free_info_messages(InfoMessage **info_msgs, size_t n_info_msgs) { @@ -381,26 +400,145 @@ debug_return; } +/* + * Convert a NULL-terminated string vector (argv, envp) to a + * StringList with an associated size. + * Performs a shallow copy of the strings (copies pointers). + */ +static InfoMessage__StringList * +vec_to_stringlist(char * const *vec) +{ + InfoMessage__StringList *strlist; + size_t len; + debug_decl(vec_to_stringlist, SUDO_DEBUG_UTIL); + + strlist = malloc(sizeof(*strlist)); + if (strlist == NULL) + goto done; + info_message__string_list__init(strlist); + + /* Convert vec into a StringList. */ + for (len = 0; vec[len] != NULL; len++) { + continue; + } + strlist->strings = reallocarray(NULL, len, sizeof(char *)); + if (strlist->strings == NULL) { + free(strlist); + strlist = NULL; + goto done; + } + strlist->n_strings = len; + for (len = 0; vec[len] != NULL; len++) { + strlist->strings[len] = vec[len]; + } + +done: + debug_return_ptr(strlist); +} + +/* + * Split command + args separated by whitespace into a StringList. + * Returns a StringList containing command and args, reusing the contents + * of "command", which is modified. + */ +static InfoMessage__StringList * +command_to_stringlist(char *command) +{ + InfoMessage__StringList *strlist; + char *cp; + size_t len; + debug_decl(command_to_stringlist, SUDO_DEBUG_UTIL); + + strlist = malloc(sizeof(*strlist)); + if (strlist == NULL) + debug_return_ptr(NULL); + info_message__string_list__init(strlist); + + for (cp = command, len = 0;;) { + len++; + if ((cp = strchr(cp, ' ')) == NULL) + break; + cp++; + } + strlist->strings = reallocarray(NULL, len, sizeof(char *)); + if (strlist->strings == NULL) { + free(strlist); + debug_return_ptr(NULL); + } + strlist->n_strings = len; + + for (cp = command, len = 0;;) { + strlist->strings[len++] = cp; + if ((cp = strchr(cp, ' ')) == NULL) + break; + *cp++ = '\0'; + } + + debug_return_ptr(strlist); +} + +/* + * Build runargv StringList using either argv or command in evlog. + * Truncated command in evlog after first space as a side effect. + */ +static InfoMessage__StringList * +fmt_runargv(const struct eventlog *evlog) +{ + InfoMessage__StringList *runargv; + debug_decl(fmt_runargv, SUDO_DEBUG_UTIL); + + /* We may have runargv from the log.json file. */ + if (evlog->argv != NULL && evlog->argv[0] != NULL) { + /* Convert evlog->argv into a StringList. */ + runargv = vec_to_stringlist(evlog->argv); + if (runargv != NULL) { + /* Make sure command doesn't include arguments. */ + char *cp = strchr(evlog->command, ' '); + if (cp != NULL) + *cp = '\0'; + } + } else { + /* No log.json file, split command into a StringList. */ + runargv = command_to_stringlist(evlog->command); + } + + debug_return_ptr(runargv); +} + +/* + * Build runenv StringList from env in evlog, if present. + */ +static InfoMessage__StringList * +fmt_runenv(const struct eventlog *evlog) +{ + debug_decl(fmt_runenv, SUDO_DEBUG_UTIL); + + /* Only present in log.json. */ + if (evlog->envp == NULL || evlog->envp[0] == NULL) + debug_return_ptr(NULL); + + debug_return_ptr(vec_to_stringlist(evlog->envp)); +} + static InfoMessage ** fmt_info_messages(const struct eventlog *evlog, char *hostname, size_t *n_info_msgs) { InfoMessage **info_msgs = NULL; InfoMessage__StringList *runargv = NULL; + InfoMessage__StringList *runenv = NULL; size_t info_msgs_size, n = 0; debug_decl(fmt_info_messages, SUDO_DEBUG_UTIL); - /* Split command into a StringList. */ - runargv = malloc(sizeof(*runargv)); + runargv = fmt_runargv(evlog); if (runargv == NULL) - goto oom; - info_message__string_list__init(runargv); - runargv->strings = split_command(evlog->command, &runargv->n_strings); - if (runargv->strings == NULL) goto oom; + /* runenv is only present in log.json */ + runenv = fmt_runenv(evlog); + /* The sudo I/O log info file has limited info. */ - info_msgs_size = 10; + info_msgs_size = 13; info_msgs = calloc(info_msgs_size, sizeof(InfoMessage *)); if (info_msgs == NULL) goto oom; @@ -434,6 +572,21 @@ runargv = NULL; n++; + if (runenv != NULL) { + info_msgs[n]->key = "runenv"; + info_msgs[n]->u.strlistval = runenv; + info_msgs[n]->value_case = INFO_MESSAGE__VALUE_STRLISTVAL; + runenv = NULL; + n++; + } + + if (evlog->rungid != (gid_t)-1) { + info_msgs[n]->key = "rungid"; + info_msgs[n]->u.numval = evlog->rungid; + info_msgs[n]->value_case = INFO_MESSAGE__VALUE_NUMVAL; + n++; + } + if (evlog->rungroup != NULL) { info_msgs[n]->key = "rungroup"; info_msgs[n]->u.strval = evlog->rungroup; @@ -441,6 +594,13 @@ n++; } + if (evlog->runuid != (uid_t)-1) { + info_msgs[n]->key = "runuid"; + info_msgs[n]->u.numval = evlog->runuid; + info_msgs[n]->value_case = INFO_MESSAGE__VALUE_NUMVAL; + n++; + } + info_msgs[n]->key = "runuser"; info_msgs[n]->u.strval = evlog->runuser; info_msgs[n]->value_case = INFO_MESSAGE__VALUE_STRVAL; @@ -483,6 +643,10 @@ free(runargv->strings); free(runargv); } + if (runenv != NULL) { + free(runenv->strings); + free(runenv); + } *n_info_msgs = 0; debug_return_ptr(NULL); } @@ -533,7 +697,7 @@ /* Schedule ClientMessage */ client_msg.u.reject_msg = &reject_msg; client_msg.type_case = CLIENT_MESSAGE__TYPE_REJECT_MSG; - ret = fmt_client_message(&closure->write_buf, &client_msg); + ret = fmt_client_message(closure, &client_msg); if (ret) { if (sudo_ev_add(closure->evbase, closure->write_ev, NULL, false) == -1) ret = false; @@ -592,7 +756,7 @@ /* Schedule ClientMessage */ client_msg.u.accept_msg = &accept_msg; client_msg.type_case = CLIENT_MESSAGE__TYPE_ACCEPT_MSG; - ret = fmt_client_message(&closure->write_buf, &client_msg); + ret = fmt_client_message(closure, &client_msg); if (ret) { if (sudo_ev_add(closure->evbase, closure->write_ev, NULL, false) == -1) ret = false; @@ -631,7 +795,7 @@ /* Schedule ClientMessage */ client_msg.u.restart_msg = &restart_msg; client_msg.type_case = CLIENT_MESSAGE__TYPE_RESTART_MSG; - ret = fmt_client_message(&closure->write_buf, &client_msg); + ret = fmt_client_message(closure, &client_msg); if (ret) { if (sudo_ev_add(closure->evbase, closure->write_ev, NULL, false) == -1) ret = false; @@ -642,7 +806,7 @@ /* * Build and format an ExitMessage wrapped in a ClientMessage. - * Stores the wire format message in the closure's write buffer. + * Stores the wire format message in the closure's write buffer list. * Returns true on success, false on failure. */ static bool @@ -650,24 +814,39 @@ { ClientMessage client_msg = CLIENT_MESSAGE__INIT; ExitMessage exit_msg = EXIT_MESSAGE__INIT; + TimeSpec run_time = TIME_SPEC__INIT; + struct eventlog *evlog = closure->evlog; bool ret = false; debug_decl(fmt_exit_message, SUDO_DEBUG_UTIL); - /* - * We don't have enough data in a sudo I/O log to create a real - * exit message. For example, the exit value and run time are - * not known. This results in a zero-sized message. - */ - exit_msg.exit_value = 0; + if (evlog->exit_value != -1) + exit_msg.exit_value = evlog->exit_value; + if (sudo_timespecisset(&evlog->run_time)) { + run_time.tv_sec = evlog->run_time.tv_sec; + run_time.tv_nsec = evlog->run_time.tv_nsec; + exit_msg.run_time = &run_time; + } + if (evlog->signal_name != NULL) { + exit_msg.signal = evlog->signal_name; + exit_msg.dumped_core = evlog->dumped_core; + } - sudo_debug_printf(SUDO_DEBUG_INFO, - "%s: sending ExitMessage, exit value %d", - __func__, exit_msg.exit_value); + if (evlog->signal_name != NULL) { + sudo_debug_printf(SUDO_DEBUG_INFO, + "%s: sending ExitMessage, signal %s, run_time [%lld, %ld]", + __func__, evlog->signal_name, (long long)evlog->run_time.tv_sec, + evlog->run_time.tv_nsec); + } else { + sudo_debug_printf(SUDO_DEBUG_INFO, + "%s: sending ExitMessage, exit value %d, run_time [%lld, %ld]", + __func__, evlog->exit_value, (long long)evlog->run_time.tv_sec, + evlog->run_time.tv_nsec); + } /* Send ClientMessage */ client_msg.u.exit_msg = &exit_msg; client_msg.type_case = CLIENT_MESSAGE__TYPE_EXIT_MSG; - if (!fmt_client_message(&closure->write_buf, &client_msg)) + if (!fmt_client_message(closure, &client_msg)) goto done; ret = true; @@ -678,12 +857,11 @@ /* * Build and format an IoBuffer wrapped in a ClientMessage. - * Stores the wire format message in buf. + * Stores the wire format message in the closure's write buffer list. * Returns true on success, false on failure. */ static bool -fmt_io_buf(int type, struct client_closure *closure, - struct connection_buffer *buf) +fmt_io_buf(int type, struct client_closure *closure) { ClientMessage client_msg = CLIENT_MESSAGE__INIT; IoBuffer iobuf_msg = IO_BUFFER__INIT; @@ -709,7 +887,7 @@ /* Send ClientMessage, it doesn't matter which IoBuffer we set. */ client_msg.u.ttyout_buf = &iobuf_msg; client_msg.type_case = type; - if (!fmt_client_message(buf, &client_msg)) + if (!fmt_client_message(closure, &client_msg)) goto done; ret = true; @@ -720,11 +898,11 @@ /* * Build and format a ChangeWindowSize message wrapped in a ClientMessage. - * Stores the wire format message in buf. + * Stores the wire format message in the closure's write buffer list. * Returns true on success, false on failure. */ static bool -fmt_winsize(struct client_closure *closure, struct connection_buffer *buf) +fmt_winsize(struct client_closure *closure) { ClientMessage client_msg = CLIENT_MESSAGE__INIT; ChangeWindowSize winsize_msg = CHANGE_WINDOW_SIZE__INIT; @@ -746,7 +924,7 @@ /* Send ClientMessage */ client_msg.u.winsize_event = &winsize_msg; client_msg.type_case = CLIENT_MESSAGE__TYPE_WINSIZE_EVENT; - if (!fmt_client_message(buf, &client_msg)) + if (!fmt_client_message(closure, &client_msg)) goto done; ret = true; @@ -757,11 +935,11 @@ /* * Build and format a CommandSuspend message wrapped in a ClientMessage. - * Stores the wire format message in buf. + * Stores the wire format message in the closure's write buffer list. * Returns true on success, false on failure. */ static bool -fmt_suspend(struct client_closure *closure, struct connection_buffer *buf) +fmt_suspend(struct client_closure *closure) { ClientMessage client_msg = CLIENT_MESSAGE__INIT; CommandSuspend suspend_msg = COMMAND_SUSPEND__INIT; @@ -784,7 +962,7 @@ /* Send ClientMessage */ client_msg.u.suspend_event = &suspend_msg; client_msg.type_case = CLIENT_MESSAGE__TYPE_SUSPEND_EVENT; - if (!fmt_client_message(buf, &client_msg)) + if (!fmt_client_message(closure, &client_msg)) goto done; ret = true; @@ -795,72 +973,84 @@ /* * Read the next entry for the I/O log timing file and format a ClientMessage. - * Stores the wire format message in the closure's write buffer. + * Stores the wire format message in the closure's write buffer list. * Returns true on success, false on failure. */ static bool fmt_next_iolog(struct client_closure *closure) { struct timing_closure *timing = &closure->timing; - struct connection_buffer *buf = &closure->write_buf; bool ret = false; debug_decl(fmt_next_iolog, SUDO_DEBUG_UTIL); - if (buf->len != 0) { - sudo_warnx(U_("%s: write buffer already in use"), __func__); - debug_return_bool(false); - } + for (;;) { + const int timing_status = iolog_read_timing_record( + &closure->iolog_files[IOFD_TIMING], timing); + switch (timing_status) { + case 0: + /* OK */ + break; + case 1: + /* no more IO buffers */ + closure->state = SEND_EXIT; + debug_return_bool(fmt_exit_message(closure)); + case -1: + default: + debug_return_bool(false); + } - /* TODO: fill write buffer with multiple messages */ -again: - switch (iolog_read_timing_record(&closure->iolog_files[IOFD_TIMING], timing)) { - case 0: - /* OK */ - break; - case 1: - /* no more IO buffers */ - closure->state = SEND_EXIT; - debug_return_bool(fmt_exit_message(closure)); - case -1: - default: - debug_return_bool(false); - } + /* Track elapsed time for comparison with commit points. */ + sudo_timespecadd(&closure->elapsed, &timing->delay, &closure->elapsed); - /* Track elapsed time for comparison with commit points. */ - sudo_timespecadd(&timing->delay, &closure->elapsed, &closure->elapsed); + /* If there is a stopping point, make sure we haven't reached it. */ + if (sudo_timespecisset(&closure->stop_after)) { + if (sudo_timespeccmp(&closure->elapsed, &closure->stop_after, >)) { + /* Reached limit, force premature end. */ + sudo_timespecsub(&closure->elapsed, &timing->delay, + &closure->elapsed); + debug_return_bool(false); + } + } - /* If we have a restart point, ignore records until we hit it. */ - if (sudo_timespecisset(&closure->restart)) { - if (sudo_timespeccmp(&closure->restart, &closure->elapsed, >=)) - goto again; - sudo_timespecclear(&closure->restart); /* caught up */ - } + /* If we have a restart point, ignore records until we hit it. */ + if (sudo_timespecisset(&closure->restart)) { + if (sudo_timespeccmp(&closure->restart, &closure->elapsed, >=)) + continue; + sudo_timespecclear(&closure->restart); /* caught up */ + } - switch (timing->event) { - case IO_EVENT_STDIN: - ret = fmt_io_buf(CLIENT_MESSAGE__TYPE_STDIN_BUF, closure, buf); - break; - case IO_EVENT_STDOUT: - ret = fmt_io_buf(CLIENT_MESSAGE__TYPE_STDOUT_BUF, closure, buf); - break; - case IO_EVENT_STDERR: - ret = fmt_io_buf(CLIENT_MESSAGE__TYPE_STDERR_BUF, closure, buf); - break; - case IO_EVENT_TTYIN: - ret = fmt_io_buf(CLIENT_MESSAGE__TYPE_TTYIN_BUF, closure, buf); - break; - case IO_EVENT_TTYOUT: - ret = fmt_io_buf(CLIENT_MESSAGE__TYPE_TTYOUT_BUF, closure, buf); - break; - case IO_EVENT_WINSIZE: - ret = fmt_winsize(closure, buf); - break; - case IO_EVENT_SUSPEND: - ret = fmt_suspend(closure, buf); - break; - default: - sudo_warnx(U_("unexpected I/O event %d"), timing->event); - break; + switch (timing->event) { + case IO_EVENT_STDIN: + ret = fmt_io_buf(CLIENT_MESSAGE__TYPE_STDIN_BUF, closure); + break; + case IO_EVENT_STDOUT: + ret = fmt_io_buf(CLIENT_MESSAGE__TYPE_STDOUT_BUF, closure); + break; + case IO_EVENT_STDERR: + ret = fmt_io_buf(CLIENT_MESSAGE__TYPE_STDERR_BUF, closure); + break; + case IO_EVENT_TTYIN: + ret = fmt_io_buf(CLIENT_MESSAGE__TYPE_TTYIN_BUF, closure); + break; + case IO_EVENT_TTYOUT: + ret = fmt_io_buf(CLIENT_MESSAGE__TYPE_TTYOUT_BUF, closure); + break; + case IO_EVENT_WINSIZE: + ret = fmt_winsize(closure); + break; + case IO_EVENT_SUSPEND: + ret = fmt_suspend(closure); + break; + default: + sudo_warnx(U_("unexpected I/O event %d"), timing->event); + break; + } + + /* Keep filling write buffer as long as we only have one of them. */ + if (!ret) + break; + if (TAILQ_NEXT(TAILQ_FIRST(&closure->write_bufs), entries) != NULL) + break; } debug_return_bool(ret); @@ -1024,7 +1214,7 @@ sudo_debug_printf(SUDO_DEBUG_INFO, "%s: unpacking ServerMessage", __func__); msg = server_message__unpack(NULL, len, buf); if (msg == NULL) { - sudo_warnx("%s", U_("unable to unpack ServerMessage")); + sudo_warnx("unable to unpack %s size %zu", "ServerMessage", len); debug_return_bool(false); } @@ -1099,13 +1289,14 @@ #if defined(HAVE_OPENSSL) if (cert != NULL) { + SSL *ssl = closure->tls_client.ssl; sudo_debug_printf(SUDO_DEBUG_INFO, "%s: reading ServerMessage (TLS)", __func__); - nread = SSL_read(closure->ssl, buf->data + buf->len, buf->size - buf->len); + nread = SSL_read(ssl, buf->data + buf->len, buf->size - buf->len); if (nread <= 0) { const char *errstr; int err; - switch (SSL_get_error(closure->ssl, nread)) { + switch (SSL_get_error(ssl, nread)) { case SSL_ERROR_ZERO_RETURN: /* ssl connection shutdown cleanly */ nread = 0; @@ -1138,10 +1329,13 @@ * message and hope that no actual internal error occurs. */ err = ERR_get_error(); +#if !defined(HAVE_WOLFSSL) if (closure->state == RECV_HELLO && ERR_GET_REASON(err) == SSL_R_TLSV1_ALERT_INTERNAL_ERROR) { errstr = "host name does not match certificate"; - } else { + } else +#endif + { errstr = ERR_reason_error_string(err); } sudo_warnx("%s", errstr); @@ -1218,10 +1412,15 @@ client_msg_cb(int fd, int what, void *v) { struct client_closure *closure = v; - struct connection_buffer *buf = &closure->write_buf; + struct connection_buffer *buf; ssize_t nwritten; debug_decl(client_msg_cb, SUDO_DEBUG_UTIL); + if ((buf = TAILQ_FIRST(&closure->write_bufs)) == NULL) { + sudo_warnx(U_("missing write buffer for client %s"), "localhost"); + goto bad; + } + /* For TLS we may need to write as part of SSL_read(). */ if (closure->read_instead_of_write) { closure->read_instead_of_write = false; @@ -1244,11 +1443,12 @@ #if defined(HAVE_OPENSSL) if (cert != NULL) { - nwritten = SSL_write(closure->ssl, buf->data + buf->off, buf->len - buf->off); + SSL *ssl = closure->tls_client.ssl; + nwritten = SSL_write(ssl, buf->data + buf->off, buf->len - buf->off); if (nwritten <= 0) { const char *errstr; - switch (SSL_get_error(closure->ssl, nwritten)) { + switch (SSL_get_error(ssl, nwritten)) { case SSL_ERROR_ZERO_RETURN: /* ssl connection shutdown */ goto bad; @@ -1290,8 +1490,13 @@ "%s: finished sending %u bytes to server", __func__, buf->len); buf->off = 0; buf->len = 0; - if (!client_message_completion(closure)) - goto bad; + TAILQ_REMOVE(&closure->write_bufs, buf, entries); + TAILQ_INSERT_TAIL(&closure->free_bufs, buf, entries); + if (TAILQ_EMPTY(&closure->write_bufs)) { + /* Write queue empty, check state. */ + if (!client_message_completion(closure)) + goto bad; + } } debug_return; @@ -1335,255 +1540,42 @@ debug_return_bool(true); } -#if defined(HAVE_OPENSSL) -/* - * Check that the server's certificate is valid that it contains the - * server name or IP address. - * Returns 0 if the cert is invalid, else 1. - */ -static int -verify_peer_identity(int preverify_ok, X509_STORE_CTX *ctx) -{ - X509 *current_cert; - X509 *peer_cert; - debug_decl(verify_peer_identity, SUDO_DEBUG_UTIL); - - /* if pre-verification of the cert failed, just propagate that result back */ - if (preverify_ok != 1) { - debug_return_int(0); - } - - /* since this callback is called for each cert in the chain, - * check that current cert is the peer's certificate - */ - current_cert = X509_STORE_CTX_get_current_cert(ctx); - peer_cert = X509_STORE_CTX_get0_cert(ctx); - if (current_cert != peer_cert) { - debug_return_int(1); - } - - if (validate_hostname(peer_cert, server_name, server_ip, 0) == MatchFound) { - debug_return_int(1); - } - - debug_return_int(0); -} - -static SSL_CTX * -init_tls_client_context(const char *ca_bundle_file, const char *cert_file, const char *key_file) -{ - const SSL_METHOD *method; - SSL_CTX *ctx = NULL; - debug_decl(init_tls_client_context, SUDO_DEBUG_UTIL); - - SSL_library_init(); - OpenSSL_add_all_algorithms(); - SSL_load_error_strings(); - - if ((method = TLS_client_method()) == NULL) { - sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO, - "creation of SSL_METHOD failed: %s", - ERR_error_string(ERR_get_error(), NULL)); - goto bad; - } - if ((ctx = SSL_CTX_new(method)) == NULL) { - sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO, - "creation of new SSL_CTX object failed: %s", - ERR_error_string(ERR_get_error(), NULL)); - goto bad; - } -#ifdef HAVE_SSL_CTX_SET_MIN_PROTO_VERSION - if (!SSL_CTX_set_min_proto_version(ctx, TLS1_2_VERSION)) { - sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO, - "unable to restrict min. protocol version: %s", - ERR_error_string(ERR_get_error(), NULL)); - goto bad; - } -#else - SSL_CTX_set_options(ctx, - SSL_OP_NO_SSLv2|SSL_OP_NO_SSLv3|SSL_OP_NO_TLSv1|SSL_OP_NO_TLSv1_1); -#endif - - if (cert_file) { - if (!SSL_CTX_use_certificate_chain_file(ctx, cert_file)) { - sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO, - "unable to load cert to the ssl context: %s", - ERR_error_string(ERR_get_error(), NULL)); - goto bad; - } - if (!SSL_CTX_use_PrivateKey_file(ctx, key_file, X509_FILETYPE_PEM)) { - sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO, - "unable to load key to the ssl context: %s", - ERR_error_string(ERR_get_error(), NULL)); - goto bad; - } - } - - if (ca_bundle_file != NULL) { - /* sets the location of the CA bundle file for verification purposes */ - if (SSL_CTX_load_verify_locations(ctx, ca_bundle_file, NULL) <= 0) { - sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO, - "calling SSL_CTX_load_verify_locations() failed: %s", - ERR_error_string(ERR_get_error(), NULL)); - goto bad; - } - } - - if (verify_server) { - /* verify server cert during the handshake */ - SSL_CTX_set_verify(ctx, SSL_VERIFY_PEER, verify_peer_identity); - } - - goto done; - -bad: - SSL_CTX_free(ctx); - -done: - debug_return_ptr(ctx); -} - -static void -tls_connect_cb(int sock, int what, void *v) -{ - struct client_closure *closure = v; - struct sudo_event_base *evbase = closure->evbase; - struct timespec timeo = { TLS_HANDSHAKE_TIMEO_SEC, 0 }; - const char *errstr; - int con_stat; - debug_decl(tls_connect_cb, SUDO_DEBUG_UTIL); - - if (what == SUDO_EV_TIMEOUT) { - sudo_warnx("%s", U_("TLS handshake timeout occurred")); - goto bad; - } - - con_stat = SSL_connect(closure->ssl); - - if (con_stat == 1) { - sudo_debug_printf(SUDO_DEBUG_INFO|SUDO_DEBUG_LINENO, - "SSL_connect successful"); - closure->tls_connect_state = true; - } else { - switch (SSL_get_error(closure->ssl, con_stat)) { - /* TLS handshake is not finished, reschedule event */ - case SSL_ERROR_WANT_READ: - sudo_debug_printf(SUDO_DEBUG_NOTICE|SUDO_DEBUG_LINENO, - "SSL_connect returns SSL_ERROR_WANT_READ"); - if (what != SUDO_EV_READ) { - if (sudo_ev_set(closure->tls_connect_ev, closure->sock, - SUDO_EV_READ, tls_connect_cb, closure) == -1) { - sudo_warnx("%s", U_("unable to set event")); - goto bad; - } - } - if (sudo_ev_add(evbase, closure->tls_connect_ev, &timeo, false) == -1) { - sudo_warnx("%s", U_("unable to add event to queue")); - goto bad; - } - break; - case SSL_ERROR_WANT_WRITE: - sudo_debug_printf(SUDO_DEBUG_NOTICE|SUDO_DEBUG_LINENO, - "SSL_connect returns SSL_ERROR_WANT_WRITE"); - if (what != SUDO_EV_WRITE) { - if (sudo_ev_set(closure->tls_connect_ev, closure->sock, - SUDO_EV_WRITE, tls_connect_cb, closure) == -1) { - sudo_warnx("%s", U_("unable to set event")); - goto bad; - } - } - if (sudo_ev_add(evbase, closure->tls_connect_ev, &timeo, false) == -1) { - sudo_warnx("%s", U_("unable to add event to queue")); - goto bad; - } - break; - case SSL_ERROR_SYSCALL: - sudo_warnx(U_("TLS connection failed: %s"), strerror(errno)); - goto bad; - default: - errstr = ERR_reason_error_string(ERR_get_error()); - sudo_warnx(U_("TLS connection failed: %s"), errstr); - goto bad; - } - } - - if (closure->tls_connect_state) { - if (!testrun) { - printf("Negotiated protocol version: %s\n", SSL_get_version(closure->ssl)); - printf("Negotiated ciphersuite: %s\n", SSL_get_cipher(closure->ssl)); - } - - /* Done with TLS connect, send ClientHello */ - sudo_ev_free(closure->tls_connect_ev); - closure->tls_connect_ev = NULL; - if (!fmt_client_hello(closure)) - goto bad; - } - - debug_return; - -bad: - sudo_ev_loopbreak(evbase); - debug_return; -} - -static bool -tls_setup(struct client_closure *closure) -{ - const char *errstr; - debug_decl(tls_setup, SUDO_DEBUG_UTIL); - - if ((ssl_ctx = init_tls_client_context(ca_bundle, cert, key)) == NULL) { - errstr = ERR_reason_error_string(ERR_get_error()); - sudo_warnx(U_("Unable to initialize ssl context: %s"), errstr); - goto bad; - } - if ((closure->ssl = SSL_new(ssl_ctx)) == NULL) { - errstr = ERR_reason_error_string(ERR_get_error()); - sudo_warnx(U_("Unable to allocate ssl object: %s"), errstr); - goto bad; - } - if (SSL_set_fd(closure->ssl, closure->sock) <= 0) { - errstr = ERR_reason_error_string(ERR_get_error()); - sudo_warnx(U_("Unable to attach socket to the ssl object: %s"), - errstr); - goto bad; - } - - if (sudo_ev_add(closure->evbase, closure->tls_connect_ev, NULL, false) == -1) { - sudo_warnx("%s", U_("unable to add event to queue")); - goto bad; - } - - debug_return_bool(true); - -bad: - debug_return_bool(false); -} -#endif /* HAVE_OPENSSL */ - /* * Free client closure contents. */ static void client_closure_free(struct client_closure *closure) { + struct connection_buffer *buf; debug_decl(connection_closure_free, SUDO_DEBUG_UTIL); if (closure != NULL) { TAILQ_REMOVE(&connections, closure, entries); #if defined(HAVE_OPENSSL) - if (closure->ssl != NULL) { - SSL_shutdown(closure->ssl); - SSL_free(closure->ssl); + if (closure->tls_client.ssl != NULL) { + if (SSL_shutdown(closure->tls_client.ssl) == 0) + SSL_shutdown(closure->tls_client.ssl); + SSL_free(closure->tls_client.ssl); } - sudo_ev_free(closure->tls_connect_ev); + sudo_ev_free(closure->tls_client.tls_connect_ev); #endif sudo_ev_free(closure->read_ev); sudo_ev_free(closure->write_ev); free(closure->read_buf.data); - free(closure->write_buf.data); free(closure->buf); + while ((buf = TAILQ_FIRST(&closure->write_bufs)) != NULL) { + sudo_debug_printf(SUDO_DEBUG_WARN|SUDO_DEBUG_LINENO, + "discarding write buffer %p, len %u", buf, buf->len - buf->off); + TAILQ_REMOVE(&closure->write_bufs, buf, entries); + free(buf->data); + free(buf); + } + while ((buf = TAILQ_FIRST(&closure->free_bufs)) != NULL) { + TAILQ_REMOVE(&closure->free_bufs, buf, entries); + free(buf->data); + free(buf); + } + shutdown(closure->sock, SHUT_RDWR); close(closure->sock); free(closure); } @@ -1596,9 +1588,10 @@ */ static struct client_closure * client_closure_alloc(int sock, struct sudo_event_base *base, - struct timespec *elapsed, struct timespec *restart, const char *iolog_id, + struct timespec *restart, struct timespec *stop_after, const char *iolog_id, char *reject_reason, bool accept_only, struct eventlog *evlog) { + struct connection_buffer *buf; struct client_closure *closure; debug_decl(client_closure_alloc, SUDO_DEBUG_UTIL); @@ -1607,6 +1600,8 @@ closure->sock = sock; closure->evbase = base; + TAILQ_INIT(&closure->write_bufs); + TAILQ_INIT(&closure->free_bufs); TAILQ_INSERT_TAIL(&connections, closure, entries); @@ -1615,10 +1610,10 @@ closure->reject_reason = reject_reason; closure->evlog = evlog; - closure->elapsed.tv_sec = elapsed->tv_sec; - closure->elapsed.tv_nsec = elapsed->tv_nsec; closure->restart.tv_sec = restart->tv_sec; closure->restart.tv_nsec = restart->tv_nsec; + closure->stop_after.tv_sec = stop_after->tv_sec; + closure->stop_after.tv_nsec = stop_after->tv_nsec; closure->iolog_id = iolog_id; @@ -1632,6 +1627,11 @@ if (closure->read_ev == NULL) goto bad; + buf = get_free_buf(64 * 1024, closure); + if (buf == NULL) + goto bad; + TAILQ_INSERT_TAIL(&closure->free_bufs, buf, entries); + closure->write_ev = sudo_ev_alloc(sock, SUDO_EV_WRITE|SUDO_EV_PERSIST, client_msg_cb, closure); if (closure->write_ev == NULL) @@ -1639,10 +1639,15 @@ #if defined(HAVE_OPENSSL) if (cert != NULL) { - closure->tls_connect_ev = sudo_ev_alloc(sock, SUDO_EV_WRITE, - tls_connect_cb, closure); - if (closure->tls_connect_ev == NULL) + closure->tls_client.tls_connect_ev = sudo_ev_alloc(sock, SUDO_EV_WRITE, + tls_connect_cb, &closure->tls_client); + if (closure->tls_client.tls_connect_ev == NULL) goto bad; + closure->tls_client.evbase = base; + closure->tls_client.parent_closure = closure; + closure->tls_client.peer_name = &server_info; + closure->tls_client.connect_timeout.tv_sec = TLS_HANDSHAKE_TIMEO_SEC; + closure->tls_client.start_fn = tls_start_fn; } #endif @@ -1653,9 +1658,9 @@ } #if defined(HAVE_OPENSSL) -static const char short_opts[] = "Ah:i:np:r:R:t:b:c:k:V"; +static const char short_opts[] = "Ah:i:np:r:R:s:t:b:c:k:V"; #else -static const char short_opts[] = "Ah:i:Ip:r:R:t:V"; +static const char short_opts[] = "Ah:i:Ip:r:R:t:s:V"; #endif static struct option long_opts[] = { { "accept", no_argument, NULL, 'A' }, @@ -1665,6 +1670,7 @@ { "port", required_argument, NULL, 'p' }, { "restart", required_argument, NULL, 'r' }, { "reject", required_argument, NULL, 'R' }, + { "stop-after", required_argument, NULL, 's' }, { "test", optional_argument, NULL, 't' }, #if defined(HAVE_OPENSSL) { "ca-bundle", required_argument, NULL, 'b' }, @@ -1686,7 +1692,7 @@ struct eventlog *evlog; const char *port = NULL; struct timespec restart = { 0, 0 }; - struct timespec elapsed = { 0, 0 }; + struct timespec stop_after = { 0, 0 }; bool accept_only = false; char *reject_reason = NULL; const char *iolog_id = NULL; @@ -1713,7 +1719,7 @@ if (sudo_conf_read(NULL, SUDO_CONF_DEBUG) == -1) exit(EXIT_FAILURE); sudo_debug_register(getprogname(), NULL, NULL, - sudo_conf_debug_files(getprogname())); + sudo_conf_debug_files(getprogname()), -1); if (protobuf_c_version_number() < 1003000) sudo_fatalx("%s", U_("Protobuf-C version 1.3 or higher required")); @@ -1724,22 +1730,26 @@ accept_only = true; break; case 'h': - server_name = optarg; + server_info.name = optarg; break; case 'i': iolog_id = optarg; break; - case 'R': - reject_reason = optarg; - break; case 'p': port = optarg; break; + case 'R': + reject_reason = optarg; + break; case 'r': if (!parse_timespec(&restart, optarg)) goto bad; open_mode = "r+"; break; + case 's': + if (!parse_timespec(&stop_after, optarg)) + goto bad; + break; case 't': nr_of_conns = sudo_strtonum(optarg, 1, INT_MAX, &errstr); if (errstr != NULL) { @@ -1817,14 +1827,14 @@ printf("connecting clients...\n"); for (int i = 0; i < nr_of_conns; i++) { - sock = connect_server(server_name, port); + sock = connect_server(&server_info, port); if (sock == -1) goto bad; if (!testrun) - printf("Connected to %s:%s\n", server_name, port); + printf("Connected to %s:%s\n", server_info.name, port); - closure = client_closure_alloc(sock, evbase, &elapsed, &restart, + closure = client_closure_alloc(sock, evbase, &restart, &stop_after, iolog_id, reject_reason, accept_only, evlog); if (closure == NULL) goto bad; @@ -1840,7 +1850,8 @@ #if defined(HAVE_OPENSSL) if (cert != NULL) { - if (!tls_setup(closure)) + if (!tls_client_setup(closure->sock, ca_bundle, cert, key, NULL, + NULL, NULL, verify_server, false, &closure->tls_client)) goto bad; } else #endif diff -Nru sudo-1.9.5p2/logsrvd/sendlog.h sudo-1.9.9/logsrvd/sendlog.h --- sudo-1.9.5p2/logsrvd/sendlog.h 2020-12-17 01:33:43.000000000 +0000 +++ sudo-1.9.9/logsrvd/sendlog.h 2022-01-27 21:24:22.000000000 +0000 @@ -19,6 +19,7 @@ #ifndef SUDO_SENDLOG_H #define SUDO_SENDLOG_H +#include "log_server.pb-c.h" #if PROTOBUF_C_VERSION_NUMBER < 1003000 # error protobuf-c version 1.30 or higher required #endif @@ -26,10 +27,15 @@ #include "config.h" #if defined(HAVE_OPENSSL) +# if defined(HAVE_WOLFSSL) +# include +# endif # include +# include #endif #include "logsrv_util.h" +#include "tls_common.h" enum client_state { ERROR, @@ -51,16 +57,16 @@ bool write_instead_of_read; bool temporary_write_event; struct timespec restart; + struct timespec stop_after; struct timespec elapsed; struct timespec committed; struct timing_closure timing; struct sudo_event_base *evbase; struct connection_buffer read_buf; - struct connection_buffer write_buf; + struct connection_buffer_list write_bufs; + struct connection_buffer_list free_bufs; #if defined(HAVE_OPENSSL) - SSL *ssl; - struct sudo_event *tls_connect_ev; - bool tls_connect_state; + struct tls_client_closure tls_client; #endif struct sudo_event *read_ev; struct sudo_event *write_ev; diff -Nru sudo-1.9.5p2/logsrvd/tls_client.c sudo-1.9.9/logsrvd/tls_client.c --- sudo-1.9.5p2/logsrvd/tls_client.c 1970-01-01 00:00:00.000000000 +0000 +++ sudo-1.9.9/logsrvd/tls_client.c 2022-01-27 21:24:22.000000000 +0000 @@ -0,0 +1,244 @@ +/* + * SPDX-License-Identifier: ISC + * + * Copyright (c) 2019-2021 Todd C. Miller + * + * Permission to use, copy, modify, and distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR + * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN + * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF + * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + */ + +#include "config.h" + +#include +#ifdef HAVE_STDBOOL_H +# include +#else +# include "compat/stdbool.h" +#endif /* HAVE_STDBOOL_H */ +#if defined(HAVE_STDINT_H) +# include +#elif defined(HAVE_INTTYPES_H) +# include +#endif +#include +#include +#include +#include + +#include "sudo_compat.h" +#include "sudo_debug.h" +#include "sudo_event.h" +#include "sudo_fatal.h" +#include "sudo_gettext.h" +#include "sudo_util.h" + +#include "logsrv_util.h" +#include "tls_common.h" +#include "hostcheck.h" + +#if defined(HAVE_OPENSSL) + +/* + * Check that the server's certificate is valid that it contains the + * server name or IP address. + * Returns 0 if the cert is invalid, else 1. + */ +static int +verify_peer_identity(int preverify_ok, X509_STORE_CTX *ctx) +{ + HostnameValidationResult result; + struct peer_info *peer_info; + SSL *ssl; + X509 *current_cert; + X509 *peer_cert; + debug_decl(verify_peer_identity, SUDO_DEBUG_UTIL); + + /* if pre-verification of the cert failed, just propagate that result back */ + if (preverify_ok != 1) { + debug_return_int(0); + } + + /* + * Since this callback is called for each cert in the chain, + * check that current cert is the peer's certificate + */ + current_cert = X509_STORE_CTX_get_current_cert(ctx); + peer_cert = X509_STORE_CTX_get0_cert(ctx); + if (current_cert != peer_cert) { + debug_return_int(1); + } + + /* Fetch the attached peer_info from the ssl connection object. */ + ssl = X509_STORE_CTX_get_ex_data(ctx, SSL_get_ex_data_X509_STORE_CTX_idx()); + peer_info = SSL_get_ex_data(ssl, 1); + + /* + * Validate the cert based on the host name and IP address. + * If host name is not known, validate_hostname() can resolve it. + */ + result = validate_hostname(peer_cert, + peer_info->name ? peer_info->name : peer_info->ipaddr, + peer_info->ipaddr, peer_info->name ? 0 : 1); + + debug_return_int(result == MatchFound); +} + +void +tls_connect_cb(int sock, int what, void *v) +{ + struct tls_client_closure *tls_client = v; + struct sudo_event_base *evbase = tls_client->evbase; + const struct timespec *timeout = &tls_client->connect_timeout; + const char *errstr; + int con_stat; + debug_decl(tls_connect_cb, SUDO_DEBUG_UTIL); + + if (what == SUDO_EV_TIMEOUT) { + sudo_warnx("%s", U_("TLS handshake timeout occurred")); + goto bad; + } + + con_stat = SSL_connect(tls_client->ssl); + + if (con_stat == 1) { + sudo_debug_printf(SUDO_DEBUG_INFO|SUDO_DEBUG_LINENO, + "SSL_connect successful"); + tls_client->tls_connect_state = true; + } else { + switch (SSL_get_error(tls_client->ssl, con_stat)) { + /* TLS handshake is not finished, reschedule event */ + case SSL_ERROR_WANT_READ: + sudo_debug_printf(SUDO_DEBUG_NOTICE|SUDO_DEBUG_LINENO, + "SSL_connect returns SSL_ERROR_WANT_READ"); + if (what != SUDO_EV_READ) { + if (sudo_ev_set(tls_client->tls_connect_ev, + SSL_get_fd(tls_client->ssl), SUDO_EV_READ, + tls_connect_cb, tls_client) == -1) { + sudo_warnx("%s", U_("unable to set event")); + goto bad; + } + } + if (sudo_ev_add(evbase, tls_client->tls_connect_ev, timeout, false) == -1) { + sudo_warnx("%s", U_("unable to add event to queue")); + goto bad; + } + break; + case SSL_ERROR_WANT_WRITE: + sudo_debug_printf(SUDO_DEBUG_NOTICE|SUDO_DEBUG_LINENO, + "SSL_connect returns SSL_ERROR_WANT_WRITE"); + if (what != SUDO_EV_WRITE) { + if (sudo_ev_set(tls_client->tls_connect_ev, + SSL_get_fd(tls_client->ssl), SUDO_EV_WRITE, + tls_connect_cb, tls_client) == -1) { + sudo_warnx("%s", U_("unable to set event")); + goto bad; + } + } + if (sudo_ev_add(evbase, tls_client->tls_connect_ev, timeout, false) == -1) { + sudo_warnx("%s", U_("unable to add event to queue")); + goto bad; + } + break; + case SSL_ERROR_SYSCALL: + sudo_warnx(U_("TLS connection failed: %s"), strerror(errno)); + goto bad; + default: + errstr = ERR_reason_error_string(ERR_get_error()); + sudo_warnx(U_("TLS connection failed: %s"), errstr); + goto bad; + } + } + + if (tls_client->tls_connect_state) { + sudo_debug_printf(SUDO_DEBUG_INFO|SUDO_DEBUG_LINENO, + "TLS version: %s, negotiated cipher suite: %s", + SSL_get_version(tls_client->ssl), SSL_get_cipher(tls_client->ssl)); + + /* Done with TLS connect, send ClientHello */ + sudo_ev_free(tls_client->tls_connect_ev); + tls_client->tls_connect_ev = NULL; + if (!tls_client->start_fn(tls_client)) + goto bad; + } + + debug_return; + +bad: + sudo_ev_loopbreak(evbase); + debug_return; +} + +bool +tls_ctx_client_setup(SSL_CTX *ssl_ctx, int sock, + struct tls_client_closure *closure) +{ + const char *errstr; + bool ret = false; + debug_decl(tls_ctx_client_setup, SUDO_DEBUG_UTIL); + + if ((closure->ssl = SSL_new(ssl_ctx)) == NULL) { + errstr = ERR_reason_error_string(ERR_get_error()); + sudo_warnx(U_("unable to allocate ssl object: %s"), errstr); + goto done; + } + + if (SSL_set_ex_data(closure->ssl, 1, closure->peer_name) <= 0) { + errstr = ERR_reason_error_string(ERR_get_error()); + sudo_warnx(U_("Unable to attach user data to the ssl object: %s"), + errstr); + goto done; + } + + if (SSL_set_fd(closure->ssl, sock) <= 0) { + errstr = ERR_reason_error_string(ERR_get_error()); + sudo_warnx(U_("Unable to attach socket to the ssl object: %s"), + errstr); + goto done; + } + + if (sudo_ev_add(closure->evbase, closure->tls_connect_ev, NULL, false) == -1) { + sudo_warnx("%s", U_("unable to add event to queue")); + goto done; + } + + ret = true; + +done: + debug_return_bool(ret); +} + +bool +tls_client_setup(int sock, const char *ca_bundle_file, const char *cert_file, + const char *key_file, const char *dhparam_file, const char *ciphers_v12, + const char *ciphers_v13, bool verify_server, bool check_peer, + struct tls_client_closure *closure) +{ + SSL_CTX *ssl_ctx; + debug_decl(tls_client_setup, SUDO_DEBUG_UTIL); + + ssl_ctx = init_tls_context(ca_bundle_file, cert_file, key_file, + dhparam_file, ciphers_v12, ciphers_v13, verify_server); + if (ssl_ctx == NULL) { + sudo_warnx(U_("unable to initialize TLS context")); + debug_return_bool(false); + } + + if (check_peer) { + /* Verify server cert during the handshake. */ + SSL_CTX_set_verify(ssl_ctx, + SSL_VERIFY_PEER|SSL_VERIFY_FAIL_IF_NO_PEER_CERT, + verify_peer_identity); + } + + debug_return_bool(tls_ctx_client_setup(ssl_ctx, sock, closure)); +} +#endif /* HAVE_OPENSSL */ diff -Nru sudo-1.9.5p2/logsrvd/tls_common.h sudo-1.9.9/logsrvd/tls_common.h --- sudo-1.9.5p2/logsrvd/tls_common.h 1970-01-01 00:00:00.000000000 +0000 +++ sudo-1.9.9/logsrvd/tls_common.h 2022-01-27 21:24:22.000000000 +0000 @@ -0,0 +1,52 @@ +/* + * SPDX-License-Identifier: ISC + * + * Copyright (c) 2021 Todd C. Miller + * + * Permission to use, copy, modify, and distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR + * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN + * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF + * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + */ + +#ifndef SUDO_TLS_COMMON_H +#define SUDO_TLS_COMMON_H + +#include "config.h" + +#if defined(HAVE_OPENSSL) +# if defined(HAVE_WOLFSSL) +# include +# endif +# include +# include + +struct tls_client_closure { + SSL *ssl; + void *parent_closure; + struct sudo_event_base *evbase; /* duplicated */ + struct sudo_event *tls_connect_ev; + struct peer_info *peer_name; + struct timespec connect_timeout; + bool (*start_fn)(struct tls_client_closure *); + bool tls_connect_state; +}; + +/* tls_client.c */ +void tls_connect_cb(int sock, int what, void *v); +bool tls_client_setup(int sock, const char *ca_bundle_file, const char *cert_file, const char *key_file, const char *dhparam_file, const char *ciphers_v12, const char *ciphers_v13, bool verify_server, bool check_peer, struct tls_client_closure *closure); +bool tls_ctx_client_setup(SSL_CTX *ssl_ctx, int sock, struct tls_client_closure *closure); + +/* tls_init.c */ +SSL_CTX *init_tls_context(const char *ca_bundle_file, const char *cert_file, const char *key_file, const char *dhparam_file, const char *ciphers_v12, const char *ciphers_v13, bool verify_cert); + +#endif /* HAVE_OPENSSL */ + +#endif /* SUDO_TLS_COMMON_H */ diff -Nru sudo-1.9.5p2/logsrvd/tls_init.c sudo-1.9.9/logsrvd/tls_init.c --- sudo-1.9.5p2/logsrvd/tls_init.c 1970-01-01 00:00:00.000000000 +0000 +++ sudo-1.9.9/logsrvd/tls_init.c 2022-01-27 21:24:23.000000000 +0000 @@ -0,0 +1,366 @@ +/* + * SPDX-License-Identifier: ISC + * + * Copyright (c) 2019-2021 Todd C. Miller + * + * Permission to use, copy, modify, and distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR + * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN + * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF + * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + */ + +#include "config.h" + +#ifdef HAVE_STDBOOL_H +# include +#else +# include "compat/stdbool.h" +#endif /* HAVE_STDBOOL_H */ +#if defined(HAVE_STDINT_H) +# include +#elif defined(HAVE_INTTYPES_H) +# include +#endif +#include +#include +#include +#include + +#include "sudo_compat.h" +#include "sudo_debug.h" +#include "sudo_event.h" +#include "sudo_fatal.h" +#include "sudo_gettext.h" + +#include "tls_common.h" +#include "hostcheck.h" + +#define DEFAULT_CIPHER_LST12 "HIGH:!aNULL" +#define DEFAULT_CIPHER_LST13 "TLS_AES_256_GCM_SHA384" + +#if defined(HAVE_OPENSSL) +# include +# include + +static bool +verify_cert_chain(SSL_CTX *ctx, const char *cert_file) +{ +#ifdef HAVE_SSL_CTX_GET0_CERTIFICATE + const char *errstr; + bool ret = false; + X509_STORE_CTX *store_ctx = NULL; + X509_STORE *ca_store; + STACK_OF(X509) *chain_certs; + X509 *x509; + debug_decl(verify_cert_chain, SUDO_DEBUG_UTIL); + + if ((x509 = SSL_CTX_get0_certificate(ctx)) == NULL) { + errstr = ERR_reason_error_string(ERR_get_error()); + sudo_warnx("SSL_CTX_get0_certificate: %s", errstr); + goto done; + } + + if ((store_ctx = X509_STORE_CTX_new()) == NULL) { + errstr = ERR_reason_error_string(ERR_get_error()); + sudo_warnx("X509_STORE_CTX_new: %s", errstr); + goto done; + } + + if (!SSL_CTX_get0_chain_certs(ctx, &chain_certs)) { + errstr = ERR_reason_error_string(ERR_get_error()); + sudo_warnx("SSL_CTX_get0_chain_certs: %s", errstr); + goto done; + } + +#if !defined(HAVE_WOLFSSL) + if ((ca_store = SSL_CTX_get_cert_store(ctx)) != NULL) + X509_STORE_set_flags(ca_store, X509_V_FLAG_X509_STRICT); +#endif + + if (!X509_STORE_CTX_init(store_ctx, ca_store, x509, chain_certs)) { + errstr = ERR_reason_error_string(ERR_get_error()); + sudo_warnx("X509_STORE_CTX_init: %s", errstr); + goto done; + } + + if (X509_verify_cert(store_ctx) <= 0) { + errstr = + X509_verify_cert_error_string(X509_STORE_CTX_get_error(store_ctx)); + sudo_warnx("X509_verify_cert: %s", errstr); + goto done; + } + + ret = true; +done: + X509_STORE_CTX_free(store_ctx); + + debug_return_bool(ret); +#else + /* TODO: verify server cert with old OpenSSL */ + return true; +#endif /* HAVE_SSL_CTX_GET0_CERTIFICATE */ +} + +static bool +init_tls_ciphersuites(SSL_CTX *ctx, const char *ciphers_v12, + const char *ciphers_v13) +{ + const char *errstr; + int success = 0; + debug_decl(init_tls_ciphersuites, SUDO_DEBUG_UTIL); + + if (ciphers_v12 != NULL) { + /* try to set TLS v1.2 ciphersuite list from config if given */ + success = SSL_CTX_set_cipher_list(ctx, ciphers_v12); + if (success) { + sudo_debug_printf(SUDO_DEBUG_INFO|SUDO_DEBUG_LINENO, + "TLS 1.2 ciphersuite list set to %s", ciphers_v12); + } else { + errstr = ERR_reason_error_string(ERR_get_error()); + sudo_warnx(U_("unable to set TLS 1.2 ciphersuite to %s: %s"), + ciphers_v12, errstr); + } + } + if (!success) { + /* fallback to default ciphersuites for TLS v1.2 */ + if (SSL_CTX_set_cipher_list(ctx, DEFAULT_CIPHER_LST12) <= 0) { + errstr = ERR_reason_error_string(ERR_get_error()); + sudo_warnx(U_("unable to set TLS 1.2 ciphersuite to %s: %s"), + DEFAULT_CIPHER_LST12, errstr); + debug_return_bool(false); + } else { + sudo_debug_printf(SUDO_DEBUG_INFO|SUDO_DEBUG_LINENO, + "TLS v1.2 ciphersuite list set to %s (default)", + DEFAULT_CIPHER_LST12); + } + } + +# if defined(HAVE_SSL_CTX_SET_CIPHERSUITES) + success = 0; + if (ciphers_v13 != NULL) { + /* try to set TLSv1.3 ciphersuite list from config */ + success = SSL_CTX_set_ciphersuites(ctx, ciphers_v13); + if (success) { + sudo_debug_printf(SUDO_DEBUG_INFO|SUDO_DEBUG_LINENO, + "TLS v1.3 ciphersuite list set to %s", ciphers_v13); + } else { + errstr = ERR_reason_error_string(ERR_get_error()); + sudo_warnx(U_("unable to set TLS 1.3 ciphersuite to %s: %s"), + ciphers_v13, errstr); + } + } + if (!success) { + /* fallback to default ciphersuites for TLS v1.3 */ + if (SSL_CTX_set_ciphersuites(ctx, DEFAULT_CIPHER_LST13) <= 0) { + errstr = ERR_reason_error_string(ERR_get_error()); + sudo_warnx(U_("unable to set TLS 1.3 ciphersuite to %s: %s"), + DEFAULT_CIPHER_LST13, errstr); + debug_return_bool(false); + } else { + sudo_debug_printf(SUDO_DEBUG_INFO|SUDO_DEBUG_LINENO, + "TLS v1.3 ciphersuite list set to %s (default)", + DEFAULT_CIPHER_LST13); + } + } +# endif + + debug_return_bool(true); +} + +/* + * Load diffie-hellman parameters from bio and store in ctx. + * Returns true on success, else false. + */ +#ifdef HAVE_SSL_CTX_SET0_TMP_DH_PKEY +static bool +set_dhparams_bio(SSL_CTX *ctx, BIO *bio) +{ + EVP_PKEY *dhparams; + bool ret = false; + debug_decl(set_dhparams_bio, SUDO_DEBUG_UTIL); + + dhparams = PEM_read_bio_Parameters(bio, NULL); + if (dhparams != NULL) { + /* dhparams is owned by ctx on success. */ + ret = SSL_CTX_set0_tmp_dh_pkey(ctx, dhparams); + if (!ret) { + const char *errstr = ERR_reason_error_string(ERR_get_error()); + sudo_warnx(U_("unable to set diffie-hellman parameters: %s"), + errstr); + EVP_PKEY_free(dhparams); + } + } + debug_return_bool(ret); +} +#else +static bool +set_dhparams_bio(SSL_CTX *ctx, BIO *bio) +{ + DH *dhparams; + bool ret = false; + debug_decl(set_dhparams_bio, SUDO_DEBUG_UTIL); + + dhparams = PEM_read_bio_DHparams(bio, NULL, NULL, NULL); + if (dhparams != NULL) { + /* LEAK: dhparams leaked on config reload */ + ret = SSL_CTX_set_tmp_dh(ctx, dhparams); + if (!ret) { + const char *errstr = ERR_reason_error_string(ERR_get_error()); + sudo_warnx(U_("unable to set diffie-hellman parameters: %s"), + errstr); + DH_free(dhparams); + } + } + debug_return_bool(ret); +} +#endif /* HAVE_SSL_CTX_SET0_TMP_DH_PKEY */ + +/* + * Load diffie-hellman parameters from the specified file and store in ctx. + * Returns true on success, else false. + */ +static bool +set_dhparams(SSL_CTX *ctx, const char *dhparam_file) +{ + BIO *bio; + bool ret = false; + debug_decl(set_dhparams, SUDO_DEBUG_UTIL); + + bio = BIO_new_file(dhparam_file, O_RDONLY); + if (bio != NULL) { + if (set_dhparams_bio(ctx, bio)) { + sudo_debug_printf(SUDO_DEBUG_INFO|SUDO_DEBUG_LINENO, + "loaded diffie-hellman parameters from %s", dhparam_file); + ret = true; + } + BIO_free(bio); + } else { + sudo_warn(U_("unable to open %s"), dhparam_file); + } + + debug_return_bool(ret); +} + +SSL_CTX * +init_tls_context(const char *ca_bundle_file, const char *cert_file, + const char *key_file, const char *dhparam_file, const char *ciphers_v12, + const char *ciphers_v13, bool verify_cert) +{ + SSL_CTX *ctx = NULL; + const char *errstr; + static bool initialized; + debug_decl(init_tls_context, SUDO_DEBUG_UTIL); + + /* Only initialize the SSL library once. */ + if (!initialized) { + SSL_library_init(); + OpenSSL_add_all_algorithms(); + SSL_load_error_strings(); + initialized = true; + } + + /* Create the ssl context and enforce TLS 1.2 or higher. */ + if ((ctx = SSL_CTX_new(TLS_method())) == NULL) { + errstr = ERR_reason_error_string(ERR_get_error()); + sudo_warnx(U_("unable to create TLS context: %s"), errstr); + goto bad; + } +#ifdef HAVE_SSL_CTX_SET_MIN_PROTO_VERSION + if (!SSL_CTX_set_min_proto_version(ctx, TLS1_2_VERSION)) { + errstr = ERR_reason_error_string(ERR_get_error()); + sudo_warnx(U_("unable to set minimum protocol version to TLS 1.2: %s"), + errstr); + goto bad; + } +#else + SSL_CTX_set_options(ctx, + SSL_OP_NO_SSLv2|SSL_OP_NO_SSLv3|SSL_OP_NO_TLSv1|SSL_OP_NO_TLSv1_1); +#endif + + if (ca_bundle_file != NULL) { + STACK_OF(X509_NAME) *cacerts = + SSL_load_client_CA_file(ca_bundle_file); + + if (cacerts == NULL) { + errstr = ERR_reason_error_string(ERR_get_error()); + sudo_warnx(U_("%s: %s"), ca_bundle_file, errstr); + goto bad; + } + SSL_CTX_set_client_CA_list(ctx, cacerts); + + if (SSL_CTX_load_verify_locations(ctx, ca_bundle_file, NULL) <= 0) { + errstr = ERR_reason_error_string(ERR_get_error()); + sudo_warnx("SSL_CTX_load_verify_locations: %s", errstr); + goto bad; + } + } else { + if (!SSL_CTX_set_default_verify_paths(ctx)) { + errstr = ERR_reason_error_string(ERR_get_error()); + sudo_warnx("SSL_CTX_set_default_verify_paths: %s", errstr); + goto bad; + } + } + + if (cert_file != NULL) { + if (!SSL_CTX_use_certificate_chain_file(ctx, cert_file)) { + errstr = ERR_reason_error_string(ERR_get_error()); + sudo_warnx(U_("%s: %s"), cert_file, errstr); + goto bad; + } + if (key_file == NULL) { + /* No explicit key file set, try to use the cert file. */ + key_file = cert_file; + } + if (!SSL_CTX_use_PrivateKey_file(ctx, key_file, SSL_FILETYPE_PEM) || + !SSL_CTX_check_private_key(ctx)) { + errstr = ERR_reason_error_string(ERR_get_error()); + sudo_warnx(U_("%s: %s"), key_file, errstr); + goto bad; + } + + /* Optionally verify the certificate we are using. */ + if (verify_cert) { + if (!verify_cert_chain(ctx, cert_file)) + goto bad; + } else { + sudo_debug_printf(SUDO_DEBUG_INFO|SUDO_DEBUG_LINENO, + "skipping local cert check"); + } + } + + /* Initialize TLS 1.2 1.3 ciphersuites. */ + if (!init_tls_ciphersuites(ctx, ciphers_v12, ciphers_v13)) { + goto bad; + } + + /* + * Load diffie-hellman parameters from a file if specified. + * Failure to open the file is not a fatal error. + */ + if (dhparam_file != NULL) { + if (!set_dhparams(ctx, dhparam_file)) { + sudo_debug_printf(SUDO_DEBUG_INFO|SUDO_DEBUG_LINENO, + "unable to load dhparam file, using default parameters"); + } + } else { + sudo_debug_printf(SUDO_DEBUG_INFO|SUDO_DEBUG_LINENO, + "dhparam file not specified, using default parameters"); + } + + goto done; + +bad: + SSL_CTX_free(ctx); + ctx = NULL; + +done: + debug_return_ptr(ctx); +} +#endif /* HAVE_OPENSSL */ diff -Nru sudo-1.9.5p2/ltmain.sh sudo-1.9.9/ltmain.sh --- sudo-1.9.5p2/ltmain.sh 2020-12-17 01:33:43.000000000 +0000 +++ sudo-1.9.9/ltmain.sh 1970-01-01 00:00:00.000000000 +0000 @@ -1,11167 +0,0 @@ -#! /bin/sh -## DO NOT EDIT - This file generated from ./build-aux/ltmain.in -## by inline-source v2014-01-03.01 - -# libtool (GNU libtool) 2.4.6 -# Provide generalized library-building support services. -# Written by Gordon Matzigkeit , 1996 - -# Copyright (C) 1996-2015 Free Software Foundation, Inc. -# This is free software; see the source for copying conditions. There is NO -# warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. - -# GNU Libtool is free software; you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation; either version 2 of the License, or -# (at your option) any later version. -# -# As a special exception to the GNU General Public License, -# if you distribute this file as part of a program or library that -# is built using GNU Libtool, you may include this file under the -# same distribution terms that you use for the rest of that program. -# -# GNU Libtool is distributed in the hope that it will be useful, but -# WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU -# General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program. If not, see . - - -PROGRAM=libtool -PACKAGE=libtool -VERSION=2.4.6 -package_revision=2.4.6 - - -## ------ ## -## Usage. ## -## ------ ## - -# Run './libtool --help' for help with using this script from the -# command line. - - -## ------------------------------- ## -## User overridable command paths. ## -## ------------------------------- ## - -# After configure completes, it has a better idea of some of the -# shell tools we need than the defaults used by the functions shared -# with bootstrap, so set those here where they can still be over- -# ridden by the user, but otherwise take precedence. - -: ${AUTOCONF="autoconf"} -: ${AUTOMAKE="automake"} - - -## -------------------------- ## -## Source external libraries. ## -## -------------------------- ## - -# Much of our low-level functionality needs to be sourced from external -# libraries, which are installed to $pkgauxdir. - -# Set a version string for this script. -scriptversion=2015-01-20.17; # UTC - -# General shell script boiler plate, and helper functions. -# Written by Gary V. Vaughan, 2004 - -# Copyright (C) 2004-2015 Free Software Foundation, Inc. -# This is free software; see the source for copying conditions. There is NO -# warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. - -# This program is free software; you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation; either version 3 of the License, or -# (at your option) any later version. - -# As a special exception to the GNU General Public License, if you distribute -# this file as part of a program or library that is built using GNU Libtool, -# you may include this file under the same distribution terms that you use -# for the rest of that program. - -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNES FOR A PARTICULAR PURPOSE. See the GNU -# General Public License for more details. - -# You should have received a copy of the GNU General Public License -# along with this program. If not, see . - -# Please report bugs or propose patches to gary@gnu.org. - - -## ------ ## -## Usage. ## -## ------ ## - -# Evaluate this file near the top of your script to gain access to -# the functions and variables defined here: -# -# . `echo "$0" | ${SED-sed} 's|[^/]*$||'`/build-aux/funclib.sh -# -# If you need to override any of the default environment variable -# settings, do that before evaluating this file. - - -## -------------------- ## -## Shell normalisation. ## -## -------------------- ## - -# Some shells need a little help to be as Bourne compatible as possible. -# Before doing anything else, make sure all that help has been provided! - -DUALCASE=1; export DUALCASE # for MKS sh -if test -n "${ZSH_VERSION+set}" && (emulate sh) >/dev/null 2>&1; then : - emulate sh - NULLCMD=: - # Pre-4.2 versions of Zsh do word splitting on ${1+"$@"}, which - # is contrary to our usage. Disable this feature. - alias -g '${1+"$@"}'='"$@"' - setopt NO_GLOB_SUBST -else - case `(set -o) 2>/dev/null` in *posix*) set -o posix ;; esac -fi - -# NLS nuisances: We save the old values in case they are required later. -_G_user_locale= -_G_safe_locale= -for _G_var in LANG LANGUAGE LC_ALL LC_CTYPE LC_COLLATE LC_MESSAGES -do - eval "if test set = \"\${$_G_var+set}\"; then - save_$_G_var=\$$_G_var - $_G_var=C - export $_G_var - _G_user_locale=\"$_G_var=\\\$save_\$_G_var; \$_G_user_locale\" - _G_safe_locale=\"$_G_var=C; \$_G_safe_locale\" - fi" -done - -# CDPATH. -(unset CDPATH) >/dev/null 2>&1 && unset CDPATH - -# Make sure IFS has a sensible default -sp=' ' -nl=' -' -IFS="$sp $nl" - -# There are apparently some retarded systems that use ';' as a PATH separator! -if test "${PATH_SEPARATOR+set}" != set; then - PATH_SEPARATOR=: - (PATH='/bin;/bin'; FPATH=$PATH; sh -c :) >/dev/null 2>&1 && { - (PATH='/bin:/bin'; FPATH=$PATH; sh -c :) >/dev/null 2>&1 || - PATH_SEPARATOR=';' - } -fi - - - -## ------------------------- ## -## Locate command utilities. ## -## ------------------------- ## - - -# func_executable_p FILE -# ---------------------- -# Check that FILE is an executable regular file. -func_executable_p () -{ - test -f "$1" && test -x "$1" -} - - -# func_path_progs PROGS_LIST CHECK_FUNC [PATH] -# -------------------------------------------- -# Search for either a program that responds to --version with output -# containing "GNU", or else returned by CHECK_FUNC otherwise, by -# trying all the directories in PATH with each of the elements of -# PROGS_LIST. -# -# CHECK_FUNC should accept the path to a candidate program, and -# set $func_check_prog_result if it truncates its output less than -# $_G_path_prog_max characters. -func_path_progs () -{ - _G_progs_list=$1 - _G_check_func=$2 - _G_PATH=${3-"$PATH"} - - _G_path_prog_max=0 - _G_path_prog_found=false - _G_save_IFS=$IFS; IFS=${PATH_SEPARATOR-:} - for _G_dir in $_G_PATH; do - IFS=$_G_save_IFS - test -z "$_G_dir" && _G_dir=. - for _G_prog_name in $_G_progs_list; do - for _exeext in '' .EXE; do - _G_path_prog=$_G_dir/$_G_prog_name$_exeext - func_executable_p "$_G_path_prog" || continue - case `"$_G_path_prog" --version 2>&1` in - *GNU*) func_path_progs_result=$_G_path_prog _G_path_prog_found=: ;; - *) $_G_check_func $_G_path_prog - func_path_progs_result=$func_check_prog_result - ;; - esac - $_G_path_prog_found && break 3 - done - done - done - IFS=$_G_save_IFS - test -z "$func_path_progs_result" && { - echo "no acceptable sed could be found in \$PATH" >&2 - exit 1 - } -} - - -# We want to be able to use the functions in this file before configure -# has figured out where the best binaries are kept, which means we have -# to search for them ourselves - except when the results are already set -# where we skip the searches. - -# Unless the user overrides by setting SED, search the path for either GNU -# sed, or the sed that truncates its output the least. -test -z "$SED" && { - _G_sed_script=s/aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa/bbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbb/ - for _G_i in 1 2 3 4 5 6 7; do - _G_sed_script=$_G_sed_script$nl$_G_sed_script - done - echo "$_G_sed_script" 2>/dev/null | sed 99q >conftest.sed - _G_sed_script= - - func_check_prog_sed () - { - _G_path_prog=$1 - - _G_count=0 - printf 0123456789 >conftest.in - while : - do - cat conftest.in conftest.in >conftest.tmp - mv conftest.tmp conftest.in - cp conftest.in conftest.nl - echo '' >> conftest.nl - "$_G_path_prog" -f conftest.sed conftest.out 2>/dev/null || break - diff conftest.out conftest.nl >/dev/null 2>&1 || break - _G_count=`expr $_G_count + 1` - if test "$_G_count" -gt "$_G_path_prog_max"; then - # Best one so far, save it but keep looking for a better one - func_check_prog_result=$_G_path_prog - _G_path_prog_max=$_G_count - fi - # 10*(2^10) chars as input seems more than enough - test 10 -lt "$_G_count" && break - done - rm -f conftest.in conftest.tmp conftest.nl conftest.out - } - - func_path_progs "sed gsed" func_check_prog_sed $PATH:/usr/xpg4/bin - rm -f conftest.sed - SED=$func_path_progs_result -} - - -# Unless the user overrides by setting GREP, search the path for either GNU -# grep, or the grep that truncates its output the least. -test -z "$GREP" && { - func_check_prog_grep () - { - _G_path_prog=$1 - - _G_count=0 - _G_path_prog_max=0 - printf 0123456789 >conftest.in - while : - do - cat conftest.in conftest.in >conftest.tmp - mv conftest.tmp conftest.in - cp conftest.in conftest.nl - echo 'GREP' >> conftest.nl - "$_G_path_prog" -e 'GREP$' -e '-(cannot match)-' conftest.out 2>/dev/null || break - diff conftest.out conftest.nl >/dev/null 2>&1 || break - _G_count=`expr $_G_count + 1` - if test "$_G_count" -gt "$_G_path_prog_max"; then - # Best one so far, save it but keep looking for a better one - func_check_prog_result=$_G_path_prog - _G_path_prog_max=$_G_count - fi - # 10*(2^10) chars as input seems more than enough - test 10 -lt "$_G_count" && break - done - rm -f conftest.in conftest.tmp conftest.nl conftest.out - } - - func_path_progs "grep ggrep" func_check_prog_grep $PATH:/usr/xpg4/bin - GREP=$func_path_progs_result -} - - -## ------------------------------- ## -## User overridable command paths. ## -## ------------------------------- ## - -# All uppercase variable names are used for environment variables. These -# variables can be overridden by the user before calling a script that -# uses them if a suitable command of that name is not already available -# in the command search PATH. - -: ${CP="cp -f"} -: ${ECHO="printf %s\n"} -: ${EGREP="$GREP -E"} -: ${FGREP="$GREP -F"} -: ${LN_S="ln -s"} -: ${MAKE="make"} -: ${MKDIR="mkdir"} -: ${MV="mv -f"} -: ${RM="rm -f"} -: ${SHELL="${CONFIG_SHELL-/bin/sh}"} - - -## -------------------- ## -## Useful sed snippets. ## -## -------------------- ## - -sed_dirname='s|/[^/]*$||' -sed_basename='s|^.*/||' - -# Sed substitution that helps us do robust quoting. It backslashifies -# metacharacters that are still active within double-quoted strings. -sed_quote_subst='s|\([`"$\\]\)|\\\1|g' - -# Same as above, but do not quote variable references. -sed_double_quote_subst='s/\(["`\\]\)/\\\1/g' - -# Sed substitution that turns a string into a regex matching for the -# string literally. -sed_make_literal_regex='s|[].[^$\\*\/]|\\&|g' - -# Sed substitution that converts a w32 file name or path -# that contains forward slashes, into one that contains -# (escaped) backslashes. A very naive implementation. -sed_naive_backslashify='s|\\\\*|\\|g;s|/|\\|g;s|\\|\\\\|g' - -# Re-'\' parameter expansions in output of sed_double_quote_subst that -# were '\'-ed in input to the same. If an odd number of '\' preceded a -# '$' in input to sed_double_quote_subst, that '$' was protected from -# expansion. Since each input '\' is now two '\'s, look for any number -# of runs of four '\'s followed by two '\'s and then a '$'. '\' that '$'. -_G_bs='\\' -_G_bs2='\\\\' -_G_bs4='\\\\\\\\' -_G_dollar='\$' -sed_double_backslash="\ - s/$_G_bs4/&\\ -/g - s/^$_G_bs2$_G_dollar/$_G_bs&/ - s/\\([^$_G_bs]\\)$_G_bs2$_G_dollar/\\1$_G_bs2$_G_bs$_G_dollar/g - s/\n//g" - - -## ----------------- ## -## Global variables. ## -## ----------------- ## - -# Except for the global variables explicitly listed below, the following -# functions in the '^func_' namespace, and the '^require_' namespace -# variables initialised in the 'Resource management' section, sourcing -# this file will not pollute your global namespace with anything -# else. There's no portable way to scope variables in Bourne shell -# though, so actually running these functions will sometimes place -# results into a variable named after the function, and often use -# temporary variables in the '^_G_' namespace. If you are careful to -# avoid using those namespaces casually in your sourcing script, things -# should continue to work as you expect. And, of course, you can freely -# overwrite any of the functions or variables defined here before -# calling anything to customize them. - -EXIT_SUCCESS=0 -EXIT_FAILURE=1 -EXIT_MISMATCH=63 # $? = 63 is used to indicate version mismatch to missing. -EXIT_SKIP=77 # $? = 77 is used to indicate a skipped test to automake. - -# Allow overriding, eg assuming that you follow the convention of -# putting '$debug_cmd' at the start of all your functions, you can get -# bash to show function call trace with: -# -# debug_cmd='eval echo "${FUNCNAME[0]} $*" >&2' bash your-script-name -debug_cmd=${debug_cmd-":"} -exit_cmd=: - -# By convention, finish your script with: -# -# exit $exit_status -# -# so that you can set exit_status to non-zero if you want to indicate -# something went wrong during execution without actually bailing out at -# the point of failure. -exit_status=$EXIT_SUCCESS - -# Work around backward compatibility issue on IRIX 6.5. On IRIX 6.4+, sh -# is ksh but when the shell is invoked as "sh" and the current value of -# the _XPG environment variable is not equal to 1 (one), the special -# positional parameter $0, within a function call, is the name of the -# function. -progpath=$0 - -# The name of this program. -progname=`$ECHO "$progpath" |$SED "$sed_basename"` - -# Make sure we have an absolute progpath for reexecution: -case $progpath in - [\\/]*|[A-Za-z]:\\*) ;; - *[\\/]*) - progdir=`$ECHO "$progpath" |$SED "$sed_dirname"` - progdir=`cd "$progdir" && pwd` - progpath=$progdir/$progname - ;; - *) - _G_IFS=$IFS - IFS=${PATH_SEPARATOR-:} - for progdir in $PATH; do - IFS=$_G_IFS - test -x "$progdir/$progname" && break - done - IFS=$_G_IFS - test -n "$progdir" || progdir=`pwd` - progpath=$progdir/$progname - ;; -esac - - -## ----------------- ## -## Standard options. ## -## ----------------- ## - -# The following options affect the operation of the functions defined -# below, and should be set appropriately depending on run-time para- -# meters passed on the command line. - -opt_dry_run=false -opt_quiet=false -opt_verbose=false - -# Categories 'all' and 'none' are always available. Append any others -# you will pass as the first argument to func_warning from your own -# code. -warning_categories= - -# By default, display warnings according to 'opt_warning_types'. Set -# 'warning_func' to ':' to elide all warnings, or func_fatal_error to -# treat the next displayed warning as a fatal error. -warning_func=func_warn_and_continue - -# Set to 'all' to display all warnings, 'none' to suppress all -# warnings, or a space delimited list of some subset of -# 'warning_categories' to display only the listed warnings. -opt_warning_types=all - - -## -------------------- ## -## Resource management. ## -## -------------------- ## - -# This section contains definitions for functions that each ensure a -# particular resource (a file, or a non-empty configuration variable for -# example) is available, and if appropriate to extract default values -# from pertinent package files. Call them using their associated -# 'require_*' variable to ensure that they are executed, at most, once. -# -# It's entirely deliberate that calling these functions can set -# variables that don't obey the namespace limitations obeyed by the rest -# of this file, in order that that they be as useful as possible to -# callers. - - -# require_term_colors -# ------------------- -# Allow display of bold text on terminals that support it. -require_term_colors=func_require_term_colors -func_require_term_colors () -{ - $debug_cmd - - test -t 1 && { - # COLORTERM and USE_ANSI_COLORS environment variables take - # precedence, because most terminfo databases neglect to describe - # whether color sequences are supported. - test -n "${COLORTERM+set}" && : ${USE_ANSI_COLORS="1"} - - if test 1 = "$USE_ANSI_COLORS"; then - # Standard ANSI escape sequences - tc_reset='' - tc_bold=''; tc_standout='' - tc_red=''; tc_green='' - tc_blue=''; tc_cyan='' - else - # Otherwise trust the terminfo database after all. - test -n "`tput sgr0 2>/dev/null`" && { - tc_reset=`tput sgr0` - test -n "`tput bold 2>/dev/null`" && tc_bold=`tput bold` - tc_standout=$tc_bold - test -n "`tput smso 2>/dev/null`" && tc_standout=`tput smso` - test -n "`tput setaf 1 2>/dev/null`" && tc_red=`tput setaf 1` - test -n "`tput setaf 2 2>/dev/null`" && tc_green=`tput setaf 2` - test -n "`tput setaf 4 2>/dev/null`" && tc_blue=`tput setaf 4` - test -n "`tput setaf 5 2>/dev/null`" && tc_cyan=`tput setaf 5` - } - fi - } - - require_term_colors=: -} - - -## ----------------- ## -## Function library. ## -## ----------------- ## - -# This section contains a variety of useful functions to call in your -# scripts. Take note of the portable wrappers for features provided by -# some modern shells, which will fall back to slower equivalents on -# less featureful shells. - - -# func_append VAR VALUE -# --------------------- -# Append VALUE onto the existing contents of VAR. - - # We should try to minimise forks, especially on Windows where they are - # unreasonably slow, so skip the feature probes when bash or zsh are - # being used: - if test set = "${BASH_VERSION+set}${ZSH_VERSION+set}"; then - : ${_G_HAVE_ARITH_OP="yes"} - : ${_G_HAVE_XSI_OPS="yes"} - # The += operator was introduced in bash 3.1 - case $BASH_VERSION in - [12].* | 3.0 | 3.0*) ;; - *) - : ${_G_HAVE_PLUSEQ_OP="yes"} - ;; - esac - fi - - # _G_HAVE_PLUSEQ_OP - # Can be empty, in which case the shell is probed, "yes" if += is - # useable or anything else if it does not work. - test -z "$_G_HAVE_PLUSEQ_OP" \ - && (eval 'x=a; x+=" b"; test "a b" = "$x"') 2>/dev/null \ - && _G_HAVE_PLUSEQ_OP=yes - -if test yes = "$_G_HAVE_PLUSEQ_OP" -then - # This is an XSI compatible shell, allowing a faster implementation... - eval 'func_append () - { - $debug_cmd - - eval "$1+=\$2" - }' -else - # ...otherwise fall back to using expr, which is often a shell builtin. - func_append () - { - $debug_cmd - - eval "$1=\$$1\$2" - } -fi - - -# func_append_quoted VAR VALUE -# ---------------------------- -# Quote VALUE and append to the end of shell variable VAR, separated -# by a space. -if test yes = "$_G_HAVE_PLUSEQ_OP"; then - eval 'func_append_quoted () - { - $debug_cmd - - func_quote_for_eval "$2" - eval "$1+=\\ \$func_quote_for_eval_result" - }' -else - func_append_quoted () - { - $debug_cmd - - func_quote_for_eval "$2" - eval "$1=\$$1\\ \$func_quote_for_eval_result" - } -fi - - -# func_append_uniq VAR VALUE -# -------------------------- -# Append unique VALUE onto the existing contents of VAR, assuming -# entries are delimited by the first character of VALUE. For example: -# -# func_append_uniq options " --another-option option-argument" -# -# will only append to $options if " --another-option option-argument " -# is not already present somewhere in $options already (note spaces at -# each end implied by leading space in second argument). -func_append_uniq () -{ - $debug_cmd - - eval _G_current_value='`$ECHO $'$1'`' - _G_delim=`expr "$2" : '\(.\)'` - - case $_G_delim$_G_current_value$_G_delim in - *"$2$_G_delim"*) ;; - *) func_append "$@" ;; - esac -} - - -# func_arith TERM... -# ------------------ -# Set func_arith_result to the result of evaluating TERMs. - test -z "$_G_HAVE_ARITH_OP" \ - && (eval 'test 2 = $(( 1 + 1 ))') 2>/dev/null \ - && _G_HAVE_ARITH_OP=yes - -if test yes = "$_G_HAVE_ARITH_OP"; then - eval 'func_arith () - { - $debug_cmd - - func_arith_result=$(( $* )) - }' -else - func_arith () - { - $debug_cmd - - func_arith_result=`expr "$@"` - } -fi - - -# func_basename FILE -# ------------------ -# Set func_basename_result to FILE with everything up to and including -# the last / stripped. -if test yes = "$_G_HAVE_XSI_OPS"; then - # If this shell supports suffix pattern removal, then use it to avoid - # forking. Hide the definitions single quotes in case the shell chokes - # on unsupported syntax... - _b='func_basename_result=${1##*/}' - _d='case $1 in - */*) func_dirname_result=${1%/*}$2 ;; - * ) func_dirname_result=$3 ;; - esac' - -else - # ...otherwise fall back to using sed. - _b='func_basename_result=`$ECHO "$1" |$SED "$sed_basename"`' - _d='func_dirname_result=`$ECHO "$1" |$SED "$sed_dirname"` - if test "X$func_dirname_result" = "X$1"; then - func_dirname_result=$3 - else - func_append func_dirname_result "$2" - fi' -fi - -eval 'func_basename () -{ - $debug_cmd - - '"$_b"' -}' - - -# func_dirname FILE APPEND NONDIR_REPLACEMENT -# ------------------------------------------- -# Compute the dirname of FILE. If nonempty, add APPEND to the result, -# otherwise set result to NONDIR_REPLACEMENT. -eval 'func_dirname () -{ - $debug_cmd - - '"$_d"' -}' - - -# func_dirname_and_basename FILE APPEND NONDIR_REPLACEMENT -# -------------------------------------------------------- -# Perform func_basename and func_dirname in a single function -# call: -# dirname: Compute the dirname of FILE. If nonempty, -# add APPEND to the result, otherwise set result -# to NONDIR_REPLACEMENT. -# value returned in "$func_dirname_result" -# basename: Compute filename of FILE. -# value retuned in "$func_basename_result" -# For efficiency, we do not delegate to the functions above but instead -# duplicate the functionality here. -eval 'func_dirname_and_basename () -{ - $debug_cmd - - '"$_b"' - '"$_d"' -}' - - -# func_echo ARG... -# ---------------- -# Echo program name prefixed message. -func_echo () -{ - $debug_cmd - - _G_message=$* - - func_echo_IFS=$IFS - IFS=$nl - for _G_line in $_G_message; do - IFS=$func_echo_IFS - $ECHO "$progname: $_G_line" - done - IFS=$func_echo_IFS -} - - -# func_echo_all ARG... -# -------------------- -# Invoke $ECHO with all args, space-separated. -func_echo_all () -{ - $ECHO "$*" -} - - -# func_echo_infix_1 INFIX ARG... -# ------------------------------ -# Echo program name, followed by INFIX on the first line, with any -# additional lines not showing INFIX. -func_echo_infix_1 () -{ - $debug_cmd - - $require_term_colors - - _G_infix=$1; shift - _G_indent=$_G_infix - _G_prefix="$progname: $_G_infix: " - _G_message=$* - - # Strip color escape sequences before counting printable length - for _G_tc in "$tc_reset" "$tc_bold" "$tc_standout" "$tc_red" "$tc_green" "$tc_blue" "$tc_cyan" - do - test -n "$_G_tc" && { - _G_esc_tc=`$ECHO "$_G_tc" | $SED "$sed_make_literal_regex"` - _G_indent=`$ECHO "$_G_indent" | $SED "s|$_G_esc_tc||g"` - } - done - _G_indent="$progname: "`echo "$_G_indent" | $SED 's|.| |g'`" " ## exclude from sc_prohibit_nested_quotes - - func_echo_infix_1_IFS=$IFS - IFS=$nl - for _G_line in $_G_message; do - IFS=$func_echo_infix_1_IFS - $ECHO "$_G_prefix$tc_bold$_G_line$tc_reset" >&2 - _G_prefix=$_G_indent - done - IFS=$func_echo_infix_1_IFS -} - - -# func_error ARG... -# ----------------- -# Echo program name prefixed message to standard error. -func_error () -{ - $debug_cmd - - $require_term_colors - - func_echo_infix_1 " $tc_standout${tc_red}error$tc_reset" "$*" >&2 -} - - -# func_fatal_error ARG... -# ----------------------- -# Echo program name prefixed message to standard error, and exit. -func_fatal_error () -{ - $debug_cmd - - func_error "$*" - exit $EXIT_FAILURE -} - - -# func_grep EXPRESSION FILENAME -# ----------------------------- -# Check whether EXPRESSION matches any line of FILENAME, without output. -func_grep () -{ - $debug_cmd - - $GREP "$1" "$2" >/dev/null 2>&1 -} - - -# func_len STRING -# --------------- -# Set func_len_result to the length of STRING. STRING may not -# start with a hyphen. - test -z "$_G_HAVE_XSI_OPS" \ - && (eval 'x=a/b/c; - test 5aa/bb/cc = "${#x}${x%%/*}${x%/*}${x#*/}${x##*/}"') 2>/dev/null \ - && _G_HAVE_XSI_OPS=yes - -if test yes = "$_G_HAVE_XSI_OPS"; then - eval 'func_len () - { - $debug_cmd - - func_len_result=${#1} - }' -else - func_len () - { - $debug_cmd - - func_len_result=`expr "$1" : ".*" 2>/dev/null || echo $max_cmd_len` - } -fi - - -# func_mkdir_p DIRECTORY-PATH -# --------------------------- -# Make sure the entire path to DIRECTORY-PATH is available. -func_mkdir_p () -{ - $debug_cmd - - _G_directory_path=$1 - _G_dir_list= - - if test -n "$_G_directory_path" && test : != "$opt_dry_run"; then - - # Protect directory names starting with '-' - case $_G_directory_path in - -*) _G_directory_path=./$_G_directory_path ;; - esac - - # While some portion of DIR does not yet exist... - while test ! -d "$_G_directory_path"; do - # ...make a list in topmost first order. Use a colon delimited - # list incase some portion of path contains whitespace. - _G_dir_list=$_G_directory_path:$_G_dir_list - - # If the last portion added has no slash in it, the list is done - case $_G_directory_path in */*) ;; *) break ;; esac - - # ...otherwise throw away the child directory and loop - _G_directory_path=`$ECHO "$_G_directory_path" | $SED -e "$sed_dirname"` - done - _G_dir_list=`$ECHO "$_G_dir_list" | $SED 's|:*$||'` - - func_mkdir_p_IFS=$IFS; IFS=: - for _G_dir in $_G_dir_list; do - IFS=$func_mkdir_p_IFS - # mkdir can fail with a 'File exist' error if two processes - # try to create one of the directories concurrently. Don't - # stop in that case! - $MKDIR "$_G_dir" 2>/dev/null || : - done - IFS=$func_mkdir_p_IFS - - # Bail out if we (or some other process) failed to create a directory. - test -d "$_G_directory_path" || \ - func_fatal_error "Failed to create '$1'" - fi -} - - -# func_mktempdir [BASENAME] -# ------------------------- -# Make a temporary directory that won't clash with other running -# libtool processes, and avoids race conditions if possible. If -# given, BASENAME is the basename for that directory. -func_mktempdir () -{ - $debug_cmd - - _G_template=${TMPDIR-/tmp}/${1-$progname} - - if test : = "$opt_dry_run"; then - # Return a directory name, but don't create it in dry-run mode - _G_tmpdir=$_G_template-$$ - else - - # If mktemp works, use that first and foremost - _G_tmpdir=`mktemp -d "$_G_template-XXXXXXXX" 2>/dev/null` - - if test ! -d "$_G_tmpdir"; then - # Failing that, at least try and use $RANDOM to avoid a race - _G_tmpdir=$_G_template-${RANDOM-0}$$ - - func_mktempdir_umask=`umask` - umask 0077 - $MKDIR "$_G_tmpdir" - umask $func_mktempdir_umask - fi - - # If we're not in dry-run mode, bomb out on failure - test -d "$_G_tmpdir" || \ - func_fatal_error "cannot create temporary directory '$_G_tmpdir'" - fi - - $ECHO "$_G_tmpdir" -} - - -# func_normal_abspath PATH -# ------------------------ -# Remove doubled-up and trailing slashes, "." path components, -# and cancel out any ".." path components in PATH after making -# it an absolute path. -func_normal_abspath () -{ - $debug_cmd - - # These SED scripts presuppose an absolute path with a trailing slash. - _G_pathcar='s|^/\([^/]*\).*$|\1|' - _G_pathcdr='s|^/[^/]*||' - _G_removedotparts=':dotsl - s|/\./|/|g - t dotsl - s|/\.$|/|' - _G_collapseslashes='s|/\{1,\}|/|g' - _G_finalslash='s|/*$|/|' - - # Start from root dir and reassemble the path. - func_normal_abspath_result= - func_normal_abspath_tpath=$1 - func_normal_abspath_altnamespace= - case $func_normal_abspath_tpath in - "") - # Empty path, that just means $cwd. - func_stripname '' '/' "`pwd`" - func_normal_abspath_result=$func_stripname_result - return - ;; - # The next three entries are used to spot a run of precisely - # two leading slashes without using negated character classes; - # we take advantage of case's first-match behaviour. - ///*) - # Unusual form of absolute path, do nothing. - ;; - //*) - # Not necessarily an ordinary path; POSIX reserves leading '//' - # and for example Cygwin uses it to access remote file shares - # over CIFS/SMB, so we conserve a leading double slash if found. - func_normal_abspath_altnamespace=/ - ;; - /*) - # Absolute path, do nothing. - ;; - *) - # Relative path, prepend $cwd. - func_normal_abspath_tpath=`pwd`/$func_normal_abspath_tpath - ;; - esac - - # Cancel out all the simple stuff to save iterations. We also want - # the path to end with a slash for ease of parsing, so make sure - # there is one (and only one) here. - func_normal_abspath_tpath=`$ECHO "$func_normal_abspath_tpath" | $SED \ - -e "$_G_removedotparts" -e "$_G_collapseslashes" -e "$_G_finalslash"` - while :; do - # Processed it all yet? - if test / = "$func_normal_abspath_tpath"; then - # If we ascended to the root using ".." the result may be empty now. - if test -z "$func_normal_abspath_result"; then - func_normal_abspath_result=/ - fi - break - fi - func_normal_abspath_tcomponent=`$ECHO "$func_normal_abspath_tpath" | $SED \ - -e "$_G_pathcar"` - func_normal_abspath_tpath=`$ECHO "$func_normal_abspath_tpath" | $SED \ - -e "$_G_pathcdr"` - # Figure out what to do with it - case $func_normal_abspath_tcomponent in - "") - # Trailing empty path component, ignore it. - ;; - ..) - # Parent dir; strip last assembled component from result. - func_dirname "$func_normal_abspath_result" - func_normal_abspath_result=$func_dirname_result - ;; - *) - # Actual path component, append it. - func_append func_normal_abspath_result "/$func_normal_abspath_tcomponent" - ;; - esac - done - # Restore leading double-slash if one was found on entry. - func_normal_abspath_result=$func_normal_abspath_altnamespace$func_normal_abspath_result -} - - -# func_notquiet ARG... -# -------------------- -# Echo program name prefixed message only when not in quiet mode. -func_notquiet () -{ - $debug_cmd - - $opt_quiet || func_echo ${1+"$@"} - - # A bug in bash halts the script if the last line of a function - # fails when set -e is in force, so we need another command to - # work around that: - : -} - - -# func_relative_path SRCDIR DSTDIR -# -------------------------------- -# Set func_relative_path_result to the relative path from SRCDIR to DSTDIR. -func_relative_path () -{ - $debug_cmd - - func_relative_path_result= - func_normal_abspath "$1" - func_relative_path_tlibdir=$func_normal_abspath_result - func_normal_abspath "$2" - func_relative_path_tbindir=$func_normal_abspath_result - - # Ascend the tree starting from libdir - while :; do - # check if we have found a prefix of bindir - case $func_relative_path_tbindir in - $func_relative_path_tlibdir) - # found an exact match - func_relative_path_tcancelled= - break - ;; - $func_relative_path_tlibdir*) - # found a matching prefix - func_stripname "$func_relative_path_tlibdir" '' "$func_relative_path_tbindir" - func_relative_path_tcancelled=$func_stripname_result - if test -z "$func_relative_path_result"; then - func_relative_path_result=. - fi - break - ;; - *) - func_dirname $func_relative_path_tlibdir - func_relative_path_tlibdir=$func_dirname_result - if test -z "$func_relative_path_tlibdir"; then - # Have to descend all the way to the root! - func_relative_path_result=../$func_relative_path_result - func_relative_path_tcancelled=$func_relative_path_tbindir - break - fi - func_relative_path_result=../$func_relative_path_result - ;; - esac - done - - # Now calculate path; take care to avoid doubling-up slashes. - func_stripname '' '/' "$func_relative_path_result" - func_relative_path_result=$func_stripname_result - func_stripname '/' '/' "$func_relative_path_tcancelled" - if test -n "$func_stripname_result"; then - func_append func_relative_path_result "/$func_stripname_result" - fi - - # Normalisation. If bindir is libdir, return '.' else relative path. - if test -n "$func_relative_path_result"; then - func_stripname './' '' "$func_relative_path_result" - func_relative_path_result=$func_stripname_result - fi - - test -n "$func_relative_path_result" || func_relative_path_result=. - - : -} - - -# func_quote_for_eval ARG... -# -------------------------- -# Aesthetically quote ARGs to be evaled later. -# This function returns two values: -# i) func_quote_for_eval_result -# double-quoted, suitable for a subsequent eval -# ii) func_quote_for_eval_unquoted_result -# has all characters that are still active within double -# quotes backslashified. -func_quote_for_eval () -{ - $debug_cmd - - func_quote_for_eval_unquoted_result= - func_quote_for_eval_result= - while test 0 -lt $#; do - case $1 in - *[\\\`\"\$]*) - _G_unquoted_arg=`printf '%s\n' "$1" |$SED "$sed_quote_subst"` ;; - *) - _G_unquoted_arg=$1 ;; - esac - if test -n "$func_quote_for_eval_unquoted_result"; then - func_append func_quote_for_eval_unquoted_result " $_G_unquoted_arg" - else - func_append func_quote_for_eval_unquoted_result "$_G_unquoted_arg" - fi - - case $_G_unquoted_arg in - # Double-quote args containing shell metacharacters to delay - # word splitting, command substitution and variable expansion - # for a subsequent eval. - # Many Bourne shells cannot handle close brackets correctly - # in scan sets, so we specify it separately. - *[\[\~\#\^\&\*\(\)\{\}\|\;\<\>\?\'\ \ ]*|*]*|"") - _G_quoted_arg=\"$_G_unquoted_arg\" - ;; - *) - _G_quoted_arg=$_G_unquoted_arg - ;; - esac - - if test -n "$func_quote_for_eval_result"; then - func_append func_quote_for_eval_result " $_G_quoted_arg" - else - func_append func_quote_for_eval_result "$_G_quoted_arg" - fi - shift - done -} - - -# func_quote_for_expand ARG -# ------------------------- -# Aesthetically quote ARG to be evaled later; same as above, -# but do not quote variable references. -func_quote_for_expand () -{ - $debug_cmd - - case $1 in - *[\\\`\"]*) - _G_arg=`$ECHO "$1" | $SED \ - -e "$sed_double_quote_subst" -e "$sed_double_backslash"` ;; - *) - _G_arg=$1 ;; - esac - - case $_G_arg in - # Double-quote args containing shell metacharacters to delay - # word splitting and command substitution for a subsequent eval. - # Many Bourne shells cannot handle close brackets correctly - # in scan sets, so we specify it separately. - *[\[\~\#\^\&\*\(\)\{\}\|\;\<\>\?\'\ \ ]*|*]*|"") - _G_arg=\"$_G_arg\" - ;; - esac - - func_quote_for_expand_result=$_G_arg -} - - -# func_stripname PREFIX SUFFIX NAME -# --------------------------------- -# strip PREFIX and SUFFIX from NAME, and store in func_stripname_result. -# PREFIX and SUFFIX must not contain globbing or regex special -# characters, hashes, percent signs, but SUFFIX may contain a leading -# dot (in which case that matches only a dot). -if test yes = "$_G_HAVE_XSI_OPS"; then - eval 'func_stripname () - { - $debug_cmd - - # pdksh 5.2.14 does not do ${X%$Y} correctly if both X and Y are - # positional parameters, so assign one to ordinary variable first. - func_stripname_result=$3 - func_stripname_result=${func_stripname_result#"$1"} - func_stripname_result=${func_stripname_result%"$2"} - }' -else - func_stripname () - { - $debug_cmd - - case $2 in - .*) func_stripname_result=`$ECHO "$3" | $SED -e "s%^$1%%" -e "s%\\\\$2\$%%"`;; - *) func_stripname_result=`$ECHO "$3" | $SED -e "s%^$1%%" -e "s%$2\$%%"`;; - esac - } -fi - - -# func_show_eval CMD [FAIL_EXP] -# ----------------------------- -# Unless opt_quiet is true, then output CMD. Then, if opt_dryrun is -# not true, evaluate CMD. If the evaluation of CMD fails, and FAIL_EXP -# is given, then evaluate it. -func_show_eval () -{ - $debug_cmd - - _G_cmd=$1 - _G_fail_exp=${2-':'} - - func_quote_for_expand "$_G_cmd" - eval "func_notquiet $func_quote_for_expand_result" - - $opt_dry_run || { - eval "$_G_cmd" - _G_status=$? - if test 0 -ne "$_G_status"; then - eval "(exit $_G_status); $_G_fail_exp" - fi - } -} - - -# func_show_eval_locale CMD [FAIL_EXP] -# ------------------------------------ -# Unless opt_quiet is true, then output CMD. Then, if opt_dryrun is -# not true, evaluate CMD. If the evaluation of CMD fails, and FAIL_EXP -# is given, then evaluate it. Use the saved locale for evaluation. -func_show_eval_locale () -{ - $debug_cmd - - _G_cmd=$1 - _G_fail_exp=${2-':'} - - $opt_quiet || { - func_quote_for_expand "$_G_cmd" - eval "func_echo $func_quote_for_expand_result" - } - - $opt_dry_run || { - eval "$_G_user_locale - $_G_cmd" - _G_status=$? - eval "$_G_safe_locale" - if test 0 -ne "$_G_status"; then - eval "(exit $_G_status); $_G_fail_exp" - fi - } -} - - -# func_tr_sh -# ---------- -# Turn $1 into a string suitable for a shell variable name. -# Result is stored in $func_tr_sh_result. All characters -# not in the set a-zA-Z0-9_ are replaced with '_'. Further, -# if $1 begins with a digit, a '_' is prepended as well. -func_tr_sh () -{ - $debug_cmd - - case $1 in - [0-9]* | *[!a-zA-Z0-9_]*) - func_tr_sh_result=`$ECHO "$1" | $SED -e 's/^\([0-9]\)/_\1/' -e 's/[^a-zA-Z0-9_]/_/g'` - ;; - * ) - func_tr_sh_result=$1 - ;; - esac -} - - -# func_verbose ARG... -# ------------------- -# Echo program name prefixed message in verbose mode only. -func_verbose () -{ - $debug_cmd - - $opt_verbose && func_echo "$*" - - : -} - - -# func_warn_and_continue ARG... -# ----------------------------- -# Echo program name prefixed warning message to standard error. -func_warn_and_continue () -{ - $debug_cmd - - $require_term_colors - - func_echo_infix_1 "${tc_red}warning$tc_reset" "$*" >&2 -} - - -# func_warning CATEGORY ARG... -# ---------------------------- -# Echo program name prefixed warning message to standard error. Warning -# messages can be filtered according to CATEGORY, where this function -# elides messages where CATEGORY is not listed in the global variable -# 'opt_warning_types'. -func_warning () -{ - $debug_cmd - - # CATEGORY must be in the warning_categories list! - case " $warning_categories " in - *" $1 "*) ;; - *) func_internal_error "invalid warning category '$1'" ;; - esac - - _G_category=$1 - shift - - case " $opt_warning_types " in - *" $_G_category "*) $warning_func ${1+"$@"} ;; - esac -} - - -# func_sort_ver VER1 VER2 -# ----------------------- -# 'sort -V' is not generally available. -# Note this deviates from the version comparison in automake -# in that it treats 1.5 < 1.5.0, and treats 1.4.4a < 1.4-p3a -# but this should suffice as we won't be specifying old -# version formats or redundant trailing .0 in bootstrap.conf. -# If we did want full compatibility then we should probably -# use m4_version_compare from autoconf. -func_sort_ver () -{ - $debug_cmd - - printf '%s\n%s\n' "$1" "$2" \ - | sort -t. -k 1,1n -k 2,2n -k 3,3n -k 4,4n -k 5,5n -k 6,6n -k 7,7n -k 8,8n -k 9,9n -} - -# func_lt_ver PREV CURR -# --------------------- -# Return true if PREV and CURR are in the correct order according to -# func_sort_ver, otherwise false. Use it like this: -# -# func_lt_ver "$prev_ver" "$proposed_ver" || func_fatal_error "..." -func_lt_ver () -{ - $debug_cmd - - test "x$1" = x`func_sort_ver "$1" "$2" | $SED 1q` -} - - -# Local variables: -# mode: shell-script -# sh-indentation: 2 -# eval: (add-hook 'before-save-hook 'time-stamp) -# time-stamp-pattern: "10/scriptversion=%:y-%02m-%02d.%02H; # UTC" -# time-stamp-time-zone: "UTC" -# End: -#! /bin/sh - -# Set a version string for this script. -scriptversion=2014-01-07.03; # UTC - -# A portable, pluggable option parser for Bourne shell. -# Written by Gary V. Vaughan, 2010 - -# Copyright (C) 2010-2015 Free Software Foundation, Inc. -# This is free software; see the source for copying conditions. There is NO -# warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. - -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. - -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. - -# You should have received a copy of the GNU General Public License -# along with this program. If not, see . - -# Please report bugs or propose patches to gary@gnu.org. - - -## ------ ## -## Usage. ## -## ------ ## - -# This file is a library for parsing options in your shell scripts along -# with assorted other useful supporting features that you can make use -# of too. -# -# For the simplest scripts you might need only: -# -# #!/bin/sh -# . relative/path/to/funclib.sh -# . relative/path/to/options-parser -# scriptversion=1.0 -# func_options ${1+"$@"} -# eval set dummy "$func_options_result"; shift -# ...rest of your script... -# -# In order for the '--version' option to work, you will need to have a -# suitably formatted comment like the one at the top of this file -# starting with '# Written by ' and ending with '# warranty; '. -# -# For '-h' and '--help' to work, you will also need a one line -# description of your script's purpose in a comment directly above the -# '# Written by ' line, like the one at the top of this file. -# -# The default options also support '--debug', which will turn on shell -# execution tracing (see the comment above debug_cmd below for another -# use), and '--verbose' and the func_verbose function to allow your script -# to display verbose messages only when your user has specified -# '--verbose'. -# -# After sourcing this file, you can plug processing for additional -# options by amending the variables from the 'Configuration' section -# below, and following the instructions in the 'Option parsing' -# section further down. - -## -------------- ## -## Configuration. ## -## -------------- ## - -# You should override these variables in your script after sourcing this -# file so that they reflect the customisations you have added to the -# option parser. - -# The usage line for option parsing errors and the start of '-h' and -# '--help' output messages. You can embed shell variables for delayed -# expansion at the time the message is displayed, but you will need to -# quote other shell meta-characters carefully to prevent them being -# expanded when the contents are evaled. -usage='$progpath [OPTION]...' - -# Short help message in response to '-h' and '--help'. Add to this or -# override it after sourcing this library to reflect the full set of -# options your script accepts. -usage_message="\ - --debug enable verbose shell tracing - -W, --warnings=CATEGORY - report the warnings falling in CATEGORY [all] - -v, --verbose verbosely report processing - --version print version information and exit - -h, --help print short or long help message and exit -" - -# Additional text appended to 'usage_message' in response to '--help'. -long_help_message=" -Warning categories include: - 'all' show all warnings - 'none' turn off all the warnings - 'error' warnings are treated as fatal errors" - -# Help message printed before fatal option parsing errors. -fatal_help="Try '\$progname --help' for more information." - - - -## ------------------------- ## -## Hook function management. ## -## ------------------------- ## - -# This section contains functions for adding, removing, and running hooks -# to the main code. A hook is just a named list of of function, that can -# be run in order later on. - -# func_hookable FUNC_NAME -# ----------------------- -# Declare that FUNC_NAME will run hooks added with -# 'func_add_hook FUNC_NAME ...'. -func_hookable () -{ - $debug_cmd - - func_append hookable_fns " $1" -} - - -# func_add_hook FUNC_NAME HOOK_FUNC -# --------------------------------- -# Request that FUNC_NAME call HOOK_FUNC before it returns. FUNC_NAME must -# first have been declared "hookable" by a call to 'func_hookable'. -func_add_hook () -{ - $debug_cmd - - case " $hookable_fns " in - *" $1 "*) ;; - *) func_fatal_error "'$1' does not accept hook functions." ;; - esac - - eval func_append ${1}_hooks '" $2"' -} - - -# func_remove_hook FUNC_NAME HOOK_FUNC -# ------------------------------------ -# Remove HOOK_FUNC from the list of functions called by FUNC_NAME. -func_remove_hook () -{ - $debug_cmd - - eval ${1}_hooks='`$ECHO "\$'$1'_hooks" |$SED "s| '$2'||"`' -} - - -# func_run_hooks FUNC_NAME [ARG]... -# --------------------------------- -# Run all hook functions registered to FUNC_NAME. -# It is assumed that the list of hook functions contains nothing more -# than a whitespace-delimited list of legal shell function names, and -# no effort is wasted trying to catch shell meta-characters or preserve -# whitespace. -func_run_hooks () -{ - $debug_cmd - - case " $hookable_fns " in - *" $1 "*) ;; - *) func_fatal_error "'$1' does not support hook funcions.n" ;; - esac - - eval _G_hook_fns=\$$1_hooks; shift - - for _G_hook in $_G_hook_fns; do - eval $_G_hook '"$@"' - - # store returned options list back into positional - # parameters for next 'cmd' execution. - eval _G_hook_result=\$${_G_hook}_result - eval set dummy "$_G_hook_result"; shift - done - - func_quote_for_eval ${1+"$@"} - func_run_hooks_result=$func_quote_for_eval_result -} - - - -## --------------- ## -## Option parsing. ## -## --------------- ## - -# In order to add your own option parsing hooks, you must accept the -# full positional parameter list in your hook function, remove any -# options that you action, and then pass back the remaining unprocessed -# options in '_result', escaped suitably for -# 'eval'. Like this: -# -# my_options_prep () -# { -# $debug_cmd -# -# # Extend the existing usage message. -# usage_message=$usage_message' -# -s, --silent don'\''t print informational messages -# ' -# -# func_quote_for_eval ${1+"$@"} -# my_options_prep_result=$func_quote_for_eval_result -# } -# func_add_hook func_options_prep my_options_prep -# -# -# my_silent_option () -# { -# $debug_cmd -# -# # Note that for efficiency, we parse as many options as we can -# # recognise in a loop before passing the remainder back to the -# # caller on the first unrecognised argument we encounter. -# while test $# -gt 0; do -# opt=$1; shift -# case $opt in -# --silent|-s) opt_silent=: ;; -# # Separate non-argument short options: -# -s*) func_split_short_opt "$_G_opt" -# set dummy "$func_split_short_opt_name" \ -# "-$func_split_short_opt_arg" ${1+"$@"} -# shift -# ;; -# *) set dummy "$_G_opt" "$*"; shift; break ;; -# esac -# done -# -# func_quote_for_eval ${1+"$@"} -# my_silent_option_result=$func_quote_for_eval_result -# } -# func_add_hook func_parse_options my_silent_option -# -# -# my_option_validation () -# { -# $debug_cmd -# -# $opt_silent && $opt_verbose && func_fatal_help "\ -# '--silent' and '--verbose' options are mutually exclusive." -# -# func_quote_for_eval ${1+"$@"} -# my_option_validation_result=$func_quote_for_eval_result -# } -# func_add_hook func_validate_options my_option_validation -# -# You'll alse need to manually amend $usage_message to reflect the extra -# options you parse. It's preferable to append if you can, so that -# multiple option parsing hooks can be added safely. - - -# func_options [ARG]... -# --------------------- -# All the functions called inside func_options are hookable. See the -# individual implementations for details. -func_hookable func_options -func_options () -{ - $debug_cmd - - func_options_prep ${1+"$@"} - eval func_parse_options \ - ${func_options_prep_result+"$func_options_prep_result"} - eval func_validate_options \ - ${func_parse_options_result+"$func_parse_options_result"} - - eval func_run_hooks func_options \ - ${func_validate_options_result+"$func_validate_options_result"} - - # save modified positional parameters for caller - func_options_result=$func_run_hooks_result -} - - -# func_options_prep [ARG]... -# -------------------------- -# All initialisations required before starting the option parse loop. -# Note that when calling hook functions, we pass through the list of -# positional parameters. If a hook function modifies that list, and -# needs to propogate that back to rest of this script, then the complete -# modified list must be put in 'func_run_hooks_result' before -# returning. -func_hookable func_options_prep -func_options_prep () -{ - $debug_cmd - - # Option defaults: - opt_verbose=false - opt_warning_types= - - func_run_hooks func_options_prep ${1+"$@"} - - # save modified positional parameters for caller - func_options_prep_result=$func_run_hooks_result -} - - -# func_parse_options [ARG]... -# --------------------------- -# The main option parsing loop. -func_hookable func_parse_options -func_parse_options () -{ - $debug_cmd - - func_parse_options_result= - - # this just eases exit handling - while test $# -gt 0; do - # Defer to hook functions for initial option parsing, so they - # get priority in the event of reusing an option name. - func_run_hooks func_parse_options ${1+"$@"} - - # Adjust func_parse_options positional parameters to match - eval set dummy "$func_run_hooks_result"; shift - - # Break out of the loop if we already parsed every option. - test $# -gt 0 || break - - _G_opt=$1 - shift - case $_G_opt in - --debug|-x) debug_cmd='set -x' - func_echo "enabling shell trace mode" - $debug_cmd - ;; - - --no-warnings|--no-warning|--no-warn) - set dummy --warnings none ${1+"$@"} - shift - ;; - - --warnings|--warning|-W) - test $# = 0 && func_missing_arg $_G_opt && break - case " $warning_categories $1" in - *" $1 "*) - # trailing space prevents matching last $1 above - func_append_uniq opt_warning_types " $1" - ;; - *all) - opt_warning_types=$warning_categories - ;; - *none) - opt_warning_types=none - warning_func=: - ;; - *error) - opt_warning_types=$warning_categories - warning_func=func_fatal_error - ;; - *) - func_fatal_error \ - "unsupported warning category: '$1'" - ;; - esac - shift - ;; - - --verbose|-v) opt_verbose=: ;; - --version) func_version ;; - -\?|-h) func_usage ;; - --help) func_help ;; - - # Separate optargs to long options (plugins may need this): - --*=*) func_split_equals "$_G_opt" - set dummy "$func_split_equals_lhs" \ - "$func_split_equals_rhs" ${1+"$@"} - shift - ;; - - # Separate optargs to short options: - -W*) - func_split_short_opt "$_G_opt" - set dummy "$func_split_short_opt_name" \ - "$func_split_short_opt_arg" ${1+"$@"} - shift - ;; - - # Separate non-argument short options: - -\?*|-h*|-v*|-x*) - func_split_short_opt "$_G_opt" - set dummy "$func_split_short_opt_name" \ - "-$func_split_short_opt_arg" ${1+"$@"} - shift - ;; - - --) break ;; - -*) func_fatal_help "unrecognised option: '$_G_opt'" ;; - *) set dummy "$_G_opt" ${1+"$@"}; shift; break ;; - esac - done - - # save modified positional parameters for caller - func_quote_for_eval ${1+"$@"} - func_parse_options_result=$func_quote_for_eval_result -} - - -# func_validate_options [ARG]... -# ------------------------------ -# Perform any sanity checks on option settings and/or unconsumed -# arguments. -func_hookable func_validate_options -func_validate_options () -{ - $debug_cmd - - # Display all warnings if -W was not given. - test -n "$opt_warning_types" || opt_warning_types=" $warning_categories" - - func_run_hooks func_validate_options ${1+"$@"} - - # Bail if the options were screwed! - $exit_cmd $EXIT_FAILURE - - # save modified positional parameters for caller - func_validate_options_result=$func_run_hooks_result -} - - - -## ----------------- ## -## Helper functions. ## -## ----------------- ## - -# This section contains the helper functions used by the rest of the -# hookable option parser framework in ascii-betical order. - - -# func_fatal_help ARG... -# ---------------------- -# Echo program name prefixed message to standard error, followed by -# a help hint, and exit. -func_fatal_help () -{ - $debug_cmd - - eval \$ECHO \""Usage: $usage"\" - eval \$ECHO \""$fatal_help"\" - func_error ${1+"$@"} - exit $EXIT_FAILURE -} - - -# func_help -# --------- -# Echo long help message to standard output and exit. -func_help () -{ - $debug_cmd - - func_usage_message - $ECHO "$long_help_message" - exit 0 -} - - -# func_missing_arg ARGNAME -# ------------------------ -# Echo program name prefixed message to standard error and set global -# exit_cmd. -func_missing_arg () -{ - $debug_cmd - - func_error "Missing argument for '$1'." - exit_cmd=exit -} - - -# func_split_equals STRING -# ------------------------ -# Set func_split_equals_lhs and func_split_equals_rhs shell variables after -# splitting STRING at the '=' sign. -test -z "$_G_HAVE_XSI_OPS" \ - && (eval 'x=a/b/c; - test 5aa/bb/cc = "${#x}${x%%/*}${x%/*}${x#*/}${x##*/}"') 2>/dev/null \ - && _G_HAVE_XSI_OPS=yes - -if test yes = "$_G_HAVE_XSI_OPS" -then - # This is an XSI compatible shell, allowing a faster implementation... - eval 'func_split_equals () - { - $debug_cmd - - func_split_equals_lhs=${1%%=*} - func_split_equals_rhs=${1#*=} - test "x$func_split_equals_lhs" = "x$1" \ - && func_split_equals_rhs= - }' -else - # ...otherwise fall back to using expr, which is often a shell builtin. - func_split_equals () - { - $debug_cmd - - func_split_equals_lhs=`expr "x$1" : 'x\([^=]*\)'` - func_split_equals_rhs= - test "x$func_split_equals_lhs" = "x$1" \ - || func_split_equals_rhs=`expr "x$1" : 'x[^=]*=\(.*\)$'` - } -fi #func_split_equals - - -# func_split_short_opt SHORTOPT -# ----------------------------- -# Set func_split_short_opt_name and func_split_short_opt_arg shell -# variables after splitting SHORTOPT after the 2nd character. -if test yes = "$_G_HAVE_XSI_OPS" -then - # This is an XSI compatible shell, allowing a faster implementation... - eval 'func_split_short_opt () - { - $debug_cmd - - func_split_short_opt_arg=${1#??} - func_split_short_opt_name=${1%"$func_split_short_opt_arg"} - }' -else - # ...otherwise fall back to using expr, which is often a shell builtin. - func_split_short_opt () - { - $debug_cmd - - func_split_short_opt_name=`expr "x$1" : 'x-\(.\)'` - func_split_short_opt_arg=`expr "x$1" : 'x-.\(.*\)$'` - } -fi #func_split_short_opt - - -# func_usage -# ---------- -# Echo short help message to standard output and exit. -func_usage () -{ - $debug_cmd - - func_usage_message - $ECHO "Run '$progname --help |${PAGER-more}' for full usage" - exit 0 -} - - -# func_usage_message -# ------------------ -# Echo short help message to standard output. -func_usage_message () -{ - $debug_cmd - - eval \$ECHO \""Usage: $usage"\" - echo - $SED -n 's|^# || - /^Written by/{ - x;p;x - } - h - /^Written by/q' < "$progpath" - echo - eval \$ECHO \""$usage_message"\" -} - - -# func_version -# ------------ -# Echo version message to standard output and exit. -func_version () -{ - $debug_cmd - - printf '%s\n' "$progname $scriptversion" - $SED -n ' - /(C)/!b go - :more - /\./!{ - N - s|\n# | | - b more - } - :go - /^# Written by /,/# warranty; / { - s|^# || - s|^# *$|| - s|\((C)\)[ 0-9,-]*[ ,-]\([1-9][0-9]* \)|\1 \2| - p - } - /^# Written by / { - s|^# || - p - } - /^warranty; /q' < "$progpath" - - exit $? -} - - -# Local variables: -# mode: shell-script -# sh-indentation: 2 -# eval: (add-hook 'before-save-hook 'time-stamp) -# time-stamp-pattern: "10/scriptversion=%:y-%02m-%02d.%02H; # UTC" -# time-stamp-time-zone: "UTC" -# End: - -# Set a version string. -scriptversion='(GNU libtool) 2.4.6' - - -# func_echo ARG... -# ---------------- -# Libtool also displays the current mode in messages, so override -# funclib.sh func_echo with this custom definition. -func_echo () -{ - $debug_cmd - - _G_message=$* - - func_echo_IFS=$IFS - IFS=$nl - for _G_line in $_G_message; do - IFS=$func_echo_IFS - $ECHO "$progname${opt_mode+: $opt_mode}: $_G_line" - done - IFS=$func_echo_IFS -} - - -# func_warning ARG... -# ------------------- -# Libtool warnings are not categorized, so override funclib.sh -# func_warning with this simpler definition. -func_warning () -{ - $debug_cmd - - $warning_func ${1+"$@"} -} - - -## ---------------- ## -## Options parsing. ## -## ---------------- ## - -# Hook in the functions to make sure our own options are parsed during -# the option parsing loop. - -usage='$progpath [OPTION]... [MODE-ARG]...' - -# Short help message in response to '-h'. -usage_message="Options: - --config show all configuration variables - --debug enable verbose shell tracing - -n, --dry-run display commands without modifying any files - --features display basic configuration information and exit - --mode=MODE use operation mode MODE - --no-warnings equivalent to '-Wnone' - --preserve-dup-deps don't remove duplicate dependency libraries - --quiet, --silent don't print informational messages - --tag=TAG use configuration variables from tag TAG - -v, --verbose print more informational messages than default - --version print version information - -W, --warnings=CATEGORY report the warnings falling in CATEGORY [all] - -h, --help, --help-all print short, long, or detailed help message -" - -# Additional text appended to 'usage_message' in response to '--help'. -func_help () -{ - $debug_cmd - - func_usage_message - $ECHO "$long_help_message - -MODE must be one of the following: - - clean remove files from the build directory - compile compile a source file into a libtool object - execute automatically set library path, then run a program - finish complete the installation of libtool libraries - install install libraries or executables - link create a library or an executable - uninstall remove libraries from an installed directory - -MODE-ARGS vary depending on the MODE. When passed as first option, -'--mode=MODE' may be abbreviated as 'MODE' or a unique abbreviation of that. -Try '$progname --help --mode=MODE' for a more detailed description of MODE. - -When reporting a bug, please describe a test case to reproduce it and -include the following information: - - host-triplet: $host - shell: $SHELL - compiler: $LTCC - compiler flags: $LTCFLAGS - linker: $LD (gnu? $with_gnu_ld) - version: $progname (GNU libtool) 2.4.6 - automake: `($AUTOMAKE --version) 2>/dev/null |$SED 1q` - autoconf: `($AUTOCONF --version) 2>/dev/null |$SED 1q` - -Report bugs to . -GNU libtool home page: . -General help using GNU software: ." - exit 0 -} - - -# func_lo2o OBJECT-NAME -# --------------------- -# Transform OBJECT-NAME from a '.lo' suffix to the platform specific -# object suffix. - -lo2o=s/\\.lo\$/.$objext/ -o2lo=s/\\.$objext\$/.lo/ - -if test yes = "$_G_HAVE_XSI_OPS"; then - eval 'func_lo2o () - { - case $1 in - *.lo) func_lo2o_result=${1%.lo}.$objext ;; - * ) func_lo2o_result=$1 ;; - esac - }' - - # func_xform LIBOBJ-OR-SOURCE - # --------------------------- - # Transform LIBOBJ-OR-SOURCE from a '.o' or '.c' (or otherwise) - # suffix to a '.lo' libtool-object suffix. - eval 'func_xform () - { - func_xform_result=${1%.*}.lo - }' -else - # ...otherwise fall back to using sed. - func_lo2o () - { - func_lo2o_result=`$ECHO "$1" | $SED "$lo2o"` - } - - func_xform () - { - func_xform_result=`$ECHO "$1" | $SED 's|\.[^.]*$|.lo|'` - } -fi - - -# func_fatal_configuration ARG... -# ------------------------------- -# Echo program name prefixed message to standard error, followed by -# a configuration failure hint, and exit. -func_fatal_configuration () -{ - func__fatal_error ${1+"$@"} \ - "See the $PACKAGE documentation for more information." \ - "Fatal configuration error." -} - - -# func_config -# ----------- -# Display the configuration for all the tags in this script. -func_config () -{ - re_begincf='^# ### BEGIN LIBTOOL' - re_endcf='^# ### END LIBTOOL' - - # Default configuration. - $SED "1,/$re_begincf CONFIG/d;/$re_endcf CONFIG/,\$d" < "$progpath" - - # Now print the configurations for the tags. - for tagname in $taglist; do - $SED -n "/$re_begincf TAG CONFIG: $tagname\$/,/$re_endcf TAG CONFIG: $tagname\$/p" < "$progpath" - done - - exit $? -} - - -# func_features -# ------------- -# Display the features supported by this script. -func_features () -{ - echo "host: $host" - if test yes = "$build_libtool_libs"; then - echo "enable shared libraries" - else - echo "disable shared libraries" - fi - if test yes = "$build_old_libs"; then - echo "enable static libraries" - else - echo "disable static libraries" - fi - - exit $? -} - - -# func_enable_tag TAGNAME -# ----------------------- -# Verify that TAGNAME is valid, and either flag an error and exit, or -# enable the TAGNAME tag. We also add TAGNAME to the global $taglist -# variable here. -func_enable_tag () -{ - # Global variable: - tagname=$1 - - re_begincf="^# ### BEGIN LIBTOOL TAG CONFIG: $tagname\$" - re_endcf="^# ### END LIBTOOL TAG CONFIG: $tagname\$" - sed_extractcf=/$re_begincf/,/$re_endcf/p - - # Validate tagname. - case $tagname in - *[!-_A-Za-z0-9,/]*) - func_fatal_error "invalid tag name: $tagname" - ;; - esac - - # Don't test for the "default" C tag, as we know it's - # there but not specially marked. - case $tagname in - CC) ;; - *) - if $GREP "$re_begincf" "$progpath" >/dev/null 2>&1; then - taglist="$taglist $tagname" - - # Evaluate the configuration. Be careful to quote the path - # and the sed script, to avoid splitting on whitespace, but - # also don't use non-portable quotes within backquotes within - # quotes we have to do it in 2 steps: - extractedcf=`$SED -n -e "$sed_extractcf" < "$progpath"` - eval "$extractedcf" - else - func_error "ignoring unknown tag $tagname" - fi - ;; - esac -} - - -# func_check_version_match -# ------------------------ -# Ensure that we are using m4 macros, and libtool script from the same -# release of libtool. -func_check_version_match () -{ - if test "$package_revision" != "$macro_revision"; then - if test "$VERSION" != "$macro_version"; then - if test -z "$macro_version"; then - cat >&2 <<_LT_EOF -$progname: Version mismatch error. This is $PACKAGE $VERSION, but the -$progname: definition of this LT_INIT comes from an older release. -$progname: You should recreate aclocal.m4 with macros from $PACKAGE $VERSION -$progname: and run autoconf again. -_LT_EOF - else - cat >&2 <<_LT_EOF -$progname: Version mismatch error. This is $PACKAGE $VERSION, but the -$progname: definition of this LT_INIT comes from $PACKAGE $macro_version. -$progname: You should recreate aclocal.m4 with macros from $PACKAGE $VERSION -$progname: and run autoconf again. -_LT_EOF - fi - else - cat >&2 <<_LT_EOF -$progname: Version mismatch error. This is $PACKAGE $VERSION, revision $package_revision, -$progname: but the definition of this LT_INIT comes from revision $macro_revision. -$progname: You should recreate aclocal.m4 with macros from revision $package_revision -$progname: of $PACKAGE $VERSION and run autoconf again. -_LT_EOF - fi - - exit $EXIT_MISMATCH - fi -} - - -# libtool_options_prep [ARG]... -# ----------------------------- -# Preparation for options parsed by libtool. -libtool_options_prep () -{ - $debug_mode - - # Option defaults: - opt_config=false - opt_dlopen= - opt_dry_run=false - opt_help=false - opt_mode= - opt_preserve_dup_deps=false - opt_quiet=false - - nonopt= - preserve_args= - - # Shorthand for --mode=foo, only valid as the first argument - case $1 in - clean|clea|cle|cl) - shift; set dummy --mode clean ${1+"$@"}; shift - ;; - compile|compil|compi|comp|com|co|c) - shift; set dummy --mode compile ${1+"$@"}; shift - ;; - execute|execut|execu|exec|exe|ex|e) - shift; set dummy --mode execute ${1+"$@"}; shift - ;; - finish|finis|fini|fin|fi|f) - shift; set dummy --mode finish ${1+"$@"}; shift - ;; - install|instal|insta|inst|ins|in|i) - shift; set dummy --mode install ${1+"$@"}; shift - ;; - link|lin|li|l) - shift; set dummy --mode link ${1+"$@"}; shift - ;; - uninstall|uninstal|uninsta|uninst|unins|unin|uni|un|u) - shift; set dummy --mode uninstall ${1+"$@"}; shift - ;; - esac - - # Pass back the list of options. - func_quote_for_eval ${1+"$@"} - libtool_options_prep_result=$func_quote_for_eval_result -} -func_add_hook func_options_prep libtool_options_prep - - -# libtool_parse_options [ARG]... -# --------------------------------- -# Provide handling for libtool specific options. -libtool_parse_options () -{ - $debug_cmd - - # Perform our own loop to consume as many options as possible in - # each iteration. - while test $# -gt 0; do - _G_opt=$1 - shift - case $_G_opt in - --dry-run|--dryrun|-n) - opt_dry_run=: - ;; - - --config) func_config ;; - - --dlopen|-dlopen) - opt_dlopen="${opt_dlopen+$opt_dlopen -}$1" - shift - ;; - - --preserve-dup-deps) - opt_preserve_dup_deps=: ;; - - --features) func_features ;; - - --finish) set dummy --mode finish ${1+"$@"}; shift ;; - - --help) opt_help=: ;; - - --help-all) opt_help=': help-all' ;; - - --mode) test $# = 0 && func_missing_arg $_G_opt && break - opt_mode=$1 - case $1 in - # Valid mode arguments: - clean|compile|execute|finish|install|link|relink|uninstall) ;; - - # Catch anything else as an error - *) func_error "invalid argument for $_G_opt" - exit_cmd=exit - break - ;; - esac - shift - ;; - - --no-silent|--no-quiet) - opt_quiet=false - func_append preserve_args " $_G_opt" - ;; - - --no-warnings|--no-warning|--no-warn) - opt_warning=false - func_append preserve_args " $_G_opt" - ;; - - --no-verbose) - opt_verbose=false - func_append preserve_args " $_G_opt" - ;; - - --silent|--quiet) - opt_quiet=: - opt_verbose=false - func_append preserve_args " $_G_opt" - ;; - - --tag) test $# = 0 && func_missing_arg $_G_opt && break - opt_tag=$1 - func_append preserve_args " $_G_opt $1" - func_enable_tag "$1" - shift - ;; - - --verbose|-v) opt_quiet=false - opt_verbose=: - func_append preserve_args " $_G_opt" - ;; - - # An option not handled by this hook function: - *) set dummy "$_G_opt" ${1+"$@"}; shift; break ;; - esac - done - - - # save modified positional parameters for caller - func_quote_for_eval ${1+"$@"} - libtool_parse_options_result=$func_quote_for_eval_result -} -func_add_hook func_parse_options libtool_parse_options - - - -# libtool_validate_options [ARG]... -# --------------------------------- -# Perform any sanity checks on option settings and/or unconsumed -# arguments. -libtool_validate_options () -{ - # save first non-option argument - if test 0 -lt $#; then - nonopt=$1 - shift - fi - - # preserve --debug - test : = "$debug_cmd" || func_append preserve_args " --debug" - - case $host in - # Solaris2 added to fix http://debbugs.gnu.org/cgi/bugreport.cgi?bug=16452 - # see also: http://gcc.gnu.org/bugzilla/show_bug.cgi?id=59788 - *cygwin* | *mingw* | *pw32* | *cegcc* | *solaris2* | *os2*) - # don't eliminate duplications in $postdeps and $predeps - opt_duplicate_compiler_generated_deps=: - ;; - *) - opt_duplicate_compiler_generated_deps=$opt_preserve_dup_deps - ;; - esac - - $opt_help || { - # Sanity checks first: - func_check_version_match - - test yes != "$build_libtool_libs" \ - && test yes != "$build_old_libs" \ - && func_fatal_configuration "not configured to build any kind of library" - - # Darwin sucks - eval std_shrext=\"$shrext_cmds\" - - # Only execute mode is allowed to have -dlopen flags. - if test -n "$opt_dlopen" && test execute != "$opt_mode"; then - func_error "unrecognized option '-dlopen'" - $ECHO "$help" 1>&2 - exit $EXIT_FAILURE - fi - - # Change the help message to a mode-specific one. - generic_help=$help - help="Try '$progname --help --mode=$opt_mode' for more information." - } - - # Pass back the unparsed argument list - func_quote_for_eval ${1+"$@"} - libtool_validate_options_result=$func_quote_for_eval_result -} -func_add_hook func_validate_options libtool_validate_options - - -# Process options as early as possible so that --help and --version -# can return quickly. -func_options ${1+"$@"} -eval set dummy "$func_options_result"; shift - - - -## ----------- ## -## Main. ## -## ----------- ## - -magic='%%%MAGIC variable%%%' -magic_exe='%%%MAGIC EXE variable%%%' - -# Global variables. -extracted_archives= -extracted_serial=0 - -# If this variable is set in any of the actions, the command in it -# will be execed at the end. This prevents here-documents from being -# left over by shells. -exec_cmd= - - -# A function that is used when there is no print builtin or printf. -func_fallback_echo () -{ - eval 'cat <<_LTECHO_EOF -$1 -_LTECHO_EOF' -} - -# func_generated_by_libtool -# True iff stdin has been generated by Libtool. This function is only -# a basic sanity check; it will hardly flush out determined imposters. -func_generated_by_libtool_p () -{ - $GREP "^# Generated by .*$PACKAGE" > /dev/null 2>&1 -} - -# func_lalib_p file -# True iff FILE is a libtool '.la' library or '.lo' object file. -# This function is only a basic sanity check; it will hardly flush out -# determined imposters. -func_lalib_p () -{ - test -f "$1" && - $SED -e 4q "$1" 2>/dev/null | func_generated_by_libtool_p -} - -# func_lalib_unsafe_p file -# True iff FILE is a libtool '.la' library or '.lo' object file. -# This function implements the same check as func_lalib_p without -# resorting to external programs. To this end, it redirects stdin and -# closes it afterwards, without saving the original file descriptor. -# As a safety measure, use it only where a negative result would be -# fatal anyway. Works if 'file' does not exist. -func_lalib_unsafe_p () -{ - lalib_p=no - if test -f "$1" && test -r "$1" && exec 5<&0 <"$1"; then - for lalib_p_l in 1 2 3 4 - do - read lalib_p_line - case $lalib_p_line in - \#\ Generated\ by\ *$PACKAGE* ) lalib_p=yes; break;; - esac - done - exec 0<&5 5<&- - fi - test yes = "$lalib_p" -} - -# func_ltwrapper_script_p file -# True iff FILE is a libtool wrapper script -# This function is only a basic sanity check; it will hardly flush out -# determined imposters. -func_ltwrapper_script_p () -{ - test -f "$1" && - $lt_truncate_bin < "$1" 2>/dev/null | func_generated_by_libtool_p -} - -# func_ltwrapper_executable_p file -# True iff FILE is a libtool wrapper executable -# This function is only a basic sanity check; it will hardly flush out -# determined imposters. -func_ltwrapper_executable_p () -{ - func_ltwrapper_exec_suffix= - case $1 in - *.exe) ;; - *) func_ltwrapper_exec_suffix=.exe ;; - esac - $GREP "$magic_exe" "$1$func_ltwrapper_exec_suffix" >/dev/null 2>&1 -} - -# func_ltwrapper_scriptname file -# Assumes file is an ltwrapper_executable -# uses $file to determine the appropriate filename for a -# temporary ltwrapper_script. -func_ltwrapper_scriptname () -{ - func_dirname_and_basename "$1" "" "." - func_stripname '' '.exe' "$func_basename_result" - func_ltwrapper_scriptname_result=$func_dirname_result/$objdir/${func_stripname_result}_ltshwrapper -} - -# func_ltwrapper_p file -# True iff FILE is a libtool wrapper script or wrapper executable -# This function is only a basic sanity check; it will hardly flush out -# determined imposters. -func_ltwrapper_p () -{ - func_ltwrapper_script_p "$1" || func_ltwrapper_executable_p "$1" -} - - -# func_execute_cmds commands fail_cmd -# Execute tilde-delimited COMMANDS. -# If FAIL_CMD is given, eval that upon failure. -# FAIL_CMD may read-access the current command in variable CMD! -func_execute_cmds () -{ - $debug_cmd - - save_ifs=$IFS; IFS='~' - for cmd in $1; do - IFS=$sp$nl - eval cmd=\"$cmd\" - IFS=$save_ifs - func_show_eval "$cmd" "${2-:}" - done - IFS=$save_ifs -} - - -# func_source file -# Source FILE, adding directory component if necessary. -# Note that it is not necessary on cygwin/mingw to append a dot to -# FILE even if both FILE and FILE.exe exist: automatic-append-.exe -# behavior happens only for exec(3), not for open(2)! Also, sourcing -# 'FILE.' does not work on cygwin managed mounts. -func_source () -{ - $debug_cmd - - case $1 in - */* | *\\*) . "$1" ;; - *) . "./$1" ;; - esac -} - - -# func_resolve_sysroot PATH -# Replace a leading = in PATH with a sysroot. Store the result into -# func_resolve_sysroot_result -func_resolve_sysroot () -{ - func_resolve_sysroot_result=$1 - case $func_resolve_sysroot_result in - =*) - func_stripname '=' '' "$func_resolve_sysroot_result" - func_resolve_sysroot_result=$lt_sysroot$func_stripname_result - ;; - esac -} - -# func_replace_sysroot PATH -# If PATH begins with the sysroot, replace it with = and -# store the result into func_replace_sysroot_result. -func_replace_sysroot () -{ - case $lt_sysroot:$1 in - ?*:"$lt_sysroot"*) - func_stripname "$lt_sysroot" '' "$1" - func_replace_sysroot_result='='$func_stripname_result - ;; - *) - # Including no sysroot. - func_replace_sysroot_result=$1 - ;; - esac -} - -# func_infer_tag arg -# Infer tagged configuration to use if any are available and -# if one wasn't chosen via the "--tag" command line option. -# Only attempt this if the compiler in the base compile -# command doesn't match the default compiler. -# arg is usually of the form 'gcc ...' -func_infer_tag () -{ - $debug_cmd - - if test -n "$available_tags" && test -z "$tagname"; then - CC_quoted= - for arg in $CC; do - func_append_quoted CC_quoted "$arg" - done - CC_expanded=`func_echo_all $CC` - CC_quoted_expanded=`func_echo_all $CC_quoted` - case $@ in - # Blanks in the command may have been stripped by the calling shell, - # but not from the CC environment variable when configure was run. - " $CC "* | "$CC "* | " $CC_expanded "* | "$CC_expanded "* | \ - " $CC_quoted"* | "$CC_quoted "* | " $CC_quoted_expanded "* | "$CC_quoted_expanded "*) ;; - # Blanks at the start of $base_compile will cause this to fail - # if we don't check for them as well. - *) - for z in $available_tags; do - if $GREP "^# ### BEGIN LIBTOOL TAG CONFIG: $z$" < "$progpath" > /dev/null; then - # Evaluate the configuration. - eval "`$SED -n -e '/^# ### BEGIN LIBTOOL TAG CONFIG: '$z'$/,/^# ### END LIBTOOL TAG CONFIG: '$z'$/p' < $progpath`" - CC_quoted= - for arg in $CC; do - # Double-quote args containing other shell metacharacters. - func_append_quoted CC_quoted "$arg" - done - CC_expanded=`func_echo_all $CC` - CC_quoted_expanded=`func_echo_all $CC_quoted` - case "$@ " in - " $CC "* | "$CC "* | " $CC_expanded "* | "$CC_expanded "* | \ - " $CC_quoted"* | "$CC_quoted "* | " $CC_quoted_expanded "* | "$CC_quoted_expanded "*) - # The compiler in the base compile command matches - # the one in the tagged configuration. - # Assume this is the tagged configuration we want. - tagname=$z - break - ;; - esac - fi - done - # If $tagname still isn't set, then no tagged configuration - # was found and let the user know that the "--tag" command - # line option must be used. - if test -z "$tagname"; then - func_echo "unable to infer tagged configuration" - func_fatal_error "specify a tag with '--tag'" -# else -# func_verbose "using $tagname tagged configuration" - fi - ;; - esac - fi -} - - - -# func_write_libtool_object output_name pic_name nonpic_name -# Create a libtool object file (analogous to a ".la" file), -# but don't create it if we're doing a dry run. -func_write_libtool_object () -{ - write_libobj=$1 - if test yes = "$build_libtool_libs"; then - write_lobj=\'$2\' - else - write_lobj=none - fi - - if test yes = "$build_old_libs"; then - write_oldobj=\'$3\' - else - write_oldobj=none - fi - - $opt_dry_run || { - cat >${write_libobj}T </dev/null` - if test "$?" -eq 0 && test -n "$func_convert_core_file_wine_to_w32_tmp"; then - func_convert_core_file_wine_to_w32_result=`$ECHO "$func_convert_core_file_wine_to_w32_tmp" | - $SED -e "$sed_naive_backslashify"` - else - func_convert_core_file_wine_to_w32_result= - fi - fi -} -# end: func_convert_core_file_wine_to_w32 - - -# func_convert_core_path_wine_to_w32 ARG -# Helper function used by path conversion functions when $build is *nix, and -# $host is mingw, cygwin, or some other w32 environment. Relies on a correctly -# configured wine environment available, with the winepath program in $build's -# $PATH. Assumes ARG has no leading or trailing path separator characters. -# -# ARG is path to be converted from $build format to win32. -# Result is available in $func_convert_core_path_wine_to_w32_result. -# Unconvertible file (directory) names in ARG are skipped; if no directory names -# are convertible, then the result may be empty. -func_convert_core_path_wine_to_w32 () -{ - $debug_cmd - - # unfortunately, winepath doesn't convert paths, only file names - func_convert_core_path_wine_to_w32_result= - if test -n "$1"; then - oldIFS=$IFS - IFS=: - for func_convert_core_path_wine_to_w32_f in $1; do - IFS=$oldIFS - func_convert_core_file_wine_to_w32 "$func_convert_core_path_wine_to_w32_f" - if test -n "$func_convert_core_file_wine_to_w32_result"; then - if test -z "$func_convert_core_path_wine_to_w32_result"; then - func_convert_core_path_wine_to_w32_result=$func_convert_core_file_wine_to_w32_result - else - func_append func_convert_core_path_wine_to_w32_result ";$func_convert_core_file_wine_to_w32_result" - fi - fi - done - IFS=$oldIFS - fi -} -# end: func_convert_core_path_wine_to_w32 - - -# func_cygpath ARGS... -# Wrapper around calling the cygpath program via LT_CYGPATH. This is used when -# when (1) $build is *nix and Cygwin is hosted via a wine environment; or (2) -# $build is MSYS and $host is Cygwin, or (3) $build is Cygwin. In case (1) or -# (2), returns the Cygwin file name or path in func_cygpath_result (input -# file name or path is assumed to be in w32 format, as previously converted -# from $build's *nix or MSYS format). In case (3), returns the w32 file name -# or path in func_cygpath_result (input file name or path is assumed to be in -# Cygwin format). Returns an empty string on error. -# -# ARGS are passed to cygpath, with the last one being the file name or path to -# be converted. -# -# Specify the absolute *nix (or w32) name to cygpath in the LT_CYGPATH -# environment variable; do not put it in $PATH. -func_cygpath () -{ - $debug_cmd - - if test -n "$LT_CYGPATH" && test -f "$LT_CYGPATH"; then - func_cygpath_result=`$LT_CYGPATH "$@" 2>/dev/null` - if test "$?" -ne 0; then - # on failure, ensure result is empty - func_cygpath_result= - fi - else - func_cygpath_result= - func_error "LT_CYGPATH is empty or specifies non-existent file: '$LT_CYGPATH'" - fi -} -#end: func_cygpath - - -# func_convert_core_msys_to_w32 ARG -# Convert file name or path ARG from MSYS format to w32 format. Return -# result in func_convert_core_msys_to_w32_result. -func_convert_core_msys_to_w32 () -{ - $debug_cmd - - # awkward: cmd appends spaces to result - func_convert_core_msys_to_w32_result=`( cmd //c echo "$1" ) 2>/dev/null | - $SED -e 's/[ ]*$//' -e "$sed_naive_backslashify"` -} -#end: func_convert_core_msys_to_w32 - - -# func_convert_file_check ARG1 ARG2 -# Verify that ARG1 (a file name in $build format) was converted to $host -# format in ARG2. Otherwise, emit an error message, but continue (resetting -# func_to_host_file_result to ARG1). -func_convert_file_check () -{ - $debug_cmd - - if test -z "$2" && test -n "$1"; then - func_error "Could not determine host file name corresponding to" - func_error " '$1'" - func_error "Continuing, but uninstalled executables may not work." - # Fallback: - func_to_host_file_result=$1 - fi -} -# end func_convert_file_check - - -# func_convert_path_check FROM_PATHSEP TO_PATHSEP FROM_PATH TO_PATH -# Verify that FROM_PATH (a path in $build format) was converted to $host -# format in TO_PATH. Otherwise, emit an error message, but continue, resetting -# func_to_host_file_result to a simplistic fallback value (see below). -func_convert_path_check () -{ - $debug_cmd - - if test -z "$4" && test -n "$3"; then - func_error "Could not determine the host path corresponding to" - func_error " '$3'" - func_error "Continuing, but uninstalled executables may not work." - # Fallback. This is a deliberately simplistic "conversion" and - # should not be "improved". See libtool.info. - if test "x$1" != "x$2"; then - lt_replace_pathsep_chars="s|$1|$2|g" - func_to_host_path_result=`echo "$3" | - $SED -e "$lt_replace_pathsep_chars"` - else - func_to_host_path_result=$3 - fi - fi -} -# end func_convert_path_check - - -# func_convert_path_front_back_pathsep FRONTPAT BACKPAT REPL ORIG -# Modifies func_to_host_path_result by prepending REPL if ORIG matches FRONTPAT -# and appending REPL if ORIG matches BACKPAT. -func_convert_path_front_back_pathsep () -{ - $debug_cmd - - case $4 in - $1 ) func_to_host_path_result=$3$func_to_host_path_result - ;; - esac - case $4 in - $2 ) func_append func_to_host_path_result "$3" - ;; - esac -} -# end func_convert_path_front_back_pathsep - - -################################################## -# $build to $host FILE NAME CONVERSION FUNCTIONS # -################################################## -# invoked via '$to_host_file_cmd ARG' -# -# In each case, ARG is the path to be converted from $build to $host format. -# Result will be available in $func_to_host_file_result. - - -# func_to_host_file ARG -# Converts the file name ARG from $build format to $host format. Return result -# in func_to_host_file_result. -func_to_host_file () -{ - $debug_cmd - - $to_host_file_cmd "$1" -} -# end func_to_host_file - - -# func_to_tool_file ARG LAZY -# converts the file name ARG from $build format to toolchain format. Return -# result in func_to_tool_file_result. If the conversion in use is listed -# in (the comma separated) LAZY, no conversion takes place. -func_to_tool_file () -{ - $debug_cmd - - case ,$2, in - *,"$to_tool_file_cmd",*) - func_to_tool_file_result=$1 - ;; - *) - $to_tool_file_cmd "$1" - func_to_tool_file_result=$func_to_host_file_result - ;; - esac -} -# end func_to_tool_file - - -# func_convert_file_noop ARG -# Copy ARG to func_to_host_file_result. -func_convert_file_noop () -{ - func_to_host_file_result=$1 -} -# end func_convert_file_noop - - -# func_convert_file_msys_to_w32 ARG -# Convert file name ARG from (mingw) MSYS to (mingw) w32 format; automatic -# conversion to w32 is not available inside the cwrapper. Returns result in -# func_to_host_file_result. -func_convert_file_msys_to_w32 () -{ - $debug_cmd - - func_to_host_file_result=$1 - if test -n "$1"; then - func_convert_core_msys_to_w32 "$1" - func_to_host_file_result=$func_convert_core_msys_to_w32_result - fi - func_convert_file_check "$1" "$func_to_host_file_result" -} -# end func_convert_file_msys_to_w32 - - -# func_convert_file_cygwin_to_w32 ARG -# Convert file name ARG from Cygwin to w32 format. Returns result in -# func_to_host_file_result. -func_convert_file_cygwin_to_w32 () -{ - $debug_cmd - - func_to_host_file_result=$1 - if test -n "$1"; then - # because $build is cygwin, we call "the" cygpath in $PATH; no need to use - # LT_CYGPATH in this case. - func_to_host_file_result=`cygpath -m "$1"` - fi - func_convert_file_check "$1" "$func_to_host_file_result" -} -# end func_convert_file_cygwin_to_w32 - - -# func_convert_file_nix_to_w32 ARG -# Convert file name ARG from *nix to w32 format. Requires a wine environment -# and a working winepath. Returns result in func_to_host_file_result. -func_convert_file_nix_to_w32 () -{ - $debug_cmd - - func_to_host_file_result=$1 - if test -n "$1"; then - func_convert_core_file_wine_to_w32 "$1" - func_to_host_file_result=$func_convert_core_file_wine_to_w32_result - fi - func_convert_file_check "$1" "$func_to_host_file_result" -} -# end func_convert_file_nix_to_w32 - - -# func_convert_file_msys_to_cygwin ARG -# Convert file name ARG from MSYS to Cygwin format. Requires LT_CYGPATH set. -# Returns result in func_to_host_file_result. -func_convert_file_msys_to_cygwin () -{ - $debug_cmd - - func_to_host_file_result=$1 - if test -n "$1"; then - func_convert_core_msys_to_w32 "$1" - func_cygpath -u "$func_convert_core_msys_to_w32_result" - func_to_host_file_result=$func_cygpath_result - fi - func_convert_file_check "$1" "$func_to_host_file_result" -} -# end func_convert_file_msys_to_cygwin - - -# func_convert_file_nix_to_cygwin ARG -# Convert file name ARG from *nix to Cygwin format. Requires Cygwin installed -# in a wine environment, working winepath, and LT_CYGPATH set. Returns result -# in func_to_host_file_result. -func_convert_file_nix_to_cygwin () -{ - $debug_cmd - - func_to_host_file_result=$1 - if test -n "$1"; then - # convert from *nix to w32, then use cygpath to convert from w32 to cygwin. - func_convert_core_file_wine_to_w32 "$1" - func_cygpath -u "$func_convert_core_file_wine_to_w32_result" - func_to_host_file_result=$func_cygpath_result - fi - func_convert_file_check "$1" "$func_to_host_file_result" -} -# end func_convert_file_nix_to_cygwin - - -############################################# -# $build to $host PATH CONVERSION FUNCTIONS # -############################################# -# invoked via '$to_host_path_cmd ARG' -# -# In each case, ARG is the path to be converted from $build to $host format. -# The result will be available in $func_to_host_path_result. -# -# Path separators are also converted from $build format to $host format. If -# ARG begins or ends with a path separator character, it is preserved (but -# converted to $host format) on output. -# -# All path conversion functions are named using the following convention: -# file name conversion function : func_convert_file_X_to_Y () -# path conversion function : func_convert_path_X_to_Y () -# where, for any given $build/$host combination the 'X_to_Y' value is the -# same. If conversion functions are added for new $build/$host combinations, -# the two new functions must follow this pattern, or func_init_to_host_path_cmd -# will break. - - -# func_init_to_host_path_cmd -# Ensures that function "pointer" variable $to_host_path_cmd is set to the -# appropriate value, based on the value of $to_host_file_cmd. -to_host_path_cmd= -func_init_to_host_path_cmd () -{ - $debug_cmd - - if test -z "$to_host_path_cmd"; then - func_stripname 'func_convert_file_' '' "$to_host_file_cmd" - to_host_path_cmd=func_convert_path_$func_stripname_result - fi -} - - -# func_to_host_path ARG -# Converts the path ARG from $build format to $host format. Return result -# in func_to_host_path_result. -func_to_host_path () -{ - $debug_cmd - - func_init_to_host_path_cmd - $to_host_path_cmd "$1" -} -# end func_to_host_path - - -# func_convert_path_noop ARG -# Copy ARG to func_to_host_path_result. -func_convert_path_noop () -{ - func_to_host_path_result=$1 -} -# end func_convert_path_noop - - -# func_convert_path_msys_to_w32 ARG -# Convert path ARG from (mingw) MSYS to (mingw) w32 format; automatic -# conversion to w32 is not available inside the cwrapper. Returns result in -# func_to_host_path_result. -func_convert_path_msys_to_w32 () -{ - $debug_cmd - - func_to_host_path_result=$1 - if test -n "$1"; then - # Remove leading and trailing path separator characters from ARG. MSYS - # behavior is inconsistent here; cygpath turns them into '.;' and ';.'; - # and winepath ignores them completely. - func_stripname : : "$1" - func_to_host_path_tmp1=$func_stripname_result - func_convert_core_msys_to_w32 "$func_to_host_path_tmp1" - func_to_host_path_result=$func_convert_core_msys_to_w32_result - func_convert_path_check : ";" \ - "$func_to_host_path_tmp1" "$func_to_host_path_result" - func_convert_path_front_back_pathsep ":*" "*:" ";" "$1" - fi -} -# end func_convert_path_msys_to_w32 - - -# func_convert_path_cygwin_to_w32 ARG -# Convert path ARG from Cygwin to w32 format. Returns result in -# func_to_host_file_result. -func_convert_path_cygwin_to_w32 () -{ - $debug_cmd - - func_to_host_path_result=$1 - if test -n "$1"; then - # See func_convert_path_msys_to_w32: - func_stripname : : "$1" - func_to_host_path_tmp1=$func_stripname_result - func_to_host_path_result=`cygpath -m -p "$func_to_host_path_tmp1"` - func_convert_path_check : ";" \ - "$func_to_host_path_tmp1" "$func_to_host_path_result" - func_convert_path_front_back_pathsep ":*" "*:" ";" "$1" - fi -} -# end func_convert_path_cygwin_to_w32 - - -# func_convert_path_nix_to_w32 ARG -# Convert path ARG from *nix to w32 format. Requires a wine environment and -# a working winepath. Returns result in func_to_host_file_result. -func_convert_path_nix_to_w32 () -{ - $debug_cmd - - func_to_host_path_result=$1 - if test -n "$1"; then - # See func_convert_path_msys_to_w32: - func_stripname : : "$1" - func_to_host_path_tmp1=$func_stripname_result - func_convert_core_path_wine_to_w32 "$func_to_host_path_tmp1" - func_to_host_path_result=$func_convert_core_path_wine_to_w32_result - func_convert_path_check : ";" \ - "$func_to_host_path_tmp1" "$func_to_host_path_result" - func_convert_path_front_back_pathsep ":*" "*:" ";" "$1" - fi -} -# end func_convert_path_nix_to_w32 - - -# func_convert_path_msys_to_cygwin ARG -# Convert path ARG from MSYS to Cygwin format. Requires LT_CYGPATH set. -# Returns result in func_to_host_file_result. -func_convert_path_msys_to_cygwin () -{ - $debug_cmd - - func_to_host_path_result=$1 - if test -n "$1"; then - # See func_convert_path_msys_to_w32: - func_stripname : : "$1" - func_to_host_path_tmp1=$func_stripname_result - func_convert_core_msys_to_w32 "$func_to_host_path_tmp1" - func_cygpath -u -p "$func_convert_core_msys_to_w32_result" - func_to_host_path_result=$func_cygpath_result - func_convert_path_check : : \ - "$func_to_host_path_tmp1" "$func_to_host_path_result" - func_convert_path_front_back_pathsep ":*" "*:" : "$1" - fi -} -# end func_convert_path_msys_to_cygwin - - -# func_convert_path_nix_to_cygwin ARG -# Convert path ARG from *nix to Cygwin format. Requires Cygwin installed in a -# a wine environment, working winepath, and LT_CYGPATH set. Returns result in -# func_to_host_file_result. -func_convert_path_nix_to_cygwin () -{ - $debug_cmd - - func_to_host_path_result=$1 - if test -n "$1"; then - # Remove leading and trailing path separator characters from - # ARG. msys behavior is inconsistent here, cygpath turns them - # into '.;' and ';.', and winepath ignores them completely. - func_stripname : : "$1" - func_to_host_path_tmp1=$func_stripname_result - func_convert_core_path_wine_to_w32 "$func_to_host_path_tmp1" - func_cygpath -u -p "$func_convert_core_path_wine_to_w32_result" - func_to_host_path_result=$func_cygpath_result - func_convert_path_check : : \ - "$func_to_host_path_tmp1" "$func_to_host_path_result" - func_convert_path_front_back_pathsep ":*" "*:" : "$1" - fi -} -# end func_convert_path_nix_to_cygwin - - -# func_dll_def_p FILE -# True iff FILE is a Windows DLL '.def' file. -# Keep in sync with _LT_DLL_DEF_P in libtool.m4 -func_dll_def_p () -{ - $debug_cmd - - func_dll_def_p_tmp=`$SED -n \ - -e 's/^[ ]*//' \ - -e '/^\(;.*\)*$/d' \ - -e 's/^\(EXPORTS\|LIBRARY\)\([ ].*\)*$/DEF/p' \ - -e q \ - "$1"` - test DEF = "$func_dll_def_p_tmp" -} - - -# func_mode_compile arg... -func_mode_compile () -{ - $debug_cmd - - # Get the compilation command and the source file. - base_compile= - srcfile=$nonopt # always keep a non-empty value in "srcfile" - suppress_opt=yes - suppress_output= - arg_mode=normal - libobj= - later= - pie_flag= - - for arg - do - case $arg_mode in - arg ) - # do not "continue". Instead, add this to base_compile - lastarg=$arg - arg_mode=normal - ;; - - target ) - libobj=$arg - arg_mode=normal - continue - ;; - - normal ) - # Accept any command-line options. - case $arg in - -o) - test -n "$libobj" && \ - func_fatal_error "you cannot specify '-o' more than once" - arg_mode=target - continue - ;; - - -pie | -fpie | -fPIE) - func_append pie_flag " $arg" - continue - ;; - - -shared | -static | -prefer-pic | -prefer-non-pic) - func_append later " $arg" - continue - ;; - - -no-suppress) - suppress_opt=no - continue - ;; - - -Xcompiler) - arg_mode=arg # the next one goes into the "base_compile" arg list - continue # The current "srcfile" will either be retained or - ;; # replaced later. I would guess that would be a bug. - - -Wc,*) - func_stripname '-Wc,' '' "$arg" - args=$func_stripname_result - lastarg= - save_ifs=$IFS; IFS=, - for arg in $args; do - IFS=$save_ifs - func_append_quoted lastarg "$arg" - done - IFS=$save_ifs - func_stripname ' ' '' "$lastarg" - lastarg=$func_stripname_result - - # Add the arguments to base_compile. - func_append base_compile " $lastarg" - continue - ;; - - *) - # Accept the current argument as the source file. - # The previous "srcfile" becomes the current argument. - # - lastarg=$srcfile - srcfile=$arg - ;; - esac # case $arg - ;; - esac # case $arg_mode - - # Aesthetically quote the previous argument. - func_append_quoted base_compile "$lastarg" - done # for arg - - case $arg_mode in - arg) - func_fatal_error "you must specify an argument for -Xcompile" - ;; - target) - func_fatal_error "you must specify a target with '-o'" - ;; - *) - # Get the name of the library object. - test -z "$libobj" && { - func_basename "$srcfile" - libobj=$func_basename_result - } - ;; - esac - - # Recognize several different file suffixes. - # If the user specifies -o file.o, it is replaced with file.lo - case $libobj in - *.[cCFSifmso] | \ - *.ada | *.adb | *.ads | *.asm | \ - *.c++ | *.cc | *.ii | *.class | *.cpp | *.cxx | \ - *.[fF][09]? | *.for | *.java | *.go | *.obj | *.sx | *.cu | *.cup) - func_xform "$libobj" - libobj=$func_xform_result - ;; - esac - - case $libobj in - *.lo) func_lo2o "$libobj"; obj=$func_lo2o_result ;; - *) - func_fatal_error "cannot determine name of library object from '$libobj'" - ;; - esac - - func_infer_tag $base_compile - - for arg in $later; do - case $arg in - -shared) - test yes = "$build_libtool_libs" \ - || func_fatal_configuration "cannot build a shared library" - build_old_libs=no - continue - ;; - - -static) - build_libtool_libs=no - build_old_libs=yes - continue - ;; - - -prefer-pic) - pic_mode=yes - continue - ;; - - -prefer-non-pic) - pic_mode=no - continue - ;; - esac - done - - func_quote_for_eval "$libobj" - test "X$libobj" != "X$func_quote_for_eval_result" \ - && $ECHO "X$libobj" | $GREP '[]~#^*{};<>?"'"'"' &()|`$[]' \ - && func_warning "libobj name '$libobj' may not contain shell special characters." - func_dirname_and_basename "$obj" "/" "" - objname=$func_basename_result - xdir=$func_dirname_result - lobj=$xdir$objdir/$objname - - test -z "$base_compile" && \ - func_fatal_help "you must specify a compilation command" - - # Delete any leftover library objects. - if test yes = "$build_old_libs"; then - removelist="$obj $lobj $libobj ${libobj}T" - else - removelist="$lobj $libobj ${libobj}T" - fi - - # On Cygwin there's no "real" PIC flag so we must build both object types - case $host_os in - cygwin* | mingw* | pw32* | os2* | cegcc*) - pic_mode=default - ;; - esac - if test no = "$pic_mode" && test pass_all != "$deplibs_check_method"; then - # non-PIC code in shared libraries is not supported - pic_mode=default - fi - - # Calculate the filename of the output object if compiler does - # not support -o with -c - if test no = "$compiler_c_o"; then - output_obj=`$ECHO "$srcfile" | $SED 's%^.*/%%; s%\.[^.]*$%%'`.$objext - lockfile=$output_obj.lock - else - output_obj= - need_locks=no - lockfile= - fi - - # Lock this critical section if it is needed - # We use this script file to make the link, it avoids creating a new file - if test yes = "$need_locks"; then - until $opt_dry_run || ln "$progpath" "$lockfile" 2>/dev/null; do - func_echo "Waiting for $lockfile to be removed" - sleep 2 - done - elif test warn = "$need_locks"; then - if test -f "$lockfile"; then - $ECHO "\ -*** ERROR, $lockfile exists and contains: -`cat $lockfile 2>/dev/null` - -This indicates that another process is trying to use the same -temporary object file, and libtool could not work around it because -your compiler does not support '-c' and '-o' together. If you -repeat this compilation, it may succeed, by chance, but you had better -avoid parallel builds (make -j) in this platform, or get a better -compiler." - - $opt_dry_run || $RM $removelist - exit $EXIT_FAILURE - fi - func_append removelist " $output_obj" - $ECHO "$srcfile" > "$lockfile" - fi - - $opt_dry_run || $RM $removelist - func_append removelist " $lockfile" - trap '$opt_dry_run || $RM $removelist; exit $EXIT_FAILURE' 1 2 15 - - func_to_tool_file "$srcfile" func_convert_file_msys_to_w32 - srcfile=$func_to_tool_file_result - func_quote_for_eval "$srcfile" - qsrcfile=$func_quote_for_eval_result - - # Only build a PIC object if we are building libtool libraries. - if test yes = "$build_libtool_libs"; then - # Without this assignment, base_compile gets emptied. - fbsd_hideous_sh_bug=$base_compile - - if test no != "$pic_mode"; then - command="$base_compile $qsrcfile $pic_flag" - else - # Don't build PIC code - command="$base_compile $qsrcfile" - fi - - func_mkdir_p "$xdir$objdir" - - if test -z "$output_obj"; then - # Place PIC objects in $objdir - func_append command " -o $lobj" - fi - - func_show_eval_locale "$command" \ - 'test -n "$output_obj" && $RM $removelist; exit $EXIT_FAILURE' - - if test warn = "$need_locks" && - test "X`cat $lockfile 2>/dev/null`" != "X$srcfile"; then - $ECHO "\ -*** ERROR, $lockfile contains: -`cat $lockfile 2>/dev/null` - -but it should contain: -$srcfile - -This indicates that another process is trying to use the same -temporary object file, and libtool could not work around it because -your compiler does not support '-c' and '-o' together. If you -repeat this compilation, it may succeed, by chance, but you had better -avoid parallel builds (make -j) in this platform, or get a better -compiler." - - $opt_dry_run || $RM $removelist - exit $EXIT_FAILURE - fi - - # Just move the object if needed, then go on to compile the next one - if test -n "$output_obj" && test "X$output_obj" != "X$lobj"; then - func_show_eval '$MV "$output_obj" "$lobj"' \ - 'error=$?; $opt_dry_run || $RM $removelist; exit $error' - fi - - # Allow error messages only from the first compilation. - if test yes = "$suppress_opt"; then - suppress_output=' >/dev/null 2>&1' - fi - fi - - # Only build a position-dependent object if we build old libraries. - if test yes = "$build_old_libs"; then - if test yes != "$pic_mode"; then - # Don't build PIC code - command="$base_compile $qsrcfile$pie_flag" - else - command="$base_compile $qsrcfile $pic_flag" - fi - if test yes = "$compiler_c_o"; then - func_append command " -o $obj" - fi - - # Suppress compiler output if we already did a PIC compilation. - func_append command "$suppress_output" - func_show_eval_locale "$command" \ - '$opt_dry_run || $RM $removelist; exit $EXIT_FAILURE' - - if test warn = "$need_locks" && - test "X`cat $lockfile 2>/dev/null`" != "X$srcfile"; then - $ECHO "\ -*** ERROR, $lockfile contains: -`cat $lockfile 2>/dev/null` - -but it should contain: -$srcfile - -This indicates that another process is trying to use the same -temporary object file, and libtool could not work around it because -your compiler does not support '-c' and '-o' together. If you -repeat this compilation, it may succeed, by chance, but you had better -avoid parallel builds (make -j) in this platform, or get a better -compiler." - - $opt_dry_run || $RM $removelist - exit $EXIT_FAILURE - fi - - # Just move the object if needed - if test -n "$output_obj" && test "X$output_obj" != "X$obj"; then - func_show_eval '$MV "$output_obj" "$obj"' \ - 'error=$?; $opt_dry_run || $RM $removelist; exit $error' - fi - fi - - $opt_dry_run || { - func_write_libtool_object "$libobj" "$objdir/$objname" "$objname" - - # Unlock the critical section if it was locked - if test no != "$need_locks"; then - removelist=$lockfile - $RM "$lockfile" - fi - } - - exit $EXIT_SUCCESS -} - -$opt_help || { - test compile = "$opt_mode" && func_mode_compile ${1+"$@"} -} - -func_mode_help () -{ - # We need to display help for each of the modes. - case $opt_mode in - "") - # Generic help is extracted from the usage comments - # at the start of this file. - func_help - ;; - - clean) - $ECHO \ -"Usage: $progname [OPTION]... --mode=clean RM [RM-OPTION]... FILE... - -Remove files from the build directory. - -RM is the name of the program to use to delete files associated with each FILE -(typically '/bin/rm'). RM-OPTIONS are options (such as '-f') to be passed -to RM. - -If FILE is a libtool library, object or program, all the files associated -with it are deleted. Otherwise, only FILE itself is deleted using RM." - ;; - - compile) - $ECHO \ -"Usage: $progname [OPTION]... --mode=compile COMPILE-COMMAND... SOURCEFILE - -Compile a source file into a libtool library object. - -This mode accepts the following additional options: - - -o OUTPUT-FILE set the output file name to OUTPUT-FILE - -no-suppress do not suppress compiler output for multiple passes - -prefer-pic try to build PIC objects only - -prefer-non-pic try to build non-PIC objects only - -shared do not build a '.o' file suitable for static linking - -static only build a '.o' file suitable for static linking - -Wc,FLAG pass FLAG directly to the compiler - -COMPILE-COMMAND is a command to be used in creating a 'standard' object file -from the given SOURCEFILE. - -The output file name is determined by removing the directory component from -SOURCEFILE, then substituting the C source code suffix '.c' with the -library object suffix, '.lo'." - ;; - - execute) - $ECHO \ -"Usage: $progname [OPTION]... --mode=execute COMMAND [ARGS]... - -Automatically set library path, then run a program. - -This mode accepts the following additional options: - - -dlopen FILE add the directory containing FILE to the library path - -This mode sets the library path environment variable according to '-dlopen' -flags. - -If any of the ARGS are libtool executable wrappers, then they are translated -into their corresponding uninstalled binary, and any of their required library -directories are added to the library path. - -Then, COMMAND is executed, with ARGS as arguments." - ;; - - finish) - $ECHO \ -"Usage: $progname [OPTION]... --mode=finish [LIBDIR]... - -Complete the installation of libtool libraries. - -Each LIBDIR is a directory that contains libtool libraries. - -The commands that this mode executes may require superuser privileges. Use -the '--dry-run' option if you just want to see what would be executed." - ;; - - install) - $ECHO \ -"Usage: $progname [OPTION]... --mode=install INSTALL-COMMAND... - -Install executables or libraries. - -INSTALL-COMMAND is the installation command. The first component should be -either the 'install' or 'cp' program. - -The following components of INSTALL-COMMAND are treated specially: - - -inst-prefix-dir PREFIX-DIR Use PREFIX-DIR as a staging area for installation - -The rest of the components are interpreted as arguments to that command (only -BSD-compatible install options are recognized)." - ;; - - link) - $ECHO \ -"Usage: $progname [OPTION]... --mode=link LINK-COMMAND... - -Link object files or libraries together to form another library, or to -create an executable program. - -LINK-COMMAND is a command using the C compiler that you would use to create -a program from several object files. - -The following components of LINK-COMMAND are treated specially: - - -all-static do not do any dynamic linking at all - -avoid-version do not add a version suffix if possible - -bindir BINDIR specify path to binaries directory (for systems where - libraries must be found in the PATH setting at runtime) - -dlopen FILE '-dlpreopen' FILE if it cannot be dlopened at runtime - -dlpreopen FILE link in FILE and add its symbols to lt_preloaded_symbols - -export-dynamic allow symbols from OUTPUT-FILE to be resolved with dlsym(3) - -export-symbols SYMFILE - try to export only the symbols listed in SYMFILE - -export-symbols-regex REGEX - try to export only the symbols matching REGEX - -LLIBDIR search LIBDIR for required installed libraries - -lNAME OUTPUT-FILE requires the installed library libNAME - -module build a library that can dlopened - -no-fast-install disable the fast-install mode - -no-install link a not-installable executable - -no-undefined declare that a library does not refer to external symbols - -o OUTPUT-FILE create OUTPUT-FILE from the specified objects - -objectlist FILE use a list of object files found in FILE to specify objects - -os2dllname NAME force a short DLL name on OS/2 (no effect on other OSes) - -precious-files-regex REGEX - don't remove output files matching REGEX - -release RELEASE specify package release information - -rpath LIBDIR the created library will eventually be installed in LIBDIR - -R[ ]LIBDIR add LIBDIR to the runtime path of programs and libraries - -shared only do dynamic linking of libtool libraries - -shrext SUFFIX override the standard shared library file extension - -static do not do any dynamic linking of uninstalled libtool libraries - -static-libtool-libs - do not do any dynamic linking of libtool libraries - -version-info CURRENT[:REVISION[:AGE]] - specify library version info [each variable defaults to 0] - -weak LIBNAME declare that the target provides the LIBNAME interface - -Wc,FLAG - -Xcompiler FLAG pass linker-specific FLAG directly to the compiler - -Wl,FLAG - -Xlinker FLAG pass linker-specific FLAG directly to the linker - -XCClinker FLAG pass link-specific FLAG to the compiler driver (CC) - -All other options (arguments beginning with '-') are ignored. - -Every other argument is treated as a filename. Files ending in '.la' are -treated as uninstalled libtool libraries, other files are standard or library -object files. - -If the OUTPUT-FILE ends in '.la', then a libtool library is created, -only library objects ('.lo' files) may be specified, and '-rpath' is -required, except when creating a convenience library. - -If OUTPUT-FILE ends in '.a' or '.lib', then a standard library is created -using 'ar' and 'ranlib', or on Windows using 'lib'. - -If OUTPUT-FILE ends in '.lo' or '.$objext', then a reloadable object file -is created, otherwise an executable program is created." - ;; - - uninstall) - $ECHO \ -"Usage: $progname [OPTION]... --mode=uninstall RM [RM-OPTION]... FILE... - -Remove libraries from an installation directory. - -RM is the name of the program to use to delete files associated with each FILE -(typically '/bin/rm'). RM-OPTIONS are options (such as '-f') to be passed -to RM. - -If FILE is a libtool library, all the files associated with it are deleted. -Otherwise, only FILE itself is deleted using RM." - ;; - - *) - func_fatal_help "invalid operation mode '$opt_mode'" - ;; - esac - - echo - $ECHO "Try '$progname --help' for more information about other modes." -} - -# Now that we've collected a possible --mode arg, show help if necessary -if $opt_help; then - if test : = "$opt_help"; then - func_mode_help - else - { - func_help noexit - for opt_mode in compile link execute install finish uninstall clean; do - func_mode_help - done - } | $SED -n '1p; 2,$s/^Usage:/ or: /p' - { - func_help noexit - for opt_mode in compile link execute install finish uninstall clean; do - echo - func_mode_help - done - } | - $SED '1d - /^When reporting/,/^Report/{ - H - d - } - $x - /information about other modes/d - /more detailed .*MODE/d - s/^Usage:.*--mode=\([^ ]*\) .*/Description of \1 mode:/' - fi - exit $? -fi - - -# func_mode_execute arg... -func_mode_execute () -{ - $debug_cmd - - # The first argument is the command name. - cmd=$nonopt - test -z "$cmd" && \ - func_fatal_help "you must specify a COMMAND" - - # Handle -dlopen flags immediately. - for file in $opt_dlopen; do - test -f "$file" \ - || func_fatal_help "'$file' is not a file" - - dir= - case $file in - *.la) - func_resolve_sysroot "$file" - file=$func_resolve_sysroot_result - - # Check to see that this really is a libtool archive. - func_lalib_unsafe_p "$file" \ - || func_fatal_help "'$lib' is not a valid libtool archive" - - # Read the libtool library. - dlname= - library_names= - func_source "$file" - - # Skip this library if it cannot be dlopened. - if test -z "$dlname"; then - # Warn if it was a shared library. - test -n "$library_names" && \ - func_warning "'$file' was not linked with '-export-dynamic'" - continue - fi - - func_dirname "$file" "" "." - dir=$func_dirname_result - - if test -f "$dir/$objdir/$dlname"; then - func_append dir "/$objdir" - else - if test ! -f "$dir/$dlname"; then - func_fatal_error "cannot find '$dlname' in '$dir' or '$dir/$objdir'" - fi - fi - ;; - - *.lo) - # Just add the directory containing the .lo file. - func_dirname "$file" "" "." - dir=$func_dirname_result - ;; - - *) - func_warning "'-dlopen' is ignored for non-libtool libraries and objects" - continue - ;; - esac - - # Get the absolute pathname. - absdir=`cd "$dir" && pwd` - test -n "$absdir" && dir=$absdir - - # Now add the directory to shlibpath_var. - if eval "test -z \"\$$shlibpath_var\""; then - eval "$shlibpath_var=\"\$dir\"" - else - eval "$shlibpath_var=\"\$dir:\$$shlibpath_var\"" - fi - done - - # This variable tells wrapper scripts just to set shlibpath_var - # rather than running their programs. - libtool_execute_magic=$magic - - # Check if any of the arguments is a wrapper script. - args= - for file - do - case $file in - -* | *.la | *.lo ) ;; - *) - # Do a test to see if this is really a libtool program. - if func_ltwrapper_script_p "$file"; then - func_source "$file" - # Transform arg to wrapped name. - file=$progdir/$program - elif func_ltwrapper_executable_p "$file"; then - func_ltwrapper_scriptname "$file" - func_source "$func_ltwrapper_scriptname_result" - # Transform arg to wrapped name. - file=$progdir/$program - fi - ;; - esac - # Quote arguments (to preserve shell metacharacters). - func_append_quoted args "$file" - done - - if $opt_dry_run; then - # Display what would be done. - if test -n "$shlibpath_var"; then - eval "\$ECHO \"\$shlibpath_var=\$$shlibpath_var\"" - echo "export $shlibpath_var" - fi - $ECHO "$cmd$args" - exit $EXIT_SUCCESS - else - if test -n "$shlibpath_var"; then - # Export the shlibpath_var. - eval "export $shlibpath_var" - fi - - # Restore saved environment variables - for lt_var in LANG LANGUAGE LC_ALL LC_CTYPE LC_COLLATE LC_MESSAGES - do - eval "if test \"\${save_$lt_var+set}\" = set; then - $lt_var=\$save_$lt_var; export $lt_var - else - $lt_unset $lt_var - fi" - done - - # Now prepare to actually exec the command. - exec_cmd=\$cmd$args - fi -} - -test execute = "$opt_mode" && func_mode_execute ${1+"$@"} - - -# func_mode_finish arg... -func_mode_finish () -{ - $debug_cmd - - libs= - libdirs= - admincmds= - - for opt in "$nonopt" ${1+"$@"} - do - if test -d "$opt"; then - func_append libdirs " $opt" - - elif test -f "$opt"; then - if func_lalib_unsafe_p "$opt"; then - func_append libs " $opt" - else - func_warning "'$opt' is not a valid libtool archive" - fi - - else - func_fatal_error "invalid argument '$opt'" - fi - done - - if test -n "$libs"; then - if test -n "$lt_sysroot"; then - sysroot_regex=`$ECHO "$lt_sysroot" | $SED "$sed_make_literal_regex"` - sysroot_cmd="s/\([ ']\)$sysroot_regex/\1/g;" - else - sysroot_cmd= - fi - - # Remove sysroot references - if $opt_dry_run; then - for lib in $libs; do - echo "removing references to $lt_sysroot and '=' prefixes from $lib" - done - else - tmpdir=`func_mktempdir` - for lib in $libs; do - $SED -e "$sysroot_cmd s/\([ ']-[LR]\)=/\1/g; s/\([ ']\)=/\1/g" $lib \ - > $tmpdir/tmp-la - mv -f $tmpdir/tmp-la $lib - done - ${RM}r "$tmpdir" - fi - fi - - if test -n "$finish_cmds$finish_eval" && test -n "$libdirs"; then - for libdir in $libdirs; do - if test -n "$finish_cmds"; then - # Do each command in the finish commands. - func_execute_cmds "$finish_cmds" 'admincmds="$admincmds -'"$cmd"'"' - fi - if test -n "$finish_eval"; then - # Do the single finish_eval. - eval cmds=\"$finish_eval\" - $opt_dry_run || eval "$cmds" || func_append admincmds " - $cmds" - fi - done - fi - - # Exit here if they wanted silent mode. - $opt_quiet && exit $EXIT_SUCCESS - - if test -n "$finish_cmds$finish_eval" && test -n "$libdirs"; then - echo "----------------------------------------------------------------------" - echo "Libraries have been installed in:" - for libdir in $libdirs; do - $ECHO " $libdir" - done - echo - echo "If you ever happen to want to link against installed libraries" - echo "in a given directory, LIBDIR, you must either use libtool, and" - echo "specify the full pathname of the library, or use the '-LLIBDIR'" - echo "flag during linking and do at least one of the following:" - if test -n "$shlibpath_var"; then - echo " - add LIBDIR to the '$shlibpath_var' environment variable" - echo " during execution" - fi - if test -n "$runpath_var"; then - echo " - add LIBDIR to the '$runpath_var' environment variable" - echo " during linking" - fi - if test -n "$hardcode_libdir_flag_spec"; then - libdir=LIBDIR - eval flag=\"$hardcode_libdir_flag_spec\" - - $ECHO " - use the '$flag' linker flag" - fi - if test -n "$admincmds"; then - $ECHO " - have your system administrator run these commands:$admincmds" - fi - if test -f /etc/ld.so.conf; then - echo " - have your system administrator add LIBDIR to '/etc/ld.so.conf'" - fi - echo - - echo "See any operating system documentation about shared libraries for" - case $host in - solaris2.[6789]|solaris2.1[0-9]) - echo "more information, such as the ld(1), crle(1) and ld.so(8) manual" - echo "pages." - ;; - *) - echo "more information, such as the ld(1) and ld.so(8) manual pages." - ;; - esac - echo "----------------------------------------------------------------------" - fi - exit $EXIT_SUCCESS -} - -test finish = "$opt_mode" && func_mode_finish ${1+"$@"} - - -# func_mode_install arg... -func_mode_install () -{ - $debug_cmd - - # There may be an optional sh(1) argument at the beginning of - # install_prog (especially on Windows NT). - if test "$SHELL" = "$nonopt" || test /bin/sh = "$nonopt" || - # Allow the use of GNU shtool's install command. - case $nonopt in *shtool*) :;; *) false;; esac - then - # Aesthetically quote it. - func_quote_for_eval "$nonopt" - install_prog="$func_quote_for_eval_result " - arg=$1 - shift - else - install_prog= - arg=$nonopt - fi - - # The real first argument should be the name of the installation program. - # Aesthetically quote it. - func_quote_for_eval "$arg" - func_append install_prog "$func_quote_for_eval_result" - install_shared_prog=$install_prog - case " $install_prog " in - *[\\\ /]cp\ *) install_cp=: ;; - *) install_cp=false ;; - esac - - # We need to accept at least all the BSD install flags. - dest= - files= - opts= - prev= - install_type= - isdir=false - stripme= - no_mode=: - for arg - do - arg2= - if test -n "$dest"; then - func_append files " $dest" - dest=$arg - continue - fi - - case $arg in - -d) isdir=: ;; - -f) - if $install_cp; then :; else - prev=$arg - fi - ;; - -g | -m | -o) - prev=$arg - ;; - -s) - stripme=" -s" - continue - ;; - -*) - ;; - *) - # If the previous option needed an argument, then skip it. - if test -n "$prev"; then - if test X-m = "X$prev" && test -n "$install_override_mode"; then - arg2=$install_override_mode - no_mode=false - fi - prev= - else - dest=$arg - continue - fi - ;; - esac - - # Aesthetically quote the argument. - func_quote_for_eval "$arg" - func_append install_prog " $func_quote_for_eval_result" - if test -n "$arg2"; then - func_quote_for_eval "$arg2" - fi - func_append install_shared_prog " $func_quote_for_eval_result" - done - - test -z "$install_prog" && \ - func_fatal_help "you must specify an install program" - - test -n "$prev" && \ - func_fatal_help "the '$prev' option requires an argument" - - if test -n "$install_override_mode" && $no_mode; then - if $install_cp; then :; else - func_quote_for_eval "$install_override_mode" - func_append install_shared_prog " -m $func_quote_for_eval_result" - fi - fi - - if test -z "$files"; then - if test -z "$dest"; then - func_fatal_help "no file or destination specified" - else - func_fatal_help "you must specify a destination" - fi - fi - - # Strip any trailing slash from the destination. - func_stripname '' '/' "$dest" - dest=$func_stripname_result - - # Check to see that the destination is a directory. - test -d "$dest" && isdir=: - if $isdir; then - destdir=$dest - destname= - else - func_dirname_and_basename "$dest" "" "." - destdir=$func_dirname_result - destname=$func_basename_result - - # Not a directory, so check to see that there is only one file specified. - set dummy $files; shift - test "$#" -gt 1 && \ - func_fatal_help "'$dest' is not a directory" - fi - case $destdir in - [\\/]* | [A-Za-z]:[\\/]*) ;; - *) - for file in $files; do - case $file in - *.lo) ;; - *) - func_fatal_help "'$destdir' must be an absolute directory name" - ;; - esac - done - ;; - esac - - # This variable tells wrapper scripts just to set variables rather - # than running their programs. - libtool_install_magic=$magic - - staticlibs= - future_libdirs= - current_libdirs= - for file in $files; do - - # Do each installation. - case $file in - *.$libext) - # Do the static libraries later. - func_append staticlibs " $file" - ;; - - *.la) - func_resolve_sysroot "$file" - file=$func_resolve_sysroot_result - - # Check to see that this really is a libtool archive. - func_lalib_unsafe_p "$file" \ - || func_fatal_help "'$file' is not a valid libtool archive" - - library_names= - old_library= - relink_command= - func_source "$file" - - # Add the libdir to current_libdirs if it is the destination. - if test "X$destdir" = "X$libdir"; then - case "$current_libdirs " in - *" $libdir "*) ;; - *) func_append current_libdirs " $libdir" ;; - esac - else - # Note the libdir as a future libdir. - case "$future_libdirs " in - *" $libdir "*) ;; - *) func_append future_libdirs " $libdir" ;; - esac - fi - - func_dirname "$file" "/" "" - dir=$func_dirname_result - func_append dir "$objdir" - - if test -n "$relink_command"; then - # Determine the prefix the user has applied to our future dir. - inst_prefix_dir=`$ECHO "$destdir" | $SED -e "s%$libdir\$%%"` - - # Don't allow the user to place us outside of our expected - # location b/c this prevents finding dependent libraries that - # are installed to the same prefix. - # At present, this check doesn't affect windows .dll's that - # are installed into $libdir/../bin (currently, that works fine) - # but it's something to keep an eye on. - test "$inst_prefix_dir" = "$destdir" && \ - func_fatal_error "error: cannot install '$file' to a directory not ending in $libdir" - - if test -n "$inst_prefix_dir"; then - # Stick the inst_prefix_dir data into the link command. - relink_command=`$ECHO "$relink_command" | $SED "s%@inst_prefix_dir@%-inst-prefix-dir $inst_prefix_dir%"` - else - relink_command=`$ECHO "$relink_command" | $SED "s%@inst_prefix_dir@%%"` - fi - - func_warning "relinking '$file'" - func_show_eval "$relink_command" \ - 'func_fatal_error "error: relink '\''$file'\'' with the above command before installing it"' - fi - - # See the names of the shared library. - set dummy $library_names; shift - if test -n "$1"; then - realname=$1 - shift - - srcname=$realname - test -n "$relink_command" && srcname=${realname}T - - # Install the shared library and build the symlinks. - func_show_eval "$install_shared_prog $dir/$srcname $destdir/$realname" \ - 'exit $?' - tstripme=$stripme - case $host_os in - cygwin* | mingw* | pw32* | cegcc*) - case $realname in - *.dll.a) - tstripme= - ;; - esac - ;; - os2*) - case $realname in - *_dll.a) - tstripme= - ;; - esac - ;; - esac - if test -n "$tstripme" && test -n "$striplib"; then - func_show_eval "$striplib $destdir/$realname" 'exit $?' - fi - - if test "$#" -gt 0; then - # Delete the old symlinks, and create new ones. - # Try 'ln -sf' first, because the 'ln' binary might depend on - # the symlink we replace! Solaris /bin/ln does not understand -f, - # so we also need to try rm && ln -s. - for linkname - do - test "$linkname" != "$realname" \ - && func_show_eval "(cd $destdir && { $LN_S -f $realname $linkname || { $RM $linkname && $LN_S $realname $linkname; }; })" - done - fi - - # Do each command in the postinstall commands. - lib=$destdir/$realname - func_execute_cmds "$postinstall_cmds" 'exit $?' - fi - - # Install the pseudo-library for information purposes. - func_basename "$file" - name=$func_basename_result - instname=$dir/${name}i - func_show_eval "$install_prog $instname $destdir/$name" 'exit $?' - - # Maybe install the static library, too. - test -n "$old_library" && func_append staticlibs " $dir/$old_library" - ;; - - *.lo) - # Install (i.e. copy) a libtool object. - - # Figure out destination file name, if it wasn't already specified. - if test -n "$destname"; then - destfile=$destdir/$destname - else - func_basename "$file" - destfile=$func_basename_result - destfile=$destdir/$destfile - fi - - # Deduce the name of the destination old-style object file. - case $destfile in - *.lo) - func_lo2o "$destfile" - staticdest=$func_lo2o_result - ;; - *.$objext) - staticdest=$destfile - destfile= - ;; - *) - func_fatal_help "cannot copy a libtool object to '$destfile'" - ;; - esac - - # Install the libtool object if requested. - test -n "$destfile" && \ - func_show_eval "$install_prog $file $destfile" 'exit $?' - - # Install the old object if enabled. - if test yes = "$build_old_libs"; then - # Deduce the name of the old-style object file. - func_lo2o "$file" - staticobj=$func_lo2o_result - func_show_eval "$install_prog \$staticobj \$staticdest" 'exit $?' - fi - exit $EXIT_SUCCESS - ;; - - *) - # Figure out destination file name, if it wasn't already specified. - if test -n "$destname"; then - destfile=$destdir/$destname - else - func_basename "$file" - destfile=$func_basename_result - destfile=$destdir/$destfile - fi - - # If the file is missing, and there is a .exe on the end, strip it - # because it is most likely a libtool script we actually want to - # install - stripped_ext= - case $file in - *.exe) - if test ! -f "$file"; then - func_stripname '' '.exe' "$file" - file=$func_stripname_result - stripped_ext=.exe - fi - ;; - esac - - # Do a test to see if this is really a libtool program. - case $host in - *cygwin* | *mingw*) - if func_ltwrapper_executable_p "$file"; then - func_ltwrapper_scriptname "$file" - wrapper=$func_ltwrapper_scriptname_result - else - func_stripname '' '.exe' "$file" - wrapper=$func_stripname_result - fi - ;; - *) - wrapper=$file - ;; - esac - if func_ltwrapper_script_p "$wrapper"; then - notinst_deplibs= - relink_command= - - func_source "$wrapper" - - # Check the variables that should have been set. - test -z "$generated_by_libtool_version" && \ - func_fatal_error "invalid libtool wrapper script '$wrapper'" - - finalize=: - for lib in $notinst_deplibs; do - # Check to see that each library is installed. - libdir= - if test -f "$lib"; then - func_source "$lib" - fi - libfile=$libdir/`$ECHO "$lib" | $SED 's%^.*/%%g'` - if test -n "$libdir" && test ! -f "$libfile"; then - func_warning "'$lib' has not been installed in '$libdir'" - finalize=false - fi - done - - relink_command= - func_source "$wrapper" - - outputname= - if test no = "$fast_install" && test -n "$relink_command"; then - $opt_dry_run || { - if $finalize; then - tmpdir=`func_mktempdir` - func_basename "$file$stripped_ext" - file=$func_basename_result - outputname=$tmpdir/$file - # Replace the output file specification. - relink_command=`$ECHO "$relink_command" | $SED 's%@OUTPUT@%'"$outputname"'%g'` - - $opt_quiet || { - func_quote_for_expand "$relink_command" - eval "func_echo $func_quote_for_expand_result" - } - if eval "$relink_command"; then : - else - func_error "error: relink '$file' with the above command before installing it" - $opt_dry_run || ${RM}r "$tmpdir" - continue - fi - file=$outputname - else - func_warning "cannot relink '$file'" - fi - } - else - # Install the binary that we compiled earlier. - file=`$ECHO "$file$stripped_ext" | $SED "s%\([^/]*\)$%$objdir/\1%"` - fi - fi - - # remove .exe since cygwin /usr/bin/install will append another - # one anyway - case $install_prog,$host in - */usr/bin/install*,*cygwin*) - case $file:$destfile in - *.exe:*.exe) - # this is ok - ;; - *.exe:*) - destfile=$destfile.exe - ;; - *:*.exe) - func_stripname '' '.exe' "$destfile" - destfile=$func_stripname_result - ;; - esac - ;; - esac - func_show_eval "$install_prog\$stripme \$file \$destfile" 'exit $?' - $opt_dry_run || if test -n "$outputname"; then - ${RM}r "$tmpdir" - fi - ;; - esac - done - - for file in $staticlibs; do - func_basename "$file" - name=$func_basename_result - - # Set up the ranlib parameters. - oldlib=$destdir/$name - func_to_tool_file "$oldlib" func_convert_file_msys_to_w32 - tool_oldlib=$func_to_tool_file_result - - func_show_eval "$install_prog \$file \$oldlib" 'exit $?' - - if test -n "$stripme" && test -n "$old_striplib"; then - func_show_eval "$old_striplib $tool_oldlib" 'exit $?' - fi - - # Do each command in the postinstall commands. - func_execute_cmds "$old_postinstall_cmds" 'exit $?' - done - - test -n "$future_libdirs" && \ - func_warning "remember to run '$progname --finish$future_libdirs'" - - if test -n "$current_libdirs"; then - # Maybe just do a dry run. - $opt_dry_run && current_libdirs=" -n$current_libdirs" - exec_cmd='$SHELL "$progpath" $preserve_args --finish$current_libdirs' - else - exit $EXIT_SUCCESS - fi -} - -test install = "$opt_mode" && func_mode_install ${1+"$@"} - - -# func_generate_dlsyms outputname originator pic_p -# Extract symbols from dlprefiles and create ${outputname}S.o with -# a dlpreopen symbol table. -func_generate_dlsyms () -{ - $debug_cmd - - my_outputname=$1 - my_originator=$2 - my_pic_p=${3-false} - my_prefix=`$ECHO "$my_originator" | $SED 's%[^a-zA-Z0-9]%_%g'` - my_dlsyms= - - if test -n "$dlfiles$dlprefiles" || test no != "$dlself"; then - if test -n "$NM" && test -n "$global_symbol_pipe"; then - my_dlsyms=${my_outputname}S.c - else - func_error "not configured to extract global symbols from dlpreopened files" - fi - fi - - if test -n "$my_dlsyms"; then - case $my_dlsyms in - "") ;; - *.c) - # Discover the nlist of each of the dlfiles. - nlist=$output_objdir/$my_outputname.nm - - func_show_eval "$RM $nlist ${nlist}S ${nlist}T" - - # Parse the name list into a source file. - func_verbose "creating $output_objdir/$my_dlsyms" - - $opt_dry_run || $ECHO > "$output_objdir/$my_dlsyms" "\ -/* $my_dlsyms - symbol resolution table for '$my_outputname' dlsym emulation. */ -/* Generated by $PROGRAM (GNU $PACKAGE) $VERSION */ - -#ifdef __cplusplus -extern \"C\" { -#endif - -#if defined __GNUC__ && (((__GNUC__ == 4) && (__GNUC_MINOR__ >= 4)) || (__GNUC__ > 4)) -#pragma GCC diagnostic ignored \"-Wstrict-prototypes\" -#endif - -/* Keep this code in sync between libtool.m4, ltmain, lt_system.h, and tests. */ -#if defined _WIN32 || defined __CYGWIN__ || defined _WIN32_WCE -/* DATA imports from DLLs on WIN32 can't be const, because runtime - relocations are performed -- see ld's documentation on pseudo-relocs. */ -# define LT_DLSYM_CONST -#elif defined __osf__ -/* This system does not cope well with relocations in const data. */ -# define LT_DLSYM_CONST -#else -# define LT_DLSYM_CONST const -#endif - -#define STREQ(s1, s2) (strcmp ((s1), (s2)) == 0) - -/* External symbol declarations for the compiler. */\ -" - - if test yes = "$dlself"; then - func_verbose "generating symbol list for '$output'" - - $opt_dry_run || echo ': @PROGRAM@ ' > "$nlist" - - # Add our own program objects to the symbol list. - progfiles=`$ECHO "$objs$old_deplibs" | $SP2NL | $SED "$lo2o" | $NL2SP` - for progfile in $progfiles; do - func_to_tool_file "$progfile" func_convert_file_msys_to_w32 - func_verbose "extracting global C symbols from '$func_to_tool_file_result'" - $opt_dry_run || eval "$NM $func_to_tool_file_result | $global_symbol_pipe >> '$nlist'" - done - - if test -n "$exclude_expsyms"; then - $opt_dry_run || { - eval '$EGREP -v " ($exclude_expsyms)$" "$nlist" > "$nlist"T' - eval '$MV "$nlist"T "$nlist"' - } - fi - - if test -n "$export_symbols_regex"; then - $opt_dry_run || { - eval '$EGREP -e "$export_symbols_regex" "$nlist" > "$nlist"T' - eval '$MV "$nlist"T "$nlist"' - } - fi - - # Prepare the list of exported symbols - if test -z "$export_symbols"; then - export_symbols=$output_objdir/$outputname.exp - $opt_dry_run || { - $RM $export_symbols - eval "$SED -n -e '/^: @PROGRAM@ $/d' -e 's/^.* \(.*\)$/\1/p' "'< "$nlist" > "$export_symbols"' - case $host in - *cygwin* | *mingw* | *cegcc* ) - eval "echo EXPORTS "'> "$output_objdir/$outputname.def"' - eval 'cat "$export_symbols" >> "$output_objdir/$outputname.def"' - ;; - esac - } - else - $opt_dry_run || { - eval "$SED -e 's/\([].[*^$]\)/\\\\\1/g' -e 's/^/ /' -e 's/$/$/'"' < "$export_symbols" > "$output_objdir/$outputname.exp"' - eval '$GREP -f "$output_objdir/$outputname.exp" < "$nlist" > "$nlist"T' - eval '$MV "$nlist"T "$nlist"' - case $host in - *cygwin* | *mingw* | *cegcc* ) - eval "echo EXPORTS "'> "$output_objdir/$outputname.def"' - eval 'cat "$nlist" >> "$output_objdir/$outputname.def"' - ;; - esac - } - fi - fi - - for dlprefile in $dlprefiles; do - func_verbose "extracting global C symbols from '$dlprefile'" - func_basename "$dlprefile" - name=$func_basename_result - case $host in - *cygwin* | *mingw* | *cegcc* ) - # if an import library, we need to obtain dlname - if func_win32_import_lib_p "$dlprefile"; then - func_tr_sh "$dlprefile" - eval "curr_lafile=\$libfile_$func_tr_sh_result" - dlprefile_dlbasename= - if test -n "$curr_lafile" && func_lalib_p "$curr_lafile"; then - # Use subshell, to avoid clobbering current variable values - dlprefile_dlname=`source "$curr_lafile" && echo "$dlname"` - if test -n "$dlprefile_dlname"; then - func_basename "$dlprefile_dlname" - dlprefile_dlbasename=$func_basename_result - else - # no lafile. user explicitly requested -dlpreopen . - $sharedlib_from_linklib_cmd "$dlprefile" - dlprefile_dlbasename=$sharedlib_from_linklib_result - fi - fi - $opt_dry_run || { - if test -n "$dlprefile_dlbasename"; then - eval '$ECHO ": $dlprefile_dlbasename" >> "$nlist"' - else - func_warning "Could not compute DLL name from $name" - eval '$ECHO ": $name " >> "$nlist"' - fi - func_to_tool_file "$dlprefile" func_convert_file_msys_to_w32 - eval "$NM \"$func_to_tool_file_result\" 2>/dev/null | $global_symbol_pipe | - $SED -e '/I __imp/d' -e 's/I __nm_/D /;s/_nm__//' >> '$nlist'" - } - else # not an import lib - $opt_dry_run || { - eval '$ECHO ": $name " >> "$nlist"' - func_to_tool_file "$dlprefile" func_convert_file_msys_to_w32 - eval "$NM \"$func_to_tool_file_result\" 2>/dev/null | $global_symbol_pipe >> '$nlist'" - } - fi - ;; - *) - $opt_dry_run || { - eval '$ECHO ": $name " >> "$nlist"' - func_to_tool_file "$dlprefile" func_convert_file_msys_to_w32 - eval "$NM \"$func_to_tool_file_result\" 2>/dev/null | $global_symbol_pipe >> '$nlist'" - } - ;; - esac - done - - $opt_dry_run || { - # Make sure we have at least an empty file. - test -f "$nlist" || : > "$nlist" - - if test -n "$exclude_expsyms"; then - $EGREP -v " ($exclude_expsyms)$" "$nlist" > "$nlist"T - $MV "$nlist"T "$nlist" - fi - - # Try sorting and uniquifying the output. - if $GREP -v "^: " < "$nlist" | - if sort -k 3 /dev/null 2>&1; then - sort -k 3 - else - sort +2 - fi | - uniq > "$nlist"S; then - : - else - $GREP -v "^: " < "$nlist" > "$nlist"S - fi - - if test -f "$nlist"S; then - eval "$global_symbol_to_cdecl"' < "$nlist"S >> "$output_objdir/$my_dlsyms"' - else - echo '/* NONE */' >> "$output_objdir/$my_dlsyms" - fi - - func_show_eval '$RM "${nlist}I"' - if test -n "$global_symbol_to_import"; then - eval "$global_symbol_to_import"' < "$nlist"S > "$nlist"I' - fi - - echo >> "$output_objdir/$my_dlsyms" "\ - -/* The mapping between symbol names and symbols. */ -typedef struct { - const char *name; - void *address; -} lt_dlsymlist; -extern LT_DLSYM_CONST lt_dlsymlist -lt_${my_prefix}_LTX_preloaded_symbols[];\ -" - - if test -s "$nlist"I; then - echo >> "$output_objdir/$my_dlsyms" "\ -static void lt_syminit(void) -{ - LT_DLSYM_CONST lt_dlsymlist *symbol = lt_${my_prefix}_LTX_preloaded_symbols; - for (; symbol->name; ++symbol) - {" - $SED 's/.*/ if (STREQ (symbol->name, \"&\")) symbol->address = (void *) \&&;/' < "$nlist"I >> "$output_objdir/$my_dlsyms" - echo >> "$output_objdir/$my_dlsyms" "\ - } -}" - fi - echo >> "$output_objdir/$my_dlsyms" "\ -LT_DLSYM_CONST lt_dlsymlist -lt_${my_prefix}_LTX_preloaded_symbols[] = -{ {\"$my_originator\", (void *) 0}," - - if test -s "$nlist"I; then - echo >> "$output_objdir/$my_dlsyms" "\ - {\"@INIT@\", (void *) <_syminit}," - fi - - case $need_lib_prefix in - no) - eval "$global_symbol_to_c_name_address" < "$nlist" >> "$output_objdir/$my_dlsyms" - ;; - *) - eval "$global_symbol_to_c_name_address_lib_prefix" < "$nlist" >> "$output_objdir/$my_dlsyms" - ;; - esac - echo >> "$output_objdir/$my_dlsyms" "\ - {0, (void *) 0} -}; - -/* This works around a problem in FreeBSD linker */ -#ifdef FREEBSD_WORKAROUND -static const void *lt_preloaded_setup() { - return lt_${my_prefix}_LTX_preloaded_symbols; -} -#endif - -#ifdef __cplusplus -} -#endif\ -" - } # !$opt_dry_run - - pic_flag_for_symtable= - case "$compile_command " in - *" -static "*) ;; - *) - case $host in - # compiling the symbol table file with pic_flag works around - # a FreeBSD bug that causes programs to crash when -lm is - # linked before any other PIC object. But we must not use - # pic_flag when linking with -static. The problem exists in - # FreeBSD 2.2.6 and is fixed in FreeBSD 3.1. - *-*-freebsd2.*|*-*-freebsd3.0*|*-*-freebsdelf3.0*) - pic_flag_for_symtable=" $pic_flag -DFREEBSD_WORKAROUND" ;; - *-*-hpux*) - pic_flag_for_symtable=" $pic_flag" ;; - *) - $my_pic_p && pic_flag_for_symtable=" $pic_flag" - ;; - esac - ;; - esac - symtab_cflags= - for arg in $LTCFLAGS; do - case $arg in - -pie | -fpie | -fPIE) ;; - *) func_append symtab_cflags " $arg" ;; - esac - done - - # Now compile the dynamic symbol file. - func_show_eval '(cd $output_objdir && $LTCC$symtab_cflags -c$no_builtin_flag$pic_flag_for_symtable "$my_dlsyms")' 'exit $?' - - # Clean up the generated files. - func_show_eval '$RM "$output_objdir/$my_dlsyms" "$nlist" "${nlist}S" "${nlist}T" "${nlist}I"' - - # Transform the symbol file into the correct name. - symfileobj=$output_objdir/${my_outputname}S.$objext - case $host in - *cygwin* | *mingw* | *cegcc* ) - if test -f "$output_objdir/$my_outputname.def"; then - compile_command=`$ECHO "$compile_command" | $SED "s%@SYMFILE@%$output_objdir/$my_outputname.def $symfileobj%"` - finalize_command=`$ECHO "$finalize_command" | $SED "s%@SYMFILE@%$output_objdir/$my_outputname.def $symfileobj%"` - else - compile_command=`$ECHO "$compile_command" | $SED "s%@SYMFILE@%$symfileobj%"` - finalize_command=`$ECHO "$finalize_command" | $SED "s%@SYMFILE@%$symfileobj%"` - fi - ;; - *) - compile_command=`$ECHO "$compile_command" | $SED "s%@SYMFILE@%$symfileobj%"` - finalize_command=`$ECHO "$finalize_command" | $SED "s%@SYMFILE@%$symfileobj%"` - ;; - esac - ;; - *) - func_fatal_error "unknown suffix for '$my_dlsyms'" - ;; - esac - else - # We keep going just in case the user didn't refer to - # lt_preloaded_symbols. The linker will fail if global_symbol_pipe - # really was required. - - # Nullify the symbol file. - compile_command=`$ECHO "$compile_command" | $SED "s% @SYMFILE@%%"` - finalize_command=`$ECHO "$finalize_command" | $SED "s% @SYMFILE@%%"` - fi -} - -# func_cygming_gnu_implib_p ARG -# This predicate returns with zero status (TRUE) if -# ARG is a GNU/binutils-style import library. Returns -# with nonzero status (FALSE) otherwise. -func_cygming_gnu_implib_p () -{ - $debug_cmd - - func_to_tool_file "$1" func_convert_file_msys_to_w32 - func_cygming_gnu_implib_tmp=`$NM "$func_to_tool_file_result" | eval "$global_symbol_pipe" | $EGREP ' (_head_[A-Za-z0-9_]+_[ad]l*|[A-Za-z0-9_]+_[ad]l*_iname)$'` - test -n "$func_cygming_gnu_implib_tmp" -} - -# func_cygming_ms_implib_p ARG -# This predicate returns with zero status (TRUE) if -# ARG is an MS-style import library. Returns -# with nonzero status (FALSE) otherwise. -func_cygming_ms_implib_p () -{ - $debug_cmd - - func_to_tool_file "$1" func_convert_file_msys_to_w32 - func_cygming_ms_implib_tmp=`$NM "$func_to_tool_file_result" | eval "$global_symbol_pipe" | $GREP '_NULL_IMPORT_DESCRIPTOR'` - test -n "$func_cygming_ms_implib_tmp" -} - -# func_win32_libid arg -# return the library type of file 'arg' -# -# Need a lot of goo to handle *both* DLLs and import libs -# Has to be a shell function in order to 'eat' the argument -# that is supplied when $file_magic_command is called. -# Despite the name, also deal with 64 bit binaries. -func_win32_libid () -{ - $debug_cmd - - win32_libid_type=unknown - win32_fileres=`file -L $1 2>/dev/null` - case $win32_fileres in - *ar\ archive\ import\ library*) # definitely import - win32_libid_type="x86 archive import" - ;; - *ar\ archive*) # could be an import, or static - # Keep the egrep pattern in sync with the one in _LT_CHECK_MAGIC_METHOD. - if eval $OBJDUMP -f $1 | $SED -e '10q' 2>/dev/null | - $EGREP 'file format (pei*-i386(.*architecture: i386)?|pe-arm-wince|pe-x86-64)' >/dev/null; then - case $nm_interface in - "MS dumpbin") - if func_cygming_ms_implib_p "$1" || - func_cygming_gnu_implib_p "$1" - then - win32_nmres=import - else - win32_nmres= - fi - ;; - *) - func_to_tool_file "$1" func_convert_file_msys_to_w32 - win32_nmres=`eval $NM -f posix -A \"$func_to_tool_file_result\" | - $SED -n -e ' - 1,100{ - / I /{ - s|.*|import| - p - q - } - }'` - ;; - esac - case $win32_nmres in - import*) win32_libid_type="x86 archive import";; - *) win32_libid_type="x86 archive static";; - esac - fi - ;; - *DLL*) - win32_libid_type="x86 DLL" - ;; - *executable*) # but shell scripts are "executable" too... - case $win32_fileres in - *MS\ Windows\ PE\ Intel*) - win32_libid_type="x86 DLL" - ;; - esac - ;; - esac - $ECHO "$win32_libid_type" -} - -# func_cygming_dll_for_implib ARG -# -# Platform-specific function to extract the -# name of the DLL associated with the specified -# import library ARG. -# Invoked by eval'ing the libtool variable -# $sharedlib_from_linklib_cmd -# Result is available in the variable -# $sharedlib_from_linklib_result -func_cygming_dll_for_implib () -{ - $debug_cmd - - sharedlib_from_linklib_result=`$DLLTOOL --identify-strict --identify "$1"` -} - -# func_cygming_dll_for_implib_fallback_core SECTION_NAME LIBNAMEs -# -# The is the core of a fallback implementation of a -# platform-specific function to extract the name of the -# DLL associated with the specified import library LIBNAME. -# -# SECTION_NAME is either .idata$6 or .idata$7, depending -# on the platform and compiler that created the implib. -# -# Echos the name of the DLL associated with the -# specified import library. -func_cygming_dll_for_implib_fallback_core () -{ - $debug_cmd - - match_literal=`$ECHO "$1" | $SED "$sed_make_literal_regex"` - $OBJDUMP -s --section "$1" "$2" 2>/dev/null | - $SED '/^Contents of section '"$match_literal"':/{ - # Place marker at beginning of archive member dllname section - s/.*/====MARK====/ - p - d - } - # These lines can sometimes be longer than 43 characters, but - # are always uninteresting - /:[ ]*file format pe[i]\{,1\}-/d - /^In archive [^:]*:/d - # Ensure marker is printed - /^====MARK====/p - # Remove all lines with less than 43 characters - /^.\{43\}/!d - # From remaining lines, remove first 43 characters - s/^.\{43\}//' | - $SED -n ' - # Join marker and all lines until next marker into a single line - /^====MARK====/ b para - H - $ b para - b - :para - x - s/\n//g - # Remove the marker - s/^====MARK====// - # Remove trailing dots and whitespace - s/[\. \t]*$// - # Print - /./p' | - # we now have a list, one entry per line, of the stringified - # contents of the appropriate section of all members of the - # archive that possess that section. Heuristic: eliminate - # all those that have a first or second character that is - # a '.' (that is, objdump's representation of an unprintable - # character.) This should work for all archives with less than - # 0x302f exports -- but will fail for DLLs whose name actually - # begins with a literal '.' or a single character followed by - # a '.'. - # - # Of those that remain, print the first one. - $SED -e '/^\./d;/^.\./d;q' -} - -# func_cygming_dll_for_implib_fallback ARG -# Platform-specific function to extract the -# name of the DLL associated with the specified -# import library ARG. -# -# This fallback implementation is for use when $DLLTOOL -# does not support the --identify-strict option. -# Invoked by eval'ing the libtool variable -# $sharedlib_from_linklib_cmd -# Result is available in the variable -# $sharedlib_from_linklib_result -func_cygming_dll_for_implib_fallback () -{ - $debug_cmd - - if func_cygming_gnu_implib_p "$1"; then - # binutils import library - sharedlib_from_linklib_result=`func_cygming_dll_for_implib_fallback_core '.idata$7' "$1"` - elif func_cygming_ms_implib_p "$1"; then - # ms-generated import library - sharedlib_from_linklib_result=`func_cygming_dll_for_implib_fallback_core '.idata$6' "$1"` - else - # unknown - sharedlib_from_linklib_result= - fi -} - - -# func_extract_an_archive dir oldlib -func_extract_an_archive () -{ - $debug_cmd - - f_ex_an_ar_dir=$1; shift - f_ex_an_ar_oldlib=$1 - if test yes = "$lock_old_archive_extraction"; then - lockfile=$f_ex_an_ar_oldlib.lock - until $opt_dry_run || ln "$progpath" "$lockfile" 2>/dev/null; do - func_echo "Waiting for $lockfile to be removed" - sleep 2 - done - fi - func_show_eval "(cd \$f_ex_an_ar_dir && $AR x \"\$f_ex_an_ar_oldlib\")" \ - 'stat=$?; rm -f "$lockfile"; exit $stat' - if test yes = "$lock_old_archive_extraction"; then - $opt_dry_run || rm -f "$lockfile" - fi - if ($AR t "$f_ex_an_ar_oldlib" | sort | sort -uc >/dev/null 2>&1); then - : - else - func_fatal_error "object name conflicts in archive: $f_ex_an_ar_dir/$f_ex_an_ar_oldlib" - fi -} - - -# func_extract_archives gentop oldlib ... -func_extract_archives () -{ - $debug_cmd - - my_gentop=$1; shift - my_oldlibs=${1+"$@"} - my_oldobjs= - my_xlib= - my_xabs= - my_xdir= - - for my_xlib in $my_oldlibs; do - # Extract the objects. - case $my_xlib in - [\\/]* | [A-Za-z]:[\\/]*) my_xabs=$my_xlib ;; - *) my_xabs=`pwd`"/$my_xlib" ;; - esac - func_basename "$my_xlib" - my_xlib=$func_basename_result - my_xlib_u=$my_xlib - while :; do - case " $extracted_archives " in - *" $my_xlib_u "*) - func_arith $extracted_serial + 1 - extracted_serial=$func_arith_result - my_xlib_u=lt$extracted_serial-$my_xlib ;; - *) break ;; - esac - done - extracted_archives="$extracted_archives $my_xlib_u" - my_xdir=$my_gentop/$my_xlib_u - - func_mkdir_p "$my_xdir" - - case $host in - *-darwin*) - func_verbose "Extracting $my_xabs" - # Do not bother doing anything if just a dry run - $opt_dry_run || { - darwin_orig_dir=`pwd` - cd $my_xdir || exit $? - darwin_archive=$my_xabs - darwin_curdir=`pwd` - func_basename "$darwin_archive" - darwin_base_archive=$func_basename_result - darwin_arches=`$LIPO -info "$darwin_archive" 2>/dev/null | $GREP Architectures 2>/dev/null || true` - if test -n "$darwin_arches"; then - darwin_arches=`$ECHO "$darwin_arches" | $SED -e 's/.*are://'` - darwin_arch= - func_verbose "$darwin_base_archive has multiple architectures $darwin_arches" - for darwin_arch in $darwin_arches; do - func_mkdir_p "unfat-$$/$darwin_base_archive-$darwin_arch" - $LIPO -thin $darwin_arch -output "unfat-$$/$darwin_base_archive-$darwin_arch/$darwin_base_archive" "$darwin_archive" - cd "unfat-$$/$darwin_base_archive-$darwin_arch" - func_extract_an_archive "`pwd`" "$darwin_base_archive" - cd "$darwin_curdir" - $RM "unfat-$$/$darwin_base_archive-$darwin_arch/$darwin_base_archive" - done # $darwin_arches - ## Okay now we've a bunch of thin objects, gotta fatten them up :) - darwin_filelist=`find unfat-$$ -type f -name \*.o -print -o -name \*.lo -print | $SED -e "$sed_basename" | sort -u` - darwin_file= - darwin_files= - for darwin_file in $darwin_filelist; do - darwin_files=`find unfat-$$ -name $darwin_file -print | sort | $NL2SP` - $LIPO -create -output "$darwin_file" $darwin_files - done # $darwin_filelist - $RM -rf unfat-$$ - cd "$darwin_orig_dir" - else - cd $darwin_orig_dir - func_extract_an_archive "$my_xdir" "$my_xabs" - fi # $darwin_arches - } # !$opt_dry_run - ;; - *) - func_extract_an_archive "$my_xdir" "$my_xabs" - ;; - esac - my_oldobjs="$my_oldobjs "`find $my_xdir -name \*.$objext -print -o -name \*.lo -print | sort | $NL2SP` - done - - func_extract_archives_result=$my_oldobjs -} - - -# func_emit_wrapper [arg=no] -# -# Emit a libtool wrapper script on stdout. -# Don't directly open a file because we may want to -# incorporate the script contents within a cygwin/mingw -# wrapper executable. Must ONLY be called from within -# func_mode_link because it depends on a number of variables -# set therein. -# -# ARG is the value that the WRAPPER_SCRIPT_BELONGS_IN_OBJDIR -# variable will take. If 'yes', then the emitted script -# will assume that the directory where it is stored is -# the $objdir directory. This is a cygwin/mingw-specific -# behavior. -func_emit_wrapper () -{ - func_emit_wrapper_arg1=${1-no} - - $ECHO "\ -#! $SHELL - -# $output - temporary wrapper script for $objdir/$outputname -# Generated by $PROGRAM (GNU $PACKAGE) $VERSION -# -# The $output program cannot be directly executed until all the libtool -# libraries that it depends on are installed. -# -# This wrapper script should never be moved out of the build directory. -# If it is, it will not operate correctly. - -# Sed substitution that helps us do robust quoting. It backslashifies -# metacharacters that are still active within double-quoted strings. -sed_quote_subst='$sed_quote_subst' - -# Be Bourne compatible -if test -n \"\${ZSH_VERSION+set}\" && (emulate sh) >/dev/null 2>&1; then - emulate sh - NULLCMD=: - # Zsh 3.x and 4.x performs word splitting on \${1+\"\$@\"}, which - # is contrary to our usage. Disable this feature. - alias -g '\${1+\"\$@\"}'='\"\$@\"' - setopt NO_GLOB_SUBST -else - case \`(set -o) 2>/dev/null\` in *posix*) set -o posix;; esac -fi -BIN_SH=xpg4; export BIN_SH # for Tru64 -DUALCASE=1; export DUALCASE # for MKS sh - -# The HP-UX ksh and POSIX shell print the target directory to stdout -# if CDPATH is set. -(unset CDPATH) >/dev/null 2>&1 && unset CDPATH - -relink_command=\"$relink_command\" - -# This environment variable determines our operation mode. -if test \"\$libtool_install_magic\" = \"$magic\"; then - # install mode needs the following variables: - generated_by_libtool_version='$macro_version' - notinst_deplibs='$notinst_deplibs' -else - # When we are sourced in execute mode, \$file and \$ECHO are already set. - if test \"\$libtool_execute_magic\" != \"$magic\"; then - file=\"\$0\"" - - qECHO=`$ECHO "$ECHO" | $SED "$sed_quote_subst"` - $ECHO "\ - -# A function that is used when there is no print builtin or printf. -func_fallback_echo () -{ - eval 'cat <<_LTECHO_EOF -\$1 -_LTECHO_EOF' -} - ECHO=\"$qECHO\" - fi - -# Very basic option parsing. These options are (a) specific to -# the libtool wrapper, (b) are identical between the wrapper -# /script/ and the wrapper /executable/ that is used only on -# windows platforms, and (c) all begin with the string "--lt-" -# (application programs are unlikely to have options that match -# this pattern). -# -# There are only two supported options: --lt-debug and -# --lt-dump-script. There is, deliberately, no --lt-help. -# -# The first argument to this parsing function should be the -# script's $0 value, followed by "$@". -lt_option_debug= -func_parse_lt_options () -{ - lt_script_arg0=\$0 - shift - for lt_opt - do - case \"\$lt_opt\" in - --lt-debug) lt_option_debug=1 ;; - --lt-dump-script) - lt_dump_D=\`\$ECHO \"X\$lt_script_arg0\" | $SED -e 's/^X//' -e 's%/[^/]*$%%'\` - test \"X\$lt_dump_D\" = \"X\$lt_script_arg0\" && lt_dump_D=. - lt_dump_F=\`\$ECHO \"X\$lt_script_arg0\" | $SED -e 's/^X//' -e 's%^.*/%%'\` - cat \"\$lt_dump_D/\$lt_dump_F\" - exit 0 - ;; - --lt-*) - \$ECHO \"Unrecognized --lt- option: '\$lt_opt'\" 1>&2 - exit 1 - ;; - esac - done - - # Print the debug banner immediately: - if test -n \"\$lt_option_debug\"; then - echo \"$outputname:$output:\$LINENO: libtool wrapper (GNU $PACKAGE) $VERSION\" 1>&2 - fi -} - -# Used when --lt-debug. Prints its arguments to stdout -# (redirection is the responsibility of the caller) -func_lt_dump_args () -{ - lt_dump_args_N=1; - for lt_arg - do - \$ECHO \"$outputname:$output:\$LINENO: newargv[\$lt_dump_args_N]: \$lt_arg\" - lt_dump_args_N=\`expr \$lt_dump_args_N + 1\` - done -} - -# Core function for launching the target application -func_exec_program_core () -{ -" - case $host in - # Backslashes separate directories on plain windows - *-*-mingw | *-*-os2* | *-cegcc*) - $ECHO "\ - if test -n \"\$lt_option_debug\"; then - \$ECHO \"$outputname:$output:\$LINENO: newargv[0]: \$progdir\\\\\$program\" 1>&2 - func_lt_dump_args \${1+\"\$@\"} 1>&2 - fi - exec \"\$progdir\\\\\$program\" \${1+\"\$@\"} -" - ;; - - *) - $ECHO "\ - if test -n \"\$lt_option_debug\"; then - \$ECHO \"$outputname:$output:\$LINENO: newargv[0]: \$progdir/\$program\" 1>&2 - func_lt_dump_args \${1+\"\$@\"} 1>&2 - fi - exec \"\$progdir/\$program\" \${1+\"\$@\"} -" - ;; - esac - $ECHO "\ - \$ECHO \"\$0: cannot exec \$program \$*\" 1>&2 - exit 1 -} - -# A function to encapsulate launching the target application -# Strips options in the --lt-* namespace from \$@ and -# launches target application with the remaining arguments. -func_exec_program () -{ - case \" \$* \" in - *\\ --lt-*) - for lt_wr_arg - do - case \$lt_wr_arg in - --lt-*) ;; - *) set x \"\$@\" \"\$lt_wr_arg\"; shift;; - esac - shift - done ;; - esac - func_exec_program_core \${1+\"\$@\"} -} - - # Parse options - func_parse_lt_options \"\$0\" \${1+\"\$@\"} - - # Find the directory that this script lives in. - thisdir=\`\$ECHO \"\$file\" | $SED 's%/[^/]*$%%'\` - test \"x\$thisdir\" = \"x\$file\" && thisdir=. - - # Follow symbolic links until we get to the real thisdir. - file=\`ls -ld \"\$file\" | $SED -n 's/.*-> //p'\` - while test -n \"\$file\"; do - destdir=\`\$ECHO \"\$file\" | $SED 's%/[^/]*\$%%'\` - - # If there was a directory component, then change thisdir. - if test \"x\$destdir\" != \"x\$file\"; then - case \"\$destdir\" in - [\\\\/]* | [A-Za-z]:[\\\\/]*) thisdir=\"\$destdir\" ;; - *) thisdir=\"\$thisdir/\$destdir\" ;; - esac - fi - - file=\`\$ECHO \"\$file\" | $SED 's%^.*/%%'\` - file=\`ls -ld \"\$thisdir/\$file\" | $SED -n 's/.*-> //p'\` - done - - # Usually 'no', except on cygwin/mingw when embedded into - # the cwrapper. - WRAPPER_SCRIPT_BELONGS_IN_OBJDIR=$func_emit_wrapper_arg1 - if test \"\$WRAPPER_SCRIPT_BELONGS_IN_OBJDIR\" = \"yes\"; then - # special case for '.' - if test \"\$thisdir\" = \".\"; then - thisdir=\`pwd\` - fi - # remove .libs from thisdir - case \"\$thisdir\" in - *[\\\\/]$objdir ) thisdir=\`\$ECHO \"\$thisdir\" | $SED 's%[\\\\/][^\\\\/]*$%%'\` ;; - $objdir ) thisdir=. ;; - esac - fi - - # Try to get the absolute directory name. - absdir=\`cd \"\$thisdir\" && pwd\` - test -n \"\$absdir\" && thisdir=\"\$absdir\" -" - - if test yes = "$fast_install"; then - $ECHO "\ - program=lt-'$outputname'$exeext - progdir=\"\$thisdir/$objdir\" - - if test ! -f \"\$progdir/\$program\" || - { file=\`ls -1dt \"\$progdir/\$program\" \"\$progdir/../\$program\" 2>/dev/null | $SED 1q\`; \\ - test \"X\$file\" != \"X\$progdir/\$program\"; }; then - - file=\"\$\$-\$program\" - - if test ! -d \"\$progdir\"; then - $MKDIR \"\$progdir\" - else - $RM \"\$progdir/\$file\" - fi" - - $ECHO "\ - - # relink executable if necessary - if test -n \"\$relink_command\"; then - if relink_command_output=\`eval \$relink_command 2>&1\`; then : - else - \$ECHO \"\$relink_command_output\" >&2 - $RM \"\$progdir/\$file\" - exit 1 - fi - fi - - $MV \"\$progdir/\$file\" \"\$progdir/\$program\" 2>/dev/null || - { $RM \"\$progdir/\$program\"; - $MV \"\$progdir/\$file\" \"\$progdir/\$program\"; } - $RM \"\$progdir/\$file\" - fi" - else - $ECHO "\ - program='$outputname' - progdir=\"\$thisdir/$objdir\" -" - fi - - $ECHO "\ - - if test -f \"\$progdir/\$program\"; then" - - # fixup the dll searchpath if we need to. - # - # Fix the DLL searchpath if we need to. Do this before prepending - # to shlibpath, because on Windows, both are PATH and uninstalled - # libraries must come first. - if test -n "$dllsearchpath"; then - $ECHO "\ - # Add the dll search path components to the executable PATH - PATH=$dllsearchpath:\$PATH -" - fi - - # Export our shlibpath_var if we have one. - if test yes = "$shlibpath_overrides_runpath" && test -n "$shlibpath_var" && test -n "$temp_rpath"; then - $ECHO "\ - # Add our own library path to $shlibpath_var - $shlibpath_var=\"$temp_rpath\$$shlibpath_var\" - - # Some systems cannot cope with colon-terminated $shlibpath_var - # The second colon is a workaround for a bug in BeOS R4 sed - $shlibpath_var=\`\$ECHO \"\$$shlibpath_var\" | $SED 's/::*\$//'\` - - export $shlibpath_var -" - fi - - $ECHO "\ - if test \"\$libtool_execute_magic\" != \"$magic\"; then - # Run the actual program with our arguments. - func_exec_program \${1+\"\$@\"} - fi - else - # The program doesn't exist. - \$ECHO \"\$0: error: '\$progdir/\$program' does not exist\" 1>&2 - \$ECHO \"This script is just a wrapper for \$program.\" 1>&2 - \$ECHO \"See the $PACKAGE documentation for more information.\" 1>&2 - exit 1 - fi -fi\ -" -} - - -# func_emit_cwrapperexe_src -# emit the source code for a wrapper executable on stdout -# Must ONLY be called from within func_mode_link because -# it depends on a number of variable set therein. -func_emit_cwrapperexe_src () -{ - cat < -#include -#ifdef _MSC_VER -# include -# include -# include -#else -# include -# include -# ifdef __CYGWIN__ -# include -# endif -#endif -#include -#include -#include -#include -#include -#include -#include -#include - -#define STREQ(s1, s2) (strcmp ((s1), (s2)) == 0) - -/* declarations of non-ANSI functions */ -#if defined __MINGW32__ -# ifdef __STRICT_ANSI__ -int _putenv (const char *); -# endif -#elif defined __CYGWIN__ -# ifdef __STRICT_ANSI__ -char *realpath (const char *, char *); -int putenv (char *); -int setenv (const char *, const char *, int); -# endif -/* #elif defined other_platform || defined ... */ -#endif - -/* portability defines, excluding path handling macros */ -#if defined _MSC_VER -# define setmode _setmode -# define stat _stat -# define chmod _chmod -# define getcwd _getcwd -# define putenv _putenv -# define S_IXUSR _S_IEXEC -#elif defined __MINGW32__ -# define setmode _setmode -# define stat _stat -# define chmod _chmod -# define getcwd _getcwd -# define putenv _putenv -#elif defined __CYGWIN__ -# define HAVE_SETENV -# define FOPEN_WB "wb" -/* #elif defined other platforms ... */ -#endif - -#if defined PATH_MAX -# define LT_PATHMAX PATH_MAX -#elif defined MAXPATHLEN -# define LT_PATHMAX MAXPATHLEN -#else -# define LT_PATHMAX 1024 -#endif - -#ifndef S_IXOTH -# define S_IXOTH 0 -#endif -#ifndef S_IXGRP -# define S_IXGRP 0 -#endif - -/* path handling portability macros */ -#ifndef DIR_SEPARATOR -# define DIR_SEPARATOR '/' -# define PATH_SEPARATOR ':' -#endif - -#if defined _WIN32 || defined __MSDOS__ || defined __DJGPP__ || \ - defined __OS2__ -# define HAVE_DOS_BASED_FILE_SYSTEM -# define FOPEN_WB "wb" -# ifndef DIR_SEPARATOR_2 -# define DIR_SEPARATOR_2 '\\' -# endif -# ifndef PATH_SEPARATOR_2 -# define PATH_SEPARATOR_2 ';' -# endif -#endif - -#ifndef DIR_SEPARATOR_2 -# define IS_DIR_SEPARATOR(ch) ((ch) == DIR_SEPARATOR) -#else /* DIR_SEPARATOR_2 */ -# define IS_DIR_SEPARATOR(ch) \ - (((ch) == DIR_SEPARATOR) || ((ch) == DIR_SEPARATOR_2)) -#endif /* DIR_SEPARATOR_2 */ - -#ifndef PATH_SEPARATOR_2 -# define IS_PATH_SEPARATOR(ch) ((ch) == PATH_SEPARATOR) -#else /* PATH_SEPARATOR_2 */ -# define IS_PATH_SEPARATOR(ch) ((ch) == PATH_SEPARATOR_2) -#endif /* PATH_SEPARATOR_2 */ - -#ifndef FOPEN_WB -# define FOPEN_WB "w" -#endif -#ifndef _O_BINARY -# define _O_BINARY 0 -#endif - -#define XMALLOC(type, num) ((type *) xmalloc ((num) * sizeof(type))) -#define XFREE(stale) do { \ - if (stale) { free (stale); stale = 0; } \ -} while (0) - -#if defined LT_DEBUGWRAPPER -static int lt_debug = 1; -#else -static int lt_debug = 0; -#endif - -const char *program_name = "libtool-wrapper"; /* in case xstrdup fails */ - -void *xmalloc (size_t num); -char *xstrdup (const char *string); -const char *base_name (const char *name); -char *find_executable (const char *wrapper); -char *chase_symlinks (const char *pathspec); -int make_executable (const char *path); -int check_executable (const char *path); -char *strendzap (char *str, const char *pat); -void lt_debugprintf (const char *file, int line, const char *fmt, ...); -void lt_fatal (const char *file, int line, const char *message, ...); -static const char *nonnull (const char *s); -static const char *nonempty (const char *s); -void lt_setenv (const char *name, const char *value); -char *lt_extend_str (const char *orig_value, const char *add, int to_end); -void lt_update_exe_path (const char *name, const char *value); -void lt_update_lib_path (const char *name, const char *value); -char **prepare_spawn (char **argv); -void lt_dump_script (FILE *f); -EOF - - cat <= 0) - && (st.st_mode & (S_IXUSR | S_IXGRP | S_IXOTH))) - return 1; - else - return 0; -} - -int -make_executable (const char *path) -{ - int rval = 0; - struct stat st; - - lt_debugprintf (__FILE__, __LINE__, "(make_executable): %s\n", - nonempty (path)); - if ((!path) || (!*path)) - return 0; - - if (stat (path, &st) >= 0) - { - rval = chmod (path, st.st_mode | S_IXOTH | S_IXGRP | S_IXUSR); - } - return rval; -} - -/* Searches for the full path of the wrapper. Returns - newly allocated full path name if found, NULL otherwise - Does not chase symlinks, even on platforms that support them. -*/ -char * -find_executable (const char *wrapper) -{ - int has_slash = 0; - const char *p; - const char *p_next; - /* static buffer for getcwd */ - char tmp[LT_PATHMAX + 1]; - size_t tmp_len; - char *concat_name; - - lt_debugprintf (__FILE__, __LINE__, "(find_executable): %s\n", - nonempty (wrapper)); - - if ((wrapper == NULL) || (*wrapper == '\0')) - return NULL; - - /* Absolute path? */ -#if defined HAVE_DOS_BASED_FILE_SYSTEM - if (isalpha ((unsigned char) wrapper[0]) && wrapper[1] == ':') - { - concat_name = xstrdup (wrapper); - if (check_executable (concat_name)) - return concat_name; - XFREE (concat_name); - } - else - { -#endif - if (IS_DIR_SEPARATOR (wrapper[0])) - { - concat_name = xstrdup (wrapper); - if (check_executable (concat_name)) - return concat_name; - XFREE (concat_name); - } -#if defined HAVE_DOS_BASED_FILE_SYSTEM - } -#endif - - for (p = wrapper; *p; p++) - if (*p == '/') - { - has_slash = 1; - break; - } - if (!has_slash) - { - /* no slashes; search PATH */ - const char *path = getenv ("PATH"); - if (path != NULL) - { - for (p = path; *p; p = p_next) - { - const char *q; - size_t p_len; - for (q = p; *q; q++) - if (IS_PATH_SEPARATOR (*q)) - break; - p_len = (size_t) (q - p); - p_next = (*q == '\0' ? q : q + 1); - if (p_len == 0) - { - /* empty path: current directory */ - if (getcwd (tmp, LT_PATHMAX) == NULL) - lt_fatal (__FILE__, __LINE__, "getcwd failed: %s", - nonnull (strerror (errno))); - tmp_len = strlen (tmp); - concat_name = - XMALLOC (char, tmp_len + 1 + strlen (wrapper) + 1); - memcpy (concat_name, tmp, tmp_len); - concat_name[tmp_len] = '/'; - strcpy (concat_name + tmp_len + 1, wrapper); - } - else - { - concat_name = - XMALLOC (char, p_len + 1 + strlen (wrapper) + 1); - memcpy (concat_name, p, p_len); - concat_name[p_len] = '/'; - strcpy (concat_name + p_len + 1, wrapper); - } - if (check_executable (concat_name)) - return concat_name; - XFREE (concat_name); - } - } - /* not found in PATH; assume curdir */ - } - /* Relative path | not found in path: prepend cwd */ - if (getcwd (tmp, LT_PATHMAX) == NULL) - lt_fatal (__FILE__, __LINE__, "getcwd failed: %s", - nonnull (strerror (errno))); - tmp_len = strlen (tmp); - concat_name = XMALLOC (char, tmp_len + 1 + strlen (wrapper) + 1); - memcpy (concat_name, tmp, tmp_len); - concat_name[tmp_len] = '/'; - strcpy (concat_name + tmp_len + 1, wrapper); - - if (check_executable (concat_name)) - return concat_name; - XFREE (concat_name); - return NULL; -} - -char * -chase_symlinks (const char *pathspec) -{ -#ifndef S_ISLNK - return xstrdup (pathspec); -#else - char buf[LT_PATHMAX]; - struct stat s; - char *tmp_pathspec = xstrdup (pathspec); - char *p; - int has_symlinks = 0; - while (strlen (tmp_pathspec) && !has_symlinks) - { - lt_debugprintf (__FILE__, __LINE__, - "checking path component for symlinks: %s\n", - tmp_pathspec); - if (lstat (tmp_pathspec, &s) == 0) - { - if (S_ISLNK (s.st_mode) != 0) - { - has_symlinks = 1; - break; - } - - /* search backwards for last DIR_SEPARATOR */ - p = tmp_pathspec + strlen (tmp_pathspec) - 1; - while ((p > tmp_pathspec) && (!IS_DIR_SEPARATOR (*p))) - p--; - if ((p == tmp_pathspec) && (!IS_DIR_SEPARATOR (*p))) - { - /* no more DIR_SEPARATORS left */ - break; - } - *p = '\0'; - } - else - { - lt_fatal (__FILE__, __LINE__, - "error accessing file \"%s\": %s", - tmp_pathspec, nonnull (strerror (errno))); - } - } - XFREE (tmp_pathspec); - - if (!has_symlinks) - { - return xstrdup (pathspec); - } - - tmp_pathspec = realpath (pathspec, buf); - if (tmp_pathspec == 0) - { - lt_fatal (__FILE__, __LINE__, - "could not follow symlinks for %s", pathspec); - } - return xstrdup (tmp_pathspec); -#endif -} - -char * -strendzap (char *str, const char *pat) -{ - size_t len, patlen; - - assert (str != NULL); - assert (pat != NULL); - - len = strlen (str); - patlen = strlen (pat); - - if (patlen <= len) - { - str += len - patlen; - if (STREQ (str, pat)) - *str = '\0'; - } - return str; -} - -void -lt_debugprintf (const char *file, int line, const char *fmt, ...) -{ - va_list args; - if (lt_debug) - { - (void) fprintf (stderr, "%s:%s:%d: ", program_name, file, line); - va_start (args, fmt); - (void) vfprintf (stderr, fmt, args); - va_end (args); - } -} - -static void -lt_error_core (int exit_status, const char *file, - int line, const char *mode, - const char *message, va_list ap) -{ - fprintf (stderr, "%s:%s:%d: %s: ", program_name, file, line, mode); - vfprintf (stderr, message, ap); - fprintf (stderr, ".\n"); - - if (exit_status >= 0) - exit (exit_status); -} - -void -lt_fatal (const char *file, int line, const char *message, ...) -{ - va_list ap; - va_start (ap, message); - lt_error_core (EXIT_FAILURE, file, line, "FATAL", message, ap); - va_end (ap); -} - -static const char * -nonnull (const char *s) -{ - return s ? s : "(null)"; -} - -static const char * -nonempty (const char *s) -{ - return (s && !*s) ? "(empty)" : nonnull (s); -} - -void -lt_setenv (const char *name, const char *value) -{ - lt_debugprintf (__FILE__, __LINE__, - "(lt_setenv) setting '%s' to '%s'\n", - nonnull (name), nonnull (value)); - { -#ifdef HAVE_SETENV - /* always make a copy, for consistency with !HAVE_SETENV */ - char *str = xstrdup (value); - setenv (name, str, 1); -#else - size_t len = strlen (name) + 1 + strlen (value) + 1; - char *str = XMALLOC (char, len); - sprintf (str, "%s=%s", name, value); - if (putenv (str) != EXIT_SUCCESS) - { - XFREE (str); - } -#endif - } -} - -char * -lt_extend_str (const char *orig_value, const char *add, int to_end) -{ - char *new_value; - if (orig_value && *orig_value) - { - size_t orig_value_len = strlen (orig_value); - size_t add_len = strlen (add); - new_value = XMALLOC (char, add_len + orig_value_len + 1); - if (to_end) - { - strcpy (new_value, orig_value); - strcpy (new_value + orig_value_len, add); - } - else - { - strcpy (new_value, add); - strcpy (new_value + add_len, orig_value); - } - } - else - { - new_value = xstrdup (add); - } - return new_value; -} - -void -lt_update_exe_path (const char *name, const char *value) -{ - lt_debugprintf (__FILE__, __LINE__, - "(lt_update_exe_path) modifying '%s' by prepending '%s'\n", - nonnull (name), nonnull (value)); - - if (name && *name && value && *value) - { - char *new_value = lt_extend_str (getenv (name), value, 0); - /* some systems can't cope with a ':'-terminated path #' */ - size_t len = strlen (new_value); - while ((len > 0) && IS_PATH_SEPARATOR (new_value[len-1])) - { - new_value[--len] = '\0'; - } - lt_setenv (name, new_value); - XFREE (new_value); - } -} - -void -lt_update_lib_path (const char *name, const char *value) -{ - lt_debugprintf (__FILE__, __LINE__, - "(lt_update_lib_path) modifying '%s' by prepending '%s'\n", - nonnull (name), nonnull (value)); - - if (name && *name && value && *value) - { - char *new_value = lt_extend_str (getenv (name), value, 0); - lt_setenv (name, new_value); - XFREE (new_value); - } -} - -EOF - case $host_os in - mingw*) - cat <<"EOF" - -/* Prepares an argument vector before calling spawn(). - Note that spawn() does not by itself call the command interpreter - (getenv ("COMSPEC") != NULL ? getenv ("COMSPEC") : - ({ OSVERSIONINFO v; v.dwOSVersionInfoSize = sizeof(OSVERSIONINFO); - GetVersionEx(&v); - v.dwPlatformId == VER_PLATFORM_WIN32_NT; - }) ? "cmd.exe" : "command.com"). - Instead it simply concatenates the arguments, separated by ' ', and calls - CreateProcess(). We must quote the arguments since Win32 CreateProcess() - interprets characters like ' ', '\t', '\\', '"' (but not '<' and '>') in a - special way: - - Space and tab are interpreted as delimiters. They are not treated as - delimiters if they are surrounded by double quotes: "...". - - Unescaped double quotes are removed from the input. Their only effect is - that within double quotes, space and tab are treated like normal - characters. - - Backslashes not followed by double quotes are not special. - - But 2*n+1 backslashes followed by a double quote become - n backslashes followed by a double quote (n >= 0): - \" -> " - \\\" -> \" - \\\\\" -> \\" - */ -#define SHELL_SPECIAL_CHARS "\"\\ \001\002\003\004\005\006\007\010\011\012\013\014\015\016\017\020\021\022\023\024\025\026\027\030\031\032\033\034\035\036\037" -#define SHELL_SPACE_CHARS " \001\002\003\004\005\006\007\010\011\012\013\014\015\016\017\020\021\022\023\024\025\026\027\030\031\032\033\034\035\036\037" -char ** -prepare_spawn (char **argv) -{ - size_t argc; - char **new_argv; - size_t i; - - /* Count number of arguments. */ - for (argc = 0; argv[argc] != NULL; argc++) - ; - - /* Allocate new argument vector. */ - new_argv = XMALLOC (char *, argc + 1); - - /* Put quoted arguments into the new argument vector. */ - for (i = 0; i < argc; i++) - { - const char *string = argv[i]; - - if (string[0] == '\0') - new_argv[i] = xstrdup ("\"\""); - else if (strpbrk (string, SHELL_SPECIAL_CHARS) != NULL) - { - int quote_around = (strpbrk (string, SHELL_SPACE_CHARS) != NULL); - size_t length; - unsigned int backslashes; - const char *s; - char *quoted_string; - char *p; - - length = 0; - backslashes = 0; - if (quote_around) - length++; - for (s = string; *s != '\0'; s++) - { - char c = *s; - if (c == '"') - length += backslashes + 1; - length++; - if (c == '\\') - backslashes++; - else - backslashes = 0; - } - if (quote_around) - length += backslashes + 1; - - quoted_string = XMALLOC (char, length + 1); - - p = quoted_string; - backslashes = 0; - if (quote_around) - *p++ = '"'; - for (s = string; *s != '\0'; s++) - { - char c = *s; - if (c == '"') - { - unsigned int j; - for (j = backslashes + 1; j > 0; j--) - *p++ = '\\'; - } - *p++ = c; - if (c == '\\') - backslashes++; - else - backslashes = 0; - } - if (quote_around) - { - unsigned int j; - for (j = backslashes; j > 0; j--) - *p++ = '\\'; - *p++ = '"'; - } - *p = '\0'; - - new_argv[i] = quoted_string; - } - else - new_argv[i] = (char *) string; - } - new_argv[argc] = NULL; - - return new_argv; -} -EOF - ;; - esac - - cat <<"EOF" -void lt_dump_script (FILE* f) -{ -EOF - func_emit_wrapper yes | - $SED -n -e ' -s/^\(.\{79\}\)\(..*\)/\1\ -\2/ -h -s/\([\\"]\)/\\\1/g -s/$/\\n/ -s/\([^\n]*\).*/ fputs ("\1", f);/p -g -D' - cat <<"EOF" -} -EOF -} -# end: func_emit_cwrapperexe_src - -# func_win32_import_lib_p ARG -# True if ARG is an import lib, as indicated by $file_magic_cmd -func_win32_import_lib_p () -{ - $debug_cmd - - case `eval $file_magic_cmd \"\$1\" 2>/dev/null | $SED -e 10q` in - *import*) : ;; - *) false ;; - esac -} - -# func_suncc_cstd_abi -# !!ONLY CALL THIS FOR SUN CC AFTER $compile_command IS FULLY EXPANDED!! -# Several compiler flags select an ABI that is incompatible with the -# Cstd library. Avoid specifying it if any are in CXXFLAGS. -func_suncc_cstd_abi () -{ - $debug_cmd - - case " $compile_command " in - *" -compat=g "*|*\ -std=c++[0-9][0-9]\ *|*" -library=stdcxx4 "*|*" -library=stlport4 "*) - suncc_use_cstd_abi=no - ;; - *) - suncc_use_cstd_abi=yes - ;; - esac -} - -# func_mode_link arg... -func_mode_link () -{ - $debug_cmd - - case $host in - *-*-cygwin* | *-*-mingw* | *-*-pw32* | *-*-os2* | *-cegcc*) - # It is impossible to link a dll without this setting, and - # we shouldn't force the makefile maintainer to figure out - # what system we are compiling for in order to pass an extra - # flag for every libtool invocation. - # allow_undefined=no - - # FIXME: Unfortunately, there are problems with the above when trying - # to make a dll that has undefined symbols, in which case not - # even a static library is built. For now, we need to specify - # -no-undefined on the libtool link line when we can be certain - # that all symbols are satisfied, otherwise we get a static library. - allow_undefined=yes - ;; - *) - allow_undefined=yes - ;; - esac - libtool_args=$nonopt - base_compile="$nonopt $@" - compile_command=$nonopt - finalize_command=$nonopt - - compile_rpath= - finalize_rpath= - compile_shlibpath= - finalize_shlibpath= - convenience= - old_convenience= - deplibs= - old_deplibs= - compiler_flags= - linker_flags= - dllsearchpath= - lib_search_path=`pwd` - inst_prefix_dir= - new_inherited_linker_flags= - fix_hardcoded_libdir_flag= - fix_hardcoded_libdir_flag_ld= - - avoid_version=no - bindir= - dlfiles= - dlprefiles= - dlself=no - export_dynamic=no - export_symbols= - export_symbols_regex= - generated= - libobjs= - ltlibs= - module=no - no_install=no - objs= - os2dllname= - non_pic_objects= - precious_files_regex= - prefer_static_libs=no - preload=false - prev= - prevarg= - release= - rpath= - xrpath= - perm_rpath= - temp_rpath= - thread_safe=no - vinfo= - vinfo_number=no - weak_libs= - single_module=$wl-single_module - func_infer_tag $base_compile - - # We need to know -static, to get the right output filenames. - for arg - do - case $arg in - -shared) - test yes != "$build_libtool_libs" \ - && func_fatal_configuration "cannot build a shared library" - build_old_libs=no - break - ;; - -all-static | -static | -static-libtool-libs) - case $arg in - -all-static) - if test yes = "$build_libtool_libs" && test -z "$link_static_flag"; then - func_warning "complete static linking is impossible in this configuration" - fi - if test -n "$link_static_flag"; then - dlopen_self=$dlopen_self_static - fi - prefer_static_libs=yes - ;; - -static) - if test -z "$pic_flag" && test -n "$link_static_flag"; then - dlopen_self=$dlopen_self_static - fi - prefer_static_libs=built - ;; - -static-libtool-libs) - if test -z "$pic_flag" && test -n "$link_static_flag"; then - dlopen_self=$dlopen_self_static - fi - prefer_static_libs=yes - ;; - esac - build_libtool_libs=no - build_old_libs=yes - break - ;; - esac - done - - # See if our shared archives depend on static archives. - test -n "$old_archive_from_new_cmds" && build_old_libs=yes - - # Go through the arguments, transforming them on the way. - while test "$#" -gt 0; do - arg=$1 - shift - func_quote_for_eval "$arg" - qarg=$func_quote_for_eval_unquoted_result - func_append libtool_args " $func_quote_for_eval_result" - - # If the previous option needs an argument, assign it. - if test -n "$prev"; then - case $prev in - output) - func_append compile_command " @OUTPUT@" - func_append finalize_command " @OUTPUT@" - ;; - esac - - case $prev in - bindir) - bindir=$arg - prev= - continue - ;; - dlfiles|dlprefiles) - $preload || { - # Add the symbol object into the linking commands. - func_append compile_command " @SYMFILE@" - func_append finalize_command " @SYMFILE@" - preload=: - } - case $arg in - *.la | *.lo) ;; # We handle these cases below. - force) - if test no = "$dlself"; then - dlself=needless - export_dynamic=yes - fi - prev= - continue - ;; - self) - if test dlprefiles = "$prev"; then - dlself=yes - elif test dlfiles = "$prev" && test yes != "$dlopen_self"; then - dlself=yes - else - dlself=needless - export_dynamic=yes - fi - prev= - continue - ;; - *) - if test dlfiles = "$prev"; then - func_append dlfiles " $arg" - else - func_append dlprefiles " $arg" - fi - prev= - continue - ;; - esac - ;; - expsyms) - export_symbols=$arg - test -f "$arg" \ - || func_fatal_error "symbol file '$arg' does not exist" - prev= - continue - ;; - expsyms_regex) - export_symbols_regex=$arg - prev= - continue - ;; - framework) - case $host in - *-*-darwin*) - case "$deplibs " in - *" $qarg.ltframework "*) ;; - *) func_append deplibs " $qarg.ltframework" # this is fixed later - ;; - esac - ;; - esac - prev= - continue - ;; - inst_prefix) - inst_prefix_dir=$arg - prev= - continue - ;; - mllvm) - # Clang does not use LLVM to link, so we can simply discard any - # '-mllvm $arg' options when doing the link step. - prev= - continue - ;; - objectlist) - if test -f "$arg"; then - save_arg=$arg - moreargs= - for fil in `cat "$save_arg"` - do -# func_append moreargs " $fil" - arg=$fil - # A libtool-controlled object. - - # Check to see that this really is a libtool object. - if func_lalib_unsafe_p "$arg"; then - pic_object= - non_pic_object= - - # Read the .lo file - func_source "$arg" - - if test -z "$pic_object" || - test -z "$non_pic_object" || - test none = "$pic_object" && - test none = "$non_pic_object"; then - func_fatal_error "cannot find name of object for '$arg'" - fi - - # Extract subdirectory from the argument. - func_dirname "$arg" "/" "" - xdir=$func_dirname_result - - if test none != "$pic_object"; then - # Prepend the subdirectory the object is found in. - pic_object=$xdir$pic_object - - if test dlfiles = "$prev"; then - if test yes = "$build_libtool_libs" && test yes = "$dlopen_support"; then - func_append dlfiles " $pic_object" - prev= - continue - else - # If libtool objects are unsupported, then we need to preload. - prev=dlprefiles - fi - fi - - # CHECK ME: I think I busted this. -Ossama - if test dlprefiles = "$prev"; then - # Preload the old-style object. - func_append dlprefiles " $pic_object" - prev= - fi - - # A PIC object. - func_append libobjs " $pic_object" - arg=$pic_object - fi - - # Non-PIC object. - if test none != "$non_pic_object"; then - # Prepend the subdirectory the object is found in. - non_pic_object=$xdir$non_pic_object - - # A standard non-PIC object - func_append non_pic_objects " $non_pic_object" - if test -z "$pic_object" || test none = "$pic_object"; then - arg=$non_pic_object - fi - else - # If the PIC object exists, use it instead. - # $xdir was prepended to $pic_object above. - non_pic_object=$pic_object - func_append non_pic_objects " $non_pic_object" - fi - else - # Only an error if not doing a dry-run. - if $opt_dry_run; then - # Extract subdirectory from the argument. - func_dirname "$arg" "/" "" - xdir=$func_dirname_result - - func_lo2o "$arg" - pic_object=$xdir$objdir/$func_lo2o_result - non_pic_object=$xdir$func_lo2o_result - func_append libobjs " $pic_object" - func_append non_pic_objects " $non_pic_object" - else - func_fatal_error "'$arg' is not a valid libtool object" - fi - fi - done - else - func_fatal_error "link input file '$arg' does not exist" - fi - arg=$save_arg - prev= - continue - ;; - os2dllname) - os2dllname=$arg - prev= - continue - ;; - precious_regex) - precious_files_regex=$arg - prev= - continue - ;; - release) - release=-$arg - prev= - continue - ;; - rpath | xrpath) - # We need an absolute path. - case $arg in - [\\/]* | [A-Za-z]:[\\/]*) ;; - *) - func_fatal_error "only absolute run-paths are allowed" - ;; - esac - if test rpath = "$prev"; then - case "$rpath " in - *" $arg "*) ;; - *) func_append rpath " $arg" ;; - esac - else - case "$xrpath " in - *" $arg "*) ;; - *) func_append xrpath " $arg" ;; - esac - fi - prev= - continue - ;; - shrext) - shrext_cmds=$arg - prev= - continue - ;; - weak) - func_append weak_libs " $arg" - prev= - continue - ;; - xcclinker) - func_append linker_flags " $qarg" - func_append compiler_flags " $qarg" - prev= - func_append compile_command " $qarg" - func_append finalize_command " $qarg" - continue - ;; - xcompiler) - func_append compiler_flags " $qarg" - prev= - func_append compile_command " $qarg" - func_append finalize_command " $qarg" - continue - ;; - xlinker) - func_append linker_flags " $qarg" - func_append compiler_flags " $wl$qarg" - prev= - func_append compile_command " $wl$qarg" - func_append finalize_command " $wl$qarg" - continue - ;; - *) - eval "$prev=\"\$arg\"" - prev= - continue - ;; - esac - fi # test -n "$prev" - - prevarg=$arg - - case $arg in - -all-static) - if test -n "$link_static_flag"; then - # See comment for -static flag below, for more details. - func_append compile_command " $link_static_flag" - func_append finalize_command " $link_static_flag" - fi - continue - ;; - - -allow-undefined) - # FIXME: remove this flag sometime in the future. - func_fatal_error "'-allow-undefined' must not be used because it is the default" - ;; - - -avoid-version) - avoid_version=yes - continue - ;; - - -bindir) - prev=bindir - continue - ;; - - -dlopen) - prev=dlfiles - continue - ;; - - -dlpreopen) - prev=dlprefiles - continue - ;; - - -export-dynamic) - export_dynamic=yes - continue - ;; - - -export-symbols | -export-symbols-regex) - if test -n "$export_symbols" || test -n "$export_symbols_regex"; then - func_fatal_error "more than one -exported-symbols argument is not allowed" - fi - if test X-export-symbols = "X$arg"; then - prev=expsyms - else - prev=expsyms_regex - fi - continue - ;; - - -framework) - prev=framework - continue - ;; - - -inst-prefix-dir) - prev=inst_prefix - continue - ;; - - # The native IRIX linker understands -LANG:*, -LIST:* and -LNO:* - # so, if we see these flags be careful not to treat them like -L - -L[A-Z][A-Z]*:*) - case $with_gcc/$host in - no/*-*-irix* | /*-*-irix*) - func_append compile_command " $arg" - func_append finalize_command " $arg" - ;; - esac - continue - ;; - - -L*) - func_stripname "-L" '' "$arg" - if test -z "$func_stripname_result"; then - if test "$#" -gt 0; then - func_fatal_error "require no space between '-L' and '$1'" - else - func_fatal_error "need path for '-L' option" - fi - fi - func_resolve_sysroot "$func_stripname_result" - dir=$func_resolve_sysroot_result - # We need an absolute path. - case $dir in - [\\/]* | [A-Za-z]:[\\/]*) ;; - *) - absdir=`cd "$dir" && pwd` - test -z "$absdir" && \ - func_fatal_error "cannot determine absolute directory name of '$dir'" - dir=$absdir - ;; - esac - case "$deplibs " in - *" -L$dir "* | *" $arg "*) - # Will only happen for absolute or sysroot arguments - ;; - *) - # Preserve sysroot, but never include relative directories - case $dir in - [\\/]* | [A-Za-z]:[\\/]* | =*) func_append deplibs " $arg" ;; - *) func_append deplibs " -L$dir" ;; - esac - func_append lib_search_path " $dir" - ;; - esac - case $host in - *-*-cygwin* | *-*-mingw* | *-*-pw32* | *-*-os2* | *-cegcc*) - testbindir=`$ECHO "$dir" | $SED 's*/lib$*/bin*'` - case :$dllsearchpath: in - *":$dir:"*) ;; - ::) dllsearchpath=$dir;; - *) func_append dllsearchpath ":$dir";; - esac - case :$dllsearchpath: in - *":$testbindir:"*) ;; - ::) dllsearchpath=$testbindir;; - *) func_append dllsearchpath ":$testbindir";; - esac - ;; - esac - continue - ;; - - -l*) - if test X-lc = "X$arg" || test X-lm = "X$arg"; then - case $host in - *-*-cygwin* | *-*-mingw* | *-*-pw32* | *-*-beos* | *-cegcc* | *-*-haiku*) - # These systems don't actually have a C or math library (as such) - continue - ;; - *-*-os2*) - # These systems don't actually have a C library (as such) - test X-lc = "X$arg" && continue - ;; - *-*-openbsd* | *-*-freebsd* | *-*-dragonfly* | *-*-bitrig*) - # Do not include libc due to us having libc/libc_r. - test X-lc = "X$arg" && continue - ;; - *-*-rhapsody* | *-*-darwin1.[012]) - # Rhapsody C and math libraries are in the System framework - func_append deplibs " System.ltframework" - continue - ;; - *-*-sco3.2v5* | *-*-sco5v6*) - # Causes problems with __ctype - test X-lc = "X$arg" && continue - ;; - *-*-sysv4.2uw2* | *-*-sysv5* | *-*-unixware* | *-*-OpenUNIX*) - # Compiler inserts libc in the correct place for threads to work - test X-lc = "X$arg" && continue - ;; - esac - elif test X-lc_r = "X$arg"; then - case $host in - *-*-openbsd* | *-*-freebsd* | *-*-dragonfly* | *-*-bitrig*) - # Do not include libc_r directly, use -pthread flag. - continue - ;; - esac - fi - func_append deplibs " $arg" - continue - ;; - - -mllvm) - prev=mllvm - continue - ;; - - -module) - module=yes - continue - ;; - - # Tru64 UNIX uses -model [arg] to determine the layout of C++ - # classes, name mangling, and exception handling. - # Darwin uses the -arch flag to determine output architecture. - -model|-arch|-isysroot|--sysroot) - func_append compiler_flags " $arg" - func_append compile_command " $arg" - func_append finalize_command " $arg" - prev=xcompiler - continue - ;; - - -mt|-mthreads|-kthread|-Kthread|-pthread|-pthreads|--thread-safe \ - |-threads|-fopenmp|-openmp|-mp|-xopenmp|-omp|-qsmp=*) - func_append compiler_flags " $arg" - func_append compile_command " $arg" - func_append finalize_command " $arg" - case "$new_inherited_linker_flags " in - *" $arg "*) ;; - * ) func_append new_inherited_linker_flags " $arg" ;; - esac - continue - ;; - - -multi_module) - single_module=$wl-multi_module - continue - ;; - - -no-fast-install) - fast_install=no - continue - ;; - - -no-install) - case $host in - *-*-cygwin* | *-*-mingw* | *-*-pw32* | *-*-os2* | *-*-darwin* | *-cegcc*) - # The PATH hackery in wrapper scripts is required on Windows - # and Darwin in order for the loader to find any dlls it needs. - func_warning "'-no-install' is ignored for $host" - func_warning "assuming '-no-fast-install' instead" - fast_install=no - ;; - *) no_install=yes ;; - esac - continue - ;; - - -no-undefined) - allow_undefined=no - continue - ;; - - -objectlist) - prev=objectlist - continue - ;; - - -os2dllname) - prev=os2dllname - continue - ;; - - -o) prev=output ;; - - -precious-files-regex) - prev=precious_regex - continue - ;; - - -release) - prev=release - continue - ;; - - -rpath) - prev=rpath - continue - ;; - - -R) - prev=xrpath - continue - ;; - - -R*) - func_stripname '-R' '' "$arg" - dir=$func_stripname_result - # We need an absolute path. - case $dir in - [\\/]* | [A-Za-z]:[\\/]*) ;; - =*) - func_stripname '=' '' "$dir" - dir=$lt_sysroot$func_stripname_result - ;; - *) - func_fatal_error "only absolute run-paths are allowed" - ;; - esac - case "$xrpath " in - *" $dir "*) ;; - *) func_append xrpath " $dir" ;; - esac - continue - ;; - - -shared) - # The effects of -shared are defined in a previous loop. - continue - ;; - - -shrext) - prev=shrext - continue - ;; - - -static | -static-libtool-libs) - # The effects of -static are defined in a previous loop. - # We used to do the same as -all-static on platforms that - # didn't have a PIC flag, but the assumption that the effects - # would be equivalent was wrong. It would break on at least - # Digital Unix and AIX. - continue - ;; - - -thread-safe) - thread_safe=yes - continue - ;; - - -version-info) - prev=vinfo - continue - ;; - - -version-number) - prev=vinfo - vinfo_number=yes - continue - ;; - - -weak) - prev=weak - continue - ;; - - -Wc,*) - func_stripname '-Wc,' '' "$arg" - args=$func_stripname_result - arg= - save_ifs=$IFS; IFS=, - for flag in $args; do - IFS=$save_ifs - func_quote_for_eval "$flag" - func_append arg " $func_quote_for_eval_result" - func_append compiler_flags " $func_quote_for_eval_result" - done - IFS=$save_ifs - func_stripname ' ' '' "$arg" - arg=$func_stripname_result - ;; - - -Wl,*) - func_stripname '-Wl,' '' "$arg" - args=$func_stripname_result - arg= - save_ifs=$IFS; IFS=, - for flag in $args; do - IFS=$save_ifs - func_quote_for_eval "$flag" - func_append arg " $wl$func_quote_for_eval_result" - func_append compiler_flags " $wl$func_quote_for_eval_result" - func_append linker_flags " $func_quote_for_eval_result" - done - IFS=$save_ifs - func_stripname ' ' '' "$arg" - arg=$func_stripname_result - ;; - - -Xcompiler) - prev=xcompiler - continue - ;; - - -Xlinker) - prev=xlinker - continue - ;; - - -XCClinker) - prev=xcclinker - continue - ;; - - # -msg_* for osf cc - -msg_*) - func_quote_for_eval "$arg" - arg=$func_quote_for_eval_result - ;; - - # Flags to be passed through unchanged, with rationale: - # -64, -mips[0-9] enable 64-bit mode for the SGI compiler - # -r[0-9][0-9]* specify processor for the SGI compiler - # -xarch=*, -xtarget=* enable 64-bit mode for the Sun compiler - # +DA*, +DD* enable 64-bit mode for the HP compiler - # -q* compiler args for the IBM compiler - # -m*, -t[45]*, -txscale* architecture-specific flags for GCC - # -F/path path to uninstalled frameworks, gcc on darwin - # -p, -pg, --coverage, -fprofile-* profiling flags for GCC - # -fstack-protector* stack protector flags for GCC - # @file GCC response files - # -tp=* Portland pgcc target processor selection - # --sysroot=* for sysroot support - # -O*, -g*, -flto*, -fwhopr*, -fuse-linker-plugin GCC link-time optimization - # -stdlib=* select c++ std lib with clang - -64|-mips[0-9]|-r[0-9][0-9]*|-xarch=*|-xtarget=*|+DA*|+DD*|-q*|-m*| \ - -t[45]*|-txscale*|-p|-pg|--coverage|-fprofile-*|-F*|@*|-tp=*|--sysroot=*| \ - -O*|-g*|-flto*|-fwhopr*|-fuse-linker-plugin|-fstack-protector*|-stdlib=*) - func_quote_for_eval "$arg" - arg=$func_quote_for_eval_result - func_append compile_command " $arg" - func_append finalize_command " $arg" - func_append compiler_flags " $arg" - continue - ;; - - -Z*) - if test os2 = "`expr $host : '.*\(os2\)'`"; then - # OS/2 uses -Zxxx to specify OS/2-specific options - compiler_flags="$compiler_flags $arg" - func_append compile_command " $arg" - func_append finalize_command " $arg" - case $arg in - -Zlinker | -Zstack) - prev=xcompiler - ;; - esac - continue - else - # Otherwise treat like 'Some other compiler flag' below - func_quote_for_eval "$arg" - arg=$func_quote_for_eval_result - fi - ;; - - # Some other compiler flag. - -* | +*) - func_quote_for_eval "$arg" - arg=$func_quote_for_eval_result - ;; - - *.$objext) - # A standard object. - func_append objs " $arg" - ;; - - *.lo) - # A libtool-controlled object. - - # Check to see that this really is a libtool object. - if func_lalib_unsafe_p "$arg"; then - pic_object= - non_pic_object= - - # Read the .lo file - func_source "$arg" - - if test -z "$pic_object" || - test -z "$non_pic_object" || - test none = "$pic_object" && - test none = "$non_pic_object"; then - func_fatal_error "cannot find name of object for '$arg'" - fi - - # Extract subdirectory from the argument. - func_dirname "$arg" "/" "" - xdir=$func_dirname_result - - test none = "$pic_object" || { - # Prepend the subdirectory the object is found in. - pic_object=$xdir$pic_object - - if test dlfiles = "$prev"; then - if test yes = "$build_libtool_libs" && test yes = "$dlopen_support"; then - func_append dlfiles " $pic_object" - prev= - continue - else - # If libtool objects are unsupported, then we need to preload. - prev=dlprefiles - fi - fi - - # CHECK ME: I think I busted this. -Ossama - if test dlprefiles = "$prev"; then - # Preload the old-style object. - func_append dlprefiles " $pic_object" - prev= - fi - - # A PIC object. - func_append libobjs " $pic_object" - arg=$pic_object - } - - # Non-PIC object. - if test none != "$non_pic_object"; then - # Prepend the subdirectory the object is found in. - non_pic_object=$xdir$non_pic_object - - # A standard non-PIC object - func_append non_pic_objects " $non_pic_object" - if test -z "$pic_object" || test none = "$pic_object"; then - arg=$non_pic_object - fi - else - # If the PIC object exists, use it instead. - # $xdir was prepended to $pic_object above. - non_pic_object=$pic_object - func_append non_pic_objects " $non_pic_object" - fi - else - # Only an error if not doing a dry-run. - if $opt_dry_run; then - # Extract subdirectory from the argument. - func_dirname "$arg" "/" "" - xdir=$func_dirname_result - - func_lo2o "$arg" - pic_object=$xdir$objdir/$func_lo2o_result - non_pic_object=$xdir$func_lo2o_result - func_append libobjs " $pic_object" - func_append non_pic_objects " $non_pic_object" - else - func_fatal_error "'$arg' is not a valid libtool object" - fi - fi - ;; - - *.$libext) - # An archive. - func_append deplibs " $arg" - func_append old_deplibs " $arg" - continue - ;; - - *.la) - # A libtool-controlled library. - - func_resolve_sysroot "$arg" - if test dlfiles = "$prev"; then - # This library was specified with -dlopen. - func_append dlfiles " $func_resolve_sysroot_result" - prev= - elif test dlprefiles = "$prev"; then - # The library was specified with -dlpreopen. - func_append dlprefiles " $func_resolve_sysroot_result" - prev= - else - func_append deplibs " $func_resolve_sysroot_result" - fi - continue - ;; - - # Some other compiler argument. - *) - # Unknown arguments in both finalize_command and compile_command need - # to be aesthetically quoted because they are evaled later. - func_quote_for_eval "$arg" - arg=$func_quote_for_eval_result - ;; - esac # arg - - # Now actually substitute the argument into the commands. - if test -n "$arg"; then - func_append compile_command " $arg" - func_append finalize_command " $arg" - fi - done # argument parsing loop - - test -n "$prev" && \ - func_fatal_help "the '$prevarg' option requires an argument" - - if test yes = "$export_dynamic" && test -n "$export_dynamic_flag_spec"; then - eval arg=\"$export_dynamic_flag_spec\" - func_append compile_command " $arg" - func_append finalize_command " $arg" - fi - - oldlibs= - # calculate the name of the file, without its directory - func_basename "$output" - outputname=$func_basename_result - libobjs_save=$libobjs - - if test -n "$shlibpath_var"; then - # get the directories listed in $shlibpath_var - eval shlib_search_path=\`\$ECHO \"\$$shlibpath_var\" \| \$SED \'s/:/ /g\'\` - else - shlib_search_path= - fi - eval sys_lib_search_path=\"$sys_lib_search_path_spec\" - eval sys_lib_dlsearch_path=\"$sys_lib_dlsearch_path_spec\" - - # Definition is injected by LT_CONFIG during libtool generation. - func_munge_path_list sys_lib_dlsearch_path "$LT_SYS_LIBRARY_PATH" - - func_dirname "$output" "/" "" - output_objdir=$func_dirname_result$objdir - func_to_tool_file "$output_objdir/" - tool_output_objdir=$func_to_tool_file_result - # Create the object directory. - func_mkdir_p "$output_objdir" - - # Determine the type of output - case $output in - "") - func_fatal_help "you must specify an output file" - ;; - *.$libext) linkmode=oldlib ;; - *.lo | *.$objext) linkmode=obj ;; - *.la) linkmode=lib ;; - *) linkmode=prog ;; # Anything else should be a program. - esac - - specialdeplibs= - - libs= - # Find all interdependent deplibs by searching for libraries - # that are linked more than once (e.g. -la -lb -la) - for deplib in $deplibs; do - if $opt_preserve_dup_deps; then - case "$libs " in - *" $deplib "*) func_append specialdeplibs " $deplib" ;; - esac - fi - func_append libs " $deplib" - done - - if test lib = "$linkmode"; then - libs="$predeps $libs $compiler_lib_search_path $postdeps" - - # Compute libraries that are listed more than once in $predeps - # $postdeps and mark them as special (i.e., whose duplicates are - # not to be eliminated). - pre_post_deps= - if $opt_duplicate_compiler_generated_deps; then - for pre_post_dep in $predeps $postdeps; do - case "$pre_post_deps " in - *" $pre_post_dep "*) func_append specialdeplibs " $pre_post_deps" ;; - esac - func_append pre_post_deps " $pre_post_dep" - done - fi - pre_post_deps= - fi - - deplibs= - newdependency_libs= - newlib_search_path= - need_relink=no # whether we're linking any uninstalled libtool libraries - notinst_deplibs= # not-installed libtool libraries - notinst_path= # paths that contain not-installed libtool libraries - - case $linkmode in - lib) - passes="conv dlpreopen link" - for file in $dlfiles $dlprefiles; do - case $file in - *.la) ;; - *) - func_fatal_help "libraries can '-dlopen' only libtool libraries: $file" - ;; - esac - done - ;; - prog) - compile_deplibs= - finalize_deplibs= - alldeplibs=false - newdlfiles= - newdlprefiles= - passes="conv scan dlopen dlpreopen link" - ;; - *) passes="conv" - ;; - esac - - for pass in $passes; do - # The preopen pass in lib mode reverses $deplibs; put it back here - # so that -L comes before libs that need it for instance... - if test lib,link = "$linkmode,$pass"; then - ## FIXME: Find the place where the list is rebuilt in the wrong - ## order, and fix it there properly - tmp_deplibs= - for deplib in $deplibs; do - tmp_deplibs="$deplib $tmp_deplibs" - done - deplibs=$tmp_deplibs - fi - - if test lib,link = "$linkmode,$pass" || - test prog,scan = "$linkmode,$pass"; then - libs=$deplibs - deplibs= - fi - if test prog = "$linkmode"; then - case $pass in - dlopen) libs=$dlfiles ;; - dlpreopen) libs=$dlprefiles ;; - link) libs="$deplibs %DEPLIBS% $dependency_libs" ;; - esac - fi - if test lib,dlpreopen = "$linkmode,$pass"; then - # Collect and forward deplibs of preopened libtool libs - for lib in $dlprefiles; do - # Ignore non-libtool-libs - dependency_libs= - func_resolve_sysroot "$lib" - case $lib in - *.la) func_source "$func_resolve_sysroot_result" ;; - esac - - # Collect preopened libtool deplibs, except any this library - # has declared as weak libs - for deplib in $dependency_libs; do - func_basename "$deplib" - deplib_base=$func_basename_result - case " $weak_libs " in - *" $deplib_base "*) ;; - *) func_append deplibs " $deplib" ;; - esac - done - done - libs=$dlprefiles - fi - if test dlopen = "$pass"; then - # Collect dlpreopened libraries - save_deplibs=$deplibs - deplibs= - fi - - for deplib in $libs; do - lib= - found=false - case $deplib in - -mt|-mthreads|-kthread|-Kthread|-pthread|-pthreads|--thread-safe \ - |-threads|-fopenmp|-openmp|-mp|-xopenmp|-omp|-qsmp=*) - if test prog,link = "$linkmode,$pass"; then - compile_deplibs="$deplib $compile_deplibs" - finalize_deplibs="$deplib $finalize_deplibs" - else - func_append compiler_flags " $deplib" - if test lib = "$linkmode"; then - case "$new_inherited_linker_flags " in - *" $deplib "*) ;; - * ) func_append new_inherited_linker_flags " $deplib" ;; - esac - fi - fi - continue - ;; - -l*) - if test lib != "$linkmode" && test prog != "$linkmode"; then - func_warning "'-l' is ignored for archives/objects" - continue - fi - func_stripname '-l' '' "$deplib" - name=$func_stripname_result - if test lib = "$linkmode"; then - searchdirs="$newlib_search_path $lib_search_path $compiler_lib_search_dirs $sys_lib_search_path $shlib_search_path" - else - searchdirs="$newlib_search_path $lib_search_path $sys_lib_search_path $shlib_search_path" - fi - for searchdir in $searchdirs; do - for search_ext in .la $std_shrext .so .a; do - # Search the libtool library - lib=$searchdir/lib$name$search_ext - if test -f "$lib"; then - if test .la = "$search_ext"; then - found=: - else - found=false - fi - break 2 - fi - done - done - if $found; then - # deplib is a libtool library - # If $allow_libtool_libs_with_static_runtimes && $deplib is a stdlib, - # We need to do some special things here, and not later. - if test yes = "$allow_libtool_libs_with_static_runtimes"; then - case " $predeps $postdeps " in - *" $deplib "*) - if func_lalib_p "$lib"; then - library_names= - old_library= - func_source "$lib" - for l in $old_library $library_names; do - ll=$l - done - if test "X$ll" = "X$old_library"; then # only static version available - found=false - func_dirname "$lib" "" "." - ladir=$func_dirname_result - lib=$ladir/$old_library - if test prog,link = "$linkmode,$pass"; then - compile_deplibs="$deplib $compile_deplibs" - finalize_deplibs="$deplib $finalize_deplibs" - else - deplibs="$deplib $deplibs" - test lib = "$linkmode" && newdependency_libs="$deplib $newdependency_libs" - fi - continue - fi - fi - ;; - *) ;; - esac - fi - else - # deplib doesn't seem to be a libtool library - if test prog,link = "$linkmode,$pass"; then - compile_deplibs="$deplib $compile_deplibs" - finalize_deplibs="$deplib $finalize_deplibs" - else - deplibs="$deplib $deplibs" - test lib = "$linkmode" && newdependency_libs="$deplib $newdependency_libs" - fi - continue - fi - ;; # -l - *.ltframework) - if test prog,link = "$linkmode,$pass"; then - compile_deplibs="$deplib $compile_deplibs" - finalize_deplibs="$deplib $finalize_deplibs" - else - deplibs="$deplib $deplibs" - if test lib = "$linkmode"; then - case "$new_inherited_linker_flags " in - *" $deplib "*) ;; - * ) func_append new_inherited_linker_flags " $deplib" ;; - esac - fi - fi - continue - ;; - -L*) - case $linkmode in - lib) - deplibs="$deplib $deplibs" - test conv = "$pass" && continue - newdependency_libs="$deplib $newdependency_libs" - func_stripname '-L' '' "$deplib" - func_resolve_sysroot "$func_stripname_result" - func_append newlib_search_path " $func_resolve_sysroot_result" - ;; - prog) - if test conv = "$pass"; then - deplibs="$deplib $deplibs" - continue - fi - if test scan = "$pass"; then - deplibs="$deplib $deplibs" - else - compile_deplibs="$deplib $compile_deplibs" - finalize_deplibs="$deplib $finalize_deplibs" - fi - func_stripname '-L' '' "$deplib" - func_resolve_sysroot "$func_stripname_result" - func_append newlib_search_path " $func_resolve_sysroot_result" - ;; - *) - func_warning "'-L' is ignored for archives/objects" - ;; - esac # linkmode - continue - ;; # -L - -R*) - if test link = "$pass"; then - func_stripname '-R' '' "$deplib" - func_resolve_sysroot "$func_stripname_result" - dir=$func_resolve_sysroot_result - # Make sure the xrpath contains only unique directories. - case "$xrpath " in - *" $dir "*) ;; - *) func_append xrpath " $dir" ;; - esac - fi - deplibs="$deplib $deplibs" - continue - ;; - *.la) - func_resolve_sysroot "$deplib" - lib=$func_resolve_sysroot_result - ;; - *.$libext) - if test conv = "$pass"; then - deplibs="$deplib $deplibs" - continue - fi - case $linkmode in - lib) - # Linking convenience modules into shared libraries is allowed, - # but linking other static libraries is non-portable. - case " $dlpreconveniencelibs " in - *" $deplib "*) ;; - *) - valid_a_lib=false - case $deplibs_check_method in - match_pattern*) - set dummy $deplibs_check_method; shift - match_pattern_regex=`expr "$deplibs_check_method" : "$1 \(.*\)"` - if eval "\$ECHO \"$deplib\"" 2>/dev/null | $SED 10q \ - | $EGREP "$match_pattern_regex" > /dev/null; then - valid_a_lib=: - fi - ;; - pass_all) - valid_a_lib=: - ;; - esac - if $valid_a_lib; then - echo - $ECHO "*** Warning: Linking the shared library $output against the" - $ECHO "*** static library $deplib is not portable!" - deplibs="$deplib $deplibs" - else - echo - $ECHO "*** Warning: Trying to link with static lib archive $deplib." - echo "*** I have the capability to make that library automatically link in when" - echo "*** you link to this library. But I can only do this if you have a" - echo "*** shared version of the library, which you do not appear to have" - echo "*** because the file extensions .$libext of this argument makes me believe" - echo "*** that it is just a static archive that I should not use here." - fi - ;; - esac - continue - ;; - prog) - if test link != "$pass"; then - deplibs="$deplib $deplibs" - else - compile_deplibs="$deplib $compile_deplibs" - finalize_deplibs="$deplib $finalize_deplibs" - fi - continue - ;; - esac # linkmode - ;; # *.$libext - *.lo | *.$objext) - if test conv = "$pass"; then - deplibs="$deplib $deplibs" - elif test prog = "$linkmode"; then - if test dlpreopen = "$pass" || test yes != "$dlopen_support" || test no = "$build_libtool_libs"; then - # If there is no dlopen support or we're linking statically, - # we need to preload. - func_append newdlprefiles " $deplib" - compile_deplibs="$deplib $compile_deplibs" - finalize_deplibs="$deplib $finalize_deplibs" - else - func_append newdlfiles " $deplib" - fi - fi - continue - ;; - %DEPLIBS%) - alldeplibs=: - continue - ;; - esac # case $deplib - - $found || test -f "$lib" \ - || func_fatal_error "cannot find the library '$lib' or unhandled argument '$deplib'" - - # Check to see that this really is a libtool archive. - func_lalib_unsafe_p "$lib" \ - || func_fatal_error "'$lib' is not a valid libtool archive" - - func_dirname "$lib" "" "." - ladir=$func_dirname_result - - dlname= - dlopen= - dlpreopen= - libdir= - library_names= - old_library= - inherited_linker_flags= - # If the library was installed with an old release of libtool, - # it will not redefine variables installed, or shouldnotlink - installed=yes - shouldnotlink=no - avoidtemprpath= - - - # Read the .la file - func_source "$lib" - - # Convert "-framework foo" to "foo.ltframework" - if test -n "$inherited_linker_flags"; then - tmp_inherited_linker_flags=`$ECHO "$inherited_linker_flags" | $SED 's/-framework \([^ $]*\)/\1.ltframework/g'` - for tmp_inherited_linker_flag in $tmp_inherited_linker_flags; do - case " $new_inherited_linker_flags " in - *" $tmp_inherited_linker_flag "*) ;; - *) func_append new_inherited_linker_flags " $tmp_inherited_linker_flag";; - esac - done - fi - dependency_libs=`$ECHO " $dependency_libs" | $SED 's% \([^ $]*\).ltframework% -framework \1%g'` - if test lib,link = "$linkmode,$pass" || - test prog,scan = "$linkmode,$pass" || - { test prog != "$linkmode" && test lib != "$linkmode"; }; then - test -n "$dlopen" && func_append dlfiles " $dlopen" - test -n "$dlpreopen" && func_append dlprefiles " $dlpreopen" - fi - - if test conv = "$pass"; then - # Only check for convenience libraries - deplibs="$lib $deplibs" - if test -z "$libdir"; then - if test -z "$old_library"; then - func_fatal_error "cannot find name of link library for '$lib'" - fi - # It is a libtool convenience library, so add in its objects. - func_append convenience " $ladir/$objdir/$old_library" - func_append old_convenience " $ladir/$objdir/$old_library" - elif test prog != "$linkmode" && test lib != "$linkmode"; then - func_fatal_error "'$lib' is not a convenience library" - fi - tmp_libs= - for deplib in $dependency_libs; do - deplibs="$deplib $deplibs" - if $opt_preserve_dup_deps; then - case "$tmp_libs " in - *" $deplib "*) func_append specialdeplibs " $deplib" ;; - esac - fi - func_append tmp_libs " $deplib" - done - continue - fi # $pass = conv - - - # Get the name of the library we link against. - linklib= - if test -n "$old_library" && - { test yes = "$prefer_static_libs" || - test built,no = "$prefer_static_libs,$installed"; }; then - linklib=$old_library - else - for l in $old_library $library_names; do - linklib=$l - done - fi - if test -z "$linklib"; then - func_fatal_error "cannot find name of link library for '$lib'" - fi - - # This library was specified with -dlopen. - if test dlopen = "$pass"; then - test -z "$libdir" \ - && func_fatal_error "cannot -dlopen a convenience library: '$lib'" - if test -z "$dlname" || - test yes != "$dlopen_support" || - test no = "$build_libtool_libs" - then - # If there is no dlname, no dlopen support or we're linking - # statically, we need to preload. We also need to preload any - # dependent libraries so libltdl's deplib preloader doesn't - # bomb out in the load deplibs phase. - func_append dlprefiles " $lib $dependency_libs" - else - func_append newdlfiles " $lib" - fi - continue - fi # $pass = dlopen - - # We need an absolute path. - case $ladir in - [\\/]* | [A-Za-z]:[\\/]*) abs_ladir=$ladir ;; - *) - abs_ladir=`cd "$ladir" && pwd` - if test -z "$abs_ladir"; then - func_warning "cannot determine absolute directory name of '$ladir'" - func_warning "passing it literally to the linker, although it might fail" - abs_ladir=$ladir - fi - ;; - esac - func_basename "$lib" - laname=$func_basename_result - - # Find the relevant object directory and library name. - if test yes = "$installed"; then - if test ! -f "$lt_sysroot$libdir/$linklib" && test -f "$abs_ladir/$linklib"; then - func_warning "library '$lib' was moved." - dir=$ladir - absdir=$abs_ladir - libdir=$abs_ladir - else - dir=$lt_sysroot$libdir - absdir=$lt_sysroot$libdir - fi - test yes = "$hardcode_automatic" && avoidtemprpath=yes - else - if test ! -f "$ladir/$objdir/$linklib" && test -f "$abs_ladir/$linklib"; then - dir=$ladir - absdir=$abs_ladir - # Remove this search path later - func_append notinst_path " $abs_ladir" - else - dir=$ladir/$objdir - absdir=$abs_ladir/$objdir - # Remove this search path later - func_append notinst_path " $abs_ladir" - fi - fi # $installed = yes - func_stripname 'lib' '.la' "$laname" - name=$func_stripname_result - - # This library was specified with -dlpreopen. - if test dlpreopen = "$pass"; then - if test -z "$libdir" && test prog = "$linkmode"; then - func_fatal_error "only libraries may -dlpreopen a convenience library: '$lib'" - fi - case $host in - # special handling for platforms with PE-DLLs. - *cygwin* | *mingw* | *cegcc* ) - # Linker will automatically link against shared library if both - # static and shared are present. Therefore, ensure we extract - # symbols from the import library if a shared library is present - # (otherwise, the dlopen module name will be incorrect). We do - # this by putting the import library name into $newdlprefiles. - # We recover the dlopen module name by 'saving' the la file - # name in a special purpose variable, and (later) extracting the - # dlname from the la file. - if test -n "$dlname"; then - func_tr_sh "$dir/$linklib" - eval "libfile_$func_tr_sh_result=\$abs_ladir/\$laname" - func_append newdlprefiles " $dir/$linklib" - else - func_append newdlprefiles " $dir/$old_library" - # Keep a list of preopened convenience libraries to check - # that they are being used correctly in the link pass. - test -z "$libdir" && \ - func_append dlpreconveniencelibs " $dir/$old_library" - fi - ;; - * ) - # Prefer using a static library (so that no silly _DYNAMIC symbols - # are required to link). - if test -n "$old_library"; then - func_append newdlprefiles " $dir/$old_library" - # Keep a list of preopened convenience libraries to check - # that they are being used correctly in the link pass. - test -z "$libdir" && \ - func_append dlpreconveniencelibs " $dir/$old_library" - # Otherwise, use the dlname, so that lt_dlopen finds it. - elif test -n "$dlname"; then - func_append newdlprefiles " $dir/$dlname" - else - func_append newdlprefiles " $dir/$linklib" - fi - ;; - esac - fi # $pass = dlpreopen - - if test -z "$libdir"; then - # Link the convenience library - if test lib = "$linkmode"; then - deplibs="$dir/$old_library $deplibs" - elif test prog,link = "$linkmode,$pass"; then - compile_deplibs="$dir/$old_library $compile_deplibs" - finalize_deplibs="$dir/$old_library $finalize_deplibs" - else - deplibs="$lib $deplibs" # used for prog,scan pass - fi - continue - fi - - - if test prog = "$linkmode" && test link != "$pass"; then - func_append newlib_search_path " $ladir" - deplibs="$lib $deplibs" - - linkalldeplibs=false - if test no != "$link_all_deplibs" || test -z "$library_names" || - test no = "$build_libtool_libs"; then - linkalldeplibs=: - fi - - tmp_libs= - for deplib in $dependency_libs; do - case $deplib in - -L*) func_stripname '-L' '' "$deplib" - func_resolve_sysroot "$func_stripname_result" - func_append newlib_search_path " $func_resolve_sysroot_result" - ;; - esac - # Need to link against all dependency_libs? - if $linkalldeplibs; then - deplibs="$deplib $deplibs" - else - # Need to hardcode shared library paths - # or/and link against static libraries - newdependency_libs="$deplib $newdependency_libs" - fi - if $opt_preserve_dup_deps; then - case "$tmp_libs " in - *" $deplib "*) func_append specialdeplibs " $deplib" ;; - esac - fi - func_append tmp_libs " $deplib" - done # for deplib - continue - fi # $linkmode = prog... - - if test prog,link = "$linkmode,$pass"; then - if test -n "$library_names" && - { { test no = "$prefer_static_libs" || - test built,yes = "$prefer_static_libs,$installed"; } || - test -z "$old_library"; }; then - # We need to hardcode the library path - if test -n "$shlibpath_var" && test -z "$avoidtemprpath"; then - # Make sure the rpath contains only unique directories. - case $temp_rpath: in - *"$absdir:"*) ;; - *) func_append temp_rpath "$absdir:" ;; - esac - fi - - # Hardcode the library path. - # Skip directories that are in the system default run-time - # search path. - case " $sys_lib_dlsearch_path " in - *" $absdir "*) ;; - *) - case "$compile_rpath " in - *" $absdir "*) ;; - *) func_append compile_rpath " $absdir" ;; - esac - ;; - esac - case " $sys_lib_dlsearch_path " in - *" $libdir "*) ;; - *) - case "$finalize_rpath " in - *" $libdir "*) ;; - *) func_append finalize_rpath " $libdir" ;; - esac - ;; - esac - fi # $linkmode,$pass = prog,link... - - if $alldeplibs && - { test pass_all = "$deplibs_check_method" || - { test yes = "$build_libtool_libs" && - test -n "$library_names"; }; }; then - # We only need to search for static libraries - continue - fi - fi - - link_static=no # Whether the deplib will be linked statically - use_static_libs=$prefer_static_libs - if test built = "$use_static_libs" && test yes = "$installed"; then - use_static_libs=no - fi - if test -n "$library_names" && - { test no = "$use_static_libs" || test -z "$old_library"; }; then - case $host in - *cygwin* | *mingw* | *cegcc* | *os2*) - # No point in relinking DLLs because paths are not encoded - func_append notinst_deplibs " $lib" - need_relink=no - ;; - *) - if test no = "$installed"; then - func_append notinst_deplibs " $lib" - need_relink=yes - fi - ;; - esac - # This is a shared library - - # Warn about portability, can't link against -module's on some - # systems (darwin). Don't bleat about dlopened modules though! - dlopenmodule= - for dlpremoduletest in $dlprefiles; do - if test "X$dlpremoduletest" = "X$lib"; then - dlopenmodule=$dlpremoduletest - break - fi - done - if test -z "$dlopenmodule" && test yes = "$shouldnotlink" && test link = "$pass"; then - echo - if test prog = "$linkmode"; then - $ECHO "*** Warning: Linking the executable $output against the loadable module" - else - $ECHO "*** Warning: Linking the shared library $output against the loadable module" - fi - $ECHO "*** $linklib is not portable!" - fi - if test lib = "$linkmode" && - test yes = "$hardcode_into_libs"; then - # Hardcode the library path. - # Skip directories that are in the system default run-time - # search path. - case " $sys_lib_dlsearch_path " in - *" $absdir "*) ;; - *) - case "$compile_rpath " in - *" $absdir "*) ;; - *) func_append compile_rpath " $absdir" ;; - esac - ;; - esac - case " $sys_lib_dlsearch_path " in - *" $libdir "*) ;; - *) - case "$finalize_rpath " in - *" $libdir "*) ;; - *) func_append finalize_rpath " $libdir" ;; - esac - ;; - esac - fi - - if test -n "$old_archive_from_expsyms_cmds"; then - # figure out the soname - set dummy $library_names - shift - realname=$1 - shift - libname=`eval "\\$ECHO \"$libname_spec\""` - # use dlname if we got it. it's perfectly good, no? - if test -n "$dlname"; then - soname=$dlname - elif test -n "$soname_spec"; then - # bleh windows - case $host in - *cygwin* | mingw* | *cegcc* | *os2*) - func_arith $current - $age - major=$func_arith_result - versuffix=-$major - ;; - esac - eval soname=\"$soname_spec\" - else - soname=$realname - fi - - # Make a new name for the extract_expsyms_cmds to use - soroot=$soname - func_basename "$soroot" - soname=$func_basename_result - func_stripname 'lib' '.dll' "$soname" - newlib=libimp-$func_stripname_result.a - - # If the library has no export list, then create one now - if test -f "$output_objdir/$soname-def"; then : - else - func_verbose "extracting exported symbol list from '$soname'" - func_execute_cmds "$extract_expsyms_cmds" 'exit $?' - fi - - # Create $newlib - if test -f "$output_objdir/$newlib"; then :; else - func_verbose "generating import library for '$soname'" - func_execute_cmds "$old_archive_from_expsyms_cmds" 'exit $?' - fi - # make sure the library variables are pointing to the new library - dir=$output_objdir - linklib=$newlib - fi # test -n "$old_archive_from_expsyms_cmds" - - if test prog = "$linkmode" || test relink != "$opt_mode"; then - add_shlibpath= - add_dir= - add= - lib_linked=yes - case $hardcode_action in - immediate | unsupported) - if test no = "$hardcode_direct"; then - add=$dir/$linklib - case $host in - *-*-sco3.2v5.0.[024]*) add_dir=-L$dir ;; - *-*-sysv4*uw2*) add_dir=-L$dir ;; - *-*-sysv5OpenUNIX* | *-*-sysv5UnixWare7.[01].[10]* | \ - *-*-unixware7*) add_dir=-L$dir ;; - *-*-darwin* ) - # if the lib is a (non-dlopened) module then we cannot - # link against it, someone is ignoring the earlier warnings - if /usr/bin/file -L $add 2> /dev/null | - $GREP ": [^:]* bundle" >/dev/null; then - if test "X$dlopenmodule" != "X$lib"; then - $ECHO "*** Warning: lib $linklib is a module, not a shared library" - if test -z "$old_library"; then - echo - echo "*** And there doesn't seem to be a static archive available" - echo "*** The link will probably fail, sorry" - else - add=$dir/$old_library - fi - elif test -n "$old_library"; then - add=$dir/$old_library - fi - fi - esac - elif test no = "$hardcode_minus_L"; then - case $host in - *-*-sunos*) add_shlibpath=$dir ;; - esac - add_dir=-L$dir - add=-l$name - elif test no = "$hardcode_shlibpath_var"; then - add_shlibpath=$dir - add=-l$name - elif test -n "$fix_hardcoded_libdir_flag_spec"; then - add_dir="-L${absdir}" - add="-l$name" - if test "${linkmode}" = prog && test "X${absdir}" != "X${libdir}"; then - linkdir=$absdir - eval "fix_hardcoded_libdir_flag=\"\${fix_hardcoded_libdir_flag} ${fix_hardcoded_libdir_flag_spec}\"" - # fix_hardcoded_libdir_flag_ld not needed, programs are linked with $CC - $lt_unset linkdir - fi - else - lib_linked=no - fi - ;; - relink) - if test yes = "$hardcode_direct" && - test no = "$hardcode_direct_absolute"; then - add=$dir/$linklib - elif test yes = "$hardcode_minus_L"; then - add_dir=-L$absdir - # Try looking first in the location we're being installed to. - if test -n "$inst_prefix_dir"; then - case $libdir in - [\\/]*) - func_append add_dir " -L$inst_prefix_dir$libdir" - ;; - esac - fi - add=-l$name - elif test yes = "$hardcode_shlibpath_var"; then - add_shlibpath=$dir - add=-l$name - else - lib_linked=no - fi - ;; - *) lib_linked=no ;; - esac - - if test yes != "$lib_linked"; then - func_fatal_configuration "unsupported hardcode properties" - fi - - if test -n "$add_shlibpath"; then - case :$compile_shlibpath: in - *":$add_shlibpath:"*) ;; - *) func_append compile_shlibpath "$add_shlibpath:" ;; - esac - fi - if test prog = "$linkmode"; then - test -n "$add_dir" && compile_deplibs="$add_dir $compile_deplibs" - test -n "$add" && compile_deplibs="$add $compile_deplibs" - else - test -n "$add_dir" && deplibs="$add_dir $deplibs" - test -n "$add" && deplibs="$add $deplibs" - if test yes != "$hardcode_direct" && - test yes != "$hardcode_minus_L" && - test yes = "$hardcode_shlibpath_var"; then - case :$finalize_shlibpath: in - *":$libdir:"*) ;; - *) func_append finalize_shlibpath "$libdir:" ;; - esac - fi - fi - fi - - if test prog = "$linkmode" || test relink = "$opt_mode"; then - add_shlibpath= - add_dir= - add= - # Finalize command for both is simple: just hardcode it. - if test yes = "$hardcode_direct" && - test no = "$hardcode_direct_absolute"; then - add=$libdir/$linklib - elif test yes = "$hardcode_minus_L"; then - add_dir=-L$libdir - add=-l$name - if test -n "$inst_prefix_dir" && - test -f "$inst_prefix_dir$libdir/$linklib" && - test -n "${fix_hardcoded_libdir_flag_spec}"; then - linkdir="$inst_prefix_dir$libdir" - add_dir="-L$linkdir" - eval "fix_hardcoded_libdir_flag=\"\${fix_hardcoded_libdir_flag} ${fix_hardcoded_libdir_flag_spec}\"" - eval "fix_hardcoded_libdir_flag_ld=\"\${fix_hardcoded_libdir_flag_ld} ${fix_hardcoded_libdir_flag_spec_ld}\"" - $lt_unset linkdir - fi - elif test yes = "$hardcode_shlibpath_var"; then - case :$finalize_shlibpath: in - *":$libdir:"*) ;; - *) func_append finalize_shlibpath "$libdir:" ;; - esac - add=-l$name - elif test yes = "$hardcode_automatic"; then - if test -n "$inst_prefix_dir" && - test -f "$inst_prefix_dir$libdir/$linklib"; then - add=$inst_prefix_dir$libdir/$linklib - else - add=$libdir/$linklib - fi - else - # We cannot seem to hardcode it, guess we'll fake it. - add_dir=-L$libdir - # Try looking first in the location we're being installed to. - if test -n "$inst_prefix_dir"; then - case $libdir in - [\\/]*) - func_append add_dir " -L$inst_prefix_dir$libdir" - ;; - esac - fi - add=-l$name - fi - - if test prog = "$linkmode"; then - test -n "$add_dir" && finalize_deplibs="$add_dir $finalize_deplibs" - test -n "$add" && finalize_deplibs="$add $finalize_deplibs" - else - test -n "$add_dir" && deplibs="$add_dir $deplibs" - test -n "$add" && deplibs="$add $deplibs" - fi - fi - elif test prog = "$linkmode"; then - # Here we assume that one of hardcode_direct or hardcode_minus_L - # is not unsupported. This is valid on all known static and - # shared platforms. - if test unsupported != "$hardcode_direct"; then - test -n "$old_library" && linklib=$old_library - compile_deplibs="$dir/$linklib $compile_deplibs" - finalize_deplibs="$dir/$linklib $finalize_deplibs" - else - compile_deplibs="-l$name -L$dir $compile_deplibs" - finalize_deplibs="-l$name -L$dir $finalize_deplibs" - fi - elif test yes = "$build_libtool_libs"; then - # Not a shared library - if test pass_all != "$deplibs_check_method"; then - # We're trying link a shared library against a static one - # but the system doesn't support it. - - # Just print a warning and add the library to dependency_libs so - # that the program can be linked against the static library. - echo - $ECHO "*** Warning: This system cannot link to static lib archive $lib." - echo "*** I have the capability to make that library automatically link in when" - echo "*** you link to this library. But I can only do this if you have a" - echo "*** shared version of the library, which you do not appear to have." - if test yes = "$module"; then - echo "*** But as you try to build a module library, libtool will still create " - echo "*** a static module, that should work as long as the dlopening application" - echo "*** is linked with the -dlopen flag to resolve symbols at runtime." - if test -z "$global_symbol_pipe"; then - echo - echo "*** However, this would only work if libtool was able to extract symbol" - echo "*** lists from a program, using 'nm' or equivalent, but libtool could" - echo "*** not find such a program. So, this module is probably useless." - echo "*** 'nm' from GNU binutils and a full rebuild may help." - fi - if test no = "$build_old_libs"; then - build_libtool_libs=module - build_old_libs=yes - else - build_libtool_libs=no - fi - fi - else - deplibs="$dir/$old_library $deplibs" - link_static=yes - fi - fi # link shared/static library? - - if test lib = "$linkmode"; then - if test -n "$dependency_libs" && - { test yes != "$hardcode_into_libs" || - test yes = "$build_old_libs" || - test yes = "$link_static"; }; then - # Extract -R from dependency_libs - temp_deplibs= - for libdir in $dependency_libs; do - case $libdir in - -R*) func_stripname '-R' '' "$libdir" - temp_xrpath=$func_stripname_result - case " $xrpath " in - *" $temp_xrpath "*) ;; - *) func_append xrpath " $temp_xrpath";; - esac;; - *) func_append temp_deplibs " $libdir";; - esac - done - dependency_libs=$temp_deplibs - fi - - func_append newlib_search_path " $absdir" - # Link against this library - test no = "$link_static" && newdependency_libs="$abs_ladir/$laname $newdependency_libs" - # ... and its dependency_libs - tmp_libs= - for deplib in $dependency_libs; do - newdependency_libs="$deplib $newdependency_libs" - case $deplib in - -L*) func_stripname '-L' '' "$deplib" - func_resolve_sysroot "$func_stripname_result";; - *) func_resolve_sysroot "$deplib" ;; - esac - if $opt_preserve_dup_deps; then - case "$tmp_libs " in - *" $func_resolve_sysroot_result "*) - func_append specialdeplibs " $func_resolve_sysroot_result" ;; - esac - fi - func_append tmp_libs " $func_resolve_sysroot_result" - done - - if test no != "$link_all_deplibs"; then - # Add the search paths of all dependency libraries - for deplib in $dependency_libs; do - path= - case $deplib in - -L*) path=$deplib ;; - *.la) - func_resolve_sysroot "$deplib" - deplib=$func_resolve_sysroot_result - func_dirname "$deplib" "" "." - dir=$func_dirname_result - # We need an absolute path. - case $dir in - [\\/]* | [A-Za-z]:[\\/]*) absdir=$dir ;; - *) - absdir=`cd "$dir" && pwd` - if test -z "$absdir"; then - func_warning "cannot determine absolute directory name of '$dir'" - absdir=$dir - fi - ;; - esac - if $GREP "^installed=no" $deplib > /dev/null; then - case $host in - *-*-darwin*) - depdepl= - eval deplibrary_names=`$SED -n -e 's/^library_names=\(.*\)$/\1/p' $deplib` - if test -n "$deplibrary_names"; then - for tmp in $deplibrary_names; do - depdepl=$tmp - done - if test -f "$absdir/$objdir/$depdepl"; then - depdepl=$absdir/$objdir/$depdepl - darwin_install_name=`$OTOOL -L $depdepl | awk '{if (NR == 2) {print $1;exit}}'` - if test -z "$darwin_install_name"; then - darwin_install_name=`$OTOOL64 -L $depdepl | awk '{if (NR == 2) {print $1;exit}}'` - fi - func_append compiler_flags " $wl-dylib_file $wl$darwin_install_name:$depdepl" - func_append linker_flags " -dylib_file $darwin_install_name:$depdepl" - path= - fi - fi - ;; - *) - path=-L$absdir/$objdir - ;; - esac - else - eval libdir=`$SED -n -e 's/^libdir=\(.*\)$/\1/p' $deplib` - test -z "$libdir" && \ - func_fatal_error "'$deplib' is not a valid libtool archive" - test "$absdir" != "$libdir" && \ - func_warning "'$deplib' seems to be moved" - - path=-L$absdir - fi - ;; - esac - case " $deplibs " in - *" $path "*) ;; - *) deplibs="$path $deplibs" ;; - esac - done - fi # link_all_deplibs != no - fi # linkmode = lib - done # for deplib in $libs - if test link = "$pass"; then - if test prog = "$linkmode"; then - compile_deplibs="$new_inherited_linker_flags $compile_deplibs" - finalize_deplibs="$new_inherited_linker_flags $finalize_deplibs" - else - compiler_flags="$compiler_flags "`$ECHO " $new_inherited_linker_flags" | $SED 's% \([^ $]*\).ltframework% -framework \1%g'` - fi - fi - dependency_libs=$newdependency_libs - if test dlpreopen = "$pass"; then - # Link the dlpreopened libraries before other libraries - for deplib in $save_deplibs; do - deplibs="$deplib $deplibs" - done - fi - if test dlopen != "$pass"; then - test conv = "$pass" || { - # Make sure lib_search_path contains only unique directories. - lib_search_path= - for dir in $newlib_search_path; do - case "$lib_search_path " in - *" $dir "*) ;; - *) func_append lib_search_path " $dir" ;; - esac - done - newlib_search_path= - } - - if test prog,link = "$linkmode,$pass"; then - vars="compile_deplibs finalize_deplibs" - else - vars=deplibs - fi - for var in $vars dependency_libs; do - # Add libraries to $var in reverse order - eval tmp_libs=\"\$$var\" - new_libs= - for deplib in $tmp_libs; do - # FIXME: Pedantically, this is the right thing to do, so - # that some nasty dependency loop isn't accidentally - # broken: - #new_libs="$deplib $new_libs" - # Pragmatically, this seems to cause very few problems in - # practice: - case $deplib in - -L*) new_libs="$deplib $new_libs" ;; - -R*) ;; - *) - # And here is the reason: when a library appears more - # than once as an explicit dependence of a library, or - # is implicitly linked in more than once by the - # compiler, it is considered special, and multiple - # occurrences thereof are not removed. Compare this - # with having the same library being listed as a - # dependency of multiple other libraries: in this case, - # we know (pedantically, we assume) the library does not - # need to be listed more than once, so we keep only the - # last copy. This is not always right, but it is rare - # enough that we require users that really mean to play - # such unportable linking tricks to link the library - # using -Wl,-lname, so that libtool does not consider it - # for duplicate removal. - case " $specialdeplibs " in - *" $deplib "*) new_libs="$deplib $new_libs" ;; - *) - case " $new_libs " in - *" $deplib "*) ;; - *) new_libs="$deplib $new_libs" ;; - esac - ;; - esac - ;; - esac - done - tmp_libs= - for deplib in $new_libs; do - case $deplib in - -L*) - case " $tmp_libs " in - *" $deplib "*) ;; - *) func_append tmp_libs " $deplib" ;; - esac - ;; - *) func_append tmp_libs " $deplib" ;; - esac - done - eval $var=\"$tmp_libs\" - done # for var - fi - - # Add Sun CC postdeps if required: - test CXX = "$tagname" && { - case $host_os in - linux*) - case `$CC -V 2>&1 | sed 5q` in - *Sun\ C*) # Sun C++ 5.9 - func_suncc_cstd_abi - - if test no != "$suncc_use_cstd_abi"; then - func_append postdeps ' -library=Cstd -library=Crun' - fi - ;; - esac - ;; - - solaris*) - func_cc_basename "$CC" - case $func_cc_basename_result in - CC* | sunCC*) - func_suncc_cstd_abi - - if test no != "$suncc_use_cstd_abi"; then - func_append postdeps ' -library=Cstd -library=Crun' - fi - ;; - esac - ;; - esac - } - - # Last step: remove runtime libs from dependency_libs - # (they stay in deplibs) - tmp_libs= - for i in $dependency_libs; do - case " $predeps $postdeps $compiler_lib_search_path " in - *" $i "*) - i= - ;; - esac - if test -n "$i"; then - func_append tmp_libs " $i" - fi - done - dependency_libs=$tmp_libs - done # for pass - if test prog = "$linkmode"; then - dlfiles=$newdlfiles - fi - if test prog = "$linkmode" || test lib = "$linkmode"; then - dlprefiles=$newdlprefiles - fi - - case $linkmode in - oldlib) - if test -n "$dlfiles$dlprefiles" || test no != "$dlself"; then - func_warning "'-dlopen' is ignored for archives" - fi - - case " $deplibs" in - *\ -l* | *\ -L*) - func_warning "'-l' and '-L' are ignored for archives" ;; - esac - - test -n "$rpath" && \ - func_warning "'-rpath' is ignored for archives" - - test -n "$xrpath" && \ - func_warning "'-R' is ignored for archives" - - test -n "$vinfo" && \ - func_warning "'-version-info/-version-number' is ignored for archives" - - test -n "$release" && \ - func_warning "'-release' is ignored for archives" - - test -n "$export_symbols$export_symbols_regex" && \ - func_warning "'-export-symbols' is ignored for archives" - - # Now set the variables for building old libraries. - build_libtool_libs=no - oldlibs=$output - func_append objs "$old_deplibs" - ;; - - lib) - # Make sure we only generate libraries of the form 'libNAME.la'. - case $outputname in - lib*) - func_stripname 'lib' '.la' "$outputname" - name=$func_stripname_result - eval shared_ext=\"$shrext_cmds\" - eval libname=\"$libname_spec\" - ;; - *) - test no = "$module" \ - && func_fatal_help "libtool library '$output' must begin with 'lib'" - - if test no != "$need_lib_prefix"; then - # Add the "lib" prefix for modules if required - func_stripname '' '.la' "$outputname" - name=$func_stripname_result - eval shared_ext=\"$shrext_cmds\" - eval libname=\"$libname_spec\" - else - func_stripname '' '.la' "$outputname" - libname=$func_stripname_result - fi - ;; - esac - - if test -n "$objs"; then - if test pass_all != "$deplibs_check_method"; then - func_fatal_error "cannot build libtool library '$output' from non-libtool objects on this host:$objs" - else - echo - $ECHO "*** Warning: Linking the shared library $output against the non-libtool" - $ECHO "*** objects $objs is not portable!" - func_append libobjs " $objs" - fi - fi - - test no = "$dlself" \ - || func_warning "'-dlopen self' is ignored for libtool libraries" - - set dummy $rpath - shift - test 1 -lt "$#" \ - && func_warning "ignoring multiple '-rpath's for a libtool library" - - install_libdir=$1 - - oldlibs= - if test -z "$rpath"; then - if test yes = "$build_libtool_libs"; then - # Building a libtool convenience library. - # Some compilers have problems with a '.al' extension so - # convenience libraries should have the same extension an - # archive normally would. - oldlibs="$output_objdir/$libname.$libext $oldlibs" - build_libtool_libs=convenience - build_old_libs=yes - fi - - test -n "$vinfo" && \ - func_warning "'-version-info/-version-number' is ignored for convenience libraries" - - test -n "$release" && \ - func_warning "'-release' is ignored for convenience libraries" - else - - # Parse the version information argument. - save_ifs=$IFS; IFS=: - set dummy $vinfo 0 0 0 - shift - IFS=$save_ifs - - test -n "$7" && \ - func_fatal_help "too many parameters to '-version-info'" - - # convert absolute version numbers to libtool ages - # this retains compatibility with .la files and attempts - # to make the code below a bit more comprehensible - - case $vinfo_number in - yes) - number_major=$1 - number_minor=$2 - number_revision=$3 - # - # There are really only two kinds -- those that - # use the current revision as the major version - # and those that subtract age and use age as - # a minor version. But, then there is irix - # that has an extra 1 added just for fun - # - case $version_type in - # correct linux to gnu/linux during the next big refactor - darwin|freebsd-elf|linux|osf|windows|none) - func_arith $number_major + $number_minor - current=$func_arith_result - age=$number_minor - revision=$number_revision - ;; - freebsd-aout|qnx|sco|sunos) - current=$number_major - revision=$number_minor - age=0 - ;; - irix|nonstopux) - func_arith $number_major + $number_minor - current=$func_arith_result - age=$number_minor - revision=$number_minor - lt_irix_increment=no - ;; - esac - ;; - no) - current=$1 - revision=$2 - age=$3 - ;; - esac - - # Check that each of the things are valid numbers. - case $current in - 0|[1-9]|[1-9][0-9]|[1-9][0-9][0-9]|[1-9][0-9][0-9][0-9]|[1-9][0-9][0-9][0-9][0-9]) ;; - *) - func_error "CURRENT '$current' must be a nonnegative integer" - func_fatal_error "'$vinfo' is not valid version information" - ;; - esac - - case $revision in - 0|[1-9]|[1-9][0-9]|[1-9][0-9][0-9]|[1-9][0-9][0-9][0-9]|[1-9][0-9][0-9][0-9][0-9]) ;; - *) - func_error "REVISION '$revision' must be a nonnegative integer" - func_fatal_error "'$vinfo' is not valid version information" - ;; - esac - - case $age in - 0|[1-9]|[1-9][0-9]|[1-9][0-9][0-9]|[1-9][0-9][0-9][0-9]|[1-9][0-9][0-9][0-9][0-9]) ;; - *) - func_error "AGE '$age' must be a nonnegative integer" - func_fatal_error "'$vinfo' is not valid version information" - ;; - esac - - if test "$age" -gt "$current"; then - func_error "AGE '$age' is greater than the current interface number '$current'" - func_fatal_error "'$vinfo' is not valid version information" - fi - - # Calculate the version variables. - major= - versuffix= - verstring= - case $version_type in - none) ;; - - darwin) - # Like Linux, but with the current version available in - # verstring for coding it into the library header - func_arith $current - $age - major=.$func_arith_result - versuffix=$major.$age.$revision - # Darwin ld doesn't like 0 for these options... - func_arith $current + 1 - minor_current=$func_arith_result - xlcverstring="$wl-compatibility_version $wl$minor_current $wl-current_version $wl$minor_current.$revision" - verstring="-compatibility_version $minor_current -current_version $minor_current.$revision" - # On Darwin other compilers - case $CC in - nagfor*) - verstring="$wl-compatibility_version $wl$minor_current $wl-current_version $wl$minor_current.$revision" - ;; - *) - verstring="-compatibility_version $minor_current -current_version $minor_current.$revision" - ;; - esac - ;; - - freebsd-aout) - major=.$current - versuffix=.$current.$revision - ;; - - freebsd-elf) - func_arith $current - $age - major=.$func_arith_result - versuffix=$major.$age.$revision - ;; - - irix | nonstopux) - if test no = "$lt_irix_increment"; then - func_arith $current - $age - else - func_arith $current - $age + 1 - fi - major=$func_arith_result - - case $version_type in - nonstopux) verstring_prefix=nonstopux ;; - *) verstring_prefix=sgi ;; - esac - verstring=$verstring_prefix$major.$revision - - # Add in all the interfaces that we are compatible with. - loop=$revision - while test 0 -ne "$loop"; do - func_arith $revision - $loop - iface=$func_arith_result - func_arith $loop - 1 - loop=$func_arith_result - verstring=$verstring_prefix$major.$iface:$verstring - done - - # Before this point, $major must not contain '.'. - major=.$major - versuffix=$major.$revision - ;; - - linux) # correct to gnu/linux during the next big refactor - func_arith $current - $age - major=.$func_arith_result - versuffix=$major.$age.$revision - ;; - - osf) - func_arith $current - $age - major=.$func_arith_result - versuffix=.$current.$age.$revision - verstring=$current.$age.$revision - - # Add in all the interfaces that we are compatible with. - loop=$age - while test 0 -ne "$loop"; do - func_arith $current - $loop - iface=$func_arith_result - func_arith $loop - 1 - loop=$func_arith_result - verstring=$verstring:$iface.0 - done - - # Make executables depend on our current version. - func_append verstring ":$current.0" - ;; - - qnx) - major=.$current - versuffix=.$current - ;; - - sco) - major=.$current - versuffix=.$current - ;; - - sunos) - major=.$current - versuffix=.$current.$revision - ;; - - windows) - # Use '-' rather than '.', since we only want one - # extension on DOS 8.3 file systems. - func_arith $current - $age - major=$func_arith_result - versuffix=-$major - ;; - - *) - func_fatal_configuration "unknown library version type '$version_type'" - ;; - esac - - # Clear the version info if we defaulted, and they specified a release. - if test -z "$vinfo" && test -n "$release"; then - major= - case $version_type in - darwin) - # we can't check for "0.0" in archive_cmds due to quoting - # problems, so we reset it completely - verstring= - ;; - *) - verstring=0.0 - ;; - esac - if test no = "$need_version"; then - versuffix= - else - versuffix=.0.0 - fi - fi - - # Remove version info from name if versioning should be avoided - if test yes,no = "$avoid_version,$need_version"; then - major= - versuffix= - verstring= - fi - - # Check to see if the archive will have undefined symbols. - if test yes = "$allow_undefined"; then - if test unsupported = "$allow_undefined_flag"; then - if test yes = "$build_old_libs"; then - func_warning "undefined symbols not allowed in $host shared libraries; building static only" - build_libtool_libs=no - else - func_fatal_error "can't build $host shared library unless -no-undefined is specified" - fi - fi - else - # Don't allow undefined symbols. - allow_undefined_flag=$no_undefined_flag - fi - - fi - - func_generate_dlsyms "$libname" "$libname" : - func_append libobjs " $symfileobj" - test " " = "$libobjs" && libobjs= - - if test relink != "$opt_mode"; then - # Remove our outputs, but don't remove object files since they - # may have been created when compiling PIC objects. - removelist= - tempremovelist=`$ECHO "$output_objdir/*"` - for p in $tempremovelist; do - case $p in - *.$objext | *.gcno) - ;; - $output_objdir/$outputname | $output_objdir/$libname.* | $output_objdir/$libname$release.*) - if test -n "$precious_files_regex"; then - if $ECHO "$p" | $EGREP -e "$precious_files_regex" >/dev/null 2>&1 - then - continue - fi - fi - func_append removelist " $p" - ;; - *) ;; - esac - done - test -n "$removelist" && \ - func_show_eval "${RM}r \$removelist" - fi - - # Now set the variables for building old libraries. - if test yes = "$build_old_libs" && test convenience != "$build_libtool_libs"; then - func_append oldlibs " $output_objdir/$libname.$libext" - - # Transform .lo files to .o files. - oldobjs="$objs "`$ECHO "$libobjs" | $SP2NL | $SED "/\.$libext$/d; $lo2o" | $NL2SP` - fi - - # Eliminate all temporary directories. - #for path in $notinst_path; do - # lib_search_path=`$ECHO "$lib_search_path " | $SED "s% $path % %g"` - # deplibs=`$ECHO "$deplibs " | $SED "s% -L$path % %g"` - # dependency_libs=`$ECHO "$dependency_libs " | $SED "s% -L$path % %g"` - #done - - if test -n "$xrpath"; then - # If the user specified any rpath flags, then add them. - temp_xrpath= - for libdir in $xrpath; do - func_replace_sysroot "$libdir" - func_append temp_xrpath " -R$func_replace_sysroot_result" - case "$finalize_rpath " in - *" $libdir "*) ;; - *) func_append finalize_rpath " $libdir" ;; - esac - done - if test yes != "$hardcode_into_libs" || test yes = "$build_old_libs"; then - dependency_libs="$temp_xrpath $dependency_libs" - fi - fi - - # Make sure dlfiles contains only unique files that won't be dlpreopened - old_dlfiles=$dlfiles - dlfiles= - for lib in $old_dlfiles; do - case " $dlprefiles $dlfiles " in - *" $lib "*) ;; - *) func_append dlfiles " $lib" ;; - esac - done - - # Make sure dlprefiles contains only unique files - old_dlprefiles=$dlprefiles - dlprefiles= - for lib in $old_dlprefiles; do - case "$dlprefiles " in - *" $lib "*) ;; - *) func_append dlprefiles " $lib" ;; - esac - done - - if test yes = "$build_libtool_libs"; then - if test -n "$rpath"; then - case $host in - *-*-cygwin* | *-*-mingw* | *-*-pw32* | *-*-os2* | *-*-beos* | *-cegcc* | *-*-haiku*) - # these systems don't actually have a c library (as such)! - ;; - *-*-rhapsody* | *-*-darwin1.[012]) - # Rhapsody C library is in the System framework - func_append deplibs " System.ltframework" - ;; - *-*-netbsd*) - # Don't link with libc until the a.out ld.so is fixed. - ;; - *-*-openbsd* | *-*-freebsd* | *-*-dragonfly*) - # Do not include libc due to us having libc/libc_r. - ;; - *-*-sco3.2v5* | *-*-sco5v6*) - # Causes problems with __ctype - ;; - *-*-sysv4.2uw2* | *-*-sysv5* | *-*-unixware* | *-*-OpenUNIX*) - # Compiler inserts libc in the correct place for threads to work - ;; - *) - # Add libc to deplibs on all other systems if necessary. - if test yes = "$build_libtool_need_lc"; then - func_append deplibs " -lc" - fi - ;; - esac - fi - - # Transform deplibs into only deplibs that can be linked in shared. - name_save=$name - libname_save=$libname - release_save=$release - versuffix_save=$versuffix - major_save=$major - # I'm not sure if I'm treating the release correctly. I think - # release should show up in the -l (ie -lgmp5) so we don't want to - # add it in twice. Is that correct? - release= - versuffix= - major= - newdeplibs= - droppeddeps=no - case $deplibs_check_method in - pass_all) - # Don't check for shared/static. Everything works. - # This might be a little naive. We might want to check - # whether the library exists or not. But this is on - # osf3 & osf4 and I'm not really sure... Just - # implementing what was already the behavior. - newdeplibs=$deplibs - ;; - test_compile) - # This code stresses the "libraries are programs" paradigm to its - # limits. Maybe even breaks it. We compile a program, linking it - # against the deplibs as a proxy for the library. Then we can check - # whether they linked in statically or dynamically with ldd. - $opt_dry_run || $RM conftest.c - cat > conftest.c </dev/null` - $nocaseglob - else - potential_libs=`ls $i/$libnameglob[.-]* 2>/dev/null` - fi - for potent_lib in $potential_libs; do - # Follow soft links. - if ls -lLd "$potent_lib" 2>/dev/null | - $GREP " -> " >/dev/null; then - continue - fi - # The statement above tries to avoid entering an - # endless loop below, in case of cyclic links. - # We might still enter an endless loop, since a link - # loop can be closed while we follow links, - # but so what? - potlib=$potent_lib - while test -h "$potlib" 2>/dev/null; do - potliblink=`ls -ld $potlib | $SED 's/.* -> //'` - case $potliblink in - [\\/]* | [A-Za-z]:[\\/]*) potlib=$potliblink;; - *) potlib=`$ECHO "$potlib" | $SED 's|[^/]*$||'`"$potliblink";; - esac - done - if eval $file_magic_cmd \"\$potlib\" 2>/dev/null | - $SED -e 10q | - $EGREP "$file_magic_regex" > /dev/null; then - func_append newdeplibs " $a_deplib" - a_deplib= - break 2 - fi - done - done - fi - if test -n "$a_deplib"; then - droppeddeps=yes - echo - $ECHO "*** Warning: linker path does not have real file for library $a_deplib." - echo "*** I have the capability to make that library automatically link in when" - echo "*** you link to this library. But I can only do this if you have a" - echo "*** shared version of the library, which you do not appear to have" - echo "*** because I did check the linker path looking for a file starting" - if test -z "$potlib"; then - $ECHO "*** with $libname but no candidates were found. (...for file magic test)" - else - $ECHO "*** with $libname and none of the candidates passed a file format test" - $ECHO "*** using a file magic. Last file checked: $potlib" - fi - fi - ;; - *) - # Add a -L argument. - func_append newdeplibs " $a_deplib" - ;; - esac - done # Gone through all deplibs. - ;; - match_pattern*) - set dummy $deplibs_check_method; shift - match_pattern_regex=`expr "$deplibs_check_method" : "$1 \(.*\)"` - for a_deplib in $deplibs; do - case $a_deplib in - -l*) - func_stripname -l '' "$a_deplib" - name=$func_stripname_result - if test yes = "$allow_libtool_libs_with_static_runtimes"; then - case " $predeps $postdeps " in - *" $a_deplib "*) - func_append newdeplibs " $a_deplib" - a_deplib= - ;; - esac - fi - if test -n "$a_deplib"; then - libname=`eval "\\$ECHO \"$libname_spec\""` - for i in $lib_search_path $sys_lib_search_path $shlib_search_path; do - potential_libs=`ls $i/$libname[.-]* 2>/dev/null` - for potent_lib in $potential_libs; do - potlib=$potent_lib # see symlink-check above in file_magic test - if eval "\$ECHO \"$potent_lib\"" 2>/dev/null | $SED 10q | \ - $EGREP "$match_pattern_regex" > /dev/null; then - func_append newdeplibs " $a_deplib" - a_deplib= - break 2 - fi - done - done - fi - if test -n "$a_deplib"; then - droppeddeps=yes - echo - $ECHO "*** Warning: linker path does not have real file for library $a_deplib." - echo "*** I have the capability to make that library automatically link in when" - echo "*** you link to this library. But I can only do this if you have a" - echo "*** shared version of the library, which you do not appear to have" - echo "*** because I did check the linker path looking for a file starting" - if test -z "$potlib"; then - $ECHO "*** with $libname but no candidates were found. (...for regex pattern test)" - else - $ECHO "*** with $libname and none of the candidates passed a file format test" - $ECHO "*** using a regex pattern. Last file checked: $potlib" - fi - fi - ;; - *) - # Add a -L argument. - func_append newdeplibs " $a_deplib" - ;; - esac - done # Gone through all deplibs. - ;; - none | unknown | *) - newdeplibs= - tmp_deplibs=`$ECHO " $deplibs" | $SED 's/ -lc$//; s/ -[LR][^ ]*//g'` - if test yes = "$allow_libtool_libs_with_static_runtimes"; then - for i in $predeps $postdeps; do - # can't use Xsed below, because $i might contain '/' - tmp_deplibs=`$ECHO " $tmp_deplibs" | $SED "s|$i||"` - done - fi - case $tmp_deplibs in - *[!\ \ ]*) - echo - if test none = "$deplibs_check_method"; then - echo "*** Warning: inter-library dependencies are not supported in this platform." - else - echo "*** Warning: inter-library dependencies are not known to be supported." - fi - echo "*** All declared inter-library dependencies are being dropped." - droppeddeps=yes - ;; - esac - ;; - esac - versuffix=$versuffix_save - major=$major_save - release=$release_save - libname=$libname_save - name=$name_save - - case $host in - *-*-rhapsody* | *-*-darwin1.[012]) - # On Rhapsody replace the C library with the System framework - newdeplibs=`$ECHO " $newdeplibs" | $SED 's/ -lc / System.ltframework /'` - ;; - esac - - if test yes = "$droppeddeps"; then - if test yes = "$module"; then - echo - echo "*** Warning: libtool could not satisfy all declared inter-library" - $ECHO "*** dependencies of module $libname. Therefore, libtool will create" - echo "*** a static module, that should work as long as the dlopening" - echo "*** application is linked with the -dlopen flag." - if test -z "$global_symbol_pipe"; then - echo - echo "*** However, this would only work if libtool was able to extract symbol" - echo "*** lists from a program, using 'nm' or equivalent, but libtool could" - echo "*** not find such a program. So, this module is probably useless." - echo "*** 'nm' from GNU binutils and a full rebuild may help." - fi - if test no = "$build_old_libs"; then - oldlibs=$output_objdir/$libname.$libext - build_libtool_libs=module - build_old_libs=yes - else - build_libtool_libs=no - fi - else - echo "*** The inter-library dependencies that have been dropped here will be" - echo "*** automatically added whenever a program is linked with this library" - echo "*** or is declared to -dlopen it." - - if test no = "$allow_undefined"; then - echo - echo "*** Since this library must not contain undefined symbols," - echo "*** because either the platform does not support them or" - echo "*** it was explicitly requested with -no-undefined," - echo "*** libtool will only create a static version of it." - if test no = "$build_old_libs"; then - oldlibs=$output_objdir/$libname.$libext - build_libtool_libs=module - build_old_libs=yes - else - build_libtool_libs=no - fi - fi - fi - fi - # Done checking deplibs! - deplibs=$newdeplibs - fi - # Time to change all our "foo.ltframework" stuff back to "-framework foo" - case $host in - *-*-darwin*) - newdeplibs=`$ECHO " $newdeplibs" | $SED 's% \([^ $]*\).ltframework% -framework \1%g'` - new_inherited_linker_flags=`$ECHO " $new_inherited_linker_flags" | $SED 's% \([^ $]*\).ltframework% -framework \1%g'` - deplibs=`$ECHO " $deplibs" | $SED 's% \([^ $]*\).ltframework% -framework \1%g'` - ;; - esac - - # move library search paths that coincide with paths to not yet - # installed libraries to the beginning of the library search list - new_libs= - for path in $notinst_path; do - case " $new_libs " in - *" -L$path/$objdir "*) ;; - *) - case " $deplibs " in - *" -L$path/$objdir "*) - func_append new_libs " -L$path/$objdir" ;; - esac - ;; - esac - done - for deplib in $deplibs; do - case $deplib in - -L*) - case " $new_libs " in - *" $deplib "*) ;; - *) func_append new_libs " $deplib" ;; - esac - ;; - *) func_append new_libs " $deplib" ;; - esac - done - deplibs=$new_libs - - # All the library-specific variables (install_libdir is set above). - library_names= - old_library= - dlname= - - # Test again, we may have decided not to build it any more - if test yes = "$build_libtool_libs"; then - # Remove $wl instances when linking with ld. - # FIXME: should test the right _cmds variable. - case $archive_cmds in - *\$LD\ *) wl= ;; - esac - if test yes = "$hardcode_into_libs"; then - # Hardcode the library paths - hardcode_libdirs= - dep_rpath= - rpath=$finalize_rpath - test relink = "$opt_mode" || rpath=$compile_rpath$rpath - for libdir in $rpath; do - if test -n "$hardcode_libdir_flag_spec"; then - if test -n "$hardcode_libdir_separator"; then - func_replace_sysroot "$libdir" - libdir=$func_replace_sysroot_result - if test -z "$hardcode_libdirs"; then - hardcode_libdirs=$libdir - else - # Just accumulate the unique libdirs. - case $hardcode_libdir_separator$hardcode_libdirs$hardcode_libdir_separator in - *"$hardcode_libdir_separator$libdir$hardcode_libdir_separator"*) - ;; - *) - func_append hardcode_libdirs "$hardcode_libdir_separator$libdir" - ;; - esac - fi - else - eval flag=\"$hardcode_libdir_flag_spec\" - func_append dep_rpath " $flag" - fi - elif test -n "$runpath_var"; then - case "$perm_rpath " in - *" $libdir "*) ;; - *) func_append perm_rpath " $libdir" ;; - esac - fi - done - # Substitute the hardcoded libdirs into the rpath. - if test -n "$hardcode_libdir_separator" && - test -n "$hardcode_libdirs"; then - libdir=$hardcode_libdirs - eval "dep_rpath=\"$hardcode_libdir_flag_spec\"" - fi - if test -n "$runpath_var" && test -n "$perm_rpath"; then - # We should set the runpath_var. - rpath= - for dir in $perm_rpath; do - func_append rpath "$dir:" - done - eval "$runpath_var='$rpath\$$runpath_var'; export $runpath_var" - fi - test -n "$dep_rpath" && deplibs="$dep_rpath $deplibs" - fi - - shlibpath=$finalize_shlibpath - test relink = "$opt_mode" || shlibpath=$compile_shlibpath$shlibpath - if test -n "$shlibpath"; then - eval "$shlibpath_var='$shlibpath\$$shlibpath_var'; export $shlibpath_var" - fi - - # Get the real and link names of the library. - eval shared_ext=\"$shrext_cmds\" - eval library_names=\"$library_names_spec\" - set dummy $library_names - shift - realname=$1 - shift - - if test -n "$soname_spec"; then - eval soname=\"$soname_spec\" - else - soname=$realname - fi - if test -z "$dlname"; then - dlname=$soname - fi - - lib=$output_objdir/$realname - linknames= - for link - do - func_append linknames " $link" - done - - # Use standard objects if they are pic - test -z "$pic_flag" && libobjs=`$ECHO "$libobjs" | $SP2NL | $SED "$lo2o" | $NL2SP` - test "X$libobjs" = "X " && libobjs= - - delfiles= - if test -n "$export_symbols" && test -n "$include_expsyms"; then - $opt_dry_run || cp "$export_symbols" "$output_objdir/$libname.uexp" - export_symbols=$output_objdir/$libname.uexp - func_append delfiles " $export_symbols" - fi - - orig_export_symbols= - case $host_os in - cygwin* | mingw* | cegcc*) - if test -n "$export_symbols" && test -z "$export_symbols_regex"; then - # exporting using user supplied symfile - func_dll_def_p "$export_symbols" || { - # and it's NOT already a .def file. Must figure out - # which of the given symbols are data symbols and tag - # them as such. So, trigger use of export_symbols_cmds. - # export_symbols gets reassigned inside the "prepare - # the list of exported symbols" if statement, so the - # include_expsyms logic still works. - orig_export_symbols=$export_symbols - export_symbols= - always_export_symbols=yes - } - fi - ;; - esac - - # Prepare the list of exported symbols - if test -z "$export_symbols"; then - if test yes = "$always_export_symbols" || test -n "$export_symbols_regex"; then - func_verbose "generating symbol list for '$libname.la'" - export_symbols=$output_objdir/$libname.exp - $opt_dry_run || $RM $export_symbols - cmds=$export_symbols_cmds - save_ifs=$IFS; IFS='~' - for cmd1 in $cmds; do - IFS=$save_ifs - # Take the normal branch if the nm_file_list_spec branch - # doesn't work or if tool conversion is not needed. - case $nm_file_list_spec~$to_tool_file_cmd in - *~func_convert_file_noop | *~func_convert_file_msys_to_w32 | ~*) - try_normal_branch=yes - eval cmd=\"$cmd1\" - func_len " $cmd" - len=$func_len_result - ;; - *) - try_normal_branch=no - ;; - esac - if test yes = "$try_normal_branch" \ - && { test "$len" -lt "$max_cmd_len" \ - || test "$max_cmd_len" -le -1; } - then - func_show_eval "$cmd" 'exit $?' - skipped_export=false - elif test -n "$nm_file_list_spec"; then - func_basename "$output" - output_la=$func_basename_result - save_libobjs=$libobjs - save_output=$output - output=$output_objdir/$output_la.nm - func_to_tool_file "$output" - libobjs=$nm_file_list_spec$func_to_tool_file_result - func_append delfiles " $output" - func_verbose "creating $NM input file list: $output" - for obj in $save_libobjs; do - func_to_tool_file "$obj" - $ECHO "$func_to_tool_file_result" - done > "$output" - eval cmd=\"$cmd1\" - func_show_eval "$cmd" 'exit $?' - output=$save_output - libobjs=$save_libobjs - skipped_export=false - else - # The command line is too long to execute in one step. - func_verbose "using reloadable object file for export list..." - skipped_export=: - # Break out early, otherwise skipped_export may be - # set to false by a later but shorter cmd. - break - fi - done - IFS=$save_ifs - if test -n "$export_symbols_regex" && test : != "$skipped_export"; then - func_show_eval '$EGREP -e "$export_symbols_regex" "$export_symbols" > "${export_symbols}T"' - func_show_eval '$MV "${export_symbols}T" "$export_symbols"' - fi - fi - fi - - if test -n "$export_symbols" && test -n "$include_expsyms"; then - tmp_export_symbols=$export_symbols - test -n "$orig_export_symbols" && tmp_export_symbols=$orig_export_symbols - $opt_dry_run || eval '$ECHO "$include_expsyms" | $SP2NL >> "$tmp_export_symbols"' - fi - - if test : != "$skipped_export" && test -n "$orig_export_symbols"; then - # The given exports_symbols file has to be filtered, so filter it. - func_verbose "filter symbol list for '$libname.la' to tag DATA exports" - # FIXME: $output_objdir/$libname.filter potentially contains lots of - # 's' commands, which not all seds can handle. GNU sed should be fine - # though. Also, the filter scales superlinearly with the number of - # global variables. join(1) would be nice here, but unfortunately - # isn't a blessed tool. - $opt_dry_run || $SED -e '/[ ,]DATA/!d;s,\(.*\)\([ \,].*\),s|^\1$|\1\2|,' < $export_symbols > $output_objdir/$libname.filter - func_append delfiles " $export_symbols $output_objdir/$libname.filter" - export_symbols=$output_objdir/$libname.def - $opt_dry_run || $SED -f $output_objdir/$libname.filter < $orig_export_symbols > $export_symbols - fi - - tmp_deplibs= - for test_deplib in $deplibs; do - case " $convenience " in - *" $test_deplib "*) ;; - *) - func_append tmp_deplibs " $test_deplib" - ;; - esac - done - deplibs=$tmp_deplibs - - if test -n "$convenience"; then - if test -n "$whole_archive_flag_spec" && - test yes = "$compiler_needs_object" && - test -z "$libobjs"; then - # extract the archives, so we have objects to list. - # TODO: could optimize this to just extract one archive. - whole_archive_flag_spec= - fi - if test -n "$whole_archive_flag_spec"; then - save_libobjs=$libobjs - eval libobjs=\"\$libobjs $whole_archive_flag_spec\" - test "X$libobjs" = "X " && libobjs= - else - gentop=$output_objdir/${outputname}x - func_append generated " $gentop" - - func_extract_archives $gentop $convenience - func_append libobjs " $func_extract_archives_result" - test "X$libobjs" = "X " && libobjs= - fi - fi - - if test yes = "$thread_safe" && test -n "$thread_safe_flag_spec"; then - eval flag=\"$thread_safe_flag_spec\" - func_append linker_flags " $flag" - fi - - # Make a backup of the uninstalled library when relinking - if test relink = "$opt_mode"; then - $opt_dry_run || eval '(cd $output_objdir && $RM ${realname}U && $MV $realname ${realname}U)' || exit $? - fi - - # Do each of the archive commands. - if test yes = "$module" && test -n "$module_cmds"; then - if test -n "$export_symbols" && test -n "$module_expsym_cmds"; then - eval test_cmds=\"$module_expsym_cmds\" - cmds=$module_expsym_cmds - else - eval test_cmds=\"$module_cmds\" - cmds=$module_cmds - fi - else - if test -n "$export_symbols" && test -n "$archive_expsym_cmds"; then - eval test_cmds=\"$archive_expsym_cmds\" - cmds=$archive_expsym_cmds - else - eval test_cmds=\"$archive_cmds\" - cmds=$archive_cmds - fi - fi - - if test : != "$skipped_export" && - func_len " $test_cmds" && - len=$func_len_result && - test "$len" -lt "$max_cmd_len" || test "$max_cmd_len" -le -1; then - : - else - # The command line is too long to link in one step, link piecewise - # or, if using GNU ld and skipped_export is not :, use a linker - # script. - - # Save the value of $output and $libobjs because we want to - # use them later. If we have whole_archive_flag_spec, we - # want to use save_libobjs as it was before - # whole_archive_flag_spec was expanded, because we can't - # assume the linker understands whole_archive_flag_spec. - # This may have to be revisited, in case too many - # convenience libraries get linked in and end up exceeding - # the spec. - if test -z "$convenience" || test -z "$whole_archive_flag_spec"; then - save_libobjs=$libobjs - fi - save_output=$output - func_basename "$output" - output_la=$func_basename_result - - # Clear the reloadable object creation command queue and - # initialize k to one. - test_cmds= - concat_cmds= - objlist= - last_robj= - k=1 - - if test -n "$save_libobjs" && test : != "$skipped_export" && test yes = "$with_gnu_ld"; then - output=$output_objdir/$output_la.lnkscript - func_verbose "creating GNU ld script: $output" - echo 'INPUT (' > $output - for obj in $save_libobjs - do - func_to_tool_file "$obj" - $ECHO "$func_to_tool_file_result" >> $output - done - echo ')' >> $output - func_append delfiles " $output" - func_to_tool_file "$output" - output=$func_to_tool_file_result - elif test -n "$save_libobjs" && test : != "$skipped_export" && test -n "$file_list_spec"; then - output=$output_objdir/$output_la.lnk - func_verbose "creating linker input file list: $output" - : > $output - set x $save_libobjs - shift - firstobj= - if test yes = "$compiler_needs_object"; then - firstobj="$1 " - shift - fi - for obj - do - func_to_tool_file "$obj" - $ECHO "$func_to_tool_file_result" >> $output - done - func_append delfiles " $output" - func_to_tool_file "$output" - output=$firstobj\"$file_list_spec$func_to_tool_file_result\" - else - if test -n "$save_libobjs"; then - func_verbose "creating reloadable object files..." - output=$output_objdir/$output_la-$k.$objext - eval test_cmds=\"$reload_cmds\" - func_len " $test_cmds" - len0=$func_len_result - len=$len0 - - # Loop over the list of objects to be linked. - for obj in $save_libobjs - do - func_len " $obj" - func_arith $len + $func_len_result - len=$func_arith_result - if test -z "$objlist" || - test "$len" -lt "$max_cmd_len"; then - func_append objlist " $obj" - else - # The command $test_cmds is almost too long, add a - # command to the queue. - if test 1 -eq "$k"; then - # The first file doesn't have a previous command to add. - reload_objs=$objlist - eval concat_cmds=\"$reload_cmds\" - else - # All subsequent reloadable object files will link in - # the last one created. - reload_objs="$objlist $last_robj" - eval concat_cmds=\"\$concat_cmds~$reload_cmds~\$RM $last_robj\" - fi - last_robj=$output_objdir/$output_la-$k.$objext - func_arith $k + 1 - k=$func_arith_result - output=$output_objdir/$output_la-$k.$objext - objlist=" $obj" - func_len " $last_robj" - func_arith $len0 + $func_len_result - len=$func_arith_result - fi - done - # Handle the remaining objects by creating one last - # reloadable object file. All subsequent reloadable object - # files will link in the last one created. - test -z "$concat_cmds" || concat_cmds=$concat_cmds~ - reload_objs="$objlist $last_robj" - eval concat_cmds=\"\$concat_cmds$reload_cmds\" - if test -n "$last_robj"; then - eval concat_cmds=\"\$concat_cmds~\$RM $last_robj\" - fi - func_append delfiles " $output" - - else - output= - fi - - ${skipped_export-false} && { - func_verbose "generating symbol list for '$libname.la'" - export_symbols=$output_objdir/$libname.exp - $opt_dry_run || $RM $export_symbols - libobjs=$output - # Append the command to create the export file. - test -z "$concat_cmds" || concat_cmds=$concat_cmds~ - eval concat_cmds=\"\$concat_cmds$export_symbols_cmds\" - if test -n "$last_robj"; then - eval concat_cmds=\"\$concat_cmds~\$RM $last_robj\" - fi - } - - test -n "$save_libobjs" && - func_verbose "creating a temporary reloadable object file: $output" - - # Loop through the commands generated above and execute them. - save_ifs=$IFS; IFS='~' - for cmd in $concat_cmds; do - IFS=$save_ifs - $opt_quiet || { - func_quote_for_expand "$cmd" - eval "func_echo $func_quote_for_expand_result" - } - $opt_dry_run || eval "$cmd" || { - lt_exit=$? - - # Restore the uninstalled library and exit - if test relink = "$opt_mode"; then - ( cd "$output_objdir" && \ - $RM "${realname}T" && \ - $MV "${realname}U" "$realname" ) - fi - - exit $lt_exit - } - done - IFS=$save_ifs - - if test -n "$export_symbols_regex" && ${skipped_export-false}; then - func_show_eval '$EGREP -e "$export_symbols_regex" "$export_symbols" > "${export_symbols}T"' - func_show_eval '$MV "${export_symbols}T" "$export_symbols"' - fi - fi - - ${skipped_export-false} && { - if test -n "$export_symbols" && test -n "$include_expsyms"; then - tmp_export_symbols=$export_symbols - test -n "$orig_export_symbols" && tmp_export_symbols=$orig_export_symbols - $opt_dry_run || eval '$ECHO "$include_expsyms" | $SP2NL >> "$tmp_export_symbols"' - fi - - if test -n "$orig_export_symbols"; then - # The given exports_symbols file has to be filtered, so filter it. - func_verbose "filter symbol list for '$libname.la' to tag DATA exports" - # FIXME: $output_objdir/$libname.filter potentially contains lots of - # 's' commands, which not all seds can handle. GNU sed should be fine - # though. Also, the filter scales superlinearly with the number of - # global variables. join(1) would be nice here, but unfortunately - # isn't a blessed tool. - $opt_dry_run || $SED -e '/[ ,]DATA/!d;s,\(.*\)\([ \,].*\),s|^\1$|\1\2|,' < $export_symbols > $output_objdir/$libname.filter - func_append delfiles " $export_symbols $output_objdir/$libname.filter" - export_symbols=$output_objdir/$libname.def - $opt_dry_run || $SED -f $output_objdir/$libname.filter < $orig_export_symbols > $export_symbols - fi - } - - libobjs=$output - # Restore the value of output. - output=$save_output - - if test -n "$convenience" && test -n "$whole_archive_flag_spec"; then - eval libobjs=\"\$libobjs $whole_archive_flag_spec\" - test "X$libobjs" = "X " && libobjs= - fi - # Expand the library linking commands again to reset the - # value of $libobjs for piecewise linking. - - # Do each of the archive commands. - if test yes = "$module" && test -n "$module_cmds"; then - if test -n "$export_symbols" && test -n "$module_expsym_cmds"; then - cmds=$module_expsym_cmds - else - cmds=$module_cmds - fi - else - if test -n "$export_symbols" && test -n "$archive_expsym_cmds"; then - cmds=$archive_expsym_cmds - else - cmds=$archive_cmds - fi - fi - fi - - if test -n "$delfiles"; then - # Append the command to remove temporary files to $cmds. - eval cmds=\"\$cmds~\$RM $delfiles\" - fi - - # Add any objects from preloaded convenience libraries - if test -n "$dlprefiles"; then - gentop=$output_objdir/${outputname}x - func_append generated " $gentop" - - func_extract_archives $gentop $dlprefiles - func_append libobjs " $func_extract_archives_result" - test "X$libobjs" = "X " && libobjs= - fi - - save_ifs=$IFS; IFS='~' - for cmd in $cmds; do - IFS=$sp$nl - eval cmd=\"$cmd\" - IFS=$save_ifs - $opt_quiet || { - func_quote_for_expand "$cmd" - eval "func_echo $func_quote_for_expand_result" - } - $opt_dry_run || eval "$cmd" || { - lt_exit=$? - - # Restore the uninstalled library and exit - if test relink = "$opt_mode"; then - ( cd "$output_objdir" && \ - $RM "${realname}T" && \ - $MV "${realname}U" "$realname" ) - fi - - exit $lt_exit - } - done - IFS=$save_ifs - - # Restore the uninstalled library and exit - if test relink = "$opt_mode"; then - $opt_dry_run || eval '(cd $output_objdir && $RM ${realname}T && $MV $realname ${realname}T && $MV ${realname}U $realname)' || exit $? - - if test -n "$convenience"; then - if test -z "$whole_archive_flag_spec"; then - func_show_eval '${RM}r "$gentop"' - fi - fi - - exit $EXIT_SUCCESS - fi - - # Create links to the real library. - for linkname in $linknames; do - if test "$realname" != "$linkname"; then - func_show_eval '(cd "$output_objdir" && $RM "$linkname" && $LN_S "$realname" "$linkname")' 'exit $?' - fi - done - - # If -module or -export-dynamic was specified, set the dlname. - if test yes = "$module" || test yes = "$export_dynamic"; then - # On all known operating systems, these are identical. - dlname=$soname - fi - fi - ;; - - obj) - if test -n "$dlfiles$dlprefiles" || test no != "$dlself"; then - func_warning "'-dlopen' is ignored for objects" - fi - - case " $deplibs" in - *\ -l* | *\ -L*) - func_warning "'-l' and '-L' are ignored for objects" ;; - esac - - test -n "$rpath" && \ - func_warning "'-rpath' is ignored for objects" - - test -n "$xrpath" && \ - func_warning "'-R' is ignored for objects" - - test -n "$vinfo" && \ - func_warning "'-version-info' is ignored for objects" - - test -n "$release" && \ - func_warning "'-release' is ignored for objects" - - case $output in - *.lo) - test -n "$objs$old_deplibs" && \ - func_fatal_error "cannot build library object '$output' from non-libtool objects" - - libobj=$output - func_lo2o "$libobj" - obj=$func_lo2o_result - ;; - *) - libobj= - obj=$output - ;; - esac - - # Delete the old objects. - $opt_dry_run || $RM $obj $libobj - - # Objects from convenience libraries. This assumes - # single-version convenience libraries. Whenever we create - # different ones for PIC/non-PIC, this we'll have to duplicate - # the extraction. - reload_conv_objs= - gentop= - # if reload_cmds runs $LD directly, get rid of -Wl from - # whole_archive_flag_spec and hope we can get by with turning comma - # into space. - case $reload_cmds in - *\$LD[\ \$]*) wl= ;; - esac - if test -n "$convenience"; then - if test -n "$whole_archive_flag_spec"; then - eval tmp_whole_archive_flags=\"$whole_archive_flag_spec\" - test -n "$wl" || tmp_whole_archive_flags=`$ECHO "$tmp_whole_archive_flags" | $SED 's|,| |g'` - reload_conv_objs=$reload_objs\ $tmp_whole_archive_flags - else - gentop=$output_objdir/${obj}x - func_append generated " $gentop" - - func_extract_archives $gentop $convenience - reload_conv_objs="$reload_objs $func_extract_archives_result" - fi - fi - - # If we're not building shared, we need to use non_pic_objs - test yes = "$build_libtool_libs" || libobjs=$non_pic_objects - - # Create the old-style object. - reload_objs=$objs$old_deplibs' '`$ECHO "$libobjs" | $SP2NL | $SED "/\.$libext$/d; /\.lib$/d; $lo2o" | $NL2SP`' '$reload_conv_objs - - output=$obj - func_execute_cmds "$reload_cmds" 'exit $?' - - # Exit if we aren't doing a library object file. - if test -z "$libobj"; then - if test -n "$gentop"; then - func_show_eval '${RM}r "$gentop"' - fi - - exit $EXIT_SUCCESS - fi - - test yes = "$build_libtool_libs" || { - if test -n "$gentop"; then - func_show_eval '${RM}r "$gentop"' - fi - - # Create an invalid libtool object if no PIC, so that we don't - # accidentally link it into a program. - # $show "echo timestamp > $libobj" - # $opt_dry_run || eval "echo timestamp > $libobj" || exit $? - exit $EXIT_SUCCESS - } - - if test -n "$pic_flag" || test default != "$pic_mode"; then - # Only do commands if we really have different PIC objects. - reload_objs="$libobjs $reload_conv_objs" - output=$libobj - func_execute_cmds "$reload_cmds" 'exit $?' - fi - - if test -n "$gentop"; then - func_show_eval '${RM}r "$gentop"' - fi - - exit $EXIT_SUCCESS - ;; - - prog) - case $host in - *cygwin*) func_stripname '' '.exe' "$output" - output=$func_stripname_result.exe;; - esac - test -n "$vinfo" && \ - func_warning "'-version-info' is ignored for programs" - - test -n "$release" && \ - func_warning "'-release' is ignored for programs" - - $preload \ - && test unknown,unknown,unknown = "$dlopen_support,$dlopen_self,$dlopen_self_static" \ - && func_warning "'LT_INIT([dlopen])' not used. Assuming no dlopen support." - - case $host in - *-*-rhapsody* | *-*-darwin1.[012]) - # On Rhapsody replace the C library is the System framework - compile_deplibs=`$ECHO " $compile_deplibs" | $SED 's/ -lc / System.ltframework /'` - finalize_deplibs=`$ECHO " $finalize_deplibs" | $SED 's/ -lc / System.ltframework /'` - ;; - esac - - case $host in - *-*-darwin*) - # Don't allow lazy linking, it breaks C++ global constructors - # But is supposedly fixed on 10.4 or later (yay!). - if test CXX = "$tagname"; then - case ${MACOSX_DEPLOYMENT_TARGET-10.0} in - 10.[0123]) - func_append compile_command " $wl-bind_at_load" - func_append finalize_command " $wl-bind_at_load" - ;; - esac - fi - # Time to change all our "foo.ltframework" stuff back to "-framework foo" - compile_deplibs=`$ECHO " $compile_deplibs" | $SED 's% \([^ $]*\).ltframework% -framework \1%g'` - finalize_deplibs=`$ECHO " $finalize_deplibs" | $SED 's% \([^ $]*\).ltframework% -framework \1%g'` - ;; - esac - - - # move library search paths that coincide with paths to not yet - # installed libraries to the beginning of the library search list - new_libs= - for path in $notinst_path; do - case " $new_libs " in - *" -L$path/$objdir "*) ;; - *) - case " $compile_deplibs " in - *" -L$path/$objdir "*) - func_append new_libs " -L$path/$objdir" ;; - esac - ;; - esac - done - for deplib in $compile_deplibs; do - case $deplib in - -L*) - case " $new_libs " in - *" $deplib "*) ;; - *) func_append new_libs " $deplib" ;; - esac - ;; - *) func_append new_libs " $deplib" ;; - esac - done - compile_deplibs=$new_libs - - - func_append compile_command " $compile_deplibs" - func_append finalize_command " $finalize_deplibs" - - if test -n "$rpath$xrpath"; then - # If the user specified any rpath flags, then add them. - for libdir in $rpath $xrpath; do - # This is the magic to use -rpath. - case "$finalize_rpath " in - *" $libdir "*) ;; - *) func_append finalize_rpath " $libdir" ;; - esac - done - fi - - # Now hardcode the library paths - rpath= - hardcode_libdirs= - for libdir in $compile_rpath $finalize_rpath; do - if test -n "$hardcode_libdir_flag_spec"; then - if test -n "$hardcode_libdir_separator"; then - if test -z "$hardcode_libdirs"; then - hardcode_libdirs=$libdir - else - # Just accumulate the unique libdirs. - case $hardcode_libdir_separator$hardcode_libdirs$hardcode_libdir_separator in - *"$hardcode_libdir_separator$libdir$hardcode_libdir_separator"*) - ;; - *) - func_append hardcode_libdirs "$hardcode_libdir_separator$libdir" - ;; - esac - fi - else - eval flag=\"$hardcode_libdir_flag_spec\" - func_append rpath " $flag" - fi - elif test -n "$runpath_var"; then - case "$perm_rpath " in - *" $libdir "*) ;; - *) func_append perm_rpath " $libdir" ;; - esac - fi - case $host in - *-*-cygwin* | *-*-mingw* | *-*-pw32* | *-*-os2* | *-cegcc*) - testbindir=`$ECHO "$libdir" | $SED -e 's*/lib$*/bin*'` - case :$dllsearchpath: in - *":$libdir:"*) ;; - ::) dllsearchpath=$libdir;; - *) func_append dllsearchpath ":$libdir";; - esac - case :$dllsearchpath: in - *":$testbindir:"*) ;; - ::) dllsearchpath=$testbindir;; - *) func_append dllsearchpath ":$testbindir";; - esac - ;; - esac - done - # Substitute the hardcoded libdirs into the rpath. - if test -n "$hardcode_libdir_separator" && - test -n "$hardcode_libdirs"; then - libdir=$hardcode_libdirs - eval rpath=\" $hardcode_libdir_flag_spec\" - fi - compile_rpath=$rpath - - rpath= - hardcode_libdirs= - for libdir in $finalize_rpath; do - if test -n "$hardcode_libdir_flag_spec"; then - if test -n "$hardcode_libdir_separator"; then - if test -z "$hardcode_libdirs"; then - hardcode_libdirs=$libdir - else - # Just accumulate the unique libdirs. - case $hardcode_libdir_separator$hardcode_libdirs$hardcode_libdir_separator in - *"$hardcode_libdir_separator$libdir$hardcode_libdir_separator"*) - ;; - *) - func_append hardcode_libdirs "$hardcode_libdir_separator$libdir" - ;; - esac - fi - else - eval flag=\"$hardcode_libdir_flag_spec\" - func_append rpath " $flag" - fi - elif test -n "$runpath_var"; then - case "$finalize_perm_rpath " in - *" $libdir "*) ;; - *) func_append finalize_perm_rpath " $libdir" ;; - esac - fi - done - # Substitute the hardcoded libdirs into the rpath. - if test -n "$hardcode_libdir_separator" && - test -n "$hardcode_libdirs"; then - libdir=$hardcode_libdirs - eval rpath=\" $hardcode_libdir_flag_spec\" - fi - finalize_rpath=$rpath - - if test -n "$libobjs" && test yes = "$build_old_libs"; then - # Transform all the library objects into standard objects. - compile_command=`$ECHO "$compile_command" | $SP2NL | $SED "$lo2o" | $NL2SP` - finalize_command=`$ECHO "$finalize_command" | $SP2NL | $SED "$lo2o" | $NL2SP` - fi - - func_generate_dlsyms "$outputname" "@PROGRAM@" false - - # template prelinking step - if test -n "$prelink_cmds"; then - func_execute_cmds "$prelink_cmds" 'exit $?' - fi - - wrappers_required=: - case $host in - *cegcc* | *mingw32ce*) - # Disable wrappers for cegcc and mingw32ce hosts, we are cross compiling anyway. - wrappers_required=false - ;; - *cygwin* | *mingw* ) - test yes = "$build_libtool_libs" || wrappers_required=false - ;; - *) - if test no = "$need_relink" || test yes != "$build_libtool_libs"; then - wrappers_required=false - fi - ;; - esac - $wrappers_required || { - # Replace the output file specification. - compile_command=`$ECHO "$compile_command" | $SED 's%@OUTPUT@%'"$output"'%g'` - link_command=$compile_command$compile_rpath - - # We have no uninstalled library dependencies, so finalize right now. - exit_status=0 - func_show_eval "$link_command" 'exit_status=$?' - - if test -n "$postlink_cmds"; then - func_to_tool_file "$output" - postlink_cmds=`func_echo_all "$postlink_cmds" | $SED -e 's%@OUTPUT@%'"$output"'%g' -e 's%@TOOL_OUTPUT@%'"$func_to_tool_file_result"'%g'` - func_execute_cmds "$postlink_cmds" 'exit $?' - fi - - # Delete the generated files. - if test -f "$output_objdir/${outputname}S.$objext"; then - func_show_eval '$RM "$output_objdir/${outputname}S.$objext"' - fi - - exit $exit_status - } - - if test -n "$compile_shlibpath$finalize_shlibpath"; then - compile_command="$shlibpath_var=\"$compile_shlibpath$finalize_shlibpath\$$shlibpath_var\" $compile_command" - fi - if test -n "$finalize_shlibpath"; then - finalize_command="$shlibpath_var=\"$finalize_shlibpath\$$shlibpath_var\" $finalize_command" - fi - - compile_var= - finalize_var= - if test -n "$runpath_var"; then - if test -n "$perm_rpath"; then - # We should set the runpath_var. - rpath= - for dir in $perm_rpath; do - func_append rpath "$dir:" - done - compile_var="$runpath_var=\"$rpath\$$runpath_var\" " - fi - if test -n "$finalize_perm_rpath"; then - # We should set the runpath_var. - rpath= - for dir in $finalize_perm_rpath; do - func_append rpath "$dir:" - done - finalize_var="$runpath_var=\"$rpath\$$runpath_var\" " - fi - fi - - if test yes = "$no_install"; then - # We don't need to create a wrapper script. - link_command=$compile_var$compile_command$compile_rpath - # Replace the output file specification. - link_command=`$ECHO "$link_command" | $SED 's%@OUTPUT@%'"$output"'%g'` - # Delete the old output file. - $opt_dry_run || $RM $output - # Link the executable and exit - func_show_eval "$link_command" 'exit $?' - - if test -n "$postlink_cmds"; then - func_to_tool_file "$output" - postlink_cmds=`func_echo_all "$postlink_cmds" | $SED -e 's%@OUTPUT@%'"$output"'%g' -e 's%@TOOL_OUTPUT@%'"$func_to_tool_file_result"'%g'` - func_execute_cmds "$postlink_cmds" 'exit $?' - fi - - exit $EXIT_SUCCESS - fi - - case $hardcode_action,$fast_install in - relink,*) - # Fast installation is not supported - link_command=$compile_var$compile_command$compile_rpath - relink_command=$finalize_var$finalize_command$finalize_rpath - - func_warning "this platform does not like uninstalled shared libraries" - func_warning "'$output' will be relinked during installation" - ;; - *,yes) - link_command=$finalize_var$compile_command$finalize_rpath - relink_command=`$ECHO "$compile_var$compile_command$compile_rpath" | $SED 's%@OUTPUT@%\$progdir/\$file%g'` - ;; - *,no) - link_command=$compile_var$compile_command$compile_rpath - relink_command=$finalize_var$finalize_command$finalize_rpath - ;; - *,needless) - link_command=$finalize_var$compile_command$finalize_rpath - relink_command= - ;; - esac - - # Replace the output file specification. - link_command=`$ECHO "$link_command" | $SED 's%@OUTPUT@%'"$output_objdir/$outputname"'%g'` - - # Delete the old output files. - $opt_dry_run || $RM $output $output_objdir/$outputname $output_objdir/lt-$outputname - - func_show_eval "$link_command" 'exit $?' - - if test -n "$postlink_cmds"; then - func_to_tool_file "$output_objdir/$outputname" - postlink_cmds=`func_echo_all "$postlink_cmds" | $SED -e 's%@OUTPUT@%'"$output_objdir/$outputname"'%g' -e 's%@TOOL_OUTPUT@%'"$func_to_tool_file_result"'%g'` - func_execute_cmds "$postlink_cmds" 'exit $?' - fi - - # Now create the wrapper script. - func_verbose "creating $output" - - # Quote the relink command for shipping. - if test -n "$relink_command"; then - # Preserve any variables that may affect compiler behavior - for var in $variables_saved_for_relink; do - if eval test -z \"\${$var+set}\"; then - relink_command="{ test -z \"\${$var+set}\" || $lt_unset $var || { $var=; export $var; }; }; $relink_command" - elif eval var_value=\$$var; test -z "$var_value"; then - relink_command="$var=; export $var; $relink_command" - else - func_quote_for_eval "$var_value" - relink_command="$var=$func_quote_for_eval_result; export $var; $relink_command" - fi - done - relink_command="(cd `pwd`; $relink_command)" - relink_command=`$ECHO "$relink_command" | $SED "$sed_quote_subst"` - fi - - # Only actually do things if not in dry run mode. - $opt_dry_run || { - # win32 will think the script is a binary if it has - # a .exe suffix, so we strip it off here. - case $output in - *.exe) func_stripname '' '.exe' "$output" - output=$func_stripname_result ;; - esac - # test for cygwin because mv fails w/o .exe extensions - case $host in - *cygwin*) - exeext=.exe - func_stripname '' '.exe' "$outputname" - outputname=$func_stripname_result ;; - *) exeext= ;; - esac - case $host in - *cygwin* | *mingw* ) - func_dirname_and_basename "$output" "" "." - output_name=$func_basename_result - output_path=$func_dirname_result - cwrappersource=$output_path/$objdir/lt-$output_name.c - cwrapper=$output_path/$output_name.exe - $RM $cwrappersource $cwrapper - trap "$RM $cwrappersource $cwrapper; exit $EXIT_FAILURE" 1 2 15 - - func_emit_cwrapperexe_src > $cwrappersource - - # The wrapper executable is built using the $host compiler, - # because it contains $host paths and files. If cross- - # compiling, it, like the target executable, must be - # executed on the $host or under an emulation environment. - $opt_dry_run || { - $LTCC $LTCFLAGS -o $cwrapper $cwrappersource - $STRIP $cwrapper - } - - # Now, create the wrapper script for func_source use: - func_ltwrapper_scriptname $cwrapper - $RM $func_ltwrapper_scriptname_result - trap "$RM $func_ltwrapper_scriptname_result; exit $EXIT_FAILURE" 1 2 15 - $opt_dry_run || { - # note: this script will not be executed, so do not chmod. - if test "x$build" = "x$host"; then - $cwrapper --lt-dump-script > $func_ltwrapper_scriptname_result - else - func_emit_wrapper no > $func_ltwrapper_scriptname_result - fi - } - ;; - * ) - $RM $output - trap "$RM $output; exit $EXIT_FAILURE" 1 2 15 - - func_emit_wrapper no > $output - chmod +x $output - ;; - esac - } - exit $EXIT_SUCCESS - ;; - esac - - # See if we need to build an old-fashioned archive. - for oldlib in $oldlibs; do - - case $build_libtool_libs in - convenience) - oldobjs="$libobjs_save $symfileobj" - addlibs=$convenience - build_libtool_libs=no - ;; - module) - oldobjs=$libobjs_save - addlibs=$old_convenience - build_libtool_libs=no - ;; - *) - oldobjs="$old_deplibs $non_pic_objects" - $preload && test -f "$symfileobj" \ - && func_append oldobjs " $symfileobj" - addlibs=$old_convenience - ;; - esac - - if test -n "$addlibs"; then - gentop=$output_objdir/${outputname}x - func_append generated " $gentop" - - func_extract_archives $gentop $addlibs - func_append oldobjs " $func_extract_archives_result" - fi - - # Do each command in the archive commands. - if test -n "$old_archive_from_new_cmds" && test yes = "$build_libtool_libs"; then - cmds=$old_archive_from_new_cmds - else - - # Add any objects from preloaded convenience libraries - if test -n "$dlprefiles"; then - gentop=$output_objdir/${outputname}x - func_append generated " $gentop" - - func_extract_archives $gentop $dlprefiles - func_append oldobjs " $func_extract_archives_result" - fi - - # POSIX demands no paths to be encoded in archives. We have - # to avoid creating archives with duplicate basenames if we - # might have to extract them afterwards, e.g., when creating a - # static archive out of a convenience library, or when linking - # the entirety of a libtool archive into another (currently - # not supported by libtool). - if (for obj in $oldobjs - do - func_basename "$obj" - $ECHO "$func_basename_result" - done | sort | sort -uc >/dev/null 2>&1); then - : - else - echo "copying selected object files to avoid basename conflicts..." - gentop=$output_objdir/${outputname}x - func_append generated " $gentop" - func_mkdir_p "$gentop" - save_oldobjs=$oldobjs - oldobjs= - counter=1 - for obj in $save_oldobjs - do - func_basename "$obj" - objbase=$func_basename_result - case " $oldobjs " in - " ") oldobjs=$obj ;; - *[\ /]"$objbase "*) - while :; do - # Make sure we don't pick an alternate name that also - # overlaps. - newobj=lt$counter-$objbase - func_arith $counter + 1 - counter=$func_arith_result - case " $oldobjs " in - *[\ /]"$newobj "*) ;; - *) if test ! -f "$gentop/$newobj"; then break; fi ;; - esac - done - func_show_eval "ln $obj $gentop/$newobj || cp $obj $gentop/$newobj" - func_append oldobjs " $gentop/$newobj" - ;; - *) func_append oldobjs " $obj" ;; - esac - done - fi - func_to_tool_file "$oldlib" func_convert_file_msys_to_w32 - tool_oldlib=$func_to_tool_file_result - eval cmds=\"$old_archive_cmds\" - - func_len " $cmds" - len=$func_len_result - if test "$len" -lt "$max_cmd_len" || test "$max_cmd_len" -le -1; then - cmds=$old_archive_cmds - elif test -n "$archiver_list_spec"; then - func_verbose "using command file archive linking..." - for obj in $oldobjs - do - func_to_tool_file "$obj" - $ECHO "$func_to_tool_file_result" - done > $output_objdir/$libname.libcmd - func_to_tool_file "$output_objdir/$libname.libcmd" - oldobjs=" $archiver_list_spec$func_to_tool_file_result" - cmds=$old_archive_cmds - else - # the command line is too long to link in one step, link in parts - func_verbose "using piecewise archive linking..." - save_RANLIB=$RANLIB - RANLIB=: - objlist= - concat_cmds= - save_oldobjs=$oldobjs - oldobjs= - # Is there a better way of finding the last object in the list? - for obj in $save_oldobjs - do - last_oldobj=$obj - done - eval test_cmds=\"$old_archive_cmds\" - func_len " $test_cmds" - len0=$func_len_result - len=$len0 - for obj in $save_oldobjs - do - func_len " $obj" - func_arith $len + $func_len_result - len=$func_arith_result - func_append objlist " $obj" - if test "$len" -lt "$max_cmd_len"; then - : - else - # the above command should be used before it gets too long - oldobjs=$objlist - if test "$obj" = "$last_oldobj"; then - RANLIB=$save_RANLIB - fi - test -z "$concat_cmds" || concat_cmds=$concat_cmds~ - eval concat_cmds=\"\$concat_cmds$old_archive_cmds\" - objlist= - len=$len0 - fi - done - RANLIB=$save_RANLIB - oldobjs=$objlist - if test -z "$oldobjs"; then - eval cmds=\"\$concat_cmds\" - else - eval cmds=\"\$concat_cmds~\$old_archive_cmds\" - fi - fi - fi - func_execute_cmds "$cmds" 'exit $?' - done - - test -n "$generated" && \ - func_show_eval "${RM}r$generated" - - # Now create the libtool archive. - case $output in - *.la) - old_library= - test yes = "$build_old_libs" && old_library=$libname.$libext - func_verbose "creating $output" - - # Preserve any variables that may affect compiler behavior - for var in $variables_saved_for_relink; do - if eval test -z \"\${$var+set}\"; then - relink_command="{ test -z \"\${$var+set}\" || $lt_unset $var || { $var=; export $var; }; }; $relink_command" - elif eval var_value=\$$var; test -z "$var_value"; then - relink_command="$var=; export $var; $relink_command" - else - func_quote_for_eval "$var_value" - relink_command="$var=$func_quote_for_eval_result; export $var; $relink_command" - fi - done - # Quote the link command for shipping. - relink_command="(cd `pwd`; $SHELL \"$progpath\" $preserve_args --mode=relink $libtool_args @inst_prefix_dir@)" - relink_command=`$ECHO "$relink_command" | $SED "$sed_quote_subst"` - if test yes = "$hardcode_automatic"; then - relink_command= - fi - - # Only create the output if not a dry run. - $opt_dry_run || { - for installed in no yes; do - if test yes = "$installed"; then - if test -z "$install_libdir"; then - break - fi - output=$output_objdir/${outputname}i - # Replace all uninstalled libtool libraries with the installed ones - newdependency_libs= - for deplib in $dependency_libs; do - case $deplib in - *.la) - func_basename "$deplib" - name=$func_basename_result - func_resolve_sysroot "$deplib" - eval libdir=`$SED -n -e 's/^libdir=\(.*\)$/\1/p' $func_resolve_sysroot_result` - test -z "$libdir" && \ - func_fatal_error "'$deplib' is not a valid libtool archive" - func_append newdependency_libs " ${lt_sysroot:+=}$libdir/$name" - ;; - -L*) - func_stripname -L '' "$deplib" - func_replace_sysroot "$func_stripname_result" - func_append newdependency_libs " -L$func_replace_sysroot_result" - ;; - -R*) - func_stripname -R '' "$deplib" - func_replace_sysroot "$func_stripname_result" - func_append newdependency_libs " -R$func_replace_sysroot_result" - ;; - *) func_append newdependency_libs " $deplib" ;; - esac - done - dependency_libs=$newdependency_libs - newdlfiles= - - for lib in $dlfiles; do - case $lib in - *.la) - func_basename "$lib" - name=$func_basename_result - eval libdir=`$SED -n -e 's/^libdir=\(.*\)$/\1/p' $lib` - test -z "$libdir" && \ - func_fatal_error "'$lib' is not a valid libtool archive" - func_append newdlfiles " ${lt_sysroot:+=}$libdir/$name" - ;; - *) func_append newdlfiles " $lib" ;; - esac - done - dlfiles=$newdlfiles - newdlprefiles= - for lib in $dlprefiles; do - case $lib in - *.la) - # Only pass preopened files to the pseudo-archive (for - # eventual linking with the app. that links it) if we - # didn't already link the preopened objects directly into - # the library: - func_basename "$lib" - name=$func_basename_result - eval libdir=`$SED -n -e 's/^libdir=\(.*\)$/\1/p' $lib` - test -z "$libdir" && \ - func_fatal_error "'$lib' is not a valid libtool archive" - func_append newdlprefiles " ${lt_sysroot:+=}$libdir/$name" - ;; - esac - done - dlprefiles=$newdlprefiles - else - newdlfiles= - for lib in $dlfiles; do - case $lib in - [\\/]* | [A-Za-z]:[\\/]*) abs=$lib ;; - *) abs=`pwd`"/$lib" ;; - esac - func_append newdlfiles " $abs" - done - dlfiles=$newdlfiles - newdlprefiles= - for lib in $dlprefiles; do - case $lib in - [\\/]* | [A-Za-z]:[\\/]*) abs=$lib ;; - *) abs=`pwd`"/$lib" ;; - esac - func_append newdlprefiles " $abs" - done - dlprefiles=$newdlprefiles - fi - $RM $output - # place dlname in correct position for cygwin - # In fact, it would be nice if we could use this code for all target - # systems that can't hard-code library paths into their executables - # and that have no shared library path variable independent of PATH, - # but it turns out we can't easily determine that from inspecting - # libtool variables, so we have to hard-code the OSs to which it - # applies here; at the moment, that means platforms that use the PE - # object format with DLL files. See the long comment at the top of - # tests/bindir.at for full details. - tdlname=$dlname - case $host,$output,$installed,$module,$dlname in - *cygwin*,*lai,yes,no,*.dll | *mingw*,*lai,yes,no,*.dll | *cegcc*,*lai,yes,no,*.dll) - # If a -bindir argument was supplied, place the dll there. - if test -n "$bindir"; then - func_relative_path "$install_libdir" "$bindir" - tdlname=$func_relative_path_result/$dlname - else - # Otherwise fall back on heuristic. - tdlname=../bin/$dlname - fi - ;; - esac - $ECHO > $output "\ -# $outputname - a libtool library file -# Generated by $PROGRAM (GNU $PACKAGE) $VERSION -# -# Please DO NOT delete this file! -# It is necessary for linking the library. - -# The name that we can dlopen(3). -dlname='$tdlname' - -# Names of this library. -library_names='$library_names' - -# The name of the static archive. -old_library='$old_library' - -# Linker flags that cannot go in dependency_libs. -inherited_linker_flags='$new_inherited_linker_flags' - -# Libraries that this one depends upon. -dependency_libs='$dependency_libs' - -# Names of additional weak libraries provided by this library -weak_library_names='$weak_libs' - -# Version information for $libname. -current=$current -age=$age -revision=$revision - -# Is this an already installed library? -installed=$installed - -# Should we warn about portability when linking against -modules? -shouldnotlink=$module - -# Files to dlopen/dlpreopen -dlopen='$dlfiles' -dlpreopen='$dlprefiles' - -# Directory that this library needs to be installed in: -libdir='$install_libdir'" - if test no,yes = "$installed,$need_relink"; then - $ECHO >> $output "\ -relink_command=\"$relink_command\"" - fi - done - } - - # Do a symbolic link so that the libtool archive can be found in - # LD_LIBRARY_PATH before the program is installed. - func_show_eval '( cd "$output_objdir" && $RM "$outputname" && $LN_S "../$outputname" "$outputname" )' 'exit $?' - ;; - esac - exit $EXIT_SUCCESS -} - -if test link = "$opt_mode" || test relink = "$opt_mode"; then - func_mode_link ${1+"$@"} -fi - - -# func_mode_uninstall arg... -func_mode_uninstall () -{ - $debug_cmd - - RM=$nonopt - files= - rmforce=false - exit_status=0 - - # This variable tells wrapper scripts just to set variables rather - # than running their programs. - libtool_install_magic=$magic - - for arg - do - case $arg in - -f) func_append RM " $arg"; rmforce=: ;; - -*) func_append RM " $arg" ;; - *) func_append files " $arg" ;; - esac - done - - test -z "$RM" && \ - func_fatal_help "you must specify an RM program" - - rmdirs= - - for file in $files; do - func_dirname "$file" "" "." - dir=$func_dirname_result - if test . = "$dir"; then - odir=$objdir - else - odir=$dir/$objdir - fi - func_basename "$file" - name=$func_basename_result - test uninstall = "$opt_mode" && odir=$dir - - # Remember odir for removal later, being careful to avoid duplicates - if test clean = "$opt_mode"; then - case " $rmdirs " in - *" $odir "*) ;; - *) func_append rmdirs " $odir" ;; - esac - fi - - # Don't error if the file doesn't exist and rm -f was used. - if { test -L "$file"; } >/dev/null 2>&1 || - { test -h "$file"; } >/dev/null 2>&1 || - test -f "$file"; then - : - elif test -d "$file"; then - exit_status=1 - continue - elif $rmforce; then - continue - fi - - rmfiles=$file - - case $name in - *.la) - # Possibly a libtool archive, so verify it. - if func_lalib_p "$file"; then - func_source $dir/$name - - # Delete the libtool libraries and symlinks. - for n in $library_names; do - func_append rmfiles " $odir/$n" - done - test -n "$old_library" && func_append rmfiles " $odir/$old_library" - - case $opt_mode in - clean) - case " $library_names " in - *" $dlname "*) ;; - *) test -n "$dlname" && func_append rmfiles " $odir/$dlname" ;; - esac - test -n "$libdir" && func_append rmfiles " $odir/$name $odir/${name}i" - ;; - uninstall) - if test -n "$library_names"; then - # Do each command in the postuninstall commands. - func_execute_cmds "$postuninstall_cmds" '$rmforce || exit_status=1' - fi - - if test -n "$old_library"; then - # Do each command in the old_postuninstall commands. - func_execute_cmds "$old_postuninstall_cmds" '$rmforce || exit_status=1' - fi - # FIXME: should reinstall the best remaining shared library. - ;; - esac - fi - ;; - - *.lo) - # Possibly a libtool object, so verify it. - if func_lalib_p "$file"; then - - # Read the .lo file - func_source $dir/$name - - # Add PIC object to the list of files to remove. - if test -n "$pic_object" && test none != "$pic_object"; then - func_append rmfiles " $dir/$pic_object" - fi - - # Add non-PIC object to the list of files to remove. - if test -n "$non_pic_object" && test none != "$non_pic_object"; then - func_append rmfiles " $dir/$non_pic_object" - fi - fi - ;; - - *) - if test clean = "$opt_mode"; then - noexename=$name - case $file in - *.exe) - func_stripname '' '.exe' "$file" - file=$func_stripname_result - func_stripname '' '.exe' "$name" - noexename=$func_stripname_result - # $file with .exe has already been added to rmfiles, - # add $file without .exe - func_append rmfiles " $file" - ;; - esac - # Do a test to see if this is a libtool program. - if func_ltwrapper_p "$file"; then - if func_ltwrapper_executable_p "$file"; then - func_ltwrapper_scriptname "$file" - relink_command= - func_source $func_ltwrapper_scriptname_result - func_append rmfiles " $func_ltwrapper_scriptname_result" - else - relink_command= - func_source $dir/$noexename - fi - - # note $name still contains .exe if it was in $file originally - # as does the version of $file that was added into $rmfiles - func_append rmfiles " $odir/$name $odir/${name}S.$objext" - if test yes = "$fast_install" && test -n "$relink_command"; then - func_append rmfiles " $odir/lt-$name" - fi - if test "X$noexename" != "X$name"; then - func_append rmfiles " $odir/lt-$noexename.c" - fi - fi - fi - ;; - esac - func_show_eval "$RM $rmfiles" 'exit_status=1' - done - - # Try to remove the $objdir's in the directories where we deleted files - for dir in $rmdirs; do - if test -d "$dir"; then - func_show_eval "rmdir $dir >/dev/null 2>&1" - fi - done - - exit $exit_status -} - -if test uninstall = "$opt_mode" || test clean = "$opt_mode"; then - func_mode_uninstall ${1+"$@"} -fi - -test -z "$opt_mode" && { - help=$generic_help - func_fatal_help "you must specify a MODE" -} - -test -z "$exec_cmd" && \ - func_fatal_help "invalid operation mode '$opt_mode'" - -if test -n "$exec_cmd"; then - eval exec "$exec_cmd" - exit $EXIT_FAILURE -fi - -exit $exit_status - - -# The TAGs below are defined such that we never get into a situation -# where we disable both kinds of libraries. Given conflicting -# choices, we go for a static library, that is the most portable, -# since we can't tell whether shared libraries were disabled because -# the user asked for that or because the platform doesn't support -# them. This is particularly important on AIX, because we don't -# support having both static and shared libraries enabled at the same -# time on that platform, so we default to a shared-only configuration. -# If a disable-shared tag is given, we'll fallback to a static-only -# configuration. But we'll never go from static-only to shared-only. - -# ### BEGIN LIBTOOL TAG CONFIG: disable-shared -build_libtool_libs=no -build_old_libs=yes -# ### END LIBTOOL TAG CONFIG: disable-shared - -# ### BEGIN LIBTOOL TAG CONFIG: disable-static -build_old_libs=`case $build_libtool_libs in yes) echo no;; *) echo yes;; esac` -# ### END LIBTOOL TAG CONFIG: disable-static - -# Local Variables: -# mode:shell-script -# sh-indentation:2 -# End: diff -Nru sudo-1.9.5p2/m4/ax_prog_cc_for_build.m4 sudo-1.9.9/m4/ax_prog_cc_for_build.m4 --- sudo-1.9.5p2/m4/ax_prog_cc_for_build.m4 1970-01-01 00:00:00.000000000 +0000 +++ sudo-1.9.9/m4/ax_prog_cc_for_build.m4 2022-01-27 21:24:06.000000000 +0000 @@ -0,0 +1,155 @@ +# =========================================================================== +# https://www.gnu.org/software/autoconf-archive/ax_prog_cc_for_build.html +# =========================================================================== +# +# SYNOPSIS +# +# AX_PROG_CC_FOR_BUILD +# +# DESCRIPTION +# +# This macro searches for a C compiler that generates native executables, +# that is a C compiler that surely is not a cross-compiler. This can be +# useful if you have to generate source code at compile-time like for +# example GCC does. +# +# The macro sets the CC_FOR_BUILD and CPP_FOR_BUILD macros to anything +# needed to compile or link (CC_FOR_BUILD) and preprocess (CPP_FOR_BUILD). +# The value of these variables can be overridden by the user by specifying +# a compiler with an environment variable (like you do for standard CC). +# +# It also sets BUILD_EXEEXT and BUILD_OBJEXT to the executable and object +# file extensions for the build platform, and GCC_FOR_BUILD to `yes' if +# the compiler we found is GCC. All these variables but GCC_FOR_BUILD are +# substituted in the Makefile. +# +# LICENSE +# +# Copyright (c) 2008 Paolo Bonzini +# +# Copying and distribution of this file, with or without modification, are +# permitted in any medium without royalty provided the copyright notice +# and this notice are preserved. This file is offered as-is, without any +# warranty. + +#serial 20 + +AU_ALIAS([AC_PROG_CC_FOR_BUILD], [AX_PROG_CC_FOR_BUILD]) +AC_DEFUN([AX_PROG_CC_FOR_BUILD], [dnl +AC_REQUIRE([AC_PROG_CC])dnl +AC_REQUIRE([AC_PROG_CPP])dnl +AC_REQUIRE([AC_CANONICAL_BUILD])dnl + +dnl Use the standard macros, but make them use other variable names +dnl +pushdef([ac_cv_prog_CPP], ac_cv_build_prog_CPP)dnl +pushdef([ac_cv_prog_cc_c89], ac_cv_build_prog_cc_c89)dnl +pushdef([ac_cv_prog_cc_c99], ac_cv_build_prog_cc_c99)dnl +pushdef([ac_cv_prog_cc_c11], ac_cv_build_prog_cc_c11)dnl +pushdef([ac_cv_prog_gcc], ac_cv_build_prog_gcc)dnl +pushdef([ac_cv_prog_cc_works], ac_cv_build_prog_cc_works)dnl +pushdef([ac_cv_prog_cc_cross], ac_cv_build_prog_cc_cross)dnl +pushdef([ac_cv_prog_cc_g], ac_cv_build_prog_cc_g)dnl +pushdef([ac_cv_c_compiler_gnu], ac_cv_build_c_compiler_gnu)dnl +pushdef([ac_cv_exeext], ac_cv_build_exeext)dnl +pushdef([ac_cv_objext], ac_cv_build_objext)dnl +pushdef([ac_exeext], ac_build_exeext)dnl +pushdef([ac_objext], ac_build_objext)dnl +pushdef([CC], CC_FOR_BUILD)dnl +pushdef([CPP], CPP_FOR_BUILD)dnl +pushdef([GCC], GCC_FOR_BUILD)dnl +pushdef([CFLAGS], CFLAGS_FOR_BUILD)dnl +pushdef([CPPFLAGS], CPPFLAGS_FOR_BUILD)dnl +pushdef([EXEEXT], BUILD_EXEEXT)dnl +pushdef([LDFLAGS], LDFLAGS_FOR_BUILD)dnl +pushdef([OBJEXT], BUILD_OBJEXT)dnl +pushdef([host], build)dnl +pushdef([host_alias], build_alias)dnl +pushdef([host_cpu], build_cpu)dnl +pushdef([host_vendor], build_vendor)dnl +pushdef([host_os], build_os)dnl +pushdef([ac_cv_host], ac_cv_build)dnl +pushdef([ac_cv_host_alias], ac_cv_build_alias)dnl +pushdef([ac_cv_host_cpu], ac_cv_build_cpu)dnl +pushdef([ac_cv_host_vendor], ac_cv_build_vendor)dnl +pushdef([ac_cv_host_os], ac_cv_build_os)dnl +pushdef([ac_tool_prefix], ac_build_tool_prefix)dnl +pushdef([am_cv_CC_dependencies_compiler_type], am_cv_build_CC_dependencies_compiler_type)dnl +pushdef([am_cv_prog_cc_c_o], am_cv_build_prog_cc_c_o)dnl +pushdef([cross_compiling], cross_compiling_build)dnl + +cross_compiling_build=no + +ac_build_tool_prefix= +AS_IF([test -n "$build"], [ac_build_tool_prefix="$build-"], + [test -n "$build_alias"],[ac_build_tool_prefix="$build_alias-"]) + +AC_LANG_PUSH([C]) + +dnl The pushdef([ac_cv_c_compiler_gnu], ...) currently does not cover +dnl the use of this variable in _AC_LANG_COMPILER_GNU called by +dnl AC_PROG_CC. Unset this cache variable temporarily as a workaround. +was_set_ac_cv_c_compiler_gnu=${[ac_cv_c_compiler_gnu]+y} +AS_IF([test ${was_set_ac_cv_c_compiler_gnu}], + [saved_ac_cv_c_compiler_gnu=$[ac_cv_c_compiler_gnu] + AS_UNSET([[ac_cv_c_compiler_gnu]])]) + +AC_PROG_CC + +dnl Restore ac_cv_c_compiler_gnu +AS_IF([test ${was_set_ac_cv_c_compiler_gnu}], + [[ac_cv_c_compiler_gnu]=saved_ac_cv_c_compiler_gnu]) + +_AC_COMPILER_EXEEXT +_AC_COMPILER_OBJEXT +AC_PROG_CPP + +dnl Restore the old definitions +dnl +popdef([cross_compiling])dnl +popdef([am_cv_prog_cc_c_o])dnl +popdef([am_cv_CC_dependencies_compiler_type])dnl +popdef([ac_tool_prefix])dnl +popdef([ac_cv_host_os])dnl +popdef([ac_cv_host_vendor])dnl +popdef([ac_cv_host_cpu])dnl +popdef([ac_cv_host_alias])dnl +popdef([ac_cv_host])dnl +popdef([host_os])dnl +popdef([host_vendor])dnl +popdef([host_cpu])dnl +popdef([host_alias])dnl +popdef([host])dnl +popdef([OBJEXT])dnl +popdef([LDFLAGS])dnl +popdef([EXEEXT])dnl +popdef([CPPFLAGS])dnl +popdef([CFLAGS])dnl +popdef([GCC])dnl +popdef([CPP])dnl +popdef([CC])dnl +popdef([ac_objext])dnl +popdef([ac_exeext])dnl +popdef([ac_cv_objext])dnl +popdef([ac_cv_exeext])dnl +popdef([ac_cv_c_compiler_gnu])dnl +popdef([ac_cv_prog_cc_g])dnl +popdef([ac_cv_prog_cc_cross])dnl +popdef([ac_cv_prog_cc_works])dnl +popdef([ac_cv_prog_cc_c89])dnl +popdef([ac_cv_prog_gcc])dnl +popdef([ac_cv_prog_CPP])dnl + +dnl restore global variables ac_ext, ac_cpp, ac_compile, +dnl ac_link, ac_compiler_gnu (dependent on the current +dnl language after popping): +AC_LANG_POP([C]) + +dnl Finally, set Makefile variables +dnl +AC_SUBST(BUILD_EXEEXT)dnl +AC_SUBST(BUILD_OBJEXT)dnl +AC_SUBST([CFLAGS_FOR_BUILD])dnl +AC_SUBST([CPPFLAGS_FOR_BUILD])dnl +AC_SUBST([LDFLAGS_FOR_BUILD])dnl +]) diff -Nru sudo-1.9.5p2/m4/libtool.m4 sudo-1.9.9/m4/libtool.m4 --- sudo-1.9.5p2/m4/libtool.m4 2020-12-17 01:33:43.000000000 +0000 +++ sudo-1.9.9/m4/libtool.m4 2022-01-27 21:24:22.000000000 +0000 @@ -1067,16 +1067,11 @@ _lt_dar_allow_undefined='$wl-undefined ${wl}suppress' ;; darwin1.*) _lt_dar_allow_undefined='$wl-flat_namespace $wl-undefined ${wl}suppress' ;; - darwin*) # darwin 5.x on - # if running on 10.5 or later, the deployment target defaults - # to the OS version, if on x86, and 10.4, the deployment - # target defaults to 10.4. Don't you love it? - case ${MACOSX_DEPLOYMENT_TARGET-10.0},$host in - 10.0,*86*-darwin8*|10.0,*-darwin[[91]]*) - _lt_dar_allow_undefined='$wl-undefined ${wl}dynamic_lookup' ;; - 10.[[012]][[,.]]*) + darwin*) + case ${MACOSX_DEPLOYMENT_TARGET},$host in + 10.[[012]],*|,*powerpc*) _lt_dar_allow_undefined='$wl-flat_namespace $wl-undefined ${wl}suppress' ;; - 10.*) + *) _lt_dar_allow_undefined='$wl-undefined ${wl}dynamic_lookup' ;; esac ;; diff -Nru sudo-1.9.5p2/m4/python.m4 sudo-1.9.9/m4/python.m4 --- sudo-1.9.5p2/m4/python.m4 1970-01-01 00:00:00.000000000 +0000 +++ sudo-1.9.9/m4/python.m4 2022-01-27 21:24:06.000000000 +0000 @@ -0,0 +1,244 @@ +## ------------------------ -*- Autoconf -*- +## Python file handling +## From Andrew Dalke +## Updated by James Henstridge and other contributors. +## ------------------------ +# Copyright (C) 1999-2020 Free Software Foundation, Inc. +# +# This file is free software; the Free Software Foundation +# gives unlimited permission to copy and/or distribute it, +# with or without modifications, as long as this notice is preserved. + + +# AM_PATH_PYTHON([MINIMUM-VERSION], [ACTION-IF-FOUND], [ACTION-IF-NOT-FOUND]) +# --------------------------------------------------------------------------- +# Adds support for distributing Python modules and packages. To +# install modules, copy them to $(pythondir), using the python_PYTHON +# automake variable. To install a package with the same name as the +# automake package, install to $(pkgpythondir), or use the +# pkgpython_PYTHON automake variable. +# +# The variables $(pyexecdir) and $(pkgpyexecdir) are provided as +# locations to install python extension modules (shared libraries). +# Another macro is required to find the appropriate flags to compile +# extension modules. +# +# If your package is configured with a different prefix to python, +# users will have to add the install directory to the PYTHONPATH +# environment variable, or create a .pth file (see the python +# documentation for details). +# +# If the MINIMUM-VERSION argument is passed, AM_PATH_PYTHON will +# cause an error if the version of python installed on the system +# doesn't meet the requirement. MINIMUM-VERSION should consist of +# numbers and dots only. +AC_DEFUN([AM_PATH_PYTHON], + [ + dnl Find a Python interpreter. Python versions prior to 2.0 are not + dnl supported. (2.0 was released on October 16, 2000). + m4_define_default([_AM_PYTHON_INTERPRETER_LIST], +[python python2 python3 dnl + python3.9 python3.8 python3.7 python3.6 python3.5 python3.4 python3.3 dnl + python3.2 python3.1 python3.0 dnl + python2.7 python2.6 python2.5 python2.4 python2.3 python2.2 python2.1 dnl + python2.0]) + + AC_ARG_VAR([PYTHON], [the Python interpreter]) + + m4_if([$1],[],[ + dnl No version check is needed. + # Find any Python interpreter. + if test -z "$PYTHON"; then + AC_PATH_PROGS([PYTHON], _AM_PYTHON_INTERPRETER_LIST, :) + fi + am_display_PYTHON=python + ], [ + dnl A version check is needed. + if test -n "$PYTHON"; then + # If the user set $PYTHON, use it and don't search something else. + AC_MSG_CHECKING([whether $PYTHON version is >= $1]) + AM_PYTHON_CHECK_VERSION([$PYTHON], [$1], + [AC_MSG_RESULT([yes])], + [AC_MSG_RESULT([no]) + AC_MSG_ERROR([Python interpreter is too old])]) + am_display_PYTHON=$PYTHON + else + # Otherwise, try each interpreter until we find one that satisfies + # VERSION. + AC_CACHE_CHECK([for a Python interpreter with version >= $1], + [am_cv_pathless_PYTHON],[ + for am_cv_pathless_PYTHON in _AM_PYTHON_INTERPRETER_LIST none; do + test "$am_cv_pathless_PYTHON" = none && break + AM_PYTHON_CHECK_VERSION([$am_cv_pathless_PYTHON], [$1], [break]) + done]) + # Set $PYTHON to the absolute path of $am_cv_pathless_PYTHON. + if test "$am_cv_pathless_PYTHON" = none; then + PYTHON=: + else + AC_PATH_PROG([PYTHON], [$am_cv_pathless_PYTHON]) + fi + am_display_PYTHON=$am_cv_pathless_PYTHON + fi + ]) + + if test "$PYTHON" = :; then + dnl Run any user-specified action, or abort. + m4_default([$3], [AC_MSG_ERROR([no suitable Python interpreter found])]) + else + + dnl Query Python for its version number. Although site.py simply uses + dnl sys.version[:3], printing that failed with Python 3.10, since the + dnl trailing zero was eliminated. So now we output just the major + dnl and minor version numbers, as numbers. Apparently the tertiary + dnl version is not of interest. + + AC_CACHE_CHECK([for $am_display_PYTHON version], [am_cv_python_version], + [am_cv_python_version=`$PYTHON -c "import sys; print('%u.%u' % sys.version_info[[:2]])"`]) + AC_SUBST([PYTHON_VERSION], [$am_cv_python_version]) + + dnl Use the values of $prefix and $exec_prefix for the corresponding + dnl values of PYTHON_PREFIX and PYTHON_EXEC_PREFIX. These are made + dnl distinct variables so they can be overridden if need be. However, + dnl general consensus is that you shouldn't need this ability. + + AC_SUBST([PYTHON_PREFIX], ['${prefix}']) + AC_SUBST([PYTHON_EXEC_PREFIX], ['${exec_prefix}']) + + dnl At times (like when building shared libraries) you may want + dnl to know which OS platform Python thinks this is. + + AC_CACHE_CHECK([for $am_display_PYTHON platform], [am_cv_python_platform], + [am_cv_python_platform=`$PYTHON -c "import sys; sys.stdout.write(sys.platform)"`]) + AC_SUBST([PYTHON_PLATFORM], [$am_cv_python_platform]) + + # Just factor out some code duplication. + am_python_setup_sysconfig="\ +import sys +# Prefer sysconfig over distutils.sysconfig, for better compatibility +# with python 3.x. See automake bug#10227. +try: + import sysconfig +except ImportError: + can_use_sysconfig = 0 +else: + can_use_sysconfig = 1 +# Can't use sysconfig in CPython 2.7, since it's broken in virtualenvs: +# +try: + from platform import python_implementation + if python_implementation() == 'CPython' and sys.version[[:3]] == '2.7': + can_use_sysconfig = 0 +except ImportError: + pass" + + dnl Set up 4 directories: + + dnl pythondir -- where to install python scripts. This is the + dnl site-packages directory, not the python standard library + dnl directory like in previous automake betas. This behavior + dnl is more consistent with lispdir.m4 for example. + dnl Query distutils for this directory. + AC_CACHE_CHECK([for $am_display_PYTHON script directory], + [am_cv_python_pythondir], + [if test "x$prefix" = xNONE + then + am_py_prefix=$ac_default_prefix + else + am_py_prefix=$prefix + fi + am_cv_python_pythondir=`$PYTHON -c " +$am_python_setup_sysconfig +if can_use_sysconfig: + sitedir = sysconfig.get_path('purelib', vars={'base':'$am_py_prefix'}) +else: + from distutils import sysconfig + sitedir = sysconfig.get_python_lib(0, 0, prefix='$am_py_prefix') +sys.stdout.write(sitedir)"` + case $am_cv_python_pythondir in + $am_py_prefix*) + am__strip_prefix=`echo "$am_py_prefix" | sed 's|.|.|g'` + am_cv_python_pythondir=`echo "$am_cv_python_pythondir" | sed "s,^$am__strip_prefix,$PYTHON_PREFIX,"` + ;; + *) + case $am_py_prefix in + /usr|/System*) ;; + *) + am_cv_python_pythondir=$PYTHON_PREFIX/lib/python$PYTHON_VERSION/site-packages + ;; + esac + ;; + esac + ]) + AC_SUBST([pythondir], [$am_cv_python_pythondir]) + + dnl pkgpythondir -- $PACKAGE directory under pythondir. Was + dnl PYTHON_SITE_PACKAGE in previous betas, but this naming is + dnl more consistent with the rest of automake. + + AC_SUBST([pkgpythondir], [\${pythondir}/$PACKAGE]) + + dnl pyexecdir -- directory for installing python extension modules + dnl (shared libraries) + dnl Query distutils for this directory. + AC_CACHE_CHECK([for $am_display_PYTHON extension module directory], + [am_cv_python_pyexecdir], + [if test "x$exec_prefix" = xNONE + then + am_py_exec_prefix=$am_py_prefix + else + am_py_exec_prefix=$exec_prefix + fi + am_cv_python_pyexecdir=`$PYTHON -c " +$am_python_setup_sysconfig +if can_use_sysconfig: + sitedir = sysconfig.get_path('platlib', vars={'platbase':'$am_py_prefix'}) +else: + from distutils import sysconfig + sitedir = sysconfig.get_python_lib(1, 0, prefix='$am_py_prefix') +sys.stdout.write(sitedir)"` + case $am_cv_python_pyexecdir in + $am_py_exec_prefix*) + am__strip_prefix=`echo "$am_py_exec_prefix" | sed 's|.|.|g'` + am_cv_python_pyexecdir=`echo "$am_cv_python_pyexecdir" | sed "s,^$am__strip_prefix,$PYTHON_EXEC_PREFIX,"` + ;; + *) + case $am_py_exec_prefix in + /usr|/System*) ;; + *) + am_cv_python_pyexecdir=$PYTHON_EXEC_PREFIX/lib/python$PYTHON_VERSION/site-packages + ;; + esac + ;; + esac + ]) + AC_SUBST([pyexecdir], [$am_cv_python_pyexecdir]) + + dnl pkgpyexecdir -- $(pyexecdir)/$(PACKAGE) + + AC_SUBST([pkgpyexecdir], [\${pyexecdir}/$PACKAGE]) + + dnl Run any user-specified action. + $2 + fi + +]) + + +# AM_PYTHON_CHECK_VERSION(PROG, VERSION, [ACTION-IF-TRUE], [ACTION-IF-FALSE]) +# --------------------------------------------------------------------------- +# Run ACTION-IF-TRUE if the Python interpreter PROG has version >= VERSION. +# Run ACTION-IF-FALSE otherwise. +# This test uses sys.hexversion instead of the string equivalent (first +# word of sys.version), in order to cope with versions such as 2.2c1. +# This supports Python 2.0 or higher. (2.0 was released on October 16, 2000). +AC_DEFUN([AM_PYTHON_CHECK_VERSION], + [prog="import sys +# split strings by '.' and convert to numeric. Append some zeros +# because we need at least 4 digits for the hex conversion. +# map returns an iterator in Python 3.0 and a list in 2.x +minver = list(map(int, '$2'.split('.'))) + [[0, 0, 0]] +minverhex = 0 +# xrange is not present in Python 3.0 and range returns an iterator +for i in list(range(0, 4)): minverhex = (minverhex << 8) + minver[[i]] +sys.exit(sys.hexversion < minverhex)" + AS_IF([AM_RUN_LOG([$1 -c "$prog"])], [$3], [$4])]) diff -Nru sudo-1.9.5p2/m4/runlog.m4 sudo-1.9.9/m4/runlog.m4 --- sudo-1.9.5p2/m4/runlog.m4 1970-01-01 00:00:00.000000000 +0000 +++ sudo-1.9.9/m4/runlog.m4 2022-01-27 21:24:06.000000000 +0000 @@ -0,0 +1,17 @@ +## -*- Autoconf -*- +# Copyright (C) 2001-2020 Free Software Foundation, Inc. +# +# This file is free software; the Free Software Foundation +# gives unlimited permission to copy and/or distribute it, +# with or without modifications, as long as this notice is preserved. + +# AM_RUN_LOG(COMMAND) +# ------------------- +# Run COMMAND, save the exit status in ac_status, and log it. +# (This has been adapted from Autoconf's _AC_RUN_LOG macro.) +AC_DEFUN([AM_RUN_LOG], +[{ echo "$as_me:$LINENO: $1" >&AS_MESSAGE_LOG_FD + ($1) >&AS_MESSAGE_LOG_FD 2>&AS_MESSAGE_LOG_FD + ac_status=$? + echo "$as_me:$LINENO: \$? = $ac_status" >&AS_MESSAGE_LOG_FD + (exit $ac_status); }]) diff -Nru sudo-1.9.5p2/m4/sudo.m4 sudo-1.9.9/m4/sudo.m4 --- sudo-1.9.5p2/m4/sudo.m4 2020-12-17 01:33:43.000000000 +0000 +++ sudo-1.9.9/m4/sudo.m4 2022-01-27 21:24:06.000000000 +0000 @@ -154,6 +154,30 @@ ])dnl dnl +dnl Where the sudo_logsrvd relay temporary log files go, use +dnl /var/log/sudo_logsrvd if /var/log exists, else +dnl /{var,usr}/adm/sudo_logsrvd +dnl +AC_DEFUN([SUDO_RELAY_DIR], [ + AC_MSG_CHECKING(for sudo_logsrvd relay dir location) + if test "${with_relaydir-yes}" != "yes"; then + relay_dir="$with_relaydir" + else + # Default value of relay_dir set in configure.ac + for d in /var/log /var/adm /usr/adm; do + if test -d "$d"; then + relay_dir="$d/sudo_logsrvd" + break + fi + done + fi + if test "${with_relaydir}" != "no"; then + SUDO_DEFINE_UNQUOTED(_PATH_SUDO_RELAY_DIR, "$relay_dir") + fi + AC_MSG_RESULT($relay_dir) +])dnl + +dnl dnl Where the I/O log files go, use /var/log/sudo-io if dnl /var/log exists, else /{var,usr}/adm/sudo-io dnl @@ -201,16 +225,14 @@ dnl dnl check for working fnmatch(3) dnl -AC_DEFUN([SUDO_FUNC_FNMATCH], -[AC_MSG_CHECKING([for working fnmatch with FNM_CASEFOLD]) -AC_CACHE_VAL(sudo_cv_func_fnmatch, -[rm -f conftestdata; > conftestdata -AC_RUN_IFELSE([AC_LANG_SOURCE([[#include -int main() { return(fnmatch("/*/bin/echo *", "/usr/bin/echo just a test", FNM_CASEFOLD)); }]])], [sudo_cv_func_fnmatch=yes], [sudo_cv_func_fnmatch=no], - [sudo_cv_func_fnmatch=no]) -rm -f core core.* *.core]) -AC_MSG_RESULT($sudo_cv_func_fnmatch) -AS_IF([test $sudo_cv_func_fnmatch = yes], [$1], [$2])]) +AC_DEFUN([SUDO_FUNC_FNMATCH], [ + AC_CACHE_CHECK([for working fnmatch with FNM_CASEFOLD], + sudo_cv_func_fnmatch, [ + AC_RUN_IFELSE([AC_LANG_SOURCE([[#include +int main() { return(fnmatch("/*/bin/echo *", "/usr/bin/echo just a test", FNM_CASEFOLD)); }]])], [sudo_cv_func_fnmatch=yes], [sudo_cv_func_fnmatch=no], [sudo_cv_func_fnmatch=no]) + ]) + AS_IF([test $sudo_cv_func_fnmatch = yes], [$1], [$2]) +]) dnl dnl Attempt to check for working PIE support. @@ -218,16 +240,13 @@ dnl we can end up with strange values from malloc(). dnl A better check would be to verify that ASLR works with PIE. dnl -AC_DEFUN([SUDO_WORKING_PIE], -[AC_MSG_CHECKING([for working PIE support]) -AC_CACHE_VAL(sudo_cv_working_pie, -[rm -f conftestdata; > conftestdata -AC_RUN_IFELSE([AC_LANG_SOURCE([AC_INCLUDES_DEFAULT -int main() { char *p = malloc(1024); if (p == NULL) return 1; memset(p, 0, 1024); return 0; }])], [sudo_cv_working_pie=yes], [sudo_cv_working_pie=no], - [sudo_cv_working_pie=no]) -rm -f core core.* *.core]) -AC_MSG_RESULT($sudo_cv_working_pie) -AS_IF([test $sudo_cv_working_pie = yes], [$1], [$2])]) +AC_DEFUN([SUDO_WORKING_PIE], [ + AC_CACHE_CHECK([for working PIE support], sudo_cv_working_pie, [ + AC_RUN_IFELSE([AC_LANG_SOURCE([AC_INCLUDES_DEFAULT +int main() { char *p = malloc(1024); if (p == NULL) return 1; memset(p, 0, 1024); return 0; }])], [sudo_cv_working_pie=yes], [sudo_cv_working_pie=no], [sudo_cv_working_pie=no]) + ]) + AS_IF([test $sudo_cv_working_pie = yes], [$1], [$2]) +]) dnl dnl check for isblank(3) @@ -375,9 +394,8 @@ dnl AC_DEFUN([SUDO_UID_T_LEN], [AC_REQUIRE([AC_TYPE_UID_T]) -AC_MSG_CHECKING(max length of uid_t) -AC_CACHE_VAL(sudo_cv_uid_t_len, -[rm -f conftestdata +AC_CACHE_CHECK([max length of uid_t], sudo_cv_uid_t_len, [ +rm -f conftestdata AC_RUN_IFELSE([AC_LANG_SOURCE([[ #include #include @@ -399,7 +417,6 @@ }]])], [sudo_cv_uid_t_len=`cat conftestdata`], [sudo_cv_uid_t_len=10], [sudo_cv_uid_t_len=10]) ]) rm -f conftestdata -AC_MSG_RESULT($sudo_cv_uid_t_len) AC_DEFINE_UNQUOTED(MAX_UID_T_LEN, $sudo_cv_uid_t_len, [Define to the max length of a uid_t in string context (excluding the NUL).]) ]) @@ -486,6 +503,17 @@ " done ]) + +dnl +dnl +dnl Append one or more symbols to INTERCEPT_EXP +dnl +AC_DEFUN([SUDO_APPEND_INTERCEPT_EXP], [ + for _sym in $1; do + INTERCEPT_EXP="${INTERCEPT_EXP}${_sym} +" + done +]) dnl dnl Determine the mail spool location diff -Nru sudo-1.9.5p2/pathnames.h.in sudo-1.9.9/pathnames.h.in --- sudo-1.9.5p2/pathnames.h.in 2020-12-17 01:33:43.000000000 +0000 +++ sudo-1.9.9/pathnames.h.in 2022-01-27 21:24:06.000000000 +0000 @@ -1,7 +1,7 @@ /* * SPDX-License-Identifier: ISC * - * Copyright (c) 1996, 1998, 1999, 2001, 2004, 2005, 2007-2014 + * Copyright (c) 1996, 1998, 1999, 2001, 2004, 2005, 2007-2021 * Todd C. Miller . * * Permission to use, copy, modify, and distribute this software for any @@ -134,6 +134,15 @@ #endif /* _PATH_SUDO_LOGDIR */ /* + * Where to store sudo_logsrvd relay temporary files. Defaults to + * /var/log/sudo_logsrvd, /var/adm/sudo_logsrvd or /usr/adm/sudo_logsrvd + * depending on what exists. + */ +#ifndef _PATH_SUDO_RELAY_DIR +# undef _PATH_SUDO_RELAY_DIR +#endif /* _PATH_SUDO_RELAY_DIR */ + +/* * Where to put the sudo log file when logging to a file. Defaults to * /var/log/sudo.log if /var/log exists, else /var/adm/sudo.log. */ @@ -141,10 +150,22 @@ # undef _PATH_SUDO_LOGFILE #endif /* _PATH_SUDO_LOGFILE */ +/* + * The path to an Ubuntu-style admin flag file that is created the + * first time a user runs sudo. + */ +#ifndef _PATH_SUDO_ADMIN_FLAG +# undef _PATH_SUDO_ADMIN_FLAG +#endif /* _PATH_SUDO_ADMIN_FLAG */ + #ifndef _PATH_SUDO_SENDMAIL # undef _PATH_SUDO_SENDMAIL #endif /* _PATH_SUDO_SENDMAIL */ +#ifndef _PATH_SUDO_INTERCEPT +# undef _PATH_SUDO_INTERCEPT +#endif /* _PATH_SUDO_INTERCEPT */ + #ifndef _PATH_SUDO_NOEXEC # undef _PATH_SUDO_NOEXEC #endif /* _PATH_SUDO_NOEXEC */ @@ -161,6 +182,10 @@ # undef _PATH_SUDO_DEVSEARCH #endif /* _PATH_SUDO_DEVSEARCH */ +#ifndef _PATH_ASAN_LIB +# undef _PATH_ASAN_LIB +#endif /* _PATH_ASAN_LIB */ + #ifndef _PATH_VI # undef _PATH_VI #endif /* _PATH_VI */ diff -Nru sudo-1.9.5p2/plugins/audit_json/Makefile.in sudo-1.9.9/plugins/audit_json/Makefile.in --- sudo-1.9.5p2/plugins/audit_json/Makefile.in 2021-01-09 20:12:16.000000000 +0000 +++ sudo-1.9.9/plugins/audit_json/Makefile.in 2022-01-27 21:24:06.000000000 +0000 @@ -35,7 +35,7 @@ AWK = @AWK@ # Our install program supports extra flags... -INSTALL = $(SHELL) $(top_srcdir)/install-sh -c +INSTALL = $(SHELL) $(scriptdir)/install-sh -c INSTALL_OWNER = -o $(install_uid) -g $(install_gid) INSTALL_BACKUP = @INSTALL_BACKUP@ @@ -163,6 +163,8 @@ INSTALL_BACKUP='$(INSTALL_BACKUP)' $(LIBTOOL) $(LTFLAGS) --mode=install $(INSTALL) $(INSTALL_OWNER) -m $(shlib_mode) audit_json.la $(DESTDIR)$(plugindir); \ fi +install-fuzzer: + uninstall: -$(LIBTOOL) $(LTFLAGS) --mode=uninstall rm -f $(DESTDIR)$(plugindir)/audit_json.la -test -z "$(INSTALL_BACKUP)" || \ @@ -179,7 +181,11 @@ pvs-studio: $(POBJS) plog-converter $(PVS_LOG_OPTS) $(POBJS) -check: +fuzz: + +check-fuzzer: + +check: check-fuzzer clean: -$(LIBTOOL) $(LTFLAGS) --mode=clean rm -f *.lo *.o *.la *.a *.i *.plog \ @@ -197,6 +203,8 @@ cleandir: realclean +.PHONY: clean mostlyclean distclean cleandir clobber realclean + # Autogenerated dependencies, do not modify getgrent.lo: $(srcdir)/getgrent.c $(incdir)/compat/stdbool.h \ $(incdir)/sudo_compat.h $(incdir)/sudo_util.h \ diff -Nru sudo-1.9.5p2/plugins/audit_json/audit_json.c sudo-1.9.9/plugins/audit_json/audit_json.c --- sudo-1.9.5p2/plugins/audit_json/audit_json.c 2021-01-09 20:12:16.000000000 +0000 +++ sudo-1.9.9/plugins/audit_json/audit_json.c 2022-01-27 21:24:22.000000000 +0000 @@ -1,7 +1,7 @@ /* * SPDX-License-Identifier: ISC * - * Copyright (c) 2020 Todd C. Miller + * Copyright (c) 2020-2021 Todd C. Miller * * Permission to use, copy, modify, and distribute this software for any * purpose with or without fee is hereby granted, provided that the above @@ -122,7 +122,7 @@ } if (plugin_path != NULL && !TAILQ_EMPTY(&debug_files)) { audit_debug_instance = - sudo_debug_register(plugin_path, NULL, NULL, &debug_files); + sudo_debug_register(plugin_path, NULL, NULL, &debug_files, -1); if (audit_debug_instance == SUDO_DEBUG_INSTANCE_ERROR) { *errstr = U_("unable to initialize debugging"); goto bad; @@ -216,9 +216,22 @@ /* Check for bool or number. */ json_value.type = JSON_NULL; - switch (*cp) { - case '+': case '-': case '0': case '1': case '2': case '3': - case '4': case '5': case '6': case '7': case '8': case '9': + switch (cp[0]) { + case '0': + if (cp[1] == '\0') { + /* Only treat a plain "0" as number 0. */ + json_value.u.number = 0; + json_value.type = JSON_NUMBER; + } + break; + case '+': case '-': + if (cp[1] == '0') { + /* Encode octal numbers as strings. */ + break; + } + FALLTHROUGH; + case '1': case '2': case '3': case '4': case '5': + case '6': case '7': case '8': case '9': json_value.u.number = sudo_strtonum(cp, INT_MIN, INT_MAX, &errstr); if (errstr == NULL) json_value.type = JSON_NUMBER; @@ -328,10 +341,11 @@ struct json_value json_value; time_t secs = ts->tv_sec; char timebuf[1024]; - struct tm *tm; + struct tm gmt; + int len; debug_decl(add_timestamp, SUDO_DEBUG_PLUGIN); - if ((tm = gmtime(&secs)) == NULL) + if (gmtime_r(&secs, &gmt) == NULL) debug_return_bool(false); sudo_json_open_object(json, "timestamp"); @@ -344,15 +358,21 @@ json_value.u.number = ts->tv_nsec; sudo_json_add_value(json, "nanoseconds", &json_value); - strftime(timebuf, sizeof(timebuf), "%Y%m%d%H%M%SZ", tm); - json_value.type = JSON_STRING; - json_value.u.string = timebuf; - sudo_json_add_value(json, "iso8601", &json_value); + timebuf[sizeof(timebuf) - 1] = '\0'; + len = strftime(timebuf, sizeof(timebuf), "%Y%m%d%H%M%SZ", &gmt); + if (len != 0 && timebuf[sizeof(timebuf) - 1] == '\0'){ + json_value.type = JSON_STRING; + json_value.u.string = timebuf; + sudo_json_add_value(json, "iso8601", &json_value); + } - strftime(timebuf, sizeof(timebuf), "%a %b %e %H:%M:%S %Z %Y", tm); - json_value.type = JSON_STRING; - json_value.u.string = timebuf; - sudo_json_add_value(json, "localtime", &json_value); + timebuf[sizeof(timebuf) - 1] = '\0'; + len = strftime(timebuf, sizeof(timebuf), "%a %b %e %H:%M:%S %Z %Y", &gmt); + if (len != 0 && timebuf[sizeof(timebuf) - 1] == '\0'){ + json_value.type = JSON_STRING; + json_value.u.string = timebuf; + sudo_json_add_value(json, "localtime", &json_value); + } sudo_json_close_object(json); @@ -553,10 +573,20 @@ goto oom; /* Write key=value objects. */ - if (!add_key_value_object(&json, "options", state.settings, settings_filter)) - goto oom; - if (!add_key_value_object(&json, "user_info", state.user_info, NULL)) - goto oom; + if (state.settings != NULL) { + if (!add_key_value_object(&json, "options", state.settings, settings_filter)) + goto oom; + } else { + sudo_debug_printf(SUDO_DEBUG_WARN|SUDO_DEBUG_LINENO, + "missing settings list"); + } + if (state.user_info != NULL) { + if (!add_key_value_object(&json, "user_info", state.user_info, NULL)) + goto oom; + } else { + sudo_debug_printf(SUDO_DEBUG_WARN|SUDO_DEBUG_LINENO, + "missing user_info list"); + } if (command_info != NULL) { if (!add_key_value_object(&json, "command_info", command_info, NULL)) goto oom; @@ -568,10 +598,20 @@ if (!sudo_json_add_value(&json, "submit_optind", &json_value)) goto oom; - if (!add_array(&json, "submit_argv", state.submit_argv)) - goto oom; - if (!add_array(&json, "submit_envp", state.submit_envp)) - goto oom; + if (state.submit_argv != NULL) { + if (!add_array(&json, "submit_argv", state.submit_argv)) + goto oom; + } else { + sudo_debug_printf(SUDO_DEBUG_WARN|SUDO_DEBUG_LINENO, + "missing submit_argv array"); + } + if (state.submit_envp != NULL) { + if (!add_array(&json, "submit_envp", state.submit_envp)) + goto oom; + } else { + sudo_debug_printf(SUDO_DEBUG_WARN|SUDO_DEBUG_LINENO, + "missing submit_envp array"); + } if (run_argv != NULL) { if (!add_array(&json, "run_argv", run_argv)) goto oom; diff -Nru sudo-1.9.5p2/plugins/group_file/Makefile.in sudo-1.9.9/plugins/group_file/Makefile.in --- sudo-1.9.5p2/plugins/group_file/Makefile.in 2021-01-09 20:12:16.000000000 +0000 +++ sudo-1.9.9/plugins/group_file/Makefile.in 2022-01-27 21:24:06.000000000 +0000 @@ -38,7 +38,7 @@ AWK = @AWK@ # Our install program supports extra flags... -INSTALL = $(SHELL) $(top_srcdir)/install-sh -c +INSTALL = $(SHELL) $(scriptdir)/install-sh -c INSTALL_OWNER = -o $(install_uid) -g $(install_gid) INSTALL_BACKUP = @INSTALL_BACKUP@ @@ -166,6 +166,8 @@ INSTALL_BACKUP='$(INSTALL_BACKUP)' $(LIBTOOL) $(LTFLAGS) --mode=install $(INSTALL) $(INSTALL_OWNER) -m $(shlib_mode) group_file.la $(DESTDIR)$(plugindir); \ fi +install-fuzzer: + uninstall: -$(LIBTOOL) $(LTFLAGS) --mode=uninstall rm -f $(DESTDIR)$(plugindir)/group_file.la -test -z "$(INSTALL_BACKUP)" || \ @@ -182,7 +184,11 @@ pvs-studio: $(POBJS) plog-converter $(PVS_LOG_OPTS) $(POBJS) -check: +fuzz: + +check-fuzzer: + +check: check-fuzzer clean: -$(LIBTOOL) $(LTFLAGS) --mode=clean rm -f *.lo *.o *.la @@ -200,6 +206,8 @@ cleandir: realclean +.PHONY: clean mostlyclean distclean cleandir clobber realclean + # Autogenerated dependencies, do not modify getgrent.lo: $(srcdir)/getgrent.c $(incdir)/compat/stdbool.h \ $(incdir)/sudo_compat.h $(incdir)/sudo_util.h \ diff -Nru sudo-1.9.5p2/plugins/python/Makefile.in sudo-1.9.9/plugins/python/Makefile.in --- sudo-1.9.5p2/plugins/python/Makefile.in 2021-01-09 20:12:16.000000000 +0000 +++ sudo-1.9.9/plugins/python/Makefile.in 2022-01-27 21:24:22.000000000 +0000 @@ -40,7 +40,7 @@ AWK = @AWK@ # Our install program supports extra flags... -INSTALL = $(SHELL) $(top_srcdir)/install-sh -c +INSTALL = $(SHELL) $(scriptdir)/install-sh -c INSTALL_OWNER = -o $(install_uid) -g $(install_gid) INSTALL_BACKUP = @INSTALL_BACKUP@ @@ -132,7 +132,7 @@ TEST_PROGS = check_python_examples -CHECK_PYTHON_EXAMPLES_OBJS = check_python_examples.o iohelpers.o testhelpers.o pyhelpers.lo sudo_python_debug.lo +CHECK_PYTHON_EXAMPLES_OBJS = check_python_examples.o iohelpers.o testhelpers.o pyhelpers.o sudo_python_debug.o all: python_plugin.la @@ -186,6 +186,8 @@ INSTALL_BACKUP='$(INSTALL_BACKUP)' $(LIBTOOL) $(LTFLAGS) --mode=install $(INSTALL) $(INSTALL_OWNER) -m $(shlib_mode) python_plugin.la $(DESTDIR)$(plugindir); \ fi +install-fuzzer: + uninstall: -$(LIBTOOL) $(LTFLAGS) --mode=uninstall rm -f $(DESTDIR)$(plugindir)/python_plugin.la -test -z "$(INSTALL_BACKUP)" || \ @@ -218,9 +220,22 @@ cleandir: realclean -check: $(TEST_PROGS) +fuzz: + +check-fuzzer: + +check: $(TEST_PROGS) check-fuzzer @if test X"$(cross_compiling)" != X"yes"; then \ - ./check_python_examples ".libs/python_plugin.so"; \ + if locale -a 2>&1 | grep '^C.UTF-8$$' >/dev/null 2>&1; then \ + LC_ALL=C.UTF-8; export LC_ALL; \ + else \ + LC_ALL=C; export LC_ALL; \ + fi; \ + unset LANG || LANG=; \ + MALLOC_OPTIONS=S; export MALLOC_OPTIONS; \ + MALLOC_CONF="abort:true,junk:true"; export MALLOC_CONF; \ + LSAN_OPTIONS=suppressions=$(srcdir)/lsan_suppr.txt \ + ./check_python_examples ".libs/python_plugin.so"; \ fi update_test_data: $(TEST_PROGS) @@ -231,6 +246,8 @@ check_python_examples: $(CHECK_PYTHON_EXAMPLES_OBJS) $(LIBPYTHONPLUGIN) $(LIBTOOL) $(LTFLAGS) --mode=link $(CC) -o $@ $(CHECK_PYTHON_EXAMPLES_OBJS) $(LDFLAGS) $(ASAN_LDFLAGS) $(PIE_LDFLAGS) $(SSP_LDFLAGS) $(LIBS) +.PHONY: clean mostlyclean distclean cleandir clobber realclean + # Autogenerated dependencies, do not modify check_python_examples.o: $(srcdir)/regress/check_python_examples.c \ $(incdir)/compat/stdbool.h $(incdir)/sudo_compat.h \ @@ -278,6 +295,13 @@ $(CC) -E -o $@ $(CPPFLAGS) $< pyhelpers.plog: pyhelpers.i rm -f $@; pvs-studio --cfg $(PVS_CFG) --sourcetree-root $(top_srcdir) --skip-cl-exe yes --source-file $(srcdir)/pyhelpers.c --i-file $< --output-file $@ +pyhelpers.o: $(srcdir)/pyhelpers.c $(incdir)/compat/stdbool.h \ + $(incdir)/sudo_compat.h $(incdir)/sudo_debug.h \ + $(incdir)/sudo_plugin.h $(incdir)/sudo_queue.h \ + $(srcdir)/pyhelpers.h $(srcdir)/pyhelpers_cpychecker.h \ + $(srcdir)/sudo_python_debug.h $(top_builddir)/config.h \ + $(top_builddir)/pathnames.h + $(CC) -c $(CPPFLAGS) $(CFLAGS) $(ASAN_CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(srcdir)/pyhelpers.c python_baseplugin.lo: $(srcdir)/python_baseplugin.c $(incdir)/compat/stdbool.h \ $(incdir)/sudo_compat.h $(incdir)/sudo_debug.h \ $(incdir)/sudo_plugin.h $(incdir)/sudo_queue.h \ @@ -482,6 +506,13 @@ $(CC) -E -o $@ $(CPPFLAGS) $< sudo_python_debug.plog: sudo_python_debug.i rm -f $@; pvs-studio --cfg $(PVS_CFG) --sourcetree-root $(top_srcdir) --skip-cl-exe yes --source-file $(srcdir)/sudo_python_debug.c --i-file $< --output-file $@ +sudo_python_debug.o: $(srcdir)/sudo_python_debug.c $(incdir)/compat/stdbool.h \ + $(incdir)/sudo_compat.h $(incdir)/sudo_conf.h \ + $(incdir)/sudo_debug.h $(incdir)/sudo_fatal.h \ + $(incdir)/sudo_gettext.h $(incdir)/sudo_plugin.h \ + $(incdir)/sudo_queue.h $(srcdir)/sudo_python_debug.h \ + $(top_builddir)/config.h + $(CC) -c $(CPPFLAGS) $(CFLAGS) $(ASAN_CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(srcdir)/sudo_python_debug.c sudo_python_module.lo: $(srcdir)/sudo_python_module.c \ $(incdir)/compat/stdbool.h $(incdir)/sudo_compat.h \ $(incdir)/sudo_debug.h $(incdir)/sudo_plugin.h \ diff -Nru sudo-1.9.5p2/plugins/python/lsan_suppr.txt sudo-1.9.9/plugins/python/lsan_suppr.txt --- sudo-1.9.5p2/plugins/python/lsan_suppr.txt 1970-01-01 00:00:00.000000000 +0000 +++ sudo-1.9.9/plugins/python/lsan_suppr.txt 2022-01-27 21:24:06.000000000 +0000 @@ -0,0 +1 @@ +leak:libpython diff -Nru sudo-1.9.5p2/plugins/python/pyhelpers.c sudo-1.9.9/plugins/python/pyhelpers.c --- sudo-1.9.5p2/plugins/python/pyhelpers.c 2020-12-17 01:33:43.000000000 +0000 +++ sudo-1.9.9/plugins/python/pyhelpers.c 2022-01-27 21:24:06.000000000 +0000 @@ -212,7 +212,7 @@ Py_ssize_t tuple_size = PyTuple_Size(py_tuple); // we need an extra 0 at the end - char **result = calloc(Py_SSIZE2SIZE(tuple_size) + 1, sizeof(char*)); + char **result = calloc(tuple_size + 1, sizeof(char *)); if (result == NULL) { debug_return_ptr(NULL); } @@ -238,11 +238,11 @@ } PyObject * -py_tuple_get(PyObject *py_tuple, Py_ssize_t index, PyTypeObject *expected_type) +py_tuple_get(PyObject *py_tuple, Py_ssize_t idx, PyTypeObject *expected_type) { debug_decl(py_tuple_get, PYTHON_DEBUG_INTERNAL); - PyObject *py_item = PyTuple_GetItem(py_tuple, index); + PyObject *py_item = PyTuple_GetItem(py_tuple, idx); if (py_item == NULL) { debug_return_ptr(NULL); } @@ -250,7 +250,7 @@ if (!PyObject_TypeCheck(py_item, expected_type)) { PyErr_Format(PyExc_ValueError, "Value error: tuple element %d should " "be a '%s' (but it is '%s')", - index, expected_type->tp_name, Py_TYPENAME(py_item)); + idx, expected_type->tp_name, Py_TYPENAME(py_item)); debug_return_ptr(NULL); } @@ -295,10 +295,33 @@ if (py_string != NULL) { const char *bytes = PyUnicode_AsUTF8(py_string); if (bytes != NULL) { - result = strdup(bytes); + /* + * Convert from old format w/ numeric value to new without it. + * Old: (, 'ERROR level debug message') + * New: (DEBUG.ERROR, 'ERROR level debug message') + */ + if (bytes[0] == '(' && bytes[1] == '<') { + const char *colon = strchr(bytes + 2, ':'); + if (colon != NULL && colon[1] == ' ') { + const char *cp = colon + 2; + while (isdigit((unsigned char)*cp)) + cp++; + if (cp[0] == '>' && (cp[1] == ',' || cp[1] == '\0')) { + bytes += 2; + if (asprintf(&result, "(%.*s%s", (int)(colon - bytes), + bytes, cp + 1) == -1) { + result = NULL; + goto done; + } + } + } + } + if (result == NULL) + result = strdup(bytes); } } +done: Py_XDECREF(py_string); debug_return_ptr(result); } @@ -324,6 +347,10 @@ } } args_str = py_create_string_rep(py_args); + if (args_str != NULL && strncmp(args_str, "RC.", 3) == 0) { + /* Strip leading RC. to match python 3.10 behavior. */ + memmove(args_str, args_str + 3, strlen(args_str + 3) + 1); + } if (py_args_sorted != NULL) Py_DECREF(py_args_sorted); } diff -Nru sudo-1.9.5p2/plugins/python/pyhelpers.h sudo-1.9.9/plugins/python/pyhelpers.h --- sudo-1.9.5p2/plugins/python/pyhelpers.h 2020-12-17 01:33:43.000000000 +0000 +++ sudo-1.9.9/plugins/python/pyhelpers.h 2022-01-27 21:24:06.000000000 +0000 @@ -52,7 +52,6 @@ extern struct PythonContext py_ctx; #define Py_TYPENAME(object) (object ? Py_TYPE(object)->tp_name : "NULL") -#define Py_SSIZE2SIZE(value) ((value) < 0 ? 0 : (size_t)(value)) #define py_sudo_log(...) py_ctx.sudo_log(__VA_ARGS__) diff -Nru sudo-1.9.5p2/plugins/python/python_convmessage.c sudo-1.9.9/plugins/python/python_convmessage.c --- sudo-1.9.5p2/plugins/python/python_convmessage.c 2021-01-09 20:12:16.000000000 +0000 +++ sudo-1.9.9/plugins/python/python_convmessage.c 2022-01-27 21:24:06.000000000 +0000 @@ -137,7 +137,7 @@ debug_return_int(SUDO_RC_ERROR); } - *msgs = calloc(Py_SSIZE2SIZE(*num_msgs), sizeof(struct sudo_conv_message)); + *msgs = calloc(*num_msgs, sizeof(struct sudo_conv_message)); if (*msgs == NULL) { debug_return_int(SUDO_RC_ERROR); } diff -Nru sudo-1.9.5p2/plugins/python/python_plugin_approval_multi.inc sudo-1.9.9/plugins/python/python_plugin_approval_multi.inc --- sudo-1.9.5p2/plugins/python/python_plugin_approval_multi.inc 2020-12-17 01:33:43.000000000 +0000 +++ sudo-1.9.9/plugins/python/python_plugin_approval_multi.inc 2022-01-27 21:24:06.000000000 +0000 @@ -8,7 +8,7 @@ #define CALLBACK_CFUNC(func_name) APPROVAL_SYMBOL_NAME(_python_plugin_approval_ ## func_name) extern struct approval_plugin APPROVAL_SYMBOL_NAME(python_approval); -static struct ApprovalPluginContext PLUGIN_CTX = { {}, &APPROVAL_SYMBOL_NAME(python_approval) }; +static struct ApprovalPluginContext PLUGIN_CTX = { { NULL }, &APPROVAL_SYMBOL_NAME(python_approval) }; int diff -Nru sudo-1.9.5p2/plugins/python/python_plugin_audit_multi.inc sudo-1.9.9/plugins/python/python_plugin_audit_multi.inc --- sudo-1.9.5p2/plugins/python/python_plugin_audit_multi.inc 2020-12-17 01:33:43.000000000 +0000 +++ sudo-1.9.9/plugins/python/python_plugin_audit_multi.inc 2022-01-27 21:24:06.000000000 +0000 @@ -8,7 +8,7 @@ #define CALLBACK_CFUNC(func_name) AUDIT_SYMBOL_NAME(_python_plugin_audit_ ## func_name) extern struct audit_plugin AUDIT_SYMBOL_NAME(python_audit); -static struct AuditPluginContext PLUGIN_CTX = { {}, &AUDIT_SYMBOL_NAME(python_audit) }; +static struct AuditPluginContext PLUGIN_CTX = { { NULL }, &AUDIT_SYMBOL_NAME(python_audit) }; static int diff -Nru sudo-1.9.5p2/plugins/python/python_plugin_common.c sudo-1.9.9/plugins/python/python_plugin_common.c --- sudo-1.9.5p2/plugins/python/python_plugin_common.c 2020-12-17 01:33:43.000000000 +0000 +++ sudo-1.9.9/plugins/python/python_plugin_common.c 2022-01-27 21:24:22.000000000 +0000 @@ -38,7 +38,7 @@ #endif /* Py_FinalizeEx is new in version 3.6 */ -#if PY_MAJOR_VERSION > 3 || PY_MINOR_VERSION < 6 +#if PY_MAJOR_VERSION == 3 && PY_MINOR_VERSION < 6 # define Py_FinalizeEx() (Py_Finalize(), 0) #endif @@ -59,7 +59,7 @@ } CPYCHECKER_NEGATIVE_RESULT_SETS_EXCEPTION -int +static int _append_python_path(const char *module_dir) { debug_decl(_append_python_path, PYTHON_DEBUG_PLUGIN_LOAD); @@ -92,6 +92,7 @@ static PyObject * _import_module(const char *path) { + PyObject *module; debug_decl(_import_module, PYTHON_DEBUG_PLUGIN_LOAD); sudo_debug_printf(SUDO_DEBUG_DIAG, "importing module: %s\n", path); @@ -118,7 +119,22 @@ if (_append_python_path(module_dir) < 0) debug_return_ptr(NULL); - debug_return_ptr(PyImport_ImportModule(module_name)); + module = PyImport_ImportModule(module_name); + if (module != NULL) { + PyObject *py_loaded_path = PyObject_GetAttrString(module, "__file__"); + if (py_loaded_path != NULL) { + const char *loaded_path = PyUnicode_AsUTF8(py_loaded_path); + /* If path is a directory, loaded_path may be a file inside it. */ + if (strncmp(loaded_path, path, strlen(path)) != 0) { + PyErr_Format(PyExc_Exception, + "module name conflict, tried to load %s, got %s", + path, loaded_path); + Py_CLEAR(module); + } + Py_DECREF(py_loaded_path); + } + } + debug_return_ptr(module); } static PyThreadState * diff -Nru sudo-1.9.5p2/plugins/python/python_plugin_io_multi.inc sudo-1.9.9/plugins/python/python_plugin_io_multi.inc --- sudo-1.9.5p2/plugins/python/python_plugin_io_multi.inc 2020-12-17 01:33:43.000000000 +0000 +++ sudo-1.9.9/plugins/python/python_plugin_io_multi.inc 2022-01-27 21:24:06.000000000 +0000 @@ -8,7 +8,7 @@ #define CALLBACK_CFUNC(func_name) IO_SYMBOL_NAME(_python_plugin_io_ ## func_name) extern struct io_plugin IO_SYMBOL_NAME(python_io); -static struct IOPluginContext PLUGIN_CTX = { {}, &IO_SYMBOL_NAME(python_io) }; +static struct IOPluginContext PLUGIN_CTX = { { NULL }, &IO_SYMBOL_NAME(python_io) }; int CALLBACK_CFUNC(open)( diff -Nru sudo-1.9.5p2/plugins/python/python_plugin_policy.c sudo-1.9.9/plugins/python/python_plugin_policy.c --- sudo-1.9.5p2/plugins/python/python_plugin_policy.c 2020-12-17 01:33:43.000000000 +0000 +++ sudo-1.9.9/plugins/python/python_plugin_policy.c 2022-01-27 21:24:06.000000000 +0000 @@ -214,12 +214,12 @@ } void -python_plugin_policy_invalidate(int remove) +python_plugin_policy_invalidate(int unlinkit) { debug_decl(python_plugin_policy_invalidate, PYTHON_DEBUG_CALLBACKS); PyThreadState_Swap(plugin_ctx.py_interpreter); python_plugin_api_rc_call(&plugin_ctx, CALLBACK_PYNAME(invalidate), - Py_BuildValue("(i)", remove)); + Py_BuildValue("(i)", unlinkit)); debug_return; } diff -Nru sudo-1.9.5p2/plugins/python/regress/testdata/check_example_debugging_c_calls@diag.log sudo-1.9.9/plugins/python/regress/testdata/check_example_debugging_c_calls@diag.log --- sudo-1.9.5p2/plugins/python/regress/testdata/check_example_debugging_c_calls@diag.log 2020-12-17 01:33:43.000000000 +0000 +++ sudo-1.9.9/plugins/python/regress/testdata/check_example_debugging_c_calls@diag.log 2022-01-27 21:24:06.000000000 +0000 @@ -1,5 +1,5 @@ -sudo.debug was called with arguments: (, 'My demo purpose plugin shows this ERROR level debug message') -sudo.debug was called with arguments: (, 'My demo purpose plugin shows this INFO level debug message') +sudo.debug was called with arguments: (DEBUG.ERROR, 'My demo purpose plugin shows this ERROR level debug message') +sudo.debug was called with arguments: (DEBUG.INFO, 'My demo purpose plugin shows this INFO level debug message') LogHandler.emit was called LogHandler.emit was called sudo.options_as_dict was called with arguments: (('ModulePath=SRC_DIR/example_debugging.py', 'ClassName=DebugDemoPlugin'),) diff -Nru sudo-1.9.5p2/plugins/python/regress/testdata/check_example_debugging_c_calls@info.log sudo-1.9.9/plugins/python/regress/testdata/check_example_debugging_c_calls@info.log --- sudo-1.9.5p2/plugins/python/regress/testdata/check_example_debugging_c_calls@info.log 2020-12-17 01:33:43.000000000 +0000 +++ sudo-1.9.9/plugins/python/regress/testdata/check_example_debugging_c_calls@info.log 2022-01-27 21:24:06.000000000 +0000 @@ -1,7 +1,7 @@ __init__ @ SRC_DIR/example_debugging.py:58 calls C function: -sudo.debug was called with arguments: (, 'My demo purpose plugin shows this ERROR level debug message') +sudo.debug was called with arguments: (DEBUG.ERROR, 'My demo purpose plugin shows this ERROR level debug message') __init__ @ SRC_DIR/example_debugging.py:63 calls C function: -sudo.debug was called with arguments: (, 'My demo purpose plugin shows this INFO level debug message') +sudo.debug was called with arguments: (DEBUG.INFO, 'My demo purpose plugin shows this INFO level debug message') handle @ logging/__init__.py calls C function: LogHandler.emit was called handle @ logging/__init__.py calls C function: diff -Nru sudo-1.9.5p2/plugins/python/regress/testdata/check_example_group_plugin_is_able_to_debug.log sudo-1.9.9/plugins/python/regress/testdata/check_example_group_plugin_is_able_to_debug.log --- sudo-1.9.5p2/plugins/python/regress/testdata/check_example_group_plugin_is_able_to_debug.log 2020-12-17 01:33:43.000000000 +0000 +++ sudo-1.9.9/plugins/python/regress/testdata/check_example_group_plugin_is_able_to_debug.log 2022-01-27 21:24:06.000000000 +0000 @@ -1,4 +1,4 @@ SudoGroupPlugin.__init__ was called with arguments: () [('args', ('ModulePath=SRC_DIR/example_group_plugin.py', 'ClassName=SudoGroupPlugin')), ('version', '1.0')] SudoGroupPlugin.__init__ returned result: SudoGroupPlugin.query was called with arguments: ('user', 'group', ('pw_name', 'pw_passwd', 1001, 101, 'pw_gecos', 'pw_dir', 'pw_shell')) -SudoGroupPlugin.query returned result: RC.REJECT +SudoGroupPlugin.query returned result: REJECT diff -Nru sudo-1.9.5p2/plugins/python/regress/testdata/check_multiple_approval_plugin_and_arguments.stdout sudo-1.9.9/plugins/python/regress/testdata/check_multiple_approval_plugin_and_arguments.stdout --- sudo-1.9.5p2/plugins/python/regress/testdata/check_multiple_approval_plugin_and_arguments.stdout 2020-12-17 01:33:44.000000000 +0000 +++ sudo-1.9.9/plugins/python/regress/testdata/check_multiple_approval_plugin_and_arguments.stdout 2022-01-27 21:24:22.000000000 +0000 @@ -26,7 +26,7 @@ "INFO1=VALUE1", "info2=value2" ], - "version": "1.17" + "version": "1.18" } (APPROVAL 2) Constructed: { @@ -56,7 +56,7 @@ "INFO1=VALUE1", "info2=value2" ], - "version": "1.17" + "version": "1.18" } (APPROVAL 1) Show version was called with arguments: (0,) Python approval plugin (API 1.0): ApprovalTestPlugin (loaded from 'SRC_DIR/regress/plugin_approval_test.py') diff -Nru sudo-1.9.5p2/plugins/python/sudo_python_debug.c sudo-1.9.9/plugins/python/sudo_python_debug.c --- sudo-1.9.5p2/plugins/python/sudo_python_debug.c 2020-12-17 01:33:43.000000000 +0000 +++ sudo-1.9.9/plugins/python/sudo_python_debug.c 2022-01-27 21:24:06.000000000 +0000 @@ -84,7 +84,7 @@ if (debug_files != NULL && !TAILQ_EMPTY(debug_files)) { if (program != NULL) { instance = sudo_debug_register(program, python_subsystem_names, - (unsigned int *)python_subsystem_ids, debug_files); + (unsigned int *)python_subsystem_ids, debug_files, -1); } TAILQ_FOREACH_SAFE(debug_file, debug_files, entries, debug_next) { TAILQ_REMOVE(debug_files, debug_file, entries); diff -Nru sudo-1.9.5p2/plugins/python/sudo_python_module.c sudo-1.9.9/plugins/python/sudo_python_module.c --- sudo-1.9.5p2/plugins/python/sudo_python_module.c 2020-12-17 01:33:44.000000000 +0000 +++ sudo-1.9.9/plugins/python/sudo_python_module.c 2022-01-27 21:24:06.000000000 +0000 @@ -346,11 +346,12 @@ goto cleanup; } + /* sudo_module_ConvMessages_to_c() returns error if no messages. */ if (sudo_module_ConvMessages_to_c(py_args, &num_msgs, &msgs) < 0) { goto cleanup; } - replies = calloc(Py_SSIZE2SIZE(num_msgs), sizeof(struct sudo_conv_reply)); + replies = calloc(num_msgs, sizeof(struct sudo_conv_reply)); if (replies == NULL) goto cleanup; py_result = PyTuple_New(num_msgs); diff -Nru sudo-1.9.5p2/plugins/sample/Makefile.in sudo-1.9.9/plugins/sample/Makefile.in --- sudo-1.9.5p2/plugins/sample/Makefile.in 2021-01-09 20:12:16.000000000 +0000 +++ sudo-1.9.9/plugins/sample/Makefile.in 2022-01-27 21:24:06.000000000 +0000 @@ -38,7 +38,7 @@ AWK = @AWK@ # Our install program supports extra flags... -INSTALL = $(SHELL) $(top_srcdir)/install-sh -c +INSTALL = $(SHELL) $(scriptdir)/install-sh -c INSTALL_OWNER = -o $(install_uid) -g $(install_gid) INSTALL_BACKUP = @INSTALL_BACKUP@ @@ -161,6 +161,8 @@ INSTALL_BACKUP='$(INSTALL_BACKUP)' $(LIBTOOL) $(LTFLAGS) --mode=install $(INSTALL) $(INSTALL_OWNER) -m $(shlib_mode) sample_plugin.la $(DESTDIR)$(plugindir); \ fi +install-fuzzer: + uninstall: -$(LIBTOOL) $(LTFLAGS) --mode=uninstall rm -f $(DESTDIR)$(plugindir)/sample_plugin.la -test -z "$(INSTALL_BACKUP)" || \ @@ -177,7 +179,11 @@ pvs-studio: $(POBJS) plog-converter $(PVS_LOG_OPTS) $(POBJS) -check: +fuzz: + +check-fuzzer: + +check: check-fuzzer clean: -$(LIBTOOL) $(LTFLAGS) --mode=clean rm -f *.lo *.o *.la @@ -195,6 +201,8 @@ cleandir: realclean +.PHONY: clean mostlyclean distclean cleandir clobber realclean + # Autogenerated dependencies, do not modify sample_plugin.lo: $(srcdir)/sample_plugin.c $(incdir)/compat/stdbool.h \ $(incdir)/sudo_compat.h $(incdir)/sudo_plugin.h \ diff -Nru sudo-1.9.5p2/plugins/sample_approval/Makefile.in sudo-1.9.9/plugins/sample_approval/Makefile.in --- sudo-1.9.5p2/plugins/sample_approval/Makefile.in 2021-01-09 20:12:16.000000000 +0000 +++ sudo-1.9.9/plugins/sample_approval/Makefile.in 2022-01-27 21:24:06.000000000 +0000 @@ -35,7 +35,7 @@ AWK = @AWK@ # Our install program supports extra flags... -INSTALL = $(SHELL) $(top_srcdir)/install-sh -c +INSTALL = $(SHELL) $(scriptdir)/install-sh -c INSTALL_OWNER = -o $(install_uid) -g $(install_gid) INSTALL_BACKUP = @INSTALL_BACKUP@ @@ -163,6 +163,8 @@ INSTALL_BACKUP='$(INSTALL_BACKUP)' $(LIBTOOL) $(LTFLAGS) --mode=install $(INSTALL) $(INSTALL_OWNER) -m $(shlib_mode) sample_approval.la $(DESTDIR)$(plugindir); \ fi +install-fuzzer: + uninstall: -$(LIBTOOL) $(LTFLAGS) --mode=uninstall rm -f $(DESTDIR)$(plugindir)/sample_approval.la -test -z "$(INSTALL_BACKUP)" || \ @@ -179,7 +181,11 @@ pvs-studio: $(POBJS) plog-converter $(PVS_LOG_OPTS) $(POBJS) -check: +fuzz: + +check-fuzzer: + +check: check-fuzzer clean: -$(LIBTOOL) $(LTFLAGS) --mode=clean rm -f *.lo *.o *.la *.a *.i *.plog \ @@ -197,6 +203,8 @@ cleandir: realclean +.PHONY: clean mostlyclean distclean cleandir clobber realclean + # Autogenerated dependencies, do not modify getgrent.lo: $(srcdir)/getgrent.c $(incdir)/compat/stdbool.h \ $(incdir)/sudo_compat.h $(incdir)/sudo_util.h \ diff -Nru sudo-1.9.5p2/plugins/sample_approval/sample_approval.c sudo-1.9.9/plugins/sample_approval/sample_approval.c --- sudo-1.9.5p2/plugins/sample_approval/sample_approval.c 2020-12-17 01:33:43.000000000 +0000 +++ sudo-1.9.9/plugins/sample_approval/sample_approval.c 2022-01-27 21:24:22.000000000 +0000 @@ -77,7 +77,7 @@ } if (plugin_path != NULL && !TAILQ_EMPTY(&debug_files)) { approval_debug_instance = - sudo_debug_register(plugin_path, NULL, NULL, &debug_files); + sudo_debug_register(plugin_path, NULL, NULL, &debug_files, -1); if (approval_debug_instance == SUDO_DEBUG_INSTANCE_ERROR) { *errstr = U_("unable to initialize debugging"); goto done; @@ -117,7 +117,7 @@ sample_approval_check(char * const command_info[], char * const run_argv[], char * const run_envp[], const char **errstr) { - struct tm *tm; + struct tm tm; time_t now; int ret = 0; debug_decl(sample_approval_check, SUDO_DEBUG_PLUGIN); @@ -126,14 +126,14 @@ * Only approve requests that are within business hours, * which are 9am - 5pm local time. Does not check holidays. */ - if (time(&now) == -1 || (tm = localtime(&now)) == NULL) + if (time(&now) == -1 || localtime_r(&now, &tm) == NULL) goto done; - if (tm->tm_wday < 1 || tm->tm_wday > 5) { + if (tm.tm_wday < 1 || tm.tm_wday > 5) { /* bad weekday */ goto done; } - if (tm->tm_hour < 9 || tm->tm_hour > 17 || - (tm->tm_hour == 17 && tm->tm_min > 0)) { + if (tm.tm_hour < 9 || tm.tm_hour > 17 || + (tm.tm_hour == 17 && tm.tm_min > 0)) { /* bad hour */ goto done; } diff -Nru sudo-1.9.5p2/plugins/sudoers/Makefile.in sudo-1.9.9/plugins/sudoers/Makefile.in --- sudo-1.9.5p2/plugins/sudoers/Makefile.in 2021-01-09 20:12:16.000000000 +0000 +++ sudo-1.9.9/plugins/sudoers/Makefile.in 2022-01-27 21:24:22.000000000 +0000 @@ -1,7 +1,7 @@ # # SPDX-License-Identifier: ISC # -# Copyright (c) 1996, 1998-2005, 2007-2020 +# Copyright (c) 1996, 1998-2005, 2007-2021 # Todd C. Miller # # Permission to use, copy, modify, and distribute this software for any @@ -44,25 +44,27 @@ # Compiler & tools to use CC = @CC@ LIBTOOL = @LIBTOOL@ +SHA1SUM = @SHA1SUM@ FLEX = @FLEX@ YACC = @YACC@ SED = @SED@ AWK = @AWK@ # Our install program supports extra flags... -INSTALL = $(SHELL) $(top_srcdir)/install-sh -c +INSTALL = $(SHELL) $(scriptdir)/install-sh -c INSTALL_OWNER = -o $(install_uid) -g $(install_gid) INSTALL_BACKUP = @INSTALL_BACKUP@ # Libraries +LIBFUZZSTUB = $(top_builddir)/lib/fuzzstub/libsudo_fuzzstub.la LIBEVENTLOG = $(top_builddir)/lib/eventlog/libsudo_eventlog.la LIBIOLOG = $(top_builddir)/lib/iolog/libsudo_iolog.la LIBLOGSRV = @LIBLOGSRV@ LIBUTIL = $(top_builddir)/lib/util/libsudo_util.la LIBS = $(LIBUTIL) NET_LIBS = @NET_LIBS@ -SUDOERS_LIBS = @SUDOERS_LIBS@ @AFS_LIBS@ @GETGROUPS_LIB@ @LIBTLS@ $(NET_LIBS) $(LIBIOLOG) $(LIBEVENTLOG) $(LIBLOGSRV) -REPLAY_LIBS = @REPLAY_LIBS@ $(LIBEVENTLOG) $(LIBIOLOG) +SUDOERS_LIBS = @SUDOERS_LIBS@ @AFS_LIBS@ @GETGROUPS_LIB@ @LIBTLS@ $(NET_LIBS) $(LIBIOLOG) $(LIBLOGSRV) +REPLAY_LIBS = @REPLAY_LIBS@ $(LIBIOLOG) VISUDO_LIBS = $(NET_LIBS) CVTSUDOERS_LIBS = $(NET_LIBS) TESTSUDOERS_LIBS = $(NET_LIBS) @@ -153,49 +155,63 @@ PROGS = sudoers.la visudo sudoreplay cvtsudoers testsudoers -TEST_PROGS = check_addr check_base64 check_digest check_env_pattern \ - check_exptilde check_fill check_gentime check_hexchar \ - check_iolog_plugin check_starttime @SUDOERS_TEST_PROGS@ +# Regression tests +TEST_PROGS = check_addr check_base64 check_digest check_editor \ + check_env_pattern check_exptilde check_fill check_gentime \ + check_hexchar check_iolog_plugin check_starttime \ + check_unesc @SUDOERS_TEST_PROGS@ + +# Fuzzers +LIB_FUZZING_ENGINE = @FUZZ_ENGINE@ +FUZZ_PROGS = fuzz_policy fuzz_sudoers fuzz_sudoers_ldif +FUZZ_SEED_CORPUS = ${FUZZ_PROGS:=_seed_corpus.zip} +FUZZ_LIBS = libparsesudoers.la @SUDOERS_LIBS@ $(LIB_FUZZING_ENGINE) +FUZZ_LDFLAGS = @SUDOERS_LDFLAGS@ +FUZZ_MAX_LEN = 4096 +FUZZ_RUNS = 8192 AUTH_OBJS = sudo_auth.lo @AUTH_OBJS@ -LIBPARSESUDOERS_OBJS = alias.lo audit.lo base64.lo defaults.lo digestname.lo \ - exptilde.lo filedigest.lo gentime.lo gmtoff.lo gram.lo \ +LIBPARSESUDOERS_OBJS = alias.lo b64_decode.lo defaults.lo digestname.lo \ + exptilde.lo filedigest.lo gentime.lo gram.lo \ hexchar.lo match.lo match_addr.lo match_command.lo \ - match_digest.lo pwutil.lo pwutil_impl.lo rcstr.lo \ + match_digest.lo pwutil.lo pwutil_impl.lo \ redblack.lo strlist.lo sudoers_debug.lo timeout.lo \ timestr.lo toke.lo toke_util.lo LIBPARSESUDOERS_IOBJS = $(LIBPARSESUDOERS_OBJS:.lo=.i) passwd.i -SUDOERS_OBJS = $(AUTH_OBJS) boottime.lo check.lo editor.lo env.lo \ - env_pattern.lo file.lo find_path.lo fmtsudoers.lo gc.lo \ - goodpath.lo group_plugin.lo interfaces.lo iolog.lo \ - iolog_path_escapes.lo locale.lo log_client.lo logging.lo \ - parse.lo policy.lo prompt.lo set_perms.lo starttime.lo \ - sudo_nss.lo sudoers.lo timestamp.lo @SUDOERS_OBJS@ +SUDOERS_OBJS = $(AUTH_OBJS) audit.lo boottime.lo check.lo editor.lo env.lo \ + sudoers_hooks.lo env_pattern.lo file.lo find_path.lo \ + fmtsudoers.lo gc.lo goodpath.lo group_plugin.lo interfaces.lo \ + iolog.lo iolog_path_escapes.lo locale.lo log_client.lo \ + logging.lo parse.lo policy.lo prompt.lo set_perms.lo \ + starttime.lo strlcpy_unesc.lo strvec_join.lo sudo_nss.lo \ + sudoers.lo timestamp.lo @SUDOERS_OBJS@ SUDOERS_IOBJS = $(SUDOERS_OBJS:.lo=.i) -VISUDO_OBJS = editor.lo find_path.lo goodpath.lo locale.lo stubs.o \ - sudo_printf.o visudo.o +VISUDO_OBJS = check_aliases.o editor.lo find_path.lo gc.lo goodpath.lo \ + locale.lo stubs.o sudo_printf.o visudo.o VISUDO_IOBJS = sudo_printf.i visudo.i -CVTSUDOERS_OBJS = cvtsudoers.o cvtsudoers_json.o cvtsudoers_ldif.o \ - cvtsudoers_pwutil.o fmtsudoers.lo locale.lo parse_ldif.o \ - stubs.o sudo_printf.o ldap_util.lo +CVTSUDOERS_OBJS = b64_encode.o cvtsudoers.o cvtsudoers_json.o cvtsudoers_csv.o \ + cvtsudoers_ldif.o cvtsudoers_merge.o cvtsudoers_pwutil.o \ + fmtsudoers.lo fmtsudoers_cvt.lo locale.lo parse_ldif.o \ + stubs.o sudo_printf.o ldap_util.lo testsudoers_pwutil.o \ + tsgetgrpw.o -CVTSUDOERS_IOBJS = cvtsudoers.i cvtsudoers_json.i cvtsudoers_ldif.i \ - cvtsudoers_pwutil.i +CVTSUDOERS_IOBJS = cvtsudoers.i cvtsudoers_csv.i cvtsudoers_json.i \ + cvtsudoers_ldif.i cvtsudoers_merge.i cvtsudoers_pwutil.i REPLAY_OBJS = getdate.o sudoreplay.o REPLAY_IOBJS = $(REPLAY_OBJS:.o=.i) -TEST_OBJS = fmtsudoers.lo group_plugin.lo interfaces.lo ldap_util.lo \ - locale.lo net_ifs.o parse_ldif.o sudo_printf.o \ - testsudoers.o tsgetgrpw.o +TEST_OBJS = fmtsudoers.lo fmtsudoers_cvt.lo group_plugin.lo interfaces.lo \ + ldap_util.lo locale.lo net_ifs.o parse_ldif.o sudo_printf.o \ + testsudoers.o testsudoers_pwutil.o tsgetgrpw.o IOBJS = $(LIBPARSESUDOERS_IOBJS) $(SUDOERS_IOBJS) $(VISUDO_IOBJS) \ $(CVTSUDOERS_IOBJS) $(REPLAY_IOBJS) @@ -207,17 +223,19 @@ CHECK_ADDR_OBJS = check_addr.o interfaces.lo match_addr.lo sudoers_debug.lo \ sudo_printf.o -CHECK_BASE64_OBJS = check_base64.o base64.lo sudoers_debug.lo +CHECK_BASE64_OBJS = check_base64.o b64_decode.lo b64_encode.o sudoers_debug.lo CHECK_DIGEST_OBJS = check_digest.o filedigest.lo digestname.lo sudoers_debug.lo +CHECK_EDITOR_OBJS = check_editor.o gc.lo editor.lo sudoers_debug.lo + CHECK_ENV_MATCH_OBJS = check_env_pattern.o env_pattern.lo sudoers_debug.lo CHECK_EXPTILDE_OBJS = check_exptilde.o exptilde.lo pwutil.lo pwutil_impl.lo redblack.lo sudoers_debug.lo CHECK_FILL_OBJS = check_fill.o hexchar.lo toke_util.lo sudoers_debug.lo -CHECK_GENTIME_OBJS = check_gentime.o gentime.lo gmtoff.lo sudoers_debug.lo +CHECK_GENTIME_OBJS = check_gentime.o gentime.lo sudoers_debug.lo CHECK_HEXCHAR_OBJS = check_hexchar.o hexchar.lo sudoers_debug.lo @@ -229,6 +247,49 @@ CHECK_STARTTIME_OBJS = check_starttime.o starttime.lo sudoers_debug.lo +CHECK_UNESC_OBJS = check_unesc.o strlcpy_unesc.lo strvec_join.lo sudoers_debug.lo + +FUZZ_POLICY_OBJS = editor.lo env.lo env_pattern.lo fuzz_policy.o fuzz_stubs.o \ + gc.lo iolog_path_escapes.lo locale.lo policy.lo \ + strlcpy_unesc.lo strvec_join.lo sudoers.lo sudoers_hooks.lo + +FUZZ_POLICY_CORPUS = $(srcdir)/regress/corpus/seed/policy/policy.* + +FUZZ_SUDOERS_OBJS = check_aliases.o fuzz_stubs.o fuzz_sudoers.o fmtsudoers.lo \ + parse.lo locale.lo + +FUZZ_SUDOERS_CORPUS = $(top_srcdir)/examples/sudoers \ + $(srcdir)/regress/sudoers/test1.in \ + $(srcdir)/regress/sudoers/test2.in \ + $(srcdir)/regress/sudoers/test3.in \ + $(srcdir)/regress/sudoers/test4.in \ + $(srcdir)/regress/sudoers/test5.in \ + $(srcdir)/regress/sudoers/test6.in \ + $(srcdir)/regress/sudoers/test7.in \ + $(srcdir)/regress/sudoers/test8.in \ + $(srcdir)/regress/sudoers/test9.in \ + $(srcdir)/regress/sudoers/test10.in \ + $(srcdir)/regress/sudoers/test11.in \ + $(srcdir)/regress/sudoers/test12.in \ + $(srcdir)/regress/sudoers/test13.in \ + $(srcdir)/regress/sudoers/test14.in \ + $(srcdir)/regress/sudoers/test15.in \ + $(srcdir)/regress/sudoers/test16.in \ + $(srcdir)/regress/sudoers/test17.in \ + $(srcdir)/regress/sudoers/test18.in \ + $(srcdir)/regress/sudoers/test19.in \ + $(srcdir)/regress/sudoers/test20.in \ + $(srcdir)/regress/sudoers/test21.in \ + $(srcdir)/regress/sudoers/test22.in \ + $(srcdir)/regress/sudoers/test23.in \ + $(srcdir)/regress/sudoers/test24.in \ + $(srcdir)/regress/sudoers/test25.in + +FUZZ_SUDOERS_LDIF_OBJS = fuzz_stubs.o fuzz_sudoers_ldif.o parse_ldif.o \ + ldap_util.lo fmtsudoers.lo locale.lo + +FUZZ_SUDOERS_LDIF_CORPUS = $(srcdir)/regress/sudoers/*.ldif.ok + VERSION = @PACKAGE_VERSION@ PACKAGE_TARNAME = @PACKAGE_TARNAME@ @@ -272,12 +333,12 @@ libparsesudoers.la: $(LIBPARSESUDOERS_OBJS) $(LIBTOOL) $(LTFLAGS) --mode=link $(CC) -o $@ $(LIBPARSESUDOERS_OBJS) -no-install -sudoers.la: $(SUDOERS_OBJS) $(LIBUTIL) $(LIBIOLOG) $(LIBLOGSRV) libparsesudoers.la @LT_LDDEP@ +sudoers.la: $(SUDOERS_OBJS) $(LIBIOLOG) $(LIBLOGSRV) libparsesudoers.la @LT_LDDEP@ case "$(LT_LDFLAGS)" in \ *-no-install*) \ - $(LIBTOOL) $(LTFLAGS) @LT_STATIC@ --mode=link $(CC) $(LDFLAGS) $(LT_LDFLAGS) -o $@ $(SUDOERS_OBJS) libparsesudoers.la $(SUDOERS_LIBS) -module;; \ + $(LIBTOOL) $(LTFLAGS) @SUDOERS_LT_STATIC@ --mode=link $(CC) $(LDFLAGS) $(LT_LDFLAGS) -o $@ $(SUDOERS_OBJS) libparsesudoers.la $(SUDOERS_LIBS) -module;; \ *) \ - $(LIBTOOL) $(LTFLAGS) @LT_STATIC@ --mode=link $(CC) $(LDFLAGS) $(ASAN_LDFLAGS) $(SSP_LDFLAGS) $(LT_LDFLAGS) -o $@ $(SUDOERS_OBJS) libparsesudoers.la $(SUDOERS_LIBS) -module -avoid-version -rpath $(plugindir) -shrext .so;; \ + $(LIBTOOL) $(LTFLAGS) @SUDOERS_LT_STATIC@ --mode=link $(CC) $(LDFLAGS) $(ASAN_LDFLAGS) $(SSP_LDFLAGS) $(LT_LDFLAGS) -o $@ $(SUDOERS_OBJS) libparsesudoers.la $(SUDOERS_LIBS) -module -avoid-version -rpath $(plugindir) -shrext .so;; \ esac visudo: libparsesudoers.la $(VISUDO_OBJS) $(LIBUTIL) @@ -286,7 +347,7 @@ cvtsudoers: libparsesudoers.la $(CVTSUDOERS_OBJS) $(LIBUTIL) $(LIBTOOL) $(LTFLAGS) --mode=link $(CC) -o $@ $(CVTSUDOERS_OBJS) $(LDFLAGS) $(ASAN_LDFLAGS) $(PIE_LDFLAGS) $(SSP_LDFLAGS) libparsesudoers.la $(LIBS) $(CVTSUDOERS_LIBS) -sudoreplay: timestr.lo $(REPLAY_OBJS) $(LIBUTIL) $(LIBIOLOG) +sudoreplay: timestr.lo $(REPLAY_OBJS) $(LIBIOLOG) $(LIBTOOL) $(LTFLAGS) --mode=link $(CC) -o $@ $(REPLAY_OBJS) $(LDFLAGS) $(ASAN_LDFLAGS) $(PIE_LDFLAGS) $(SSP_LDFLAGS) timestr.lo $(REPLAY_LIBS) testsudoers: libparsesudoers.la $(TEST_OBJS) $(LIBUTIL) @@ -304,6 +365,9 @@ check_digest: $(CHECK_DIGEST_OBJS) $(LIBUTIL) $(LIBTOOL) $(LTFLAGS) --mode=link $(CC) -o $@ $(CHECK_DIGEST_OBJS) $(LDFLAGS) $(ASAN_LDFLAGS) $(PIE_LDFLAGS) $(SSP_LDFLAGS) $(LIBS) +check_editor: $(CHECK_EDITOR_OBJS) $(LIBUTIL) + $(LIBTOOL) $(LTFLAGS) --mode=link $(CC) -o $@ $(CHECK_EDITOR_OBJS) $(LDFLAGS) $(ASAN_LDFLAGS) $(PIE_LDFLAGS) $(SSP_LDFLAGS) $(LIBS) + check_env_pattern: $(CHECK_ENV_MATCH_OBJS) $(LIBUTIL) $(LIBTOOL) $(LTFLAGS) --mode=link $(CC) -o $@ $(CHECK_ENV_MATCH_OBJS) $(LDFLAGS) $(ASAN_LDFLAGS) $(PIE_LDFLAGS) $(SSP_LDFLAGS) $(LIBS) @@ -320,15 +384,105 @@ $(LIBTOOL) $(LTFLAGS) --mode=link $(CC) -o $@ $(CHECK_HEXCHAR_OBJS) $(LDFLAGS) $(ASAN_LDFLAGS) $(PIE_LDFLAGS) $(SSP_LDFLAGS) $(LIBS) check_iolog_plugin: $(CHECK_IOLOG_PLUGIN_OBJS) $(LIBUTIL) $(LIBIOLOG) $(LIBLOGSRV) - $(LIBTOOL) $(LTFLAGS) --mode=link $(CC) -o $@ $(CHECK_IOLOG_PLUGIN_OBJS) $(LDFLAGS) $(ASAN_LDFLAGS) $(PIE_LDFLAGS) $(SSP_LDFLAGS) $(LIBIOLOG) $(LIBEVENTLOG) $(LIBLOGSRV) @LIBTLS@ + $(LIBTOOL) $(LTFLAGS) --mode=link $(CC) -o $@ $(CHECK_IOLOG_PLUGIN_OBJS) $(LDFLAGS) $(ASAN_LDFLAGS) $(PIE_LDFLAGS) $(SSP_LDFLAGS) $(LIBIOLOG) $(LIBLOGSRV) @LIBTLS@ check_starttime: $(CHECK_STARTTIME_OBJS) $(LIBUTIL) $(LIBTOOL) $(LTFLAGS) --mode=link $(CC) -o $@ $(CHECK_STARTTIME_OBJS) $(LDFLAGS) $(ASAN_LDFLAGS) $(PIE_LDFLAGS) $(SSP_LDFLAGS) $(LIBS) +check_unesc: $(CHECK_UNESC_OBJS) $(LIBUTIL) + $(LIBTOOL) $(LTFLAGS) --mode=link $(CC) -o $@ $(CHECK_UNESC_OBJS) $(LDFLAGS) $(ASAN_LDFLAGS) $(PIE_LDFLAGS) $(SSP_LDFLAGS) $(LIBS) + # We need to link check_symbols with -lpthread on HP-UX since LDAP uses threads check_symbols: $(CHECK_SYMBOLS_OBJS) $(LIBUTIL) $(LIBTOOL) $(LTFLAGS) --mode=link $(CC) -o $@ $(CHECK_SYMBOLS_OBJS) $(CHECK_SYMBOLS_LDFLAGS) $(LDFLAGS) $(ASAN_LDFLAGS) $(PIE_LDFLAGS) $(SSP_LDFLAGS) $(LIBS) @SUDO_LIBS@ +fuzz_policy: $(FUZZ_POLICY_OBJS) libparsesudoers.la $(LIBEVENTLOG) $(LIBUTIL) $(LIBFUZZSTUB) + $(LIBTOOL) $(LTFLAGS) --mode=link @FUZZ_LD@ -o $@ $(FUZZ_POLICY_OBJS) $(LDFLAGS) $(ASAN_LDFLAGS) $(PIE_LDFLAGS) $(SSP_LDFLAGS) $(FUZZ_LDFLAGS) $(FUZZ_LIBS) $(LIBEVENTLOG) + +fuzz_sudoers: $(FUZZ_SUDOERS_OBJS) libparsesudoers.la $(LIBUTIL) $(LIBFUZZSTUB) + $(LIBTOOL) $(LTFLAGS) --mode=link @FUZZ_LD@ -o $@ $(FUZZ_SUDOERS_OBJS) $(LDFLAGS) $(ASAN_LDFLAGS) $(PIE_LDFLAGS) $(SSP_LDFLAGS) $(FUZZ_LDFLAGS) $(FUZZ_LIBS) $(LIBUTIL) + +fuzz_sudoers_ldif: $(FUZZ_SUDOERS_LDIF_OBJS) libparsesudoers.la $(LIBUTIL) $(LIBFUZZSTUB) + $(LIBTOOL) $(LTFLAGS) --mode=link @FUZZ_LD@ -o $@ $(FUZZ_SUDOERS_LDIF_OBJS) $(LDFLAGS) $(ASAN_LDFLAGS) $(PIE_LDFLAGS) $(SSP_LDFLAGS) $(FUZZ_LDFLAGS) $(FUZZ_LIBS) $(LIBUTIL) + +fuzz_policy_seed_corpus.zip: + tdir=fuzz_policy.$$$$; \ + mkdir $$tdir; \ + for f in $(FUZZ_POLICY_CORPUS); do \ + cp $$f $$tdir/`$(SHA1SUM) $$f | $(SED) -e 's/^.*= *//' -e 's/ .*//'`; \ + done; \ + zip -j $@ $$tdir/*; \ + rm -rf $$tdir + +run-fuzz_policy: fuzz_policy + if locale -a 2>&1 | grep '^C.UTF-8$$' >/dev/null 2>&1; then \ + LC_ALL=C.UTF-8; export LC_ALL; \ + else \ + LC_ALL=C; export LC_ALL; \ + fi; \ + unset LANG || LANG=; \ + MALLOC_OPTIONS=S; export MALLOC_OPTIONS; \ + MALLOC_CONF="abort:true,junk:true"; export MALLOC_CONF; \ + umask 022; \ + corpus=regress/corpus/policy; \ + mkdir -p $$corpus; \ + for f in $(FUZZ_POLICY_CORPUS); do \ + cp $$f $$corpus; \ + done; \ + ./fuzz_policy -dict=$(srcdir)/regress/fuzz/fuzz_policy.dict -max_len=$(FUZZ_MAX_LEN) -runs=$(FUZZ_RUNS) $$corpus + +fuzz_sudoers_seed_corpus.zip: + tdir=fuzz_sudoers.$$$$; \ + mkdir $$tdir; \ + for f in $(FUZZ_SUDOERS_CORPUS); do \ + cp $$f $$tdir/`$(SHA1SUM) $$f | $(SED) -e 's/^.*= *//' -e 's/ .*//'`; \ + done; \ + zip -j $@ $$tdir/*; \ + rm -rf $$tdir + +run-fuzz_sudoers: fuzz_sudoers + if locale -a 2>&1 | grep '^C.UTF-8$$' >/dev/null 2>&1; then \ + LC_ALL=C.UTF-8; export LC_ALL; \ + else \ + LC_ALL=C; export LC_ALL; \ + fi; \ + unset LANG || LANG=; \ + MALLOC_OPTIONS=S; export MALLOC_OPTIONS; \ + MALLOC_CONF="abort:true,junk:true"; export MALLOC_CONF; \ + umask 022; \ + corpus=regress/corpus/sudoers; \ + mkdir -p $$corpus; \ + for f in $(FUZZ_SUDOERS_CORPUS); do \ + cp $$f $$corpus; \ + done; \ + ./fuzz_sudoers -dict=$(srcdir)/regress/fuzz/fuzz_sudoers.dict -max_len=$(FUZZ_MAX_LEN) -runs=$(FUZZ_RUNS) $$corpus + +fuzz_sudoers_ldif_seed_corpus.zip: + tdir=fuzz_sudoers_ldif.$$$$; \ + mkdir $$tdir; \ + for f in $(FUZZ_SUDOERS_LDIF_CORPUS); do \ + cp $$f $$tdir/`$(SHA1SUM) $$f | $(SED) -e 's/^.*= *//' -e 's/ .*//'`; \ + done; \ + zip -j $@ $$tdir/*; \ + rm -rf $$tdir + +run-fuzz_sudoers_ldif: fuzz_sudoers_ldif + if locale -a 2>&1 | grep '^C.UTF-8$$' >/dev/null 2>&1; then \ + LC_ALL=C.UTF-8; export LC_ALL; \ + else \ + LC_ALL=C; export LC_ALL; \ + fi; \ + unset LANG || LANG=; \ + MALLOC_OPTIONS=S; export MALLOC_OPTIONS; \ + MALLOC_CONF="abort:true,junk:true"; export MALLOC_CONF; \ + umask 022; \ + corpus=regress/corpus/sudoers_ldif; \ + mkdir -p $$corpus; \ + for f in $(FUZZ_SUDOERS_LDIF_CORPUS); do \ + cp $$f $$corpus; \ + done; \ + ./fuzz_sudoers_ldif -dict=$(srcdir)/regress/fuzz/fuzz_sudoers_ldif.dict -max_len=$(FUZZ_MAX_LEN) -runs=$(FUZZ_RUNS) $$corpus + GENERATED = gram.h gram.c toke.c def_data.c def_data.h getdate.c prologue: @@ -346,7 +500,7 @@ else \ gram_y="$(srcdir)/gram.y"; \ fi; \ - cmd='$(YACC) -d -p sudoers '"$$gram_y"'; cp prologue $(devdir)/gram.c; $(SED) "s/^\\(#line .*\\) \"y\\.tab\\.c\"/\1 \"gram.c\"/" y.tab.c >> $(devdir)/gram.c; rm -f y.tab.c; mv -f y.tab.h $(devdir)/gram.h'; \ + cmd='$(YACC) -d -p sudoers '"$$gram_y"'; cp prologue $(devdir)/gram.c; $(SED) -e "s/^\\(#line .*\\) \"y\\.tab\\.c\"/\1 \"gram.c\"/" -e "/^# *include /{N;s/__STDC_VERSION__ && 199901 <= __STDC_VERSION__/HAVE_STDINT_H/;}" y.tab.c >> $(devdir)/gram.c; rm -f y.tab.c; mv -f y.tab.h $(devdir)/gram.h'; \ echo "$$cmd"; eval $$cmd; \ fi @@ -369,7 +523,7 @@ else \ getdate_y="$(srcdir)/getdate.y"; \ fi; \ - cmd='$(YACC) '"$$getdate_y"'; cp prologue $(devdir)/getdate.c; $(SED) "s/^\\(#line .*\\) \"y\\.tab\\.c\"/\1 \"getdate.c\"/" y.tab.c >> $(devdir)/getdate.c; rm -f y.tab.c'; \ + cmd='$(YACC) '"$$getdate_y"'; cp prologue $(devdir)/getdate.c; $(SED) -e "s/^\\(#line .*\\) \"y\\.tab\\.c\"/\1 \"getdate.c\"/" -e "/^# *include /{N;s/__STDC_VERSION__ && 199901 <= __STDC_VERSION__/HAVE_STDINT_H/;}" y.tab.c >> $(devdir)/getdate.c; rm -f y.tab.c'; \ echo "$$cmd"; eval $$cmd; \ fi @@ -382,7 +536,7 @@ sudoers: $(srcdir)/sudoers.in cd $(top_builddir) && $(SHELL) config.status --file=plugins/sudoers/$@ -pre-install: +pre-install: visudo @if test X"$(cross_compiling)" != X"yes" -a X"$(DESTDIR)" = X""; then \ if test -r $(sudoersdir)/sudoers; then \ echo "Checking existing sudoers file for syntax errors."; \ @@ -425,10 +579,18 @@ test -r $(DESTDIR)$(sudoersdir)/sudoers || \ cp -p $(DESTDIR)$(sudoersdir)/sudoers.dist $(DESTDIR)$(sudoersdir)/sudoers +install-fuzzer: $(FUZZ_PROGS) $(FUZZ_SEED_CORPUS) + @if test X"$(FUZZ_DESTDIR)" = X""; then \ + echo "must set FUZZ_DESTDIR for install-fuzzer target"; \ + else \ + cp $(FUZZ_PROGS) $(FUZZ_SEED_CORPUS) $(FUZZ_DESTDIR); \ + cp $(srcdir)/regress/fuzz/*.dict $(FUZZ_DESTDIR); \ + fi + uninstall: -$(LIBTOOL) $(LTFLAGS) --mode=uninstall rm -f $(DESTDIR)$(plugindir)/sudoers.la -rm -f $(DESTDIR)$(bindir)/cvtsudoers \ - $(DESTDIR)$(bindir)/sudoreplay + $(DESTDIR)$(bindir)/sudoreplay \ $(DESTDIR)$(sbindir)/visudo -test -z "$(INSTALL_BACKUP)" || \ $(DESTDIR)$(bindir)/cvtsudoers$(INSTALL_BACKUP) \ @@ -450,9 +612,33 @@ pvs-studio: $(POBJS) plog-converter $(PVS_LOG_OPTS) $(POBJS) -check: $(TEST_PROGS) visudo testsudoers cvtsudoers +fuzz: run-fuzz_policy run-fuzz_sudoers run-fuzz_sudoers_ldif + +check-fuzzer: $(FUZZ_PROGS) @if test X"$(cross_compiling)" != X"yes"; then \ - LC_ALL=C; export LC_ALL; \ + if locale -a 2>&1 | grep '^C.UTF-8$$' >/dev/null 2>&1; then \ + LC_ALL=C.UTF-8; export LC_ALL; \ + else \ + LC_ALL=C; export LC_ALL; \ + fi; \ + unset LANG || LANG=; \ + MALLOC_OPTIONS=S; export MALLOC_OPTIONS; \ + MALLOC_CONF="abort:true,junk:true"; export MALLOC_CONF; \ + echo "fuzz_sudoers: verifying corpus"; \ + ./fuzz_sudoers $(FUZZ_SUDOERS_CORPUS); \ + echo "fuzz_sudoers-ldif: verifying corpus"; \ + ./fuzz_sudoers_ldif $(FUZZ_SUDOERS_LDIF_CORPUS); \ + echo "fuzz_policy: verifying corpus"; \ + ./fuzz_policy $(FUZZ_POLICY_CORPUS); \ + fi + +check: $(TEST_PROGS) visudo testsudoers cvtsudoers check-fuzzer + @if test X"$(cross_compiling)" != X"yes"; then \ + if locale -a 2>&1 | grep '^C.UTF-8$$' >/dev/null 2>&1; then \ + LC_ALL=C.UTF-8; export LC_ALL; \ + else \ + LC_ALL=C; export LC_ALL; \ + fi; \ unset LANG || LANG=; \ MALLOC_OPTIONS=S; export MALLOC_OPTIONS; \ MALLOC_CONF="abort:true,junk:true"; export MALLOC_CONF; \ @@ -465,6 +651,7 @@ ./check_digest > regress/parser/check_digest.out; \ diff regress/parser/check_digest.out $(srcdir)/regress/parser/check_digest.out.ok || rval=`expr $$rval + $$?`; \ fi; \ + ./check_editor || rval=`expr $$rval + $$?`; \ ./check_env_pattern $(srcdir)/regress/env_match/data || rval=`expr $$rval + $$?`; \ ./check_exptilde || rval=`expr $$rval + $$?`; \ ./check_fill || rval=`expr $$rval + $$?`; \ @@ -473,6 +660,7 @@ mkdir -p regress/iolog_plugin; \ ./check_iolog_plugin regress/iolog_plugin/iolog || rval=`expr $$rval + $$?`; \ ./check_starttime || rval=`expr $$rval + $$?`; \ + ./check_unesc || rval=`expr $$rval + $$?`; \ if test -f check_symbols; then \ ./check_symbols .libs/sudoers.so $(shlib_exp) || rval=`expr $$rval + $$?`; \ fi; \ @@ -487,13 +675,7 @@ ldif="regress/sudoers/$${base}.ldif"; \ sudo="regress/sudoers/$${base}.sudo"; \ ldif2sudo="regress/sudoers/$${base}.ldif2sudo"; \ - if test -s $$json.ok; then \ - ASAN_OPTIONS=; \ - else \ - ASAN_OPTIONS=detect_leaks=0; \ - fi; \ - ASAN_OPTIONS=$$ASAN_OPTIONS \ - ./testsudoers -dt <$$t >$$out 2>$$toke || true; \ + ./testsudoers -dt <$$t >$$out 2>$$toke || true; \ if cmp $$out $(srcdir)/$$out.ok >/dev/null; then \ passed=`expr $$passed + 1`; \ echo "$$dir/$$base (parse): OK"; \ @@ -611,11 +793,12 @@ clean: -$(LIBTOOL) $(LTFLAGS) --mode=clean rm -f $(PROGS) $(TEST_PROGS) \ - *.lo *.o *.la + $(FUZZ_PROGS) *.lo *.o *.la -rm -f *.i *.plog stamp-* core *.core core.* prologue regress/*/*.out \ regress/*/*.toke regress/*/*.err regress/*/*.json \ regress/*/*.ldif regress/*/*.ldif2sudo regress/*/*.sudo - -rm -rf regress/iolog_plugin/iolog + -rm -rf regress/iolog_plugin/iolog regress/corpus/policy \ + regress/corpus/sudoers regress/corpus/sudoers_ldif mostlyclean: clean @@ -633,6 +816,10 @@ cleandir: realclean +.PHONY: clean mostlyclean distclean cleandir clobber realclean \ + $(FUZZ_SEED_CORPUS) run-fuzz_policy run-fuzz_sudoers \ + run-fuzz_sudoers_ldif + # Autogenerated dependencies, do not modify afs.lo: $(authdir)/afs.c $(authdir)/sudo_auth.h $(devdir)/def_data.h \ $(incdir)/compat/stdbool.h $(incdir)/sudo_compat.h \ @@ -706,9 +893,8 @@ $(incdir)/sudo_queue.h $(incdir)/sudo_util.h $(srcdir)/bsm_audit.h \ $(srcdir)/defaults.h $(srcdir)/linux_audit.h $(srcdir)/log_client.h \ $(srcdir)/logging.h $(srcdir)/parse.h $(srcdir)/solaris_audit.h \ - $(srcdir)/strlist.h $(srcdir)/sudo_nss.h $(srcdir)/sudoers.h \ - $(srcdir)/sudoers_debug.h $(top_builddir)/config.h \ - $(top_builddir)/pathnames.h + $(srcdir)/sudo_nss.h $(srcdir)/sudoers.h $(srcdir)/sudoers_debug.h \ + $(top_builddir)/config.h $(top_builddir)/pathnames.h $(LIBTOOL) $(LTFLAGS) --mode=compile $(CC) -c $(CPPFLAGS) $(CFLAGS) $(ASAN_CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(srcdir)/audit.c audit.i: $(srcdir)/audit.c $(devdir)/def_data.h $(incdir)/compat/stdbool.h \ $(incdir)/log_server.pb-c.h $(incdir)/protobuf-c/protobuf-c.h \ @@ -718,34 +904,59 @@ $(incdir)/sudo_queue.h $(incdir)/sudo_util.h $(srcdir)/bsm_audit.h \ $(srcdir)/defaults.h $(srcdir)/linux_audit.h $(srcdir)/log_client.h \ $(srcdir)/logging.h $(srcdir)/parse.h $(srcdir)/solaris_audit.h \ - $(srcdir)/strlist.h $(srcdir)/sudo_nss.h $(srcdir)/sudoers.h \ - $(srcdir)/sudoers_debug.h $(top_builddir)/config.h \ - $(top_builddir)/pathnames.h + $(srcdir)/sudo_nss.h $(srcdir)/sudoers.h $(srcdir)/sudoers_debug.h \ + $(top_builddir)/config.h $(top_builddir)/pathnames.h $(CC) -E -o $@ $(CPPFLAGS) $< audit.plog: audit.i rm -f $@; pvs-studio --cfg $(PVS_CFG) --sourcetree-root $(top_srcdir) --skip-cl-exe yes --source-file $(srcdir)/audit.c --i-file $< --output-file $@ -base64.lo: $(srcdir)/base64.c $(devdir)/def_data.h $(incdir)/compat/stdbool.h \ - $(incdir)/sudo_compat.h $(incdir)/sudo_conf.h \ - $(incdir)/sudo_debug.h $(incdir)/sudo_eventlog.h \ - $(incdir)/sudo_fatal.h $(incdir)/sudo_gettext.h \ - $(incdir)/sudo_plugin.h $(incdir)/sudo_queue.h \ - $(incdir)/sudo_util.h $(srcdir)/defaults.h $(srcdir)/logging.h \ - $(srcdir)/parse.h $(srcdir)/sudo_nss.h $(srcdir)/sudoers.h \ - $(srcdir)/sudoers_debug.h $(top_builddir)/config.h \ - $(top_builddir)/pathnames.h - $(LIBTOOL) $(LTFLAGS) --mode=compile $(CC) -c $(CPPFLAGS) $(CFLAGS) $(ASAN_CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(srcdir)/base64.c -base64.i: $(srcdir)/base64.c $(devdir)/def_data.h $(incdir)/compat/stdbool.h \ - $(incdir)/sudo_compat.h $(incdir)/sudo_conf.h \ - $(incdir)/sudo_debug.h $(incdir)/sudo_eventlog.h \ - $(incdir)/sudo_fatal.h $(incdir)/sudo_gettext.h \ - $(incdir)/sudo_plugin.h $(incdir)/sudo_queue.h \ - $(incdir)/sudo_util.h $(srcdir)/defaults.h $(srcdir)/logging.h \ - $(srcdir)/parse.h $(srcdir)/sudo_nss.h $(srcdir)/sudoers.h \ - $(srcdir)/sudoers_debug.h $(top_builddir)/config.h \ - $(top_builddir)/pathnames.h +b64_decode.lo: $(srcdir)/b64_decode.c $(devdir)/def_data.h \ + $(incdir)/compat/stdbool.h $(incdir)/sudo_compat.h \ + $(incdir)/sudo_conf.h $(incdir)/sudo_debug.h \ + $(incdir)/sudo_eventlog.h $(incdir)/sudo_fatal.h \ + $(incdir)/sudo_gettext.h $(incdir)/sudo_plugin.h \ + $(incdir)/sudo_queue.h $(incdir)/sudo_util.h \ + $(srcdir)/defaults.h $(srcdir)/logging.h $(srcdir)/parse.h \ + $(srcdir)/sudo_nss.h $(srcdir)/sudoers.h \ + $(srcdir)/sudoers_debug.h $(top_builddir)/config.h \ + $(top_builddir)/pathnames.h + $(LIBTOOL) $(LTFLAGS) --mode=compile $(CC) -c $(CPPFLAGS) $(CFLAGS) $(ASAN_CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(srcdir)/b64_decode.c +b64_decode.i: $(srcdir)/b64_decode.c $(devdir)/def_data.h \ + $(incdir)/compat/stdbool.h $(incdir)/sudo_compat.h \ + $(incdir)/sudo_conf.h $(incdir)/sudo_debug.h \ + $(incdir)/sudo_eventlog.h $(incdir)/sudo_fatal.h \ + $(incdir)/sudo_gettext.h $(incdir)/sudo_plugin.h \ + $(incdir)/sudo_queue.h $(incdir)/sudo_util.h \ + $(srcdir)/defaults.h $(srcdir)/logging.h $(srcdir)/parse.h \ + $(srcdir)/sudo_nss.h $(srcdir)/sudoers.h \ + $(srcdir)/sudoers_debug.h $(top_builddir)/config.h \ + $(top_builddir)/pathnames.h + $(CC) -E -o $@ $(CPPFLAGS) $< +b64_decode.plog: b64_decode.i + rm -f $@; pvs-studio --cfg $(PVS_CFG) --sourcetree-root $(top_srcdir) --skip-cl-exe yes --source-file $(srcdir)/b64_decode.c --i-file $< --output-file $@ +b64_encode.o: $(srcdir)/b64_encode.c $(devdir)/def_data.h \ + $(incdir)/compat/stdbool.h $(incdir)/sudo_compat.h \ + $(incdir)/sudo_conf.h $(incdir)/sudo_debug.h \ + $(incdir)/sudo_eventlog.h $(incdir)/sudo_fatal.h \ + $(incdir)/sudo_gettext.h $(incdir)/sudo_plugin.h \ + $(incdir)/sudo_queue.h $(incdir)/sudo_util.h \ + $(srcdir)/defaults.h $(srcdir)/logging.h $(srcdir)/parse.h \ + $(srcdir)/sudo_nss.h $(srcdir)/sudoers.h \ + $(srcdir)/sudoers_debug.h $(top_builddir)/config.h \ + $(top_builddir)/pathnames.h + $(CC) -c $(CPPFLAGS) $(CFLAGS) $(ASAN_CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(srcdir)/b64_encode.c +b64_encode.i: $(srcdir)/b64_encode.c $(devdir)/def_data.h \ + $(incdir)/compat/stdbool.h $(incdir)/sudo_compat.h \ + $(incdir)/sudo_conf.h $(incdir)/sudo_debug.h \ + $(incdir)/sudo_eventlog.h $(incdir)/sudo_fatal.h \ + $(incdir)/sudo_gettext.h $(incdir)/sudo_plugin.h \ + $(incdir)/sudo_queue.h $(incdir)/sudo_util.h \ + $(srcdir)/defaults.h $(srcdir)/logging.h $(srcdir)/parse.h \ + $(srcdir)/sudo_nss.h $(srcdir)/sudoers.h \ + $(srcdir)/sudoers_debug.h $(top_builddir)/config.h \ + $(top_builddir)/pathnames.h $(CC) -E -o $@ $(CPPFLAGS) $< -base64.plog: base64.i - rm -f $@; pvs-studio --cfg $(PVS_CFG) --sourcetree-root $(top_srcdir) --skip-cl-exe yes --source-file $(srcdir)/base64.c --i-file $< --output-file $@ +b64_encode.plog: b64_encode.i + rm -f $@; pvs-studio --cfg $(PVS_CFG) --sourcetree-root $(top_srcdir) --skip-cl-exe yes --source-file $(srcdir)/b64_encode.c --i-file $< --output-file $@ boottime.lo: $(srcdir)/boottime.c $(devdir)/def_data.h \ $(incdir)/compat/stdbool.h $(incdir)/sudo_compat.h \ $(incdir)/sudo_conf.h $(incdir)/sudo_debug.h \ @@ -858,6 +1069,30 @@ $(CC) -E -o $@ $(CPPFLAGS) $< check_addr.plog: check_addr.i rm -f $@; pvs-studio --cfg $(PVS_CFG) --sourcetree-root $(top_srcdir) --skip-cl-exe yes --source-file $(srcdir)/regress/parser/check_addr.c --i-file $< --output-file $@ +check_aliases.o: $(srcdir)/check_aliases.c $(devdir)/def_data.h \ + $(devdir)/gram.h $(incdir)/compat/stdbool.h \ + $(incdir)/sudo_compat.h $(incdir)/sudo_conf.h \ + $(incdir)/sudo_debug.h $(incdir)/sudo_eventlog.h \ + $(incdir)/sudo_fatal.h $(incdir)/sudo_gettext.h \ + $(incdir)/sudo_plugin.h $(incdir)/sudo_queue.h \ + $(incdir)/sudo_util.h $(srcdir)/defaults.h \ + $(srcdir)/logging.h $(srcdir)/parse.h $(srcdir)/sudo_nss.h \ + $(srcdir)/sudoers.h $(srcdir)/sudoers_debug.h \ + $(top_builddir)/config.h $(top_builddir)/pathnames.h + $(CC) -c $(CPPFLAGS) $(CFLAGS) $(ASAN_CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(srcdir)/check_aliases.c +check_aliases.i: $(srcdir)/check_aliases.c $(devdir)/def_data.h \ + $(devdir)/gram.h $(incdir)/compat/stdbool.h \ + $(incdir)/sudo_compat.h $(incdir)/sudo_conf.h \ + $(incdir)/sudo_debug.h $(incdir)/sudo_eventlog.h \ + $(incdir)/sudo_fatal.h $(incdir)/sudo_gettext.h \ + $(incdir)/sudo_plugin.h $(incdir)/sudo_queue.h \ + $(incdir)/sudo_util.h $(srcdir)/defaults.h \ + $(srcdir)/logging.h $(srcdir)/parse.h $(srcdir)/sudo_nss.h \ + $(srcdir)/sudoers.h $(srcdir)/sudoers_debug.h \ + $(top_builddir)/config.h $(top_builddir)/pathnames.h + $(CC) -E -o $@ $(CPPFLAGS) $< +check_aliases.plog: check_aliases.i + rm -f $@; pvs-studio --cfg $(PVS_CFG) --sourcetree-root $(top_srcdir) --skip-cl-exe yes --source-file $(srcdir)/check_aliases.c --i-file $< --output-file $@ check_base64.o: $(srcdir)/regress/parser/check_base64.c \ $(incdir)/compat/stdbool.h $(incdir)/sudo_compat.h \ $(incdir)/sudo_util.h $(top_builddir)/config.h @@ -882,6 +1117,30 @@ $(CC) -E -o $@ $(CPPFLAGS) $< check_digest.plog: check_digest.i rm -f $@; pvs-studio --cfg $(PVS_CFG) --sourcetree-root $(top_srcdir) --skip-cl-exe yes --source-file $(srcdir)/regress/parser/check_digest.c --i-file $< --output-file $@ +check_editor.o: $(srcdir)/regress/editor/check_editor.c $(devdir)/def_data.c \ + $(devdir)/def_data.h $(incdir)/compat/stdbool.h \ + $(incdir)/sudo_compat.h $(incdir)/sudo_conf.h \ + $(incdir)/sudo_debug.h $(incdir)/sudo_eventlog.h \ + $(incdir)/sudo_fatal.h $(incdir)/sudo_gettext.h \ + $(incdir)/sudo_plugin.h $(incdir)/sudo_queue.h \ + $(incdir)/sudo_util.h $(srcdir)/defaults.h $(srcdir)/logging.h \ + $(srcdir)/parse.h $(srcdir)/sudo_nss.h $(srcdir)/sudoers.h \ + $(srcdir)/sudoers_debug.h $(top_builddir)/config.h \ + $(top_builddir)/pathnames.h + $(CC) -c $(CPPFLAGS) $(CFLAGS) $(ASAN_CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(srcdir)/regress/editor/check_editor.c +check_editor.i: $(srcdir)/regress/editor/check_editor.c $(devdir)/def_data.c \ + $(devdir)/def_data.h $(incdir)/compat/stdbool.h \ + $(incdir)/sudo_compat.h $(incdir)/sudo_conf.h \ + $(incdir)/sudo_debug.h $(incdir)/sudo_eventlog.h \ + $(incdir)/sudo_fatal.h $(incdir)/sudo_gettext.h \ + $(incdir)/sudo_plugin.h $(incdir)/sudo_queue.h \ + $(incdir)/sudo_util.h $(srcdir)/defaults.h $(srcdir)/logging.h \ + $(srcdir)/parse.h $(srcdir)/sudo_nss.h $(srcdir)/sudoers.h \ + $(srcdir)/sudoers_debug.h $(top_builddir)/config.h \ + $(top_builddir)/pathnames.h + $(CC) -E -o $@ $(CPPFLAGS) $< +check_editor.plog: check_editor.i + rm -f $@; pvs-studio --cfg $(PVS_CFG) --sourcetree-root $(top_srcdir) --skip-cl-exe yes --source-file $(srcdir)/regress/editor/check_editor.c --i-file $< --output-file $@ check_env_pattern.o: $(srcdir)/regress/env_match/check_env_pattern.c \ $(devdir)/def_data.h $(incdir)/compat/stdbool.h \ $(incdir)/sudo_compat.h $(incdir)/sudo_conf.h \ @@ -1028,6 +1287,30 @@ $(CC) -E -o $@ $(CPPFLAGS) $< check_symbols.plog: check_symbols.i rm -f $@; pvs-studio --cfg $(PVS_CFG) --sourcetree-root $(top_srcdir) --skip-cl-exe yes --source-file $(srcdir)/regress/check_symbols/check_symbols.c --i-file $< --output-file $@ +check_unesc.o: $(srcdir)/regress/unescape/check_unesc.c $(devdir)/def_data.h \ + $(incdir)/compat/stdbool.h $(incdir)/sudo_compat.h \ + $(incdir)/sudo_conf.h $(incdir)/sudo_debug.h \ + $(incdir)/sudo_eventlog.h $(incdir)/sudo_fatal.h \ + $(incdir)/sudo_gettext.h $(incdir)/sudo_plugin.h \ + $(incdir)/sudo_queue.h $(incdir)/sudo_util.h \ + $(srcdir)/defaults.h $(srcdir)/logging.h $(srcdir)/parse.h \ + $(srcdir)/sudo_nss.h $(srcdir)/sudoers.h \ + $(srcdir)/sudoers_debug.h $(top_builddir)/config.h \ + $(top_builddir)/pathnames.h + $(CC) -c $(CPPFLAGS) $(CFLAGS) $(ASAN_CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(srcdir)/regress/unescape/check_unesc.c +check_unesc.i: $(srcdir)/regress/unescape/check_unesc.c $(devdir)/def_data.h \ + $(incdir)/compat/stdbool.h $(incdir)/sudo_compat.h \ + $(incdir)/sudo_conf.h $(incdir)/sudo_debug.h \ + $(incdir)/sudo_eventlog.h $(incdir)/sudo_fatal.h \ + $(incdir)/sudo_gettext.h $(incdir)/sudo_plugin.h \ + $(incdir)/sudo_queue.h $(incdir)/sudo_util.h \ + $(srcdir)/defaults.h $(srcdir)/logging.h $(srcdir)/parse.h \ + $(srcdir)/sudo_nss.h $(srcdir)/sudoers.h \ + $(srcdir)/sudoers_debug.h $(top_builddir)/config.h \ + $(top_builddir)/pathnames.h + $(CC) -E -o $@ $(CPPFLAGS) $< +check_unesc.plog: check_unesc.i + rm -f $@; pvs-studio --cfg $(PVS_CFG) --sourcetree-root $(top_srcdir) --skip-cl-exe yes --source-file $(srcdir)/regress/unescape/check_unesc.c --i-file $< --output-file $@ cvtsudoers.o: $(srcdir)/cvtsudoers.c $(devdir)/def_data.h $(devdir)/gram.h \ $(incdir)/compat/getopt.h $(incdir)/compat/stdbool.h \ $(incdir)/sudo_compat.h $(incdir)/sudo_conf.h \ @@ -1039,7 +1322,8 @@ $(srcdir)/parse.h $(srcdir)/redblack.h $(srcdir)/strlist.h \ $(srcdir)/sudo_nss.h $(srcdir)/sudoers.h \ $(srcdir)/sudoers_debug.h $(srcdir)/sudoers_version.h \ - $(top_builddir)/config.h $(top_builddir)/pathnames.h + $(srcdir)/tsgetgrpw.h $(top_builddir)/config.h \ + $(top_builddir)/pathnames.h $(CC) -c $(CPPFLAGS) $(CFLAGS) $(ASAN_CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(srcdir)/cvtsudoers.c cvtsudoers.i: $(srcdir)/cvtsudoers.c $(devdir)/def_data.h $(devdir)/gram.h \ $(incdir)/compat/getopt.h $(incdir)/compat/stdbool.h \ @@ -1052,10 +1336,37 @@ $(srcdir)/parse.h $(srcdir)/redblack.h $(srcdir)/strlist.h \ $(srcdir)/sudo_nss.h $(srcdir)/sudoers.h \ $(srcdir)/sudoers_debug.h $(srcdir)/sudoers_version.h \ - $(top_builddir)/config.h $(top_builddir)/pathnames.h + $(srcdir)/tsgetgrpw.h $(top_builddir)/config.h \ + $(top_builddir)/pathnames.h $(CC) -E -o $@ $(CPPFLAGS) $< cvtsudoers.plog: cvtsudoers.i rm -f $@; pvs-studio --cfg $(PVS_CFG) --sourcetree-root $(top_srcdir) --skip-cl-exe yes --source-file $(srcdir)/cvtsudoers.c --i-file $< --output-file $@ +cvtsudoers_csv.o: $(srcdir)/cvtsudoers_csv.c $(devdir)/def_data.h \ + $(devdir)/gram.h $(incdir)/compat/stdbool.h \ + $(incdir)/sudo_compat.h $(incdir)/sudo_conf.h \ + $(incdir)/sudo_debug.h $(incdir)/sudo_eventlog.h \ + $(incdir)/sudo_fatal.h $(incdir)/sudo_gettext.h \ + $(incdir)/sudo_plugin.h $(incdir)/sudo_queue.h \ + $(incdir)/sudo_util.h $(srcdir)/cvtsudoers.h \ + $(srcdir)/defaults.h $(srcdir)/logging.h $(srcdir)/parse.h \ + $(srcdir)/strlist.h $(srcdir)/sudo_nss.h $(srcdir)/sudoers.h \ + $(srcdir)/sudoers_debug.h $(top_builddir)/config.h \ + $(top_builddir)/pathnames.h + $(CC) -c $(CPPFLAGS) $(CFLAGS) $(ASAN_CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(srcdir)/cvtsudoers_csv.c +cvtsudoers_csv.i: $(srcdir)/cvtsudoers_csv.c $(devdir)/def_data.h \ + $(devdir)/gram.h $(incdir)/compat/stdbool.h \ + $(incdir)/sudo_compat.h $(incdir)/sudo_conf.h \ + $(incdir)/sudo_debug.h $(incdir)/sudo_eventlog.h \ + $(incdir)/sudo_fatal.h $(incdir)/sudo_gettext.h \ + $(incdir)/sudo_plugin.h $(incdir)/sudo_queue.h \ + $(incdir)/sudo_util.h $(srcdir)/cvtsudoers.h \ + $(srcdir)/defaults.h $(srcdir)/logging.h $(srcdir)/parse.h \ + $(srcdir)/strlist.h $(srcdir)/sudo_nss.h $(srcdir)/sudoers.h \ + $(srcdir)/sudoers_debug.h $(top_builddir)/config.h \ + $(top_builddir)/pathnames.h + $(CC) -E -o $@ $(CPPFLAGS) $< +cvtsudoers_csv.plog: cvtsudoers_csv.i + rm -f $@; pvs-studio --cfg $(PVS_CFG) --sourcetree-root $(top_srcdir) --skip-cl-exe yes --source-file $(srcdir)/cvtsudoers_csv.c --i-file $< --output-file $@ cvtsudoers_json.o: $(srcdir)/cvtsudoers_json.c $(devdir)/def_data.h \ $(devdir)/gram.h $(incdir)/compat/stdbool.h \ $(incdir)/sudo_compat.h $(incdir)/sudo_conf.h \ @@ -1114,6 +1425,34 @@ $(CC) -E -o $@ $(CPPFLAGS) $< cvtsudoers_ldif.plog: cvtsudoers_ldif.i rm -f $@; pvs-studio --cfg $(PVS_CFG) --sourcetree-root $(top_srcdir) --skip-cl-exe yes --source-file $(srcdir)/cvtsudoers_ldif.c --i-file $< --output-file $@ +cvtsudoers_merge.o: $(srcdir)/cvtsudoers_merge.c $(devdir)/def_data.h \ + $(devdir)/gram.h $(incdir)/compat/stdbool.h \ + $(incdir)/sudo_compat.h $(incdir)/sudo_conf.h \ + $(incdir)/sudo_debug.h $(incdir)/sudo_eventlog.h \ + $(incdir)/sudo_fatal.h $(incdir)/sudo_gettext.h \ + $(incdir)/sudo_plugin.h $(incdir)/sudo_queue.h \ + $(incdir)/sudo_util.h $(srcdir)/cvtsudoers.h \ + $(srcdir)/defaults.h $(srcdir)/logging.h $(srcdir)/parse.h \ + $(srcdir)/redblack.h $(srcdir)/strlist.h \ + $(srcdir)/sudo_nss.h $(srcdir)/sudoers.h \ + $(srcdir)/sudoers_debug.h $(top_builddir)/config.h \ + $(top_builddir)/pathnames.h + $(CC) -c $(CPPFLAGS) $(CFLAGS) $(ASAN_CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(srcdir)/cvtsudoers_merge.c +cvtsudoers_merge.i: $(srcdir)/cvtsudoers_merge.c $(devdir)/def_data.h \ + $(devdir)/gram.h $(incdir)/compat/stdbool.h \ + $(incdir)/sudo_compat.h $(incdir)/sudo_conf.h \ + $(incdir)/sudo_debug.h $(incdir)/sudo_eventlog.h \ + $(incdir)/sudo_fatal.h $(incdir)/sudo_gettext.h \ + $(incdir)/sudo_plugin.h $(incdir)/sudo_queue.h \ + $(incdir)/sudo_util.h $(srcdir)/cvtsudoers.h \ + $(srcdir)/defaults.h $(srcdir)/logging.h $(srcdir)/parse.h \ + $(srcdir)/redblack.h $(srcdir)/strlist.h \ + $(srcdir)/sudo_nss.h $(srcdir)/sudoers.h \ + $(srcdir)/sudoers_debug.h $(top_builddir)/config.h \ + $(top_builddir)/pathnames.h + $(CC) -E -o $@ $(CPPFLAGS) $< +cvtsudoers_merge.plog: cvtsudoers_merge.i + rm -f $@; pvs-studio --cfg $(PVS_CFG) --sourcetree-root $(top_srcdir) --skip-cl-exe yes --source-file $(srcdir)/cvtsudoers_merge.c --i-file $< --output-file $@ cvtsudoers_pwutil.o: $(srcdir)/cvtsudoers_pwutil.c $(devdir)/def_data.h \ $(incdir)/compat/stdbool.h $(incdir)/sudo_compat.h \ $(incdir)/sudo_conf.h $(incdir)/sudo_debug.h \ @@ -1382,6 +1721,132 @@ $(CC) -E -o $@ $(CPPFLAGS) $< fmtsudoers.plog: fmtsudoers.i rm -f $@; pvs-studio --cfg $(PVS_CFG) --sourcetree-root $(top_srcdir) --skip-cl-exe yes --source-file $(srcdir)/fmtsudoers.c --i-file $< --output-file $@ +fmtsudoers_cvt.lo: $(srcdir)/fmtsudoers_cvt.c $(devdir)/def_data.h \ + $(devdir)/gram.h $(incdir)/compat/stdbool.h \ + $(incdir)/sudo_compat.h $(incdir)/sudo_conf.h \ + $(incdir)/sudo_debug.h $(incdir)/sudo_eventlog.h \ + $(incdir)/sudo_fatal.h $(incdir)/sudo_gettext.h \ + $(incdir)/sudo_lbuf.h $(incdir)/sudo_plugin.h \ + $(incdir)/sudo_queue.h $(incdir)/sudo_util.h \ + $(srcdir)/defaults.h $(srcdir)/logging.h $(srcdir)/parse.h \ + $(srcdir)/sudo_nss.h $(srcdir)/sudoers.h \ + $(srcdir)/sudoers_debug.h $(top_builddir)/config.h \ + $(top_builddir)/pathnames.h + $(LIBTOOL) $(LTFLAGS) --mode=compile $(CC) -c $(CPPFLAGS) $(CFLAGS) $(ASAN_CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(srcdir)/fmtsudoers_cvt.c +fmtsudoers_cvt.i: $(srcdir)/fmtsudoers_cvt.c $(devdir)/def_data.h \ + $(devdir)/gram.h $(incdir)/compat/stdbool.h \ + $(incdir)/sudo_compat.h $(incdir)/sudo_conf.h \ + $(incdir)/sudo_debug.h $(incdir)/sudo_eventlog.h \ + $(incdir)/sudo_fatal.h $(incdir)/sudo_gettext.h \ + $(incdir)/sudo_lbuf.h $(incdir)/sudo_plugin.h \ + $(incdir)/sudo_queue.h $(incdir)/sudo_util.h \ + $(srcdir)/defaults.h $(srcdir)/logging.h $(srcdir)/parse.h \ + $(srcdir)/sudo_nss.h $(srcdir)/sudoers.h \ + $(srcdir)/sudoers_debug.h $(top_builddir)/config.h \ + $(top_builddir)/pathnames.h + $(CC) -E -o $@ $(CPPFLAGS) $< +fmtsudoers_cvt.plog: fmtsudoers_cvt.i + rm -f $@; pvs-studio --cfg $(PVS_CFG) --sourcetree-root $(top_srcdir) --skip-cl-exe yes --source-file $(srcdir)/fmtsudoers_cvt.c --i-file $< --output-file $@ +fuzz_policy.o: $(srcdir)/regress/fuzz/fuzz_policy.c $(devdir)/def_data.h \ + $(incdir)/compat/getaddrinfo.h $(incdir)/compat/stdbool.h \ + $(incdir)/sudo_compat.h $(incdir)/sudo_conf.h \ + $(incdir)/sudo_debug.h $(incdir)/sudo_eventlog.h \ + $(incdir)/sudo_fatal.h $(incdir)/sudo_gettext.h \ + $(incdir)/sudo_plugin.h $(incdir)/sudo_queue.h \ + $(incdir)/sudo_util.h $(srcdir)/defaults.h \ + $(srcdir)/interfaces.h $(srcdir)/logging.h $(srcdir)/parse.h \ + $(srcdir)/sudo_nss.h $(srcdir)/sudoers.h \ + $(srcdir)/sudoers_debug.h $(top_builddir)/config.h \ + $(top_builddir)/pathnames.h + $(CC) -c $(CPPFLAGS) $(CFLAGS) $(ASAN_CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(srcdir)/regress/fuzz/fuzz_policy.c +fuzz_policy.i: $(srcdir)/regress/fuzz/fuzz_policy.c $(devdir)/def_data.h \ + $(incdir)/compat/getaddrinfo.h $(incdir)/compat/stdbool.h \ + $(incdir)/sudo_compat.h $(incdir)/sudo_conf.h \ + $(incdir)/sudo_debug.h $(incdir)/sudo_eventlog.h \ + $(incdir)/sudo_fatal.h $(incdir)/sudo_gettext.h \ + $(incdir)/sudo_plugin.h $(incdir)/sudo_queue.h \ + $(incdir)/sudo_util.h $(srcdir)/defaults.h \ + $(srcdir)/interfaces.h $(srcdir)/logging.h $(srcdir)/parse.h \ + $(srcdir)/sudo_nss.h $(srcdir)/sudoers.h \ + $(srcdir)/sudoers_debug.h $(top_builddir)/config.h \ + $(top_builddir)/pathnames.h + $(CC) -E -o $@ $(CPPFLAGS) $< +fuzz_policy.plog: fuzz_policy.i + rm -f $@; pvs-studio --cfg $(PVS_CFG) --sourcetree-root $(top_srcdir) --skip-cl-exe yes --source-file $(srcdir)/regress/fuzz/fuzz_policy.c --i-file $< --output-file $@ +fuzz_stubs.o: $(srcdir)/regress/fuzz/fuzz_stubs.c $(devdir)/def_data.h \ + $(incdir)/compat/stdbool.h $(incdir)/sudo_compat.h \ + $(incdir)/sudo_conf.h $(incdir)/sudo_debug.h \ + $(incdir)/sudo_eventlog.h $(incdir)/sudo_fatal.h \ + $(incdir)/sudo_gettext.h $(incdir)/sudo_plugin.h \ + $(incdir)/sudo_queue.h $(incdir)/sudo_util.h \ + $(srcdir)/defaults.h $(srcdir)/interfaces.h $(srcdir)/logging.h \ + $(srcdir)/parse.h $(srcdir)/sudo_nss.h $(srcdir)/sudoers.h \ + $(srcdir)/sudoers_debug.h $(top_builddir)/config.h \ + $(top_builddir)/pathnames.h + $(CC) -c $(CPPFLAGS) $(CFLAGS) $(ASAN_CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(srcdir)/regress/fuzz/fuzz_stubs.c +fuzz_stubs.i: $(srcdir)/regress/fuzz/fuzz_stubs.c $(devdir)/def_data.h \ + $(incdir)/compat/stdbool.h $(incdir)/sudo_compat.h \ + $(incdir)/sudo_conf.h $(incdir)/sudo_debug.h \ + $(incdir)/sudo_eventlog.h $(incdir)/sudo_fatal.h \ + $(incdir)/sudo_gettext.h $(incdir)/sudo_plugin.h \ + $(incdir)/sudo_queue.h $(incdir)/sudo_util.h \ + $(srcdir)/defaults.h $(srcdir)/interfaces.h $(srcdir)/logging.h \ + $(srcdir)/parse.h $(srcdir)/sudo_nss.h $(srcdir)/sudoers.h \ + $(srcdir)/sudoers_debug.h $(top_builddir)/config.h \ + $(top_builddir)/pathnames.h + $(CC) -E -o $@ $(CPPFLAGS) $< +fuzz_stubs.plog: fuzz_stubs.i + rm -f $@; pvs-studio --cfg $(PVS_CFG) --sourcetree-root $(top_srcdir) --skip-cl-exe yes --source-file $(srcdir)/regress/fuzz/fuzz_stubs.c --i-file $< --output-file $@ +fuzz_sudoers.o: $(srcdir)/regress/fuzz/fuzz_sudoers.c $(devdir)/def_data.h \ + $(incdir)/compat/stdbool.h $(incdir)/sudo_compat.h \ + $(incdir)/sudo_conf.h $(incdir)/sudo_debug.h \ + $(incdir)/sudo_eventlog.h $(incdir)/sudo_fatal.h \ + $(incdir)/sudo_gettext.h $(incdir)/sudo_plugin.h \ + $(incdir)/sudo_queue.h $(incdir)/sudo_util.h \ + $(srcdir)/defaults.h $(srcdir)/interfaces.h \ + $(srcdir)/logging.h $(srcdir)/parse.h $(srcdir)/sudo_nss.h \ + $(srcdir)/sudoers.h $(srcdir)/sudoers_debug.h \ + $(top_builddir)/config.h $(top_builddir)/pathnames.h + $(CC) -c $(CPPFLAGS) $(CFLAGS) $(ASAN_CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(srcdir)/regress/fuzz/fuzz_sudoers.c +fuzz_sudoers.i: $(srcdir)/regress/fuzz/fuzz_sudoers.c $(devdir)/def_data.h \ + $(incdir)/compat/stdbool.h $(incdir)/sudo_compat.h \ + $(incdir)/sudo_conf.h $(incdir)/sudo_debug.h \ + $(incdir)/sudo_eventlog.h $(incdir)/sudo_fatal.h \ + $(incdir)/sudo_gettext.h $(incdir)/sudo_plugin.h \ + $(incdir)/sudo_queue.h $(incdir)/sudo_util.h \ + $(srcdir)/defaults.h $(srcdir)/interfaces.h \ + $(srcdir)/logging.h $(srcdir)/parse.h $(srcdir)/sudo_nss.h \ + $(srcdir)/sudoers.h $(srcdir)/sudoers_debug.h \ + $(top_builddir)/config.h $(top_builddir)/pathnames.h + $(CC) -E -o $@ $(CPPFLAGS) $< +fuzz_sudoers.plog: fuzz_sudoers.i + rm -f $@; pvs-studio --cfg $(PVS_CFG) --sourcetree-root $(top_srcdir) --skip-cl-exe yes --source-file $(srcdir)/regress/fuzz/fuzz_sudoers.c --i-file $< --output-file $@ +fuzz_sudoers_ldif.o: $(srcdir)/regress/fuzz/fuzz_sudoers_ldif.c \ + $(devdir)/def_data.h $(incdir)/compat/stdbool.h \ + $(incdir)/sudo_compat.h $(incdir)/sudo_conf.h \ + $(incdir)/sudo_debug.h $(incdir)/sudo_eventlog.h \ + $(incdir)/sudo_fatal.h $(incdir)/sudo_gettext.h \ + $(incdir)/sudo_plugin.h $(incdir)/sudo_queue.h \ + $(incdir)/sudo_util.h $(srcdir)/defaults.h \ + $(srcdir)/logging.h $(srcdir)/parse.h \ + $(srcdir)/sudo_nss.h $(srcdir)/sudoers.h \ + $(srcdir)/sudoers_debug.h $(top_builddir)/config.h \ + $(top_builddir)/pathnames.h + $(CC) -c $(CPPFLAGS) $(CFLAGS) $(ASAN_CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(srcdir)/regress/fuzz/fuzz_sudoers_ldif.c +fuzz_sudoers_ldif.i: $(srcdir)/regress/fuzz/fuzz_sudoers_ldif.c \ + $(devdir)/def_data.h $(incdir)/compat/stdbool.h \ + $(incdir)/sudo_compat.h $(incdir)/sudo_conf.h \ + $(incdir)/sudo_debug.h $(incdir)/sudo_eventlog.h \ + $(incdir)/sudo_fatal.h $(incdir)/sudo_gettext.h \ + $(incdir)/sudo_plugin.h $(incdir)/sudo_queue.h \ + $(incdir)/sudo_util.h $(srcdir)/defaults.h \ + $(srcdir)/logging.h $(srcdir)/parse.h \ + $(srcdir)/sudo_nss.h $(srcdir)/sudoers.h \ + $(srcdir)/sudoers_debug.h $(top_builddir)/config.h \ + $(top_builddir)/pathnames.h + $(CC) -E -o $@ $(CPPFLAGS) $< +fuzz_sudoers_ldif.plog: fuzz_sudoers_ldif.i + rm -f $@; pvs-studio --cfg $(PVS_CFG) --sourcetree-root $(top_srcdir) --skip-cl-exe yes --source-file $(srcdir)/regress/fuzz/fuzz_sudoers_ldif.c --i-file $< --output-file $@ fwtk.lo: $(authdir)/fwtk.c $(authdir)/sudo_auth.h $(devdir)/def_data.h \ $(incdir)/compat/stdbool.h $(incdir)/sudo_compat.h \ $(incdir)/sudo_conf.h $(incdir)/sudo_debug.h \ @@ -1466,18 +1931,6 @@ $(CC) -E -o $@ $(CPPFLAGS) $< getspwuid.plog: getspwuid.i rm -f $@; pvs-studio --cfg $(PVS_CFG) --sourcetree-root $(top_srcdir) --skip-cl-exe yes --source-file $(srcdir)/getspwuid.c --i-file $< --output-file $@ -gmtoff.lo: $(srcdir)/gmtoff.c $(incdir)/compat/stdbool.h \ - $(incdir)/sudo_compat.h $(incdir)/sudo_debug.h \ - $(incdir)/sudo_queue.h $(srcdir)/parse.h $(srcdir)/sudoers_debug.h \ - $(top_builddir)/config.h - $(LIBTOOL) $(LTFLAGS) --mode=compile $(CC) -c $(CPPFLAGS) $(CFLAGS) $(ASAN_CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(srcdir)/gmtoff.c -gmtoff.i: $(srcdir)/gmtoff.c $(incdir)/compat/stdbool.h \ - $(incdir)/sudo_compat.h $(incdir)/sudo_debug.h \ - $(incdir)/sudo_queue.h $(srcdir)/parse.h $(srcdir)/sudoers_debug.h \ - $(top_builddir)/config.h - $(CC) -E -o $@ $(CPPFLAGS) $< -gmtoff.plog: gmtoff.i - rm -f $@; pvs-studio --cfg $(PVS_CFG) --sourcetree-root $(top_srcdir) --skip-cl-exe yes --source-file $(srcdir)/gmtoff.c --i-file $< --output-file $@ goodpath.lo: $(srcdir)/goodpath.c $(devdir)/def_data.h \ $(incdir)/compat/stdbool.h $(incdir)/sudo_compat.h \ $(incdir)/sudo_conf.h $(incdir)/sudo_debug.h \ @@ -2126,26 +2579,6 @@ $(CC) -E -o $@ $(CPPFLAGS) $< pwutil_impl.plog: pwutil_impl.i rm -f $@; pvs-studio --cfg $(PVS_CFG) --sourcetree-root $(top_srcdir) --skip-cl-exe yes --source-file $(srcdir)/pwutil_impl.c --i-file $< --output-file $@ -rcstr.lo: $(srcdir)/rcstr.c $(devdir)/def_data.h $(incdir)/compat/stdbool.h \ - $(incdir)/sudo_compat.h $(incdir)/sudo_conf.h $(incdir)/sudo_debug.h \ - $(incdir)/sudo_eventlog.h $(incdir)/sudo_fatal.h \ - $(incdir)/sudo_gettext.h $(incdir)/sudo_plugin.h \ - $(incdir)/sudo_queue.h $(incdir)/sudo_util.h $(srcdir)/defaults.h \ - $(srcdir)/logging.h $(srcdir)/parse.h $(srcdir)/sudo_nss.h \ - $(srcdir)/sudoers.h $(srcdir)/sudoers_debug.h \ - $(top_builddir)/config.h $(top_builddir)/pathnames.h - $(LIBTOOL) $(LTFLAGS) --mode=compile $(CC) -c $(CPPFLAGS) $(CFLAGS) $(ASAN_CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(srcdir)/rcstr.c -rcstr.i: $(srcdir)/rcstr.c $(devdir)/def_data.h $(incdir)/compat/stdbool.h \ - $(incdir)/sudo_compat.h $(incdir)/sudo_conf.h $(incdir)/sudo_debug.h \ - $(incdir)/sudo_eventlog.h $(incdir)/sudo_fatal.h \ - $(incdir)/sudo_gettext.h $(incdir)/sudo_plugin.h \ - $(incdir)/sudo_queue.h $(incdir)/sudo_util.h $(srcdir)/defaults.h \ - $(srcdir)/logging.h $(srcdir)/parse.h $(srcdir)/sudo_nss.h \ - $(srcdir)/sudoers.h $(srcdir)/sudoers_debug.h \ - $(top_builddir)/config.h $(top_builddir)/pathnames.h - $(CC) -E -o $@ $(CPPFLAGS) $< -rcstr.plog: rcstr.i - rm -f $@; pvs-studio --cfg $(PVS_CFG) --sourcetree-root $(top_srcdir) --skip-cl-exe yes --source-file $(srcdir)/rcstr.c --i-file $< --output-file $@ redblack.lo: $(srcdir)/redblack.c $(devdir)/def_data.h \ $(incdir)/compat/stdbool.h $(incdir)/sudo_compat.h \ $(incdir)/sudo_conf.h $(incdir)/sudo_debug.h \ @@ -2352,6 +2785,30 @@ $(CC) -E -o $@ $(CPPFLAGS) $< starttime.plog: starttime.i rm -f $@; pvs-studio --cfg $(PVS_CFG) --sourcetree-root $(top_srcdir) --skip-cl-exe yes --source-file $(srcdir)/starttime.c --i-file $< --output-file $@ +strlcpy_unesc.lo: $(srcdir)/strlcpy_unesc.c $(devdir)/def_data.h \ + $(incdir)/compat/stdbool.h $(incdir)/sudo_compat.h \ + $(incdir)/sudo_conf.h $(incdir)/sudo_debug.h \ + $(incdir)/sudo_eventlog.h $(incdir)/sudo_fatal.h \ + $(incdir)/sudo_gettext.h $(incdir)/sudo_plugin.h \ + $(incdir)/sudo_queue.h $(incdir)/sudo_util.h \ + $(srcdir)/defaults.h $(srcdir)/logging.h $(srcdir)/parse.h \ + $(srcdir)/sudo_nss.h $(srcdir)/sudoers.h \ + $(srcdir)/sudoers_debug.h $(top_builddir)/config.h \ + $(top_builddir)/pathnames.h + $(LIBTOOL) $(LTFLAGS) --mode=compile $(CC) -c $(CPPFLAGS) $(CFLAGS) $(ASAN_CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(srcdir)/strlcpy_unesc.c +strlcpy_unesc.i: $(srcdir)/strlcpy_unesc.c $(devdir)/def_data.h \ + $(incdir)/compat/stdbool.h $(incdir)/sudo_compat.h \ + $(incdir)/sudo_conf.h $(incdir)/sudo_debug.h \ + $(incdir)/sudo_eventlog.h $(incdir)/sudo_fatal.h \ + $(incdir)/sudo_gettext.h $(incdir)/sudo_plugin.h \ + $(incdir)/sudo_queue.h $(incdir)/sudo_util.h \ + $(srcdir)/defaults.h $(srcdir)/logging.h $(srcdir)/parse.h \ + $(srcdir)/sudo_nss.h $(srcdir)/sudoers.h \ + $(srcdir)/sudoers_debug.h $(top_builddir)/config.h \ + $(top_builddir)/pathnames.h + $(CC) -E -o $@ $(CPPFLAGS) $< +strlcpy_unesc.plog: strlcpy_unesc.i + rm -f $@; pvs-studio --cfg $(PVS_CFG) --sourcetree-root $(top_srcdir) --skip-cl-exe yes --source-file $(srcdir)/strlcpy_unesc.c --i-file $< --output-file $@ strlist.lo: $(srcdir)/strlist.c $(incdir)/compat/stdbool.h \ $(incdir)/sudo_compat.h $(incdir)/sudo_debug.h \ $(incdir)/sudo_queue.h $(incdir)/sudo_util.h $(srcdir)/strlist.h \ @@ -2364,6 +2821,30 @@ $(CC) -E -o $@ $(CPPFLAGS) $< strlist.plog: strlist.i rm -f $@; pvs-studio --cfg $(PVS_CFG) --sourcetree-root $(top_srcdir) --skip-cl-exe yes --source-file $(srcdir)/strlist.c --i-file $< --output-file $@ +strvec_join.lo: $(srcdir)/strvec_join.c $(devdir)/def_data.h \ + $(incdir)/compat/stdbool.h $(incdir)/sudo_compat.h \ + $(incdir)/sudo_conf.h $(incdir)/sudo_debug.h \ + $(incdir)/sudo_eventlog.h $(incdir)/sudo_fatal.h \ + $(incdir)/sudo_gettext.h $(incdir)/sudo_plugin.h \ + $(incdir)/sudo_queue.h $(incdir)/sudo_util.h \ + $(srcdir)/defaults.h $(srcdir)/logging.h $(srcdir)/parse.h \ + $(srcdir)/sudo_nss.h $(srcdir)/sudoers.h \ + $(srcdir)/sudoers_debug.h $(top_builddir)/config.h \ + $(top_builddir)/pathnames.h + $(LIBTOOL) $(LTFLAGS) --mode=compile $(CC) -c $(CPPFLAGS) $(CFLAGS) $(ASAN_CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(srcdir)/strvec_join.c +strvec_join.i: $(srcdir)/strvec_join.c $(devdir)/def_data.h \ + $(incdir)/compat/stdbool.h $(incdir)/sudo_compat.h \ + $(incdir)/sudo_conf.h $(incdir)/sudo_debug.h \ + $(incdir)/sudo_eventlog.h $(incdir)/sudo_fatal.h \ + $(incdir)/sudo_gettext.h $(incdir)/sudo_plugin.h \ + $(incdir)/sudo_queue.h $(incdir)/sudo_util.h \ + $(srcdir)/defaults.h $(srcdir)/logging.h $(srcdir)/parse.h \ + $(srcdir)/sudo_nss.h $(srcdir)/sudoers.h \ + $(srcdir)/sudoers_debug.h $(top_builddir)/config.h \ + $(top_builddir)/pathnames.h + $(CC) -E -o $@ $(CPPFLAGS) $< +strvec_join.plog: strvec_join.i + rm -f $@; pvs-studio --cfg $(PVS_CFG) --sourcetree-root $(top_srcdir) --skip-cl-exe yes --source-file $(srcdir)/strvec_join.c --i-file $< --output-file $@ stubs.o: $(srcdir)/stubs.c $(devdir)/def_data.h $(incdir)/compat/stdbool.h \ $(incdir)/sudo_compat.h $(incdir)/sudo_conf.h $(incdir)/sudo_debug.h \ $(incdir)/sudo_eventlog.h $(incdir)/sudo_fatal.h \ @@ -2455,7 +2936,7 @@ $(incdir)/sudo_fatal.h $(incdir)/sudo_gettext.h \ $(incdir)/sudo_iolog.h $(incdir)/sudo_plugin.h \ $(incdir)/sudo_queue.h $(incdir)/sudo_util.h \ - $(srcdir)/auth/sudo_auth.h $(srcdir)/defaults.h \ + $(srcdir)/auth/sudo_auth.h $(srcdir)/check.h $(srcdir)/defaults.h \ $(srcdir)/logging.h $(srcdir)/parse.h $(srcdir)/sudo_nss.h \ $(srcdir)/sudoers.h $(srcdir)/sudoers_debug.h \ $(top_builddir)/config.h $(top_builddir)/pathnames.h @@ -2467,7 +2948,7 @@ $(incdir)/sudo_fatal.h $(incdir)/sudo_gettext.h \ $(incdir)/sudo_iolog.h $(incdir)/sudo_plugin.h \ $(incdir)/sudo_queue.h $(incdir)/sudo_util.h \ - $(srcdir)/auth/sudo_auth.h $(srcdir)/defaults.h \ + $(srcdir)/auth/sudo_auth.h $(srcdir)/check.h $(srcdir)/defaults.h \ $(srcdir)/logging.h $(srcdir)/parse.h $(srcdir)/sudo_nss.h \ $(srcdir)/sudoers.h $(srcdir)/sudoers_debug.h \ $(top_builddir)/config.h $(top_builddir)/pathnames.h @@ -2498,6 +2979,30 @@ $(CC) -E -o $@ $(CPPFLAGS) $< sudoers_debug.plog: sudoers_debug.i rm -f $@; pvs-studio --cfg $(PVS_CFG) --sourcetree-root $(top_srcdir) --skip-cl-exe yes --source-file $(srcdir)/sudoers_debug.c --i-file $< --output-file $@ +sudoers_hooks.lo: $(srcdir)/sudoers_hooks.c $(devdir)/def_data.h \ + $(incdir)/compat/stdbool.h $(incdir)/sudo_compat.h \ + $(incdir)/sudo_conf.h $(incdir)/sudo_debug.h \ + $(incdir)/sudo_eventlog.h $(incdir)/sudo_fatal.h \ + $(incdir)/sudo_gettext.h $(incdir)/sudo_plugin.h \ + $(incdir)/sudo_queue.h $(incdir)/sudo_util.h \ + $(srcdir)/defaults.h $(srcdir)/logging.h $(srcdir)/parse.h \ + $(srcdir)/sudo_nss.h $(srcdir)/sudoers.h \ + $(srcdir)/sudoers_debug.h $(top_builddir)/config.h \ + $(top_builddir)/pathnames.h + $(LIBTOOL) $(LTFLAGS) --mode=compile $(CC) -c $(CPPFLAGS) $(CFLAGS) $(ASAN_CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(srcdir)/sudoers_hooks.c +sudoers_hooks.i: $(srcdir)/sudoers_hooks.c $(devdir)/def_data.h \ + $(incdir)/compat/stdbool.h $(incdir)/sudo_compat.h \ + $(incdir)/sudo_conf.h $(incdir)/sudo_debug.h \ + $(incdir)/sudo_eventlog.h $(incdir)/sudo_fatal.h \ + $(incdir)/sudo_gettext.h $(incdir)/sudo_plugin.h \ + $(incdir)/sudo_queue.h $(incdir)/sudo_util.h \ + $(srcdir)/defaults.h $(srcdir)/logging.h $(srcdir)/parse.h \ + $(srcdir)/sudo_nss.h $(srcdir)/sudoers.h \ + $(srcdir)/sudoers_debug.h $(top_builddir)/config.h \ + $(top_builddir)/pathnames.h + $(CC) -E -o $@ $(CPPFLAGS) $< +sudoers_hooks.plog: sudoers_hooks.i + rm -f $@; pvs-studio --cfg $(PVS_CFG) --sourcetree-root $(top_srcdir) --skip-cl-exe yes --source-file $(srcdir)/sudoers_hooks.c --i-file $< --output-file $@ sudoreplay.o: $(srcdir)/sudoreplay.c $(incdir)/compat/getopt.h \ $(incdir)/compat/stdbool.h $(incdir)/sudo_compat.h \ $(incdir)/sudo_conf.h $(incdir)/sudo_debug.h \ @@ -2544,6 +3049,34 @@ $(CC) -E -o $@ $(CPPFLAGS) $< testsudoers.plog: testsudoers.i rm -f $@; pvs-studio --cfg $(PVS_CFG) --sourcetree-root $(top_srcdir) --skip-cl-exe yes --source-file $(srcdir)/testsudoers.c --i-file $< --output-file $@ +testsudoers_pwutil.o: $(srcdir)/testsudoers_pwutil.c $(devdir)/def_data.h \ + $(incdir)/compat/stdbool.h $(incdir)/sudo_compat.h \ + $(incdir)/sudo_conf.h $(incdir)/sudo_debug.h \ + $(incdir)/sudo_eventlog.h $(incdir)/sudo_fatal.h \ + $(incdir)/sudo_gettext.h $(incdir)/sudo_plugin.h \ + $(incdir)/sudo_queue.h $(incdir)/sudo_util.h \ + $(srcdir)/defaults.h $(srcdir)/logging.h \ + $(srcdir)/parse.h $(srcdir)/pwutil.h \ + $(srcdir)/pwutil_impl.c $(srcdir)/sudo_nss.h \ + $(srcdir)/sudoers.h $(srcdir)/sudoers_debug.h \ + $(srcdir)/tsgetgrpw.h $(top_builddir)/config.h \ + $(top_builddir)/pathnames.h + $(CC) -c $(CPPFLAGS) $(CFLAGS) $(ASAN_CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(srcdir)/testsudoers_pwutil.c +testsudoers_pwutil.i: $(srcdir)/testsudoers_pwutil.c $(devdir)/def_data.h \ + $(incdir)/compat/stdbool.h $(incdir)/sudo_compat.h \ + $(incdir)/sudo_conf.h $(incdir)/sudo_debug.h \ + $(incdir)/sudo_eventlog.h $(incdir)/sudo_fatal.h \ + $(incdir)/sudo_gettext.h $(incdir)/sudo_plugin.h \ + $(incdir)/sudo_queue.h $(incdir)/sudo_util.h \ + $(srcdir)/defaults.h $(srcdir)/logging.h \ + $(srcdir)/parse.h $(srcdir)/pwutil.h \ + $(srcdir)/pwutil_impl.c $(srcdir)/sudo_nss.h \ + $(srcdir)/sudoers.h $(srcdir)/sudoers_debug.h \ + $(srcdir)/tsgetgrpw.h $(top_builddir)/config.h \ + $(top_builddir)/pathnames.h + $(CC) -E -o $@ $(CPPFLAGS) $< +testsudoers_pwutil.plog: testsudoers_pwutil.i + rm -f $@; pvs-studio --cfg $(PVS_CFG) --sourcetree-root $(top_srcdir) --skip-cl-exe yes --source-file $(srcdir)/testsudoers_pwutil.c --i-file $< --output-file $@ timeout.lo: $(srcdir)/timeout.c $(incdir)/compat/stdbool.h \ $(incdir)/sudo_compat.h $(incdir)/sudo_debug.h \ $(incdir)/sudo_queue.h $(srcdir)/parse.h $(srcdir)/sudoers_debug.h \ diff -Nru sudo-1.9.5p2/plugins/sudoers/alias.c sudo-1.9.9/plugins/sudoers/alias.c --- sudo-1.9.5p2/plugins/sudoers/alias.c 2020-12-17 01:34:30.000000000 +0000 +++ sudo-1.9.9/plugins/sudoers/alias.c 2022-01-27 21:24:22.000000000 +0000 @@ -127,22 +127,29 @@ a = calloc(1, sizeof(*a)); if (a == NULL) debug_return_bool(false); + + /* Only set elements used by alias_compare() in case there is a dupe. */ a->name = name; a->type = type; - /* a->used = false; */ - a->file = rcstr_addref(file); - a->line = line; - a->column = column; - HLTQ_TO_TAILQ(&a->members, members, entries); switch (rbinsert(parse_tree->aliases, a, NULL)) { case 1: - alias_free(a); + free(a); errno = EEXIST; debug_return_bool(false); case -1: - alias_free(a); + free(a); debug_return_bool(false); } + + /* + * It is now safe to fill in the rest of the alias. We do this last + * since it modifies "file" (adds a ref) and "members" (tailq conversion). + */ + /* a->used = false; */ + a->file = sudo_rcstr_addref(file); + a->line = line; + a->column = column; + HLTQ_TO_TAILQ(&a->members, members, entries); debug_return_bool(true); } @@ -208,7 +215,7 @@ if (a != NULL) { free(a->name); - rcstr_delref(a->file); + sudo_rcstr_delref(a->file); free_members(&a->members); free(a); } @@ -220,14 +227,14 @@ * Find the named alias, remove it from the tree and return it. */ struct alias * -alias_remove(struct sudoers_parse_tree *parse_tree, char *name, int type) +alias_remove(struct sudoers_parse_tree *parse_tree, const char *name, int type) { struct rbnode *node; struct alias key; debug_decl(alias_remove, SUDOERS_DEBUG_ALIAS); if (parse_tree->aliases != NULL) { - key.name = name; + key.name = (char *)name; key.type = type; if ((node = rbfind(parse_tree->aliases, &key)) != NULL) debug_return_ptr(rbdelete(parse_tree->aliases, node)); @@ -346,20 +353,20 @@ TAILQ_FOREACH(d, &parse_tree->defaults, entries) { switch (d->type) { case DEFAULTS_HOST: - errors += alias_find_used_members(parse_tree, d->binding, - HOSTALIAS, used_aliases); + errors += alias_find_used_members(parse_tree, + &d->binding->members, HOSTALIAS, used_aliases); break; case DEFAULTS_USER: - errors += alias_find_used_members(parse_tree, d->binding, - USERALIAS, used_aliases); + errors += alias_find_used_members(parse_tree, + &d->binding->members, USERALIAS, used_aliases); break; case DEFAULTS_RUNAS: - errors += alias_find_used_members(parse_tree, d->binding, - RUNASALIAS, used_aliases); + errors += alias_find_used_members(parse_tree, + &d->binding->members, RUNASALIAS, used_aliases); break; case DEFAULTS_CMND: - errors += alias_find_used_members(parse_tree, d->binding, - CMNDALIAS, used_aliases); + errors += alias_find_used_members(parse_tree, + &d->binding->members, CMNDALIAS, used_aliases); break; default: break; diff -Nru sudo-1.9.5p2/plugins/sudoers/audit.c sudo-1.9.9/plugins/sudoers/audit.c --- sudo-1.9.5p2/plugins/sudoers/audit.c 2020-12-17 01:34:30.000000000 +0000 +++ sudo-1.9.9/plugins/sudoers/audit.c 2022-01-27 21:24:22.000000000 +0000 @@ -30,7 +30,9 @@ #include #include "sudoers.h" -#include "log_client.h" +#ifdef SUDOERS_LOG_CLIENT +# include "log_client.h" +#endif #ifdef HAVE_BSM_AUDIT # include "bsm_audit.h" @@ -43,7 +45,6 @@ #endif #ifdef SUDOERS_LOG_CLIENT -static struct client_closure *client_closure = NULL; static struct log_details audit_details; #endif char *audit_msg = NULL; @@ -197,16 +198,15 @@ debug_return_int(ret); } -#ifdef SUDOERS_LOG_CLIENT static void audit_to_eventlog(struct eventlog *evlog, char * const command_info[], - char * const run_argv[], char * const run_envp[]) + char * const run_argv[], char * const run_envp[], const char *uuid_str) { char * const *cur; debug_decl(audit_to_eventlog, SUDOERS_DEBUG_PLUGIN); /* Fill in evlog from sudoers Defaults, run_argv and run_envp. */ - sudoers_to_eventlog(evlog, run_argv, run_envp); + sudoers_to_eventlog(evlog, run_argv, run_envp, uuid_str); /* Update iolog and execution environment from command_info[]. */ if (command_info != NULL) { @@ -225,9 +225,7 @@ case 'i': if (strncmp(*cur, "iolog_path=", sizeof("iolog_path=") - 1) == 0) { evlog->iolog_path = *cur + sizeof("iolog_path=") - 1; - evlog->iolog_file = strrchr(evlog->iolog_path, '/'); - if (evlog->iolog_file != NULL) - evlog->iolog_file++; + evlog->iolog_file = sudo_basename(evlog->iolog_path); continue; } break; @@ -244,37 +242,53 @@ debug_return; } +#ifdef SUDOERS_LOG_CLIENT static bool -log_server_accept(char * const command_info[], char * const run_argv[], - char * const run_envp[]) +log_server_accept(struct eventlog *evlog) { - struct eventlog *evlog; struct timespec now; bool ret = false; debug_decl(log_server_accept, SUDOERS_DEBUG_PLUGIN); - /* Only send accept event to log server if I/O log plugin did not. */ - if (SLIST_EMPTY(&def_log_servers) || def_log_input || def_log_output) + if (SLIST_EMPTY(&def_log_servers)) debug_return_bool(true); + if (client_closure != NULL && ISSET(sudo_mode, MODE_POLICY_INTERCEPTED)) { + /* Older servers don't support multiple commands per session. */ + if (!client_closure->subcommands) + debug_return_bool(true); + } else { + /* Only send accept event to log server if I/O log plugin did not. */ + if (def_log_input || def_log_output) + debug_return_bool(true); + } + if (sudo_gettime_real(&now) == -1) { sudo_warn("%s", U_("unable to get time of day")); goto done; } - if ((evlog = malloc(sizeof(*evlog))) == NULL) { - sudo_warnx(U_("%s: %s"), __func__, U_("unable to allocate memory")); - goto done; - } - audit_to_eventlog(evlog, command_info, run_argv, run_envp); - if (!init_log_details(&audit_details, evlog)) - goto done; + if (client_closure != NULL) { + /* Use existing client closure. */ + if (fmt_accept_message(client_closure, evlog)) { + if (client_closure->write_ev->add(client_closure->write_ev, + &client_closure->log_details->server_timeout) == -1) { + sudo_warn("%s", U_("unable to add event to queue")); + goto done; + } + ret = true; + } + } else { + if (!init_log_details(&audit_details, evlog)) + goto done; + + /* Open connection to log server, send hello and accept messages. */ + client_closure = log_server_open(&audit_details, &now, false, + SEND_ACCEPT, NULL, sudoers_audit.event_alloc); + if (client_closure != NULL) + ret = true; + } - /* Open connection to log server, send hello and accept messages. */ - client_closure = log_server_open(&audit_details, &now, false, - SEND_ACCEPT, NULL, sudoers_audit.event_alloc); - if (client_closure != NULL) - ret = true; done: debug_return_bool(ret); } @@ -306,8 +320,7 @@ } #else static bool -log_server_accept(char * const command_info[], char * const run_argv[], - char * const run_envp[]) +log_server_accept(struct eventlog *evlog) { return true; } @@ -324,6 +337,8 @@ char * const command_info[], char * const run_argv[], char * const run_envp[], const char **errstr) { + const char *uuid_str = NULL; + struct eventlog evlog; int ret = true; debug_decl(sudoers_audit_accept, SUDOERS_DEBUG_PLUGIN); @@ -337,10 +352,14 @@ if (audit_success(run_argv) != 0 && !def_ignore_audit_errors) ret = false; - if (!log_allowed() && !def_ignore_logfile_errors) + if (!ISSET(sudo_mode, MODE_POLICY_INTERCEPTED)) + uuid_str = sudo_user.uuid_str; + + audit_to_eventlog(&evlog, command_info, run_argv, run_envp, uuid_str); + if (!log_allowed(&evlog) && !def_ignore_logfile_errors) ret = false; - if (!log_server_accept(command_info, run_argv, run_envp)) { + if (!log_server_accept(&evlog)) { if (!def_ignore_logfile_errors) ret = false; } @@ -368,7 +387,7 @@ ret = false; } - audit_to_eventlog(&evlog, command_info, NewArgv, env_get()); + audit_to_eventlog(&evlog, command_info, NewArgv, env_get(), NULL); if (!eventlog_reject(&evlog, 0, message, NULL, NULL)) ret = false; @@ -401,7 +420,7 @@ debug_return_bool(false); } - audit_to_eventlog(&evlog, command_info, NewArgv, env_get()); + audit_to_eventlog(&evlog, command_info, NewArgv, env_get(), NULL); if (!eventlog_alert(&evlog, 0, &now, message, NULL)) ret = false; diff -Nru sudo-1.9.5p2/plugins/sudoers/auth/API sudo-1.9.9/plugins/sudoers/auth/API --- sudo-1.9.5p2/plugins/sudoers/auth/API 2020-12-17 01:33:44.000000000 +0000 +++ sudo-1.9.9/plugins/sudoers/auth/API 2022-01-27 21:24:22.000000000 +0000 @@ -45,6 +45,10 @@ to determine whether to return a fatal or nonfatal error. + FLAG_NONINTERACTIVE If set, this indicates that the user invoked + sudo with the -n option and no user interaction + is allowed. + The member functions can return the following values: AUTH_SUCCESS Function succeeded. For a ``verify'' function this means the user correctly authenticated. @@ -59,6 +63,14 @@ When verify_user() gets AUTH_FATAL from an auth function it does an exit(1). + AUTH_INTR An attempt to read the password read was interrupted. + Usually this means the user entered ^C at the + password prompt. + + AUTH_NONINTERACTIVE Function failed because user interaction was + required but sudo was run in non-interactive + mode. + The functions in the struct are as follows: int init(struct passwd *pw, sudo_auth *auth) diff -Nru sudo-1.9.5p2/plugins/sudoers/auth/afs.c sudo-1.9.9/plugins/sudoers/auth/afs.c --- sudo-1.9.5p2/plugins/sudoers/auth/afs.c 2020-12-17 01:33:43.000000000 +0000 +++ sudo-1.9.9/plugins/sudoers/auth/afs.c 2022-01-27 21:24:22.000000000 +0000 @@ -50,6 +50,9 @@ struct ktc_token afs_token; debug_decl(sudo_afs_verify, SUDOERS_DEBUG_AUTH); + if (IS_NONINTERACTIVE(auth)) + debug_return_int(AUTH_NONINTERACTIVE); + /* Try to just check the password */ ka_StringToKey(pass, NULL, &afs_key); if (ka_GetAdminToken(pw->pw_name, /* name */ diff -Nru sudo-1.9.5p2/plugins/sudoers/auth/aix_auth.c sudo-1.9.9/plugins/sudoers/auth/aix_auth.c --- sudo-1.9.5p2/plugins/sudoers/auth/aix_auth.c 2020-12-17 01:33:43.000000000 +0000 +++ sudo-1.9.9/plugins/sudoers/auth/aix_auth.c 2022-01-27 21:24:22.000000000 +0000 @@ -236,6 +236,9 @@ int ret = AUTH_SUCCESS; debug_decl(sudo_aix_verify, SUDOERS_DEBUG_AUTH); + if (IS_NONINTERACTIVE(auth)) + debug_return_int(AUTH_NONINTERACTIVE); + do { pass = auth_getpass(prompt, SUDO_CONV_PROMPT_ECHO_OFF, callback); if (pass == NULL) diff -Nru sudo-1.9.5p2/plugins/sudoers/auth/bsdauth.c sudo-1.9.9/plugins/sudoers/auth/bsdauth.c --- sudo-1.9.5p2/plugins/sudoers/auth/bsdauth.c 2020-12-17 01:33:43.000000000 +0000 +++ sudo-1.9.9/plugins/sudoers/auth/bsdauth.c 2022-01-27 21:24:22.000000000 +0000 @@ -60,6 +60,10 @@ static struct bsdauth_state state; debug_decl(bsdauth_init, SUDOERS_DEBUG_AUTH); + /* Only initialize once. */ + if (auth->data != NULL) + debug_return_int(AUTH_SUCCESS); + /* Get login class based on auth user, which may not be invoking user. */ if (pw->pw_class && *pw->pw_class) state.lc = login_getclass(pw->pw_class); @@ -110,6 +114,9 @@ auth_session_t *as = ((struct bsdauth_state *) auth->data)->as; debug_decl(bsdauth_verify, SUDOERS_DEBUG_AUTH); + if (IS_NONINTERACTIVE(auth)) + debug_return_int(AUTH_NONINTERACTIVE); + /* save old signal handler */ sigemptyset(&sa.sa_mask); sa.sa_flags = SA_RESTART; @@ -192,8 +199,12 @@ if (state != NULL) { auth_close(state->as); + state->as = NULL; login_close(state->lc); + state->lc = NULL; + auth->data = NULL; } + login_style = NULL; debug_return_int(AUTH_SUCCESS); } diff -Nru sudo-1.9.5p2/plugins/sudoers/auth/dce.c sudo-1.9.9/plugins/sudoers/auth/dce.c --- sudo-1.9.5p2/plugins/sudoers/auth/dce.c 2020-12-17 01:33:44.000000000 +0000 +++ sudo-1.9.9/plugins/sudoers/auth/dce.c 2022-01-27 21:24:22.000000000 +0000 @@ -68,6 +68,9 @@ error_status_t status; debug_decl(sudo_dce_verify, SUDOERS_DEBUG_AUTH); + if (IS_NONINTERACTIVE(auth)) + debug_return_int(AUTH_NONINTERACTIVE); + /* * Create the local context of the DCE principal necessary * to perform authenticated network operations. The network diff -Nru sudo-1.9.5p2/plugins/sudoers/auth/fwtk.c sudo-1.9.9/plugins/sudoers/auth/fwtk.c --- sudo-1.9.5p2/plugins/sudoers/auth/fwtk.c 2020-12-17 01:33:43.000000000 +0000 +++ sudo-1.9.9/plugins/sudoers/auth/fwtk.c 2022-01-27 21:24:22.000000000 +0000 @@ -50,6 +50,13 @@ char resp[128]; /* Response from the server */ debug_decl(sudo_fwtk_init, SUDOERS_DEBUG_AUTH); + /* Only initialize once. */ + if (auth->data != NULL) + debug_return_int(AUTH_SUCCESS); + + if (IS_NONINTERACTIVE(auth)) + debug_return_int(AUTH_NONINTERACTIVE); + if ((confp = cfg_read("sudo")) == (Cfg *)-1) { sudo_warnx("%s", U_("unable to read fwtk config")); debug_return_int(AUTH_FATAL); @@ -69,6 +76,7 @@ sudo_warnx(U_("authentication server error:\n%s"), resp); debug_return_int(AUTH_FATAL); } + auth->data = (void *) confp; debug_return_int(AUTH_SUCCESS); } diff -Nru sudo-1.9.5p2/plugins/sudoers/auth/kerb5.c sudo-1.9.9/plugins/sudoers/auth/kerb5.c --- sudo-1.9.5p2/plugins/sudoers/auth/kerb5.c 2020-12-17 01:33:43.000000000 +0000 +++ sudo-1.9.9/plugins/sudoers/auth/kerb5.c 2022-01-27 21:24:22.000000000 +0000 @@ -135,7 +135,9 @@ char cache_name[64], *pname = pw->pw_name; debug_decl(sudo_krb5_init, SUDOERS_DEBUG_AUTH); - auth->data = (void *) &sudo_krb5_data; /* Stash all our data here */ + /* Only initialize once. */ + if (auth->data != NULL) + debug_return_int(AUTH_SUCCESS); if (sudo_krb5_instance != NULL) { int len = asprintf(&pname, "%s%s%s", pw->pw_name, @@ -171,6 +173,8 @@ goto done; } + auth->data = (void *) &sudo_krb5_data; /* Stash all our data here */ + done: if (sudo_krb5_instance != NULL) free(pname); diff -Nru sudo-1.9.5p2/plugins/sudoers/auth/pam.c sudo-1.9.9/plugins/sudoers/auth/pam.c --- sudo-1.9.5p2/plugins/sudoers/auth/pam.c 2021-01-23 15:45:11.000000000 +0000 +++ sudo-1.9.9/plugins/sudoers/auth/pam.c 2022-01-27 21:24:25.000000000 +0000 @@ -92,6 +92,7 @@ static struct pam_conv pam_conv = { converse, &conv_callback }; static char *def_prompt = PASSPROMPT; static bool getpass_error; +static bool noninteractive; static pam_handle_t *pamh; static struct conv_filter *conv_filter; @@ -198,16 +199,21 @@ /* Stash pointer to last pam status. */ auth->data = &pam_status; -#ifdef _AIX if (pamh != NULL) { - /* Already initialized (may happen with AIX). */ + /* Already initialized (may happen with AIX or with sub-commands). */ debug_return_int(AUTH_SUCCESS); } -#endif /* _AIX */ - /* Initial PAM. */ - pam_service = ISSET(sudo_mode, MODE_LOGIN_SHELL) ? - def_pam_login_service : def_pam_service; + /* Stash value of noninteractive flag for conversation function. */ + noninteractive = IS_NONINTERACTIVE(auth); + + /* Initialize PAM. */ + if (ISSET(sudo_mode, MODE_ASKPASS) && def_pam_askpass_service != NULL) { + pam_service = def_pam_askpass_service; + } else { + pam_service = ISSET(sudo_mode, MODE_LOGIN_SHELL) ? + def_pam_login_service : def_pam_service; + } pam_status = pam_start(pam_service, pw->pw_name, &pam_conv, &pamh); if (pam_status != PAM_SUCCESS) { errstr = sudo_pam_strerror(NULL, pam_status); @@ -243,16 +249,7 @@ "pam_set_item(pamh, PAM_RHOST, %s): %s", user_host, errstr); } } - -#if defined(__LINUX_PAM__) || defined(__sun__) - /* - * Some PAM modules assume PAM_TTY is set and will misbehave (or crash) - * if it is not. Known offenders include pam_lastlog and pam_time. - */ - if (ttypath == NULL) - ttypath = ""; -#endif - if (ttypath != NULL) { // -V547 + if (ttypath != NULL) { rc = pam_set_item(pamh, PAM_TTY, ttypath); if (rc != PAM_SUCCESS) { errstr = sudo_pam_strerror(pamh, rc); @@ -311,6 +308,9 @@ /* PAM_SILENT prevents the authentication service from generating output. */ *pam_status = pam_authenticate(pamh, PAM_SILENT); + /* Restore def_prompt, the passed-in prompt may be freed later. */ + def_prompt = PASSPROMPT; + /* Restore KRB5CCNAME to its original value. */ if (envccname == NULL && sudo_unsetenv("KRB5CCNAME") != 0) { sudo_debug_printf(SUDO_DEBUG_WARN|SUDO_DEBUG_LINENO, @@ -320,7 +320,7 @@ if (getpass_error) { /* error or ^C from tgetpass() */ - debug_return_int(AUTH_INTR); + debug_return_int(noninteractive ? AUTH_NONINTERACTIVE : AUTH_INTR); } switch (*pam_status) { case PAM_SUCCESS: @@ -525,7 +525,6 @@ if (!env_init(*user_envp) || !env_merge(pam_envp)) status = AUTH_FATAL; *user_envp = env_get(); - (void)env_init(NULL); free(pam_envp); /* XXX - we leak any duplicates that were in pam_envp */ } @@ -707,6 +706,13 @@ if (getpass_error) goto done; + /* Treat non-interactive mode as a getpass error. */ + if (noninteractive) { + getpass_error = true; + ret = PAM_CONV_ERR; + goto done; + } + /* Choose either the sudo prompt or the PAM one. */ prompt = use_pam_prompt(pm->msg) ? pm->msg : def_prompt; diff -Nru sudo-1.9.5p2/plugins/sudoers/auth/passwd.c sudo-1.9.9/plugins/sudoers/auth/passwd.c --- sudo-1.9.5p2/plugins/sudoers/auth/passwd.c 2020-12-17 01:33:44.000000000 +0000 +++ sudo-1.9.9/plugins/sudoers/auth/passwd.c 2022-01-27 21:24:22.000000000 +0000 @@ -45,6 +45,10 @@ { debug_decl(sudo_passwd_init, SUDOERS_DEBUG_AUTH); + /* Only initialize once. */ + if (auth->data != NULL) + debug_return_int(AUTH_SUCCESS); + #ifdef HAVE_SKEYACCESS if (skeyaccess(pw, user_tty, NULL, NULL) == 0) debug_return_int(AUTH_FAILURE); diff -Nru sudo-1.9.5p2/plugins/sudoers/auth/secureware.c sudo-1.9.9/plugins/sudoers/auth/secureware.c --- sudo-1.9.5p2/plugins/sudoers/auth/secureware.c 2020-12-17 01:33:43.000000000 +0000 +++ sudo-1.9.9/plugins/sudoers/auth/secureware.c 2022-01-27 21:24:22.000000000 +0000 @@ -55,6 +55,10 @@ { debug_decl(sudo_secureware_init, SUDOERS_DEBUG_AUTH); + /* Only initialize once. */ + if (auth->data != NULL) + debug_return_int(AUTH_SUCCESS); + #ifdef __alpha if (crypt_type == INT_MAX) debug_return_int(AUTH_FAILURE); /* no shadow */ diff -Nru sudo-1.9.5p2/plugins/sudoers/auth/securid5.c sudo-1.9.9/plugins/sudoers/auth/securid5.c --- sudo-1.9.5p2/plugins/sudoers/auth/securid5.c 2020-12-17 01:33:43.000000000 +0000 +++ sudo-1.9.9/plugins/sudoers/auth/securid5.c 2022-01-27 21:24:22.000000000 +0000 @@ -63,14 +63,22 @@ static SDI_HANDLE sd_dat; /* SecurID handle */ debug_decl(sudo_securid_init, SUDOERS_DEBUG_AUTH); - auth->data = (void *) &sd_dat; /* For method-specific data */ + /* Only initialize once. */ + if (auth->data != NULL) + debug_return_int(AUTH_SUCCESS); + + if (IS_NONINTERACTIVE(auth)) + debug_return_int(AUTH_NONINTERACTIVE); /* Start communications */ - if (AceInitialize() != SD_FALSE) - debug_return_int(AUTH_SUCCESS); + if (AceInitialize() == SD_FALSE) { + sudo_warnx("%s", U_("failed to initialise the ACE API library")); + debug_return_int(AUTH_FATAL); + } + + auth->data = (void *) &sd_dat; /* For method-specific data */ - sudo_warnx("%s", U_("failed to initialise the ACE API library")); - debug_return_int(AUTH_FATAL); + debug_return_int(AUTH_SUCCESS); } /* diff -Nru sudo-1.9.5p2/plugins/sudoers/auth/sia.c sudo-1.9.9/plugins/sudoers/auth/sia.c --- sudo-1.9.5p2/plugins/sudoers/auth/sia.c 2020-12-17 01:33:44.000000000 +0000 +++ sudo-1.9.9/plugins/sudoers/auth/sia.c 2022-01-27 21:24:22.000000000 +0000 @@ -83,6 +83,9 @@ int rc; debug_decl(sudo_sia_verify, SUDOERS_DEBUG_AUTH); + if (IS_NONINTERACTIVE(auth)) + debug_return_int(AUTH_NONINTERACTIVE); + /* Get password, return AUTH_INTR if we got ^C */ pass = auth_getpass(prompt, SUDO_CONV_PROMPT_ECHO_OFF, callback); if (pass == NULL) diff -Nru sudo-1.9.5p2/plugins/sudoers/auth/sudo_auth.c sudo-1.9.9/plugins/sudoers/auth/sudo_auth.c --- sudo-1.9.5p2/plugins/sudoers/auth/sudo_auth.c 2020-12-17 01:33:43.000000000 +0000 +++ sudo-1.9.9/plugins/sudoers/auth/sudo_auth.c 2022-01-27 21:24:22.000000000 +0000 @@ -98,7 +98,7 @@ * Returns 0 on success and -1 on error. */ int -sudo_auth_init(struct passwd *pw) +sudo_auth_init(struct passwd *pw, int mode) { sudo_auth *auth; int status = AUTH_SUCCESS; @@ -109,6 +109,8 @@ /* Initialize auth methods and unconfigure the method if necessary. */ for (auth = auth_switch; auth->name; auth++) { + if (ISSET(mode, MODE_NONINTERACTIVE)) + SET(auth->flags, FLAG_NONINTERACTIVE); if (auth->init && !IS_DISABLED(auth)) { /* Disable if it failed to init unless there was a fatal error. */ status = (auth->init)(pw, auth); @@ -297,6 +299,8 @@ status = (auth->setup)(pw, &prompt, auth); if (status == AUTH_FAILURE) SET(auth->flags, FLAG_DISABLED); + else if (status == AUTH_NONINTERACTIVE) + goto done; else if (status == AUTH_FATAL || user_interrupted()) goto done; /* assume error msg already printed */ } @@ -310,6 +314,10 @@ /* Get the password unless the auth function will do it for us */ if (!standalone) { + if (IS_NONINTERACTIVE(&auth_switch[0])) { + success = AUTH_NONINTERACTIVE; + goto done; + } pass = auth_getpass(prompt, SUDO_CONV_PROMPT_ECHO_OFF, callback); if (pass == NULL) break; @@ -344,10 +352,13 @@ case AUTH_INTR: case AUTH_FAILURE: if (ntries != 0) - validated |= FLAG_BAD_PASSWORD; + SET(validated, FLAG_BAD_PASSWORD); log_auth_failure(validated, ntries); ret = false; break; + case AUTH_NONINTERACTIVE: + SET(validated, FLAG_NO_USER_INPUT); + FALLTHROUGH; case AUTH_FATAL: default: log_auth_failure(validated, 0); diff -Nru sudo-1.9.5p2/plugins/sudoers/auth/sudo_auth.h sudo-1.9.9/plugins/sudoers/auth/sudo_auth.h --- sudo-1.9.5p2/plugins/sudoers/auth/sudo_auth.h 2020-12-17 01:33:43.000000000 +0000 +++ sudo-1.9.9/plugins/sudoers/auth/sudo_auth.h 2022-01-27 21:24:22.000000000 +0000 @@ -20,10 +20,11 @@ #define SUDO_AUTH_H /* Auth function return values. */ -#define AUTH_SUCCESS 0 -#define AUTH_FAILURE 1 -#define AUTH_INTR 2 -#define AUTH_FATAL 3 +#define AUTH_SUCCESS 0 +#define AUTH_FAILURE 1 +#define AUTH_INTR 2 +#define AUTH_FATAL 3 +#define AUTH_NONINTERACTIVE 4 typedef struct sudo_auth { int flags; /* various flags, see below */ @@ -40,14 +41,16 @@ } sudo_auth; /* Values for sudo_auth.flags. */ -#define FLAG_DISABLED 0x02 /* method disabled */ -#define FLAG_STANDALONE 0x04 /* standalone auth method */ -#define FLAG_ONEANDONLY 0x08 /* one and only auth method */ +#define FLAG_DISABLED 0x02 /* method disabled */ +#define FLAG_STANDALONE 0x04 /* standalone auth method */ +#define FLAG_ONEANDONLY 0x08 /* one and only auth method */ +#define FLAG_NONINTERACTIVE 0x10 /* no user input allowed */ /* Shortcuts for using the flags above. */ #define IS_DISABLED(x) ((x)->flags & FLAG_DISABLED) #define IS_STANDALONE(x) ((x)->flags & FLAG_STANDALONE) #define IS_ONEANDONLY(x) ((x)->flags & FLAG_ONEANDONLY) +#define IS_NONINTERACTIVE(x) ((x)->flags & FLAG_NONINTERACTIVE) /* Like tgetpass() but uses conversation function */ char *auth_getpass(const char *prompt, int type, struct sudo_conv_callback *callback); diff -Nru sudo-1.9.5p2/plugins/sudoers/b64_decode.c sudo-1.9.9/plugins/sudoers/b64_decode.c --- sudo-1.9.5p2/plugins/sudoers/b64_decode.c 1970-01-01 00:00:00.000000000 +0000 +++ sudo-1.9.9/plugins/sudoers/b64_decode.c 2022-01-27 21:24:06.000000000 +0000 @@ -0,0 +1,83 @@ +/* + * SPDX-License-Identifier: ISC + * + * Copyright (c) 2013-2018 Todd C. Miller + * + * Permission to use, copy, modify, and distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR + * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN + * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF + * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + */ + +/* + * This is an open source non-commercial project. Dear PVS-Studio, please check it. + * PVS-Studio Static Code Analyzer for C, C++ and C#: http://www.viva64.com + */ + +#include + +#include "sudoers.h" + +/* + * Derived from code with the following declaration: + * PUBLIC DOMAIN - Jon Mayo - November 13, 2003 + */ + +static const unsigned char base64dec_tab[256]= { + 255,255,255,255,255,255,255,255,255,255,255,255,255,255,255,255, + 255,255,255,255,255,255,255,255,255,255,255,255,255,255,255,255, + 255,255,255,255,255,255,255,255,255,255,255, 62,255,255,255, 63, + 52, 53, 54, 55, 56, 57, 58, 59, 60, 61,255,255,255, 0,255,255, + 255, 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, + 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25,255,255,255,255,255, + 255, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, + 41, 42, 43, 44, 45, 46, 47, 48, 49, 50, 51,255,255,255,255,255, + 255,255,255,255,255,255,255,255,255,255,255,255,255,255,255,255, + 255,255,255,255,255,255,255,255,255,255,255,255,255,255,255,255, + 255,255,255,255,255,255,255,255,255,255,255,255,255,255,255,255, + 255,255,255,255,255,255,255,255,255,255,255,255,255,255,255,255, + 255,255,255,255,255,255,255,255,255,255,255,255,255,255,255,255, + 255,255,255,255,255,255,255,255,255,255,255,255,255,255,255,255, + 255,255,255,255,255,255,255,255,255,255,255,255,255,255,255,255, + 255,255,255,255,255,255,255,255,255,255,255,255,255,255,255,255, +}; + +/* + * Decode a NUL-terminated string in base64 format and store the + * result in dst. + */ +size_t +base64_decode(const char *in, unsigned char *out, size_t out_size) +{ + unsigned char *out_end = out + out_size; + const unsigned char *out0 = out; + unsigned int rem, v; + debug_decl(base64_decode, SUDOERS_DEBUG_MATCH); + + for (v = 0, rem = 0; *in != '\0' && *in != '='; in++) { + unsigned char ch = base64dec_tab[(unsigned char)*in]; + if (ch == 255) + debug_return_size_t((size_t)-1); + v = (v << 6) | ch; + rem += 6; + if (rem >= 8) { + rem -= 8; + if (out >= out_end) + debug_return_size_t((size_t)-1); + *out++ = (v >> rem) & 0xff; + } + } + if (rem >= 8) { + if (out >= out_end) + debug_return_size_t((size_t)-1); + *out++ = (v >> rem) & 0xff; + } + debug_return_size_t((size_t)(out - out0)); +} diff -Nru sudo-1.9.5p2/plugins/sudoers/b64_encode.c sudo-1.9.9/plugins/sudoers/b64_encode.c --- sudo-1.9.5p2/plugins/sudoers/b64_encode.c 1970-01-01 00:00:00.000000000 +0000 +++ sudo-1.9.9/plugins/sudoers/b64_encode.c 2022-01-27 21:24:06.000000000 +0000 @@ -0,0 +1,64 @@ +/* + * SPDX-License-Identifier: ISC + * + * Copyright (c) 2013-2018 Todd C. Miller + * + * Permission to use, copy, modify, and distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR + * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN + * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF + * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + */ + +/* + * This is an open source non-commercial project. Dear PVS-Studio, please check it. + * PVS-Studio Static Code Analyzer for C, C++ and C#: http://www.viva64.com + */ + +#include + +#include "sudoers.h" + +static const unsigned char base64enc_tab[64] = + "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/"; + +size_t +base64_encode(const unsigned char *in, size_t in_len, char *out, size_t out_len) +{ + size_t ii, io; + unsigned int rem, v; + debug_decl(base64_encode, SUDOERS_DEBUG_MATCH); + + for (io = 0, ii = 0, v = 0, rem = 0; ii < in_len; ii++) { + unsigned char ch = in[ii]; + v = (v << 8) | ch; + rem += 8; + while (rem >= 6) { + rem -= 6; + if (io >= out_len) + debug_return_size_t((size_t)-1); /* truncation is failure */ + out[io++] = base64enc_tab[(v >> rem) & 63]; + } + } + if (rem != 0) { + v <<= (6 - rem); + if (io >= out_len) + debug_return_size_t((size_t)-1); /* truncation is failure */ + out[io++] = base64enc_tab[v&63]; + } + while (io & 3) { + if (io >= out_len) + debug_return_size_t((size_t)-1); /* truncation is failure */ + out[io++] = '='; + } + if (io >= out_len) + debug_return_size_t((size_t)-1); /* no room for NUL terminator */ + out[io] = '\0'; + debug_return_size_t(io); +} diff -Nru sudo-1.9.5p2/plugins/sudoers/base64.c sudo-1.9.9/plugins/sudoers/base64.c --- sudo-1.9.5p2/plugins/sudoers/base64.c 2020-12-17 01:33:43.000000000 +0000 +++ sudo-1.9.9/plugins/sudoers/base64.c 1970-01-01 00:00:00.000000000 +0000 @@ -1,121 +0,0 @@ -/* - * SPDX-License-Identifier: ISC - * - * Copyright (c) 2013-2018 Todd C. Miller - * - * Permission to use, copy, modify, and distribute this software for any - * purpose with or without fee is hereby granted, provided that the above - * copyright notice and this permission notice appear in all copies. - * - * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES - * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF - * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR - * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES - * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN - * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF - * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. - */ - -/* - * This is an open source non-commercial project. Dear PVS-Studio, please check it. - * PVS-Studio Static Code Analyzer for C, C++ and C#: http://www.viva64.com - */ - -#include - -#include "sudoers.h" - -/* - * Derived from code with the following declaration: - * PUBLIC DOMAIN - Jon Mayo - November 13, 2003 - */ - -static const unsigned char base64dec_tab[256]= { - 255,255,255,255,255,255,255,255,255,255,255,255,255,255,255,255, - 255,255,255,255,255,255,255,255,255,255,255,255,255,255,255,255, - 255,255,255,255,255,255,255,255,255,255,255, 62,255,255,255, 63, - 52, 53, 54, 55, 56, 57, 58, 59, 60, 61,255,255,255, 0,255,255, - 255, 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, - 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25,255,255,255,255,255, - 255, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, - 41, 42, 43, 44, 45, 46, 47, 48, 49, 50, 51,255,255,255,255,255, - 255,255,255,255,255,255,255,255,255,255,255,255,255,255,255,255, - 255,255,255,255,255,255,255,255,255,255,255,255,255,255,255,255, - 255,255,255,255,255,255,255,255,255,255,255,255,255,255,255,255, - 255,255,255,255,255,255,255,255,255,255,255,255,255,255,255,255, - 255,255,255,255,255,255,255,255,255,255,255,255,255,255,255,255, - 255,255,255,255,255,255,255,255,255,255,255,255,255,255,255,255, - 255,255,255,255,255,255,255,255,255,255,255,255,255,255,255,255, - 255,255,255,255,255,255,255,255,255,255,255,255,255,255,255,255, -}; - -/* - * Decode a NUL-terminated string in base64 format and store the - * result in dst. - */ -size_t -base64_decode(const char *in, unsigned char *out, size_t out_size) -{ - unsigned char *out_end = out + out_size; - const unsigned char *out0 = out; - unsigned int rem, v; - debug_decl(base64_decode, SUDOERS_DEBUG_MATCH); - - for (v = 0, rem = 0; *in != '\0' && *in != '='; in++) { - unsigned char ch = base64dec_tab[(unsigned char)*in]; - if (ch == 255) - debug_return_size_t((size_t)-1); - v = (v << 6) | ch; - rem += 6; - if (rem >= 8) { - rem -= 8; - if (out >= out_end) - debug_return_size_t((size_t)-1); - *out++ = (v >> rem) & 0xff; - } - } - if (rem >= 8) { - if (out >= out_end) - debug_return_size_t((size_t)-1); - *out++ = (v >> rem) & 0xff; - } - debug_return_size_t((size_t)(out - out0)); -} - -static const unsigned char base64enc_tab[64] = - "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/"; - -size_t -base64_encode(const unsigned char *in, size_t in_len, char *out, size_t out_len) -{ - size_t ii, io; - unsigned int rem, v; - debug_decl(base64_encode, SUDOERS_DEBUG_MATCH); - - for (io = 0, ii = 0, v = 0, rem = 0; ii < in_len; ii++) { - unsigned char ch = in[ii]; - v = (v << 8) | ch; - rem += 8; - while (rem >= 6) { - rem -= 6; - if (io >= out_len) - debug_return_size_t((size_t)-1); /* truncation is failure */ - out[io++] = base64enc_tab[(v >> rem) & 63]; - } - } - if (rem != 0) { - v <<= (6 - rem); - if (io >= out_len) - debug_return_size_t((size_t)-1); /* truncation is failure */ - out[io++] = base64enc_tab[v&63]; - } - while (io & 3) { - if (io >= out_len) - debug_return_size_t((size_t)-1); /* truncation is failure */ - out[io++] = '='; - } - if (io >= out_len) - debug_return_size_t((size_t)-1); /* no room for NUL terminator */ - out[io] = '\0'; - debug_return_size_t(io); -} diff -Nru sudo-1.9.5p2/plugins/sudoers/boottime.c sudo-1.9.9/plugins/sudoers/boottime.c --- sudo-1.9.5p2/plugins/sudoers/boottime.c 2020-12-17 01:33:44.000000000 +0000 +++ sudo-1.9.9/plugins/sudoers/boottime.c 2022-01-27 21:24:22.000000000 +0000 @@ -33,7 +33,7 @@ #include #include #ifndef __linux__ -# if defined(HAVE_SYSCTL) && defined(KERN_BOOTTIME) +# if defined(HAVE_SYS_SYSCTL_H) # include # elif defined(HAVE_GETUTXID) # include diff -Nru sudo-1.9.5p2/plugins/sudoers/check.c sudo-1.9.9/plugins/sudoers/check.c --- sudo-1.9.5p2/plugins/sudoers/check.c 2021-01-09 20:12:16.000000000 +0000 +++ sudo-1.9.9/plugins/sudoers/check.c 2022-01-27 21:24:22.000000000 +0000 @@ -125,13 +125,6 @@ FALLTHROUGH; default: - /* Bail out if we are non-interactive and a password is required */ - if (ISSET(mode, MODE_NONINTERACTIVE)) { - validated |= FLAG_NON_INTERACTIVE; - log_auth_failure(validated, 0); - goto done; - } - /* XXX - should not lecture if askpass helper is being used. */ lectured = display_lecture(closure->tstat); @@ -170,7 +163,7 @@ */ if ((closure.auth_pw = get_authpw(mode)) == NULL) goto done; - if (sudo_auth_init(closure.auth_pw) == -1) + if (sudo_auth_init(closure.auth_pw, mode) == -1) goto done; /* @@ -299,8 +292,14 @@ bool ret = false; debug_decl(user_is_exempt, SUDOERS_DEBUG_AUTH); - if (def_exempt_group) - ret = user_in_group(sudo_user.pw, def_exempt_group); + if (ISSET(sudo_mode, MODE_POLICY_INTERCEPTED)) { + if (!def_intercept_authenticate) + ret = true; + } + if (def_exempt_group) { + if (user_in_group(sudo_user.pw, def_exempt_group)) + ret = true; + } debug_return_bool(ret); } @@ -322,17 +321,17 @@ } else { if (def_rootpw) { if ((pw = sudo_getpwuid(ROOT_UID)) == NULL) { - log_warningx(SLOG_SEND_MAIL, N_("unknown uid: %u"), ROOT_UID); + log_warningx(SLOG_SEND_MAIL, N_("unknown uid %u"), ROOT_UID); } } else if (def_runaspw) { if ((pw = sudo_getpwnam(def_runas_default)) == NULL) { log_warningx(SLOG_SEND_MAIL, - N_("unknown user: %s"), def_runas_default); + N_("unknown user %s"), def_runas_default); } } else if (def_targetpw) { if (runas_pw->pw_name == NULL) { /* This should never be NULL as we fake up the passwd struct */ - log_warningx(SLOG_RAW_MSG, N_("unknown uid: %u"), + log_warningx(SLOG_RAW_MSG, N_("unknown uid %u"), (unsigned int) runas_pw->pw_uid); } else { sudo_pw_addref(runas_pw); diff -Nru sudo-1.9.5p2/plugins/sudoers/check.h sudo-1.9.9/plugins/sudoers/check.h --- sudo-1.9.5p2/plugins/sudoers/check.h 2020-12-17 01:33:44.000000000 +0000 +++ sudo-1.9.9/plugins/sudoers/check.h 2022-01-27 21:24:06.000000000 +0000 @@ -85,5 +85,6 @@ int get_starttime(pid_t pid, struct timespec *starttime); bool already_lectured(int status); int set_lectured(void); +int create_admin_success_flag(void); #endif /* SUDOERS_CHECK_H */ diff -Nru sudo-1.9.5p2/plugins/sudoers/check_aliases.c sudo-1.9.9/plugins/sudoers/check_aliases.c --- sudo-1.9.5p2/plugins/sudoers/check_aliases.c 1970-01-01 00:00:00.000000000 +0000 +++ sudo-1.9.9/plugins/sudoers/check_aliases.c 2022-01-27 21:24:22.000000000 +0000 @@ -0,0 +1,192 @@ +/* + * SPDX-License-Identifier: ISC + * + * Copyright (c) 2004-2005, 2007-2018 Todd C. Miller + * + * Permission to use, copy, modify, and distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR + * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN + * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF + * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + */ + +/* + * This is an open source non-commercial project. Dear PVS-Studio, please check it. + * PVS-Studio Static Code Analyzer for C, C++ and C#: http://www.viva64.com + */ + +#include + +#include +#include +#include +#include + +#include "sudoers.h" +#include + +struct alias_warned { + SLIST_ENTRY(alias_warned) entries; + const char *name; +}; +SLIST_HEAD(alias_warned_list, alias_warned); + +static bool +alias_warned(struct alias_warned_list *warned, char *name) +{ + struct alias_warned *w; + debug_decl(alias_warned, SUDOERS_DEBUG_ALIAS); + + SLIST_FOREACH(w, warned, entries) { + if (strcmp(w->name, name) == 0) + debug_return_bool(true); + } + + debug_return_bool(false); +} + +static void +alias_warned_add(struct alias_warned_list *warned, char *name) +{ + struct alias_warned *w; + debug_decl(alias_warned_add, SUDOERS_DEBUG_ALIAS); + + w = malloc(sizeof(*w)); + if (w != NULL) { + w->name = name; + SLIST_INSERT_HEAD(warned, w, entries); + } + + debug_return; +} + +static int +check_alias(struct sudoers_parse_tree *parse_tree, + struct alias_warned_list *warned, char *name, int type, + char *file, int line, int column, bool strict, bool quiet) +{ + struct member *m; + struct alias *a; + int errors = 0; + debug_decl(check_alias, SUDOERS_DEBUG_ALIAS); + + if ((a = alias_get(parse_tree, name, type)) != NULL) { + /* check alias contents */ + TAILQ_FOREACH(m, &a->members, entries) { + if (m->type != ALIAS) + continue; + errors += check_alias(parse_tree, warned, m->name, type, + a->file, a->line, a->column, strict, quiet); + } + alias_put(a); + } else { + if (!quiet && !alias_warned(warned, name)) { + if (errno == ELOOP) { + sudo_printf(SUDO_CONV_ERROR_MSG, strict ? + U_("Error: %s:%d:%d: cycle in %s \"%s\"") : + U_("Warning: %s:%d:%d: cycle in %s \"%s\""), + file, line, column, alias_type_to_string(type), name); + } else { + sudo_printf(SUDO_CONV_ERROR_MSG, strict ? + U_("Error: %s:%d:%d: %s \"%s\" referenced but not defined") : + U_("Warning: %s:%d:%d: %s \"%s\" referenced but not defined"), + file, line, column, alias_type_to_string(type), name); + } + sudo_printf(SUDO_CONV_ERROR_MSG, "\n"); + if (strict && errorfile == NULL) { + errorfile = sudo_rcstr_addref(file); + errorlineno = line; + } + alias_warned_add(warned, name); + } + errors++; + } + + debug_return_int(errors); +} + +/* + * Iterate through the sudoers datastructures looking for undefined + * aliases or unused aliases. + */ +int +check_aliases(struct sudoers_parse_tree *parse_tree, bool strict, bool quiet, + int (*cb_unused)(struct sudoers_parse_tree *, struct alias *, void *)) +{ + struct alias_warned_list warned = SLIST_HEAD_INITIALIZER(warned); + struct rbtree *used_aliases; + struct alias_warned *w; + struct cmndspec *cs; + struct member *m; + struct privilege *priv; + struct userspec *us; + int errors = 0; + debug_decl(check_aliases, SUDOERS_DEBUG_ALIAS); + + used_aliases = alloc_aliases(); + if (used_aliases == NULL) { + sudo_warnx(U_("%s: %s"), __func__, U_("unable to allocate memory")); + debug_return_int(-1); + } + + /* Forward check. */ + TAILQ_FOREACH(us, &parse_tree->userspecs, entries) { + TAILQ_FOREACH(m, &us->users, entries) { + if (m->type == ALIAS) { + errors += check_alias(parse_tree, &warned, m->name, USERALIAS, + us->file, us->line, us->column, strict, quiet); + } + } + TAILQ_FOREACH(priv, &us->privileges, entries) { + TAILQ_FOREACH(m, &priv->hostlist, entries) { + if (m->type == ALIAS) { + errors += check_alias(parse_tree, &warned, m->name, HOSTALIAS, + us->file, us->line, us->column, strict, quiet); + } + } + TAILQ_FOREACH(cs, &priv->cmndlist, entries) { + if (cs->runasuserlist != NULL) { + TAILQ_FOREACH(m, cs->runasuserlist, entries) { + if (m->type == ALIAS) { + errors += check_alias(parse_tree, &warned, m->name, RUNASALIAS, + us->file, us->line, us->column, strict, quiet); + } + } + } + if (cs->runasgrouplist != NULL) { + TAILQ_FOREACH(m, cs->runasgrouplist, entries) { + if (m->type == ALIAS) { + errors += check_alias(parse_tree, &warned, m->name, RUNASALIAS, + us->file, us->line, us->column, strict, quiet); + } + } + } + if ((m = cs->cmnd)->type == ALIAS) { + errors += check_alias(parse_tree, &warned, m->name, CMNDALIAS, + us->file, us->line, us->column, strict, quiet); + } + } + } + } + while ((w = SLIST_FIRST(&warned)) != NULL) { + SLIST_REMOVE_HEAD(&warned, entries); + free(w); + } + + /* Reverse check (destructive) */ + if (!alias_find_used(parse_tree, used_aliases)) + errors++; + free_aliases(used_aliases); + + /* If all aliases were referenced we will have an empty tree. */ + if (!no_aliases(parse_tree)) + alias_apply(parse_tree, cb_unused, &quiet); + + debug_return_int(strict ? errors : 0); +} diff -Nru sudo-1.9.5p2/plugins/sudoers/cvtsudoers.c sudo-1.9.9/plugins/sudoers/cvtsudoers.c --- sudo-1.9.5p2/plugins/sudoers/cvtsudoers.c 2020-12-17 01:33:43.000000000 +0000 +++ sudo-1.9.9/plugins/sudoers/cvtsudoers.c 2022-01-27 21:24:22.000000000 +0000 @@ -1,7 +1,7 @@ /* * SPDX-License-Identifier: ISC * - * Copyright (c) 2018-2020 Todd C. Miller + * Copyright (c) 2018-2021 Todd C. Miller * * Permission to use, copy, modify, and distribute this software for any * purpose with or without fee is hereby granted, provided that the above @@ -48,15 +48,21 @@ #include "sudo_lbuf.h" #include "redblack.h" #include "cvtsudoers.h" +#include "tsgetgrpw.h" #include +/* Long-only options values. */ +#define OPT_GROUP_FILE 256 +#define OPT_PASSWD_FILE 257 + /* * Globals */ struct cvtsudoers_filter *filters; struct sudo_user sudo_user; struct passwd *list_pw; -static const char short_opts[] = "b:c:d:ef:hi:I:m:Mo:O:pP:s:V"; +static FILE *logfp; +static const char short_opts[] = "b:c:d:ef:hi:I:l:m:Mo:O:pP:s:V"; static struct option long_opts[] = { { "base", required_argument, NULL, 'b' }, { "config", required_argument, NULL, 'c' }, @@ -66,6 +72,7 @@ { "help", no_argument, NULL, 'h' }, { "input-format", required_argument, NULL, 'i' }, { "increment", required_argument, NULL, 'I' }, + { "logfile", required_argument, NULL, 'l' }, { "match", required_argument, NULL, 'm' }, { "match-local", no_argument, NULL, 'M' }, { "prune-matches", no_argument, NULL, 'p' }, @@ -74,7 +81,9 @@ { "output", required_argument, NULL, 'o' }, { "suppress", required_argument, NULL, 's' }, { "version", no_argument, NULL, 'V' }, - { NULL, no_argument, NULL, '\0' }, + { "group-file", required_argument, NULL, OPT_GROUP_FILE }, + { "passwd-file", required_argument, NULL, OPT_PASSWD_FILE }, + { NULL, no_argument, NULL, 0 }, }; sudo_dso_public int main(int argc, char *argv[]); @@ -96,15 +105,18 @@ int main(int argc, char *argv[]) { - int ch, exitcode = EXIT_FAILURE; + struct sudoers_parse_tree_list parse_trees = TAILQ_HEAD_INITIALIZER(parse_trees); + struct sudoers_parse_tree merged_tree, *parse_tree = NULL; + struct cvtsudoers_config *conf = NULL; enum sudoers_formats output_format = format_ldif; enum sudoers_formats input_format = format_sudoers; - struct cvtsudoers_config *conf = NULL; - bool match_local = false; const char *input_file = "-"; const char *output_file = "-"; const char *conf_file = _PATH_CVTSUDOERS_CONF; - const char *errstr; + const char *grfile = NULL, *pwfile = NULL; + const char *cp, *errstr; + int ch, exitcode = EXIT_FAILURE; + bool match_local = false; debug_decl(main, SUDOERS_DEBUG_MAIN); #if defined(SUDO_DEVEL) && defined(__OpenBSD__) @@ -121,6 +133,9 @@ bindtextdomain("sudoers", LOCALEDIR); textdomain("sudoers"); + /* Initialize early, before any "goto done". */ + init_parse_tree(&merged_tree, NULL, NULL); + /* Read debug and plugin sections of sudo.conf. */ if (sudo_conf_read(NULL, SUDO_CONF_DEBUG|SUDO_CONF_PLUGINS) == -1) goto done; @@ -195,6 +210,9 @@ usage(1); } break; + case 'l': + conf->logfile = optarg; + break; case 'm': conf->filter = optarg; break; @@ -231,6 +249,12 @@ SUDOERS_GRAMMAR_VERSION); exitcode = EXIT_SUCCESS; goto done; + case OPT_GROUP_FILE: + grfile = optarg; + break; + case OPT_PASSWD_FILE: + pwfile = optarg; + break; default: usage(1); } @@ -238,6 +262,12 @@ argc -= optind; argv += optind; + if (conf->logfile != NULL) { + logfp = fopen(conf->logfile, "w"); + if (logfp == NULL) + sudo_fatalx(U_("unable to open log file %s"), conf->logfile); + } + if (conf->input_format != NULL) { if (strcasecmp(conf->input_format, "ldif") == 0) { input_format = format_ldif; @@ -249,7 +279,10 @@ } } if (conf->output_format != NULL) { - if (strcasecmp(conf->output_format, "json") == 0) { + if (strcasecmp(conf->output_format, "csv") == 0) { + output_format = format_csv; + conf->store_options = true; + } else if (strcasecmp(conf->output_format, "json") == 0) { output_format = format_json; conf->store_options = true; } else if (strcasecmp(conf->output_format, "ldif") == 0) { @@ -302,75 +335,147 @@ } } - /* Input file (defaults to stdin). */ - if (argc > 0) { - if (argc > 1) - usage(1); - input_file = argv[0]; - } - - if (strcmp(input_file, "-") != 0) { - if (strcmp(input_file, output_file) == 0) { - sudo_fatalx(U_("%s: input and output files must be different"), - input_file); - } - } - /* Set pwutil backend to use the filter data. */ if (conf->filter != NULL && !match_local) { sudo_pwutil_set_backend(cvtsudoers_make_pwitem, cvtsudoers_make_gritem, cvtsudoers_make_gidlist_item, cvtsudoers_make_grlist_item); + } else { + if (grfile != NULL) + testsudoers_setgrfile(grfile); + if (pwfile != NULL) + testsudoers_setpwfile(pwfile); + sudo_pwutil_set_backend( + pwfile ? testsudoers_make_pwitem : NULL, + grfile ? testsudoers_make_gritem : NULL, + grfile ? testsudoers_make_gidlist_item : NULL, + grfile ? testsudoers_make_grlist_item : NULL); } /* We may need the hostname to resolve %h escapes in include files. */ get_hostname(); - /* Setup defaults data structures. */ - if (!init_defaults()) - sudo_fatalx("%s", U_("unable to initialize sudoers default values")); + do { + char *lhost = NULL, *shost = NULL; - switch (input_format) { - case format_ldif: - if (!parse_ldif(&parsed_policy, input_file, conf)) - goto done; - break; - case format_sudoers: - if (!parse_sudoers(input_file, conf)) - goto done; - break; - default: - sudo_fatalx("error: unhandled input %d", input_format); - } + /* Input file (defaults to stdin). */ + if (argc > 0) + input_file = argv[0]; + + /* Check for optional hostname prefix on the input file. */ + cp = strchr(input_file, ':'); + if (cp != NULL) { + struct stat sb; + + if (strcmp(cp, ":-") == 0 || stat(input_file, &sb) == -1) { + lhost = strndup(input_file, (size_t)(cp - input_file)); + if (lhost == NULL) + sudo_fatalx("%s", U_("unable to allocate memory")); + input_file = cp + 1; + cp = strchr(lhost, '.'); + if (cp == NULL) { + shost = lhost; + } else { + shost = strndup(lhost, (size_t)(cp - lhost)); + } + } + } + + if (strcmp(input_file, "-") != 0) { + if (strcmp(input_file, output_file) == 0) { + sudo_fatalx(U_("%s: input and output files must be different"), + input_file); + } + } - /* Apply filters. */ - filter_userspecs(&parsed_policy, conf); - filter_defaults(&parsed_policy, conf); - if (filters != NULL) { - alias_remove_unused(&parsed_policy); - if (conf->prune_matches && conf->expand_aliases) - alias_prune(&parsed_policy, conf); + parse_tree = malloc(sizeof(*parse_tree)); + if (parse_tree == NULL) + sudo_fatalx("%s", U_("unable to allocate memory")); + init_parse_tree(parse_tree, lhost, shost); + TAILQ_INSERT_TAIL(&parse_trees, parse_tree, entries); + + /* Setup defaults data structures. */ + if (!init_defaults()) { + sudo_fatalx("%s", + U_("unable to initialize sudoers default values")); + } + + switch (input_format) { + case format_ldif: + if (!parse_ldif(parse_tree, input_file, conf)) + goto done; + break; + case format_sudoers: + if (!parse_sudoers(input_file, conf)) + goto done; + reparent_parse_tree(parse_tree); + break; + default: + sudo_fatalx("error: unhandled input %d", input_format); + } + + /* Apply filters. */ + filter_userspecs(parse_tree, conf); + filter_defaults(parse_tree, conf); + if (filters != NULL) { + alias_remove_unused(parse_tree); + if (conf->prune_matches && conf->expand_aliases) + alias_prune(parse_tree, conf); + } + + argc--; + argv++; + } while (argc > 0); + + parse_tree = TAILQ_FIRST(&parse_trees); + if (TAILQ_NEXT(parse_tree, entries)) { + /* Multiple sudoers files, merge them all. */ + parse_tree = merge_sudoers(&parse_trees, &merged_tree); } switch (output_format) { + case format_csv: + exitcode = !convert_sudoers_csv(parse_tree, output_file, conf); + break; case format_json: - exitcode = !convert_sudoers_json(&parsed_policy, output_file, conf); + exitcode = !convert_sudoers_json(parse_tree, output_file, conf); break; case format_ldif: - exitcode = !convert_sudoers_ldif(&parsed_policy, output_file, conf); + exitcode = !convert_sudoers_ldif(parse_tree, output_file, conf); break; case format_sudoers: - exitcode = !convert_sudoers_sudoers(&parsed_policy, output_file, conf); + exitcode = !convert_sudoers_sudoers(parse_tree, output_file, conf); break; default: sudo_fatalx("error: unhandled output format %d", output_format); } done: + free_parse_tree(&merged_tree); + while ((parse_tree = TAILQ_FIRST(&parse_trees)) != NULL) { + TAILQ_REMOVE(&parse_trees, parse_tree, entries); + free_parse_tree(parse_tree); + free(parse_tree); + } cvtsudoers_conf_free(conf); sudo_debug_exit_int(__func__, __FILE__, __LINE__, sudo_debug_subsys, exitcode); return exitcode; } +void +log_warnx(const char *fmt, ...) +{ + va_list ap; + + va_start(ap, fmt); + if (logfp != NULL) { + vfprintf(logfp, fmt, ap); + fputc('\n', logfp); + } else { + sudo_vwarnx_nodebug(fmt, ap); + } + va_end(ap); +} + /* * cvtsudoers configuration data. */ @@ -383,8 +488,12 @@ { "input_format", CONF_STR, &cvtsudoers_config.input_format }, { "output_format", CONF_STR, &cvtsudoers_config.output_format }, { "match", CONF_STR, &cvtsudoers_config.filter }, + { "match_local", CONF_BOOL, &cvtsudoers_config.match_local }, + { "logfile", CONF_STR, &cvtsudoers_config.logfile }, { "defaults", CONF_STR, &cvtsudoers_config.defstr }, { "suppress", CONF_STR, &cvtsudoers_config.supstr }, + { "group_file", CONF_STR, &cvtsudoers_config.group_file }, + { "passwd_file", CONF_STR, &cvtsudoers_config.passwd_file }, { "expand_aliases", CONF_BOOL, &cvtsudoers_config.expand_aliases }, { "prune_matches", CONF_BOOL, &cvtsudoers_config.prune_matches } }; @@ -472,7 +581,7 @@ /* Look up keyword in config tables */ if (!cvtsudoers_parse_keyword(conf_file, keyword, value, cvtsudoers_conf_vars)) - sudo_warnx(U_("%s: unknown key word: %s"), conf_file, keyword); + sudo_warnx(U_("%s: unknown key word %s"), conf_file, keyword); } free(line); fclose(fp); @@ -563,6 +672,7 @@ STAILQ_INIT(&filters->users); STAILQ_INIT(&filters->groups); STAILQ_INIT(&filters->hosts); + STAILQ_INIT(&filters->cmnds); } for ((cp = strtok_r(cp, ",", &last)); cp != NULL; (cp = strtok_r(NULL, ",", &last))) { @@ -588,12 +698,14 @@ *cp++ = '\0'; s->str = cp; - if (strcmp(keyword, "user") == 0 ){ + if (strcmp(keyword, "user") == 0) { STAILQ_INSERT_TAIL(&filters->users, s, entries); - } else if (strcmp(keyword, "group") == 0 ){ + } else if (strcmp(keyword, "group") == 0) { STAILQ_INSERT_TAIL(&filters->groups, s, entries); - } else if (strcmp(keyword, "host") == 0 ){ + } else if (strcmp(keyword, "host") == 0) { STAILQ_INSERT_TAIL(&filters->hosts, s, entries); + } else if (strcmp(keyword, "cmnd") == 0 || strcmp(keyword, "cmd") == 0) { + STAILQ_INSERT_TAIL(&filters->cmnds, s, entries); } else { sudo_warnx(U_("invalid filter: %s"), keyword);; free(s); @@ -609,16 +721,21 @@ struct cvtsudoers_config *conf) { FILE *fp = stdin; + bool ret = false; debug_decl(parse_ldif, SUDOERS_DEBUG_UTIL); /* Open LDIF file and parse it. */ if (strcmp(input_file, "-") != 0) { if ((fp = fopen(input_file, "r")) == NULL) - sudo_fatal(U_("unable to open %s"), input_file); + sudo_warn(U_("unable to open %s"), input_file); } - - debug_return_bool(sudoers_parse_ldif(parse_tree, fp, conf->sudoers_base, - conf->store_options)); + if (fp != NULL) { + ret = sudoers_parse_ldif(parse_tree, fp, conf->sudoers_base, + conf->store_options); + if (fp != stdin) + fclose(fp); + } + debug_return_bool(ret); } static bool @@ -636,8 +753,8 @@ if (sudoersparse() && !parse_error) { sudo_warnx(U_("failed to parse %s file, unknown error"), input_file); parse_error = true; - rcstr_delref(errorfile); - if ((errorfile = rcstr_dup(input_file)) == NULL) + sudo_rcstr_delref(errorfile); + if ((errorfile = sudo_rcstr_dup(input_file)) == NULL) sudo_fatalx(U_("%s: %s"), __func__, U_("unable to allocate memory")); } if (parse_error) { @@ -811,7 +928,88 @@ } free(shosts); - debug_return_bool(ret == true); + debug_return_bool(ret); +} + +static bool +cmnd_matches_filter(struct sudoers_parse_tree *parse_tree, + struct member *m, struct cvtsudoers_config *conf) +{ + struct sudoers_string *s; + bool matched = false; + debug_decl(cmnd_matches_filter, SUDOERS_DEBUG_UTIL); + + /* TODO: match on runasuserlist/runasgrouplist, notbefore/notafter etc */ + STAILQ_FOREACH(s, &filters->cmnds, entries) { + /* An upper case filter entry may be a Cmnd_Alias */ + /* XXX - doesn't handle nested aliases */ + if (m->type == ALIAS && !conf->expand_aliases) { + if (strcmp(m->name, s->str) == 0) { + matched = true; + break; + } + } + + /* Only need one command in the filter to match. */ + user_cmnd = s->str; + user_base = sudo_basename(user_cmnd); + if (cmnd_matches(parse_tree, m, NULL, NULL) == true) { + matched = true; + break; + } + } + user_base = NULL; + user_cmnd = NULL; + + debug_return_bool(matched); +} + +static bool +cmndlist_matches_filter(struct sudoers_parse_tree *parse_tree, + struct member_list *cmndlist, struct cvtsudoers_config *conf) +{ + struct member *m, *next; + bool ret = false; + debug_decl(cmndlist_matches_filter, SUDOERS_DEBUG_UTIL); + + if (filters == NULL || STAILQ_EMPTY(&filters->cmnds)) + debug_return_bool(true); + + TAILQ_FOREACH_REVERSE_SAFE(m, cmndlist, member_list, entries, next) { + bool matched = cmnd_matches_filter(parse_tree, m, conf); + if (matched) { + ret = true; + } else if (conf->prune_matches) { + TAILQ_REMOVE(cmndlist, m, entries); + free_member(m); + } + } + + debug_return_bool(ret); +} + +static bool +cmndspeclist_matches_filter(struct sudoers_parse_tree *parse_tree, + struct cmndspec_list *cmndspecs, struct cvtsudoers_config *conf) +{ + struct cmndspec *cs, *next; + bool ret = false; + debug_decl(cmndspeclist_matches_filter, SUDOERS_DEBUG_UTIL); + + if (filters == NULL || STAILQ_EMPTY(&filters->cmnds)) + debug_return_bool(true); + + TAILQ_FOREACH_REVERSE_SAFE(cs, cmndspecs, cmndspec_list, entries, next) { + bool matched = cmnd_matches_filter(parse_tree, cs->cmnd, conf); + if (matched) { + ret = true; + } else if (conf->prune_matches) { + /* free_cmndspec() removes cs from the list itself. */ + free_cmndspec(cs, cmndspecs); + } + } + + debug_return_bool(ret); } /* @@ -900,7 +1098,8 @@ continue; } TAILQ_FOREACH_SAFE(priv, &us->privileges, entries, next_priv) { - if (!hostlist_matches_filter(parse_tree, &priv->hostlist, conf)) { + if (!hostlist_matches_filter(parse_tree, &priv->hostlist, conf) || + !cmndspeclist_matches_filter(parse_tree, &priv->cmndlist, conf)) { TAILQ_REMOVE(&us->privileges, priv, entries); free_privilege(priv); } @@ -1064,7 +1263,6 @@ struct member_list runas_aliases = TAILQ_HEAD_INITIALIZER(runas_aliases); struct member_list host_aliases = TAILQ_HEAD_INITIALIZER(host_aliases); struct member_list cmnd_aliases = TAILQ_HEAD_INITIALIZER(cmnd_aliases); - struct member_list *prev_binding = NULL; struct defaults *def, *def_next; struct member *m, *m_next; int alias_type; @@ -1084,8 +1282,10 @@ break; case DEFAULTS_USER: if (!ISSET(conf->defaults, CVT_DEFAULTS_USER) || - !userlist_matches_filter(parse_tree, def->binding, conf)) + !userlist_matches_filter(parse_tree, &def->binding->members, + conf)) { keep = false; + } alias_type = USERALIAS; break; case DEFAULTS_RUNAS: @@ -1095,13 +1295,18 @@ break; case DEFAULTS_HOST: if (!ISSET(conf->defaults, CVT_DEFAULTS_HOST) || - !hostlist_matches_filter(parse_tree, def->binding, conf)) + !hostlist_matches_filter(parse_tree, &def->binding->members, + conf)) { keep = false; + } alias_type = HOSTALIAS; break; case DEFAULTS_CMND: - if (!ISSET(conf->defaults, CVT_DEFAULTS_CMND)) + if (!ISSET(conf->defaults, CVT_DEFAULTS_CMND) || + !cmndlist_matches_filter(parse_tree, &def->binding->members, + conf)) { keep = false; + } alias_type = CMNDALIAS; break; default: @@ -1110,12 +1315,16 @@ } if (!keep) { - /* Look for aliases used by the binding. */ + /* + * Look for aliases used by the binding. + * Consecutive Defaults can share the same binding. + */ /* XXX - move to function */ - if (alias_type != UNSPEC && def->binding != prev_binding) { - TAILQ_FOREACH_SAFE(m, def->binding, entries, m_next) { + if (alias_type != UNSPEC && + (def_next == NULL || def->binding != def_next->binding)) { + TAILQ_FOREACH_SAFE(m, &def->binding->members, entries, m_next) { if (m->type == ALIAS) { - TAILQ_REMOVE(def->binding, m, entries); + TAILQ_REMOVE(&def->binding->members, m, entries); switch (alias_type) { case USERALIAS: TAILQ_INSERT_TAIL(&user_aliases, m, entries); @@ -1138,18 +1347,7 @@ } } TAILQ_REMOVE(&parse_tree->defaults, def, entries); - free_default(def, &prev_binding); - if (prev_binding != NULL) { - /* Remove and free Defaults that share the same binding. */ - while (def_next != NULL && def_next->binding == prev_binding) { - def = def_next; - def_next = TAILQ_NEXT(def, entries); - TAILQ_REMOVE(&parse_tree->defaults, def, entries); - free_default(def, &prev_binding); - } - } - } else { - prev_binding = def->binding; + free_default(def); } } diff -Nru sudo-1.9.5p2/plugins/sudoers/cvtsudoers.h sudo-1.9.9/plugins/sudoers/cvtsudoers.h --- sudo-1.9.5p2/plugins/sudoers/cvtsudoers.h 2020-12-17 01:33:43.000000000 +0000 +++ sudo-1.9.9/plugins/sudoers/cvtsudoers.h 2022-01-27 21:24:22.000000000 +0000 @@ -23,6 +23,7 @@ /* Supported input/output formats. */ enum sudoers_formats { + format_csv, format_json, format_ldif, format_sudoers @@ -49,19 +50,23 @@ unsigned int order_max; short defaults; short suppress; - bool expand_aliases; bool store_options; + bool expand_aliases; bool prune_matches; + bool match_local; char *sudoers_base; char *input_format; char *output_format; char *filter; + char *logfile; char *defstr; char *supstr; + char *group_file; + char *passwd_file; }; /* Initial config settings for above. */ -#define INITIAL_CONFIG { 1, 1, 0, 0, CVT_DEFAULTS_ALL, 0, false, true, false } +#define INITIAL_CONFIG { 1, 1, 0, 0, CVT_DEFAULTS_ALL, 0, true } #define CONF_BOOL 0 #define CONF_UINT 1 @@ -77,10 +82,15 @@ struct sudoers_str_list users; struct sudoers_str_list groups; struct sudoers_str_list hosts; + struct sudoers_str_list cmnds; }; /* cvtsudoers.c */ extern struct cvtsudoers_filter *filters; +void log_warnx(const char *fmt, ...) __printflike(1, 2); + +/* cvtsudoers_csv.c */ +bool convert_sudoers_csv(struct sudoers_parse_tree *parse_tree, const char *output_file, struct cvtsudoers_config *conf); /* cvtsudoers_json.c */ bool convert_sudoers_json(struct sudoers_parse_tree *parse_tree, const char *output_file, struct cvtsudoers_config *conf); @@ -88,12 +98,21 @@ /* cvtsudoers_ldif.c */ bool convert_sudoers_ldif(struct sudoers_parse_tree *parse_tree, const char *output_file, struct cvtsudoers_config *conf); +/* cvtsudoers_merge.c */ +struct sudoers_parse_tree *merge_sudoers(struct sudoers_parse_tree_list *parse_trees, struct sudoers_parse_tree *merged_tree); + /* cvtsudoers_pwutil.c */ struct cache_item *cvtsudoers_make_pwitem(uid_t uid, const char *name); struct cache_item *cvtsudoers_make_gritem(gid_t gid, const char *name); struct cache_item *cvtsudoers_make_gidlist_item(const struct passwd *pw, char * const *unused1, unsigned int type); struct cache_item *cvtsudoers_make_grlist_item(const struct passwd *pw, char * const *unused1); +/* testsudoers_pwutil.c */ +struct cache_item *testsudoers_make_gritem(gid_t gid, const char *group); +struct cache_item *testsudoers_make_grlist_item(const struct passwd *pw, char * const *groups); +struct cache_item *testsudoers_make_gidlist_item(const struct passwd *pw, char * const *gids, unsigned int type); +struct cache_item *testsudoers_make_pwitem(uid_t uid, const char *user); + /* stubs.c */ void get_hostname(void); diff -Nru sudo-1.9.5p2/plugins/sudoers/cvtsudoers_csv.c sudo-1.9.9/plugins/sudoers/cvtsudoers_csv.c --- sudo-1.9.5p2/plugins/sudoers/cvtsudoers_csv.c 1970-01-01 00:00:00.000000000 +0000 +++ sudo-1.9.9/plugins/sudoers/cvtsudoers_csv.c 2022-01-27 21:24:22.000000000 +0000 @@ -0,0 +1,704 @@ +/* + * SPDX-License-Identifier: ISC + * + * Copyright (c) 2021 Todd C. Miller + * + * Permission to use, copy, modify, and distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR + * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN + * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF + * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + */ + +/* + * This is an open source non-commercial project. Dear PVS-Studio, please check it. + * PVS-Studio Static Code Analyzer for C, C++ and C#: http://www.viva64.com + */ + +#include + +#include +#include +#include +#ifdef HAVE_STRINGS_H +# include +#endif /* HAVE_STRINGS_H */ +#include +#include + +#include "sudoers.h" +#include "cvtsudoers.h" +#include + +static void print_member_list_csv(FILE *fp, struct sudoers_parse_tree *parse_tree, struct member_list *members, bool negated, int alias_type, bool expand_aliases); + +/* + * Print sudoOptions from a defaults_list. + */ +static bool +print_options_csv(FILE *fp, struct defaults_list *options, bool need_comma) +{ + struct defaults *opt; + debug_decl(print_options_csv, SUDOERS_DEBUG_UTIL); + + TAILQ_FOREACH(opt, options, entries) { + if (opt->val != NULL) { + /* There is no need to double quote values here. */ + fprintf(fp, "%s%s%s%s", need_comma ? "," : "", opt->var, + opt->op == '+' ? "+=" : opt->op == '-' ? "-=" : "=", opt->val); + } else { + /* Boolean flag. */ + fprintf(fp, "%s%s%s%s", need_comma ? "," : "", opt->var, + opt->op == false ? "!" : "", opt->var); + } + need_comma = true; + } + + debug_return_bool(!ferror(fp)); +} + +/* + * Map a Defaults type to string. + */ +static const char * +defaults_type_to_string(int defaults_type) +{ + switch (defaults_type) { + case DEFAULTS: + return "defaults"; + case DEFAULTS_CMND: + return "defaults_command"; + case DEFAULTS_HOST: + return "defaults_host"; + case DEFAULTS_RUNAS: + return "defaults_runas"; + case DEFAULTS_USER: + return "defaults_user"; + default: + sudo_fatalx_nodebug("unexpected defaults type %d", defaults_type); + } +} + +/* + * Map a Defaults type to an alias type. + */ +static int +defaults_to_alias_type(int defaults_type) +{ + switch (defaults_type) { + case DEFAULTS_CMND: + return CMNDALIAS; + case DEFAULTS_HOST: + return HOSTALIAS; + case DEFAULTS_RUNAS: + return RUNASALIAS; + case DEFAULTS_USER: + return USERALIAS; + default: + sudo_fatalx_nodebug("unexpected defaults type %d", defaults_type); + } +} + +/* + * Print a string, performing quoting as needed. + * If a field includes a comma it must be double-quoted. + * Double quotes are replaced by a pair of double-quotes. + * XXX - rewrite this + */ +static bool +print_csv_string(FILE *fp, const char *str, bool quoted) +{ + const char *src = str; + char *dst, *newstr; + size_t len, newsize; + bool quote_it = false; + bool ret = true; + debug_decl(print_csv_string, SUDOERS_DEBUG_UTIL); + + len = strcspn(str, quoted ? "\"" : "\","); + if (str[len] == '\0') { + /* nothing to escape */ + debug_return_bool(fputs(str, fp) != EOF); + } + + if (!quoted && strchr(str + len, ',') != NULL) + quote_it = true; + + /* String includes characters we need to escape. */ + newsize = len + 2 + (strlen(len + str) * 2) + 1; + if ((newstr = malloc(newsize)) == NULL) + debug_return_bool(false); + dst = newstr; + + if (quote_it) + *dst++ = '"'; + while (*src != '\0') { + if (*src == '"') + *dst++ = '"'; + *dst++ = *src++; + } + if (quote_it) + *dst++ = '"'; + *dst = '\0'; + + if (fputs(newstr, fp) == EOF) + ret = false; + free(newstr); + + debug_return_bool(ret); +} + +/* + * Format a sudo_command as a string. + * Returns the formatted, dynamically allocated string or dies on error. + */ +static char * +format_cmnd(struct sudo_command *c, bool negated) +{ + struct command_digest *digest; + char *buf, *cp, *cmnd; + size_t bufsiz; + int len; + debug_decl(format_cmnd, SUDOERS_DEBUG_UTIL); + + cmnd = c->cmnd ? c->cmnd : "ALL"; + bufsiz = negated + strlen(cmnd) + 1; + if (c->args != NULL) + bufsiz += 1 + strlen(c->args); + TAILQ_FOREACH(digest, &c->digests, entries) { + bufsiz += strlen(digest_type_to_name(digest->digest_type)) + 1 + + strlen(digest->digest_str) + 1; + if (TAILQ_NEXT(digest, entries) != NULL) + bufsiz += 2; + } + + if ((buf = malloc(bufsiz)) == NULL) { + sudo_fatalx(U_("%s: %s"), __func__, + U_("unable to allocate memory")); + } + + cp = buf; + TAILQ_FOREACH(digest, &c->digests, entries) { + len = snprintf(cp, bufsiz - (cp - buf), "%s:%s%s ", + digest_type_to_name(digest->digest_type), digest->digest_str, + TAILQ_NEXT(digest, entries) ? "," : ""); + if (len < 0 || len >= (int)bufsiz - (cp - buf)) + sudo_fatalx(U_("internal error, %s overflow"), __func__); + cp += len; + } + + len = snprintf(cp, bufsiz - (cp - buf), "%s%s%s%s", negated ? "!" : "", + cmnd, c->args ? " " : "", c->args ? c->args : ""); + if (len < 0 || len >= (int)bufsiz - (cp - buf)) + sudo_fatalx(U_("internal error, %s overflow"), __func__); + + debug_return_str(buf); +} + +/* + * Print struct member in CSV format as the specified attribute. + * See print_member_int() in parse.c. + */ +static void +print_member_csv(FILE *fp, struct sudoers_parse_tree *parse_tree, char *name, + int type, bool negated, bool quoted, int alias_type, bool expand_aliases) +{ + struct alias *a; + char *str; + int len; + debug_decl(print_member_csv, SUDOERS_DEBUG_UTIL); + + switch (type) { + case MYSELF: + /* Only valid for sudoRunasUser */ + break; + case ALL: + if (name == NULL) { + fputs(negated ? "!ALL" : "ALL", fp); + break; + } + FALLTHROUGH; + case COMMAND: + str = format_cmnd((struct sudo_command *)name, negated); + print_csv_string(fp, str, quoted); + free(str); + break; + case ALIAS: + if (expand_aliases) { + if ((a = alias_get(parse_tree, name, alias_type)) != NULL) { + print_member_list_csv(fp, parse_tree, &a->members, negated, + alias_type, expand_aliases); + alias_put(a); + break; + } + } + FALLTHROUGH; + default: + len = asprintf(&str, "%s%s", negated ? "!" : "", name); + if (len == -1) { + sudo_fatalx(U_("%s: %s"), __func__, + U_("unable to allocate memory")); + } + print_csv_string(fp, str, quoted); + free(str); + break; + } + + debug_return; +} + +/* + * Print list of struct member in CSV format as the specified attribute. + * See print_member_int() in parse.c. + */ +static void +print_member_list_csv(FILE *fp, struct sudoers_parse_tree *parse_tree, + struct member_list *members, bool negated, int alias_type, + bool expand_aliases) +{ + struct member *m, *next; + debug_decl(print_member_list_csv, SUDOERS_DEBUG_UTIL); + + if (TAILQ_EMPTY(members)) + debug_return; + + if (TAILQ_FIRST(members) != TAILQ_LAST(members, member_list)) + putc('"', fp); + TAILQ_FOREACH_SAFE(m, members, entries, next) { + print_member_csv(fp, parse_tree, m->name, m->type, + negated ? !m->negated : m->negated, true, alias_type, + expand_aliases); + if (next != NULL) + putc(',', fp); + } + if (TAILQ_FIRST(members) != TAILQ_LAST(members, member_list)) + putc('"', fp); + + debug_return; +} + +/* + * Print the binding for a Defaults entry of the specified type. + */ +static void +print_defaults_binding_csv(FILE *fp, struct sudoers_parse_tree *parse_tree, + struct defaults_binding *binding, int type, bool expand_aliases) +{ + int alias_type; + debug_decl(print_defaults_binding_csv, SUDOERS_DEBUG_UTIL); + + if (type != DEFAULTS) { + /* Print each member object in binding. */ + alias_type = defaults_to_alias_type(type); + print_member_list_csv(fp, parse_tree, &binding->members, false, + alias_type, expand_aliases); + } + + debug_return; +} + +/* + * Print all Defaults in CSV format: + * + * defaults,binding,name,operator,value + * + * where "operator" is one of +=, -=, or = + * and boolean flags use true/false for the value. + */ +static bool +print_defaults_csv(FILE *fp, struct sudoers_parse_tree *parse_tree, + bool expand_aliases) +{ + struct defaults *def; + debug_decl(print_defaults_csv, SUDOERS_DEBUG_UTIL); + + if (TAILQ_EMPTY(&parse_tree->defaults)) + debug_return_bool(true); + + /* Heading line. */ + fputs("defaults_type,binding,name,operator,value\n", fp); + + TAILQ_FOREACH(def, &parse_tree->defaults, entries) { + const char *operator; + + /* Print operator */ + switch (def->op) { + case '+': + operator = "+="; + break; + case '-': + operator = "-="; + break; + case true: + case false: + operator = "="; + break; + default: + sudo_warnx("internal error: unexpected defaults op %d", def->op); + continue; + } + + /* + * For CSV we use a separate entry for each Defaults setting, + * even if they were on the same line in sudoers. + */ + fprintf(fp, "%s,", defaults_type_to_string(def->type)); + + /* Print binding (if any), which could be a list. */ + print_defaults_binding_csv(fp, parse_tree, def->binding, def->type, + expand_aliases); + + /* Print Defaults name + operator. */ + fprintf(fp, ",%s,%s,", def->var, operator); + + /* Print defaults value. */ + /* XXX - differentiate between lists and single values? */ + if (def->val == NULL) { + fputs(def->op == true ? "true" : "false", fp); + } else { + /* Does not handle lists specially. */ + print_csv_string(fp, def->val, false); + } + putc('\n', fp); + } + putc('\n', fp); + fflush(fp); + + debug_return_bool(!ferror(fp)); +} + +/* + * Callback for alias_apply() to print an alias entry. + */ +static int +print_alias_csv(struct sudoers_parse_tree *parse_tree, struct alias *a, void *v +) +{ + FILE *fp = v; + const char *title; + debug_decl(print_alias_csv, SUDOERS_DEBUG_UTIL); + + title = alias_type_to_string(a->type); + if (title == NULL) { + sudo_warnx("unexpected alias type %d", a->type); + debug_return_int(0); + } + + fprintf(fp, "%s,%s,", title, a->name); + print_member_list_csv(fp, parse_tree, &a->members, false, a->type, false); + putc('\n', fp); + debug_return_int(0); +} + +/* + * Print all aliases in CSV format: + */ +static bool +print_aliases_csv(FILE *fp, struct sudoers_parse_tree *parse_tree) +{ + debug_decl(print_aliases_csv, SUDOERS_DEBUG_UTIL); + + if (TAILQ_EMPTY(&parse_tree->defaults)) + debug_return_bool(true); + + /* Heading line. */ + fputs("alias_type,alias_name,members\n", fp); + + alias_apply(parse_tree, print_alias_csv, fp); + putc('\n', fp); + + debug_return_bool(true); +} + +/* + * Print a Cmnd_Spec in CSV format. + */ +static void +print_cmndspec_csv(FILE *fp, struct sudoers_parse_tree *parse_tree, + struct cmndspec *cs, struct cmndspec **nextp, + struct defaults_list *options, bool expand_aliases) +{ + char timebuf[sizeof("20120727121554Z")]; + struct cmndspec *next = *nextp; + bool need_comma = false; + struct member *m; + struct tm gmt; + bool last_one, quoted = false; + int len; + debug_decl(print_cmndspec_csv, SUDOERS_DEBUG_UTIL); + + if (cs->runasuserlist != NULL) { + print_member_list_csv(fp, parse_tree, cs->runasuserlist, false, + RUNASALIAS, expand_aliases); + } + putc(',', fp); + + if (cs->runasgrouplist != NULL) { + print_member_list_csv(fp, parse_tree, cs->runasgrouplist, false, + RUNASALIAS, expand_aliases); + } + putc(',', fp); + + /* We don't know how many options there will be so always quote it. */ + putc('"', fp); + if (cs->notbefore != UNSPEC) { + if (gmtime_r(&cs->notbefore, &gmt) == NULL) { + sudo_warn("%s", U_("unable to get GMT time")); + } else { + timebuf[sizeof(timebuf) - 1] = '\0'; + len = strftime(timebuf, sizeof(timebuf), "%Y%m%d%H%M%SZ", &gmt); + if (len == 0 || timebuf[sizeof(timebuf) - 1] != '\0') { + sudo_warnx("%s", U_("unable to format timestamp")); + } else { + fprintf(fp, "%snotbefore=%s", need_comma ? "," : "", timebuf); // -V547 + need_comma = true; + } + } + } + if (cs->notafter != UNSPEC) { + if (gmtime_r(&cs->notafter, &gmt) == NULL) { + sudo_warn("%s", U_("unable to get GMT time")); + } else { + timebuf[sizeof(timebuf) - 1] = '\0'; + len = strftime(timebuf, sizeof(timebuf), "%Y%m%d%H%M%SZ", &gmt); + if (len == 0 || timebuf[sizeof(timebuf) - 1] != '\0') { + sudo_warnx("%s", U_("unable to format timestamp")); + } else { + fprintf(fp, "%snotafter=%s", need_comma ? "," : "", timebuf); + need_comma = true; + } + } + } + + if (cs->timeout > 0) { + fprintf(fp, "%scommand_timeout=%d", need_comma ? "," : "", cs->timeout); + need_comma = true; + } + + /* Print tags as options */ + if (TAGS_SET(cs->tags)) { + struct cmndtag tag = cs->tags; + + if (tag.nopasswd != UNSPEC) { + fprintf(fp, "%s%s", need_comma ? "," : "", + tag.nopasswd ? "!authenticate" : "authenticate"); + need_comma = true; + } + if (tag.noexec != UNSPEC) { + fprintf(fp, "%s%s", need_comma ? "," : "", + tag.noexec ? "noexec" : "!noexec"); + need_comma = true; + } + if (tag.intercept != UNSPEC) { + fprintf(fp, "%s%s", need_comma ? "," : "", + tag.intercept ? "intercept" : "!intercept"); + need_comma = true; + } + if (tag.send_mail != UNSPEC) { + if (tag.send_mail) { + fprintf(fp, "%smail_all_cmnds", need_comma ? "," : ""); + } else { + fprintf(fp, "%s!mail_all_cmnds,!mail_always,!mail_no_perms", + need_comma ? "," : ""); + } + need_comma = true; + } + if (tag.setenv != UNSPEC && tag.setenv != IMPLIED) { + fprintf(fp, "%s%s", need_comma ? "," : "", + tag.setenv ? "setenv" : "!setenv"); + need_comma = true; + } + if (tag.follow != UNSPEC) { + fprintf(fp, "%s%s", need_comma ? "," : "", + tag.follow ? "sudoedit_follow" : "!sudoedit_follow"); + need_comma = true; + } + if (tag.log_input != UNSPEC) { + fprintf(fp, "%s%s", need_comma ? "," : "", + tag.follow ? "log_input" : "!log_input"); + need_comma = true; + } + if (tag.log_output != UNSPEC) { + fprintf(fp, "%s%s", need_comma ? "," : "", + tag.follow ? "log_output" : "!log_output"); + need_comma = true; + } + } + print_options_csv(fp, options, need_comma); + if (!TAILQ_EMPTY(options)) + need_comma = true; + + /* Print runchroot and runcwd. */ + if (cs->runchroot != NULL) { + fprintf(fp, "%srunchroot=%s", need_comma ? "," : "", cs->runchroot); + need_comma = true; + } + if (cs->runcwd != NULL) { + fprintf(fp, "%sruncwd=%s", need_comma ? "," : "", cs->runcwd); + need_comma = true; + } + +#ifdef HAVE_SELINUX + /* Print SELinux role/type */ + if (cs->role != NULL && cs->type != NULL) { + fprintf(fp, "%srole=%s,type=%s", need_comma ? "," : "", + cs->role, cs->type); + need_comma = true; + } +#endif /* HAVE_SELINUX */ + +#ifdef HAVE_PRIV_SET + /* Print Solaris privs/limitprivs */ + if (cs->privs != NULL || cs->limitprivs != NULL) { + if (cs->privs != NULL) { + fprintf(fp, "%sprivs=%s", need_comma ? "," : "", cs->privs); + need_comma = true; + } + if (cs->limitprivs != NULL) { + fprintf(fp, "%slimitprivs=%s", need_comma ? "," : "", cs->limitprivs); + need_comma = true; + } + } +#endif /* HAVE_PRIV_SET */ + putc('"', fp); + putc(',', fp); + + /* + * Merge adjacent commands with matching tags, runas, SELinux + * role/type and Solaris priv settings. + */ + for (;;) { + /* Does the next entry differ only in the command itself? */ + /* XXX - move into a function that returns bool */ + /* XXX - TAG_SET does not account for implied SETENV */ + last_one = next == NULL || + RUNAS_CHANGED(cs, next) || TAGS_CHANGED(cs->tags, next->tags) +#ifdef HAVE_PRIV_SET + || cs->privs != next->privs || cs->limitprivs != next->limitprivs +#endif /* HAVE_PRIV_SET */ +#ifdef HAVE_SELINUX + || cs->role != next->role || cs->type != next->type +#endif /* HAVE_SELINUX */ + || cs->runchroot != next->runchroot || cs->runcwd != next->runcwd; + + if (!quoted && !last_one) { + quoted = true; + putc('"', fp); + } + m = cs->cmnd; + print_member_csv(fp, parse_tree, m->name, m->type, m->negated, quoted, + CMNDALIAS, expand_aliases); + if (last_one) + break; + putc(',', fp); + cs = next; + next = TAILQ_NEXT(cs, entries); + } + if (quoted) + putc('"', fp); + + *nextp = next; + + debug_return; +} + +/* + * Print a single User_Spec. + */ +static bool +print_userspec_csv(FILE *fp, struct sudoers_parse_tree *parse_tree, + struct userspec *us, bool expand_aliases) +{ + struct privilege *priv; + struct cmndspec *cs, *next; + debug_decl(print_userspec_csv, SUDOERS_DEBUG_UTIL); + + /* + * Each userspec struct may contain multiple privileges for the user. + */ + TAILQ_FOREACH(priv, &us->privileges, entries) { + TAILQ_FOREACH_SAFE(cs, &priv->cmndlist, entries, next) { + fputs("rule,", fp); + print_member_list_csv(fp, parse_tree, &us->users, false, + USERALIAS, expand_aliases); + putc(',', fp); + + print_member_list_csv(fp, parse_tree, &priv->hostlist, false, + HOSTALIAS, expand_aliases); + putc(',', fp); + + print_cmndspec_csv(fp, parse_tree, cs, &next, &priv->defaults, + expand_aliases); + putc('\n', fp); + } + } + + debug_return_bool(!ferror(fp)); +} + +/* + * Print User_Specs. + */ +static bool +print_userspecs_csv(FILE *fp, struct sudoers_parse_tree *parse_tree, + bool expand_aliases) +{ + struct userspec *us; + debug_decl(print_userspecs_csv, SUDOERS_DEBUG_UTIL); + + if (TAILQ_EMPTY(&parse_tree->userspecs)) + debug_return_bool(true); + + /* Heading line. */ + fputs("rule,user,host,runusers,rungroups,options,command\n", fp); + + TAILQ_FOREACH(us, &parse_tree->userspecs, entries) { + if (!print_userspec_csv(fp, parse_tree, us, expand_aliases)) + debug_return_bool(false); + } + debug_return_bool(true); +} + +/* + * Export the parsed sudoers file in CSV format. + */ +bool +convert_sudoers_csv(struct sudoers_parse_tree *parse_tree, + const char *output_file, struct cvtsudoers_config *conf) +{ + bool ret = true; + FILE *output_fp = stdout; + debug_decl(convert_sudoers_csv, SUDOERS_DEBUG_UTIL); + + if (output_file != NULL && strcmp(output_file, "-") != 0) { + if ((output_fp = fopen(output_file, "w")) == NULL) + sudo_fatal(U_("unable to open %s"), output_file); + } + + /* Dump Defaults in CSV format. */ + if (!ISSET(conf->suppress, SUPPRESS_DEFAULTS)) + print_defaults_csv(output_fp, parse_tree, conf->expand_aliases); + + /* Dump Aliases in CSV format. */ + if (!conf->expand_aliases && !ISSET(conf->suppress, SUPPRESS_ALIASES)) { + print_aliases_csv(output_fp, parse_tree); + } + + /* Dump User_Specs in CSV format. */ + if (!ISSET(conf->suppress, SUPPRESS_PRIVS)) + print_userspecs_csv(output_fp, parse_tree, conf->expand_aliases); + + (void)fflush(output_fp); + if (ferror(output_fp)) + ret = false; + if (output_fp != stdout) + fclose(output_fp); + + debug_return_bool(ret); +} diff -Nru sudo-1.9.5p2/plugins/sudoers/cvtsudoers_json.c sudo-1.9.9/plugins/sudoers/cvtsudoers_json.c --- sudo-1.9.5p2/plugins/sudoers/cvtsudoers_json.c 2020-12-17 01:33:43.000000000 +0000 +++ sudo-1.9.9/plugins/sudoers/cvtsudoers_json.c 2022-01-27 21:24:22.000000000 +0000 @@ -1,7 +1,7 @@ /* * SPDX-License-Identifier: ISC * - * Copyright (c) 2013-2020 Todd C. Miller + * Copyright (c) 2013-2021 Todd C. Miller * * Permission to use, copy, modify, and distribute this software for any * purpose with or without fee is hereby granted, provided that the above @@ -371,18 +371,18 @@ */ static void print_binding_json(struct json_container *jsonc, - struct sudoers_parse_tree *parse_tree, struct member_list *binding, + struct sudoers_parse_tree *parse_tree, struct defaults_binding *binding, int type, bool expand_aliases) { struct member *m; debug_decl(print_binding_json, SUDOERS_DEBUG_UTIL); - if (TAILQ_EMPTY(binding)) + if (TAILQ_EMPTY(&binding->members)) debug_return; /* Print each member object in binding. */ sudo_json_open_array(jsonc, "Binding"); - TAILQ_FOREACH(m, binding, entries) { + TAILQ_FOREACH(m, &binding->members, entries) { print_member_json(jsonc, parse_tree, m, defaults_to_word_type(type), expand_aliases); } @@ -477,7 +477,8 @@ TAILQ_FOREACH_SAFE(def, &parse_tree->defaults, entries, next) { type = get_defaults_type(def); if (type == -1) { - sudo_warnx(U_("unknown defaults entry \"%s\""), def->var); + log_warnx(U_("%s:%d:%d: unknown defaults entry \"%s\""), + def->file, def->line, def->column, def->var); /* XXX - just pass it through as a string anyway? */ continue; } @@ -511,7 +512,8 @@ def = next; type = get_defaults_type(def); if (type == -1) { - sudo_warnx(U_("unknown defaults entry \"%s\""), def->var); + log_warnx(U_("%s:%d:%d: unknown defaults entry \"%s\""), + def->file, def->line, def->column, def->var); /* XXX - just pass it through as a string anyway? */ break; } @@ -593,12 +595,13 @@ struct sudoers_parse_tree *parse_tree, struct cmndspec *cs, struct cmndspec **nextp, struct defaults_list *options, bool expand_aliases) { + char timebuf[sizeof("20120727121554Z")]; struct cmndspec *next = *nextp; struct json_value value; struct defaults *def; struct member *m; - struct tm *tp; - char timebuf[sizeof("20120727121554Z")]; + struct tm gmt; + int len; debug_decl(print_cmndspec_json, SUDOERS_DEBUG_UTIL); /* Open Cmnd_Spec object. */ @@ -647,10 +650,12 @@ sudo_json_add_value_as_object(jsonc, "command_timeout", &value); } if (cs->notbefore != UNSPEC) { - if ((tp = gmtime(&cs->notbefore)) == NULL) { + if (gmtime_r(&cs->notbefore, &gmt) == NULL) { sudo_warn("%s", U_("unable to get GMT time")); } else { - if (strftime(timebuf, sizeof(timebuf), "%Y%m%d%H%M%SZ", tp) == 0) { + timebuf[sizeof(timebuf) - 1] = '\0'; + len = strftime(timebuf, sizeof(timebuf), "%Y%m%d%H%M%SZ", &gmt); + if (len == 0 || timebuf[sizeof(timebuf) - 1] != '\0') { sudo_warnx("%s", U_("unable to format timestamp")); } else { value.type = JSON_STRING; @@ -660,10 +665,12 @@ } } if (cs->notafter != UNSPEC) { - if ((tp = gmtime(&cs->notafter)) == NULL) { + if (gmtime_r(&cs->notafter, &gmt) == NULL) { sudo_warn("%s", U_("unable to get GMT time")); } else { - if (strftime(timebuf, sizeof(timebuf), "%Y%m%d%H%M%SZ", tp) == 0) { + timebuf[sizeof(timebuf) - 1] = '\0'; + len = strftime(timebuf, sizeof(timebuf), "%Y%m%d%H%M%SZ", &gmt); + if (len == 0 || timebuf[sizeof(timebuf) - 1] != '\0') { sudo_warnx("%s", U_("unable to format timestamp")); } else { value.type = JSON_STRING; @@ -682,6 +689,11 @@ value.u.boolean = tag.noexec; sudo_json_add_value_as_object(jsonc, "noexec", &value); } + if (tag.intercept != UNSPEC) { + value.type = JSON_BOOL; + value.u.boolean = tag.intercept; + sudo_json_add_value_as_object(jsonc, "intercept", &value); + } if (tag.send_mail != UNSPEC) { value.type = JSON_BOOL; value.u.boolean = tag.send_mail; @@ -710,7 +722,8 @@ TAILQ_FOREACH(def, options, entries) { int type = get_defaults_type(def); if (type == -1) { - sudo_warnx(U_("unknown defaults entry \"%s\""), def->var); + log_warnx(U_("%s:%d:%d: unknown defaults entry \"%s\""), + def->file, def->line, def->column, def->var); /* XXX - just pass it through as a string anyway? */ continue; } diff -Nru sudo-1.9.5p2/plugins/sudoers/cvtsudoers_ldif.c sudo-1.9.9/plugins/sudoers/cvtsudoers_ldif.c --- sudo-1.9.5p2/plugins/sudoers/cvtsudoers_ldif.c 2020-12-17 01:33:44.000000000 +0000 +++ sudo-1.9.9/plugins/sudoers/cvtsudoers_ldif.c 2022-01-27 21:24:22.000000000 +0000 @@ -1,7 +1,7 @@ /* * SPDX-License-Identifier: ISC * - * Copyright (c) 2018 Todd C. Miller + * Copyright (c) 2018-2021 Todd C. Miller * * Permission to use, copy, modify, and distribute this software for any * purpose with or without fee is hereby granted, provided that the above @@ -316,12 +316,13 @@ print_cmndspec_ldif(FILE *fp, struct sudoers_parse_tree *parse_tree, struct cmndspec *cs, struct cmndspec **nextp, struct defaults_list *options) { + char timebuf[sizeof("20120727121554Z")]; struct cmndspec *next = *nextp; struct member *m; - struct tm *tp; + struct tm gmt; char *attr_val; bool last_one; - char timebuf[sizeof("20120727121554Z")]; + int len; debug_decl(print_cmndspec_ldif, SUDOERS_DEBUG_UTIL); /* Print runasuserlist as sudoRunAsUser attributes */ @@ -342,10 +343,12 @@ /* Print sudoNotBefore and sudoNotAfter attributes */ if (cs->notbefore != UNSPEC) { - if ((tp = gmtime(&cs->notbefore)) == NULL) { + if (gmtime_r(&cs->notbefore, &gmt) == NULL) { sudo_warn("%s", U_("unable to get GMT time")); } else { - if (strftime(timebuf, sizeof(timebuf), "%Y%m%d%H%M%SZ", tp) == 0) { + timebuf[sizeof(timebuf) - 1] = '\0'; + len = strftime(timebuf, sizeof(timebuf), "%Y%m%d%H%M%SZ", &gmt); + if (len == 0 || timebuf[sizeof(timebuf) - 1] != '\0') { sudo_warnx("%s", U_("unable to format timestamp")); } else { print_attribute_ldif(fp, "sudoNotBefore", timebuf); @@ -353,10 +356,12 @@ } } if (cs->notafter != UNSPEC) { - if ((tp = gmtime(&cs->notafter)) == NULL) { + if (gmtime_r(&cs->notafter, &gmt) == NULL) { sudo_warn("%s", U_("unable to get GMT time")); } else { - if (strftime(timebuf, sizeof(timebuf), "%Y%m%d%H%M%SZ", tp) == 0) { + timebuf[sizeof(timebuf) - 1] = '\0'; + len = strftime(timebuf, sizeof(timebuf), "%Y%m%d%H%M%SZ", &gmt); + if (len == 0 || timebuf[sizeof(timebuf) - 1] != '\0') { sudo_warnx("%s", U_("unable to format timestamp")); } else { print_attribute_ldif(fp, "sudoNotAfter", timebuf); @@ -386,6 +391,10 @@ print_attribute_ldif(fp, "sudoOption", tag.noexec ? "noexec" : "!noexec"); } + if (tag.intercept != UNSPEC) { + print_attribute_ldif(fp, "sudoOption", + tag.intercept ? "intercept" : "!intercept"); + } if (tag.send_mail != UNSPEC) { if (tag.send_mail) { print_attribute_ldif(fp, "sudoOption", "mail_all_cmnds"); diff -Nru sudo-1.9.5p2/plugins/sudoers/cvtsudoers_merge.c sudo-1.9.9/plugins/sudoers/cvtsudoers_merge.c --- sudo-1.9.5p2/plugins/sudoers/cvtsudoers_merge.c 1970-01-01 00:00:00.000000000 +0000 +++ sudo-1.9.9/plugins/sudoers/cvtsudoers_merge.c 2022-01-27 21:24:22.000000000 +0000 @@ -0,0 +1,1217 @@ +/* + * SPDX-License-Identifier: ISC + * + * Copyright (c) 2021-2022 Todd C. Miller + * + * Permission to use, copy, modify, and distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR + * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN + * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF + * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + */ + +/* + * This is an open source non-commercial project. Dear PVS-Studio, please check it. + * PVS-Studio Static Code Analyzer for C, C++ and C#: http://www.viva64.com + */ + +#include + +#include +#include +#include +#include +#include +#include +#include + +#include "sudoers.h" +#include "redblack.h" +#include "cvtsudoers.h" +#include + +/* + * Compare two digest lists. + * Returns true if they are the same, else false. + * XXX - should not care about order + */ +static bool +digest_list_equivalent(struct command_digest_list *cdl1, + struct command_digest_list *cdl2) +{ + struct command_digest *cd1 = TAILQ_FIRST(cdl1); + struct command_digest *cd2 = TAILQ_FIRST(cdl2); + debug_decl(digest_list_equivalent, SUDOERS_DEBUG_PARSER); + + while (cd1 != NULL && cd2 != NULL) { + if (cd1->digest_type != cd2->digest_type) + debug_return_bool(false); + if (strcmp(cd1->digest_str, cd2->digest_str) != 0) + debug_return_bool(false); + cd1 = TAILQ_NEXT(cd1, entries); + cd2 = TAILQ_NEXT(cd2, entries); + } + + if (cd1 != NULL || cd2 != NULL) + debug_return_bool(false); + debug_return_bool(true); +} + +/* + * Compare two members. + * Returns true if they are the same, else false. + */ +static bool +member_equivalent(struct member *m1, struct member *m2) +{ + debug_decl(member_equivalent, SUDOERS_DEBUG_PARSER); + + if (m1->type != m2->type || m1->negated != m2->negated) + debug_return_bool(false); + + if (m1->type == COMMAND) { + struct sudo_command *c1 = (struct sudo_command *)m1->name; + struct sudo_command *c2 = (struct sudo_command *)m2->name; + if (c1->cmnd != NULL && c2->cmnd != NULL) { + if (strcmp(c1->cmnd, c2->cmnd) != 0) + debug_return_bool(false); + } else if (c1->cmnd != c2->cmnd) { + debug_return_bool(false); + } + + if (c1->args != NULL && c2->args != NULL) { + if (strcmp(c1->args, c2->args) != 0) + debug_return_bool(false); + } else if (c1->args != c2->args) { + debug_return_bool(false); + } + + if (!digest_list_equivalent(&c1->digests, &c2->digests)) { + debug_return_bool(false); + } + } else { + if (m1->name != NULL && m2->name != NULL) { + if (strcmp(m1->name, m2->name) != 0) + debug_return_bool(false); + } else if (m1->name != m2->name) { + debug_return_bool(false); + } + } + + debug_return_bool(true); +} + +/* + * Compare two members, m1 and m2. + * Returns true if m2 overrides m1, else false. + */ +static bool +member_overridden(struct member *m1, struct member *m2, bool check_negated) +{ + debug_decl(member_overridden, SUDOERS_DEBUG_PARSER); + + if (check_negated && m1->negated != m2->negated) + debug_return_bool(false); + + /* "ALL" always wins (modulo digest). */ + if (m2->type == ALL) { + if (m2->name != NULL) { + struct sudo_command *c1 = (struct sudo_command *)m1->name; + struct sudo_command *c2 = (struct sudo_command *)m2->name; + debug_return_bool(digest_list_equivalent(&c1->digests, &c2->digests)); + } + debug_return_bool(true); + } + + if (m1->type != m2->type) + debug_return_bool(false); + + if (m1->type == COMMAND) { + struct sudo_command *c1 = (struct sudo_command *)m1->name; + struct sudo_command *c2 = (struct sudo_command *)m2->name; + if (strcmp(c1->cmnd, c2->cmnd) != 0) + debug_return_bool(false); + + if (c1->args != NULL && c2->args != NULL) { + if (strcmp(c1->args, c2->args) != 0) + debug_return_bool(false); + } else if (c1->args != c2->args) { + debug_return_bool(false); + } + + if (!digest_list_equivalent(&c1->digests, &c2->digests)) { + debug_return_bool(false); + } + } else { + if (strcmp(m1->name, m2->name) != 0) + debug_return_bool(false); + } + + debug_return_bool(true); +} + +/* + * Given two member lists, ml1 and ml2. + * Returns true if the every element of ml1 is overridden by ml2, else false. + */ +static bool +member_list_override(struct member_list *ml1, struct member_list *ml2, + bool check_negated) +{ + struct member *m1, *m2; + debug_decl(member_list_override, SUDOERS_DEBUG_PARSER); + + /* An empty member_list only overrides another empty list. */ + if (TAILQ_EMPTY(ml2)) { + debug_return_bool(TAILQ_EMPTY(ml1)); + } + + /* Check whether each element of ml1 is also covered by ml2. */ + TAILQ_FOREACH_REVERSE(m1, ml1, member_list, entries) { + bool overridden = false; + TAILQ_FOREACH_REVERSE(m2, ml2, member_list, entries) { + if (member_overridden(m1, m2, check_negated)) { + overridden = true; + break; + } + } + if (!overridden) + debug_return_bool(false); + } + + debug_return_bool(true); +} + +/* + * Compare two member lists. + * Returns true if they are the same, else false. + * XXX - should not care about order if things are not negated. + */ +static bool +member_list_equivalent(struct member_list *ml1, struct member_list *ml2) +{ + struct member *m1 = TAILQ_FIRST(ml1); + struct member *m2 = TAILQ_FIRST(ml2); + debug_decl(member_list_equivalent, SUDOERS_DEBUG_PARSER); + + while (m1 != NULL && m2 != NULL) { + if (!member_equivalent(m1, m2)) + debug_return_bool(false); + m1 = TAILQ_NEXT(m1, entries); + m2 = TAILQ_NEXT(m2, entries); + } + + if (m1 != NULL || m2 != NULL) + debug_return_bool(false); + debug_return_bool(true); +} + +/* + * Attempt to simplify a host list. + * If a host list contains all hosts in bound_hosts, replace them with + * "ALL". Also prune hosts on either side of "ALL" when possible. + */ +static void +simplify_host_list(struct member_list *hosts, const char *file, int line, + int column, struct member_list *bound_hosts) +{ + struct member *m, *n, *next; + bool logged = false; + debug_decl(simplify_host_list, SUDOERS_DEBUG_PARSER); + + /* + * If all sudoers sources have an associated host, replace a + * list of those hosts with "ALL". + */ + if (!TAILQ_EMPTY(bound_hosts)) { + TAILQ_FOREACH_REVERSE(n, bound_hosts, member_list, entries) { + TAILQ_FOREACH_REVERSE(m, hosts, member_list, entries) { + if (m->negated) { + /* Don't try to handled negated entries. */ + m = NULL; + break; + } + if (m->type == n->type && strcmp(m->name, n->name) == 0) { + /* match */ + break; + } + } + if (m == NULL) { + /* no match */ + break; + } + } + if (n == NULL) { + /* found all hosts */ + log_warnx(U_("%s:%d:%d: converting host list to ALL"), + file, line, column); + logged = true; + + TAILQ_FOREACH_REVERSE(n, bound_hosts, member_list, entries) { + TAILQ_FOREACH_REVERSE_SAFE(m, hosts, member_list, entries, next) { + if (m->negated) { + /* Don't try to handled negated entries. */ + m = NULL; + break; + } + if (m->type == n->type && strcmp(m->name, n->name) == 0) { + /* remove matching host */ + TAILQ_REMOVE(hosts, m, entries); + free_member(m); + break; + } + } + } + m = calloc(1, sizeof(*m)); + if (m == NULL) { + sudo_fatalx(U_("%s: %s"), __func__, + U_("unable to allocate memory")); + } + m->type = ALL; + TAILQ_INSERT_TAIL(hosts, m, entries); + } + } + + /* + * A host list that contains ALL with no negated entries past it + * is equivalent to a list containing just "ALL". + */ + TAILQ_FOREACH_REVERSE(m, hosts, member_list, entries) { + if (m->negated) { + /* Don't try to handled negated entries. */ + break; + } + if (m->type == ALL) { + /* Replace member list with a single ALL entry. */ + if (!logged) { + log_warnx(U_("%s:%d:%d: converting host list to ALL"), + file, line, column); + } + TAILQ_REMOVE(hosts, m, entries); + free_members(hosts); + TAILQ_INSERT_TAIL(hosts, m, entries); + break; + } + } + + debug_return; +} + +/* + * Generate a unique name from old_name that is not used in parse_tree, + * subsequent parse_trees or merged_tree. + */ +static char * +alias_make_unique(const char *old_name, int type, + struct sudoers_parse_tree *parse_tree0, + struct sudoers_parse_tree *merged_tree) +{ + struct sudoers_parse_tree *parse_tree = parse_tree0; + char *cp, *new_name = NULL; + struct alias *a; + long long suffix; + size_t namelen; + debug_decl(alias_make_unique, SUDOERS_DEBUG_ALIAS); + + /* If old_name already has a suffix, increment it, else start with "_1". */ + suffix = 0; + namelen = strlen(old_name); + cp = strrchr(old_name, '_'); + if (cp != NULL && isdigit((unsigned char)cp[1])) { + suffix = sudo_strtonum(cp + 1, 0, LLONG_MAX, NULL); + if (suffix != 0) { + namelen = (size_t)(cp - old_name); + } + } + + for (;;) { + suffix++; + free(new_name); + if (asprintf(&new_name, "%.*s_%lld", (int)namelen, old_name, suffix) == -1) + sudo_fatalx(U_("%s: %s"), __func__, U_("unable to allocate memory")); + /* Make sure new_name is not already in use. */ + a = alias_get(merged_tree, new_name, type); + if (a != NULL) { + alias_put(a); + continue; + } + parse_tree = parse_tree0; + while ((parse_tree = TAILQ_NEXT(parse_tree, entries)) != NULL) { + a = alias_get(parse_tree, new_name, type); + if (a != NULL) { + alias_put(a); + break; + } + } + if (a == NULL) { + /* Must be unique. */ + break; + } + } + + debug_return_ptr(new_name); +} + +struct alias_rename_closure { + const char *old_name; + const char *new_name; + int type; +}; + +static int +alias_rename_members(struct sudoers_parse_tree *parse_tree, struct alias *a, + void *v) +{ + struct alias_rename_closure *closure = v; + struct member *m; + debug_decl(alias_rename_members, SUDOERS_DEBUG_ALIAS); + + if (a->type != closure->type) + debug_return_int(0); + + /* Replace old_name in member list, if present. */ + TAILQ_FOREACH(m, &a->members, entries) { + if (m->type == ALIAS && strcmp(m->name, closure->old_name) == 0) { + char *copy = strdup(closure->new_name); + if (copy == NULL) + sudo_fatalx(U_("%s: %s"), __func__, U_("unable to allocate memory")); + free(m->name); + m->name = copy; + } + } + + debug_return_int(0); +} + +static void +alias_rename_defaults(const char *old_name, const char *new_name, + int alias_type, struct defaults_list *defaults) +{ + struct defaults *def, *def_next; + struct member *m; + debug_decl(alias_rename_defaults, SUDOERS_DEBUG_ALIAS); + + TAILQ_FOREACH_SAFE(def, defaults, entries, def_next) { + /* Consecutive Defaults can share the same binding. */ + if (def_next != NULL && def->binding == def_next->binding) + continue; + + switch (def->type) { + case DEFAULTS_USER: + if (alias_type != USERALIAS) + continue; + break; + case DEFAULTS_RUNAS: + if (alias_type != RUNASALIAS) + continue; + break; + case DEFAULTS_HOST: + if (alias_type != HOSTALIAS) + continue; + break; + default: + continue; + } + + /* Rename matching aliases in the binding's member_list. */ + TAILQ_FOREACH(m, &def->binding->members, entries) { + if (m->type != ALIAS) + continue; + if (strcmp(m->name, old_name) == 0) { + char *copy = strdup(new_name); + if (copy == NULL) { + sudo_fatalx(U_("%s: %s"), __func__, + U_("unable to allocate memory")); + } + free(m->name); + m->name = copy; + } + } + } + + debug_return; +} + +static void +alias_rename_member(const char *old_name, const char *new_name, + struct member *m) +{ + debug_decl(alias_rename_member, SUDOERS_DEBUG_ALIAS); + + if (m->type == ALIAS && strcmp(m->name, old_name) == 0) { + char *copy = strdup(new_name); + if (copy == NULL) { + sudo_fatalx(U_("%s: %s"), __func__, + U_("unable to allocate memory")); + } + free(m->name); + m->name = copy; + } + + debug_return; +} + +static void +alias_rename_member_list(const char *old_name, const char *new_name, + struct member_list *members) +{ + struct member *m; + debug_decl(alias_rename_member_list, SUDOERS_DEBUG_ALIAS); + + TAILQ_FOREACH(m, members, entries) { + alias_rename_member(old_name, new_name, m); + } + + debug_return; +} + +static bool +alias_rename_userspecs(const char *old_name, const char *new_name, + int alias_type, struct userspec_list *userspecs) +{ + struct privilege *priv; + struct cmndspec *cs; + struct userspec *us; + bool ret = true; + debug_decl(alias_rename_userspecs, SUDOERS_DEBUG_ALIAS); + + TAILQ_FOREACH(us, userspecs, entries) { + if (alias_type == USERALIAS) { + alias_rename_member_list(old_name, new_name, &us->users); + } + TAILQ_FOREACH(priv, &us->privileges, entries) { + alias_rename_defaults(old_name, new_name, alias_type, &priv->defaults); + if (alias_type == HOSTALIAS) { + alias_rename_member_list(old_name, new_name, &priv->hostlist); + continue; + } + TAILQ_FOREACH(cs, &priv->cmndlist, entries) { + if (alias_type == CMNDALIAS) { + alias_rename_member(old_name, new_name, cs->cmnd); + continue; + } + if (alias_type == RUNASALIAS) { + if (cs->runasuserlist != NULL) { + alias_rename_member_list(old_name, new_name, cs->runasuserlist); + } + if (cs->runasgrouplist != NULL) { + alias_rename_member_list(old_name, new_name, cs->runasgrouplist); + } + } + } + } + } + + debug_return_bool(ret); +} + +/* + * Rename an alias in parse_tree and all the places where it is used. + */ +static bool +alias_rename(const char *old_name, const char *new_name, int alias_type, + struct sudoers_parse_tree *parse_tree) +{ + struct alias_rename_closure closure = { old_name, new_name, alias_type }; + struct alias *a; + debug_decl(alias_rename, SUDOERS_DEBUG_ALIAS); + + /* Remove under old name and add via new to maintain tree properties. */ + a = alias_remove(parse_tree, old_name, alias_type); + if (a == NULL) { + /* Should not happen. */ + sudo_warnx(U_("unable to find alias %s"), old_name); + debug_return_bool(false); + } + log_warnx(U_("%s:%d:%d: renaming alias %s to %s"), + a->file, a->line, a->column, a->name, new_name); + free(a->name); + a->name = strdup(new_name); + if (a->name == NULL) + sudo_fatalx(U_("%s: %s"), __func__, U_("unable to allocate memory")); + switch (rbinsert(parse_tree->aliases, a, NULL)) { + case 0: + /* success */ + break; + case 1: + /* Already present, should not happen. */ + errno = EEXIST; + sudo_warn(U_("%s: %s"), __func__, a->name); + break; + default: + sudo_fatalx(U_("%s: %s"), __func__, U_("unable to allocate memory")); + } + + /* Rename it in the aliases tree itself (aliases can be nested). */ + alias_apply(parse_tree, alias_rename_members, &closure); + + /* Rename it in the Defaults list. */ + alias_rename_defaults(old_name, new_name, alias_type, &parse_tree->defaults); + + /* Rename it in the userspecs list. */ + alias_rename_userspecs(old_name, new_name, alias_type, &parse_tree->userspecs); + + debug_return_bool(true); +} + +static int +alias_resolve_conflicts(struct sudoers_parse_tree *parse_tree0, struct alias *a, + void *v) +{ + struct sudoers_parse_tree *parse_tree = parse_tree0; + struct sudoers_parse_tree *merged_tree = v; + char *new_name; + int ret; + debug_decl(alias_resolve_conflicts, SUDOERS_DEBUG_ALIAS); + + /* + * Check for conflicting alias names in the subsequent sudoers files. + * Duplicates are removed and conflicting aliases are renamed. + * We cannot modify the alias tree that we are traversing. + */ + while ((parse_tree = TAILQ_NEXT(parse_tree, entries)) != NULL) { + struct alias *b = alias_get(parse_tree, a->name, a->type); + if (b == NULL) + continue; + + /* If alias 'b' is equivalent, remove it. */ + alias_put(b); + if (member_list_equivalent(&a->members, &b->members)) { + sudo_debug_printf(SUDO_DEBUG_INFO|SUDO_DEBUG_LINENO, + "removing duplicate alias %s from %p", a->name, parse_tree); + b = alias_remove(parse_tree, a->name, a->type); + log_warnx(U_("%s:%d:%d: removing duplicate alias %s"), + b->file, b->line, b->column, b->name); + alias_free(b); + continue; + } + + /* Rename alias 'b' to avoid a naming conflict. */ + new_name = alias_make_unique(a->name, a->type, parse_tree, merged_tree); + alias_rename(a->name, new_name, a->type, parse_tree); + free(new_name); + } + + /* + * The alias will exist in both the original and merged trees. + * This is not a problem as the caller will delete the old trees + * (without freeing the data). + */ + ret = rbinsert(merged_tree->aliases, a, NULL); + switch (ret) { + case 0: + /* success */ + break; + case 1: + /* already present, should not happen. */ + errno = EEXIST; + sudo_warn(U_("%s: %s"), __func__, a->name); + break; + default: + sudo_fatalx(U_("%s: %s"), __func__, U_("unable to allocate memory")); + } + + debug_return_int(0); +} + +static bool +merge_aliases(struct sudoers_parse_tree_list *parse_trees, + struct sudoers_parse_tree *merged_tree) +{ + struct sudoers_parse_tree *parse_tree; + debug_decl(merge_aliases, SUDOERS_DEBUG_ALIAS); + + /* + * For each parse_tree, check for collisions with alias names + * in subsequent parse trees. On collision, add a numbered + * suffix (e.g. ALIAS_1) to make the name unique and rename + * any uses of that alias in the affected parse_tree. + */ + TAILQ_FOREACH(parse_tree, parse_trees, entries) { + if (parse_tree->aliases == NULL) + continue; + + /* + * Resolve any conflicts in alias names, renaming aliases as + * needed and eliminating duplicates. + */ + alias_apply(parse_tree, alias_resolve_conflicts, merged_tree); + + /* + * Destroy the old alias tree without freeing the alias data + * which has been copied to merged_tree. + */ + rbdestroy(parse_tree->aliases, NULL); + parse_tree->aliases = NULL; + } + + debug_return_bool(true); +} + +/* + * Compare two defaults structs but not their actual value. + * Returns true if they refer to the same Defaults variable and binding. + * Also sets mergeable if they only differ in the binding. + * If override is true, a Defaults without a binding overrides one with + * a binding. + */ +static bool +defaults_var_matches(struct defaults *d1, struct defaults *d2, + bool *mergeable, bool override) +{ + debug_decl(defaults_var_matches, SUDOERS_DEBUG_DEFAULTS); + + if (d1->type != d2->type) { + /* A non-bound Defaults entry overrides a bound Defaults. */ + if (override && d2->type == DEFAULTS) + debug_return_bool(true); + debug_return_bool(false); + } + if (strcmp(d1->var, d2->var) != 0) + debug_return_bool(false); + if (d1->type != DEFAULTS) { + if (!member_list_equivalent(&d1->binding->members, &d2->binding->members)) { + if (mergeable != NULL) + *mergeable = true; + debug_return_bool(false); + } + } + + debug_return_bool(true); +} + +/* + * Compare the values of two defaults structs, which must be of the same type. + * Returns true if the value and operator match, else false. + */ +static bool +defaults_val_matches(struct defaults *d1, struct defaults *d2) +{ + debug_decl(defaults_val_matches, SUDOERS_DEBUG_DEFAULTS); + + /* XXX - what about list operators? */ + if (d1->op != d2->op) + debug_return_bool(false); + if (d1->val != NULL && d2->val != NULL && strcmp(d1->val, d2->val) != 0) + debug_return_bool(false); + if (d1->val != d2->val) + debug_return_bool(false); + + debug_return_bool(true); +} + +/* + * Returns true if d1 is equivalent to d2, else false. + */ +static bool +defaults_equivalent(struct defaults *d1, struct defaults *d2) +{ + debug_decl(defaults_equivalent, SUDOERS_DEBUG_DEFAULTS); + + if (!defaults_var_matches(d1, d2, NULL, false)) + debug_return_bool(false); + debug_return_bool(defaults_val_matches(d1, d2)); +} + +/* + * Returns true if dl1 is equivalent to dl2, else false. + */ +static bool +defaults_list_equivalent(struct defaults_list *dl1, struct defaults_list *dl2) +{ + struct defaults *d1 = TAILQ_FIRST(dl1); + struct defaults *d2 = TAILQ_FIRST(dl2); + debug_decl(defaults_list_equivalent, SUDOERS_DEBUG_DEFAULTS); + + while (d1 != NULL && d2 != NULL) { + if (!defaults_equivalent(d1, d2)) + debug_return_bool(false); + d1 = TAILQ_NEXT(d1, entries); + d2 = TAILQ_NEXT(d2, entries); + } + + if (d1 != NULL || d2 != NULL) + debug_return_bool(false); + debug_return_bool(true); +} + +enum cvtsudoers_conflict { + CONFLICT_NONE, + CONFLICT_RESOLVED, + CONFLICT_UNRESOLVED +}; + +/* + * Check for duplicate and conflicting Defaults entries in later sudoers files. + * Returns true if we find a conflict or duplicate, else false. + */ +static enum cvtsudoers_conflict +defaults_check_conflict(struct defaults *def, + struct sudoers_parse_tree *parse_tree0) +{ + struct sudoers_parse_tree *parse_tree = parse_tree0; + struct defaults *d; + debug_decl(defaults_check_conflict, SUDOERS_DEBUG_DEFAULTS); + + while ((parse_tree = TAILQ_NEXT(parse_tree, entries)) != NULL) { + /* If no host specified, plain Defaults overrides bound Defaults. */ + const bool override = parse_tree->lhost == NULL; + + TAILQ_FOREACH_REVERSE(d, &parse_tree->defaults, defaults_list, entries) { + bool mergeable = false; + + /* + * We currently only merge host-based Defaults but could do + * others as well. Lists in Defaults entries can be harder + * to read, especially command lists. + */ + if (!defaults_var_matches(def, d, &mergeable, override)) { + if (!mergeable || def->type != DEFAULTS_HOST) + continue; + } + if (defaults_val_matches(def, d)) { + /* Duplicate Defaults entry (may need to merge binding). */ + if (mergeable) { + /* Prepend def binding to d (hence double concat). */ + TAILQ_CONCAT(&def->binding->members, &d->binding->members, entries); + TAILQ_CONCAT(&d->binding->members, &def->binding->members, entries); + } + debug_return_int(CONFLICT_RESOLVED); + } + log_warnx(U_("%s:%d:%d: conflicting Defaults entry \"%s\" host-specific in %s:%d:%d"), + def->file, def->line, def->column, def->var, + d->file, d->line, d->column); + debug_return_int(CONFLICT_UNRESOLVED); + } + } + + debug_return_int(CONFLICT_NONE); +} + +/* + * Merge Defaults entries in parse_trees and store the result in + * merged_tree. If a hostname was specified with the sudoers source, + * create a host-specific Defaults entry where possible. + * Returns true on success, else false. + */ +static bool +merge_defaults(struct sudoers_parse_tree_list *parse_trees, + struct sudoers_parse_tree *merged_tree, struct member_list *bound_hosts) +{ + struct sudoers_parse_tree *parse_tree; + struct defaults *def; + struct member *m; + debug_decl(merge_defaults, SUDOERS_DEBUG_DEFAULTS); + + TAILQ_FOREACH(parse_tree, parse_trees, entries) { + /* + * If parse_tree has a host name associated with it, + * try to make the Defaults setting host-specific. + */ + TAILQ_FOREACH(def, &parse_tree->defaults, entries) { + if (parse_tree->lhost != NULL && def->type == DEFAULTS) { + m = calloc(1, sizeof(*m)); + if (m == NULL) { + sudo_fatalx(U_("%s: %s"), __func__, + U_("unable to allocate memory")); + } + log_warnx(U_("%s:%d:%d: made Defaults \"%s\" specific to host %s"), + def->file, def->line, def->column, def->var, + parse_tree->lhost); + m->name = strdup(parse_tree->lhost); + if (m->name == NULL) { + sudo_fatalx(U_("%s: %s"), __func__, + U_("unable to allocate memory")); + } + m->type = WORD; + TAILQ_INIT(&def->binding->members); + def->binding->refcnt = 1; + TAILQ_INSERT_TAIL(&def->binding->members, m, entries); + def->type = DEFAULTS_HOST; + } + } + } + + TAILQ_FOREACH(parse_tree, parse_trees, entries) { + while ((def = TAILQ_FIRST(&parse_tree->defaults)) != NULL) { + /* + * Only add Defaults entry if not overridden by subsequent sudoers. + */ + TAILQ_REMOVE(&parse_tree->defaults, def, entries); + switch (defaults_check_conflict(def, parse_tree)) { + case CONFLICT_NONE: + if (def->type != DEFAULTS_HOST) { + log_warnx(U_("%s:%d:%d: unable to make Defaults \"%s\" host-specific"), + def->file, def->line, def->column, def->var); + } + TAILQ_INSERT_TAIL(&merged_tree->defaults, def, entries); + break; + case CONFLICT_RESOLVED: + /* Duplicate or merged into a subsequent Defaults setting. */ + free_default(def); + break; + case CONFLICT_UNRESOLVED: + log_warnx(U_("%s:%d:%d: removing Defaults \"%s\" overridden by subsequent entries"), + def->file, def->line, def->column, def->var); + free_default(def); + break; + } + } + } + + /* + * Simplify host lists in the merged Defaults. + */ + TAILQ_FOREACH(def, &merged_tree->defaults, entries) { + /* TODO: handle refcnt != 1 */ + if (def->type == DEFAULTS_HOST && def->binding->refcnt == 1) { + simplify_host_list(&def->binding->members, def->file, def->line, + def->column, bound_hosts); + m = TAILQ_FIRST(&def->binding->members); + if (m->type == ALL && !m->negated) { + if (TAILQ_NEXT(m, entries) == NULL) { + /* Convert Defaults@ALL -> Defaults */ + def->type = DEFAULTS; + free_members(&def->binding->members); + TAILQ_INIT(&def->binding->members); + } + } + } + } + + debug_return_bool(true); +} + +/* + * Returns true if cs1 is equivalent to cs2, else false. + */ +static bool +cmndspec_equivalent(struct cmndspec *cs1, struct cmndspec *cs2, bool check_negated) +{ + debug_decl(cmndspec_equivalent, SUDOERS_DEBUG_PARSER); + + if (cs1->runasuserlist != NULL && cs2->runasuserlist != NULL) { + if (!member_list_override(cs1->runasuserlist, cs2->runasuserlist, check_negated)) + debug_return_bool(false); + } else if (cs1->runasuserlist != cs2->runasuserlist) { + debug_return_bool(false); + } + if (cs1->runasgrouplist != NULL && cs2->runasgrouplist != NULL) { + if (!member_list_override(cs1->runasgrouplist, cs2->runasgrouplist, check_negated)) + debug_return_bool(false); + } else if (cs1->runasgrouplist != cs2->runasgrouplist) { + debug_return_bool(false); + } + if (!member_equivalent(cs1->cmnd, cs2->cmnd)) + debug_return_bool(false); + if (TAGS_CHANGED(cs1->tags, cs2->tags)) + debug_return_bool(false); + if (cs1->timeout != cs2->timeout) + debug_return_bool(false); + if (cs1->notbefore != cs2->notbefore) + debug_return_bool(false); + if (cs1->notafter != cs2->notafter) + debug_return_bool(false); + if (cs1->runcwd != NULL && cs2->runcwd != NULL) { + if (strcmp(cs1->runcwd, cs2->runcwd) != 0) + debug_return_bool(false); + } else if (cs1->runcwd != cs2->runcwd) { + debug_return_bool(false); + } + if (cs1->runchroot != NULL && cs2->runchroot != NULL) { + if (strcmp(cs1->runchroot, cs2->runchroot) != 0) + debug_return_bool(false); + } else if (cs1->runchroot != cs2->runchroot) { + debug_return_bool(false); + } +#ifdef HAVE_SELINUX + if (cs1->role != NULL && cs2->role != NULL) { + if (strcmp(cs1->role, cs2->role) != 0) + debug_return_bool(false); + } else if (cs1->role != cs2->role) { + debug_return_bool(false); + } + if (cs1->type != NULL && cs2->type != NULL) { + if (strcmp(cs1->type, cs2->type) != 0) + debug_return_bool(false); + } else if (cs1->type != cs2->type) { + debug_return_bool(false); + } +#endif +#ifdef HAVE_PRIV_SET + if (cs1->privs != NULL && cs2->privs != NULL) { + if (strcmp(cs1->privs, cs2->privs) != 0) + debug_return_bool(false); + } else if (cs1->privs != cs2->privs) { + debug_return_bool(false); + } + if (cs1->limitprivs != NULL && cs2->limitprivs != NULL) { + if (strcmp(cs1->limitprivs, cs2->limitprivs) != 0) + debug_return_bool(false); + } else if (cs1->limitprivs != cs2->limitprivs) { + debug_return_bool(false); + } +#endif + + debug_return_bool(true); +} + +/* + * Returns true if csl1 is equivalent to csl2, else false. + */ +static bool +cmndspec_list_equivalent(struct cmndspec_list *csl1, struct cmndspec_list *csl2, + bool check_negated) +{ + struct cmndspec *cs1 = TAILQ_FIRST(csl1); + struct cmndspec *cs2 = TAILQ_FIRST(csl2); + debug_decl(cmndspec_list_equivalent, SUDOERS_DEBUG_PARSER); + + while (cs1 != NULL && cs2 != NULL) { + if (!cmndspec_equivalent(cs1, cs2, check_negated)) + debug_return_bool(false); + cs1 = TAILQ_NEXT(cs1, entries); + cs2 = TAILQ_NEXT(cs2, entries); + } + + if (cs1 != NULL || cs2 != NULL) + debug_return_bool(false); + debug_return_bool(true); +} + +/* + * Check whether userspec us1 is overridden by another sudoers file entry. + * If us1 and another userspec differ only in their host lists, merges + * the hosts from us1 into that userspec. + * Returns true if overridden, else false. + * TODO: merge privs + */ +static enum cvtsudoers_conflict +userspec_overridden(struct userspec *us1, + struct sudoers_parse_tree *parse_tree, bool check_negated) +{ + struct userspec *us2; + bool hosts_differ = false; + debug_decl(userspec_overridden, SUDOERS_DEBUG_PARSER); + + if (TAILQ_EMPTY(&parse_tree->userspecs)) + debug_return_int(CONFLICT_NONE); + + /* Sudoers rules are applied in reverse order (last match wins). */ + TAILQ_FOREACH_REVERSE(us2, &parse_tree->userspecs, userspec_list, entries) { + struct privilege *priv1, *priv2; + + if (!member_list_override(&us1->users, &us2->users, check_negated)) + continue; + + /* XXX - order should not matter */ + priv1 = TAILQ_LAST(&us1->privileges, privilege_list); + priv2 = TAILQ_LAST(&us2->privileges, privilege_list); + while (priv1 != NULL && priv2 != NULL) { + if (!defaults_list_equivalent(&priv1->defaults, &priv2->defaults)) + break; + if (!cmndspec_list_equivalent(&priv1->cmndlist, &priv2->cmndlist, check_negated)) + break; + + if (!member_list_override(&priv1->hostlist, &priv2->hostlist, check_negated)) + hosts_differ = true; + + priv1 = TAILQ_PREV(priv1, privilege_list, entries); + priv2 = TAILQ_PREV(priv2, privilege_list, entries); + } + if (priv1 != NULL || priv2 != NULL) { + /* mismatch */ + continue; + } + + /* + * If we have a match of everything except the host list, + * merge the differing host lists. + */ + if (hosts_differ) { + priv1 = TAILQ_LAST(&us1->privileges, privilege_list); + priv2 = TAILQ_LAST(&us2->privileges, privilege_list); + while (priv1 != NULL && priv2 != NULL) { + if (!member_list_override(&priv1->hostlist, &priv2->hostlist, check_negated)) { + /* + * Priv matches but hosts differ, prepend priv1 hostlist + * to into priv2 hostlist (hence the double concat). + */ + TAILQ_CONCAT(&priv1->hostlist, &priv2->hostlist, entries); + TAILQ_CONCAT(&priv2->hostlist, &priv1->hostlist, entries); + log_warnx(U_("%s:%d:%d: merging userspec into %s:%d:%d"), + us1->file, us1->line, us1->column, + us2->file, us2->line, us2->column); + } + priv1 = TAILQ_PREV(priv1, privilege_list, entries); + priv2 = TAILQ_PREV(priv2, privilege_list, entries); + } + debug_return_int(CONFLICT_RESOLVED); + } + debug_return_int(CONFLICT_UNRESOLVED); + } + + debug_return_int(CONFLICT_NONE); +} + +/* + * Check whether userspec us1 is overridden by another sudoers file entry. + * If us1 and another userspec differ only in their host lists, merges + * the hosts from us1 into that userspec. + * Returns true if overridden, else false. + */ +static enum cvtsudoers_conflict +userspec_check_conflict(struct userspec *us1, + struct sudoers_parse_tree *parse_tree0) +{ + struct sudoers_parse_tree *parse_tree = parse_tree0; + debug_decl(userspec_check_conflict, SUDOERS_DEBUG_PARSER); + + while ((parse_tree = TAILQ_NEXT(parse_tree, entries)) != NULL) { + enum cvtsudoers_conflict ret = + userspec_overridden(us1, parse_tree, false); + if (ret != CONFLICT_NONE) + debug_return_int(ret); + } + + debug_return_int(CONFLICT_NONE); +} + +/* + * Merge userspecs in parse_trees and store the result in merged_tree. + * If a hostname was specified with the sudoers source, make the + * privilege host-specific where possible. + * Returns true on success, else false. + */ +static bool +merge_userspecs(struct sudoers_parse_tree_list *parse_trees, + struct sudoers_parse_tree *merged_tree, struct member_list *bound_hosts) +{ + struct sudoers_parse_tree *parse_tree; + struct userspec *us; + struct privilege *priv; + struct member *m; + debug_decl(merge_userspecs, SUDOERS_DEBUG_DEFAULTS); + + /* + * If parse_tree has a host name associated with it, + * try to make the privilege host-specific. + */ + TAILQ_FOREACH(parse_tree, parse_trees, entries) { + if (parse_tree->lhost == NULL) + continue; + TAILQ_FOREACH(us, &parse_tree->userspecs, entries) { + TAILQ_FOREACH(priv, &us->privileges, entries) { + TAILQ_FOREACH(m, &priv->hostlist, entries) { + /* We don't alter !ALL in a hostlist (XXX - should we?). */ + if (m->type == ALL && !m->negated) { + m->type = WORD; + m->name = strdup(parse_tree->lhost); + if (m->name == NULL) { + sudo_fatalx(U_("%s: %s"), __func__, + U_("unable to allocate memory")); + } + } + } + } + } + } + + /* + * Prune out duplicate userspecs after substituting hostname(s). + * Traverse the list in reverse order--in sudoers last match wins. + * XXX - do this at the privilege/cmndspec level instead. + */ + TAILQ_FOREACH(parse_tree, parse_trees, entries) { + while ((us = TAILQ_LAST(&parse_tree->userspecs, userspec_list)) != NULL) { + TAILQ_REMOVE(&parse_tree->userspecs, us, entries); + switch (userspec_check_conflict(us, parse_tree)) { + case CONFLICT_NONE: + TAILQ_INSERT_HEAD(&merged_tree->userspecs, us, entries); + break; + case CONFLICT_RESOLVED: + free_userspec(us); + break; + case CONFLICT_UNRESOLVED: + log_warnx(U_("%s:%d:%d: removing userspec overridden by subsequent entries"), + us->file, us->line, us->column); + free_userspec(us); + break; + } + } + } + + /* + * Simplify member lists in the merged tree. + * Convert host lists with all hosts listed to "ALL" and + * collapse other entries around "ALL". + */ + TAILQ_FOREACH_REVERSE(us, &merged_tree->userspecs, userspec_list, entries) { + TAILQ_FOREACH_REVERSE(priv, &us->privileges, privilege_list, entries) { + /* TODO: simplify other lists? */ + simplify_host_list(&priv->hostlist, us->file, us->line, us->column, + bound_hosts); + } + } + + debug_return_bool(true); +} + +struct sudoers_parse_tree * +merge_sudoers(struct sudoers_parse_tree_list *parse_trees, + struct sudoers_parse_tree *merged_tree) +{ + struct member_list bound_hosts = TAILQ_HEAD_INITIALIZER(bound_hosts); + struct sudoers_parse_tree *parse_tree; + debug_decl(merge_sudoers, SUDOERS_DEBUG_UTIL); + + /* + * If all sudoers sources have a host associated with them, we + * can replace a list of those hosts with "ALL" in Defaults + * and userspecs. + */ + TAILQ_FOREACH(parse_tree, parse_trees, entries) { + if (parse_tree->lhost == NULL) + break; + } + if (parse_tree == NULL) { + TAILQ_FOREACH(parse_tree, parse_trees, entries) { + struct member *m = calloc(1, sizeof(*m)); + if (m == NULL) { + sudo_fatalx(U_("%s: %s"), __func__, + U_("unable to allocate memory")); + } + m->type = WORD; + m->name = strdup(parse_tree->lhost); + if (m->name == NULL) { + sudo_fatalx(U_("%s: %s"), __func__, + U_("unable to allocate memory")); + } + TAILQ_INSERT_TAIL(&bound_hosts, m, entries); + } + } + + if ((merged_tree->aliases = alloc_aliases()) == NULL) + sudo_fatalx(U_("%s: %s"), __func__, U_("unable to allocate memory")); + + if (!merge_aliases(parse_trees, merged_tree)) + goto bad; + + if (!merge_defaults(parse_trees, merged_tree, &bound_hosts)) + goto bad; + + if (!merge_userspecs(parse_trees, merged_tree, &bound_hosts)) + goto bad; + + free_members(&bound_hosts); + debug_return_ptr(merged_tree); +bad: + free_members(&bound_hosts); + debug_return_ptr(NULL); +} diff -Nru sudo-1.9.5p2/plugins/sudoers/def_data.c sudo-1.9.9/plugins/sudoers/def_data.c --- sudo-1.9.5p2/plugins/sudoers/def_data.c 2021-01-09 20:12:16.000000000 +0000 +++ sudo-1.9.9/plugins/sudoers/def_data.c 2022-01-27 21:24:22.000000000 +0000 @@ -398,6 +398,10 @@ N_("PAM service name to use for login shells: %s"), NULL, }, { + "pam_askpass_service", T_STR, + N_("PAM service name to use when sudo is run with the -A option: %s"), + NULL, + }, { "pam_setcred", T_FLAG, N_("Attempt to establish PAM credentials for the target user"), NULL, @@ -574,6 +578,74 @@ N_("Enable SELinux RBAC support"), NULL, }, { + "admin_flag", T_STR|T_BOOL|T_CHPATH, + N_("Path to the file that is created the first time sudo is run: %s"), + NULL, + }, { + "intercept", T_FLAG, + N_("Intercept further commands and apply sudoers restrictions to them"), + NULL, + }, { + "log_subcmds", T_FLAG, + N_("Log sub-commands run by the original command"), + NULL, + }, { + "log_exit_status", T_FLAG, + N_("Log the exit status of commands"), + NULL, + }, { + "intercept_authenticate", T_FLAG, + N_("Subsequent commands in an intercepted session must be authenticated"), + NULL, + }, { + "intercept_allow_setid", T_FLAG, + N_("Allow an intercepted command to run set setuid or setgid programs"), + NULL, + }, { + "rlimit_as", T_RLIMIT|T_BOOL, + N_("The maximum size to which the process's address space may grow (in bytes): %s"), + NULL, + }, { + "rlimit_core", T_RLIMIT|T_BOOL, + N_("The largest size core dump file that may be created (in bytes): %s"), + NULL, + }, { + "rlimit_cpu", T_RLIMIT|T_BOOL, + N_("The maximum amount of CPU time that the process may use (in seconds): %s"), + NULL, + }, { + "rlimit_data", T_RLIMIT|T_BOOL, + N_("The maximum size of the data segment for the process (in bytes): %s"), + NULL, + }, { + "rlimit_fsize", T_RLIMIT|T_BOOL, + N_("The largest size file that the process may create (in bytes): %s"), + NULL, + }, { + "rlimit_locks", T_RLIMIT|T_BOOL, + N_("The maximum number of locks that the process may establish: %s"), + NULL, + }, { + "rlimit_memlock", T_RLIMIT|T_BOOL, + N_("The maximum size that the process may lock in memory (in bytes): %s"), + NULL, + }, { + "rlimit_nofile", T_RLIMIT|T_BOOL, + N_("The maximum number of files that the process may have open: %s"), + NULL, + }, { + "rlimit_nproc", T_RLIMIT|T_BOOL, + N_("The maximum number of processes that the user may run simultaneously: %s"), + NULL, + }, { + "rlimit_rss", T_RLIMIT|T_BOOL, + N_("The maximum size to which the process's resident set size may grow (in bytes): %s"), + NULL, + }, { + "rlimit_stack", T_RLIMIT|T_BOOL, + N_("The maximum size to which the process's stack may grow (in bytes): %s"), + NULL, + }, { NULL, 0, NULL } }; diff -Nru sudo-1.9.5p2/plugins/sudoers/def_data.h sudo-1.9.9/plugins/sudoers/def_data.h --- sudo-1.9.5p2/plugins/sudoers/def_data.h 2021-01-09 20:12:16.000000000 +0000 +++ sudo-1.9.9/plugins/sudoers/def_data.h 2022-01-27 21:24:22.000000000 +0000 @@ -176,94 +176,130 @@ #define def_pam_service (sudo_defs_table[I_PAM_SERVICE].sd_un.str) #define I_PAM_LOGIN_SERVICE 87 #define def_pam_login_service (sudo_defs_table[I_PAM_LOGIN_SERVICE].sd_un.str) -#define I_PAM_SETCRED 88 +#define I_PAM_ASKPASS_SERVICE 88 +#define def_pam_askpass_service (sudo_defs_table[I_PAM_ASKPASS_SERVICE].sd_un.str) +#define I_PAM_SETCRED 89 #define def_pam_setcred (sudo_defs_table[I_PAM_SETCRED].sd_un.flag) -#define I_PAM_SESSION 89 +#define I_PAM_SESSION 90 #define def_pam_session (sudo_defs_table[I_PAM_SESSION].sd_un.flag) -#define I_PAM_ACCT_MGMT 90 +#define I_PAM_ACCT_MGMT 91 #define def_pam_acct_mgmt (sudo_defs_table[I_PAM_ACCT_MGMT].sd_un.flag) -#define I_MAXSEQ 91 +#define I_MAXSEQ 92 #define def_maxseq (sudo_defs_table[I_MAXSEQ].sd_un.str) -#define I_USE_NETGROUPS 92 +#define I_USE_NETGROUPS 93 #define def_use_netgroups (sudo_defs_table[I_USE_NETGROUPS].sd_un.flag) -#define I_SUDOEDIT_CHECKDIR 93 +#define I_SUDOEDIT_CHECKDIR 94 #define def_sudoedit_checkdir (sudo_defs_table[I_SUDOEDIT_CHECKDIR].sd_un.flag) -#define I_SUDOEDIT_FOLLOW 94 +#define I_SUDOEDIT_FOLLOW 95 #define def_sudoedit_follow (sudo_defs_table[I_SUDOEDIT_FOLLOW].sd_un.flag) -#define I_ALWAYS_QUERY_GROUP_PLUGIN 95 +#define I_ALWAYS_QUERY_GROUP_PLUGIN 96 #define def_always_query_group_plugin (sudo_defs_table[I_ALWAYS_QUERY_GROUP_PLUGIN].sd_un.flag) -#define I_NETGROUP_TUPLE 96 +#define I_NETGROUP_TUPLE 97 #define def_netgroup_tuple (sudo_defs_table[I_NETGROUP_TUPLE].sd_un.flag) -#define I_IGNORE_AUDIT_ERRORS 97 +#define I_IGNORE_AUDIT_ERRORS 98 #define def_ignore_audit_errors (sudo_defs_table[I_IGNORE_AUDIT_ERRORS].sd_un.flag) -#define I_IGNORE_IOLOG_ERRORS 98 +#define I_IGNORE_IOLOG_ERRORS 99 #define def_ignore_iolog_errors (sudo_defs_table[I_IGNORE_IOLOG_ERRORS].sd_un.flag) -#define I_IGNORE_LOGFILE_ERRORS 99 +#define I_IGNORE_LOGFILE_ERRORS 100 #define def_ignore_logfile_errors (sudo_defs_table[I_IGNORE_LOGFILE_ERRORS].sd_un.flag) -#define I_MATCH_GROUP_BY_GID 100 +#define I_MATCH_GROUP_BY_GID 101 #define def_match_group_by_gid (sudo_defs_table[I_MATCH_GROUP_BY_GID].sd_un.flag) -#define I_SYSLOG_MAXLEN 101 +#define I_SYSLOG_MAXLEN 102 #define def_syslog_maxlen (sudo_defs_table[I_SYSLOG_MAXLEN].sd_un.uival) -#define I_IOLOG_USER 102 +#define I_IOLOG_USER 103 #define def_iolog_user (sudo_defs_table[I_IOLOG_USER].sd_un.str) -#define I_IOLOG_GROUP 103 +#define I_IOLOG_GROUP 104 #define def_iolog_group (sudo_defs_table[I_IOLOG_GROUP].sd_un.str) -#define I_IOLOG_MODE 104 +#define I_IOLOG_MODE 105 #define def_iolog_mode (sudo_defs_table[I_IOLOG_MODE].sd_un.mode) -#define I_FDEXEC 105 +#define I_FDEXEC 106 #define def_fdexec (sudo_defs_table[I_FDEXEC].sd_un.tuple) -#define I_IGNORE_UNKNOWN_DEFAULTS 106 +#define I_IGNORE_UNKNOWN_DEFAULTS 107 #define def_ignore_unknown_defaults (sudo_defs_table[I_IGNORE_UNKNOWN_DEFAULTS].sd_un.flag) -#define I_COMMAND_TIMEOUT 107 +#define I_COMMAND_TIMEOUT 108 #define def_command_timeout (sudo_defs_table[I_COMMAND_TIMEOUT].sd_un.ival) -#define I_USER_COMMAND_TIMEOUTS 108 +#define I_USER_COMMAND_TIMEOUTS 109 #define def_user_command_timeouts (sudo_defs_table[I_USER_COMMAND_TIMEOUTS].sd_un.flag) -#define I_IOLOG_FLUSH 109 +#define I_IOLOG_FLUSH 110 #define def_iolog_flush (sudo_defs_table[I_IOLOG_FLUSH].sd_un.flag) -#define I_SYSLOG_PID 110 +#define I_SYSLOG_PID 111 #define def_syslog_pid (sudo_defs_table[I_SYSLOG_PID].sd_un.flag) -#define I_TIMESTAMP_TYPE 111 +#define I_TIMESTAMP_TYPE 112 #define def_timestamp_type (sudo_defs_table[I_TIMESTAMP_TYPE].sd_un.tuple) -#define I_AUTHFAIL_MESSAGE 112 +#define I_AUTHFAIL_MESSAGE 113 #define def_authfail_message (sudo_defs_table[I_AUTHFAIL_MESSAGE].sd_un.str) -#define I_CASE_INSENSITIVE_USER 113 +#define I_CASE_INSENSITIVE_USER 114 #define def_case_insensitive_user (sudo_defs_table[I_CASE_INSENSITIVE_USER].sd_un.flag) -#define I_CASE_INSENSITIVE_GROUP 114 +#define I_CASE_INSENSITIVE_GROUP 115 #define def_case_insensitive_group (sudo_defs_table[I_CASE_INSENSITIVE_GROUP].sd_un.flag) -#define I_LOG_ALLOWED 115 +#define I_LOG_ALLOWED 116 #define def_log_allowed (sudo_defs_table[I_LOG_ALLOWED].sd_un.flag) -#define I_LOG_DENIED 116 +#define I_LOG_DENIED 117 #define def_log_denied (sudo_defs_table[I_LOG_DENIED].sd_un.flag) -#define I_LOG_SERVERS 117 +#define I_LOG_SERVERS 118 #define def_log_servers (sudo_defs_table[I_LOG_SERVERS].sd_un.list) -#define I_LOG_SERVER_TIMEOUT 118 +#define I_LOG_SERVER_TIMEOUT 119 #define def_log_server_timeout (sudo_defs_table[I_LOG_SERVER_TIMEOUT].sd_un.ival) -#define I_LOG_SERVER_KEEPALIVE 119 +#define I_LOG_SERVER_KEEPALIVE 120 #define def_log_server_keepalive (sudo_defs_table[I_LOG_SERVER_KEEPALIVE].sd_un.flag) -#define I_LOG_SERVER_CABUNDLE 120 +#define I_LOG_SERVER_CABUNDLE 121 #define def_log_server_cabundle (sudo_defs_table[I_LOG_SERVER_CABUNDLE].sd_un.str) -#define I_LOG_SERVER_PEER_CERT 121 +#define I_LOG_SERVER_PEER_CERT 122 #define def_log_server_peer_cert (sudo_defs_table[I_LOG_SERVER_PEER_CERT].sd_un.str) -#define I_LOG_SERVER_PEER_KEY 122 +#define I_LOG_SERVER_PEER_KEY 123 #define def_log_server_peer_key (sudo_defs_table[I_LOG_SERVER_PEER_KEY].sd_un.str) -#define I_LOG_SERVER_VERIFY 123 +#define I_LOG_SERVER_VERIFY 124 #define def_log_server_verify (sudo_defs_table[I_LOG_SERVER_VERIFY].sd_un.flag) -#define I_RUNAS_ALLOW_UNKNOWN_ID 124 +#define I_RUNAS_ALLOW_UNKNOWN_ID 125 #define def_runas_allow_unknown_id (sudo_defs_table[I_RUNAS_ALLOW_UNKNOWN_ID].sd_un.flag) -#define I_RUNAS_CHECK_SHELL 125 +#define I_RUNAS_CHECK_SHELL 126 #define def_runas_check_shell (sudo_defs_table[I_RUNAS_CHECK_SHELL].sd_un.flag) -#define I_PAM_RUSER 126 +#define I_PAM_RUSER 127 #define def_pam_ruser (sudo_defs_table[I_PAM_RUSER].sd_un.flag) -#define I_PAM_RHOST 127 +#define I_PAM_RHOST 128 #define def_pam_rhost (sudo_defs_table[I_PAM_RHOST].sd_un.flag) -#define I_RUNCWD 128 +#define I_RUNCWD 129 #define def_runcwd (sudo_defs_table[I_RUNCWD].sd_un.str) -#define I_RUNCHROOT 129 +#define I_RUNCHROOT 130 #define def_runchroot (sudo_defs_table[I_RUNCHROOT].sd_un.str) -#define I_LOG_FORMAT 130 +#define I_LOG_FORMAT 131 #define def_log_format (sudo_defs_table[I_LOG_FORMAT].sd_un.tuple) -#define I_SELINUX 131 +#define I_SELINUX 132 #define def_selinux (sudo_defs_table[I_SELINUX].sd_un.flag) +#define I_ADMIN_FLAG 133 +#define def_admin_flag (sudo_defs_table[I_ADMIN_FLAG].sd_un.str) +#define I_INTERCEPT 134 +#define def_intercept (sudo_defs_table[I_INTERCEPT].sd_un.flag) +#define I_LOG_SUBCMDS 135 +#define def_log_subcmds (sudo_defs_table[I_LOG_SUBCMDS].sd_un.flag) +#define I_LOG_EXIT_STATUS 136 +#define def_log_exit_status (sudo_defs_table[I_LOG_EXIT_STATUS].sd_un.flag) +#define I_INTERCEPT_AUTHENTICATE 137 +#define def_intercept_authenticate (sudo_defs_table[I_INTERCEPT_AUTHENTICATE].sd_un.flag) +#define I_INTERCEPT_ALLOW_SETID 138 +#define def_intercept_allow_setid (sudo_defs_table[I_INTERCEPT_ALLOW_SETID].sd_un.flag) +#define I_RLIMIT_AS 139 +#define def_rlimit_as (sudo_defs_table[I_RLIMIT_AS].sd_un.str) +#define I_RLIMIT_CORE 140 +#define def_rlimit_core (sudo_defs_table[I_RLIMIT_CORE].sd_un.str) +#define I_RLIMIT_CPU 141 +#define def_rlimit_cpu (sudo_defs_table[I_RLIMIT_CPU].sd_un.str) +#define I_RLIMIT_DATA 142 +#define def_rlimit_data (sudo_defs_table[I_RLIMIT_DATA].sd_un.str) +#define I_RLIMIT_FSIZE 143 +#define def_rlimit_fsize (sudo_defs_table[I_RLIMIT_FSIZE].sd_un.str) +#define I_RLIMIT_LOCKS 144 +#define def_rlimit_locks (sudo_defs_table[I_RLIMIT_LOCKS].sd_un.str) +#define I_RLIMIT_MEMLOCK 145 +#define def_rlimit_memlock (sudo_defs_table[I_RLIMIT_MEMLOCK].sd_un.str) +#define I_RLIMIT_NOFILE 146 +#define def_rlimit_nofile (sudo_defs_table[I_RLIMIT_NOFILE].sd_un.str) +#define I_RLIMIT_NPROC 147 +#define def_rlimit_nproc (sudo_defs_table[I_RLIMIT_NPROC].sd_un.str) +#define I_RLIMIT_RSS 148 +#define def_rlimit_rss (sudo_defs_table[I_RLIMIT_RSS].sd_un.str) +#define I_RLIMIT_STACK 149 +#define def_rlimit_stack (sudo_defs_table[I_RLIMIT_STACK].sd_un.str) enum def_tuple { never, diff -Nru sudo-1.9.5p2/plugins/sudoers/def_data.in sudo-1.9.9/plugins/sudoers/def_data.in --- sudo-1.9.5p2/plugins/sudoers/def_data.in 2021-01-09 20:12:16.000000000 +0000 +++ sudo-1.9.9/plugins/sudoers/def_data.in 2022-01-27 21:24:22.000000000 +0000 @@ -277,6 +277,9 @@ pam_login_service T_STR "PAM service name to use for login shells: %s" +pam_askpass_service + T_STR + "PAM service name to use when sudo is run with the -A option: %s" pam_setcred T_FLAG "Attempt to establish PAM credentials for the target user" @@ -412,3 +415,54 @@ selinux T_FLAG "Enable SELinux RBAC support" +admin_flag + T_STR|T_BOOL|T_CHPATH + "Path to the file that is created the first time sudo is run: %s" +intercept + T_FLAG + "Intercept further commands and apply sudoers restrictions to them" +log_subcmds + T_FLAG + "Log sub-commands run by the original command" +log_exit_status + T_FLAG + "Log the exit status of commands" +intercept_authenticate + T_FLAG + "Subsequent commands in an intercepted session must be authenticated" +intercept_allow_setid + T_FLAG + "Allow an intercepted command to run set setuid or setgid programs" +rlimit_as + T_RLIMIT|T_BOOL + "The maximum size to which the process's address space may grow (in bytes): %s" +rlimit_core + T_RLIMIT|T_BOOL + "The largest size core dump file that may be created (in bytes): %s" +rlimit_cpu + T_RLIMIT|T_BOOL + "The maximum amount of CPU time that the process may use (in seconds): %s" +rlimit_data + T_RLIMIT|T_BOOL + "The maximum size of the data segment for the process (in bytes): %s" +rlimit_fsize + T_RLIMIT|T_BOOL + "The largest size file that the process may create (in bytes): %s" +rlimit_locks + T_RLIMIT|T_BOOL + "The maximum number of locks that the process may establish: %s" +rlimit_memlock + T_RLIMIT|T_BOOL + "The maximum size that the process may lock in memory (in bytes): %s" +rlimit_nofile + T_RLIMIT|T_BOOL + "The maximum number of files that the process may have open: %s" +rlimit_nproc + T_RLIMIT|T_BOOL + "The maximum number of processes that the user may run simultaneously: %s" +rlimit_rss + T_RLIMIT|T_BOOL + "The maximum size to which the process's resident set size may grow (in bytes): %s" +rlimit_stack + T_RLIMIT|T_BOOL + "The maximum size to which the process's stack may grow (in bytes): %s" diff -Nru sudo-1.9.5p2/plugins/sudoers/defaults.c sudo-1.9.9/plugins/sudoers/defaults.c --- sudo-1.9.5p2/plugins/sudoers/defaults.c 2021-01-09 20:12:16.000000000 +0000 +++ sudo-1.9.9/plugins/sudoers/defaults.c 2022-01-27 21:24:22.000000000 +0000 @@ -34,6 +34,8 @@ #include #include #include +#include +#include #include #include "sudoers.h" @@ -67,6 +69,7 @@ static bool store_tuple(const char *str, union sudo_defs_val *sd_un, struct def_values *tuple_vals); static bool store_uint(const char *str, union sudo_defs_val *sd_un); static bool store_timespec(const char *str, union sudo_defs_val *sd_un); +static bool store_rlimit(const char *str, union sudo_defs_val *sd_un); static bool list_op(const char *str, size_t, union sudo_defs_val *sd_un, enum list_ops op); static bool valid_path(struct sudo_defs_types *def, const char *val, const char *file, int line, int column, bool quiet); @@ -96,6 +99,7 @@ sudo_printf(SUDO_CONV_INFO_MSG, "%s\n", desc); break; case T_STR: + case T_RLIMIT: if (cur->sd_un.str) { sudo_printf(SUDO_CONV_INFO_MSG, desc, cur->sd_un.str); sudo_printf(SUDO_CONV_INFO_MSG, "\n"); @@ -206,6 +210,9 @@ int rc; debug_decl(parse_default_entry, SUDOERS_DEBUG_DEFAULTS); + if (file == NULL) + file = "front-end"; + sudo_debug_printf(SUDO_DEBUG_INFO, "%s: %s:%d:%d: %s=%s op=%d", __func__, file, line, column, def->name, val ? val : "", op); @@ -243,6 +250,20 @@ } } + /* Only lists support append/remove. */ + if ((op == '+' || op == '-') && (def->type & T_MASK) != T_LIST) { + if (!quiet) { + if (line > 0) { + sudo_warnx(U_("%s:%d:%d: invalid operator \"%c=\" for \"%s\""), + file, line, column, op, def->name); + } else { + sudo_warnx(U_("%s: invalid operator \"%c=\" for \"%s\""), + file, op, def->name); + } + } + debug_return_bool(false); + } + switch (def->type & T_MASK) { case T_LOGFAC: rc = store_syslogfac(val, &def->sd_un); @@ -297,6 +318,9 @@ case T_TIMESPEC: rc = store_timespec(val, &def->sd_un); break; + case T_RLIMIT: + rc = store_rlimit(val, &def->sd_un); + break; default: if (!quiet) { if (line > 0) { @@ -325,7 +349,7 @@ debug_return_bool(rc == true); } -struct early_default * +static struct early_default * is_early_default(const char *name) { struct early_default *early; @@ -376,7 +400,7 @@ * Like set_default() but stores the matching default value * and does not run callbacks. */ -bool +static bool set_early_default(const char *var, const char *val, int op, const char *file, int line, int column, bool quiet, struct early_default *early) { @@ -398,7 +422,7 @@ /* * Run callbacks for early defaults. */ -bool +static bool run_early_defaults(void) { struct early_default *early; @@ -420,6 +444,7 @@ { switch (type & T_MASK) { case T_STR: + case T_RLIMIT: free(sd_un->str); break; case T_LIST: @@ -436,7 +461,7 @@ bool init_defaults(void) { - static int firsttime = 1; + static bool firsttime = true; struct sudo_defs_types *def; debug_decl(init_defaults, SUDOERS_DEBUG_DEFAULTS); @@ -532,6 +557,12 @@ #ifdef HAVE_INNETGR def_use_netgroups = true; #endif +#ifdef _PATH_SUDO_ADMIN_FLAG + if ((def_admin_flag = strdup(_PATH_SUDO_ADMIN_FLAG)) == NULL) + goto oom; +#endif + if ((def_rlimit_core = strdup("0,0")) == NULL) + goto oom; def_netgroup_tuple = false; def_sudoedit_checkdir = true; def_iolog_mode = S_IRUSR|S_IWUSR; @@ -627,7 +658,7 @@ /* Init eventlog config. */ init_eventlog_config(); - firsttime = 0; + firsttime = false; debug_return_bool(true); oom: @@ -682,21 +713,20 @@ switch (d->type) { case DEFAULTS: debug_return_bool(true); - break; case DEFAULTS_USER: - if (userlist_matches(parse_tree, sudo_user.pw, d->binding) == ALLOW) + if (userlist_matches(parse_tree, sudo_user.pw, &d->binding->members) == ALLOW) debug_return_bool(true); break; case DEFAULTS_RUNAS: - if (runaslist_matches(parse_tree, d->binding, NULL, NULL, NULL) == ALLOW) + if (runaslist_matches(parse_tree, &d->binding->members, NULL, NULL, NULL) == ALLOW) debug_return_bool(true); break; case DEFAULTS_HOST: - if (hostlist_matches(parse_tree, sudo_user.pw, d->binding) == ALLOW) + if (hostlist_matches(parse_tree, sudo_user.pw, &d->binding->members) == ALLOW) debug_return_bool(true); break; case DEFAULTS_CMND: - if (cmndlist_matches(parse_tree, d->binding, NULL, NULL) == ALLOW) + if (cmndlist_matches(parse_tree, &d->binding->members, NULL, NULL) == ALLOW) debug_return_bool(true); break; } @@ -712,6 +742,7 @@ struct defaults_list *defs, int what, bool quiet) { struct defaults *d; + bool global_defaults = false; bool ret = true; debug_decl(update_defaults, SUDOERS_DEBUG_DEFAULTS); @@ -719,38 +750,45 @@ "what: 0x%02x", what); /* If no defaults list specified, use the global one in the parse tree. */ - if (defs == NULL) + if (defs == NULL) { defs = &parse_tree->defaults; + global_defaults = true; + } /* - * First apply Defaults values marked as early. + * If using the global defaults list, apply Defaults values marked as early. */ - TAILQ_FOREACH(d, defs, entries) { - struct early_default *early = is_early_default(d->var); - if (early == NULL) - continue; + if (global_defaults) { + TAILQ_FOREACH(d, defs, entries) { + struct early_default *early = is_early_default(d->var); + if (early == NULL) + continue; - /* Defaults type and binding must match. */ - if (!default_type_matches(d, what) || - !default_binding_matches(parse_tree, d, what)) - continue; + /* Defaults type and binding must match. */ + if (!default_type_matches(d, what) || + !default_binding_matches(parse_tree, d, what)) + continue; - /* Copy the value to sudo_defs_table and mark as early. */ - if (!set_early_default(d->var, d->val, d->op, d->file, d->line, - d->column, quiet, early)) + /* Copy the value to sudo_defs_table and mark as early. */ + if (!set_early_default(d->var, d->val, d->op, d->file, d->line, + d->column, quiet, early)) + ret = false; + } + + /* Run callbacks for early defaults (if any) */ + if (!run_early_defaults()) ret = false; } - /* Run callbacks for early defaults (if any) */ - if (!run_early_defaults()) - ret = false; /* - * Then set the rest of the defaults. + * Set the rest of the defaults and run their callbacks, if any. */ TAILQ_FOREACH(d, defs, entries) { - /* Skip Defaults marked as early, we already did them. */ - if (is_early_default(d->var)) - continue; + if (global_defaults) { + /* Skip Defaults marked as early, we already did them. */ + if (is_early_default(d->var)) + continue; + } /* Defaults type and binding must match. */ if (!default_type_matches(d, what) || @@ -836,12 +874,71 @@ debug_return_bool(true); } +/* Check resource limit syntax, does not save as rlim_t. */ +static bool +check_rlimit(const char *str, bool soft) +{ + const size_t inflen = sizeof("infinity") - 1; + debug_decl(check_rlimit, SUDOERS_DEBUG_DEFAULTS); + + if (isdigit((unsigned char)*str)) { + unsigned long long ullval; + char *ep; + + errno = 0; +#ifdef HAVE_STRTOULL + ullval = strtoull(str, &ep, 10); + if (str == ep || (errno == ERANGE && ullval == ULLONG_MAX)) + debug_return_bool(false); +#else + ullval = strtoul(str, &ep, 10); + if (str == ep || (errno == ERANGE && ullval == ULONG_MAX)) + debug_return_bool(false); +#endif + if (*ep == '\0' || (soft && *ep == ',')) + debug_return_bool(true); + debug_return_bool(false); + } + if (strncmp(str, "infinity", inflen) == 0) { + if (str[inflen] == '\0' || (soft && str[inflen] == ',')) + debug_return_bool(true); + } + debug_return_bool(false); +} + +static bool +store_rlimit(const char *str, union sudo_defs_val *sd_un) +{ + debug_decl(store_rlimit, SUDOERS_DEBUG_DEFAULTS); + + /* The special values "user" and "default" are not compound. */ + if (str != NULL && strcmp(str, "user") != 0 && strcmp(str, "default") != 0) { + const char *hard, *soft = str; + /* + * Expect a limit in the form "soft,hard" or "limit" (both soft+hard). + */ + hard = strchr(str, ','); + if (hard != NULL) + hard++; + else + hard = soft; + + if (!check_rlimit(soft, true)) + debug_return_bool(false); + if (!check_rlimit(hard, false)) + debug_return_bool(false); + } + + /* Store as string, front-end will parse it as a limit. */ + debug_return_bool(store_str(str, sd_un)); +} + static bool store_timespec(const char *str, union sudo_defs_val *sd_un) { struct timespec ts; char sign = '+'; - int i; + long i; debug_decl(store_timespec, SUDOERS_DEBUG_DEFAULTS); sudo_timespecclear(&ts); @@ -852,10 +949,13 @@ while (*str != '\0' && *str != '.') { if (!isdigit((unsigned char)*str)) debug_return_bool(false); /* invalid number */ - if (ts.tv_sec > TIME_T_MAX / 10) + + /* Verify (ts.tv_sec * 10) + digit <= TIME_T_MAX. */ + i = *str++ - '0'; + if (ts.tv_sec > (TIME_T_MAX - i) / 10) debug_return_bool(false); /* overflow */ ts.tv_sec *= 10; - ts.tv_sec += *str++ - '0'; + ts.tv_sec += i; } if (*str++ == '.') { /* Convert optional fractional component to nanosecs. */ @@ -1026,6 +1126,18 @@ bool ret = true; debug_decl(valid_path, SUDOERS_DEBUG_DEFAULTS); + if (strlen(val) >= PATH_MAX) { + if (!quiet) { + if (line > 0) { + sudo_warnx(U_("%s:%d:%d: path name for \"%s\" too long"), + file, line, column, def->name); + } else { + sudo_warnx(U_("%s: path name for \"%s\" too long"), + file, def->name); + } + } + ret = false; + } if (ISSET(def->type, T_CHPATH)) { if (val[0] != '/' && val[0] != '~' && (val[0] != '*' || val[1] != '\0')) { if (!quiet) { @@ -1107,3 +1219,36 @@ } debug_return_bool(true); } + +bool +append_default(const char *var, const char *val, int op, + char *source, struct defaults_list *defs) +{ + struct defaults *def; + debug_decl(append_default, SUDOERS_DEBUG_DEFAULTS); + + if ((def = calloc(1, sizeof(*def))) == NULL) + goto oom; + + def->type = DEFAULTS; + def->op = op; + if ((def->var = strdup(var)) == NULL) { + goto oom; + } + if (val != NULL) { + if ((def->val = strdup(val)) == NULL) + goto oom; + } + def->file = source; + sudo_rcstr_addref(source); + TAILQ_INSERT_TAIL(defs, def, entries); + debug_return_bool(true); + +oom: + if (def != NULL) { + free(def->var); + free(def->val); + free(def); + } + debug_return_bool(false); +} diff -Nru sudo-1.9.5p2/plugins/sudoers/defaults.h sudo-1.9.9/plugins/sudoers/defaults.h --- sudo-1.9.5p2/plugins/sudoers/defaults.h 2020-12-17 01:33:43.000000000 +0000 +++ sudo-1.9.9/plugins/sudoers/defaults.h 2022-01-27 21:24:22.000000000 +0000 @@ -104,7 +104,9 @@ #undef T_TIMESPEC #define T_TIMESPEC 0x010 #undef T_TIMEOUT -#define T_TIMEOUT 0x020 +#define T_TIMEOUT 0x011 +#undef T_RLIMIT +#define T_RLIMIT 0x012 #undef T_MASK #define T_MASK 0x0FF #undef T_BOOL @@ -131,12 +133,10 @@ struct sudoers_parse_tree; void dump_default(void); bool init_defaults(void); -struct early_default *is_early_default(const char *name); -bool run_early_defaults(void); -bool set_early_default(const char *var, const char *val, int op, const char *file, int line, int column, bool quiet, struct early_default *early); bool set_default(const char *var, const char *val, int op, const char *file, int line, int column, bool quiet); bool update_defaults(struct sudoers_parse_tree *parse_tree, struct defaults_list *defs, int what, bool quiet); bool check_defaults(struct sudoers_parse_tree *parse_tree, bool quiet); +bool append_default(const char *var, const char *val, int op, char *source, struct defaults_list *defs); extern struct sudo_defs_types sudo_defs_table[]; diff -Nru sudo-1.9.5p2/plugins/sudoers/editor.c sudo-1.9.9/plugins/sudoers/editor.c --- sudo-1.9.5p2/plugins/sudoers/editor.c 2021-01-09 20:12:16.000000000 +0000 +++ sudo-1.9.9/plugins/sudoers/editor.c 2022-01-27 21:24:22.000000000 +0000 @@ -41,7 +41,7 @@ wordsplit(const char *str, const char *endstr, const char **last) { const char *cp; - debug_decl(wordsplit, SUDO_DEBUG_UTIL); + debug_decl(wordsplit, SUDOERS_DEBUG_UTIL); /* If no str specified, use last ptr (if any). */ if (str == NULL) { @@ -63,16 +63,22 @@ /* If word is quoted, skip to end quote and return. */ if (*str == '"' || *str == '\'') { - const char *endquote = memchr(str + 1, *str, endstr - str); - if (endquote != NULL) { - *last = endquote; - debug_return_const_ptr(str + 1); + const char *endquote; + for (cp = str + 1; cp < endstr; cp = endquote + 1) { + endquote = memchr(cp, *str, endstr - cp); + if (endquote == NULL) + break; + /* ignore escaped quotes */ + if (endquote[-1] != '\\') { + *last = endquote; + debug_return_const_ptr(str + 1); + } } } /* Scan str until we encounter white space. */ for (cp = str; cp < endstr; cp++) { - if (*cp == '\\') { + if (cp[0] == '\\' && cp[1] != '\0') { /* quoted char, do not interpret */ cp++; continue; @@ -95,8 +101,9 @@ debug_decl(copy_arg, SUDOERS_DEBUG_UTIL); if ((copy = malloc(len + 1)) != NULL) { + sudoers_gc_add(GC_PTR, copy); for (dst = copy; src < src_end; ) { - if (*src == '\\') { + if (src[0] == '\\' && src[1] != '\0') { src++; continue; } @@ -144,6 +151,7 @@ /* If we can't find the editor in the user's PATH, give up. */ if (find_path(editor, &editor_path, &user_editor_sb, getenv("PATH"), NULL, 0, allowlist) != FOUND) { + sudoers_gc_remove(GC_PTR, editor); free(editor); errno = ENOENT; debug_return_str(NULL); @@ -157,6 +165,7 @@ nargv = reallocarray(NULL, nargc + 1, sizeof(char *)); if (nargv == NULL) goto oom; + sudoers_gc_add(GC_PTR, nargv); /* Fill in editor argv (assumes files[] is NULL-terminated). */ nargv[0] = editor; @@ -179,11 +188,15 @@ debug_return_str(editor_path); oom: sudo_warnx(U_("%s: %s"), __func__, U_("unable to allocate memory")); + sudoers_gc_remove(GC_PTR, editor); free(editor); free(editor_path); if (nargv != NULL) { - while (nargc--) + while (nargc--) { + sudoers_gc_remove(GC_PTR, nargv[nargc]); free(nargv[nargc]); + } + sudoers_gc_remove(GC_PTR, nargv); free(nargv); } debug_return_str(NULL); @@ -192,8 +205,6 @@ /* * Determine which editor to use based on the SUDO_EDITOR, VISUAL and * EDITOR environment variables as well as the editor path in sudoers. - * If env_error is true, an editor environment variable that cannot be - * resolved is an error. * * Returns the path to be executed on success, else NULL. * The caller is responsible for freeing the returned editor path @@ -201,7 +212,7 @@ */ char * find_editor(int nfiles, char **files, int *argc_out, char ***argv_out, - char * const *allowlist, const char **env_editor, bool env_error) + char * const *allowlist, const char **env_editor) { char *ev[3], *editor_path = NULL; unsigned int i; @@ -227,15 +238,16 @@ debug_return_str(NULL); } } + + /* + * If SUDO_EDITOR, VISUAL and EDITOR were either not set or not + * allowed (based on the values of def_editor and def_env_editor), + * choose the first one in def_editor that exists. + */ if (editor_path == NULL) { const char *def_editor_end = def_editor + strlen(def_editor); const char *cp, *ep; - if (env_error && *env_editor != NULL) { - /* User-specified editor could not be found. */ - debug_return_str(NULL); - } - /* def_editor could be a path, split it up, avoiding strtok() */ for (cp = sudo_strsplit(def_editor, def_editor_end, ":", &ep); cp != NULL; cp = sudo_strsplit(NULL, def_editor_end, ":", &ep)) { @@ -248,5 +260,6 @@ } } + /* Caller is responsible for freeing editor_path, not g/c'd. */ debug_return_str(editor_path); } diff -Nru sudo-1.9.5p2/plugins/sudoers/env.c sudo-1.9.9/plugins/sudoers/env.c --- sudo-1.9.5p2/plugins/sudoers/env.c 2020-12-17 01:33:43.000000000 +0000 +++ sudo-1.9.9/plugins/sudoers/env.c 2022-01-27 21:24:06.000000000 +0000 @@ -239,6 +239,7 @@ if (envp == NULL) { /* Free the old envp we allocated, if any. */ + sudoers_gc_remove(GC_PTR, env.old_envp); free(env.old_envp); /* Reset to initial state but keep a pointer to what we allocated. */ @@ -261,6 +262,7 @@ sudo_warnx(U_("%s: %s"), __func__, U_("unable to allocate memory")); debug_return_bool(false); } + sudoers_gc_add(GC_PTR, env.envp); #ifdef ENV_DEBUG memset(env.envp, 0, env.env_size * sizeof(char *)); #endif @@ -268,6 +270,7 @@ env.envp[len] = NULL; /* Free the old envp we allocated, if any. */ + sudoers_gc_remove(GC_PTR, env.old_envp); free(env.old_envp); env.old_envp = NULL; } @@ -307,7 +310,7 @@ * Will only overwrite an existing variable if overwrite is set. * Does not include warnings or debugging to avoid recursive calls. */ -static int +int sudo_putenv_nodebug(char *str, bool dupcheck, bool overwrite) { char **ep; @@ -332,9 +335,13 @@ errno = EOVERFLOW; return -1; } + sudoers_gc_remove(GC_PTR, env.envp); nenvp = reallocarray(env.envp, nsize, sizeof(char *)); - if (nenvp == NULL) + if (nenvp == NULL) { + sudoers_gc_add(GC_PTR, env.envp); return -1; + } + sudoers_gc_add(GC_PTR, nenvp); env.envp = nenvp; env.env_size = nsize; #ifdef ENV_DEBUG @@ -456,59 +463,10 @@ } /* - * Similar to setenv(3) but operates on a private copy of the environment. - * Does not include warnings or debugging to avoid recursive calls. - */ -static int -sudo_setenv_nodebug(const char *var, const char *val, int overwrite) -{ - char *ep, *estring = NULL; - const char *cp; - size_t esize; - int ret = -1; - - if (var == NULL || *var == '\0') { - errno = EINVAL; - goto done; - } - - /* - * POSIX says a var name with '=' is an error but BSD - * just ignores the '=' and anything after it. - */ - for (cp = var; *cp && *cp != '='; cp++) - continue; - esize = (size_t)(cp - var) + 2; - if (val) { - esize += strlen(val); /* glibc treats a NULL val as "" */ - } - - /* Allocate and fill in estring. */ - if ((estring = ep = malloc(esize)) == NULL) - goto done; - for (cp = var; *cp && *cp != '='; cp++) - *ep++ = *cp; - *ep++ = '='; - if (val) { - for (cp = val; *cp; cp++) - *ep++ = *cp; - } - *ep = '\0'; - - ret = sudo_putenv_nodebug(estring, true, overwrite); -done: - if (ret == -1) - free(estring); - else - sudoers_gc_add(GC_PTR, estring); - return ret; -} - -/* * Similar to unsetenv(3) but operates on a private copy of the environment. * Does not include warnings or debugging to avoid recursive calls. */ -static int +int sudo_unsetenv_nodebug(const char *var) { char **ep = env.envp; @@ -555,7 +513,7 @@ * Similar to getenv(3) but operates on a private copy of the environment. * Does not include warnings or debugging to avoid recursive calls. */ -static char * +char * sudo_getenv_nodebug(const char *name) { char **ep, *val = NULL; @@ -893,6 +851,7 @@ didvar = 0; env.env_len = 0; env.env_size = 128; + sudoers_gc_remove(GC_PTR, env.old_envp); free(env.old_envp); env.old_envp = env.envp; env.envp = reallocarray(NULL, env.env_size, sizeof(char *)); @@ -902,6 +861,7 @@ env.env_size = 0; goto bad; } + sudoers_gc_add(GC_PTR, env.envp); #ifdef ENV_DEBUG memset(env.envp, 0, env.env_size * sizeof(char *)); #else @@ -1434,73 +1394,3 @@ } debug_return_bool(true); } - -int -sudoers_hook_getenv(const char *name, char **value, void *closure) -{ - static bool in_progress = false; /* avoid recursion */ - - if (in_progress || env.envp == NULL) - return SUDO_HOOK_RET_NEXT; - - in_progress = true; - - /* Hack to make GNU gettext() find the sudoers locale when needed. */ - if (*name == 'L' && sudoers_getlocale() == SUDOERS_LOCALE_SUDOERS) { - if (strcmp(name, "LANGUAGE") == 0 || strcmp(name, "LANG") == 0) { - *value = NULL; - goto done; - } - if (strcmp(name, "LC_ALL") == 0 || strcmp(name, "LC_MESSAGES") == 0) { - *value = def_sudoers_locale; - goto done; - } - } - - *value = sudo_getenv_nodebug(name); -done: - in_progress = false; - return SUDO_HOOK_RET_STOP; -} - -int -sudoers_hook_putenv(char *string, void *closure) -{ - static bool in_progress = false; /* avoid recursion */ - - if (in_progress || env.envp == NULL) - return SUDO_HOOK_RET_NEXT; - - in_progress = true; - sudo_putenv_nodebug(string, true, true); - in_progress = false; - return SUDO_HOOK_RET_STOP; -} - -int -sudoers_hook_setenv(const char *name, const char *value, int overwrite, void *closure) -{ - static bool in_progress = false; /* avoid recursion */ - - if (in_progress || env.envp == NULL) - return SUDO_HOOK_RET_NEXT; - - in_progress = true; - sudo_setenv_nodebug(name, value, overwrite); - in_progress = false; - return SUDO_HOOK_RET_STOP; -} - -int -sudoers_hook_unsetenv(const char *name, void *closure) -{ - static bool in_progress = false; /* avoid recursion */ - - if (in_progress || env.envp == NULL) - return SUDO_HOOK_RET_NEXT; - - in_progress = true; - sudo_unsetenv_nodebug(name); - in_progress = false; - return SUDO_HOOK_RET_STOP; -} diff -Nru sudo-1.9.5p2/plugins/sudoers/exptilde.c sudo-1.9.9/plugins/sudoers/exptilde.c --- sudo-1.9.5p2/plugins/sudoers/exptilde.c 2020-12-17 01:33:43.000000000 +0000 +++ sudo-1.9.9/plugins/sudoers/exptilde.c 2022-01-27 21:24:06.000000000 +0000 @@ -82,11 +82,11 @@ *slash = '/'; if (pw == NULL) { /* Unknown user. */ - sudo_warnx(U_("unknown user: %s"), user); + sudo_warnx(U_("unknown user %s"), user); debug_return_bool(false); } - len = asprintf(&npath, "%s%s%s", pw->pw_dir, slash ? "/" : "", opath); + len = asprintf(&npath, "%s%s%s", pw->pw_dir, *opath ? "/" : "", opath); sudo_pw_delref(pw); if (len == -1) { sudo_warnx(U_("%s: %s"), __func__, U_("unable to allocate memory")); diff -Nru sudo-1.9.5p2/plugins/sudoers/file.c sudo-1.9.9/plugins/sudoers/file.c --- sudo-1.9.5p2/plugins/sudoers/file.c 2020-12-17 01:33:44.000000000 +0000 +++ sudo-1.9.9/plugins/sudoers/file.c 2022-01-27 21:24:06.000000000 +0000 @@ -60,6 +60,7 @@ debug_decl(sudo_file_open, SUDOERS_DEBUG_NSS); struct sudo_file_handle *handle; + /* Note: relies on defaults being initialized early. */ if (def_ignore_local_sudoers) debug_return_int(-1); diff -Nru sudo-1.9.5p2/plugins/sudoers/find_path.c sudo-1.9.9/plugins/sudoers/find_path.c --- sudo-1.9.5p2/plugins/sudoers/find_path.c 2020-12-17 01:33:43.000000000 +0000 +++ sudo-1.9.9/plugins/sudoers/find_path.c 2022-01-27 21:24:06.000000000 +0000 @@ -57,18 +57,13 @@ debug_return_bool(true); /* nothing to check */ /* We compare the base names to avoid excessive stat()ing. */ - if ((cmnd_base = strrchr(cmnd, '/')) == NULL) - debug_return_bool(false); /* can't happen */ - cmnd_base++; + cmnd_base = sudo_basename(cmnd); for (al = allowlist; *al != NULL; al++) { const char *base, *path = *al; struct stat sb; - if ((base = strrchr(path, '/')) == NULL) - continue; /* XXX - warn? */ - base++; - + base = sudo_basename(path); if (strcmp(cmnd_base, base) != 0) continue; @@ -102,6 +97,9 @@ int len; debug_decl(find_path, SUDOERS_DEBUG_UTIL); + sudo_debug_printf(SUDO_DEBUG_INFO|SUDO_DEBUG_LINENO, + "resolving %s", infile); + /* * If we were given a fully qualified or relative path * there is no need to look at $PATH. @@ -164,6 +162,8 @@ done: if (found) { + sudo_debug_printf(SUDO_DEBUG_INFO|SUDO_DEBUG_LINENO, + "found %s", command); if ((*outfile = strdup(command)) == NULL) debug_return_int(NOT_FOUND_ERROR); debug_return_int(FOUND); diff -Nru sudo-1.9.5p2/plugins/sudoers/fmtsudoers.c sudo-1.9.9/plugins/sudoers/fmtsudoers.c --- sudo-1.9.5p2/plugins/sudoers/fmtsudoers.c 2021-01-09 20:12:16.000000000 +0000 +++ sudo-1.9.9/plugins/sudoers/fmtsudoers.c 2022-01-27 21:24:22.000000000 +0000 @@ -1,7 +1,7 @@ /* * SPDX-License-Identifier: ISC * - * Copyright (c) 2004-2005, 2007-2020 Todd C. Miller + * Copyright (c) 2004-2005, 2007-2021 Todd C. Miller * * Permission to use, copy, modify, and distribute this software for any * purpose with or without fee is hereby granted, provided that the above @@ -152,6 +152,8 @@ tags->log_output = op == true; } else if (strcmp(var, "noexec") == 0) { tags->noexec = op == true; + } else if (strcmp(var, "intercept") == 0) { + tags->intercept = op == true; } else if (strcmp(var, "setenv") == 0) { tags->setenv = op == true; } else if (strcmp(var, "mail_all_cmnds") == 0 || @@ -238,19 +240,27 @@ sudo_lbuf_append(lbuf, "TIMEOUT=%s ", numbuf); } if (cs->notbefore != UNSPEC && FIELD_CHANGED(prev_cs, cs, notbefore)) { - char buf[sizeof("CCYYMMDDHHMMSSZ")]; - struct tm *tm = gmtime(&cs->notbefore); - if (strftime(buf, sizeof(buf), "%Y%m%d%H%M%SZ", tm) != 0) - sudo_lbuf_append(lbuf, "NOTBEFORE=%s ", buf); + char buf[sizeof("CCYYMMDDHHMMSSZ")] = ""; + struct tm gmt; + if (gmtime_r(&cs->notbefore, &gmt) != NULL) { + int len = strftime(buf, sizeof(buf), "%Y%m%d%H%M%SZ", &gmt); + if (len != 0 && buf[sizeof(buf) - 1] == '\0') + sudo_lbuf_append(lbuf, "NOTBEFORE=%s ", buf); + } } if (cs->notafter != UNSPEC && FIELD_CHANGED(prev_cs, cs, notafter)) { - char buf[sizeof("CCYYMMDDHHMMSSZ")]; - struct tm *tm = gmtime(&cs->notafter); - if (strftime(buf, sizeof(buf), "%Y%m%d%H%M%SZ", tm) != 0) - sudo_lbuf_append(lbuf, "NOTAFTER=%s ", buf); + char buf[sizeof("CCYYMMDDHHMMSSZ")] = ""; + struct tm gmt; + if (gmtime_r(&cs->notafter, &gmt) != NULL) { + int len = strftime(buf, sizeof(buf), "%Y%m%d%H%M%SZ", &gmt); + if (len != 0 && buf[sizeof(buf) - 1] == '\0') + sudo_lbuf_append(lbuf, "NOTAFTER=%s ", buf); + } } if (TAG_CHANGED(prev_cs, cs, tags, setenv)) sudo_lbuf_append(lbuf, tags.setenv ? "SETENV: " : "NOSETENV: "); + if (TAG_CHANGED(prev_cs, cs, tags, intercept)) + sudo_lbuf_append(lbuf, tags.intercept ? "INTERCEPT: " : "NOINTERCEPT: "); if (TAG_CHANGED(prev_cs, cs, tags, noexec)) sudo_lbuf_append(lbuf, tags.noexec ? "NOEXEC: " : "EXEC: "); if (TAG_CHANGED(prev_cs, cs, tags, nopasswd)) @@ -269,130 +279,6 @@ } /* - * Write a privilege to lbuf in sudoers format. - */ -bool -sudoers_format_privilege(struct sudo_lbuf *lbuf, - struct sudoers_parse_tree *parse_tree, struct privilege *priv, - bool expand_aliases) -{ - struct cmndspec *cs, *prev_cs; - struct cmndtag tags; - struct member *m; - debug_decl(sudoers_format_privilege, SUDOERS_DEBUG_UTIL); - - /* Convert per-privilege defaults to tags. */ - sudoers_defaults_list_to_tags(&priv->defaults, &tags); - - /* Print hosts list. */ - TAILQ_FOREACH(m, &priv->hostlist, entries) { - if (m != TAILQ_FIRST(&priv->hostlist)) - sudo_lbuf_append(lbuf, ", "); - sudoers_format_member(lbuf, parse_tree, m, ", ", - expand_aliases ? HOSTALIAS : UNSPEC); - } - - /* Print commands. */ - sudo_lbuf_append(lbuf, " = "); - prev_cs = NULL; - TAILQ_FOREACH(cs, &priv->cmndlist, entries) { - if (prev_cs == NULL || RUNAS_CHANGED(cs, prev_cs)) { - if (cs != TAILQ_FIRST(&priv->cmndlist)) - sudo_lbuf_append(lbuf, ", "); - if (cs->runasuserlist != NULL || cs->runasgrouplist != NULL) - sudo_lbuf_append(lbuf, "("); - if (cs->runasuserlist != NULL) { - TAILQ_FOREACH(m, cs->runasuserlist, entries) { - if (m != TAILQ_FIRST(cs->runasuserlist)) - sudo_lbuf_append(lbuf, ", "); - sudoers_format_member(lbuf, parse_tree, m, ", ", - expand_aliases ? RUNASALIAS : UNSPEC); - } - } - if (cs->runasgrouplist != NULL) { - sudo_lbuf_append(lbuf, " : "); - TAILQ_FOREACH(m, cs->runasgrouplist, entries) { - if (m != TAILQ_FIRST(cs->runasgrouplist)) - sudo_lbuf_append(lbuf, ", "); - sudoers_format_member(lbuf, parse_tree, m, ", ", - expand_aliases ? RUNASALIAS : UNSPEC); - } - } - if (cs->runasuserlist != NULL || cs->runasgrouplist != NULL) - sudo_lbuf_append(lbuf, ") "); - } else if (cs != TAILQ_FIRST(&priv->cmndlist)) { - sudo_lbuf_append(lbuf, ", "); - } - sudoers_format_cmndspec(lbuf, parse_tree, cs, prev_cs, tags, - expand_aliases); - prev_cs = cs; - } - - debug_return_bool(!sudo_lbuf_error(lbuf)); -} - -/* - * Write a userspec to lbuf in sudoers format. - */ -bool -sudoers_format_userspec(struct sudo_lbuf *lbuf, - struct sudoers_parse_tree *parse_tree, - struct userspec *us, bool expand_aliases) -{ - struct privilege *priv; - struct sudoers_comment *comment; - struct member *m; - debug_decl(sudoers_format_userspec, SUDOERS_DEBUG_UTIL); - - /* Print comments (if any). */ - STAILQ_FOREACH(comment, &us->comments, entries) { - sudo_lbuf_append(lbuf, "# %s\n", comment->str); - } - - /* Print users list. */ - TAILQ_FOREACH(m, &us->users, entries) { - if (m != TAILQ_FIRST(&us->users)) - sudo_lbuf_append(lbuf, ", "); - sudoers_format_member(lbuf, parse_tree, m, ", ", - expand_aliases ? USERALIAS : UNSPEC); - } - - TAILQ_FOREACH(priv, &us->privileges, entries) { - if (priv != TAILQ_FIRST(&us->privileges)) - sudo_lbuf_append(lbuf, " : "); - else - sudo_lbuf_append(lbuf, " "); - if (!sudoers_format_privilege(lbuf, parse_tree, priv, expand_aliases)) - break; - } - sudo_lbuf_append(lbuf, "\n"); - - debug_return_bool(!sudo_lbuf_error(lbuf)); -} - -/* - * Write a userspec_list to lbuf in sudoers format. - */ -bool -sudoers_format_userspecs(struct sudo_lbuf *lbuf, - struct sudoers_parse_tree *parse_tree, const char *separator, - bool expand_aliases, bool flush) -{ - struct userspec *us; - debug_decl(sudoers_format_userspecs, SUDOERS_DEBUG_UTIL); - - TAILQ_FOREACH(us, &parse_tree->userspecs, entries) { - if (separator != NULL && us != TAILQ_FIRST(&parse_tree->userspecs)) - sudo_lbuf_append(lbuf, "%s", separator); - if (!sudoers_format_userspec(lbuf, parse_tree, us, expand_aliases)) - break; - sudo_lbuf_print(lbuf); - } - - debug_return_bool(!sudo_lbuf_error(lbuf)); -} - -/* * Format and append a defaults entry to the specified lbuf. */ bool @@ -414,65 +300,3 @@ } debug_return_bool(!sudo_lbuf_error(lbuf)); } - -/* - * Format and append a defaults line to the specified lbuf. - * If next, is specified, it must point to the next defaults - * entry in the list; this is used to print multiple defaults - * entries with the same binding on a single line. - */ -bool -sudoers_format_default_line( struct sudo_lbuf *lbuf, - struct sudoers_parse_tree *parse_tree, struct defaults *d, - struct defaults **next, bool expand_aliases) -{ - struct member *m; - int alias_type; - debug_decl(sudoers_format_default_line, SUDOERS_DEBUG_UTIL); - - /* Print Defaults type and binding (if present) */ - switch (d->type) { - case DEFAULTS_HOST: - sudo_lbuf_append(lbuf, "Defaults@"); - alias_type = expand_aliases ? HOSTALIAS : UNSPEC; - break; - case DEFAULTS_USER: - sudo_lbuf_append(lbuf, "Defaults:"); - alias_type = expand_aliases ? USERALIAS : UNSPEC; - break; - case DEFAULTS_RUNAS: - sudo_lbuf_append(lbuf, "Defaults>"); - alias_type = expand_aliases ? RUNASALIAS : UNSPEC; - break; - case DEFAULTS_CMND: - sudo_lbuf_append(lbuf, "Defaults!"); - alias_type = expand_aliases ? CMNDALIAS : UNSPEC; - break; - default: - sudo_lbuf_append(lbuf, "Defaults"); - alias_type = UNSPEC; - break; - } - TAILQ_FOREACH(m, d->binding, entries) { - if (m != TAILQ_FIRST(d->binding)) - sudo_lbuf_append(lbuf, ", "); - sudoers_format_member(lbuf, parse_tree, m, ", ", alias_type); - } - - sudo_lbuf_append(lbuf, " "); - sudoers_format_default(lbuf, d); - - if (next != NULL) { - /* Merge Defaults with the same binding, there may be multiple. */ - struct defaults *n; - while ((n = TAILQ_NEXT(d, entries)) && d->binding == n->binding) { - sudo_lbuf_append(lbuf, ", "); - sudoers_format_default(lbuf, n); - d = n; - } - *next = n; - } - sudo_lbuf_append(lbuf, "\n"); - - debug_return_bool(!sudo_lbuf_error(lbuf)); -} diff -Nru sudo-1.9.5p2/plugins/sudoers/fmtsudoers_cvt.c sudo-1.9.9/plugins/sudoers/fmtsudoers_cvt.c --- sudo-1.9.5p2/plugins/sudoers/fmtsudoers_cvt.c 1970-01-01 00:00:00.000000000 +0000 +++ sudo-1.9.9/plugins/sudoers/fmtsudoers_cvt.c 2022-01-27 21:24:22.000000000 +0000 @@ -0,0 +1,219 @@ +/* + * SPDX-License-Identifier: ISC + * + * Copyright (c) 2004-2005, 2007-2020 Todd C. Miller + * + * Permission to use, copy, modify, and distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR + * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN + * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF + * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + */ + +/* + * This is an open source non-commercial project. Dear PVS-Studio, please check it. + * PVS-Studio Static Code Analyzer for C, C++ and C#: http://www.viva64.com + */ + +#include + +#include +#include +#include +#include + +#include "sudoers.h" +#include "sudo_lbuf.h" +#include + +/* + * Write a privilege to lbuf in sudoers format. + */ +bool +sudoers_format_privilege(struct sudo_lbuf *lbuf, + struct sudoers_parse_tree *parse_tree, struct privilege *priv, + bool expand_aliases) +{ + struct cmndspec *cs, *prev_cs; + struct cmndtag tags; + struct member *m; + debug_decl(sudoers_format_privilege, SUDOERS_DEBUG_UTIL); + + /* Convert per-privilege defaults to tags. */ + sudoers_defaults_list_to_tags(&priv->defaults, &tags); + + /* Print hosts list. */ + TAILQ_FOREACH(m, &priv->hostlist, entries) { + if (m != TAILQ_FIRST(&priv->hostlist)) + sudo_lbuf_append(lbuf, ", "); + sudoers_format_member(lbuf, parse_tree, m, ", ", + expand_aliases ? HOSTALIAS : UNSPEC); + } + + /* Print commands. */ + sudo_lbuf_append(lbuf, " = "); + prev_cs = NULL; + TAILQ_FOREACH(cs, &priv->cmndlist, entries) { + if (prev_cs == NULL || RUNAS_CHANGED(cs, prev_cs)) { + if (cs != TAILQ_FIRST(&priv->cmndlist)) + sudo_lbuf_append(lbuf, ", "); + if (cs->runasuserlist != NULL || cs->runasgrouplist != NULL) + sudo_lbuf_append(lbuf, "("); + if (cs->runasuserlist != NULL) { + TAILQ_FOREACH(m, cs->runasuserlist, entries) { + if (m != TAILQ_FIRST(cs->runasuserlist)) + sudo_lbuf_append(lbuf, ", "); + sudoers_format_member(lbuf, parse_tree, m, ", ", + expand_aliases ? RUNASALIAS : UNSPEC); + } + } + if (cs->runasgrouplist != NULL) { + sudo_lbuf_append(lbuf, " : "); + TAILQ_FOREACH(m, cs->runasgrouplist, entries) { + if (m != TAILQ_FIRST(cs->runasgrouplist)) + sudo_lbuf_append(lbuf, ", "); + sudoers_format_member(lbuf, parse_tree, m, ", ", + expand_aliases ? RUNASALIAS : UNSPEC); + } + } + if (cs->runasuserlist != NULL || cs->runasgrouplist != NULL) + sudo_lbuf_append(lbuf, ") "); + } else if (cs != TAILQ_FIRST(&priv->cmndlist)) { + sudo_lbuf_append(lbuf, ", "); + } + sudoers_format_cmndspec(lbuf, parse_tree, cs, prev_cs, tags, + expand_aliases); + prev_cs = cs; + } + + debug_return_bool(!sudo_lbuf_error(lbuf)); +} + +/* + * Write a userspec to lbuf in sudoers format. + */ +bool +sudoers_format_userspec(struct sudo_lbuf *lbuf, + struct sudoers_parse_tree *parse_tree, + struct userspec *us, bool expand_aliases) +{ + struct privilege *priv; + struct sudoers_comment *comment; + struct member *m; + debug_decl(sudoers_format_userspec, SUDOERS_DEBUG_UTIL); + + /* Print comments (if any). */ + STAILQ_FOREACH(comment, &us->comments, entries) { + sudo_lbuf_append(lbuf, "# %s\n", comment->str); + } + + /* Print users list. */ + TAILQ_FOREACH(m, &us->users, entries) { + if (m != TAILQ_FIRST(&us->users)) + sudo_lbuf_append(lbuf, ", "); + sudoers_format_member(lbuf, parse_tree, m, ", ", + expand_aliases ? USERALIAS : UNSPEC); + } + + TAILQ_FOREACH(priv, &us->privileges, entries) { + if (priv != TAILQ_FIRST(&us->privileges)) + sudo_lbuf_append(lbuf, " : "); + else + sudo_lbuf_append(lbuf, " "); + if (!sudoers_format_privilege(lbuf, parse_tree, priv, expand_aliases)) + break; + } + sudo_lbuf_append(lbuf, "\n"); + + debug_return_bool(!sudo_lbuf_error(lbuf)); +} + +/* + * Write a userspec_list to lbuf in sudoers format. + */ +bool +sudoers_format_userspecs(struct sudo_lbuf *lbuf, + struct sudoers_parse_tree *parse_tree, const char *separator, + bool expand_aliases, bool flush) +{ + struct userspec *us; + debug_decl(sudoers_format_userspecs, SUDOERS_DEBUG_UTIL); + + TAILQ_FOREACH(us, &parse_tree->userspecs, entries) { + if (separator != NULL && us != TAILQ_FIRST(&parse_tree->userspecs)) + sudo_lbuf_append(lbuf, "%s", separator); + if (!sudoers_format_userspec(lbuf, parse_tree, us, expand_aliases)) + break; + sudo_lbuf_print(lbuf); + } + + debug_return_bool(!sudo_lbuf_error(lbuf)); +} + +/* + * Format and append a defaults line to the specified lbuf. + * If next, is specified, it must point to the next defaults + * entry in the list; this is used to print multiple defaults + * entries with the same binding on a single line. + */ +bool +sudoers_format_default_line(struct sudo_lbuf *lbuf, + struct sudoers_parse_tree *parse_tree, struct defaults *d, + struct defaults **next, bool expand_aliases) +{ + struct member *m; + int alias_type; + debug_decl(sudoers_format_default_line, SUDOERS_DEBUG_UTIL); + + /* Print Defaults type and binding (if present) */ + switch (d->type) { + case DEFAULTS_HOST: + sudo_lbuf_append(lbuf, "Defaults@"); + alias_type = expand_aliases ? HOSTALIAS : UNSPEC; + break; + case DEFAULTS_USER: + sudo_lbuf_append(lbuf, "Defaults:"); + alias_type = expand_aliases ? USERALIAS : UNSPEC; + break; + case DEFAULTS_RUNAS: + sudo_lbuf_append(lbuf, "Defaults>"); + alias_type = expand_aliases ? RUNASALIAS : UNSPEC; + break; + case DEFAULTS_CMND: + sudo_lbuf_append(lbuf, "Defaults!"); + alias_type = expand_aliases ? CMNDALIAS : UNSPEC; + break; + default: + sudo_lbuf_append(lbuf, "Defaults"); + alias_type = UNSPEC; + break; + } + TAILQ_FOREACH(m, &d->binding->members, entries) { + if (m != TAILQ_FIRST(&d->binding->members)) + sudo_lbuf_append(lbuf, ", "); + sudoers_format_member(lbuf, parse_tree, m, ", ", alias_type); + } + + sudo_lbuf_append(lbuf, " "); + sudoers_format_default(lbuf, d); + + if (next != NULL) { + /* Merge Defaults with the same binding, there may be multiple. */ + struct defaults *n; + while ((n = TAILQ_NEXT(d, entries)) && d->binding == n->binding) { + sudo_lbuf_append(lbuf, ", "); + sudoers_format_default(lbuf, n); + d = n; + } + *next = n; + } + sudo_lbuf_append(lbuf, "\n"); + + debug_return_bool(!sudo_lbuf_error(lbuf)); +} diff -Nru sudo-1.9.5p2/plugins/sudoers/gc.c sudo-1.9.9/plugins/sudoers/gc.c --- sudo-1.9.5p2/plugins/sudoers/gc.c 2020-12-17 01:33:44.000000000 +0000 +++ sudo-1.9.9/plugins/sudoers/gc.c 2022-01-27 21:24:06.000000000 +0000 @@ -24,6 +24,7 @@ #include #include +#include #include "sudoers.h" @@ -83,6 +84,9 @@ struct sudoers_gc_entry *gc, *prev = NULL; debug_decl(sudoers_gc_remove, SUDOERS_DEBUG_UTIL); + if (v == NULL) + debug_return_bool(false); + SLIST_FOREACH(gc, &sudoers_gc_list, entries) { switch (gc->type) { case GC_PTR: @@ -98,28 +102,36 @@ } prev = gc; } - return false; + /* If this happens, there is a bug in the g/c code. */ + sudo_warnx("%s: unable to find %p, type %d", __func__, v, type); +#ifdef FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION + abort(); +#else + debug_return_bool(false); +#endif found: if (prev == NULL) SLIST_REMOVE_HEAD(&sudoers_gc_list, entries); else SLIST_REMOVE_AFTER(prev, entries); - return true; + free(gc); + + debug_return_bool(true); #else - return false; + return true; #endif /* NO_LEAKS */ } -#ifdef NO_LEAKS -static void +void sudoers_gc_run(void) { +#ifdef NO_LEAKS struct sudoers_gc_entry *gc; char **cur; debug_decl(sudoers_gc_run, SUDOERS_DEBUG_UTIL); /* Collect garbage. */ - while ((gc = SLIST_FIRST(&sudoers_gc_list))) { + while ((gc = SLIST_FIRST(&sudoers_gc_list)) != NULL) { SLIST_REMOVE_HEAD(&sudoers_gc_list, entries); switch (gc->type) { case GC_PTR: @@ -138,9 +150,10 @@ } debug_return; -} #endif /* NO_LEAKS */ +} +#ifndef notyet void sudoers_gc_init(void) { @@ -148,3 +161,4 @@ atexit(sudoers_gc_run); #endif } +#endif diff -Nru sudo-1.9.5p2/plugins/sudoers/gentime.c sudo-1.9.9/plugins/sudoers/gentime.c --- sudo-1.9.5p2/plugins/sudoers/gentime.c 2020-12-17 01:33:43.000000000 +0000 +++ sudo-1.9.9/plugins/sudoers/gentime.c 2022-01-27 21:24:22.000000000 +0000 @@ -1,7 +1,7 @@ /* * SPDX-License-Identifier: ISC * - * Copyright (c) 2017 Todd C. Miller + * Copyright (c) 2017, 2021 Todd C. Miller * * Permission to use, copy, modify, and distribute this software for any * purpose with or without fee is hereby granted, provided that the above @@ -38,6 +38,11 @@ #include "sudoers_debug.h" #include "parse.h" +/* Since timegm() is only used in one place we keep the macro local. */ +#ifndef HAVE_TIMEGM +# define timegm(_t) sudo_timegm(_t) +#endif + /* * Parse a timestamp in Generalized Time format as per RFC4517. * E.g. yyyymmddHHMMSS.FZ or yyyymmddHHMMSS.F[+-]TZOFF @@ -47,7 +52,7 @@ time_t parse_gentime(const char *timestr) { - char tcopy[sizeof("yyyymmddHHMMSS.F")]; + char tcopy[sizeof("yyyymmddHHMMSS")]; const char *cp; time_t result; struct tm tm; @@ -56,9 +61,9 @@ bool islocal = false; debug_decl(parse_gentime, SUDOERS_DEBUG_PARSER); - /* Make a copy of the time without time zone for easy parsing. */ - len = strspn(timestr, "0123456789.,"); - if (len >= sizeof(tcopy)) { + /* Make a copy of the non-fractional time without zone for easy parsing. */ + len = strspn(timestr, "0123456789"); + if (len >= sizeof(tcopy) || len < sizeof("yyyymmddHH") -1 || (len & 1)) { sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO, "unable to parse general time string %s", timestr); debug_return_time_t(-1); @@ -75,9 +80,9 @@ "only parsed %d items in general time string %s", items, timestr); debug_return_time_t(-1); } - cp = timestr + ((items + 1) * 2); /* Parse optional fractional hours/minute/second if present. */ + cp = timestr + len; if ((cp[0] == '.' || cp[0] == ',') && isdigit((unsigned char)cp[1])) { int frac = cp[1] - '0'; switch (items) { @@ -96,6 +101,7 @@ cp += 2; /* skip over radix and fraction */ } + /* Parse optional time zone. */ switch (*cp) { case '-': case '+': { @@ -103,6 +109,14 @@ /* No DST */ tm.tm_isdst = 0; + /* time zone offset must be hh or hhmm */ + len = strspn(cp + 1, "0123456789"); + if (len != 2 && len != 4) { + sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO, + "unable to parse time zone offset in %s, bad tz offset", + timestr); + debug_return_time_t(-1); + } /* parse time zone offset */ items = sscanf(cp + 1, "%2d%2d", &hour, &min); if (items == EOF || items < 1) { @@ -143,11 +157,11 @@ tm.tm_year -= 1900; tm.tm_mon--; - result = mktime(&tm); - if (result != -1) { - if (!islocal) { - /* Not local time, convert to GMT */ - result += get_gmtoff(&result); + if (islocal) { + result = mktime(&tm); + } else { + result = timegm(&tm); + if (result != -1) { /* Adjust time based on supplied GMT offset. */ result -= tzoff; } diff -Nru sudo-1.9.5p2/plugins/sudoers/getdate.c sudo-1.9.9/plugins/sudoers/getdate.c --- sudo-1.9.5p2/plugins/sudoers/getdate.c 2021-01-09 20:12:16.000000000 +0000 +++ sudo-1.9.9/plugins/sudoers/getdate.c 2022-01-27 21:24:22.000000000 +0000 @@ -105,9 +105,9 @@ static time_t yyRelMonth; static time_t yyRelSeconds; -static int yyerror(const char *s); static int yylex(void); int yyparse(void); + void yyerror(const char *s); #line 97 "getdate.y" #ifndef YYSTYPE_DEFINED @@ -119,10 +119,10 @@ #endif /* YYSTYPE_DEFINED */ #line 115 "getdate.c" #define tAGO 257 -#define tDAY 258 -#define tDAYZONE 259 -#define tID 260 -#define tMERIDIAN 261 +#define tID 258 +#define tDST 259 +#define tDAY 260 +#define tDAYZONE 261 #define tMINUTE_UNIT 262 #define tMONTH 263 #define tMONTH_UNIT 264 @@ -130,7 +130,7 @@ #define tSNUMBER 266 #define tUNUMBER 267 #define tZONE 268 -#define tDST 269 +#define tMERIDIAN 269 #define YYERRCODE 256 const short yylhs[] = { -1, @@ -152,9 +152,9 @@ { 1, 0, 0, 15, 32, 0, 38, 35, 0, 0, 0, 2, 3, 4, 5, 6, 7, 8, 0, 18, 0, - 31, 36, 33, 19, 9, 30, 0, 37, 34, 0, + 31, 36, 33, 19, 30, 0, 37, 34, 0, 9, 0, 0, 16, 28, 0, 23, 27, 22, 0, 0, - 25, 41, 11, 0, 10, 0, 0, 21, 13, 12, + 25, 11, 41, 0, 10, 0, 0, 21, 13, 12, }; const short yydgoto[] = { 1, @@ -162,32 +162,32 @@ }; const short yysindex[] = { 0, - -249, -38, 0, 0, -260, 0, 0, -240, -47, -248, - 0, 0, 0, 0, 0, 0, 0, -237, 0, -18, - 0, 0, 0, 0, 0, 0, -262, 0, 0, -239, - -238, -236, 0, 0, -235, 0, 0, 0, -56, -19, - 0, 0, 0, -234, 0, -232, -258, 0, 0, 0,}; + -199, -38, 0, 0, -254, 0, 0, -260, -47, -245, + 0, 0, 0, 0, 0, 0, 0, -242, 0, -28, + 0, 0, 0, 0, 0, -259, 0, 0, -249, 0, + -247, -246, 0, 0, -244, 0, 0, 0, -55, -29, + 0, 0, 0, -243, 0, -241, -257, 0, 0, 0,}; const short yyrindex[] = { 0, - 0, 1, 0, 0, 0, 0, 0, 0, 69, 12, - 0, 0, 0, 0, 0, 0, 0, 23, 0, 34, - 0, 0, 0, 0, 0, 0, 67, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 56, 45, - 0, 0, 0, 0, 0, 0, 56, 0, 0, 0,}; + 0, 1, 0, 0, 0, 0, 0, 0, 60, 10, + 0, 0, 0, 0, 0, 0, 0, 19, 0, 28, + 0, 0, 0, 0, 0, 55, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 46, 37, + 0, 0, 0, 0, 0, 0, 46, 0, 0, 0,}; const short yygindex[] = { 0, - -17, 0, 0, 0, 0, 0, 0, 0, 0, + -25, 0, 0, 0, 0, 0, 0, 0, 0, }; -#define YYTABLESIZE 337 +#define YYTABLESIZE 328 const short yytable[] = { 32, - 17, 44, 42, 36, 37, 19, 20, 49, 2, 3, - 31, 14, 4, 5, 6, 7, 8, 9, 10, 34, - 33, 21, 29, 22, 23, 35, 38, 46, 39, 50, - 40, 41, 47, 24, 48, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 20, 0, 0, 0, 0, 0, + 17, 21, 44, 22, 23, 19, 36, 37, 49, 14, + 31, 43, 20, 33, 34, 35, 38, 46, 29, 39, + 40, 50, 41, 47, 0, 48, 0, 24, 0, 0, + 0, 0, 0, 0, 0, 0, 20, 0, 0, 0, 0, 0, 0, 0, 0, 40, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 26, 0, 39, 0, + 0, 0, 0, 0, 26, 0, 0, 0, 0, 39, + 2, 3, 4, 5, 6, 7, 8, 9, 10, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, @@ -201,30 +201,30 @@ 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 42, 0, 0, 0, 0, 43, - 24, 0, 0, 25, 26, 27, 28, 29, 30, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 42, 0, 24, 43, 25, 26, 27, 28, 29, 0, + 0, 30, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 17, 17, - 0, 0, 17, 17, 17, 17, 17, 17, 17, 14, - 14, 0, 0, 14, 14, 14, 14, 14, 14, 14, - 29, 29, 0, 0, 29, 29, 29, 29, 29, 29, - 29, 24, 24, 0, 0, 24, 24, 24, 24, 24, - 24, 24, 20, 20, 0, 0, 20, 20, 20, 20, - 20, 20, 20, 40, 40, 0, 0, 40, 40, 40, - 40, 0, 40, 40, 26, 26, 0, 39, 26, 26, - 26, 26, 0, 0, 26, 39, 39, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 17, 17, 17, 17, 17, 17, 17, 17, 17, 14, + 14, 14, 14, 14, 14, 14, 14, 14, 29, 29, + 29, 29, 29, 29, 29, 29, 29, 24, 24, 24, + 24, 24, 24, 24, 24, 24, 20, 20, 20, 20, + 20, 20, 20, 20, 20, 40, 40, 40, 40, 40, + 40, 0, 40, 40, 26, 26, 26, 26, 26, 26, + 39, 0, 26, 0, 0, 0, 39, 39, }; const short yycheck[] = { 47, - 0, 58, 261, 266, 267, 44, 267, 266, 258, 259, - 58, 0, 262, 263, 264, 265, 266, 267, 268, 257, - 269, 262, 0, 264, 265, 44, 266, 47, 267, 47, - 267, 267, 267, 0, 267, -1, -1, -1, -1, -1, - -1, -1, -1, -1, 0, -1, -1, -1, -1, -1, + 0, 262, 58, 264, 265, 44, 266, 267, 266, 0, + 58, 269, 267, 259, 257, 44, 266, 47, 0, 267, + 267, 47, 267, 267, -1, 267, -1, 0, -1, -1, + -1, -1, -1, -1, -1, -1, 0, -1, -1, -1, -1, -1, -1, -1, -1, 0, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, 0, -1, 0, -1, + -1, -1, -1, -1, 0, -1, -1, -1, -1, 0, + 260, 261, 262, 263, 264, 265, 266, 267, 268, -1, + -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, @@ -238,20 +238,18 @@ -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, 261, -1, -1, -1, -1, 266, - 258, -1, -1, 261, 262, 263, 264, 265, 266, -1, + 266, -1, 260, 269, 262, 263, 264, 265, 266, -1, + -1, 269, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, -1, 258, 259, - -1, -1, 262, 263, 264, 265, 266, 267, 268, 258, - 259, -1, -1, 262, 263, 264, 265, 266, 267, 268, - 258, 259, -1, -1, 262, 263, 264, 265, 266, 267, - 268, 258, 259, -1, -1, 262, 263, 264, 265, 266, - 267, 268, 258, 259, -1, -1, 262, 263, 264, 265, - 266, 267, 268, 258, 259, -1, -1, 262, 263, 264, - 265, -1, 267, 268, 258, 259, -1, 259, 262, 263, - 264, 265, -1, -1, 268, 267, 268, + 260, 261, 262, 263, 264, 265, 266, 267, 268, 260, + 261, 262, 263, 264, 265, 266, 267, 268, 260, 261, + 262, 263, 264, 265, 266, 267, 268, 260, 261, 262, + 263, 264, 265, 266, 267, 268, 260, 261, 262, 263, + 264, 265, 266, 267, 268, 260, 261, 262, 263, 264, + 265, -1, 267, 268, 260, 261, 262, 263, 264, 265, + 261, -1, 268, -1, -1, -1, 267, 268, }; #define YYFINAL 1 #ifndef YYDEBUG @@ -267,9 +265,9 @@ 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0, 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0, 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0, -0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,"tAGO","tDAY", -"tDAYZONE","tID","tMERIDIAN","tMINUTE_UNIT","tMONTH","tMONTH_UNIT","tSEC_UNIT", -"tSNUMBER","tUNUMBER","tZONE","tDST", +0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,"tAGO","tID","tDST", +"tDAY","tDAYZONE","tMINUTE_UNIT","tMONTH","tMONTH_UNIT","tSEC_UNIT","tSNUMBER", +"tUNUMBER","tZONE","tMERIDIAN", }; const char * const yyrule[] = {"$accept : spec", @@ -532,10 +530,10 @@ /* ARGSUSED */ -static int +void yyerror(const char *s) { - return 0; + return; } @@ -579,7 +577,7 @@ static int DaysInMonth[12] = { 31, 0, 31, 30, 31, 30, 31, 31, 30, 31, 30, 31 }; - struct tm *tm; + struct tm tm; time_t tod; time_t Julian; int i; @@ -612,7 +610,7 @@ return -1; Julian += tod; if (DSTmode == DSTon - || (DSTmode == DSTmaybe && (tm = localtime(&Julian)) && tm->tm_isdst)) + || (DSTmode == DSTmaybe && localtime_r(&Julian, &tm) && tm.tm_isdst)) Julian -= 60 * 60; return Julian; } @@ -621,18 +619,16 @@ static time_t DSTcorrect(time_t Start, time_t Future) { - struct tm *start_tm; - struct tm *future_tm; + struct tm start_tm; + struct tm future_tm; time_t StartDay; time_t FutureDay; - start_tm = localtime(&Start); - future_tm = localtime(&Future); - if (!start_tm || !future_tm) + if (!localtime_r(&Start, &start_tm) || !localtime_r(&Future, &future_tm)) return -1; - StartDay = (start_tm->tm_hour + 1) % 24; - FutureDay = (future_tm->tm_hour + 1) % 24; + StartDay = (start_tm.tm_hour + 1) % 24; + FutureDay = (future_tm.tm_hour + 1) % 24; return (Future - Start) + (StartDay - FutureDay) * 60L * 60L; } @@ -640,13 +636,13 @@ static time_t RelativeDate(time_t Start, time_t DayOrdinal, time_t DayNumber) { - struct tm *tm; + struct tm tm; time_t now; now = Start; - if (!(tm = localtime(&now))) + if (!localtime_r(&now, &tm)) return -1; - now += SECSPERDAY * ((DayNumber - tm->tm_wday + 7) % 7); + now += SECSPERDAY * ((DayNumber - tm.tm_wday + 7) % 7); now += 7 * SECSPERDAY * (DayOrdinal <= 0 ? DayOrdinal : DayOrdinal - 1); return DSTcorrect(Start, now); } @@ -655,20 +651,20 @@ static time_t RelativeMonth(time_t Start, time_t RelMonth) { - struct tm *tm; + struct tm tm; time_t Month; time_t Year; if (RelMonth == 0) return 0; - if (!(tm = localtime(&Start))) + if (!localtime_r(&Start, &tm)) return -1; - Month = 12 * (tm->tm_year + 1900) + tm->tm_mon + RelMonth; + Month = 12 * (tm.tm_year + 1900) + tm.tm_mon + RelMonth; Year = Month / 12; Month = Month % 12 + 1; return DSTcorrect(Start, - Convert(Month, (time_t)tm->tm_mday, Year, - (time_t)tm->tm_hour, (time_t)tm->tm_min, (time_t)tm->tm_sec, + Convert(Month, (time_t)tm.tm_mday, Year, + (time_t)tm.tm_hour, (time_t)tm.tm_min, (time_t)tm.tm_sec, MER24, DSTmaybe)); } @@ -681,11 +677,15 @@ const TABLE *tp; int i; int abbrev; + int bufflen; /* Make it lowercase. */ - for (p = buff; *p; p++) + for (p = buff; *p; p++) { if (isupper((unsigned char)*p)) *p = tolower((unsigned char)*p); + } + if ((bufflen = (int)(p - buff)) == 0) + return '\0'; if (strcmp(buff, "am") == 0 || strcmp(buff, "a.m.") == 0) { yylval.Meridian = MERam; @@ -697,11 +697,11 @@ } /* See if we have an abbreviation for a month. */ - if (strlen(buff) == 3) + if (bufflen == 3) abbrev = 1; - else if (strlen(buff) == 4 && buff[3] == '.') { + else if (bufflen == 4 && buff[3] == '.') { abbrev = 1; - buff[3] = '\0'; + buff[bufflen = 3] = '\0'; } else abbrev = 0; @@ -735,7 +735,7 @@ } /* Strip off any plural and try the units table again. */ - i = strlen(buff) - 1; + i = bufflen - 1; if (buff[i] == 's') { buff[i] = '\0'; for (tp = UnitsTable; tp->name; tp++) @@ -857,7 +857,7 @@ time_t get_date(char *p) { - struct tm *tm, *gmt, gmtbuf; + struct tm tm, gmt; time_t Start; time_t tod; time_t now; @@ -866,36 +866,19 @@ yyInput = p; (void)time (&now); - gmt = gmtime (&now); - if (gmt != NULL) - { - /* Make a copy, in case localtime modifies *tm (I think - that comment now applies to *gmt, but I am too - lazy to dig into how gmtime and locatime allocate the - structures they return pointers to). */ - gmtbuf = *gmt; - gmt = &gmtbuf; - } - - if (! (tm = localtime (&now))) + if (gmtime_r (&now, &gmt) == NULL) return -1; - if (gmt != NULL) - tz = difftm (gmt, tm) / 60; - else - /* We are on a system like VMS, where the system clock is - in local time and the system has no concept of timezones. - Hopefully we can fake this out (for the case in which the - user specifies no timezone) by just saying the timezone - is zero. */ - tz = 0; + if (localtime_r (&now, &tm) == NULL) + return -1; - if(tm->tm_isdst) + tz = difftm (&gmt, &tm) / 60; + if (tm.tm_isdst) tz += 60; - yyYear = tm->tm_year + 1900; - yyMonth = tm->tm_mon + 1; - yyDay = tm->tm_mday; + yyYear = tm.tm_year + 1900; + yyMonth = tm.tm_mon + 1; + yyDay = tm.tm_mday; yyTimezone = tz; yyDSTmode = DSTmaybe; yyHour = 0; @@ -923,7 +906,7 @@ else { Start = now; if (!yyHaveRel) - Start -= ((tm->tm_hour * 60L + tm->tm_min) * 60L) + tm->tm_sec; + Start -= ((tm.tm_hour * 60L + tm.tm_min) * 60L) + tm.tm_sec; } Start += yyRelSeconds; @@ -964,7 +947,7 @@ /* NOTREACHED */ } #endif /* TEST */ -#line 954 "getdate.c" +#line 937 "getdate.c" /* allocate initial stack or double stack size, up to YYMAXDEPTH */ static int yygrowstack(void) { @@ -1444,7 +1427,7 @@ yyval.Meridian = yyvsp[0].Meridian; } break; -#line 1434 "getdate.c" +#line 1417 "getdate.c" } yyssp -= yym; yystate = *yyssp; diff -Nru sudo-1.9.5p2/plugins/sudoers/getdate.y sudo-1.9.9/plugins/sudoers/getdate.y --- sudo-1.9.5p2/plugins/sudoers/getdate.y 2021-01-09 20:12:16.000000000 +0000 +++ sudo-1.9.9/plugins/sudoers/getdate.y 2022-01-27 21:24:22.000000000 +0000 @@ -88,9 +88,9 @@ static time_t yyRelMonth; static time_t yyRelSeconds; -static int yyerror(const char *s); static int yylex(void); int yyparse(void); + void yyerror(const char *s); %} @@ -99,12 +99,12 @@ enum _MERIDIAN Meridian; } -%token tAGO tDAY tDAYZONE tID tMERIDIAN tMINUTE_UNIT tMONTH tMONTH_UNIT -%token tSEC_UNIT tSNUMBER tUNUMBER tZONE tDST +%token tAGO tID tDST +%token tDAY tDAYZONE tMINUTE_UNIT tMONTH tMONTH_UNIT +%token tSEC_UNIT tSNUMBER tUNUMBER tZONE +%token tMERIDIAN -%type tDAY tDAYZONE tMINUTE_UNIT tMONTH tMONTH_UNIT -%type tSEC_UNIT tSNUMBER tUNUMBER tZONE -%type tMERIDIAN o_merid +%type o_merid %% @@ -502,10 +502,10 @@ /* ARGSUSED */ -static int +void yyerror(const char *s) { - return 0; + return; } @@ -549,7 +549,7 @@ static int DaysInMonth[12] = { 31, 0, 31, 30, 31, 30, 31, 31, 30, 31, 30, 31 }; - struct tm *tm; + struct tm tm; time_t tod; time_t Julian; int i; @@ -582,7 +582,7 @@ return -1; Julian += tod; if (DSTmode == DSTon - || (DSTmode == DSTmaybe && (tm = localtime(&Julian)) && tm->tm_isdst)) + || (DSTmode == DSTmaybe && localtime_r(&Julian, &tm) && tm.tm_isdst)) Julian -= 60 * 60; return Julian; } @@ -591,18 +591,16 @@ static time_t DSTcorrect(time_t Start, time_t Future) { - struct tm *start_tm; - struct tm *future_tm; + struct tm start_tm; + struct tm future_tm; time_t StartDay; time_t FutureDay; - start_tm = localtime(&Start); - future_tm = localtime(&Future); - if (!start_tm || !future_tm) + if (!localtime_r(&Start, &start_tm) || !localtime_r(&Future, &future_tm)) return -1; - StartDay = (start_tm->tm_hour + 1) % 24; - FutureDay = (future_tm->tm_hour + 1) % 24; + StartDay = (start_tm.tm_hour + 1) % 24; + FutureDay = (future_tm.tm_hour + 1) % 24; return (Future - Start) + (StartDay - FutureDay) * 60L * 60L; } @@ -610,13 +608,13 @@ static time_t RelativeDate(time_t Start, time_t DayOrdinal, time_t DayNumber) { - struct tm *tm; + struct tm tm; time_t now; now = Start; - if (!(tm = localtime(&now))) + if (!localtime_r(&now, &tm)) return -1; - now += SECSPERDAY * ((DayNumber - tm->tm_wday + 7) % 7); + now += SECSPERDAY * ((DayNumber - tm.tm_wday + 7) % 7); now += 7 * SECSPERDAY * (DayOrdinal <= 0 ? DayOrdinal : DayOrdinal - 1); return DSTcorrect(Start, now); } @@ -625,20 +623,20 @@ static time_t RelativeMonth(time_t Start, time_t RelMonth) { - struct tm *tm; + struct tm tm; time_t Month; time_t Year; if (RelMonth == 0) return 0; - if (!(tm = localtime(&Start))) + if (!localtime_r(&Start, &tm)) return -1; - Month = 12 * (tm->tm_year + 1900) + tm->tm_mon + RelMonth; + Month = 12 * (tm.tm_year + 1900) + tm.tm_mon + RelMonth; Year = Month / 12; Month = Month % 12 + 1; return DSTcorrect(Start, - Convert(Month, (time_t)tm->tm_mday, Year, - (time_t)tm->tm_hour, (time_t)tm->tm_min, (time_t)tm->tm_sec, + Convert(Month, (time_t)tm.tm_mday, Year, + (time_t)tm.tm_hour, (time_t)tm.tm_min, (time_t)tm.tm_sec, MER24, DSTmaybe)); } @@ -651,11 +649,15 @@ const TABLE *tp; int i; int abbrev; + int bufflen; /* Make it lowercase. */ - for (p = buff; *p; p++) + for (p = buff; *p; p++) { if (isupper((unsigned char)*p)) *p = tolower((unsigned char)*p); + } + if ((bufflen = (int)(p - buff)) == 0) + return '\0'; if (strcmp(buff, "am") == 0 || strcmp(buff, "a.m.") == 0) { yylval.Meridian = MERam; @@ -667,11 +669,11 @@ } /* See if we have an abbreviation for a month. */ - if (strlen(buff) == 3) + if (bufflen == 3) abbrev = 1; - else if (strlen(buff) == 4 && buff[3] == '.') { + else if (bufflen == 4 && buff[3] == '.') { abbrev = 1; - buff[3] = '\0'; + buff[bufflen = 3] = '\0'; } else abbrev = 0; @@ -705,7 +707,7 @@ } /* Strip off any plural and try the units table again. */ - i = strlen(buff) - 1; + i = bufflen - 1; if (buff[i] == 's') { buff[i] = '\0'; for (tp = UnitsTable; tp->name; tp++) @@ -827,7 +829,7 @@ time_t get_date(char *p) { - struct tm *tm, *gmt, gmtbuf; + struct tm tm, gmt; time_t Start; time_t tod; time_t now; @@ -836,36 +838,19 @@ yyInput = p; (void)time (&now); - gmt = gmtime (&now); - if (gmt != NULL) - { - /* Make a copy, in case localtime modifies *tm (I think - that comment now applies to *gmt, but I am too - lazy to dig into how gmtime and locatime allocate the - structures they return pointers to). */ - gmtbuf = *gmt; - gmt = &gmtbuf; - } - - if (! (tm = localtime (&now))) + if (gmtime_r (&now, &gmt) == NULL) return -1; - if (gmt != NULL) - tz = difftm (gmt, tm) / 60; - else - /* We are on a system like VMS, where the system clock is - in local time and the system has no concept of timezones. - Hopefully we can fake this out (for the case in which the - user specifies no timezone) by just saying the timezone - is zero. */ - tz = 0; + if (localtime_r (&now, &tm) == NULL) + return -1; - if(tm->tm_isdst) + tz = difftm (&gmt, &tm) / 60; + if (tm.tm_isdst) tz += 60; - yyYear = tm->tm_year + 1900; - yyMonth = tm->tm_mon + 1; - yyDay = tm->tm_mday; + yyYear = tm.tm_year + 1900; + yyMonth = tm.tm_mon + 1; + yyDay = tm.tm_mday; yyTimezone = tz; yyDSTmode = DSTmaybe; yyHour = 0; @@ -893,7 +878,7 @@ else { Start = now; if (!yyHaveRel) - Start -= ((tm->tm_hour * 60L + tm->tm_min) * 60L) + tm->tm_sec; + Start -= ((tm.tm_hour * 60L + tm.tm_min) * 60L) + tm.tm_sec; } Start += yyRelSeconds; diff -Nru sudo-1.9.5p2/plugins/sudoers/gmtoff.c sudo-1.9.9/plugins/sudoers/gmtoff.c --- sudo-1.9.5p2/plugins/sudoers/gmtoff.c 2020-12-17 01:33:43.000000000 +0000 +++ sudo-1.9.9/plugins/sudoers/gmtoff.c 1970-01-01 00:00:00.000000000 +0000 @@ -1,75 +0,0 @@ -/* - * SPDX-License-Identifier: ISC - * - * Copyright (c) 2017 Todd C. Miller - * - * Permission to use, copy, modify, and distribute this software for any - * purpose with or without fee is hereby granted, provided that the above - * copyright notice and this permission notice appear in all copies. - * - * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES - * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF - * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR - * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES - * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN - * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF - * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. - */ - -/* - * This is an open source non-commercial project. Dear PVS-Studio, please check it. - * PVS-Studio Static Code Analyzer for C, C++ and C#: http://www.viva64.com - */ - -#include - -#include -#include - -#include "sudo_compat.h" -#include "sudoers_debug.h" -#include "parse.h" - -/* - * Returns the offset from GMT in seconds (algorithm taken from sendmail). - * Warning: clobbers the static storage used by localtime() and gmtime(). - */ -#ifdef HAVE_STRUCT_TM_TM_GMTOFF -long -get_gmtoff(time_t *when) -{ - struct tm *local; - - local = localtime(when); - return local->tm_gmtoff; -} -#else -long -get_gmtoff(time_t *when) -{ - struct tm *gm, gmt, *local; - long offset; - - if ((gm = gmtime(when)) == NULL) - return 0; - gmt = *gm; - if ((local = localtime(when)) == NULL) - return 0; - - offset = (local->tm_sec - gmt.tm_sec) + - ((local->tm_min - gmt.tm_min) * 60) + - ((local->tm_hour - gmt.tm_hour) * 3600); - - /* Timezone may cause year rollover to happen on a different day. */ - if (local->tm_year < gmt.tm_year) - offset -= 24 * 3600; - else if (local->tm_year > gmt.tm_year) - offset -= 24 * 3600; - else if (local->tm_yday < gmt.tm_yday) - offset -= 24 * 3600; - else if (local->tm_yday > gmt.tm_yday) - offset += 24 * 3600; - - return offset; -} -#endif /* HAVE_TM_GMTOFF */ diff -Nru sudo-1.9.5p2/plugins/sudoers/gram.c sudo-1.9.9/plugins/sudoers/gram.c --- sudo-1.9.5p2/plugins/sudoers/gram.c 2021-01-09 20:12:16.000000000 +0000 +++ sudo-1.9.9/plugins/sudoers/gram.c 2022-01-27 21:24:22.000000000 +0000 @@ -4,11 +4,11 @@ */ #include -/* A Bison parser, made by GNU Bison 3.7.4. */ +/* A Bison parser, made by GNU Bison 3.8.2. */ /* Bison implementation for Yacc-like parsers in C - Copyright (C) 1984, 1989-1990, 2000-2015, 2018-2020 Free Software Foundation, + Copyright (C) 1984, 1989-1990, 2000-2015, 2018-2021 Free Software Foundation, Inc. This program is free software: you can redistribute it and/or modify @@ -22,7 +22,7 @@ GNU General Public License for more details. You should have received a copy of the GNU General Public License - along with this program. If not, see . */ + along with this program. If not, see . */ /* As a special exception, you may create a larger work that contains part or all of the Bison parser skeleton and distribute that work @@ -52,10 +52,10 @@ USER NAME SPACE" below. */ /* Identify Bison output, and Bison version. */ -#define YYBISON 30704 +#define YYBISON 30802 /* Bison version string. */ -#define YYBISON_VERSION "3.7.4" +#define YYBISON_VERSION "3.8.2" /* Skeleton name. */ #define YYSKELETON_NAME "yacc.c" @@ -85,7 +85,7 @@ /* * SPDX-License-Identifier: ISC * - * Copyright (c) 1996, 1998-2005, 2007-2013, 2014-2020 + * Copyright (c) 1996, 1998-2005, 2007-2013, 2014-2021 * Todd C. Miller * * Permission to use, copy, modify, and distribute this software for any @@ -112,9 +112,6 @@ #include #include #include -#if defined(YYBISON) && defined(HAVE_ALLOCA_H) && !defined(__GNUC__) -# include -#endif /* YYBISON && HAVE_ALLOCA_H && !__GNUC__ */ #include #include "sudoers.h" @@ -142,7 +139,13 @@ static int alias_line, alias_column; +#ifdef NO_LEAKS +static struct parser_leak_list parser_leak_list = + SLIST_HEAD_INITIALIZER(parser_leak_list); +#endif + struct sudoers_parse_tree parsed_policy = { + { NULL, NULL }, /* entries */ TAILQ_HEAD_INITIALIZER(parsed_policy.userspecs), TAILQ_HEAD_INITIALIZER(parsed_policy.defaults), NULL, /* aliases */ @@ -162,7 +165,7 @@ static struct command_digest *new_digest(int, char *); static void alias_error(const char *name, int errnum); -#line 160 "gram.c" +#line 163 "gram.c" # ifndef YY_CAST # ifdef __cplusplus @@ -235,27 +238,29 @@ NOMAIL = 284, /* NOMAIL */ FOLLOWLNK = 285, /* FOLLOWLNK */ NOFOLLOWLNK = 286, /* NOFOLLOWLNK */ - ALL = 287, /* ALL */ - HOSTALIAS = 288, /* HOSTALIAS */ - CMNDALIAS = 289, /* CMNDALIAS */ - USERALIAS = 290, /* USERALIAS */ - RUNASALIAS = 291, /* RUNASALIAS */ - ERROR = 292, /* ERROR */ - NOMATCH = 293, /* NOMATCH */ - CHROOT = 294, /* CHROOT */ - CWD = 295, /* CWD */ - TYPE = 296, /* TYPE */ - ROLE = 297, /* ROLE */ - PRIVS = 298, /* PRIVS */ - LIMITPRIVS = 299, /* LIMITPRIVS */ - CMND_TIMEOUT = 300, /* CMND_TIMEOUT */ - NOTBEFORE = 301, /* NOTBEFORE */ - NOTAFTER = 302, /* NOTAFTER */ - MYSELF = 303, /* MYSELF */ - SHA224_TOK = 304, /* SHA224_TOK */ - SHA256_TOK = 305, /* SHA256_TOK */ - SHA384_TOK = 306, /* SHA384_TOK */ - SHA512_TOK = 307 /* SHA512_TOK */ + INTERCEPT = 287, /* INTERCEPT */ + NOINTERCEPT = 288, /* NOINTERCEPT */ + ALL = 289, /* ALL */ + HOSTALIAS = 290, /* HOSTALIAS */ + CMNDALIAS = 291, /* CMNDALIAS */ + USERALIAS = 292, /* USERALIAS */ + RUNASALIAS = 293, /* RUNASALIAS */ + ERROR = 294, /* ERROR */ + NOMATCH = 295, /* NOMATCH */ + CHROOT = 296, /* CHROOT */ + CWD = 297, /* CWD */ + TYPE = 298, /* TYPE */ + ROLE = 299, /* ROLE */ + PRIVS = 300, /* PRIVS */ + LIMITPRIVS = 301, /* LIMITPRIVS */ + CMND_TIMEOUT = 302, /* CMND_TIMEOUT */ + NOTBEFORE = 303, /* NOTBEFORE */ + NOTAFTER = 304, /* NOTAFTER */ + MYSELF = 305, /* MYSELF */ + SHA224_TOK = 306, /* SHA224_TOK */ + SHA256_TOK = 307, /* SHA256_TOK */ + SHA384_TOK = 308, /* SHA384_TOK */ + SHA512_TOK = 309 /* SHA512_TOK */ }; typedef enum yytokentype yytoken_kind_t; #endif @@ -293,33 +298,35 @@ #define NOMAIL 284 #define FOLLOWLNK 285 #define NOFOLLOWLNK 286 -#define ALL 287 -#define HOSTALIAS 288 -#define CMNDALIAS 289 -#define USERALIAS 290 -#define RUNASALIAS 291 -#define ERROR 292 -#define NOMATCH 293 -#define CHROOT 294 -#define CWD 295 -#define TYPE 296 -#define ROLE 297 -#define PRIVS 298 -#define LIMITPRIVS 299 -#define CMND_TIMEOUT 300 -#define NOTBEFORE 301 -#define NOTAFTER 302 -#define MYSELF 303 -#define SHA224_TOK 304 -#define SHA256_TOK 305 -#define SHA384_TOK 306 -#define SHA512_TOK 307 +#define INTERCEPT 287 +#define NOINTERCEPT 288 +#define ALL 289 +#define HOSTALIAS 290 +#define CMNDALIAS 291 +#define USERALIAS 292 +#define RUNASALIAS 293 +#define ERROR 294 +#define NOMATCH 295 +#define CHROOT 296 +#define CWD 297 +#define TYPE 298 +#define ROLE 299 +#define PRIVS 300 +#define LIMITPRIVS 301 +#define CMND_TIMEOUT 302 +#define NOTBEFORE 303 +#define NOTAFTER 304 +#define MYSELF 305 +#define SHA224_TOK 306 +#define SHA256_TOK 307 +#define SHA384_TOK 308 +#define SHA512_TOK 309 /* Value type. */ #if ! defined YYSTYPE && ! defined YYSTYPE_IS_DECLARED union YYSTYPE { -#line 83 "gram.y" +#line 86 "gram.y" struct cmndspec *cmndspec; struct defaults *defaults; @@ -333,7 +340,7 @@ char *string; int tok; -#line 331 "gram.c" +#line 338 "gram.c" }; typedef union YYSTYPE YYSTYPE; @@ -344,8 +351,10 @@ extern YYSTYPE sudoerslval; + int sudoersparse (void); + #endif /* !YY_SUDOERS_Y_TAB_H_INCLUDED */ /* Symbol kind. */ enum yysymbol_kind_t @@ -383,90 +392,92 @@ YYSYMBOL_NOMAIL = 29, /* NOMAIL */ YYSYMBOL_FOLLOWLNK = 30, /* FOLLOWLNK */ YYSYMBOL_NOFOLLOWLNK = 31, /* NOFOLLOWLNK */ - YYSYMBOL_ALL = 32, /* ALL */ - YYSYMBOL_HOSTALIAS = 33, /* HOSTALIAS */ - YYSYMBOL_CMNDALIAS = 34, /* CMNDALIAS */ - YYSYMBOL_USERALIAS = 35, /* USERALIAS */ - YYSYMBOL_RUNASALIAS = 36, /* RUNASALIAS */ - YYSYMBOL_37_ = 37, /* ':' */ - YYSYMBOL_38_ = 38, /* '=' */ - YYSYMBOL_39_ = 39, /* ',' */ - YYSYMBOL_40_ = 40, /* '!' */ - YYSYMBOL_41_ = 41, /* '+' */ - YYSYMBOL_42_ = 42, /* '-' */ - YYSYMBOL_43_ = 43, /* '(' */ - YYSYMBOL_44_ = 44, /* ')' */ - YYSYMBOL_45_n_ = 45, /* '\n' */ - YYSYMBOL_ERROR = 46, /* ERROR */ - YYSYMBOL_NOMATCH = 47, /* NOMATCH */ - YYSYMBOL_CHROOT = 48, /* CHROOT */ - YYSYMBOL_CWD = 49, /* CWD */ - YYSYMBOL_TYPE = 50, /* TYPE */ - YYSYMBOL_ROLE = 51, /* ROLE */ - YYSYMBOL_PRIVS = 52, /* PRIVS */ - YYSYMBOL_LIMITPRIVS = 53, /* LIMITPRIVS */ - YYSYMBOL_CMND_TIMEOUT = 54, /* CMND_TIMEOUT */ - YYSYMBOL_NOTBEFORE = 55, /* NOTBEFORE */ - YYSYMBOL_NOTAFTER = 56, /* NOTAFTER */ - YYSYMBOL_MYSELF = 57, /* MYSELF */ - YYSYMBOL_SHA224_TOK = 58, /* SHA224_TOK */ - YYSYMBOL_SHA256_TOK = 59, /* SHA256_TOK */ - YYSYMBOL_SHA384_TOK = 60, /* SHA384_TOK */ - YYSYMBOL_SHA512_TOK = 61, /* SHA512_TOK */ - YYSYMBOL_YYACCEPT = 62, /* $accept */ - YYSYMBOL_file = 63, /* file */ - YYSYMBOL_line = 64, /* line */ - YYSYMBOL_entry = 65, /* entry */ - YYSYMBOL_include = 66, /* include */ - YYSYMBOL_includedir = 67, /* includedir */ - YYSYMBOL_defaults_list = 68, /* defaults_list */ - YYSYMBOL_defaults_entry = 69, /* defaults_entry */ - YYSYMBOL_privileges = 70, /* privileges */ - YYSYMBOL_privilege = 71, /* privilege */ - YYSYMBOL_ophost = 72, /* ophost */ - YYSYMBOL_host = 73, /* host */ - YYSYMBOL_cmndspeclist = 74, /* cmndspeclist */ - YYSYMBOL_cmndspec = 75, /* cmndspec */ - YYSYMBOL_digestspec = 76, /* digestspec */ - YYSYMBOL_digestlist = 77, /* digestlist */ - YYSYMBOL_digcmnd = 78, /* digcmnd */ - YYSYMBOL_opcmnd = 79, /* opcmnd */ - YYSYMBOL_chdirspec = 80, /* chdirspec */ - YYSYMBOL_chrootspec = 81, /* chrootspec */ - YYSYMBOL_timeoutspec = 82, /* timeoutspec */ - YYSYMBOL_notbeforespec = 83, /* notbeforespec */ - YYSYMBOL_notafterspec = 84, /* notafterspec */ - YYSYMBOL_rolespec = 85, /* rolespec */ - YYSYMBOL_typespec = 86, /* typespec */ - YYSYMBOL_privsspec = 87, /* privsspec */ - YYSYMBOL_limitprivsspec = 88, /* limitprivsspec */ - YYSYMBOL_runasspec = 89, /* runasspec */ - YYSYMBOL_runaslist = 90, /* runaslist */ - YYSYMBOL_reserved_word = 91, /* reserved_word */ - YYSYMBOL_reserved_alias = 92, /* reserved_alias */ - YYSYMBOL_options = 93, /* options */ - YYSYMBOL_cmndtag = 94, /* cmndtag */ - YYSYMBOL_cmnd = 95, /* cmnd */ - YYSYMBOL_hostaliases = 96, /* hostaliases */ - YYSYMBOL_hostalias = 97, /* hostalias */ - YYSYMBOL_98_1 = 98, /* $@1 */ - YYSYMBOL_hostlist = 99, /* hostlist */ - YYSYMBOL_cmndaliases = 100, /* cmndaliases */ - YYSYMBOL_cmndalias = 101, /* cmndalias */ - YYSYMBOL_102_2 = 102, /* $@2 */ - YYSYMBOL_cmndlist = 103, /* cmndlist */ - YYSYMBOL_runasaliases = 104, /* runasaliases */ - YYSYMBOL_runasalias = 105, /* runasalias */ - YYSYMBOL_106_3 = 106, /* $@3 */ - YYSYMBOL_useraliases = 107, /* useraliases */ - YYSYMBOL_useralias = 108, /* useralias */ - YYSYMBOL_109_4 = 109, /* $@4 */ - YYSYMBOL_userlist = 110, /* userlist */ - YYSYMBOL_opuser = 111, /* opuser */ - YYSYMBOL_user = 112, /* user */ - YYSYMBOL_grouplist = 113, /* grouplist */ - YYSYMBOL_opgroup = 114, /* opgroup */ - YYSYMBOL_group = 115 /* group */ + YYSYMBOL_INTERCEPT = 32, /* INTERCEPT */ + YYSYMBOL_NOINTERCEPT = 33, /* NOINTERCEPT */ + YYSYMBOL_ALL = 34, /* ALL */ + YYSYMBOL_HOSTALIAS = 35, /* HOSTALIAS */ + YYSYMBOL_CMNDALIAS = 36, /* CMNDALIAS */ + YYSYMBOL_USERALIAS = 37, /* USERALIAS */ + YYSYMBOL_RUNASALIAS = 38, /* RUNASALIAS */ + YYSYMBOL_39_ = 39, /* ':' */ + YYSYMBOL_40_ = 40, /* '=' */ + YYSYMBOL_41_ = 41, /* ',' */ + YYSYMBOL_42_ = 42, /* '!' */ + YYSYMBOL_43_ = 43, /* '+' */ + YYSYMBOL_44_ = 44, /* '-' */ + YYSYMBOL_45_ = 45, /* '(' */ + YYSYMBOL_46_ = 46, /* ')' */ + YYSYMBOL_47_n_ = 47, /* '\n' */ + YYSYMBOL_ERROR = 48, /* ERROR */ + YYSYMBOL_NOMATCH = 49, /* NOMATCH */ + YYSYMBOL_CHROOT = 50, /* CHROOT */ + YYSYMBOL_CWD = 51, /* CWD */ + YYSYMBOL_TYPE = 52, /* TYPE */ + YYSYMBOL_ROLE = 53, /* ROLE */ + YYSYMBOL_PRIVS = 54, /* PRIVS */ + YYSYMBOL_LIMITPRIVS = 55, /* LIMITPRIVS */ + YYSYMBOL_CMND_TIMEOUT = 56, /* CMND_TIMEOUT */ + YYSYMBOL_NOTBEFORE = 57, /* NOTBEFORE */ + YYSYMBOL_NOTAFTER = 58, /* NOTAFTER */ + YYSYMBOL_MYSELF = 59, /* MYSELF */ + YYSYMBOL_SHA224_TOK = 60, /* SHA224_TOK */ + YYSYMBOL_SHA256_TOK = 61, /* SHA256_TOK */ + YYSYMBOL_SHA384_TOK = 62, /* SHA384_TOK */ + YYSYMBOL_SHA512_TOK = 63, /* SHA512_TOK */ + YYSYMBOL_YYACCEPT = 64, /* $accept */ + YYSYMBOL_file = 65, /* file */ + YYSYMBOL_line = 66, /* line */ + YYSYMBOL_entry = 67, /* entry */ + YYSYMBOL_include = 68, /* include */ + YYSYMBOL_includedir = 69, /* includedir */ + YYSYMBOL_defaults_list = 70, /* defaults_list */ + YYSYMBOL_defaults_entry = 71, /* defaults_entry */ + YYSYMBOL_privileges = 72, /* privileges */ + YYSYMBOL_privilege = 73, /* privilege */ + YYSYMBOL_ophost = 74, /* ophost */ + YYSYMBOL_host = 75, /* host */ + YYSYMBOL_cmndspeclist = 76, /* cmndspeclist */ + YYSYMBOL_cmndspec = 77, /* cmndspec */ + YYSYMBOL_digestspec = 78, /* digestspec */ + YYSYMBOL_digestlist = 79, /* digestlist */ + YYSYMBOL_digcmnd = 80, /* digcmnd */ + YYSYMBOL_opcmnd = 81, /* opcmnd */ + YYSYMBOL_chdirspec = 82, /* chdirspec */ + YYSYMBOL_chrootspec = 83, /* chrootspec */ + YYSYMBOL_timeoutspec = 84, /* timeoutspec */ + YYSYMBOL_notbeforespec = 85, /* notbeforespec */ + YYSYMBOL_notafterspec = 86, /* notafterspec */ + YYSYMBOL_rolespec = 87, /* rolespec */ + YYSYMBOL_typespec = 88, /* typespec */ + YYSYMBOL_privsspec = 89, /* privsspec */ + YYSYMBOL_limitprivsspec = 90, /* limitprivsspec */ + YYSYMBOL_runasspec = 91, /* runasspec */ + YYSYMBOL_runaslist = 92, /* runaslist */ + YYSYMBOL_reserved_word = 93, /* reserved_word */ + YYSYMBOL_reserved_alias = 94, /* reserved_alias */ + YYSYMBOL_options = 95, /* options */ + YYSYMBOL_cmndtag = 96, /* cmndtag */ + YYSYMBOL_cmnd = 97, /* cmnd */ + YYSYMBOL_hostaliases = 98, /* hostaliases */ + YYSYMBOL_hostalias = 99, /* hostalias */ + YYSYMBOL_100_1 = 100, /* $@1 */ + YYSYMBOL_hostlist = 101, /* hostlist */ + YYSYMBOL_cmndaliases = 102, /* cmndaliases */ + YYSYMBOL_cmndalias = 103, /* cmndalias */ + YYSYMBOL_104_2 = 104, /* $@2 */ + YYSYMBOL_cmndlist = 105, /* cmndlist */ + YYSYMBOL_runasaliases = 106, /* runasaliases */ + YYSYMBOL_runasalias = 107, /* runasalias */ + YYSYMBOL_108_3 = 108, /* $@3 */ + YYSYMBOL_useraliases = 109, /* useraliases */ + YYSYMBOL_useralias = 110, /* useralias */ + YYSYMBOL_111_4 = 111, /* $@4 */ + YYSYMBOL_userlist = 112, /* userlist */ + YYSYMBOL_opuser = 113, /* opuser */ + YYSYMBOL_user = 114, /* user */ + YYSYMBOL_grouplist = 115, /* grouplist */ + YYSYMBOL_opgroup = 116, /* opgroup */ + YYSYMBOL_group = 117 /* group */ }; typedef enum yysymbol_kind_t yysymbol_kind_t; @@ -483,7 +494,7 @@ #ifndef __PTRDIFF_MAX__ # include /* INFRINGES ON USER NAME SPACE */ -# if defined __STDC_VERSION__ && 199901 <= __STDC_VERSION__ +# if defined HAVE_STDINT_H # include /* INFRINGES ON USER NAME SPACE */ # define YY_STDINT_H # endif @@ -510,6 +521,18 @@ typedef short yytype_int16; #endif +/* Work around bug in HP-UX 11.23, which defines these macros + incorrectly for preprocessor constants. This workaround can likely + be removed in 2023, as HPE has promised support for HP-UX 11.23 + (aka HP-UX 11i v2) only through the end of 2022; see Table 2 of + . */ +#ifdef __hpux +# undef UINT_LEAST8_MAX +# undef UINT_LEAST16_MAX +# define UINT_LEAST8_MAX 255 +# define UINT_LEAST16_MAX 65535 +#endif + #if defined __UINT_LEAST8_MAX__ && __UINT_LEAST8_MAX__ <= __INT_MAX__ typedef __UINT_LEAST8_TYPE__ yytype_uint8; #elif (!defined __UINT_LEAST8_MAX__ && defined YY_STDINT_H \ @@ -607,17 +630,23 @@ /* Suppress unused-variable warnings by "using" E. */ #if ! defined lint || defined __GNUC__ -# define YYUSE(E) ((void) (E)) +# define YY_USE(E) ((void) (E)) #else -# define YYUSE(E) /* empty */ +# define YY_USE(E) /* empty */ #endif -#if defined __GNUC__ && ! defined __ICC && 407 <= __GNUC__ * 100 + __GNUC_MINOR__ /* Suppress an incorrect diagnostic about yylval being uninitialized. */ -# define YY_IGNORE_MAYBE_UNINITIALIZED_BEGIN \ +#if defined __GNUC__ && ! defined __ICC && 406 <= __GNUC__ * 100 + __GNUC_MINOR__ +# if __GNUC__ * 100 + __GNUC_MINOR__ < 407 +# define YY_IGNORE_MAYBE_UNINITIALIZED_BEGIN \ + _Pragma ("GCC diagnostic push") \ + _Pragma ("GCC diagnostic ignored \"-Wuninitialized\"") +# else +# define YY_IGNORE_MAYBE_UNINITIALIZED_BEGIN \ _Pragma ("GCC diagnostic push") \ _Pragma ("GCC diagnostic ignored \"-Wuninitialized\"") \ _Pragma ("GCC diagnostic ignored \"-Wmaybe-uninitialized\"") +# endif # define YY_IGNORE_MAYBE_UNINITIALIZED_END \ _Pragma ("GCC diagnostic pop") #else @@ -776,19 +805,19 @@ /* YYFINAL -- State number of the termination state. */ #define YYFINAL 88 /* YYLAST -- Last index in YYTABLE. */ -#define YYLAST 320 +#define YYLAST 321 /* YYNTOKENS -- Number of terminals. */ -#define YYNTOKENS 62 +#define YYNTOKENS 64 /* YYNNTS -- Number of nonterminals. */ #define YYNNTS 54 /* YYNRULES -- Number of rules. */ -#define YYNRULES 149 +#define YYNRULES 151 /* YYNSTATES -- Number of states. */ -#define YYNSTATES 248 +#define YYNSTATES 250 /* YYMAXUTOK -- Last valid token kind. */ -#define YYMAXUTOK 307 +#define YYMAXUTOK 309 /* YYTRANSLATE(TOKEN-NUM) -- Symbol number corresponding to TOKEN-NUM @@ -803,12 +832,12 @@ static const yytype_int8 yytranslate[] = { 0, 2, 2, 2, 2, 2, 2, 2, 2, 2, - 45, 2, 2, 2, 2, 2, 2, 2, 2, 2, + 47, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, - 2, 2, 2, 40, 2, 2, 2, 2, 2, 2, - 43, 44, 2, 41, 39, 42, 2, 2, 2, 2, - 2, 2, 2, 2, 2, 2, 2, 2, 37, 2, - 2, 38, 2, 2, 2, 2, 2, 2, 2, 2, + 2, 2, 2, 42, 2, 2, 2, 2, 2, 2, + 45, 46, 2, 43, 41, 44, 2, 2, 2, 2, + 2, 2, 2, 2, 2, 2, 2, 2, 39, 2, + 2, 40, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, @@ -831,29 +860,30 @@ 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, - 35, 36, 46, 47, 48, 49, 50, 51, 52, 53, - 54, 55, 56, 57, 58, 59, 60, 61 + 35, 36, 37, 38, 48, 49, 50, 51, 52, 53, + 54, 55, 56, 57, 58, 59, 60, 61, 62, 63 }; #if YYDEBUG - /* YYRLINE[YYN] -- Source line where rule number YYN was defined. */ +/* YYRLINE[YYN] -- Source line where rule number YYN was defined. */ static const yytype_int16 yyrline[] = { - 0, 192, 192, 195, 198, 199, 202, 205, 208, 215, - 222, 228, 231, 234, 237, 240, 244, 248, 252, 256, - 262, 265, 271, 274, 280, 281, 287, 294, 301, 308, - 315, 324, 325, 329, 335, 349, 353, 359, 366, 373, - 380, 387, 396, 397, 456, 511, 518, 525, 532, 541, - 542, 548, 551, 572, 576, 582, 594, 606, 611, 615, - 620, 625, 630, 634, 639, 642, 647, 662, 671, 680, - 689, 706, 707, 708, 709, 710, 711, 712, 713, 714, - 715, 718, 724, 727, 731, 735, 743, 751, 762, 768, - 774, 780, 788, 791, 794, 797, 800, 803, 806, 809, - 812, 815, 818, 821, 824, 827, 830, 835, 842, 849, - 865, 866, 869, 869, 879, 882, 883, 889, 890, 893, - 893, 903, 906, 907, 913, 914, 917, 917, 927, 930, - 931, 934, 934, 944, 947, 948, 954, 958, 964, 971, - 978, 985, 992, 1001, 1002, 1008, 1012, 1018, 1025, 1032 + 0, 197, 197, 200, 203, 204, 207, 210, 213, 222, + 231, 237, 240, 243, 246, 249, 253, 257, 261, 265, + 271, 274, 280, 283, 289, 290, 297, 306, 315, 325, + 335, 347, 348, 353, 359, 376, 380, 386, 395, 403, + 412, 421, 432, 433, 495, 561, 570, 579, 588, 599, + 600, 607, 610, 624, 628, 634, 650, 666, 671, 675, + 680, 685, 690, 694, 699, 702, 707, 723, 734, 746, + 757, 775, 776, 777, 778, 779, 780, 781, 782, 783, + 784, 787, 793, 796, 801, 806, 815, 824, 836, 843, + 850, 857, 866, 869, 872, 875, 878, 881, 884, 887, + 890, 893, 896, 899, 902, 905, 908, 911, 914, 919, + 933, 942, 965, 966, 969, 969, 981, 984, 985, 992, + 993, 996, 996, 1008, 1011, 1012, 1019, 1020, 1023, 1023, + 1035, 1038, 1039, 1042, 1042, 1054, 1057, 1058, 1065, 1069, + 1075, 1084, 1092, 1101, 1110, 1121, 1122, 1129, 1133, 1139, + 1148, 1156 }; #endif @@ -874,22 +904,22 @@ "INCLUDE", "INCLUDEDIR", "DEFAULTS", "DEFAULTS_HOST", "DEFAULTS_USER", "DEFAULTS_RUNAS", "DEFAULTS_CMND", "NOPASSWD", "PASSWD", "NOEXEC", "EXEC", "SETENV", "NOSETENV", "LOG_INPUT", "NOLOG_INPUT", "LOG_OUTPUT", - "NOLOG_OUTPUT", "MAIL", "NOMAIL", "FOLLOWLNK", "NOFOLLOWLNK", "ALL", - "HOSTALIAS", "CMNDALIAS", "USERALIAS", "RUNASALIAS", "':'", "'='", "','", - "'!'", "'+'", "'-'", "'('", "')'", "'\\n'", "ERROR", "NOMATCH", "CHROOT", - "CWD", "TYPE", "ROLE", "PRIVS", "LIMITPRIVS", "CMND_TIMEOUT", - "NOTBEFORE", "NOTAFTER", "MYSELF", "SHA224_TOK", "SHA256_TOK", - "SHA384_TOK", "SHA512_TOK", "$accept", "file", "line", "entry", - "include", "includedir", "defaults_list", "defaults_entry", "privileges", - "privilege", "ophost", "host", "cmndspeclist", "cmndspec", "digestspec", - "digestlist", "digcmnd", "opcmnd", "chdirspec", "chrootspec", - "timeoutspec", "notbeforespec", "notafterspec", "rolespec", "typespec", - "privsspec", "limitprivsspec", "runasspec", "runaslist", "reserved_word", - "reserved_alias", "options", "cmndtag", "cmnd", "hostaliases", - "hostalias", "$@1", "hostlist", "cmndaliases", "cmndalias", "$@2", - "cmndlist", "runasaliases", "runasalias", "$@3", "useraliases", - "useralias", "$@4", "userlist", "opuser", "user", "grouplist", "opgroup", - "group", YY_NULLPTR + "NOLOG_OUTPUT", "MAIL", "NOMAIL", "FOLLOWLNK", "NOFOLLOWLNK", + "INTERCEPT", "NOINTERCEPT", "ALL", "HOSTALIAS", "CMNDALIAS", "USERALIAS", + "RUNASALIAS", "':'", "'='", "','", "'!'", "'+'", "'-'", "'('", "')'", + "'\\n'", "ERROR", "NOMATCH", "CHROOT", "CWD", "TYPE", "ROLE", "PRIVS", + "LIMITPRIVS", "CMND_TIMEOUT", "NOTBEFORE", "NOTAFTER", "MYSELF", + "SHA224_TOK", "SHA256_TOK", "SHA384_TOK", "SHA512_TOK", "$accept", + "file", "line", "entry", "include", "includedir", "defaults_list", + "defaults_entry", "privileges", "privilege", "ophost", "host", + "cmndspeclist", "cmndspec", "digestspec", "digestlist", "digcmnd", + "opcmnd", "chdirspec", "chrootspec", "timeoutspec", "notbeforespec", + "notafterspec", "rolespec", "typespec", "privsspec", "limitprivsspec", + "runasspec", "runaslist", "reserved_word", "reserved_alias", "options", + "cmndtag", "cmnd", "hostaliases", "hostalias", "$@1", "hostlist", + "cmndaliases", "cmndalias", "$@2", "cmndlist", "runasaliases", + "runasalias", "$@3", "useraliases", "useralias", "$@4", "userlist", + "opuser", "user", "grouplist", "opgroup", "group", YY_NULLPTR }; static const char * @@ -899,21 +929,6 @@ } #endif -#ifdef YYPRINT -/* YYTOKNUM[NUM] -- (External) token number corresponding to the - (internal) symbol number NUM (which must be that of a token). */ -static const yytype_int16 yytoknum[] = -{ - 0, 256, 257, 258, 259, 260, 261, 262, 263, 264, - 265, 266, 267, 268, 269, 270, 271, 272, 273, 274, - 275, 276, 277, 278, 279, 280, 281, 282, 283, 284, - 285, 286, 287, 288, 289, 290, 291, 58, 61, 44, - 33, 43, 45, 40, 41, 10, 292, 293, 294, 295, - 296, 297, 298, 299, 300, 301, 302, 303, 304, 305, - 306, 307 -}; -#endif - #define YYPACT_NINF (-114) #define yypact_value_is_default(Yyn) \ @@ -924,84 +939,84 @@ #define yytable_value_is_error(Yyn) \ 0 - /* YYPACT[STATE-NUM] -- Index in YYTABLE of the portion describing - STATE-NUM. */ +/* YYPACT[STATE-NUM] -- Index in YYTABLE of the portion describing + STATE-NUM. */ static const yytype_int16 yypact[] = { - 178, -11, -114, -114, -114, -114, 27, 44, 9, 240, - 148, 148, 6, -114, 31, 40, 112, 121, 193, -114, - 75, 220, -114, -114, -114, 95, -114, -114, -114, 10, - 11, 16, 73, 32, -114, -114, -114, -114, -114, -114, - 255, -114, -114, 8, 12, 12, -114, -114, -114, 106, - 63, 70, 74, 89, -114, 66, -114, -114, -114, 34, + 169, 13, -114, -114, -114, -114, 70, 87, 9, 237, + 249, 249, 6, -114, 37, 48, 74, 110, 184, -114, + 120, 213, -114, -114, -114, 227, -114, -114, -114, 10, + 11, 41, 102, 18, -114, -114, -114, -114, -114, -114, + 268, -114, -114, 8, 32, 32, -114, -114, -114, 52, + 83, 94, 98, 99, -114, 12, -114, -114, -114, 104, -114, -114, -114, -114, -114, -114, -114, -114, -114, -114, - -114, -114, 107, 77, -114, -114, 120, 83, -114, -114, - 143, 87, -114, -114, 158, 92, -114, -114, -114, -114, - 148, 105, -114, 145, 88, -114, 102, -114, 189, 190, - 197, -114, 9, -114, -114, 240, 91, 101, 104, -114, - 198, 206, 207, 212, 209, -114, 6, 170, 169, 240, - 31, -114, 188, 6, 40, -114, 192, 148, 112, -114, - 201, 148, 121, -114, -114, 36, -114, 202, -114, -114, + -114, -114, 113, 100, -114, -114, 115, 132, -114, -114, + 116, 176, -114, -114, 117, 198, -114, -114, -114, -114, + 249, 215, -114, -23, 93, -114, 95, -114, 163, 165, + 166, -114, 9, -114, -114, 237, 29, 36, 111, -114, + 177, 179, 180, 199, 224, -114, 6, 235, 168, 237, + 37, -114, 170, 6, 48, -114, 172, 249, 74, -114, + 192, 249, 110, -114, -114, 38, -114, 174, -114, -114, -114, -114, -114, -114, -114, -114, -114, -114, -114, -114, - -114, -114, -114, -114, -114, 240, 211, -114, 6, 218, - -114, 148, 219, -114, 148, 219, -114, -114, -114, 234, - 224, -114, -114, 211, 218, 219, 219, 99, 196, -21, - 202, 241, -114, -114, -114, 109, 236, -114, -114, -114, - 99, -114, 210, 213, 235, 238, 239, 243, 244, 245, - 246, -114, -114, -114, -114, -114, -114, -114, -114, -114, - 1, -114, 99, 236, 269, 270, 276, 277, 279, 289, - 290, 291, 292, -114, -114, -114, -114, -114, -114, -114, + -114, -114, -114, -114, -114, 237, 201, -114, 6, 211, + -114, 249, 218, -114, 249, 218, -114, -114, -114, 231, + 222, -114, -114, 201, 211, 218, 218, 107, 220, -3, + 174, 144, -114, -114, -114, 109, 223, -114, -114, -114, + 107, -114, 238, 240, 241, 248, 250, 252, 253, 254, + 255, -114, -114, -114, -114, -114, -114, -114, -114, -114, + 1, -114, 107, 223, 258, 280, 287, 288, 289, 290, + 291, 292, 294, -114, -114, -114, -114, -114, -114, -114, -114, -114, -114, -114, -114, -114, -114, -114, -114, -114, - -114, -114, -114, -114, -114, -114, -114, -114 + -114, -114, -114, -114, -114, -114, -114, -114, -114, -114 }; - /* YYDEFACT[STATE-NUM] -- Default reduction number in state STATE-NUM. - Performed when YYTABLE does not specify something else to do. Zero - means the default is an error. */ +/* YYDEFACT[STATE-NUM] -- Default reduction number in state STATE-NUM. + Performed when YYTABLE does not specify something else to do. Zero + means the default is an error. */ static const yytype_uint8 yydefact[] = { - 0, 0, 138, 140, 141, 142, 0, 0, 0, 0, - 0, 0, 0, 139, 0, 0, 0, 0, 0, 6, - 0, 0, 4, 8, 9, 0, 134, 136, 7, 0, + 0, 0, 140, 142, 143, 144, 0, 0, 0, 0, + 0, 0, 0, 141, 0, 0, 0, 0, 0, 6, + 0, 0, 4, 8, 9, 0, 136, 138, 7, 0, 0, 26, 0, 0, 24, 37, 40, 39, 41, 38, - 0, 115, 35, 0, 0, 0, 109, 108, 107, 0, - 0, 0, 0, 0, 49, 0, 122, 51, 53, 0, - 112, 71, 72, 73, 78, 77, 79, 80, 74, 75, - 76, 81, 0, 0, 110, 119, 0, 0, 117, 131, - 0, 0, 129, 126, 0, 0, 124, 137, 1, 5, + 0, 117, 35, 0, 0, 0, 111, 110, 109, 0, + 0, 0, 0, 0, 49, 0, 124, 51, 53, 0, + 114, 71, 72, 73, 78, 77, 79, 80, 74, 75, + 76, 81, 0, 0, 112, 121, 0, 0, 119, 133, + 0, 0, 131, 128, 0, 0, 126, 139, 1, 5, 0, 0, 31, 0, 0, 20, 0, 22, 0, 0, 0, 27, 0, 15, 36, 0, 0, 0, 0, 54, 0, 0, 0, 0, 0, 52, 0, 0, 0, 0, 0, 12, 0, 0, 0, 13, 0, 0, 0, 11, - 0, 0, 0, 14, 135, 0, 10, 64, 21, 23, - 28, 29, 30, 25, 116, 18, 16, 17, 45, 46, - 47, 48, 50, 123, 19, 0, 114, 111, 0, 121, - 118, 0, 133, 130, 0, 128, 125, 33, 32, 66, - 34, 42, 82, 113, 120, 132, 127, 70, 0, 67, - 64, 92, 147, 149, 148, 0, 69, 143, 145, 65, + 0, 0, 0, 14, 137, 0, 10, 64, 21, 23, + 28, 29, 30, 25, 118, 18, 16, 17, 45, 46, + 47, 48, 50, 125, 19, 0, 116, 113, 0, 123, + 120, 0, 135, 132, 0, 130, 127, 33, 32, 66, + 34, 42, 82, 115, 122, 134, 129, 70, 0, 67, + 64, 92, 149, 151, 150, 0, 69, 145, 147, 65, 0, 43, 0, 0, 0, 0, 0, 0, 0, 0, 0, 83, 84, 87, 85, 86, 88, 89, 90, 91, - 0, 146, 0, 68, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 93, 94, 95, 96, 97, 98, 99, - 100, 101, 102, 105, 106, 103, 104, 44, 144, 56, - 55, 61, 60, 62, 63, 57, 58, 59 + 0, 148, 0, 68, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 93, 94, 95, 96, 99, 100, 101, + 102, 103, 104, 107, 108, 105, 106, 97, 98, 44, + 146, 56, 55, 61, 60, 62, 63, 57, 58, 59 }; - /* YYPGOTO[NTERM-NUM]. */ +/* YYPGOTO[NTERM-NUM]. */ static const yytype_int16 yypgoto[] = { - -114, -114, -114, 281, -114, -114, 160, 203, -114, 168, - 199, 266, -114, 127, 194, -114, -113, 254, -114, -114, + -114, -114, -114, 283, -114, -114, 91, 203, -114, 171, + 202, 269, -114, 128, 196, -114, -113, 256, -114, -114, -114, -114, -114, -114, -114, -114, -114, -114, -114, -114, - -9, -114, -114, 261, -114, 191, -114, -7, -114, 195, - -114, -108, -114, 180, -114, -114, 185, -114, -10, 225, - 296, 126, 108, 132 + -9, -114, -114, 263, -114, 193, -114, -7, -114, 190, + -114, -48, -114, 183, -114, -114, 188, -114, -10, 228, + 299, 129, 108, 136 }; - /* YYDEFGOTO[NTERM-NUM]. */ -static const yytype_int16 yydefgoto[] = +/* YYDEFGOTO[NTERM-NUM]. */ +static const yytype_uint8 yydefgoto[] = { - -1, 20, 21, 22, 23, 24, 33, 34, 91, 92, + 0, 20, 21, 22, 23, 24, 33, 34, 91, 92, 41, 42, 170, 171, 54, 55, 56, 57, 201, 202, 203, 204, 205, 206, 207, 208, 209, 172, 178, 71, 72, 181, 210, 58, 73, 74, 118, 93, 77, 78, @@ -1009,135 +1024,136 @@ 27, 186, 187, 188 }; - /* YYTABLE[YYPACT[STATE-NUM]] -- What to do in state STATE-NUM. If - positive, shift that token. If negative, reduce the rule whose - number is the opposite. If YYTABLE_NINF, syntax error. */ +/* YYTABLE[YYPACT[STATE-NUM]] -- What to do in state STATE-NUM. If + positive, shift that token. If negative, reduce the rule whose + number is the opposite. If YYTABLE_NINF, syntax error. */ static const yytype_int16 yytable[] = { 44, 45, 43, 153, 46, 47, 76, 80, 84, 46, - 47, 94, 96, 31, 31, 159, 190, 31, 90, 223, + 47, 94, 96, 31, 31, 46, 47, 137, 105, 223, 224, 225, 226, 227, 228, 229, 230, 231, 232, 233, - 234, 235, 236, 48, 28, 60, 29, 167, 48, 31, - 35, 49, 36, 37, 75, 38, 49, 105, 32, 32, - 174, 90, 32, 30, 98, 95, 97, 99, 100, 50, - 51, 52, 53, 61, 50, 51, 52, 53, 39, 46, - 47, 102, 61, 116, 32, 88, 40, 103, 101, 62, - 63, 64, 65, 66, 67, 68, 69, 70, 62, 63, - 64, 65, 66, 67, 68, 69, 70, 237, 48, 35, - 110, 36, 37, 182, 38, 114, 49, 111, 183, 46, - 47, 112, 156, 182, 120, 76, 79, 162, 183, 80, - 124, 165, 121, 84, 128, 83, 113, 39, 125, 132, - 102, 184, 129, 138, 90, 40, 145, 133, 48, 185, - 102, 184, 135, 102, 61, 119, 146, 139, 173, 147, - 136, 175, 2, 61, 176, 3, 4, 5, 123, 179, - 62, 63, 64, 65, 66, 67, 68, 69, 70, 62, - 63, 64, 65, 66, 67, 68, 69, 70, -2, 1, - 13, 127, 2, 137, 105, 3, 4, 5, 18, 6, - 7, 8, 9, 10, 11, 12, 131, 2, 140, 141, - 3, 4, 5, 106, 107, 108, 142, 155, 148, 102, - 13, 14, 15, 16, 17, 154, 149, 150, 18, 117, - -3, 1, 151, 19, 2, 13, 158, 3, 4, 5, - 161, 6, 7, 8, 9, 10, 11, 12, 2, 164, - 189, 3, 4, 5, 35, 169, 36, 37, 214, 38, - 105, 215, 13, 14, 15, 16, 17, 116, 90, 35, - 18, 36, 37, 180, 38, 19, 13, 50, 51, 52, - 53, 177, 39, 216, 18, 212, 217, 218, 239, 240, - 40, 219, 220, 221, 222, 241, 242, 39, 243, 192, - 193, 194, 195, 196, 197, 198, 199, 200, 244, 245, - 246, 247, 89, 168, 144, 143, 104, 191, 152, 115, - 109, 157, 166, 163, 87, 134, 213, 211, 0, 160, - 238 + 234, 235, 236, 237, 238, 48, 190, 31, 90, 167, + 48, 60, 35, 49, 36, 37, 48, 38, 49, 105, + 32, 32, 75, 114, 49, 46, 47, 95, 97, 102, + 28, 50, 51, 52, 53, 103, 50, 51, 52, 53, + 102, 61, 39, 90, 32, 159, 145, 102, 79, 29, + 40, 98, 61, 146, 99, 100, 48, 62, 63, 64, + 65, 66, 67, 68, 69, 70, 30, 239, 62, 63, + 64, 65, 66, 67, 68, 69, 70, 101, 61, 31, + 174, 182, 156, 182, 83, 76, 183, 162, 183, 80, + 88, 165, 110, 84, 62, 63, 64, 65, 66, 67, + 68, 69, 70, 111, 106, 107, 108, 112, 113, 120, + 138, 184, 139, 184, 61, 116, 32, 121, 173, 185, + 117, 175, 102, 119, 176, 123, 127, 131, 147, 179, + 62, 63, 64, 65, 66, 67, 68, 69, 70, -2, + 1, 124, 140, 2, 141, 142, 3, 4, 5, 125, + 6, 7, 8, 9, 10, 11, 12, 148, 2, 149, + 150, 3, 4, 5, 192, 193, 194, 195, 196, 197, + 198, 199, 200, 13, 14, 15, 16, 17, 155, 151, + 158, 18, 161, -3, 1, 128, 19, 2, 13, 169, + 3, 4, 5, 129, 6, 7, 8, 9, 10, 11, + 12, 35, 164, 36, 37, 2, 38, 132, 3, 4, + 5, 35, 105, 36, 37, 133, 38, 13, 14, 15, + 16, 17, 116, 2, 135, 18, 3, 4, 5, 90, + 19, 39, 136, 180, 212, 13, 189, 241, 90, 40, + 177, 39, 35, 18, 36, 37, 102, 38, 214, 40, + 215, 216, 154, 13, 50, 51, 52, 53, 217, 242, + 218, 18, 219, 220, 221, 222, 243, 244, 245, 246, + 247, 248, 39, 249, 89, 143, 168, 144, 191, 104, + 152, 115, 109, 157, 160, 166, 163, 87, 134, 213, + 240, 211 }; -static const yytype_int16 yycheck[] = +static const yytype_uint8 yycheck[] = { 10, 11, 9, 116, 3, 4, 15, 16, 17, 3, - 4, 1, 1, 5, 5, 123, 37, 5, 39, 18, + 4, 1, 1, 5, 5, 3, 4, 40, 41, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, - 29, 30, 31, 32, 45, 4, 9, 1, 32, 5, - 4, 40, 6, 7, 4, 9, 40, 39, 40, 40, - 158, 39, 40, 9, 38, 45, 45, 41, 42, 58, - 59, 60, 61, 32, 58, 59, 60, 61, 32, 3, - 4, 39, 32, 39, 40, 0, 40, 45, 5, 48, - 49, 50, 51, 52, 53, 54, 55, 56, 48, 49, - 50, 51, 52, 53, 54, 55, 56, 210, 32, 4, - 37, 6, 7, 4, 9, 39, 40, 37, 9, 3, - 4, 37, 119, 4, 37, 124, 4, 127, 9, 128, - 37, 131, 45, 132, 37, 4, 37, 32, 45, 37, - 39, 32, 45, 45, 39, 40, 45, 45, 32, 40, - 39, 32, 37, 39, 32, 38, 45, 45, 155, 45, - 45, 161, 4, 32, 164, 7, 8, 9, 38, 169, - 48, 49, 50, 51, 52, 53, 54, 55, 56, 48, - 49, 50, 51, 52, 53, 54, 55, 56, 0, 1, - 32, 38, 4, 38, 39, 7, 8, 9, 40, 11, - 12, 13, 14, 15, 16, 17, 38, 4, 9, 9, - 7, 8, 9, 43, 44, 45, 9, 38, 10, 39, - 32, 33, 34, 35, 36, 45, 10, 10, 40, 59, - 0, 1, 10, 45, 4, 32, 38, 7, 8, 9, - 38, 11, 12, 13, 14, 15, 16, 17, 4, 38, - 44, 7, 8, 9, 4, 43, 6, 7, 38, 9, - 39, 38, 32, 33, 34, 35, 36, 39, 39, 4, - 40, 6, 7, 39, 9, 45, 32, 58, 59, 60, - 61, 37, 32, 38, 40, 39, 38, 38, 9, 9, - 40, 38, 38, 38, 38, 9, 9, 32, 9, 48, - 49, 50, 51, 52, 53, 54, 55, 56, 9, 9, - 9, 9, 21, 135, 105, 102, 40, 180, 114, 55, - 49, 120, 132, 128, 18, 90, 190, 185, -1, 124, - 212 + 29, 30, 31, 32, 33, 34, 39, 5, 41, 1, + 34, 4, 4, 42, 6, 7, 34, 9, 42, 41, + 42, 42, 4, 41, 42, 3, 4, 47, 47, 41, + 47, 60, 61, 62, 63, 47, 60, 61, 62, 63, + 41, 34, 34, 41, 42, 123, 47, 41, 4, 9, + 42, 40, 34, 47, 43, 44, 34, 50, 51, 52, + 53, 54, 55, 56, 57, 58, 9, 210, 50, 51, + 52, 53, 54, 55, 56, 57, 58, 5, 34, 5, + 158, 4, 119, 4, 4, 124, 9, 127, 9, 128, + 0, 131, 39, 132, 50, 51, 52, 53, 54, 55, + 56, 57, 58, 39, 43, 44, 45, 39, 39, 39, + 47, 34, 47, 34, 34, 41, 42, 47, 155, 42, + 59, 161, 41, 40, 164, 40, 40, 40, 47, 169, + 50, 51, 52, 53, 54, 55, 56, 57, 58, 0, + 1, 39, 9, 4, 9, 9, 7, 8, 9, 47, + 11, 12, 13, 14, 15, 16, 17, 10, 4, 10, + 10, 7, 8, 9, 50, 51, 52, 53, 54, 55, + 56, 57, 58, 34, 35, 36, 37, 38, 40, 10, + 40, 42, 40, 0, 1, 39, 47, 4, 34, 45, + 7, 8, 9, 47, 11, 12, 13, 14, 15, 16, + 17, 4, 40, 6, 7, 4, 9, 39, 7, 8, + 9, 4, 41, 6, 7, 47, 9, 34, 35, 36, + 37, 38, 41, 4, 39, 42, 7, 8, 9, 41, + 47, 34, 47, 41, 41, 34, 46, 9, 41, 42, + 39, 34, 4, 42, 6, 7, 41, 9, 40, 42, + 40, 40, 47, 34, 60, 61, 62, 63, 40, 9, + 40, 42, 40, 40, 40, 40, 9, 9, 9, 9, + 9, 9, 34, 9, 21, 102, 135, 105, 180, 40, + 114, 55, 49, 120, 124, 132, 128, 18, 90, 190, + 212, 185 }; - /* YYSTOS[STATE-NUM] -- The (internal number of the) accessing - symbol of state STATE-NUM. */ +/* YYSTOS[STATE-NUM] -- The symbol kind of the accessing symbol of + state STATE-NUM. */ static const yytype_int8 yystos[] = { 0, 1, 4, 7, 8, 9, 11, 12, 13, 14, - 15, 16, 17, 32, 33, 34, 35, 36, 40, 45, - 63, 64, 65, 66, 67, 110, 111, 112, 45, 9, - 9, 5, 40, 68, 69, 4, 6, 7, 9, 32, - 40, 72, 73, 99, 110, 110, 3, 4, 32, 40, - 58, 59, 60, 61, 76, 77, 78, 79, 95, 103, - 4, 32, 48, 49, 50, 51, 52, 53, 54, 55, - 56, 91, 92, 96, 97, 4, 92, 100, 101, 4, - 92, 107, 108, 4, 92, 104, 105, 112, 0, 65, - 39, 70, 71, 99, 1, 45, 1, 45, 38, 41, - 42, 5, 39, 45, 73, 39, 68, 68, 68, 95, - 37, 37, 37, 37, 39, 79, 39, 68, 98, 38, - 37, 45, 102, 38, 37, 45, 109, 38, 37, 45, - 106, 38, 37, 45, 111, 37, 45, 38, 45, 45, - 9, 9, 9, 69, 72, 45, 45, 45, 10, 10, - 10, 10, 76, 78, 45, 38, 99, 97, 38, 103, - 101, 38, 110, 108, 38, 110, 105, 1, 71, 43, - 74, 75, 89, 99, 103, 110, 110, 37, 90, 110, - 39, 93, 4, 9, 32, 40, 113, 114, 115, 44, - 37, 75, 48, 49, 50, 51, 52, 53, 54, 55, - 56, 80, 81, 82, 83, 84, 85, 86, 87, 88, - 94, 115, 39, 113, 38, 38, 38, 38, 38, 38, - 38, 38, 38, 18, 19, 20, 21, 22, 23, 24, - 25, 26, 27, 28, 29, 30, 31, 78, 114, 9, - 9, 9, 9, 9, 9, 9, 9, 9 + 15, 16, 17, 34, 35, 36, 37, 38, 42, 47, + 65, 66, 67, 68, 69, 112, 113, 114, 47, 9, + 9, 5, 42, 70, 71, 4, 6, 7, 9, 34, + 42, 74, 75, 101, 112, 112, 3, 4, 34, 42, + 60, 61, 62, 63, 78, 79, 80, 81, 97, 105, + 4, 34, 50, 51, 52, 53, 54, 55, 56, 57, + 58, 93, 94, 98, 99, 4, 94, 102, 103, 4, + 94, 109, 110, 4, 94, 106, 107, 114, 0, 67, + 41, 72, 73, 101, 1, 47, 1, 47, 40, 43, + 44, 5, 41, 47, 75, 41, 70, 70, 70, 97, + 39, 39, 39, 39, 41, 81, 41, 70, 100, 40, + 39, 47, 104, 40, 39, 47, 111, 40, 39, 47, + 108, 40, 39, 47, 113, 39, 47, 40, 47, 47, + 9, 9, 9, 71, 74, 47, 47, 47, 10, 10, + 10, 10, 78, 80, 47, 40, 101, 99, 40, 105, + 103, 40, 112, 110, 40, 112, 107, 1, 73, 45, + 76, 77, 91, 101, 105, 112, 112, 39, 92, 112, + 41, 95, 4, 9, 34, 42, 115, 116, 117, 46, + 39, 77, 50, 51, 52, 53, 54, 55, 56, 57, + 58, 82, 83, 84, 85, 86, 87, 88, 89, 90, + 96, 117, 41, 115, 40, 40, 40, 40, 40, 40, + 40, 40, 40, 18, 19, 20, 21, 22, 23, 24, + 25, 26, 27, 28, 29, 30, 31, 32, 33, 80, + 116, 9, 9, 9, 9, 9, 9, 9, 9, 9 }; - /* YYR1[YYN] -- Symbol number of symbol that rule YYN derives. */ +/* YYR1[RULE-NUM] -- Symbol kind of the left-hand side of rule RULE-NUM. */ static const yytype_int8 yyr1[] = { - 0, 62, 63, 63, 64, 64, 65, 65, 65, 65, - 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, - 66, 66, 67, 67, 68, 68, 69, 69, 69, 69, - 69, 70, 70, 70, 71, 72, 72, 73, 73, 73, - 73, 73, 74, 74, 75, 76, 76, 76, 76, 77, - 77, 78, 78, 79, 79, 80, 81, 82, 83, 84, - 85, 86, 87, 88, 89, 89, 90, 90, 90, 90, - 90, 91, 91, 91, 91, 91, 91, 91, 91, 91, - 91, 92, 93, 93, 93, 93, 93, 93, 93, 93, - 93, 93, 94, 94, 94, 94, 94, 94, 94, 94, - 94, 94, 94, 94, 94, 94, 94, 95, 95, 95, - 96, 96, 98, 97, 97, 99, 99, 100, 100, 102, - 101, 101, 103, 103, 104, 104, 106, 105, 105, 107, - 107, 109, 108, 108, 110, 110, 111, 111, 112, 112, - 112, 112, 112, 113, 113, 114, 114, 115, 115, 115 + 0, 64, 65, 65, 66, 66, 67, 67, 67, 67, + 67, 67, 67, 67, 67, 67, 67, 67, 67, 67, + 68, 68, 69, 69, 70, 70, 71, 71, 71, 71, + 71, 72, 72, 72, 73, 74, 74, 75, 75, 75, + 75, 75, 76, 76, 77, 78, 78, 78, 78, 79, + 79, 80, 80, 81, 81, 82, 83, 84, 85, 86, + 87, 88, 89, 90, 91, 91, 92, 92, 92, 92, + 92, 93, 93, 93, 93, 93, 93, 93, 93, 93, + 93, 94, 95, 95, 95, 95, 95, 95, 95, 95, + 95, 95, 96, 96, 96, 96, 96, 96, 96, 96, + 96, 96, 96, 96, 96, 96, 96, 96, 96, 97, + 97, 97, 98, 98, 100, 99, 99, 101, 101, 102, + 102, 104, 103, 103, 105, 105, 106, 106, 108, 107, + 107, 109, 109, 111, 110, 110, 112, 112, 113, 113, + 114, 114, 114, 114, 114, 115, 115, 116, 116, 117, + 117, 117 }; - /* YYR2[YYN] -- Number of symbols on the right hand side of rule YYN. */ +/* YYR2[RULE-NUM] -- Number of symbols on the right-hand side of rule RULE-NUM. */ static const yytype_int8 yyr2[] = { 0, 2, 0, 1, 1, 2, 1, 2, 1, 1, @@ -1150,11 +1166,12 @@ 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 0, 2, 2, 2, 2, 2, 2, 2, 2, 2, 0, 2, 2, 2, 2, 2, 2, 2, - 2, 2, 2, 2, 2, 2, 2, 1, 1, 1, - 1, 3, 0, 4, 3, 1, 3, 1, 3, 0, - 4, 3, 1, 3, 1, 3, 0, 4, 3, 1, - 3, 0, 4, 3, 1, 3, 1, 2, 1, 1, - 1, 1, 1, 1, 3, 1, 2, 1, 1, 1 + 2, 2, 2, 2, 2, 2, 2, 2, 2, 1, + 1, 1, 1, 3, 0, 4, 3, 1, 3, 1, + 3, 0, 4, 3, 1, 3, 1, 3, 0, 4, + 3, 1, 3, 0, 4, 3, 1, 3, 1, 2, + 1, 1, 1, 1, 1, 1, 3, 1, 2, 1, + 1, 1 }; @@ -1166,6 +1183,7 @@ #define YYACCEPT goto yyacceptlab #define YYABORT goto yyabortlab #define YYERROR goto yyerrorlab +#define YYNOMEM goto yyexhaustedlab #define YYRECOVERING() (!!yyerrstatus) @@ -1206,10 +1224,7 @@ YYFPRINTF Args; \ } while (0) -/* This macro is provided for backward compatibility. */ -# ifndef YY_LOCATION_PRINT -# define YY_LOCATION_PRINT(File, Loc) ((void) 0) -# endif + # define YY_SYMBOL_PRINT(Title, Kind, Value, Location) \ @@ -1233,15 +1248,11 @@ yysymbol_kind_t yykind, YYSTYPE const * const yyvaluep) { FILE *yyoutput = yyo; - YYUSE (yyoutput); + YY_USE (yyoutput); if (!yyvaluep) return; -# ifdef YYPRINT - if (yykind < YYNTOKENS) - YYPRINT (yyo, yytoknum[yykind], *yyvaluep); -# endif YY_IGNORE_MAYBE_UNINITIALIZED_BEGIN - YYUSE (yykind); + YY_USE (yykind); YY_IGNORE_MAYBE_UNINITIALIZED_END } @@ -1355,13 +1366,13 @@ yydestruct (const char *yymsg, yysymbol_kind_t yykind, YYSTYPE *yyvaluep) { - YYUSE (yyvaluep); + YY_USE (yyvaluep); if (!yymsg) yymsg = "Deleting"; YY_SYMBOL_PRINT (yymsg, yykind, yyvaluep, yylocationp); YY_IGNORE_MAYBE_UNINITIALIZED_BEGIN - YYUSE (yykind); + YY_USE (yykind); YY_IGNORE_MAYBE_UNINITIALIZED_END } @@ -1424,6 +1435,7 @@ YYDPRINTF ((stderr, "Starting parse\n")); yychar = YYEMPTY; /* Cause a token to be read. */ + goto yysetstate; @@ -1449,7 +1461,7 @@ if (yyss + yystacksize - 1 <= yyssp) #if !defined yyoverflow && !defined YYSTACK_RELOCATE - goto yyexhaustedlab; + YYNOMEM; #else { /* Get the current used size of the three stacks, in elements. */ @@ -1477,7 +1489,7 @@ # else /* defined YYSTACK_RELOCATE */ /* Extend the stack our own way. */ if (YYMAXDEPTH <= yystacksize) - goto yyexhaustedlab; + YYNOMEM; yystacksize *= 2; if (YYMAXDEPTH < yystacksize) yystacksize = YYMAXDEPTH; @@ -1488,7 +1500,7 @@ YY_CAST (union yyalloc *, YYSTACK_ALLOC (YY_CAST (YYSIZE_T, YYSTACK_BYTES (yystacksize)))); if (! yyptr) - goto yyexhaustedlab; + YYNOMEM; YYSTACK_RELOCATE (yyss_alloc, yyss); YYSTACK_RELOCATE (yyvs_alloc, yyvs); # undef YYSTACK_RELOCATE @@ -1510,6 +1522,7 @@ } #endif /* !defined yyoverflow && !defined YYSTACK_RELOCATE */ + if (yystate == YYFINAL) YYACCEPT; @@ -1622,362 +1635,394 @@ switch (yyn) { case 2: /* file: %empty */ -#line 192 "gram.y" +#line 197 "gram.y" { ; /* empty file */ } -#line 1624 "gram.c" +#line 1637 "gram.c" break; case 6: /* entry: '\n' */ -#line 202 "gram.y" +#line 207 "gram.y" { ; /* blank line */ } -#line 1632 "gram.c" +#line 1645 "gram.c" break; case 7: /* entry: error '\n' */ -#line 205 "gram.y" +#line 210 "gram.y" { yyerrok; } -#line 1640 "gram.c" +#line 1653 "gram.c" break; case 8: /* entry: include */ -#line 208 "gram.y" +#line 213 "gram.y" { if (!push_include((yyvsp[0].string), false)) { + parser_leak_remove(LEAK_PTR, (yyvsp[0].string)); free((yyvsp[0].string)); YYERROR; } + parser_leak_remove(LEAK_PTR, (yyvsp[0].string)); free((yyvsp[0].string)); } -#line 1652 "gram.c" +#line 1667 "gram.c" break; case 9: /* entry: includedir */ -#line 215 "gram.y" +#line 222 "gram.y" { if (!push_include((yyvsp[0].string), true)) { + parser_leak_remove(LEAK_PTR, (yyvsp[0].string)); free((yyvsp[0].string)); YYERROR; } + parser_leak_remove(LEAK_PTR, (yyvsp[0].string)); free((yyvsp[0].string)); } -#line 1664 "gram.c" +#line 1681 "gram.c" break; case 10: /* entry: userlist privileges '\n' */ -#line 222 "gram.y" +#line 231 "gram.y" { if (!add_userspec((yyvsp[-2].member), (yyvsp[-1].privilege))) { sudoerserror(N_("unable to allocate memory")); YYERROR; } } -#line 1675 "gram.c" +#line 1692 "gram.c" break; case 11: /* entry: USERALIAS useraliases '\n' */ -#line 228 "gram.y" +#line 237 "gram.y" { ; } -#line 1683 "gram.c" +#line 1700 "gram.c" break; case 12: /* entry: HOSTALIAS hostaliases '\n' */ -#line 231 "gram.y" +#line 240 "gram.y" { ; } -#line 1691 "gram.c" +#line 1708 "gram.c" break; case 13: /* entry: CMNDALIAS cmndaliases '\n' */ -#line 234 "gram.y" +#line 243 "gram.y" { ; } -#line 1699 "gram.c" +#line 1716 "gram.c" break; case 14: /* entry: RUNASALIAS runasaliases '\n' */ -#line 237 "gram.y" +#line 246 "gram.y" { ; } -#line 1707 "gram.c" +#line 1724 "gram.c" break; case 15: /* entry: DEFAULTS defaults_list '\n' */ -#line 240 "gram.y" +#line 249 "gram.y" { if (!add_defaults(DEFAULTS, NULL, (yyvsp[-1].defaults))) YYERROR; } -#line 1716 "gram.c" +#line 1733 "gram.c" break; case 16: /* entry: DEFAULTS_USER userlist defaults_list '\n' */ -#line 244 "gram.y" +#line 253 "gram.y" { if (!add_defaults(DEFAULTS_USER, (yyvsp[-2].member), (yyvsp[-1].defaults))) YYERROR; } -#line 1725 "gram.c" +#line 1742 "gram.c" break; case 17: /* entry: DEFAULTS_RUNAS userlist defaults_list '\n' */ -#line 248 "gram.y" +#line 257 "gram.y" { if (!add_defaults(DEFAULTS_RUNAS, (yyvsp[-2].member), (yyvsp[-1].defaults))) YYERROR; } -#line 1734 "gram.c" +#line 1751 "gram.c" break; case 18: /* entry: DEFAULTS_HOST hostlist defaults_list '\n' */ -#line 252 "gram.y" +#line 261 "gram.y" { if (!add_defaults(DEFAULTS_HOST, (yyvsp[-2].member), (yyvsp[-1].defaults))) YYERROR; } -#line 1743 "gram.c" +#line 1760 "gram.c" break; case 19: /* entry: DEFAULTS_CMND cmndlist defaults_list '\n' */ -#line 256 "gram.y" +#line 265 "gram.y" { if (!add_defaults(DEFAULTS_CMND, (yyvsp[-2].member), (yyvsp[-1].defaults))) YYERROR; } -#line 1752 "gram.c" +#line 1769 "gram.c" break; case 20: /* include: INCLUDE WORD '\n' */ -#line 262 "gram.y" +#line 271 "gram.y" { (yyval.string) = (yyvsp[-1].string); } -#line 1760 "gram.c" +#line 1777 "gram.c" break; case 21: /* include: INCLUDE WORD error '\n' */ -#line 265 "gram.y" +#line 274 "gram.y" { yyerrok; (yyval.string) = (yyvsp[-2].string); } -#line 1769 "gram.c" +#line 1786 "gram.c" break; case 22: /* includedir: INCLUDEDIR WORD '\n' */ -#line 271 "gram.y" +#line 280 "gram.y" { (yyval.string) = (yyvsp[-1].string); } -#line 1777 "gram.c" +#line 1794 "gram.c" break; case 23: /* includedir: INCLUDEDIR WORD error '\n' */ -#line 274 "gram.y" +#line 283 "gram.y" { yyerrok; (yyval.string) = (yyvsp[-2].string); } -#line 1786 "gram.c" +#line 1803 "gram.c" break; case 25: /* defaults_list: defaults_list ',' defaults_entry */ -#line 281 "gram.y" +#line 290 "gram.y" { + parser_leak_remove(LEAK_DEFAULTS, (yyvsp[0].defaults)); HLTQ_CONCAT((yyvsp[-2].defaults), (yyvsp[0].defaults), entries); (yyval.defaults) = (yyvsp[-2].defaults); } -#line 1795 "gram.c" +#line 1813 "gram.c" break; case 26: /* defaults_entry: DEFVAR */ -#line 287 "gram.y" +#line 297 "gram.y" { (yyval.defaults) = new_default((yyvsp[0].string), NULL, true); if ((yyval.defaults) == NULL) { sudoerserror(N_("unable to allocate memory")); YYERROR; } + parser_leak_remove(LEAK_PTR, (yyvsp[0].string)); + parser_leak_add(LEAK_DEFAULTS, (yyval.defaults)); } -#line 1807 "gram.c" +#line 1827 "gram.c" break; case 27: /* defaults_entry: '!' DEFVAR */ -#line 294 "gram.y" +#line 306 "gram.y" { (yyval.defaults) = new_default((yyvsp[0].string), NULL, false); if ((yyval.defaults) == NULL) { sudoerserror(N_("unable to allocate memory")); YYERROR; } + parser_leak_remove(LEAK_PTR, (yyvsp[0].string)); + parser_leak_add(LEAK_DEFAULTS, (yyval.defaults)); } -#line 1819 "gram.c" +#line 1841 "gram.c" break; case 28: /* defaults_entry: DEFVAR '=' WORD */ -#line 301 "gram.y" +#line 315 "gram.y" { (yyval.defaults) = new_default((yyvsp[-2].string), (yyvsp[0].string), true); if ((yyval.defaults) == NULL) { sudoerserror(N_("unable to allocate memory")); YYERROR; } + parser_leak_remove(LEAK_PTR, (yyvsp[-2].string)); + parser_leak_remove(LEAK_PTR, (yyvsp[0].string)); + parser_leak_add(LEAK_DEFAULTS, (yyval.defaults)); } -#line 1831 "gram.c" +#line 1856 "gram.c" break; case 29: /* defaults_entry: DEFVAR '+' WORD */ -#line 308 "gram.y" +#line 325 "gram.y" { (yyval.defaults) = new_default((yyvsp[-2].string), (yyvsp[0].string), '+'); if ((yyval.defaults) == NULL) { sudoerserror(N_("unable to allocate memory")); YYERROR; } + parser_leak_remove(LEAK_PTR, (yyvsp[-2].string)); + parser_leak_remove(LEAK_PTR, (yyvsp[0].string)); + parser_leak_add(LEAK_DEFAULTS, (yyval.defaults)); } -#line 1843 "gram.c" +#line 1871 "gram.c" break; case 30: /* defaults_entry: DEFVAR '-' WORD */ -#line 315 "gram.y" +#line 335 "gram.y" { (yyval.defaults) = new_default((yyvsp[-2].string), (yyvsp[0].string), '-'); if ((yyval.defaults) == NULL) { sudoerserror(N_("unable to allocate memory")); YYERROR; } + parser_leak_remove(LEAK_PTR, (yyvsp[-2].string)); + parser_leak_remove(LEAK_PTR, (yyvsp[0].string)); + parser_leak_add(LEAK_DEFAULTS, (yyval.defaults)); } -#line 1855 "gram.c" +#line 1886 "gram.c" break; case 32: /* privileges: privileges ':' privilege */ -#line 325 "gram.y" +#line 348 "gram.y" { + parser_leak_remove(LEAK_PRIVILEGE, (yyvsp[0].privilege)); HLTQ_CONCAT((yyvsp[-2].privilege), (yyvsp[0].privilege), entries); (yyval.privilege) = (yyvsp[-2].privilege); } -#line 1864 "gram.c" +#line 1896 "gram.c" break; case 33: /* privileges: privileges ':' error */ -#line 329 "gram.y" +#line 353 "gram.y" { yyerrok; (yyval.privilege) = (yyvsp[-2].privilege); } -#line 1873 "gram.c" +#line 1905 "gram.c" break; case 34: /* privilege: hostlist '=' cmndspeclist */ -#line 335 "gram.y" +#line 359 "gram.y" { struct privilege *p = calloc(1, sizeof(*p)); if (p == NULL) { sudoerserror(N_("unable to allocate memory")); YYERROR; } + parser_leak_add(LEAK_PRIVILEGE, p); TAILQ_INIT(&p->defaults); + parser_leak_remove(LEAK_MEMBER, (yyvsp[-2].member)); HLTQ_TO_TAILQ(&p->hostlist, (yyvsp[-2].member), entries); + parser_leak_remove(LEAK_CMNDSPEC, (yyvsp[0].cmndspec)); HLTQ_TO_TAILQ(&p->cmndlist, (yyvsp[0].cmndspec), entries); HLTQ_INIT(p, entries); (yyval.privilege) = p; } -#line 1890 "gram.c" +#line 1925 "gram.c" break; case 35: /* ophost: host */ -#line 349 "gram.y" +#line 376 "gram.y" { (yyval.member) = (yyvsp[0].member); (yyval.member)->negated = false; } -#line 1899 "gram.c" +#line 1934 "gram.c" break; case 36: /* ophost: '!' host */ -#line 353 "gram.y" +#line 380 "gram.y" { (yyval.member) = (yyvsp[0].member); (yyval.member)->negated = true; } -#line 1908 "gram.c" +#line 1943 "gram.c" break; case 37: /* host: ALIAS */ -#line 359 "gram.y" +#line 386 "gram.y" { (yyval.member) = new_member((yyvsp[0].string), ALIAS); if ((yyval.member) == NULL) { sudoerserror(N_("unable to allocate memory")); YYERROR; } + parser_leak_remove(LEAK_PTR, (yyvsp[0].string)); + parser_leak_add(LEAK_MEMBER, (yyval.member)); } -#line 1920 "gram.c" +#line 1957 "gram.c" break; case 38: /* host: ALL */ -#line 366 "gram.y" +#line 395 "gram.y" { (yyval.member) = new_member(NULL, ALL); if ((yyval.member) == NULL) { sudoerserror(N_("unable to allocate memory")); YYERROR; } + parser_leak_add(LEAK_MEMBER, (yyval.member)); } -#line 1932 "gram.c" +#line 1970 "gram.c" break; case 39: /* host: NETGROUP */ -#line 373 "gram.y" +#line 403 "gram.y" { (yyval.member) = new_member((yyvsp[0].string), NETGROUP); if ((yyval.member) == NULL) { sudoerserror(N_("unable to allocate memory")); YYERROR; } + parser_leak_remove(LEAK_PTR, (yyvsp[0].string)); + parser_leak_add(LEAK_MEMBER, (yyval.member)); } -#line 1944 "gram.c" +#line 1984 "gram.c" break; case 40: /* host: NTWKADDR */ -#line 380 "gram.y" +#line 412 "gram.y" { (yyval.member) = new_member((yyvsp[0].string), NTWKADDR); if ((yyval.member) == NULL) { sudoerserror(N_("unable to allocate memory")); YYERROR; } + parser_leak_remove(LEAK_PTR, (yyvsp[0].string)); + parser_leak_add(LEAK_MEMBER, (yyval.member)); } -#line 1956 "gram.c" +#line 1998 "gram.c" break; case 41: /* host: WORD */ -#line 387 "gram.y" +#line 421 "gram.y" { (yyval.member) = new_member((yyvsp[0].string), WORD); if ((yyval.member) == NULL) { sudoerserror(N_("unable to allocate memory")); YYERROR; } + parser_leak_remove(LEAK_PTR, (yyvsp[0].string)); + parser_leak_add(LEAK_MEMBER, (yyval.member)); } -#line 1968 "gram.c" +#line 2012 "gram.c" break; case 43: /* cmndspeclist: cmndspeclist ',' cmndspec */ -#line 397 "gram.y" +#line 433 "gram.y" { struct cmndspec *prev; prev = HLTQ_LAST((yyvsp[-2].cmndspec), cmndspec, entries); + parser_leak_remove(LEAK_CMNDSPEC, (yyvsp[0].cmndspec)); HLTQ_CONCAT((yyvsp[-2].cmndspec), (yyvsp[0].cmndspec), entries); /* propagate runcwd and runchroot */ @@ -2012,6 +2057,8 @@ (yyvsp[0].cmndspec)->tags.nopasswd = prev->tags.nopasswd; if ((yyvsp[0].cmndspec)->tags.noexec == UNSPEC) (yyvsp[0].cmndspec)->tags.noexec = prev->tags.noexec; + if ((yyvsp[0].cmndspec)->tags.intercept == UNSPEC) + (yyvsp[0].cmndspec)->tags.intercept = prev->tags.intercept; if ((yyvsp[0].cmndspec)->tags.setenv == UNSPEC && prev->tags.setenv != IMPLIED) (yyvsp[0].cmndspec)->tags.setenv = prev->tags.setenv; @@ -2032,17 +2079,18 @@ } (yyval.cmndspec) = (yyvsp[-2].cmndspec); } -#line 2030 "gram.c" +#line 2077 "gram.c" break; case 44: /* cmndspec: runasspec options cmndtag digcmnd */ -#line 456 "gram.y" +#line 495 "gram.y" { struct cmndspec *cs = calloc(1, sizeof(*cs)); if (cs == NULL) { sudoerserror(N_("unable to allocate memory")); YYERROR; } + parser_leak_add(LEAK_CMNDSPEC, cs); if ((yyvsp[-3].runas) != NULL) { if ((yyvsp[-3].runas)->runasusers != NULL) { cs->runasuserlist = @@ -2052,6 +2100,7 @@ sudoerserror(N_("unable to allocate memory")); YYERROR; } + /* g/c done via runas container */ HLTQ_TO_TAILQ(cs->runasuserlist, (yyvsp[-3].runas)->runasusers, entries); } @@ -2063,26 +2112,35 @@ sudoerserror(N_("unable to allocate memory")); YYERROR; } + /* g/c done via runas container */ HLTQ_TO_TAILQ(cs->runasgrouplist, (yyvsp[-3].runas)->runasgroups, entries); } + parser_leak_remove(LEAK_RUNAS, (yyvsp[-3].runas)); free((yyvsp[-3].runas)); } #ifdef HAVE_SELINUX cs->role = (yyvsp[-2].options).role; + parser_leak_remove(LEAK_PTR, (yyvsp[-2].options).role); cs->type = (yyvsp[-2].options).type; + parser_leak_remove(LEAK_PTR, (yyvsp[-2].options).type); #endif #ifdef HAVE_PRIV_SET cs->privs = (yyvsp[-2].options).privs; + parser_leak_remove(LEAK_PTR, (yyvsp[-2].options).privs); cs->limitprivs = (yyvsp[-2].options).limitprivs; + parser_leak_remove(LEAK_PTR, (yyvsp[-2].options).limitprivs); #endif cs->notbefore = (yyvsp[-2].options).notbefore; cs->notafter = (yyvsp[-2].options).notafter; cs->timeout = (yyvsp[-2].options).timeout; cs->runcwd = (yyvsp[-2].options).runcwd; + parser_leak_remove(LEAK_PTR, (yyvsp[-2].options).runcwd); cs->runchroot = (yyvsp[-2].options).runchroot; + parser_leak_remove(LEAK_PTR, (yyvsp[-2].options).runchroot); cs->tags = (yyvsp[-1].tag); cs->cmnd = (yyvsp[0].member); + parser_leak_remove(LEAK_MEMBER, (yyvsp[0].member)); HLTQ_INIT(cs, entries); /* sudo "ALL" implies the SETENV tag */ if (cs->cmnd->type == ALL && !cs->cmnd->negated && @@ -2090,76 +2148,85 @@ cs->tags.setenv = IMPLIED; (yyval.cmndspec) = cs; } -#line 2088 "gram.c" +#line 2146 "gram.c" break; case 45: /* digestspec: SHA224_TOK ':' DIGEST */ -#line 511 "gram.y" +#line 561 "gram.y" { (yyval.digest) = new_digest(SUDO_DIGEST_SHA224, (yyvsp[0].string)); if ((yyval.digest) == NULL) { sudoerserror(N_("unable to allocate memory")); YYERROR; } + parser_leak_remove(LEAK_PTR, (yyvsp[0].string)); + parser_leak_add(LEAK_DIGEST, (yyval.digest)); } -#line 2100 "gram.c" +#line 2160 "gram.c" break; case 46: /* digestspec: SHA256_TOK ':' DIGEST */ -#line 518 "gram.y" +#line 570 "gram.y" { (yyval.digest) = new_digest(SUDO_DIGEST_SHA256, (yyvsp[0].string)); if ((yyval.digest) == NULL) { sudoerserror(N_("unable to allocate memory")); YYERROR; } + parser_leak_remove(LEAK_PTR, (yyvsp[0].string)); + parser_leak_add(LEAK_DIGEST, (yyval.digest)); } -#line 2112 "gram.c" +#line 2174 "gram.c" break; case 47: /* digestspec: SHA384_TOK ':' DIGEST */ -#line 525 "gram.y" +#line 579 "gram.y" { (yyval.digest) = new_digest(SUDO_DIGEST_SHA384, (yyvsp[0].string)); if ((yyval.digest) == NULL) { sudoerserror(N_("unable to allocate memory")); YYERROR; } + parser_leak_remove(LEAK_PTR, (yyvsp[0].string)); + parser_leak_add(LEAK_DIGEST, (yyval.digest)); } -#line 2124 "gram.c" +#line 2188 "gram.c" break; case 48: /* digestspec: SHA512_TOK ':' DIGEST */ -#line 532 "gram.y" +#line 588 "gram.y" { (yyval.digest) = new_digest(SUDO_DIGEST_SHA512, (yyvsp[0].string)); if ((yyval.digest) == NULL) { sudoerserror(N_("unable to allocate memory")); YYERROR; } + parser_leak_remove(LEAK_PTR, (yyvsp[0].string)); + parser_leak_add(LEAK_DIGEST, (yyval.digest)); } -#line 2136 "gram.c" +#line 2202 "gram.c" break; case 50: /* digestlist: digestlist ',' digestspec */ -#line 542 "gram.y" +#line 600 "gram.y" { + parser_leak_remove(LEAK_DIGEST, (yyvsp[0].digest)); HLTQ_CONCAT((yyvsp[-2].digest), (yyvsp[0].digest), entries); (yyval.digest) = (yyvsp[-2].digest); } -#line 2145 "gram.c" +#line 2212 "gram.c" break; case 51: /* digcmnd: opcmnd */ -#line 548 "gram.y" +#line 607 "gram.y" { (yyval.member) = (yyvsp[0].member); } -#line 2153 "gram.c" +#line 2220 "gram.c" break; case 52: /* digcmnd: digestlist opcmnd */ -#line 551 "gram.y" +#line 610 "gram.y" { struct sudo_command *c = (struct sudo_command *) (yyvsp[0].member)->name; @@ -2168,40 +2235,33 @@ sudoerserror(N_("a digest requires a path name")); YYERROR; } - if (c == NULL) { - /* lazy-allocate sudo_command for ALL */ - if ((c = new_command(NULL, NULL)) == NULL) { - sudoerserror(N_("unable to allocate memory")); - YYERROR; - } - (yyvsp[0].member)->name = (char *)c; - } + parser_leak_remove(LEAK_DIGEST, (yyvsp[-1].digest)); HLTQ_TO_TAILQ(&c->digests, (yyvsp[-1].digest), entries); (yyval.member) = (yyvsp[0].member); } -#line 2177 "gram.c" +#line 2237 "gram.c" break; case 53: /* opcmnd: cmnd */ -#line 572 "gram.y" +#line 624 "gram.y" { (yyval.member) = (yyvsp[0].member); (yyval.member)->negated = false; } -#line 2186 "gram.c" +#line 2246 "gram.c" break; case 54: /* opcmnd: '!' cmnd */ -#line 576 "gram.y" +#line 628 "gram.y" { (yyval.member) = (yyvsp[0].member); (yyval.member)->negated = true; } -#line 2195 "gram.c" +#line 2255 "gram.c" break; case 55: /* chdirspec: CWD '=' WORD */ -#line 582 "gram.y" +#line 634 "gram.y" { if ((yyvsp[0].string)[0] != '/' && (yyvsp[0].string)[0] != '~') { if (strcmp((yyvsp[0].string), "*") != 0) { @@ -2210,13 +2270,17 @@ YYERROR; } } + if (strlen((yyvsp[0].string)) >= PATH_MAX) { + sudoerserror(N_("\"CWD\" path too long")); + YYERROR; + } (yyval.string) = (yyvsp[0].string); } -#line 2210 "gram.c" +#line 2274 "gram.c" break; case 56: /* chrootspec: CHROOT '=' WORD */ -#line 594 "gram.y" +#line 650 "gram.y" { if ((yyvsp[0].string)[0] != '/' && (yyvsp[0].string)[0] != '~') { if (strcmp((yyvsp[0].string), "*") != 0) { @@ -2225,85 +2289,89 @@ YYERROR; } } + if (strlen((yyvsp[0].string)) >= PATH_MAX) { + sudoerserror(N_("\"CHROOT\" path too long")); + YYERROR; + } (yyval.string) = (yyvsp[0].string); } -#line 2225 "gram.c" +#line 2293 "gram.c" break; case 57: /* timeoutspec: CMND_TIMEOUT '=' WORD */ -#line 606 "gram.y" +#line 666 "gram.y" { (yyval.string) = (yyvsp[0].string); } -#line 2233 "gram.c" +#line 2301 "gram.c" break; case 58: /* notbeforespec: NOTBEFORE '=' WORD */ -#line 611 "gram.y" +#line 671 "gram.y" { (yyval.string) = (yyvsp[0].string); } -#line 2241 "gram.c" +#line 2309 "gram.c" break; case 59: /* notafterspec: NOTAFTER '=' WORD */ -#line 615 "gram.y" +#line 675 "gram.y" { (yyval.string) = (yyvsp[0].string); } -#line 2249 "gram.c" +#line 2317 "gram.c" break; case 60: /* rolespec: ROLE '=' WORD */ -#line 620 "gram.y" +#line 680 "gram.y" { (yyval.string) = (yyvsp[0].string); } -#line 2257 "gram.c" +#line 2325 "gram.c" break; case 61: /* typespec: TYPE '=' WORD */ -#line 625 "gram.y" +#line 685 "gram.y" { (yyval.string) = (yyvsp[0].string); } -#line 2265 "gram.c" +#line 2333 "gram.c" break; case 62: /* privsspec: PRIVS '=' WORD */ -#line 630 "gram.y" +#line 690 "gram.y" { (yyval.string) = (yyvsp[0].string); } -#line 2273 "gram.c" +#line 2341 "gram.c" break; case 63: /* limitprivsspec: LIMITPRIVS '=' WORD */ -#line 634 "gram.y" +#line 694 "gram.y" { (yyval.string) = (yyvsp[0].string); } -#line 2281 "gram.c" +#line 2349 "gram.c" break; case 64: /* runasspec: %empty */ -#line 639 "gram.y" +#line 699 "gram.y" { (yyval.runas) = NULL; } -#line 2289 "gram.c" +#line 2357 "gram.c" break; case 65: /* runasspec: '(' runaslist ')' */ -#line 642 "gram.y" +#line 702 "gram.y" { (yyval.runas) = (yyvsp[-1].runas); } -#line 2297 "gram.c" +#line 2365 "gram.c" break; case 66: /* runaslist: %empty */ -#line 647 "gram.y" +#line 707 "gram.y" { (yyval.runas) = calloc(1, sizeof(struct runascontainer)); if ((yyval.runas) != NULL) { @@ -2318,54 +2386,62 @@ sudoerserror(N_("unable to allocate memory")); YYERROR; } + parser_leak_add(LEAK_RUNAS, (yyval.runas)); } -#line 2317 "gram.c" +#line 2386 "gram.c" break; case 67: /* runaslist: userlist */ -#line 662 "gram.y" +#line 723 "gram.y" { (yyval.runas) = calloc(1, sizeof(struct runascontainer)); if ((yyval.runas) == NULL) { sudoerserror(N_("unable to allocate memory")); YYERROR; } + parser_leak_add(LEAK_RUNAS, (yyval.runas)); + parser_leak_remove(LEAK_MEMBER, (yyvsp[0].member)); (yyval.runas)->runasusers = (yyvsp[0].member); /* $$->runasgroups = NULL; */ } -#line 2331 "gram.c" +#line 2402 "gram.c" break; case 68: /* runaslist: userlist ':' grouplist */ -#line 671 "gram.y" +#line 734 "gram.y" { (yyval.runas) = calloc(1, sizeof(struct runascontainer)); if ((yyval.runas) == NULL) { sudoerserror(N_("unable to allocate memory")); YYERROR; } + parser_leak_add(LEAK_RUNAS, (yyval.runas)); + parser_leak_remove(LEAK_MEMBER, (yyvsp[-2].member)); + parser_leak_remove(LEAK_MEMBER, (yyvsp[0].member)); (yyval.runas)->runasusers = (yyvsp[-2].member); (yyval.runas)->runasgroups = (yyvsp[0].member); } -#line 2345 "gram.c" +#line 2419 "gram.c" break; case 69: /* runaslist: ':' grouplist */ -#line 680 "gram.y" +#line 746 "gram.y" { (yyval.runas) = calloc(1, sizeof(struct runascontainer)); if ((yyval.runas) == NULL) { sudoerserror(N_("unable to allocate memory")); YYERROR; } + parser_leak_add(LEAK_RUNAS, (yyval.runas)); + parser_leak_remove(LEAK_MEMBER, (yyvsp[0].member)); /* $$->runasusers = NULL; */ (yyval.runas)->runasgroups = (yyvsp[0].member); } -#line 2359 "gram.c" +#line 2435 "gram.c" break; case 70: /* runaslist: ':' */ -#line 689 "gram.y" +#line 757 "gram.y" { (yyval.runas) = calloc(1, sizeof(struct runascontainer)); if ((yyval.runas) != NULL) { @@ -2380,135 +2456,141 @@ sudoerserror(N_("unable to allocate memory")); YYERROR; } + parser_leak_add(LEAK_RUNAS, (yyval.runas)); } -#line 2379 "gram.c" +#line 2456 "gram.c" break; case 71: /* reserved_word: ALL */ -#line 706 "gram.y" +#line 775 "gram.y" { (yyval.string) = "ALL"; } -#line 2385 "gram.c" +#line 2462 "gram.c" break; case 72: /* reserved_word: CHROOT */ -#line 707 "gram.y" +#line 776 "gram.y" { (yyval.string) = "CHROOT"; } -#line 2391 "gram.c" +#line 2468 "gram.c" break; case 73: /* reserved_word: CWD */ -#line 708 "gram.y" +#line 777 "gram.y" { (yyval.string) = "CWD"; } -#line 2397 "gram.c" +#line 2474 "gram.c" break; case 74: /* reserved_word: CMND_TIMEOUT */ -#line 709 "gram.y" +#line 778 "gram.y" { (yyval.string) = "CMND_TIMEOUT"; } -#line 2403 "gram.c" +#line 2480 "gram.c" break; case 75: /* reserved_word: NOTBEFORE */ -#line 710 "gram.y" +#line 779 "gram.y" { (yyval.string) = "NOTBEFORE"; } -#line 2409 "gram.c" +#line 2486 "gram.c" break; case 76: /* reserved_word: NOTAFTER */ -#line 711 "gram.y" +#line 780 "gram.y" { (yyval.string) = "NOTAFTER"; } -#line 2415 "gram.c" +#line 2492 "gram.c" break; case 77: /* reserved_word: ROLE */ -#line 712 "gram.y" +#line 781 "gram.y" { (yyval.string) = "ROLE"; } -#line 2421 "gram.c" +#line 2498 "gram.c" break; case 78: /* reserved_word: TYPE */ -#line 713 "gram.y" +#line 782 "gram.y" { (yyval.string) = "TYPE"; } -#line 2427 "gram.c" +#line 2504 "gram.c" break; case 79: /* reserved_word: PRIVS */ -#line 714 "gram.y" +#line 783 "gram.y" { (yyval.string) = "PRIVS"; } -#line 2433 "gram.c" +#line 2510 "gram.c" break; case 80: /* reserved_word: LIMITPRIVS */ -#line 715 "gram.y" +#line 784 "gram.y" { (yyval.string) = "LIMITPRIVS"; } -#line 2439 "gram.c" +#line 2516 "gram.c" break; case 81: /* reserved_alias: reserved_word */ -#line 718 "gram.y" +#line 787 "gram.y" { sudoerserrorf(U_("syntax error, reserved word %s used as an alias name"), (yyvsp[0].string)); YYERROR; } -#line 2448 "gram.c" +#line 2525 "gram.c" break; case 82: /* options: %empty */ -#line 724 "gram.y" +#line 793 "gram.y" { init_options(&(yyval.options)); } -#line 2456 "gram.c" +#line 2533 "gram.c" break; case 83: /* options: options chdirspec */ -#line 727 "gram.y" +#line 796 "gram.y" { + parser_leak_remove(LEAK_PTR, (yyval.options).runcwd); free((yyval.options).runcwd); (yyval.options).runcwd = (yyvsp[0].string); } -#line 2465 "gram.c" +#line 2543 "gram.c" break; case 84: /* options: options chrootspec */ -#line 731 "gram.y" +#line 801 "gram.y" { + parser_leak_remove(LEAK_PTR, (yyval.options).runchroot); free((yyval.options).runchroot); (yyval.options).runchroot = (yyvsp[0].string); } -#line 2474 "gram.c" +#line 2553 "gram.c" break; case 85: /* options: options notbeforespec */ -#line 735 "gram.y" +#line 806 "gram.y" { (yyval.options).notbefore = parse_gentime((yyvsp[0].string)); + parser_leak_remove(LEAK_PTR, (yyvsp[0].string)); free((yyvsp[0].string)); if ((yyval.options).notbefore == -1) { sudoerserror(N_("invalid notbefore value")); YYERROR; } } -#line 2487 "gram.c" +#line 2567 "gram.c" break; case 86: /* options: options notafterspec */ -#line 743 "gram.y" +#line 815 "gram.y" { (yyval.options).notafter = parse_gentime((yyvsp[0].string)); + parser_leak_remove(LEAK_PTR, (yyvsp[0].string)); free((yyvsp[0].string)); if ((yyval.options).notafter == -1) { sudoerserror(N_("invalid notafter value")); YYERROR; } } -#line 2500 "gram.c" +#line 2581 "gram.c" break; case 87: /* options: options timeoutspec */ -#line 751 "gram.y" +#line 824 "gram.y" { (yyval.options).timeout = parse_timeout((yyvsp[0].string)); + parser_leak_remove(LEAK_PTR, (yyvsp[0].string)); free((yyvsp[0].string)); if ((yyval.options).timeout == -1) { if (errno == ERANGE) @@ -2518,202 +2600,235 @@ YYERROR; } } -#line 2516 "gram.c" +#line 2598 "gram.c" break; case 88: /* options: options rolespec */ -#line 762 "gram.y" +#line 836 "gram.y" { #ifdef HAVE_SELINUX + parser_leak_remove(LEAK_PTR, (yyval.options).role); free((yyval.options).role); (yyval.options).role = (yyvsp[0].string); #endif } -#line 2527 "gram.c" +#line 2610 "gram.c" break; case 89: /* options: options typespec */ -#line 768 "gram.y" +#line 843 "gram.y" { #ifdef HAVE_SELINUX + parser_leak_remove(LEAK_PTR, (yyval.options).type); free((yyval.options).type); (yyval.options).type = (yyvsp[0].string); #endif } -#line 2538 "gram.c" +#line 2622 "gram.c" break; case 90: /* options: options privsspec */ -#line 774 "gram.y" +#line 850 "gram.y" { #ifdef HAVE_PRIV_SET + parser_leak_remove(LEAK_PTR, (yyval.options).privs); free((yyval.options).privs); (yyval.options).privs = (yyvsp[0].string); #endif } -#line 2549 "gram.c" +#line 2634 "gram.c" break; case 91: /* options: options limitprivsspec */ -#line 780 "gram.y" +#line 857 "gram.y" { #ifdef HAVE_PRIV_SET + parser_leak_remove(LEAK_PTR, (yyval.options).limitprivs); free((yyval.options).limitprivs); (yyval.options).limitprivs = (yyvsp[0].string); #endif } -#line 2560 "gram.c" +#line 2646 "gram.c" break; case 92: /* cmndtag: %empty */ -#line 788 "gram.y" +#line 866 "gram.y" { TAGS_INIT(&(yyval.tag)); } -#line 2568 "gram.c" +#line 2654 "gram.c" break; case 93: /* cmndtag: cmndtag NOPASSWD */ -#line 791 "gram.y" +#line 869 "gram.y" { (yyval.tag).nopasswd = true; } -#line 2576 "gram.c" +#line 2662 "gram.c" break; case 94: /* cmndtag: cmndtag PASSWD */ -#line 794 "gram.y" +#line 872 "gram.y" { (yyval.tag).nopasswd = false; } -#line 2584 "gram.c" +#line 2670 "gram.c" break; case 95: /* cmndtag: cmndtag NOEXEC */ -#line 797 "gram.y" +#line 875 "gram.y" { (yyval.tag).noexec = true; } -#line 2592 "gram.c" +#line 2678 "gram.c" break; case 96: /* cmndtag: cmndtag EXEC */ -#line 800 "gram.y" +#line 878 "gram.y" { (yyval.tag).noexec = false; } -#line 2600 "gram.c" +#line 2686 "gram.c" break; - case 97: /* cmndtag: cmndtag SETENV */ -#line 803 "gram.y" + case 97: /* cmndtag: cmndtag INTERCEPT */ +#line 881 "gram.y" + { + (yyval.tag).intercept = true; + } +#line 2694 "gram.c" + break; + + case 98: /* cmndtag: cmndtag NOINTERCEPT */ +#line 884 "gram.y" + { + (yyval.tag).intercept = false; + } +#line 2702 "gram.c" + break; + + case 99: /* cmndtag: cmndtag SETENV */ +#line 887 "gram.y" { (yyval.tag).setenv = true; } -#line 2608 "gram.c" +#line 2710 "gram.c" break; - case 98: /* cmndtag: cmndtag NOSETENV */ -#line 806 "gram.y" + case 100: /* cmndtag: cmndtag NOSETENV */ +#line 890 "gram.y" { (yyval.tag).setenv = false; } -#line 2616 "gram.c" +#line 2718 "gram.c" break; - case 99: /* cmndtag: cmndtag LOG_INPUT */ -#line 809 "gram.y" + case 101: /* cmndtag: cmndtag LOG_INPUT */ +#line 893 "gram.y" { (yyval.tag).log_input = true; } -#line 2624 "gram.c" +#line 2726 "gram.c" break; - case 100: /* cmndtag: cmndtag NOLOG_INPUT */ -#line 812 "gram.y" + case 102: /* cmndtag: cmndtag NOLOG_INPUT */ +#line 896 "gram.y" { (yyval.tag).log_input = false; } -#line 2632 "gram.c" +#line 2734 "gram.c" break; - case 101: /* cmndtag: cmndtag LOG_OUTPUT */ -#line 815 "gram.y" + case 103: /* cmndtag: cmndtag LOG_OUTPUT */ +#line 899 "gram.y" { (yyval.tag).log_output = true; } -#line 2640 "gram.c" +#line 2742 "gram.c" break; - case 102: /* cmndtag: cmndtag NOLOG_OUTPUT */ -#line 818 "gram.y" + case 104: /* cmndtag: cmndtag NOLOG_OUTPUT */ +#line 902 "gram.y" { (yyval.tag).log_output = false; } -#line 2648 "gram.c" +#line 2750 "gram.c" break; - case 103: /* cmndtag: cmndtag FOLLOWLNK */ -#line 821 "gram.y" + case 105: /* cmndtag: cmndtag FOLLOWLNK */ +#line 905 "gram.y" { (yyval.tag).follow = true; } -#line 2656 "gram.c" +#line 2758 "gram.c" break; - case 104: /* cmndtag: cmndtag NOFOLLOWLNK */ -#line 824 "gram.y" + case 106: /* cmndtag: cmndtag NOFOLLOWLNK */ +#line 908 "gram.y" { (yyval.tag).follow = false; } -#line 2664 "gram.c" +#line 2766 "gram.c" break; - case 105: /* cmndtag: cmndtag MAIL */ -#line 827 "gram.y" + case 107: /* cmndtag: cmndtag MAIL */ +#line 911 "gram.y" { (yyval.tag).send_mail = true; } -#line 2672 "gram.c" +#line 2774 "gram.c" break; - case 106: /* cmndtag: cmndtag NOMAIL */ -#line 830 "gram.y" + case 108: /* cmndtag: cmndtag NOMAIL */ +#line 914 "gram.y" { (yyval.tag).send_mail = false; } -#line 2680 "gram.c" +#line 2782 "gram.c" break; - case 107: /* cmnd: ALL */ -#line 835 "gram.y" + case 109: /* cmnd: ALL */ +#line 919 "gram.y" { - (yyval.member) = new_member(NULL, ALL); + struct sudo_command *c; + + if ((c = new_command(NULL, NULL)) == NULL) { + sudoerserror(N_("unable to allocate memory")); + YYERROR; + } + (yyval.member) = new_member((char *)c, ALL); if ((yyval.member) == NULL) { sudoerserror(N_("unable to allocate memory")); YYERROR; } + parser_leak_add(LEAK_MEMBER, (yyval.member)); } -#line 2692 "gram.c" +#line 2801 "gram.c" break; - case 108: /* cmnd: ALIAS */ -#line 842 "gram.y" + case 110: /* cmnd: ALIAS */ +#line 933 "gram.y" { (yyval.member) = new_member((yyvsp[0].string), ALIAS); if ((yyval.member) == NULL) { sudoerserror(N_("unable to allocate memory")); YYERROR; } + parser_leak_remove(LEAK_PTR, (yyvsp[0].string)); + parser_leak_add(LEAK_MEMBER, (yyval.member)); } -#line 2704 "gram.c" +#line 2815 "gram.c" break; - case 109: /* cmnd: COMMAND */ -#line 849 "gram.y" + case 111: /* cmnd: COMMAND */ +#line 942 "gram.y" { struct sudo_command *c; + if (strlen((yyvsp[0].command).cmnd) >= PATH_MAX) { + sudoerserror(N_("command too long")); + YYERROR; + } if ((c = new_command((yyvsp[0].command).cmnd, (yyvsp[0].command).args)) == NULL) { sudoerserror(N_("unable to allocate memory")); YYERROR; @@ -2724,264 +2839,293 @@ sudoerserror(N_("unable to allocate memory")); YYERROR; } + parser_leak_remove(LEAK_PTR, (yyvsp[0].command).cmnd); + parser_leak_remove(LEAK_PTR, (yyvsp[0].command).args); + parser_leak_add(LEAK_MEMBER, (yyval.member)); } -#line 2723 "gram.c" +#line 2841 "gram.c" break; - case 112: /* $@1: %empty */ -#line 869 "gram.y" + case 114: /* $@1: %empty */ +#line 969 "gram.y" { alias_line = this_lineno; alias_column = sudolinebuf.toke_start + 1; } -#line 2732 "gram.c" +#line 2850 "gram.c" break; - case 113: /* hostalias: ALIAS $@1 '=' hostlist */ -#line 872 "gram.y" + case 115: /* hostalias: ALIAS $@1 '=' hostlist */ +#line 972 "gram.y" { if (!alias_add(&parsed_policy, (yyvsp[-3].string), HOSTALIAS, sudoers, alias_line, alias_column, (yyvsp[0].member))) { alias_error((yyvsp[-3].string), errno); YYERROR; } + parser_leak_remove(LEAK_PTR, (yyvsp[-3].string)); + parser_leak_remove(LEAK_MEMBER, (yyvsp[0].member)); } -#line 2744 "gram.c" +#line 2864 "gram.c" break; - case 116: /* hostlist: hostlist ',' ophost */ -#line 883 "gram.y" + case 118: /* hostlist: hostlist ',' ophost */ +#line 985 "gram.y" { + parser_leak_remove(LEAK_MEMBER, (yyvsp[0].member)); HLTQ_CONCAT((yyvsp[-2].member), (yyvsp[0].member), entries); (yyval.member) = (yyvsp[-2].member); } -#line 2753 "gram.c" +#line 2874 "gram.c" break; - case 119: /* $@2: %empty */ -#line 893 "gram.y" + case 121: /* $@2: %empty */ +#line 996 "gram.y" { alias_line = this_lineno; alias_column = sudolinebuf.toke_start + 1; } -#line 2762 "gram.c" +#line 2883 "gram.c" break; - case 120: /* cmndalias: ALIAS $@2 '=' cmndlist */ -#line 896 "gram.y" + case 122: /* cmndalias: ALIAS $@2 '=' cmndlist */ +#line 999 "gram.y" { if (!alias_add(&parsed_policy, (yyvsp[-3].string), CMNDALIAS, sudoers, alias_line, alias_column, (yyvsp[0].member))) { alias_error((yyvsp[-3].string), errno); YYERROR; } + parser_leak_remove(LEAK_PTR, (yyvsp[-3].string)); + parser_leak_remove(LEAK_MEMBER, (yyvsp[0].member)); } -#line 2774 "gram.c" +#line 2897 "gram.c" break; - case 123: /* cmndlist: cmndlist ',' digcmnd */ -#line 907 "gram.y" + case 125: /* cmndlist: cmndlist ',' digcmnd */ +#line 1012 "gram.y" { + parser_leak_remove(LEAK_MEMBER, (yyvsp[0].member)); HLTQ_CONCAT((yyvsp[-2].member), (yyvsp[0].member), entries); (yyval.member) = (yyvsp[-2].member); } -#line 2783 "gram.c" +#line 2907 "gram.c" break; - case 126: /* $@3: %empty */ -#line 917 "gram.y" + case 128: /* $@3: %empty */ +#line 1023 "gram.y" { alias_line = this_lineno; alias_column = sudolinebuf.toke_start + 1; } -#line 2792 "gram.c" +#line 2916 "gram.c" break; - case 127: /* runasalias: ALIAS $@3 '=' userlist */ -#line 920 "gram.y" + case 129: /* runasalias: ALIAS $@3 '=' userlist */ +#line 1026 "gram.y" { if (!alias_add(&parsed_policy, (yyvsp[-3].string), RUNASALIAS, sudoers, alias_line, alias_column, (yyvsp[0].member))) { alias_error((yyvsp[-3].string), errno); YYERROR; } + parser_leak_remove(LEAK_PTR, (yyvsp[-3].string)); + parser_leak_remove(LEAK_MEMBER, (yyvsp[0].member)); } -#line 2804 "gram.c" +#line 2930 "gram.c" break; - case 131: /* $@4: %empty */ -#line 934 "gram.y" + case 133: /* $@4: %empty */ +#line 1042 "gram.y" { alias_line = this_lineno; alias_column = sudolinebuf.toke_start + 1; } -#line 2813 "gram.c" +#line 2939 "gram.c" break; - case 132: /* useralias: ALIAS $@4 '=' userlist */ -#line 937 "gram.y" + case 134: /* useralias: ALIAS $@4 '=' userlist */ +#line 1045 "gram.y" { if (!alias_add(&parsed_policy, (yyvsp[-3].string), USERALIAS, sudoers, alias_line, alias_column, (yyvsp[0].member))) { alias_error((yyvsp[-3].string), errno); YYERROR; } + parser_leak_remove(LEAK_PTR, (yyvsp[-3].string)); + parser_leak_remove(LEAK_MEMBER, (yyvsp[0].member)); } -#line 2825 "gram.c" +#line 2953 "gram.c" break; - case 135: /* userlist: userlist ',' opuser */ -#line 948 "gram.y" + case 137: /* userlist: userlist ',' opuser */ +#line 1058 "gram.y" { + parser_leak_remove(LEAK_MEMBER, (yyvsp[0].member)); HLTQ_CONCAT((yyvsp[-2].member), (yyvsp[0].member), entries); (yyval.member) = (yyvsp[-2].member); } -#line 2834 "gram.c" +#line 2963 "gram.c" break; - case 136: /* opuser: user */ -#line 954 "gram.y" + case 138: /* opuser: user */ +#line 1065 "gram.y" { (yyval.member) = (yyvsp[0].member); (yyval.member)->negated = false; } -#line 2843 "gram.c" +#line 2972 "gram.c" break; - case 137: /* opuser: '!' user */ -#line 958 "gram.y" + case 139: /* opuser: '!' user */ +#line 1069 "gram.y" { (yyval.member) = (yyvsp[0].member); (yyval.member)->negated = true; } -#line 2852 "gram.c" +#line 2981 "gram.c" break; - case 138: /* user: ALIAS */ -#line 964 "gram.y" + case 140: /* user: ALIAS */ +#line 1075 "gram.y" { (yyval.member) = new_member((yyvsp[0].string), ALIAS); if ((yyval.member) == NULL) { sudoerserror(N_("unable to allocate memory")); YYERROR; } + parser_leak_remove(LEAK_PTR, (yyvsp[0].string)); + parser_leak_add(LEAK_MEMBER, (yyval.member)); } -#line 2864 "gram.c" +#line 2995 "gram.c" break; - case 139: /* user: ALL */ -#line 971 "gram.y" + case 141: /* user: ALL */ +#line 1084 "gram.y" { (yyval.member) = new_member(NULL, ALL); if ((yyval.member) == NULL) { sudoerserror(N_("unable to allocate memory")); YYERROR; } + parser_leak_add(LEAK_MEMBER, (yyval.member)); } -#line 2876 "gram.c" +#line 3008 "gram.c" break; - case 140: /* user: NETGROUP */ -#line 978 "gram.y" + case 142: /* user: NETGROUP */ +#line 1092 "gram.y" { (yyval.member) = new_member((yyvsp[0].string), NETGROUP); if ((yyval.member) == NULL) { sudoerserror(N_("unable to allocate memory")); YYERROR; } + parser_leak_remove(LEAK_PTR, (yyvsp[0].string)); + parser_leak_add(LEAK_MEMBER, (yyval.member)); } -#line 2888 "gram.c" +#line 3022 "gram.c" break; - case 141: /* user: USERGROUP */ -#line 985 "gram.y" + case 143: /* user: USERGROUP */ +#line 1101 "gram.y" { (yyval.member) = new_member((yyvsp[0].string), USERGROUP); if ((yyval.member) == NULL) { sudoerserror(N_("unable to allocate memory")); YYERROR; } + parser_leak_remove(LEAK_PTR, (yyvsp[0].string)); + parser_leak_add(LEAK_MEMBER, (yyval.member)); } -#line 2900 "gram.c" +#line 3036 "gram.c" break; - case 142: /* user: WORD */ -#line 992 "gram.y" + case 144: /* user: WORD */ +#line 1110 "gram.y" { (yyval.member) = new_member((yyvsp[0].string), WORD); if ((yyval.member) == NULL) { sudoerserror(N_("unable to allocate memory")); YYERROR; } + parser_leak_remove(LEAK_PTR, (yyvsp[0].string)); + parser_leak_add(LEAK_MEMBER, (yyval.member)); } -#line 2912 "gram.c" +#line 3050 "gram.c" break; - case 144: /* grouplist: grouplist ',' opgroup */ -#line 1002 "gram.y" + case 146: /* grouplist: grouplist ',' opgroup */ +#line 1122 "gram.y" { + parser_leak_remove(LEAK_MEMBER, (yyvsp[0].member)); HLTQ_CONCAT((yyvsp[-2].member), (yyvsp[0].member), entries); (yyval.member) = (yyvsp[-2].member); } -#line 2921 "gram.c" +#line 3060 "gram.c" break; - case 145: /* opgroup: group */ -#line 1008 "gram.y" + case 147: /* opgroup: group */ +#line 1129 "gram.y" { (yyval.member) = (yyvsp[0].member); (yyval.member)->negated = false; } -#line 2930 "gram.c" +#line 3069 "gram.c" break; - case 146: /* opgroup: '!' group */ -#line 1012 "gram.y" + case 148: /* opgroup: '!' group */ +#line 1133 "gram.y" { (yyval.member) = (yyvsp[0].member); (yyval.member)->negated = true; } -#line 2939 "gram.c" +#line 3078 "gram.c" break; - case 147: /* group: ALIAS */ -#line 1018 "gram.y" + case 149: /* group: ALIAS */ +#line 1139 "gram.y" { (yyval.member) = new_member((yyvsp[0].string), ALIAS); if ((yyval.member) == NULL) { sudoerserror(N_("unable to allocate memory")); YYERROR; } + parser_leak_remove(LEAK_PTR, (yyvsp[0].string)); + parser_leak_add(LEAK_MEMBER, (yyval.member)); } -#line 2951 "gram.c" +#line 3092 "gram.c" break; - case 148: /* group: ALL */ -#line 1025 "gram.y" + case 150: /* group: ALL */ +#line 1148 "gram.y" { (yyval.member) = new_member(NULL, ALL); if ((yyval.member) == NULL) { sudoerserror(N_("unable to allocate memory")); YYERROR; } + parser_leak_add(LEAK_MEMBER, (yyval.member)); } -#line 2963 "gram.c" +#line 3105 "gram.c" break; - case 149: /* group: WORD */ -#line 1032 "gram.y" + case 151: /* group: WORD */ +#line 1156 "gram.y" { (yyval.member) = new_member((yyvsp[0].string), WORD); if ((yyval.member) == NULL) { sudoerserror(N_("unable to allocate memory")); YYERROR; } + parser_leak_remove(LEAK_PTR, (yyvsp[0].string)); + parser_leak_add(LEAK_MEMBER, (yyval.member)); } -#line 2975 "gram.c" +#line 3119 "gram.c" break; -#line 2979 "gram.c" +#line 3123 "gram.c" default: break; } @@ -3063,6 +3207,7 @@ label yyerrorlab therefore never appears in user code. */ if (0) YYERROR; + ++yynerrs; /* Do not reclaim the symbols of the rule whose action triggered this YYERROR. */ @@ -3123,7 +3268,7 @@ `-------------------------------------*/ yyacceptlab: yyresult = 0; - goto yyreturn; + goto yyreturnlab; /*-----------------------------------. @@ -3131,24 +3276,22 @@ `-----------------------------------*/ yyabortlab: yyresult = 1; - goto yyreturn; + goto yyreturnlab; -#if !defined yyoverflow -/*-------------------------------------------------. -| yyexhaustedlab -- memory exhaustion comes here. | -`-------------------------------------------------*/ +/*-----------------------------------------------------------. +| yyexhaustedlab -- YYNOMEM (memory exhaustion) comes here. | +`-----------------------------------------------------------*/ yyexhaustedlab: yyerror (YY_("memory exhausted")); yyresult = 2; - goto yyreturn; -#endif + goto yyreturnlab; -/*-------------------------------------------------------. -| yyreturn -- parsing is finished, clean up and return. | -`-------------------------------------------------------*/ -yyreturn: +/*----------------------------------------------------------. +| yyreturnlab -- parsing is finished, clean up and return. | +`----------------------------------------------------------*/ +yyreturnlab: if (yychar != YYEMPTY) { /* Make sure we have latest lookahead translation. See comments at @@ -3175,7 +3318,7 @@ return yyresult; } -#line 1040 "gram.y" +#line 1166 "gram.y" /* Like yyerror() but takes a printf-style format string. */ void @@ -3183,15 +3326,11 @@ { debug_decl(sudoerserrorf, SUDOERS_DEBUG_PARSER); - /* The lexer displays more detailed messages for ERROR tokens. */ - if (sudoerschar == ERROR) - debug_return; - /* Save the line the first error occurred on. */ if (errorlineno == -1) { errorlineno = this_lineno; - rcstr_delref(errorfile); - errorfile = rcstr_addref(sudoers); + sudo_rcstr_delref(errorfile); + errorfile = sudo_rcstr_addref(sudoers); } if (sudoers_warnings && fmt != NULL) { LEXTRACE("<*> "); @@ -3203,8 +3342,12 @@ /* Warnings are displayed in the user's locale. */ sudoers_setlocale(SUDOERS_LOCALE_USER, &oldlocale); + va_start(ap, fmt); - if (strcmp(fmt, "%s") == 0) { + if (sudoerschar == ERROR) { + /* Use error string from lexer. */ + s = _(sudoers_errstr); + } else if (strcmp(fmt, "%s") == 0) { /* Optimize common case, a single string. */ s = _(va_arg(ap, char *)); } else { @@ -3278,10 +3421,10 @@ d->val = val; /* d->type = 0; */ d->op = op; - /* d->binding = NULL */ + /* d->binding = NULL; */ d->line = this_lineno; d->column = sudolinebuf.toke_start + 1; - d->file = rcstr_addref(sudoers); + d->file = sudo_rcstr_addref(sudoers); HLTQ_INIT(d, entries); debug_return_ptr(d); @@ -3306,16 +3449,6 @@ debug_return_ptr(m); } -/* - * Like new_member() but uses ALL for the type. - * Used by the ldap and sssd back-ends, which don't include gram.h. - */ -struct member * -new_member_all(char *name) -{ - return new_member(name, ALL); -} - static struct sudo_command * new_command(char *cmnd, char *args) { @@ -3327,6 +3460,7 @@ "unable to allocate memory"); debug_return_ptr(NULL); } + /* garbage collected as part of struct member */ c->cmnd = cmnd; c->args = args; @@ -3360,43 +3494,65 @@ debug_return_ptr(digest); } +static void +free_defaults_binding(struct defaults_binding *binding) +{ + debug_decl(free_defaults_binding, SUDOERS_DEBUG_PARSER); + + /* Bindings may be shared among multiple Defaults entries. */ + if (binding != NULL) { + if (--binding->refcnt == 0) { + free_members(&binding->members); + free(binding); + } + } + + debug_return; +} + /* * Add a list of defaults structures to the defaults list. - * The binding, if non-NULL, specifies a list of hosts, users, or - * runas users the entries apply to (specified by the type). + * The bmem argument, if non-NULL, specifies a list of hosts, users, + * or runas users the entries apply to (determined by the type). */ static bool add_defaults(int type, struct member *bmem, struct defaults *defs) { struct defaults *d, *next; - struct member_list *binding; + struct defaults_binding *binding; bool ret = true; debug_decl(add_defaults, SUDOERS_DEBUG_PARSER); - if (defs != NULL) { - /* - * We use a single binding for each entry in defs. - */ - if ((binding = malloc(sizeof(*binding))) == NULL) { - sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO, - "unable to allocate memory"); - sudoerserror(N_("unable to allocate memory")); - debug_return_bool(false); - } - if (bmem != NULL) - HLTQ_TO_TAILQ(binding, bmem, entries); - else - TAILQ_INIT(binding); - - /* - * Set type and binding (who it applies to) for new entries. - * Then add to the global defaults list. - */ - HLTQ_FOREACH_SAFE(d, defs, entries, next) { - d->type = type; - d->binding = binding; - TAILQ_INSERT_TAIL(&parsed_policy.defaults, d, entries); - } + if (defs == NULL) + debug_return_bool(false); + + /* + * We use a single binding for each entry in defs. + */ + if ((binding = malloc(sizeof(*binding))) == NULL) { + sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO, + "unable to allocate memory"); + sudoerserror(N_("unable to allocate memory")); + debug_return_bool(false); + } + if (bmem != NULL) { + parser_leak_remove(LEAK_MEMBER, bmem); + HLTQ_TO_TAILQ(&binding->members, bmem, entries); + } else { + TAILQ_INIT(&binding->members); + } + binding->refcnt = 0; + + /* + * Set type and binding (who it applies to) for new entries. + * Then add to the global defaults list. + */ + parser_leak_remove(LEAK_DEFAULTS, defs); + HLTQ_FOREACH_SAFE(d, defs, entries, next) { + d->type = type; + d->binding = binding; + binding->refcnt++; + TAILQ_INSERT_TAIL(&parsed_policy.defaults, d, entries); } debug_return_bool(ret); @@ -3419,8 +3575,10 @@ } u->line = this_lineno; u->column = sudolinebuf.toke_start + 1; - u->file = rcstr_addref(sudoers); + u->file = sudo_rcstr_addref(sudoers); + parser_leak_remove(LEAK_MEMBER, members); HLTQ_TO_TAILQ(&u->users, members, entries); + parser_leak_remove(LEAK_PRIVILEGE, privs); HLTQ_TO_TAILQ(&u->privileges, privs, entries); STAILQ_INIT(&u->comments); TAILQ_INSERT_TAIL(&parsed_policy.userspecs, u, entries); @@ -3473,31 +3631,24 @@ void free_defaults(struct defaults_list *defs) { - struct member_list *prev_binding = NULL; struct defaults *def; debug_decl(free_defaults, SUDOERS_DEBUG_PARSER); while ((def = TAILQ_FIRST(defs)) != NULL) { TAILQ_REMOVE(defs, def, entries); - free_default(def, &prev_binding); + free_default(def); } debug_return; } void -free_default(struct defaults *def, struct member_list **binding) +free_default(struct defaults *def) { debug_decl(free_default, SUDOERS_DEBUG_PARSER); - if (def->binding != *binding) { - *binding = def->binding; - if (def->binding != NULL) { - free_members(def->binding); - free(def->binding); - } - } - rcstr_delref(def->file); + free_defaults_binding(def->binding); + sudo_rcstr_delref(def->file); free(def->var); free(def->val); free(def); @@ -3506,12 +3657,71 @@ } void -free_privilege(struct privilege *priv) +free_cmndspec(struct cmndspec *cs, struct cmndspec_list *csl) +{ + struct cmndspec *prev, *next; + debug_decl(free_cmndspec, SUDOERS_DEBUG_PARSER); + + prev = TAILQ_PREV(cs, cmndspec_list, entries); + next = TAILQ_NEXT(cs, entries); + TAILQ_REMOVE(csl, cs, entries); + + /* Don't free runcwd/runchroot that are in use by other entries. */ + if ((prev == NULL || cs->runcwd != prev->runcwd) && + (next == NULL || cs->runcwd != next->runcwd)) { + free(cs->runcwd); + } + if ((prev == NULL || cs->runchroot != prev->runchroot) && + (next == NULL || cs->runchroot != next->runchroot)) { + free(cs->runchroot); + } +#ifdef HAVE_SELINUX + /* Don't free root/type that are in use by other entries. */ + if ((prev == NULL || cs->role != prev->role) && + (next == NULL || cs->role != next->role)) { + free(cs->role); + } + if ((prev == NULL || cs->type != prev->type) && + (next == NULL || cs->type != next->type)) { + free(cs->type); + } +#endif /* HAVE_SELINUX */ +#ifdef HAVE_PRIV_SET + /* Don't free privs/limitprivs that are in use by other entries. */ + if ((prev == NULL || cs->privs != prev->privs) && + (next == NULL || cs->privs != next->privs)) { + free(cs->privs); + } + if ((prev == NULL || cs->limitprivs != prev->limitprivs) && + (next == NULL || cs->limitprivs != next->limitprivs)) { + free(cs->limitprivs); + } +#endif /* HAVE_PRIV_SET */ + /* Don't free user/group lists that are in use by other entries. */ + if (cs->runasuserlist != NULL) { + if ((prev == NULL || cs->runasuserlist != prev->runasuserlist) && + (next == NULL || cs->runasuserlist != next->runasuserlist)) { + free_members(cs->runasuserlist); + free(cs->runasuserlist); + } + } + if (cs->runasgrouplist != NULL) { + if ((prev == NULL || cs->runasgrouplist != prev->runasgrouplist) && + (next == NULL || cs->runasgrouplist != next->runasgrouplist)) { + free_members(cs->runasgrouplist); + free(cs->runasgrouplist); + } + } + free_member(cs->cmnd); + free(cs); + + debug_return; +} + +void +free_cmndspecs(struct cmndspec_list *csl) { struct member_list *runasuserlist = NULL, *runasgrouplist = NULL; - struct member_list *prev_binding = NULL; - struct cmndspec *cs; - struct defaults *def; char *runcwd = NULL, *runchroot = NULL; #ifdef HAVE_SELINUX char *role = NULL, *type = NULL; @@ -3519,12 +3729,12 @@ #ifdef HAVE_PRIV_SET char *privs = NULL, *limitprivs = NULL; #endif /* HAVE_PRIV_SET */ - debug_decl(free_privilege, SUDOERS_DEBUG_PARSER); + struct cmndspec *cs; + debug_decl(free_cmndspecs, SUDOERS_DEBUG_PARSER); + + while ((cs = TAILQ_FIRST(csl)) != NULL) { + TAILQ_REMOVE(csl, cs, entries); - free(priv->ldap_role); - free_members(&priv->hostlist); - while ((cs = TAILQ_FIRST(&priv->cmndlist)) != NULL) { - TAILQ_REMOVE(&priv->cmndlist, cs, entries); /* Only free the first instance of runcwd/runchroot. */ if (cs->runcwd != runcwd) { runcwd = cs->runcwd; @@ -3570,9 +3780,22 @@ free_member(cs->cmnd); free(cs); } + + debug_return; +} + +void +free_privilege(struct privilege *priv) +{ + struct defaults *def; + debug_decl(free_privilege, SUDOERS_DEBUG_PARSER); + + free(priv->ldap_role); + free_members(&priv->hostlist); + free_cmndspecs(&priv->cmndlist); while ((def = TAILQ_FIRST(&priv->defaults)) != NULL) { TAILQ_REMOVE(&priv->defaults, def, entries); - free_default(def, &prev_binding); + free_default(def); } free(priv); @@ -3610,7 +3833,7 @@ free(comment->str); free(comment); } - rcstr_delref(us->file); + sudo_rcstr_delref(us->file); free(us); debug_return; @@ -3618,10 +3841,10 @@ /* * Initialized a sudoers parse tree. + * Takes ownership of lhost and shost. */ void -init_parse_tree(struct sudoers_parse_tree *parse_tree, const char *lhost, - const char *shost) +init_parse_tree(struct sudoers_parse_tree *parse_tree, char *lhost, char *shost) { TAILQ_INIT(&parse_tree->userspecs); TAILQ_INIT(&parse_tree->defaults); @@ -3652,6 +3875,10 @@ free_defaults(&parse_tree->defaults); free_aliases(parse_tree->aliases); parse_tree->aliases = NULL; + free(parse_tree->lhost); + if (parse_tree->shost != parse_tree->lhost) + free(parse_tree->shost); + parse_tree->lhost = parse_tree->shost = NULL; } /* @@ -3665,11 +3892,12 @@ debug_decl(init_parser, SUDOERS_DEBUG_PARSER); free_parse_tree(&parsed_policy); + parser_leak_init(); init_lexer(); - rcstr_delref(sudoers); + sudo_rcstr_delref(sudoers); if (path != NULL) { - if ((sudoers = rcstr_dup(path)) == NULL) { + if ((sudoers = sudo_rcstr_dup(path)) == NULL) { sudo_warnx(U_("%s: %s"), __func__, U_("unable to allocate memory")); ret = false; } @@ -3679,7 +3907,7 @@ parse_error = false; errorlineno = -1; - rcstr_delref(errorfile); + sudo_rcstr_delref(errorfile); errorfile = NULL; sudoers_warnings = !quiet; sudoers_strict = strict; @@ -3707,3 +3935,220 @@ opts->limitprivs = NULL; #endif } + +bool +parser_leak_add(enum parser_leak_types type, void *v) +{ +#ifdef NO_LEAKS + struct parser_leak_entry *entry; + debug_decl(parser_leak_add, SUDOERS_DEBUG_PARSER); + + if (v == NULL) + debug_return_bool(false); + + entry = calloc(1, sizeof(*entry)); + if (entry == NULL) { + sudo_warnx(U_("%s: %s"), __func__, U_("unable to allocate memory")); + debug_return_bool(false); + } + switch (type) { + case LEAK_PRIVILEGE: + entry->u.p = v; + break; + case LEAK_CMNDSPEC: + entry->u.cs = v; + break; + case LEAK_DEFAULTS: + entry->u.d = v; + break; + case LEAK_MEMBER: + entry->u.m = v; + break; + case LEAK_DIGEST: + entry->u.dig = v; + break; + case LEAK_RUNAS: + entry->u.rc = v; + break; + case LEAK_PTR: + entry->u.ptr = v; + break; + default: + free(entry); + sudo_warnx("unexpected leak type %d", type); + debug_return_bool(false); + } + entry->type = type; + SLIST_INSERT_HEAD(&parser_leak_list, entry, entries); + debug_return_bool(true); +#else + return true; +#endif /* NO_LEAKS */ +} + +bool +parser_leak_remove(enum parser_leak_types type, void *v) +{ +#ifdef NO_LEAKS + struct parser_leak_entry *entry, *prev = NULL; + debug_decl(parser_leak_remove, SUDOERS_DEBUG_PARSER); + + if (v == NULL) + debug_return_bool(false); + + SLIST_FOREACH(entry, &parser_leak_list, entries) { + switch (entry->type) { + case LEAK_PRIVILEGE: + if (entry->u.p == v) + goto found; + break; + case LEAK_CMNDSPEC: + if (entry->u.cs == v) + goto found; + break; + case LEAK_DEFAULTS: + if (entry->u.d == v) + goto found; + break; + case LEAK_MEMBER: + if (entry->u.m == v) + goto found; + break; + case LEAK_DIGEST: + if (entry->u.dig == v) + goto found; + break; + case LEAK_RUNAS: + if (entry->u.rc == v) + goto found; + break; + case LEAK_PTR: + if (entry->u.ptr == v) + goto found; + break; + default: + sudo_warnx("unexpected leak type %d in %p", entry->type, entry); + } + prev = entry; + } + /* If this happens, there is a bug in the leak tracking code. */ + sudo_warnx("%s: unable to find %p, type %d", __func__, v, type); + debug_return_bool(false); +found: + if (prev == NULL) + SLIST_REMOVE_HEAD(&parser_leak_list, entries); + else + SLIST_REMOVE_AFTER(prev, entries); + free(entry); + debug_return_bool(true); +#else + return true; +#endif /* NO_LEAKS */ +} + +void +parser_leak_free(void) +{ +#ifdef NO_LEAKS + struct parser_leak_entry *entry; + void *next; + debug_decl(parser_leak_run, SUDOERS_DEBUG_PARSER); + + /* Free the leaks. */ + while ((entry = SLIST_FIRST(&parser_leak_list))) { + SLIST_REMOVE_HEAD(&parser_leak_list, entries); + switch (entry->type) { + case LEAK_PRIVILEGE: + { + struct privilege *priv; + + HLTQ_FOREACH_SAFE(priv, entry->u.p, entries, next) + free_privilege(priv); + free(entry); + } + break; + case LEAK_CMNDSPEC: + { + struct cmndspec_list specs; + + HLTQ_TO_TAILQ(&specs, entry->u.cs, entries); + free_cmndspecs(&specs); + free(entry); + } + break; + case LEAK_DEFAULTS: + { + struct defaults_list defs; + + HLTQ_TO_TAILQ(&defs, entry->u.d, entries); + free_defaults(&defs); + free(entry); + } + break; + case LEAK_MEMBER: + { + struct member *m; + + HLTQ_FOREACH_SAFE(m, entry->u.m, entries, next) + free_member(m); + free(entry); + } + break; + case LEAK_DIGEST: + { + struct command_digest *dig; + + HLTQ_FOREACH_SAFE(dig, entry->u.dig, entries, next) { + free(dig->digest_str); + free(dig); + } + free(entry); + } + break; + case LEAK_RUNAS: + { + struct member *m; + + if (entry->u.rc->runasusers != NULL) { + HLTQ_FOREACH_SAFE(m, entry->u.rc->runasusers, entries, next) + free_member(m); + } + if (entry->u.rc->runasgroups != NULL) { + HLTQ_FOREACH_SAFE(m, entry->u.rc->runasgroups, entries, next) + free_member(m); + } + free(entry->u.rc); + free(entry); + break; + } + case LEAK_PTR: + free(entry->u.ptr); + free(entry); + break; + default: + sudo_warnx("unexpected garbage type %d", entry->type); + } + } + + debug_return; +#endif /* NO_LEAKS */ +} + +void +parser_leak_init(void) +{ +#ifdef NO_LEAKS + static bool initialized; + debug_decl(parser_leak_init, SUDOERS_DEBUG_PARSER); + + if (!initialized) { + atexit(parser_leak_free); + initialized = true; + debug_return; + } + + /* Already initialized, free existing leaks. */ + parser_leak_free(); + debug_return; +#endif /* NO_LEAKS */ +} diff -Nru sudo-1.9.5p2/plugins/sudoers/gram.h sudo-1.9.9/plugins/sudoers/gram.h --- sudo-1.9.5p2/plugins/sudoers/gram.h 2021-01-09 20:12:16.000000000 +0000 +++ sudo-1.9.9/plugins/sudoers/gram.h 2022-01-27 21:24:22.000000000 +0000 @@ -1,8 +1,8 @@ -/* A Bison parser, made by GNU Bison 3.7.4. */ +/* A Bison parser, made by GNU Bison 3.8.2. */ /* Bison interface for Yacc-like parsers in C - Copyright (C) 1984, 1989-1990, 2000-2015, 2018-2020 Free Software Foundation, + Copyright (C) 1984, 1989-1990, 2000-2015, 2018-2021 Free Software Foundation, Inc. This program is free software: you can redistribute it and/or modify @@ -16,7 +16,7 @@ GNU General Public License for more details. You should have received a copy of the GNU General Public License - along with this program. If not, see . */ + along with this program. If not, see . */ /* As a special exception, you may create a larger work that contains part or all of the Bison parser skeleton and distribute that work @@ -83,27 +83,29 @@ NOMAIL = 284, /* NOMAIL */ FOLLOWLNK = 285, /* FOLLOWLNK */ NOFOLLOWLNK = 286, /* NOFOLLOWLNK */ - ALL = 287, /* ALL */ - HOSTALIAS = 288, /* HOSTALIAS */ - CMNDALIAS = 289, /* CMNDALIAS */ - USERALIAS = 290, /* USERALIAS */ - RUNASALIAS = 291, /* RUNASALIAS */ - ERROR = 292, /* ERROR */ - NOMATCH = 293, /* NOMATCH */ - CHROOT = 294, /* CHROOT */ - CWD = 295, /* CWD */ - TYPE = 296, /* TYPE */ - ROLE = 297, /* ROLE */ - PRIVS = 298, /* PRIVS */ - LIMITPRIVS = 299, /* LIMITPRIVS */ - CMND_TIMEOUT = 300, /* CMND_TIMEOUT */ - NOTBEFORE = 301, /* NOTBEFORE */ - NOTAFTER = 302, /* NOTAFTER */ - MYSELF = 303, /* MYSELF */ - SHA224_TOK = 304, /* SHA224_TOK */ - SHA256_TOK = 305, /* SHA256_TOK */ - SHA384_TOK = 306, /* SHA384_TOK */ - SHA512_TOK = 307 /* SHA512_TOK */ + INTERCEPT = 287, /* INTERCEPT */ + NOINTERCEPT = 288, /* NOINTERCEPT */ + ALL = 289, /* ALL */ + HOSTALIAS = 290, /* HOSTALIAS */ + CMNDALIAS = 291, /* CMNDALIAS */ + USERALIAS = 292, /* USERALIAS */ + RUNASALIAS = 293, /* RUNASALIAS */ + ERROR = 294, /* ERROR */ + NOMATCH = 295, /* NOMATCH */ + CHROOT = 296, /* CHROOT */ + CWD = 297, /* CWD */ + TYPE = 298, /* TYPE */ + ROLE = 299, /* ROLE */ + PRIVS = 300, /* PRIVS */ + LIMITPRIVS = 301, /* LIMITPRIVS */ + CMND_TIMEOUT = 302, /* CMND_TIMEOUT */ + NOTBEFORE = 303, /* NOTBEFORE */ + NOTAFTER = 304, /* NOTAFTER */ + MYSELF = 305, /* MYSELF */ + SHA224_TOK = 306, /* SHA224_TOK */ + SHA256_TOK = 307, /* SHA256_TOK */ + SHA384_TOK = 308, /* SHA384_TOK */ + SHA512_TOK = 309 /* SHA512_TOK */ }; typedef enum yytokentype yytoken_kind_t; #endif @@ -141,33 +143,35 @@ #define NOMAIL 284 #define FOLLOWLNK 285 #define NOFOLLOWLNK 286 -#define ALL 287 -#define HOSTALIAS 288 -#define CMNDALIAS 289 -#define USERALIAS 290 -#define RUNASALIAS 291 -#define ERROR 292 -#define NOMATCH 293 -#define CHROOT 294 -#define CWD 295 -#define TYPE 296 -#define ROLE 297 -#define PRIVS 298 -#define LIMITPRIVS 299 -#define CMND_TIMEOUT 300 -#define NOTBEFORE 301 -#define NOTAFTER 302 -#define MYSELF 303 -#define SHA224_TOK 304 -#define SHA256_TOK 305 -#define SHA384_TOK 306 -#define SHA512_TOK 307 +#define INTERCEPT 287 +#define NOINTERCEPT 288 +#define ALL 289 +#define HOSTALIAS 290 +#define CMNDALIAS 291 +#define USERALIAS 292 +#define RUNASALIAS 293 +#define ERROR 294 +#define NOMATCH 295 +#define CHROOT 296 +#define CWD 297 +#define TYPE 298 +#define ROLE 299 +#define PRIVS 300 +#define LIMITPRIVS 301 +#define CMND_TIMEOUT 302 +#define NOTBEFORE 303 +#define NOTAFTER 304 +#define MYSELF 305 +#define SHA224_TOK 306 +#define SHA256_TOK 307 +#define SHA384_TOK 308 +#define SHA512_TOK 309 /* Value type. */ #if ! defined YYSTYPE && ! defined YYSTYPE_IS_DECLARED union YYSTYPE { -#line 83 "gram.y" +#line 86 "gram.y" struct cmndspec *cmndspec; struct defaults *defaults; @@ -181,7 +185,7 @@ char *string; int tok; -#line 185 "y.tab.h" +#line 189 "y.tab.h" }; typedef union YYSTYPE YYSTYPE; @@ -192,6 +196,8 @@ extern YYSTYPE sudoerslval; + int sudoersparse (void); + #endif /* !YY_SUDOERS_Y_TAB_H_INCLUDED */ diff -Nru sudo-1.9.5p2/plugins/sudoers/gram.y sudo-1.9.9/plugins/sudoers/gram.y --- sudo-1.9.5p2/plugins/sudoers/gram.y 2021-01-09 20:12:16.000000000 +0000 +++ sudo-1.9.9/plugins/sudoers/gram.y 2022-01-27 21:24:22.000000000 +0000 @@ -2,7 +2,7 @@ /* * SPDX-License-Identifier: ISC * - * Copyright (c) 1996, 1998-2005, 2007-2013, 2014-2020 + * Copyright (c) 1996, 1998-2005, 2007-2013, 2014-2021 * Todd C. Miller * * Permission to use, copy, modify, and distribute this software for any @@ -29,9 +29,6 @@ #include #include #include -#if defined(YYBISON) && defined(HAVE_ALLOCA_H) && !defined(__GNUC__) -# include -#endif /* YYBISON && HAVE_ALLOCA_H && !__GNUC__ */ #include #include "sudoers.h" @@ -59,7 +56,13 @@ static int alias_line, alias_column; +#ifdef NO_LEAKS +static struct parser_leak_list parser_leak_list = + SLIST_HEAD_INITIALIZER(parser_leak_list); +#endif + struct sudoers_parse_tree parsed_policy = { + { NULL, NULL }, /* entries */ TAILQ_HEAD_INITIALIZER(parsed_policy.userspecs), TAILQ_HEAD_INITIALIZER(parsed_policy.defaults), NULL, /* aliases */ @@ -124,6 +127,8 @@ %token NOMAIL /* don't mail log message */ %token FOLLOWLNK /* follow symbolic links */ %token NOFOLLOWLNK /* don't follow symbolic links */ +%token INTERCEPT /* intercept children of command */ +%token NOINTERCEPT /* disable intercepting of children */ %token ALL /* ALL keyword */ %token HOSTALIAS /* Host_Alias keyword */ %token CMNDALIAS /* Cmnd_Alias keyword */ @@ -207,16 +212,20 @@ } | include { if (!push_include($1, false)) { + parser_leak_remove(LEAK_PTR, $1); free($1); YYERROR; } + parser_leak_remove(LEAK_PTR, $1); free($1); } | includedir { if (!push_include($1, true)) { + parser_leak_remove(LEAK_PTR, $1); free($1); YYERROR; } + parser_leak_remove(LEAK_PTR, $1); free($1); } | userlist privileges '\n' { @@ -279,6 +288,7 @@ defaults_list : defaults_entry | defaults_list ',' defaults_entry { + parser_leak_remove(LEAK_DEFAULTS, $3); HLTQ_CONCAT($1, $3, entries); $$ = $1; } @@ -290,6 +300,8 @@ sudoerserror(N_("unable to allocate memory")); YYERROR; } + parser_leak_remove(LEAK_PTR, $1); + parser_leak_add(LEAK_DEFAULTS, $$); } | '!' DEFVAR { $$ = new_default($2, NULL, false); @@ -297,6 +309,8 @@ sudoerserror(N_("unable to allocate memory")); YYERROR; } + parser_leak_remove(LEAK_PTR, $2); + parser_leak_add(LEAK_DEFAULTS, $$); } | DEFVAR '=' WORD { $$ = new_default($1, $3, true); @@ -304,6 +318,9 @@ sudoerserror(N_("unable to allocate memory")); YYERROR; } + parser_leak_remove(LEAK_PTR, $1); + parser_leak_remove(LEAK_PTR, $3); + parser_leak_add(LEAK_DEFAULTS, $$); } | DEFVAR '+' WORD { $$ = new_default($1, $3, '+'); @@ -311,6 +328,9 @@ sudoerserror(N_("unable to allocate memory")); YYERROR; } + parser_leak_remove(LEAK_PTR, $1); + parser_leak_remove(LEAK_PTR, $3); + parser_leak_add(LEAK_DEFAULTS, $$); } | DEFVAR '-' WORD { $$ = new_default($1, $3, '-'); @@ -318,11 +338,15 @@ sudoerserror(N_("unable to allocate memory")); YYERROR; } + parser_leak_remove(LEAK_PTR, $1); + parser_leak_remove(LEAK_PTR, $3); + parser_leak_add(LEAK_DEFAULTS, $$); } ; privileges : privilege | privileges ':' privilege { + parser_leak_remove(LEAK_PRIVILEGE, $3); HLTQ_CONCAT($1, $3, entries); $$ = $1; } @@ -338,8 +362,11 @@ sudoerserror(N_("unable to allocate memory")); YYERROR; } + parser_leak_add(LEAK_PRIVILEGE, p); TAILQ_INIT(&p->defaults); + parser_leak_remove(LEAK_MEMBER, $1); HLTQ_TO_TAILQ(&p->hostlist, $1, entries); + parser_leak_remove(LEAK_CMNDSPEC, $3); HLTQ_TO_TAILQ(&p->cmndlist, $3, entries); HLTQ_INIT(p, entries); $$ = p; @@ -362,6 +389,8 @@ sudoerserror(N_("unable to allocate memory")); YYERROR; } + parser_leak_remove(LEAK_PTR, $1); + parser_leak_add(LEAK_MEMBER, $$); } | ALL { $$ = new_member(NULL, ALL); @@ -369,6 +398,7 @@ sudoerserror(N_("unable to allocate memory")); YYERROR; } + parser_leak_add(LEAK_MEMBER, $$); } | NETGROUP { $$ = new_member($1, NETGROUP); @@ -376,6 +406,8 @@ sudoerserror(N_("unable to allocate memory")); YYERROR; } + parser_leak_remove(LEAK_PTR, $1); + parser_leak_add(LEAK_MEMBER, $$); } | NTWKADDR { $$ = new_member($1, NTWKADDR); @@ -383,6 +415,8 @@ sudoerserror(N_("unable to allocate memory")); YYERROR; } + parser_leak_remove(LEAK_PTR, $1); + parser_leak_add(LEAK_MEMBER, $$); } | WORD { $$ = new_member($1, WORD); @@ -390,6 +424,8 @@ sudoerserror(N_("unable to allocate memory")); YYERROR; } + parser_leak_remove(LEAK_PTR, $1); + parser_leak_add(LEAK_MEMBER, $$); } ; @@ -397,6 +433,7 @@ | cmndspeclist ',' cmndspec { struct cmndspec *prev; prev = HLTQ_LAST($1, cmndspec, entries); + parser_leak_remove(LEAK_CMNDSPEC, $3); HLTQ_CONCAT($1, $3, entries); /* propagate runcwd and runchroot */ @@ -431,6 +468,8 @@ $3->tags.nopasswd = prev->tags.nopasswd; if ($3->tags.noexec == UNSPEC) $3->tags.noexec = prev->tags.noexec; + if ($3->tags.intercept == UNSPEC) + $3->tags.intercept = prev->tags.intercept; if ($3->tags.setenv == UNSPEC && prev->tags.setenv != IMPLIED) $3->tags.setenv = prev->tags.setenv; @@ -459,6 +498,7 @@ sudoerserror(N_("unable to allocate memory")); YYERROR; } + parser_leak_add(LEAK_CMNDSPEC, cs); if ($1 != NULL) { if ($1->runasusers != NULL) { cs->runasuserlist = @@ -468,6 +508,7 @@ sudoerserror(N_("unable to allocate memory")); YYERROR; } + /* g/c done via runas container */ HLTQ_TO_TAILQ(cs->runasuserlist, $1->runasusers, entries); } @@ -479,26 +520,35 @@ sudoerserror(N_("unable to allocate memory")); YYERROR; } + /* g/c done via runas container */ HLTQ_TO_TAILQ(cs->runasgrouplist, $1->runasgroups, entries); } + parser_leak_remove(LEAK_RUNAS, $1); free($1); } #ifdef HAVE_SELINUX cs->role = $2.role; + parser_leak_remove(LEAK_PTR, $2.role); cs->type = $2.type; + parser_leak_remove(LEAK_PTR, $2.type); #endif #ifdef HAVE_PRIV_SET cs->privs = $2.privs; + parser_leak_remove(LEAK_PTR, $2.privs); cs->limitprivs = $2.limitprivs; + parser_leak_remove(LEAK_PTR, $2.limitprivs); #endif cs->notbefore = $2.notbefore; cs->notafter = $2.notafter; cs->timeout = $2.timeout; cs->runcwd = $2.runcwd; + parser_leak_remove(LEAK_PTR, $2.runcwd); cs->runchroot = $2.runchroot; + parser_leak_remove(LEAK_PTR, $2.runchroot); cs->tags = $3; cs->cmnd = $4; + parser_leak_remove(LEAK_MEMBER, $4); HLTQ_INIT(cs, entries); /* sudo "ALL" implies the SETENV tag */ if (cs->cmnd->type == ALL && !cs->cmnd->negated && @@ -514,6 +564,8 @@ sudoerserror(N_("unable to allocate memory")); YYERROR; } + parser_leak_remove(LEAK_PTR, $3); + parser_leak_add(LEAK_DIGEST, $$); } | SHA256_TOK ':' DIGEST { $$ = new_digest(SUDO_DIGEST_SHA256, $3); @@ -521,6 +573,8 @@ sudoerserror(N_("unable to allocate memory")); YYERROR; } + parser_leak_remove(LEAK_PTR, $3); + parser_leak_add(LEAK_DIGEST, $$); } | SHA384_TOK ':' DIGEST { $$ = new_digest(SUDO_DIGEST_SHA384, $3); @@ -528,6 +582,8 @@ sudoerserror(N_("unable to allocate memory")); YYERROR; } + parser_leak_remove(LEAK_PTR, $3); + parser_leak_add(LEAK_DIGEST, $$); } | SHA512_TOK ':' DIGEST { $$ = new_digest(SUDO_DIGEST_SHA512, $3); @@ -535,11 +591,14 @@ sudoerserror(N_("unable to allocate memory")); YYERROR; } + parser_leak_remove(LEAK_PTR, $3); + parser_leak_add(LEAK_DIGEST, $$); } ; digestlist : digestspec | digestlist ',' digestspec { + parser_leak_remove(LEAK_DIGEST, $3); HLTQ_CONCAT($1, $3, entries); $$ = $1; } @@ -556,14 +615,7 @@ sudoerserror(N_("a digest requires a path name")); YYERROR; } - if (c == NULL) { - /* lazy-allocate sudo_command for ALL */ - if ((c = new_command(NULL, NULL)) == NULL) { - sudoerserror(N_("unable to allocate memory")); - YYERROR; - } - $2->name = (char *)c; - } + parser_leak_remove(LEAK_DIGEST, $1); HLTQ_TO_TAILQ(&c->digests, $1, entries); $$ = $2; } @@ -587,6 +639,10 @@ YYERROR; } } + if (strlen($3) >= PATH_MAX) { + sudoerserror(N_("\"CWD\" path too long")); + YYERROR; + } $$ = $3; } ; @@ -599,6 +655,10 @@ YYERROR; } } + if (strlen($3) >= PATH_MAX) { + sudoerserror(N_("\"CHROOT\" path too long")); + YYERROR; + } $$ = $3; } ; @@ -658,6 +718,7 @@ sudoerserror(N_("unable to allocate memory")); YYERROR; } + parser_leak_add(LEAK_RUNAS, $$); } | userlist { $$ = calloc(1, sizeof(struct runascontainer)); @@ -665,6 +726,8 @@ sudoerserror(N_("unable to allocate memory")); YYERROR; } + parser_leak_add(LEAK_RUNAS, $$); + parser_leak_remove(LEAK_MEMBER, $1); $$->runasusers = $1; /* $$->runasgroups = NULL; */ } @@ -674,6 +737,9 @@ sudoerserror(N_("unable to allocate memory")); YYERROR; } + parser_leak_add(LEAK_RUNAS, $$); + parser_leak_remove(LEAK_MEMBER, $1); + parser_leak_remove(LEAK_MEMBER, $3); $$->runasusers = $1; $$->runasgroups = $3; } @@ -683,6 +749,8 @@ sudoerserror(N_("unable to allocate memory")); YYERROR; } + parser_leak_add(LEAK_RUNAS, $$); + parser_leak_remove(LEAK_MEMBER, $2); /* $$->runasusers = NULL; */ $$->runasgroups = $2; } @@ -700,6 +768,7 @@ sudoerserror(N_("unable to allocate memory")); YYERROR; } + parser_leak_add(LEAK_RUNAS, $$); } ; @@ -725,15 +794,18 @@ init_options(&$$); } | options chdirspec { + parser_leak_remove(LEAK_PTR, $$.runcwd); free($$.runcwd); $$.runcwd = $2; } | options chrootspec { + parser_leak_remove(LEAK_PTR, $$.runchroot); free($$.runchroot); $$.runchroot = $2; } | options notbeforespec { $$.notbefore = parse_gentime($2); + parser_leak_remove(LEAK_PTR, $2); free($2); if ($$.notbefore == -1) { sudoerserror(N_("invalid notbefore value")); @@ -742,6 +814,7 @@ } | options notafterspec { $$.notafter = parse_gentime($2); + parser_leak_remove(LEAK_PTR, $2); free($2); if ($$.notafter == -1) { sudoerserror(N_("invalid notafter value")); @@ -750,6 +823,7 @@ } | options timeoutspec { $$.timeout = parse_timeout($2); + parser_leak_remove(LEAK_PTR, $2); free($2); if ($$.timeout == -1) { if (errno == ERANGE) @@ -761,24 +835,28 @@ } | options rolespec { #ifdef HAVE_SELINUX + parser_leak_remove(LEAK_PTR, $$.role); free($$.role); $$.role = $2; #endif } | options typespec { #ifdef HAVE_SELINUX + parser_leak_remove(LEAK_PTR, $$.type); free($$.type); $$.type = $2; #endif } | options privsspec { #ifdef HAVE_PRIV_SET + parser_leak_remove(LEAK_PTR, $$.privs); free($$.privs); $$.privs = $2; #endif } | options limitprivsspec { #ifdef HAVE_PRIV_SET + parser_leak_remove(LEAK_PTR, $$.limitprivs); free($$.limitprivs); $$.limitprivs = $2; #endif @@ -800,6 +878,12 @@ | cmndtag EXEC { $$.noexec = false; } + | cmndtag INTERCEPT { + $$.intercept = true; + } + | cmndtag NOINTERCEPT { + $$.intercept = false; + } | cmndtag SETENV { $$.setenv = true; } @@ -833,11 +917,18 @@ ; cmnd : ALL { - $$ = new_member(NULL, ALL); + struct sudo_command *c; + + if ((c = new_command(NULL, NULL)) == NULL) { + sudoerserror(N_("unable to allocate memory")); + YYERROR; + } + $$ = new_member((char *)c, ALL); if ($$ == NULL) { sudoerserror(N_("unable to allocate memory")); YYERROR; } + parser_leak_add(LEAK_MEMBER, $$); } | ALIAS { $$ = new_member($1, ALIAS); @@ -845,10 +936,16 @@ sudoerserror(N_("unable to allocate memory")); YYERROR; } + parser_leak_remove(LEAK_PTR, $1); + parser_leak_add(LEAK_MEMBER, $$); } | COMMAND { struct sudo_command *c; + if (strlen($1.cmnd) >= PATH_MAX) { + sudoerserror(N_("command too long")); + YYERROR; + } if ((c = new_command($1.cmnd, $1.args)) == NULL) { sudoerserror(N_("unable to allocate memory")); YYERROR; @@ -859,6 +956,9 @@ sudoerserror(N_("unable to allocate memory")); YYERROR; } + parser_leak_remove(LEAK_PTR, $1.cmnd); + parser_leak_remove(LEAK_PTR, $1.args); + parser_leak_add(LEAK_MEMBER, $$); } ; @@ -875,12 +975,15 @@ alias_error($1, errno); YYERROR; } + parser_leak_remove(LEAK_PTR, $1); + parser_leak_remove(LEAK_MEMBER, $4); } | reserved_alias '=' hostlist ; hostlist : ophost | hostlist ',' ophost { + parser_leak_remove(LEAK_MEMBER, $3); HLTQ_CONCAT($1, $3, entries); $$ = $1; } @@ -899,12 +1002,15 @@ alias_error($1, errno); YYERROR; } + parser_leak_remove(LEAK_PTR, $1); + parser_leak_remove(LEAK_MEMBER, $4); } | reserved_alias '=' cmndlist ; cmndlist : digcmnd | cmndlist ',' digcmnd { + parser_leak_remove(LEAK_MEMBER, $3); HLTQ_CONCAT($1, $3, entries); $$ = $1; } @@ -923,6 +1029,8 @@ alias_error($1, errno); YYERROR; } + parser_leak_remove(LEAK_PTR, $1); + parser_leak_remove(LEAK_MEMBER, $4); } | reserved_alias '=' userlist ; @@ -940,12 +1048,15 @@ alias_error($1, errno); YYERROR; } + parser_leak_remove(LEAK_PTR, $1); + parser_leak_remove(LEAK_MEMBER, $4); } | reserved_alias '=' userlist ; userlist : opuser | userlist ',' opuser { + parser_leak_remove(LEAK_MEMBER, $3); HLTQ_CONCAT($1, $3, entries); $$ = $1; } @@ -967,6 +1078,8 @@ sudoerserror(N_("unable to allocate memory")); YYERROR; } + parser_leak_remove(LEAK_PTR, $1); + parser_leak_add(LEAK_MEMBER, $$); } | ALL { $$ = new_member(NULL, ALL); @@ -974,6 +1087,7 @@ sudoerserror(N_("unable to allocate memory")); YYERROR; } + parser_leak_add(LEAK_MEMBER, $$); } | NETGROUP { $$ = new_member($1, NETGROUP); @@ -981,6 +1095,8 @@ sudoerserror(N_("unable to allocate memory")); YYERROR; } + parser_leak_remove(LEAK_PTR, $1); + parser_leak_add(LEAK_MEMBER, $$); } | USERGROUP { $$ = new_member($1, USERGROUP); @@ -988,6 +1104,8 @@ sudoerserror(N_("unable to allocate memory")); YYERROR; } + parser_leak_remove(LEAK_PTR, $1); + parser_leak_add(LEAK_MEMBER, $$); } | WORD { $$ = new_member($1, WORD); @@ -995,11 +1113,14 @@ sudoerserror(N_("unable to allocate memory")); YYERROR; } + parser_leak_remove(LEAK_PTR, $1); + parser_leak_add(LEAK_MEMBER, $$); } ; grouplist : opgroup | grouplist ',' opgroup { + parser_leak_remove(LEAK_MEMBER, $3); HLTQ_CONCAT($1, $3, entries); $$ = $1; } @@ -1021,6 +1142,8 @@ sudoerserror(N_("unable to allocate memory")); YYERROR; } + parser_leak_remove(LEAK_PTR, $1); + parser_leak_add(LEAK_MEMBER, $$); } | ALL { $$ = new_member(NULL, ALL); @@ -1028,6 +1151,7 @@ sudoerserror(N_("unable to allocate memory")); YYERROR; } + parser_leak_add(LEAK_MEMBER, $$); } | WORD { $$ = new_member($1, WORD); @@ -1035,6 +1159,8 @@ sudoerserror(N_("unable to allocate memory")); YYERROR; } + parser_leak_remove(LEAK_PTR, $1); + parser_leak_add(LEAK_MEMBER, $$); } ; %% @@ -1044,15 +1170,11 @@ { debug_decl(sudoerserrorf, SUDOERS_DEBUG_PARSER); - /* The lexer displays more detailed messages for ERROR tokens. */ - if (sudoerschar == ERROR) - debug_return; - /* Save the line the first error occurred on. */ if (errorlineno == -1) { errorlineno = this_lineno; - rcstr_delref(errorfile); - errorfile = rcstr_addref(sudoers); + sudo_rcstr_delref(errorfile); + errorfile = sudo_rcstr_addref(sudoers); } if (sudoers_warnings && fmt != NULL) { LEXTRACE("<*> "); @@ -1064,8 +1186,12 @@ /* Warnings are displayed in the user's locale. */ sudoers_setlocale(SUDOERS_LOCALE_USER, &oldlocale); + va_start(ap, fmt); - if (strcmp(fmt, "%s") == 0) { + if (sudoerschar == ERROR) { + /* Use error string from lexer. */ + s = _(sudoers_errstr); + } else if (strcmp(fmt, "%s") == 0) { /* Optimize common case, a single string. */ s = _(va_arg(ap, char *)); } else { @@ -1139,10 +1265,10 @@ d->val = val; /* d->type = 0; */ d->op = op; - /* d->binding = NULL */ + /* d->binding = NULL; */ d->line = this_lineno; d->column = sudolinebuf.toke_start + 1; - d->file = rcstr_addref(sudoers); + d->file = sudo_rcstr_addref(sudoers); HLTQ_INIT(d, entries); debug_return_ptr(d); @@ -1167,16 +1293,6 @@ debug_return_ptr(m); } -/* - * Like new_member() but uses ALL for the type. - * Used by the ldap and sssd back-ends, which don't include gram.h. - */ -struct member * -new_member_all(char *name) -{ - return new_member(name, ALL); -} - static struct sudo_command * new_command(char *cmnd, char *args) { @@ -1188,6 +1304,7 @@ "unable to allocate memory"); debug_return_ptr(NULL); } + /* garbage collected as part of struct member */ c->cmnd = cmnd; c->args = args; @@ -1221,43 +1338,65 @@ debug_return_ptr(digest); } +static void +free_defaults_binding(struct defaults_binding *binding) +{ + debug_decl(free_defaults_binding, SUDOERS_DEBUG_PARSER); + + /* Bindings may be shared among multiple Defaults entries. */ + if (binding != NULL) { + if (--binding->refcnt == 0) { + free_members(&binding->members); + free(binding); + } + } + + debug_return; +} + /* * Add a list of defaults structures to the defaults list. - * The binding, if non-NULL, specifies a list of hosts, users, or - * runas users the entries apply to (specified by the type). + * The bmem argument, if non-NULL, specifies a list of hosts, users, + * or runas users the entries apply to (determined by the type). */ static bool add_defaults(int type, struct member *bmem, struct defaults *defs) { struct defaults *d, *next; - struct member_list *binding; + struct defaults_binding *binding; bool ret = true; debug_decl(add_defaults, SUDOERS_DEBUG_PARSER); - if (defs != NULL) { - /* - * We use a single binding for each entry in defs. - */ - if ((binding = malloc(sizeof(*binding))) == NULL) { - sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO, - "unable to allocate memory"); - sudoerserror(N_("unable to allocate memory")); - debug_return_bool(false); - } - if (bmem != NULL) - HLTQ_TO_TAILQ(binding, bmem, entries); - else - TAILQ_INIT(binding); - - /* - * Set type and binding (who it applies to) for new entries. - * Then add to the global defaults list. - */ - HLTQ_FOREACH_SAFE(d, defs, entries, next) { - d->type = type; - d->binding = binding; - TAILQ_INSERT_TAIL(&parsed_policy.defaults, d, entries); - } + if (defs == NULL) + debug_return_bool(false); + + /* + * We use a single binding for each entry in defs. + */ + if ((binding = malloc(sizeof(*binding))) == NULL) { + sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO, + "unable to allocate memory"); + sudoerserror(N_("unable to allocate memory")); + debug_return_bool(false); + } + if (bmem != NULL) { + parser_leak_remove(LEAK_MEMBER, bmem); + HLTQ_TO_TAILQ(&binding->members, bmem, entries); + } else { + TAILQ_INIT(&binding->members); + } + binding->refcnt = 0; + + /* + * Set type and binding (who it applies to) for new entries. + * Then add to the global defaults list. + */ + parser_leak_remove(LEAK_DEFAULTS, defs); + HLTQ_FOREACH_SAFE(d, defs, entries, next) { + d->type = type; + d->binding = binding; + binding->refcnt++; + TAILQ_INSERT_TAIL(&parsed_policy.defaults, d, entries); } debug_return_bool(ret); @@ -1280,8 +1419,10 @@ } u->line = this_lineno; u->column = sudolinebuf.toke_start + 1; - u->file = rcstr_addref(sudoers); + u->file = sudo_rcstr_addref(sudoers); + parser_leak_remove(LEAK_MEMBER, members); HLTQ_TO_TAILQ(&u->users, members, entries); + parser_leak_remove(LEAK_PRIVILEGE, privs); HLTQ_TO_TAILQ(&u->privileges, privs, entries); STAILQ_INIT(&u->comments); TAILQ_INSERT_TAIL(&parsed_policy.userspecs, u, entries); @@ -1334,31 +1475,24 @@ void free_defaults(struct defaults_list *defs) { - struct member_list *prev_binding = NULL; struct defaults *def; debug_decl(free_defaults, SUDOERS_DEBUG_PARSER); while ((def = TAILQ_FIRST(defs)) != NULL) { TAILQ_REMOVE(defs, def, entries); - free_default(def, &prev_binding); + free_default(def); } debug_return; } void -free_default(struct defaults *def, struct member_list **binding) +free_default(struct defaults *def) { debug_decl(free_default, SUDOERS_DEBUG_PARSER); - if (def->binding != *binding) { - *binding = def->binding; - if (def->binding != NULL) { - free_members(def->binding); - free(def->binding); - } - } - rcstr_delref(def->file); + free_defaults_binding(def->binding); + sudo_rcstr_delref(def->file); free(def->var); free(def->val); free(def); @@ -1367,12 +1501,71 @@ } void -free_privilege(struct privilege *priv) +free_cmndspec(struct cmndspec *cs, struct cmndspec_list *csl) +{ + struct cmndspec *prev, *next; + debug_decl(free_cmndspec, SUDOERS_DEBUG_PARSER); + + prev = TAILQ_PREV(cs, cmndspec_list, entries); + next = TAILQ_NEXT(cs, entries); + TAILQ_REMOVE(csl, cs, entries); + + /* Don't free runcwd/runchroot that are in use by other entries. */ + if ((prev == NULL || cs->runcwd != prev->runcwd) && + (next == NULL || cs->runcwd != next->runcwd)) { + free(cs->runcwd); + } + if ((prev == NULL || cs->runchroot != prev->runchroot) && + (next == NULL || cs->runchroot != next->runchroot)) { + free(cs->runchroot); + } +#ifdef HAVE_SELINUX + /* Don't free root/type that are in use by other entries. */ + if ((prev == NULL || cs->role != prev->role) && + (next == NULL || cs->role != next->role)) { + free(cs->role); + } + if ((prev == NULL || cs->type != prev->type) && + (next == NULL || cs->type != next->type)) { + free(cs->type); + } +#endif /* HAVE_SELINUX */ +#ifdef HAVE_PRIV_SET + /* Don't free privs/limitprivs that are in use by other entries. */ + if ((prev == NULL || cs->privs != prev->privs) && + (next == NULL || cs->privs != next->privs)) { + free(cs->privs); + } + if ((prev == NULL || cs->limitprivs != prev->limitprivs) && + (next == NULL || cs->limitprivs != next->limitprivs)) { + free(cs->limitprivs); + } +#endif /* HAVE_PRIV_SET */ + /* Don't free user/group lists that are in use by other entries. */ + if (cs->runasuserlist != NULL) { + if ((prev == NULL || cs->runasuserlist != prev->runasuserlist) && + (next == NULL || cs->runasuserlist != next->runasuserlist)) { + free_members(cs->runasuserlist); + free(cs->runasuserlist); + } + } + if (cs->runasgrouplist != NULL) { + if ((prev == NULL || cs->runasgrouplist != prev->runasgrouplist) && + (next == NULL || cs->runasgrouplist != next->runasgrouplist)) { + free_members(cs->runasgrouplist); + free(cs->runasgrouplist); + } + } + free_member(cs->cmnd); + free(cs); + + debug_return; +} + +void +free_cmndspecs(struct cmndspec_list *csl) { struct member_list *runasuserlist = NULL, *runasgrouplist = NULL; - struct member_list *prev_binding = NULL; - struct cmndspec *cs; - struct defaults *def; char *runcwd = NULL, *runchroot = NULL; #ifdef HAVE_SELINUX char *role = NULL, *type = NULL; @@ -1380,12 +1573,12 @@ #ifdef HAVE_PRIV_SET char *privs = NULL, *limitprivs = NULL; #endif /* HAVE_PRIV_SET */ - debug_decl(free_privilege, SUDOERS_DEBUG_PARSER); + struct cmndspec *cs; + debug_decl(free_cmndspecs, SUDOERS_DEBUG_PARSER); + + while ((cs = TAILQ_FIRST(csl)) != NULL) { + TAILQ_REMOVE(csl, cs, entries); - free(priv->ldap_role); - free_members(&priv->hostlist); - while ((cs = TAILQ_FIRST(&priv->cmndlist)) != NULL) { - TAILQ_REMOVE(&priv->cmndlist, cs, entries); /* Only free the first instance of runcwd/runchroot. */ if (cs->runcwd != runcwd) { runcwd = cs->runcwd; @@ -1431,9 +1624,22 @@ free_member(cs->cmnd); free(cs); } + + debug_return; +} + +void +free_privilege(struct privilege *priv) +{ + struct defaults *def; + debug_decl(free_privilege, SUDOERS_DEBUG_PARSER); + + free(priv->ldap_role); + free_members(&priv->hostlist); + free_cmndspecs(&priv->cmndlist); while ((def = TAILQ_FIRST(&priv->defaults)) != NULL) { TAILQ_REMOVE(&priv->defaults, def, entries); - free_default(def, &prev_binding); + free_default(def); } free(priv); @@ -1471,7 +1677,7 @@ free(comment->str); free(comment); } - rcstr_delref(us->file); + sudo_rcstr_delref(us->file); free(us); debug_return; @@ -1479,10 +1685,10 @@ /* * Initialized a sudoers parse tree. + * Takes ownership of lhost and shost. */ void -init_parse_tree(struct sudoers_parse_tree *parse_tree, const char *lhost, - const char *shost) +init_parse_tree(struct sudoers_parse_tree *parse_tree, char *lhost, char *shost) { TAILQ_INIT(&parse_tree->userspecs); TAILQ_INIT(&parse_tree->defaults); @@ -1513,6 +1719,10 @@ free_defaults(&parse_tree->defaults); free_aliases(parse_tree->aliases); parse_tree->aliases = NULL; + free(parse_tree->lhost); + if (parse_tree->shost != parse_tree->lhost) + free(parse_tree->shost); + parse_tree->lhost = parse_tree->shost = NULL; } /* @@ -1526,11 +1736,12 @@ debug_decl(init_parser, SUDOERS_DEBUG_PARSER); free_parse_tree(&parsed_policy); + parser_leak_init(); init_lexer(); - rcstr_delref(sudoers); + sudo_rcstr_delref(sudoers); if (path != NULL) { - if ((sudoers = rcstr_dup(path)) == NULL) { + if ((sudoers = sudo_rcstr_dup(path)) == NULL) { sudo_warnx(U_("%s: %s"), __func__, U_("unable to allocate memory")); ret = false; } @@ -1540,7 +1751,7 @@ parse_error = false; errorlineno = -1; - rcstr_delref(errorfile); + sudo_rcstr_delref(errorfile); errorfile = NULL; sudoers_warnings = !quiet; sudoers_strict = strict; @@ -1568,3 +1779,220 @@ opts->limitprivs = NULL; #endif } + +bool +parser_leak_add(enum parser_leak_types type, void *v) +{ +#ifdef NO_LEAKS + struct parser_leak_entry *entry; + debug_decl(parser_leak_add, SUDOERS_DEBUG_PARSER); + + if (v == NULL) + debug_return_bool(false); + + entry = calloc(1, sizeof(*entry)); + if (entry == NULL) { + sudo_warnx(U_("%s: %s"), __func__, U_("unable to allocate memory")); + debug_return_bool(false); + } + switch (type) { + case LEAK_PRIVILEGE: + entry->u.p = v; + break; + case LEAK_CMNDSPEC: + entry->u.cs = v; + break; + case LEAK_DEFAULTS: + entry->u.d = v; + break; + case LEAK_MEMBER: + entry->u.m = v; + break; + case LEAK_DIGEST: + entry->u.dig = v; + break; + case LEAK_RUNAS: + entry->u.rc = v; + break; + case LEAK_PTR: + entry->u.ptr = v; + break; + default: + free(entry); + sudo_warnx("unexpected leak type %d", type); + debug_return_bool(false); + } + entry->type = type; + SLIST_INSERT_HEAD(&parser_leak_list, entry, entries); + debug_return_bool(true); +#else + return true; +#endif /* NO_LEAKS */ +} + +bool +parser_leak_remove(enum parser_leak_types type, void *v) +{ +#ifdef NO_LEAKS + struct parser_leak_entry *entry, *prev = NULL; + debug_decl(parser_leak_remove, SUDOERS_DEBUG_PARSER); + + if (v == NULL) + debug_return_bool(false); + + SLIST_FOREACH(entry, &parser_leak_list, entries) { + switch (entry->type) { + case LEAK_PRIVILEGE: + if (entry->u.p == v) + goto found; + break; + case LEAK_CMNDSPEC: + if (entry->u.cs == v) + goto found; + break; + case LEAK_DEFAULTS: + if (entry->u.d == v) + goto found; + break; + case LEAK_MEMBER: + if (entry->u.m == v) + goto found; + break; + case LEAK_DIGEST: + if (entry->u.dig == v) + goto found; + break; + case LEAK_RUNAS: + if (entry->u.rc == v) + goto found; + break; + case LEAK_PTR: + if (entry->u.ptr == v) + goto found; + break; + default: + sudo_warnx("unexpected leak type %d in %p", entry->type, entry); + } + prev = entry; + } + /* If this happens, there is a bug in the leak tracking code. */ + sudo_warnx("%s: unable to find %p, type %d", __func__, v, type); + debug_return_bool(false); +found: + if (prev == NULL) + SLIST_REMOVE_HEAD(&parser_leak_list, entries); + else + SLIST_REMOVE_AFTER(prev, entries); + free(entry); + debug_return_bool(true); +#else + return true; +#endif /* NO_LEAKS */ +} + +void +parser_leak_free(void) +{ +#ifdef NO_LEAKS + struct parser_leak_entry *entry; + void *next; + debug_decl(parser_leak_run, SUDOERS_DEBUG_PARSER); + + /* Free the leaks. */ + while ((entry = SLIST_FIRST(&parser_leak_list))) { + SLIST_REMOVE_HEAD(&parser_leak_list, entries); + switch (entry->type) { + case LEAK_PRIVILEGE: + { + struct privilege *priv; + + HLTQ_FOREACH_SAFE(priv, entry->u.p, entries, next) + free_privilege(priv); + free(entry); + } + break; + case LEAK_CMNDSPEC: + { + struct cmndspec_list specs; + + HLTQ_TO_TAILQ(&specs, entry->u.cs, entries); + free_cmndspecs(&specs); + free(entry); + } + break; + case LEAK_DEFAULTS: + { + struct defaults_list defs; + + HLTQ_TO_TAILQ(&defs, entry->u.d, entries); + free_defaults(&defs); + free(entry); + } + break; + case LEAK_MEMBER: + { + struct member *m; + + HLTQ_FOREACH_SAFE(m, entry->u.m, entries, next) + free_member(m); + free(entry); + } + break; + case LEAK_DIGEST: + { + struct command_digest *dig; + + HLTQ_FOREACH_SAFE(dig, entry->u.dig, entries, next) { + free(dig->digest_str); + free(dig); + } + free(entry); + } + break; + case LEAK_RUNAS: + { + struct member *m; + + if (entry->u.rc->runasusers != NULL) { + HLTQ_FOREACH_SAFE(m, entry->u.rc->runasusers, entries, next) + free_member(m); + } + if (entry->u.rc->runasgroups != NULL) { + HLTQ_FOREACH_SAFE(m, entry->u.rc->runasgroups, entries, next) + free_member(m); + } + free(entry->u.rc); + free(entry); + break; + } + case LEAK_PTR: + free(entry->u.ptr); + free(entry); + break; + default: + sudo_warnx("unexpected garbage type %d", entry->type); + } + } + + debug_return; +#endif /* NO_LEAKS */ +} + +void +parser_leak_init(void) +{ +#ifdef NO_LEAKS + static bool initialized; + debug_decl(parser_leak_init, SUDOERS_DEBUG_PARSER); + + if (!initialized) { + atexit(parser_leak_free); + initialized = true; + debug_return; + } + + /* Already initialized, free existing leaks. */ + parser_leak_free(); + debug_return; +#endif /* NO_LEAKS */ +} diff -Nru sudo-1.9.5p2/plugins/sudoers/interfaces.c sudo-1.9.9/plugins/sudoers/interfaces.c --- sudo-1.9.5p2/plugins/sudoers/interfaces.c 2020-12-17 01:33:44.000000000 +0000 +++ sudo-1.9.9/plugins/sudoers/interfaces.c 2022-01-27 21:24:06.000000000 +0000 @@ -40,10 +40,6 @@ #include "sudoers.h" #include "interfaces.h" -#ifndef INADDR_NONE -# define INADDR_NONE ((unsigned int)-1) -#endif - static struct interface_list interfaces = SLIST_HEAD_INITIALIZER(interfaces); /* diff -Nru sudo-1.9.5p2/plugins/sudoers/iolog.c sudo-1.9.9/plugins/sudoers/iolog.c --- sudo-1.9.5p2/plugins/sudoers/iolog.c 2020-12-17 01:33:44.000000000 +0000 +++ sudo-1.9.9/plugins/sudoers/iolog.c 2022-01-27 21:24:22.000000000 +0000 @@ -42,7 +42,10 @@ #include "sudoers.h" #include "sudo_eventlog.h" #include "sudo_iolog.h" -#include "log_client.h" +#include "strlist.h" +#ifdef SUDOERS_LOG_CLIENT +# include "log_client.h" +#endif static struct iolog_file iolog_files[] = { { false }, /* IOFD_STDIN */ @@ -64,9 +67,6 @@ const char **errstr); } io_operations; -#ifdef SUDOERS_LOG_CLIENT -static struct client_closure *client_closure; -#endif static struct log_details iolog_details; static bool warned = false; static int iolog_dir_fd = -1; @@ -115,7 +115,7 @@ iolog_set_owner(ROOT_UID, ROOT_GID); } else { if ((pw = sudo_getpwnam(name)) == NULL) { - log_warningx(SLOG_SEND_MAIL, N_("unknown user: %s"), name); + log_warningx(SLOG_SEND_MAIL, N_("unknown user %s"), name); debug_return_bool(false); } iolog_set_owner(pw->pw_uid, pw->pw_gid); @@ -140,7 +140,7 @@ iolog_set_gid(ROOT_GID); } else { if ((gr = sudo_getgrnam(name)) == NULL) { - log_warningx(SLOG_SEND_MAIL, N_("unknown group: %s"), name); + log_warningx(SLOG_SEND_MAIL, N_("unknown group %s"), name); debug_return_bool(false); } iolog_set_gid(gr->gr_gid); @@ -284,6 +284,7 @@ continue; } if (strncmp(*cur, "cwd=", sizeof("cwd=") - 1) == 0) { + free(evlog->cwd); evlog->cwd = strdup(*cur + sizeof("cwd=") - 1); if (evlog->cwd == NULL) goto oom; @@ -292,6 +293,7 @@ break; case 'h': if (strncmp(*cur, "host=", sizeof("host=") - 1) == 0) { + free(evlog->submithost); evlog->submithost = strdup(*cur + sizeof("host=") - 1); if (evlog->submithost == NULL) goto oom; @@ -309,6 +311,7 @@ break; case 't': if (strncmp(*cur, "tty=", sizeof("tty=") - 1) == 0) { + free(evlog->ttyname); evlog->ttyname = strdup(*cur + sizeof("tty=") - 1); if (evlog->ttyname == NULL) goto oom; @@ -317,6 +320,7 @@ break; case 'u': if (strncmp(*cur, "user=", sizeof("user=") - 1) == 0) { + free(evlog->submituser); evlog->submituser = strdup(*cur + sizeof("user=") - 1); if (evlog->submituser == NULL) goto oom; @@ -330,12 +334,14 @@ switch (**cur) { case 'c': if (strncmp(*cur, "command=", sizeof("command=") - 1) == 0) { + free(evlog->command); evlog->command = strdup(*cur + sizeof("command=") - 1); if (evlog->command == NULL) goto oom; continue; } if (strncmp(*cur, "chroot=", sizeof("chroot=") - 1) == 0) { + free(evlog->runchroot); evlog->runchroot = strdup(*cur + sizeof("chroot=") - 1); if (evlog->runchroot == NULL) goto oom; @@ -349,12 +355,11 @@ continue; } if (strncmp(*cur, "iolog_path=", sizeof("iolog_path=") - 1) == 0) { + free(evlog->iolog_path); evlog->iolog_path = strdup(*cur + sizeof("iolog_path=") - 1); if (evlog->iolog_path == NULL) goto oom; - evlog->iolog_file = strrchr(evlog->iolog_path, '/'); - if (evlog->iolog_file != NULL) - evlog->iolog_file++; + evlog->iolog_file = sudo_basename(evlog->iolog_path); continue; } if (strncmp(*cur, "iolog_stdin=", sizeof("iolog_stdin=") - 1) == 0) { @@ -461,18 +466,21 @@ } #if defined(HAVE_OPENSSL) if (strncmp(*cur, "log_server_cabundle=", sizeof("log_server_cabundle=") - 1) == 0) { + free(details->ca_bundle); details->ca_bundle = strdup(*cur + sizeof("log_server_cabundle=") - 1); if (details->ca_bundle == NULL) goto oom; continue; } if (strncmp(*cur, "log_server_peer_cert=", sizeof("log_server_peer_cert=") - 1) == 0) { + free(details->cert_file); details->cert_file = strdup(*cur + sizeof("log_server_peer_cert=") - 1); if (details->cert_file == NULL) goto oom; continue; } if (strncmp(*cur, "log_server_peer_key=", sizeof("log_server_peer_key=") - 1) == 0) { + free(details->key_file); details->key_file = strdup(*cur + sizeof("log_server_peer_key=") - 1); if (details->key_file == NULL) goto oom; @@ -481,7 +489,7 @@ if (strncmp(*cur, "log_server_verify=", sizeof("log_server_verify=") - 1) == 0) { int val = sudo_strtobool(*cur + sizeof("log_server_verify=") - 1); if (val != -1) { - details->keepalive = val; + details->verify_server = val; } else { sudo_debug_printf(SUDO_DEBUG_WARN, "%s: unable to parse %s", __func__, *cur); @@ -516,6 +524,7 @@ continue; } if (strncmp(*cur, "runcwd=", sizeof("runcwd=") - 1) == 0) { + free(evlog->runcwd); evlog->runcwd = strdup(*cur + sizeof("runcwd=") - 1); if (evlog->runcwd == NULL) goto oom; @@ -561,6 +570,7 @@ pw = sudo_getpwuid(evlog->runuid); if (pw != NULL) { gid_t pw_gid = pw->pw_gid; + free(evlog->runuser); evlog->runuser = strdup(pw->pw_name); sudo_pw_delref(pw); if (evlog->runuser == NULL) @@ -568,6 +578,7 @@ if (evlog->rungid != pw_gid) { gr = sudo_getgrgid(evlog->rungid); if (gr != NULL) { + free(evlog->rungroup); evlog->rungroup = strdup(gr->gr_name); sudo_gr_delref(gr); if (evlog->rungroup == NULL) @@ -575,6 +586,7 @@ } else { idbuf[0] = '#'; strlcpy(&idbuf[1], runas_gid_str, sizeof(idbuf) - 1); + free(evlog->rungroup); evlog->rungroup = strdup(idbuf); if (evlog->rungroup == NULL) goto oom; @@ -583,6 +595,7 @@ } else { idbuf[0] = '#'; strlcpy(&idbuf[1], runas_uid_str, sizeof(idbuf) - 1); + free(evlog->runuser); evlog->runuser = strdup(idbuf); if (evlog->runuser == NULL) goto oom; @@ -602,32 +615,26 @@ { struct eventlog *evlog = iolog_details.evlog; int i, ret = -1; - size_t len; debug_decl(sudoers_io_open_local, SUDOERS_DEBUG_PLUGIN); /* If no I/O log path defined we need to figure it out ourselves. */ if (evlog->iolog_path == NULL) { + int len; + /* Get next session ID and convert it into a path. */ - const size_t pathlen = sizeof(_PATH_SUDO_IO_LOGDIR "/00/00/00"); - if ((evlog->iolog_path = malloc(pathlen)) == NULL) { - sudo_warnx(U_("%s: %s"), __func__, U_("unable to allocate memory")); - goto done; - } - len = strlcpy(evlog->iolog_path, _PATH_SUDO_IO_LOGDIR, pathlen); - if (len + strlen("/00/00/00") >= pathlen) { - sudo_warnx(U_("internal error, %s overflow"), __func__); - goto done; - } - if (!iolog_nextid(evlog->iolog_path, evlog->sessid)) { + if (!iolog_nextid(_PATH_SUDO_IO_LOGDIR, evlog->sessid)) { log_warning(SLOG_SEND_MAIL, N_("unable to update sequence file")); warned = true; goto done; } - (void)snprintf(evlog->iolog_path + strlen(_PATH_SUDO_IO_LOGDIR), - pathlen - strlen(_PATH_SUDO_IO_LOGDIR), - "/%c%c/%c%c/%c%c", evlog->sessid[0], evlog->sessid[1], - evlog->sessid[2], evlog->sessid[3], evlog->sessid[4], - evlog->sessid[5]); + len = asprintf(&evlog->iolog_path, "%s/%c%c/%c%c/%c%c", + _PATH_SUDO_IO_LOGDIR, + evlog->sessid[0], evlog->sessid[1], evlog->sessid[2], + evlog->sessid[3], evlog->sessid[4], evlog->sessid[5]); + if (len == -1) { + sudo_warnx(U_("%s: %s"), __func__, U_("unable to allocate memory")); + goto done; + } } /* diff -Nru sudo-1.9.5p2/plugins/sudoers/ldap.c sudo-1.9.9/plugins/sudoers/ldap.c --- sudo-1.9.5p2/plugins/sudoers/ldap.c 2020-12-17 01:33:44.000000000 +0000 +++ sudo-1.9.9/plugins/sudoers/ldap.c 2022-01-27 21:24:22.000000000 +0000 @@ -1,7 +1,7 @@ /* * SPDX-License-Identifier: ISC * - * Copyright (c) 2003-2020 Todd C. Miller + * Copyright (c) 2003-2022 Todd C. Miller * * This code is derived from software contributed by Aaron Spangler. * @@ -315,18 +315,18 @@ /* * Walk through search results and return true if we have a matching * non-Unix group (including netgroups), else false. + * A matching entry that is negated will always return false. */ static int sudo_ldap_check_non_unix_group(LDAP *ld, LDAPMessage *entry, struct passwd *pw) { struct berval **bv, **p; bool ret = false; - char *val; int rc; debug_decl(sudo_ldap_check_non_unix_group, SUDOERS_DEBUG_LDAP); if (!entry) - debug_return_bool(ret); + debug_return_bool(false); /* get the values from the entry */ bv = sudo_ldap_get_values_len(ld, entry, "sudoUser", &rc); @@ -338,18 +338,29 @@ /* walk through values */ for (p = bv; *p != NULL && !ret; p++) { - val = (*p)->bv_val; + bool negated = false; + char *val = (*p)->bv_val; + + if (*val == '!') { + val++; + negated = true; + } if (*val == '+') { if (netgr_matches(val, def_netgroup_tuple ? user_runhost : NULL, def_netgroup_tuple ? user_srunhost : NULL, pw->pw_name)) ret = true; - DPRINTF2("ldap sudoUser netgroup '%s' ... %s", val, - ret ? "MATCH!" : "not"); + DPRINTF2("ldap sudoUser netgroup '%s%s' ... %s", + negated ? "!" : "", val, ret ? "MATCH!" : "not"); } else { if (group_plugin_query(pw->pw_name, val + 2, pw)) ret = true; - DPRINTF2("ldap sudoUser non-Unix group '%s' ... %s", val, - ret ? "MATCH!" : "not"); + DPRINTF2("ldap sudoUser non-Unix group '%s%s' ... %s", + negated ? "!" : "", val, ret ? "MATCH!" : "not"); + } + /* A negated match overrides all other entries. */ + if (ret && negated) { + ret = false; + break; } } @@ -437,7 +448,7 @@ sudo_warnx(U_("%s: %s"), __func__, U_("unable to allocate memory")); goto done; } - if ((source = rcstr_dup(cp)) == NULL) { + if ((source = sudo_rcstr_dup(cp)) == NULL) { sudo_warnx(U_("%s: %s"), __func__, U_("unable to allocate memory")); free(cp); goto done; @@ -449,7 +460,7 @@ int op; op = sudo_ldap_parse_option((*p)->bv_val, &var, &val); - if (!sudo_ldap_add_default(var, val, op, source, defs)) { + if (!append_default(var, val, op, source, defs)) { sudo_warnx(U_("%s: %s"), __func__, U_("unable to allocate memory")); goto done; } @@ -458,7 +469,7 @@ ret = true; done: - rcstr_delref(source); + sudo_rcstr_delref(source); if (cn) ldap_memfree(cn); ldap_value_free_len(bv); @@ -491,21 +502,24 @@ static bool sudo_ldap_timefilter(char *buffer, size_t buffersize) { - struct tm *tp; - time_t now; char timebuffer[sizeof("20120727121554.0Z")]; - int len = -1; + bool ret = false; + struct tm gmt; + time_t now; + int len; debug_decl(sudo_ldap_timefilter, SUDOERS_DEBUG_LDAP); /* Make sure we have a formatted timestamp for __now__. */ time(&now); - if ((tp = gmtime(&now)) == NULL) { + if (gmtime_r(&now, &gmt) == NULL) { sudo_warn("%s", U_("unable to get GMT time")); goto done; } /* Format the timestamp according to the RFC. */ - if (strftime(timebuffer, sizeof(timebuffer), "%Y%m%d%H%M%S.0Z", tp) == 0) { + timebuffer[sizeof(timebuffer) - 1] = '\0'; + len = strftime(timebuffer, sizeof(timebuffer), "%Y%m%d%H%M%S.0Z", &gmt); + if (len == 0 || timebuffer[sizeof(timebuffer) - 1] != '\0') { sudo_warnx("%s", U_("unable to format timestamp")); goto done; } @@ -516,11 +530,13 @@ if (len < 0 || (size_t)len >= buffersize) { sudo_warnx(U_("internal error, %s overflow"), __func__); errno = EOVERFLOW; - len = -1; + goto done; } + ret = true; + done: - debug_return_bool(len != -1); + debug_return_bool(ret); } /* @@ -923,7 +939,8 @@ static char * sudo_ldap_build_pass1(LDAP *ld, struct passwd *pw) { - char *buf, timebuffer[TIMEFILTER_LENGTH + 1], idbuf[MAX_UID_T_LEN + 1]; + char timebuffer[TIMEFILTER_LENGTH + 1], idbuf[MAX_UID_T_LEN + 1]; + char *buf, *notbuf; struct ldap_netgroup_list netgroups; struct ldap_netgroup *ng = NULL; struct gid_list *gidlist; @@ -935,34 +952,45 @@ STAILQ_INIT(&netgroups); - /* If there is a filter, allocate space for the global AND. */ - if (ldap_conf.timed || ldap_conf.search_filter) + if (ldap_conf.timed || ldap_conf.search_filter) { + /* Allocate space for the global AND. */ sz += 3; - /* Add LDAP search filter if present. */ - if (ldap_conf.search_filter) - sz += strlen(ldap_conf.search_filter); + /* Add LDAP search filter if present. */ + if (ldap_conf.search_filter) + sz += strlen(ldap_conf.search_filter); + + /* If timed, add space for time limits. */ + if (ldap_conf.timed) + sz += TIMEFILTER_LENGTH; + } + + /* Add space for the global OR clause + (sudoUser=ALL) + NOT + NUL. */ + sz += sizeof("(|(sudoUser=ALL)(!(|)))"); - /* Then add (|(sudoUser=USERNAME)(sudoUser=#uid)(sudoUser=ALL)) + NUL */ - sz += 29 + (12 + MAX_UID_T_LEN) + sudo_ldap_value_len(pw->pw_name); + /* Add space for username and uid, including the negated versions. */ + sz += ((sizeof("(sudoUser=)(sudoUser=#)") - 1 + + sudo_ldap_value_len(pw->pw_name) + MAX_UID_T_LEN) * 2) + 2; /* Add space for primary and supplementary groups and gids */ if ((grp = sudo_getgrgid(pw->pw_gid)) != NULL) { - sz += 12 + sudo_ldap_value_len(grp->gr_name); + sz += ((sizeof("(sudoUser=%)") - 1 + + sudo_ldap_value_len(grp->gr_name)) * 2) + 1; } - sz += 13 + MAX_UID_T_LEN; + sz += ((sizeof("(sudoUser=%#)") - 1 + MAX_UID_T_LEN) * 2) + 1; if ((grlist = sudo_get_grlist(pw)) != NULL) { for (i = 0; i < grlist->ngroups; i++) { if (grp != NULL && strcasecmp(grlist->groups[i], grp->gr_name) == 0) continue; - sz += 12 + sudo_ldap_value_len(grlist->groups[i]); + sz += ((sizeof("(sudoUser=%)") - 1 + + sudo_ldap_value_len(grlist->groups[i])) * 2) + 1; } } if ((gidlist = sudo_get_gidlist(pw, ENTRY_TYPE_ANY)) != NULL) { for (i = 0; i < gidlist->ngids; i++) { if (pw->pw_gid == gidlist->gids[i]) continue; - sz += 13 + MAX_UID_T_LEN; + sz += ((sizeof("(sudoUser=%#)") - 1 + MAX_UID_T_LEN) * 2) + 1; } } @@ -971,7 +999,7 @@ DPRINTF1("Looking up netgroups for %s", pw->pw_name); if (sudo_netgroup_lookup(ld, pw, &netgroups)) { STAILQ_FOREACH(ng, &netgroups, entries) { - sz += 14 + strlen(ng->name); + sz += ((sizeof("(sudoUser=+)") - 1 + strlen(ng->name)) * 2) + 1; } } else { /* sudo_netgroup_lookup() failed, clean up. */ @@ -983,12 +1011,12 @@ } } - /* If timed, add space for time limits. */ - if (ldap_conf.timed) - sz += TIMEFILTER_LENGTH; - if ((buf = malloc(sz)) == NULL) + buf = malloc(sz); + notbuf = malloc(sz); + if (buf == NULL || notbuf == NULL) goto bad; *buf = '\0'; + *notbuf = '\0'; /* * If timed or using a search filter, start a global AND clause to @@ -1004,23 +1032,35 @@ CHECK_STRLCAT(buf, "(|(sudoUser=", sz); CHECK_LDAP_VCAT(buf, pw->pw_name, sz); CHECK_STRLCAT(buf, ")", sz); + CHECK_STRLCAT(notbuf, "(sudoUser=!", sz); + CHECK_LDAP_VCAT(notbuf, pw->pw_name, sz); + CHECK_STRLCAT(notbuf, ")", sz); /* Append user-ID */ (void) snprintf(idbuf, sizeof(idbuf), "%u", (unsigned int)pw->pw_uid); CHECK_STRLCAT(buf, "(sudoUser=#", sz); CHECK_STRLCAT(buf, idbuf, sz); CHECK_STRLCAT(buf, ")", sz); + CHECK_STRLCAT(notbuf, "(sudoUser=!#", sz); + CHECK_STRLCAT(notbuf, idbuf, sz); + CHECK_STRLCAT(notbuf, ")", sz); /* Append primary group and group-ID */ if (grp != NULL) { CHECK_STRLCAT(buf, "(sudoUser=%", sz); CHECK_LDAP_VCAT(buf, grp->gr_name, sz); CHECK_STRLCAT(buf, ")", sz); + CHECK_STRLCAT(notbuf, "(sudoUser=!%", sz); + CHECK_LDAP_VCAT(notbuf, grp->gr_name, sz); + CHECK_STRLCAT(notbuf, ")", sz); } (void) snprintf(idbuf, sizeof(idbuf), "%u", (unsigned int)pw->pw_gid); CHECK_STRLCAT(buf, "(sudoUser=%#", sz); CHECK_STRLCAT(buf, idbuf, sz); CHECK_STRLCAT(buf, ")", sz); + CHECK_STRLCAT(notbuf, "(sudoUser=!%#", sz); + CHECK_STRLCAT(notbuf, idbuf, sz); + CHECK_STRLCAT(notbuf, ")", sz); /* Append supplementary groups and group-IDs */ if (grlist != NULL) { @@ -1030,6 +1070,9 @@ CHECK_STRLCAT(buf, "(sudoUser=%", sz); CHECK_LDAP_VCAT(buf, grlist->groups[i], sz); CHECK_STRLCAT(buf, ")", sz); + CHECK_STRLCAT(notbuf, "(sudoUser=!%", sz); + CHECK_LDAP_VCAT(notbuf, grlist->groups[i], sz); + CHECK_STRLCAT(notbuf, ")", sz); } } if (gidlist != NULL) { @@ -1041,6 +1084,9 @@ CHECK_STRLCAT(buf, "(sudoUser=%#", sz); CHECK_STRLCAT(buf, idbuf, sz); CHECK_STRLCAT(buf, ")", sz); + CHECK_STRLCAT(notbuf, "(sudoUser=!%#", sz); + CHECK_STRLCAT(notbuf, idbuf, sz); + CHECK_STRLCAT(notbuf, ")", sz); } } @@ -1058,12 +1104,20 @@ CHECK_STRLCAT(buf, "(sudoUser=+", sz); CHECK_LDAP_VCAT(buf, ng->name, sz); CHECK_STRLCAT(buf, ")", sz); + CHECK_STRLCAT(notbuf, "(sudoUser=!+", sz); + CHECK_LDAP_VCAT(notbuf, ng->name, sz); + CHECK_STRLCAT(notbuf, ")", sz); free(ng->name); free(ng); } - /* Add ALL to list and end the global OR. */ - CHECK_STRLCAT(buf, "(sudoUser=ALL)", sz); + /* Add ALL to list. */ + CHECK_STRLCAT(buf, "(sudoUser=ALL))", sz); + + /* Add filter for negated entries. */ + CHECK_STRLCAT(buf, "(!(|", sz); + CHECK_STRLCAT(buf, notbuf, sz); + CHECK_STRLCAT(buf, ")", sz); /* Add the time restriction, or simply end the global OR. */ if (ldap_conf.timed) { @@ -1074,8 +1128,10 @@ } else if (ldap_conf.search_filter) { CHECK_STRLCAT(buf, ")", sz); /* closes the global OR */ } + CHECK_STRLCAT(buf, ")", sz); /* closes the global OR or the global AND */ + free(notbuf); debug_return_str(buf); overflow: sudo_warnx(U_("internal error, %s overflow"), __func__); @@ -1092,6 +1148,7 @@ free(ng); } free(buf); + free(notbuf); debug_return_str(NULL); } @@ -1128,16 +1185,18 @@ * those get ANDed in to the expression. */ if (query_netgroups && def_group_plugin) { - len = asprintf(&filt, "%s%s(|(sudoUser=+*)(sudoUser=%%:*))%s%s", + len = asprintf(&filt, "%s%s(|(sudoUser=+*)(sudoUser=!+*)(sudoUser=%%:*)(sudoUser=!%%:*))%s%s", (ldap_conf.timed || ldap_conf.search_filter) ? "(&" : "", ldap_conf.search_filter ? ldap_conf.search_filter : "", ldap_conf.timed ? timebuffer : "", (ldap_conf.timed || ldap_conf.search_filter) ? ")" : ""); } else { - len = asprintf(&filt, "(&%s(sudoUser=*)(sudoUser=%s*)%s)", + len = asprintf(&filt, "%s%s(|(sudoUser=%s*)(sudoUser=!%s*))%s%s", + (ldap_conf.timed || ldap_conf.search_filter) ? "(&" : "", ldap_conf.search_filter ? ldap_conf.search_filter : "", - query_netgroups ? "+" : "%:", - ldap_conf.timed ? timebuffer : ""); + query_netgroups ? "+" : "%:", query_netgroups ? "+" : "%:", + ldap_conf.timed ? timebuffer : "", + (ldap_conf.timed || ldap_conf.search_filter) ? ")" : ""); } if (len == -1) filt = NULL; @@ -1251,14 +1310,14 @@ /* We only have a single userspec */ if ((us = calloc(1, sizeof(*us))) == NULL) goto oom; - us->file = rcstr_dup("LDAP"); + us->file = sudo_rcstr_dup("LDAP"); TAILQ_INIT(&us->users); TAILQ_INIT(&us->privileges); STAILQ_INIT(&us->comments); TAILQ_INSERT_TAIL(ldap_userspecs, us, entries); /* The user has already matched, use ALL as wildcard. */ - if ((m = new_member_all(NULL)) == NULL) + if ((m = sudo_ldap_new_member_all()) == NULL) goto oom; TAILQ_INSERT_TAIL(&us->users, m, entries); @@ -1334,7 +1393,7 @@ { int nfd, ofd = -1; ssize_t nread, nwritten = -1; - static char new_ccname[sizeof(_PATH_TMP) + sizeof("sudocc_XXXXXXXX") - 1]; + static char new_ccname[] = _PATH_TMP "sudocc_XXXXXXXX"; char buf[10240], *ret = NULL; debug_decl(sudo_krb5_copy_cc_file, SUDOERS_DEBUG_LDAP); @@ -1350,8 +1409,6 @@ if (ofd != -1) { (void) fcntl(ofd, F_SETFL, 0); if (sudo_lock_file(ofd, SUDO_LOCK)) { - (void)snprintf(new_ccname, sizeof(new_ccname), "%s%s", - _PATH_TMP, "sudocc_XXXXXXXX"); nfd = mkstemp(new_ccname); if (nfd != -1) { sudo_debug_printf(SUDO_DEBUG_INFO|SUDO_DEBUG_LINENO, diff -Nru sudo-1.9.5p2/plugins/sudoers/ldap_conf.c sudo-1.9.9/plugins/sudoers/ldap_conf.c --- sudo-1.9.5p2/plugins/sudoers/ldap_conf.c 2020-12-17 01:33:43.000000000 +0000 +++ sudo-1.9.9/plugins/sudoers/ldap_conf.c 2022-01-27 21:24:22.000000000 +0000 @@ -398,6 +398,7 @@ if (strcasecmp(keyword, cur->conf_str) == 0) { switch (cur->type) { case CONF_DEREF_VAL: +#ifdef LDAP_OPT_DEREF if (strcasecmp(value, "searching") == 0) *(int *)(cur->valp) = LDAP_DEREF_SEARCHING; else if (strcasecmp(value, "finding") == 0) @@ -406,6 +407,7 @@ *(int *)(cur->valp) = LDAP_DEREF_ALWAYS; else *(int *)(cur->valp) = LDAP_DEREF_NEVER; +#endif /* LDAP_OPT_DEREF */ break; case CONF_REQCERT_VAL: #ifdef LDAP_OPT_X_TLS_REQUIRE_CERT @@ -461,6 +463,14 @@ } } break; + default: + sudo_warnx( + "internal error: unhandled CONF_ value %d for option %s", + cur->type, cur->conf_str); + sudo_warnx( + "update %s to add missing support for CONF_ value %d", + __func__, cur->type); + break; } debug_return_bool(true); } @@ -817,6 +827,8 @@ continue; switch (cur->type) { + case CONF_DEREF_VAL: + case CONF_REQCERT_VAL: case CONF_BOOL: case CONF_INT: ival = *(int *)(cur->valp); @@ -842,6 +854,14 @@ } } break; + case CONF_LIST_STR: + /* Lists are iterated over and don't set LDAP options directly. */ + break; + default: + sudo_warnx("internal error: unhandled CONF_ value %d for option %s", + cur->type, cur->conf_str); + sudo_warnx("update %s to add missing support for CONF_ value %d", + __func__, cur->type); } } debug_return_int(errors ? -1 : LDAP_SUCCESS); diff -Nru sudo-1.9.5p2/plugins/sudoers/ldap_util.c sudo-1.9.9/plugins/sudoers/ldap_util.c --- sudo-1.9.5p2/plugins/sudoers/ldap_util.c 2021-01-09 20:12:16.000000000 +0000 +++ sudo-1.9.9/plugins/sudoers/ldap_util.c 2022-01-27 21:24:22.000000000 +0000 @@ -242,48 +242,16 @@ debug_return_ptr(NULL); } -bool -sudo_ldap_add_default(const char *var, const char *val, int op, - char *source, struct defaults_list *defs) -{ - struct defaults *def; - debug_decl(sudo_ldap_add_default, SUDOERS_DEBUG_LDAP); - - if ((def = calloc(1, sizeof(*def))) == NULL) - goto oom; - - def->type = DEFAULTS; - def->op = op; - if ((def->var = strdup(var)) == NULL) { - goto oom; - } - if (val != NULL) { - if ((def->val = strdup(val)) == NULL) - goto oom; - } - def->file = source; - rcstr_addref(source); - TAILQ_INSERT_TAIL(defs, def, entries); - debug_return_bool(true); - -oom: - if (def != NULL) { - free(def->var); - free(def->val); - free(def); - } - debug_return_bool(false); -} - /* * If a digest prefix is present, add it to struct command_digest_list * and update cmnd to point to the command after the digest. * Returns 1 if a digest was parsed, 0 if not and -1 on error. */ static int -sudo_ldap_extract_digest(char **cmnd, struct command_digest_list *digests) +sudo_ldap_extract_digest(const char *cmnd, char **endptr, + struct command_digest_list *digests) { - char *ep, *cp = *cmnd; + const char *ep, *cp = cmnd; struct command_digest *digest; int digest_type = SUDO_DIGEST_INVALID; debug_decl(sudo_ldap_extract_digest, SUDOERS_DEBUG_LDAP); @@ -336,7 +304,7 @@ } while (isblank((unsigned char)*ep)) ep++; - *cmnd = ep; + *endptr = (char *)ep; sudo_debug_printf(SUDO_DEBUG_INFO, "%s digest %s for %s", digest_type_to_name(digest_type), @@ -363,7 +331,7 @@ debug_decl(sudo_ldap_extract_digests, SUDOERS_DEBUG_LDAP); for (;;) { - rc = sudo_ldap_extract_digest(&cp, digests); + rc = sudo_ldap_extract_digest(cp, &cp, digests); if (rc != 1) break; @@ -409,7 +377,7 @@ if (hosts == NULL) { /* The host has already matched, use ALL as wildcard. */ - if ((m = new_member_all(NULL)) == NULL) + if ((m = sudo_ldap_new_member_all()) == NULL) goto oom; TAILQ_INSERT_TAIL(&priv->hostlist, m, entries); } else { @@ -441,15 +409,13 @@ free(cmndspec); goto oom; } - if (strcmp(cmnd, "ALL") != 0) { - if ((c = calloc(1, sizeof(*c))) == NULL) { - free(cmndspec); - free(m); - goto oom; - } - m->name = (char *)c; - TAILQ_INIT(&c->digests); + if ((c = calloc(1, sizeof(*c))) == NULL) { + free(cmndspec); + free(m); + goto oom; } + m->name = (char *)c; + TAILQ_INIT(&c->digests); /* Negated commands have precedence so insert them at the end. */ if (negated) @@ -470,6 +436,17 @@ cmndspec->runasgrouplist = prev_cmndspec->runasgrouplist; cmndspec->notbefore = prev_cmndspec->notbefore; cmndspec->notafter = prev_cmndspec->notafter; + cmndspec->timeout = prev_cmndspec->timeout; + cmndspec->runchroot = prev_cmndspec->runchroot; + cmndspec->runcwd = prev_cmndspec->runcwd; +#ifdef HAVE_SELINUX + cmndspec->role = prev_cmndspec->role; + cmndspec->type = prev_cmndspec->type; +#endif /* HAVE_SELINUX */ +#ifdef HAVE_PRIV_SET + cmndspec->privs = prev_cmndspec->privs; + cmndspec->limitprivs = prev_cmndspec->limitprivs; +#endif /* HAVE_PRIV_SET */ cmndspec->tags = prev_cmndspec->tags; if (cmndspec->tags.setenv == IMPLIED) cmndspec->tags.setenv = UNSPEC; @@ -502,10 +479,14 @@ if (store_options) { /* Use sudoRole in place of file name in defaults. */ - size_t slen = sizeof("sudoRole") + strlen(priv->ldap_role); - if ((source = rcstr_alloc(slen)) == NULL) + size_t slen = sizeof("sudoRole ") - 1 + strlen(priv->ldap_role); + if ((source = sudo_rcstr_alloc(slen)) == NULL) goto oom; - (void)snprintf(source, slen, "sudoRole %s", priv->ldap_role); + if ((size_t)snprintf(source, slen + 1, "sudoRole %s", priv->ldap_role) != slen) { + sudo_warnx(U_("internal error, %s overflow"), __func__); + sudo_rcstr_delref(source); + goto bad; + } } while ((opt = iter(&opts)) != NULL) { @@ -514,31 +495,65 @@ op = sudo_ldap_parse_option(opt, &var, &val); if (strcmp(var, "command_timeout") == 0 && val != NULL) { + if (cmndspec->timeout != UNSPEC) { + sudo_warnx(U_("duplicate sudoOption: %s%s%s"), var, + op == '+' ? "+=" : op == '-' ? "-=" : "=", val); + } cmndspec->timeout = parse_timeout(val); } else if (strcmp(var, "runchroot") == 0 && val != NULL) { + if (cmndspec->runchroot != NULL) { + free(cmndspec->runchroot); + sudo_warnx(U_("duplicate sudoOption: %s%s%s"), var, + op == '+' ? "+=" : op == '-' ? "-=" : "=", val); + } if ((cmndspec->runchroot = strdup(val)) == NULL) break; } else if (strcmp(var, "runcwd") == 0 && val != NULL) { + if (cmndspec->runcwd != NULL) { + free(cmndspec->runcwd); + sudo_warnx(U_("duplicate sudoOption: %s%s%s"), var, + op == '+' ? "+=" : op == '-' ? "-=" : "=", val); + } if ((cmndspec->runcwd = strdup(val)) == NULL) break; #ifdef HAVE_SELINUX } else if (strcmp(var, "role") == 0 && val != NULL) { + if (cmndspec->role != NULL) { + free(cmndspec->role); + sudo_warnx(U_("duplicate sudoOption: %s%s%s"), var, + op == '+' ? "+=" : op == '-' ? "-=" : "=", val); + } if ((cmndspec->role = strdup(val)) == NULL) break; } else if (strcmp(var, "type") == 0 && val != NULL) { + if (cmndspec->type != NULL) { + free(cmndspec->type); + sudo_warnx(U_("duplicate sudoOption: %s%s%s"), var, + op == '+' ? "+=" : op == '-' ? "-=" : "=", val); + } if ((cmndspec->type = strdup(val)) == NULL) break; #endif /* HAVE_SELINUX */ #ifdef HAVE_PRIV_SET } else if (strcmp(var, "privs") == 0 && val != NULL) { + if (cmndspec->privs != NULL) { + free(cmndspec->privs); + sudo_warnx(U_("duplicate sudoOption: %s%s%s"), var, + op == '+' ? "+=" : op == '-' ? "-=" : "=", val); + } if ((cmndspec->privs = strdup(val)) == NULL) break; } else if (strcmp(var, "limitprivs") == 0 && val != NULL) { + if (cmndspec->limitprivs != NULL) { + free(cmndspec->limitprivs); + sudo_warnx(U_("duplicate sudoOption: %s%s%s"), var, + op == '+' ? "+=" : op == '-' ? "-=" : "=", val); + } if ((cmndspec->limitprivs = strdup(val)) == NULL) break; #endif /* HAVE_PRIV_SET */ } else if (store_options) { - if (!sudo_ldap_add_default(var, val, op, source, + if (!append_default(var, val, op, source, &priv->defaults)) { break; } @@ -559,7 +574,7 @@ } } } - rcstr_delref(source); + sudo_rcstr_delref(source); if (opt != NULL) { /* Defer oom until we drop the ref on source. */ goto oom; @@ -572,26 +587,22 @@ /* Fill in command member now that options have been processed. */ m->negated = negated; - if (c == NULL) { - /* No command name for "ALL" */ - m->type = ALL; + if (!sudo_ldap_extract_digests(&cmnd, &c->digests)) + goto oom; + if (strcmp(cmnd, "ALL") == 0) { if (cmndspec->tags.setenv == UNSPEC) cmndspec->tags.setenv = IMPLIED; + m->type = ALL; } else { - char *args; - - m->type = COMMAND; - - /* Fill in command with optional digests. */ - if (!sudo_ldap_extract_digests(&cmnd, &c->digests)) - goto oom; - if ((args = strpbrk(cmnd, " \t")) != NULL) { + char *args = strpbrk(cmnd, " \t"); + if (args != NULL) { *args++ = '\0'; if ((c->args = strdup(args)) == NULL) goto oom; } if ((c->cmnd = strdup(cmnd)) == NULL) goto oom; + m->type = COMMAND; } } /* Negated commands take precedence so we insert them at the end. */ @@ -601,6 +612,7 @@ oom: sudo_warnx(U_("%s: %s"), __func__, U_("unable to allocate memory")); +bad: if (priv != NULL) { TAILQ_CONCAT(&priv->hostlist, &negated_hosts, entries); TAILQ_CONCAT(&priv->cmndlist, &negated_cmnds, entries); @@ -608,3 +620,15 @@ } debug_return_ptr(NULL); } + +/* So ldap.c and sssd.c don't need to include gram.h */ +struct member * +sudo_ldap_new_member_all(void) +{ + struct member *m; + debug_decl(sudo_ldap_new_member_all, SUDOERS_DEBUG_LDAP); + + if ((m = calloc(1, sizeof(*m))) != NULL) + m->type = ALL; + debug_return_ptr(m); +} diff -Nru sudo-1.9.5p2/plugins/sudoers/log_client.c sudo-1.9.9/plugins/sudoers/log_client.c --- sudo-1.9.5p2/plugins/sudoers/log_client.c 2021-01-23 15:45:11.000000000 +0000 +++ sudo-1.9.9/plugins/sudoers/log_client.c 2022-01-27 21:24:23.000000000 +0000 @@ -49,6 +49,9 @@ #endif #if defined(HAVE_OPENSSL) +# if defined(HAVE_WOLFSSL) +# include +# endif # include # include # include @@ -62,6 +65,10 @@ #include "sudo_iolog.h" #include "hostcheck.h" #include "log_client.h" +#include "strlist.h" + +/* Shared between iolog.c and audit.c */ +struct client_closure *client_closure; /* Server callback may redirect to client callback for TLS. */ static void client_msg_cb(int fd, int what, void *v); @@ -89,7 +96,7 @@ */ static int timed_connect(int sock, const struct sockaddr *addr, socklen_t addrlen, - const struct timespec *timo) + const struct timespec *timeout) { struct sudo_event_base *evbase = NULL; struct sudo_event *connect_event = NULL; @@ -105,7 +112,7 @@ sudo_warnx(U_("%s: %s"), __func__, U_("unable to allocate memory")); goto done; } - if (sudo_ev_add(evbase, connect_event, timo, false) == -1) { + if (sudo_ev_add(evbase, connect_event, timeout, false) == -1) { sudo_warnx("%s", U_("unable to add event to queue")); goto done; } @@ -188,7 +195,7 @@ SSL_load_error_strings(); /* Create the ssl context and enforce TLS 1.2 or higher. */ - if ((closure->ssl_ctx = SSL_CTX_new(TLS_client_method())) == NULL) { + if ((closure->ssl_ctx = SSL_CTX_new(TLS_method())) == NULL) { errstr = ERR_reason_error_string(ERR_get_error()); sudo_warnx(U_("Creation of new SSL_CTX object failed: %s"), errstr); goto bad; @@ -280,6 +287,7 @@ SSL *ssl; const char *host; const char *port; + const struct timespec *timeout; struct sudo_event_base *evbase; struct sudo_event *tls_connect_ev; }; @@ -288,7 +296,7 @@ tls_connect_cb(int sock, int what, void *v) { struct tls_connect_closure *closure = v; - struct timespec timeo = { 10, 0 }; + const struct timespec *timeout = closure->timeout; int tls_con; debug_decl(tls_connect_cb, SUDOERS_DEBUG_UTIL); @@ -320,7 +328,7 @@ } } if (sudo_ev_add(closure->evbase, closure->tls_connect_ev, - &timeo, false) == -1) { + timeout, false) == -1) { sudo_warnx("%s", U_("unable to add event to queue")); goto bad; } @@ -336,7 +344,7 @@ } } if (sudo_ev_add(closure->evbase, closure->tls_connect_ev, - &timeo, false) == -1) { + timeout, false) == -1) { sudo_warnx("%s", U_("unable to add event to queue")); goto bad; } @@ -364,7 +372,7 @@ static bool tls_timed_connect(SSL *ssl, const char *host, const char *port, - const struct timespec *timo) + const struct timespec *timeout) { struct tls_connect_closure closure; debug_decl(tls_timed_connect, SUDOERS_DEBUG_UTIL); @@ -373,6 +381,7 @@ closure.ssl = ssl; closure.host = host; closure.port = port; + closure.timeout = timeout; closure.evbase = sudo_ev_base_alloc(); closure.tls_connect_ev = sudo_ev_alloc(SSL_get_fd(ssl), SUDO_PLUGIN_EV_WRITE, tls_connect_cb, &closure); @@ -382,7 +391,7 @@ goto done; } - if (sudo_ev_add(closure.evbase, closure.tls_connect_ev, timo, false) == -1) { + if (sudo_ev_add(closure.evbase, closure.tls_connect_ev, timeout, false) == -1) { sudo_warnx("%s", U_("unable to add event to queue")); goto done; } @@ -410,7 +419,7 @@ connect_server(const char *host, const char *port, bool tls, struct client_closure *closure, const char **reason) { - const struct timespec *timo = &closure->log_details->server_timeout; + const struct timespec *timeout = &closure->log_details->server_timeout; struct addrinfo hints, *res, *res0; const char *addr, *cause = NULL; int error, sock = -1; @@ -471,7 +480,7 @@ continue; } } - if (timed_connect(sock, res->ai_addr, res->ai_addrlen, timo) == -1) { + if (timed_connect(sock, res->ai_addr, res->ai_addrlen, timeout) == -1) { /* No need to set cause, caller's error message is sufficient. */ save_errno = errno; close(sock); @@ -489,6 +498,7 @@ default: cause = "ai_family"; save_errno = EAFNOSUPPORT; + shutdown(sock, SHUT_RDWR); close(sock); errno = save_errno; sock = -1; @@ -498,6 +508,7 @@ sizeof(closure->server_ip)) == NULL) { cause = "inet_ntop"; save_errno = errno; + shutdown(sock, SHUT_RDWR); close(sock); errno = save_errno; sock = -1; @@ -507,6 +518,7 @@ if ((closure->server_name = strdup(host)) == NULL) { cause = "strdup"; save_errno = errno; + shutdown(sock, SHUT_RDWR); close(sock); errno = save_errno; sock = -1; @@ -518,15 +530,17 @@ if (!tls_init(closure) || !SSL_set_fd(closure->ssl, sock)) { cause = U_("TLS initialization was unsuccessful"); save_errno = errno; + shutdown(sock, SHUT_RDWR); close(sock); errno = save_errno; sock = -1; continue; } /* Perform TLS handshake. */ - if (!tls_timed_connect(closure->ssl, host, port, timo)) { + if (!tls_timed_connect(closure->ssl, host, port, timeout)) { cause = U_("TLS handshake was unsuccessful"); save_errno = errno; + shutdown(sock, SHUT_RDWR); close(sock); errno = save_errno; sock = -1; @@ -622,14 +636,17 @@ #if defined(HAVE_OPENSSL) /* Shut down the TLS connection cleanly and free SSL data. */ if (closure->ssl != NULL) { - SSL_shutdown(closure->ssl); + if (SSL_shutdown(closure->ssl) == 0) + SSL_shutdown(closure->ssl); SSL_free(closure->ssl); } SSL_CTX_free(closure->ssl_ctx); #endif - if (closure->sock != -1) + if (closure->sock != -1) { + shutdown(closure->sock, SHUT_RDWR); close(closure->sock); + } free(closure->server_name); while ((buf = TAILQ_FIRST(&closure->write_bufs)) != NULL) { TAILQ_REMOVE(&closure->write_bufs, buf, entries); @@ -696,6 +713,9 @@ msg_len = htonl((uint32_t)len); len += sizeof(msg_len); + sudo_debug_printf(SUDO_DEBUG_INFO, "%s: new ClientMessage, %zu bytes", + __func__, len); + /* Resize buffer as needed. */ if (len > buf->size) { free(buf->data); @@ -773,10 +793,9 @@ } static InfoMessage ** -fmt_info_messages(struct client_closure *closure, size_t *n_info_msgs) +fmt_info_messages(struct client_closure *closure, struct eventlog *evlog, + size_t *n_info_msgs) { - struct log_details *details = closure->log_details; - struct eventlog *evlog = details->evlog; InfoMessage__StringList *runargv = NULL; InfoMessage__StringList *runenv = NULL; InfoMessage **info_msgs = NULL; @@ -943,8 +962,8 @@ * Appends the wire format message to the closure's write queue. * Returns true on success, false on failure. */ -static bool -fmt_accept_message(struct client_closure *closure) +bool +fmt_accept_message(struct client_closure *closure, struct eventlog *evlog) { ClientMessage client_msg = CLIENT_MESSAGE__INIT; AcceptMessage accept_msg = ACCEPT_MESSAGE__INIT; @@ -967,7 +986,8 @@ /* Client will send IoBuffer messages. */ accept_msg.expect_iobufs = closure->log_io; - accept_msg.info_msgs = fmt_info_messages(closure, &accept_msg.n_info_msgs); + accept_msg.info_msgs = fmt_info_messages(closure, evlog, + &accept_msg.n_info_msgs); if (accept_msg.info_msgs == NULL) goto done; @@ -991,8 +1011,8 @@ * Appends the wire format message to the closure's write queue. * Returns true on success, false on failure. */ -static bool -fmt_reject_message(struct client_closure *closure) +bool +fmt_reject_message(struct client_closure *closure, struct eventlog *evlog) { ClientMessage client_msg = CLIENT_MESSAGE__INIT; RejectMessage reject_msg = REJECT_MESSAGE__INIT; @@ -1015,7 +1035,8 @@ /* Reason for rejecting the request. */ reject_msg.reason = (char *)closure->reason; - reject_msg.info_msgs = fmt_info_messages(closure, &reject_msg.n_info_msgs); + reject_msg.info_msgs = fmt_info_messages(closure, evlog, + &reject_msg.n_info_msgs); if (reject_msg.info_msgs == NULL) goto done; @@ -1040,7 +1061,7 @@ * Returns true on success, false on failure. */ static bool -fmt_alert_message(struct client_closure *closure) +fmt_alert_message(struct client_closure *closure, struct eventlog *evlog) { ClientMessage client_msg = CLIENT_MESSAGE__INIT; AlertMessage alert_msg = ALERT_MESSAGE__INIT; @@ -1063,7 +1084,8 @@ /* Reason for the alert. */ alert_msg.reason = (char *)closure->reason; - alert_msg.info_msgs = fmt_info_messages(closure, &alert_msg.n_info_msgs); + alert_msg.info_msgs = fmt_info_messages(closure, evlog, + &alert_msg.n_info_msgs); if (alert_msg.info_msgs == NULL) goto done; @@ -1098,7 +1120,7 @@ switch (closure->state) { case SEND_ACCEPT: /* Format and schedule AcceptMessage. */ - if ((ret = fmt_accept_message(closure))) { + if ((ret = fmt_accept_message(closure, closure->log_details->evlog))) { /* * Move read/write events back to main sudo event loop. * Server messages may occur at any time, so no timeout. @@ -1114,11 +1136,11 @@ break; case SEND_REJECT: /* Format and schedule RejectMessage. */ - ret = fmt_reject_message(closure); + ret = fmt_reject_message(closure, closure->log_details->evlog); break; case SEND_ALERT: /* Format and schedule AlertMessage. */ - ret = fmt_alert_message(closure); + ret = fmt_alert_message(closure, closure->log_details->evlog); break; default: sudo_warnx(U_("%s: unexpected state %d"), __func__, closure->state); @@ -1194,7 +1216,7 @@ if (WIFEXITED(exit_status)) { exit_msg.exit_value = WEXITSTATUS(exit_status); } else if (WIFSIGNALED(exit_status)) { - int signo = WTERMSIG(exit_status); + const int signo = WTERMSIG(exit_status); if (signo <= 0 || sig2str(signo, signame) == -1) { sudo_warnx(U_("%s: internal error, invalid signal %d"), __func__, signo); @@ -1204,6 +1226,15 @@ if (WCOREDUMP(exit_status)) exit_msg.dumped_core = true; exit_msg.exit_value = WTERMSIG(exit_status) | 128; + } else if (WIFSTOPPED(exit_status)) { + const int signo = WSTOPSIG(exit_status); + sudo_warnx(U_("%s: internal error, invalid signal %d"), + __func__, signo); + goto done; + } else if (WIFCONTINUED(exit_status)) { + sudo_warnx(U_("%s: internal error, invalid signal %d"), + __func__, SIGCONT); + goto done; } else { sudo_warnx(U_("%s: internal error, invalid exit status %d"), __func__, exit_status); @@ -1479,6 +1510,9 @@ __func__, n + 1, msg->servers[n]); } + /* Does the server support logging sub-commands in a session? */ + closure->subcommands = msg->subcommands; + debug_return_bool(true); } @@ -1523,8 +1557,10 @@ debug_decl(handle_log_id, SUDOERS_DEBUG_UTIL); sudo_debug_printf(SUDO_DEBUG_INFO, "%s: remote log ID: %s", __func__, id); - if ((closure->iolog_id = strdup(id)) == NULL) - sudo_fatal(NULL); + if (closure->iolog_id != NULL) { + if ((closure->iolog_id = strdup(id)) == NULL) + sudo_fatal(NULL); + } debug_return_bool(true); } @@ -1711,10 +1747,13 @@ * message and hope that no actual internal error occurs. */ err = ERR_get_error(); +#if !defined(HAVE_WOLFSSL) if (closure->state == RECV_HELLO && ERR_GET_REASON(err) == SSL_R_TLSV1_ALERT_INTERNAL_ERROR) { errstr = "host name does not match certificate"; - } else { + } else +#endif + { errstr = ERR_reason_error_string(err); } sudo_warnx("%s", errstr); @@ -1969,7 +2008,7 @@ /* Connect to log first available log server. */ if (!log_server_connect(closure)) { /* TODO: support offline logs if server unreachable */ - sudo_warn("%s", U_("unable to connect to log server")); + sudo_warnx("%s", U_("unable to connect to log server")); goto bad; } diff -Nru sudo-1.9.5p2/plugins/sudoers/log_client.h sudo-1.9.9/plugins/sudoers/log_client.h --- sudo-1.9.5p2/plugins/sudoers/log_client.h 2020-12-17 01:33:43.000000000 +0000 +++ sudo-1.9.9/plugins/sudoers/log_client.h 2022-01-27 21:24:22.000000000 +0000 @@ -21,11 +21,20 @@ #include /* for INET6?_ADDRSTRLEN */ #if defined(HAVE_OPENSSL) +# if defined(HAVE_WOLFSSL) +# include +# endif /* HAVE_WOLFSSL */ # include #endif /* HAVE_OPENSSL */ #include "log_server.pb-c.h" -#include "strlist.h" + +#ifndef INET_ADDRSTRLEN +# define INET_ADDRSTRLEN 16 +#endif +#ifndef INET6_ADDRSTRLEN +# define INET6_ADDRSTRLEN 46 +#endif #if PROTOBUF_C_VERSION_NUMBER < 1003000 # error protobuf-c version 1.30 or higher required @@ -48,20 +57,6 @@ }; TAILQ_HEAD(connection_buffer_list, connection_buffer); -struct log_details { - struct eventlog *evlog; - struct sudoers_str_list *log_servers; - struct timespec server_timeout; -#if defined(HAVE_OPENSSL) - char *ca_bundle; - char *cert_file; - char *key_file; -#endif /* HAVE_OPENSSL */ - bool keepalive; - bool verify_server; - bool ignore_log_errors; -}; - enum client_state { ERROR, RECV_HELLO, @@ -94,6 +89,7 @@ SSL *ssl; bool ssl_initialized; #endif /* HAVE_OPENSSL */ + bool subcommands; enum client_state state; enum client_state initial_state; /* XXX - bad name */ struct connection_buffer_list write_bufs; @@ -113,6 +109,8 @@ struct client_closure *log_server_open(struct log_details *details, struct timespec *now, bool log_io, enum client_state initial_state, const char *reason, struct sudo_plugin_event * (*event_alloc)(void)); bool log_server_close(struct client_closure *closure, int exit_status, int error); bool fmt_client_message(struct client_closure *closure, ClientMessage *msg); +bool fmt_accept_message(struct client_closure *closure, struct eventlog *evlog); +bool fmt_reject_message(struct client_closure *closure, struct eventlog *evlog); bool fmt_exit_message(struct client_closure *closure, int exit_status, int error); bool fmt_io_buf(struct client_closure *closure, int type, const char *buf, unsigned int len, struct timespec *delay); bool fmt_suspend(struct client_closure *closure, const char *signame, struct timespec *delay); @@ -120,5 +118,6 @@ bool log_server_connect(struct client_closure *closure); void client_closure_free(struct client_closure *closure); bool read_server_hello(struct client_closure *closure); +extern struct client_closure *client_closure; #endif /* SUDOERS_LOG_CLIENT_H */ diff -Nru sudo-1.9.5p2/plugins/sudoers/logging.c sudo-1.9.9/plugins/sudoers/logging.c --- sudo-1.9.5p2/plugins/sudoers/logging.c 2021-01-09 20:12:16.000000000 +0000 +++ sudo-1.9.9/plugins/sudoers/logging.c 2022-01-27 21:24:22.000000000 +0000 @@ -47,13 +47,17 @@ #include #include #include +#include #include #ifndef HAVE_GETADDRINFO # include "compat/getaddrinfo.h" #endif #include "sudoers.h" -#include "log_client.h" +#ifdef SUDOERS_LOG_CLIENT +# include "log_client.h" +# include "strlist.h" +#endif static bool should_mail(int); static bool warned = false; @@ -120,27 +124,45 @@ log_server_reject(struct eventlog *evlog, const char *message, struct sudo_plugin_event * (*event_alloc)(void)) { - struct client_closure *client_closure; - struct log_details details; bool ret = false; debug_decl(log_server_reject, SUDOERS_DEBUG_LOGGING); if (SLIST_EMPTY(&def_log_servers)) debug_return_bool(true); - if (!init_log_details(&details, evlog)) - debug_return_bool(false); + if (ISSET(sudo_mode, MODE_POLICY_INTERCEPTED)) { + /* Older servers don't support multiple commands per session. */ + if (!client_closure->subcommands) + debug_return_bool(true); + + /* Use existing client closure. */ + if (fmt_reject_message(client_closure, evlog)) { + if (client_closure->write_ev->add(client_closure->write_ev, + &client_closure->log_details->server_timeout) == -1) { + sudo_warn("%s", U_("unable to add event to queue")); + goto done; + } + ret = true; + } + } else { + struct log_details details; + + if (!init_log_details(&details, evlog)) + debug_return_bool(false); + + /* Open connection to log server, send hello and reject messages. */ + client_closure = log_server_open(&details, &sudo_user.submit_time, + false, SEND_REJECT, message, event_alloc); + if (client_closure != NULL) { + client_closure_free(client_closure); + ret = true; + } - /* Open connection to log server, send hello and reject messages. */ - client_closure = log_server_open(&details, &sudo_user.submit_time, false, - SEND_REJECT, message, event_alloc); - if (client_closure != NULL) { - client_closure_free(client_closure); - ret = true; + /* Only the log_servers string list is dynamically allocated. */ + str_list_free(details.log_servers); } - /* Only the log_servers string list is dynamically allocated. */ - str_list_free(details.log_servers); +done: debug_return_bool(ret); } @@ -149,7 +171,6 @@ const char *message, const char *errstr, struct sudo_plugin_event * (*event_alloc)(void)) { - struct client_closure *client_closure; struct log_details details; char *emessage = NULL; bool ret = false; @@ -158,9 +179,6 @@ if (SLIST_EMPTY(&def_log_servers)) debug_return_bool(true); - if (!init_log_details(&details, evlog)) - goto done; - if (errstr != NULL) { if (asprintf(&emessage, _("%s: %s"), message, errstr) == -1) { sudo_warnx(U_("%s: %s"), __func__, U_("unable to allocate memory")); @@ -168,18 +186,38 @@ } } - /* Open connection to log server, send hello and alert messages. */ - client_closure = log_server_open(&details, now, false, - SEND_ALERT, emessage ? emessage : message, event_alloc); - if (client_closure != NULL) { - client_closure_free(client_closure); - ret = true; + if (ISSET(sudo_mode, MODE_POLICY_INTERCEPTED)) { + /* Older servers don't support multiple commands per session. */ + if (!client_closure->subcommands) + debug_return_bool(true); + + /* Use existing client closure. */ + if (fmt_reject_message(client_closure, evlog)) { + if (client_closure->write_ev->add(client_closure->write_ev, + &client_closure->log_details->server_timeout) == -1) { + sudo_warn("%s", U_("unable to add event to queue")); + goto done; + } + ret = true; + } + } else { + if (!init_log_details(&details, evlog)) + goto done; + + /* Open connection to log server, send hello and alert messages. */ + client_closure = log_server_open(&details, now, false, + SEND_ALERT, emessage ? emessage : message, event_alloc); + if (client_closure != NULL) { + client_closure_free(client_closure); + ret = true; + } + + /* Only the log_servers string list is dynamically allocated. */ + str_list_free(details.log_servers); } done: - /* Only the log_servers string list is dynamically allocated. */ free(emessage); - str_list_free(details.log_servers); debug_return_bool(ret); } #else @@ -205,17 +243,21 @@ static bool log_reject(const char *message, bool logit, bool mailit) { - int evl_flags = 0; + const char *uuid_str = NULL; struct eventlog evlog; + int evl_flags = 0; bool ret = true; debug_decl(log_reject, SUDOERS_DEBUG_LOGGING); + if (!ISSET(sudo_mode, MODE_POLICY_INTERCEPTED)) + uuid_str = sudo_user.uuid_str; + if (mailit) { SET(evl_flags, EVLOG_MAIL); if (!logit) SET(evl_flags, EVLOG_MAIL_ONLY); } - sudoers_to_eventlog(&evlog, NewArgv, env_get()); + sudoers_to_eventlog(&evlog, NewArgv, env_get(), uuid_str); if (!eventlog_reject(&evlog, evl_flags, message, NULL, NULL)) ret = false; @@ -393,7 +435,7 @@ audit_failure(NewArgv, "%s", N_("authentication failure")); /* If sudoers denied the command we'll log that separately. */ - if (!ISSET(status, FLAG_BAD_PASSWORD|FLAG_NON_INTERACTIVE)) + if (!ISSET(status, FLAG_BAD_PASSWORD|FLAG_NO_USER_INPUT)) logit = false; /* @@ -462,9 +504,8 @@ * Log and potentially mail the allowed command. */ bool -log_allowed(void) +log_allowed(struct eventlog *evlog) { - struct eventlog evlog; int oldlocale; int evl_flags = 0; bool mailit, ret = true; @@ -477,18 +518,77 @@ /* Log and mail messages should be in the sudoers locale. */ sudoers_setlocale(SUDOERS_LOCALE_SUDOERS, &oldlocale); - sudoers_to_eventlog(&evlog, NewArgv, env_get()); if (mailit) { SET(evl_flags, EVLOG_MAIL); if (!def_log_allowed) SET(evl_flags, EVLOG_MAIL_ONLY); } - if (!eventlog_accept(&evlog, evl_flags, NULL, NULL)) + if (!eventlog_accept(evlog, evl_flags, NULL, NULL)) + ret = false; + + sudoers_setlocale(oldlocale, NULL); + } + + debug_return_bool(ret); +} + +bool +log_exit_status(int exit_status) +{ + struct eventlog evlog; + int evl_flags = 0; + int ecode = 0; + int oldlocale; + struct timespec run_time; + char sigbuf[SIG2STR_MAX]; + char *signame = NULL; + bool dumped_core = false; + bool ret = true; + debug_decl(log_exit_status, SUDOERS_DEBUG_LOGGING); + + if (def_log_exit_status || def_mail_always) { + if (sudo_gettime_real(&run_time) == -1) { + sudo_warn("%s", U_("unable to get time of day")); + ret = false; + goto done; + } + sudo_timespecsub(&run_time, &sudo_user.submit_time, &run_time); + + if (WIFEXITED(exit_status)) { + ecode = WEXITSTATUS(exit_status); + } else if (WIFSIGNALED(exit_status)) { + int signo = WTERMSIG(exit_status); + if (signo <= 0 || sig2str(signo, sigbuf) == -1) + (void)snprintf(sigbuf, sizeof(sigbuf), "%d", signo); + signame = sigbuf; + ecode = signo | 128; + dumped_core = WCOREDUMP(exit_status); + } else { + sudo_warnx("invalid exit status 0x%x", exit_status); + ret = false; + goto done; + } + + /* Log and mail messages should be in the sudoers locale. */ + sudoers_setlocale(SUDOERS_LOCALE_SUDOERS, &oldlocale); + + sudoers_to_eventlog(&evlog, NewArgv, env_get(), sudo_user.uuid_str); + if (def_mail_always) { + SET(evl_flags, EVLOG_MAIL); + if (!def_log_exit_status) + SET(evl_flags, EVLOG_MAIL_ONLY); + } + evlog.run_time = run_time; + evlog.exit_value = ecode; + evlog.signal_name = signame; + evlog.dumped_core = dumped_core; + if (!eventlog_exit(&evlog, evl_flags)) ret = false; sudoers_setlocale(oldlocale, NULL); } +done: debug_return_bool(ret); } @@ -555,7 +655,7 @@ if (ISSET(flags, SLOG_NO_LOG)) SET(evl_flags, EVLOG_MAIL_ONLY); } - sudoers_to_eventlog(&evlog, NewArgv, env_get()); + sudoers_to_eventlog(&evlog, NewArgv, env_get(), sudo_user.uuid_str); eventlog_alert(&evlog, evl_flags, &now, message, errstr); log_server_alert(&evlog, &now, message, errstr, @@ -650,7 +750,7 @@ */ void sudoers_to_eventlog(struct eventlog *evlog, char * const argv[], - char * const envp[]) + char * const envp[], const char *uuid_str) { struct group *grp; debug_decl(sudoers_to_eventlog, SUDOERS_DEBUG_LOGGING); @@ -695,6 +795,23 @@ evlog->runuid = (uid_t)-1; evlog->runuser = sudo_user.runas_user; } + if (uuid_str == NULL) { + unsigned char uuid[16]; + + sudo_uuid_create(uuid); + if (sudo_uuid_to_string(uuid, evlog->uuid_str, sizeof(evlog->uuid_str)) == NULL) + sudo_warnx("%s", U_("unable to generate UUID")); + } else { + strlcpy(evlog->uuid_str, uuid_str, sizeof(evlog->uuid_str)); + } + if (ISSET(sudo_mode, MODE_POLICY_INTERCEPTED)) { + struct timespec now; + if (sudo_gettime_real(&now) == -1) { + sudo_warn("%s", U_("unable to get time of day")); + } else { + sudo_timespecsub(&now, &sudo_user.submit_time, &evlog->iolog_offset); + } + } debug_return; } @@ -736,7 +853,7 @@ if (!warned) { warned = true; log_warning(SLOG_SEND_MAIL|SLOG_NO_LOG, - N_("unable to open log file: %s"), log_file); + N_("unable to open log file %s"), log_file); } if (fd != -1) close(fd); @@ -786,11 +903,6 @@ init_eventlog_config(void) { int logtype = 0; -#ifdef NO_ROOT_MAILER - uid_t mailuid = user_uid; -#else - uid_t mailuid = ROOT_UID; -#endif debug_decl(init_eventlog_config, SUDOERS_DEBUG_LOGGING); if (def_syslog) @@ -805,7 +917,7 @@ eventlog_set_syslog_alertpri(def_syslog_badpri); eventlog_set_syslog_maxlen(def_syslog_maxlen); eventlog_set_file_maxlen(def_loglinelen); - eventlog_set_mailuid(mailuid); + eventlog_set_mailuid(ROOT_UID); eventlog_set_omit_hostname(!def_log_host); eventlog_set_logpath(def_logfile); eventlog_set_time_fmt(def_log_year ? "%h %e %T %Y" : "%h %e %T"); diff -Nru sudo-1.9.5p2/plugins/sudoers/logging.h sudo-1.9.9/plugins/sudoers/logging.h --- sudo-1.9.5p2/plugins/sudoers/logging.h 2020-12-17 01:33:44.000000000 +0000 +++ sudo-1.9.9/plugins/sudoers/logging.h 2022-01-27 21:24:22.000000000 +0000 @@ -22,6 +22,21 @@ #include +struct sudoers_str_list; +struct log_details { + struct eventlog *evlog; + struct sudoers_str_list *log_servers; + struct timespec server_timeout; +# if defined(HAVE_OPENSSL) + char *ca_bundle; + char *cert_file; + char *key_file; +# endif /* HAVE_OPENSSL */ + bool keepalive; + bool verify_server; + bool ignore_log_errors; +}; + /* * Values for sudoers_setlocale() */ @@ -56,7 +71,8 @@ int sudoers_getlocale(void); int audit_failure(char *const argv[], char const *const fmt, ...) __printflike(2, 3); int vaudit_failure(char *const argv[], char const *const fmt, va_list ap) __printflike(2, 0); -bool log_allowed(void); +bool log_allowed(struct eventlog *evlog); +bool log_exit_status(int exit_status); bool log_auth_failure(int status, unsigned int tries); bool log_denial(int status, bool inform_user); bool log_failure(int status, int flags); @@ -67,7 +83,7 @@ bool gai_log_warning(int flags, int errnum, const char *fmt, ...) __printflike(3, 4); bool sudoers_initlocale(const char *ulocale, const char *slocale); bool sudoers_locale_callback(const union sudo_defs_val *); -void sudoers_to_eventlog(struct eventlog *evlog, char * const argv[], char *const envp[]); +void sudoers_to_eventlog(struct eventlog *evlog, char * const argv[], char *const envp[], const char *uuid_str); void init_eventlog_config(void); bool init_log_details(struct log_details *details, struct eventlog *evlog); diff -Nru sudo-1.9.5p2/plugins/sudoers/match.c sudo-1.9.9/plugins/sudoers/match.c --- sudo-1.9.5p2/plugins/sudoers/match.c 2020-12-17 01:33:44.000000000 +0000 +++ sudo-1.9.9/plugins/sudoers/match.c 2022-01-27 21:24:06.000000000 +0000 @@ -396,11 +396,6 @@ switch (m->type) { case ALL: - if (m->name == NULL) { - matched = !m->negated; - break; - } - FALLTHROUGH; case COMMAND: c = (struct sudo_command *)m->name; if (command_matches(c->cmnd, c->args, runchroot, info, &c->digests)) diff -Nru sudo-1.9.5p2/plugins/sudoers/match_command.c sudo-1.9.9/plugins/sudoers/match_command.c --- sudo-1.9.5p2/plugins/sudoers/match_command.c 2021-01-09 20:12:16.000000000 +0000 +++ sudo-1.9.9/plugins/sudoers/match_command.c 2022-01-27 21:24:06.000000000 +0000 @@ -33,11 +33,13 @@ #include #include #include -#ifdef HAVE_GLOB -# include -#else -# include "compat/glob.h" -#endif /* HAVE_GLOB */ +#ifndef SUDOERS_NAME_MATCH +# ifdef HAVE_GLOB +# include +# else +# include "compat/glob.h" +# endif /* HAVE_GLOB */ +#endif /* SUDOERS_NAME_MATCH */ #include #include #include @@ -79,31 +81,48 @@ debug_return_bool(false); } +#ifndef SUDOERS_NAME_MATCH /* * Stat file by fd is possible, else by path. * Returns true on success, else false. */ static bool -do_stat(int fd, const char *path, const char *runchroot, struct stat *sb) +do_stat(int fd, const char *path, const char *runchroot, bool intercepted, + struct stat *sb) { + struct stat sbuf; char pathbuf[PATH_MAX]; + bool ret; debug_decl(do_stat, SUDOERS_DEBUG_MATCH); - if (fd != -1) - debug_return_bool(fstat(fd, sb) == 0); + if (sb == NULL) + sb = &sbuf; - /* Make path relative to the new root, if any. */ - if (runchroot != NULL) { - const int len = - snprintf(pathbuf, sizeof(pathbuf), "%s%s", runchroot, path); - if (len >= ssizeof(pathbuf)) { - errno = ENAMETOOLONG; - debug_return_bool(false); + if (fd != -1) { + ret = fstat(fd, sb) == 0; + } else { + /* Make path relative to the new root, if any. */ + if (runchroot != NULL) { + const int len = + snprintf(pathbuf, sizeof(pathbuf), "%s%s", runchroot, path); + if (len >= ssizeof(pathbuf)) { + errno = ENAMETOOLONG; + debug_return_bool(false); + } + path = pathbuf; + } + ret = stat(path, sb) == 0; + } + if (ret && intercepted) { + if (!def_intercept_allow_setid && ISSET(sb->st_mode, S_ISUID|S_ISGID)) { + sudo_debug_printf(SUDO_DEBUG_WARN|SUDO_DEBUG_LINENO, + "rejecting setid command %s", path); + ret = false; } - path = pathbuf; } - debug_return_bool(stat(path, sb) == 0); + debug_return_int(ret); } +#endif /* SUDOERS_NAME_MATCH */ /* * Check whether the fd refers to a shell script with a "#!" shebang. @@ -206,12 +225,13 @@ debug_return; } +#ifndef SUDOERS_NAME_MATCH /* * Return true if user_cmnd names one of the inodes in dir, else false. */ static bool command_matches_dir(const char *sudoers_dir, size_t dlen, const char *runchroot, - const struct command_digest_list *digests) + bool intercepted, const struct command_digest_list *digests) { char buf[PATH_MAX], sdbuf[PATH_MAX]; struct stat sudoers_stat; @@ -262,7 +282,7 @@ /* Open the file for fdexec or for digest matching. */ if (!open_cmnd(buf, NULL, digests, &fd)) continue; - if (!do_stat(fd, buf, NULL, &sudoers_stat)) + if (!do_stat(fd, buf, NULL, intercepted, &sudoers_stat)) continue; if (user_stat == NULL || @@ -290,12 +310,44 @@ close(fd); debug_return_bool(false); } +#else /* SUDOERS_NAME_MATCH */ +/* + * Return true if user_cmnd names one of the inodes in dir, else false. + */ +static bool +command_matches_dir(const char *sudoers_dir, size_t dlen, const char *runchroot, + bool intercepted, const struct command_digest_list *digests) +{ + int fd = -1; + debug_decl(command_matches_dir, SUDOERS_DEBUG_MATCH); + + /* Match user_cmnd against sudoers_dir. */ + if (strncmp(user_cmnd, sudoers_dir, dlen) != 0 || user_cmnd[dlen] != '/') + goto bad; + + /* Make sure user_cmnd is not in a subdir of sudoers_dir. */ + if (strchr(user_cmnd + dlen + 1, '\0') != NULL) + goto bad; + + /* Open the file for fdexec or for digest matching. */ + if (!open_cmnd(user_cmnd, runchroot, digests, &fd)) + goto bad; + if (!digest_matches(fd, user_cmnd, runchroot, digests)) + goto bad; + set_cmnd_fd(fd); + + debug_return_bool(true); +bad: + if (fd != -1) + close(fd); + debug_return_bool(false); +} +#endif /* SUDOERS_NAME_MATCH */ static bool command_matches_all(const char *runchroot, - const struct command_digest_list *digests) + bool intercepted, const struct command_digest_list *digests) { - struct stat sb; /* XXX - unused */ int fd = -1; debug_decl(command_matches_all, SUDOERS_DEBUG_MATCH); @@ -303,8 +355,10 @@ /* Open the file for fdexec or for digest matching. */ if (!open_cmnd(user_cmnd, runchroot, digests, &fd)) goto bad; - if (!do_stat(fd, user_cmnd, runchroot, &sb)) +#ifndef SUDOERS_NAME_MATCH + if (!do_stat(fd, user_cmnd, runchroot, intercepted, NULL)) goto bad; +#endif } /* Check digest of user_cmnd since we have no sudoers_cmnd for ALL. */ @@ -315,18 +369,16 @@ /* No need to set safe_cmnd for ALL. */ debug_return_bool(true); bad: - if (fd != -1) { + if (fd != -1) close(fd); - fd = -1; - } debug_return_bool(false); } static bool command_matches_fnmatch(const char *sudoers_cmnd, const char *sudoers_args, - const char *runchroot, const struct command_digest_list *digests) + const char *runchroot, bool intercepted, + const struct command_digest_list *digests) { - struct stat sb; /* XXX - unused */ int fd = -1; debug_decl(command_matches_fnmatch, SUDOERS_DEBUG_MATCH); @@ -345,8 +397,10 @@ /* Open the file for fdexec or for digest matching. */ if (!open_cmnd(user_cmnd, runchroot, digests, &fd)) goto bad; - if (!do_stat(fd, user_cmnd, runchroot, &sb)) +#ifndef SUDOERS_NAME_MATCH + if (!do_stat(fd, user_cmnd, runchroot, intercepted, NULL)) goto bad; +#endif /* Check digest of user_cmnd since sudoers_cmnd is a pattern. */ if (!digest_matches(fd, user_cmnd, runchroot, digests)) goto bad; @@ -355,18 +409,18 @@ /* No need to set safe_cmnd since user_cmnd matches sudoers_cmnd */ debug_return_bool(true); bad: - if (fd != -1) { + if (fd != -1) close(fd); - fd = -1; - } debug_return_bool(false); } debug_return_bool(false); } +#ifndef SUDOERS_NAME_MATCH static bool command_matches_glob(const char *sudoers_cmnd, const char *sudoers_args, - const char *runchroot, const struct command_digest_list *digests) + const char *runchroot, bool intercepted, + const struct command_digest_list *digests) { struct stat sudoers_stat; bool bad_digest = false; @@ -384,11 +438,9 @@ */ dlen = strlen(sudoers_cmnd); if (sudoers_cmnd[dlen - 1] != '/') { - if ((base = strrchr(sudoers_cmnd, '/')) != NULL) { - base++; - if (!has_meta(base) && strcmp(user_base, base) != 0) - debug_return_bool(false); - } + base = sudo_basename(sudoers_cmnd); + if (!has_meta(base) && strcmp(user_base, base) != 0) + debug_return_bool(false); } /* Make sudoers_cmnd relative to the new root, if any. */ @@ -429,7 +481,7 @@ /* Open the file for fdexec or for digest matching. */ if (!open_cmnd(cp, runchroot, digests, &fd)) continue; - if (!do_stat(fd, cp, runchroot, &sudoers_stat)) + if (!do_stat(fd, cp, runchroot, intercepted, &sudoers_stat)) continue; if (user_stat == NULL || (user_stat->st_dev == sudoers_stat.st_dev && @@ -466,23 +518,22 @@ /* If it ends in '/' it is a directory spec. */ dlen = strlen(cp); if (cp[dlen - 1] == '/') { - if (command_matches_dir(cp, dlen, runchroot, digests)) + if (command_matches_dir(cp, dlen, runchroot, intercepted, digests)) { + globfree(&gl); debug_return_bool(true); + } continue; } /* Only proceed if user_base and basename(cp) match */ - if ((base = strrchr(cp, '/')) != NULL) - base++; - else - base = cp; + base = sudo_basename(cp); if (strcmp(user_base, base) != 0) continue; /* Open the file for fdexec or for digest matching. */ if (!open_cmnd(cp, runchroot, digests, &fd)) continue; - if (!do_stat(fd, cp, runchroot, &sudoers_stat)) + if (!do_stat(fd, cp, runchroot, intercepted, &sudoers_stat)) continue; if (user_stat == NULL || (user_stat->st_dev == sudoers_stat.st_dev && @@ -515,7 +566,8 @@ static bool command_matches_normal(const char *sudoers_cmnd, const char *sudoers_args, - const char *runchroot, const struct command_digest_list *digests) + const char *runchroot, bool intercepted, + const struct command_digest_list *digests) { struct stat sudoers_stat; const char *base; @@ -527,14 +579,11 @@ dlen = strlen(sudoers_cmnd); if (sudoers_cmnd[dlen - 1] == '/') { debug_return_bool(command_matches_dir(sudoers_cmnd, dlen, runchroot, - digests)); + intercepted, digests)); } /* Only proceed if user_base and basename(sudoers_cmnd) match */ - if ((base = strrchr(sudoers_cmnd, '/')) == NULL) - base = sudoers_cmnd; - else - base++; + base = sudo_basename(sudoers_cmnd); if (strcmp(user_base, base) != 0) debug_return_bool(false); @@ -549,7 +598,7 @@ * c) there are args in sudoers and on command line and they match * d) there is a digest and it matches */ - if (user_stat != NULL && do_stat(fd, sudoers_cmnd, runchroot, &sudoers_stat)) { + if (user_stat != NULL && do_stat(fd, sudoers_cmnd, runchroot, intercepted, &sudoers_stat)) { if (user_stat->st_dev != sudoers_stat.st_dev || user_stat->st_ino != sudoers_stat.st_ino) goto bad; @@ -576,6 +625,57 @@ close(fd); debug_return_bool(false); } +#else /* SUDOERS_NAME_MATCH */ +static bool +command_matches_glob(const char *sudoers_cmnd, const char *sudoers_args, + const char *runchroot, bool intercepted, + const struct command_digest_list *digests) +{ + return command_matches_fnmatch(sudoers_cmnd, sudoers_args, runchroot, + intercepted, digests); +} + +static bool +command_matches_normal(const char *sudoers_cmnd, const char *sudoers_args, + const char *runchroot, bool intercepted, + const struct command_digest_list *digests) +{ + size_t dlen; + int fd = -1; + debug_decl(command_matches_normal, SUDOERS_DEBUG_MATCH); + + /* If it ends in '/' it is a directory spec. */ + dlen = strlen(sudoers_cmnd); + if (sudoers_cmnd[dlen - 1] == '/') { + debug_return_bool(command_matches_dir(sudoers_cmnd, dlen, runchroot, + intercepted, digests)); + } + + if (strcmp(user_cmnd, sudoers_cmnd) == 0) { + if (command_args_match(sudoers_cmnd, sudoers_args)) { + /* Open the file for fdexec or for digest matching. */ + if (!open_cmnd(user_cmnd, runchroot, digests, &fd)) + goto bad; + if (!digest_matches(fd, user_cmnd, runchroot, digests)) + goto bad; + + /* Successful match. */ + free(safe_cmnd); + if ((safe_cmnd = strdup(sudoers_cmnd)) == NULL) { + sudo_warnx(U_("%s: %s"), __func__, + U_("unable to allocate memory")); + goto bad; + } + set_cmnd_fd(fd); + debug_return_bool(true); + } + } +bad: + if (fd != -1) + close(fd); + debug_return_bool(false); +} +#endif /* SUDOERS_NAME_MATCH */ /* * If path doesn't end in /, return true iff cmnd & path name the same inode; @@ -586,6 +686,7 @@ const char *runchroot, struct cmnd_info *info, const struct command_digest_list *digests) { + const bool intercepted = info ? info->intercepted : false; char *saved_user_cmnd = NULL; struct stat saved_user_stat; bool rc = false; @@ -618,7 +719,8 @@ } if (sudoers_cmnd == NULL) { - rc = command_matches_all(runchroot, digests); + sudoers_cmnd = "ALL"; + rc = command_matches_all(runchroot, intercepted, digests); goto done; } @@ -644,12 +746,16 @@ * If sudoers_cmnd has meta characters in it, we need to * use glob(3) and/or fnmatch(3) to do the matching. */ - if (def_fast_glob) - rc = command_matches_fnmatch(sudoers_cmnd, sudoers_args, runchroot, digests); - else - rc = command_matches_glob(sudoers_cmnd, sudoers_args, runchroot, digests); + if (def_fast_glob) { + rc = command_matches_fnmatch(sudoers_cmnd, sudoers_args, runchroot, + intercepted, digests); + } else { + rc = command_matches_glob(sudoers_cmnd, sudoers_args, runchroot, + intercepted, digests); + } } else { - rc = command_matches_normal(sudoers_cmnd, sudoers_args, runchroot, digests); + rc = command_matches_normal(sudoers_cmnd, sudoers_args, runchroot, + intercepted, digests); } done: if (saved_user_cmnd != NULL) { diff -Nru sudo-1.9.5p2/plugins/sudoers/mkdefaults sudo-1.9.9/plugins/sudoers/mkdefaults --- sudo-1.9.5p2/plugins/sudoers/mkdefaults 2020-12-17 01:33:44.000000000 +0000 +++ sudo-1.9.9/plugins/sudoers/mkdefaults 2022-01-27 21:24:22.000000000 +0000 @@ -46,6 +46,7 @@ type_map["T_TUPLE"] = "tuple" type_map["T_TIMESPEC"] = "tspec" type_map["T_TIMEOUT"] = "ival" + type_map["T_RLIMIT"] = "str" } { sub(/#.*/, "", $0) @@ -145,7 +146,7 @@ type = fields[2] sub(/\|.*/, "", type) if (!(type in type_map)) - die("unknown defaults type: " fields[2]) + die("unknown defaults type " fields[2]) # each variable gets a macro to access its value defname = "I_" toupper(fields[1]) diff -Nru sudo-1.9.5p2/plugins/sudoers/parse.c sudo-1.9.9/plugins/sudoers/parse.c --- sudo-1.9.5p2/plugins/sudoers/parse.c 2020-12-17 01:33:43.000000000 +0000 +++ sudo-1.9.9/plugins/sudoers/parse.c 2022-01-27 21:24:22.000000000 +0000 @@ -1,7 +1,7 @@ /* * SPDX-License-Identifier: ISC * - * Copyright (c) 2004-2005, 2007-2020 Todd C. Miller + * Copyright (c) 2004-2005, 2007-2021 Todd C. Miller * * Permission to use, copy, modify, and distribute this software for any * purpose with or without fee is hereby granted, provided that the above @@ -124,6 +124,8 @@ debug_decl(sudoers_lookup_check, SUDOERS_DEBUG_PARSER); memset(info, 0, sizeof(*info)); + if (def_intercept || ISSET(sudo_mode, MODE_POLICY_INTERCEPTED)) + info->intercepted = true; TAILQ_FOREACH_REVERSE(us, &nss->parse_tree->userspecs, userspec_list, entries) { if (userlist_matches(nss->parse_tree, pw, &us->users) != ALLOW) @@ -201,9 +203,12 @@ } } else { user_role = def_role; + def_role = NULL; + } + if (user_role != NULL) { + sudo_debug_printf(SUDO_DEBUG_INFO|SUDO_DEBUG_LINENO, + "user_role -> %s", user_role); } - sudo_debug_printf(SUDO_DEBUG_INFO|SUDO_DEBUG_LINENO, - "user_role -> %s", user_role); } if (user_type == NULL) { if (cs->type != NULL) { @@ -215,9 +220,24 @@ } } else { user_type = def_type; + def_type = NULL; + } + if (user_type != NULL) { + sudo_debug_printf(SUDO_DEBUG_INFO|SUDO_DEBUG_LINENO, + "user_type -> %s", user_type); + } + } + if (user_role != NULL || user_type != NULL) { + if (def_intercept) { + sudo_warnx("%s", + U_("SELinux RBAC is not supported when intercept mode is enabled")); + debug_return_bool(false); + } + if (def_log_subcmds) { + sudo_warnx("%s", + U_("SELinux RBAC is not supported when the log_subcmds flag is enabled")); + debug_return_bool(false); } - sudo_debug_printf(SUDO_DEBUG_INFO|SUDO_DEBUG_LINENO, - "user_type -> %s", user_type); } #endif /* HAVE_SELINUX */ #ifdef HAVE_PRIV_SET @@ -232,9 +252,12 @@ } } else { runas_privs = def_privs; + def_privs = NULL; + } + if (runas_privs != NULL) { + sudo_debug_printf(SUDO_DEBUG_INFO|SUDO_DEBUG_LINENO, + "runas_privs -> %s", runas_privs); } - sudo_debug_printf(SUDO_DEBUG_INFO|SUDO_DEBUG_LINENO, - "runas_privs -> %s", runas_privs); } if (runas_limitprivs == NULL) { if (cs->limitprivs != NULL) { @@ -246,9 +269,12 @@ } } else { runas_limitprivs = def_limitprivs; + def_limitprivs = NULL; + } + if (runas_limitprivs != NULL) { + sudo_debug_printf(SUDO_DEBUG_INFO|SUDO_DEBUG_LINENO, + "runas_limitprivs -> %s", runas_limitprivs); } - sudo_debug_printf(SUDO_DEBUG_INFO|SUDO_DEBUG_LINENO, - "runas_limitprivs -> %s", runas_limitprivs); } #endif /* HAVE_PRIV_SET */ if (cs->timeout > 0) { @@ -288,6 +314,11 @@ sudo_debug_printf(SUDO_DEBUG_INFO|SUDO_DEBUG_LINENO, "def_noexec -> %s", def_noexec ? "true" : "false"); } + if (cs->tags.intercept != UNSPEC) { + def_intercept = cs->tags.intercept; + sudo_debug_printf(SUDO_DEBUG_INFO|SUDO_DEBUG_LINENO, + "def_intercept -> %s", def_intercept ? "true" : "false"); + } if (cs->tags.setenv != UNSPEC) { def_setenv = cs->tags.setenv; sudo_debug_printf(SUDO_DEBUG_INFO|SUDO_DEBUG_LINENO, @@ -554,6 +585,8 @@ sudo_lbuf_append(lbuf, "%ssetenv, ", cs->tags.setenv ? "" : "!"); if (TAG_SET(cs->tags.noexec)) sudo_lbuf_append(lbuf, "%snoexec, ", cs->tags.noexec ? "" : "!"); + if (TAG_SET(cs->tags.intercept)) + sudo_lbuf_append(lbuf, "%sintercept, ", cs->tags.intercept ? "" : "!"); if (TAG_SET(cs->tags.nopasswd)) sudo_lbuf_append(lbuf, "%sauthenticate, ", cs->tags.nopasswd ? "!" : ""); if (TAG_SET(cs->tags.log_input)) @@ -588,16 +621,24 @@ sudo_lbuf_append(lbuf, " Timeout: %s\n", numbuf); } if (cs->notbefore != UNSPEC) { - char buf[sizeof("CCYYMMDDHHMMSSZ")]; - struct tm *tm = gmtime(&cs->notbefore); - if (strftime(buf, sizeof(buf), "%Y%m%d%H%M%SZ", tm) != 0) - sudo_lbuf_append(lbuf, " NotBefore: %s\n", buf); + char buf[sizeof("CCYYMMDDHHMMSSZ")] = ""; + struct tm gmt; + int len; + if (gmtime_r(&cs->notbefore, &gmt) != NULL) { + len = strftime(buf, sizeof(buf), "%Y%m%d%H%M%SZ", &gmt); + if (len != 0 && buf[sizeof(buf) - 1] == '\0') + sudo_lbuf_append(lbuf, " NotBefore: %s\n", buf); + } } if (cs->notafter != UNSPEC) { - char buf[sizeof("CCYYMMDDHHMMSSZ")]; - struct tm *tm = gmtime(&cs->notafter); - if (strftime(buf, sizeof(buf), "%Y%m%d%H%M%SZ", tm) != 0) - sudo_lbuf_append(lbuf, " NotAfter: %s\n", buf); + char buf[sizeof("CCYYMMDDHHMMSSZ")] = ""; + struct tm gmt; + int len; + if (gmtime_r(&cs->notafter, &gmt) != NULL) { + len = strftime(buf, sizeof(buf), "%Y%m%d%H%M%SZ", &gmt); + if (len != 0 && buf[sizeof(buf) - 1] == '\0') + sudo_lbuf_append(lbuf, " NotAfter: %s\n", buf); + } } sudo_lbuf_append(lbuf, "%s", _(" Commands:\n")); } @@ -654,11 +695,11 @@ TAILQ_FOREACH(d, &parse_tree->defaults, entries) { switch (d->type) { case DEFAULTS_HOST: - if (hostlist_matches(parse_tree, pw, d->binding) != ALLOW) + if (hostlist_matches(parse_tree, pw, &d->binding->members) != ALLOW) continue; break; case DEFAULTS_USER: - if (userlist_matches(parse_tree, pw, d->binding) != ALLOW) + if (userlist_matches(parse_tree, pw, &d->binding->members) != ALLOW) continue; break; case DEFAULTS_RUNAS: @@ -683,7 +724,7 @@ int deftype, struct sudo_lbuf *lbuf) { struct defaults *d; - struct member_list *binding = NULL; + struct defaults_binding *binding = NULL; struct member *m; char *dsep; int atype, nfound = 0; @@ -719,12 +760,12 @@ if (nfound != 1) sudo_lbuf_append(lbuf, "\n"); sudo_lbuf_append(lbuf, " Defaults%s", dsep); - TAILQ_FOREACH(m, binding, entries) { - if (m != TAILQ_FIRST(binding)) - sudo_lbuf_append(lbuf, ","); + TAILQ_FOREACH(m, &binding->members, entries) { + if (m != TAILQ_FIRST(&binding->members)) + sudo_lbuf_append(lbuf, ", "); sudoers_format_member(lbuf, parse_tree, m, ", ", atype); - sudo_lbuf_append(lbuf, " "); } + sudo_lbuf_append(lbuf, " "); } else sudo_lbuf_append(lbuf, ", "); sudoers_format_default(lbuf, d); diff -Nru sudo-1.9.5p2/plugins/sudoers/parse.h sudo-1.9.9/plugins/sudoers/parse.h --- sudo-1.9.5p2/plugins/sudoers/parse.h 2021-01-09 20:12:16.000000000 +0000 +++ sudo-1.9.9/plugins/sudoers/parse.h 2022-01-27 21:24:22.000000000 +0000 @@ -1,7 +1,7 @@ /* * SPDX-License-Identifier: ISC * - * Copyright (c) 1996, 1998-2000, 2004, 2007-2020 + * Copyright (c) 1996, 1998-2000, 2004, 2007-2021 * Todd C. Miller * * Permission to use, copy, modify, and distribute this software for any @@ -29,6 +29,11 @@ /* Returns true if string 's' contains meta characters. */ #define has_meta(s) (strpbrk(s, "\\?*[]") != NULL) +/* Match by name, not inode, when fuzzing. */ +#ifdef FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION +# define SUDOERS_NAME_MATCH +#endif + #undef UNSPEC #define UNSPEC -1 #undef DENY @@ -43,6 +48,7 @@ */ #define TAGS_INIT(t) do { \ (t)->follow = UNSPEC; \ + (t)->intercept = UNSPEC; \ (t)->log_input = UNSPEC; \ (t)->log_output = UNSPEC; \ (t)->noexec = UNSPEC; \ @@ -57,6 +63,8 @@ #define TAGS_MERGE(t, t2) do { \ if ((t2).follow != UNSPEC) \ (t).follow = (t2).follow; \ + if ((t2).intercept != UNSPEC) \ + (t).intercept = (t2).intercept; \ if ((t2).log_input != UNSPEC) \ (t).log_input = (t2).log_input; \ if ((t2).log_output != UNSPEC) \ @@ -75,10 +83,10 @@ * Returns true if any tag are not UNSPEC, else false. */ #define TAGS_SET(t) \ - ((t).follow != UNSPEC || (t).log_input != UNSPEC || \ - (t).log_output != UNSPEC || (t).noexec != UNSPEC || \ - (t).nopasswd != UNSPEC || (t).send_mail != UNSPEC || \ - (t).setenv != UNSPEC) + ((t).follow != UNSPEC || (t).intercept != UNSPEC || \ + (t).log_input != UNSPEC || (t).log_output != UNSPEC || \ + (t).noexec != UNSPEC || (t).nopasswd != UNSPEC || \ + (t).send_mail != UNSPEC || (t).setenv != UNSPEC) /* * Returns true if the specified tag is not UNSPEC or IMPLIED, else false. @@ -91,6 +99,7 @@ */ #define TAGS_CHANGED(ot, nt) \ ((TAG_SET((nt).follow) && (nt).follow != (ot).follow) || \ + (TAG_SET((nt).intercept) && (nt).intercept != (ot).intercept) || \ (TAG_SET((nt).log_input) && (nt).log_input != (ot).log_input) || \ (TAG_SET((nt).log_output) && (nt).log_output != (ot).log_output) || \ (TAG_SET((nt).noexec) && (nt).noexec != (ot).noexec) || \ @@ -116,13 +125,14 @@ * Possible values: true, false, IMPLIED, UNSPEC. */ struct cmndtag { - signed int nopasswd: 3; - signed int noexec: 3; - signed int setenv: 3; + signed int follow: 3; + signed int intercept: 3; signed int log_input: 3; signed int log_output: 3; + signed int noexec: 3; + signed int nopasswd: 3; signed int send_mail: 3; - signed int follow: 3; + signed int setenv: 3; }; /* @@ -167,6 +177,7 @@ TAILQ_HEAD(cmndspec_list, cmndspec); TAILQ_HEAD(command_digest_list, command_digest); STAILQ_HEAD(comment_list, sudoers_comment); +TAILQ_HEAD(sudoers_parse_tree_list, sudoers_parse_tree); /* * Structure describing a user specification and list thereof. @@ -240,6 +251,11 @@ struct member *runasgroups; }; +struct defaults_binding { + struct member_list members; + unsigned int refcnt; +}; + struct sudoers_comment { STAILQ_ENTRY(sudoers_comment) entries; char *str; @@ -266,7 +282,7 @@ TAILQ_ENTRY(defaults) entries; char *var; /* variable name */ char *val; /* variable value */ - struct member_list *binding; /* user/host/runas binding */ + struct defaults_binding *binding; /* user/host/runas binding */ char *file; /* file Defaults entry was in */ short type; /* DEFAULTS{,_USER,_RUNAS,_HOST} */ char op; /* true, false, '+', '-' */ @@ -279,10 +295,11 @@ * Parsed sudoers policy. */ struct sudoers_parse_tree { + TAILQ_ENTRY(sudoers_parse_tree) entries; struct userspec_list userspecs; struct defaults_list defaults; struct rbtree *aliases; - const char *shost, *lhost; + char *shost, *lhost; }; /* @@ -292,7 +309,39 @@ struct stat cmnd_stat; char *cmnd_path; int status; + bool intercepted; +}; + +/* + * The parser passes pointers to data structures that are not stored anywhere. + * We add them to the leak list at allocation time and remove them from + * the list when they are stored in another data structure. + * This makes it possible to free data on error that would otherwise be leaked. + */ +enum parser_leak_types { + LEAK_UNKNOWN, + LEAK_PRIVILEGE, + LEAK_CMNDSPEC, + LEAK_DEFAULTS, + LEAK_MEMBER, + LEAK_DIGEST, + LEAK_RUNAS, + LEAK_PTR +}; +struct parser_leak_entry { + SLIST_ENTRY(parser_leak_entry) entries; + enum parser_leak_types type; + union { + struct command_digest *dig; + struct privilege *p; + struct cmndspec *cs; + struct defaults *d; + struct member *m; + struct runascontainer *rc; + void *ptr; + } u; }; +SLIST_HEAD(parser_leak_list, parser_leak_entry); /* alias.c */ struct rbtree *alloc_aliases(void); @@ -301,26 +350,33 @@ bool alias_add(struct sudoers_parse_tree *parse_tree, char *name, int type, char *file, int line, int column, struct member *members); const char *alias_type_to_string(int alias_type); struct alias *alias_get(struct sudoers_parse_tree *parse_tree, const char *name, int type); -struct alias *alias_remove(struct sudoers_parse_tree *parse_tree, char *name, int type); +struct alias *alias_remove(struct sudoers_parse_tree *parse_tree, const char *name, int type); bool alias_find_used(struct sudoers_parse_tree *parse_tree, struct rbtree *used_aliases); void alias_apply(struct sudoers_parse_tree *parse_tree, int (*func)(struct sudoers_parse_tree *, struct alias *, void *), void *cookie); void alias_free(void *a); void alias_put(struct alias *a); +/* check_aliases.c */ +int check_aliases(struct sudoers_parse_tree *parse_tree, bool strict, bool quiet, int (*cb_unused)(struct sudoers_parse_tree *, struct alias *, void *)); + /* gram.c */ extern struct sudoers_parse_tree parsed_policy; bool init_parser(const char *path, bool quiet, bool strict); -struct member *new_member_all(char *name); void free_member(struct member *m); void free_members(struct member_list *members); +void free_cmndspec(struct cmndspec *cs, struct cmndspec_list *csl); +void free_cmndspecs(struct cmndspec_list *csl); void free_privilege(struct privilege *priv); void free_userspec(struct userspec *us); void free_userspecs(struct userspec_list *usl); -void free_default(struct defaults *def, struct member_list **binding); +void free_default(struct defaults *def); void free_defaults(struct defaults_list *defs); -void init_parse_tree(struct sudoers_parse_tree *parse_tree, const char *lhost, const char *shost); +void init_parse_tree(struct sudoers_parse_tree *parse_tree, char *lhost, char *shost); void free_parse_tree(struct sudoers_parse_tree *parse_tree); void reparent_parse_tree(struct sudoers_parse_tree *new_tree); +bool parser_leak_add(enum parser_leak_types type, void *v); +bool parser_leak_remove(enum parser_leak_types type, void *v); +void parser_leak_init(void); /* match_addr.c */ bool addr_matches(char *n); @@ -362,9 +418,6 @@ /* timeout.c */ int parse_timeout(const char *timestr); -/* gmtoff.c */ -long get_gmtoff(time_t *clock); - /* gentime.c */ time_t parse_gentime(const char *expstr); diff -Nru sudo-1.9.5p2/plugins/sudoers/parse_ldif.c sudo-1.9.9/plugins/sudoers/parse_ldif.c --- sudo-1.9.5p2/plugins/sudoers/parse_ldif.c 2020-12-17 01:33:44.000000000 +0000 +++ sudo-1.9.9/plugins/sudoers/parse_ldif.c 2022-01-27 21:24:22.000000000 +0000 @@ -252,7 +252,8 @@ sudo_fatalx(U_("%s: %s"), __func__, U_("unable to allocate memory")); } - TAILQ_INIT(d->binding); + TAILQ_INIT(&d->binding->members); + d->binding->refcnt = 1; d->type = DEFAULTS; d->op = sudo_ldap_parse_option(ls->str, &var, &val); if ((d->var = strdup(var)) == NULL) { @@ -479,6 +480,8 @@ /* Convert from list of roles to array and sort by order. */ role_array = reallocarray(NULL, numroles + 1, sizeof(*role_array)); + if (role_array == NULL) + sudo_fatalx(U_("%s: %s"), __func__, U_("unable to allocate memory")); for (n = 0; n < numroles; n++) { if ((role = STAILQ_FIRST(roles)) == NULL) break; /* cannot happen */ @@ -762,17 +765,16 @@ } sudo_role_free(role); free(line); + free(savedline); /* Convert from roles to sudoers data structures. */ - ldif_to_sudoers(parse_tree, &roles, numroles, store_options); + if (numroles > 0) + ldif_to_sudoers(parse_tree, &roles, numroles, store_options); /* Clean up. */ rbdestroy(usercache, str_list_free); rbdestroy(groupcache, str_list_free); rbdestroy(hostcache, str_list_free); - if (fp != stdin) - fclose(fp); - debug_return_bool(errors == 0); } Binary files /tmp/tmpi0rdlgnl/ugezXHF7Xt/sudo-1.9.5p2/plugins/sudoers/po/ca.mo and /tmp/tmpi0rdlgnl/jboyaHmwzR/sudo-1.9.9/plugins/sudoers/po/ca.mo differ diff -Nru sudo-1.9.5p2/plugins/sudoers/po/ca.po sudo-1.9.9/plugins/sudoers/po/ca.po --- sudo-1.9.5p2/plugins/sudoers/po/ca.po 2020-12-17 01:33:44.000000000 +0000 +++ sudo-1.9.9/plugins/sudoers/po/ca.po 2022-01-27 21:24:06.000000000 +0000 @@ -1,6 +1,6 @@ # Portable object template file for the sudoers plugin # This file is put in the public domain. -# Walter Garcia-Fontes , 2020. +# Walter Garcia-Fontes , 2021. # # Glossari # @@ -8,10 +8,10 @@ # tty - el terminal, això prové de l'acrònim en anglès per a teletip (tty) i ara s'usa per a un terminal obert on es pot entrar informació msgid "" msgstr "" -"Project-Id-Version: sudoers 1.8.29rc1\n" +"Project-Id-Version: sudoers 1.9.6b1\n" "Report-Msgid-Bugs-To: https://bugzilla.sudo.ws\n" -"POT-Creation-Date: 2019-10-21 19:55-0600\n" -"PO-Revision-Date: 2020-03-03 12:42+0100\n" +"POT-Creation-Date: 2021-03-02 19:29-0700\n" +"PO-Revision-Date: 2021-04-27 11:00+0200\n" "Last-Translator: Walter Garcia-Fontes \n" "Language-Team: Catalan \n" "Language: ca\n" @@ -21,7 +21,7 @@ "X-Bugs: Report translation errors to the Language-Team address.\n" "Plural-Forms: nplurals=2; plural=n != 1;\n" -#: confstr.sh:1 +#: confstr.sh:1 gram.y:1183 msgid "syntax error" msgstr "error de sintaxi" @@ -45,267 +45,958 @@ msgid "Sorry, try again." msgstr "Ho sentim, proveu un altre cop." -#: gram.y:196 gram.y:244 gram.y:251 gram.y:258 gram.y:265 gram.y:272 -#: gram.y:288 gram.y:312 gram.y:319 gram.y:326 gram.y:333 gram.y:340 -#: gram.y:403 gram.y:412 gram.y:423 gram.y:456 gram.y:463 gram.y:470 -#: gram.y:477 gram.y:559 gram.y:566 gram.y:575 gram.y:584 gram.y:601 -#: gram.y:713 gram.y:720 gram.y:727 gram.y:735 gram.y:835 gram.y:842 -#: gram.y:849 gram.y:856 gram.y:863 gram.y:889 gram.y:896 gram.y:903 -#: gram.y:1026 gram.y:1303 plugins/sudoers/alias.c:132 -#: plugins/sudoers/alias.c:139 plugins/sudoers/alias.c:155 -#: plugins/sudoers/auth/bsdauth.c:148 plugins/sudoers/auth/kerb5.c:123 -#: plugins/sudoers/auth/kerb5.c:149 plugins/sudoers/auth/pam.c:670 -#: plugins/sudoers/auth/rfc1938.c:116 plugins/sudoers/auth/sia.c:64 -#: plugins/sudoers/cvtsudoers.c:124 plugins/sudoers/cvtsudoers.c:165 -#: plugins/sudoers/cvtsudoers.c:182 plugins/sudoers/cvtsudoers.c:193 -#: plugins/sudoers/cvtsudoers.c:305 plugins/sudoers/cvtsudoers.c:433 -#: plugins/sudoers/cvtsudoers.c:566 plugins/sudoers/cvtsudoers.c:583 +#: gram.y:233 gram.y:300 gram.y:309 gram.y:318 gram.y:328 gram.y:338 +#: gram.y:362 gram.y:389 gram.y:398 gram.y:406 gram.y:415 gram.y:424 +#: gram.y:496 gram.y:506 gram.y:518 gram.y:562 gram.y:571 gram.y:580 +#: gram.y:589 gram.y:619 gram.y:716 gram.y:724 gram.y:735 gram.y:747 +#: gram.y:766 gram.y:914 gram.y:922 gram.y:932 gram.y:938 gram.y:1060 +#: gram.y:1069 gram.y:1077 gram.y:1086 gram.y:1095 gram.y:1124 gram.y:1133 +#: gram.y:1141 gram.y:1231 gram.y:1343 gram.y:1650 gram.y:1700 +#: lib/eventlog/eventlog.c:260 lib/eventlog/eventlog.c:333 +#: lib/eventlog/eventlog.c:733 lib/eventlog/eventlog.c:797 +#: lib/eventlog/eventlog.c:1053 lib/iolog/iolog_json.c:125 +#: lib/iolog/iolog_json.c:330 lib/iolog/iolog_json.c:360 +#: lib/iolog/iolog_json.c:503 lib/iolog/iolog_legacy.c:100 +#: lib/iolog/iolog_legacy.c:111 lib/iolog/iolog_legacy.c:123 +#: lib/iolog/iolog_legacy.c:133 lib/iolog/iolog_legacy.c:139 +#: lib/iolog/iolog_loginfo.c:76 lib/iolog/iolog_loginfo.c:210 +#: logsrvd/sendlog.c:496 plugins/sudoers/audit.c:115 +#: plugins/sudoers/audit.c:263 plugins/sudoers/auth/bsdauth.c:143 +#: plugins/sudoers/auth/kerb5.c:118 plugins/sudoers/auth/kerb5.c:144 +#: plugins/sudoers/auth/pam.c:689 plugins/sudoers/auth/rfc1938.c:111 +#: plugins/sudoers/auth/sia.c:59 plugins/sudoers/check_aliases.c:95 +#: plugins/sudoers/cvtsudoers.c:119 plugins/sudoers/cvtsudoers.c:160 +#: plugins/sudoers/cvtsudoers.c:177 plugins/sudoers/cvtsudoers.c:188 +#: plugins/sudoers/cvtsudoers.c:300 plugins/sudoers/cvtsudoers.c:428 +#: plugins/sudoers/cvtsudoers.c:561 plugins/sudoers/cvtsudoers.c:578 #: plugins/sudoers/cvtsudoers.c:646 plugins/sudoers/cvtsudoers.c:761 -#: plugins/sudoers/cvtsudoers.c:769 plugins/sudoers/cvtsudoers.c:1179 -#: plugins/sudoers/cvtsudoers.c:1183 plugins/sudoers/cvtsudoers.c:1285 -#: plugins/sudoers/cvtsudoers_ldif.c:154 plugins/sudoers/cvtsudoers_ldif.c:197 -#: plugins/sudoers/cvtsudoers_ldif.c:244 plugins/sudoers/cvtsudoers_ldif.c:263 -#: plugins/sudoers/cvtsudoers_ldif.c:334 plugins/sudoers/cvtsudoers_ldif.c:389 -#: plugins/sudoers/cvtsudoers_ldif.c:397 plugins/sudoers/cvtsudoers_ldif.c:414 -#: plugins/sudoers/cvtsudoers_ldif.c:423 plugins/sudoers/cvtsudoers_ldif.c:570 -#: plugins/sudoers/defaults.c:666 plugins/sudoers/defaults.c:959 -#: plugins/sudoers/defaults.c:1130 plugins/sudoers/editor.c:72 -#: plugins/sudoers/editor.c:90 plugins/sudoers/editor.c:101 -#: plugins/sudoers/env.c:268 plugins/sudoers/filedigest.c:66 -#: plugins/sudoers/filedigest.c:82 plugins/sudoers/gc.c:59 -#: plugins/sudoers/group_plugin.c:138 plugins/sudoers/interfaces.c:78 -#: plugins/sudoers/iolog.c:943 plugins/sudoers/iolog_path.c:174 -#: plugins/sudoers/iolog_util.c:86 plugins/sudoers/iolog_util.c:125 -#: plugins/sudoers/iolog_util.c:134 plugins/sudoers/iolog_util.c:144 -#: plugins/sudoers/iolog_util.c:152 plugins/sudoers/iolog_util.c:156 -#: plugins/sudoers/ldap.c:185 plugins/sudoers/ldap.c:416 -#: plugins/sudoers/ldap.c:420 plugins/sudoers/ldap.c:432 -#: plugins/sudoers/ldap.c:723 plugins/sudoers/ldap.c:887 -#: plugins/sudoers/ldap.c:1241 plugins/sudoers/ldap.c:1668 -#: plugins/sudoers/ldap.c:1705 plugins/sudoers/ldap.c:1786 -#: plugins/sudoers/ldap.c:1921 plugins/sudoers/ldap.c:2022 -#: plugins/sudoers/ldap.c:2038 plugins/sudoers/ldap_conf.c:223 -#: plugins/sudoers/ldap_conf.c:254 plugins/sudoers/ldap_conf.c:306 -#: plugins/sudoers/ldap_conf.c:342 plugins/sudoers/ldap_conf.c:446 -#: plugins/sudoers/ldap_conf.c:461 plugins/sudoers/ldap_conf.c:558 -#: plugins/sudoers/ldap_conf.c:591 plugins/sudoers/ldap_conf.c:683 -#: plugins/sudoers/ldap_conf.c:765 plugins/sudoers/ldap_util.c:510 -#: plugins/sudoers/ldap_util.c:567 plugins/sudoers/linux_audit.c:83 -#: plugins/sudoers/logging.c:202 plugins/sudoers/logging.c:532 -#: plugins/sudoers/logging.c:558 plugins/sudoers/logging.c:599 -#: plugins/sudoers/logging.c:740 plugins/sudoers/logging.c:1100 -#: plugins/sudoers/match_command.c:249 plugins/sudoers/match_command.c:367 -#: plugins/sudoers/match_command.c:414 plugins/sudoers/match_command.c:485 -#: plugins/sudoers/match_digest.c:70 plugins/sudoers/parse.c:200 -#: plugins/sudoers/parse.c:212 plugins/sudoers/parse.c:227 -#: plugins/sudoers/parse.c:239 plugins/sudoers/parse_ldif.c:156 -#: plugins/sudoers/parse_ldif.c:187 plugins/sudoers/parse_ldif.c:256 -#: plugins/sudoers/parse_ldif.c:263 plugins/sudoers/parse_ldif.c:268 -#: plugins/sudoers/parse_ldif.c:344 plugins/sudoers/parse_ldif.c:355 -#: plugins/sudoers/parse_ldif.c:361 plugins/sudoers/parse_ldif.c:386 -#: plugins/sudoers/parse_ldif.c:398 plugins/sudoers/parse_ldif.c:402 -#: plugins/sudoers/parse_ldif.c:416 plugins/sudoers/parse_ldif.c:584 -#: plugins/sudoers/parse_ldif.c:614 plugins/sudoers/parse_ldif.c:639 -#: plugins/sudoers/parse_ldif.c:697 plugins/sudoers/parse_ldif.c:714 -#: plugins/sudoers/parse_ldif.c:742 plugins/sudoers/parse_ldif.c:749 -#: plugins/sudoers/policy.c:504 plugins/sudoers/policy.c:750 -#: plugins/sudoers/prompt.c:100 plugins/sudoers/pwutil.c:199 -#: plugins/sudoers/pwutil.c:270 plugins/sudoers/pwutil.c:348 -#: plugins/sudoers/pwutil.c:522 plugins/sudoers/pwutil.c:586 -#: plugins/sudoers/pwutil.c:657 plugins/sudoers/pwutil.c:816 -#: plugins/sudoers/pwutil.c:873 plugins/sudoers/pwutil.c:917 -#: plugins/sudoers/pwutil.c:975 plugins/sudoers/sssd.c:154 -#: plugins/sudoers/sssd.c:400 plugins/sudoers/sssd.c:463 -#: plugins/sudoers/sssd.c:507 plugins/sudoers/sssd.c:554 -#: plugins/sudoers/sssd.c:746 plugins/sudoers/stubs.c:103 -#: plugins/sudoers/stubs.c:111 plugins/sudoers/sudoers.c:273 -#: plugins/sudoers/sudoers.c:283 plugins/sudoers/sudoers.c:292 -#: plugins/sudoers/sudoers.c:334 plugins/sudoers/sudoers.c:657 -#: plugins/sudoers/sudoers.c:786 plugins/sudoers/sudoers.c:830 -#: plugins/sudoers/sudoers.c:1124 plugins/sudoers/sudoers_debug.c:114 -#: plugins/sudoers/sudoreplay.c:584 plugins/sudoers/sudoreplay.c:587 -#: plugins/sudoers/sudoreplay.c:1265 plugins/sudoers/sudoreplay.c:1465 -#: plugins/sudoers/sudoreplay.c:1469 plugins/sudoers/testsudoers.c:136 -#: plugins/sudoers/testsudoers.c:236 plugins/sudoers/testsudoers.c:253 -#: plugins/sudoers/testsudoers.c:587 plugins/sudoers/timestamp.c:439 -#: plugins/sudoers/timestamp.c:483 plugins/sudoers/timestamp.c:960 -#: plugins/sudoers/toke_util.c:59 plugins/sudoers/toke_util.c:112 -#: plugins/sudoers/toke_util.c:149 plugins/sudoers/tsdump.c:130 -#: plugins/sudoers/visudo.c:152 plugins/sudoers/visudo.c:328 -#: plugins/sudoers/visudo.c:334 plugins/sudoers/visudo.c:444 -#: plugins/sudoers/visudo.c:622 plugins/sudoers/visudo.c:942 -#: plugins/sudoers/visudo.c:1029 plugins/sudoers/visudo.c:1118 toke.l:846 -#: toke.l:947 toke.l:1104 +#: plugins/sudoers/cvtsudoers.c:769 plugins/sudoers/cvtsudoers.c:1183 +#: plugins/sudoers/cvtsudoers.c:1187 plugins/sudoers/cvtsudoers.c:1289 +#: plugins/sudoers/cvtsudoers_json.c:76 plugins/sudoers/cvtsudoers_ldif.c:151 +#: plugins/sudoers/cvtsudoers_ldif.c:194 plugins/sudoers/cvtsudoers_ldif.c:235 +#: plugins/sudoers/cvtsudoers_ldif.c:300 plugins/sudoers/cvtsudoers_ldif.c:371 +#: plugins/sudoers/cvtsudoers_ldif.c:421 plugins/sudoers/cvtsudoers_ldif.c:429 +#: plugins/sudoers/cvtsudoers_ldif.c:440 plugins/sudoers/cvtsudoers_ldif.c:447 +#: plugins/sudoers/cvtsudoers_ldif.c:460 plugins/sudoers/cvtsudoers_ldif.c:468 +#: plugins/sudoers/cvtsudoers_ldif.c:615 plugins/sudoers/defaults.c:638 +#: plugins/sudoers/defaults.c:933 plugins/sudoers/defaults.c:1108 +#: plugins/sudoers/editor.c:181 plugins/sudoers/env.c:262 +#: plugins/sudoers/exptilde.c:92 plugins/sudoers/filedigest.c:54 +#: plugins/sudoers/filedigest.c:70 plugins/sudoers/gc.c:57 +#: plugins/sudoers/group_plugin.c:133 plugins/sudoers/interfaces.c:72 +#: plugins/sudoers/iolog.c:609 plugins/sudoers/iolog.c:626 +#: plugins/sudoers/ldap.c:184 plugins/sudoers/ldap.c:422 +#: plugins/sudoers/ldap.c:432 plugins/sudoers/ldap.c:437 +#: plugins/sudoers/ldap.c:441 plugins/sudoers/ldap.c:453 +#: plugins/sudoers/ldap.c:744 plugins/sudoers/ldap.c:908 +#: plugins/sudoers/ldap.c:1281 plugins/sudoers/ldap.c:1709 +#: plugins/sudoers/ldap.c:1746 plugins/sudoers/ldap.c:1827 +#: plugins/sudoers/ldap.c:1962 plugins/sudoers/ldap.c:2063 +#: plugins/sudoers/ldap.c:2079 plugins/sudoers/ldap_conf.c:218 +#: plugins/sudoers/ldap_conf.c:249 plugins/sudoers/ldap_conf.c:301 +#: plugins/sudoers/ldap_conf.c:337 plugins/sudoers/ldap_conf.c:441 +#: plugins/sudoers/ldap_conf.c:456 plugins/sudoers/ldap_conf.c:553 +#: plugins/sudoers/ldap_conf.c:586 plugins/sudoers/ldap_conf.c:678 +#: plugins/sudoers/ldap_conf.c:760 plugins/sudoers/ldap_util.c:326 +#: plugins/sudoers/ldap_util.c:333 plugins/sudoers/ldap_util.c:648 +#: plugins/sudoers/linux_audit.c:86 plugins/sudoers/log_client.c:105 +#: plugins/sudoers/log_client.c:381 plugins/sudoers/log_client.c:686 +#: plugins/sudoers/log_client.c:704 plugins/sudoers/log_client.c:1413 +#: plugins/sudoers/log_client.c:1626 plugins/sudoers/log_client.c:1950 +#: plugins/sudoers/log_client.c:2007 plugins/sudoers/logging.c:100 +#: plugins/sudoers/logging.c:166 plugins/sudoers/logging.c:426 +#: plugins/sudoers/logging.c:446 plugins/sudoers/logging.c:527 +#: plugins/sudoers/match_command.c:286 plugins/sudoers/match_command.c:484 +#: plugins/sudoers/match_command.c:533 plugins/sudoers/match_command.c:604 +#: plugins/sudoers/match_command.c:650 plugins/sudoers/match_digest.c:93 +#: plugins/sudoers/parse.c:199 plugins/sudoers/parse.c:216 +#: plugins/sudoers/parse.c:236 plugins/sudoers/parse.c:253 +#: plugins/sudoers/parse.c:276 plugins/sudoers/parse.c:287 +#: plugins/sudoers/parse_ldif.c:153 plugins/sudoers/parse_ldif.c:184 +#: plugins/sudoers/parse_ldif.c:253 plugins/sudoers/parse_ldif.c:260 +#: plugins/sudoers/parse_ldif.c:265 plugins/sudoers/parse_ldif.c:341 +#: plugins/sudoers/parse_ldif.c:352 plugins/sudoers/parse_ldif.c:379 +#: plugins/sudoers/parse_ldif.c:396 plugins/sudoers/parse_ldif.c:408 +#: plugins/sudoers/parse_ldif.c:412 plugins/sudoers/parse_ldif.c:426 +#: plugins/sudoers/parse_ldif.c:483 plugins/sudoers/parse_ldif.c:596 +#: plugins/sudoers/parse_ldif.c:626 plugins/sudoers/parse_ldif.c:651 +#: plugins/sudoers/parse_ldif.c:709 plugins/sudoers/parse_ldif.c:726 +#: plugins/sudoers/parse_ldif.c:754 plugins/sudoers/parse_ldif.c:761 +#: plugins/sudoers/policy.c:543 plugins/sudoers/policy.c:890 +#: plugins/sudoers/prompt.c:93 plugins/sudoers/pwutil.c:195 +#: plugins/sudoers/pwutil.c:266 plugins/sudoers/pwutil.c:344 +#: plugins/sudoers/pwutil.c:518 plugins/sudoers/pwutil.c:583 +#: plugins/sudoers/pwutil.c:655 plugins/sudoers/pwutil.c:854 +#: plugins/sudoers/pwutil.c:910 plugins/sudoers/pwutil.c:954 +#: plugins/sudoers/pwutil.c:1011 plugins/sudoers/sssd.c:145 +#: plugins/sudoers/sssd.c:407 plugins/sudoers/sssd.c:470 +#: plugins/sudoers/sssd.c:514 plugins/sudoers/sssd.c:561 +#: plugins/sudoers/sssd.c:754 plugins/sudoers/strvec_join.c:53 +#: plugins/sudoers/stubs.c:111 plugins/sudoers/stubs.c:119 +#: plugins/sudoers/sudoers.c:299 plugins/sudoers/sudoers.c:325 +#: plugins/sudoers/sudoers.c:374 plugins/sudoers/sudoers.c:384 +#: plugins/sudoers/sudoers.c:425 plugins/sudoers/sudoers.c:787 +#: plugins/sudoers/sudoers.c:922 plugins/sudoers/sudoers.c:975 +#: plugins/sudoers/sudoers.c:1241 plugins/sudoers/sudoreplay.c:552 +#: plugins/sudoers/sudoreplay.c:555 plugins/sudoers/sudoreplay.c:1259 +#: plugins/sudoers/sudoreplay.c:1469 plugins/sudoers/sudoreplay.c:1473 +#: plugins/sudoers/testsudoers.c:128 plugins/sudoers/testsudoers.c:225 +#: plugins/sudoers/testsudoers.c:242 plugins/sudoers/testsudoers.c:581 +#: plugins/sudoers/timestamp.c:422 plugins/sudoers/timestamp.c:466 +#: plugins/sudoers/timestamp.c:967 plugins/sudoers/timestamp.c:1105 +#: plugins/sudoers/toke_util.c:77 plugins/sudoers/toke_util.c:105 +#: plugins/sudoers/toke_util.c:130 plugins/sudoers/toke_util.c:155 +#: plugins/sudoers/toke_util.c:193 plugins/sudoers/tsdump.c:123 +#: plugins/sudoers/visudo.c:143 plugins/sudoers/visudo.c:321 +#: plugins/sudoers/visudo.c:327 plugins/sudoers/visudo.c:433 +#: plugins/sudoers/visudo.c:609 plugins/sudoers/visudo.c:926 +#: plugins/sudoers/visudo.c:999 toke.l:928 toke.l:1057 toke.l:1117 msgid "unable to allocate memory" msgstr "no es pot assignar memòria" -#: gram.y:488 +#: gram.y:613 msgid "a digest requires a path name" msgstr "au un resum li cal un nom de camí" -#: gram.y:614 +#: gram.y:643 +msgid "values for \"CWD\" must start with a '/', '~', or '*'" +msgstr "els valores per a «CWD» han de començar amb «/», «~» o «*»" + +#: gram.y:655 +msgid "values for \"CHROOT\" must start with a '/', '~', or '*'" +msgstr "els valors per a «CHROOT» han de començar amb «/», «~», o «*»" + +#: gram.y:786 +#, c-format +msgid "syntax error, reserved word %s used as an alias name" +msgstr "error de sintaxi, la paraula reservada %s s'ha usat com un nom d'àlies" + +#: gram.y:809 msgid "invalid notbefore value" msgstr "valor notbefore no vàlid" -#: gram.y:622 +#: gram.y:818 msgid "invalid notafter value" msgstr "valor invàlid de notafter" -#: gram.y:631 plugins/sudoers/policy.c:320 +#: gram.y:828 plugins/sudoers/policy.c:339 msgid "timeout value too large" msgstr "valor massa llarg de temps d'espera" -#: gram.y:633 plugins/sudoers/policy.c:322 +#: gram.y:830 plugins/sudoers/policy.c:341 msgid "invalid timeout value" msgstr "valor no vàlid de temps d'espera" -#: gram.y:1303 plugins/sudoers/auth/pam.c:483 plugins/sudoers/auth/pam.c:670 -#: plugins/sudoers/auth/rfc1938.c:116 plugins/sudoers/cvtsudoers.c:124 -#: plugins/sudoers/cvtsudoers.c:164 plugins/sudoers/cvtsudoers.c:181 -#: plugins/sudoers/cvtsudoers.c:192 plugins/sudoers/cvtsudoers.c:304 -#: plugins/sudoers/cvtsudoers.c:432 plugins/sudoers/cvtsudoers.c:565 -#: plugins/sudoers/cvtsudoers.c:582 plugins/sudoers/cvtsudoers.c:646 +#: gram.y:1185 +#, c-format +msgid "%s:%d:%d: %s\n" +msgstr "%s:%d:%d: %s\n" + +#: gram.y:1229 +#, c-format +msgid "Alias \"%s\" already defined" +msgstr "L'àlies «%s» ja està definit" + +#: gram.y:1650 gram.y:1700 lib/eventlog/eventlog.c:260 +#: lib/eventlog/eventlog.c:733 lib/eventlog/eventlog.c:795 +#: lib/eventlog/eventlog.c:796 lib/eventlog/eventlog.c:1053 +#: lib/iolog/iolog_json.c:125 lib/iolog/iolog_json.c:329 +#: lib/iolog/iolog_json.c:360 lib/iolog/iolog_json.c:503 +#: lib/iolog/iolog_legacy.c:100 lib/iolog/iolog_legacy.c:111 +#: lib/iolog/iolog_legacy.c:123 lib/iolog/iolog_legacy.c:133 +#: lib/iolog/iolog_legacy.c:139 lib/iolog/iolog_loginfo.c:76 +#: lib/iolog/iolog_loginfo.c:210 logsrvd/logsrvd.c:1291 logsrvd/logsrvd.c:1304 +#: logsrvd/logsrvd.c:1349 logsrvd/sendlog.c:496 logsrvd/sendlog.c:1337 +#: logsrvd/sendlog.c:1344 logsrvd/sendlog.c:1762 plugins/sudoers/audit.c:115 +#: plugins/sudoers/audit.c:263 plugins/sudoers/auth/pam.c:502 +#: plugins/sudoers/auth/pam.c:689 plugins/sudoers/auth/rfc1938.c:111 +#: plugins/sudoers/check_aliases.c:95 plugins/sudoers/cvtsudoers.c:119 +#: plugins/sudoers/cvtsudoers.c:159 plugins/sudoers/cvtsudoers.c:176 +#: plugins/sudoers/cvtsudoers.c:187 plugins/sudoers/cvtsudoers.c:299 +#: plugins/sudoers/cvtsudoers.c:427 plugins/sudoers/cvtsudoers.c:560 +#: plugins/sudoers/cvtsudoers.c:577 plugins/sudoers/cvtsudoers.c:646 #: plugins/sudoers/cvtsudoers.c:761 plugins/sudoers/cvtsudoers.c:768 -#: plugins/sudoers/cvtsudoers.c:1179 plugins/sudoers/cvtsudoers.c:1183 -#: plugins/sudoers/cvtsudoers.c:1285 plugins/sudoers/cvtsudoers_ldif.c:153 -#: plugins/sudoers/cvtsudoers_ldif.c:196 plugins/sudoers/cvtsudoers_ldif.c:243 -#: plugins/sudoers/cvtsudoers_ldif.c:262 plugins/sudoers/cvtsudoers_ldif.c:333 -#: plugins/sudoers/cvtsudoers_ldif.c:388 plugins/sudoers/cvtsudoers_ldif.c:396 -#: plugins/sudoers/cvtsudoers_ldif.c:413 plugins/sudoers/cvtsudoers_ldif.c:422 -#: plugins/sudoers/cvtsudoers_ldif.c:569 plugins/sudoers/defaults.c:666 -#: plugins/sudoers/defaults.c:959 plugins/sudoers/defaults.c:1130 -#: plugins/sudoers/editor.c:72 plugins/sudoers/editor.c:90 -#: plugins/sudoers/editor.c:101 plugins/sudoers/env.c:268 -#: plugins/sudoers/filedigest.c:66 plugins/sudoers/filedigest.c:82 -#: plugins/sudoers/gc.c:59 plugins/sudoers/group_plugin.c:138 -#: plugins/sudoers/interfaces.c:78 plugins/sudoers/iolog.c:943 -#: plugins/sudoers/iolog_path.c:174 plugins/sudoers/iolog_util.c:86 -#: plugins/sudoers/iolog_util.c:125 plugins/sudoers/iolog_util.c:134 -#: plugins/sudoers/iolog_util.c:144 plugins/sudoers/iolog_util.c:152 -#: plugins/sudoers/iolog_util.c:156 plugins/sudoers/ldap.c:185 -#: plugins/sudoers/ldap.c:416 plugins/sudoers/ldap.c:420 -#: plugins/sudoers/ldap.c:432 plugins/sudoers/ldap.c:723 -#: plugins/sudoers/ldap.c:887 plugins/sudoers/ldap.c:1241 -#: plugins/sudoers/ldap.c:1668 plugins/sudoers/ldap.c:1705 -#: plugins/sudoers/ldap.c:1786 plugins/sudoers/ldap.c:1921 -#: plugins/sudoers/ldap.c:2022 plugins/sudoers/ldap.c:2038 -#: plugins/sudoers/ldap_conf.c:223 plugins/sudoers/ldap_conf.c:254 -#: plugins/sudoers/ldap_conf.c:306 plugins/sudoers/ldap_conf.c:342 -#: plugins/sudoers/ldap_conf.c:446 plugins/sudoers/ldap_conf.c:461 -#: plugins/sudoers/ldap_conf.c:558 plugins/sudoers/ldap_conf.c:591 -#: plugins/sudoers/ldap_conf.c:682 plugins/sudoers/ldap_conf.c:765 -#: plugins/sudoers/ldap_util.c:510 plugins/sudoers/ldap_util.c:567 -#: plugins/sudoers/linux_audit.c:83 plugins/sudoers/logging.c:202 -#: plugins/sudoers/logging.c:532 plugins/sudoers/logging.c:558 -#: plugins/sudoers/logging.c:598 plugins/sudoers/logging.c:1100 -#: plugins/sudoers/match_command.c:248 plugins/sudoers/match_command.c:366 -#: plugins/sudoers/match_command.c:413 plugins/sudoers/match_command.c:485 -#: plugins/sudoers/match_digest.c:70 plugins/sudoers/parse.c:199 -#: plugins/sudoers/parse.c:211 plugins/sudoers/parse.c:226 -#: plugins/sudoers/parse.c:238 plugins/sudoers/parse_ldif.c:155 -#: plugins/sudoers/parse_ldif.c:186 plugins/sudoers/parse_ldif.c:255 -#: plugins/sudoers/parse_ldif.c:262 plugins/sudoers/parse_ldif.c:267 -#: plugins/sudoers/parse_ldif.c:343 plugins/sudoers/parse_ldif.c:354 -#: plugins/sudoers/parse_ldif.c:360 plugins/sudoers/parse_ldif.c:385 -#: plugins/sudoers/parse_ldif.c:397 plugins/sudoers/parse_ldif.c:401 -#: plugins/sudoers/parse_ldif.c:415 plugins/sudoers/parse_ldif.c:584 -#: plugins/sudoers/parse_ldif.c:613 plugins/sudoers/parse_ldif.c:638 -#: plugins/sudoers/parse_ldif.c:696 plugins/sudoers/parse_ldif.c:713 -#: plugins/sudoers/parse_ldif.c:741 plugins/sudoers/parse_ldif.c:748 -#: plugins/sudoers/policy.c:134 plugins/sudoers/policy.c:143 -#: plugins/sudoers/policy.c:152 plugins/sudoers/policy.c:178 -#: plugins/sudoers/policy.c:305 plugins/sudoers/policy.c:320 -#: plugins/sudoers/policy.c:322 plugins/sudoers/policy.c:348 -#: plugins/sudoers/policy.c:358 plugins/sudoers/policy.c:402 -#: plugins/sudoers/policy.c:412 plugins/sudoers/policy.c:421 -#: plugins/sudoers/policy.c:430 plugins/sudoers/policy.c:504 -#: plugins/sudoers/policy.c:750 plugins/sudoers/prompt.c:100 -#: plugins/sudoers/pwutil.c:199 plugins/sudoers/pwutil.c:270 -#: plugins/sudoers/pwutil.c:348 plugins/sudoers/pwutil.c:522 -#: plugins/sudoers/pwutil.c:586 plugins/sudoers/pwutil.c:657 -#: plugins/sudoers/pwutil.c:816 plugins/sudoers/pwutil.c:873 -#: plugins/sudoers/pwutil.c:917 plugins/sudoers/pwutil.c:975 -#: plugins/sudoers/set_perms.c:396 plugins/sudoers/set_perms.c:775 -#: plugins/sudoers/set_perms.c:1165 plugins/sudoers/set_perms.c:1493 -#: plugins/sudoers/set_perms.c:1659 plugins/sudoers/sssd.c:153 -#: plugins/sudoers/sssd.c:400 plugins/sudoers/sssd.c:463 -#: plugins/sudoers/sssd.c:507 plugins/sudoers/sssd.c:554 -#: plugins/sudoers/sssd.c:746 plugins/sudoers/stubs.c:103 -#: plugins/sudoers/stubs.c:111 plugins/sudoers/sudoers.c:273 -#: plugins/sudoers/sudoers.c:283 plugins/sudoers/sudoers.c:292 -#: plugins/sudoers/sudoers.c:334 plugins/sudoers/sudoers.c:657 -#: plugins/sudoers/sudoers.c:786 plugins/sudoers/sudoers.c:830 -#: plugins/sudoers/sudoers.c:1124 plugins/sudoers/sudoers_debug.c:113 -#: plugins/sudoers/sudoreplay.c:584 plugins/sudoers/sudoreplay.c:587 -#: plugins/sudoers/sudoreplay.c:1265 plugins/sudoers/sudoreplay.c:1465 -#: plugins/sudoers/sudoreplay.c:1469 plugins/sudoers/testsudoers.c:136 -#: plugins/sudoers/testsudoers.c:236 plugins/sudoers/testsudoers.c:253 -#: plugins/sudoers/testsudoers.c:587 plugins/sudoers/timestamp.c:439 -#: plugins/sudoers/timestamp.c:483 plugins/sudoers/timestamp.c:960 -#: plugins/sudoers/toke_util.c:59 plugins/sudoers/toke_util.c:112 -#: plugins/sudoers/toke_util.c:149 plugins/sudoers/tsdump.c:130 -#: plugins/sudoers/visudo.c:152 plugins/sudoers/visudo.c:328 -#: plugins/sudoers/visudo.c:334 plugins/sudoers/visudo.c:444 -#: plugins/sudoers/visudo.c:622 plugins/sudoers/visudo.c:942 -#: plugins/sudoers/visudo.c:1029 plugins/sudoers/visudo.c:1118 toke.l:846 -#: toke.l:947 toke.l:1104 +#: plugins/sudoers/cvtsudoers.c:1183 plugins/sudoers/cvtsudoers.c:1187 +#: plugins/sudoers/cvtsudoers.c:1289 plugins/sudoers/cvtsudoers_json.c:75 +#: plugins/sudoers/cvtsudoers_ldif.c:150 plugins/sudoers/cvtsudoers_ldif.c:193 +#: plugins/sudoers/cvtsudoers_ldif.c:234 plugins/sudoers/cvtsudoers_ldif.c:299 +#: plugins/sudoers/cvtsudoers_ldif.c:370 plugins/sudoers/cvtsudoers_ldif.c:420 +#: plugins/sudoers/cvtsudoers_ldif.c:428 plugins/sudoers/cvtsudoers_ldif.c:439 +#: plugins/sudoers/cvtsudoers_ldif.c:446 plugins/sudoers/cvtsudoers_ldif.c:459 +#: plugins/sudoers/cvtsudoers_ldif.c:467 plugins/sudoers/cvtsudoers_ldif.c:614 +#: plugins/sudoers/defaults.c:638 plugins/sudoers/defaults.c:933 +#: plugins/sudoers/defaults.c:1108 plugins/sudoers/editor.c:181 +#: plugins/sudoers/env.c:262 plugins/sudoers/exptilde.c:92 +#: plugins/sudoers/filedigest.c:54 plugins/sudoers/filedigest.c:70 +#: plugins/sudoers/gc.c:57 plugins/sudoers/group_plugin.c:132 +#: plugins/sudoers/interfaces.c:72 plugins/sudoers/iolog.c:609 +#: plugins/sudoers/iolog.c:626 plugins/sudoers/ldap.c:184 +#: plugins/sudoers/ldap.c:422 plugins/sudoers/ldap.c:432 +#: plugins/sudoers/ldap.c:437 plugins/sudoers/ldap.c:441 +#: plugins/sudoers/ldap.c:453 plugins/sudoers/ldap.c:744 +#: plugins/sudoers/ldap.c:908 plugins/sudoers/ldap.c:1281 +#: plugins/sudoers/ldap.c:1709 plugins/sudoers/ldap.c:1746 +#: plugins/sudoers/ldap.c:1827 plugins/sudoers/ldap.c:1962 +#: plugins/sudoers/ldap.c:2063 plugins/sudoers/ldap.c:2079 +#: plugins/sudoers/ldap_conf.c:218 plugins/sudoers/ldap_conf.c:249 +#: plugins/sudoers/ldap_conf.c:301 plugins/sudoers/ldap_conf.c:337 +#: plugins/sudoers/ldap_conf.c:441 plugins/sudoers/ldap_conf.c:456 +#: plugins/sudoers/ldap_conf.c:553 plugins/sudoers/ldap_conf.c:586 +#: plugins/sudoers/ldap_conf.c:677 plugins/sudoers/ldap_conf.c:760 +#: plugins/sudoers/ldap_util.c:325 plugins/sudoers/ldap_util.c:332 +#: plugins/sudoers/ldap_util.c:648 plugins/sudoers/linux_audit.c:86 +#: plugins/sudoers/log_client.c:105 plugins/sudoers/log_client.c:214 +#: plugins/sudoers/log_client.c:235 plugins/sudoers/log_client.c:248 +#: plugins/sudoers/log_client.c:381 plugins/sudoers/log_client.c:686 +#: plugins/sudoers/log_client.c:704 plugins/sudoers/log_client.c:1413 +#: plugins/sudoers/log_client.c:1626 plugins/sudoers/log_client.c:1950 +#: plugins/sudoers/log_client.c:2007 plugins/sudoers/logging.c:100 +#: plugins/sudoers/logging.c:165 plugins/sudoers/logging.c:166 +#: plugins/sudoers/logging.c:425 plugins/sudoers/logging.c:445 +#: plugins/sudoers/logging.c:527 plugins/sudoers/match_command.c:285 +#: plugins/sudoers/match_command.c:483 plugins/sudoers/match_command.c:532 +#: plugins/sudoers/match_command.c:604 plugins/sudoers/match_command.c:649 +#: plugins/sudoers/match_digest.c:93 plugins/sudoers/parse.c:198 +#: plugins/sudoers/parse.c:215 plugins/sudoers/parse.c:235 +#: plugins/sudoers/parse.c:252 plugins/sudoers/parse.c:275 +#: plugins/sudoers/parse.c:286 plugins/sudoers/parse_ldif.c:152 +#: plugins/sudoers/parse_ldif.c:183 plugins/sudoers/parse_ldif.c:252 +#: plugins/sudoers/parse_ldif.c:259 plugins/sudoers/parse_ldif.c:264 +#: plugins/sudoers/parse_ldif.c:340 plugins/sudoers/parse_ldif.c:351 +#: plugins/sudoers/parse_ldif.c:378 plugins/sudoers/parse_ldif.c:395 +#: plugins/sudoers/parse_ldif.c:407 plugins/sudoers/parse_ldif.c:411 +#: plugins/sudoers/parse_ldif.c:425 plugins/sudoers/parse_ldif.c:483 +#: plugins/sudoers/parse_ldif.c:596 plugins/sudoers/parse_ldif.c:625 +#: plugins/sudoers/parse_ldif.c:650 plugins/sudoers/parse_ldif.c:708 +#: plugins/sudoers/parse_ldif.c:725 plugins/sudoers/parse_ldif.c:753 +#: plugins/sudoers/parse_ldif.c:760 plugins/sudoers/policy.c:149 +#: plugins/sudoers/policy.c:158 plugins/sudoers/policy.c:167 +#: plugins/sudoers/policy.c:193 plugins/sudoers/policy.c:324 +#: plugins/sudoers/policy.c:339 plugins/sudoers/policy.c:341 +#: plugins/sudoers/policy.c:371 plugins/sudoers/policy.c:380 +#: plugins/sudoers/policy.c:428 plugins/sudoers/policy.c:438 +#: plugins/sudoers/policy.c:447 plugins/sudoers/policy.c:456 +#: plugins/sudoers/policy.c:543 plugins/sudoers/policy.c:890 +#: plugins/sudoers/prompt.c:93 plugins/sudoers/pwutil.c:195 +#: plugins/sudoers/pwutil.c:266 plugins/sudoers/pwutil.c:344 +#: plugins/sudoers/pwutil.c:518 plugins/sudoers/pwutil.c:583 +#: plugins/sudoers/pwutil.c:655 plugins/sudoers/pwutil.c:854 +#: plugins/sudoers/pwutil.c:910 plugins/sudoers/pwutil.c:954 +#: plugins/sudoers/pwutil.c:1011 plugins/sudoers/set_perms.c:359 +#: plugins/sudoers/set_perms.c:698 plugins/sudoers/set_perms.c:1061 +#: plugins/sudoers/set_perms.c:1364 plugins/sudoers/set_perms.c:1529 +#: plugins/sudoers/sssd.c:144 plugins/sudoers/sssd.c:407 +#: plugins/sudoers/sssd.c:470 plugins/sudoers/sssd.c:514 +#: plugins/sudoers/sssd.c:561 plugins/sudoers/sssd.c:754 +#: plugins/sudoers/strvec_join.c:53 plugins/sudoers/stubs.c:111 +#: plugins/sudoers/stubs.c:119 plugins/sudoers/sudoers.c:299 +#: plugins/sudoers/sudoers.c:325 plugins/sudoers/sudoers.c:374 +#: plugins/sudoers/sudoers.c:384 plugins/sudoers/sudoers.c:425 +#: plugins/sudoers/sudoers.c:787 plugins/sudoers/sudoers.c:922 +#: plugins/sudoers/sudoers.c:975 plugins/sudoers/sudoers.c:1241 +#: plugins/sudoers/sudoreplay.c:552 plugins/sudoers/sudoreplay.c:555 +#: plugins/sudoers/sudoreplay.c:1259 plugins/sudoers/sudoreplay.c:1469 +#: plugins/sudoers/sudoreplay.c:1473 plugins/sudoers/testsudoers.c:128 +#: plugins/sudoers/testsudoers.c:225 plugins/sudoers/testsudoers.c:242 +#: plugins/sudoers/testsudoers.c:581 plugins/sudoers/timestamp.c:422 +#: plugins/sudoers/timestamp.c:466 plugins/sudoers/timestamp.c:967 +#: plugins/sudoers/timestamp.c:1105 plugins/sudoers/toke_util.c:77 +#: plugins/sudoers/toke_util.c:105 plugins/sudoers/toke_util.c:130 +#: plugins/sudoers/toke_util.c:154 plugins/sudoers/toke_util.c:193 +#: plugins/sudoers/tsdump.c:123 plugins/sudoers/visudo.c:143 +#: plugins/sudoers/visudo.c:321 plugins/sudoers/visudo.c:327 +#: plugins/sudoers/visudo.c:433 plugins/sudoers/visudo.c:609 +#: plugins/sudoers/visudo.c:926 plugins/sudoers/visudo.c:999 toke.l:928 +#: toke.l:1057 toke.l:1109 toke.l:1117 #, c-format msgid "%s: %s" msgstr "%s: %s" -#: plugins/sudoers/alias.c:151 +#: lib/eventlog/eventlog.c:265 lib/iolog/iolog_json.c:509 +#: lib/iolog/iolog_json.c:512 lib/iolog/iolog_json.c:514 +#: plugins/sudoers/cvtsudoers_ldif.c:244 plugins/sudoers/cvtsudoers_ldif.c:251 +#: plugins/sudoers/cvtsudoers_ldif.c:571 plugins/sudoers/env.c:326 +#: plugins/sudoers/env.c:333 plugins/sudoers/env.c:444 +#: plugins/sudoers/iolog.c:631 plugins/sudoers/ldap.c:517 +#: plugins/sudoers/ldap.c:748 plugins/sudoers/ldap.c:1081 +#: plugins/sudoers/ldap_conf.c:222 plugins/sudoers/ldap_conf.c:312 +#: plugins/sudoers/linux_audit.c:92 plugins/sudoers/policy.c:573 +#: plugins/sudoers/policy.c:728 plugins/sudoers/policy.c:738 +#: plugins/sudoers/prompt.c:161 plugins/sudoers/strvec_join.c:62 +#: plugins/sudoers/testsudoers.c:246 plugins/sudoers/toke_util.c:206 #, c-format -msgid "Alias \"%s\" already defined" -msgstr "L'àlies «%s» ja està definit" +msgid "internal error, %s overflow" +msgstr "error intern, desbordament de %s" + +#: lib/eventlog/eventlog.c:324 +#, c-format +msgid "unable to dup stdin: %m" +msgstr "no es pot duplicar l'entrada estàndard: %m" + +#: lib/eventlog/eventlog.c:366 +#, c-format +msgid "unable to execute %s: %m" +msgstr "no es pot executar %s: %m" -#: plugins/sudoers/auth/aix_auth.c:203 plugins/sudoers/logging.c:801 +#: lib/eventlog/eventlog.c:407 plugins/sudoers/auth/aix_auth.c:198 msgid "unable to fork" msgstr "no es pot bifurcar" -#: plugins/sudoers/auth/aix_auth.c:283 +#: lib/eventlog/eventlog.c:415 lib/eventlog/eventlog.c:469 +#, c-format +msgid "unable to fork: %m" +msgstr "no est pot bifurcar: %m" + +#: lib/eventlog/eventlog.c:459 +#, c-format +msgid "unable to open pipe: %m" +msgstr "no es pot obrir la canonada: %m" + +#: lib/eventlog/eventlog.c:882 +#, c-format +msgid "%8s : %s" +msgstr "%8s : %s" + +#: lib/eventlog/eventlog.c:911 +#, c-format +msgid "%8s : (command continued) %s" +msgstr "%8s : (ordre continuada) %s" + +#: lib/iolog/iolog_json.c:115 +#, c-format +msgid "expected JSON_STRING, got %d" +msgstr "s'esperava JSON_STRING, s'ha obtingut %d" + +#: lib/iolog/iolog_json.c:120 +msgid "JSON_ARRAY too large" +msgstr "JSON_ARRAY massa llarg" + +#: lib/iolog/iolog_json.c:352 +msgid "missing double quote in name" +msgstr "cometes doble faltant al nom" + +#: lib/iolog/iolog_json.c:449 +msgid "missing JSON_OBJECT" +msgstr "JSON_OBJECT faltant" + +#: lib/iolog/iolog_json.c:453 +#, c-format +msgid "expected JSON_OBJECT, got %d" +msgstr "s'esperava JSON_OBJECT, s'ha obtingut %d" + +#: lib/iolog/iolog_json.c:599 +#, c-format +msgid "json stack exhausted (max %u frames)" +msgstr "pila json exhaurida (max %u marcs)" + +#: lib/iolog/iolog_json.c:673 +msgid "objects must consist of name:value pairs" +msgstr "els objectes han de consistir de parelles nom:valor" + +#: lib/iolog/iolog_json.c:678 lib/iolog/iolog_json.c:709 +#: lib/iolog/iolog_json.c:753 lib/iolog/iolog_json.c:775 +#: lib/iolog/iolog_json.c:797 lib/iolog/iolog_json.c:819 +#: lib/iolog/iolog_json.c:841 +msgid "missing separator between values" +msgstr "separador faltant entre valors" + +#: lib/iolog/iolog_json.c:693 lib/iolog/iolog_json.c:867 +msgid "unmatched close brace" +msgstr "clau de tancament no concordant" + +#: lib/iolog/iolog_json.c:704 +msgid "unexpected array" +msgstr "matriu no esperada" + +#: lib/iolog/iolog_json.c:724 lib/iolog/iolog_json.c:870 +msgid "unmatched close bracket" +msgstr "parèntesi inesperat de tancament" + +#: lib/iolog/iolog_json.c:735 +msgid "unexpected string" +msgstr "cadena de caràcters inesperada" + +#: lib/iolog/iolog_json.c:746 +msgid "missing colon after name" +msgstr "dos punts inesperat" + +#: lib/iolog/iolog_json.c:767 lib/iolog/iolog_json.c:789 +msgid "unexpected boolean" +msgstr "booleà inesperat" + +#: lib/iolog/iolog_json.c:811 +msgid "unexpected null" +msgstr "null inesperat" + +#: lib/iolog/iolog_json.c:832 +msgid "unexpected number" +msgstr "nombre inesperat" + +#: lib/iolog/iolog_json.c:879 +msgid "parse error" +msgstr "error d'anàlisi" + +#: lib/iolog/iolog_legacy.c:65 +#, c-format +msgid "%s: invalid log file" +msgstr "%s: fitxer no vàlid de registre" + +#: lib/iolog/iolog_legacy.c:83 +#, c-format +msgid "%s: time stamp field is missing" +msgstr "%s: no hi ha el camp de marca horària " + +#: lib/iolog/iolog_legacy.c:89 +#, c-format +msgid "%s: time stamp %s: %s" +msgstr "%s: marca horària %s: %s" + +#: lib/iolog/iolog_legacy.c:96 +#, c-format +msgid "%s: user field is missing" +msgstr "%s: no hi ha el camp d'usuari runas" + +#: lib/iolog/iolog_legacy.c:107 +#, c-format +msgid "%s: runas user field is missing" +msgstr "%s: no hi ha el camp del grup runas" + +#: lib/iolog/iolog_legacy.c:118 +#, c-format +msgid "%s: runas group field is missing" +msgstr "%s: no es troba el camp del grup runas" + +#: lib/iolog/iolog_mkdirs.c:89 +#, c-format +msgid "%s exists but is not a directory (0%o)" +msgstr "%s existeix però no és un directori (0%o)" + +#: lib/iolog/iolog_mkdirs.c:119 lib/iolog/iolog_mkdtemp.c:72 +#: plugins/sudoers/timestamp.c:205 +#, c-format +msgid "unable to mkdir %s" +msgstr "no s'ha pogut mkdir %s" + +#: lib/iolog/iolog_mkdtemp.c:76 plugins/sudoers/visudo.c:726 +#: plugins/sudoers/visudo.c:737 +#, c-format +msgid "unable to change mode of %s to 0%o" +msgstr "no s'ha pogut canviar el mode de %s a 0%o" + +#: lib/iolog/iolog_timing.c:255 +#, c-format +msgid "error reading timing file: %s" +msgstr "error en llegir el fitxer de sincronització: %s" + +#: lib/iolog/iolog_timing.c:262 +#, c-format +msgid "invalid timing file line: %s" +msgstr "línia no vàlida de fitxer de sincronització: %s" + +#: logsrvd/iolog_writer.c:946 +msgid "log is already complete, cannot be restarted" +msgstr "el registre ja està complet, no es pot reinicar" + +#: logsrvd/iolog_writer.c:977 +msgid "unable to restart log" +msgstr "no s'ha pogut reiniciar el registre" + +#: logsrvd/logsrv_util.c:99 logsrvd/logsrv_util.c:106 +#: plugins/sudoers/sudoreplay.c:352 plugins/sudoers/sudoreplay.c:358 +#, c-format +msgid "unable to open %s/%s" +msgstr "no es pot obrir %s/%s" + +#: logsrvd/logsrv_util.c:133 +#, c-format +msgid "missing I/O log file %s/%s" +msgstr "fitxer faltant de registre I/O %s/%s" + +#: logsrvd/logsrv_util.c:140 +#, c-format +msgid "%s/%s: unable to seek forward %zu" +msgstr "%s/%s: no es pot cercar cap endavant %zu" + +#: logsrvd/logsrv_util.c:150 +#, c-format +msgid "unable to find resume point [%lld, %ld] in %s/%s" +msgstr "no es pot trobar el punt de represa [%lld, %ld] a %s/%s" + +#: logsrvd/logsrvd.c:294 logsrvd/logsrvd.c:357 logsrvd/logsrvd.c:398 +#: logsrvd/logsrvd.c:453 logsrvd/logsrvd.c:522 logsrvd/logsrvd.c:573 +#: logsrvd/logsrvd.c:605 logsrvd/logsrvd.c:637 +msgid "state machine error" +msgstr "error d'estat de màquina" + +#: logsrvd/logsrvd.c:303 +msgid "invalid AcceptMessage" +msgstr "AcceptMessage no vàlid" + +#: logsrvd/logsrvd.c:311 +msgid "error parsing AcceptMessage" +msgstr "error analitzant AcceptMessage" + +#: logsrvd/logsrvd.c:318 +msgid "error creating I/O log" +msgstr "error creant registre I/O" + +#: logsrvd/logsrvd.c:325 +msgid "error logging accept event" +msgstr "error registrant esdeveniment d'acceptació" + +#: logsrvd/logsrvd.c:366 +msgid "invalid RejectMessage" +msgstr "RejectMessage no vàlid" + +#: logsrvd/logsrvd.c:374 +msgid "error parsing RejectMessage" +msgstr "error analitzant RejectMessage" + +#: logsrvd/logsrvd.c:380 +msgid "error logging reject event" +msgstr "error registrant esdeveniment de rebuig" + +#: logsrvd/logsrvd.c:490 +msgid "invalid AlertMessage" +msgstr "AlertMessage no vàlid" + +#: logsrvd/logsrvd.c:499 +msgid "error parsing AlertMessage" +msgstr "error analitzant AlertMessage" + +#: logsrvd/logsrvd.c:507 +msgid "error logging alert event" +msgstr "error registrant esdeveniment d'alerta" + +#: logsrvd/logsrvd.c:528 logsrvd/logsrvd.c:579 logsrvd/logsrvd.c:611 +msgid "protocol error" +msgstr "error de protocol" + +#: logsrvd/logsrvd.c:538 +msgid "error writing IoBuffer" +msgstr "error escrivint IoBuffer" + +#: logsrvd/logsrvd.c:590 +msgid "error writing ChangeWindowSize" +msgstr "error escrivint ChangeWindowSize" + +#: logsrvd/logsrvd.c:622 +msgid "error writing CommandSuspend" +msgstr "error escrivint CommandSuspend" + +#: logsrvd/logsrvd.c:707 +msgid "unrecognized ClientMessage type" +msgstr "tipus ClientMessage no reconegut" + +#: logsrvd/logsrvd.c:978 +msgid "client message too large" +msgstr "missatge de client massa llarg" + +#: logsrvd/logsrvd.c:1208 logsrvd/logsrvd.c:1216 +#, c-format +msgid "unable to set TLS 1.2 ciphersuite to %s: %s" +msgstr "no s'ha pogut establir la ciphersuite TLS 1.2 a %s: %s" + +#: logsrvd/logsrvd.c:1236 logsrvd/logsrvd.c:1244 +#, c-format +msgid "unable to set TLS 1.3 ciphersuite to %s: %s" +msgstr "no s'ha pogut establir la ciphersuite TLS 1.3 a %s: %s" + +#: logsrvd/logsrvd.c:1280 +#, c-format +msgid "unable to get TLS server method: %s" +msgstr "no s'ha pogut obtenir el mètode de servidor TLS: %s" + +#: logsrvd/logsrvd.c:1285 +#, c-format +msgid "unable to create TLS context: %s" +msgstr "no s'ha pogut crear el context TLS: %s" + +#: logsrvd/logsrvd.c:1292 plugins/sudoers/log_client.c:236 +#, c-format +msgid "unable to load certificate %s" +msgstr "no s'ha pogut carregar el certificat %s" + +#: logsrvd/logsrvd.c:1305 plugins/sudoers/log_client.c:216 +#, c-format +msgid "unable to load certificate authority bundle %s" +msgstr "no s'ha pogut carregar el paquet d'autoritat de certificat %s" + +#: logsrvd/logsrvd.c:1350 plugins/sudoers/log_client.c:249 +#, c-format +msgid "unable to load private key %s" +msgstr "no s'ha pogut carregar la clau privada %s" + +#: logsrvd/logsrvd.c:1367 logsrvd/logsrvd.c:1376 +#, c-format +msgid "unable to set diffie-hellman parameters: %s" +msgstr "no es poden establir els paràmetres diffie-hellman: %s" + +#: logsrvd/logsrvd.c:1389 +#, c-format +msgid "unable to set minimum protocol version to TLS 1.2: %s" +msgstr "no es pot establir la versió de protocol mínim a TLS 1.2: %s" + +#: logsrvd/logsrvd.c:1574 +msgid "unable to get remote IP addr" +msgstr "no s'ha pogut obtenir l'adreça remota IP" + +#: logsrvd/logsrvd.c:1602 plugins/sudoers/log_client.c:263 +#, c-format +msgid "Unable to attach user data to the ssl object: %s" +msgstr "no es pot adjuntar les dades d'usuari a l'objecte ssl: %s" + +#: logsrvd/logsrvd.c:1610 logsrvd/logsrvd.c:1732 logsrvd/logsrvd.c:1834 +#: logsrvd/sendlog.c:1141 logsrvd/sendlog.c:1497 logsrvd/sendlog.c:1512 +#: logsrvd/sendlog.c:1570 plugins/sudoers/iolog.c:969 +#: plugins/sudoers/iolog.c:1102 plugins/sudoers/iolog.c:1200 +#: plugins/sudoers/log_client.c:109 plugins/sudoers/log_client.c:324 +#: plugins/sudoers/log_client.c:340 plugins/sudoers/log_client.c:386 +#: plugins/sudoers/log_client.c:585 plugins/sudoers/log_client.c:592 +#: plugins/sudoers/log_client.c:1109 plugins/sudoers/log_client.c:1382 +#: plugins/sudoers/log_client.c:1423 plugins/sudoers/log_client.c:1431 +#: plugins/sudoers/log_client.c:1582 plugins/sudoers/log_client.c:1698 +#: plugins/sudoers/log_client.c:2015 plugins/sudoers/log_client.c:2023 +#: plugins/sudoers/sudoreplay.c:512 plugins/sudoers/sudoreplay.c:559 +#: plugins/sudoers/sudoreplay.c:791 plugins/sudoers/sudoreplay.c:903 +#: plugins/sudoers/sudoreplay.c:993 plugins/sudoers/sudoreplay.c:1008 +#: plugins/sudoers/sudoreplay.c:1015 plugins/sudoers/sudoreplay.c:1022 +#: plugins/sudoers/sudoreplay.c:1029 plugins/sudoers/sudoreplay.c:1036 +#: plugins/sudoers/sudoreplay.c:1163 +msgid "unable to add event to queue" +msgstr "no s'ha pogut afegir l'esdeveniment a la cua" + +#: logsrvd/logsrvd.c:1786 logsrvd/logsrvd.c:2033 +msgid "unable setup listen socket" +msgstr "no s'ha pogut establir el sòcol d'escolta" + +#: logsrvd/logsrvd.c:1934 +msgid "sudo log server" +msgstr "servidor de registre sudo" + +#: logsrvd/logsrvd.c:1936 logsrvd/sendlog.c:127 +msgid "Options:" +msgstr "Opcions:" + +#: logsrvd/logsrvd.c:1938 +msgid "path to configuration file" +msgstr "camí al fitxer de configuració" + +#: logsrvd/logsrvd.c:1940 logsrvd/sendlog.c:129 +msgid "display help message and exit" +msgstr "mostra el missatge d'ajuda i surt" + +#: logsrvd/logsrvd.c:1942 +msgid "do not fork, run in the foreground" +msgstr "no bifurquis, executa en el rerefons" + +#: logsrvd/logsrvd.c:1944 +msgid "percent chance connections will drop" +msgstr "les connexions a l'atzar de percentatge es tallaran" + +#: logsrvd/logsrvd.c:1946 logsrvd/sendlog.c:157 +msgid "display version information and exit" +msgstr "mostra la informació de versió i surt" + +#: logsrvd/logsrvd.c:1994 logsrvd/sendlog.c:1735 +msgid "Protobuf-C version 1.3 or higher required" +msgstr "Protobuf-C versió 1.3 o més gran requerida" + +#: logsrvd/logsrvd.c:2012 +#, c-format +msgid "invalid random drop value: %s" +msgstr "valor perdut aleatori no vàlid: %s" + +#: logsrvd/logsrvd.c:2016 logsrvd/sendlog.c:1785 +#: plugins/sudoers/cvtsudoers.c:228 plugins/sudoers/sudoreplay.c:299 +#: plugins/sudoers/visudo.c:175 +#, c-format +msgid "%s version %s\n" +msgstr "%s versió %s\n" + +#: logsrvd/logsrvd_conf.c:332 +msgid "TLS not supported" +msgstr "no està suportat TLS" + +#: logsrvd/logsrvd_conf.c:344 +#, c-format +msgid "%s:%s" +msgstr "%s:%s" + +#: logsrvd/logsrvd_conf.c:411 logsrvd/logsrvd_conf.c:656 +#, c-format +msgid "%s: not a fully qualified path" +msgstr "%s: no és un camí completament qualificat" + +#: logsrvd/logsrvd_conf.c:770 +#, c-format +msgid "%s:%d unmatched '[': %s" +msgstr "%s:%d no concordat '[': %s" + +#: logsrvd/logsrvd_conf.c:781 +#, c-format +msgid "%s:%d invalid config section: %s" +msgstr "%s:%d secció no vàlida de configuració: %s" + +#: logsrvd/logsrvd_conf.c:789 +#, c-format +msgid "%s:%d invalid configuration line: %s" +msgstr "%s:%d línia no vàlida de configuració: %s" + +#: logsrvd/logsrvd_conf.c:795 +#, c-format +msgid "%s:%d expected section name: %s" +msgstr "%s:%d nom esperat de secció: %s" + +#: logsrvd/logsrvd_conf.c:809 +#, c-format +msgid "invalid value for %s: %s" +msgstr "valor no vàlid %s: %s" + +#: logsrvd/logsrvd_conf.c:817 +#, c-format +msgid "%s:%d unknown key: %s" +msgstr "%s:%d clau desconeguda: %s" + +#: logsrvd/logsrvd_conf.c:1006 +#, c-format +msgid "unknown syslog facility %s" +msgstr "sistema de syslog desconegut %s" + +#: logsrvd/logsrvd_conf.c:1010 logsrvd/logsrvd_conf.c:1014 +#: logsrvd/logsrvd_conf.c:1018 +#, c-format +msgid "unknown syslog priority %s" +msgstr "prioritat desconeguda de syslog %s" + +#: logsrvd/sendlog.c:125 +msgid "send sudo I/O log to remote server" +msgstr "envia el registre I/O de sudo al servidor remot" + +#: logsrvd/sendlog.c:131 +msgid "only send an accept event (no I/O)" +msgstr "envia sols un esdeveniment d'acceptació (no I/O)" + +#: logsrvd/sendlog.c:134 +msgid "certificate bundle file to verify server's cert against" +msgstr "fitxer del paquet del certificat per usar en la verificació del certificat del servidor " + +#: logsrvd/sendlog.c:136 +msgid "certificate file for TLS handshake" +msgstr "fitxer de certificat per l'encaixada TLS" + +#: logsrvd/sendlog.c:139 +msgid "host to send logs to" +msgstr "com enviar registres a" + +#: logsrvd/sendlog.c:141 +msgid "remote ID of I/O log to be resumed" +msgstr "es reprendrà el registre remot de l'I/O de l'ID" + +#: logsrvd/sendlog.c:144 +msgid "private key file" +msgstr "fitxer de la clau privada" + +#: logsrvd/sendlog.c:146 +msgid "do not verify server certificate" +msgstr "no verifiquis el certificat del servidor" + +#: logsrvd/sendlog.c:149 +msgid "port to use when connecting to host" +msgstr "port a usar a les connexions a l'amfitrió" + +#: logsrvd/sendlog.c:151 +msgid "restart previous I/O log transfer" +msgstr "reinicia la transferència pevia del registre I/O" + +#: logsrvd/sendlog.c:153 +msgid "reject the command with the given reason" +msgstr "rebutja l'ordre amb la raó següent" + +#: logsrvd/sendlog.c:155 +msgid "test audit server by sending selected I/O log n times in parallel" +msgstr "comprova del servidor d'auditoria enviant el registre I/O seleccionat n vegades en paral·lel" + +#: logsrvd/sendlog.c:180 plugins/sudoers/log_client.c:432 +#, c-format +msgid "unable to look up %s:%s: %s" +msgstr "no es pot cercar %s:%s: %s" + +#: logsrvd/sendlog.c:218 +msgid "unable to get server IP addr" +msgstr "no es pot obtenir l'adreça IP del servidor" + +#: logsrvd/sendlog.c:272 plugins/sudoers/sudoreplay.c:851 +#, c-format +msgid "unable to read %s/%s: %s" +msgstr "no es pot llegir %s/%s: %s" + +#: logsrvd/sendlog.c:293 plugins/sudoers/log_client.c:692 +#, c-format +msgid "client message too large: %zu" +msgstr "missatge de client massa llarg: %zu" + +#: logsrvd/sendlog.c:826 +#, c-format +msgid "%s: write buffer already in use" +msgstr "%s: memòria intermèdia d'escriptura ja en ús" + +#: logsrvd/sendlog.c:878 plugins/sudoers/iolog.c:893 +#: plugins/sudoers/iolog.c:962 +#, c-format +msgid "unexpected I/O event %d" +msgstr "esdeveniment I/O inesperat %d" + +#: logsrvd/sendlog.c:924 logsrvd/sendlog.c:941 logsrvd/sendlog.c:975 +#: plugins/sudoers/log_client.c:1124 plugins/sudoers/log_client.c:1392 +#: plugins/sudoers/log_client.c:1460 plugins/sudoers/log_client.c:1496 +#, c-format +msgid "%s: unexpected state %d" +msgstr "%s: estat inesperat %d" + +#: logsrvd/sendlog.c:947 plugins/sudoers/log_client.c:1466 +msgid "invalid ServerHello" +msgstr "ServerHello invàlid" + +#: logsrvd/sendlog.c:1011 plugins/sudoers/log_client.c:1540 +#, c-format +msgid "error message received from server: %s" +msgstr "s'ha rebut un missatge d'error del servidor: %s" + +#: logsrvd/sendlog.c:1024 plugins/sudoers/log_client.c:1553 +#, c-format +msgid "abort message received from server: %s" +msgstr "avorta el missatge rebut del servidor: %s" + +#: logsrvd/sendlog.c:1043 plugins/sudoers/log_client.c:1572 +msgid "unable to unpack ServerMessage" +msgstr "no es pot desempaquetar ServerMessage" + +#: logsrvd/sendlog.c:1083 plugins/sudoers/log_client.c:1603 +#, c-format +msgid "%s: unexpected type_case value %d" +msgstr "%s: valor inesperat de type_case %d" + +#: logsrvd/sendlog.c:1112 +msgid "timeout reading from server" +msgstr "temps d'espera exhaurit quan es llegia del servidor" + +#: logsrvd/sendlog.c:1190 +msgid "premature EOF" +msgstr "final de fitxer prematur" + +#: logsrvd/sendlog.c:1203 plugins/sudoers/log_client.c:1761 +#, c-format +msgid "server message too large: %u" +msgstr "missatge del servidor massa llarg: %u" + +#: logsrvd/sendlog.c:1254 +msgid "timeout writing to server" +msgstr "temps d'espera exhaurit quan s'escrivia al servidor" + +#: logsrvd/sendlog.c:1473 plugins/sudoers/log_client.c:296 +msgid "TLS handshake timeout occurred" +msgstr "ha ocorregut un temps d'espera exhaurit a l'encaixada TLS" + +#: logsrvd/sendlog.c:1492 logsrvd/sendlog.c:1507 +#: plugins/sudoers/log_client.c:318 plugins/sudoers/log_client.c:334 +msgid "unable to set event" +msgstr "no es pot establir l'esdeveniment" + +#: logsrvd/sendlog.c:1517 logsrvd/sendlog.c:1521 +#, c-format +msgid "TLS connection failed: %s" +msgstr "ha fallat la connexió TLS: %s" + +#: logsrvd/sendlog.c:1554 +#, c-format +msgid "Unable to initialize ssl context: %s" +msgstr "No es pot inicialitzar el context ssl: %s" + +#: logsrvd/sendlog.c:1559 plugins/sudoers/log_client.c:258 +#, c-format +msgid "Unable to allocate ssl object: %s" +msgstr "No es pot assignar l'objecte ssl: %s" + +#: logsrvd/sendlog.c:1564 +#, c-format +msgid "Unable to attach socket to the ssl object: %s" +msgstr "No es pot adjuntar el sòcol a l'objecte ssl: %s" + +#: logsrvd/sendlog.c:1808 +msgid "both restart point and iolog ID must be specified" +msgstr "s'ha d'especificar tant el punt de reinici com l'ID del iolog" + +#: logsrvd/sendlog.c:1812 +msgid "a restart point may not be set when no I/O is sent" +msgstr "no es pot establir un punt de reinici quan no s'envia cap I/O" + +#: logsrvd/sendlog.c:1887 +#, c-format +msgid "exited prematurely with state %d" +msgstr "ha sortit prematurament amb estat %d" + +#: logsrvd/sendlog.c:1888 +#, c-format +msgid "elapsed time sent to server [%lld, %ld]" +msgstr "s'ha enviat el temps transcorregut al servidor [%lld, %ld]" + +#: logsrvd/sendlog.c:1890 +#, c-format +msgid "commit point received from server [%lld, %ld]" +msgstr "punt de compromís rebut del servidor [%lld, %ld]" + +#: plugins/sudoers/audit.c:259 plugins/sudoers/audit.c:398 +#: plugins/sudoers/log_client.c:960 plugins/sudoers/log_client.c:1008 +#: plugins/sudoers/log_client.c:1056 plugins/sudoers/log_client.c:1181 +#: plugins/sudoers/logging.c:548 plugins/sudoers/policy.c:120 +msgid "unable to get time of day" +msgstr "no es pot obtenir l'hora" + +#: plugins/sudoers/auth/aix_auth.c:277 #, c-format msgid "unable to change password for %s" msgstr "no s'ha pogut canviar la contrasenya per a %s" -#: plugins/sudoers/auth/bsdauth.c:75 +#: plugins/sudoers/auth/bsdauth.c:70 #, c-format msgid "unable to get login class for user %s" msgstr "no s'ha pogut obtenir la classe d'inici de sessió per a l'usuari %s" -#: plugins/sudoers/auth/bsdauth.c:80 +#: plugins/sudoers/auth/bsdauth.c:75 msgid "unable to begin bsd authentication" msgstr "no s'ha pogut iniciar l'autenticació bsd" -#: plugins/sudoers/auth/bsdauth.c:88 +#: plugins/sudoers/auth/bsdauth.c:83 msgid "invalid authentication type" msgstr "tipus no vàlida d'autenticació" -#: plugins/sudoers/auth/bsdauth.c:97 +#: plugins/sudoers/auth/bsdauth.c:92 msgid "unable to initialize BSD authentication" msgstr "no s'ha pogut inicialitzar l'autenticació BSD" -#: plugins/sudoers/auth/bsdauth.c:185 +#: plugins/sudoers/auth/bsdauth.c:179 msgid "your account has expired" msgstr "el vostre compte ha caducat" -#: plugins/sudoers/auth/bsdauth.c:187 +#: plugins/sudoers/auth/bsdauth.c:181 msgid "approval failed" msgstr "ha fallat l'aprovació" -#: plugins/sudoers/auth/fwtk.c:59 +#: plugins/sudoers/auth/fwtk.c:54 msgid "unable to read fwtk config" msgstr "no s'ha pogut llegir la configuració fwtk" -#: plugins/sudoers/auth/fwtk.c:64 +#: plugins/sudoers/auth/fwtk.c:59 msgid "unable to connect to authentication server" msgstr "no s'ha pogut connectar al servidor d'autenticació" -#: plugins/sudoers/auth/fwtk.c:70 plugins/sudoers/auth/fwtk.c:94 -#: plugins/sudoers/auth/fwtk.c:126 +#: plugins/sudoers/auth/fwtk.c:65 plugins/sudoers/auth/fwtk.c:89 +#: plugins/sudoers/auth/fwtk.c:121 msgid "lost connection to authentication server" msgstr "s'ha perdut la connexió al servidor d'autenticació" -#: plugins/sudoers/auth/fwtk.c:74 +#: plugins/sudoers/auth/fwtk.c:69 #, c-format msgid "" "authentication server error:\n" @@ -314,161 +1005,181 @@ "error de servidor d'autenticació:\n" "%s" -#: plugins/sudoers/auth/kerb5.c:115 +#: plugins/sudoers/auth/kerb5.c:110 #, c-format msgid "%s: unable to convert principal to string ('%s'): %s" msgstr "%s: no s'ha pogut convertir el principal a la cadena de caràcters ('%s'): %s" -#: plugins/sudoers/auth/kerb5.c:165 +#: plugins/sudoers/auth/kerb5.c:160 #, c-format msgid "%s: unable to parse '%s': %s" msgstr "%s: no s'ha pogut analitzar '%s': %s" -#: plugins/sudoers/auth/kerb5.c:174 +#: plugins/sudoers/auth/kerb5.c:169 #, c-format msgid "%s: unable to resolve credential cache: %s" msgstr "%s: no s'ha pogut resoldre el cau de credencials : %s" -#: plugins/sudoers/auth/kerb5.c:221 +#: plugins/sudoers/auth/kerb5.c:216 #, c-format msgid "%s: unable to allocate options: %s" msgstr "%s: no s'han pogut assignar les opcions: %s" -#: plugins/sudoers/auth/kerb5.c:236 +#: plugins/sudoers/auth/kerb5.c:231 #, c-format msgid "%s: unable to get credentials: %s" msgstr "%s: no s'ha pogut obtenir les credencials: %s" -#: plugins/sudoers/auth/kerb5.c:249 +#: plugins/sudoers/auth/kerb5.c:244 #, c-format msgid "%s: unable to initialize credential cache: %s" msgstr "%s: no s'ha pogut inicialitzar el cau de credencials: %s" -#: plugins/sudoers/auth/kerb5.c:252 +#: plugins/sudoers/auth/kerb5.c:247 #, c-format msgid "%s: unable to store credential in cache: %s" msgstr "%s: no s'ha pogut emmagatzemar la credencial al cau: %s" -#: plugins/sudoers/auth/kerb5.c:316 +#: plugins/sudoers/auth/kerb5.c:311 #, c-format msgid "%s: unable to get host principal: %s" msgstr "%s: no s'ha pogut obtenir el principal de l'amfitrió: %s" -#: plugins/sudoers/auth/kerb5.c:330 +#: plugins/sudoers/auth/kerb5.c:325 #, c-format msgid "%s: Cannot verify TGT! Possible attack!: %s" msgstr "%s: No s'ha pogut verificar TGT! Possible atac!: %s" -#: plugins/sudoers/auth/pam.c:223 +#: plugins/sudoers/auth/pam.c:218 #, c-format msgid "unable to initialize PAM: %s" msgstr "no s'ha pogut inicialitzar PAM: %s" -#: plugins/sudoers/auth/pam.c:319 +#: plugins/sudoers/auth/pam.c:337 #, c-format msgid "PAM authentication error: %s" msgstr "Error d'autenticació PAM: %s" -#: plugins/sudoers/auth/pam.c:338 +#: plugins/sudoers/auth/pam.c:356 msgid "account validation failure, is your account locked?" msgstr "fallada de validació de compte, està bloquejat el vostre compte?" -#: plugins/sudoers/auth/pam.c:349 +#: plugins/sudoers/auth/pam.c:367 msgid "Account or password is expired, reset your password and try again" msgstr "Ha expirat el compte o la contrasenya, restabliu la vostra contrasenya i proveu un altre cop" -#: plugins/sudoers/auth/pam.c:355 +#: plugins/sudoers/auth/pam.c:373 #, c-format msgid "unable to change expired password: %s" msgstr "no s'ha pogut canviar la contrasenya expirada: %s" -#: plugins/sudoers/auth/pam.c:366 +#: plugins/sudoers/auth/pam.c:384 msgid "Password expired, contact your system administrator" msgstr "Ha expirat la contrasenya, contacteu el vostre administrador de sistema" -#: plugins/sudoers/auth/pam.c:371 +#: plugins/sudoers/auth/pam.c:389 msgid "Account expired or PAM config lacks an \"account\" section for sudo, contact your system administrator" msgstr "Ha expirat el compte o la configuració PAM no té una secció \"compte\" per a sudo, contacteu el vostre administrador de sistema" -#: plugins/sudoers/auth/pam.c:379 plugins/sudoers/auth/pam.c:384 +#: plugins/sudoers/auth/pam.c:397 plugins/sudoers/auth/pam.c:402 #, c-format msgid "PAM account management error: %s" msgstr "Error de gestió de compte PAM: %s" -#: plugins/sudoers/auth/rfc1938.c:104 plugins/sudoers/visudo.c:248 +#: plugins/sudoers/auth/rfc1938.c:99 plugins/sudoers/visudo.c:241 #, c-format msgid "you do not exist in the %s database" msgstr "no existiu a la base de dades %s" -#: plugins/sudoers/auth/securid5.c:77 +#: plugins/sudoers/auth/securid5.c:72 msgid "failed to initialise the ACE API library" msgstr "ha fallat la inicialització de la biblioteca ACE API" -#: plugins/sudoers/auth/securid5.c:103 +#: plugins/sudoers/auth/securid5.c:98 msgid "unable to contact the SecurID server" msgstr "no s'ha pogut contactar el servidor SecurID" -#: plugins/sudoers/auth/securid5.c:112 +#: plugins/sudoers/auth/securid5.c:107 msgid "User ID locked for SecurID Authentication" msgstr "L'ID de l'usuari esta bloquejat per a Autenticació SecurID" -#: plugins/sudoers/auth/securid5.c:116 plugins/sudoers/auth/securid5.c:167 +#: plugins/sudoers/auth/securid5.c:111 plugins/sudoers/auth/securid5.c:162 msgid "invalid username length for SecurID" msgstr "nom d'usuari no vàlid per a SecurID" -#: plugins/sudoers/auth/securid5.c:120 plugins/sudoers/auth/securid5.c:172 +#: plugins/sudoers/auth/securid5.c:115 plugins/sudoers/auth/securid5.c:167 msgid "invalid Authentication Handle for SecurID" msgstr "Mànec d'Autenticació no vàlid per a SecurID" -#: plugins/sudoers/auth/securid5.c:124 +#: plugins/sudoers/auth/securid5.c:119 msgid "SecurID communication failed" msgstr "Ha fallat la comunicació SecurID" -#: plugins/sudoers/auth/securid5.c:128 plugins/sudoers/auth/securid5.c:217 +#: plugins/sudoers/auth/securid5.c:123 plugins/sudoers/auth/securid5.c:210 msgid "unknown SecurID error" msgstr "error desconegut de SecurID" -#: plugins/sudoers/auth/securid5.c:162 +#: plugins/sudoers/auth/securid5.c:157 msgid "invalid passcode length for SecurID" msgstr "longitud no vàlida de contrasenya per a SecurID" -#: plugins/sudoers/auth/sia.c:74 plugins/sudoers/auth/sia.c:129 +#: plugins/sudoers/auth/sia.c:69 plugins/sudoers/auth/sia.c:123 msgid "unable to initialize SIA session" msgstr "no s'ha pogut inicialitzar la sessió SIA" -#: plugins/sudoers/auth/sudo_auth.c:138 +#: plugins/sudoers/auth/sudo_auth.c:132 msgid "invalid authentication methods" msgstr "mètodes no vàlids d'autenticació" -#: plugins/sudoers/auth/sudo_auth.c:140 +#: plugins/sudoers/auth/sudo_auth.c:134 msgid "Invalid authentication methods compiled into sudo! You may not mix standalone and non-standalone authentication." msgstr "Mètodes no vàlids d'autenticació compilats dins del sudo! No podeu barrejar l'autenticació independent i no independent." -#: plugins/sudoers/auth/sudo_auth.c:261 plugins/sudoers/auth/sudo_auth.c:311 +#: plugins/sudoers/auth/sudo_auth.c:255 plugins/sudoers/auth/sudo_auth.c:305 msgid "no authentication methods" msgstr "no hi ha mètodes d'autenticació" -#: plugins/sudoers/auth/sudo_auth.c:263 +#: plugins/sudoers/auth/sudo_auth.c:257 msgid "There are no authentication methods compiled into sudo! If you want to turn off authentication, use the --disable-authentication configure option." msgstr "No hi ha mètodes d'autenticació compilats dins del sudo! Si voleu deshabilitar l'autenticació, useu l'opció de configuració --disable-authentication" -#: plugins/sudoers/auth/sudo_auth.c:313 +#: plugins/sudoers/auth/sudo_auth.c:307 msgid "Unable to initialize authentication methods." msgstr "No s'han pogut inicialitzar els mètodes d'autenticació." -#: plugins/sudoers/auth/sudo_auth.c:479 +#: plugins/sudoers/auth/sudo_auth.c:471 msgid "Authentication methods:" msgstr "Mètodes d'autenticació:" -#: plugins/sudoers/bsm_audit.c:125 plugins/sudoers/bsm_audit.c:217 +#: plugins/sudoers/bsm_audit.c:123 plugins/sudoers/bsm_audit.c:214 msgid "Could not determine audit condition" msgstr "No s'ha pogut determinar la condició d'auditoria" -#: plugins/sudoers/bsm_audit.c:190 plugins/sudoers/bsm_audit.c:281 +#: plugins/sudoers/bsm_audit.c:188 plugins/sudoers/bsm_audit.c:277 msgid "unable to commit audit record" msgstr "no s'ha pogut validar el registre d'auditoria" -#: plugins/sudoers/check.c:269 +#: plugins/sudoers/check.c:264 +#, c-format +msgid "error reading lecture file %s" +msgstr "s'ha produït un error quan es llegia el fitxer de lliçó %s" + +#: plugins/sudoers/check.c:270 +#, c-format +msgid "ignoring lecture file %s: not a regular file" +msgstr "s'ignorarà el fitxer de lecció %s: no és un fitxer regular" + +#: plugins/sudoers/check.c:274 plugins/sudoers/cvtsudoers.c:618 +#: plugins/sudoers/cvtsudoers.c:639 plugins/sudoers/cvtsudoers.c:1249 +#: plugins/sudoers/cvtsudoers_json.c:872 plugins/sudoers/cvtsudoers_ldif.c:688 +#: plugins/sudoers/sudoers.c:1028 plugins/sudoers/sudoreplay.c:1435 +#: plugins/sudoers/timestamp.c:431 plugins/sudoers/tsdump.c:128 +#: plugins/sudoers/visudo.c:913 +#, c-format +msgid "unable to open %s" +msgstr "no s'ha pogut obrir %s" + +#: plugins/sudoers/check.c:283 msgid "" "\n" "We trust you have received the usual lecture from the local System\n" @@ -488,126 +1199,129 @@ " #3) Tenir molt de poder està associat amb tenir molta responsabilitat.\n" "\n" -#: plugins/sudoers/check.c:312 plugins/sudoers/check.c:322 -#: plugins/sudoers/sudoers.c:700 plugins/sudoers/sudoers.c:748 -#: plugins/sudoers/tsdump.c:126 +#: plugins/sudoers/check.c:325 plugins/sudoers/check.c:335 +#: plugins/sudoers/sudoers.c:830 plugins/sudoers/sudoers.c:851 +#: plugins/sudoers/tsdump.c:119 #, c-format msgid "unknown uid: %u" msgstr "uid desconegut: %u" -#: plugins/sudoers/check.c:317 plugins/sudoers/iolog.c:255 -#: plugins/sudoers/policy.c:921 plugins/sudoers/sudoers.c:1163 -#: plugins/sudoers/testsudoers.c:227 plugins/sudoers/testsudoers.c:400 +#: plugins/sudoers/check.c:330 plugins/sudoers/exptilde.c:85 +#: plugins/sudoers/iolog.c:118 plugins/sudoers/policy.c:1123 +#: plugins/sudoers/sudoers.c:432 plugins/sudoers/sudoers.c:1283 +#: plugins/sudoers/testsudoers.c:216 plugins/sudoers/testsudoers.c:383 #, c-format msgid "unknown user: %s" msgstr "usuari desconegut: %s" -#: plugins/sudoers/cvtsudoers.c:199 +#: plugins/sudoers/check_aliases.c:56 +#, c-format +msgid "Error: %s:%d:%d: cycle in %s \"%s\"" +msgstr "Error: %s:%d:%d: cicle a %s \"%s\"" + +#: plugins/sudoers/check_aliases.c:57 +#, c-format +msgid "Warning: %s:%d:%d: cycle in %s \"%s\"" +msgstr "Advertiment: %s:%d:%d: cicle a %s \"%s\"" + +#: plugins/sudoers/check_aliases.c:61 +#, c-format +msgid "Error: %s:%d:%d: %s \"%s\" referenced but not defined" +msgstr "Error: %s:%d:%d: %s «%s» referenciat però no definit" + +#: plugins/sudoers/check_aliases.c:62 +#, c-format +msgid "Warning: %s:%d:%d: %s \"%s\" referenced but not defined" +msgstr "Advertiment: %s:%d:%d: %s «%s» referenciat però no definit" + +#: plugins/sudoers/cvtsudoers.c:194 #, c-format msgid "order increment: %s: %s" msgstr "increment d'ordre: %s: %s" -#: plugins/sudoers/cvtsudoers.c:215 +#: plugins/sudoers/cvtsudoers.c:210 #, c-format msgid "starting order: %s: %s" msgstr "ordre d'inici: %s: %s" -#: plugins/sudoers/cvtsudoers.c:225 +#: plugins/sudoers/cvtsudoers.c:220 #, c-format msgid "order padding: %s: %s" msgstr "ordre de farciment: %s: %s" -#: plugins/sudoers/cvtsudoers.c:233 plugins/sudoers/sudoreplay.c:289 -#: plugins/sudoers/visudo.c:184 -#, c-format -msgid "%s version %s\n" -msgstr "%s versió %s\n" - -#: plugins/sudoers/cvtsudoers.c:235 plugins/sudoers/visudo.c:186 +#: plugins/sudoers/cvtsudoers.c:230 plugins/sudoers/visudo.c:177 #, c-format msgid "%s grammar version %d\n" msgstr "%s versió de la gramàtica %d\n" -#: plugins/sudoers/cvtsudoers.c:252 plugins/sudoers/testsudoers.c:175 +#: plugins/sudoers/cvtsudoers.c:247 plugins/sudoers/testsudoers.c:167 #, c-format msgid "unsupported input format %s" msgstr "format d'entrada %s no suportat" -#: plugins/sudoers/cvtsudoers.c:267 +#: plugins/sudoers/cvtsudoers.c:262 #, c-format msgid "unsupported output format %s" msgstr "format de sortida %s no suportat" -#: plugins/sudoers/cvtsudoers.c:319 +#: plugins/sudoers/cvtsudoers.c:314 #, c-format msgid "%s: input and output files must be different" msgstr "%s: els fitxers d'entrada i de sortida han de ser diferents" -#: plugins/sudoers/cvtsudoers.c:335 plugins/sudoers/sudoers.c:176 -#: plugins/sudoers/testsudoers.c:266 plugins/sudoers/visudo.c:254 -#: plugins/sudoers/visudo.c:610 plugins/sudoers/visudo.c:933 +#: plugins/sudoers/cvtsudoers.c:330 plugins/sudoers/sudoers.c:177 +#: plugins/sudoers/testsudoers.c:255 plugins/sudoers/visudo.c:247 +#: plugins/sudoers/visudo.c:597 plugins/sudoers/visudo.c:917 msgid "unable to initialize sudoers default values" msgstr "no s'han pogut inicialitzar el valors predeterminats dels sudoers" -#: plugins/sudoers/cvtsudoers.c:421 plugins/sudoers/ldap_conf.c:436 +#: plugins/sudoers/cvtsudoers.c:416 plugins/sudoers/ldap_conf.c:431 #, c-format msgid "%s: %s: %s: %s" msgstr "%s: %s: %s: %s" -#: plugins/sudoers/cvtsudoers.c:480 +#: plugins/sudoers/cvtsudoers.c:475 #, c-format msgid "%s: unknown key word: %s" msgstr "%s: paraula clau desconeguda: %s" -#: plugins/sudoers/cvtsudoers.c:526 +#: plugins/sudoers/cvtsudoers.c:521 #, c-format msgid "invalid defaults type: %s" msgstr "tipus no vàlid de valors predeterminats: %s" -#: plugins/sudoers/cvtsudoers.c:549 +#: plugins/sudoers/cvtsudoers.c:544 #, c-format msgid "invalid suppression type: %s" msgstr "opció no vàlida de supressió: %s" -#: plugins/sudoers/cvtsudoers.c:589 plugins/sudoers/cvtsudoers.c:603 +#: plugins/sudoers/cvtsudoers.c:584 plugins/sudoers/cvtsudoers.c:598 #, c-format msgid "invalid filter: %s" msgstr "filtre no vàlid: %s" -#: plugins/sudoers/cvtsudoers.c:622 plugins/sudoers/cvtsudoers.c:639 -#: plugins/sudoers/cvtsudoers.c:1245 plugins/sudoers/cvtsudoers_json.c:1130 -#: plugins/sudoers/cvtsudoers_ldif.c:643 plugins/sudoers/iolog.c:413 -#: plugins/sudoers/iolog_util.c:75 plugins/sudoers/sudoers.c:914 -#: plugins/sudoers/sudoreplay.c:338 plugins/sudoers/sudoreplay.c:1431 -#: plugins/sudoers/timestamp.c:448 plugins/sudoers/tsdump.c:135 -#: plugins/sudoers/visudo.c:929 -#, c-format -msgid "unable to open %s" -msgstr "no s'ha pogut obrir %s" - -#: plugins/sudoers/cvtsudoers.c:642 plugins/sudoers/visudo.c:938 +#: plugins/sudoers/cvtsudoers.c:642 plugins/sudoers/visudo.c:922 #, c-format msgid "failed to parse %s file, unknown error" msgstr "no s'ha pogut analitzar el fitxer %s, error desconegut" -#: plugins/sudoers/cvtsudoers.c:650 plugins/sudoers/visudo.c:955 +#: plugins/sudoers/cvtsudoers.c:650 #, c-format msgid "parse error in %s near line %d\n" msgstr "error d'anàlisi a %s a prop de la línia %d\n" -#: plugins/sudoers/cvtsudoers.c:653 plugins/sudoers/visudo.c:958 +#: plugins/sudoers/cvtsudoers.c:653 #, c-format msgid "parse error in %s\n" msgstr "error d'anàlisi a %s\n" -#: plugins/sudoers/cvtsudoers.c:1292 plugins/sudoers/iolog.c:500 -#: plugins/sudoers/sudoreplay.c:1135 plugins/sudoers/timestamp.c:332 -#: plugins/sudoers/timestamp.c:335 +#: plugins/sudoers/cvtsudoers.c:1296 plugins/sudoers/sudoreplay.c:1124 +#: plugins/sudoers/timestamp.c:315 plugins/sudoers/timestamp.c:318 #, c-format msgid "unable to write to %s" msgstr "no s'ha pogut escriure a %s" -#: plugins/sudoers/cvtsudoers.c:1315 +#: plugins/sudoers/cvtsudoers.c:1319 #, c-format msgid "" "%s - convert between sudoers file formats\n" @@ -616,7 +1330,7 @@ "%s - converteix entre formats de fitxer de sudoers\n" "\n" -#: plugins/sudoers/cvtsudoers.c:1317 +#: plugins/sudoers/cvtsudoers.c:1321 msgid "" "\n" "Options:\n" @@ -656,904 +1370,947 @@ " -s, --suppress=sections suprimeix la sortida de certes seccions\n" " -V, --version mostra la informació de versió i surt" -#: plugins/sudoers/cvtsudoers_json.c:684 plugins/sudoers/cvtsudoers_json.c:720 -#: plugins/sudoers/cvtsudoers_json.c:938 +#: plugins/sudoers/cvtsudoers_json.c:480 plugins/sudoers/cvtsudoers_json.c:514 +#: plugins/sudoers/cvtsudoers_json.c:713 #, c-format msgid "unknown defaults entry \"%s\"" msgstr "entrada «%s» desconeguda de paràmetres predeterminats" -#: plugins/sudoers/cvtsudoers_json.c:858 plugins/sudoers/cvtsudoers_json.c:873 -#: plugins/sudoers/cvtsudoers_ldif.c:308 plugins/sudoers/cvtsudoers_ldif.c:319 -#: plugins/sudoers/ldap.c:482 +#: plugins/sudoers/cvtsudoers_json.c:651 plugins/sudoers/cvtsudoers_json.c:664 +#: plugins/sudoers/cvtsudoers_ldif.c:346 plugins/sudoers/cvtsudoers_ldif.c:357 +#: plugins/sudoers/ldap.c:503 msgid "unable to get GMT time" msgstr "no s'ha pogut obtenir l'hora GMT" -#: plugins/sudoers/cvtsudoers_json.c:861 plugins/sudoers/cvtsudoers_json.c:876 -#: plugins/sudoers/cvtsudoers_ldif.c:311 plugins/sudoers/cvtsudoers_ldif.c:322 -#: plugins/sudoers/ldap.c:488 +#: plugins/sudoers/cvtsudoers_json.c:654 plugins/sudoers/cvtsudoers_json.c:667 +#: plugins/sudoers/cvtsudoers_ldif.c:349 plugins/sudoers/cvtsudoers_ldif.c:360 +#: plugins/sudoers/ldap.c:509 msgid "unable to format timestamp" msgstr "no s'ha pogut donar format a la marca horària" -#: plugins/sudoers/cvtsudoers_ldif.c:526 plugins/sudoers/env.c:330 -#: plugins/sudoers/env.c:337 plugins/sudoers/env.c:442 -#: plugins/sudoers/ldap.c:496 plugins/sudoers/ldap.c:727 -#: plugins/sudoers/ldap.c:1060 plugins/sudoers/ldap_conf.c:227 -#: plugins/sudoers/ldap_conf.c:317 plugins/sudoers/linux_audit.c:89 -#: plugins/sudoers/logging.c:1105 plugins/sudoers/policy.c:625 -#: plugins/sudoers/policy.c:635 plugins/sudoers/prompt.c:168 -#: plugins/sudoers/sudoers.c:852 plugins/sudoers/testsudoers.c:257 -#: plugins/sudoers/toke_util.c:161 -#, c-format -msgid "internal error, %s overflow" -msgstr "error intern, desbordament de %s" - -#: plugins/sudoers/cvtsudoers_ldif.c:595 +#: plugins/sudoers/cvtsudoers_ldif.c:640 #, c-format msgid "too many sudoers entries, maximum %u" msgstr "massa entrades sudoers, el màxim és %u" -#: plugins/sudoers/cvtsudoers_ldif.c:638 +#: plugins/sudoers/cvtsudoers_ldif.c:683 msgid "the SUDOERS_BASE environment variable is not set and the -b option was not specified." msgstr "la variable d'entorn SUDOERS_BASE no està establerta i no s'ha especificat l'opció -b" -#: plugins/sudoers/def_data.c:42 +#: plugins/sudoers/def_data.c:50 #, c-format msgid "Syslog facility if syslog is being used for logging: %s" msgstr "Eina syslog si s'està usant syslog per als registres: %s" -#: plugins/sudoers/def_data.c:46 +#: plugins/sudoers/def_data.c:54 #, c-format msgid "Syslog priority to use when user authenticates successfully: %s" msgstr "Prioritat de syslog a usar quan l'usuari s'autentica amb èxit: %s" -#: plugins/sudoers/def_data.c:50 +#: plugins/sudoers/def_data.c:58 #, c-format msgid "Syslog priority to use when user authenticates unsuccessfully: %s" msgstr "Prioritat de syslog a usar quan l'usuari no té èxit a autenticar- %s" -#: plugins/sudoers/def_data.c:54 +#: plugins/sudoers/def_data.c:62 msgid "Put OTP prompt on its own line" msgstr "Poseu la pregunta OTP a la seva pròpia línia" -#: plugins/sudoers/def_data.c:58 +#: plugins/sudoers/def_data.c:66 msgid "Ignore '.' in $PATH" msgstr "Ignoreu '.' al $PATH" -#: plugins/sudoers/def_data.c:62 +#: plugins/sudoers/def_data.c:70 msgid "Always send mail when sudo is run" msgstr "Envia sempre correu electrònic quan s'executi sudo" -#: plugins/sudoers/def_data.c:66 +#: plugins/sudoers/def_data.c:74 msgid "Send mail if user authentication fails" msgstr "Envia correu electrònic si falla l'autenticació de l'usuari" -#: plugins/sudoers/def_data.c:70 +#: plugins/sudoers/def_data.c:78 msgid "Send mail if the user is not in sudoers" msgstr "Envia correu electrònic si l'usuari no està als sudoers" -#: plugins/sudoers/def_data.c:74 +#: plugins/sudoers/def_data.c:82 msgid "Send mail if the user is not in sudoers for this host" msgstr "Envia el correu electrònic si l'usuari no està als sudoers per a aquesta amfitrió" -#: plugins/sudoers/def_data.c:78 +#: plugins/sudoers/def_data.c:86 msgid "Send mail if the user is not allowed to run a command" msgstr "Envia correu electrònic si l'usuari no té permís per executar aquesta ordre" -#: plugins/sudoers/def_data.c:82 +#: plugins/sudoers/def_data.c:90 msgid "Send mail if the user tries to run a command" msgstr "Envia correu electrònic si l'usuari intenta executar una ordre" -#: plugins/sudoers/def_data.c:86 +#: plugins/sudoers/def_data.c:94 msgid "Use a separate timestamp for each user/tty combo" msgstr "Usa una marca horària separada per a cada combinació usuari/terminal" -#: plugins/sudoers/def_data.c:90 +#: plugins/sudoers/def_data.c:98 msgid "Lecture user the first time they run sudo" msgstr "Dóna una llissó a l'usuari cada cop que executi sudo" -#: plugins/sudoers/def_data.c:94 +#: plugins/sudoers/def_data.c:102 #, c-format msgid "File containing the sudo lecture: %s" msgstr "Fitxer que conté la llissó de sudo: %s" -#: plugins/sudoers/def_data.c:98 +#: plugins/sudoers/def_data.c:106 msgid "Require users to authenticate by default" msgstr "Requereix de forma predeterminada que els usuaris s'autentiquin" -#: plugins/sudoers/def_data.c:102 +#: plugins/sudoers/def_data.c:110 msgid "Root may run sudo" msgstr "L'usuari primari pot executar sudo" -#: plugins/sudoers/def_data.c:106 +#: plugins/sudoers/def_data.c:114 msgid "Log the hostname in the (non-syslog) log file" msgstr "Registra el nom del sistema amfitrió al fitxer de registre (que no és syslog)" -#: plugins/sudoers/def_data.c:110 +#: plugins/sudoers/def_data.c:118 msgid "Log the year in the (non-syslog) log file" msgstr "Registra l'any al fitxer de registre (que no és syslog)" -#: plugins/sudoers/def_data.c:114 +#: plugins/sudoers/def_data.c:122 msgid "If sudo is invoked with no arguments, start a shell" msgstr "Si sudo s'invoca sense arguments, inicia un intèrpret d'ordres" -#: plugins/sudoers/def_data.c:118 +#: plugins/sudoers/def_data.c:126 msgid "Set $HOME to the target user when starting a shell with -s" msgstr "Estableix $HOME per a l'usuari destí quan s'inicia un d'ordres amb -s" -#: plugins/sudoers/def_data.c:122 +#: plugins/sudoers/def_data.c:130 msgid "Always set $HOME to the target user's home directory" msgstr "Estableix sempre $HOME al directori de l'usuari destí" -#: plugins/sudoers/def_data.c:126 +#: plugins/sudoers/def_data.c:134 msgid "Allow some information gathering to give useful error messages" msgstr "Permet recollir alguna informació per donar missatges d'error útils" -#: plugins/sudoers/def_data.c:130 +#: plugins/sudoers/def_data.c:138 msgid "Require fully-qualified hostnames in the sudoers file" msgstr "Requereix noms de sistema amfitrió qualificats completament al sudoers" -#: plugins/sudoers/def_data.c:134 +#: plugins/sudoers/def_data.c:142 msgid "Insult the user when they enter an incorrect password" msgstr "Insulta a l'usuari quen entri una contrasenya incorrecta" -#: plugins/sudoers/def_data.c:138 +#: plugins/sudoers/def_data.c:146 msgid "Only allow the user to run sudo if they have a tty" msgstr "Permet a l'usuari executar sudo únicament si té un terminal" -#: plugins/sudoers/def_data.c:142 +#: plugins/sudoers/def_data.c:150 msgid "Visudo will honor the EDITOR environment variable" msgstr "Visudo tindrà en compte la variable d'entorn EDITOR" -#: plugins/sudoers/def_data.c:146 +#: plugins/sudoers/def_data.c:154 msgid "Prompt for root's password, not the users's" msgstr "Pregunta per la contrasenya de l'usuari primari, no la de l'usuari normal" -#: plugins/sudoers/def_data.c:150 +#: plugins/sudoers/def_data.c:158 msgid "Prompt for the runas_default user's password, not the users's" msgstr "Pregunta per la contrasenya de l'usuari runas_default, no la de l'usuari normal" -#: plugins/sudoers/def_data.c:154 +#: plugins/sudoers/def_data.c:162 msgid "Prompt for the target user's password, not the users's" msgstr "Pregunta per la contrasenya de l'usuari destí, no la de l'usuari normal" -#: plugins/sudoers/def_data.c:158 +#: plugins/sudoers/def_data.c:166 msgid "Apply defaults in the target user's login class if there is one" msgstr "Aplica els paràmetres predeterminats a la classe d'inici de sessió de l'usuari destí si hi ha una" -#: plugins/sudoers/def_data.c:162 +#: plugins/sudoers/def_data.c:170 msgid "Set the LOGNAME and USER environment variables" msgstr "Estableix les variables d'entorn LOGNAME i USER" -#: plugins/sudoers/def_data.c:166 +#: plugins/sudoers/def_data.c:174 msgid "Only set the effective uid to the target user, not the real uid" msgstr "Estableix únicament l'uid efectiu de l'usuari destí, no l'uid real" -#: plugins/sudoers/def_data.c:170 +#: plugins/sudoers/def_data.c:178 msgid "Don't initialize the group vector to that of the target user" msgstr "No inicialitzis el vector de grup perquè coincideixi amb el de l'usuari destí" -#: plugins/sudoers/def_data.c:174 +#: plugins/sudoers/def_data.c:182 #, c-format msgid "Length at which to wrap log file lines (0 for no wrap): %u" msgstr "longitud a la qual ajustar les línies del fitxer de registres (0 per a no ajustar): %u" -#: plugins/sudoers/def_data.c:178 +#: plugins/sudoers/def_data.c:186 #, c-format msgid "Authentication timestamp timeout: %.1f minutes" msgstr "Temps màxim d'espera per a la marca horària de l'autenticació: %.1f minuts" -#: plugins/sudoers/def_data.c:182 +#: plugins/sudoers/def_data.c:190 #, c-format msgid "Password prompt timeout: %.1f minutes" msgstr "Temps màxim d'espera per a la pregunta de la contrasenya: %.1f minuts" -#: plugins/sudoers/def_data.c:186 +#: plugins/sudoers/def_data.c:194 #, c-format msgid "Number of tries to enter a password: %u" msgstr "Nombre de intents per entrar una contrasenya: %u" -#: plugins/sudoers/def_data.c:190 +#: plugins/sudoers/def_data.c:198 #, c-format msgid "Umask to use or 0777 to use user's: 0%o" msgstr "Umask a usar o 0777 per usar la de l'usuari: 0%o" -#: plugins/sudoers/def_data.c:194 +#: plugins/sudoers/def_data.c:202 #, c-format msgid "Path to log file: %s" msgstr "Camí al fitxer de registre: %s" -#: plugins/sudoers/def_data.c:198 +#: plugins/sudoers/def_data.c:206 #, c-format msgid "Path to mail program: %s" msgstr "Camí al programa de correu electrònic: %s" -#: plugins/sudoers/def_data.c:202 +#: plugins/sudoers/def_data.c:210 #, c-format msgid "Flags for mail program: %s" msgstr "Indicadors per al programa de correu electrònic: %s" -#: plugins/sudoers/def_data.c:206 +#: plugins/sudoers/def_data.c:214 #, c-format msgid "Address to send mail to: %s" msgstr "Adreça per enviar correu electrònic: %s" -#: plugins/sudoers/def_data.c:210 +#: plugins/sudoers/def_data.c:218 #, c-format msgid "Address to send mail from: %s" msgstr "Adreça per enviar correu electrònic des de: %s" -#: plugins/sudoers/def_data.c:214 +#: plugins/sudoers/def_data.c:222 #, c-format msgid "Subject line for mail messages: %s" msgstr "Línia d'assumpte per als missatges de correu electrònic: %s" -#: plugins/sudoers/def_data.c:218 +#: plugins/sudoers/def_data.c:226 #, c-format msgid "Incorrect password message: %s" msgstr "Missatge de contrasenya incorrecta: %s" -#: plugins/sudoers/def_data.c:222 +#: plugins/sudoers/def_data.c:230 #, c-format msgid "Path to lecture status dir: %s" msgstr "Camí al directori d'estat de la llissó: %s" -#: plugins/sudoers/def_data.c:226 +#: plugins/sudoers/def_data.c:234 #, c-format msgid "Path to authentication timestamp dir: %s" msgstr "Camí del directori de marques horàries d'autenticació: %s" -#: plugins/sudoers/def_data.c:230 +#: plugins/sudoers/def_data.c:238 #, c-format msgid "Owner of the authentication timestamp dir: %s" msgstr "Propietari del directori de marques horàries d'autenticació: %s" -#: plugins/sudoers/def_data.c:234 +#: plugins/sudoers/def_data.c:242 #, c-format msgid "Users in this group are exempt from password and PATH requirements: %s" msgstr "Els usuaris d'aquest grup estan exempts dels requeriments contrasenya i PATH: %s" -#: plugins/sudoers/def_data.c:238 +#: plugins/sudoers/def_data.c:246 #, c-format msgid "Default password prompt: %s" msgstr "Pregunta predeterminada de contrasenya: %s" -#: plugins/sudoers/def_data.c:242 +#: plugins/sudoers/def_data.c:250 msgid "If set, passprompt will override system prompt in all cases." msgstr "Si està establert, la pregunta de contrasenya primarà sobre la pregunta del sistema en tots els casos." -#: plugins/sudoers/def_data.c:246 +#: plugins/sudoers/def_data.c:254 #, c-format msgid "Default user to run commands as: %s" msgstr "Usuari predeterminat per executar ordres com a: %s" -#: plugins/sudoers/def_data.c:250 +#: plugins/sudoers/def_data.c:258 #, c-format msgid "Value to override user's $PATH with: %s" msgstr "Valor per anul·lar el $PATH de l'usuari amb: %s" -#: plugins/sudoers/def_data.c:254 +#: plugins/sudoers/def_data.c:262 #, c-format msgid "Path to the editor for use by visudo: %s" msgstr "Camí a l'editor a usar per visudo: %s" -#: plugins/sudoers/def_data.c:258 +#: plugins/sudoers/def_data.c:266 #, c-format msgid "When to require a password for 'list' pseudocommand: %s" msgstr "Quan requerir una contrasenya per a la pseudo-ordre 'list': %s" -#: plugins/sudoers/def_data.c:262 +#: plugins/sudoers/def_data.c:270 #, c-format msgid "When to require a password for 'verify' pseudocommand: %s" msgstr "Quan requerir una contrasenya per a la pseudo-ordre 'verify': %s" -#: plugins/sudoers/def_data.c:266 -msgid "Preload the dummy exec functions contained in the sudo_noexec library" -msgstr "Pre-carrega les funcions dummy exex contingudes a la biblioteca sudo_noexec" +#: plugins/sudoers/def_data.c:274 +msgid "Preload the sudo_noexec library which replaces the exec functions" +msgstr "Carrega prèviament la llibreria sudo_noexec que reemplaça les funcions exec" -#: plugins/sudoers/def_data.c:270 +#: plugins/sudoers/def_data.c:278 msgid "If LDAP directory is up, do we ignore local sudoers file" msgstr "Si el directori LDAP està actiu, ignorem el fitxer local sudoers?" -#: plugins/sudoers/def_data.c:274 +#: plugins/sudoers/def_data.c:282 #, c-format msgid "File descriptors >= %d will be closed before executing a command" msgstr "Els descriptors de fitxer >= %d es tancaran abans d'executar una ordre" -#: plugins/sudoers/def_data.c:278 -msgid "If set, users may override the value of `closefrom' with the -C option" -msgstr "Si està establert, els usuaris podran anul·lar el valor de `closeform' amb l'opció -C" +#: plugins/sudoers/def_data.c:286 +msgid "If set, users may override the value of \"closefrom\" with the -C option" +msgstr "Si està establert, els usuaris podran anul·lar el valor de «closeform» amb l'opció -C" -#: plugins/sudoers/def_data.c:282 +#: plugins/sudoers/def_data.c:290 msgid "Allow users to set arbitrary environment variables" msgstr "Permet als usuaris fixar variables arbitràries d'entorn" -#: plugins/sudoers/def_data.c:286 +#: plugins/sudoers/def_data.c:294 msgid "Reset the environment to a default set of variables" msgstr "Restableix l'entorn a un conjunt predeterminat de variables" -#: plugins/sudoers/def_data.c:290 -msgid "Environment variables to check for sanity:" +#: plugins/sudoers/def_data.c:298 +msgid "Environment variables to check for safety:" msgstr "Les variables d'entorn per comprovar la validesa:" -#: plugins/sudoers/def_data.c:294 +#: plugins/sudoers/def_data.c:302 msgid "Environment variables to remove:" msgstr "Variables d'entorn a suprimir:" -#: plugins/sudoers/def_data.c:298 +#: plugins/sudoers/def_data.c:306 msgid "Environment variables to preserve:" msgstr "Variables d'entorn a preservar:" -#: plugins/sudoers/def_data.c:302 +#: plugins/sudoers/def_data.c:310 #, c-format msgid "SELinux role to use in the new security context: %s" msgstr "Rol SELinux a usar al nou context de seguretat: %s" -#: plugins/sudoers/def_data.c:306 +#: plugins/sudoers/def_data.c:314 #, c-format msgid "SELinux type to use in the new security context: %s" msgstr "Tipus SELinux a usar al nou context de seguretat: %s" -#: plugins/sudoers/def_data.c:310 +#: plugins/sudoers/def_data.c:318 #, c-format msgid "Path to the sudo-specific environment file: %s" msgstr "Camí al fitxer d'entorn sudo-específic: %s" -#: plugins/sudoers/def_data.c:314 +#: plugins/sudoers/def_data.c:322 #, c-format msgid "Path to the restricted sudo-specific environment file: %s" msgstr "Camí al fitxer restringit d'entorn especific de sudo: %s" -#: plugins/sudoers/def_data.c:318 +#: plugins/sudoers/def_data.c:326 #, c-format msgid "Locale to use while parsing sudoers: %s" msgstr "Configuració local a usar quan s'estan analitzant els sudoers: %s" -#: plugins/sudoers/def_data.c:322 +#: plugins/sudoers/def_data.c:330 msgid "Allow sudo to prompt for a password even if it would be visible" msgstr "Permet a sudo preguntar per una contrasenya tot i que pugui ser visible" -#: plugins/sudoers/def_data.c:326 +#: plugins/sudoers/def_data.c:334 msgid "Provide visual feedback at the password prompt when there is user input" msgstr "Proveeix retroalimentació a la pregunta de contrasenya quan hi ha una entrada per l'usuari" -#: plugins/sudoers/def_data.c:330 +#: plugins/sudoers/def_data.c:338 msgid "Use faster globbing that is less accurate but does not access the filesystem" msgstr "Usa una expansió que és menys precisa però no accedeix el sistema de fitxers" -#: plugins/sudoers/def_data.c:334 +#: plugins/sudoers/def_data.c:342 msgid "The umask specified in sudoers will override the user's, even if it is more permissive" msgstr "Els permisos umask als sudoers anul·larà els permisos de l'usuari, tot i que siguin més permissius" -#: plugins/sudoers/def_data.c:338 +#: plugins/sudoers/def_data.c:346 msgid "Log user's input for the command being run" msgstr "Registra l'entrada feta per l'usuari per a l'ordre que s'està executant" -#: plugins/sudoers/def_data.c:342 +#: plugins/sudoers/def_data.c:350 msgid "Log the output of the command being run" msgstr "Registra la sortida de l'ordre que s'està executant" -#: plugins/sudoers/def_data.c:346 +#: plugins/sudoers/def_data.c:354 msgid "Compress I/O logs using zlib" msgstr "Comprimeix els registres d'entrada/sortida usant zlib" -#: plugins/sudoers/def_data.c:350 +#: plugins/sudoers/def_data.c:358 msgid "Always run commands in a pseudo-tty" msgstr "Executa sempre les ordres en un pseudo-terminal" -#: plugins/sudoers/def_data.c:354 +#: plugins/sudoers/def_data.c:362 #, c-format msgid "Plugin for non-Unix group support: %s" msgstr "Connector per a suport de grup no Unix: %s" -#: plugins/sudoers/def_data.c:358 +#: plugins/sudoers/def_data.c:366 #, c-format msgid "Directory in which to store input/output logs: %s" msgstr "Directori on arxivar els registres entrada/sortida: %s" -#: plugins/sudoers/def_data.c:362 +#: plugins/sudoers/def_data.c:370 #, c-format msgid "File in which to store the input/output log: %s" msgstr "Fitxer on arxivar el registre entrada/sortida: %s" -#: plugins/sudoers/def_data.c:366 +#: plugins/sudoers/def_data.c:374 msgid "Add an entry to the utmp/utmpx file when allocating a pty" msgstr "Afegeix una entrada al fitxer utmp/utmpx quan s'estigui assignant un pty" -#: plugins/sudoers/def_data.c:370 +#: plugins/sudoers/def_data.c:378 msgid "Set the user in utmp to the runas user, not the invoking user" msgstr "Estableix l'usuari a utmp perquè sigui l'usuari runas, no l'usuari invocant" -#: plugins/sudoers/def_data.c:374 +#: plugins/sudoers/def_data.c:382 #, c-format msgid "Set of permitted privileges: %s" msgstr "Conjunt de privilegis permesos: %s" -#: plugins/sudoers/def_data.c:378 +#: plugins/sudoers/def_data.c:386 #, c-format msgid "Set of limit privileges: %s" msgstr "Conjunt de privilegis límit: %s" -#: plugins/sudoers/def_data.c:382 +#: plugins/sudoers/def_data.c:390 msgid "Run commands on a pty in the background" msgstr "Executa les ordres a un pseudo-terminal (pty) al fons" -#: plugins/sudoers/def_data.c:386 +#: plugins/sudoers/def_data.c:394 #, c-format msgid "PAM service name to use: %s" msgstr "Nom del servei PAM a usar: %s" -#: plugins/sudoers/def_data.c:390 +#: plugins/sudoers/def_data.c:398 #, c-format msgid "PAM service name to use for login shells: %s" msgstr "Nom del servei PAM a usar per a intèrprets d'ordres d'inici de sessió: %s" -#: plugins/sudoers/def_data.c:394 +#: plugins/sudoers/def_data.c:402 msgid "Attempt to establish PAM credentials for the target user" msgstr "Intent d'establir credencials PAM per a l'usuari destí" -#: plugins/sudoers/def_data.c:398 +#: plugins/sudoers/def_data.c:406 msgid "Create a new PAM session for the command to run in" msgstr "Crea una nova sessió PAM on s'executi l'ordre" -#: plugins/sudoers/def_data.c:402 +#: plugins/sudoers/def_data.c:410 msgid "Perform PAM account validation management" msgstr "Realitza la gestió de validació del compte PAM" -#: plugins/sudoers/def_data.c:406 +#: plugins/sudoers/def_data.c:414 #, c-format -msgid "Maximum I/O log sequence number: %u" -msgstr "Número màxim de seqüència de registre d'entrada/sortida: %u" +msgid "Maximum I/O log sequence number: %s" +msgstr "Nombre de seqüència de registre I/O màxim: %s" -#: plugins/sudoers/def_data.c:410 +#: plugins/sudoers/def_data.c:418 msgid "Enable sudoers netgroup support" msgstr "Habilita el suport de netgroup dels sudoers" -#: plugins/sudoers/def_data.c:414 +#: plugins/sudoers/def_data.c:422 msgid "Check parent directories for writability when editing files with sudoedit" msgstr "Comprova que el directori pare tingui permisos d'escriptura quan s'estiguin editant fitxers amb sudoedit" -#: plugins/sudoers/def_data.c:418 +#: plugins/sudoers/def_data.c:426 msgid "Follow symbolic links when editing files with sudoedit" msgstr "Segueix els enllaços simbòlics quan s'estiguin editant fitxers amb sudoedit" -#: plugins/sudoers/def_data.c:422 +#: plugins/sudoers/def_data.c:430 msgid "Query the group plugin for unknown system groups" msgstr "Consulta al connector de grups per grups desconeguts de sistema" -#: plugins/sudoers/def_data.c:426 +#: plugins/sudoers/def_data.c:434 msgid "Match netgroups based on the entire tuple: user, host and domain" msgstr "Fes concordar els grups de xarxa en base al conjunt sencer: usuari, amfitrió i domini" -#: plugins/sudoers/def_data.c:430 +#: plugins/sudoers/def_data.c:438 msgid "Allow commands to be run even if sudo cannot write to the audit log" msgstr "Permet que s'executin les ordres tot i que sudo no pot escriure al registre d'auditoria" -#: plugins/sudoers/def_data.c:434 +#: plugins/sudoers/def_data.c:442 msgid "Allow commands to be run even if sudo cannot write to the I/O log" msgstr "Permet que s'executin les ordres tot i que sudo no pot escriure al registre d'entrada/sortida" -#: plugins/sudoers/def_data.c:438 +#: plugins/sudoers/def_data.c:446 msgid "Allow commands to be run even if sudo cannot write to the log file" msgstr "Permet que s'executin les ordres tot i que sudo no pot escriure al fitxer de registre" -#: plugins/sudoers/def_data.c:442 +#: plugins/sudoers/def_data.c:450 msgid "Resolve groups in sudoers and match on the group ID, not the name" msgstr "Resol els grups a sudoers i fes concordar amb l'identificador de grup, no el nom" -#: plugins/sudoers/def_data.c:446 +#: plugins/sudoers/def_data.c:454 #, c-format msgid "Log entries larger than this value will be split into multiple syslog messages: %u" msgstr "Les entrades de registre més grans que aquest valor es dividiran en múltiples missatges de syslog: %u" -#: plugins/sudoers/def_data.c:450 +#: plugins/sudoers/def_data.c:458 #, c-format msgid "User that will own the I/O log files: %s" msgstr "L'usuari que serà el propietari dels fitxers d'entrada/sortida: %s" -#: plugins/sudoers/def_data.c:454 +#: plugins/sudoers/def_data.c:462 #, c-format msgid "Group that will own the I/O log files: %s" msgstr "El grup que serà el propietari dels fitxers de registre d'entrada/sortida: %s" -#: plugins/sudoers/def_data.c:458 +#: plugins/sudoers/def_data.c:466 #, c-format msgid "File mode to use for the I/O log files: 0%o" msgstr "Mode de fitxer a usar per als fitxers de registre d'entrada/sortida: 0%o" -#: plugins/sudoers/def_data.c:462 +#: plugins/sudoers/def_data.c:470 #, c-format msgid "Execute commands by file descriptor instead of by path: %s" msgstr "Executa les ordres pel descriptor de fitxer en comptes de pel camí: %s" -#: plugins/sudoers/def_data.c:466 +#: plugins/sudoers/def_data.c:474 msgid "Ignore unknown Defaults entries in sudoers instead of producing a warning" msgstr "Ignora les entrades desconegudes de valores predeterminats al sudoers en comptes de produir un advertiment" -#: plugins/sudoers/def_data.c:470 +#: plugins/sudoers/def_data.c:478 #, c-format msgid "Time in seconds after which the command will be terminated: %u" msgstr "Temps en segons després del qual es finalitzarà l'ordre: %u" -#: plugins/sudoers/def_data.c:474 +#: plugins/sudoers/def_data.c:482 msgid "Allow the user to specify a timeout on the command line" msgstr "Permet a l'usuari especificar un temps d'espera a la línia d'ordres" -#: plugins/sudoers/def_data.c:478 +#: plugins/sudoers/def_data.c:486 msgid "Flush I/O log data to disk immediately instead of buffering it" msgstr "Purga les dades de registre I/O a disc immediatament en comptes de posar-les a la memòria intermèdia" -#: plugins/sudoers/def_data.c:482 +#: plugins/sudoers/def_data.c:490 msgid "Include the process ID when logging via syslog" msgstr "Inclou l'ID de procés quan escriguis registres mitjançant syslog" -#: plugins/sudoers/def_data.c:486 +#: plugins/sudoers/def_data.c:494 #, c-format msgid "Type of authentication timestamp record: %s" msgstr "Tipus de registre de marca de temps d'autenticació: %s" -#: plugins/sudoers/def_data.c:490 +#: plugins/sudoers/def_data.c:498 #, c-format msgid "Authentication failure message: %s" msgstr "Missatge de fallada d'autenticació: %s" -#: plugins/sudoers/def_data.c:494 +#: plugins/sudoers/def_data.c:502 msgid "Ignore case when matching user names" msgstr "Ignora majúscules i minúscules quan concordis noms d'usuaris" -#: plugins/sudoers/def_data.c:498 +#: plugins/sudoers/def_data.c:506 msgid "Ignore case when matching group names" msgstr "Ignora majúscules i minúscules quan concordis noms de grups" -#: plugins/sudoers/def_data.c:502 +#: plugins/sudoers/def_data.c:510 msgid "Log when a command is allowed by sudoers" msgstr "Escriure un registre quan s'autoritza un ordre per sudoers" -#: plugins/sudoers/def_data.c:506 +#: plugins/sudoers/def_data.c:514 msgid "Log when a command is denied by sudoers" msgstr "Escriu un registre quan es denega un ordre per sudoers" -#: plugins/sudoers/defaults.c:231 +#: plugins/sudoers/def_data.c:518 +msgid "Sudo log server(s) to connect to with optional port" +msgstr "El(s) servidor(s) sudo per connectar-se amb port opcional" + +#: plugins/sudoers/def_data.c:522 #, c-format -msgid "%s:%d unknown defaults entry \"%s\"" -msgstr "%s:%d entrada «%s» desconeguda de paràmetres predeterminats" +msgid "Sudo log server timeout in seconds: %u" +msgstr "Temps límit del servidor de registre sudo en segons: %u" -#: plugins/sudoers/defaults.c:234 +#: plugins/sudoers/def_data.c:526 +msgid "Enable SO_KEEPALIVE socket option on the socket connected to the logserver" +msgstr "Habilita l'opció del sòcol SO_KEEPALIVE al sòcol connectat al servidor de registre" + +#: plugins/sudoers/def_data.c:530 #, c-format -msgid "%s: unknown defaults entry \"%s\"" -msgstr "%s: entrada «%s» desconeguda de paràmetres predeterminats" +msgid "Path to the audit server's CA bundle file: %s" +msgstr "Camí al fitxer del paquet d'auditoria CA del servidor: %s" -#: plugins/sudoers/defaults.c:277 +#: plugins/sudoers/def_data.c:534 #, c-format -msgid "%s:%d no value specified for \"%s\"" -msgstr "%s:%d no s'ha especificat un valor per a «%s»" +msgid "Path to the sudoers certificate file: %s" +msgstr "Camí al fitxer d'entorn específic del sudo: %s" -#: plugins/sudoers/defaults.c:280 +#: plugins/sudoers/def_data.c:538 #, c-format -msgid "%s: no value specified for \"%s\"" -msgstr "%s: no s'ha especificat un valor per a «%s»" +msgid "Path to the sudoers private key file: %s" +msgstr "Camí a la clau privada del sudoers: %s" + +#: plugins/sudoers/def_data.c:542 +msgid "Verify that the log server's certificate is valid" +msgstr "Verifica que el certificat del servidor de registre és vàlid" + +#: plugins/sudoers/def_data.c:546 +msgid "Allow the use of unknown runas user and/or group ID" +msgstr "Permet l'ús d'un usuari runas desconegut i/o un ID de grup" + +#: plugins/sudoers/def_data.c:550 +msgid "Only permit running commands as a user with a valid shell" +msgstr "Per sols ordres d'execució com a usuari amb un entorn d'ordres vàlid" -#: plugins/sudoers/defaults.c:300 +#: plugins/sudoers/def_data.c:554 +msgid "Set the pam remote user to the user running sudo" +msgstr "Estableix l'usuari remot pam a l'usuari que executa el sudo" + +#: plugins/sudoers/def_data.c:558 +msgid "Set the pam remote host to the local host name" +msgstr "Estableix l'amfitrió remot pam al nom de l'amfitrió local" + +#: plugins/sudoers/def_data.c:562 #, c-format -msgid "%s:%d values for \"%s\" must start with a '/'" -msgstr "%s:%d els valors per a «%s» han de començar amb un «/»" +msgid "Working directory to change to before executing the command: %s" +msgstr "Directori de treball al qual canviar abans d'executar l'ordre: %s" -#: plugins/sudoers/defaults.c:303 +#: plugins/sudoers/def_data.c:566 #, c-format -msgid "%s: values for \"%s\" must start with a '/'" -msgstr "%s: els valors per a «%s» han de començar amb un «/»" +msgid "Root directory to change to before executing the command: %s" +msgstr "Directori arrel al qual canviar abans d'executar l'ordre: %s" + +#: plugins/sudoers/def_data.c:570 +#, c-format +msgid "The format of logs to produce: %s" +msgstr "El format dels registres a produir: %s" + +#: plugins/sudoers/def_data.c:574 +msgid "Enable SELinux RBAC support" +msgstr "Habiita el suport SELinux RBAC" + +#: plugins/sudoers/def_data.c:578 +#, c-format +msgid "Path to the file that is created the first time sudo is run: %s" +msgstr "Camí al fitxer que es crea el primer cop que s'executa el sudo: %s" + +#: plugins/sudoers/defaults.c:185 +#, c-format +msgid "%s:%d:%d: unknown defaults entry \"%s\"" +msgstr "%s:%d:%d: entrada predeterminada desconeguda «%s»" + +#: plugins/sudoers/defaults.c:188 +#, c-format +msgid "%s: unknown defaults entry \"%s\"" +msgstr "%s: entrada «%s» desconeguda de paràmetres predeterminats" + +#: plugins/sudoers/defaults.c:234 +#, c-format +msgid "%s:%d:%d: no value specified for \"%s\"" +msgstr "%s:%d:%d: no s'ha especificat un valor per a «%s»" + +#: plugins/sudoers/defaults.c:237 +#, c-format +msgid "%s: no value specified for \"%s\"" +msgstr "%s: no s'ha especificat un valor per a «%s»" -#: plugins/sudoers/defaults.c:325 +#: plugins/sudoers/defaults.c:275 #, c-format -msgid "%s:%d option \"%s\" does not take a value" -msgstr "%s:%d l'opció «%s» no pren un valor" +msgid "%s:%d:%d: option \"%s\" does not take a value" +msgstr "%s:%d:%d: l'opció «%s» no pren un valor" -#: plugins/sudoers/defaults.c:328 +#: plugins/sudoers/defaults.c:278 #, c-format msgid "%s: option \"%s\" does not take a value" msgstr "%s: l'opció «%s» no pren un valor" -#: plugins/sudoers/defaults.c:353 +#: plugins/sudoers/defaults.c:303 #, c-format -msgid "%s:%d invalid Defaults type 0x%x for option \"%s\"" -msgstr "%s:%d tipus de paràmetres predeterminats 0x%x per a l'opció «%s»" +msgid "%s:%d:%d: invalid Defaults type 0x%x for option \"%s\"" +msgstr "%s:%d:%d: tipus no vàlid de Defaults 0x%x per a l'opció «%s»" -#: plugins/sudoers/defaults.c:356 +#: plugins/sudoers/defaults.c:306 #, c-format msgid "%s: invalid Defaults type 0x%x for option \"%s\"" msgstr "%s: tipus 0x%x no vàlid de paràmetres predeterminats per a l'opció «%s»" -#: plugins/sudoers/defaults.c:366 +#: plugins/sudoers/defaults.c:316 #, c-format -msgid "%s:%d value \"%s\" is invalid for option \"%s\"" -msgstr "%s:%d el valor «%s» no és vàlid per a l'opció «%s»" +msgid "%s:%d:%d: value \"%s\" is invalid for option \"%s\"" +msgstr "%s:%d:%d: valor «%s» no és vàlid per a l'opció «%s»" -#: plugins/sudoers/defaults.c:369 +#: plugins/sudoers/defaults.c:319 #, c-format msgid "%s: value \"%s\" is invalid for option \"%s\"" msgstr "%s: el valor «%s» no és vàlid per a l'opció «%s»" -#: plugins/sudoers/env.c:411 +#: plugins/sudoers/defaults.c:1040 +#, c-format +msgid "%s:%d:%d: values for \"%s\" must start with a '/', '~', or '*'" +msgstr "%s:%d:%d: els valors per a «%s» han de començar amb «/», «~», o «*»" + +#: plugins/sudoers/defaults.c:1044 +#, c-format +msgid "%s: values for \"%s\" must start with a '/', '~', or '*'" +msgstr "%s: els valors per a «%s» han de començar amb «/», «~», o «*»" + +#: plugins/sudoers/defaults.c:1055 +#, c-format +msgid "%s:%d:%d: values for \"%s\" must start with a '/'" +msgstr "%s:%d:%d: els valor per a «%s» han de començar amb «/»" + +#: plugins/sudoers/defaults.c:1059 +#, c-format +msgid "%s: values for \"%s\" must start with a '/'" +msgstr "%s: els valors per a «%s» han de començar amb un «/»" + +#: plugins/sudoers/env.c:412 msgid "sudo_putenv: corrupted envp, length mismatch" msgstr "sudo_putenv: envp corrupte, discordança de longitud" -#: plugins/sudoers/env.c:1132 +#: plugins/sudoers/env.c:1095 msgid "unable to rebuild the environment" msgstr "no s'ha pogut reconstruir l'entorn" -#: plugins/sudoers/env.c:1206 +#: plugins/sudoers/env.c:1169 #, c-format msgid "sorry, you are not allowed to set the following environment variables: %s" msgstr "ho sentim, no teniu permís d'establir les següents variables d'entorn: %s" -#: plugins/sudoers/file.c:116 +#: plugins/sudoers/file.c:107 #, c-format msgid "parse error in %s near line %d" msgstr "error d'anàlisi a %s a prop de la línia %d" -#: plugins/sudoers/file.c:119 +#: plugins/sudoers/file.c:110 #, c-format msgid "parse error in %s" msgstr "error d'anàlisi a la línia %s" -#: plugins/sudoers/filedigest.c:61 +#: plugins/sudoers/filedigest.c:49 #, c-format msgid "unsupported digest type %d for %s" msgstr "tipus de resum no suportat %d per a %s" -#: plugins/sudoers/filedigest.c:90 +#: plugins/sudoers/filedigest.c:78 #, c-format msgid "%s: read error" msgstr "%s: error de lectura" -#: plugins/sudoers/group_plugin.c:90 +#: plugins/sudoers/group_plugin.c:83 #, c-format msgid "%s must be owned by uid %d" msgstr "%s ha de ser propietat de l'uid %d" -#: plugins/sudoers/group_plugin.c:94 +#: plugins/sudoers/group_plugin.c:87 #, c-format msgid "%s must only be writable by owner" msgstr "%s ha de ser modificable sols pel seu propietari" -#: plugins/sudoers/group_plugin.c:102 plugins/sudoers/sssd.c:562 +#: plugins/sudoers/group_plugin.c:96 plugins/sudoers/sssd.c:569 #, c-format msgid "unable to load %s: %s" msgstr "no s'ha pogut carregar %s: %s" -#: plugins/sudoers/group_plugin.c:108 +#: plugins/sudoers/group_plugin.c:102 #, c-format msgid "unable to find symbol \"group_plugin\" in %s" msgstr "no s'ha pogut trobar el símbol \"group_plugin\" a %s" -#: plugins/sudoers/group_plugin.c:113 +#: plugins/sudoers/group_plugin.c:107 #, c-format msgid "%s: incompatible group plugin major version %d, expected %d" msgstr "%s: connector incompatible de group versió principal %d, s'esperava %d" -#: plugins/sudoers/interfaces.c:86 plugins/sudoers/interfaces.c:103 +#: plugins/sudoers/interfaces.c:80 plugins/sudoers/interfaces.c:97 #, c-format msgid "unable to parse IP address \"%s\"" msgstr "no s'ha pogut analitzar l'adreça IP «%s»" -#: plugins/sudoers/interfaces.c:91 plugins/sudoers/interfaces.c:108 +#: plugins/sudoers/interfaces.c:85 plugins/sudoers/interfaces.c:102 #, c-format msgid "unable to parse netmask \"%s\"" msgstr "no s'ha pogut analitzar la màscara de xarxa «%s»" -#: plugins/sudoers/interfaces.c:136 +#: plugins/sudoers/interfaces.c:130 msgid "Local IP address and netmask pairs:\n" msgstr "Adreça local IP i parelles netmask:\n" -#: plugins/sudoers/iolog.c:117 plugins/sudoers/mkdir_parents.c:82 -#, c-format -msgid "%s exists but is not a directory (0%o)" -msgstr "%s existeix però no és un directori (0%o)" - -#: plugins/sudoers/iolog.c:142 plugins/sudoers/iolog.c:182 -#: plugins/sudoers/mkdir_parents.c:71 plugins/sudoers/timestamp.c:212 -#, c-format -msgid "unable to mkdir %s" -msgstr "no s'ha pogut mkdir %s" - -#: plugins/sudoers/iolog.c:186 plugins/sudoers/visudo.c:739 -#: plugins/sudoers/visudo.c:750 -#, c-format -msgid "unable to change mode of %s to 0%o" -msgstr "no s'ha pogut canviar el mode de %s a 0%o" - -#: plugins/sudoers/iolog.c:294 plugins/sudoers/sudoers.c:1194 -#: plugins/sudoers/testsudoers.c:424 +#: plugins/sudoers/iolog.c:143 plugins/sudoers/sudoers.c:437 +#: plugins/sudoers/sudoers.c:1317 plugins/sudoers/testsudoers.c:407 #, c-format msgid "unknown group: %s" msgstr "grup desconegut: %s" -#: plugins/sudoers/iolog.c:464 plugins/sudoers/sudoers.c:918 -#: plugins/sudoers/sudoreplay.c:846 plugins/sudoers/sudoreplay.c:1542 -#: plugins/sudoers/tsdump.c:145 -#, c-format -msgid "unable to read %s" -msgstr "no s'ha pogut llegir %s" - -#: plugins/sudoers/iolog.c:579 plugins/sudoers/iolog.c:801 -#, c-format -msgid "unable to create %s" -msgstr "no s'ha pogut crear %s" - -#: plugins/sudoers/iolog.c:824 plugins/sudoers/iolog.c:1039 -#: plugins/sudoers/iolog.c:1115 plugins/sudoers/iolog.c:1209 -#: plugins/sudoers/iolog.c:1270 +#: plugins/sudoers/iolog.c:635 +msgid "unable to update sequence file" +msgstr "no s'ha pogut actualitzar el fitxer de seqüència" + +#: plugins/sudoers/iolog.c:666 plugins/sudoers/iolog.c:854 +#: plugins/sudoers/iolog.c:1007 plugins/sudoers/iolog.c:1014 +#: plugins/sudoers/iolog.c:1135 plugins/sudoers/iolog.c:1142 +#: plugins/sudoers/iolog.c:1241 plugins/sudoers/iolog.c:1248 #, c-format msgid "unable to write to I/O log file: %s" msgstr "no s'ha pogut escriure al fitxer de registre d'entrada/sortida: %s" -#: plugins/sudoers/iolog.c:1073 +#: plugins/sudoers/iolog.c:674 +#, c-format +msgid "unable to create %s/%s" +msgstr "no s'ha pogut crear %s/%s" + +#: plugins/sudoers/iolog.c:899 #, c-format msgid "%s: internal error, I/O log file for event %d not open" msgstr "%s: error intern, no està obert el fitxer de registre I/O per a l'event %d" -#: plugins/sudoers/iolog.c:1233 +#: plugins/sudoers/iolog.c:992 plugins/sudoers/iolog.c:1120 +#: plugins/sudoers/iolog.c:1225 plugins/sudoers/timestamp.c:836 +#: plugins/sudoers/timestamp.c:928 plugins/sudoers/visudo.c:487 +#: plugins/sudoers/visudo.c:493 +msgid "unable to read the clock" +msgstr "no s'ha pogut llegir el rellotge" + +#: plugins/sudoers/iolog.c:1217 plugins/sudoers/log_client.c:1199 #, c-format msgid "%s: internal error, invalid signal %d" msgstr "%s: error intern, senyal %d no vàlid" -#: plugins/sudoers/iolog_util.c:90 -#, c-format -msgid "%s: invalid log file" -msgstr "%s: fitxer no vàlid de registre" - -#: plugins/sudoers/iolog_util.c:108 -#, c-format -msgid "%s: time stamp field is missing" -msgstr "%s: no hi ha el camp de marca horària " - -#: plugins/sudoers/iolog_util.c:114 -#, c-format -msgid "%s: time stamp %s: %s" -msgstr "%s: marca horària %s: %s" - -#: plugins/sudoers/iolog_util.c:121 -#, c-format -msgid "%s: user field is missing" -msgstr "%s: no hi ha el camp d'usuari runas" - -#: plugins/sudoers/iolog_util.c:130 -#, c-format -msgid "%s: runas user field is missing" -msgstr "%s: no hi ha el camp del grup runas" - -#: plugins/sudoers/iolog_util.c:139 -#, c-format -msgid "%s: runas group field is missing" -msgstr "%s: no es troba el camp del grup runas" - -#: plugins/sudoers/ldap.c:178 plugins/sudoers/ldap_conf.c:296 +#: plugins/sudoers/ldap.c:177 plugins/sudoers/ldap_conf.c:291 msgid "starttls not supported when using ldaps" msgstr "starttls no suportat quan s'està usant ldaps" -#: plugins/sudoers/ldap.c:249 +#: plugins/sudoers/ldap.c:248 #, c-format msgid "unable to initialize SSL cert and key db: %s" msgstr "no s'ha pogut inicialitzar el certificat SSL i la clau db: %s" -#: plugins/sudoers/ldap.c:252 +#: plugins/sudoers/ldap.c:251 #, c-format msgid "you must set TLS_CERT in %s to use SSL" msgstr "heu d'establir TLS_CERT a %s per usar SSL" -#: plugins/sudoers/ldap.c:1620 +#: plugins/sudoers/ldap.c:1660 #, c-format msgid "unable to initialize LDAP: %s" msgstr "no s'ha pogut inicialitzar LDAP: %s" -#: plugins/sudoers/ldap.c:1656 +#: plugins/sudoers/ldap.c:1697 msgid "start_tls specified but LDAP libs do not support ldap_start_tls_s() or ldap_start_tls_s_np()" msgstr "s'ha especificat start_tls però les biblioteques LDAP no donen suport a ldap_start_tls_s() o ldap_start_tls_s_np()" -#: plugins/sudoers/ldap.c:1793 plugins/sudoers/parse_ldif.c:734 +#: plugins/sudoers/ldap.c:1834 plugins/sudoers/parse_ldif.c:746 #, c-format msgid "invalid sudoOrder attribute: %s" msgstr "atribut sudoOrder no vàlid: %s" -#: plugins/sudoers/ldap_conf.c:205 -msgid "sudo_ldap_conf_add_ports: port too large" -msgstr "sudo_ldap_conf_add_ports: el port és massa gran" +#: plugins/sudoers/ldap_conf.c:200 +#, c-format +msgid "%s: port too large" +msgstr "%s: port massa larg" -#: plugins/sudoers/ldap_conf.c:265 +#: plugins/sudoers/ldap_conf.c:260 #, c-format msgid "unsupported LDAP uri type: %s" msgstr "tipus d'uri LDAP no suportat: %s" -#: plugins/sudoers/ldap_conf.c:292 +#: plugins/sudoers/ldap_conf.c:287 msgid "unable to mix ldap and ldaps URIs" msgstr "no s'han pogut barrejar el ldap i els ldaps URIs " -#: plugins/sudoers/ldap_util.c:456 plugins/sudoers/ldap_util.c:458 +#: plugins/sudoers/ldap_util.c:529 plugins/sudoers/ldap_util.c:536 +#: plugins/sudoers/ldap_util.c:544 plugins/sudoers/ldap_util.c:553 +#: plugins/sudoers/ldap_util.c:561 plugins/sudoers/ldap_util.c:571 +#: plugins/sudoers/ldap_util.c:579 +#, c-format +msgid "duplicate sudoOption: %s%s%s" +msgstr "sudoOption duplicada: %s%s%s" + +#: plugins/sudoers/ldap_util.c:598 plugins/sudoers/ldap_util.c:600 #, c-format msgid "unable to convert sudoOption: %s%s%s" msgstr "no s'ha pogut convertir l'opció de sudo: %s%s%s" -#: plugins/sudoers/linux_audit.c:59 +#: plugins/sudoers/linux_audit.c:58 plugins/sudoers/linux_audit.c:60 msgid "unable to open audit system" msgstr "no s'ha pogut obrir el sistema d'auditoria" -#: plugins/sudoers/linux_audit.c:100 +#: plugins/sudoers/linux_audit.c:103 msgid "unable to send audit message" msgstr "no s'ha pogut enviar el missatge d'auditoria" -#: plugins/sudoers/logging.c:120 -#, c-format -msgid "%8s : %s" -msgstr "%8s : %s" +#: plugins/sudoers/log_client.c:113 plugins/sudoers/log_client.c:391 +#: plugins/sudoers/log_client.c:1437 plugins/sudoers/log_client.c:2031 +msgid "error in event loop" +msgstr "error al bucle d'esdeveniment" -#: plugins/sudoers/logging.c:148 +#: plugins/sudoers/log_client.c:193 #, c-format -msgid "%8s : (command continued) %s" -msgstr "%8s : (ordre continuada) %s" +msgid "Creation of new SSL_CTX object failed: %s" +msgstr "Ha fallat la creació d'un objecte nou SSL_CTX: %s" -#: plugins/sudoers/logging.c:177 +#: plugins/sudoers/log_client.c:345 plugins/sudoers/log_client.c:350 #, c-format -msgid "unable to open log file: %s" -msgstr "no s'ha pogut obrir el fitxer de registre: %s" +msgid "TLS connection to %s:%s failed: %s" +msgstr "Ha fallat la connexió TLS a %s:%s: %s" -#: plugins/sudoers/logging.c:185 -#, c-format -msgid "unable to lock log file: %s" -msgstr "no s'ha pogut bloquejar el fitxer de registre: %s" +#: plugins/sudoers/log_client.c:519 +msgid "TLS initialization was unsuccessful" +msgstr "La inicialització TLS no ha reeixit" + +#: plugins/sudoers/log_client.c:528 +msgid "TLS handshake was unsuccessful" +msgstr "L'encaixada TLS no ha reeixit" -#: plugins/sudoers/logging.c:218 +#: plugins/sudoers/log_client.c:1208 #, c-format -msgid "unable to write log file: %s" -msgstr "no s'ha pogut escriure el fitxer de registre: %s" +msgid "%s: internal error, invalid exit status %d" +msgstr "%s: error intern, estat no vàlid de sortida %d" -#: plugins/sudoers/logging.c:248 -msgid "No user or host" -msgstr "No hi ha usuari o amfitrió" +#: plugins/sudoers/log_client.c:1724 plugins/sudoers/log_client.c:1748 +msgid "lost connection to log server" +msgstr "s'ha perdut la connexió al servidor de registre" -#: plugins/sudoers/logging.c:250 -msgid "validation failure" -msgstr "ha fallat la validació" +#: plugins/sudoers/log_client.c:1825 +msgid "missing write buffer" +msgstr "falta la memòria intermèdia d'escriptura" -#: plugins/sudoers/logging.c:261 +#: plugins/sudoers/log_client.c:1972 +msgid "unable to connect to log server" +msgstr "no s'ha pogut connectar al servidor de registre" + +#: plugins/sudoers/logging.c:244 msgid "user NOT in sudoers" msgstr "l'usuari NO ESTÀ als sudoers" -#: plugins/sudoers/logging.c:263 +#: plugins/sudoers/logging.c:246 msgid "user NOT authorized on host" msgstr "l'usuari NO està autoritzat a l'amfitrió" -#: plugins/sudoers/logging.c:265 +#: plugins/sudoers/logging.c:248 msgid "command not allowed" msgstr "ordre no permesa" -#: plugins/sudoers/logging.c:301 +#: plugins/sudoers/logging.c:269 #, c-format msgid "%s is not in the sudoers file. This incident will be reported.\n" msgstr "%s no està al fitxer sudoers. S'informarà d'aquest incident.\n" -#: plugins/sudoers/logging.c:304 +#: plugins/sudoers/logging.c:272 #, c-format msgid "%s is not allowed to run sudo on %s. This incident will be reported.\n" msgstr "%s no té permís per executar sudo a %s. S'informarà d'aquest incident.\n" -#: plugins/sudoers/logging.c:308 +#: plugins/sudoers/logging.c:276 #, c-format msgid "Sorry, user %s may not run sudo on %s.\n" msgstr "Ho sentim, l'usuari %s no pot executar sudo a %s.\n" -#: plugins/sudoers/logging.c:311 +#: plugins/sudoers/logging.c:279 #, c-format msgid "Sorry, user %s is not allowed to execute '%s%s%s' as %s%s%s on %s.\n" msgstr "Ho sentim, l'usuari %s no pot executar '%s%s%s' com a %s%s%s a %s.\n" -#: plugins/sudoers/logging.c:348 plugins/sudoers/sudoers.c:442 -#: plugins/sudoers/sudoers.c:444 plugins/sudoers/sudoers.c:446 -#: plugins/sudoers/sudoers.c:448 plugins/sudoers/sudoers.c:603 -#: plugins/sudoers/sudoers.c:605 +#: plugins/sudoers/logging.c:316 plugins/sudoers/sudoers.c:575 +#: plugins/sudoers/sudoers.c:577 plugins/sudoers/sudoers.c:579 +#: plugins/sudoers/sudoers.c:581 plugins/sudoers/sudoers.c:723 +#: plugins/sudoers/sudoers.c:725 #, c-format msgid "%s: command not found" msgstr "%s: no s'ha trobat l'ordre" -#: plugins/sudoers/logging.c:350 plugins/sudoers/sudoers.c:438 +#: plugins/sudoers/logging.c:318 plugins/sudoers/sudoers.c:571 #, c-format msgid "" "ignoring \"%s\" found in '.'\n" @@ -1562,53 +2319,37 @@ "s'ignorarà «%s» trobat a «.»\n" "Useu «sudo ./%s» si aquest és el «%s» que voleu executar." -#: plugins/sudoers/logging.c:367 -msgid "authentication failure" -msgstr "ha fallat l'autenticació" - -#: plugins/sudoers/logging.c:393 -msgid "a password is required" -msgstr "es requereix una contrasenya" - -#: plugins/sudoers/logging.c:463 +#: plugins/sudoers/logging.c:337 #, c-format msgid "%u incorrect password attempt" msgid_plural "%u incorrect password attempts" msgstr[0] "%u intent incorrecte de contrasenya" msgstr[1] "%u intents incorrectes de contrasenya" -#: plugins/sudoers/logging.c:728 -#, c-format -msgid "unable to dup stdin: %m" -msgstr "no es pot duplicar l'entrada estàndard: %m" +#: plugins/sudoers/logging.c:393 +msgid "authentication failure" +msgstr "ha fallat l'autenticació" -#: plugins/sudoers/logging.c:768 -#, c-format -msgid "unable to execute %s: %m" -msgstr "no es pot executar %s: %m" +#: plugins/sudoers/logging.c:433 plugins/sudoers/logging.c:453 +msgid "a password is required" +msgstr "es requereix una contrasenya" -#: plugins/sudoers/logging.c:809 plugins/sudoers/logging.c:865 +#: plugins/sudoers/logging.c:739 #, c-format -msgid "unable to fork: %m" -msgstr "no est pot bifurcar: %m" +msgid "unable to open log file: %s" +msgstr "no s'ha pogut obrir el fitxer de registre: %s" -#: plugins/sudoers/logging.c:855 +#: plugins/sudoers/logging.c:772 #, c-format -msgid "unable to open pipe: %m" -msgstr "no es pot obrir la canonada: %m" +msgid "unable to write log file: %s" +msgstr "no s'ha pogut escriure el fitxer de registre: %s" -#: plugins/sudoers/match_digest.c:103 +#: plugins/sudoers/match_digest.c:129 #, c-format msgid "digest for %s (%s) is not in %s form" msgstr "digest per a %s (%s) no està en forma %s" -#: plugins/sudoers/mkdir_parents.c:77 plugins/sudoers/sudoers.c:943 -#: plugins/sudoers/visudo.c:437 plugins/sudoers/visudo.c:733 -#, c-format -msgid "unable to stat %s" -msgstr "no s'ha pogut accedir %s" - -#: plugins/sudoers/parse.c:449 +#: plugins/sudoers/parse.c:530 #, c-format msgid "" "\n" @@ -1617,8 +2358,7 @@ "\n" "Rol LDAP: %s\n" -#: plugins/sudoers/parse.c:452 -#, c-format +#: plugins/sudoers/parse.c:533 msgid "" "\n" "Sudoers entry:\n" @@ -1626,98 +2366,110 @@ "\n" "Entrada de sudoers:\n" -#: plugins/sudoers/parse.c:454 -#, c-format +#: plugins/sudoers/parse.c:535 msgid " RunAsUsers: " msgstr " RunAsUsers: " -#: plugins/sudoers/parse.c:469 -#, c-format +#: plugins/sudoers/parse.c:550 msgid " RunAsGroups: " msgstr " RunAsGroups: " -#: plugins/sudoers/parse.c:479 -#, c-format +#: plugins/sudoers/parse.c:560 msgid " Options: " msgstr " Opcions: " -#: plugins/sudoers/parse.c:529 -#, c-format +#: plugins/sudoers/parse.c:614 msgid " Commands:\n" msgstr " Ordres:\n" -#: plugins/sudoers/parse.c:720 +#: plugins/sudoers/parse.c:805 #, c-format msgid "Matching Defaults entries for %s on %s:\n" msgstr "Entrades predeterminades concordants per a %s a %s:\n" -#: plugins/sudoers/parse.c:738 +#: plugins/sudoers/parse.c:823 #, c-format msgid "Runas and Command-specific defaults for %s:\n" msgstr "Runas i valors predeterminats específics d'ordres per a %s:\n" -#: plugins/sudoers/parse.c:756 +#: plugins/sudoers/parse.c:841 #, c-format msgid "User %s may run the following commands on %s:\n" msgstr "L'usuari %s pot executar les ordres següents a %s:\n" -#: plugins/sudoers/parse.c:771 +#: plugins/sudoers/parse.c:856 #, c-format msgid "User %s is not allowed to run sudo on %s.\n" msgstr "L'usuari %s no té permisos per executar sudo a %s.\n" -#: plugins/sudoers/parse_ldif.c:604 +#: plugins/sudoers/parse_ldif.c:616 #, c-format msgid "ignoring incomplete sudoRole: cn: %s" msgstr "ignora completament a sudoRole: cn: %s" -#: plugins/sudoers/parse_ldif.c:664 +#: plugins/sudoers/parse_ldif.c:676 #, c-format msgid "invalid LDIF attribute: %s" msgstr "atribut LDIF no vàlid: %s" -#: plugins/sudoers/policy.c:90 plugins/sudoers/policy.c:116 +#: plugins/sudoers/policy.c:78 plugins/sudoers/policy.c:108 #, c-format msgid "invalid %.*s set by sudo front-end" msgstr "%.*s establert pel frontal de sudo" -#: plugins/sudoers/policy.c:295 plugins/sudoers/testsudoers.c:280 +#: plugins/sudoers/policy.c:314 plugins/sudoers/testsudoers.c:269 msgid "unable to parse network address list" msgstr "no s'ha pogut analitzar la llista d'adreces de xarxa" -#: plugins/sudoers/policy.c:439 +#: plugins/sudoers/policy.c:465 msgid "user name not set by sudo front-end" msgstr "nom d'usuari no establert pel frontal de sudo" -#: plugins/sudoers/policy.c:443 +#: plugins/sudoers/policy.c:469 msgid "user-ID not set by sudo front-end" msgstr "ID d'usuari no establers pel frontal de sudo" -#: plugins/sudoers/policy.c:447 +#: plugins/sudoers/policy.c:473 msgid "group-ID not set by sudo front-end" msgstr "ID de grup no establert pel frontal de sudo" -#: plugins/sudoers/policy.c:451 +#: plugins/sudoers/policy.c:477 msgid "host name not set by sudo front-end" msgstr "nom d'amfitrió no establert pel frontal de sudo" -#: plugins/sudoers/policy.c:808 plugins/sudoers/visudo.c:236 -#: plugins/sudoers/visudo.c:867 +#: plugins/sudoers/policy.c:660 +#, c-format +msgid "invalid working directory: %s" +msgstr "director de treball no vàlid: %s" + +#: plugins/sudoers/policy.c:828 +#, c-format +msgid "invalid chroot directory: %s" +msgstr "directori chroot no vàlid: %s" + +#: plugins/sudoers/policy.c:963 plugins/sudoers/visudo.c:229 +#: plugins/sudoers/visudo.c:851 #, c-format msgid "unable to execute %s" msgstr "no s'ha pogut executar %s" -#: plugins/sudoers/policy.c:939 +#: plugins/sudoers/policy.c:1030 plugins/sudoers/policy.c:1067 +#: plugins/sudoers/policy.c:1089 plugins/sudoers/policy.c:1115 +#, c-format +msgid "%s: invalid mode flags from sudo front end: 0x%x" +msgstr "%s: etiquetes no vàlides de mode del frontal del sudo: 0x%x" + +#: plugins/sudoers/policy.c:1146 #, c-format msgid "Sudoers policy plugin version %s\n" msgstr "Versió del connector de política de sudoers %s\n" -#: plugins/sudoers/policy.c:941 +#: plugins/sudoers/policy.c:1148 #, c-format msgid "Sudoers file grammar version %d\n" msgstr "Versió de gramàtica del fitxer sudoers %d\n" -#: plugins/sudoers/policy.c:945 +#: plugins/sudoers/policy.c:1152 #, c-format msgid "" "\n" @@ -1726,367 +2478,411 @@ "\n" "Camí del sudoers: %s\n" -#: plugins/sudoers/policy.c:948 +#: plugins/sudoers/policy.c:1155 #, c-format msgid "nsswitch path: %s\n" msgstr "camí del nsswitch: %s\n" -#: plugins/sudoers/policy.c:950 +#: plugins/sudoers/policy.c:1157 #, c-format msgid "ldap.conf path: %s\n" msgstr "camí de ldap.conf: %s\n" -#: plugins/sudoers/policy.c:951 +#: plugins/sudoers/policy.c:1158 #, c-format msgid "ldap.secret path: %s\n" msgstr "camí del ldap.secret: %s\n" -#: plugins/sudoers/policy.c:984 +#: plugins/sudoers/policy.c:1191 #, c-format msgid "unable to register hook of type %d (version %d.%d)" msgstr "no s'ha pogut registrar el lligam de tipus %d (versió %d.%d)" -#: plugins/sudoers/pwutil.c:222 plugins/sudoers/pwutil.c:240 +#: plugins/sudoers/policy.c:1209 +#, c-format +msgid "unable to deregister hook of type %d (version %d.%d)" +msgstr "no s'ha pogut cancel·lar el registre del hook de tipus %d (versió %d.%d)" + +#: plugins/sudoers/pwutil.c:218 plugins/sudoers/pwutil.c:236 #, c-format msgid "unable to cache uid %u" msgstr "no s'ha pogut posar al cau l'uid %u" -#: plugins/sudoers/pwutil.c:234 +#: plugins/sudoers/pwutil.c:230 #, c-format msgid "unable to cache uid %u, already exists" msgstr "no s'ha pogut posar l'uid %u al cau, ja existeix" -#: plugins/sudoers/pwutil.c:294 plugins/sudoers/pwutil.c:312 -#: plugins/sudoers/pwutil.c:375 plugins/sudoers/pwutil.c:420 +#: plugins/sudoers/pwutil.c:290 plugins/sudoers/pwutil.c:308 +#: plugins/sudoers/pwutil.c:371 plugins/sudoers/pwutil.c:416 #, c-format msgid "unable to cache user %s" msgstr "no s'ha pogut posar al cau l'usuari %s" -#: plugins/sudoers/pwutil.c:307 +#: plugins/sudoers/pwutil.c:303 #, c-format msgid "unable to cache user %s, already exists" msgstr "no s'ha pogut posar l'usuari %s al cau, ja existeix" -#: plugins/sudoers/pwutil.c:539 plugins/sudoers/pwutil.c:557 +#: plugins/sudoers/pwutil.c:535 plugins/sudoers/pwutil.c:553 #, c-format msgid "unable to cache gid %u" msgstr "no s'ha pogut posar el gid %u al cau" -#: plugins/sudoers/pwutil.c:551 +#: plugins/sudoers/pwutil.c:547 #, c-format msgid "unable to cache gid %u, already exists" msgstr "no s'ha pogut posar el gid %u al cau, ja existeix" -#: plugins/sudoers/pwutil.c:604 plugins/sudoers/pwutil.c:622 -#: plugins/sudoers/pwutil.c:670 plugins/sudoers/pwutil.c:712 +#: plugins/sudoers/pwutil.c:601 plugins/sudoers/pwutil.c:619 +#: plugins/sudoers/pwutil.c:680 plugins/sudoers/pwutil.c:730 #, c-format msgid "unable to cache group %s" msgstr "no s'ha pogut posar al cau al grup %s" -#: plugins/sudoers/pwutil.c:617 +#: plugins/sudoers/pwutil.c:614 #, c-format msgid "unable to cache group %s, already exists" msgstr "no s'ha pogut posar el grup %s al cau, ja existeix" -#: plugins/sudoers/pwutil.c:839 plugins/sudoers/pwutil.c:891 -#: plugins/sudoers/pwutil.c:941 plugins/sudoers/pwutil.c:994 +#: plugins/sudoers/pwutil.c:877 plugins/sudoers/pwutil.c:928 +#: plugins/sudoers/pwutil.c:978 plugins/sudoers/pwutil.c:1030 #, c-format msgid "unable to cache group list for %s, already exists" msgstr "no s'ha pogut la llista de grups al cau per a %s, ja existeix" -#: plugins/sudoers/pwutil.c:845 plugins/sudoers/pwutil.c:896 -#: plugins/sudoers/pwutil.c:947 plugins/sudoers/pwutil.c:999 +#: plugins/sudoers/pwutil.c:883 plugins/sudoers/pwutil.c:933 +#: plugins/sudoers/pwutil.c:984 plugins/sudoers/pwutil.c:1035 #, c-format msgid "unable to cache group list for %s" msgstr "no s'ha pogut posar al cau a la llista de grup %s" -#: plugins/sudoers/pwutil.c:885 +#: plugins/sudoers/pwutil.c:922 #, c-format msgid "unable to parse groups for %s" msgstr "no s'han pogut analitzar els grups per a %s" -#: plugins/sudoers/pwutil.c:988 +#: plugins/sudoers/pwutil.c:1024 #, c-format msgid "unable to parse gids for %s" msgstr "no s'han pogut analitzar els identificadors de grups per a %s" -#: plugins/sudoers/set_perms.c:120 plugins/sudoers/set_perms.c:478 -#: plugins/sudoers/set_perms.c:921 plugins/sudoers/set_perms.c:1254 -#: plugins/sudoers/set_perms.c:1573 +#: plugins/sudoers/set_perms.c:114 plugins/sudoers/set_perms.c:441 +#: plugins/sudoers/set_perms.c:844 plugins/sudoers/set_perms.c:1150 +#: plugins/sudoers/set_perms.c:1444 msgid "perm stack overflow" msgstr "desbordament de la pila de permisos" -#: plugins/sudoers/set_perms.c:128 plugins/sudoers/set_perms.c:409 -#: plugins/sudoers/set_perms.c:486 plugins/sudoers/set_perms.c:788 -#: plugins/sudoers/set_perms.c:929 plugins/sudoers/set_perms.c:1178 -#: plugins/sudoers/set_perms.c:1262 plugins/sudoers/set_perms.c:1506 -#: plugins/sudoers/set_perms.c:1581 plugins/sudoers/set_perms.c:1672 +#: plugins/sudoers/set_perms.c:122 plugins/sudoers/set_perms.c:372 +#: plugins/sudoers/set_perms.c:449 plugins/sudoers/set_perms.c:711 +#: plugins/sudoers/set_perms.c:852 plugins/sudoers/set_perms.c:1074 +#: plugins/sudoers/set_perms.c:1158 plugins/sudoers/set_perms.c:1377 +#: plugins/sudoers/set_perms.c:1452 plugins/sudoers/set_perms.c:1542 msgid "perm stack underflow" msgstr "subdesbordament de la pila de permisos" -#: plugins/sudoers/set_perms.c:187 plugins/sudoers/set_perms.c:532 -#: plugins/sudoers/set_perms.c:1315 plugins/sudoers/set_perms.c:1614 +#: plugins/sudoers/set_perms.c:181 plugins/sudoers/set_perms.c:495 +#: plugins/sudoers/set_perms.c:1211 plugins/sudoers/set_perms.c:1485 msgid "unable to change to root gid" msgstr "no s'ha pogut canvir el gid de l'usuari primari" -#: plugins/sudoers/set_perms.c:278 plugins/sudoers/set_perms.c:629 -#: plugins/sudoers/set_perms.c:1060 plugins/sudoers/set_perms.c:1392 +#: plugins/sudoers/set_perms.c:272 plugins/sudoers/set_perms.c:592 +#: plugins/sudoers/set_perms.c:983 plugins/sudoers/set_perms.c:1288 msgid "unable to change to runas gid" msgstr "no s'ha pogut canviar el gid runas" -#: plugins/sudoers/set_perms.c:283 plugins/sudoers/set_perms.c:634 -#: plugins/sudoers/set_perms.c:1065 plugins/sudoers/set_perms.c:1397 +#: plugins/sudoers/set_perms.c:277 plugins/sudoers/set_perms.c:597 +#: plugins/sudoers/set_perms.c:988 plugins/sudoers/set_perms.c:1293 msgid "unable to set runas group vector" msgstr "no s'ha pogut configurar el vector de grup runas" -#: plugins/sudoers/set_perms.c:294 plugins/sudoers/set_perms.c:645 -#: plugins/sudoers/set_perms.c:1074 plugins/sudoers/set_perms.c:1406 +#: plugins/sudoers/set_perms.c:288 plugins/sudoers/set_perms.c:608 +#: plugins/sudoers/set_perms.c:997 plugins/sudoers/set_perms.c:1302 msgid "unable to change to runas uid" msgstr "no s'ha pogut canviar l'uid runas" -#: plugins/sudoers/set_perms.c:312 plugins/sudoers/set_perms.c:663 -#: plugins/sudoers/set_perms.c:1090 plugins/sudoers/set_perms.c:1422 +#: plugins/sudoers/set_perms.c:306 plugins/sudoers/set_perms.c:626 +#: plugins/sudoers/set_perms.c:1013 plugins/sudoers/set_perms.c:1318 msgid "unable to change to sudoers gid" msgstr "no s'ha pogut canvir el gid del sudoers" -#: plugins/sudoers/set_perms.c:396 plugins/sudoers/set_perms.c:775 -#: plugins/sudoers/set_perms.c:1165 plugins/sudoers/set_perms.c:1493 -#: plugins/sudoers/set_perms.c:1659 +#: plugins/sudoers/set_perms.c:359 plugins/sudoers/set_perms.c:698 +#: plugins/sudoers/set_perms.c:1061 plugins/sudoers/set_perms.c:1364 +#: plugins/sudoers/set_perms.c:1529 msgid "too many processes" msgstr "massa processos" -#: plugins/sudoers/solaris_audit.c:58 +#: plugins/sudoers/solaris_audit.c:61 msgid "unable to get current working directory" msgstr "no s'ha pogut obtenir el directori actual de treball" -#: plugins/sudoers/solaris_audit.c:66 +#: plugins/sudoers/solaris_audit.c:69 #, c-format msgid "truncated audit path user_cmnd: %s" msgstr "camí truncat d'auditoria use_cmd: %s" -#: plugins/sudoers/solaris_audit.c:73 +#: plugins/sudoers/solaris_audit.c:76 #, c-format msgid "truncated audit path argv[0]: %s" msgstr "camí truncat d'auditoria argv[0]: %s" -#: plugins/sudoers/solaris_audit.c:122 -msgid "audit_failure message too long" -msgstr "missatge audit_failure massa llarg" - -#: plugins/sudoers/sssd.c:564 +#: plugins/sudoers/sssd.c:572 msgid "unable to initialize SSS source. Is SSSD installed on your machine?" msgstr "no s'ha pogut inicialitzar la font del SSS. Està el SSSD instal·lat al vostre sistema?" -#: plugins/sudoers/sssd.c:572 plugins/sudoers/sssd.c:581 -#: plugins/sudoers/sssd.c:590 plugins/sudoers/sssd.c:599 -#: plugins/sudoers/sssd.c:608 +#: plugins/sudoers/sssd.c:580 plugins/sudoers/sssd.c:589 +#: plugins/sudoers/sssd.c:598 plugins/sudoers/sssd.c:607 +#: plugins/sudoers/sssd.c:616 #, c-format msgid "unable to find symbol \"%s\" in %s" msgstr "no s'ha pogut trobar el símbol \"%s\" a %s" -#: plugins/sudoers/sudoers.c:212 plugins/sudoers/sudoers.c:871 +#: plugins/sudoers/sudoers.c:213 plugins/sudoers/sudoers.c:985 msgid "problem with defaults entries" msgstr "hi ha un problema amb les entrades predeterminades" -#: plugins/sudoers/sudoers.c:216 +#: plugins/sudoers/sudoers.c:217 msgid "no valid sudoers sources found, quitting" msgstr "no s'han trobat fonts vàlides de sudoers, se sortirà" -#: plugins/sudoers/sudoers.c:254 +#: plugins/sudoers/sudoers.c:291 +#, c-format +msgid "user not allowed to change root directory to %s" +msgstr "l'usuari no té permisos per canviar el directori arrel a %s" + +#: plugins/sudoers/sudoers.c:293 +#, c-format +msgid "you are not permitted to use the -R option with %s" +msgstr "no teniu permisos per usar l'opció -R amb %s" + +#: plugins/sudoers/sudoers.c:318 +#, c-format +msgid "user not allowed to change directory to %s" +msgstr "l'usuari no té permisos per canviar el directori a %s" + +#: plugins/sudoers/sudoers.c:319 +#, c-format +msgid "you are not permitted to use the -D option with %s" +msgstr "no teniu permisos per usar l'opció -D amb %s" + +#: plugins/sudoers/sudoers.c:345 +msgid "no command specified" +msgstr "no s'ha especificat una ordre" + +#: plugins/sudoers/sudoers.c:355 msgid "sudoers specifies that root is not allowed to sudo" msgstr "el fitxer sudoers especifica que l'usuari primar no pot executar sudo" -#: plugins/sudoers/sudoers.c:312 +#: plugins/sudoers/sudoers.c:403 +msgid "user not allowed to override closefrom limit" +msgstr "l'usuari no té permís per anul·lar el límit closefrom" + +#: plugins/sudoers/sudoers.c:404 msgid "you are not permitted to use the -C option" msgstr "no teniu permisos per usar l'opció -C" -#: plugins/sudoers/sudoers.c:359 +#: plugins/sudoers/sudoers.c:464 #, c-format msgid "timestamp owner (%s): No such user" msgstr "propietari de la marca horària (%s): No existeix aquest usuari" -#: plugins/sudoers/sudoers.c:374 +#: plugins/sudoers/sudoers.c:479 msgid "no tty" msgstr "no hi ha una terminal" -#: plugins/sudoers/sudoers.c:375 +#: plugins/sudoers/sudoers.c:480 msgid "sorry, you must have a tty to run sudo" msgstr "ho sentim, heu de tenir una terminal per executar sudo" -#: plugins/sudoers/sudoers.c:437 +#: plugins/sudoers/sudoers.c:487 +#, c-format +msgid "invalid shell for user %s: %s" +msgstr "entorn d'ordres no vàlid per a l'usuari %s: %s" + +#: plugins/sudoers/sudoers.c:570 msgid "command in current directory" msgstr "ordre al directori actual" -#: plugins/sudoers/sudoers.c:456 +#: plugins/sudoers/sudoers.c:589 +msgid "user not allowed to set a command timeout" +msgstr "l'usuari no té permís per establir un temps d'espera a l'ordre" + +#: plugins/sudoers/sudoers.c:591 msgid "sorry, you are not allowed set a command timeout" msgstr "ho sentim, no teniu permisos per posar un temps d'espera d'ordre" -#: plugins/sudoers/sudoers.c:464 +#: plugins/sudoers/sudoers.c:599 +msgid "user not allowed to preserve the environment" +msgstr "l'usuari no té permís per preservar l'entorn" + +#: plugins/sudoers/sudoers.c:601 msgid "sorry, you are not allowed to preserve the environment" msgstr "ho sentim, no teniu permisos per preserver l'entorn" -#: plugins/sudoers/sudoers.c:815 +#: plugins/sudoers/sudoers.c:936 msgid "command too long" msgstr "ordre massa llarga" -#: plugins/sudoers/sudoers.c:947 +#: plugins/sudoers/sudoers.c:973 +msgid "sudoedit doesn't need to be run via sudo" +msgstr "no cal executar el sudoedit mitjançant sudo" + +#: plugins/sudoers/sudoers.c:1032 plugins/sudoers/sudoreplay.c:1547 +#: plugins/sudoers/tsdump.c:138 +#, c-format +msgid "unable to read %s" +msgstr "no s'ha pogut llegir %s" + +#: plugins/sudoers/sudoers.c:1057 plugins/sudoers/visudo.c:426 +#: plugins/sudoers/visudo.c:720 +#, c-format +msgid "unable to stat %s" +msgstr "no s'ha pogut accedir %s" + +#: plugins/sudoers/sudoers.c:1061 plugins/sudoers/visudo.c:1009 #, c-format msgid "%s is not a regular file" msgstr "%s no és un fitxer regular" -#: plugins/sudoers/sudoers.c:951 plugins/sudoers/timestamp.c:259 toke.l:967 +#: plugins/sudoers/sudoers.c:1065 plugins/sudoers/timestamp.c:252 toke.l:1138 #, c-format msgid "%s is owned by uid %u, should be %u" msgstr "%s és propietat de l'uid %u, hauria de ser %u" -#: plugins/sudoers/sudoers.c:955 toke.l:972 +#: plugins/sudoers/sudoers.c:1069 toke.l:1143 #, c-format msgid "%s is world writable" msgstr "%s te permís universal d'escriptura" -#: plugins/sudoers/sudoers.c:959 toke.l:975 +#: plugins/sudoers/sudoers.c:1073 toke.l:1146 #, c-format msgid "%s is owned by gid %u, should be %u" msgstr "%s és propietat del gid %u, hauria de ser %u" -#: plugins/sudoers/sudoers.c:992 +#: plugins/sudoers/sudoers.c:1106 #, c-format msgid "only root can use \"-c %s\"" msgstr "sols l'usuari primari pot usar «-c %s»" -#: plugins/sudoers/sudoers.c:1011 +#: plugins/sudoers/sudoers.c:1125 #, c-format msgid "unknown login class: %s" msgstr "classe desconeguda d'inici de sessió: %s" -#: plugins/sudoers/sudoers.c:1096 plugins/sudoers/sudoers.c:1110 +#: plugins/sudoers/sudoers.c:1211 plugins/sudoers/sudoers.c:1226 #, c-format msgid "unable to resolve host %s" msgstr "no s'ha pogut resoldre l'amfitrió %s" -#: plugins/sudoers/sudoreplay.c:250 +#: plugins/sudoers/sudoreplay.c:257 #, c-format msgid "invalid filter option: %s" msgstr "opció no vàlida de filtre: %s" -#: plugins/sudoers/sudoreplay.c:263 +#: plugins/sudoers/sudoreplay.c:273 #, c-format msgid "invalid max wait: %s" msgstr "espera màxima no vàlida: %s" -#: plugins/sudoers/sudoreplay.c:286 +#: plugins/sudoers/sudoreplay.c:296 #, c-format msgid "invalid speed factor: %s" msgstr "factor no vàlid de velocitat: %s" -#: plugins/sudoers/sudoreplay.c:321 +#: plugins/sudoers/sudoreplay.c:332 #, c-format -msgid "%s/%.2s/%.2s/%.2s/timing: %s" -msgstr "%s/%.2s/%.2s/%.2s/sincronització: %s" +msgid "%s/%.2s/%.2s/%.2s: %s" +msgstr "%s/%.2s/%.2s/%.2s: %s" -#: plugins/sudoers/sudoreplay.c:326 +#: plugins/sudoers/sudoreplay.c:337 #, c-format msgid "%s/timing: %s" msgstr "%s/sincronització: %s" -#: plugins/sudoers/sudoreplay.c:330 +#: plugins/sudoers/sudoreplay.c:341 #, c-format -msgid "%s/%s/timing: %s" -msgstr "%s/%s/temporització: %s" +msgid "%s/%s: %s" +msgstr "%s/%s: %s" -#: plugins/sudoers/sudoreplay.c:346 +#: plugins/sudoers/sudoreplay.c:365 #, c-format msgid "Replaying sudo session: %s" msgstr "S'està reproduint la sessió sudo: %s" -#: plugins/sudoers/sudoreplay.c:544 plugins/sudoers/sudoreplay.c:591 -#: plugins/sudoers/sudoreplay.c:789 plugins/sudoers/sudoreplay.c:898 -#: plugins/sudoers/sudoreplay.c:983 plugins/sudoers/sudoreplay.c:998 -#: plugins/sudoers/sudoreplay.c:1005 plugins/sudoers/sudoreplay.c:1012 -#: plugins/sudoers/sudoreplay.c:1019 plugins/sudoers/sudoreplay.c:1026 -#: plugins/sudoers/sudoreplay.c:1174 -msgid "unable to add event to queue" -msgstr "no s'ha pogut afegir l'esdeveniment a la cua" - -#: plugins/sudoers/sudoreplay.c:659 +#: plugins/sudoers/sudoreplay.c:627 msgid "unable to set tty to raw mode" msgstr "no s'ha pogut configurar el terminal a mode de dades en brut" -#: plugins/sudoers/sudoreplay.c:710 +#: plugins/sudoers/sudoreplay.c:678 msgid "Warning: your terminal is too small to properly replay the log.\n" msgstr "Advertiment: el vostre terminal és massa petit per reproduir apropiadament el registre.\n" -#: plugins/sudoers/sudoreplay.c:711 +#: plugins/sudoers/sudoreplay.c:679 #, c-format msgid "Log geometry is %d x %d, your terminal's geometry is %d x %d." msgstr "La geometria del registre és %d x %d, la geometria del vostre terminal és %d x %d." -#: plugins/sudoers/sudoreplay.c:739 +#: plugins/sudoers/sudoreplay.c:707 msgid "Replay finished, press any key to restore the terminal." msgstr "Reproducció acabada, premeu qualsevol tecla per restablir la terminal." -#: plugins/sudoers/sudoreplay.c:772 -#, c-format -msgid "invalid timing file line: %s" -msgstr "línia no vàlida de fitxer de sincronització: %s" - -#: plugins/sudoers/sudoreplay.c:1208 plugins/sudoers/sudoreplay.c:1233 +#: plugins/sudoers/sudoreplay.c:1197 plugins/sudoers/sudoreplay.c:1227 #, c-format msgid "ambiguous expression \"%s\"" msgstr "expressió ambigua \"%s\"" -#: plugins/sudoers/sudoreplay.c:1255 +#: plugins/sudoers/sudoreplay.c:1249 msgid "unmatched ')' in expression" msgstr "')' sense concordança a l'expressió" -#: plugins/sudoers/sudoreplay.c:1259 +#: plugins/sudoers/sudoreplay.c:1253 #, c-format msgid "unknown search term \"%s\"" msgstr "terme desconegut de cerca \"%s\"" -#: plugins/sudoers/sudoreplay.c:1274 +#: plugins/sudoers/sudoreplay.c:1268 #, c-format msgid "%s requires an argument" msgstr "%s requereix un argument" -#: plugins/sudoers/sudoreplay.c:1277 plugins/sudoers/sudoreplay.c:1518 +#: plugins/sudoers/sudoreplay.c:1271 plugins/sudoers/sudoreplay.c:1523 #, c-format msgid "invalid regular expression: %s" msgstr "expressió regular no vàlida: %s" -#: plugins/sudoers/sudoreplay.c:1281 +#: plugins/sudoers/sudoreplay.c:1276 #, c-format msgid "could not parse date \"%s\"" msgstr "no s'ha pogut analitzar la data \"%s\"" -#: plugins/sudoers/sudoreplay.c:1290 +#: plugins/sudoers/sudoreplay.c:1285 msgid "unmatched '(' in expression" msgstr "'(' sense concordança a l'expressió" -#: plugins/sudoers/sudoreplay.c:1292 +#: plugins/sudoers/sudoreplay.c:1287 msgid "illegal trailing \"or\"" msgstr "\"or\" final il·legal" -#: plugins/sudoers/sudoreplay.c:1294 +#: plugins/sudoers/sudoreplay.c:1289 msgid "illegal trailing \"!\"" msgstr "\"!\" final il·legal" -#: plugins/sudoers/sudoreplay.c:1344 +#: plugins/sudoers/sudoreplay.c:1347 #, c-format msgid "unknown search type %d" msgstr "tipus desconegut de cerca %d" -#: plugins/sudoers/sudoreplay.c:1611 +#: plugins/sudoers/sudoreplay.c:1614 #, c-format msgid "usage: %s [-hnRS] [-d dir] [-m num] [-s num] ID\n" msgstr "ús: %s [-hnRS] [-d dir] [-m num] [-s num] ID\n" -#: plugins/sudoers/sudoreplay.c:1614 +#: plugins/sudoers/sudoreplay.c:1617 #, c-format msgid "usage: %s [-h] [-d dir] -l [search expression]\n" msgstr "usage: %s [-h] [-d dir] -l [cerca l'expressió]\n" -#: plugins/sudoers/sudoreplay.c:1623 +#: plugins/sudoers/sudoreplay.c:1626 #, c-format msgid "" "%s - replay sudo session logs\n" @@ -2095,7 +2891,7 @@ "%s - reprodueix els registres de la sessió sudo\n" "\n" -#: plugins/sudoers/sudoreplay.c:1625 +#: plugins/sudoers/sudoreplay.c:1628 msgid "" "\n" "Options:\n" @@ -2124,11 +2920,11 @@ " -s, --speed=num accelera o alenteix la sortida\n" " -V, --version mostra la versió d'informació i surt" -#: plugins/sudoers/testsudoers.c:362 +#: plugins/sudoers/testsudoers.c:345 msgid "\thost unmatched" msgstr "\tamfitrió sense concordança" -#: plugins/sudoers/testsudoers.c:365 +#: plugins/sudoers/testsudoers.c:348 msgid "" "\n" "Command allowed" @@ -2136,7 +2932,7 @@ "\n" "Ordre permesa" -#: plugins/sudoers/testsudoers.c:366 +#: plugins/sudoers/testsudoers.c:349 msgid "" "\n" "Command denied" @@ -2144,7 +2940,7 @@ "\n" "Ordre denegada" -#: plugins/sudoers/testsudoers.c:366 +#: plugins/sudoers/testsudoers.c:349 msgid "" "\n" "Command unmatched" @@ -2152,127 +2948,126 @@ "\n" "Ordre sense concordança" -#: plugins/sudoers/timestamp.c:267 +#: plugins/sudoers/timestamp.c:260 #, c-format msgid "%s is group writable" msgstr "%s és modificable pel grup" -#: plugins/sudoers/timestamp.c:343 +#: plugins/sudoers/timestamp.c:326 plugins/sudoers/timestamp.c:661 #, c-format msgid "unable to truncate time stamp file to %lld bytes" msgstr "no s'ha pogut truncar el fitxer de marca horària a %lld bytes" -#: plugins/sudoers/timestamp.c:829 plugins/sudoers/timestamp.c:921 -#: plugins/sudoers/visudo.c:498 plugins/sudoers/visudo.c:504 -msgid "unable to read the clock" -msgstr "no s'ha pogut llegir el rellotge" - -#: plugins/sudoers/timestamp.c:840 +#: plugins/sudoers/timestamp.c:847 msgid "ignoring time stamp from the future" msgstr "s'ignorarà la marca horària del futur" -#: plugins/sudoers/timestamp.c:863 +#: plugins/sudoers/timestamp.c:870 #, c-format msgid "time stamp too far in the future: %20.20s" msgstr "la marca horària està massa lluny en el futur: %20.20s" -#: plugins/sudoers/timestamp.c:985 +#: plugins/sudoers/timestamp.c:992 #, c-format msgid "unable to lock time stamp file %s" msgstr "no s'ha pogut bloquejar el fitxer de marca horària %s" -#: plugins/sudoers/timestamp.c:1029 plugins/sudoers/timestamp.c:1049 +#: plugins/sudoers/timestamp.c:1036 plugins/sudoers/timestamp.c:1056 #, c-format msgid "lecture status path too long: %s/%s" msgstr "el camí de la lliçó es massa llarg: %s/%s" -#: plugins/sudoers/visudo.c:232 +#: plugins/sudoers/toke_util.c:150 +msgid "sudoedit should not be specified with a path" +msgstr "no s'hauria d'especificar el sudoedit amb un camí" + +#: plugins/sudoers/visudo.c:224 msgid "the -x option will be removed in a future release" msgstr "s'eliminarà l'opció -x en una versió futura" -#: plugins/sudoers/visudo.c:233 +#: plugins/sudoers/visudo.c:226 msgid "please consider using the cvtsudoers utility instead" msgstr "si us plau considereu usar la utilitat cvtsudoers en canvi" -#: plugins/sudoers/visudo.c:284 plugins/sudoers/visudo.c:666 +#: plugins/sudoers/visudo.c:277 plugins/sudoers/visudo.c:653 #, c-format msgid "press return to edit %s: " msgstr "prem la tecla d'introducció per editar %s: " -#: plugins/sudoers/visudo.c:345 +#: plugins/sudoers/visudo.c:338 #, c-format msgid "specified editor (%s) doesn't exist" msgstr "l'editor especificat (%s) no existeix" -#: plugins/sudoers/visudo.c:347 +#: plugins/sudoers/visudo.c:340 #, c-format msgid "no editor found (editor path = %s)" msgstr "no s'ha trobat un editor (el camí de l'editor = %s)" -#: plugins/sudoers/visudo.c:457 plugins/sudoers/visudo.c:465 +#: plugins/sudoers/visudo.c:446 plugins/sudoers/visudo.c:454 msgid "write error" msgstr "error d'escriptura" -#: plugins/sudoers/visudo.c:511 +#: plugins/sudoers/visudo.c:500 #, c-format msgid "unable to stat temporary file (%s), %s unchanged" msgstr "no s'ha pogut accedir al fitxer temporal (%s), no s'ha modificat %s" -#: plugins/sudoers/visudo.c:518 +#: plugins/sudoers/visudo.c:507 #, c-format msgid "zero length temporary file (%s), %s unchanged" msgstr "fitxer temporal amb longitud nul·la (%s), no s'ha modificat %s" -#: plugins/sudoers/visudo.c:524 +#: plugins/sudoers/visudo.c:513 #, c-format msgid "editor (%s) failed, %s unchanged" msgstr "l'editor (%s) ha fallat, no s'ha modificat %s" -#: plugins/sudoers/visudo.c:546 +#: plugins/sudoers/visudo.c:535 #, c-format msgid "%s unchanged" msgstr "no s'ha modificat %s" -#: plugins/sudoers/visudo.c:605 +#: plugins/sudoers/visudo.c:592 #, c-format msgid "unable to re-open temporary file (%s), %s unchanged." msgstr "no s'ha pogut reobrir el fitxer temporal (%s), no s'ha modificat %s" -#: plugins/sudoers/visudo.c:617 +#: plugins/sudoers/visudo.c:604 #, c-format -msgid "unabled to parse temporary file (%s), unknown error" -msgstr "no s'ha pogut analitzar el fitxer temporal (%s), error desconegut" +msgid "unable to parse temporary file (%s), unknown error" +msgstr "no es pot analitzar el fitxer temporal (%s), error desconegut" -#: plugins/sudoers/visudo.c:655 +#: plugins/sudoers/visudo.c:642 #, c-format msgid "internal error, unable to find %s in list!" msgstr "error intern, no s'ha pogut trobar %s a la llista!" -#: plugins/sudoers/visudo.c:735 plugins/sudoers/visudo.c:744 +#: plugins/sudoers/visudo.c:722 plugins/sudoers/visudo.c:731 #, c-format msgid "unable to set (uid, gid) of %s to (%u, %u)" msgstr "no s'ha pogut establir (uid, gid) de %s a (%u, %u)" -#: plugins/sudoers/visudo.c:767 +#: plugins/sudoers/visudo.c:754 #, c-format msgid "%s and %s not on the same file system, using mv to rename" msgstr "%s i %s no estan al mateix sistema de fitxers, s'usarà mv per reanomenar" -#: plugins/sudoers/visudo.c:781 +#: plugins/sudoers/visudo.c:765 #, c-format msgid "command failed: '%s %s %s', %s unchanged" msgstr "l'ordre ha fallat: '%s %s %s', no s'ha modificat %s" -#: plugins/sudoers/visudo.c:791 +#: plugins/sudoers/visudo.c:775 #, c-format msgid "error renaming %s, %s unchanged" msgstr "error quan s'estava reanomenant %s, no s'ha modificat %s" -#: plugins/sudoers/visudo.c:812 +#: plugins/sudoers/visudo.c:796 msgid "What now? " msgstr "Què fem ara? " -#: plugins/sudoers/visudo.c:826 +#: plugins/sudoers/visudo.c:810 msgid "" "Options are:\n" " (e)dit sudoers file again\n" @@ -2284,66 +3079,46 @@ " (x) surt sense desar els canvis al fitxer sudoers\n" " (Q) surt i desa el canvis el fitxer sudoers (PERILL!)\n" -#: plugins/sudoers/visudo.c:872 +#: plugins/sudoers/visudo.c:856 #, c-format msgid "unable to run %s" msgstr "no s'ha pogut executar %s" -#: plugins/sudoers/visudo.c:902 +#: plugins/sudoers/visudo.c:886 #, c-format msgid "%s: wrong owner (uid, gid) should be (%u, %u)\n" msgstr "%s: propietari incorrecte (uid, gid) hauria de ser (%uk, %u)\n" -#: plugins/sudoers/visudo.c:909 +#: plugins/sudoers/visudo.c:893 #, c-format msgid "%s: bad permissions, should be mode 0%o\n" msgstr "%s: permisos dolents, hauria de ser mode 0%o\n" -#: plugins/sudoers/visudo.c:966 plugins/sudoers/visudo.c:973 +#: plugins/sudoers/visudo.c:942 plugins/sudoers/visudo.c:949 #, c-format msgid "%s: parsed OK\n" msgstr "%s: s'analitzat correctament\n" -#: plugins/sudoers/visudo.c:992 +#: plugins/sudoers/visudo.c:968 #, c-format msgid "%s busy, try again later" msgstr "%s està ocupat, proveu un altre cop més tard" -#: plugins/sudoers/visudo.c:995 +#: plugins/sudoers/visudo.c:971 #, c-format msgid "unable to lock %s" msgstr "no s'ha pogut bloquejar %s" -#: plugins/sudoers/visudo.c:996 +#: plugins/sudoers/visudo.c:972 msgid "Edit anyway? [y/N]" msgstr "Editar igualment? [y/N]" -#: plugins/sudoers/visudo.c:1080 -#, c-format -msgid "Error: %s:%d cycle in %s \"%s\"" -msgstr "Error: %s:%d cicle a %s «%s»" - -#: plugins/sudoers/visudo.c:1081 -#, c-format -msgid "Warning: %s:%d cycle in %s \"%s\"" -msgstr "Advertiment: %s:%d cicle a %s «%s»" - -#: plugins/sudoers/visudo.c:1085 -#, c-format -msgid "Error: %s:%d %s \"%s\" referenced but not defined" -msgstr "Error: %s:%d %s «%s» s'ha referenciat però no s'ha definit " - -#: plugins/sudoers/visudo.c:1086 +#: plugins/sudoers/visudo.c:1067 #, c-format -msgid "Warning: %s:%d %s \"%s\" referenced but not defined" -msgstr "Advertiment: %s:%d %s «%s» s'ha referenciat però no s'ha definit " +msgid "Warning: %s:%d:%d: unused %s \"%s\"" +msgstr "Advertiment: %s:%d:%d: no usat %s «%s»" -#: plugins/sudoers/visudo.c:1177 -#, c-format -msgid "Warning: %s:%d unused %s \"%s\"" -msgstr "Advertiment: %s:%d sense usar %s «%s»" - -#: plugins/sudoers/visudo.c:1292 +#: plugins/sudoers/visudo.c:1183 #, c-format msgid "" "%s - safely edit the sudoers file\n" @@ -2352,7 +3127,7 @@ "%s - edita amb seguretat el fitxer sudoers\n" "\n" -#: plugins/sudoers/visudo.c:1294 +#: plugins/sudoers/visudo.c:1185 msgid "" "\n" "Options:\n" @@ -2372,10 +3147,55 @@ " -s, --strict verificació estricta de la sintaxi\n" " -V, --version mostra la informació de la versió i surt\n" -#: toke.l:941 +#: toke.l:187 +msgid "empty string" +msgstr "cadena buida de caràcters" + +#: toke.l:199 toke.l:503 +msgid "empty group" +msgstr "grup buit" + +#: toke.l:209 toke.l:501 +msgid "empty netgroup" +msgstr "netgroup buit" + +#: toke.l:305 toke.l:317 toke.l:329 toke.l:345 toke.l:364 toke.l:404 +msgid "invalid line continuation" +msgstr "continuació no vàlida de línia" + +#: toke.l:540 toke.l:552 +msgid "invalid IPv6 address" +msgstr "adreça IPv6 no vàlida" + +#: toke.l:779 +msgid "unexpected line break in string" +msgstr "salt inesperat de línia a la cadena de caràcters" + +#: toke.l:1109 msgid "too many levels of includes" msgstr "massa nivells d'inclusions" +#~ msgid "Preload the dummy exec functions contained in the sudo_noexec library" +#~ msgstr "Pre-carrega les funcions dummy exex contingudes a la biblioteca sudo_noexec" + +#~ msgid "sudo_ldap_conf_add_ports: port too large" +#~ msgstr "sudo_ldap_conf_add_ports: el port és massa gran" + +#~ msgid "unable to lock log file: %s" +#~ msgstr "no s'ha pogut bloquejar el fitxer de registre: %s" + +#~ msgid "No user or host" +#~ msgstr "No hi ha usuari o amfitrió" + +#~ msgid "validation failure" +#~ msgstr "ha fallat la validació" + +#~ msgid "audit_failure message too long" +#~ msgstr "missatge audit_failure massa llarg" + +#~ msgid "%s/%s/timing: %s" +#~ msgstr "%s/%s/temporització: %s" + #~ msgid "" #~ "\n" #~ "LDAP Role: UNKNOWN\n" Binary files /tmp/tmpi0rdlgnl/ugezXHF7Xt/sudo-1.9.5p2/plugins/sudoers/po/cs.mo and /tmp/tmpi0rdlgnl/jboyaHmwzR/sudo-1.9.9/plugins/sudoers/po/cs.mo differ diff -Nru sudo-1.9.5p2/plugins/sudoers/po/cs.po sudo-1.9.9/plugins/sudoers/po/cs.po --- sudo-1.9.5p2/plugins/sudoers/po/cs.po 2020-12-17 01:33:44.000000000 +0000 +++ sudo-1.9.9/plugins/sudoers/po/cs.po 2022-01-27 21:24:22.000000000 +0000 @@ -2,17 +2,18 @@ # This file is distributed under the same license as the sudo package. # Todd C. Miller , 2011-2013 # Petr Pisar , 2013, 2014, 2015, 2016, 2017, 2018, 2019. -# Petr Pisar , 2020. +# Petr Pisar , 2020, 2021. # # (AIX) registry → (AIXový) registr +# I/O (log) → I/O (log) # timestamp → časové údaje # msgid "" msgstr "" -"Project-Id-Version: sudoers 1.9.4b1\n" +"Project-Id-Version: sudoers 1.9.9b1\n" "Report-Msgid-Bugs-To: https://bugzilla.sudo.ws\n" -"POT-Creation-Date: 2020-11-14 06:24-0700\n" -"PO-Revision-Date: 2020-11-17 17:14+01:00\n" +"POT-Creation-Date: 2021-12-08 10:19-0700\n" +"PO-Revision-Date: 2021-12-12 16:08+01:00\n" "Last-Translator: Petr Pisar \n" "Language-Team: Czech \n" "Language: cs\n" @@ -22,7 +23,7 @@ "X-Bugs: Report translation errors to the Language-Team address.\n" "Plural-Forms: nplurals=3; plural=(n==1) ? 0 : (n>=2 && n<=4) ? 1 : 2;\n" -#: confstr.sh:1 gram.y:1077 +#: confstr.sh:1 gram.y:1201 msgid "syntax error" msgstr "chyba syntaxe" @@ -46,872 +47,1298 @@ msgid "Sorry, try again." msgstr "Je nám líto, zkuste to znovu." -#: gram.y:220 gram.y:286 gram.y:293 gram.y:300 gram.y:307 gram.y:314 -#: gram.y:334 gram.y:358 gram.y:365 gram.y:372 gram.y:379 gram.y:386 -#: gram.y:455 gram.y:464 gram.y:475 gram.y:510 gram.y:517 gram.y:524 -#: gram.y:531 gram.y:558 gram.y:654 gram.y:661 gram.y:670 gram.y:679 -#: gram.y:696 gram.y:834 gram.y:841 gram.y:849 gram.y:855 gram.y:971 -#: gram.y:978 gram.y:985 gram.y:992 gram.y:999 gram.y:1025 gram.y:1032 -#: gram.y:1039 gram.y:1236 gram.y:1526 lib/eventlog/eventlog.c:280 -#: lib/eventlog/eventlog.c:352 lib/eventlog/eventlog.c:753 -#: lib/eventlog/eventlog.c:817 lib/eventlog/eventlog.c:1062 -#: lib/iolog/iolog_fileio.c:998 lib/iolog/iolog_json.c:120 -#: lib/iolog/iolog_json.c:305 lib/iolog/iolog_json.c:335 -#: lib/iolog/iolog_json.c:457 lib/iolog/iolog_util.c:106 -#: lib/iolog/iolog_util.c:115 lib/iolog/iolog_util.c:125 -#: lib/iolog/iolog_util.c:133 lib/iolog/iolog_util.c:137 -#: lib/iolog/iolog_util.c:196 logsrvd/sendlog.c:480 -#: plugins/sudoers/alias.c:126 plugins/sudoers/alias.c:134 -#: plugins/sudoers/alias.c:153 plugins/sudoers/audit.c:115 -#: plugins/sudoers/audit.c:210 plugins/sudoers/auth/bsdauth.c:143 -#: plugins/sudoers/auth/kerb5.c:118 plugins/sudoers/auth/kerb5.c:144 -#: plugins/sudoers/auth/pam.c:669 plugins/sudoers/auth/rfc1938.c:111 -#: plugins/sudoers/auth/sia.c:59 plugins/sudoers/cvtsudoers.c:119 -#: plugins/sudoers/cvtsudoers.c:160 plugins/sudoers/cvtsudoers.c:177 -#: plugins/sudoers/cvtsudoers.c:188 plugins/sudoers/cvtsudoers.c:300 -#: plugins/sudoers/cvtsudoers.c:428 plugins/sudoers/cvtsudoers.c:561 -#: plugins/sudoers/cvtsudoers.c:578 plugins/sudoers/cvtsudoers.c:641 -#: plugins/sudoers/cvtsudoers.c:756 plugins/sudoers/cvtsudoers.c:764 -#: plugins/sudoers/cvtsudoers.c:1178 plugins/sudoers/cvtsudoers.c:1182 -#: plugins/sudoers/cvtsudoers.c:1284 plugins/sudoers/cvtsudoers_json.c:76 +#: gram.y:233 gram.y:300 gram.y:309 gram.y:318 gram.y:328 gram.y:338 +#: gram.y:362 gram.y:389 gram.y:398 gram.y:406 gram.y:415 gram.y:424 +#: gram.y:498 gram.y:508 gram.y:520 gram.y:564 gram.y:573 gram.y:582 +#: gram.y:591 gram.y:718 gram.y:726 gram.y:737 gram.y:749 gram.y:768 +#: gram.y:923 gram.y:928 gram.y:936 gram.y:950 gram.y:956 gram.y:1078 +#: gram.y:1087 gram.y:1095 gram.y:1104 gram.y:1113 gram.y:1142 gram.y:1151 +#: gram.y:1159 gram.y:1249 gram.y:1377 gram.y:1744 gram.y:1794 +#: lib/eventlog/eventlog.c:309 lib/eventlog/eventlog.c:382 +#: lib/eventlog/eventlog.c:804 lib/eventlog/eventlog.c:881 +#: lib/eventlog/eventlog.c:1176 lib/iolog/iolog_json.c:150 +#: lib/iolog/iolog_json.c:382 lib/iolog/iolog_json.c:412 +#: lib/iolog/iolog_json.c:555 lib/iolog/iolog_legacy.c:100 +#: lib/iolog/iolog_legacy.c:111 lib/iolog/iolog_legacy.c:123 +#: lib/iolog/iolog_legacy.c:133 lib/iolog/iolog_legacy.c:139 +#: lib/iolog/iolog_loginfo.c:76 lib/iolog/iolog_loginfo.c:211 +#: logsrvd/iolog_writer.c:84 logsrvd/iolog_writer.c:89 +#: logsrvd/iolog_writer.c:123 logsrvd/iolog_writer.c:172 +#: logsrvd/iolog_writer.c:212 logsrvd/iolog_writer.c:225 +#: logsrvd/iolog_writer.c:261 logsrvd/iolog_writer.c:286 +#: logsrvd/iolog_writer.c:301 logsrvd/iolog_writer.c:314 +#: logsrvd/iolog_writer.c:327 logsrvd/iolog_writer.c:340 +#: logsrvd/iolog_writer.c:355 logsrvd/iolog_writer.c:393 +#: logsrvd/iolog_writer.c:399 logsrvd/iolog_writer.c:406 +#: logsrvd/iolog_writer.c:412 logsrvd/iolog_writer.c:596 +#: logsrvd/logsrv_util.c:64 logsrvd/logsrvd.c:296 logsrvd/logsrvd.c:305 +#: logsrvd/logsrvd.c:1011 logsrvd/logsrvd.c:1073 logsrvd/logsrvd_conf.c:1360 +#: logsrvd/logsrvd_journal.c:70 logsrvd/logsrvd_journal.c:203 +#: logsrvd/logsrvd_journal.c:204 logsrvd/logsrvd_journal.c:260 +#: logsrvd/logsrvd_journal.c:425 logsrvd/logsrvd_journal.c:427 +#: logsrvd/logsrvd_local.c:174 logsrvd/logsrvd_local.c:175 +#: logsrvd/logsrvd_local.c:237 logsrvd/logsrvd_local.c:238 +#: logsrvd/logsrvd_local.c:376 logsrvd/logsrvd_local.c:425 +#: logsrvd/logsrvd_local.c:426 logsrvd/logsrvd_local.c:431 +#: logsrvd/logsrvd_local.c:432 logsrvd/logsrvd_queue.c:154 +#: logsrvd/logsrvd_queue.c:184 logsrvd/logsrvd_queue.c:261 +#: logsrvd/logsrvd_relay.c:439 logsrvd/logsrvd_relay.c:738 +#: logsrvd/logsrvd_relay.c:843 logsrvd/sendlog.c:246 logsrvd/sendlog.c:255 +#: logsrvd/sendlog.c:333 logsrvd/sendlog.c:640 plugins/sudoers/audit.c:116 +#: plugins/sudoers/auth/bsdauth.c:147 plugins/sudoers/auth/kerb5.c:118 +#: plugins/sudoers/auth/kerb5.c:146 plugins/sudoers/auth/pam.c:689 +#: plugins/sudoers/auth/rfc1938.c:111 plugins/sudoers/auth/sia.c:59 +#: plugins/sudoers/check_aliases.c:134 plugins/sudoers/cvtsudoers.c:131 +#: plugins/sudoers/cvtsudoers.c:175 plugins/sudoers/cvtsudoers.c:192 +#: plugins/sudoers/cvtsudoers.c:203 plugins/sudoers/cvtsudoers.c:333 +#: plugins/sudoers/cvtsudoers.c:372 plugins/sudoers/cvtsudoers.c:392 +#: plugins/sudoers/cvtsudoers.c:534 plugins/sudoers/cvtsudoers.c:667 +#: plugins/sudoers/cvtsudoers.c:685 plugins/sudoers/cvtsudoers.c:755 +#: plugins/sudoers/cvtsudoers.c:870 plugins/sudoers/cvtsudoers.c:878 +#: plugins/sudoers/cvtsudoers.c:1373 plugins/sudoers/cvtsudoers.c:1377 +#: plugins/sudoers/cvtsudoers.c:1479 plugins/sudoers/cvtsudoers_csv.c:183 +#: plugins/sudoers/cvtsudoers_csv.c:246 plugins/sudoers/cvtsudoers_json.c:76 #: plugins/sudoers/cvtsudoers_ldif.c:151 plugins/sudoers/cvtsudoers_ldif.c:194 #: plugins/sudoers/cvtsudoers_ldif.c:235 plugins/sudoers/cvtsudoers_ldif.c:300 -#: plugins/sudoers/cvtsudoers_ldif.c:371 plugins/sudoers/cvtsudoers_ldif.c:421 -#: plugins/sudoers/cvtsudoers_ldif.c:429 plugins/sudoers/cvtsudoers_ldif.c:440 -#: plugins/sudoers/cvtsudoers_ldif.c:447 plugins/sudoers/cvtsudoers_ldif.c:460 -#: plugins/sudoers/cvtsudoers_ldif.c:468 plugins/sudoers/cvtsudoers_ldif.c:615 -#: plugins/sudoers/defaults.c:630 plugins/sudoers/defaults.c:923 -#: plugins/sudoers/defaults.c:1098 plugins/sudoers/editor.c:181 -#: plugins/sudoers/env.c:261 plugins/sudoers/exptilde.c:92 -#: plugins/sudoers/filedigest.c:54 plugins/sudoers/filedigest.c:70 -#: plugins/sudoers/gc.c:56 plugins/sudoers/group_plugin.c:133 -#: plugins/sudoers/interfaces.c:72 plugins/sudoers/iolog.c:596 -#: plugins/sudoers/iolog.c:613 plugins/sudoers/ldap.c:184 -#: plugins/sudoers/ldap.c:422 plugins/sudoers/ldap.c:432 -#: plugins/sudoers/ldap.c:437 plugins/sudoers/ldap.c:441 -#: plugins/sudoers/ldap.c:453 plugins/sudoers/ldap.c:744 -#: plugins/sudoers/ldap.c:908 plugins/sudoers/ldap.c:1281 -#: plugins/sudoers/ldap.c:1709 plugins/sudoers/ldap.c:1746 -#: plugins/sudoers/ldap.c:1827 plugins/sudoers/ldap.c:1962 -#: plugins/sudoers/ldap.c:2063 plugins/sudoers/ldap.c:2079 -#: plugins/sudoers/ldap_conf.c:218 plugins/sudoers/ldap_conf.c:249 -#: plugins/sudoers/ldap_conf.c:301 plugins/sudoers/ldap_conf.c:337 -#: plugins/sudoers/ldap_conf.c:441 plugins/sudoers/ldap_conf.c:456 -#: plugins/sudoers/ldap_conf.c:553 plugins/sudoers/ldap_conf.c:586 -#: plugins/sudoers/ldap_conf.c:678 plugins/sudoers/ldap_conf.c:760 -#: plugins/sudoers/ldap_util.c:326 plugins/sudoers/ldap_util.c:333 -#: plugins/sudoers/ldap_util.c:603 plugins/sudoers/linux_audit.c:84 -#: plugins/sudoers/log_client.c:105 plugins/sudoers/log_client.c:381 -#: plugins/sudoers/log_client.c:688 plugins/sudoers/log_client.c:706 -#: plugins/sudoers/log_client.c:1407 plugins/sudoers/log_client.c:1620 -#: plugins/sudoers/log_client.c:1942 plugins/sudoers/log_client.c:1999 -#: plugins/sudoers/logging.c:100 plugins/sudoers/logging.c:166 -#: plugins/sudoers/logging.c:426 plugins/sudoers/logging.c:446 -#: plugins/sudoers/logging.c:527 plugins/sudoers/match_command.c:281 -#: plugins/sudoers/match_command.c:449 plugins/sudoers/match_command.c:499 -#: plugins/sudoers/match_command.c:573 plugins/sudoers/match_digest.c:93 -#: plugins/sudoers/parse.c:199 plugins/sudoers/parse.c:213 -#: plugins/sudoers/parse.c:230 plugins/sudoers/parse.c:244 -#: plugins/sudoers/parse.c:264 plugins/sudoers/parse.c:275 +#: plugins/sudoers/cvtsudoers_ldif.c:376 plugins/sudoers/cvtsudoers_ldif.c:430 +#: plugins/sudoers/cvtsudoers_ldif.c:438 plugins/sudoers/cvtsudoers_ldif.c:449 +#: plugins/sudoers/cvtsudoers_ldif.c:456 plugins/sudoers/cvtsudoers_ldif.c:469 +#: plugins/sudoers/cvtsudoers_ldif.c:477 plugins/sudoers/cvtsudoers_ldif.c:624 +#: plugins/sudoers/cvtsudoers_merge.c:246 +#: plugins/sudoers/cvtsudoers_merge.c:292 +#: plugins/sudoers/cvtsudoers_merge.c:339 +#: plugins/sudoers/cvtsudoers_merge.c:360 +#: plugins/sudoers/cvtsudoers_merge.c:446 +#: plugins/sudoers/cvtsudoers_merge.c:457 +#: plugins/sudoers/cvtsudoers_merge.c:526 +#: plugins/sudoers/cvtsudoers_merge.c:696 +#: plugins/sudoers/cvtsudoers_merge.c:704 +#: plugins/sudoers/cvtsudoers_merge.c:927 +#: plugins/sudoers/cvtsudoers_merge.c:962 plugins/sudoers/defaults.c:665 +#: plugins/sudoers/defaults.c:1019 plugins/sudoers/defaults.c:1206 +#: plugins/sudoers/editor.c:190 plugins/sudoers/env.c:262 +#: plugins/sudoers/exptilde.c:92 plugins/sudoers/filedigest.c:54 +#: plugins/sudoers/filedigest.c:70 plugins/sudoers/gc.c:57 +#: plugins/sudoers/group_plugin.c:133 plugins/sudoers/interfaces.c:68 +#: plugins/sudoers/iolog.c:609 plugins/sudoers/iolog.c:635 +#: plugins/sudoers/ldap.c:184 plugins/sudoers/ldap.c:422 +#: plugins/sudoers/ldap.c:432 plugins/sudoers/ldap.c:437 +#: plugins/sudoers/ldap.c:441 plugins/sudoers/ldap.c:453 +#: plugins/sudoers/ldap.c:749 plugins/sudoers/ldap.c:913 +#: plugins/sudoers/ldap.c:1286 plugins/sudoers/ldap.c:1712 +#: plugins/sudoers/ldap.c:1749 plugins/sudoers/ldap.c:1830 +#: plugins/sudoers/ldap.c:1965 plugins/sudoers/ldap.c:2066 +#: plugins/sudoers/ldap.c:2082 plugins/sudoers/ldap_conf.c:218 +#: plugins/sudoers/ldap_conf.c:249 plugins/sudoers/ldap_conf.c:301 +#: plugins/sudoers/ldap_conf.c:337 plugins/sudoers/ldap_conf.c:441 +#: plugins/sudoers/ldap_conf.c:456 plugins/sudoers/ldap_conf.c:553 +#: plugins/sudoers/ldap_conf.c:586 plugins/sudoers/ldap_conf.c:678 +#: plugins/sudoers/ldap_conf.c:760 plugins/sudoers/ldap_util.c:293 +#: plugins/sudoers/ldap_util.c:300 plugins/sudoers/ldap_util.c:613 +#: plugins/sudoers/linux_audit.c:86 plugins/sudoers/log_client.c:112 +#: plugins/sudoers/log_client.c:390 plugins/sudoers/log_client.c:703 +#: plugins/sudoers/log_client.c:724 plugins/sudoers/log_client.c:1444 +#: plugins/sudoers/log_client.c:1662 plugins/sudoers/log_client.c:1989 +#: plugins/sudoers/log_client.c:2046 plugins/sudoers/logging.c:104 +#: plugins/sudoers/logging.c:184 plugins/sudoers/logging.c:468 +#: plugins/sudoers/logging.c:488 plugins/sudoers/logging.c:627 +#: plugins/sudoers/match_command.c:297 plugins/sudoers/match_command.c:497 +#: plugins/sudoers/match_command.c:546 plugins/sudoers/match_command.c:618 +#: plugins/sudoers/match_command.c:666 plugins/sudoers/match_digest.c:93 +#: plugins/sudoers/parse.c:201 plugins/sudoers/parse.c:218 +#: plugins/sudoers/parse.c:250 plugins/sudoers/parse.c:267 +#: plugins/sudoers/parse.c:290 plugins/sudoers/parse.c:301 #: plugins/sudoers/parse_ldif.c:153 plugins/sudoers/parse_ldif.c:184 -#: plugins/sudoers/parse_ldif.c:253 plugins/sudoers/parse_ldif.c:260 -#: plugins/sudoers/parse_ldif.c:265 plugins/sudoers/parse_ldif.c:341 -#: plugins/sudoers/parse_ldif.c:352 plugins/sudoers/parse_ldif.c:379 -#: plugins/sudoers/parse_ldif.c:396 plugins/sudoers/parse_ldif.c:408 -#: plugins/sudoers/parse_ldif.c:412 plugins/sudoers/parse_ldif.c:426 -#: plugins/sudoers/parse_ldif.c:594 plugins/sudoers/parse_ldif.c:624 -#: plugins/sudoers/parse_ldif.c:649 plugins/sudoers/parse_ldif.c:707 -#: plugins/sudoers/parse_ldif.c:724 plugins/sudoers/parse_ldif.c:752 -#: plugins/sudoers/parse_ldif.c:759 plugins/sudoers/policy.c:526 -#: plugins/sudoers/policy.c:874 plugins/sudoers/prompt.c:93 -#: plugins/sudoers/pwutil.c:194 plugins/sudoers/pwutil.c:265 -#: plugins/sudoers/pwutil.c:343 plugins/sudoers/pwutil.c:517 -#: plugins/sudoers/pwutil.c:581 plugins/sudoers/pwutil.c:652 -#: plugins/sudoers/pwutil.c:811 plugins/sudoers/pwutil.c:867 -#: plugins/sudoers/pwutil.c:911 plugins/sudoers/pwutil.c:968 -#: plugins/sudoers/sssd.c:145 plugins/sudoers/sssd.c:407 -#: plugins/sudoers/sssd.c:470 plugins/sudoers/sssd.c:514 -#: plugins/sudoers/sssd.c:561 plugins/sudoers/sssd.c:754 -#: plugins/sudoers/stubs.c:110 plugins/sudoers/stubs.c:118 -#: plugins/sudoers/sudoers.c:300 plugins/sudoers/sudoers.c:326 -#: plugins/sudoers/sudoers.c:370 plugins/sudoers/sudoers.c:381 -#: plugins/sudoers/sudoers.c:391 plugins/sudoers/sudoers.c:433 -#: plugins/sudoers/sudoers.c:794 plugins/sudoers/sudoers.c:927 -#: plugins/sudoers/sudoers.c:961 plugins/sudoers/sudoers.c:1265 -#: plugins/sudoers/sudoreplay.c:552 plugins/sudoers/sudoreplay.c:555 -#: plugins/sudoers/sudoreplay.c:1259 plugins/sudoers/sudoreplay.c:1469 -#: plugins/sudoers/sudoreplay.c:1473 plugins/sudoers/testsudoers.c:128 -#: plugins/sudoers/testsudoers.c:228 plugins/sudoers/testsudoers.c:245 -#: plugins/sudoers/testsudoers.c:587 plugins/sudoers/timestamp.c:432 -#: plugins/sudoers/timestamp.c:476 plugins/sudoers/timestamp.c:986 -#: plugins/sudoers/toke_util.c:51 plugins/sudoers/toke_util.c:104 -#: plugins/sudoers/toke_util.c:129 plugins/sudoers/toke_util.c:157 -#: plugins/sudoers/tsdump.c:123 plugins/sudoers/visudo.c:145 -#: plugins/sudoers/visudo.c:323 plugins/sudoers/visudo.c:329 -#: plugins/sudoers/visudo.c:439 plugins/sudoers/visudo.c:615 -#: plugins/sudoers/visudo.c:935 plugins/sudoers/visudo.c:1008 -#: plugins/sudoers/visudo.c:1129 toke.l:913 toke.l:1033 toke.l:1091 +#: plugins/sudoers/parse_ldif.c:253 plugins/sudoers/parse_ldif.c:261 +#: plugins/sudoers/parse_ldif.c:266 plugins/sudoers/parse_ldif.c:342 +#: plugins/sudoers/parse_ldif.c:353 plugins/sudoers/parse_ldif.c:380 +#: plugins/sudoers/parse_ldif.c:397 plugins/sudoers/parse_ldif.c:409 +#: plugins/sudoers/parse_ldif.c:413 plugins/sudoers/parse_ldif.c:427 +#: plugins/sudoers/parse_ldif.c:484 plugins/sudoers/parse_ldif.c:597 +#: plugins/sudoers/parse_ldif.c:627 plugins/sudoers/parse_ldif.c:652 +#: plugins/sudoers/parse_ldif.c:710 plugins/sudoers/parse_ldif.c:727 +#: plugins/sudoers/parse_ldif.c:755 plugins/sudoers/parse_ldif.c:762 +#: plugins/sudoers/policy.c:564 plugins/sudoers/policy.c:978 +#: plugins/sudoers/prompt.c:93 plugins/sudoers/pwutil.c:199 +#: plugins/sudoers/pwutil.c:270 plugins/sudoers/pwutil.c:348 +#: plugins/sudoers/pwutil.c:522 plugins/sudoers/pwutil.c:587 +#: plugins/sudoers/pwutil.c:659 plugins/sudoers/pwutil.c:857 +#: plugins/sudoers/pwutil.c:913 plugins/sudoers/pwutil.c:957 +#: plugins/sudoers/pwutil.c:1014 plugins/sudoers/sssd.c:145 +#: plugins/sudoers/sssd.c:407 plugins/sudoers/sssd.c:470 +#: plugins/sudoers/sssd.c:514 plugins/sudoers/sssd.c:558 +#: plugins/sudoers/sssd.c:751 plugins/sudoers/strvec_join.c:53 +#: plugins/sudoers/stubs.c:111 plugins/sudoers/stubs.c:119 +#: plugins/sudoers/sudoers.c:335 plugins/sudoers/sudoers.c:361 +#: plugins/sudoers/sudoers.c:429 plugins/sudoers/sudoers.c:438 +#: plugins/sudoers/sudoers.c:479 plugins/sudoers/sudoers.c:842 +#: plugins/sudoers/sudoers.c:980 plugins/sudoers/sudoers.c:1039 +#: plugins/sudoers/sudoers.c:1305 plugins/sudoers/sudoreplay.c:562 +#: plugins/sudoers/sudoreplay.c:565 plugins/sudoers/sudoreplay.c:1280 +#: plugins/sudoers/sudoreplay.c:1500 plugins/sudoers/sudoreplay.c:1504 +#: plugins/sudoers/testsudoers.c:120 plugins/sudoers/testsudoers.c:224 +#: plugins/sudoers/testsudoers.c:241 plugins/sudoers/testsudoers.c:580 +#: plugins/sudoers/timestamp.c:424 plugins/sudoers/timestamp.c:468 +#: plugins/sudoers/timestamp.c:980 plugins/sudoers/timestamp.c:1118 +#: plugins/sudoers/toke_util.c:77 plugins/sudoers/toke_util.c:105 +#: plugins/sudoers/toke_util.c:130 plugins/sudoers/toke_util.c:155 +#: plugins/sudoers/toke_util.c:193 plugins/sudoers/tsdump.c:123 +#: plugins/sudoers/visudo.c:145 plugins/sudoers/visudo.c:344 +#: plugins/sudoers/visudo.c:350 plugins/sudoers/visudo.c:456 +#: plugins/sudoers/visudo.c:632 plugins/sudoers/visudo.c:962 +#: plugins/sudoers/visudo.c:1035 toke.l:944 toke.l:1076 toke.l:1147 msgid "unable to allocate memory" msgstr "nelze alokovat paměť" -#: gram.y:552 +#: gram.y:615 msgid "a digest requires a path name" msgstr "kontrolní součet vyžaduje název cesty" -#: gram.y:581 +#: gram.y:637 msgid "values for \"CWD\" must start with a '/', '~', or '*'" msgstr "hodnoty „CWD“ musí začínat na „/“, „~“ nebo „*“" -#: gram.y:593 +#: gram.y:643 +msgid "\"CWD\" path too long" +msgstr "cesta „CWD“ je příliš dlouhá" + +#: gram.y:653 msgid "values for \"CHROOT\" must start with a '/', '~', or '*'" msgstr "hodnoty „CHROOT“ musí začínat na „/“, „~“ nebo „*“" -#: gram.y:715 +#: gram.y:659 +msgid "\"CHROOT\" path too long" +msgstr "cesta „CHROOT“ je příliš dlouhá" + +#: gram.y:788 #, c-format msgid "syntax error, reserved word %s used as an alias name" msgstr "chyba syntaxe, vyhrazené slovo %s použito jako název aliasu" -#: gram.y:735 +#: gram.y:811 msgid "invalid notbefore value" msgstr "neplatná hodnota notbefore (začátek platnosti)" -#: gram.y:743 +#: gram.y:820 msgid "invalid notafter value" msgstr "neplatná hodnota notafter (konec platnosti)" -#: gram.y:752 plugins/sudoers/policy.c:335 +#: gram.y:830 plugins/sudoers/policy.c:353 msgid "timeout value too large" msgstr "hodnota časového limitu je příliš velká" -#: gram.y:754 plugins/sudoers/policy.c:337 +#: gram.y:832 plugins/sudoers/policy.c:355 msgid "invalid timeout value" msgstr "neplatná hodnota časového limitu" -#: gram.y:1079 +#: gram.y:946 plugins/sudoers/sudoers.c:998 +msgid "command too long" +msgstr "příkaz je příliš dlouhý" + +#: gram.y:1203 #, c-format msgid "%s:%d:%d: %s\n" msgstr "%s:%d:%d: %s\n" -#: gram.y:1526 lib/eventlog/eventlog.c:280 lib/eventlog/eventlog.c:753 -#: lib/eventlog/eventlog.c:815 lib/eventlog/eventlog.c:816 -#: lib/eventlog/eventlog.c:1062 lib/iolog/iolog_fileio.c:998 -#: lib/iolog/iolog_json.c:120 lib/iolog/iolog_json.c:304 -#: lib/iolog/iolog_json.c:335 lib/iolog/iolog_json.c:457 -#: lib/iolog/iolog_json.c:735 lib/iolog/iolog_util.c:106 -#: lib/iolog/iolog_util.c:115 lib/iolog/iolog_util.c:125 -#: lib/iolog/iolog_util.c:133 lib/iolog/iolog_util.c:137 -#: lib/iolog/iolog_util.c:196 logsrvd/logsrvd.c:1280 logsrvd/logsrvd.c:1293 -#: logsrvd/logsrvd.c:1338 logsrvd/sendlog.c:480 logsrvd/sendlog.c:1321 -#: logsrvd/sendlog.c:1328 logsrvd/sendlog.c:1746 plugins/sudoers/audit.c:115 -#: plugins/sudoers/audit.c:210 plugins/sudoers/auth/pam.c:482 -#: plugins/sudoers/auth/pam.c:669 plugins/sudoers/auth/rfc1938.c:111 -#: plugins/sudoers/cvtsudoers.c:119 plugins/sudoers/cvtsudoers.c:159 -#: plugins/sudoers/cvtsudoers.c:176 plugins/sudoers/cvtsudoers.c:187 -#: plugins/sudoers/cvtsudoers.c:299 plugins/sudoers/cvtsudoers.c:427 -#: plugins/sudoers/cvtsudoers.c:560 plugins/sudoers/cvtsudoers.c:577 -#: plugins/sudoers/cvtsudoers.c:641 plugins/sudoers/cvtsudoers.c:756 -#: plugins/sudoers/cvtsudoers.c:763 plugins/sudoers/cvtsudoers.c:1178 -#: plugins/sudoers/cvtsudoers.c:1182 plugins/sudoers/cvtsudoers.c:1284 +#: gram.y:1247 +#, c-format +msgid "Alias \"%s\" already defined" +msgstr "Alias „%s“ je již definován" + +#: gram.y:1744 gram.y:1794 lib/eventlog/eventlog.c:309 +#: lib/eventlog/eventlog.c:804 lib/eventlog/eventlog.c:877 +#: lib/eventlog/eventlog.c:880 lib/eventlog/eventlog.c:1176 +#: lib/iolog/iolog_json.c:150 lib/iolog/iolog_json.c:381 +#: lib/iolog/iolog_json.c:412 lib/iolog/iolog_json.c:555 +#: lib/iolog/iolog_legacy.c:100 lib/iolog/iolog_legacy.c:111 +#: lib/iolog/iolog_legacy.c:123 lib/iolog/iolog_legacy.c:133 +#: lib/iolog/iolog_legacy.c:139 lib/iolog/iolog_loginfo.c:76 +#: lib/iolog/iolog_loginfo.c:211 logsrvd/iolog_writer.c:84 +#: logsrvd/iolog_writer.c:89 logsrvd/iolog_writer.c:123 +#: logsrvd/iolog_writer.c:162 logsrvd/iolog_writer.c:171 +#: logsrvd/iolog_writer.c:189 logsrvd/iolog_writer.c:211 +#: logsrvd/iolog_writer.c:224 logsrvd/iolog_writer.c:251 +#: logsrvd/iolog_writer.c:260 logsrvd/iolog_writer.c:276 +#: logsrvd/iolog_writer.c:285 logsrvd/iolog_writer.c:300 +#: logsrvd/iolog_writer.c:313 logsrvd/iolog_writer.c:326 +#: logsrvd/iolog_writer.c:339 logsrvd/iolog_writer.c:354 +#: logsrvd/iolog_writer.c:393 logsrvd/iolog_writer.c:399 +#: logsrvd/iolog_writer.c:406 logsrvd/iolog_writer.c:412 +#: logsrvd/iolog_writer.c:596 logsrvd/logsrv_util.c:64 logsrvd/logsrvd.c:296 +#: logsrvd/logsrvd.c:305 logsrvd/logsrvd.c:448 logsrvd/logsrvd.c:485 +#: logsrvd/logsrvd.c:593 logsrvd/logsrvd.c:1084 logsrvd/logsrvd.c:1400 +#: logsrvd/logsrvd.c:1406 logsrvd/logsrvd_conf.c:1360 +#: logsrvd/logsrvd_journal.c:70 logsrvd/logsrvd_journal.c:114 +#: logsrvd/logsrvd_journal.c:203 logsrvd/logsrvd_journal.c:233 +#: logsrvd/logsrvd_journal.c:237 logsrvd/logsrvd_journal.c:245 +#: logsrvd/logsrvd_journal.c:268 logsrvd/logsrvd_journal.c:272 +#: logsrvd/logsrvd_journal.c:425 logsrvd/logsrvd_local.c:174 +#: logsrvd/logsrvd_local.c:237 logsrvd/logsrvd_local.c:425 +#: logsrvd/logsrvd_local.c:431 logsrvd/logsrvd_local.c:450 +#: logsrvd/logsrvd_queue.c:153 logsrvd/logsrvd_queue.c:184 +#: logsrvd/logsrvd_queue.c:261 logsrvd/sendlog.c:246 logsrvd/sendlog.c:255 +#: logsrvd/sendlog.c:333 logsrvd/sendlog.c:640 logsrvd/sendlog.c:1526 +#: logsrvd/sendlog.c:1533 logsrvd/sendlog.c:1756 logsrvd/tls_init.c:293 +#: logsrvd/tls_init.c:314 logsrvd/tls_init.c:324 plugins/sudoers/audit.c:116 +#: plugins/sudoers/auth/pam.c:503 plugins/sudoers/auth/pam.c:689 +#: plugins/sudoers/auth/rfc1938.c:111 plugins/sudoers/check_aliases.c:134 +#: plugins/sudoers/cvtsudoers.c:131 plugins/sudoers/cvtsudoers.c:174 +#: plugins/sudoers/cvtsudoers.c:191 plugins/sudoers/cvtsudoers.c:202 +#: plugins/sudoers/cvtsudoers.c:332 plugins/sudoers/cvtsudoers.c:533 +#: plugins/sudoers/cvtsudoers.c:666 plugins/sudoers/cvtsudoers.c:684 +#: plugins/sudoers/cvtsudoers.c:755 plugins/sudoers/cvtsudoers.c:870 +#: plugins/sudoers/cvtsudoers.c:877 plugins/sudoers/cvtsudoers.c:1373 +#: plugins/sudoers/cvtsudoers.c:1377 plugins/sudoers/cvtsudoers.c:1479 +#: plugins/sudoers/cvtsudoers_csv.c:182 plugins/sudoers/cvtsudoers_csv.c:245 #: plugins/sudoers/cvtsudoers_json.c:75 plugins/sudoers/cvtsudoers_ldif.c:150 #: plugins/sudoers/cvtsudoers_ldif.c:193 plugins/sudoers/cvtsudoers_ldif.c:234 -#: plugins/sudoers/cvtsudoers_ldif.c:299 plugins/sudoers/cvtsudoers_ldif.c:370 -#: plugins/sudoers/cvtsudoers_ldif.c:420 plugins/sudoers/cvtsudoers_ldif.c:428 -#: plugins/sudoers/cvtsudoers_ldif.c:439 plugins/sudoers/cvtsudoers_ldif.c:446 -#: plugins/sudoers/cvtsudoers_ldif.c:459 plugins/sudoers/cvtsudoers_ldif.c:467 -#: plugins/sudoers/cvtsudoers_ldif.c:614 plugins/sudoers/defaults.c:630 -#: plugins/sudoers/defaults.c:923 plugins/sudoers/defaults.c:1098 -#: plugins/sudoers/editor.c:181 plugins/sudoers/env.c:261 +#: plugins/sudoers/cvtsudoers_ldif.c:299 plugins/sudoers/cvtsudoers_ldif.c:375 +#: plugins/sudoers/cvtsudoers_ldif.c:429 plugins/sudoers/cvtsudoers_ldif.c:437 +#: plugins/sudoers/cvtsudoers_ldif.c:448 plugins/sudoers/cvtsudoers_ldif.c:455 +#: plugins/sudoers/cvtsudoers_ldif.c:468 plugins/sudoers/cvtsudoers_ldif.c:476 +#: plugins/sudoers/cvtsudoers_ldif.c:623 +#: plugins/sudoers/cvtsudoers_merge.c:246 +#: plugins/sudoers/cvtsudoers_merge.c:292 +#: plugins/sudoers/cvtsudoers_merge.c:338 +#: plugins/sudoers/cvtsudoers_merge.c:359 +#: plugins/sudoers/cvtsudoers_merge.c:446 +#: plugins/sudoers/cvtsudoers_merge.c:454 +#: plugins/sudoers/cvtsudoers_merge.c:457 +#: plugins/sudoers/cvtsudoers_merge.c:523 +#: plugins/sudoers/cvtsudoers_merge.c:526 +#: plugins/sudoers/cvtsudoers_merge.c:695 +#: plugins/sudoers/cvtsudoers_merge.c:703 +#: plugins/sudoers/cvtsudoers_merge.c:926 +#: plugins/sudoers/cvtsudoers_merge.c:962 plugins/sudoers/defaults.c:665 +#: plugins/sudoers/defaults.c:1019 plugins/sudoers/defaults.c:1206 +#: plugins/sudoers/editor.c:190 plugins/sudoers/env.c:262 #: plugins/sudoers/exptilde.c:92 plugins/sudoers/filedigest.c:54 -#: plugins/sudoers/filedigest.c:70 plugins/sudoers/gc.c:56 -#: plugins/sudoers/group_plugin.c:132 plugins/sudoers/interfaces.c:72 -#: plugins/sudoers/iolog.c:596 plugins/sudoers/iolog.c:613 +#: plugins/sudoers/filedigest.c:70 plugins/sudoers/gc.c:57 +#: plugins/sudoers/group_plugin.c:132 plugins/sudoers/interfaces.c:68 +#: plugins/sudoers/iolog.c:609 plugins/sudoers/iolog.c:635 #: plugins/sudoers/ldap.c:184 plugins/sudoers/ldap.c:422 #: plugins/sudoers/ldap.c:432 plugins/sudoers/ldap.c:437 #: plugins/sudoers/ldap.c:441 plugins/sudoers/ldap.c:453 -#: plugins/sudoers/ldap.c:744 plugins/sudoers/ldap.c:908 -#: plugins/sudoers/ldap.c:1281 plugins/sudoers/ldap.c:1709 -#: plugins/sudoers/ldap.c:1746 plugins/sudoers/ldap.c:1827 -#: plugins/sudoers/ldap.c:1962 plugins/sudoers/ldap.c:2063 -#: plugins/sudoers/ldap.c:2079 plugins/sudoers/ldap_conf.c:218 +#: plugins/sudoers/ldap.c:749 plugins/sudoers/ldap.c:913 +#: plugins/sudoers/ldap.c:1286 plugins/sudoers/ldap.c:1712 +#: plugins/sudoers/ldap.c:1749 plugins/sudoers/ldap.c:1830 +#: plugins/sudoers/ldap.c:1965 plugins/sudoers/ldap.c:2066 +#: plugins/sudoers/ldap.c:2082 plugins/sudoers/ldap_conf.c:218 #: plugins/sudoers/ldap_conf.c:249 plugins/sudoers/ldap_conf.c:301 #: plugins/sudoers/ldap_conf.c:337 plugins/sudoers/ldap_conf.c:441 #: plugins/sudoers/ldap_conf.c:456 plugins/sudoers/ldap_conf.c:553 #: plugins/sudoers/ldap_conf.c:586 plugins/sudoers/ldap_conf.c:677 -#: plugins/sudoers/ldap_conf.c:760 plugins/sudoers/ldap_util.c:325 -#: plugins/sudoers/ldap_util.c:332 plugins/sudoers/ldap_util.c:603 -#: plugins/sudoers/linux_audit.c:84 plugins/sudoers/log_client.c:105 -#: plugins/sudoers/log_client.c:214 plugins/sudoers/log_client.c:235 -#: plugins/sudoers/log_client.c:248 plugins/sudoers/log_client.c:381 -#: plugins/sudoers/log_client.c:688 plugins/sudoers/log_client.c:706 -#: plugins/sudoers/log_client.c:1407 plugins/sudoers/log_client.c:1620 -#: plugins/sudoers/log_client.c:1942 plugins/sudoers/log_client.c:1999 -#: plugins/sudoers/logging.c:100 plugins/sudoers/logging.c:165 -#: plugins/sudoers/logging.c:166 plugins/sudoers/logging.c:425 -#: plugins/sudoers/logging.c:445 plugins/sudoers/logging.c:527 -#: plugins/sudoers/match_command.c:280 plugins/sudoers/match_command.c:448 -#: plugins/sudoers/match_command.c:498 plugins/sudoers/match_command.c:573 -#: plugins/sudoers/match_digest.c:93 plugins/sudoers/parse.c:198 -#: plugins/sudoers/parse.c:212 plugins/sudoers/parse.c:229 -#: plugins/sudoers/parse.c:243 plugins/sudoers/parse.c:263 -#: plugins/sudoers/parse.c:274 plugins/sudoers/parse_ldif.c:152 -#: plugins/sudoers/parse_ldif.c:183 plugins/sudoers/parse_ldif.c:252 -#: plugins/sudoers/parse_ldif.c:259 plugins/sudoers/parse_ldif.c:264 -#: plugins/sudoers/parse_ldif.c:340 plugins/sudoers/parse_ldif.c:351 -#: plugins/sudoers/parse_ldif.c:378 plugins/sudoers/parse_ldif.c:395 -#: plugins/sudoers/parse_ldif.c:407 plugins/sudoers/parse_ldif.c:411 -#: plugins/sudoers/parse_ldif.c:425 plugins/sudoers/parse_ldif.c:594 -#: plugins/sudoers/parse_ldif.c:623 plugins/sudoers/parse_ldif.c:648 -#: plugins/sudoers/parse_ldif.c:706 plugins/sudoers/parse_ldif.c:723 -#: plugins/sudoers/parse_ldif.c:751 plugins/sudoers/parse_ldif.c:758 -#: plugins/sudoers/policy.c:139 plugins/sudoers/policy.c:148 -#: plugins/sudoers/policy.c:157 plugins/sudoers/policy.c:183 -#: plugins/sudoers/policy.c:320 plugins/sudoers/policy.c:335 -#: plugins/sudoers/policy.c:337 plugins/sudoers/policy.c:366 -#: plugins/sudoers/policy.c:375 plugins/sudoers/policy.c:418 -#: plugins/sudoers/policy.c:428 plugins/sudoers/policy.c:437 -#: plugins/sudoers/policy.c:446 plugins/sudoers/policy.c:526 -#: plugins/sudoers/policy.c:874 plugins/sudoers/prompt.c:93 -#: plugins/sudoers/pwutil.c:194 plugins/sudoers/pwutil.c:265 -#: plugins/sudoers/pwutil.c:343 plugins/sudoers/pwutil.c:517 -#: plugins/sudoers/pwutil.c:581 plugins/sudoers/pwutil.c:652 -#: plugins/sudoers/pwutil.c:811 plugins/sudoers/pwutil.c:867 -#: plugins/sudoers/pwutil.c:911 plugins/sudoers/pwutil.c:968 -#: plugins/sudoers/set_perms.c:359 plugins/sudoers/set_perms.c:698 -#: plugins/sudoers/set_perms.c:1061 plugins/sudoers/set_perms.c:1364 -#: plugins/sudoers/set_perms.c:1529 plugins/sudoers/sssd.c:144 +#: plugins/sudoers/ldap_conf.c:760 plugins/sudoers/ldap_util.c:292 +#: plugins/sudoers/ldap_util.c:299 plugins/sudoers/ldap_util.c:613 +#: plugins/sudoers/linux_audit.c:86 plugins/sudoers/log_client.c:112 +#: plugins/sudoers/log_client.c:221 plugins/sudoers/log_client.c:242 +#: plugins/sudoers/log_client.c:255 plugins/sudoers/log_client.c:390 +#: plugins/sudoers/log_client.c:703 plugins/sudoers/log_client.c:724 +#: plugins/sudoers/log_client.c:1444 plugins/sudoers/log_client.c:1662 +#: plugins/sudoers/log_client.c:1989 plugins/sudoers/log_client.c:2046 +#: plugins/sudoers/logging.c:104 plugins/sudoers/logging.c:183 +#: plugins/sudoers/logging.c:184 plugins/sudoers/logging.c:467 +#: plugins/sudoers/logging.c:487 plugins/sudoers/logging.c:627 +#: plugins/sudoers/match_command.c:296 plugins/sudoers/match_command.c:496 +#: plugins/sudoers/match_command.c:545 plugins/sudoers/match_command.c:618 +#: plugins/sudoers/match_command.c:665 plugins/sudoers/match_digest.c:93 +#: plugins/sudoers/parse.c:200 plugins/sudoers/parse.c:217 +#: plugins/sudoers/parse.c:249 plugins/sudoers/parse.c:266 +#: plugins/sudoers/parse.c:289 plugins/sudoers/parse.c:300 +#: plugins/sudoers/parse_ldif.c:152 plugins/sudoers/parse_ldif.c:183 +#: plugins/sudoers/parse_ldif.c:252 plugins/sudoers/parse_ldif.c:260 +#: plugins/sudoers/parse_ldif.c:265 plugins/sudoers/parse_ldif.c:341 +#: plugins/sudoers/parse_ldif.c:352 plugins/sudoers/parse_ldif.c:379 +#: plugins/sudoers/parse_ldif.c:396 plugins/sudoers/parse_ldif.c:408 +#: plugins/sudoers/parse_ldif.c:412 plugins/sudoers/parse_ldif.c:426 +#: plugins/sudoers/parse_ldif.c:484 plugins/sudoers/parse_ldif.c:597 +#: plugins/sudoers/parse_ldif.c:626 plugins/sudoers/parse_ldif.c:651 +#: plugins/sudoers/parse_ldif.c:709 plugins/sudoers/parse_ldif.c:726 +#: plugins/sudoers/parse_ldif.c:754 plugins/sudoers/parse_ldif.c:761 +#: plugins/sudoers/policy.c:152 plugins/sudoers/policy.c:161 +#: plugins/sudoers/policy.c:170 plugins/sudoers/policy.c:197 +#: plugins/sudoers/policy.c:338 plugins/sudoers/policy.c:353 +#: plugins/sudoers/policy.c:355 plugins/sudoers/policy.c:385 +#: plugins/sudoers/policy.c:394 plugins/sudoers/policy.c:442 +#: plugins/sudoers/policy.c:452 plugins/sudoers/policy.c:461 +#: plugins/sudoers/policy.c:470 plugins/sudoers/policy.c:564 +#: plugins/sudoers/policy.c:978 plugins/sudoers/prompt.c:93 +#: plugins/sudoers/pwutil.c:199 plugins/sudoers/pwutil.c:270 +#: plugins/sudoers/pwutil.c:348 plugins/sudoers/pwutil.c:522 +#: plugins/sudoers/pwutil.c:587 plugins/sudoers/pwutil.c:659 +#: plugins/sudoers/pwutil.c:857 plugins/sudoers/pwutil.c:913 +#: plugins/sudoers/pwutil.c:957 plugins/sudoers/pwutil.c:1014 +#: plugins/sudoers/set_perms.c:363 plugins/sudoers/set_perms.c:706 +#: plugins/sudoers/set_perms.c:1073 plugins/sudoers/set_perms.c:1380 +#: plugins/sudoers/set_perms.c:1549 plugins/sudoers/sssd.c:144 #: plugins/sudoers/sssd.c:407 plugins/sudoers/sssd.c:470 -#: plugins/sudoers/sssd.c:514 plugins/sudoers/sssd.c:561 -#: plugins/sudoers/sssd.c:754 plugins/sudoers/stubs.c:110 -#: plugins/sudoers/stubs.c:118 plugins/sudoers/sudoers.c:300 -#: plugins/sudoers/sudoers.c:326 plugins/sudoers/sudoers.c:370 -#: plugins/sudoers/sudoers.c:381 plugins/sudoers/sudoers.c:391 -#: plugins/sudoers/sudoers.c:433 plugins/sudoers/sudoers.c:794 -#: plugins/sudoers/sudoers.c:927 plugins/sudoers/sudoers.c:961 -#: plugins/sudoers/sudoers.c:1265 plugins/sudoers/sudoreplay.c:552 -#: plugins/sudoers/sudoreplay.c:555 plugins/sudoers/sudoreplay.c:1259 -#: plugins/sudoers/sudoreplay.c:1469 plugins/sudoers/sudoreplay.c:1473 -#: plugins/sudoers/testsudoers.c:128 plugins/sudoers/testsudoers.c:228 -#: plugins/sudoers/testsudoers.c:245 plugins/sudoers/testsudoers.c:587 -#: plugins/sudoers/timestamp.c:432 plugins/sudoers/timestamp.c:476 -#: plugins/sudoers/timestamp.c:986 plugins/sudoers/toke_util.c:51 -#: plugins/sudoers/toke_util.c:104 plugins/sudoers/toke_util.c:128 -#: plugins/sudoers/toke_util.c:157 plugins/sudoers/tsdump.c:123 -#: plugins/sudoers/visudo.c:145 plugins/sudoers/visudo.c:323 -#: plugins/sudoers/visudo.c:329 plugins/sudoers/visudo.c:439 -#: plugins/sudoers/visudo.c:615 plugins/sudoers/visudo.c:935 -#: plugins/sudoers/visudo.c:1008 plugins/sudoers/visudo.c:1129 toke.l:913 -#: toke.l:1033 toke.l:1091 +#: plugins/sudoers/sssd.c:514 plugins/sudoers/sssd.c:558 +#: plugins/sudoers/sssd.c:751 plugins/sudoers/strvec_join.c:53 +#: plugins/sudoers/stubs.c:111 plugins/sudoers/stubs.c:119 +#: plugins/sudoers/sudoers.c:335 plugins/sudoers/sudoers.c:361 +#: plugins/sudoers/sudoers.c:429 plugins/sudoers/sudoers.c:438 +#: plugins/sudoers/sudoers.c:479 plugins/sudoers/sudoers.c:842 +#: plugins/sudoers/sudoers.c:980 plugins/sudoers/sudoers.c:1039 +#: plugins/sudoers/sudoers.c:1305 plugins/sudoers/sudoreplay.c:562 +#: plugins/sudoers/sudoreplay.c:565 plugins/sudoers/sudoreplay.c:1280 +#: plugins/sudoers/sudoreplay.c:1500 plugins/sudoers/sudoreplay.c:1504 +#: plugins/sudoers/testsudoers.c:120 plugins/sudoers/testsudoers.c:224 +#: plugins/sudoers/testsudoers.c:241 plugins/sudoers/testsudoers.c:580 +#: plugins/sudoers/timestamp.c:424 plugins/sudoers/timestamp.c:468 +#: plugins/sudoers/timestamp.c:980 plugins/sudoers/timestamp.c:1118 +#: plugins/sudoers/toke_util.c:77 plugins/sudoers/toke_util.c:105 +#: plugins/sudoers/toke_util.c:130 plugins/sudoers/toke_util.c:154 +#: plugins/sudoers/toke_util.c:193 plugins/sudoers/tsdump.c:123 +#: plugins/sudoers/visudo.c:145 plugins/sudoers/visudo.c:344 +#: plugins/sudoers/visudo.c:350 plugins/sudoers/visudo.c:456 +#: plugins/sudoers/visudo.c:632 plugins/sudoers/visudo.c:962 +#: plugins/sudoers/visudo.c:1035 toke.l:944 toke.l:1076 toke.l:1139 +#: toke.l:1147 #, c-format msgid "%s: %s" msgstr "%s: %s" -#: lib/eventlog/eventlog.c:285 lib/iolog/iolog_json.c:463 -#: lib/iolog/iolog_json.c:466 lib/iolog/iolog_json.c:468 -#: lib/iolog/iolog_json.c:560 plugins/sudoers/cvtsudoers_ldif.c:244 -#: plugins/sudoers/cvtsudoers_ldif.c:251 plugins/sudoers/cvtsudoers_ldif.c:571 -#: plugins/sudoers/env.c:323 plugins/sudoers/env.c:330 -#: plugins/sudoers/env.c:437 plugins/sudoers/iolog.c:618 -#: plugins/sudoers/ldap.c:517 plugins/sudoers/ldap.c:748 -#: plugins/sudoers/ldap.c:1081 plugins/sudoers/ldap_conf.c:222 -#: plugins/sudoers/ldap_conf.c:312 plugins/sudoers/linux_audit.c:90 -#: plugins/sudoers/policy.c:556 plugins/sudoers/policy.c:711 -#: plugins/sudoers/policy.c:721 plugins/sudoers/prompt.c:161 -#: plugins/sudoers/sudoers.c:983 plugins/sudoers/testsudoers.c:249 -#: plugins/sudoers/toke_util.c:169 +#: lib/eventlog/eventlog.c:314 lib/iolog/iolog_json.c:562 +#: lib/iolog/iolog_json.c:568 lib/iolog/iolog_json.c:574 +#: plugins/sudoers/cvtsudoers_csv.c:192 plugins/sudoers/cvtsudoers_csv.c:199 +#: plugins/sudoers/cvtsudoers_ldif.c:244 plugins/sudoers/cvtsudoers_ldif.c:251 +#: plugins/sudoers/cvtsudoers_ldif.c:580 plugins/sudoers/env.c:326 +#: plugins/sudoers/env.c:333 plugins/sudoers/env.c:444 +#: plugins/sudoers/ldap.c:520 plugins/sudoers/ldap.c:753 +#: plugins/sudoers/ldap.c:1086 plugins/sudoers/ldap_conf.c:222 +#: plugins/sudoers/ldap_conf.c:312 plugins/sudoers/ldap_util.c:485 +#: plugins/sudoers/linux_audit.c:92 plugins/sudoers/policy.c:594 +#: plugins/sudoers/policy.c:763 plugins/sudoers/policy.c:774 +#: plugins/sudoers/prompt.c:168 plugins/sudoers/strvec_join.c:62 +#: plugins/sudoers/testsudoers.c:245 plugins/sudoers/toke_util.c:206 +#: toke.l:908 toke.l:1110 #, c-format msgid "internal error, %s overflow" msgstr "vnitřní chyba, přetečení %s" -#: lib/eventlog/eventlog.c:343 +#: lib/eventlog/eventlog.c:373 #, c-format msgid "unable to dup stdin: %m" msgstr "nelze zdvojit standardní vstup: %m" -#: lib/eventlog/eventlog.c:388 +#: lib/eventlog/eventlog.c:415 #, c-format msgid "unable to execute %s: %m" msgstr "nelze spustit %s: %m" -#: lib/eventlog/eventlog.c:428 plugins/sudoers/auth/aix_auth.c:198 +#: lib/eventlog/eventlog.c:456 plugins/sudoers/auth/aix_auth.c:198 msgid "unable to fork" msgstr "nelze vytvořit proces" -#: lib/eventlog/eventlog.c:436 lib/eventlog/eventlog.c:490 +#: lib/eventlog/eventlog.c:464 lib/eventlog/eventlog.c:518 #, c-format msgid "unable to fork: %m" msgstr "nelze vytvořit proces: %m" -#: lib/eventlog/eventlog.c:480 +#: lib/eventlog/eventlog.c:508 #, c-format msgid "unable to open pipe: %m" msgstr "nelze otevřít rouru: %m" -#: lib/eventlog/eventlog.c:894 +#: lib/eventlog/eventlog.c:1007 #, c-format msgid "%8s : %s" msgstr "%8s : %s" -#: lib/eventlog/eventlog.c:923 +#: lib/eventlog/eventlog.c:1036 #, c-format msgid "%8s : (command continued) %s" msgstr "%8s : (příkaz pokračuje) %s" -#: lib/iolog/iolog_fileio.c:155 -#, c-format -msgid "%s exists but is not a directory (0%o)" -msgstr "%s existuje, ale nejedná se o adresář (0%o)" - -#: lib/iolog/iolog_fileio.c:185 lib/iolog/iolog_fileio.c:231 -#: plugins/sudoers/timestamp.c:205 -#, c-format -msgid "unable to mkdir %s" -msgstr "nelze vytvořit adresář %s" - -#: lib/iolog/iolog_fileio.c:235 plugins/sudoers/visudo.c:732 -#: plugins/sudoers/visudo.c:743 -#, c-format -msgid "unable to change mode of %s to 0%o" -msgstr "nelze změnit práva %s na 0%o" - -#: lib/iolog/iolog_json.c:114 +#: lib/iolog/iolog_json.c:140 #, c-format msgid "expected JSON_STRING, got %d" msgstr "očekáván JSON_STRING, obdrženo %d" -#: lib/iolog/iolog_json.c:327 +#: lib/iolog/iolog_json.c:145 +msgid "JSON_ARRAY too large" +msgstr "JSON_ARRAY je příliš velké" + +#: lib/iolog/iolog_json.c:404 msgid "missing double quote in name" msgstr "v názvu chybí dvojitá uvozovka" -#: lib/iolog/iolog_json.c:414 +#: lib/iolog/iolog_json.c:501 +msgid "missing JSON_OBJECT" +msgstr "chybí JSON_OBJECT" + +#: lib/iolog/iolog_json.c:505 #, c-format msgid "expected JSON_OBJECT, got %d" msgstr "očekáván JSON_OBJECT, obdrženo %d" -#: lib/iolog/iolog_json.c:629 lib/iolog/iolog_json.c:753 +#: lib/iolog/iolog_json.c:661 +#, c-format +msgid "json stack exhausted (max %u frames)" +msgstr "jsonový zásobník vyčerpán (nejvýše %u rámců)" + +#: lib/iolog/iolog_json.c:735 +msgid "objects must consist of name:value pairs" +msgstr "objekty musí sestávat z dvojic název:hodnota" + +#: lib/iolog/iolog_json.c:740 lib/iolog/iolog_json.c:771 +#: lib/iolog/iolog_json.c:815 lib/iolog/iolog_json.c:837 +#: lib/iolog/iolog_json.c:859 lib/iolog/iolog_json.c:881 +#: lib/iolog/iolog_json.c:903 +msgid "missing separator between values" +msgstr "chybí oddělovač mezí hodnotami" + +#: lib/iolog/iolog_json.c:755 lib/iolog/iolog_json.c:929 msgid "unmatched close brace" msgstr "neodpovídající uzavírací složená závorka" -#: lib/iolog/iolog_json.c:638 +#: lib/iolog/iolog_json.c:766 msgid "unexpected array" msgstr "nečekané pole" -#: lib/iolog/iolog_json.c:651 lib/iolog/iolog_json.c:755 +#: lib/iolog/iolog_json.c:786 lib/iolog/iolog_json.c:932 msgid "unmatched close bracket" msgstr "neodpovídající uzavírající hranatá závorka" -#: lib/iolog/iolog_json.c:659 +#: lib/iolog/iolog_json.c:797 msgid "unexpected string" msgstr "nečekaný řetězec" -#: lib/iolog/iolog_json.c:669 +#: lib/iolog/iolog_json.c:808 msgid "missing colon after name" msgstr "za názvem chybí dvojtečka" -#: lib/iolog/iolog_json.c:680 lib/iolog/iolog_json.c:695 -#: lib/iolog/iolog_json.c:710 +#: lib/iolog/iolog_json.c:829 lib/iolog/iolog_json.c:851 msgid "unexpected boolean" msgstr "nečekaná pravdivostní hodnota" -#: lib/iolog/iolog_json.c:726 +#: lib/iolog/iolog_json.c:873 +msgid "unexpected null" +msgstr "nečekaná hodnota null" + +#: lib/iolog/iolog_json.c:894 msgid "unexpected number" msgstr "nečekané číslo" -#: lib/iolog/iolog_json.c:763 -#, c-format -msgid "%s:%u unable to parse \"%s\"" -msgstr "%s:%u „%s“ nelze rozebrat" +#: lib/iolog/iolog_json.c:941 +msgid "parse error" +msgstr "chyba rozboru" -#: lib/iolog/iolog_util.c:71 +#: lib/iolog/iolog_legacy.c:65 #, c-format msgid "%s: invalid log file" msgstr "%s: neplatný soubor s protokolem" -#: lib/iolog/iolog_util.c:89 +#: lib/iolog/iolog_legacy.c:83 #, c-format msgid "%s: time stamp field is missing" msgstr "%s: chybí položka s časovým údajem" -#: lib/iolog/iolog_util.c:95 +#: lib/iolog/iolog_legacy.c:89 #, c-format msgid "%s: time stamp %s: %s" msgstr "%s: čas %s: %s" -#: lib/iolog/iolog_util.c:102 +#: lib/iolog/iolog_legacy.c:96 #, c-format msgid "%s: user field is missing" msgstr "%s: chybí položka s uživatelem" -#: lib/iolog/iolog_util.c:111 +#: lib/iolog/iolog_legacy.c:107 #, c-format msgid "%s: runas user field is missing" msgstr "%s: chybí položka s runas uživatelem" -#: lib/iolog/iolog_util.c:120 +#: lib/iolog/iolog_legacy.c:118 #, c-format msgid "%s: runas group field is missing" msgstr "%s chybí položka s runas skupinou" -#: lib/iolog/iolog_util.c:419 +#: lib/iolog/iolog_mkdirs.c:89 +#, c-format +msgid "%s exists but is not a directory (0%o)" +msgstr "%s existuje, ale nejedná se o adresář (0%o)" + +#: lib/iolog/iolog_mkdirs.c:119 lib/iolog/iolog_mkdtemp.c:77 +#: logsrvd/iolog_writer.c:807 plugins/sudoers/timestamp.c:205 +#, c-format +msgid "unable to mkdir %s" +msgstr "nelze vytvořit adresář %s" + +#: lib/iolog/iolog_mkdtemp.c:81 plugins/sudoers/visudo.c:731 +#: plugins/sudoers/visudo.c:765 plugins/sudoers/visudo.c:771 +#, c-format +msgid "unable to change mode of %s to 0%o" +msgstr "nelze změnit práva %s na 0%o" + +#: lib/iolog/iolog_timing.c:261 #, c-format msgid "error reading timing file: %s" msgstr "chyba při čtení časovacího souboru: %s" -#: lib/iolog/iolog_util.c:426 +#: lib/iolog/iolog_timing.c:268 #, c-format msgid "invalid timing file line: %s" msgstr "neplatný řádek s časovacím souborem: %s" -#: logsrvd/iolog_writer.c:919 -msgid "log is already complete, cannot be restarted" -msgstr "protokol byl již dokončen, nelze jej restartovat" +#: logsrvd/iolog_writer.c:130 plugins/sudoers/logging.c:803 +#: plugins/sudoers/policy.c:544 +msgid "unable to generate UUID" +msgstr "nelze vytvořit UUID" -#: logsrvd/iolog_writer.c:950 -msgid "unable to restart log" -msgstr "protokol nelze navázat" +#: logsrvd/iolog_writer.c:158 logsrvd/iolog_writer.c:176 +#: logsrvd/iolog_writer.c:185 logsrvd/iolog_writer.c:203 +#: logsrvd/iolog_writer.c:216 logsrvd/iolog_writer.c:229 +#: logsrvd/iolog_writer.c:240 logsrvd/iolog_writer.c:247 +#: logsrvd/iolog_writer.c:265 logsrvd/iolog_writer.c:272 +#: logsrvd/iolog_writer.c:290 logsrvd/iolog_writer.c:305 +#: logsrvd/iolog_writer.c:318 logsrvd/iolog_writer.c:331 +#: logsrvd/iolog_writer.c:344 logsrvd/iolog_writer.c:359 +#, c-format +msgid "%s: protocol error: wrong type for %s" +msgstr "%s: chyba protokolu: chybný typ pro %s" + +#: logsrvd/iolog_writer.c:370 logsrvd/iolog_writer.c:375 +#: logsrvd/iolog_writer.c:380 logsrvd/iolog_writer.c:385 +#, c-format +msgid "%s: protocol error: %s missing from AcceptMessage" +msgstr "%s: chyba protokolu: v AcceptMessage chybí %s" + +#: logsrvd/iolog_writer.c:446 +#, c-format +msgid "%s: unable to format session id" +msgstr "%s: nelze naformátovat identifikátor relace" -#: logsrvd/logsrv_util.c:99 logsrvd/logsrv_util.c:106 -#: plugins/sudoers/sudoreplay.c:352 plugins/sudoers/sudoreplay.c:358 +#: logsrvd/iolog_writer.c:460 logsrvd/iolog_writer.c:474 +#: logsrvd/iolog_writer.c:488 logsrvd/iolog_writer.c:503 +#: logsrvd/iolog_writer.c:517 logsrvd/iolog_writer.c:531 +#, c-format +msgid "%s: %s is not set" +msgstr "%s: %s není nastaveno" + +#: logsrvd/iolog_writer.c:567 logsrvd/iolog_writer.c:574 +#, c-format +msgid "unable to expand iolog path %s" +msgstr "nelze expandovat iolog cestu %s" + +#: logsrvd/iolog_writer.c:592 +#, c-format +msgid "unable to create iolog path %s" +msgstr "nelze vytvořit iolog cestu %s" + +#: logsrvd/iolog_writer.c:622 +#, c-format +msgid "invalid iofd %d" +msgstr "neplatný iofd %d" + +#: logsrvd/iolog_writer.c:642 +#, c-format +msgid "error closing iofd %d: %s" +msgstr "chyba při zavírání iofd %d: %s" + +#: logsrvd/iolog_writer.c:662 +#, c-format +msgid "error flushing iofd %d: %s" +msgstr "chyba při vyprazdňování iofd %d: %s" + +#: logsrvd/iolog_writer.c:777 +#, c-format +msgid "invalid I/O log %s: %s referenced but not present" +msgstr "neplatný I/O log %s: odkazováno na %s, které není přítomno" + +#: logsrvd/iolog_writer.c:789 logsrvd/logsrvd_journal.c:377 +#, c-format +msgid "%s: unable to find resume point [%lld, %ld]" +msgstr "%s: nelze nalézt bod obnovy [%lld, %ld]" + +#: logsrvd/iolog_writer.c:811 logsrvd/logsrvd_journal.c:420 +#: logsrvd/logsrvd_queue.c:110 logsrvd/tls_init.c:245 +#: plugins/sudoers/check.c:274 plugins/sudoers/cvtsudoers.c:727 +#: plugins/sudoers/cvtsudoers.c:748 plugins/sudoers/cvtsudoers.c:1439 +#: plugins/sudoers/cvtsudoers_csv.c:681 plugins/sudoers/cvtsudoers_json.c:885 +#: plugins/sudoers/cvtsudoers_ldif.c:697 plugins/sudoers/sudoers.c:1092 +#: plugins/sudoers/sudoreplay.c:1466 plugins/sudoers/timestamp.c:433 +#: plugins/sudoers/tsdump.c:128 plugins/sudoers/visudo.c:949 +#, c-format +msgid "unable to open %s" +msgstr "nelze otevřít %s" + +#: logsrvd/iolog_writer.c:823 logsrvd/logsrv_util.c:100 +#: logsrvd/logsrv_util.c:107 plugins/sudoers/sudoreplay.c:362 +#: plugins/sudoers/sudoreplay.c:368 #, c-format msgid "unable to open %s/%s" msgstr "nelze otevřít %s/%s" -#: logsrvd/logsrv_util.c:133 +#: logsrvd/iolog_writer.c:836 +#, c-format +msgid "unable to copy %s/%s to %s/%s: %s" +msgstr "%s/%s nelze zkopírovat do %s/%s: %s" + +#: logsrvd/iolog_writer.c:865 logsrvd/logsrvd_journal.c:185 +#, c-format +msgid "unable to rename %s to %s" +msgstr "%s nelze přejmenovat na %s" + +#: logsrvd/logsrv_util.c:139 logsrvd/logsrv_util.c:168 +#, c-format +msgid "%s/%s: unable to find resume point [%lld, %ld]" +msgstr "%s/%s: nelze nalézt bod obnovy [%lld, %ld]" + +#: logsrvd/logsrv_util.c:151 #, c-format msgid "missing I/O log file %s/%s" msgstr "chybí vstupně-výstupní soubor s protokolem %s/%s" -#: logsrvd/logsrv_util.c:140 +#: logsrvd/logsrv_util.c:158 #, c-format msgid "%s/%s: unable to seek forward %zu" msgstr "%s/%s: nelze skočit vpřed o %zu" -#: logsrvd/logsrv_util.c:150 -#, c-format -msgid "unable to find resume point [%lld, %ld] in %s/%s" -msgstr "nelze nalézt bod obnovy [%lld, %ld] v %s/%s" +#: logsrvd/logsrvd.c:266 logsrvd/logsrvd_queue.c:130 +msgid "unable to connect to relay" +msgstr "k relayi se nelze připojit" + +#: logsrvd/logsrvd.c:325 logsrvd/logsrvd_relay.c:835 +#, c-format +msgid "server message too large: %zu" +msgstr "správa od serveru je příliš velká: %zu" + +#: logsrvd/logsrvd.c:417 logsrvd/logsrvd.c:534 logsrvd/logsrvd.c:613 +#: logsrvd/logsrvd.c:837 logsrvd/logsrvd.c:851 logsrvd/logsrvd.c:1010 +#: logsrvd/logsrvd.c:1134 logsrvd/logsrvd.c:1307 logsrvd/logsrvd.c:1325 +#: logsrvd/logsrvd.c:1423 logsrvd/logsrvd.c:1546 logsrvd/logsrvd.c:1730 +#: logsrvd/logsrvd_journal.c:489 logsrvd/logsrvd_local.c:197 +#: logsrvd/logsrvd_queue.c:159 logsrvd/logsrvd_relay.c:167 +#: logsrvd/logsrvd_relay.c:244 logsrvd/logsrvd_relay.c:248 +#: logsrvd/logsrvd_relay.c:384 logsrvd/logsrvd_relay.c:576 +#: logsrvd/logsrvd_relay.c:737 logsrvd/logsrvd_relay.c:1121 +#: logsrvd/sendlog.c:1316 logsrvd/tls_client.c:131 logsrvd/tls_client.c:147 +#: logsrvd/tls_client.c:209 plugins/sudoers/audit.c:276 +#: plugins/sudoers/iolog.c:963 plugins/sudoers/iolog.c:1096 +#: plugins/sudoers/iolog.c:1194 plugins/sudoers/log_client.c:116 +#: plugins/sudoers/log_client.c:332 plugins/sudoers/log_client.c:348 +#: plugins/sudoers/log_client.c:395 plugins/sudoers/log_client.c:599 +#: plugins/sudoers/log_client.c:606 plugins/sudoers/log_client.c:1131 +#: plugins/sudoers/log_client.c:1413 plugins/sudoers/log_client.c:1454 +#: plugins/sudoers/log_client.c:1462 plugins/sudoers/log_client.c:1618 +#: plugins/sudoers/log_client.c:1734 plugins/sudoers/log_client.c:2054 +#: plugins/sudoers/log_client.c:2062 plugins/sudoers/logging.c:142 +#: plugins/sudoers/logging.c:198 plugins/sudoers/sudoreplay.c:522 +#: plugins/sudoers/sudoreplay.c:569 plugins/sudoers/sudoreplay.c:811 +#: plugins/sudoers/sudoreplay.c:923 plugins/sudoers/sudoreplay.c:1014 +#: plugins/sudoers/sudoreplay.c:1029 plugins/sudoers/sudoreplay.c:1036 +#: plugins/sudoers/sudoreplay.c:1043 plugins/sudoers/sudoreplay.c:1050 +#: plugins/sudoers/sudoreplay.c:1057 plugins/sudoers/sudoreplay.c:1184 +msgid "unable to add event to queue" +msgstr "událost nelze přidat do fronty" -#: logsrvd/logsrvd.c:290 logsrvd/logsrvd.c:353 logsrvd/logsrvd.c:394 -#: logsrvd/logsrvd.c:449 logsrvd/logsrvd.c:517 logsrvd/logsrvd.c:568 -#: logsrvd/logsrvd.c:600 logsrvd/logsrvd.c:632 +#: logsrvd/logsrvd.c:441 logsrvd/logsrvd.c:478 logsrvd/logsrvd.c:510 +#: logsrvd/logsrvd.c:558 logsrvd/logsrvd.c:630 logsrvd/logsrvd.c:660 +#: logsrvd/logsrvd.c:690 logsrvd/logsrvd.c:720 logsrvd/logsrvd_relay.c:505 +#: logsrvd/logsrvd_relay.c:538 +#, c-format +msgid "unexpected state %d for %s" +msgstr "nečekaný stav %d u %s" + +#: logsrvd/logsrvd.c:442 logsrvd/logsrvd.c:479 logsrvd/logsrvd.c:511 +#: logsrvd/logsrvd.c:559 logsrvd/logsrvd.c:631 logsrvd/logsrvd.c:661 +#: logsrvd/logsrvd.c:691 logsrvd/logsrvd.c:721 logsrvd/logsrvd_relay.c:507 +#: logsrvd/logsrvd_relay.c:540 msgid "state machine error" msgstr "chyba stavového automatu" -#: logsrvd/logsrvd.c:299 +#: logsrvd/logsrvd.c:448 logsrvd/logsrvd.c:449 msgid "invalid AcceptMessage" msgstr "neplatná zpráva AcceptMessage" -#: logsrvd/logsrvd.c:307 -msgid "error parsing AcceptMessage" -msgstr "chyba při rozboru zprávy AcceptMessage" - -#: logsrvd/logsrvd.c:314 -msgid "error creating I/O log" -msgstr "chyba při vytváření vstupně-výstupního protokolu" - -#: logsrvd/logsrvd.c:321 -msgid "error logging accept event" -msgstr "chyba při protokolování události přijetí" - -#: logsrvd/logsrvd.c:362 +#: logsrvd/logsrvd.c:485 logsrvd/logsrvd.c:486 msgid "invalid RejectMessage" msgstr "neplatná zpráva RejectMessage" -#: logsrvd/logsrvd.c:370 -msgid "error parsing RejectMessage" -msgstr "chyba při rozboru zprávy RejectMessage" - -#: logsrvd/logsrvd.c:376 -msgid "error logging reject event" -msgstr "chyba při protokolování události zamítnutí" - -#: logsrvd/logsrvd.c:486 +#: logsrvd/logsrvd.c:593 logsrvd/logsrvd.c:594 msgid "invalid AlertMessage" msgstr "neplatná zpráva AlertMessage" -#: logsrvd/logsrvd.c:494 -msgid "error parsing AlertMessage" -msgstr "chyba při rozboru zprávy AlertMessage" - -#: logsrvd/logsrvd.c:502 -msgid "error logging alert event" -msgstr "chyba při protokolování události upozornění" +#: logsrvd/logsrvd.c:635 logsrvd/logsrvd.c:665 logsrvd/logsrvd.c:695 +#, c-format +msgid "%s: unexpected IoBuffer" +msgstr "%s: nečekaný IoBuffer" -#: logsrvd/logsrvd.c:523 logsrvd/logsrvd.c:574 logsrvd/logsrvd.c:606 +#: logsrvd/logsrvd.c:636 logsrvd/logsrvd.c:666 logsrvd/logsrvd.c:696 msgid "protocol error" msgstr "chyba protokolu" -#: logsrvd/logsrvd.c:533 -msgid "error writing IoBuffer" -msgstr "chyba při zápisu IoBuffer" - -#: logsrvd/logsrvd.c:585 -msgid "error writing ChangeWindowSize" -msgstr "chyba při zápisu ChangeWindowSize" - -#: logsrvd/logsrvd.c:617 -msgid "error writing CommandSuspend" -msgstr "chyba při zápisu CommandSuspend" +#: logsrvd/logsrvd.c:791 logsrvd/logsrvd_journal.c:357 +#: logsrvd/logsrvd_local.c:125 logsrvd/logsrvd_relay.c:671 +#, c-format +msgid "unexpected type_case value %d in %s from %s" +msgstr "nečekaná hodnota type_case %d v %s od %s" -#: logsrvd/logsrvd.c:702 +#: logsrvd/logsrvd.c:793 msgid "unrecognized ClientMessage type" msgstr "nerozpoznaný druh zprávy ClientMessage" -#: logsrvd/logsrvd.c:967 -msgid "client message too large" -msgstr "zpráva od klienta je příliš velká" - -#: logsrvd/logsrvd.c:1197 logsrvd/logsrvd.c:1205 -#, c-format -msgid "unable to set TLS 1.2 ciphersuite to %s: %s" -msgstr "šifru TLS 1.2 nelze nastavit na %s: %s" - -#: logsrvd/logsrvd.c:1225 logsrvd/logsrvd.c:1233 +#: logsrvd/logsrvd.c:883 #, c-format -msgid "unable to set TLS 1.3 ciphersuite to %s: %s" -msgstr "šifru TLS 1.3 nelze nastavit na %s: %s" +msgid "timed out writing to client %s" +msgstr "při zapisování do klienta %s vypršel časový limit" -#: logsrvd/logsrvd.c:1269 +#: logsrvd/logsrvd.c:888 logsrvd/logsrvd_relay.c:907 logsrvd/sendlog.c:1420 #, c-format -msgid "unable to get TLS server method: %s" -msgstr "nelze získat metodu TLS serveru: %s" +msgid "missing write buffer for client %s" +msgstr "chybí vyrovnávací paměť pro zápis do klienta %s" -#: logsrvd/logsrvd.c:1274 +#: logsrvd/logsrvd.c:981 #, c-format -msgid "unable to create TLS context: %s" -msgstr "nelze vytvořit kontext TLS: %s" +msgid "timed out reading from client %s" +msgstr "při čtení z klienta %s vypršel časový limit" -#: logsrvd/logsrvd.c:1281 plugins/sudoers/log_client.c:236 +#: logsrvd/logsrvd.c:1022 logsrvd/logsrvd_relay.c:771 #, c-format -msgid "unable to load certificate %s" -msgstr "nelze zavést certifikát %s" +msgid "EOF from %s without proper TLS shutdown" +msgstr "konec souboru od %s bez řádného ukončení TLS" -#: logsrvd/logsrvd.c:1294 plugins/sudoers/log_client.c:216 +#: logsrvd/logsrvd.c:1065 logsrvd/logsrvd_relay.c:200 logsrvd/sendlog.c:317 +#: plugins/sudoers/log_client.c:709 #, c-format -msgid "unable to load certificate authority bundle %s" -msgstr "nelze zavést svazek certifikátů autorit %s" - -#: logsrvd/logsrvd.c:1339 plugins/sudoers/log_client.c:249 -#, c-format -msgid "unable to load private key %s" -msgstr "nelze zavést soukromý klíč %s" +msgid "client message too large: %zu" +msgstr "zpráva od klienta je příliš velká: %zu" -#: logsrvd/logsrvd.c:1356 logsrvd/logsrvd.c:1365 -#, c-format -msgid "unable to set diffie-hellman parameters: %s" -msgstr "nelze nastavit parametry Diffieho-Hellmana: %s" +#: logsrvd/logsrvd.c:1066 logsrvd/logsrvd_journal.c:246 +#: logsrvd/logsrvd_journal.c:247 +msgid "client message too large" +msgstr "zpráva od klienta je příliš velká" -#: logsrvd/logsrvd.c:1378 -#, c-format -msgid "unable to set minimum protocol version to TLS 1.2: %s" -msgstr "nelze nastavit minimální verzi protokolu na TLS 1.2: %s" +#: logsrvd/logsrvd.c:1084 logsrvd/logsrvd.c:1085 +msgid "invalid ClientMessage" +msgstr "neplatná zpráva ClientMessage" -#: logsrvd/logsrvd.c:1563 +#: logsrvd/logsrvd.c:1386 msgid "unable to get remote IP addr" msgstr "nelze získat vzdálenou IP adresu" -#: logsrvd/logsrvd.c:1591 plugins/sudoers/log_client.c:263 +#: logsrvd/logsrvd.c:1415 logsrvd/tls_client.c:196 +#: plugins/sudoers/log_client.c:270 #, c-format msgid "Unable to attach user data to the ssl object: %s" msgstr "K objektu SSL nelze připojit uživatelská data: %s" -#: logsrvd/logsrvd.c:1599 logsrvd/logsrvd.c:1721 logsrvd/logsrvd.c:1823 -#: logsrvd/sendlog.c:1125 logsrvd/sendlog.c:1481 logsrvd/sendlog.c:1496 -#: logsrvd/sendlog.c:1554 plugins/sudoers/iolog.c:956 -#: plugins/sudoers/iolog.c:1089 plugins/sudoers/iolog.c:1187 -#: plugins/sudoers/log_client.c:109 plugins/sudoers/log_client.c:324 -#: plugins/sudoers/log_client.c:340 plugins/sudoers/log_client.c:386 -#: plugins/sudoers/log_client.c:587 plugins/sudoers/log_client.c:594 -#: plugins/sudoers/log_client.c:1103 plugins/sudoers/log_client.c:1376 -#: plugins/sudoers/log_client.c:1417 plugins/sudoers/log_client.c:1425 -#: plugins/sudoers/log_client.c:1576 plugins/sudoers/log_client.c:1692 -#: plugins/sudoers/log_client.c:2007 plugins/sudoers/log_client.c:2015 -#: plugins/sudoers/sudoreplay.c:512 plugins/sudoers/sudoreplay.c:559 -#: plugins/sudoers/sudoreplay.c:791 plugins/sudoers/sudoreplay.c:903 -#: plugins/sudoers/sudoreplay.c:993 plugins/sudoers/sudoreplay.c:1008 -#: plugins/sudoers/sudoreplay.c:1015 plugins/sudoers/sudoreplay.c:1022 -#: plugins/sudoers/sudoreplay.c:1029 plugins/sudoers/sudoreplay.c:1036 -#: plugins/sudoers/sudoreplay.c:1163 -msgid "unable to add event to queue" -msgstr "událost nelze přidat do fronty" - -#: logsrvd/logsrvd.c:1775 logsrvd/logsrvd.c:2011 -msgid "unable setup listen socket" +#: logsrvd/logsrvd.c:1596 logsrvd/logsrvd.c:1949 +msgid "unable to setup listen socket" msgstr "nelze nastavit naslouchací socket" -#: logsrvd/logsrvd.c:1917 logsrvd/sendlog.c:124 +#: logsrvd/logsrvd.c:1713 #, c-format -msgid "" -"%s - send sudo I/O log to remote server\n" -"\n" -msgstr "" -"%s – odešle vstupně-výstupní protokol vzdálenému serveru\n" -"\n" +msgid "unexpected signal %d" +msgstr "nečekaný signál %d" -#: logsrvd/logsrvd.c:1920 -msgid "" -"\n" -"Options:\n" -" -f, --file path to configuration file\n" -" -h --help display help message and exit\n" -" -n, --no-fork do not fork, run in the foreground\n" -" -R, --random-drop percent chance connections will drop\n" -" -V, --version display version information and exit\n" -msgstr "" -"\n" -"Přepínače:\n" -" -f, --file cesta ke konfiguračnímu souboru\n" -" -h, --help zobrazí nápovědu a skončí\n" -" -n, --no-fork zůstane běžet na popředí\n" -" -R, --random-drop procentuální pravděpodobnost, že se spojení ztratí\n" -" -V, --version zobrazí údaje o verzi a skončí\n" +#: logsrvd/logsrvd.c:1851 +msgid "sudo log server" +msgstr "protokolovací server suda" + +#: logsrvd/logsrvd.c:1853 logsrvd/sendlog.c:116 +msgid "Options:" +msgstr "Volby:" -#: logsrvd/logsrvd.c:1972 logsrvd/sendlog.c:1719 +#: logsrvd/logsrvd.c:1855 +msgid "path to configuration file" +msgstr "cesta ke konfiguračnímu souboru" + +#: logsrvd/logsrvd.c:1857 logsrvd/sendlog.c:118 +msgid "display help message and exit" +msgstr "zobrazí nápovědu a skončí" + +#: logsrvd/logsrvd.c:1859 +msgid "do not fork, run in the foreground" +msgstr "neoddělí proces, běží na popředí" + +#: logsrvd/logsrvd.c:1861 +msgid "percent chance connections will drop" +msgstr "procentuální pravděpodobnost, že spojení se přeruší" + +#: logsrvd/logsrvd.c:1863 logsrvd/sendlog.c:148 +msgid "display version information and exit" +msgstr "zobrazí údaje o verzi a skončí" + +#: logsrvd/logsrvd.c:1913 logsrvd/sendlog.c:1725 msgid "Protobuf-C version 1.3 or higher required" msgstr "Je vyžadována knihovna Protobuf-C verze 1.3 nebo vyšší" -#: logsrvd/logsrvd.c:1990 +#: logsrvd/logsrvd.c:1929 #, c-format msgid "invalid random drop value: %s" msgstr "neplatná hodnota pravděpodobnosti ztráty: %s" -#: logsrvd/logsrvd.c:1994 logsrvd/sendlog.c:1769 -#: plugins/sudoers/cvtsudoers.c:228 plugins/sudoers/sudoreplay.c:299 +#: logsrvd/logsrvd.c:1932 logsrvd/sendlog.c:1779 +#: plugins/sudoers/cvtsudoers.c:246 plugins/sudoers/sudoreplay.c:301 #: plugins/sudoers/visudo.c:177 #, c-format msgid "%s version %s\n" msgstr "%s verze %s\n" -#: logsrvd/logsrvd_conf.c:331 +#: logsrvd/logsrvd_conf.c:390 plugins/sudoers/check.c:336 +#: plugins/sudoers/exptilde.c:85 plugins/sudoers/iolog.c:118 +#: plugins/sudoers/policy.c:1214 plugins/sudoers/sudoers.c:486 +#: plugins/sudoers/sudoers.c:1347 plugins/sudoers/testsudoers.c:215 +#: plugins/sudoers/testsudoers.c:382 +#, c-format +msgid "unknown user %s" +msgstr "neznámý uživatel %s" + +#: logsrvd/logsrvd_conf.c:407 plugins/sudoers/iolog.c:143 +#: plugins/sudoers/sudoers.c:491 plugins/sudoers/sudoers.c:1381 +#: plugins/sudoers/testsudoers.c:406 +#, c-format +msgid "unknown group %s" +msgstr "neznámá skupina %s" + +#: logsrvd/logsrvd_conf.c:425 +#, c-format +msgid "unable to parse iolog mode %s" +msgstr "nelze rozebrat režim iologu %s" + +#: logsrvd/logsrvd_conf.c:442 logsrvd/logsrvd_conf.c:1171 +#, c-format +msgid "invalid value for %s: %s" +msgstr "neplatná hodnota pro %s: %s" + +#: logsrvd/logsrvd_conf.c:481 msgid "TLS not supported" msgstr "protokol TLS není podporován" -#: logsrvd/logsrvd_conf.c:343 +#: logsrvd/logsrvd_conf.c:503 #, c-format msgid "%s:%s" msgstr "%s:%s" -#: logsrvd/logsrvd_conf.c:409 logsrvd/logsrvd_conf.c:653 +#: logsrvd/logsrvd_conf.c:576 logsrvd/logsrvd_conf.c:970 #, c-format msgid "%s: not a fully qualified path" msgstr "%s: cesta není plně kvalifikovaná" -#: logsrvd/logsrvd_conf.c:767 +#: logsrvd/logsrvd_conf.c:888 logsrvd/logsrvd_conf.c:904 +#: logsrvd/logsrvd_conf.c:1586 +#, c-format +msgid "unknown syslog facility %s" +msgstr "neznámý obor systémového protokolu %s" + +#: logsrvd/logsrvd_conf.c:920 logsrvd/logsrvd_conf.c:936 +#: logsrvd/logsrvd_conf.c:952 logsrvd/logsrvd_conf.c:1590 +#: logsrvd/logsrvd_conf.c:1594 logsrvd/logsrvd_conf.c:1598 +#, c-format +msgid "unknown syslog priority %s" +msgstr "neznámá priorita systémového protokolu: %s" + +#: logsrvd/logsrvd_conf.c:1132 #, c-format msgid "%s:%d unmatched '[': %s" msgstr "%s:%d nepárová „[“: %s" -#: logsrvd/logsrvd_conf.c:778 +#: logsrvd/logsrvd_conf.c:1143 #, c-format msgid "%s:%d invalid config section: %s" msgstr "%s:%d neplatný konfigurační oddíl: %s" -#: logsrvd/logsrvd_conf.c:786 +#: logsrvd/logsrvd_conf.c:1151 #, c-format msgid "%s:%d invalid configuration line: %s" msgstr "%s:%d neplatný řádek s konfigurací: %s" -#: logsrvd/logsrvd_conf.c:792 +#: logsrvd/logsrvd_conf.c:1157 #, c-format msgid "%s:%d expected section name: %s" msgstr "%s:%d očekávaný název oddílu: %s" -#: logsrvd/logsrvd_conf.c:806 +#: logsrvd/logsrvd_conf.c:1179 #, c-format -msgid "invalid value for %s: %s" -msgstr "neplatná hodnota pro %s: %s" +msgid "%s:%d [%s] illegal key: %s" +msgstr "%s:%d [%s] nedovolený klíč: %s" -#: logsrvd/logsrvd_conf.c:814 +#: logsrvd/logsrvd_conf.c:1209 plugins/sudoers/cvtsudoers.c:268 +#: plugins/sudoers/logging.c:856 #, c-format -msgid "%s:%d unknown key: %s" -msgstr "%s:%d: neznámý klíč: %s" +msgid "unable to open log file %s" +msgstr "nelze otevřít soubor protokolu %s" + +#: logsrvd/logsrvd_conf.c:1666 +msgid "unable to initialize server TLS context" +msgstr "TLS kontext serveru nelze inicializovat" + +#: logsrvd/logsrvd_conf.c:1686 +msgid "unable to initialize relay TLS context" +msgstr "TLS kontext relay nelze inicializovat" + +#: logsrvd/logsrvd_journal.c:136 logsrvd/logsrvd_journal.c:416 +#: logsrvd/logsrvd_journal.c:421 +msgid "unable to create journal file" +msgstr "soubor s žurnálem nelze vytvořit" -#: logsrvd/logsrvd_conf.c:1003 +#: logsrvd/logsrvd_journal.c:140 logsrvd/logsrvd_queue.c:104 +#: plugins/sudoers/visudo.c:1007 #, c-format -msgid "unknown syslog facility %s" -msgstr "neznámý obor systémového protokolu %s" +msgid "unable to lock %s" +msgstr "%s nelze uzamknout" -#: logsrvd/logsrvd_conf.c:1007 logsrvd/logsrvd_conf.c:1011 -#: logsrvd/logsrvd_conf.c:1015 +#: logsrvd/logsrvd_journal.c:143 +msgid "unable to lock journal file" +msgstr "soubor s žurnálem nelze zamknout" + +#: logsrvd/logsrvd_journal.c:151 +msgid "unable to open journal file" +msgstr "soubor s žurnálem nelze otevřít" + +#: logsrvd/logsrvd_journal.c:172 logsrvd/logsrvd_journal.c:452 +#: logsrvd/logsrvd_journal.c:457 +msgid "unable to write journal file" +msgstr "soubor s žurnálem nelze zapsat" + +#: logsrvd/logsrvd_journal.c:180 logsrvd/logsrvd_journal.c:187 +msgid "unable to rename journal file" +msgstr "soubor s žurnálem nelze přejmenovat" + +#: logsrvd/logsrvd_journal.c:234 logsrvd/logsrvd_journal.c:235 +#: logsrvd/logsrvd_journal.c:269 logsrvd/logsrvd_journal.c:270 +msgid "unexpected EOF reading journal file" +msgstr "nečekaný konec souboru při čtení žurnálu" + +#: logsrvd/logsrvd_journal.c:238 logsrvd/logsrvd_journal.c:239 +#: logsrvd/logsrvd_journal.c:273 logsrvd/logsrvd_journal.c:274 +msgid "error reading journal file" +msgstr "chyba při čtení souboru s žurnálem" + +#: logsrvd/logsrvd_journal.c:285 logsrvd/logsrvd_journal.c:376 +msgid "invalid journal file, unable to restart" +msgstr "neplatný soubor s žurnálem, nelze restartovat" + +#: logsrvd/logsrvd_journal.c:435 #, c-format -msgid "unknown syslog priority %s" -msgstr "neznámá priorita systémového protokolu: %s" +msgid "unable to seek to [%lld, %ld] in journal file %s" +msgstr "nelze se přesunou na [%lld, %ld] v souboru žurnálu %s" -#: logsrvd/sendlog.c:127 -msgid "" -"\n" -"Options:\n" -" --help display help message and exit\n" -" -A, --accept only send an accept event (no I/O)\n" -" -h, --host host to send logs to\n" -" -i, --iolog_id remote ID of I/O log to be resumed\n" -" -p, --port port to use when connecting to host\n" -" -r, --restart restart previous I/O log transfer\n" -" -R, --reject reject the command with the given reason\n" -" -b, --ca-bundle certificate bundle file to verify server's cert against\n" -" -c, --cert certificate file for TLS handshake\n" -" -k, --key private key file\n" -" -n, --no-verify do not verify server certificate\n" -" -t, --test test audit server by sending selected I/O log n times in parallel\n" -" -V, --version display version information and exit\n" -msgstr "" -"\n" -"Přepínače:\n" -" --help zobrazí nápovědu a skončí\n" -" -A, --accept zašle pouze událost přijetí (žádný vstup a výstup)\n" -" -h, --host stroj, kam posílat protokol\n" -" -i, --iolog_id vzdálený identifikátor vstupně-výstupního protokolu,\n" -" na který se má navázat\n" -" -p, --port port, který se použije při připojování na stroj\n" -" -r, --restart restartuje předchozí přenos vstupně-výstupního\n" -" protokolu\n" -" -R, --reject zamítne příkaz se zadaným důvodem\n" -" -b, --ca-bundle soubor se svazkem certifikátů, proti kterému se\n" -" bude ověřovat certifikát serveru\n" -" -c, --cert soubor s certifikátem pro navázání spojení TLS\n" -" -k, --key soubor se soukromým klíčem\n" -" -n, --no-verify neověřuje certifikát serveru\n" -" -t, --test otestuje auditní server zasláním vybraných\n" -" vstupně-výstupních protokolů n-krát souběžně\n" -" -V, --version zobrazí údaje o verzi a skončí\n" +#: logsrvd/logsrvd_local.c:153 +msgid "error parsing AcceptMessage" +msgstr "chyba při rozboru zprávy AcceptMessage" + +#: logsrvd/logsrvd_local.c:164 +msgid "error creating I/O log" +msgstr "chyba při vytváření vstupně-výstupního protokolu" + +#: logsrvd/logsrvd_local.c:187 +msgid "error logging accept event" +msgstr "chyba při protokolování události přijetí" + +#: logsrvd/logsrvd_local.c:226 +msgid "error parsing RejectMessage" +msgstr "chyba při rozboru zprávy RejectMessage" + +#: logsrvd/logsrvd_local.c:250 +msgid "error logging reject event" +msgstr "chyba při protokolování události zamítnutí" + +#: logsrvd/logsrvd_local.c:386 logsrvd/logsrvd_local.c:394 +msgid "error logging exit event" +msgstr "chyba při protokolování události ukončení" + +#: logsrvd/logsrvd_local.c:451 logsrvd/logsrvd_local.c:452 +msgid "log is already complete, cannot be restarted" +msgstr "protokol byl již dokončen, nelze jej restartovat" + +#: logsrvd/logsrvd_local.c:482 +msgid "unable to restart log" +msgstr "protokol nelze navázat" + +#: logsrvd/logsrvd_local.c:498 +msgid "error parsing AlertMessage" +msgstr "chyba při rozboru zprávy AlertMessage" + +#: logsrvd/logsrvd_local.c:508 +msgid "error logging alert event" +msgstr "chyba při protokolování události upozornění" + +#: logsrvd/logsrvd_local.c:543 logsrvd/logsrvd_local.c:596 +#: logsrvd/logsrvd_local.c:631 +#, c-format +msgid "unable to format timing buffer, length %d" +msgstr "nelze naformátovat časový údaj, délka %d" + +#: logsrvd/logsrvd_local.c:550 logsrvd/logsrvd_local.c:558 +#: logsrvd/logsrvd_local.c:603 logsrvd/logsrvd_local.c:638 +#: plugins/sudoers/sudoreplay.c:351 +#, c-format +msgid "%s/%s: %s" +msgstr "%s/%s: %s" + +#: logsrvd/logsrvd_local.c:578 +msgid "error writing IoBuffer" +msgstr "chyba při zápisu IoBuffer" + +#: logsrvd/logsrvd_local.c:613 +msgid "error writing ChangeWindowSize" +msgstr "chyba při zápisu ChangeWindowSize" + +#: logsrvd/logsrvd_local.c:648 +msgid "error writing CommandSuspend" +msgstr "chyba při zápisu CommandSuspend" + +#: logsrvd/logsrvd_relay.c:430 +msgid "TLS handshake with relay host failed" +msgstr "navazování TLS spojení se strojem relaye selhalo" + +#: logsrvd/logsrvd_relay.c:458 +msgid "unable to connect to relay host" +msgstr "ke stroji relaye se nelze připojit" + +#: logsrvd/logsrvd_relay.c:513 +#, c-format +msgid "%s: invalid ServerHello, missing server_id" +msgstr "%s: neplatná správa ServerHello, chybí server_id" -#: logsrvd/sendlog.c:164 plugins/sudoers/log_client.c:432 +#: logsrvd/logsrvd_relay.c:515 logsrvd/sendlog.c:1121 +#: plugins/sudoers/log_client.c:1497 +msgid "invalid ServerHello" +msgstr "neplatná správa ServerHello" + +#: logsrvd/logsrvd_relay.c:674 +msgid "unrecognized ServerMessage type" +msgstr "nerozpoznaný druh zprávy ServerMessage" + +#: logsrvd/logsrvd_relay.c:703 +#, c-format +msgid "timed out reading from relay %s (%s)" +msgstr "při čtení z relaye %s (%s) vypršel časový limit" + +#: logsrvd/logsrvd_relay.c:705 +msgid "timeout reading from relay" +msgstr "při čtení z relaye vypršel časový limit" + +#: logsrvd/logsrvd_relay.c:757 +msgid "relay host name does not match certificate" +msgstr "název stroje relaye neodpovídá certifikátu" + +#: logsrvd/logsrvd_relay.c:763 logsrvd/logsrvd_relay.c:776 +#: logsrvd/logsrvd_relay.c:782 +msgid "error reading from relay" +msgstr "chyba při čtení z relaye" + +#: logsrvd/logsrvd_relay.c:803 +msgid "unable to read from relay" +msgstr "z relaye nelze číst" + +#: logsrvd/logsrvd_relay.c:818 logsrvd/logsrvd_relay.c:936 +msgid "relay server closed connection" +msgstr "relay server uzavřel spojení" + +#: logsrvd/logsrvd_relay.c:836 +msgid "server message too large" +msgstr "správa od serveru je příliš velká" + +#: logsrvd/logsrvd_relay.c:900 +#, c-format +msgid "timed out writing to relay %s (%s)" +msgstr "při zapisování do relaye %s (%s) vypršel časový limit" + +#: logsrvd/logsrvd_relay.c:902 +msgid "timeout writing to relay" +msgstr "při zapisování do relaye vypršel časový limit" + +#: logsrvd/logsrvd_relay.c:955 logsrvd/logsrvd_relay.c:961 +#: logsrvd/logsrvd_relay.c:971 +msgid "error writing to relay" +msgstr "chyba při zápisu do relaye" + +#: logsrvd/sendlog.c:114 +msgid "send sudo I/O log to remote server" +msgstr "odešle vstupně-výstupní protokol vzdálenému serveru" + +#: logsrvd/sendlog.c:120 +msgid "only send an accept event (no I/O)" +msgstr "odešle pouze událost přijetí (žádný vstup-výstup)" + +#: logsrvd/sendlog.c:123 +msgid "certificate bundle file to verify server's cert against" +msgstr "soubor se svazkem certifikátů, proti kterým se má ověřit certifikát serveru" + +#: logsrvd/sendlog.c:125 +msgid "certificate file for TLS handshake" +msgstr "soubor s certifikátem pro navázání TLS" + +#: logsrvd/sendlog.c:128 +msgid "host to send logs to" +msgstr "stroj, kam zaslat protokoly" + +#: logsrvd/sendlog.c:130 +msgid "remote ID of I/O log to be resumed" +msgstr "vzdálený identifikátor protokolu vstupu-výstupu, na kterým se má navázat" + +#: logsrvd/sendlog.c:133 +msgid "private key file" +msgstr "soubor se soukromým klíčem" + +#: logsrvd/sendlog.c:135 +msgid "do not verify server certificate" +msgstr "neověřovat certifikát serveru" + +#: logsrvd/sendlog.c:138 +msgid "port to use when connecting to host" +msgstr "port, který se použije při připojovaní na stroj" + +#: logsrvd/sendlog.c:140 +msgid "restart previous I/O log transfer" +msgstr "navázat na předchozí přenos protokolu vstupu-výstupu" + +#: logsrvd/sendlog.c:142 +msgid "reject the command with the given reason" +msgstr "zamítnout příkaz se zadaným důvodem" + +#: logsrvd/sendlog.c:144 +msgid "stop transfer after reaching this time" +msgstr "zastavit přenos po dosažení tohoto času" + +#: logsrvd/sendlog.c:146 +msgid "test audit server by sending selected I/O log n times in parallel" +msgstr "vyzkoušet auditní server zasláním vybraného protokolu vstupu-výstupu n-krát souběžně" + +#: logsrvd/sendlog.c:171 plugins/sudoers/log_client.c:441 #, c-format msgid "unable to look up %s:%s: %s" msgstr "%s:%s nelze vyhledat: %s" -#: logsrvd/sendlog.c:202 +#: logsrvd/sendlog.c:209 msgid "unable to get server IP addr" msgstr "nelze získat IP adresu serveru" -#: logsrvd/sendlog.c:256 plugins/sudoers/sudoreplay.c:851 +#: logsrvd/sendlog.c:295 plugins/sudoers/sudoreplay.c:871 #, c-format msgid "unable to read %s/%s: %s" msgstr "%s/%s nelze přečíst: %s" -#: logsrvd/sendlog.c:277 plugins/sudoers/log_client.c:694 -#, c-format -msgid "client message too large: %zu" -msgstr "zpráva od klienta je příliš velká: %zu" - -#: logsrvd/sendlog.c:810 -#, c-format -msgid "%s: write buffer already in use" -msgstr "%s: vyrovnávací paměť pro zápis se již používá" - -#: logsrvd/sendlog.c:862 plugins/sudoers/iolog.c:880 -#: plugins/sudoers/iolog.c:949 +#: logsrvd/sendlog.c:1045 plugins/sudoers/iolog.c:887 +#: plugins/sudoers/iolog.c:956 #, c-format msgid "unexpected I/O event %d" msgstr "nečekaná I/O událost %d" -#: logsrvd/sendlog.c:908 logsrvd/sendlog.c:925 logsrvd/sendlog.c:959 -#: plugins/sudoers/log_client.c:1118 plugins/sudoers/log_client.c:1386 -#: plugins/sudoers/log_client.c:1454 plugins/sudoers/log_client.c:1490 +#: logsrvd/sendlog.c:1098 logsrvd/sendlog.c:1115 logsrvd/sendlog.c:1149 +#: plugins/sudoers/log_client.c:1146 plugins/sudoers/log_client.c:1423 +#: plugins/sudoers/log_client.c:1491 plugins/sudoers/log_client.c:1530 #, c-format msgid "%s: unexpected state %d" msgstr "%s: nečekaný stav %d" -#: logsrvd/sendlog.c:931 plugins/sudoers/log_client.c:1460 -msgid "invalid ServerHello" -msgstr "neplatná správa ServerHello" - -#: logsrvd/sendlog.c:995 plugins/sudoers/log_client.c:1534 +#: logsrvd/sendlog.c:1185 plugins/sudoers/log_client.c:1576 #, c-format msgid "error message received from server: %s" msgstr "od serveru byla přijata chybová zpráva: %s" -#: logsrvd/sendlog.c:1008 plugins/sudoers/log_client.c:1547 +#: logsrvd/sendlog.c:1198 plugins/sudoers/log_client.c:1589 #, c-format msgid "abort message received from server: %s" msgstr "od serveru byla přijata zpráva o zrušení: %s" -#: logsrvd/sendlog.c:1027 plugins/sudoers/log_client.c:1566 -msgid "unable to unpack ServerMessage" -msgstr "zprávu ServerMessage nelze rozbalit" - -#: logsrvd/sendlog.c:1067 plugins/sudoers/log_client.c:1597 +#: logsrvd/sendlog.c:1257 plugins/sudoers/log_client.c:1639 #, c-format msgid "%s: unexpected type_case value %d" msgstr "%s: nečekaná hodnota type_case %d" -#: logsrvd/sendlog.c:1096 +#: logsrvd/sendlog.c:1286 msgid "timeout reading from server" msgstr "při čtení ze serveru vypršel časový limit" -#: logsrvd/sendlog.c:1174 +#: logsrvd/sendlog.c:1368 msgid "premature EOF" msgstr "předčasný konec souboru" -#: logsrvd/sendlog.c:1187 plugins/sudoers/log_client.c:1751 +#: logsrvd/sendlog.c:1381 plugins/sudoers/log_client.c:1800 #, c-format msgid "server message too large: %u" msgstr "správa od serveru je příliš velká: %u" -#: logsrvd/sendlog.c:1238 +#: logsrvd/sendlog.c:1437 msgid "timeout writing to server" msgstr "při zapisování do serveru vypršel časový limit" -#: logsrvd/sendlog.c:1457 plugins/sudoers/log_client.c:296 +#: logsrvd/sendlog.c:1802 +msgid "both restart point and iolog ID must be specified" +msgstr "musí být zadán jak bod navázání, tak i identifikátor iolog" + +#: logsrvd/sendlog.c:1806 +msgid "a restart point may not be set when no I/O is sent" +msgstr "bod navázání nelze nastavit, když žádný vstup/výstup nebyl odeslán" + +#: logsrvd/sendlog.c:1882 +#, c-format +msgid "exited prematurely with state %d" +msgstr "ukončeno předčasně ve stavu %d" + +#: logsrvd/sendlog.c:1883 +#, c-format +msgid "elapsed time sent to server [%lld, %ld]" +msgstr "uplynulý čas zaslaný serveru [%lld, %ld]" + +#: logsrvd/sendlog.c:1885 +#, c-format +msgid "commit point received from server [%lld, %ld]" +msgstr "od server byl přijat bod zápisu [%lld, %ld]" + +#: logsrvd/tls_client.c:106 plugins/sudoers/log_client.c:304 msgid "TLS handshake timeout occurred" msgstr "Při navazování spojení TLS vypršel časový limit" -#: logsrvd/sendlog.c:1476 logsrvd/sendlog.c:1491 -#: plugins/sudoers/log_client.c:318 plugins/sudoers/log_client.c:334 +#: logsrvd/tls_client.c:126 logsrvd/tls_client.c:142 +#: plugins/sudoers/log_client.c:326 plugins/sudoers/log_client.c:342 msgid "unable to set event" msgstr "událost nelze nastavit" -#: logsrvd/sendlog.c:1501 logsrvd/sendlog.c:1505 +#: logsrvd/tls_client.c:152 logsrvd/tls_client.c:156 #, c-format msgid "TLS connection failed: %s" msgstr "spojení TLS selhalo: %s" -#: logsrvd/sendlog.c:1538 -#, c-format -msgid "Unable to initialize ssl context: %s" -msgstr "Kontext SSL nelze inicializovat: %s" - -#: logsrvd/sendlog.c:1543 plugins/sudoers/log_client.c:258 +#: logsrvd/tls_client.c:190 #, c-format -msgid "Unable to allocate ssl object: %s" -msgstr "Objekt SSL nelze alokovat: %s" +msgid "unable to allocate ssl object: %s" +msgstr "objekt SSL nelze alokovat: %s" -#: logsrvd/sendlog.c:1548 +#: logsrvd/tls_client.c:203 #, c-format msgid "Unable to attach socket to the ssl object: %s" msgstr "K objektu SSL nelze připojit socket: %s" -#: logsrvd/sendlog.c:1792 -msgid "both restart point and iolog ID must be specified" -msgstr "musí být zadán jak bod navázání, tak i identifikátor iolog" +#: logsrvd/tls_client.c:231 +msgid "unable to initialize TLS context" +msgstr "kontext TLS nelze inicializovat" -#: logsrvd/sendlog.c:1796 -msgid "a restart point may not be set when no I/O is sent" -msgstr "bod navázání nelze nastavit, když žádný vstup/výstup nebyl odeslán" +#: logsrvd/tls_init.c:127 logsrvd/tls_init.c:135 +#, c-format +msgid "unable to set TLS 1.2 ciphersuite to %s: %s" +msgstr "šifru TLS 1.2 nelze nastavit na %s: %s" -#: logsrvd/sendlog.c:1871 +#: logsrvd/tls_init.c:155 logsrvd/tls_init.c:163 #, c-format -msgid "exited prematurely with state %d" -msgstr "ukončeno předčasně ve stavu %d" +msgid "unable to set TLS 1.3 ciphersuite to %s: %s" +msgstr "šifru TLS 1.3 nelze nastavit na %s: %s" -#: logsrvd/sendlog.c:1872 +#: logsrvd/tls_init.c:195 logsrvd/tls_init.c:216 #, c-format -msgid "elapsed time sent to server [%lld, %ld]" -msgstr "uplynulý čas zaslaný serveru [%lld, %ld]" +msgid "unable to set diffie-hellman parameters: %s" +msgstr "nelze nastavit parametry Diffieho-Hellmana: %s" -#: logsrvd/sendlog.c:1874 +#: logsrvd/tls_init.c:272 #, c-format -msgid "commit point received from server [%lld, %ld]" -msgstr "od server byl přijat bod zápisu [%lld, %ld]" +msgid "unable to create TLS context: %s" +msgstr "nelze vytvořit kontext TLS: %s" -#: plugins/sudoers/alias.c:148 +#: logsrvd/tls_init.c:278 #, c-format -msgid "Alias \"%s\" already defined" -msgstr "Alias „%s“ je již definován" +msgid "unable to set minimum protocol version to TLS 1.2: %s" +msgstr "nelze nastavit minimální verzi protokolu na TLS 1.2: %s" -#: plugins/sudoers/audit.c:206 plugins/sudoers/audit.c:343 -#: plugins/sudoers/log_client.c:954 plugins/sudoers/log_client.c:1002 -#: plugins/sudoers/log_client.c:1050 plugins/sudoers/log_client.c:1175 -#: plugins/sudoers/logging.c:548 plugins/sudoers/policy.c:114 +#: plugins/sudoers/audit.c:267 plugins/sudoers/audit.c:419 +#: plugins/sudoers/log_client.c:979 plugins/sudoers/log_client.c:1028 +#: plugins/sudoers/log_client.c:1077 plugins/sudoers/log_client.c:1203 +#: plugins/sudoers/logging.c:551 plugins/sudoers/logging.c:648 +#: plugins/sudoers/logging.c:810 plugins/sudoers/policy.c:123 msgid "unable to get time of day" msgstr "nelze získat čas" @@ -920,45 +1347,45 @@ msgid "unable to change password for %s" msgstr "prošlé heslo pro %s nelze změnit" -#: plugins/sudoers/auth/bsdauth.c:70 +#: plugins/sudoers/auth/bsdauth.c:74 #, c-format msgid "unable to get login class for user %s" msgstr "nelze získat přihlašovací třídu uživatele %s" -#: plugins/sudoers/auth/bsdauth.c:75 +#: plugins/sudoers/auth/bsdauth.c:79 msgid "unable to begin bsd authentication" msgstr "nelze zahájit BSD autentizaci" -#: plugins/sudoers/auth/bsdauth.c:83 +#: plugins/sudoers/auth/bsdauth.c:87 msgid "invalid authentication type" msgstr "neplatný druh autentizace" -#: plugins/sudoers/auth/bsdauth.c:92 +#: plugins/sudoers/auth/bsdauth.c:96 msgid "unable to initialize BSD authentication" msgstr "nelze inicializovat BSD autentizaci" -#: plugins/sudoers/auth/bsdauth.c:179 +#: plugins/sudoers/auth/bsdauth.c:183 msgid "your account has expired" msgstr "vašemu účtu skončila platnost" -#: plugins/sudoers/auth/bsdauth.c:181 +#: plugins/sudoers/auth/bsdauth.c:185 msgid "approval failed" msgstr "schválení selhalo" -#: plugins/sudoers/auth/fwtk.c:54 +#: plugins/sudoers/auth/fwtk.c:58 msgid "unable to read fwtk config" msgstr "nelze načíst konfiguraci FWTK" -#: plugins/sudoers/auth/fwtk.c:59 +#: plugins/sudoers/auth/fwtk.c:63 msgid "unable to connect to authentication server" msgstr "k autentizačnímu serveru se nelze připojit" -#: plugins/sudoers/auth/fwtk.c:65 plugins/sudoers/auth/fwtk.c:89 -#: plugins/sudoers/auth/fwtk.c:121 +#: plugins/sudoers/auth/fwtk.c:69 plugins/sudoers/auth/fwtk.c:94 +#: plugins/sudoers/auth/fwtk.c:126 msgid "lost connection to authentication server" msgstr "spojení k autentizačnímu serveru ztraceno" -#: plugins/sudoers/auth/fwtk.c:69 +#: plugins/sudoers/auth/fwtk.c:73 #, c-format msgid "" "authentication server error:\n" @@ -972,83 +1399,83 @@ msgid "%s: unable to convert principal to string ('%s'): %s" msgstr "%s: principála nelze převést na řetězec („%s“): %s" -#: plugins/sudoers/auth/kerb5.c:160 +#: plugins/sudoers/auth/kerb5.c:162 #, c-format msgid "%s: unable to parse '%s': %s" msgstr "%s: „%s“ nelze rozebrat: %s" -#: plugins/sudoers/auth/kerb5.c:169 +#: plugins/sudoers/auth/kerb5.c:171 #, c-format msgid "%s: unable to resolve credential cache: %s" msgstr "%s: nelze najít keš s pověřeními: %s" -#: plugins/sudoers/auth/kerb5.c:216 +#: plugins/sudoers/auth/kerb5.c:220 #, c-format msgid "%s: unable to allocate options: %s" msgstr "%s: nelze alokovat volby: %s" -#: plugins/sudoers/auth/kerb5.c:231 +#: plugins/sudoers/auth/kerb5.c:235 #, c-format msgid "%s: unable to get credentials: %s" msgstr "%s: nelze získat pověření: %s" -#: plugins/sudoers/auth/kerb5.c:244 +#: plugins/sudoers/auth/kerb5.c:248 #, c-format msgid "%s: unable to initialize credential cache: %s" msgstr "%s: nelze inicializovat keš s pověřeními: %s" -#: plugins/sudoers/auth/kerb5.c:247 +#: plugins/sudoers/auth/kerb5.c:251 #, c-format msgid "%s: unable to store credential in cache: %s" msgstr "%s: pověření nelze uložit do keše: %s" -#: plugins/sudoers/auth/kerb5.c:311 +#: plugins/sudoers/auth/kerb5.c:315 #, c-format msgid "%s: unable to get host principal: %s" msgstr "%s: nelze získat principála stroje: %s" -#: plugins/sudoers/auth/kerb5.c:325 +#: plugins/sudoers/auth/kerb5.c:329 #, c-format msgid "%s: Cannot verify TGT! Possible attack!: %s" msgstr "%s: TGT nelze ověřit! Podezření na útok!: %s" -#: plugins/sudoers/auth/pam.c:218 +#: plugins/sudoers/auth/pam.c:216 #, c-format msgid "unable to initialize PAM: %s" msgstr "PAM nelze inicializovat: %s" -#: plugins/sudoers/auth/pam.c:317 +#: plugins/sudoers/auth/pam.c:338 #, c-format msgid "PAM authentication error: %s" msgstr "Chyba autentizace PAM: %s" -#: plugins/sudoers/auth/pam.c:336 +#: plugins/sudoers/auth/pam.c:357 msgid "account validation failure, is your account locked?" msgstr "ověření účtu selhalo, není váš účet zamknutý?" -#: plugins/sudoers/auth/pam.c:347 +#: plugins/sudoers/auth/pam.c:368 msgid "Account or password is expired, reset your password and try again" msgstr "Účtu nebo heslu vypršela platnost, nastavte si nové heslo a zkuste to znovu" -#: plugins/sudoers/auth/pam.c:353 +#: plugins/sudoers/auth/pam.c:374 #, c-format msgid "unable to change expired password: %s" msgstr "prošlé heslo nelze změnit: %s" -#: plugins/sudoers/auth/pam.c:364 +#: plugins/sudoers/auth/pam.c:385 msgid "Password expired, contact your system administrator" msgstr "Heslu vypršela platnost, kontaktujte správce svého systému" -#: plugins/sudoers/auth/pam.c:369 +#: plugins/sudoers/auth/pam.c:390 msgid "Account expired or PAM config lacks an \"account\" section for sudo, contact your system administrator" msgstr "Účtu vypršela platnost nebo v konfiguraci PAM pro sudo chybí sekce „account“. Kontaktujte správce svého systému" -#: plugins/sudoers/auth/pam.c:377 plugins/sudoers/auth/pam.c:382 +#: plugins/sudoers/auth/pam.c:398 plugins/sudoers/auth/pam.c:403 #, c-format msgid "PAM account management error: %s" msgstr "Chyba správy účtů PAM: %s" -#: plugins/sudoers/auth/rfc1938.c:99 plugins/sudoers/visudo.c:243 +#: plugins/sudoers/auth/rfc1938.c:99 plugins/sudoers/visudo.c:255 #, c-format msgid "you do not exist in the %s database" msgstr "v databázi %s neexistujete" @@ -1057,31 +1484,31 @@ msgid "failed to initialise the ACE API library" msgstr "inicializace knihovny ACE selhala" -#: plugins/sudoers/auth/securid5.c:98 +#: plugins/sudoers/auth/securid5.c:103 msgid "unable to contact the SecurID server" msgstr "nelze kontaktovat server SecurID" -#: plugins/sudoers/auth/securid5.c:107 +#: plugins/sudoers/auth/securid5.c:112 msgid "User ID locked for SecurID Authentication" msgstr "ID uživatele je pro autentizaci SecurID uzamčeno" -#: plugins/sudoers/auth/securid5.c:111 plugins/sudoers/auth/securid5.c:162 +#: plugins/sudoers/auth/securid5.c:116 plugins/sudoers/auth/securid5.c:167 msgid "invalid username length for SecurID" msgstr "neplatná délka uživatelského jména pro SecurID" -#: plugins/sudoers/auth/securid5.c:115 plugins/sudoers/auth/securid5.c:167 +#: plugins/sudoers/auth/securid5.c:120 plugins/sudoers/auth/securid5.c:172 msgid "invalid Authentication Handle for SecurID" msgstr "neplatný deskriptor autentizace pro SecurID" -#: plugins/sudoers/auth/securid5.c:119 +#: plugins/sudoers/auth/securid5.c:124 msgid "SecurID communication failed" msgstr "komunikace se SecurID selhala" -#: plugins/sudoers/auth/securid5.c:123 plugins/sudoers/auth/securid5.c:210 +#: plugins/sudoers/auth/securid5.c:128 plugins/sudoers/auth/securid5.c:215 msgid "unknown SecurID error" msgstr "neznámá chyba SecurID" -#: plugins/sudoers/auth/securid5.c:157 +#: plugins/sudoers/auth/securid5.c:162 msgid "invalid passcode length for SecurID" msgstr "neplatná délka kódu pro SecurID" @@ -1121,7 +1548,17 @@ msgid "unable to commit audit record" msgstr "auditní zprávu nelze odeslat" -#: plugins/sudoers/check.c:258 +#: plugins/sudoers/check.c:264 +#, c-format +msgid "error reading lecture file %s" +msgstr "chyba při čtení souboru lekce %s" + +#: plugins/sudoers/check.c:270 +#, c-format +msgid "ignoring lecture file %s: not a regular file" +msgstr "ignoruje se soubor lekce %s: nejedná se o běžný soubor" + +#: plugins/sudoers/check.c:283 msgid "" "\n" "We trust you have received the usual lecture from the local System\n" @@ -1141,118 +1578,122 @@ " 3. S velkými právy přichází velká zodpovědnost.\n" "\n" -#: plugins/sudoers/check.c:301 plugins/sudoers/check.c:311 -#: plugins/sudoers/sudoers.c:837 plugins/sudoers/sudoers.c:858 +#: plugins/sudoers/check.c:331 plugins/sudoers/check.c:341 +#: plugins/sudoers/sudoers.c:885 plugins/sudoers/sudoers.c:906 #: plugins/sudoers/tsdump.c:119 #, c-format -msgid "unknown uid: %u" -msgstr "neznámé UID: %u" +msgid "unknown uid %u" +msgstr "neznámé UID %u" + +#: plugins/sudoers/check_aliases.c:92 +#, c-format +msgid "Error: %s:%d:%d: cycle in %s \"%s\"" +msgstr "Chyba: %s:%d:%d: smyčka v %s „%s“" + +#: plugins/sudoers/check_aliases.c:93 +#, c-format +msgid "Warning: %s:%d:%d: cycle in %s \"%s\"" +msgstr "Pozor: %s:%d:%d: smyčka v %s „%s“" + +#: plugins/sudoers/check_aliases.c:97 +#, c-format +msgid "Error: %s:%d:%d: %s \"%s\" referenced but not defined" +msgstr "Chyba: %s:%d:%d: %s „%s“ použit, ale nedefinován" -#: plugins/sudoers/check.c:306 plugins/sudoers/exptilde.c:85 -#: plugins/sudoers/iolog.c:118 plugins/sudoers/policy.c:1088 -#: plugins/sudoers/sudoers.c:440 plugins/sudoers/sudoers.c:1307 -#: plugins/sudoers/testsudoers.c:219 plugins/sudoers/testsudoers.c:386 +#: plugins/sudoers/check_aliases.c:98 #, c-format -msgid "unknown user: %s" -msgstr "neznámý uživatel: %s" +msgid "Warning: %s:%d:%d: %s \"%s\" referenced but not defined" +msgstr "Pozor: %s:%d:%d: %s „%s“ použit, ale nedefinován" -#: plugins/sudoers/cvtsudoers.c:194 +#: plugins/sudoers/cvtsudoers.c:209 #, c-format msgid "order increment: %s: %s" msgstr "přírůstek pořadí: %s: %s" -#: plugins/sudoers/cvtsudoers.c:210 +#: plugins/sudoers/cvtsudoers.c:228 #, c-format msgid "starting order: %s: %s" msgstr "počáteční pořadí: %s: %s" -#: plugins/sudoers/cvtsudoers.c:220 +#: plugins/sudoers/cvtsudoers.c:238 #, c-format msgid "order padding: %s: %s" msgstr "odsazení pořadí: %s: %s" -#: plugins/sudoers/cvtsudoers.c:230 plugins/sudoers/visudo.c:179 +#: plugins/sudoers/cvtsudoers.c:248 plugins/sudoers/visudo.c:179 #, c-format msgid "%s grammar version %d\n" msgstr "verze gramatiky %s je %d\n" -#: plugins/sudoers/cvtsudoers.c:247 plugins/sudoers/testsudoers.c:167 +#: plugins/sudoers/cvtsudoers.c:277 plugins/sudoers/testsudoers.c:159 #, c-format msgid "unsupported input format %s" msgstr "nepodporovaný formát vstupu %s" -#: plugins/sudoers/cvtsudoers.c:262 +#: plugins/sudoers/cvtsudoers.c:295 #, c-format msgid "unsupported output format %s" msgstr "nepodporovaný formát výstupu %s" -#: plugins/sudoers/cvtsudoers.c:314 +#: plugins/sudoers/cvtsudoers.c:385 #, c-format msgid "%s: input and output files must be different" msgstr "%s: vstupní a výstupní soubory se musí lišit" -#: plugins/sudoers/cvtsudoers.c:330 plugins/sudoers/sudoers.c:178 -#: plugins/sudoers/testsudoers.c:258 plugins/sudoers/visudo.c:249 -#: plugins/sudoers/visudo.c:603 plugins/sudoers/visudo.c:926 +#: plugins/sudoers/cvtsudoers.c:399 plugins/sudoers/sudoers.c:159 +#: plugins/sudoers/sudoers.c:205 plugins/sudoers/testsudoers.c:254 +#: plugins/sudoers/visudo.c:261 plugins/sudoers/visudo.c:620 +#: plugins/sudoers/visudo.c:953 msgid "unable to initialize sudoers default values" msgstr "nelze inicializovat výchozí hodnoty sudoers" -#: plugins/sudoers/cvtsudoers.c:416 plugins/sudoers/ldap_conf.c:431 +#: plugins/sudoers/cvtsudoers.c:522 plugins/sudoers/ldap_conf.c:431 #, c-format msgid "%s: %s: %s: %s" msgstr "%s: %s: %s: %s" -#: plugins/sudoers/cvtsudoers.c:475 +#: plugins/sudoers/cvtsudoers.c:581 #, c-format -msgid "%s: unknown key word: %s" -msgstr "%s: neznámé klíčové slovo: %s" +msgid "%s: unknown key word %s" +msgstr "%s: neznámé klíčové slovo %s" -#: plugins/sudoers/cvtsudoers.c:521 +#: plugins/sudoers/cvtsudoers.c:627 #, c-format msgid "invalid defaults type: %s" msgstr "neplatný druh položky defaults: %s" -#: plugins/sudoers/cvtsudoers.c:544 +#: plugins/sudoers/cvtsudoers.c:650 #, c-format msgid "invalid suppression type: %s" msgstr "neplatný druh potlačení: %s" -#: plugins/sudoers/cvtsudoers.c:584 plugins/sudoers/cvtsudoers.c:598 +#: plugins/sudoers/cvtsudoers.c:691 plugins/sudoers/cvtsudoers.c:707 #, c-format msgid "invalid filter: %s" msgstr "neplatný filtr: %s" -#: plugins/sudoers/cvtsudoers.c:617 plugins/sudoers/cvtsudoers.c:634 -#: plugins/sudoers/cvtsudoers.c:1244 plugins/sudoers/cvtsudoers_json.c:872 -#: plugins/sudoers/cvtsudoers_ldif.c:688 plugins/sudoers/sudoers.c:1053 -#: plugins/sudoers/sudoreplay.c:1435 plugins/sudoers/timestamp.c:441 -#: plugins/sudoers/tsdump.c:128 plugins/sudoers/visudo.c:922 -#, c-format -msgid "unable to open %s" -msgstr "nelze otevřít %s" - -#: plugins/sudoers/cvtsudoers.c:637 plugins/sudoers/visudo.c:931 +#: plugins/sudoers/cvtsudoers.c:751 plugins/sudoers/visudo.c:958 #, c-format msgid "failed to parse %s file, unknown error" msgstr "rozbor souboru %s se nezdařil, neznámá chyba" -#: plugins/sudoers/cvtsudoers.c:645 +#: plugins/sudoers/cvtsudoers.c:759 #, c-format msgid "parse error in %s near line %d\n" msgstr "chyba při rozboru %s kolem řádku %d\n" -#: plugins/sudoers/cvtsudoers.c:648 +#: plugins/sudoers/cvtsudoers.c:762 #, c-format msgid "parse error in %s\n" msgstr "chyba při rozboru %s\n" -#: plugins/sudoers/cvtsudoers.c:1291 plugins/sudoers/sudoreplay.c:1124 -#: plugins/sudoers/timestamp.c:325 plugins/sudoers/timestamp.c:328 +#: plugins/sudoers/cvtsudoers.c:1486 plugins/sudoers/sudoreplay.c:1145 +#: plugins/sudoers/timestamp.c:317 plugins/sudoers/timestamp.c:320 #, c-format msgid "unable to write to %s" msgstr "do %s nelze zapsat" -#: plugins/sudoers/cvtsudoers.c:1314 +#: plugins/sudoers/cvtsudoers.c:1509 #, c-format msgid "" "%s - convert between sudoers file formats\n" @@ -1261,7 +1702,7 @@ "%s – převádí mezí formáty souboru sudoers\n" "\n" -#: plugins/sudoers/cvtsudoers.c:1316 +#: plugins/sudoers/cvtsudoers.c:1511 msgid "" "\n" "Options:\n" @@ -1303,33 +1744,75 @@ " -s, --suppress=oddíl potlačí výstup jistých oddílů\n" " -V, --version zobrazí údaje o verzi a skončí" -#: plugins/sudoers/cvtsudoers_json.c:480 plugins/sudoers/cvtsudoers_json.c:514 -#: plugins/sudoers/cvtsudoers_json.c:713 -#, c-format -msgid "unknown defaults entry \"%s\"" -msgstr "neznámá položka defaults „%s“" - -#: plugins/sudoers/cvtsudoers_json.c:651 plugins/sudoers/cvtsudoers_json.c:664 -#: plugins/sudoers/cvtsudoers_ldif.c:346 plugins/sudoers/cvtsudoers_ldif.c:357 -#: plugins/sudoers/ldap.c:503 +#: plugins/sudoers/cvtsudoers_csv.c:452 plugins/sudoers/cvtsudoers_csv.c:466 +#: plugins/sudoers/cvtsudoers_json.c:654 plugins/sudoers/cvtsudoers_json.c:669 +#: plugins/sudoers/cvtsudoers_ldif.c:347 plugins/sudoers/cvtsudoers_ldif.c:360 +#: plugins/sudoers/ldap.c:504 msgid "unable to get GMT time" msgstr "nelze získat čas GMT" -#: plugins/sudoers/cvtsudoers_json.c:654 plugins/sudoers/cvtsudoers_json.c:667 -#: plugins/sudoers/cvtsudoers_ldif.c:349 plugins/sudoers/cvtsudoers_ldif.c:360 -#: plugins/sudoers/ldap.c:509 +#: plugins/sudoers/cvtsudoers_csv.c:457 plugins/sudoers/cvtsudoers_csv.c:471 +#: plugins/sudoers/cvtsudoers_json.c:659 plugins/sudoers/cvtsudoers_json.c:674 +#: plugins/sudoers/cvtsudoers_ldif.c:352 plugins/sudoers/cvtsudoers_ldif.c:365 +#: plugins/sudoers/ldap.c:512 msgid "unable to format timestamp" msgstr "nelze naformátovat časový údaj" -#: plugins/sudoers/cvtsudoers_ldif.c:640 +#: plugins/sudoers/cvtsudoers_json.c:480 plugins/sudoers/cvtsudoers_json.c:515 +#: plugins/sudoers/cvtsudoers_json.c:725 plugins/sudoers/defaults.c:189 +#, c-format +msgid "%s:%d:%d: unknown defaults entry \"%s\"" +msgstr "%s:%d:%d: neznámá položka defaults „%s“" + +#: plugins/sudoers/cvtsudoers_ldif.c:649 #, c-format msgid "too many sudoers entries, maximum %u" msgstr "příliš mnoho záznamů sudoers, maximum je %u" -#: plugins/sudoers/cvtsudoers_ldif.c:683 +#: plugins/sudoers/cvtsudoers_ldif.c:692 msgid "the SUDOERS_BASE environment variable is not set and the -b option was not specified." msgstr "proměnná prostředí SUDOERS_BASE není nastavená a přepínač -b nebyl zadán." +#: plugins/sudoers/cvtsudoers_merge.c:438 +#, c-format +msgid "unable to find alias %s" +msgstr "alias %s nelze nalézt" + +#: plugins/sudoers/cvtsudoers_merge.c:441 +#, c-format +msgid "%s:%d:%d: renaming alias %s to %s" +msgstr "%s:%d:%d: alias %s se přejmenovává na %s" + +#: plugins/sudoers/cvtsudoers_merge.c:498 +#, c-format +msgid "%s:%d:%d: removing duplicate alias %s" +msgstr "%s:%d:%d: zdvojený alias %s se odstraňuje" + +#: plugins/sudoers/cvtsudoers_merge.c:658 +#, c-format +msgid "%s:%d:%d: conflicting Defaults entry \"%s\" host-specific in %s:%d:%d" +msgstr "%s:%d:%d: neslučitelná položka Defaults „%s“ určená pro stroj na %s:%d:%d" + +#: plugins/sudoers/cvtsudoers_merge.c:698 +#, c-format +msgid "%s:%d:%d: made Defaults \"%s\" specific to host %s" +msgstr "%s:%d:%d: Defaults „%s“ se vyhrazuje pro stroj %s" + +#: plugins/sudoers/cvtsudoers_merge.c:718 +#, c-format +msgid "%s:%d:%d: removing Defaults \"%s\" overridden by subsequent entries" +msgstr "%s:%d:%d: Defaults „%s“ přebitá následujícími položkami se odstraňuje" + +#: plugins/sudoers/cvtsudoers_merge.c:723 +#, c-format +msgid "%s:%d:%d: unable to make Defaults \"%s\" host-specific" +msgstr "%s:%d:%d: Defaults „%s“ nelze vyhradit pro stroj" + +#: plugins/sudoers/cvtsudoers_merge.c:943 +#, c-format +msgid "%s:%d:%d: removing userspec overridden by subsequent entries" +msgstr "%s:%d:%d: userspec přebitá následujícími položkami se odstraňuje" + #: plugins/sudoers/def_data.c:50 #, c-format msgid "Syslog facility if syslog is being used for logging: %s" @@ -1909,95 +2392,194 @@ msgid "The format of logs to produce: %s" msgstr "Vytvářet protokol v tomto formátu: %s" -#: plugins/sudoers/defaults.c:185 +#: plugins/sudoers/def_data.c:574 +msgid "Enable SELinux RBAC support" +msgstr "Zapnout podporu pro SELinux RBAC" + +#: plugins/sudoers/def_data.c:578 #, c-format -msgid "%s:%d:%d: unknown defaults entry \"%s\"" -msgstr "%s:%d:%d: neznámá položka defaults „%s“" +msgid "Path to the file that is created the first time sudo is run: %s" +msgstr "Cesta k souboru, který se vytvoří při prvním spuštění suda: %s" + +#: plugins/sudoers/def_data.c:582 +msgid "Intercept further commands and apply sudoers restrictions to them" +msgstr "Zachytávat další příkazy a použít na ně omezení sudoers" + +#: plugins/sudoers/def_data.c:586 +msgid "Log sub-commands run by the original command" +msgstr "Zaznamenávat podpříkazy spuštěné původním příkazem" + +#: plugins/sudoers/def_data.c:590 +msgid "Log the exit status of commands" +msgstr "Zaznamenávat návratový kód příkazů" + +#: plugins/sudoers/def_data.c:594 +msgid "Subsequent commands in an intercepted session must be authenticated" +msgstr "Posloupnost příkazů v zachycené relaci musí být autentizována" + +#: plugins/sudoers/def_data.c:598 +msgid "Allow an intercepted command to run set setuid or setgid programs" +msgstr "Dovolit zachycenému příkazu spustit setuid nebo setgid programy" + +#: plugins/sudoers/def_data.c:602 +#, c-format +msgid "The maximum size to which the process's address space may grow (in bytes): %s" +msgstr "Největší velikost, které smí adresní prostor procesu dorůst (v bajtech): %s" + +#: plugins/sudoers/def_data.c:606 +#, c-format +msgid "The largest size core dump file that may be created (in bytes): %s" +msgstr "Největší velikost souboru s obrazem paměti, který smí být vytvořen (v bajtech): %s" + +#: plugins/sudoers/def_data.c:610 +#, c-format +msgid "The maximum amount of CPU time that the process may use (in seconds): %s" +msgstr "Největší množství procesorového času, který proces smí využít (v sekundách): %s" + +#: plugins/sudoers/def_data.c:614 +#, c-format +msgid "The maximum size of the data segment for the process (in bytes): %s" +msgstr "Největší velikost datového segmentu procesu (v bajtech): %s" -#: plugins/sudoers/defaults.c:188 +#: plugins/sudoers/def_data.c:618 +#, c-format +msgid "The largest size file that the process may create (in bytes): %s" +msgstr "Největší velikost souboru, který proces smí vytvořit (v bajtech): %s" + +#: plugins/sudoers/def_data.c:622 +#, c-format +msgid "The maximum number of locks that the process may establish: %s" +msgstr "Největší počet zámků, které proces smí vytvořit: %s" + +#: plugins/sudoers/def_data.c:626 +#, c-format +msgid "The maximum size that the process may lock in memory (in bytes): %s" +msgstr "Největší velikost paměti, kterou proces smí uzamknout (v bajtech): %s" + +#: plugins/sudoers/def_data.c:630 +#, c-format +msgid "The maximum number of files that the process may have open: %s" +msgstr "Největší počet souboru, které proces smí držet otevřené: %s" + +#: plugins/sudoers/def_data.c:634 +#, c-format +msgid "The maximum number of processes that the user may run simultaneously: %s" +msgstr "Největší počet procesů, které uživatel smí souběžně spustit: %s" + +#: plugins/sudoers/def_data.c:638 +#, c-format +msgid "The maximum size to which the process's resident set size may grow (in bytes): %s" +msgstr "Největší velikost rezidentní paměti, které proces smí dorůst (v bajtech): %s" + +#: plugins/sudoers/def_data.c:642 +#, c-format +msgid "The maximum size to which the process's stack may grow (in bytes): %s" +msgstr "Největší velikost zásobníku, které proces smí dorůst (v bajtech): %s" + +#: plugins/sudoers/defaults.c:192 #, c-format msgid "%s: unknown defaults entry \"%s\"" msgstr "%s: neznámá položka defaults „%s“" -#: plugins/sudoers/defaults.c:234 +#: plugins/sudoers/defaults.c:241 #, c-format msgid "%s:%d:%d: no value specified for \"%s\"" msgstr "%s:%d:%d: u „%s“ nebyla zadána žádná hodnota" -#: plugins/sudoers/defaults.c:237 +#: plugins/sudoers/defaults.c:244 #, c-format msgid "%s: no value specified for \"%s\"" msgstr "%s: u „%s“ nebyla zadána žádná hodnota" -#: plugins/sudoers/defaults.c:275 +#: plugins/sudoers/defaults.c:257 +#, c-format +msgid "%s:%d:%d: invalid operator \"%c=\" for \"%s\"" +msgstr "%s:%d:%d: neplatný operátor „%c=“ u „%s“" + +#: plugins/sudoers/defaults.c:260 +#, c-format +msgid "%s: invalid operator \"%c=\" for \"%s\"" +msgstr "%s: neplatný operátor „%c=“ u „%s“" + +#: plugins/sudoers/defaults.c:296 #, c-format msgid "%s:%d:%d: option \"%s\" does not take a value" msgstr "%s:%d:%d: volba „%s“ nebere hodnotu" -#: plugins/sudoers/defaults.c:278 +#: plugins/sudoers/defaults.c:299 #, c-format msgid "%s: option \"%s\" does not take a value" msgstr "%s: volba „%s“ nebere hodnotu" -#: plugins/sudoers/defaults.c:303 +#: plugins/sudoers/defaults.c:327 #, c-format msgid "%s:%d:%d: invalid Defaults type 0x%x for option \"%s\"" msgstr "%s:%d:%d: neplatný typ Defaults 0x%x u volby „%s“" -#: plugins/sudoers/defaults.c:306 +#: plugins/sudoers/defaults.c:330 #, c-format msgid "%s: invalid Defaults type 0x%x for option \"%s\"" msgstr "%s: neplatný typ Defaults 0x%x u volby „%s“" -#: plugins/sudoers/defaults.c:316 +#: plugins/sudoers/defaults.c:340 #, c-format msgid "%s:%d:%d: value \"%s\" is invalid for option \"%s\"" msgstr "%s:%d:%d: hodnota „%s“ je pro volbu „%s“ neplatná" -#: plugins/sudoers/defaults.c:319 +#: plugins/sudoers/defaults.c:343 #, c-format msgid "%s: value \"%s\" is invalid for option \"%s\"" msgstr "%s: hodnota „%s“ není pro volbu „%s“ platná" -#: plugins/sudoers/defaults.c:1030 +#: plugins/sudoers/defaults.c:1124 +#, c-format +msgid "%s:%d:%d: path name for \"%s\" too long" +msgstr "%s:%d:%d: cesta pro „%s“ je příliš dlouhá" + +#: plugins/sudoers/defaults.c:1127 +#, c-format +msgid "%s: path name for \"%s\" too long" +msgstr "%s: cesta pro „%s“ je příliš dlouhá" + +#: plugins/sudoers/defaults.c:1138 #, c-format msgid "%s:%d:%d: values for \"%s\" must start with a '/', '~', or '*'" msgstr "%s:%d:%d: hodnoty „%s“ musí začínat na „/“, „~“ nebo „*“" -#: plugins/sudoers/defaults.c:1034 +#: plugins/sudoers/defaults.c:1142 #, c-format msgid "%s: values for \"%s\" must start with a '/', '~', or '*'" msgstr "%s: hodnoty „%s“ musí začínat na „/“, „~“ nebo „*“" -#: plugins/sudoers/defaults.c:1045 +#: plugins/sudoers/defaults.c:1153 #, c-format msgid "%s:%d:%d: values for \"%s\" must start with a '/'" msgstr "%s:%d:%d: hodnoty „%s“ musí začínat na „/“" -#: plugins/sudoers/defaults.c:1049 +#: plugins/sudoers/defaults.c:1157 #, c-format msgid "%s: values for \"%s\" must start with a '/'" msgstr "%s: hodnoty „%s“ musí začínat na „/“" -#: plugins/sudoers/env.c:405 +#: plugins/sudoers/env.c:412 msgid "sudo_putenv: corrupted envp, length mismatch" msgstr "sudo_putenv: poškozené pole envp, délka nesouhlasí" -#: plugins/sudoers/env.c:1133 +#: plugins/sudoers/env.c:1095 msgid "unable to rebuild the environment" msgstr "prostředí nelze znovu sestavit" -#: plugins/sudoers/env.c:1207 +#: plugins/sudoers/env.c:1169 #, c-format msgid "sorry, you are not allowed to set the following environment variables: %s" msgstr "je nám líto, ale nemáte dovoleno nastavovat následující proměnné prostředí: %s" -#: plugins/sudoers/file.c:107 +#: plugins/sudoers/file.c:108 #, c-format msgid "parse error in %s near line %d" msgstr "chyba rozboru v %s kolem řádku %d" -#: plugins/sudoers/file.c:110 +#: plugins/sudoers/file.c:111 #, c-format msgid "parse error in %s" msgstr "chyba rozboru v %s" @@ -2022,7 +2604,7 @@ msgid "%s must only be writable by owner" msgstr "%s smí být zapisovatelný jen pro vlastníka" -#: plugins/sudoers/group_plugin.c:96 plugins/sudoers/sssd.c:569 +#: plugins/sudoers/group_plugin.c:96 plugins/sudoers/sssd.c:566 #, c-format msgid "unable to load %s: %s" msgstr "nelze zavést %s: %s" @@ -2037,56 +2619,51 @@ msgid "%s: incompatible group plugin major version %d, expected %d" msgstr "%s: nekompatibilní hlavní verze modulu pro skupiny %d, očekávána %d" -#: plugins/sudoers/interfaces.c:80 plugins/sudoers/interfaces.c:97 +#: plugins/sudoers/interfaces.c:76 plugins/sudoers/interfaces.c:93 #, c-format msgid "unable to parse IP address \"%s\"" msgstr "nelze rozebrat IP adresu „%s“" -#: plugins/sudoers/interfaces.c:85 plugins/sudoers/interfaces.c:102 +#: plugins/sudoers/interfaces.c:81 plugins/sudoers/interfaces.c:98 #, c-format msgid "unable to parse netmask \"%s\"" msgstr "nelze rozebrat síťovou masku „%s“" -#: plugins/sudoers/interfaces.c:130 +#: plugins/sudoers/interfaces.c:126 msgid "Local IP address and netmask pairs:\n" msgstr "Pár místní IP adresy a masky sítě:\n" -#: plugins/sudoers/iolog.c:143 plugins/sudoers/sudoers.c:445 -#: plugins/sudoers/sudoers.c:1341 plugins/sudoers/testsudoers.c:410 -#, c-format -msgid "unknown group: %s" -msgstr "neznámá skupina: %s" - -#: plugins/sudoers/iolog.c:622 +#: plugins/sudoers/iolog.c:626 msgid "unable to update sequence file" msgstr "nelze aktualizovat soubor s pořadovým číslem" -#: plugins/sudoers/iolog.c:653 plugins/sudoers/iolog.c:841 -#: plugins/sudoers/iolog.c:994 plugins/sudoers/iolog.c:1001 -#: plugins/sudoers/iolog.c:1122 plugins/sudoers/iolog.c:1129 -#: plugins/sudoers/iolog.c:1228 plugins/sudoers/iolog.c:1235 +#: plugins/sudoers/iolog.c:660 plugins/sudoers/iolog.c:848 +#: plugins/sudoers/iolog.c:1001 plugins/sudoers/iolog.c:1008 +#: plugins/sudoers/iolog.c:1129 plugins/sudoers/iolog.c:1136 +#: plugins/sudoers/iolog.c:1235 plugins/sudoers/iolog.c:1242 #, c-format msgid "unable to write to I/O log file: %s" msgstr "nelze zapsat do souboru s I/O protokolem: %s" -#: plugins/sudoers/iolog.c:661 +#: plugins/sudoers/iolog.c:668 #, c-format msgid "unable to create %s/%s" msgstr "%s/%s nelze vytvořit" -#: plugins/sudoers/iolog.c:886 +#: plugins/sudoers/iolog.c:893 #, c-format msgid "%s: internal error, I/O log file for event %d not open" msgstr "%s: vnitřní chyba, soubor s I/O protokolem pro událost %d není otevřen" -#: plugins/sudoers/iolog.c:979 plugins/sudoers/iolog.c:1107 -#: plugins/sudoers/iolog.c:1212 plugins/sudoers/timestamp.c:855 -#: plugins/sudoers/timestamp.c:947 plugins/sudoers/visudo.c:493 -#: plugins/sudoers/visudo.c:499 +#: plugins/sudoers/iolog.c:986 plugins/sudoers/iolog.c:1114 +#: plugins/sudoers/iolog.c:1219 plugins/sudoers/timestamp.c:849 +#: plugins/sudoers/timestamp.c:941 plugins/sudoers/visudo.c:510 +#: plugins/sudoers/visudo.c:516 msgid "unable to read the clock" msgstr "nelze přečíst hodiny" -#: plugins/sudoers/iolog.c:1204 plugins/sudoers/log_client.c:1193 +#: plugins/sudoers/iolog.c:1211 plugins/sudoers/log_client.c:1221 +#: plugins/sudoers/log_client.c:1231 plugins/sudoers/log_client.c:1235 #, c-format msgid "%s: internal error, invalid signal %d" msgstr "%s: vnitřní chyba, neplatný signál %d" @@ -2105,16 +2682,16 @@ msgid "you must set TLS_CERT in %s to use SSL" msgstr "pro SSL musíte v %s nastavit TLS_CERT" -#: plugins/sudoers/ldap.c:1660 +#: plugins/sudoers/ldap.c:1663 #, c-format msgid "unable to initialize LDAP: %s" msgstr "LDAP nelze inicializovat: %s" -#: plugins/sudoers/ldap.c:1697 +#: plugins/sudoers/ldap.c:1700 msgid "start_tls specified but LDAP libs do not support ldap_start_tls_s() or ldap_start_tls_s_np()" msgstr "start_tls uvedeno, ale knihovna LDAP nepodporuje ldap_start_tls_s_np() ani ldap_start_tls_s_np()" -#: plugins/sudoers/ldap.c:1834 plugins/sudoers/parse_ldif.c:744 +#: plugins/sudoers/ldap.c:1837 plugins/sudoers/parse_ldif.c:747 #, c-format msgid "invalid sudoOrder attribute: %s" msgstr "neplatný atribut sudoOrder: %s" @@ -2133,100 +2710,132 @@ msgid "unable to mix ldap and ldaps URIs" msgstr "nelze míchat URI ldap a ldaps" -#: plugins/sudoers/ldap_util.c:553 plugins/sudoers/ldap_util.c:555 +#: plugins/sudoers/ldap_util.c:498 plugins/sudoers/ldap_util.c:505 +#: plugins/sudoers/ldap_util.c:513 plugins/sudoers/ldap_util.c:522 +#: plugins/sudoers/ldap_util.c:530 plugins/sudoers/ldap_util.c:540 +#: plugins/sudoers/ldap_util.c:548 +#, c-format +msgid "duplicate sudoOption: %s%s%s" +msgstr "násobná sudoOption: %s%s%s" + +#: plugins/sudoers/ldap_util.c:567 plugins/sudoers/ldap_util.c:569 #, c-format msgid "unable to convert sudoOption: %s%s%s" msgstr "nelze převést sudoOption: %s%s%s" -#: plugins/sudoers/linux_audit.c:58 +#: plugins/sudoers/linux_audit.c:58 plugins/sudoers/linux_audit.c:60 msgid "unable to open audit system" msgstr "nelze otevřít auditní systém" -#: plugins/sudoers/linux_audit.c:101 +#: plugins/sudoers/linux_audit.c:103 msgid "unable to send audit message" msgstr "nelze odeslat auditní zprávu" -#: plugins/sudoers/log_client.c:113 plugins/sudoers/log_client.c:391 -#: plugins/sudoers/log_client.c:1431 plugins/sudoers/log_client.c:2023 +#: plugins/sudoers/log_client.c:120 plugins/sudoers/log_client.c:400 +#: plugins/sudoers/log_client.c:1468 plugins/sudoers/log_client.c:2070 msgid "error in event loop" msgstr "chyba ve smyčce událostí" -#: plugins/sudoers/log_client.c:193 +#: plugins/sudoers/log_client.c:200 #, c-format msgid "Creation of new SSL_CTX object failed: %s" msgstr "Vytvoření nového objektu SSL_CTX selhalo: %s" -#: plugins/sudoers/log_client.c:345 plugins/sudoers/log_client.c:350 +#: plugins/sudoers/log_client.c:223 +#, c-format +msgid "unable to load certificate authority bundle %s" +msgstr "nelze zavést svazek certifikátů autorit %s" + +#: plugins/sudoers/log_client.c:243 +#, c-format +msgid "unable to load certificate %s" +msgstr "nelze zavést certifikát %s" + +#: plugins/sudoers/log_client.c:256 +#, c-format +msgid "unable to load private key %s" +msgstr "nelze zavést soukromý klíč %s" + +#: plugins/sudoers/log_client.c:265 +#, c-format +msgid "Unable to allocate ssl object: %s" +msgstr "Objekt SSL nelze alokovat: %s" + +#: plugins/sudoers/log_client.c:353 plugins/sudoers/log_client.c:358 #, c-format msgid "TLS connection to %s:%s failed: %s" msgstr "Spojení TLS s %s:%s selhalo: %s" -#: plugins/sudoers/log_client.c:519 +#: plugins/sudoers/log_client.c:531 msgid "TLS initialization was unsuccessful" msgstr "Inicializace TLS nebyla úspěšná" -#: plugins/sudoers/log_client.c:528 +#: plugins/sudoers/log_client.c:541 msgid "TLS handshake was unsuccessful" msgstr "Ustanovení spojení TLS nebylo úspěšné" -#: plugins/sudoers/log_client.c:1202 +#: plugins/sudoers/log_client.c:1239 #, c-format msgid "%s: internal error, invalid exit status %d" msgstr "%s: vnitřní chyba, neplatný návratový kód %d" -#: plugins/sudoers/log_client.c:1738 +#: plugins/sudoers/log_client.c:1608 +msgid "unable to unpack ServerMessage" +msgstr "zprávu ServerMessage nelze rozbalit" + +#: plugins/sudoers/log_client.c:1763 plugins/sudoers/log_client.c:1787 msgid "lost connection to log server" msgstr "spojení k protokolovému serveru ztraceno" -#: plugins/sudoers/log_client.c:1815 +#: plugins/sudoers/log_client.c:1864 msgid "missing write buffer" msgstr "chybí vyrovnávací paměť pro zápis" -#: plugins/sudoers/log_client.c:1964 +#: plugins/sudoers/log_client.c:2011 msgid "unable to connect to log server" msgstr "k protokolovacímu serveru se nelze připojit" -#: plugins/sudoers/logging.c:244 +#: plugins/sudoers/logging.c:286 msgid "user NOT in sudoers" msgstr "uživatel NENÍ v sudoers" -#: plugins/sudoers/logging.c:246 +#: plugins/sudoers/logging.c:288 msgid "user NOT authorized on host" msgstr "uživatel NENÍ na stroji autorizován" -#: plugins/sudoers/logging.c:248 +#: plugins/sudoers/logging.c:290 msgid "command not allowed" msgstr "příkaz nedovolen" -#: plugins/sudoers/logging.c:269 +#: plugins/sudoers/logging.c:311 #, c-format msgid "%s is not in the sudoers file. This incident will be reported.\n" msgstr "%s není v souboru sudoers. Tato událost bude ohlášena.\n" -#: plugins/sudoers/logging.c:272 +#: plugins/sudoers/logging.c:314 #, c-format msgid "%s is not allowed to run sudo on %s. This incident will be reported.\n" msgstr "%s nemá dovoleno spouštět sudo na %s. Tato událost bude ohlášena.\n" -#: plugins/sudoers/logging.c:276 +#: plugins/sudoers/logging.c:318 #, c-format msgid "Sorry, user %s may not run sudo on %s.\n" msgstr "Je nám líto, uživatel %s nesmí spouštět sudo na %s.\n" -#: plugins/sudoers/logging.c:279 +#: plugins/sudoers/logging.c:321 #, c-format msgid "Sorry, user %s is not allowed to execute '%s%s%s' as %s%s%s on %s.\n" msgstr "Je nám líto, uživatel %s nemá dovoleno spouštět „%s%s%s“ jako %s%s%s na %s.\n" -#: plugins/sudoers/logging.c:316 plugins/sudoers/sudoers.c:583 -#: plugins/sudoers/sudoers.c:585 plugins/sudoers/sudoers.c:587 -#: plugins/sudoers/sudoers.c:589 plugins/sudoers/sudoers.c:739 -#: plugins/sudoers/sudoers.c:741 +#: plugins/sudoers/logging.c:358 plugins/sudoers/sudoers.c:629 +#: plugins/sudoers/sudoers.c:631 plugins/sudoers/sudoers.c:633 +#: plugins/sudoers/sudoers.c:635 plugins/sudoers/sudoers.c:785 +#: plugins/sudoers/sudoers.c:787 #, c-format msgid "%s: command not found" msgstr "%s: příkaz nenalezen" -#: plugins/sudoers/logging.c:318 plugins/sudoers/sudoers.c:579 +#: plugins/sudoers/logging.c:360 plugins/sudoers/sudoers.c:625 #, c-format msgid "" "ignoring \"%s\" found in '.'\n" @@ -2235,7 +2844,7 @@ "ignoruje se „%s“ nalezený v „.“\n" "Použijte „sudo ./%s„, je-li toto „%s“', který chcete spustit." -#: plugins/sudoers/logging.c:337 +#: plugins/sudoers/logging.c:379 #, c-format msgid "%u incorrect password attempt" msgid_plural "%u incorrect password attempts" @@ -2243,20 +2852,15 @@ msgstr[1] "%u chybné pokusy zadat heslo" msgstr[2] "%u chybných pokusů zadat heslo" -#: plugins/sudoers/logging.c:393 +#: plugins/sudoers/logging.c:435 msgid "authentication failure" msgstr "selhání autentizace" -#: plugins/sudoers/logging.c:433 plugins/sudoers/logging.c:453 +#: plugins/sudoers/logging.c:475 plugins/sudoers/logging.c:495 msgid "a password is required" msgstr "je vyžadováno heslo" -#: plugins/sudoers/logging.c:729 -#, c-format -msgid "unable to open log file: %s" -msgstr "nelze otevřít soubor protokolu: %s" - -#: plugins/sudoers/logging.c:762 +#: plugins/sudoers/logging.c:889 #, c-format msgid "unable to write log file: %s" msgstr "nelze zapsat soubor protokolu: %s" @@ -2266,7 +2870,15 @@ msgid "digest for %s (%s) is not in %s form" msgstr "součet pro %s (%s) nemá tvar %s" -#: plugins/sudoers/parse.c:518 +#: plugins/sudoers/parse.c:233 +msgid "SELinux RBAC is not supported when intercept mode is enabled" +msgstr "SELinux RBAC není podporování, když je zapnut režim zachytávání" + +#: plugins/sudoers/parse.c:238 +msgid "SELinux RBAC is not supported when the log_subcmds flag is enabled" +msgstr "SELinux RBAC není podporováno, když zapnut příznak log_subcmds" + +#: plugins/sudoers/parse.c:549 #, c-format msgid "" "\n" @@ -2275,7 +2887,7 @@ "\n" "Role LDAP: %s\n" -#: plugins/sudoers/parse.c:521 +#: plugins/sudoers/parse.c:552 msgid "" "\n" "Sudoers entry:\n" @@ -2283,104 +2895,115 @@ "\n" "Položka v sudoers:\n" -#: plugins/sudoers/parse.c:523 +#: plugins/sudoers/parse.c:554 msgid " RunAsUsers: " msgstr " RunAsUsers: " -#: plugins/sudoers/parse.c:538 +#: plugins/sudoers/parse.c:569 msgid " RunAsGroups: " msgstr " RunAsGroups: " -#: plugins/sudoers/parse.c:548 +#: plugins/sudoers/parse.c:579 msgid " Options: " msgstr " Volby: " -#: plugins/sudoers/parse.c:602 +#: plugins/sudoers/parse.c:643 msgid " Commands:\n" msgstr " Příkazy:\n" -#: plugins/sudoers/parse.c:793 +#: plugins/sudoers/parse.c:834 #, c-format msgid "Matching Defaults entries for %s on %s:\n" msgstr "Odpovídající položky Defaults pro %s na %s:\n" -#: plugins/sudoers/parse.c:811 +#: plugins/sudoers/parse.c:852 #, c-format msgid "Runas and Command-specific defaults for %s:\n" msgstr "Výchozí hodnoty Runas a Command pro %s:\n" -#: plugins/sudoers/parse.c:829 +#: plugins/sudoers/parse.c:870 #, c-format msgid "User %s may run the following commands on %s:\n" msgstr "Uživatel %s smí spustit následující příkazy na %s:\n" -#: plugins/sudoers/parse.c:844 +#: plugins/sudoers/parse.c:885 #, c-format msgid "User %s is not allowed to run sudo on %s.\n" msgstr "Uživatel %s nemá dovoleno spustit sudo na %s.\n" -#: plugins/sudoers/parse_ldif.c:614 +#: plugins/sudoers/parse_ldif.c:617 #, c-format msgid "ignoring incomplete sudoRole: cn: %s" msgstr "neúplná definice sudoRole se ignoruje: cn: %s" -#: plugins/sudoers/parse_ldif.c:674 +#: plugins/sudoers/parse_ldif.c:677 #, c-format msgid "invalid LDIF attribute: %s" msgstr "neplatný atribut LDIF: %s" -#: plugins/sudoers/policy.c:78 plugins/sudoers/policy.c:102 +#: plugins/sudoers/policy.c:80 plugins/sudoers/policy.c:111 #, c-format msgid "invalid %.*s set by sudo front-end" msgstr "neplatné %.*s nenastaveno vnějším rozhraním sudo" -#: plugins/sudoers/policy.c:310 plugins/sudoers/testsudoers.c:272 +#: plugins/sudoers/policy.c:206 plugins/sudoers/policy.c:215 +#, c-format +msgid "path name for \"%s\" too long" +msgstr "cesta pro „%s“ je příliš dlouhá" + +#: plugins/sudoers/policy.c:328 plugins/sudoers/testsudoers.c:268 msgid "unable to parse network address list" msgstr "nelze rozebrat seznam síťových adres" -#: plugins/sudoers/policy.c:455 +#: plugins/sudoers/policy.c:479 msgid "user name not set by sudo front-end" msgstr "uživatelské jméno nenastaveno vnějším rozhraním sudo" -#: plugins/sudoers/policy.c:459 +#: plugins/sudoers/policy.c:483 msgid "user-ID not set by sudo front-end" msgstr "ID uživatele nenastaveno vnějším rozhraním sudo" -#: plugins/sudoers/policy.c:463 +#: plugins/sudoers/policy.c:487 msgid "group-ID not set by sudo front-end" msgstr "ID skupiny nenastaveno vnějším rozhraním sudo" -#: plugins/sudoers/policy.c:467 +#: plugins/sudoers/policy.c:491 msgid "host name not set by sudo front-end" msgstr "název počítače nenastaven vnějším rozhraním sudo" -#: plugins/sudoers/policy.c:643 +#: plugins/sudoers/policy.c:693 #, c-format msgid "invalid working directory: %s" msgstr "neplatný pracovní adresář: %s" -#: plugins/sudoers/policy.c:811 +#: plugins/sudoers/policy.c:869 #, c-format msgid "invalid chroot directory: %s" msgstr "neplatný kořenový adresář: %s" -#: plugins/sudoers/policy.c:947 plugins/sudoers/visudo.c:231 -#: plugins/sudoers/visudo.c:860 +#: plugins/sudoers/policy.c:1051 plugins/sudoers/visudo.c:243 +#: plugins/sudoers/visudo.c:880 #, c-format msgid "unable to execute %s" msgstr "nelze vykonat %s" -#: plugins/sudoers/policy.c:1111 +#: plugins/sudoers/policy.c:1121 plugins/sudoers/policy.c:1158 +#: plugins/sudoers/policy.c:1180 plugins/sudoers/policy.c:1206 +#, c-format +msgid "%s: invalid mode flags from sudo front end: 0x%x" +msgstr "%s: neplatné příznaky souboru od vnějšího rozhraní suda: 0x%x" + +#: plugins/sudoers/policy.c:1237 #, c-format msgid "Sudoers policy plugin version %s\n" msgstr "Verze modulu s politikami sudoers je %s\n" -#: plugins/sudoers/policy.c:1113 +#: plugins/sudoers/policy.c:1239 #, c-format msgid "Sudoers file grammar version %d\n" msgstr "Verze gramatiky souboru sudoers je %d\n" -#: plugins/sudoers/policy.c:1117 +#: plugins/sudoers/policy.c:1243 #, c-format msgid "" "\n" @@ -2389,132 +3012,137 @@ "\n" "Cesta sudoers: %s\n" -#: plugins/sudoers/policy.c:1120 +#: plugins/sudoers/policy.c:1246 #, c-format msgid "nsswitch path: %s\n" msgstr "cesta k nsswitch: %s\n" -#: plugins/sudoers/policy.c:1122 +#: plugins/sudoers/policy.c:1248 #, c-format msgid "ldap.conf path: %s\n" msgstr "cesta k ldap.conf: %s\n" -#: plugins/sudoers/policy.c:1123 +#: plugins/sudoers/policy.c:1249 #, c-format msgid "ldap.secret path: %s\n" msgstr "cesta k ldap.secret: %s\n" -#: plugins/sudoers/policy.c:1156 +#: plugins/sudoers/policy.c:1282 #, c-format msgid "unable to register hook of type %d (version %d.%d)" msgstr "nelze zaregistrovat háček typu %d (verze %d.%d)" -#: plugins/sudoers/pwutil.c:217 plugins/sudoers/pwutil.c:235 +#: plugins/sudoers/policy.c:1300 +#, c-format +msgid "unable to deregister hook of type %d (version %d.%d)" +msgstr "nelze odhlásit háček typu %d (verze %d.%d)" + +#: plugins/sudoers/pwutil.c:222 plugins/sudoers/pwutil.c:240 #, c-format msgid "unable to cache uid %u" msgstr "nelze si zapamatovat UID %u" -#: plugins/sudoers/pwutil.c:229 +#: plugins/sudoers/pwutil.c:234 #, c-format msgid "unable to cache uid %u, already exists" msgstr "nelze zapamatovat si UID %u, již existuje" -#: plugins/sudoers/pwutil.c:289 plugins/sudoers/pwutil.c:307 -#: plugins/sudoers/pwutil.c:370 plugins/sudoers/pwutil.c:415 +#: plugins/sudoers/pwutil.c:294 plugins/sudoers/pwutil.c:312 +#: plugins/sudoers/pwutil.c:375 plugins/sudoers/pwutil.c:420 #, c-format msgid "unable to cache user %s" msgstr "uživatele %s si nelze zapamatovat" -#: plugins/sudoers/pwutil.c:302 +#: plugins/sudoers/pwutil.c:307 #, c-format msgid "unable to cache user %s, already exists" msgstr "nelze zapamatovat si uživatele %s, již existuje" -#: plugins/sudoers/pwutil.c:534 plugins/sudoers/pwutil.c:552 +#: plugins/sudoers/pwutil.c:539 plugins/sudoers/pwutil.c:557 #, c-format msgid "unable to cache gid %u" msgstr "GID %u si nelze zapamatovat" -#: plugins/sudoers/pwutil.c:546 +#: plugins/sudoers/pwutil.c:551 #, c-format msgid "unable to cache gid %u, already exists" msgstr "nelze zapamatovat si GID %u, již existuje" -#: plugins/sudoers/pwutil.c:599 plugins/sudoers/pwutil.c:617 -#: plugins/sudoers/pwutil.c:665 plugins/sudoers/pwutil.c:707 +#: plugins/sudoers/pwutil.c:605 plugins/sudoers/pwutil.c:623 +#: plugins/sudoers/pwutil.c:684 plugins/sudoers/pwutil.c:733 #, c-format msgid "unable to cache group %s" msgstr "skupinu %s si nelze zapamatovat" -#: plugins/sudoers/pwutil.c:612 +#: plugins/sudoers/pwutil.c:618 #, c-format msgid "unable to cache group %s, already exists" msgstr "nelze zapamatovat si skupinu %s, již existuje" -#: plugins/sudoers/pwutil.c:834 plugins/sudoers/pwutil.c:885 -#: plugins/sudoers/pwutil.c:935 plugins/sudoers/pwutil.c:987 +#: plugins/sudoers/pwutil.c:880 plugins/sudoers/pwutil.c:931 +#: plugins/sudoers/pwutil.c:981 plugins/sudoers/pwutil.c:1033 #, c-format msgid "unable to cache group list for %s, already exists" msgstr "nelze zapamatovat si seznam skupin pro %s, již existuje" -#: plugins/sudoers/pwutil.c:840 plugins/sudoers/pwutil.c:890 -#: plugins/sudoers/pwutil.c:941 plugins/sudoers/pwutil.c:992 +#: plugins/sudoers/pwutil.c:886 plugins/sudoers/pwutil.c:936 +#: plugins/sudoers/pwutil.c:987 plugins/sudoers/pwutil.c:1038 #, c-format msgid "unable to cache group list for %s" msgstr "nelze si zapamatovat seznam skupin pro %s" -#: plugins/sudoers/pwutil.c:879 +#: plugins/sudoers/pwutil.c:925 #, c-format msgid "unable to parse groups for %s" msgstr "nelze rozebrat skupiny pro %s" -#: plugins/sudoers/pwutil.c:981 +#: plugins/sudoers/pwutil.c:1027 #, c-format msgid "unable to parse gids for %s" msgstr "nelze rozebrat čísla GID pro %s" -#: plugins/sudoers/set_perms.c:114 plugins/sudoers/set_perms.c:441 -#: plugins/sudoers/set_perms.c:844 plugins/sudoers/set_perms.c:1150 -#: plugins/sudoers/set_perms.c:1444 +#: plugins/sudoers/set_perms.c:114 plugins/sudoers/set_perms.c:445 +#: plugins/sudoers/set_perms.c:852 plugins/sudoers/set_perms.c:1162 +#: plugins/sudoers/set_perms.c:1460 msgid "perm stack overflow" msgstr "přetečení zásobníku oprávnění" -#: plugins/sudoers/set_perms.c:122 plugins/sudoers/set_perms.c:372 -#: plugins/sudoers/set_perms.c:449 plugins/sudoers/set_perms.c:711 -#: plugins/sudoers/set_perms.c:852 plugins/sudoers/set_perms.c:1074 -#: plugins/sudoers/set_perms.c:1158 plugins/sudoers/set_perms.c:1377 -#: plugins/sudoers/set_perms.c:1452 plugins/sudoers/set_perms.c:1542 +#: plugins/sudoers/set_perms.c:125 plugins/sudoers/set_perms.c:376 +#: plugins/sudoers/set_perms.c:456 plugins/sudoers/set_perms.c:719 +#: plugins/sudoers/set_perms.c:863 plugins/sudoers/set_perms.c:1086 +#: plugins/sudoers/set_perms.c:1173 plugins/sudoers/set_perms.c:1393 +#: plugins/sudoers/set_perms.c:1471 plugins/sudoers/set_perms.c:1562 msgid "perm stack underflow" msgstr "podtečení zásobníku oprávnění" -#: plugins/sudoers/set_perms.c:181 plugins/sudoers/set_perms.c:495 -#: plugins/sudoers/set_perms.c:1211 plugins/sudoers/set_perms.c:1485 +#: plugins/sudoers/set_perms.c:185 plugins/sudoers/set_perms.c:503 +#: plugins/sudoers/set_perms.c:1227 plugins/sudoers/set_perms.c:1505 msgid "unable to change to root gid" msgstr "nelze přepnout GID na root" -#: plugins/sudoers/set_perms.c:272 plugins/sudoers/set_perms.c:592 -#: plugins/sudoers/set_perms.c:983 plugins/sudoers/set_perms.c:1288 +#: plugins/sudoers/set_perms.c:276 plugins/sudoers/set_perms.c:600 +#: plugins/sudoers/set_perms.c:995 plugins/sudoers/set_perms.c:1304 msgid "unable to change to runas gid" msgstr "nelze přepnout na běhové GID" -#: plugins/sudoers/set_perms.c:277 plugins/sudoers/set_perms.c:597 -#: plugins/sudoers/set_perms.c:988 plugins/sudoers/set_perms.c:1293 +#: plugins/sudoers/set_perms.c:281 plugins/sudoers/set_perms.c:605 +#: plugins/sudoers/set_perms.c:1000 plugins/sudoers/set_perms.c:1309 msgid "unable to set runas group vector" msgstr "nelze nastavit vektor běhových skupin" -#: plugins/sudoers/set_perms.c:288 plugins/sudoers/set_perms.c:608 -#: plugins/sudoers/set_perms.c:997 plugins/sudoers/set_perms.c:1302 +#: plugins/sudoers/set_perms.c:292 plugins/sudoers/set_perms.c:616 +#: plugins/sudoers/set_perms.c:1009 plugins/sudoers/set_perms.c:1318 msgid "unable to change to runas uid" msgstr "nelze přepnout na běhové UID" -#: plugins/sudoers/set_perms.c:306 plugins/sudoers/set_perms.c:626 -#: plugins/sudoers/set_perms.c:1013 plugins/sudoers/set_perms.c:1318 +#: plugins/sudoers/set_perms.c:310 plugins/sudoers/set_perms.c:634 +#: plugins/sudoers/set_perms.c:1025 plugins/sudoers/set_perms.c:1334 msgid "unable to change to sudoers gid" msgstr "nelze přepnout na GID sudoers" -#: plugins/sudoers/set_perms.c:359 plugins/sudoers/set_perms.c:698 -#: plugins/sudoers/set_perms.c:1061 plugins/sudoers/set_perms.c:1364 -#: plugins/sudoers/set_perms.c:1529 +#: plugins/sudoers/set_perms.c:363 plugins/sudoers/set_perms.c:706 +#: plugins/sudoers/set_perms.c:1073 plugins/sudoers/set_perms.c:1380 +#: plugins/sudoers/set_perms.c:1549 msgid "too many processes" msgstr "příliš mnoho procesů" @@ -2532,259 +3160,273 @@ msgid "truncated audit path argv[0]: %s" msgstr "zkrácená auditní cesta argv[0]: %s" -#: plugins/sudoers/sssd.c:572 +#: plugins/sudoers/sssd.c:569 msgid "unable to initialize SSS source. Is SSSD installed on your machine?" msgstr "nelze inicializovat zdroj SSS. Je SSSD nainstalován na vašem stroji?" -#: plugins/sudoers/sssd.c:580 plugins/sudoers/sssd.c:589 -#: plugins/sudoers/sssd.c:598 plugins/sudoers/sssd.c:607 -#: plugins/sudoers/sssd.c:616 +#: plugins/sudoers/sssd.c:577 plugins/sudoers/sssd.c:586 +#: plugins/sudoers/sssd.c:595 plugins/sudoers/sssd.c:604 +#: plugins/sudoers/sssd.c:613 #, c-format msgid "unable to find symbol \"%s\" in %s" msgstr "nelze nalézt symbol „%s“ v %s" -#: plugins/sudoers/sudoers.c:214 plugins/sudoers/sudoers.c:1010 +#: plugins/sudoers/sudoers.c:166 plugins/sudoers/sudoers.c:174 +#: plugins/sudoers/sudoers.c:228 plugins/sudoers/sudoers.c:249 +#: plugins/sudoers/sudoers.c:1049 msgid "problem with defaults entries" msgstr "problém s položkami defaults" -#: plugins/sudoers/sudoers.c:218 +#: plugins/sudoers/sudoers.c:253 msgid "no valid sudoers sources found, quitting" msgstr "nenalezeny žádné platné zdroje sudoers, končí se" -#: plugins/sudoers/sudoers.c:292 +#: plugins/sudoers/sudoers.c:327 #, c-format msgid "user not allowed to change root directory to %s" msgstr "uživatel nemá dovoleno změnit kořenový adresář na %s" -#: plugins/sudoers/sudoers.c:294 +#: plugins/sudoers/sudoers.c:329 #, c-format msgid "you are not permitted to use the -R option with %s" msgstr "nemáte dovoleno použít přepínač -R s %s" -#: plugins/sudoers/sudoers.c:319 +#: plugins/sudoers/sudoers.c:354 #, c-format msgid "user not allowed to change directory to %s" msgstr "uživatel nemá dovoleno změnit adresář na %s" -#: plugins/sudoers/sudoers.c:320 +#: plugins/sudoers/sudoers.c:355 #, c-format msgid "you are not permitted to use the -D option with %s" msgstr "nemáte dovoleno použít přepínač -D s %s" -#: plugins/sudoers/sudoers.c:351 +#: plugins/sudoers/sudoers.c:382 +msgid "no command specified" +msgstr "nezadán žádný příkaz" + +#: plugins/sudoers/sudoers.c:407 msgid "sudoers specifies that root is not allowed to sudo" msgstr "sudoers udává, že root nemá dovoleno použít sudo" -#: plugins/sudoers/sudoers.c:411 +#: plugins/sudoers/sudoers.c:457 msgid "user not allowed to override closefrom limit" msgstr "uživatel nemá dovoleno přebít omezení „closefrom“" -#: plugins/sudoers/sudoers.c:412 +#: plugins/sudoers/sudoers.c:458 msgid "you are not permitted to use the -C option" msgstr "nemáte dovoleno použít přepínač -C" -#: plugins/sudoers/sudoers.c:472 +#: plugins/sudoers/sudoers.c:518 #, c-format msgid "timestamp owner (%s): No such user" msgstr "vlastník časového údaje (%s): Takový uživatel neexistuje" -#: plugins/sudoers/sudoers.c:487 +#: plugins/sudoers/sudoers.c:533 msgid "no tty" msgstr "žádné TTY" -#: plugins/sudoers/sudoers.c:488 +#: plugins/sudoers/sudoers.c:534 msgid "sorry, you must have a tty to run sudo" msgstr "je nám líto, ale pro spuštění sudo musíte mít TTY" -#: plugins/sudoers/sudoers.c:495 +#: plugins/sudoers/sudoers.c:541 #, c-format msgid "invalid shell for user %s: %s" msgstr "neplatný shell pro uživatele %s: %s" -#: plugins/sudoers/sudoers.c:578 +#: plugins/sudoers/sudoers.c:624 msgid "command in current directory" msgstr "příkaz v aktuálním adresáři" -#: plugins/sudoers/sudoers.c:597 +#: plugins/sudoers/sudoers.c:639 +msgid "\"cd\" is a shell built-in command, it cannot be run directly." +msgstr "„cd“ je vestavěný příkaz shellu a nelze jej přímo spustit." + +#: plugins/sudoers/sudoers.c:641 +msgid "the -s option may be used to run a privileged shell." +msgstr "přepínač -s smí být použit pro spuštění privilegovaného shellu." + +#: plugins/sudoers/sudoers.c:643 +msgid "the -D option may be used to run a command in a specific directory." +msgstr "přepínač -D smí být použit pro spuštění příkazu v určitém adresáři." + +#: plugins/sudoers/sudoers.c:652 msgid "user not allowed to set a command timeout" msgstr "uživatel nemá dovoleno nastavit časový limit příkazu" -#: plugins/sudoers/sudoers.c:599 +#: plugins/sudoers/sudoers.c:654 msgid "sorry, you are not allowed set a command timeout" msgstr "je nám líto, ale nastavit časový limit nemáte dovoleno" -#: plugins/sudoers/sudoers.c:607 +#: plugins/sudoers/sudoers.c:662 msgid "user not allowed to preserve the environment" msgstr "uživatel nemá dovoleno zachovat prostředí" -#: plugins/sudoers/sudoers.c:609 +#: plugins/sudoers/sudoers.c:664 msgid "sorry, you are not allowed to preserve the environment" msgstr "je nám líto, ale zachovat prostředí nemáte dovoleno" -#: plugins/sudoers/sudoers.c:945 -msgid "command too long" -msgstr "příkaz je příliš dlouhý" - -#: plugins/sudoers/sudoers.c:1003 +#: plugins/sudoers/sudoers.c:1037 msgid "sudoedit doesn't need to be run via sudo" msgstr "sudoedit není nutné spouštět přes sudo" -#: plugins/sudoers/sudoers.c:1057 plugins/sudoers/sudoreplay.c:1547 +#: plugins/sudoers/sudoers.c:1096 plugins/sudoers/sudoreplay.c:1578 #: plugins/sudoers/tsdump.c:138 #, c-format msgid "unable to read %s" msgstr "%s nelze číst" -#: plugins/sudoers/sudoers.c:1082 plugins/sudoers/visudo.c:432 -#: plugins/sudoers/visudo.c:726 +#: plugins/sudoers/sudoers.c:1121 plugins/sudoers/visudo.c:449 +#: plugins/sudoers/visudo.c:748 #, c-format msgid "unable to stat %s" msgstr "nelze zjistit údaje o %s" -#: plugins/sudoers/sudoers.c:1086 plugins/sudoers/visudo.c:1018 +#: plugins/sudoers/sudoers.c:1125 plugins/sudoers/visudo.c:1045 #, c-format msgid "%s is not a regular file" msgstr "%s není běžný soubor" -#: plugins/sudoers/sudoers.c:1090 plugins/sudoers/timestamp.c:252 toke.l:1112 +#: plugins/sudoers/sudoers.c:1129 plugins/sudoers/timestamp.c:252 toke.l:1168 #, c-format msgid "%s is owned by uid %u, should be %u" msgstr "%s je vlastněn UID %u, měl by být vlastněn %u" -#: plugins/sudoers/sudoers.c:1094 toke.l:1117 +#: plugins/sudoers/sudoers.c:1133 toke.l:1173 #, c-format msgid "%s is world writable" msgstr "%s je zapisovatelný pro všechny" -#: plugins/sudoers/sudoers.c:1098 toke.l:1120 +#: plugins/sudoers/sudoers.c:1137 toke.l:1176 #, c-format msgid "%s is owned by gid %u, should be %u" msgstr "%s je vlastněn GID %u, mělo by být %u" -#: plugins/sudoers/sudoers.c:1131 +#: plugins/sudoers/sudoers.c:1170 #, c-format msgid "only root can use \"-c %s\"" msgstr "pouze root může použít „-c %s“" -#: plugins/sudoers/sudoers.c:1150 +#: plugins/sudoers/sudoers.c:1189 #, c-format -msgid "unknown login class: %s" -msgstr "neznáma přihlašovací třída: %s" +msgid "unknown login class %s" +msgstr "neznámá přihlašovací třída %s" -#: plugins/sudoers/sudoers.c:1235 plugins/sudoers/sudoers.c:1250 +#: plugins/sudoers/sudoers.c:1275 plugins/sudoers/sudoers.c:1290 #, c-format msgid "unable to resolve host %s" msgstr "nelze přeložit název stroje %s" -#: plugins/sudoers/sudoreplay.c:257 +#: plugins/sudoers/sudoreplay.c:259 #, c-format msgid "invalid filter option: %s" msgstr "neplatná volba filtru: %s" -#: plugins/sudoers/sudoreplay.c:273 +#: plugins/sudoers/sudoreplay.c:275 #, c-format msgid "invalid max wait: %s" msgstr "neplatná maximální doba čekání: %s" -#: plugins/sudoers/sudoreplay.c:296 +#: plugins/sudoers/sudoreplay.c:298 #, c-format msgid "invalid speed factor: %s" msgstr "neplatný násobek rychlosti: %s" -#: plugins/sudoers/sudoreplay.c:332 +#: plugins/sudoers/sudoreplay.c:333 +#, c-format +msgid "invalid time offset %s" +msgstr "neplatná časový značka %s" + +#: plugins/sudoers/sudoreplay.c:342 #, c-format msgid "%s/%.2s/%.2s/%.2s: %s" msgstr "%s/%.2s/%.2s/%.2s: %s" -#: plugins/sudoers/sudoreplay.c:337 +#: plugins/sudoers/sudoreplay.c:347 #, c-format msgid "%s/timing: %s" msgstr "%s/časování: %s" -#: plugins/sudoers/sudoreplay.c:341 -#, c-format -msgid "%s/%s: %s" -msgstr "%s/%s: %s" - -#: plugins/sudoers/sudoreplay.c:365 +#: plugins/sudoers/sudoreplay.c:375 #, c-format msgid "Replaying sudo session: %s" msgstr "Přehrává se relace sudo: %s" -#: plugins/sudoers/sudoreplay.c:627 +#: plugins/sudoers/sudoreplay.c:637 msgid "unable to set tty to raw mode" msgstr "TTY nelze nastavit do přímého režimu" -#: plugins/sudoers/sudoreplay.c:678 +#: plugins/sudoers/sudoreplay.c:688 msgid "Warning: your terminal is too small to properly replay the log.\n" msgstr "Pozor: váš terminál je příliš malý pro správné zobrazení záznamu.\n" -#: plugins/sudoers/sudoreplay.c:679 +#: plugins/sudoers/sudoreplay.c:689 #, c-format msgid "Log geometry is %d x %d, your terminal's geometry is %d x %d." msgstr "Rozměry záznamu jsou %d × %d, váš terminál má rozměry %d × %d." -#: plugins/sudoers/sudoreplay.c:707 +#: plugins/sudoers/sudoreplay.c:717 msgid "Replay finished, press any key to restore the terminal." msgstr "Přehrávání skončilo, pro obnovení terminálu stiskněte libovolnou klávesu." -#: plugins/sudoers/sudoreplay.c:1197 plugins/sudoers/sudoreplay.c:1227 +#: plugins/sudoers/sudoreplay.c:1218 plugins/sudoers/sudoreplay.c:1248 #, c-format msgid "ambiguous expression \"%s\"" msgstr "nejednoznačný výraz „%s“" -#: plugins/sudoers/sudoreplay.c:1249 +#: plugins/sudoers/sudoreplay.c:1270 msgid "unmatched ')' in expression" msgstr "ve výrazu neodpovídá „)“" -#: plugins/sudoers/sudoreplay.c:1253 +#: plugins/sudoers/sudoreplay.c:1274 #, c-format msgid "unknown search term \"%s\"" msgstr "neznámý vyhledávací výraz „%s“" -#: plugins/sudoers/sudoreplay.c:1268 +#: plugins/sudoers/sudoreplay.c:1289 #, c-format msgid "%s requires an argument" msgstr "%s vyžaduje argument" -#: plugins/sudoers/sudoreplay.c:1271 plugins/sudoers/sudoreplay.c:1523 +#: plugins/sudoers/sudoreplay.c:1292 plugins/sudoers/sudoreplay.c:1554 #, c-format msgid "invalid regular expression: %s" msgstr "neplatný regulární výraz: %s" -#: plugins/sudoers/sudoreplay.c:1276 +#: plugins/sudoers/sudoreplay.c:1297 #, c-format msgid "could not parse date \"%s\"" msgstr "datum „%s“ se nepodařilo rozebrat" -#: plugins/sudoers/sudoreplay.c:1285 +#: plugins/sudoers/sudoreplay.c:1306 msgid "unmatched '(' in expression" msgstr "ve výrazu neodpovídá „(“" -#: plugins/sudoers/sudoreplay.c:1287 +#: plugins/sudoers/sudoreplay.c:1308 msgid "illegal trailing \"or\"" msgstr "zakázané zakončení „or“" -#: plugins/sudoers/sudoreplay.c:1289 +#: plugins/sudoers/sudoreplay.c:1310 msgid "illegal trailing \"!\"" msgstr "zakázané zakončení „!“" -#: plugins/sudoers/sudoreplay.c:1347 +#: plugins/sudoers/sudoreplay.c:1368 #, c-format msgid "unknown search type %d" msgstr "neznámý vyhledávácí typ %d" -#: plugins/sudoers/sudoreplay.c:1614 +#: plugins/sudoers/sudoreplay.c:1645 #, c-format msgid "usage: %s [-hnRS] [-d dir] [-m num] [-s num] ID\n" msgstr "použití: %s [-hnRS] [-d adresář] [-m číslo] [-s číslo] ID\n" -#: plugins/sudoers/sudoreplay.c:1617 +#: plugins/sudoers/sudoreplay.c:1648 #, c-format msgid "usage: %s [-h] [-d dir] -l [search expression]\n" msgstr "použití: %s [-h] [-d adresář] -l [vyhledávací_výraz]\n" -#: plugins/sudoers/sudoreplay.c:1626 +#: plugins/sudoers/sudoreplay.c:1657 #, c-format msgid "" "%s - replay sudo session logs\n" @@ -2793,7 +3435,7 @@ "%s – přehraje záznam relace sudo\n" "\n" -#: plugins/sudoers/sudoreplay.c:1628 +#: plugins/sudoers/sudoreplay.c:1659 msgid "" "\n" "Options:\n" @@ -2823,11 +3465,11 @@ " -s, --speed=číslo zrychlí nebo zpomalí výstup\n" " -V, --version zobrazí údaje o verzi a skončí" -#: plugins/sudoers/testsudoers.c:348 +#: plugins/sudoers/testsudoers.c:344 msgid "\thost unmatched" msgstr "\tstroj se neshoduje" -#: plugins/sudoers/testsudoers.c:351 +#: plugins/sudoers/testsudoers.c:347 msgid "" "\n" "Command allowed" @@ -2835,7 +3477,7 @@ "\n" "Příkaz povolen" -#: plugins/sudoers/testsudoers.c:352 +#: plugins/sudoers/testsudoers.c:348 msgid "" "\n" "Command denied" @@ -2843,7 +3485,7 @@ "\n" "Příkaz odepřen" -#: plugins/sudoers/testsudoers.c:352 +#: plugins/sudoers/testsudoers.c:348 msgid "" "\n" "Command unmatched" @@ -2857,122 +3499,128 @@ msgstr "%s je zapisovatelný pro skupinu" # TODO: pluralize -#: plugins/sudoers/timestamp.c:336 plugins/sudoers/timestamp.c:680 +#: plugins/sudoers/timestamp.c:328 plugins/sudoers/timestamp.c:663 #, c-format msgid "unable to truncate time stamp file to %lld bytes" msgstr "nelze zkrátit soubor s časovými údaji na %lld bajtů" -#: plugins/sudoers/timestamp.c:866 +#: plugins/sudoers/timestamp.c:860 msgid "ignoring time stamp from the future" msgstr "časový údaj z budoucnosti se ignoruje" -#: plugins/sudoers/timestamp.c:889 +#: plugins/sudoers/timestamp.c:883 #, c-format msgid "time stamp too far in the future: %20.20s" msgstr "časový údaj ukazuje příliš do budoucna: %20.20s" # TODO: pluralize -#: plugins/sudoers/timestamp.c:1011 +#: plugins/sudoers/timestamp.c:1005 #, c-format msgid "unable to lock time stamp file %s" msgstr "soubor s časovými údaji %s nelze zamknout" -#: plugins/sudoers/timestamp.c:1055 plugins/sudoers/timestamp.c:1075 +#: plugins/sudoers/timestamp.c:1049 plugins/sudoers/timestamp.c:1069 #, c-format msgid "lecture status path too long: %s/%s" msgstr "cesta ke stavům lekce je příliš dlouhý: %s/%s" -#: plugins/sudoers/toke_util.c:124 +#: plugins/sudoers/toke_util.c:150 msgid "sudoedit should not be specified with a path" msgstr "sudoedit by neměl být uveden s cestou" -#: plugins/sudoers/visudo.c:226 +#: plugins/sudoers/visudo.c:238 msgid "the -x option will be removed in a future release" msgstr "přepínač -x bude v příštím vydání odstraněn" -#: plugins/sudoers/visudo.c:228 +#: plugins/sudoers/visudo.c:240 msgid "please consider using the cvtsudoers utility instead" msgstr "prosím, zvažte použití nástroje cvtsudoers" -#: plugins/sudoers/visudo.c:279 plugins/sudoers/visudo.c:659 +#: plugins/sudoers/visudo.c:292 plugins/sudoers/visudo.c:676 #, c-format msgid "press return to edit %s: " msgstr "pro úpravu %s stiskněte enter: " -#: plugins/sudoers/visudo.c:340 +#: plugins/sudoers/visudo.c:307 +#, c-format +msgid "contents of edit session left in %s" +msgstr "obsah relace úprav zanechán v %s" + +#: plugins/sudoers/visudo.c:361 #, c-format msgid "specified editor (%s) doesn't exist" msgstr "zadaný editor (%s) neexistuje" -#: plugins/sudoers/visudo.c:342 +#: plugins/sudoers/visudo.c:363 #, c-format msgid "no editor found (editor path = %s)" msgstr "žádný editor nenalezen (cesta k editoru = %s)" -#: plugins/sudoers/visudo.c:452 plugins/sudoers/visudo.c:460 +#: plugins/sudoers/visudo.c:469 plugins/sudoers/visudo.c:477 msgid "write error" msgstr "chyba zápisu" -#: plugins/sudoers/visudo.c:506 +#: plugins/sudoers/visudo.c:523 #, c-format msgid "unable to stat temporary file (%s), %s unchanged" msgstr "nelze získat údaje o dočasném souboru (%s), %s nezměněno" -#: plugins/sudoers/visudo.c:513 +#: plugins/sudoers/visudo.c:530 #, c-format msgid "zero length temporary file (%s), %s unchanged" msgstr "dočasný soubor o nulové velikosti (%s), %s nezměněno" -#: plugins/sudoers/visudo.c:519 +#: plugins/sudoers/visudo.c:536 #, c-format msgid "editor (%s) failed, %s unchanged" msgstr "editor (%s) selhal, %s nezměněno" -#: plugins/sudoers/visudo.c:541 +#: plugins/sudoers/visudo.c:558 #, c-format msgid "%s unchanged" msgstr "%s nezměněno" -#: plugins/sudoers/visudo.c:598 +#: plugins/sudoers/visudo.c:615 #, c-format msgid "unable to re-open temporary file (%s), %s unchanged." msgstr "nelze znovu otevřít dočasný soubor (%s), %s nezměněno." -#: plugins/sudoers/visudo.c:610 +#: plugins/sudoers/visudo.c:627 #, c-format msgid "unable to parse temporary file (%s), unknown error" msgstr "není možné rozebrat dočasný soubor (%s), neznámá chyba" -#: plugins/sudoers/visudo.c:648 +#: plugins/sudoers/visudo.c:665 #, c-format msgid "internal error, unable to find %s in list!" msgstr "vnitřní chyba, v seznamu nelze nalézt %s!" -#: plugins/sudoers/visudo.c:728 plugins/sudoers/visudo.c:737 +#: plugins/sudoers/visudo.c:722 plugins/sudoers/visudo.c:752 +#: plugins/sudoers/visudo.c:759 #, c-format msgid "unable to set (uid, gid) of %s to (%u, %u)" msgstr "nelze nastavit (UID, GID) %s na (%u, %u)" -#: plugins/sudoers/visudo.c:760 +#: plugins/sudoers/visudo.c:787 #, c-format msgid "%s and %s not on the same file system, using mv to rename" msgstr "%s a %s se nenachází na jednom souborovém systému, pro přejmenování se použije mv" -#: plugins/sudoers/visudo.c:774 +#: plugins/sudoers/visudo.c:798 #, c-format msgid "command failed: '%s %s %s', %s unchanged" msgstr "příkaz selhal: „'%s %s %s“, %s nezměněno" -#: plugins/sudoers/visudo.c:784 +#: plugins/sudoers/visudo.c:805 #, c-format msgid "error renaming %s, %s unchanged" msgstr "chyba při přejmenování %s, %s nezměněno" -#: plugins/sudoers/visudo.c:805 +#: plugins/sudoers/visudo.c:825 msgid "What now? " msgstr "Co teď? " -#: plugins/sudoers/visudo.c:819 +#: plugins/sudoers/visudo.c:839 msgid "" "Options are:\n" " (e)dit sudoers file again\n" @@ -2984,67 +3632,42 @@ " (x) skončit bez uložení změn do souboru sudoers\n" " (Q) skončit a uložit změny do souboru sudoers (NEBEZPEČNÉ!)\n" -#: plugins/sudoers/visudo.c:865 +#: plugins/sudoers/visudo.c:885 #, c-format msgid "unable to run %s" msgstr "nelze spustit %s" -#: plugins/sudoers/visudo.c:895 +#: plugins/sudoers/visudo.c:916 #, c-format msgid "%s: wrong owner (uid, gid) should be (%u, %u)\n" msgstr "%s: chybný vlastník (UID, GID), měl by být (%u, %u)\n" -#: plugins/sudoers/visudo.c:902 +#: plugins/sudoers/visudo.c:927 #, c-format msgid "%s: bad permissions, should be mode 0%o\n" msgstr "%s: chybná práva, měla by být 0%o\n" -#: plugins/sudoers/visudo.c:951 plugins/sudoers/visudo.c:958 +#: plugins/sudoers/visudo.c:978 plugins/sudoers/visudo.c:985 #, c-format msgid "%s: parsed OK\n" msgstr "%s: rozbor úspěšný\n" -#: plugins/sudoers/visudo.c:977 +#: plugins/sudoers/visudo.c:1004 #, c-format msgid "%s busy, try again later" msgstr "%s je zaneprázdněn, zkuste to později" -#: plugins/sudoers/visudo.c:980 -#, c-format -msgid "unable to lock %s" -msgstr "%s nelze uzamknout" - # The code indeed checks for non-localized "y" character. -#: plugins/sudoers/visudo.c:981 +#: plugins/sudoers/visudo.c:1008 msgid "Edit anyway? [y/N]" msgstr "Přesto upravit? [y pro ano / N pro ne]" -#: plugins/sudoers/visudo.c:1091 -#, c-format -msgid "Error: %s:%d:%d: cycle in %s \"%s\"" -msgstr "Chyba: %s:%d:%d: smyčka v %s „%s“" - -#: plugins/sudoers/visudo.c:1092 -#, c-format -msgid "Warning: %s:%d:%d: cycle in %s \"%s\"" -msgstr "Pozor: %s:%d:%d: smyčka v %s „%s“" - -#: plugins/sudoers/visudo.c:1096 -#, c-format -msgid "Error: %s:%d:%d: %s \"%s\" referenced but not defined" -msgstr "Chyba: %s:%d:%d: %s „%s“ použit, ale nedefinován" - -#: plugins/sudoers/visudo.c:1097 -#, c-format -msgid "Warning: %s:%d:%d: %s \"%s\" referenced but not defined" -msgstr "Pozor: %s:%d:%d: %s „%s“ použit, ale nedefinován" - -#: plugins/sudoers/visudo.c:1188 +#: plugins/sudoers/visudo.c:1104 #, c-format msgid "Warning: %s:%d:%d: unused %s \"%s\"" msgstr "Pozor: %s:%d:%d: nepoužitý %s „%s“" -#: plugins/sudoers/visudo.c:1303 +#: plugins/sudoers/visudo.c:1220 #, c-format msgid "" "%s - safely edit the sudoers file\n" @@ -3053,7 +3676,7 @@ "%s – bezpečně upraví soubor sudoers\n" "\n" -#: plugins/sudoers/visudo.c:1305 +#: plugins/sudoers/visudo.c:1222 msgid "" "\n" "Options:\n" @@ -3074,40 +3697,109 @@ " -s, --strict přísná kontrola syntaxe\n" " -V, --version zobrazí údaje o verzi a skončí\n" -#: toke.l:179 +#: toke.l:187 msgid "empty string" msgstr "prázdný řetězec" -#: toke.l:189 toke.l:491 +#: toke.l:199 toke.l:513 msgid "empty group" msgstr "prázdná skupina" -#: toke.l:197 toke.l:489 +#: toke.l:209 toke.l:511 msgid "empty netgroup" msgstr "prázdná síťová skupina" -#: toke.l:293 toke.l:305 toke.l:317 toke.l:333 toke.l:352 toke.l:392 +#: toke.l:305 toke.l:317 toke.l:329 toke.l:345 toke.l:364 toke.l:404 msgid "invalid line continuation" msgstr "neplatné pokračování řádku" -#: toke.l:528 toke.l:540 +#: toke.l:550 toke.l:562 msgid "invalid IPv6 address" msgstr "neplatná IPv6 adresa" -#: toke.l:764 +#: toke.l:789 msgid "unexpected line break in string" msgstr "nečekané zalomení řádku uvnitř řetězce" -#: toke.l:1084 +#: toke.l:1139 msgid "too many levels of includes" msgstr "příliš mnoho úrovní zanoření" +#~ msgid "%s: write buffer already in use" +#~ msgstr "%s: vyrovnávací paměť pro zápis se již používá" + +#~ msgid "unable to read diffie-hellman parameters: %s" +#~ msgstr "parametry Diffieho-Hellmana nelze přečíst: %s" + +#~ msgid "unknown defaults entry \"%s\"" +#~ msgstr "neznámá položka defaults „%s“" + +#~ msgid "%s:%d unknown key: %s" +#~ msgstr "%s:%d: neznámý klíč: %s" + +#~ msgid "unable to get TLS server method: %s" +#~ msgstr "nelze získat metodu TLS serveru: %s" + +#~ msgid "%s:%u unable to parse \"%s\"" +#~ msgstr "%s:%u „%s“ nelze rozebrat" + +#~ msgid "" +#~ "\n" +#~ "Options:\n" +#~ " -f, --file path to configuration file\n" +#~ " -h --help display help message and exit\n" +#~ " -n, --no-fork do not fork, run in the foreground\n" +#~ " -R, --random-drop percent chance connections will drop\n" +#~ " -V, --version display version information and exit\n" +#~ msgstr "" +#~ "\n" +#~ "Přepínače:\n" +#~ " -f, --file cesta ke konfiguračnímu souboru\n" +#~ " -h, --help zobrazí nápovědu a skončí\n" +#~ " -n, --no-fork zůstane běžet na popředí\n" +#~ " -R, --random-drop procentuální pravděpodobnost, že se spojení ztratí\n" +#~ " -V, --version zobrazí údaje o verzi a skončí\n" + +#~ msgid "" +#~ "\n" +#~ "Options:\n" +#~ " --help display help message and exit\n" +#~ " -A, --accept only send an accept event (no I/O)\n" +#~ " -h, --host host to send logs to\n" +#~ " -i, --iolog_id remote ID of I/O log to be resumed\n" +#~ " -p, --port port to use when connecting to host\n" +#~ " -r, --restart restart previous I/O log transfer\n" +#~ " -R, --reject reject the command with the given reason\n" +#~ " -b, --ca-bundle certificate bundle file to verify server's cert against\n" +#~ " -c, --cert certificate file for TLS handshake\n" +#~ " -k, --key private key file\n" +#~ " -n, --no-verify do not verify server certificate\n" +#~ " -t, --test test audit server by sending selected I/O log n times in parallel\n" +#~ " -V, --version display version information and exit\n" +#~ msgstr "" +#~ "\n" +#~ "Přepínače:\n" +#~ " --help zobrazí nápovědu a skončí\n" +#~ " -A, --accept zašle pouze událost přijetí (žádný vstup a výstup)\n" +#~ " -h, --host stroj, kam posílat protokol\n" +#~ " -i, --iolog_id vzdálený identifikátor vstupně-výstupního protokolu,\n" +#~ " na který se má navázat\n" +#~ " -p, --port port, který se použije při připojování na stroj\n" +#~ " -r, --restart restartuje předchozí přenos vstupně-výstupního\n" +#~ " protokolu\n" +#~ " -R, --reject zamítne příkaz se zadaným důvodem\n" +#~ " -b, --ca-bundle soubor se svazkem certifikátů, proti kterému se\n" +#~ " bude ověřovat certifikát serveru\n" +#~ " -c, --cert soubor s certifikátem pro navázání spojení TLS\n" +#~ " -k, --key soubor se soukromým klíčem\n" +#~ " -n, --no-verify neověřuje certifikát serveru\n" +#~ " -t, --test otestuje auditní server zasláním vybraných\n" +#~ " vstupně-výstupních protokolů n-krát souběžně\n" +#~ " -V, --version zobrazí údaje o verzi a skončí\n" + #~ msgid "Preload the dummy exec functions contained in the sudo_noexec library" #~ msgstr "Přednačíst prázdné spouštěcí funkce obsažené v knihovně sudo_noexec" -#~ msgid "unable to lock log file: %s" -#~ msgstr "nelze zamknout soubor protokolu: %s" - #~ msgid "sudo_ldap_conf_add_ports: port too large" #~ msgstr "sudo_ldap_conf_add_ports: port je příliš velký" @@ -3207,9 +3899,6 @@ #~ msgid "Warning: cycle in %s `%s'" #~ msgstr "Pozor: smyčka v %s „%s“" -#~ msgid "Warning: %s `%s' referenced but not defined" -#~ msgstr "Pozor: %s „%s“ použit, ale nedefinován" - #~ msgid "Warning: unused %s `%s'" #~ msgstr "Pozor: nepožitý %s „%s“" Binary files /tmp/tmpi0rdlgnl/ugezXHF7Xt/sudo-1.9.5p2/plugins/sudoers/po/de.mo and /tmp/tmpi0rdlgnl/jboyaHmwzR/sudo-1.9.9/plugins/sudoers/po/de.mo differ diff -Nru sudo-1.9.5p2/plugins/sudoers/po/de.po sudo-1.9.9/plugins/sudoers/po/de.po --- sudo-1.9.5p2/plugins/sudoers/po/de.po 2020-12-17 01:33:44.000000000 +0000 +++ sudo-1.9.9/plugins/sudoers/po/de.po 2022-01-27 21:24:22.000000000 +0000 @@ -3,13 +3,13 @@ # Todd C. Miller , 2011-2013 # Hendrik Knackstedt , 2013 # Mario Blättermann , 2015. -# Jochen Hein , 2001-2020. +# Jochen Hein , 2001-2021. msgid "" msgstr "" -"Project-Id-Version: sudoers 1.9.4b1\n" +"Project-Id-Version: sudoers 1.9.9b1\n" "Report-Msgid-Bugs-To: https://bugzilla.sudo.ws\n" -"POT-Creation-Date: 2020-11-14 06:24-0700\n" -"PO-Revision-Date: 2020-11-22 05:35+0100\n" +"POT-Creation-Date: 2021-12-08 10:19-0700\n" +"PO-Revision-Date: 2021-12-10 14:04+0100\n" "Last-Translator: Jochen Hein \n" "Language-Team: German \n" "Language: de\n" @@ -20,7 +20,7 @@ "Plural-Forms: nplurals=2; plural=(n != 1);\n" "X-Generator: Poedit 2.3\n" -#: confstr.sh:1 gram.y:1077 +#: confstr.sh:1 gram.y:1201 msgid "syntax error" msgstr "Syntax-Fehler" @@ -44,870 +44,1300 @@ msgid "Sorry, try again." msgstr "Das hat nicht funktioniert, bitte nochmal probieren." -#: gram.y:220 gram.y:286 gram.y:293 gram.y:300 gram.y:307 gram.y:314 -#: gram.y:334 gram.y:358 gram.y:365 gram.y:372 gram.y:379 gram.y:386 -#: gram.y:455 gram.y:464 gram.y:475 gram.y:510 gram.y:517 gram.y:524 -#: gram.y:531 gram.y:558 gram.y:654 gram.y:661 gram.y:670 gram.y:679 -#: gram.y:696 gram.y:834 gram.y:841 gram.y:849 gram.y:855 gram.y:971 -#: gram.y:978 gram.y:985 gram.y:992 gram.y:999 gram.y:1025 gram.y:1032 -#: gram.y:1039 gram.y:1236 gram.y:1526 lib/eventlog/eventlog.c:280 -#: lib/eventlog/eventlog.c:352 lib/eventlog/eventlog.c:753 -#: lib/eventlog/eventlog.c:817 lib/eventlog/eventlog.c:1062 -#: lib/iolog/iolog_fileio.c:998 lib/iolog/iolog_json.c:120 -#: lib/iolog/iolog_json.c:305 lib/iolog/iolog_json.c:335 -#: lib/iolog/iolog_json.c:457 lib/iolog/iolog_util.c:106 -#: lib/iolog/iolog_util.c:115 lib/iolog/iolog_util.c:125 -#: lib/iolog/iolog_util.c:133 lib/iolog/iolog_util.c:137 -#: lib/iolog/iolog_util.c:196 logsrvd/sendlog.c:480 -#: plugins/sudoers/alias.c:126 plugins/sudoers/alias.c:134 -#: plugins/sudoers/alias.c:153 plugins/sudoers/audit.c:115 -#: plugins/sudoers/audit.c:210 plugins/sudoers/auth/bsdauth.c:143 -#: plugins/sudoers/auth/kerb5.c:118 plugins/sudoers/auth/kerb5.c:144 -#: plugins/sudoers/auth/pam.c:669 plugins/sudoers/auth/rfc1938.c:111 -#: plugins/sudoers/auth/sia.c:59 plugins/sudoers/cvtsudoers.c:119 -#: plugins/sudoers/cvtsudoers.c:160 plugins/sudoers/cvtsudoers.c:177 -#: plugins/sudoers/cvtsudoers.c:188 plugins/sudoers/cvtsudoers.c:300 -#: plugins/sudoers/cvtsudoers.c:428 plugins/sudoers/cvtsudoers.c:561 -#: plugins/sudoers/cvtsudoers.c:578 plugins/sudoers/cvtsudoers.c:641 -#: plugins/sudoers/cvtsudoers.c:756 plugins/sudoers/cvtsudoers.c:764 -#: plugins/sudoers/cvtsudoers.c:1178 plugins/sudoers/cvtsudoers.c:1182 -#: plugins/sudoers/cvtsudoers.c:1284 plugins/sudoers/cvtsudoers_json.c:76 +#: gram.y:233 gram.y:300 gram.y:309 gram.y:318 gram.y:328 gram.y:338 +#: gram.y:362 gram.y:389 gram.y:398 gram.y:406 gram.y:415 gram.y:424 +#: gram.y:498 gram.y:508 gram.y:520 gram.y:564 gram.y:573 gram.y:582 +#: gram.y:591 gram.y:718 gram.y:726 gram.y:737 gram.y:749 gram.y:768 +#: gram.y:923 gram.y:928 gram.y:936 gram.y:950 gram.y:956 gram.y:1078 +#: gram.y:1087 gram.y:1095 gram.y:1104 gram.y:1113 gram.y:1142 gram.y:1151 +#: gram.y:1159 gram.y:1249 gram.y:1377 gram.y:1744 gram.y:1794 +#: lib/eventlog/eventlog.c:309 lib/eventlog/eventlog.c:382 +#: lib/eventlog/eventlog.c:804 lib/eventlog/eventlog.c:881 +#: lib/eventlog/eventlog.c:1176 lib/iolog/iolog_json.c:150 +#: lib/iolog/iolog_json.c:382 lib/iolog/iolog_json.c:412 +#: lib/iolog/iolog_json.c:555 lib/iolog/iolog_legacy.c:100 +#: lib/iolog/iolog_legacy.c:111 lib/iolog/iolog_legacy.c:123 +#: lib/iolog/iolog_legacy.c:133 lib/iolog/iolog_legacy.c:139 +#: lib/iolog/iolog_loginfo.c:76 lib/iolog/iolog_loginfo.c:211 +#: logsrvd/iolog_writer.c:84 logsrvd/iolog_writer.c:89 +#: logsrvd/iolog_writer.c:123 logsrvd/iolog_writer.c:172 +#: logsrvd/iolog_writer.c:212 logsrvd/iolog_writer.c:225 +#: logsrvd/iolog_writer.c:261 logsrvd/iolog_writer.c:286 +#: logsrvd/iolog_writer.c:301 logsrvd/iolog_writer.c:314 +#: logsrvd/iolog_writer.c:327 logsrvd/iolog_writer.c:340 +#: logsrvd/iolog_writer.c:355 logsrvd/iolog_writer.c:393 +#: logsrvd/iolog_writer.c:399 logsrvd/iolog_writer.c:406 +#: logsrvd/iolog_writer.c:412 logsrvd/iolog_writer.c:596 +#: logsrvd/logsrv_util.c:64 logsrvd/logsrvd.c:296 logsrvd/logsrvd.c:305 +#: logsrvd/logsrvd.c:1011 logsrvd/logsrvd.c:1073 logsrvd/logsrvd_conf.c:1360 +#: logsrvd/logsrvd_journal.c:70 logsrvd/logsrvd_journal.c:203 +#: logsrvd/logsrvd_journal.c:204 logsrvd/logsrvd_journal.c:260 +#: logsrvd/logsrvd_journal.c:425 logsrvd/logsrvd_journal.c:427 +#: logsrvd/logsrvd_local.c:174 logsrvd/logsrvd_local.c:175 +#: logsrvd/logsrvd_local.c:237 logsrvd/logsrvd_local.c:238 +#: logsrvd/logsrvd_local.c:376 logsrvd/logsrvd_local.c:425 +#: logsrvd/logsrvd_local.c:426 logsrvd/logsrvd_local.c:431 +#: logsrvd/logsrvd_local.c:432 logsrvd/logsrvd_queue.c:154 +#: logsrvd/logsrvd_queue.c:184 logsrvd/logsrvd_queue.c:261 +#: logsrvd/logsrvd_relay.c:439 logsrvd/logsrvd_relay.c:738 +#: logsrvd/logsrvd_relay.c:843 logsrvd/sendlog.c:246 logsrvd/sendlog.c:255 +#: logsrvd/sendlog.c:333 logsrvd/sendlog.c:640 plugins/sudoers/audit.c:116 +#: plugins/sudoers/auth/bsdauth.c:147 plugins/sudoers/auth/kerb5.c:118 +#: plugins/sudoers/auth/kerb5.c:146 plugins/sudoers/auth/pam.c:689 +#: plugins/sudoers/auth/rfc1938.c:111 plugins/sudoers/auth/sia.c:59 +#: plugins/sudoers/check_aliases.c:134 plugins/sudoers/cvtsudoers.c:131 +#: plugins/sudoers/cvtsudoers.c:175 plugins/sudoers/cvtsudoers.c:192 +#: plugins/sudoers/cvtsudoers.c:203 plugins/sudoers/cvtsudoers.c:333 +#: plugins/sudoers/cvtsudoers.c:372 plugins/sudoers/cvtsudoers.c:392 +#: plugins/sudoers/cvtsudoers.c:534 plugins/sudoers/cvtsudoers.c:667 +#: plugins/sudoers/cvtsudoers.c:685 plugins/sudoers/cvtsudoers.c:755 +#: plugins/sudoers/cvtsudoers.c:870 plugins/sudoers/cvtsudoers.c:878 +#: plugins/sudoers/cvtsudoers.c:1373 plugins/sudoers/cvtsudoers.c:1377 +#: plugins/sudoers/cvtsudoers.c:1479 plugins/sudoers/cvtsudoers_csv.c:183 +#: plugins/sudoers/cvtsudoers_csv.c:246 plugins/sudoers/cvtsudoers_json.c:76 #: plugins/sudoers/cvtsudoers_ldif.c:151 plugins/sudoers/cvtsudoers_ldif.c:194 #: plugins/sudoers/cvtsudoers_ldif.c:235 plugins/sudoers/cvtsudoers_ldif.c:300 -#: plugins/sudoers/cvtsudoers_ldif.c:371 plugins/sudoers/cvtsudoers_ldif.c:421 -#: plugins/sudoers/cvtsudoers_ldif.c:429 plugins/sudoers/cvtsudoers_ldif.c:440 -#: plugins/sudoers/cvtsudoers_ldif.c:447 plugins/sudoers/cvtsudoers_ldif.c:460 -#: plugins/sudoers/cvtsudoers_ldif.c:468 plugins/sudoers/cvtsudoers_ldif.c:615 -#: plugins/sudoers/defaults.c:630 plugins/sudoers/defaults.c:923 -#: plugins/sudoers/defaults.c:1098 plugins/sudoers/editor.c:181 -#: plugins/sudoers/env.c:261 plugins/sudoers/exptilde.c:92 -#: plugins/sudoers/filedigest.c:54 plugins/sudoers/filedigest.c:70 -#: plugins/sudoers/gc.c:56 plugins/sudoers/group_plugin.c:133 -#: plugins/sudoers/interfaces.c:72 plugins/sudoers/iolog.c:596 -#: plugins/sudoers/iolog.c:613 plugins/sudoers/ldap.c:184 -#: plugins/sudoers/ldap.c:422 plugins/sudoers/ldap.c:432 -#: plugins/sudoers/ldap.c:437 plugins/sudoers/ldap.c:441 -#: plugins/sudoers/ldap.c:453 plugins/sudoers/ldap.c:744 -#: plugins/sudoers/ldap.c:908 plugins/sudoers/ldap.c:1281 -#: plugins/sudoers/ldap.c:1709 plugins/sudoers/ldap.c:1746 -#: plugins/sudoers/ldap.c:1827 plugins/sudoers/ldap.c:1962 -#: plugins/sudoers/ldap.c:2063 plugins/sudoers/ldap.c:2079 -#: plugins/sudoers/ldap_conf.c:218 plugins/sudoers/ldap_conf.c:249 -#: plugins/sudoers/ldap_conf.c:301 plugins/sudoers/ldap_conf.c:337 -#: plugins/sudoers/ldap_conf.c:441 plugins/sudoers/ldap_conf.c:456 -#: plugins/sudoers/ldap_conf.c:553 plugins/sudoers/ldap_conf.c:586 -#: plugins/sudoers/ldap_conf.c:678 plugins/sudoers/ldap_conf.c:760 -#: plugins/sudoers/ldap_util.c:326 plugins/sudoers/ldap_util.c:333 -#: plugins/sudoers/ldap_util.c:603 plugins/sudoers/linux_audit.c:84 -#: plugins/sudoers/log_client.c:105 plugins/sudoers/log_client.c:381 -#: plugins/sudoers/log_client.c:688 plugins/sudoers/log_client.c:706 -#: plugins/sudoers/log_client.c:1407 plugins/sudoers/log_client.c:1620 -#: plugins/sudoers/log_client.c:1942 plugins/sudoers/log_client.c:1999 -#: plugins/sudoers/logging.c:100 plugins/sudoers/logging.c:166 -#: plugins/sudoers/logging.c:426 plugins/sudoers/logging.c:446 -#: plugins/sudoers/logging.c:527 plugins/sudoers/match_command.c:281 -#: plugins/sudoers/match_command.c:449 plugins/sudoers/match_command.c:499 -#: plugins/sudoers/match_command.c:573 plugins/sudoers/match_digest.c:93 -#: plugins/sudoers/parse.c:199 plugins/sudoers/parse.c:213 -#: plugins/sudoers/parse.c:230 plugins/sudoers/parse.c:244 -#: plugins/sudoers/parse.c:264 plugins/sudoers/parse.c:275 +#: plugins/sudoers/cvtsudoers_ldif.c:376 plugins/sudoers/cvtsudoers_ldif.c:430 +#: plugins/sudoers/cvtsudoers_ldif.c:438 plugins/sudoers/cvtsudoers_ldif.c:449 +#: plugins/sudoers/cvtsudoers_ldif.c:456 plugins/sudoers/cvtsudoers_ldif.c:469 +#: plugins/sudoers/cvtsudoers_ldif.c:477 plugins/sudoers/cvtsudoers_ldif.c:624 +#: plugins/sudoers/cvtsudoers_merge.c:246 +#: plugins/sudoers/cvtsudoers_merge.c:292 +#: plugins/sudoers/cvtsudoers_merge.c:339 +#: plugins/sudoers/cvtsudoers_merge.c:360 +#: plugins/sudoers/cvtsudoers_merge.c:446 +#: plugins/sudoers/cvtsudoers_merge.c:457 +#: plugins/sudoers/cvtsudoers_merge.c:526 +#: plugins/sudoers/cvtsudoers_merge.c:696 +#: plugins/sudoers/cvtsudoers_merge.c:704 +#: plugins/sudoers/cvtsudoers_merge.c:927 +#: plugins/sudoers/cvtsudoers_merge.c:962 plugins/sudoers/defaults.c:665 +#: plugins/sudoers/defaults.c:1019 plugins/sudoers/defaults.c:1206 +#: plugins/sudoers/editor.c:190 plugins/sudoers/env.c:262 +#: plugins/sudoers/exptilde.c:92 plugins/sudoers/filedigest.c:54 +#: plugins/sudoers/filedigest.c:70 plugins/sudoers/gc.c:57 +#: plugins/sudoers/group_plugin.c:133 plugins/sudoers/interfaces.c:68 +#: plugins/sudoers/iolog.c:609 plugins/sudoers/iolog.c:635 +#: plugins/sudoers/ldap.c:184 plugins/sudoers/ldap.c:422 +#: plugins/sudoers/ldap.c:432 plugins/sudoers/ldap.c:437 +#: plugins/sudoers/ldap.c:441 plugins/sudoers/ldap.c:453 +#: plugins/sudoers/ldap.c:749 plugins/sudoers/ldap.c:913 +#: plugins/sudoers/ldap.c:1286 plugins/sudoers/ldap.c:1712 +#: plugins/sudoers/ldap.c:1749 plugins/sudoers/ldap.c:1830 +#: plugins/sudoers/ldap.c:1965 plugins/sudoers/ldap.c:2066 +#: plugins/sudoers/ldap.c:2082 plugins/sudoers/ldap_conf.c:218 +#: plugins/sudoers/ldap_conf.c:249 plugins/sudoers/ldap_conf.c:301 +#: plugins/sudoers/ldap_conf.c:337 plugins/sudoers/ldap_conf.c:441 +#: plugins/sudoers/ldap_conf.c:456 plugins/sudoers/ldap_conf.c:553 +#: plugins/sudoers/ldap_conf.c:586 plugins/sudoers/ldap_conf.c:678 +#: plugins/sudoers/ldap_conf.c:760 plugins/sudoers/ldap_util.c:293 +#: plugins/sudoers/ldap_util.c:300 plugins/sudoers/ldap_util.c:613 +#: plugins/sudoers/linux_audit.c:86 plugins/sudoers/log_client.c:112 +#: plugins/sudoers/log_client.c:390 plugins/sudoers/log_client.c:703 +#: plugins/sudoers/log_client.c:724 plugins/sudoers/log_client.c:1444 +#: plugins/sudoers/log_client.c:1662 plugins/sudoers/log_client.c:1989 +#: plugins/sudoers/log_client.c:2046 plugins/sudoers/logging.c:104 +#: plugins/sudoers/logging.c:184 plugins/sudoers/logging.c:468 +#: plugins/sudoers/logging.c:488 plugins/sudoers/logging.c:627 +#: plugins/sudoers/match_command.c:297 plugins/sudoers/match_command.c:497 +#: plugins/sudoers/match_command.c:546 plugins/sudoers/match_command.c:618 +#: plugins/sudoers/match_command.c:666 plugins/sudoers/match_digest.c:93 +#: plugins/sudoers/parse.c:201 plugins/sudoers/parse.c:218 +#: plugins/sudoers/parse.c:250 plugins/sudoers/parse.c:267 +#: plugins/sudoers/parse.c:290 plugins/sudoers/parse.c:301 #: plugins/sudoers/parse_ldif.c:153 plugins/sudoers/parse_ldif.c:184 -#: plugins/sudoers/parse_ldif.c:253 plugins/sudoers/parse_ldif.c:260 -#: plugins/sudoers/parse_ldif.c:265 plugins/sudoers/parse_ldif.c:341 -#: plugins/sudoers/parse_ldif.c:352 plugins/sudoers/parse_ldif.c:379 -#: plugins/sudoers/parse_ldif.c:396 plugins/sudoers/parse_ldif.c:408 -#: plugins/sudoers/parse_ldif.c:412 plugins/sudoers/parse_ldif.c:426 -#: plugins/sudoers/parse_ldif.c:594 plugins/sudoers/parse_ldif.c:624 -#: plugins/sudoers/parse_ldif.c:649 plugins/sudoers/parse_ldif.c:707 -#: plugins/sudoers/parse_ldif.c:724 plugins/sudoers/parse_ldif.c:752 -#: plugins/sudoers/parse_ldif.c:759 plugins/sudoers/policy.c:526 -#: plugins/sudoers/policy.c:874 plugins/sudoers/prompt.c:93 -#: plugins/sudoers/pwutil.c:194 plugins/sudoers/pwutil.c:265 -#: plugins/sudoers/pwutil.c:343 plugins/sudoers/pwutil.c:517 -#: plugins/sudoers/pwutil.c:581 plugins/sudoers/pwutil.c:652 -#: plugins/sudoers/pwutil.c:811 plugins/sudoers/pwutil.c:867 -#: plugins/sudoers/pwutil.c:911 plugins/sudoers/pwutil.c:968 -#: plugins/sudoers/sssd.c:145 plugins/sudoers/sssd.c:407 -#: plugins/sudoers/sssd.c:470 plugins/sudoers/sssd.c:514 -#: plugins/sudoers/sssd.c:561 plugins/sudoers/sssd.c:754 -#: plugins/sudoers/stubs.c:110 plugins/sudoers/stubs.c:118 -#: plugins/sudoers/sudoers.c:300 plugins/sudoers/sudoers.c:326 -#: plugins/sudoers/sudoers.c:370 plugins/sudoers/sudoers.c:381 -#: plugins/sudoers/sudoers.c:391 plugins/sudoers/sudoers.c:433 -#: plugins/sudoers/sudoers.c:794 plugins/sudoers/sudoers.c:927 -#: plugins/sudoers/sudoers.c:961 plugins/sudoers/sudoers.c:1265 -#: plugins/sudoers/sudoreplay.c:552 plugins/sudoers/sudoreplay.c:555 -#: plugins/sudoers/sudoreplay.c:1259 plugins/sudoers/sudoreplay.c:1469 -#: plugins/sudoers/sudoreplay.c:1473 plugins/sudoers/testsudoers.c:128 -#: plugins/sudoers/testsudoers.c:228 plugins/sudoers/testsudoers.c:245 -#: plugins/sudoers/testsudoers.c:587 plugins/sudoers/timestamp.c:432 -#: plugins/sudoers/timestamp.c:476 plugins/sudoers/timestamp.c:986 -#: plugins/sudoers/toke_util.c:51 plugins/sudoers/toke_util.c:104 -#: plugins/sudoers/toke_util.c:129 plugins/sudoers/toke_util.c:157 -#: plugins/sudoers/tsdump.c:123 plugins/sudoers/visudo.c:145 -#: plugins/sudoers/visudo.c:323 plugins/sudoers/visudo.c:329 -#: plugins/sudoers/visudo.c:439 plugins/sudoers/visudo.c:615 -#: plugins/sudoers/visudo.c:935 plugins/sudoers/visudo.c:1008 -#: plugins/sudoers/visudo.c:1129 toke.l:913 toke.l:1033 toke.l:1091 +#: plugins/sudoers/parse_ldif.c:253 plugins/sudoers/parse_ldif.c:261 +#: plugins/sudoers/parse_ldif.c:266 plugins/sudoers/parse_ldif.c:342 +#: plugins/sudoers/parse_ldif.c:353 plugins/sudoers/parse_ldif.c:380 +#: plugins/sudoers/parse_ldif.c:397 plugins/sudoers/parse_ldif.c:409 +#: plugins/sudoers/parse_ldif.c:413 plugins/sudoers/parse_ldif.c:427 +#: plugins/sudoers/parse_ldif.c:484 plugins/sudoers/parse_ldif.c:597 +#: plugins/sudoers/parse_ldif.c:627 plugins/sudoers/parse_ldif.c:652 +#: plugins/sudoers/parse_ldif.c:710 plugins/sudoers/parse_ldif.c:727 +#: plugins/sudoers/parse_ldif.c:755 plugins/sudoers/parse_ldif.c:762 +#: plugins/sudoers/policy.c:564 plugins/sudoers/policy.c:978 +#: plugins/sudoers/prompt.c:93 plugins/sudoers/pwutil.c:199 +#: plugins/sudoers/pwutil.c:270 plugins/sudoers/pwutil.c:348 +#: plugins/sudoers/pwutil.c:522 plugins/sudoers/pwutil.c:587 +#: plugins/sudoers/pwutil.c:659 plugins/sudoers/pwutil.c:857 +#: plugins/sudoers/pwutil.c:913 plugins/sudoers/pwutil.c:957 +#: plugins/sudoers/pwutil.c:1014 plugins/sudoers/sssd.c:145 +#: plugins/sudoers/sssd.c:407 plugins/sudoers/sssd.c:470 +#: plugins/sudoers/sssd.c:514 plugins/sudoers/sssd.c:558 +#: plugins/sudoers/sssd.c:751 plugins/sudoers/strvec_join.c:53 +#: plugins/sudoers/stubs.c:111 plugins/sudoers/stubs.c:119 +#: plugins/sudoers/sudoers.c:335 plugins/sudoers/sudoers.c:361 +#: plugins/sudoers/sudoers.c:429 plugins/sudoers/sudoers.c:438 +#: plugins/sudoers/sudoers.c:479 plugins/sudoers/sudoers.c:842 +#: plugins/sudoers/sudoers.c:980 plugins/sudoers/sudoers.c:1039 +#: plugins/sudoers/sudoers.c:1305 plugins/sudoers/sudoreplay.c:562 +#: plugins/sudoers/sudoreplay.c:565 plugins/sudoers/sudoreplay.c:1280 +#: plugins/sudoers/sudoreplay.c:1500 plugins/sudoers/sudoreplay.c:1504 +#: plugins/sudoers/testsudoers.c:120 plugins/sudoers/testsudoers.c:224 +#: plugins/sudoers/testsudoers.c:241 plugins/sudoers/testsudoers.c:580 +#: plugins/sudoers/timestamp.c:424 plugins/sudoers/timestamp.c:468 +#: plugins/sudoers/timestamp.c:980 plugins/sudoers/timestamp.c:1118 +#: plugins/sudoers/toke_util.c:77 plugins/sudoers/toke_util.c:105 +#: plugins/sudoers/toke_util.c:130 plugins/sudoers/toke_util.c:155 +#: plugins/sudoers/toke_util.c:193 plugins/sudoers/tsdump.c:123 +#: plugins/sudoers/visudo.c:145 plugins/sudoers/visudo.c:344 +#: plugins/sudoers/visudo.c:350 plugins/sudoers/visudo.c:456 +#: plugins/sudoers/visudo.c:632 plugins/sudoers/visudo.c:962 +#: plugins/sudoers/visudo.c:1035 toke.l:944 toke.l:1076 toke.l:1147 msgid "unable to allocate memory" msgstr "Es kann kein Speicher mehr alloziert werden" -#: gram.y:552 +#: gram.y:615 msgid "a digest requires a path name" msgstr "Eine Prüfsumme erfordert einen Pfadnamen" -#: gram.y:581 +#: gram.y:637 msgid "values for \"CWD\" must start with a '/', '~', or '*'" msgstr "Werte für »CWD« müssen mit »/«, »~« oder »*« beginnen" -#: gram.y:593 +#: gram.y:643 +msgid "\"CWD\" path too long" +msgstr "»CWD« (aktuelles Arbeitsverzeichnis) Pfad ist zu lang" + +#: gram.y:653 msgid "values for \"CHROOT\" must start with a '/', '~', or '*'" msgstr "Werte für »CHROOT« müssen mit »/«, »~« oder »*« beginnen" -#: gram.y:715 +#: gram.y:659 +msgid "\"CHROOT\" path too long" +msgstr "»CHROOT« Pfad ist zu lang" + +#: gram.y:788 #, c-format msgid "syntax error, reserved word %s used as an alias name" msgstr "Syntaxfehler, das reservierte Wort »%s« wird als Aliasname verwendet" -#: gram.y:735 +#: gram.y:811 msgid "invalid notbefore value" msgstr "ungültiger Wert für »notbefore«" -#: gram.y:743 +#: gram.y:820 msgid "invalid notafter value" msgstr "ungültiger Wert für »notafter«" -#: gram.y:752 plugins/sudoers/policy.c:335 +#: gram.y:830 plugins/sudoers/policy.c:353 msgid "timeout value too large" msgstr "Wert für Timeout ist zu groß" -#: gram.y:754 plugins/sudoers/policy.c:337 +#: gram.y:832 plugins/sudoers/policy.c:355 msgid "invalid timeout value" msgstr "ungültiger Wert für Timeout" -#: gram.y:1079 +#: gram.y:946 plugins/sudoers/sudoers.c:998 +msgid "command too long" +msgstr "Der Befehl ist zu lang" + +#: gram.y:1203 #, c-format msgid "%s:%d:%d: %s\n" msgstr "%s:%d:%d: %s\n" -#: gram.y:1526 lib/eventlog/eventlog.c:280 lib/eventlog/eventlog.c:753 -#: lib/eventlog/eventlog.c:815 lib/eventlog/eventlog.c:816 -#: lib/eventlog/eventlog.c:1062 lib/iolog/iolog_fileio.c:998 -#: lib/iolog/iolog_json.c:120 lib/iolog/iolog_json.c:304 -#: lib/iolog/iolog_json.c:335 lib/iolog/iolog_json.c:457 -#: lib/iolog/iolog_json.c:735 lib/iolog/iolog_util.c:106 -#: lib/iolog/iolog_util.c:115 lib/iolog/iolog_util.c:125 -#: lib/iolog/iolog_util.c:133 lib/iolog/iolog_util.c:137 -#: lib/iolog/iolog_util.c:196 logsrvd/logsrvd.c:1280 logsrvd/logsrvd.c:1293 -#: logsrvd/logsrvd.c:1338 logsrvd/sendlog.c:480 logsrvd/sendlog.c:1321 -#: logsrvd/sendlog.c:1328 logsrvd/sendlog.c:1746 plugins/sudoers/audit.c:115 -#: plugins/sudoers/audit.c:210 plugins/sudoers/auth/pam.c:482 -#: plugins/sudoers/auth/pam.c:669 plugins/sudoers/auth/rfc1938.c:111 -#: plugins/sudoers/cvtsudoers.c:119 plugins/sudoers/cvtsudoers.c:159 -#: plugins/sudoers/cvtsudoers.c:176 plugins/sudoers/cvtsudoers.c:187 -#: plugins/sudoers/cvtsudoers.c:299 plugins/sudoers/cvtsudoers.c:427 -#: plugins/sudoers/cvtsudoers.c:560 plugins/sudoers/cvtsudoers.c:577 -#: plugins/sudoers/cvtsudoers.c:641 plugins/sudoers/cvtsudoers.c:756 -#: plugins/sudoers/cvtsudoers.c:763 plugins/sudoers/cvtsudoers.c:1178 -#: plugins/sudoers/cvtsudoers.c:1182 plugins/sudoers/cvtsudoers.c:1284 +#: gram.y:1247 +#, c-format +msgid "Alias \"%s\" already defined" +msgstr "Alias »%s« ist bereits definiert" + +#: gram.y:1744 gram.y:1794 lib/eventlog/eventlog.c:309 +#: lib/eventlog/eventlog.c:804 lib/eventlog/eventlog.c:877 +#: lib/eventlog/eventlog.c:880 lib/eventlog/eventlog.c:1176 +#: lib/iolog/iolog_json.c:150 lib/iolog/iolog_json.c:381 +#: lib/iolog/iolog_json.c:412 lib/iolog/iolog_json.c:555 +#: lib/iolog/iolog_legacy.c:100 lib/iolog/iolog_legacy.c:111 +#: lib/iolog/iolog_legacy.c:123 lib/iolog/iolog_legacy.c:133 +#: lib/iolog/iolog_legacy.c:139 lib/iolog/iolog_loginfo.c:76 +#: lib/iolog/iolog_loginfo.c:211 logsrvd/iolog_writer.c:84 +#: logsrvd/iolog_writer.c:89 logsrvd/iolog_writer.c:123 +#: logsrvd/iolog_writer.c:162 logsrvd/iolog_writer.c:171 +#: logsrvd/iolog_writer.c:189 logsrvd/iolog_writer.c:211 +#: logsrvd/iolog_writer.c:224 logsrvd/iolog_writer.c:251 +#: logsrvd/iolog_writer.c:260 logsrvd/iolog_writer.c:276 +#: logsrvd/iolog_writer.c:285 logsrvd/iolog_writer.c:300 +#: logsrvd/iolog_writer.c:313 logsrvd/iolog_writer.c:326 +#: logsrvd/iolog_writer.c:339 logsrvd/iolog_writer.c:354 +#: logsrvd/iolog_writer.c:393 logsrvd/iolog_writer.c:399 +#: logsrvd/iolog_writer.c:406 logsrvd/iolog_writer.c:412 +#: logsrvd/iolog_writer.c:596 logsrvd/logsrv_util.c:64 logsrvd/logsrvd.c:296 +#: logsrvd/logsrvd.c:305 logsrvd/logsrvd.c:448 logsrvd/logsrvd.c:485 +#: logsrvd/logsrvd.c:593 logsrvd/logsrvd.c:1084 logsrvd/logsrvd.c:1400 +#: logsrvd/logsrvd.c:1406 logsrvd/logsrvd_conf.c:1360 +#: logsrvd/logsrvd_journal.c:70 logsrvd/logsrvd_journal.c:114 +#: logsrvd/logsrvd_journal.c:203 logsrvd/logsrvd_journal.c:233 +#: logsrvd/logsrvd_journal.c:237 logsrvd/logsrvd_journal.c:245 +#: logsrvd/logsrvd_journal.c:268 logsrvd/logsrvd_journal.c:272 +#: logsrvd/logsrvd_journal.c:425 logsrvd/logsrvd_local.c:174 +#: logsrvd/logsrvd_local.c:237 logsrvd/logsrvd_local.c:425 +#: logsrvd/logsrvd_local.c:431 logsrvd/logsrvd_local.c:450 +#: logsrvd/logsrvd_queue.c:153 logsrvd/logsrvd_queue.c:184 +#: logsrvd/logsrvd_queue.c:261 logsrvd/sendlog.c:246 logsrvd/sendlog.c:255 +#: logsrvd/sendlog.c:333 logsrvd/sendlog.c:640 logsrvd/sendlog.c:1526 +#: logsrvd/sendlog.c:1533 logsrvd/sendlog.c:1756 logsrvd/tls_init.c:293 +#: logsrvd/tls_init.c:314 logsrvd/tls_init.c:324 plugins/sudoers/audit.c:116 +#: plugins/sudoers/auth/pam.c:503 plugins/sudoers/auth/pam.c:689 +#: plugins/sudoers/auth/rfc1938.c:111 plugins/sudoers/check_aliases.c:134 +#: plugins/sudoers/cvtsudoers.c:131 plugins/sudoers/cvtsudoers.c:174 +#: plugins/sudoers/cvtsudoers.c:191 plugins/sudoers/cvtsudoers.c:202 +#: plugins/sudoers/cvtsudoers.c:332 plugins/sudoers/cvtsudoers.c:533 +#: plugins/sudoers/cvtsudoers.c:666 plugins/sudoers/cvtsudoers.c:684 +#: plugins/sudoers/cvtsudoers.c:755 plugins/sudoers/cvtsudoers.c:870 +#: plugins/sudoers/cvtsudoers.c:877 plugins/sudoers/cvtsudoers.c:1373 +#: plugins/sudoers/cvtsudoers.c:1377 plugins/sudoers/cvtsudoers.c:1479 +#: plugins/sudoers/cvtsudoers_csv.c:182 plugins/sudoers/cvtsudoers_csv.c:245 #: plugins/sudoers/cvtsudoers_json.c:75 plugins/sudoers/cvtsudoers_ldif.c:150 #: plugins/sudoers/cvtsudoers_ldif.c:193 plugins/sudoers/cvtsudoers_ldif.c:234 -#: plugins/sudoers/cvtsudoers_ldif.c:299 plugins/sudoers/cvtsudoers_ldif.c:370 -#: plugins/sudoers/cvtsudoers_ldif.c:420 plugins/sudoers/cvtsudoers_ldif.c:428 -#: plugins/sudoers/cvtsudoers_ldif.c:439 plugins/sudoers/cvtsudoers_ldif.c:446 -#: plugins/sudoers/cvtsudoers_ldif.c:459 plugins/sudoers/cvtsudoers_ldif.c:467 -#: plugins/sudoers/cvtsudoers_ldif.c:614 plugins/sudoers/defaults.c:630 -#: plugins/sudoers/defaults.c:923 plugins/sudoers/defaults.c:1098 -#: plugins/sudoers/editor.c:181 plugins/sudoers/env.c:261 +#: plugins/sudoers/cvtsudoers_ldif.c:299 plugins/sudoers/cvtsudoers_ldif.c:375 +#: plugins/sudoers/cvtsudoers_ldif.c:429 plugins/sudoers/cvtsudoers_ldif.c:437 +#: plugins/sudoers/cvtsudoers_ldif.c:448 plugins/sudoers/cvtsudoers_ldif.c:455 +#: plugins/sudoers/cvtsudoers_ldif.c:468 plugins/sudoers/cvtsudoers_ldif.c:476 +#: plugins/sudoers/cvtsudoers_ldif.c:623 +#: plugins/sudoers/cvtsudoers_merge.c:246 +#: plugins/sudoers/cvtsudoers_merge.c:292 +#: plugins/sudoers/cvtsudoers_merge.c:338 +#: plugins/sudoers/cvtsudoers_merge.c:359 +#: plugins/sudoers/cvtsudoers_merge.c:446 +#: plugins/sudoers/cvtsudoers_merge.c:454 +#: plugins/sudoers/cvtsudoers_merge.c:457 +#: plugins/sudoers/cvtsudoers_merge.c:523 +#: plugins/sudoers/cvtsudoers_merge.c:526 +#: plugins/sudoers/cvtsudoers_merge.c:695 +#: plugins/sudoers/cvtsudoers_merge.c:703 +#: plugins/sudoers/cvtsudoers_merge.c:926 +#: plugins/sudoers/cvtsudoers_merge.c:962 plugins/sudoers/defaults.c:665 +#: plugins/sudoers/defaults.c:1019 plugins/sudoers/defaults.c:1206 +#: plugins/sudoers/editor.c:190 plugins/sudoers/env.c:262 #: plugins/sudoers/exptilde.c:92 plugins/sudoers/filedigest.c:54 -#: plugins/sudoers/filedigest.c:70 plugins/sudoers/gc.c:56 -#: plugins/sudoers/group_plugin.c:132 plugins/sudoers/interfaces.c:72 -#: plugins/sudoers/iolog.c:596 plugins/sudoers/iolog.c:613 +#: plugins/sudoers/filedigest.c:70 plugins/sudoers/gc.c:57 +#: plugins/sudoers/group_plugin.c:132 plugins/sudoers/interfaces.c:68 +#: plugins/sudoers/iolog.c:609 plugins/sudoers/iolog.c:635 #: plugins/sudoers/ldap.c:184 plugins/sudoers/ldap.c:422 #: plugins/sudoers/ldap.c:432 plugins/sudoers/ldap.c:437 #: plugins/sudoers/ldap.c:441 plugins/sudoers/ldap.c:453 -#: plugins/sudoers/ldap.c:744 plugins/sudoers/ldap.c:908 -#: plugins/sudoers/ldap.c:1281 plugins/sudoers/ldap.c:1709 -#: plugins/sudoers/ldap.c:1746 plugins/sudoers/ldap.c:1827 -#: plugins/sudoers/ldap.c:1962 plugins/sudoers/ldap.c:2063 -#: plugins/sudoers/ldap.c:2079 plugins/sudoers/ldap_conf.c:218 +#: plugins/sudoers/ldap.c:749 plugins/sudoers/ldap.c:913 +#: plugins/sudoers/ldap.c:1286 plugins/sudoers/ldap.c:1712 +#: plugins/sudoers/ldap.c:1749 plugins/sudoers/ldap.c:1830 +#: plugins/sudoers/ldap.c:1965 plugins/sudoers/ldap.c:2066 +#: plugins/sudoers/ldap.c:2082 plugins/sudoers/ldap_conf.c:218 #: plugins/sudoers/ldap_conf.c:249 plugins/sudoers/ldap_conf.c:301 #: plugins/sudoers/ldap_conf.c:337 plugins/sudoers/ldap_conf.c:441 #: plugins/sudoers/ldap_conf.c:456 plugins/sudoers/ldap_conf.c:553 #: plugins/sudoers/ldap_conf.c:586 plugins/sudoers/ldap_conf.c:677 -#: plugins/sudoers/ldap_conf.c:760 plugins/sudoers/ldap_util.c:325 -#: plugins/sudoers/ldap_util.c:332 plugins/sudoers/ldap_util.c:603 -#: plugins/sudoers/linux_audit.c:84 plugins/sudoers/log_client.c:105 -#: plugins/sudoers/log_client.c:214 plugins/sudoers/log_client.c:235 -#: plugins/sudoers/log_client.c:248 plugins/sudoers/log_client.c:381 -#: plugins/sudoers/log_client.c:688 plugins/sudoers/log_client.c:706 -#: plugins/sudoers/log_client.c:1407 plugins/sudoers/log_client.c:1620 -#: plugins/sudoers/log_client.c:1942 plugins/sudoers/log_client.c:1999 -#: plugins/sudoers/logging.c:100 plugins/sudoers/logging.c:165 -#: plugins/sudoers/logging.c:166 plugins/sudoers/logging.c:425 -#: plugins/sudoers/logging.c:445 plugins/sudoers/logging.c:527 -#: plugins/sudoers/match_command.c:280 plugins/sudoers/match_command.c:448 -#: plugins/sudoers/match_command.c:498 plugins/sudoers/match_command.c:573 -#: plugins/sudoers/match_digest.c:93 plugins/sudoers/parse.c:198 -#: plugins/sudoers/parse.c:212 plugins/sudoers/parse.c:229 -#: plugins/sudoers/parse.c:243 plugins/sudoers/parse.c:263 -#: plugins/sudoers/parse.c:274 plugins/sudoers/parse_ldif.c:152 -#: plugins/sudoers/parse_ldif.c:183 plugins/sudoers/parse_ldif.c:252 -#: plugins/sudoers/parse_ldif.c:259 plugins/sudoers/parse_ldif.c:264 -#: plugins/sudoers/parse_ldif.c:340 plugins/sudoers/parse_ldif.c:351 -#: plugins/sudoers/parse_ldif.c:378 plugins/sudoers/parse_ldif.c:395 -#: plugins/sudoers/parse_ldif.c:407 plugins/sudoers/parse_ldif.c:411 -#: plugins/sudoers/parse_ldif.c:425 plugins/sudoers/parse_ldif.c:594 -#: plugins/sudoers/parse_ldif.c:623 plugins/sudoers/parse_ldif.c:648 -#: plugins/sudoers/parse_ldif.c:706 plugins/sudoers/parse_ldif.c:723 -#: plugins/sudoers/parse_ldif.c:751 plugins/sudoers/parse_ldif.c:758 -#: plugins/sudoers/policy.c:139 plugins/sudoers/policy.c:148 -#: plugins/sudoers/policy.c:157 plugins/sudoers/policy.c:183 -#: plugins/sudoers/policy.c:320 plugins/sudoers/policy.c:335 -#: plugins/sudoers/policy.c:337 plugins/sudoers/policy.c:366 -#: plugins/sudoers/policy.c:375 plugins/sudoers/policy.c:418 -#: plugins/sudoers/policy.c:428 plugins/sudoers/policy.c:437 -#: plugins/sudoers/policy.c:446 plugins/sudoers/policy.c:526 -#: plugins/sudoers/policy.c:874 plugins/sudoers/prompt.c:93 -#: plugins/sudoers/pwutil.c:194 plugins/sudoers/pwutil.c:265 -#: plugins/sudoers/pwutil.c:343 plugins/sudoers/pwutil.c:517 -#: plugins/sudoers/pwutil.c:581 plugins/sudoers/pwutil.c:652 -#: plugins/sudoers/pwutil.c:811 plugins/sudoers/pwutil.c:867 -#: plugins/sudoers/pwutil.c:911 plugins/sudoers/pwutil.c:968 -#: plugins/sudoers/set_perms.c:359 plugins/sudoers/set_perms.c:698 -#: plugins/sudoers/set_perms.c:1061 plugins/sudoers/set_perms.c:1364 -#: plugins/sudoers/set_perms.c:1529 plugins/sudoers/sssd.c:144 +#: plugins/sudoers/ldap_conf.c:760 plugins/sudoers/ldap_util.c:292 +#: plugins/sudoers/ldap_util.c:299 plugins/sudoers/ldap_util.c:613 +#: plugins/sudoers/linux_audit.c:86 plugins/sudoers/log_client.c:112 +#: plugins/sudoers/log_client.c:221 plugins/sudoers/log_client.c:242 +#: plugins/sudoers/log_client.c:255 plugins/sudoers/log_client.c:390 +#: plugins/sudoers/log_client.c:703 plugins/sudoers/log_client.c:724 +#: plugins/sudoers/log_client.c:1444 plugins/sudoers/log_client.c:1662 +#: plugins/sudoers/log_client.c:1989 plugins/sudoers/log_client.c:2046 +#: plugins/sudoers/logging.c:104 plugins/sudoers/logging.c:183 +#: plugins/sudoers/logging.c:184 plugins/sudoers/logging.c:467 +#: plugins/sudoers/logging.c:487 plugins/sudoers/logging.c:627 +#: plugins/sudoers/match_command.c:296 plugins/sudoers/match_command.c:496 +#: plugins/sudoers/match_command.c:545 plugins/sudoers/match_command.c:618 +#: plugins/sudoers/match_command.c:665 plugins/sudoers/match_digest.c:93 +#: plugins/sudoers/parse.c:200 plugins/sudoers/parse.c:217 +#: plugins/sudoers/parse.c:249 plugins/sudoers/parse.c:266 +#: plugins/sudoers/parse.c:289 plugins/sudoers/parse.c:300 +#: plugins/sudoers/parse_ldif.c:152 plugins/sudoers/parse_ldif.c:183 +#: plugins/sudoers/parse_ldif.c:252 plugins/sudoers/parse_ldif.c:260 +#: plugins/sudoers/parse_ldif.c:265 plugins/sudoers/parse_ldif.c:341 +#: plugins/sudoers/parse_ldif.c:352 plugins/sudoers/parse_ldif.c:379 +#: plugins/sudoers/parse_ldif.c:396 plugins/sudoers/parse_ldif.c:408 +#: plugins/sudoers/parse_ldif.c:412 plugins/sudoers/parse_ldif.c:426 +#: plugins/sudoers/parse_ldif.c:484 plugins/sudoers/parse_ldif.c:597 +#: plugins/sudoers/parse_ldif.c:626 plugins/sudoers/parse_ldif.c:651 +#: plugins/sudoers/parse_ldif.c:709 plugins/sudoers/parse_ldif.c:726 +#: plugins/sudoers/parse_ldif.c:754 plugins/sudoers/parse_ldif.c:761 +#: plugins/sudoers/policy.c:152 plugins/sudoers/policy.c:161 +#: plugins/sudoers/policy.c:170 plugins/sudoers/policy.c:197 +#: plugins/sudoers/policy.c:338 plugins/sudoers/policy.c:353 +#: plugins/sudoers/policy.c:355 plugins/sudoers/policy.c:385 +#: plugins/sudoers/policy.c:394 plugins/sudoers/policy.c:442 +#: plugins/sudoers/policy.c:452 plugins/sudoers/policy.c:461 +#: plugins/sudoers/policy.c:470 plugins/sudoers/policy.c:564 +#: plugins/sudoers/policy.c:978 plugins/sudoers/prompt.c:93 +#: plugins/sudoers/pwutil.c:199 plugins/sudoers/pwutil.c:270 +#: plugins/sudoers/pwutil.c:348 plugins/sudoers/pwutil.c:522 +#: plugins/sudoers/pwutil.c:587 plugins/sudoers/pwutil.c:659 +#: plugins/sudoers/pwutil.c:857 plugins/sudoers/pwutil.c:913 +#: plugins/sudoers/pwutil.c:957 plugins/sudoers/pwutil.c:1014 +#: plugins/sudoers/set_perms.c:363 plugins/sudoers/set_perms.c:706 +#: plugins/sudoers/set_perms.c:1073 plugins/sudoers/set_perms.c:1380 +#: plugins/sudoers/set_perms.c:1549 plugins/sudoers/sssd.c:144 #: plugins/sudoers/sssd.c:407 plugins/sudoers/sssd.c:470 -#: plugins/sudoers/sssd.c:514 plugins/sudoers/sssd.c:561 -#: plugins/sudoers/sssd.c:754 plugins/sudoers/stubs.c:110 -#: plugins/sudoers/stubs.c:118 plugins/sudoers/sudoers.c:300 -#: plugins/sudoers/sudoers.c:326 plugins/sudoers/sudoers.c:370 -#: plugins/sudoers/sudoers.c:381 plugins/sudoers/sudoers.c:391 -#: plugins/sudoers/sudoers.c:433 plugins/sudoers/sudoers.c:794 -#: plugins/sudoers/sudoers.c:927 plugins/sudoers/sudoers.c:961 -#: plugins/sudoers/sudoers.c:1265 plugins/sudoers/sudoreplay.c:552 -#: plugins/sudoers/sudoreplay.c:555 plugins/sudoers/sudoreplay.c:1259 -#: plugins/sudoers/sudoreplay.c:1469 plugins/sudoers/sudoreplay.c:1473 -#: plugins/sudoers/testsudoers.c:128 plugins/sudoers/testsudoers.c:228 -#: plugins/sudoers/testsudoers.c:245 plugins/sudoers/testsudoers.c:587 -#: plugins/sudoers/timestamp.c:432 plugins/sudoers/timestamp.c:476 -#: plugins/sudoers/timestamp.c:986 plugins/sudoers/toke_util.c:51 -#: plugins/sudoers/toke_util.c:104 plugins/sudoers/toke_util.c:128 -#: plugins/sudoers/toke_util.c:157 plugins/sudoers/tsdump.c:123 -#: plugins/sudoers/visudo.c:145 plugins/sudoers/visudo.c:323 -#: plugins/sudoers/visudo.c:329 plugins/sudoers/visudo.c:439 -#: plugins/sudoers/visudo.c:615 plugins/sudoers/visudo.c:935 -#: plugins/sudoers/visudo.c:1008 plugins/sudoers/visudo.c:1129 toke.l:913 -#: toke.l:1033 toke.l:1091 +#: plugins/sudoers/sssd.c:514 plugins/sudoers/sssd.c:558 +#: plugins/sudoers/sssd.c:751 plugins/sudoers/strvec_join.c:53 +#: plugins/sudoers/stubs.c:111 plugins/sudoers/stubs.c:119 +#: plugins/sudoers/sudoers.c:335 plugins/sudoers/sudoers.c:361 +#: plugins/sudoers/sudoers.c:429 plugins/sudoers/sudoers.c:438 +#: plugins/sudoers/sudoers.c:479 plugins/sudoers/sudoers.c:842 +#: plugins/sudoers/sudoers.c:980 plugins/sudoers/sudoers.c:1039 +#: plugins/sudoers/sudoers.c:1305 plugins/sudoers/sudoreplay.c:562 +#: plugins/sudoers/sudoreplay.c:565 plugins/sudoers/sudoreplay.c:1280 +#: plugins/sudoers/sudoreplay.c:1500 plugins/sudoers/sudoreplay.c:1504 +#: plugins/sudoers/testsudoers.c:120 plugins/sudoers/testsudoers.c:224 +#: plugins/sudoers/testsudoers.c:241 plugins/sudoers/testsudoers.c:580 +#: plugins/sudoers/timestamp.c:424 plugins/sudoers/timestamp.c:468 +#: plugins/sudoers/timestamp.c:980 plugins/sudoers/timestamp.c:1118 +#: plugins/sudoers/toke_util.c:77 plugins/sudoers/toke_util.c:105 +#: plugins/sudoers/toke_util.c:130 plugins/sudoers/toke_util.c:154 +#: plugins/sudoers/toke_util.c:193 plugins/sudoers/tsdump.c:123 +#: plugins/sudoers/visudo.c:145 plugins/sudoers/visudo.c:344 +#: plugins/sudoers/visudo.c:350 plugins/sudoers/visudo.c:456 +#: plugins/sudoers/visudo.c:632 plugins/sudoers/visudo.c:962 +#: plugins/sudoers/visudo.c:1035 toke.l:944 toke.l:1076 toke.l:1139 +#: toke.l:1147 #, c-format msgid "%s: %s" msgstr "%s: %s" -#: lib/eventlog/eventlog.c:285 lib/iolog/iolog_json.c:463 -#: lib/iolog/iolog_json.c:466 lib/iolog/iolog_json.c:468 -#: lib/iolog/iolog_json.c:560 plugins/sudoers/cvtsudoers_ldif.c:244 -#: plugins/sudoers/cvtsudoers_ldif.c:251 plugins/sudoers/cvtsudoers_ldif.c:571 -#: plugins/sudoers/env.c:323 plugins/sudoers/env.c:330 -#: plugins/sudoers/env.c:437 plugins/sudoers/iolog.c:618 -#: plugins/sudoers/ldap.c:517 plugins/sudoers/ldap.c:748 -#: plugins/sudoers/ldap.c:1081 plugins/sudoers/ldap_conf.c:222 -#: plugins/sudoers/ldap_conf.c:312 plugins/sudoers/linux_audit.c:90 -#: plugins/sudoers/policy.c:556 plugins/sudoers/policy.c:711 -#: plugins/sudoers/policy.c:721 plugins/sudoers/prompt.c:161 -#: plugins/sudoers/sudoers.c:983 plugins/sudoers/testsudoers.c:249 -#: plugins/sudoers/toke_util.c:169 +#: lib/eventlog/eventlog.c:314 lib/iolog/iolog_json.c:562 +#: lib/iolog/iolog_json.c:568 lib/iolog/iolog_json.c:574 +#: plugins/sudoers/cvtsudoers_csv.c:192 plugins/sudoers/cvtsudoers_csv.c:199 +#: plugins/sudoers/cvtsudoers_ldif.c:244 plugins/sudoers/cvtsudoers_ldif.c:251 +#: plugins/sudoers/cvtsudoers_ldif.c:580 plugins/sudoers/env.c:326 +#: plugins/sudoers/env.c:333 plugins/sudoers/env.c:444 +#: plugins/sudoers/ldap.c:520 plugins/sudoers/ldap.c:753 +#: plugins/sudoers/ldap.c:1086 plugins/sudoers/ldap_conf.c:222 +#: plugins/sudoers/ldap_conf.c:312 plugins/sudoers/ldap_util.c:485 +#: plugins/sudoers/linux_audit.c:92 plugins/sudoers/policy.c:594 +#: plugins/sudoers/policy.c:763 plugins/sudoers/policy.c:774 +#: plugins/sudoers/prompt.c:168 plugins/sudoers/strvec_join.c:62 +#: plugins/sudoers/testsudoers.c:245 plugins/sudoers/toke_util.c:206 +#: toke.l:908 toke.l:1110 #, c-format msgid "internal error, %s overflow" msgstr "Interner Fehler, %s-Überlauf" -#: lib/eventlog/eventlog.c:343 +#: lib/eventlog/eventlog.c:373 #, c-format msgid "unable to dup stdin: %m" msgstr "Die Standardeingabe kann nicht dupliziert werden: %m" -#: lib/eventlog/eventlog.c:388 +#: lib/eventlog/eventlog.c:415 #, c-format msgid "unable to execute %s: %m" msgstr "%s kann nicht ausgeführt werden: %m" -#: lib/eventlog/eventlog.c:428 plugins/sudoers/auth/aix_auth.c:198 +#: lib/eventlog/eventlog.c:456 plugins/sudoers/auth/aix_auth.c:198 msgid "unable to fork" msgstr "Fehler bei fork()" -#: lib/eventlog/eventlog.c:436 lib/eventlog/eventlog.c:490 +#: lib/eventlog/eventlog.c:464 lib/eventlog/eventlog.c:518 #, c-format msgid "unable to fork: %m" msgstr "Fehler bei fork(): %m" -#: lib/eventlog/eventlog.c:480 +#: lib/eventlog/eventlog.c:508 #, c-format msgid "unable to open pipe: %m" msgstr "Die Pipe kann nicht geöffnet werden: %m" -#: lib/eventlog/eventlog.c:894 +#: lib/eventlog/eventlog.c:1007 #, c-format msgid "%8s : %s" msgstr "%8s : %s" -#: lib/eventlog/eventlog.c:923 +#: lib/eventlog/eventlog.c:1036 #, c-format msgid "%8s : (command continued) %s" msgstr "%8s : (Befehl fortgesetzt) %s" -#: lib/iolog/iolog_fileio.c:155 -#, c-format -msgid "%s exists but is not a directory (0%o)" -msgstr "%s existiert, aber ist kein Verzeichnis (0%o)" - -#: lib/iolog/iolog_fileio.c:185 lib/iolog/iolog_fileio.c:231 -#: plugins/sudoers/timestamp.c:205 -#, c-format -msgid "unable to mkdir %s" -msgstr "Das Verzeichnis »%s« kann nicht erstellt werden" - -#: lib/iolog/iolog_fileio.c:235 plugins/sudoers/visudo.c:732 -#: plugins/sudoers/visudo.c:743 -#, c-format -msgid "unable to change mode of %s to 0%o" -msgstr "Ändern des Modus von %s auf 0%o gescheitert" - -#: lib/iolog/iolog_json.c:114 +#: lib/iolog/iolog_json.c:140 #, c-format msgid "expected JSON_STRING, got %d" msgstr "JSON_STRING erwartet, aber »%d« bekommen" -#: lib/iolog/iolog_json.c:327 +#: lib/iolog/iolog_json.c:145 +msgid "JSON_ARRAY too large" +msgstr "Das JSON_ARRAY ist zu groß" + +#: lib/iolog/iolog_json.c:404 msgid "missing double quote in name" msgstr "Im Name fehlt das doppelte Anführungszeichen" -#: lib/iolog/iolog_json.c:414 +#: lib/iolog/iolog_json.c:501 +msgid "missing JSON_OBJECT" +msgstr "JSON_OBJECT fehlt" + +#: lib/iolog/iolog_json.c:505 #, c-format msgid "expected JSON_OBJECT, got %d" msgstr "JSON_OBJECT erwartet, aber »%d« bekommen" -#: lib/iolog/iolog_json.c:629 lib/iolog/iolog_json.c:753 +#: lib/iolog/iolog_json.c:661 +#, c-format +msgid "json stack exhausted (max %u frames)" +msgstr "json Stack erschöpft (maximal %u Frames)" + +#: lib/iolog/iolog_json.c:735 +msgid "objects must consist of name:value pairs" +msgstr "Objekte müssen aus Name:Wert Paaren bestehen" + +#: lib/iolog/iolog_json.c:740 lib/iolog/iolog_json.c:771 +#: lib/iolog/iolog_json.c:815 lib/iolog/iolog_json.c:837 +#: lib/iolog/iolog_json.c:859 lib/iolog/iolog_json.c:881 +#: lib/iolog/iolog_json.c:903 +msgid "missing separator between values" +msgstr "Fehlender Separator zwischen den Werten" + +#: lib/iolog/iolog_json.c:755 lib/iolog/iolog_json.c:929 msgid "unmatched close brace" msgstr "unpassende schließende geschweifte Klammer" -#: lib/iolog/iolog_json.c:638 +#: lib/iolog/iolog_json.c:766 msgid "unexpected array" msgstr "unerwartetes Array" -#: lib/iolog/iolog_json.c:651 lib/iolog/iolog_json.c:755 +#: lib/iolog/iolog_json.c:786 lib/iolog/iolog_json.c:932 msgid "unmatched close bracket" msgstr "unpassende schließende eckige Klammer" -#: lib/iolog/iolog_json.c:659 +#: lib/iolog/iolog_json.c:797 msgid "unexpected string" msgstr "unerwartete Zeichenkette" -#: lib/iolog/iolog_json.c:669 +#: lib/iolog/iolog_json.c:808 msgid "missing colon after name" msgstr "fehlender Doppelpunkt nach dem Name" -#: lib/iolog/iolog_json.c:680 lib/iolog/iolog_json.c:695 -#: lib/iolog/iolog_json.c:710 +#: lib/iolog/iolog_json.c:829 lib/iolog/iolog_json.c:851 msgid "unexpected boolean" msgstr "unerwarteter boolescher Wert (true/false)" -#: lib/iolog/iolog_json.c:726 +#: lib/iolog/iolog_json.c:873 +msgid "unexpected null" +msgstr "unerwartete »null«" + +#: lib/iolog/iolog_json.c:894 msgid "unexpected number" msgstr "unerwartete Zahl" -#: lib/iolog/iolog_json.c:763 -#, c-format -msgid "%s:%u unable to parse \"%s\"" -msgstr "%s:%u »%s« kann nicht ausgewertet werden" +#: lib/iolog/iolog_json.c:941 +msgid "parse error" +msgstr "Syntax-Fehler" -#: lib/iolog/iolog_util.c:71 +#: lib/iolog/iolog_legacy.c:65 #, c-format msgid "%s: invalid log file" msgstr "%s: ungültige Protokolldatei" -#: lib/iolog/iolog_util.c:89 +#: lib/iolog/iolog_legacy.c:83 #, c-format msgid "%s: time stamp field is missing" msgstr "%s: Das Feld für den Zeitstempel fehlt" -#: lib/iolog/iolog_util.c:95 +#: lib/iolog/iolog_legacy.c:89 #, c-format msgid "%s: time stamp %s: %s" msgstr "%s: Zeitstempel %s: %s" -#: lib/iolog/iolog_util.c:102 +#: lib/iolog/iolog_legacy.c:96 #, c-format msgid "%s: user field is missing" msgstr "%s: Das Benutzerfeld fehlt" -#: lib/iolog/iolog_util.c:111 +#: lib/iolog/iolog_legacy.c:107 #, c-format msgid "%s: runas user field is missing" msgstr "%s: Das Feld für den »runas«-Benutzer fehlt" -#: lib/iolog/iolog_util.c:120 +#: lib/iolog/iolog_legacy.c:118 #, c-format msgid "%s: runas group field is missing" msgstr "%s: Das Feld für die »runas«-Gruppe fehlt" -#: lib/iolog/iolog_util.c:419 +#: lib/iolog/iolog_mkdirs.c:89 +#, c-format +msgid "%s exists but is not a directory (0%o)" +msgstr "%s existiert, aber ist kein Verzeichnis (0%o)" + +#: lib/iolog/iolog_mkdirs.c:119 lib/iolog/iolog_mkdtemp.c:77 +#: logsrvd/iolog_writer.c:807 plugins/sudoers/timestamp.c:205 +#, c-format +msgid "unable to mkdir %s" +msgstr "Das Verzeichnis »%s« kann nicht erstellt werden" + +#: lib/iolog/iolog_mkdtemp.c:81 plugins/sudoers/visudo.c:731 +#: plugins/sudoers/visudo.c:765 plugins/sudoers/visudo.c:771 +#, c-format +msgid "unable to change mode of %s to 0%o" +msgstr "Ändern des Modus von %s auf 0%o gescheitert" + +#: lib/iolog/iolog_timing.c:261 #, c-format msgid "error reading timing file: %s" msgstr "Fehler beim Lesen der Zeitdateizeile: %s" -#: lib/iolog/iolog_util.c:426 +#: lib/iolog/iolog_timing.c:268 #, c-format msgid "invalid timing file line: %s" msgstr "Ungültige Zeitdateizeile: %s" -#: logsrvd/iolog_writer.c:919 -msgid "log is already complete, cannot be restarted" -msgstr "Das Log ist bereits abgeschlossen, kann nicht neu gestartet werden" +#: logsrvd/iolog_writer.c:130 plugins/sudoers/logging.c:803 +#: plugins/sudoers/policy.c:544 +msgid "unable to generate UUID" +msgstr "UUID kann nicht generiert werden" -#: logsrvd/iolog_writer.c:950 -msgid "unable to restart log" -msgstr "Das Log konnte nicht wieder begonnen werden" +#: logsrvd/iolog_writer.c:158 logsrvd/iolog_writer.c:176 +#: logsrvd/iolog_writer.c:185 logsrvd/iolog_writer.c:203 +#: logsrvd/iolog_writer.c:216 logsrvd/iolog_writer.c:229 +#: logsrvd/iolog_writer.c:240 logsrvd/iolog_writer.c:247 +#: logsrvd/iolog_writer.c:265 logsrvd/iolog_writer.c:272 +#: logsrvd/iolog_writer.c:290 logsrvd/iolog_writer.c:305 +#: logsrvd/iolog_writer.c:318 logsrvd/iolog_writer.c:331 +#: logsrvd/iolog_writer.c:344 logsrvd/iolog_writer.c:359 +#, c-format +msgid "%s: protocol error: wrong type for %s" +msgstr "%s: Protokollfehker: falscher Typ für %s" + +#: logsrvd/iolog_writer.c:370 logsrvd/iolog_writer.c:375 +#: logsrvd/iolog_writer.c:380 logsrvd/iolog_writer.c:385 +#, c-format +msgid "%s: protocol error: %s missing from AcceptMessage" +msgstr "%s: Protokollfehler: %s fehlt in der AcceptMessage" + +#: logsrvd/iolog_writer.c:446 +#, c-format +msgid "%s: unable to format session id" +msgstr "%s: Session-ID kann nicht formatiert werden" + +#: logsrvd/iolog_writer.c:460 logsrvd/iolog_writer.c:474 +#: logsrvd/iolog_writer.c:488 logsrvd/iolog_writer.c:503 +#: logsrvd/iolog_writer.c:517 logsrvd/iolog_writer.c:531 +#, c-format +msgid "%s: %s is not set" +msgstr "%s: %s ist nicht gesetzt" + +# Kann die Escape-Sequenzen nicht auflösen? +#: logsrvd/iolog_writer.c:567 logsrvd/iolog_writer.c:574 +#, c-format +msgid "unable to expand iolog path %s" +msgstr "Kann den iolog-Pfad nicht erweitern: %s" + +#: logsrvd/iolog_writer.c:592 +#, c-format +msgid "unable to create iolog path %s" +msgstr "Kann den iolog-Pfad »%s« nicht erstellen" + +#: logsrvd/iolog_writer.c:622 +#, c-format +msgid "invalid iofd %d" +msgstr "Ungültiger I/O Dateideskriptor: %d" + +#: logsrvd/iolog_writer.c:642 +#, c-format +msgid "error closing iofd %d: %s" +msgstr "Fehler beim Schließen des I/O Dateideskriptors %d: %s" + +#: logsrvd/iolog_writer.c:662 +#, c-format +msgid "error flushing iofd %d: %s" +msgstr "Fehler beim Leeren des I/O Dateideskriptors %d: %s" + +#: logsrvd/iolog_writer.c:777 +#, c-format +msgid "invalid I/O log %s: %s referenced but not present" +msgstr "Ungültiges I/O log %s: »%s« wird verwendet, ist aber nicht vorhanden" + +#: logsrvd/iolog_writer.c:789 logsrvd/logsrvd_journal.c:377 +#, c-format +msgid "%s: unable to find resume point [%lld, %ld]" +msgstr "%s; Der Wiederaufsetz-Punkt [%lld, %ld] kann nicht gefunden werden" + +#: logsrvd/iolog_writer.c:811 logsrvd/logsrvd_journal.c:420 +#: logsrvd/logsrvd_queue.c:110 logsrvd/tls_init.c:245 +#: plugins/sudoers/check.c:274 plugins/sudoers/cvtsudoers.c:727 +#: plugins/sudoers/cvtsudoers.c:748 plugins/sudoers/cvtsudoers.c:1439 +#: plugins/sudoers/cvtsudoers_csv.c:681 plugins/sudoers/cvtsudoers_json.c:885 +#: plugins/sudoers/cvtsudoers_ldif.c:697 plugins/sudoers/sudoers.c:1092 +#: plugins/sudoers/sudoreplay.c:1466 plugins/sudoers/timestamp.c:433 +#: plugins/sudoers/tsdump.c:128 plugins/sudoers/visudo.c:949 +#, c-format +msgid "unable to open %s" +msgstr "Die Datei »%s« kann nicht geöffnet werden" -#: logsrvd/logsrv_util.c:99 logsrvd/logsrv_util.c:106 -#: plugins/sudoers/sudoreplay.c:352 plugins/sudoers/sudoreplay.c:358 +#: logsrvd/iolog_writer.c:823 logsrvd/logsrv_util.c:100 +#: logsrvd/logsrv_util.c:107 plugins/sudoers/sudoreplay.c:362 +#: plugins/sudoers/sudoreplay.c:368 #, c-format msgid "unable to open %s/%s" msgstr "Die Datei »%s/%s« kann nicht geöffnet werden" -#: logsrvd/logsrv_util.c:133 +#: logsrvd/iolog_writer.c:836 +#, c-format +msgid "unable to copy %s/%s to %s/%s: %s" +msgstr "Fehler beim Kopieren von »%s/%s« nach »%s/%s«: %s" + +#: logsrvd/iolog_writer.c:865 logsrvd/logsrvd_journal.c:185 +#, c-format +msgid "unable to rename %s to %s" +msgstr "Die Datei »%s« kann nicht in »%s« umbenannt werden" + +#: logsrvd/logsrv_util.c:139 logsrvd/logsrv_util.c:168 +#, c-format +msgid "%s/%s: unable to find resume point [%lld, %ld]" +msgstr "%s/%s: Der Wiederaufsetz-Punkt [%lld, %ld] kann nicht gefunden werden" + +#: logsrvd/logsrv_util.c:151 #, c-format msgid "missing I/O log file %s/%s" msgstr "Die I/O Logdatei %s/%s fehlt" -#: logsrvd/logsrv_util.c:140 +#: logsrvd/logsrv_util.c:158 #, c-format msgid "%s/%s: unable to seek forward %zu" msgstr "%s/%s: kann nicht zur Position %zu springen" -#: logsrvd/logsrv_util.c:150 +#: logsrvd/logsrvd.c:266 logsrvd/logsrvd_queue.c:130 +msgid "unable to connect to relay" +msgstr "Verbindung zum Relay kann nicht aufgebaut werden" + +#: logsrvd/logsrvd.c:325 logsrvd/logsrvd_relay.c:835 +#, c-format +msgid "server message too large: %zu" +msgstr "Server-Nachricht ist zu groß: %zu" + +#: logsrvd/logsrvd.c:417 logsrvd/logsrvd.c:534 logsrvd/logsrvd.c:613 +#: logsrvd/logsrvd.c:837 logsrvd/logsrvd.c:851 logsrvd/logsrvd.c:1010 +#: logsrvd/logsrvd.c:1134 logsrvd/logsrvd.c:1307 logsrvd/logsrvd.c:1325 +#: logsrvd/logsrvd.c:1423 logsrvd/logsrvd.c:1546 logsrvd/logsrvd.c:1730 +#: logsrvd/logsrvd_journal.c:489 logsrvd/logsrvd_local.c:197 +#: logsrvd/logsrvd_queue.c:159 logsrvd/logsrvd_relay.c:167 +#: logsrvd/logsrvd_relay.c:244 logsrvd/logsrvd_relay.c:248 +#: logsrvd/logsrvd_relay.c:384 logsrvd/logsrvd_relay.c:576 +#: logsrvd/logsrvd_relay.c:737 logsrvd/logsrvd_relay.c:1121 +#: logsrvd/sendlog.c:1316 logsrvd/tls_client.c:131 logsrvd/tls_client.c:147 +#: logsrvd/tls_client.c:209 plugins/sudoers/audit.c:276 +#: plugins/sudoers/iolog.c:963 plugins/sudoers/iolog.c:1096 +#: plugins/sudoers/iolog.c:1194 plugins/sudoers/log_client.c:116 +#: plugins/sudoers/log_client.c:332 plugins/sudoers/log_client.c:348 +#: plugins/sudoers/log_client.c:395 plugins/sudoers/log_client.c:599 +#: plugins/sudoers/log_client.c:606 plugins/sudoers/log_client.c:1131 +#: plugins/sudoers/log_client.c:1413 plugins/sudoers/log_client.c:1454 +#: plugins/sudoers/log_client.c:1462 plugins/sudoers/log_client.c:1618 +#: plugins/sudoers/log_client.c:1734 plugins/sudoers/log_client.c:2054 +#: plugins/sudoers/log_client.c:2062 plugins/sudoers/logging.c:142 +#: plugins/sudoers/logging.c:198 plugins/sudoers/sudoreplay.c:522 +#: plugins/sudoers/sudoreplay.c:569 plugins/sudoers/sudoreplay.c:811 +#: plugins/sudoers/sudoreplay.c:923 plugins/sudoers/sudoreplay.c:1014 +#: plugins/sudoers/sudoreplay.c:1029 plugins/sudoers/sudoreplay.c:1036 +#: plugins/sudoers/sudoreplay.c:1043 plugins/sudoers/sudoreplay.c:1050 +#: plugins/sudoers/sudoreplay.c:1057 plugins/sudoers/sudoreplay.c:1184 +msgid "unable to add event to queue" +msgstr "Event kann nicht zur Warteschlange hinzugefügt werden" + +#: logsrvd/logsrvd.c:441 logsrvd/logsrvd.c:478 logsrvd/logsrvd.c:510 +#: logsrvd/logsrvd.c:558 logsrvd/logsrvd.c:630 logsrvd/logsrvd.c:660 +#: logsrvd/logsrvd.c:690 logsrvd/logsrvd.c:720 logsrvd/logsrvd_relay.c:505 +#: logsrvd/logsrvd_relay.c:538 #, c-format -msgid "unable to find resume point [%lld, %ld] in %s/%s" -msgstr "Der Wiederaufsetz-Punkt [%lld, %ld] in %s/%s kann nicht gefunden werden" +msgid "unexpected state %d for %s" +msgstr "Unerwarteter Status %d für %s" # XXX geht das besser? -#: logsrvd/logsrvd.c:290 logsrvd/logsrvd.c:353 logsrvd/logsrvd.c:394 -#: logsrvd/logsrvd.c:449 logsrvd/logsrvd.c:517 logsrvd/logsrvd.c:568 -#: logsrvd/logsrvd.c:600 logsrvd/logsrvd.c:632 +#: logsrvd/logsrvd.c:442 logsrvd/logsrvd.c:479 logsrvd/logsrvd.c:511 +#: logsrvd/logsrvd.c:559 logsrvd/logsrvd.c:631 logsrvd/logsrvd.c:661 +#: logsrvd/logsrvd.c:691 logsrvd/logsrvd.c:721 logsrvd/logsrvd_relay.c:507 +#: logsrvd/logsrvd_relay.c:540 msgid "state machine error" msgstr "Fehler der State Machine" -#: logsrvd/logsrvd.c:299 +#: logsrvd/logsrvd.c:448 logsrvd/logsrvd.c:449 msgid "invalid AcceptMessage" msgstr "ungültige AcceptMessage" -#: logsrvd/logsrvd.c:307 -msgid "error parsing AcceptMessage" -msgstr "Fehler beim Parsen der AcceptMessage" - -#: logsrvd/logsrvd.c:314 -msgid "error creating I/O log" -msgstr "Fehler beim Erstellen des Ein-/Ausgabe-Protokolls" - -#: logsrvd/logsrvd.c:321 -msgid "error logging accept event" -msgstr "Fehler beim Protokolliereb des Accept-Events" - -#: logsrvd/logsrvd.c:362 +#: logsrvd/logsrvd.c:485 logsrvd/logsrvd.c:486 msgid "invalid RejectMessage" msgstr "ungültige RejectMessage" -#: logsrvd/logsrvd.c:370 -msgid "error parsing RejectMessage" -msgstr "Fehler beim Parsen der RejectMessage" - -#: logsrvd/logsrvd.c:376 -msgid "error logging reject event" -msgstr "Fehler beim Protokollieren des Reject-Events" - -#: logsrvd/logsrvd.c:486 +#: logsrvd/logsrvd.c:593 logsrvd/logsrvd.c:594 msgid "invalid AlertMessage" msgstr "ungültige AlertMessage" -#: logsrvd/logsrvd.c:494 -msgid "error parsing AlertMessage" -msgstr "Fehler beim Parsen der AlertMessage" - -#: logsrvd/logsrvd.c:502 -msgid "error logging alert event" -msgstr "Fehler beim Protokollieren des Alert-Events" +#: logsrvd/logsrvd.c:635 logsrvd/logsrvd.c:665 logsrvd/logsrvd.c:695 +#, c-format +msgid "%s: unexpected IoBuffer" +msgstr "%s: unerwarteter IoBuffer" -#: logsrvd/logsrvd.c:523 logsrvd/logsrvd.c:574 logsrvd/logsrvd.c:606 +#: logsrvd/logsrvd.c:636 logsrvd/logsrvd.c:666 logsrvd/logsrvd.c:696 msgid "protocol error" msgstr "Protokollfehler" -#: logsrvd/logsrvd.c:533 -msgid "error writing IoBuffer" -msgstr "Fehler beim Schreiben des IoBuffer" - -#: logsrvd/logsrvd.c:585 -msgid "error writing ChangeWindowSize" -msgstr "Fehler beim Schreiben der ChangeWindowSize" - -#: logsrvd/logsrvd.c:617 -msgid "error writing CommandSuspend" -msgstr "Fehler beim Schreiben des CommandSusped" +#: logsrvd/logsrvd.c:791 logsrvd/logsrvd_journal.c:357 +#: logsrvd/logsrvd_local.c:125 logsrvd/logsrvd_relay.c:671 +#, c-format +msgid "unexpected type_case value %d in %s from %s" +msgstr "unerwarteter type_case Wert %d in »%s« aus »%s«" -#: logsrvd/logsrvd.c:702 +#: logsrvd/logsrvd.c:793 msgid "unrecognized ClientMessage type" msgstr "unbekannter ClientMessage-Typ" -#: logsrvd/logsrvd.c:967 -msgid "client message too large" -msgstr "Client-Nachricht ist zu groß" - -#: logsrvd/logsrvd.c:1197 logsrvd/logsrvd.c:1205 -#, c-format -msgid "unable to set TLS 1.2 ciphersuite to %s: %s" -msgstr "Die TLS 1.2 Cyphersuite kann nicht auf »%s« gesetzt werden: %s" - -#: logsrvd/logsrvd.c:1225 logsrvd/logsrvd.c:1233 -#, c-format -msgid "unable to set TLS 1.3 ciphersuite to %s: %s" -msgstr "Die TLS 1.3 Cyphersuite kann nicht auf »%s« gesetzt werden: %s" - -#: logsrvd/logsrvd.c:1269 +#: logsrvd/logsrvd.c:883 #, c-format -msgid "unable to get TLS server method: %s" -msgstr "Kann die TLS Server Methode nicht bestimmen: %s" +msgid "timed out writing to client %s" +msgstr "Zeitablauf beim Senden zum Client %s" -#: logsrvd/logsrvd.c:1274 +#: logsrvd/logsrvd.c:888 logsrvd/logsrvd_relay.c:907 logsrvd/sendlog.c:1420 #, c-format -msgid "unable to create TLS context: %s" -msgstr "SSL-Kontext kann nicht erzeugt werden: %s" +msgid "missing write buffer for client %s" +msgstr "Schreib-Puffer fehlt für Client %s" -#: logsrvd/logsrvd.c:1281 plugins/sudoers/log_client.c:236 +#: logsrvd/logsrvd.c:981 #, c-format -msgid "unable to load certificate %s" -msgstr "Laden von Zertifikat »%s« fehlgeschlagen" +msgid "timed out reading from client %s" +msgstr "Zeitablauf beim Lesen vom Client %s" -#: logsrvd/logsrvd.c:1294 plugins/sudoers/log_client.c:216 +#: logsrvd/logsrvd.c:1022 logsrvd/logsrvd_relay.c:771 #, c-format -msgid "unable to load certificate authority bundle %s" -msgstr "Kann das CA-Bundle »%s« nicht laden" +msgid "EOF from %s without proper TLS shutdown" +msgstr "Dateiende (EOF) von %s ohne korrekten TLS-Abscluß" -#: logsrvd/logsrvd.c:1339 plugins/sudoers/log_client.c:249 +#: logsrvd/logsrvd.c:1065 logsrvd/logsrvd_relay.c:200 logsrvd/sendlog.c:317 +#: plugins/sudoers/log_client.c:709 #, c-format -msgid "unable to load private key %s" -msgstr "Laden des privaten Schlüssels »%s« fehlgeschlagen" +msgid "client message too large: %zu" +msgstr "Client-Nachricht ist zu groß: %zu" -#: logsrvd/logsrvd.c:1356 logsrvd/logsrvd.c:1365 -#, c-format -msgid "unable to set diffie-hellman parameters: %s" -msgstr "Kann die Diffie-Hellman Parameter nicht setzen: %s" +#: logsrvd/logsrvd.c:1066 logsrvd/logsrvd_journal.c:246 +#: logsrvd/logsrvd_journal.c:247 +msgid "client message too large" +msgstr "Client-Nachricht ist zu groß" -#: logsrvd/logsrvd.c:1378 -#, c-format -msgid "unable to set minimum protocol version to TLS 1.2: %s" -msgstr "Kann die minimale Protokollversion nicht auf TLS 1.2 setzen: %s" +#: logsrvd/logsrvd.c:1084 logsrvd/logsrvd.c:1085 +msgid "invalid ClientMessage" +msgstr "ungültige ClientMessage" -#: logsrvd/logsrvd.c:1563 +#: logsrvd/logsrvd.c:1386 msgid "unable to get remote IP addr" msgstr "Kann die entfernte IP-Adresse nicht finden" -#: logsrvd/logsrvd.c:1591 plugins/sudoers/log_client.c:263 +#: logsrvd/logsrvd.c:1415 logsrvd/tls_client.c:196 +#: plugins/sudoers/log_client.c:270 #, c-format msgid "Unable to attach user data to the ssl object: %s" msgstr "Kann die User-Daten nicht an das SSL-Objekt anhängen: %s" -#: logsrvd/logsrvd.c:1599 logsrvd/logsrvd.c:1721 logsrvd/logsrvd.c:1823 -#: logsrvd/sendlog.c:1125 logsrvd/sendlog.c:1481 logsrvd/sendlog.c:1496 -#: logsrvd/sendlog.c:1554 plugins/sudoers/iolog.c:956 -#: plugins/sudoers/iolog.c:1089 plugins/sudoers/iolog.c:1187 -#: plugins/sudoers/log_client.c:109 plugins/sudoers/log_client.c:324 -#: plugins/sudoers/log_client.c:340 plugins/sudoers/log_client.c:386 -#: plugins/sudoers/log_client.c:587 plugins/sudoers/log_client.c:594 -#: plugins/sudoers/log_client.c:1103 plugins/sudoers/log_client.c:1376 -#: plugins/sudoers/log_client.c:1417 plugins/sudoers/log_client.c:1425 -#: plugins/sudoers/log_client.c:1576 plugins/sudoers/log_client.c:1692 -#: plugins/sudoers/log_client.c:2007 plugins/sudoers/log_client.c:2015 -#: plugins/sudoers/sudoreplay.c:512 plugins/sudoers/sudoreplay.c:559 -#: plugins/sudoers/sudoreplay.c:791 plugins/sudoers/sudoreplay.c:903 -#: plugins/sudoers/sudoreplay.c:993 plugins/sudoers/sudoreplay.c:1008 -#: plugins/sudoers/sudoreplay.c:1015 plugins/sudoers/sudoreplay.c:1022 -#: plugins/sudoers/sudoreplay.c:1029 plugins/sudoers/sudoreplay.c:1036 -#: plugins/sudoers/sudoreplay.c:1163 -msgid "unable to add event to queue" -msgstr "Event kann nicht zur Warteschlange hinzugefügt werden" - -#: logsrvd/logsrvd.c:1775 logsrvd/logsrvd.c:2011 -msgid "unable setup listen socket" +#: logsrvd/logsrvd.c:1596 logsrvd/logsrvd.c:1949 +msgid "unable to setup listen socket" msgstr "Konnte keinen Socket zum »Lauschen« einrichten" -#: logsrvd/logsrvd.c:1917 logsrvd/sendlog.c:124 +#: logsrvd/logsrvd.c:1713 #, c-format -msgid "" -"%s - send sudo I/O log to remote server\n" -"\n" -msgstr "" -"%s - sende sudo I/O-Log zu einem entfernten Server\n" -"\n" +msgid "unexpected signal %d" +msgstr "unerwartete Signal %d" -#: logsrvd/logsrvd.c:1920 -msgid "" -"\n" -"Options:\n" -" -f, --file path to configuration file\n" -" -h --help display help message and exit\n" -" -n, --no-fork do not fork, run in the foreground\n" -" -R, --random-drop percent chance connections will drop\n" -" -V, --version display version information and exit\n" -msgstr "" -"\n" -"Optionen:\n" -" -f, --file\t\t gibt den Namen der Konfigurationsdatei an\n" -" -h, --help diese Hilfe anzeigen und beenden\n" -" -n, --no-fork im Vordergrund laufen\n" -" -R, --random-drop prozentuale Change, dass die Verbindung abbricht\n" -" -V, --version Versionsinformation anzeigen und beenden\n" +#: logsrvd/logsrvd.c:1851 +msgid "sudo log server" +msgstr "sudo Log-Server" + +#: logsrvd/logsrvd.c:1853 logsrvd/sendlog.c:116 +msgid "Options:" +msgstr "Optionen:" + +#: logsrvd/logsrvd.c:1855 +msgid "path to configuration file" +msgstr "Pfad zur Konfigurationsdatei" -#: logsrvd/logsrvd.c:1972 logsrvd/sendlog.c:1719 +#: logsrvd/logsrvd.c:1857 logsrvd/sendlog.c:118 +msgid "display help message and exit" +msgstr "Hilfe anzeigen und beenden" + +#: logsrvd/logsrvd.c:1859 +msgid "do not fork, run in the foreground" +msgstr "Nicht zum Hintergrundprozess werden, sondern im Vordergrund laufen" + +#: logsrvd/logsrvd.c:1861 +msgid "percent chance connections will drop" +msgstr "Wahrscheinlichkeit in Prozent für Verbindungsabbruch" + +#: logsrvd/logsrvd.c:1863 logsrvd/sendlog.c:148 +msgid "display version information and exit" +msgstr "Versionsinformation anzeigen und beenden" + +#: logsrvd/logsrvd.c:1913 logsrvd/sendlog.c:1725 msgid "Protobuf-C version 1.3 or higher required" msgstr "Protobuf-C Version 1.3 oder höher ist notwendig" -#: logsrvd/logsrvd.c:1990 +#: logsrvd/logsrvd.c:1929 #, c-format msgid "invalid random drop value: %s" msgstr "ungültiger Wert für »random drop«: %s" -#: logsrvd/logsrvd.c:1994 logsrvd/sendlog.c:1769 -#: plugins/sudoers/cvtsudoers.c:228 plugins/sudoers/sudoreplay.c:299 +#: logsrvd/logsrvd.c:1932 logsrvd/sendlog.c:1779 +#: plugins/sudoers/cvtsudoers.c:246 plugins/sudoers/sudoreplay.c:301 #: plugins/sudoers/visudo.c:177 #, c-format msgid "%s version %s\n" msgstr "%s Version %s\n" -#: logsrvd/logsrvd_conf.c:331 +#: logsrvd/logsrvd_conf.c:390 plugins/sudoers/check.c:336 +#: plugins/sudoers/exptilde.c:85 plugins/sudoers/iolog.c:118 +#: plugins/sudoers/policy.c:1214 plugins/sudoers/sudoers.c:486 +#: plugins/sudoers/sudoers.c:1347 plugins/sudoers/testsudoers.c:215 +#: plugins/sudoers/testsudoers.c:382 +#, c-format +msgid "unknown user %s" +msgstr "Unbekannter Benutzer %s" + +#: logsrvd/logsrvd_conf.c:407 plugins/sudoers/iolog.c:143 +#: plugins/sudoers/sudoers.c:491 plugins/sudoers/sudoers.c:1381 +#: plugins/sudoers/testsudoers.c:406 +#, c-format +msgid "unknown group %s" +msgstr "Unbekannte Gruppe %s" + +#: logsrvd/logsrvd_conf.c:425 +#, c-format +msgid "unable to parse iolog mode %s" +msgstr "Iolog mode %s kann nicht geparst werden" + +#: logsrvd/logsrvd_conf.c:442 logsrvd/logsrvd_conf.c:1171 +#, c-format +msgid "invalid value for %s: %s" +msgstr "Ungültiger Wert für %s: %s" + +#: logsrvd/logsrvd_conf.c:481 msgid "TLS not supported" msgstr "TLS ist nicht unterstützt" -#: logsrvd/logsrvd_conf.c:343 +#: logsrvd/logsrvd_conf.c:503 #, c-format msgid "%s:%s" msgstr "%s:%s" -#: logsrvd/logsrvd_conf.c:409 logsrvd/logsrvd_conf.c:653 +#: logsrvd/logsrvd_conf.c:576 logsrvd/logsrvd_conf.c:970 #, c-format msgid "%s: not a fully qualified path" msgstr "%s: ist kein voll qualifizierter Pfad" -#: logsrvd/logsrvd_conf.c:767 +#: logsrvd/logsrvd_conf.c:888 logsrvd/logsrvd_conf.c:904 +#: logsrvd/logsrvd_conf.c:1586 +#, c-format +msgid "unknown syslog facility %s" +msgstr "Unbekannte Syslog-Facility %s" + +#: logsrvd/logsrvd_conf.c:920 logsrvd/logsrvd_conf.c:936 +#: logsrvd/logsrvd_conf.c:952 logsrvd/logsrvd_conf.c:1590 +#: logsrvd/logsrvd_conf.c:1594 logsrvd/logsrvd_conf.c:1598 +#, c-format +msgid "unknown syslog priority %s" +msgstr "Unbekannte Syslog-Priorität %s" + +#: logsrvd/logsrvd_conf.c:1132 #, c-format msgid "%s:%d unmatched '[': %s" msgstr "%s: %d »[« ohne schliessende Klammer »]«: %s" -#: logsrvd/logsrvd_conf.c:778 +#: logsrvd/logsrvd_conf.c:1143 #, c-format msgid "%s:%d invalid config section: %s" msgstr "%s/%d Ungültiger Konfigurations-Abschnitt: %s" -#: logsrvd/logsrvd_conf.c:786 +#: logsrvd/logsrvd_conf.c:1151 #, c-format msgid "%s:%d invalid configuration line: %s" msgstr "%s/%d Ungültige Konfigurationszeile: %s" -#: logsrvd/logsrvd_conf.c:792 +#: logsrvd/logsrvd_conf.c:1157 #, c-format msgid "%s:%d expected section name: %s" msgstr "%s:%d erwartetder Section Name: %s" -#: logsrvd/logsrvd_conf.c:806 +#: logsrvd/logsrvd_conf.c:1179 #, c-format -msgid "invalid value for %s: %s" -msgstr "Ungültiger Wert für %s: %s" +msgid "%s:%d [%s] illegal key: %s" +msgstr "%s:%d [%s] ungültiger Schlüssel: %s" -#: logsrvd/logsrvd_conf.c:814 +#: logsrvd/logsrvd_conf.c:1209 plugins/sudoers/cvtsudoers.c:268 +#: plugins/sudoers/logging.c:856 #, c-format -msgid "%s:%d unknown key: %s" -msgstr "%s:%d unbekannter Schlüssel: %s" +msgid "unable to open log file %s" +msgstr "Die Protokolldatei kann nicht geöffnet werden %s" + +#: logsrvd/logsrvd_conf.c:1666 +msgid "unable to initialize server TLS context" +msgstr "Server-SSL-Kontext kann nicht initialisiert werden" + +#: logsrvd/logsrvd_conf.c:1686 +msgid "unable to initialize relay TLS context" +msgstr "SSL-Kontext kann nicht initialisiert werden" + +#: logsrvd/logsrvd_journal.c:136 logsrvd/logsrvd_journal.c:416 +#: logsrvd/logsrvd_journal.c:421 +msgid "unable to create journal file" +msgstr "Kann die Journal-Datei nicht anlegen" -#: logsrvd/logsrvd_conf.c:1003 +#: logsrvd/logsrvd_journal.c:140 logsrvd/logsrvd_queue.c:104 +#: plugins/sudoers/visudo.c:1007 #, c-format -msgid "unknown syslog facility %s" -msgstr "Unbekannte Syslog-Facility %s" +msgid "unable to lock %s" +msgstr "Die Datei »%s« kann nicht gesperrt werden" -#: logsrvd/logsrvd_conf.c:1007 logsrvd/logsrvd_conf.c:1011 -#: logsrvd/logsrvd_conf.c:1015 +#: logsrvd/logsrvd_journal.c:143 +msgid "unable to lock journal file" +msgstr "Die Journal-Datei »%s« kann nicht gesperrt werden" + +#: logsrvd/logsrvd_journal.c:151 +msgid "unable to open journal file" +msgstr "Die Journal-Datei kann nicht geöffnet werden" + +#: logsrvd/logsrvd_journal.c:172 logsrvd/logsrvd_journal.c:452 +#: logsrvd/logsrvd_journal.c:457 +msgid "unable to write journal file" +msgstr "In die Logdatei kann nicht geschrieben werden" + +#: logsrvd/logsrvd_journal.c:180 logsrvd/logsrvd_journal.c:187 +msgid "unable to rename journal file" +msgstr "Die Journal-Datei kann nicht geöffnet werden" + +#: logsrvd/logsrvd_journal.c:234 logsrvd/logsrvd_journal.c:235 +#: logsrvd/logsrvd_journal.c:269 logsrvd/logsrvd_journal.c:270 +msgid "unexpected EOF reading journal file" +msgstr "unerwartetes Dateiende beim Lesen der Journal-Datei" + +#: logsrvd/logsrvd_journal.c:238 logsrvd/logsrvd_journal.c:239 +#: logsrvd/logsrvd_journal.c:273 logsrvd/logsrvd_journal.c:274 +msgid "error reading journal file" +msgstr "Fehler beim Lesen der Journal-Datei" + +#: logsrvd/logsrvd_journal.c:285 logsrvd/logsrvd_journal.c:376 +msgid "invalid journal file, unable to restart" +msgstr "Ungültige Journal-Datei - kann nicht neu starten" + +#: logsrvd/logsrvd_journal.c:435 #, c-format -msgid "unknown syslog priority %s" -msgstr "Unbekannte Syslog-Priorität %s" +msgid "unable to seek to [%lld, %ld] in journal file %s" +msgstr "Kann nicht zu [%lld, %ld] in der Journaldatei »%s« springen" -#: logsrvd/sendlog.c:127 -msgid "" -"\n" -"Options:\n" -" --help display help message and exit\n" -" -A, --accept only send an accept event (no I/O)\n" -" -h, --host host to send logs to\n" -" -i, --iolog_id remote ID of I/O log to be resumed\n" -" -p, --port port to use when connecting to host\n" -" -r, --restart restart previous I/O log transfer\n" -" -R, --reject reject the command with the given reason\n" -" -b, --ca-bundle certificate bundle file to verify server's cert against\n" -" -c, --cert certificate file for TLS handshake\n" -" -k, --key private key file\n" -" -n, --no-verify do not verify server certificate\n" -" -t, --test test audit server by sending selected I/O log n times in parallel\n" -" -V, --version display version information and exit\n" -msgstr "" -"\n" -"Optionen:\n" -" --help zeige diese Nachricht und beenden\n" -" -A, --accept Sende nur einen »accept« Event (kein I/O)\n" -" -h, --host send Logs an diesen Server\n" -" -i, --iolog_id entfernte ID des I/O Logs zur Wiederaufnahme\n" -" -p, --port Port für die Verbindung zum Server\n" -" -r, --restart restarte vorhergegangene I/O Log Übertragung\n" -" -R, --reject Lehne das Kommando mit dem angegebenen Grund ab\n" -" -t, --test teste Audit Server mit dem Senden des ausgewählten I/O Logs mit Parallelität n\n" -" -b, --ca-bundle Zertificats-Bündel-Datei zum Prüfen des Server-Zertifikats\n" -" -c, --cert Zertifikatsdatei für TLS-Handshake\n" -" -k, --key Datei mit dem privaten Schlüssel\n" -" -n, --no-verify Server-Zertifikate nicht verifizieren\n" -" -t, --test teste Audit-Server durch Senden vom ausgewählem I/O-Protokoll n Mal parallel\n" -" -V, --version zeige Versioninformationen und beende\n" +#: logsrvd/logsrvd_local.c:153 +msgid "error parsing AcceptMessage" +msgstr "Fehler beim Parsen der AcceptMessage" + +#: logsrvd/logsrvd_local.c:164 +msgid "error creating I/O log" +msgstr "Fehler beim Erstellen des Ein-/Ausgabe-Protokolls" -#: logsrvd/sendlog.c:164 plugins/sudoers/log_client.c:432 +#: logsrvd/logsrvd_local.c:187 +msgid "error logging accept event" +msgstr "Fehler beim Protokolliereb des Accept-Events" + +#: logsrvd/logsrvd_local.c:226 +msgid "error parsing RejectMessage" +msgstr "Fehler beim Parsen der RejectMessage" + +#: logsrvd/logsrvd_local.c:250 +msgid "error logging reject event" +msgstr "Fehler beim Protokollieren des Reject-Events" + +#: logsrvd/logsrvd_local.c:386 logsrvd/logsrvd_local.c:394 +msgid "error logging exit event" +msgstr "Fehler beim Protokollieren des Exit-Events" + +#: logsrvd/logsrvd_local.c:451 logsrvd/logsrvd_local.c:452 +msgid "log is already complete, cannot be restarted" +msgstr "Das Log ist bereits abgeschlossen, kann nicht neu gestartet werden" + +#: logsrvd/logsrvd_local.c:482 +msgid "unable to restart log" +msgstr "Das Log konnte nicht wieder begonnen werden" + +#: logsrvd/logsrvd_local.c:498 +msgid "error parsing AlertMessage" +msgstr "Fehler beim Parsen der AlertMessage" + +#: logsrvd/logsrvd_local.c:508 +msgid "error logging alert event" +msgstr "Fehler beim Protokollieren des Alert-Events" + +#: logsrvd/logsrvd_local.c:543 logsrvd/logsrvd_local.c:596 +#: logsrvd/logsrvd_local.c:631 +#, c-format +msgid "unable to format timing buffer, length %d" +msgstr "Der Zeitstempel kann nicht formatiert werden, Länge %d" + +#: logsrvd/logsrvd_local.c:550 logsrvd/logsrvd_local.c:558 +#: logsrvd/logsrvd_local.c:603 logsrvd/logsrvd_local.c:638 +#: plugins/sudoers/sudoreplay.c:351 +#, c-format +msgid "%s/%s: %s" +msgstr "%s/%s: %s" + +#: logsrvd/logsrvd_local.c:578 +msgid "error writing IoBuffer" +msgstr "Fehler beim Schreiben des IoBuffer" + +#: logsrvd/logsrvd_local.c:613 +msgid "error writing ChangeWindowSize" +msgstr "Fehler beim Schreiben der ChangeWindowSize" + +#: logsrvd/logsrvd_local.c:648 +msgid "error writing CommandSuspend" +msgstr "Fehler beim Schreiben des CommandSusped" + +#: logsrvd/logsrvd_relay.c:430 +msgid "TLS handshake with relay host failed" +msgstr "TLS-Handshake mit dem Relay-Host fehlgeschlagen" + +#: logsrvd/logsrvd_relay.c:458 +msgid "unable to connect to relay host" +msgstr "Verbindung zum Relay-Host kann nicht aufgebaut werden" + +#: logsrvd/logsrvd_relay.c:513 +#, c-format +msgid "%s: invalid ServerHello, missing server_id" +msgstr "%s: ungültiges ServerHello, fehlende server_id" + +#: logsrvd/logsrvd_relay.c:515 logsrvd/sendlog.c:1121 +#: plugins/sudoers/log_client.c:1497 +msgid "invalid ServerHello" +msgstr "ungültiges ServerHello" + +#: logsrvd/logsrvd_relay.c:674 +msgid "unrecognized ServerMessage type" +msgstr "unbekannter ServerMessage-Typ" + +#: logsrvd/logsrvd_relay.c:703 +#, c-format +msgid "timed out reading from relay %s (%s)" +msgstr "Zeitablauf beim Lesen vom Relay-Server »%s« (%s)" + +#: logsrvd/logsrvd_relay.c:705 +msgid "timeout reading from relay" +msgstr "Zeitablauf beim Lesen vom Relay-Server" + +#: logsrvd/logsrvd_relay.c:757 +msgid "relay host name does not match certificate" +msgstr "Der Name des Relay-Hosts passt nicht zum Zertifikat" + +#: logsrvd/logsrvd_relay.c:763 logsrvd/logsrvd_relay.c:776 +#: logsrvd/logsrvd_relay.c:782 +msgid "error reading from relay" +msgstr "Fehler beim Lesen vom Relay-Host" + +#: logsrvd/logsrvd_relay.c:803 +msgid "unable to read from relay" +msgstr "Vom Relay-Server kann nicht gelesen werden" + +#: logsrvd/logsrvd_relay.c:818 logsrvd/logsrvd_relay.c:936 +msgid "relay server closed connection" +msgstr "Der Relay-Server hat die Verbindung geschlossen" + +#: logsrvd/logsrvd_relay.c:836 +msgid "server message too large" +msgstr "Server-Nachricht ist zu groß" + +#: logsrvd/logsrvd_relay.c:900 +#, c-format +msgid "timed out writing to relay %s (%s)" +msgstr "Zeitablauf beim Senden an den Relay-Server »%s« (%s)" + +#: logsrvd/logsrvd_relay.c:902 +msgid "timeout writing to relay" +msgstr "Zeitablauf beim Senden an den Relay-Server" + +#: logsrvd/logsrvd_relay.c:955 logsrvd/logsrvd_relay.c:961 +#: logsrvd/logsrvd_relay.c:971 +msgid "error writing to relay" +msgstr "Fehler beim Schreiben des zum Relay-Server" + +#: logsrvd/sendlog.c:114 +msgid "send sudo I/O log to remote server" +msgstr "sende sudo I/O-Log zu einem entfernten Server" + +#: logsrvd/sendlog.c:120 +msgid "only send an accept event (no I/O)" +msgstr "Nur einen Accept-Event senden (kein I/O)" + +#: logsrvd/sendlog.c:123 +msgid "certificate bundle file to verify server's cert against" +msgstr "Zertifikatsbündel-Datei zur Verifikation des Server-Zertifikats" + +#: logsrvd/sendlog.c:125 +msgid "certificate file for TLS handshake" +msgstr "Zertifikatsdatei für TLS-Handshake" + +#: logsrvd/sendlog.c:128 +msgid "host to send logs to" +msgstr "Rechner an den die Logs gesendet werden" + +#: logsrvd/sendlog.c:130 +msgid "remote ID of I/O log to be resumed" +msgstr "Entfernte ID des I/O-Logs zum Wiederaufnehmen" + +#: logsrvd/sendlog.c:133 +msgid "private key file" +msgstr "Private Schlüsseldatei" + +#: logsrvd/sendlog.c:135 +msgid "do not verify server certificate" +msgstr "Serverzertifikat nicht überprüfen" + +#: logsrvd/sendlog.c:138 +msgid "port to use when connecting to host" +msgstr "Portnummer für die Verbindung zum Host" + +#: logsrvd/sendlog.c:140 +msgid "restart previous I/O log transfer" +msgstr "Restarte die vorhergehende I/O-Log Übertragung" + +#: logsrvd/sendlog.c:142 +msgid "reject the command with the given reason" +msgstr "Weise das Kommando mit dem angegebenen Grund zurück" + +#: logsrvd/sendlog.c:144 +msgid "stop transfer after reaching this time" +msgstr "Beende den Transfer nach Erreichen dieser Zeit" + +#: logsrvd/sendlog.c:146 +msgid "test audit server by sending selected I/O log n times in parallel" +msgstr "Teste den Audit-Server durch senden ausgewählter I/O-Logs n-Mal parallel" + +#: logsrvd/sendlog.c:171 plugins/sudoers/log_client.c:441 #, c-format msgid "unable to look up %s:%s: %s" msgstr "Fehler beim Lookup %s:%s: %s" -#: logsrvd/sendlog.c:202 +#: logsrvd/sendlog.c:209 msgid "unable to get server IP addr" msgstr "Kann die Server IP-Adresse nicht finden" -#: logsrvd/sendlog.c:256 plugins/sudoers/sudoreplay.c:851 +#: logsrvd/sendlog.c:295 plugins/sudoers/sudoreplay.c:871 #, c-format msgid "unable to read %s/%s: %s" msgstr "Fehler beim Lesen %s/%s: %s" -#: logsrvd/sendlog.c:277 plugins/sudoers/log_client.c:694 -#, c-format -msgid "client message too large: %zu" -msgstr "Client-Nachricht ist zu groß: %zu" - -#: logsrvd/sendlog.c:810 -#, c-format -msgid "%s: write buffer already in use" -msgstr "%s: Schreib-Puffer wird bereits verwendet" - -#: logsrvd/sendlog.c:862 plugins/sudoers/iolog.c:880 -#: plugins/sudoers/iolog.c:949 +#: logsrvd/sendlog.c:1045 plugins/sudoers/iolog.c:887 +#: plugins/sudoers/iolog.c:956 #, c-format msgid "unexpected I/O event %d" msgstr "unerwarteter I/O Event %d" -#: logsrvd/sendlog.c:908 logsrvd/sendlog.c:925 logsrvd/sendlog.c:959 -#: plugins/sudoers/log_client.c:1118 plugins/sudoers/log_client.c:1386 -#: plugins/sudoers/log_client.c:1454 plugins/sudoers/log_client.c:1490 +#: logsrvd/sendlog.c:1098 logsrvd/sendlog.c:1115 logsrvd/sendlog.c:1149 +#: plugins/sudoers/log_client.c:1146 plugins/sudoers/log_client.c:1423 +#: plugins/sudoers/log_client.c:1491 plugins/sudoers/log_client.c:1530 #, c-format msgid "%s: unexpected state %d" msgstr "%s: unerwarteter Status %d" -#: logsrvd/sendlog.c:931 plugins/sudoers/log_client.c:1460 -msgid "invalid ServerHello" -msgstr "ungültiges ServerHello" - -#: logsrvd/sendlog.c:995 plugins/sudoers/log_client.c:1534 +#: logsrvd/sendlog.c:1185 plugins/sudoers/log_client.c:1576 #, c-format msgid "error message received from server: %s" msgstr "Fehler beim Empfangen der Nachricht vom Server: %s" -#: logsrvd/sendlog.c:1008 plugins/sudoers/log_client.c:1547 +#: logsrvd/sendlog.c:1198 plugins/sudoers/log_client.c:1589 #, c-format msgid "abort message received from server: %s" msgstr "Abbruch-Nachricht vom Server empfangen: %s" -#: logsrvd/sendlog.c:1027 plugins/sudoers/log_client.c:1566 -msgid "unable to unpack ServerMessage" -msgstr "Kann die ServerNessage nicht auspacken" - -#: logsrvd/sendlog.c:1067 plugins/sudoers/log_client.c:1597 +#: logsrvd/sendlog.c:1257 plugins/sudoers/log_client.c:1639 #, c-format msgid "%s: unexpected type_case value %d" msgstr "%s: unerwarteter type_case Wert %d" -#: logsrvd/sendlog.c:1096 +#: logsrvd/sendlog.c:1286 msgid "timeout reading from server" msgstr "Zeitablauf beim Lesen vom Server" -#: logsrvd/sendlog.c:1174 +#: logsrvd/sendlog.c:1368 msgid "premature EOF" msgstr "unerwartetes Datei-Ende" -#: logsrvd/sendlog.c:1187 plugins/sudoers/log_client.c:1751 +#: logsrvd/sendlog.c:1381 plugins/sudoers/log_client.c:1800 #, c-format msgid "server message too large: %u" msgstr "Server-Nachricht ist zu groß: %u" -#: logsrvd/sendlog.c:1238 +#: logsrvd/sendlog.c:1437 msgid "timeout writing to server" msgstr "Zeitablauf beim Senden an den Server" -#: logsrvd/sendlog.c:1457 plugins/sudoers/log_client.c:296 +#: logsrvd/sendlog.c:1802 +msgid "both restart point and iolog ID must be specified" +msgstr "Sowohl Restart-Punkt als auch die I/O-Log ID sind notwendig" + +#: logsrvd/sendlog.c:1806 +msgid "a restart point may not be set when no I/O is sent" +msgstr "Ein Restart-Punkt kann nicht angegeben werden, wenn keine Ein/Ausgabe gesendet ist." + +#: logsrvd/sendlog.c:1882 +#, c-format +msgid "exited prematurely with state %d" +msgstr "Vorzeitig beendet mit Status %d" + +#: logsrvd/sendlog.c:1883 +#, c-format +msgid "elapsed time sent to server [%lld, %ld]" +msgstr "Abgelaufene Zeit zum Server gesendet [%lld, %ld]" + +#: logsrvd/sendlog.c:1885 +#, c-format +msgid "commit point received from server [%lld, %ld]" +msgstr "Commit Punkt vom Server empfangen [%lld, %ld]" + +#: logsrvd/tls_client.c:106 plugins/sudoers/log_client.c:304 msgid "TLS handshake timeout occurred" msgstr "Timeout beim TLS-Handshake erreicht" -#: logsrvd/sendlog.c:1476 logsrvd/sendlog.c:1491 -#: plugins/sudoers/log_client.c:318 plugins/sudoers/log_client.c:334 +#: logsrvd/tls_client.c:126 logsrvd/tls_client.c:142 +#: plugins/sudoers/log_client.c:326 plugins/sudoers/log_client.c:342 msgid "unable to set event" msgstr "Konnte den Event nicht setzen" -#: logsrvd/sendlog.c:1501 logsrvd/sendlog.c:1505 +#: logsrvd/tls_client.c:152 logsrvd/tls_client.c:156 #, c-format msgid "TLS connection failed: %s" msgstr "TLS-Kommunikation fehlgeschlagen: %s" -#: logsrvd/sendlog.c:1538 -#, c-format -msgid "Unable to initialize ssl context: %s" -msgstr "SSL-Kontext kann nicht initialisiert werden: %s" - -#: logsrvd/sendlog.c:1543 plugins/sudoers/log_client.c:258 +#: logsrvd/tls_client.c:190 #, c-format -msgid "Unable to allocate ssl object: %s" +msgid "unable to allocate ssl object: %s" msgstr "Kann kein SSL-Objekt anlegen: %s" -#: logsrvd/sendlog.c:1548 +#: logsrvd/tls_client.c:203 #, c-format msgid "Unable to attach socket to the ssl object: %s" msgstr "Kann den Socket nicht an das SSL-Objekt anhängen: %s" -#: logsrvd/sendlog.c:1792 -msgid "both restart point and iolog ID must be specified" -msgstr "Sowohl Restart-Punkt als auch die I/O-Log ID sind notwendig" +#: logsrvd/tls_client.c:231 +msgid "unable to initialize TLS context" +msgstr "SSL-Kontext kann nicht initialisiert werden" -#: logsrvd/sendlog.c:1796 -msgid "a restart point may not be set when no I/O is sent" -msgstr "Ein Restart-Punkt kann nicht angegeben werden, wenn keine Ein/Ausgabe gesendet ist." +#: logsrvd/tls_init.c:127 logsrvd/tls_init.c:135 +#, c-format +msgid "unable to set TLS 1.2 ciphersuite to %s: %s" +msgstr "Die TLS 1.2 Cyphersuite kann nicht auf »%s« gesetzt werden: %s" -#: logsrvd/sendlog.c:1871 +#: logsrvd/tls_init.c:155 logsrvd/tls_init.c:163 #, c-format -msgid "exited prematurely with state %d" -msgstr "Vorzeitig beendet mit Status %d" +msgid "unable to set TLS 1.3 ciphersuite to %s: %s" +msgstr "Die TLS 1.3 Cyphersuite kann nicht auf »%s« gesetzt werden: %s" -#: logsrvd/sendlog.c:1872 +#: logsrvd/tls_init.c:195 logsrvd/tls_init.c:216 #, c-format -msgid "elapsed time sent to server [%lld, %ld]" -msgstr "Abgelaufene Zeit zum Server gesendet [%lld, %ld]" +msgid "unable to set diffie-hellman parameters: %s" +msgstr "Kann die Diffie-Hellman Parameter nicht setzen: %s" -#: logsrvd/sendlog.c:1874 +#: logsrvd/tls_init.c:272 #, c-format -msgid "commit point received from server [%lld, %ld]" -msgstr "Commit Punkt vom Server empfangen [%lld, %ld]" +msgid "unable to create TLS context: %s" +msgstr "SSL-Kontext kann nicht erzeugt werden: %s" -#: plugins/sudoers/alias.c:148 +#: logsrvd/tls_init.c:278 #, c-format -msgid "Alias \"%s\" already defined" -msgstr "Alias »%s« ist bereits definiert" +msgid "unable to set minimum protocol version to TLS 1.2: %s" +msgstr "Kann die minimale Protokollversion nicht auf TLS 1.2 setzen: %s" -#: plugins/sudoers/audit.c:206 plugins/sudoers/audit.c:343 -#: plugins/sudoers/log_client.c:954 plugins/sudoers/log_client.c:1002 -#: plugins/sudoers/log_client.c:1050 plugins/sudoers/log_client.c:1175 -#: plugins/sudoers/logging.c:548 plugins/sudoers/policy.c:114 +#: plugins/sudoers/audit.c:267 plugins/sudoers/audit.c:419 +#: plugins/sudoers/log_client.c:979 plugins/sudoers/log_client.c:1028 +#: plugins/sudoers/log_client.c:1077 plugins/sudoers/log_client.c:1203 +#: plugins/sudoers/logging.c:551 plugins/sudoers/logging.c:648 +#: plugins/sudoers/logging.c:810 plugins/sudoers/policy.c:123 msgid "unable to get time of day" msgstr "Die aktuelle Zeit kann nicht ausgelesen werden" @@ -916,45 +1346,45 @@ msgid "unable to change password for %s" msgstr "Das Passwort für %s« kann nicht geändert werden" -#: plugins/sudoers/auth/bsdauth.c:70 +#: plugins/sudoers/auth/bsdauth.c:74 #, c-format msgid "unable to get login class for user %s" msgstr "Die Anmeldeklasse des Benutzers »%s« kann nicht gelesen werden" -#: plugins/sudoers/auth/bsdauth.c:75 +#: plugins/sudoers/auth/bsdauth.c:79 msgid "unable to begin bsd authentication" msgstr "Die BSD-Authentifizierung kann nicht begonnen werden" -#: plugins/sudoers/auth/bsdauth.c:83 +#: plugins/sudoers/auth/bsdauth.c:87 msgid "invalid authentication type" msgstr "Ungültiger Authentifizierungstyp" -#: plugins/sudoers/auth/bsdauth.c:92 +#: plugins/sudoers/auth/bsdauth.c:96 msgid "unable to initialize BSD authentication" msgstr "Die BSD-Authentifizierung kann nicht begonnen werden" -#: plugins/sudoers/auth/bsdauth.c:179 +#: plugins/sudoers/auth/bsdauth.c:183 msgid "your account has expired" msgstr "Ihr Account ist abgelaufen" -#: plugins/sudoers/auth/bsdauth.c:181 +#: plugins/sudoers/auth/bsdauth.c:185 msgid "approval failed" msgstr "Genehmigung fehlgeschlagen" -#: plugins/sudoers/auth/fwtk.c:54 +#: plugins/sudoers/auth/fwtk.c:58 msgid "unable to read fwtk config" msgstr "Die fwtk-Konfiguration kann nicht gelesen werden" -#: plugins/sudoers/auth/fwtk.c:59 +#: plugins/sudoers/auth/fwtk.c:63 msgid "unable to connect to authentication server" msgstr "Verbindung zum Authentifizierungsserver kann nicht aufgebaut werden" -#: plugins/sudoers/auth/fwtk.c:65 plugins/sudoers/auth/fwtk.c:89 -#: plugins/sudoers/auth/fwtk.c:121 +#: plugins/sudoers/auth/fwtk.c:69 plugins/sudoers/auth/fwtk.c:94 +#: plugins/sudoers/auth/fwtk.c:126 msgid "lost connection to authentication server" msgstr "Verbindung zum Authentisierungsserver verloren" -#: plugins/sudoers/auth/fwtk.c:69 +#: plugins/sudoers/auth/fwtk.c:73 #, c-format msgid "" "authentication server error:\n" @@ -968,84 +1398,84 @@ msgid "%s: unable to convert principal to string ('%s'): %s" msgstr "%s: Principal kann nicht in eine Zeichenkette umgewandelt werden (»%s«): %s" -#: plugins/sudoers/auth/kerb5.c:160 +#: plugins/sudoers/auth/kerb5.c:162 #, c-format msgid "%s: unable to parse '%s': %s" msgstr "%s: »%s« kann nicht ausgewertet werden: %s" # XXX check source? -#: plugins/sudoers/auth/kerb5.c:169 +#: plugins/sudoers/auth/kerb5.c:171 #, c-format msgid "%s: unable to resolve credential cache: %s" msgstr "%s: Anmeldedaten-Zwischenspeicher kann nicht aufgelöst werden: %s" -#: plugins/sudoers/auth/kerb5.c:216 +#: plugins/sudoers/auth/kerb5.c:220 #, c-format msgid "%s: unable to allocate options: %s" msgstr "%s: Optionen können nicht zugewiesen werden: %s" -#: plugins/sudoers/auth/kerb5.c:231 +#: plugins/sudoers/auth/kerb5.c:235 #, c-format msgid "%s: unable to get credentials: %s" msgstr "%s: Anmeldedaten können nicht bekommen werden: %s" -#: plugins/sudoers/auth/kerb5.c:244 +#: plugins/sudoers/auth/kerb5.c:248 #, c-format msgid "%s: unable to initialize credential cache: %s" msgstr "%s: Anmeldedaten-Zwischenspeicher kann nicht initialisiert werden: %s" -#: plugins/sudoers/auth/kerb5.c:247 +#: plugins/sudoers/auth/kerb5.c:251 #, c-format msgid "%s: unable to store credential in cache: %s" msgstr "%s: Anmeldedaten können nicht im Zwischenspeicher abgelegt werden: %s" -#: plugins/sudoers/auth/kerb5.c:311 +#: plugins/sudoers/auth/kerb5.c:315 #, c-format msgid "%s: unable to get host principal: %s" msgstr "%s: Rechner-Principal kann nicht bekommen werden: %s" -#: plugins/sudoers/auth/kerb5.c:325 +#: plugins/sudoers/auth/kerb5.c:329 #, c-format msgid "%s: Cannot verify TGT! Possible attack!: %s" msgstr "%s: TGT kann nicht verifiziert werden! Möglicher Angriff!: %s" -#: plugins/sudoers/auth/pam.c:218 +#: plugins/sudoers/auth/pam.c:216 #, c-format msgid "unable to initialize PAM: %s" msgstr "PAM kann nicht initialisiert werden: %s" -#: plugins/sudoers/auth/pam.c:317 +#: plugins/sudoers/auth/pam.c:338 #, c-format msgid "PAM authentication error: %s" msgstr "Fehler bei der PAM-Authentifizierung: %s" -#: plugins/sudoers/auth/pam.c:336 +#: plugins/sudoers/auth/pam.c:357 msgid "account validation failure, is your account locked?" msgstr "Fehler bei der Validierung des Kontos, ist das Konto gesperrt?" -#: plugins/sudoers/auth/pam.c:347 +#: plugins/sudoers/auth/pam.c:368 msgid "Account or password is expired, reset your password and try again" msgstr "Konto oder Passwort ist abgelaufen, bitte Passwort zurücksetzen und nochmal probieren" -#: plugins/sudoers/auth/pam.c:353 +#: plugins/sudoers/auth/pam.c:374 #, c-format msgid "unable to change expired password: %s" msgstr "Das abgelaufene Passwort kann nicht geändert werden: %s«" -#: plugins/sudoers/auth/pam.c:364 +#: plugins/sudoers/auth/pam.c:385 msgid "Password expired, contact your system administrator" msgstr "Das Passwort ist abgelaufen, bitte wenden Sie sich an den Systemadministrator" -#: plugins/sudoers/auth/pam.c:369 +#: plugins/sudoers/auth/pam.c:390 msgid "Account expired or PAM config lacks an \"account\" section for sudo, contact your system administrator" msgstr "Das Konto ist abgelaufen oder in der PAM-Konfiguration fehlt der »account«-Abschnitt für sudo. Bitte wenden Sie sich an den Systemadministrator" -#: plugins/sudoers/auth/pam.c:377 plugins/sudoers/auth/pam.c:382 +#: plugins/sudoers/auth/pam.c:398 plugins/sudoers/auth/pam.c:403 #, c-format msgid "PAM account management error: %s" msgstr "Fehler beim PAM-Account-Management: %s" -#: plugins/sudoers/auth/rfc1938.c:99 plugins/sudoers/visudo.c:243 +#: plugins/sudoers/auth/rfc1938.c:99 plugins/sudoers/visudo.c:255 #, c-format msgid "you do not exist in the %s database" msgstr "Der Benutzer existiert in der %s-Datenbank nicht" @@ -1054,31 +1484,31 @@ msgid "failed to initialise the ACE API library" msgstr "Die ACE-API-Bibliothek konnte nicht initialisiert werden" -#: plugins/sudoers/auth/securid5.c:98 +#: plugins/sudoers/auth/securid5.c:103 msgid "unable to contact the SecurID server" msgstr "SecurID-Server kann nicht erreicht werden" -#: plugins/sudoers/auth/securid5.c:107 +#: plugins/sudoers/auth/securid5.c:112 msgid "User ID locked for SecurID Authentication" msgstr "Benutzer-ID ist für SecurID-Authentifizierung gesperrt" -#: plugins/sudoers/auth/securid5.c:111 plugins/sudoers/auth/securid5.c:162 +#: plugins/sudoers/auth/securid5.c:116 plugins/sudoers/auth/securid5.c:167 msgid "invalid username length for SecurID" msgstr "Ungültige Länge des Benutzernamens für SecurID" -#: plugins/sudoers/auth/securid5.c:115 plugins/sudoers/auth/securid5.c:167 +#: plugins/sudoers/auth/securid5.c:120 plugins/sudoers/auth/securid5.c:172 msgid "invalid Authentication Handle for SecurID" msgstr "Ungültiges Authentifizierungs-Handle für SecurID" -#: plugins/sudoers/auth/securid5.c:119 +#: plugins/sudoers/auth/securid5.c:124 msgid "SecurID communication failed" msgstr "SecurID-Kommunikation fehlgeschlagen" -#: plugins/sudoers/auth/securid5.c:123 plugins/sudoers/auth/securid5.c:210 +#: plugins/sudoers/auth/securid5.c:128 plugins/sudoers/auth/securid5.c:215 msgid "unknown SecurID error" msgstr "Unbekannter SecurID-Fehler" -#: plugins/sudoers/auth/securid5.c:157 +#: plugins/sudoers/auth/securid5.c:162 msgid "invalid passcode length for SecurID" msgstr "Ungültige Länge des Passcodes für SecurID" @@ -1118,7 +1548,17 @@ msgid "unable to commit audit record" msgstr "Audit-Satz kann nicht auf Platte geschrieben werden" -#: plugins/sudoers/check.c:258 +#: plugins/sudoers/check.c:264 +#, c-format +msgid "error reading lecture file %s" +msgstr "Fehler beim Lesen der Belehrungsdatei %s" + +#: plugins/sudoers/check.c:270 +#, c-format +msgid "ignoring lecture file %s: not a regular file" +msgstr "Ignoriere Belehrungsdatei %s: es ist keine reguläre Datei" + +#: plugins/sudoers/check.c:283 msgid "" "\n" "We trust you have received the usual lecture from the local System\n" @@ -1138,118 +1578,122 @@ " #3) Mit großer Macht kommt große Verantwortung.\n" "\n" -#: plugins/sudoers/check.c:301 plugins/sudoers/check.c:311 -#: plugins/sudoers/sudoers.c:837 plugins/sudoers/sudoers.c:858 +#: plugins/sudoers/check.c:331 plugins/sudoers/check.c:341 +#: plugins/sudoers/sudoers.c:885 plugins/sudoers/sudoers.c:906 #: plugins/sudoers/tsdump.c:119 #, c-format -msgid "unknown uid: %u" -msgstr "Unbekannte Benutzer-ID: %u" +msgid "unknown uid %u" +msgstr "Unbekannte Benutzer-ID %u" + +#: plugins/sudoers/check_aliases.c:92 +#, c-format +msgid "Error: %s:%d:%d: cycle in %s \"%s\"" +msgstr "Fehler: %s:%d:%d: Zyklus in %s »%s«" + +#: plugins/sudoers/check_aliases.c:93 +#, c-format +msgid "Warning: %s:%d:%d: cycle in %s \"%s\"" +msgstr "Warnung: %s:%d:%d: Zyklus in %s »%s«" -#: plugins/sudoers/check.c:306 plugins/sudoers/exptilde.c:85 -#: plugins/sudoers/iolog.c:118 plugins/sudoers/policy.c:1088 -#: plugins/sudoers/sudoers.c:440 plugins/sudoers/sudoers.c:1307 -#: plugins/sudoers/testsudoers.c:219 plugins/sudoers/testsudoers.c:386 +#: plugins/sudoers/check_aliases.c:97 #, c-format -msgid "unknown user: %s" -msgstr "Unbekannter Benutzer: %s" +msgid "Error: %s:%d:%d: %s \"%s\" referenced but not defined" +msgstr "Fehler: %s:%d:%d: %s »%s« wird verwendet, ist aber nicht definiert" -#: plugins/sudoers/cvtsudoers.c:194 +#: plugins/sudoers/check_aliases.c:98 +#, c-format +msgid "Warning: %s:%d:%d: %s \"%s\" referenced but not defined" +msgstr "Warnung: %s:%d:%d: %s »%s« wird verwendet, ist aber nicht definiert" + +#: plugins/sudoers/cvtsudoers.c:209 #, c-format msgid "order increment: %s: %s" msgstr "Schrittgröße: %s: %s" -#: plugins/sudoers/cvtsudoers.c:210 +#: plugins/sudoers/cvtsudoers.c:228 #, c-format msgid "starting order: %s: %s" msgstr "Start der Folge: %s: %s" -#: plugins/sudoers/cvtsudoers.c:220 +#: plugins/sudoers/cvtsudoers.c:238 #, c-format msgid "order padding: %s: %s" msgstr "Auffüllen der Folge: %s: %s" -#: plugins/sudoers/cvtsudoers.c:230 plugins/sudoers/visudo.c:179 +#: plugins/sudoers/cvtsudoers.c:248 plugins/sudoers/visudo.c:179 #, c-format msgid "%s grammar version %d\n" msgstr "%s-Grammatik Version %d\n" -#: plugins/sudoers/cvtsudoers.c:247 plugins/sudoers/testsudoers.c:167 +#: plugins/sudoers/cvtsudoers.c:277 plugins/sudoers/testsudoers.c:159 #, c-format msgid "unsupported input format %s" msgstr "Nicht unterstütztes Eingabeformat %s" -#: plugins/sudoers/cvtsudoers.c:262 +#: plugins/sudoers/cvtsudoers.c:295 #, c-format msgid "unsupported output format %s" msgstr "Nicht unterstütztes Ausgabeformat %s" -#: plugins/sudoers/cvtsudoers.c:314 +#: plugins/sudoers/cvtsudoers.c:385 #, c-format msgid "%s: input and output files must be different" msgstr "%s: Eingabe- und Ausgabedatei müssen unterschiedlich sein" -#: plugins/sudoers/cvtsudoers.c:330 plugins/sudoers/sudoers.c:178 -#: plugins/sudoers/testsudoers.c:258 plugins/sudoers/visudo.c:249 -#: plugins/sudoers/visudo.c:603 plugins/sudoers/visudo.c:926 +#: plugins/sudoers/cvtsudoers.c:399 plugins/sudoers/sudoers.c:159 +#: plugins/sudoers/sudoers.c:205 plugins/sudoers/testsudoers.c:254 +#: plugins/sudoers/visudo.c:261 plugins/sudoers/visudo.c:620 +#: plugins/sudoers/visudo.c:953 msgid "unable to initialize sudoers default values" msgstr "Standardwerte für sudoers können nicht initialisiert werden" -#: plugins/sudoers/cvtsudoers.c:416 plugins/sudoers/ldap_conf.c:431 +#: plugins/sudoers/cvtsudoers.c:522 plugins/sudoers/ldap_conf.c:431 #, c-format msgid "%s: %s: %s: %s" msgstr "%s: %s: %s: %s" -#: plugins/sudoers/cvtsudoers.c:475 +#: plugins/sudoers/cvtsudoers.c:581 #, c-format -msgid "%s: unknown key word: %s" -msgstr "%s: unbekanntes Schlüsselwort: %s" +msgid "%s: unknown key word %s" +msgstr "%s: unbekanntes Schlüsselwort %s" -#: plugins/sudoers/cvtsudoers.c:521 +#: plugins/sudoers/cvtsudoers.c:627 #, c-format msgid "invalid defaults type: %s" msgstr "Ungültiger Standardtyp: %s" -#: plugins/sudoers/cvtsudoers.c:544 +#: plugins/sudoers/cvtsudoers.c:650 #, c-format msgid "invalid suppression type: %s" msgstr "ungültiger suppression Typ: %s" -#: plugins/sudoers/cvtsudoers.c:584 plugins/sudoers/cvtsudoers.c:598 +#: plugins/sudoers/cvtsudoers.c:691 plugins/sudoers/cvtsudoers.c:707 #, c-format msgid "invalid filter: %s" msgstr "Ungültiger Filter: %s" -#: plugins/sudoers/cvtsudoers.c:617 plugins/sudoers/cvtsudoers.c:634 -#: plugins/sudoers/cvtsudoers.c:1244 plugins/sudoers/cvtsudoers_json.c:872 -#: plugins/sudoers/cvtsudoers_ldif.c:688 plugins/sudoers/sudoers.c:1053 -#: plugins/sudoers/sudoreplay.c:1435 plugins/sudoers/timestamp.c:441 -#: plugins/sudoers/tsdump.c:128 plugins/sudoers/visudo.c:922 -#, c-format -msgid "unable to open %s" -msgstr "Die Datei »%s« kann nicht geöffnet werden" - -#: plugins/sudoers/cvtsudoers.c:637 plugins/sudoers/visudo.c:931 +#: plugins/sudoers/cvtsudoers.c:751 plugins/sudoers/visudo.c:958 #, c-format msgid "failed to parse %s file, unknown error" msgstr "Analyse der Datei %s gescheitert, unbekannter Fehler" -#: plugins/sudoers/cvtsudoers.c:645 +#: plugins/sudoers/cvtsudoers.c:759 #, c-format msgid "parse error in %s near line %d\n" msgstr "Analysefehler in %s nahe Zeile %d\n" -#: plugins/sudoers/cvtsudoers.c:648 +#: plugins/sudoers/cvtsudoers.c:762 #, c-format msgid "parse error in %s\n" msgstr "Analysefehler in %s\n" -#: plugins/sudoers/cvtsudoers.c:1291 plugins/sudoers/sudoreplay.c:1124 -#: plugins/sudoers/timestamp.c:325 plugins/sudoers/timestamp.c:328 +#: plugins/sudoers/cvtsudoers.c:1486 plugins/sudoers/sudoreplay.c:1145 +#: plugins/sudoers/timestamp.c:317 plugins/sudoers/timestamp.c:320 #, c-format msgid "unable to write to %s" msgstr "In die Datei »%s« kann nicht geschrieben werden" -#: plugins/sudoers/cvtsudoers.c:1314 +#: plugins/sudoers/cvtsudoers.c:1509 #, c-format msgid "" "%s - convert between sudoers file formats\n" @@ -1258,7 +1702,7 @@ "%s – zwischen sudoers Dateiformaten konvertieren\n" "\n" -#: plugins/sudoers/cvtsudoers.c:1316 +#: plugins/sudoers/cvtsudoers.c:1511 msgid "" "\n" "Options:\n" @@ -1297,33 +1741,76 @@ " -s, --suppress=sections Unterdrücke Ausgabe von bestimmten Abschnitten\n" " -V, --version Zeige Versionsinformationen an und Ende" -#: plugins/sudoers/cvtsudoers_json.c:480 plugins/sudoers/cvtsudoers_json.c:514 -#: plugins/sudoers/cvtsudoers_json.c:713 -#, c-format -msgid "unknown defaults entry \"%s\"" -msgstr "unbekannter defaults-Eintrag »%s«" - -#: plugins/sudoers/cvtsudoers_json.c:651 plugins/sudoers/cvtsudoers_json.c:664 -#: plugins/sudoers/cvtsudoers_ldif.c:346 plugins/sudoers/cvtsudoers_ldif.c:357 -#: plugins/sudoers/ldap.c:503 +#: plugins/sudoers/cvtsudoers_csv.c:452 plugins/sudoers/cvtsudoers_csv.c:466 +#: plugins/sudoers/cvtsudoers_json.c:654 plugins/sudoers/cvtsudoers_json.c:669 +#: plugins/sudoers/cvtsudoers_ldif.c:347 plugins/sudoers/cvtsudoers_ldif.c:360 +#: plugins/sudoers/ldap.c:504 msgid "unable to get GMT time" msgstr "Die GMT-Zeit kann nicht bekommen werden" -#: plugins/sudoers/cvtsudoers_json.c:654 plugins/sudoers/cvtsudoers_json.c:667 -#: plugins/sudoers/cvtsudoers_ldif.c:349 plugins/sudoers/cvtsudoers_ldif.c:360 -#: plugins/sudoers/ldap.c:509 +#: plugins/sudoers/cvtsudoers_csv.c:457 plugins/sudoers/cvtsudoers_csv.c:471 +#: plugins/sudoers/cvtsudoers_json.c:659 plugins/sudoers/cvtsudoers_json.c:674 +#: plugins/sudoers/cvtsudoers_ldif.c:352 plugins/sudoers/cvtsudoers_ldif.c:365 +#: plugins/sudoers/ldap.c:512 msgid "unable to format timestamp" msgstr "Der Zeitstempel kann nicht formatiert werden" -#: plugins/sudoers/cvtsudoers_ldif.c:640 +#: plugins/sudoers/cvtsudoers_json.c:480 plugins/sudoers/cvtsudoers_json.c:515 +#: plugins/sudoers/cvtsudoers_json.c:725 plugins/sudoers/defaults.c:189 +#, c-format +msgid "%s:%d:%d: unknown defaults entry \"%s\"" +msgstr "%s:%d:%d: unbekannter defaults-Eintrag »%s«" + +#: plugins/sudoers/cvtsudoers_ldif.c:649 #, c-format msgid "too many sudoers entries, maximum %u" msgstr "Zu viele sudoers Einträge, Maximum ist %u" -#: plugins/sudoers/cvtsudoers_ldif.c:683 +#: plugins/sudoers/cvtsudoers_ldif.c:692 msgid "the SUDOERS_BASE environment variable is not set and the -b option was not specified." msgstr "Die Umgebunsvariable SUDOERS_BASE ist nicht gesetzt und die Option -b ist nicht angegeben." +#: plugins/sudoers/cvtsudoers_merge.c:438 +#, c-format +msgid "unable to find alias %s" +msgstr "Der Alias »%s« kann nicht gefunden werden" + +#: plugins/sudoers/cvtsudoers_merge.c:441 +#, c-format +msgid "%s:%d:%d: renaming alias %s to %s" +msgstr "%s:%d:%d: Benenne »%s« in »%s« um" + +#: plugins/sudoers/cvtsudoers_merge.c:498 +#, c-format +msgid "%s:%d:%d: removing duplicate alias %s" +msgstr "%s:%d:%d: doppelter Alias »%s« entfernt" + +#: plugins/sudoers/cvtsudoers_merge.c:658 +#, c-format +msgid "%s:%d:%d: conflicting Defaults entry \"%s\" host-specific in %s:%d:%d" +msgstr "%s:%d:%d: widersprüchlicher »Defaults«-Eintrag \"%s\" Host-spezifisch in %s:%d:%d" + +#: plugins/sudoers/cvtsudoers_merge.c:698 +#, c-format +msgid "%s:%d:%d: made Defaults \"%s\" specific to host %s" +msgstr "%s:%d:%d: Mache »Defaults« »%s« spezifisch für Host »%s«" + +#: plugins/sudoers/cvtsudoers_merge.c:718 +#, c-format +msgid "%s:%d:%d: removing Defaults \"%s\" overridden by subsequent entries" +msgstr "%s:%d:%d: entferne Defaults \"%s\" überschrieben in folgenden Einträgen" + +#: plugins/sudoers/cvtsudoers_merge.c:723 +#, c-format +msgid "%s:%d:%d: unable to make Defaults \"%s\" host-specific" +msgstr "%s:%d:%d: Kann Defaults »%s« nicht host-spezifisch machen" + +# XXX +#: plugins/sudoers/cvtsudoers_merge.c:943 +#, c-format +msgid "%s:%d:%d: removing userspec overridden by subsequent entries" +msgstr "%s:%d:%d: entferne durch nachfolgende Einträge überschriebene userspec " + #: plugins/sudoers/def_data.c:50 #, c-format msgid "Syslog facility if syslog is being used for logging: %s" @@ -1906,95 +2393,195 @@ msgid "The format of logs to produce: %s" msgstr "Das Format der zu schreibenden Logs: %s" -#: plugins/sudoers/defaults.c:185 +#: plugins/sudoers/def_data.c:574 +msgid "Enable SELinux RBAC support" +msgstr "Schalte SELinux RBAC Support ein" + +#: plugins/sudoers/def_data.c:578 #, c-format -msgid "%s:%d:%d: unknown defaults entry \"%s\"" -msgstr "%s:%d:%d: unbekannter defaults-Eintrag »%s«" +msgid "Path to the file that is created the first time sudo is run: %s" +msgstr "Pfad zur Datei die beim ersten sudo-Lauf erzeugt wird: %s" + +#: plugins/sudoers/def_data.c:582 +msgid "Intercept further commands and apply sudoers restrictions to them" +msgstr "Weitere Kommando abfangen und sudoers Restriktionen auf sie anwenden" + +#: plugins/sudoers/def_data.c:586 +msgid "Log sub-commands run by the original command" +msgstr "Protokolliere von diesem Kommando gestartete Kind-Prozesse" + +#: plugins/sudoers/def_data.c:590 +msgid "Log the exit status of commands" +msgstr "Den Exitcode des ausgeführten Befehls protokollieren" + +# XXX Check! +#: plugins/sudoers/def_data.c:594 +msgid "Subsequent commands in an intercepted session must be authenticated" +msgstr "Folgende Kommando in einer nachverfolgten Sitzung müssen authentifiziert werden" + +#: plugins/sudoers/def_data.c:598 +msgid "Allow an intercepted command to run set setuid or setgid programs" +msgstr "Erlaube einem abgefangenen Kommando die Ausführung von setuid oder setgid Programmen" + +#: plugins/sudoers/def_data.c:602 +#, c-format +msgid "The maximum size to which the process's address space may grow (in bytes): %s" +msgstr "Die maximale Größe zu der der Adressbereich des Prozesse wachsen kann (in Bytes): %s" + +#: plugins/sudoers/def_data.c:606 +#, c-format +msgid "The largest size core dump file that may be created (in bytes): %s" +msgstr "Die maximale Größe eines erzeugten Core Dumps (in Bytes): %s" + +#: plugins/sudoers/def_data.c:610 +#, c-format +msgid "The maximum amount of CPU time that the process may use (in seconds): %s" +msgstr "Die maximale CPU Zeit die vom Prozess genutzt werden kann (in Sekunden): %s" + +#: plugins/sudoers/def_data.c:614 +#, c-format +msgid "The maximum size of the data segment for the process (in bytes): %s" +msgstr "Die maximale Größe des Data Segments für den Prozess (in Bytes): %s" -#: plugins/sudoers/defaults.c:188 +#: plugins/sudoers/def_data.c:618 +#, c-format +msgid "The largest size file that the process may create (in bytes): %s" +msgstr "Die maximale Dateigröße für den Prozess (in Bytes): %s" + +#: plugins/sudoers/def_data.c:622 +#, c-format +msgid "The maximum number of locks that the process may establish: %s" +msgstr "Die maximale Anzahl von Sperren des Prozesses: %s" + +#: plugins/sudoers/def_data.c:626 +#, c-format +msgid "The maximum size that the process may lock in memory (in bytes): %s" +msgstr "Die maximale gesperrte Speichergröße des Prozesses (in Bytes): %s" + +#: plugins/sudoers/def_data.c:630 +#, c-format +msgid "The maximum number of files that the process may have open: %s" +msgstr "Die maximale Anzahl offener Dateien des Prozesses: %s" + +#: plugins/sudoers/def_data.c:634 +#, c-format +msgid "The maximum number of processes that the user may run simultaneously: %s" +msgstr "Die maximale Anzahl von gleichzeitige laufenden Prozessen des Benutzers: %s" + +#: plugins/sudoers/def_data.c:638 +#, c-format +msgid "The maximum size to which the process's resident set size may grow (in bytes): %s" +msgstr "Die maximle Größe des residenten Speichers vom Prozess (in Bytes): %s" + +#: plugins/sudoers/def_data.c:642 +#, c-format +msgid "The maximum size to which the process's stack may grow (in bytes): %s" +msgstr "Die maximale Größe des Prozess-Stacks (in Bytes): %s" + +#: plugins/sudoers/defaults.c:192 #, c-format msgid "%s: unknown defaults entry \"%s\"" msgstr "%s: unbekannter defaults-Eintrag »%s«" -#: plugins/sudoers/defaults.c:234 +#: plugins/sudoers/defaults.c:241 #, c-format msgid "%s:%d:%d: no value specified for \"%s\"" msgstr "%s:%d:%d: Kein Wert für »%s« angegeben" -#: plugins/sudoers/defaults.c:237 +#: plugins/sudoers/defaults.c:244 #, c-format msgid "%s: no value specified for \"%s\"" msgstr "%s: Kein Wert für »%s« angegeben" -#: plugins/sudoers/defaults.c:275 +#: plugins/sudoers/defaults.c:257 +#, c-format +msgid "%s:%d:%d: invalid operator \"%c=\" for \"%s\"" +msgstr "%s:%d:%d: Ungültiger Operator »%c=« für »%s«" + +#: plugins/sudoers/defaults.c:260 +#, c-format +msgid "%s: invalid operator \"%c=\" for \"%s\"" +msgstr "%s: Ungültiger Operator »%c=« für Option »%s«" + +#: plugins/sudoers/defaults.c:296 #, c-format msgid "%s:%d:%d: option \"%s\" does not take a value" msgstr "%s:%d:%d: Die Option »%s« wird ohne Wert verwendet" -#: plugins/sudoers/defaults.c:278 +#: plugins/sudoers/defaults.c:299 #, c-format msgid "%s: option \"%s\" does not take a value" msgstr "%s: Die Option »%s« wird ohne Wert verwendet" -#: plugins/sudoers/defaults.c:303 +#: plugins/sudoers/defaults.c:327 #, c-format msgid "%s:%d:%d: invalid Defaults type 0x%x for option \"%s\"" msgstr "%s:%d:%d: Ungültiger »Defaults« Typ 0x%x für Option »%s«" -#: plugins/sudoers/defaults.c:306 +#: plugins/sudoers/defaults.c:330 #, c-format msgid "%s: invalid Defaults type 0x%x for option \"%s\"" msgstr "%s: Ungültiger »Defaults« Typ 0x%x für Option »%s«" -#: plugins/sudoers/defaults.c:316 +#: plugins/sudoers/defaults.c:340 #, c-format msgid "%s:%d:%d: value \"%s\" is invalid for option \"%s\"" msgstr "%s:%d:%d: Der Wert »%s« ist für die Option »%s« ungültig" -#: plugins/sudoers/defaults.c:319 +#: plugins/sudoers/defaults.c:343 #, c-format msgid "%s: value \"%s\" is invalid for option \"%s\"" msgstr "%s: Der Wert »%s« ist für die Option »%s« ungültig" -#: plugins/sudoers/defaults.c:1030 +#: plugins/sudoers/defaults.c:1124 +#, c-format +msgid "%s:%d:%d: path name for \"%s\" too long" +msgstr "%s:%d:%d: Pfadname für »%s« ist zu lang" + +#: plugins/sudoers/defaults.c:1127 +#, c-format +msgid "%s: path name for \"%s\" too long" +msgstr "%s: Pfadname für »%s« ist zu lang" + +#: plugins/sudoers/defaults.c:1138 #, c-format msgid "%s:%d:%d: values for \"%s\" must start with a '/', '~', or '*'" msgstr "%s:%d:%d: Werte für »%s« müssen mit »/«, »~« oder »*« beginnen" -#: plugins/sudoers/defaults.c:1034 +#: plugins/sudoers/defaults.c:1142 #, c-format msgid "%s: values for \"%s\" must start with a '/', '~', or '*'" msgstr "%s: Werte für »%s« müssen mit »/«, »~« oder »*« beginnen" -#: plugins/sudoers/defaults.c:1045 +#: plugins/sudoers/defaults.c:1153 #, c-format msgid "%s:%d:%d: values for \"%s\" must start with a '/'" msgstr "%s:%d:%d: Werte für »%s« müssen mit einem »/« beginnen" -#: plugins/sudoers/defaults.c:1049 +#: plugins/sudoers/defaults.c:1157 #, c-format msgid "%s: values for \"%s\" must start with a '/'" msgstr "%s: Werte für »%s« müssen mit einem »/« beginnen" -#: plugins/sudoers/env.c:405 +#: plugins/sudoers/env.c:412 msgid "sudo_putenv: corrupted envp, length mismatch" msgstr "sudo_putenv: envp ist beschädigt, die Längen passen nicht" -#: plugins/sudoers/env.c:1133 +#: plugins/sudoers/env.c:1095 msgid "unable to rebuild the environment" msgstr "Das Environment kann nicht neu erstellt werden" -#: plugins/sudoers/env.c:1207 +#: plugins/sudoers/env.c:1169 #, c-format msgid "sorry, you are not allowed to set the following environment variables: %s" msgstr "Leider dürfen die folgenden Umgebungsvariablen nicht gesetzt werden: %s" -#: plugins/sudoers/file.c:107 +#: plugins/sudoers/file.c:108 #, c-format msgid "parse error in %s near line %d" msgstr "Syntax-Fehler in %s bei der Zeile %d" -#: plugins/sudoers/file.c:110 +#: plugins/sudoers/file.c:111 #, c-format msgid "parse error in %s" msgstr "Syntax-Fehler in %s" @@ -2019,7 +2606,7 @@ msgid "%s must only be writable by owner" msgstr "%s darf nur für den Eigentümer der Datei schreibbar sein" -#: plugins/sudoers/group_plugin.c:96 plugins/sudoers/sssd.c:569 +#: plugins/sudoers/group_plugin.c:96 plugins/sudoers/sssd.c:566 #, c-format msgid "unable to load %s: %s" msgstr "Laden von %s fehlgeschlagen: %s" @@ -2034,56 +2621,51 @@ msgid "%s: incompatible group plugin major version %d, expected %d" msgstr "%s: Die Major-Version %d des Group-Plugins ist inkompatibel, erwartet wird %d" -#: plugins/sudoers/interfaces.c:80 plugins/sudoers/interfaces.c:97 +#: plugins/sudoers/interfaces.c:76 plugins/sudoers/interfaces.c:93 #, c-format msgid "unable to parse IP address \"%s\"" msgstr "»%s« ist keine gültige IP-Adresse" -#: plugins/sudoers/interfaces.c:85 plugins/sudoers/interfaces.c:102 +#: plugins/sudoers/interfaces.c:81 plugins/sudoers/interfaces.c:98 #, c-format msgid "unable to parse netmask \"%s\"" msgstr "»%s« ist keine gültige Netzmaske" -#: plugins/sudoers/interfaces.c:130 +#: plugins/sudoers/interfaces.c:126 msgid "Local IP address and netmask pairs:\n" msgstr "Lokale IP-Adresse und Netzmaske:\n" -#: plugins/sudoers/iolog.c:143 plugins/sudoers/sudoers.c:445 -#: plugins/sudoers/sudoers.c:1341 plugins/sudoers/testsudoers.c:410 -#, c-format -msgid "unknown group: %s" -msgstr "Unbekannte Gruppe: %s" - -#: plugins/sudoers/iolog.c:622 +#: plugins/sudoers/iolog.c:626 msgid "unable to update sequence file" msgstr "Kann die Sequenz-Datei nicht aktualisieren" -#: plugins/sudoers/iolog.c:653 plugins/sudoers/iolog.c:841 -#: plugins/sudoers/iolog.c:994 plugins/sudoers/iolog.c:1001 -#: plugins/sudoers/iolog.c:1122 plugins/sudoers/iolog.c:1129 -#: plugins/sudoers/iolog.c:1228 plugins/sudoers/iolog.c:1235 +#: plugins/sudoers/iolog.c:660 plugins/sudoers/iolog.c:848 +#: plugins/sudoers/iolog.c:1001 plugins/sudoers/iolog.c:1008 +#: plugins/sudoers/iolog.c:1129 plugins/sudoers/iolog.c:1136 +#: plugins/sudoers/iolog.c:1235 plugins/sudoers/iolog.c:1242 #, c-format msgid "unable to write to I/O log file: %s" msgstr "In die I/O Logdatei kann nicht geschrieben werden: %s" -#: plugins/sudoers/iolog.c:661 +#: plugins/sudoers/iolog.c:668 #, c-format msgid "unable to create %s/%s" msgstr "Die Datei %s%s kann nicht erstellt werden" -#: plugins/sudoers/iolog.c:886 +#: plugins/sudoers/iolog.c:893 #, c-format msgid "%s: internal error, I/O log file for event %d not open" msgstr "%s: Interner Fehler, Logdatei für Event %d nicht geöffnet" -#: plugins/sudoers/iolog.c:979 plugins/sudoers/iolog.c:1107 -#: plugins/sudoers/iolog.c:1212 plugins/sudoers/timestamp.c:855 -#: plugins/sudoers/timestamp.c:947 plugins/sudoers/visudo.c:493 -#: plugins/sudoers/visudo.c:499 +#: plugins/sudoers/iolog.c:986 plugins/sudoers/iolog.c:1114 +#: plugins/sudoers/iolog.c:1219 plugins/sudoers/timestamp.c:849 +#: plugins/sudoers/timestamp.c:941 plugins/sudoers/visudo.c:510 +#: plugins/sudoers/visudo.c:516 msgid "unable to read the clock" msgstr "Die Uhrzeit kann nicht ausgelesen werden" -#: plugins/sudoers/iolog.c:1204 plugins/sudoers/log_client.c:1193 +#: plugins/sudoers/iolog.c:1211 plugins/sudoers/log_client.c:1221 +#: plugins/sudoers/log_client.c:1231 plugins/sudoers/log_client.c:1235 #, c-format msgid "%s: internal error, invalid signal %d" msgstr "%s: Interner Fehler, ungültiges Signal %d" @@ -2102,16 +2684,16 @@ msgid "you must set TLS_CERT in %s to use SSL" msgstr "In der Datei »%s« muss »TLS_CERT« angegeben sein, um SSL zu nutzen" -#: plugins/sudoers/ldap.c:1660 +#: plugins/sudoers/ldap.c:1663 #, c-format msgid "unable to initialize LDAP: %s" msgstr "LDAP kann nicht initialisiert werden: %s" -#: plugins/sudoers/ldap.c:1697 +#: plugins/sudoers/ldap.c:1700 msgid "start_tls specified but LDAP libs do not support ldap_start_tls_s() or ldap_start_tls_s_np()" msgstr "start_tls ist angegeben, aber die LDAP-Bibliotheken unterstützen ldap_start_tls_s() und ldap_start_tls_s_np() nicht" -#: plugins/sudoers/ldap.c:1834 plugins/sudoers/parse_ldif.c:744 +#: plugins/sudoers/ldap.c:1837 plugins/sudoers/parse_ldif.c:747 #, c-format msgid "invalid sudoOrder attribute: %s" msgstr "Ungültiges »sudoOrder« Attribut: %s" @@ -2130,100 +2712,132 @@ msgid "unable to mix ldap and ldaps URIs" msgstr "ldap- und ldaps-Adressen können nicht zusammen verwendet werden" -#: plugins/sudoers/ldap_util.c:553 plugins/sudoers/ldap_util.c:555 +#: plugins/sudoers/ldap_util.c:498 plugins/sudoers/ldap_util.c:505 +#: plugins/sudoers/ldap_util.c:513 plugins/sudoers/ldap_util.c:522 +#: plugins/sudoers/ldap_util.c:530 plugins/sudoers/ldap_util.c:540 +#: plugins/sudoers/ldap_util.c:548 +#, c-format +msgid "duplicate sudoOption: %s%s%s" +msgstr "doppelte sudoOption: %s%s%s" + +#: plugins/sudoers/ldap_util.c:567 plugins/sudoers/ldap_util.c:569 #, c-format msgid "unable to convert sudoOption: %s%s%s" msgstr "sudoOption kann nicht konvertiert werden: %s%s%s" -#: plugins/sudoers/linux_audit.c:58 +#: plugins/sudoers/linux_audit.c:58 plugins/sudoers/linux_audit.c:60 msgid "unable to open audit system" msgstr "Das Audit-System kann nicht geöffnet werden" -#: plugins/sudoers/linux_audit.c:101 +#: plugins/sudoers/linux_audit.c:103 msgid "unable to send audit message" msgstr "Die Audit-Nachricht kann nicht gesendet werden" -#: plugins/sudoers/log_client.c:113 plugins/sudoers/log_client.c:391 -#: plugins/sudoers/log_client.c:1431 plugins/sudoers/log_client.c:2023 +#: plugins/sudoers/log_client.c:120 plugins/sudoers/log_client.c:400 +#: plugins/sudoers/log_client.c:1468 plugins/sudoers/log_client.c:2070 msgid "error in event loop" msgstr "Fehler in der Event-Schleife" -#: plugins/sudoers/log_client.c:193 +#: plugins/sudoers/log_client.c:200 #, c-format msgid "Creation of new SSL_CTX object failed: %s" msgstr "Erzeugen eines neuen SSL_CTX Objektes fehlgeschlagen: %s" -#: plugins/sudoers/log_client.c:345 plugins/sudoers/log_client.c:350 +#: plugins/sudoers/log_client.c:223 +#, c-format +msgid "unable to load certificate authority bundle %s" +msgstr "Kann das CA-Bundle »%s« nicht laden" + +#: plugins/sudoers/log_client.c:243 +#, c-format +msgid "unable to load certificate %s" +msgstr "Laden von Zertifikat »%s« fehlgeschlagen" + +#: plugins/sudoers/log_client.c:256 +#, c-format +msgid "unable to load private key %s" +msgstr "Laden des privaten Schlüssels »%s« fehlgeschlagen" + +#: plugins/sudoers/log_client.c:265 +#, c-format +msgid "Unable to allocate ssl object: %s" +msgstr "Kann kein SSL-Objekt anlegen: %s" + +#: plugins/sudoers/log_client.c:353 plugins/sudoers/log_client.c:358 #, c-format msgid "TLS connection to %s:%s failed: %s" msgstr "TLS Verbindung zu %s:%s fehlgeschlagen: %s" -#: plugins/sudoers/log_client.c:519 +#: plugins/sudoers/log_client.c:531 msgid "TLS initialization was unsuccessful" msgstr "TLS Initialisierung war nicht erfolgreich" -#: plugins/sudoers/log_client.c:528 +#: plugins/sudoers/log_client.c:541 msgid "TLS handshake was unsuccessful" msgstr "TLS Handshake war nicht erfolgreich" -#: plugins/sudoers/log_client.c:1202 +#: plugins/sudoers/log_client.c:1239 #, c-format msgid "%s: internal error, invalid exit status %d" msgstr "%s: Interner Fehler, ungültiger Exit-Status %d" -#: plugins/sudoers/log_client.c:1738 +#: plugins/sudoers/log_client.c:1608 +msgid "unable to unpack ServerMessage" +msgstr "Kann die ServerNessage nicht auspacken" + +#: plugins/sudoers/log_client.c:1763 plugins/sudoers/log_client.c:1787 msgid "lost connection to log server" msgstr "Verbindung zum Logserver verloren" -#: plugins/sudoers/log_client.c:1815 +#: plugins/sudoers/log_client.c:1864 msgid "missing write buffer" msgstr "Schreib-Puffer fehlt" -#: plugins/sudoers/log_client.c:1964 +#: plugins/sudoers/log_client.c:2011 msgid "unable to connect to log server" msgstr "Verbindung zum Logserver kann nicht aufgebaut werden" -#: plugins/sudoers/logging.c:244 +#: plugins/sudoers/logging.c:286 msgid "user NOT in sudoers" msgstr "Der Benutzer ist NICHT in der sudoers-Datei enthalten" -#: plugins/sudoers/logging.c:246 +#: plugins/sudoers/logging.c:288 msgid "user NOT authorized on host" msgstr "Der Benutzer ist NICHT auf dem Rechner autorisiert" -#: plugins/sudoers/logging.c:248 +#: plugins/sudoers/logging.c:290 msgid "command not allowed" msgstr "Der Befehl ist nicht erlaubt" -#: plugins/sudoers/logging.c:269 +#: plugins/sudoers/logging.c:311 #, c-format msgid "%s is not in the sudoers file. This incident will be reported.\n" msgstr "%s ist nicht in der sudoers-Datei. Dieser Vorfall wird gemeldet.\n" -#: plugins/sudoers/logging.c:272 +#: plugins/sudoers/logging.c:314 #, c-format msgid "%s is not allowed to run sudo on %s. This incident will be reported.\n" msgstr "%s darf sudo für %s nicht verwenden. Dieser Vorfall wird gemeldet.\n" -#: plugins/sudoers/logging.c:276 +#: plugins/sudoers/logging.c:318 #, c-format msgid "Sorry, user %s may not run sudo on %s.\n" msgstr "Leider darf der Benutzer %s sudo für %s nicht verwenden.\n" -#: plugins/sudoers/logging.c:279 +#: plugins/sudoers/logging.c:321 #, c-format msgid "Sorry, user %s is not allowed to execute '%s%s%s' as %s%s%s on %s.\n" msgstr "Leider darf der Benutzer %s »%s%s%s« als %s%s%s auf %s nicht ausführen.\n" -#: plugins/sudoers/logging.c:316 plugins/sudoers/sudoers.c:583 -#: plugins/sudoers/sudoers.c:585 plugins/sudoers/sudoers.c:587 -#: plugins/sudoers/sudoers.c:589 plugins/sudoers/sudoers.c:739 -#: plugins/sudoers/sudoers.c:741 +#: plugins/sudoers/logging.c:358 plugins/sudoers/sudoers.c:629 +#: plugins/sudoers/sudoers.c:631 plugins/sudoers/sudoers.c:633 +#: plugins/sudoers/sudoers.c:635 plugins/sudoers/sudoers.c:785 +#: plugins/sudoers/sudoers.c:787 #, c-format msgid "%s: command not found" msgstr "%s: Befehl nicht gefunden" -#: plugins/sudoers/logging.c:318 plugins/sudoers/sudoers.c:579 +#: plugins/sudoers/logging.c:360 plugins/sudoers/sudoers.c:625 #, c-format msgid "" "ignoring \"%s\" found in '.'\n" @@ -2232,27 +2846,22 @@ "Im aktuellen Verzeichnis ».« gefundenes »%s« wird ignoriert.\n" "Verwenden Sie »sudo ./%s«, wenn dies der gewünschte Befehl »%s« ist." -#: plugins/sudoers/logging.c:337 +#: plugins/sudoers/logging.c:379 #, c-format msgid "%u incorrect password attempt" msgid_plural "%u incorrect password attempts" msgstr[0] "%u Fehlversuch bei der Passwort-Eingabe" msgstr[1] "%u Fehlversuche bei der Passwort-Eingabe" -#: plugins/sudoers/logging.c:393 +#: plugins/sudoers/logging.c:435 msgid "authentication failure" msgstr "Fehler bei der Authentifizierung" -#: plugins/sudoers/logging.c:433 plugins/sudoers/logging.c:453 +#: plugins/sudoers/logging.c:475 plugins/sudoers/logging.c:495 msgid "a password is required" msgstr "Ein Passwort ist notwendig" -#: plugins/sudoers/logging.c:729 -#, c-format -msgid "unable to open log file: %s" -msgstr "Die Protokolldatei kann nicht geöffnet werden: %s" - -#: plugins/sudoers/logging.c:762 +#: plugins/sudoers/logging.c:889 #, c-format msgid "unable to write log file: %s" msgstr "In die Logdatei kann nicht geschrieben werden: %s" @@ -2262,7 +2871,15 @@ msgid "digest for %s (%s) is not in %s form" msgstr "Prüfsumme für %s (%s) ist nicht in der Form %s" -#: plugins/sudoers/parse.c:518 +#: plugins/sudoers/parse.c:233 +msgid "SELinux RBAC is not supported when intercept mode is enabled" +msgstr "SELinux RBAC ist nicht unterstützt wenn »intercept« Modus aktiv ist" + +#: plugins/sudoers/parse.c:238 +msgid "SELinux RBAC is not supported when the log_subcmds flag is enabled" +msgstr "SELinux RBAC ist nicht unterstützt wenn »log_subcmds« aktiv ist" + +#: plugins/sudoers/parse.c:549 #, c-format msgid "" "\n" @@ -2271,7 +2888,7 @@ "\n" "LDAP-Rolle: %s\n" -#: plugins/sudoers/parse.c:521 +#: plugins/sudoers/parse.c:552 msgid "" "\n" "Sudoers entry:\n" @@ -2279,104 +2896,115 @@ "\n" "Sudoers-Eintrag:\n" -#: plugins/sudoers/parse.c:523 +#: plugins/sudoers/parse.c:554 msgid " RunAsUsers: " msgstr " RunAsUsers: " -#: plugins/sudoers/parse.c:538 +#: plugins/sudoers/parse.c:569 msgid " RunAsGroups: " msgstr " RunAsGroups: " -#: plugins/sudoers/parse.c:548 +#: plugins/sudoers/parse.c:579 msgid " Options: " msgstr " Optionen: " -#: plugins/sudoers/parse.c:602 +#: plugins/sudoers/parse.c:643 msgid " Commands:\n" msgstr " Befehle:\n" -#: plugins/sudoers/parse.c:793 +#: plugins/sudoers/parse.c:834 #, c-format msgid "Matching Defaults entries for %s on %s:\n" msgstr "Passende Defaults-Einträge für %s auf %s:\n" -#: plugins/sudoers/parse.c:811 +#: plugins/sudoers/parse.c:852 #, c-format msgid "Runas and Command-specific defaults for %s:\n" msgstr "Runas und befehlsspezifische Standardwerte für %s:\n" -#: plugins/sudoers/parse.c:829 +#: plugins/sudoers/parse.c:870 #, c-format msgid "User %s may run the following commands on %s:\n" msgstr "Der Benutzer %s darf die folgenden Befehle auf %s ausführen:\n" -#: plugins/sudoers/parse.c:844 +#: plugins/sudoers/parse.c:885 #, c-format msgid "User %s is not allowed to run sudo on %s.\n" msgstr "Der Benutzer %s darf sudo auf dem Rechner %s nicht ausführen.\n" -#: plugins/sudoers/parse_ldif.c:614 +#: plugins/sudoers/parse_ldif.c:617 #, c-format msgid "ignoring incomplete sudoRole: cn: %s" msgstr "ignoriere die unvollständige sudoRole: cn: %s" -#: plugins/sudoers/parse_ldif.c:674 +#: plugins/sudoers/parse_ldif.c:677 #, c-format msgid "invalid LDIF attribute: %s" msgstr "Ungültiges LDIF-Attribut: %s" -#: plugins/sudoers/policy.c:78 plugins/sudoers/policy.c:102 +#: plugins/sudoers/policy.c:80 plugins/sudoers/policy.c:111 #, c-format msgid "invalid %.*s set by sudo front-end" msgstr "ungültige Option »%.*s« durch das sudo-Frontend angegeben" -#: plugins/sudoers/policy.c:310 plugins/sudoers/testsudoers.c:272 +#: plugins/sudoers/policy.c:206 plugins/sudoers/policy.c:215 +#, c-format +msgid "path name for \"%s\" too long" +msgstr "Pfadname für »%s« ist zu lang" + +#: plugins/sudoers/policy.c:328 plugins/sudoers/testsudoers.c:268 msgid "unable to parse network address list" msgstr "Die Netzwerkadressliste kann nicht eingelesen werden" -#: plugins/sudoers/policy.c:455 +#: plugins/sudoers/policy.c:479 msgid "user name not set by sudo front-end" msgstr "Benutzername nicht durch das sudo-Frontend angegeben" -#: plugins/sudoers/policy.c:459 +#: plugins/sudoers/policy.c:483 msgid "user-ID not set by sudo front-end" msgstr "User-ID nicht durch das sudo-Frontend angegeben" -#: plugins/sudoers/policy.c:463 +#: plugins/sudoers/policy.c:487 msgid "group-ID not set by sudo front-end" msgstr "Gruppen-ID nicht durch das sudo-Frontend angegeben" -#: plugins/sudoers/policy.c:467 +#: plugins/sudoers/policy.c:491 msgid "host name not set by sudo front-end" msgstr "Hostname nicht durch das sudo-Frontend angegeben" -#: plugins/sudoers/policy.c:643 +#: plugins/sudoers/policy.c:693 #, c-format msgid "invalid working directory: %s" msgstr "Ungültiges Arbeitsverzeichnis: %s" -#: plugins/sudoers/policy.c:811 +#: plugins/sudoers/policy.c:869 #, c-format msgid "invalid chroot directory: %s" msgstr "Ungültiges »chroot« Verzeichnis: %s" -#: plugins/sudoers/policy.c:947 plugins/sudoers/visudo.c:231 -#: plugins/sudoers/visudo.c:860 +#: plugins/sudoers/policy.c:1051 plugins/sudoers/visudo.c:243 +#: plugins/sudoers/visudo.c:880 #, c-format msgid "unable to execute %s" msgstr "%s kann nicht ausgeführt werden" -#: plugins/sudoers/policy.c:1111 +#: plugins/sudoers/policy.c:1121 plugins/sudoers/policy.c:1158 +#: plugins/sudoers/policy.c:1180 plugins/sudoers/policy.c:1206 +#, c-format +msgid "%s: invalid mode flags from sudo front end: 0x%x" +msgstr "%s: ungültige Mode-Flags vom sudo-Frontend: 0x%x" + +#: plugins/sudoers/policy.c:1237 #, c-format msgid "Sudoers policy plugin version %s\n" msgstr "Sudoers-Policy-Plugin Version %s\n" -#: plugins/sudoers/policy.c:1113 +#: plugins/sudoers/policy.c:1239 #, c-format msgid "Sudoers file grammar version %d\n" msgstr "Sudoers-Datei-Grammatik-Version %d\n" -#: plugins/sudoers/policy.c:1117 +#: plugins/sudoers/policy.c:1243 #, c-format msgid "" "\n" @@ -2385,132 +3013,137 @@ "\n" "Sudoers-Pfad: %s\n" -#: plugins/sudoers/policy.c:1120 +#: plugins/sudoers/policy.c:1246 #, c-format msgid "nsswitch path: %s\n" msgstr "nsswitch-Pfad: %s\n" -#: plugins/sudoers/policy.c:1122 +#: plugins/sudoers/policy.c:1248 #, c-format msgid "ldap.conf path: %s\n" msgstr "ldap.conf-Pfad: %s\n" -#: plugins/sudoers/policy.c:1123 +#: plugins/sudoers/policy.c:1249 #, c-format msgid "ldap.secret path: %s\n" msgstr "ldap.secret-Pfad: %s\n" -#: plugins/sudoers/policy.c:1156 +#: plugins/sudoers/policy.c:1282 #, c-format msgid "unable to register hook of type %d (version %d.%d)" msgstr "Der Hook vom Typ %d kann nicht registriert werden (Version %d.%d)" -#: plugins/sudoers/pwutil.c:217 plugins/sudoers/pwutil.c:235 +#: plugins/sudoers/policy.c:1300 +#, c-format +msgid "unable to deregister hook of type %d (version %d.%d)" +msgstr "Der Hook vom Typ %d kann nicht deregistriert werden (Version %d.%d)" + +#: plugins/sudoers/pwutil.c:222 plugins/sudoers/pwutil.c:240 #, c-format msgid "unable to cache uid %u" msgstr "Die Benutzer-ID %u kann nicht zwischengespeichert werden" -#: plugins/sudoers/pwutil.c:229 +#: plugins/sudoers/pwutil.c:234 #, c-format msgid "unable to cache uid %u, already exists" msgstr "Die Benutzer-ID %u kann nicht zwischengespeichert werden, sie existiert bereits" -#: plugins/sudoers/pwutil.c:289 plugins/sudoers/pwutil.c:307 -#: plugins/sudoers/pwutil.c:370 plugins/sudoers/pwutil.c:415 +#: plugins/sudoers/pwutil.c:294 plugins/sudoers/pwutil.c:312 +#: plugins/sudoers/pwutil.c:375 plugins/sudoers/pwutil.c:420 #, c-format msgid "unable to cache user %s" msgstr "Der Benutzer %s kann nicht zwischengespeichert werden" -#: plugins/sudoers/pwutil.c:302 +#: plugins/sudoers/pwutil.c:307 #, c-format msgid "unable to cache user %s, already exists" msgstr "Der Benutzer %s kann nicht in den Zwischenspeicher aufgenommen werden, er existiert bereits" -#: plugins/sudoers/pwutil.c:534 plugins/sudoers/pwutil.c:552 +#: plugins/sudoers/pwutil.c:539 plugins/sudoers/pwutil.c:557 #, c-format msgid "unable to cache gid %u" msgstr "Die Gruppen-ID %u kann nicht in den Zwischenspeicher aufgenommen werden" -#: plugins/sudoers/pwutil.c:546 +#: plugins/sudoers/pwutil.c:551 #, c-format msgid "unable to cache gid %u, already exists" msgstr "Die Gruppen-ID %u kann nicht in den Zwischenspeicher aufgenommen werden, sie existiert bereits" -#: plugins/sudoers/pwutil.c:599 plugins/sudoers/pwutil.c:617 -#: plugins/sudoers/pwutil.c:665 plugins/sudoers/pwutil.c:707 +#: plugins/sudoers/pwutil.c:605 plugins/sudoers/pwutil.c:623 +#: plugins/sudoers/pwutil.c:684 plugins/sudoers/pwutil.c:733 #, c-format msgid "unable to cache group %s" msgstr "Die Gruppe %s kann nicht zwischengespeichert werden" -#: plugins/sudoers/pwutil.c:612 +#: plugins/sudoers/pwutil.c:618 #, c-format msgid "unable to cache group %s, already exists" msgstr "Die Gruppe %s kann nicht in den Zwischenspeicher aufgenommen werden, sie existiert bereits" -#: plugins/sudoers/pwutil.c:834 plugins/sudoers/pwutil.c:885 -#: plugins/sudoers/pwutil.c:935 plugins/sudoers/pwutil.c:987 +#: plugins/sudoers/pwutil.c:880 plugins/sudoers/pwutil.c:931 +#: plugins/sudoers/pwutil.c:981 plugins/sudoers/pwutil.c:1033 #, c-format msgid "unable to cache group list for %s, already exists" msgstr "Die Gruppen-Liste für %s kann nicht in den Zwischenspeicher aufgenommen werden, sie existiert bereits" -#: plugins/sudoers/pwutil.c:840 plugins/sudoers/pwutil.c:890 -#: plugins/sudoers/pwutil.c:941 plugins/sudoers/pwutil.c:992 +#: plugins/sudoers/pwutil.c:886 plugins/sudoers/pwutil.c:936 +#: plugins/sudoers/pwutil.c:987 plugins/sudoers/pwutil.c:1038 #, c-format msgid "unable to cache group list for %s" msgstr "Die Gruppenliste für %s können nicht zwischengespeichert werden" -#: plugins/sudoers/pwutil.c:879 +#: plugins/sudoers/pwutil.c:925 #, c-format msgid "unable to parse groups for %s" msgstr "Die Gruppen für %s können nicht eingelesen werden" -#: plugins/sudoers/pwutil.c:981 +#: plugins/sudoers/pwutil.c:1027 #, c-format msgid "unable to parse gids for %s" msgstr "Die Gruppen für %s können nicht geparst werden" -#: plugins/sudoers/set_perms.c:114 plugins/sudoers/set_perms.c:441 -#: plugins/sudoers/set_perms.c:844 plugins/sudoers/set_perms.c:1150 -#: plugins/sudoers/set_perms.c:1444 +#: plugins/sudoers/set_perms.c:114 plugins/sudoers/set_perms.c:445 +#: plugins/sudoers/set_perms.c:852 plugins/sudoers/set_perms.c:1162 +#: plugins/sudoers/set_perms.c:1460 msgid "perm stack overflow" msgstr "Stack-Überlauf der Zugriffsrechte" -#: plugins/sudoers/set_perms.c:122 plugins/sudoers/set_perms.c:372 -#: plugins/sudoers/set_perms.c:449 plugins/sudoers/set_perms.c:711 -#: plugins/sudoers/set_perms.c:852 plugins/sudoers/set_perms.c:1074 -#: plugins/sudoers/set_perms.c:1158 plugins/sudoers/set_perms.c:1377 -#: plugins/sudoers/set_perms.c:1452 plugins/sudoers/set_perms.c:1542 +#: plugins/sudoers/set_perms.c:125 plugins/sudoers/set_perms.c:376 +#: plugins/sudoers/set_perms.c:456 plugins/sudoers/set_perms.c:719 +#: plugins/sudoers/set_perms.c:863 plugins/sudoers/set_perms.c:1086 +#: plugins/sudoers/set_perms.c:1173 plugins/sudoers/set_perms.c:1393 +#: plugins/sudoers/set_perms.c:1471 plugins/sudoers/set_perms.c:1562 msgid "perm stack underflow" msgstr "Stack-Bereichsunterschreitung der Zugriffsrechte" -#: plugins/sudoers/set_perms.c:181 plugins/sudoers/set_perms.c:495 -#: plugins/sudoers/set_perms.c:1211 plugins/sudoers/set_perms.c:1485 +#: plugins/sudoers/set_perms.c:185 plugins/sudoers/set_perms.c:503 +#: plugins/sudoers/set_perms.c:1227 plugins/sudoers/set_perms.c:1505 msgid "unable to change to root gid" msgstr "Wechsel zur root-GID ist nicht möglich" -#: plugins/sudoers/set_perms.c:272 plugins/sudoers/set_perms.c:592 -#: plugins/sudoers/set_perms.c:983 plugins/sudoers/set_perms.c:1288 +#: plugins/sudoers/set_perms.c:276 plugins/sudoers/set_perms.c:600 +#: plugins/sudoers/set_perms.c:995 plugins/sudoers/set_perms.c:1304 msgid "unable to change to runas gid" msgstr "Wechsel zur runas-UID ist nicht möglich" -#: plugins/sudoers/set_perms.c:277 plugins/sudoers/set_perms.c:597 -#: plugins/sudoers/set_perms.c:988 plugins/sudoers/set_perms.c:1293 +#: plugins/sudoers/set_perms.c:281 plugins/sudoers/set_perms.c:605 +#: plugins/sudoers/set_perms.c:1000 plugins/sudoers/set_perms.c:1309 msgid "unable to set runas group vector" msgstr "Die runas-Gruppen können nicht gesetzt werden" -#: plugins/sudoers/set_perms.c:288 plugins/sudoers/set_perms.c:608 -#: plugins/sudoers/set_perms.c:997 plugins/sudoers/set_perms.c:1302 +#: plugins/sudoers/set_perms.c:292 plugins/sudoers/set_perms.c:616 +#: plugins/sudoers/set_perms.c:1009 plugins/sudoers/set_perms.c:1318 msgid "unable to change to runas uid" msgstr "Wechsel zur runas-GID ist nicht möglich" -#: plugins/sudoers/set_perms.c:306 plugins/sudoers/set_perms.c:626 -#: plugins/sudoers/set_perms.c:1013 plugins/sudoers/set_perms.c:1318 +#: plugins/sudoers/set_perms.c:310 plugins/sudoers/set_perms.c:634 +#: plugins/sudoers/set_perms.c:1025 plugins/sudoers/set_perms.c:1334 msgid "unable to change to sudoers gid" msgstr "Wechsel zur sudoers-GID ist nicht möglich" -#: plugins/sudoers/set_perms.c:359 plugins/sudoers/set_perms.c:698 -#: plugins/sudoers/set_perms.c:1061 plugins/sudoers/set_perms.c:1364 -#: plugins/sudoers/set_perms.c:1529 +#: plugins/sudoers/set_perms.c:363 plugins/sudoers/set_perms.c:706 +#: plugins/sudoers/set_perms.c:1073 plugins/sudoers/set_perms.c:1380 +#: plugins/sudoers/set_perms.c:1549 msgid "too many processes" msgstr "Zu viele Prozesse" @@ -2528,261 +3161,275 @@ msgid "truncated audit path argv[0]: %s" msgstr "Audit-Pfad argv[0] abgeschnitten: %s" -#: plugins/sudoers/sssd.c:572 +#: plugins/sudoers/sssd.c:569 msgid "unable to initialize SSS source. Is SSSD installed on your machine?" msgstr "Die SSS-Quelle kann nicht initialisiert werden. Ist SSSD auf dem Rechner installiert?" -#: plugins/sudoers/sssd.c:580 plugins/sudoers/sssd.c:589 -#: plugins/sudoers/sssd.c:598 plugins/sudoers/sssd.c:607 -#: plugins/sudoers/sssd.c:616 +#: plugins/sudoers/sssd.c:577 plugins/sudoers/sssd.c:586 +#: plugins/sudoers/sssd.c:595 plugins/sudoers/sssd.c:604 +#: plugins/sudoers/sssd.c:613 #, c-format msgid "unable to find symbol \"%s\" in %s" msgstr "Das Symbol »%s« kann in %s nicht gefunden werden" -#: plugins/sudoers/sudoers.c:214 plugins/sudoers/sudoers.c:1010 +#: plugins/sudoers/sudoers.c:166 plugins/sudoers/sudoers.c:174 +#: plugins/sudoers/sudoers.c:228 plugins/sudoers/sudoers.c:249 +#: plugins/sudoers/sudoers.c:1049 msgid "problem with defaults entries" msgstr "Problem mit den Standard-Einträgen" -#: plugins/sudoers/sudoers.c:218 +#: plugins/sudoers/sudoers.c:253 msgid "no valid sudoers sources found, quitting" msgstr "Keine gültige sudoers-Quelle gefunden, Programmende" -#: plugins/sudoers/sudoers.c:292 +#: plugins/sudoers/sudoers.c:327 #, c-format msgid "user not allowed to change root directory to %s" msgstr "Der Benutzer darf das root-Verzeichnis nicht auf »%s« ändern" -#: plugins/sudoers/sudoers.c:294 +#: plugins/sudoers/sudoers.c:329 #, c-format msgid "you are not permitted to use the -R option with %s" msgstr "Sie dürfen die Option -R nicht mit dem Kommando »%s« verwenden" -#: plugins/sudoers/sudoers.c:319 +#: plugins/sudoers/sudoers.c:354 #, c-format msgid "user not allowed to change directory to %s" msgstr "Der Benutzer darf das Verzeichnis nicht auf %s ändern" -#: plugins/sudoers/sudoers.c:320 +#: plugins/sudoers/sudoers.c:355 #, c-format msgid "you are not permitted to use the -D option with %s" msgstr "Sie dürfen die Option -C nicht mit dem Kommando »%s« verwenden" -#: plugins/sudoers/sudoers.c:351 +#: plugins/sudoers/sudoers.c:382 +msgid "no command specified" +msgstr "Kein Kommando angegeben" + +#: plugins/sudoers/sudoers.c:407 msgid "sudoers specifies that root is not allowed to sudo" msgstr "sudoers gibt an, dass root sudo nicht verwenden darf" -#: plugins/sudoers/sudoers.c:411 +#: plugins/sudoers/sudoers.c:457 msgid "user not allowed to override closefrom limit" msgstr "Der Benutzer darf das »closefrom«-Limit nicht überschreiben" -#: plugins/sudoers/sudoers.c:412 +#: plugins/sudoers/sudoers.c:458 msgid "you are not permitted to use the -C option" msgstr "Sie dürfen die Option -C nicht verwenden" -#: plugins/sudoers/sudoers.c:472 +#: plugins/sudoers/sudoers.c:518 #, c-format msgid "timestamp owner (%s): No such user" msgstr "Zeitstempelbesitzer (%s): Benutzer existiert nicht" -#: plugins/sudoers/sudoers.c:487 +#: plugins/sudoers/sudoers.c:533 msgid "no tty" msgstr "Kein tty" -#: plugins/sudoers/sudoers.c:488 +#: plugins/sudoers/sudoers.c:534 msgid "sorry, you must have a tty to run sudo" msgstr "Sie müssen ein TTY haben, um sudo zu verwenden" -#: plugins/sudoers/sudoers.c:495 +#: plugins/sudoers/sudoers.c:541 #, c-format msgid "invalid shell for user %s: %s" msgstr "Ungültiger Shell für den Benutzer %s: %s" -#: plugins/sudoers/sudoers.c:578 +#: plugins/sudoers/sudoers.c:624 msgid "command in current directory" msgstr "Befehl ist im aktuellen Verzeichnis" -#: plugins/sudoers/sudoers.c:597 +#: plugins/sudoers/sudoers.c:639 +msgid "\"cd\" is a shell built-in command, it cannot be run directly." +msgstr "»cd\"« ist ein Shell-internes Kommando, das nicht direkt gestartet werden kann." + +#: plugins/sudoers/sudoers.c:641 +msgid "the -s option may be used to run a privileged shell." +msgstr "Die Option »-s« kann zum Start einer privilegierten Shell verwendet werden." + +#: plugins/sudoers/sudoers.c:643 +msgid "the -D option may be used to run a command in a specific directory." +msgstr "Die Option »-D« kann zum Start des Programms im angegebenen Verzeichnis verwendet werden." + +#: plugins/sudoers/sudoers.c:652 msgid "user not allowed to set a command timeout" msgstr "Der Benutzer darf keinen Kommand-Timeout angeben" -#: plugins/sudoers/sudoers.c:599 +#: plugins/sudoers/sudoers.c:654 msgid "sorry, you are not allowed set a command timeout" msgstr "Sie dürfen keinen Timeout angeben" -#: plugins/sudoers/sudoers.c:607 +#: plugins/sudoers/sudoers.c:662 msgid "user not allowed to preserve the environment" msgstr "Der Benutzer darf das Environment nicht erhalten" -#: plugins/sudoers/sudoers.c:609 +#: plugins/sudoers/sudoers.c:664 msgid "sorry, you are not allowed to preserve the environment" msgstr "Sie dürfen das Environment nicht erhalten" -#: plugins/sudoers/sudoers.c:945 -msgid "command too long" -msgstr "Der Befehl ist zu lang" - -#: plugins/sudoers/sudoers.c:1003 +#: plugins/sudoers/sudoers.c:1037 msgid "sudoedit doesn't need to be run via sudo" msgstr "»sudoedit« muss nicht mittels »sudo« aufgerufen werden" -#: plugins/sudoers/sudoers.c:1057 plugins/sudoers/sudoreplay.c:1547 +#: plugins/sudoers/sudoers.c:1096 plugins/sudoers/sudoreplay.c:1578 #: plugins/sudoers/tsdump.c:138 #, c-format msgid "unable to read %s" msgstr "Die Datei »%s« kann nicht gelesen werden" -#: plugins/sudoers/sudoers.c:1082 plugins/sudoers/visudo.c:432 -#: plugins/sudoers/visudo.c:726 +#: plugins/sudoers/sudoers.c:1121 plugins/sudoers/visudo.c:449 +#: plugins/sudoers/visudo.c:748 #, c-format msgid "unable to stat %s" msgstr "stat konnte nicht auf %s angewendet werden" -#: plugins/sudoers/sudoers.c:1086 plugins/sudoers/visudo.c:1018 +#: plugins/sudoers/sudoers.c:1125 plugins/sudoers/visudo.c:1045 #, c-format msgid "%s is not a regular file" msgstr "%s ist keine reguläre Datei" -#: plugins/sudoers/sudoers.c:1090 plugins/sudoers/timestamp.c:252 toke.l:1112 +#: plugins/sudoers/sudoers.c:1129 plugins/sudoers/timestamp.c:252 toke.l:1168 #, c-format msgid "%s is owned by uid %u, should be %u" msgstr "%s gehört UID %u, sollte UID %u gehören" -#: plugins/sudoers/sudoers.c:1094 toke.l:1117 +#: plugins/sudoers/sudoers.c:1133 toke.l:1173 #, c-format msgid "%s is world writable" msgstr "%s ist für alle beschreibbar (world writable)" -#: plugins/sudoers/sudoers.c:1098 toke.l:1120 +#: plugins/sudoers/sudoers.c:1137 toke.l:1176 #, c-format msgid "%s is owned by gid %u, should be %u" msgstr "%s gehört GID %u, sollte allerdings %u gehören" -#: plugins/sudoers/sudoers.c:1131 +#: plugins/sudoers/sudoers.c:1170 #, c-format msgid "only root can use \"-c %s\"" msgstr "Nur root kann »-c %s« verwenden" -#: plugins/sudoers/sudoers.c:1150 +#: plugins/sudoers/sudoers.c:1189 #, c-format -msgid "unknown login class: %s" -msgstr "Unbekannte Anmeldeklasse: %s" +msgid "unknown login class %s" +msgstr "Unbekannte Anmeldeklasse »%s«" -#: plugins/sudoers/sudoers.c:1235 plugins/sudoers/sudoers.c:1250 +#: plugins/sudoers/sudoers.c:1275 plugins/sudoers/sudoers.c:1290 #, c-format msgid "unable to resolve host %s" msgstr "Hostname %s kann nicht aufgelöst werden" -#: plugins/sudoers/sudoreplay.c:257 +#: plugins/sudoers/sudoreplay.c:259 #, c-format msgid "invalid filter option: %s" msgstr "Ungültige Filteroption: %s" -#: plugins/sudoers/sudoreplay.c:273 +#: plugins/sudoers/sudoreplay.c:275 #, c-format msgid "invalid max wait: %s" msgstr "Ungültige maximale Wartezeit: %s" -#: plugins/sudoers/sudoreplay.c:296 +#: plugins/sudoers/sudoreplay.c:298 #, c-format msgid "invalid speed factor: %s" msgstr "Ungültiger Geschwindigkeitsfaktor: %s" -#: plugins/sudoers/sudoreplay.c:332 +#: plugins/sudoers/sudoreplay.c:333 +#, c-format +msgid "invalid time offset %s" +msgstr "ungültiger Zeitversatz »%s«" + +#: plugins/sudoers/sudoreplay.c:342 #, c-format msgid "%s/%.2s/%.2s/%.2s: %s" msgstr "%s/%.2s/%.2s/%.2s: %s" -#: plugins/sudoers/sudoreplay.c:337 +#: plugins/sudoers/sudoreplay.c:347 #, c-format msgid "%s/timing: %s" msgstr "%s/Zeit: %s" -#: plugins/sudoers/sudoreplay.c:341 -#, c-format -msgid "%s/%s: %s" -msgstr "%s/%s: %s" - -#: plugins/sudoers/sudoreplay.c:365 +#: plugins/sudoers/sudoreplay.c:375 #, c-format msgid "Replaying sudo session: %s" msgstr "Sudo-Sitzung wird abgespielt: %s" -#: plugins/sudoers/sudoreplay.c:627 +#: plugins/sudoers/sudoreplay.c:637 msgid "unable to set tty to raw mode" msgstr "TTY konnte nicht in den Raw-Modus versetzt werden" -#: plugins/sudoers/sudoreplay.c:678 +#: plugins/sudoers/sudoreplay.c:688 msgid "Warning: your terminal is too small to properly replay the log.\n" msgstr "" "Warnung: Ihr Terminal ist zu klein, um das Protokoll korrekt\n" "wiederzugeben.\n" -#: plugins/sudoers/sudoreplay.c:679 +#: plugins/sudoers/sudoreplay.c:689 #, c-format msgid "Log geometry is %d x %d, your terminal's geometry is %d x %d." msgstr "Protokollgeometrie ist %d x %d, die Geometrie Ihres Terminals ist %d x %d." -#: plugins/sudoers/sudoreplay.c:707 +#: plugins/sudoers/sudoreplay.c:717 msgid "Replay finished, press any key to restore the terminal." msgstr "Wiedergabe beendet, eine Taste drücken um das Terminal wiederherzustellen." -#: plugins/sudoers/sudoreplay.c:1197 plugins/sudoers/sudoreplay.c:1227 +#: plugins/sudoers/sudoreplay.c:1218 plugins/sudoers/sudoreplay.c:1248 #, c-format msgid "ambiguous expression \"%s\"" msgstr "Mehrdeutiger Ausdruck »%s«" -#: plugins/sudoers/sudoreplay.c:1249 +#: plugins/sudoers/sudoreplay.c:1270 msgid "unmatched ')' in expression" msgstr "»)« ohne öffnende Klammer im Ausdruck" -#: plugins/sudoers/sudoreplay.c:1253 +#: plugins/sudoers/sudoreplay.c:1274 #, c-format msgid "unknown search term \"%s\"" msgstr "Unbekannter Suchbegriff »%s«" -#: plugins/sudoers/sudoreplay.c:1268 +#: plugins/sudoers/sudoreplay.c:1289 #, c-format msgid "%s requires an argument" msgstr "%s erfordert ein Argument" -#: plugins/sudoers/sudoreplay.c:1271 plugins/sudoers/sudoreplay.c:1523 +#: plugins/sudoers/sudoreplay.c:1292 plugins/sudoers/sudoreplay.c:1554 #, c-format msgid "invalid regular expression: %s" msgstr "ungültiger regulärer Ausdruck: %s" -#: plugins/sudoers/sudoreplay.c:1276 +#: plugins/sudoers/sudoreplay.c:1297 #, c-format msgid "could not parse date \"%s\"" msgstr "Datum »%s« konnte nicht analysiert werden" -#: plugins/sudoers/sudoreplay.c:1285 +#: plugins/sudoers/sudoreplay.c:1306 msgid "unmatched '(' in expression" msgstr "»(« ohne schließende Klammer im Ausdruck" -#: plugins/sudoers/sudoreplay.c:1287 +#: plugins/sudoers/sudoreplay.c:1308 msgid "illegal trailing \"or\"" msgstr "Ungültiges nachgestelltes »or«" -#: plugins/sudoers/sudoreplay.c:1289 +#: plugins/sudoers/sudoreplay.c:1310 msgid "illegal trailing \"!\"" msgstr "Ungültiges nachgestelltes »!«" -#: plugins/sudoers/sudoreplay.c:1347 +#: plugins/sudoers/sudoreplay.c:1368 #, c-format msgid "unknown search type %d" msgstr "Unbekannter Suchtyp %d" -#: plugins/sudoers/sudoreplay.c:1614 +#: plugins/sudoers/sudoreplay.c:1645 #, c-format msgid "usage: %s [-hnRS] [-d dir] [-m num] [-s num] ID\n" msgstr "Aufruf: %s [-hnRS] [-d Verzeichnis] [-m Max_Wartezeit] [-s Geschwindigkeitsfaktor] ID\n" -#: plugins/sudoers/sudoreplay.c:1617 +#: plugins/sudoers/sudoreplay.c:1648 #, c-format msgid "usage: %s [-h] [-d dir] -l [search expression]\n" msgstr "Aufruf: %s [-h] [-d Verzeichnis] -l [Suchausdruck]\n" -#: plugins/sudoers/sudoreplay.c:1626 +#: plugins/sudoers/sudoreplay.c:1657 #, c-format msgid "" "%s - replay sudo session logs\n" @@ -2791,7 +3438,7 @@ "%s – sudo-Sitzungsprotokolle abspielen\n" "\n" -#: plugins/sudoers/sudoreplay.c:1628 +#: plugins/sudoers/sudoreplay.c:1659 msgid "" "\n" "Options:\n" @@ -2824,11 +3471,11 @@ " -V, --version zeigt Versionsinformationen an und beendet\n" " das Programm" -#: plugins/sudoers/testsudoers.c:348 +#: plugins/sudoers/testsudoers.c:344 msgid "\thost unmatched" msgstr "\tHost stimmt nicht überein" -#: plugins/sudoers/testsudoers.c:351 +#: plugins/sudoers/testsudoers.c:347 msgid "" "\n" "Command allowed" @@ -2836,7 +3483,7 @@ "\n" "Befehl erlaubt" -#: plugins/sudoers/testsudoers.c:352 +#: plugins/sudoers/testsudoers.c:348 msgid "" "\n" "Command denied" @@ -2844,7 +3491,7 @@ "\n" "Befehl verweigert" -#: plugins/sudoers/testsudoers.c:352 +#: plugins/sudoers/testsudoers.c:348 msgid "" "\n" "Command unmatched" @@ -2857,121 +3504,127 @@ msgid "%s is group writable" msgstr "%s ist für die Gruppe beschreibbar" -#: plugins/sudoers/timestamp.c:336 plugins/sudoers/timestamp.c:680 +#: plugins/sudoers/timestamp.c:328 plugins/sudoers/timestamp.c:663 #, c-format msgid "unable to truncate time stamp file to %lld bytes" msgstr "Die Zeitstempeldatei kann nicht auf %lld Bytes abgeschnitten werden" -#: plugins/sudoers/timestamp.c:866 +#: plugins/sudoers/timestamp.c:860 msgid "ignoring time stamp from the future" msgstr "Zeitstempel aus der Zukunft wird ignoriert" -#: plugins/sudoers/timestamp.c:889 +#: plugins/sudoers/timestamp.c:883 #, c-format msgid "time stamp too far in the future: %20.20s" msgstr "Zeitstempel ist zu weit in der Zukunft: %20.20s" -#: plugins/sudoers/timestamp.c:1011 +#: plugins/sudoers/timestamp.c:1005 #, c-format msgid "unable to lock time stamp file %s" msgstr "Die Zeitstempeldatei »%s« kann nicht gesperrt werden" -#: plugins/sudoers/timestamp.c:1055 plugins/sudoers/timestamp.c:1075 +#: plugins/sudoers/timestamp.c:1049 plugins/sudoers/timestamp.c:1069 #, c-format msgid "lecture status path too long: %s/%s" msgstr "Pfad zur Belehrung ist zu lang: %s/%s" -#: plugins/sudoers/toke_util.c:124 +#: plugins/sudoers/toke_util.c:150 msgid "sudoedit should not be specified with a path" msgstr "»sudoedit« sollte nicht mit einem Pfad angegeben werden" -#: plugins/sudoers/visudo.c:226 +#: plugins/sudoers/visudo.c:238 msgid "the -x option will be removed in a future release" msgstr "Die Option »-x» wird in einer zukünftigen Version entfernt" -#: plugins/sudoers/visudo.c:228 +#: plugins/sudoers/visudo.c:240 msgid "please consider using the cvtsudoers utility instead" msgstr "Bitte verwenden Sie stattdessen das Programm »cvtsudoers«" -#: plugins/sudoers/visudo.c:279 plugins/sudoers/visudo.c:659 +#: plugins/sudoers/visudo.c:292 plugins/sudoers/visudo.c:676 #, c-format msgid "press return to edit %s: " msgstr "Drücken Sie die Eingabetaste, um %s zu bearbeiten: " -#: plugins/sudoers/visudo.c:340 +#: plugins/sudoers/visudo.c:307 +#, c-format +msgid "contents of edit session left in %s" +msgstr "Inhalt der Editor-Sitzung bleibt in »%s« erhalten" + +#: plugins/sudoers/visudo.c:361 #, c-format msgid "specified editor (%s) doesn't exist" msgstr "Der angegebene Editor (%s) ist nicht vorhanden" -#: plugins/sudoers/visudo.c:342 +#: plugins/sudoers/visudo.c:363 #, c-format msgid "no editor found (editor path = %s)" msgstr "Kein Editor gefunden (Pfad zum Editor = %s)" -#: plugins/sudoers/visudo.c:452 plugins/sudoers/visudo.c:460 +#: plugins/sudoers/visudo.c:469 plugins/sudoers/visudo.c:477 msgid "write error" msgstr "Schreibfehler" -#: plugins/sudoers/visudo.c:506 +#: plugins/sudoers/visudo.c:523 #, c-format msgid "unable to stat temporary file (%s), %s unchanged" msgstr "Anwenden von stat auf die temporäre Datei (%s) gescheitert, %s ist unverändert" -#: plugins/sudoers/visudo.c:513 +#: plugins/sudoers/visudo.c:530 #, c-format msgid "zero length temporary file (%s), %s unchanged" msgstr "Leere temporäre Datei (%s), %s ist unverändert" -#: plugins/sudoers/visudo.c:519 +#: plugins/sudoers/visudo.c:536 #, c-format msgid "editor (%s) failed, %s unchanged" msgstr "Editor-Aufruf (%s) ist gescheitert, %s ist unverändert" -#: plugins/sudoers/visudo.c:541 +#: plugins/sudoers/visudo.c:558 #, c-format msgid "%s unchanged" msgstr "%s unverändert" -#: plugins/sudoers/visudo.c:598 +#: plugins/sudoers/visudo.c:615 #, c-format msgid "unable to re-open temporary file (%s), %s unchanged." msgstr "Erneutes Öffnen der temporären Datei (%s) gescheitert, %s ist unverändert." -#: plugins/sudoers/visudo.c:610 +#: plugins/sudoers/visudo.c:627 #, c-format msgid "unable to parse temporary file (%s), unknown error" msgstr "Analyse der temporären Datei (%s) gescheitert, unbekannter Fehler" -#: plugins/sudoers/visudo.c:648 +#: plugins/sudoers/visudo.c:665 #, c-format msgid "internal error, unable to find %s in list!" msgstr "Interner Fehler, %s in der Liste nicht gefunden!" -#: plugins/sudoers/visudo.c:728 plugins/sudoers/visudo.c:737 +#: plugins/sudoers/visudo.c:722 plugins/sudoers/visudo.c:752 +#: plugins/sudoers/visudo.c:759 #, c-format msgid "unable to set (uid, gid) of %s to (%u, %u)" msgstr "Festlegen von (uid, gid) von %s auf (%u, %u) gescheitert" -#: plugins/sudoers/visudo.c:760 +#: plugins/sudoers/visudo.c:787 #, c-format msgid "%s and %s not on the same file system, using mv to rename" msgstr "%s und %s befinden sich nicht im gleichen Dateisystem, werden mit mv umbenannt" -#: plugins/sudoers/visudo.c:774 +#: plugins/sudoers/visudo.c:798 #, c-format msgid "command failed: '%s %s %s', %s unchanged" msgstr "Befehl gescheitert: »%s %s %s«, %s unverändert" -#: plugins/sudoers/visudo.c:784 +#: plugins/sudoers/visudo.c:805 #, c-format msgid "error renaming %s, %s unchanged" msgstr "Fehler beim Umbenennen von %s, %s unverändert" -#: plugins/sudoers/visudo.c:805 +#: plugins/sudoers/visudo.c:825 msgid "What now? " msgstr "Was jetzt? " -#: plugins/sudoers/visudo.c:819 +#: plugins/sudoers/visudo.c:839 msgid "" "Options are:\n" " (e)dit sudoers file again\n" @@ -2983,67 +3636,42 @@ " Beenden, ohne die Änderungen an der sudoers-Datei zu speichern (mit x)\n" " Beenden und Änderungen an der sudoers-Datei speichern (mit Q, VORSICHT!)\n" -#: plugins/sudoers/visudo.c:865 +#: plugins/sudoers/visudo.c:885 #, c-format msgid "unable to run %s" msgstr "%s konnte nicht ausgeführt werden" -#: plugins/sudoers/visudo.c:895 +#: plugins/sudoers/visudo.c:916 #, c-format msgid "%s: wrong owner (uid, gid) should be (%u, %u)\n" msgstr "%s: Falsche Besitzer-(uid, gid), sollte (%u, %u) sein\n" -#: plugins/sudoers/visudo.c:902 +#: plugins/sudoers/visudo.c:927 #, c-format msgid "%s: bad permissions, should be mode 0%o\n" msgstr "%s: Falsche Zugriffsrechte, sollte Modus 0%o sein\n" -#: plugins/sudoers/visudo.c:951 plugins/sudoers/visudo.c:958 +#: plugins/sudoers/visudo.c:978 plugins/sudoers/visudo.c:985 #, c-format msgid "%s: parsed OK\n" msgstr "%s: Analyse OK\n" -#: plugins/sudoers/visudo.c:977 +#: plugins/sudoers/visudo.c:1004 #, c-format msgid "%s busy, try again later" msgstr "%s ist in Verwendung, versuchen Sie es später erneut" -#: plugins/sudoers/visudo.c:980 -#, c-format -msgid "unable to lock %s" -msgstr "Die Datei »%s« kann nicht gesperrt werden" - # XXX -#: plugins/sudoers/visudo.c:981 +#: plugins/sudoers/visudo.c:1008 msgid "Edit anyway? [y/N]" msgstr "Trotzdem ändern? [y/N]" -#: plugins/sudoers/visudo.c:1091 -#, c-format -msgid "Error: %s:%d:%d: cycle in %s \"%s\"" -msgstr "Fehler: %s:%d:%d: Zyklus in %s »%s«" - -#: plugins/sudoers/visudo.c:1092 -#, c-format -msgid "Warning: %s:%d:%d: cycle in %s \"%s\"" -msgstr "Warnung: %s:%d:%d: Zyklus in %s »%s«" - -#: plugins/sudoers/visudo.c:1096 -#, c-format -msgid "Error: %s:%d:%d: %s \"%s\" referenced but not defined" -msgstr "Fehler: %s:%d:%d: %s »%s« wird verwendet, ist aber nicht definiert" - -#: plugins/sudoers/visudo.c:1097 -#, c-format -msgid "Warning: %s:%d:%d: %s \"%s\" referenced but not defined" -msgstr "Warnung: %s:%d:%d: %s »%s« wird verwendet, ist aber nicht definiert" - -#: plugins/sudoers/visudo.c:1188 +#: plugins/sudoers/visudo.c:1104 #, c-format msgid "Warning: %s:%d:%d: unused %s \"%s\"" msgstr "Warnung: %s:%d:%d: nicht verwendet: %s »%s«" -#: plugins/sudoers/visudo.c:1303 +#: plugins/sudoers/visudo.c:1220 #, c-format msgid "" "%s - safely edit the sudoers file\n" @@ -3052,7 +3680,7 @@ "%s – Die sudoers-Datei sicher bearbeiten\n" "\n" -#: plugins/sudoers/visudo.c:1305 +#: plugins/sudoers/visudo.c:1222 msgid "" "\n" "Options:\n" @@ -3072,30 +3700,30 @@ " -s, --strict strikte Syntax-Prüfung\n" " -V, --version Versionsinformation anzeigen und beenden\n" -#: toke.l:179 +#: toke.l:187 msgid "empty string" msgstr "leere Zeichenkette" -#: toke.l:189 toke.l:491 +#: toke.l:199 toke.l:513 msgid "empty group" msgstr "leere Gruppe" -#: toke.l:197 toke.l:489 +#: toke.l:209 toke.l:511 msgid "empty netgroup" msgstr "leere Netgroup" -#: toke.l:293 toke.l:305 toke.l:317 toke.l:333 toke.l:352 toke.l:392 +#: toke.l:305 toke.l:317 toke.l:329 toke.l:345 toke.l:364 toke.l:404 msgid "invalid line continuation" msgstr "Ungültiger Zeilenfortsetzung" -#: toke.l:528 toke.l:540 +#: toke.l:550 toke.l:562 msgid "invalid IPv6 address" msgstr "Ungültiges IPv6 Adresse: %s" -#: toke.l:764 +#: toke.l:789 msgid "unexpected line break in string" msgstr "unerwarteter Zeilenumbruch in Zeichenkette" -#: toke.l:1084 +#: toke.l:1139 msgid "too many levels of includes" msgstr "Zu viele geschachtelte include-Einträge" Binary files /tmp/tmpi0rdlgnl/ugezXHF7Xt/sudo-1.9.5p2/plugins/sudoers/po/eo.mo and /tmp/tmpi0rdlgnl/jboyaHmwzR/sudo-1.9.9/plugins/sudoers/po/eo.mo differ diff -Nru sudo-1.9.5p2/plugins/sudoers/po/eo.po sudo-1.9.9/plugins/sudoers/po/eo.po --- sudo-1.9.5p2/plugins/sudoers/po/eo.po 2020-12-17 01:33:44.000000000 +0000 +++ sudo-1.9.9/plugins/sudoers/po/eo.po 2022-01-27 21:24:22.000000000 +0000 @@ -1,14 +1,14 @@ # Esperanto translations for sudo package. # This file is distributed under the same license as the sudo package. -# Keith Bowes , 2012, 2019, 2020. +# Keith Bowes , 2012, 2019-2021. # Felipe Castro , 2013, 2014, 2015, 2016, 2017, 2018, 2019. # msgid "" msgstr "" -"Project-Id-Version: sudoers 1.9.4b1\n" +"Project-Id-Version: sudoers 1.9.9b1\n" "Report-Msgid-Bugs-To: https://bugzilla.sudo.ws\n" -"POT-Creation-Date: 2020-11-14 06:24-0700\n" -"PO-Revision-Date: 2020-11-18 16:11-0500\n" +"POT-Creation-Date: 2021-12-08 10:19-0700\n" +"PO-Revision-Date: 2021-12-11 13:17-0500\n" "Last-Translator: Keith Bowes \n" "Language-Team: Esperanto \n" "Language: eo\n" @@ -19,7 +19,7 @@ "Plural-Forms: nplurals=2; plural=(n != 1);\n" "X-Generator: Poedit 2.0.7\n" -#: confstr.sh:1 gram.y:1077 +#: confstr.sh:1 gram.y:1201 msgid "syntax error" msgstr "sintaksa eraro" @@ -43,868 +43,1298 @@ msgid "Sorry, try again." msgstr "Malĝuste, reprovu." -#: gram.y:220 gram.y:286 gram.y:293 gram.y:300 gram.y:307 gram.y:314 -#: gram.y:334 gram.y:358 gram.y:365 gram.y:372 gram.y:379 gram.y:386 -#: gram.y:455 gram.y:464 gram.y:475 gram.y:510 gram.y:517 gram.y:524 -#: gram.y:531 gram.y:558 gram.y:654 gram.y:661 gram.y:670 gram.y:679 -#: gram.y:696 gram.y:834 gram.y:841 gram.y:849 gram.y:855 gram.y:971 -#: gram.y:978 gram.y:985 gram.y:992 gram.y:999 gram.y:1025 gram.y:1032 -#: gram.y:1039 gram.y:1236 gram.y:1526 lib/eventlog/eventlog.c:280 -#: lib/eventlog/eventlog.c:352 lib/eventlog/eventlog.c:753 -#: lib/eventlog/eventlog.c:817 lib/eventlog/eventlog.c:1062 -#: lib/iolog/iolog_fileio.c:998 lib/iolog/iolog_json.c:120 -#: lib/iolog/iolog_json.c:305 lib/iolog/iolog_json.c:335 -#: lib/iolog/iolog_json.c:457 lib/iolog/iolog_util.c:106 -#: lib/iolog/iolog_util.c:115 lib/iolog/iolog_util.c:125 -#: lib/iolog/iolog_util.c:133 lib/iolog/iolog_util.c:137 -#: lib/iolog/iolog_util.c:196 logsrvd/sendlog.c:480 -#: plugins/sudoers/alias.c:126 plugins/sudoers/alias.c:134 -#: plugins/sudoers/alias.c:153 plugins/sudoers/audit.c:115 -#: plugins/sudoers/audit.c:210 plugins/sudoers/auth/bsdauth.c:143 -#: plugins/sudoers/auth/kerb5.c:118 plugins/sudoers/auth/kerb5.c:144 -#: plugins/sudoers/auth/pam.c:669 plugins/sudoers/auth/rfc1938.c:111 -#: plugins/sudoers/auth/sia.c:59 plugins/sudoers/cvtsudoers.c:119 -#: plugins/sudoers/cvtsudoers.c:160 plugins/sudoers/cvtsudoers.c:177 -#: plugins/sudoers/cvtsudoers.c:188 plugins/sudoers/cvtsudoers.c:300 -#: plugins/sudoers/cvtsudoers.c:428 plugins/sudoers/cvtsudoers.c:561 -#: plugins/sudoers/cvtsudoers.c:578 plugins/sudoers/cvtsudoers.c:641 -#: plugins/sudoers/cvtsudoers.c:756 plugins/sudoers/cvtsudoers.c:764 -#: plugins/sudoers/cvtsudoers.c:1178 plugins/sudoers/cvtsudoers.c:1182 -#: plugins/sudoers/cvtsudoers.c:1284 plugins/sudoers/cvtsudoers_json.c:76 +#: gram.y:233 gram.y:300 gram.y:309 gram.y:318 gram.y:328 gram.y:338 +#: gram.y:362 gram.y:389 gram.y:398 gram.y:406 gram.y:415 gram.y:424 +#: gram.y:498 gram.y:508 gram.y:520 gram.y:564 gram.y:573 gram.y:582 +#: gram.y:591 gram.y:718 gram.y:726 gram.y:737 gram.y:749 gram.y:768 +#: gram.y:923 gram.y:928 gram.y:936 gram.y:950 gram.y:956 gram.y:1078 +#: gram.y:1087 gram.y:1095 gram.y:1104 gram.y:1113 gram.y:1142 gram.y:1151 +#: gram.y:1159 gram.y:1249 gram.y:1377 gram.y:1744 gram.y:1794 +#: lib/eventlog/eventlog.c:309 lib/eventlog/eventlog.c:382 +#: lib/eventlog/eventlog.c:804 lib/eventlog/eventlog.c:881 +#: lib/eventlog/eventlog.c:1176 lib/iolog/iolog_json.c:150 +#: lib/iolog/iolog_json.c:382 lib/iolog/iolog_json.c:412 +#: lib/iolog/iolog_json.c:555 lib/iolog/iolog_legacy.c:100 +#: lib/iolog/iolog_legacy.c:111 lib/iolog/iolog_legacy.c:123 +#: lib/iolog/iolog_legacy.c:133 lib/iolog/iolog_legacy.c:139 +#: lib/iolog/iolog_loginfo.c:76 lib/iolog/iolog_loginfo.c:211 +#: logsrvd/iolog_writer.c:84 logsrvd/iolog_writer.c:89 +#: logsrvd/iolog_writer.c:123 logsrvd/iolog_writer.c:172 +#: logsrvd/iolog_writer.c:212 logsrvd/iolog_writer.c:225 +#: logsrvd/iolog_writer.c:261 logsrvd/iolog_writer.c:286 +#: logsrvd/iolog_writer.c:301 logsrvd/iolog_writer.c:314 +#: logsrvd/iolog_writer.c:327 logsrvd/iolog_writer.c:340 +#: logsrvd/iolog_writer.c:355 logsrvd/iolog_writer.c:393 +#: logsrvd/iolog_writer.c:399 logsrvd/iolog_writer.c:406 +#: logsrvd/iolog_writer.c:412 logsrvd/iolog_writer.c:596 +#: logsrvd/logsrv_util.c:64 logsrvd/logsrvd.c:296 logsrvd/logsrvd.c:305 +#: logsrvd/logsrvd.c:1011 logsrvd/logsrvd.c:1073 logsrvd/logsrvd_conf.c:1360 +#: logsrvd/logsrvd_journal.c:70 logsrvd/logsrvd_journal.c:203 +#: logsrvd/logsrvd_journal.c:204 logsrvd/logsrvd_journal.c:260 +#: logsrvd/logsrvd_journal.c:425 logsrvd/logsrvd_journal.c:427 +#: logsrvd/logsrvd_local.c:174 logsrvd/logsrvd_local.c:175 +#: logsrvd/logsrvd_local.c:237 logsrvd/logsrvd_local.c:238 +#: logsrvd/logsrvd_local.c:376 logsrvd/logsrvd_local.c:425 +#: logsrvd/logsrvd_local.c:426 logsrvd/logsrvd_local.c:431 +#: logsrvd/logsrvd_local.c:432 logsrvd/logsrvd_queue.c:154 +#: logsrvd/logsrvd_queue.c:184 logsrvd/logsrvd_queue.c:261 +#: logsrvd/logsrvd_relay.c:439 logsrvd/logsrvd_relay.c:738 +#: logsrvd/logsrvd_relay.c:843 logsrvd/sendlog.c:246 logsrvd/sendlog.c:255 +#: logsrvd/sendlog.c:333 logsrvd/sendlog.c:640 plugins/sudoers/audit.c:116 +#: plugins/sudoers/auth/bsdauth.c:147 plugins/sudoers/auth/kerb5.c:118 +#: plugins/sudoers/auth/kerb5.c:146 plugins/sudoers/auth/pam.c:689 +#: plugins/sudoers/auth/rfc1938.c:111 plugins/sudoers/auth/sia.c:59 +#: plugins/sudoers/check_aliases.c:134 plugins/sudoers/cvtsudoers.c:131 +#: plugins/sudoers/cvtsudoers.c:175 plugins/sudoers/cvtsudoers.c:192 +#: plugins/sudoers/cvtsudoers.c:203 plugins/sudoers/cvtsudoers.c:333 +#: plugins/sudoers/cvtsudoers.c:372 plugins/sudoers/cvtsudoers.c:392 +#: plugins/sudoers/cvtsudoers.c:534 plugins/sudoers/cvtsudoers.c:667 +#: plugins/sudoers/cvtsudoers.c:685 plugins/sudoers/cvtsudoers.c:755 +#: plugins/sudoers/cvtsudoers.c:870 plugins/sudoers/cvtsudoers.c:878 +#: plugins/sudoers/cvtsudoers.c:1373 plugins/sudoers/cvtsudoers.c:1377 +#: plugins/sudoers/cvtsudoers.c:1479 plugins/sudoers/cvtsudoers_csv.c:183 +#: plugins/sudoers/cvtsudoers_csv.c:246 plugins/sudoers/cvtsudoers_json.c:76 #: plugins/sudoers/cvtsudoers_ldif.c:151 plugins/sudoers/cvtsudoers_ldif.c:194 #: plugins/sudoers/cvtsudoers_ldif.c:235 plugins/sudoers/cvtsudoers_ldif.c:300 -#: plugins/sudoers/cvtsudoers_ldif.c:371 plugins/sudoers/cvtsudoers_ldif.c:421 -#: plugins/sudoers/cvtsudoers_ldif.c:429 plugins/sudoers/cvtsudoers_ldif.c:440 -#: plugins/sudoers/cvtsudoers_ldif.c:447 plugins/sudoers/cvtsudoers_ldif.c:460 -#: plugins/sudoers/cvtsudoers_ldif.c:468 plugins/sudoers/cvtsudoers_ldif.c:615 -#: plugins/sudoers/defaults.c:630 plugins/sudoers/defaults.c:923 -#: plugins/sudoers/defaults.c:1098 plugins/sudoers/editor.c:181 -#: plugins/sudoers/env.c:261 plugins/sudoers/exptilde.c:92 -#: plugins/sudoers/filedigest.c:54 plugins/sudoers/filedigest.c:70 -#: plugins/sudoers/gc.c:56 plugins/sudoers/group_plugin.c:133 -#: plugins/sudoers/interfaces.c:72 plugins/sudoers/iolog.c:596 -#: plugins/sudoers/iolog.c:613 plugins/sudoers/ldap.c:184 -#: plugins/sudoers/ldap.c:422 plugins/sudoers/ldap.c:432 -#: plugins/sudoers/ldap.c:437 plugins/sudoers/ldap.c:441 -#: plugins/sudoers/ldap.c:453 plugins/sudoers/ldap.c:744 -#: plugins/sudoers/ldap.c:908 plugins/sudoers/ldap.c:1281 -#: plugins/sudoers/ldap.c:1709 plugins/sudoers/ldap.c:1746 -#: plugins/sudoers/ldap.c:1827 plugins/sudoers/ldap.c:1962 -#: plugins/sudoers/ldap.c:2063 plugins/sudoers/ldap.c:2079 -#: plugins/sudoers/ldap_conf.c:218 plugins/sudoers/ldap_conf.c:249 -#: plugins/sudoers/ldap_conf.c:301 plugins/sudoers/ldap_conf.c:337 -#: plugins/sudoers/ldap_conf.c:441 plugins/sudoers/ldap_conf.c:456 -#: plugins/sudoers/ldap_conf.c:553 plugins/sudoers/ldap_conf.c:586 -#: plugins/sudoers/ldap_conf.c:678 plugins/sudoers/ldap_conf.c:760 -#: plugins/sudoers/ldap_util.c:326 plugins/sudoers/ldap_util.c:333 -#: plugins/sudoers/ldap_util.c:603 plugins/sudoers/linux_audit.c:84 -#: plugins/sudoers/log_client.c:105 plugins/sudoers/log_client.c:381 -#: plugins/sudoers/log_client.c:688 plugins/sudoers/log_client.c:706 -#: plugins/sudoers/log_client.c:1407 plugins/sudoers/log_client.c:1620 -#: plugins/sudoers/log_client.c:1942 plugins/sudoers/log_client.c:1999 -#: plugins/sudoers/logging.c:100 plugins/sudoers/logging.c:166 -#: plugins/sudoers/logging.c:426 plugins/sudoers/logging.c:446 -#: plugins/sudoers/logging.c:527 plugins/sudoers/match_command.c:281 -#: plugins/sudoers/match_command.c:449 plugins/sudoers/match_command.c:499 -#: plugins/sudoers/match_command.c:573 plugins/sudoers/match_digest.c:93 -#: plugins/sudoers/parse.c:199 plugins/sudoers/parse.c:213 -#: plugins/sudoers/parse.c:230 plugins/sudoers/parse.c:244 -#: plugins/sudoers/parse.c:264 plugins/sudoers/parse.c:275 +#: plugins/sudoers/cvtsudoers_ldif.c:376 plugins/sudoers/cvtsudoers_ldif.c:430 +#: plugins/sudoers/cvtsudoers_ldif.c:438 plugins/sudoers/cvtsudoers_ldif.c:449 +#: plugins/sudoers/cvtsudoers_ldif.c:456 plugins/sudoers/cvtsudoers_ldif.c:469 +#: plugins/sudoers/cvtsudoers_ldif.c:477 plugins/sudoers/cvtsudoers_ldif.c:624 +#: plugins/sudoers/cvtsudoers_merge.c:246 +#: plugins/sudoers/cvtsudoers_merge.c:292 +#: plugins/sudoers/cvtsudoers_merge.c:339 +#: plugins/sudoers/cvtsudoers_merge.c:360 +#: plugins/sudoers/cvtsudoers_merge.c:446 +#: plugins/sudoers/cvtsudoers_merge.c:457 +#: plugins/sudoers/cvtsudoers_merge.c:526 +#: plugins/sudoers/cvtsudoers_merge.c:696 +#: plugins/sudoers/cvtsudoers_merge.c:704 +#: plugins/sudoers/cvtsudoers_merge.c:927 +#: plugins/sudoers/cvtsudoers_merge.c:962 plugins/sudoers/defaults.c:665 +#: plugins/sudoers/defaults.c:1019 plugins/sudoers/defaults.c:1206 +#: plugins/sudoers/editor.c:190 plugins/sudoers/env.c:262 +#: plugins/sudoers/exptilde.c:92 plugins/sudoers/filedigest.c:54 +#: plugins/sudoers/filedigest.c:70 plugins/sudoers/gc.c:57 +#: plugins/sudoers/group_plugin.c:133 plugins/sudoers/interfaces.c:68 +#: plugins/sudoers/iolog.c:609 plugins/sudoers/iolog.c:635 +#: plugins/sudoers/ldap.c:184 plugins/sudoers/ldap.c:422 +#: plugins/sudoers/ldap.c:432 plugins/sudoers/ldap.c:437 +#: plugins/sudoers/ldap.c:441 plugins/sudoers/ldap.c:453 +#: plugins/sudoers/ldap.c:749 plugins/sudoers/ldap.c:913 +#: plugins/sudoers/ldap.c:1286 plugins/sudoers/ldap.c:1712 +#: plugins/sudoers/ldap.c:1749 plugins/sudoers/ldap.c:1830 +#: plugins/sudoers/ldap.c:1965 plugins/sudoers/ldap.c:2066 +#: plugins/sudoers/ldap.c:2082 plugins/sudoers/ldap_conf.c:218 +#: plugins/sudoers/ldap_conf.c:249 plugins/sudoers/ldap_conf.c:301 +#: plugins/sudoers/ldap_conf.c:337 plugins/sudoers/ldap_conf.c:441 +#: plugins/sudoers/ldap_conf.c:456 plugins/sudoers/ldap_conf.c:553 +#: plugins/sudoers/ldap_conf.c:586 plugins/sudoers/ldap_conf.c:678 +#: plugins/sudoers/ldap_conf.c:760 plugins/sudoers/ldap_util.c:293 +#: plugins/sudoers/ldap_util.c:300 plugins/sudoers/ldap_util.c:613 +#: plugins/sudoers/linux_audit.c:86 plugins/sudoers/log_client.c:112 +#: plugins/sudoers/log_client.c:390 plugins/sudoers/log_client.c:703 +#: plugins/sudoers/log_client.c:724 plugins/sudoers/log_client.c:1444 +#: plugins/sudoers/log_client.c:1662 plugins/sudoers/log_client.c:1989 +#: plugins/sudoers/log_client.c:2046 plugins/sudoers/logging.c:104 +#: plugins/sudoers/logging.c:184 plugins/sudoers/logging.c:468 +#: plugins/sudoers/logging.c:488 plugins/sudoers/logging.c:627 +#: plugins/sudoers/match_command.c:297 plugins/sudoers/match_command.c:497 +#: plugins/sudoers/match_command.c:546 plugins/sudoers/match_command.c:618 +#: plugins/sudoers/match_command.c:666 plugins/sudoers/match_digest.c:93 +#: plugins/sudoers/parse.c:201 plugins/sudoers/parse.c:218 +#: plugins/sudoers/parse.c:250 plugins/sudoers/parse.c:267 +#: plugins/sudoers/parse.c:290 plugins/sudoers/parse.c:301 #: plugins/sudoers/parse_ldif.c:153 plugins/sudoers/parse_ldif.c:184 -#: plugins/sudoers/parse_ldif.c:253 plugins/sudoers/parse_ldif.c:260 -#: plugins/sudoers/parse_ldif.c:265 plugins/sudoers/parse_ldif.c:341 -#: plugins/sudoers/parse_ldif.c:352 plugins/sudoers/parse_ldif.c:379 -#: plugins/sudoers/parse_ldif.c:396 plugins/sudoers/parse_ldif.c:408 -#: plugins/sudoers/parse_ldif.c:412 plugins/sudoers/parse_ldif.c:426 -#: plugins/sudoers/parse_ldif.c:594 plugins/sudoers/parse_ldif.c:624 -#: plugins/sudoers/parse_ldif.c:649 plugins/sudoers/parse_ldif.c:707 -#: plugins/sudoers/parse_ldif.c:724 plugins/sudoers/parse_ldif.c:752 -#: plugins/sudoers/parse_ldif.c:759 plugins/sudoers/policy.c:526 -#: plugins/sudoers/policy.c:874 plugins/sudoers/prompt.c:93 -#: plugins/sudoers/pwutil.c:194 plugins/sudoers/pwutil.c:265 -#: plugins/sudoers/pwutil.c:343 plugins/sudoers/pwutil.c:517 -#: plugins/sudoers/pwutil.c:581 plugins/sudoers/pwutil.c:652 -#: plugins/sudoers/pwutil.c:811 plugins/sudoers/pwutil.c:867 -#: plugins/sudoers/pwutil.c:911 plugins/sudoers/pwutil.c:968 -#: plugins/sudoers/sssd.c:145 plugins/sudoers/sssd.c:407 -#: plugins/sudoers/sssd.c:470 plugins/sudoers/sssd.c:514 -#: plugins/sudoers/sssd.c:561 plugins/sudoers/sssd.c:754 -#: plugins/sudoers/stubs.c:110 plugins/sudoers/stubs.c:118 -#: plugins/sudoers/sudoers.c:300 plugins/sudoers/sudoers.c:326 -#: plugins/sudoers/sudoers.c:370 plugins/sudoers/sudoers.c:381 -#: plugins/sudoers/sudoers.c:391 plugins/sudoers/sudoers.c:433 -#: plugins/sudoers/sudoers.c:794 plugins/sudoers/sudoers.c:927 -#: plugins/sudoers/sudoers.c:961 plugins/sudoers/sudoers.c:1265 -#: plugins/sudoers/sudoreplay.c:552 plugins/sudoers/sudoreplay.c:555 -#: plugins/sudoers/sudoreplay.c:1259 plugins/sudoers/sudoreplay.c:1469 -#: plugins/sudoers/sudoreplay.c:1473 plugins/sudoers/testsudoers.c:128 -#: plugins/sudoers/testsudoers.c:228 plugins/sudoers/testsudoers.c:245 -#: plugins/sudoers/testsudoers.c:587 plugins/sudoers/timestamp.c:432 -#: plugins/sudoers/timestamp.c:476 plugins/sudoers/timestamp.c:986 -#: plugins/sudoers/toke_util.c:51 plugins/sudoers/toke_util.c:104 -#: plugins/sudoers/toke_util.c:129 plugins/sudoers/toke_util.c:157 -#: plugins/sudoers/tsdump.c:123 plugins/sudoers/visudo.c:145 -#: plugins/sudoers/visudo.c:323 plugins/sudoers/visudo.c:329 -#: plugins/sudoers/visudo.c:439 plugins/sudoers/visudo.c:615 -#: plugins/sudoers/visudo.c:935 plugins/sudoers/visudo.c:1008 -#: plugins/sudoers/visudo.c:1129 toke.l:913 toke.l:1033 toke.l:1091 +#: plugins/sudoers/parse_ldif.c:253 plugins/sudoers/parse_ldif.c:261 +#: plugins/sudoers/parse_ldif.c:266 plugins/sudoers/parse_ldif.c:342 +#: plugins/sudoers/parse_ldif.c:353 plugins/sudoers/parse_ldif.c:380 +#: plugins/sudoers/parse_ldif.c:397 plugins/sudoers/parse_ldif.c:409 +#: plugins/sudoers/parse_ldif.c:413 plugins/sudoers/parse_ldif.c:427 +#: plugins/sudoers/parse_ldif.c:484 plugins/sudoers/parse_ldif.c:597 +#: plugins/sudoers/parse_ldif.c:627 plugins/sudoers/parse_ldif.c:652 +#: plugins/sudoers/parse_ldif.c:710 plugins/sudoers/parse_ldif.c:727 +#: plugins/sudoers/parse_ldif.c:755 plugins/sudoers/parse_ldif.c:762 +#: plugins/sudoers/policy.c:564 plugins/sudoers/policy.c:978 +#: plugins/sudoers/prompt.c:93 plugins/sudoers/pwutil.c:199 +#: plugins/sudoers/pwutil.c:270 plugins/sudoers/pwutil.c:348 +#: plugins/sudoers/pwutil.c:522 plugins/sudoers/pwutil.c:587 +#: plugins/sudoers/pwutil.c:659 plugins/sudoers/pwutil.c:857 +#: plugins/sudoers/pwutil.c:913 plugins/sudoers/pwutil.c:957 +#: plugins/sudoers/pwutil.c:1014 plugins/sudoers/sssd.c:145 +#: plugins/sudoers/sssd.c:407 plugins/sudoers/sssd.c:470 +#: plugins/sudoers/sssd.c:514 plugins/sudoers/sssd.c:558 +#: plugins/sudoers/sssd.c:751 plugins/sudoers/strvec_join.c:53 +#: plugins/sudoers/stubs.c:111 plugins/sudoers/stubs.c:119 +#: plugins/sudoers/sudoers.c:335 plugins/sudoers/sudoers.c:361 +#: plugins/sudoers/sudoers.c:429 plugins/sudoers/sudoers.c:438 +#: plugins/sudoers/sudoers.c:479 plugins/sudoers/sudoers.c:842 +#: plugins/sudoers/sudoers.c:980 plugins/sudoers/sudoers.c:1039 +#: plugins/sudoers/sudoers.c:1305 plugins/sudoers/sudoreplay.c:562 +#: plugins/sudoers/sudoreplay.c:565 plugins/sudoers/sudoreplay.c:1280 +#: plugins/sudoers/sudoreplay.c:1500 plugins/sudoers/sudoreplay.c:1504 +#: plugins/sudoers/testsudoers.c:120 plugins/sudoers/testsudoers.c:224 +#: plugins/sudoers/testsudoers.c:241 plugins/sudoers/testsudoers.c:580 +#: plugins/sudoers/timestamp.c:424 plugins/sudoers/timestamp.c:468 +#: plugins/sudoers/timestamp.c:980 plugins/sudoers/timestamp.c:1118 +#: plugins/sudoers/toke_util.c:77 plugins/sudoers/toke_util.c:105 +#: plugins/sudoers/toke_util.c:130 plugins/sudoers/toke_util.c:155 +#: plugins/sudoers/toke_util.c:193 plugins/sudoers/tsdump.c:123 +#: plugins/sudoers/visudo.c:145 plugins/sudoers/visudo.c:344 +#: plugins/sudoers/visudo.c:350 plugins/sudoers/visudo.c:456 +#: plugins/sudoers/visudo.c:632 plugins/sudoers/visudo.c:962 +#: plugins/sudoers/visudo.c:1035 toke.l:944 toke.l:1076 toke.l:1147 msgid "unable to allocate memory" msgstr "ne eblas rezervi memoron" -#: gram.y:552 +#: gram.y:615 msgid "a digest requires a path name" msgstr "resumo postulas vojnomon" -#: gram.y:581 +#: gram.y:637 msgid "values for \"CWD\" must start with a '/', '~', or '*'" msgstr "valoroj por \"CWD\" devas komenciĝi per '/', '~' aŭ '*'" -#: gram.y:593 +#: gram.y:643 +msgid "\"CWD\" path too long" +msgstr "\"CWD\"-vojo tro grandas" + +#: gram.y:653 msgid "values for \"CHROOT\" must start with a '/', '~', or '*'" msgstr "valoroj por \"CHROOT\" devas komenciĝi per '/', '~' aŭ '*'" -#: gram.y:715 +#: gram.y:659 +msgid "\"CHROOT\" path too long" +msgstr "\"CHROOT\"-vojo tro grandas" + +#: gram.y:788 #, c-format msgid "syntax error, reserved word %s used as an alias name" msgstr "sintakseraro: rezervita vorto %s uzata kiel kromnomo" -#: gram.y:735 +#: gram.y:811 msgid "invalid notbefore value" msgstr "malvalida valoro notafter" -#: gram.y:743 +#: gram.y:820 msgid "invalid notafter value" msgstr "validiga valoro notafter" -#: gram.y:752 plugins/sudoers/policy.c:335 +#: gram.y:830 plugins/sudoers/policy.c:353 msgid "timeout value too large" msgstr "eksvalidiĝo-valoro tro grandas" -#: gram.y:754 plugins/sudoers/policy.c:337 +#: gram.y:832 plugins/sudoers/policy.c:355 msgid "invalid timeout value" msgstr "malvalida eksvalidiĝo-valoro" -#: gram.y:1079 +#: gram.y:946 plugins/sudoers/sudoers.c:998 +msgid "command too long" +msgstr "komando tro longas" + +#: gram.y:1203 #, c-format msgid "%s:%d:%d: %s\n" msgstr "%s:%d:%d: %s\n" -#: gram.y:1526 lib/eventlog/eventlog.c:280 lib/eventlog/eventlog.c:753 -#: lib/eventlog/eventlog.c:815 lib/eventlog/eventlog.c:816 -#: lib/eventlog/eventlog.c:1062 lib/iolog/iolog_fileio.c:998 -#: lib/iolog/iolog_json.c:120 lib/iolog/iolog_json.c:304 -#: lib/iolog/iolog_json.c:335 lib/iolog/iolog_json.c:457 -#: lib/iolog/iolog_json.c:735 lib/iolog/iolog_util.c:106 -#: lib/iolog/iolog_util.c:115 lib/iolog/iolog_util.c:125 -#: lib/iolog/iolog_util.c:133 lib/iolog/iolog_util.c:137 -#: lib/iolog/iolog_util.c:196 logsrvd/logsrvd.c:1280 logsrvd/logsrvd.c:1293 -#: logsrvd/logsrvd.c:1338 logsrvd/sendlog.c:480 logsrvd/sendlog.c:1321 -#: logsrvd/sendlog.c:1328 logsrvd/sendlog.c:1746 plugins/sudoers/audit.c:115 -#: plugins/sudoers/audit.c:210 plugins/sudoers/auth/pam.c:482 -#: plugins/sudoers/auth/pam.c:669 plugins/sudoers/auth/rfc1938.c:111 -#: plugins/sudoers/cvtsudoers.c:119 plugins/sudoers/cvtsudoers.c:159 -#: plugins/sudoers/cvtsudoers.c:176 plugins/sudoers/cvtsudoers.c:187 -#: plugins/sudoers/cvtsudoers.c:299 plugins/sudoers/cvtsudoers.c:427 -#: plugins/sudoers/cvtsudoers.c:560 plugins/sudoers/cvtsudoers.c:577 -#: plugins/sudoers/cvtsudoers.c:641 plugins/sudoers/cvtsudoers.c:756 -#: plugins/sudoers/cvtsudoers.c:763 plugins/sudoers/cvtsudoers.c:1178 -#: plugins/sudoers/cvtsudoers.c:1182 plugins/sudoers/cvtsudoers.c:1284 +#: gram.y:1247 +#, c-format +msgid "Alias \"%s\" already defined" +msgstr "Kromnomo \"%s\" jam ekzistas" + +#: gram.y:1744 gram.y:1794 lib/eventlog/eventlog.c:309 +#: lib/eventlog/eventlog.c:804 lib/eventlog/eventlog.c:877 +#: lib/eventlog/eventlog.c:880 lib/eventlog/eventlog.c:1176 +#: lib/iolog/iolog_json.c:150 lib/iolog/iolog_json.c:381 +#: lib/iolog/iolog_json.c:412 lib/iolog/iolog_json.c:555 +#: lib/iolog/iolog_legacy.c:100 lib/iolog/iolog_legacy.c:111 +#: lib/iolog/iolog_legacy.c:123 lib/iolog/iolog_legacy.c:133 +#: lib/iolog/iolog_legacy.c:139 lib/iolog/iolog_loginfo.c:76 +#: lib/iolog/iolog_loginfo.c:211 logsrvd/iolog_writer.c:84 +#: logsrvd/iolog_writer.c:89 logsrvd/iolog_writer.c:123 +#: logsrvd/iolog_writer.c:162 logsrvd/iolog_writer.c:171 +#: logsrvd/iolog_writer.c:189 logsrvd/iolog_writer.c:211 +#: logsrvd/iolog_writer.c:224 logsrvd/iolog_writer.c:251 +#: logsrvd/iolog_writer.c:260 logsrvd/iolog_writer.c:276 +#: logsrvd/iolog_writer.c:285 logsrvd/iolog_writer.c:300 +#: logsrvd/iolog_writer.c:313 logsrvd/iolog_writer.c:326 +#: logsrvd/iolog_writer.c:339 logsrvd/iolog_writer.c:354 +#: logsrvd/iolog_writer.c:393 logsrvd/iolog_writer.c:399 +#: logsrvd/iolog_writer.c:406 logsrvd/iolog_writer.c:412 +#: logsrvd/iolog_writer.c:596 logsrvd/logsrv_util.c:64 logsrvd/logsrvd.c:296 +#: logsrvd/logsrvd.c:305 logsrvd/logsrvd.c:448 logsrvd/logsrvd.c:485 +#: logsrvd/logsrvd.c:593 logsrvd/logsrvd.c:1084 logsrvd/logsrvd.c:1400 +#: logsrvd/logsrvd.c:1406 logsrvd/logsrvd_conf.c:1360 +#: logsrvd/logsrvd_journal.c:70 logsrvd/logsrvd_journal.c:114 +#: logsrvd/logsrvd_journal.c:203 logsrvd/logsrvd_journal.c:233 +#: logsrvd/logsrvd_journal.c:237 logsrvd/logsrvd_journal.c:245 +#: logsrvd/logsrvd_journal.c:268 logsrvd/logsrvd_journal.c:272 +#: logsrvd/logsrvd_journal.c:425 logsrvd/logsrvd_local.c:174 +#: logsrvd/logsrvd_local.c:237 logsrvd/logsrvd_local.c:425 +#: logsrvd/logsrvd_local.c:431 logsrvd/logsrvd_local.c:450 +#: logsrvd/logsrvd_queue.c:153 logsrvd/logsrvd_queue.c:184 +#: logsrvd/logsrvd_queue.c:261 logsrvd/sendlog.c:246 logsrvd/sendlog.c:255 +#: logsrvd/sendlog.c:333 logsrvd/sendlog.c:640 logsrvd/sendlog.c:1526 +#: logsrvd/sendlog.c:1533 logsrvd/sendlog.c:1756 logsrvd/tls_init.c:293 +#: logsrvd/tls_init.c:314 logsrvd/tls_init.c:324 plugins/sudoers/audit.c:116 +#: plugins/sudoers/auth/pam.c:503 plugins/sudoers/auth/pam.c:689 +#: plugins/sudoers/auth/rfc1938.c:111 plugins/sudoers/check_aliases.c:134 +#: plugins/sudoers/cvtsudoers.c:131 plugins/sudoers/cvtsudoers.c:174 +#: plugins/sudoers/cvtsudoers.c:191 plugins/sudoers/cvtsudoers.c:202 +#: plugins/sudoers/cvtsudoers.c:332 plugins/sudoers/cvtsudoers.c:533 +#: plugins/sudoers/cvtsudoers.c:666 plugins/sudoers/cvtsudoers.c:684 +#: plugins/sudoers/cvtsudoers.c:755 plugins/sudoers/cvtsudoers.c:870 +#: plugins/sudoers/cvtsudoers.c:877 plugins/sudoers/cvtsudoers.c:1373 +#: plugins/sudoers/cvtsudoers.c:1377 plugins/sudoers/cvtsudoers.c:1479 +#: plugins/sudoers/cvtsudoers_csv.c:182 plugins/sudoers/cvtsudoers_csv.c:245 #: plugins/sudoers/cvtsudoers_json.c:75 plugins/sudoers/cvtsudoers_ldif.c:150 #: plugins/sudoers/cvtsudoers_ldif.c:193 plugins/sudoers/cvtsudoers_ldif.c:234 -#: plugins/sudoers/cvtsudoers_ldif.c:299 plugins/sudoers/cvtsudoers_ldif.c:370 -#: plugins/sudoers/cvtsudoers_ldif.c:420 plugins/sudoers/cvtsudoers_ldif.c:428 -#: plugins/sudoers/cvtsudoers_ldif.c:439 plugins/sudoers/cvtsudoers_ldif.c:446 -#: plugins/sudoers/cvtsudoers_ldif.c:459 plugins/sudoers/cvtsudoers_ldif.c:467 -#: plugins/sudoers/cvtsudoers_ldif.c:614 plugins/sudoers/defaults.c:630 -#: plugins/sudoers/defaults.c:923 plugins/sudoers/defaults.c:1098 -#: plugins/sudoers/editor.c:181 plugins/sudoers/env.c:261 +#: plugins/sudoers/cvtsudoers_ldif.c:299 plugins/sudoers/cvtsudoers_ldif.c:375 +#: plugins/sudoers/cvtsudoers_ldif.c:429 plugins/sudoers/cvtsudoers_ldif.c:437 +#: plugins/sudoers/cvtsudoers_ldif.c:448 plugins/sudoers/cvtsudoers_ldif.c:455 +#: plugins/sudoers/cvtsudoers_ldif.c:468 plugins/sudoers/cvtsudoers_ldif.c:476 +#: plugins/sudoers/cvtsudoers_ldif.c:623 +#: plugins/sudoers/cvtsudoers_merge.c:246 +#: plugins/sudoers/cvtsudoers_merge.c:292 +#: plugins/sudoers/cvtsudoers_merge.c:338 +#: plugins/sudoers/cvtsudoers_merge.c:359 +#: plugins/sudoers/cvtsudoers_merge.c:446 +#: plugins/sudoers/cvtsudoers_merge.c:454 +#: plugins/sudoers/cvtsudoers_merge.c:457 +#: plugins/sudoers/cvtsudoers_merge.c:523 +#: plugins/sudoers/cvtsudoers_merge.c:526 +#: plugins/sudoers/cvtsudoers_merge.c:695 +#: plugins/sudoers/cvtsudoers_merge.c:703 +#: plugins/sudoers/cvtsudoers_merge.c:926 +#: plugins/sudoers/cvtsudoers_merge.c:962 plugins/sudoers/defaults.c:665 +#: plugins/sudoers/defaults.c:1019 plugins/sudoers/defaults.c:1206 +#: plugins/sudoers/editor.c:190 plugins/sudoers/env.c:262 #: plugins/sudoers/exptilde.c:92 plugins/sudoers/filedigest.c:54 -#: plugins/sudoers/filedigest.c:70 plugins/sudoers/gc.c:56 -#: plugins/sudoers/group_plugin.c:132 plugins/sudoers/interfaces.c:72 -#: plugins/sudoers/iolog.c:596 plugins/sudoers/iolog.c:613 +#: plugins/sudoers/filedigest.c:70 plugins/sudoers/gc.c:57 +#: plugins/sudoers/group_plugin.c:132 plugins/sudoers/interfaces.c:68 +#: plugins/sudoers/iolog.c:609 plugins/sudoers/iolog.c:635 #: plugins/sudoers/ldap.c:184 plugins/sudoers/ldap.c:422 #: plugins/sudoers/ldap.c:432 plugins/sudoers/ldap.c:437 #: plugins/sudoers/ldap.c:441 plugins/sudoers/ldap.c:453 -#: plugins/sudoers/ldap.c:744 plugins/sudoers/ldap.c:908 -#: plugins/sudoers/ldap.c:1281 plugins/sudoers/ldap.c:1709 -#: plugins/sudoers/ldap.c:1746 plugins/sudoers/ldap.c:1827 -#: plugins/sudoers/ldap.c:1962 plugins/sudoers/ldap.c:2063 -#: plugins/sudoers/ldap.c:2079 plugins/sudoers/ldap_conf.c:218 +#: plugins/sudoers/ldap.c:749 plugins/sudoers/ldap.c:913 +#: plugins/sudoers/ldap.c:1286 plugins/sudoers/ldap.c:1712 +#: plugins/sudoers/ldap.c:1749 plugins/sudoers/ldap.c:1830 +#: plugins/sudoers/ldap.c:1965 plugins/sudoers/ldap.c:2066 +#: plugins/sudoers/ldap.c:2082 plugins/sudoers/ldap_conf.c:218 #: plugins/sudoers/ldap_conf.c:249 plugins/sudoers/ldap_conf.c:301 #: plugins/sudoers/ldap_conf.c:337 plugins/sudoers/ldap_conf.c:441 #: plugins/sudoers/ldap_conf.c:456 plugins/sudoers/ldap_conf.c:553 #: plugins/sudoers/ldap_conf.c:586 plugins/sudoers/ldap_conf.c:677 -#: plugins/sudoers/ldap_conf.c:760 plugins/sudoers/ldap_util.c:325 -#: plugins/sudoers/ldap_util.c:332 plugins/sudoers/ldap_util.c:603 -#: plugins/sudoers/linux_audit.c:84 plugins/sudoers/log_client.c:105 -#: plugins/sudoers/log_client.c:214 plugins/sudoers/log_client.c:235 -#: plugins/sudoers/log_client.c:248 plugins/sudoers/log_client.c:381 -#: plugins/sudoers/log_client.c:688 plugins/sudoers/log_client.c:706 -#: plugins/sudoers/log_client.c:1407 plugins/sudoers/log_client.c:1620 -#: plugins/sudoers/log_client.c:1942 plugins/sudoers/log_client.c:1999 -#: plugins/sudoers/logging.c:100 plugins/sudoers/logging.c:165 -#: plugins/sudoers/logging.c:166 plugins/sudoers/logging.c:425 -#: plugins/sudoers/logging.c:445 plugins/sudoers/logging.c:527 -#: plugins/sudoers/match_command.c:280 plugins/sudoers/match_command.c:448 -#: plugins/sudoers/match_command.c:498 plugins/sudoers/match_command.c:573 -#: plugins/sudoers/match_digest.c:93 plugins/sudoers/parse.c:198 -#: plugins/sudoers/parse.c:212 plugins/sudoers/parse.c:229 -#: plugins/sudoers/parse.c:243 plugins/sudoers/parse.c:263 -#: plugins/sudoers/parse.c:274 plugins/sudoers/parse_ldif.c:152 -#: plugins/sudoers/parse_ldif.c:183 plugins/sudoers/parse_ldif.c:252 -#: plugins/sudoers/parse_ldif.c:259 plugins/sudoers/parse_ldif.c:264 -#: plugins/sudoers/parse_ldif.c:340 plugins/sudoers/parse_ldif.c:351 -#: plugins/sudoers/parse_ldif.c:378 plugins/sudoers/parse_ldif.c:395 -#: plugins/sudoers/parse_ldif.c:407 plugins/sudoers/parse_ldif.c:411 -#: plugins/sudoers/parse_ldif.c:425 plugins/sudoers/parse_ldif.c:594 -#: plugins/sudoers/parse_ldif.c:623 plugins/sudoers/parse_ldif.c:648 -#: plugins/sudoers/parse_ldif.c:706 plugins/sudoers/parse_ldif.c:723 -#: plugins/sudoers/parse_ldif.c:751 plugins/sudoers/parse_ldif.c:758 -#: plugins/sudoers/policy.c:139 plugins/sudoers/policy.c:148 -#: plugins/sudoers/policy.c:157 plugins/sudoers/policy.c:183 -#: plugins/sudoers/policy.c:320 plugins/sudoers/policy.c:335 -#: plugins/sudoers/policy.c:337 plugins/sudoers/policy.c:366 -#: plugins/sudoers/policy.c:375 plugins/sudoers/policy.c:418 -#: plugins/sudoers/policy.c:428 plugins/sudoers/policy.c:437 -#: plugins/sudoers/policy.c:446 plugins/sudoers/policy.c:526 -#: plugins/sudoers/policy.c:874 plugins/sudoers/prompt.c:93 -#: plugins/sudoers/pwutil.c:194 plugins/sudoers/pwutil.c:265 -#: plugins/sudoers/pwutil.c:343 plugins/sudoers/pwutil.c:517 -#: plugins/sudoers/pwutil.c:581 plugins/sudoers/pwutil.c:652 -#: plugins/sudoers/pwutil.c:811 plugins/sudoers/pwutil.c:867 -#: plugins/sudoers/pwutil.c:911 plugins/sudoers/pwutil.c:968 -#: plugins/sudoers/set_perms.c:359 plugins/sudoers/set_perms.c:698 -#: plugins/sudoers/set_perms.c:1061 plugins/sudoers/set_perms.c:1364 -#: plugins/sudoers/set_perms.c:1529 plugins/sudoers/sssd.c:144 +#: plugins/sudoers/ldap_conf.c:760 plugins/sudoers/ldap_util.c:292 +#: plugins/sudoers/ldap_util.c:299 plugins/sudoers/ldap_util.c:613 +#: plugins/sudoers/linux_audit.c:86 plugins/sudoers/log_client.c:112 +#: plugins/sudoers/log_client.c:221 plugins/sudoers/log_client.c:242 +#: plugins/sudoers/log_client.c:255 plugins/sudoers/log_client.c:390 +#: plugins/sudoers/log_client.c:703 plugins/sudoers/log_client.c:724 +#: plugins/sudoers/log_client.c:1444 plugins/sudoers/log_client.c:1662 +#: plugins/sudoers/log_client.c:1989 plugins/sudoers/log_client.c:2046 +#: plugins/sudoers/logging.c:104 plugins/sudoers/logging.c:183 +#: plugins/sudoers/logging.c:184 plugins/sudoers/logging.c:467 +#: plugins/sudoers/logging.c:487 plugins/sudoers/logging.c:627 +#: plugins/sudoers/match_command.c:296 plugins/sudoers/match_command.c:496 +#: plugins/sudoers/match_command.c:545 plugins/sudoers/match_command.c:618 +#: plugins/sudoers/match_command.c:665 plugins/sudoers/match_digest.c:93 +#: plugins/sudoers/parse.c:200 plugins/sudoers/parse.c:217 +#: plugins/sudoers/parse.c:249 plugins/sudoers/parse.c:266 +#: plugins/sudoers/parse.c:289 plugins/sudoers/parse.c:300 +#: plugins/sudoers/parse_ldif.c:152 plugins/sudoers/parse_ldif.c:183 +#: plugins/sudoers/parse_ldif.c:252 plugins/sudoers/parse_ldif.c:260 +#: plugins/sudoers/parse_ldif.c:265 plugins/sudoers/parse_ldif.c:341 +#: plugins/sudoers/parse_ldif.c:352 plugins/sudoers/parse_ldif.c:379 +#: plugins/sudoers/parse_ldif.c:396 plugins/sudoers/parse_ldif.c:408 +#: plugins/sudoers/parse_ldif.c:412 plugins/sudoers/parse_ldif.c:426 +#: plugins/sudoers/parse_ldif.c:484 plugins/sudoers/parse_ldif.c:597 +#: plugins/sudoers/parse_ldif.c:626 plugins/sudoers/parse_ldif.c:651 +#: plugins/sudoers/parse_ldif.c:709 plugins/sudoers/parse_ldif.c:726 +#: plugins/sudoers/parse_ldif.c:754 plugins/sudoers/parse_ldif.c:761 +#: plugins/sudoers/policy.c:152 plugins/sudoers/policy.c:161 +#: plugins/sudoers/policy.c:170 plugins/sudoers/policy.c:197 +#: plugins/sudoers/policy.c:338 plugins/sudoers/policy.c:353 +#: plugins/sudoers/policy.c:355 plugins/sudoers/policy.c:385 +#: plugins/sudoers/policy.c:394 plugins/sudoers/policy.c:442 +#: plugins/sudoers/policy.c:452 plugins/sudoers/policy.c:461 +#: plugins/sudoers/policy.c:470 plugins/sudoers/policy.c:564 +#: plugins/sudoers/policy.c:978 plugins/sudoers/prompt.c:93 +#: plugins/sudoers/pwutil.c:199 plugins/sudoers/pwutil.c:270 +#: plugins/sudoers/pwutil.c:348 plugins/sudoers/pwutil.c:522 +#: plugins/sudoers/pwutil.c:587 plugins/sudoers/pwutil.c:659 +#: plugins/sudoers/pwutil.c:857 plugins/sudoers/pwutil.c:913 +#: plugins/sudoers/pwutil.c:957 plugins/sudoers/pwutil.c:1014 +#: plugins/sudoers/set_perms.c:363 plugins/sudoers/set_perms.c:706 +#: plugins/sudoers/set_perms.c:1073 plugins/sudoers/set_perms.c:1380 +#: plugins/sudoers/set_perms.c:1549 plugins/sudoers/sssd.c:144 #: plugins/sudoers/sssd.c:407 plugins/sudoers/sssd.c:470 -#: plugins/sudoers/sssd.c:514 plugins/sudoers/sssd.c:561 -#: plugins/sudoers/sssd.c:754 plugins/sudoers/stubs.c:110 -#: plugins/sudoers/stubs.c:118 plugins/sudoers/sudoers.c:300 -#: plugins/sudoers/sudoers.c:326 plugins/sudoers/sudoers.c:370 -#: plugins/sudoers/sudoers.c:381 plugins/sudoers/sudoers.c:391 -#: plugins/sudoers/sudoers.c:433 plugins/sudoers/sudoers.c:794 -#: plugins/sudoers/sudoers.c:927 plugins/sudoers/sudoers.c:961 -#: plugins/sudoers/sudoers.c:1265 plugins/sudoers/sudoreplay.c:552 -#: plugins/sudoers/sudoreplay.c:555 plugins/sudoers/sudoreplay.c:1259 -#: plugins/sudoers/sudoreplay.c:1469 plugins/sudoers/sudoreplay.c:1473 -#: plugins/sudoers/testsudoers.c:128 plugins/sudoers/testsudoers.c:228 -#: plugins/sudoers/testsudoers.c:245 plugins/sudoers/testsudoers.c:587 -#: plugins/sudoers/timestamp.c:432 plugins/sudoers/timestamp.c:476 -#: plugins/sudoers/timestamp.c:986 plugins/sudoers/toke_util.c:51 -#: plugins/sudoers/toke_util.c:104 plugins/sudoers/toke_util.c:128 -#: plugins/sudoers/toke_util.c:157 plugins/sudoers/tsdump.c:123 -#: plugins/sudoers/visudo.c:145 plugins/sudoers/visudo.c:323 -#: plugins/sudoers/visudo.c:329 plugins/sudoers/visudo.c:439 -#: plugins/sudoers/visudo.c:615 plugins/sudoers/visudo.c:935 -#: plugins/sudoers/visudo.c:1008 plugins/sudoers/visudo.c:1129 toke.l:913 -#: toke.l:1033 toke.l:1091 +#: plugins/sudoers/sssd.c:514 plugins/sudoers/sssd.c:558 +#: plugins/sudoers/sssd.c:751 plugins/sudoers/strvec_join.c:53 +#: plugins/sudoers/stubs.c:111 plugins/sudoers/stubs.c:119 +#: plugins/sudoers/sudoers.c:335 plugins/sudoers/sudoers.c:361 +#: plugins/sudoers/sudoers.c:429 plugins/sudoers/sudoers.c:438 +#: plugins/sudoers/sudoers.c:479 plugins/sudoers/sudoers.c:842 +#: plugins/sudoers/sudoers.c:980 plugins/sudoers/sudoers.c:1039 +#: plugins/sudoers/sudoers.c:1305 plugins/sudoers/sudoreplay.c:562 +#: plugins/sudoers/sudoreplay.c:565 plugins/sudoers/sudoreplay.c:1280 +#: plugins/sudoers/sudoreplay.c:1500 plugins/sudoers/sudoreplay.c:1504 +#: plugins/sudoers/testsudoers.c:120 plugins/sudoers/testsudoers.c:224 +#: plugins/sudoers/testsudoers.c:241 plugins/sudoers/testsudoers.c:580 +#: plugins/sudoers/timestamp.c:424 plugins/sudoers/timestamp.c:468 +#: plugins/sudoers/timestamp.c:980 plugins/sudoers/timestamp.c:1118 +#: plugins/sudoers/toke_util.c:77 plugins/sudoers/toke_util.c:105 +#: plugins/sudoers/toke_util.c:130 plugins/sudoers/toke_util.c:154 +#: plugins/sudoers/toke_util.c:193 plugins/sudoers/tsdump.c:123 +#: plugins/sudoers/visudo.c:145 plugins/sudoers/visudo.c:344 +#: plugins/sudoers/visudo.c:350 plugins/sudoers/visudo.c:456 +#: plugins/sudoers/visudo.c:632 plugins/sudoers/visudo.c:962 +#: plugins/sudoers/visudo.c:1035 toke.l:944 toke.l:1076 toke.l:1139 +#: toke.l:1147 #, c-format msgid "%s: %s" msgstr "%s: %s" -#: lib/eventlog/eventlog.c:285 lib/iolog/iolog_json.c:463 -#: lib/iolog/iolog_json.c:466 lib/iolog/iolog_json.c:468 -#: lib/iolog/iolog_json.c:560 plugins/sudoers/cvtsudoers_ldif.c:244 -#: plugins/sudoers/cvtsudoers_ldif.c:251 plugins/sudoers/cvtsudoers_ldif.c:571 -#: plugins/sudoers/env.c:323 plugins/sudoers/env.c:330 -#: plugins/sudoers/env.c:437 plugins/sudoers/iolog.c:618 -#: plugins/sudoers/ldap.c:517 plugins/sudoers/ldap.c:748 -#: plugins/sudoers/ldap.c:1081 plugins/sudoers/ldap_conf.c:222 -#: plugins/sudoers/ldap_conf.c:312 plugins/sudoers/linux_audit.c:90 -#: plugins/sudoers/policy.c:556 plugins/sudoers/policy.c:711 -#: plugins/sudoers/policy.c:721 plugins/sudoers/prompt.c:161 -#: plugins/sudoers/sudoers.c:983 plugins/sudoers/testsudoers.c:249 -#: plugins/sudoers/toke_util.c:169 +#: lib/eventlog/eventlog.c:314 lib/iolog/iolog_json.c:562 +#: lib/iolog/iolog_json.c:568 lib/iolog/iolog_json.c:574 +#: plugins/sudoers/cvtsudoers_csv.c:192 plugins/sudoers/cvtsudoers_csv.c:199 +#: plugins/sudoers/cvtsudoers_ldif.c:244 plugins/sudoers/cvtsudoers_ldif.c:251 +#: plugins/sudoers/cvtsudoers_ldif.c:580 plugins/sudoers/env.c:326 +#: plugins/sudoers/env.c:333 plugins/sudoers/env.c:444 +#: plugins/sudoers/ldap.c:520 plugins/sudoers/ldap.c:753 +#: plugins/sudoers/ldap.c:1086 plugins/sudoers/ldap_conf.c:222 +#: plugins/sudoers/ldap_conf.c:312 plugins/sudoers/ldap_util.c:485 +#: plugins/sudoers/linux_audit.c:92 plugins/sudoers/policy.c:594 +#: plugins/sudoers/policy.c:763 plugins/sudoers/policy.c:774 +#: plugins/sudoers/prompt.c:168 plugins/sudoers/strvec_join.c:62 +#: plugins/sudoers/testsudoers.c:245 plugins/sudoers/toke_util.c:206 +#: toke.l:908 toke.l:1110 #, c-format msgid "internal error, %s overflow" msgstr "interna eraro, troo en %s" -#: lib/eventlog/eventlog.c:343 +#: lib/eventlog/eventlog.c:373 #, c-format msgid "unable to dup stdin: %m" msgstr "ne eblas kopii enigon: %m" -#: lib/eventlog/eventlog.c:388 +#: lib/eventlog/eventlog.c:415 #, c-format msgid "unable to execute %s: %m" msgstr "ne eblas plenumigi %s-on: %m" -#: lib/eventlog/eventlog.c:428 plugins/sudoers/auth/aix_auth.c:198 +#: lib/eventlog/eventlog.c:456 plugins/sudoers/auth/aix_auth.c:198 msgid "unable to fork" msgstr "ne eblas forki" -#: lib/eventlog/eventlog.c:436 lib/eventlog/eventlog.c:490 +#: lib/eventlog/eventlog.c:464 lib/eventlog/eventlog.c:518 #, c-format msgid "unable to fork: %m" msgstr "ne eblas forki: %m" -#: lib/eventlog/eventlog.c:480 +#: lib/eventlog/eventlog.c:508 #, c-format msgid "unable to open pipe: %m" msgstr "ne eblas malfermi tubon: %m" -#: lib/eventlog/eventlog.c:894 +#: lib/eventlog/eventlog.c:1007 #, c-format msgid "%8s : %s" msgstr "%8s: %s" -#: lib/eventlog/eventlog.c:923 +#: lib/eventlog/eventlog.c:1036 #, c-format msgid "%8s : (command continued) %s" msgstr "%8s : (komando daŭrigis) %s" -#: lib/iolog/iolog_fileio.c:155 -#, c-format -msgid "%s exists but is not a directory (0%o)" -msgstr "%s ekzistas sed ne dosierujo (0%o)" - -#: lib/iolog/iolog_fileio.c:185 lib/iolog/iolog_fileio.c:231 -#: plugins/sudoers/timestamp.c:205 -#, c-format -msgid "unable to mkdir %s" -msgstr "ne eblas mkdir-i: %s" - -#: lib/iolog/iolog_fileio.c:235 plugins/sudoers/visudo.c:732 -#: plugins/sudoers/visudo.c:743 -#, c-format -msgid "unable to change mode of %s to 0%o" -msgstr "ne eblas ŝanĝi reĝimon de %s al 0%o" - -#: lib/iolog/iolog_json.c:114 +#: lib/iolog/iolog_json.c:140 #, c-format msgid "expected JSON_STRING, got %d" msgstr "atendita JSON_STRING, %d ricevita" -#: lib/iolog/iolog_json.c:327 +#: lib/iolog/iolog_json.c:145 +msgid "JSON_ARRAY too large" +msgstr "JSON_ARRAY tro grandas" + +#: lib/iolog/iolog_json.c:404 msgid "missing double quote in name" msgstr "mankas duobla citilo en nomo" -#: lib/iolog/iolog_json.c:414 +#: lib/iolog/iolog_json.c:501 +msgid "missing JSON_OBJECT" +msgstr "mankanta JSON_OBJECT" + +#: lib/iolog/iolog_json.c:505 #, c-format msgid "expected JSON_OBJECT, got %d" msgstr "atendita JSON_OBJECT, %d ricevita" -#: lib/iolog/iolog_json.c:629 lib/iolog/iolog_json.c:753 +#: lib/iolog/iolog_json.c:661 +#, c-format +msgid "json stack exhausted (max %u frames)" +msgstr "json-stako eluzita (maksimume %u kandroj)" + +#: lib/iolog/iolog_json.c:735 +msgid "objects must consist of name:value pairs" +msgstr "objektoj devas konsisti el paroj nomo:valoro" + +#: lib/iolog/iolog_json.c:740 lib/iolog/iolog_json.c:771 +#: lib/iolog/iolog_json.c:815 lib/iolog/iolog_json.c:837 +#: lib/iolog/iolog_json.c:859 lib/iolog/iolog_json.c:881 +#: lib/iolog/iolog_json.c:903 +msgid "missing separator between values" +msgstr "mankanta apartigilo inter valoroj" + +#: lib/iolog/iolog_json.c:755 lib/iolog/iolog_json.c:929 msgid "unmatched close brace" msgstr "'}' sen kongruanta '{'" -#: lib/iolog/iolog_json.c:638 +#: lib/iolog/iolog_json.c:766 msgid "unexpected array" msgstr "neatendita tabelo" -#: lib/iolog/iolog_json.c:651 lib/iolog/iolog_json.c:755 +#: lib/iolog/iolog_json.c:786 lib/iolog/iolog_json.c:932 msgid "unmatched close bracket" msgstr "']' sen kongruanta '['" -#: lib/iolog/iolog_json.c:659 +#: lib/iolog/iolog_json.c:797 msgid "unexpected string" msgstr "neatendita ĉeno" -#: lib/iolog/iolog_json.c:669 +#: lib/iolog/iolog_json.c:808 msgid "missing colon after name" msgstr "mankas dupunkto post nomo" -#: lib/iolog/iolog_json.c:680 lib/iolog/iolog_json.c:695 -#: lib/iolog/iolog_json.c:710 +#: lib/iolog/iolog_json.c:829 lib/iolog/iolog_json.c:851 msgid "unexpected boolean" msgstr "neatendita bulea valoro" -#: lib/iolog/iolog_json.c:726 +#: lib/iolog/iolog_json.c:873 +msgid "unexpected null" +msgstr "neatendita nulo" + +#: lib/iolog/iolog_json.c:894 msgid "unexpected number" msgstr "neatendita nombro" -#: lib/iolog/iolog_json.c:763 -#, c-format -msgid "%s:%u unable to parse \"%s\"" -msgstr "%s:%u ne eblas analizi: \"%s\"" +#: lib/iolog/iolog_json.c:941 +msgid "parse error" +msgstr "analiza eraro" -#: lib/iolog/iolog_util.c:71 +#: lib/iolog/iolog_legacy.c:65 #, c-format msgid "%s: invalid log file" msgstr "%s: malvalida protokolo-dosiero" -#: lib/iolog/iolog_util.c:89 +#: lib/iolog/iolog_legacy.c:83 #, c-format msgid "%s: time stamp field is missing" msgstr "%s: mankas temp-indikila kampo" -#: lib/iolog/iolog_util.c:95 +#: lib/iolog/iolog_legacy.c:89 #, c-format msgid "%s: time stamp %s: %s" msgstr "%s: temp-indikilo %s: %s" -#: lib/iolog/iolog_util.c:102 +#: lib/iolog/iolog_legacy.c:96 #, c-format msgid "%s: user field is missing" msgstr "%s: mankas kampo de uzanto" -#: lib/iolog/iolog_util.c:111 +#: lib/iolog/iolog_legacy.c:107 #, c-format msgid "%s: runas user field is missing" msgstr "%s: mankas kampo de runa uzanto" -#: lib/iolog/iolog_util.c:120 +#: lib/iolog/iolog_legacy.c:118 #, c-format msgid "%s: runas group field is missing" msgstr "%s: mankas kampo de runa grupo" -#: lib/iolog/iolog_util.c:419 +#: lib/iolog/iolog_mkdirs.c:89 +#, c-format +msgid "%s exists but is not a directory (0%o)" +msgstr "%s ekzistas sed ne dosierujo (0%o)" + +#: lib/iolog/iolog_mkdirs.c:119 lib/iolog/iolog_mkdtemp.c:77 +#: logsrvd/iolog_writer.c:807 plugins/sudoers/timestamp.c:205 +#, c-format +msgid "unable to mkdir %s" +msgstr "ne eblas mkdir-i: %s" + +#: lib/iolog/iolog_mkdtemp.c:81 plugins/sudoers/visudo.c:731 +#: plugins/sudoers/visudo.c:765 plugins/sudoers/visudo.c:771 +#, c-format +msgid "unable to change mode of %s to 0%o" +msgstr "ne eblas ŝanĝi reĝimon de %s al 0%o" + +#: lib/iolog/iolog_timing.c:261 #, c-format msgid "error reading timing file: %s" msgstr "nelegebla tempo-registra dosiero: %s" -#: lib/iolog/iolog_util.c:426 +#: lib/iolog/iolog_timing.c:268 #, c-format msgid "invalid timing file line: %s" msgstr "malvalida linio en la tempo-registran dosieron: %s" -#: logsrvd/iolog_writer.c:919 -msgid "log is already complete, cannot be restarted" -msgstr "protokolo jam estas kompleta, ne eblas restartigi ĝin" +#: logsrvd/iolog_writer.c:130 plugins/sudoers/logging.c:803 +#: plugins/sudoers/policy.c:544 +msgid "unable to generate UUID" +msgstr "ne eblas genero de UUID" -#: logsrvd/iolog_writer.c:950 -msgid "unable to restart log" -msgstr "ne eblas restartigi protokolon" +#: logsrvd/iolog_writer.c:158 logsrvd/iolog_writer.c:176 +#: logsrvd/iolog_writer.c:185 logsrvd/iolog_writer.c:203 +#: logsrvd/iolog_writer.c:216 logsrvd/iolog_writer.c:229 +#: logsrvd/iolog_writer.c:240 logsrvd/iolog_writer.c:247 +#: logsrvd/iolog_writer.c:265 logsrvd/iolog_writer.c:272 +#: logsrvd/iolog_writer.c:290 logsrvd/iolog_writer.c:305 +#: logsrvd/iolog_writer.c:318 logsrvd/iolog_writer.c:331 +#: logsrvd/iolog_writer.c:344 logsrvd/iolog_writer.c:359 +#, c-format +msgid "%s: protocol error: wrong type for %s" +msgstr "%s: protokoleraro: erara tipo per %s" + +#: logsrvd/iolog_writer.c:370 logsrvd/iolog_writer.c:375 +#: logsrvd/iolog_writer.c:380 logsrvd/iolog_writer.c:385 +#, c-format +msgid "%s: protocol error: %s missing from AcceptMessage" +msgstr "%s: protokola eraro: %s estas malhavata de AcceptMessage" -#: logsrvd/logsrv_util.c:99 logsrvd/logsrv_util.c:106 -#: plugins/sudoers/sudoreplay.c:352 plugins/sudoers/sudoreplay.c:358 +#: logsrvd/iolog_writer.c:446 +#, c-format +msgid "%s: unable to format session id" +msgstr "%s: ne eblas formati seancan identigilon" + +#: logsrvd/iolog_writer.c:460 logsrvd/iolog_writer.c:474 +#: logsrvd/iolog_writer.c:488 logsrvd/iolog_writer.c:503 +#: logsrvd/iolog_writer.c:517 logsrvd/iolog_writer.c:531 +#, c-format +msgid "%s: %s is not set" +msgstr "%s: %s ne estas valorizita" + +#: logsrvd/iolog_writer.c:567 logsrvd/iolog_writer.c:574 +#, c-format +msgid "unable to expand iolog path %s" +msgstr "ne eblas etendi iolog-vojn %s" + +#: logsrvd/iolog_writer.c:592 +#, c-format +msgid "unable to create iolog path %s" +msgstr "ne eblas krei iolog-vojon %s" + +#: logsrvd/iolog_writer.c:622 +#, c-format +msgid "invalid iofd %d" +msgstr "nevalida eneliga dosierpriskribilo %d" + +#: logsrvd/iolog_writer.c:642 +#, c-format +msgid "error closing iofd %d: %s" +msgstr "eraro dum fermi eneligan dosierpriskribilon %d: %s" + +#: logsrvd/iolog_writer.c:662 +#, c-format +msgid "error flushing iofd %d: %s" +msgstr "eraro dum elbufrigi eneligan eneligan priskribilon %d: %s" + +#: logsrvd/iolog_writer.c:777 +#, c-format +msgid "invalid I/O log %s: %s referenced but not present" +msgstr "nevalida eneliga protokolo %s: %s estas referencita sed ne difinita" + +#: logsrvd/iolog_writer.c:789 logsrvd/logsrvd_journal.c:377 +#, c-format +msgid "%s: unable to find resume point [%lld, %ld]" +msgstr "%s: ne eblas trovi daŭrigan punkton [%lld, %ld]" + +#: logsrvd/iolog_writer.c:811 logsrvd/logsrvd_journal.c:420 +#: logsrvd/logsrvd_queue.c:110 logsrvd/tls_init.c:245 +#: plugins/sudoers/check.c:274 plugins/sudoers/cvtsudoers.c:727 +#: plugins/sudoers/cvtsudoers.c:748 plugins/sudoers/cvtsudoers.c:1439 +#: plugins/sudoers/cvtsudoers_csv.c:681 plugins/sudoers/cvtsudoers_json.c:885 +#: plugins/sudoers/cvtsudoers_ldif.c:697 plugins/sudoers/sudoers.c:1092 +#: plugins/sudoers/sudoreplay.c:1466 plugins/sudoers/timestamp.c:433 +#: plugins/sudoers/tsdump.c:128 plugins/sudoers/visudo.c:949 +#, c-format +msgid "unable to open %s" +msgstr "ne eblas malfermi: %s" + +#: logsrvd/iolog_writer.c:823 logsrvd/logsrv_util.c:100 +#: logsrvd/logsrv_util.c:107 plugins/sudoers/sudoreplay.c:362 +#: plugins/sudoers/sudoreplay.c:368 #, c-format msgid "unable to open %s/%s" msgstr "ne eblas malfermi: %s/%s" -#: logsrvd/logsrv_util.c:133 +#: logsrvd/iolog_writer.c:836 +#, c-format +msgid "unable to copy %s/%s to %s/%s: %s" +msgstr "ne eblas kopii de %s/%s al %s/%s: %s" + +#: logsrvd/iolog_writer.c:865 logsrvd/logsrvd_journal.c:185 +#, c-format +msgid "unable to rename %s to %s" +msgstr "ne eblas alinomo de %s al %s" + +#: logsrvd/logsrv_util.c:139 logsrvd/logsrv_util.c:168 +#, c-format +msgid "%s/%s: unable to find resume point [%lld, %ld]" +msgstr "%s/%s: ne eblas trovi daŭrigan punkton [%lld, %ld]" + +#: logsrvd/logsrv_util.c:151 #, c-format msgid "missing I/O log file %s/%s" msgstr "mankas eneliga protokolo %s/%s" -#: logsrvd/logsrv_util.c:140 +#: logsrvd/logsrv_util.c:158 #, c-format msgid "%s/%s: unable to seek forward %zu" msgstr "%s/%s: ne eblas serĉi antaŭen: %zu" -#: logsrvd/logsrv_util.c:150 -#, c-format -msgid "unable to find resume point [%lld, %ld] in %s/%s" -msgstr "ne eblas trovi daŭrigan punkton [%lld, %ld] en %s/%s" +#: logsrvd/logsrvd.c:266 logsrvd/logsrvd_queue.c:130 +msgid "unable to connect to relay" +msgstr "ne eblas konektiĝi al relajso" + +#: logsrvd/logsrvd.c:325 logsrvd/logsrvd_relay.c:835 +#, c-format +msgid "server message too large: %zu" +msgstr "servila mesaĝo tro granda: %zu" + +#: logsrvd/logsrvd.c:417 logsrvd/logsrvd.c:534 logsrvd/logsrvd.c:613 +#: logsrvd/logsrvd.c:837 logsrvd/logsrvd.c:851 logsrvd/logsrvd.c:1010 +#: logsrvd/logsrvd.c:1134 logsrvd/logsrvd.c:1307 logsrvd/logsrvd.c:1325 +#: logsrvd/logsrvd.c:1423 logsrvd/logsrvd.c:1546 logsrvd/logsrvd.c:1730 +#: logsrvd/logsrvd_journal.c:489 logsrvd/logsrvd_local.c:197 +#: logsrvd/logsrvd_queue.c:159 logsrvd/logsrvd_relay.c:167 +#: logsrvd/logsrvd_relay.c:244 logsrvd/logsrvd_relay.c:248 +#: logsrvd/logsrvd_relay.c:384 logsrvd/logsrvd_relay.c:576 +#: logsrvd/logsrvd_relay.c:737 logsrvd/logsrvd_relay.c:1121 +#: logsrvd/sendlog.c:1316 logsrvd/tls_client.c:131 logsrvd/tls_client.c:147 +#: logsrvd/tls_client.c:209 plugins/sudoers/audit.c:276 +#: plugins/sudoers/iolog.c:963 plugins/sudoers/iolog.c:1096 +#: plugins/sudoers/iolog.c:1194 plugins/sudoers/log_client.c:116 +#: plugins/sudoers/log_client.c:332 plugins/sudoers/log_client.c:348 +#: plugins/sudoers/log_client.c:395 plugins/sudoers/log_client.c:599 +#: plugins/sudoers/log_client.c:606 plugins/sudoers/log_client.c:1131 +#: plugins/sudoers/log_client.c:1413 plugins/sudoers/log_client.c:1454 +#: plugins/sudoers/log_client.c:1462 plugins/sudoers/log_client.c:1618 +#: plugins/sudoers/log_client.c:1734 plugins/sudoers/log_client.c:2054 +#: plugins/sudoers/log_client.c:2062 plugins/sudoers/logging.c:142 +#: plugins/sudoers/logging.c:198 plugins/sudoers/sudoreplay.c:522 +#: plugins/sudoers/sudoreplay.c:569 plugins/sudoers/sudoreplay.c:811 +#: plugins/sudoers/sudoreplay.c:923 plugins/sudoers/sudoreplay.c:1014 +#: plugins/sudoers/sudoreplay.c:1029 plugins/sudoers/sudoreplay.c:1036 +#: plugins/sudoers/sudoreplay.c:1043 plugins/sudoers/sudoreplay.c:1050 +#: plugins/sudoers/sudoreplay.c:1057 plugins/sudoers/sudoreplay.c:1184 +msgid "unable to add event to queue" +msgstr "ne eblas aldoni eventon al atendovico" -#: logsrvd/logsrvd.c:290 logsrvd/logsrvd.c:353 logsrvd/logsrvd.c:394 -#: logsrvd/logsrvd.c:449 logsrvd/logsrvd.c:517 logsrvd/logsrvd.c:568 -#: logsrvd/logsrvd.c:600 logsrvd/logsrvd.c:632 +#: logsrvd/logsrvd.c:441 logsrvd/logsrvd.c:478 logsrvd/logsrvd.c:510 +#: logsrvd/logsrvd.c:558 logsrvd/logsrvd.c:630 logsrvd/logsrvd.c:660 +#: logsrvd/logsrvd.c:690 logsrvd/logsrvd.c:720 logsrvd/logsrvd_relay.c:505 +#: logsrvd/logsrvd_relay.c:538 +#, c-format +msgid "unexpected state %d for %s" +msgstr "neatendita stato %d por %s" + +#: logsrvd/logsrvd.c:442 logsrvd/logsrvd.c:479 logsrvd/logsrvd.c:511 +#: logsrvd/logsrvd.c:559 logsrvd/logsrvd.c:631 logsrvd/logsrvd.c:661 +#: logsrvd/logsrvd.c:691 logsrvd/logsrvd.c:721 logsrvd/logsrvd_relay.c:507 +#: logsrvd/logsrvd_relay.c:540 msgid "state machine error" msgstr "statmaŝina eraro" -#: logsrvd/logsrvd.c:299 +#: logsrvd/logsrvd.c:448 logsrvd/logsrvd.c:449 msgid "invalid AcceptMessage" msgstr "nevalida AcceptMessage" -#: logsrvd/logsrvd.c:307 -msgid "error parsing AcceptMessage" -msgstr "neanalizebla AcceptMessage" - -#: logsrvd/logsrvd.c:314 -msgid "error creating I/O log" -msgstr "malsukcesis kreiĝo de eneliga protokolo" - -#: logsrvd/logsrvd.c:321 -msgid "error logging accept event" -msgstr "malsukcesis protokoli akcepto-eventon" - -#: logsrvd/logsrvd.c:362 +#: logsrvd/logsrvd.c:485 logsrvd/logsrvd.c:486 msgid "invalid RejectMessage" msgstr "nevalida RejectMessage" -#: logsrvd/logsrvd.c:370 -msgid "error parsing RejectMessage" -msgstr "neanalizebla RejectMessage" - -#: logsrvd/logsrvd.c:376 -msgid "error logging reject event" -msgstr "malsukcesis protokoli malakcepto-eventon" - -#: logsrvd/logsrvd.c:486 +#: logsrvd/logsrvd.c:593 logsrvd/logsrvd.c:594 msgid "invalid AlertMessage" msgstr "nevalida AlertMessage" -#: logsrvd/logsrvd.c:494 -msgid "error parsing AlertMessage" -msgstr "neanalizebla AlertMessage" - -#: logsrvd/logsrvd.c:502 -msgid "error logging alert event" -msgstr "malsukcesis protokoli alarmo-eventon" +#: logsrvd/logsrvd.c:635 logsrvd/logsrvd.c:665 logsrvd/logsrvd.c:695 +#, c-format +msgid "%s: unexpected IoBuffer" +msgstr "%s: neatendita IoBuffer" -#: logsrvd/logsrvd.c:523 logsrvd/logsrvd.c:574 logsrvd/logsrvd.c:606 +#: logsrvd/logsrvd.c:636 logsrvd/logsrvd.c:666 logsrvd/logsrvd.c:696 msgid "protocol error" msgstr "protokolo-eraro" -#: logsrvd/logsrvd.c:533 -msgid "error writing IoBuffer" -msgstr "neskribebla IoBuffer" - -#: logsrvd/logsrvd.c:585 -msgid "error writing ChangeWindowSize" -msgstr "neskribela ChangeWindowSize" - -#: logsrvd/logsrvd.c:617 -msgid "error writing CommandSuspend" -msgstr "neskribela CommandSuspend" +#: logsrvd/logsrvd.c:791 logsrvd/logsrvd_journal.c:357 +#: logsrvd/logsrvd_local.c:125 logsrvd/logsrvd_relay.c:671 +#, c-format +msgid "unexpected type_case value %d in %s from %s" +msgstr "neatendita valoro %d de type_case en %s el %s" -#: logsrvd/logsrvd.c:702 +#: logsrvd/logsrvd.c:793 msgid "unrecognized ClientMessage type" msgstr "nekonata ClientMessage-tipo" -#: logsrvd/logsrvd.c:967 -msgid "client message too large" -msgstr "klienta mesaĝo tro grandas" - -#: logsrvd/logsrvd.c:1197 logsrvd/logsrvd.c:1205 -#, c-format -msgid "unable to set TLS 1.2 ciphersuite to %s: %s" -msgstr "ne agordi ĉifraron de TLS 1.2 al %s: %s" - -#: logsrvd/logsrvd.c:1225 logsrvd/logsrvd.c:1233 -#, c-format -msgid "unable to set TLS 1.3 ciphersuite to %s: %s" -msgstr "ne agordi ĉifraron de TLS 1.3 al %s: %s" - -#: logsrvd/logsrvd.c:1269 +#: logsrvd/logsrvd.c:883 #, c-format -msgid "unable to get TLS server method: %s" -msgstr "ne eblas akiri metodon de TLS-servilo: %s" +msgid "timed out writing to client %s" +msgstr "eksvalidiĝo dum skribado al kliento %s" -#: logsrvd/logsrvd.c:1274 +#: logsrvd/logsrvd.c:888 logsrvd/logsrvd_relay.c:907 logsrvd/sendlog.c:1420 #, c-format -msgid "unable to create TLS context: %s" -msgstr "ne eblas krei TLS-kuntekston: %s" +msgid "missing write buffer for client %s" +msgstr "mankanta skribobufo por kliento %s" -#: logsrvd/logsrvd.c:1281 plugins/sudoers/log_client.c:236 +#: logsrvd/logsrvd.c:981 #, c-format -msgid "unable to load certificate %s" -msgstr "ne eblas ŝargi atestilon %s" +msgid "timed out reading from client %s" +msgstr "eksvalidiĝo dum legado el kliento %s" -#: logsrvd/logsrvd.c:1294 plugins/sudoers/log_client.c:216 +#: logsrvd/logsrvd.c:1022 logsrvd/logsrvd_relay.c:771 #, c-format -msgid "unable to load certificate authority bundle %s" -msgstr "Ne eblas ŝargi aŭtoritatan atestilaron: %s" +msgid "EOF from %s without proper TLS shutdown" +msgstr "Dosierfino de %s sen konvena TLS-finiĝo" -#: logsrvd/logsrvd.c:1339 plugins/sudoers/log_client.c:249 +#: logsrvd/logsrvd.c:1065 logsrvd/logsrvd_relay.c:200 logsrvd/sendlog.c:317 +#: plugins/sudoers/log_client.c:709 #, c-format -msgid "unable to load private key %s" -msgstr "ne eblas ŝarĝi privatŝlosilon %s" +msgid "client message too large: %zu" +msgstr "klienta mesaĝo tro grandas: %zu" -#: logsrvd/logsrvd.c:1356 logsrvd/logsrvd.c:1365 -#, c-format -msgid "unable to set diffie-hellman parameters: %s" -msgstr "ne ablas agordi parametrojn de diffie-hellman: %s" +#: logsrvd/logsrvd.c:1066 logsrvd/logsrvd_journal.c:246 +#: logsrvd/logsrvd_journal.c:247 +msgid "client message too large" +msgstr "klienta mesaĝo tro grandas" -#: logsrvd/logsrvd.c:1378 -#, c-format -msgid "unable to set minimum protocol version to TLS 1.2: %s" -msgstr "ne ablas elekti minimuman eldonon de TLS al 1.2: %s" +#: logsrvd/logsrvd.c:1084 logsrvd/logsrvd.c:1085 +msgid "invalid ClientMessage" +msgstr "nevalida ClientMessage" -#: logsrvd/logsrvd.c:1563 +#: logsrvd/logsrvd.c:1386 msgid "unable to get remote IP addr" msgstr "ne eblas atingi foran IP-adreson" -#: logsrvd/logsrvd.c:1591 plugins/sudoers/log_client.c:263 +#: logsrvd/logsrvd.c:1415 logsrvd/tls_client.c:196 +#: plugins/sudoers/log_client.c:270 #, c-format msgid "Unable to attach user data to the ssl object: %s" msgstr "Ne eblas almeti uzanto-datumojn al la SSL-objekto: %s" -#: logsrvd/logsrvd.c:1599 logsrvd/logsrvd.c:1721 logsrvd/logsrvd.c:1823 -#: logsrvd/sendlog.c:1125 logsrvd/sendlog.c:1481 logsrvd/sendlog.c:1496 -#: logsrvd/sendlog.c:1554 plugins/sudoers/iolog.c:956 -#: plugins/sudoers/iolog.c:1089 plugins/sudoers/iolog.c:1187 -#: plugins/sudoers/log_client.c:109 plugins/sudoers/log_client.c:324 -#: plugins/sudoers/log_client.c:340 plugins/sudoers/log_client.c:386 -#: plugins/sudoers/log_client.c:587 plugins/sudoers/log_client.c:594 -#: plugins/sudoers/log_client.c:1103 plugins/sudoers/log_client.c:1376 -#: plugins/sudoers/log_client.c:1417 plugins/sudoers/log_client.c:1425 -#: plugins/sudoers/log_client.c:1576 plugins/sudoers/log_client.c:1692 -#: plugins/sudoers/log_client.c:2007 plugins/sudoers/log_client.c:2015 -#: plugins/sudoers/sudoreplay.c:512 plugins/sudoers/sudoreplay.c:559 -#: plugins/sudoers/sudoreplay.c:791 plugins/sudoers/sudoreplay.c:903 -#: plugins/sudoers/sudoreplay.c:993 plugins/sudoers/sudoreplay.c:1008 -#: plugins/sudoers/sudoreplay.c:1015 plugins/sudoers/sudoreplay.c:1022 -#: plugins/sudoers/sudoreplay.c:1029 plugins/sudoers/sudoreplay.c:1036 -#: plugins/sudoers/sudoreplay.c:1163 -msgid "unable to add event to queue" -msgstr "ne eblas aldoni eventon al atendovico" - -#: logsrvd/logsrvd.c:1775 logsrvd/logsrvd.c:2011 -msgid "unable setup listen socket" +#: logsrvd/logsrvd.c:1596 logsrvd/logsrvd.c:1949 +msgid "unable to setup listen socket" msgstr "ne eblas agordi aŭskultan ŝtopilingon" -#: logsrvd/logsrvd.c:1917 logsrvd/sendlog.c:124 +#: logsrvd/logsrvd.c:1713 #, c-format -msgid "" -"%s - send sudo I/O log to remote server\n" -"\n" -msgstr "" -"%s - sendi sudo-eneligo-protokolon al fora servilo\n" -"\n" +msgid "unexpected signal %d" +msgstr "neatendita signalo %d" -#: logsrvd/logsrvd.c:1920 -msgid "" -"\n" -"Options:\n" -" -f, --file path to configuration file\n" -" -h --help display help message and exit\n" -" -n, --no-fork do not fork, run in the foreground\n" -" -R, --random-drop percent chance connections will drop\n" -" -V, --version display version information and exit\n" -msgstr "" -"\n" -"Elektoj:\n" -" -f, --file=sudoers indiki lokon de la dosiero sudoers\n" -" -h, --help montri helpan mesaĝon kaj eliri\n" -" -n, --no-fork ne forki, plenumi malfore\n" -" -R, --random-drop elcenta ŝanco, ke la kontektoj interrompiĝos\n" -" -V, --version montri eldonon kaj eliri\n" +#: logsrvd/logsrvd.c:1851 +msgid "sudo log server" +msgstr "protokolo-servilo de sudo" + +#: logsrvd/logsrvd.c:1853 logsrvd/sendlog.c:116 +msgid "Options:" +msgstr "Modifiloj:" + +#: logsrvd/logsrvd.c:1855 +msgid "path to configuration file" +msgstr "vojo al la agordo-dosiero" -#: logsrvd/logsrvd.c:1972 logsrvd/sendlog.c:1719 +#: logsrvd/logsrvd.c:1857 logsrvd/sendlog.c:118 +msgid "display help message and exit" +msgstr "montri helpan mesaĝon kaj finiĝi" + +#: logsrvd/logsrvd.c:1859 +msgid "do not fork, run in the foreground" +msgstr "ne disforkiĝi, plenumiĝi en la malfono" + +#: logsrvd/logsrvd.c:1861 +msgid "percent chance connections will drop" +msgstr "elcenta ŝanco, ke konektoj malkonektiĝos" + +#: logsrvd/logsrvd.c:1863 logsrvd/sendlog.c:148 +msgid "display version information and exit" +msgstr "montri eldonan informon kaj finiĝi" + +#: logsrvd/logsrvd.c:1913 logsrvd/sendlog.c:1725 msgid "Protobuf-C version 1.3 or higher required" msgstr "Protobuf-C, eldono 1.3 aŭ pli postulata" -#: logsrvd/logsrvd.c:1990 +#: logsrvd/logsrvd.c:1929 #, c-format msgid "invalid random drop value: %s" msgstr "validiga hazarda interrompiĝo-valoro: %s" -#: logsrvd/logsrvd.c:1994 logsrvd/sendlog.c:1769 -#: plugins/sudoers/cvtsudoers.c:228 plugins/sudoers/sudoreplay.c:299 +#: logsrvd/logsrvd.c:1932 logsrvd/sendlog.c:1779 +#: plugins/sudoers/cvtsudoers.c:246 plugins/sudoers/sudoreplay.c:301 #: plugins/sudoers/visudo.c:177 #, c-format msgid "%s version %s\n" msgstr "%s eldono %s\n" -#: logsrvd/logsrvd_conf.c:331 +#: logsrvd/logsrvd_conf.c:390 plugins/sudoers/check.c:336 +#: plugins/sudoers/exptilde.c:85 plugins/sudoers/iolog.c:118 +#: plugins/sudoers/policy.c:1214 plugins/sudoers/sudoers.c:486 +#: plugins/sudoers/sudoers.c:1347 plugins/sudoers/testsudoers.c:215 +#: plugins/sudoers/testsudoers.c:382 +#, c-format +msgid "unknown user %s" +msgstr "nekonata uzanto %s" + +#: logsrvd/logsrvd_conf.c:407 plugins/sudoers/iolog.c:143 +#: plugins/sudoers/sudoers.c:491 plugins/sudoers/sudoers.c:1381 +#: plugins/sudoers/testsudoers.c:406 +#, c-format +msgid "unknown group %s" +msgstr "nekonata grupo %s" + +#: logsrvd/logsrvd_conf.c:425 +#, c-format +msgid "unable to parse iolog mode %s" +msgstr "ne eblas analizi iolog-reĝimon %s" + +#: logsrvd/logsrvd_conf.c:442 logsrvd/logsrvd_conf.c:1171 +#, c-format +msgid "invalid value for %s: %s" +msgstr "nevalida valoro por %s: %s" + +#: logsrvd/logsrvd_conf.c:481 msgid "TLS not supported" msgstr "TLS ne regata" -#: logsrvd/logsrvd_conf.c:343 +#: logsrvd/logsrvd_conf.c:503 #, c-format msgid "%s:%s" msgstr "%s:%s" -#: logsrvd/logsrvd_conf.c:409 logsrvd/logsrvd_conf.c:653 +#: logsrvd/logsrvd_conf.c:576 logsrvd/logsrvd_conf.c:970 #, c-format msgid "%s: not a fully qualified path" msgstr "%s: ne tute kvalifikita vojo" -#: logsrvd/logsrvd_conf.c:767 +#: logsrvd/logsrvd_conf.c:888 logsrvd/logsrvd_conf.c:904 +#: logsrvd/logsrvd_conf.c:1586 +#, c-format +msgid "unknown syslog facility %s" +msgstr "nekonata syslog-instalaĵo: %s" + +#: logsrvd/logsrvd_conf.c:920 logsrvd/logsrvd_conf.c:936 +#: logsrvd/logsrvd_conf.c:952 logsrvd/logsrvd_conf.c:1590 +#: logsrvd/logsrvd_conf.c:1594 logsrvd/logsrvd_conf.c:1598 +#, c-format +msgid "unknown syslog priority %s" +msgstr "nekonata syslog-prioritato: %s" + +#: logsrvd/logsrvd_conf.c:1132 #, c-format msgid "%s:%d unmatched '[': %s" msgstr "%s:%d '[' sen kongruanta ']': %s" -#: logsrvd/logsrvd_conf.c:778 +#: logsrvd/logsrvd_conf.c:1143 #, c-format msgid "%s:%d invalid config section: %s" msgstr "%s:%d nevalida agordo-sekcio: %s" -#: logsrvd/logsrvd_conf.c:786 +#: logsrvd/logsrvd_conf.c:1151 #, c-format msgid "%s:%d invalid configuration line: %s" msgstr "%s:%d nevalida agordo-dosiera linio: %s" -#: logsrvd/logsrvd_conf.c:792 +#: logsrvd/logsrvd_conf.c:1157 #, c-format msgid "%s:%d expected section name: %s" msgstr "%s:%d atendas sekcian nomon: %s" -#: logsrvd/logsrvd_conf.c:806 +#: logsrvd/logsrvd_conf.c:1179 #, c-format -msgid "invalid value for %s: %s" -msgstr "nevalida valoro por %s: %s" +msgid "%s:%d [%s] illegal key: %s" +msgstr "%s:%d [%s] nevalida ŝlosilo: %s" -#: logsrvd/logsrvd_conf.c:814 +#: logsrvd/logsrvd_conf.c:1209 plugins/sudoers/cvtsudoers.c:268 +#: plugins/sudoers/logging.c:856 #, c-format -msgid "%s:%d unknown key: %s" -msgstr "%s:%d nekonata ŝlosilvorto: %s" +msgid "unable to open log file %s" +msgstr "ne eblas malfermi protokolon %s" + +#: logsrvd/logsrvd_conf.c:1666 +msgid "unable to initialize server TLS context" +msgstr "ne eblas ekigi servilan TLS-kuntekston" + +#: logsrvd/logsrvd_conf.c:1686 +msgid "unable to initialize relay TLS context" +msgstr "ne eblas ekigi relajsan SSL-kuntekston" + +#: logsrvd/logsrvd_journal.c:136 logsrvd/logsrvd_journal.c:416 +#: logsrvd/logsrvd_journal.c:421 +msgid "unable to create journal file" +msgstr "ne eblas krei ĵurnalon" -#: logsrvd/logsrvd_conf.c:1003 +#: logsrvd/logsrvd_journal.c:140 logsrvd/logsrvd_queue.c:104 +#: plugins/sudoers/visudo.c:1007 #, c-format -msgid "unknown syslog facility %s" -msgstr "nekonata syslog-instalaĵo: %s" +msgid "unable to lock %s" +msgstr "ne eblas ŝlosi: %s" -#: logsrvd/logsrvd_conf.c:1007 logsrvd/logsrvd_conf.c:1011 -#: logsrvd/logsrvd_conf.c:1015 +#: logsrvd/logsrvd_journal.c:143 +msgid "unable to lock journal file" +msgstr "ne eblas ŝlosi ĵurnalon" + +#: logsrvd/logsrvd_journal.c:151 +msgid "unable to open journal file" +msgstr "ne eblas malfermi ĵurnalon" + +#: logsrvd/logsrvd_journal.c:172 logsrvd/logsrvd_journal.c:452 +#: logsrvd/logsrvd_journal.c:457 +msgid "unable to write journal file" +msgstr "ne eblas skribi ĵurnalon: %s" + +#: logsrvd/logsrvd_journal.c:180 logsrvd/logsrvd_journal.c:187 +msgid "unable to rename journal file" +msgstr "ne eblas alinomi ĵurnalon" + +#: logsrvd/logsrvd_journal.c:234 logsrvd/logsrvd_journal.c:235 +#: logsrvd/logsrvd_journal.c:269 logsrvd/logsrvd_journal.c:270 +msgid "unexpected EOF reading journal file" +msgstr "neatendita dosierfino en ĵurnalo" + +#: logsrvd/logsrvd_journal.c:238 logsrvd/logsrvd_journal.c:239 +#: logsrvd/logsrvd_journal.c:273 logsrvd/logsrvd_journal.c:274 +msgid "error reading journal file" +msgstr "eraro dum legi prelegan ĵurnalon" + +#: logsrvd/logsrvd_journal.c:285 logsrvd/logsrvd_journal.c:376 +msgid "invalid journal file, unable to restart" +msgstr "nevalida ĵurnalo, ne eblas restarti" + +#: logsrvd/logsrvd_journal.c:435 #, c-format -msgid "unknown syslog priority %s" -msgstr "nekonata syslog-prioritato: %s" +msgid "unable to seek to [%lld, %ld] in journal file %s" +msgstr "ne eblas atingi punkton [%lld, %ld] en ĵurnalo %s" -#: logsrvd/sendlog.c:127 -msgid "" -"\n" -"Options:\n" -" --help display help message and exit\n" -" -A, --accept only send an accept event (no I/O)\n" -" -h, --host host to send logs to\n" -" -i, --iolog_id remote ID of I/O log to be resumed\n" -" -p, --port port to use when connecting to host\n" -" -r, --restart restart previous I/O log transfer\n" -" -R, --reject reject the command with the given reason\n" -" -b, --ca-bundle certificate bundle file to verify server's cert against\n" -" -c, --cert certificate file for TLS handshake\n" -" -k, --key private key file\n" -" -n, --no-verify do not verify server certificate\n" -" -t, --test test audit server by sending selected I/O log n times in parallel\n" -" -V, --version display version information and exit\n" -msgstr "" -"\n" -"Elektoj:\n" -" --help montri helpilon kaj fini\n" -" -A, --accept sendi nur akcepto-eventon (neniun eneligon)\n" -" -h, --host retnodo al kiu sendi protokolojn\n" -" -i, --iolog_id fara identigilo de eneliga logo daŭrigota\n" -" -p, --port pordo uzota dum konektiĝi al retnodo\n" -" -r, --restart restartigi antaŭan eneligo-protokolan transigon\n" -" -R, --reject malakcepti la komandon kun donita kialo\n" -" -b, --ca-bundle atestilara dosiero kontraŭ kiu konstati la atestilon de la servilo\n" -" -c, --cert atestila dosiero por TLS-manpremo\n" -" -k, --key privatŝlosila dosiero\n" -" -n, --no-verify ne konstati la servilan atestilon\n" -" -t, --test provi kontrolan servilon per sendado de la elektita eneliga protokolo n-foje paralele\n" -" -V, --version montri eldonon kaj fini\n" +#: logsrvd/logsrvd_local.c:153 +msgid "error parsing AcceptMessage" +msgstr "neanalizebla AcceptMessage" + +#: logsrvd/logsrvd_local.c:164 +msgid "error creating I/O log" +msgstr "malsukcesis kreiĝo de eneliga protokolo" -#: logsrvd/sendlog.c:164 plugins/sudoers/log_client.c:432 +#: logsrvd/logsrvd_local.c:187 +msgid "error logging accept event" +msgstr "malsukcesis protokoli akcepto-eventon" + +#: logsrvd/logsrvd_local.c:226 +msgid "error parsing RejectMessage" +msgstr "neanalizebla RejectMessage" + +#: logsrvd/logsrvd_local.c:250 +msgid "error logging reject event" +msgstr "malsukcesis protokoli malakcepto-eventon" + +#: logsrvd/logsrvd_local.c:386 logsrvd/logsrvd_local.c:394 +msgid "error logging exit event" +msgstr "malsukcesis protokoli finigo-eventon" + +#: logsrvd/logsrvd_local.c:451 logsrvd/logsrvd_local.c:452 +msgid "log is already complete, cannot be restarted" +msgstr "protokolo jam estas kompleta, ne eblas restartigi ĝin" + +#: logsrvd/logsrvd_local.c:482 +msgid "unable to restart log" +msgstr "ne eblas restartigi protokolon" + +#: logsrvd/logsrvd_local.c:498 +msgid "error parsing AlertMessage" +msgstr "neanalizebla AlertMessage" + +#: logsrvd/logsrvd_local.c:508 +msgid "error logging alert event" +msgstr "malsukcesis protokoli alarmo-eventon" + +#: logsrvd/logsrvd_local.c:543 logsrvd/logsrvd_local.c:596 +#: logsrvd/logsrvd_local.c:631 +#, c-format +msgid "unable to format timing buffer, length %d" +msgstr "ne eblas aranĝi tempo-bufron, longo %d" + +#: logsrvd/logsrvd_local.c:550 logsrvd/logsrvd_local.c:558 +#: logsrvd/logsrvd_local.c:603 logsrvd/logsrvd_local.c:638 +#: plugins/sudoers/sudoreplay.c:351 +#, c-format +msgid "%s/%s: %s" +msgstr "%s/%s: %s" + +#: logsrvd/logsrvd_local.c:578 +msgid "error writing IoBuffer" +msgstr "neskribebla IoBuffer" + +#: logsrvd/logsrvd_local.c:613 +msgid "error writing ChangeWindowSize" +msgstr "neskribela ChangeWindowSize" + +#: logsrvd/logsrvd_local.c:648 +msgid "error writing CommandSuspend" +msgstr "neskribela CommandSuspend" + +#: logsrvd/logsrvd_relay.c:430 +msgid "TLS handshake with relay host failed" +msgstr "Malsukcesis TLS-manpremo kun relajsa retnodo" + +#: logsrvd/logsrvd_relay.c:458 +msgid "unable to connect to relay host" +msgstr "ne eblas konektiĝi al relajsa retnodo" + +#: logsrvd/logsrvd_relay.c:513 +#, c-format +msgid "%s: invalid ServerHello, missing server_id" +msgstr "%s: nevalida ServerHello, server_id mankas" + +#: logsrvd/logsrvd_relay.c:515 logsrvd/sendlog.c:1121 +#: plugins/sudoers/log_client.c:1497 +msgid "invalid ServerHello" +msgstr "nevalida ServerHello" + +#: logsrvd/logsrvd_relay.c:674 +msgid "unrecognized ServerMessage type" +msgstr "nekonata ServerMessage-tipo" + +#: logsrvd/logsrvd_relay.c:703 +#, c-format +msgid "timed out reading from relay %s (%s)" +msgstr "eksvalidiĝo dum legado el relajso %s (%s)" + +#: logsrvd/logsrvd_relay.c:705 +msgid "timeout reading from relay" +msgstr "eksvalidiĝo dum legado el relajso" + +#: logsrvd/logsrvd_relay.c:757 +msgid "relay host name does not match certificate" +msgstr "relajsa retnodnomo ne kongruas kun atestilo" + +#: logsrvd/logsrvd_relay.c:763 logsrvd/logsrvd_relay.c:776 +#: logsrvd/logsrvd_relay.c:782 +msgid "error reading from relay" +msgstr "eraro dum legi el relajso" + +#: logsrvd/logsrvd_relay.c:803 +msgid "unable to read from relay" +msgstr "ne eblas legi el relajso" + +#: logsrvd/logsrvd_relay.c:818 logsrvd/logsrvd_relay.c:936 +msgid "relay server closed connection" +msgstr "relajsa servilo fermis la konekton" + +#: logsrvd/logsrvd_relay.c:836 +msgid "server message too large" +msgstr "servila mesaĝo tro granda" + +#: logsrvd/logsrvd_relay.c:900 +#, c-format +msgid "timed out writing to relay %s (%s)" +msgstr "eksvalidiĝo dum skribado al relajso %s (%s)" + +#: logsrvd/logsrvd_relay.c:902 +msgid "timeout writing to relay" +msgstr "eksvalidiĝo dum skribado al relajso" + +#: logsrvd/logsrvd_relay.c:955 logsrvd/logsrvd_relay.c:961 +#: logsrvd/logsrvd_relay.c:971 +msgid "error writing to relay" +msgstr "eraro dum skribi al relajso" + +#: logsrvd/sendlog.c:114 +msgid "send sudo I/O log to remote server" +msgstr "%s - sendi eneligo-protokolon de sudo al fora servilo" + +#: logsrvd/sendlog.c:120 +msgid "only send an accept event (no I/O)" +msgstr "sendi nur akcepto-eventon (neniun eneligon)" + +#: logsrvd/sendlog.c:123 +msgid "certificate bundle file to verify server's cert against" +msgstr "atestilara dosiero kontraŭ kiu aŭtentigi la servilan atestilon" + +#: logsrvd/sendlog.c:125 +msgid "certificate file for TLS handshake" +msgstr "atestila dosiero por TLS-manpremo" + +#: logsrvd/sendlog.c:128 +msgid "host to send logs to" +msgstr "retnodo al kiu sendi protokolojn" + +#: logsrvd/sendlog.c:130 +msgid "remote ID of I/O log to be resumed" +msgstr "fora identigilo de eneliga protokolo rekomenciĝonta" + +#: logsrvd/sendlog.c:133 +msgid "private key file" +msgstr "privatŝlosila dosiero" + +#: logsrvd/sendlog.c:135 +msgid "do not verify server certificate" +msgstr "ne aŭtentigi servilan atestilon" + +#: logsrvd/sendlog.c:138 +msgid "port to use when connecting to host" +msgstr "porto uzoto dum konektiĝi al retnodo" + +#: logsrvd/sendlog.c:140 +msgid "restart previous I/O log transfer" +msgstr "restartigi iaman eneligo-protokolan transdonon" + +#: logsrvd/sendlog.c:142 +msgid "reject the command with the given reason" +msgstr "malakcepti la komandon kun la donita kialo" + +#: logsrvd/sendlog.c:144 +msgid "stop transfer after reaching this time" +msgstr "haltigi transigon post atingo de ĉi tiu tempo" + +#: logsrvd/sendlog.c:146 +msgid "test audit server by sending selected I/O log n times in parallel" +msgstr "provi revizian servilon per sendado de elektita eneliga logo n-foje paralele" + +#: logsrvd/sendlog.c:171 plugins/sudoers/log_client.c:441 #, c-format msgid "unable to look up %s:%s: %s" msgstr "ne eblas serĉi je %s:%s %s" -#: logsrvd/sendlog.c:202 +#: logsrvd/sendlog.c:209 msgid "unable to get server IP addr" msgstr "ne eblas atingi servilan IP-adreson" -#: logsrvd/sendlog.c:256 plugins/sudoers/sudoreplay.c:851 +#: logsrvd/sendlog.c:295 plugins/sudoers/sudoreplay.c:871 #, c-format msgid "unable to read %s/%s: %s" msgstr "ne eblas legi je %s/%s: %s" -#: logsrvd/sendlog.c:277 plugins/sudoers/log_client.c:694 -#, c-format -msgid "client message too large: %zu" -msgstr "klienta mesaĝo tro grandas: %zu" - -#: logsrvd/sendlog.c:810 -#, c-format -msgid "%s: write buffer already in use" -msgstr "%s: skribobufo jam uzata" - -#: logsrvd/sendlog.c:862 plugins/sudoers/iolog.c:880 -#: plugins/sudoers/iolog.c:949 +#: logsrvd/sendlog.c:1045 plugins/sudoers/iolog.c:887 +#: plugins/sudoers/iolog.c:956 #, c-format msgid "unexpected I/O event %d" msgstr "neatendita eneliga evento %d" -#: logsrvd/sendlog.c:908 logsrvd/sendlog.c:925 logsrvd/sendlog.c:959 -#: plugins/sudoers/log_client.c:1118 plugins/sudoers/log_client.c:1386 -#: plugins/sudoers/log_client.c:1454 plugins/sudoers/log_client.c:1490 +#: logsrvd/sendlog.c:1098 logsrvd/sendlog.c:1115 logsrvd/sendlog.c:1149 +#: plugins/sudoers/log_client.c:1146 plugins/sudoers/log_client.c:1423 +#: plugins/sudoers/log_client.c:1491 plugins/sudoers/log_client.c:1530 #, c-format msgid "%s: unexpected state %d" msgstr "%s: neatendita stato %d" -#: logsrvd/sendlog.c:931 plugins/sudoers/log_client.c:1460 -msgid "invalid ServerHello" -msgstr "nevalida ServerHello" - -#: logsrvd/sendlog.c:995 plugins/sudoers/log_client.c:1534 +#: logsrvd/sendlog.c:1185 plugins/sudoers/log_client.c:1576 #, c-format msgid "error message received from server: %s" msgstr "erarmesaĝo ricevita el servilo: %s" -#: logsrvd/sendlog.c:1008 plugins/sudoers/log_client.c:1547 +#: logsrvd/sendlog.c:1198 plugins/sudoers/log_client.c:1589 #, c-format msgid "abort message received from server: %s" msgstr "abortiga mesaĝo ricevita el servilo: %s" -#: logsrvd/sendlog.c:1027 plugins/sudoers/log_client.c:1566 -msgid "unable to unpack ServerMessage" -msgstr "neelpakebla ServerMessage" - -#: logsrvd/sendlog.c:1067 plugins/sudoers/log_client.c:1597 +#: logsrvd/sendlog.c:1257 plugins/sudoers/log_client.c:1639 #, c-format msgid "%s: unexpected type_case value %d" msgstr "%s neatendita valoro %d de type_case" -#: logsrvd/sendlog.c:1096 +#: logsrvd/sendlog.c:1286 msgid "timeout reading from server" msgstr "eksvalidiĝo dum legado el servilo" -#: logsrvd/sendlog.c:1174 +#: logsrvd/sendlog.c:1368 msgid "premature EOF" msgstr "trofrua dosierfino" -#: logsrvd/sendlog.c:1187 plugins/sudoers/log_client.c:1751 +#: logsrvd/sendlog.c:1381 plugins/sudoers/log_client.c:1800 #, c-format msgid "server message too large: %u" msgstr "servila mesaĝo tro granda: %u" -#: logsrvd/sendlog.c:1238 +#: logsrvd/sendlog.c:1437 msgid "timeout writing to server" msgstr "eksvalidiĝo dum skribado al servilo" -#: logsrvd/sendlog.c:1457 plugins/sudoers/log_client.c:296 +#: logsrvd/sendlog.c:1802 +msgid "both restart point and iolog ID must be specified" +msgstr "kaj restartiga punkto kaj iolog-identigilo estas specifendaj" + +#: logsrvd/sendlog.c:1806 +msgid "a restart point may not be set when no I/O is sent" +msgstr "ne rajtas estigi restartigan punkton kiam neniu eneligaĵo estas sendita" + +#: logsrvd/sendlog.c:1882 +#, c-format +msgid "exited prematurely with state %d" +msgstr "trofrue finiĝis kun stato %d" + +#: logsrvd/sendlog.c:1883 +#, c-format +msgid "elapsed time sent to server [%lld, %ld]" +msgstr "pasinta tempo sentita al servilo [%lld, %ld]" + +#: logsrvd/sendlog.c:1885 +#, c-format +msgid "commit point received from server [%lld, %ld]" +msgstr "kunsendita punkto ricevita el servilo [%lld, %ld]" + +#: logsrvd/tls_client.c:106 plugins/sudoers/log_client.c:304 msgid "TLS handshake timeout occurred" msgstr "Eksvalidiĝo de TLS-manpremo okazis" -#: logsrvd/sendlog.c:1476 logsrvd/sendlog.c:1491 -#: plugins/sudoers/log_client.c:318 plugins/sudoers/log_client.c:334 +#: logsrvd/tls_client.c:126 logsrvd/tls_client.c:142 +#: plugins/sudoers/log_client.c:326 plugins/sudoers/log_client.c:342 msgid "unable to set event" msgstr "ne eblas apliki eventon" -#: logsrvd/sendlog.c:1501 logsrvd/sendlog.c:1505 +#: logsrvd/tls_client.c:152 logsrvd/tls_client.c:156 #, c-format msgid "TLS connection failed: %s" msgstr "TLS-konekto malsukcesis: %s" -#: logsrvd/sendlog.c:1538 -#, c-format -msgid "Unable to initialize ssl context: %s" -msgstr "ne eblas ekigi SSL-kuntekston: %s" - -#: logsrvd/sendlog.c:1543 plugins/sudoers/log_client.c:258 +#: logsrvd/tls_client.c:190 #, c-format -msgid "Unable to allocate ssl object: %s" -msgstr "Ne eblas generi SSL-objekton: %s" +msgid "unable to allocate ssl object: %s" +msgstr "ne eblas generi SSL-objekton: %s" -#: logsrvd/sendlog.c:1548 +#: logsrvd/tls_client.c:203 #, c-format msgid "Unable to attach socket to the ssl object: %s" msgstr "Ne eblas almeti ŝtopilingon al la SSL-objekton: %s" -#: logsrvd/sendlog.c:1792 -msgid "both restart point and iolog ID must be specified" -msgstr "kaj restartiga punkto kaj iolog-identigilo estas specifendaj" +#: logsrvd/tls_client.c:231 +msgid "unable to initialize TLS context" +msgstr "ne eblas ekigi TLS-kuntekston" -#: logsrvd/sendlog.c:1796 -msgid "a restart point may not be set when no I/O is sent" -msgstr "ne rajtas estigi restartigan punkton kiam neniu eneligaĵo estas sendita" +#: logsrvd/tls_init.c:127 logsrvd/tls_init.c:135 +#, c-format +msgid "unable to set TLS 1.2 ciphersuite to %s: %s" +msgstr "ne agordi ĉifraron de TLS 1.2 al %s: %s" -#: logsrvd/sendlog.c:1871 +#: logsrvd/tls_init.c:155 logsrvd/tls_init.c:163 #, c-format -msgid "exited prematurely with state %d" -msgstr "trofrue finiĝis kun stato %d" +msgid "unable to set TLS 1.3 ciphersuite to %s: %s" +msgstr "ne agordi ĉifraron de TLS 1.3 al %s: %s" -#: logsrvd/sendlog.c:1872 +#: logsrvd/tls_init.c:195 logsrvd/tls_init.c:216 #, c-format -msgid "elapsed time sent to server [%lld, %ld]" -msgstr "pasinta tempo sentita al servilo [%lld, %ld]" +msgid "unable to set diffie-hellman parameters: %s" +msgstr "ne ablas agordi parametrojn de diffie-hellman: %s" -#: logsrvd/sendlog.c:1874 +#: logsrvd/tls_init.c:272 #, c-format -msgid "commit point received from server [%lld, %ld]" -msgstr "kunsendita punkto ricevita el servilo [%lld, %ld]" +msgid "unable to create TLS context: %s" +msgstr "ne eblas krei TLS-kuntekston: %s" -#: plugins/sudoers/alias.c:148 +#: logsrvd/tls_init.c:278 #, c-format -msgid "Alias \"%s\" already defined" -msgstr "Kromnomo \"%s\" jam ekzistas" +msgid "unable to set minimum protocol version to TLS 1.2: %s" +msgstr "ne ablas elekti minimuman eldonon de TLS al 1.2: %s" -#: plugins/sudoers/audit.c:206 plugins/sudoers/audit.c:343 -#: plugins/sudoers/log_client.c:954 plugins/sudoers/log_client.c:1002 -#: plugins/sudoers/log_client.c:1050 plugins/sudoers/log_client.c:1175 -#: plugins/sudoers/logging.c:548 plugins/sudoers/policy.c:114 +#: plugins/sudoers/audit.c:267 plugins/sudoers/audit.c:419 +#: plugins/sudoers/log_client.c:979 plugins/sudoers/log_client.c:1028 +#: plugins/sudoers/log_client.c:1077 plugins/sudoers/log_client.c:1203 +#: plugins/sudoers/logging.c:551 plugins/sudoers/logging.c:648 +#: plugins/sudoers/logging.c:810 plugins/sudoers/policy.c:123 msgid "unable to get time of day" msgstr "ne eblas akiri la tempon de la tago" @@ -913,45 +1343,45 @@ msgid "unable to change password for %s" msgstr "ne eblas ŝanĝi pasvorton por %s" -#: plugins/sudoers/auth/bsdauth.c:70 +#: plugins/sudoers/auth/bsdauth.c:74 #, c-format msgid "unable to get login class for user %s" msgstr "ne eblas akiri ensalutan klason por uzanto %s" -#: plugins/sudoers/auth/bsdauth.c:75 +#: plugins/sudoers/auth/bsdauth.c:79 msgid "unable to begin bsd authentication" msgstr "ne eblas komenci bsd-aŭtentikigon" -#: plugins/sudoers/auth/bsdauth.c:83 +#: plugins/sudoers/auth/bsdauth.c:87 msgid "invalid authentication type" msgstr "malvalida aŭtentikiga tipo" -#: plugins/sudoers/auth/bsdauth.c:92 +#: plugins/sudoers/auth/bsdauth.c:96 msgid "unable to initialize BSD authentication" msgstr "ne eblas komenci BSD-aŭtentikigon" -#: plugins/sudoers/auth/bsdauth.c:179 +#: plugins/sudoers/auth/bsdauth.c:183 msgid "your account has expired" msgstr "via konto ekzvalidiĝis" -#: plugins/sudoers/auth/bsdauth.c:181 +#: plugins/sudoers/auth/bsdauth.c:185 msgid "approval failed" msgstr "aprobo malsukcesis" -#: plugins/sudoers/auth/fwtk.c:54 +#: plugins/sudoers/auth/fwtk.c:58 msgid "unable to read fwtk config" msgstr "ne eblas legi fwtk-agordon" -#: plugins/sudoers/auth/fwtk.c:59 +#: plugins/sudoers/auth/fwtk.c:63 msgid "unable to connect to authentication server" msgstr "ne eblas konektiĝi al aŭtentikiga servilo" -#: plugins/sudoers/auth/fwtk.c:65 plugins/sudoers/auth/fwtk.c:89 -#: plugins/sudoers/auth/fwtk.c:121 +#: plugins/sudoers/auth/fwtk.c:69 plugins/sudoers/auth/fwtk.c:94 +#: plugins/sudoers/auth/fwtk.c:126 msgid "lost connection to authentication server" msgstr "konekto al aŭtentikiga servilo perdita" -#: plugins/sudoers/auth/fwtk.c:69 +#: plugins/sudoers/auth/fwtk.c:73 #, c-format msgid "" "authentication server error:\n" @@ -965,83 +1395,83 @@ msgid "%s: unable to convert principal to string ('%s'): %s" msgstr "%s ne eblas konverti ĉefon al ĉeno ('%s'): %s" -#: plugins/sudoers/auth/kerb5.c:160 +#: plugins/sudoers/auth/kerb5.c:162 #, c-format msgid "%s: unable to parse '%s': %s" msgstr "%s: ne eblas analizi: '%s': %s" -#: plugins/sudoers/auth/kerb5.c:169 +#: plugins/sudoers/auth/kerb5.c:171 #, c-format msgid "%s: unable to resolve credential cache: %s" msgstr "%s: ne eblas trovi ccache-on: %s" -#: plugins/sudoers/auth/kerb5.c:216 +#: plugins/sudoers/auth/kerb5.c:220 #, c-format msgid "%s: unable to allocate options: %s" msgstr "%s: ne eblas generi elektojn: %s" -#: plugins/sudoers/auth/kerb5.c:231 +#: plugins/sudoers/auth/kerb5.c:235 #, c-format msgid "%s: unable to get credentials: %s" msgstr "%s: ne eblas akiri atestilojn: %s" -#: plugins/sudoers/auth/kerb5.c:244 +#: plugins/sudoers/auth/kerb5.c:248 #, c-format msgid "%s: unable to initialize credential cache: %s" msgstr "%s: ne eblas ekigi atestilan kaŝmemoron: %s" -#: plugins/sudoers/auth/kerb5.c:247 +#: plugins/sudoers/auth/kerb5.c:251 #, c-format msgid "%s: unable to store credential in cache: %s" msgstr "%s: ne eblas konservi atestilon en kaŝmemoro: %s" -#: plugins/sudoers/auth/kerb5.c:311 +#: plugins/sudoers/auth/kerb5.c:315 #, c-format msgid "%s: unable to get host principal: %s" msgstr "%s: ne eblas atingi gastiganton ĉefan: %s" -#: plugins/sudoers/auth/kerb5.c:325 +#: plugins/sudoers/auth/kerb5.c:329 #, c-format msgid "%s: Cannot verify TGT! Possible attack!: %s" msgstr "%s: Ne eblas kontroli TGT! Ebla atako!: %s" -#: plugins/sudoers/auth/pam.c:218 +#: plugins/sudoers/auth/pam.c:216 #, c-format msgid "unable to initialize PAM: %s" msgstr "ne eblas ekigi PAM: %s" -#: plugins/sudoers/auth/pam.c:317 +#: plugins/sudoers/auth/pam.c:338 #, c-format msgid "PAM authentication error: %s" msgstr "Eraro de aŭtentikiga servilo: %s" -#: plugins/sudoers/auth/pam.c:336 +#: plugins/sudoers/auth/pam.c:357 msgid "account validation failure, is your account locked?" msgstr "malsukceso ĉe konta validigo, ĉu via konto estas ŝlosita?" -#: plugins/sudoers/auth/pam.c:347 +#: plugins/sudoers/auth/pam.c:368 msgid "Account or password is expired, reset your password and try again" msgstr "Konto aŭ pasvorto eksvalidiĝis, restarigu vian pasvorton kaj reprovu" -#: plugins/sudoers/auth/pam.c:353 +#: plugins/sudoers/auth/pam.c:374 #, c-format msgid "unable to change expired password: %s" msgstr "ne eblas ŝanĝi eksvalidan pasvorton: %s" -#: plugins/sudoers/auth/pam.c:364 +#: plugins/sudoers/auth/pam.c:385 msgid "Password expired, contact your system administrator" msgstr "Pasvorto eksvalidiĝis, kontaktu vian sistemestron" -#: plugins/sudoers/auth/pam.c:369 +#: plugins/sudoers/auth/pam.c:390 msgid "Account expired or PAM config lacks an \"account\" section for sudo, contact your system administrator" msgstr "Konto eksvalidiĝis aŭ PAM-agordon malhavas sekcion \"account\" por sudo, kontaktu vian sistemestron" -#: plugins/sudoers/auth/pam.c:377 plugins/sudoers/auth/pam.c:382 +#: plugins/sudoers/auth/pam.c:398 plugins/sudoers/auth/pam.c:403 #, c-format msgid "PAM account management error: %s" msgstr "Eraro de administro de konto PAM: %s" -#: plugins/sudoers/auth/rfc1938.c:99 plugins/sudoers/visudo.c:243 +#: plugins/sudoers/auth/rfc1938.c:99 plugins/sudoers/visudo.c:255 #, c-format msgid "you do not exist in the %s database" msgstr "vi ne ekzistas en la datumbazo %s" @@ -1050,31 +1480,31 @@ msgid "failed to initialise the ACE API library" msgstr "malsukcesis ekigi la bibliotekon de la API ACE" -#: plugins/sudoers/auth/securid5.c:98 +#: plugins/sudoers/auth/securid5.c:103 msgid "unable to contact the SecurID server" msgstr "ne eblas kontakti la servilon de SecurID" -#: plugins/sudoers/auth/securid5.c:107 +#: plugins/sudoers/auth/securid5.c:112 msgid "User ID locked for SecurID Authentication" msgstr "Uzanto-identigilo ŝlosita pro Aŭtentikigo SecurID" -#: plugins/sudoers/auth/securid5.c:111 plugins/sudoers/auth/securid5.c:162 +#: plugins/sudoers/auth/securid5.c:116 plugins/sudoers/auth/securid5.c:167 msgid "invalid username length for SecurID" msgstr "malvalida salutnoma longo por SecurID" -#: plugins/sudoers/auth/securid5.c:115 plugins/sudoers/auth/securid5.c:167 +#: plugins/sudoers/auth/securid5.c:120 plugins/sudoers/auth/securid5.c:172 msgid "invalid Authentication Handle for SecurID" msgstr "malvalida Aŭtentikiga Traktilo por SecurID" -#: plugins/sudoers/auth/securid5.c:119 +#: plugins/sudoers/auth/securid5.c:124 msgid "SecurID communication failed" msgstr "Komunikiĝo kun SecurID malsukcesis" -#: plugins/sudoers/auth/securid5.c:123 plugins/sudoers/auth/securid5.c:210 +#: plugins/sudoers/auth/securid5.c:128 plugins/sudoers/auth/securid5.c:215 msgid "unknown SecurID error" msgstr "nekonata SecurID-eraro" -#: plugins/sudoers/auth/securid5.c:157 +#: plugins/sudoers/auth/securid5.c:162 msgid "invalid passcode length for SecurID" msgstr "malvalida paskoda longo por SecurID" @@ -1114,7 +1544,17 @@ msgid "unable to commit audit record" msgstr "ne eblis konservi revizian rikordon" -#: plugins/sudoers/check.c:258 +#: plugins/sudoers/check.c:264 +#, c-format +msgid "error reading lecture file %s" +msgstr "eraro dum legi prelegan dosieron %s" + +#: plugins/sudoers/check.c:270 +#, c-format +msgid "ignoring lecture file %s: not a regular file" +msgstr "ignoranta prelegan dosieron %s: ne regula dosiero" + +#: plugins/sudoers/check.c:283 msgid "" "\n" "We trust you have received the usual lecture from the local System\n" @@ -1134,118 +1574,122 @@ " #3) Granda povo devigas grandan responson.\n" "\n" -#: plugins/sudoers/check.c:301 plugins/sudoers/check.c:311 -#: plugins/sudoers/sudoers.c:837 plugins/sudoers/sudoers.c:858 +#: plugins/sudoers/check.c:331 plugins/sudoers/check.c:341 +#: plugins/sudoers/sudoers.c:885 plugins/sudoers/sudoers.c:906 #: plugins/sudoers/tsdump.c:119 #, c-format -msgid "unknown uid: %u" -msgstr "nekonata uid: %u" +msgid "unknown uid %u" +msgstr "nekonata uid %u" + +#: plugins/sudoers/check_aliases.c:92 +#, c-format +msgid "Error: %s:%d:%d: cycle in %s \"%s\"" +msgstr "Eraro: %s:%d:%d: ciklo en %s \"%s\"" + +#: plugins/sudoers/check_aliases.c:93 +#, c-format +msgid "Warning: %s:%d:%d: cycle in %s \"%s\"" +msgstr "Averto: %s:%d:%d: ciklo en %s \"%s\"" -#: plugins/sudoers/check.c:306 plugins/sudoers/exptilde.c:85 -#: plugins/sudoers/iolog.c:118 plugins/sudoers/policy.c:1088 -#: plugins/sudoers/sudoers.c:440 plugins/sudoers/sudoers.c:1307 -#: plugins/sudoers/testsudoers.c:219 plugins/sudoers/testsudoers.c:386 +#: plugins/sudoers/check_aliases.c:97 #, c-format -msgid "unknown user: %s" -msgstr "nekonata uzanto: %s" +msgid "Error: %s:%d:%d: %s \"%s\" referenced but not defined" +msgstr "Eraro: %s:%d:%d: %s \"%s\" estas referencita sed ne difinita" -#: plugins/sudoers/cvtsudoers.c:194 +#: plugins/sudoers/check_aliases.c:98 +#, c-format +msgid "Warning: %s:%d:%d: %s \"%s\" referenced but not defined" +msgstr "Averto: %s:%d:%d: %s \"%s\" estas referencita sed ne difinita" + +#: plugins/sudoers/cvtsudoers.c:209 #, c-format msgid "order increment: %s: %s" msgstr "alkremento de ordo: %s: %s" -#: plugins/sudoers/cvtsudoers.c:210 +#: plugins/sudoers/cvtsudoers.c:228 #, c-format msgid "starting order: %s: %s" msgstr "komenca ordo: %s: %s" -#: plugins/sudoers/cvtsudoers.c:220 +#: plugins/sudoers/cvtsudoers.c:238 #, c-format msgid "order padding: %s: %s" msgstr "ŝtopado de ordo: %s: %s" -#: plugins/sudoers/cvtsudoers.c:230 plugins/sudoers/visudo.c:179 +#: plugins/sudoers/cvtsudoers.c:248 plugins/sudoers/visudo.c:179 #, c-format msgid "%s grammar version %d\n" msgstr "%s gramatika eldono %d\n" -#: plugins/sudoers/cvtsudoers.c:247 plugins/sudoers/testsudoers.c:167 +#: plugins/sudoers/cvtsudoers.c:277 plugins/sudoers/testsudoers.c:159 #, c-format msgid "unsupported input format %s" msgstr "nesubtenata enig-formo %s" -#: plugins/sudoers/cvtsudoers.c:262 +#: plugins/sudoers/cvtsudoers.c:295 #, c-format msgid "unsupported output format %s" msgstr "nesubtenata elig-formo %s" -#: plugins/sudoers/cvtsudoers.c:314 +#: plugins/sudoers/cvtsudoers.c:385 #, c-format msgid "%s: input and output files must be different" msgstr "%s: eliga kaj eniga dosieroj devas esti malsamaj" -#: plugins/sudoers/cvtsudoers.c:330 plugins/sudoers/sudoers.c:178 -#: plugins/sudoers/testsudoers.c:258 plugins/sudoers/visudo.c:249 -#: plugins/sudoers/visudo.c:603 plugins/sudoers/visudo.c:926 +#: plugins/sudoers/cvtsudoers.c:399 plugins/sudoers/sudoers.c:159 +#: plugins/sudoers/sudoers.c:205 plugins/sudoers/testsudoers.c:254 +#: plugins/sudoers/visudo.c:261 plugins/sudoers/visudo.c:620 +#: plugins/sudoers/visudo.c:953 msgid "unable to initialize sudoers default values" msgstr "ne eblas ekigi aŭtomatajn valorojn de sudoers" -#: plugins/sudoers/cvtsudoers.c:416 plugins/sudoers/ldap_conf.c:431 +#: plugins/sudoers/cvtsudoers.c:522 plugins/sudoers/ldap_conf.c:431 #, c-format msgid "%s: %s: %s: %s" msgstr "%s: %s: %s: %s" -#: plugins/sudoers/cvtsudoers.c:475 +#: plugins/sudoers/cvtsudoers.c:581 #, c-format -msgid "%s: unknown key word: %s" -msgstr "%s: nekonata ŝlosilvorto: %s" +msgid "%s: unknown key word %s" +msgstr "%s: nekonata ŝlosilvorto %s" -#: plugins/sudoers/cvtsudoers.c:521 +#: plugins/sudoers/cvtsudoers.c:627 #, c-format msgid "invalid defaults type: %s" msgstr "malvalida defaŭlto-tipo: %s" -#: plugins/sudoers/cvtsudoers.c:544 +#: plugins/sudoers/cvtsudoers.c:650 #, c-format msgid "invalid suppression type: %s" msgstr "malvalida demeto-tipo: %s" -#: plugins/sudoers/cvtsudoers.c:584 plugins/sudoers/cvtsudoers.c:598 +#: plugins/sudoers/cvtsudoers.c:691 plugins/sudoers/cvtsudoers.c:707 #, c-format msgid "invalid filter: %s" msgstr "malvalida filtro: %s" -#: plugins/sudoers/cvtsudoers.c:617 plugins/sudoers/cvtsudoers.c:634 -#: plugins/sudoers/cvtsudoers.c:1244 plugins/sudoers/cvtsudoers_json.c:872 -#: plugins/sudoers/cvtsudoers_ldif.c:688 plugins/sudoers/sudoers.c:1053 -#: plugins/sudoers/sudoreplay.c:1435 plugins/sudoers/timestamp.c:441 -#: plugins/sudoers/tsdump.c:128 plugins/sudoers/visudo.c:922 -#, c-format -msgid "unable to open %s" -msgstr "ne eblas malfermi: %s" - -#: plugins/sudoers/cvtsudoers.c:637 plugins/sudoers/visudo.c:931 +#: plugins/sudoers/cvtsudoers.c:751 plugins/sudoers/visudo.c:958 #, c-format msgid "failed to parse %s file, unknown error" msgstr "malsukcesis analizi dosieron %s, nekonata eraro" -#: plugins/sudoers/cvtsudoers.c:645 +#: plugins/sudoers/cvtsudoers.c:759 #, c-format msgid "parse error in %s near line %d\n" msgstr "analiza eraro en %s proksime al linio %d\n" -#: plugins/sudoers/cvtsudoers.c:648 +#: plugins/sudoers/cvtsudoers.c:762 #, c-format msgid "parse error in %s\n" msgstr "analiza eraro en %s\n" -#: plugins/sudoers/cvtsudoers.c:1291 plugins/sudoers/sudoreplay.c:1124 -#: plugins/sudoers/timestamp.c:325 plugins/sudoers/timestamp.c:328 +#: plugins/sudoers/cvtsudoers.c:1486 plugins/sudoers/sudoreplay.c:1145 +#: plugins/sudoers/timestamp.c:317 plugins/sudoers/timestamp.c:320 #, c-format msgid "unable to write to %s" msgstr "ne eblas skribi al %s" -#: plugins/sudoers/cvtsudoers.c:1314 +#: plugins/sudoers/cvtsudoers.c:1509 #, c-format msgid "" "%s - convert between sudoers file formats\n" @@ -1254,7 +1698,7 @@ "%s - konverti inter dosierformoj de sudoers\n" "\n" -#: plugins/sudoers/cvtsudoers.c:1316 +#: plugins/sudoers/cvtsudoers.c:1511 msgid "" "\n" "Options:\n" @@ -1294,33 +1738,75 @@ " -s, --suppress=sekcioj demeti eligon el kelkaj sekcioj\n" " -V, --version montri informon pri versio kaj eliri" -#: plugins/sudoers/cvtsudoers_json.c:480 plugins/sudoers/cvtsudoers_json.c:514 -#: plugins/sudoers/cvtsudoers_json.c:713 -#, c-format -msgid "unknown defaults entry \"%s\"" -msgstr "en defaults estas nekonata enigo \"%s\"" - -#: plugins/sudoers/cvtsudoers_json.c:651 plugins/sudoers/cvtsudoers_json.c:664 -#: plugins/sudoers/cvtsudoers_ldif.c:346 plugins/sudoers/cvtsudoers_ldif.c:357 -#: plugins/sudoers/ldap.c:503 +#: plugins/sudoers/cvtsudoers_csv.c:452 plugins/sudoers/cvtsudoers_csv.c:466 +#: plugins/sudoers/cvtsudoers_json.c:654 plugins/sudoers/cvtsudoers_json.c:669 +#: plugins/sudoers/cvtsudoers_ldif.c:347 plugins/sudoers/cvtsudoers_ldif.c:360 +#: plugins/sudoers/ldap.c:504 msgid "unable to get GMT time" msgstr "ne eblas atingi GMT-tempon" -#: plugins/sudoers/cvtsudoers_json.c:654 plugins/sudoers/cvtsudoers_json.c:667 -#: plugins/sudoers/cvtsudoers_ldif.c:349 plugins/sudoers/cvtsudoers_ldif.c:360 -#: plugins/sudoers/ldap.c:509 +#: plugins/sudoers/cvtsudoers_csv.c:457 plugins/sudoers/cvtsudoers_csv.c:471 +#: plugins/sudoers/cvtsudoers_json.c:659 plugins/sudoers/cvtsudoers_json.c:674 +#: plugins/sudoers/cvtsudoers_ldif.c:352 plugins/sudoers/cvtsudoers_ldif.c:365 +#: plugins/sudoers/ldap.c:512 msgid "unable to format timestamp" msgstr "ne eblas aranĝi tempo-indikilon" -#: plugins/sudoers/cvtsudoers_ldif.c:640 +#: plugins/sudoers/cvtsudoers_json.c:480 plugins/sudoers/cvtsudoers_json.c:515 +#: plugins/sudoers/cvtsudoers_json.c:725 plugins/sudoers/defaults.c:189 +#, c-format +msgid "%s:%d:%d: unknown defaults entry \"%s\"" +msgstr "%s:%d:%d: nekonata ero de defaults \"%s\"" + +#: plugins/sudoers/cvtsudoers_ldif.c:649 #, c-format msgid "too many sudoers entries, maximum %u" msgstr "tro multaj enigoj de sudoers, maksimume %u" -#: plugins/sudoers/cvtsudoers_ldif.c:683 +#: plugins/sudoers/cvtsudoers_ldif.c:692 msgid "the SUDOERS_BASE environment variable is not set and the -b option was not specified." msgstr "la medivariablo SUDOERS_BASE ne estas difinita kaj la modifilo -b ne estis indikata." +#: plugins/sudoers/cvtsudoers_merge.c:438 +#, c-format +msgid "unable to find alias %s" +msgstr "ne eblas trovi alinomon: %s" + +#: plugins/sudoers/cvtsudoers_merge.c:441 +#, c-format +msgid "%s:%d:%d: renaming alias %s to %s" +msgstr "%s:%d:%d: alinomo ŝanĝiĝinta de %s al %s" + +#: plugins/sudoers/cvtsudoers_merge.c:498 +#, c-format +msgid "%s:%d:%d: removing duplicate alias %s" +msgstr "%s:%d:%d: forigas duobligitan alinomon %s" + +#: plugins/sudoers/cvtsudoers_merge.c:658 +#, c-format +msgid "%s:%d:%d: conflicting Defaults entry \"%s\" host-specific in %s:%d:%d" +msgstr "%s:%d:%d: konflikta ero Defafaults \"%s\" estas retnodo-specifa en %s:%d:%d" + +#: plugins/sudoers/cvtsudoers_merge.c:698 +#, c-format +msgid "%s:%d:%d: made Defaults \"%s\" specific to host %s" +msgstr "%s:%d:%d: Defaults-ero \"%s\" nun specifa por retnodo %s" + +#: plugins/sudoers/cvtsudoers_merge.c:718 +#, c-format +msgid "%s:%d:%d: removing Defaults \"%s\" overridden by subsequent entries" +msgstr "%s:%d:%d forigias Default-eron \"%s\" superregita de sinsekvaj eroj" + +#: plugins/sudoers/cvtsudoers_merge.c:723 +#, c-format +msgid "%s:%d:%d: unable to make Defaults \"%s\" host-specific" +msgstr "%s:%d:%d ne eblas fari, ke Defaults \"%s\" estu retnodo-specifa" + +#: plugins/sudoers/cvtsudoers_merge.c:943 +#, c-format +msgid "%s:%d:%d: removing userspec overridden by subsequent entries" +msgstr "%s:%d:%d:forigo de userspec superregita de sinsekvaj eroj" + #: plugins/sudoers/def_data.c:50 #, c-format msgid "Syslog facility if syslog is being used for logging: %s" @@ -1900,95 +2386,194 @@ msgid "The format of logs to produce: %s" msgstr "La formato de protokoloj por produkti je %s" -#: plugins/sudoers/defaults.c:185 +#: plugins/sudoers/def_data.c:574 +msgid "Enable SELinux RBAC support" +msgstr "Aktivigu regon de SELinux-RBAC" + +#: plugins/sudoers/def_data.c:578 #, c-format -msgid "%s:%d:%d: unknown defaults entry \"%s\"" -msgstr "%s:%d:%d: nekonata ero de defaults \"%s\"" +msgid "Path to the file that is created the first time sudo is run: %s" +msgstr "Vojo al la dosiero, kiu estas kreota la unan fojon, kiam sudo estas plenumiĝinta: %s" + +#: plugins/sudoers/def_data.c:582 +msgid "Intercept further commands and apply sudoers restrictions to them" +msgstr "Interkapti pluajn komandojn kaj apliki al ili limigojn el sudoers" + +#: plugins/sudoers/def_data.c:586 +msgid "Log sub-commands run by the original command" +msgstr "Protokoli subkomandojn plenumigitajn de la origina komando" + +#: plugins/sudoers/def_data.c:590 +msgid "Log the exit status of commands" +msgstr "Protokoli la eligon de komandoj" + +#: plugins/sudoers/def_data.c:594 +msgid "Subsequent commands in an intercepted session must be authenticated" +msgstr "Sinsekvaj komandoj en interkaptita seanco devas esti aŭtentigita" + +#: plugins/sudoers/def_data.c:598 +msgid "Allow an intercepted command to run set setuid or setgid programs" +msgstr "Permesi al interkaptita komando plenumi iujn setuid- aŭ setgid-programojn" + +#: plugins/sudoers/def_data.c:602 +#, c-format +msgid "The maximum size to which the process's address space may grow (in bytes): %s" +msgstr "La maksimuma grando ĝis kiu la adresspaco de la procezo rajtas kreski (laŭ bajtoj): %s" + +#: plugins/sudoers/def_data.c:606 +#, c-format +msgid "The largest size core dump file that may be created (in bytes): %s" +msgstr "La plej granda ŝuto-dosiero, kiu rajtas kreiĝi (laŭ bajtoj): %s" + +#: plugins/sudoers/def_data.c:610 +#, c-format +msgid "The maximum amount of CPU time that the process may use (in seconds): %s" +msgstr "La maksimumo da ĉefprocezora tempo, kiun procezo rajtas uzi (laŭ sekundoj): %s" + +#: plugins/sudoers/def_data.c:614 +#, c-format +msgid "The maximum size of the data segment for the process (in bytes): %s" +msgstr "La maksimuma grando de la datuma segmento por la procezo (laŭ bajtoj): %s" -#: plugins/sudoers/defaults.c:188 +#: plugins/sudoers/def_data.c:618 +#, c-format +msgid "The largest size file that the process may create (in bytes): %s" +msgstr "La plaj granda dosiero, kiun procezo rajtas krei (laŭ bajtoj): %s" + +#: plugins/sudoers/def_data.c:622 +#, c-format +msgid "The maximum number of locks that the process may establish: %s" +msgstr "La maksimuma nombro da fiksiloj, kiujn la procezo rajtas krei: %s" + +#: plugins/sudoers/def_data.c:626 +#, c-format +msgid "The maximum size that the process may lock in memory (in bytes): %s" +msgstr "La maksumima grando, kiun la procezo rajtas fiksi en memoron (laŭ bajtoj): %s" + +#: plugins/sudoers/def_data.c:630 +#, c-format +msgid "The maximum number of files that the process may have open: %s" +msgstr "La maksimuma nombro da dosieroj, kiujn la procezo rajtas teni malfermajn: %s" + +#: plugins/sudoers/def_data.c:634 +#, c-format +msgid "The maximum number of processes that the user may run simultaneously: %s" +msgstr "La maksimuma nombro da procezoj, kiujn la uzanta rajtas samtempe plenumigi: %s" + +#: plugins/sudoers/def_data.c:638 +#, c-format +msgid "The maximum size to which the process's resident set size may grow (in bytes): %s" +msgstr "La maksimuma grando ĝis kiu la loĝa aro de la procezo rajtas kreski (laŭ bajtoj): %s" + +#: plugins/sudoers/def_data.c:642 +#, c-format +msgid "The maximum size to which the process's stack may grow (in bytes): %s" +msgstr "La maksimuma grando ĝis kiu la staplo de la procezo rajtas kreski (laŭ bajtoj): %s" + +#: plugins/sudoers/defaults.c:192 #, c-format msgid "%s: unknown defaults entry \"%s\"" msgstr "%s: nekonata enigo de defaults \"%s\"" -#: plugins/sudoers/defaults.c:234 +#: plugins/sudoers/defaults.c:241 #, c-format msgid "%s:%d:%d: no value specified for \"%s\"" msgstr "%s:%d:%d: neniu valoro indikita por \"%s\"" -#: plugins/sudoers/defaults.c:237 +#: plugins/sudoers/defaults.c:244 #, c-format msgid "%s: no value specified for \"%s\"" msgstr "%s: neniu valoro indikita por \"%s\"" -#: plugins/sudoers/defaults.c:275 +#: plugins/sudoers/defaults.c:257 +#, c-format +msgid "%s:%d:%d: invalid operator \"%c=\" for \"%s\"" +msgstr "%s:%d:%d: nevalida operatoro \"%c=\" por \"%s\"" + +#: plugins/sudoers/defaults.c:260 +#, c-format +msgid "%s: invalid operator \"%c=\" for \"%s\"" +msgstr "%s: nevalida operator \"%c=\" por \"%s\"" + +#: plugins/sudoers/defaults.c:296 #, c-format msgid "%s:%d:%d: option \"%s\" does not take a value" msgstr "%s:%d:%d: parametro \"%s\" ne povas havi valoron" -#: plugins/sudoers/defaults.c:278 +#: plugins/sudoers/defaults.c:299 #, c-format msgid "%s: option \"%s\" does not take a value" msgstr "%s: parametro \"%s\" ne povas havi valoron" -#: plugins/sudoers/defaults.c:303 +#: plugins/sudoers/defaults.c:327 #, c-format msgid "%s:%d:%d: invalid Defaults type 0x%x for option \"%s\"" msgstr "%s:%d:%d: malvalida Defaults-tipo 0x%x por parametro \"%s\"" -#: plugins/sudoers/defaults.c:306 +#: plugins/sudoers/defaults.c:330 #, c-format msgid "%s: invalid Defaults type 0x%x for option \"%s\"" msgstr "%s: malvalida Defaults-tipo 0x%x por parametro \"%s\"" -#: plugins/sudoers/defaults.c:316 +#: plugins/sudoers/defaults.c:340 #, c-format msgid "%s:%d:%d: value \"%s\" is invalid for option \"%s\"" msgstr "%s:%d:%d: valoro \"%s\" estas malvalida por parametro \"%s\"" -#: plugins/sudoers/defaults.c:319 +#: plugins/sudoers/defaults.c:343 #, c-format msgid "%s: value \"%s\" is invalid for option \"%s\"" msgstr "%s: valoro \"%s\" estas malvalida por parametro \"%s\"" -#: plugins/sudoers/defaults.c:1030 +#: plugins/sudoers/defaults.c:1124 +#, c-format +msgid "%s:%d:%d: path name for \"%s\" too long" +msgstr "%s:%d:%d: vojnomo por \"%s\" tro longas" + +#: plugins/sudoers/defaults.c:1127 +#, c-format +msgid "%s: path name for \"%s\" too long" +msgstr "%s: vojnomo por \"%s\" tro longas" + +#: plugins/sudoers/defaults.c:1138 #, c-format msgid "%s:%d:%d: values for \"%s\" must start with a '/', '~', or '*'" msgstr "%s:%d:%d: valoroj por \"%s\" devas komenciĝi per '/', '~' aŭ '*'" -#: plugins/sudoers/defaults.c:1034 +#: plugins/sudoers/defaults.c:1142 #, c-format msgid "%s: values for \"%s\" must start with a '/', '~', or '*'" msgstr "%s: valoroj por \"%s\" devas komenciĝi per '/', '~' aŭ '*'" -#: plugins/sudoers/defaults.c:1045 +#: plugins/sudoers/defaults.c:1153 #, c-format msgid "%s:%d:%d: values for \"%s\" must start with a '/'" msgstr "%s:%d:%d: valoroj por \"%s\" devas komenciĝi per '/'" -#: plugins/sudoers/defaults.c:1049 +#: plugins/sudoers/defaults.c:1157 #, c-format msgid "%s: values for \"%s\" must start with a '/'" msgstr "%s: valoroj por \"%s\" devas komenciĝi per '/'" -#: plugins/sudoers/env.c:405 +#: plugins/sudoers/env.c:412 msgid "sudo_putenv: corrupted envp, length mismatch" msgstr "sudo_putenv: medio tro granda" -#: plugins/sudoers/env.c:1133 +#: plugins/sudoers/env.c:1095 msgid "unable to rebuild the environment" msgstr "ne eblas rekonstrui la medion" -#: plugins/sudoers/env.c:1207 +#: plugins/sudoers/env.c:1169 #, c-format msgid "sorry, you are not allowed to set the following environment variables: %s" msgstr "bedaŭre vi ne estas permesata valorizi la jenajn medivariablojn: %s" -#: plugins/sudoers/file.c:107 +#: plugins/sudoers/file.c:108 #, c-format msgid "parse error in %s near line %d" msgstr "analiza eraro en %s proksime al linio %d" -#: plugins/sudoers/file.c:110 +#: plugins/sudoers/file.c:111 #, c-format msgid "parse error in %s" msgstr "analiza eraro en %s" @@ -2013,7 +2598,7 @@ msgid "%s must only be writable by owner" msgstr "%s devas esti skribebla nur de estro" -#: plugins/sudoers/group_plugin.c:96 plugins/sudoers/sssd.c:569 +#: plugins/sudoers/group_plugin.c:96 plugins/sudoers/sssd.c:566 #, c-format msgid "unable to load %s: %s" msgstr "ne eblas ŝarĝi je %s: %s" @@ -2028,56 +2613,51 @@ msgid "%s: incompatible group plugin major version %d, expected %d" msgstr "%s: nekongrua grupa kromprogramo: ĉefa eldono %d, atendita %d" -#: plugins/sudoers/interfaces.c:80 plugins/sudoers/interfaces.c:97 +#: plugins/sudoers/interfaces.c:76 plugins/sudoers/interfaces.c:93 #, c-format msgid "unable to parse IP address \"%s\"" msgstr "ne eblas trakti IP-adreson \"%s\"" -#: plugins/sudoers/interfaces.c:85 plugins/sudoers/interfaces.c:102 +#: plugins/sudoers/interfaces.c:81 plugins/sudoers/interfaces.c:98 #, c-format msgid "unable to parse netmask \"%s\"" msgstr "ne eblas trakti retmaskon \"%s\"" -#: plugins/sudoers/interfaces.c:130 +#: plugins/sudoers/interfaces.c:126 msgid "Local IP address and netmask pairs:\n" msgstr "Loka IP-adresa kaj retmaska paroj:\n" -#: plugins/sudoers/iolog.c:143 plugins/sudoers/sudoers.c:445 -#: plugins/sudoers/sudoers.c:1341 plugins/sudoers/testsudoers.c:410 -#, c-format -msgid "unknown group: %s" -msgstr "nekonata grupo: %s" - -#: plugins/sudoers/iolog.c:622 +#: plugins/sudoers/iolog.c:626 msgid "unable to update sequence file" msgstr "ne eblas ĝisdatigi sinsekvan dosieron" -#: plugins/sudoers/iolog.c:653 plugins/sudoers/iolog.c:841 -#: plugins/sudoers/iolog.c:994 plugins/sudoers/iolog.c:1001 -#: plugins/sudoers/iolog.c:1122 plugins/sudoers/iolog.c:1129 -#: plugins/sudoers/iolog.c:1228 plugins/sudoers/iolog.c:1235 +#: plugins/sudoers/iolog.c:660 plugins/sudoers/iolog.c:848 +#: plugins/sudoers/iolog.c:1001 plugins/sudoers/iolog.c:1008 +#: plugins/sudoers/iolog.c:1129 plugins/sudoers/iolog.c:1136 +#: plugins/sudoers/iolog.c:1235 plugins/sudoers/iolog.c:1242 #, c-format msgid "unable to write to I/O log file: %s" msgstr "ne eblas skribi al eneliga protokoldosiero: %s" -#: plugins/sudoers/iolog.c:661 +#: plugins/sudoers/iolog.c:668 #, c-format msgid "unable to create %s/%s" msgstr "ne eblas krei: %s/%s" -#: plugins/sudoers/iolog.c:886 +#: plugins/sudoers/iolog.c:893 #, c-format msgid "%s: internal error, I/O log file for event %d not open" msgstr "%s: interna eraro, protokola dosiero de en/eligo por evento %d ne estas malferma" -#: plugins/sudoers/iolog.c:979 plugins/sudoers/iolog.c:1107 -#: plugins/sudoers/iolog.c:1212 plugins/sudoers/timestamp.c:855 -#: plugins/sudoers/timestamp.c:947 plugins/sudoers/visudo.c:493 -#: plugins/sudoers/visudo.c:499 +#: plugins/sudoers/iolog.c:986 plugins/sudoers/iolog.c:1114 +#: plugins/sudoers/iolog.c:1219 plugins/sudoers/timestamp.c:849 +#: plugins/sudoers/timestamp.c:941 plugins/sudoers/visudo.c:510 +#: plugins/sudoers/visudo.c:516 msgid "unable to read the clock" msgstr "ne eblas legi la horloĝon" -#: plugins/sudoers/iolog.c:1204 plugins/sudoers/log_client.c:1193 +#: plugins/sudoers/iolog.c:1211 plugins/sudoers/log_client.c:1221 +#: plugins/sudoers/log_client.c:1231 plugins/sudoers/log_client.c:1235 #, c-format msgid "%s: internal error, invalid signal %d" msgstr "%s: interna eraro, malvalida signalo %d" @@ -2096,16 +2676,16 @@ msgid "you must set TLS_CERT in %s to use SSL" msgstr "por uzi SSL, TLS_CERT devas havi valoron en %s" -#: plugins/sudoers/ldap.c:1660 +#: plugins/sudoers/ldap.c:1663 #, c-format msgid "unable to initialize LDAP: %s" msgstr "ne eblas ekigi LDAP-on: %s" -#: plugins/sudoers/ldap.c:1697 +#: plugins/sudoers/ldap.c:1700 msgid "start_tls specified but LDAP libs do not support ldap_start_tls_s() or ldap_start_tls_s_np()" msgstr "start_tls specifita sed LDAP-bibliotekoj ne havas la funkciojn ldap_start_tls_s() kaj ldap_start_tls_s_np()" -#: plugins/sudoers/ldap.c:1834 plugins/sudoers/parse_ldif.c:744 +#: plugins/sudoers/ldap.c:1837 plugins/sudoers/parse_ldif.c:747 #, c-format msgid "invalid sudoOrder attribute: %s" msgstr "malvalida atributo de sudoOrder: %s" @@ -2124,100 +2704,132 @@ msgid "unable to mix ldap and ldaps URIs" msgstr "ne eblas miksi sekurajn kaj nesekurajn retadresojn de LDAP" -#: plugins/sudoers/ldap_util.c:553 plugins/sudoers/ldap_util.c:555 +#: plugins/sudoers/ldap_util.c:498 plugins/sudoers/ldap_util.c:505 +#: plugins/sudoers/ldap_util.c:513 plugins/sudoers/ldap_util.c:522 +#: plugins/sudoers/ldap_util.c:530 plugins/sudoers/ldap_util.c:540 +#: plugins/sudoers/ldap_util.c:548 +#, c-format +msgid "duplicate sudoOption: %s%s%s" +msgstr "ne eblas duobligi sudoOption: %s%s%s" + +#: plugins/sudoers/ldap_util.c:567 plugins/sudoers/ldap_util.c:569 #, c-format msgid "unable to convert sudoOption: %s%s%s" msgstr "ne eblas konverti sudoOption: %s%s%s" -#: plugins/sudoers/linux_audit.c:58 +#: plugins/sudoers/linux_audit.c:58 plugins/sudoers/linux_audit.c:60 msgid "unable to open audit system" msgstr "ne eblas malfermi revizian sistemon" -#: plugins/sudoers/linux_audit.c:101 +#: plugins/sudoers/linux_audit.c:103 msgid "unable to send audit message" msgstr "ne eblas sendi revizian mesaĝon" -#: plugins/sudoers/log_client.c:113 plugins/sudoers/log_client.c:391 -#: plugins/sudoers/log_client.c:1431 plugins/sudoers/log_client.c:2023 +#: plugins/sudoers/log_client.c:120 plugins/sudoers/log_client.c:400 +#: plugins/sudoers/log_client.c:1468 plugins/sudoers/log_client.c:2070 msgid "error in event loop" msgstr "eraro en evento-iteracio" -#: plugins/sudoers/log_client.c:193 +#: plugins/sudoers/log_client.c:200 #, c-format msgid "Creation of new SSL_CTX object failed: %s" msgstr "Kreiĝo de nova objekto SSL_CTX malsukcesis: %s" -#: plugins/sudoers/log_client.c:345 plugins/sudoers/log_client.c:350 +#: plugins/sudoers/log_client.c:223 +#, c-format +msgid "unable to load certificate authority bundle %s" +msgstr "Ne eblas ŝargi aŭtoritatan atestilaron: %s" + +#: plugins/sudoers/log_client.c:243 +#, c-format +msgid "unable to load certificate %s" +msgstr "ne eblas ŝargi atestilon %s" + +#: plugins/sudoers/log_client.c:256 +#, c-format +msgid "unable to load private key %s" +msgstr "ne eblas ŝarĝi privatŝlosilon %s" + +#: plugins/sudoers/log_client.c:265 +#, c-format +msgid "Unable to allocate ssl object: %s" +msgstr "Ne eblas generi SSL-objekton: %s" + +#: plugins/sudoers/log_client.c:353 plugins/sudoers/log_client.c:358 #, c-format msgid "TLS connection to %s:%s failed: %s" msgstr "TLS-konekto al %s:%s malsukcesis: %s" -#: plugins/sudoers/log_client.c:519 +#: plugins/sudoers/log_client.c:531 msgid "TLS initialization was unsuccessful" msgstr "TLS-komenciĝo malsukcesis" -#: plugins/sudoers/log_client.c:528 +#: plugins/sudoers/log_client.c:541 msgid "TLS handshake was unsuccessful" msgstr "TLS-manpremo malsukcesis" -#: plugins/sudoers/log_client.c:1202 +#: plugins/sudoers/log_client.c:1239 #, c-format msgid "%s: internal error, invalid exit status %d" msgstr "%s: interna eraro, malvalida finiĝo-stato %d" -#: plugins/sudoers/log_client.c:1738 +#: plugins/sudoers/log_client.c:1608 +msgid "unable to unpack ServerMessage" +msgstr "neelpakebla ServerMessage" + +#: plugins/sudoers/log_client.c:1763 plugins/sudoers/log_client.c:1787 msgid "lost connection to log server" msgstr "konekto al protokolo-servilo perdita" -#: plugins/sudoers/log_client.c:1815 +#: plugins/sudoers/log_client.c:1864 msgid "missing write buffer" msgstr "mankanta skribobufo" -#: plugins/sudoers/log_client.c:1964 +#: plugins/sudoers/log_client.c:2011 msgid "unable to connect to log server" msgstr "ne eblas konektiĝi al protokolo-servilo" -#: plugins/sudoers/logging.c:244 +#: plugins/sudoers/logging.c:286 msgid "user NOT in sudoers" msgstr "uzanto NE estas en sudoers" -#: plugins/sudoers/logging.c:246 +#: plugins/sudoers/logging.c:288 msgid "user NOT authorized on host" msgstr "uzanto NE permesata en gastiganto" -#: plugins/sudoers/logging.c:248 +#: plugins/sudoers/logging.c:290 msgid "command not allowed" msgstr "komando ne permesata" -#: plugins/sudoers/logging.c:269 +#: plugins/sudoers/logging.c:311 #, c-format msgid "%s is not in the sudoers file. This incident will be reported.\n" msgstr "%s ne estas en la dosiero sudoers. Ĉi tiu estos raportita.\n" -#: plugins/sudoers/logging.c:272 +#: plugins/sudoers/logging.c:314 #, c-format msgid "%s is not allowed to run sudo on %s. This incident will be reported.\n" msgstr "%s ne estas permesata plenumigi sudo-on en %s. Ĉi tio estos raportita.\n" -#: plugins/sudoers/logging.c:276 +#: plugins/sudoers/logging.c:318 #, c-format msgid "Sorry, user %s may not run sudo on %s.\n" msgstr "Bedaŭre uzanto %s ne rajtas plenumigi sudo en %s.\n" -#: plugins/sudoers/logging.c:279 +#: plugins/sudoers/logging.c:321 #, c-format msgid "Sorry, user %s is not allowed to execute '%s%s%s' as %s%s%s on %s.\n" msgstr "Bedaŭre uzanto %s ne rajtas plenumigi '%s%s%s' kiel %s%s%s en %s.\n" -#: plugins/sudoers/logging.c:316 plugins/sudoers/sudoers.c:583 -#: plugins/sudoers/sudoers.c:585 plugins/sudoers/sudoers.c:587 -#: plugins/sudoers/sudoers.c:589 plugins/sudoers/sudoers.c:739 -#: plugins/sudoers/sudoers.c:741 +#: plugins/sudoers/logging.c:358 plugins/sudoers/sudoers.c:629 +#: plugins/sudoers/sudoers.c:631 plugins/sudoers/sudoers.c:633 +#: plugins/sudoers/sudoers.c:635 plugins/sudoers/sudoers.c:785 +#: plugins/sudoers/sudoers.c:787 #, c-format msgid "%s: command not found" msgstr "%s: komando ne trovita" -#: plugins/sudoers/logging.c:318 plugins/sudoers/sudoers.c:579 +#: plugins/sudoers/logging.c:360 plugins/sudoers/sudoers.c:625 #, c-format msgid "" "ignoring \"%s\" found in '.'\n" @@ -2226,27 +2838,22 @@ "ni malatentas \"%s\" trovita en '.'\n" "Uzu \"sudo ./%s\" se tio estas la \"%s\" , kiun vi volas plenumigi." -#: plugins/sudoers/logging.c:337 +#: plugins/sudoers/logging.c:379 #, c-format msgid "%u incorrect password attempt" msgid_plural "%u incorrect password attempts" msgstr[0] "%u malĝusta pasvorta provo" msgstr[1] "%u malĝustaj pasvortaj provoj" -#: plugins/sudoers/logging.c:393 +#: plugins/sudoers/logging.c:435 msgid "authentication failure" msgstr "aŭtentiga malsukceso" -#: plugins/sudoers/logging.c:433 plugins/sudoers/logging.c:453 +#: plugins/sudoers/logging.c:475 plugins/sudoers/logging.c:495 msgid "a password is required" msgstr "pasvorto estas bezonata" -#: plugins/sudoers/logging.c:729 -#, c-format -msgid "unable to open log file: %s" -msgstr "ne eblas malfermi protokolon: %s" - -#: plugins/sudoers/logging.c:762 +#: plugins/sudoers/logging.c:889 #, c-format msgid "unable to write log file: %s" msgstr "ne eblas skribi al protokolo: %s" @@ -2256,7 +2863,15 @@ msgid "digest for %s (%s) is not in %s form" msgstr "resumo por %s (%s) ne estas laŭ la formo %s" -#: plugins/sudoers/parse.c:518 +#: plugins/sudoers/parse.c:233 +msgid "SELinux RBAC is not supported when intercept mode is enabled" +msgstr "SeLinux-RBAC ne estas regata dum interkapta reĝimo estas aktiva" + +#: plugins/sudoers/parse.c:238 +msgid "SELinux RBAC is not supported when the log_subcmds flag is enabled" +msgstr "SELinux RBAC ne estas regata dum la flago log_subcmds estas aktiva" + +#: plugins/sudoers/parse.c:549 #, c-format msgid "" "\n" @@ -2265,7 +2880,7 @@ "\n" "LDAP-rolo: %s\n" -#: plugins/sudoers/parse.c:521 +#: plugins/sudoers/parse.c:552 msgid "" "\n" "Sudoers entry:\n" @@ -2273,104 +2888,115 @@ "\n" "Ero en sudoers:\n" -#: plugins/sudoers/parse.c:523 +#: plugins/sudoers/parse.c:554 msgid " RunAsUsers: " msgstr " RunAsUsers: " -#: plugins/sudoers/parse.c:538 +#: plugins/sudoers/parse.c:569 msgid " RunAsGroups: " msgstr " RunAsGroups: " -#: plugins/sudoers/parse.c:548 +#: plugins/sudoers/parse.c:579 msgid " Options: " msgstr " Modifiloj: " -#: plugins/sudoers/parse.c:602 +#: plugins/sudoers/parse.c:643 msgid " Commands:\n" msgstr " Komandoj:\n" -#: plugins/sudoers/parse.c:793 +#: plugins/sudoers/parse.c:834 #, c-format msgid "Matching Defaults entries for %s on %s:\n" msgstr "Kongruantaj eroj de Defaults: %s en %s:\n" -#: plugins/sudoers/parse.c:811 +#: plugins/sudoers/parse.c:852 #, c-format msgid "Runas and Command-specific defaults for %s:\n" msgstr "Plenumigkiela komando-specifaj aŭtomataĵoj por %s:\n" -#: plugins/sudoers/parse.c:829 +#: plugins/sudoers/parse.c:870 #, c-format msgid "User %s may run the following commands on %s:\n" msgstr "Uzanto %s rajtas plenumigi la jenajn komandojn en %s:\n" -#: plugins/sudoers/parse.c:844 +#: plugins/sudoers/parse.c:885 #, c-format msgid "User %s is not allowed to run sudo on %s.\n" msgstr "Uzanto %s ne rajtas plenumigi sudo-on en %s.\n" -#: plugins/sudoers/parse_ldif.c:614 +#: plugins/sudoers/parse_ldif.c:617 #, c-format msgid "ignoring incomplete sudoRole: cn: %s" msgstr "ni preteratentas malkompletan sudoRole: cn: %s" -#: plugins/sudoers/parse_ldif.c:674 +#: plugins/sudoers/parse_ldif.c:677 #, c-format msgid "invalid LDIF attribute: %s" msgstr "malvalida LDIF-atributo: %s" -#: plugins/sudoers/policy.c:78 plugins/sudoers/policy.c:102 +#: plugins/sudoers/policy.c:80 plugins/sudoers/policy.c:111 #, c-format msgid "invalid %.*s set by sudo front-end" msgstr "malvalida %.*s difinita de sudo-fasado" -#: plugins/sudoers/policy.c:310 plugins/sudoers/testsudoers.c:272 +#: plugins/sudoers/policy.c:206 plugins/sudoers/policy.c:215 +#, c-format +msgid "path name for \"%s\" too long" +msgstr "vojnomo por \"%s\" tro longas" + +#: plugins/sudoers/policy.c:328 plugins/sudoers/testsudoers.c:268 msgid "unable to parse network address list" msgstr "ne eblas trakti reto-adresan liston" -#: plugins/sudoers/policy.c:455 +#: plugins/sudoers/policy.c:479 msgid "user name not set by sudo front-end" msgstr "uzantnomo ne difinita de sudo-fasado" -#: plugins/sudoers/policy.c:459 +#: plugins/sudoers/policy.c:483 msgid "user-ID not set by sudo front-end" msgstr "uzanto-ID ne difinita de sudo-fasado" -#: plugins/sudoers/policy.c:463 +#: plugins/sudoers/policy.c:487 msgid "group-ID not set by sudo front-end" msgstr "grupo-ID ne difinita de sudo-fasado" -#: plugins/sudoers/policy.c:467 +#: plugins/sudoers/policy.c:491 msgid "host name not set by sudo front-end" msgstr "gastiganta nomo ne difinita de sudo-fasado" -#: plugins/sudoers/policy.c:643 +#: plugins/sudoers/policy.c:693 #, c-format msgid "invalid working directory: %s" msgstr "nevalida kuranta dosierujo: %s" -#: plugins/sudoers/policy.c:811 +#: plugins/sudoers/policy.c:869 #, c-format msgid "invalid chroot directory: %s" msgstr "malvalida chroot-dosierujo: %s" -#: plugins/sudoers/policy.c:947 plugins/sudoers/visudo.c:231 -#: plugins/sudoers/visudo.c:860 +#: plugins/sudoers/policy.c:1051 plugins/sudoers/visudo.c:243 +#: plugins/sudoers/visudo.c:880 #, c-format msgid "unable to execute %s" msgstr "ne eblas plenumigi: %s" -#: plugins/sudoers/policy.c:1111 +#: plugins/sudoers/policy.c:1121 plugins/sudoers/policy.c:1158 +#: plugins/sudoers/policy.c:1180 plugins/sudoers/policy.c:1206 +#, c-format +msgid "%s: invalid mode flags from sudo front end: 0x%x" +msgstr "%s: nevalidaj reĝimaj flagoj el la fasado de sudo: 0x%x" + +#: plugins/sudoers/policy.c:1237 #, c-format msgid "Sudoers policy plugin version %s\n" msgstr "Eldono %s de la konduta kromprogramo\n" -#: plugins/sudoers/policy.c:1113 +#: plugins/sudoers/policy.c:1239 #, c-format msgid "Sudoers file grammar version %d\n" msgstr "Eldono %d de la gramatikilo de sudoers\n" -#: plugins/sudoers/policy.c:1117 +#: plugins/sudoers/policy.c:1243 #, c-format msgid "" "\n" @@ -2379,132 +3005,137 @@ "\n" "Vojo de sudoers: %s\n" -#: plugins/sudoers/policy.c:1120 +#: plugins/sudoers/policy.c:1246 #, c-format msgid "nsswitch path: %s\n" msgstr "vojo de nsswitch: %s\n" -#: plugins/sudoers/policy.c:1122 +#: plugins/sudoers/policy.c:1248 #, c-format msgid "ldap.conf path: %s\n" msgstr "vojo de ldap.conf: %s\n" -#: plugins/sudoers/policy.c:1123 +#: plugins/sudoers/policy.c:1249 #, c-format msgid "ldap.secret path: %s\n" msgstr "vojo de ldap.secret: %s\n" -#: plugins/sudoers/policy.c:1156 +#: plugins/sudoers/policy.c:1282 #, c-format msgid "unable to register hook of type %d (version %d.%d)" msgstr "ne eblas registri hokon el tipo %d (versio %d.%d)" -#: plugins/sudoers/pwutil.c:217 plugins/sudoers/pwutil.c:235 +#: plugins/sudoers/policy.c:1300 +#, c-format +msgid "unable to deregister hook of type %d (version %d.%d)" +msgstr "ne eblas malregistri hokon el tipo %d (versio %d.%d)" + +#: plugins/sudoers/pwutil.c:222 plugins/sudoers/pwutil.c:240 #, c-format msgid "unable to cache uid %u" msgstr "ne eblas konservi uid-on %u" -#: plugins/sudoers/pwutil.c:229 +#: plugins/sudoers/pwutil.c:234 #, c-format msgid "unable to cache uid %u, already exists" msgstr "ne eblas konservi uid-on %u, jam ekzistas" -#: plugins/sudoers/pwutil.c:289 plugins/sudoers/pwutil.c:307 -#: plugins/sudoers/pwutil.c:370 plugins/sudoers/pwutil.c:415 +#: plugins/sudoers/pwutil.c:294 plugins/sudoers/pwutil.c:312 +#: plugins/sudoers/pwutil.c:375 plugins/sudoers/pwutil.c:420 #, c-format msgid "unable to cache user %s" msgstr "ne eblas krei tenejan uzanton: %s" -#: plugins/sudoers/pwutil.c:302 +#: plugins/sudoers/pwutil.c:307 #, c-format msgid "unable to cache user %s, already exists" msgstr "ne eblas konservi uzanton %s, jam ekzistas" -#: plugins/sudoers/pwutil.c:534 plugins/sudoers/pwutil.c:552 +#: plugins/sudoers/pwutil.c:539 plugins/sudoers/pwutil.c:557 #, c-format msgid "unable to cache gid %u" msgstr "ne eblas konservi gid-on %u" -#: plugins/sudoers/pwutil.c:546 +#: plugins/sudoers/pwutil.c:551 #, c-format msgid "unable to cache gid %u, already exists" msgstr "ne eblas konservi gid-on %u, jam ekzistas" -#: plugins/sudoers/pwutil.c:599 plugins/sudoers/pwutil.c:617 -#: plugins/sudoers/pwutil.c:665 plugins/sudoers/pwutil.c:707 +#: plugins/sudoers/pwutil.c:605 plugins/sudoers/pwutil.c:623 +#: plugins/sudoers/pwutil.c:684 plugins/sudoers/pwutil.c:733 #, c-format msgid "unable to cache group %s" msgstr "ne eblas konservi grupon %s" -#: plugins/sudoers/pwutil.c:612 +#: plugins/sudoers/pwutil.c:618 #, c-format msgid "unable to cache group %s, already exists" msgstr "ne eblas konservi grupon %s, jam ekzistas" -#: plugins/sudoers/pwutil.c:834 plugins/sudoers/pwutil.c:885 -#: plugins/sudoers/pwutil.c:935 plugins/sudoers/pwutil.c:987 +#: plugins/sudoers/pwutil.c:880 plugins/sudoers/pwutil.c:931 +#: plugins/sudoers/pwutil.c:981 plugins/sudoers/pwutil.c:1033 #, c-format msgid "unable to cache group list for %s, already exists" msgstr "ne eblas konservi grupan liston por %s, jam ekzistas" -#: plugins/sudoers/pwutil.c:840 plugins/sudoers/pwutil.c:890 -#: plugins/sudoers/pwutil.c:941 plugins/sudoers/pwutil.c:992 +#: plugins/sudoers/pwutil.c:886 plugins/sudoers/pwutil.c:936 +#: plugins/sudoers/pwutil.c:987 plugins/sudoers/pwutil.c:1038 #, c-format msgid "unable to cache group list for %s" msgstr "ne eblas konservi grupliston por %s" -#: plugins/sudoers/pwutil.c:879 +#: plugins/sudoers/pwutil.c:925 #, c-format msgid "unable to parse groups for %s" msgstr "ne eblas trakti grupon en %s" -#: plugins/sudoers/pwutil.c:981 +#: plugins/sudoers/pwutil.c:1027 #, c-format msgid "unable to parse gids for %s" msgstr "ne eblas trakti gids por %s" -#: plugins/sudoers/set_perms.c:114 plugins/sudoers/set_perms.c:441 -#: plugins/sudoers/set_perms.c:844 plugins/sudoers/set_perms.c:1150 -#: plugins/sudoers/set_perms.c:1444 +#: plugins/sudoers/set_perms.c:114 plugins/sudoers/set_perms.c:445 +#: plugins/sudoers/set_perms.c:852 plugins/sudoers/set_perms.c:1162 +#: plugins/sudoers/set_perms.c:1460 msgid "perm stack overflow" msgstr "permeso-staka troo" -#: plugins/sudoers/set_perms.c:122 plugins/sudoers/set_perms.c:372 -#: plugins/sudoers/set_perms.c:449 plugins/sudoers/set_perms.c:711 -#: plugins/sudoers/set_perms.c:852 plugins/sudoers/set_perms.c:1074 -#: plugins/sudoers/set_perms.c:1158 plugins/sudoers/set_perms.c:1377 -#: plugins/sudoers/set_perms.c:1452 plugins/sudoers/set_perms.c:1542 +#: plugins/sudoers/set_perms.c:125 plugins/sudoers/set_perms.c:376 +#: plugins/sudoers/set_perms.c:456 plugins/sudoers/set_perms.c:719 +#: plugins/sudoers/set_perms.c:863 plugins/sudoers/set_perms.c:1086 +#: plugins/sudoers/set_perms.c:1173 plugins/sudoers/set_perms.c:1393 +#: plugins/sudoers/set_perms.c:1471 plugins/sudoers/set_perms.c:1562 msgid "perm stack underflow" msgstr "permeso-staka maltroo" -#: plugins/sudoers/set_perms.c:181 plugins/sudoers/set_perms.c:495 -#: plugins/sudoers/set_perms.c:1211 plugins/sudoers/set_perms.c:1485 +#: plugins/sudoers/set_perms.c:185 plugins/sudoers/set_perms.c:503 +#: plugins/sudoers/set_perms.c:1227 plugins/sudoers/set_perms.c:1505 msgid "unable to change to root gid" msgstr "ne eblas ŝanĝi al radika gid" -#: plugins/sudoers/set_perms.c:272 plugins/sudoers/set_perms.c:592 -#: plugins/sudoers/set_perms.c:983 plugins/sudoers/set_perms.c:1288 +#: plugins/sudoers/set_perms.c:276 plugins/sudoers/set_perms.c:600 +#: plugins/sudoers/set_perms.c:995 plugins/sudoers/set_perms.c:1304 msgid "unable to change to runas gid" msgstr "ne eblas ŝanĝi al plenumigkiela gid" -#: plugins/sudoers/set_perms.c:277 plugins/sudoers/set_perms.c:597 -#: plugins/sudoers/set_perms.c:988 plugins/sudoers/set_perms.c:1293 +#: plugins/sudoers/set_perms.c:281 plugins/sudoers/set_perms.c:605 +#: plugins/sudoers/set_perms.c:1000 plugins/sudoers/set_perms.c:1309 msgid "unable to set runas group vector" msgstr "ne eblas elekti vektoron de plenumigkiela grupo" -#: plugins/sudoers/set_perms.c:288 plugins/sudoers/set_perms.c:608 -#: plugins/sudoers/set_perms.c:997 plugins/sudoers/set_perms.c:1302 +#: plugins/sudoers/set_perms.c:292 plugins/sudoers/set_perms.c:616 +#: plugins/sudoers/set_perms.c:1009 plugins/sudoers/set_perms.c:1318 msgid "unable to change to runas uid" msgstr "ne eblas ŝanĝi al plenumigkiela uid" -#: plugins/sudoers/set_perms.c:306 plugins/sudoers/set_perms.c:626 -#: plugins/sudoers/set_perms.c:1013 plugins/sudoers/set_perms.c:1318 +#: plugins/sudoers/set_perms.c:310 plugins/sudoers/set_perms.c:634 +#: plugins/sudoers/set_perms.c:1025 plugins/sudoers/set_perms.c:1334 msgid "unable to change to sudoers gid" msgstr "ne eblas ŝanĝi al gid de sudo-redaktantoj" -#: plugins/sudoers/set_perms.c:359 plugins/sudoers/set_perms.c:698 -#: plugins/sudoers/set_perms.c:1061 plugins/sudoers/set_perms.c:1364 -#: plugins/sudoers/set_perms.c:1529 +#: plugins/sudoers/set_perms.c:363 plugins/sudoers/set_perms.c:706 +#: plugins/sudoers/set_perms.c:1073 plugins/sudoers/set_perms.c:1380 +#: plugins/sudoers/set_perms.c:1549 msgid "too many processes" msgstr "tro da procezoj" @@ -2522,259 +3153,273 @@ msgid "truncated audit path argv[0]: %s" msgstr "tranĉita ekzamen-vojo argv[0]: %s" -#: plugins/sudoers/sssd.c:572 +#: plugins/sudoers/sssd.c:569 msgid "unable to initialize SSS source. Is SSSD installed on your machine?" msgstr "ne eblas ekigi SSS-fonton. Ĉu SSSD estas instalita en via maŝino?" -#: plugins/sudoers/sssd.c:580 plugins/sudoers/sssd.c:589 -#: plugins/sudoers/sssd.c:598 plugins/sudoers/sssd.c:607 -#: plugins/sudoers/sssd.c:616 +#: plugins/sudoers/sssd.c:577 plugins/sudoers/sssd.c:586 +#: plugins/sudoers/sssd.c:595 plugins/sudoers/sssd.c:604 +#: plugins/sudoers/sssd.c:613 #, c-format msgid "unable to find symbol \"%s\" in %s" msgstr "ne eblas trovi simbolon \"%s\" en %s" -#: plugins/sudoers/sudoers.c:214 plugins/sudoers/sudoers.c:1010 +#: plugins/sudoers/sudoers.c:166 plugins/sudoers/sudoers.c:174 +#: plugins/sudoers/sudoers.c:228 plugins/sudoers/sudoers.c:249 +#: plugins/sudoers/sudoers.c:1049 msgid "problem with defaults entries" msgstr "problemoj kun aŭtomataj eroj" -#: plugins/sudoers/sudoers.c:218 +#: plugins/sudoers/sudoers.c:253 msgid "no valid sudoers sources found, quitting" msgstr "ne validaj fontotekstoj de sudoers trovita, ĉesiganta" -#: plugins/sudoers/sudoers.c:292 +#: plugins/sudoers/sudoers.c:327 #, c-format msgid "user not allowed to change root directory to %s" msgstr "uzanto ne rajtas ŝanĝi radikan dosierujon al %s" -#: plugins/sudoers/sudoers.c:294 +#: plugins/sudoers/sudoers.c:329 #, c-format msgid "you are not permitted to use the -R option with %s" msgstr "vi ne rajtas uzi la parametron -R kun %s" -#: plugins/sudoers/sudoers.c:319 +#: plugins/sudoers/sudoers.c:354 #, c-format msgid "user not allowed to change directory to %s" msgstr "uzanto ne rajtas ŝanĝi dosierujon al %s" -#: plugins/sudoers/sudoers.c:320 +#: plugins/sudoers/sudoers.c:355 #, c-format msgid "you are not permitted to use the -D option with %s" msgstr "vi ne rajtas uzi la parametron -D kun %s" -#: plugins/sudoers/sudoers.c:351 +#: plugins/sudoers/sudoers.c:382 +msgid "no command specified" +msgstr "Neniu komando donita" + +#: plugins/sudoers/sudoers.c:407 msgid "sudoers specifies that root is not allowed to sudo" msgstr "sudoers specifas, ke ĉefuzanto ne rajtas sudo-i" -#: plugins/sudoers/sudoers.c:411 +#: plugins/sudoers/sudoers.c:457 msgid "user not allowed to override closefrom limit" msgstr "uzanto ne permesata superregi la limigon de closefrom" -#: plugins/sudoers/sudoers.c:412 +#: plugins/sudoers/sudoers.c:458 msgid "you are not permitted to use the -C option" msgstr "vi ne rajtas uzi la parametron -C" -#: plugins/sudoers/sudoers.c:472 +#: plugins/sudoers/sudoers.c:518 #, c-format msgid "timestamp owner (%s): No such user" msgstr "tempo-indikila posedanto (%s): Nenia uzanto" -#: plugins/sudoers/sudoers.c:487 +#: plugins/sudoers/sudoers.c:533 msgid "no tty" msgstr "neniu tty" -#: plugins/sudoers/sudoers.c:488 +#: plugins/sudoers/sudoers.c:534 msgid "sorry, you must have a tty to run sudo" msgstr "bedaŭre vi devas havi tty-on por plenumigi sudo-on" -#: plugins/sudoers/sudoers.c:495 +#: plugins/sudoers/sudoers.c:541 #, c-format msgid "invalid shell for user %s: %s" msgstr "nevalida ŝelo por uzanto %s: %s" -#: plugins/sudoers/sudoers.c:578 +#: plugins/sudoers/sudoers.c:624 msgid "command in current directory" msgstr "komando en nuna dosierujo" -#: plugins/sudoers/sudoers.c:597 +#: plugins/sudoers/sudoers.c:639 +msgid "\"cd\" is a shell built-in command, it cannot be run directly." +msgstr "\"cd\" estas apriora ŝelkomando, ne eblas rekte plenumigi ĝin" + +#: plugins/sudoers/sudoers.c:641 +msgid "the -s option may be used to run a privileged shell." +msgstr "La elekton -s oni rajtas uzi por plenumigi privilegiitan ŝelon." + +#: plugins/sudoers/sudoers.c:643 +msgid "the -D option may be used to run a command in a specific directory." +msgstr "la elekto -D oni rajtas uzi por plenumigi komandon en specifa dosierujo." + +#: plugins/sudoers/sudoers.c:652 msgid "user not allowed to set a command timeout" msgstr "uzanto ne rajtas elekti komando-eksvalidiĝon" -#: plugins/sudoers/sudoers.c:599 +#: plugins/sudoers/sudoers.c:654 msgid "sorry, you are not allowed set a command timeout" msgstr "bedaŭre vi ne rajtas elekti komando-eksvalidiĝon" -#: plugins/sudoers/sudoers.c:607 +#: plugins/sudoers/sudoers.c:662 msgid "user not allowed to preserve the environment" msgstr "uzanto ne rajtas konservi la medion" -#: plugins/sudoers/sudoers.c:609 +#: plugins/sudoers/sudoers.c:664 msgid "sorry, you are not allowed to preserve the environment" msgstr "bedaŭre vi ne rajtas konservi la medion" -#: plugins/sudoers/sudoers.c:945 -msgid "command too long" -msgstr "komando tro longas" - -#: plugins/sudoers/sudoers.c:1003 +#: plugins/sudoers/sudoers.c:1037 msgid "sudoedit doesn't need to be run via sudo" msgstr "sudoedit ne devas plenumiĝi per sudo" -#: plugins/sudoers/sudoers.c:1057 plugins/sudoers/sudoreplay.c:1547 +#: plugins/sudoers/sudoers.c:1096 plugins/sudoers/sudoreplay.c:1578 #: plugins/sudoers/tsdump.c:138 #, c-format msgid "unable to read %s" msgstr "ne eblas legi %s" -#: plugins/sudoers/sudoers.c:1082 plugins/sudoers/visudo.c:432 -#: plugins/sudoers/visudo.c:726 +#: plugins/sudoers/sudoers.c:1121 plugins/sudoers/visudo.c:449 +#: plugins/sudoers/visudo.c:748 #, c-format msgid "unable to stat %s" msgstr "ne eblas apliki stat al %s" -#: plugins/sudoers/sudoers.c:1086 plugins/sudoers/visudo.c:1018 +#: plugins/sudoers/sudoers.c:1125 plugins/sudoers/visudo.c:1045 #, c-format msgid "%s is not a regular file" msgstr "%s ne estas normala dosiero" -#: plugins/sudoers/sudoers.c:1090 plugins/sudoers/timestamp.c:252 toke.l:1112 +#: plugins/sudoers/sudoers.c:1129 plugins/sudoers/timestamp.c:252 toke.l:1168 #, c-format msgid "%s is owned by uid %u, should be %u" msgstr "%s estas estrita de uid %u, devas esti %u" -#: plugins/sudoers/sudoers.c:1094 toke.l:1117 +#: plugins/sudoers/sudoers.c:1133 toke.l:1173 #, c-format msgid "%s is world writable" msgstr "%s estas skribebla de ĉiuj" -#: plugins/sudoers/sudoers.c:1098 toke.l:1120 +#: plugins/sudoers/sudoers.c:1137 toke.l:1176 #, c-format msgid "%s is owned by gid %u, should be %u" msgstr "%s estas estrita de gid %u, devas esti %u" -#: plugins/sudoers/sudoers.c:1131 +#: plugins/sudoers/sudoers.c:1170 #, c-format msgid "only root can use \"-c %s\"" msgstr "nur ĉefuzanto rajtas uzi \"-c %s\"" -#: plugins/sudoers/sudoers.c:1150 +#: plugins/sudoers/sudoers.c:1189 #, c-format -msgid "unknown login class: %s" +msgid "unknown login class %s" msgstr "nekonata ensaluta klaso: %s" -#: plugins/sudoers/sudoers.c:1235 plugins/sudoers/sudoers.c:1250 +#: plugins/sudoers/sudoers.c:1275 plugins/sudoers/sudoers.c:1290 #, c-format msgid "unable to resolve host %s" msgstr "ne eblas trovi gastiganton %s" -#: plugins/sudoers/sudoreplay.c:257 +#: plugins/sudoers/sudoreplay.c:259 #, c-format msgid "invalid filter option: %s" msgstr "malvalida filtrila elekto: %s" -#: plugins/sudoers/sudoreplay.c:273 +#: plugins/sudoers/sudoreplay.c:275 #, c-format msgid "invalid max wait: %s" msgstr "malvalida maksimuma atendo: %s" -#: plugins/sudoers/sudoreplay.c:296 +#: plugins/sudoers/sudoreplay.c:298 #, c-format msgid "invalid speed factor: %s" msgstr "malvalida rapida faktoro: %s" -#: plugins/sudoers/sudoreplay.c:332 +#: plugins/sudoers/sudoreplay.c:333 +#, c-format +msgid "invalid time offset %s" +msgstr "nevalida eksvalidiĝo-deŝovo %s" + +#: plugins/sudoers/sudoreplay.c:342 #, c-format msgid "%s/%.2s/%.2s/%.2s: %s" msgstr "%s/%.2s/%.2s/%.2s: %s" -#: plugins/sudoers/sudoreplay.c:337 +#: plugins/sudoers/sudoreplay.c:347 #, c-format msgid "%s/timing: %s" msgstr "%s/tempo-registrado: %s" -#: plugins/sudoers/sudoreplay.c:341 -#, c-format -msgid "%s/%s: %s" -msgstr "%s/%s: %s" - -#: plugins/sudoers/sudoreplay.c:365 +#: plugins/sudoers/sudoreplay.c:375 #, c-format msgid "Replaying sudo session: %s" msgstr "Refaranta sudo-seancon: %s" -#: plugins/sudoers/sudoreplay.c:627 +#: plugins/sudoers/sudoreplay.c:637 msgid "unable to set tty to raw mode" msgstr "ne eblas elekti tty-on en nudan reĝimon" -#: plugins/sudoers/sudoreplay.c:678 +#: plugins/sudoers/sudoreplay.c:688 msgid "Warning: your terminal is too small to properly replay the log.\n" msgstr "Averto: via terminalo estas tro malgranda por konvene reskribi la protokolon.\n" -#: plugins/sudoers/sudoreplay.c:679 +#: plugins/sudoers/sudoreplay.c:689 #, c-format msgid "Log geometry is %d x %d, your terminal's geometry is %d x %d." msgstr "Protokola grando estas %dx%d, sed via terminala grando estas %dx%d." -#: plugins/sudoers/sudoreplay.c:707 +#: plugins/sudoers/sudoreplay.c:717 msgid "Replay finished, press any key to restore the terminal." msgstr "Refarado finita, premu iu ajn klavon por restarigi la terminalon." -#: plugins/sudoers/sudoreplay.c:1197 plugins/sudoers/sudoreplay.c:1227 +#: plugins/sudoers/sudoreplay.c:1218 plugins/sudoers/sudoreplay.c:1248 #, c-format msgid "ambiguous expression \"%s\"" msgstr "ambigua esprimo \"%s\"" -#: plugins/sudoers/sudoreplay.c:1249 +#: plugins/sudoers/sudoreplay.c:1270 msgid "unmatched ')' in expression" msgstr "mankas krampo kongruanta al ')' en esprimo" -#: plugins/sudoers/sudoreplay.c:1253 +#: plugins/sudoers/sudoreplay.c:1274 #, c-format msgid "unknown search term \"%s\"" msgstr "nekonata serĉaĵo \"%s\"" -#: plugins/sudoers/sudoreplay.c:1268 +#: plugins/sudoers/sudoreplay.c:1289 #, c-format msgid "%s requires an argument" msgstr "%s bezonas parametron" -#: plugins/sudoers/sudoreplay.c:1271 plugins/sudoers/sudoreplay.c:1523 +#: plugins/sudoers/sudoreplay.c:1292 plugins/sudoers/sudoreplay.c:1554 #, c-format msgid "invalid regular expression: %s" msgstr "malvalida regulesprimo: %s" -#: plugins/sudoers/sudoreplay.c:1276 +#: plugins/sudoers/sudoreplay.c:1297 #, c-format msgid "could not parse date \"%s\"" msgstr "ne eblis analizi daton \"%s\"" -#: plugins/sudoers/sudoreplay.c:1285 +#: plugins/sudoers/sudoreplay.c:1306 msgid "unmatched '(' in expression" msgstr "mankas krampo kongruanta al '(' en esprimo" -#: plugins/sudoers/sudoreplay.c:1287 +#: plugins/sudoers/sudoreplay.c:1308 msgid "illegal trailing \"or\"" msgstr "malvalida posta \"or\"" -#: plugins/sudoers/sudoreplay.c:1289 +#: plugins/sudoers/sudoreplay.c:1310 msgid "illegal trailing \"!\"" msgstr "malvalida posta \"!\"" -#: plugins/sudoers/sudoreplay.c:1347 +#: plugins/sudoers/sudoreplay.c:1368 #, c-format msgid "unknown search type %d" msgstr "nekonata serĉtipo %d" -#: plugins/sudoers/sudoreplay.c:1614 +#: plugins/sudoers/sudoreplay.c:1645 #, c-format msgid "usage: %s [-hnRS] [-d dir] [-m num] [-s num] ID\n" msgstr "uzado: %s [-hnRS] [-d ujo] [-m num] [-s num] ID\n" -#: plugins/sudoers/sudoreplay.c:1617 +#: plugins/sudoers/sudoreplay.c:1648 #, c-format msgid "usage: %s [-h] [-d dir] -l [search expression]\n" msgstr "uzado: %s [-h] [-d ujo] -l [serĉaĵo]\n" -#: plugins/sudoers/sudoreplay.c:1626 +#: plugins/sudoers/sudoreplay.c:1657 #, c-format msgid "" "%s - replay sudo session logs\n" @@ -2783,7 +3428,7 @@ "%s - refari sudo-seancajn protokolojn\n" "\n" -#: plugins/sudoers/sudoreplay.c:1628 +#: plugins/sudoers/sudoreplay.c:1659 msgid "" "\n" "Options:\n" @@ -2811,11 +3456,11 @@ " -s, --speed=num rapidigi aŭ malrapidigi eligon\n" " -V, --version eligi eldonan informon kaj eliri" -#: plugins/sudoers/testsudoers.c:348 +#: plugins/sudoers/testsudoers.c:344 msgid "\thost unmatched" msgstr "\thost sen egalo" -#: plugins/sudoers/testsudoers.c:351 +#: plugins/sudoers/testsudoers.c:347 msgid "" "\n" "Command allowed" @@ -2823,7 +3468,7 @@ "\n" "Komando permesata" -#: plugins/sudoers/testsudoers.c:352 +#: plugins/sudoers/testsudoers.c:348 msgid "" "\n" "Command denied" @@ -2831,7 +3476,7 @@ "\n" "Komando rifuzata" -#: plugins/sudoers/testsudoers.c:352 +#: plugins/sudoers/testsudoers.c:348 msgid "" "\n" "Command unmatched" @@ -2844,121 +3489,127 @@ msgid "%s is group writable" msgstr "%s estas skribebla de la grupo" -#: plugins/sudoers/timestamp.c:336 plugins/sudoers/timestamp.c:680 +#: plugins/sudoers/timestamp.c:328 plugins/sudoers/timestamp.c:663 #, c-format msgid "unable to truncate time stamp file to %lld bytes" msgstr "ne eblas mallongigi tempo-indikilan dosieron ĝis %lld bajtoj" -#: plugins/sudoers/timestamp.c:866 +#: plugins/sudoers/timestamp.c:860 msgid "ignoring time stamp from the future" msgstr "ignoranta tempo-indikilon el la estonteco" -#: plugins/sudoers/timestamp.c:889 +#: plugins/sudoers/timestamp.c:883 #, c-format msgid "time stamp too far in the future: %20.20s" msgstr "tempo-indikilo tro estonte: %20.20s" -#: plugins/sudoers/timestamp.c:1011 +#: plugins/sudoers/timestamp.c:1005 #, c-format msgid "unable to lock time stamp file %s" msgstr "ne eblas ŝlosi tempo-indikilan dosieron %s" -#: plugins/sudoers/timestamp.c:1055 plugins/sudoers/timestamp.c:1075 +#: plugins/sudoers/timestamp.c:1049 plugins/sudoers/timestamp.c:1069 #, c-format msgid "lecture status path too long: %s/%s" msgstr "vojo de prelega stato tro longas: %s/%s" -#: plugins/sudoers/toke_util.c:124 +#: plugins/sudoers/toke_util.c:150 msgid "sudoedit should not be specified with a path" msgstr "sudoedit plej bone ne specifiĝu kun vojo" -#: plugins/sudoers/visudo.c:226 +#: plugins/sudoers/visudo.c:238 msgid "the -x option will be removed in a future release" -msgstr "la domifilo -x estos forigita en posta eldono" +msgstr "la elekto -x estos forigita en posta eldono" -#: plugins/sudoers/visudo.c:228 +#: plugins/sudoers/visudo.c:240 msgid "please consider using the cvtsudoers utility instead" msgstr "bonvolu konsideri uzi la utilaĵon cvtsudoers anstataŭe" -#: plugins/sudoers/visudo.c:279 plugins/sudoers/visudo.c:659 +#: plugins/sudoers/visudo.c:292 plugins/sudoers/visudo.c:676 #, c-format msgid "press return to edit %s: " msgstr "premu enen-klavon por redakti %s-on: " -#: plugins/sudoers/visudo.c:340 +#: plugins/sudoers/visudo.c:307 +#, c-format +msgid "contents of edit session left in %s" +msgstr "enhavo de redakto-seanco restigita en %s" + +#: plugins/sudoers/visudo.c:361 #, c-format msgid "specified editor (%s) doesn't exist" msgstr "specifita tekstoredaktilo (%s) ne ekzistas" -#: plugins/sudoers/visudo.c:342 +#: plugins/sudoers/visudo.c:363 #, c-format msgid "no editor found (editor path = %s)" msgstr "neniu tekstoredaktilo trovita (vojo = %s)" -#: plugins/sudoers/visudo.c:452 plugins/sudoers/visudo.c:460 +#: plugins/sudoers/visudo.c:469 plugins/sudoers/visudo.c:477 msgid "write error" msgstr "skriba eraro" -#: plugins/sudoers/visudo.c:506 +#: plugins/sudoers/visudo.c:523 #, c-format msgid "unable to stat temporary file (%s), %s unchanged" msgstr "ne eblas apliki stat al provizora dosiero (%s), %s neŝanĝita" -#: plugins/sudoers/visudo.c:513 +#: plugins/sudoers/visudo.c:530 #, c-format msgid "zero length temporary file (%s), %s unchanged" msgstr "nul-longa provizora dosiero (%s), %s neŝanĝita" -#: plugins/sudoers/visudo.c:519 +#: plugins/sudoers/visudo.c:536 #, c-format msgid "editor (%s) failed, %s unchanged" msgstr "redaktilo (%s) malsukcesis, %s neŝanĝita" -#: plugins/sudoers/visudo.c:541 +#: plugins/sudoers/visudo.c:558 #, c-format msgid "%s unchanged" msgstr "%s neŝanĝita" -#: plugins/sudoers/visudo.c:598 +#: plugins/sudoers/visudo.c:615 #, c-format msgid "unable to re-open temporary file (%s), %s unchanged." msgstr "ne eblas remalfermi provizoran dosieron (%s), %s neŝanĝita." -#: plugins/sudoers/visudo.c:610 +#: plugins/sudoers/visudo.c:627 #, c-format msgid "unable to parse temporary file (%s), unknown error" msgstr "ne eblas analizi provizoran dosieron (%s), nekonata eraro" -#: plugins/sudoers/visudo.c:648 +#: plugins/sudoers/visudo.c:665 #, c-format msgid "internal error, unable to find %s in list!" msgstr "interna eraro, ne eblas trovi %s en listo!" -#: plugins/sudoers/visudo.c:728 plugins/sudoers/visudo.c:737 +#: plugins/sudoers/visudo.c:722 plugins/sudoers/visudo.c:752 +#: plugins/sudoers/visudo.c:759 #, c-format msgid "unable to set (uid, gid) of %s to (%u, %u)" msgstr "ne eblas ŝanĝi (uid, gid) de %s al (%u, %u)" -#: plugins/sudoers/visudo.c:760 +#: plugins/sudoers/visudo.c:787 #, c-format msgid "%s and %s not on the same file system, using mv to rename" msgstr "%s kaj %s ne estas la sama dosiersistemo, uzanta mv-on por alinomi" -#: plugins/sudoers/visudo.c:774 +#: plugins/sudoers/visudo.c:798 #, c-format msgid "command failed: '%s %s %s', %s unchanged" msgstr "komando malsukcesis: '%s %s %s', %s neŝanĝita" -#: plugins/sudoers/visudo.c:784 +#: plugins/sudoers/visudo.c:805 #, c-format msgid "error renaming %s, %s unchanged" msgstr "eraro dum alinomi %s-on; %s neŝanĝita" -#: plugins/sudoers/visudo.c:805 +#: plugins/sudoers/visudo.c:825 msgid "What now? " msgstr "Kion nun? " -#: plugins/sudoers/visudo.c:819 +#: plugins/sudoers/visudo.c:839 msgid "" "Options are:\n" " (e)dit sudoers file again\n" @@ -2970,66 +3621,41 @@ " (x) eliri sen konservi ŝanĝojn al sudoers-dosiero\n" " (Q) Eliri kaj konservi ŝanĝojn al sudoers-dosiero (DANĜERA!)\n" -#: plugins/sudoers/visudo.c:865 +#: plugins/sudoers/visudo.c:885 #, c-format msgid "unable to run %s" msgstr "ne eblas plenumigi: %s" -#: plugins/sudoers/visudo.c:895 +#: plugins/sudoers/visudo.c:916 #, c-format msgid "%s: wrong owner (uid, gid) should be (%u, %u)\n" msgstr "%s: malĝusta estro (uid, gid) devas esti (%u, %u)\n" -#: plugins/sudoers/visudo.c:902 +#: plugins/sudoers/visudo.c:927 #, c-format msgid "%s: bad permissions, should be mode 0%o\n" msgstr "%s: misaj permesoj, devas esti reĝimo 0%o\n" -#: plugins/sudoers/visudo.c:951 plugins/sudoers/visudo.c:958 +#: plugins/sudoers/visudo.c:978 plugins/sudoers/visudo.c:985 #, c-format msgid "%s: parsed OK\n" msgstr "%s: analizita senerare\n" -#: plugins/sudoers/visudo.c:977 +#: plugins/sudoers/visudo.c:1004 #, c-format msgid "%s busy, try again later" msgstr "%s okupata, reprovu pli malfrue" -#: plugins/sudoers/visudo.c:980 -#, c-format -msgid "unable to lock %s" -msgstr "ne eblas ŝlosi: %s" - -#: plugins/sudoers/visudo.c:981 +#: plugins/sudoers/visudo.c:1008 msgid "Edit anyway? [y/N]" msgstr "Ĉu redakti ja? [y/N]" -#: plugins/sudoers/visudo.c:1091 -#, c-format -msgid "Error: %s:%d:%d: cycle in %s \"%s\"" -msgstr "Eraro: %s:%d:%d: ciklo en %s \"%s\"" - -#: plugins/sudoers/visudo.c:1092 -#, c-format -msgid "Warning: %s:%d:%d: cycle in %s \"%s\"" -msgstr "Averto: %s:%d:%d: ciklo en %s \"%s\"" - -#: plugins/sudoers/visudo.c:1096 -#, c-format -msgid "Error: %s:%d:%d: %s \"%s\" referenced but not defined" -msgstr "Eraro: %s:%d:%d: %s \"%s\" estas referencita sed ne difinita" - -#: plugins/sudoers/visudo.c:1097 -#, c-format -msgid "Warning: %s:%d:%d: %s \"%s\" referenced but not defined" -msgstr "Averto: %s:%d:%d: %s \"%s\" estas referencita sed ne difinita" - -#: plugins/sudoers/visudo.c:1188 +#: plugins/sudoers/visudo.c:1104 #, c-format msgid "Warning: %s:%d:%d: unused %s \"%s\"" msgstr "Averto: %s:%d:%d: neuzata %s \"%s\"" -#: plugins/sudoers/visudo.c:1303 +#: plugins/sudoers/visudo.c:1220 #, c-format msgid "" "%s - safely edit the sudoers file\n" @@ -3038,7 +3664,7 @@ "%s - sekure redakti la dosieron sudoers\n" "\n" -#: plugins/sudoers/visudo.c:1305 +#: plugins/sudoers/visudo.c:1222 msgid "" "\n" "Options:\n" @@ -3058,30 +3684,30 @@ " -s, --strict severa kontrolado de sintakso\n" " -V, --version montri eldonon kaj eliri\n" -#: toke.l:179 +#: toke.l:187 msgid "empty string" msgstr "malplena ĉeno" -#: toke.l:189 toke.l:491 +#: toke.l:199 toke.l:513 msgid "empty group" msgstr "malplena grupo" -#: toke.l:197 toke.l:489 +#: toke.l:209 toke.l:511 msgid "empty netgroup" msgstr "malplena retgrupo" -#: toke.l:293 toke.l:305 toke.l:317 toke.l:333 toke.l:352 toke.l:392 +#: toke.l:305 toke.l:317 toke.l:329 toke.l:345 toke.l:364 toke.l:404 msgid "invalid line continuation" msgstr "malvalida linio-daŭrigo" -#: toke.l:528 toke.l:540 +#: toke.l:550 toke.l:562 msgid "invalid IPv6 address" msgstr "malvalida IPv6-adreso" -#: toke.l:764 +#: toke.l:789 msgid "unexpected line break in string" msgstr "neatendita linirompo en ĉeno" -#: toke.l:1084 +#: toke.l:1139 msgid "too many levels of includes" msgstr "tro da niveloj de inkluzivaĵoj" Binary files /tmp/tmpi0rdlgnl/ugezXHF7Xt/sudo-1.9.5p2/plugins/sudoers/po/es.mo and /tmp/tmpi0rdlgnl/jboyaHmwzR/sudo-1.9.9/plugins/sudoers/po/es.mo differ diff -Nru sudo-1.9.5p2/plugins/sudoers/po/es.po sudo-1.9.9/plugins/sudoers/po/es.po --- sudo-1.9.5p2/plugins/sudoers/po/es.po 1970-01-01 00:00:00.000000000 +0000 +++ sudo-1.9.9/plugins/sudoers/po/es.po 2022-01-27 21:24:22.000000000 +0000 @@ -0,0 +1,1882 @@ +# Portable object template file for the sudoers plugin +# This file is put in the public domain. +# +# Todd C. Miller , 2011-2015. +# Carlos E. Robinson , 2015, 2016. +msgid "" +msgstr "" +"Project-Id-Version: sudoers 1.8.15rc3\n" +"Report-Msgid-Bugs-To: http://www.sudo.ws/bugs\n" +"POT-Creation-Date: 2015-10-24 06:26-0600\n" +"PO-Revision-Date: 2016-05-08 23:06+0200\n" +"Last-Translator: Carlos E. Robinson \n" +"Language-Team: Spanish \n" +"Language: es\n" +"X-Bugs: Report translation errors to the Language-Team address.\n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=UTF-8\n" +"Content-Transfer-Encoding: 8bit\n" +"Plural-Forms: nplurals=2; plural=(n != 1);\n" +"X-Generator: Lokalize 1.5\n" + +#: confstr.sh:1 +msgid "syntax error" +msgstr "error de sintaxis" + +#: confstr.sh:2 +msgid "%p's password: " +msgstr "contraseña de %p: " + +#: confstr.sh:3 +msgid "[sudo] password for %p: " +msgstr "[sudo] contraseña para %p: " + +#: confstr.sh:4 +msgid "Password: " +msgstr "Contraseña: " + +#: confstr.sh:5 +msgid "*** SECURITY information for %h ***" +msgstr "*** información de SEGURIDAD para %h ***" + +#: confstr.sh:6 +msgid "Sorry, try again." +msgstr "Lo siento, pruebe otra vez." + +#: gram.y:183 gram.y:201 gram.y:207 gram.y:213 gram.y:219 gram.y:225 +#: gram.y:241 gram.y:248 gram.y:255 gram.y:262 gram.y:269 gram.y:285 +#: gram.y:308 gram.y:315 gram.y:322 gram.y:329 gram.y:336 gram.y:391 +#: gram.y:399 gram.y:409 gram.y:439 gram.y:446 gram.y:453 gram.y:460 +#: gram.y:572 gram.y:579 gram.y:588 gram.y:597 gram.y:614 gram.y:670 +#: gram.y:677 gram.y:684 gram.y:692 gram.y:784 gram.y:791 gram.y:798 +#: gram.y:805 gram.y:812 gram.y:838 gram.y:845 gram.y:852 gram.y:1136 +#: gram.y:1143 plugins/sudoers/alias.c:123 plugins/sudoers/alias.c:136 +#: plugins/sudoers/auth/bsdauth.c:141 plugins/sudoers/auth/kerb5.c:119 +#: plugins/sudoers/auth/kerb5.c:145 plugins/sudoers/auth/pam.c:398 +#: plugins/sudoers/auth/pam.c:449 plugins/sudoers/auth/rfc1938.c:109 +#: plugins/sudoers/auth/sia.c:59 plugins/sudoers/defaults.c:516 +#: plugins/sudoers/defaults.c:720 plugins/sudoers/defaults.c:880 +#: plugins/sudoers/editor.c:64 plugins/sudoers/editor.c:82 +#: plugins/sudoers/editor.c:92 plugins/sudoers/env.c:233 +#: plugins/sudoers/group_plugin.c:133 plugins/sudoers/iolog.c:586 +#: plugins/sudoers/iolog.c:618 plugins/sudoers/iolog_path.c:167 +#: plugins/sudoers/ldap.c:446 plugins/sudoers/ldap.c:477 +#: plugins/sudoers/ldap.c:529 plugins/sudoers/ldap.c:562 +#: plugins/sudoers/ldap.c:914 plugins/sudoers/ldap.c:1061 +#: plugins/sudoers/ldap.c:1348 plugins/sudoers/ldap.c:1521 +#: plugins/sudoers/ldap.c:1597 plugins/sudoers/ldap.c:1733 +#: plugins/sudoers/ldap.c:1757 plugins/sudoers/ldap.c:1787 +#: plugins/sudoers/ldap.c:1840 plugins/sudoers/ldap.c:1855 +#: plugins/sudoers/ldap.c:1951 plugins/sudoers/ldap.c:1984 +#: plugins/sudoers/ldap.c:2137 plugins/sudoers/ldap.c:2234 +#: plugins/sudoers/ldap.c:3041 plugins/sudoers/ldap.c:3074 +#: plugins/sudoers/ldap.c:3388 plugins/sudoers/ldap.c:3416 +#: plugins/sudoers/ldap.c:3427 plugins/sudoers/ldap.c:3517 +#: plugins/sudoers/ldap.c:3533 plugins/sudoers/linux_audit.c:76 +#: plugins/sudoers/logging.c:188 plugins/sudoers/logging.c:666 +#: plugins/sudoers/logging.c:924 plugins/sudoers/match.c:501 +#: plugins/sudoers/match.c:537 plugins/sudoers/match.c:699 +#: plugins/sudoers/match.c:756 plugins/sudoers/parse.c:235 +#: plugins/sudoers/parse.c:247 plugins/sudoers/parse.c:262 +#: plugins/sudoers/parse.c:274 plugins/sudoers/policy.c:384 +#: plugins/sudoers/policy.c:583 plugins/sudoers/prompt.c:93 +#: plugins/sudoers/sssd.c:160 plugins/sudoers/sssd.c:192 +#: plugins/sudoers/sssd.c:235 plugins/sudoers/sssd.c:242 +#: plugins/sudoers/sssd.c:278 plugins/sudoers/sssd.c:323 +#: plugins/sudoers/sssd.c:917 plugins/sudoers/sssd.c:1050 +#: plugins/sudoers/sudoers.c:159 plugins/sudoers/sudoers.c:294 +#: plugins/sudoers/sudoers.c:304 plugins/sudoers/sudoers.c:312 +#: plugins/sudoers/sudoers.c:365 plugins/sudoers/sudoers.c:663 +#: plugins/sudoers/sudoers.c:749 plugins/sudoers/sudoers.c:793 +#: plugins/sudoers/sudoers_debug.c:107 plugins/sudoers/sudoreplay.c:472 +#: plugins/sudoers/sudoreplay.c:668 plugins/sudoers/sudoreplay.c:780 +#: plugins/sudoers/sudoreplay.c:820 plugins/sudoers/sudoreplay.c:829 +#: plugins/sudoers/sudoreplay.c:839 plugins/sudoers/sudoreplay.c:847 +#: plugins/sudoers/sudoreplay.c:851 plugins/sudoers/sudoreplay.c:1007 +#: plugins/sudoers/sudoreplay.c:1011 plugins/sudoers/testsudoers.c:130 +#: plugins/sudoers/testsudoers.c:188 plugins/sudoers/testsudoers.c:215 +#: plugins/sudoers/testsudoers.c:232 plugins/sudoers/timestamp.c:390 +#: plugins/sudoers/timestamp.c:426 plugins/sudoers/timestamp.c:838 +#: plugins/sudoers/toke_util.c:56 plugins/sudoers/toke_util.c:109 +#: plugins/sudoers/toke_util.c:147 plugins/sudoers/visudo.c:152 +#: plugins/sudoers/visudo.c:213 plugins/sudoers/visudo.c:297 +#: plugins/sudoers/visudo.c:303 plugins/sudoers/visudo.c:433 +#: plugins/sudoers/visudo.c:979 plugins/sudoers/visudo.c:1023 +#: plugins/sudoers/visudo.c:1119 toke.l:785 toke.l:806 toke.l:816 toke.l:924 +#: toke.l:1082 +msgid "unable to allocate memory" +msgstr "no se pudo asignar memoria" + +#: gram.y:471 +msgid "a digest requires a path name" +msgstr "un compendio requiere un nombre de ruta" + +#: gram.y:1136 gram.y:1143 plugins/sudoers/auth/pam.c:398 +#: plugins/sudoers/auth/pam.c:449 plugins/sudoers/auth/rfc1938.c:109 +#: plugins/sudoers/defaults.c:516 plugins/sudoers/defaults.c:720 +#: plugins/sudoers/defaults.c:880 plugins/sudoers/editor.c:64 +#: plugins/sudoers/editor.c:82 plugins/sudoers/editor.c:92 +#: plugins/sudoers/env.c:233 plugins/sudoers/group_plugin.c:133 +#: plugins/sudoers/iolog.c:586 plugins/sudoers/iolog.c:618 +#: plugins/sudoers/iolog_path.c:167 plugins/sudoers/ldap.c:446 +#: plugins/sudoers/ldap.c:477 plugins/sudoers/ldap.c:529 +#: plugins/sudoers/ldap.c:562 plugins/sudoers/ldap.c:914 +#: plugins/sudoers/ldap.c:1061 plugins/sudoers/ldap.c:1348 +#: plugins/sudoers/ldap.c:1521 plugins/sudoers/ldap.c:1597 +#: plugins/sudoers/ldap.c:1733 plugins/sudoers/ldap.c:1757 +#: plugins/sudoers/ldap.c:1787 plugins/sudoers/ldap.c:1840 +#: plugins/sudoers/ldap.c:1855 plugins/sudoers/ldap.c:1951 +#: plugins/sudoers/ldap.c:1984 plugins/sudoers/ldap.c:2137 +#: plugins/sudoers/ldap.c:2234 plugins/sudoers/ldap.c:3041 +#: plugins/sudoers/ldap.c:3074 plugins/sudoers/ldap.c:3388 +#: plugins/sudoers/ldap.c:3416 plugins/sudoers/ldap.c:3427 +#: plugins/sudoers/ldap.c:3517 plugins/sudoers/ldap.c:3533 +#: plugins/sudoers/linux_audit.c:76 plugins/sudoers/logging.c:188 +#: plugins/sudoers/logging.c:924 plugins/sudoers/match.c:501 +#: plugins/sudoers/match.c:537 plugins/sudoers/match.c:699 +#: plugins/sudoers/match.c:756 plugins/sudoers/parse.c:235 +#: plugins/sudoers/parse.c:247 plugins/sudoers/parse.c:262 +#: plugins/sudoers/parse.c:274 plugins/sudoers/policy.c:97 +#: plugins/sudoers/policy.c:106 plugins/sudoers/policy.c:115 +#: plugins/sudoers/policy.c:139 plugins/sudoers/policy.c:250 +#: plugins/sudoers/policy.c:271 plugins/sudoers/policy.c:280 +#: plugins/sudoers/policy.c:319 plugins/sudoers/policy.c:329 +#: plugins/sudoers/policy.c:338 plugins/sudoers/policy.c:384 +#: plugins/sudoers/policy.c:583 plugins/sudoers/prompt.c:93 +#: plugins/sudoers/set_perms.c:356 plugins/sudoers/set_perms.c:695 +#: plugins/sudoers/set_perms.c:1054 plugins/sudoers/set_perms.c:1350 +#: plugins/sudoers/set_perms.c:1514 plugins/sudoers/sssd.c:160 +#: plugins/sudoers/sssd.c:192 plugins/sudoers/sssd.c:235 +#: plugins/sudoers/sssd.c:242 plugins/sudoers/sssd.c:278 +#: plugins/sudoers/sssd.c:323 plugins/sudoers/sssd.c:917 +#: plugins/sudoers/sssd.c:1050 plugins/sudoers/sudoers.c:159 +#: plugins/sudoers/sudoers.c:294 plugins/sudoers/sudoers.c:304 +#: plugins/sudoers/sudoers.c:312 plugins/sudoers/sudoers.c:365 +#: plugins/sudoers/sudoers.c:663 plugins/sudoers/sudoers.c:749 +#: plugins/sudoers/sudoers.c:793 plugins/sudoers/sudoers_debug.c:106 +#: plugins/sudoers/sudoreplay.c:472 plugins/sudoers/sudoreplay.c:668 +#: plugins/sudoers/sudoreplay.c:780 plugins/sudoers/sudoreplay.c:820 +#: plugins/sudoers/sudoreplay.c:829 plugins/sudoers/sudoreplay.c:839 +#: plugins/sudoers/sudoreplay.c:847 plugins/sudoers/sudoreplay.c:851 +#: plugins/sudoers/sudoreplay.c:1007 plugins/sudoers/sudoreplay.c:1011 +#: plugins/sudoers/testsudoers.c:130 plugins/sudoers/testsudoers.c:188 +#: plugins/sudoers/testsudoers.c:215 plugins/sudoers/testsudoers.c:232 +#: plugins/sudoers/timestamp.c:390 plugins/sudoers/timestamp.c:426 +#: plugins/sudoers/timestamp.c:838 plugins/sudoers/toke_util.c:56 +#: plugins/sudoers/toke_util.c:109 plugins/sudoers/toke_util.c:147 +#: plugins/sudoers/visudo.c:152 plugins/sudoers/visudo.c:213 +#: plugins/sudoers/visudo.c:297 plugins/sudoers/visudo.c:303 +#: plugins/sudoers/visudo.c:433 plugins/sudoers/visudo.c:979 +#: plugins/sudoers/visudo.c:1023 plugins/sudoers/visudo.c:1119 toke.l:785 +#: toke.l:806 toke.l:816 toke.l:924 toke.l:1082 +#, c-format +msgid "%s: %s" +msgstr "%s: %s" + +#: plugins/sudoers/alias.c:132 +#, c-format +msgid "Alias `%s' already defined" +msgstr "El alias `%s' ya fue definido" + +#: plugins/sudoers/auth/bsdauth.c:68 +#, c-format +msgid "unable to get login class for user %s" +msgstr "no se pudo obtener la clase de login del usuario %s" + +#: plugins/sudoers/auth/bsdauth.c:73 +msgid "unable to begin bsd authentication" +msgstr "no se pudo iniciar autenticicación bsd" + +#: plugins/sudoers/auth/bsdauth.c:81 +msgid "invalid authentication type" +msgstr "tipo de autenticicación inválido" + +#: plugins/sudoers/auth/bsdauth.c:90 +msgid "unable to initialize BSD authentication" +msgstr "no se pudo inicializar la autenticicación BSD" + +#: plugins/sudoers/auth/fwtk.c:52 +msgid "unable to read fwtk config" +msgstr "no se pudo leer la configuración fwtk" + +#: plugins/sudoers/auth/fwtk.c:57 +msgid "unable to connect to authentication server" +msgstr "no se pudo conectar con el servidor de autenticicación" + +#: plugins/sudoers/auth/fwtk.c:63 plugins/sudoers/auth/fwtk.c:87 +#: plugins/sudoers/auth/fwtk.c:120 +msgid "lost connection to authentication server" +msgstr "se perdió la conexión con el servidor de autenticicación" + +#: plugins/sudoers/auth/fwtk.c:67 +#, c-format +msgid "" +"authentication server error:\n" +"%s" +msgstr "" +"error del servidor de autenticicación:\n" +"%s" + +#: plugins/sudoers/auth/kerb5.c:111 +#, c-format +msgid "%s: unable to convert principal to string ('%s'): %s" +msgstr "%s: no se pudo convertir el principal a string ('%s'): %s" + +#: plugins/sudoers/auth/kerb5.c:161 +#, c-format +msgid "%s: unable to parse '%s': %s" +msgstr "%s: no se pudo analizar '%s': %s" + +#: plugins/sudoers/auth/kerb5.c:170 +#, c-format +msgid "%s: unable to resolve credential cache: %s" +msgstr "%s: no se pudo resolver la caché de credenciales: %s" + +#: plugins/sudoers/auth/kerb5.c:217 +#, c-format +msgid "%s: unable to allocate options: %s" +msgstr "%s: no se pudo asignar opciones: %s" + +#: plugins/sudoers/auth/kerb5.c:232 +#, c-format +msgid "%s: unable to get credentials: %s" +msgstr "%s: no se pudo obtener las credenciales: %s" + +#: plugins/sudoers/auth/kerb5.c:245 +#, c-format +msgid "%s: unable to initialize credential cache: %s" +msgstr "%s: no se pudo obtener la caché de credenciales: %s" + +#: plugins/sudoers/auth/kerb5.c:248 +#, c-format +msgid "%s: unable to store credential in cache: %s" +msgstr "%s: no se pudo guardar la credencial en la cache: %s" + +#: plugins/sudoers/auth/kerb5.c:312 +#, c-format +msgid "%s: unable to get host principal: %s" +msgstr "%s: no se pudo obtener la principal del host: %s" + +#: plugins/sudoers/auth/kerb5.c:326 +#, c-format +msgid "%s: Cannot verify TGT! Possible attack!: %s" +msgstr "%s: ¡No se pudo verificar TGT! ¡Posible ataque!: %s" + +#: plugins/sudoers/auth/pam.c:92 +msgid "unable to initialize PAM" +msgstr "no se pudo inicializar PAM" + +#: plugins/sudoers/auth/pam.c:164 +msgid "account validation failure, is your account locked?" +msgstr "fallo de validación de la cuenta, ¿está su cuenta bloqueada?" + +#: plugins/sudoers/auth/pam.c:168 +msgid "Account or password is expired, reset your password and try again" +msgstr "La cuenta o la contraseña ha caducado, reinicie su contraseña y pruebe de nuevo" + +#: plugins/sudoers/auth/pam.c:176 +#, c-format +msgid "unable to change expired password: %s" +msgstr "no se pudo cambiar la contraseña caducada: %s" + +#: plugins/sudoers/auth/pam.c:181 +msgid "Password expired, contact your system administrator" +msgstr "La contraseña caducó, contacte con el administrador de su sistema" + +#: plugins/sudoers/auth/pam.c:185 +msgid "Account expired or PAM config lacks an \"account\" section for sudo, contact your system administrator" +msgstr "La cuenta caducó o la configuración de PAM no tiene una sección \"account\" para sudo, contacte con el administrador de su sistema" + +#: plugins/sudoers/auth/pam.c:199 +#, c-format +msgid "PAM authentication error: %s" +msgstr "Error de autenticicación PAM: %s" + +#: plugins/sudoers/auth/rfc1938.c:97 plugins/sudoers/visudo.c:218 +#, c-format +msgid "you do not exist in the %s database" +msgstr "usted no existe el la base de datos %s" + +#: plugins/sudoers/auth/securid5.c:73 +msgid "failed to initialise the ACE API library" +msgstr "no se pudo inicializar la API de la librería ACE" + +#: plugins/sudoers/auth/securid5.c:99 +msgid "unable to contact the SecurID server" +msgstr "no se pudo contactar con el servidor SecurID" + +#: plugins/sudoers/auth/securid5.c:108 +msgid "User ID locked for SecurID Authentication" +msgstr "ID del usuario bloqueada para autenticicación SecurID" + +#: plugins/sudoers/auth/securid5.c:112 plugins/sudoers/auth/securid5.c:163 +msgid "invalid username length for SecurID" +msgstr "longitud del nombre de usuario inválida para SecurID" + +#: plugins/sudoers/auth/securid5.c:116 plugins/sudoers/auth/securid5.c:168 +msgid "invalid Authentication Handle for SecurID" +msgstr "Manejador de autenticicación inválido para SecurID" + +#: plugins/sudoers/auth/securid5.c:120 +msgid "SecurID communication failed" +msgstr "falló la comunicación con SecurID" + +#: plugins/sudoers/auth/securid5.c:124 plugins/sudoers/auth/securid5.c:207 +msgid "unknown SecurID error" +msgstr "error SecurID desconocido" + +#: plugins/sudoers/auth/securid5.c:158 +msgid "invalid passcode length for SecurID" +msgstr "longitud de código de paso inválido para Securid" + +#: plugins/sudoers/auth/sia.c:69 plugins/sudoers/auth/sia.c:124 +msgid "unable to initialize SIA session" +msgstr "no se pudo inicializar la sesión SIA" + +#: plugins/sudoers/auth/sudo_auth.c:126 +msgid "invalid authentication methods" +msgstr "métodos de autenticicación inválidos" + +#: plugins/sudoers/auth/sudo_auth.c:128 +msgid "Invalid authentication methods compiled into sudo! You may not mix standalone and non-standalone authentication." +msgstr "¡El sudo ha sido compilado con métodos de autenticicación inválidos! No puede mezclar autenticicación independiente y no independiente." + +#: plugins/sudoers/auth/sudo_auth.c:225 plugins/sudoers/auth/sudo_auth.c:274 +msgid "no authentication methods" +msgstr "sin métodos de autenticicación" + +#: plugins/sudoers/auth/sudo_auth.c:227 +msgid "There are no authentication methods compiled into sudo! If you want to turn off authentication, use the --disable-authentication configure option." +msgstr "¡El sudo ha sido compilado sin métodos de autenticicación! Si desea desactivar la autenticicación, use la opción de configuración --disable-authentication." + +#: plugins/sudoers/auth/sudo_auth.c:276 +msgid "Unable to initialize authentication methods." +msgstr "no se pudo inicializar los métodos de autenticicación." + +#: plugins/sudoers/auth/sudo_auth.c:435 +msgid "Authentication methods:" +msgstr "Métodos de autenticicación:" + +#: plugins/sudoers/bsm_audit.c:111 plugins/sudoers/bsm_audit.c:200 +msgid "Could not determine audit condition" +msgstr "No se pudo determinar la condición de la auditoría" + +#: plugins/sudoers/bsm_audit.c:172 plugins/sudoers/bsm_audit.c:260 +msgid "unable to commit audit record" +msgstr "" + +#: plugins/sudoers/check.c:252 +msgid "" +"\n" +"We trust you have received the usual lecture from the local System\n" +"Administrator. It usually boils down to these three things:\n" +"\n" +" #1) Respect the privacy of others.\n" +" #2) Think before you type.\n" +" #3) With great power comes great responsibility.\n" +"\n" +msgstr "" +"\n" +"Confiamos que haya recibido la charla habitual del administrador\n" +"de sistema local. Por lo general se reduce a estas tres cosas:\n" +"\n" +" #1) Respeta la privacidad de otros.\n" +" #2) Piensa antes de escribir.\n" +" #3) Un gran poder conlleva una gran responsabilidad.\n" +"\n" + +#: plugins/sudoers/check.c:295 plugins/sudoers/check.c:305 +#: plugins/sudoers/sudoers.c:699 plugins/sudoers/sudoers.c:728 +#, c-format +msgid "unknown uid: %u" +msgstr "uid desconocido: %u" + +#: plugins/sudoers/check.c:300 plugins/sudoers/policy.c:755 +#: plugins/sudoers/sudoers.c:1095 plugins/sudoers/testsudoers.c:206 +#: plugins/sudoers/testsudoers.c:361 +#, c-format +msgid "unknown user: %s" +msgstr "usuario desconocido: %s" + +#: plugins/sudoers/def_data.c:27 +#, c-format +msgid "Syslog facility if syslog is being used for logging: %s" +msgstr "Facilidad de syslog, cuando se usa syslog para el registro: %s" + +#: plugins/sudoers/def_data.c:31 +#, c-format +msgid "Syslog priority to use when user authenticates successfully: %s" +msgstr "Prioridad de syslog a usarse cuando el usuario se autentifica con éxito: %s" + +#: plugins/sudoers/def_data.c:35 +#, c-format +msgid "Syslog priority to use when user authenticates unsuccessfully: %s" +msgstr "Prioridad de syslog a usarse cuando el usuario no se autentifica con éxito: %s" + +#: plugins/sudoers/def_data.c:39 +msgid "Put OTP prompt on its own line" +msgstr "Pone la petición de OTP en su propia línea" + +#: plugins/sudoers/def_data.c:43 +msgid "Ignore '.' in $PATH" +msgstr "No hace caso del '.' en el $PATH" + +#: plugins/sudoers/def_data.c:47 +msgid "Always send mail when sudo is run" +msgstr "Siempre envía el correo cuando se ejecuta sudo" + +#: plugins/sudoers/def_data.c:51 +msgid "Send mail if user authentication fails" +msgstr "Envía correo si la autenticicación de usuario falla" + +#: plugins/sudoers/def_data.c:55 +msgid "Send mail if the user is not in sudoers" +msgstr "Envía correo si el usuario no está en sudoers" + +#: plugins/sudoers/def_data.c:59 +msgid "Send mail if the user is not in sudoers for this host" +msgstr "Envía correo si el usuario no está en el sudoers de este equipo" + +#: plugins/sudoers/def_data.c:63 +msgid "Send mail if the user is not allowed to run a command" +msgstr "Envía correo si no se permite al usuario ejecutar un comando" + +#: plugins/sudoers/def_data.c:67 +msgid "Send mail if the user tries to run a command" +msgstr "Envía correo si el usuario trata de ejecutar un comando" + +#: plugins/sudoers/def_data.c:71 +msgid "Use a separate timestamp for each user/tty combo" +msgstr "Usa una marca de tiempo separada para cada combinación usuario/tty" + +#: plugins/sudoers/def_data.c:75 +msgid "Lecture user the first time they run sudo" +msgstr "Da la charla al usuario la primera vez que use sudo" + +#: plugins/sudoers/def_data.c:79 +#, c-format +msgid "File containing the sudo lecture: %s" +msgstr "Fichero que contiene la charla sobre sudo: %s" + +#: plugins/sudoers/def_data.c:83 +msgid "Require users to authenticate by default" +msgstr "Requiere a los usuarios que por defecto se autentifiquen" + +#: plugins/sudoers/def_data.c:87 +msgid "Root may run sudo" +msgstr "Root puede usar sudo" + +#: plugins/sudoers/def_data.c:91 +msgid "Log the hostname in the (non-syslog) log file" +msgstr "Registra el equipo en el fichero de registro (no de syslog)" + +#: plugins/sudoers/def_data.c:95 +msgid "Log the year in the (non-syslog) log file" +msgstr "Registra el año en el fichero de registro (no de syslog)" + +#: plugins/sudoers/def_data.c:99 +msgid "If sudo is invoked with no arguments, start a shell" +msgstr "Si se llama a sudo sin argumentos, iniciará una terminal de órdenes" + +#: plugins/sudoers/def_data.c:103 +msgid "Set $HOME to the target user when starting a shell with -s" +msgstr "Establece $HOME al usuario objetivo cuando se empieza una terminal de órdenes con -s" + +#: plugins/sudoers/def_data.c:107 +msgid "Always set $HOME to the target user's home directory" +msgstr "Establece siempre $HOME al directorio home del usuario objetivo" + +#: plugins/sudoers/def_data.c:111 +msgid "Allow some information gathering to give useful error messages" +msgstr "Permite alguna recolección de datos para dar mensajes de error útiles" + +#: plugins/sudoers/def_data.c:115 +msgid "Require fully-qualified hostnames in the sudoers file" +msgstr "Requerir nombres de equipo plenamente-cualificados en el fichero sudoers" + +#: plugins/sudoers/def_data.c:119 +msgid "Insult the user when they enter an incorrect password" +msgstr "Se insultará al usuario cuando introduzcan una contraseña incorrecta" + +#: plugins/sudoers/def_data.c:123 +msgid "Only allow the user to run sudo if they have a tty" +msgstr "Unicamente se permitirá al usuario ejecutar sudo si tienen una tty" + +#: plugins/sudoers/def_data.c:127 +msgid "Visudo will honor the EDITOR environment variable" +msgstr "Visudo obedecerá a la variable de entorno EDITOR" + +#: plugins/sudoers/def_data.c:131 +msgid "Prompt for root's password, not the users's" +msgstr "Pide la contraseña del root, no del usuario" + +#: plugins/sudoers/def_data.c:135 +msgid "Prompt for the runas_default user's password, not the users's" +msgstr "Pide la contraseña del usuario por omisión 'runas', no del usuario" + +#: plugins/sudoers/def_data.c:139 +msgid "Prompt for the target user's password, not the users's" +msgstr "Pide la contraseña del usuario objetivo, no del usuario" + +#: plugins/sudoers/def_data.c:143 +msgid "Apply defaults in the target user's login class if there is one" +msgstr "Aplica valores por omisión en la clase del usuario objetivo si es que hay uno" + +#: plugins/sudoers/def_data.c:147 +msgid "Set the LOGNAME and USER environment variables" +msgstr "Establece las variables de entorno LOGNAME y USER" + +#: plugins/sudoers/def_data.c:151 +msgid "Only set the effective uid to the target user, not the real uid" +msgstr "Establece unicamente el uid efectivo unicamente al del usuario objetivo, no el uid real" + +#: plugins/sudoers/def_data.c:155 +msgid "Don't initialize the group vector to that of the target user" +msgstr "No inicializa el vector de grupo al del usuario objetivo" + +#: plugins/sudoers/def_data.c:159 +#, c-format +msgid "Length at which to wrap log file lines (0 for no wrap): %u" +msgstr "Longitud a la cual enrollar las lineas del registro (0 para no enrollar): %u" + +#: plugins/sudoers/def_data.c:163 +#, c-format +msgid "Authentication timestamp timeout: %.1f minutes" +msgstr "Temporizador de la marca de tiempo de la autenticicación: %.1f minutos" + +#: plugins/sudoers/def_data.c:167 +#, c-format +msgid "Password prompt timeout: %.1f minutes" +msgstr "Temporizador de la solicitud de contraseña: %.1f minutos" + +#: plugins/sudoers/def_data.c:171 +#, c-format +msgid "Number of tries to enter a password: %u" +msgstr "Número de intentos para introducir una contraseña: %u" + +#: plugins/sudoers/def_data.c:175 +#, c-format +msgid "Umask to use or 0777 to use user's: 0%o" +msgstr "Umask que debe usarse o 0777 para usar la del usuario: 0%o" + +#: plugins/sudoers/def_data.c:179 +#, c-format +msgid "Path to log file: %s" +msgstr "Camino al fichero de registro: %s" + +#: plugins/sudoers/def_data.c:183 +#, c-format +msgid "Path to mail program: %s" +msgstr "Camino al programa de correo: %s" + +#: plugins/sudoers/def_data.c:187 +#, c-format +msgid "Flags for mail program: %s" +msgstr "Banderas para el programa de correo: %s" + +#: plugins/sudoers/def_data.c:191 +#, c-format +msgid "Address to send mail to: %s" +msgstr "Dirección a la que enviar el correo: %s" + +#: plugins/sudoers/def_data.c:195 +#, c-format +msgid "Address to send mail from: %s" +msgstr "Dirección desde la que enviar el correo: %s" + +#: plugins/sudoers/def_data.c:199 +#, c-format +msgid "Subject line for mail messages: %s" +msgstr "Linea de tema a usar en los mensajes de correo: %s" + +#: plugins/sudoers/def_data.c:203 +#, c-format +msgid "Incorrect password message: %s" +msgstr "Mensaje de contraseña incorrecta: %s" + +#: plugins/sudoers/def_data.c:207 +#, c-format +msgid "Path to lecture status dir: %s" +msgstr "Camino al directorio de estado de las charlas: %s" + +#: plugins/sudoers/def_data.c:211 +#, c-format +msgid "Path to authentication timestamp dir: %s" +msgstr "Camino al directorio de marcas de tiempo de las autenticaciones: %s" + +#: plugins/sudoers/def_data.c:215 +#, c-format +msgid "Owner of the authentication timestamp dir: %s" +msgstr "Propietario del directorio de marcas de tiempo de las autenticaciones: %s" + +#: plugins/sudoers/def_data.c:219 +#, c-format +msgid "Users in this group are exempt from password and PATH requirements: %s" +msgstr "Los usuarios en este grupo están exentos de los requisitos de contraseña y PATH (camino): %s" + +#: plugins/sudoers/def_data.c:223 +#, c-format +msgid "Default password prompt: %s" +msgstr "Solicitud por omisión de contraseña: %s" + +#: plugins/sudoers/def_data.c:227 +msgid "If set, passprompt will override system prompt in all cases." +msgstr "Si se define, passprompt substituirá al indicador del sistema en todos los casos." + +#: plugins/sudoers/def_data.c:231 +#, c-format +msgid "Default user to run commands as: %s" +msgstr "Usuario por omisión que se utilizará para ejecutar los comandos: %s" + +#: plugins/sudoers/def_data.c:235 +#, c-format +msgid "Value to override user's $PATH with: %s" +msgstr "Valor que substituirá al del usuario en el $PATH: %s" + +#: plugins/sudoers/def_data.c:239 +#, c-format +msgid "Path to the editor for use by visudo: %s" +msgstr "Camino al editor que se usará por visudo: %s" + +#: plugins/sudoers/def_data.c:243 +#, c-format +msgid "When to require a password for 'list' pseudocommand: %s" +msgstr "" + +#: plugins/sudoers/def_data.c:247 +#, c-format +msgid "When to require a password for 'verify' pseudocommand: %s" +msgstr "" + +#: plugins/sudoers/def_data.c:251 +msgid "Preload the dummy exec functions contained in the sudo_noexec library" +msgstr "" + +#: plugins/sudoers/def_data.c:255 +msgid "If LDAP directory is up, do we ignore local sudoers file" +msgstr "" + +#: plugins/sudoers/def_data.c:259 +#, c-format +msgid "File descriptors >= %d will be closed before executing a command" +msgstr "" + +#: plugins/sudoers/def_data.c:263 +msgid "If set, users may override the value of `closefrom' with the -C option" +msgstr "" + +#: plugins/sudoers/def_data.c:267 +msgid "Allow users to set arbitrary environment variables" +msgstr "" + +#: plugins/sudoers/def_data.c:271 +msgid "Reset the environment to a default set of variables" +msgstr "" + +#: plugins/sudoers/def_data.c:275 +msgid "Environment variables to check for sanity:" +msgstr "" + +#: plugins/sudoers/def_data.c:279 +msgid "Environment variables to remove:" +msgstr "" + +#: plugins/sudoers/def_data.c:283 +msgid "Environment variables to preserve:" +msgstr "" + +#: plugins/sudoers/def_data.c:287 +#, c-format +msgid "SELinux role to use in the new security context: %s" +msgstr "" + +#: plugins/sudoers/def_data.c:291 +#, c-format +msgid "SELinux type to use in the new security context: %s" +msgstr "" + +#: plugins/sudoers/def_data.c:295 +#, c-format +msgid "Path to the sudo-specific environment file: %s" +msgstr "" + +#: plugins/sudoers/def_data.c:299 +#, c-format +msgid "Locale to use while parsing sudoers: %s" +msgstr "" + +#: plugins/sudoers/def_data.c:303 +msgid "Allow sudo to prompt for a password even if it would be visible" +msgstr "" + +#: plugins/sudoers/def_data.c:307 +msgid "Provide visual feedback at the password prompt when there is user input" +msgstr "" + +#: plugins/sudoers/def_data.c:311 +msgid "Use faster globbing that is less accurate but does not access the filesystem" +msgstr "" + +#: plugins/sudoers/def_data.c:315 +msgid "The umask specified in sudoers will override the user's, even if it is more permissive" +msgstr "" + +#: plugins/sudoers/def_data.c:319 +msgid "Log user's input for the command being run" +msgstr "" + +#: plugins/sudoers/def_data.c:323 +msgid "Log the output of the command being run" +msgstr "" + +#: plugins/sudoers/def_data.c:327 +msgid "Compress I/O logs using zlib" +msgstr "" + +#: plugins/sudoers/def_data.c:331 +msgid "Always run commands in a pseudo-tty" +msgstr "" + +#: plugins/sudoers/def_data.c:335 +#, c-format +msgid "Plugin for non-Unix group support: %s" +msgstr "" + +#: plugins/sudoers/def_data.c:339 +#, c-format +msgid "Directory in which to store input/output logs: %s" +msgstr "" + +#: plugins/sudoers/def_data.c:343 +#, c-format +msgid "File in which to store the input/output log: %s" +msgstr "" + +#: plugins/sudoers/def_data.c:347 +msgid "Add an entry to the utmp/utmpx file when allocating a pty" +msgstr "" + +#: plugins/sudoers/def_data.c:351 +msgid "Set the user in utmp to the runas user, not the invoking user" +msgstr "" + +#: plugins/sudoers/def_data.c:355 +msgid "Set of permitted privileges" +msgstr "" + +#: plugins/sudoers/def_data.c:359 +msgid "Set of limit privileges" +msgstr "" + +#: plugins/sudoers/def_data.c:363 +msgid "Run commands on a pty in the background" +msgstr "" + +#: plugins/sudoers/def_data.c:367 +msgid "PAM service name to use" +msgstr "" + +#: plugins/sudoers/def_data.c:371 +msgid "PAM service name to use for login shells" +msgstr "" + +#: plugins/sudoers/def_data.c:375 +msgid "Attempt to establish PAM credentials for the target user" +msgstr "" + +#: plugins/sudoers/def_data.c:379 +msgid "Create a new PAM session for the command to run in" +msgstr "" + +#: plugins/sudoers/def_data.c:383 +#, c-format +msgid "Maximum I/O log sequence number: %u" +msgstr "" + +#: plugins/sudoers/def_data.c:387 +msgid "Enable sudoers netgroup support" +msgstr "" + +#: plugins/sudoers/def_data.c:391 +msgid "Check the parent directory for writability when editing files with sudoedit" +msgstr "" + +#: plugins/sudoers/def_data.c:395 +msgid "Follow symbolic links when editing files with sudoedit" +msgstr "" + +#: plugins/sudoers/def_data.c:399 +msgid "Query the group plugin for unknown system groups" +msgstr "" + +#: plugins/sudoers/defaults.c:199 plugins/sudoers/defaults.c:608 +#: plugins/sudoers/visudo_json.c:633 plugins/sudoers/visudo_json.c:668 +#, c-format +msgid "unknown defaults entry `%s'" +msgstr "" + +#: plugins/sudoers/defaults.c:207 plugins/sudoers/defaults.c:217 +#: plugins/sudoers/defaults.c:241 plugins/sudoers/defaults.c:256 +#: plugins/sudoers/defaults.c:269 plugins/sudoers/defaults.c:282 +#: plugins/sudoers/defaults.c:295 plugins/sudoers/defaults.c:315 +#: plugins/sudoers/defaults.c:325 +#, c-format +msgid "value `%s' is invalid for option `%s'" +msgstr "" + +#: plugins/sudoers/defaults.c:210 plugins/sudoers/defaults.c:220 +#: plugins/sudoers/defaults.c:228 plugins/sudoers/defaults.c:251 +#: plugins/sudoers/defaults.c:264 plugins/sudoers/defaults.c:277 +#: plugins/sudoers/defaults.c:290 plugins/sudoers/defaults.c:310 +#: plugins/sudoers/defaults.c:321 +#, c-format +msgid "no value specified for `%s'" +msgstr "" + +#: plugins/sudoers/defaults.c:233 +#, c-format +msgid "values for `%s' must start with a '/'" +msgstr "" + +#: plugins/sudoers/defaults.c:301 +#, c-format +msgid "option `%s' does not take a value" +msgstr "" + +#: plugins/sudoers/env.c:295 plugins/sudoers/env.c:302 +#: plugins/sudoers/env.c:407 plugins/sudoers/ldap.c:450 +#: plugins/sudoers/ldap.c:540 plugins/sudoers/ldap.c:1152 +#: plugins/sudoers/ldap.c:1354 plugins/sudoers/ldap.c:1526 +#: plugins/sudoers/ldap.c:1682 plugins/sudoers/linux_audit.c:82 +#: plugins/sudoers/logging.c:929 plugins/sudoers/policy.c:502 +#: plugins/sudoers/policy.c:511 plugins/sudoers/prompt.c:161 +#: plugins/sudoers/sudoers.c:815 plugins/sudoers/testsudoers.c:236 +#: plugins/sudoers/toke_util.c:160 +#, c-format +msgid "internal error, %s overflow" +msgstr "" + +#: plugins/sudoers/env.c:376 +msgid "sudo_putenv: corrupted envp, length mismatch" +msgstr "" + +#: plugins/sudoers/env.c:1076 +msgid "unable to rebuild the environment" +msgstr "" + +#: plugins/sudoers/env.c:1150 +#, c-format +msgid "sorry, you are not allowed to set the following environment variables: %s" +msgstr "" + +#: plugins/sudoers/group_plugin.c:85 +#, c-format +msgid "%s must be owned by uid %d" +msgstr "%s debe ser propiedad del uid %d" + +#: plugins/sudoers/group_plugin.c:89 +#, c-format +msgid "%s must only be writable by owner" +msgstr "" + +#: plugins/sudoers/group_plugin.c:97 plugins/sudoers/sssd.c:331 +#, c-format +msgid "unable to load %s: %s" +msgstr "" + +#: plugins/sudoers/group_plugin.c:103 +#, c-format +msgid "unable to find symbol \"group_plugin\" in %s" +msgstr "" + +#: plugins/sudoers/group_plugin.c:108 +#, c-format +msgid "%s: incompatible group plugin major version %d, expected %d" +msgstr "" + +#: plugins/sudoers/interfaces.c:117 +msgid "Local IP address and netmask pairs:\n" +msgstr "" + +#: plugins/sudoers/iolog.c:92 plugins/sudoers/iolog.c:110 +#: plugins/sudoers/timestamp.c:169 +#, c-format +msgid "%s exists but is not a directory (0%o)" +msgstr "" + +#: plugins/sudoers/iolog.c:103 plugins/sudoers/iolog.c:124 +#: plugins/sudoers/iolog.c:131 plugins/sudoers/timestamp.c:163 +#: plugins/sudoers/timestamp.c:184 +#, c-format +msgid "unable to mkdir %s" +msgstr "" + +#: plugins/sudoers/iolog.c:200 plugins/sudoers/sudoers.c:871 +#: plugins/sudoers/sudoreplay.c:300 plugins/sudoers/sudoreplay.c:769 +#: plugins/sudoers/sudoreplay.c:973 plugins/sudoers/timestamp.c:399 +#: plugins/sudoers/visudo.c:903 plugins/sudoers/visudo_json.c:1012 +#: plugins/sudoers/visudo_json.c:1025 +#, c-format +msgid "unable to open %s" +msgstr "no se pudo abrir %s" + +#: plugins/sudoers/iolog.c:241 plugins/sudoers/sudoers.c:875 +#: plugins/sudoers/sudoreplay.c:1084 +#, c-format +msgid "unable to read %s" +msgstr "" + +#: plugins/sudoers/iolog.c:277 plugins/sudoers/sudoreplay.c:550 +#: plugins/sudoers/timestamp.c:298 plugins/sudoers/timestamp.c:301 +#, c-format +msgid "unable to write to %s" +msgstr "no se puede escribir en %s" + +#: plugins/sudoers/iolog.c:342 plugins/sudoers/iolog.c:540 +#, c-format +msgid "unable to create %s" +msgstr "" + +#: plugins/sudoers/ldap.c:428 +msgid "sudo_ldap_conf_add_ports: port too large" +msgstr "" + +#: plugins/sudoers/ldap.c:488 +#, c-format +msgid "unsupported LDAP uri type: %s" +msgstr "" + +#: plugins/sudoers/ldap.c:515 +msgid "unable to mix ldap and ldaps URIs" +msgstr "" + +#: plugins/sudoers/ldap.c:519 plugins/sudoers/ldap.c:555 +msgid "starttls not supported when using ldaps" +msgstr "" + +#: plugins/sudoers/ldap.c:626 +#, c-format +msgid "unable to initialize SSL cert and key db: %s" +msgstr "" + +#: plugins/sudoers/ldap.c:629 +#, c-format +msgid "you must set TLS_CERT in %s to use SSL" +msgstr "" + +#: plugins/sudoers/ldap.c:1138 +msgid "unable to get GMT time" +msgstr "" + +#: plugins/sudoers/ldap.c:1144 +msgid "unable to format timestamp" +msgstr "" + +#: plugins/sudoers/ldap.c:1830 +#, c-format +msgid "%s: %s: %s: %s" +msgstr "" + +#: plugins/sudoers/ldap.c:2372 +#, c-format +msgid "" +"\n" +"LDAP Role: %s\n" +msgstr "" + +#: plugins/sudoers/ldap.c:2374 +#, c-format +msgid "" +"\n" +"LDAP Role: UNKNOWN\n" +msgstr "" + +#: plugins/sudoers/ldap.c:2421 +#, c-format +msgid " Order: %s\n" +msgstr "" + +#: plugins/sudoers/ldap.c:2429 plugins/sudoers/parse.c:555 +#: plugins/sudoers/sssd.c:1417 +#, c-format +msgid " Commands:\n" +msgstr "" + +#: plugins/sudoers/ldap.c:2993 +#, c-format +msgid "unable to initialize LDAP: %s" +msgstr "" + +#: plugins/sudoers/ldap.c:3029 +msgid "start_tls specified but LDAP libs do not support ldap_start_tls_s() or ldap_start_tls_s_np()" +msgstr "" + +#: plugins/sudoers/ldap.c:3286 +#, c-format +msgid "invalid sudoOrder attribute: %s" +msgstr "" + +#: plugins/sudoers/linux_audit.c:52 +msgid "unable to open audit system" +msgstr "no se puede de abrir el sistema de auditoría" + +#: plugins/sudoers/linux_audit.c:93 +msgid "unable to send audit message" +msgstr "no se puede enviar mensaje de auditoría" + +#: plugins/sudoers/logging.c:106 +#, c-format +msgid "%8s : %s" +msgstr "" + +#: plugins/sudoers/logging.c:134 +#, c-format +msgid "%8s : (command continued) %s" +msgstr "" + +#: plugins/sudoers/logging.c:159 +#, c-format +msgid "unable to open log file: %s: %s" +msgstr "" + +#: plugins/sudoers/logging.c:162 +#, c-format +msgid "unable to lock log file: %s: %s" +msgstr "" + +#: plugins/sudoers/logging.c:211 +msgid "No user or host" +msgstr "" + +#: plugins/sudoers/logging.c:213 +msgid "validation failure" +msgstr "" + +#: plugins/sudoers/logging.c:220 +msgid "user NOT in sudoers" +msgstr "" + +#: plugins/sudoers/logging.c:222 +msgid "user NOT authorized on host" +msgstr "" + +#: plugins/sudoers/logging.c:224 +msgid "command not allowed" +msgstr "" + +#: plugins/sudoers/logging.c:259 +#, c-format +msgid "%s is not in the sudoers file. This incident will be reported.\n" +msgstr "" + +#: plugins/sudoers/logging.c:262 +#, c-format +msgid "%s is not allowed to run sudo on %s. This incident will be reported.\n" +msgstr "" + +#: plugins/sudoers/logging.c:266 +#, c-format +msgid "Sorry, user %s may not run sudo on %s.\n" +msgstr "" + +#: plugins/sudoers/logging.c:269 +#, c-format +msgid "Sorry, user %s is not allowed to execute '%s%s%s' as %s%s%s on %s.\n" +msgstr "" + +#: plugins/sudoers/logging.c:306 plugins/sudoers/sudoers.c:471 +#: plugins/sudoers/sudoers.c:473 plugins/sudoers/sudoers.c:475 +#: plugins/sudoers/sudoers.c:477 plugins/sudoers/sudoers.c:1222 +#: plugins/sudoers/sudoers.c:1224 +#, c-format +msgid "%s: command not found" +msgstr "" + +#: plugins/sudoers/logging.c:308 plugins/sudoers/sudoers.c:467 +#, c-format +msgid "" +"ignoring `%s' found in '.'\n" +"Use `sudo ./%s' if this is the `%s' you wish to run." +msgstr "" + +#: plugins/sudoers/logging.c:325 +msgid "authentication failure" +msgstr "" + +#: plugins/sudoers/logging.c:351 +msgid "a password is required" +msgstr "" + +#: plugins/sudoers/logging.c:422 plugins/sudoers/logging.c:484 +#, c-format +msgid "%u incorrect password attempt" +msgid_plural "%u incorrect password attempts" +msgstr[0] "" +msgstr[1] "" + +#: plugins/sudoers/logging.c:572 +msgid "unable to fork" +msgstr "no se puede bifurcar" + +#: plugins/sudoers/logging.c:580 plugins/sudoers/logging.c:640 +#, c-format +msgid "unable to fork: %m" +msgstr "" + +#: plugins/sudoers/logging.c:630 +#, c-format +msgid "unable to open pipe: %m" +msgstr "" + +#: plugins/sudoers/logging.c:655 +#, c-format +msgid "unable to dup stdin: %m" +msgstr "" + +#: plugins/sudoers/logging.c:693 +#, c-format +msgid "unable to execute %s: %m" +msgstr "" + +#: plugins/sudoers/match.c:606 +#, c-format +msgid "unsupported digest type %d for %s" +msgstr "Tipo de compendio %d no soportado para %s" + +#: plugins/sudoers/match.c:639 +#, c-format +msgid "%s: read error" +msgstr "" + +#: plugins/sudoers/match.c:653 +#, c-format +msgid "digest for %s (%s) is not in %s form" +msgstr "compendio para %s (%s) no está en la forma %s" + +#: plugins/sudoers/parse.c:114 +#, c-format +msgid "parse error in %s near line %d" +msgstr "" + +#: plugins/sudoers/parse.c:117 +#, c-format +msgid "parse error in %s" +msgstr "" + +#: plugins/sudoers/parse.c:502 +#, c-format +msgid "" +"\n" +"Sudoers entry:\n" +msgstr "" + +#: plugins/sudoers/parse.c:503 +#, c-format +msgid " RunAsUsers: " +msgstr "" + +#: plugins/sudoers/parse.c:517 +#, c-format +msgid " RunAsGroups: " +msgstr "" + +#: plugins/sudoers/parse.c:526 +#, c-format +msgid " Options: " +msgstr "" + +#: plugins/sudoers/policy.c:240 plugins/sudoers/testsudoers.c:253 +msgid "unable to parse network address list" +msgstr "" + +#: plugins/sudoers/policy.c:640 plugins/sudoers/visudo.c:840 +#, c-format +msgid "unable to execute %s" +msgstr "no se puede ejecutar %s" + +#: plugins/sudoers/policy.c:773 +#, c-format +msgid "Sudoers policy plugin version %s\n" +msgstr "" + +#: plugins/sudoers/policy.c:775 +#, c-format +msgid "Sudoers file grammar version %d\n" +msgstr "" + +#: plugins/sudoers/policy.c:779 +#, c-format +msgid "" +"\n" +"Sudoers path: %s\n" +msgstr "" + +#: plugins/sudoers/policy.c:782 +#, c-format +msgid "nsswitch path: %s\n" +msgstr "" + +#: plugins/sudoers/policy.c:784 +#, c-format +msgid "ldap.conf path: %s\n" +msgstr "" + +#: plugins/sudoers/policy.c:785 +#, c-format +msgid "ldap.secret path: %s\n" +msgstr "" + +#: plugins/sudoers/policy.c:818 +#, c-format +msgid "unable to register hook of type %d (version %d.%d)" +msgstr "" + +#: plugins/sudoers/pwutil.c:136 plugins/sudoers/pwutil.c:153 +#, c-format +msgid "unable to cache uid %u, out of memory" +msgstr "" + +#: plugins/sudoers/pwutil.c:147 +#, c-format +msgid "unable to cache uid %u, already exists" +msgstr "" + +#: plugins/sudoers/pwutil.c:191 plugins/sudoers/pwutil.c:207 +#: plugins/sudoers/pwutil.c:250 plugins/sudoers/pwutil.c:294 +#, c-format +msgid "unable to cache user %s, out of memory" +msgstr "" + +#: plugins/sudoers/pwutil.c:202 +#, c-format +msgid "unable to cache user %s, already exists" +msgstr "" + +#: plugins/sudoers/pwutil.c:427 plugins/sudoers/pwutil.c:444 +#, c-format +msgid "unable to cache gid %u, out of memory" +msgstr "" + +#: plugins/sudoers/pwutil.c:438 +#, c-format +msgid "unable to cache gid %u, already exists" +msgstr "" + +#: plugins/sudoers/pwutil.c:476 plugins/sudoers/pwutil.c:492 +#: plugins/sudoers/pwutil.c:524 plugins/sudoers/pwutil.c:565 +#, c-format +msgid "unable to cache group %s, out of memory" +msgstr "" + +#: plugins/sudoers/pwutil.c:487 +#, c-format +msgid "unable to cache group %s, already exists" +msgstr "" + +#: plugins/sudoers/pwutil.c:676 plugins/sudoers/pwutil.c:710 +#, c-format +msgid "unable to cache group list for %s, already exists" +msgstr "" + +#: plugins/sudoers/pwutil.c:682 plugins/sudoers/pwutil.c:715 +#, c-format +msgid "unable to cache group list for %s, out of memory" +msgstr "" + +#: plugins/sudoers/pwutil.c:705 +#, c-format +msgid "unable to parse groups for %s" +msgstr "" + +#: plugins/sudoers/set_perms.c:113 plugins/sudoers/set_perms.c:438 +#: plugins/sudoers/set_perms.c:841 plugins/sudoers/set_perms.c:1138 +#: plugins/sudoers/set_perms.c:1430 +msgid "perm stack overflow" +msgstr "" + +#: plugins/sudoers/set_perms.c:121 plugins/sudoers/set_perms.c:369 +#: plugins/sudoers/set_perms.c:446 plugins/sudoers/set_perms.c:708 +#: plugins/sudoers/set_perms.c:849 plugins/sudoers/set_perms.c:1067 +#: plugins/sudoers/set_perms.c:1146 plugins/sudoers/set_perms.c:1363 +#: plugins/sudoers/set_perms.c:1438 plugins/sudoers/set_perms.c:1527 +msgid "perm stack underflow" +msgstr "" + +#: plugins/sudoers/set_perms.c:180 plugins/sudoers/set_perms.c:493 +#: plugins/sudoers/set_perms.c:1197 plugins/sudoers/set_perms.c:1470 +msgid "unable to change to root gid" +msgstr "" + +#: plugins/sudoers/set_perms.c:269 plugins/sudoers/set_perms.c:590 +#: plugins/sudoers/set_perms.c:978 plugins/sudoers/set_perms.c:1274 +msgid "unable to change to runas gid" +msgstr "" + +#: plugins/sudoers/set_perms.c:274 plugins/sudoers/set_perms.c:595 +#: plugins/sudoers/set_perms.c:983 plugins/sudoers/set_perms.c:1279 +msgid "unable to set runas group vector" +msgstr "" + +#: plugins/sudoers/set_perms.c:285 plugins/sudoers/set_perms.c:606 +#: plugins/sudoers/set_perms.c:992 plugins/sudoers/set_perms.c:1288 +msgid "unable to change to runas uid" +msgstr "" + +#: plugins/sudoers/set_perms.c:303 plugins/sudoers/set_perms.c:624 +#: plugins/sudoers/set_perms.c:1008 plugins/sudoers/set_perms.c:1304 +msgid "unable to change to sudoers gid" +msgstr "" + +#: plugins/sudoers/set_perms.c:356 plugins/sudoers/set_perms.c:695 +#: plugins/sudoers/set_perms.c:1054 plugins/sudoers/set_perms.c:1350 +#: plugins/sudoers/set_perms.c:1514 +msgid "too many processes" +msgstr "" + +#: plugins/sudoers/solaris_audit.c:51 +msgid "unable to get current working directory" +msgstr "" + +#: plugins/sudoers/solaris_audit.c:59 +#, c-format +msgid "truncated audit path user_cmnd: %s" +msgstr "" + +#: plugins/sudoers/solaris_audit.c:66 +#, c-format +msgid "truncated audit path argv[0]: %s" +msgstr "" + +#: plugins/sudoers/solaris_audit.c:115 +msgid "audit_failure message too long" +msgstr "" + +#: plugins/sudoers/sssd.c:333 +msgid "unable to initialize SSS source. Is SSSD installed on your machine?" +msgstr "" + +#: plugins/sudoers/sssd.c:341 plugins/sudoers/sssd.c:350 +#: plugins/sudoers/sssd.c:359 plugins/sudoers/sssd.c:368 +#: plugins/sudoers/sssd.c:377 +#, c-format +msgid "unable to find symbol \"%s\" in %s" +msgstr "" + +#: plugins/sudoers/sudo_nss.c:290 +#, c-format +msgid "Matching Defaults entries for %s on %s:\n" +msgstr "" + +#: plugins/sudoers/sudo_nss.c:308 +#, c-format +msgid "Runas and Command-specific defaults for %s:\n" +msgstr "" + +#: plugins/sudoers/sudo_nss.c:326 +#, c-format +msgid "User %s may run the following commands on %s:\n" +msgstr "" + +#: plugins/sudoers/sudo_nss.c:339 +#, c-format +msgid "User %s is not allowed to run sudo on %s.\n" +msgstr "" + +#: plugins/sudoers/sudoers.c:172 plugins/sudoers/testsudoers.c:245 +#: plugins/sudoers/visudo.c:223 plugins/sudoers/visudo.c:566 +msgid "unable to initialize sudoers default values" +msgstr "" + +#: plugins/sudoers/sudoers.c:197 plugins/sudoers/sudoers.c:239 +#: plugins/sudoers/sudoers.c:833 +msgid "problem with defaults entries" +msgstr "" + +#: plugins/sudoers/sudoers.c:205 +msgid "no valid sudoers sources found, quitting" +msgstr "" + +#: plugins/sudoers/sudoers.c:275 +msgid "sudoers specifies that root is not allowed to sudo" +msgstr "" + +#: plugins/sudoers/sudoers.c:332 +msgid "you are not permitted to use the -C option" +msgstr "" + +#: plugins/sudoers/sudoers.c:396 +#, c-format +msgid "timestamp owner (%s): No such user" +msgstr "" + +#: plugins/sudoers/sudoers.c:410 +msgid "no tty" +msgstr "" + +#: plugins/sudoers/sudoers.c:411 +msgid "sorry, you must have a tty to run sudo" +msgstr "" + +#: plugins/sudoers/sudoers.c:466 +msgid "command in current directory" +msgstr "" + +#: plugins/sudoers/sudoers.c:486 +msgid "sorry, you are not allowed to preserve the environment" +msgstr "" + +#: plugins/sudoers/sudoers.c:778 +msgid "command too long" +msgstr "" + +#: plugins/sudoers/sudoers.c:886 plugins/sudoers/visudo.c:426 +#: plugins/sudoers/visudo.c:666 +#, c-format +msgid "unable to stat %s" +msgstr "" + +#: plugins/sudoers/sudoers.c:890 +#, c-format +msgid "%s is not a regular file" +msgstr "" + +#: plugins/sudoers/sudoers.c:894 plugins/sudoers/timestamp.c:225 toke.l:947 +#, c-format +msgid "%s is owned by uid %u, should be %u" +msgstr "" + +#: plugins/sudoers/sudoers.c:898 toke.l:954 +#, c-format +msgid "%s is world writable" +msgstr "" + +#: plugins/sudoers/sudoers.c:902 toke.l:959 +#, c-format +msgid "%s is owned by gid %u, should be %u" +msgstr "" + +#: plugins/sudoers/sudoers.c:933 +#, c-format +msgid "only root can use `-c %s'" +msgstr "" + +#: plugins/sudoers/sudoers.c:952 +#, c-format +msgid "unknown login class: %s" +msgstr "" + +#: plugins/sudoers/sudoers.c:1031 plugins/sudoers/sudoers.c:1059 +#, c-format +msgid "unable to resolve host %s" +msgstr "" + +#: plugins/sudoers/sudoers.c:1126 plugins/sudoers/testsudoers.c:385 +#, c-format +msgid "unknown group: %s" +msgstr "" + +#: plugins/sudoers/sudoreplay.c:232 +#, c-format +msgid "invalid filter option: %s" +msgstr "" + +#: plugins/sudoers/sudoreplay.c:245 +#, c-format +msgid "invalid max wait: %s" +msgstr "" + +#: plugins/sudoers/sudoreplay.c:251 +#, c-format +msgid "invalid speed factor: %s" +msgstr "" + +#: plugins/sudoers/sudoreplay.c:254 plugins/sudoers/visudo.c:180 +#, c-format +msgid "%s version %s\n" +msgstr "" + +#: plugins/sudoers/sudoreplay.c:286 +#, c-format +msgid "%s/%.2s/%.2s/%.2s/timing: %s" +msgstr "" + +#: plugins/sudoers/sudoreplay.c:292 +#, c-format +msgid "%s/%s/timing: %s" +msgstr "" + +#: plugins/sudoers/sudoreplay.c:308 +#, c-format +msgid "Replaying sudo session: %s\n" +msgstr "" + +#: plugins/sudoers/sudoreplay.c:314 +#, c-format +msgid "Warning: your terminal is too small to properly replay the log.\n" +msgstr "" + +#: plugins/sudoers/sudoreplay.c:315 +#, c-format +msgid "Log geometry is %d x %d, your terminal's geometry is %d x %d." +msgstr "" + +#: plugins/sudoers/sudoreplay.c:368 +msgid "unable to set tty to raw mode" +msgstr "" + +#: plugins/sudoers/sudoreplay.c:401 +#, c-format +msgid "invalid timing file line: %s" +msgstr "" + +#: plugins/sudoers/sudoreplay.c:611 plugins/sudoers/sudoreplay.c:636 +#, c-format +msgid "ambiguous expression \"%s\"" +msgstr "" + +#: plugins/sudoers/sudoreplay.c:658 +msgid "unmatched ')' in expression" +msgstr "" + +#: plugins/sudoers/sudoreplay.c:662 +#, c-format +msgid "unknown search term \"%s\"" +msgstr "" + +#: plugins/sudoers/sudoreplay.c:677 +#, c-format +msgid "%s requires an argument" +msgstr "" + +#: plugins/sudoers/sudoreplay.c:680 plugins/sudoers/sudoreplay.c:1060 +#, c-format +msgid "invalid regular expression: %s" +msgstr "" + +#: plugins/sudoers/sudoreplay.c:684 +#, c-format +msgid "could not parse date \"%s\"" +msgstr "" + +#: plugins/sudoers/sudoreplay.c:693 +msgid "unmatched '(' in expression" +msgstr "" + +#: plugins/sudoers/sudoreplay.c:695 +msgid "illegal trailing \"or\"" +msgstr "" + +#: plugins/sudoers/sudoreplay.c:697 +msgid "illegal trailing \"!\"" +msgstr "" + +#: plugins/sudoers/sudoreplay.c:746 +#, c-format +msgid "unknown search type %d" +msgstr "" + +#: plugins/sudoers/sudoreplay.c:784 +#, c-format +msgid "%s: invalid log file" +msgstr "" + +#: plugins/sudoers/sudoreplay.c:802 +#, c-format +msgid "%s: time stamp field is missing" +msgstr "" + +#: plugins/sudoers/sudoreplay.c:809 +#, c-format +msgid "%s: time stamp %s: %s" +msgstr "" + +#: plugins/sudoers/sudoreplay.c:816 +#, c-format +msgid "%s: user field is missing" +msgstr "" + +#: plugins/sudoers/sudoreplay.c:825 +#, c-format +msgid "%s: runas user field is missing" +msgstr "" + +#: plugins/sudoers/sudoreplay.c:834 +#, c-format +msgid "%s: runas group field is missing" +msgstr "" + +#: plugins/sudoers/sudoreplay.c:1197 +#, c-format +msgid "usage: %s [-h] [-d dir] [-m num] [-s num] ID\n" +msgstr "" + +#: plugins/sudoers/sudoreplay.c:1200 +#, c-format +msgid "usage: %s [-h] [-d dir] -l [search expression]\n" +msgstr "" + +#: plugins/sudoers/sudoreplay.c:1209 +#, c-format +msgid "" +"%s - replay sudo session logs\n" +"\n" +msgstr "" + +#: plugins/sudoers/sudoreplay.c:1211 +msgid "" +"\n" +"Options:\n" +" -d, --directory=dir specify directory for session logs\n" +" -f, --filter=filter specify which I/O type(s) to display\n" +" -h, --help display help message and exit\n" +" -l, --list list available session IDs, with optional expression\n" +" -m, --max-wait=num max number of seconds to wait between events\n" +" -s, --speed=num speed up or slow down output\n" +" -V, --version display version information and exit" +msgstr "" + +#: plugins/sudoers/testsudoers.c:324 +msgid "\thost unmatched" +msgstr "" + +#: plugins/sudoers/testsudoers.c:327 +msgid "" +"\n" +"Command allowed" +msgstr "" + +#: plugins/sudoers/testsudoers.c:328 +msgid "" +"\n" +"Command denied" +msgstr "" + +#: plugins/sudoers/testsudoers.c:328 +msgid "" +"\n" +"Command unmatched" +msgstr "" + +#: plugins/sudoers/timestamp.c:233 +#, c-format +msgid "%s is group writable" +msgstr "" + +#: plugins/sudoers/timestamp.c:309 +#, c-format +msgid "unable to truncate time stamp file to %lld bytes" +msgstr "" + +#: plugins/sudoers/timestamp.c:742 plugins/sudoers/timestamp.c:809 +#: plugins/sudoers/visudo.c:487 plugins/sudoers/visudo.c:493 +msgid "unable to read the clock" +msgstr "" + +#: plugins/sudoers/timestamp.c:756 +msgid "ignoring time stamp from the future" +msgstr "" + +#: plugins/sudoers/timestamp.c:768 +#, c-format +msgid "time stamp too far in the future: %20.20s" +msgstr "" + +#: plugins/sudoers/timestamp.c:863 +#, c-format +msgid "unable to lock time stamp file %s" +msgstr "" + +#: plugins/sudoers/timestamp.c:906 plugins/sudoers/timestamp.c:926 +#, c-format +msgid "lecture status path too long: %s/%s" +msgstr "" + +#: plugins/sudoers/visudo.c:182 +#, c-format +msgid "%s grammar version %d\n" +msgstr "" + +#: plugins/sudoers/visudo.c:254 plugins/sudoers/visudo.c:618 +#, c-format +msgid "press return to edit %s: " +msgstr "" + +#: plugins/sudoers/visudo.c:319 +#, c-format +msgid "specified editor (%s) doesn't exist" +msgstr "" + +#: plugins/sudoers/visudo.c:337 +#, c-format +msgid "no editor found (editor path = %s)" +msgstr "" + +#: plugins/sudoers/visudo.c:446 plugins/sudoers/visudo.c:454 +msgid "write error" +msgstr "" + +#: plugins/sudoers/visudo.c:500 +#, c-format +msgid "unable to stat temporary file (%s), %s unchanged" +msgstr "" + +#: plugins/sudoers/visudo.c:507 +#, c-format +msgid "zero length temporary file (%s), %s unchanged" +msgstr "" + +#: plugins/sudoers/visudo.c:513 +#, c-format +msgid "editor (%s) failed, %s unchanged" +msgstr "" + +#: plugins/sudoers/visudo.c:535 +#, c-format +msgid "%s unchanged" +msgstr "%s sin cambios" + +#: plugins/sudoers/visudo.c:561 +#, c-format +msgid "unable to re-open temporary file (%s), %s unchanged." +msgstr "" + +#: plugins/sudoers/visudo.c:572 +#, c-format +msgid "unabled to parse temporary file (%s), unknown error" +msgstr "" + +#: plugins/sudoers/visudo.c:609 +#, c-format +msgid "internal error, unable to find %s in list!" +msgstr "" + +#: plugins/sudoers/visudo.c:668 plugins/sudoers/visudo.c:677 +#, c-format +msgid "unable to set (uid, gid) of %s to (%u, %u)" +msgstr "" + +#: plugins/sudoers/visudo.c:672 plugins/sudoers/visudo.c:682 +#, c-format +msgid "unable to change mode of %s to 0%o" +msgstr "" + +#: plugins/sudoers/visudo.c:699 +#, c-format +msgid "%s and %s not on the same file system, using mv to rename" +msgstr "" + +#: plugins/sudoers/visudo.c:713 +#, c-format +msgid "command failed: '%s %s %s', %s unchanged" +msgstr "" + +#: plugins/sudoers/visudo.c:723 +#, c-format +msgid "error renaming %s, %s unchanged" +msgstr "" + +#: plugins/sudoers/visudo.c:785 +msgid "What now? " +msgstr "" + +#: plugins/sudoers/visudo.c:799 +msgid "" +"Options are:\n" +" (e)dit sudoers file again\n" +" e(x)it without saving changes to sudoers file\n" +" (Q)uit and save changes to sudoers file (DANGER!)\n" +msgstr "" + +#: plugins/sudoers/visudo.c:847 +#, c-format +msgid "unable to run %s" +msgstr "no se puede ejecutar %s" + +#: plugins/sudoers/visudo.c:877 +#, c-format +msgid "%s: wrong owner (uid, gid) should be (%u, %u)\n" +msgstr "" + +#: plugins/sudoers/visudo.c:884 +#, c-format +msgid "%s: bad permissions, should be mode 0%o\n" +msgstr "" + +#: plugins/sudoers/visudo.c:909 plugins/sudoers/visudo_json.c:1032 +#, c-format +msgid "failed to parse %s file, unknown error" +msgstr "" + +#: plugins/sudoers/visudo.c:925 plugins/sudoers/visudo_json.c:1041 +#, c-format +msgid "parse error in %s near line %d\n" +msgstr "" + +#: plugins/sudoers/visudo.c:928 plugins/sudoers/visudo_json.c:1044 +#, c-format +msgid "parse error in %s\n" +msgstr "" + +#: plugins/sudoers/visudo.c:936 plugins/sudoers/visudo.c:943 +#, c-format +msgid "%s: parsed OK\n" +msgstr "" + +#: plugins/sudoers/visudo.c:990 +#, c-format +msgid "%s busy, try again later" +msgstr "" + +#: plugins/sudoers/visudo.c:1086 +#, c-format +msgid "Error: cycle in %s `%s'" +msgstr "" + +#: plugins/sudoers/visudo.c:1087 +#, c-format +msgid "Warning: cycle in %s `%s'" +msgstr "" + +#: plugins/sudoers/visudo.c:1091 +#, c-format +msgid "Error: %s `%s' referenced but not defined" +msgstr "" + +#: plugins/sudoers/visudo.c:1092 +#, c-format +msgid "Warning: %s `%s' referenced but not defined" +msgstr "" + +#: plugins/sudoers/visudo.c:1235 +#, c-format +msgid "Warning: unused %s `%s'" +msgstr "" + +#: plugins/sudoers/visudo.c:1348 +#, c-format +msgid "" +"%s - safely edit the sudoers file\n" +"\n" +msgstr "" + +#: plugins/sudoers/visudo.c:1350 +msgid "" +"\n" +"Options:\n" +" -c, --check check-only mode\n" +" -f, --file=sudoers specify sudoers file location\n" +" -h, --help display help message and exit\n" +" -q, --quiet less verbose (quiet) syntax error messages\n" +" -s, --strict strict syntax checking\n" +" -V, --version display version information and exit\n" +" -x, --export=output_file write sudoers in JSON format to output_file" +msgstr "" + +#: plugins/sudoers/visudo_json.c:1018 +#, c-format +msgid "%s: input and output files must be different" +msgstr "" + +#: toke.l:918 +msgid "too many levels of includes" +msgstr "" Binary files /tmp/tmpi0rdlgnl/ugezXHF7Xt/sudo-1.9.5p2/plugins/sudoers/po/fi.mo and /tmp/tmpi0rdlgnl/jboyaHmwzR/sudo-1.9.9/plugins/sudoers/po/fi.mo differ diff -Nru sudo-1.9.5p2/plugins/sudoers/po/fi.po sudo-1.9.9/plugins/sudoers/po/fi.po --- sudo-1.9.5p2/plugins/sudoers/po/fi.po 2020-12-17 01:33:44.000000000 +0000 +++ sudo-1.9.9/plugins/sudoers/po/fi.po 2022-01-27 21:24:22.000000000 +0000 @@ -2,25 +2,25 @@ # This file is put in the public domain. # This file is distributed under the same license as the sudo package. # Jorma Karvonen , 2011-2017. -# Lauri Nurmi , 2019. +# Lauri Nurmi , 2019-2021. # msgid "" msgstr "" -"Project-Id-Version: sudoers 1.9.2rc1\n" +"Project-Id-Version: sudoers 1.9.9b1\n" "Report-Msgid-Bugs-To: https://bugzilla.sudo.ws\n" -"POT-Creation-Date: 2020-06-24 05:35-0600\n" -"PO-Revision-Date: 2020-08-14 19:19+0300\n" +"POT-Creation-Date: 2021-12-08 10:19-0700\n" +"PO-Revision-Date: 2021-12-25 10:42+0200\n" "Last-Translator: Lauri Nurmi \n" "Language-Team: Finnish \n" "Language: fi\n" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=UTF-8\n" "Content-Transfer-Encoding: 8bit\n" -"X-Bugs: Report translation errors to the Language-Team address.\n" "Plural-Forms: nplurals=2; plural=n != 1;\n" -"X-Generator: Poedit 2.4.1\n" +"X-Bugs: Report translation errors to the Language-Team address.\n" +"X-Generator: Poedit 3.0.1\n" -#: confstr.sh:1 +#: confstr.sh:1 gram.y:1201 msgid "syntax error" msgstr "syntaksivirhe" @@ -44,848 +44,1371 @@ msgid "Sorry, try again." msgstr "Yritä uudelleen." -#: gram.y:203 gram.y:251 gram.y:258 gram.y:265 gram.y:272 gram.y:279 -#: gram.y:295 gram.y:319 gram.y:326 gram.y:333 gram.y:340 gram.y:347 -#: gram.y:410 gram.y:419 gram.y:430 gram.y:463 gram.y:470 gram.y:477 -#: gram.y:484 gram.y:511 gram.y:583 gram.y:590 gram.y:599 gram.y:608 -#: gram.y:625 gram.y:737 gram.y:744 gram.y:752 gram.y:758 gram.y:858 -#: gram.y:865 gram.y:872 gram.y:879 gram.y:886 gram.y:912 gram.y:919 -#: gram.y:926 gram.y:1068 gram.y:1347 lib/iolog/iolog_fileio.c:1101 -#: lib/iolog/iolog_json.c:120 lib/iolog/iolog_json.c:283 -#: lib/iolog/iolog_json.c:313 lib/iolog/iolog_json.c:435 -#: lib/iolog/iolog_util.c:106 lib/iolog/iolog_util.c:115 -#: lib/iolog/iolog_util.c:125 lib/iolog/iolog_util.c:133 -#: lib/iolog/iolog_util.c:137 lib/iolog/iolog_util.c:196 -#: logsrvd/eventlog.c:223 logsrvd/sendlog.c:443 plugins/sudoers/alias.c:125 -#: plugins/sudoers/alias.c:132 plugins/sudoers/alias.c:148 -#: plugins/sudoers/audit.c:108 plugins/sudoers/audit.c:212 -#: plugins/sudoers/auth/bsdauth.c:143 plugins/sudoers/auth/kerb5.c:118 -#: plugins/sudoers/auth/kerb5.c:144 plugins/sudoers/auth/pam.c:669 +#: gram.y:233 gram.y:300 gram.y:309 gram.y:318 gram.y:328 gram.y:338 +#: gram.y:362 gram.y:389 gram.y:398 gram.y:406 gram.y:415 gram.y:424 +#: gram.y:498 gram.y:508 gram.y:520 gram.y:564 gram.y:573 gram.y:582 +#: gram.y:591 gram.y:718 gram.y:726 gram.y:737 gram.y:749 gram.y:768 +#: gram.y:923 gram.y:928 gram.y:936 gram.y:950 gram.y:956 gram.y:1078 +#: gram.y:1087 gram.y:1095 gram.y:1104 gram.y:1113 gram.y:1142 gram.y:1151 +#: gram.y:1159 gram.y:1249 gram.y:1377 gram.y:1744 gram.y:1794 +#: lib/eventlog/eventlog.c:309 lib/eventlog/eventlog.c:382 +#: lib/eventlog/eventlog.c:804 lib/eventlog/eventlog.c:881 +#: lib/eventlog/eventlog.c:1176 lib/iolog/iolog_json.c:150 +#: lib/iolog/iolog_json.c:382 lib/iolog/iolog_json.c:412 +#: lib/iolog/iolog_json.c:555 lib/iolog/iolog_legacy.c:100 +#: lib/iolog/iolog_legacy.c:111 lib/iolog/iolog_legacy.c:123 +#: lib/iolog/iolog_legacy.c:133 lib/iolog/iolog_legacy.c:139 +#: lib/iolog/iolog_loginfo.c:76 lib/iolog/iolog_loginfo.c:211 +#: logsrvd/iolog_writer.c:84 logsrvd/iolog_writer.c:89 +#: logsrvd/iolog_writer.c:123 logsrvd/iolog_writer.c:172 +#: logsrvd/iolog_writer.c:212 logsrvd/iolog_writer.c:225 +#: logsrvd/iolog_writer.c:261 logsrvd/iolog_writer.c:286 +#: logsrvd/iolog_writer.c:301 logsrvd/iolog_writer.c:314 +#: logsrvd/iolog_writer.c:327 logsrvd/iolog_writer.c:340 +#: logsrvd/iolog_writer.c:355 logsrvd/iolog_writer.c:393 +#: logsrvd/iolog_writer.c:399 logsrvd/iolog_writer.c:406 +#: logsrvd/iolog_writer.c:412 logsrvd/iolog_writer.c:596 +#: logsrvd/logsrv_util.c:64 logsrvd/logsrvd.c:296 logsrvd/logsrvd.c:305 +#: logsrvd/logsrvd.c:1011 logsrvd/logsrvd.c:1073 logsrvd/logsrvd_conf.c:1360 +#: logsrvd/logsrvd_journal.c:70 logsrvd/logsrvd_journal.c:203 +#: logsrvd/logsrvd_journal.c:204 logsrvd/logsrvd_journal.c:260 +#: logsrvd/logsrvd_journal.c:425 logsrvd/logsrvd_journal.c:427 +#: logsrvd/logsrvd_local.c:174 logsrvd/logsrvd_local.c:175 +#: logsrvd/logsrvd_local.c:237 logsrvd/logsrvd_local.c:238 +#: logsrvd/logsrvd_local.c:376 logsrvd/logsrvd_local.c:425 +#: logsrvd/logsrvd_local.c:426 logsrvd/logsrvd_local.c:431 +#: logsrvd/logsrvd_local.c:432 logsrvd/logsrvd_queue.c:154 +#: logsrvd/logsrvd_queue.c:184 logsrvd/logsrvd_queue.c:261 +#: logsrvd/logsrvd_relay.c:439 logsrvd/logsrvd_relay.c:738 +#: logsrvd/logsrvd_relay.c:843 logsrvd/sendlog.c:246 logsrvd/sendlog.c:255 +#: logsrvd/sendlog.c:333 logsrvd/sendlog.c:640 plugins/sudoers/audit.c:116 +#: plugins/sudoers/auth/bsdauth.c:147 plugins/sudoers/auth/kerb5.c:118 +#: plugins/sudoers/auth/kerb5.c:146 plugins/sudoers/auth/pam.c:689 #: plugins/sudoers/auth/rfc1938.c:111 plugins/sudoers/auth/sia.c:59 -#: plugins/sudoers/cvtsudoers.c:120 plugins/sudoers/cvtsudoers.c:161 -#: plugins/sudoers/cvtsudoers.c:178 plugins/sudoers/cvtsudoers.c:189 -#: plugins/sudoers/cvtsudoers.c:301 plugins/sudoers/cvtsudoers.c:429 -#: plugins/sudoers/cvtsudoers.c:562 plugins/sudoers/cvtsudoers.c:579 -#: plugins/sudoers/cvtsudoers.c:642 plugins/sudoers/cvtsudoers.c:757 -#: plugins/sudoers/cvtsudoers.c:765 plugins/sudoers/cvtsudoers.c:1179 -#: plugins/sudoers/cvtsudoers.c:1183 plugins/sudoers/cvtsudoers.c:1285 -#: plugins/sudoers/cvtsudoers_json.c:76 plugins/sudoers/cvtsudoers_ldif.c:151 -#: plugins/sudoers/cvtsudoers_ldif.c:194 plugins/sudoers/cvtsudoers_ldif.c:235 -#: plugins/sudoers/cvtsudoers_ldif.c:300 plugins/sudoers/cvtsudoers_ldif.c:371 -#: plugins/sudoers/cvtsudoers_ldif.c:426 plugins/sudoers/cvtsudoers_ldif.c:434 -#: plugins/sudoers/cvtsudoers_ldif.c:451 plugins/sudoers/cvtsudoers_ldif.c:460 -#: plugins/sudoers/cvtsudoers_ldif.c:607 plugins/sudoers/defaults.c:626 -#: plugins/sudoers/defaults.c:919 plugins/sudoers/defaults.c:1052 -#: plugins/sudoers/editor.c:66 plugins/sudoers/editor.c:84 -#: plugins/sudoers/editor.c:95 plugins/sudoers/env.c:261 -#: plugins/sudoers/filedigest.c:54 plugins/sudoers/filedigest.c:70 -#: plugins/sudoers/gc.c:56 plugins/sudoers/group_plugin.c:133 -#: plugins/sudoers/interfaces.c:72 plugins/sudoers/iolog.c:483 -#: plugins/sudoers/iolog_client.c:105 plugins/sudoers/iolog_client.c:382 -#: plugins/sudoers/iolog_client.c:559 plugins/sudoers/iolog_client.c:678 -#: plugins/sudoers/iolog_client.c:696 plugins/sudoers/iolog_client.c:1176 -#: plugins/sudoers/iolog_client.c:1405 plugins/sudoers/iolog_client.c:1723 -#: plugins/sudoers/iolog_client.c:1751 plugins/sudoers/ldap.c:183 -#: plugins/sudoers/ldap.c:421 plugins/sudoers/ldap.c:431 -#: plugins/sudoers/ldap.c:436 plugins/sudoers/ldap.c:440 -#: plugins/sudoers/ldap.c:452 plugins/sudoers/ldap.c:743 -#: plugins/sudoers/ldap.c:907 plugins/sudoers/ldap.c:1279 -#: plugins/sudoers/ldap.c:1706 plugins/sudoers/ldap.c:1743 -#: plugins/sudoers/ldap.c:1824 plugins/sudoers/ldap.c:1959 -#: plugins/sudoers/ldap.c:2060 plugins/sudoers/ldap.c:2076 -#: plugins/sudoers/ldap_conf.c:218 plugins/sudoers/ldap_conf.c:249 -#: plugins/sudoers/ldap_conf.c:301 plugins/sudoers/ldap_conf.c:337 -#: plugins/sudoers/ldap_conf.c:441 plugins/sudoers/ldap_conf.c:456 -#: plugins/sudoers/ldap_conf.c:553 plugins/sudoers/ldap_conf.c:586 -#: plugins/sudoers/ldap_conf.c:678 plugins/sudoers/ldap_conf.c:760 -#: plugins/sudoers/ldap_util.c:326 plugins/sudoers/ldap_util.c:333 -#: plugins/sudoers/ldap_util.c:598 plugins/sudoers/linux_audit.c:83 -#: plugins/sudoers/logging.c:103 plugins/sudoers/logging.c:192 -#: plugins/sudoers/logging.c:519 plugins/sudoers/logging.c:545 -#: plugins/sudoers/logging.c:586 plugins/sudoers/logging.c:723 -#: plugins/sudoers/logging.c:1083 plugins/sudoers/match_command.c:243 -#: plugins/sudoers/match_command.c:391 plugins/sudoers/match_command.c:438 -#: plugins/sudoers/match_command.c:509 plugins/sudoers/match_digest.c:80 -#: plugins/sudoers/parse.c:193 plugins/sudoers/parse.c:205 -#: plugins/sudoers/parse.c:220 plugins/sudoers/parse.c:232 +#: plugins/sudoers/check_aliases.c:134 plugins/sudoers/cvtsudoers.c:131 +#: plugins/sudoers/cvtsudoers.c:175 plugins/sudoers/cvtsudoers.c:192 +#: plugins/sudoers/cvtsudoers.c:203 plugins/sudoers/cvtsudoers.c:333 +#: plugins/sudoers/cvtsudoers.c:372 plugins/sudoers/cvtsudoers.c:392 +#: plugins/sudoers/cvtsudoers.c:534 plugins/sudoers/cvtsudoers.c:667 +#: plugins/sudoers/cvtsudoers.c:685 plugins/sudoers/cvtsudoers.c:755 +#: plugins/sudoers/cvtsudoers.c:870 plugins/sudoers/cvtsudoers.c:878 +#: plugins/sudoers/cvtsudoers.c:1373 plugins/sudoers/cvtsudoers.c:1377 +#: plugins/sudoers/cvtsudoers.c:1479 plugins/sudoers/cvtsudoers_csv.c:183 +#: plugins/sudoers/cvtsudoers_csv.c:246 plugins/sudoers/cvtsudoers_json.c:76 +#: plugins/sudoers/cvtsudoers_ldif.c:151 plugins/sudoers/cvtsudoers_ldif.c:194 +#: plugins/sudoers/cvtsudoers_ldif.c:235 plugins/sudoers/cvtsudoers_ldif.c:300 +#: plugins/sudoers/cvtsudoers_ldif.c:376 plugins/sudoers/cvtsudoers_ldif.c:430 +#: plugins/sudoers/cvtsudoers_ldif.c:438 plugins/sudoers/cvtsudoers_ldif.c:449 +#: plugins/sudoers/cvtsudoers_ldif.c:456 plugins/sudoers/cvtsudoers_ldif.c:469 +#: plugins/sudoers/cvtsudoers_ldif.c:477 plugins/sudoers/cvtsudoers_ldif.c:624 +#: plugins/sudoers/cvtsudoers_merge.c:246 +#: plugins/sudoers/cvtsudoers_merge.c:292 +#: plugins/sudoers/cvtsudoers_merge.c:339 +#: plugins/sudoers/cvtsudoers_merge.c:360 +#: plugins/sudoers/cvtsudoers_merge.c:446 +#: plugins/sudoers/cvtsudoers_merge.c:457 +#: plugins/sudoers/cvtsudoers_merge.c:526 +#: plugins/sudoers/cvtsudoers_merge.c:696 +#: plugins/sudoers/cvtsudoers_merge.c:704 +#: plugins/sudoers/cvtsudoers_merge.c:927 +#: plugins/sudoers/cvtsudoers_merge.c:962 plugins/sudoers/defaults.c:665 +#: plugins/sudoers/defaults.c:1019 plugins/sudoers/defaults.c:1206 +#: plugins/sudoers/editor.c:190 plugins/sudoers/env.c:262 +#: plugins/sudoers/exptilde.c:92 plugins/sudoers/filedigest.c:54 +#: plugins/sudoers/filedigest.c:70 plugins/sudoers/gc.c:57 +#: plugins/sudoers/group_plugin.c:133 plugins/sudoers/interfaces.c:68 +#: plugins/sudoers/iolog.c:609 plugins/sudoers/iolog.c:635 +#: plugins/sudoers/ldap.c:184 plugins/sudoers/ldap.c:422 +#: plugins/sudoers/ldap.c:432 plugins/sudoers/ldap.c:437 +#: plugins/sudoers/ldap.c:441 plugins/sudoers/ldap.c:453 +#: plugins/sudoers/ldap.c:749 plugins/sudoers/ldap.c:913 +#: plugins/sudoers/ldap.c:1286 plugins/sudoers/ldap.c:1712 +#: plugins/sudoers/ldap.c:1749 plugins/sudoers/ldap.c:1830 +#: plugins/sudoers/ldap.c:1965 plugins/sudoers/ldap.c:2066 +#: plugins/sudoers/ldap.c:2082 plugins/sudoers/ldap_conf.c:218 +#: plugins/sudoers/ldap_conf.c:249 plugins/sudoers/ldap_conf.c:301 +#: plugins/sudoers/ldap_conf.c:337 plugins/sudoers/ldap_conf.c:441 +#: plugins/sudoers/ldap_conf.c:456 plugins/sudoers/ldap_conf.c:553 +#: plugins/sudoers/ldap_conf.c:586 plugins/sudoers/ldap_conf.c:678 +#: plugins/sudoers/ldap_conf.c:760 plugins/sudoers/ldap_util.c:293 +#: plugins/sudoers/ldap_util.c:300 plugins/sudoers/ldap_util.c:613 +#: plugins/sudoers/linux_audit.c:86 plugins/sudoers/log_client.c:112 +#: plugins/sudoers/log_client.c:390 plugins/sudoers/log_client.c:703 +#: plugins/sudoers/log_client.c:724 plugins/sudoers/log_client.c:1444 +#: plugins/sudoers/log_client.c:1662 plugins/sudoers/log_client.c:1989 +#: plugins/sudoers/log_client.c:2046 plugins/sudoers/logging.c:104 +#: plugins/sudoers/logging.c:184 plugins/sudoers/logging.c:468 +#: plugins/sudoers/logging.c:488 plugins/sudoers/logging.c:627 +#: plugins/sudoers/match_command.c:297 plugins/sudoers/match_command.c:497 +#: plugins/sudoers/match_command.c:546 plugins/sudoers/match_command.c:618 +#: plugins/sudoers/match_command.c:666 plugins/sudoers/match_digest.c:93 +#: plugins/sudoers/parse.c:201 plugins/sudoers/parse.c:218 +#: plugins/sudoers/parse.c:250 plugins/sudoers/parse.c:267 +#: plugins/sudoers/parse.c:290 plugins/sudoers/parse.c:301 #: plugins/sudoers/parse_ldif.c:153 plugins/sudoers/parse_ldif.c:184 -#: plugins/sudoers/parse_ldif.c:253 plugins/sudoers/parse_ldif.c:260 -#: plugins/sudoers/parse_ldif.c:265 plugins/sudoers/parse_ldif.c:341 -#: plugins/sudoers/parse_ldif.c:352 plugins/sudoers/parse_ldif.c:379 -#: plugins/sudoers/parse_ldif.c:396 plugins/sudoers/parse_ldif.c:408 -#: plugins/sudoers/parse_ldif.c:412 plugins/sudoers/parse_ldif.c:426 -#: plugins/sudoers/parse_ldif.c:594 plugins/sudoers/parse_ldif.c:624 -#: plugins/sudoers/parse_ldif.c:649 plugins/sudoers/parse_ldif.c:707 -#: plugins/sudoers/parse_ldif.c:724 plugins/sudoers/parse_ldif.c:752 -#: plugins/sudoers/parse_ldif.c:759 plugins/sudoers/policy.c:491 -#: plugins/sudoers/policy.c:823 plugins/sudoers/prompt.c:93 -#: plugins/sudoers/pwutil.c:191 plugins/sudoers/pwutil.c:262 -#: plugins/sudoers/pwutil.c:340 plugins/sudoers/pwutil.c:514 -#: plugins/sudoers/pwutil.c:578 plugins/sudoers/pwutil.c:649 -#: plugins/sudoers/pwutil.c:808 plugins/sudoers/pwutil.c:865 -#: plugins/sudoers/pwutil.c:909 plugins/sudoers/pwutil.c:967 -#: plugins/sudoers/sssd.c:146 plugins/sudoers/sssd.c:409 -#: plugins/sudoers/sssd.c:472 plugins/sudoers/sssd.c:516 -#: plugins/sudoers/sssd.c:563 plugins/sudoers/sssd.c:755 -#: plugins/sudoers/stubs.c:96 plugins/sudoers/stubs.c:104 -#: plugins/sudoers/sudoers.c:316 plugins/sudoers/sudoers.c:327 -#: plugins/sudoers/sudoers.c:337 plugins/sudoers/sudoers.c:380 -#: plugins/sudoers/sudoers.c:720 plugins/sudoers/sudoers.c:849 -#: plugins/sudoers/sudoers.c:894 plugins/sudoers/sudoers.c:1198 -#: plugins/sudoers/sudoreplay.c:553 plugins/sudoers/sudoreplay.c:556 -#: plugins/sudoers/sudoreplay.c:1260 plugins/sudoers/sudoreplay.c:1470 -#: plugins/sudoers/sudoreplay.c:1474 plugins/sudoers/testsudoers.c:128 -#: plugins/sudoers/testsudoers.c:228 plugins/sudoers/testsudoers.c:245 -#: plugins/sudoers/testsudoers.c:581 plugins/sudoers/timestamp.c:432 -#: plugins/sudoers/timestamp.c:476 plugins/sudoers/timestamp.c:986 -#: plugins/sudoers/toke_util.c:51 plugins/sudoers/toke_util.c:104 -#: plugins/sudoers/toke_util.c:129 plugins/sudoers/toke_util.c:157 -#: plugins/sudoers/tsdump.c:123 plugins/sudoers/visudo.c:146 -#: plugins/sudoers/visudo.c:322 plugins/sudoers/visudo.c:328 -#: plugins/sudoers/visudo.c:438 plugins/sudoers/visudo.c:616 -#: plugins/sudoers/visudo.c:936 plugins/sudoers/visudo.c:1024 -#: plugins/sudoers/visudo.c:1121 toke.l:864 toke.l:981 toke.l:1039 +#: plugins/sudoers/parse_ldif.c:253 plugins/sudoers/parse_ldif.c:261 +#: plugins/sudoers/parse_ldif.c:266 plugins/sudoers/parse_ldif.c:342 +#: plugins/sudoers/parse_ldif.c:353 plugins/sudoers/parse_ldif.c:380 +#: plugins/sudoers/parse_ldif.c:397 plugins/sudoers/parse_ldif.c:409 +#: plugins/sudoers/parse_ldif.c:413 plugins/sudoers/parse_ldif.c:427 +#: plugins/sudoers/parse_ldif.c:484 plugins/sudoers/parse_ldif.c:597 +#: plugins/sudoers/parse_ldif.c:627 plugins/sudoers/parse_ldif.c:652 +#: plugins/sudoers/parse_ldif.c:710 plugins/sudoers/parse_ldif.c:727 +#: plugins/sudoers/parse_ldif.c:755 plugins/sudoers/parse_ldif.c:762 +#: plugins/sudoers/policy.c:564 plugins/sudoers/policy.c:978 +#: plugins/sudoers/prompt.c:93 plugins/sudoers/pwutil.c:199 +#: plugins/sudoers/pwutil.c:270 plugins/sudoers/pwutil.c:348 +#: plugins/sudoers/pwutil.c:522 plugins/sudoers/pwutil.c:587 +#: plugins/sudoers/pwutil.c:659 plugins/sudoers/pwutil.c:857 +#: plugins/sudoers/pwutil.c:913 plugins/sudoers/pwutil.c:957 +#: plugins/sudoers/pwutil.c:1014 plugins/sudoers/sssd.c:145 +#: plugins/sudoers/sssd.c:407 plugins/sudoers/sssd.c:470 +#: plugins/sudoers/sssd.c:514 plugins/sudoers/sssd.c:558 +#: plugins/sudoers/sssd.c:751 plugins/sudoers/strvec_join.c:53 +#: plugins/sudoers/stubs.c:111 plugins/sudoers/stubs.c:119 +#: plugins/sudoers/sudoers.c:335 plugins/sudoers/sudoers.c:361 +#: plugins/sudoers/sudoers.c:429 plugins/sudoers/sudoers.c:438 +#: plugins/sudoers/sudoers.c:479 plugins/sudoers/sudoers.c:842 +#: plugins/sudoers/sudoers.c:980 plugins/sudoers/sudoers.c:1039 +#: plugins/sudoers/sudoers.c:1305 plugins/sudoers/sudoreplay.c:562 +#: plugins/sudoers/sudoreplay.c:565 plugins/sudoers/sudoreplay.c:1280 +#: plugins/sudoers/sudoreplay.c:1500 plugins/sudoers/sudoreplay.c:1504 +#: plugins/sudoers/testsudoers.c:120 plugins/sudoers/testsudoers.c:224 +#: plugins/sudoers/testsudoers.c:241 plugins/sudoers/testsudoers.c:580 +#: plugins/sudoers/timestamp.c:424 plugins/sudoers/timestamp.c:468 +#: plugins/sudoers/timestamp.c:980 plugins/sudoers/timestamp.c:1118 +#: plugins/sudoers/toke_util.c:77 plugins/sudoers/toke_util.c:105 +#: plugins/sudoers/toke_util.c:130 plugins/sudoers/toke_util.c:155 +#: plugins/sudoers/toke_util.c:193 plugins/sudoers/tsdump.c:123 +#: plugins/sudoers/visudo.c:145 plugins/sudoers/visudo.c:344 +#: plugins/sudoers/visudo.c:350 plugins/sudoers/visudo.c:456 +#: plugins/sudoers/visudo.c:632 plugins/sudoers/visudo.c:962 +#: plugins/sudoers/visudo.c:1035 toke.l:944 toke.l:1076 toke.l:1147 msgid "unable to allocate memory" msgstr "muistin varaaminen epäonnistui" -#: gram.y:505 +#: gram.y:615 msgid "a digest requires a path name" msgstr "tiiviste vaatii polkunimen" -#: gram.y:638 +#: gram.y:637 +msgid "values for \"CWD\" must start with a '/', '~', or '*'" +msgstr "”CWD”-muuttujan arvon on alettava merkillä ’/’, ’~’ tai ’*’" + +#: gram.y:643 +msgid "\"CWD\" path too long" +msgstr "”CWD”-polku liian pitkä" + +#: gram.y:653 +msgid "values for \"CHROOT\" must start with a '/', '~', or '*'" +msgstr "”CHROOT”-muuttujan arvon on alettava merkillä ’/’, ’~’ tai ’*’" + +#: gram.y:659 +msgid "\"CHROOT\" path too long" +msgstr "”CHROOT”-polku liian pitkä" + +#: gram.y:788 +#, c-format +msgid "syntax error, reserved word %s used as an alias name" +msgstr "syntaksivirhe, varattua sanaa %s käytetty aliaksen nimenä" + +#: gram.y:811 msgid "invalid notbefore value" msgstr "virheellinen notbefore-arvo" -#: gram.y:646 +#: gram.y:820 msgid "invalid notafter value" msgstr "virheellinen notafter-arvo" -#: gram.y:655 plugins/sudoers/policy.c:306 +#: gram.y:830 plugins/sudoers/policy.c:353 msgid "timeout value too large" msgstr "aikakatkaisuarvo on liian suuri" -#: gram.y:657 plugins/sudoers/policy.c:308 +#: gram.y:832 plugins/sudoers/policy.c:355 msgid "invalid timeout value" -msgstr "virheellinen aikavalvonta-arvo" +msgstr "virheellinen aikakatkaisuarvo" -#: gram.y:1347 lib/iolog/iolog_fileio.c:1101 lib/iolog/iolog_json.c:120 -#: lib/iolog/iolog_json.c:282 lib/iolog/iolog_json.c:313 -#: lib/iolog/iolog_json.c:435 lib/iolog/iolog_json.c:713 -#: lib/iolog/iolog_util.c:106 lib/iolog/iolog_util.c:115 -#: lib/iolog/iolog_util.c:125 lib/iolog/iolog_util.c:133 -#: lib/iolog/iolog_util.c:137 lib/iolog/iolog_util.c:196 -#: logsrvd/eventlog.c:223 logsrvd/logsrvd.c:1208 logsrvd/logsrvd.c:1221 -#: logsrvd/logsrvd.c:1266 logsrvd/sendlog.c:443 logsrvd/sendlog.c:1302 -#: logsrvd/sendlog.c:1309 logsrvd/sendlog.c:1727 plugins/sudoers/audit.c:108 -#: plugins/sudoers/audit.c:212 plugins/sudoers/auth/pam.c:482 -#: plugins/sudoers/auth/pam.c:669 plugins/sudoers/auth/rfc1938.c:111 -#: plugins/sudoers/cvtsudoers.c:120 plugins/sudoers/cvtsudoers.c:160 -#: plugins/sudoers/cvtsudoers.c:177 plugins/sudoers/cvtsudoers.c:188 -#: plugins/sudoers/cvtsudoers.c:300 plugins/sudoers/cvtsudoers.c:428 -#: plugins/sudoers/cvtsudoers.c:561 plugins/sudoers/cvtsudoers.c:578 -#: plugins/sudoers/cvtsudoers.c:642 plugins/sudoers/cvtsudoers.c:757 -#: plugins/sudoers/cvtsudoers.c:764 plugins/sudoers/cvtsudoers.c:1179 -#: plugins/sudoers/cvtsudoers.c:1183 plugins/sudoers/cvtsudoers.c:1285 +#: gram.y:946 plugins/sudoers/sudoers.c:998 +msgid "command too long" +msgstr "komento on liian pitkä" + +#: gram.y:1203 +#, c-format +msgid "%s:%d:%d: %s\n" +msgstr "%s:%d:%d: %s\n" + +#: gram.y:1247 +#, c-format +msgid "Alias \"%s\" already defined" +msgstr "Alias ”%s” on jo määritelty" + +#: gram.y:1744 gram.y:1794 lib/eventlog/eventlog.c:309 +#: lib/eventlog/eventlog.c:804 lib/eventlog/eventlog.c:877 +#: lib/eventlog/eventlog.c:880 lib/eventlog/eventlog.c:1176 +#: lib/iolog/iolog_json.c:150 lib/iolog/iolog_json.c:381 +#: lib/iolog/iolog_json.c:412 lib/iolog/iolog_json.c:555 +#: lib/iolog/iolog_legacy.c:100 lib/iolog/iolog_legacy.c:111 +#: lib/iolog/iolog_legacy.c:123 lib/iolog/iolog_legacy.c:133 +#: lib/iolog/iolog_legacy.c:139 lib/iolog/iolog_loginfo.c:76 +#: lib/iolog/iolog_loginfo.c:211 logsrvd/iolog_writer.c:84 +#: logsrvd/iolog_writer.c:89 logsrvd/iolog_writer.c:123 +#: logsrvd/iolog_writer.c:162 logsrvd/iolog_writer.c:171 +#: logsrvd/iolog_writer.c:189 logsrvd/iolog_writer.c:211 +#: logsrvd/iolog_writer.c:224 logsrvd/iolog_writer.c:251 +#: logsrvd/iolog_writer.c:260 logsrvd/iolog_writer.c:276 +#: logsrvd/iolog_writer.c:285 logsrvd/iolog_writer.c:300 +#: logsrvd/iolog_writer.c:313 logsrvd/iolog_writer.c:326 +#: logsrvd/iolog_writer.c:339 logsrvd/iolog_writer.c:354 +#: logsrvd/iolog_writer.c:393 logsrvd/iolog_writer.c:399 +#: logsrvd/iolog_writer.c:406 logsrvd/iolog_writer.c:412 +#: logsrvd/iolog_writer.c:596 logsrvd/logsrv_util.c:64 logsrvd/logsrvd.c:296 +#: logsrvd/logsrvd.c:305 logsrvd/logsrvd.c:448 logsrvd/logsrvd.c:485 +#: logsrvd/logsrvd.c:593 logsrvd/logsrvd.c:1084 logsrvd/logsrvd.c:1400 +#: logsrvd/logsrvd.c:1406 logsrvd/logsrvd_conf.c:1360 +#: logsrvd/logsrvd_journal.c:70 logsrvd/logsrvd_journal.c:114 +#: logsrvd/logsrvd_journal.c:203 logsrvd/logsrvd_journal.c:233 +#: logsrvd/logsrvd_journal.c:237 logsrvd/logsrvd_journal.c:245 +#: logsrvd/logsrvd_journal.c:268 logsrvd/logsrvd_journal.c:272 +#: logsrvd/logsrvd_journal.c:425 logsrvd/logsrvd_local.c:174 +#: logsrvd/logsrvd_local.c:237 logsrvd/logsrvd_local.c:425 +#: logsrvd/logsrvd_local.c:431 logsrvd/logsrvd_local.c:450 +#: logsrvd/logsrvd_queue.c:153 logsrvd/logsrvd_queue.c:184 +#: logsrvd/logsrvd_queue.c:261 logsrvd/sendlog.c:246 logsrvd/sendlog.c:255 +#: logsrvd/sendlog.c:333 logsrvd/sendlog.c:640 logsrvd/sendlog.c:1526 +#: logsrvd/sendlog.c:1533 logsrvd/sendlog.c:1756 logsrvd/tls_init.c:293 +#: logsrvd/tls_init.c:314 logsrvd/tls_init.c:324 plugins/sudoers/audit.c:116 +#: plugins/sudoers/auth/pam.c:503 plugins/sudoers/auth/pam.c:689 +#: plugins/sudoers/auth/rfc1938.c:111 plugins/sudoers/check_aliases.c:134 +#: plugins/sudoers/cvtsudoers.c:131 plugins/sudoers/cvtsudoers.c:174 +#: plugins/sudoers/cvtsudoers.c:191 plugins/sudoers/cvtsudoers.c:202 +#: plugins/sudoers/cvtsudoers.c:332 plugins/sudoers/cvtsudoers.c:533 +#: plugins/sudoers/cvtsudoers.c:666 plugins/sudoers/cvtsudoers.c:684 +#: plugins/sudoers/cvtsudoers.c:755 plugins/sudoers/cvtsudoers.c:870 +#: plugins/sudoers/cvtsudoers.c:877 plugins/sudoers/cvtsudoers.c:1373 +#: plugins/sudoers/cvtsudoers.c:1377 plugins/sudoers/cvtsudoers.c:1479 +#: plugins/sudoers/cvtsudoers_csv.c:182 plugins/sudoers/cvtsudoers_csv.c:245 #: plugins/sudoers/cvtsudoers_json.c:75 plugins/sudoers/cvtsudoers_ldif.c:150 #: plugins/sudoers/cvtsudoers_ldif.c:193 plugins/sudoers/cvtsudoers_ldif.c:234 -#: plugins/sudoers/cvtsudoers_ldif.c:299 plugins/sudoers/cvtsudoers_ldif.c:370 -#: plugins/sudoers/cvtsudoers_ldif.c:425 plugins/sudoers/cvtsudoers_ldif.c:433 -#: plugins/sudoers/cvtsudoers_ldif.c:450 plugins/sudoers/cvtsudoers_ldif.c:459 -#: plugins/sudoers/cvtsudoers_ldif.c:606 plugins/sudoers/defaults.c:626 -#: plugins/sudoers/defaults.c:919 plugins/sudoers/defaults.c:1052 -#: plugins/sudoers/editor.c:66 plugins/sudoers/editor.c:84 -#: plugins/sudoers/editor.c:95 plugins/sudoers/env.c:261 -#: plugins/sudoers/filedigest.c:54 plugins/sudoers/filedigest.c:70 -#: plugins/sudoers/gc.c:56 plugins/sudoers/group_plugin.c:132 -#: plugins/sudoers/interfaces.c:72 plugins/sudoers/iolog.c:483 -#: plugins/sudoers/iolog_client.c:105 plugins/sudoers/iolog_client.c:215 -#: plugins/sudoers/iolog_client.c:236 plugins/sudoers/iolog_client.c:249 -#: plugins/sudoers/iolog_client.c:382 plugins/sudoers/iolog_client.c:678 -#: plugins/sudoers/iolog_client.c:696 plugins/sudoers/iolog_client.c:1176 -#: plugins/sudoers/iolog_client.c:1405 plugins/sudoers/iolog_client.c:1723 -#: plugins/sudoers/iolog_client.c:1751 plugins/sudoers/ldap.c:183 -#: plugins/sudoers/ldap.c:421 plugins/sudoers/ldap.c:431 -#: plugins/sudoers/ldap.c:436 plugins/sudoers/ldap.c:440 -#: plugins/sudoers/ldap.c:452 plugins/sudoers/ldap.c:743 -#: plugins/sudoers/ldap.c:907 plugins/sudoers/ldap.c:1279 -#: plugins/sudoers/ldap.c:1706 plugins/sudoers/ldap.c:1743 -#: plugins/sudoers/ldap.c:1824 plugins/sudoers/ldap.c:1959 -#: plugins/sudoers/ldap.c:2060 plugins/sudoers/ldap.c:2076 -#: plugins/sudoers/ldap_conf.c:218 plugins/sudoers/ldap_conf.c:249 -#: plugins/sudoers/ldap_conf.c:301 plugins/sudoers/ldap_conf.c:337 -#: plugins/sudoers/ldap_conf.c:441 plugins/sudoers/ldap_conf.c:456 -#: plugins/sudoers/ldap_conf.c:553 plugins/sudoers/ldap_conf.c:586 -#: plugins/sudoers/ldap_conf.c:677 plugins/sudoers/ldap_conf.c:760 -#: plugins/sudoers/ldap_util.c:325 plugins/sudoers/ldap_util.c:332 -#: plugins/sudoers/ldap_util.c:598 plugins/sudoers/linux_audit.c:83 -#: plugins/sudoers/logging.c:103 plugins/sudoers/logging.c:192 -#: plugins/sudoers/logging.c:519 plugins/sudoers/logging.c:545 -#: plugins/sudoers/logging.c:585 plugins/sudoers/logging.c:1083 -#: plugins/sudoers/match_command.c:242 plugins/sudoers/match_command.c:390 -#: plugins/sudoers/match_command.c:437 plugins/sudoers/match_command.c:509 -#: plugins/sudoers/match_digest.c:80 plugins/sudoers/parse.c:192 -#: plugins/sudoers/parse.c:204 plugins/sudoers/parse.c:219 -#: plugins/sudoers/parse.c:231 plugins/sudoers/parse_ldif.c:152 -#: plugins/sudoers/parse_ldif.c:183 plugins/sudoers/parse_ldif.c:252 -#: plugins/sudoers/parse_ldif.c:259 plugins/sudoers/parse_ldif.c:264 -#: plugins/sudoers/parse_ldif.c:340 plugins/sudoers/parse_ldif.c:351 -#: plugins/sudoers/parse_ldif.c:378 plugins/sudoers/parse_ldif.c:395 -#: plugins/sudoers/parse_ldif.c:407 plugins/sudoers/parse_ldif.c:411 -#: plugins/sudoers/parse_ldif.c:425 plugins/sudoers/parse_ldif.c:594 -#: plugins/sudoers/parse_ldif.c:623 plugins/sudoers/parse_ldif.c:648 -#: plugins/sudoers/parse_ldif.c:706 plugins/sudoers/parse_ldif.c:723 -#: plugins/sudoers/parse_ldif.c:751 plugins/sudoers/parse_ldif.c:758 -#: plugins/sudoers/policy.c:120 plugins/sudoers/policy.c:129 -#: plugins/sudoers/policy.c:138 plugins/sudoers/policy.c:164 -#: plugins/sudoers/policy.c:291 plugins/sudoers/policy.c:306 -#: plugins/sudoers/policy.c:308 plugins/sudoers/policy.c:337 -#: plugins/sudoers/policy.c:346 plugins/sudoers/policy.c:389 -#: plugins/sudoers/policy.c:399 plugins/sudoers/policy.c:408 -#: plugins/sudoers/policy.c:417 plugins/sudoers/policy.c:491 -#: plugins/sudoers/policy.c:823 plugins/sudoers/prompt.c:93 -#: plugins/sudoers/pwutil.c:191 plugins/sudoers/pwutil.c:262 -#: plugins/sudoers/pwutil.c:340 plugins/sudoers/pwutil.c:514 -#: plugins/sudoers/pwutil.c:578 plugins/sudoers/pwutil.c:649 -#: plugins/sudoers/pwutil.c:808 plugins/sudoers/pwutil.c:865 -#: plugins/sudoers/pwutil.c:909 plugins/sudoers/pwutil.c:967 -#: plugins/sudoers/set_perms.c:359 plugins/sudoers/set_perms.c:698 -#: plugins/sudoers/set_perms.c:1061 plugins/sudoers/set_perms.c:1364 -#: plugins/sudoers/set_perms.c:1529 plugins/sudoers/sssd.c:145 -#: plugins/sudoers/sssd.c:409 plugins/sudoers/sssd.c:472 -#: plugins/sudoers/sssd.c:516 plugins/sudoers/sssd.c:563 -#: plugins/sudoers/sssd.c:755 plugins/sudoers/stubs.c:96 -#: plugins/sudoers/stubs.c:104 plugins/sudoers/sudoers.c:316 -#: plugins/sudoers/sudoers.c:327 plugins/sudoers/sudoers.c:337 -#: plugins/sudoers/sudoers.c:380 plugins/sudoers/sudoers.c:720 -#: plugins/sudoers/sudoers.c:849 plugins/sudoers/sudoers.c:894 -#: plugins/sudoers/sudoers.c:1198 plugins/sudoers/sudoreplay.c:553 -#: plugins/sudoers/sudoreplay.c:556 plugins/sudoers/sudoreplay.c:1260 -#: plugins/sudoers/sudoreplay.c:1470 plugins/sudoers/sudoreplay.c:1474 -#: plugins/sudoers/testsudoers.c:128 plugins/sudoers/testsudoers.c:228 -#: plugins/sudoers/testsudoers.c:245 plugins/sudoers/testsudoers.c:581 -#: plugins/sudoers/timestamp.c:432 plugins/sudoers/timestamp.c:476 -#: plugins/sudoers/timestamp.c:986 plugins/sudoers/toke_util.c:51 -#: plugins/sudoers/toke_util.c:104 plugins/sudoers/toke_util.c:128 -#: plugins/sudoers/toke_util.c:157 plugins/sudoers/tsdump.c:123 -#: plugins/sudoers/visudo.c:146 plugins/sudoers/visudo.c:322 -#: plugins/sudoers/visudo.c:328 plugins/sudoers/visudo.c:438 -#: plugins/sudoers/visudo.c:616 plugins/sudoers/visudo.c:936 -#: plugins/sudoers/visudo.c:1024 plugins/sudoers/visudo.c:1121 toke.l:864 -#: toke.l:981 toke.l:1039 +#: plugins/sudoers/cvtsudoers_ldif.c:299 plugins/sudoers/cvtsudoers_ldif.c:375 +#: plugins/sudoers/cvtsudoers_ldif.c:429 plugins/sudoers/cvtsudoers_ldif.c:437 +#: plugins/sudoers/cvtsudoers_ldif.c:448 plugins/sudoers/cvtsudoers_ldif.c:455 +#: plugins/sudoers/cvtsudoers_ldif.c:468 plugins/sudoers/cvtsudoers_ldif.c:476 +#: plugins/sudoers/cvtsudoers_ldif.c:623 +#: plugins/sudoers/cvtsudoers_merge.c:246 +#: plugins/sudoers/cvtsudoers_merge.c:292 +#: plugins/sudoers/cvtsudoers_merge.c:338 +#: plugins/sudoers/cvtsudoers_merge.c:359 +#: plugins/sudoers/cvtsudoers_merge.c:446 +#: plugins/sudoers/cvtsudoers_merge.c:454 +#: plugins/sudoers/cvtsudoers_merge.c:457 +#: plugins/sudoers/cvtsudoers_merge.c:523 +#: plugins/sudoers/cvtsudoers_merge.c:526 +#: plugins/sudoers/cvtsudoers_merge.c:695 +#: plugins/sudoers/cvtsudoers_merge.c:703 +#: plugins/sudoers/cvtsudoers_merge.c:926 +#: plugins/sudoers/cvtsudoers_merge.c:962 plugins/sudoers/defaults.c:665 +#: plugins/sudoers/defaults.c:1019 plugins/sudoers/defaults.c:1206 +#: plugins/sudoers/editor.c:190 plugins/sudoers/env.c:262 +#: plugins/sudoers/exptilde.c:92 plugins/sudoers/filedigest.c:54 +#: plugins/sudoers/filedigest.c:70 plugins/sudoers/gc.c:57 +#: plugins/sudoers/group_plugin.c:132 plugins/sudoers/interfaces.c:68 +#: plugins/sudoers/iolog.c:609 plugins/sudoers/iolog.c:635 +#: plugins/sudoers/ldap.c:184 plugins/sudoers/ldap.c:422 +#: plugins/sudoers/ldap.c:432 plugins/sudoers/ldap.c:437 +#: plugins/sudoers/ldap.c:441 plugins/sudoers/ldap.c:453 +#: plugins/sudoers/ldap.c:749 plugins/sudoers/ldap.c:913 +#: plugins/sudoers/ldap.c:1286 plugins/sudoers/ldap.c:1712 +#: plugins/sudoers/ldap.c:1749 plugins/sudoers/ldap.c:1830 +#: plugins/sudoers/ldap.c:1965 plugins/sudoers/ldap.c:2066 +#: plugins/sudoers/ldap.c:2082 plugins/sudoers/ldap_conf.c:218 +#: plugins/sudoers/ldap_conf.c:249 plugins/sudoers/ldap_conf.c:301 +#: plugins/sudoers/ldap_conf.c:337 plugins/sudoers/ldap_conf.c:441 +#: plugins/sudoers/ldap_conf.c:456 plugins/sudoers/ldap_conf.c:553 +#: plugins/sudoers/ldap_conf.c:586 plugins/sudoers/ldap_conf.c:677 +#: plugins/sudoers/ldap_conf.c:760 plugins/sudoers/ldap_util.c:292 +#: plugins/sudoers/ldap_util.c:299 plugins/sudoers/ldap_util.c:613 +#: plugins/sudoers/linux_audit.c:86 plugins/sudoers/log_client.c:112 +#: plugins/sudoers/log_client.c:221 plugins/sudoers/log_client.c:242 +#: plugins/sudoers/log_client.c:255 plugins/sudoers/log_client.c:390 +#: plugins/sudoers/log_client.c:703 plugins/sudoers/log_client.c:724 +#: plugins/sudoers/log_client.c:1444 plugins/sudoers/log_client.c:1662 +#: plugins/sudoers/log_client.c:1989 plugins/sudoers/log_client.c:2046 +#: plugins/sudoers/logging.c:104 plugins/sudoers/logging.c:183 +#: plugins/sudoers/logging.c:184 plugins/sudoers/logging.c:467 +#: plugins/sudoers/logging.c:487 plugins/sudoers/logging.c:627 +#: plugins/sudoers/match_command.c:296 plugins/sudoers/match_command.c:496 +#: plugins/sudoers/match_command.c:545 plugins/sudoers/match_command.c:618 +#: plugins/sudoers/match_command.c:665 plugins/sudoers/match_digest.c:93 +#: plugins/sudoers/parse.c:200 plugins/sudoers/parse.c:217 +#: plugins/sudoers/parse.c:249 plugins/sudoers/parse.c:266 +#: plugins/sudoers/parse.c:289 plugins/sudoers/parse.c:300 +#: plugins/sudoers/parse_ldif.c:152 plugins/sudoers/parse_ldif.c:183 +#: plugins/sudoers/parse_ldif.c:252 plugins/sudoers/parse_ldif.c:260 +#: plugins/sudoers/parse_ldif.c:265 plugins/sudoers/parse_ldif.c:341 +#: plugins/sudoers/parse_ldif.c:352 plugins/sudoers/parse_ldif.c:379 +#: plugins/sudoers/parse_ldif.c:396 plugins/sudoers/parse_ldif.c:408 +#: plugins/sudoers/parse_ldif.c:412 plugins/sudoers/parse_ldif.c:426 +#: plugins/sudoers/parse_ldif.c:484 plugins/sudoers/parse_ldif.c:597 +#: plugins/sudoers/parse_ldif.c:626 plugins/sudoers/parse_ldif.c:651 +#: plugins/sudoers/parse_ldif.c:709 plugins/sudoers/parse_ldif.c:726 +#: plugins/sudoers/parse_ldif.c:754 plugins/sudoers/parse_ldif.c:761 +#: plugins/sudoers/policy.c:152 plugins/sudoers/policy.c:161 +#: plugins/sudoers/policy.c:170 plugins/sudoers/policy.c:197 +#: plugins/sudoers/policy.c:338 plugins/sudoers/policy.c:353 +#: plugins/sudoers/policy.c:355 plugins/sudoers/policy.c:385 +#: plugins/sudoers/policy.c:394 plugins/sudoers/policy.c:442 +#: plugins/sudoers/policy.c:452 plugins/sudoers/policy.c:461 +#: plugins/sudoers/policy.c:470 plugins/sudoers/policy.c:564 +#: plugins/sudoers/policy.c:978 plugins/sudoers/prompt.c:93 +#: plugins/sudoers/pwutil.c:199 plugins/sudoers/pwutil.c:270 +#: plugins/sudoers/pwutil.c:348 plugins/sudoers/pwutil.c:522 +#: plugins/sudoers/pwutil.c:587 plugins/sudoers/pwutil.c:659 +#: plugins/sudoers/pwutil.c:857 plugins/sudoers/pwutil.c:913 +#: plugins/sudoers/pwutil.c:957 plugins/sudoers/pwutil.c:1014 +#: plugins/sudoers/set_perms.c:363 plugins/sudoers/set_perms.c:706 +#: plugins/sudoers/set_perms.c:1073 plugins/sudoers/set_perms.c:1380 +#: plugins/sudoers/set_perms.c:1549 plugins/sudoers/sssd.c:144 +#: plugins/sudoers/sssd.c:407 plugins/sudoers/sssd.c:470 +#: plugins/sudoers/sssd.c:514 plugins/sudoers/sssd.c:558 +#: plugins/sudoers/sssd.c:751 plugins/sudoers/strvec_join.c:53 +#: plugins/sudoers/stubs.c:111 plugins/sudoers/stubs.c:119 +#: plugins/sudoers/sudoers.c:335 plugins/sudoers/sudoers.c:361 +#: plugins/sudoers/sudoers.c:429 plugins/sudoers/sudoers.c:438 +#: plugins/sudoers/sudoers.c:479 plugins/sudoers/sudoers.c:842 +#: plugins/sudoers/sudoers.c:980 plugins/sudoers/sudoers.c:1039 +#: plugins/sudoers/sudoers.c:1305 plugins/sudoers/sudoreplay.c:562 +#: plugins/sudoers/sudoreplay.c:565 plugins/sudoers/sudoreplay.c:1280 +#: plugins/sudoers/sudoreplay.c:1500 plugins/sudoers/sudoreplay.c:1504 +#: plugins/sudoers/testsudoers.c:120 plugins/sudoers/testsudoers.c:224 +#: plugins/sudoers/testsudoers.c:241 plugins/sudoers/testsudoers.c:580 +#: plugins/sudoers/timestamp.c:424 plugins/sudoers/timestamp.c:468 +#: plugins/sudoers/timestamp.c:980 plugins/sudoers/timestamp.c:1118 +#: plugins/sudoers/toke_util.c:77 plugins/sudoers/toke_util.c:105 +#: plugins/sudoers/toke_util.c:130 plugins/sudoers/toke_util.c:154 +#: plugins/sudoers/toke_util.c:193 plugins/sudoers/tsdump.c:123 +#: plugins/sudoers/visudo.c:145 plugins/sudoers/visudo.c:344 +#: plugins/sudoers/visudo.c:350 plugins/sudoers/visudo.c:456 +#: plugins/sudoers/visudo.c:632 plugins/sudoers/visudo.c:962 +#: plugins/sudoers/visudo.c:1035 toke.l:944 toke.l:1076 toke.l:1139 +#: toke.l:1147 #, c-format msgid "%s: %s" msgstr "%s: %s" -#: lib/iolog/iolog_fileio.c:157 +#: lib/eventlog/eventlog.c:314 lib/iolog/iolog_json.c:562 +#: lib/iolog/iolog_json.c:568 lib/iolog/iolog_json.c:574 +#: plugins/sudoers/cvtsudoers_csv.c:192 plugins/sudoers/cvtsudoers_csv.c:199 +#: plugins/sudoers/cvtsudoers_ldif.c:244 plugins/sudoers/cvtsudoers_ldif.c:251 +#: plugins/sudoers/cvtsudoers_ldif.c:580 plugins/sudoers/env.c:326 +#: plugins/sudoers/env.c:333 plugins/sudoers/env.c:444 +#: plugins/sudoers/ldap.c:520 plugins/sudoers/ldap.c:753 +#: plugins/sudoers/ldap.c:1086 plugins/sudoers/ldap_conf.c:222 +#: plugins/sudoers/ldap_conf.c:312 plugins/sudoers/ldap_util.c:485 +#: plugins/sudoers/linux_audit.c:92 plugins/sudoers/policy.c:594 +#: plugins/sudoers/policy.c:763 plugins/sudoers/policy.c:774 +#: plugins/sudoers/prompt.c:168 plugins/sudoers/strvec_join.c:62 +#: plugins/sudoers/testsudoers.c:245 plugins/sudoers/toke_util.c:206 +#: toke.l:908 toke.l:1110 #, c-format -msgid "%s exists but is not a directory (0%o)" -msgstr "%s on olemassa, mutta ei ole hakemisto (0%o)" +msgid "internal error, %s overflow" +msgstr "sisäinen virhe, %s-ylivuoto" -#: lib/iolog/iolog_fileio.c:187 lib/iolog/iolog_fileio.c:233 -#: plugins/sudoers/timestamp.c:205 +#: lib/eventlog/eventlog.c:373 #, c-format -msgid "unable to mkdir %s" -msgstr "käskyn mkdir %s suorittaminen epäonnistui" +msgid "unable to dup stdin: %m" +msgstr "funktion dup kutsuminen vakiosyötteellä epäonnistui: %m" -#: lib/iolog/iolog_fileio.c:237 plugins/sudoers/visudo.c:733 -#: plugins/sudoers/visudo.c:744 +#: lib/eventlog/eventlog.c:415 #, c-format -msgid "unable to change mode of %s to 0%o" -msgstr "tilan %s vaihtaminen arvoon 0%o epäonnistui" +msgid "unable to execute %s: %m" +msgstr "käskyn %s suorittaminen epäonnistui: %m" + +#: lib/eventlog/eventlog.c:456 plugins/sudoers/auth/aix_auth.c:198 +msgid "unable to fork" +msgstr "haarauttaminen epäonnistui" + +#: lib/eventlog/eventlog.c:464 lib/eventlog/eventlog.c:518 +#, c-format +msgid "unable to fork: %m" +msgstr "fork-funktion kutsuminen epäonnistui: %m" + +#: lib/eventlog/eventlog.c:508 +#, c-format +msgid "unable to open pipe: %m" +msgstr "putken avaaminen epäonnistui: %m" + +#: lib/eventlog/eventlog.c:1007 +#, c-format +msgid "%8s : %s" +msgstr "%8s : %s" -#: lib/iolog/iolog_json.c:114 +#: lib/eventlog/eventlog.c:1036 +#, c-format +msgid "%8s : (command continued) %s" +msgstr "%8s: (komento jatkui) %s" + +#: lib/iolog/iolog_json.c:140 #, c-format msgid "expected JSON_STRING, got %d" msgstr "odotettiin JSON_STRINGiä, saatiin %d" -#: lib/iolog/iolog_json.c:305 +#: lib/iolog/iolog_json.c:145 +msgid "JSON_ARRAY too large" +msgstr "JSON_ARRAY liian suuri" + +#: lib/iolog/iolog_json.c:404 msgid "missing double quote in name" -msgstr "" +msgstr "nimestä puuttuu lainausmerkki" -#: lib/iolog/iolog_json.c:392 +#: lib/iolog/iolog_json.c:501 +msgid "missing JSON_OBJECT" +msgstr "puuttuva JSON_OBJECT" + +#: lib/iolog/iolog_json.c:505 #, c-format msgid "expected JSON_OBJECT, got %d" msgstr "odotettiin JSON_OBJECTia, saatiin %d" -#: lib/iolog/iolog_json.c:441 lib/iolog/iolog_json.c:444 -#: lib/iolog/iolog_json.c:446 lib/iolog/iolog_json.c:538 -#: logsrvd/eventlog.c:228 plugins/sudoers/cvtsudoers_ldif.c:244 -#: plugins/sudoers/cvtsudoers_ldif.c:251 plugins/sudoers/cvtsudoers_ldif.c:563 -#: plugins/sudoers/env.c:323 plugins/sudoers/env.c:330 -#: plugins/sudoers/env.c:435 plugins/sudoers/iolog.c:561 -#: plugins/sudoers/iolog.c:577 plugins/sudoers/ldap.c:516 -#: plugins/sudoers/ldap.c:747 plugins/sudoers/ldap.c:1080 -#: plugins/sudoers/ldap_conf.c:222 plugins/sudoers/ldap_conf.c:312 -#: plugins/sudoers/linux_audit.c:89 plugins/sudoers/logging.c:1088 -#: plugins/sudoers/policy.c:521 plugins/sudoers/policy.c:668 -#: plugins/sudoers/policy.c:678 plugins/sudoers/prompt.c:161 -#: plugins/sudoers/sudoers.c:916 plugins/sudoers/testsudoers.c:249 -#: plugins/sudoers/toke_util.c:169 +#: lib/iolog/iolog_json.c:661 #, c-format -msgid "internal error, %s overflow" -msgstr "sisäinen virhe, %s-ylivuoto" +msgid "json stack exhausted (max %u frames)" +msgstr "json-pino täyttyi (enintään %u kehystä)" -#: lib/iolog/iolog_json.c:607 lib/iolog/iolog_json.c:731 +#: lib/iolog/iolog_json.c:735 +msgid "objects must consist of name:value pairs" +msgstr "objektien on oltava nimi:arvo-pareja" + +#: lib/iolog/iolog_json.c:740 lib/iolog/iolog_json.c:771 +#: lib/iolog/iolog_json.c:815 lib/iolog/iolog_json.c:837 +#: lib/iolog/iolog_json.c:859 lib/iolog/iolog_json.c:881 +#: lib/iolog/iolog_json.c:903 +msgid "missing separator between values" +msgstr "arvojen välinen erotin puuttuu" + +#: lib/iolog/iolog_json.c:755 lib/iolog/iolog_json.c:929 msgid "unmatched close brace" -msgstr "" +msgstr "pariton sulkeva aaltosulje" -#: lib/iolog/iolog_json.c:616 +#: lib/iolog/iolog_json.c:766 msgid "unexpected array" msgstr "odottamaton taulukko" -#: lib/iolog/iolog_json.c:629 lib/iolog/iolog_json.c:733 +#: lib/iolog/iolog_json.c:786 lib/iolog/iolog_json.c:932 msgid "unmatched close bracket" -msgstr "" +msgstr "pariton sulkeva kulmasulje" -#: lib/iolog/iolog_json.c:637 +#: lib/iolog/iolog_json.c:797 msgid "unexpected string" msgstr "odottamaton merkkijono" -#: lib/iolog/iolog_json.c:647 +#: lib/iolog/iolog_json.c:808 msgid "missing colon after name" msgstr "puuttuva kaksoispiste nimen jälkeen" -#: lib/iolog/iolog_json.c:658 lib/iolog/iolog_json.c:673 -#: lib/iolog/iolog_json.c:688 +#: lib/iolog/iolog_json.c:829 lib/iolog/iolog_json.c:851 msgid "unexpected boolean" msgstr "odottamaton totuusarvo" -#: lib/iolog/iolog_json.c:704 +#: lib/iolog/iolog_json.c:873 +msgid "unexpected null" +msgstr "odottamaton null" + +#: lib/iolog/iolog_json.c:894 msgid "unexpected number" msgstr "odottamaton lukuarvo" -# Ensimmäinen parametri on auth name -#: lib/iolog/iolog_json.c:741 -#, fuzzy, c-format -msgid "%s:%u unable to parse \"%s\"" -msgstr "%s: todentamisnimen ’%s’ jäsentäminen epäonnistui: %s" +#: lib/iolog/iolog_json.c:941 +msgid "parse error" +msgstr "jäsennysvirhe" -#: lib/iolog/iolog_util.c:71 +#: lib/iolog/iolog_legacy.c:65 #, c-format msgid "%s: invalid log file" msgstr "%s: virheellinen lokitiedosto" -#: lib/iolog/iolog_util.c:89 +#: lib/iolog/iolog_legacy.c:83 #, c-format msgid "%s: time stamp field is missing" msgstr "%s: aikaleimakenttä puuttuu" -#: lib/iolog/iolog_util.c:95 +#: lib/iolog/iolog_legacy.c:89 #, c-format msgid "%s: time stamp %s: %s" msgstr "%s: aikaleima %s: %s" -#: lib/iolog/iolog_util.c:102 +#: lib/iolog/iolog_legacy.c:96 #, c-format msgid "%s: user field is missing" msgstr "%s: käyttäjäkenttä puuttuu" -#: lib/iolog/iolog_util.c:111 +#: lib/iolog/iolog_legacy.c:107 #, c-format msgid "%s: runas user field is missing" msgstr "%s: suorita käyttäjänä-kenttä puuttuu" -#: lib/iolog/iolog_util.c:120 +#: lib/iolog/iolog_legacy.c:118 #, c-format msgid "%s: runas group field is missing" msgstr "%s: suorita ryhmänä-kenttä puuttuu" -#: lib/iolog/iolog_util.c:419 +#: lib/iolog/iolog_mkdirs.c:89 +#, c-format +msgid "%s exists but is not a directory (0%o)" +msgstr "%s on olemassa, mutta ei ole hakemisto (0%o)" + +#: lib/iolog/iolog_mkdirs.c:119 lib/iolog/iolog_mkdtemp.c:77 +#: logsrvd/iolog_writer.c:807 plugins/sudoers/timestamp.c:205 +#, c-format +msgid "unable to mkdir %s" +msgstr "käskyn mkdir %s suorittaminen epäonnistui" + +#: lib/iolog/iolog_mkdtemp.c:81 plugins/sudoers/visudo.c:731 +#: plugins/sudoers/visudo.c:765 plugins/sudoers/visudo.c:771 +#, c-format +msgid "unable to change mode of %s to 0%o" +msgstr "tilan %s vaihtaminen arvoon 0%o epäonnistui" + +#: lib/iolog/iolog_timing.c:261 #, c-format msgid "error reading timing file: %s" msgstr "virhe luettaessa ajoitustiedostoa: %s" -#: lib/iolog/iolog_util.c:426 +#: lib/iolog/iolog_timing.c:268 #, c-format msgid "invalid timing file line: %s" msgstr "virheellinen ajoitustiedostorivi: %s" -#: logsrvd/eventlog.c:430 plugins/sudoers/logging.c:112 +# Parametri on path, mutta saattaa sisältää suoritettavan ohjelman +#: logsrvd/iolog_writer.c:130 plugins/sudoers/logging.c:803 +#: plugins/sudoers/policy.c:544 +msgid "unable to generate UUID" +msgstr "UUID-tunnusta ei voi luoda" + +#: logsrvd/iolog_writer.c:158 logsrvd/iolog_writer.c:176 +#: logsrvd/iolog_writer.c:185 logsrvd/iolog_writer.c:203 +#: logsrvd/iolog_writer.c:216 logsrvd/iolog_writer.c:229 +#: logsrvd/iolog_writer.c:240 logsrvd/iolog_writer.c:247 +#: logsrvd/iolog_writer.c:265 logsrvd/iolog_writer.c:272 +#: logsrvd/iolog_writer.c:290 logsrvd/iolog_writer.c:305 +#: logsrvd/iolog_writer.c:318 logsrvd/iolog_writer.c:331 +#: logsrvd/iolog_writer.c:344 logsrvd/iolog_writer.c:359 #, c-format -msgid "%8s : %s" -msgstr "%8s : %s" +msgid "%s: protocol error: wrong type for %s" +msgstr "%s: protokollavirhe: väärä tyyppi %s:lle" -#: logsrvd/eventlog.c:459 plugins/sudoers/logging.c:136 +#: logsrvd/iolog_writer.c:370 logsrvd/iolog_writer.c:375 +#: logsrvd/iolog_writer.c:380 logsrvd/iolog_writer.c:385 #, c-format -msgid "%8s : (command continued) %s" -msgstr "%8s: (komento jatkui) %s" +msgid "%s: protocol error: %s missing from AcceptMessage" +msgstr "%s: protokollavirhe: %s puuttuu AcceptMessagesta" -#: logsrvd/iolog_writer.c:936 -msgid "log is already complete, cannot be restarted" -msgstr "loki on jo valmis, ei voi aloittaa uudelleen" +#: logsrvd/iolog_writer.c:446 +#, c-format +msgid "%s: unable to format session id" +msgstr "%s: istuntotunnusta ei voi muotoilla" -#: logsrvd/iolog_writer.c:967 -msgid "unable to restart log" -msgstr "lokia ei voi aloittaa uudelleen" +#: logsrvd/iolog_writer.c:460 logsrvd/iolog_writer.c:474 +#: logsrvd/iolog_writer.c:488 logsrvd/iolog_writer.c:503 +#: logsrvd/iolog_writer.c:517 logsrvd/iolog_writer.c:531 +#, c-format +msgid "%s: %s is not set" +msgstr "%s: %s on asettamatta" + +#: logsrvd/iolog_writer.c:567 logsrvd/iolog_writer.c:574 +#, fuzzy, c-format +#| msgid "unable to open log file: %s" +msgid "unable to expand iolog path %s" +msgstr "lokitiedoston avaaminen epäonnistui: %s" + +# Parametrina on pathbuf +#: logsrvd/iolog_writer.c:592 +#, fuzzy, c-format +#| msgid "unable to create %s/%s" +msgid "unable to create iolog path %s" +msgstr "tiedostoa %s/%s ei voida luoda" + +#: logsrvd/iolog_writer.c:622 +#, c-format +msgid "invalid iofd %d" +msgstr "virheellinen iofd %d" + +#: logsrvd/iolog_writer.c:642 +#, c-format +msgid "error closing iofd %d: %s" +msgstr "virhe suljettaessa iofd:tä %d: %s" + +#: logsrvd/iolog_writer.c:662 +#, c-format +msgid "error flushing iofd %d: %s" +msgstr "virhe huuhdeltaessa iofd:tä %d: %s" + +# Toiseksi viimeinen %s on esim. ""Host_Alias" ja viimeinen sen nimi. +#: logsrvd/iolog_writer.c:777 +#, fuzzy, c-format +#| msgid "Warning: %s:%d:%d: %s \"%s\" referenced but not defined" +msgid "invalid I/O log %s: %s referenced but not present" +msgstr "Varoitus: %s:%d:%d määrittelemätön %s ”%s” viitattuna mutta määrittelemättä" + +#: logsrvd/iolog_writer.c:789 logsrvd/logsrvd_journal.c:377 +#, fuzzy, c-format +#| msgid "unable to find resume point [%lld, %ld] in %s/%s" +msgid "%s: unable to find resume point [%lld, %ld]" +msgstr "jatkopistettä [%lld, %ld] ei löydy tiedostosta %s/%s" + +# Avaamisen kohde voi olla timestamp file, sudoers file tai pathbuf +#: logsrvd/iolog_writer.c:811 logsrvd/logsrvd_journal.c:420 +#: logsrvd/logsrvd_queue.c:110 logsrvd/tls_init.c:245 +#: plugins/sudoers/check.c:274 plugins/sudoers/cvtsudoers.c:727 +#: plugins/sudoers/cvtsudoers.c:748 plugins/sudoers/cvtsudoers.c:1439 +#: plugins/sudoers/cvtsudoers_csv.c:681 plugins/sudoers/cvtsudoers_json.c:885 +#: plugins/sudoers/cvtsudoers_ldif.c:697 plugins/sudoers/sudoers.c:1092 +#: plugins/sudoers/sudoreplay.c:1466 plugins/sudoers/timestamp.c:433 +#: plugins/sudoers/tsdump.c:128 plugins/sudoers/visudo.c:949 +#, c-format +msgid "unable to open %s" +msgstr "kohteen %s avaaminen epäonnistui" # Avaamisen kohde voi olla timestamp file, sudoers file tai pathbuf -#: logsrvd/logsrv_util.c:98 logsrvd/logsrv_util.c:105 -#: plugins/sudoers/sudoreplay.c:353 plugins/sudoers/sudoreplay.c:359 +#: logsrvd/iolog_writer.c:823 logsrvd/logsrv_util.c:100 +#: logsrvd/logsrv_util.c:107 plugins/sudoers/sudoreplay.c:362 +#: plugins/sudoers/sudoreplay.c:368 #, c-format msgid "unable to open %s/%s" msgstr "ei voi avata tiedostoa %s/%s" -#: logsrvd/logsrv_util.c:132 +#: logsrvd/iolog_writer.c:836 +#, fuzzy, c-format +#| msgid "unable to read %s/%s: %s" +msgid "unable to copy %s/%s to %s/%s: %s" +msgstr "tiedostosta %s/%s lukeminen epäonnistui: %s" + +# Parametrina on pathbuf +#: logsrvd/iolog_writer.c:865 logsrvd/logsrvd_journal.c:185 +#, fuzzy, c-format +#| msgid "unable to create %s/%s" +msgid "unable to rename %s to %s" +msgstr "tiedostoa %s/%s ei voida luoda" + +#: logsrvd/logsrv_util.c:139 logsrvd/logsrv_util.c:168 +#, c-format +msgid "%s/%s: unable to find resume point [%lld, %ld]" +msgstr "%s/%s: jatkopistettä [%lld, %ld] ei löydy" + +#: logsrvd/logsrv_util.c:151 #, c-format msgid "missing I/O log file %s/%s" msgstr "puuttuva siirräntälokitiedosto %s/%s" # Ensimmäinen parametri on auth name -#: logsrvd/logsrv_util.c:139 -#, fuzzy, c-format +#: logsrvd/logsrv_util.c:158 +#, c-format msgid "%s/%s: unable to seek forward %zu" -msgstr "%s: todentamisnimen ’%s’ jäsentäminen epäonnistui: %s" +msgstr "%s/%s: siirtyminen %zu tavua eteenpäin epäonnistui" -# parametrina on path -#: logsrvd/logsrv_util.c:149 +#: logsrvd/logsrvd.c:266 logsrvd/logsrvd_queue.c:130 +#, fuzzy +#| msgid "unable to connect to relay host" +msgid "unable to connect to relay" +msgstr "yhteyden muodostaminen välitinkoneeseen ei onnistu" + +#: logsrvd/logsrvd.c:325 logsrvd/logsrvd_relay.c:835 +#, c-format +msgid "server message too large: %zu" +msgstr "palvelinsanoma on liian suuri: %zu" + +#: logsrvd/logsrvd.c:417 logsrvd/logsrvd.c:534 logsrvd/logsrvd.c:613 +#: logsrvd/logsrvd.c:837 logsrvd/logsrvd.c:851 logsrvd/logsrvd.c:1010 +#: logsrvd/logsrvd.c:1134 logsrvd/logsrvd.c:1307 logsrvd/logsrvd.c:1325 +#: logsrvd/logsrvd.c:1423 logsrvd/logsrvd.c:1546 logsrvd/logsrvd.c:1730 +#: logsrvd/logsrvd_journal.c:489 logsrvd/logsrvd_local.c:197 +#: logsrvd/logsrvd_queue.c:159 logsrvd/logsrvd_relay.c:167 +#: logsrvd/logsrvd_relay.c:244 logsrvd/logsrvd_relay.c:248 +#: logsrvd/logsrvd_relay.c:384 logsrvd/logsrvd_relay.c:576 +#: logsrvd/logsrvd_relay.c:737 logsrvd/logsrvd_relay.c:1121 +#: logsrvd/sendlog.c:1316 logsrvd/tls_client.c:131 logsrvd/tls_client.c:147 +#: logsrvd/tls_client.c:209 plugins/sudoers/audit.c:276 +#: plugins/sudoers/iolog.c:963 plugins/sudoers/iolog.c:1096 +#: plugins/sudoers/iolog.c:1194 plugins/sudoers/log_client.c:116 +#: plugins/sudoers/log_client.c:332 plugins/sudoers/log_client.c:348 +#: plugins/sudoers/log_client.c:395 plugins/sudoers/log_client.c:599 +#: plugins/sudoers/log_client.c:606 plugins/sudoers/log_client.c:1131 +#: plugins/sudoers/log_client.c:1413 plugins/sudoers/log_client.c:1454 +#: plugins/sudoers/log_client.c:1462 plugins/sudoers/log_client.c:1618 +#: plugins/sudoers/log_client.c:1734 plugins/sudoers/log_client.c:2054 +#: plugins/sudoers/log_client.c:2062 plugins/sudoers/logging.c:142 +#: plugins/sudoers/logging.c:198 plugins/sudoers/sudoreplay.c:522 +#: plugins/sudoers/sudoreplay.c:569 plugins/sudoers/sudoreplay.c:811 +#: plugins/sudoers/sudoreplay.c:923 plugins/sudoers/sudoreplay.c:1014 +#: plugins/sudoers/sudoreplay.c:1029 plugins/sudoers/sudoreplay.c:1036 +#: plugins/sudoers/sudoreplay.c:1043 plugins/sudoers/sudoreplay.c:1050 +#: plugins/sudoers/sudoreplay.c:1057 plugins/sudoers/sudoreplay.c:1184 +msgid "unable to add event to queue" +msgstr "tapahtuman lisääminen jonoon epäonnistui" + +#: logsrvd/logsrvd.c:441 logsrvd/logsrvd.c:478 logsrvd/logsrvd.c:510 +#: logsrvd/logsrvd.c:558 logsrvd/logsrvd.c:630 logsrvd/logsrvd.c:660 +#: logsrvd/logsrvd.c:690 logsrvd/logsrvd.c:720 logsrvd/logsrvd_relay.c:505 +#: logsrvd/logsrvd_relay.c:538 #, fuzzy, c-format -msgid "unable to find resume point [%lld, %ld] in %s/%s" -msgstr "symbolin ”%s” löytäminen polusta %s epäonnistui" +#| msgid "%s: unexpected state %d" +msgid "unexpected state %d for %s" +msgstr "%s: odottamaton tila %d" -#: logsrvd/logsrvd.c:230 logsrvd/logsrvd.c:299 logsrvd/logsrvd.c:343 -#: logsrvd/logsrvd.c:398 logsrvd/logsrvd.c:445 logsrvd/logsrvd.c:496 -#: logsrvd/logsrvd.c:528 logsrvd/logsrvd.c:560 +#: logsrvd/logsrvd.c:442 logsrvd/logsrvd.c:479 logsrvd/logsrvd.c:511 +#: logsrvd/logsrvd.c:559 logsrvd/logsrvd.c:631 logsrvd/logsrvd.c:661 +#: logsrvd/logsrvd.c:691 logsrvd/logsrvd.c:721 logsrvd/logsrvd_relay.c:507 +#: logsrvd/logsrvd_relay.c:540 msgid "state machine error" msgstr "tilakoneen virhe" -#: logsrvd/logsrvd.c:239 +#: logsrvd/logsrvd.c:448 logsrvd/logsrvd.c:449 msgid "invalid AcceptMessage" msgstr "virheellinen AcceptMessage" -#: logsrvd/logsrvd.c:250 -msgid "error parsing AcceptMessage" -msgstr "virhe jäsennettäessä AcceptMessagea" - -#: logsrvd/logsrvd.c:257 -msgid "error creating I/O log" -msgstr "virhe luotaessa siirräntälokia" - -#: logsrvd/logsrvd.c:265 -msgid "error logging accept event" -msgstr "virhe hyväksymistapahtuman lokiin kirjaamisessa" - -#: logsrvd/logsrvd.c:308 +#: logsrvd/logsrvd.c:485 logsrvd/logsrvd.c:486 msgid "invalid RejectMessage" msgstr "virheellinen RejectMessage" -#: logsrvd/logsrvd.c:319 -msgid "error parsing RejectMessage" -msgstr "virhe jäsennettäessä RejectMessagea" - -#: logsrvd/logsrvd.c:325 -msgid "error logging reject event" -msgstr "virhe hylkäystapahtuman lokiin kirjaamisessa" +#: logsrvd/logsrvd.c:593 logsrvd/logsrvd.c:594 +msgid "invalid AlertMessage" +msgstr "virheellinen AlertMessage" -#: logsrvd/logsrvd.c:430 -msgid "error logging alert event" -msgstr "virhe hälytystapahtuman lokiin kirjaamisessa" +#: logsrvd/logsrvd.c:635 logsrvd/logsrvd.c:665 logsrvd/logsrvd.c:695 +#, c-format +msgid "%s: unexpected IoBuffer" +msgstr "%s: odottamaton IoBuffer" -#: logsrvd/logsrvd.c:451 logsrvd/logsrvd.c:502 logsrvd/logsrvd.c:534 +#: logsrvd/logsrvd.c:636 logsrvd/logsrvd.c:666 logsrvd/logsrvd.c:696 msgid "protocol error" msgstr "protokollavirhe" -#: logsrvd/logsrvd.c:461 -msgid "error writing IoBuffer" -msgstr "virhe kirjoitettaessa IoBufferia" - -#: logsrvd/logsrvd.c:513 -msgid "error writing ChangeWindowSize" -msgstr "virhe kirjoitettaessa ChangeWindowSizeä" - -#: logsrvd/logsrvd.c:545 -msgid "error writing CommandSuspend" -msgstr "virhe kirjoitettaessa CommandSuspendia" +#: logsrvd/logsrvd.c:791 logsrvd/logsrvd_journal.c:357 +#: logsrvd/logsrvd_local.c:125 logsrvd/logsrvd_relay.c:671 +#, fuzzy, c-format +#| msgid "%s: unexpected type_case value %d" +msgid "unexpected type_case value %d in %s from %s" +msgstr "%s: odottamaton type_case-arvo %d" -#: logsrvd/logsrvd.c:630 +#: logsrvd/logsrvd.c:793 msgid "unrecognized ClientMessage type" msgstr "tunnistamaton ClientMessage-tyyppi" -#: logsrvd/logsrvd.c:895 -msgid "client message too large" -msgstr "asiakassanoma on liian suuri" - -#: logsrvd/logsrvd.c:1125 logsrvd/logsrvd.c:1133 -#, fuzzy, c-format -msgid "unable to set TLS 1.2 ciphersuite to %s: %s" -msgstr "komennon %s suorittaminen epäonnistui: %s" - -#: logsrvd/logsrvd.c:1153 logsrvd/logsrvd.c:1161 -#, fuzzy, c-format -msgid "unable to set TLS 1.3 ciphersuite to %s: %s" -msgstr "komennon %s suorittaminen epäonnistui: %s" - -#: logsrvd/logsrvd.c:1197 -#, fuzzy, c-format -msgid "unable to get TLS server method: %s" -msgstr "tietokoneen %s ratkaiseminen epäonnistui" +#: logsrvd/logsrvd.c:883 +#, c-format +msgid "timed out writing to client %s" +msgstr "aikakatkaisu kirjoitettaessa asiakkaalle %s" -#: logsrvd/logsrvd.c:1202 +#: logsrvd/logsrvd.c:888 logsrvd/logsrvd_relay.c:907 logsrvd/sendlog.c:1420 #, fuzzy, c-format -msgid "unable to create TLS context: %s" -msgstr "Ssl-kontekstia ei voi alustaa: %s" +#| msgid "missing write buffer" +msgid "missing write buffer for client %s" +msgstr "puuttuva kirjoituspuskuri" -#: logsrvd/logsrvd.c:1209 plugins/sudoers/iolog_client.c:237 +#: logsrvd/logsrvd.c:981 #, fuzzy, c-format -msgid "unable to load certificate %s" -msgstr "kohteen %s lataaminen epäonnistui: %s" +#| msgid "timeout reading from relay" +msgid "timed out reading from client %s" +msgstr "aikakatkaisu luettaessa välittimeltä" -#: logsrvd/logsrvd.c:1222 plugins/sudoers/iolog_client.c:217 -#, fuzzy, c-format -msgid "unable to load certificate authority bundle %s" -msgstr "Varmennetta ei voi ladata ssl-kontekstiin: %s" - -#: logsrvd/logsrvd.c:1267 plugins/sudoers/iolog_client.c:250 +#: logsrvd/logsrvd.c:1022 logsrvd/logsrvd_relay.c:771 #, c-format -msgid "unable to load private key %s" -msgstr "yksityistä avainta %s ei voi ladata" +msgid "EOF from %s without proper TLS shutdown" +msgstr "" -#: logsrvd/logsrvd.c:1284 logsrvd/logsrvd.c:1293 +#: logsrvd/logsrvd.c:1065 logsrvd/logsrvd_relay.c:200 logsrvd/sendlog.c:317 +#: plugins/sudoers/log_client.c:709 #, c-format -msgid "unable to set diffie-hellman parameters: %s" -msgstr "diffie-hellman-parametreja ei voi asettaa: %s" +msgid "client message too large: %zu" +msgstr "asiakassanoma on liian suuri: %zu" -#: logsrvd/logsrvd.c:1306 -#, c-format -msgid "unable to set minimum protocol version to TLS 1.2: %s" -msgstr "protokollaversion vähimmäisversiota ei voi asettaa TLS 1.2:ksi: %s" +#: logsrvd/logsrvd.c:1066 logsrvd/logsrvd_journal.c:246 +#: logsrvd/logsrvd_journal.c:247 +msgid "client message too large" +msgstr "asiakassanoma on liian suuri" -#: logsrvd/logsrvd.c:1491 -#, fuzzy +#: logsrvd/logsrvd.c:1084 logsrvd/logsrvd.c:1085 +msgid "invalid ClientMessage" +msgstr "virheellinen ClientMessage" + +#: logsrvd/logsrvd.c:1386 msgid "unable to get remote IP addr" -msgstr "vaihtaminen root gid -tunnisteeksi epäonnistui" +msgstr "vastapään IP-osoitteen noutaminen ei onnistu" -#: logsrvd/logsrvd.c:1519 plugins/sudoers/iolog_client.c:264 +#: logsrvd/logsrvd.c:1415 logsrvd/tls_client.c:196 +#: plugins/sudoers/log_client.c:270 #, c-format msgid "Unable to attach user data to the ssl object: %s" msgstr "Käyttäjätietoja ei voi liittää ssl-objektiin: %s" -#: logsrvd/logsrvd.c:1527 logsrvd/logsrvd.c:1649 logsrvd/logsrvd.c:1749 -#: logsrvd/sendlog.c:1106 logsrvd/sendlog.c:1462 logsrvd/sendlog.c:1477 -#: logsrvd/sendlog.c:1535 plugins/sudoers/iolog.c:921 -#: plugins/sudoers/iolog.c:1054 plugins/sudoers/iolog.c:1152 -#: plugins/sudoers/iolog_client.c:109 plugins/sudoers/iolog_client.c:325 -#: plugins/sudoers/iolog_client.c:341 plugins/sudoers/iolog_client.c:387 -#: plugins/sudoers/iolog_client.c:567 plugins/sudoers/iolog_client.c:574 -#: plugins/sudoers/iolog_client.c:1150 plugins/sudoers/iolog_client.c:1186 -#: plugins/sudoers/iolog_client.c:1194 plugins/sudoers/iolog_client.c:1254 -#: plugins/sudoers/iolog_client.c:1361 plugins/sudoers/iolog_client.c:1477 -#: plugins/sudoers/iolog_client.c:1759 plugins/sudoers/iolog_client.c:1767 -#: plugins/sudoers/sudoreplay.c:513 plugins/sudoers/sudoreplay.c:560 -#: plugins/sudoers/sudoreplay.c:792 plugins/sudoers/sudoreplay.c:904 -#: plugins/sudoers/sudoreplay.c:994 plugins/sudoers/sudoreplay.c:1009 -#: plugins/sudoers/sudoreplay.c:1016 plugins/sudoers/sudoreplay.c:1023 -#: plugins/sudoers/sudoreplay.c:1030 plugins/sudoers/sudoreplay.c:1037 -#: plugins/sudoers/sudoreplay.c:1164 -msgid "unable to add event to queue" -msgstr "tapahtuman lisääminen jonoon epäonnistui" +#: logsrvd/logsrvd.c:1596 logsrvd/logsrvd.c:1949 +msgid "unable to setup listen socket" +msgstr "kuuntelusoketin valmistelu epäonnistui" -#: logsrvd/logsrvd.c:1703 logsrvd/logsrvd.c:1937 -#, fuzzy -msgid "unable setup listen socket" -msgstr "asetustodentaminen epäonnistui" - -#: logsrvd/logsrvd.c:1843 logsrvd/sendlog.c:123 +#: logsrvd/logsrvd.c:1713 #, c-format -msgid "" -"%s - send sudo I/O log to remote server\n" -"\n" -msgstr "" -"%s - lähetä sudon siirräntäloki etäpalvelimelle\n" -"\n" +msgid "unexpected signal %d" +msgstr "odottamaton signaali %d" -#: logsrvd/logsrvd.c:1846 -msgid "" -"\n" -"Options:\n" -" -f, --file path to configuration file\n" -" -h --help display help message and exit\n" -" -n, --no-fork do not fork, run in the foreground\n" -" -R, --random-drop percent chance connections will drop\n" -" -V, --version display version information and exit\n" -msgstr "" -"\n" -"Valitsimet:\n" -" -f, --file asetustiedoston polku\n" -" -h, --help näytä opaste ja poistu\n" -" -n, --no-fork älä haarauta, vaan suorita edustalla\n" -" -R, --random-drop yhteyden katkeamisen todennäköisyys-%\n" -" -V, --version näytä versiotiedot ja poistu\n" +#: logsrvd/logsrvd.c:1851 +msgid "sudo log server" +msgstr "sudo-lokipalvelin" + +#: logsrvd/logsrvd.c:1853 logsrvd/sendlog.c:116 +msgid "Options:" +msgstr "Valitsimet:" + +#: logsrvd/logsrvd.c:1855 +msgid "path to configuration file" +msgstr "asetustiedoston polku" + +#: logsrvd/logsrvd.c:1857 logsrvd/sendlog.c:118 +msgid "display help message and exit" +msgstr "näytä opasteviesti ja poistu" + +#: logsrvd/logsrvd.c:1859 +msgid "do not fork, run in the foreground" +msgstr "älä haarauta, vaan suorita edustalla" + +#: logsrvd/logsrvd.c:1861 +msgid "percent chance connections will drop" +msgstr "prosentin mahdollisuus yhteyksien katkeamiseen" -#: logsrvd/logsrvd.c:1898 logsrvd/sendlog.c:1700 +#: logsrvd/logsrvd.c:1863 logsrvd/sendlog.c:148 +msgid "display version information and exit" +msgstr "näytä versiotiedot ja poistu" + +#: logsrvd/logsrvd.c:1913 logsrvd/sendlog.c:1725 msgid "Protobuf-C version 1.3 or higher required" msgstr "Protobuf-C:n versio 1.3 tai uudempi vaaditaan" -#: logsrvd/logsrvd.c:1916 +#: logsrvd/logsrvd.c:1929 #, c-format msgid "invalid random drop value: %s" msgstr "virheellinen satunnaispudotusarvo: %s" -#: logsrvd/logsrvd.c:1920 logsrvd/sendlog.c:1750 -#: plugins/sudoers/cvtsudoers.c:229 plugins/sudoers/sudoreplay.c:300 -#: plugins/sudoers/visudo.c:178 +#: logsrvd/logsrvd.c:1932 logsrvd/sendlog.c:1779 +#: plugins/sudoers/cvtsudoers.c:246 plugins/sudoers/sudoreplay.c:301 +#: plugins/sudoers/visudo.c:177 #, c-format msgid "%s version %s\n" msgstr "%s versio %s\n" -#: logsrvd/logsrvd_conf.c:393 +#: logsrvd/logsrvd_conf.c:390 plugins/sudoers/check.c:336 +#: plugins/sudoers/exptilde.c:85 plugins/sudoers/iolog.c:118 +#: plugins/sudoers/policy.c:1214 plugins/sudoers/sudoers.c:486 +#: plugins/sudoers/sudoers.c:1347 plugins/sudoers/testsudoers.c:215 +#: plugins/sudoers/testsudoers.c:382 +#, c-format +msgid "unknown user %s" +msgstr "tuntematon käyttäjä %s" + +#: logsrvd/logsrvd_conf.c:407 plugins/sudoers/iolog.c:143 +#: plugins/sudoers/sudoers.c:491 plugins/sudoers/sudoers.c:1381 +#: plugins/sudoers/testsudoers.c:406 +#, c-format +msgid "unknown group %s" +msgstr "tuntematon ryhmä %s" + +#: logsrvd/logsrvd_conf.c:425 +#, fuzzy, c-format +#| msgid "unable to parse gids for %s" +msgid "unable to parse iolog mode %s" +msgstr "%s-käyttäjän ryhmä-id:iden jäsentäminen epäonnistui" + +#: logsrvd/logsrvd_conf.c:442 logsrvd/logsrvd_conf.c:1171 +#, c-format +msgid "invalid value for %s: %s" +msgstr "virheellinen %s-arvo: %s" + +#: logsrvd/logsrvd_conf.c:481 msgid "TLS not supported" msgstr "TLS ei ole tuettu" -#: logsrvd/logsrvd_conf.c:405 +#: logsrvd/logsrvd_conf.c:503 #, c-format msgid "%s:%s" msgstr "%s:%s" -#: logsrvd/logsrvd_conf.c:471 logsrvd/logsrvd_conf.c:715 +#: logsrvd/logsrvd_conf.c:576 logsrvd/logsrvd_conf.c:970 #, c-format msgid "%s: not a fully qualified path" msgstr "%s: ei ole täydellinen polku" +#: logsrvd/logsrvd_conf.c:888 logsrvd/logsrvd_conf.c:904 +#: logsrvd/logsrvd_conf.c:1586 +#, c-format +msgid "unknown syslog facility %s" +msgstr "tuntematon syslog-lähde %s" + +#: logsrvd/logsrvd_conf.c:920 logsrvd/logsrvd_conf.c:936 +#: logsrvd/logsrvd_conf.c:952 logsrvd/logsrvd_conf.c:1590 +#: logsrvd/logsrvd_conf.c:1594 logsrvd/logsrvd_conf.c:1598 +#, c-format +msgid "unknown syslog priority %s" +msgstr "tuntematon syslog-prioriteetti %s" + # Ensimmäinen parametri on auth name -#: logsrvd/logsrvd_conf.c:829 +#: logsrvd/logsrvd_conf.c:1132 #, c-format msgid "%s:%d unmatched '[': %s" msgstr "%s:%d täsmäämätön ”[”: %s" -#: logsrvd/logsrvd_conf.c:840 -#, fuzzy, c-format +#: logsrvd/logsrvd_conf.c:1143 +#, c-format msgid "%s:%d invalid config section: %s" -msgstr "virheellinen suodatinvalitsin: %s" +msgstr "%s:%d: virheellinen asetusosio: %s" -#: logsrvd/logsrvd_conf.c:848 -#, fuzzy, c-format +#: logsrvd/logsrvd_conf.c:1151 +#, c-format msgid "%s:%d invalid configuration line: %s" -msgstr "virheellinen ajoitustiedostorivi: %s" +msgstr "%s:%d virheellinen asetusrivi: %s" -#: logsrvd/logsrvd_conf.c:854 +#: logsrvd/logsrvd_conf.c:1157 #, c-format msgid "%s:%d expected section name: %s" -msgstr "" +msgstr "%s:%d odotettiin osion nimeä: %s" -#: logsrvd/logsrvd_conf.c:868 +#: logsrvd/logsrvd_conf.c:1179 #, c-format -msgid "invalid value for %s: %s" -msgstr "virheellinen %s-arvo: %s" +msgid "%s:%d [%s] illegal key: %s" +msgstr "%s:%d [%s] virheellinen avain: %s" + +#: logsrvd/logsrvd_conf.c:1209 plugins/sudoers/cvtsudoers.c:268 +#: plugins/sudoers/logging.c:856 +#, c-format +msgid "unable to open log file %s" +msgstr "lokitiedoston %s avaaminen epäonnistui" + +#: logsrvd/logsrvd_conf.c:1666 +msgid "unable to initialize server TLS context" +msgstr "TLS-kontekstia ei voi alustaa: %s" -#: logsrvd/logsrvd_conf.c:876 +#: logsrvd/logsrvd_conf.c:1686 +msgid "unable to initialize relay TLS context" +msgstr "välittimen TLS-kontekstia ei voi alustaa" + +#: logsrvd/logsrvd_journal.c:136 logsrvd/logsrvd_journal.c:416 +#: logsrvd/logsrvd_journal.c:421 +msgid "unable to create journal file" +msgstr "kirjanpitotiedostoa ei voi luoda" + +# Avaamisen kohde voi olla timestamp file, sudoers file tai pathbuf +#: logsrvd/logsrvd_journal.c:140 logsrvd/logsrvd_queue.c:104 +#: plugins/sudoers/visudo.c:1007 #, c-format -msgid "%s:%d unknown key: %s" -msgstr "%s:%d tuntematon avain: %s" +msgid "unable to lock %s" +msgstr "kohteen %s lukitseminen epäonnistui" + +#: logsrvd/logsrvd_journal.c:143 +msgid "unable to lock journal file" +msgstr "kirjanpitotiedostoa ei voi lukita" + +#: logsrvd/logsrvd_journal.c:151 +msgid "unable to open journal file" +msgstr "kirjauskansiotiedostoa ei voi avata" + +#: logsrvd/logsrvd_journal.c:172 logsrvd/logsrvd_journal.c:452 +#: logsrvd/logsrvd_journal.c:457 +msgid "unable to write journal file" +msgstr "kirjauskansiotiedostoa ei voi kirjoittaa" + +#: logsrvd/logsrvd_journal.c:180 logsrvd/logsrvd_journal.c:187 +msgid "unable to rename journal file" +msgstr "kirjauskansiotiedostoa ei voi nimetä uudelleen" + +#: logsrvd/logsrvd_journal.c:234 logsrvd/logsrvd_journal.c:235 +#: logsrvd/logsrvd_journal.c:269 logsrvd/logsrvd_journal.c:270 +msgid "unexpected EOF reading journal file" +msgstr "odottamaton tiedoston loppu luettaessa kirjanpitotiedostoa" + +#: logsrvd/logsrvd_journal.c:238 logsrvd/logsrvd_journal.c:239 +#: logsrvd/logsrvd_journal.c:273 logsrvd/logsrvd_journal.c:274 +msgid "error reading journal file" +msgstr "virhe luettaessa kirjanpitotiedostoa" + +#: logsrvd/logsrvd_journal.c:285 logsrvd/logsrvd_journal.c:376 +msgid "invalid journal file, unable to restart" +msgstr "virheellinen kirjanpitotiedosto, ei voida käynnistää uudelleen" + +#: logsrvd/logsrvd_journal.c:435 +#, fuzzy, c-format +#| msgid "unable to find resume point [%lld, %ld] in %s/%s" +msgid "unable to seek to [%lld, %ld] in journal file %s" +msgstr "jatkopistettä [%lld, %ld] ei löydy tiedostosta %s/%s" + +#: logsrvd/logsrvd_local.c:153 +msgid "error parsing AcceptMessage" +msgstr "virhe jäsennettäessä AcceptMessagea" + +#: logsrvd/logsrvd_local.c:164 +msgid "error creating I/O log" +msgstr "virhe luotaessa siirräntälokia" -#: logsrvd/logsrvd_conf.c:1032 +#: logsrvd/logsrvd_local.c:187 +msgid "error logging accept event" +msgstr "virhe hyväksymistapahtuman lokiin kirjaamisessa" + +#: logsrvd/logsrvd_local.c:226 +msgid "error parsing RejectMessage" +msgstr "virhe jäsennettäessä RejectMessagea" + +#: logsrvd/logsrvd_local.c:250 +msgid "error logging reject event" +msgstr "virhe hylkäystapahtuman lokiin kirjaamisessa" + +#: logsrvd/logsrvd_local.c:386 logsrvd/logsrvd_local.c:394 +msgid "error logging exit event" +msgstr "virhe kirjattaessa poistumistapahtumaa" + +#: logsrvd/logsrvd_local.c:451 logsrvd/logsrvd_local.c:452 +msgid "log is already complete, cannot be restarted" +msgstr "loki on jo valmis, ei voi aloittaa uudelleen" + +#: logsrvd/logsrvd_local.c:482 +msgid "unable to restart log" +msgstr "lokia ei voi aloittaa uudelleen" + +#: logsrvd/logsrvd_local.c:498 +msgid "error parsing AlertMessage" +msgstr "virhe jäsennettäessä AlertMessagea" + +#: logsrvd/logsrvd_local.c:508 +msgid "error logging alert event" +msgstr "virhe hälytystapahtuman lokiin kirjaamisessa" + +#: logsrvd/logsrvd_local.c:543 logsrvd/logsrvd_local.c:596 +#: logsrvd/logsrvd_local.c:631 #, fuzzy, c-format -msgid "unknown syslog facility %s" -msgstr "tuntematon kirjautumisluokka: %s" +#| msgid "unable to format timestamp" +msgid "unable to format timing buffer, length %d" +msgstr "aikaleiman muotoileminen epäonnistui" -#: logsrvd/logsrvd_conf.c:1036 logsrvd/logsrvd_conf.c:1040 -#: logsrvd/logsrvd_conf.c:1044 +#: logsrvd/logsrvd_local.c:550 logsrvd/logsrvd_local.c:558 +#: logsrvd/logsrvd_local.c:603 logsrvd/logsrvd_local.c:638 +#: plugins/sudoers/sudoreplay.c:351 #, c-format -msgid "unknown syslog priority %s" -msgstr "tuntematon syslog-prioriteetti %s" +msgid "%s/%s: %s" +msgstr "%s/%s: %s" -#: logsrvd/sendlog.c:126 -msgid "" -"\n" -"Options:\n" -" --help display help message and exit\n" -" -A, --accept only send an accept event (no I/O)\n" -" -h, --host host to send logs to\n" -" -i, --iolog_id remote ID of I/O log to be resumed\n" -" -p, --port port to use when connecting to host\n" -" -r, --restart restart previous I/O log transfer\n" -" -R, --reject reject the command with the given reason\n" -" -b, --ca-bundle certificate bundle file to verify server's cert against\n" -" -c, --cert certificate file for TLS handshake\n" -" -k, --key private key file\n" -" -n, --no-verify do not verify server certificate\n" -" -t, --test test audit server by sending selected I/O log n times in parallel\n" -" -V, --version display version information and exit\n" -msgstr "" +#: logsrvd/logsrvd_local.c:578 +msgid "error writing IoBuffer" +msgstr "virhe kirjoitettaessa IoBufferia" + +#: logsrvd/logsrvd_local.c:613 +msgid "error writing ChangeWindowSize" +msgstr "virhe kirjoitettaessa ChangeWindowSizeä" + +#: logsrvd/logsrvd_local.c:648 +msgid "error writing CommandSuspend" +msgstr "virhe kirjoitettaessa CommandSuspendia" + +#: logsrvd/logsrvd_relay.c:430 +msgid "TLS handshake with relay host failed" +msgstr "TLS-kättely välitinkoneen kanssa epäonnistui" -#: logsrvd/sendlog.c:163 plugins/sudoers/iolog_client.c:433 +#: logsrvd/logsrvd_relay.c:458 +msgid "unable to connect to relay host" +msgstr "yhteyden muodostaminen välitinkoneeseen ei onnistu" + +#: logsrvd/logsrvd_relay.c:513 +#, c-format +msgid "%s: invalid ServerHello, missing server_id" +msgstr "%s: virheellinen ServerHello, puuttuva server_id" + +#: logsrvd/logsrvd_relay.c:515 logsrvd/sendlog.c:1121 +#: plugins/sudoers/log_client.c:1497 +msgid "invalid ServerHello" +msgstr "virheellinen ServerHello" + +#: logsrvd/logsrvd_relay.c:674 +msgid "unrecognized ServerMessage type" +msgstr "tunnistamaton ServerMessage-tyyppi" + +#: logsrvd/logsrvd_relay.c:703 #, fuzzy, c-format -msgid "unable to look up %s:%s: %s" -msgstr "kohteen %s lataaminen epäonnistui: %s" +#| msgid "timeout reading from relay" +msgid "timed out reading from relay %s (%s)" +msgstr "aikakatkaisu luettaessa välittimeltä" -#: logsrvd/sendlog.c:186 -#, fuzzy -msgid "unable to get server IP addr" -msgstr "vaihtaminen root gid -tunnisteeksi epäonnistui" +#: logsrvd/logsrvd_relay.c:705 +msgid "timeout reading from relay" +msgstr "aikakatkaisu luettaessa välittimeltä" + +#: logsrvd/logsrvd_relay.c:757 +msgid "relay host name does not match certificate" +msgstr "välitinkoneen nimi ei vastaa sertifikaattia" + +#: logsrvd/logsrvd_relay.c:763 logsrvd/logsrvd_relay.c:776 +#: logsrvd/logsrvd_relay.c:782 +msgid "error reading from relay" +msgstr "virhe luettaessa välittimeltä" + +#: logsrvd/logsrvd_relay.c:803 +msgid "unable to read from relay" +msgstr "ei voi lukea välittimeltä" + +#: logsrvd/logsrvd_relay.c:818 logsrvd/logsrvd_relay.c:936 +msgid "relay server closed connection" +msgstr "välitinpalvelin sulki yhteyden" + +#: logsrvd/logsrvd_relay.c:836 +msgid "server message too large" +msgstr "palvelinsanoma on liian suuri" -#: logsrvd/sendlog.c:240 plugins/sudoers/sudoreplay.c:852 +#: logsrvd/logsrvd_relay.c:900 #, fuzzy, c-format -msgid "unable to read %s/%s: %s" -msgstr "kohteen %s lataaminen epäonnistui: %s" +#| msgid "timeout writing to relay" +msgid "timed out writing to relay %s (%s)" +msgstr "aikakatkaisu kirjoitettaessa välittimelle" + +#: logsrvd/logsrvd_relay.c:902 +msgid "timeout writing to relay" +msgstr "aikakatkaisu kirjoitettaessa välittimelle" + +#: logsrvd/logsrvd_relay.c:955 logsrvd/logsrvd_relay.c:961 +#: logsrvd/logsrvd_relay.c:971 +msgid "error writing to relay" +msgstr "virhe kirjoitettaessa välittimelle" + +#: logsrvd/sendlog.c:114 +msgid "send sudo I/O log to remote server" +msgstr "%s - lähetä sudon siirräntäloki etäpalvelimelle" + +#: logsrvd/sendlog.c:120 +msgid "only send an accept event (no I/O)" +msgstr "lähetä vain hyväksyntätapahtuma (ei siirräntää)" + +#: logsrvd/sendlog.c:123 +msgid "certificate bundle file to verify server's cert against" +msgstr "varmennepakettitiedosto, jolla palvelimen varmenne tarkistetaan" -#: logsrvd/sendlog.c:261 plugins/sudoers/iolog_client.c:684 +#: logsrvd/sendlog.c:125 +msgid "certificate file for TLS handshake" +msgstr "TLS-kättelyn varmennetiedosto" + +#: logsrvd/sendlog.c:128 +msgid "host to send logs to" +msgstr "kone, johon lokit lähetetään" + +#: logsrvd/sendlog.c:130 +msgid "remote ID of I/O log to be resumed" +msgstr "jatkettavan I/O-lokin etätunnus" + +#: logsrvd/sendlog.c:133 +msgid "private key file" +msgstr "salainen avain" + +#: logsrvd/sendlog.c:135 +msgid "do not verify server certificate" +msgstr "älä tarkista palvelinvarmennetta" + +#: logsrvd/sendlog.c:138 +msgid "port to use when connecting to host" +msgstr "koneeseen yhteyttä muodostettaessa käytettävä portti" + +#: logsrvd/sendlog.c:140 +msgid "restart previous I/O log transfer" +msgstr "käynnistä aiempi siirräntälokin siirto uudelleen" + +#: logsrvd/sendlog.c:142 +msgid "reject the command with the given reason" +msgstr "hylkää komento annetulla syyllä" + +#: logsrvd/sendlog.c:144 +msgid "stop transfer after reaching this time" +msgstr "lopeta siirto tämän ajan saavuttamisen jälkeen" + +#: logsrvd/sendlog.c:146 +msgid "test audit server by sending selected I/O log n times in parallel" +msgstr "testaa audit-palvelinta lähettämällä valittu siirräntäloki n kertaa rinnakkain" + +#: logsrvd/sendlog.c:171 plugins/sudoers/log_client.c:441 #, c-format -msgid "client message too large: %zu" -msgstr "asiakassanoma on liian suuri: %zu" +msgid "unable to look up %s:%s: %s" +msgstr "kohteen %s:%s nimenselvitys epäonnistui: %s" + +#: logsrvd/sendlog.c:209 +msgid "unable to get server IP addr" +msgstr "palvelimen IP-osoitteen noutaminen ei onnistu" -#: logsrvd/sendlog.c:791 +#: logsrvd/sendlog.c:295 plugins/sudoers/sudoreplay.c:871 #, c-format -msgid "%s: write buffer already in use" -msgstr "%s: kirjoituspuskuri on jo käytössä" +msgid "unable to read %s/%s: %s" +msgstr "tiedostosta %s/%s lukeminen epäonnistui: %s" -#: logsrvd/sendlog.c:843 plugins/sudoers/iolog.c:845 -#: plugins/sudoers/iolog.c:914 +#: logsrvd/sendlog.c:1045 plugins/sudoers/iolog.c:887 +#: plugins/sudoers/iolog.c:956 #, c-format msgid "unexpected I/O event %d" msgstr "odottamaton siirräntätapahtuma %d" -#: logsrvd/sendlog.c:889 logsrvd/sendlog.c:906 logsrvd/sendlog.c:940 -#: plugins/sudoers/iolog_client.c:1155 plugins/sudoers/iolog_client.c:1225 -#: plugins/sudoers/iolog_client.c:1273 +#: logsrvd/sendlog.c:1098 logsrvd/sendlog.c:1115 logsrvd/sendlog.c:1149 +#: plugins/sudoers/log_client.c:1146 plugins/sudoers/log_client.c:1423 +#: plugins/sudoers/log_client.c:1491 plugins/sudoers/log_client.c:1530 #, c-format msgid "%s: unexpected state %d" msgstr "%s: odottamaton tila %d" -#: logsrvd/sendlog.c:912 plugins/sudoers/iolog_client.c:1231 -msgid "invalid ServerHello" -msgstr "virheellinen ServerHello" - -#: logsrvd/sendlog.c:976 plugins/sudoers/iolog_client.c:1317 +#: logsrvd/sendlog.c:1185 plugins/sudoers/log_client.c:1576 #, c-format msgid "error message received from server: %s" msgstr "virhesanoma vastaanotettu palvelimelta: %s" -#: logsrvd/sendlog.c:989 plugins/sudoers/iolog_client.c:1330 +#: logsrvd/sendlog.c:1198 plugins/sudoers/log_client.c:1589 #, c-format msgid "abort message received from server: %s" msgstr "keskeytyssanoma vastaanotettu palvelimelta: %s" -#: logsrvd/sendlog.c:1008 plugins/sudoers/iolog_client.c:1349 -#, fuzzy -msgid "unable to unpack ServerMessage" -msgstr "audit-viestin lähettäminen epäonnistui" - -#: logsrvd/sendlog.c:1048 plugins/sudoers/iolog_client.c:1382 +#: logsrvd/sendlog.c:1257 plugins/sudoers/log_client.c:1639 #, c-format msgid "%s: unexpected type_case value %d" msgstr "%s: odottamaton type_case-arvo %d" -#: logsrvd/sendlog.c:1077 +#: logsrvd/sendlog.c:1286 msgid "timeout reading from server" msgstr "aikakatkaisu luettaessa palvelimelta" -#: logsrvd/sendlog.c:1155 +#: logsrvd/sendlog.c:1368 msgid "premature EOF" msgstr "ennenaikainen tiedoston loppu" -#: logsrvd/sendlog.c:1168 plugins/sudoers/iolog_client.c:1536 +#: logsrvd/sendlog.c:1381 plugins/sudoers/log_client.c:1800 #, c-format msgid "server message too large: %u" msgstr "palvelinsanoma on liian suuri: %u" -#: logsrvd/sendlog.c:1219 +#: logsrvd/sendlog.c:1437 msgid "timeout writing to server" msgstr "aikakatkaisu kirjoitettaessa palvelimelle" -#: logsrvd/sendlog.c:1438 plugins/sudoers/iolog_client.c:297 +#: logsrvd/sendlog.c:1802 +msgid "both restart point and iolog ID must be specified" +msgstr "sekä aloituspiste että iolog-tunnus on annettava" + +#: logsrvd/sendlog.c:1806 +msgid "a restart point may not be set when no I/O is sent" +msgstr "uudelleenkäynnistyspistettä ei ehkä aseteta, kun I/O:ta ei lähetetä" + +#: logsrvd/sendlog.c:1882 +#, c-format +msgid "exited prematurely with state %d" +msgstr "poistui ennenaikaisesti tilalla %d" + +#: logsrvd/sendlog.c:1883 +#, c-format +msgid "elapsed time sent to server [%lld, %ld]" +msgstr "kulunut aika lähetetty palvelimelle [%lld, %ld]" + +#: logsrvd/sendlog.c:1885 +#, c-format +msgid "commit point received from server [%lld, %ld]" +msgstr "toimituspiste vastaanotettu palvelimelta [%lld, %ld]" + +#: logsrvd/tls_client.c:106 plugins/sudoers/log_client.c:304 msgid "TLS handshake timeout occurred" msgstr "TLS-kättelyn aikakatkaisu tapahtui" -#: logsrvd/sendlog.c:1457 logsrvd/sendlog.c:1472 -#: plugins/sudoers/iolog_client.c:319 plugins/sudoers/iolog_client.c:335 +#: logsrvd/tls_client.c:126 logsrvd/tls_client.c:142 +#: plugins/sudoers/log_client.c:326 plugins/sudoers/log_client.c:342 msgid "unable to set event" msgstr "tapahtuman asettaminen ei onnistu" -#: logsrvd/sendlog.c:1482 logsrvd/sendlog.c:1486 +#: logsrvd/tls_client.c:152 logsrvd/tls_client.c:156 #, c-format msgid "TLS connection failed: %s" msgstr "TLS-yhteys epäonnistui: %s" -#: logsrvd/sendlog.c:1519 +#: logsrvd/tls_client.c:190 #, c-format -msgid "Unable to initialize ssl context: %s" -msgstr "Ssl-kontekstia ei voi alustaa: %s" - -#: logsrvd/sendlog.c:1524 plugins/sudoers/iolog_client.c:259 -#, c-format -msgid "Unable to allocate ssl object: %s" -msgstr "Ssl-objektia ei voi varata: %s" +msgid "unable to allocate ssl object: %s" +msgstr "ssl-objektia ei voi varata: %s" -#: logsrvd/sendlog.c:1529 +#: logsrvd/tls_client.c:203 #, c-format msgid "Unable to attach socket to the ssl object: %s" msgstr "Sokettia ei voi liittää SSL-objektiin: %s" -#: logsrvd/sendlog.c:1773 -msgid "both restart point and iolog ID must be specified" -msgstr "sekä aloituspiste että iolog-tunnus on annettava" +#: logsrvd/tls_client.c:231 +msgid "unable to initialize TLS context" +msgstr "TLS-kontekstia ei voi alustaa" -#: logsrvd/sendlog.c:1777 -msgid "a restart point may not be set when no I/O is sent" -msgstr "uudelleenkäynnistyspistettä ei ehkä aseteta, kun I/O:ta ei lähetetä" +#: logsrvd/tls_init.c:127 logsrvd/tls_init.c:135 +#, c-format +msgid "unable to set TLS 1.2 ciphersuite to %s: %s" +msgstr "ei voida asettaa TLS 1.2 -algoritmisarjaksi %s: %s" -#: logsrvd/sendlog.c:1852 +#: logsrvd/tls_init.c:155 logsrvd/tls_init.c:163 #, c-format -msgid "exited prematurely with state %d" -msgstr "poistui ennenaikaisesti tilalla %d" +msgid "unable to set TLS 1.3 ciphersuite to %s: %s" +msgstr "ei voida asettaa TLS 1.3 -algoritmisarjaksi %s: %s" -#: logsrvd/sendlog.c:1853 +#: logsrvd/tls_init.c:195 logsrvd/tls_init.c:216 #, c-format -msgid "elapsed time sent to server [%lld, %ld]" -msgstr "kulunut aika lähetetty palvelimelle [%lld, %ld]" +msgid "unable to set diffie-hellman parameters: %s" +msgstr "diffie-hellman-parametreja ei voi asettaa: %s" -#: logsrvd/sendlog.c:1855 +#: logsrvd/tls_init.c:272 #, c-format -msgid "commit point received from server [%lld, %ld]" -msgstr "toimituspiste vastaanotettu palvelimelta [%lld, %ld]" +msgid "unable to create TLS context: %s" +msgstr "TLS-kontekstia ei voi luoda: %s" -#: plugins/sudoers/alias.c:144 +#: logsrvd/tls_init.c:278 #, c-format -msgid "Alias \"%s\" already defined" -msgstr "Alias ”%s” on jo määritelty" +msgid "unable to set minimum protocol version to TLS 1.2: %s" +msgstr "protokollaversion vähimmäisversiota ei voi asettaa TLS 1.2:ksi: %s" -#: plugins/sudoers/auth/aix_auth.c:198 plugins/sudoers/logging.c:784 -msgid "unable to fork" -msgstr "haarauttaminen epäonnistui" +#: plugins/sudoers/audit.c:267 plugins/sudoers/audit.c:419 +#: plugins/sudoers/log_client.c:979 plugins/sudoers/log_client.c:1028 +#: plugins/sudoers/log_client.c:1077 plugins/sudoers/log_client.c:1203 +#: plugins/sudoers/logging.c:551 plugins/sudoers/logging.c:648 +#: plugins/sudoers/logging.c:810 plugins/sudoers/policy.c:123 +msgid "unable to get time of day" +msgstr "kellonajan noutaminen epäonnistui" -#: plugins/sudoers/auth/aix_auth.c:278 +#: plugins/sudoers/auth/aix_auth.c:277 #, c-format msgid "unable to change password for %s" msgstr "%s-käyttäjän salasanan vaihtaminen epäonnistui" -#: plugins/sudoers/auth/bsdauth.c:70 +#: plugins/sudoers/auth/bsdauth.c:74 #, c-format msgid "unable to get login class for user %s" msgstr "kirjautumisluokan saaminen käyttäjälle %s epäonnistui" -#: plugins/sudoers/auth/bsdauth.c:75 +#: plugins/sudoers/auth/bsdauth.c:79 msgid "unable to begin bsd authentication" msgstr "bsd-todentamisen aloittaminen epäonnistui" -#: plugins/sudoers/auth/bsdauth.c:83 +#: plugins/sudoers/auth/bsdauth.c:87 msgid "invalid authentication type" msgstr "virheellinen todennustyyppi" -#: plugins/sudoers/auth/bsdauth.c:92 +#: plugins/sudoers/auth/bsdauth.c:96 msgid "unable to initialize BSD authentication" msgstr "BSD-todennuksen alustaminen epäonnistui" -#: plugins/sudoers/auth/bsdauth.c:180 +#: plugins/sudoers/auth/bsdauth.c:183 msgid "your account has expired" msgstr "tilisi on vanhentunut" -#: plugins/sudoers/auth/bsdauth.c:182 +#: plugins/sudoers/auth/bsdauth.c:185 msgid "approval failed" msgstr "hyväksyntä epäonnistui" -#: plugins/sudoers/auth/fwtk.c:54 +#: plugins/sudoers/auth/fwtk.c:58 msgid "unable to read fwtk config" msgstr "fwtk config -asetuksen lukeminen epäonnistui" -#: plugins/sudoers/auth/fwtk.c:59 +#: plugins/sudoers/auth/fwtk.c:63 msgid "unable to connect to authentication server" msgstr "todentamispalvelimelle yhdistäminen epäonnistui" -#: plugins/sudoers/auth/fwtk.c:65 plugins/sudoers/auth/fwtk.c:89 -#: plugins/sudoers/auth/fwtk.c:121 +#: plugins/sudoers/auth/fwtk.c:69 plugins/sudoers/auth/fwtk.c:94 +#: plugins/sudoers/auth/fwtk.c:126 msgid "lost connection to authentication server" msgstr "kadotettiin yhteys todentamispalvelimelle" -#: plugins/sudoers/auth/fwtk.c:69 +#: plugins/sudoers/auth/fwtk.c:73 #, c-format msgid "" "authentication server error:\n" @@ -900,83 +1423,83 @@ msgstr "%s: valtuutetun (’%s’) muuntaminen merkkijonoksi epäonnistui: %s" # Ensimmäinen parametri on auth name -#: plugins/sudoers/auth/kerb5.c:160 +#: plugins/sudoers/auth/kerb5.c:162 #, c-format msgid "%s: unable to parse '%s': %s" msgstr "%s: todentamisnimen ’%s’ jäsentäminen epäonnistui: %s" -#: plugins/sudoers/auth/kerb5.c:169 +#: plugins/sudoers/auth/kerb5.c:171 #, c-format msgid "%s: unable to resolve credential cache: %s" -msgstr "%s: valtuustietovälimuistin ratkaiseminen epäonnistui: %s" +msgstr "%s: valtuustietovälimuistin nimenselvitys epäonnistui: %s" -#: plugins/sudoers/auth/kerb5.c:216 +#: plugins/sudoers/auth/kerb5.c:220 #, c-format msgid "%s: unable to allocate options: %s" msgstr "%s: muistin varaaminen valitsimille epäonnistui: %s" -#: plugins/sudoers/auth/kerb5.c:231 +#: plugins/sudoers/auth/kerb5.c:235 #, c-format msgid "%s: unable to get credentials: %s" msgstr "%s: valtuustietojen hakeminen epäonnistui: %s" -#: plugins/sudoers/auth/kerb5.c:244 +#: plugins/sudoers/auth/kerb5.c:248 #, c-format msgid "%s: unable to initialize credential cache: %s" msgstr "%s: valtuustietovälimuistin alustaminen epäonnistui: %s" -#: plugins/sudoers/auth/kerb5.c:247 +#: plugins/sudoers/auth/kerb5.c:251 #, c-format msgid "%s: unable to store credential in cache: %s" msgstr "%s: valtuustietojen tallentaminen valtuustietovälimuistiin epäonnistui: %s" -#: plugins/sudoers/auth/kerb5.c:311 +#: plugins/sudoers/auth/kerb5.c:315 #, c-format msgid "%s: unable to get host principal: %s" msgstr "%s: tietokoneen valtuutetun hakeminen epäonnistui: %s" -#: plugins/sudoers/auth/kerb5.c:325 +#: plugins/sudoers/auth/kerb5.c:329 #, c-format msgid "%s: Cannot verify TGT! Possible attack!: %s" msgstr "%s: TGT-lipun todentaminen epäonnistui! Mahdollinen hyökkäys!: %s" -#: plugins/sudoers/auth/pam.c:218 +#: plugins/sudoers/auth/pam.c:216 #, c-format msgid "unable to initialize PAM: %s" msgstr "PAMin alustaminen epäonnistui: %s" -#: plugins/sudoers/auth/pam.c:317 +#: plugins/sudoers/auth/pam.c:338 #, c-format msgid "PAM authentication error: %s" msgstr "PAM-todentamisvirhe: %s" -#: plugins/sudoers/auth/pam.c:336 +#: plugins/sudoers/auth/pam.c:357 msgid "account validation failure, is your account locked?" -msgstr "tilikelpuutushäiriö, onko tilisi lukittu?" +msgstr "tilinvahvistusvirhe, onko tilisi lukittu?" -#: plugins/sudoers/auth/pam.c:347 +#: plugins/sudoers/auth/pam.c:368 msgid "Account or password is expired, reset your password and try again" msgstr "Tili tai salasana on vanhentunut, nollaa salasanasi tai yritä uudelleen" -#: plugins/sudoers/auth/pam.c:353 +#: plugins/sudoers/auth/pam.c:374 #, c-format msgid "unable to change expired password: %s" msgstr "vanhentuneen salasanan vaihtaminen epäonnistui: %s" -#: plugins/sudoers/auth/pam.c:364 +#: plugins/sudoers/auth/pam.c:385 msgid "Password expired, contact your system administrator" msgstr "Salasana vanhentunut, ota yhteyttä järjestelmän ylläpitäjään" -#: plugins/sudoers/auth/pam.c:369 +#: plugins/sudoers/auth/pam.c:390 msgid "Account expired or PAM config lacks an \"account\" section for sudo, contact your system administrator" msgstr "Tili vanhentunut tai PAM-asetuksista puuttuu ”account”-lohko sudo-komennolle, ota yhteyttä järjestelmän ylläpitäjään" -#: plugins/sudoers/auth/pam.c:377 plugins/sudoers/auth/pam.c:382 -#, fuzzy, c-format +#: plugins/sudoers/auth/pam.c:398 plugins/sudoers/auth/pam.c:403 +#, c-format msgid "PAM account management error: %s" -msgstr "PAM-todentamisvirhe: %s" +msgstr "PAM-tilin hallintavirhe: %s" -#: plugins/sudoers/auth/rfc1938.c:99 plugins/sudoers/visudo.c:242 +#: plugins/sudoers/auth/rfc1938.c:99 plugins/sudoers/visudo.c:255 #, c-format msgid "you do not exist in the %s database" msgstr "ei ole olemassa %s-tietokannassa" @@ -985,35 +1508,35 @@ msgid "failed to initialise the ACE API library" msgstr "ACE API -kirjaston alustaminen epäonnistui" -#: plugins/sudoers/auth/securid5.c:98 +#: plugins/sudoers/auth/securid5.c:103 msgid "unable to contact the SecurID server" msgstr "yhteyden ottaminen SecurID-palvelimeen epäonnistui" -#: plugins/sudoers/auth/securid5.c:107 +#: plugins/sudoers/auth/securid5.c:112 msgid "User ID locked for SecurID Authentication" msgstr "Käyttäjätunniste lukittu SecurID-todennukselle" -#: plugins/sudoers/auth/securid5.c:111 plugins/sudoers/auth/securid5.c:162 +#: plugins/sudoers/auth/securid5.c:116 plugins/sudoers/auth/securid5.c:167 msgid "invalid username length for SecurID" -msgstr "virheellinen käyttäjänimipituus kohteelle SecurID" +msgstr "virheellinen SecurID-käyttäjänimen pituus" -#: plugins/sudoers/auth/securid5.c:115 plugins/sudoers/auth/securid5.c:167 +#: plugins/sudoers/auth/securid5.c:120 plugins/sudoers/auth/securid5.c:172 msgid "invalid Authentication Handle for SecurID" -msgstr "virheellinen todentamiskäsittelijä kohteelle SecurID" +msgstr "virheellinen SecurID-todennuskahva" -#: plugins/sudoers/auth/securid5.c:119 +#: plugins/sudoers/auth/securid5.c:124 msgid "SecurID communication failed" msgstr "SecurID-viestintä epäonnistui" -#: plugins/sudoers/auth/securid5.c:123 plugins/sudoers/auth/securid5.c:212 +#: plugins/sudoers/auth/securid5.c:128 plugins/sudoers/auth/securid5.c:215 msgid "unknown SecurID error" msgstr "tuntematon SecurID-virhe" -#: plugins/sudoers/auth/securid5.c:157 +#: plugins/sudoers/auth/securid5.c:162 msgid "invalid passcode length for SecurID" -msgstr "virheellinen salasanakoodipituus kohteelle SecurID" +msgstr "virheellinen SecurID-salasanan pituus" -#: plugins/sudoers/auth/sia.c:69 plugins/sudoers/auth/sia.c:124 +#: plugins/sudoers/auth/sia.c:69 plugins/sudoers/auth/sia.c:123 msgid "unable to initialize SIA session" msgstr "SIA-istunnon alustaminen epäonnistui" @@ -1037,7 +1560,7 @@ msgid "Unable to initialize authentication methods." msgstr "Todentamismenetelmien alustaminen epäonnistui." -#: plugins/sudoers/auth/sudo_auth.c:473 +#: plugins/sudoers/auth/sudo_auth.c:471 msgid "Authentication methods:" msgstr "Todennusmenetelmät:" @@ -1049,7 +1572,17 @@ msgid "unable to commit audit record" msgstr "commit-toiminnon suorittaminen audit-tietueelle epäonnistui" -#: plugins/sudoers/check.c:258 +#: plugins/sudoers/check.c:264 +#, c-format +msgid "error reading lecture file %s" +msgstr "virhe luettaessa saarnatiedostoa: %s" + +#: plugins/sudoers/check.c:270 +#, c-format +msgid "ignoring lecture file %s: not a regular file" +msgstr "ohitetaan saarnatiedosto %s: ei ole tavallinen tiedosto" + +#: plugins/sudoers/check.c:283 msgid "" "\n" "We trust you have received the usual lecture from the local System\n" @@ -1069,127 +1602,132 @@ " #3) Suuren voiman mukana tulee suuri vastuu.\n" "\n" -#: plugins/sudoers/check.c:301 plugins/sudoers/check.c:311 -#: plugins/sudoers/sudoers.c:763 plugins/sudoers/sudoers.c:811 +#: plugins/sudoers/check.c:331 plugins/sudoers/check.c:341 +#: plugins/sudoers/sudoers.c:885 plugins/sudoers/sudoers.c:906 #: plugins/sudoers/tsdump.c:119 #, c-format -msgid "unknown uid: %u" -msgstr "tuntematon uid-käyttäjätunniste: %u" +msgid "unknown uid %u" +msgstr "tuntematon uid-käyttäjätunniste %u" + +#: plugins/sudoers/check_aliases.c:92 +#, c-format +msgid "Error: %s:%d:%d: cycle in %s \"%s\"" +msgstr "Virhe: %s:%d:%d: %s ”%s” on kiertävä" + +#: plugins/sudoers/check_aliases.c:93 +#, c-format +msgid "Warning: %s:%d:%d: cycle in %s \"%s\"" +msgstr "Varoitus: %s:%d:%d: %s ”%s” on kiertävä" + +# Toiseksi viimeinen %s on esim. ""Host_Alias" ja viimeinen sen nimi. +#: plugins/sudoers/check_aliases.c:97 +#, c-format +msgid "Error: %s:%d:%d: %s \"%s\" referenced but not defined" +msgstr "Virhe: %s:%d:%d määrittelemätön %s ”%s” viitattuna" -#: plugins/sudoers/check.c:306 plugins/sudoers/iolog.c:117 -#: plugins/sudoers/policy.c:1037 plugins/sudoers/sudoers.c:387 -#: plugins/sudoers/sudoers.c:388 plugins/sudoers/sudoers.c:1240 -#: plugins/sudoers/testsudoers.c:219 plugins/sudoers/testsudoers.c:392 +# Toiseksi viimeinen %s on esim. ""Host_Alias" ja viimeinen sen nimi. +#: plugins/sudoers/check_aliases.c:98 #, c-format -msgid "unknown user: %s" -msgstr "tuntematon käyttäjä: %s" +msgid "Warning: %s:%d:%d: %s \"%s\" referenced but not defined" +msgstr "Varoitus: %s:%d:%d määrittelemätön %s ”%s” viitattuna mutta määrittelemättä" -#: plugins/sudoers/cvtsudoers.c:195 +#: plugins/sudoers/cvtsudoers.c:209 #, c-format msgid "order increment: %s: %s" -msgstr "" +msgstr "järjestyksen kasvatus: %s: %s" -#: plugins/sudoers/cvtsudoers.c:211 +#: plugins/sudoers/cvtsudoers.c:228 #, c-format msgid "starting order: %s: %s" msgstr "aloitusjärjestys: %s: %s" -#: plugins/sudoers/cvtsudoers.c:221 +#: plugins/sudoers/cvtsudoers.c:238 #, c-format msgid "order padding: %s: %s" -msgstr "" +msgstr "järjestyksen tasaus: %s: %s" -#: plugins/sudoers/cvtsudoers.c:231 plugins/sudoers/visudo.c:180 +#: plugins/sudoers/cvtsudoers.c:248 plugins/sudoers/visudo.c:179 #, c-format msgid "%s grammar version %d\n" msgstr "%s kielioppiversio %d\n" -#: plugins/sudoers/cvtsudoers.c:248 plugins/sudoers/testsudoers.c:167 +#: plugins/sudoers/cvtsudoers.c:277 plugins/sudoers/testsudoers.c:159 #, c-format msgid "unsupported input format %s" msgstr "syötemuotoa %s ei tueta" -#: plugins/sudoers/cvtsudoers.c:263 +#: plugins/sudoers/cvtsudoers.c:295 #, c-format msgid "unsupported output format %s" msgstr "tuotosmuotoa %s ei tueta" -#: plugins/sudoers/cvtsudoers.c:315 +#: plugins/sudoers/cvtsudoers.c:385 #, c-format msgid "%s: input and output files must be different" msgstr "%s: syöte- ja tulostetiedostojen on oltava erilaiset" -#: plugins/sudoers/cvtsudoers.c:331 plugins/sudoers/sudoers.c:181 -#: plugins/sudoers/testsudoers.c:258 plugins/sudoers/visudo.c:248 -#: plugins/sudoers/visudo.c:604 plugins/sudoers/visudo.c:927 +#: plugins/sudoers/cvtsudoers.c:399 plugins/sudoers/sudoers.c:159 +#: plugins/sudoers/sudoers.c:205 plugins/sudoers/testsudoers.c:254 +#: plugins/sudoers/visudo.c:261 plugins/sudoers/visudo.c:620 +#: plugins/sudoers/visudo.c:953 msgid "unable to initialize sudoers default values" msgstr "sudoers-oletusarvojen alustaminen epäonnistui" -#: plugins/sudoers/cvtsudoers.c:417 plugins/sudoers/ldap_conf.c:431 +#: plugins/sudoers/cvtsudoers.c:522 plugins/sudoers/ldap_conf.c:431 #, c-format msgid "%s: %s: %s: %s" msgstr "%s: %s: %s: %s" -#: plugins/sudoers/cvtsudoers.c:476 +#: plugins/sudoers/cvtsudoers.c:581 #, c-format -msgid "%s: unknown key word: %s" -msgstr "%s: tuntematon avainsana: %s" +msgid "%s: unknown key word %s" +msgstr "%s: tuntematon avainsana %s" -#: plugins/sudoers/cvtsudoers.c:522 +#: plugins/sudoers/cvtsudoers.c:627 #, c-format msgid "invalid defaults type: %s" msgstr "virheellisten oletusarvojen tyyppi: %s" -#: plugins/sudoers/cvtsudoers.c:545 +#: plugins/sudoers/cvtsudoers.c:650 #, c-format msgid "invalid suppression type: %s" msgstr "virheellinen vaiennustyyppi: %s" -#: plugins/sudoers/cvtsudoers.c:585 plugins/sudoers/cvtsudoers.c:599 +#: plugins/sudoers/cvtsudoers.c:691 plugins/sudoers/cvtsudoers.c:707 #, c-format msgid "invalid filter: %s" msgstr "virheellinen suodatin: %s" -# Avaamisen kohde voi olla timestamp file, sudoers file tai pathbuf -#: plugins/sudoers/cvtsudoers.c:618 plugins/sudoers/cvtsudoers.c:635 -#: plugins/sudoers/cvtsudoers.c:1245 plugins/sudoers/cvtsudoers_json.c:861 -#: plugins/sudoers/cvtsudoers_ldif.c:680 plugins/sudoers/sudoers.c:986 -#: plugins/sudoers/sudoreplay.c:1436 plugins/sudoers/timestamp.c:441 -#: plugins/sudoers/tsdump.c:128 plugins/sudoers/visudo.c:923 -#, c-format -msgid "unable to open %s" -msgstr "kohteen %s avaaminen epäonnistui" - -#: plugins/sudoers/cvtsudoers.c:638 plugins/sudoers/visudo.c:932 +#: plugins/sudoers/cvtsudoers.c:751 plugins/sudoers/visudo.c:958 #, c-format msgid "failed to parse %s file, unknown error" msgstr "tiedoston %s jäsentäminen epäonnistui, tuntematon virhe" -#: plugins/sudoers/cvtsudoers.c:646 plugins/sudoers/visudo.c:949 +#: plugins/sudoers/cvtsudoers.c:759 #, c-format msgid "parse error in %s near line %d\n" msgstr "jäsentämisvirhe tiedostossa %s lähellä riviä %d\n" -#: plugins/sudoers/cvtsudoers.c:649 plugins/sudoers/visudo.c:952 +#: plugins/sudoers/cvtsudoers.c:762 #, c-format msgid "parse error in %s\n" msgstr "jäsentämisvirhe tiedostossa %s\n" # Kirjoittamisen kohde voi olla timestamp file tai pathbuf -#: plugins/sudoers/cvtsudoers.c:1292 plugins/sudoers/sudoreplay.c:1125 -#: plugins/sudoers/timestamp.c:325 plugins/sudoers/timestamp.c:328 +#: plugins/sudoers/cvtsudoers.c:1486 plugins/sudoers/sudoreplay.c:1145 +#: plugins/sudoers/timestamp.c:317 plugins/sudoers/timestamp.c:320 #, c-format msgid "unable to write to %s" msgstr "kohteeseen %s kirjoittaminen epäonnistui" -#: plugins/sudoers/cvtsudoers.c:1315 +#: plugins/sudoers/cvtsudoers.c:1509 #, c-format msgid "" "%s - convert between sudoers file formats\n" "\n" msgstr "%s - muunna sudoers-tiedostomuotojen välillä\n" -#: plugins/sudoers/cvtsudoers.c:1317 +#: plugins/sudoers/cvtsudoers.c:1511 msgid "" "\n" "Options:\n" @@ -1210,683 +1748,875 @@ " -s, --suppress=sections suppress output of certain sections\n" " -V, --version display version information and exit" msgstr "" - -#: plugins/sudoers/cvtsudoers_json.c:480 plugins/sudoers/cvtsudoers_json.c:514 -#: plugins/sudoers/cvtsudoers_json.c:702 -#, c-format -msgid "unknown defaults entry \"%s\"" -msgstr "tuntematon oletusrivi \"%s\"" - -#: plugins/sudoers/cvtsudoers_json.c:640 plugins/sudoers/cvtsudoers_json.c:653 -#: plugins/sudoers/cvtsudoers_ldif.c:345 plugins/sudoers/cvtsudoers_ldif.c:356 -#: plugins/sudoers/ldap.c:502 +"\n" +"Options:\n" +" -b, --base=dn LDAP-kyselyiden DN-perusnimi\n" +" -c, --config=asetustied asetustiedoston polku\n" +" -d, --defaults=deftyypit muunna vain annettujen tyyppien Defaults-arvot\n" +" -e, --expand-aliases lavenna aliakset muuntaessa\n" +" -f, --output-format=muoto aseta tulostemuoto: JSON, LDIF tai sudoers\n" +" -i, --input-format=muoto aseta syötemuoto: LDIF tai sudoers\n" +" -I, --increment=määrä kutakin sudoOrderia kasvattava määrä\n" +" -h, --help näytä ohjeviesti ja poistu\n" +" -m, --match=suodatin muunna vain suodattimeen täsmäävät kohdat\n" +" -M, --match-local täsmäyssuodatin käyttää passwd and group -tietokantoja\n" +" -o, --output=tulostied kirjoita muunnetut sudoers-tiedot tulostiedostoon\n" +" -O, --order-start=luku ensimmäisen sudoOrderin aloituspiste\n" +" -p, --prune-matches karsi täsmäämättömät käyttäjät, ryhmät ja koneet\n" +" -P, --padding=luku sudoOrder-kasvatuksen perustasaus\n" +" -s, --suppress=osiot vaienna tiettyjen osioiden tuloste\n" +" -V, --version näytä versiotiedot ja poistu" + +#: plugins/sudoers/cvtsudoers_csv.c:452 plugins/sudoers/cvtsudoers_csv.c:466 +#: plugins/sudoers/cvtsudoers_json.c:654 plugins/sudoers/cvtsudoers_json.c:669 +#: plugins/sudoers/cvtsudoers_ldif.c:347 plugins/sudoers/cvtsudoers_ldif.c:360 +#: plugins/sudoers/ldap.c:504 msgid "unable to get GMT time" msgstr "GMT-ajan noutaminen epäonnistui" -#: plugins/sudoers/cvtsudoers_json.c:643 plugins/sudoers/cvtsudoers_json.c:656 -#: plugins/sudoers/cvtsudoers_ldif.c:348 plugins/sudoers/cvtsudoers_ldif.c:359 -#: plugins/sudoers/ldap.c:508 +#: plugins/sudoers/cvtsudoers_csv.c:457 plugins/sudoers/cvtsudoers_csv.c:471 +#: plugins/sudoers/cvtsudoers_json.c:659 plugins/sudoers/cvtsudoers_json.c:674 +#: plugins/sudoers/cvtsudoers_ldif.c:352 plugins/sudoers/cvtsudoers_ldif.c:365 +#: plugins/sudoers/ldap.c:512 msgid "unable to format timestamp" msgstr "aikaleiman muotoileminen epäonnistui" -#: plugins/sudoers/cvtsudoers_ldif.c:632 +#: plugins/sudoers/cvtsudoers_json.c:480 plugins/sudoers/cvtsudoers_json.c:515 +#: plugins/sudoers/cvtsudoers_json.c:725 plugins/sudoers/defaults.c:189 +#, c-format +msgid "%s:%d:%d: unknown defaults entry \"%s\"" +msgstr "%s:%d:%d: tuntematon oletusrivi ”%s”" + +#: plugins/sudoers/cvtsudoers_ldif.c:649 #, c-format msgid "too many sudoers entries, maximum %u" msgstr "liian monta sudoers-merkintää, enimmäismäärä %u" -#: plugins/sudoers/cvtsudoers_ldif.c:675 +#: plugins/sudoers/cvtsudoers_ldif.c:692 msgid "the SUDOERS_BASE environment variable is not set and the -b option was not specified." msgstr "SUDOERS_BASE-ympäristömuuttujaa ei ole määritelty eikä -b-valitsinta annettu." -#: plugins/sudoers/def_data.c:42 +#: plugins/sudoers/cvtsudoers_merge.c:438 +#, fuzzy, c-format +#| msgid "unable to mkdir %s" +msgid "unable to find alias %s" +msgstr "käskyn mkdir %s suorittaminen epäonnistui" + +# parametrinä on variable +#: plugins/sudoers/cvtsudoers_merge.c:441 +#, fuzzy, c-format +#| msgid "%s:%d:%d: no value specified for \"%s\"" +msgid "%s:%d:%d: renaming alias %s to %s" +msgstr "%s:%d:%d: arvoa ei ole määritelty muuttujalle ”%s”" + +#: plugins/sudoers/cvtsudoers_merge.c:498 +#, c-format +msgid "%s:%d:%d: removing duplicate alias %s" +msgstr "%s:%d:%d: poistetaan kahdenkertainen alias %s" + +#: plugins/sudoers/cvtsudoers_merge.c:658 +#, c-format +msgid "%s:%d:%d: conflicting Defaults entry \"%s\" host-specific in %s:%d:%d" +msgstr "" + +#: plugins/sudoers/cvtsudoers_merge.c:698 +#, fuzzy, c-format +#| msgid "%s:%d:%d: invalid Defaults type 0x%x for option \"%s\"" +msgid "%s:%d:%d: made Defaults \"%s\" specific to host %s" +msgstr "%s:%d:%d: virheellinen Defaults-tyyppi 0x%x valitsimelle ”%s”" + +#: plugins/sudoers/cvtsudoers_merge.c:718 +#, c-format +msgid "%s:%d:%d: removing Defaults \"%s\" overridden by subsequent entries" +msgstr "" + +#: plugins/sudoers/cvtsudoers_merge.c:723 +#, c-format +msgid "%s:%d:%d: unable to make Defaults \"%s\" host-specific" +msgstr "" + +#: plugins/sudoers/cvtsudoers_merge.c:943 +#, c-format +msgid "%s:%d:%d: removing userspec overridden by subsequent entries" +msgstr "" + +#: plugins/sudoers/def_data.c:50 #, c-format msgid "Syslog facility if syslog is being used for logging: %s" msgstr "Syslog-apuneuvo, jos syslog-lokia käytetään kirjautumista varten: %s" -#: plugins/sudoers/def_data.c:46 +#: plugins/sudoers/def_data.c:54 #, c-format msgid "Syslog priority to use when user authenticates successfully: %s" msgstr "Käytettävä syslog-prioriteetti, kun käyttäjä todennetaan onnistuneesti: %s" -#: plugins/sudoers/def_data.c:50 +#: plugins/sudoers/def_data.c:58 #, c-format msgid "Syslog priority to use when user authenticates unsuccessfully: %s" msgstr "Käytettävä syslog-prioriteetti, kun käyttäjän todennus epäonnistui: %s" -#: plugins/sudoers/def_data.c:54 +#: plugins/sudoers/def_data.c:62 msgid "Put OTP prompt on its own line" msgstr "Laita OPT-kehote omalle rivilleen" -#: plugins/sudoers/def_data.c:58 +#: plugins/sudoers/def_data.c:66 msgid "Ignore '.' in $PATH" msgstr "Ohita ’.’ $PATHissa" -#: plugins/sudoers/def_data.c:62 +#: plugins/sudoers/def_data.c:70 msgid "Always send mail when sudo is run" msgstr "Lähetä aina sähköpostia, kun sudo suoritetaan" -#: plugins/sudoers/def_data.c:66 +#: plugins/sudoers/def_data.c:74 msgid "Send mail if user authentication fails" msgstr "Lähetä sähköpostia, jos käyttäjän todennus epäonnistuu" -#: plugins/sudoers/def_data.c:70 +#: plugins/sudoers/def_data.c:78 msgid "Send mail if the user is not in sudoers" msgstr "Lähetä sähköpostia, jos käyttäjä ei ole sudoers-määrittelyssä" -#: plugins/sudoers/def_data.c:74 +#: plugins/sudoers/def_data.c:82 msgid "Send mail if the user is not in sudoers for this host" msgstr "Lähetä sähköpostia, jos käyttäjä ei ole tällä tietokoneella sudoers-määrittelyssä" -#: plugins/sudoers/def_data.c:78 +#: plugins/sudoers/def_data.c:86 msgid "Send mail if the user is not allowed to run a command" msgstr "Lähetä sähköpostia, jos käyttäjän ei sallita suorittaa komentoa" -#: plugins/sudoers/def_data.c:82 +#: plugins/sudoers/def_data.c:90 msgid "Send mail if the user tries to run a command" msgstr "Lähetä sähköpostia, jos käyttäjä yrittää suorittaa komennon" -#: plugins/sudoers/def_data.c:86 +#: plugins/sudoers/def_data.c:94 msgid "Use a separate timestamp for each user/tty combo" msgstr "Käytä erillistä aikaleimaa jokaiselle käyttäjä/tty -yhdistelmälle" -#: plugins/sudoers/def_data.c:90 +#: plugins/sudoers/def_data.c:98 msgid "Lecture user the first time they run sudo" -msgstr "Saarnaa ensimmäistä kertaa sudo-ohjelmaa käyttävälle" +msgstr "Saarnaa sudoa ensimmäistä kertaa käyttävälle" -#: plugins/sudoers/def_data.c:94 +#: plugins/sudoers/def_data.c:102 #, c-format msgid "File containing the sudo lecture: %s" msgstr "Sudo-saarnan sisältävä tiedosto: %s" -#: plugins/sudoers/def_data.c:98 +#: plugins/sudoers/def_data.c:106 msgid "Require users to authenticate by default" msgstr "Vaadi käyttäjien todennus oletuksena" -#: plugins/sudoers/def_data.c:102 +#: plugins/sudoers/def_data.c:110 msgid "Root may run sudo" msgstr "Root voi suorittaa sudo-ohjelman" -#: plugins/sudoers/def_data.c:106 +#: plugins/sudoers/def_data.c:114 msgid "Log the hostname in the (non-syslog) log file" msgstr "Kirjaa tietokonenimi (ei-syslog)lokitiedostoon" -#: plugins/sudoers/def_data.c:110 +#: plugins/sudoers/def_data.c:118 msgid "Log the year in the (non-syslog) log file" msgstr "Kirjaa vuosi (ei-syslog)lokitiedostoon" -#: plugins/sudoers/def_data.c:114 +#: plugins/sudoers/def_data.c:122 msgid "If sudo is invoked with no arguments, start a shell" msgstr "Jos sudo-ohjelmaa kutsutaan ilman argumentteja, käynnistä käyttöjärjestelmäkuori" -#: plugins/sudoers/def_data.c:118 +#: plugins/sudoers/def_data.c:126 msgid "Set $HOME to the target user when starting a shell with -s" msgstr "Aseta $HOME-muuttujaksi kohdekäyttäjä kun käyttöjärjestelmäkuori käynnistetään valitsimella -s" -#: plugins/sudoers/def_data.c:122 +#: plugins/sudoers/def_data.c:130 msgid "Always set $HOME to the target user's home directory" msgstr "Aseta $HOME-muuttujaksi aina kohdekäyttäjän kotihakemisto" -#: plugins/sudoers/def_data.c:126 +#: plugins/sudoers/def_data.c:134 msgid "Allow some information gathering to give useful error messages" msgstr "Salli jotain tietojenkeräystä hyödyllisten virheilmoitusten tarjoamiseksi" -#: plugins/sudoers/def_data.c:130 +#: plugins/sudoers/def_data.c:138 msgid "Require fully-qualified hostnames in the sudoers file" msgstr "Vaadi täysin rakennettu tietokonenimi suoders-tiedostossa" -#: plugins/sudoers/def_data.c:134 +#: plugins/sudoers/def_data.c:142 msgid "Insult the user when they enter an incorrect password" msgstr "Solvaa käyttäjiä, kun he kirjoittavat väärän salasanan" -#: plugins/sudoers/def_data.c:138 +#: plugins/sudoers/def_data.c:146 msgid "Only allow the user to run sudo if they have a tty" msgstr "Salli käyttäjien suorittaa sudo-ohjelma vain jos heillä on tty" -#: plugins/sudoers/def_data.c:142 +#: plugins/sudoers/def_data.c:150 msgid "Visudo will honor the EDITOR environment variable" msgstr "Visudo noudattaa EDITOR-ympäristömuuttujaa" -#: plugins/sudoers/def_data.c:146 +#: plugins/sudoers/def_data.c:154 msgid "Prompt for root's password, not the users's" msgstr "Kysy root-käyttäjän salasana, ei käyttäjän" -#: plugins/sudoers/def_data.c:150 +#: plugins/sudoers/def_data.c:158 msgid "Prompt for the runas_default user's password, not the users's" msgstr "Kysy runas_default-käyttäjän salasana, ei käyttäjän" -#: plugins/sudoers/def_data.c:154 +#: plugins/sudoers/def_data.c:162 msgid "Prompt for the target user's password, not the users's" msgstr "Kysy kohdekäyttäjän salasana, ei käyttäjän" -#: plugins/sudoers/def_data.c:158 +#: plugins/sudoers/def_data.c:166 msgid "Apply defaults in the target user's login class if there is one" msgstr "Käytä oletuksia kohdekäyttäjän kirjautumisluokassa, jos siinä on yhtään" -#: plugins/sudoers/def_data.c:162 +#: plugins/sudoers/def_data.c:170 msgid "Set the LOGNAME and USER environment variables" msgstr "Aseta LOGNAME- ja USER-ympäristömuuttujat" -#: plugins/sudoers/def_data.c:166 +#: plugins/sudoers/def_data.c:174 msgid "Only set the effective uid to the target user, not the real uid" msgstr "Aseta vain voimassa oleva uid-käyttäjätunniste kohdekäyttäjälle, ei oikeaa uid-tunnistetta" -#: plugins/sudoers/def_data.c:170 +#: plugins/sudoers/def_data.c:178 msgid "Don't initialize the group vector to that of the target user" msgstr "Älä alusta ryhmävektoria kohdekäyttäjän vastaavaan arvoon" -#: plugins/sudoers/def_data.c:174 +#: plugins/sudoers/def_data.c:182 #, c-format msgid "Length at which to wrap log file lines (0 for no wrap): %u" msgstr "Pituus, jossa pitkät lokitiedostorivit jaetaan seuraavalle riville (0 ei jaeta): %u" -#: plugins/sudoers/def_data.c:178 +#: plugins/sudoers/def_data.c:186 #, c-format msgid "Authentication timestamp timeout: %.1f minutes" -msgstr "Todennusaikaleiman aikavalvonta: %.1f minuuttia" +msgstr "Todennusaikaleiman aikakatkaisu: %.1f minuuttia" -#: plugins/sudoers/def_data.c:182 +#: plugins/sudoers/def_data.c:190 #, c-format msgid "Password prompt timeout: %.1f minutes" -msgstr "Salasanakehotteen aikavalvonta: %.1f minuuttia" +msgstr "Salasanakehotteen aikakatkaisu: %.1f minuuttia" -#: plugins/sudoers/def_data.c:186 +#: plugins/sudoers/def_data.c:194 #, c-format msgid "Number of tries to enter a password: %u" msgstr "Salasanayritysten lukumäärä: %u" -#: plugins/sudoers/def_data.c:190 +#: plugins/sudoers/def_data.c:198 #, c-format msgid "Umask to use or 0777 to use user's: 0%o" msgstr "Käytettävä umask-määrittely tai 0777 käytettäväksi käyttäjän umask-määrittelyksi: 0%o" -#: plugins/sudoers/def_data.c:194 +#: plugins/sudoers/def_data.c:202 #, c-format msgid "Path to log file: %s" msgstr "Polku lokitiedostoon: %s" -#: plugins/sudoers/def_data.c:198 +#: plugins/sudoers/def_data.c:206 #, c-format msgid "Path to mail program: %s" msgstr "Sähköpostiohjelman polku: %s" -#: plugins/sudoers/def_data.c:202 +#: plugins/sudoers/def_data.c:210 #, c-format msgid "Flags for mail program: %s" msgstr "Sähköpostiohjelman liput: %s" -#: plugins/sudoers/def_data.c:206 +#: plugins/sudoers/def_data.c:214 #, c-format msgid "Address to send mail to: %s" msgstr "Sähköpostin vastaanottajan osoite: %s" -#: plugins/sudoers/def_data.c:210 +#: plugins/sudoers/def_data.c:218 #, c-format msgid "Address to send mail from: %s" msgstr "Sähköpostin lähettäjän osoite: %s" -#: plugins/sudoers/def_data.c:214 +#: plugins/sudoers/def_data.c:222 #, c-format msgid "Subject line for mail messages: %s" msgstr "Sähköpostiviestien aihe-rivi: %s" -#: plugins/sudoers/def_data.c:218 +#: plugins/sudoers/def_data.c:226 #, c-format msgid "Incorrect password message: %s" msgstr "Virheellinen salasanaviesti: %s" -#: plugins/sudoers/def_data.c:222 +#: plugins/sudoers/def_data.c:230 #, c-format msgid "Path to lecture status dir: %s" -msgstr "Polku luentotilahakemistoon: %s" +msgstr "Polku saarnatilan hakemistoon: %s" -#: plugins/sudoers/def_data.c:226 +#: plugins/sudoers/def_data.c:234 #, c-format msgid "Path to authentication timestamp dir: %s" msgstr "Polku todennusaikaleimahakemistoon: %s" -#: plugins/sudoers/def_data.c:230 +#: plugins/sudoers/def_data.c:238 #, c-format msgid "Owner of the authentication timestamp dir: %s" msgstr "Todennusaikaleimahakemiston omistaja: %s" -#: plugins/sudoers/def_data.c:234 +#: plugins/sudoers/def_data.c:242 #, c-format msgid "Users in this group are exempt from password and PATH requirements: %s" msgstr "Käyttäjät tässä ryhmässä on vapautettu salasana- ja PATH-vaatimuksista: %s" -#: plugins/sudoers/def_data.c:238 +#: plugins/sudoers/def_data.c:246 #, c-format msgid "Default password prompt: %s" msgstr "Oletussalasanakehote: %s" -#: plugins/sudoers/def_data.c:242 +#: plugins/sudoers/def_data.c:250 msgid "If set, passprompt will override system prompt in all cases." msgstr "Jos asetettu, salasanakehote korvaa järjestelmäkehotteen kaikissa tapauksissa." # Tämä on tekemisessä runas_default -määrittelyn kanssa -#: plugins/sudoers/def_data.c:246 +#: plugins/sudoers/def_data.c:254 #, c-format msgid "Default user to run commands as: %s" msgstr "Oletuskäyttäjä suorittaa komennot käyttäjänä: %s" -#: plugins/sudoers/def_data.c:250 +#: plugins/sudoers/def_data.c:258 #, c-format msgid "Value to override user's $PATH with: %s" msgstr "Arvo, jolla korvataan käyttäjän $PATH-asetus: %s" -#: plugins/sudoers/def_data.c:254 +#: plugins/sudoers/def_data.c:262 #, c-format msgid "Path to the editor for use by visudo: %s" msgstr "Visudo-editorin käyttämä polku: %s" -#: plugins/sudoers/def_data.c:258 +#: plugins/sudoers/def_data.c:266 #, c-format msgid "When to require a password for 'list' pseudocommand: %s" msgstr "Kun vaaditaan salasana ’list’-näennäiskomennolle: %s" -#: plugins/sudoers/def_data.c:262 +#: plugins/sudoers/def_data.c:270 #, c-format msgid "When to require a password for 'verify' pseudocommand: %s" msgstr "Kun vaaditaan salasana ’verify’-näennäiskomennolle: %s" -#: plugins/sudoers/def_data.c:266 -msgid "Preload the dummy exec functions contained in the sudo_noexec library" -msgstr "Esilataa vale-exec-funktiot, jotka sisältyvät sudo_noexec-kirjastoon" +#: plugins/sudoers/def_data.c:274 +msgid "Preload the sudo_noexec library which replaces the exec functions" +msgstr "Esilataa sudo_noexec-kirjasto, joka korvaa exec-funtiot" -#: plugins/sudoers/def_data.c:270 +#: plugins/sudoers/def_data.c:278 msgid "If LDAP directory is up, do we ignore local sudoers file" msgstr "Jos LDAP-hakemisto on ylhäällä, ohitammeko paikallisen sudoers-tiedoston" -#: plugins/sudoers/def_data.c:274 +#: plugins/sudoers/def_data.c:282 #, c-format msgid "File descriptors >= %d will be closed before executing a command" msgstr "Tiedostokuvaajat >= %d suljetaan ennen komennon suoritusta" -#: plugins/sudoers/def_data.c:278 +#: plugins/sudoers/def_data.c:286 msgid "If set, users may override the value of \"closefrom\" with the -C option" msgstr "Jos asetettu, käyttäjä voi korvata ”closefrom”-arvon valitsimella -C" -#: plugins/sudoers/def_data.c:282 +#: plugins/sudoers/def_data.c:290 msgid "Allow users to set arbitrary environment variables" msgstr "Salli käyttäjien asettaa mielivaltaisia ympäristömuuttujia" -#: plugins/sudoers/def_data.c:286 +#: plugins/sudoers/def_data.c:294 msgid "Reset the environment to a default set of variables" msgstr "Nollaa ympäristö muuttujien oletusjoukoksi" -#: plugins/sudoers/def_data.c:290 -msgid "Environment variables to check for sanity:" -msgstr "Ympäristömuuttujat, joille tehdään järkevyystarkistus:" +#: plugins/sudoers/def_data.c:298 +msgid "Environment variables to check for safety:" +msgstr "Turvallisuustarkastettavat ympäristömuuttujat:" -#: plugins/sudoers/def_data.c:294 +#: plugins/sudoers/def_data.c:302 msgid "Environment variables to remove:" msgstr "Poistettavat ympäristömuuttujat:" -#: plugins/sudoers/def_data.c:298 +#: plugins/sudoers/def_data.c:306 msgid "Environment variables to preserve:" msgstr "Säilytettävät ympäristömuuttujat:" -#: plugins/sudoers/def_data.c:302 +#: plugins/sudoers/def_data.c:310 #, c-format msgid "SELinux role to use in the new security context: %s" msgstr "Uudessa turva-asiayhteydessä käytettävä SELinux-rooli: %s" -#: plugins/sudoers/def_data.c:306 +#: plugins/sudoers/def_data.c:314 #, c-format msgid "SELinux type to use in the new security context: %s" msgstr "Uudessa turva-asiayhteydessä käytettävä SELinux-tyyppi: %s" -#: plugins/sudoers/def_data.c:310 +#: plugins/sudoers/def_data.c:318 #, c-format msgid "Path to the sudo-specific environment file: %s" msgstr "Polku sudo-kohtaiseen ympäristötiedostoon: %s" -#: plugins/sudoers/def_data.c:314 +#: plugins/sudoers/def_data.c:322 #, c-format msgid "Path to the restricted sudo-specific environment file: %s" msgstr "Polku rajoitettuun sudo-kohtaiseen ympäristötiedostoon: %s" -#: plugins/sudoers/def_data.c:318 +#: plugins/sudoers/def_data.c:326 #, c-format msgid "Locale to use while parsing sudoers: %s" msgstr "Locale-asetus, jota käytetään sudoers-jäsentämisessä: %s" -#: plugins/sudoers/def_data.c:322 +#: plugins/sudoers/def_data.c:330 msgid "Allow sudo to prompt for a password even if it would be visible" msgstr "Salli sudo-ohjelman kysyä salasana vieläpä jos se olisi näkyvä" -#: plugins/sudoers/def_data.c:326 +#: plugins/sudoers/def_data.c:334 msgid "Provide visual feedback at the password prompt when there is user input" msgstr "Tarjoa visuaalista palautetta salasanakehotteelta silloin kun on käyttäjäsyöte" -#: plugins/sudoers/def_data.c:330 +#: plugins/sudoers/def_data.c:338 msgid "Use faster globbing that is less accurate but does not access the filesystem" msgstr "Käyttää nopeampaa jokerimerkkien korvausta, joka on epätarkempi, mutta ei lue tiedostojärjestelmää" -#: plugins/sudoers/def_data.c:334 +#: plugins/sudoers/def_data.c:342 msgid "The umask specified in sudoers will override the user's, even if it is more permissive" msgstr "Sudoers umask korvaa käyttäjän umask-määrittelyn, vieläpä jos se on sallivampi" -#: plugins/sudoers/def_data.c:338 +#: plugins/sudoers/def_data.c:346 msgid "Log user's input for the command being run" msgstr "Kirjaa lokiin käyttäjän syöte suoritettavalle komennolle" -#: plugins/sudoers/def_data.c:342 +#: plugins/sudoers/def_data.c:350 msgid "Log the output of the command being run" msgstr "Kirjaa lokiin suoritettavan komennon tuloste" -#: plugins/sudoers/def_data.c:346 +#: plugins/sudoers/def_data.c:354 msgid "Compress I/O logs using zlib" msgstr "Tiivistä siirräntälokit käyttäen zlib-ohjelmaa" -#: plugins/sudoers/def_data.c:350 +#: plugins/sudoers/def_data.c:358 msgid "Always run commands in a pseudo-tty" msgstr "Suorita aina komennot näennäis-tty:ssä" -#: plugins/sudoers/def_data.c:354 +#: plugins/sudoers/def_data.c:362 #, c-format msgid "Plugin for non-Unix group support: %s" msgstr "Lisäosa ei-Unix-ryhmätuelle: %s" -#: plugins/sudoers/def_data.c:358 +#: plugins/sudoers/def_data.c:366 #, c-format msgid "Directory in which to store input/output logs: %s" msgstr "Hakemisto, johon tallennetaan syöte-/tulostelokit: %s" -#: plugins/sudoers/def_data.c:362 +#: plugins/sudoers/def_data.c:370 #, c-format msgid "File in which to store the input/output log: %s" msgstr "Tiedosto, johon tallennetaan syöte-/tulosteloki: %s" -#: plugins/sudoers/def_data.c:366 +#: plugins/sudoers/def_data.c:374 msgid "Add an entry to the utmp/utmpx file when allocating a pty" msgstr "Lisää rivi utmp-/utmpx-tiedostoon, kun varataan pty" -#: plugins/sudoers/def_data.c:370 +#: plugins/sudoers/def_data.c:378 msgid "Set the user in utmp to the runas user, not the invoking user" msgstr "Aseta käyttäjäksi utmp-tiedostoon suorittava käyttäjä, ei kutsuva käyttäjä" -#: plugins/sudoers/def_data.c:374 +#: plugins/sudoers/def_data.c:382 #, c-format msgid "Set of permitted privileges: %s" msgstr "Sallittujen käyttöoikeuksien joukko: %s" -#: plugins/sudoers/def_data.c:378 +#: plugins/sudoers/def_data.c:386 #, c-format msgid "Set of limit privileges: %s" msgstr "Rajoitettujen käyttöoikeuksien joukko: %s" -#: plugins/sudoers/def_data.c:382 +#: plugins/sudoers/def_data.c:390 msgid "Run commands on a pty in the background" msgstr "Suorita komentoja pty:llä taustalla" -#: plugins/sudoers/def_data.c:386 +#: plugins/sudoers/def_data.c:394 #, c-format msgid "PAM service name to use: %s" msgstr "Käytettävä PAM-palvelunimi: %s" -#: plugins/sudoers/def_data.c:390 +#: plugins/sudoers/def_data.c:398 #, c-format msgid "PAM service name to use for login shells: %s" msgstr "Kirjautumiskomentotulkeille käytettävä PAM-palvelunimi: %s" -#: plugins/sudoers/def_data.c:394 +#: plugins/sudoers/def_data.c:402 msgid "Attempt to establish PAM credentials for the target user" msgstr "Yritys perustaa PAM-valtuustiedot kohdekäyttäjälle" -#: plugins/sudoers/def_data.c:398 +#: plugins/sudoers/def_data.c:406 msgid "Create a new PAM session for the command to run in" msgstr "Luo uusi PAM-istunto suoritettavalle komennolle" -#: plugins/sudoers/def_data.c:402 +#: plugins/sudoers/def_data.c:410 msgid "Perform PAM account validation management" -msgstr "" +msgstr "Suorita PAM-tilinvahvistuksen hallintaa" -#: plugins/sudoers/def_data.c:406 -#, fuzzy, c-format +#: plugins/sudoers/def_data.c:414 +#, c-format msgid "Maximum I/O log sequence number: %s" -msgstr "Suurin siirräntälokin sarjanumero: %u" +msgstr "Suurin siirräntälokin sarjanumero: %s" -#: plugins/sudoers/def_data.c:410 +#: plugins/sudoers/def_data.c:418 msgid "Enable sudoers netgroup support" msgstr "Ota käyttöön sudoers-verkkoryhmätuki" -#: plugins/sudoers/def_data.c:414 +#: plugins/sudoers/def_data.c:422 msgid "Check parent directories for writability when editing files with sudoedit" msgstr "Tarkista yläpuolella olevan hakemistojen kirjoituskelpoisuus kun tiedostoja muokataan sudoedit-ohjelmalla" -#: plugins/sudoers/def_data.c:418 +#: plugins/sudoers/def_data.c:426 msgid "Follow symbolic links when editing files with sudoedit" msgstr "Seuraa symbolisia linkejä kun tiedostoja muokataan sudoedit-ohjelmalla" -#: plugins/sudoers/def_data.c:422 +#: plugins/sudoers/def_data.c:430 msgid "Query the group plugin for unknown system groups" msgstr "Kysy ryhmälisäosaa tuntemattomille järjestelmäryhmille" -#: plugins/sudoers/def_data.c:426 +#: plugins/sudoers/def_data.c:434 msgid "Match netgroups based on the entire tuple: user, host and domain" msgstr "Täsmäävät verkkoryhmät perustuen koko monikolle: käyttäjä, tietokone ja verkkotunnus" -#: plugins/sudoers/def_data.c:430 +#: plugins/sudoers/def_data.c:438 msgid "Allow commands to be run even if sudo cannot write to the audit log" msgstr "Salli komentojen suorittaminen silloinkin kun sudo ei kykene kirjoittamaan valvontatarkastuslokiin" -#: plugins/sudoers/def_data.c:434 +#: plugins/sudoers/def_data.c:442 msgid "Allow commands to be run even if sudo cannot write to the I/O log" msgstr "Salli komentojen suorittaminen silloinkin kun sudo ei kykene kirjoittamaan siirtolokiin" -#: plugins/sudoers/def_data.c:438 +#: plugins/sudoers/def_data.c:446 msgid "Allow commands to be run even if sudo cannot write to the log file" msgstr "Salli komentojen suorittaminen silloinkin kun sudo ei kykene kirjoittamaan lokitiedostoon" -#: plugins/sudoers/def_data.c:442 +#: plugins/sudoers/def_data.c:450 msgid "Resolve groups in sudoers and match on the group ID, not the name" msgstr "Ratkaise sudoers-ryhmät ja täsmäytä ryhmätunnisteeseen, ei nimeen" -#: plugins/sudoers/def_data.c:446 +#: plugins/sudoers/def_data.c:454 #, c-format msgid "Log entries larger than this value will be split into multiple syslog messages: %u" msgstr "Lokirivit, jotka ovat pitempiä kuin tämä arvo, jaetaan useisiin syslog-viesteihin: %u" -#: plugins/sudoers/def_data.c:450 +#: plugins/sudoers/def_data.c:458 #, c-format msgid "User that will own the I/O log files: %s" msgstr "Käyttäjä, joka omistaa siirräntälokitiedostot: %s" -#: plugins/sudoers/def_data.c:454 +#: plugins/sudoers/def_data.c:462 #, c-format msgid "Group that will own the I/O log files: %s" msgstr "Ryhmä, joka omistaa siirräntälokitiedostot: %s" -#: plugins/sudoers/def_data.c:458 +#: plugins/sudoers/def_data.c:466 #, c-format msgid "File mode to use for the I/O log files: 0%o" msgstr "Tiedostotila käytettäväksi siirräntälokitiedostoissa: 0%o" -#: plugins/sudoers/def_data.c:462 +#: plugins/sudoers/def_data.c:470 #, c-format msgid "Execute commands by file descriptor instead of by path: %s" msgstr "Suorita komentoja tiedostokuvaan avulla eikä polun avulla: %s" -#: plugins/sudoers/def_data.c:466 +#: plugins/sudoers/def_data.c:474 msgid "Ignore unknown Defaults entries in sudoers instead of producing a warning" msgstr "Ohita tuntemattomat Defaults-rivit sudoers-tiedostossa sen sijaan että tuottaisit varoituksia" -#: plugins/sudoers/def_data.c:470 +#: plugins/sudoers/def_data.c:478 #, c-format msgid "Time in seconds after which the command will be terminated: %u" msgstr "Sekuntimäärä, jossa komento päätetään: %u" -#: plugins/sudoers/def_data.c:474 +#: plugins/sudoers/def_data.c:482 msgid "Allow the user to specify a timeout on the command line" -msgstr "Salli käyttäjän määritellä aikavalvonta komentorivillä" +msgstr "Salli käyttäjän määritellä aikakatkaisu komentorivillä" -#: plugins/sudoers/def_data.c:478 +#: plugins/sudoers/def_data.c:486 msgid "Flush I/O log data to disk immediately instead of buffering it" -msgstr "Tyhjennä siirräntälokitiedot levylle välittömästi sen sijaan että puskuroisit ne" +msgstr "Huuhtele siirräntälokitiedot levylle välittömästi sen sijaan että puskuroisit ne" -#: plugins/sudoers/def_data.c:482 +#: plugins/sudoers/def_data.c:490 msgid "Include the process ID when logging via syslog" msgstr "Sisällytä prosessitunniste, kun kirjataan syslog-tiedostoon" -#: plugins/sudoers/def_data.c:486 +#: plugins/sudoers/def_data.c:494 #, c-format msgid "Type of authentication timestamp record: %s" msgstr "Todennusaikaleimatietueen tyyppi: %s" -#: plugins/sudoers/def_data.c:490 +#: plugins/sudoers/def_data.c:498 #, c-format msgid "Authentication failure message: %s" -msgstr "todentamisen virheviesti: %s" +msgstr "Todentamisen virheviesti: %s" -#: plugins/sudoers/def_data.c:494 +#: plugins/sudoers/def_data.c:502 msgid "Ignore case when matching user names" msgstr "Älä huomioi kirjainkokoa käyttäjänimien täsmäyksessä" -#: plugins/sudoers/def_data.c:498 +#: plugins/sudoers/def_data.c:506 msgid "Ignore case when matching group names" msgstr "Älä huomioi kirjainkokoa ryhmänimien täsmäyksessä" -#: plugins/sudoers/def_data.c:502 +#: plugins/sudoers/def_data.c:510 msgid "Log when a command is allowed by sudoers" msgstr "Kirjaa lokiin, kun sudoers sallii komennon" -#: plugins/sudoers/def_data.c:506 +#: plugins/sudoers/def_data.c:514 msgid "Log when a command is denied by sudoers" msgstr "Kirjaa lokiin, kun sudoers kieltää komennon" -#: plugins/sudoers/def_data.c:510 +#: plugins/sudoers/def_data.c:518 msgid "Sudo log server(s) to connect to with optional port" -msgstr "" +msgstr "Sudo-lokipalvelimet, joihin yhdistetään valinnaiseen porttiin" -#: plugins/sudoers/def_data.c:514 +#: plugins/sudoers/def_data.c:522 #, c-format msgid "Sudo log server timeout in seconds: %u" -msgstr "" +msgstr "Sudo-lokipalvelimen aikakatkaisu sekunteina: %u" -#: plugins/sudoers/def_data.c:518 +#: plugins/sudoers/def_data.c:526 msgid "Enable SO_KEEPALIVE socket option on the socket connected to the logserver" msgstr "Ota SO_KEEPALIVE-valinta käyttöön lokipalvelimeen yhdistetylle soketille" -#: plugins/sudoers/def_data.c:522 -#, fuzzy, c-format +#: plugins/sudoers/def_data.c:530 +#, c-format msgid "Path to the audit server's CA bundle file: %s" -msgstr "Polku sudo-kohtaiseen ympäristötiedostoon: %s" +msgstr "Valvontapalvelimen CA-pakettitiedoston polku: %s" -#: plugins/sudoers/def_data.c:526 +#: plugins/sudoers/def_data.c:534 #, c-format msgid "Path to the sudoers certificate file: %s" msgstr "Sudoers-varmennetiedoston polku: %s" -#: plugins/sudoers/def_data.c:530 +#: plugins/sudoers/def_data.c:538 #, c-format msgid "Path to the sudoers private key file: %s" msgstr "Sudoersin yksityisen avaintiedoston polku: %s" -#: plugins/sudoers/def_data.c:534 -#, fuzzy +#: plugins/sudoers/def_data.c:542 msgid "Verify that the log server's certificate is valid" -msgstr "Sudoers-varmennetiedoston polku: %s" +msgstr "Varmista, että lokipalvelimen varmenne on kelvollinen" -#: plugins/sudoers/def_data.c:538 +#: plugins/sudoers/def_data.c:546 msgid "Allow the use of unknown runas user and/or group ID" -msgstr "" +msgstr "Salli tuntemattoman runas-käyttäjän ja/tai ryhmä-id:n käyttö" -#: plugins/sudoers/def_data.c:542 +#: plugins/sudoers/def_data.c:550 msgid "Only permit running commands as a user with a valid shell" msgstr "Salli komentojen suorittaminen vain käyttäjänä, jolla on kelvollinen kuori" -#: plugins/sudoers/def_data.c:546 +#: plugins/sudoers/def_data.c:554 msgid "Set the pam remote user to the user running sudo" -msgstr "" +msgstr "Aseta pam-etäkäyttäjä sudoa käyttäväksi käyttäjäksi" -#: plugins/sudoers/def_data.c:550 +#: plugins/sudoers/def_data.c:558 msgid "Set the pam remote host to the local host name" +msgstr "Aseta pam-etäkone paikalliseksi konenimeksi" + +#: plugins/sudoers/def_data.c:562 +#, c-format +msgid "Working directory to change to before executing the command: %s" +msgstr "Työhakemisto, johon vaihdetaan ennen komennon suorittamista: %s" + +#: plugins/sudoers/def_data.c:566 +#, c-format +msgid "Root directory to change to before executing the command: %s" +msgstr "Juurihakemisto, johon vaihdetaan ennen komennon suorittamista: %s" + +#: plugins/sudoers/def_data.c:570 +#, c-format +msgid "The format of logs to produce: %s" +msgstr "Lokien muoto: %s" + +#: plugins/sudoers/def_data.c:574 +msgid "Enable SELinux RBAC support" +msgstr "Ota SELinux RBAC -tuki käyttöön" + +#: plugins/sudoers/def_data.c:578 +#, c-format +msgid "Path to the file that is created the first time sudo is run: %s" +msgstr "Polku tiedostoon, joka luodaan sudon ensimmäisellä suorituskerralla: %s" + +#: plugins/sudoers/def_data.c:582 +msgid "Intercept further commands and apply sudoers restrictions to them" +msgstr "Sieppaa tulevat komennot ja sovella niihin sudoers-rajoituksia" + +#: plugins/sudoers/def_data.c:586 +msgid "Log sub-commands run by the original command" +msgstr "Kirjaa alkuperäisen komennon suorittamat alikomennot lokiin" + +#: plugins/sudoers/def_data.c:590 +msgid "Log the exit status of commands" +msgstr "Kirjaa lokiin komentojen poistumiskoodit" + +#: plugins/sudoers/def_data.c:594 +msgid "Subsequent commands in an intercepted session must be authenticated" +msgstr "Siepatun istunnon seuraavat komennot on todennettava" + +#: plugins/sudoers/def_data.c:598 +msgid "Allow an intercepted command to run set setuid or setgid programs" +msgstr "Salli siepatun komennon suorittaa setuid- ja setgid-ohjelmia" + +#: plugins/sudoers/def_data.c:602 +#, c-format +msgid "The maximum size to which the process's address space may grow (in bytes): %s" +msgstr "Prosessin osoiteavaruuden enimmäiskoko (tavuina): %s" + +#: plugins/sudoers/def_data.c:606 +#, c-format +msgid "The largest size core dump file that may be created (in bytes): %s" msgstr "" -#: plugins/sudoers/defaults.c:183 +#: plugins/sudoers/def_data.c:610 +#, c-format +msgid "The maximum amount of CPU time that the process may use (in seconds): %s" +msgstr "Prosessin käyttämän suoritinajan enimmäismäärä (sekunteina): %s" + +#: plugins/sudoers/def_data.c:614 +#, c-format +msgid "The maximum size of the data segment for the process (in bytes): %s" +msgstr "Prosessin datasegmentin enimmäiskoko (tavuina): %s" + +#: plugins/sudoers/def_data.c:618 +#, c-format +msgid "The largest size file that the process may create (in bytes): %s" +msgstr "Prosessin luoman tiedoston enimmäiskoko (tavuina): %s" + +#: plugins/sudoers/def_data.c:622 #, c-format -msgid "%s:%d unknown defaults entry \"%s\"" -msgstr "%s:%d tuntematon oletusrivi ”%s”" +msgid "The maximum number of locks that the process may establish: %s" +msgstr "Prosessin vahvistamien lukkojen enimmäismäärä: %s" -#: plugins/sudoers/defaults.c:186 +#: plugins/sudoers/def_data.c:626 +#, c-format +msgid "The maximum size that the process may lock in memory (in bytes): %s" +msgstr "Prosessin lukittavaksi sallitun muistin enimmäiskoko (tavuina): %s" + +#: plugins/sudoers/def_data.c:630 +#, c-format +msgid "The maximum number of files that the process may have open: %s" +msgstr "Prosessilla avoinna olevien tiedostojen enimmäismäärä: %s" + +#: plugins/sudoers/def_data.c:634 +#, c-format +msgid "The maximum number of processes that the user may run simultaneously: %s" +msgstr "Käyttäjän samanaikaisesti suoritettavien prosessien enimmäismäärä: %s" + +#: plugins/sudoers/def_data.c:638 +#, c-format +msgid "The maximum size to which the process's resident set size may grow (in bytes): %s" +msgstr "" + +#: plugins/sudoers/def_data.c:642 +#, c-format +msgid "The maximum size to which the process's stack may grow (in bytes): %s" +msgstr "Prosessin pinon enimmäiskoko (tavuina): %s" + +#: plugins/sudoers/defaults.c:192 #, c-format msgid "%s: unknown defaults entry \"%s\"" msgstr "%s: tuntematon oletusrivi ”%s”" # parametrinä on variable -#: plugins/sudoers/defaults.c:229 +#: plugins/sudoers/defaults.c:241 #, c-format -msgid "%s:%d no value specified for \"%s\"" -msgstr "%s:%d arvoa ei ole määritelty muuttujalle ”%s”" +msgid "%s:%d:%d: no value specified for \"%s\"" +msgstr "%s:%d:%d: arvoa ei ole määritelty muuttujalle ”%s”" # parametrinä on variable -#: plugins/sudoers/defaults.c:232 +#: plugins/sudoers/defaults.c:244 #, c-format msgid "%s: no value specified for \"%s\"" msgstr "%s: arvoa ei ole määritelty muuttujalle ”%s”" -# Parametri on muuttuja -#: plugins/sudoers/defaults.c:252 -#, c-format -msgid "%s:%d values for \"%s\" must start with a '/'" -msgstr "%s:%d muuttujan ”%s” arvojen on alettava merkillä ’/’" +# parametrinä on variable +#: plugins/sudoers/defaults.c:257 +#, fuzzy, c-format +#| msgid "%s:%d:%d: no value specified for \"%s\"" +msgid "%s:%d:%d: invalid operator \"%c=\" for \"%s\"" +msgstr "%s:%d:%d: arvoa ei ole määritelty muuttujalle ”%s”" -# Parametri on muuttuja -#: plugins/sudoers/defaults.c:255 -#, c-format -msgid "%s: values for \"%s\" must start with a '/'" -msgstr "%s: muuttujan ”%s” arvojen on alettava merkillä ’/’" +#: plugins/sudoers/defaults.c:260 +#, fuzzy, c-format +#| msgid "%s: invalid Defaults type 0x%x for option \"%s\"" +msgid "%s: invalid operator \"%c=\" for \"%s\"" +msgstr "%s: virheellinen Defaults-tyyppi 0x%x valitsimelle ”%s”" -#: plugins/sudoers/defaults.c:277 +#: plugins/sudoers/defaults.c:296 #, c-format -msgid "%s:%d option \"%s\" does not take a value" -msgstr "%s:%d valitsin ”%s” ei ota arvoa" +msgid "%s:%d:%d: option \"%s\" does not take a value" +msgstr "%s:%d:%d: valitsin ”%s” ei ota arvoa" -#: plugins/sudoers/defaults.c:280 +#: plugins/sudoers/defaults.c:299 #, c-format msgid "%s: option \"%s\" does not take a value" msgstr "%s: valitsin ”%s” ei ota arvoa" -#: plugins/sudoers/defaults.c:305 +#: plugins/sudoers/defaults.c:327 #, c-format -msgid "%s:%d invalid Defaults type 0x%x for option \"%s\"" -msgstr "%s:%d virheellinen Defaults-tyyppi 0x%x valitsimelle ”%s”" +msgid "%s:%d:%d: invalid Defaults type 0x%x for option \"%s\"" +msgstr "%s:%d:%d: virheellinen Defaults-tyyppi 0x%x valitsimelle ”%s”" -#: plugins/sudoers/defaults.c:308 +#: plugins/sudoers/defaults.c:330 #, c-format msgid "%s: invalid Defaults type 0x%x for option \"%s\"" msgstr "%s: virheellinen Defaults-tyyppi 0x%x valitsimelle ”%s”" -#: plugins/sudoers/defaults.c:318 +#: plugins/sudoers/defaults.c:340 #, c-format -msgid "%s:%d value \"%s\" is invalid for option \"%s\"" -msgstr "%s:%d arvo ”%s” on virheellinen valitsimelle ”%s”" +msgid "%s:%d:%d: value \"%s\" is invalid for option \"%s\"" +msgstr "%s:%d:%d: arvo ”%s” on virheellinen valitsimelle ”%s”" -#: plugins/sudoers/defaults.c:321 +#: plugins/sudoers/defaults.c:343 #, c-format msgid "%s: value \"%s\" is invalid for option \"%s\"" msgstr "%s: arvo ”%s” on virheellinen valitsimelle ”%s”" -#: plugins/sudoers/env.c:404 +#: plugins/sudoers/defaults.c:1124 +#, c-format +msgid "%s:%d:%d: path name for \"%s\" too long" +msgstr "" + +#: plugins/sudoers/defaults.c:1127 +#, c-format +msgid "%s: path name for \"%s\" too long" +msgstr "" + +# Parametri on muuttuja +#: plugins/sudoers/defaults.c:1138 +#, c-format +msgid "%s:%d:%d: values for \"%s\" must start with a '/', '~', or '*'" +msgstr "%s:%d:%d: ”%s”-muuttujan arvojen on alettava merkillä ’/’, ’~’ tai ’*’" + +# Parametri on muuttuja +#: plugins/sudoers/defaults.c:1142 +#, c-format +msgid "%s: values for \"%s\" must start with a '/', '~', or '*'" +msgstr "%s: ”%s”-muuttujan arvojen on alettava merkillä ’/’, ’~’ tai ’*’" + +# Parametri on muuttuja +#: plugins/sudoers/defaults.c:1153 +#, c-format +msgid "%s:%d:%d: values for \"%s\" must start with a '/'" +msgstr "%s:%d:%d: ”%s”-muuttujan arvojen on alettava merkillä ’/’" + +# Parametri on muuttuja +#: plugins/sudoers/defaults.c:1157 +#, c-format +msgid "%s: values for \"%s\" must start with a '/'" +msgstr "%s: ”%s”-muuttujan arvon on alettava merkillä ’/’" + +#: plugins/sudoers/env.c:412 msgid "sudo_putenv: corrupted envp, length mismatch" msgstr "sudo_putenv: rikkoutunut envp, pituus ei täsmää" -#: plugins/sudoers/env.c:1131 +#: plugins/sudoers/env.c:1095 msgid "unable to rebuild the environment" msgstr "ympäristön rakentaminen uudelleen epäonnistui" -#: plugins/sudoers/env.c:1205 +#: plugins/sudoers/env.c:1169 #, c-format msgid "sorry, you are not allowed to set the following environment variables: %s" -msgstr "seuraavia ympäristömuuttujia ei ole lupa asettaa: %s" +msgstr "sinun ei ole sallittua asettaa seuraavia ympäristömuuttujia: %s" -#: plugins/sudoers/file.c:104 +#: plugins/sudoers/file.c:108 #, c-format msgid "parse error in %s near line %d" msgstr "jäsentämisvirhe tiedostossa %s lähellä riviä %d" -#: plugins/sudoers/file.c:107 +#: plugins/sudoers/file.c:111 #, c-format msgid "parse error in %s" msgstr "jäsentämisvirhe tiedostossa %s" @@ -1894,7 +2624,7 @@ #: plugins/sudoers/filedigest.c:49 #, c-format msgid "unsupported digest type %d for %s" -msgstr "tukematon tiivistetyyppi %d kohteelle %s" +msgstr "ei-tuettu tiivistetyyppi %d tiedostolle %s" #: plugins/sudoers/filedigest.c:78 #, c-format @@ -1911,7 +2641,7 @@ msgid "%s must only be writable by owner" msgstr "%s on vain omistajan kirjoitettava" -#: plugins/sudoers/group_plugin.c:96 plugins/sudoers/sssd.c:571 +#: plugins/sudoers/group_plugin.c:96 plugins/sudoers/sssd.c:566 #, c-format msgid "unable to load %s: %s" msgstr "kohteen %s lataaminen epäonnistui: %s" @@ -1927,138 +2657,88 @@ msgid "%s: incompatible group plugin major version %d, expected %d" msgstr "%s: yhteensopimaton ryhmälisäosan major-versio %d, odotettiin %d" -#: plugins/sudoers/interfaces.c:80 plugins/sudoers/interfaces.c:97 +#: plugins/sudoers/interfaces.c:76 plugins/sudoers/interfaces.c:93 #, c-format msgid "unable to parse IP address \"%s\"" msgstr "verkko-osoitteen ”%s” jäsentäminen epäonnistui" -# Parametri on sudoers file -#: plugins/sudoers/interfaces.c:85 plugins/sudoers/interfaces.c:102 +#: plugins/sudoers/interfaces.c:81 plugins/sudoers/interfaces.c:98 #, c-format msgid "unable to parse netmask \"%s\"" msgstr "verkkopeitteen ”%s” jäsentäminen epäonnistui" -#: plugins/sudoers/interfaces.c:130 +#: plugins/sudoers/interfaces.c:126 msgid "Local IP address and netmask pairs:\n" msgstr "Paikallinen verkko-osoite ja verkkopeiteparit:\n" -#: plugins/sudoers/iolog.c:142 plugins/sudoers/sudoers.c:393 -#: plugins/sudoers/sudoers.c:394 plugins/sudoers/sudoers.c:1274 -#: plugins/sudoers/testsudoers.c:416 -#, c-format -msgid "unknown group: %s" -msgstr "tuntematon ryhmä: %s" - -#: plugins/sudoers/iolog.c:517 plugins/sudoers/iolog.c:807 -#: plugins/sudoers/iolog.c:959 plugins/sudoers/iolog.c:966 -#: plugins/sudoers/iolog.c:1087 plugins/sudoers/iolog.c:1094 -#: plugins/sudoers/iolog.c:1193 plugins/sudoers/iolog.c:1200 +#: plugins/sudoers/iolog.c:626 +msgid "unable to update sequence file" +msgstr "sekvenssitiedostoa ei voi päivittää" + +#: plugins/sudoers/iolog.c:660 plugins/sudoers/iolog.c:848 +#: plugins/sudoers/iolog.c:1001 plugins/sudoers/iolog.c:1008 +#: plugins/sudoers/iolog.c:1129 plugins/sudoers/iolog.c:1136 +#: plugins/sudoers/iolog.c:1235 plugins/sudoers/iolog.c:1242 #, c-format msgid "unable to write to I/O log file: %s" msgstr "siirtolokitiedostoon: %s kirjoittaminen epäonnistui" -#: plugins/sudoers/iolog.c:566 -msgid "unable to update sequence file" -msgstr "sekvenssitiedostoa ei voi päivittää" - # Parametrina on pathbuf -#: plugins/sudoers/iolog.c:605 -#, fuzzy, c-format +#: plugins/sudoers/iolog.c:668 +#, c-format msgid "unable to create %s/%s" -msgstr "hakemistopolun %s luominen epäonnistui" - -#: plugins/sudoers/iolog.c:631 -msgid "unable to connect to log server" -msgstr "yhteyden muodostaminen lokipalvelimeen ei onnistu" +msgstr "tiedostoa %s/%s ei voida luoda" -#: plugins/sudoers/iolog.c:851 +#: plugins/sudoers/iolog.c:893 #, c-format msgid "%s: internal error, I/O log file for event %d not open" msgstr "%s: sisäinen virhe, tapahtuman %d siirräntälokitiedosto ei ole avoin" -#: plugins/sudoers/iolog.c:944 plugins/sudoers/iolog.c:1072 -#: plugins/sudoers/iolog.c:1177 plugins/sudoers/timestamp.c:855 -#: plugins/sudoers/timestamp.c:947 plugins/sudoers/visudo.c:492 -#: plugins/sudoers/visudo.c:498 +#: plugins/sudoers/iolog.c:986 plugins/sudoers/iolog.c:1114 +#: plugins/sudoers/iolog.c:1219 plugins/sudoers/timestamp.c:849 +#: plugins/sudoers/timestamp.c:941 plugins/sudoers/visudo.c:510 +#: plugins/sudoers/visudo.c:516 msgid "unable to read the clock" msgstr "kellon lukeminen epäonnistui" -#: plugins/sudoers/iolog.c:1169 plugins/sudoers/iolog_client.c:977 +#: plugins/sudoers/iolog.c:1211 plugins/sudoers/log_client.c:1221 +#: plugins/sudoers/log_client.c:1231 plugins/sudoers/log_client.c:1235 #, c-format msgid "%s: internal error, invalid signal %d" msgstr "%s: sisäinen virhe, virheellinen signaali %d" -#: plugins/sudoers/iolog_client.c:113 plugins/sudoers/iolog_client.c:392 -#: plugins/sudoers/iolog_client.c:1200 plugins/sudoers/iolog_client.c:1775 -msgid "error in event loop" -msgstr "virhe tapahtumasilmukassa" - -#: plugins/sudoers/iolog_client.c:194 -#, c-format -msgid "Creation of new SSL_CTX object failed: %s" -msgstr "Uuden SSL_CTX-objektin luominen epäonnistui: %s" - -#: plugins/sudoers/iolog_client.c:346 plugins/sudoers/iolog_client.c:351 -#, c-format -msgid "TLS connection to %s:%s failed: %s" -msgstr "" - -#: plugins/sudoers/iolog_client.c:496 -msgid "TLS initialization was unsuccessful" -msgstr "TLS-alustus epäonnistui" - -#: plugins/sudoers/iolog_client.c:505 -msgid "TLS handshake was unsuccessful" -msgstr "TLS-kättely epäonnistui" - -#: plugins/sudoers/iolog_client.c:767 plugins/sudoers/iolog_client.c:959 -msgid "unable to get time of day" -msgstr "kellonajan noutaminen epäonnistui" - -#: plugins/sudoers/iolog_client.c:986 -#, c-format -msgid "%s: internal error, invalid exit status %d" -msgstr "%s: sisäinen virhe, virheellinen lopetustila %d" - -#: plugins/sudoers/iolog_client.c:1523 -msgid "lost connection to log server" -msgstr "yhteys lokipalvelimeen katkesi" - -#: plugins/sudoers/iolog_client.c:1600 -msgid "missing write buffer" -msgstr "puuttuva kirjoituspuskuri" - -#: plugins/sudoers/ldap.c:176 plugins/sudoers/ldap_conf.c:291 +#: plugins/sudoers/ldap.c:177 plugins/sudoers/ldap_conf.c:291 msgid "starttls not supported when using ldaps" msgstr "starttls ei ole tuettu ldaps-käytössä" -#: plugins/sudoers/ldap.c:247 +#: plugins/sudoers/ldap.c:248 #, c-format msgid "unable to initialize SSL cert and key db: %s" msgstr "SSL-varmenne- ja avaintietokannan alustaminen epäonnistui: %s" -#: plugins/sudoers/ldap.c:250 +#: plugins/sudoers/ldap.c:251 #, c-format msgid "you must set TLS_CERT in %s to use SSL" msgstr "kohteessa %s TLS_CERT on asetettava käyttämään SSL:ää" -#: plugins/sudoers/ldap.c:1658 +#: plugins/sudoers/ldap.c:1663 #, c-format msgid "unable to initialize LDAP: %s" msgstr "kohteen LDAP alustaminen epäonnistui: %s" -#: plugins/sudoers/ldap.c:1694 +#: plugins/sudoers/ldap.c:1700 msgid "start_tls specified but LDAP libs do not support ldap_start_tls_s() or ldap_start_tls_s_np()" msgstr "start_tls määritelty, mutta LDAP-kirjastot ei tue funktiota ldap_start_tls_s() tai funktiota ldap_start_tls_s_np()" -#: plugins/sudoers/ldap.c:1831 plugins/sudoers/parse_ldif.c:744 +#: plugins/sudoers/ldap.c:1837 plugins/sudoers/parse_ldif.c:747 #, c-format msgid "invalid sudoOrder attribute: %s" msgstr "virheellinen sudoOrder-attribuutti: %s" #: plugins/sudoers/ldap_conf.c:200 -msgid "sudo_ldap_conf_add_ports: port too large" -msgstr "sudo_ldap_conf_add_ports: portti on liian suuri" +#, c-format +msgid "%s: port too large" +msgstr "%s: portti liian suuri" # URL on verkko-osoite, loogisesti URI on verkkoresurssi(osoite) #: plugins/sudoers/ldap_conf.c:260 @@ -2070,124 +2750,174 @@ msgid "unable to mix ldap and ldaps URIs" msgstr "ldap:n ja ldap-verkkoresurssitunnuksien sekoittaminen epäonnistui" -#: plugins/sudoers/ldap_util.c:548 plugins/sudoers/ldap_util.c:550 +#: plugins/sudoers/ldap_util.c:498 plugins/sudoers/ldap_util.c:505 +#: plugins/sudoers/ldap_util.c:513 plugins/sudoers/ldap_util.c:522 +#: plugins/sudoers/ldap_util.c:530 plugins/sudoers/ldap_util.c:540 +#: plugins/sudoers/ldap_util.c:548 +#, c-format +msgid "duplicate sudoOption: %s%s%s" +msgstr "kahdentunut sudoOption: %s%s%s" + +#: plugins/sudoers/ldap_util.c:567 plugins/sudoers/ldap_util.c:569 #, c-format msgid "unable to convert sudoOption: %s%s%s" msgstr "sudoOptionia ei voi muuntaa: %s%s%s" -#: plugins/sudoers/linux_audit.c:58 +#: plugins/sudoers/linux_audit.c:58 plugins/sudoers/linux_audit.c:60 msgid "unable to open audit system" msgstr "audit-järjestelmän avaaminen epäonnistui" -#: plugins/sudoers/linux_audit.c:100 +#: plugins/sudoers/linux_audit.c:103 msgid "unable to send audit message" msgstr "audit-viestin lähettäminen epäonnistui" -#: plugins/sudoers/logging.c:167 +#: plugins/sudoers/log_client.c:120 plugins/sudoers/log_client.c:400 +#: plugins/sudoers/log_client.c:1468 plugins/sudoers/log_client.c:2070 +msgid "error in event loop" +msgstr "virhe tapahtumasilmukassa" + +#: plugins/sudoers/log_client.c:200 #, c-format -msgid "unable to open log file: %s" -msgstr "lokitiedoston avaaminen epäonnistui: %s" +msgid "Creation of new SSL_CTX object failed: %s" +msgstr "Uuden SSL_CTX-objektin luominen epäonnistui: %s" -#: plugins/sudoers/logging.c:175 +#: plugins/sudoers/log_client.c:223 #, c-format -msgid "unable to lock log file: %s" -msgstr "lokitiedoston lukitseminen epäonnistui: %s" +msgid "unable to load certificate authority bundle %s" +msgstr "varmenteen myöntäjän pakettia %s ei voitu ladata" -#: plugins/sudoers/logging.c:208 +#: plugins/sudoers/log_client.c:243 #, c-format -msgid "unable to write log file: %s" -msgstr "lokitiedostoon: %s kirjoittaminen epäonnistui" +msgid "unable to load certificate %s" +msgstr "sertifikaatin %s lataaminen epäonnistui" + +#: plugins/sudoers/log_client.c:256 +#, c-format +msgid "unable to load private key %s" +msgstr "yksityistä avainta %s ei voi ladata" + +#: plugins/sudoers/log_client.c:265 +#, c-format +msgid "Unable to allocate ssl object: %s" +msgstr "Ssl-objektia ei voi varata: %s" + +#: plugins/sudoers/log_client.c:353 plugins/sudoers/log_client.c:358 +#, c-format +msgid "TLS connection to %s:%s failed: %s" +msgstr "TLS-yhteys kohteeseen %s:%s epäonnistui: %s" + +#: plugins/sudoers/log_client.c:531 +msgid "TLS initialization was unsuccessful" +msgstr "TLS-alustus epäonnistui" + +#: plugins/sudoers/log_client.c:541 +msgid "TLS handshake was unsuccessful" +msgstr "TLS-kättely epäonnistui" + +#: plugins/sudoers/log_client.c:1239 +#, c-format +msgid "%s: internal error, invalid exit status %d" +msgstr "%s: sisäinen virhe, virheellinen lopetustila %d" + +#: plugins/sudoers/log_client.c:1608 +msgid "unable to unpack ServerMessage" +msgstr "ServerMessage-viestiä ei voi purkaa" + +#: plugins/sudoers/log_client.c:1763 plugins/sudoers/log_client.c:1787 +msgid "lost connection to log server" +msgstr "yhteys lokipalvelimeen katkesi" -#: plugins/sudoers/logging.c:241 +#: plugins/sudoers/log_client.c:1864 +msgid "missing write buffer" +msgstr "puuttuva kirjoituspuskuri" + +#: plugins/sudoers/log_client.c:2011 +msgid "unable to connect to log server" +msgstr "yhteyden muodostaminen lokipalvelimeen ei onnistu" + +#: plugins/sudoers/logging.c:286 msgid "user NOT in sudoers" msgstr "käyttäjä EI ole sudoers-tiedostossa" -#: plugins/sudoers/logging.c:243 +#: plugins/sudoers/logging.c:288 msgid "user NOT authorized on host" msgstr "käyttäjä ei ole varmennettu tietokoneella" -#: plugins/sudoers/logging.c:245 +#: plugins/sudoers/logging.c:290 msgid "command not allowed" msgstr "komento ei ole sallittu" -#: plugins/sudoers/logging.c:288 +#: plugins/sudoers/logging.c:311 #, c-format msgid "%s is not in the sudoers file. This incident will be reported.\n" msgstr "%s ei ole sudoers-tiedostossa. Tästä tehdään ilmoitus.\n" -#: plugins/sudoers/logging.c:291 +#: plugins/sudoers/logging.c:314 #, c-format msgid "%s is not allowed to run sudo on %s. This incident will be reported.\n" msgstr "%s ei saa suorittaa sudoa %s-koneella. Tästä tehdään ilmoitus.\n" -#: plugins/sudoers/logging.c:295 +#: plugins/sudoers/logging.c:318 #, c-format msgid "Sorry, user %s may not run sudo on %s.\n" msgstr "Käyttäjä %s ei saa suorittaa sudoa %s-koneella.\n" -#: plugins/sudoers/logging.c:298 +#: plugins/sudoers/logging.c:321 #, c-format msgid "Sorry, user %s is not allowed to execute '%s%s%s' as %s%s%s on %s.\n" msgstr "Käyttäjä %s ei saa suorittaa komentoa ”%s%s%s” käyttäjänä %s%s%s koneella %s.\n" -#: plugins/sudoers/logging.c:335 plugins/sudoers/sudoers.c:512 -#: plugins/sudoers/sudoers.c:514 plugins/sudoers/sudoers.c:516 -#: plugins/sudoers/sudoers.c:518 plugins/sudoers/sudoers.c:665 -#: plugins/sudoers/sudoers.c:667 +#: plugins/sudoers/logging.c:358 plugins/sudoers/sudoers.c:629 +#: plugins/sudoers/sudoers.c:631 plugins/sudoers/sudoers.c:633 +#: plugins/sudoers/sudoers.c:635 plugins/sudoers/sudoers.c:785 +#: plugins/sudoers/sudoers.c:787 #, c-format msgid "%s: command not found" msgstr "%s: komentoa ei löytynyt" -#: plugins/sudoers/logging.c:337 plugins/sudoers/sudoers.c:508 +#: plugins/sudoers/logging.c:360 plugins/sudoers/sudoers.c:625 #, c-format msgid "" "ignoring \"%s\" found in '.'\n" "Use \"sudo ./%s\" if this is the \"%s\" you wish to run." msgstr "" -"ohitetaan komento ”%s”, joka löytyi kohteesta ’.’\n" -"Käytä ”sudo ./%s”, jos tämä on ”%s”-komento, joka halutaan suorittaa." +"ohitetaan ”.”-hakemistosta löytynyt ”%s”\n" +"Käytä komentoa ”sudo ./%s”, jos juuri tämä ”%s” halutaan suoritettavan." -#: plugins/sudoers/logging.c:354 -msgid "authentication failure" -msgstr "todentamishäiriö" - -#: plugins/sudoers/logging.c:380 -msgid "a password is required" -msgstr "vaaditaan salasana" - -#: plugins/sudoers/logging.c:450 +#: plugins/sudoers/logging.c:379 #, c-format msgid "%u incorrect password attempt" msgid_plural "%u incorrect password attempts" msgstr[0] "%u väärä salasanayritys" msgstr[1] "%u väärää salasanayritystä" -#: plugins/sudoers/logging.c:714 -#, c-format -msgid "unable to dup stdin: %m" -msgstr "funktion dup kutsuminen vakiosyötteellä epäonnistui: %m" - -#: plugins/sudoers/logging.c:751 -#, c-format -msgid "unable to execute %s: %m" -msgstr "käskyn %s suorittaminen epäonnistui: %m" +#: plugins/sudoers/logging.c:435 +msgid "authentication failure" +msgstr "todennusvirhe" -#: plugins/sudoers/logging.c:792 plugins/sudoers/logging.c:848 -#, c-format -msgid "unable to fork: %m" -msgstr "fork-funktion kutsuminen epäonnistui: %m" +#: plugins/sudoers/logging.c:475 plugins/sudoers/logging.c:495 +msgid "a password is required" +msgstr "vaaditaan salasana" -#: plugins/sudoers/logging.c:838 +#: plugins/sudoers/logging.c:889 #, c-format -msgid "unable to open pipe: %m" -msgstr "putken avaaminen epäonnistui: %m" +msgid "unable to write log file: %s" +msgstr "lokitiedostoon: %s kirjoittaminen epäonnistui" -#: plugins/sudoers/match_digest.c:116 +#: plugins/sudoers/match_digest.c:129 #, c-format msgid "digest for %s (%s) is not in %s form" -msgstr "tiiviste kohteelle %s (%s) ei ole %s-muodossa" +msgstr "tiedoston %s tiiviste (%s) ei ole %s-muodossa" -#: plugins/sudoers/parse.c:442 +#: plugins/sudoers/parse.c:233 +msgid "SELinux RBAC is not supported when intercept mode is enabled" +msgstr "SELinux RBAC ei ole tuettu, kun sieppaustila on käytössä" + +#: plugins/sudoers/parse.c:238 +msgid "SELinux RBAC is not supported when the log_subcmds flag is enabled" +msgstr "SELinux RBAC ei ole tuettu, kun log_subcmds-lippu on käytössä" + +#: plugins/sudoers/parse.c:549 #, c-format msgid "" "\n" @@ -2196,8 +2926,7 @@ "\n" "LDAP-rooli: %s\n" -#: plugins/sudoers/parse.c:445 -#, c-format +#: plugins/sudoers/parse.c:552 msgid "" "\n" "Sudoers entry:\n" @@ -2205,99 +2934,116 @@ "\n" "Sudoers-rivi:\n" -#: plugins/sudoers/parse.c:447 -#, c-format +#: plugins/sudoers/parse.c:554 msgid " RunAsUsers: " msgstr " SuoritaKäyttäjänä: " -#: plugins/sudoers/parse.c:462 -#, c-format +#: plugins/sudoers/parse.c:569 msgid " RunAsGroups: " msgstr " SuoritaRyhmänä: " -#: plugins/sudoers/parse.c:472 -#, c-format +#: plugins/sudoers/parse.c:579 msgid " Options: " msgstr " Valitsimet: " -#: plugins/sudoers/parse.c:522 -#, c-format +#: plugins/sudoers/parse.c:643 msgid " Commands:\n" msgstr " Komennot:\n" -#: plugins/sudoers/parse.c:713 +#: plugins/sudoers/parse.c:834 #, c-format msgid "Matching Defaults entries for %s on %s:\n" -msgstr "Täsmäävät Defaults-rivit kohteelle %s kohteella %s:\n" +msgstr "Täsmäävät Defaults-rivit käyttäjälle %s koneella %s:\n" -#: plugins/sudoers/parse.c:731 +#: plugins/sudoers/parse.c:852 #, c-format msgid "Runas and Command-specific defaults for %s:\n" -msgstr "Runas- ja Command-kohtaiset oletukset kohteelle %s:\n" +msgstr "Runas- ja Command-kohtaiset oletukset käyttäjälle %s:\n" -#: plugins/sudoers/parse.c:749 +#: plugins/sudoers/parse.c:870 #, c-format msgid "User %s may run the following commands on %s:\n" -msgstr "Käyttäjä %s voi suorittaa seuraavat komennot kohteella %s:\n" +msgstr "Käyttäjä %s voi suorittaa seuraavat komennot koneella %s:\n" -#: plugins/sudoers/parse.c:764 +#: plugins/sudoers/parse.c:885 #, c-format msgid "User %s is not allowed to run sudo on %s.\n" msgstr "Käyttäjä %s ei saa suorittaa komentoa sudo tietokoneella %s.\n" -#: plugins/sudoers/parse_ldif.c:614 +#: plugins/sudoers/parse_ldif.c:617 #, c-format msgid "ignoring incomplete sudoRole: cn: %s" msgstr "jätetään huomiotta epätäydellinen sudoRole: cn: %s" -#: plugins/sudoers/parse_ldif.c:674 +#: plugins/sudoers/parse_ldif.c:677 #, c-format msgid "invalid LDIF attribute: %s" msgstr "virheellinen LDIF-määrite: %s" -#: plugins/sudoers/policy.c:77 plugins/sudoers/policy.c:102 +#: plugins/sudoers/policy.c:80 plugins/sudoers/policy.c:111 #, c-format msgid "invalid %.*s set by sudo front-end" +msgstr "virheellinen sudo-edustaohjelman asettama %.*s" + +#: plugins/sudoers/policy.c:206 plugins/sudoers/policy.c:215 +#, c-format +msgid "path name for \"%s\" too long" msgstr "" -#: plugins/sudoers/policy.c:281 plugins/sudoers/testsudoers.c:272 +#: plugins/sudoers/policy.c:328 plugins/sudoers/testsudoers.c:268 msgid "unable to parse network address list" msgstr "verkko-osoiteluettelon jäsentäminen epäonnistui" -#: plugins/sudoers/policy.c:426 +#: plugins/sudoers/policy.c:479 msgid "user name not set by sudo front-end" msgstr "sudo-edustaohjelma ei määritellyt käyttäjänimeä" -#: plugins/sudoers/policy.c:430 +#: plugins/sudoers/policy.c:483 msgid "user-ID not set by sudo front-end" msgstr "sudo-edustaohjelma ei määritellyt käyttäjä-ID:tä" -#: plugins/sudoers/policy.c:434 +#: plugins/sudoers/policy.c:487 msgid "group-ID not set by sudo front-end" msgstr "sudo-edustaohjelma ei määritellyt ryhmä-ID:tä" -#: plugins/sudoers/policy.c:438 +#: plugins/sudoers/policy.c:491 msgid "host name not set by sudo front-end" msgstr "sudo-edustaohjelma ei määritellyt konenimeä" +#: plugins/sudoers/policy.c:693 +#, c-format +msgid "invalid working directory: %s" +msgstr "virheellinen työhakemisto: %s" + +#: plugins/sudoers/policy.c:869 +#, c-format +msgid "invalid chroot directory: %s" +msgstr "virheellinen chroot-hakemisto: %s" + # Parametri on path, mutta saattaa sisältää suoritettavan ohjelman -#: plugins/sudoers/policy.c:896 plugins/sudoers/visudo.c:230 -#: plugins/sudoers/visudo.c:861 +#: plugins/sudoers/policy.c:1051 plugins/sudoers/visudo.c:243 +#: plugins/sudoers/visudo.c:880 #, c-format msgid "unable to execute %s" msgstr "kohteen %s suorittaminen epäonnistui" -#: plugins/sudoers/policy.c:1060 +#: plugins/sudoers/policy.c:1121 plugins/sudoers/policy.c:1158 +#: plugins/sudoers/policy.c:1180 plugins/sudoers/policy.c:1206 +#, c-format +msgid "%s: invalid mode flags from sudo front end: 0x%x" +msgstr "%s: virheelliset tilaliput sudo-edustaohjelmalta: 0x%x" + +#: plugins/sudoers/policy.c:1237 #, c-format msgid "Sudoers policy plugin version %s\n" msgstr "Sudoers-menettelytapalisäosaversio %s\n" -#: plugins/sudoers/policy.c:1062 +#: plugins/sudoers/policy.c:1239 #, c-format msgid "Sudoers file grammar version %d\n" msgstr "Sudoers-tiedostokielioppiversio %d\n" -#: plugins/sudoers/policy.c:1066 +#: plugins/sudoers/policy.c:1243 #, c-format msgid "" "\n" @@ -2306,137 +3052,138 @@ "\n" "Sudoers-polku: %s\n" -#: plugins/sudoers/policy.c:1069 +#: plugins/sudoers/policy.c:1246 #, c-format msgid "nsswitch path: %s\n" msgstr "nsswitch-polku: %s\n" -#: plugins/sudoers/policy.c:1071 +#: plugins/sudoers/policy.c:1248 #, c-format msgid "ldap.conf path: %s\n" msgstr "ldap.conf-polku: %s\n" -#: plugins/sudoers/policy.c:1072 +#: plugins/sudoers/policy.c:1249 #, c-format msgid "ldap.secret path: %s\n" msgstr "ldap.secret-polku: %s\n" -#: plugins/sudoers/policy.c:1105 +#: plugins/sudoers/policy.c:1282 #, c-format msgid "unable to register hook of type %d (version %d.%d)" -msgstr "kytkentätyypin %d (version %d.%d) rekisteröiminen epäonnistui" +msgstr "%d-tyyppisen kytkennän (versio %d.%d) rekisteröiminen epäonnistui" -#: plugins/sudoers/pwutil.c:214 plugins/sudoers/pwutil.c:232 -#, fuzzy, c-format +#: plugins/sudoers/policy.c:1300 +#, c-format +msgid "unable to deregister hook of type %d (version %d.%d)" +msgstr "%d-tyyppisen kytkennän (versio %d.%d) rekisteröinnin poisto epäonnistui" + +#: plugins/sudoers/pwutil.c:222 plugins/sudoers/pwutil.c:240 +#, c-format msgid "unable to cache uid %u" -msgstr "käyttäjän uid %u laittaminen välimuistiin epäonnistui, muistia ei riittävästi" +msgstr "käyttäjä-id:n %u välimuistittaminen epäonnistui" -#: plugins/sudoers/pwutil.c:226 +#: plugins/sudoers/pwutil.c:234 #, c-format msgid "unable to cache uid %u, already exists" -msgstr "käyttäjän uid %u laittaminen välimuistiin epäonnistui, käyttäjä on jo siellä" +msgstr "käyttäjä-id:n %u välimuistittaminen epäonnistui, on jo olemassa" # Parametrina on pathbuf -#: plugins/sudoers/pwutil.c:286 plugins/sudoers/pwutil.c:304 -#: plugins/sudoers/pwutil.c:367 plugins/sudoers/pwutil.c:412 -#, fuzzy, c-format +#: plugins/sudoers/pwutil.c:294 plugins/sudoers/pwutil.c:312 +#: plugins/sudoers/pwutil.c:375 plugins/sudoers/pwutil.c:420 +#, c-format msgid "unable to cache user %s" -msgstr "hakemistopolun %s luominen epäonnistui" +msgstr "%s-käyttäjän välimuistittaminen epäonnistui" -#: plugins/sudoers/pwutil.c:299 +#: plugins/sudoers/pwutil.c:307 #, c-format msgid "unable to cache user %s, already exists" -msgstr "käyttäjän %s laittaminen välimuistiin epäonnistui, käyttäjä on jo siellä" +msgstr "%s-käyttäjän välimuistittaminen epäonnistui, on jo olemassa" -#: plugins/sudoers/pwutil.c:531 plugins/sudoers/pwutil.c:549 -#, fuzzy, c-format +#: plugins/sudoers/pwutil.c:539 plugins/sudoers/pwutil.c:557 +#, c-format msgid "unable to cache gid %u" -msgstr "ryhmän gid %u laittaminen välimuistiin epäonnistui, muistia ei riittävästi" +msgstr "ryhmä-id:n %u välimuistittaminen epäonnistui" -#: plugins/sudoers/pwutil.c:543 +#: plugins/sudoers/pwutil.c:551 #, c-format msgid "unable to cache gid %u, already exists" -msgstr "ryhmän gid %u laittaminen välimuistiin epäonnistui, ryhmä on jo siellä" +msgstr "ryhmä-id:n %u välimuistittaminen epäonnistui, on jo olemassa" -# Parametri on sudoers file -#: plugins/sudoers/pwutil.c:596 plugins/sudoers/pwutil.c:614 -#: plugins/sudoers/pwutil.c:662 plugins/sudoers/pwutil.c:704 -#, fuzzy, c-format +#: plugins/sudoers/pwutil.c:605 plugins/sudoers/pwutil.c:623 +#: plugins/sudoers/pwutil.c:684 plugins/sudoers/pwutil.c:733 +#, c-format msgid "unable to cache group %s" -msgstr "ryhmien jäsentäminen tiedostossa %s epäonnistui" +msgstr "%s-ryhmän välimuistittaminen epäonnistui" -#: plugins/sudoers/pwutil.c:609 +#: plugins/sudoers/pwutil.c:618 #, c-format msgid "unable to cache group %s, already exists" -msgstr "ryhmän %s laittaminen välimuistiin epäonnistui, ryhmä on jo siellä" +msgstr "%s-ryhmän välimuistittaminen epäonnistui, on jo olemassa" -#: plugins/sudoers/pwutil.c:831 plugins/sudoers/pwutil.c:883 -#: plugins/sudoers/pwutil.c:933 plugins/sudoers/pwutil.c:986 +#: plugins/sudoers/pwutil.c:880 plugins/sudoers/pwutil.c:931 +#: plugins/sudoers/pwutil.c:981 plugins/sudoers/pwutil.c:1033 #, c-format msgid "unable to cache group list for %s, already exists" -msgstr "ryhmäluettelon laittaminen välimuistiin tiedostossa %s epäonnistui, ryhmäluettelo on jo siellä" +msgstr "%s-käyttäjän ryhmäluettelon välimuistittaminen epäonnistui, on jo olemassa" -# Parametri on sudoers file -#: plugins/sudoers/pwutil.c:837 plugins/sudoers/pwutil.c:888 -#: plugins/sudoers/pwutil.c:939 plugins/sudoers/pwutil.c:991 -#, fuzzy, c-format +#: plugins/sudoers/pwutil.c:886 plugins/sudoers/pwutil.c:936 +#: plugins/sudoers/pwutil.c:987 plugins/sudoers/pwutil.c:1038 +#, c-format msgid "unable to cache group list for %s" -msgstr "ryhmien jäsentäminen tiedostossa %s epäonnistui" +msgstr "%s-käyttäjän ryhmäluettelon välimuistittaminen epäonnistui" -# Parametri on sudoers file -#: plugins/sudoers/pwutil.c:877 +#: plugins/sudoers/pwutil.c:925 #, c-format msgid "unable to parse groups for %s" -msgstr "ryhmien jäsentäminen tiedostossa %s epäonnistui" +msgstr "%s-käyttäjän ryhmien jäsentäminen epäonnistui" -# Parametri on sudoers file -#: plugins/sudoers/pwutil.c:980 +#: plugins/sudoers/pwutil.c:1027 #, c-format msgid "unable to parse gids for %s" -msgstr "ryhmätunnisteiden jäsentäminen tiedostolle %s epäonnistui" +msgstr "%s-käyttäjän ryhmä-id:iden jäsentäminen epäonnistui" -#: plugins/sudoers/set_perms.c:114 plugins/sudoers/set_perms.c:441 -#: plugins/sudoers/set_perms.c:844 plugins/sudoers/set_perms.c:1150 -#: plugins/sudoers/set_perms.c:1444 +#: plugins/sudoers/set_perms.c:114 plugins/sudoers/set_perms.c:445 +#: plugins/sudoers/set_perms.c:852 plugins/sudoers/set_perms.c:1162 +#: plugins/sudoers/set_perms.c:1460 msgid "perm stack overflow" -msgstr "käyttöoikeuspinoylivuoto" +msgstr "käyttöoikeuspinon ylivuoto" -#: plugins/sudoers/set_perms.c:122 plugins/sudoers/set_perms.c:372 -#: plugins/sudoers/set_perms.c:449 plugins/sudoers/set_perms.c:711 -#: plugins/sudoers/set_perms.c:852 plugins/sudoers/set_perms.c:1074 -#: plugins/sudoers/set_perms.c:1158 plugins/sudoers/set_perms.c:1377 -#: plugins/sudoers/set_perms.c:1452 plugins/sudoers/set_perms.c:1542 +#: plugins/sudoers/set_perms.c:125 plugins/sudoers/set_perms.c:376 +#: plugins/sudoers/set_perms.c:456 plugins/sudoers/set_perms.c:719 +#: plugins/sudoers/set_perms.c:863 plugins/sudoers/set_perms.c:1086 +#: plugins/sudoers/set_perms.c:1173 plugins/sudoers/set_perms.c:1393 +#: plugins/sudoers/set_perms.c:1471 plugins/sudoers/set_perms.c:1562 msgid "perm stack underflow" -msgstr "käyttöoikeuspinovajaus" +msgstr "käyttöoikeuspinon alivuoto" -#: plugins/sudoers/set_perms.c:181 plugins/sudoers/set_perms.c:495 -#: plugins/sudoers/set_perms.c:1211 plugins/sudoers/set_perms.c:1485 +#: plugins/sudoers/set_perms.c:185 plugins/sudoers/set_perms.c:503 +#: plugins/sudoers/set_perms.c:1227 plugins/sudoers/set_perms.c:1505 msgid "unable to change to root gid" msgstr "vaihtaminen root gid -tunnisteeksi epäonnistui" -#: plugins/sudoers/set_perms.c:272 plugins/sudoers/set_perms.c:592 -#: plugins/sudoers/set_perms.c:983 plugins/sudoers/set_perms.c:1288 +#: plugins/sudoers/set_perms.c:276 plugins/sudoers/set_perms.c:600 +#: plugins/sudoers/set_perms.c:995 plugins/sudoers/set_perms.c:1304 msgid "unable to change to runas gid" msgstr "vaihtaminen runas gid -tunnisteeksi epäonnistui" -#: plugins/sudoers/set_perms.c:277 plugins/sudoers/set_perms.c:597 -#: plugins/sudoers/set_perms.c:988 plugins/sudoers/set_perms.c:1293 +#: plugins/sudoers/set_perms.c:281 plugins/sudoers/set_perms.c:605 +#: plugins/sudoers/set_perms.c:1000 plugins/sudoers/set_perms.c:1309 msgid "unable to set runas group vector" msgstr "runas-ryhmävektorin asettaminen epäonnistui" -#: plugins/sudoers/set_perms.c:288 plugins/sudoers/set_perms.c:608 -#: plugins/sudoers/set_perms.c:997 plugins/sudoers/set_perms.c:1302 +#: plugins/sudoers/set_perms.c:292 plugins/sudoers/set_perms.c:616 +#: plugins/sudoers/set_perms.c:1009 plugins/sudoers/set_perms.c:1318 msgid "unable to change to runas uid" msgstr "vaihtaminen runas uid -tunnisteeksi epäonnistui" -#: plugins/sudoers/set_perms.c:306 plugins/sudoers/set_perms.c:626 -#: plugins/sudoers/set_perms.c:1013 plugins/sudoers/set_perms.c:1318 +#: plugins/sudoers/set_perms.c:310 plugins/sudoers/set_perms.c:634 +#: plugins/sudoers/set_perms.c:1025 plugins/sudoers/set_perms.c:1334 msgid "unable to change to sudoers gid" msgstr "vaihtaminen sudoers gid-tunnisteeksi epäonnistui" -#: plugins/sudoers/set_perms.c:359 plugins/sudoers/set_perms.c:698 -#: plugins/sudoers/set_perms.c:1061 plugins/sudoers/set_perms.c:1364 -#: plugins/sudoers/set_perms.c:1529 +#: plugins/sudoers/set_perms.c:363 plugins/sudoers/set_perms.c:706 +#: plugins/sudoers/set_perms.c:1073 plugins/sudoers/set_perms.c:1380 +#: plugins/sudoers/set_perms.c:1549 msgid "too many processes" msgstr "liian monta prosessia" @@ -2454,241 +3201,275 @@ msgid "truncated audit path argv[0]: %s" msgstr "typistetty audit-polku argv[0]: %s" -#: plugins/sudoers/sssd.c:573 +#: plugins/sudoers/sssd.c:569 msgid "unable to initialize SSS source. Is SSSD installed on your machine?" msgstr "lähteen SSS alustaminen epäonnistui. Onko SSSD asennettu tietokoneeseesi?" # parametrina on path -#: plugins/sudoers/sssd.c:581 plugins/sudoers/sssd.c:590 -#: plugins/sudoers/sssd.c:599 plugins/sudoers/sssd.c:608 -#: plugins/sudoers/sssd.c:617 +#: plugins/sudoers/sssd.c:577 plugins/sudoers/sssd.c:586 +#: plugins/sudoers/sssd.c:595 plugins/sudoers/sssd.c:604 +#: plugins/sudoers/sssd.c:613 #, c-format msgid "unable to find symbol \"%s\" in %s" msgstr "symbolin ”%s” löytäminen polusta %s epäonnistui" -#: plugins/sudoers/sudoers.c:217 plugins/sudoers/sudoers.c:943 +#: plugins/sudoers/sudoers.c:166 plugins/sudoers/sudoers.c:174 +#: plugins/sudoers/sudoers.c:228 plugins/sudoers/sudoers.c:249 +#: plugins/sudoers/sudoers.c:1049 msgid "problem with defaults entries" msgstr "oletusrivien pulma" -#: plugins/sudoers/sudoers.c:221 +#: plugins/sudoers/sudoers.c:253 msgid "no valid sudoers sources found, quitting" msgstr "ei löytynyt kelvollisia sudoers-lähteitä, poistutaan" -#: plugins/sudoers/sudoers.c:297 +#: plugins/sudoers/sudoers.c:327 +#, c-format +msgid "user not allowed to change root directory to %s" +msgstr "käyttäjällä ei ole lupaa vaihtaa juurihakemistoksi %s" + +#: plugins/sudoers/sudoers.c:329 +#, c-format +msgid "you are not permitted to use the -R option with %s" +msgstr "sinulla ei ole lupaa käyttää valitsinta -R komennolle %s" + +#: plugins/sudoers/sudoers.c:354 +#, c-format +msgid "user not allowed to change directory to %s" +msgstr "käyttäjällä ei ole lupaa vaihtaa hakemistoksi %s" + +#: plugins/sudoers/sudoers.c:355 +#, c-format +msgid "you are not permitted to use the -D option with %s" +msgstr "sinulla ei ole lupaa käyttää valitsinta -D komennolle %s" + +#: plugins/sudoers/sudoers.c:382 +msgid "no command specified" +msgstr "komentoa ei annettu" + +#: plugins/sudoers/sudoers.c:407 msgid "sudoers specifies that root is not allowed to sudo" msgstr "sudoers määrittelee, että root ei saa suorittaa sudo-komentoa" -#: plugins/sudoers/sudoers.c:357 +#: plugins/sudoers/sudoers.c:457 msgid "user not allowed to override closefrom limit" -msgstr "" +msgstr "käyttäjällä ei ole lupaa syrjäyttää closefrom-rajaa" -#: plugins/sudoers/sudoers.c:358 +#: plugins/sudoers/sudoers.c:458 msgid "you are not permitted to use the -C option" -msgstr "ei käyttöoikeuksia valitsimelle -C" +msgstr "sinulla ei ole lupaa käyttää valitsinta -C" -#: plugins/sudoers/sudoers.c:420 +#: plugins/sudoers/sudoers.c:518 #, c-format msgid "timestamp owner (%s): No such user" msgstr "aikaleimaomistaja (%s): Tuntematon käyttäjä" -#: plugins/sudoers/sudoers.c:435 +#: plugins/sudoers/sudoers.c:533 msgid "no tty" msgstr "ei tty:tä" -#: plugins/sudoers/sudoers.c:436 +#: plugins/sudoers/sudoers.c:534 msgid "sorry, you must have a tty to run sudo" msgstr "sudo-komennon suorittamiseksi on oltava tty" -#: plugins/sudoers/sudoers.c:442 plugins/sudoers/sudoers.c:444 +#: plugins/sudoers/sudoers.c:541 #, c-format msgid "invalid shell for user %s: %s" msgstr "virheellinen kuori käyttäjälle %s: %s" -#: plugins/sudoers/sudoers.c:507 +#: plugins/sudoers/sudoers.c:624 msgid "command in current directory" msgstr "komento nykyisessä hakemistossa" -#: plugins/sudoers/sudoers.c:525 +#: plugins/sudoers/sudoers.c:639 +msgid "\"cd\" is a shell built-in command, it cannot be run directly." +msgstr "”cd” on kuoren sisäinen komento, sitä ei voi suorittaa suoraan." + +#: plugins/sudoers/sudoers.c:641 +msgid "the -s option may be used to run a privileged shell." +msgstr "-s-valitsinta voi käyttää käyttöoikeuskorotetun kuoren suorittamiseen." + +#: plugins/sudoers/sudoers.c:643 +msgid "the -D option may be used to run a command in a specific directory." +msgstr "-D-valitsinta voi käyttää komennon suorittamiseksi tietyssä hakemistossa." + +#: plugins/sudoers/sudoers.c:652 msgid "user not allowed to set a command timeout" msgstr "käyttäjä ei saa asettaa komennon aikakatkaisua" -#: plugins/sudoers/sudoers.c:526 +#: plugins/sudoers/sudoers.c:654 msgid "sorry, you are not allowed set a command timeout" -msgstr "komennon aikavalvonnan asettaminen ei ole sallittua" +msgstr "komennon aikakatkaisun asettaminen ei ole sallittua sinulle" -#: plugins/sudoers/sudoers.c:534 +#: plugins/sudoers/sudoers.c:662 msgid "user not allowed to preserve the environment" msgstr "käyttäjä ei saa säilyttää ympäristöä" -#: plugins/sudoers/sudoers.c:535 +#: plugins/sudoers/sudoers.c:664 msgid "sorry, you are not allowed to preserve the environment" -msgstr "ympäristöä ei ole lupa säilyttää" - -#: plugins/sudoers/sudoers.c:878 -msgid "command too long" -msgstr "komento on liian pitkä" +msgstr "sinun ei ole sallittua säilöä ympäristöä" -#: plugins/sudoers/sudoers.c:936 +#: plugins/sudoers/sudoers.c:1037 msgid "sudoedit doesn't need to be run via sudo" -msgstr "sudoeditiä ei tarvitse ajaa sudon kautta" +msgstr "sudoeditiä ei tarvitse suorittaa sudon kautta" # Parametrinä on sudoers-tiedosto tai pathbuf -#: plugins/sudoers/sudoers.c:990 plugins/sudoers/sudoreplay.c:1548 +#: plugins/sudoers/sudoers.c:1096 plugins/sudoers/sudoreplay.c:1578 #: plugins/sudoers/tsdump.c:138 #, c-format msgid "unable to read %s" msgstr "kohteen %s lukeminen epäonnistui" -#: plugins/sudoers/sudoers.c:1015 plugins/sudoers/visudo.c:431 -#: plugins/sudoers/visudo.c:727 +#: plugins/sudoers/sudoers.c:1121 plugins/sudoers/visudo.c:449 +#: plugins/sudoers/visudo.c:748 #, c-format msgid "unable to stat %s" msgstr "funktion stat %s kutsuminen epäonnistui" -#: plugins/sudoers/sudoers.c:1019 plugins/sudoers/visudo.c:1037 +#: plugins/sudoers/sudoers.c:1125 plugins/sudoers/visudo.c:1045 #, c-format msgid "%s is not a regular file" msgstr "%s ei ole tavallinen tiedosto" -#: plugins/sudoers/sudoers.c:1023 plugins/sudoers/timestamp.c:252 toke.l:1060 +#: plugins/sudoers/sudoers.c:1129 plugins/sudoers/timestamp.c:252 toke.l:1168 #, c-format msgid "%s is owned by uid %u, should be %u" msgstr "%s on uid %u -käyttäjän omistama, pitäisi olla %u" -#: plugins/sudoers/sudoers.c:1027 toke.l:1065 +#: plugins/sudoers/sudoers.c:1133 toke.l:1173 #, c-format msgid "%s is world writable" msgstr "%s on yleiskirjoitettava" -#: plugins/sudoers/sudoers.c:1031 toke.l:1068 +#: plugins/sudoers/sudoers.c:1137 toke.l:1176 #, c-format msgid "%s is owned by gid %u, should be %u" msgstr "%s on gid %u -ryhmän omistama, pitäisi olla %u" -#: plugins/sudoers/sudoers.c:1064 +#: plugins/sudoers/sudoers.c:1170 #, c-format msgid "only root can use \"-c %s\"" msgstr "vain root-käyttäjä voi käyttää valitsinta ”-c %s”" -#: plugins/sudoers/sudoers.c:1083 +#: plugins/sudoers/sudoers.c:1189 #, c-format -msgid "unknown login class: %s" -msgstr "tuntematon kirjautumisluokka: %s" +msgid "unknown login class %s" +msgstr "tuntematon kirjautumisluokka %s" -#: plugins/sudoers/sudoers.c:1168 plugins/sudoers/sudoers.c:1183 +#: plugins/sudoers/sudoers.c:1275 plugins/sudoers/sudoers.c:1290 #, c-format msgid "unable to resolve host %s" -msgstr "tietokoneen %s ratkaiseminen epäonnistui" +msgstr "konenimen %s selvitys epäonnistui" -#: plugins/sudoers/sudoreplay.c:258 +#: plugins/sudoers/sudoreplay.c:259 #, c-format msgid "invalid filter option: %s" msgstr "virheellinen suodatinvalitsin: %s" -#: plugins/sudoers/sudoreplay.c:274 +#: plugins/sudoers/sudoreplay.c:275 #, c-format msgid "invalid max wait: %s" msgstr "virheellinen enimmäisodotusaika: %s" -#: plugins/sudoers/sudoreplay.c:297 +#: plugins/sudoers/sudoreplay.c:298 #, c-format msgid "invalid speed factor: %s" msgstr "virheellinen nopeustekijä: %s" #: plugins/sudoers/sudoreplay.c:333 #, c-format +msgid "invalid time offset %s" +msgstr "virheellinen aikasiirtymä %s" + +#: plugins/sudoers/sudoreplay.c:342 +#, c-format msgid "%s/%.2s/%.2s/%.2s: %s" msgstr "%s/%.2s/%.2s/%.2s: %s" -#: plugins/sudoers/sudoreplay.c:338 +#: plugins/sudoers/sudoreplay.c:347 #, c-format msgid "%s/timing: %s" msgstr "%s/ajoitus: %s" -#: plugins/sudoers/sudoreplay.c:342 -#, c-format -msgid "%s/%s: %s" -msgstr "%s/%s: %s" - -#: plugins/sudoers/sudoreplay.c:366 +#: plugins/sudoers/sudoreplay.c:375 #, c-format msgid "Replaying sudo session: %s" msgstr "Toistetaan sudo-istunto: %s" -#: plugins/sudoers/sudoreplay.c:628 +#: plugins/sudoers/sudoreplay.c:637 msgid "unable to set tty to raw mode" msgstr "tty:n asettaminen raakatilaan epäonnistui" -#: plugins/sudoers/sudoreplay.c:679 +#: plugins/sudoers/sudoreplay.c:688 msgid "Warning: your terminal is too small to properly replay the log.\n" msgstr "Varoitus: pääteikkunasi on liian pieni tämän lokin toistamiseksi oikein.\n" -#: plugins/sudoers/sudoreplay.c:680 +#: plugins/sudoers/sudoreplay.c:689 #, c-format msgid "Log geometry is %d x %d, your terminal's geometry is %d x %d." msgstr "Lokigeometria on %d x %d, pääteikkunasi geometria on %d x %d." -#: plugins/sudoers/sudoreplay.c:708 +#: plugins/sudoers/sudoreplay.c:717 msgid "Replay finished, press any key to restore the terminal." msgstr "Toistaminen päättyi, palaa pääteikkunaan painamalla mitä tahansa näppäintä." -#: plugins/sudoers/sudoreplay.c:1198 plugins/sudoers/sudoreplay.c:1228 +#: plugins/sudoers/sudoreplay.c:1218 plugins/sudoers/sudoreplay.c:1248 #, c-format msgid "ambiguous expression \"%s\"" -msgstr "monimerkityksellinen lauseke ”%s”" +msgstr "moniselitteinen lauseke \"%s\"" -#: plugins/sudoers/sudoreplay.c:1250 +#: plugins/sudoers/sudoreplay.c:1270 msgid "unmatched ')' in expression" msgstr "täsmäämätön ’)’ lausekkeessa" -#: plugins/sudoers/sudoreplay.c:1254 +#: plugins/sudoers/sudoreplay.c:1274 #, c-format msgid "unknown search term \"%s\"" msgstr "tuntematon hakutermi ”%s”" -#: plugins/sudoers/sudoreplay.c:1269 +#: plugins/sudoers/sudoreplay.c:1289 #, c-format msgid "%s requires an argument" msgstr "%s vaatii argumentin" -#: plugins/sudoers/sudoreplay.c:1272 plugins/sudoers/sudoreplay.c:1524 +#: plugins/sudoers/sudoreplay.c:1292 plugins/sudoers/sudoreplay.c:1554 #, c-format msgid "invalid regular expression: %s" msgstr "virheellinen säännöllinen lauseke: %s" -#: plugins/sudoers/sudoreplay.c:1277 +#: plugins/sudoers/sudoreplay.c:1297 #, c-format msgid "could not parse date \"%s\"" msgstr "päivämäärän ”%s” jäsentäminen epäonnistui" -#: plugins/sudoers/sudoreplay.c:1286 +#: plugins/sudoers/sudoreplay.c:1306 msgid "unmatched '(' in expression" msgstr "täsmäämätön ’(’ lausekkeessa" -#: plugins/sudoers/sudoreplay.c:1288 +#: plugins/sudoers/sudoreplay.c:1308 msgid "illegal trailing \"or\"" msgstr "virheellinen jäljessä oleva ”or”" -#: plugins/sudoers/sudoreplay.c:1290 +#: plugins/sudoers/sudoreplay.c:1310 msgid "illegal trailing \"!\"" msgstr "virheellinen jäljessä oleva ”!”" -#: plugins/sudoers/sudoreplay.c:1348 +#: plugins/sudoers/sudoreplay.c:1368 #, c-format msgid "unknown search type %d" msgstr "tuntematon hakutyyppi %d" -#: plugins/sudoers/sudoreplay.c:1615 +#: plugins/sudoers/sudoreplay.c:1645 #, c-format msgid "usage: %s [-hnRS] [-d dir] [-m num] [-s num] ID\n" msgstr "käyttö: %s [-hnRS] [-d hakemisto] [-m numero] [-s numero] tunniste\n" -#: plugins/sudoers/sudoreplay.c:1618 +#: plugins/sudoers/sudoreplay.c:1648 #, c-format msgid "usage: %s [-h] [-d dir] -l [search expression]\n" msgstr "käyttö: %s [-h] [-d hakemisto] -l [hakulauseke]\n" -#: plugins/sudoers/sudoreplay.c:1627 +#: plugins/sudoers/sudoreplay.c:1657 #, c-format msgid "" "%s - replay sudo session logs\n" @@ -2697,7 +3478,7 @@ "%s - toista sudo-istuntolokit\n" "\n" -#: plugins/sudoers/sudoreplay.c:1629 +#: plugins/sudoers/sudoreplay.c:1659 msgid "" "\n" "Options:\n" @@ -2726,11 +3507,11 @@ " -s, --speed=luku nopeuta tai hidasta tulostusta\n" " -V, --version näytä versiotiedot ja poistu" -#: plugins/sudoers/testsudoers.c:354 +#: plugins/sudoers/testsudoers.c:344 msgid "\thost unmatched" msgstr "\ttietokone täsmäämätön" -#: plugins/sudoers/testsudoers.c:357 +#: plugins/sudoers/testsudoers.c:347 msgid "" "\n" "Command allowed" @@ -2738,7 +3519,7 @@ "\n" "Komento sallittu" -#: plugins/sudoers/testsudoers.c:358 +#: plugins/sudoers/testsudoers.c:348 msgid "" "\n" "Command denied" @@ -2746,7 +3527,7 @@ "\n" "Komento kielletty" -#: plugins/sudoers/testsudoers.c:358 +#: plugins/sudoers/testsudoers.c:348 msgid "" "\n" "Command unmatched" @@ -2759,121 +3540,127 @@ msgid "%s is group writable" msgstr "%s on ryhmäkirjoitettava" -#: plugins/sudoers/timestamp.c:336 plugins/sudoers/timestamp.c:680 +#: plugins/sudoers/timestamp.c:328 plugins/sudoers/timestamp.c:663 #, c-format msgid "unable to truncate time stamp file to %lld bytes" msgstr "aikaleimatiedoston typistäminen %lld-tavun kokoiseksi epäonnistui" -#: plugins/sudoers/timestamp.c:866 +#: plugins/sudoers/timestamp.c:860 msgid "ignoring time stamp from the future" msgstr "ohitetaan aikaleima tulevaisuudesta" -#: plugins/sudoers/timestamp.c:889 +#: plugins/sudoers/timestamp.c:883 #, c-format msgid "time stamp too far in the future: %20.20s" msgstr "aikaleima liian kaukana tulevaisuudessa: %20.20s" -#: plugins/sudoers/timestamp.c:1011 +#: plugins/sudoers/timestamp.c:1005 #, c-format msgid "unable to lock time stamp file %s" msgstr "aikaleimatiedoston %s lukitseminen epäonnistui" -#: plugins/sudoers/timestamp.c:1055 plugins/sudoers/timestamp.c:1075 +#: plugins/sudoers/timestamp.c:1049 plugins/sudoers/timestamp.c:1069 #, c-format msgid "lecture status path too long: %s/%s" -msgstr "luentotilapolku on liian pitkä: %s/%s" +msgstr "saarnatilan polku on liian pitkä: %s/%s" -#: plugins/sudoers/toke_util.c:124 +#: plugins/sudoers/toke_util.c:150 msgid "sudoedit should not be specified with a path" msgstr "sudoeditiä ei tule käynnistää polun kanssa" -#: plugins/sudoers/visudo.c:226 +#: plugins/sudoers/visudo.c:238 msgid "the -x option will be removed in a future release" msgstr "valitsin -x poistetaan jossakin tulevassa versiossa" -#: plugins/sudoers/visudo.c:227 +#: plugins/sudoers/visudo.c:240 msgid "please consider using the cvtsudoers utility instead" msgstr "harkitse cvtsudoers-apuohjelman käyttöä" -#: plugins/sudoers/visudo.c:278 plugins/sudoers/visudo.c:660 +#: plugins/sudoers/visudo.c:292 plugins/sudoers/visudo.c:676 #, c-format msgid "press return to edit %s: " msgstr "muokkaa %s painamalla enter-painiketta: " -#: plugins/sudoers/visudo.c:339 +#: plugins/sudoers/visudo.c:307 +#, c-format +msgid "contents of edit session left in %s" +msgstr "" + +#: plugins/sudoers/visudo.c:361 #, c-format msgid "specified editor (%s) doesn't exist" msgstr "määritelty editori (%s) ei ole olemassa" -#: plugins/sudoers/visudo.c:341 +#: plugins/sudoers/visudo.c:363 #, c-format msgid "no editor found (editor path = %s)" msgstr "editoria ei löytynyt (editoripolku = %s)" -#: plugins/sudoers/visudo.c:451 plugins/sudoers/visudo.c:459 +#: plugins/sudoers/visudo.c:469 plugins/sudoers/visudo.c:477 msgid "write error" msgstr "kirjoitusvirhe" -#: plugins/sudoers/visudo.c:505 +#: plugins/sudoers/visudo.c:523 #, c-format msgid "unable to stat temporary file (%s), %s unchanged" -msgstr "funktion stat kutsuminen tilapäiselle tiedostolle (%s) epäonnistui, %s ennallaan" +msgstr "tilapäistiedoston (%s) tilan lukeminen epäonnistui, %s ennallaan" -#: plugins/sudoers/visudo.c:512 +#: plugins/sudoers/visudo.c:530 #, c-format msgid "zero length temporary file (%s), %s unchanged" msgstr "nollapituinen tilapäinen tiedosto (%s), %s ennallaan" -#: plugins/sudoers/visudo.c:518 +#: plugins/sudoers/visudo.c:536 #, c-format msgid "editor (%s) failed, %s unchanged" msgstr "editori (%s) epäonnistui, %s ennallaan" -#: plugins/sudoers/visudo.c:540 +#: plugins/sudoers/visudo.c:558 #, c-format msgid "%s unchanged" msgstr "%s ennallaan" -#: plugins/sudoers/visudo.c:599 +#: plugins/sudoers/visudo.c:615 #, c-format msgid "unable to re-open temporary file (%s), %s unchanged." msgstr "tilapäisen tiedoston (%s) avaaminen uudelleen epäonnistui, %s ennallaan." -#: plugins/sudoers/visudo.c:611 +#: plugins/sudoers/visudo.c:627 #, c-format msgid "unable to parse temporary file (%s), unknown error" msgstr "tilapäisen tiedoston (%s) jäsentäminen epäonnistui, tuntematon virhe" -#: plugins/sudoers/visudo.c:649 +#: plugins/sudoers/visudo.c:665 #, c-format msgid "internal error, unable to find %s in list!" msgstr "sisäinen virhe, kohteen %s löytäminen luettelosta epäonnistui!" -#: plugins/sudoers/visudo.c:729 plugins/sudoers/visudo.c:738 +#: plugins/sudoers/visudo.c:722 plugins/sudoers/visudo.c:752 +#: plugins/sudoers/visudo.c:759 #, c-format msgid "unable to set (uid, gid) of %s to (%u, %u)" msgstr "kohteen %s (uid, gid) asettaminen arvoihin (%u, %u) epäonnistui" -#: plugins/sudoers/visudo.c:761 +#: plugins/sudoers/visudo.c:787 #, c-format msgid "%s and %s not on the same file system, using mv to rename" msgstr "%s ja %s eivät ole samassa tiedostojärjestelmässä, käytetään komentoa mv uudelleennimeämiseen" -#: plugins/sudoers/visudo.c:775 +#: plugins/sudoers/visudo.c:798 #, c-format msgid "command failed: '%s %s %s', %s unchanged" msgstr "komento epäonnistui: ’%s %s %s’, %s ennallaan" -#: plugins/sudoers/visudo.c:785 +#: plugins/sudoers/visudo.c:805 #, c-format msgid "error renaming %s, %s unchanged" msgstr "virhe nimettäessä %s uudelleen, %s ennallaan" -#: plugins/sudoers/visudo.c:806 +#: plugins/sudoers/visudo.c:825 msgid "What now? " msgstr "Mitä nyt? " -#: plugins/sudoers/visudo.c:820 +#: plugins/sudoers/visudo.c:839 msgid "" "Options are:\n" " (e)dit sudoers file again\n" @@ -2886,67 +3673,41 @@ " (Q) poistu ja tallenna muutokset sudoers-tiedostoon (VAARA!)\n" # Parametri on path, mutta saattaa sisältää suoritettavan ohjelman -#: plugins/sudoers/visudo.c:866 +#: plugins/sudoers/visudo.c:885 #, c-format msgid "unable to run %s" msgstr "kohteen %s suorittaminen epäonnistui" -#: plugins/sudoers/visudo.c:896 +#: plugins/sudoers/visudo.c:916 #, c-format msgid "%s: wrong owner (uid, gid) should be (%u, %u)\n" msgstr "%s: väärä omistaja (uid, gid), pitäisi olla (%u, %u)\n" -#: plugins/sudoers/visudo.c:903 +#: plugins/sudoers/visudo.c:927 #, c-format msgid "%s: bad permissions, should be mode 0%o\n" msgstr "%s: väärät käyttöoikeudet, pitäisi olla tila 0%o\n" -#: plugins/sudoers/visudo.c:960 plugins/sudoers/visudo.c:967 +#: plugins/sudoers/visudo.c:978 plugins/sudoers/visudo.c:985 #, c-format msgid "%s: parsed OK\n" msgstr "%s: jäsentäminen valmis\n" -#: plugins/sudoers/visudo.c:986 +#: plugins/sudoers/visudo.c:1004 #, c-format msgid "%s busy, try again later" msgstr "%s varattu, yritä myöhemmin uudelleen" -# Avaamisen kohde voi olla timestamp file, sudoers file tai pathbuf -#: plugins/sudoers/visudo.c:989 -#, c-format -msgid "unable to lock %s" -msgstr "kohteen %s lukitseminen epäonnistui" - -#: plugins/sudoers/visudo.c:990 +#: plugins/sudoers/visudo.c:1008 msgid "Edit anyway? [y/N]" msgstr "Muokataanko silti? [y/N]" -#: plugins/sudoers/visudo.c:1083 -#, c-format -msgid "Error: %s:%d cycle in %s \"%s\"" -msgstr "Virhe: %s:%d jakso kohteessa %s \"%s\"" - -#: plugins/sudoers/visudo.c:1084 -#, c-format -msgid "Warning: %s:%d cycle in %s \"%s\"" -msgstr "Varoitus: %s:%d jakso kohteessa %s \"%s\"" - -#: plugins/sudoers/visudo.c:1088 +#: plugins/sudoers/visudo.c:1104 #, c-format -msgid "Error: %s:%d %s \"%s\" referenced but not defined" -msgstr "Virhe: %s:%d %s \"%s\" uudelleenviitattu, mutta ei määritelty" +msgid "Warning: %s:%d:%d: unused %s \"%s\"" +msgstr "Varoitus: %s:%d:%d: käyttämätön %s \"%s\"" -#: plugins/sudoers/visudo.c:1089 -#, c-format -msgid "Warning: %s:%d %s \"%s\" referenced but not defined" -msgstr "Varoitus: %s:%d %s \"%s\" uudelleenviitattu, mutta ei määritelty" - -#: plugins/sudoers/visudo.c:1180 -#, c-format -msgid "Warning: %s:%d unused %s \"%s\"" -msgstr "Varoitus: %s:%d käyttämätön %s \"%s\"" - -#: plugins/sudoers/visudo.c:1295 +#: plugins/sudoers/visudo.c:1220 #, c-format msgid "" "%s - safely edit the sudoers file\n" @@ -2955,7 +3716,7 @@ "%s - muokkaa sudoers-tiedostoa turvallisesti\n" "\n" -#: plugins/sudoers/visudo.c:1297 +#: plugins/sudoers/visudo.c:1222 msgid "" "\n" "Options:\n" @@ -2975,10 +3736,77 @@ " -s, --strict tiukka syntaksitarkistus\n" " -V, --version näytä versiotiedot ja poistu\n" -#: toke.l:1032 +#: toke.l:187 +msgid "empty string" +msgstr "tyhjä merkkijono" + +#: toke.l:199 toke.l:513 +msgid "empty group" +msgstr "tyhjä ryhmä" + +#: toke.l:209 toke.l:511 +msgid "empty netgroup" +msgstr "tyhjä verkkoryhmä" + +#: toke.l:305 toke.l:317 toke.l:329 toke.l:345 toke.l:364 toke.l:404 +msgid "invalid line continuation" +msgstr "virheellinen rivin jatko" + +#: toke.l:550 toke.l:562 +msgid "invalid IPv6 address" +msgstr "virheellinen IPv6-osoite" + +#: toke.l:789 +msgid "unexpected line break in string" +msgstr "odottamaton rivinkatkaisu merkkijonossa" + +#: toke.l:1139 msgid "too many levels of includes" msgstr "liian monta include-tasoa" +#~ msgid "%s: write buffer already in use" +#~ msgstr "%s: kirjoituspuskuri on jo käytössä" + +#~ msgid "unable to read diffie-hellman parameters: %s" +#~ msgstr "diffie-hellman-parametreja ei voi lukea: %s" + +#~ msgid "unknown defaults entry \"%s\"" +#~ msgstr "tuntematon oletusrivi \"%s\"" + +#~ msgid "%s:%d unknown key: %s" +#~ msgstr "%s:%d tuntematon avain: %s" + +#~ msgid "unable to get TLS server method: %s" +#~ msgstr "TLS-palvelinmenetelmää ei saada noudettua: %s" + +# Ensimmäinen parametri on auth name +#, fuzzy +#~ msgid "%s:%u unable to parse \"%s\"" +#~ msgstr "%s: todentamisnimen ’%s’ jäsentäminen epäonnistui: %s" + +#~ msgid "" +#~ "\n" +#~ "Options:\n" +#~ " -f, --file path to configuration file\n" +#~ " -h --help display help message and exit\n" +#~ " -n, --no-fork do not fork, run in the foreground\n" +#~ " -R, --random-drop percent chance connections will drop\n" +#~ " -V, --version display version information and exit\n" +#~ msgstr "" +#~ "\n" +#~ "Valitsimet:\n" +#~ " -f, --file asetustiedoston polku\n" +#~ " -h, --help näytä opaste ja poistu\n" +#~ " -n, --no-fork älä haarauta, vaan suorita edustalla\n" +#~ " -R, --random-drop yhteyden katkeamisen todennäköisyys-%\n" +#~ " -V, --version näytä versiotiedot ja poistu\n" + +#~ msgid "Preload the dummy exec functions contained in the sudo_noexec library" +#~ msgstr "Esilataa vale-exec-funktiot, jotka sisältyvät sudo_noexec-kirjastoon" + +#~ msgid "sudo_ldap_conf_add_ports: port too large" +#~ msgstr "sudo_ldap_conf_add_ports: portti on liian suuri" + #~ msgid "SSL_connect failed: ssl_error=%d, stack=%s\n" #~ msgstr "SSL_connect epäonnistui: ssl_error=%d, pino=%s\n" @@ -3224,10 +4052,6 @@ #~ msgid "fixed mode on %s" #~ msgstr "korjattu tila tiedostossa %s" -# Parametri on suoders file -#~ msgid "set group on %s" -#~ msgstr "aseta ryhmä tiedostossa %s" - #~ msgid "unable to fix mode on %s" #~ msgstr "tilan korjaaminen tiedostossa %s epäonnistui" Binary files /tmp/tmpi0rdlgnl/ugezXHF7Xt/sudo-1.9.5p2/plugins/sudoers/po/fr.mo and /tmp/tmpi0rdlgnl/jboyaHmwzR/sudo-1.9.9/plugins/sudoers/po/fr.mo differ diff -Nru sudo-1.9.5p2/plugins/sudoers/po/fr.po sudo-1.9.9/plugins/sudoers/po/fr.po --- sudo-1.9.5p2/plugins/sudoers/po/fr.po 2020-12-17 01:33:44.000000000 +0000 +++ sudo-1.9.9/plugins/sudoers/po/fr.po 2022-01-27 21:24:22.000000000 +0000 @@ -2,13 +2,13 @@ # This file is distributed under the same license as the sudo package. # # Frédéric Hantrais , 2014, 2015, 2016. -# Frédéric Marchal , 2020 +# Frédéric Marchal , 2021 msgid "" msgstr "" -"Project-Id-Version: sudoers 1.9.4b1\n" +"Project-Id-Version: sudoers 1.9.9b1\n" "Report-Msgid-Bugs-To: https://bugzilla.sudo.ws\n" -"POT-Creation-Date: 2020-11-14 06:24-0700\n" -"PO-Revision-Date: 2020-11-24 07:29+0100\n" +"POT-Creation-Date: 2021-12-08 10:19-0700\n" +"PO-Revision-Date: 2021-12-11 11:51+0100\n" "Last-Translator: Frédéric Marchal \n" "Language-Team: French \n" "Language: fr\n" @@ -18,7 +18,7 @@ "X-Bugs: Report translation errors to the Language-Team address.\n" "Plural-Forms: nplurals=2; plural=(n >= 2);\n" -#: confstr.sh:1 gram.y:1077 +#: confstr.sh:1 gram.y:1201 msgid "syntax error" msgstr "erreur de syntaxe" @@ -42,868 +42,1298 @@ msgid "Sorry, try again." msgstr "Désolé, essayez de nouveau." -#: gram.y:220 gram.y:286 gram.y:293 gram.y:300 gram.y:307 gram.y:314 -#: gram.y:334 gram.y:358 gram.y:365 gram.y:372 gram.y:379 gram.y:386 -#: gram.y:455 gram.y:464 gram.y:475 gram.y:510 gram.y:517 gram.y:524 -#: gram.y:531 gram.y:558 gram.y:654 gram.y:661 gram.y:670 gram.y:679 -#: gram.y:696 gram.y:834 gram.y:841 gram.y:849 gram.y:855 gram.y:971 -#: gram.y:978 gram.y:985 gram.y:992 gram.y:999 gram.y:1025 gram.y:1032 -#: gram.y:1039 gram.y:1236 gram.y:1526 lib/eventlog/eventlog.c:280 -#: lib/eventlog/eventlog.c:352 lib/eventlog/eventlog.c:753 -#: lib/eventlog/eventlog.c:817 lib/eventlog/eventlog.c:1062 -#: lib/iolog/iolog_fileio.c:998 lib/iolog/iolog_json.c:120 -#: lib/iolog/iolog_json.c:305 lib/iolog/iolog_json.c:335 -#: lib/iolog/iolog_json.c:457 lib/iolog/iolog_util.c:106 -#: lib/iolog/iolog_util.c:115 lib/iolog/iolog_util.c:125 -#: lib/iolog/iolog_util.c:133 lib/iolog/iolog_util.c:137 -#: lib/iolog/iolog_util.c:196 logsrvd/sendlog.c:480 -#: plugins/sudoers/alias.c:126 plugins/sudoers/alias.c:134 -#: plugins/sudoers/alias.c:153 plugins/sudoers/audit.c:115 -#: plugins/sudoers/audit.c:210 plugins/sudoers/auth/bsdauth.c:143 -#: plugins/sudoers/auth/kerb5.c:118 plugins/sudoers/auth/kerb5.c:144 -#: plugins/sudoers/auth/pam.c:669 plugins/sudoers/auth/rfc1938.c:111 -#: plugins/sudoers/auth/sia.c:59 plugins/sudoers/cvtsudoers.c:119 -#: plugins/sudoers/cvtsudoers.c:160 plugins/sudoers/cvtsudoers.c:177 -#: plugins/sudoers/cvtsudoers.c:188 plugins/sudoers/cvtsudoers.c:300 -#: plugins/sudoers/cvtsudoers.c:428 plugins/sudoers/cvtsudoers.c:561 -#: plugins/sudoers/cvtsudoers.c:578 plugins/sudoers/cvtsudoers.c:641 -#: plugins/sudoers/cvtsudoers.c:756 plugins/sudoers/cvtsudoers.c:764 -#: plugins/sudoers/cvtsudoers.c:1178 plugins/sudoers/cvtsudoers.c:1182 -#: plugins/sudoers/cvtsudoers.c:1284 plugins/sudoers/cvtsudoers_json.c:76 +#: gram.y:233 gram.y:300 gram.y:309 gram.y:318 gram.y:328 gram.y:338 +#: gram.y:362 gram.y:389 gram.y:398 gram.y:406 gram.y:415 gram.y:424 +#: gram.y:498 gram.y:508 gram.y:520 gram.y:564 gram.y:573 gram.y:582 +#: gram.y:591 gram.y:718 gram.y:726 gram.y:737 gram.y:749 gram.y:768 +#: gram.y:923 gram.y:928 gram.y:936 gram.y:950 gram.y:956 gram.y:1078 +#: gram.y:1087 gram.y:1095 gram.y:1104 gram.y:1113 gram.y:1142 gram.y:1151 +#: gram.y:1159 gram.y:1249 gram.y:1377 gram.y:1744 gram.y:1794 +#: lib/eventlog/eventlog.c:309 lib/eventlog/eventlog.c:382 +#: lib/eventlog/eventlog.c:804 lib/eventlog/eventlog.c:881 +#: lib/eventlog/eventlog.c:1176 lib/iolog/iolog_json.c:150 +#: lib/iolog/iolog_json.c:382 lib/iolog/iolog_json.c:412 +#: lib/iolog/iolog_json.c:555 lib/iolog/iolog_legacy.c:100 +#: lib/iolog/iolog_legacy.c:111 lib/iolog/iolog_legacy.c:123 +#: lib/iolog/iolog_legacy.c:133 lib/iolog/iolog_legacy.c:139 +#: lib/iolog/iolog_loginfo.c:76 lib/iolog/iolog_loginfo.c:211 +#: logsrvd/iolog_writer.c:84 logsrvd/iolog_writer.c:89 +#: logsrvd/iolog_writer.c:123 logsrvd/iolog_writer.c:172 +#: logsrvd/iolog_writer.c:212 logsrvd/iolog_writer.c:225 +#: logsrvd/iolog_writer.c:261 logsrvd/iolog_writer.c:286 +#: logsrvd/iolog_writer.c:301 logsrvd/iolog_writer.c:314 +#: logsrvd/iolog_writer.c:327 logsrvd/iolog_writer.c:340 +#: logsrvd/iolog_writer.c:355 logsrvd/iolog_writer.c:393 +#: logsrvd/iolog_writer.c:399 logsrvd/iolog_writer.c:406 +#: logsrvd/iolog_writer.c:412 logsrvd/iolog_writer.c:596 +#: logsrvd/logsrv_util.c:64 logsrvd/logsrvd.c:296 logsrvd/logsrvd.c:305 +#: logsrvd/logsrvd.c:1011 logsrvd/logsrvd.c:1073 logsrvd/logsrvd_conf.c:1360 +#: logsrvd/logsrvd_journal.c:70 logsrvd/logsrvd_journal.c:203 +#: logsrvd/logsrvd_journal.c:204 logsrvd/logsrvd_journal.c:260 +#: logsrvd/logsrvd_journal.c:425 logsrvd/logsrvd_journal.c:427 +#: logsrvd/logsrvd_local.c:174 logsrvd/logsrvd_local.c:175 +#: logsrvd/logsrvd_local.c:237 logsrvd/logsrvd_local.c:238 +#: logsrvd/logsrvd_local.c:376 logsrvd/logsrvd_local.c:425 +#: logsrvd/logsrvd_local.c:426 logsrvd/logsrvd_local.c:431 +#: logsrvd/logsrvd_local.c:432 logsrvd/logsrvd_queue.c:154 +#: logsrvd/logsrvd_queue.c:184 logsrvd/logsrvd_queue.c:261 +#: logsrvd/logsrvd_relay.c:439 logsrvd/logsrvd_relay.c:738 +#: logsrvd/logsrvd_relay.c:843 logsrvd/sendlog.c:246 logsrvd/sendlog.c:255 +#: logsrvd/sendlog.c:333 logsrvd/sendlog.c:640 plugins/sudoers/audit.c:116 +#: plugins/sudoers/auth/bsdauth.c:147 plugins/sudoers/auth/kerb5.c:118 +#: plugins/sudoers/auth/kerb5.c:146 plugins/sudoers/auth/pam.c:689 +#: plugins/sudoers/auth/rfc1938.c:111 plugins/sudoers/auth/sia.c:59 +#: plugins/sudoers/check_aliases.c:134 plugins/sudoers/cvtsudoers.c:131 +#: plugins/sudoers/cvtsudoers.c:175 plugins/sudoers/cvtsudoers.c:192 +#: plugins/sudoers/cvtsudoers.c:203 plugins/sudoers/cvtsudoers.c:333 +#: plugins/sudoers/cvtsudoers.c:372 plugins/sudoers/cvtsudoers.c:392 +#: plugins/sudoers/cvtsudoers.c:534 plugins/sudoers/cvtsudoers.c:667 +#: plugins/sudoers/cvtsudoers.c:685 plugins/sudoers/cvtsudoers.c:755 +#: plugins/sudoers/cvtsudoers.c:870 plugins/sudoers/cvtsudoers.c:878 +#: plugins/sudoers/cvtsudoers.c:1373 plugins/sudoers/cvtsudoers.c:1377 +#: plugins/sudoers/cvtsudoers.c:1479 plugins/sudoers/cvtsudoers_csv.c:183 +#: plugins/sudoers/cvtsudoers_csv.c:246 plugins/sudoers/cvtsudoers_json.c:76 #: plugins/sudoers/cvtsudoers_ldif.c:151 plugins/sudoers/cvtsudoers_ldif.c:194 #: plugins/sudoers/cvtsudoers_ldif.c:235 plugins/sudoers/cvtsudoers_ldif.c:300 -#: plugins/sudoers/cvtsudoers_ldif.c:371 plugins/sudoers/cvtsudoers_ldif.c:421 -#: plugins/sudoers/cvtsudoers_ldif.c:429 plugins/sudoers/cvtsudoers_ldif.c:440 -#: plugins/sudoers/cvtsudoers_ldif.c:447 plugins/sudoers/cvtsudoers_ldif.c:460 -#: plugins/sudoers/cvtsudoers_ldif.c:468 plugins/sudoers/cvtsudoers_ldif.c:615 -#: plugins/sudoers/defaults.c:630 plugins/sudoers/defaults.c:923 -#: plugins/sudoers/defaults.c:1098 plugins/sudoers/editor.c:181 -#: plugins/sudoers/env.c:261 plugins/sudoers/exptilde.c:92 -#: plugins/sudoers/filedigest.c:54 plugins/sudoers/filedigest.c:70 -#: plugins/sudoers/gc.c:56 plugins/sudoers/group_plugin.c:133 -#: plugins/sudoers/interfaces.c:72 plugins/sudoers/iolog.c:596 -#: plugins/sudoers/iolog.c:613 plugins/sudoers/ldap.c:184 -#: plugins/sudoers/ldap.c:422 plugins/sudoers/ldap.c:432 -#: plugins/sudoers/ldap.c:437 plugins/sudoers/ldap.c:441 -#: plugins/sudoers/ldap.c:453 plugins/sudoers/ldap.c:744 -#: plugins/sudoers/ldap.c:908 plugins/sudoers/ldap.c:1281 -#: plugins/sudoers/ldap.c:1709 plugins/sudoers/ldap.c:1746 -#: plugins/sudoers/ldap.c:1827 plugins/sudoers/ldap.c:1962 -#: plugins/sudoers/ldap.c:2063 plugins/sudoers/ldap.c:2079 -#: plugins/sudoers/ldap_conf.c:218 plugins/sudoers/ldap_conf.c:249 -#: plugins/sudoers/ldap_conf.c:301 plugins/sudoers/ldap_conf.c:337 -#: plugins/sudoers/ldap_conf.c:441 plugins/sudoers/ldap_conf.c:456 -#: plugins/sudoers/ldap_conf.c:553 plugins/sudoers/ldap_conf.c:586 -#: plugins/sudoers/ldap_conf.c:678 plugins/sudoers/ldap_conf.c:760 -#: plugins/sudoers/ldap_util.c:326 plugins/sudoers/ldap_util.c:333 -#: plugins/sudoers/ldap_util.c:603 plugins/sudoers/linux_audit.c:84 -#: plugins/sudoers/log_client.c:105 plugins/sudoers/log_client.c:381 -#: plugins/sudoers/log_client.c:688 plugins/sudoers/log_client.c:706 -#: plugins/sudoers/log_client.c:1407 plugins/sudoers/log_client.c:1620 -#: plugins/sudoers/log_client.c:1942 plugins/sudoers/log_client.c:1999 -#: plugins/sudoers/logging.c:100 plugins/sudoers/logging.c:166 -#: plugins/sudoers/logging.c:426 plugins/sudoers/logging.c:446 -#: plugins/sudoers/logging.c:527 plugins/sudoers/match_command.c:281 -#: plugins/sudoers/match_command.c:449 plugins/sudoers/match_command.c:499 -#: plugins/sudoers/match_command.c:573 plugins/sudoers/match_digest.c:93 -#: plugins/sudoers/parse.c:199 plugins/sudoers/parse.c:213 -#: plugins/sudoers/parse.c:230 plugins/sudoers/parse.c:244 -#: plugins/sudoers/parse.c:264 plugins/sudoers/parse.c:275 +#: plugins/sudoers/cvtsudoers_ldif.c:376 plugins/sudoers/cvtsudoers_ldif.c:430 +#: plugins/sudoers/cvtsudoers_ldif.c:438 plugins/sudoers/cvtsudoers_ldif.c:449 +#: plugins/sudoers/cvtsudoers_ldif.c:456 plugins/sudoers/cvtsudoers_ldif.c:469 +#: plugins/sudoers/cvtsudoers_ldif.c:477 plugins/sudoers/cvtsudoers_ldif.c:624 +#: plugins/sudoers/cvtsudoers_merge.c:246 +#: plugins/sudoers/cvtsudoers_merge.c:292 +#: plugins/sudoers/cvtsudoers_merge.c:339 +#: plugins/sudoers/cvtsudoers_merge.c:360 +#: plugins/sudoers/cvtsudoers_merge.c:446 +#: plugins/sudoers/cvtsudoers_merge.c:457 +#: plugins/sudoers/cvtsudoers_merge.c:526 +#: plugins/sudoers/cvtsudoers_merge.c:696 +#: plugins/sudoers/cvtsudoers_merge.c:704 +#: plugins/sudoers/cvtsudoers_merge.c:927 +#: plugins/sudoers/cvtsudoers_merge.c:962 plugins/sudoers/defaults.c:665 +#: plugins/sudoers/defaults.c:1019 plugins/sudoers/defaults.c:1206 +#: plugins/sudoers/editor.c:190 plugins/sudoers/env.c:262 +#: plugins/sudoers/exptilde.c:92 plugins/sudoers/filedigest.c:54 +#: plugins/sudoers/filedigest.c:70 plugins/sudoers/gc.c:57 +#: plugins/sudoers/group_plugin.c:133 plugins/sudoers/interfaces.c:68 +#: plugins/sudoers/iolog.c:609 plugins/sudoers/iolog.c:635 +#: plugins/sudoers/ldap.c:184 plugins/sudoers/ldap.c:422 +#: plugins/sudoers/ldap.c:432 plugins/sudoers/ldap.c:437 +#: plugins/sudoers/ldap.c:441 plugins/sudoers/ldap.c:453 +#: plugins/sudoers/ldap.c:749 plugins/sudoers/ldap.c:913 +#: plugins/sudoers/ldap.c:1286 plugins/sudoers/ldap.c:1712 +#: plugins/sudoers/ldap.c:1749 plugins/sudoers/ldap.c:1830 +#: plugins/sudoers/ldap.c:1965 plugins/sudoers/ldap.c:2066 +#: plugins/sudoers/ldap.c:2082 plugins/sudoers/ldap_conf.c:218 +#: plugins/sudoers/ldap_conf.c:249 plugins/sudoers/ldap_conf.c:301 +#: plugins/sudoers/ldap_conf.c:337 plugins/sudoers/ldap_conf.c:441 +#: plugins/sudoers/ldap_conf.c:456 plugins/sudoers/ldap_conf.c:553 +#: plugins/sudoers/ldap_conf.c:586 plugins/sudoers/ldap_conf.c:678 +#: plugins/sudoers/ldap_conf.c:760 plugins/sudoers/ldap_util.c:293 +#: plugins/sudoers/ldap_util.c:300 plugins/sudoers/ldap_util.c:613 +#: plugins/sudoers/linux_audit.c:86 plugins/sudoers/log_client.c:112 +#: plugins/sudoers/log_client.c:390 plugins/sudoers/log_client.c:703 +#: plugins/sudoers/log_client.c:724 plugins/sudoers/log_client.c:1444 +#: plugins/sudoers/log_client.c:1662 plugins/sudoers/log_client.c:1989 +#: plugins/sudoers/log_client.c:2046 plugins/sudoers/logging.c:104 +#: plugins/sudoers/logging.c:184 plugins/sudoers/logging.c:468 +#: plugins/sudoers/logging.c:488 plugins/sudoers/logging.c:627 +#: plugins/sudoers/match_command.c:297 plugins/sudoers/match_command.c:497 +#: plugins/sudoers/match_command.c:546 plugins/sudoers/match_command.c:618 +#: plugins/sudoers/match_command.c:666 plugins/sudoers/match_digest.c:93 +#: plugins/sudoers/parse.c:201 plugins/sudoers/parse.c:218 +#: plugins/sudoers/parse.c:250 plugins/sudoers/parse.c:267 +#: plugins/sudoers/parse.c:290 plugins/sudoers/parse.c:301 #: plugins/sudoers/parse_ldif.c:153 plugins/sudoers/parse_ldif.c:184 -#: plugins/sudoers/parse_ldif.c:253 plugins/sudoers/parse_ldif.c:260 -#: plugins/sudoers/parse_ldif.c:265 plugins/sudoers/parse_ldif.c:341 -#: plugins/sudoers/parse_ldif.c:352 plugins/sudoers/parse_ldif.c:379 -#: plugins/sudoers/parse_ldif.c:396 plugins/sudoers/parse_ldif.c:408 -#: plugins/sudoers/parse_ldif.c:412 plugins/sudoers/parse_ldif.c:426 -#: plugins/sudoers/parse_ldif.c:594 plugins/sudoers/parse_ldif.c:624 -#: plugins/sudoers/parse_ldif.c:649 plugins/sudoers/parse_ldif.c:707 -#: plugins/sudoers/parse_ldif.c:724 plugins/sudoers/parse_ldif.c:752 -#: plugins/sudoers/parse_ldif.c:759 plugins/sudoers/policy.c:526 -#: plugins/sudoers/policy.c:874 plugins/sudoers/prompt.c:93 -#: plugins/sudoers/pwutil.c:194 plugins/sudoers/pwutil.c:265 -#: plugins/sudoers/pwutil.c:343 plugins/sudoers/pwutil.c:517 -#: plugins/sudoers/pwutil.c:581 plugins/sudoers/pwutil.c:652 -#: plugins/sudoers/pwutil.c:811 plugins/sudoers/pwutil.c:867 -#: plugins/sudoers/pwutil.c:911 plugins/sudoers/pwutil.c:968 -#: plugins/sudoers/sssd.c:145 plugins/sudoers/sssd.c:407 -#: plugins/sudoers/sssd.c:470 plugins/sudoers/sssd.c:514 -#: plugins/sudoers/sssd.c:561 plugins/sudoers/sssd.c:754 -#: plugins/sudoers/stubs.c:110 plugins/sudoers/stubs.c:118 -#: plugins/sudoers/sudoers.c:300 plugins/sudoers/sudoers.c:326 -#: plugins/sudoers/sudoers.c:370 plugins/sudoers/sudoers.c:381 -#: plugins/sudoers/sudoers.c:391 plugins/sudoers/sudoers.c:433 -#: plugins/sudoers/sudoers.c:794 plugins/sudoers/sudoers.c:927 -#: plugins/sudoers/sudoers.c:961 plugins/sudoers/sudoers.c:1265 -#: plugins/sudoers/sudoreplay.c:552 plugins/sudoers/sudoreplay.c:555 -#: plugins/sudoers/sudoreplay.c:1259 plugins/sudoers/sudoreplay.c:1469 -#: plugins/sudoers/sudoreplay.c:1473 plugins/sudoers/testsudoers.c:128 -#: plugins/sudoers/testsudoers.c:228 plugins/sudoers/testsudoers.c:245 -#: plugins/sudoers/testsudoers.c:587 plugins/sudoers/timestamp.c:432 -#: plugins/sudoers/timestamp.c:476 plugins/sudoers/timestamp.c:986 -#: plugins/sudoers/toke_util.c:51 plugins/sudoers/toke_util.c:104 -#: plugins/sudoers/toke_util.c:129 plugins/sudoers/toke_util.c:157 -#: plugins/sudoers/tsdump.c:123 plugins/sudoers/visudo.c:145 -#: plugins/sudoers/visudo.c:323 plugins/sudoers/visudo.c:329 -#: plugins/sudoers/visudo.c:439 plugins/sudoers/visudo.c:615 -#: plugins/sudoers/visudo.c:935 plugins/sudoers/visudo.c:1008 -#: plugins/sudoers/visudo.c:1129 toke.l:913 toke.l:1033 toke.l:1091 +#: plugins/sudoers/parse_ldif.c:253 plugins/sudoers/parse_ldif.c:261 +#: plugins/sudoers/parse_ldif.c:266 plugins/sudoers/parse_ldif.c:342 +#: plugins/sudoers/parse_ldif.c:353 plugins/sudoers/parse_ldif.c:380 +#: plugins/sudoers/parse_ldif.c:397 plugins/sudoers/parse_ldif.c:409 +#: plugins/sudoers/parse_ldif.c:413 plugins/sudoers/parse_ldif.c:427 +#: plugins/sudoers/parse_ldif.c:484 plugins/sudoers/parse_ldif.c:597 +#: plugins/sudoers/parse_ldif.c:627 plugins/sudoers/parse_ldif.c:652 +#: plugins/sudoers/parse_ldif.c:710 plugins/sudoers/parse_ldif.c:727 +#: plugins/sudoers/parse_ldif.c:755 plugins/sudoers/parse_ldif.c:762 +#: plugins/sudoers/policy.c:564 plugins/sudoers/policy.c:978 +#: plugins/sudoers/prompt.c:93 plugins/sudoers/pwutil.c:199 +#: plugins/sudoers/pwutil.c:270 plugins/sudoers/pwutil.c:348 +#: plugins/sudoers/pwutil.c:522 plugins/sudoers/pwutil.c:587 +#: plugins/sudoers/pwutil.c:659 plugins/sudoers/pwutil.c:857 +#: plugins/sudoers/pwutil.c:913 plugins/sudoers/pwutil.c:957 +#: plugins/sudoers/pwutil.c:1014 plugins/sudoers/sssd.c:145 +#: plugins/sudoers/sssd.c:407 plugins/sudoers/sssd.c:470 +#: plugins/sudoers/sssd.c:514 plugins/sudoers/sssd.c:558 +#: plugins/sudoers/sssd.c:751 plugins/sudoers/strvec_join.c:53 +#: plugins/sudoers/stubs.c:111 plugins/sudoers/stubs.c:119 +#: plugins/sudoers/sudoers.c:335 plugins/sudoers/sudoers.c:361 +#: plugins/sudoers/sudoers.c:429 plugins/sudoers/sudoers.c:438 +#: plugins/sudoers/sudoers.c:479 plugins/sudoers/sudoers.c:842 +#: plugins/sudoers/sudoers.c:980 plugins/sudoers/sudoers.c:1039 +#: plugins/sudoers/sudoers.c:1305 plugins/sudoers/sudoreplay.c:562 +#: plugins/sudoers/sudoreplay.c:565 plugins/sudoers/sudoreplay.c:1280 +#: plugins/sudoers/sudoreplay.c:1500 plugins/sudoers/sudoreplay.c:1504 +#: plugins/sudoers/testsudoers.c:120 plugins/sudoers/testsudoers.c:224 +#: plugins/sudoers/testsudoers.c:241 plugins/sudoers/testsudoers.c:580 +#: plugins/sudoers/timestamp.c:424 plugins/sudoers/timestamp.c:468 +#: plugins/sudoers/timestamp.c:980 plugins/sudoers/timestamp.c:1118 +#: plugins/sudoers/toke_util.c:77 plugins/sudoers/toke_util.c:105 +#: plugins/sudoers/toke_util.c:130 plugins/sudoers/toke_util.c:155 +#: plugins/sudoers/toke_util.c:193 plugins/sudoers/tsdump.c:123 +#: plugins/sudoers/visudo.c:145 plugins/sudoers/visudo.c:344 +#: plugins/sudoers/visudo.c:350 plugins/sudoers/visudo.c:456 +#: plugins/sudoers/visudo.c:632 plugins/sudoers/visudo.c:962 +#: plugins/sudoers/visudo.c:1035 toke.l:944 toke.l:1076 toke.l:1147 msgid "unable to allocate memory" msgstr "impossible d'allouer la mémoire" -#: gram.y:552 +#: gram.y:615 msgid "a digest requires a path name" msgstr "un résumé (digest) nécessite un chemin d'accès" -#: gram.y:581 +#: gram.y:637 msgid "values for \"CWD\" must start with a '/', '~', or '*'" msgstr "les valeurs de « CWD » doivent commencer par « / », « ~ » ou « * »" -#: gram.y:593 +#: gram.y:643 +msgid "\"CWD\" path too long" +msgstr "chemin trop long pour « CWD »" + +#: gram.y:653 msgid "values for \"CHROOT\" must start with a '/', '~', or '*'" msgstr "les valeurs de « CHROOT » doivent commencer par « / », « ~ » ou « * »" -#: gram.y:715 +#: gram.y:659 +msgid "\"CHROOT\" path too long" +msgstr "chemin trop long pour « CHROOT »" + +#: gram.y:788 #, c-format msgid "syntax error, reserved word %s used as an alias name" msgstr "erreur de syntaxe, le mot réservé %s est utilisé comme un nom de synonyme" -#: gram.y:735 +#: gram.y:811 msgid "invalid notbefore value" msgstr "valeur « notbefore » (pas avant) invalide" -#: gram.y:743 +#: gram.y:820 msgid "invalid notafter value" msgstr "valeur « notafter » (pas après) invalide" -#: gram.y:752 plugins/sudoers/policy.c:335 +#: gram.y:830 plugins/sudoers/policy.c:353 msgid "timeout value too large" msgstr "valeur trop grande pour le délai d'expiration" -#: gram.y:754 plugins/sudoers/policy.c:337 +#: gram.y:832 plugins/sudoers/policy.c:355 msgid "invalid timeout value" msgstr "valeur invalide pour le délai d'expiration" -#: gram.y:1079 +#: gram.y:946 plugins/sudoers/sudoers.c:998 +msgid "command too long" +msgstr "commande trop longue" + +#: gram.y:1203 #, c-format msgid "%s:%d:%d: %s\n" msgstr "%s:%d:%d: %s\n" -#: gram.y:1526 lib/eventlog/eventlog.c:280 lib/eventlog/eventlog.c:753 -#: lib/eventlog/eventlog.c:815 lib/eventlog/eventlog.c:816 -#: lib/eventlog/eventlog.c:1062 lib/iolog/iolog_fileio.c:998 -#: lib/iolog/iolog_json.c:120 lib/iolog/iolog_json.c:304 -#: lib/iolog/iolog_json.c:335 lib/iolog/iolog_json.c:457 -#: lib/iolog/iolog_json.c:735 lib/iolog/iolog_util.c:106 -#: lib/iolog/iolog_util.c:115 lib/iolog/iolog_util.c:125 -#: lib/iolog/iolog_util.c:133 lib/iolog/iolog_util.c:137 -#: lib/iolog/iolog_util.c:196 logsrvd/logsrvd.c:1280 logsrvd/logsrvd.c:1293 -#: logsrvd/logsrvd.c:1338 logsrvd/sendlog.c:480 logsrvd/sendlog.c:1321 -#: logsrvd/sendlog.c:1328 logsrvd/sendlog.c:1746 plugins/sudoers/audit.c:115 -#: plugins/sudoers/audit.c:210 plugins/sudoers/auth/pam.c:482 -#: plugins/sudoers/auth/pam.c:669 plugins/sudoers/auth/rfc1938.c:111 -#: plugins/sudoers/cvtsudoers.c:119 plugins/sudoers/cvtsudoers.c:159 -#: plugins/sudoers/cvtsudoers.c:176 plugins/sudoers/cvtsudoers.c:187 -#: plugins/sudoers/cvtsudoers.c:299 plugins/sudoers/cvtsudoers.c:427 -#: plugins/sudoers/cvtsudoers.c:560 plugins/sudoers/cvtsudoers.c:577 -#: plugins/sudoers/cvtsudoers.c:641 plugins/sudoers/cvtsudoers.c:756 -#: plugins/sudoers/cvtsudoers.c:763 plugins/sudoers/cvtsudoers.c:1178 -#: plugins/sudoers/cvtsudoers.c:1182 plugins/sudoers/cvtsudoers.c:1284 +#: gram.y:1247 +#, c-format +msgid "Alias \"%s\" already defined" +msgstr "L'alias « %s » est déjà défini" + +#: gram.y:1744 gram.y:1794 lib/eventlog/eventlog.c:309 +#: lib/eventlog/eventlog.c:804 lib/eventlog/eventlog.c:877 +#: lib/eventlog/eventlog.c:880 lib/eventlog/eventlog.c:1176 +#: lib/iolog/iolog_json.c:150 lib/iolog/iolog_json.c:381 +#: lib/iolog/iolog_json.c:412 lib/iolog/iolog_json.c:555 +#: lib/iolog/iolog_legacy.c:100 lib/iolog/iolog_legacy.c:111 +#: lib/iolog/iolog_legacy.c:123 lib/iolog/iolog_legacy.c:133 +#: lib/iolog/iolog_legacy.c:139 lib/iolog/iolog_loginfo.c:76 +#: lib/iolog/iolog_loginfo.c:211 logsrvd/iolog_writer.c:84 +#: logsrvd/iolog_writer.c:89 logsrvd/iolog_writer.c:123 +#: logsrvd/iolog_writer.c:162 logsrvd/iolog_writer.c:171 +#: logsrvd/iolog_writer.c:189 logsrvd/iolog_writer.c:211 +#: logsrvd/iolog_writer.c:224 logsrvd/iolog_writer.c:251 +#: logsrvd/iolog_writer.c:260 logsrvd/iolog_writer.c:276 +#: logsrvd/iolog_writer.c:285 logsrvd/iolog_writer.c:300 +#: logsrvd/iolog_writer.c:313 logsrvd/iolog_writer.c:326 +#: logsrvd/iolog_writer.c:339 logsrvd/iolog_writer.c:354 +#: logsrvd/iolog_writer.c:393 logsrvd/iolog_writer.c:399 +#: logsrvd/iolog_writer.c:406 logsrvd/iolog_writer.c:412 +#: logsrvd/iolog_writer.c:596 logsrvd/logsrv_util.c:64 logsrvd/logsrvd.c:296 +#: logsrvd/logsrvd.c:305 logsrvd/logsrvd.c:448 logsrvd/logsrvd.c:485 +#: logsrvd/logsrvd.c:593 logsrvd/logsrvd.c:1084 logsrvd/logsrvd.c:1400 +#: logsrvd/logsrvd.c:1406 logsrvd/logsrvd_conf.c:1360 +#: logsrvd/logsrvd_journal.c:70 logsrvd/logsrvd_journal.c:114 +#: logsrvd/logsrvd_journal.c:203 logsrvd/logsrvd_journal.c:233 +#: logsrvd/logsrvd_journal.c:237 logsrvd/logsrvd_journal.c:245 +#: logsrvd/logsrvd_journal.c:268 logsrvd/logsrvd_journal.c:272 +#: logsrvd/logsrvd_journal.c:425 logsrvd/logsrvd_local.c:174 +#: logsrvd/logsrvd_local.c:237 logsrvd/logsrvd_local.c:425 +#: logsrvd/logsrvd_local.c:431 logsrvd/logsrvd_local.c:450 +#: logsrvd/logsrvd_queue.c:153 logsrvd/logsrvd_queue.c:184 +#: logsrvd/logsrvd_queue.c:261 logsrvd/sendlog.c:246 logsrvd/sendlog.c:255 +#: logsrvd/sendlog.c:333 logsrvd/sendlog.c:640 logsrvd/sendlog.c:1526 +#: logsrvd/sendlog.c:1533 logsrvd/sendlog.c:1756 logsrvd/tls_init.c:293 +#: logsrvd/tls_init.c:314 logsrvd/tls_init.c:324 plugins/sudoers/audit.c:116 +#: plugins/sudoers/auth/pam.c:503 plugins/sudoers/auth/pam.c:689 +#: plugins/sudoers/auth/rfc1938.c:111 plugins/sudoers/check_aliases.c:134 +#: plugins/sudoers/cvtsudoers.c:131 plugins/sudoers/cvtsudoers.c:174 +#: plugins/sudoers/cvtsudoers.c:191 plugins/sudoers/cvtsudoers.c:202 +#: plugins/sudoers/cvtsudoers.c:332 plugins/sudoers/cvtsudoers.c:533 +#: plugins/sudoers/cvtsudoers.c:666 plugins/sudoers/cvtsudoers.c:684 +#: plugins/sudoers/cvtsudoers.c:755 plugins/sudoers/cvtsudoers.c:870 +#: plugins/sudoers/cvtsudoers.c:877 plugins/sudoers/cvtsudoers.c:1373 +#: plugins/sudoers/cvtsudoers.c:1377 plugins/sudoers/cvtsudoers.c:1479 +#: plugins/sudoers/cvtsudoers_csv.c:182 plugins/sudoers/cvtsudoers_csv.c:245 #: plugins/sudoers/cvtsudoers_json.c:75 plugins/sudoers/cvtsudoers_ldif.c:150 #: plugins/sudoers/cvtsudoers_ldif.c:193 plugins/sudoers/cvtsudoers_ldif.c:234 -#: plugins/sudoers/cvtsudoers_ldif.c:299 plugins/sudoers/cvtsudoers_ldif.c:370 -#: plugins/sudoers/cvtsudoers_ldif.c:420 plugins/sudoers/cvtsudoers_ldif.c:428 -#: plugins/sudoers/cvtsudoers_ldif.c:439 plugins/sudoers/cvtsudoers_ldif.c:446 -#: plugins/sudoers/cvtsudoers_ldif.c:459 plugins/sudoers/cvtsudoers_ldif.c:467 -#: plugins/sudoers/cvtsudoers_ldif.c:614 plugins/sudoers/defaults.c:630 -#: plugins/sudoers/defaults.c:923 plugins/sudoers/defaults.c:1098 -#: plugins/sudoers/editor.c:181 plugins/sudoers/env.c:261 +#: plugins/sudoers/cvtsudoers_ldif.c:299 plugins/sudoers/cvtsudoers_ldif.c:375 +#: plugins/sudoers/cvtsudoers_ldif.c:429 plugins/sudoers/cvtsudoers_ldif.c:437 +#: plugins/sudoers/cvtsudoers_ldif.c:448 plugins/sudoers/cvtsudoers_ldif.c:455 +#: plugins/sudoers/cvtsudoers_ldif.c:468 plugins/sudoers/cvtsudoers_ldif.c:476 +#: plugins/sudoers/cvtsudoers_ldif.c:623 +#: plugins/sudoers/cvtsudoers_merge.c:246 +#: plugins/sudoers/cvtsudoers_merge.c:292 +#: plugins/sudoers/cvtsudoers_merge.c:338 +#: plugins/sudoers/cvtsudoers_merge.c:359 +#: plugins/sudoers/cvtsudoers_merge.c:446 +#: plugins/sudoers/cvtsudoers_merge.c:454 +#: plugins/sudoers/cvtsudoers_merge.c:457 +#: plugins/sudoers/cvtsudoers_merge.c:523 +#: plugins/sudoers/cvtsudoers_merge.c:526 +#: plugins/sudoers/cvtsudoers_merge.c:695 +#: plugins/sudoers/cvtsudoers_merge.c:703 +#: plugins/sudoers/cvtsudoers_merge.c:926 +#: plugins/sudoers/cvtsudoers_merge.c:962 plugins/sudoers/defaults.c:665 +#: plugins/sudoers/defaults.c:1019 plugins/sudoers/defaults.c:1206 +#: plugins/sudoers/editor.c:190 plugins/sudoers/env.c:262 #: plugins/sudoers/exptilde.c:92 plugins/sudoers/filedigest.c:54 -#: plugins/sudoers/filedigest.c:70 plugins/sudoers/gc.c:56 -#: plugins/sudoers/group_plugin.c:132 plugins/sudoers/interfaces.c:72 -#: plugins/sudoers/iolog.c:596 plugins/sudoers/iolog.c:613 +#: plugins/sudoers/filedigest.c:70 plugins/sudoers/gc.c:57 +#: plugins/sudoers/group_plugin.c:132 plugins/sudoers/interfaces.c:68 +#: plugins/sudoers/iolog.c:609 plugins/sudoers/iolog.c:635 #: plugins/sudoers/ldap.c:184 plugins/sudoers/ldap.c:422 #: plugins/sudoers/ldap.c:432 plugins/sudoers/ldap.c:437 #: plugins/sudoers/ldap.c:441 plugins/sudoers/ldap.c:453 -#: plugins/sudoers/ldap.c:744 plugins/sudoers/ldap.c:908 -#: plugins/sudoers/ldap.c:1281 plugins/sudoers/ldap.c:1709 -#: plugins/sudoers/ldap.c:1746 plugins/sudoers/ldap.c:1827 -#: plugins/sudoers/ldap.c:1962 plugins/sudoers/ldap.c:2063 -#: plugins/sudoers/ldap.c:2079 plugins/sudoers/ldap_conf.c:218 +#: plugins/sudoers/ldap.c:749 plugins/sudoers/ldap.c:913 +#: plugins/sudoers/ldap.c:1286 plugins/sudoers/ldap.c:1712 +#: plugins/sudoers/ldap.c:1749 plugins/sudoers/ldap.c:1830 +#: plugins/sudoers/ldap.c:1965 plugins/sudoers/ldap.c:2066 +#: plugins/sudoers/ldap.c:2082 plugins/sudoers/ldap_conf.c:218 #: plugins/sudoers/ldap_conf.c:249 plugins/sudoers/ldap_conf.c:301 #: plugins/sudoers/ldap_conf.c:337 plugins/sudoers/ldap_conf.c:441 #: plugins/sudoers/ldap_conf.c:456 plugins/sudoers/ldap_conf.c:553 #: plugins/sudoers/ldap_conf.c:586 plugins/sudoers/ldap_conf.c:677 -#: plugins/sudoers/ldap_conf.c:760 plugins/sudoers/ldap_util.c:325 -#: plugins/sudoers/ldap_util.c:332 plugins/sudoers/ldap_util.c:603 -#: plugins/sudoers/linux_audit.c:84 plugins/sudoers/log_client.c:105 -#: plugins/sudoers/log_client.c:214 plugins/sudoers/log_client.c:235 -#: plugins/sudoers/log_client.c:248 plugins/sudoers/log_client.c:381 -#: plugins/sudoers/log_client.c:688 plugins/sudoers/log_client.c:706 -#: plugins/sudoers/log_client.c:1407 plugins/sudoers/log_client.c:1620 -#: plugins/sudoers/log_client.c:1942 plugins/sudoers/log_client.c:1999 -#: plugins/sudoers/logging.c:100 plugins/sudoers/logging.c:165 -#: plugins/sudoers/logging.c:166 plugins/sudoers/logging.c:425 -#: plugins/sudoers/logging.c:445 plugins/sudoers/logging.c:527 -#: plugins/sudoers/match_command.c:280 plugins/sudoers/match_command.c:448 -#: plugins/sudoers/match_command.c:498 plugins/sudoers/match_command.c:573 -#: plugins/sudoers/match_digest.c:93 plugins/sudoers/parse.c:198 -#: plugins/sudoers/parse.c:212 plugins/sudoers/parse.c:229 -#: plugins/sudoers/parse.c:243 plugins/sudoers/parse.c:263 -#: plugins/sudoers/parse.c:274 plugins/sudoers/parse_ldif.c:152 -#: plugins/sudoers/parse_ldif.c:183 plugins/sudoers/parse_ldif.c:252 -#: plugins/sudoers/parse_ldif.c:259 plugins/sudoers/parse_ldif.c:264 -#: plugins/sudoers/parse_ldif.c:340 plugins/sudoers/parse_ldif.c:351 -#: plugins/sudoers/parse_ldif.c:378 plugins/sudoers/parse_ldif.c:395 -#: plugins/sudoers/parse_ldif.c:407 plugins/sudoers/parse_ldif.c:411 -#: plugins/sudoers/parse_ldif.c:425 plugins/sudoers/parse_ldif.c:594 -#: plugins/sudoers/parse_ldif.c:623 plugins/sudoers/parse_ldif.c:648 -#: plugins/sudoers/parse_ldif.c:706 plugins/sudoers/parse_ldif.c:723 -#: plugins/sudoers/parse_ldif.c:751 plugins/sudoers/parse_ldif.c:758 -#: plugins/sudoers/policy.c:139 plugins/sudoers/policy.c:148 -#: plugins/sudoers/policy.c:157 plugins/sudoers/policy.c:183 -#: plugins/sudoers/policy.c:320 plugins/sudoers/policy.c:335 -#: plugins/sudoers/policy.c:337 plugins/sudoers/policy.c:366 -#: plugins/sudoers/policy.c:375 plugins/sudoers/policy.c:418 -#: plugins/sudoers/policy.c:428 plugins/sudoers/policy.c:437 -#: plugins/sudoers/policy.c:446 plugins/sudoers/policy.c:526 -#: plugins/sudoers/policy.c:874 plugins/sudoers/prompt.c:93 -#: plugins/sudoers/pwutil.c:194 plugins/sudoers/pwutil.c:265 -#: plugins/sudoers/pwutil.c:343 plugins/sudoers/pwutil.c:517 -#: plugins/sudoers/pwutil.c:581 plugins/sudoers/pwutil.c:652 -#: plugins/sudoers/pwutil.c:811 plugins/sudoers/pwutil.c:867 -#: plugins/sudoers/pwutil.c:911 plugins/sudoers/pwutil.c:968 -#: plugins/sudoers/set_perms.c:359 plugins/sudoers/set_perms.c:698 -#: plugins/sudoers/set_perms.c:1061 plugins/sudoers/set_perms.c:1364 -#: plugins/sudoers/set_perms.c:1529 plugins/sudoers/sssd.c:144 +#: plugins/sudoers/ldap_conf.c:760 plugins/sudoers/ldap_util.c:292 +#: plugins/sudoers/ldap_util.c:299 plugins/sudoers/ldap_util.c:613 +#: plugins/sudoers/linux_audit.c:86 plugins/sudoers/log_client.c:112 +#: plugins/sudoers/log_client.c:221 plugins/sudoers/log_client.c:242 +#: plugins/sudoers/log_client.c:255 plugins/sudoers/log_client.c:390 +#: plugins/sudoers/log_client.c:703 plugins/sudoers/log_client.c:724 +#: plugins/sudoers/log_client.c:1444 plugins/sudoers/log_client.c:1662 +#: plugins/sudoers/log_client.c:1989 plugins/sudoers/log_client.c:2046 +#: plugins/sudoers/logging.c:104 plugins/sudoers/logging.c:183 +#: plugins/sudoers/logging.c:184 plugins/sudoers/logging.c:467 +#: plugins/sudoers/logging.c:487 plugins/sudoers/logging.c:627 +#: plugins/sudoers/match_command.c:296 plugins/sudoers/match_command.c:496 +#: plugins/sudoers/match_command.c:545 plugins/sudoers/match_command.c:618 +#: plugins/sudoers/match_command.c:665 plugins/sudoers/match_digest.c:93 +#: plugins/sudoers/parse.c:200 plugins/sudoers/parse.c:217 +#: plugins/sudoers/parse.c:249 plugins/sudoers/parse.c:266 +#: plugins/sudoers/parse.c:289 plugins/sudoers/parse.c:300 +#: plugins/sudoers/parse_ldif.c:152 plugins/sudoers/parse_ldif.c:183 +#: plugins/sudoers/parse_ldif.c:252 plugins/sudoers/parse_ldif.c:260 +#: plugins/sudoers/parse_ldif.c:265 plugins/sudoers/parse_ldif.c:341 +#: plugins/sudoers/parse_ldif.c:352 plugins/sudoers/parse_ldif.c:379 +#: plugins/sudoers/parse_ldif.c:396 plugins/sudoers/parse_ldif.c:408 +#: plugins/sudoers/parse_ldif.c:412 plugins/sudoers/parse_ldif.c:426 +#: plugins/sudoers/parse_ldif.c:484 plugins/sudoers/parse_ldif.c:597 +#: plugins/sudoers/parse_ldif.c:626 plugins/sudoers/parse_ldif.c:651 +#: plugins/sudoers/parse_ldif.c:709 plugins/sudoers/parse_ldif.c:726 +#: plugins/sudoers/parse_ldif.c:754 plugins/sudoers/parse_ldif.c:761 +#: plugins/sudoers/policy.c:152 plugins/sudoers/policy.c:161 +#: plugins/sudoers/policy.c:170 plugins/sudoers/policy.c:197 +#: plugins/sudoers/policy.c:338 plugins/sudoers/policy.c:353 +#: plugins/sudoers/policy.c:355 plugins/sudoers/policy.c:385 +#: plugins/sudoers/policy.c:394 plugins/sudoers/policy.c:442 +#: plugins/sudoers/policy.c:452 plugins/sudoers/policy.c:461 +#: plugins/sudoers/policy.c:470 plugins/sudoers/policy.c:564 +#: plugins/sudoers/policy.c:978 plugins/sudoers/prompt.c:93 +#: plugins/sudoers/pwutil.c:199 plugins/sudoers/pwutil.c:270 +#: plugins/sudoers/pwutil.c:348 plugins/sudoers/pwutil.c:522 +#: plugins/sudoers/pwutil.c:587 plugins/sudoers/pwutil.c:659 +#: plugins/sudoers/pwutil.c:857 plugins/sudoers/pwutil.c:913 +#: plugins/sudoers/pwutil.c:957 plugins/sudoers/pwutil.c:1014 +#: plugins/sudoers/set_perms.c:363 plugins/sudoers/set_perms.c:706 +#: plugins/sudoers/set_perms.c:1073 plugins/sudoers/set_perms.c:1380 +#: plugins/sudoers/set_perms.c:1549 plugins/sudoers/sssd.c:144 #: plugins/sudoers/sssd.c:407 plugins/sudoers/sssd.c:470 -#: plugins/sudoers/sssd.c:514 plugins/sudoers/sssd.c:561 -#: plugins/sudoers/sssd.c:754 plugins/sudoers/stubs.c:110 -#: plugins/sudoers/stubs.c:118 plugins/sudoers/sudoers.c:300 -#: plugins/sudoers/sudoers.c:326 plugins/sudoers/sudoers.c:370 -#: plugins/sudoers/sudoers.c:381 plugins/sudoers/sudoers.c:391 -#: plugins/sudoers/sudoers.c:433 plugins/sudoers/sudoers.c:794 -#: plugins/sudoers/sudoers.c:927 plugins/sudoers/sudoers.c:961 -#: plugins/sudoers/sudoers.c:1265 plugins/sudoers/sudoreplay.c:552 -#: plugins/sudoers/sudoreplay.c:555 plugins/sudoers/sudoreplay.c:1259 -#: plugins/sudoers/sudoreplay.c:1469 plugins/sudoers/sudoreplay.c:1473 -#: plugins/sudoers/testsudoers.c:128 plugins/sudoers/testsudoers.c:228 -#: plugins/sudoers/testsudoers.c:245 plugins/sudoers/testsudoers.c:587 -#: plugins/sudoers/timestamp.c:432 plugins/sudoers/timestamp.c:476 -#: plugins/sudoers/timestamp.c:986 plugins/sudoers/toke_util.c:51 -#: plugins/sudoers/toke_util.c:104 plugins/sudoers/toke_util.c:128 -#: plugins/sudoers/toke_util.c:157 plugins/sudoers/tsdump.c:123 -#: plugins/sudoers/visudo.c:145 plugins/sudoers/visudo.c:323 -#: plugins/sudoers/visudo.c:329 plugins/sudoers/visudo.c:439 -#: plugins/sudoers/visudo.c:615 plugins/sudoers/visudo.c:935 -#: plugins/sudoers/visudo.c:1008 plugins/sudoers/visudo.c:1129 toke.l:913 -#: toke.l:1033 toke.l:1091 +#: plugins/sudoers/sssd.c:514 plugins/sudoers/sssd.c:558 +#: plugins/sudoers/sssd.c:751 plugins/sudoers/strvec_join.c:53 +#: plugins/sudoers/stubs.c:111 plugins/sudoers/stubs.c:119 +#: plugins/sudoers/sudoers.c:335 plugins/sudoers/sudoers.c:361 +#: plugins/sudoers/sudoers.c:429 plugins/sudoers/sudoers.c:438 +#: plugins/sudoers/sudoers.c:479 plugins/sudoers/sudoers.c:842 +#: plugins/sudoers/sudoers.c:980 plugins/sudoers/sudoers.c:1039 +#: plugins/sudoers/sudoers.c:1305 plugins/sudoers/sudoreplay.c:562 +#: plugins/sudoers/sudoreplay.c:565 plugins/sudoers/sudoreplay.c:1280 +#: plugins/sudoers/sudoreplay.c:1500 plugins/sudoers/sudoreplay.c:1504 +#: plugins/sudoers/testsudoers.c:120 plugins/sudoers/testsudoers.c:224 +#: plugins/sudoers/testsudoers.c:241 plugins/sudoers/testsudoers.c:580 +#: plugins/sudoers/timestamp.c:424 plugins/sudoers/timestamp.c:468 +#: plugins/sudoers/timestamp.c:980 plugins/sudoers/timestamp.c:1118 +#: plugins/sudoers/toke_util.c:77 plugins/sudoers/toke_util.c:105 +#: plugins/sudoers/toke_util.c:130 plugins/sudoers/toke_util.c:154 +#: plugins/sudoers/toke_util.c:193 plugins/sudoers/tsdump.c:123 +#: plugins/sudoers/visudo.c:145 plugins/sudoers/visudo.c:344 +#: plugins/sudoers/visudo.c:350 plugins/sudoers/visudo.c:456 +#: plugins/sudoers/visudo.c:632 plugins/sudoers/visudo.c:962 +#: plugins/sudoers/visudo.c:1035 toke.l:944 toke.l:1076 toke.l:1139 +#: toke.l:1147 #, c-format msgid "%s: %s" msgstr "%s : %s" -#: lib/eventlog/eventlog.c:285 lib/iolog/iolog_json.c:463 -#: lib/iolog/iolog_json.c:466 lib/iolog/iolog_json.c:468 -#: lib/iolog/iolog_json.c:560 plugins/sudoers/cvtsudoers_ldif.c:244 -#: plugins/sudoers/cvtsudoers_ldif.c:251 plugins/sudoers/cvtsudoers_ldif.c:571 -#: plugins/sudoers/env.c:323 plugins/sudoers/env.c:330 -#: plugins/sudoers/env.c:437 plugins/sudoers/iolog.c:618 -#: plugins/sudoers/ldap.c:517 plugins/sudoers/ldap.c:748 -#: plugins/sudoers/ldap.c:1081 plugins/sudoers/ldap_conf.c:222 -#: plugins/sudoers/ldap_conf.c:312 plugins/sudoers/linux_audit.c:90 -#: plugins/sudoers/policy.c:556 plugins/sudoers/policy.c:711 -#: plugins/sudoers/policy.c:721 plugins/sudoers/prompt.c:161 -#: plugins/sudoers/sudoers.c:983 plugins/sudoers/testsudoers.c:249 -#: plugins/sudoers/toke_util.c:169 +#: lib/eventlog/eventlog.c:314 lib/iolog/iolog_json.c:562 +#: lib/iolog/iolog_json.c:568 lib/iolog/iolog_json.c:574 +#: plugins/sudoers/cvtsudoers_csv.c:192 plugins/sudoers/cvtsudoers_csv.c:199 +#: plugins/sudoers/cvtsudoers_ldif.c:244 plugins/sudoers/cvtsudoers_ldif.c:251 +#: plugins/sudoers/cvtsudoers_ldif.c:580 plugins/sudoers/env.c:326 +#: plugins/sudoers/env.c:333 plugins/sudoers/env.c:444 +#: plugins/sudoers/ldap.c:520 plugins/sudoers/ldap.c:753 +#: plugins/sudoers/ldap.c:1086 plugins/sudoers/ldap_conf.c:222 +#: plugins/sudoers/ldap_conf.c:312 plugins/sudoers/ldap_util.c:485 +#: plugins/sudoers/linux_audit.c:92 plugins/sudoers/policy.c:594 +#: plugins/sudoers/policy.c:763 plugins/sudoers/policy.c:774 +#: plugins/sudoers/prompt.c:168 plugins/sudoers/strvec_join.c:62 +#: plugins/sudoers/testsudoers.c:245 plugins/sudoers/toke_util.c:206 +#: toke.l:908 toke.l:1110 #, c-format msgid "internal error, %s overflow" msgstr "erreur interne, dépassement de %s" -#: lib/eventlog/eventlog.c:343 +#: lib/eventlog/eventlog.c:373 #, c-format msgid "unable to dup stdin: %m" msgstr "duplication (dup) de stdin impossible : %m" -#: lib/eventlog/eventlog.c:388 +#: lib/eventlog/eventlog.c:415 #, c-format msgid "unable to execute %s: %m" msgstr "exécution de %s impossible : %m" -#: lib/eventlog/eventlog.c:428 plugins/sudoers/auth/aix_auth.c:198 +#: lib/eventlog/eventlog.c:456 plugins/sudoers/auth/aix_auth.c:198 msgid "unable to fork" msgstr "création du processus fils impossible" -#: lib/eventlog/eventlog.c:436 lib/eventlog/eventlog.c:490 +#: lib/eventlog/eventlog.c:464 lib/eventlog/eventlog.c:518 #, c-format msgid "unable to fork: %m" msgstr "création du processus fils impossible : %m" -#: lib/eventlog/eventlog.c:480 +#: lib/eventlog/eventlog.c:508 #, c-format msgid "unable to open pipe: %m" msgstr "ouverture du tube impossible : %m" -#: lib/eventlog/eventlog.c:894 +#: lib/eventlog/eventlog.c:1007 #, c-format msgid "%8s : %s" msgstr "%8s : %s" -#: lib/eventlog/eventlog.c:923 +#: lib/eventlog/eventlog.c:1036 #, c-format msgid "%8s : (command continued) %s" msgstr "%8s : (suite de la commande) %s" -#: lib/iolog/iolog_fileio.c:155 -#, c-format -msgid "%s exists but is not a directory (0%o)" -msgstr "%s existe mais n'est pas un répertoire (0%o)" - -#: lib/iolog/iolog_fileio.c:185 lib/iolog/iolog_fileio.c:231 -#: plugins/sudoers/timestamp.c:205 -#, c-format -msgid "unable to mkdir %s" -msgstr "création du répertoire (mkdir) %s impossible" - -#: lib/iolog/iolog_fileio.c:235 plugins/sudoers/visudo.c:732 -#: plugins/sudoers/visudo.c:743 -#, c-format -msgid "unable to change mode of %s to 0%o" -msgstr "impossible de changer le mode de %s pour lui affecter 0%o" - -#: lib/iolog/iolog_json.c:114 +#: lib/iolog/iolog_json.c:140 #, c-format msgid "expected JSON_STRING, got %d" msgstr "JSON_STRING attendue, %d obtenu" -#: lib/iolog/iolog_json.c:327 +#: lib/iolog/iolog_json.c:145 +msgid "JSON_ARRAY too large" +msgstr "JSON_ARRAY trop grand" + +#: lib/iolog/iolog_json.c:404 msgid "missing double quote in name" msgstr "guillemet manquante dans le nom" -#: lib/iolog/iolog_json.c:414 +#: lib/iolog/iolog_json.c:501 +msgid "missing JSON_OBJECT" +msgstr "JSON_OBJECT manquant" + +#: lib/iolog/iolog_json.c:505 #, c-format msgid "expected JSON_OBJECT, got %d" msgstr "JSON_OBJECT attendu, %d obtenu" -#: lib/iolog/iolog_json.c:629 lib/iolog/iolog_json.c:753 +#: lib/iolog/iolog_json.c:661 +#, c-format +msgid "json stack exhausted (max %u frames)" +msgstr "pile json épuisée (max %u trames)" + +#: lib/iolog/iolog_json.c:735 +msgid "objects must consist of name:value pairs" +msgstr "les objets doivent être des paires nom:valeur" + +#: lib/iolog/iolog_json.c:740 lib/iolog/iolog_json.c:771 +#: lib/iolog/iolog_json.c:815 lib/iolog/iolog_json.c:837 +#: lib/iolog/iolog_json.c:859 lib/iolog/iolog_json.c:881 +#: lib/iolog/iolog_json.c:903 +msgid "missing separator between values" +msgstr "séparateur manquant entre les valeurs" + +#: lib/iolog/iolog_json.c:755 lib/iolog/iolog_json.c:929 msgid "unmatched close brace" msgstr "accolade fermante non appariée" -#: lib/iolog/iolog_json.c:638 +#: lib/iolog/iolog_json.c:766 msgid "unexpected array" msgstr "tableau attendu" -#: lib/iolog/iolog_json.c:651 lib/iolog/iolog_json.c:755 +#: lib/iolog/iolog_json.c:786 lib/iolog/iolog_json.c:932 msgid "unmatched close bracket" msgstr "crochet fermant non apparié" -#: lib/iolog/iolog_json.c:659 +#: lib/iolog/iolog_json.c:797 msgid "unexpected string" msgstr "chaîne inattendue" -#: lib/iolog/iolog_json.c:669 +#: lib/iolog/iolog_json.c:808 msgid "missing colon after name" msgstr "deux points manquants après le nom" -#: lib/iolog/iolog_json.c:680 lib/iolog/iolog_json.c:695 -#: lib/iolog/iolog_json.c:710 +#: lib/iolog/iolog_json.c:829 lib/iolog/iolog_json.c:851 msgid "unexpected boolean" msgstr "booléen inattendu" -#: lib/iolog/iolog_json.c:726 +#: lib/iolog/iolog_json.c:873 +msgid "unexpected null" +msgstr "nul inattendu" + +#: lib/iolog/iolog_json.c:894 msgid "unexpected number" msgstr "nombre inattendu" -#: lib/iolog/iolog_json.c:763 -#, c-format -msgid "%s:%u unable to parse \"%s\"" -msgstr "%s:%u analyse grammaticale (parse) de « %s » impossible" +#: lib/iolog/iolog_json.c:941 +msgid "parse error" +msgstr "erreur d'analyse grammaticale" -#: lib/iolog/iolog_util.c:71 +#: lib/iolog/iolog_legacy.c:65 #, c-format msgid "%s: invalid log file" msgstr "%s: fichier de journalisation incorrect" -#: lib/iolog/iolog_util.c:89 +#: lib/iolog/iolog_legacy.c:83 #, c-format msgid "%s: time stamp field is missing" msgstr "%s: il manque le champ d'horodatage" -#: lib/iolog/iolog_util.c:95 +#: lib/iolog/iolog_legacy.c:89 #, c-format msgid "%s: time stamp %s: %s" msgstr "%s: horodatage %s : %s" -#: lib/iolog/iolog_util.c:102 +#: lib/iolog/iolog_legacy.c:96 #, c-format msgid "%s: user field is missing" msgstr "%s: il manque le champ utilisateur" -#: lib/iolog/iolog_util.c:111 +#: lib/iolog/iolog_legacy.c:107 #, c-format msgid "%s: runas user field is missing" msgstr "%s: il manque le champ précisant l'utilisateur effectif (runas)" -#: lib/iolog/iolog_util.c:120 +#: lib/iolog/iolog_legacy.c:118 #, c-format msgid "%s: runas group field is missing" msgstr "%s: il manque le champ précisant le groupe effectif (runas)" -#: lib/iolog/iolog_util.c:419 +#: lib/iolog/iolog_mkdirs.c:89 +#, c-format +msgid "%s exists but is not a directory (0%o)" +msgstr "%s existe mais n'est pas un répertoire (0%o)" + +#: lib/iolog/iolog_mkdirs.c:119 lib/iolog/iolog_mkdtemp.c:77 +#: logsrvd/iolog_writer.c:807 plugins/sudoers/timestamp.c:205 +#, c-format +msgid "unable to mkdir %s" +msgstr "création du répertoire (mkdir) %s impossible" + +#: lib/iolog/iolog_mkdtemp.c:81 plugins/sudoers/visudo.c:731 +#: plugins/sudoers/visudo.c:765 plugins/sudoers/visudo.c:771 +#, c-format +msgid "unable to change mode of %s to 0%o" +msgstr "impossible de changer le mode de %s pour lui affecter 0%o" + +#: lib/iolog/iolog_timing.c:261 #, c-format msgid "error reading timing file: %s" msgstr "erreur de lecture dans le fichier de timing : %s" -#: lib/iolog/iolog_util.c:426 +#: lib/iolog/iolog_timing.c:268 #, c-format msgid "invalid timing file line: %s" msgstr "ligne invalide dans le fichier de timing : %s" -#: logsrvd/iolog_writer.c:919 -msgid "log is already complete, cannot be restarted" -msgstr "l'enregistrement du journal est déjà terminé, impossible de redémarrer" +#: logsrvd/iolog_writer.c:130 plugins/sudoers/logging.c:803 +#: plugins/sudoers/policy.c:544 +msgid "unable to generate UUID" +msgstr "impossible de générer le UUID" -#: logsrvd/iolog_writer.c:950 -msgid "unable to restart log" -msgstr "impossible de redémarrer l'enregistrement du journal" +#: logsrvd/iolog_writer.c:158 logsrvd/iolog_writer.c:176 +#: logsrvd/iolog_writer.c:185 logsrvd/iolog_writer.c:203 +#: logsrvd/iolog_writer.c:216 logsrvd/iolog_writer.c:229 +#: logsrvd/iolog_writer.c:240 logsrvd/iolog_writer.c:247 +#: logsrvd/iolog_writer.c:265 logsrvd/iolog_writer.c:272 +#: logsrvd/iolog_writer.c:290 logsrvd/iolog_writer.c:305 +#: logsrvd/iolog_writer.c:318 logsrvd/iolog_writer.c:331 +#: logsrvd/iolog_writer.c:344 logsrvd/iolog_writer.c:359 +#, c-format +msgid "%s: protocol error: wrong type for %s" +msgstr "%s : erreur de protocole : mauvais type pour %s" + +#: logsrvd/iolog_writer.c:370 logsrvd/iolog_writer.c:375 +#: logsrvd/iolog_writer.c:380 logsrvd/iolog_writer.c:385 +#, c-format +msgid "%s: protocol error: %s missing from AcceptMessage" +msgstr "%s : erreur de protocole : %s est manquant dans AcceptMessage" -#: logsrvd/logsrv_util.c:99 logsrvd/logsrv_util.c:106 -#: plugins/sudoers/sudoreplay.c:352 plugins/sudoers/sudoreplay.c:358 +#: logsrvd/iolog_writer.c:446 +#, c-format +msgid "%s: unable to format session id" +msgstr "%s : impossible de formater l'id de session" + +#: logsrvd/iolog_writer.c:460 logsrvd/iolog_writer.c:474 +#: logsrvd/iolog_writer.c:488 logsrvd/iolog_writer.c:503 +#: logsrvd/iolog_writer.c:517 logsrvd/iolog_writer.c:531 +#, c-format +msgid "%s: %s is not set" +msgstr "%s : %s n'est pas défini" + +#: logsrvd/iolog_writer.c:567 logsrvd/iolog_writer.c:574 +#, c-format +msgid "unable to expand iolog path %s" +msgstr "impossible de développer le chemin iolog %s" + +#: logsrvd/iolog_writer.c:592 +#, c-format +msgid "unable to create iolog path %s" +msgstr "impossible de créer le chemin iolog %s" + +#: logsrvd/iolog_writer.c:622 +#, c-format +msgid "invalid iofd %d" +msgstr "iofd %d invalide" + +#: logsrvd/iolog_writer.c:642 +#, c-format +msgid "error closing iofd %d: %s" +msgstr "erreur à la fermeture du iofd %d : %s" + +#: logsrvd/iolog_writer.c:662 +#, c-format +msgid "error flushing iofd %d: %s" +msgstr "erreur lors de la vidange du iofd %d : %s" + +#: logsrvd/iolog_writer.c:777 +#, c-format +msgid "invalid I/O log %s: %s referenced but not present" +msgstr "journal E/S %s invalide : il est fait référence à %s alors qu'il n'est pas présent" + +#: logsrvd/iolog_writer.c:789 logsrvd/logsrvd_journal.c:377 +#, c-format +msgid "%s: unable to find resume point [%lld, %ld]" +msgstr "%s : impossible de trouver le point de redémarrage [%lld, %ld]" + +#: logsrvd/iolog_writer.c:811 logsrvd/logsrvd_journal.c:420 +#: logsrvd/logsrvd_queue.c:110 logsrvd/tls_init.c:245 +#: plugins/sudoers/check.c:274 plugins/sudoers/cvtsudoers.c:727 +#: plugins/sudoers/cvtsudoers.c:748 plugins/sudoers/cvtsudoers.c:1439 +#: plugins/sudoers/cvtsudoers_csv.c:681 plugins/sudoers/cvtsudoers_json.c:885 +#: plugins/sudoers/cvtsudoers_ldif.c:697 plugins/sudoers/sudoers.c:1092 +#: plugins/sudoers/sudoreplay.c:1466 plugins/sudoers/timestamp.c:433 +#: plugins/sudoers/tsdump.c:128 plugins/sudoers/visudo.c:949 +#, c-format +msgid "unable to open %s" +msgstr "ouverture de %s impossible" + +#: logsrvd/iolog_writer.c:823 logsrvd/logsrv_util.c:100 +#: logsrvd/logsrv_util.c:107 plugins/sudoers/sudoreplay.c:362 +#: plugins/sudoers/sudoreplay.c:368 #, c-format msgid "unable to open %s/%s" msgstr "ouverture de %si/%s impossible" -#: logsrvd/logsrv_util.c:133 +#: logsrvd/iolog_writer.c:836 +#, c-format +msgid "unable to copy %s/%s to %s/%s: %s" +msgstr "impossible de copier %s/%s vers %s/%s : %s" + +#: logsrvd/iolog_writer.c:865 logsrvd/logsrvd_journal.c:185 +#, c-format +msgid "unable to rename %s to %s" +msgstr "impossible de renommer %s en %s" + +#: logsrvd/logsrv_util.c:139 logsrvd/logsrv_util.c:168 +#, c-format +msgid "%s/%s: unable to find resume point [%lld, %ld]" +msgstr "%s/%s : impossible de trouver le point de redémarrage [%lld, %ld]" + +#: logsrvd/logsrv_util.c:151 #, c-format msgid "missing I/O log file %s/%s" msgstr "fichier du journal E/S %s/%s manquant" -#: logsrvd/logsrv_util.c:140 +#: logsrvd/logsrv_util.c:158 #, c-format msgid "%s/%s: unable to seek forward %zu" msgstr "%s/%s : impossible d'examiner vers l'avant de %zu" -#: logsrvd/logsrv_util.c:150 -#, c-format -msgid "unable to find resume point [%lld, %ld] in %s/%s" -msgstr "impossible de trouver le point de redémarrage [%lld, %ld] dans %s/%s" +#: logsrvd/logsrvd.c:266 logsrvd/logsrvd_queue.c:130 +msgid "unable to connect to relay" +msgstr "impossible de se connecter au relai" + +#: logsrvd/logsrvd.c:325 logsrvd/logsrvd_relay.c:835 +#, c-format +msgid "server message too large: %zu" +msgstr "message serveur trop grand : %zu" + +#: logsrvd/logsrvd.c:417 logsrvd/logsrvd.c:534 logsrvd/logsrvd.c:613 +#: logsrvd/logsrvd.c:837 logsrvd/logsrvd.c:851 logsrvd/logsrvd.c:1010 +#: logsrvd/logsrvd.c:1134 logsrvd/logsrvd.c:1307 logsrvd/logsrvd.c:1325 +#: logsrvd/logsrvd.c:1423 logsrvd/logsrvd.c:1546 logsrvd/logsrvd.c:1730 +#: logsrvd/logsrvd_journal.c:489 logsrvd/logsrvd_local.c:197 +#: logsrvd/logsrvd_queue.c:159 logsrvd/logsrvd_relay.c:167 +#: logsrvd/logsrvd_relay.c:244 logsrvd/logsrvd_relay.c:248 +#: logsrvd/logsrvd_relay.c:384 logsrvd/logsrvd_relay.c:576 +#: logsrvd/logsrvd_relay.c:737 logsrvd/logsrvd_relay.c:1121 +#: logsrvd/sendlog.c:1316 logsrvd/tls_client.c:131 logsrvd/tls_client.c:147 +#: logsrvd/tls_client.c:209 plugins/sudoers/audit.c:276 +#: plugins/sudoers/iolog.c:963 plugins/sudoers/iolog.c:1096 +#: plugins/sudoers/iolog.c:1194 plugins/sudoers/log_client.c:116 +#: plugins/sudoers/log_client.c:332 plugins/sudoers/log_client.c:348 +#: plugins/sudoers/log_client.c:395 plugins/sudoers/log_client.c:599 +#: plugins/sudoers/log_client.c:606 plugins/sudoers/log_client.c:1131 +#: plugins/sudoers/log_client.c:1413 plugins/sudoers/log_client.c:1454 +#: plugins/sudoers/log_client.c:1462 plugins/sudoers/log_client.c:1618 +#: plugins/sudoers/log_client.c:1734 plugins/sudoers/log_client.c:2054 +#: plugins/sudoers/log_client.c:2062 plugins/sudoers/logging.c:142 +#: plugins/sudoers/logging.c:198 plugins/sudoers/sudoreplay.c:522 +#: plugins/sudoers/sudoreplay.c:569 plugins/sudoers/sudoreplay.c:811 +#: plugins/sudoers/sudoreplay.c:923 plugins/sudoers/sudoreplay.c:1014 +#: plugins/sudoers/sudoreplay.c:1029 plugins/sudoers/sudoreplay.c:1036 +#: plugins/sudoers/sudoreplay.c:1043 plugins/sudoers/sudoreplay.c:1050 +#: plugins/sudoers/sudoreplay.c:1057 plugins/sudoers/sudoreplay.c:1184 +msgid "unable to add event to queue" +msgstr "impossible d'ajouter l'événement à la queue" -#: logsrvd/logsrvd.c:290 logsrvd/logsrvd.c:353 logsrvd/logsrvd.c:394 -#: logsrvd/logsrvd.c:449 logsrvd/logsrvd.c:517 logsrvd/logsrvd.c:568 -#: logsrvd/logsrvd.c:600 logsrvd/logsrvd.c:632 +#: logsrvd/logsrvd.c:441 logsrvd/logsrvd.c:478 logsrvd/logsrvd.c:510 +#: logsrvd/logsrvd.c:558 logsrvd/logsrvd.c:630 logsrvd/logsrvd.c:660 +#: logsrvd/logsrvd.c:690 logsrvd/logsrvd.c:720 logsrvd/logsrvd_relay.c:505 +#: logsrvd/logsrvd_relay.c:538 +#, c-format +msgid "unexpected state %d for %s" +msgstr "état %d inattendu pour %s" + +#: logsrvd/logsrvd.c:442 logsrvd/logsrvd.c:479 logsrvd/logsrvd.c:511 +#: logsrvd/logsrvd.c:559 logsrvd/logsrvd.c:631 logsrvd/logsrvd.c:661 +#: logsrvd/logsrvd.c:691 logsrvd/logsrvd.c:721 logsrvd/logsrvd_relay.c:507 +#: logsrvd/logsrvd_relay.c:540 msgid "state machine error" msgstr "erreur de la machine à états" -#: logsrvd/logsrvd.c:299 +#: logsrvd/logsrvd.c:448 logsrvd/logsrvd.c:449 msgid "invalid AcceptMessage" msgstr "AcceptMessage invalide" -#: logsrvd/logsrvd.c:307 -msgid "error parsing AcceptMessage" -msgstr "erreur de l'analyse de AcceptMessage" - -#: logsrvd/logsrvd.c:314 -msgid "error creating I/O log" -msgstr "erreur lors de la création du journal des E/S" - -#: logsrvd/logsrvd.c:321 -msgid "error logging accept event" -msgstr "erreur en écrivant l'événement d'acceptation dans le journal" - -#: logsrvd/logsrvd.c:362 +#: logsrvd/logsrvd.c:485 logsrvd/logsrvd.c:486 msgid "invalid RejectMessage" msgstr "RejectMessage invalide" -#: logsrvd/logsrvd.c:370 -msgid "error parsing RejectMessage" -msgstr "erreur de l'analyse de RejectMessage" - -#: logsrvd/logsrvd.c:376 -msgid "error logging reject event" -msgstr "erreur en écrivant l'événement de rejet dans le journal" - -#: logsrvd/logsrvd.c:486 +#: logsrvd/logsrvd.c:593 logsrvd/logsrvd.c:594 msgid "invalid AlertMessage" msgstr "AlertMessage invalide" -#: logsrvd/logsrvd.c:494 -msgid "error parsing AlertMessage" -msgstr "erreur de l'analyse de AlertMessage" - -#: logsrvd/logsrvd.c:502 -msgid "error logging alert event" -msgstr "erreur lors de l'écriture de l'événement d'alerte dans le journal" +#: logsrvd/logsrvd.c:635 logsrvd/logsrvd.c:665 logsrvd/logsrvd.c:695 +#, c-format +msgid "%s: unexpected IoBuffer" +msgstr "%s : IoBuffer inattendu" -#: logsrvd/logsrvd.c:523 logsrvd/logsrvd.c:574 logsrvd/logsrvd.c:606 +#: logsrvd/logsrvd.c:636 logsrvd/logsrvd.c:666 logsrvd/logsrvd.c:696 msgid "protocol error" msgstr "erreur protocole" -#: logsrvd/logsrvd.c:533 -msgid "error writing IoBuffer" -msgstr "erreur d'écriture dans IoBuffer" - -#: logsrvd/logsrvd.c:585 -msgid "error writing ChangeWindowSize" -msgstr "erreur de l'écriture de ChangeWindowSize" - -#: logsrvd/logsrvd.c:617 -msgid "error writing CommandSuspend" -msgstr "erreur de l'écriture de CommandSuspend" +#: logsrvd/logsrvd.c:791 logsrvd/logsrvd_journal.c:357 +#: logsrvd/logsrvd_local.c:125 logsrvd/logsrvd_relay.c:671 +#, c-format +msgid "unexpected type_case value %d in %s from %s" +msgstr "valeur type_case %d inattendue dans %s de %s" -#: logsrvd/logsrvd.c:702 +#: logsrvd/logsrvd.c:793 msgid "unrecognized ClientMessage type" msgstr "type de ClientMessage non reconnu" -#: logsrvd/logsrvd.c:967 -msgid "client message too large" -msgstr "message client trop grand" - -#: logsrvd/logsrvd.c:1197 logsrvd/logsrvd.c:1205 -#, c-format -msgid "unable to set TLS 1.2 ciphersuite to %s: %s" -msgstr "impossible de sélectionner la suite de chiffrement %s pour TLS 1.2 : %s" - -#: logsrvd/logsrvd.c:1225 logsrvd/logsrvd.c:1233 -#, c-format -msgid "unable to set TLS 1.3 ciphersuite to %s: %s" -msgstr "impossible de sélectionner la suite de chiffrement %s pour TLS 1.3 : %s" - -#: logsrvd/logsrvd.c:1269 +#: logsrvd/logsrvd.c:883 #, c-format -msgid "unable to get TLS server method: %s" -msgstr "impossible d'obtenir la méthode TLS du serveur : %s" +msgid "timed out writing to client %s" +msgstr "délai d'attente expiré durant l'écriture vers le client %s" -#: logsrvd/logsrvd.c:1274 +#: logsrvd/logsrvd.c:888 logsrvd/logsrvd_relay.c:907 logsrvd/sendlog.c:1420 #, c-format -msgid "unable to create TLS context: %s" -msgstr "impossible de créer le contexte TLS : %s" +msgid "missing write buffer for client %s" +msgstr "tampon d'écriture manquant pour le client %s" -#: logsrvd/logsrvd.c:1281 plugins/sudoers/log_client.c:236 +#: logsrvd/logsrvd.c:981 #, c-format -msgid "unable to load certificate %s" -msgstr "impossible de charger le certificat %s" +msgid "timed out reading from client %s" +msgstr "délai d'attente expiré durant la lecture depuis le client %s" -#: logsrvd/logsrvd.c:1294 plugins/sudoers/log_client.c:216 +#: logsrvd/logsrvd.c:1022 logsrvd/logsrvd_relay.c:771 #, c-format -msgid "unable to load certificate authority bundle %s" -msgstr "impossible de charger le paquet de l'autorité du certificat %s" +msgid "EOF from %s without proper TLS shutdown" +msgstr "Fin de fichier reçu de %s sans suivre la procédure d'arrêt TLS" -#: logsrvd/logsrvd.c:1339 plugins/sudoers/log_client.c:249 +#: logsrvd/logsrvd.c:1065 logsrvd/logsrvd_relay.c:200 logsrvd/sendlog.c:317 +#: plugins/sudoers/log_client.c:709 #, c-format -msgid "unable to load private key %s" -msgstr "impossible de charger la clé privée %s" +msgid "client message too large: %zu" +msgstr "message client trop grand : %zu" -#: logsrvd/logsrvd.c:1356 logsrvd/logsrvd.c:1365 -#, c-format -msgid "unable to set diffie-hellman parameters: %s" -msgstr "impossible de définir les paramètres diffie-hellman : %s" +#: logsrvd/logsrvd.c:1066 logsrvd/logsrvd_journal.c:246 +#: logsrvd/logsrvd_journal.c:247 +msgid "client message too large" +msgstr "message client trop grand" -#: logsrvd/logsrvd.c:1378 -#, c-format -msgid "unable to set minimum protocol version to TLS 1.2: %s" -msgstr "impossible de définir TLS 1.2 comme étant la version minimale du protocole : %s" +#: logsrvd/logsrvd.c:1084 logsrvd/logsrvd.c:1085 +msgid "invalid ClientMessage" +msgstr "ClientMessage invalide" -#: logsrvd/logsrvd.c:1563 +#: logsrvd/logsrvd.c:1386 msgid "unable to get remote IP addr" msgstr "impossible d'obtenir l'adresse IP distante" -#: logsrvd/logsrvd.c:1591 plugins/sudoers/log_client.c:263 +#: logsrvd/logsrvd.c:1415 logsrvd/tls_client.c:196 +#: plugins/sudoers/log_client.c:270 #, c-format msgid "Unable to attach user data to the ssl object: %s" msgstr "Impossible d'attacher les données utilisateur à l'objet ssl : %s" -#: logsrvd/logsrvd.c:1599 logsrvd/logsrvd.c:1721 logsrvd/logsrvd.c:1823 -#: logsrvd/sendlog.c:1125 logsrvd/sendlog.c:1481 logsrvd/sendlog.c:1496 -#: logsrvd/sendlog.c:1554 plugins/sudoers/iolog.c:956 -#: plugins/sudoers/iolog.c:1089 plugins/sudoers/iolog.c:1187 -#: plugins/sudoers/log_client.c:109 plugins/sudoers/log_client.c:324 -#: plugins/sudoers/log_client.c:340 plugins/sudoers/log_client.c:386 -#: plugins/sudoers/log_client.c:587 plugins/sudoers/log_client.c:594 -#: plugins/sudoers/log_client.c:1103 plugins/sudoers/log_client.c:1376 -#: plugins/sudoers/log_client.c:1417 plugins/sudoers/log_client.c:1425 -#: plugins/sudoers/log_client.c:1576 plugins/sudoers/log_client.c:1692 -#: plugins/sudoers/log_client.c:2007 plugins/sudoers/log_client.c:2015 -#: plugins/sudoers/sudoreplay.c:512 plugins/sudoers/sudoreplay.c:559 -#: plugins/sudoers/sudoreplay.c:791 plugins/sudoers/sudoreplay.c:903 -#: plugins/sudoers/sudoreplay.c:993 plugins/sudoers/sudoreplay.c:1008 -#: plugins/sudoers/sudoreplay.c:1015 plugins/sudoers/sudoreplay.c:1022 -#: plugins/sudoers/sudoreplay.c:1029 plugins/sudoers/sudoreplay.c:1036 -#: plugins/sudoers/sudoreplay.c:1163 -msgid "unable to add event to queue" -msgstr "impossible d'ajouter l'événement à la queue" - -#: logsrvd/logsrvd.c:1775 logsrvd/logsrvd.c:2011 -msgid "unable setup listen socket" +#: logsrvd/logsrvd.c:1596 logsrvd/logsrvd.c:1949 +msgid "unable to setup listen socket" msgstr "configuration du socket d'écoute impossible" -#: logsrvd/logsrvd.c:1917 logsrvd/sendlog.c:124 +#: logsrvd/logsrvd.c:1713 #, c-format -msgid "" -"%s - send sudo I/O log to remote server\n" -"\n" -msgstr "" -"%s - envoyer le journal des E/S de sudo au serveur distant\n" -"\n" +msgid "unexpected signal %d" +msgstr "signal %d inattendu" -#: logsrvd/logsrvd.c:1920 -msgid "" -"\n" -"Options:\n" -" -f, --file path to configuration file\n" -" -h --help display help message and exit\n" -" -n, --no-fork do not fork, run in the foreground\n" -" -R, --random-drop percent chance connections will drop\n" -" -V, --version display version information and exit\n" -msgstr "" -"\n" -"Options :\n" -" -f, --file chemin vers le fichier de configuration\n" -" -h, --help affiche l'aide puis termine l'exécution\n" -" -n, --no-fork ne pas démarrer une branche, exécuter au premier plan\n" -" -R, --random-drop pourcentage de chances que la connexion soit abandonnée\n" -" -V, --version affiche la version, puis termine l'exécution\n" +#: logsrvd/logsrvd.c:1851 +msgid "sudo log server" +msgstr "serveur de journalisation de sudo" + +#: logsrvd/logsrvd.c:1853 logsrvd/sendlog.c:116 +msgid "Options:" +msgstr "Options :" + +#: logsrvd/logsrvd.c:1855 +msgid "path to configuration file" +msgstr "chemin du fichier de configuration" + +#: logsrvd/logsrvd.c:1857 logsrvd/sendlog.c:118 +msgid "display help message and exit" +msgstr "afficher le message d'aide et quitter" + +#: logsrvd/logsrvd.c:1859 +msgid "do not fork, run in the foreground" +msgstr "ne pas cloner, exécuter à l'avant plan" -#: logsrvd/logsrvd.c:1972 logsrvd/sendlog.c:1719 +#: logsrvd/logsrvd.c:1861 +msgid "percent chance connections will drop" +msgstr "pourcentage de chance que les connections soient abandonnées" + +#: logsrvd/logsrvd.c:1863 logsrvd/sendlog.c:148 +msgid "display version information and exit" +msgstr "afficher l'information de version et quitter" + +#: logsrvd/logsrvd.c:1913 logsrvd/sendlog.c:1725 msgid "Protobuf-C version 1.3 or higher required" msgstr "Version 1.3 ou supérieure de Protobuf-C requise" -#: logsrvd/logsrvd.c:1990 +#: logsrvd/logsrvd.c:1929 #, c-format msgid "invalid random drop value: %s" msgstr "valeur d'abandon aléatoire invalide : %s" -#: logsrvd/logsrvd.c:1994 logsrvd/sendlog.c:1769 -#: plugins/sudoers/cvtsudoers.c:228 plugins/sudoers/sudoreplay.c:299 +#: logsrvd/logsrvd.c:1932 logsrvd/sendlog.c:1779 +#: plugins/sudoers/cvtsudoers.c:246 plugins/sudoers/sudoreplay.c:301 #: plugins/sudoers/visudo.c:177 #, c-format msgid "%s version %s\n" msgstr "%s version %s\n" -#: logsrvd/logsrvd_conf.c:331 +#: logsrvd/logsrvd_conf.c:390 plugins/sudoers/check.c:336 +#: plugins/sudoers/exptilde.c:85 plugins/sudoers/iolog.c:118 +#: plugins/sudoers/policy.c:1214 plugins/sudoers/sudoers.c:486 +#: plugins/sudoers/sudoers.c:1347 plugins/sudoers/testsudoers.c:215 +#: plugins/sudoers/testsudoers.c:382 +#, c-format +msgid "unknown user %s" +msgstr "utilisateur %s inconnu" + +#: logsrvd/logsrvd_conf.c:407 plugins/sudoers/iolog.c:143 +#: plugins/sudoers/sudoers.c:491 plugins/sudoers/sudoers.c:1381 +#: plugins/sudoers/testsudoers.c:406 +#, c-format +msgid "unknown group %s" +msgstr "groupe %s inconnu" + +#: logsrvd/logsrvd_conf.c:425 +#, c-format +msgid "unable to parse iolog mode %s" +msgstr "impossible d'analyser le mode iolog %s" + +#: logsrvd/logsrvd_conf.c:442 logsrvd/logsrvd_conf.c:1171 +#, c-format +msgid "invalid value for %s: %s" +msgstr "valeur invalide pour %s : %s" + +#: logsrvd/logsrvd_conf.c:481 msgid "TLS not supported" msgstr "TLS non supporté" -#: logsrvd/logsrvd_conf.c:343 +#: logsrvd/logsrvd_conf.c:503 #, c-format msgid "%s:%s" msgstr "%s:%s" -#: logsrvd/logsrvd_conf.c:409 logsrvd/logsrvd_conf.c:653 +#: logsrvd/logsrvd_conf.c:576 logsrvd/logsrvd_conf.c:970 #, c-format msgid "%s: not a fully qualified path" msgstr "%s  n'est pas un chemin totalement défini" -#: logsrvd/logsrvd_conf.c:767 +#: logsrvd/logsrvd_conf.c:888 logsrvd/logsrvd_conf.c:904 +#: logsrvd/logsrvd_conf.c:1586 +#, c-format +msgid "unknown syslog facility %s" +msgstr "catégorie syslog %s inconnue" + +#: logsrvd/logsrvd_conf.c:920 logsrvd/logsrvd_conf.c:936 +#: logsrvd/logsrvd_conf.c:952 logsrvd/logsrvd_conf.c:1590 +#: logsrvd/logsrvd_conf.c:1594 logsrvd/logsrvd_conf.c:1598 +#, c-format +msgid "unknown syslog priority %s" +msgstr "priorité syslog %s inconnue" + +#: logsrvd/logsrvd_conf.c:1132 #, c-format msgid "%s:%d unmatched '[': %s" msgstr "%s:%d « [ » sans correspondant : %s" -#: logsrvd/logsrvd_conf.c:778 +#: logsrvd/logsrvd_conf.c:1143 #, c-format msgid "%s:%d invalid config section: %s" msgstr "%s:%d section de configuration invalide : %s" -#: logsrvd/logsrvd_conf.c:786 +#: logsrvd/logsrvd_conf.c:1151 #, c-format msgid "%s:%d invalid configuration line: %s" msgstr "%s:%d ligne de configuration invalide : %s" -#: logsrvd/logsrvd_conf.c:792 +#: logsrvd/logsrvd_conf.c:1157 #, c-format msgid "%s:%d expected section name: %s" msgstr "%s:%d nom de section attendu : %s" -#: logsrvd/logsrvd_conf.c:806 +#: logsrvd/logsrvd_conf.c:1179 #, c-format -msgid "invalid value for %s: %s" -msgstr "valeur invalide pour %s : %s" +msgid "%s:%d [%s] illegal key: %s" +msgstr "%s:%d [%s] clé illégale : %s" -#: logsrvd/logsrvd_conf.c:814 +#: logsrvd/logsrvd_conf.c:1209 plugins/sudoers/cvtsudoers.c:268 +#: plugins/sudoers/logging.c:856 #, c-format -msgid "%s:%d unknown key: %s" -msgstr "%s:%d clé inconnue : %s" +msgid "unable to open log file %s" +msgstr "ouverture du fichier de journalisation %s impossible" + +#: logsrvd/logsrvd_conf.c:1666 +msgid "unable to initialize server TLS context" +msgstr "impossible d'initialiser le contexte TLS du serveur : %s" -#: logsrvd/logsrvd_conf.c:1003 +#: logsrvd/logsrvd_conf.c:1686 +msgid "unable to initialize relay TLS context" +msgstr "impossible d'initialiser le contexte TLS du relai : %s" + +#: logsrvd/logsrvd_journal.c:136 logsrvd/logsrvd_journal.c:416 +#: logsrvd/logsrvd_journal.c:421 +msgid "unable to create journal file" +msgstr "impossible de créer le fichier de journalisation" + +#: logsrvd/logsrvd_journal.c:140 logsrvd/logsrvd_queue.c:104 +#: plugins/sudoers/visudo.c:1007 #, c-format -msgid "unknown syslog facility %s" -msgstr "catégorie syslog %s inconnue" +msgid "unable to lock %s" +msgstr "impossible de verrouiller %s" -#: logsrvd/logsrvd_conf.c:1007 logsrvd/logsrvd_conf.c:1011 -#: logsrvd/logsrvd_conf.c:1015 +#: logsrvd/logsrvd_journal.c:143 +msgid "unable to lock journal file" +msgstr "verrouillage du fichier de journalisation impossible : %s" + +#: logsrvd/logsrvd_journal.c:151 +msgid "unable to open journal file" +msgstr "impossible d'ouvrir le fichier de journalisation" + +#: logsrvd/logsrvd_journal.c:172 logsrvd/logsrvd_journal.c:452 +#: logsrvd/logsrvd_journal.c:457 +msgid "unable to write journal file" +msgstr "impossible d'écrire le fichier de journalisation" + +#: logsrvd/logsrvd_journal.c:180 logsrvd/logsrvd_journal.c:187 +msgid "unable to rename journal file" +msgstr "impossible de renommer le fichier de journalisation" + +#: logsrvd/logsrvd_journal.c:234 logsrvd/logsrvd_journal.c:235 +#: logsrvd/logsrvd_journal.c:269 logsrvd/logsrvd_journal.c:270 +msgid "unexpected EOF reading journal file" +msgstr "fin de fichier inattendue en lisant le fichier de journalisation" + +#: logsrvd/logsrvd_journal.c:238 logsrvd/logsrvd_journal.c:239 +#: logsrvd/logsrvd_journal.c:273 logsrvd/logsrvd_journal.c:274 +msgid "error reading journal file" +msgstr "erreur de lecture dans le fichier de journalisation" + +#: logsrvd/logsrvd_journal.c:285 logsrvd/logsrvd_journal.c:376 +msgid "invalid journal file, unable to restart" +msgstr "fichier de journalisation invalide, impossible de redémarrer" + +#: logsrvd/logsrvd_journal.c:435 #, c-format -msgid "unknown syslog priority %s" -msgstr "priorité syslog %s inconnue" +msgid "unable to seek to [%lld, %ld] in journal file %s" +msgstr "impossible de déplacer le pointeur vers [%lld, %ld] dans le fichier de journalisation %s" -#: logsrvd/sendlog.c:127 -msgid "" -"\n" -"Options:\n" -" --help display help message and exit\n" -" -A, --accept only send an accept event (no I/O)\n" -" -h, --host host to send logs to\n" -" -i, --iolog_id remote ID of I/O log to be resumed\n" -" -p, --port port to use when connecting to host\n" -" -r, --restart restart previous I/O log transfer\n" -" -R, --reject reject the command with the given reason\n" -" -b, --ca-bundle certificate bundle file to verify server's cert against\n" -" -c, --cert certificate file for TLS handshake\n" -" -k, --key private key file\n" -" -n, --no-verify do not verify server certificate\n" -" -t, --test test audit server by sending selected I/O log n times in parallel\n" -" -V, --version display version information and exit\n" -msgstr "" -"\n" -"Options :\n" -" --help afficher le message d'aide puis terminer\n" -" -A, --accept n'envoyer qu'un événement d'acceptation (pas d'E/S)\n" -" -h, --host hôte à qui envoyer le journal\n" -" -i, --iolog_id ID distant du journal des E/S à redémarrer\n" -" -p, --port port à utiliser lors de la connexion à l'hôte\n" -" -r, --restart redémarrer le transfert du journal des E/S précédent\n" -" -R, --reject rejeter la commande avec la raison donnée\n" -" -b, --ca-bundle fichier du paquet de certificats avec lequel vérifier le certificat du serveur\n" -" -c, --cert fichier de certificat pour l'échange TLS\n" -" -k, --key fichier de la clé privée\n" -" -n, --no-verify ne pas vérifier le certificat du serveur\n" -" -t, --test tester le serveur d'audit en envoyant le journal des E/S sélectionné n fois en parallèle\n" -" -V, --version afficher les informations de version et terminer\n" +#: logsrvd/logsrvd_local.c:153 +msgid "error parsing AcceptMessage" +msgstr "erreur de l'analyse de AcceptMessage" + +#: logsrvd/logsrvd_local.c:164 +msgid "error creating I/O log" +msgstr "erreur lors de la création du journal des E/S" + +#: logsrvd/logsrvd_local.c:187 +msgid "error logging accept event" +msgstr "erreur en écrivant l'événement d'acceptation dans le journal" -#: logsrvd/sendlog.c:164 plugins/sudoers/log_client.c:432 +#: logsrvd/logsrvd_local.c:226 +msgid "error parsing RejectMessage" +msgstr "erreur de l'analyse de RejectMessage" + +#: logsrvd/logsrvd_local.c:250 +msgid "error logging reject event" +msgstr "erreur en écrivant l'événement de rejet dans le journal" + +#: logsrvd/logsrvd_local.c:386 logsrvd/logsrvd_local.c:394 +msgid "error logging exit event" +msgstr "erreur lors de l'écriture de l'événement de sortie dans le journal" + +#: logsrvd/logsrvd_local.c:451 logsrvd/logsrvd_local.c:452 +msgid "log is already complete, cannot be restarted" +msgstr "l'enregistrement du journal est déjà terminé, impossible de redémarrer" + +#: logsrvd/logsrvd_local.c:482 +msgid "unable to restart log" +msgstr "impossible de redémarrer l'enregistrement du journal" + +#: logsrvd/logsrvd_local.c:498 +msgid "error parsing AlertMessage" +msgstr "erreur de l'analyse de AlertMessage" + +#: logsrvd/logsrvd_local.c:508 +msgid "error logging alert event" +msgstr "erreur lors de l'écriture de l'événement d'alerte dans le journal" + +#: logsrvd/logsrvd_local.c:543 logsrvd/logsrvd_local.c:596 +#: logsrvd/logsrvd_local.c:631 +#, c-format +msgid "unable to format timing buffer, length %d" +msgstr "impossible de formater le tampon de minutage, longueur %d" + +#: logsrvd/logsrvd_local.c:550 logsrvd/logsrvd_local.c:558 +#: logsrvd/logsrvd_local.c:603 logsrvd/logsrvd_local.c:638 +#: plugins/sudoers/sudoreplay.c:351 +#, c-format +msgid "%s/%s: %s" +msgstr "%s/%s : %s" + +#: logsrvd/logsrvd_local.c:578 +msgid "error writing IoBuffer" +msgstr "erreur d'écriture dans IoBuffer" + +#: logsrvd/logsrvd_local.c:613 +msgid "error writing ChangeWindowSize" +msgstr "erreur de l'écriture de ChangeWindowSize" + +#: logsrvd/logsrvd_local.c:648 +msgid "error writing CommandSuspend" +msgstr "erreur de l'écriture de CommandSuspend" + +#: logsrvd/logsrvd_relay.c:430 +msgid "TLS handshake with relay host failed" +msgstr "la négociation TLS avec l'hôte relai a échouée" + +#: logsrvd/logsrvd_relay.c:458 +msgid "unable to connect to relay host" +msgstr "impossible de se connecter à l'hôte relai" + +#: logsrvd/logsrvd_relay.c:513 +#, c-format +msgid "%s: invalid ServerHello, missing server_id" +msgstr "%s : ServerHello invalide, le server_id manque" + +#: logsrvd/logsrvd_relay.c:515 logsrvd/sendlog.c:1121 +#: plugins/sudoers/log_client.c:1497 +msgid "invalid ServerHello" +msgstr "ServerHello invalide" + +#: logsrvd/logsrvd_relay.c:674 +msgid "unrecognized ServerMessage type" +msgstr "type de ServerMessage non reconnu" + +#: logsrvd/logsrvd_relay.c:703 +#, c-format +msgid "timed out reading from relay %s (%s)" +msgstr "délai d'attente expiré durant la lecture depuis le relai %s (%s)" + +#: logsrvd/logsrvd_relay.c:705 +msgid "timeout reading from relay" +msgstr "délai d'attente expiré durant la lecture depuis le relai" + +#: logsrvd/logsrvd_relay.c:757 +msgid "relay host name does not match certificate" +msgstr "le nom de l'hôte relai ne correspond pas au certificat" + +#: logsrvd/logsrvd_relay.c:763 logsrvd/logsrvd_relay.c:776 +#: logsrvd/logsrvd_relay.c:782 +msgid "error reading from relay" +msgstr "erreur de lecture depuis le relai" + +#: logsrvd/logsrvd_relay.c:803 +msgid "unable to read from relay" +msgstr "impossible de lire depuis le relai" + +#: logsrvd/logsrvd_relay.c:818 logsrvd/logsrvd_relay.c:936 +msgid "relay server closed connection" +msgstr "le serveur relai a fermé la connexion" + +#: logsrvd/logsrvd_relay.c:836 +msgid "server message too large" +msgstr "message serveur trop grand" + +#: logsrvd/logsrvd_relay.c:900 +#, c-format +msgid "timed out writing to relay %s (%s)" +msgstr "délai d'attente expiré durant l'écriture vers le relai %s (%s)" + +#: logsrvd/logsrvd_relay.c:902 +msgid "timeout writing to relay" +msgstr "délai d'attente expiré durant l'écriture vers le relai" + +#: logsrvd/logsrvd_relay.c:955 logsrvd/logsrvd_relay.c:961 +#: logsrvd/logsrvd_relay.c:971 +msgid "error writing to relay" +msgstr "erreur d'écriture dans le relai" + +#: logsrvd/sendlog.c:114 +msgid "send sudo I/O log to remote server" +msgstr "envoyer le journal des E/S de sudo au serveur distant" + +#: logsrvd/sendlog.c:120 +msgid "only send an accept event (no I/O)" +msgstr "uniquement envoyer un événement d'acceptation (pas d'E/S)" + +#: logsrvd/sendlog.c:123 +msgid "certificate bundle file to verify server's cert against" +msgstr "fichier de trousseau de certificats pour vérifier le certificat du serveur" + +#: logsrvd/sendlog.c:125 +msgid "certificate file for TLS handshake" +msgstr "fichier de certificat pour la négociation TLS" + +#: logsrvd/sendlog.c:128 +msgid "host to send logs to" +msgstr "hôte auquel envoyer les journaux" + +#: logsrvd/sendlog.c:130 +msgid "remote ID of I/O log to be resumed" +msgstr "ID distant du journal des E/S à compléter" + +#: logsrvd/sendlog.c:133 +msgid "private key file" +msgstr "fichier de clé privée" + +#: logsrvd/sendlog.c:135 +msgid "do not verify server certificate" +msgstr "ne pas vérifier le certificat du serveur" + +#: logsrvd/sendlog.c:138 +msgid "port to use when connecting to host" +msgstr "port à utiliser lors de la connexion à l'hôte" + +#: logsrvd/sendlog.c:140 +msgid "restart previous I/O log transfer" +msgstr "redémarrer le transfert de journaux E/S précédent" + +#: logsrvd/sendlog.c:142 +msgid "reject the command with the given reason" +msgstr "rejeter la commande avec la raison fournie" + +#: logsrvd/sendlog.c:144 +msgid "stop transfer after reaching this time" +msgstr "arrêter le transfert après avoir atteint ce temps" + +#: logsrvd/sendlog.c:146 +msgid "test audit server by sending selected I/O log n times in parallel" +msgstr "tester le serveur d'audit en envoyant le journal des E/S sélectionné n fois en parallèle" + +#: logsrvd/sendlog.c:171 plugins/sudoers/log_client.c:441 #, c-format msgid "unable to look up %s:%s: %s" msgstr "impossible de rechercher %s:%s : %s" -#: logsrvd/sendlog.c:202 +#: logsrvd/sendlog.c:209 msgid "unable to get server IP addr" msgstr "impossible d'obtenir l'adresse IP du serveur" -#: logsrvd/sendlog.c:256 plugins/sudoers/sudoreplay.c:851 +#: logsrvd/sendlog.c:295 plugins/sudoers/sudoreplay.c:871 #, c-format msgid "unable to read %s/%s: %s" msgstr "impossible de lire %s/%s : %s" -#: logsrvd/sendlog.c:277 plugins/sudoers/log_client.c:694 -#, c-format -msgid "client message too large: %zu" -msgstr "message client trop grand : %zu" - -#: logsrvd/sendlog.c:810 -#, c-format -msgid "%s: write buffer already in use" -msgstr "%s: tampon d'écriture déjà en cours d'utilisation" - -#: logsrvd/sendlog.c:862 plugins/sudoers/iolog.c:880 -#: plugins/sudoers/iolog.c:949 +#: logsrvd/sendlog.c:1045 plugins/sudoers/iolog.c:887 +#: plugins/sudoers/iolog.c:956 #, c-format msgid "unexpected I/O event %d" msgstr "événement d'E/S %d inattendu" -#: logsrvd/sendlog.c:908 logsrvd/sendlog.c:925 logsrvd/sendlog.c:959 -#: plugins/sudoers/log_client.c:1118 plugins/sudoers/log_client.c:1386 -#: plugins/sudoers/log_client.c:1454 plugins/sudoers/log_client.c:1490 +#: logsrvd/sendlog.c:1098 logsrvd/sendlog.c:1115 logsrvd/sendlog.c:1149 +#: plugins/sudoers/log_client.c:1146 plugins/sudoers/log_client.c:1423 +#: plugins/sudoers/log_client.c:1491 plugins/sudoers/log_client.c:1530 #, c-format msgid "%s: unexpected state %d" msgstr "%s: état %d inattendu" -#: logsrvd/sendlog.c:931 plugins/sudoers/log_client.c:1460 -msgid "invalid ServerHello" -msgstr "ServerHello invalide" - -#: logsrvd/sendlog.c:995 plugins/sudoers/log_client.c:1534 +#: logsrvd/sendlog.c:1185 plugins/sudoers/log_client.c:1576 #, c-format msgid "error message received from server: %s" msgstr "message d'erreur reçu du serveur : %s" -#: logsrvd/sendlog.c:1008 plugins/sudoers/log_client.c:1547 +#: logsrvd/sendlog.c:1198 plugins/sudoers/log_client.c:1589 #, c-format msgid "abort message received from server: %s" msgstr "message d'interruption reçu du serveur : %s" -#: logsrvd/sendlog.c:1027 plugins/sudoers/log_client.c:1566 -msgid "unable to unpack ServerMessage" -msgstr "impossible de décompresser ServerMessage" - -#: logsrvd/sendlog.c:1067 plugins/sudoers/log_client.c:1597 +#: logsrvd/sendlog.c:1257 plugins/sudoers/log_client.c:1639 #, c-format msgid "%s: unexpected type_case value %d" msgstr "%s: valeur type_case %d inattendue" -#: logsrvd/sendlog.c:1096 +#: logsrvd/sendlog.c:1286 msgid "timeout reading from server" msgstr "délai d'attente expiré durant la lecture depuis le serveur" -#: logsrvd/sendlog.c:1174 +#: logsrvd/sendlog.c:1368 msgid "premature EOF" msgstr "fin de fichier prématurée" -#: logsrvd/sendlog.c:1187 plugins/sudoers/log_client.c:1751 +#: logsrvd/sendlog.c:1381 plugins/sudoers/log_client.c:1800 #, c-format msgid "server message too large: %u" msgstr "message serveur trop grand : %u" -#: logsrvd/sendlog.c:1238 +#: logsrvd/sendlog.c:1437 msgid "timeout writing to server" msgstr "délai d'attente expiré durant l'écriture vers le serveur" -#: logsrvd/sendlog.c:1457 plugins/sudoers/log_client.c:296 +#: logsrvd/sendlog.c:1802 +msgid "both restart point and iolog ID must be specified" +msgstr "le point de redémarrage et le ID iolog doivent être spécifiés tous les deux" + +#: logsrvd/sendlog.c:1806 +msgid "a restart point may not be set when no I/O is sent" +msgstr "un point de redémarrage ne peut pas être placé quand aucune E/S est envoyée" + +#: logsrvd/sendlog.c:1882 +#, c-format +msgid "exited prematurely with state %d" +msgstr "terminé prématurément avec l'état %d" + +#: logsrvd/sendlog.c:1883 +#, c-format +msgid "elapsed time sent to server [%lld, %ld]" +msgstr "temps écoulé envoyé au serveur [%lld, %ld]" + +#: logsrvd/sendlog.c:1885 +#, c-format +msgid "commit point received from server [%lld, %ld]" +msgstr "point d'enregistrement reçu du serveur [%lld, %ld]" + +#: logsrvd/tls_client.c:106 plugins/sudoers/log_client.c:304 msgid "TLS handshake timeout occurred" msgstr "le délai de la négociation TLS a expiré" -#: logsrvd/sendlog.c:1476 logsrvd/sendlog.c:1491 -#: plugins/sudoers/log_client.c:318 plugins/sudoers/log_client.c:334 +#: logsrvd/tls_client.c:126 logsrvd/tls_client.c:142 +#: plugins/sudoers/log_client.c:326 plugins/sudoers/log_client.c:342 msgid "unable to set event" msgstr "impossible de définir l'événement" -#: logsrvd/sendlog.c:1501 logsrvd/sendlog.c:1505 +#: logsrvd/tls_client.c:152 logsrvd/tls_client.c:156 #, c-format msgid "TLS connection failed: %s" msgstr "la communication TLS a échoué : %s" -#: logsrvd/sendlog.c:1538 -#, c-format -msgid "Unable to initialize ssl context: %s" -msgstr "Impossible d'initialiser le contexte ssl : %s" - -#: logsrvd/sendlog.c:1543 plugins/sudoers/log_client.c:258 +#: logsrvd/tls_client.c:190 #, c-format -msgid "Unable to allocate ssl object: %s" -msgstr "Impossible d'allouer l'objet ssl : %s" +msgid "unable to allocate ssl object: %s" +msgstr "impossible d'allouer l'objet ssl : %s" -#: logsrvd/sendlog.c:1548 +#: logsrvd/tls_client.c:203 #, c-format msgid "Unable to attach socket to the ssl object: %s" msgstr "Impossible d'attacher le socket à l'objet ssl : %s" -#: logsrvd/sendlog.c:1792 -msgid "both restart point and iolog ID must be specified" -msgstr "le point de redémarrage et le ID iolog doivent être spécifiés tous les deux" +#: logsrvd/tls_client.c:231 +msgid "unable to initialize TLS context" +msgstr "impossible d'initialiser le contexte TLS" -#: logsrvd/sendlog.c:1796 -msgid "a restart point may not be set when no I/O is sent" -msgstr "un point de redémarrage ne peut pas être placé quand aucune E/S est envoyée" +#: logsrvd/tls_init.c:127 logsrvd/tls_init.c:135 +#, c-format +msgid "unable to set TLS 1.2 ciphersuite to %s: %s" +msgstr "impossible de sélectionner la suite de chiffrement %s pour TLS 1.2 : %s" -#: logsrvd/sendlog.c:1871 +#: logsrvd/tls_init.c:155 logsrvd/tls_init.c:163 #, c-format -msgid "exited prematurely with state %d" -msgstr "terminé prématurément avec l'état %d" +msgid "unable to set TLS 1.3 ciphersuite to %s: %s" +msgstr "impossible de sélectionner la suite de chiffrement %s pour TLS 1.3 : %s" -#: logsrvd/sendlog.c:1872 +#: logsrvd/tls_init.c:195 logsrvd/tls_init.c:216 #, c-format -msgid "elapsed time sent to server [%lld, %ld]" -msgstr "temps écoulé envoyé au serveur [%lld, %ld]" +msgid "unable to set diffie-hellman parameters: %s" +msgstr "impossible de définir les paramètres diffie-hellman : %s" -#: logsrvd/sendlog.c:1874 +#: logsrvd/tls_init.c:272 #, c-format -msgid "commit point received from server [%lld, %ld]" -msgstr "point d'enregistrement reçu du serveur [%lld, %ld]" +msgid "unable to create TLS context: %s" +msgstr "impossible de créer le contexte TLS : %s" -#: plugins/sudoers/alias.c:148 +#: logsrvd/tls_init.c:278 #, c-format -msgid "Alias \"%s\" already defined" -msgstr "L'alias « %s » est déjà défini" +msgid "unable to set minimum protocol version to TLS 1.2: %s" +msgstr "impossible de définir TLS 1.2 comme étant la version minimale du protocole : %s" -#: plugins/sudoers/audit.c:206 plugins/sudoers/audit.c:343 -#: plugins/sudoers/log_client.c:954 plugins/sudoers/log_client.c:1002 -#: plugins/sudoers/log_client.c:1050 plugins/sudoers/log_client.c:1175 -#: plugins/sudoers/logging.c:548 plugins/sudoers/policy.c:114 +#: plugins/sudoers/audit.c:267 plugins/sudoers/audit.c:419 +#: plugins/sudoers/log_client.c:979 plugins/sudoers/log_client.c:1028 +#: plugins/sudoers/log_client.c:1077 plugins/sudoers/log_client.c:1203 +#: plugins/sudoers/logging.c:551 plugins/sudoers/logging.c:648 +#: plugins/sudoers/logging.c:810 plugins/sudoers/policy.c:123 msgid "unable to get time of day" msgstr "récupération de l'heure du jour impossible" @@ -912,45 +1342,45 @@ msgid "unable to change password for %s" msgstr "changement du mot de passe impossible pour %s" -#: plugins/sudoers/auth/bsdauth.c:70 +#: plugins/sudoers/auth/bsdauth.c:74 #, c-format msgid "unable to get login class for user %s" msgstr "récupération de la classe de connexion impossible pour l'utilisateur %s" -#: plugins/sudoers/auth/bsdauth.c:75 +#: plugins/sudoers/auth/bsdauth.c:79 msgid "unable to begin bsd authentication" msgstr "démarrage de l'authentification bsd impossible" -#: plugins/sudoers/auth/bsdauth.c:83 +#: plugins/sudoers/auth/bsdauth.c:87 msgid "invalid authentication type" msgstr "type d'authentification non valide" -#: plugins/sudoers/auth/bsdauth.c:92 +#: plugins/sudoers/auth/bsdauth.c:96 msgid "unable to initialize BSD authentication" msgstr "démarrage de l'authentification BSD impossible" -#: plugins/sudoers/auth/bsdauth.c:179 +#: plugins/sudoers/auth/bsdauth.c:183 msgid "your account has expired" msgstr "votre compte est expiré" -#: plugins/sudoers/auth/bsdauth.c:181 +#: plugins/sudoers/auth/bsdauth.c:185 msgid "approval failed" msgstr "échec de l'approbation" -#: plugins/sudoers/auth/fwtk.c:54 +#: plugins/sudoers/auth/fwtk.c:58 msgid "unable to read fwtk config" msgstr "lecture de la configuration fwtk (firewall) impossible" -#: plugins/sudoers/auth/fwtk.c:59 +#: plugins/sudoers/auth/fwtk.c:63 msgid "unable to connect to authentication server" msgstr "connexion au serveur d'authentification impossible" -#: plugins/sudoers/auth/fwtk.c:65 plugins/sudoers/auth/fwtk.c:89 -#: plugins/sudoers/auth/fwtk.c:121 +#: plugins/sudoers/auth/fwtk.c:69 plugins/sudoers/auth/fwtk.c:94 +#: plugins/sudoers/auth/fwtk.c:126 msgid "lost connection to authentication server" msgstr "perte de la connexion au serveur d'authentification" -#: plugins/sudoers/auth/fwtk.c:69 +#: plugins/sudoers/auth/fwtk.c:73 #, c-format msgid "" "authentication server error:\n" @@ -964,83 +1394,83 @@ msgid "%s: unable to convert principal to string ('%s'): %s" msgstr "%s : conversion de l'identité de l'hôte en chaîne de caractères impossible(« %s ») : %s" -#: plugins/sudoers/auth/kerb5.c:160 +#: plugins/sudoers/auth/kerb5.c:162 #, c-format msgid "%s: unable to parse '%s': %s" msgstr "%s : analyse grammaticale (parse) de « %s » impossible : %s" -#: plugins/sudoers/auth/kerb5.c:169 +#: plugins/sudoers/auth/kerb5.c:171 #, c-format msgid "%s: unable to resolve credential cache: %s" msgstr "%s : accès au cache des données d'identification impossible : %s" -#: plugins/sudoers/auth/kerb5.c:216 +#: plugins/sudoers/auth/kerb5.c:220 #, c-format msgid "%s: unable to allocate options: %s" msgstr "%s : allocation des options impossible : %s" -#: plugins/sudoers/auth/kerb5.c:231 +#: plugins/sudoers/auth/kerb5.c:235 #, c-format msgid "%s: unable to get credentials: %s" msgstr "%s : récupération des données d'identification impossible : %s" -#: plugins/sudoers/auth/kerb5.c:244 +#: plugins/sudoers/auth/kerb5.c:248 #, c-format msgid "%s: unable to initialize credential cache: %s" msgstr "%s : initialisation du cache des données d'identification impossible : %s" -#: plugins/sudoers/auth/kerb5.c:247 +#: plugins/sudoers/auth/kerb5.c:251 #, c-format msgid "%s: unable to store credential in cache: %s" msgstr "%s : enregistrement des données d'identification dans le cache impossible : %s" -#: plugins/sudoers/auth/kerb5.c:311 +#: plugins/sudoers/auth/kerb5.c:315 #, c-format msgid "%s: unable to get host principal: %s" msgstr "%s : récupération de l'identité kerberos de l'hôte (« host principal ») impossible : %s" -#: plugins/sudoers/auth/kerb5.c:325 +#: plugins/sudoers/auth/kerb5.c:329 #, c-format msgid "%s: Cannot verify TGT! Possible attack!: %s" msgstr "%s : vérification du ticket TGT impossible ! Il s'agit peut-être d'une attaque ! : %s" -#: plugins/sudoers/auth/pam.c:218 +#: plugins/sudoers/auth/pam.c:216 #, c-format msgid "unable to initialize PAM: %s" msgstr "initialisation du module PAM impossible : %s" -#: plugins/sudoers/auth/pam.c:317 +#: plugins/sudoers/auth/pam.c:338 #, c-format msgid "PAM authentication error: %s" msgstr "Erreur du serveur d'authentification PAM : %s" -#: plugins/sudoers/auth/pam.c:336 +#: plugins/sudoers/auth/pam.c:357 msgid "account validation failure, is your account locked?" msgstr "la validation du compte a échoué, votre compte serait-il verrouillé ?" -#: plugins/sudoers/auth/pam.c:347 +#: plugins/sudoers/auth/pam.c:368 msgid "Account or password is expired, reset your password and try again" msgstr "Le compte ou le mot de passe a expiré, réinitialisez votre mot de passe puis réessayez de vous connecter" -#: plugins/sudoers/auth/pam.c:353 +#: plugins/sudoers/auth/pam.c:374 #, c-format msgid "unable to change expired password: %s" msgstr "changement du mot de passe expiré impossible : %s" -#: plugins/sudoers/auth/pam.c:364 +#: plugins/sudoers/auth/pam.c:385 msgid "Password expired, contact your system administrator" msgstr "Le mot de passe a expiré, contactez votre administrateur système" -#: plugins/sudoers/auth/pam.c:369 +#: plugins/sudoers/auth/pam.c:390 msgid "Account expired or PAM config lacks an \"account\" section for sudo, contact your system administrator" msgstr "Le compte a expiré, ou la section « account » du module PAM n'est pas renseignée pour sudo, contactez votre administrateur système" -#: plugins/sudoers/auth/pam.c:377 plugins/sudoers/auth/pam.c:382 +#: plugins/sudoers/auth/pam.c:398 plugins/sudoers/auth/pam.c:403 #, c-format msgid "PAM account management error: %s" msgstr "Erreur de gestion du compte PAM : %s" -#: plugins/sudoers/auth/rfc1938.c:99 plugins/sudoers/visudo.c:243 +#: plugins/sudoers/auth/rfc1938.c:99 plugins/sudoers/visudo.c:255 #, c-format msgid "you do not exist in the %s database" msgstr "votre compte n'existe pas dans la base de données %s" @@ -1049,31 +1479,31 @@ msgid "failed to initialise the ACE API library" msgstr "échec de l'initialisation de la bibliothèque d'API ACE" -#: plugins/sudoers/auth/securid5.c:98 +#: plugins/sudoers/auth/securid5.c:103 msgid "unable to contact the SecurID server" msgstr "le contact avec le serveur SecurID n'a pas pu être établi" -#: plugins/sudoers/auth/securid5.c:107 +#: plugins/sudoers/auth/securid5.c:112 msgid "User ID locked for SecurID Authentication" msgstr "l'identifiant de l'utilisateur est verrouillé pour l'authentification SecurID" -#: plugins/sudoers/auth/securid5.c:111 plugins/sudoers/auth/securid5.c:162 +#: plugins/sudoers/auth/securid5.c:116 plugins/sudoers/auth/securid5.c:167 msgid "invalid username length for SecurID" msgstr "la longueur du nom de l'utilisateur n'est pas conforme aux règles fixées pour SecurID" -#: plugins/sudoers/auth/securid5.c:115 plugins/sudoers/auth/securid5.c:167 +#: plugins/sudoers/auth/securid5.c:120 plugins/sudoers/auth/securid5.c:172 msgid "invalid Authentication Handle for SecurID" msgstr "l'identifiant d'authentification (« Authentication Handle ») est invalide pour SecurID" -#: plugins/sudoers/auth/securid5.c:119 +#: plugins/sudoers/auth/securid5.c:124 msgid "SecurID communication failed" msgstr "la communication avec SecurID a échoué" -#: plugins/sudoers/auth/securid5.c:123 plugins/sudoers/auth/securid5.c:210 +#: plugins/sudoers/auth/securid5.c:128 plugins/sudoers/auth/securid5.c:215 msgid "unknown SecurID error" msgstr "erreur SecurID non identifiée" -#: plugins/sudoers/auth/securid5.c:157 +#: plugins/sudoers/auth/securid5.c:162 msgid "invalid passcode length for SecurID" msgstr "la longueur du mot de passe est invalide pour SecurID" @@ -1113,7 +1543,17 @@ msgid "unable to commit audit record" msgstr "impossible d'enregistrer l'enregistrement d'audit" -#: plugins/sudoers/check.c:258 +#: plugins/sudoers/check.c:264 +#, c-format +msgid "error reading lecture file %s" +msgstr "erreur de lecture dans le fichier des recommandations d'usage : %s" + +#: plugins/sudoers/check.c:270 +#, c-format +msgid "ignoring lecture file %s: not a regular file" +msgstr "le fichier des recommandations d'usage %s est ignoré : il n'est pas un fichier ordinaire" + +#: plugins/sudoers/check.c:283 msgid "" "\n" "We trust you have received the usual lecture from the local System\n" @@ -1133,118 +1573,122 @@ " #3) De grands pouvoirs confèrent de grandes responsabilités.\n" "\n" -#: plugins/sudoers/check.c:301 plugins/sudoers/check.c:311 -#: plugins/sudoers/sudoers.c:837 plugins/sudoers/sudoers.c:858 +#: plugins/sudoers/check.c:331 plugins/sudoers/check.c:341 +#: plugins/sudoers/sudoers.c:885 plugins/sudoers/sudoers.c:906 #: plugins/sudoers/tsdump.c:119 #, c-format -msgid "unknown uid: %u" -msgstr "identifiant utilisateur inconnu : %u" +msgid "unknown uid %u" +msgstr "identifiant utilisateur %u inconnu" + +#: plugins/sudoers/check_aliases.c:92 +#, c-format +msgid "Error: %s:%d:%d: cycle in %s \"%s\"" +msgstr "Erreur : %s:%d:%d: boucle dans %s « %s »" + +#: plugins/sudoers/check_aliases.c:93 +#, c-format +msgid "Warning: %s:%d:%d: cycle in %s \"%s\"" +msgstr "Attention : %s:%d:%d: boucle dans %s « %s »" + +#: plugins/sudoers/check_aliases.c:97 +#, c-format +msgid "Error: %s:%d:%d: %s \"%s\" referenced but not defined" +msgstr "Erreur : %s:%d:%d: il est fait mention de %s « %s » alors qu'il n'a pas été défini" -#: plugins/sudoers/check.c:306 plugins/sudoers/exptilde.c:85 -#: plugins/sudoers/iolog.c:118 plugins/sudoers/policy.c:1088 -#: plugins/sudoers/sudoers.c:440 plugins/sudoers/sudoers.c:1307 -#: plugins/sudoers/testsudoers.c:219 plugins/sudoers/testsudoers.c:386 +#: plugins/sudoers/check_aliases.c:98 #, c-format -msgid "unknown user: %s" -msgstr "utilisateur inconnu : %s" +msgid "Warning: %s:%d:%d: %s \"%s\" referenced but not defined" +msgstr "Attention : %s:%d:%d: il est fait mention de %s « %s » alors qu'il n'a pas été défini" -#: plugins/sudoers/cvtsudoers.c:194 +#: plugins/sudoers/cvtsudoers.c:209 #, c-format msgid "order increment: %s: %s" msgstr "incrément d'ordre : %s : %s" -#: plugins/sudoers/cvtsudoers.c:210 +#: plugins/sudoers/cvtsudoers.c:228 #, c-format msgid "starting order: %s: %s" msgstr "ordre de départ : %s : %s" -#: plugins/sudoers/cvtsudoers.c:220 +#: plugins/sudoers/cvtsudoers.c:238 #, c-format msgid "order padding: %s: %s" msgstr "remplissage de l'ordre : %s : %s" -#: plugins/sudoers/cvtsudoers.c:230 plugins/sudoers/visudo.c:179 +#: plugins/sudoers/cvtsudoers.c:248 plugins/sudoers/visudo.c:179 #, c-format msgid "%s grammar version %d\n" msgstr "Version de la grammaire de %s : %d\n" -#: plugins/sudoers/cvtsudoers.c:247 plugins/sudoers/testsudoers.c:167 +#: plugins/sudoers/cvtsudoers.c:277 plugins/sudoers/testsudoers.c:159 #, c-format msgid "unsupported input format %s" msgstr "format d'entrée %s non supporté" -#: plugins/sudoers/cvtsudoers.c:262 +#: plugins/sudoers/cvtsudoers.c:295 #, c-format msgid "unsupported output format %s" msgstr "format de sortie %s non supporté" -#: plugins/sudoers/cvtsudoers.c:314 +#: plugins/sudoers/cvtsudoers.c:385 #, c-format msgid "%s: input and output files must be different" msgstr "%s : les fichiers d'entrée et de sortie doivent être différents" -#: plugins/sudoers/cvtsudoers.c:330 plugins/sudoers/sudoers.c:178 -#: plugins/sudoers/testsudoers.c:258 plugins/sudoers/visudo.c:249 -#: plugins/sudoers/visudo.c:603 plugins/sudoers/visudo.c:926 +#: plugins/sudoers/cvtsudoers.c:399 plugins/sudoers/sudoers.c:159 +#: plugins/sudoers/sudoers.c:205 plugins/sudoers/testsudoers.c:254 +#: plugins/sudoers/visudo.c:261 plugins/sudoers/visudo.c:620 +#: plugins/sudoers/visudo.c:953 msgid "unable to initialize sudoers default values" msgstr "initialisation des valeurs par défaut de sudoers impossible" -#: plugins/sudoers/cvtsudoers.c:416 plugins/sudoers/ldap_conf.c:431 +#: plugins/sudoers/cvtsudoers.c:522 plugins/sudoers/ldap_conf.c:431 #, c-format msgid "%s: %s: %s: %s" msgstr "%s : %s : %s : %s" -#: plugins/sudoers/cvtsudoers.c:475 +#: plugins/sudoers/cvtsudoers.c:581 #, c-format -msgid "%s: unknown key word: %s" -msgstr "%s: mot clé inconnu : %s" +msgid "%s: unknown key word %s" +msgstr "%s: mot clé %s inconnu" -#: plugins/sudoers/cvtsudoers.c:521 +#: plugins/sudoers/cvtsudoers.c:627 #, c-format msgid "invalid defaults type: %s" msgstr "type par défaut invalide : %s" -#: plugins/sudoers/cvtsudoers.c:544 +#: plugins/sudoers/cvtsudoers.c:650 #, c-format msgid "invalid suppression type: %s" msgstr "type de suppression invalide : %s" -#: plugins/sudoers/cvtsudoers.c:584 plugins/sudoers/cvtsudoers.c:598 +#: plugins/sudoers/cvtsudoers.c:691 plugins/sudoers/cvtsudoers.c:707 #, c-format msgid "invalid filter: %s" msgstr "filtre invalide : %s" -#: plugins/sudoers/cvtsudoers.c:617 plugins/sudoers/cvtsudoers.c:634 -#: plugins/sudoers/cvtsudoers.c:1244 plugins/sudoers/cvtsudoers_json.c:872 -#: plugins/sudoers/cvtsudoers_ldif.c:688 plugins/sudoers/sudoers.c:1053 -#: plugins/sudoers/sudoreplay.c:1435 plugins/sudoers/timestamp.c:441 -#: plugins/sudoers/tsdump.c:128 plugins/sudoers/visudo.c:922 -#, c-format -msgid "unable to open %s" -msgstr "ouverture de %s impossible" - -#: plugins/sudoers/cvtsudoers.c:637 plugins/sudoers/visudo.c:931 +#: plugins/sudoers/cvtsudoers.c:751 plugins/sudoers/visudo.c:958 #, c-format msgid "failed to parse %s file, unknown error" msgstr "échec lors de l'analyse grammaticale de %s, erreur inconnue" -#: plugins/sudoers/cvtsudoers.c:645 +#: plugins/sudoers/cvtsudoers.c:759 #, c-format msgid "parse error in %s near line %d\n" msgstr "erreur lors de l'analyse grammaticale de %s au environs de la ligne %d\n" -#: plugins/sudoers/cvtsudoers.c:648 +#: plugins/sudoers/cvtsudoers.c:762 #, c-format msgid "parse error in %s\n" msgstr "erreur lors de l'analyse grammaticale de %s\n" -#: plugins/sudoers/cvtsudoers.c:1291 plugins/sudoers/sudoreplay.c:1124 -#: plugins/sudoers/timestamp.c:325 plugins/sudoers/timestamp.c:328 +#: plugins/sudoers/cvtsudoers.c:1486 plugins/sudoers/sudoreplay.c:1145 +#: plugins/sudoers/timestamp.c:317 plugins/sudoers/timestamp.c:320 #, c-format msgid "unable to write to %s" msgstr "écriture impossible dans %s" -#: plugins/sudoers/cvtsudoers.c:1314 +#: plugins/sudoers/cvtsudoers.c:1509 #, c-format msgid "" "%s - convert between sudoers file formats\n" @@ -1253,7 +1697,7 @@ "%s - convertir entre des formats de fichiers sudoers\n" "\n" -#: plugins/sudoers/cvtsudoers.c:1316 +#: plugins/sudoers/cvtsudoers.c:1511 msgid "" "\n" "Options:\n" @@ -1295,33 +1739,75 @@ " -s, --suppress=sections supprimer la sortie de certaines sections\n" " -V, --version afficher la version et terminer" -#: plugins/sudoers/cvtsudoers_json.c:480 plugins/sudoers/cvtsudoers_json.c:514 -#: plugins/sudoers/cvtsudoers_json.c:713 -#, c-format -msgid "unknown defaults entry \"%s\"" -msgstr "entrée par défaut inconnue « %s »" - -#: plugins/sudoers/cvtsudoers_json.c:651 plugins/sudoers/cvtsudoers_json.c:664 -#: plugins/sudoers/cvtsudoers_ldif.c:346 plugins/sudoers/cvtsudoers_ldif.c:357 -#: plugins/sudoers/ldap.c:503 +#: plugins/sudoers/cvtsudoers_csv.c:452 plugins/sudoers/cvtsudoers_csv.c:466 +#: plugins/sudoers/cvtsudoers_json.c:654 plugins/sudoers/cvtsudoers_json.c:669 +#: plugins/sudoers/cvtsudoers_ldif.c:347 plugins/sudoers/cvtsudoers_ldif.c:360 +#: plugins/sudoers/ldap.c:504 msgid "unable to get GMT time" msgstr "récupération de l'heure GMT impossible" -#: plugins/sudoers/cvtsudoers_json.c:654 plugins/sudoers/cvtsudoers_json.c:667 -#: plugins/sudoers/cvtsudoers_ldif.c:349 plugins/sudoers/cvtsudoers_ldif.c:360 -#: plugins/sudoers/ldap.c:509 +#: plugins/sudoers/cvtsudoers_csv.c:457 plugins/sudoers/cvtsudoers_csv.c:471 +#: plugins/sudoers/cvtsudoers_json.c:659 plugins/sudoers/cvtsudoers_json.c:674 +#: plugins/sudoers/cvtsudoers_ldif.c:352 plugins/sudoers/cvtsudoers_ldif.c:365 +#: plugins/sudoers/ldap.c:512 msgid "unable to format timestamp" msgstr "impossible de formater l'horodatage" -#: plugins/sudoers/cvtsudoers_ldif.c:640 +#: plugins/sudoers/cvtsudoers_json.c:480 plugins/sudoers/cvtsudoers_json.c:515 +#: plugins/sudoers/cvtsudoers_json.c:725 plugins/sudoers/defaults.c:189 +#, c-format +msgid "%s:%d:%d: unknown defaults entry \"%s\"" +msgstr "%s:%d:%d: entrées par défaut inconnues « %s »" + +#: plugins/sudoers/cvtsudoers_ldif.c:649 #, c-format msgid "too many sudoers entries, maximum %u" msgstr "trop d'entrées sudoers, maximum %u" -#: plugins/sudoers/cvtsudoers_ldif.c:683 +#: plugins/sudoers/cvtsudoers_ldif.c:692 msgid "the SUDOERS_BASE environment variable is not set and the -b option was not specified." msgstr "la variable d'environnement SUDOERS_BASE n'est pas définie et l'option -b n'a pas été spécifiée." +#: plugins/sudoers/cvtsudoers_merge.c:438 +#, c-format +msgid "unable to find alias %s" +msgstr "impossible de trouver le synonyme %s" + +#: plugins/sudoers/cvtsudoers_merge.c:441 +#, c-format +msgid "%s:%d:%d: renaming alias %s to %s" +msgstr "%s:%d:%d: changement de nom du synonyme %s en %s" + +#: plugins/sudoers/cvtsudoers_merge.c:498 +#, c-format +msgid "%s:%d:%d: removing duplicate alias %s" +msgstr "%s:%d:%d: suppression du synonyme %s en double" + +#: plugins/sudoers/cvtsudoers_merge.c:658 +#, c-format +msgid "%s:%d:%d: conflicting Defaults entry \"%s\" host-specific in %s:%d:%d" +msgstr "%s:%d:%d: entrées Defaults « %s » spécifiques à l'hôte conflictuelles dans %s:%d:%d" + +#: plugins/sudoers/cvtsudoers_merge.c:698 +#, c-format +msgid "%s:%d:%d: made Defaults \"%s\" specific to host %s" +msgstr "%s:%d:%d: a rendu Defaults « %s » spécifique à l'hôte %s" + +#: plugins/sudoers/cvtsudoers_merge.c:718 +#, c-format +msgid "%s:%d:%d: removing Defaults \"%s\" overridden by subsequent entries" +msgstr "%s:%d:%d: suppression de Defaults « %s » surchargée par des entrées ultérieures" + +#: plugins/sudoers/cvtsudoers_merge.c:723 +#, c-format +msgid "%s:%d:%d: unable to make Defaults \"%s\" host-specific" +msgstr "%s:%d:%d: impossible de rendre Defaults « %s » spécifique à l'hôte" + +#: plugins/sudoers/cvtsudoers_merge.c:943 +#, c-format +msgid "%s:%d:%d: removing userspec overridden by subsequent entries" +msgstr "%s:%d:%d: suppression de la spécification utilisateur surchargée par des entrées ultérieurs" + #: plugins/sudoers/def_data.c:50 #, c-format msgid "Syslog facility if syslog is being used for logging: %s" @@ -1901,95 +2387,194 @@ msgid "The format of logs to produce: %s" msgstr "Format des journaux à produire : %s" -#: plugins/sudoers/defaults.c:185 +#: plugins/sudoers/def_data.c:574 +msgid "Enable SELinux RBAC support" +msgstr "Activer le support pour SELinux RBAC" + +#: plugins/sudoers/def_data.c:578 #, c-format -msgid "%s:%d:%d: unknown defaults entry \"%s\"" -msgstr "%s:%d:%d: entrées par défaut inconnues « %s »" +msgid "Path to the file that is created the first time sudo is run: %s" +msgstr "Chemin vers le fichier qui est créé la première fois que sudo est exécuté : %s" + +#: plugins/sudoers/def_data.c:582 +msgid "Intercept further commands and apply sudoers restrictions to them" +msgstr "Intercepter les commandes suivantes et leur appliquer les restrictions sudoers" + +#: plugins/sudoers/def_data.c:586 +msgid "Log sub-commands run by the original command" +msgstr "Consigner les sous-commandes exécutées par la commande originale" -#: plugins/sudoers/defaults.c:188 +#: plugins/sudoers/def_data.c:590 +msgid "Log the exit status of commands" +msgstr "Consigner le code de retour des commandes" + +#: plugins/sudoers/def_data.c:594 +msgid "Subsequent commands in an intercepted session must be authenticated" +msgstr "Les commandes ultérieures dans une session interceptée doivent être authentifiées" + +#: plugins/sudoers/def_data.c:598 +msgid "Allow an intercepted command to run set setuid or setgid programs" +msgstr "Autoriser une commande interceptée à exécuter des programmes avec le fanion setuid ou setgid activé" + +#: plugins/sudoers/def_data.c:602 +#, c-format +msgid "The maximum size to which the process's address space may grow (in bytes): %s" +msgstr "La taille maximale à laquelle l'espace d'adresses du processus peut grandir (en octets) : %s" + +#: plugins/sudoers/def_data.c:606 +#, c-format +msgid "The largest size core dump file that may be created (in bytes): %s" +msgstr "La taille de la plus grande vidange système qui peut être créée (en octets) : %s" + +#: plugins/sudoers/def_data.c:610 +#, c-format +msgid "The maximum amount of CPU time that the process may use (in seconds): %s" +msgstr "Le temps CPU maximum que le processus peut utiliser (en secondes) : %s" + +#: plugins/sudoers/def_data.c:614 +#, c-format +msgid "The maximum size of the data segment for the process (in bytes): %s" +msgstr "La taille maximale du segment de données pour le processus (en octets) : %s" + +#: plugins/sudoers/def_data.c:618 +#, c-format +msgid "The largest size file that the process may create (in bytes): %s" +msgstr "La taille la plus grande d'un fichier que le processus peut créer (en octets) : %s" + +#: plugins/sudoers/def_data.c:622 +#, c-format +msgid "The maximum number of locks that the process may establish: %s" +msgstr "Le nombre maximum de verrous que le processus peut établir : %s" + +#: plugins/sudoers/def_data.c:626 +#, c-format +msgid "The maximum size that the process may lock in memory (in bytes): %s" +msgstr "La taille maximale que le processus peut verrouiller en mémoire (en octets) : %s" + +#: plugins/sudoers/def_data.c:630 +#, c-format +msgid "The maximum number of files that the process may have open: %s" +msgstr "Le nombre maximum de fichiers que le processus peut garder ouverts : %s" + +#: plugins/sudoers/def_data.c:634 +#, c-format +msgid "The maximum number of processes that the user may run simultaneously: %s" +msgstr "Le nombre maximum de processus que l'utilisateur peut exécuter simultanément : %s" + +#: plugins/sudoers/def_data.c:638 +#, c-format +msgid "The maximum size to which the process's resident set size may grow (in bytes): %s" +msgstr "La taille maximale à laquelle l'ensemble résident du processus peut grandir (en octets) : %s" + +#: plugins/sudoers/def_data.c:642 +#, c-format +msgid "The maximum size to which the process's stack may grow (in bytes): %s" +msgstr "La taille maximale à laquelle la pile du processus peut grandir (en octets) : %s" + +#: plugins/sudoers/defaults.c:192 #, c-format msgid "%s: unknown defaults entry \"%s\"" msgstr "%s: entrée par défaut inconnue « %s »" -#: plugins/sudoers/defaults.c:234 +#: plugins/sudoers/defaults.c:241 #, c-format msgid "%s:%d:%d: no value specified for \"%s\"" msgstr "%s:%d:%d: pas de valeur précisée pour « %s »" -#: plugins/sudoers/defaults.c:237 +#: plugins/sudoers/defaults.c:244 #, c-format msgid "%s: no value specified for \"%s\"" msgstr "%s: pas de valeur précisée pour « %s »" -#: plugins/sudoers/defaults.c:275 +#: plugins/sudoers/defaults.c:257 +#, c-format +msgid "%s:%d:%d: invalid operator \"%c=\" for \"%s\"" +msgstr "%s:%d:%d: opérateur « %c= » invalide pour « %s »" + +#: plugins/sudoers/defaults.c:260 +#, c-format +msgid "%s: invalid operator \"%c=\" for \"%s\"" +msgstr "%s: opérateur « %c= » invalide pour « %s »" + +#: plugins/sudoers/defaults.c:296 #, c-format msgid "%s:%d:%d: option \"%s\" does not take a value" msgstr "%s:%d:%d: l'option « %s » ne prend pas de valeur" -#: plugins/sudoers/defaults.c:278 +#: plugins/sudoers/defaults.c:299 #, c-format msgid "%s: option \"%s\" does not take a value" msgstr "%s: l'option « %s » ne prend pas de valeur" -#: plugins/sudoers/defaults.c:303 +#: plugins/sudoers/defaults.c:327 #, c-format msgid "%s:%d:%d: invalid Defaults type 0x%x for option \"%s\"" msgstr "%s:%d:%d: type Defaults 0x%x invalide pour l'option « %s »" -#: plugins/sudoers/defaults.c:306 +#: plugins/sudoers/defaults.c:330 #, c-format msgid "%s: invalid Defaults type 0x%x for option \"%s\"" msgstr "%s: type Defaults 0x%x invalide pour l'option «␣%s␣»" -#: plugins/sudoers/defaults.c:316 +#: plugins/sudoers/defaults.c:340 #, c-format msgid "%s:%d:%d: value \"%s\" is invalid for option \"%s\"" msgstr "%s:%d:%d: la valeur « %s » ne convient pas pour l'option « %s »" -#: plugins/sudoers/defaults.c:319 +#: plugins/sudoers/defaults.c:343 #, c-format msgid "%s: value \"%s\" is invalid for option \"%s\"" msgstr "%s: la valeur « %s » ne convient pas pour l'option « %s »" -#: plugins/sudoers/defaults.c:1030 +#: plugins/sudoers/defaults.c:1124 +#, c-format +msgid "%s:%d:%d: path name for \"%s\" too long" +msgstr "%s:%d:%d: chemin trop long pour « %s »" + +#: plugins/sudoers/defaults.c:1127 +#, c-format +msgid "%s: path name for \"%s\" too long" +msgstr "%s: chemin trop long pour « %s »" + +#: plugins/sudoers/defaults.c:1138 #, c-format msgid "%s:%d:%d: values for \"%s\" must start with a '/', '~', or '*'" msgstr "%s:%d:%d: les valeurs de « %s » doivent commencer par « / », « ~ » ou « * »" -#: plugins/sudoers/defaults.c:1034 +#: plugins/sudoers/defaults.c:1142 #, c-format msgid "%s: values for \"%s\" must start with a '/', '~', or '*'" msgstr "%s: les valeurs de « %s » doivent commencer par « / », « ~ » ou « * »" -#: plugins/sudoers/defaults.c:1045 +#: plugins/sudoers/defaults.c:1153 #, c-format msgid "%s:%d:%d: values for \"%s\" must start with a '/'" msgstr "%s:%d:%d: les valeurs de « %s » doivent commencer par « / »" -#: plugins/sudoers/defaults.c:1049 +#: plugins/sudoers/defaults.c:1157 #, c-format msgid "%s: values for \"%s\" must start with a '/'" msgstr "%s: les valeurs de « %s » doivent commencer par « / »" -#: plugins/sudoers/env.c:405 +#: plugins/sudoers/env.c:412 msgid "sudo_putenv: corrupted envp, length mismatch" msgstr "sudo_putenv : envp est corrompu, longueur incorrecte" -#: plugins/sudoers/env.c:1133 +#: plugins/sudoers/env.c:1095 msgid "unable to rebuild the environment" msgstr "impossible de créer à nouveau l'environnement" -#: plugins/sudoers/env.c:1207 +#: plugins/sudoers/env.c:1169 #, c-format msgid "sorry, you are not allowed to set the following environment variables: %s" msgstr "désolé, vous n'êtes pas autorisé à définir ces variables d'environnement : %s" -#: plugins/sudoers/file.c:107 +#: plugins/sudoers/file.c:108 #, c-format msgid "parse error in %s near line %d" msgstr "erreur d'analyse grammaticale dans %s aux environs de la ligne %d" -#: plugins/sudoers/file.c:110 +#: plugins/sudoers/file.c:111 #, c-format msgid "parse error in %s" msgstr "erreur d'analyse grammaticale dans %s" @@ -2014,7 +2599,7 @@ msgid "%s must only be writable by owner" msgstr "seul le propriétaire doit avoir le droit en écriture sur %s" -#: plugins/sudoers/group_plugin.c:96 plugins/sudoers/sssd.c:569 +#: plugins/sudoers/group_plugin.c:96 plugins/sudoers/sssd.c:566 #, c-format msgid "unable to load %s: %s" msgstr "chargement de %s impossible : %s" @@ -2029,56 +2614,51 @@ msgid "%s: incompatible group plugin major version %d, expected %d" msgstr "%s : la version majeure %d du greffon group est incompatible, la version attendue est %d" -#: plugins/sudoers/interfaces.c:80 plugins/sudoers/interfaces.c:97 +#: plugins/sudoers/interfaces.c:76 plugins/sudoers/interfaces.c:93 #, c-format msgid "unable to parse IP address \"%s\"" msgstr "impossible de reconnaître le format de l'adresse IP « %s »" -#: plugins/sudoers/interfaces.c:85 plugins/sudoers/interfaces.c:102 +#: plugins/sudoers/interfaces.c:81 plugins/sudoers/interfaces.c:98 #, c-format msgid "unable to parse netmask \"%s\"" msgstr "impossible de reconnaître le format du masque de sous-réseau « %s »" -#: plugins/sudoers/interfaces.c:130 +#: plugins/sudoers/interfaces.c:126 msgid "Local IP address and netmask pairs:\n" msgstr "Couples adresse IP locale/masque de sous-réseau :\n" -#: plugins/sudoers/iolog.c:143 plugins/sudoers/sudoers.c:445 -#: plugins/sudoers/sudoers.c:1341 plugins/sudoers/testsudoers.c:410 -#, c-format -msgid "unknown group: %s" -msgstr "groupe inconnu : %s" - -#: plugins/sudoers/iolog.c:622 +#: plugins/sudoers/iolog.c:626 msgid "unable to update sequence file" msgstr "mise à jour du fichier de séquence impossible" -#: plugins/sudoers/iolog.c:653 plugins/sudoers/iolog.c:841 -#: plugins/sudoers/iolog.c:994 plugins/sudoers/iolog.c:1001 -#: plugins/sudoers/iolog.c:1122 plugins/sudoers/iolog.c:1129 -#: plugins/sudoers/iolog.c:1228 plugins/sudoers/iolog.c:1235 +#: plugins/sudoers/iolog.c:660 plugins/sudoers/iolog.c:848 +#: plugins/sudoers/iolog.c:1001 plugins/sudoers/iolog.c:1008 +#: plugins/sudoers/iolog.c:1129 plugins/sudoers/iolog.c:1136 +#: plugins/sudoers/iolog.c:1235 plugins/sudoers/iolog.c:1242 #, c-format msgid "unable to write to I/O log file: %s" msgstr "impossible d'écrire dans le journal des E/S : %s" -#: plugins/sudoers/iolog.c:661 +#: plugins/sudoers/iolog.c:668 #, c-format msgid "unable to create %s/%s" msgstr "impossible de créer %s/%s" -#: plugins/sudoers/iolog.c:886 +#: plugins/sudoers/iolog.c:893 #, c-format msgid "%s: internal error, I/O log file for event %d not open" msgstr "%s: erreur interne, le fichier journal des E/S pour l'événement %d n'est pas ouvert" -#: plugins/sudoers/iolog.c:979 plugins/sudoers/iolog.c:1107 -#: plugins/sudoers/iolog.c:1212 plugins/sudoers/timestamp.c:855 -#: plugins/sudoers/timestamp.c:947 plugins/sudoers/visudo.c:493 -#: plugins/sudoers/visudo.c:499 +#: plugins/sudoers/iolog.c:986 plugins/sudoers/iolog.c:1114 +#: plugins/sudoers/iolog.c:1219 plugins/sudoers/timestamp.c:849 +#: plugins/sudoers/timestamp.c:941 plugins/sudoers/visudo.c:510 +#: plugins/sudoers/visudo.c:516 msgid "unable to read the clock" msgstr "lecture de l'horloge impossible" -#: plugins/sudoers/iolog.c:1204 plugins/sudoers/log_client.c:1193 +#: plugins/sudoers/iolog.c:1211 plugins/sudoers/log_client.c:1221 +#: plugins/sudoers/log_client.c:1231 plugins/sudoers/log_client.c:1235 #, c-format msgid "%s: internal error, invalid signal %d" msgstr "%s: erreur interne, signal %d invalide" @@ -2097,16 +2677,16 @@ msgid "you must set TLS_CERT in %s to use SSL" msgstr "TLS_CERT doit être défini dans %s pour pouvoir utiliser SSL" -#: plugins/sudoers/ldap.c:1660 +#: plugins/sudoers/ldap.c:1663 #, c-format msgid "unable to initialize LDAP: %s" msgstr "initialisation de LDAP impossible : %s" -#: plugins/sudoers/ldap.c:1697 +#: plugins/sudoers/ldap.c:1700 msgid "start_tls specified but LDAP libs do not support ldap_start_tls_s() or ldap_start_tls_s_np()" msgstr "start_tls est spécifié mais les bibliothèques LDAP ne gèrent pas ldap_start_tls_s() ou ldap_start_tls_s_np()" -#: plugins/sudoers/ldap.c:1834 plugins/sudoers/parse_ldif.c:744 +#: plugins/sudoers/ldap.c:1837 plugins/sudoers/parse_ldif.c:747 #, c-format msgid "invalid sudoOrder attribute: %s" msgstr "attribut sudoOrder invalide : %s" @@ -2125,100 +2705,132 @@ msgid "unable to mix ldap and ldaps URIs" msgstr "fusion des URIs ldap et ldaps impossible" -#: plugins/sudoers/ldap_util.c:553 plugins/sudoers/ldap_util.c:555 +#: plugins/sudoers/ldap_util.c:498 plugins/sudoers/ldap_util.c:505 +#: plugins/sudoers/ldap_util.c:513 plugins/sudoers/ldap_util.c:522 +#: plugins/sudoers/ldap_util.c:530 plugins/sudoers/ldap_util.c:540 +#: plugins/sudoers/ldap_util.c:548 +#, c-format +msgid "duplicate sudoOption: %s%s%s" +msgstr "sudoOption dupliqué : %s%s%s" + +#: plugins/sudoers/ldap_util.c:567 plugins/sudoers/ldap_util.c:569 #, c-format msgid "unable to convert sudoOption: %s%s%s" msgstr "impossible de convertir sudoOption: %s%s%s" -#: plugins/sudoers/linux_audit.c:58 +#: plugins/sudoers/linux_audit.c:58 plugins/sudoers/linux_audit.c:60 msgid "unable to open audit system" msgstr "ouverture du fichier d'audit du système impossible" -#: plugins/sudoers/linux_audit.c:101 +#: plugins/sudoers/linux_audit.c:103 msgid "unable to send audit message" msgstr "envoi du message d'audit impossible" -#: plugins/sudoers/log_client.c:113 plugins/sudoers/log_client.c:391 -#: plugins/sudoers/log_client.c:1431 plugins/sudoers/log_client.c:2023 +#: plugins/sudoers/log_client.c:120 plugins/sudoers/log_client.c:400 +#: plugins/sudoers/log_client.c:1468 plugins/sudoers/log_client.c:2070 msgid "error in event loop" msgstr "erreur dans la boucle des événements" -#: plugins/sudoers/log_client.c:193 +#: plugins/sudoers/log_client.c:200 #, c-format msgid "Creation of new SSL_CTX object failed: %s" msgstr "La création du nouvel objet SSL_CTX a échoué : %s" -#: plugins/sudoers/log_client.c:345 plugins/sudoers/log_client.c:350 +#: plugins/sudoers/log_client.c:223 +#, c-format +msgid "unable to load certificate authority bundle %s" +msgstr "impossible de charger le paquet de l'autorité du certificat %s" + +#: plugins/sudoers/log_client.c:243 +#, c-format +msgid "unable to load certificate %s" +msgstr "impossible de charger le certificat %s" + +#: plugins/sudoers/log_client.c:256 +#, c-format +msgid "unable to load private key %s" +msgstr "impossible de charger la clé privée %s" + +#: plugins/sudoers/log_client.c:265 +#, c-format +msgid "Unable to allocate ssl object: %s" +msgstr "Impossible d'allouer l'objet ssl : %s" + +#: plugins/sudoers/log_client.c:353 plugins/sudoers/log_client.c:358 #, c-format msgid "TLS connection to %s:%s failed: %s" msgstr "la connexion TLS à %s:%s a échoué : %s" -#: plugins/sudoers/log_client.c:519 +#: plugins/sudoers/log_client.c:531 msgid "TLS initialization was unsuccessful" msgstr "l'initialisation TLS n'a pas réussi" -#: plugins/sudoers/log_client.c:528 +#: plugins/sudoers/log_client.c:541 msgid "TLS handshake was unsuccessful" msgstr "la négociation TLS n'a pas réussi" -#: plugins/sudoers/log_client.c:1202 +#: plugins/sudoers/log_client.c:1239 #, c-format msgid "%s: internal error, invalid exit status %d" msgstr "%s: erreur interne, statut de sortie %d invalide" -#: plugins/sudoers/log_client.c:1738 +#: plugins/sudoers/log_client.c:1608 +msgid "unable to unpack ServerMessage" +msgstr "impossible de décompresser ServerMessage" + +#: plugins/sudoers/log_client.c:1763 plugins/sudoers/log_client.c:1787 msgid "lost connection to log server" msgstr "perte de la connexion au serveur de journalisation" -#: plugins/sudoers/log_client.c:1815 +#: plugins/sudoers/log_client.c:1864 msgid "missing write buffer" msgstr "tampon d'écriture manquant" -#: plugins/sudoers/log_client.c:1964 +#: plugins/sudoers/log_client.c:2011 msgid "unable to connect to log server" msgstr "impossible de se connecter au serveur de journal" -#: plugins/sudoers/logging.c:244 +#: plugins/sudoers/logging.c:286 msgid "user NOT in sudoers" msgstr "l'utilisateur n'apparaît PAS dans sudoers" -#: plugins/sudoers/logging.c:246 +#: plugins/sudoers/logging.c:288 msgid "user NOT authorized on host" msgstr "l'utilisateur n'est PAS autorisé sur cet hôte" -#: plugins/sudoers/logging.c:248 +#: plugins/sudoers/logging.c:290 msgid "command not allowed" msgstr "commande non autorisée" -#: plugins/sudoers/logging.c:269 +#: plugins/sudoers/logging.c:311 #, c-format msgid "%s is not in the sudoers file. This incident will be reported.\n" msgstr "%s n'apparaît pas dans le fichier sudoers. Cet incident sera signalé.\n" -#: plugins/sudoers/logging.c:272 +#: plugins/sudoers/logging.c:314 #, c-format msgid "%s is not allowed to run sudo on %s. This incident will be reported.\n" msgstr "%s n'est pas autorisé à exécuter sudo sur %s. Cet incident sera signalé.\n" -#: plugins/sudoers/logging.c:276 +#: plugins/sudoers/logging.c:318 #, c-format msgid "Sorry, user %s may not run sudo on %s.\n" msgstr "Désolé, l'utilisateur %s ne peut pas utiliser sudo sur %s.\n" -#: plugins/sudoers/logging.c:279 +#: plugins/sudoers/logging.c:321 #, c-format msgid "Sorry, user %s is not allowed to execute '%s%s%s' as %s%s%s on %s.\n" msgstr "Désolé, l'utilisateur %s n'est pas autorisé à exécuter « %s%s%s » en tant que %s%s%s sur %s.\n" -#: plugins/sudoers/logging.c:316 plugins/sudoers/sudoers.c:583 -#: plugins/sudoers/sudoers.c:585 plugins/sudoers/sudoers.c:587 -#: plugins/sudoers/sudoers.c:589 plugins/sudoers/sudoers.c:739 -#: plugins/sudoers/sudoers.c:741 +#: plugins/sudoers/logging.c:358 plugins/sudoers/sudoers.c:629 +#: plugins/sudoers/sudoers.c:631 plugins/sudoers/sudoers.c:633 +#: plugins/sudoers/sudoers.c:635 plugins/sudoers/sudoers.c:785 +#: plugins/sudoers/sudoers.c:787 #, c-format msgid "%s: command not found" msgstr "%s : commande introuvable" -#: plugins/sudoers/logging.c:318 plugins/sudoers/sudoers.c:579 +#: plugins/sudoers/logging.c:360 plugins/sudoers/sudoers.c:625 #, c-format msgid "" "ignoring \"%s\" found in '.'\n" @@ -2227,27 +2839,22 @@ "« %s » trouvé dans « . » n'a pas été exécuté\n" "Utilisez « sudo ./%s » si c'est bien la version de « %s » que vous souhaitez exécuter." -#: plugins/sudoers/logging.c:337 +#: plugins/sudoers/logging.c:379 #, c-format msgid "%u incorrect password attempt" msgid_plural "%u incorrect password attempts" msgstr[0] "%u saisie de mot de passe incorrecte" msgstr[1] "%u saisies de mots de passe incorrectes" -#: plugins/sudoers/logging.c:393 +#: plugins/sudoers/logging.c:435 msgid "authentication failure" msgstr "échec de l'authentification" -#: plugins/sudoers/logging.c:433 plugins/sudoers/logging.c:453 +#: plugins/sudoers/logging.c:475 plugins/sudoers/logging.c:495 msgid "a password is required" msgstr "il est nécessaire de saisir un mot de passe" -#: plugins/sudoers/logging.c:729 -#, c-format -msgid "unable to open log file: %s" -msgstr "ouverture du fichier de journalisation impossible : %s" - -#: plugins/sudoers/logging.c:762 +#: plugins/sudoers/logging.c:889 #, c-format msgid "unable to write log file: %s" msgstr "impossible d'écrire le fichier journal : %s" @@ -2257,7 +2864,15 @@ msgid "digest for %s (%s) is not in %s form" msgstr "le résume (digest) de %s (%s) n'est pas dans le forme %s" -#: plugins/sudoers/parse.c:518 +#: plugins/sudoers/parse.c:233 +msgid "SELinux RBAC is not supported when intercept mode is enabled" +msgstr "SELinux RBAC n'est pas supporté quand le mode d'interception est activé" + +#: plugins/sudoers/parse.c:238 +msgid "SELinux RBAC is not supported when the log_subcmds flag is enabled" +msgstr "SELinux RBAC n'est pas supporté quand le fanion log_subcmds est activé" + +#: plugins/sudoers/parse.c:549 #, c-format msgid "" "\n" @@ -2266,7 +2881,7 @@ "\n" "Rôle LDAP : %s\n" -#: plugins/sudoers/parse.c:521 +#: plugins/sudoers/parse.c:552 msgid "" "\n" "Sudoers entry:\n" @@ -2274,104 +2889,115 @@ "\n" "Entrée sudoers :\n" -#: plugins/sudoers/parse.c:523 +#: plugins/sudoers/parse.c:554 msgid " RunAsUsers: " msgstr " RunAsUsers : " -#: plugins/sudoers/parse.c:538 +#: plugins/sudoers/parse.c:569 msgid " RunAsGroups: " msgstr " RunAsGroups : " -#: plugins/sudoers/parse.c:548 +#: plugins/sudoers/parse.c:579 msgid " Options: " msgstr " Options : " -#: plugins/sudoers/parse.c:602 +#: plugins/sudoers/parse.c:643 msgid " Commands:\n" msgstr " Commandes :\n" -#: plugins/sudoers/parse.c:793 +#: plugins/sudoers/parse.c:834 #, c-format msgid "Matching Defaults entries for %s on %s:\n" msgstr "Entrées Defaults correspondant pour %s sur %s :\n" -#: plugins/sudoers/parse.c:811 +#: plugins/sudoers/parse.c:852 #, c-format msgid "Runas and Command-specific defaults for %s:\n" msgstr "Paramètres par défaut de runas ou spécifiques aux commandes pour %s :\n" -#: plugins/sudoers/parse.c:829 +#: plugins/sudoers/parse.c:870 #, c-format msgid "User %s may run the following commands on %s:\n" msgstr "L'utilisateur %s peut utiliser les commandes suivantes sur %s :\n" -#: plugins/sudoers/parse.c:844 +#: plugins/sudoers/parse.c:885 #, c-format msgid "User %s is not allowed to run sudo on %s.\n" msgstr "L'utilisateur %s n'est pas autorisé à exécuter sudo sur %s.\n" -#: plugins/sudoers/parse_ldif.c:614 +#: plugins/sudoers/parse_ldif.c:617 #, c-format msgid "ignoring incomplete sudoRole: cn: %s" msgstr "le sudoRole incomplet est ignoré : cn : %s" -#: plugins/sudoers/parse_ldif.c:674 +#: plugins/sudoers/parse_ldif.c:677 #, c-format msgid "invalid LDIF attribute: %s" msgstr "attribut LDIF invalide : %s" -#: plugins/sudoers/policy.c:78 plugins/sudoers/policy.c:102 +#: plugins/sudoers/policy.c:80 plugins/sudoers/policy.c:111 #, c-format msgid "invalid %.*s set by sudo front-end" msgstr "%.*s invalide défini par l'interface utilisateur de sudo" -#: plugins/sudoers/policy.c:310 plugins/sudoers/testsudoers.c:272 +#: plugins/sudoers/policy.c:206 plugins/sudoers/policy.c:215 +#, c-format +msgid "path name for \"%s\" too long" +msgstr "chemin trop long pour « %s »" + +#: plugins/sudoers/policy.c:328 plugins/sudoers/testsudoers.c:268 msgid "unable to parse network address list" msgstr "impossible d'analyser la liste des adresses réseau" -#: plugins/sudoers/policy.c:455 +#: plugins/sudoers/policy.c:479 msgid "user name not set by sudo front-end" msgstr "nom d'utilisateur pas défini par l'interface utilisateur de sudo" -#: plugins/sudoers/policy.c:459 +#: plugins/sudoers/policy.c:483 msgid "user-ID not set by sudo front-end" msgstr "ID utilisateur pas défini par l'interface utilisateur de sudo" -#: plugins/sudoers/policy.c:463 +#: plugins/sudoers/policy.c:487 msgid "group-ID not set by sudo front-end" msgstr "ID de groupe pas défini par l'interface utilisateur de sudo" -#: plugins/sudoers/policy.c:467 +#: plugins/sudoers/policy.c:491 msgid "host name not set by sudo front-end" msgstr "nom d'hôte pas défini par l'interface utilisateur de sudo" -#: plugins/sudoers/policy.c:643 +#: plugins/sudoers/policy.c:693 #, c-format msgid "invalid working directory: %s" msgstr "répertoire de travail invalide : %s" -#: plugins/sudoers/policy.c:811 +#: plugins/sudoers/policy.c:869 #, c-format msgid "invalid chroot directory: %s" msgstr "répertoire chroot invalide : %s" -#: plugins/sudoers/policy.c:947 plugins/sudoers/visudo.c:231 -#: plugins/sudoers/visudo.c:860 +#: plugins/sudoers/policy.c:1051 plugins/sudoers/visudo.c:243 +#: plugins/sudoers/visudo.c:880 #, c-format msgid "unable to execute %s" msgstr "exécution de %s impossible" -#: plugins/sudoers/policy.c:1111 +#: plugins/sudoers/policy.c:1121 plugins/sudoers/policy.c:1158 +#: plugins/sudoers/policy.c:1180 plugins/sudoers/policy.c:1206 +#, c-format +msgid "%s: invalid mode flags from sudo front end: 0x%x" +msgstr "%s: fanions de mode invalides dans l'interface utilisateur de sudo : 0x%x" + +#: plugins/sudoers/policy.c:1237 #, c-format msgid "Sudoers policy plugin version %s\n" msgstr "La version du greffon de politique de sudoers est %s\n" -#: plugins/sudoers/policy.c:1113 +#: plugins/sudoers/policy.c:1239 #, c-format msgid "Sudoers file grammar version %d\n" msgstr "La version de la grammaire du fichier sudoers est %d\n" -#: plugins/sudoers/policy.c:1117 +#: plugins/sudoers/policy.c:1243 #, c-format msgid "" "\n" @@ -2380,132 +3006,137 @@ "\n" "Chemin d'accès à sudoers : %s\n" -#: plugins/sudoers/policy.c:1120 +#: plugins/sudoers/policy.c:1246 #, c-format msgid "nsswitch path: %s\n" msgstr "chemin d'accès à nsswitch : %s\n" -#: plugins/sudoers/policy.c:1122 +#: plugins/sudoers/policy.c:1248 #, c-format msgid "ldap.conf path: %s\n" msgstr "chemin d'accès à ldap.conf : %s\n" -#: plugins/sudoers/policy.c:1123 +#: plugins/sudoers/policy.c:1249 #, c-format msgid "ldap.secret path: %s\n" msgstr "chemin d'accès à ldap.secret : %s\n" -#: plugins/sudoers/policy.c:1156 +#: plugins/sudoers/policy.c:1282 #, c-format msgid "unable to register hook of type %d (version %d.%d)" msgstr "activation d'un point d'ancrage de type %d (version %d.%d) impossible" -#: plugins/sudoers/pwutil.c:217 plugins/sudoers/pwutil.c:235 +#: plugins/sudoers/policy.c:1300 +#, c-format +msgid "unable to deregister hook of type %d (version %d.%d)" +msgstr "désactivation d'un point d'ancrage de type %d (version %d.%d) impossible" + +#: plugins/sudoers/pwutil.c:222 plugins/sudoers/pwutil.c:240 #, c-format msgid "unable to cache uid %u" msgstr "enregistrement de l'uid %u dans le cache impossible" -#: plugins/sudoers/pwutil.c:229 +#: plugins/sudoers/pwutil.c:234 #, c-format msgid "unable to cache uid %u, already exists" msgstr "enregistrement de l'uid %u dans le cache impossible, l'entrée existe déjà" -#: plugins/sudoers/pwutil.c:289 plugins/sudoers/pwutil.c:307 -#: plugins/sudoers/pwutil.c:370 plugins/sudoers/pwutil.c:415 +#: plugins/sudoers/pwutil.c:294 plugins/sudoers/pwutil.c:312 +#: plugins/sudoers/pwutil.c:375 plugins/sudoers/pwutil.c:420 #, c-format msgid "unable to cache user %s" msgstr "impossible d'écrire l'utilisateur %s dans la cache" -#: plugins/sudoers/pwutil.c:302 +#: plugins/sudoers/pwutil.c:307 #, c-format msgid "unable to cache user %s, already exists" msgstr "enregistrement des informations de l'utilisateur %s dans le cache impossible, l'entrée existe déjà" -#: plugins/sudoers/pwutil.c:534 plugins/sudoers/pwutil.c:552 +#: plugins/sudoers/pwutil.c:539 plugins/sudoers/pwutil.c:557 #, c-format msgid "unable to cache gid %u" msgstr "enregistrement du gid %u dans le cache impossible" -#: plugins/sudoers/pwutil.c:546 +#: plugins/sudoers/pwutil.c:551 #, c-format msgid "unable to cache gid %u, already exists" msgstr "enregistrement du gid %u dans le cache impossible, l'entrée existe déjà" -#: plugins/sudoers/pwutil.c:599 plugins/sudoers/pwutil.c:617 -#: plugins/sudoers/pwutil.c:665 plugins/sudoers/pwutil.c:707 +#: plugins/sudoers/pwutil.c:605 plugins/sudoers/pwutil.c:623 +#: plugins/sudoers/pwutil.c:684 plugins/sudoers/pwutil.c:733 #, c-format msgid "unable to cache group %s" msgstr "impossible d'écrire le groupe %s dans la cache" -#: plugins/sudoers/pwutil.c:612 +#: plugins/sudoers/pwutil.c:618 #, c-format msgid "unable to cache group %s, already exists" msgstr "enregistrement du groupe %s dans le cache impossible, l'entrée existe déjà" -#: plugins/sudoers/pwutil.c:834 plugins/sudoers/pwutil.c:885 -#: plugins/sudoers/pwutil.c:935 plugins/sudoers/pwutil.c:987 +#: plugins/sudoers/pwutil.c:880 plugins/sudoers/pwutil.c:931 +#: plugins/sudoers/pwutil.c:981 plugins/sudoers/pwutil.c:1033 #, c-format msgid "unable to cache group list for %s, already exists" msgstr "enregistrement de la liste de groupe %s dans le cache impossible, l'entrée existe déjà" -#: plugins/sudoers/pwutil.c:840 plugins/sudoers/pwutil.c:890 -#: plugins/sudoers/pwutil.c:941 plugins/sudoers/pwutil.c:992 +#: plugins/sudoers/pwutil.c:886 plugins/sudoers/pwutil.c:936 +#: plugins/sudoers/pwutil.c:987 plugins/sudoers/pwutil.c:1038 #, c-format msgid "unable to cache group list for %s" msgstr "impossible d'écrire la liste de groupes dans la cache pour %s" -#: plugins/sudoers/pwutil.c:879 +#: plugins/sudoers/pwutil.c:925 #, c-format msgid "unable to parse groups for %s" msgstr "impossible d'analyser les groupes pour %s" -#: plugins/sudoers/pwutil.c:981 +#: plugins/sudoers/pwutil.c:1027 #, c-format msgid "unable to parse gids for %s" msgstr "impossible d'analyser les gids pour %s" -#: plugins/sudoers/set_perms.c:114 plugins/sudoers/set_perms.c:441 -#: plugins/sudoers/set_perms.c:844 plugins/sudoers/set_perms.c:1150 -#: plugins/sudoers/set_perms.c:1444 +#: plugins/sudoers/set_perms.c:114 plugins/sudoers/set_perms.c:445 +#: plugins/sudoers/set_perms.c:852 plugins/sudoers/set_perms.c:1162 +#: plugins/sudoers/set_perms.c:1460 msgid "perm stack overflow" msgstr "débordement de la pile perm" -#: plugins/sudoers/set_perms.c:122 plugins/sudoers/set_perms.c:372 -#: plugins/sudoers/set_perms.c:449 plugins/sudoers/set_perms.c:711 -#: plugins/sudoers/set_perms.c:852 plugins/sudoers/set_perms.c:1074 -#: plugins/sudoers/set_perms.c:1158 plugins/sudoers/set_perms.c:1377 -#: plugins/sudoers/set_perms.c:1452 plugins/sudoers/set_perms.c:1542 +#: plugins/sudoers/set_perms.c:125 plugins/sudoers/set_perms.c:376 +#: plugins/sudoers/set_perms.c:456 plugins/sudoers/set_perms.c:719 +#: plugins/sudoers/set_perms.c:863 plugins/sudoers/set_perms.c:1086 +#: plugins/sudoers/set_perms.c:1173 plugins/sudoers/set_perms.c:1393 +#: plugins/sudoers/set_perms.c:1471 plugins/sudoers/set_perms.c:1562 msgid "perm stack underflow" msgstr "débordement inférieur de la pile perm" -#: plugins/sudoers/set_perms.c:181 plugins/sudoers/set_perms.c:495 -#: plugins/sudoers/set_perms.c:1211 plugins/sudoers/set_perms.c:1485 +#: plugins/sudoers/set_perms.c:185 plugins/sudoers/set_perms.c:503 +#: plugins/sudoers/set_perms.c:1227 plugins/sudoers/set_perms.c:1505 msgid "unable to change to root gid" msgstr "changement de l'identificateur de groupe (gid) de root impossible" -#: plugins/sudoers/set_perms.c:272 plugins/sudoers/set_perms.c:592 -#: plugins/sudoers/set_perms.c:983 plugins/sudoers/set_perms.c:1288 +#: plugins/sudoers/set_perms.c:276 plugins/sudoers/set_perms.c:600 +#: plugins/sudoers/set_perms.c:995 plugins/sudoers/set_perms.c:1304 msgid "unable to change to runas gid" msgstr "changement du groupe effectif (runas) impossible" -#: plugins/sudoers/set_perms.c:277 plugins/sudoers/set_perms.c:597 -#: plugins/sudoers/set_perms.c:988 plugins/sudoers/set_perms.c:1293 +#: plugins/sudoers/set_perms.c:281 plugins/sudoers/set_perms.c:605 +#: plugins/sudoers/set_perms.c:1000 plugins/sudoers/set_perms.c:1309 msgid "unable to set runas group vector" msgstr "définition du vecteur du groupe effectif (runas) impossible" -#: plugins/sudoers/set_perms.c:288 plugins/sudoers/set_perms.c:608 -#: plugins/sudoers/set_perms.c:997 plugins/sudoers/set_perms.c:1302 +#: plugins/sudoers/set_perms.c:292 plugins/sudoers/set_perms.c:616 +#: plugins/sudoers/set_perms.c:1009 plugins/sudoers/set_perms.c:1318 msgid "unable to change to runas uid" msgstr "changement de l'uid effectif (runas) impossible" -#: plugins/sudoers/set_perms.c:306 plugins/sudoers/set_perms.c:626 -#: plugins/sudoers/set_perms.c:1013 plugins/sudoers/set_perms.c:1318 +#: plugins/sudoers/set_perms.c:310 plugins/sudoers/set_perms.c:634 +#: plugins/sudoers/set_perms.c:1025 plugins/sudoers/set_perms.c:1334 msgid "unable to change to sudoers gid" msgstr "changement du groupe (gid) de sudoers impossible" -#: plugins/sudoers/set_perms.c:359 plugins/sudoers/set_perms.c:698 -#: plugins/sudoers/set_perms.c:1061 plugins/sudoers/set_perms.c:1364 -#: plugins/sudoers/set_perms.c:1529 +#: plugins/sudoers/set_perms.c:363 plugins/sudoers/set_perms.c:706 +#: plugins/sudoers/set_perms.c:1073 plugins/sudoers/set_perms.c:1380 +#: plugins/sudoers/set_perms.c:1549 msgid "too many processes" msgstr "trop de processus" @@ -2523,259 +3154,273 @@ msgid "truncated audit path argv[0]: %s" msgstr "le chemin d'accès à l'audit argv[0] a été tronqué : %s" -#: plugins/sudoers/sssd.c:572 +#: plugins/sudoers/sssd.c:569 msgid "unable to initialize SSS source. Is SSSD installed on your machine?" msgstr "initialisation de la source SSS impossible. SSSD est-il installé sur cette machine ?" -#: plugins/sudoers/sssd.c:580 plugins/sudoers/sssd.c:589 -#: plugins/sudoers/sssd.c:598 plugins/sudoers/sssd.c:607 -#: plugins/sudoers/sssd.c:616 +#: plugins/sudoers/sssd.c:577 plugins/sudoers/sssd.c:586 +#: plugins/sudoers/sssd.c:595 plugins/sudoers/sssd.c:604 +#: plugins/sudoers/sssd.c:613 #, c-format msgid "unable to find symbol \"%s\" in %s" msgstr "Le symbole « %s » est introuvable dans %s" -#: plugins/sudoers/sudoers.c:214 plugins/sudoers/sudoers.c:1010 +#: plugins/sudoers/sudoers.c:166 plugins/sudoers/sudoers.c:174 +#: plugins/sudoers/sudoers.c:228 plugins/sudoers/sudoers.c:249 +#: plugins/sudoers/sudoers.c:1049 msgid "problem with defaults entries" msgstr "les entrées par défaut posent un problème" -#: plugins/sudoers/sudoers.c:218 +#: plugins/sudoers/sudoers.c:253 msgid "no valid sudoers sources found, quitting" msgstr "aucune source sudoers valide n'a été trouvée, fin d'exécution" -#: plugins/sudoers/sudoers.c:292 +#: plugins/sudoers/sudoers.c:327 #, c-format msgid "user not allowed to change root directory to %s" msgstr "l'utilisateur n'est pas autorisé à changer le répertoire racine en %s" -#: plugins/sudoers/sudoers.c:294 +#: plugins/sudoers/sudoers.c:329 #, c-format msgid "you are not permitted to use the -R option with %s" msgstr "vous n'êtes pas autorisé à utiliser l'option -R avec %s" -#: plugins/sudoers/sudoers.c:319 +#: plugins/sudoers/sudoers.c:354 #, c-format msgid "user not allowed to change directory to %s" msgstr "l'utilisateur n'est pas autorisé à changer de répertoire vers %s" -#: plugins/sudoers/sudoers.c:320 +#: plugins/sudoers/sudoers.c:355 #, c-format msgid "you are not permitted to use the -D option with %s" msgstr "vous n'êtes pas autorisé à utiliser l'option -D avec %s" -#: plugins/sudoers/sudoers.c:351 +#: plugins/sudoers/sudoers.c:382 +msgid "no command specified" +msgstr "aucune commande spécifiée" + +#: plugins/sudoers/sudoers.c:407 msgid "sudoers specifies that root is not allowed to sudo" msgstr "il est précisé dans sudoers que root n'est pas autorisé à utiliser sudo" -#: plugins/sudoers/sudoers.c:411 +#: plugins/sudoers/sudoers.c:457 msgid "user not allowed to override closefrom limit" msgstr "l'utilisateur n'est pas autorisé à outrepasser la limite closeform" -#: plugins/sudoers/sudoers.c:412 +#: plugins/sudoers/sudoers.c:458 msgid "you are not permitted to use the -C option" msgstr "vous n'êtes pas autorisé à utiliser l'option -C" -#: plugins/sudoers/sudoers.c:472 +#: plugins/sudoers/sudoers.c:518 #, c-format msgid "timestamp owner (%s): No such user" msgstr "propriétaire du fichier d'horodatage (%s) : utilisateur inconnu" -#: plugins/sudoers/sudoers.c:487 +#: plugins/sudoers/sudoers.c:533 msgid "no tty" msgstr "pas de terminal tty" -#: plugins/sudoers/sudoers.c:488 +#: plugins/sudoers/sudoers.c:534 msgid "sorry, you must have a tty to run sudo" msgstr "désolé, vous devez avoir un terminal tty pour exécuter sudo" -#: plugins/sudoers/sudoers.c:495 +#: plugins/sudoers/sudoers.c:541 #, c-format msgid "invalid shell for user %s: %s" msgstr "interpréteur de commande invalide pour l'utilisateur %s : %s" -#: plugins/sudoers/sudoers.c:578 +#: plugins/sudoers/sudoers.c:624 msgid "command in current directory" msgstr "commande dans le répertoire courant" -#: plugins/sudoers/sudoers.c:597 +#: plugins/sudoers/sudoers.c:639 +msgid "\"cd\" is a shell built-in command, it cannot be run directly." +msgstr "« cd » est une commande interne du shell, elle ne peut pas être exécutée directement." + +#: plugins/sudoers/sudoers.c:641 +msgid "the -s option may be used to run a privileged shell." +msgstr "l'option -s peut être utilisée pour exécuter un shell privilégié." + +#: plugins/sudoers/sudoers.c:643 +msgid "the -D option may be used to run a command in a specific directory." +msgstr "l'option -D peut être utilisée pour exécuter une commande dans un répertoire spécifique." + +#: plugins/sudoers/sudoers.c:652 msgid "user not allowed to set a command timeout" msgstr "l'utilisateur n'est pas autorisé à définir un délai d'expiration de la commande" -#: plugins/sudoers/sudoers.c:599 +#: plugins/sudoers/sudoers.c:654 msgid "sorry, you are not allowed set a command timeout" msgstr "désolé, vous n'êtes pas autorisé à définir un délai d'expiration de la commande" -#: plugins/sudoers/sudoers.c:607 +#: plugins/sudoers/sudoers.c:662 msgid "user not allowed to preserve the environment" msgstr "l'utilisateur n'est pas autorisé à conserver l'environnement" -#: plugins/sudoers/sudoers.c:609 +#: plugins/sudoers/sudoers.c:664 msgid "sorry, you are not allowed to preserve the environment" msgstr "désolé, vous n'êtes pas autorisé à conserver l'environnement" -#: plugins/sudoers/sudoers.c:945 -msgid "command too long" -msgstr "commande trop longue" - -#: plugins/sudoers/sudoers.c:1003 +#: plugins/sudoers/sudoers.c:1037 msgid "sudoedit doesn't need to be run via sudo" msgstr "sudoedit n'a pas besoin d'être exécuté via sudo" -#: plugins/sudoers/sudoers.c:1057 plugins/sudoers/sudoreplay.c:1547 +#: plugins/sudoers/sudoers.c:1096 plugins/sudoers/sudoreplay.c:1578 #: plugins/sudoers/tsdump.c:138 #, c-format msgid "unable to read %s" msgstr "lecture de %s impossible" -#: plugins/sudoers/sudoers.c:1082 plugins/sudoers/visudo.c:432 -#: plugins/sudoers/visudo.c:726 +#: plugins/sudoers/sudoers.c:1121 plugins/sudoers/visudo.c:449 +#: plugins/sudoers/visudo.c:748 #, c-format msgid "unable to stat %s" msgstr "impossible d'appliquer la fonction stat à %s" -#: plugins/sudoers/sudoers.c:1086 plugins/sudoers/visudo.c:1018 +#: plugins/sudoers/sudoers.c:1125 plugins/sudoers/visudo.c:1045 #, c-format msgid "%s is not a regular file" msgstr "%s n'est pas un fichier ordinaire" -#: plugins/sudoers/sudoers.c:1090 plugins/sudoers/timestamp.c:252 toke.l:1112 +#: plugins/sudoers/sudoers.c:1129 plugins/sudoers/timestamp.c:252 toke.l:1168 #, c-format msgid "%s is owned by uid %u, should be %u" msgstr "Le fichier %s est la propriété de l'utilisateur (uid) %u, alors qu'il devrait appartenir à %u" -#: plugins/sudoers/sudoers.c:1094 toke.l:1117 +#: plugins/sudoers/sudoers.c:1133 toke.l:1173 #, c-format msgid "%s is world writable" msgstr "Le fichier %s est ouvert en écriture pour tous" -#: plugins/sudoers/sudoers.c:1098 toke.l:1120 +#: plugins/sudoers/sudoers.c:1137 toke.l:1176 #, c-format msgid "%s is owned by gid %u, should be %u" msgstr "Le fichier %s a pour groupe (gid) %u, alors qu'il devrait appartenir au groupe %u" -#: plugins/sudoers/sudoers.c:1131 +#: plugins/sudoers/sudoers.c:1170 #, c-format msgid "only root can use \"-c %s\"" msgstr "« -c %s » est réservé à l'utilisateur root" -#: plugins/sudoers/sudoers.c:1150 +#: plugins/sudoers/sudoers.c:1189 #, c-format -msgid "unknown login class: %s" -msgstr "classe de connexion inconnue : %s" +msgid "unknown login class %s" +msgstr "classe de connexion %s inconnue" -#: plugins/sudoers/sudoers.c:1235 plugins/sudoers/sudoers.c:1250 +#: plugins/sudoers/sudoers.c:1275 plugins/sudoers/sudoers.c:1290 #, c-format msgid "unable to resolve host %s" msgstr "impossible de résoudre l'hôte %s" -#: plugins/sudoers/sudoreplay.c:257 +#: plugins/sudoers/sudoreplay.c:259 #, c-format msgid "invalid filter option: %s" msgstr "option du filtre invalide : %s" -#: plugins/sudoers/sudoreplay.c:273 +#: plugins/sudoers/sudoreplay.c:275 #, c-format msgid "invalid max wait: %s" msgstr "attente maximum invalide : %s" -#: plugins/sudoers/sudoreplay.c:296 +#: plugins/sudoers/sudoreplay.c:298 #, c-format msgid "invalid speed factor: %s" msgstr "facteur de vitesse invalide : %s" -#: plugins/sudoers/sudoreplay.c:332 +#: plugins/sudoers/sudoreplay.c:333 +#, c-format +msgid "invalid time offset %s" +msgstr "décalage de temps i%s invalide" + +#: plugins/sudoers/sudoreplay.c:342 #, c-format msgid "%s/%.2s/%.2s/%.2s: %s" msgstr "%s/%.2s/%.2s/%.2s : %s" -#: plugins/sudoers/sudoreplay.c:337 +#: plugins/sudoers/sudoreplay.c:347 #, c-format msgid "%s/timing: %s" msgstr "%s/timing : %s" -#: plugins/sudoers/sudoreplay.c:341 -#, c-format -msgid "%s/%s: %s" -msgstr "%s/%s : %s" - -#: plugins/sudoers/sudoreplay.c:365 +#: plugins/sudoers/sudoreplay.c:375 #, c-format msgid "Replaying sudo session: %s" msgstr "Rejeu de la session sudo : %s" -#: plugins/sudoers/sudoreplay.c:627 +#: plugins/sudoers/sudoreplay.c:637 msgid "unable to set tty to raw mode" msgstr "impossible d'initialiser le terminal tty en mode direct" -#: plugins/sudoers/sudoreplay.c:678 +#: plugins/sudoers/sudoreplay.c:688 msgid "Warning: your terminal is too small to properly replay the log.\n" msgstr "Attention : la taille du terminal n'est pas suffisante pour pouvoir rejouer correctement la séquence.\n" -#: plugins/sudoers/sudoreplay.c:679 +#: plugins/sudoers/sudoreplay.c:689 #, c-format msgid "Log geometry is %d x %d, your terminal's geometry is %d x %d." msgstr "La taille du journal est %d × %d, la taille de votre terminal est %d × %d." -#: plugins/sudoers/sudoreplay.c:707 +#: plugins/sudoers/sudoreplay.c:717 msgid "Replay finished, press any key to restore the terminal." msgstr "Rejeu terminé, appuyez sur n'importe quelle touche pour rétablir le terminal." -#: plugins/sudoers/sudoreplay.c:1197 plugins/sudoers/sudoreplay.c:1227 +#: plugins/sudoers/sudoreplay.c:1218 plugins/sudoers/sudoreplay.c:1248 #, c-format msgid "ambiguous expression \"%s\"" msgstr "expression ambiguë « %s »" -#: plugins/sudoers/sudoreplay.c:1249 +#: plugins/sudoers/sudoreplay.c:1270 msgid "unmatched ')' in expression" msgstr "« ) » sans parenthèse ouvrante dans l'expression" -#: plugins/sudoers/sudoreplay.c:1253 +#: plugins/sudoers/sudoreplay.c:1274 #, c-format msgid "unknown search term \"%s\"" msgstr "terme de recherche « %s » inconnu" -#: plugins/sudoers/sudoreplay.c:1268 +#: plugins/sudoers/sudoreplay.c:1289 #, c-format msgid "%s requires an argument" msgstr "%s requiert un argument" -#: plugins/sudoers/sudoreplay.c:1271 plugins/sudoers/sudoreplay.c:1523 +#: plugins/sudoers/sudoreplay.c:1292 plugins/sudoers/sudoreplay.c:1554 #, c-format msgid "invalid regular expression: %s" msgstr "expression rationnelle invalide : %s" -#: plugins/sudoers/sudoreplay.c:1276 +#: plugins/sudoers/sudoreplay.c:1297 #, c-format msgid "could not parse date \"%s\"" msgstr "analyse de la date « %s » impossible" -#: plugins/sudoers/sudoreplay.c:1285 +#: plugins/sudoers/sudoreplay.c:1306 msgid "unmatched '(' in expression" msgstr "« ( » sans parenthèse fermante dans l'expression" -#: plugins/sudoers/sudoreplay.c:1287 +#: plugins/sudoers/sudoreplay.c:1308 msgid "illegal trailing \"or\"" msgstr "« or » n'est pas autorisé en fin d'expression" -#: plugins/sudoers/sudoreplay.c:1289 +#: plugins/sudoers/sudoreplay.c:1310 msgid "illegal trailing \"!\"" msgstr "« ! » n'est pas autorisé en fin d'expression" -#: plugins/sudoers/sudoreplay.c:1347 +#: plugins/sudoers/sudoreplay.c:1368 #, c-format msgid "unknown search type %d" msgstr "type de recherche %d inconnu" -#: plugins/sudoers/sudoreplay.c:1614 +#: plugins/sudoers/sudoreplay.c:1645 #, c-format msgid "usage: %s [-hnRS] [-d dir] [-m num] [-s num] ID\n" msgstr "utilisation : %s [-hnRS] [-d répertoire] [-m nombre] [-s nombre] ID\n" -#: plugins/sudoers/sudoreplay.c:1617 +#: plugins/sudoers/sudoreplay.c:1648 #, c-format msgid "usage: %s [-h] [-d dir] -l [search expression]\n" msgstr "utilisation : %s [-h] [-d répertoire] -l [expression recherchée]\n" -#: plugins/sudoers/sudoreplay.c:1626 +#: plugins/sudoers/sudoreplay.c:1657 #, c-format msgid "" "%s - replay sudo session logs\n" @@ -2784,7 +3429,7 @@ "%s - rejeu du journal de la session sudo\n" "\n" -#: plugins/sudoers/sudoreplay.c:1628 +#: plugins/sudoers/sudoreplay.c:1659 msgid "" "\n" "Options:\n" @@ -2813,11 +3458,11 @@ " -s, --speed=valeur accélère ou ralentit l'exécution\n" " -V, --version affiche la version du programme, puis termine l'exécution" -#: plugins/sudoers/testsudoers.c:348 +#: plugins/sudoers/testsudoers.c:344 msgid "\thost unmatched" msgstr "\tl'hôte n'a pas de correspondance" -#: plugins/sudoers/testsudoers.c:351 +#: plugins/sudoers/testsudoers.c:347 msgid "" "\n" "Command allowed" @@ -2825,7 +3470,7 @@ "\n" "Commande autorisée" -#: plugins/sudoers/testsudoers.c:352 +#: plugins/sudoers/testsudoers.c:348 msgid "" "\n" "Command denied" @@ -2833,7 +3478,7 @@ "\n" "Commande refusée" -#: plugins/sudoers/testsudoers.c:352 +#: plugins/sudoers/testsudoers.c:348 msgid "" "\n" "Command unmatched" @@ -2846,121 +3491,127 @@ msgid "%s is group writable" msgstr "%s est accessible en écriture pour les membres du groupe" -#: plugins/sudoers/timestamp.c:336 plugins/sudoers/timestamp.c:680 +#: plugins/sudoers/timestamp.c:328 plugins/sudoers/timestamp.c:663 #, c-format msgid "unable to truncate time stamp file to %lld bytes" msgstr "impossible de tronquer le fichier d'horodatage à %lld octets" -#: plugins/sudoers/timestamp.c:866 +#: plugins/sudoers/timestamp.c:860 msgid "ignoring time stamp from the future" msgstr "un horodatage dans le futur a été ignoré" -#: plugins/sudoers/timestamp.c:889 +#: plugins/sudoers/timestamp.c:883 #, c-format msgid "time stamp too far in the future: %20.20s" msgstr "l'horodatage est trop avancé dans le future : %20.20s" -#: plugins/sudoers/timestamp.c:1011 +#: plugins/sudoers/timestamp.c:1005 #, c-format msgid "unable to lock time stamp file %s" msgstr "verrouillage du fichier d'horodatage %s impossible" -#: plugins/sudoers/timestamp.c:1055 plugins/sudoers/timestamp.c:1075 +#: plugins/sudoers/timestamp.c:1049 plugins/sudoers/timestamp.c:1069 #, c-format msgid "lecture status path too long: %s/%s" msgstr "le chemin d'accès au fichier d'état de la recommandation est trop long : %s/%s" -#: plugins/sudoers/toke_util.c:124 +#: plugins/sudoers/toke_util.c:150 msgid "sudoedit should not be specified with a path" msgstr "sudoedit ne devrait pas être spécifié avec un chemin" -#: plugins/sudoers/visudo.c:226 +#: plugins/sudoers/visudo.c:238 msgid "the -x option will be removed in a future release" msgstr "l'option -x sera supprimée dans une version ultérieure" -#: plugins/sudoers/visudo.c:228 +#: plugins/sudoers/visudo.c:240 msgid "please consider using the cvtsudoers utility instead" msgstr "envisagez plutôt l'utilisation de l'utilitaire cvtsudoers" -#: plugins/sudoers/visudo.c:279 plugins/sudoers/visudo.c:659 +#: plugins/sudoers/visudo.c:292 plugins/sudoers/visudo.c:676 #, c-format msgid "press return to edit %s: " msgstr "appuyer sur entrée pour éditer %s : " -#: plugins/sudoers/visudo.c:340 +#: plugins/sudoers/visudo.c:307 +#, c-format +msgid "contents of edit session left in %s" +msgstr "le contenu de la session d'édition a été laissé dans %s" + +#: plugins/sudoers/visudo.c:361 #, c-format msgid "specified editor (%s) doesn't exist" msgstr "l'éditeur indiqué (%s) n'existe pas" -#: plugins/sudoers/visudo.c:342 +#: plugins/sudoers/visudo.c:363 #, c-format msgid "no editor found (editor path = %s)" msgstr "aucun éditeur trouvé (chemin d'accès à l'éditeur : %s)" -#: plugins/sudoers/visudo.c:452 plugins/sudoers/visudo.c:460 +#: plugins/sudoers/visudo.c:469 plugins/sudoers/visudo.c:477 msgid "write error" msgstr "erreur en écriture" -#: plugins/sudoers/visudo.c:506 +#: plugins/sudoers/visudo.c:523 #, c-format msgid "unable to stat temporary file (%s), %s unchanged" msgstr "impossible d'appliquer la fonction stat au fichier temporaire (%s), %s n'a pas été modifié" -#: plugins/sudoers/visudo.c:513 +#: plugins/sudoers/visudo.c:530 #, c-format msgid "zero length temporary file (%s), %s unchanged" msgstr "fichier temporaire vide (%s), %s n'a pas été modifié" -#: plugins/sudoers/visudo.c:519 +#: plugins/sudoers/visudo.c:536 #, c-format msgid "editor (%s) failed, %s unchanged" msgstr "l'éditeur (%s) a échoué, %s n'a pas été modifié" -#: plugins/sudoers/visudo.c:541 +#: plugins/sudoers/visudo.c:558 #, c-format msgid "%s unchanged" msgstr "%s n'a pas été modifié" -#: plugins/sudoers/visudo.c:598 +#: plugins/sudoers/visudo.c:615 #, c-format msgid "unable to re-open temporary file (%s), %s unchanged." msgstr "impossible de rouvrir le fichier temporaire (%s), %s n'a pas été modifié." -#: plugins/sudoers/visudo.c:610 +#: plugins/sudoers/visudo.c:627 #, c-format msgid "unable to parse temporary file (%s), unknown error" msgstr "impossible d'analyser le fichier temporaire (%s), erreur inconnue" -#: plugins/sudoers/visudo.c:648 +#: plugins/sudoers/visudo.c:665 #, c-format msgid "internal error, unable to find %s in list!" msgstr "erreur interne, impossible de trouver %s dans la liste !" -#: plugins/sudoers/visudo.c:728 plugins/sudoers/visudo.c:737 +#: plugins/sudoers/visudo.c:722 plugins/sudoers/visudo.c:752 +#: plugins/sudoers/visudo.c:759 #, c-format msgid "unable to set (uid, gid) of %s to (%u, %u)" msgstr "impossible de définir (uid, gid) de %s à (%u, %u)" -#: plugins/sudoers/visudo.c:760 +#: plugins/sudoers/visudo.c:787 #, c-format msgid "%s and %s not on the same file system, using mv to rename" msgstr "%s et %s ne sont pas dans le même système de fichiers, tentative de renommage à l'aide de la commande mv" -#: plugins/sudoers/visudo.c:774 +#: plugins/sudoers/visudo.c:798 #, c-format msgid "command failed: '%s %s %s', %s unchanged" msgstr "la commande a échoué : « %s %s %s », %s n'a pas été modifié" -#: plugins/sudoers/visudo.c:784 +#: plugins/sudoers/visudo.c:805 #, c-format msgid "error renaming %s, %s unchanged" msgstr "erreur lors du renommage de %s, %s n'a pas été modifié" -#: plugins/sudoers/visudo.c:805 +#: plugins/sudoers/visudo.c:825 msgid "What now? " msgstr "Et maintenant ?" -#: plugins/sudoers/visudo.c:819 +#: plugins/sudoers/visudo.c:839 msgid "" "Options are:\n" " (e)dit sudoers file again\n" @@ -2972,66 +3623,41 @@ " e(x)it sans sauvegarde des modifications apportées au fichier sudoers\n" " (Q)uitter et sauvegarder les modifications apportées au fichier sudoers (DANGER!)\n" -#: plugins/sudoers/visudo.c:865 +#: plugins/sudoers/visudo.c:885 #, c-format msgid "unable to run %s" msgstr "exécution de %s impossible" -#: plugins/sudoers/visudo.c:895 +#: plugins/sudoers/visudo.c:916 #, c-format msgid "%s: wrong owner (uid, gid) should be (%u, %u)\n" msgstr "%s : mauvais propriétaire (uid, gid), celui-ci devrait être (%u,%u)\n" -#: plugins/sudoers/visudo.c:902 +#: plugins/sudoers/visudo.c:927 #, c-format msgid "%s: bad permissions, should be mode 0%o\n" msgstr "%s : mauvais droits d'utilisation, le mode devrait être 0%o\n" -#: plugins/sudoers/visudo.c:951 plugins/sudoers/visudo.c:958 +#: plugins/sudoers/visudo.c:978 plugins/sudoers/visudo.c:985 #, c-format msgid "%s: parsed OK\n" msgstr "%s : analyse réussie\n" -#: plugins/sudoers/visudo.c:977 +#: plugins/sudoers/visudo.c:1004 #, c-format msgid "%s busy, try again later" msgstr "%s n'est pas disponible, réessayez plus tard" -#: plugins/sudoers/visudo.c:980 -#, c-format -msgid "unable to lock %s" -msgstr "impossible de verrouiller %s" - -#: plugins/sudoers/visudo.c:981 +#: plugins/sudoers/visudo.c:1008 msgid "Edit anyway? [y/N]" msgstr "Éditer quand même ? [y/N]" -#: plugins/sudoers/visudo.c:1091 -#, c-format -msgid "Error: %s:%d:%d: cycle in %s \"%s\"" -msgstr "Erreur : %s:%d:%d: boucle dans %s « %s »" - -#: plugins/sudoers/visudo.c:1092 -#, c-format -msgid "Warning: %s:%d:%d: cycle in %s \"%s\"" -msgstr "Attention : %s:%d:%d: boucle dans %s « %s »" - -#: plugins/sudoers/visudo.c:1096 -#, c-format -msgid "Error: %s:%d:%d: %s \"%s\" referenced but not defined" -msgstr "Erreur : %s:%d:%d: il est fait mention de %s « %s » alors qu'il n'a pas été défini" - -#: plugins/sudoers/visudo.c:1097 -#, c-format -msgid "Warning: %s:%d:%d: %s \"%s\" referenced but not defined" -msgstr "Attention : %s:%d:%d: il est fait mention de %s « %s » alors qu'il n'a pas été défini" - -#: plugins/sudoers/visudo.c:1188 +#: plugins/sudoers/visudo.c:1104 #, c-format msgid "Warning: %s:%d:%d: unused %s \"%s\"" msgstr "Attention : %s:%d:%d: %s « %s » n'est pas utilisé" -#: plugins/sudoers/visudo.c:1303 +#: plugins/sudoers/visudo.c:1220 #, c-format msgid "" "%s - safely edit the sudoers file\n" @@ -3040,7 +3666,7 @@ "%s - édite le fichier sudoers en toute sécurité\n" "\n" -#: plugins/sudoers/visudo.c:1305 +#: plugins/sudoers/visudo.c:1222 msgid "" "\n" "Options:\n" @@ -3060,40 +3686,105 @@ " -s, --strict validation stricte de la syntaxe\n" " -V, --version affiche la version, puis termine l'exécution\n" -#: toke.l:179 +#: toke.l:187 msgid "empty string" msgstr "chaîne vide" -#: toke.l:189 toke.l:491 +#: toke.l:199 toke.l:513 msgid "empty group" msgstr "groupe vide" -#: toke.l:197 toke.l:489 +#: toke.l:209 toke.l:511 msgid "empty netgroup" msgstr "netgroup vide" -#: toke.l:293 toke.l:305 toke.l:317 toke.l:333 toke.l:352 toke.l:392 +#: toke.l:305 toke.l:317 toke.l:329 toke.l:345 toke.l:364 toke.l:404 msgid "invalid line continuation" msgstr "la suite de la ligne est invalide" -#: toke.l:528 toke.l:540 +#: toke.l:550 toke.l:562 msgid "invalid IPv6 address" msgstr "adresse IPv6 invalide" -#: toke.l:764 +#: toke.l:789 msgid "unexpected line break in string" msgstr "saut de ligne inattendu dans la chaîne" -#: toke.l:1084 +#: toke.l:1139 msgid "too many levels of includes" msgstr "nombre de niveaux d'inclusions trop élevé" +#~ msgid "%s: write buffer already in use" +#~ msgstr "%s: tampon d'écriture déjà en cours d'utilisation" + +#~ msgid "unable to read diffie-hellman parameters: %s" +#~ msgstr "impossible de lire les paramètres diffie-hellman : %s" + +#~ msgid "unknown defaults entry \"%s\"" +#~ msgstr "entrée par défaut inconnue « %s »" + +#~ msgid "%s:%d unknown key: %s" +#~ msgstr "%s:%d clé inconnue : %s" + +#~ msgid "unable to get TLS server method: %s" +#~ msgstr "impossible d'obtenir la méthode TLS du serveur : %s" + +#~ msgid "%s:%u unable to parse \"%s\"" +#~ msgstr "%s:%u analyse grammaticale (parse) de « %s » impossible" + +#~ msgid "" +#~ "\n" +#~ "Options:\n" +#~ " -f, --file path to configuration file\n" +#~ " -h --help display help message and exit\n" +#~ " -n, --no-fork do not fork, run in the foreground\n" +#~ " -R, --random-drop percent chance connections will drop\n" +#~ " -V, --version display version information and exit\n" +#~ msgstr "" +#~ "\n" +#~ "Options :\n" +#~ " -f, --file chemin vers le fichier de configuration\n" +#~ " -h, --help affiche l'aide puis termine l'exécution\n" +#~ " -n, --no-fork ne pas démarrer une branche, exécuter au premier plan\n" +#~ " -R, --random-drop pourcentage de chances que la connexion soit abandonnée\n" +#~ " -V, --version affiche la version, puis termine l'exécution\n" + +#~ msgid "" +#~ "\n" +#~ "Options:\n" +#~ " --help display help message and exit\n" +#~ " -A, --accept only send an accept event (no I/O)\n" +#~ " -h, --host host to send logs to\n" +#~ " -i, --iolog_id remote ID of I/O log to be resumed\n" +#~ " -p, --port port to use when connecting to host\n" +#~ " -r, --restart restart previous I/O log transfer\n" +#~ " -R, --reject reject the command with the given reason\n" +#~ " -b, --ca-bundle certificate bundle file to verify server's cert against\n" +#~ " -c, --cert certificate file for TLS handshake\n" +#~ " -k, --key private key file\n" +#~ " -n, --no-verify do not verify server certificate\n" +#~ " -t, --test test audit server by sending selected I/O log n times in parallel\n" +#~ " -V, --version display version information and exit\n" +#~ msgstr "" +#~ "\n" +#~ "Options :\n" +#~ " --help afficher le message d'aide puis terminer\n" +#~ " -A, --accept n'envoyer qu'un événement d'acceptation (pas d'E/S)\n" +#~ " -h, --host hôte à qui envoyer le journal\n" +#~ " -i, --iolog_id ID distant du journal des E/S à redémarrer\n" +#~ " -p, --port port à utiliser lors de la connexion à l'hôte\n" +#~ " -r, --restart redémarrer le transfert du journal des E/S précédent\n" +#~ " -R, --reject rejeter la commande avec la raison donnée\n" +#~ " -b, --ca-bundle fichier du paquet de certificats avec lequel vérifier le certificat du serveur\n" +#~ " -c, --cert fichier de certificat pour l'échange TLS\n" +#~ " -k, --key fichier de la clé privée\n" +#~ " -n, --no-verify ne pas vérifier le certificat du serveur\n" +#~ " -t, --test tester le serveur d'audit en envoyant le journal des E/S sélectionné n fois en parallèle\n" +#~ " -V, --version afficher les informations de version et terminer\n" + #~ msgid "Preload the dummy exec functions contained in the sudo_noexec library" #~ msgstr "Préchargement des fonctions d'exécution « à blanc » contenues dans la bibliothèque sudo_noexec" -#~ msgid "unable to lock log file: %s" -#~ msgstr "verrouillage du fichier de journalisation impossible : %s" - #~ msgid "sudo_ldap_conf_add_ports: port too large" #~ msgstr "sudo_ldap_conf_add_ports : valeur de port trop élevée" Binary files /tmp/tmpi0rdlgnl/ugezXHF7Xt/sudo-1.9.5p2/plugins/sudoers/po/hr.mo and /tmp/tmpi0rdlgnl/jboyaHmwzR/sudo-1.9.9/plugins/sudoers/po/hr.mo differ diff -Nru sudo-1.9.5p2/plugins/sudoers/po/hr.po sudo-1.9.9/plugins/sudoers/po/hr.po --- sudo-1.9.5p2/plugins/sudoers/po/hr.po 2021-01-09 20:12:16.000000000 +0000 +++ sudo-1.9.9/plugins/sudoers/po/hr.po 2022-01-27 21:24:22.000000000 +0000 @@ -1,27 +1,27 @@ # Translation of sudoers to Croatian. # This file is put in the public domain. # -# Božidar Putanec , 2016, 2017, 2018, 2019, 2020. +# Božidar Putanec , 2016, 2017, 2018, 2019, 2020, 2021. msgid "" msgstr "" -"Project-Id-Version: sudoers-1.9.4b1\n" +"Project-Id-Version: sudoers-1.9.9b1\n" "Report-Msgid-Bugs-To: https://bugzilla.sudo.ws\n" -"POT-Creation-Date: 2020-11-14 06:24-0700\n" -"PO-Revision-Date: 2020-11-26 17:25-0800\n" +"POT-Creation-Date: 2021-12-08 10:19-0700\n" +"PO-Revision-Date: 2021-12-10 16:12-0800\n" "Last-Translator: Božidar Putanec \n" "Language-Team: Croatian \n" "Language: hr\n" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=UTF-8\n" "Content-Transfer-Encoding: 8bit\n" -"X-Bugs: Report translation errors to the Language-Team address.\n" "Plural-Forms: nplurals=3; plural=(n%10==1 && n%100!=11 ? 0 : n%10>=2 && n%10<=4 && (n%100<10 || n%100>=20) ? 1 : 2);\n" -"X-Generator: Lokalize 19.12.3\n" +"X-Bugs: Report translation errors to the Language-Team address.\n" +"X-Generator: Poedit 3.0.1\n" "X-Poedit-Basepath: ../packages/sudo-1.8.23b2\n" "X-Poedit-SourceCharset: UTF-8\n" "X-Poedit-SearchPath-0: .\n" -#: confstr.sh:1 gram.y:1077 +#: confstr.sh:1 gram.y:1201 msgid "syntax error" msgstr "pogreška u sintaksi" @@ -45,868 +45,1298 @@ msgid "Sorry, try again." msgstr "Pokušajte ponovo." -#: gram.y:220 gram.y:286 gram.y:293 gram.y:300 gram.y:307 gram.y:314 -#: gram.y:334 gram.y:358 gram.y:365 gram.y:372 gram.y:379 gram.y:386 -#: gram.y:455 gram.y:464 gram.y:475 gram.y:510 gram.y:517 gram.y:524 -#: gram.y:531 gram.y:558 gram.y:654 gram.y:661 gram.y:670 gram.y:679 -#: gram.y:696 gram.y:834 gram.y:841 gram.y:849 gram.y:855 gram.y:971 -#: gram.y:978 gram.y:985 gram.y:992 gram.y:999 gram.y:1025 gram.y:1032 -#: gram.y:1039 gram.y:1236 gram.y:1526 lib/eventlog/eventlog.c:280 -#: lib/eventlog/eventlog.c:352 lib/eventlog/eventlog.c:753 -#: lib/eventlog/eventlog.c:817 lib/eventlog/eventlog.c:1062 -#: lib/iolog/iolog_fileio.c:998 lib/iolog/iolog_json.c:120 -#: lib/iolog/iolog_json.c:305 lib/iolog/iolog_json.c:335 -#: lib/iolog/iolog_json.c:457 lib/iolog/iolog_util.c:106 -#: lib/iolog/iolog_util.c:115 lib/iolog/iolog_util.c:125 -#: lib/iolog/iolog_util.c:133 lib/iolog/iolog_util.c:137 -#: lib/iolog/iolog_util.c:196 logsrvd/sendlog.c:480 -#: plugins/sudoers/alias.c:126 plugins/sudoers/alias.c:134 -#: plugins/sudoers/alias.c:153 plugins/sudoers/audit.c:115 -#: plugins/sudoers/audit.c:210 plugins/sudoers/auth/bsdauth.c:143 -#: plugins/sudoers/auth/kerb5.c:118 plugins/sudoers/auth/kerb5.c:144 -#: plugins/sudoers/auth/pam.c:669 plugins/sudoers/auth/rfc1938.c:111 -#: plugins/sudoers/auth/sia.c:59 plugins/sudoers/cvtsudoers.c:119 -#: plugins/sudoers/cvtsudoers.c:160 plugins/sudoers/cvtsudoers.c:177 -#: plugins/sudoers/cvtsudoers.c:188 plugins/sudoers/cvtsudoers.c:300 -#: plugins/sudoers/cvtsudoers.c:428 plugins/sudoers/cvtsudoers.c:561 -#: plugins/sudoers/cvtsudoers.c:578 plugins/sudoers/cvtsudoers.c:641 -#: plugins/sudoers/cvtsudoers.c:756 plugins/sudoers/cvtsudoers.c:764 -#: plugins/sudoers/cvtsudoers.c:1178 plugins/sudoers/cvtsudoers.c:1182 -#: plugins/sudoers/cvtsudoers.c:1284 plugins/sudoers/cvtsudoers_json.c:76 +#: gram.y:233 gram.y:300 gram.y:309 gram.y:318 gram.y:328 gram.y:338 +#: gram.y:362 gram.y:389 gram.y:398 gram.y:406 gram.y:415 gram.y:424 +#: gram.y:498 gram.y:508 gram.y:520 gram.y:564 gram.y:573 gram.y:582 +#: gram.y:591 gram.y:718 gram.y:726 gram.y:737 gram.y:749 gram.y:768 +#: gram.y:923 gram.y:928 gram.y:936 gram.y:950 gram.y:956 gram.y:1078 +#: gram.y:1087 gram.y:1095 gram.y:1104 gram.y:1113 gram.y:1142 gram.y:1151 +#: gram.y:1159 gram.y:1249 gram.y:1377 gram.y:1744 gram.y:1794 +#: lib/eventlog/eventlog.c:309 lib/eventlog/eventlog.c:382 +#: lib/eventlog/eventlog.c:804 lib/eventlog/eventlog.c:881 +#: lib/eventlog/eventlog.c:1176 lib/iolog/iolog_json.c:150 +#: lib/iolog/iolog_json.c:382 lib/iolog/iolog_json.c:412 +#: lib/iolog/iolog_json.c:555 lib/iolog/iolog_legacy.c:100 +#: lib/iolog/iolog_legacy.c:111 lib/iolog/iolog_legacy.c:123 +#: lib/iolog/iolog_legacy.c:133 lib/iolog/iolog_legacy.c:139 +#: lib/iolog/iolog_loginfo.c:76 lib/iolog/iolog_loginfo.c:211 +#: logsrvd/iolog_writer.c:84 logsrvd/iolog_writer.c:89 +#: logsrvd/iolog_writer.c:123 logsrvd/iolog_writer.c:172 +#: logsrvd/iolog_writer.c:212 logsrvd/iolog_writer.c:225 +#: logsrvd/iolog_writer.c:261 logsrvd/iolog_writer.c:286 +#: logsrvd/iolog_writer.c:301 logsrvd/iolog_writer.c:314 +#: logsrvd/iolog_writer.c:327 logsrvd/iolog_writer.c:340 +#: logsrvd/iolog_writer.c:355 logsrvd/iolog_writer.c:393 +#: logsrvd/iolog_writer.c:399 logsrvd/iolog_writer.c:406 +#: logsrvd/iolog_writer.c:412 logsrvd/iolog_writer.c:596 +#: logsrvd/logsrv_util.c:64 logsrvd/logsrvd.c:296 logsrvd/logsrvd.c:305 +#: logsrvd/logsrvd.c:1011 logsrvd/logsrvd.c:1073 logsrvd/logsrvd_conf.c:1360 +#: logsrvd/logsrvd_journal.c:70 logsrvd/logsrvd_journal.c:203 +#: logsrvd/logsrvd_journal.c:204 logsrvd/logsrvd_journal.c:260 +#: logsrvd/logsrvd_journal.c:425 logsrvd/logsrvd_journal.c:427 +#: logsrvd/logsrvd_local.c:174 logsrvd/logsrvd_local.c:175 +#: logsrvd/logsrvd_local.c:237 logsrvd/logsrvd_local.c:238 +#: logsrvd/logsrvd_local.c:376 logsrvd/logsrvd_local.c:425 +#: logsrvd/logsrvd_local.c:426 logsrvd/logsrvd_local.c:431 +#: logsrvd/logsrvd_local.c:432 logsrvd/logsrvd_queue.c:154 +#: logsrvd/logsrvd_queue.c:184 logsrvd/logsrvd_queue.c:261 +#: logsrvd/logsrvd_relay.c:439 logsrvd/logsrvd_relay.c:738 +#: logsrvd/logsrvd_relay.c:843 logsrvd/sendlog.c:246 logsrvd/sendlog.c:255 +#: logsrvd/sendlog.c:333 logsrvd/sendlog.c:640 plugins/sudoers/audit.c:116 +#: plugins/sudoers/auth/bsdauth.c:147 plugins/sudoers/auth/kerb5.c:118 +#: plugins/sudoers/auth/kerb5.c:146 plugins/sudoers/auth/pam.c:689 +#: plugins/sudoers/auth/rfc1938.c:111 plugins/sudoers/auth/sia.c:59 +#: plugins/sudoers/check_aliases.c:134 plugins/sudoers/cvtsudoers.c:131 +#: plugins/sudoers/cvtsudoers.c:175 plugins/sudoers/cvtsudoers.c:192 +#: plugins/sudoers/cvtsudoers.c:203 plugins/sudoers/cvtsudoers.c:333 +#: plugins/sudoers/cvtsudoers.c:372 plugins/sudoers/cvtsudoers.c:392 +#: plugins/sudoers/cvtsudoers.c:534 plugins/sudoers/cvtsudoers.c:667 +#: plugins/sudoers/cvtsudoers.c:685 plugins/sudoers/cvtsudoers.c:755 +#: plugins/sudoers/cvtsudoers.c:870 plugins/sudoers/cvtsudoers.c:878 +#: plugins/sudoers/cvtsudoers.c:1373 plugins/sudoers/cvtsudoers.c:1377 +#: plugins/sudoers/cvtsudoers.c:1479 plugins/sudoers/cvtsudoers_csv.c:183 +#: plugins/sudoers/cvtsudoers_csv.c:246 plugins/sudoers/cvtsudoers_json.c:76 #: plugins/sudoers/cvtsudoers_ldif.c:151 plugins/sudoers/cvtsudoers_ldif.c:194 #: plugins/sudoers/cvtsudoers_ldif.c:235 plugins/sudoers/cvtsudoers_ldif.c:300 -#: plugins/sudoers/cvtsudoers_ldif.c:371 plugins/sudoers/cvtsudoers_ldif.c:421 -#: plugins/sudoers/cvtsudoers_ldif.c:429 plugins/sudoers/cvtsudoers_ldif.c:440 -#: plugins/sudoers/cvtsudoers_ldif.c:447 plugins/sudoers/cvtsudoers_ldif.c:460 -#: plugins/sudoers/cvtsudoers_ldif.c:468 plugins/sudoers/cvtsudoers_ldif.c:615 -#: plugins/sudoers/defaults.c:630 plugins/sudoers/defaults.c:923 -#: plugins/sudoers/defaults.c:1098 plugins/sudoers/editor.c:181 -#: plugins/sudoers/env.c:261 plugins/sudoers/exptilde.c:92 -#: plugins/sudoers/filedigest.c:54 plugins/sudoers/filedigest.c:70 -#: plugins/sudoers/gc.c:56 plugins/sudoers/group_plugin.c:133 -#: plugins/sudoers/interfaces.c:72 plugins/sudoers/iolog.c:596 -#: plugins/sudoers/iolog.c:613 plugins/sudoers/ldap.c:184 -#: plugins/sudoers/ldap.c:422 plugins/sudoers/ldap.c:432 -#: plugins/sudoers/ldap.c:437 plugins/sudoers/ldap.c:441 -#: plugins/sudoers/ldap.c:453 plugins/sudoers/ldap.c:744 -#: plugins/sudoers/ldap.c:908 plugins/sudoers/ldap.c:1281 -#: plugins/sudoers/ldap.c:1709 plugins/sudoers/ldap.c:1746 -#: plugins/sudoers/ldap.c:1827 plugins/sudoers/ldap.c:1962 -#: plugins/sudoers/ldap.c:2063 plugins/sudoers/ldap.c:2079 -#: plugins/sudoers/ldap_conf.c:218 plugins/sudoers/ldap_conf.c:249 -#: plugins/sudoers/ldap_conf.c:301 plugins/sudoers/ldap_conf.c:337 -#: plugins/sudoers/ldap_conf.c:441 plugins/sudoers/ldap_conf.c:456 -#: plugins/sudoers/ldap_conf.c:553 plugins/sudoers/ldap_conf.c:586 -#: plugins/sudoers/ldap_conf.c:678 plugins/sudoers/ldap_conf.c:760 -#: plugins/sudoers/ldap_util.c:326 plugins/sudoers/ldap_util.c:333 -#: plugins/sudoers/ldap_util.c:603 plugins/sudoers/linux_audit.c:84 -#: plugins/sudoers/log_client.c:105 plugins/sudoers/log_client.c:381 -#: plugins/sudoers/log_client.c:688 plugins/sudoers/log_client.c:706 -#: plugins/sudoers/log_client.c:1407 plugins/sudoers/log_client.c:1620 -#: plugins/sudoers/log_client.c:1942 plugins/sudoers/log_client.c:1999 -#: plugins/sudoers/logging.c:100 plugins/sudoers/logging.c:166 -#: plugins/sudoers/logging.c:426 plugins/sudoers/logging.c:446 -#: plugins/sudoers/logging.c:527 plugins/sudoers/match_command.c:281 -#: plugins/sudoers/match_command.c:449 plugins/sudoers/match_command.c:499 -#: plugins/sudoers/match_command.c:573 plugins/sudoers/match_digest.c:93 -#: plugins/sudoers/parse.c:199 plugins/sudoers/parse.c:213 -#: plugins/sudoers/parse.c:230 plugins/sudoers/parse.c:244 -#: plugins/sudoers/parse.c:264 plugins/sudoers/parse.c:275 +#: plugins/sudoers/cvtsudoers_ldif.c:376 plugins/sudoers/cvtsudoers_ldif.c:430 +#: plugins/sudoers/cvtsudoers_ldif.c:438 plugins/sudoers/cvtsudoers_ldif.c:449 +#: plugins/sudoers/cvtsudoers_ldif.c:456 plugins/sudoers/cvtsudoers_ldif.c:469 +#: plugins/sudoers/cvtsudoers_ldif.c:477 plugins/sudoers/cvtsudoers_ldif.c:624 +#: plugins/sudoers/cvtsudoers_merge.c:246 +#: plugins/sudoers/cvtsudoers_merge.c:292 +#: plugins/sudoers/cvtsudoers_merge.c:339 +#: plugins/sudoers/cvtsudoers_merge.c:360 +#: plugins/sudoers/cvtsudoers_merge.c:446 +#: plugins/sudoers/cvtsudoers_merge.c:457 +#: plugins/sudoers/cvtsudoers_merge.c:526 +#: plugins/sudoers/cvtsudoers_merge.c:696 +#: plugins/sudoers/cvtsudoers_merge.c:704 +#: plugins/sudoers/cvtsudoers_merge.c:927 +#: plugins/sudoers/cvtsudoers_merge.c:962 plugins/sudoers/defaults.c:665 +#: plugins/sudoers/defaults.c:1019 plugins/sudoers/defaults.c:1206 +#: plugins/sudoers/editor.c:190 plugins/sudoers/env.c:262 +#: plugins/sudoers/exptilde.c:92 plugins/sudoers/filedigest.c:54 +#: plugins/sudoers/filedigest.c:70 plugins/sudoers/gc.c:57 +#: plugins/sudoers/group_plugin.c:133 plugins/sudoers/interfaces.c:68 +#: plugins/sudoers/iolog.c:609 plugins/sudoers/iolog.c:635 +#: plugins/sudoers/ldap.c:184 plugins/sudoers/ldap.c:422 +#: plugins/sudoers/ldap.c:432 plugins/sudoers/ldap.c:437 +#: plugins/sudoers/ldap.c:441 plugins/sudoers/ldap.c:453 +#: plugins/sudoers/ldap.c:749 plugins/sudoers/ldap.c:913 +#: plugins/sudoers/ldap.c:1286 plugins/sudoers/ldap.c:1712 +#: plugins/sudoers/ldap.c:1749 plugins/sudoers/ldap.c:1830 +#: plugins/sudoers/ldap.c:1965 plugins/sudoers/ldap.c:2066 +#: plugins/sudoers/ldap.c:2082 plugins/sudoers/ldap_conf.c:218 +#: plugins/sudoers/ldap_conf.c:249 plugins/sudoers/ldap_conf.c:301 +#: plugins/sudoers/ldap_conf.c:337 plugins/sudoers/ldap_conf.c:441 +#: plugins/sudoers/ldap_conf.c:456 plugins/sudoers/ldap_conf.c:553 +#: plugins/sudoers/ldap_conf.c:586 plugins/sudoers/ldap_conf.c:678 +#: plugins/sudoers/ldap_conf.c:760 plugins/sudoers/ldap_util.c:293 +#: plugins/sudoers/ldap_util.c:300 plugins/sudoers/ldap_util.c:613 +#: plugins/sudoers/linux_audit.c:86 plugins/sudoers/log_client.c:112 +#: plugins/sudoers/log_client.c:390 plugins/sudoers/log_client.c:703 +#: plugins/sudoers/log_client.c:724 plugins/sudoers/log_client.c:1444 +#: plugins/sudoers/log_client.c:1662 plugins/sudoers/log_client.c:1989 +#: plugins/sudoers/log_client.c:2046 plugins/sudoers/logging.c:104 +#: plugins/sudoers/logging.c:184 plugins/sudoers/logging.c:468 +#: plugins/sudoers/logging.c:488 plugins/sudoers/logging.c:627 +#: plugins/sudoers/match_command.c:297 plugins/sudoers/match_command.c:497 +#: plugins/sudoers/match_command.c:546 plugins/sudoers/match_command.c:618 +#: plugins/sudoers/match_command.c:666 plugins/sudoers/match_digest.c:93 +#: plugins/sudoers/parse.c:201 plugins/sudoers/parse.c:218 +#: plugins/sudoers/parse.c:250 plugins/sudoers/parse.c:267 +#: plugins/sudoers/parse.c:290 plugins/sudoers/parse.c:301 #: plugins/sudoers/parse_ldif.c:153 plugins/sudoers/parse_ldif.c:184 -#: plugins/sudoers/parse_ldif.c:253 plugins/sudoers/parse_ldif.c:260 -#: plugins/sudoers/parse_ldif.c:265 plugins/sudoers/parse_ldif.c:341 -#: plugins/sudoers/parse_ldif.c:352 plugins/sudoers/parse_ldif.c:379 -#: plugins/sudoers/parse_ldif.c:396 plugins/sudoers/parse_ldif.c:408 -#: plugins/sudoers/parse_ldif.c:412 plugins/sudoers/parse_ldif.c:426 -#: plugins/sudoers/parse_ldif.c:594 plugins/sudoers/parse_ldif.c:624 -#: plugins/sudoers/parse_ldif.c:649 plugins/sudoers/parse_ldif.c:707 -#: plugins/sudoers/parse_ldif.c:724 plugins/sudoers/parse_ldif.c:752 -#: plugins/sudoers/parse_ldif.c:759 plugins/sudoers/policy.c:526 -#: plugins/sudoers/policy.c:874 plugins/sudoers/prompt.c:93 -#: plugins/sudoers/pwutil.c:194 plugins/sudoers/pwutil.c:265 -#: plugins/sudoers/pwutil.c:343 plugins/sudoers/pwutil.c:517 -#: plugins/sudoers/pwutil.c:581 plugins/sudoers/pwutil.c:652 -#: plugins/sudoers/pwutil.c:811 plugins/sudoers/pwutil.c:867 -#: plugins/sudoers/pwutil.c:911 plugins/sudoers/pwutil.c:968 -#: plugins/sudoers/sssd.c:145 plugins/sudoers/sssd.c:407 -#: plugins/sudoers/sssd.c:470 plugins/sudoers/sssd.c:514 -#: plugins/sudoers/sssd.c:561 plugins/sudoers/sssd.c:754 -#: plugins/sudoers/stubs.c:110 plugins/sudoers/stubs.c:118 -#: plugins/sudoers/sudoers.c:300 plugins/sudoers/sudoers.c:326 -#: plugins/sudoers/sudoers.c:370 plugins/sudoers/sudoers.c:381 -#: plugins/sudoers/sudoers.c:391 plugins/sudoers/sudoers.c:433 -#: plugins/sudoers/sudoers.c:794 plugins/sudoers/sudoers.c:927 -#: plugins/sudoers/sudoers.c:961 plugins/sudoers/sudoers.c:1265 -#: plugins/sudoers/sudoreplay.c:552 plugins/sudoers/sudoreplay.c:555 -#: plugins/sudoers/sudoreplay.c:1259 plugins/sudoers/sudoreplay.c:1469 -#: plugins/sudoers/sudoreplay.c:1473 plugins/sudoers/testsudoers.c:128 -#: plugins/sudoers/testsudoers.c:228 plugins/sudoers/testsudoers.c:245 -#: plugins/sudoers/testsudoers.c:587 plugins/sudoers/timestamp.c:432 -#: plugins/sudoers/timestamp.c:476 plugins/sudoers/timestamp.c:986 -#: plugins/sudoers/toke_util.c:51 plugins/sudoers/toke_util.c:104 -#: plugins/sudoers/toke_util.c:129 plugins/sudoers/toke_util.c:157 -#: plugins/sudoers/tsdump.c:123 plugins/sudoers/visudo.c:145 -#: plugins/sudoers/visudo.c:323 plugins/sudoers/visudo.c:329 -#: plugins/sudoers/visudo.c:439 plugins/sudoers/visudo.c:615 -#: plugins/sudoers/visudo.c:935 plugins/sudoers/visudo.c:1008 -#: plugins/sudoers/visudo.c:1129 toke.l:913 toke.l:1033 toke.l:1091 +#: plugins/sudoers/parse_ldif.c:253 plugins/sudoers/parse_ldif.c:261 +#: plugins/sudoers/parse_ldif.c:266 plugins/sudoers/parse_ldif.c:342 +#: plugins/sudoers/parse_ldif.c:353 plugins/sudoers/parse_ldif.c:380 +#: plugins/sudoers/parse_ldif.c:397 plugins/sudoers/parse_ldif.c:409 +#: plugins/sudoers/parse_ldif.c:413 plugins/sudoers/parse_ldif.c:427 +#: plugins/sudoers/parse_ldif.c:484 plugins/sudoers/parse_ldif.c:597 +#: plugins/sudoers/parse_ldif.c:627 plugins/sudoers/parse_ldif.c:652 +#: plugins/sudoers/parse_ldif.c:710 plugins/sudoers/parse_ldif.c:727 +#: plugins/sudoers/parse_ldif.c:755 plugins/sudoers/parse_ldif.c:762 +#: plugins/sudoers/policy.c:564 plugins/sudoers/policy.c:978 +#: plugins/sudoers/prompt.c:93 plugins/sudoers/pwutil.c:199 +#: plugins/sudoers/pwutil.c:270 plugins/sudoers/pwutil.c:348 +#: plugins/sudoers/pwutil.c:522 plugins/sudoers/pwutil.c:587 +#: plugins/sudoers/pwutil.c:659 plugins/sudoers/pwutil.c:857 +#: plugins/sudoers/pwutil.c:913 plugins/sudoers/pwutil.c:957 +#: plugins/sudoers/pwutil.c:1014 plugins/sudoers/sssd.c:145 +#: plugins/sudoers/sssd.c:407 plugins/sudoers/sssd.c:470 +#: plugins/sudoers/sssd.c:514 plugins/sudoers/sssd.c:558 +#: plugins/sudoers/sssd.c:751 plugins/sudoers/strvec_join.c:53 +#: plugins/sudoers/stubs.c:111 plugins/sudoers/stubs.c:119 +#: plugins/sudoers/sudoers.c:335 plugins/sudoers/sudoers.c:361 +#: plugins/sudoers/sudoers.c:429 plugins/sudoers/sudoers.c:438 +#: plugins/sudoers/sudoers.c:479 plugins/sudoers/sudoers.c:842 +#: plugins/sudoers/sudoers.c:980 plugins/sudoers/sudoers.c:1039 +#: plugins/sudoers/sudoers.c:1305 plugins/sudoers/sudoreplay.c:562 +#: plugins/sudoers/sudoreplay.c:565 plugins/sudoers/sudoreplay.c:1280 +#: plugins/sudoers/sudoreplay.c:1500 plugins/sudoers/sudoreplay.c:1504 +#: plugins/sudoers/testsudoers.c:120 plugins/sudoers/testsudoers.c:224 +#: plugins/sudoers/testsudoers.c:241 plugins/sudoers/testsudoers.c:580 +#: plugins/sudoers/timestamp.c:424 plugins/sudoers/timestamp.c:468 +#: plugins/sudoers/timestamp.c:980 plugins/sudoers/timestamp.c:1118 +#: plugins/sudoers/toke_util.c:77 plugins/sudoers/toke_util.c:105 +#: plugins/sudoers/toke_util.c:130 plugins/sudoers/toke_util.c:155 +#: plugins/sudoers/toke_util.c:193 plugins/sudoers/tsdump.c:123 +#: plugins/sudoers/visudo.c:145 plugins/sudoers/visudo.c:344 +#: plugins/sudoers/visudo.c:350 plugins/sudoers/visudo.c:456 +#: plugins/sudoers/visudo.c:632 plugins/sudoers/visudo.c:962 +#: plugins/sudoers/visudo.c:1035 toke.l:944 toke.l:1076 toke.l:1147 msgid "unable to allocate memory" msgstr "nije moguće dodijeliti memoriju" -#: gram.y:552 +#: gram.y:615 msgid "a digest requires a path name" msgstr "kontrolni zbroj zahtijeva ime staze" -#: gram.y:581 +#: gram.y:637 msgid "values for \"CWD\" must start with a '/', '~', or '*'" msgstr "vrijednosti za „CWD“ moraju započeti s „/“, „~“, ili „*“" -#: gram.y:593 +#: gram.y:643 +msgid "\"CWD\" path too long" +msgstr "„CWD“ staza je predugačka" + +#: gram.y:653 msgid "values for \"CHROOT\" must start with a '/', '~', or '*'" msgstr "vrijednosti za „CHROOT“ moraju započeti s „/“, „~“, ili „*“" -#: gram.y:715 +#: gram.y:659 +msgid "\"CHROOT\" path too long" +msgstr "„CHROOT“ staza je predugačka" + +#: gram.y:788 #, c-format msgid "syntax error, reserved word %s used as an alias name" msgstr "sintaktička greška -- rezervirana riječ %s korištena kao alias" -#: gram.y:735 +#: gram.y:811 msgid "invalid notbefore value" msgstr "nevaljana ‘notbefore’ vrijednost" -#: gram.y:743 +#: gram.y:820 msgid "invalid notafter value" msgstr "nevaljana ‘notafter’ vrijednost" -#: gram.y:752 plugins/sudoers/policy.c:335 +#: gram.y:830 plugins/sudoers/policy.c:353 msgid "timeout value too large" msgstr "vrijednost za tajmaut je prevelika" -#: gram.y:754 plugins/sudoers/policy.c:337 +#: gram.y:832 plugins/sudoers/policy.c:355 msgid "invalid timeout value" msgstr "nevaljana vrijednost za tajmaut" -#: gram.y:1079 +#: gram.y:946 plugins/sudoers/sudoers.c:998 +msgid "command too long" +msgstr "naredba je predugačka" + +#: gram.y:1203 #, c-format msgid "%s:%d:%d: %s\n" msgstr "%s:%d:%d: %s\n" -#: gram.y:1526 lib/eventlog/eventlog.c:280 lib/eventlog/eventlog.c:753 -#: lib/eventlog/eventlog.c:815 lib/eventlog/eventlog.c:816 -#: lib/eventlog/eventlog.c:1062 lib/iolog/iolog_fileio.c:998 -#: lib/iolog/iolog_json.c:120 lib/iolog/iolog_json.c:304 -#: lib/iolog/iolog_json.c:335 lib/iolog/iolog_json.c:457 -#: lib/iolog/iolog_json.c:735 lib/iolog/iolog_util.c:106 -#: lib/iolog/iolog_util.c:115 lib/iolog/iolog_util.c:125 -#: lib/iolog/iolog_util.c:133 lib/iolog/iolog_util.c:137 -#: lib/iolog/iolog_util.c:196 logsrvd/logsrvd.c:1280 logsrvd/logsrvd.c:1293 -#: logsrvd/logsrvd.c:1338 logsrvd/sendlog.c:480 logsrvd/sendlog.c:1321 -#: logsrvd/sendlog.c:1328 logsrvd/sendlog.c:1746 plugins/sudoers/audit.c:115 -#: plugins/sudoers/audit.c:210 plugins/sudoers/auth/pam.c:482 -#: plugins/sudoers/auth/pam.c:669 plugins/sudoers/auth/rfc1938.c:111 -#: plugins/sudoers/cvtsudoers.c:119 plugins/sudoers/cvtsudoers.c:159 -#: plugins/sudoers/cvtsudoers.c:176 plugins/sudoers/cvtsudoers.c:187 -#: plugins/sudoers/cvtsudoers.c:299 plugins/sudoers/cvtsudoers.c:427 -#: plugins/sudoers/cvtsudoers.c:560 plugins/sudoers/cvtsudoers.c:577 -#: plugins/sudoers/cvtsudoers.c:641 plugins/sudoers/cvtsudoers.c:756 -#: plugins/sudoers/cvtsudoers.c:763 plugins/sudoers/cvtsudoers.c:1178 -#: plugins/sudoers/cvtsudoers.c:1182 plugins/sudoers/cvtsudoers.c:1284 +#: gram.y:1247 +#, c-format +msgid "Alias \"%s\" already defined" +msgstr "Alias „%s“ je već ranije definiran" + +#: gram.y:1744 gram.y:1794 lib/eventlog/eventlog.c:309 +#: lib/eventlog/eventlog.c:804 lib/eventlog/eventlog.c:877 +#: lib/eventlog/eventlog.c:880 lib/eventlog/eventlog.c:1176 +#: lib/iolog/iolog_json.c:150 lib/iolog/iolog_json.c:381 +#: lib/iolog/iolog_json.c:412 lib/iolog/iolog_json.c:555 +#: lib/iolog/iolog_legacy.c:100 lib/iolog/iolog_legacy.c:111 +#: lib/iolog/iolog_legacy.c:123 lib/iolog/iolog_legacy.c:133 +#: lib/iolog/iolog_legacy.c:139 lib/iolog/iolog_loginfo.c:76 +#: lib/iolog/iolog_loginfo.c:211 logsrvd/iolog_writer.c:84 +#: logsrvd/iolog_writer.c:89 logsrvd/iolog_writer.c:123 +#: logsrvd/iolog_writer.c:162 logsrvd/iolog_writer.c:171 +#: logsrvd/iolog_writer.c:189 logsrvd/iolog_writer.c:211 +#: logsrvd/iolog_writer.c:224 logsrvd/iolog_writer.c:251 +#: logsrvd/iolog_writer.c:260 logsrvd/iolog_writer.c:276 +#: logsrvd/iolog_writer.c:285 logsrvd/iolog_writer.c:300 +#: logsrvd/iolog_writer.c:313 logsrvd/iolog_writer.c:326 +#: logsrvd/iolog_writer.c:339 logsrvd/iolog_writer.c:354 +#: logsrvd/iolog_writer.c:393 logsrvd/iolog_writer.c:399 +#: logsrvd/iolog_writer.c:406 logsrvd/iolog_writer.c:412 +#: logsrvd/iolog_writer.c:596 logsrvd/logsrv_util.c:64 logsrvd/logsrvd.c:296 +#: logsrvd/logsrvd.c:305 logsrvd/logsrvd.c:448 logsrvd/logsrvd.c:485 +#: logsrvd/logsrvd.c:593 logsrvd/logsrvd.c:1084 logsrvd/logsrvd.c:1400 +#: logsrvd/logsrvd.c:1406 logsrvd/logsrvd_conf.c:1360 +#: logsrvd/logsrvd_journal.c:70 logsrvd/logsrvd_journal.c:114 +#: logsrvd/logsrvd_journal.c:203 logsrvd/logsrvd_journal.c:233 +#: logsrvd/logsrvd_journal.c:237 logsrvd/logsrvd_journal.c:245 +#: logsrvd/logsrvd_journal.c:268 logsrvd/logsrvd_journal.c:272 +#: logsrvd/logsrvd_journal.c:425 logsrvd/logsrvd_local.c:174 +#: logsrvd/logsrvd_local.c:237 logsrvd/logsrvd_local.c:425 +#: logsrvd/logsrvd_local.c:431 logsrvd/logsrvd_local.c:450 +#: logsrvd/logsrvd_queue.c:153 logsrvd/logsrvd_queue.c:184 +#: logsrvd/logsrvd_queue.c:261 logsrvd/sendlog.c:246 logsrvd/sendlog.c:255 +#: logsrvd/sendlog.c:333 logsrvd/sendlog.c:640 logsrvd/sendlog.c:1526 +#: logsrvd/sendlog.c:1533 logsrvd/sendlog.c:1756 logsrvd/tls_init.c:293 +#: logsrvd/tls_init.c:314 logsrvd/tls_init.c:324 plugins/sudoers/audit.c:116 +#: plugins/sudoers/auth/pam.c:503 plugins/sudoers/auth/pam.c:689 +#: plugins/sudoers/auth/rfc1938.c:111 plugins/sudoers/check_aliases.c:134 +#: plugins/sudoers/cvtsudoers.c:131 plugins/sudoers/cvtsudoers.c:174 +#: plugins/sudoers/cvtsudoers.c:191 plugins/sudoers/cvtsudoers.c:202 +#: plugins/sudoers/cvtsudoers.c:332 plugins/sudoers/cvtsudoers.c:533 +#: plugins/sudoers/cvtsudoers.c:666 plugins/sudoers/cvtsudoers.c:684 +#: plugins/sudoers/cvtsudoers.c:755 plugins/sudoers/cvtsudoers.c:870 +#: plugins/sudoers/cvtsudoers.c:877 plugins/sudoers/cvtsudoers.c:1373 +#: plugins/sudoers/cvtsudoers.c:1377 plugins/sudoers/cvtsudoers.c:1479 +#: plugins/sudoers/cvtsudoers_csv.c:182 plugins/sudoers/cvtsudoers_csv.c:245 #: plugins/sudoers/cvtsudoers_json.c:75 plugins/sudoers/cvtsudoers_ldif.c:150 #: plugins/sudoers/cvtsudoers_ldif.c:193 plugins/sudoers/cvtsudoers_ldif.c:234 -#: plugins/sudoers/cvtsudoers_ldif.c:299 plugins/sudoers/cvtsudoers_ldif.c:370 -#: plugins/sudoers/cvtsudoers_ldif.c:420 plugins/sudoers/cvtsudoers_ldif.c:428 -#: plugins/sudoers/cvtsudoers_ldif.c:439 plugins/sudoers/cvtsudoers_ldif.c:446 -#: plugins/sudoers/cvtsudoers_ldif.c:459 plugins/sudoers/cvtsudoers_ldif.c:467 -#: plugins/sudoers/cvtsudoers_ldif.c:614 plugins/sudoers/defaults.c:630 -#: plugins/sudoers/defaults.c:923 plugins/sudoers/defaults.c:1098 -#: plugins/sudoers/editor.c:181 plugins/sudoers/env.c:261 +#: plugins/sudoers/cvtsudoers_ldif.c:299 plugins/sudoers/cvtsudoers_ldif.c:375 +#: plugins/sudoers/cvtsudoers_ldif.c:429 plugins/sudoers/cvtsudoers_ldif.c:437 +#: plugins/sudoers/cvtsudoers_ldif.c:448 plugins/sudoers/cvtsudoers_ldif.c:455 +#: plugins/sudoers/cvtsudoers_ldif.c:468 plugins/sudoers/cvtsudoers_ldif.c:476 +#: plugins/sudoers/cvtsudoers_ldif.c:623 +#: plugins/sudoers/cvtsudoers_merge.c:246 +#: plugins/sudoers/cvtsudoers_merge.c:292 +#: plugins/sudoers/cvtsudoers_merge.c:338 +#: plugins/sudoers/cvtsudoers_merge.c:359 +#: plugins/sudoers/cvtsudoers_merge.c:446 +#: plugins/sudoers/cvtsudoers_merge.c:454 +#: plugins/sudoers/cvtsudoers_merge.c:457 +#: plugins/sudoers/cvtsudoers_merge.c:523 +#: plugins/sudoers/cvtsudoers_merge.c:526 +#: plugins/sudoers/cvtsudoers_merge.c:695 +#: plugins/sudoers/cvtsudoers_merge.c:703 +#: plugins/sudoers/cvtsudoers_merge.c:926 +#: plugins/sudoers/cvtsudoers_merge.c:962 plugins/sudoers/defaults.c:665 +#: plugins/sudoers/defaults.c:1019 plugins/sudoers/defaults.c:1206 +#: plugins/sudoers/editor.c:190 plugins/sudoers/env.c:262 #: plugins/sudoers/exptilde.c:92 plugins/sudoers/filedigest.c:54 -#: plugins/sudoers/filedigest.c:70 plugins/sudoers/gc.c:56 -#: plugins/sudoers/group_plugin.c:132 plugins/sudoers/interfaces.c:72 -#: plugins/sudoers/iolog.c:596 plugins/sudoers/iolog.c:613 +#: plugins/sudoers/filedigest.c:70 plugins/sudoers/gc.c:57 +#: plugins/sudoers/group_plugin.c:132 plugins/sudoers/interfaces.c:68 +#: plugins/sudoers/iolog.c:609 plugins/sudoers/iolog.c:635 #: plugins/sudoers/ldap.c:184 plugins/sudoers/ldap.c:422 #: plugins/sudoers/ldap.c:432 plugins/sudoers/ldap.c:437 #: plugins/sudoers/ldap.c:441 plugins/sudoers/ldap.c:453 -#: plugins/sudoers/ldap.c:744 plugins/sudoers/ldap.c:908 -#: plugins/sudoers/ldap.c:1281 plugins/sudoers/ldap.c:1709 -#: plugins/sudoers/ldap.c:1746 plugins/sudoers/ldap.c:1827 -#: plugins/sudoers/ldap.c:1962 plugins/sudoers/ldap.c:2063 -#: plugins/sudoers/ldap.c:2079 plugins/sudoers/ldap_conf.c:218 +#: plugins/sudoers/ldap.c:749 plugins/sudoers/ldap.c:913 +#: plugins/sudoers/ldap.c:1286 plugins/sudoers/ldap.c:1712 +#: plugins/sudoers/ldap.c:1749 plugins/sudoers/ldap.c:1830 +#: plugins/sudoers/ldap.c:1965 plugins/sudoers/ldap.c:2066 +#: plugins/sudoers/ldap.c:2082 plugins/sudoers/ldap_conf.c:218 #: plugins/sudoers/ldap_conf.c:249 plugins/sudoers/ldap_conf.c:301 #: plugins/sudoers/ldap_conf.c:337 plugins/sudoers/ldap_conf.c:441 #: plugins/sudoers/ldap_conf.c:456 plugins/sudoers/ldap_conf.c:553 #: plugins/sudoers/ldap_conf.c:586 plugins/sudoers/ldap_conf.c:677 -#: plugins/sudoers/ldap_conf.c:760 plugins/sudoers/ldap_util.c:325 -#: plugins/sudoers/ldap_util.c:332 plugins/sudoers/ldap_util.c:603 -#: plugins/sudoers/linux_audit.c:84 plugins/sudoers/log_client.c:105 -#: plugins/sudoers/log_client.c:214 plugins/sudoers/log_client.c:235 -#: plugins/sudoers/log_client.c:248 plugins/sudoers/log_client.c:381 -#: plugins/sudoers/log_client.c:688 plugins/sudoers/log_client.c:706 -#: plugins/sudoers/log_client.c:1407 plugins/sudoers/log_client.c:1620 -#: plugins/sudoers/log_client.c:1942 plugins/sudoers/log_client.c:1999 -#: plugins/sudoers/logging.c:100 plugins/sudoers/logging.c:165 -#: plugins/sudoers/logging.c:166 plugins/sudoers/logging.c:425 -#: plugins/sudoers/logging.c:445 plugins/sudoers/logging.c:527 -#: plugins/sudoers/match_command.c:280 plugins/sudoers/match_command.c:448 -#: plugins/sudoers/match_command.c:498 plugins/sudoers/match_command.c:573 -#: plugins/sudoers/match_digest.c:93 plugins/sudoers/parse.c:198 -#: plugins/sudoers/parse.c:212 plugins/sudoers/parse.c:229 -#: plugins/sudoers/parse.c:243 plugins/sudoers/parse.c:263 -#: plugins/sudoers/parse.c:274 plugins/sudoers/parse_ldif.c:152 -#: plugins/sudoers/parse_ldif.c:183 plugins/sudoers/parse_ldif.c:252 -#: plugins/sudoers/parse_ldif.c:259 plugins/sudoers/parse_ldif.c:264 -#: plugins/sudoers/parse_ldif.c:340 plugins/sudoers/parse_ldif.c:351 -#: plugins/sudoers/parse_ldif.c:378 plugins/sudoers/parse_ldif.c:395 -#: plugins/sudoers/parse_ldif.c:407 plugins/sudoers/parse_ldif.c:411 -#: plugins/sudoers/parse_ldif.c:425 plugins/sudoers/parse_ldif.c:594 -#: plugins/sudoers/parse_ldif.c:623 plugins/sudoers/parse_ldif.c:648 -#: plugins/sudoers/parse_ldif.c:706 plugins/sudoers/parse_ldif.c:723 -#: plugins/sudoers/parse_ldif.c:751 plugins/sudoers/parse_ldif.c:758 -#: plugins/sudoers/policy.c:139 plugins/sudoers/policy.c:148 -#: plugins/sudoers/policy.c:157 plugins/sudoers/policy.c:183 -#: plugins/sudoers/policy.c:320 plugins/sudoers/policy.c:335 -#: plugins/sudoers/policy.c:337 plugins/sudoers/policy.c:366 -#: plugins/sudoers/policy.c:375 plugins/sudoers/policy.c:418 -#: plugins/sudoers/policy.c:428 plugins/sudoers/policy.c:437 -#: plugins/sudoers/policy.c:446 plugins/sudoers/policy.c:526 -#: plugins/sudoers/policy.c:874 plugins/sudoers/prompt.c:93 -#: plugins/sudoers/pwutil.c:194 plugins/sudoers/pwutil.c:265 -#: plugins/sudoers/pwutil.c:343 plugins/sudoers/pwutil.c:517 -#: plugins/sudoers/pwutil.c:581 plugins/sudoers/pwutil.c:652 -#: plugins/sudoers/pwutil.c:811 plugins/sudoers/pwutil.c:867 -#: plugins/sudoers/pwutil.c:911 plugins/sudoers/pwutil.c:968 -#: plugins/sudoers/set_perms.c:359 plugins/sudoers/set_perms.c:698 -#: plugins/sudoers/set_perms.c:1061 plugins/sudoers/set_perms.c:1364 -#: plugins/sudoers/set_perms.c:1529 plugins/sudoers/sssd.c:144 +#: plugins/sudoers/ldap_conf.c:760 plugins/sudoers/ldap_util.c:292 +#: plugins/sudoers/ldap_util.c:299 plugins/sudoers/ldap_util.c:613 +#: plugins/sudoers/linux_audit.c:86 plugins/sudoers/log_client.c:112 +#: plugins/sudoers/log_client.c:221 plugins/sudoers/log_client.c:242 +#: plugins/sudoers/log_client.c:255 plugins/sudoers/log_client.c:390 +#: plugins/sudoers/log_client.c:703 plugins/sudoers/log_client.c:724 +#: plugins/sudoers/log_client.c:1444 plugins/sudoers/log_client.c:1662 +#: plugins/sudoers/log_client.c:1989 plugins/sudoers/log_client.c:2046 +#: plugins/sudoers/logging.c:104 plugins/sudoers/logging.c:183 +#: plugins/sudoers/logging.c:184 plugins/sudoers/logging.c:467 +#: plugins/sudoers/logging.c:487 plugins/sudoers/logging.c:627 +#: plugins/sudoers/match_command.c:296 plugins/sudoers/match_command.c:496 +#: plugins/sudoers/match_command.c:545 plugins/sudoers/match_command.c:618 +#: plugins/sudoers/match_command.c:665 plugins/sudoers/match_digest.c:93 +#: plugins/sudoers/parse.c:200 plugins/sudoers/parse.c:217 +#: plugins/sudoers/parse.c:249 plugins/sudoers/parse.c:266 +#: plugins/sudoers/parse.c:289 plugins/sudoers/parse.c:300 +#: plugins/sudoers/parse_ldif.c:152 plugins/sudoers/parse_ldif.c:183 +#: plugins/sudoers/parse_ldif.c:252 plugins/sudoers/parse_ldif.c:260 +#: plugins/sudoers/parse_ldif.c:265 plugins/sudoers/parse_ldif.c:341 +#: plugins/sudoers/parse_ldif.c:352 plugins/sudoers/parse_ldif.c:379 +#: plugins/sudoers/parse_ldif.c:396 plugins/sudoers/parse_ldif.c:408 +#: plugins/sudoers/parse_ldif.c:412 plugins/sudoers/parse_ldif.c:426 +#: plugins/sudoers/parse_ldif.c:484 plugins/sudoers/parse_ldif.c:597 +#: plugins/sudoers/parse_ldif.c:626 plugins/sudoers/parse_ldif.c:651 +#: plugins/sudoers/parse_ldif.c:709 plugins/sudoers/parse_ldif.c:726 +#: plugins/sudoers/parse_ldif.c:754 plugins/sudoers/parse_ldif.c:761 +#: plugins/sudoers/policy.c:152 plugins/sudoers/policy.c:161 +#: plugins/sudoers/policy.c:170 plugins/sudoers/policy.c:197 +#: plugins/sudoers/policy.c:338 plugins/sudoers/policy.c:353 +#: plugins/sudoers/policy.c:355 plugins/sudoers/policy.c:385 +#: plugins/sudoers/policy.c:394 plugins/sudoers/policy.c:442 +#: plugins/sudoers/policy.c:452 plugins/sudoers/policy.c:461 +#: plugins/sudoers/policy.c:470 plugins/sudoers/policy.c:564 +#: plugins/sudoers/policy.c:978 plugins/sudoers/prompt.c:93 +#: plugins/sudoers/pwutil.c:199 plugins/sudoers/pwutil.c:270 +#: plugins/sudoers/pwutil.c:348 plugins/sudoers/pwutil.c:522 +#: plugins/sudoers/pwutil.c:587 plugins/sudoers/pwutil.c:659 +#: plugins/sudoers/pwutil.c:857 plugins/sudoers/pwutil.c:913 +#: plugins/sudoers/pwutil.c:957 plugins/sudoers/pwutil.c:1014 +#: plugins/sudoers/set_perms.c:363 plugins/sudoers/set_perms.c:706 +#: plugins/sudoers/set_perms.c:1073 plugins/sudoers/set_perms.c:1380 +#: plugins/sudoers/set_perms.c:1549 plugins/sudoers/sssd.c:144 #: plugins/sudoers/sssd.c:407 plugins/sudoers/sssd.c:470 -#: plugins/sudoers/sssd.c:514 plugins/sudoers/sssd.c:561 -#: plugins/sudoers/sssd.c:754 plugins/sudoers/stubs.c:110 -#: plugins/sudoers/stubs.c:118 plugins/sudoers/sudoers.c:300 -#: plugins/sudoers/sudoers.c:326 plugins/sudoers/sudoers.c:370 -#: plugins/sudoers/sudoers.c:381 plugins/sudoers/sudoers.c:391 -#: plugins/sudoers/sudoers.c:433 plugins/sudoers/sudoers.c:794 -#: plugins/sudoers/sudoers.c:927 plugins/sudoers/sudoers.c:961 -#: plugins/sudoers/sudoers.c:1265 plugins/sudoers/sudoreplay.c:552 -#: plugins/sudoers/sudoreplay.c:555 plugins/sudoers/sudoreplay.c:1259 -#: plugins/sudoers/sudoreplay.c:1469 plugins/sudoers/sudoreplay.c:1473 -#: plugins/sudoers/testsudoers.c:128 plugins/sudoers/testsudoers.c:228 -#: plugins/sudoers/testsudoers.c:245 plugins/sudoers/testsudoers.c:587 -#: plugins/sudoers/timestamp.c:432 plugins/sudoers/timestamp.c:476 -#: plugins/sudoers/timestamp.c:986 plugins/sudoers/toke_util.c:51 -#: plugins/sudoers/toke_util.c:104 plugins/sudoers/toke_util.c:128 -#: plugins/sudoers/toke_util.c:157 plugins/sudoers/tsdump.c:123 -#: plugins/sudoers/visudo.c:145 plugins/sudoers/visudo.c:323 -#: plugins/sudoers/visudo.c:329 plugins/sudoers/visudo.c:439 -#: plugins/sudoers/visudo.c:615 plugins/sudoers/visudo.c:935 -#: plugins/sudoers/visudo.c:1008 plugins/sudoers/visudo.c:1129 toke.l:913 -#: toke.l:1033 toke.l:1091 +#: plugins/sudoers/sssd.c:514 plugins/sudoers/sssd.c:558 +#: plugins/sudoers/sssd.c:751 plugins/sudoers/strvec_join.c:53 +#: plugins/sudoers/stubs.c:111 plugins/sudoers/stubs.c:119 +#: plugins/sudoers/sudoers.c:335 plugins/sudoers/sudoers.c:361 +#: plugins/sudoers/sudoers.c:429 plugins/sudoers/sudoers.c:438 +#: plugins/sudoers/sudoers.c:479 plugins/sudoers/sudoers.c:842 +#: plugins/sudoers/sudoers.c:980 plugins/sudoers/sudoers.c:1039 +#: plugins/sudoers/sudoers.c:1305 plugins/sudoers/sudoreplay.c:562 +#: plugins/sudoers/sudoreplay.c:565 plugins/sudoers/sudoreplay.c:1280 +#: plugins/sudoers/sudoreplay.c:1500 plugins/sudoers/sudoreplay.c:1504 +#: plugins/sudoers/testsudoers.c:120 plugins/sudoers/testsudoers.c:224 +#: plugins/sudoers/testsudoers.c:241 plugins/sudoers/testsudoers.c:580 +#: plugins/sudoers/timestamp.c:424 plugins/sudoers/timestamp.c:468 +#: plugins/sudoers/timestamp.c:980 plugins/sudoers/timestamp.c:1118 +#: plugins/sudoers/toke_util.c:77 plugins/sudoers/toke_util.c:105 +#: plugins/sudoers/toke_util.c:130 plugins/sudoers/toke_util.c:154 +#: plugins/sudoers/toke_util.c:193 plugins/sudoers/tsdump.c:123 +#: plugins/sudoers/visudo.c:145 plugins/sudoers/visudo.c:344 +#: plugins/sudoers/visudo.c:350 plugins/sudoers/visudo.c:456 +#: plugins/sudoers/visudo.c:632 plugins/sudoers/visudo.c:962 +#: plugins/sudoers/visudo.c:1035 toke.l:944 toke.l:1076 toke.l:1139 +#: toke.l:1147 #, c-format msgid "%s: %s" msgstr "%s: %s" -#: lib/eventlog/eventlog.c:285 lib/iolog/iolog_json.c:463 -#: lib/iolog/iolog_json.c:466 lib/iolog/iolog_json.c:468 -#: lib/iolog/iolog_json.c:560 plugins/sudoers/cvtsudoers_ldif.c:244 -#: plugins/sudoers/cvtsudoers_ldif.c:251 plugins/sudoers/cvtsudoers_ldif.c:571 -#: plugins/sudoers/env.c:323 plugins/sudoers/env.c:330 -#: plugins/sudoers/env.c:437 plugins/sudoers/iolog.c:618 -#: plugins/sudoers/ldap.c:517 plugins/sudoers/ldap.c:748 -#: plugins/sudoers/ldap.c:1081 plugins/sudoers/ldap_conf.c:222 -#: plugins/sudoers/ldap_conf.c:312 plugins/sudoers/linux_audit.c:90 -#: plugins/sudoers/policy.c:556 plugins/sudoers/policy.c:711 -#: plugins/sudoers/policy.c:721 plugins/sudoers/prompt.c:161 -#: plugins/sudoers/sudoers.c:983 plugins/sudoers/testsudoers.c:249 -#: plugins/sudoers/toke_util.c:169 +#: lib/eventlog/eventlog.c:314 lib/iolog/iolog_json.c:562 +#: lib/iolog/iolog_json.c:568 lib/iolog/iolog_json.c:574 +#: plugins/sudoers/cvtsudoers_csv.c:192 plugins/sudoers/cvtsudoers_csv.c:199 +#: plugins/sudoers/cvtsudoers_ldif.c:244 plugins/sudoers/cvtsudoers_ldif.c:251 +#: plugins/sudoers/cvtsudoers_ldif.c:580 plugins/sudoers/env.c:326 +#: plugins/sudoers/env.c:333 plugins/sudoers/env.c:444 +#: plugins/sudoers/ldap.c:520 plugins/sudoers/ldap.c:753 +#: plugins/sudoers/ldap.c:1086 plugins/sudoers/ldap_conf.c:222 +#: plugins/sudoers/ldap_conf.c:312 plugins/sudoers/ldap_util.c:485 +#: plugins/sudoers/linux_audit.c:92 plugins/sudoers/policy.c:594 +#: plugins/sudoers/policy.c:763 plugins/sudoers/policy.c:774 +#: plugins/sudoers/prompt.c:168 plugins/sudoers/strvec_join.c:62 +#: plugins/sudoers/testsudoers.c:245 plugins/sudoers/toke_util.c:206 +#: toke.l:908 toke.l:1110 #, c-format msgid "internal error, %s overflow" msgstr "**interna greška**, %s prelijevanje" -#: lib/eventlog/eventlog.c:343 +#: lib/eventlog/eventlog.c:373 #, c-format msgid "unable to dup stdin: %m" msgstr "nije moguće duplicirati stdin: %m" -#: lib/eventlog/eventlog.c:388 +#: lib/eventlog/eventlog.c:415 #, c-format msgid "unable to execute %s: %m" msgstr "nije moguće izvršiti %s: %m" -#: lib/eventlog/eventlog.c:428 plugins/sudoers/auth/aix_auth.c:198 +#: lib/eventlog/eventlog.c:456 plugins/sudoers/auth/aix_auth.c:198 msgid "unable to fork" msgstr "nije moguće stvoriti novi proces (greška u fork())" -#: lib/eventlog/eventlog.c:436 lib/eventlog/eventlog.c:490 +#: lib/eventlog/eventlog.c:464 lib/eventlog/eventlog.c:518 #, c-format msgid "unable to fork: %m" msgstr "nije moguće stvoriti novi proces (greška u fork()): %m" -#: lib/eventlog/eventlog.c:480 +#: lib/eventlog/eventlog.c:508 #, c-format msgid "unable to open pipe: %m" msgstr "nije moguće otvoriti cijev: %m" -#: lib/eventlog/eventlog.c:894 +#: lib/eventlog/eventlog.c:1007 #, c-format msgid "%8s : %s" msgstr "%8s : %s" -#: lib/eventlog/eventlog.c:923 +#: lib/eventlog/eventlog.c:1036 #, c-format msgid "%8s : (command continued) %s" msgstr "%8s : (naredba se nastavlja) %s" -#: lib/iolog/iolog_fileio.c:155 -#, c-format -msgid "%s exists but is not a directory (0%o)" -msgstr "%s postoji ali nije direktorij (0%o)" - -#: lib/iolog/iolog_fileio.c:185 lib/iolog/iolog_fileio.c:231 -#: plugins/sudoers/timestamp.c:205 -#, c-format -msgid "unable to mkdir %s" -msgstr "nije moguće napraviti direktorij %s" - -#: lib/iolog/iolog_fileio.c:235 plugins/sudoers/visudo.c:732 -#: plugins/sudoers/visudo.c:743 -#, c-format -msgid "unable to change mode of %s to 0%o" -msgstr "nije moguće promijeniti mȏd od %s na 0%o" - -#: lib/iolog/iolog_json.c:114 +#: lib/iolog/iolog_json.c:140 #, c-format msgid "expected JSON_STRING, got %d" msgstr "očekivan je JSON_STRING, dobiven je %d" -#: lib/iolog/iolog_json.c:327 +#: lib/iolog/iolog_json.c:145 +msgid "JSON_ARRAY too large" +msgstr "JSON_ARRAY je prevelik" + +#: lib/iolog/iolog_json.c:404 msgid "missing double quote in name" msgstr "imenu nedostaje navodnik (\")" -#: lib/iolog/iolog_json.c:414 +#: lib/iolog/iolog_json.c:501 +msgid "missing JSON_OBJECT" +msgstr "nedostaje JSON_OBJECT" + +#: lib/iolog/iolog_json.c:505 #, c-format msgid "expected JSON_OBJECT, got %d" msgstr "očekivan je JSON_OBJECT, dobiven je %d" -#: lib/iolog/iolog_json.c:629 lib/iolog/iolog_json.c:753 +#: lib/iolog/iolog_json.c:661 +#, c-format +msgid "json stack exhausted (max %u frames)" +msgstr "json stog je potrošen (max %u okvira)" + +#: lib/iolog/iolog_json.c:735 +msgid "objects must consist of name:value pairs" +msgstr "objekti se moraju sastojati od parova ime:vrijednost" + +#: lib/iolog/iolog_json.c:740 lib/iolog/iolog_json.c:771 +#: lib/iolog/iolog_json.c:815 lib/iolog/iolog_json.c:837 +#: lib/iolog/iolog_json.c:859 lib/iolog/iolog_json.c:881 +#: lib/iolog/iolog_json.c:903 +msgid "missing separator between values" +msgstr "nedostaje separator između vrijednosti" + +#: lib/iolog/iolog_json.c:755 lib/iolog/iolog_json.c:929 msgid "unmatched close brace" msgstr "nesparena zatvorena vitičasta zagrada }" -#: lib/iolog/iolog_json.c:638 +#: lib/iolog/iolog_json.c:766 msgid "unexpected array" msgstr "neočekivano polje" -#: lib/iolog/iolog_json.c:651 lib/iolog/iolog_json.c:755 +#: lib/iolog/iolog_json.c:786 lib/iolog/iolog_json.c:932 msgid "unmatched close bracket" msgstr "nesparena zatvorena uglata zagrada ]" -#: lib/iolog/iolog_json.c:659 +#: lib/iolog/iolog_json.c:797 msgid "unexpected string" msgstr "neočekivani string" -#: lib/iolog/iolog_json.c:669 +#: lib/iolog/iolog_json.c:808 msgid "missing colon after name" msgstr "nedostaje dvotočka iza imena" -#: lib/iolog/iolog_json.c:680 lib/iolog/iolog_json.c:695 -#: lib/iolog/iolog_json.c:710 +#: lib/iolog/iolog_json.c:829 lib/iolog/iolog_json.c:851 msgid "unexpected boolean" msgstr "neočekivana logička operacija (boolean)" -#: lib/iolog/iolog_json.c:726 +#: lib/iolog/iolog_json.c:873 +msgid "unexpected null" +msgstr "neočekivana nula" + +#: lib/iolog/iolog_json.c:894 msgid "unexpected number" msgstr "neočekivani broj" -#: lib/iolog/iolog_json.c:763 -#, c-format -msgid "%s:%u unable to parse \"%s\"" -msgstr "%s:%u nije moguće raščlaniti \"%s\"" +#: lib/iolog/iolog_json.c:941 +msgid "parse error" +msgstr "greška u raščlambi" -#: lib/iolog/iolog_util.c:71 +#: lib/iolog/iolog_legacy.c:65 #, c-format msgid "%s: invalid log file" msgstr "%s: nevaljana dnevnička datoteka" -#: lib/iolog/iolog_util.c:89 +#: lib/iolog/iolog_legacy.c:83 #, c-format msgid "%s: time stamp field is missing" msgstr "%s: nedostaje polje za vremensku oznaku" -#: lib/iolog/iolog_util.c:95 +#: lib/iolog/iolog_legacy.c:89 #, c-format msgid "%s: time stamp %s: %s" msgstr "%s: vremenska oznaka %s: %s" -#: lib/iolog/iolog_util.c:102 +#: lib/iolog/iolog_legacy.c:96 #, c-format msgid "%s: user field is missing" msgstr "%s: nedostaje polje za korisnika" -#: lib/iolog/iolog_util.c:111 +#: lib/iolog/iolog_legacy.c:107 #, c-format msgid "%s: runas user field is missing" msgstr "%s: nedostaje polje za runas-korisnika" -#: lib/iolog/iolog_util.c:120 +#: lib/iolog/iolog_legacy.c:118 #, c-format msgid "%s: runas group field is missing" msgstr "%s: nedostaje polje za runas-grupe" -#: lib/iolog/iolog_util.c:419 +#: lib/iolog/iolog_mkdirs.c:89 +#, c-format +msgid "%s exists but is not a directory (0%o)" +msgstr "%s postoji ali nije direktorij (0%o)" + +#: lib/iolog/iolog_mkdirs.c:119 lib/iolog/iolog_mkdtemp.c:77 +#: logsrvd/iolog_writer.c:807 plugins/sudoers/timestamp.c:205 +#, c-format +msgid "unable to mkdir %s" +msgstr "nije moguće napraviti direktorij %s" + +#: lib/iolog/iolog_mkdtemp.c:81 plugins/sudoers/visudo.c:731 +#: plugins/sudoers/visudo.c:765 plugins/sudoers/visudo.c:771 +#, c-format +msgid "unable to change mode of %s to 0%o" +msgstr "nije moguće promijeniti mȏd od %s na 0%o" + +#: lib/iolog/iolog_timing.c:261 #, c-format msgid "error reading timing file: %s" msgstr "greška pri čitanju tajming datoteke: %s" -#: lib/iolog/iolog_util.c:426 +#: lib/iolog/iolog_timing.c:268 #, c-format msgid "invalid timing file line: %s" msgstr "nevaljani redak u tajming datoteci: %s" -#: logsrvd/iolog_writer.c:919 -msgid "log is already complete, cannot be restarted" -msgstr "dnevnik je već kompletiran -- ne može se ponovno pokrenuti" +#: logsrvd/iolog_writer.c:130 plugins/sudoers/logging.c:803 +#: plugins/sudoers/policy.c:544 +msgid "unable to generate UUID" +msgstr "nije moguće generirati UUID" -#: logsrvd/iolog_writer.c:950 -msgid "unable to restart log" -msgstr "nije moguće ponovno pokrenuti dnevničarenje (logging)" +#: logsrvd/iolog_writer.c:158 logsrvd/iolog_writer.c:176 +#: logsrvd/iolog_writer.c:185 logsrvd/iolog_writer.c:203 +#: logsrvd/iolog_writer.c:216 logsrvd/iolog_writer.c:229 +#: logsrvd/iolog_writer.c:240 logsrvd/iolog_writer.c:247 +#: logsrvd/iolog_writer.c:265 logsrvd/iolog_writer.c:272 +#: logsrvd/iolog_writer.c:290 logsrvd/iolog_writer.c:305 +#: logsrvd/iolog_writer.c:318 logsrvd/iolog_writer.c:331 +#: logsrvd/iolog_writer.c:344 logsrvd/iolog_writer.c:359 +#, c-format +msgid "%s: protocol error: wrong type for %s" +msgstr "%s: greška u protokolu : kriva vrsta za %s" + +#: logsrvd/iolog_writer.c:370 logsrvd/iolog_writer.c:375 +#: logsrvd/iolog_writer.c:380 logsrvd/iolog_writer.c:385 +#, c-format +msgid "%s: protocol error: %s missing from AcceptMessage" +msgstr "%s: greška u protokolu : %s nedostaje u AcceptMessage" -#: logsrvd/logsrv_util.c:99 logsrvd/logsrv_util.c:106 -#: plugins/sudoers/sudoreplay.c:352 plugins/sudoers/sudoreplay.c:358 +#: logsrvd/iolog_writer.c:446 +#, c-format +msgid "%s: unable to format session id" +msgstr "%s: nije moguće oblikovati id sesije" + +#: logsrvd/iolog_writer.c:460 logsrvd/iolog_writer.c:474 +#: logsrvd/iolog_writer.c:488 logsrvd/iolog_writer.c:503 +#: logsrvd/iolog_writer.c:517 logsrvd/iolog_writer.c:531 +#, c-format +msgid "%s: %s is not set" +msgstr "%s: %s nije postavljen" + +#: logsrvd/iolog_writer.c:567 logsrvd/iolog_writer.c:574 +#, c-format +msgid "unable to expand iolog path %s" +msgstr "nije moguće proširiti stazu iolog (I/O FD) %s" + +#: logsrvd/iolog_writer.c:592 +#, c-format +msgid "unable to create iolog path %s" +msgstr "nije moguće stvoriti stazu iolog (I/O FD) %s" + +#: logsrvd/iolog_writer.c:622 +#, c-format +msgid "invalid iofd %d" +msgstr "nevaljani iofd (I/O FD) %d" + +#: logsrvd/iolog_writer.c:642 +#, c-format +msgid "error closing iofd %d: %s" +msgstr "greška pri zatvaranju iofd (I/O FD) %d: %s" + +#: logsrvd/iolog_writer.c:662 +#, c-format +msgid "error flushing iofd %d: %s" +msgstr "greška pri brisanju deskriptora datoteke %d: %s" + +#: logsrvd/iolog_writer.c:777 +#, c-format +msgid "invalid I/O log %s: %s referenced but not present" +msgstr "nevaljani I/O zapis %s: %s ima referenciju ali ne postoji" + +#: logsrvd/iolog_writer.c:789 logsrvd/logsrvd_journal.c:377 +#, c-format +msgid "%s: unable to find resume point [%lld, %ld]" +msgstr "%s: nije moguće naći točku [%lld, %ld] od koje treba nastaviti" + +#: logsrvd/iolog_writer.c:811 logsrvd/logsrvd_journal.c:420 +#: logsrvd/logsrvd_queue.c:110 logsrvd/tls_init.c:245 +#: plugins/sudoers/check.c:274 plugins/sudoers/cvtsudoers.c:727 +#: plugins/sudoers/cvtsudoers.c:748 plugins/sudoers/cvtsudoers.c:1439 +#: plugins/sudoers/cvtsudoers_csv.c:681 plugins/sudoers/cvtsudoers_json.c:885 +#: plugins/sudoers/cvtsudoers_ldif.c:697 plugins/sudoers/sudoers.c:1092 +#: plugins/sudoers/sudoreplay.c:1466 plugins/sudoers/timestamp.c:433 +#: plugins/sudoers/tsdump.c:128 plugins/sudoers/visudo.c:949 +#, c-format +msgid "unable to open %s" +msgstr "nije moguće otvoriti %s" + +#: logsrvd/iolog_writer.c:823 logsrvd/logsrv_util.c:100 +#: logsrvd/logsrv_util.c:107 plugins/sudoers/sudoreplay.c:362 +#: plugins/sudoers/sudoreplay.c:368 #, c-format msgid "unable to open %s/%s" msgstr "nije moguće otvoriti %s/%s" -#: logsrvd/logsrv_util.c:133 +#: logsrvd/iolog_writer.c:836 +#, c-format +msgid "unable to copy %s/%s to %s/%s: %s" +msgstr "nije moguće kopirati %s/%s u %s/%s: %s" + +#: logsrvd/iolog_writer.c:865 logsrvd/logsrvd_journal.c:185 +#, c-format +msgid "unable to rename %s to %s" +msgstr "nije moguće preimenovati %s u %s" + +#: logsrvd/logsrv_util.c:139 logsrvd/logsrv_util.c:168 +#, c-format +msgid "%s/%s: unable to find resume point [%lld, %ld]" +msgstr "%s/%s: nije moguće naći točku [%lld, %ld] od koje treba nastaviti" + +#: logsrvd/logsrv_util.c:151 #, c-format msgid "missing I/O log file %s/%s" msgstr "nema dnevničke datoteke U/I %s/%s" -#: logsrvd/logsrv_util.c:140 +#: logsrvd/logsrv_util.c:158 #, c-format msgid "%s/%s: unable to seek forward %zu" msgstr "%s/%s: nije moguće skočiti naprijed na %zu" -#: logsrvd/logsrv_util.c:150 -#, c-format -msgid "unable to find resume point [%lld, %ld] in %s/%s" -msgstr "nije moguće naći točku [%lld, %ld] u %s/%s od koje treba nastaviti" +#: logsrvd/logsrvd.c:266 logsrvd/logsrvd_queue.c:130 +msgid "unable to connect to relay" +msgstr "nije moguće spojiti se na relej" + +#: logsrvd/logsrvd.c:325 logsrvd/logsrvd_relay.c:835 +#, c-format +msgid "server message too large: %zu" +msgstr "poruka servera je prevelika: %zu" + +#: logsrvd/logsrvd.c:417 logsrvd/logsrvd.c:534 logsrvd/logsrvd.c:613 +#: logsrvd/logsrvd.c:837 logsrvd/logsrvd.c:851 logsrvd/logsrvd.c:1010 +#: logsrvd/logsrvd.c:1134 logsrvd/logsrvd.c:1307 logsrvd/logsrvd.c:1325 +#: logsrvd/logsrvd.c:1423 logsrvd/logsrvd.c:1546 logsrvd/logsrvd.c:1730 +#: logsrvd/logsrvd_journal.c:489 logsrvd/logsrvd_local.c:197 +#: logsrvd/logsrvd_queue.c:159 logsrvd/logsrvd_relay.c:167 +#: logsrvd/logsrvd_relay.c:244 logsrvd/logsrvd_relay.c:248 +#: logsrvd/logsrvd_relay.c:384 logsrvd/logsrvd_relay.c:576 +#: logsrvd/logsrvd_relay.c:737 logsrvd/logsrvd_relay.c:1121 +#: logsrvd/sendlog.c:1316 logsrvd/tls_client.c:131 logsrvd/tls_client.c:147 +#: logsrvd/tls_client.c:209 plugins/sudoers/audit.c:276 +#: plugins/sudoers/iolog.c:963 plugins/sudoers/iolog.c:1096 +#: plugins/sudoers/iolog.c:1194 plugins/sudoers/log_client.c:116 +#: plugins/sudoers/log_client.c:332 plugins/sudoers/log_client.c:348 +#: plugins/sudoers/log_client.c:395 plugins/sudoers/log_client.c:599 +#: plugins/sudoers/log_client.c:606 plugins/sudoers/log_client.c:1131 +#: plugins/sudoers/log_client.c:1413 plugins/sudoers/log_client.c:1454 +#: plugins/sudoers/log_client.c:1462 plugins/sudoers/log_client.c:1618 +#: plugins/sudoers/log_client.c:1734 plugins/sudoers/log_client.c:2054 +#: plugins/sudoers/log_client.c:2062 plugins/sudoers/logging.c:142 +#: plugins/sudoers/logging.c:198 plugins/sudoers/sudoreplay.c:522 +#: plugins/sudoers/sudoreplay.c:569 plugins/sudoers/sudoreplay.c:811 +#: plugins/sudoers/sudoreplay.c:923 plugins/sudoers/sudoreplay.c:1014 +#: plugins/sudoers/sudoreplay.c:1029 plugins/sudoers/sudoreplay.c:1036 +#: plugins/sudoers/sudoreplay.c:1043 plugins/sudoers/sudoreplay.c:1050 +#: plugins/sudoers/sudoreplay.c:1057 plugins/sudoers/sudoreplay.c:1184 +msgid "unable to add event to queue" +msgstr "nije moguće dodati događaj u red čekanja" -#: logsrvd/logsrvd.c:290 logsrvd/logsrvd.c:353 logsrvd/logsrvd.c:394 -#: logsrvd/logsrvd.c:449 logsrvd/logsrvd.c:517 logsrvd/logsrvd.c:568 -#: logsrvd/logsrvd.c:600 logsrvd/logsrvd.c:632 +#: logsrvd/logsrvd.c:441 logsrvd/logsrvd.c:478 logsrvd/logsrvd.c:510 +#: logsrvd/logsrvd.c:558 logsrvd/logsrvd.c:630 logsrvd/logsrvd.c:660 +#: logsrvd/logsrvd.c:690 logsrvd/logsrvd.c:720 logsrvd/logsrvd_relay.c:505 +#: logsrvd/logsrvd_relay.c:538 +#, c-format +msgid "unexpected state %d for %s" +msgstr "neočekivano stanje %d za %s" + +#: logsrvd/logsrvd.c:442 logsrvd/logsrvd.c:479 logsrvd/logsrvd.c:511 +#: logsrvd/logsrvd.c:559 logsrvd/logsrvd.c:631 logsrvd/logsrvd.c:661 +#: logsrvd/logsrvd.c:691 logsrvd/logsrvd.c:721 logsrvd/logsrvd_relay.c:507 +#: logsrvd/logsrvd_relay.c:540 msgid "state machine error" msgstr "greška automata (state machine)" -#: logsrvd/logsrvd.c:299 +#: logsrvd/logsrvd.c:448 logsrvd/logsrvd.c:449 msgid "invalid AcceptMessage" msgstr "nevaljana AcceptMessage" -#: logsrvd/logsrvd.c:307 -msgid "error parsing AcceptMessage" -msgstr "greška pri raščlanivanju AcceptMessage" - -#: logsrvd/logsrvd.c:314 -msgid "error creating I/O log" -msgstr "greška pri stvaranju U/I dnevnika" - -#: logsrvd/logsrvd.c:321 -msgid "error logging accept event" -msgstr "greška pri upisivanju u dnevnik ‘accept’ događaja" - -#: logsrvd/logsrvd.c:362 +#: logsrvd/logsrvd.c:485 logsrvd/logsrvd.c:486 msgid "invalid RejectMessage" msgstr "nevaljani RejectMessage" -#: logsrvd/logsrvd.c:370 -msgid "error parsing RejectMessage" -msgstr "greška pri raščlanivanju RejectMessage-a" - -#: logsrvd/logsrvd.c:376 -msgid "error logging reject event" -msgstr "greška pri upisivanju u dnevnik ‘reject’ događaja" - -#: logsrvd/logsrvd.c:486 +#: logsrvd/logsrvd.c:593 logsrvd/logsrvd.c:594 msgid "invalid AlertMessage" msgstr "nevaljana AlertMessage" -#: logsrvd/logsrvd.c:494 -msgid "error parsing AlertMessage" -msgstr "greška pri raščlanivanju AlertMessage" - -#: logsrvd/logsrvd.c:502 -msgid "error logging alert event" -msgstr "greška pri upisivanju u dnevnik ‘alert’ događaja" +#: logsrvd/logsrvd.c:635 logsrvd/logsrvd.c:665 logsrvd/logsrvd.c:695 +#, c-format +msgid "%s: unexpected IoBuffer" +msgstr "%s: neočekivani IoBuffer" -#: logsrvd/logsrvd.c:523 logsrvd/logsrvd.c:574 logsrvd/logsrvd.c:606 +#: logsrvd/logsrvd.c:636 logsrvd/logsrvd.c:666 logsrvd/logsrvd.c:696 msgid "protocol error" msgstr "greška protokola" -#: logsrvd/logsrvd.c:533 -msgid "error writing IoBuffer" -msgstr "greška pri pisanju IoBuffer-a" - -#: logsrvd/logsrvd.c:585 -msgid "error writing ChangeWindowSize" -msgstr "greška pri pisanju ChangeWindowSize-a" - -#: logsrvd/logsrvd.c:617 -msgid "error writing CommandSuspend" -msgstr "greška pri pisanju CommandSuspend-a" +#: logsrvd/logsrvd.c:791 logsrvd/logsrvd_journal.c:357 +#: logsrvd/logsrvd_local.c:125 logsrvd/logsrvd_relay.c:671 +#, c-format +msgid "unexpected type_case value %d in %s from %s" +msgstr "neočekivana type_case vrijednost %d u %s iz %s" -#: logsrvd/logsrvd.c:702 +#: logsrvd/logsrvd.c:793 msgid "unrecognized ClientMessage type" msgstr "neprepoznata vrsta ClientMessage-a" -#: logsrvd/logsrvd.c:967 -msgid "client message too large" -msgstr "poruka klijenta je preduga" - -#: logsrvd/logsrvd.c:1197 logsrvd/logsrvd.c:1205 -#, c-format -msgid "unable to set TLS 1.2 ciphersuite to %s: %s" -msgstr "nije moguće postaviti ciphersuite na %s: %s" - -#: logsrvd/logsrvd.c:1225 logsrvd/logsrvd.c:1233 +#: logsrvd/logsrvd.c:883 #, c-format -msgid "unable to set TLS 1.3 ciphersuite to %s: %s" -msgstr "nije moguće postaviti TLS 1.3 ciphersuite to %s: %s" +msgid "timed out writing to client %s" +msgstr "vrijeme za pisanje klijentu %s je isteklo" -#: logsrvd/logsrvd.c:1269 +#: logsrvd/logsrvd.c:888 logsrvd/logsrvd_relay.c:907 logsrvd/sendlog.c:1420 #, c-format -msgid "unable to get TLS server method: %s" -msgstr "nije moguće dobiti od servera metodu: %s" +msgid "missing write buffer for client %s" +msgstr "nema međuspremnika za pisanje za %s klijenta" -#: logsrvd/logsrvd.c:1274 +#: logsrvd/logsrvd.c:981 #, c-format -msgid "unable to create TLS context: %s" -msgstr "nije moguće stvoriti TLS kontekst: %s" +msgid "timed out reading from client %s" +msgstr "isteklo je vrijeme za čitanje od %s klijenta" -#: logsrvd/logsrvd.c:1281 plugins/sudoers/log_client.c:236 +#: logsrvd/logsrvd.c:1022 logsrvd/logsrvd_relay.c:771 #, c-format -msgid "unable to load certificate %s" -msgstr "nije moguće učitati certifikate %s" +msgid "EOF from %s without proper TLS shutdown" +msgstr "EOF od %s nije propisno zatvaranje TLS-a" -#: logsrvd/logsrvd.c:1294 plugins/sudoers/log_client.c:216 +#: logsrvd/logsrvd.c:1065 logsrvd/logsrvd_relay.c:200 logsrvd/sendlog.c:317 +#: plugins/sudoers/log_client.c:709 #, c-format -msgid "unable to load certificate authority bundle %s" -msgstr "nije moguće učitati datoteku s certifikatatima (CA bundle) %s" - -#: logsrvd/logsrvd.c:1339 plugins/sudoers/log_client.c:249 -#, c-format -msgid "unable to load private key %s" -msgstr "nije moguće učitati privatni ključ %s" +msgid "client message too large: %zu" +msgstr "poruka klijenta je prevelika: %zu" -#: logsrvd/logsrvd.c:1356 logsrvd/logsrvd.c:1365 -#, c-format -msgid "unable to set diffie-hellman parameters: %s" -msgstr "nije moguće postaviti diffie-hellman parametre: %s" +#: logsrvd/logsrvd.c:1066 logsrvd/logsrvd_journal.c:246 +#: logsrvd/logsrvd_journal.c:247 +msgid "client message too large" +msgstr "poruka klijenta je prevelika" -#: logsrvd/logsrvd.c:1378 -#, c-format -msgid "unable to set minimum protocol version to TLS 1.2: %s" -msgstr "nije mouguće uspostaviti minimalni protokol na TLS 1.2: %s" +#: logsrvd/logsrvd.c:1084 logsrvd/logsrvd.c:1085 +msgid "invalid ClientMessage" +msgstr "nevaljana ClientMessage" -#: logsrvd/logsrvd.c:1563 +#: logsrvd/logsrvd.c:1386 msgid "unable to get remote IP addr" msgstr "nije moguće dobiti udaljenu IP adresu" -#: logsrvd/logsrvd.c:1591 plugins/sudoers/log_client.c:263 +#: logsrvd/logsrvd.c:1415 logsrvd/tls_client.c:196 +#: plugins/sudoers/log_client.c:270 #, c-format msgid "Unable to attach user data to the ssl object: %s" msgstr "Nije moguće prikvačiti podatke korisnika na SSL objekt: %s" -#: logsrvd/logsrvd.c:1599 logsrvd/logsrvd.c:1721 logsrvd/logsrvd.c:1823 -#: logsrvd/sendlog.c:1125 logsrvd/sendlog.c:1481 logsrvd/sendlog.c:1496 -#: logsrvd/sendlog.c:1554 plugins/sudoers/iolog.c:956 -#: plugins/sudoers/iolog.c:1089 plugins/sudoers/iolog.c:1187 -#: plugins/sudoers/log_client.c:109 plugins/sudoers/log_client.c:324 -#: plugins/sudoers/log_client.c:340 plugins/sudoers/log_client.c:386 -#: plugins/sudoers/log_client.c:587 plugins/sudoers/log_client.c:594 -#: plugins/sudoers/log_client.c:1103 plugins/sudoers/log_client.c:1376 -#: plugins/sudoers/log_client.c:1417 plugins/sudoers/log_client.c:1425 -#: plugins/sudoers/log_client.c:1576 plugins/sudoers/log_client.c:1692 -#: plugins/sudoers/log_client.c:2007 plugins/sudoers/log_client.c:2015 -#: plugins/sudoers/sudoreplay.c:512 plugins/sudoers/sudoreplay.c:559 -#: plugins/sudoers/sudoreplay.c:791 plugins/sudoers/sudoreplay.c:903 -#: plugins/sudoers/sudoreplay.c:993 plugins/sudoers/sudoreplay.c:1008 -#: plugins/sudoers/sudoreplay.c:1015 plugins/sudoers/sudoreplay.c:1022 -#: plugins/sudoers/sudoreplay.c:1029 plugins/sudoers/sudoreplay.c:1036 -#: plugins/sudoers/sudoreplay.c:1163 -msgid "unable to add event to queue" -msgstr "nije moguće dodati događaj u red čekanja" - -#: logsrvd/logsrvd.c:1775 logsrvd/logsrvd.c:2011 -msgid "unable setup listen socket" -msgstr "ne moguće uspostaviti priključak za slušanje (listen socket)" +#: logsrvd/logsrvd.c:1596 logsrvd/logsrvd.c:1949 +msgid "unable to setup listen socket" +msgstr "nije moguće postaviti priključak za slušanje (listen socket)" -#: logsrvd/logsrvd.c:1917 logsrvd/sendlog.c:124 +#: logsrvd/logsrvd.c:1713 #, c-format -msgid "" -"%s - send sudo I/O log to remote server\n" -"\n" -msgstr "" -"%s - šalje dnevnik U/I sudo-a na udaljeni server\n" -"\n" +msgid "unexpected signal %d" +msgstr "neočekivani signal %d" -#: logsrvd/logsrvd.c:1920 -msgid "" -"\n" -"Options:\n" -" -f, --file path to configuration file\n" -" -h --help display help message and exit\n" -" -n, --no-fork do not fork, run in the foreground\n" -" -R, --random-drop percent chance connections will drop\n" -" -V, --version display version information and exit\n" -msgstr "" -"\n" -"Opcije:\n" -" -f, --file= staza do konfiguracijske datoteke\n" -" -h, --help pokaže ovu pomoć i iziđe\n" -" -n, --no-fork ne stvara novi proces, nego radi u prednjem planu\n" -" -R, --random-drop postotak šanse da izgubi vezu (drop connection)\n" -" -V, --version informira o inačici ovog programa i iziđe\n" +#: logsrvd/logsrvd.c:1851 +msgid "sudo log server" +msgstr "server sudo dnevnika" + +#: logsrvd/logsrvd.c:1853 logsrvd/sendlog.c:116 +msgid "Options:" +msgstr "Opcije: " -#: logsrvd/logsrvd.c:1972 logsrvd/sendlog.c:1719 +#: logsrvd/logsrvd.c:1855 +msgid "path to configuration file" +msgstr "staza do datoteke s postavkama" + +#: logsrvd/logsrvd.c:1857 logsrvd/sendlog.c:118 +msgid "display help message and exit" +msgstr "prikaže pomoć i iziđe" + +#: logsrvd/logsrvd.c:1859 +msgid "do not fork, run in the foreground" +msgstr "ne stvara novi proces, radi u prednjem planu" + +#: logsrvd/logsrvd.c:1861 +msgid "percent chance connections will drop" +msgstr "postotak šanse da će se veza prekinuti" + +#: logsrvd/logsrvd.c:1863 logsrvd/sendlog.c:148 +msgid "display version information and exit" +msgstr "prikaže podatke o inačici i iziđe" + +#: logsrvd/logsrvd.c:1913 logsrvd/sendlog.c:1725 msgid "Protobuf-C version 1.3 or higher required" -msgstr "potrebna je Protobuf-C inačica 1.3 ili novija" +msgstr "Potrebna je Protobuf-C inačica 1.3 ili novija." -#: logsrvd/logsrvd.c:1990 +#: logsrvd/logsrvd.c:1929 #, c-format msgid "invalid random drop value: %s" msgstr "nevaljana ‘random drop’ vrijednost: %s" -#: logsrvd/logsrvd.c:1994 logsrvd/sendlog.c:1769 -#: plugins/sudoers/cvtsudoers.c:228 plugins/sudoers/sudoreplay.c:299 +#: logsrvd/logsrvd.c:1932 logsrvd/sendlog.c:1779 +#: plugins/sudoers/cvtsudoers.c:246 plugins/sudoers/sudoreplay.c:301 #: plugins/sudoers/visudo.c:177 #, c-format msgid "%s version %s\n" msgstr "%s inačica %s\n" -#: logsrvd/logsrvd_conf.c:331 +#: logsrvd/logsrvd_conf.c:390 plugins/sudoers/check.c:336 +#: plugins/sudoers/exptilde.c:85 plugins/sudoers/iolog.c:118 +#: plugins/sudoers/policy.c:1214 plugins/sudoers/sudoers.c:486 +#: plugins/sudoers/sudoers.c:1347 plugins/sudoers/testsudoers.c:215 +#: plugins/sudoers/testsudoers.c:382 +#, c-format +msgid "unknown user %s" +msgstr "nepoznati korisnik %s" + +#: logsrvd/logsrvd_conf.c:407 plugins/sudoers/iolog.c:143 +#: plugins/sudoers/sudoers.c:491 plugins/sudoers/sudoers.c:1381 +#: plugins/sudoers/testsudoers.c:406 +#, c-format +msgid "unknown group %s" +msgstr "nepoznata grupa %s" + +#: logsrvd/logsrvd_conf.c:425 +#, c-format +msgid "unable to parse iolog mode %s" +msgstr "nije moguće razabrati način %s iolog-a" + +#: logsrvd/logsrvd_conf.c:442 logsrvd/logsrvd_conf.c:1171 +#, c-format +msgid "invalid value for %s: %s" +msgstr "nevaljana vrijednost za %s: %s" + +#: logsrvd/logsrvd_conf.c:481 msgid "TLS not supported" msgstr "TLS nije podržan" -#: logsrvd/logsrvd_conf.c:343 +#: logsrvd/logsrvd_conf.c:503 #, c-format msgid "%s:%s" msgstr "%s:%s" -#: logsrvd/logsrvd_conf.c:409 logsrvd/logsrvd_conf.c:653 +#: logsrvd/logsrvd_conf.c:576 logsrvd/logsrvd_conf.c:970 #, c-format msgid "%s: not a fully qualified path" msgstr "%s: to nije potpuno kvalificirana staza" -#: logsrvd/logsrvd_conf.c:767 +#: logsrvd/logsrvd_conf.c:888 logsrvd/logsrvd_conf.c:904 +#: logsrvd/logsrvd_conf.c:1586 +#, c-format +msgid "unknown syslog facility %s" +msgstr "nepoznati ustroj za syslog (Protokol dnevničarenja sustava): %s" + +#: logsrvd/logsrvd_conf.c:920 logsrvd/logsrvd_conf.c:936 +#: logsrvd/logsrvd_conf.c:952 logsrvd/logsrvd_conf.c:1590 +#: logsrvd/logsrvd_conf.c:1594 logsrvd/logsrvd_conf.c:1598 +#, c-format +msgid "unknown syslog priority %s" +msgstr "nepoznati prioritet %s za protokol dnevnika sustava (syslog)" + +#: logsrvd/logsrvd_conf.c:1132 #, c-format msgid "%s:%d unmatched '[': %s" msgstr "%s:%d ne podudara '[': %s" -#: logsrvd/logsrvd_conf.c:778 +#: logsrvd/logsrvd_conf.c:1143 #, c-format msgid "%s:%d invalid config section: %s" msgstr "%s:%d nevaljana sekcija u konfiguraciji: %s" -#: logsrvd/logsrvd_conf.c:786 +#: logsrvd/logsrvd_conf.c:1151 #, c-format msgid "%s:%d invalid configuration line: %s" msgstr "%s:%d nevaljani redak u konfiguraciji: %s" -#: logsrvd/logsrvd_conf.c:792 +#: logsrvd/logsrvd_conf.c:1157 #, c-format msgid "%s:%d expected section name: %s" msgstr "%s:%d očekivano ime sekcije: %s" -#: logsrvd/logsrvd_conf.c:806 +#: logsrvd/logsrvd_conf.c:1179 #, c-format -msgid "invalid value for %s: %s" -msgstr "nevaljana vrijednost za %s: %s" +msgid "%s:%d [%s] illegal key: %s" +msgstr "%s:%d [%s] nelegalni ključ : %s" -#: logsrvd/logsrvd_conf.c:814 +#: logsrvd/logsrvd_conf.c:1209 plugins/sudoers/cvtsudoers.c:268 +#: plugins/sudoers/logging.c:856 #, c-format -msgid "%s:%d unknown key: %s" -msgstr "%s: %d nepoznati ključ: %s" +msgid "unable to open log file %s" +msgstr "nije moguće otvoriti dnevničku datoteku %s" + +#: logsrvd/logsrvd_conf.c:1666 +msgid "unable to initialize server TLS context" +msgstr "nije moguće inicijalizirati server TLS konteksta" + +#: logsrvd/logsrvd_conf.c:1686 +msgid "unable to initialize relay TLS context" +msgstr "nije moguće inicijalizirati relej SSL konteksta" + +#: logsrvd/logsrvd_journal.c:136 logsrvd/logsrvd_journal.c:416 +#: logsrvd/logsrvd_journal.c:421 +msgid "unable to create journal file" +msgstr "nije moguće stvoriti dnevničku datoteku" -#: logsrvd/logsrvd_conf.c:1003 +#: logsrvd/logsrvd_journal.c:140 logsrvd/logsrvd_queue.c:104 +#: plugins/sudoers/visudo.c:1007 #, c-format -msgid "unknown syslog facility %s" -msgstr "nepoznati ustroj za syslog (Protokol dnevničarenja sustava): %s" +msgid "unable to lock %s" +msgstr "nije moguće zaključati %s" -#: logsrvd/logsrvd_conf.c:1007 logsrvd/logsrvd_conf.c:1011 -#: logsrvd/logsrvd_conf.c:1015 +#: logsrvd/logsrvd_journal.c:143 +msgid "unable to lock journal file" +msgstr "nije moguće zaključati dnevničku datoteku" + +#: logsrvd/logsrvd_journal.c:151 +msgid "unable to open journal file" +msgstr "nije moguće otvoriti dnevničku datoteku" + +#: logsrvd/logsrvd_journal.c:172 logsrvd/logsrvd_journal.c:452 +#: logsrvd/logsrvd_journal.c:457 +msgid "unable to write journal file" +msgstr "nije moguće pisati u dnevničku datoteku" + +#: logsrvd/logsrvd_journal.c:180 logsrvd/logsrvd_journal.c:187 +msgid "unable to rename journal file" +msgstr "nije moguće preimenovati dnevničku datoteku" + +#: logsrvd/logsrvd_journal.c:234 logsrvd/logsrvd_journal.c:235 +#: logsrvd/logsrvd_journal.c:269 logsrvd/logsrvd_journal.c:270 +msgid "unexpected EOF reading journal file" +msgstr "neočekivani EOF pri čitanju dnevnika" + +#: logsrvd/logsrvd_journal.c:238 logsrvd/logsrvd_journal.c:239 +#: logsrvd/logsrvd_journal.c:273 logsrvd/logsrvd_journal.c:274 +msgid "error reading journal file" +msgstr "greška pri čitanju dnevnika" + +#: logsrvd/logsrvd_journal.c:285 logsrvd/logsrvd_journal.c:376 +msgid "invalid journal file, unable to restart" +msgstr "nevaljana datoteka dnevnika, ponovno pokretanje nije uspjelo" + +#: logsrvd/logsrvd_journal.c:435 #, c-format -msgid "unknown syslog priority %s" -msgstr "nepoznati prioritet %s za protokol dnevnika sustava (syslog)" +msgid "unable to seek to [%lld, %ld] in journal file %s" +msgstr "nije moguće skočiti na točku [%lld, %ld] u dnevniku %s" -#: logsrvd/sendlog.c:127 -msgid "" -"\n" -"Options:\n" -" --help display help message and exit\n" -" -A, --accept only send an accept event (no I/O)\n" -" -h, --host host to send logs to\n" -" -i, --iolog_id remote ID of I/O log to be resumed\n" -" -p, --port port to use when connecting to host\n" -" -r, --restart restart previous I/O log transfer\n" -" -R, --reject reject the command with the given reason\n" -" -b, --ca-bundle certificate bundle file to verify server's cert against\n" -" -c, --cert certificate file for TLS handshake\n" -" -k, --key private key file\n" -" -n, --no-verify do not verify server certificate\n" -" -t, --test test audit server by sending selected I/O log n times in parallel\n" -" -V, --version display version information and exit\n" -msgstr "" -"\n" -"Options:\n" -" --help pokaže ovu pomoć i iziđe\n" -" -A, --accept only send an accept event (no I/O)\n" -" -h, --host host (računalo) kojemu se šalje dnevnik\n" -" -i, --iolog_id udaljeni ID od U/I dnevnika koji treba nastaviti\n" -" -p, --port port koji će se koristiti za spajanje na hosta\n" -" -r, --restart ponovi prethodni prijenos U/I dnevnika\n" -" -b, --ca-bundle datoteka s paketom certifikata (CA) za provjeru\n" -" certifikata servera\n" -" -c, --cert certificat datoteka za TLS rukovanje (handshake)\n" -" -k, --key datoteka s privatnim (tajnim) ključem (private key)\n" -" -t, --test testira revizijski server tako da paralelno\n" -" pošalje ‘n’ puta U/I dnevnik\n" -" -V, --version informira o inačici ovog programa i iziđe\n" +#: logsrvd/logsrvd_local.c:153 +msgid "error parsing AcceptMessage" +msgstr "greška pri raščlanivanju AcceptMessage" + +#: logsrvd/logsrvd_local.c:164 +msgid "error creating I/O log" +msgstr "greška pri stvaranju U/I dnevnika" + +#: logsrvd/logsrvd_local.c:187 +msgid "error logging accept event" +msgstr "greška pri upisivanju u dnevnik ‘accept’ događaja" + +#: logsrvd/logsrvd_local.c:226 +msgid "error parsing RejectMessage" +msgstr "greška pri raščlanivanju RejectMessage-a" + +#: logsrvd/logsrvd_local.c:250 +msgid "error logging reject event" +msgstr "greška pri upisivanju u dnevnik ‘reject’ događaja" + +#: logsrvd/logsrvd_local.c:386 logsrvd/logsrvd_local.c:394 +msgid "error logging exit event" +msgstr "greška pri upisivanju u dnevnik exit događaja" + +#: logsrvd/logsrvd_local.c:451 logsrvd/logsrvd_local.c:452 +msgid "log is already complete, cannot be restarted" +msgstr "dnevnik je već kompletiran -- ne može se ponovno pokrenuti" + +#: logsrvd/logsrvd_local.c:482 +msgid "unable to restart log" +msgstr "nije moguće ponovno pokrenuti dnevničarenje (logging)" + +#: logsrvd/logsrvd_local.c:498 +msgid "error parsing AlertMessage" +msgstr "greška pri raščlanivanju AlertMessage" + +#: logsrvd/logsrvd_local.c:508 +msgid "error logging alert event" +msgstr "greška pri upisivanju u dnevnik ‘alert’ događaja" + +#: logsrvd/logsrvd_local.c:543 logsrvd/logsrvd_local.c:596 +#: logsrvd/logsrvd_local.c:631 +#, c-format +msgid "unable to format timing buffer, length %d" +msgstr "nije moguće oblikovati vremenski spremnik, dužine %d" + +#: logsrvd/logsrvd_local.c:550 logsrvd/logsrvd_local.c:558 +#: logsrvd/logsrvd_local.c:603 logsrvd/logsrvd_local.c:638 +#: plugins/sudoers/sudoreplay.c:351 +#, c-format +msgid "%s/%s: %s" +msgstr "%s/%s: %s" + +#: logsrvd/logsrvd_local.c:578 +msgid "error writing IoBuffer" +msgstr "greška pri pisanju IoBuffer-a" + +#: logsrvd/logsrvd_local.c:613 +msgid "error writing ChangeWindowSize" +msgstr "greška pri pisanju ChangeWindowSize-a" + +#: logsrvd/logsrvd_local.c:648 +msgid "error writing CommandSuspend" +msgstr "greška pri pisanju CommandSuspend-a" + +#: logsrvd/logsrvd_relay.c:430 +msgid "TLS handshake with relay host failed" +msgstr "TLS rukovanje s hostom releja nije uspjelo" + +#: logsrvd/logsrvd_relay.c:458 +msgid "unable to connect to relay host" +msgstr "nije moguće spojiti se na host releja" + +#: logsrvd/logsrvd_relay.c:513 +#, c-format +msgid "%s: invalid ServerHello, missing server_id" +msgstr "%s: nevaljani ServerHello, nedostaje server_id" + +#: logsrvd/logsrvd_relay.c:515 logsrvd/sendlog.c:1121 +#: plugins/sudoers/log_client.c:1497 +msgid "invalid ServerHello" +msgstr "nevaljani ServerHello" + +#: logsrvd/logsrvd_relay.c:674 +msgid "unrecognized ServerMessage type" +msgstr "neprepoznata vrsta ServerMessage" -#: logsrvd/sendlog.c:164 plugins/sudoers/log_client.c:432 +#: logsrvd/logsrvd_relay.c:703 +#, c-format +msgid "timed out reading from relay %s (%s)" +msgstr "isteklo je vrijeme za čitanje iz releja %s (%s)" + +#: logsrvd/logsrvd_relay.c:705 +msgid "timeout reading from relay" +msgstr "isteklo je vrijeme za čitanje iz releja" + +#: logsrvd/logsrvd_relay.c:757 +msgid "relay host name does not match certificate" +msgstr "ime hosta releja se ne slaže s certifikatom" + +#: logsrvd/logsrvd_relay.c:763 logsrvd/logsrvd_relay.c:776 +#: logsrvd/logsrvd_relay.c:782 +msgid "error reading from relay" +msgstr "greška čitanja iz releja" + +#: logsrvd/logsrvd_relay.c:803 +msgid "unable to read from relay" +msgstr "nije moguće čitati iz releja" + +#: logsrvd/logsrvd_relay.c:818 logsrvd/logsrvd_relay.c:936 +msgid "relay server closed connection" +msgstr "server releja je prekinuo vezu" + +#: logsrvd/logsrvd_relay.c:836 +msgid "server message too large" +msgstr "poruka servera je prevelika" + +#: logsrvd/logsrvd_relay.c:900 +#, c-format +msgid "timed out writing to relay %s (%s)" +msgstr "vrijeme za pisanje na relej %s (%s) je isteklo" + +#: logsrvd/logsrvd_relay.c:902 +msgid "timeout writing to relay" +msgstr "vrijeme za pisanje na relej je isteklo" + +#: logsrvd/logsrvd_relay.c:955 logsrvd/logsrvd_relay.c:961 +#: logsrvd/logsrvd_relay.c:971 +msgid "error writing to relay" +msgstr "greška pri pisanju na relej" + +#: logsrvd/sendlog.c:114 +msgid "send sudo I/O log to remote server" +msgstr "pošalje sudo I/O dnevnik na udaljeni poslužitelj" + +#: logsrvd/sendlog.c:120 +msgid "only send an accept event (no I/O)" +msgstr "pošalje samo prihvaćene događaje (ne i I/O)" + +#: logsrvd/sendlog.c:123 +msgid "certificate bundle file to verify server's cert against" +msgstr "datoteka snopa certifikata radi provjere certifikata servera" + +#: logsrvd/sendlog.c:125 +msgid "certificate file for TLS handshake" +msgstr "datoteka certifikata za TLS rukovanje" + +#: logsrvd/sendlog.c:128 +msgid "host to send logs to" +msgstr "host kojem se šalje dnevnik" + +#: logsrvd/sendlog.c:130 +msgid "remote ID of I/O log to be resumed" +msgstr "udaljeni ID I/O dnevnika koji treba nastaviti" + +#: logsrvd/sendlog.c:133 +msgid "private key file" +msgstr "datoteka privatnog ključa" + +#: logsrvd/sendlog.c:135 +msgid "do not verify server certificate" +msgstr "ne provjerava certifikat servera" + +#: logsrvd/sendlog.c:138 +msgid "port to use when connecting to host" +msgstr "koristi taj port za spajanje na hosta" + +#: logsrvd/sendlog.c:140 +msgid "restart previous I/O log transfer" +msgstr "ponovno pokrene prethodni prijenos I/O dnevnika" + +#: logsrvd/sendlog.c:142 +msgid "reject the command with the given reason" +msgstr "odbije naredbu s navedenim razlogom" + +#: logsrvd/sendlog.c:144 +msgid "stop transfer after reaching this time" +msgstr "zaustavi prijenos nakon tog vremena" + +#: logsrvd/sendlog.c:146 +msgid "test audit server by sending selected I/O log n times in parallel" +msgstr "testira revizijski server slanjem odabranih zapisa I/O dnevnika paralelno n puta" + +#: logsrvd/sendlog.c:171 plugins/sudoers/log_client.c:441 #, c-format msgid "unable to look up %s:%s: %s" msgstr "nije moguće potražiti %s:%s: %s" -#: logsrvd/sendlog.c:202 +#: logsrvd/sendlog.c:209 msgid "unable to get server IP addr" msgstr "nije moguće dobiti IP adresu servera" -#: logsrvd/sendlog.c:256 plugins/sudoers/sudoreplay.c:851 +#: logsrvd/sendlog.c:295 plugins/sudoers/sudoreplay.c:871 #, c-format msgid "unable to read %s/%s: %s" msgstr "nije moguće učitati %s/%s: %s" -#: logsrvd/sendlog.c:277 plugins/sudoers/log_client.c:694 -#, c-format -msgid "client message too large: %zu" -msgstr "poruka klijenta je preduga: %zu" - -#: logsrvd/sendlog.c:810 -#, c-format -msgid "%s: write buffer already in use" -msgstr "%s: međuspremnik za pisanje je zauzet" - -#: logsrvd/sendlog.c:862 plugins/sudoers/iolog.c:880 -#: plugins/sudoers/iolog.c:949 +#: logsrvd/sendlog.c:1045 plugins/sudoers/iolog.c:887 +#: plugins/sudoers/iolog.c:956 #, c-format msgid "unexpected I/O event %d" msgstr "neočekivani U/I događaj %d" -#: logsrvd/sendlog.c:908 logsrvd/sendlog.c:925 logsrvd/sendlog.c:959 -#: plugins/sudoers/log_client.c:1118 plugins/sudoers/log_client.c:1386 -#: plugins/sudoers/log_client.c:1454 plugins/sudoers/log_client.c:1490 +#: logsrvd/sendlog.c:1098 logsrvd/sendlog.c:1115 logsrvd/sendlog.c:1149 +#: plugins/sudoers/log_client.c:1146 plugins/sudoers/log_client.c:1423 +#: plugins/sudoers/log_client.c:1491 plugins/sudoers/log_client.c:1530 #, c-format msgid "%s: unexpected state %d" msgstr "%s: neočekivano stanje %d" -#: logsrvd/sendlog.c:931 plugins/sudoers/log_client.c:1460 -msgid "invalid ServerHello" -msgstr "nevaljani ServerHello" - -#: logsrvd/sendlog.c:995 plugins/sudoers/log_client.c:1534 +#: logsrvd/sendlog.c:1185 plugins/sudoers/log_client.c:1576 #, c-format msgid "error message received from server: %s" msgstr "primljena je poruka o greškama od servera: %s" -#: logsrvd/sendlog.c:1008 plugins/sudoers/log_client.c:1547 +#: logsrvd/sendlog.c:1198 plugins/sudoers/log_client.c:1589 #, c-format msgid "abort message received from server: %s" msgstr "primljena je poruka za prekid (abort) od servera: %s" -#: logsrvd/sendlog.c:1027 plugins/sudoers/log_client.c:1566 -msgid "unable to unpack ServerMessage" -msgstr "nije moguće raspakirati ServerMessage" - -#: logsrvd/sendlog.c:1067 plugins/sudoers/log_client.c:1597 +#: logsrvd/sendlog.c:1257 plugins/sudoers/log_client.c:1639 #, c-format msgid "%s: unexpected type_case value %d" msgstr "%s: neočekivana ‘type_case’ vrijednost za %d" -#: logsrvd/sendlog.c:1096 +#: logsrvd/sendlog.c:1286 msgid "timeout reading from server" msgstr "isteklo je vrijeme za čitanje iz servera" -#: logsrvd/sendlog.c:1174 +#: logsrvd/sendlog.c:1368 msgid "premature EOF" msgstr "preuranjeni EOF (kraj datoteke)" -#: logsrvd/sendlog.c:1187 plugins/sudoers/log_client.c:1751 +#: logsrvd/sendlog.c:1381 plugins/sudoers/log_client.c:1800 #, c-format msgid "server message too large: %u" -msgstr "poruka servera je preduga: %u" +msgstr "poruka servera je prevelika: %u" -#: logsrvd/sendlog.c:1238 +#: logsrvd/sendlog.c:1437 msgid "timeout writing to server" msgstr "isteklo je vrijeme za pisanje na server" -#: logsrvd/sendlog.c:1457 plugins/sudoers/log_client.c:296 +#: logsrvd/sendlog.c:1802 +msgid "both restart point and iolog ID must be specified" +msgstr "i točka za ponovno pokretanje i iolog ID moraju biti specificirani" + +#: logsrvd/sendlog.c:1806 +msgid "a restart point may not be set when no I/O is sent" +msgstr "ako se ne pošalje U/I (I/O), ponovno uspostavljanje možda neće uspjeti" + +#: logsrvd/sendlog.c:1882 +#, c-format +msgid "exited prematurely with state %d" +msgstr "preuranjeni završetak (izlaz) sa stanjem %d" + +#: logsrvd/sendlog.c:1883 +#, c-format +msgid "elapsed time sent to server [%lld, %ld]" +msgstr "proteklo vrijeme poslano je na server [%lld, %ld]" + +#: logsrvd/sendlog.c:1885 +#, c-format +msgid "commit point received from server [%lld, %ld]" +msgstr "potvrđena točka primljena je od servera [%lld, %ld]" + +#: logsrvd/tls_client.c:106 plugins/sudoers/log_client.c:304 msgid "TLS handshake timeout occurred" -msgstr "vrijeme za TLS rukovanje je isteklo" +msgstr "Vrijeme za TLS rukovanje je isteklo." -#: logsrvd/sendlog.c:1476 logsrvd/sendlog.c:1491 -#: plugins/sudoers/log_client.c:318 plugins/sudoers/log_client.c:334 +#: logsrvd/tls_client.c:126 logsrvd/tls_client.c:142 +#: plugins/sudoers/log_client.c:326 plugins/sudoers/log_client.c:342 msgid "unable to set event" msgstr "nije moguće uspostaviti događaj" -#: logsrvd/sendlog.c:1501 logsrvd/sendlog.c:1505 +#: logsrvd/tls_client.c:152 logsrvd/tls_client.c:156 #, c-format msgid "TLS connection failed: %s" msgstr "TLS spajanje nije uspjelo: %s" -#: logsrvd/sendlog.c:1538 -#, c-format -msgid "Unable to initialize ssl context: %s" -msgstr "Nije moguće inicijalizirati SSL kontekst: %s" - -#: logsrvd/sendlog.c:1543 plugins/sudoers/log_client.c:258 +#: logsrvd/tls_client.c:190 #, c-format -msgid "Unable to allocate ssl object: %s" -msgstr "Nije uspjelo dodijeliti memoriju za SSL objekt: %s" +msgid "unable to allocate ssl object: %s" +msgstr "nije uspjelo dodijeliti memoriju za SSL objekt: %s" -#: logsrvd/sendlog.c:1548 +#: logsrvd/tls_client.c:203 #, c-format msgid "Unable to attach socket to the ssl object: %s" msgstr "Nije uspjelo prikvačiti utičnicu na SSL objekt: %s" -#: logsrvd/sendlog.c:1792 -msgid "both restart point and iolog ID must be specified" -msgstr "i točka za ponovno pokretanje i iolog ID moraju biti specificirani" +#: logsrvd/tls_client.c:231 +msgid "unable to initialize TLS context" +msgstr "nije moguće inicijalizirati TLS konteks" -#: logsrvd/sendlog.c:1796 -msgid "a restart point may not be set when no I/O is sent" -msgstr "ako se ne pošalje U/I (I/O), ponovno uspostavljanje možda neće uspjeti" +#: logsrvd/tls_init.c:127 logsrvd/tls_init.c:135 +#, c-format +msgid "unable to set TLS 1.2 ciphersuite to %s: %s" +msgstr "nije moguće postaviti ciphersuite na %s: %s" -#: logsrvd/sendlog.c:1871 +#: logsrvd/tls_init.c:155 logsrvd/tls_init.c:163 #, c-format -msgid "exited prematurely with state %d" -msgstr "preuranjeni završetak (izlaz) sa stanjem %d" +msgid "unable to set TLS 1.3 ciphersuite to %s: %s" +msgstr "nije moguće postaviti TLS 1.3 ciphersuite to %s: %s" -#: logsrvd/sendlog.c:1872 +#: logsrvd/tls_init.c:195 logsrvd/tls_init.c:216 #, c-format -msgid "elapsed time sent to server [%lld, %ld]" -msgstr "proteklo vrijeme poslano je na server [%lld, %ld]" +msgid "unable to set diffie-hellman parameters: %s" +msgstr "nije moguće postaviti diffie-hellman parametre: %s" -#: logsrvd/sendlog.c:1874 +#: logsrvd/tls_init.c:272 #, c-format -msgid "commit point received from server [%lld, %ld]" -msgstr "potvrđena točka primljena je od servera [%lld, %ld]" +msgid "unable to create TLS context: %s" +msgstr "nije moguće stvoriti TLS kontekst: %s" -#: plugins/sudoers/alias.c:148 +#: logsrvd/tls_init.c:278 #, c-format -msgid "Alias \"%s\" already defined" -msgstr "Alias „%s“ je već ranije definiran" +msgid "unable to set minimum protocol version to TLS 1.2: %s" +msgstr "nije mouguće uspostaviti minimalni protokol na TLS 1.2: %s" -#: plugins/sudoers/audit.c:206 plugins/sudoers/audit.c:343 -#: plugins/sudoers/log_client.c:954 plugins/sudoers/log_client.c:1002 -#: plugins/sudoers/log_client.c:1050 plugins/sudoers/log_client.c:1175 -#: plugins/sudoers/logging.c:548 plugins/sudoers/policy.c:114 +#: plugins/sudoers/audit.c:267 plugins/sudoers/audit.c:419 +#: plugins/sudoers/log_client.c:979 plugins/sudoers/log_client.c:1028 +#: plugins/sudoers/log_client.c:1077 plugins/sudoers/log_client.c:1203 +#: plugins/sudoers/logging.c:551 plugins/sudoers/logging.c:648 +#: plugins/sudoers/logging.c:810 plugins/sudoers/policy.c:123 msgid "unable to get time of day" msgstr "nije moguće dobiti doba dana (trenutno vrijeme)" @@ -915,45 +1345,45 @@ msgid "unable to change password for %s" msgstr "nije moguće promijeniti lozinku za %s" -#: plugins/sudoers/auth/bsdauth.c:70 +#: plugins/sudoers/auth/bsdauth.c:74 #, c-format msgid "unable to get login class for user %s" msgstr "nije moguće dobiti razred klasu korisnika %s" -#: plugins/sudoers/auth/bsdauth.c:75 +#: plugins/sudoers/auth/bsdauth.c:79 msgid "unable to begin bsd authentication" msgstr "nije moguće početi s BSD autentifikacijom" -#: plugins/sudoers/auth/bsdauth.c:83 +#: plugins/sudoers/auth/bsdauth.c:87 msgid "invalid authentication type" msgstr "nevaljana vrsta autentifikacije" -#: plugins/sudoers/auth/bsdauth.c:92 +#: plugins/sudoers/auth/bsdauth.c:96 msgid "unable to initialize BSD authentication" msgstr "nije moguće inicijalizirati BSD autentifikaciju" -#: plugins/sudoers/auth/bsdauth.c:179 +#: plugins/sudoers/auth/bsdauth.c:183 msgid "your account has expired" msgstr "vaš račun nije valjan, istekao je" -#: plugins/sudoers/auth/bsdauth.c:181 +#: plugins/sudoers/auth/bsdauth.c:185 msgid "approval failed" msgstr "odobrenje nije uspjelo" -#: plugins/sudoers/auth/fwtk.c:54 +#: plugins/sudoers/auth/fwtk.c:58 msgid "unable to read fwtk config" msgstr "nije moguće pročitati konfiguraciju FWTK" -#: plugins/sudoers/auth/fwtk.c:59 +#: plugins/sudoers/auth/fwtk.c:63 msgid "unable to connect to authentication server" msgstr "nije moguće spojiti se na server za autentifikaciju" -#: plugins/sudoers/auth/fwtk.c:65 plugins/sudoers/auth/fwtk.c:89 -#: plugins/sudoers/auth/fwtk.c:121 +#: plugins/sudoers/auth/fwtk.c:69 plugins/sudoers/auth/fwtk.c:94 +#: plugins/sudoers/auth/fwtk.c:126 msgid "lost connection to authentication server" msgstr "veza sa serverom za autentifikaciju je prekinuta (izgubljena)" -#: plugins/sudoers/auth/fwtk.c:69 +#: plugins/sudoers/auth/fwtk.c:73 #, c-format msgid "" "authentication server error:\n" @@ -967,83 +1397,83 @@ msgid "%s: unable to convert principal to string ('%s'): %s" msgstr "%s: nije moguće pretvoriti principala u string (‘%s’): %s" -#: plugins/sudoers/auth/kerb5.c:160 +#: plugins/sudoers/auth/kerb5.c:162 #, c-format msgid "%s: unable to parse '%s': %s" msgstr "%s: nije moguće raščlaniti ‘%s’: %s" -#: plugins/sudoers/auth/kerb5.c:169 +#: plugins/sudoers/auth/kerb5.c:171 #, c-format msgid "%s: unable to resolve credential cache: %s" msgstr "%s: nije moguće naći verifikacijsku predmemoriju: %s" -#: plugins/sudoers/auth/kerb5.c:216 +#: plugins/sudoers/auth/kerb5.c:220 #, c-format msgid "%s: unable to allocate options: %s" msgstr "%s: nije moguće dodijeliti opcije: %s" -#: plugins/sudoers/auth/kerb5.c:231 +#: plugins/sudoers/auth/kerb5.c:235 #, c-format msgid "%s: unable to get credentials: %s" msgstr "%s: nije moguće dobiti verifikaciju: %s" -#: plugins/sudoers/auth/kerb5.c:244 +#: plugins/sudoers/auth/kerb5.c:248 #, c-format msgid "%s: unable to initialize credential cache: %s" msgstr "%s: nije moguće inicijalizirati verifikacijsku predmemoriju: %s" -#: plugins/sudoers/auth/kerb5.c:247 +#: plugins/sudoers/auth/kerb5.c:251 #, c-format msgid "%s: unable to store credential in cache: %s" msgstr "%s: nije moguće spremiti verifikaciju u predmemoriju: %s" -#: plugins/sudoers/auth/kerb5.c:311 +#: plugins/sudoers/auth/kerb5.c:315 #, c-format msgid "%s: unable to get host principal: %s" msgstr "%s: nije moguće dobiti principala: %s" -#: plugins/sudoers/auth/kerb5.c:325 +#: plugins/sudoers/auth/kerb5.c:329 #, c-format msgid "%s: Cannot verify TGT! Possible attack!: %s" msgstr "%s: Nije moguće provjeriti TGT! Mogući napad!: %s" -#: plugins/sudoers/auth/pam.c:218 +#: plugins/sudoers/auth/pam.c:216 #, c-format msgid "unable to initialize PAM: %s" msgstr "nije moguće inicijalizirati PAM: %s" -#: plugins/sudoers/auth/pam.c:317 +#: plugins/sudoers/auth/pam.c:338 #, c-format msgid "PAM authentication error: %s" msgstr "Greška PAM autentifikacije: %s" -#: plugins/sudoers/auth/pam.c:336 +#: plugins/sudoers/auth/pam.c:357 msgid "account validation failure, is your account locked?" msgstr "provjera valjanosti računa nije uspjela, je li vaš račun zaključan?" -#: plugins/sudoers/auth/pam.c:347 +#: plugins/sudoers/auth/pam.c:368 msgid "Account or password is expired, reset your password and try again" msgstr "Račun ili lozinka su istekli, postavite novu lozinku i pokušajte ponovo." -#: plugins/sudoers/auth/pam.c:353 +#: plugins/sudoers/auth/pam.c:374 #, c-format msgid "unable to change expired password: %s" msgstr "nije moguće promijeniti zastarjelu lozinku: %s" -#: plugins/sudoers/auth/pam.c:364 +#: plugins/sudoers/auth/pam.c:385 msgid "Password expired, contact your system administrator" msgstr "Lozinka je istekla, javite se vašem administratoru sustava." -#: plugins/sudoers/auth/pam.c:369 +#: plugins/sudoers/auth/pam.c:390 msgid "Account expired or PAM config lacks an \"account\" section for sudo, contact your system administrator" msgstr "Račun je istekao ili PAM konfiguracija nema sekciju ‘account’ za sudo, javite se vašem administratoru sustava." -#: plugins/sudoers/auth/pam.c:377 plugins/sudoers/auth/pam.c:382 +#: plugins/sudoers/auth/pam.c:398 plugins/sudoers/auth/pam.c:403 #, c-format msgid "PAM account management error: %s" msgstr "Pogreška u upravljanju PAM računom: %s" -#: plugins/sudoers/auth/rfc1938.c:99 plugins/sudoers/visudo.c:243 +#: plugins/sudoers/auth/rfc1938.c:99 plugins/sudoers/visudo.c:255 #, c-format msgid "you do not exist in the %s database" msgstr "vas nema u %s bazi podataka" @@ -1052,31 +1482,31 @@ msgid "failed to initialise the ACE API library" msgstr "nije uspjelo inicijalizirati ACE API biblioteku" -#: plugins/sudoers/auth/securid5.c:98 +#: plugins/sudoers/auth/securid5.c:103 msgid "unable to contact the SecurID server" msgstr "nije moguće uspostaviti vezu sa serverom za SecurID" -#: plugins/sudoers/auth/securid5.c:107 +#: plugins/sudoers/auth/securid5.c:112 msgid "User ID locked for SecurID Authentication" msgstr "Korisnikov ID je zaključan za SecurID provjeru autentičnosti." -#: plugins/sudoers/auth/securid5.c:111 plugins/sudoers/auth/securid5.c:162 +#: plugins/sudoers/auth/securid5.c:116 plugins/sudoers/auth/securid5.c:167 msgid "invalid username length for SecurID" msgstr "nevaljana duljina imena korisnika za SecurID" -#: plugins/sudoers/auth/securid5.c:115 plugins/sudoers/auth/securid5.c:167 +#: plugins/sudoers/auth/securid5.c:120 plugins/sudoers/auth/securid5.c:172 msgid "invalid Authentication Handle for SecurID" msgstr "nevaljani autentifikacijski token za SecurID" -#: plugins/sudoers/auth/securid5.c:119 +#: plugins/sudoers/auth/securid5.c:124 msgid "SecurID communication failed" msgstr "SecurID komunikacija nije uspjela" -#: plugins/sudoers/auth/securid5.c:123 plugins/sudoers/auth/securid5.c:210 +#: plugins/sudoers/auth/securid5.c:128 plugins/sudoers/auth/securid5.c:215 msgid "unknown SecurID error" msgstr "nepoznata SecurID greška" -#: plugins/sudoers/auth/securid5.c:157 +#: plugins/sudoers/auth/securid5.c:162 msgid "invalid passcode length for SecurID" msgstr "nevaljana duljina lozinke za SecurID" @@ -1116,7 +1546,17 @@ msgid "unable to commit audit record" msgstr "revizijski izvještaj nije bilo moguće zapisati na disk" -#: plugins/sudoers/check.c:258 +#: plugins/sudoers/check.c:264 +#, c-format +msgid "error reading lecture file %s" +msgstr "greška pri čitanju datoteke s prodikom: %s" + +#: plugins/sudoers/check.c:270 +#, c-format +msgid "ignoring lecture file %s: not a regular file" +msgstr "zanemari datoteku s prodikom %s: nije regularna datoteka" + +#: plugins/sudoers/check.c:283 msgid "" "\n" "We trust you have received the usual lecture from the local System\n" @@ -1136,118 +1576,122 @@ " #3) S velikim moćima dolazi velika odgovornost.\n" "\n" -#: plugins/sudoers/check.c:301 plugins/sudoers/check.c:311 -#: plugins/sudoers/sudoers.c:837 plugins/sudoers/sudoers.c:858 +#: plugins/sudoers/check.c:331 plugins/sudoers/check.c:341 +#: plugins/sudoers/sudoers.c:885 plugins/sudoers/sudoers.c:906 #: plugins/sudoers/tsdump.c:119 #, c-format -msgid "unknown uid: %u" -msgstr "nepoznati UID: %u" +msgid "unknown uid %u" +msgstr "nepoznati UID %u" + +#: plugins/sudoers/check_aliases.c:92 +#, c-format +msgid "Error: %s:%d:%d: cycle in %s \"%s\"" +msgstr "Greška: %s:%d:%d: ciklus u %s „%s“" + +#: plugins/sudoers/check_aliases.c:93 +#, c-format +msgid "Warning: %s:%d:%d: cycle in %s \"%s\"" +msgstr "Upozorenje: %s:%d:%d: ciklus u %s „%s“" + +#: plugins/sudoers/check_aliases.c:97 +#, c-format +msgid "Error: %s:%d:%d: %s \"%s\" referenced but not defined" +msgstr "Greška: %s:%d:%d %s „%s“ je referenciran ali nije definiran" -#: plugins/sudoers/check.c:306 plugins/sudoers/exptilde.c:85 -#: plugins/sudoers/iolog.c:118 plugins/sudoers/policy.c:1088 -#: plugins/sudoers/sudoers.c:440 plugins/sudoers/sudoers.c:1307 -#: plugins/sudoers/testsudoers.c:219 plugins/sudoers/testsudoers.c:386 +#: plugins/sudoers/check_aliases.c:98 #, c-format -msgid "unknown user: %s" -msgstr "nepoznati korisnik: %s" +msgid "Warning: %s:%d:%d: %s \"%s\" referenced but not defined" +msgstr "Upozorenje: %s:%d:%d %s „%s“ je referenciran ali nije definiran" -#: plugins/sudoers/cvtsudoers.c:194 +#: plugins/sudoers/cvtsudoers.c:209 #, c-format msgid "order increment: %s: %s" msgstr "inkrement redoslijeda (order): %s: %s" -#: plugins/sudoers/cvtsudoers.c:210 +#: plugins/sudoers/cvtsudoers.c:228 #, c-format msgid "starting order: %s: %s" msgstr "početni redoslijed (order): %s: %s" -#: plugins/sudoers/cvtsudoers.c:220 +#: plugins/sudoers/cvtsudoers.c:238 #, c-format msgid "order padding: %s: %s" msgstr "ispuna redoslijeda (order): %s: %s" -#: plugins/sudoers/cvtsudoers.c:230 plugins/sudoers/visudo.c:179 +#: plugins/sudoers/cvtsudoers.c:248 plugins/sudoers/visudo.c:179 #, c-format msgid "%s grammar version %d\n" msgstr "%s inačica gramatike %d\n" -#: plugins/sudoers/cvtsudoers.c:247 plugins/sudoers/testsudoers.c:167 +#: plugins/sudoers/cvtsudoers.c:277 plugins/sudoers/testsudoers.c:159 #, c-format msgid "unsupported input format %s" msgstr "nepodržani ulazni formata %s" -#: plugins/sudoers/cvtsudoers.c:262 +#: plugins/sudoers/cvtsudoers.c:295 #, c-format msgid "unsupported output format %s" msgstr "nepodržani izlazni format %s" -#: plugins/sudoers/cvtsudoers.c:314 +#: plugins/sudoers/cvtsudoers.c:385 #, c-format msgid "%s: input and output files must be different" msgstr "%s: ulazna i izlazna datoteka moraju biti različite datoteke" -#: plugins/sudoers/cvtsudoers.c:330 plugins/sudoers/sudoers.c:178 -#: plugins/sudoers/testsudoers.c:258 plugins/sudoers/visudo.c:249 -#: plugins/sudoers/visudo.c:603 plugins/sudoers/visudo.c:926 +#: plugins/sudoers/cvtsudoers.c:399 plugins/sudoers/sudoers.c:159 +#: plugins/sudoers/sudoers.c:205 plugins/sudoers/testsudoers.c:254 +#: plugins/sudoers/visudo.c:261 plugins/sudoers/visudo.c:620 +#: plugins/sudoers/visudo.c:953 msgid "unable to initialize sudoers default values" msgstr "nije moguće inicijalizirati zadane vrijednosti sudoers" -#: plugins/sudoers/cvtsudoers.c:416 plugins/sudoers/ldap_conf.c:431 +#: plugins/sudoers/cvtsudoers.c:522 plugins/sudoers/ldap_conf.c:431 #, c-format msgid "%s: %s: %s: %s" msgstr "%s: %s: %s: %s" -#: plugins/sudoers/cvtsudoers.c:475 +#: plugins/sudoers/cvtsudoers.c:581 #, c-format -msgid "%s: unknown key word: %s" -msgstr "%s: nepoznata ključna riječ: %s" +msgid "%s: unknown key word %s" +msgstr "%s: nepoznata ključna riječ %s" -#: plugins/sudoers/cvtsudoers.c:521 +#: plugins/sudoers/cvtsudoers.c:627 #, c-format msgid "invalid defaults type: %s" msgstr "nevaljane zadane vrste: %s" -#: plugins/sudoers/cvtsudoers.c:544 +#: plugins/sudoers/cvtsudoers.c:650 #, c-format msgid "invalid suppression type: %s" msgstr "nevaljana vrsta za izostavljanje: %s" -#: plugins/sudoers/cvtsudoers.c:584 plugins/sudoers/cvtsudoers.c:598 +#: plugins/sudoers/cvtsudoers.c:691 plugins/sudoers/cvtsudoers.c:707 #, c-format msgid "invalid filter: %s" msgstr "nevaljani filtar: %s" -#: plugins/sudoers/cvtsudoers.c:617 plugins/sudoers/cvtsudoers.c:634 -#: plugins/sudoers/cvtsudoers.c:1244 plugins/sudoers/cvtsudoers_json.c:872 -#: plugins/sudoers/cvtsudoers_ldif.c:688 plugins/sudoers/sudoers.c:1053 -#: plugins/sudoers/sudoreplay.c:1435 plugins/sudoers/timestamp.c:441 -#: plugins/sudoers/tsdump.c:128 plugins/sudoers/visudo.c:922 -#, c-format -msgid "unable to open %s" -msgstr "nije moguće otvoriti %s" - -#: plugins/sudoers/cvtsudoers.c:637 plugins/sudoers/visudo.c:931 +#: plugins/sudoers/cvtsudoers.c:751 plugins/sudoers/visudo.c:958 #, c-format msgid "failed to parse %s file, unknown error" msgstr "nije uspjelo raščlaniti %s datoteku, nepoznata greška" -#: plugins/sudoers/cvtsudoers.c:645 +#: plugins/sudoers/cvtsudoers.c:759 #, c-format msgid "parse error in %s near line %d\n" msgstr "greška u raščlambi u %s blizu retka %d\n" -#: plugins/sudoers/cvtsudoers.c:648 +#: plugins/sudoers/cvtsudoers.c:762 #, c-format msgid "parse error in %s\n" msgstr "greška u raščlambi u %s\n" -#: plugins/sudoers/cvtsudoers.c:1291 plugins/sudoers/sudoreplay.c:1124 -#: plugins/sudoers/timestamp.c:325 plugins/sudoers/timestamp.c:328 +#: plugins/sudoers/cvtsudoers.c:1486 plugins/sudoers/sudoreplay.c:1145 +#: plugins/sudoers/timestamp.c:317 plugins/sudoers/timestamp.c:320 #, c-format msgid "unable to write to %s" msgstr "nije moguće pisati u %s" -#: plugins/sudoers/cvtsudoers.c:1314 +#: plugins/sudoers/cvtsudoers.c:1509 #, c-format msgid "" "%s - convert between sudoers file formats\n" @@ -1256,7 +1700,7 @@ "%s - pretvara formate sudoers datoteka\n" "\n" -#: plugins/sudoers/cvtsudoers.c:1316 +#: plugins/sudoers/cvtsudoers.c:1511 msgid "" "\n" "Options:\n" @@ -1296,33 +1740,75 @@ " -s, --suppress=sections izostavi izlaz od sections sekcija\n" " -V, --version informira o inačici ovog programa i završi" -#: plugins/sudoers/cvtsudoers_json.c:480 plugins/sudoers/cvtsudoers_json.c:514 -#: plugins/sudoers/cvtsudoers_json.c:713 -#, c-format -msgid "unknown defaults entry \"%s\"" -msgstr "nepoznati unos defaults „%s“" - -#: plugins/sudoers/cvtsudoers_json.c:651 plugins/sudoers/cvtsudoers_json.c:664 -#: plugins/sudoers/cvtsudoers_ldif.c:346 plugins/sudoers/cvtsudoers_ldif.c:357 -#: plugins/sudoers/ldap.c:503 +#: plugins/sudoers/cvtsudoers_csv.c:452 plugins/sudoers/cvtsudoers_csv.c:466 +#: plugins/sudoers/cvtsudoers_json.c:654 plugins/sudoers/cvtsudoers_json.c:669 +#: plugins/sudoers/cvtsudoers_ldif.c:347 plugins/sudoers/cvtsudoers_ldif.c:360 +#: plugins/sudoers/ldap.c:504 msgid "unable to get GMT time" msgstr "nije moguće dobiti GMT vrijeme" -#: plugins/sudoers/cvtsudoers_json.c:654 plugins/sudoers/cvtsudoers_json.c:667 -#: plugins/sudoers/cvtsudoers_ldif.c:349 plugins/sudoers/cvtsudoers_ldif.c:360 -#: plugins/sudoers/ldap.c:509 +#: plugins/sudoers/cvtsudoers_csv.c:457 plugins/sudoers/cvtsudoers_csv.c:471 +#: plugins/sudoers/cvtsudoers_json.c:659 plugins/sudoers/cvtsudoers_json.c:674 +#: plugins/sudoers/cvtsudoers_ldif.c:352 plugins/sudoers/cvtsudoers_ldif.c:365 +#: plugins/sudoers/ldap.c:512 msgid "unable to format timestamp" msgstr "nije moguće oblikovati vremensku oznaku" -#: plugins/sudoers/cvtsudoers_ldif.c:640 +#: plugins/sudoers/cvtsudoers_json.c:480 plugins/sudoers/cvtsudoers_json.c:515 +#: plugins/sudoers/cvtsudoers_json.c:725 plugins/sudoers/defaults.c:189 +#, c-format +msgid "%s:%d:%d: unknown defaults entry \"%s\"" +msgstr "%s:%d:%d: nepoznata zadana stavka „%s“" + +#: plugins/sudoers/cvtsudoers_ldif.c:649 #, c-format msgid "too many sudoers entries, maximum %u" msgstr "previše sudoers grešaka, maksimum je %u" -#: plugins/sudoers/cvtsudoers_ldif.c:683 +#: plugins/sudoers/cvtsudoers_ldif.c:692 msgid "the SUDOERS_BASE environment variable is not set and the -b option was not specified." msgstr "varijabla okoline SUDOERS_BASE nije postavljena i -b opcija nije specificirana." +#: plugins/sudoers/cvtsudoers_merge.c:438 +#, c-format +msgid "unable to find alias %s" +msgstr "nije moguće naći alias %s" + +#: plugins/sudoers/cvtsudoers_merge.c:441 +#, c-format +msgid "%s:%d:%d: renaming alias %s to %s" +msgstr "%s:%d:%d: preimenujemo aliasa %s u %s" + +#: plugins/sudoers/cvtsudoers_merge.c:498 +#, c-format +msgid "%s:%d:%d: removing duplicate alias %s" +msgstr "%s:%d:%d: uklanjamo duplikat aliasa %s" + +#: plugins/sudoers/cvtsudoers_merge.c:658 +#, c-format +msgid "%s:%d:%d: conflicting Defaults entry \"%s\" host-specific in %s:%d:%d" +msgstr "%s:%d:%d: konfliktni Defaults unos „%s“ specifičan za hosta u %s:%d:%d" + +#: plugins/sudoers/cvtsudoers_merge.c:698 +#, c-format +msgid "%s:%d:%d: made Defaults \"%s\" specific to host %s" +msgstr "%s:%d:%d: napravljen je Defaults „%s“ specifičan za opciju %s" + +#: plugins/sudoers/cvtsudoers_merge.c:718 +#, c-format +msgid "%s:%d:%d: removing Defaults \"%s\" overridden by subsequent entries" +msgstr "%s:%d:%d: uklanjamo Defaults „%s“ nadvladan naknadnim unosima" + +#: plugins/sudoers/cvtsudoers_merge.c:723 +#, c-format +msgid "%s:%d:%d: unable to make Defaults \"%s\" host-specific" +msgstr "%s:%d:%d: nije moguće napraviti Defaults „%s“ specifično za hosta" + +#: plugins/sudoers/cvtsudoers_merge.c:943 +#, c-format +msgid "%s:%d:%d: removing userspec overridden by subsequent entries" +msgstr "%s:%d:%d: uklanjamo korisničke specifikacije nadvladane naknadnim unosima" + #: plugins/sudoers/def_data.c:50 #, c-format msgid "Syslog facility if syslog is being used for logging: %s" @@ -1702,7 +2188,7 @@ #: plugins/sudoers/def_data.c:390 msgid "Run commands on a pty in the background" -msgstr "Pokrenuti naredbe na pseudoterminalu u pozadini." +msgstr "Pokrenuti naredbe na pseudo terminalu u pozadini." #: plugins/sudoers/def_data.c:394 #, c-format @@ -1902,95 +2388,194 @@ msgid "The format of logs to produce: %s" msgstr "Format dnevnika: %s" -#: plugins/sudoers/defaults.c:185 +#: plugins/sudoers/def_data.c:574 +msgid "Enable SELinux RBAC support" +msgstr "Omogući podršku za SELinux RBAC" + +#: plugins/sudoers/def_data.c:578 #, c-format -msgid "%s:%d:%d: unknown defaults entry \"%s\"" -msgstr "%s:%d:%d: nepoznata zadana stavka „%s“" +msgid "Path to the file that is created the first time sudo is run: %s" +msgstr "Staza do datoteke koja se kreira prilikom prvog sudo pokretanja: %s" + +#: plugins/sudoers/def_data.c:582 +msgid "Intercept further commands and apply sudoers restrictions to them" +msgstr "Presretne daljnje naredbe i primijeni ograničenja sudoers-a na njih." + +#: plugins/sudoers/def_data.c:586 +msgid "Log sub-commands run by the original command" +msgstr "Urudžbira podnaredbe koje izvodi naredba" + +#: plugins/sudoers/def_data.c:590 +msgid "Log the exit status of commands" +msgstr "Urudžbira izlazno stanje pokrenute naredbe." + +#: plugins/sudoers/def_data.c:594 +msgid "Subsequent commands in an intercepted session must be authenticated" +msgstr "Naredne naredbe u presretoj sesiji moraju biti ovjerene." + +#: plugins/sudoers/def_data.c:598 +msgid "Allow an intercepted command to run set setuid or setgid programs" +msgstr "Dopusti presretnutu naredbu da pokrene program za postavljnje setuid ili setgid." + +#: plugins/sudoers/def_data.c:602 +#, c-format +msgid "The maximum size to which the process's address space may grow (in bytes): %s" +msgstr "Maksimalna veličina do koje adresni prostor procesa može narasti (u bajtovima): %s" + +#: plugins/sudoers/def_data.c:606 +#, c-format +msgid "The largest size core dump file that may be created (in bytes): %s" +msgstr "Najveća veličina datoteke s damp memorijom koja se može stvoriti (u bajtovima): %s" + +#: plugins/sudoers/def_data.c:610 +#, c-format +msgid "The maximum amount of CPU time that the process may use (in seconds): %s" +msgstr "Maksimalna količina CPU vremena koje proces može koristiti (u sekundama): %s" + +#: plugins/sudoers/def_data.c:614 +#, c-format +msgid "The maximum size of the data segment for the process (in bytes): %s" +msgstr "Maksimalna veličina podatkovnog segmenta za proces (u bajtovima): %s" -#: plugins/sudoers/defaults.c:188 +#: plugins/sudoers/def_data.c:618 +#, c-format +msgid "The largest size file that the process may create (in bytes): %s" +msgstr "Najveća veličina datoteke koju proces može stvoriti (u bajtovima): %s" + +#: plugins/sudoers/def_data.c:622 +#, c-format +msgid "The maximum number of locks that the process may establish: %s" +msgstr "Maksimalni broj zaključavanja koje proces može uspostaviti: %s" + +#: plugins/sudoers/def_data.c:626 +#, c-format +msgid "The maximum size that the process may lock in memory (in bytes): %s" +msgstr "Maksimalna veličina koju proces može zaključati u memoriji (u bajtovima): %s" + +#: plugins/sudoers/def_data.c:630 +#, c-format +msgid "The maximum number of files that the process may have open: %s" +msgstr "Maksimalan broj datoteka koje proces može otvoriti: %s" + +#: plugins/sudoers/def_data.c:634 +#, c-format +msgid "The maximum number of processes that the user may run simultaneously: %s" +msgstr "Maksimalan broj procesa koje korisnik može istovremeno pokrenuti: %s" + +#: plugins/sudoers/def_data.c:638 +#, c-format +msgid "The maximum size to which the process's resident set size may grow (in bytes): %s" +msgstr "Maksimalna veličina do koje može narasti rezidentna postavljena veličina procesa (u bajtovima): %s" + +#: plugins/sudoers/def_data.c:642 +#, c-format +msgid "The maximum size to which the process's stack may grow (in bytes): %s" +msgstr "Maksimalna veličina do koje može narasti stȏg procesa (u bajtovima): %s" + +#: plugins/sudoers/defaults.c:192 #, c-format msgid "%s: unknown defaults entry \"%s\"" msgstr "%s: nepoznata stavka zadanih vrijednosti „%s“" -#: plugins/sudoers/defaults.c:234 +#: plugins/sudoers/defaults.c:241 #, c-format msgid "%s:%d:%d: no value specified for \"%s\"" msgstr "%s:%d:%d: nije navedena vrijednost za „%s“" -#: plugins/sudoers/defaults.c:237 +#: plugins/sudoers/defaults.c:244 #, c-format msgid "%s: no value specified for \"%s\"" msgstr "%s: nije navedena vrijednost za „%s“" -#: plugins/sudoers/defaults.c:275 +#: plugins/sudoers/defaults.c:257 +#, c-format +msgid "%s:%d:%d: invalid operator \"%c=\" for \"%s\"" +msgstr "%s:%d:%d: nevaljan operator \"%c=\" za „%s“" + +#: plugins/sudoers/defaults.c:260 +#, c-format +msgid "%s: invalid operator \"%c=\" for \"%s\"" +msgstr "%s: nevaljan operator \"%c=\" „%s“" + +#: plugins/sudoers/defaults.c:296 #, c-format msgid "%s:%d:%d: option \"%s\" does not take a value" msgstr "%s:%d:%d: opcija „%s“ ne treba nikakvu vrijednost" -#: plugins/sudoers/defaults.c:278 +#: plugins/sudoers/defaults.c:299 #, c-format msgid "%s: option \"%s\" does not take a value" msgstr "%s: opcija „%s“ ne prihvaća vrijednost" -#: plugins/sudoers/defaults.c:303 +#: plugins/sudoers/defaults.c:327 #, c-format msgid "%s:%d:%d: invalid Defaults type 0x%x for option \"%s\"" msgstr "%s:%d:%d: nevaljana vrsta Defaults 0x%x za opciju „%s“" -#: plugins/sudoers/defaults.c:306 +#: plugins/sudoers/defaults.c:330 #, c-format msgid "%s: invalid Defaults type 0x%x for option \"%s\"" msgstr "%s: nevaljana vrsta Defaults 0x%x za opciju „%s“" -#: plugins/sudoers/defaults.c:316 +#: plugins/sudoers/defaults.c:340 #, c-format msgid "%s:%d:%d: value \"%s\" is invalid for option \"%s\"" msgstr "%s:%d:%d: vrijednost „%s“ za opciju „%s“ nije valjana" -#: plugins/sudoers/defaults.c:319 +#: plugins/sudoers/defaults.c:343 #, c-format msgid "%s: value \"%s\" is invalid for option \"%s\"" msgstr "%s: vrijednost „%s“ nije ispravna za opciju „%s“" -#: plugins/sudoers/defaults.c:1030 +#: plugins/sudoers/defaults.c:1124 +#, c-format +msgid "%s:%d:%d: path name for \"%s\" too long" +msgstr "%s:%d:%d: ime staze za „%s“ je predugačko" + +#: plugins/sudoers/defaults.c:1127 +#, c-format +msgid "%s: path name for \"%s\" too long" +msgstr "%s: ime staze za „%s“ je predugačko" + +#: plugins/sudoers/defaults.c:1138 #, c-format msgid "%s:%d:%d: values for \"%s\" must start with a '/', '~', or '*'" msgstr "%s:%d:%d: vrijednost za „%s“ mora započeti s „/“, „~“, ili „*“" -#: plugins/sudoers/defaults.c:1034 +#: plugins/sudoers/defaults.c:1142 #, c-format msgid "%s: values for \"%s\" must start with a '/', '~', or '*'" msgstr "%s: vrijednost za „%s“ mora započeti s „/“, „~“, ili „*“" -#: plugins/sudoers/defaults.c:1045 +#: plugins/sudoers/defaults.c:1153 #, c-format msgid "%s:%d:%d: values for \"%s\" must start with a '/'" msgstr "%s:%d:%d: vrijednost za „%s“ mora započeti s „/“" -#: plugins/sudoers/defaults.c:1049 +#: plugins/sudoers/defaults.c:1157 #, c-format msgid "%s: values for \"%s\" must start with a '/'" msgstr "%s: vrijednost za „%s“ mora početi s „/“" -#: plugins/sudoers/env.c:405 +#: plugins/sudoers/env.c:412 msgid "sudo_putenv: corrupted envp, length mismatch" msgstr "sudo_putenv: oštećen envp, duljina ne odgovara" -#: plugins/sudoers/env.c:1133 +#: plugins/sudoers/env.c:1095 msgid "unable to rebuild the environment" msgstr "nije moguće obnoviti okolinu" -#: plugins/sudoers/env.c:1207 +#: plugins/sudoers/env.c:1169 #, c-format msgid "sorry, you are not allowed to set the following environment variables: %s" msgstr "nemate dopuštenje za postavljanje sljedećih varijabli okoline: %s" -#: plugins/sudoers/file.c:107 +#: plugins/sudoers/file.c:108 #, c-format msgid "parse error in %s near line %d" msgstr "greška u raščlambi u %s blizu retka %d" -#: plugins/sudoers/file.c:110 +#: plugins/sudoers/file.c:111 #, c-format msgid "parse error in %s" msgstr "greška u raščlambi u %s" @@ -2015,7 +2600,7 @@ msgid "%s must only be writable by owner" msgstr "%s mora biti dostupan za pisanje samo vlasniku" -#: plugins/sudoers/group_plugin.c:96 plugins/sudoers/sssd.c:569 +#: plugins/sudoers/group_plugin.c:96 plugins/sudoers/sssd.c:566 #, c-format msgid "unable to load %s: %s" msgstr "nije moguće učitati %s: %s" @@ -2030,56 +2615,51 @@ msgid "%s: incompatible group plugin major version %d, expected %d" msgstr "%s: nekompatibilna glavna inačica plugin grupe %d, očekivano je %d" -#: plugins/sudoers/interfaces.c:80 plugins/sudoers/interfaces.c:97 +#: plugins/sudoers/interfaces.c:76 plugins/sudoers/interfaces.c:93 #, c-format msgid "unable to parse IP address \"%s\"" msgstr "„%s“ nije valjana IP adresa (nemoguće ju je raščlaniti)" -#: plugins/sudoers/interfaces.c:85 plugins/sudoers/interfaces.c:102 +#: plugins/sudoers/interfaces.c:81 plugins/sudoers/interfaces.c:98 #, c-format msgid "unable to parse netmask \"%s\"" msgstr "„%s“ nije valjana mrežna maska (nemoguće ju je raščlaniti)" -#: plugins/sudoers/interfaces.c:130 +#: plugins/sudoers/interfaces.c:126 msgid "Local IP address and netmask pairs:\n" msgstr "Parovi lokalnih IP adresa i mrežnih maski:\n" -#: plugins/sudoers/iolog.c:143 plugins/sudoers/sudoers.c:445 -#: plugins/sudoers/sudoers.c:1341 plugins/sudoers/testsudoers.c:410 -#, c-format -msgid "unknown group: %s" -msgstr "nepoznata grupa: %s" - -#: plugins/sudoers/iolog.c:622 +#: plugins/sudoers/iolog.c:626 msgid "unable to update sequence file" msgstr "nije moguće ažurirati datoteku redoslijeda (sequence file)" -#: plugins/sudoers/iolog.c:653 plugins/sudoers/iolog.c:841 -#: plugins/sudoers/iolog.c:994 plugins/sudoers/iolog.c:1001 -#: plugins/sudoers/iolog.c:1122 plugins/sudoers/iolog.c:1129 -#: plugins/sudoers/iolog.c:1228 plugins/sudoers/iolog.c:1235 +#: plugins/sudoers/iolog.c:660 plugins/sudoers/iolog.c:848 +#: plugins/sudoers/iolog.c:1001 plugins/sudoers/iolog.c:1008 +#: plugins/sudoers/iolog.c:1129 plugins/sudoers/iolog.c:1136 +#: plugins/sudoers/iolog.c:1235 plugins/sudoers/iolog.c:1242 #, c-format msgid "unable to write to I/O log file: %s" msgstr "nije moguće pisati u U/I dnevnik: %s" -#: plugins/sudoers/iolog.c:661 +#: plugins/sudoers/iolog.c:668 #, c-format msgid "unable to create %s/%s" msgstr "nije moguće stvoriti %s/%s" -#: plugins/sudoers/iolog.c:886 +#: plugins/sudoers/iolog.c:893 #, c-format msgid "%s: internal error, I/O log file for event %d not open" msgstr "%s: interna greška, U/I dnevnička datoteka za događaj %d nije otvorena" -#: plugins/sudoers/iolog.c:979 plugins/sudoers/iolog.c:1107 -#: plugins/sudoers/iolog.c:1212 plugins/sudoers/timestamp.c:855 -#: plugins/sudoers/timestamp.c:947 plugins/sudoers/visudo.c:493 -#: plugins/sudoers/visudo.c:499 +#: plugins/sudoers/iolog.c:986 plugins/sudoers/iolog.c:1114 +#: plugins/sudoers/iolog.c:1219 plugins/sudoers/timestamp.c:849 +#: plugins/sudoers/timestamp.c:941 plugins/sudoers/visudo.c:510 +#: plugins/sudoers/visudo.c:516 msgid "unable to read the clock" msgstr "nije moguće pročitati vrijeme (clock)" -#: plugins/sudoers/iolog.c:1204 plugins/sudoers/log_client.c:1193 +#: plugins/sudoers/iolog.c:1211 plugins/sudoers/log_client.c:1221 +#: plugins/sudoers/log_client.c:1231 plugins/sudoers/log_client.c:1235 #, c-format msgid "%s: internal error, invalid signal %d" msgstr "%s: interna greška, nevaljani signal %d" @@ -2098,16 +2678,16 @@ msgid "you must set TLS_CERT in %s to use SSL" msgstr "morate postaviti TLS_CERT u %s da koristite SSL" -#: plugins/sudoers/ldap.c:1660 +#: plugins/sudoers/ldap.c:1663 #, c-format msgid "unable to initialize LDAP: %s" msgstr "nije moguće inicijalizirati LDAP: %s" -#: plugins/sudoers/ldap.c:1697 +#: plugins/sudoers/ldap.c:1700 msgid "start_tls specified but LDAP libs do not support ldap_start_tls_s() or ldap_start_tls_s_np()" msgstr "start_tls je specificirani, ali LDAP biblioteke ne podržavaju ldap_start_tls_s() ili ldap_start_tls_s_np()" -#: plugins/sudoers/ldap.c:1834 plugins/sudoers/parse_ldif.c:744 +#: plugins/sudoers/ldap.c:1837 plugins/sudoers/parse_ldif.c:747 #, c-format msgid "invalid sudoOrder attribute: %s" msgstr "nevaljani sudoOrder atribut: %s" @@ -2126,105 +2706,137 @@ msgid "unable to mix ldap and ldaps URIs" msgstr "ne možete zajedno koristiti ldap i ldaps adrese" -#: plugins/sudoers/ldap_util.c:553 plugins/sudoers/ldap_util.c:555 +#: plugins/sudoers/ldap_util.c:498 plugins/sudoers/ldap_util.c:505 +#: plugins/sudoers/ldap_util.c:513 plugins/sudoers/ldap_util.c:522 +#: plugins/sudoers/ldap_util.c:530 plugins/sudoers/ldap_util.c:540 +#: plugins/sudoers/ldap_util.c:548 +#, c-format +msgid "duplicate sudoOption: %s%s%s" +msgstr "duplicira sudoOption: %s%s%s" + +#: plugins/sudoers/ldap_util.c:567 plugins/sudoers/ldap_util.c:569 #, c-format msgid "unable to convert sudoOption: %s%s%s" msgstr "nije moguće pretvoriti sudoOption: %s%s%s" -#: plugins/sudoers/linux_audit.c:58 +#: plugins/sudoers/linux_audit.c:58 plugins/sudoers/linux_audit.c:60 msgid "unable to open audit system" msgstr "nije moguće otvoriti revizijski sustav" -#: plugins/sudoers/linux_audit.c:101 +#: plugins/sudoers/linux_audit.c:103 msgid "unable to send audit message" msgstr "nije moguće poslati revizijsku poruku" -#: plugins/sudoers/log_client.c:113 plugins/sudoers/log_client.c:391 -#: plugins/sudoers/log_client.c:1431 plugins/sudoers/log_client.c:2023 +#: plugins/sudoers/log_client.c:120 plugins/sudoers/log_client.c:400 +#: plugins/sudoers/log_client.c:1468 plugins/sudoers/log_client.c:2070 msgid "error in event loop" msgstr "greška u petlji događaja" -#: plugins/sudoers/log_client.c:193 +#: plugins/sudoers/log_client.c:200 #, c-format msgid "Creation of new SSL_CTX object failed: %s" msgstr "Nije uspjelo stvoriti novi ‘SSL_CTX’ objekt: %s" -#: plugins/sudoers/log_client.c:345 plugins/sudoers/log_client.c:350 +#: plugins/sudoers/log_client.c:223 +#, c-format +msgid "unable to load certificate authority bundle %s" +msgstr "nije moguće učitati datoteku s certifikatatima (CA bundle) %s" + +#: plugins/sudoers/log_client.c:243 +#, c-format +msgid "unable to load certificate %s" +msgstr "nije moguće učitati certifikate %s" + +#: plugins/sudoers/log_client.c:256 +#, c-format +msgid "unable to load private key %s" +msgstr "nije moguće učitati privatni ključ %s" + +#: plugins/sudoers/log_client.c:265 +#, c-format +msgid "Unable to allocate ssl object: %s" +msgstr "Nije uspjelo dodijeliti memoriju za SSL objekt: %s" + +#: plugins/sudoers/log_client.c:353 plugins/sudoers/log_client.c:358 #, c-format msgid "TLS connection to %s:%s failed: %s" msgstr "TLS veza sa %s:%s nije uspjela: %s" -#: plugins/sudoers/log_client.c:519 +#: plugins/sudoers/log_client.c:531 msgid "TLS initialization was unsuccessful" msgstr "TLS inicijalizacija nije bila uspješna" -#: plugins/sudoers/log_client.c:528 +#: plugins/sudoers/log_client.c:541 msgid "TLS handshake was unsuccessful" msgstr "TLS rukovanje (handshake) nije bila uspješno" -#: plugins/sudoers/log_client.c:1202 +#: plugins/sudoers/log_client.c:1239 #, c-format msgid "%s: internal error, invalid exit status %d" msgstr "%s: **interna greška** -- nevaljani izlazni status %d" -#: plugins/sudoers/log_client.c:1738 +#: plugins/sudoers/log_client.c:1608 +msgid "unable to unpack ServerMessage" +msgstr "nije moguće raspakirati ServerMessage" + +#: plugins/sudoers/log_client.c:1763 plugins/sudoers/log_client.c:1787 msgid "lost connection to log server" msgstr "veza sa serverom za autentifikaciju je prekinuta (izgubljena je)" -#: plugins/sudoers/log_client.c:1815 +#: plugins/sudoers/log_client.c:1864 msgid "missing write buffer" msgstr "nema međuspremnika za pisanje" -#: plugins/sudoers/log_client.c:1964 +#: plugins/sudoers/log_client.c:2011 msgid "unable to connect to log server" msgstr "nije moguće spojiti se na dnevnički server" -#: plugins/sudoers/logging.c:244 +#: plugins/sudoers/logging.c:286 msgid "user NOT in sudoers" msgstr "korisnik NIJE u sudoers" # Authentication is about who somebody is. # Authorisation is about what they're allowed to do. # https://en.wikipedia.org/wiki/AAA_(computer_security)#Authorization -#: plugins/sudoers/logging.c:246 +#: plugins/sudoers/logging.c:288 msgid "user NOT authorized on host" msgstr "korisnik NEMA ovlasti na računalu (nije autoriziran)" -#: plugins/sudoers/logging.c:248 +#: plugins/sudoers/logging.c:290 msgid "command not allowed" msgstr "naredba nije dopuštena" -#: plugins/sudoers/logging.c:269 +#: plugins/sudoers/logging.c:311 #, c-format msgid "%s is not in the sudoers file. This incident will be reported.\n" msgstr "%s nije u sudoers datoteci. Ovaj će incident biti prijavljen.\n" -#: plugins/sudoers/logging.c:272 +#: plugins/sudoers/logging.c:314 #, c-format msgid "%s is not allowed to run sudo on %s. This incident will be reported.\n" msgstr "" "%s nema dopuštenja pokrenuti sudo na %s. Ovaj će incident biti prijavljen.\n" "\n" -#: plugins/sudoers/logging.c:276 +#: plugins/sudoers/logging.c:318 #, c-format msgid "Sorry, user %s may not run sudo on %s.\n" msgstr "Nažalost, korisnik %s ne smije pokrenuti sudo na %s.\n" -#: plugins/sudoers/logging.c:279 +#: plugins/sudoers/logging.c:321 #, c-format msgid "Sorry, user %s is not allowed to execute '%s%s%s' as %s%s%s on %s.\n" msgstr "Nažalost, korisniku %s nije dopušteno izvršiti „%s%s%s“ kao %s%s%s na %s.\n" -#: plugins/sudoers/logging.c:316 plugins/sudoers/sudoers.c:583 -#: plugins/sudoers/sudoers.c:585 plugins/sudoers/sudoers.c:587 -#: plugins/sudoers/sudoers.c:589 plugins/sudoers/sudoers.c:739 -#: plugins/sudoers/sudoers.c:741 +#: plugins/sudoers/logging.c:358 plugins/sudoers/sudoers.c:629 +#: plugins/sudoers/sudoers.c:631 plugins/sudoers/sudoers.c:633 +#: plugins/sudoers/sudoers.c:635 plugins/sudoers/sudoers.c:785 +#: plugins/sudoers/sudoers.c:787 #, c-format msgid "%s: command not found" msgstr "%s: naredba nije pronađena" -#: plugins/sudoers/logging.c:318 plugins/sudoers/sudoers.c:579 +#: plugins/sudoers/logging.c:360 plugins/sudoers/sudoers.c:625 #, c-format msgid "" "ignoring \"%s\" found in '.'\n" @@ -2233,7 +2845,7 @@ "zanemaruje se „%s“ pronađen u „.“\n" "Koristite „sudo ./%s“ ako je to „%s“ koji želite pokrenuti." -#: plugins/sudoers/logging.c:337 +#: plugins/sudoers/logging.c:379 #, c-format msgid "%u incorrect password attempt" msgid_plural "%u incorrect password attempts" @@ -2241,20 +2853,15 @@ msgstr[1] "%u netočna pokušaja unosa lozinke" msgstr[2] "%u netočnih pokušaja unosa lozinke" -#: plugins/sudoers/logging.c:393 +#: plugins/sudoers/logging.c:435 msgid "authentication failure" msgstr "neuspješna autentifikacija" -#: plugins/sudoers/logging.c:433 plugins/sudoers/logging.c:453 +#: plugins/sudoers/logging.c:475 plugins/sudoers/logging.c:495 msgid "a password is required" msgstr "nužna je lozinka" -#: plugins/sudoers/logging.c:729 -#, c-format -msgid "unable to open log file: %s" -msgstr "nije moguće otvoriti dnevničku datoteku: %s" - -#: plugins/sudoers/logging.c:762 +#: plugins/sudoers/logging.c:889 #, c-format msgid "unable to write log file: %s" msgstr "nije moguće pisati u dnevničku datoteku: %s" @@ -2264,7 +2871,15 @@ msgid "digest for %s (%s) is not in %s form" msgstr "kontrolni zbroj za %s (%s) nije u %s obliku" -#: plugins/sudoers/parse.c:518 +#: plugins/sudoers/parse.c:233 +msgid "SELinux RBAC is not supported when intercept mode is enabled" +msgstr "SELinux RBAC nije podržan ako je omogućeno presretanje" + +#: plugins/sudoers/parse.c:238 +msgid "SELinux RBAC is not supported when the log_subcmds flag is enabled" +msgstr "SELinux RBAC nije podržan ako je postavljen flag od log_subcmds" + +#: plugins/sudoers/parse.c:549 #, c-format msgid "" "\n" @@ -2273,7 +2888,7 @@ "\n" "LDAP uloga: %s\n" -#: plugins/sudoers/parse.c:521 +#: plugins/sudoers/parse.c:552 msgid "" "\n" "Sudoers entry:\n" @@ -2281,104 +2896,115 @@ "\n" "Sudoers stavka:\n" -#: plugins/sudoers/parse.c:523 +#: plugins/sudoers/parse.c:554 msgid " RunAsUsers: " msgstr " RunAsUsers: " -#: plugins/sudoers/parse.c:538 +#: plugins/sudoers/parse.c:569 msgid " RunAsGroups: " msgstr " RunAsGroups: " -#: plugins/sudoers/parse.c:548 +#: plugins/sudoers/parse.c:579 msgid " Options: " msgstr " Opcije: " -#: plugins/sudoers/parse.c:602 +#: plugins/sudoers/parse.c:643 msgid " Commands:\n" msgstr " Naredbe:\n" -#: plugins/sudoers/parse.c:793 +#: plugins/sudoers/parse.c:834 #, c-format msgid "Matching Defaults entries for %s on %s:\n" msgstr "Odgovarajući Defaults unosi za %s na %s:\n" -#: plugins/sudoers/parse.c:811 +#: plugins/sudoers/parse.c:852 #, c-format msgid "Runas and Command-specific defaults for %s:\n" msgstr "Runas i Command-specifične zadane vrijednosti za %s:\n" -#: plugins/sudoers/parse.c:829 +#: plugins/sudoers/parse.c:870 #, c-format msgid "User %s may run the following commands on %s:\n" msgstr "Korisnik %s može pokrenuti sljedeće naredbe na %s:\n" -#: plugins/sudoers/parse.c:844 +#: plugins/sudoers/parse.c:885 #, c-format msgid "User %s is not allowed to run sudo on %s.\n" msgstr "Korisniku %s nije dopušteno pokrenuti sudo na %s.\n" -#: plugins/sudoers/parse_ldif.c:614 +#: plugins/sudoers/parse_ldif.c:617 #, c-format msgid "ignoring incomplete sudoRole: cn: %s" msgstr "ignorira se nekompletni sudoRole: cn: %s" -#: plugins/sudoers/parse_ldif.c:674 +#: plugins/sudoers/parse_ldif.c:677 #, c-format msgid "invalid LDIF attribute: %s" msgstr "nevaljani LDIF atribut: %s" -#: plugins/sudoers/policy.c:78 plugins/sudoers/policy.c:102 +#: plugins/sudoers/policy.c:80 plugins/sudoers/policy.c:111 #, c-format msgid "invalid %.*s set by sudo front-end" msgstr "nevaljana opcija %.*s postavljena kroz sudo front-end" -#: plugins/sudoers/policy.c:310 plugins/sudoers/testsudoers.c:272 +#: plugins/sudoers/policy.c:206 plugins/sudoers/policy.c:215 +#, c-format +msgid "path name for \"%s\" too long" +msgstr "ime staze za „%s“ je predugačko" + +#: plugins/sudoers/policy.c:328 plugins/sudoers/testsudoers.c:268 msgid "unable to parse network address list" msgstr "nije moguće pročitati popis mrežnih adresa (nemoguće ih je raščlaniti)" -#: plugins/sudoers/policy.c:455 +#: plugins/sudoers/policy.c:479 msgid "user name not set by sudo front-end" msgstr "ime korisnika nije postavio front-end sudo-a" -#: plugins/sudoers/policy.c:459 +#: plugins/sudoers/policy.c:483 msgid "user-ID not set by sudo front-end" msgstr "korisnički ID (user-ID) nije postavio front-end sudo-a" -#: plugins/sudoers/policy.c:463 +#: plugins/sudoers/policy.c:487 msgid "group-ID not set by sudo front-end" msgstr "groupni ID (group-ID) nije postavio front-end sudo-a" -#: plugins/sudoers/policy.c:467 +#: plugins/sudoers/policy.c:491 msgid "host name not set by sudo front-end" msgstr "ime računala (host name) nije postavio front-end sudo-a" -#: plugins/sudoers/policy.c:643 +#: plugins/sudoers/policy.c:693 #, c-format msgid "invalid working directory: %s" msgstr "nevaljani radni direktorij: %s" -#: plugins/sudoers/policy.c:811 +#: plugins/sudoers/policy.c:869 #, c-format msgid "invalid chroot directory: %s" msgstr "nevaljani chroot direktorij: %s" -#: plugins/sudoers/policy.c:947 plugins/sudoers/visudo.c:231 -#: plugins/sudoers/visudo.c:860 +#: plugins/sudoers/policy.c:1051 plugins/sudoers/visudo.c:243 +#: plugins/sudoers/visudo.c:880 #, c-format msgid "unable to execute %s" msgstr "nije moguće izvršiti %s" -#: plugins/sudoers/policy.c:1111 +#: plugins/sudoers/policy.c:1121 plugins/sudoers/policy.c:1158 +#: plugins/sudoers/policy.c:1180 plugins/sudoers/policy.c:1206 +#, c-format +msgid "%s: invalid mode flags from sudo front end: 0x%x" +msgstr "%s: nevaljane zastavice načina rada iz sudo front end: 0x%x" + +#: plugins/sudoers/policy.c:1237 #, c-format msgid "Sudoers policy plugin version %s\n" msgstr "Inačica sudoers plugina s pravilima %s\n" -#: plugins/sudoers/policy.c:1113 +#: plugins/sudoers/policy.c:1239 #, c-format msgid "Sudoers file grammar version %d\n" msgstr "Inačica sudoers datotečne gramatike %d\n" -#: plugins/sudoers/policy.c:1117 +#: plugins/sudoers/policy.c:1243 #, c-format msgid "" "\n" @@ -2387,133 +3013,139 @@ "\n" "Staza do sudoers: %s\n" -#: plugins/sudoers/policy.c:1120 +#: plugins/sudoers/policy.c:1246 #, c-format msgid "nsswitch path: %s\n" msgstr "nsswitch staza: %s\n" -#: plugins/sudoers/policy.c:1122 +#: plugins/sudoers/policy.c:1248 #, c-format msgid "ldap.conf path: %s\n" msgstr "ldap.conf staza: %s\n" -#: plugins/sudoers/policy.c:1123 +#: plugins/sudoers/policy.c:1249 #, c-format msgid "ldap.secret path: %s\n" msgstr "ldap.secret staza: %s\n" # hook: A location in a routine or program in which the programmer can connect or insert other routines for the purpose of debugging or enhancing functionality. -#: plugins/sudoers/policy.c:1156 +#: plugins/sudoers/policy.c:1282 #, c-format msgid "unable to register hook of type %d (version %d.%d)" msgstr "nije moguće registrirati rutinu (hook) vrste %d (inačica %d.%d)" -#: plugins/sudoers/pwutil.c:217 plugins/sudoers/pwutil.c:235 +# hook: A location in a routine or program in which the programmer can connect or insert other routines for the purpose of debugging or enhancing functionality. +#: plugins/sudoers/policy.c:1300 +#, c-format +msgid "unable to deregister hook of type %d (version %d.%d)" +msgstr "nije moguće poništiti registraciju vrste (hook) %d (inačica %d.%d)" + +#: plugins/sudoers/pwutil.c:222 plugins/sudoers/pwutil.c:240 #, c-format msgid "unable to cache uid %u" msgstr "nije moguće zapamtiti (cache) UID %u" -#: plugins/sudoers/pwutil.c:229 +#: plugins/sudoers/pwutil.c:234 #, c-format msgid "unable to cache uid %u, already exists" msgstr "nije moguće predmemorirati UID %u jer već postoji" -#: plugins/sudoers/pwutil.c:289 plugins/sudoers/pwutil.c:307 -#: plugins/sudoers/pwutil.c:370 plugins/sudoers/pwutil.c:415 +#: plugins/sudoers/pwutil.c:294 plugins/sudoers/pwutil.c:312 +#: plugins/sudoers/pwutil.c:375 plugins/sudoers/pwutil.c:420 #, c-format msgid "unable to cache user %s" msgstr "nije moguće zapamtiti (cache) korisnika %s" -#: plugins/sudoers/pwutil.c:302 +#: plugins/sudoers/pwutil.c:307 #, c-format msgid "unable to cache user %s, already exists" msgstr "nije moguće predmemorirati korisnika %s jer već postoji" -#: plugins/sudoers/pwutil.c:534 plugins/sudoers/pwutil.c:552 +#: plugins/sudoers/pwutil.c:539 plugins/sudoers/pwutil.c:557 #, c-format msgid "unable to cache gid %u" msgstr "nije moguće zapamtiti (cache) GID %u" -#: plugins/sudoers/pwutil.c:546 +#: plugins/sudoers/pwutil.c:551 #, c-format msgid "unable to cache gid %u, already exists" msgstr "nije moguće predmemorirati GID %u jer već postoji" -#: plugins/sudoers/pwutil.c:599 plugins/sudoers/pwutil.c:617 -#: plugins/sudoers/pwutil.c:665 plugins/sudoers/pwutil.c:707 +#: plugins/sudoers/pwutil.c:605 plugins/sudoers/pwutil.c:623 +#: plugins/sudoers/pwutil.c:684 plugins/sudoers/pwutil.c:733 #, c-format msgid "unable to cache group %s" msgstr "nije moguće zapamtiti (cache) grupu %s" -#: plugins/sudoers/pwutil.c:612 +#: plugins/sudoers/pwutil.c:618 #, c-format msgid "unable to cache group %s, already exists" msgstr "nije moguće predmemorirati grupu %s jer već postoji" -#: plugins/sudoers/pwutil.c:834 plugins/sudoers/pwutil.c:885 -#: plugins/sudoers/pwutil.c:935 plugins/sudoers/pwutil.c:987 +#: plugins/sudoers/pwutil.c:880 plugins/sudoers/pwutil.c:931 +#: plugins/sudoers/pwutil.c:981 plugins/sudoers/pwutil.c:1033 #, c-format msgid "unable to cache group list for %s, already exists" msgstr "nije moguće predmemorirati popis grupa za %s jer već postoji" -#: plugins/sudoers/pwutil.c:840 plugins/sudoers/pwutil.c:890 -#: plugins/sudoers/pwutil.c:941 plugins/sudoers/pwutil.c:992 +#: plugins/sudoers/pwutil.c:886 plugins/sudoers/pwutil.c:936 +#: plugins/sudoers/pwutil.c:987 plugins/sudoers/pwutil.c:1038 #, c-format msgid "unable to cache group list for %s" msgstr "nije moguće zapamtiti (cache) popis grupa za %s" -#: plugins/sudoers/pwutil.c:879 +#: plugins/sudoers/pwutil.c:925 #, c-format msgid "unable to parse groups for %s" msgstr "nije moguće pročitati grupe za %s" -#: plugins/sudoers/pwutil.c:981 +#: plugins/sudoers/pwutil.c:1027 #, c-format msgid "unable to parse gids for %s" msgstr "nije moguće razabrati GID-ove za %s" -#: plugins/sudoers/set_perms.c:114 plugins/sudoers/set_perms.c:441 -#: plugins/sudoers/set_perms.c:844 plugins/sudoers/set_perms.c:1150 -#: plugins/sudoers/set_perms.c:1444 +#: plugins/sudoers/set_perms.c:114 plugins/sudoers/set_perms.c:445 +#: plugins/sudoers/set_perms.c:852 plugins/sudoers/set_perms.c:1162 +#: plugins/sudoers/set_perms.c:1460 msgid "perm stack overflow" msgstr "prelijevanje snopa s pravima pristupa" -#: plugins/sudoers/set_perms.c:122 plugins/sudoers/set_perms.c:372 -#: plugins/sudoers/set_perms.c:449 plugins/sudoers/set_perms.c:711 -#: plugins/sudoers/set_perms.c:852 plugins/sudoers/set_perms.c:1074 -#: plugins/sudoers/set_perms.c:1158 plugins/sudoers/set_perms.c:1377 -#: plugins/sudoers/set_perms.c:1452 plugins/sudoers/set_perms.c:1542 +#: plugins/sudoers/set_perms.c:125 plugins/sudoers/set_perms.c:376 +#: plugins/sudoers/set_perms.c:456 plugins/sudoers/set_perms.c:719 +#: plugins/sudoers/set_perms.c:863 plugins/sudoers/set_perms.c:1086 +#: plugins/sudoers/set_perms.c:1173 plugins/sudoers/set_perms.c:1393 +#: plugins/sudoers/set_perms.c:1471 plugins/sudoers/set_perms.c:1562 msgid "perm stack underflow" msgstr "iscrpljenje snopa s pravima pristupa" -#: plugins/sudoers/set_perms.c:181 plugins/sudoers/set_perms.c:495 -#: plugins/sudoers/set_perms.c:1211 plugins/sudoers/set_perms.c:1485 +#: plugins/sudoers/set_perms.c:185 plugins/sudoers/set_perms.c:503 +#: plugins/sudoers/set_perms.c:1227 plugins/sudoers/set_perms.c:1505 msgid "unable to change to root gid" msgstr "nije moguće promijeniti na GID od root" -#: plugins/sudoers/set_perms.c:272 plugins/sudoers/set_perms.c:592 -#: plugins/sudoers/set_perms.c:983 plugins/sudoers/set_perms.c:1288 +#: plugins/sudoers/set_perms.c:276 plugins/sudoers/set_perms.c:600 +#: plugins/sudoers/set_perms.c:995 plugins/sudoers/set_perms.c:1304 msgid "unable to change to runas gid" msgstr "nije moguće promijeniti na runas GID" -#: plugins/sudoers/set_perms.c:277 plugins/sudoers/set_perms.c:597 -#: plugins/sudoers/set_perms.c:988 plugins/sudoers/set_perms.c:1293 +#: plugins/sudoers/set_perms.c:281 plugins/sudoers/set_perms.c:605 +#: plugins/sudoers/set_perms.c:1000 plugins/sudoers/set_perms.c:1309 msgid "unable to set runas group vector" msgstr "nije moguće postaviti runas grupni vektor" -#: plugins/sudoers/set_perms.c:288 plugins/sudoers/set_perms.c:608 -#: plugins/sudoers/set_perms.c:997 plugins/sudoers/set_perms.c:1302 +#: plugins/sudoers/set_perms.c:292 plugins/sudoers/set_perms.c:616 +#: plugins/sudoers/set_perms.c:1009 plugins/sudoers/set_perms.c:1318 msgid "unable to change to runas uid" msgstr "nije moguće promijeniti na runas UID" -#: plugins/sudoers/set_perms.c:306 plugins/sudoers/set_perms.c:626 -#: plugins/sudoers/set_perms.c:1013 plugins/sudoers/set_perms.c:1318 +#: plugins/sudoers/set_perms.c:310 plugins/sudoers/set_perms.c:634 +#: plugins/sudoers/set_perms.c:1025 plugins/sudoers/set_perms.c:1334 msgid "unable to change to sudoers gid" msgstr "nije moguće promijeniti na sudoers GID" -#: plugins/sudoers/set_perms.c:359 plugins/sudoers/set_perms.c:698 -#: plugins/sudoers/set_perms.c:1061 plugins/sudoers/set_perms.c:1364 -#: plugins/sudoers/set_perms.c:1529 +#: plugins/sudoers/set_perms.c:363 plugins/sudoers/set_perms.c:706 +#: plugins/sudoers/set_perms.c:1073 plugins/sudoers/set_perms.c:1380 +#: plugins/sudoers/set_perms.c:1549 msgid "too many processes" msgstr "previše procesa" @@ -2531,259 +3163,273 @@ msgid "truncated audit path argv[0]: %s" msgstr "skraćena (audit) staza revizije argv[0]: %s" -#: plugins/sudoers/sssd.c:572 +#: plugins/sudoers/sssd.c:569 msgid "unable to initialize SSS source. Is SSSD installed on your machine?" msgstr "nije moguće inicijalizirati SSS izvor. Je li SSSD instaliran na vašem računalu?" -#: plugins/sudoers/sssd.c:580 plugins/sudoers/sssd.c:589 -#: plugins/sudoers/sssd.c:598 plugins/sudoers/sssd.c:607 -#: plugins/sudoers/sssd.c:616 +#: plugins/sudoers/sssd.c:577 plugins/sudoers/sssd.c:586 +#: plugins/sudoers/sssd.c:595 plugins/sudoers/sssd.c:604 +#: plugins/sudoers/sssd.c:613 #, c-format msgid "unable to find symbol \"%s\" in %s" msgstr "nije moguće pronaći simbol „%s“ u %s" -#: plugins/sudoers/sudoers.c:214 plugins/sudoers/sudoers.c:1010 +#: plugins/sudoers/sudoers.c:166 plugins/sudoers/sudoers.c:174 +#: plugins/sudoers/sudoers.c:228 plugins/sudoers/sudoers.c:249 +#: plugins/sudoers/sudoers.c:1049 msgid "problem with defaults entries" msgstr "problem sa stavkama defaults" -#: plugins/sudoers/sudoers.c:218 +#: plugins/sudoers/sudoers.c:253 msgid "no valid sudoers sources found, quitting" msgstr "nisu pronađeni valjani sudoers izvori, kraj rada" -#: plugins/sudoers/sudoers.c:292 +#: plugins/sudoers/sudoers.c:327 #, c-format msgid "user not allowed to change root directory to %s" msgstr "korisniku nije dopušteno promijeniti radni direktorij na %s" -#: plugins/sudoers/sudoers.c:294 +#: plugins/sudoers/sudoers.c:329 #, c-format msgid "you are not permitted to use the -R option with %s" msgstr "vama nije dopušteno koristi opciju -R s/sa %s" -#: plugins/sudoers/sudoers.c:319 +#: plugins/sudoers/sudoers.c:354 #, c-format msgid "user not allowed to change directory to %s" msgstr "korisniku nije dopušteno promijeniti direktorij na %s" -#: plugins/sudoers/sudoers.c:320 +#: plugins/sudoers/sudoers.c:355 #, c-format msgid "you are not permitted to use the -D option with %s" msgstr "vama nije dopušteno koristi opciju -D s/sa %s" -#: plugins/sudoers/sudoers.c:351 +#: plugins/sudoers/sudoers.c:382 +msgid "no command specified" +msgstr "nijedna naredba nije specificirana" + +#: plugins/sudoers/sudoers.c:407 msgid "sudoers specifies that root is not allowed to sudo" msgstr "sudoers specificira da root ne može koristiti sudo" -#: plugins/sudoers/sudoers.c:411 +#: plugins/sudoers/sudoers.c:457 msgid "user not allowed to override closefrom limit" msgstr "korisniku nije dopušteno promijeniti ograničenje od ‘closefrom’" -#: plugins/sudoers/sudoers.c:412 +#: plugins/sudoers/sudoers.c:458 msgid "you are not permitted to use the -C option" msgstr "vama nije dopušteno koristi opciju -C" -#: plugins/sudoers/sudoers.c:472 +#: plugins/sudoers/sudoers.c:518 #, c-format msgid "timestamp owner (%s): No such user" msgstr "vlasnik vremenske oznake (%s): Nema takvog korisnika" -#: plugins/sudoers/sudoers.c:487 +#: plugins/sudoers/sudoers.c:533 msgid "no tty" msgstr "nema TTY" -#: plugins/sudoers/sudoers.c:488 +#: plugins/sudoers/sudoers.c:534 msgid "sorry, you must have a tty to run sudo" msgstr "nažalost, da pokrenete sudo morate imati TTY" -#: plugins/sudoers/sudoers.c:495 +#: plugins/sudoers/sudoers.c:541 #, c-format msgid "invalid shell for user %s: %s" msgstr "nevaljana ljuska za korisnika %s: %s" -#: plugins/sudoers/sudoers.c:578 +#: plugins/sudoers/sudoers.c:624 msgid "command in current directory" msgstr "naredba u trenutnom direktoriju" -#: plugins/sudoers/sudoers.c:597 +#: plugins/sudoers/sudoers.c:639 +msgid "\"cd\" is a shell built-in command, it cannot be run directly." +msgstr "„cd“ naredba je ugrađena u ljusku, ne može se izravno pokrenuti." + +#: plugins/sudoers/sudoers.c:641 +msgid "the -s option may be used to run a privileged shell." +msgstr "opcija -s može se koristiti za pokretanje privilegirane ljuske." + +#: plugins/sudoers/sudoers.c:643 +msgid "the -D option may be used to run a command in a specific directory." +msgstr "opcija -D može se koristiti za pokretanje naredbe u određenom direktoriju." + +#: plugins/sudoers/sudoers.c:652 msgid "user not allowed to set a command timeout" msgstr "korisniku nije dopušteno postavljanje tajmaut naredbe" -#: plugins/sudoers/sudoers.c:599 +#: plugins/sudoers/sudoers.c:654 msgid "sorry, you are not allowed set a command timeout" msgstr "nažalost, vama nije dopušteno postavljanje tajmaut za naredbu" -#: plugins/sudoers/sudoers.c:607 +#: plugins/sudoers/sudoers.c:662 msgid "user not allowed to preserve the environment" msgstr "korisniku nije dopušteno sačuvati okolinu" -#: plugins/sudoers/sudoers.c:609 +#: plugins/sudoers/sudoers.c:664 msgid "sorry, you are not allowed to preserve the environment" msgstr "vama nije dopušteno zadržati okolinu" -#: plugins/sudoers/sudoers.c:945 -msgid "command too long" -msgstr "naredba je preduga" - -#: plugins/sudoers/sudoers.c:1003 +#: plugins/sudoers/sudoers.c:1037 msgid "sudoedit doesn't need to be run via sudo" msgstr "sudoedit se ne mora pokrenuti sa sudo" -#: plugins/sudoers/sudoers.c:1057 plugins/sudoers/sudoreplay.c:1547 +#: plugins/sudoers/sudoers.c:1096 plugins/sudoers/sudoreplay.c:1578 #: plugins/sudoers/tsdump.c:138 #, c-format msgid "unable to read %s" msgstr "nije moguće pročitati %s" -#: plugins/sudoers/sudoers.c:1082 plugins/sudoers/visudo.c:432 -#: plugins/sudoers/visudo.c:726 +#: plugins/sudoers/sudoers.c:1121 plugins/sudoers/visudo.c:449 +#: plugins/sudoers/visudo.c:748 #, c-format msgid "unable to stat %s" msgstr "nije moguće dobiti status od %s" -#: plugins/sudoers/sudoers.c:1086 plugins/sudoers/visudo.c:1018 +#: plugins/sudoers/sudoers.c:1125 plugins/sudoers/visudo.c:1045 #, c-format msgid "%s is not a regular file" msgstr "%s nije obična datoteka" -#: plugins/sudoers/sudoers.c:1090 plugins/sudoers/timestamp.c:252 toke.l:1112 +#: plugins/sudoers/sudoers.c:1129 plugins/sudoers/timestamp.c:252 toke.l:1168 #, c-format msgid "%s is owned by uid %u, should be %u" msgstr "vlasnik %s je UID %u, a treba biti %u" -#: plugins/sudoers/sudoers.c:1094 toke.l:1117 +#: plugins/sudoers/sudoers.c:1133 toke.l:1173 #, c-format msgid "%s is world writable" msgstr "%s smije svatko mijenjati/pisati" -#: plugins/sudoers/sudoers.c:1098 toke.l:1120 +#: plugins/sudoers/sudoers.c:1137 toke.l:1176 #, c-format msgid "%s is owned by gid %u, should be %u" msgstr "vlasnik %s je GID %u, a treba biti %u" -#: plugins/sudoers/sudoers.c:1131 +#: plugins/sudoers/sudoers.c:1170 #, c-format msgid "only root can use \"-c %s\"" msgstr "samo root može koristiti „-c %s“" -#: plugins/sudoers/sudoers.c:1150 +#: plugins/sudoers/sudoers.c:1189 #, c-format -msgid "unknown login class: %s" -msgstr "nepoznata klasa prijave: %s" +msgid "unknown login class %s" +msgstr "nepoznata klasa prijave %s" -#: plugins/sudoers/sudoers.c:1235 plugins/sudoers/sudoers.c:1250 +#: plugins/sudoers/sudoers.c:1275 plugins/sudoers/sudoers.c:1290 #, c-format msgid "unable to resolve host %s" msgstr "nije moguće pronaći računalo %s" -#: plugins/sudoers/sudoreplay.c:257 +#: plugins/sudoers/sudoreplay.c:259 #, c-format msgid "invalid filter option: %s" msgstr "nevaljana opcija filtra: %s" -#: plugins/sudoers/sudoreplay.c:273 +#: plugins/sudoers/sudoreplay.c:275 #, c-format msgid "invalid max wait: %s" msgstr "nevaljano maksimalno vrijeme čekanja: %s" -#: plugins/sudoers/sudoreplay.c:296 +#: plugins/sudoers/sudoreplay.c:298 #, c-format msgid "invalid speed factor: %s" msgstr "nevaljani faktor brzine: %s" -#: plugins/sudoers/sudoreplay.c:332 +#: plugins/sudoers/sudoreplay.c:333 +#, c-format +msgid "invalid time offset %s" +msgstr "nevaljani vremenski odmak %s" + +#: plugins/sudoers/sudoreplay.c:342 #, c-format msgid "%s/%.2s/%.2s/%.2s: %s" msgstr "%s/%.2s/%.2s/%.2s: %s" -#: plugins/sudoers/sudoreplay.c:337 +#: plugins/sudoers/sudoreplay.c:347 #, c-format msgid "%s/timing: %s" msgstr "%s/tajming: %s" -#: plugins/sudoers/sudoreplay.c:341 -#, c-format -msgid "%s/%s: %s" -msgstr "%s/%s: %s" - -#: plugins/sudoers/sudoreplay.c:365 +#: plugins/sudoers/sudoreplay.c:375 #, c-format msgid "Replaying sudo session: %s" msgstr "Reproduciranje sudo sesije: %s" -#: plugins/sudoers/sudoreplay.c:627 +#: plugins/sudoers/sudoreplay.c:637 msgid "unable to set tty to raw mode" msgstr "nije moguće postaviti TTY u direktni mȏd (da ne interpretira posebne znakove)" -#: plugins/sudoers/sudoreplay.c:678 +#: plugins/sudoers/sudoreplay.c:688 msgid "Warning: your terminal is too small to properly replay the log.\n" msgstr "Upozorenje: vaš terminal je premaleni da pravilno reproducira dnevnik.\n" -#: plugins/sudoers/sudoreplay.c:679 +#: plugins/sudoers/sudoreplay.c:689 #, c-format msgid "Log geometry is %d x %d, your terminal's geometry is %d x %d." msgstr "Veličina dnevnika je %d x %d, a veličina vašeg terminala %d x %d." -#: plugins/sudoers/sudoreplay.c:707 +#: plugins/sudoers/sudoreplay.c:717 msgid "Replay finished, press any key to restore the terminal." msgstr "Reprodukcija je završena -- obnovite terminal pritiskom na bilo koju tipku." -#: plugins/sudoers/sudoreplay.c:1197 plugins/sudoers/sudoreplay.c:1227 +#: plugins/sudoers/sudoreplay.c:1218 plugins/sudoers/sudoreplay.c:1248 #, c-format msgid "ambiguous expression \"%s\"" msgstr "višeznačni izraz „%s“" -#: plugins/sudoers/sudoreplay.c:1249 +#: plugins/sudoers/sudoreplay.c:1270 msgid "unmatched ')' in expression" msgstr "nesparena „)“ u izrazu" -#: plugins/sudoers/sudoreplay.c:1253 +#: plugins/sudoers/sudoreplay.c:1274 #, c-format msgid "unknown search term \"%s\"" msgstr "nepoznati pojam za pretragu „%s“" -#: plugins/sudoers/sudoreplay.c:1268 +#: plugins/sudoers/sudoreplay.c:1289 #, c-format msgid "%s requires an argument" msgstr "%s zahtijeva argument" -#: plugins/sudoers/sudoreplay.c:1271 plugins/sudoers/sudoreplay.c:1523 +#: plugins/sudoers/sudoreplay.c:1292 plugins/sudoers/sudoreplay.c:1554 #, c-format msgid "invalid regular expression: %s" msgstr "nevaljani regularni izraz: %s" -#: plugins/sudoers/sudoreplay.c:1276 +#: plugins/sudoers/sudoreplay.c:1297 #, c-format msgid "could not parse date \"%s\"" msgstr "nije moguće raščlaniti datum „%s“" -#: plugins/sudoers/sudoreplay.c:1285 +#: plugins/sudoers/sudoreplay.c:1306 msgid "unmatched '(' in expression" msgstr "nesparena „(“ u izrazu" -#: plugins/sudoers/sudoreplay.c:1287 +#: plugins/sudoers/sudoreplay.c:1308 msgid "illegal trailing \"or\"" msgstr "nedopušteni zaostali „or“" -#: plugins/sudoers/sudoreplay.c:1289 +#: plugins/sudoers/sudoreplay.c:1310 msgid "illegal trailing \"!\"" msgstr "nedopušteni zaostali „!“" -#: plugins/sudoers/sudoreplay.c:1347 +#: plugins/sudoers/sudoreplay.c:1368 #, c-format msgid "unknown search type %d" msgstr "nepoznata vrsta za pretragu %d" -#: plugins/sudoers/sudoreplay.c:1614 +#: plugins/sudoers/sudoreplay.c:1645 #, c-format msgid "usage: %s [-hnRS] [-d dir] [-m num] [-s num] ID\n" msgstr "uporaba: %s [-hnRS] [-d dir] [-m num] [-s num] ID\n" -#: plugins/sudoers/sudoreplay.c:1617 +#: plugins/sudoers/sudoreplay.c:1648 #, c-format msgid "usage: %s [-h] [-d dir] -l [search expression]\n" msgstr "uporaba: %s [-h] [-d direktorij] -l [izraz za pretragu]\n" -#: plugins/sudoers/sudoreplay.c:1626 +#: plugins/sudoers/sudoreplay.c:1657 #, c-format msgid "" "%s - replay sudo session logs\n" @@ -2792,7 +3438,7 @@ "%s - reproducira dnevnike sudo sesija\n" "\n" -#: plugins/sudoers/sudoreplay.c:1628 +#: plugins/sudoers/sudoreplay.c:1659 msgid "" "\n" "Options:\n" @@ -2821,11 +3467,11 @@ " -s, --speed=num ubrza ili uspori reprodukciju\n" " -V, --version informira o inačici ovog programa i iziđe" -#: plugins/sudoers/testsudoers.c:348 +#: plugins/sudoers/testsudoers.c:344 msgid "\thost unmatched" msgstr "\tračunalo se ne podudara" -#: plugins/sudoers/testsudoers.c:351 +#: plugins/sudoers/testsudoers.c:347 msgid "" "\n" "Command allowed" @@ -2833,7 +3479,7 @@ "\n" "Naredba je dopuštena." -#: plugins/sudoers/testsudoers.c:352 +#: plugins/sudoers/testsudoers.c:348 msgid "" "\n" "Command denied" @@ -2841,7 +3487,7 @@ "\n" "Naredba nije dopuštena." -#: plugins/sudoers/testsudoers.c:352 +#: plugins/sudoers/testsudoers.c:348 msgid "" "\n" "Command unmatched" @@ -2854,121 +3500,127 @@ msgid "%s is group writable" msgstr "%s članovi grupe mogu mijenjati/pisati" -#: plugins/sudoers/timestamp.c:336 plugins/sudoers/timestamp.c:680 +#: plugins/sudoers/timestamp.c:328 plugins/sudoers/timestamp.c:663 #, c-format msgid "unable to truncate time stamp file to %lld bytes" msgstr "nije moguće skratiti datoteku s vremenskim podacima na %lld bajtova" -#: plugins/sudoers/timestamp.c:866 +#: plugins/sudoers/timestamp.c:860 msgid "ignoring time stamp from the future" msgstr "ignorira se vremenska oznaka iz budućnosti" -#: plugins/sudoers/timestamp.c:889 +#: plugins/sudoers/timestamp.c:883 #, c-format msgid "time stamp too far in the future: %20.20s" msgstr "vremenska oznaka je predaleko u budućnosti: %20.20s" -#: plugins/sudoers/timestamp.c:1011 +#: plugins/sudoers/timestamp.c:1005 #, c-format msgid "unable to lock time stamp file %s" msgstr "nije moguće zaključati datoteku s vremenskim oznakama %s" -#: plugins/sudoers/timestamp.c:1055 plugins/sudoers/timestamp.c:1075 +#: plugins/sudoers/timestamp.c:1049 plugins/sudoers/timestamp.c:1069 #, c-format msgid "lecture status path too long: %s/%s" -msgstr "staza do lekcije je preduga: %s/%s" +msgstr "staza do lekcije je predugačka: %s/%s" -#: plugins/sudoers/toke_util.c:124 +#: plugins/sudoers/toke_util.c:150 msgid "sudoedit should not be specified with a path" msgstr "sudoedit se ne smije specificirati sa stazom" -#: plugins/sudoers/visudo.c:226 +#: plugins/sudoers/visudo.c:238 msgid "the -x option will be removed in a future release" msgstr "opcija -x biti će uklonjena iz buduće inačice" -#: plugins/sudoers/visudo.c:228 +#: plugins/sudoers/visudo.c:240 msgid "please consider using the cvtsudoers utility instead" msgstr "molimo da umjesto toga pokušate rabiti cvtsudoers uslužni program" -#: plugins/sudoers/visudo.c:279 plugins/sudoers/visudo.c:659 +#: plugins/sudoers/visudo.c:292 plugins/sudoers/visudo.c:676 #, c-format msgid "press return to edit %s: " msgstr "pritisnite return/enter za redigirati %s: " -#: plugins/sudoers/visudo.c:340 +#: plugins/sudoers/visudo.c:307 +#, c-format +msgid "contents of edit session left in %s" +msgstr "sadržaj sesije uređivanja je ostavljen u %s" + +#: plugins/sudoers/visudo.c:361 #, c-format msgid "specified editor (%s) doesn't exist" msgstr "navedeni uređivač (%s) ne postoji" -#: plugins/sudoers/visudo.c:342 +#: plugins/sudoers/visudo.c:363 #, c-format msgid "no editor found (editor path = %s)" msgstr "nijedan uređivač nije pronađen (editor path = %s)" -#: plugins/sudoers/visudo.c:452 plugins/sudoers/visudo.c:460 +#: plugins/sudoers/visudo.c:469 plugins/sudoers/visudo.c:477 msgid "write error" msgstr "greška pri pisanju" -#: plugins/sudoers/visudo.c:506 +#: plugins/sudoers/visudo.c:523 #, c-format msgid "unable to stat temporary file (%s), %s unchanged" msgstr "nije moguće dobiti status privremene datoteke (%s), %s nije promijenjena" -#: plugins/sudoers/visudo.c:513 +#: plugins/sudoers/visudo.c:530 #, c-format msgid "zero length temporary file (%s), %s unchanged" msgstr "privremena datoteka duljine nula (%s), %s nije promijenjena" -#: plugins/sudoers/visudo.c:519 +#: plugins/sudoers/visudo.c:536 #, c-format msgid "editor (%s) failed, %s unchanged" msgstr "greška uređivač (%s), %s nije promijenjena" -#: plugins/sudoers/visudo.c:541 +#: plugins/sudoers/visudo.c:558 #, c-format msgid "%s unchanged" msgstr "%s nije promijenjeno" -#: plugins/sudoers/visudo.c:598 +#: plugins/sudoers/visudo.c:615 #, c-format msgid "unable to re-open temporary file (%s), %s unchanged." msgstr "nije moguće ponovo otvoriti privremenu datoteku (%s), %s nije promijenjena." -#: plugins/sudoers/visudo.c:610 +#: plugins/sudoers/visudo.c:627 #, c-format msgid "unable to parse temporary file (%s), unknown error" msgstr "nije moguće razabrati privremenu datoteku (%s) -- nepoznata greška" -#: plugins/sudoers/visudo.c:648 +#: plugins/sudoers/visudo.c:665 #, c-format msgid "internal error, unable to find %s in list!" msgstr "**interna greška**, nije moguće pronaći %s na popisu!" -#: plugins/sudoers/visudo.c:728 plugins/sudoers/visudo.c:737 +#: plugins/sudoers/visudo.c:722 plugins/sudoers/visudo.c:752 +#: plugins/sudoers/visudo.c:759 #, c-format msgid "unable to set (uid, gid) of %s to (%u, %u)" msgstr "nije moguće postaviti (UID, GID) od %s na (%u, %u)" -#: plugins/sudoers/visudo.c:760 +#: plugins/sudoers/visudo.c:787 #, c-format msgid "%s and %s not on the same file system, using mv to rename" msgstr "%s i %s nisu na istom datotečnom sustavu, koristi se mv za preimenovanje" -#: plugins/sudoers/visudo.c:774 +#: plugins/sudoers/visudo.c:798 #, c-format msgid "command failed: '%s %s %s', %s unchanged" msgstr "naredba nije uspjela: „%s %s %s“, %s nije promijenjena" -#: plugins/sudoers/visudo.c:784 +#: plugins/sudoers/visudo.c:805 #, c-format msgid "error renaming %s, %s unchanged" msgstr "greška u preimenovanju %s, %s nije promijenjena" -#: plugins/sudoers/visudo.c:805 +#: plugins/sudoers/visudo.c:825 msgid "What now? " msgstr "Što sada? " -#: plugins/sudoers/visudo.c:819 +#: plugins/sudoers/visudo.c:839 msgid "" "Options are:\n" " (e)dit sudoers file again\n" @@ -2980,66 +3632,41 @@ " (x) završiti bez spremanja promjena u datoteku sudoers)\n" " (Q) prekinuti i spremiti promjene u datoteku sudoers (OPASNO!)\n" -#: plugins/sudoers/visudo.c:865 +#: plugins/sudoers/visudo.c:885 #, c-format msgid "unable to run %s" msgstr "nije moguće pokrenuti %s" -#: plugins/sudoers/visudo.c:895 +#: plugins/sudoers/visudo.c:916 #, c-format msgid "%s: wrong owner (uid, gid) should be (%u, %u)\n" msgstr "%s: krivi vlasnik (UID, GID) a treba biti (%u, %u)\n" -#: plugins/sudoers/visudo.c:902 +#: plugins/sudoers/visudo.c:927 #, c-format msgid "%s: bad permissions, should be mode 0%o\n" msgstr "%s: loša prava pristupa, trebala bi biti 0%o\n" -#: plugins/sudoers/visudo.c:951 plugins/sudoers/visudo.c:958 +#: plugins/sudoers/visudo.c:978 plugins/sudoers/visudo.c:985 #, c-format msgid "%s: parsed OK\n" msgstr "%s: raščlamba je uspjela\n" -#: plugins/sudoers/visudo.c:977 +#: plugins/sudoers/visudo.c:1004 #, c-format msgid "%s busy, try again later" msgstr "%s je zauzeti, pokušajte ponovo kasnije" -#: plugins/sudoers/visudo.c:980 -#, c-format -msgid "unable to lock %s" -msgstr "nije moguće zaključati %s" - -#: plugins/sudoers/visudo.c:981 +#: plugins/sudoers/visudo.c:1008 msgid "Edit anyway? [y/N]" msgstr "Ipak redigirati? [y/N]" -#: plugins/sudoers/visudo.c:1091 -#, c-format -msgid "Error: %s:%d:%d: cycle in %s \"%s\"" -msgstr "Greška: %s:%d:%d: ciklus u %s „%s“" - -#: plugins/sudoers/visudo.c:1092 -#, c-format -msgid "Warning: %s:%d:%d: cycle in %s \"%s\"" -msgstr "Upozorenje: %s:%d:%d: ciklus u %s „%s“" - -#: plugins/sudoers/visudo.c:1096 -#, c-format -msgid "Error: %s:%d:%d: %s \"%s\" referenced but not defined" -msgstr "Greška: %s:%d:%d %s „%s“ je referenciran ali nije definiran" - -#: plugins/sudoers/visudo.c:1097 -#, c-format -msgid "Warning: %s:%d:%d: %s \"%s\" referenced but not defined" -msgstr "Upozorenje: %s:%d:%d %s „%s“ je referenciran ali nije definiran" - -#: plugins/sudoers/visudo.c:1188 +#: plugins/sudoers/visudo.c:1104 #, c-format msgid "Warning: %s:%d:%d: unused %s \"%s\"" msgstr "Upozorenje: %s:%d:%d nekorišteni %s „%s“" -#: plugins/sudoers/visudo.c:1303 +#: plugins/sudoers/visudo.c:1220 #, c-format msgid "" "%s - safely edit the sudoers file\n" @@ -3048,7 +3675,7 @@ "%s - sigurno redigira sudoers datoteku\n" "\n" -#: plugins/sudoers/visudo.c:1305 +#: plugins/sudoers/visudo.c:1222 msgid "" "\n" "Options:\n" @@ -3068,40 +3695,105 @@ " -s, --strick striktna testira sintaksu sudoers datoteke\n" " -V, --version informira o inačici ovog programa i iziđe\n" -#: toke.l:179 +#: toke.l:187 msgid "empty string" msgstr "prazni string" -#: toke.l:189 toke.l:491 +#: toke.l:199 toke.l:513 msgid "empty group" msgstr "prazna grupa" -#: toke.l:197 toke.l:489 +#: toke.l:209 toke.l:511 msgid "empty netgroup" msgstr "prazna mrežna grupa (netgroup)" -#: toke.l:293 toke.l:305 toke.l:317 toke.l:333 toke.l:352 toke.l:392 +#: toke.l:305 toke.l:317 toke.l:329 toke.l:345 toke.l:364 toke.l:404 msgid "invalid line continuation" msgstr "nevaljani nastavak retka" -#: toke.l:528 toke.l:540 +#: toke.l:550 toke.l:562 msgid "invalid IPv6 address" msgstr "nevaljana IPv6 adresa" -#: toke.l:764 +#: toke.l:789 msgid "unexpected line break in string" msgstr "neočekivani prelom retka" -#: toke.l:1084 +#: toke.l:1139 msgid "too many levels of includes" msgstr "previše razina uključivanja" +#~ msgid "%s: write buffer already in use" +#~ msgstr "%s: međuspremnik za pisanje je zauzet" + +#~ msgid "unable to read diffie-hellman parameters: %s" +#~ msgstr "nije moguće pročitati diffie-hellman parametre: %s" + +#~ msgid "unknown defaults entry \"%s\"" +#~ msgstr "nepoznati unos defaults „%s“" + +#~ msgid "%s:%d unknown key: %s" +#~ msgstr "%s: %d nepoznati ključ: %s" + +#~ msgid "unable to get TLS server method: %s" +#~ msgstr "nije moguće dobiti od servera metodu: %s" + +#~ msgid "%s:%u unable to parse \"%s\"" +#~ msgstr "%s:%u nije moguće raščlaniti \"%s\"" + +#~ msgid "" +#~ "\n" +#~ "Options:\n" +#~ " -f, --file path to configuration file\n" +#~ " -h --help display help message and exit\n" +#~ " -n, --no-fork do not fork, run in the foreground\n" +#~ " -R, --random-drop percent chance connections will drop\n" +#~ " -V, --version display version information and exit\n" +#~ msgstr "" +#~ "\n" +#~ "Opcije:\n" +#~ " -f, --file= staza do konfiguracijske datoteke\n" +#~ " -h, --help pokaže ovu pomoć i iziđe\n" +#~ " -n, --no-fork ne stvara novi proces, nego radi u prednjem planu\n" +#~ " -R, --random-drop postotak šanse da izgubi vezu (drop connection)\n" +#~ " -V, --version informira o inačici ovog programa i iziđe\n" + +#~ msgid "" +#~ "\n" +#~ "Options:\n" +#~ " --help display help message and exit\n" +#~ " -A, --accept only send an accept event (no I/O)\n" +#~ " -h, --host host to send logs to\n" +#~ " -i, --iolog_id remote ID of I/O log to be resumed\n" +#~ " -p, --port port to use when connecting to host\n" +#~ " -r, --restart restart previous I/O log transfer\n" +#~ " -R, --reject reject the command with the given reason\n" +#~ " -b, --ca-bundle certificate bundle file to verify server's cert against\n" +#~ " -c, --cert certificate file for TLS handshake\n" +#~ " -k, --key private key file\n" +#~ " -n, --no-verify do not verify server certificate\n" +#~ " -t, --test test audit server by sending selected I/O log n times in parallel\n" +#~ " -V, --version display version information and exit\n" +#~ msgstr "" +#~ "\n" +#~ "Options:\n" +#~ " --help pokaže ovu pomoć i iziđe\n" +#~ " -A, --accept only send an accept event (no I/O)\n" +#~ " -h, --host host (računalo) kojemu se šalje dnevnik\n" +#~ " -i, --iolog_id udaljeni ID od U/I dnevnika koji treba nastaviti\n" +#~ " -p, --port port koji će se koristiti za spajanje na hosta\n" +#~ " -r, --restart ponovi prethodni prijenos U/I dnevnika\n" +#~ " -b, --ca-bundle datoteka s paketom certifikata (CA) za provjeru\n" +#~ " certifikata servera\n" +#~ " -c, --cert certificat datoteka za TLS rukovanje (handshake)\n" +#~ " -k, --key datoteka s privatnim (tajnim) ključem (private key)\n" +#~ " -t, --test testira revizijski server tako da paralelno\n" +#~ " pošalje ‘n’ puta U/I dnevnik\n" +#~ " -V, --version informira o inačici ovog programa i iziđe\n" + #~ msgid "Preload the dummy exec functions contained in the sudo_noexec library" #~ msgstr "Prethodno učitati prividne izvršne funkcije sadržane u biblioteci sudo_noexec." -#~ msgid "unable to lock log file: %s" -#~ msgstr "nije moguće zaključati dnevničku datoteku: %s" - #~ msgid "sudo_ldap_conf_add_ports: port too large" #~ msgstr "‘sudo_ldap_conf_add_ports’: port vrijednost je prevelika" @@ -3201,9 +3893,6 @@ #~ msgid "Warning: cycle in %s `%s'" #~ msgstr "Upozorenje: ciklus u %s „%s“" -#~ msgid "Warning: %s `%s' referenced but not defined" -#~ msgstr "Upozorenje: %s „%s“ ima referenciju ali nije definiran" - #~ msgid "Warning: unused %s `%s'" #~ msgstr "Upozorenje: %s „%s“ nije upotrebljen" Binary files /tmp/tmpi0rdlgnl/ugezXHF7Xt/sudo-1.9.5p2/plugins/sudoers/po/it.mo and /tmp/tmpi0rdlgnl/jboyaHmwzR/sudo-1.9.9/plugins/sudoers/po/it.mo differ diff -Nru sudo-1.9.5p2/plugins/sudoers/po/it.po sudo-1.9.9/plugins/sudoers/po/it.po --- sudo-1.9.5p2/plugins/sudoers/po/it.po 2021-01-09 20:12:16.000000000 +0000 +++ sudo-1.9.9/plugins/sudoers/po/it.po 2022-01-27 21:24:06.000000000 +0000 @@ -1,13 +1,13 @@ # Italian translations for sudoers package # This file is put in the public domain. -# Milo Casagrande , 2011, 2012, 2013, 2014, 2015, 2016, 2017, 2018, 2019, 2020. +# Milo Casagrande , 2011, 2012, 2013, 2014, 2015, 2016, 2017, 2018, 2019, 2020, 2021. # msgid "" msgstr "" -"Project-Id-Version: sudoers-1.9.4b1\n" +"Project-Id-Version: sudoers-1.9.7b1\n" "Report-Msgid-Bugs-To: https://bugzilla.sudo.ws\n" -"POT-Creation-Date: 2020-11-14 06:24-0700\n" -"PO-Revision-Date: 2020-12-03 09:48+0100\n" +"POT-Creation-Date: 2021-05-01 16:27-0600\n" +"PO-Revision-Date: 2021-08-19 10:51+0200\n" "Last-Translator: Milo Casagrande \n" "Language-Team: Italian \n" "Language: it\n" @@ -16,10 +16,10 @@ "Content-Transfer-Encoding: 8bit\n" "X-Bugs: Report translation errors to the Language-Team address.\n" "Plural-Forms: nplurals=2; plural=(n != 1);\n" -"X-Generator: Poedit 2.4.1\n" +"X-Generator: Poedit 2.4.2\n" "X-Poedit-SourceCharset: UTF-8\n" -#: confstr.sh:1 gram.y:1077 +#: confstr.sh:1 gram.y:1183 msgid "syntax error" msgstr "errore di sintassi" @@ -43,429 +43,458 @@ msgid "Sorry, try again." msgstr "Riprovare." -#: gram.y:220 gram.y:286 gram.y:293 gram.y:300 gram.y:307 gram.y:314 -#: gram.y:334 gram.y:358 gram.y:365 gram.y:372 gram.y:379 gram.y:386 -#: gram.y:455 gram.y:464 gram.y:475 gram.y:510 gram.y:517 gram.y:524 -#: gram.y:531 gram.y:558 gram.y:654 gram.y:661 gram.y:670 gram.y:679 -#: gram.y:696 gram.y:834 gram.y:841 gram.y:849 gram.y:855 gram.y:971 -#: gram.y:978 gram.y:985 gram.y:992 gram.y:999 gram.y:1025 gram.y:1032 -#: gram.y:1039 gram.y:1236 gram.y:1526 lib/eventlog/eventlog.c:280 -#: lib/eventlog/eventlog.c:352 lib/eventlog/eventlog.c:753 -#: lib/eventlog/eventlog.c:817 lib/eventlog/eventlog.c:1062 -#: lib/iolog/iolog_fileio.c:998 lib/iolog/iolog_json.c:120 -#: lib/iolog/iolog_json.c:305 lib/iolog/iolog_json.c:335 -#: lib/iolog/iolog_json.c:457 lib/iolog/iolog_util.c:106 -#: lib/iolog/iolog_util.c:115 lib/iolog/iolog_util.c:125 -#: lib/iolog/iolog_util.c:133 lib/iolog/iolog_util.c:137 -#: lib/iolog/iolog_util.c:196 logsrvd/sendlog.c:480 -#: plugins/sudoers/alias.c:126 plugins/sudoers/alias.c:134 -#: plugins/sudoers/alias.c:153 plugins/sudoers/audit.c:115 -#: plugins/sudoers/audit.c:210 plugins/sudoers/auth/bsdauth.c:143 +#: gram.y:233 gram.y:300 gram.y:309 gram.y:318 gram.y:328 gram.y:338 +#: gram.y:362 gram.y:389 gram.y:398 gram.y:406 gram.y:415 gram.y:424 +#: gram.y:496 gram.y:506 gram.y:518 gram.y:562 gram.y:571 gram.y:580 +#: gram.y:589 gram.y:619 gram.y:716 gram.y:724 gram.y:735 gram.y:747 +#: gram.y:766 gram.y:914 gram.y:922 gram.y:932 gram.y:938 gram.y:1060 +#: gram.y:1069 gram.y:1077 gram.y:1086 gram.y:1095 gram.y:1124 gram.y:1133 +#: gram.y:1141 gram.y:1231 gram.y:1343 gram.y:1650 gram.y:1700 +#: lib/eventlog/eventlog.c:260 lib/eventlog/eventlog.c:333 +#: lib/eventlog/eventlog.c:733 lib/eventlog/eventlog.c:797 +#: lib/eventlog/eventlog.c:1053 lib/iolog/iolog_json.c:125 +#: lib/iolog/iolog_json.c:330 lib/iolog/iolog_json.c:360 +#: lib/iolog/iolog_json.c:503 lib/iolog/iolog_legacy.c:100 +#: lib/iolog/iolog_legacy.c:111 lib/iolog/iolog_legacy.c:123 +#: lib/iolog/iolog_legacy.c:133 lib/iolog/iolog_legacy.c:139 +#: lib/iolog/iolog_loginfo.c:76 lib/iolog/iolog_loginfo.c:210 +#: logsrvd/logsrvd.c:1021 logsrvd/logsrvd.c:1089 logsrvd/logsrvd_journal.c:142 +#: logsrvd/logsrvd_journal.c:196 logsrvd/logsrvd_journal.c:248 +#: logsrvd/logsrvd_journal.c:380 logsrvd/logsrvd_relay.c:443 +#: logsrvd/logsrvd_relay.c:743 logsrvd/logsrvd_relay.c:857 +#: logsrvd/sendlog.c:500 plugins/sudoers/audit.c:115 +#: plugins/sudoers/audit.c:263 plugins/sudoers/auth/bsdauth.c:143 #: plugins/sudoers/auth/kerb5.c:118 plugins/sudoers/auth/kerb5.c:144 -#: plugins/sudoers/auth/pam.c:669 plugins/sudoers/auth/rfc1938.c:111 -#: plugins/sudoers/auth/sia.c:59 plugins/sudoers/cvtsudoers.c:119 -#: plugins/sudoers/cvtsudoers.c:160 plugins/sudoers/cvtsudoers.c:177 -#: plugins/sudoers/cvtsudoers.c:188 plugins/sudoers/cvtsudoers.c:300 -#: plugins/sudoers/cvtsudoers.c:428 plugins/sudoers/cvtsudoers.c:561 -#: plugins/sudoers/cvtsudoers.c:578 plugins/sudoers/cvtsudoers.c:641 -#: plugins/sudoers/cvtsudoers.c:756 plugins/sudoers/cvtsudoers.c:764 -#: plugins/sudoers/cvtsudoers.c:1178 plugins/sudoers/cvtsudoers.c:1182 -#: plugins/sudoers/cvtsudoers.c:1284 plugins/sudoers/cvtsudoers_json.c:76 -#: plugins/sudoers/cvtsudoers_ldif.c:151 plugins/sudoers/cvtsudoers_ldif.c:194 -#: plugins/sudoers/cvtsudoers_ldif.c:235 plugins/sudoers/cvtsudoers_ldif.c:300 -#: plugins/sudoers/cvtsudoers_ldif.c:371 plugins/sudoers/cvtsudoers_ldif.c:421 -#: plugins/sudoers/cvtsudoers_ldif.c:429 plugins/sudoers/cvtsudoers_ldif.c:440 -#: plugins/sudoers/cvtsudoers_ldif.c:447 plugins/sudoers/cvtsudoers_ldif.c:460 -#: plugins/sudoers/cvtsudoers_ldif.c:468 plugins/sudoers/cvtsudoers_ldif.c:615 -#: plugins/sudoers/defaults.c:630 plugins/sudoers/defaults.c:923 -#: plugins/sudoers/defaults.c:1098 plugins/sudoers/editor.c:181 -#: plugins/sudoers/env.c:261 plugins/sudoers/exptilde.c:92 -#: plugins/sudoers/filedigest.c:54 plugins/sudoers/filedigest.c:70 -#: plugins/sudoers/gc.c:56 plugins/sudoers/group_plugin.c:133 -#: plugins/sudoers/interfaces.c:72 plugins/sudoers/iolog.c:596 -#: plugins/sudoers/iolog.c:613 plugins/sudoers/ldap.c:184 -#: plugins/sudoers/ldap.c:422 plugins/sudoers/ldap.c:432 -#: plugins/sudoers/ldap.c:437 plugins/sudoers/ldap.c:441 -#: plugins/sudoers/ldap.c:453 plugins/sudoers/ldap.c:744 -#: plugins/sudoers/ldap.c:908 plugins/sudoers/ldap.c:1281 -#: plugins/sudoers/ldap.c:1709 plugins/sudoers/ldap.c:1746 -#: plugins/sudoers/ldap.c:1827 plugins/sudoers/ldap.c:1962 -#: plugins/sudoers/ldap.c:2063 plugins/sudoers/ldap.c:2079 -#: plugins/sudoers/ldap_conf.c:218 plugins/sudoers/ldap_conf.c:249 -#: plugins/sudoers/ldap_conf.c:301 plugins/sudoers/ldap_conf.c:337 -#: plugins/sudoers/ldap_conf.c:441 plugins/sudoers/ldap_conf.c:456 -#: plugins/sudoers/ldap_conf.c:553 plugins/sudoers/ldap_conf.c:586 -#: plugins/sudoers/ldap_conf.c:678 plugins/sudoers/ldap_conf.c:760 -#: plugins/sudoers/ldap_util.c:326 plugins/sudoers/ldap_util.c:333 -#: plugins/sudoers/ldap_util.c:603 plugins/sudoers/linux_audit.c:84 -#: plugins/sudoers/log_client.c:105 plugins/sudoers/log_client.c:381 -#: plugins/sudoers/log_client.c:688 plugins/sudoers/log_client.c:706 -#: plugins/sudoers/log_client.c:1407 plugins/sudoers/log_client.c:1620 -#: plugins/sudoers/log_client.c:1942 plugins/sudoers/log_client.c:1999 -#: plugins/sudoers/logging.c:100 plugins/sudoers/logging.c:166 -#: plugins/sudoers/logging.c:426 plugins/sudoers/logging.c:446 -#: plugins/sudoers/logging.c:527 plugins/sudoers/match_command.c:281 -#: plugins/sudoers/match_command.c:449 plugins/sudoers/match_command.c:499 -#: plugins/sudoers/match_command.c:573 plugins/sudoers/match_digest.c:93 -#: plugins/sudoers/parse.c:199 plugins/sudoers/parse.c:213 -#: plugins/sudoers/parse.c:230 plugins/sudoers/parse.c:244 -#: plugins/sudoers/parse.c:264 plugins/sudoers/parse.c:275 +#: plugins/sudoers/auth/pam.c:692 plugins/sudoers/auth/rfc1938.c:111 +#: plugins/sudoers/auth/sia.c:59 plugins/sudoers/check_aliases.c:95 +#: plugins/sudoers/cvtsudoers.c:119 plugins/sudoers/cvtsudoers.c:160 +#: plugins/sudoers/cvtsudoers.c:177 plugins/sudoers/cvtsudoers.c:188 +#: plugins/sudoers/cvtsudoers.c:300 plugins/sudoers/cvtsudoers.c:428 +#: plugins/sudoers/cvtsudoers.c:561 plugins/sudoers/cvtsudoers.c:578 +#: plugins/sudoers/cvtsudoers.c:646 plugins/sudoers/cvtsudoers.c:761 +#: plugins/sudoers/cvtsudoers.c:769 plugins/sudoers/cvtsudoers.c:1183 +#: plugins/sudoers/cvtsudoers.c:1187 plugins/sudoers/cvtsudoers.c:1289 +#: plugins/sudoers/cvtsudoers_json.c:76 plugins/sudoers/cvtsudoers_ldif.c:151 +#: plugins/sudoers/cvtsudoers_ldif.c:194 plugins/sudoers/cvtsudoers_ldif.c:235 +#: plugins/sudoers/cvtsudoers_ldif.c:300 plugins/sudoers/cvtsudoers_ldif.c:371 +#: plugins/sudoers/cvtsudoers_ldif.c:421 plugins/sudoers/cvtsudoers_ldif.c:429 +#: plugins/sudoers/cvtsudoers_ldif.c:440 plugins/sudoers/cvtsudoers_ldif.c:447 +#: plugins/sudoers/cvtsudoers_ldif.c:460 plugins/sudoers/cvtsudoers_ldif.c:468 +#: plugins/sudoers/cvtsudoers_ldif.c:615 plugins/sudoers/defaults.c:638 +#: plugins/sudoers/defaults.c:933 plugins/sudoers/defaults.c:1108 +#: plugins/sudoers/editor.c:187 plugins/sudoers/env.c:262 +#: plugins/sudoers/exptilde.c:92 plugins/sudoers/filedigest.c:54 +#: plugins/sudoers/filedigest.c:70 plugins/sudoers/gc.c:57 +#: plugins/sudoers/group_plugin.c:133 plugins/sudoers/interfaces.c:72 +#: plugins/sudoers/iolog.c:609 plugins/sudoers/iolog.c:626 +#: plugins/sudoers/ldap.c:184 plugins/sudoers/ldap.c:422 +#: plugins/sudoers/ldap.c:432 plugins/sudoers/ldap.c:437 +#: plugins/sudoers/ldap.c:441 plugins/sudoers/ldap.c:453 +#: plugins/sudoers/ldap.c:744 plugins/sudoers/ldap.c:908 +#: plugins/sudoers/ldap.c:1281 plugins/sudoers/ldap.c:1709 +#: plugins/sudoers/ldap.c:1746 plugins/sudoers/ldap.c:1827 +#: plugins/sudoers/ldap.c:1962 plugins/sudoers/ldap.c:2063 +#: plugins/sudoers/ldap.c:2079 plugins/sudoers/ldap_conf.c:218 +#: plugins/sudoers/ldap_conf.c:249 plugins/sudoers/ldap_conf.c:301 +#: plugins/sudoers/ldap_conf.c:337 plugins/sudoers/ldap_conf.c:441 +#: plugins/sudoers/ldap_conf.c:456 plugins/sudoers/ldap_conf.c:553 +#: plugins/sudoers/ldap_conf.c:586 plugins/sudoers/ldap_conf.c:678 +#: plugins/sudoers/ldap_conf.c:760 plugins/sudoers/ldap_util.c:326 +#: plugins/sudoers/ldap_util.c:333 plugins/sudoers/ldap_util.c:648 +#: plugins/sudoers/linux_audit.c:86 plugins/sudoers/log_client.c:105 +#: plugins/sudoers/log_client.c:381 plugins/sudoers/log_client.c:686 +#: plugins/sudoers/log_client.c:704 plugins/sudoers/log_client.c:1413 +#: plugins/sudoers/log_client.c:1626 plugins/sudoers/log_client.c:1950 +#: plugins/sudoers/log_client.c:2007 plugins/sudoers/logging.c:100 +#: plugins/sudoers/logging.c:166 plugins/sudoers/logging.c:426 +#: plugins/sudoers/logging.c:446 plugins/sudoers/logging.c:527 +#: plugins/sudoers/match_command.c:286 plugins/sudoers/match_command.c:484 +#: plugins/sudoers/match_command.c:533 plugins/sudoers/match_command.c:604 +#: plugins/sudoers/match_command.c:650 plugins/sudoers/match_digest.c:93 +#: plugins/sudoers/parse.c:199 plugins/sudoers/parse.c:216 +#: plugins/sudoers/parse.c:236 plugins/sudoers/parse.c:253 +#: plugins/sudoers/parse.c:276 plugins/sudoers/parse.c:287 #: plugins/sudoers/parse_ldif.c:153 plugins/sudoers/parse_ldif.c:184 #: plugins/sudoers/parse_ldif.c:253 plugins/sudoers/parse_ldif.c:260 #: plugins/sudoers/parse_ldif.c:265 plugins/sudoers/parse_ldif.c:341 #: plugins/sudoers/parse_ldif.c:352 plugins/sudoers/parse_ldif.c:379 #: plugins/sudoers/parse_ldif.c:396 plugins/sudoers/parse_ldif.c:408 #: plugins/sudoers/parse_ldif.c:412 plugins/sudoers/parse_ldif.c:426 -#: plugins/sudoers/parse_ldif.c:594 plugins/sudoers/parse_ldif.c:624 -#: plugins/sudoers/parse_ldif.c:649 plugins/sudoers/parse_ldif.c:707 -#: plugins/sudoers/parse_ldif.c:724 plugins/sudoers/parse_ldif.c:752 -#: plugins/sudoers/parse_ldif.c:759 plugins/sudoers/policy.c:526 -#: plugins/sudoers/policy.c:874 plugins/sudoers/prompt.c:93 -#: plugins/sudoers/pwutil.c:194 plugins/sudoers/pwutil.c:265 -#: plugins/sudoers/pwutil.c:343 plugins/sudoers/pwutil.c:517 -#: plugins/sudoers/pwutil.c:581 plugins/sudoers/pwutil.c:652 -#: plugins/sudoers/pwutil.c:811 plugins/sudoers/pwutil.c:867 -#: plugins/sudoers/pwutil.c:911 plugins/sudoers/pwutil.c:968 -#: plugins/sudoers/sssd.c:145 plugins/sudoers/sssd.c:407 -#: plugins/sudoers/sssd.c:470 plugins/sudoers/sssd.c:514 -#: plugins/sudoers/sssd.c:561 plugins/sudoers/sssd.c:754 -#: plugins/sudoers/stubs.c:110 plugins/sudoers/stubs.c:118 -#: plugins/sudoers/sudoers.c:300 plugins/sudoers/sudoers.c:326 -#: plugins/sudoers/sudoers.c:370 plugins/sudoers/sudoers.c:381 -#: plugins/sudoers/sudoers.c:391 plugins/sudoers/sudoers.c:433 -#: plugins/sudoers/sudoers.c:794 plugins/sudoers/sudoers.c:927 -#: plugins/sudoers/sudoers.c:961 plugins/sudoers/sudoers.c:1265 -#: plugins/sudoers/sudoreplay.c:552 plugins/sudoers/sudoreplay.c:555 -#: plugins/sudoers/sudoreplay.c:1259 plugins/sudoers/sudoreplay.c:1469 -#: plugins/sudoers/sudoreplay.c:1473 plugins/sudoers/testsudoers.c:128 -#: plugins/sudoers/testsudoers.c:228 plugins/sudoers/testsudoers.c:245 -#: plugins/sudoers/testsudoers.c:587 plugins/sudoers/timestamp.c:432 -#: plugins/sudoers/timestamp.c:476 plugins/sudoers/timestamp.c:986 -#: plugins/sudoers/toke_util.c:51 plugins/sudoers/toke_util.c:104 -#: plugins/sudoers/toke_util.c:129 plugins/sudoers/toke_util.c:157 -#: plugins/sudoers/tsdump.c:123 plugins/sudoers/visudo.c:145 -#: plugins/sudoers/visudo.c:323 plugins/sudoers/visudo.c:329 -#: plugins/sudoers/visudo.c:439 plugins/sudoers/visudo.c:615 -#: plugins/sudoers/visudo.c:935 plugins/sudoers/visudo.c:1008 -#: plugins/sudoers/visudo.c:1129 toke.l:913 toke.l:1033 toke.l:1091 +#: plugins/sudoers/parse_ldif.c:483 plugins/sudoers/parse_ldif.c:596 +#: plugins/sudoers/parse_ldif.c:626 plugins/sudoers/parse_ldif.c:651 +#: plugins/sudoers/parse_ldif.c:709 plugins/sudoers/parse_ldif.c:726 +#: plugins/sudoers/parse_ldif.c:754 plugins/sudoers/parse_ldif.c:761 +#: plugins/sudoers/policy.c:543 plugins/sudoers/policy.c:890 +#: plugins/sudoers/prompt.c:93 plugins/sudoers/pwutil.c:195 +#: plugins/sudoers/pwutil.c:266 plugins/sudoers/pwutil.c:344 +#: plugins/sudoers/pwutil.c:518 plugins/sudoers/pwutil.c:583 +#: plugins/sudoers/pwutil.c:655 plugins/sudoers/pwutil.c:853 +#: plugins/sudoers/pwutil.c:909 plugins/sudoers/pwutil.c:953 +#: plugins/sudoers/pwutil.c:1010 plugins/sudoers/sssd.c:145 +#: plugins/sudoers/sssd.c:407 plugins/sudoers/sssd.c:470 +#: plugins/sudoers/sssd.c:514 plugins/sudoers/sssd.c:561 +#: plugins/sudoers/sssd.c:754 plugins/sudoers/strvec_join.c:53 +#: plugins/sudoers/stubs.c:111 plugins/sudoers/stubs.c:119 +#: plugins/sudoers/sudoers.c:299 plugins/sudoers/sudoers.c:325 +#: plugins/sudoers/sudoers.c:374 plugins/sudoers/sudoers.c:384 +#: plugins/sudoers/sudoers.c:425 plugins/sudoers/sudoers.c:787 +#: plugins/sudoers/sudoers.c:922 plugins/sudoers/sudoers.c:975 +#: plugins/sudoers/sudoers.c:1241 plugins/sudoers/sudoreplay.c:552 +#: plugins/sudoers/sudoreplay.c:555 plugins/sudoers/sudoreplay.c:1259 +#: plugins/sudoers/sudoreplay.c:1469 plugins/sudoers/sudoreplay.c:1473 +#: plugins/sudoers/testsudoers.c:120 plugins/sudoers/testsudoers.c:224 +#: plugins/sudoers/testsudoers.c:241 plugins/sudoers/testsudoers.c:580 +#: plugins/sudoers/timestamp.c:424 plugins/sudoers/timestamp.c:468 +#: plugins/sudoers/timestamp.c:980 plugins/sudoers/timestamp.c:1118 +#: plugins/sudoers/toke_util.c:77 plugins/sudoers/toke_util.c:105 +#: plugins/sudoers/toke_util.c:130 plugins/sudoers/toke_util.c:155 +#: plugins/sudoers/toke_util.c:193 plugins/sudoers/tsdump.c:123 +#: plugins/sudoers/visudo.c:143 plugins/sudoers/visudo.c:321 +#: plugins/sudoers/visudo.c:327 plugins/sudoers/visudo.c:433 +#: plugins/sudoers/visudo.c:609 plugins/sudoers/visudo.c:926 +#: plugins/sudoers/visudo.c:999 toke.l:928 toke.l:1057 toke.l:1117 msgid "unable to allocate memory" msgstr "impossibile allocare memoria" -#: gram.y:552 +#: gram.y:613 msgid "a digest requires a path name" msgstr "un digest richiede il nome di percorso" -#: gram.y:581 +#: gram.y:643 msgid "values for \"CWD\" must start with a '/', '~', or '*'" msgstr "i valori per \"CWD\" devono iniziare con un carattere \"/\", \"~\" o \"*\"" -#: gram.y:593 +#: gram.y:655 msgid "values for \"CHROOT\" must start with a '/', '~', or '*'" msgstr "i valori per \"CHROOT\" devono iniziare con un carattere \"/\", \"~\" o \"*\"" -#: gram.y:715 +#: gram.y:786 #, c-format msgid "syntax error, reserved word %s used as an alias name" msgstr "errore di sintassi, parola riservata %s utilizzata come alias" -#: gram.y:735 +#: gram.y:809 msgid "invalid notbefore value" msgstr "valore notbefore non valido" -#: gram.y:743 +#: gram.y:818 msgid "invalid notafter value" msgstr "valore notafter non valido" -#: gram.y:752 plugins/sudoers/policy.c:335 +#: gram.y:828 plugins/sudoers/policy.c:339 msgid "timeout value too large" msgstr "valore timeout troppo grande" -#: gram.y:754 plugins/sudoers/policy.c:337 +#: gram.y:830 plugins/sudoers/policy.c:341 msgid "invalid timeout value" msgstr "valore timeout non valido" -#: gram.y:1079 +#: gram.y:1185 #, c-format msgid "%s:%d:%d: %s\n" msgstr "%s:%d:%d: %s\n" -#: gram.y:1526 lib/eventlog/eventlog.c:280 lib/eventlog/eventlog.c:753 -#: lib/eventlog/eventlog.c:815 lib/eventlog/eventlog.c:816 -#: lib/eventlog/eventlog.c:1062 lib/iolog/iolog_fileio.c:998 -#: lib/iolog/iolog_json.c:120 lib/iolog/iolog_json.c:304 -#: lib/iolog/iolog_json.c:335 lib/iolog/iolog_json.c:457 -#: lib/iolog/iolog_json.c:735 lib/iolog/iolog_util.c:106 -#: lib/iolog/iolog_util.c:115 lib/iolog/iolog_util.c:125 -#: lib/iolog/iolog_util.c:133 lib/iolog/iolog_util.c:137 -#: lib/iolog/iolog_util.c:196 logsrvd/logsrvd.c:1280 logsrvd/logsrvd.c:1293 -#: logsrvd/logsrvd.c:1338 logsrvd/sendlog.c:480 logsrvd/sendlog.c:1321 -#: logsrvd/sendlog.c:1328 logsrvd/sendlog.c:1746 plugins/sudoers/audit.c:115 -#: plugins/sudoers/audit.c:210 plugins/sudoers/auth/pam.c:482 -#: plugins/sudoers/auth/pam.c:669 plugins/sudoers/auth/rfc1938.c:111 -#: plugins/sudoers/cvtsudoers.c:119 plugins/sudoers/cvtsudoers.c:159 -#: plugins/sudoers/cvtsudoers.c:176 plugins/sudoers/cvtsudoers.c:187 -#: plugins/sudoers/cvtsudoers.c:299 plugins/sudoers/cvtsudoers.c:427 -#: plugins/sudoers/cvtsudoers.c:560 plugins/sudoers/cvtsudoers.c:577 -#: plugins/sudoers/cvtsudoers.c:641 plugins/sudoers/cvtsudoers.c:756 -#: plugins/sudoers/cvtsudoers.c:763 plugins/sudoers/cvtsudoers.c:1178 -#: plugins/sudoers/cvtsudoers.c:1182 plugins/sudoers/cvtsudoers.c:1284 -#: plugins/sudoers/cvtsudoers_json.c:75 plugins/sudoers/cvtsudoers_ldif.c:150 -#: plugins/sudoers/cvtsudoers_ldif.c:193 plugins/sudoers/cvtsudoers_ldif.c:234 -#: plugins/sudoers/cvtsudoers_ldif.c:299 plugins/sudoers/cvtsudoers_ldif.c:370 -#: plugins/sudoers/cvtsudoers_ldif.c:420 plugins/sudoers/cvtsudoers_ldif.c:428 -#: plugins/sudoers/cvtsudoers_ldif.c:439 plugins/sudoers/cvtsudoers_ldif.c:446 -#: plugins/sudoers/cvtsudoers_ldif.c:459 plugins/sudoers/cvtsudoers_ldif.c:467 -#: plugins/sudoers/cvtsudoers_ldif.c:614 plugins/sudoers/defaults.c:630 -#: plugins/sudoers/defaults.c:923 plugins/sudoers/defaults.c:1098 -#: plugins/sudoers/editor.c:181 plugins/sudoers/env.c:261 -#: plugins/sudoers/exptilde.c:92 plugins/sudoers/filedigest.c:54 -#: plugins/sudoers/filedigest.c:70 plugins/sudoers/gc.c:56 -#: plugins/sudoers/group_plugin.c:132 plugins/sudoers/interfaces.c:72 -#: plugins/sudoers/iolog.c:596 plugins/sudoers/iolog.c:613 -#: plugins/sudoers/ldap.c:184 plugins/sudoers/ldap.c:422 -#: plugins/sudoers/ldap.c:432 plugins/sudoers/ldap.c:437 -#: plugins/sudoers/ldap.c:441 plugins/sudoers/ldap.c:453 -#: plugins/sudoers/ldap.c:744 plugins/sudoers/ldap.c:908 -#: plugins/sudoers/ldap.c:1281 plugins/sudoers/ldap.c:1709 -#: plugins/sudoers/ldap.c:1746 plugins/sudoers/ldap.c:1827 -#: plugins/sudoers/ldap.c:1962 plugins/sudoers/ldap.c:2063 -#: plugins/sudoers/ldap.c:2079 plugins/sudoers/ldap_conf.c:218 -#: plugins/sudoers/ldap_conf.c:249 plugins/sudoers/ldap_conf.c:301 -#: plugins/sudoers/ldap_conf.c:337 plugins/sudoers/ldap_conf.c:441 -#: plugins/sudoers/ldap_conf.c:456 plugins/sudoers/ldap_conf.c:553 -#: plugins/sudoers/ldap_conf.c:586 plugins/sudoers/ldap_conf.c:677 -#: plugins/sudoers/ldap_conf.c:760 plugins/sudoers/ldap_util.c:325 -#: plugins/sudoers/ldap_util.c:332 plugins/sudoers/ldap_util.c:603 -#: plugins/sudoers/linux_audit.c:84 plugins/sudoers/log_client.c:105 -#: plugins/sudoers/log_client.c:214 plugins/sudoers/log_client.c:235 -#: plugins/sudoers/log_client.c:248 plugins/sudoers/log_client.c:381 -#: plugins/sudoers/log_client.c:688 plugins/sudoers/log_client.c:706 -#: plugins/sudoers/log_client.c:1407 plugins/sudoers/log_client.c:1620 -#: plugins/sudoers/log_client.c:1942 plugins/sudoers/log_client.c:1999 -#: plugins/sudoers/logging.c:100 plugins/sudoers/logging.c:165 -#: plugins/sudoers/logging.c:166 plugins/sudoers/logging.c:425 -#: plugins/sudoers/logging.c:445 plugins/sudoers/logging.c:527 -#: plugins/sudoers/match_command.c:280 plugins/sudoers/match_command.c:448 -#: plugins/sudoers/match_command.c:498 plugins/sudoers/match_command.c:573 +#: gram.y:1229 +#, c-format +msgid "Alias \"%s\" already defined" +msgstr "Alias \"%s\" già definito" + +#: gram.y:1650 gram.y:1700 lib/eventlog/eventlog.c:260 +#: lib/eventlog/eventlog.c:733 lib/eventlog/eventlog.c:795 +#: lib/eventlog/eventlog.c:796 lib/eventlog/eventlog.c:1053 +#: lib/iolog/iolog_json.c:125 lib/iolog/iolog_json.c:329 +#: lib/iolog/iolog_json.c:360 lib/iolog/iolog_json.c:503 +#: lib/iolog/iolog_legacy.c:100 lib/iolog/iolog_legacy.c:111 +#: lib/iolog/iolog_legacy.c:123 lib/iolog/iolog_legacy.c:133 +#: lib/iolog/iolog_legacy.c:139 lib/iolog/iolog_loginfo.c:76 +#: lib/iolog/iolog_loginfo.c:210 logsrvd/sendlog.c:500 logsrvd/sendlog.c:1343 +#: logsrvd/sendlog.c:1350 logsrvd/sendlog.c:1545 logsrvd/tls_init.c:221 +#: logsrvd/tls_init.c:242 logsrvd/tls_init.c:252 plugins/sudoers/audit.c:115 +#: plugins/sudoers/audit.c:263 plugins/sudoers/auth/pam.c:505 +#: plugins/sudoers/auth/pam.c:692 plugins/sudoers/auth/rfc1938.c:111 +#: plugins/sudoers/check_aliases.c:95 plugins/sudoers/cvtsudoers.c:119 +#: plugins/sudoers/cvtsudoers.c:159 plugins/sudoers/cvtsudoers.c:176 +#: plugins/sudoers/cvtsudoers.c:187 plugins/sudoers/cvtsudoers.c:299 +#: plugins/sudoers/cvtsudoers.c:427 plugins/sudoers/cvtsudoers.c:560 +#: plugins/sudoers/cvtsudoers.c:577 plugins/sudoers/cvtsudoers.c:646 +#: plugins/sudoers/cvtsudoers.c:761 plugins/sudoers/cvtsudoers.c:768 +#: plugins/sudoers/cvtsudoers.c:1183 plugins/sudoers/cvtsudoers.c:1187 +#: plugins/sudoers/cvtsudoers.c:1289 plugins/sudoers/cvtsudoers_json.c:75 +#: plugins/sudoers/cvtsudoers_ldif.c:150 plugins/sudoers/cvtsudoers_ldif.c:193 +#: plugins/sudoers/cvtsudoers_ldif.c:234 plugins/sudoers/cvtsudoers_ldif.c:299 +#: plugins/sudoers/cvtsudoers_ldif.c:370 plugins/sudoers/cvtsudoers_ldif.c:420 +#: plugins/sudoers/cvtsudoers_ldif.c:428 plugins/sudoers/cvtsudoers_ldif.c:439 +#: plugins/sudoers/cvtsudoers_ldif.c:446 plugins/sudoers/cvtsudoers_ldif.c:459 +#: plugins/sudoers/cvtsudoers_ldif.c:467 plugins/sudoers/cvtsudoers_ldif.c:614 +#: plugins/sudoers/defaults.c:638 plugins/sudoers/defaults.c:933 +#: plugins/sudoers/defaults.c:1108 plugins/sudoers/editor.c:187 +#: plugins/sudoers/env.c:262 plugins/sudoers/exptilde.c:92 +#: plugins/sudoers/filedigest.c:54 plugins/sudoers/filedigest.c:70 +#: plugins/sudoers/gc.c:57 plugins/sudoers/group_plugin.c:132 +#: plugins/sudoers/interfaces.c:72 plugins/sudoers/iolog.c:609 +#: plugins/sudoers/iolog.c:626 plugins/sudoers/ldap.c:184 +#: plugins/sudoers/ldap.c:422 plugins/sudoers/ldap.c:432 +#: plugins/sudoers/ldap.c:437 plugins/sudoers/ldap.c:441 +#: plugins/sudoers/ldap.c:453 plugins/sudoers/ldap.c:744 +#: plugins/sudoers/ldap.c:908 plugins/sudoers/ldap.c:1281 +#: plugins/sudoers/ldap.c:1709 plugins/sudoers/ldap.c:1746 +#: plugins/sudoers/ldap.c:1827 plugins/sudoers/ldap.c:1962 +#: plugins/sudoers/ldap.c:2063 plugins/sudoers/ldap.c:2079 +#: plugins/sudoers/ldap_conf.c:218 plugins/sudoers/ldap_conf.c:249 +#: plugins/sudoers/ldap_conf.c:301 plugins/sudoers/ldap_conf.c:337 +#: plugins/sudoers/ldap_conf.c:441 plugins/sudoers/ldap_conf.c:456 +#: plugins/sudoers/ldap_conf.c:553 plugins/sudoers/ldap_conf.c:586 +#: plugins/sudoers/ldap_conf.c:677 plugins/sudoers/ldap_conf.c:760 +#: plugins/sudoers/ldap_util.c:325 plugins/sudoers/ldap_util.c:332 +#: plugins/sudoers/ldap_util.c:648 plugins/sudoers/linux_audit.c:86 +#: plugins/sudoers/log_client.c:105 plugins/sudoers/log_client.c:214 +#: plugins/sudoers/log_client.c:235 plugins/sudoers/log_client.c:248 +#: plugins/sudoers/log_client.c:381 plugins/sudoers/log_client.c:686 +#: plugins/sudoers/log_client.c:704 plugins/sudoers/log_client.c:1413 +#: plugins/sudoers/log_client.c:1626 plugins/sudoers/log_client.c:1950 +#: plugins/sudoers/log_client.c:2007 plugins/sudoers/logging.c:100 +#: plugins/sudoers/logging.c:165 plugins/sudoers/logging.c:166 +#: plugins/sudoers/logging.c:425 plugins/sudoers/logging.c:445 +#: plugins/sudoers/logging.c:527 plugins/sudoers/match_command.c:285 +#: plugins/sudoers/match_command.c:483 plugins/sudoers/match_command.c:532 +#: plugins/sudoers/match_command.c:604 plugins/sudoers/match_command.c:649 #: plugins/sudoers/match_digest.c:93 plugins/sudoers/parse.c:198 -#: plugins/sudoers/parse.c:212 plugins/sudoers/parse.c:229 -#: plugins/sudoers/parse.c:243 plugins/sudoers/parse.c:263 -#: plugins/sudoers/parse.c:274 plugins/sudoers/parse_ldif.c:152 +#: plugins/sudoers/parse.c:215 plugins/sudoers/parse.c:235 +#: plugins/sudoers/parse.c:252 plugins/sudoers/parse.c:275 +#: plugins/sudoers/parse.c:286 plugins/sudoers/parse_ldif.c:152 #: plugins/sudoers/parse_ldif.c:183 plugins/sudoers/parse_ldif.c:252 #: plugins/sudoers/parse_ldif.c:259 plugins/sudoers/parse_ldif.c:264 #: plugins/sudoers/parse_ldif.c:340 plugins/sudoers/parse_ldif.c:351 #: plugins/sudoers/parse_ldif.c:378 plugins/sudoers/parse_ldif.c:395 #: plugins/sudoers/parse_ldif.c:407 plugins/sudoers/parse_ldif.c:411 -#: plugins/sudoers/parse_ldif.c:425 plugins/sudoers/parse_ldif.c:594 -#: plugins/sudoers/parse_ldif.c:623 plugins/sudoers/parse_ldif.c:648 -#: plugins/sudoers/parse_ldif.c:706 plugins/sudoers/parse_ldif.c:723 -#: plugins/sudoers/parse_ldif.c:751 plugins/sudoers/parse_ldif.c:758 -#: plugins/sudoers/policy.c:139 plugins/sudoers/policy.c:148 -#: plugins/sudoers/policy.c:157 plugins/sudoers/policy.c:183 -#: plugins/sudoers/policy.c:320 plugins/sudoers/policy.c:335 -#: plugins/sudoers/policy.c:337 plugins/sudoers/policy.c:366 -#: plugins/sudoers/policy.c:375 plugins/sudoers/policy.c:418 -#: plugins/sudoers/policy.c:428 plugins/sudoers/policy.c:437 -#: plugins/sudoers/policy.c:446 plugins/sudoers/policy.c:526 -#: plugins/sudoers/policy.c:874 plugins/sudoers/prompt.c:93 -#: plugins/sudoers/pwutil.c:194 plugins/sudoers/pwutil.c:265 -#: plugins/sudoers/pwutil.c:343 plugins/sudoers/pwutil.c:517 -#: plugins/sudoers/pwutil.c:581 plugins/sudoers/pwutil.c:652 -#: plugins/sudoers/pwutil.c:811 plugins/sudoers/pwutil.c:867 -#: plugins/sudoers/pwutil.c:911 plugins/sudoers/pwutil.c:968 -#: plugins/sudoers/set_perms.c:359 plugins/sudoers/set_perms.c:698 -#: plugins/sudoers/set_perms.c:1061 plugins/sudoers/set_perms.c:1364 -#: plugins/sudoers/set_perms.c:1529 plugins/sudoers/sssd.c:144 -#: plugins/sudoers/sssd.c:407 plugins/sudoers/sssd.c:470 -#: plugins/sudoers/sssd.c:514 plugins/sudoers/sssd.c:561 -#: plugins/sudoers/sssd.c:754 plugins/sudoers/stubs.c:110 -#: plugins/sudoers/stubs.c:118 plugins/sudoers/sudoers.c:300 -#: plugins/sudoers/sudoers.c:326 plugins/sudoers/sudoers.c:370 -#: plugins/sudoers/sudoers.c:381 plugins/sudoers/sudoers.c:391 -#: plugins/sudoers/sudoers.c:433 plugins/sudoers/sudoers.c:794 -#: plugins/sudoers/sudoers.c:927 plugins/sudoers/sudoers.c:961 -#: plugins/sudoers/sudoers.c:1265 plugins/sudoers/sudoreplay.c:552 -#: plugins/sudoers/sudoreplay.c:555 plugins/sudoers/sudoreplay.c:1259 -#: plugins/sudoers/sudoreplay.c:1469 plugins/sudoers/sudoreplay.c:1473 -#: plugins/sudoers/testsudoers.c:128 plugins/sudoers/testsudoers.c:228 -#: plugins/sudoers/testsudoers.c:245 plugins/sudoers/testsudoers.c:587 -#: plugins/sudoers/timestamp.c:432 plugins/sudoers/timestamp.c:476 -#: plugins/sudoers/timestamp.c:986 plugins/sudoers/toke_util.c:51 -#: plugins/sudoers/toke_util.c:104 plugins/sudoers/toke_util.c:128 -#: plugins/sudoers/toke_util.c:157 plugins/sudoers/tsdump.c:123 -#: plugins/sudoers/visudo.c:145 plugins/sudoers/visudo.c:323 -#: plugins/sudoers/visudo.c:329 plugins/sudoers/visudo.c:439 -#: plugins/sudoers/visudo.c:615 plugins/sudoers/visudo.c:935 -#: plugins/sudoers/visudo.c:1008 plugins/sudoers/visudo.c:1129 toke.l:913 -#: toke.l:1033 toke.l:1091 +#: plugins/sudoers/parse_ldif.c:425 plugins/sudoers/parse_ldif.c:483 +#: plugins/sudoers/parse_ldif.c:596 plugins/sudoers/parse_ldif.c:625 +#: plugins/sudoers/parse_ldif.c:650 plugins/sudoers/parse_ldif.c:708 +#: plugins/sudoers/parse_ldif.c:725 plugins/sudoers/parse_ldif.c:753 +#: plugins/sudoers/parse_ldif.c:760 plugins/sudoers/policy.c:149 +#: plugins/sudoers/policy.c:158 plugins/sudoers/policy.c:167 +#: plugins/sudoers/policy.c:193 plugins/sudoers/policy.c:324 +#: plugins/sudoers/policy.c:339 plugins/sudoers/policy.c:341 +#: plugins/sudoers/policy.c:371 plugins/sudoers/policy.c:380 +#: plugins/sudoers/policy.c:428 plugins/sudoers/policy.c:438 +#: plugins/sudoers/policy.c:447 plugins/sudoers/policy.c:456 +#: plugins/sudoers/policy.c:543 plugins/sudoers/policy.c:890 +#: plugins/sudoers/prompt.c:93 plugins/sudoers/pwutil.c:195 +#: plugins/sudoers/pwutil.c:266 plugins/sudoers/pwutil.c:344 +#: plugins/sudoers/pwutil.c:518 plugins/sudoers/pwutil.c:583 +#: plugins/sudoers/pwutil.c:655 plugins/sudoers/pwutil.c:853 +#: plugins/sudoers/pwutil.c:909 plugins/sudoers/pwutil.c:953 +#: plugins/sudoers/pwutil.c:1010 plugins/sudoers/set_perms.c:359 +#: plugins/sudoers/set_perms.c:698 plugins/sudoers/set_perms.c:1061 +#: plugins/sudoers/set_perms.c:1364 plugins/sudoers/set_perms.c:1529 +#: plugins/sudoers/sssd.c:144 plugins/sudoers/sssd.c:407 +#: plugins/sudoers/sssd.c:470 plugins/sudoers/sssd.c:514 +#: plugins/sudoers/sssd.c:561 plugins/sudoers/sssd.c:754 +#: plugins/sudoers/strvec_join.c:53 plugins/sudoers/stubs.c:111 +#: plugins/sudoers/stubs.c:119 plugins/sudoers/sudoers.c:299 +#: plugins/sudoers/sudoers.c:325 plugins/sudoers/sudoers.c:374 +#: plugins/sudoers/sudoers.c:384 plugins/sudoers/sudoers.c:425 +#: plugins/sudoers/sudoers.c:787 plugins/sudoers/sudoers.c:922 +#: plugins/sudoers/sudoers.c:975 plugins/sudoers/sudoers.c:1241 +#: plugins/sudoers/sudoreplay.c:552 plugins/sudoers/sudoreplay.c:555 +#: plugins/sudoers/sudoreplay.c:1259 plugins/sudoers/sudoreplay.c:1469 +#: plugins/sudoers/sudoreplay.c:1473 plugins/sudoers/testsudoers.c:120 +#: plugins/sudoers/testsudoers.c:224 plugins/sudoers/testsudoers.c:241 +#: plugins/sudoers/testsudoers.c:580 plugins/sudoers/timestamp.c:424 +#: plugins/sudoers/timestamp.c:468 plugins/sudoers/timestamp.c:980 +#: plugins/sudoers/timestamp.c:1118 plugins/sudoers/toke_util.c:77 +#: plugins/sudoers/toke_util.c:105 plugins/sudoers/toke_util.c:130 +#: plugins/sudoers/toke_util.c:154 plugins/sudoers/toke_util.c:193 +#: plugins/sudoers/tsdump.c:123 plugins/sudoers/visudo.c:143 +#: plugins/sudoers/visudo.c:321 plugins/sudoers/visudo.c:327 +#: plugins/sudoers/visudo.c:433 plugins/sudoers/visudo.c:609 +#: plugins/sudoers/visudo.c:926 plugins/sudoers/visudo.c:999 toke.l:928 +#: toke.l:1057 toke.l:1109 toke.l:1117 #, c-format msgid "%s: %s" msgstr "%s: %s" -#: lib/eventlog/eventlog.c:285 lib/iolog/iolog_json.c:463 -#: lib/iolog/iolog_json.c:466 lib/iolog/iolog_json.c:468 -#: lib/iolog/iolog_json.c:560 plugins/sudoers/cvtsudoers_ldif.c:244 -#: plugins/sudoers/cvtsudoers_ldif.c:251 plugins/sudoers/cvtsudoers_ldif.c:571 -#: plugins/sudoers/env.c:323 plugins/sudoers/env.c:330 -#: plugins/sudoers/env.c:437 plugins/sudoers/iolog.c:618 -#: plugins/sudoers/ldap.c:517 plugins/sudoers/ldap.c:748 -#: plugins/sudoers/ldap.c:1081 plugins/sudoers/ldap_conf.c:222 -#: plugins/sudoers/ldap_conf.c:312 plugins/sudoers/linux_audit.c:90 -#: plugins/sudoers/policy.c:556 plugins/sudoers/policy.c:711 -#: plugins/sudoers/policy.c:721 plugins/sudoers/prompt.c:161 -#: plugins/sudoers/sudoers.c:983 plugins/sudoers/testsudoers.c:249 -#: plugins/sudoers/toke_util.c:169 +#: lib/eventlog/eventlog.c:265 lib/iolog/iolog_json.c:509 +#: lib/iolog/iolog_json.c:512 lib/iolog/iolog_json.c:514 +#: plugins/sudoers/cvtsudoers_ldif.c:244 plugins/sudoers/cvtsudoers_ldif.c:251 +#: plugins/sudoers/cvtsudoers_ldif.c:571 plugins/sudoers/env.c:326 +#: plugins/sudoers/env.c:333 plugins/sudoers/env.c:444 +#: plugins/sudoers/iolog.c:631 plugins/sudoers/ldap.c:517 +#: plugins/sudoers/ldap.c:748 plugins/sudoers/ldap.c:1081 +#: plugins/sudoers/ldap_conf.c:222 plugins/sudoers/ldap_conf.c:312 +#: plugins/sudoers/linux_audit.c:92 plugins/sudoers/policy.c:573 +#: plugins/sudoers/policy.c:728 plugins/sudoers/policy.c:738 +#: plugins/sudoers/prompt.c:161 plugins/sudoers/strvec_join.c:62 +#: plugins/sudoers/testsudoers.c:245 plugins/sudoers/toke_util.c:206 #, c-format msgid "internal error, %s overflow" msgstr "errore interno, overflow di %s" -#: lib/eventlog/eventlog.c:343 +#: lib/eventlog/eventlog.c:324 #, c-format msgid "unable to dup stdin: %m" msgstr "impossibile eseguire dup sullo stdin: %m" -#: lib/eventlog/eventlog.c:388 +#: lib/eventlog/eventlog.c:366 #, c-format msgid "unable to execute %s: %m" msgstr "impossibile eseguire %s: %m" -#: lib/eventlog/eventlog.c:428 plugins/sudoers/auth/aix_auth.c:198 +#: lib/eventlog/eventlog.c:407 plugins/sudoers/auth/aix_auth.c:198 msgid "unable to fork" msgstr "impossibile eseguire fork" -#: lib/eventlog/eventlog.c:436 lib/eventlog/eventlog.c:490 +#: lib/eventlog/eventlog.c:415 lib/eventlog/eventlog.c:469 #, c-format msgid "unable to fork: %m" msgstr "impossibile eseguire fork: %m" -#: lib/eventlog/eventlog.c:480 +#: lib/eventlog/eventlog.c:459 #, c-format msgid "unable to open pipe: %m" msgstr "impossibile aprire una pipe: %m" -#: lib/eventlog/eventlog.c:894 +#: lib/eventlog/eventlog.c:882 #, c-format msgid "%8s : %s" msgstr "%8s : %s" -#: lib/eventlog/eventlog.c:923 +#: lib/eventlog/eventlog.c:911 #, c-format msgid "%8s : (command continued) %s" msgstr "%8s : (comando continuato) %s" -#: lib/iolog/iolog_fileio.c:155 -#, c-format -msgid "%s exists but is not a directory (0%o)" -msgstr "%s esiste, ma non è una directory (0%o)" - -#: lib/iolog/iolog_fileio.c:185 lib/iolog/iolog_fileio.c:231 -#: plugins/sudoers/timestamp.c:205 -#, c-format -msgid "unable to mkdir %s" -msgstr "impossibile creare la directory %s" - -#: lib/iolog/iolog_fileio.c:235 plugins/sudoers/visudo.c:732 -#: plugins/sudoers/visudo.c:743 -#, c-format -msgid "unable to change mode of %s to 0%o" -msgstr "impossibile modificare la modalità di %s a 0%o" - -#: lib/iolog/iolog_json.c:114 +#: lib/iolog/iolog_json.c:115 #, c-format msgid "expected JSON_STRING, got %d" msgstr "atteso JSON_STRING, ottenuto %d" -#: lib/iolog/iolog_json.c:327 +#: lib/iolog/iolog_json.c:120 +msgid "JSON_ARRAY too large" +msgstr "JSON_ARRAY troppo grande" + +#: lib/iolog/iolog_json.c:352 msgid "missing double quote in name" msgstr "virgolette doppie mancanti nel nome" -#: lib/iolog/iolog_json.c:414 +#: lib/iolog/iolog_json.c:449 +msgid "missing JSON_OBJECT" +msgstr "JSON_OBJECT mancante" + +#: lib/iolog/iolog_json.c:453 #, c-format msgid "expected JSON_OBJECT, got %d" msgstr "atteso JSON_OBJECT, ottenuto %d" -#: lib/iolog/iolog_json.c:629 lib/iolog/iolog_json.c:753 +#: lib/iolog/iolog_json.c:599 +#, c-format +msgid "json stack exhausted (max %u frames)" +msgstr "Stack json esaurito (max %u frame)" + +#: lib/iolog/iolog_json.c:673 +msgid "objects must consist of name:value pairs" +msgstr "gli oggetti devono essere costituiti da coppie nome:valore" + +#: lib/iolog/iolog_json.c:678 lib/iolog/iolog_json.c:709 +#: lib/iolog/iolog_json.c:753 lib/iolog/iolog_json.c:775 +#: lib/iolog/iolog_json.c:797 lib/iolog/iolog_json.c:819 +#: lib/iolog/iolog_json.c:841 +msgid "missing separator between values" +msgstr "separatore mancante tra i valori" + +#: lib/iolog/iolog_json.c:693 lib/iolog/iolog_json.c:867 msgid "unmatched close brace" msgstr "parentesi graffa di chiusura senza corrispondenza" -#: lib/iolog/iolog_json.c:638 +#: lib/iolog/iolog_json.c:704 msgid "unexpected array" msgstr "array non atteso" -#: lib/iolog/iolog_json.c:651 lib/iolog/iolog_json.c:755 +#: lib/iolog/iolog_json.c:724 lib/iolog/iolog_json.c:870 msgid "unmatched close bracket" msgstr "parentesi quadra di chiusura senza corrispondenza" -#: lib/iolog/iolog_json.c:659 +#: lib/iolog/iolog_json.c:735 msgid "unexpected string" msgstr "stringa non attesa" -#: lib/iolog/iolog_json.c:669 +#: lib/iolog/iolog_json.c:746 msgid "missing colon after name" msgstr "due punti mancanti dopo il nome" -#: lib/iolog/iolog_json.c:680 lib/iolog/iolog_json.c:695 -#: lib/iolog/iolog_json.c:710 +#: lib/iolog/iolog_json.c:767 lib/iolog/iolog_json.c:789 msgid "unexpected boolean" msgstr "booleano non atteso" -#: lib/iolog/iolog_json.c:726 +#: lib/iolog/iolog_json.c:811 +msgid "unexpected null" +msgstr "null non atteso" + +#: lib/iolog/iolog_json.c:832 msgid "unexpected number" msgstr "numero non atteso" -#: lib/iolog/iolog_json.c:763 -#, c-format -msgid "%s:%u unable to parse \"%s\"" -msgstr "%s:%u impossibile analizzare \"%s\"" +#: lib/iolog/iolog_json.c:879 +msgid "parse error" +msgstr "errore di analisi" -#: lib/iolog/iolog_util.c:71 +#: lib/iolog/iolog_legacy.c:65 #, c-format msgid "%s: invalid log file" msgstr "%s: file di registro non valido" -#: lib/iolog/iolog_util.c:89 +#: lib/iolog/iolog_legacy.c:83 #, c-format msgid "%s: time stamp field is missing" msgstr "%s: manca il campo della marcatura temporale" -#: lib/iolog/iolog_util.c:95 +#: lib/iolog/iolog_legacy.c:89 #, c-format msgid "%s: time stamp %s: %s" msgstr "%s: marcatura temporale %s: %s" -#: lib/iolog/iolog_util.c:102 +#: lib/iolog/iolog_legacy.c:96 #, c-format msgid "%s: user field is missing" msgstr "%s: manca il campo utente" -#: lib/iolog/iolog_util.c:111 +#: lib/iolog/iolog_legacy.c:107 #, c-format msgid "%s: runas user field is missing" msgstr "%s: manca il campo utente di runas" -#: lib/iolog/iolog_util.c:120 +#: lib/iolog/iolog_legacy.c:118 #, c-format msgid "%s: runas group field is missing" msgstr "%s: manca il campo gruppo di runas" -#: lib/iolog/iolog_util.c:419 +#: lib/iolog/iolog_mkdirs.c:89 +#, c-format +msgid "%s exists but is not a directory (0%o)" +msgstr "%s esiste, ma non è una directory (0%o)" + +#: lib/iolog/iolog_mkdirs.c:119 lib/iolog/iolog_mkdtemp.c:72 +#: plugins/sudoers/timestamp.c:205 +#, c-format +msgid "unable to mkdir %s" +msgstr "impossibile creare la directory %s" + +#: lib/iolog/iolog_mkdtemp.c:76 plugins/sudoers/visudo.c:726 +#: plugins/sudoers/visudo.c:737 +#, c-format +msgid "unable to change mode of %s to 0%o" +msgstr "impossibile modificare la modalità di %s a 0%o" + +#: lib/iolog/iolog_timing.c:255 #, c-format msgid "error reading timing file: %s" msgstr "errore nel leggere il file di timing: %s" -#: lib/iolog/iolog_util.c:426 +#: lib/iolog/iolog_timing.c:262 #, c-format msgid "invalid timing file line: %s" msgstr "riga di timing del file non valida: %s" -#: logsrvd/iolog_writer.c:919 -msgid "log is already complete, cannot be restarted" -msgstr "il registro è già completo, non può essere riavviato" - -#: logsrvd/iolog_writer.c:950 -msgid "unable to restart log" -msgstr "impossibile riavviare il registro" - #: logsrvd/logsrv_util.c:99 logsrvd/logsrv_util.c:106 #: plugins/sudoers/sudoreplay.c:352 plugins/sudoers/sudoreplay.c:358 #, c-format @@ -487,141 +516,62 @@ msgid "unable to find resume point [%lld, %ld] in %s/%s" msgstr "impossibile trovare il punto di ripristino [%lld, %ld] in %s/%s" -#: logsrvd/logsrvd.c:290 logsrvd/logsrvd.c:353 logsrvd/logsrvd.c:394 -#: logsrvd/logsrvd.c:449 logsrvd/logsrvd.c:517 logsrvd/logsrvd.c:568 -#: logsrvd/logsrvd.c:600 logsrvd/logsrvd.c:632 +#: logsrvd/logsrvd.c:434 logsrvd/logsrvd.c:473 logsrvd/logsrvd.c:507 +#: logsrvd/logsrvd.c:557 logsrvd/logsrvd.c:632 logsrvd/logsrvd.c:664 +#: logsrvd/logsrvd.c:696 logsrvd/logsrvd.c:726 logsrvd/logsrvd_relay.c:511 +#: logsrvd/logsrvd_relay.c:544 msgid "state machine error" msgstr "errore della macchina di stato" -#: logsrvd/logsrvd.c:299 +#: logsrvd/logsrvd.c:443 msgid "invalid AcceptMessage" msgstr "AcceptMessage non valido" -#: logsrvd/logsrvd.c:307 -msgid "error parsing AcceptMessage" -msgstr "errore nell'analizzare AcceptMessage" - -#: logsrvd/logsrvd.c:314 -msgid "error creating I/O log" -msgstr "errore nel creare il registro I/O" - -#: logsrvd/logsrvd.c:321 -msgid "error logging accept event" -msgstr "errore nel registrare l'evento accept" - -#: logsrvd/logsrvd.c:362 +#: logsrvd/logsrvd.c:482 msgid "invalid RejectMessage" msgstr "RejectMessage non valido" -#: logsrvd/logsrvd.c:370 -msgid "error parsing RejectMessage" -msgstr "errore nell'analizzare RejectMessage" - -#: logsrvd/logsrvd.c:376 -msgid "error logging reject event" -msgstr "errore nel registrare l'evento reject" - -#: logsrvd/logsrvd.c:486 +#: logsrvd/logsrvd.c:593 msgid "invalid AlertMessage" msgstr "AlertMessage non valido" -#: logsrvd/logsrvd.c:494 -msgid "error parsing AlertMessage" -msgstr "errore nell'analizzare AlertMessage" - -#: logsrvd/logsrvd.c:502 -msgid "error logging alert event" -msgstr "errore nel registrare l'evento alert" - -#: logsrvd/logsrvd.c:523 logsrvd/logsrvd.c:574 logsrvd/logsrvd.c:606 +#: logsrvd/logsrvd.c:638 logsrvd/logsrvd.c:670 logsrvd/logsrvd.c:702 msgid "protocol error" msgstr "errore di protocollo" -#: logsrvd/logsrvd.c:533 -msgid "error writing IoBuffer" -msgstr "errore nello scrivere IoBuffer" - -#: logsrvd/logsrvd.c:585 -msgid "error writing ChangeWindowSize" -msgstr "errore nello scrivere ChangeWindowSize" - -#: logsrvd/logsrvd.c:617 -msgid "error writing CommandSuspend" -msgstr "errore nello scrivere CommandSuspend" - -#: logsrvd/logsrvd.c:702 +#: logsrvd/logsrvd.c:797 msgid "unrecognized ClientMessage type" msgstr "tipo di ClientMessage non riconosciuto" -#: logsrvd/logsrvd.c:967 +#: logsrvd/logsrvd.c:1082 logsrvd/logsrvd_journal.c:238 msgid "client message too large" msgstr "messaggio client troppo grande" -#: logsrvd/logsrvd.c:1197 logsrvd/logsrvd.c:1205 -#, c-format -msgid "unable to set TLS 1.2 ciphersuite to %s: %s" -msgstr "impossibile impostare il cifrario per TLS 1.2 a %s: %s" - -#: logsrvd/logsrvd.c:1225 logsrvd/logsrvd.c:1233 -#, c-format -msgid "unable to set TLS 1.3 ciphersuite to %s: %s" -msgstr "impossibile impostare il cifrario per TLS 1.3 a %s: %s" - -#: logsrvd/logsrvd.c:1269 -#, c-format -msgid "unable to get TLS server method: %s" -msgstr "impossibile ottenere il metodo TLS del server: %s" - -#: logsrvd/logsrvd.c:1274 -#, c-format -msgid "unable to create TLS context: %s" -msgstr "impossibile creare il contesyo TLS: %s" - -#: logsrvd/logsrvd.c:1281 plugins/sudoers/log_client.c:236 -#, c-format -msgid "unable to load certificate %s" -msgstr "impossibile caricare il certificato %s" - -#: logsrvd/logsrvd.c:1294 plugins/sudoers/log_client.c:216 -#, c-format -msgid "unable to load certificate authority bundle %s" -msgstr "impossibile caricare il bundle CA %s" - -#: logsrvd/logsrvd.c:1339 plugins/sudoers/log_client.c:249 -#, c-format -msgid "unable to load private key %s" -msgstr "impossibile caricare la chiave privata %s" - -#: logsrvd/logsrvd.c:1356 logsrvd/logsrvd.c:1365 -#, c-format -msgid "unable to set diffie-hellman parameters: %s" -msgstr "impossibile impostare i parametri diffie-hellman: %s" +#: logsrvd/logsrvd.c:1102 +msgid "invalid ClientMessage" +msgstr "ClientMessage non valido" -#: logsrvd/logsrvd.c:1378 -#, c-format -msgid "unable to set minimum protocol version to TLS 1.2: %s" -msgstr "impossibile impostare la versione minima del protocollo a TLS 1.2: %s" - -#: logsrvd/logsrvd.c:1563 +#: logsrvd/logsrvd.c:1408 msgid "unable to get remote IP addr" msgstr "impossibile ottenere indirizzo IP remoto" -#: logsrvd/logsrvd.c:1591 plugins/sudoers/log_client.c:263 +#: logsrvd/logsrvd.c:1436 logsrvd/tls_client.c:203 +#: plugins/sudoers/log_client.c:263 #, c-format msgid "Unable to attach user data to the ssl object: %s" msgstr "Impossibile allegare dati utenti all'oggetto ssl: %s" -#: logsrvd/logsrvd.c:1599 logsrvd/logsrvd.c:1721 logsrvd/logsrvd.c:1823 -#: logsrvd/sendlog.c:1125 logsrvd/sendlog.c:1481 logsrvd/sendlog.c:1496 -#: logsrvd/sendlog.c:1554 plugins/sudoers/iolog.c:956 -#: plugins/sudoers/iolog.c:1089 plugins/sudoers/iolog.c:1187 +#: logsrvd/logsrvd.c:1444 logsrvd/logsrvd.c:1570 logsrvd/logsrvd.c:1755 +#: logsrvd/sendlog.c:1146 logsrvd/tls_client.c:138 logsrvd/tls_client.c:154 +#: logsrvd/tls_client.c:216 plugins/sudoers/iolog.c:969 +#: plugins/sudoers/iolog.c:1102 plugins/sudoers/iolog.c:1200 #: plugins/sudoers/log_client.c:109 plugins/sudoers/log_client.c:324 #: plugins/sudoers/log_client.c:340 plugins/sudoers/log_client.c:386 -#: plugins/sudoers/log_client.c:587 plugins/sudoers/log_client.c:594 -#: plugins/sudoers/log_client.c:1103 plugins/sudoers/log_client.c:1376 -#: plugins/sudoers/log_client.c:1417 plugins/sudoers/log_client.c:1425 -#: plugins/sudoers/log_client.c:1576 plugins/sudoers/log_client.c:1692 -#: plugins/sudoers/log_client.c:2007 plugins/sudoers/log_client.c:2015 +#: plugins/sudoers/log_client.c:585 plugins/sudoers/log_client.c:592 +#: plugins/sudoers/log_client.c:1109 plugins/sudoers/log_client.c:1382 +#: plugins/sudoers/log_client.c:1423 plugins/sudoers/log_client.c:1431 +#: plugins/sudoers/log_client.c:1582 plugins/sudoers/log_client.c:1698 +#: plugins/sudoers/log_client.c:2015 plugins/sudoers/log_client.c:2023 #: plugins/sudoers/sudoreplay.c:512 plugins/sudoers/sudoreplay.c:559 #: plugins/sudoers/sudoreplay.c:791 plugins/sudoers/sudoreplay.c:903 #: plugins/sudoers/sudoreplay.c:993 plugins/sudoers/sudoreplay.c:1008 @@ -631,281 +581,462 @@ msgid "unable to add event to queue" msgstr "impossibile aggiungere l'evento alla coda" -#: logsrvd/logsrvd.c:1775 logsrvd/logsrvd.c:2011 -msgid "unable setup listen socket" +#: logsrvd/logsrvd.c:1620 logsrvd/logsrvd.c:1953 +msgid "unable to setup listen socket" msgstr "impossibile impostare il socket di ascolto" -#: logsrvd/logsrvd.c:1917 logsrvd/sendlog.c:124 -#, c-format -msgid "" -"%s - send sudo I/O log to remote server\n" -"\n" -msgstr "" -"%s - Invia registro I/O di sudo a un server remoto\n" -"\n" - -#: logsrvd/logsrvd.c:1920 -msgid "" -"\n" -"Options:\n" -" -f, --file path to configuration file\n" -" -h --help display help message and exit\n" -" -n, --no-fork do not fork, run in the foreground\n" -" -R, --random-drop percent chance connections will drop\n" -" -V, --version display version information and exit\n" -msgstr "" -"\n" -"Opzioni:\n" -" -f, --file Percorso al file di configurazione\n" -" -h, --help Visualizza il messaggio di aiuto ed esce\n" -" -n, --no-fork Non esegue una fork, resta in primo piano\n" -" -R, --random-drop Percentuale di connessioni chiuse\n" -" -V, --version Visualizza la versione ed esce\n" +#: logsrvd/logsrvd.c:1855 +msgid "sudo log server" +msgstr "Server di registro sudo" + +#: logsrvd/logsrvd.c:1857 logsrvd/sendlog.c:122 +msgid "Options:" +msgstr "Opzioni:" + +#: logsrvd/logsrvd.c:1859 +msgid "path to configuration file" +msgstr "Percorso del file di configurazione" + +#: logsrvd/logsrvd.c:1861 logsrvd/sendlog.c:124 +msgid "display help message and exit" +msgstr "Visualizza il messaggio di aiuto ed esce" + +#: logsrvd/logsrvd.c:1863 +msgid "do not fork, run in the foreground" +msgstr "Non esegue fork, esegue in primo piano" + +#: logsrvd/logsrvd.c:1865 +msgid "percent chance connections will drop" +msgstr "Probabilità percentuale che le connessioni termineranno" + +#: logsrvd/logsrvd.c:1867 logsrvd/sendlog.c:152 +msgid "display version information and exit" +msgstr "Visualizza le informazioni sulla versione ed esce" -#: logsrvd/logsrvd.c:1972 logsrvd/sendlog.c:1719 +#: logsrvd/logsrvd.c:1917 logsrvd/sendlog.c:1518 msgid "Protobuf-C version 1.3 or higher required" msgstr "È richiesto Protobuf-C 1.3 o successivo" -#: logsrvd/logsrvd.c:1990 +#: logsrvd/logsrvd.c:1933 #, c-format msgid "invalid random drop value: %s" msgstr "valore drop casuale non valido: %s" -#: logsrvd/logsrvd.c:1994 logsrvd/sendlog.c:1769 +#: logsrvd/logsrvd.c:1936 logsrvd/sendlog.c:1568 #: plugins/sudoers/cvtsudoers.c:228 plugins/sudoers/sudoreplay.c:299 -#: plugins/sudoers/visudo.c:177 +#: plugins/sudoers/visudo.c:175 #, c-format msgid "%s version %s\n" msgstr "%s versione %s\n" -#: logsrvd/logsrvd_conf.c:331 +#: logsrvd/logsrvd_conf.c:446 msgid "TLS not supported" msgstr "TLS non supportato" -#: logsrvd/logsrvd_conf.c:343 +#: logsrvd/logsrvd_conf.c:468 #, c-format msgid "%s:%s" msgstr "%s:%s" -#: logsrvd/logsrvd_conf.c:409 logsrvd/logsrvd_conf.c:653 +#: logsrvd/logsrvd_conf.c:541 logsrvd/logsrvd_conf.c:876 #, c-format msgid "%s: not a fully qualified path" msgstr "%s: non è un percorso completo" -#: logsrvd/logsrvd_conf.c:767 +#: logsrvd/logsrvd_conf.c:1035 #, c-format msgid "%s:%d unmatched '[': %s" msgstr "%s:%d \"[\" non corrispondente: %s" -#: logsrvd/logsrvd_conf.c:778 +#: logsrvd/logsrvd_conf.c:1046 #, c-format msgid "%s:%d invalid config section: %s" msgstr "%s:%d sezione configurazione non valida: %s" -#: logsrvd/logsrvd_conf.c:786 +#: logsrvd/logsrvd_conf.c:1054 #, c-format msgid "%s:%d invalid configuration line: %s" msgstr "%s:%d riga di configurazione non valida: %s" -#: logsrvd/logsrvd_conf.c:792 +#: logsrvd/logsrvd_conf.c:1060 #, c-format msgid "%s:%d expected section name: %s" msgstr "%s:%d atteso nome di sezione: %s" -#: logsrvd/logsrvd_conf.c:806 +#: logsrvd/logsrvd_conf.c:1074 #, c-format msgid "invalid value for %s: %s" msgstr "valore non valido per \"%s\": %s" -#: logsrvd/logsrvd_conf.c:814 +#: logsrvd/logsrvd_conf.c:1082 #, c-format msgid "%s:%d unknown key: %s" msgstr "%s:%d chiave sconosciuta: %s" -#: logsrvd/logsrvd_conf.c:1003 +#: logsrvd/logsrvd_conf.c:1294 #, c-format msgid "unknown syslog facility %s" msgstr "strumento syslog %s sconosciuto" -#: logsrvd/logsrvd_conf.c:1007 logsrvd/logsrvd_conf.c:1011 -#: logsrvd/logsrvd_conf.c:1015 +#: logsrvd/logsrvd_conf.c:1298 logsrvd/logsrvd_conf.c:1302 +#: logsrvd/logsrvd_conf.c:1306 #, c-format msgid "unknown syslog priority %s" msgstr "priorità syslog %s sconosciuta" -#: logsrvd/sendlog.c:127 -msgid "" -"\n" -"Options:\n" -" --help display help message and exit\n" -" -A, --accept only send an accept event (no I/O)\n" -" -h, --host host to send logs to\n" -" -i, --iolog_id remote ID of I/O log to be resumed\n" -" -p, --port port to use when connecting to host\n" -" -r, --restart restart previous I/O log transfer\n" -" -R, --reject reject the command with the given reason\n" -" -b, --ca-bundle certificate bundle file to verify server's cert against\n" -" -c, --cert certificate file for TLS handshake\n" -" -k, --key private key file\n" -" -n, --no-verify do not verify server certificate\n" -" -t, --test test audit server by sending selected I/O log n times in parallel\n" -" -V, --version display version information and exit\n" -msgstr "" -"\n" -"Opzioni:\n" -" --help Visualizza questo messaggio ed esce\n" -" -A, --accept Invia solo eventi accept (no I/O)\n" -" -h, --host Host a cui inviare i registri\n" -" -i, --iolog_id ID remoto del registro I/O da ripristinare\n" -" -p, --port Prta da usare nella connessione a un host\n" -" -r, --restart Riavvia il trasferimento precedente\n" -" -R, --reject Rifiuta il comando con il motivo indicato\n" -" -b, --ca-bundle File bundle del certificato per verificare il server\n" -" -c, --cert File certificato per handshake TLS\n" -" -k, --key File chiave privata\n" -" -n, --no-verify Non verifica il certificato del server\n" -" -t, --test Prova del server di audit inviando il registro I/O\n" -" selezionato N volte in parallelo\n" -" -V, --version Visualizza la versione ed esce\n" +#: logsrvd/logsrvd_conf.c:1374 +msgid "unable to initialize server TLS context" +msgstr "impossibile inizializzare il contesto TLS del server" + +#: logsrvd/logsrvd_conf.c:1394 +msgid "unable to initialize relay TLS context" +msgstr "impossibile inizializzare il contesto TLS di inoltro" + +#: logsrvd/logsrvd_journal.c:126 logsrvd/logsrvd_journal.c:367 +#: logsrvd/logsrvd_journal.c:373 +msgid "unable to create journal file" +msgstr "Impossibile creare un file del registro" + +#: logsrvd/logsrvd_journal.c:134 +msgid "unable to lock journal file" +msgstr "Impossibile bloccare il file del registro" + +#: logsrvd/logsrvd_journal.c:163 logsrvd/logsrvd_journal.c:406 +#: logsrvd/logsrvd_journal.c:411 +msgid "unable to write journal file" +msgstr "Impossibile scrivere il file del registro" + +#: logsrvd/logsrvd_journal.c:171 logsrvd/logsrvd_journal.c:178 +msgid "unable to rename journal file" +msgstr "Impossibile rinominare il file del registro" + +#: logsrvd/logsrvd_journal.c:228 logsrvd/logsrvd_journal.c:258 +msgid "unexpected EOF reading journal file" +msgstr "EOF inatteso nel file del registro" + +#: logsrvd/logsrvd_journal.c:230 logsrvd/logsrvd_journal.c:260 +msgid "error reading journal file" +msgstr "errore nel leggere il file del registro" + +#: logsrvd/logsrvd_journal.c:270 logsrvd/logsrvd_journal.c:325 +msgid "invalid journal file, unable to restart" +msgstr "file del registro non valido, impossibile riavviare" + +#: logsrvd/logsrvd_local.c:149 +msgid "error parsing AcceptMessage" +msgstr "errore nell'analizzare AcceptMessage" + +#: logsrvd/logsrvd_local.c:156 +msgid "error creating I/O log" +msgstr "errore nel creare il registro I/O" + +#: logsrvd/logsrvd_local.c:164 +msgid "error logging accept event" +msgstr "errore nel registrare l'evento accept" + +#: logsrvd/logsrvd_local.c:196 +msgid "error parsing RejectMessage" +msgstr "errore nell'analizzare RejectMessage" + +#: logsrvd/logsrvd_local.c:202 +msgid "error logging reject event" +msgstr "errore nel registrare l'evento reject" -#: logsrvd/sendlog.c:164 plugins/sudoers/log_client.c:432 +#: logsrvd/logsrvd_local.c:276 +msgid "log is already complete, cannot be restarted" +msgstr "il registro è già completo, non può essere riavviato" + +#: logsrvd/logsrvd_local.c:307 +msgid "unable to restart log" +msgstr "impossibile riavviare il registro" + +#: logsrvd/logsrvd_local.c:322 +msgid "error parsing AlertMessage" +msgstr "errore nell'analizzare AlertMessage" + +#: logsrvd/logsrvd_local.c:330 +msgid "error logging alert event" +msgstr "errore nel registrare l'evento alert" + +#: logsrvd/logsrvd_local.c:397 +msgid "error writing IoBuffer" +msgstr "errore nello scrivere IoBuffer" + +#: logsrvd/logsrvd_local.c:434 +msgid "error writing ChangeWindowSize" +msgstr "errore nello scrivere ChangeWindowSize" + +#: logsrvd/logsrvd_local.c:474 +msgid "error writing CommandSuspend" +msgstr "errore nello scrivere CommandSuspend" + +#: logsrvd/logsrvd_relay.c:434 +msgid "TLS handshake with relay host failed" +msgstr "handshake TLS con host di inoltro non riuscito" + +#: logsrvd/logsrvd_relay.c:462 +msgid "unable to connect to relay host" +msgstr "impossibile connettersi all'host di inoltro" + +#: logsrvd/logsrvd_relay.c:519 logsrvd/sendlog.c:951 +#: plugins/sudoers/log_client.c:1466 +msgid "invalid ServerHello" +msgstr "ServerHello non valido" + +#: logsrvd/logsrvd_relay.c:677 +msgid "unrecognized ServerMessage type" +msgstr "tipo di ServerMessage non riconosciuto" + +#: logsrvd/logsrvd_relay.c:709 +msgid "timeout reading from relay" +msgstr "timeout nel leggere dal relay" + +#: logsrvd/logsrvd_relay.c:761 +msgid "relay host name does not match certificate" +msgstr "il nome host del relay non corrisponde al certificato" + +#: logsrvd/logsrvd_relay.c:765 logsrvd/logsrvd_relay.c:786 +#: logsrvd/logsrvd_relay.c:794 +msgid "error reading from relay" +msgstr "errore nel leggere dal relay" + +#: logsrvd/logsrvd_relay.c:817 +msgid "unable to read from relay" +msgstr "impossibile leggere dal relay" + +#: logsrvd/logsrvd_relay.c:831 logsrvd/logsrvd_relay.c:951 +msgid "relay server closed connection" +msgstr "connessione chiusa del server di relay" + +#: logsrvd/logsrvd_relay.c:850 +msgid "server message too large" +msgstr "messaggio server troppo grande" + +#: logsrvd/logsrvd_relay.c:915 +msgid "timeout writing to relay" +msgstr "timeout nello scrivere sul relay" + +#: logsrvd/logsrvd_relay.c:973 logsrvd/logsrvd_relay.c:981 +#: logsrvd/logsrvd_relay.c:993 +msgid "error writing to relay" +msgstr "errore nello scrivere sul relay" + +#: logsrvd/sendlog.c:120 +msgid "send sudo I/O log to remote server" +msgstr "Invia registro I/O di sudo a un server remoto" + +#: logsrvd/sendlog.c:126 +msgid "only send an accept event (no I/O)" +msgstr "Invia solo un evento di accettazione (nessun I/O)" + +#: logsrvd/sendlog.c:129 +msgid "certificate bundle file to verify server's cert against" +msgstr "File bundle di certificati con cui verificare il certificato del server" + +#: logsrvd/sendlog.c:131 +msgid "certificate file for TLS handshake" +msgstr "File certificato per l'handshake TLS" + +#: logsrvd/sendlog.c:134 +msgid "host to send logs to" +msgstr "Host a cui inviare i registri" + +#: logsrvd/sendlog.c:136 +msgid "remote ID of I/O log to be resumed" +msgstr "ID remoto del registro di I/O da riprendere" + +#: logsrvd/sendlog.c:139 +msgid "private key file" +msgstr "File chiave privata" + +#: logsrvd/sendlog.c:141 +msgid "do not verify server certificate" +msgstr "Non verifica il certificato del server" + +#: logsrvd/sendlog.c:144 +msgid "port to use when connecting to host" +msgstr "Porta da utilizzare per la connessione all'host" + +#: logsrvd/sendlog.c:146 +msgid "restart previous I/O log transfer" +msgstr "Riavvia il precedente trasferimento del registro di I/O" + +#: logsrvd/sendlog.c:148 +msgid "reject the command with the given reason" +msgstr "Rifiuta il comando con il motivo indicato" + +#: logsrvd/sendlog.c:150 +msgid "test audit server by sending selected I/O log n times in parallel" +msgstr "Prova il server di controllo inviando il registro di I/O selezionato n-volte in parallelo" + +#: logsrvd/sendlog.c:175 plugins/sudoers/log_client.c:432 #, c-format msgid "unable to look up %s:%s: %s" msgstr "impossibile cercare %s:%s: %s" -#: logsrvd/sendlog.c:202 +#: logsrvd/sendlog.c:213 msgid "unable to get server IP addr" msgstr "impossibile ottenere indirizzo IP del server" -#: logsrvd/sendlog.c:256 plugins/sudoers/sudoreplay.c:851 +#: logsrvd/sendlog.c:267 plugins/sudoers/sudoreplay.c:851 #, c-format msgid "unable to read %s/%s: %s" msgstr "impossibile leggere %s/%s: %s" -#: logsrvd/sendlog.c:277 plugins/sudoers/log_client.c:694 +#: logsrvd/sendlog.c:288 plugins/sudoers/log_client.c:692 #, c-format msgid "client message too large: %zu" msgstr "messaggio client troppo grande: %zu" -#: logsrvd/sendlog.c:810 +#: logsrvd/sendlog.c:830 #, c-format msgid "%s: write buffer already in use" msgstr "%s: buffer di scrittura già in uso" -#: logsrvd/sendlog.c:862 plugins/sudoers/iolog.c:880 -#: plugins/sudoers/iolog.c:949 +#: logsrvd/sendlog.c:882 plugins/sudoers/iolog.c:893 +#: plugins/sudoers/iolog.c:962 #, c-format msgid "unexpected I/O event %d" msgstr "evento I/O %d non atteso" -#: logsrvd/sendlog.c:908 logsrvd/sendlog.c:925 logsrvd/sendlog.c:959 -#: plugins/sudoers/log_client.c:1118 plugins/sudoers/log_client.c:1386 -#: plugins/sudoers/log_client.c:1454 plugins/sudoers/log_client.c:1490 +#: logsrvd/sendlog.c:928 logsrvd/sendlog.c:945 logsrvd/sendlog.c:979 +#: plugins/sudoers/log_client.c:1124 plugins/sudoers/log_client.c:1392 +#: plugins/sudoers/log_client.c:1460 plugins/sudoers/log_client.c:1496 #, c-format msgid "%s: unexpected state %d" msgstr "%s: stato %d non atteso" -#: logsrvd/sendlog.c:931 plugins/sudoers/log_client.c:1460 -msgid "invalid ServerHello" -msgstr "ServerHello non valido" - -#: logsrvd/sendlog.c:995 plugins/sudoers/log_client.c:1534 +#: logsrvd/sendlog.c:1015 plugins/sudoers/log_client.c:1540 #, c-format msgid "error message received from server: %s" msgstr "messaggio di errore ricevuto dal server: %s" -#: logsrvd/sendlog.c:1008 plugins/sudoers/log_client.c:1547 +#: logsrvd/sendlog.c:1028 plugins/sudoers/log_client.c:1553 #, c-format msgid "abort message received from server: %s" msgstr "messaggio di abort ricevuto dal server: %s" -#: logsrvd/sendlog.c:1027 plugins/sudoers/log_client.c:1566 +#: logsrvd/sendlog.c:1047 plugins/sudoers/log_client.c:1572 msgid "unable to unpack ServerMessage" msgstr "impossibile aprire ServerMessage" -#: logsrvd/sendlog.c:1067 plugins/sudoers/log_client.c:1597 +#: logsrvd/sendlog.c:1087 plugins/sudoers/log_client.c:1603 #, c-format msgid "%s: unexpected type_case value %d" msgstr "%s: valore type_case %d non atteso" -#: logsrvd/sendlog.c:1096 +#: logsrvd/sendlog.c:1116 msgid "timeout reading from server" msgstr "timeout nel leggere dal server" -#: logsrvd/sendlog.c:1174 +#: logsrvd/sendlog.c:1195 msgid "premature EOF" msgstr "EOF prematuro" -#: logsrvd/sendlog.c:1187 plugins/sudoers/log_client.c:1751 +#: logsrvd/sendlog.c:1208 plugins/sudoers/log_client.c:1761 #, c-format msgid "server message too large: %u" msgstr "messaggio server troppo grande: %u" -#: logsrvd/sendlog.c:1238 +#: logsrvd/sendlog.c:1259 msgid "timeout writing to server" msgstr "timeout nello scrivere sul server" -#: logsrvd/sendlog.c:1457 plugins/sudoers/log_client.c:296 +#: logsrvd/sendlog.c:1591 +msgid "both restart point and iolog ID must be specified" +msgstr "devono essere specificati sia il punto di inizio che l'ID di iolog" + +#: logsrvd/sendlog.c:1595 +msgid "a restart point may not be set when no I/O is sent" +msgstr "un punto di partenza non può essere impostato quando non è inviato alcun I/O" + +#: logsrvd/sendlog.c:1671 +#, c-format +msgid "exited prematurely with state %d" +msgstr "uscito inaspettatamente con stato %d" + +#: logsrvd/sendlog.c:1672 +#, c-format +msgid "elapsed time sent to server [%lld, %ld]" +msgstr "tempo trascorso inviato al server [%lld, %ld]" + +#: logsrvd/sendlog.c:1674 +#, c-format +msgid "commit point received from server [%lld, %ld]" +msgstr "punto di commit ricevuto dal server [%lld, %ld]" + +#: logsrvd/tls_client.c:113 plugins/sudoers/log_client.c:296 msgid "TLS handshake timeout occurred" msgstr "timeout handshake TLS" -#: logsrvd/sendlog.c:1476 logsrvd/sendlog.c:1491 +#: logsrvd/tls_client.c:133 logsrvd/tls_client.c:149 #: plugins/sudoers/log_client.c:318 plugins/sudoers/log_client.c:334 msgid "unable to set event" msgstr "impossibile impostare evento" -#: logsrvd/sendlog.c:1501 logsrvd/sendlog.c:1505 +#: logsrvd/tls_client.c:159 logsrvd/tls_client.c:163 #, c-format msgid "TLS connection failed: %s" -msgstr "Connessione TLS non riuscita: %s" - -#: logsrvd/sendlog.c:1538 -#, c-format -msgid "Unable to initialize ssl context: %s" -msgstr "Impossibile inizializzare il conteso ssl: %s" +msgstr "connessione TLS non riuscita: %s" -#: logsrvd/sendlog.c:1543 plugins/sudoers/log_client.c:258 +#: logsrvd/tls_client.c:197 #, c-format -msgid "Unable to allocate ssl object: %s" -msgstr "Impossibile allocare l'oggetto ssl: %s" +msgid "unable to allocate ssl object: %s" +msgstr "impossibile allocare l'oggetto ssl: %s" -#: logsrvd/sendlog.c:1548 +#: logsrvd/tls_client.c:210 #, c-format msgid "Unable to attach socket to the ssl object: %s" msgstr "Impossibile collegare il socket all'oggetto ssl: %s" -#: logsrvd/sendlog.c:1792 -msgid "both restart point and iolog ID must be specified" -msgstr "devono essere specificati sia il punto di inizio che l'ID di iolog" +#: logsrvd/tls_client.c:238 +msgid "unable to initialize TLS context" +msgstr "impossibile inizializzare il contesto TLS" -#: logsrvd/sendlog.c:1796 -msgid "a restart point may not be set when no I/O is sent" -msgstr "un punto di partenza non può essere impostato quando non è inviato alcun I/O" +#: logsrvd/tls_init.c:129 logsrvd/tls_init.c:137 +#, c-format +msgid "unable to set TLS 1.2 ciphersuite to %s: %s" +msgstr "impossibile impostare il cifrario per TLS 1.2 a %s: %s" -#: logsrvd/sendlog.c:1871 +#: logsrvd/tls_init.c:157 logsrvd/tls_init.c:165 #, c-format -msgid "exited prematurely with state %d" -msgstr "uscito inaspettatamente con stato %d" +msgid "unable to set TLS 1.3 ciphersuite to %s: %s" +msgstr "impossibile impostare il cifrario per TLS 1.3 a %s: %s" -#: logsrvd/sendlog.c:1872 +#: logsrvd/tls_init.c:200 #, c-format -msgid "elapsed time sent to server [%lld, %ld]" -msgstr "tempo trascorso inviato al server [%lld, %ld]" +msgid "unable to create TLS context: %s" +msgstr "impossibile creare il contesyo TLS: %s" -#: logsrvd/sendlog.c:1874 +#: logsrvd/tls_init.c:206 #, c-format -msgid "commit point received from server [%lld, %ld]" -msgstr "punto di commit ricevuto dal server [%lld, %ld]" +msgid "unable to set minimum protocol version to TLS 1.2: %s" +msgstr "impossibile impostare la versione minima del protocollo a TLS 1.2: %s" -#: plugins/sudoers/alias.c:148 +#: logsrvd/tls_init.c:282 #, c-format -msgid "Alias \"%s\" already defined" -msgstr "Alias \"%s\" già definito" +msgid "unable to set diffie-hellman parameters: %s" +msgstr "impossibile impostare i parametri diffie-hellman: %s" + +#: logsrvd/tls_init.c:291 +#, c-format +msgid "unable to read diffie-hellman parameters: %s" +msgstr "impossibile leggere i parametri diffie-hellman: %s" + +#: logsrvd/tls_init.c:296 plugins/sudoers/check.c:274 +#: plugins/sudoers/cvtsudoers.c:618 plugins/sudoers/cvtsudoers.c:639 +#: plugins/sudoers/cvtsudoers.c:1249 plugins/sudoers/cvtsudoers_json.c:872 +#: plugins/sudoers/cvtsudoers_ldif.c:688 plugins/sudoers/sudoers.c:1028 +#: plugins/sudoers/sudoreplay.c:1435 plugins/sudoers/timestamp.c:433 +#: plugins/sudoers/tsdump.c:128 plugins/sudoers/visudo.c:913 +#, c-format +msgid "unable to open %s" +msgstr "impossibile aprire %s" -#: plugins/sudoers/audit.c:206 plugins/sudoers/audit.c:343 -#: plugins/sudoers/log_client.c:954 plugins/sudoers/log_client.c:1002 -#: plugins/sudoers/log_client.c:1050 plugins/sudoers/log_client.c:1175 -#: plugins/sudoers/logging.c:548 plugins/sudoers/policy.c:114 +#: plugins/sudoers/audit.c:259 plugins/sudoers/audit.c:398 +#: plugins/sudoers/log_client.c:960 plugins/sudoers/log_client.c:1008 +#: plugins/sudoers/log_client.c:1056 plugins/sudoers/log_client.c:1181 +#: plugins/sudoers/logging.c:548 plugins/sudoers/policy.c:120 msgid "unable to get time of day" msgstr "impossibile ottenere l'ora" @@ -1011,38 +1142,38 @@ msgid "unable to initialize PAM: %s" msgstr "impossibile inizializzare PAM: %s" -#: plugins/sudoers/auth/pam.c:317 +#: plugins/sudoers/auth/pam.c:340 #, c-format msgid "PAM authentication error: %s" msgstr "Errore autenticazione PAM: %s" -#: plugins/sudoers/auth/pam.c:336 +#: plugins/sudoers/auth/pam.c:359 msgid "account validation failure, is your account locked?" msgstr "validazione dell'account non riuscita: forse è bloccato?" -#: plugins/sudoers/auth/pam.c:347 +#: plugins/sudoers/auth/pam.c:370 msgid "Account or password is expired, reset your password and try again" msgstr "Account o password scaduto: reimpostare la password e provare nuovamente" -#: plugins/sudoers/auth/pam.c:353 +#: plugins/sudoers/auth/pam.c:376 #, c-format msgid "unable to change expired password: %s" msgstr "impossibile modificare la password scaduta: %s" -#: plugins/sudoers/auth/pam.c:364 +#: plugins/sudoers/auth/pam.c:387 msgid "Password expired, contact your system administrator" msgstr "Password scaduta, contattare l'amministratore di sistema" -#: plugins/sudoers/auth/pam.c:369 +#: plugins/sudoers/auth/pam.c:392 msgid "Account expired or PAM config lacks an \"account\" section for sudo, contact your system administrator" msgstr "Account scaduto o alla configurazione PAM manca una sezione \"account\" per sudo: contattare l'amministratore di sistema" -#: plugins/sudoers/auth/pam.c:377 plugins/sudoers/auth/pam.c:382 +#: plugins/sudoers/auth/pam.c:400 plugins/sudoers/auth/pam.c:405 #, c-format msgid "PAM account management error: %s" msgstr "Errore gestione account PAM: %s" -#: plugins/sudoers/auth/rfc1938.c:99 plugins/sudoers/visudo.c:243 +#: plugins/sudoers/auth/rfc1938.c:99 plugins/sudoers/visudo.c:241 #, c-format msgid "you do not exist in the %s database" msgstr "l'utente attuale non esiste nel database %s" @@ -1115,7 +1246,17 @@ msgid "unable to commit audit record" msgstr "impossibile inviare il record di audit" -#: plugins/sudoers/check.c:258 +#: plugins/sudoers/check.c:264 +#, c-format +msgid "error reading lecture file %s" +msgstr "errore nel leggere il file di lezione %s" + +#: plugins/sudoers/check.c:270 +#, c-format +msgid "ignoring lecture file %s: not a regular file" +msgstr "il file di lezione %s viene ignorato: non è un file regolare" + +#: plugins/sudoers/check.c:283 msgid "" "\n" "We trust you have received the usual lecture from the local System\n" @@ -1135,21 +1276,41 @@ " #3) Da grandi poteri derivano grandi responsabilità\n" "\n" -#: plugins/sudoers/check.c:301 plugins/sudoers/check.c:311 -#: plugins/sudoers/sudoers.c:837 plugins/sudoers/sudoers.c:858 +#: plugins/sudoers/check.c:325 plugins/sudoers/check.c:335 +#: plugins/sudoers/sudoers.c:830 plugins/sudoers/sudoers.c:851 #: plugins/sudoers/tsdump.c:119 #, c-format msgid "unknown uid: %u" msgstr "uid sconosciuto: %u" -#: plugins/sudoers/check.c:306 plugins/sudoers/exptilde.c:85 -#: plugins/sudoers/iolog.c:118 plugins/sudoers/policy.c:1088 -#: plugins/sudoers/sudoers.c:440 plugins/sudoers/sudoers.c:1307 -#: plugins/sudoers/testsudoers.c:219 plugins/sudoers/testsudoers.c:386 +#: plugins/sudoers/check.c:330 plugins/sudoers/exptilde.c:85 +#: plugins/sudoers/iolog.c:118 plugins/sudoers/policy.c:1123 +#: plugins/sudoers/sudoers.c:432 plugins/sudoers/sudoers.c:1283 +#: plugins/sudoers/testsudoers.c:215 plugins/sudoers/testsudoers.c:382 #, c-format msgid "unknown user: %s" msgstr "utente sconosciuto: %s" +#: plugins/sudoers/check_aliases.c:56 +#, c-format +msgid "Error: %s:%d:%d: cycle in %s \"%s\"" +msgstr "Errore: %s:%d:%d: ciclo in %s \"%s\"" + +#: plugins/sudoers/check_aliases.c:57 +#, c-format +msgid "Warning: %s:%d:%d: cycle in %s \"%s\"" +msgstr "Attenzione: %s:%d:%d: ciclo in %s \"%s\"" + +#: plugins/sudoers/check_aliases.c:61 +#, c-format +msgid "Error: %s:%d:%d: %s \"%s\" referenced but not defined" +msgstr "Errore: %1$s:%2$d:%3$d: riferimento a \"%5$s\" %4$s, ma non definito" + +#: plugins/sudoers/check_aliases.c:62 +#, c-format +msgid "Warning: %s:%d:%d: %s \"%s\" referenced but not defined" +msgstr "Attenzione: %1$s:%2$d:%3$d: riferimento a \"%5$s\" %4$s, ma non definito" + #: plugins/sudoers/cvtsudoers.c:194 #, c-format msgid "order increment: %s: %s" @@ -1165,12 +1326,12 @@ msgid "order padding: %s: %s" msgstr "ordine di riempimento: %s: %s" -#: plugins/sudoers/cvtsudoers.c:230 plugins/sudoers/visudo.c:179 +#: plugins/sudoers/cvtsudoers.c:230 plugins/sudoers/visudo.c:177 #, c-format msgid "%s grammar version %d\n" msgstr "%s versione grammaticale %d\n" -#: plugins/sudoers/cvtsudoers.c:247 plugins/sudoers/testsudoers.c:167 +#: plugins/sudoers/cvtsudoers.c:247 plugins/sudoers/testsudoers.c:159 #, c-format msgid "unsupported input format %s" msgstr "formato di input %s non supportato" @@ -1185,9 +1346,9 @@ msgid "%s: input and output files must be different" msgstr "%s: i file di input e output devono essere diversi" -#: plugins/sudoers/cvtsudoers.c:330 plugins/sudoers/sudoers.c:178 -#: plugins/sudoers/testsudoers.c:258 plugins/sudoers/visudo.c:249 -#: plugins/sudoers/visudo.c:603 plugins/sudoers/visudo.c:926 +#: plugins/sudoers/cvtsudoers.c:330 plugins/sudoers/sudoers.c:177 +#: plugins/sudoers/testsudoers.c:254 plugins/sudoers/visudo.c:247 +#: plugins/sudoers/visudo.c:597 plugins/sudoers/visudo.c:917 msgid "unable to initialize sudoers default values" msgstr "impossibile inizializzare i valori predefiniti di sudoers" @@ -1216,37 +1377,28 @@ msgid "invalid filter: %s" msgstr "filtro non valido: %s" -#: plugins/sudoers/cvtsudoers.c:617 plugins/sudoers/cvtsudoers.c:634 -#: plugins/sudoers/cvtsudoers.c:1244 plugins/sudoers/cvtsudoers_json.c:872 -#: plugins/sudoers/cvtsudoers_ldif.c:688 plugins/sudoers/sudoers.c:1053 -#: plugins/sudoers/sudoreplay.c:1435 plugins/sudoers/timestamp.c:441 -#: plugins/sudoers/tsdump.c:128 plugins/sudoers/visudo.c:922 -#, c-format -msgid "unable to open %s" -msgstr "impossibile aprire %s" - -#: plugins/sudoers/cvtsudoers.c:637 plugins/sudoers/visudo.c:931 +#: plugins/sudoers/cvtsudoers.c:642 plugins/sudoers/visudo.c:922 #, c-format msgid "failed to parse %s file, unknown error" msgstr "analisi del file %s non riuscita, errore sconosciuto" -#: plugins/sudoers/cvtsudoers.c:645 +#: plugins/sudoers/cvtsudoers.c:650 #, c-format msgid "parse error in %s near line %d\n" msgstr "errore di analisi in %s vicino alla riga %d\n" -#: plugins/sudoers/cvtsudoers.c:648 +#: plugins/sudoers/cvtsudoers.c:653 #, c-format msgid "parse error in %s\n" msgstr "errore di analisi in %s\n" -#: plugins/sudoers/cvtsudoers.c:1291 plugins/sudoers/sudoreplay.c:1124 -#: plugins/sudoers/timestamp.c:325 plugins/sudoers/timestamp.c:328 +#: plugins/sudoers/cvtsudoers.c:1296 plugins/sudoers/sudoreplay.c:1124 +#: plugins/sudoers/timestamp.c:317 plugins/sudoers/timestamp.c:320 #, c-format msgid "unable to write to %s" msgstr "impossibile scrivere su %s" -#: plugins/sudoers/cvtsudoers.c:1314 +#: plugins/sudoers/cvtsudoers.c:1319 #, c-format msgid "" "%s - convert between sudoers file formats\n" @@ -1256,7 +1408,7 @@ "\n" "\n" -#: plugins/sudoers/cvtsudoers.c:1316 +#: plugins/sudoers/cvtsudoers.c:1321 msgid "" "\n" "Options:\n" @@ -1902,6 +2054,15 @@ msgid "The format of logs to produce: %s" msgstr "Il formato dei registri da creare: %s" +#: plugins/sudoers/def_data.c:574 +msgid "Enable SELinux RBAC support" +msgstr "Abilita il supporto RBAC SELinux" + +#: plugins/sudoers/def_data.c:578 +#, c-format +msgid "Path to the file that is created the first time sudo is run: %s" +msgstr "Percorso del file creato la prima volta che viene eseguito sudo: %s" + #: plugins/sudoers/defaults.c:185 #, c-format msgid "%s:%d:%d: unknown defaults entry \"%s\"" @@ -1952,35 +2113,35 @@ msgid "%s: value \"%s\" is invalid for option \"%s\"" msgstr "%s: il valore \"%s\" non è valido per l'opzione \"%s\"" -#: plugins/sudoers/defaults.c:1030 +#: plugins/sudoers/defaults.c:1040 #, c-format msgid "%s:%d:%d: values for \"%s\" must start with a '/', '~', or '*'" msgstr "%s:%d:%d: i valori per \"%s\" devono iniziare con un carattere \"/\", \"~\" o \"*\"" -#: plugins/sudoers/defaults.c:1034 +#: plugins/sudoers/defaults.c:1044 #, c-format msgid "%s: values for \"%s\" must start with a '/', '~', or '*'" msgstr "%s: i valori per \"%s\" devono iniziare con un carattere \"/\", \"~\" o \"*\"" -#: plugins/sudoers/defaults.c:1045 +#: plugins/sudoers/defaults.c:1055 #, c-format msgid "%s:%d:%d: values for \"%s\" must start with a '/'" msgstr "%s:%d:%d: i valori per \"%s\" devono iniziare con un carattere \"/\"" -#: plugins/sudoers/defaults.c:1049 +#: plugins/sudoers/defaults.c:1059 #, c-format msgid "%s: values for \"%s\" must start with a '/'" msgstr "%s: i valori per \"%s\" devono iniziare con un carattere \"/\"" -#: plugins/sudoers/env.c:405 +#: plugins/sudoers/env.c:412 msgid "sudo_putenv: corrupted envp, length mismatch" msgstr "sudo_putenv: envp danneggiato, discordanza nella lunghezza" -#: plugins/sudoers/env.c:1133 +#: plugins/sudoers/env.c:1095 msgid "unable to rebuild the environment" msgstr "impossibile ricostruire l’ambiente" -#: plugins/sudoers/env.c:1207 +#: plugins/sudoers/env.c:1169 #, c-format msgid "sorry, you are not allowed to set the following environment variables: %s" msgstr "permessi non sufficienti per impostare le seguenti variabili d'ambiente: %s" @@ -2044,42 +2205,42 @@ msgid "Local IP address and netmask pairs:\n" msgstr "Coppia indirizzo IP locale e maschera di rete:\n" -#: plugins/sudoers/iolog.c:143 plugins/sudoers/sudoers.c:445 -#: plugins/sudoers/sudoers.c:1341 plugins/sudoers/testsudoers.c:410 +#: plugins/sudoers/iolog.c:143 plugins/sudoers/sudoers.c:437 +#: plugins/sudoers/sudoers.c:1317 plugins/sudoers/testsudoers.c:406 #, c-format msgid "unknown group: %s" msgstr "gruppo sconosciuto: %s" -#: plugins/sudoers/iolog.c:622 +#: plugins/sudoers/iolog.c:635 msgid "unable to update sequence file" msgstr "impossibile aggiornare il file sequenza" -#: plugins/sudoers/iolog.c:653 plugins/sudoers/iolog.c:841 -#: plugins/sudoers/iolog.c:994 plugins/sudoers/iolog.c:1001 -#: plugins/sudoers/iolog.c:1122 plugins/sudoers/iolog.c:1129 -#: plugins/sudoers/iolog.c:1228 plugins/sudoers/iolog.c:1235 +#: plugins/sudoers/iolog.c:666 plugins/sudoers/iolog.c:854 +#: plugins/sudoers/iolog.c:1007 plugins/sudoers/iolog.c:1014 +#: plugins/sudoers/iolog.c:1135 plugins/sudoers/iolog.c:1142 +#: plugins/sudoers/iolog.c:1241 plugins/sudoers/iolog.c:1248 #, c-format msgid "unable to write to I/O log file: %s" msgstr "impossibile scrivere sul file di registro di I/O: %s" -#: plugins/sudoers/iolog.c:661 +#: plugins/sudoers/iolog.c:674 #, c-format msgid "unable to create %s/%s" msgstr "impossibile creare %s/%s" -#: plugins/sudoers/iolog.c:886 +#: plugins/sudoers/iolog.c:899 #, c-format msgid "%s: internal error, I/O log file for event %d not open" msgstr "%s: errore interno, file registro IO per l'evento %d non aperto" -#: plugins/sudoers/iolog.c:979 plugins/sudoers/iolog.c:1107 -#: plugins/sudoers/iolog.c:1212 plugins/sudoers/timestamp.c:855 -#: plugins/sudoers/timestamp.c:947 plugins/sudoers/visudo.c:493 -#: plugins/sudoers/visudo.c:499 +#: plugins/sudoers/iolog.c:992 plugins/sudoers/iolog.c:1120 +#: plugins/sudoers/iolog.c:1225 plugins/sudoers/timestamp.c:849 +#: plugins/sudoers/timestamp.c:941 plugins/sudoers/visudo.c:487 +#: plugins/sudoers/visudo.c:493 msgid "unable to read the clock" msgstr "impossibile leggere l'orologio" -#: plugins/sudoers/iolog.c:1204 plugins/sudoers/log_client.c:1193 +#: plugins/sudoers/iolog.c:1217 plugins/sudoers/log_client.c:1199 #, c-format msgid "%s: internal error, invalid signal %d" msgstr "%s: errore interno, segnale %d non valido" @@ -2107,7 +2268,7 @@ msgid "start_tls specified but LDAP libs do not support ldap_start_tls_s() or ldap_start_tls_s_np()" msgstr "specificato start_tls ma le librerie LDAP non supportano ldap_start_tls_s() o ldap_start_tls_s_np()" -#: plugins/sudoers/ldap.c:1834 plugins/sudoers/parse_ldif.c:744 +#: plugins/sudoers/ldap.c:1834 plugins/sudoers/parse_ldif.c:746 #, c-format msgid "invalid sudoOrder attribute: %s" msgstr "attributo sudoOrder non valido: %s" @@ -2126,21 +2287,29 @@ msgid "unable to mix ldap and ldaps URIs" msgstr "impossibile utilizzare URI ldap e ldaps assieme" -#: plugins/sudoers/ldap_util.c:553 plugins/sudoers/ldap_util.c:555 +#: plugins/sudoers/ldap_util.c:529 plugins/sudoers/ldap_util.c:536 +#: plugins/sudoers/ldap_util.c:544 plugins/sudoers/ldap_util.c:553 +#: plugins/sudoers/ldap_util.c:561 plugins/sudoers/ldap_util.c:571 +#: plugins/sudoers/ldap_util.c:579 +#, c-format +msgid "duplicate sudoOption: %s%s%s" +msgstr "sudoOption duplicato: %s%s%s" + +#: plugins/sudoers/ldap_util.c:598 plugins/sudoers/ldap_util.c:600 #, c-format msgid "unable to convert sudoOption: %s%s%s" msgstr "impossibile convertire sudoOption: %s%s%s" -#: plugins/sudoers/linux_audit.c:58 +#: plugins/sudoers/linux_audit.c:58 plugins/sudoers/linux_audit.c:60 msgid "unable to open audit system" msgstr "impossibile aprire il sistema di audit" -#: plugins/sudoers/linux_audit.c:101 +#: plugins/sudoers/linux_audit.c:103 msgid "unable to send audit message" msgstr "impossibile inviare il messaggio di audit" #: plugins/sudoers/log_client.c:113 plugins/sudoers/log_client.c:391 -#: plugins/sudoers/log_client.c:1431 plugins/sudoers/log_client.c:2023 +#: plugins/sudoers/log_client.c:1437 plugins/sudoers/log_client.c:2031 msgid "error in event loop" msgstr "errore nel ciclo dell'evento" @@ -2149,6 +2318,26 @@ msgid "Creation of new SSL_CTX object failed: %s" msgstr "Creazione di un nuovo oggetto SSL_CTX non riuscita: %s" +#: plugins/sudoers/log_client.c:216 +#, c-format +msgid "unable to load certificate authority bundle %s" +msgstr "impossibile caricare il bundle CA %s" + +#: plugins/sudoers/log_client.c:236 +#, c-format +msgid "unable to load certificate %s" +msgstr "impossibile caricare il certificato %s" + +#: plugins/sudoers/log_client.c:249 +#, c-format +msgid "unable to load private key %s" +msgstr "impossibile caricare la chiave privata %s" + +#: plugins/sudoers/log_client.c:258 +#, c-format +msgid "Unable to allocate ssl object: %s" +msgstr "Impossibile allocare l'oggetto ssl: %s" + #: plugins/sudoers/log_client.c:345 plugins/sudoers/log_client.c:350 #, c-format msgid "TLS connection to %s:%s failed: %s" @@ -2162,20 +2351,20 @@ msgid "TLS handshake was unsuccessful" msgstr "handshake TLS non riuscito" -#: plugins/sudoers/log_client.c:1202 +#: plugins/sudoers/log_client.c:1208 #, c-format msgid "%s: internal error, invalid exit status %d" msgstr "%s: errore interno, stato di uscita %d non valido" -#: plugins/sudoers/log_client.c:1738 +#: plugins/sudoers/log_client.c:1724 plugins/sudoers/log_client.c:1748 msgid "lost connection to log server" msgstr "connessione al server del registro persa" -#: plugins/sudoers/log_client.c:1815 +#: plugins/sudoers/log_client.c:1825 msgid "missing write buffer" msgstr "manca il buffer in scrittura" -#: plugins/sudoers/log_client.c:1964 +#: plugins/sudoers/log_client.c:1972 msgid "unable to connect to log server" msgstr "impossibile connettersi al server del registro" @@ -2211,15 +2400,15 @@ msgid "Sorry, user %s is not allowed to execute '%s%s%s' as %s%s%s on %s.\n" msgstr "All'utente %s non è consentito eseguire \"%s%s%s\" come %s%s%s su %s.\n" -#: plugins/sudoers/logging.c:316 plugins/sudoers/sudoers.c:583 -#: plugins/sudoers/sudoers.c:585 plugins/sudoers/sudoers.c:587 -#: plugins/sudoers/sudoers.c:589 plugins/sudoers/sudoers.c:739 -#: plugins/sudoers/sudoers.c:741 +#: plugins/sudoers/logging.c:316 plugins/sudoers/sudoers.c:575 +#: plugins/sudoers/sudoers.c:577 plugins/sudoers/sudoers.c:579 +#: plugins/sudoers/sudoers.c:581 plugins/sudoers/sudoers.c:723 +#: plugins/sudoers/sudoers.c:725 #, c-format msgid "%s: command not found" msgstr "%s: comando non trovato" -#: plugins/sudoers/logging.c:318 plugins/sudoers/sudoers.c:579 +#: plugins/sudoers/logging.c:318 plugins/sudoers/sudoers.c:571 #, c-format msgid "" "ignoring \"%s\" found in '.'\n" @@ -2243,12 +2432,12 @@ msgid "a password is required" msgstr "è necessaria una password" -#: plugins/sudoers/logging.c:729 +#: plugins/sudoers/logging.c:739 #, c-format msgid "unable to open log file: %s" msgstr "impossibile aprire il file di registro: %s" -#: plugins/sudoers/logging.c:762 +#: plugins/sudoers/logging.c:772 #, c-format msgid "unable to write log file: %s" msgstr "impossibile scrivere sul file di registro: %s" @@ -2258,7 +2447,7 @@ msgid "digest for %s (%s) is not in %s form" msgstr "il digest per %s (%s) non è nella forma %s" -#: plugins/sudoers/parse.c:518 +#: plugins/sudoers/parse.c:530 #, c-format msgid "" "\n" @@ -2267,7 +2456,7 @@ "\n" "Ruolo LDAP: %s\n" -#: plugins/sudoers/parse.c:521 +#: plugins/sudoers/parse.c:533 msgid "" "\n" "Sudoers entry:\n" @@ -2275,104 +2464,110 @@ "\n" "Voce sudoers:\n" -#: plugins/sudoers/parse.c:523 +#: plugins/sudoers/parse.c:535 msgid " RunAsUsers: " msgstr " RunAsUsers: " -#: plugins/sudoers/parse.c:538 +#: plugins/sudoers/parse.c:550 msgid " RunAsGroups: " msgstr " RunAsGroups: " -#: plugins/sudoers/parse.c:548 +#: plugins/sudoers/parse.c:560 msgid " Options: " msgstr " Opzioni: " -#: plugins/sudoers/parse.c:602 +#: plugins/sudoers/parse.c:614 msgid " Commands:\n" msgstr " Comandi:\n" -#: plugins/sudoers/parse.c:793 +#: plugins/sudoers/parse.c:805 #, c-format msgid "Matching Defaults entries for %s on %s:\n" msgstr "Corrispondenza voci Defaults per %s su %s:\n" -#: plugins/sudoers/parse.c:811 +#: plugins/sudoers/parse.c:823 #, c-format msgid "Runas and Command-specific defaults for %s:\n" msgstr "Valori predefiniti per Runas e Command per %s:\n" -#: plugins/sudoers/parse.c:829 +#: plugins/sudoers/parse.c:841 #, c-format msgid "User %s may run the following commands on %s:\n" msgstr "L'utente %s può eseguire i seguenti comandi su %s:\n" -#: plugins/sudoers/parse.c:844 +#: plugins/sudoers/parse.c:856 #, c-format msgid "User %s is not allowed to run sudo on %s.\n" msgstr "L'utente %s non è abilitato all'esecuzione di sudo su %s.\n" -#: plugins/sudoers/parse_ldif.c:614 +#: plugins/sudoers/parse_ldif.c:616 #, c-format msgid "ignoring incomplete sudoRole: cn: %s" msgstr "ignorato sudoRole non completo: cn: %s" -#: plugins/sudoers/parse_ldif.c:674 +#: plugins/sudoers/parse_ldif.c:676 #, c-format msgid "invalid LDIF attribute: %s" msgstr "attributo LDIF non valido: %s" -#: plugins/sudoers/policy.c:78 plugins/sudoers/policy.c:102 +#: plugins/sudoers/policy.c:78 plugins/sudoers/policy.c:108 #, c-format msgid "invalid %.*s set by sudo front-end" msgstr "%.*s non valido impostato dal front-end sudo" -#: plugins/sudoers/policy.c:310 plugins/sudoers/testsudoers.c:272 +#: plugins/sudoers/policy.c:314 plugins/sudoers/testsudoers.c:268 msgid "unable to parse network address list" msgstr "impossibile analizzare l'elenco degli indirizzi di rete" -#: plugins/sudoers/policy.c:455 +#: plugins/sudoers/policy.c:465 msgid "user name not set by sudo front-end" msgstr "nome utente non impostato dal front-end sudo" -#: plugins/sudoers/policy.c:459 +#: plugins/sudoers/policy.c:469 msgid "user-ID not set by sudo front-end" msgstr "ID utente non impostato dal front-end sudo" -#: plugins/sudoers/policy.c:463 +#: plugins/sudoers/policy.c:473 msgid "group-ID not set by sudo front-end" msgstr "ID gruppo non impostato dal front-end sudo" -#: plugins/sudoers/policy.c:467 +#: plugins/sudoers/policy.c:477 msgid "host name not set by sudo front-end" msgstr "nome dell'host non impostato dal front-end sudo" -#: plugins/sudoers/policy.c:643 +#: plugins/sudoers/policy.c:660 #, c-format msgid "invalid working directory: %s" msgstr "directory di lavoro non valida: %s" -#: plugins/sudoers/policy.c:811 +#: plugins/sudoers/policy.c:828 #, c-format msgid "invalid chroot directory: %s" msgstr "directory chroot non valida: %s" -#: plugins/sudoers/policy.c:947 plugins/sudoers/visudo.c:231 -#: plugins/sudoers/visudo.c:860 +#: plugins/sudoers/policy.c:963 plugins/sudoers/visudo.c:229 +#: plugins/sudoers/visudo.c:851 #, c-format msgid "unable to execute %s" msgstr "impossibile eseguire %s" -#: plugins/sudoers/policy.c:1111 +#: plugins/sudoers/policy.c:1030 plugins/sudoers/policy.c:1067 +#: plugins/sudoers/policy.c:1089 plugins/sudoers/policy.c:1115 +#, c-format +msgid "%s: invalid mode flags from sudo front end: 0x%x" +msgstr "%s: flag in modalità non valida dal front-end sudo: 0x%x" + +#: plugins/sudoers/policy.c:1146 #, c-format msgid "Sudoers policy plugin version %s\n" msgstr "Versione %s del plugin della politica sudoers\n" -#: plugins/sudoers/policy.c:1113 +#: plugins/sudoers/policy.c:1148 #, c-format msgid "Sudoers file grammar version %d\n" msgstr "Versione %d della grammatica del file sudoers\n" -#: plugins/sudoers/policy.c:1117 +#: plugins/sudoers/policy.c:1152 #, c-format msgid "" "\n" @@ -2381,86 +2576,91 @@ "\n" "Percorso sudoers: %s\n" -#: plugins/sudoers/policy.c:1120 +#: plugins/sudoers/policy.c:1155 #, c-format msgid "nsswitch path: %s\n" msgstr "percorso nsswitch: %s\n" -#: plugins/sudoers/policy.c:1122 +#: plugins/sudoers/policy.c:1157 #, c-format msgid "ldap.conf path: %s\n" msgstr "percorso ldap.conf: %s\n" -#: plugins/sudoers/policy.c:1123 +#: plugins/sudoers/policy.c:1158 #, c-format msgid "ldap.secret path: %s\n" msgstr "percorso ldap.secret: %s\n" -#: plugins/sudoers/policy.c:1156 +#: plugins/sudoers/policy.c:1191 #, c-format msgid "unable to register hook of type %d (version %d.%d)" msgstr "impossibile registrare un hook di tipo %d (versione %d.%d)" -#: plugins/sudoers/pwutil.c:217 plugins/sudoers/pwutil.c:235 +#: plugins/sudoers/policy.c:1209 +#, c-format +msgid "unable to deregister hook of type %d (version %d.%d)" +msgstr "impossibile annullare la registrazione dell'hook di tipo %d (versione %d.%d)" + +#: plugins/sudoers/pwutil.c:218 plugins/sudoers/pwutil.c:236 #, c-format msgid "unable to cache uid %u" msgstr "impossibile memorizzare in cache lo uid %u" -#: plugins/sudoers/pwutil.c:229 +#: plugins/sudoers/pwutil.c:230 #, c-format msgid "unable to cache uid %u, already exists" msgstr "impossibile memorizzare in cache lo uid %u, esiste già" -#: plugins/sudoers/pwutil.c:289 plugins/sudoers/pwutil.c:307 -#: plugins/sudoers/pwutil.c:370 plugins/sudoers/pwutil.c:415 +#: plugins/sudoers/pwutil.c:290 plugins/sudoers/pwutil.c:308 +#: plugins/sudoers/pwutil.c:371 plugins/sudoers/pwutil.c:416 #, c-format msgid "unable to cache user %s" msgstr "impossibile memorizzare in cache l'utente %s" -#: plugins/sudoers/pwutil.c:302 +#: plugins/sudoers/pwutil.c:303 #, c-format msgid "unable to cache user %s, already exists" msgstr "impossibile memorizzare in cache l'utente %s, esiste già" -#: plugins/sudoers/pwutil.c:534 plugins/sudoers/pwutil.c:552 +#: plugins/sudoers/pwutil.c:535 plugins/sudoers/pwutil.c:553 #, c-format msgid "unable to cache gid %u" msgstr "impossibile memorizzare in cache il gid %u" -#: plugins/sudoers/pwutil.c:546 +#: plugins/sudoers/pwutil.c:547 #, c-format msgid "unable to cache gid %u, already exists" msgstr "impossibile memorizzare in cache il gid %u, esiste già" -#: plugins/sudoers/pwutil.c:599 plugins/sudoers/pwutil.c:617 -#: plugins/sudoers/pwutil.c:665 plugins/sudoers/pwutil.c:707 +#: plugins/sudoers/pwutil.c:601 plugins/sudoers/pwutil.c:619 +#: plugins/sudoers/pwutil.c:680 plugins/sudoers/pwutil.c:729 #, c-format msgid "unable to cache group %s" msgstr "impossibile memorizzare in cache il gruppo %s" -#: plugins/sudoers/pwutil.c:612 +#: plugins/sudoers/pwutil.c:614 #, c-format msgid "unable to cache group %s, already exists" msgstr "impossibile memorizzare in cache il gruppo %s, esiste già" -#: plugins/sudoers/pwutil.c:834 plugins/sudoers/pwutil.c:885 -#: plugins/sudoers/pwutil.c:935 plugins/sudoers/pwutil.c:987 +#: plugins/sudoers/pwutil.c:876 plugins/sudoers/pwutil.c:927 +#: plugins/sudoers/pwutil.c:977 plugins/sudoers/pwutil.c:1029 #, c-format msgid "unable to cache group list for %s, already exists" msgstr "impossibile memorizzare in cache l'elenco di gruppo %s, esiste già" -#: plugins/sudoers/pwutil.c:840 plugins/sudoers/pwutil.c:890 -#: plugins/sudoers/pwutil.c:941 plugins/sudoers/pwutil.c:992 +#: plugins/sudoers/pwutil.c:882 plugins/sudoers/pwutil.c:932 +#: plugins/sudoers/pwutil.c:983 plugins/sudoers/pwutil.c:1034 #, c-format msgid "unable to cache group list for %s" msgstr "impossibile memorizzare in cache l'elenco di gruppo %s" -#: plugins/sudoers/pwutil.c:879 +#: plugins/sudoers/pwutil.c:921 #, c-format msgid "unable to parse groups for %s" msgstr "impossibile analizzare i gruppi per %s" -#: plugins/sudoers/pwutil.c:981 +#: plugins/sudoers/pwutil.c:1023 #, c-format msgid "unable to parse gids for %s" msgstr "impossibile analizzare i gid per %s" @@ -2535,135 +2735,139 @@ msgid "unable to find symbol \"%s\" in %s" msgstr "impossibile trovare il simbolo \"%s\" in %s" -#: plugins/sudoers/sudoers.c:214 plugins/sudoers/sudoers.c:1010 +#: plugins/sudoers/sudoers.c:213 plugins/sudoers/sudoers.c:985 msgid "problem with defaults entries" msgstr "problema con le voci Defaults" -#: plugins/sudoers/sudoers.c:218 +#: plugins/sudoers/sudoers.c:217 msgid "no valid sudoers sources found, quitting" msgstr "nessuna sorgente valida di sudoers trovata, uscita" -#: plugins/sudoers/sudoers.c:292 +#: plugins/sudoers/sudoers.c:291 #, c-format msgid "user not allowed to change root directory to %s" msgstr "l'utente non è autorizzato a cambiare la directory root a %s" -#: plugins/sudoers/sudoers.c:294 +#: plugins/sudoers/sudoers.c:293 #, c-format msgid "you are not permitted to use the -R option with %s" msgstr "non è consentito l'uso dell'opzione -R con %s" -#: plugins/sudoers/sudoers.c:319 +#: plugins/sudoers/sudoers.c:318 #, c-format msgid "user not allowed to change directory to %s" msgstr "l'utente non è autorizzato a cambiare directory a %s" -#: plugins/sudoers/sudoers.c:320 +#: plugins/sudoers/sudoers.c:319 #, c-format msgid "you are not permitted to use the -D option with %s" msgstr "non è consentito l'uso dell'opzione -D con %s" -#: plugins/sudoers/sudoers.c:351 +#: plugins/sudoers/sudoers.c:345 +msgid "no command specified" +msgstr "nessun comando specificato" + +#: plugins/sudoers/sudoers.c:355 msgid "sudoers specifies that root is not allowed to sudo" msgstr "sudoers indica che a root non è consentito usare sudo" -#: plugins/sudoers/sudoers.c:411 +#: plugins/sudoers/sudoers.c:403 msgid "user not allowed to override closefrom limit" msgstr "l'utente non è autorizzato a scavalcare il limite closefrom" -#: plugins/sudoers/sudoers.c:412 +#: plugins/sudoers/sudoers.c:404 msgid "you are not permitted to use the -C option" msgstr "utente non abilitato all'uso dell'opzione -C" -#: plugins/sudoers/sudoers.c:472 +#: plugins/sudoers/sudoers.c:464 #, c-format msgid "timestamp owner (%s): No such user" msgstr "proprietario marcatura temporale (%s): utente inesistente" -#: plugins/sudoers/sudoers.c:487 +#: plugins/sudoers/sudoers.c:479 msgid "no tty" msgstr "nessun tty" -#: plugins/sudoers/sudoers.c:488 +#: plugins/sudoers/sudoers.c:480 msgid "sorry, you must have a tty to run sudo" msgstr "è necessario disporre di un tty per eseguire sudo" -#: plugins/sudoers/sudoers.c:495 +#: plugins/sudoers/sudoers.c:487 #, c-format msgid "invalid shell for user %s: %s" msgstr "shell utente %s non valida: %s" -#: plugins/sudoers/sudoers.c:578 +#: plugins/sudoers/sudoers.c:570 msgid "command in current directory" msgstr "comando nella directory corrente" -#: plugins/sudoers/sudoers.c:597 +#: plugins/sudoers/sudoers.c:589 msgid "user not allowed to set a command timeout" msgstr "l'utente non è autorizzato a impostare un timeout per i comandi" -#: plugins/sudoers/sudoers.c:599 +#: plugins/sudoers/sudoers.c:591 msgid "sorry, you are not allowed set a command timeout" msgstr "non è consentito impostare un timeout per i comandi" -#: plugins/sudoers/sudoers.c:607 +#: plugins/sudoers/sudoers.c:599 msgid "user not allowed to preserve the environment" msgstr "l'utente non è autorizzato a preservare l'ambiente" -#: plugins/sudoers/sudoers.c:609 +#: plugins/sudoers/sudoers.c:601 msgid "sorry, you are not allowed to preserve the environment" msgstr "non è consentito preservare l'ambiente" -#: plugins/sudoers/sudoers.c:945 +#: plugins/sudoers/sudoers.c:936 msgid "command too long" msgstr "comando troppo lungo" -#: plugins/sudoers/sudoers.c:1003 +#: plugins/sudoers/sudoers.c:973 msgid "sudoedit doesn't need to be run via sudo" msgstr "non è necessario eseguire sudoedit via sudo" -#: plugins/sudoers/sudoers.c:1057 plugins/sudoers/sudoreplay.c:1547 +#: plugins/sudoers/sudoers.c:1032 plugins/sudoers/sudoreplay.c:1547 #: plugins/sudoers/tsdump.c:138 #, c-format msgid "unable to read %s" msgstr "impossibile leggere %s" -#: plugins/sudoers/sudoers.c:1082 plugins/sudoers/visudo.c:432 -#: plugins/sudoers/visudo.c:726 +#: plugins/sudoers/sudoers.c:1057 plugins/sudoers/visudo.c:426 +#: plugins/sudoers/visudo.c:720 #, c-format msgid "unable to stat %s" msgstr "impossibile eseguire stat su %s" -#: plugins/sudoers/sudoers.c:1086 plugins/sudoers/visudo.c:1018 +#: plugins/sudoers/sudoers.c:1061 plugins/sudoers/visudo.c:1009 #, c-format msgid "%s is not a regular file" msgstr "%s non è un file regolare" -#: plugins/sudoers/sudoers.c:1090 plugins/sudoers/timestamp.c:252 toke.l:1112 +#: plugins/sudoers/sudoers.c:1065 plugins/sudoers/timestamp.c:252 toke.l:1138 #, c-format msgid "%s is owned by uid %u, should be %u" msgstr "%s è di proprietà dello uid %u, dovrebbe essere %u" -#: plugins/sudoers/sudoers.c:1094 toke.l:1117 +#: plugins/sudoers/sudoers.c:1069 toke.l:1143 #, c-format msgid "%s is world writable" msgstr "%s è scrivibile da tutti" -#: plugins/sudoers/sudoers.c:1098 toke.l:1120 +#: plugins/sudoers/sudoers.c:1073 toke.l:1146 #, c-format msgid "%s is owned by gid %u, should be %u" msgstr "%s è di proprietà del gid %u, dovrebbe essere %u" -#: plugins/sudoers/sudoers.c:1131 +#: plugins/sudoers/sudoers.c:1106 #, c-format msgid "only root can use \"-c %s\"" msgstr "solo root può usare \"-c %s\"" -#: plugins/sudoers/sudoers.c:1150 +#: plugins/sudoers/sudoers.c:1125 #, c-format msgid "unknown login class: %s" msgstr "classe di login sconosciuta: %s" -#: plugins/sudoers/sudoers.c:1235 plugins/sudoers/sudoers.c:1250 +#: plugins/sudoers/sudoers.c:1211 plugins/sudoers/sudoers.c:1226 #, c-format msgid "unable to resolve host %s" msgstr "impossibile risolvere l'host %s" @@ -2813,11 +3017,11 @@ " -s, --speed=NUME Velocizza o rallenta l'output\n" " -V, --version Visualizza la versione ed esce" -#: plugins/sudoers/testsudoers.c:348 +#: plugins/sudoers/testsudoers.c:344 msgid "\thost unmatched" msgstr "\thost non corrispondente" -#: plugins/sudoers/testsudoers.c:351 +#: plugins/sudoers/testsudoers.c:347 msgid "" "\n" "Command allowed" @@ -2825,7 +3029,7 @@ "\n" "Comando consentito" -#: plugins/sudoers/testsudoers.c:352 +#: plugins/sudoers/testsudoers.c:348 msgid "" "\n" "Command denied" @@ -2833,7 +3037,7 @@ "\n" "Comando negato" -#: plugins/sudoers/testsudoers.c:352 +#: plugins/sudoers/testsudoers.c:348 msgid "" "\n" "Command unmatched" @@ -2846,121 +3050,121 @@ msgid "%s is group writable" msgstr "%s è scrivibile da tutti" -#: plugins/sudoers/timestamp.c:336 plugins/sudoers/timestamp.c:680 +#: plugins/sudoers/timestamp.c:328 plugins/sudoers/timestamp.c:663 #, c-format msgid "unable to truncate time stamp file to %lld bytes" msgstr "impossibile troncare il file della marcatura temporale a %lld byte" -#: plugins/sudoers/timestamp.c:866 +#: plugins/sudoers/timestamp.c:860 msgid "ignoring time stamp from the future" msgstr "marcatura temporale dal futuro ignorata" -#: plugins/sudoers/timestamp.c:889 +#: plugins/sudoers/timestamp.c:883 #, c-format msgid "time stamp too far in the future: %20.20s" msgstr "marcatura temporale troppo avanti nel tempo: %20.20s" -#: plugins/sudoers/timestamp.c:1011 +#: plugins/sudoers/timestamp.c:1005 #, c-format msgid "unable to lock time stamp file %s" msgstr "impossibile bloccare il file della marcatura temporale %s" -#: plugins/sudoers/timestamp.c:1055 plugins/sudoers/timestamp.c:1075 +#: plugins/sudoers/timestamp.c:1049 plugins/sudoers/timestamp.c:1069 #, c-format msgid "lecture status path too long: %s/%s" -msgstr "percorso marcatura temporale troppo lungo: %s %s" +msgstr "percorso dello stato della lezione troppo lungo: %s %s" -#: plugins/sudoers/toke_util.c:124 +#: plugins/sudoers/toke_util.c:150 msgid "sudoedit should not be specified with a path" msgstr "sudoedit non dovrebbe essere specificato con un percorso" -#: plugins/sudoers/visudo.c:226 +#: plugins/sudoers/visudo.c:224 msgid "the -x option will be removed in a future release" msgstr "l'opzione -x verrà rimossa in una prossima versione" -#: plugins/sudoers/visudo.c:228 +#: plugins/sudoers/visudo.c:226 msgid "please consider using the cvtsudoers utility instead" msgstr "utilizzare lo strumento cvtsudoers al suo posto" -#: plugins/sudoers/visudo.c:279 plugins/sudoers/visudo.c:659 +#: plugins/sudoers/visudo.c:277 plugins/sudoers/visudo.c:653 #, c-format msgid "press return to edit %s: " msgstr "premere Invio per modificare %s: " -#: plugins/sudoers/visudo.c:340 +#: plugins/sudoers/visudo.c:338 #, c-format msgid "specified editor (%s) doesn't exist" msgstr "l'editor specificato (%s) non esiste" -#: plugins/sudoers/visudo.c:342 +#: plugins/sudoers/visudo.c:340 #, c-format msgid "no editor found (editor path = %s)" msgstr "nessun editor trovato (percorso dell'editor = %s)" -#: plugins/sudoers/visudo.c:452 plugins/sudoers/visudo.c:460 +#: plugins/sudoers/visudo.c:446 plugins/sudoers/visudo.c:454 msgid "write error" msgstr "errore di scrittura" -#: plugins/sudoers/visudo.c:506 +#: plugins/sudoers/visudo.c:500 #, c-format msgid "unable to stat temporary file (%s), %s unchanged" msgstr "impossibile eseguire stat sul file temporaneo (%s), %s non modificato" -#: plugins/sudoers/visudo.c:513 +#: plugins/sudoers/visudo.c:507 #, c-format msgid "zero length temporary file (%s), %s unchanged" msgstr "file temporaneo di lunghezza pari a zero (%s), %s non modificato" -#: plugins/sudoers/visudo.c:519 +#: plugins/sudoers/visudo.c:513 #, c-format msgid "editor (%s) failed, %s unchanged" msgstr "editor (%s) non riuscito, %s non modificato" -#: plugins/sudoers/visudo.c:541 +#: plugins/sudoers/visudo.c:535 #, c-format msgid "%s unchanged" msgstr "%s non modificato" -#: plugins/sudoers/visudo.c:598 +#: plugins/sudoers/visudo.c:592 #, c-format msgid "unable to re-open temporary file (%s), %s unchanged." msgstr "impossibile riaprire il file temporaneo (%s), %s non modificato." -#: plugins/sudoers/visudo.c:610 +#: plugins/sudoers/visudo.c:604 #, c-format msgid "unable to parse temporary file (%s), unknown error" msgstr "impossibile analizzare il file temporaneo (%s), errore sconosciuto" -#: plugins/sudoers/visudo.c:648 +#: plugins/sudoers/visudo.c:642 #, c-format msgid "internal error, unable to find %s in list!" msgstr "errore interno, impossibile trovare %s nell'elenco." -#: plugins/sudoers/visudo.c:728 plugins/sudoers/visudo.c:737 +#: plugins/sudoers/visudo.c:722 plugins/sudoers/visudo.c:731 #, c-format msgid "unable to set (uid, gid) of %s to (%u, %u)" msgstr "impossibile impostare (uid, gid) di %s a (%u, %u)" -#: plugins/sudoers/visudo.c:760 +#: plugins/sudoers/visudo.c:754 #, c-format msgid "%s and %s not on the same file system, using mv to rename" msgstr "%s e %s non sono sullo stesso file system, viene usato \"mv\" per rinominare" -#: plugins/sudoers/visudo.c:774 +#: plugins/sudoers/visudo.c:765 #, c-format msgid "command failed: '%s %s %s', %s unchanged" msgstr "comando non riuscito: \"%s %s %s\", %s non modificato" -#: plugins/sudoers/visudo.c:784 +#: plugins/sudoers/visudo.c:775 #, c-format msgid "error renaming %s, %s unchanged" msgstr "errore nel rinominare %s, %s non è stato modificato" -#: plugins/sudoers/visudo.c:805 +#: plugins/sudoers/visudo.c:796 msgid "What now? " msgstr "Che fare ora? " -#: plugins/sudoers/visudo.c:819 +#: plugins/sudoers/visudo.c:810 msgid "" "Options are:\n" " (e)dit sudoers file again\n" @@ -2972,73 +3176,53 @@ " (x) Esce senza salvare le modifiche al file sudoers\n" " (Q) Esce e salva le modifiche al file sudoers (pericoloso)\n" -#: plugins/sudoers/visudo.c:865 +#: plugins/sudoers/visudo.c:856 #, c-format msgid "unable to run %s" msgstr "impossibile avviare %s" -#: plugins/sudoers/visudo.c:895 +#: plugins/sudoers/visudo.c:886 #, c-format msgid "%s: wrong owner (uid, gid) should be (%u, %u)\n" msgstr "%s: proprietario errato (uid, gid), dovrebbe essere (%u, %u)\n" -#: plugins/sudoers/visudo.c:902 +#: plugins/sudoers/visudo.c:893 #, c-format msgid "%s: bad permissions, should be mode 0%o\n" msgstr "%s: permessi errati, dovrebbe avere modalità 0%o\n" -#: plugins/sudoers/visudo.c:951 plugins/sudoers/visudo.c:958 +#: plugins/sudoers/visudo.c:942 plugins/sudoers/visudo.c:949 #, c-format msgid "%s: parsed OK\n" msgstr "%s: analisi effettuata correttamente\n" -#: plugins/sudoers/visudo.c:977 +#: plugins/sudoers/visudo.c:968 #, c-format msgid "%s busy, try again later" msgstr "%s occupato, riprovare" -#: plugins/sudoers/visudo.c:980 +#: plugins/sudoers/visudo.c:971 #, c-format msgid "unable to lock %s" msgstr "impossibile bloccare %s" -#: plugins/sudoers/visudo.c:981 +#: plugins/sudoers/visudo.c:972 msgid "Edit anyway? [y/N]" msgstr "Modificare comunque? [y/N]" -#: plugins/sudoers/visudo.c:1091 -#, c-format -msgid "Error: %s:%d:%d: cycle in %s \"%s\"" -msgstr "Errore: %s:%d:%d: ciclo in %s \"%s\"" - -#: plugins/sudoers/visudo.c:1092 -#, c-format -msgid "Warning: %s:%d:%d: cycle in %s \"%s\"" -msgstr "Attenzione: %s:%d:%d: ciclo in %s \"%s\"" - -#: plugins/sudoers/visudo.c:1096 -#, c-format -msgid "Error: %s:%d:%d: %s \"%s\" referenced but not defined" -msgstr "Errore: %1$s:%2$d:%3$d: riferimento a \"%5$s\" %4$s, ma non definito" - -#: plugins/sudoers/visudo.c:1097 -#, c-format -msgid "Warning: %s:%d:%d: %s \"%s\" referenced but not defined" -msgstr "Attenzione: %1$s:%2$d:%3$d: riferimento a \"%5$s\" %4$s, ma non definito" - -#: plugins/sudoers/visudo.c:1188 +#: plugins/sudoers/visudo.c:1067 #, c-format msgid "Warning: %s:%d:%d: unused %s \"%s\"" msgstr "Attenzione: %s:%d:%d: inutilizzato %s \"%s\"" -#: plugins/sudoers/visudo.c:1303 +#: plugins/sudoers/visudo.c:1183 #, c-format msgid "" "%s - safely edit the sudoers file\n" "\n" msgstr "%s - Modifica in sicurezza il file sudoers\n" -#: plugins/sudoers/visudo.c:1305 +#: plugins/sudoers/visudo.c:1185 msgid "" "\n" "Options:\n" @@ -3058,30 +3242,30 @@ " -s, --strict Verifica precisa della sintassi\n" " -V, --version Visualizza la versione ed esce\n" -#: toke.l:179 +#: toke.l:187 msgid "empty string" msgstr "stringa vuota" -#: toke.l:189 toke.l:491 +#: toke.l:199 toke.l:503 msgid "empty group" msgstr "gruppo vuoto" -#: toke.l:197 toke.l:489 +#: toke.l:209 toke.l:501 msgid "empty netgroup" msgstr "netgroup vuoto" -#: toke.l:293 toke.l:305 toke.l:317 toke.l:333 toke.l:352 toke.l:392 +#: toke.l:305 toke.l:317 toke.l:329 toke.l:345 toke.l:364 toke.l:404 msgid "invalid line continuation" msgstr "continuazione riga non valida" -#: toke.l:528 toke.l:540 +#: toke.l:540 toke.l:552 msgid "invalid IPv6 address" msgstr "indirizzo IPv6 non valido" -#: toke.l:764 +#: toke.l:779 msgid "unexpected line break in string" msgstr "interruzione riga non attesa nella stringa" -#: toke.l:1084 +#: toke.l:1109 msgid "too many levels of includes" msgstr "troppi livelli di inclusioni" Binary files /tmp/tmpi0rdlgnl/ugezXHF7Xt/sudo-1.9.5p2/plugins/sudoers/po/ja.mo and /tmp/tmpi0rdlgnl/jboyaHmwzR/sudo-1.9.9/plugins/sudoers/po/ja.mo differ diff -Nru sudo-1.9.5p2/plugins/sudoers/po/ja.po sudo-1.9.9/plugins/sudoers/po/ja.po --- sudo-1.9.5p2/plugins/sudoers/po/ja.po 2020-12-17 01:33:44.000000000 +0000 +++ sudo-1.9.9/plugins/sudoers/po/ja.po 2022-01-27 21:24:22.000000000 +0000 @@ -1,13 +1,13 @@ # Japanese messages for sudoers # This file is put in the public domain. # Yasuaki Taniguchi , 2011. -# Takeshi Hamasaki , 2012, 2015, 2016, 2017, 2018, 2019, 2020. +# Takeshi Hamasaki , 2012, 2015, 2016, 2017, 2018, 2019, 2020, 2021. msgid "" msgstr "" -"Project-Id-Version: sudoers 1.9.4b1\n" +"Project-Id-Version: sudoers 1.9.9b1\n" "Report-Msgid-Bugs-To: https://bugzilla.sudo.ws\n" -"POT-Creation-Date: 2020-11-14 06:24-0700\n" -"PO-Revision-Date: 2020-11-26 22:10+0900\n" +"POT-Creation-Date: 2021-12-08 10:19-0700\n" +"PO-Revision-Date: 2021-12-22 20:17+0900\n" "Last-Translator: Takeshi Hamasaki \n" "Language-Team: Japanese \n" "Language: ja\n" @@ -16,11 +16,11 @@ "Content-Transfer-Encoding: 8bit\n" "X-Bugs: Report translation errors to the Language-Team address.\n" "Plural-Forms: nplurals=1; plural=0;\n" -"X-Poedit-Basepath: sudo-1.9.3b1\n" -"X-Generator: Poedit 2.2.1\n" +"X-Poedit-Basepath: sudo-1.9.9b1\n" +"X-Generator: Poedit 2.4.2\n" "X-Poedit-SearchPath-0: .\n" -#: confstr.sh:1 gram.y:1077 +#: confstr.sh:1 gram.y:1201 msgid "syntax error" msgstr "構文エラー" @@ -44,868 +44,1298 @@ msgid "Sorry, try again." msgstr "残念、また試してください。" -#: gram.y:220 gram.y:286 gram.y:293 gram.y:300 gram.y:307 gram.y:314 -#: gram.y:334 gram.y:358 gram.y:365 gram.y:372 gram.y:379 gram.y:386 -#: gram.y:455 gram.y:464 gram.y:475 gram.y:510 gram.y:517 gram.y:524 -#: gram.y:531 gram.y:558 gram.y:654 gram.y:661 gram.y:670 gram.y:679 -#: gram.y:696 gram.y:834 gram.y:841 gram.y:849 gram.y:855 gram.y:971 -#: gram.y:978 gram.y:985 gram.y:992 gram.y:999 gram.y:1025 gram.y:1032 -#: gram.y:1039 gram.y:1236 gram.y:1526 lib/eventlog/eventlog.c:280 -#: lib/eventlog/eventlog.c:352 lib/eventlog/eventlog.c:753 -#: lib/eventlog/eventlog.c:817 lib/eventlog/eventlog.c:1062 -#: lib/iolog/iolog_fileio.c:998 lib/iolog/iolog_json.c:120 -#: lib/iolog/iolog_json.c:305 lib/iolog/iolog_json.c:335 -#: lib/iolog/iolog_json.c:457 lib/iolog/iolog_util.c:106 -#: lib/iolog/iolog_util.c:115 lib/iolog/iolog_util.c:125 -#: lib/iolog/iolog_util.c:133 lib/iolog/iolog_util.c:137 -#: lib/iolog/iolog_util.c:196 logsrvd/sendlog.c:480 -#: plugins/sudoers/alias.c:126 plugins/sudoers/alias.c:134 -#: plugins/sudoers/alias.c:153 plugins/sudoers/audit.c:115 -#: plugins/sudoers/audit.c:210 plugins/sudoers/auth/bsdauth.c:143 -#: plugins/sudoers/auth/kerb5.c:118 plugins/sudoers/auth/kerb5.c:144 -#: plugins/sudoers/auth/pam.c:669 plugins/sudoers/auth/rfc1938.c:111 -#: plugins/sudoers/auth/sia.c:59 plugins/sudoers/cvtsudoers.c:119 -#: plugins/sudoers/cvtsudoers.c:160 plugins/sudoers/cvtsudoers.c:177 -#: plugins/sudoers/cvtsudoers.c:188 plugins/sudoers/cvtsudoers.c:300 -#: plugins/sudoers/cvtsudoers.c:428 plugins/sudoers/cvtsudoers.c:561 -#: plugins/sudoers/cvtsudoers.c:578 plugins/sudoers/cvtsudoers.c:641 -#: plugins/sudoers/cvtsudoers.c:756 plugins/sudoers/cvtsudoers.c:764 -#: plugins/sudoers/cvtsudoers.c:1178 plugins/sudoers/cvtsudoers.c:1182 -#: plugins/sudoers/cvtsudoers.c:1284 plugins/sudoers/cvtsudoers_json.c:76 +#: gram.y:233 gram.y:300 gram.y:309 gram.y:318 gram.y:328 gram.y:338 +#: gram.y:362 gram.y:389 gram.y:398 gram.y:406 gram.y:415 gram.y:424 +#: gram.y:498 gram.y:508 gram.y:520 gram.y:564 gram.y:573 gram.y:582 +#: gram.y:591 gram.y:718 gram.y:726 gram.y:737 gram.y:749 gram.y:768 +#: gram.y:923 gram.y:928 gram.y:936 gram.y:950 gram.y:956 gram.y:1078 +#: gram.y:1087 gram.y:1095 gram.y:1104 gram.y:1113 gram.y:1142 gram.y:1151 +#: gram.y:1159 gram.y:1249 gram.y:1377 gram.y:1744 gram.y:1794 +#: lib/eventlog/eventlog.c:309 lib/eventlog/eventlog.c:382 +#: lib/eventlog/eventlog.c:804 lib/eventlog/eventlog.c:881 +#: lib/eventlog/eventlog.c:1176 lib/iolog/iolog_json.c:150 +#: lib/iolog/iolog_json.c:382 lib/iolog/iolog_json.c:412 +#: lib/iolog/iolog_json.c:555 lib/iolog/iolog_legacy.c:100 +#: lib/iolog/iolog_legacy.c:111 lib/iolog/iolog_legacy.c:123 +#: lib/iolog/iolog_legacy.c:133 lib/iolog/iolog_legacy.c:139 +#: lib/iolog/iolog_loginfo.c:76 lib/iolog/iolog_loginfo.c:211 +#: logsrvd/iolog_writer.c:84 logsrvd/iolog_writer.c:89 +#: logsrvd/iolog_writer.c:123 logsrvd/iolog_writer.c:172 +#: logsrvd/iolog_writer.c:212 logsrvd/iolog_writer.c:225 +#: logsrvd/iolog_writer.c:261 logsrvd/iolog_writer.c:286 +#: logsrvd/iolog_writer.c:301 logsrvd/iolog_writer.c:314 +#: logsrvd/iolog_writer.c:327 logsrvd/iolog_writer.c:340 +#: logsrvd/iolog_writer.c:355 logsrvd/iolog_writer.c:393 +#: logsrvd/iolog_writer.c:399 logsrvd/iolog_writer.c:406 +#: logsrvd/iolog_writer.c:412 logsrvd/iolog_writer.c:596 +#: logsrvd/logsrv_util.c:64 logsrvd/logsrvd.c:296 logsrvd/logsrvd.c:305 +#: logsrvd/logsrvd.c:1011 logsrvd/logsrvd.c:1073 logsrvd/logsrvd_conf.c:1360 +#: logsrvd/logsrvd_journal.c:70 logsrvd/logsrvd_journal.c:203 +#: logsrvd/logsrvd_journal.c:204 logsrvd/logsrvd_journal.c:260 +#: logsrvd/logsrvd_journal.c:425 logsrvd/logsrvd_journal.c:427 +#: logsrvd/logsrvd_local.c:174 logsrvd/logsrvd_local.c:175 +#: logsrvd/logsrvd_local.c:237 logsrvd/logsrvd_local.c:238 +#: logsrvd/logsrvd_local.c:376 logsrvd/logsrvd_local.c:425 +#: logsrvd/logsrvd_local.c:426 logsrvd/logsrvd_local.c:431 +#: logsrvd/logsrvd_local.c:432 logsrvd/logsrvd_queue.c:154 +#: logsrvd/logsrvd_queue.c:184 logsrvd/logsrvd_queue.c:261 +#: logsrvd/logsrvd_relay.c:439 logsrvd/logsrvd_relay.c:738 +#: logsrvd/logsrvd_relay.c:843 logsrvd/sendlog.c:246 logsrvd/sendlog.c:255 +#: logsrvd/sendlog.c:333 logsrvd/sendlog.c:640 plugins/sudoers/audit.c:116 +#: plugins/sudoers/auth/bsdauth.c:147 plugins/sudoers/auth/kerb5.c:118 +#: plugins/sudoers/auth/kerb5.c:146 plugins/sudoers/auth/pam.c:689 +#: plugins/sudoers/auth/rfc1938.c:111 plugins/sudoers/auth/sia.c:59 +#: plugins/sudoers/check_aliases.c:134 plugins/sudoers/cvtsudoers.c:131 +#: plugins/sudoers/cvtsudoers.c:175 plugins/sudoers/cvtsudoers.c:192 +#: plugins/sudoers/cvtsudoers.c:203 plugins/sudoers/cvtsudoers.c:333 +#: plugins/sudoers/cvtsudoers.c:372 plugins/sudoers/cvtsudoers.c:392 +#: plugins/sudoers/cvtsudoers.c:534 plugins/sudoers/cvtsudoers.c:667 +#: plugins/sudoers/cvtsudoers.c:685 plugins/sudoers/cvtsudoers.c:755 +#: plugins/sudoers/cvtsudoers.c:870 plugins/sudoers/cvtsudoers.c:878 +#: plugins/sudoers/cvtsudoers.c:1373 plugins/sudoers/cvtsudoers.c:1377 +#: plugins/sudoers/cvtsudoers.c:1479 plugins/sudoers/cvtsudoers_csv.c:183 +#: plugins/sudoers/cvtsudoers_csv.c:246 plugins/sudoers/cvtsudoers_json.c:76 #: plugins/sudoers/cvtsudoers_ldif.c:151 plugins/sudoers/cvtsudoers_ldif.c:194 #: plugins/sudoers/cvtsudoers_ldif.c:235 plugins/sudoers/cvtsudoers_ldif.c:300 -#: plugins/sudoers/cvtsudoers_ldif.c:371 plugins/sudoers/cvtsudoers_ldif.c:421 -#: plugins/sudoers/cvtsudoers_ldif.c:429 plugins/sudoers/cvtsudoers_ldif.c:440 -#: plugins/sudoers/cvtsudoers_ldif.c:447 plugins/sudoers/cvtsudoers_ldif.c:460 -#: plugins/sudoers/cvtsudoers_ldif.c:468 plugins/sudoers/cvtsudoers_ldif.c:615 -#: plugins/sudoers/defaults.c:630 plugins/sudoers/defaults.c:923 -#: plugins/sudoers/defaults.c:1098 plugins/sudoers/editor.c:181 -#: plugins/sudoers/env.c:261 plugins/sudoers/exptilde.c:92 -#: plugins/sudoers/filedigest.c:54 plugins/sudoers/filedigest.c:70 -#: plugins/sudoers/gc.c:56 plugins/sudoers/group_plugin.c:133 -#: plugins/sudoers/interfaces.c:72 plugins/sudoers/iolog.c:596 -#: plugins/sudoers/iolog.c:613 plugins/sudoers/ldap.c:184 -#: plugins/sudoers/ldap.c:422 plugins/sudoers/ldap.c:432 -#: plugins/sudoers/ldap.c:437 plugins/sudoers/ldap.c:441 -#: plugins/sudoers/ldap.c:453 plugins/sudoers/ldap.c:744 -#: plugins/sudoers/ldap.c:908 plugins/sudoers/ldap.c:1281 -#: plugins/sudoers/ldap.c:1709 plugins/sudoers/ldap.c:1746 -#: plugins/sudoers/ldap.c:1827 plugins/sudoers/ldap.c:1962 -#: plugins/sudoers/ldap.c:2063 plugins/sudoers/ldap.c:2079 -#: plugins/sudoers/ldap_conf.c:218 plugins/sudoers/ldap_conf.c:249 -#: plugins/sudoers/ldap_conf.c:301 plugins/sudoers/ldap_conf.c:337 -#: plugins/sudoers/ldap_conf.c:441 plugins/sudoers/ldap_conf.c:456 -#: plugins/sudoers/ldap_conf.c:553 plugins/sudoers/ldap_conf.c:586 -#: plugins/sudoers/ldap_conf.c:678 plugins/sudoers/ldap_conf.c:760 -#: plugins/sudoers/ldap_util.c:326 plugins/sudoers/ldap_util.c:333 -#: plugins/sudoers/ldap_util.c:603 plugins/sudoers/linux_audit.c:84 -#: plugins/sudoers/log_client.c:105 plugins/sudoers/log_client.c:381 -#: plugins/sudoers/log_client.c:688 plugins/sudoers/log_client.c:706 -#: plugins/sudoers/log_client.c:1407 plugins/sudoers/log_client.c:1620 -#: plugins/sudoers/log_client.c:1942 plugins/sudoers/log_client.c:1999 -#: plugins/sudoers/logging.c:100 plugins/sudoers/logging.c:166 -#: plugins/sudoers/logging.c:426 plugins/sudoers/logging.c:446 -#: plugins/sudoers/logging.c:527 plugins/sudoers/match_command.c:281 -#: plugins/sudoers/match_command.c:449 plugins/sudoers/match_command.c:499 -#: plugins/sudoers/match_command.c:573 plugins/sudoers/match_digest.c:93 -#: plugins/sudoers/parse.c:199 plugins/sudoers/parse.c:213 -#: plugins/sudoers/parse.c:230 plugins/sudoers/parse.c:244 -#: plugins/sudoers/parse.c:264 plugins/sudoers/parse.c:275 +#: plugins/sudoers/cvtsudoers_ldif.c:376 plugins/sudoers/cvtsudoers_ldif.c:430 +#: plugins/sudoers/cvtsudoers_ldif.c:438 plugins/sudoers/cvtsudoers_ldif.c:449 +#: plugins/sudoers/cvtsudoers_ldif.c:456 plugins/sudoers/cvtsudoers_ldif.c:469 +#: plugins/sudoers/cvtsudoers_ldif.c:477 plugins/sudoers/cvtsudoers_ldif.c:624 +#: plugins/sudoers/cvtsudoers_merge.c:246 +#: plugins/sudoers/cvtsudoers_merge.c:292 +#: plugins/sudoers/cvtsudoers_merge.c:339 +#: plugins/sudoers/cvtsudoers_merge.c:360 +#: plugins/sudoers/cvtsudoers_merge.c:446 +#: plugins/sudoers/cvtsudoers_merge.c:457 +#: plugins/sudoers/cvtsudoers_merge.c:526 +#: plugins/sudoers/cvtsudoers_merge.c:696 +#: plugins/sudoers/cvtsudoers_merge.c:704 +#: plugins/sudoers/cvtsudoers_merge.c:927 +#: plugins/sudoers/cvtsudoers_merge.c:962 plugins/sudoers/defaults.c:665 +#: plugins/sudoers/defaults.c:1019 plugins/sudoers/defaults.c:1206 +#: plugins/sudoers/editor.c:190 plugins/sudoers/env.c:262 +#: plugins/sudoers/exptilde.c:92 plugins/sudoers/filedigest.c:54 +#: plugins/sudoers/filedigest.c:70 plugins/sudoers/gc.c:57 +#: plugins/sudoers/group_plugin.c:133 plugins/sudoers/interfaces.c:68 +#: plugins/sudoers/iolog.c:609 plugins/sudoers/iolog.c:635 +#: plugins/sudoers/ldap.c:184 plugins/sudoers/ldap.c:422 +#: plugins/sudoers/ldap.c:432 plugins/sudoers/ldap.c:437 +#: plugins/sudoers/ldap.c:441 plugins/sudoers/ldap.c:453 +#: plugins/sudoers/ldap.c:749 plugins/sudoers/ldap.c:913 +#: plugins/sudoers/ldap.c:1286 plugins/sudoers/ldap.c:1712 +#: plugins/sudoers/ldap.c:1749 plugins/sudoers/ldap.c:1830 +#: plugins/sudoers/ldap.c:1965 plugins/sudoers/ldap.c:2066 +#: plugins/sudoers/ldap.c:2082 plugins/sudoers/ldap_conf.c:218 +#: plugins/sudoers/ldap_conf.c:249 plugins/sudoers/ldap_conf.c:301 +#: plugins/sudoers/ldap_conf.c:337 plugins/sudoers/ldap_conf.c:441 +#: plugins/sudoers/ldap_conf.c:456 plugins/sudoers/ldap_conf.c:553 +#: plugins/sudoers/ldap_conf.c:586 plugins/sudoers/ldap_conf.c:678 +#: plugins/sudoers/ldap_conf.c:760 plugins/sudoers/ldap_util.c:293 +#: plugins/sudoers/ldap_util.c:300 plugins/sudoers/ldap_util.c:613 +#: plugins/sudoers/linux_audit.c:86 plugins/sudoers/log_client.c:112 +#: plugins/sudoers/log_client.c:390 plugins/sudoers/log_client.c:703 +#: plugins/sudoers/log_client.c:724 plugins/sudoers/log_client.c:1444 +#: plugins/sudoers/log_client.c:1662 plugins/sudoers/log_client.c:1989 +#: plugins/sudoers/log_client.c:2046 plugins/sudoers/logging.c:104 +#: plugins/sudoers/logging.c:184 plugins/sudoers/logging.c:468 +#: plugins/sudoers/logging.c:488 plugins/sudoers/logging.c:627 +#: plugins/sudoers/match_command.c:297 plugins/sudoers/match_command.c:497 +#: plugins/sudoers/match_command.c:546 plugins/sudoers/match_command.c:618 +#: plugins/sudoers/match_command.c:666 plugins/sudoers/match_digest.c:93 +#: plugins/sudoers/parse.c:201 plugins/sudoers/parse.c:218 +#: plugins/sudoers/parse.c:250 plugins/sudoers/parse.c:267 +#: plugins/sudoers/parse.c:290 plugins/sudoers/parse.c:301 #: plugins/sudoers/parse_ldif.c:153 plugins/sudoers/parse_ldif.c:184 -#: plugins/sudoers/parse_ldif.c:253 plugins/sudoers/parse_ldif.c:260 -#: plugins/sudoers/parse_ldif.c:265 plugins/sudoers/parse_ldif.c:341 -#: plugins/sudoers/parse_ldif.c:352 plugins/sudoers/parse_ldif.c:379 -#: plugins/sudoers/parse_ldif.c:396 plugins/sudoers/parse_ldif.c:408 -#: plugins/sudoers/parse_ldif.c:412 plugins/sudoers/parse_ldif.c:426 -#: plugins/sudoers/parse_ldif.c:594 plugins/sudoers/parse_ldif.c:624 -#: plugins/sudoers/parse_ldif.c:649 plugins/sudoers/parse_ldif.c:707 -#: plugins/sudoers/parse_ldif.c:724 plugins/sudoers/parse_ldif.c:752 -#: plugins/sudoers/parse_ldif.c:759 plugins/sudoers/policy.c:526 -#: plugins/sudoers/policy.c:874 plugins/sudoers/prompt.c:93 -#: plugins/sudoers/pwutil.c:194 plugins/sudoers/pwutil.c:265 -#: plugins/sudoers/pwutil.c:343 plugins/sudoers/pwutil.c:517 -#: plugins/sudoers/pwutil.c:581 plugins/sudoers/pwutil.c:652 -#: plugins/sudoers/pwutil.c:811 plugins/sudoers/pwutil.c:867 -#: plugins/sudoers/pwutil.c:911 plugins/sudoers/pwutil.c:968 -#: plugins/sudoers/sssd.c:145 plugins/sudoers/sssd.c:407 -#: plugins/sudoers/sssd.c:470 plugins/sudoers/sssd.c:514 -#: plugins/sudoers/sssd.c:561 plugins/sudoers/sssd.c:754 -#: plugins/sudoers/stubs.c:110 plugins/sudoers/stubs.c:118 -#: plugins/sudoers/sudoers.c:300 plugins/sudoers/sudoers.c:326 -#: plugins/sudoers/sudoers.c:370 plugins/sudoers/sudoers.c:381 -#: plugins/sudoers/sudoers.c:391 plugins/sudoers/sudoers.c:433 -#: plugins/sudoers/sudoers.c:794 plugins/sudoers/sudoers.c:927 -#: plugins/sudoers/sudoers.c:961 plugins/sudoers/sudoers.c:1265 -#: plugins/sudoers/sudoreplay.c:552 plugins/sudoers/sudoreplay.c:555 -#: plugins/sudoers/sudoreplay.c:1259 plugins/sudoers/sudoreplay.c:1469 -#: plugins/sudoers/sudoreplay.c:1473 plugins/sudoers/testsudoers.c:128 -#: plugins/sudoers/testsudoers.c:228 plugins/sudoers/testsudoers.c:245 -#: plugins/sudoers/testsudoers.c:587 plugins/sudoers/timestamp.c:432 -#: plugins/sudoers/timestamp.c:476 plugins/sudoers/timestamp.c:986 -#: plugins/sudoers/toke_util.c:51 plugins/sudoers/toke_util.c:104 -#: plugins/sudoers/toke_util.c:129 plugins/sudoers/toke_util.c:157 -#: plugins/sudoers/tsdump.c:123 plugins/sudoers/visudo.c:145 -#: plugins/sudoers/visudo.c:323 plugins/sudoers/visudo.c:329 -#: plugins/sudoers/visudo.c:439 plugins/sudoers/visudo.c:615 -#: plugins/sudoers/visudo.c:935 plugins/sudoers/visudo.c:1008 -#: plugins/sudoers/visudo.c:1129 toke.l:913 toke.l:1033 toke.l:1091 +#: plugins/sudoers/parse_ldif.c:253 plugins/sudoers/parse_ldif.c:261 +#: plugins/sudoers/parse_ldif.c:266 plugins/sudoers/parse_ldif.c:342 +#: plugins/sudoers/parse_ldif.c:353 plugins/sudoers/parse_ldif.c:380 +#: plugins/sudoers/parse_ldif.c:397 plugins/sudoers/parse_ldif.c:409 +#: plugins/sudoers/parse_ldif.c:413 plugins/sudoers/parse_ldif.c:427 +#: plugins/sudoers/parse_ldif.c:484 plugins/sudoers/parse_ldif.c:597 +#: plugins/sudoers/parse_ldif.c:627 plugins/sudoers/parse_ldif.c:652 +#: plugins/sudoers/parse_ldif.c:710 plugins/sudoers/parse_ldif.c:727 +#: plugins/sudoers/parse_ldif.c:755 plugins/sudoers/parse_ldif.c:762 +#: plugins/sudoers/policy.c:564 plugins/sudoers/policy.c:978 +#: plugins/sudoers/prompt.c:93 plugins/sudoers/pwutil.c:199 +#: plugins/sudoers/pwutil.c:270 plugins/sudoers/pwutil.c:348 +#: plugins/sudoers/pwutil.c:522 plugins/sudoers/pwutil.c:587 +#: plugins/sudoers/pwutil.c:659 plugins/sudoers/pwutil.c:857 +#: plugins/sudoers/pwutil.c:913 plugins/sudoers/pwutil.c:957 +#: plugins/sudoers/pwutil.c:1014 plugins/sudoers/sssd.c:145 +#: plugins/sudoers/sssd.c:407 plugins/sudoers/sssd.c:470 +#: plugins/sudoers/sssd.c:514 plugins/sudoers/sssd.c:558 +#: plugins/sudoers/sssd.c:751 plugins/sudoers/strvec_join.c:53 +#: plugins/sudoers/stubs.c:111 plugins/sudoers/stubs.c:119 +#: plugins/sudoers/sudoers.c:335 plugins/sudoers/sudoers.c:361 +#: plugins/sudoers/sudoers.c:429 plugins/sudoers/sudoers.c:438 +#: plugins/sudoers/sudoers.c:479 plugins/sudoers/sudoers.c:842 +#: plugins/sudoers/sudoers.c:980 plugins/sudoers/sudoers.c:1039 +#: plugins/sudoers/sudoers.c:1305 plugins/sudoers/sudoreplay.c:562 +#: plugins/sudoers/sudoreplay.c:565 plugins/sudoers/sudoreplay.c:1280 +#: plugins/sudoers/sudoreplay.c:1500 plugins/sudoers/sudoreplay.c:1504 +#: plugins/sudoers/testsudoers.c:120 plugins/sudoers/testsudoers.c:224 +#: plugins/sudoers/testsudoers.c:241 plugins/sudoers/testsudoers.c:580 +#: plugins/sudoers/timestamp.c:424 plugins/sudoers/timestamp.c:468 +#: plugins/sudoers/timestamp.c:980 plugins/sudoers/timestamp.c:1118 +#: plugins/sudoers/toke_util.c:77 plugins/sudoers/toke_util.c:105 +#: plugins/sudoers/toke_util.c:130 plugins/sudoers/toke_util.c:155 +#: plugins/sudoers/toke_util.c:193 plugins/sudoers/tsdump.c:123 +#: plugins/sudoers/visudo.c:145 plugins/sudoers/visudo.c:344 +#: plugins/sudoers/visudo.c:350 plugins/sudoers/visudo.c:456 +#: plugins/sudoers/visudo.c:632 plugins/sudoers/visudo.c:962 +#: plugins/sudoers/visudo.c:1035 toke.l:944 toke.l:1076 toke.l:1147 msgid "unable to allocate memory" msgstr "メモリ割り当てを行えませんでした" -#: gram.y:552 +#: gram.y:615 msgid "a digest requires a path name" msgstr "認証方式にはパスが必要です" -#: gram.y:581 +#: gram.y:637 msgid "values for \"CWD\" must start with a '/', '~', or '*'" msgstr "\"CWD\" の値は '/', '~', または '*' で開始しなければいけません" -#: gram.y:593 +#: gram.y:643 +msgid "\"CWD\" path too long" +msgstr "\"CWD\" パスが長すぎます" + +#: gram.y:653 msgid "values for \"CHROOT\" must start with a '/', '~', or '*'" msgstr "\"CHROOT\" の値は '/', '~', または '*' で開始しなければいけません" -#: gram.y:715 +#: gram.y:659 +msgid "\"CHROOT\" path too long" +msgstr "\"CHROOT\" パスが長すぎます" + +#: gram.y:788 #, c-format msgid "syntax error, reserved word %s used as an alias name" msgstr "構文エラー、予約語 %s がエイリアス名に使われています" -#: gram.y:735 +#: gram.y:811 msgid "invalid notbefore value" msgstr "notbefore の値が無効です" -#: gram.y:743 +#: gram.y:820 msgid "invalid notafter value" msgstr "notafter の値が無効です" -#: gram.y:752 plugins/sudoers/policy.c:335 +#: gram.y:830 plugins/sudoers/policy.c:353 msgid "timeout value too large" msgstr "制限時間の値が大き過ぎます" -#: gram.y:754 plugins/sudoers/policy.c:337 +#: gram.y:832 plugins/sudoers/policy.c:355 msgid "invalid timeout value" msgstr "時間制限値が無効です" -#: gram.y:1079 +#: gram.y:946 plugins/sudoers/sudoers.c:998 +msgid "command too long" +msgstr "コマンド名が長すぎます" + +#: gram.y:1203 #, c-format msgid "%s:%d:%d: %s\n" msgstr "%s:%d:%d: %s\n" -#: gram.y:1526 lib/eventlog/eventlog.c:280 lib/eventlog/eventlog.c:753 -#: lib/eventlog/eventlog.c:815 lib/eventlog/eventlog.c:816 -#: lib/eventlog/eventlog.c:1062 lib/iolog/iolog_fileio.c:998 -#: lib/iolog/iolog_json.c:120 lib/iolog/iolog_json.c:304 -#: lib/iolog/iolog_json.c:335 lib/iolog/iolog_json.c:457 -#: lib/iolog/iolog_json.c:735 lib/iolog/iolog_util.c:106 -#: lib/iolog/iolog_util.c:115 lib/iolog/iolog_util.c:125 -#: lib/iolog/iolog_util.c:133 lib/iolog/iolog_util.c:137 -#: lib/iolog/iolog_util.c:196 logsrvd/logsrvd.c:1280 logsrvd/logsrvd.c:1293 -#: logsrvd/logsrvd.c:1338 logsrvd/sendlog.c:480 logsrvd/sendlog.c:1321 -#: logsrvd/sendlog.c:1328 logsrvd/sendlog.c:1746 plugins/sudoers/audit.c:115 -#: plugins/sudoers/audit.c:210 plugins/sudoers/auth/pam.c:482 -#: plugins/sudoers/auth/pam.c:669 plugins/sudoers/auth/rfc1938.c:111 -#: plugins/sudoers/cvtsudoers.c:119 plugins/sudoers/cvtsudoers.c:159 -#: plugins/sudoers/cvtsudoers.c:176 plugins/sudoers/cvtsudoers.c:187 -#: plugins/sudoers/cvtsudoers.c:299 plugins/sudoers/cvtsudoers.c:427 -#: plugins/sudoers/cvtsudoers.c:560 plugins/sudoers/cvtsudoers.c:577 -#: plugins/sudoers/cvtsudoers.c:641 plugins/sudoers/cvtsudoers.c:756 -#: plugins/sudoers/cvtsudoers.c:763 plugins/sudoers/cvtsudoers.c:1178 -#: plugins/sudoers/cvtsudoers.c:1182 plugins/sudoers/cvtsudoers.c:1284 +#: gram.y:1247 +#, c-format +msgid "Alias \"%s\" already defined" +msgstr "別名 \"%s\" はすでに定義されています" + +#: gram.y:1744 gram.y:1794 lib/eventlog/eventlog.c:309 +#: lib/eventlog/eventlog.c:804 lib/eventlog/eventlog.c:877 +#: lib/eventlog/eventlog.c:880 lib/eventlog/eventlog.c:1176 +#: lib/iolog/iolog_json.c:150 lib/iolog/iolog_json.c:381 +#: lib/iolog/iolog_json.c:412 lib/iolog/iolog_json.c:555 +#: lib/iolog/iolog_legacy.c:100 lib/iolog/iolog_legacy.c:111 +#: lib/iolog/iolog_legacy.c:123 lib/iolog/iolog_legacy.c:133 +#: lib/iolog/iolog_legacy.c:139 lib/iolog/iolog_loginfo.c:76 +#: lib/iolog/iolog_loginfo.c:211 logsrvd/iolog_writer.c:84 +#: logsrvd/iolog_writer.c:89 logsrvd/iolog_writer.c:123 +#: logsrvd/iolog_writer.c:162 logsrvd/iolog_writer.c:171 +#: logsrvd/iolog_writer.c:189 logsrvd/iolog_writer.c:211 +#: logsrvd/iolog_writer.c:224 logsrvd/iolog_writer.c:251 +#: logsrvd/iolog_writer.c:260 logsrvd/iolog_writer.c:276 +#: logsrvd/iolog_writer.c:285 logsrvd/iolog_writer.c:300 +#: logsrvd/iolog_writer.c:313 logsrvd/iolog_writer.c:326 +#: logsrvd/iolog_writer.c:339 logsrvd/iolog_writer.c:354 +#: logsrvd/iolog_writer.c:393 logsrvd/iolog_writer.c:399 +#: logsrvd/iolog_writer.c:406 logsrvd/iolog_writer.c:412 +#: logsrvd/iolog_writer.c:596 logsrvd/logsrv_util.c:64 logsrvd/logsrvd.c:296 +#: logsrvd/logsrvd.c:305 logsrvd/logsrvd.c:448 logsrvd/logsrvd.c:485 +#: logsrvd/logsrvd.c:593 logsrvd/logsrvd.c:1084 logsrvd/logsrvd.c:1400 +#: logsrvd/logsrvd.c:1406 logsrvd/logsrvd_conf.c:1360 +#: logsrvd/logsrvd_journal.c:70 logsrvd/logsrvd_journal.c:114 +#: logsrvd/logsrvd_journal.c:203 logsrvd/logsrvd_journal.c:233 +#: logsrvd/logsrvd_journal.c:237 logsrvd/logsrvd_journal.c:245 +#: logsrvd/logsrvd_journal.c:268 logsrvd/logsrvd_journal.c:272 +#: logsrvd/logsrvd_journal.c:425 logsrvd/logsrvd_local.c:174 +#: logsrvd/logsrvd_local.c:237 logsrvd/logsrvd_local.c:425 +#: logsrvd/logsrvd_local.c:431 logsrvd/logsrvd_local.c:450 +#: logsrvd/logsrvd_queue.c:153 logsrvd/logsrvd_queue.c:184 +#: logsrvd/logsrvd_queue.c:261 logsrvd/sendlog.c:246 logsrvd/sendlog.c:255 +#: logsrvd/sendlog.c:333 logsrvd/sendlog.c:640 logsrvd/sendlog.c:1526 +#: logsrvd/sendlog.c:1533 logsrvd/sendlog.c:1756 logsrvd/tls_init.c:293 +#: logsrvd/tls_init.c:314 logsrvd/tls_init.c:324 plugins/sudoers/audit.c:116 +#: plugins/sudoers/auth/pam.c:503 plugins/sudoers/auth/pam.c:689 +#: plugins/sudoers/auth/rfc1938.c:111 plugins/sudoers/check_aliases.c:134 +#: plugins/sudoers/cvtsudoers.c:131 plugins/sudoers/cvtsudoers.c:174 +#: plugins/sudoers/cvtsudoers.c:191 plugins/sudoers/cvtsudoers.c:202 +#: plugins/sudoers/cvtsudoers.c:332 plugins/sudoers/cvtsudoers.c:533 +#: plugins/sudoers/cvtsudoers.c:666 plugins/sudoers/cvtsudoers.c:684 +#: plugins/sudoers/cvtsudoers.c:755 plugins/sudoers/cvtsudoers.c:870 +#: plugins/sudoers/cvtsudoers.c:877 plugins/sudoers/cvtsudoers.c:1373 +#: plugins/sudoers/cvtsudoers.c:1377 plugins/sudoers/cvtsudoers.c:1479 +#: plugins/sudoers/cvtsudoers_csv.c:182 plugins/sudoers/cvtsudoers_csv.c:245 #: plugins/sudoers/cvtsudoers_json.c:75 plugins/sudoers/cvtsudoers_ldif.c:150 #: plugins/sudoers/cvtsudoers_ldif.c:193 plugins/sudoers/cvtsudoers_ldif.c:234 -#: plugins/sudoers/cvtsudoers_ldif.c:299 plugins/sudoers/cvtsudoers_ldif.c:370 -#: plugins/sudoers/cvtsudoers_ldif.c:420 plugins/sudoers/cvtsudoers_ldif.c:428 -#: plugins/sudoers/cvtsudoers_ldif.c:439 plugins/sudoers/cvtsudoers_ldif.c:446 -#: plugins/sudoers/cvtsudoers_ldif.c:459 plugins/sudoers/cvtsudoers_ldif.c:467 -#: plugins/sudoers/cvtsudoers_ldif.c:614 plugins/sudoers/defaults.c:630 -#: plugins/sudoers/defaults.c:923 plugins/sudoers/defaults.c:1098 -#: plugins/sudoers/editor.c:181 plugins/sudoers/env.c:261 +#: plugins/sudoers/cvtsudoers_ldif.c:299 plugins/sudoers/cvtsudoers_ldif.c:375 +#: plugins/sudoers/cvtsudoers_ldif.c:429 plugins/sudoers/cvtsudoers_ldif.c:437 +#: plugins/sudoers/cvtsudoers_ldif.c:448 plugins/sudoers/cvtsudoers_ldif.c:455 +#: plugins/sudoers/cvtsudoers_ldif.c:468 plugins/sudoers/cvtsudoers_ldif.c:476 +#: plugins/sudoers/cvtsudoers_ldif.c:623 +#: plugins/sudoers/cvtsudoers_merge.c:246 +#: plugins/sudoers/cvtsudoers_merge.c:292 +#: plugins/sudoers/cvtsudoers_merge.c:338 +#: plugins/sudoers/cvtsudoers_merge.c:359 +#: plugins/sudoers/cvtsudoers_merge.c:446 +#: plugins/sudoers/cvtsudoers_merge.c:454 +#: plugins/sudoers/cvtsudoers_merge.c:457 +#: plugins/sudoers/cvtsudoers_merge.c:523 +#: plugins/sudoers/cvtsudoers_merge.c:526 +#: plugins/sudoers/cvtsudoers_merge.c:695 +#: plugins/sudoers/cvtsudoers_merge.c:703 +#: plugins/sudoers/cvtsudoers_merge.c:926 +#: plugins/sudoers/cvtsudoers_merge.c:962 plugins/sudoers/defaults.c:665 +#: plugins/sudoers/defaults.c:1019 plugins/sudoers/defaults.c:1206 +#: plugins/sudoers/editor.c:190 plugins/sudoers/env.c:262 #: plugins/sudoers/exptilde.c:92 plugins/sudoers/filedigest.c:54 -#: plugins/sudoers/filedigest.c:70 plugins/sudoers/gc.c:56 -#: plugins/sudoers/group_plugin.c:132 plugins/sudoers/interfaces.c:72 -#: plugins/sudoers/iolog.c:596 plugins/sudoers/iolog.c:613 +#: plugins/sudoers/filedigest.c:70 plugins/sudoers/gc.c:57 +#: plugins/sudoers/group_plugin.c:132 plugins/sudoers/interfaces.c:68 +#: plugins/sudoers/iolog.c:609 plugins/sudoers/iolog.c:635 #: plugins/sudoers/ldap.c:184 plugins/sudoers/ldap.c:422 #: plugins/sudoers/ldap.c:432 plugins/sudoers/ldap.c:437 #: plugins/sudoers/ldap.c:441 plugins/sudoers/ldap.c:453 -#: plugins/sudoers/ldap.c:744 plugins/sudoers/ldap.c:908 -#: plugins/sudoers/ldap.c:1281 plugins/sudoers/ldap.c:1709 -#: plugins/sudoers/ldap.c:1746 plugins/sudoers/ldap.c:1827 -#: plugins/sudoers/ldap.c:1962 plugins/sudoers/ldap.c:2063 -#: plugins/sudoers/ldap.c:2079 plugins/sudoers/ldap_conf.c:218 +#: plugins/sudoers/ldap.c:749 plugins/sudoers/ldap.c:913 +#: plugins/sudoers/ldap.c:1286 plugins/sudoers/ldap.c:1712 +#: plugins/sudoers/ldap.c:1749 plugins/sudoers/ldap.c:1830 +#: plugins/sudoers/ldap.c:1965 plugins/sudoers/ldap.c:2066 +#: plugins/sudoers/ldap.c:2082 plugins/sudoers/ldap_conf.c:218 #: plugins/sudoers/ldap_conf.c:249 plugins/sudoers/ldap_conf.c:301 #: plugins/sudoers/ldap_conf.c:337 plugins/sudoers/ldap_conf.c:441 #: plugins/sudoers/ldap_conf.c:456 plugins/sudoers/ldap_conf.c:553 #: plugins/sudoers/ldap_conf.c:586 plugins/sudoers/ldap_conf.c:677 -#: plugins/sudoers/ldap_conf.c:760 plugins/sudoers/ldap_util.c:325 -#: plugins/sudoers/ldap_util.c:332 plugins/sudoers/ldap_util.c:603 -#: plugins/sudoers/linux_audit.c:84 plugins/sudoers/log_client.c:105 -#: plugins/sudoers/log_client.c:214 plugins/sudoers/log_client.c:235 -#: plugins/sudoers/log_client.c:248 plugins/sudoers/log_client.c:381 -#: plugins/sudoers/log_client.c:688 plugins/sudoers/log_client.c:706 -#: plugins/sudoers/log_client.c:1407 plugins/sudoers/log_client.c:1620 -#: plugins/sudoers/log_client.c:1942 plugins/sudoers/log_client.c:1999 -#: plugins/sudoers/logging.c:100 plugins/sudoers/logging.c:165 -#: plugins/sudoers/logging.c:166 plugins/sudoers/logging.c:425 -#: plugins/sudoers/logging.c:445 plugins/sudoers/logging.c:527 -#: plugins/sudoers/match_command.c:280 plugins/sudoers/match_command.c:448 -#: plugins/sudoers/match_command.c:498 plugins/sudoers/match_command.c:573 -#: plugins/sudoers/match_digest.c:93 plugins/sudoers/parse.c:198 -#: plugins/sudoers/parse.c:212 plugins/sudoers/parse.c:229 -#: plugins/sudoers/parse.c:243 plugins/sudoers/parse.c:263 -#: plugins/sudoers/parse.c:274 plugins/sudoers/parse_ldif.c:152 -#: plugins/sudoers/parse_ldif.c:183 plugins/sudoers/parse_ldif.c:252 -#: plugins/sudoers/parse_ldif.c:259 plugins/sudoers/parse_ldif.c:264 -#: plugins/sudoers/parse_ldif.c:340 plugins/sudoers/parse_ldif.c:351 -#: plugins/sudoers/parse_ldif.c:378 plugins/sudoers/parse_ldif.c:395 -#: plugins/sudoers/parse_ldif.c:407 plugins/sudoers/parse_ldif.c:411 -#: plugins/sudoers/parse_ldif.c:425 plugins/sudoers/parse_ldif.c:594 -#: plugins/sudoers/parse_ldif.c:623 plugins/sudoers/parse_ldif.c:648 -#: plugins/sudoers/parse_ldif.c:706 plugins/sudoers/parse_ldif.c:723 -#: plugins/sudoers/parse_ldif.c:751 plugins/sudoers/parse_ldif.c:758 -#: plugins/sudoers/policy.c:139 plugins/sudoers/policy.c:148 -#: plugins/sudoers/policy.c:157 plugins/sudoers/policy.c:183 -#: plugins/sudoers/policy.c:320 plugins/sudoers/policy.c:335 -#: plugins/sudoers/policy.c:337 plugins/sudoers/policy.c:366 -#: plugins/sudoers/policy.c:375 plugins/sudoers/policy.c:418 -#: plugins/sudoers/policy.c:428 plugins/sudoers/policy.c:437 -#: plugins/sudoers/policy.c:446 plugins/sudoers/policy.c:526 -#: plugins/sudoers/policy.c:874 plugins/sudoers/prompt.c:93 -#: plugins/sudoers/pwutil.c:194 plugins/sudoers/pwutil.c:265 -#: plugins/sudoers/pwutil.c:343 plugins/sudoers/pwutil.c:517 -#: plugins/sudoers/pwutil.c:581 plugins/sudoers/pwutil.c:652 -#: plugins/sudoers/pwutil.c:811 plugins/sudoers/pwutil.c:867 -#: plugins/sudoers/pwutil.c:911 plugins/sudoers/pwutil.c:968 -#: plugins/sudoers/set_perms.c:359 plugins/sudoers/set_perms.c:698 -#: plugins/sudoers/set_perms.c:1061 plugins/sudoers/set_perms.c:1364 -#: plugins/sudoers/set_perms.c:1529 plugins/sudoers/sssd.c:144 +#: plugins/sudoers/ldap_conf.c:760 plugins/sudoers/ldap_util.c:292 +#: plugins/sudoers/ldap_util.c:299 plugins/sudoers/ldap_util.c:613 +#: plugins/sudoers/linux_audit.c:86 plugins/sudoers/log_client.c:112 +#: plugins/sudoers/log_client.c:221 plugins/sudoers/log_client.c:242 +#: plugins/sudoers/log_client.c:255 plugins/sudoers/log_client.c:390 +#: plugins/sudoers/log_client.c:703 plugins/sudoers/log_client.c:724 +#: plugins/sudoers/log_client.c:1444 plugins/sudoers/log_client.c:1662 +#: plugins/sudoers/log_client.c:1989 plugins/sudoers/log_client.c:2046 +#: plugins/sudoers/logging.c:104 plugins/sudoers/logging.c:183 +#: plugins/sudoers/logging.c:184 plugins/sudoers/logging.c:467 +#: plugins/sudoers/logging.c:487 plugins/sudoers/logging.c:627 +#: plugins/sudoers/match_command.c:296 plugins/sudoers/match_command.c:496 +#: plugins/sudoers/match_command.c:545 plugins/sudoers/match_command.c:618 +#: plugins/sudoers/match_command.c:665 plugins/sudoers/match_digest.c:93 +#: plugins/sudoers/parse.c:200 plugins/sudoers/parse.c:217 +#: plugins/sudoers/parse.c:249 plugins/sudoers/parse.c:266 +#: plugins/sudoers/parse.c:289 plugins/sudoers/parse.c:300 +#: plugins/sudoers/parse_ldif.c:152 plugins/sudoers/parse_ldif.c:183 +#: plugins/sudoers/parse_ldif.c:252 plugins/sudoers/parse_ldif.c:260 +#: plugins/sudoers/parse_ldif.c:265 plugins/sudoers/parse_ldif.c:341 +#: plugins/sudoers/parse_ldif.c:352 plugins/sudoers/parse_ldif.c:379 +#: plugins/sudoers/parse_ldif.c:396 plugins/sudoers/parse_ldif.c:408 +#: plugins/sudoers/parse_ldif.c:412 plugins/sudoers/parse_ldif.c:426 +#: plugins/sudoers/parse_ldif.c:484 plugins/sudoers/parse_ldif.c:597 +#: plugins/sudoers/parse_ldif.c:626 plugins/sudoers/parse_ldif.c:651 +#: plugins/sudoers/parse_ldif.c:709 plugins/sudoers/parse_ldif.c:726 +#: plugins/sudoers/parse_ldif.c:754 plugins/sudoers/parse_ldif.c:761 +#: plugins/sudoers/policy.c:152 plugins/sudoers/policy.c:161 +#: plugins/sudoers/policy.c:170 plugins/sudoers/policy.c:197 +#: plugins/sudoers/policy.c:338 plugins/sudoers/policy.c:353 +#: plugins/sudoers/policy.c:355 plugins/sudoers/policy.c:385 +#: plugins/sudoers/policy.c:394 plugins/sudoers/policy.c:442 +#: plugins/sudoers/policy.c:452 plugins/sudoers/policy.c:461 +#: plugins/sudoers/policy.c:470 plugins/sudoers/policy.c:564 +#: plugins/sudoers/policy.c:978 plugins/sudoers/prompt.c:93 +#: plugins/sudoers/pwutil.c:199 plugins/sudoers/pwutil.c:270 +#: plugins/sudoers/pwutil.c:348 plugins/sudoers/pwutil.c:522 +#: plugins/sudoers/pwutil.c:587 plugins/sudoers/pwutil.c:659 +#: plugins/sudoers/pwutil.c:857 plugins/sudoers/pwutil.c:913 +#: plugins/sudoers/pwutil.c:957 plugins/sudoers/pwutil.c:1014 +#: plugins/sudoers/set_perms.c:363 plugins/sudoers/set_perms.c:706 +#: plugins/sudoers/set_perms.c:1073 plugins/sudoers/set_perms.c:1380 +#: plugins/sudoers/set_perms.c:1549 plugins/sudoers/sssd.c:144 #: plugins/sudoers/sssd.c:407 plugins/sudoers/sssd.c:470 -#: plugins/sudoers/sssd.c:514 plugins/sudoers/sssd.c:561 -#: plugins/sudoers/sssd.c:754 plugins/sudoers/stubs.c:110 -#: plugins/sudoers/stubs.c:118 plugins/sudoers/sudoers.c:300 -#: plugins/sudoers/sudoers.c:326 plugins/sudoers/sudoers.c:370 -#: plugins/sudoers/sudoers.c:381 plugins/sudoers/sudoers.c:391 -#: plugins/sudoers/sudoers.c:433 plugins/sudoers/sudoers.c:794 -#: plugins/sudoers/sudoers.c:927 plugins/sudoers/sudoers.c:961 -#: plugins/sudoers/sudoers.c:1265 plugins/sudoers/sudoreplay.c:552 -#: plugins/sudoers/sudoreplay.c:555 plugins/sudoers/sudoreplay.c:1259 -#: plugins/sudoers/sudoreplay.c:1469 plugins/sudoers/sudoreplay.c:1473 -#: plugins/sudoers/testsudoers.c:128 plugins/sudoers/testsudoers.c:228 -#: plugins/sudoers/testsudoers.c:245 plugins/sudoers/testsudoers.c:587 -#: plugins/sudoers/timestamp.c:432 plugins/sudoers/timestamp.c:476 -#: plugins/sudoers/timestamp.c:986 plugins/sudoers/toke_util.c:51 -#: plugins/sudoers/toke_util.c:104 plugins/sudoers/toke_util.c:128 -#: plugins/sudoers/toke_util.c:157 plugins/sudoers/tsdump.c:123 -#: plugins/sudoers/visudo.c:145 plugins/sudoers/visudo.c:323 -#: plugins/sudoers/visudo.c:329 plugins/sudoers/visudo.c:439 -#: plugins/sudoers/visudo.c:615 plugins/sudoers/visudo.c:935 -#: plugins/sudoers/visudo.c:1008 plugins/sudoers/visudo.c:1129 toke.l:913 -#: toke.l:1033 toke.l:1091 +#: plugins/sudoers/sssd.c:514 plugins/sudoers/sssd.c:558 +#: plugins/sudoers/sssd.c:751 plugins/sudoers/strvec_join.c:53 +#: plugins/sudoers/stubs.c:111 plugins/sudoers/stubs.c:119 +#: plugins/sudoers/sudoers.c:335 plugins/sudoers/sudoers.c:361 +#: plugins/sudoers/sudoers.c:429 plugins/sudoers/sudoers.c:438 +#: plugins/sudoers/sudoers.c:479 plugins/sudoers/sudoers.c:842 +#: plugins/sudoers/sudoers.c:980 plugins/sudoers/sudoers.c:1039 +#: plugins/sudoers/sudoers.c:1305 plugins/sudoers/sudoreplay.c:562 +#: plugins/sudoers/sudoreplay.c:565 plugins/sudoers/sudoreplay.c:1280 +#: plugins/sudoers/sudoreplay.c:1500 plugins/sudoers/sudoreplay.c:1504 +#: plugins/sudoers/testsudoers.c:120 plugins/sudoers/testsudoers.c:224 +#: plugins/sudoers/testsudoers.c:241 plugins/sudoers/testsudoers.c:580 +#: plugins/sudoers/timestamp.c:424 plugins/sudoers/timestamp.c:468 +#: plugins/sudoers/timestamp.c:980 plugins/sudoers/timestamp.c:1118 +#: plugins/sudoers/toke_util.c:77 plugins/sudoers/toke_util.c:105 +#: plugins/sudoers/toke_util.c:130 plugins/sudoers/toke_util.c:154 +#: plugins/sudoers/toke_util.c:193 plugins/sudoers/tsdump.c:123 +#: plugins/sudoers/visudo.c:145 plugins/sudoers/visudo.c:344 +#: plugins/sudoers/visudo.c:350 plugins/sudoers/visudo.c:456 +#: plugins/sudoers/visudo.c:632 plugins/sudoers/visudo.c:962 +#: plugins/sudoers/visudo.c:1035 toke.l:944 toke.l:1076 toke.l:1139 +#: toke.l:1147 #, c-format msgid "%s: %s" msgstr "%s: %s" -#: lib/eventlog/eventlog.c:285 lib/iolog/iolog_json.c:463 -#: lib/iolog/iolog_json.c:466 lib/iolog/iolog_json.c:468 -#: lib/iolog/iolog_json.c:560 plugins/sudoers/cvtsudoers_ldif.c:244 -#: plugins/sudoers/cvtsudoers_ldif.c:251 plugins/sudoers/cvtsudoers_ldif.c:571 -#: plugins/sudoers/env.c:323 plugins/sudoers/env.c:330 -#: plugins/sudoers/env.c:437 plugins/sudoers/iolog.c:618 -#: plugins/sudoers/ldap.c:517 plugins/sudoers/ldap.c:748 -#: plugins/sudoers/ldap.c:1081 plugins/sudoers/ldap_conf.c:222 -#: plugins/sudoers/ldap_conf.c:312 plugins/sudoers/linux_audit.c:90 -#: plugins/sudoers/policy.c:556 plugins/sudoers/policy.c:711 -#: plugins/sudoers/policy.c:721 plugins/sudoers/prompt.c:161 -#: plugins/sudoers/sudoers.c:983 plugins/sudoers/testsudoers.c:249 -#: plugins/sudoers/toke_util.c:169 +#: lib/eventlog/eventlog.c:314 lib/iolog/iolog_json.c:562 +#: lib/iolog/iolog_json.c:568 lib/iolog/iolog_json.c:574 +#: plugins/sudoers/cvtsudoers_csv.c:192 plugins/sudoers/cvtsudoers_csv.c:199 +#: plugins/sudoers/cvtsudoers_ldif.c:244 plugins/sudoers/cvtsudoers_ldif.c:251 +#: plugins/sudoers/cvtsudoers_ldif.c:580 plugins/sudoers/env.c:326 +#: plugins/sudoers/env.c:333 plugins/sudoers/env.c:444 +#: plugins/sudoers/ldap.c:520 plugins/sudoers/ldap.c:753 +#: plugins/sudoers/ldap.c:1086 plugins/sudoers/ldap_conf.c:222 +#: plugins/sudoers/ldap_conf.c:312 plugins/sudoers/ldap_util.c:485 +#: plugins/sudoers/linux_audit.c:92 plugins/sudoers/policy.c:594 +#: plugins/sudoers/policy.c:763 plugins/sudoers/policy.c:774 +#: plugins/sudoers/prompt.c:168 plugins/sudoers/strvec_join.c:62 +#: plugins/sudoers/testsudoers.c:245 plugins/sudoers/toke_util.c:206 +#: toke.l:908 toke.l:1110 #, c-format msgid "internal error, %s overflow" msgstr "内部エラー、%s がオーバーフローしました" -#: lib/eventlog/eventlog.c:343 +#: lib/eventlog/eventlog.c:373 #, c-format msgid "unable to dup stdin: %m" msgstr "標準入力を複製できません: %m" -#: lib/eventlog/eventlog.c:388 +#: lib/eventlog/eventlog.c:415 #, c-format msgid "unable to execute %s: %m" msgstr "%s を実行できません: %m" -#: lib/eventlog/eventlog.c:428 plugins/sudoers/auth/aix_auth.c:198 +#: lib/eventlog/eventlog.c:456 plugins/sudoers/auth/aix_auth.c:198 msgid "unable to fork" msgstr "fork できません" -#: lib/eventlog/eventlog.c:436 lib/eventlog/eventlog.c:490 +#: lib/eventlog/eventlog.c:464 lib/eventlog/eventlog.c:518 #, c-format msgid "unable to fork: %m" msgstr "fork できません: %m" -#: lib/eventlog/eventlog.c:480 +#: lib/eventlog/eventlog.c:508 #, c-format msgid "unable to open pipe: %m" msgstr "パイプを開けません: %m" -#: lib/eventlog/eventlog.c:894 +#: lib/eventlog/eventlog.c:1007 #, c-format msgid "%8s : %s" msgstr "%8s : %s" -#: lib/eventlog/eventlog.c:923 +#: lib/eventlog/eventlog.c:1036 #, c-format msgid "%8s : (command continued) %s" msgstr "%8s : (コマンド継続中) %s" -#: lib/iolog/iolog_fileio.c:155 -#, c-format -msgid "%s exists but is not a directory (0%o)" -msgstr "%s が存在しますがディレクトリではありません (0%o)" - -#: lib/iolog/iolog_fileio.c:185 lib/iolog/iolog_fileio.c:231 -#: plugins/sudoers/timestamp.c:205 -#, c-format -msgid "unable to mkdir %s" -msgstr "ディレクトリ %s を作成できません" - -#: lib/iolog/iolog_fileio.c:235 plugins/sudoers/visudo.c:732 -#: plugins/sudoers/visudo.c:743 -#, c-format -msgid "unable to change mode of %s to 0%o" -msgstr "%s のアクセス権限のモードを 0%o に変更できません" - -#: lib/iolog/iolog_json.c:114 +#: lib/iolog/iolog_json.c:140 #, c-format msgid "expected JSON_STRING, got %d" msgstr "JSON_STRING を予期していたら、 %d でした" -#: lib/iolog/iolog_json.c:327 +#: lib/iolog/iolog_json.c:145 +msgid "JSON_ARRAY too large" +msgstr "JSON_ARRAY が大きすぎます" + +#: lib/iolog/iolog_json.c:404 msgid "missing double quote in name" msgstr "名前に二重引用符がありません" -#: lib/iolog/iolog_json.c:414 +#: lib/iolog/iolog_json.c:501 +msgid "missing JSON_OBJECT" +msgstr "JSON_OBJECT がありません" + +#: lib/iolog/iolog_json.c:505 #, c-format msgid "expected JSON_OBJECT, got %d" msgstr "JSON_OBJECT を予期していたら、 %d でした" -#: lib/iolog/iolog_json.c:629 lib/iolog/iolog_json.c:753 +#: lib/iolog/iolog_json.c:661 +#, c-format +msgid "json stack exhausted (max %u frames)" +msgstr "JSON スタックを使い切りました(最大 %u フレーム)" + +#: lib/iolog/iolog_json.c:735 +msgid "objects must consist of name:value pairs" +msgstr "オブジェクトは 名前:値 のベアである必要があります" + +#: lib/iolog/iolog_json.c:740 lib/iolog/iolog_json.c:771 +#: lib/iolog/iolog_json.c:815 lib/iolog/iolog_json.c:837 +#: lib/iolog/iolog_json.c:859 lib/iolog/iolog_json.c:881 +#: lib/iolog/iolog_json.c:903 +msgid "missing separator between values" +msgstr "値の間の分離記号がありません" + +#: lib/iolog/iolog_json.c:755 lib/iolog/iolog_json.c:929 msgid "unmatched close brace" msgstr "余分な閉じ中括弧があります" -#: lib/iolog/iolog_json.c:638 +#: lib/iolog/iolog_json.c:766 msgid "unexpected array" msgstr "予期せぬところに配列" -#: lib/iolog/iolog_json.c:651 lib/iolog/iolog_json.c:755 +#: lib/iolog/iolog_json.c:786 lib/iolog/iolog_json.c:932 msgid "unmatched close bracket" msgstr "余分な閉じ角括弧があります" -#: lib/iolog/iolog_json.c:659 +#: lib/iolog/iolog_json.c:797 msgid "unexpected string" msgstr "予期せぬところに文字列" -#: lib/iolog/iolog_json.c:669 +#: lib/iolog/iolog_json.c:808 msgid "missing colon after name" msgstr "名前の後にコロンがありません" -#: lib/iolog/iolog_json.c:680 lib/iolog/iolog_json.c:695 -#: lib/iolog/iolog_json.c:710 +#: lib/iolog/iolog_json.c:829 lib/iolog/iolog_json.c:851 msgid "unexpected boolean" msgstr "予期せぬところに真偽値" -#: lib/iolog/iolog_json.c:726 +#: lib/iolog/iolog_json.c:873 +msgid "unexpected null" +msgstr "予期せぬところにNULL" + +#: lib/iolog/iolog_json.c:894 msgid "unexpected number" msgstr "予期せぬところに数値" -#: lib/iolog/iolog_json.c:763 -#, c-format -msgid "%s:%u unable to parse \"%s\"" -msgstr "%s:%u \"%s\" を構文解析できません" +#: lib/iolog/iolog_json.c:941 +msgid "parse error" +msgstr "構文解析エラー" -#: lib/iolog/iolog_util.c:71 +#: lib/iolog/iolog_legacy.c:65 #, c-format msgid "%s: invalid log file" msgstr "%s: 無効なログファイルのパス" -#: lib/iolog/iolog_util.c:89 +#: lib/iolog/iolog_legacy.c:83 #, c-format msgid "%s: time stamp field is missing" msgstr "%s: タイムスタンプのフィールドがありません" -#: lib/iolog/iolog_util.c:95 +#: lib/iolog/iolog_legacy.c:89 #, c-format msgid "%s: time stamp %s: %s" msgstr "%s: タイムスタンプ %s: %s" -#: lib/iolog/iolog_util.c:102 +#: lib/iolog/iolog_legacy.c:96 #, c-format msgid "%s: user field is missing" msgstr "%s: ユーザー名フィールドがありません" -#: lib/iolog/iolog_util.c:111 +#: lib/iolog/iolog_legacy.c:107 #, c-format msgid "%s: runas user field is missing" msgstr "%s: runasユーザー名フィールドがありません" -#: lib/iolog/iolog_util.c:120 +#: lib/iolog/iolog_legacy.c:118 #, c-format msgid "%s: runas group field is missing" msgstr "%s: runasグループ名フィールドがありません" -#: lib/iolog/iolog_util.c:419 +#: lib/iolog/iolog_mkdirs.c:89 +#, c-format +msgid "%s exists but is not a directory (0%o)" +msgstr "%s が存在しますがディレクトリではありません (0%o)" + +#: lib/iolog/iolog_mkdirs.c:119 lib/iolog/iolog_mkdtemp.c:77 +#: logsrvd/iolog_writer.c:807 plugins/sudoers/timestamp.c:205 +#, c-format +msgid "unable to mkdir %s" +msgstr "ディレクトリ %s を作成できません" + +#: lib/iolog/iolog_mkdtemp.c:81 plugins/sudoers/visudo.c:731 +#: plugins/sudoers/visudo.c:765 plugins/sudoers/visudo.c:771 +#, c-format +msgid "unable to change mode of %s to 0%o" +msgstr "%s のアクセス権限のモードを 0%o に変更できません" + +#: lib/iolog/iolog_timing.c:261 #, c-format msgid "error reading timing file: %s" msgstr "タイミングファイルの読み込みエラー: %s" -#: lib/iolog/iolog_util.c:426 +#: lib/iolog/iolog_timing.c:268 #, c-format msgid "invalid timing file line: %s" msgstr "無効なタイミングファイルの行です: %s" -#: logsrvd/iolog_writer.c:919 -msgid "log is already complete, cannot be restarted" -msgstr "ログは完了しているので、再開できません" +#: logsrvd/iolog_writer.c:130 plugins/sudoers/logging.c:803 +#: plugins/sudoers/policy.c:544 +msgid "unable to generate UUID" +msgstr "uuid を生成できません" -#: logsrvd/iolog_writer.c:950 -msgid "unable to restart log" -msgstr "ログを再開できません" +#: logsrvd/iolog_writer.c:158 logsrvd/iolog_writer.c:176 +#: logsrvd/iolog_writer.c:185 logsrvd/iolog_writer.c:203 +#: logsrvd/iolog_writer.c:216 logsrvd/iolog_writer.c:229 +#: logsrvd/iolog_writer.c:240 logsrvd/iolog_writer.c:247 +#: logsrvd/iolog_writer.c:265 logsrvd/iolog_writer.c:272 +#: logsrvd/iolog_writer.c:290 logsrvd/iolog_writer.c:305 +#: logsrvd/iolog_writer.c:318 logsrvd/iolog_writer.c:331 +#: logsrvd/iolog_writer.c:344 logsrvd/iolog_writer.c:359 +#, c-format +msgid "%s: protocol error: wrong type for %s" +msgstr "%s: プロトコルエラー: %s の型としては間違っています" + +#: logsrvd/iolog_writer.c:370 logsrvd/iolog_writer.c:375 +#: logsrvd/iolog_writer.c:380 logsrvd/iolog_writer.c:385 +#, c-format +msgid "%s: protocol error: %s missing from AcceptMessage" +msgstr "%s: プロトコルエラー: %s が AcceptMessage にありません" + +#: logsrvd/iolog_writer.c:446 +#, c-format +msgid "%s: unable to format session id" +msgstr "%s: セッションIDを整形できません" -#: logsrvd/logsrv_util.c:99 logsrvd/logsrv_util.c:106 -#: plugins/sudoers/sudoreplay.c:352 plugins/sudoers/sudoreplay.c:358 +#: logsrvd/iolog_writer.c:460 logsrvd/iolog_writer.c:474 +#: logsrvd/iolog_writer.c:488 logsrvd/iolog_writer.c:503 +#: logsrvd/iolog_writer.c:517 logsrvd/iolog_writer.c:531 +#, c-format +msgid "%s: %s is not set" +msgstr "%s: %s は設定されていません" + +#: logsrvd/iolog_writer.c:567 logsrvd/iolog_writer.c:574 +#, c-format +msgid "unable to expand iolog path %s" +msgstr "iolog のパス %s を伸長できません" + +#: logsrvd/iolog_writer.c:592 +#, c-format +msgid "unable to create iolog path %s" +msgstr "iolog のパス %s を作成できません" + +#: logsrvd/iolog_writer.c:622 +#, c-format +msgid "invalid iofd %d" +msgstr "無効な iofd %d です" + +#: logsrvd/iolog_writer.c:642 +#, c-format +msgid "error closing iofd %d: %s" +msgstr "iofd %d を閉じる際にエラーが発生しました: %s" + +#: logsrvd/iolog_writer.c:662 +#, c-format +msgid "error flushing iofd %d: %s" +msgstr "iofd %d をフラッシュする際にエラーが発生しました: %s" + +#: logsrvd/iolog_writer.c:777 +#, c-format +msgid "invalid I/O log %s: %s referenced but not present" +msgstr "無効な I/O ログ %s: %s が参照されていますが存在しません" + +#: logsrvd/iolog_writer.c:789 logsrvd/logsrvd_journal.c:377 +#, c-format +msgid "%s: unable to find resume point [%lld, %ld]" +msgstr "%s: 復元ポイントが見つかりません [%lld, %ld]" + +#: logsrvd/iolog_writer.c:811 logsrvd/logsrvd_journal.c:420 +#: logsrvd/logsrvd_queue.c:110 logsrvd/tls_init.c:245 +#: plugins/sudoers/check.c:274 plugins/sudoers/cvtsudoers.c:727 +#: plugins/sudoers/cvtsudoers.c:748 plugins/sudoers/cvtsudoers.c:1439 +#: plugins/sudoers/cvtsudoers_csv.c:681 plugins/sudoers/cvtsudoers_json.c:885 +#: plugins/sudoers/cvtsudoers_ldif.c:697 plugins/sudoers/sudoers.c:1092 +#: plugins/sudoers/sudoreplay.c:1466 plugins/sudoers/timestamp.c:433 +#: plugins/sudoers/tsdump.c:128 plugins/sudoers/visudo.c:949 +#, c-format +msgid "unable to open %s" +msgstr "%s を開けません" + +#: logsrvd/iolog_writer.c:823 logsrvd/logsrv_util.c:100 +#: logsrvd/logsrv_util.c:107 plugins/sudoers/sudoreplay.c:362 +#: plugins/sudoers/sudoreplay.c:368 #, c-format msgid "unable to open %s/%s" msgstr "%s/%s を開けません" -#: logsrvd/logsrv_util.c:133 +#: logsrvd/iolog_writer.c:836 +#, c-format +msgid "unable to copy %s/%s to %s/%s: %s" +msgstr "%s/%s から %s/%s にコピーできません: %s" + +#: logsrvd/iolog_writer.c:865 logsrvd/logsrvd_journal.c:185 +#, c-format +msgid "unable to rename %s to %s" +msgstr "%s から %s に名前を変更できません" + +#: logsrvd/logsrv_util.c:139 logsrvd/logsrv_util.c:168 +#, c-format +msgid "%s/%s: unable to find resume point [%lld, %ld]" +msgstr "%s/%s: 復元ポイントが見つかりません [%lld, %ld]" + +#: logsrvd/logsrv_util.c:151 #, c-format msgid "missing I/O log file %s/%s" msgstr "I/O ログファイル %s/%s がありません。" -#: logsrvd/logsrv_util.c:140 +#: logsrvd/logsrv_util.c:158 #, c-format msgid "%s/%s: unable to seek forward %zu" msgstr "%s/%s: 前方検索できません %zu" -#: logsrvd/logsrv_util.c:150 -#, c-format -msgid "unable to find resume point [%lld, %ld] in %s/%s" -msgstr "復元ポイントが見つかりません [%lld, %ld] in %s/%s" +#: logsrvd/logsrvd.c:266 logsrvd/logsrvd_queue.c:130 +msgid "unable to connect to relay" +msgstr "リレーに接続できません" + +#: logsrvd/logsrvd.c:325 logsrvd/logsrvd_relay.c:835 +#, c-format +msgid "server message too large: %zu" +msgstr "サーバーメッセージが大き過ぎます: %zu" + +#: logsrvd/logsrvd.c:417 logsrvd/logsrvd.c:534 logsrvd/logsrvd.c:613 +#: logsrvd/logsrvd.c:837 logsrvd/logsrvd.c:851 logsrvd/logsrvd.c:1010 +#: logsrvd/logsrvd.c:1134 logsrvd/logsrvd.c:1307 logsrvd/logsrvd.c:1325 +#: logsrvd/logsrvd.c:1423 logsrvd/logsrvd.c:1546 logsrvd/logsrvd.c:1730 +#: logsrvd/logsrvd_journal.c:489 logsrvd/logsrvd_local.c:197 +#: logsrvd/logsrvd_queue.c:159 logsrvd/logsrvd_relay.c:167 +#: logsrvd/logsrvd_relay.c:244 logsrvd/logsrvd_relay.c:248 +#: logsrvd/logsrvd_relay.c:384 logsrvd/logsrvd_relay.c:576 +#: logsrvd/logsrvd_relay.c:737 logsrvd/logsrvd_relay.c:1121 +#: logsrvd/sendlog.c:1316 logsrvd/tls_client.c:131 logsrvd/tls_client.c:147 +#: logsrvd/tls_client.c:209 plugins/sudoers/audit.c:276 +#: plugins/sudoers/iolog.c:963 plugins/sudoers/iolog.c:1096 +#: plugins/sudoers/iolog.c:1194 plugins/sudoers/log_client.c:116 +#: plugins/sudoers/log_client.c:332 plugins/sudoers/log_client.c:348 +#: plugins/sudoers/log_client.c:395 plugins/sudoers/log_client.c:599 +#: plugins/sudoers/log_client.c:606 plugins/sudoers/log_client.c:1131 +#: plugins/sudoers/log_client.c:1413 plugins/sudoers/log_client.c:1454 +#: plugins/sudoers/log_client.c:1462 plugins/sudoers/log_client.c:1618 +#: plugins/sudoers/log_client.c:1734 plugins/sudoers/log_client.c:2054 +#: plugins/sudoers/log_client.c:2062 plugins/sudoers/logging.c:142 +#: plugins/sudoers/logging.c:198 plugins/sudoers/sudoreplay.c:522 +#: plugins/sudoers/sudoreplay.c:569 plugins/sudoers/sudoreplay.c:811 +#: plugins/sudoers/sudoreplay.c:923 plugins/sudoers/sudoreplay.c:1014 +#: plugins/sudoers/sudoreplay.c:1029 plugins/sudoers/sudoreplay.c:1036 +#: plugins/sudoers/sudoreplay.c:1043 plugins/sudoers/sudoreplay.c:1050 +#: plugins/sudoers/sudoreplay.c:1057 plugins/sudoers/sudoreplay.c:1184 +msgid "unable to add event to queue" +msgstr "イベントをキューに追加できません" -#: logsrvd/logsrvd.c:290 logsrvd/logsrvd.c:353 logsrvd/logsrvd.c:394 -#: logsrvd/logsrvd.c:449 logsrvd/logsrvd.c:517 logsrvd/logsrvd.c:568 -#: logsrvd/logsrvd.c:600 logsrvd/logsrvd.c:632 +#: logsrvd/logsrvd.c:441 logsrvd/logsrvd.c:478 logsrvd/logsrvd.c:510 +#: logsrvd/logsrvd.c:558 logsrvd/logsrvd.c:630 logsrvd/logsrvd.c:660 +#: logsrvd/logsrvd.c:690 logsrvd/logsrvd.c:720 logsrvd/logsrvd_relay.c:505 +#: logsrvd/logsrvd_relay.c:538 +#, c-format +msgid "unexpected state %d for %s" +msgstr "予期しない状態 %d (%sの)" + +#: logsrvd/logsrvd.c:442 logsrvd/logsrvd.c:479 logsrvd/logsrvd.c:511 +#: logsrvd/logsrvd.c:559 logsrvd/logsrvd.c:631 logsrvd/logsrvd.c:661 +#: logsrvd/logsrvd.c:691 logsrvd/logsrvd.c:721 logsrvd/logsrvd_relay.c:507 +#: logsrvd/logsrvd_relay.c:540 msgid "state machine error" msgstr "状態マシンエラー" -#: logsrvd/logsrvd.c:299 +#: logsrvd/logsrvd.c:448 logsrvd/logsrvd.c:449 msgid "invalid AcceptMessage" msgstr "無効な AcceptMessage" -#: logsrvd/logsrvd.c:307 -msgid "error parsing AcceptMessage" -msgstr "AcceptMessage の解析中にエラー" - -#: logsrvd/logsrvd.c:314 -msgid "error creating I/O log" -msgstr "I/O ログの作成でエラー" - -#: logsrvd/logsrvd.c:321 -msgid "error logging accept event" -msgstr "accept イベントのログ記録でエラー" - -#: logsrvd/logsrvd.c:362 +#: logsrvd/logsrvd.c:485 logsrvd/logsrvd.c:486 msgid "invalid RejectMessage" msgstr "無効な RejectMessage" -#: logsrvd/logsrvd.c:370 -msgid "error parsing RejectMessage" -msgstr "RejectMessage の解析でエラー" - -#: logsrvd/logsrvd.c:376 -msgid "error logging reject event" -msgstr "reject イベントのログ記録でエラー" - -#: logsrvd/logsrvd.c:486 +#: logsrvd/logsrvd.c:593 logsrvd/logsrvd.c:594 msgid "invalid AlertMessage" msgstr "無効な AlertMessage" -#: logsrvd/logsrvd.c:494 -msgid "error parsing AlertMessage" -msgstr "AlertMessage の解析中にエラー" - -#: logsrvd/logsrvd.c:502 -msgid "error logging alert event" -msgstr "alert イベントのログ記録でエラー" +#: logsrvd/logsrvd.c:635 logsrvd/logsrvd.c:665 logsrvd/logsrvd.c:695 +#, c-format +msgid "%s: unexpected IoBuffer" +msgstr "%s: 予期しない IoBuffer" -#: logsrvd/logsrvd.c:523 logsrvd/logsrvd.c:574 logsrvd/logsrvd.c:606 +#: logsrvd/logsrvd.c:636 logsrvd/logsrvd.c:666 logsrvd/logsrvd.c:696 msgid "protocol error" msgstr "プロトコルエラーです" -#: logsrvd/logsrvd.c:533 -msgid "error writing IoBuffer" -msgstr "IoBuffer の書き込みでエラー" - -#: logsrvd/logsrvd.c:585 -msgid "error writing ChangeWindowSize" -msgstr "ChangeWindowSize の書き込みでエラー" - -#: logsrvd/logsrvd.c:617 -msgid "error writing CommandSuspend" -msgstr "CommandSuspend の書き込みでエラー" +#: logsrvd/logsrvd.c:791 logsrvd/logsrvd_journal.c:357 +#: logsrvd/logsrvd_local.c:125 logsrvd/logsrvd_relay.c:671 +#, c-format +msgid "unexpected type_case value %d in %s from %s" +msgstr "予期しない type_case の値 %d が %s の中にあります、 %s から出てきたものです。" -#: logsrvd/logsrvd.c:702 +#: logsrvd/logsrvd.c:793 msgid "unrecognized ClientMessage type" msgstr "認識できないクライアントメッセージのタイプです" -#: logsrvd/logsrvd.c:967 -msgid "client message too large" -msgstr "クライアントメッセージが大き過ぎます" - -#: logsrvd/logsrvd.c:1197 logsrvd/logsrvd.c:1205 -#, c-format -msgid "unable to set TLS 1.2 ciphersuite to %s: %s" -msgstr "TLS 1.2 暗号化スイートを %s に設定できません: %s" - -#: logsrvd/logsrvd.c:1225 logsrvd/logsrvd.c:1233 +#: logsrvd/logsrvd.c:883 #, c-format -msgid "unable to set TLS 1.3 ciphersuite to %s: %s" -msgstr "TLS 1.3 暗号化スイートを %s に設定できません: %s" +msgid "timed out writing to client %s" +msgstr "クライアント %s への書き込みがタイムアウト" -#: logsrvd/logsrvd.c:1269 +#: logsrvd/logsrvd.c:888 logsrvd/logsrvd_relay.c:907 logsrvd/sendlog.c:1420 #, c-format -msgid "unable to get TLS server method: %s" -msgstr "TLS サーバーメソッドを取得できません: %s" +msgid "missing write buffer for client %s" +msgstr "クライアント %s への書き込みバッファがありません" -#: logsrvd/logsrvd.c:1274 +#: logsrvd/logsrvd.c:981 #, c-format -msgid "unable to create TLS context: %s" -msgstr "TLS コンテキストを作成できません: %s" +msgid "timed out reading from client %s" +msgstr "クライアント %s からの読み込みがタイムアウト" -#: logsrvd/logsrvd.c:1281 plugins/sudoers/log_client.c:236 +#: logsrvd/logsrvd.c:1022 logsrvd/logsrvd_relay.c:771 #, c-format -msgid "unable to load certificate %s" -msgstr "証明書 %s をロードできません" +msgid "EOF from %s without proper TLS shutdown" +msgstr "%s からの EOF が適切な TLS 通信の終了なしに現れました" -#: logsrvd/logsrvd.c:1294 plugins/sudoers/log_client.c:216 +#: logsrvd/logsrvd.c:1065 logsrvd/logsrvd_relay.c:200 logsrvd/sendlog.c:317 +#: plugins/sudoers/log_client.c:709 #, c-format -msgid "unable to load certificate authority bundle %s" -msgstr "認証局の証明書バンドル %s をロードできません" - -#: logsrvd/logsrvd.c:1339 plugins/sudoers/log_client.c:249 -#, c-format -msgid "unable to load private key %s" -msgstr "プライベート鍵を読み込めません: %s" +msgid "client message too large: %zu" +msgstr "クライアントメッセージが大き過ぎます: %zu" -#: logsrvd/logsrvd.c:1356 logsrvd/logsrvd.c:1365 -#, c-format -msgid "unable to set diffie-hellman parameters: %s" -msgstr "ディフィー・ヘルマン パラメーターを設定できません: %s" +#: logsrvd/logsrvd.c:1066 logsrvd/logsrvd_journal.c:246 +#: logsrvd/logsrvd_journal.c:247 +msgid "client message too large" +msgstr "クライアントメッセージが大き過ぎます" -#: logsrvd/logsrvd.c:1378 -#, c-format -msgid "unable to set minimum protocol version to TLS 1.2: %s" -msgstr "プロトコルの最小バージョンを TLS 1.2 に設定できません: %s" +#: logsrvd/logsrvd.c:1084 logsrvd/logsrvd.c:1085 +msgid "invalid ClientMessage" +msgstr "無効な ClientMessage" -#: logsrvd/logsrvd.c:1563 +#: logsrvd/logsrvd.c:1386 msgid "unable to get remote IP addr" msgstr "リモートIPアドレスを取得できません" -#: logsrvd/logsrvd.c:1591 plugins/sudoers/log_client.c:263 +#: logsrvd/logsrvd.c:1415 logsrvd/tls_client.c:196 +#: plugins/sudoers/log_client.c:270 #, c-format msgid "Unable to attach user data to the ssl object: %s" msgstr "ユーザーデータをSSLオブジェクトに添付することができません: %s" -#: logsrvd/logsrvd.c:1599 logsrvd/logsrvd.c:1721 logsrvd/logsrvd.c:1823 -#: logsrvd/sendlog.c:1125 logsrvd/sendlog.c:1481 logsrvd/sendlog.c:1496 -#: logsrvd/sendlog.c:1554 plugins/sudoers/iolog.c:956 -#: plugins/sudoers/iolog.c:1089 plugins/sudoers/iolog.c:1187 -#: plugins/sudoers/log_client.c:109 plugins/sudoers/log_client.c:324 -#: plugins/sudoers/log_client.c:340 plugins/sudoers/log_client.c:386 -#: plugins/sudoers/log_client.c:587 plugins/sudoers/log_client.c:594 -#: plugins/sudoers/log_client.c:1103 plugins/sudoers/log_client.c:1376 -#: plugins/sudoers/log_client.c:1417 plugins/sudoers/log_client.c:1425 -#: plugins/sudoers/log_client.c:1576 plugins/sudoers/log_client.c:1692 -#: plugins/sudoers/log_client.c:2007 plugins/sudoers/log_client.c:2015 -#: plugins/sudoers/sudoreplay.c:512 plugins/sudoers/sudoreplay.c:559 -#: plugins/sudoers/sudoreplay.c:791 plugins/sudoers/sudoreplay.c:903 -#: plugins/sudoers/sudoreplay.c:993 plugins/sudoers/sudoreplay.c:1008 -#: plugins/sudoers/sudoreplay.c:1015 plugins/sudoers/sudoreplay.c:1022 -#: plugins/sudoers/sudoreplay.c:1029 plugins/sudoers/sudoreplay.c:1036 -#: plugins/sudoers/sudoreplay.c:1163 -msgid "unable to add event to queue" -msgstr "イベントをキューに追加できません" - -#: logsrvd/logsrvd.c:1775 logsrvd/logsrvd.c:2011 -msgid "unable setup listen socket" +#: logsrvd/logsrvd.c:1596 logsrvd/logsrvd.c:1949 +msgid "unable to setup listen socket" msgstr "接続待ちソケットを準備できません" -#: logsrvd/logsrvd.c:1917 logsrvd/sendlog.c:124 +#: logsrvd/logsrvd.c:1713 #, c-format -msgid "" -"%s - send sudo I/O log to remote server\n" -"\n" -msgstr "" -"%s - sudo I/O ログをリモートサーバーに送ります\n" -"\n" +msgid "unexpected signal %d" +msgstr "予期しないシグナル %d" -#: logsrvd/logsrvd.c:1920 -msgid "" -"\n" -"Options:\n" -" -f, --file path to configuration file\n" -" -h --help display help message and exit\n" -" -n, --no-fork do not fork, run in the foreground\n" -" -R, --random-drop percent chance connections will drop\n" -" -V, --version display version information and exit\n" -msgstr "" -"\n" -"オプション:\n" -" -f, --file=sudoers sudoers ファイルの位置を指定する\n" -" -h, --help ヘルプメッセージを表示して終了する\n" -" -n, --no-fork フォークせずに、フォアグラウンドで実行する\n" -" -R, --random-drop 接続がドロップする確率(%)\n" -" -V, --version バージョン情報を表示して終了する\n" +#: logsrvd/logsrvd.c:1851 +msgid "sudo log server" +msgstr "Sudo ログサーバー" + +#: logsrvd/logsrvd.c:1853 logsrvd/sendlog.c:116 +msgid "Options:" +msgstr "オプション:" + +#: logsrvd/logsrvd.c:1855 +msgid "path to configuration file" +msgstr "設定ファイルのパス" + +#: logsrvd/logsrvd.c:1857 logsrvd/sendlog.c:118 +msgid "display help message and exit" +msgstr "ヘルプメッセージを表示して終了する" -#: logsrvd/logsrvd.c:1972 logsrvd/sendlog.c:1719 +#: logsrvd/logsrvd.c:1859 +msgid "do not fork, run in the foreground" +msgstr "フォークせずに、フォアグラウンドで実行する" + +#: logsrvd/logsrvd.c:1861 +msgid "percent chance connections will drop" +msgstr "接続が切れる割合(%)" + +#: logsrvd/logsrvd.c:1863 logsrvd/sendlog.c:148 +msgid "display version information and exit" +msgstr "バージョン情報を表示して終了する" + +#: logsrvd/logsrvd.c:1913 logsrvd/sendlog.c:1725 msgid "Protobuf-C version 1.3 or higher required" msgstr "Protobuf-C バージョン 1.3 以上が必要です" -#: logsrvd/logsrvd.c:1990 +#: logsrvd/logsrvd.c:1929 #, c-format msgid "invalid random drop value: %s" msgstr "無効な乱数ドロップ値です: %s" -#: logsrvd/logsrvd.c:1994 logsrvd/sendlog.c:1769 -#: plugins/sudoers/cvtsudoers.c:228 plugins/sudoers/sudoreplay.c:299 +#: logsrvd/logsrvd.c:1932 logsrvd/sendlog.c:1779 +#: plugins/sudoers/cvtsudoers.c:246 plugins/sudoers/sudoreplay.c:301 #: plugins/sudoers/visudo.c:177 #, c-format msgid "%s version %s\n" msgstr "%s バージョン %s\n" -#: logsrvd/logsrvd_conf.c:331 +#: logsrvd/logsrvd_conf.c:390 plugins/sudoers/check.c:336 +#: plugins/sudoers/exptilde.c:85 plugins/sudoers/iolog.c:118 +#: plugins/sudoers/policy.c:1214 plugins/sudoers/sudoers.c:486 +#: plugins/sudoers/sudoers.c:1347 plugins/sudoers/testsudoers.c:215 +#: plugins/sudoers/testsudoers.c:382 +#, c-format +msgid "unknown user %s" +msgstr "不明なユーザー %s" + +#: logsrvd/logsrvd_conf.c:407 plugins/sudoers/iolog.c:143 +#: plugins/sudoers/sudoers.c:491 plugins/sudoers/sudoers.c:1381 +#: plugins/sudoers/testsudoers.c:406 +#, c-format +msgid "unknown group %s" +msgstr "不明なグループ %s" + +#: logsrvd/logsrvd_conf.c:425 +#, c-format +msgid "unable to parse iolog mode %s" +msgstr "iolog モード %s を解析できません" + +#: logsrvd/logsrvd_conf.c:442 logsrvd/logsrvd_conf.c:1171 +#, c-format +msgid "invalid value for %s: %s" +msgstr "%s には無効な値: %s" + +#: logsrvd/logsrvd_conf.c:481 msgid "TLS not supported" msgstr "TLS がサポートされていません" -#: logsrvd/logsrvd_conf.c:343 +#: logsrvd/logsrvd_conf.c:503 #, c-format msgid "%s:%s" msgstr "%s:%s" -#: logsrvd/logsrvd_conf.c:409 logsrvd/logsrvd_conf.c:653 +#: logsrvd/logsrvd_conf.c:576 logsrvd/logsrvd_conf.c:970 #, c-format msgid "%s: not a fully qualified path" msgstr "%s: 完全修飾パスではありません" -#: logsrvd/logsrvd_conf.c:767 +#: logsrvd/logsrvd_conf.c:888 logsrvd/logsrvd_conf.c:904 +#: logsrvd/logsrvd_conf.c:1586 +#, c-format +msgid "unknown syslog facility %s" +msgstr "未知の syslog ファシリティ %s" + +#: logsrvd/logsrvd_conf.c:920 logsrvd/logsrvd_conf.c:936 +#: logsrvd/logsrvd_conf.c:952 logsrvd/logsrvd_conf.c:1590 +#: logsrvd/logsrvd_conf.c:1594 logsrvd/logsrvd_conf.c:1598 +#, c-format +msgid "unknown syslog priority %s" +msgstr "未知の syslog プライオリティ %s" + +#: logsrvd/logsrvd_conf.c:1132 #, c-format msgid "%s:%d unmatched '[': %s" msgstr "%s:%d 対応しない '[': %s" -#: logsrvd/logsrvd_conf.c:778 +#: logsrvd/logsrvd_conf.c:1143 #, c-format msgid "%s:%d invalid config section: %s" msgstr "%s:%d 無効な config セクション: %s" -#: logsrvd/logsrvd_conf.c:786 +#: logsrvd/logsrvd_conf.c:1151 #, c-format msgid "%s:%d invalid configuration line: %s" msgstr "%s:%d 無効な設定の行: %s" -#: logsrvd/logsrvd_conf.c:792 +#: logsrvd/logsrvd_conf.c:1157 #, c-format msgid "%s:%d expected section name: %s" msgstr "%s:%d セクション名が必要です: %s" -#: logsrvd/logsrvd_conf.c:806 +#: logsrvd/logsrvd_conf.c:1179 #, c-format -msgid "invalid value for %s: %s" -msgstr "%s には無効な値: %s" +msgid "%s:%d [%s] illegal key: %s" +msgstr "%s:%d [%s] 適合しないキー: %s" -#: logsrvd/logsrvd_conf.c:814 +#: logsrvd/logsrvd_conf.c:1209 plugins/sudoers/cvtsudoers.c:268 +#: plugins/sudoers/logging.c:856 #, c-format -msgid "%s:%d unknown key: %s" -msgstr "%s:%d 未知の鍵: %s" +msgid "unable to open log file %s" +msgstr "ログファイル %s を開けません" + +#: logsrvd/logsrvd_conf.c:1666 +msgid "unable to initialize server TLS context" +msgstr "サーバーTLSコンテキストを初期化できません" + +#: logsrvd/logsrvd_conf.c:1686 +msgid "unable to initialize relay TLS context" +msgstr "リレーTLSコンテキストを初期化できません" -#: logsrvd/logsrvd_conf.c:1003 +#: logsrvd/logsrvd_journal.c:136 logsrvd/logsrvd_journal.c:416 +#: logsrvd/logsrvd_journal.c:421 +msgid "unable to create journal file" +msgstr "ジャーナルファイルを作成できません" + +#: logsrvd/logsrvd_journal.c:140 logsrvd/logsrvd_queue.c:104 +#: plugins/sudoers/visudo.c:1007 #, c-format -msgid "unknown syslog facility %s" -msgstr "未知の syslog ファシリティ %s" +msgid "unable to lock %s" +msgstr "%s をロックできません" + +#: logsrvd/logsrvd_journal.c:143 +msgid "unable to lock journal file" +msgstr "ジャーナルファイルをロックできません" + +#: logsrvd/logsrvd_journal.c:151 +msgid "unable to open journal file" +msgstr "ジャーナルファイルを開けません" + +#: logsrvd/logsrvd_journal.c:172 logsrvd/logsrvd_journal.c:452 +#: logsrvd/logsrvd_journal.c:457 +msgid "unable to write journal file" +msgstr "ジャーナルファイルへ書き込むことができません" + +#: logsrvd/logsrvd_journal.c:180 logsrvd/logsrvd_journal.c:187 +msgid "unable to rename journal file" +msgstr "ジャーナルファイルの名前を変更できません" + +#: logsrvd/logsrvd_journal.c:234 logsrvd/logsrvd_journal.c:235 +#: logsrvd/logsrvd_journal.c:269 logsrvd/logsrvd_journal.c:270 +msgid "unexpected EOF reading journal file" +msgstr "ジャーナルファイルの予期せぬところにEOF" + +#: logsrvd/logsrvd_journal.c:238 logsrvd/logsrvd_journal.c:239 +#: logsrvd/logsrvd_journal.c:273 logsrvd/logsrvd_journal.c:274 +msgid "error reading journal file" +msgstr "ジャーナルファイルの読み込みエラー" + +#: logsrvd/logsrvd_journal.c:285 logsrvd/logsrvd_journal.c:376 +msgid "invalid journal file, unable to restart" +msgstr "無効なジャーナルファイル、再スタートできません" -#: logsrvd/logsrvd_conf.c:1007 logsrvd/logsrvd_conf.c:1011 -#: logsrvd/logsrvd_conf.c:1015 +#: logsrvd/logsrvd_journal.c:435 #, c-format -msgid "unknown syslog priority %s" -msgstr "未知の syslog プライオリティ %s" +msgid "unable to seek to [%lld, %ld] in journal file %s" +msgstr "[%lld, %ld] が見つかりません、 ジャーナルファイル %s で探索中" -#: logsrvd/sendlog.c:127 -msgid "" -"\n" -"Options:\n" -" --help display help message and exit\n" -" -A, --accept only send an accept event (no I/O)\n" -" -h, --host host to send logs to\n" -" -i, --iolog_id remote ID of I/O log to be resumed\n" -" -p, --port port to use when connecting to host\n" -" -r, --restart restart previous I/O log transfer\n" -" -R, --reject reject the command with the given reason\n" -" -b, --ca-bundle certificate bundle file to verify server's cert against\n" -" -c, --cert certificate file for TLS handshake\n" -" -k, --key private key file\n" -" -n, --no-verify do not verify server certificate\n" -" -t, --test test audit server by sending selected I/O log n times in parallel\n" -" -V, --version display version information and exit\n" -msgstr "" -"\n" -"オプション:\n" -" --help ヘルプメッセージを表示して終了する\n" -" -A, --accept 受け取りイベントのみを送る (I/O なし)\n" -" -h, --host ログの送り先とするホスト\n" -" -i, --iolog_id 復元するI/O ログのリモート ID \n" -" -p, --port ホストに接続するのに使用するポート\n" -" -r, --restart 以前の I/O ログ転送を再開する\n" -" -R, --reject 与えられた理由によりコマンドを拒否する\n" -" -b, --ca-bundle サーバーの証明書を検証するために突き合わせる証明書バンドルファイル\n" -" -c, --cert TLSハンドシェイクのための証明書ファイル\n" -" -k, --key 秘密鍵ファイル\n" -" -n, --no-verify サーバーの証明書を検証しない\n" -" -t, --test 選んだ I/O ログを n 重に並列送信することで監査サーバーを試験する\n" -" -V, --version バージョン情報を表示して終了する\n" +#: logsrvd/logsrvd_local.c:153 +msgid "error parsing AcceptMessage" +msgstr "AcceptMessage の解析中にエラー" + +#: logsrvd/logsrvd_local.c:164 +msgid "error creating I/O log" +msgstr "I/O ログの作成でエラー" + +#: logsrvd/logsrvd_local.c:187 +msgid "error logging accept event" +msgstr "accept イベントのログ記録でエラー" + +#: logsrvd/logsrvd_local.c:226 +msgid "error parsing RejectMessage" +msgstr "RejectMessage の解析でエラー" + +#: logsrvd/logsrvd_local.c:250 +msgid "error logging reject event" +msgstr "reject イベントのログ記録でエラー" + +#: logsrvd/logsrvd_local.c:386 logsrvd/logsrvd_local.c:394 +msgid "error logging exit event" +msgstr "exit イベントのログ記録でエラー" + +#: logsrvd/logsrvd_local.c:451 logsrvd/logsrvd_local.c:452 +msgid "log is already complete, cannot be restarted" +msgstr "ログは完了しているので、再開できません" + +#: logsrvd/logsrvd_local.c:482 +msgid "unable to restart log" +msgstr "ログを再開できません" + +#: logsrvd/logsrvd_local.c:498 +msgid "error parsing AlertMessage" +msgstr "AlertMessage の解析中にエラー" + +#: logsrvd/logsrvd_local.c:508 +msgid "error logging alert event" +msgstr "alert イベントのログ記録でエラー" + +#: logsrvd/logsrvd_local.c:543 logsrvd/logsrvd_local.c:596 +#: logsrvd/logsrvd_local.c:631 +#, c-format +msgid "unable to format timing buffer, length %d" +msgstr "タイミングバッファーを書式整形できません、長さ %d" + +#: logsrvd/logsrvd_local.c:550 logsrvd/logsrvd_local.c:558 +#: logsrvd/logsrvd_local.c:603 logsrvd/logsrvd_local.c:638 +#: plugins/sudoers/sudoreplay.c:351 +#, c-format +msgid "%s/%s: %s" +msgstr "%s/%s: %s" + +#: logsrvd/logsrvd_local.c:578 +msgid "error writing IoBuffer" +msgstr "IoBuffer の書き込みでエラー" + +#: logsrvd/logsrvd_local.c:613 +msgid "error writing ChangeWindowSize" +msgstr "ChangeWindowSize の書き込みでエラー" + +#: logsrvd/logsrvd_local.c:648 +msgid "error writing CommandSuspend" +msgstr "CommandSuspend の書き込みでエラー" + +#: logsrvd/logsrvd_relay.c:430 +msgid "TLS handshake with relay host failed" +msgstr "リレーホストへのTLS ハンドシェイクが失敗" + +#: logsrvd/logsrvd_relay.c:458 +msgid "unable to connect to relay host" +msgstr "リレーホストに接続できません" -#: logsrvd/sendlog.c:164 plugins/sudoers/log_client.c:432 +#: logsrvd/logsrvd_relay.c:513 +#, c-format +msgid "%s: invalid ServerHello, missing server_id" +msgstr "%s: 無効な ServerHello です、server_id がありません" + +#: logsrvd/logsrvd_relay.c:515 logsrvd/sendlog.c:1121 +#: plugins/sudoers/log_client.c:1497 +msgid "invalid ServerHello" +msgstr "無効な ServerHello です" + +#: logsrvd/logsrvd_relay.c:674 +msgid "unrecognized ServerMessage type" +msgstr "認識できない ServerMessage のタイプです" + +#: logsrvd/logsrvd_relay.c:703 +#, c-format +msgid "timed out reading from relay %s (%s)" +msgstr "リレー %s (%s) からの読み込みがタイムアウト" + +#: logsrvd/logsrvd_relay.c:705 +msgid "timeout reading from relay" +msgstr "リレーからの読み込みがタイムアウト" + +#: logsrvd/logsrvd_relay.c:757 +msgid "relay host name does not match certificate" +msgstr "リレーホスト名が証明書と一致しません" + +#: logsrvd/logsrvd_relay.c:763 logsrvd/logsrvd_relay.c:776 +#: logsrvd/logsrvd_relay.c:782 +msgid "error reading from relay" +msgstr "リレーからの読み込みでエラー" + +#: logsrvd/logsrvd_relay.c:803 +msgid "unable to read from relay" +msgstr "リレーから読み込めません" + +#: logsrvd/logsrvd_relay.c:818 logsrvd/logsrvd_relay.c:936 +msgid "relay server closed connection" +msgstr "リレーサーバーが接続を閉じました" + +#: logsrvd/logsrvd_relay.c:836 +msgid "server message too large" +msgstr "サーバーメッセージが大き過ぎます" + +#: logsrvd/logsrvd_relay.c:900 +#, c-format +msgid "timed out writing to relay %s (%s)" +msgstr "リレー %s (%s) への書き込みがタイムアウト" + +#: logsrvd/logsrvd_relay.c:902 +msgid "timeout writing to relay" +msgstr "リレーへの書き込みがタイムアウト" + +#: logsrvd/logsrvd_relay.c:955 logsrvd/logsrvd_relay.c:961 +#: logsrvd/logsrvd_relay.c:971 +msgid "error writing to relay" +msgstr "リレーへの書き込みでエラー" + +#: logsrvd/sendlog.c:114 +msgid "send sudo I/O log to remote server" +msgstr "sudo I/O ログをリモートサーバーに送る" + +#: logsrvd/sendlog.c:120 +msgid "only send an accept event (no I/O)" +msgstr "受け取りイベントのみを送る (I/O なし)" + +#: logsrvd/sendlog.c:123 +msgid "certificate bundle file to verify server's cert against" +msgstr "サーバーの証明書を検証するために突き合わせる証明書バンドルファイル" + +#: logsrvd/sendlog.c:125 +msgid "certificate file for TLS handshake" +msgstr "TLSハンドシェイクのための証明書ファイル" + +#: logsrvd/sendlog.c:128 +msgid "host to send logs to" +msgstr "ログの送り先とするホスト" + +#: logsrvd/sendlog.c:130 +msgid "remote ID of I/O log to be resumed" +msgstr "復元するI/O ログのリモート ID" + +#: logsrvd/sendlog.c:133 +msgid "private key file" +msgstr "プライベート鍵ファイル" + +#: logsrvd/sendlog.c:135 +msgid "do not verify server certificate" +msgstr "サーバーの証明書を検証しない" + +#: logsrvd/sendlog.c:138 +msgid "port to use when connecting to host" +msgstr "ホストに接続するのに使用するポート" + +#: logsrvd/sendlog.c:140 +msgid "restart previous I/O log transfer" +msgstr "以前の I/O ログ転送を再開する" + +#: logsrvd/sendlog.c:142 +msgid "reject the command with the given reason" +msgstr "与えられた理由によりコマンドを拒否する" + +#: logsrvd/sendlog.c:144 +msgid "stop transfer after reaching this time" +msgstr "この時間になったら転送を止める" + +#: logsrvd/sendlog.c:146 +msgid "test audit server by sending selected I/O log n times in parallel" +msgstr "選んだ I/O ログを n 重に並列送信することで監査サーバーを試験する" + +#: logsrvd/sendlog.c:171 plugins/sudoers/log_client.c:441 #, c-format msgid "unable to look up %s:%s: %s" msgstr "警告: %s:%s を参照できません: %s" -#: logsrvd/sendlog.c:202 +#: logsrvd/sendlog.c:209 msgid "unable to get server IP addr" msgstr "サーバーのIPアドレスを取得できません" -#: logsrvd/sendlog.c:256 plugins/sudoers/sudoreplay.c:851 +#: logsrvd/sendlog.c:295 plugins/sudoers/sudoreplay.c:871 #, c-format msgid "unable to read %s/%s: %s" msgstr "%s/%s から読み込むことができません: %s" -#: logsrvd/sendlog.c:277 plugins/sudoers/log_client.c:694 -#, c-format -msgid "client message too large: %zu" -msgstr "クライアントメッセージが大き過ぎます: %zu" - -#: logsrvd/sendlog.c:810 -#, c-format -msgid "%s: write buffer already in use" -msgstr "%s: 書き込みバッファは使用中です" - -#: logsrvd/sendlog.c:862 plugins/sudoers/iolog.c:880 -#: plugins/sudoers/iolog.c:949 +#: logsrvd/sendlog.c:1045 plugins/sudoers/iolog.c:887 +#: plugins/sudoers/iolog.c:956 #, c-format msgid "unexpected I/O event %d" msgstr "予期しない I/O イベント %d" -#: logsrvd/sendlog.c:908 logsrvd/sendlog.c:925 logsrvd/sendlog.c:959 -#: plugins/sudoers/log_client.c:1118 plugins/sudoers/log_client.c:1386 -#: plugins/sudoers/log_client.c:1454 plugins/sudoers/log_client.c:1490 +#: logsrvd/sendlog.c:1098 logsrvd/sendlog.c:1115 logsrvd/sendlog.c:1149 +#: plugins/sudoers/log_client.c:1146 plugins/sudoers/log_client.c:1423 +#: plugins/sudoers/log_client.c:1491 plugins/sudoers/log_client.c:1530 #, c-format msgid "%s: unexpected state %d" msgstr "%s: 予期しない状態 %d" -#: logsrvd/sendlog.c:931 plugins/sudoers/log_client.c:1460 -msgid "invalid ServerHello" -msgstr "無効な ServerHello です" - -#: logsrvd/sendlog.c:995 plugins/sudoers/log_client.c:1534 +#: logsrvd/sendlog.c:1185 plugins/sudoers/log_client.c:1576 #, c-format msgid "error message received from server: %s" msgstr "サーバからエラーメッセージを受け取りました: %s" -#: logsrvd/sendlog.c:1008 plugins/sudoers/log_client.c:1547 +#: logsrvd/sendlog.c:1198 plugins/sudoers/log_client.c:1589 #, c-format msgid "abort message received from server: %s" msgstr "サーバから中断メッセージを受け取りました: %s" -#: logsrvd/sendlog.c:1027 plugins/sudoers/log_client.c:1566 -msgid "unable to unpack ServerMessage" -msgstr "ServerMessage を展開できません" - -#: logsrvd/sendlog.c:1067 plugins/sudoers/log_client.c:1597 +#: logsrvd/sendlog.c:1257 plugins/sudoers/log_client.c:1639 #, c-format msgid "%s: unexpected type_case value %d" msgstr "%s: 予期しない type_case の値 %d" -#: logsrvd/sendlog.c:1096 +#: logsrvd/sendlog.c:1286 msgid "timeout reading from server" msgstr "サーバーからの読み込みがタイムアウト" -#: logsrvd/sendlog.c:1174 +#: logsrvd/sendlog.c:1368 msgid "premature EOF" msgstr "早すぎるファイル終端 (EOF)" -#: logsrvd/sendlog.c:1187 plugins/sudoers/log_client.c:1751 +#: logsrvd/sendlog.c:1381 plugins/sudoers/log_client.c:1800 #, c-format msgid "server message too large: %u" msgstr "サーバーメッセージが大き過ぎます: %u" -#: logsrvd/sendlog.c:1238 +#: logsrvd/sendlog.c:1437 msgid "timeout writing to server" msgstr "サーバーへの書き込みがタイムアウト" -#: logsrvd/sendlog.c:1457 plugins/sudoers/log_client.c:296 +#: logsrvd/sendlog.c:1802 +msgid "both restart point and iolog ID must be specified" +msgstr "再開するポイントとIOログIDを指定する必要があります" + +#: logsrvd/sendlog.c:1806 +msgid "a restart point may not be set when no I/O is sent" +msgstr "I/Oが送られない場合は再開するポイントを設定できません" + +#: logsrvd/sendlog.c:1882 +#, c-format +msgid "exited prematurely with state %d" +msgstr "ステータス %d で予期せぬ終了をしました" + +#: logsrvd/sendlog.c:1883 +#, c-format +msgid "elapsed time sent to server [%lld, %ld]" +msgstr "サーバーに送られた経過時間 [%lld, %ld]" + +#: logsrvd/sendlog.c:1885 +#, c-format +msgid "commit point received from server [%lld, %ld]" +msgstr "サーバーから受け取ったコミットポイント [%lld, %ld]" + +#: logsrvd/tls_client.c:106 plugins/sudoers/log_client.c:304 msgid "TLS handshake timeout occurred" msgstr "TLS ハンドシェイクでタイムアウトが発生" -#: logsrvd/sendlog.c:1476 logsrvd/sendlog.c:1491 -#: plugins/sudoers/log_client.c:318 plugins/sudoers/log_client.c:334 +#: logsrvd/tls_client.c:126 logsrvd/tls_client.c:142 +#: plugins/sudoers/log_client.c:326 plugins/sudoers/log_client.c:342 msgid "unable to set event" msgstr "イベントを設定できません" -#: logsrvd/sendlog.c:1501 logsrvd/sendlog.c:1505 +#: logsrvd/tls_client.c:152 logsrvd/tls_client.c:156 #, c-format msgid "TLS connection failed: %s" msgstr "TLS接続に失敗しました: %s" -#: logsrvd/sendlog.c:1538 +#: logsrvd/tls_client.c:190 #, c-format -msgid "Unable to initialize ssl context: %s" -msgstr "SSL コンテキストを初期化できません: %s" - -#: logsrvd/sendlog.c:1543 plugins/sudoers/log_client.c:258 -#, c-format -msgid "Unable to allocate ssl object: %s" +msgid "unable to allocate ssl object: %s" msgstr "SSLオブジェクトを割り当てることができません: %s" -#: logsrvd/sendlog.c:1548 +#: logsrvd/tls_client.c:203 #, c-format msgid "Unable to attach socket to the ssl object: %s" msgstr "ソケットをSSLオブジェクトに取り付けることができません: %s" -#: logsrvd/sendlog.c:1792 -msgid "both restart point and iolog ID must be specified" -msgstr "再開するポイントとIOログIDを指定する必要があります" +#: logsrvd/tls_client.c:231 +msgid "unable to initialize TLS context" +msgstr "TLS コンテキストを初期化できません" -#: logsrvd/sendlog.c:1796 -msgid "a restart point may not be set when no I/O is sent" -msgstr "I/Oが送られない場合は再開するポイントを設定できません" +#: logsrvd/tls_init.c:127 logsrvd/tls_init.c:135 +#, c-format +msgid "unable to set TLS 1.2 ciphersuite to %s: %s" +msgstr "TLS 1.2 暗号化スイートを %s に設定できません: %s" -#: logsrvd/sendlog.c:1871 +#: logsrvd/tls_init.c:155 logsrvd/tls_init.c:163 #, c-format -msgid "exited prematurely with state %d" -msgstr "ステータス %d で予期せぬ終了をしました" +msgid "unable to set TLS 1.3 ciphersuite to %s: %s" +msgstr "TLS 1.3 暗号化スイートを %s に設定できません: %s" -#: logsrvd/sendlog.c:1872 +#: logsrvd/tls_init.c:195 logsrvd/tls_init.c:216 #, c-format -msgid "elapsed time sent to server [%lld, %ld]" -msgstr "サーバーに送られた経過時間 [%lld, %ld]" +msgid "unable to set diffie-hellman parameters: %s" +msgstr "ディフィー・ヘルマン パラメーターを設定できません: %s" -#: logsrvd/sendlog.c:1874 +#: logsrvd/tls_init.c:272 #, c-format -msgid "commit point received from server [%lld, %ld]" -msgstr "サーバーから受け取ったコミットポイント [%lld, %ld]" +msgid "unable to create TLS context: %s" +msgstr "TLS コンテキストを作成できません: %s" -#: plugins/sudoers/alias.c:148 +#: logsrvd/tls_init.c:278 #, c-format -msgid "Alias \"%s\" already defined" -msgstr "別名 \"%s\" はすでに定義されています" +msgid "unable to set minimum protocol version to TLS 1.2: %s" +msgstr "プロトコルの最小バージョンを TLS 1.2 に設定できません: %s" -#: plugins/sudoers/audit.c:206 plugins/sudoers/audit.c:343 -#: plugins/sudoers/log_client.c:954 plugins/sudoers/log_client.c:1002 -#: plugins/sudoers/log_client.c:1050 plugins/sudoers/log_client.c:1175 -#: plugins/sudoers/logging.c:548 plugins/sudoers/policy.c:114 +#: plugins/sudoers/audit.c:267 plugins/sudoers/audit.c:419 +#: plugins/sudoers/log_client.c:979 plugins/sudoers/log_client.c:1028 +#: plugins/sudoers/log_client.c:1077 plugins/sudoers/log_client.c:1203 +#: plugins/sudoers/logging.c:551 plugins/sudoers/logging.c:648 +#: plugins/sudoers/logging.c:810 plugins/sudoers/policy.c:123 msgid "unable to get time of day" msgstr "時刻を取得できません" @@ -914,45 +1344,45 @@ msgid "unable to change password for %s" msgstr "%s のパスワードを変更できません" -#: plugins/sudoers/auth/bsdauth.c:70 +#: plugins/sudoers/auth/bsdauth.c:74 #, c-format msgid "unable to get login class for user %s" msgstr "ユーザー%s のログインクラスを得ることができません" -#: plugins/sudoers/auth/bsdauth.c:75 +#: plugins/sudoers/auth/bsdauth.c:79 msgid "unable to begin bsd authentication" msgstr "BSD 認証を開始できません" -#: plugins/sudoers/auth/bsdauth.c:83 +#: plugins/sudoers/auth/bsdauth.c:87 msgid "invalid authentication type" msgstr "無効な認証タイプです" -#: plugins/sudoers/auth/bsdauth.c:92 +#: plugins/sudoers/auth/bsdauth.c:96 msgid "unable to initialize BSD authentication" msgstr "BSD 認証を開始できません" -#: plugins/sudoers/auth/bsdauth.c:179 +#: plugins/sudoers/auth/bsdauth.c:183 msgid "your account has expired" msgstr "あなたのアカウントの有効期限が切れています" -#: plugins/sudoers/auth/bsdauth.c:181 +#: plugins/sudoers/auth/bsdauth.c:185 msgid "approval failed" msgstr "認証に失敗しました" -#: plugins/sudoers/auth/fwtk.c:54 +#: plugins/sudoers/auth/fwtk.c:58 msgid "unable to read fwtk config" msgstr "fwtk 設定を読み込めません" -#: plugins/sudoers/auth/fwtk.c:59 +#: plugins/sudoers/auth/fwtk.c:63 msgid "unable to connect to authentication server" msgstr "認証サーバーに接続できません" -#: plugins/sudoers/auth/fwtk.c:65 plugins/sudoers/auth/fwtk.c:89 -#: plugins/sudoers/auth/fwtk.c:121 +#: plugins/sudoers/auth/fwtk.c:69 plugins/sudoers/auth/fwtk.c:94 +#: plugins/sudoers/auth/fwtk.c:126 msgid "lost connection to authentication server" msgstr "認証サーバーへの接続が失われました" -#: plugins/sudoers/auth/fwtk.c:69 +#: plugins/sudoers/auth/fwtk.c:73 #, c-format msgid "" "authentication server error:\n" @@ -966,83 +1396,83 @@ msgid "%s: unable to convert principal to string ('%s'): %s" msgstr "%s: プリンシパルを文字列('%s')に変換できません: %s" -#: plugins/sudoers/auth/kerb5.c:160 +#: plugins/sudoers/auth/kerb5.c:162 #, c-format msgid "%s: unable to parse '%s': %s" msgstr "%s: '%s' を構文解析できません: %s" -#: plugins/sudoers/auth/kerb5.c:169 +#: plugins/sudoers/auth/kerb5.c:171 #, c-format msgid "%s: unable to resolve credential cache: %s" msgstr "%s: 資格情報キャッシュ を解決できません: %s" -#: plugins/sudoers/auth/kerb5.c:216 +#: plugins/sudoers/auth/kerb5.c:220 #, c-format msgid "%s: unable to allocate options: %s" msgstr "%s: オプションを設定できません: %s" -#: plugins/sudoers/auth/kerb5.c:231 +#: plugins/sudoers/auth/kerb5.c:235 #, c-format msgid "%s: unable to get credentials: %s" msgstr "%s: 資格情報を取得できません: %s" -#: plugins/sudoers/auth/kerb5.c:244 +#: plugins/sudoers/auth/kerb5.c:248 #, c-format msgid "%s: unable to initialize credential cache: %s" msgstr "%s: 資格情報キャッシュ を初期化できません: %s" -#: plugins/sudoers/auth/kerb5.c:247 +#: plugins/sudoers/auth/kerb5.c:251 #, c-format msgid "%s: unable to store credential in cache: %s" msgstr "%s: 資格情報をキャッシュできません: %s" -#: plugins/sudoers/auth/kerb5.c:311 +#: plugins/sudoers/auth/kerb5.c:315 #, c-format msgid "%s: unable to get host principal: %s" msgstr "%s: ホストプリンシパルを取得できません: %s" -#: plugins/sudoers/auth/kerb5.c:325 +#: plugins/sudoers/auth/kerb5.c:329 #, c-format msgid "%s: Cannot verify TGT! Possible attack!: %s" msgstr "%s: TGT を検証できません! おそらく攻撃です!: %s" -#: plugins/sudoers/auth/pam.c:218 +#: plugins/sudoers/auth/pam.c:216 #, c-format msgid "unable to initialize PAM: %s" msgstr "PAM を初期化できません: %s" -#: plugins/sudoers/auth/pam.c:317 +#: plugins/sudoers/auth/pam.c:338 #, c-format msgid "PAM authentication error: %s" msgstr "PAM 認証エラーです: %s" -#: plugins/sudoers/auth/pam.c:336 +#: plugins/sudoers/auth/pam.c:357 msgid "account validation failure, is your account locked?" msgstr "アカウントの有効性検証に失敗しました。あなたのアカウントはロックされていませんか?" -#: plugins/sudoers/auth/pam.c:347 +#: plugins/sudoers/auth/pam.c:368 msgid "Account or password is expired, reset your password and try again" msgstr "アカウントまたはパスワードが期限切れです。パスワードをリセットして再試行してください" -#: plugins/sudoers/auth/pam.c:353 +#: plugins/sudoers/auth/pam.c:374 #, c-format msgid "unable to change expired password: %s" msgstr "期限の切れたパスワードを変更できません: %s" -#: plugins/sudoers/auth/pam.c:364 +#: plugins/sudoers/auth/pam.c:385 msgid "Password expired, contact your system administrator" msgstr "パスワードが期限切れです。システム管理者に連絡してください" -#: plugins/sudoers/auth/pam.c:369 +#: plugins/sudoers/auth/pam.c:390 msgid "Account expired or PAM config lacks an \"account\" section for sudo, contact your system administrator" msgstr "アカウントの期限切れ、または sudo 用の PAM 設定に \"account\" セクションがありません。システム管理者に連絡してください" -#: plugins/sudoers/auth/pam.c:377 plugins/sudoers/auth/pam.c:382 +#: plugins/sudoers/auth/pam.c:398 plugins/sudoers/auth/pam.c:403 #, c-format msgid "PAM account management error: %s" msgstr "PAM アカウント管理エラーです: %s" -#: plugins/sudoers/auth/rfc1938.c:99 plugins/sudoers/visudo.c:243 +#: plugins/sudoers/auth/rfc1938.c:99 plugins/sudoers/visudo.c:255 #, c-format msgid "you do not exist in the %s database" msgstr "あなたは %s データベース内に存在しません" @@ -1051,31 +1481,31 @@ msgid "failed to initialise the ACE API library" msgstr "ACE API ライブラリの初期化に失敗しました" -#: plugins/sudoers/auth/securid5.c:98 +#: plugins/sudoers/auth/securid5.c:103 msgid "unable to contact the SecurID server" msgstr "SecurID サーバーに接続できません" -#: plugins/sudoers/auth/securid5.c:107 +#: plugins/sudoers/auth/securid5.c:112 msgid "User ID locked for SecurID Authentication" msgstr "SecurID 認証のユーザーIDがロックされています" -#: plugins/sudoers/auth/securid5.c:111 plugins/sudoers/auth/securid5.c:162 +#: plugins/sudoers/auth/securid5.c:116 plugins/sudoers/auth/securid5.c:167 msgid "invalid username length for SecurID" msgstr "SecurID 用のユーザー名の長さが無効です" -#: plugins/sudoers/auth/securid5.c:115 plugins/sudoers/auth/securid5.c:167 +#: plugins/sudoers/auth/securid5.c:120 plugins/sudoers/auth/securid5.c:172 msgid "invalid Authentication Handle for SecurID" msgstr "SecurID 用の認証ハンドルが無効です" -#: plugins/sudoers/auth/securid5.c:119 +#: plugins/sudoers/auth/securid5.c:124 msgid "SecurID communication failed" msgstr "SecurID 通信に失敗しました" -#: plugins/sudoers/auth/securid5.c:123 plugins/sudoers/auth/securid5.c:210 +#: plugins/sudoers/auth/securid5.c:128 plugins/sudoers/auth/securid5.c:215 msgid "unknown SecurID error" msgstr "不明な SecurID エラーです" -#: plugins/sudoers/auth/securid5.c:157 +#: plugins/sudoers/auth/securid5.c:162 msgid "invalid passcode length for SecurID" msgstr "SecurID 用のパスコード長が無効です" @@ -1115,7 +1545,17 @@ msgid "unable to commit audit record" msgstr "監査レコードをコミットできません" -#: plugins/sudoers/check.c:258 +#: plugins/sudoers/check.c:264 +#, c-format +msgid "error reading lecture file %s" +msgstr "講義ファイル %s の読み込みエラー" + +#: plugins/sudoers/check.c:270 +#, c-format +msgid "ignoring lecture file %s: not a regular file" +msgstr "講義ファイル %s を無視します: 通常ファイルではありません" + +#: plugins/sudoers/check.c:283 msgid "" "\n" "We trust you have received the usual lecture from the local System\n" @@ -1135,118 +1575,122 @@ " #3) 大いなる力には大いなる責任が伴うこと。\n" "\n" -#: plugins/sudoers/check.c:301 plugins/sudoers/check.c:311 -#: plugins/sudoers/sudoers.c:837 plugins/sudoers/sudoers.c:858 +#: plugins/sudoers/check.c:331 plugins/sudoers/check.c:341 +#: plugins/sudoers/sudoers.c:885 plugins/sudoers/sudoers.c:906 #: plugins/sudoers/tsdump.c:119 #, c-format -msgid "unknown uid: %u" -msgstr "不明なユーザーID (uid) です: %u" +msgid "unknown uid %u" +msgstr "不明な uid %u" + +#: plugins/sudoers/check_aliases.c:92 +#, c-format +msgid "Error: %s:%d:%d: cycle in %s \"%s\"" +msgstr "エラー: %s:%d:%d: %s \"%s\" でエイリアス定義が循環しています" -#: plugins/sudoers/check.c:306 plugins/sudoers/exptilde.c:85 -#: plugins/sudoers/iolog.c:118 plugins/sudoers/policy.c:1088 -#: plugins/sudoers/sudoers.c:440 plugins/sudoers/sudoers.c:1307 -#: plugins/sudoers/testsudoers.c:219 plugins/sudoers/testsudoers.c:386 +#: plugins/sudoers/check_aliases.c:93 #, c-format -msgid "unknown user: %s" -msgstr "不明なユーザーです: %s" +msgid "Warning: %s:%d:%d: cycle in %s \"%s\"" +msgstr "警告: %s:%d:%d: %s \"%s\" でエイリアス定義が循環しています" -#: plugins/sudoers/cvtsudoers.c:194 +#: plugins/sudoers/check_aliases.c:97 +#, c-format +msgid "Error: %s:%d:%d: %s \"%s\" referenced but not defined" +msgstr "エラー: %s:%d:%d: %s \"%s\" は参照されているのに定義されていません" + +#: plugins/sudoers/check_aliases.c:98 +#, c-format +msgid "Warning: %s:%d:%d: %s \"%s\" referenced but not defined" +msgstr "警告: %s:%d:%d: %s \"%s\" は参照されているのに定義されていません" + +#: plugins/sudoers/cvtsudoers.c:209 #, c-format msgid "order increment: %s: %s" msgstr "order の増分: %s: %s" -#: plugins/sudoers/cvtsudoers.c:210 +#: plugins/sudoers/cvtsudoers.c:228 #, c-format msgid "starting order: %s: %s" msgstr "開始の order: %s: %s" -#: plugins/sudoers/cvtsudoers.c:220 +#: plugins/sudoers/cvtsudoers.c:238 #, c-format msgid "order padding: %s: %s" msgstr "order の増分: %s: %s" -#: plugins/sudoers/cvtsudoers.c:230 plugins/sudoers/visudo.c:179 +#: plugins/sudoers/cvtsudoers.c:248 plugins/sudoers/visudo.c:179 #, c-format msgid "%s grammar version %d\n" msgstr "%s 文法バージョン %d\n" -#: plugins/sudoers/cvtsudoers.c:247 plugins/sudoers/testsudoers.c:167 +#: plugins/sudoers/cvtsudoers.c:277 plugins/sudoers/testsudoers.c:159 #, c-format msgid "unsupported input format %s" msgstr "サポートされてない入力形式です %s" -#: plugins/sudoers/cvtsudoers.c:262 +#: plugins/sudoers/cvtsudoers.c:295 #, c-format msgid "unsupported output format %s" msgstr "サポートされてない出力形式です %s" -#: plugins/sudoers/cvtsudoers.c:314 +#: plugins/sudoers/cvtsudoers.c:385 #, c-format msgid "%s: input and output files must be different" msgstr "%s: 入力ファイルと出力ファイルは別である必要があります" -#: plugins/sudoers/cvtsudoers.c:330 plugins/sudoers/sudoers.c:178 -#: plugins/sudoers/testsudoers.c:258 plugins/sudoers/visudo.c:249 -#: plugins/sudoers/visudo.c:603 plugins/sudoers/visudo.c:926 +#: plugins/sudoers/cvtsudoers.c:399 plugins/sudoers/sudoers.c:159 +#: plugins/sudoers/sudoers.c:205 plugins/sudoers/testsudoers.c:254 +#: plugins/sudoers/visudo.c:261 plugins/sudoers/visudo.c:620 +#: plugins/sudoers/visudo.c:953 msgid "unable to initialize sudoers default values" msgstr "sudoers のデフォルト値を初期化できません" -#: plugins/sudoers/cvtsudoers.c:416 plugins/sudoers/ldap_conf.c:431 +#: plugins/sudoers/cvtsudoers.c:522 plugins/sudoers/ldap_conf.c:431 #, c-format msgid "%s: %s: %s: %s" msgstr "%s: %s: %s: %s" -#: plugins/sudoers/cvtsudoers.c:475 +#: plugins/sudoers/cvtsudoers.c:581 #, c-format -msgid "%s: unknown key word: %s" -msgstr "%s: 不明なキーワードです: %s" +msgid "%s: unknown key word %s" +msgstr "%s: 不明なキーワード %s" -#: plugins/sudoers/cvtsudoers.c:521 +#: plugins/sudoers/cvtsudoers.c:627 #, c-format msgid "invalid defaults type: %s" msgstr "無効なデフォルトの指定です: %s" -#: plugins/sudoers/cvtsudoers.c:544 +#: plugins/sudoers/cvtsudoers.c:650 #, c-format msgid "invalid suppression type: %s" msgstr "無効な抑制の指定です: %s" -#: plugins/sudoers/cvtsudoers.c:584 plugins/sudoers/cvtsudoers.c:598 +#: plugins/sudoers/cvtsudoers.c:691 plugins/sudoers/cvtsudoers.c:707 #, c-format msgid "invalid filter: %s" msgstr "無効なフィルターです: %s" -#: plugins/sudoers/cvtsudoers.c:617 plugins/sudoers/cvtsudoers.c:634 -#: plugins/sudoers/cvtsudoers.c:1244 plugins/sudoers/cvtsudoers_json.c:872 -#: plugins/sudoers/cvtsudoers_ldif.c:688 plugins/sudoers/sudoers.c:1053 -#: plugins/sudoers/sudoreplay.c:1435 plugins/sudoers/timestamp.c:441 -#: plugins/sudoers/tsdump.c:128 plugins/sudoers/visudo.c:922 -#, c-format -msgid "unable to open %s" -msgstr "%s を開けません" - -#: plugins/sudoers/cvtsudoers.c:637 plugins/sudoers/visudo.c:931 +#: plugins/sudoers/cvtsudoers.c:751 plugins/sudoers/visudo.c:958 #, c-format msgid "failed to parse %s file, unknown error" msgstr "%s ファイルの構文解析に失敗しました。不明なエラーです" -#: plugins/sudoers/cvtsudoers.c:645 +#: plugins/sudoers/cvtsudoers.c:759 #, c-format msgid "parse error in %s near line %d\n" msgstr "%s 内 %d 行付近で構文解析エラーが発生しました\n" -#: plugins/sudoers/cvtsudoers.c:648 +#: plugins/sudoers/cvtsudoers.c:762 #, c-format msgid "parse error in %s\n" msgstr "%s 内で構文解析エラーが発生しました\n" -#: plugins/sudoers/cvtsudoers.c:1291 plugins/sudoers/sudoreplay.c:1124 -#: plugins/sudoers/timestamp.c:325 plugins/sudoers/timestamp.c:328 +#: plugins/sudoers/cvtsudoers.c:1486 plugins/sudoers/sudoreplay.c:1145 +#: plugins/sudoers/timestamp.c:317 plugins/sudoers/timestamp.c:320 #, c-format msgid "unable to write to %s" msgstr "%s へ書き込むことができません" -#: plugins/sudoers/cvtsudoers.c:1314 +#: plugins/sudoers/cvtsudoers.c:1509 #, c-format msgid "" "%s - convert between sudoers file formats\n" @@ -1255,7 +1699,7 @@ "%s - sudoers ファイル形式間での変換を行う\n" "\n" -#: plugins/sudoers/cvtsudoers.c:1316 +#: plugins/sudoers/cvtsudoers.c:1511 msgid "" "\n" "Options:\n" @@ -1295,33 +1739,75 @@ " -s, --suppress=sections いくつかのセクションの出力を抑制する\n" " -V, --version バージョン情報を表示して終了する" -#: plugins/sudoers/cvtsudoers_json.c:480 plugins/sudoers/cvtsudoers_json.c:514 -#: plugins/sudoers/cvtsudoers_json.c:713 -#, c-format -msgid "unknown defaults entry \"%s\"" -msgstr "不明なデフォルト項目 \"%s\" です" - -#: plugins/sudoers/cvtsudoers_json.c:651 plugins/sudoers/cvtsudoers_json.c:664 -#: plugins/sudoers/cvtsudoers_ldif.c:346 plugins/sudoers/cvtsudoers_ldif.c:357 -#: plugins/sudoers/ldap.c:503 +#: plugins/sudoers/cvtsudoers_csv.c:452 plugins/sudoers/cvtsudoers_csv.c:466 +#: plugins/sudoers/cvtsudoers_json.c:654 plugins/sudoers/cvtsudoers_json.c:669 +#: plugins/sudoers/cvtsudoers_ldif.c:347 plugins/sudoers/cvtsudoers_ldif.c:360 +#: plugins/sudoers/ldap.c:504 msgid "unable to get GMT time" msgstr "GMT 時刻を取得できません" -#: plugins/sudoers/cvtsudoers_json.c:654 plugins/sudoers/cvtsudoers_json.c:667 -#: plugins/sudoers/cvtsudoers_ldif.c:349 plugins/sudoers/cvtsudoers_ldif.c:360 -#: plugins/sudoers/ldap.c:509 +#: plugins/sudoers/cvtsudoers_csv.c:457 plugins/sudoers/cvtsudoers_csv.c:471 +#: plugins/sudoers/cvtsudoers_json.c:659 plugins/sudoers/cvtsudoers_json.c:674 +#: plugins/sudoers/cvtsudoers_ldif.c:352 plugins/sudoers/cvtsudoers_ldif.c:365 +#: plugins/sudoers/ldap.c:512 msgid "unable to format timestamp" msgstr "タイムスタンプを書式整形できません" -#: plugins/sudoers/cvtsudoers_ldif.c:640 +#: plugins/sudoers/cvtsudoers_json.c:480 plugins/sudoers/cvtsudoers_json.c:515 +#: plugins/sudoers/cvtsudoers_json.c:725 plugins/sudoers/defaults.c:189 +#, c-format +msgid "%s:%d:%d: unknown defaults entry \"%s\"" +msgstr "%s:%d:%d: 未知のデフォルト項目 \"%s\" です" + +#: plugins/sudoers/cvtsudoers_ldif.c:649 #, c-format msgid "too many sudoers entries, maximum %u" msgstr "sudoers の項目が多すぎます、最大は %u です。" -#: plugins/sudoers/cvtsudoers_ldif.c:683 +#: plugins/sudoers/cvtsudoers_ldif.c:692 msgid "the SUDOERS_BASE environment variable is not set and the -b option was not specified." msgstr "SUDOERS_BASE 環境変数が設定されておらず -b オプションも指定されていません。" +#: plugins/sudoers/cvtsudoers_merge.c:438 +#, c-format +msgid "unable to find alias %s" +msgstr "エイリアス %s が見つかりません" + +#: plugins/sudoers/cvtsudoers_merge.c:441 +#, c-format +msgid "%s:%d:%d: renaming alias %s to %s" +msgstr "%s:%d:%d: エイリアスの名前 %s を %s に変更しています" + +#: plugins/sudoers/cvtsudoers_merge.c:498 +#, c-format +msgid "%s:%d:%d: removing duplicate alias %s" +msgstr "%s:%d:%d: 重複したエイリアス %s を削除しています" + +#: plugins/sudoers/cvtsudoers_merge.c:658 +#, c-format +msgid "%s:%d:%d: conflicting Defaults entry \"%s\" host-specific in %s:%d:%d" +msgstr "%s:%d:%d: Defaults のエントリー \"%s\" が %s:%d:%d にある ホスト特定指定sと衝突しています" + +#: plugins/sudoers/cvtsudoers_merge.c:698 +#, c-format +msgid "%s:%d:%d: made Defaults \"%s\" specific to host %s" +msgstr "%s:%d:%d: Defaults \"%s\" をホスト %s に特有のものとしました。" + +#: plugins/sudoers/cvtsudoers_merge.c:718 +#, c-format +msgid "%s:%d:%d: removing Defaults \"%s\" overridden by subsequent entries" +msgstr "%s:%d:%d: 後続のエントリーで上書きされた Defaults の \"%s\" を削除しています" + +#: plugins/sudoers/cvtsudoers_merge.c:723 +#, c-format +msgid "%s:%d:%d: unable to make Defaults \"%s\" host-specific" +msgstr "%s:%d:%d: Defaults \"%s\" をホストに特有のものにできません" + +#: plugins/sudoers/cvtsudoers_merge.c:943 +#, c-format +msgid "%s:%d:%d: removing userspec overridden by subsequent entries" +msgstr "%s:%d:%d: 後続のエントリーで上書きされた userspec を削除しています" + #: plugins/sudoers/def_data.c:50 #, c-format msgid "Syslog facility if syslog is being used for logging: %s" @@ -1902,95 +2388,194 @@ msgid "The format of logs to produce: %s" msgstr "生成するログの書式: %s" -#: plugins/sudoers/defaults.c:185 +#: plugins/sudoers/def_data.c:574 +msgid "Enable SELinux RBAC support" +msgstr "SELinux RBAC のサポートを有効にする" + +#: plugins/sudoers/def_data.c:578 #, c-format -msgid "%s:%d:%d: unknown defaults entry \"%s\"" -msgstr "%s:%d:%d: 未知のデフォルト項目 \"%s\" です" +msgid "Path to the file that is created the first time sudo is run: %s" +msgstr "sudo が最初に実行された時に作成されるファイルのパス: %s" + +#: plugins/sudoers/def_data.c:582 +msgid "Intercept further commands and apply sudoers restrictions to them" +msgstr "これ以降のコマンドに割り込み、sudoers による制限を適用する" + +#: plugins/sudoers/def_data.c:586 +msgid "Log sub-commands run by the original command" +msgstr "コマンドが実行したサブコマンドをログに記録する" + +#: plugins/sudoers/def_data.c:590 +msgid "Log the exit status of commands" +msgstr "コマンドを実行した後の終了ステータスをログに記録します" + +#: plugins/sudoers/def_data.c:594 +msgid "Subsequent commands in an intercepted session must be authenticated" +msgstr "割り込みセッションの中で続くコマンドには認証が必要です" + +#: plugins/sudoers/def_data.c:598 +msgid "Allow an intercepted command to run set setuid or setgid programs" +msgstr "割り込まれたコマンドが setuid または setgid プログラムを実行することを許可します" + +#: plugins/sudoers/def_data.c:602 +#, c-format +msgid "The maximum size to which the process's address space may grow (in bytes): %s" +msgstr "プロセスのアドレス空間の最大値(バイト単位): %s" + +#: plugins/sudoers/def_data.c:606 +#, c-format +msgid "The largest size core dump file that may be created (in bytes): %s" +msgstr "コアダンプファイルの最大サイズ(バイト単位): %s" + +#: plugins/sudoers/def_data.c:610 +#, c-format +msgid "The maximum amount of CPU time that the process may use (in seconds): %s" +msgstr "プロセスが使用するCPU時間の最大値(秒単位): %s" + +#: plugins/sudoers/def_data.c:614 +#, c-format +msgid "The maximum size of the data segment for the process (in bytes): %s" +msgstr "プロセスのデータセグメントサイズの最大値(バイト単位): %s" -#: plugins/sudoers/defaults.c:188 +#: plugins/sudoers/def_data.c:618 +#, c-format +msgid "The largest size file that the process may create (in bytes): %s" +msgstr "プロセスが作成するファイルサイズの最大値(バイト単位): %s" + +#: plugins/sudoers/def_data.c:622 +#, c-format +msgid "The maximum number of locks that the process may establish: %s" +msgstr "プロセスが作るロックの最大数: %s" + +#: plugins/sudoers/def_data.c:626 +#, c-format +msgid "The maximum size that the process may lock in memory (in bytes): %s" +msgstr "プロセスがロックするメモリーサイズの最大値(バイト単位): %s" + +#: plugins/sudoers/def_data.c:630 +#, c-format +msgid "The maximum number of files that the process may have open: %s" +msgstr "プロセスが開くファイル数の最大値: %s" + +#: plugins/sudoers/def_data.c:634 +#, c-format +msgid "The maximum number of processes that the user may run simultaneously: %s" +msgstr "ユーザーが同時に走らせるプロセスの最大数: %s" + +#: plugins/sudoers/def_data.c:638 +#, c-format +msgid "The maximum size to which the process's resident set size may grow (in bytes): %s" +msgstr "プロセスが使用するメモリー(RSS)の最大値(バイト単位): %s" + +#: plugins/sudoers/def_data.c:642 +#, c-format +msgid "The maximum size to which the process's stack may grow (in bytes): %s" +msgstr "プロセスのスタックサイズの最大値(バイト単位): %s" + +#: plugins/sudoers/defaults.c:192 #, c-format msgid "%s: unknown defaults entry \"%s\"" msgstr "%s: 未知のデフォルト項目 \"%s\" です" -#: plugins/sudoers/defaults.c:234 +#: plugins/sudoers/defaults.c:241 #, c-format msgid "%s:%d:%d: no value specified for \"%s\"" msgstr "%s:%d:%d: \"%s\" に値が指定されていません" -#: plugins/sudoers/defaults.c:237 +#: plugins/sudoers/defaults.c:244 #, c-format msgid "%s: no value specified for \"%s\"" msgstr "%s: \"%s\" に値が指定されていません" -#: plugins/sudoers/defaults.c:275 +#: plugins/sudoers/defaults.c:257 +#, c-format +msgid "%s:%d:%d: invalid operator \"%c=\" for \"%s\"" +msgstr "%s:%d:%d: \"%c=\" は \"%s\" には無効な演算子です" + +#: plugins/sudoers/defaults.c:260 +#, c-format +msgid "%s: invalid operator \"%c=\" for \"%s\"" +msgstr "%s: \"%c=\" は \"%s\" には無効な演算子です" + +#: plugins/sudoers/defaults.c:296 #, c-format msgid "%s:%d:%d: option \"%s\" does not take a value" msgstr "%s:%d:%d: オプション \"%s\" は値をとりません" -#: plugins/sudoers/defaults.c:278 +#: plugins/sudoers/defaults.c:299 #, c-format msgid "%s: option \"%s\" does not take a value" msgstr "%s: オプション \"%s\" は値をとりません" -#: plugins/sudoers/defaults.c:303 +#: plugins/sudoers/defaults.c:327 #, c-format msgid "%s:%d:%d: invalid Defaults type 0x%x for option \"%s\"" msgstr "%s:%d:%d: 0x%x はオプション \"%s\" のデフォルトタイプとして無効です" -#: plugins/sudoers/defaults.c:306 +#: plugins/sudoers/defaults.c:330 #, c-format msgid "%s: invalid Defaults type 0x%x for option \"%s\"" msgstr "%s: 0x%x はオプション \"%s\" のデフォルトタイプとして無効です" -#: plugins/sudoers/defaults.c:316 +#: plugins/sudoers/defaults.c:340 #, c-format msgid "%s:%d:%d: value \"%s\" is invalid for option \"%s\"" msgstr "%s:%d:%d: \"%s\" はオプション \"%s\" の値としては無効です" -#: plugins/sudoers/defaults.c:319 +#: plugins/sudoers/defaults.c:343 #, c-format msgid "%s: value \"%s\" is invalid for option \"%s\"" msgstr "%s: \"%s\" はオプション \"%s\" の値としては無効です" -#: plugins/sudoers/defaults.c:1030 +#: plugins/sudoers/defaults.c:1124 +#, c-format +msgid "%s:%d:%d: path name for \"%s\" too long" +msgstr "%s:%d:%d: \"%s\" のパス名が長すぎます" + +#: plugins/sudoers/defaults.c:1127 +#, c-format +msgid "%s: path name for \"%s\" too long" +msgstr "%s: \"%s\" のパス名が長すぎます" + +#: plugins/sudoers/defaults.c:1138 #, c-format msgid "%s:%d:%d: values for \"%s\" must start with a '/', '~', or '*'" msgstr "%s:%d:%d: \"%s\" の値は '/', '~', または '*' で開始しなければいけません" -#: plugins/sudoers/defaults.c:1034 +#: plugins/sudoers/defaults.c:1142 #, c-format msgid "%s: values for \"%s\" must start with a '/', '~', or '*'" msgstr "%s: \"%s\" の値は '/', '~', または '*' で開始しなければいけません" -#: plugins/sudoers/defaults.c:1045 +#: plugins/sudoers/defaults.c:1153 #, c-format msgid "%s:%d:%d: values for \"%s\" must start with a '/'" msgstr "%s:%d:%d: \"%s\" の値は '/' で開始しなければいけません" -#: plugins/sudoers/defaults.c:1049 +#: plugins/sudoers/defaults.c:1157 #, c-format msgid "%s: values for \"%s\" must start with a '/'" msgstr "%s: \"%s\" の値は '/' で開始しなければいけません" -#: plugins/sudoers/env.c:405 +#: plugins/sudoers/env.c:412 msgid "sudo_putenv: corrupted envp, length mismatch" msgstr "sudo_putenv: envp が破損しています。長さが合いません" -#: plugins/sudoers/env.c:1133 +#: plugins/sudoers/env.c:1095 msgid "unable to rebuild the environment" msgstr "環境を再構築できません" -#: plugins/sudoers/env.c:1207 +#: plugins/sudoers/env.c:1169 #, c-format msgid "sorry, you are not allowed to set the following environment variables: %s" msgstr "残念ですが、あなたは次の環境変数を設定することを許可されていません: %s" -#: plugins/sudoers/file.c:107 +#: plugins/sudoers/file.c:108 #, c-format msgid "parse error in %s near line %d" msgstr "%s 内 %d 行付近で構文解析エラーが発生しました" -#: plugins/sudoers/file.c:110 +#: plugins/sudoers/file.c:111 #, c-format msgid "parse error in %s" msgstr "%s 内で構文解析エラーが発生しました" @@ -2015,7 +2600,7 @@ msgid "%s must only be writable by owner" msgstr "%s は所有者のみ書き込み可能でなければいけません" -#: plugins/sudoers/group_plugin.c:96 plugins/sudoers/sssd.c:569 +#: plugins/sudoers/group_plugin.c:96 plugins/sudoers/sssd.c:566 #, c-format msgid "unable to load %s: %s" msgstr "%s をロードできません: %su" @@ -2030,56 +2615,51 @@ msgid "%s: incompatible group plugin major version %d, expected %d" msgstr "%s: 互換性のないグループプラグインメジャーバージョン %d です。予期されるのは %d です" -#: plugins/sudoers/interfaces.c:80 plugins/sudoers/interfaces.c:97 +#: plugins/sudoers/interfaces.c:76 plugins/sudoers/interfaces.c:93 #, c-format msgid "unable to parse IP address \"%s\"" msgstr "IPアドレス \"%s\" を解析できません" -#: plugins/sudoers/interfaces.c:85 plugins/sudoers/interfaces.c:102 +#: plugins/sudoers/interfaces.c:81 plugins/sudoers/interfaces.c:98 #, c-format msgid "unable to parse netmask \"%s\"" msgstr "ネットマスク \"%s\" を解析できません" -#: plugins/sudoers/interfaces.c:130 +#: plugins/sudoers/interfaces.c:126 msgid "Local IP address and netmask pairs:\n" msgstr "ローカル IP アドレスとネットマスクの組:\n" -#: plugins/sudoers/iolog.c:143 plugins/sudoers/sudoers.c:445 -#: plugins/sudoers/sudoers.c:1341 plugins/sudoers/testsudoers.c:410 -#, c-format -msgid "unknown group: %s" -msgstr "不明なグループです: %s" - -#: plugins/sudoers/iolog.c:622 +#: plugins/sudoers/iolog.c:626 msgid "unable to update sequence file" msgstr "シーケンスファイルを更新できません" -#: plugins/sudoers/iolog.c:653 plugins/sudoers/iolog.c:841 -#: plugins/sudoers/iolog.c:994 plugins/sudoers/iolog.c:1001 -#: plugins/sudoers/iolog.c:1122 plugins/sudoers/iolog.c:1129 -#: plugins/sudoers/iolog.c:1228 plugins/sudoers/iolog.c:1235 +#: plugins/sudoers/iolog.c:660 plugins/sudoers/iolog.c:848 +#: plugins/sudoers/iolog.c:1001 plugins/sudoers/iolog.c:1008 +#: plugins/sudoers/iolog.c:1129 plugins/sudoers/iolog.c:1136 +#: plugins/sudoers/iolog.c:1235 plugins/sudoers/iolog.c:1242 #, c-format msgid "unable to write to I/O log file: %s" msgstr "%s へ I/O ログを書き込むことができません" -#: plugins/sudoers/iolog.c:661 +#: plugins/sudoers/iolog.c:668 #, c-format msgid "unable to create %s/%s" msgstr "%s/%s を作成できません" -#: plugins/sudoers/iolog.c:886 +#: plugins/sudoers/iolog.c:893 #, c-format msgid "%s: internal error, I/O log file for event %d not open" msgstr "%s: 内部エラー、I/O イベント %d のログファイルを開けません" -#: plugins/sudoers/iolog.c:979 plugins/sudoers/iolog.c:1107 -#: plugins/sudoers/iolog.c:1212 plugins/sudoers/timestamp.c:855 -#: plugins/sudoers/timestamp.c:947 plugins/sudoers/visudo.c:493 -#: plugins/sudoers/visudo.c:499 +#: plugins/sudoers/iolog.c:986 plugins/sudoers/iolog.c:1114 +#: plugins/sudoers/iolog.c:1219 plugins/sudoers/timestamp.c:849 +#: plugins/sudoers/timestamp.c:941 plugins/sudoers/visudo.c:510 +#: plugins/sudoers/visudo.c:516 msgid "unable to read the clock" msgstr "時刻を読み込むことができません" -#: plugins/sudoers/iolog.c:1204 plugins/sudoers/log_client.c:1193 +#: plugins/sudoers/iolog.c:1211 plugins/sudoers/log_client.c:1221 +#: plugins/sudoers/log_client.c:1231 plugins/sudoers/log_client.c:1235 #, c-format msgid "%s: internal error, invalid signal %d" msgstr "%s: 内部エラー、無効なシグナル %d" @@ -2098,16 +2678,16 @@ msgid "you must set TLS_CERT in %s to use SSL" msgstr "SSL を使用するためには %s の中の TLS_CERT を設定する必要があります" -#: plugins/sudoers/ldap.c:1660 +#: plugins/sudoers/ldap.c:1663 #, c-format msgid "unable to initialize LDAP: %s" msgstr "LDAP を初期化できません: %s" -#: plugins/sudoers/ldap.c:1697 +#: plugins/sudoers/ldap.c:1700 msgid "start_tls specified but LDAP libs do not support ldap_start_tls_s() or ldap_start_tls_s_np()" msgstr "start_tls が指定されていますが、LDAP ライブラリが ldap_start_tls_s() または ldap_start_tls_s_np() をサポートしていません" -#: plugins/sudoers/ldap.c:1834 plugins/sudoers/parse_ldif.c:744 +#: plugins/sudoers/ldap.c:1837 plugins/sudoers/parse_ldif.c:747 #, c-format msgid "invalid sudoOrder attribute: %s" msgstr "無効な sudoOrder 属性です: %s" @@ -2126,100 +2706,132 @@ msgid "unable to mix ldap and ldaps URIs" msgstr "ldap と ldaps の URI を混ぜて使用できません" -#: plugins/sudoers/ldap_util.c:553 plugins/sudoers/ldap_util.c:555 +#: plugins/sudoers/ldap_util.c:498 plugins/sudoers/ldap_util.c:505 +#: plugins/sudoers/ldap_util.c:513 plugins/sudoers/ldap_util.c:522 +#: plugins/sudoers/ldap_util.c:530 plugins/sudoers/ldap_util.c:540 +#: plugins/sudoers/ldap_util.c:548 +#, c-format +msgid "duplicate sudoOption: %s%s%s" +msgstr "sudoOption が重複しています: %s%s%s" + +#: plugins/sudoers/ldap_util.c:567 plugins/sudoers/ldap_util.c:569 #, c-format msgid "unable to convert sudoOption: %s%s%s" msgstr "sudoOption を変換できません: %s%s%s" -#: plugins/sudoers/linux_audit.c:58 +#: plugins/sudoers/linux_audit.c:58 plugins/sudoers/linux_audit.c:60 msgid "unable to open audit system" msgstr "監査システムを開くことができません" -#: plugins/sudoers/linux_audit.c:101 +#: plugins/sudoers/linux_audit.c:103 msgid "unable to send audit message" msgstr "監査メッセージを送ることができません" -#: plugins/sudoers/log_client.c:113 plugins/sudoers/log_client.c:391 -#: plugins/sudoers/log_client.c:1431 plugins/sudoers/log_client.c:2023 +#: plugins/sudoers/log_client.c:120 plugins/sudoers/log_client.c:400 +#: plugins/sudoers/log_client.c:1468 plugins/sudoers/log_client.c:2070 msgid "error in event loop" msgstr "イベントループでエラーが発生しました" -#: plugins/sudoers/log_client.c:193 +#: plugins/sudoers/log_client.c:200 #, c-format msgid "Creation of new SSL_CTX object failed: %s" msgstr "新しい SSL_CTX オブジェクトの作成に失敗しました: %s" -#: plugins/sudoers/log_client.c:345 plugins/sudoers/log_client.c:350 +#: plugins/sudoers/log_client.c:223 +#, c-format +msgid "unable to load certificate authority bundle %s" +msgstr "認証局の証明書バンドル %s をロードできません" + +#: plugins/sudoers/log_client.c:243 +#, c-format +msgid "unable to load certificate %s" +msgstr "証明書 %s をロードできません" + +#: plugins/sudoers/log_client.c:256 +#, c-format +msgid "unable to load private key %s" +msgstr "プライベート鍵を読み込めません: %s" + +#: plugins/sudoers/log_client.c:265 +#, c-format +msgid "Unable to allocate ssl object: %s" +msgstr "SSLオブジェクトを割り当てることができません: %s" + +#: plugins/sudoers/log_client.c:353 plugins/sudoers/log_client.c:358 #, c-format msgid "TLS connection to %s:%s failed: %s" msgstr "%s:%s へのTLS接続に失敗しました: %s" -#: plugins/sudoers/log_client.c:519 +#: plugins/sudoers/log_client.c:531 msgid "TLS initialization was unsuccessful" msgstr "TLS 初期化が成功しませんでした" -#: plugins/sudoers/log_client.c:528 +#: plugins/sudoers/log_client.c:541 msgid "TLS handshake was unsuccessful" msgstr "TLS ハンドシェイクが成功しませんでした" -#: plugins/sudoers/log_client.c:1202 +#: plugins/sudoers/log_client.c:1239 #, c-format msgid "%s: internal error, invalid exit status %d" msgstr "%s: 内部エラー、無効な終了コード %d" -#: plugins/sudoers/log_client.c:1738 +#: plugins/sudoers/log_client.c:1608 +msgid "unable to unpack ServerMessage" +msgstr "ServerMessage を展開できません" + +#: plugins/sudoers/log_client.c:1763 plugins/sudoers/log_client.c:1787 msgid "lost connection to log server" msgstr "ログサーバーへの接続が失われました" -#: plugins/sudoers/log_client.c:1815 +#: plugins/sudoers/log_client.c:1864 msgid "missing write buffer" msgstr "書き込みバッファが失われました" -#: plugins/sudoers/log_client.c:1964 +#: plugins/sudoers/log_client.c:2011 msgid "unable to connect to log server" msgstr "ログサーバーに接続できません" -#: plugins/sudoers/logging.c:244 +#: plugins/sudoers/logging.c:286 msgid "user NOT in sudoers" msgstr "ユーザーが sudoers 内にありません" -#: plugins/sudoers/logging.c:246 +#: plugins/sudoers/logging.c:288 msgid "user NOT authorized on host" msgstr "ホスト上でユーザーが認証されていません" -#: plugins/sudoers/logging.c:248 +#: plugins/sudoers/logging.c:290 msgid "command not allowed" msgstr "コマンドが許可されていません" -#: plugins/sudoers/logging.c:269 +#: plugins/sudoers/logging.c:311 #, c-format msgid "%s is not in the sudoers file. This incident will be reported.\n" msgstr "%s は sudoers ファイル内にありません。この事象は記録・報告されます。\n" -#: plugins/sudoers/logging.c:272 +#: plugins/sudoers/logging.c:314 #, c-format msgid "%s is not allowed to run sudo on %s. This incident will be reported.\n" msgstr "%s は %s 上で sudo を実行することを許可されていません。この事象は記録・報告されます。\n" -#: plugins/sudoers/logging.c:276 +#: plugins/sudoers/logging.c:318 #, c-format msgid "Sorry, user %s may not run sudo on %s.\n" msgstr "残念ですが、ユーザー %s は %s 上で sudo を実行できません。\n" -#: plugins/sudoers/logging.c:279 +#: plugins/sudoers/logging.c:321 #, c-format msgid "Sorry, user %s is not allowed to execute '%s%s%s' as %s%s%s on %s.\n" msgstr "残念ですが、ユーザー %s は'%s%s%s' を %s%s%s として %s 上で実行することは許可されていません。\n" -#: plugins/sudoers/logging.c:316 plugins/sudoers/sudoers.c:583 -#: plugins/sudoers/sudoers.c:585 plugins/sudoers/sudoers.c:587 -#: plugins/sudoers/sudoers.c:589 plugins/sudoers/sudoers.c:739 -#: plugins/sudoers/sudoers.c:741 +#: plugins/sudoers/logging.c:358 plugins/sudoers/sudoers.c:629 +#: plugins/sudoers/sudoers.c:631 plugins/sudoers/sudoers.c:633 +#: plugins/sudoers/sudoers.c:635 plugins/sudoers/sudoers.c:785 +#: plugins/sudoers/sudoers.c:787 #, c-format msgid "%s: command not found" msgstr "%s: コマンドが見つかりません" -#: plugins/sudoers/logging.c:318 plugins/sudoers/sudoers.c:579 +#: plugins/sudoers/logging.c:360 plugins/sudoers/sudoers.c:625 #, c-format msgid "" "ignoring \"%s\" found in '.'\n" @@ -2228,26 +2840,21 @@ "'.' 内で見つかった \"%1$s\" を無視します\n" "この \"%3$s\" を実行したい場合は \"sudo ./%2$s\" を使用してください。" -#: plugins/sudoers/logging.c:337 +#: plugins/sudoers/logging.c:379 #, c-format msgid "%u incorrect password attempt" msgid_plural "%u incorrect password attempts" msgstr[0] "%u 回パスワード試行を間違えました" -#: plugins/sudoers/logging.c:393 +#: plugins/sudoers/logging.c:435 msgid "authentication failure" msgstr "認証失敗" -#: plugins/sudoers/logging.c:433 plugins/sudoers/logging.c:453 +#: plugins/sudoers/logging.c:475 plugins/sudoers/logging.c:495 msgid "a password is required" msgstr "パスワードが必要です" -#: plugins/sudoers/logging.c:729 -#, c-format -msgid "unable to open log file: %s" -msgstr "ログファイルを開けません: %s" - -#: plugins/sudoers/logging.c:762 +#: plugins/sudoers/logging.c:889 #, c-format msgid "unable to write log file: %s" msgstr "%s へログを書き込むことができません" @@ -2257,7 +2864,15 @@ msgid "digest for %s (%s) is not in %s form" msgstr "%s (%s) の認証方式は %s 形式ではありません" -#: plugins/sudoers/parse.c:518 +#: plugins/sudoers/parse.c:233 +msgid "SELinux RBAC is not supported when intercept mode is enabled" +msgstr "SELinux RBAC はインターセプトモードが有効になっているときにはサポートされません" + +#: plugins/sudoers/parse.c:238 +msgid "SELinux RBAC is not supported when the log_subcmds flag is enabled" +msgstr "SELinux RBAC はlog_subcmds フラグが有効になっているときにはサポートされません" + +#: plugins/sudoers/parse.c:549 #, c-format msgid "" "\n" @@ -2266,7 +2881,7 @@ "\n" "LDAP 役割: %s\n" -#: plugins/sudoers/parse.c:521 +#: plugins/sudoers/parse.c:552 msgid "" "\n" "Sudoers entry:\n" @@ -2274,104 +2889,115 @@ "\n" "sudoers 項目:\n" -#: plugins/sudoers/parse.c:523 +#: plugins/sudoers/parse.c:554 msgid " RunAsUsers: " msgstr " RunAsUsers: " -#: plugins/sudoers/parse.c:538 +#: plugins/sudoers/parse.c:569 msgid " RunAsGroups: " msgstr " RunAsGroups: " -#: plugins/sudoers/parse.c:548 +#: plugins/sudoers/parse.c:579 msgid " Options: " msgstr " オプション: " -#: plugins/sudoers/parse.c:602 +#: plugins/sudoers/parse.c:643 msgid " Commands:\n" msgstr " コマンド:\n" -#: plugins/sudoers/parse.c:793 +#: plugins/sudoers/parse.c:834 #, c-format msgid "Matching Defaults entries for %s on %s:\n" msgstr "既定値のエントリと照合中 (ユーザー名 %s) (ホスト名 %s):\n" -#: plugins/sudoers/parse.c:811 +#: plugins/sudoers/parse.c:852 #, c-format msgid "Runas and Command-specific defaults for %s:\n" msgstr "ユーザー %s 用の Runas およびコマンド特有のデフォルト:\n" -#: plugins/sudoers/parse.c:829 +#: plugins/sudoers/parse.c:870 #, c-format msgid "User %s may run the following commands on %s:\n" msgstr "ユーザー %s は %s 上で コマンドを実行できます\n" -#: plugins/sudoers/parse.c:844 +#: plugins/sudoers/parse.c:885 #, c-format msgid "User %s is not allowed to run sudo on %s.\n" msgstr "ユーザー %s は %s 上で sudo を実行することを許可されていません。\n" -#: plugins/sudoers/parse_ldif.c:614 +#: plugins/sudoers/parse_ldif.c:617 #, c-format msgid "ignoring incomplete sudoRole: cn: %s" msgstr "不完全な sudoRole: cn: %s を無視します" -#: plugins/sudoers/parse_ldif.c:674 +#: plugins/sudoers/parse_ldif.c:677 #, c-format msgid "invalid LDIF attribute: %s" msgstr "無効な LDIF 属性です: %s" -#: plugins/sudoers/policy.c:78 plugins/sudoers/policy.c:102 +#: plugins/sudoers/policy.c:80 plugins/sudoers/policy.c:111 #, c-format msgid "invalid %.*s set by sudo front-end" msgstr "無効な %.*s が sudo のフロントエンドで設定されています" -#: plugins/sudoers/policy.c:310 plugins/sudoers/testsudoers.c:272 +#: plugins/sudoers/policy.c:206 plugins/sudoers/policy.c:215 +#, c-format +msgid "path name for \"%s\" too long" +msgstr "\"%s\" のパス名が長すぎます" + +#: plugins/sudoers/policy.c:328 plugins/sudoers/testsudoers.c:268 msgid "unable to parse network address list" msgstr "ネットワークのアドレスリストを解析できません" -#: plugins/sudoers/policy.c:455 +#: plugins/sudoers/policy.c:479 msgid "user name not set by sudo front-end" msgstr "ユーザー名が sudo のフロントエンドで設定されていません" -#: plugins/sudoers/policy.c:459 +#: plugins/sudoers/policy.c:483 msgid "user-ID not set by sudo front-end" msgstr "ユーザーIDが sudo のフロントエンドで設定されていません" -#: plugins/sudoers/policy.c:463 +#: plugins/sudoers/policy.c:487 msgid "group-ID not set by sudo front-end" msgstr "グループIDが sudo のフロントエンドで設定されていません" -#: plugins/sudoers/policy.c:467 +#: plugins/sudoers/policy.c:491 msgid "host name not set by sudo front-end" msgstr "ホスト名が sudo のフロントエンドで設定されていません" -#: plugins/sudoers/policy.c:643 +#: plugins/sudoers/policy.c:693 #, c-format msgid "invalid working directory: %s" msgstr "無効な作業ディレクトリ: %s" -#: plugins/sudoers/policy.c:811 +#: plugins/sudoers/policy.c:869 #, c-format msgid "invalid chroot directory: %s" msgstr "無効な chroot ディレクトリ: %s" -#: plugins/sudoers/policy.c:947 plugins/sudoers/visudo.c:231 -#: plugins/sudoers/visudo.c:860 +#: plugins/sudoers/policy.c:1051 plugins/sudoers/visudo.c:243 +#: plugins/sudoers/visudo.c:880 #, c-format msgid "unable to execute %s" msgstr "%s を実行できません" -#: plugins/sudoers/policy.c:1111 +#: plugins/sudoers/policy.c:1121 plugins/sudoers/policy.c:1158 +#: plugins/sudoers/policy.c:1180 plugins/sudoers/policy.c:1206 +#, c-format +msgid "%s: invalid mode flags from sudo front end: 0x%x" +msgstr "%s: 無効なモードフラグが sudo のフロントエンドで指定されています: 0x%x" + +#: plugins/sudoers/policy.c:1237 #, c-format msgid "Sudoers policy plugin version %s\n" msgstr "sudoers ポリシープラグイン バージョン %s\n" -#: plugins/sudoers/policy.c:1113 +#: plugins/sudoers/policy.c:1239 #, c-format msgid "Sudoers file grammar version %d\n" msgstr "sudoers ファイル文法バージョン %d\n" -#: plugins/sudoers/policy.c:1117 +#: plugins/sudoers/policy.c:1243 #, c-format msgid "" "\n" @@ -2380,132 +3006,137 @@ "\n" "sudoers のパス: %s\n" -#: plugins/sudoers/policy.c:1120 +#: plugins/sudoers/policy.c:1246 #, c-format msgid "nsswitch path: %s\n" msgstr "nsswitch のパス: %s\n" -#: plugins/sudoers/policy.c:1122 +#: plugins/sudoers/policy.c:1248 #, c-format msgid "ldap.conf path: %s\n" msgstr "ldap.conf のパス: %s\n" -#: plugins/sudoers/policy.c:1123 +#: plugins/sudoers/policy.c:1249 #, c-format msgid "ldap.secret path: %s\n" msgstr "ldap.secret のパス: %s\n" -#: plugins/sudoers/policy.c:1156 +#: plugins/sudoers/policy.c:1282 #, c-format msgid "unable to register hook of type %d (version %d.%d)" msgstr "タイプ %d のフックを登録できません (バージョン %d.%d)" -#: plugins/sudoers/pwutil.c:217 plugins/sudoers/pwutil.c:235 +#: plugins/sudoers/policy.c:1300 +#, c-format +msgid "unable to deregister hook of type %d (version %d.%d)" +msgstr "タイプ %d のフックを登録解除できません (バージョン %d.%d)" + +#: plugins/sudoers/pwutil.c:222 plugins/sudoers/pwutil.c:240 #, c-format msgid "unable to cache uid %u" msgstr "ユーザーID %u をキャッシュできません" -#: plugins/sudoers/pwutil.c:229 +#: plugins/sudoers/pwutil.c:234 #, c-format msgid "unable to cache uid %u, already exists" msgstr "ユーザーID %u をキャッシュできません。すでに存在します" -#: plugins/sudoers/pwutil.c:289 plugins/sudoers/pwutil.c:307 -#: plugins/sudoers/pwutil.c:370 plugins/sudoers/pwutil.c:415 +#: plugins/sudoers/pwutil.c:294 plugins/sudoers/pwutil.c:312 +#: plugins/sudoers/pwutil.c:375 plugins/sudoers/pwutil.c:420 #, c-format msgid "unable to cache user %s" msgstr "ユーザー %s をキャッシュできません" -#: plugins/sudoers/pwutil.c:302 +#: plugins/sudoers/pwutil.c:307 #, c-format msgid "unable to cache user %s, already exists" msgstr "ユーザー %s をキャッシュできません。すでに存在します" -#: plugins/sudoers/pwutil.c:534 plugins/sudoers/pwutil.c:552 +#: plugins/sudoers/pwutil.c:539 plugins/sudoers/pwutil.c:557 #, c-format msgid "unable to cache gid %u" msgstr "グループID %u をキャッシュできません" -#: plugins/sudoers/pwutil.c:546 +#: plugins/sudoers/pwutil.c:551 #, c-format msgid "unable to cache gid %u, already exists" msgstr "グループID %u をキャッシュできません。すでに存在します" -#: plugins/sudoers/pwutil.c:599 plugins/sudoers/pwutil.c:617 -#: plugins/sudoers/pwutil.c:665 plugins/sudoers/pwutil.c:707 +#: plugins/sudoers/pwutil.c:605 plugins/sudoers/pwutil.c:623 +#: plugins/sudoers/pwutil.c:684 plugins/sudoers/pwutil.c:733 #, c-format msgid "unable to cache group %s" msgstr "グループ %s をキャッシュできません" -#: plugins/sudoers/pwutil.c:612 +#: plugins/sudoers/pwutil.c:618 #, c-format msgid "unable to cache group %s, already exists" msgstr "グループ %s をキャッシュできません。すでに存在します" -#: plugins/sudoers/pwutil.c:834 plugins/sudoers/pwutil.c:885 -#: plugins/sudoers/pwutil.c:935 plugins/sudoers/pwutil.c:987 +#: plugins/sudoers/pwutil.c:880 plugins/sudoers/pwutil.c:931 +#: plugins/sudoers/pwutil.c:981 plugins/sudoers/pwutil.c:1033 #, c-format msgid "unable to cache group list for %s, already exists" msgstr "グループリスト %s をキャッシュできません。すでに存在します" -#: plugins/sudoers/pwutil.c:840 plugins/sudoers/pwutil.c:890 -#: plugins/sudoers/pwutil.c:941 plugins/sudoers/pwutil.c:992 +#: plugins/sudoers/pwutil.c:886 plugins/sudoers/pwutil.c:936 +#: plugins/sudoers/pwutil.c:987 plugins/sudoers/pwutil.c:1038 #, c-format msgid "unable to cache group list for %s" msgstr "グループリスト %s をキャッシュできません" -#: plugins/sudoers/pwutil.c:879 +#: plugins/sudoers/pwutil.c:925 #, c-format msgid "unable to parse groups for %s" msgstr "%s のグループを解析できません" -#: plugins/sudoers/pwutil.c:981 +#: plugins/sudoers/pwutil.c:1027 #, c-format msgid "unable to parse gids for %s" msgstr "%s のグループIDを解析できません" -#: plugins/sudoers/set_perms.c:114 plugins/sudoers/set_perms.c:441 -#: plugins/sudoers/set_perms.c:844 plugins/sudoers/set_perms.c:1150 -#: plugins/sudoers/set_perms.c:1444 +#: plugins/sudoers/set_perms.c:114 plugins/sudoers/set_perms.c:445 +#: plugins/sudoers/set_perms.c:852 plugins/sudoers/set_perms.c:1162 +#: plugins/sudoers/set_perms.c:1460 msgid "perm stack overflow" msgstr "perm スタックがオーバーフローしました" -#: plugins/sudoers/set_perms.c:122 plugins/sudoers/set_perms.c:372 -#: plugins/sudoers/set_perms.c:449 plugins/sudoers/set_perms.c:711 -#: plugins/sudoers/set_perms.c:852 plugins/sudoers/set_perms.c:1074 -#: plugins/sudoers/set_perms.c:1158 plugins/sudoers/set_perms.c:1377 -#: plugins/sudoers/set_perms.c:1452 plugins/sudoers/set_perms.c:1542 +#: plugins/sudoers/set_perms.c:125 plugins/sudoers/set_perms.c:376 +#: plugins/sudoers/set_perms.c:456 plugins/sudoers/set_perms.c:719 +#: plugins/sudoers/set_perms.c:863 plugins/sudoers/set_perms.c:1086 +#: plugins/sudoers/set_perms.c:1173 plugins/sudoers/set_perms.c:1393 +#: plugins/sudoers/set_perms.c:1471 plugins/sudoers/set_perms.c:1562 msgid "perm stack underflow" msgstr "perm スタックがアンダーフローしました" -#: plugins/sudoers/set_perms.c:181 plugins/sudoers/set_perms.c:495 -#: plugins/sudoers/set_perms.c:1211 plugins/sudoers/set_perms.c:1485 +#: plugins/sudoers/set_perms.c:185 plugins/sudoers/set_perms.c:503 +#: plugins/sudoers/set_perms.c:1227 plugins/sudoers/set_perms.c:1505 msgid "unable to change to root gid" msgstr "root のグループIDへ変更できません" -#: plugins/sudoers/set_perms.c:272 plugins/sudoers/set_perms.c:592 -#: plugins/sudoers/set_perms.c:983 plugins/sudoers/set_perms.c:1288 +#: plugins/sudoers/set_perms.c:276 plugins/sudoers/set_perms.c:600 +#: plugins/sudoers/set_perms.c:995 plugins/sudoers/set_perms.c:1304 msgid "unable to change to runas gid" msgstr "実行するためのグループIDに変更できません" -#: plugins/sudoers/set_perms.c:277 plugins/sudoers/set_perms.c:597 -#: plugins/sudoers/set_perms.c:988 plugins/sudoers/set_perms.c:1293 +#: plugins/sudoers/set_perms.c:281 plugins/sudoers/set_perms.c:605 +#: plugins/sudoers/set_perms.c:1000 plugins/sudoers/set_perms.c:1309 msgid "unable to set runas group vector" msgstr "グループベクトルを実行するためのものに変更できません" -#: plugins/sudoers/set_perms.c:288 plugins/sudoers/set_perms.c:608 -#: plugins/sudoers/set_perms.c:997 plugins/sudoers/set_perms.c:1302 +#: plugins/sudoers/set_perms.c:292 plugins/sudoers/set_perms.c:616 +#: plugins/sudoers/set_perms.c:1009 plugins/sudoers/set_perms.c:1318 msgid "unable to change to runas uid" msgstr "実行するためのユーザーIDに変更できません" -#: plugins/sudoers/set_perms.c:306 plugins/sudoers/set_perms.c:626 -#: plugins/sudoers/set_perms.c:1013 plugins/sudoers/set_perms.c:1318 +#: plugins/sudoers/set_perms.c:310 plugins/sudoers/set_perms.c:634 +#: plugins/sudoers/set_perms.c:1025 plugins/sudoers/set_perms.c:1334 msgid "unable to change to sudoers gid" msgstr "sudoers のグループIDへ変更できません" -#: plugins/sudoers/set_perms.c:359 plugins/sudoers/set_perms.c:698 -#: plugins/sudoers/set_perms.c:1061 plugins/sudoers/set_perms.c:1364 -#: plugins/sudoers/set_perms.c:1529 +#: plugins/sudoers/set_perms.c:363 plugins/sudoers/set_perms.c:706 +#: plugins/sudoers/set_perms.c:1073 plugins/sudoers/set_perms.c:1380 +#: plugins/sudoers/set_perms.c:1549 msgid "too many processes" msgstr "プロセスが多すぎます" @@ -2523,259 +3154,273 @@ msgid "truncated audit path argv[0]: %s" msgstr "検証の対象とする長さを切り詰めました argv[0]: %s" -#: plugins/sudoers/sssd.c:572 +#: plugins/sudoers/sssd.c:569 msgid "unable to initialize SSS source. Is SSSD installed on your machine?" msgstr "SSS のソースを初期化できません。SSSD はあなたのマシンにインストールされていますか?" -#: plugins/sudoers/sssd.c:580 plugins/sudoers/sssd.c:589 -#: plugins/sudoers/sssd.c:598 plugins/sudoers/sssd.c:607 -#: plugins/sudoers/sssd.c:616 +#: plugins/sudoers/sssd.c:577 plugins/sudoers/sssd.c:586 +#: plugins/sudoers/sssd.c:595 plugins/sudoers/sssd.c:604 +#: plugins/sudoers/sssd.c:613 #, c-format msgid "unable to find symbol \"%s\" in %s" msgstr "シンボル \"%s\" が %s 内にありません" -#: plugins/sudoers/sudoers.c:214 plugins/sudoers/sudoers.c:1010 +#: plugins/sudoers/sudoers.c:166 plugins/sudoers/sudoers.c:174 +#: plugins/sudoers/sudoers.c:228 plugins/sudoers/sudoers.c:249 +#: plugins/sudoers/sudoers.c:1049 msgid "problem with defaults entries" msgstr "デフォルト項目で問題が発生しました" -#: plugins/sudoers/sudoers.c:218 +#: plugins/sudoers/sudoers.c:253 msgid "no valid sudoers sources found, quitting" msgstr "有効な sudoers のソースが見つかりません。終了します" -#: plugins/sudoers/sudoers.c:292 +#: plugins/sudoers/sudoers.c:327 #, c-format msgid "user not allowed to change root directory to %s" msgstr "ユーザーはルートディレクトリを %s に変更できません" -#: plugins/sudoers/sudoers.c:294 +#: plugins/sudoers/sudoers.c:329 #, c-format msgid "you are not permitted to use the -R option with %s" msgstr "-R オプションを %s と共に使用することは許可されていません" -#: plugins/sudoers/sudoers.c:319 +#: plugins/sudoers/sudoers.c:354 #, c-format msgid "user not allowed to change directory to %s" msgstr "ユーザーはディレクトリを %s に変更できません" -#: plugins/sudoers/sudoers.c:320 +#: plugins/sudoers/sudoers.c:355 #, c-format msgid "you are not permitted to use the -D option with %s" msgstr "-D オプションを %s と共に使用することは許可されていません" -#: plugins/sudoers/sudoers.c:351 +#: plugins/sudoers/sudoers.c:382 +msgid "no command specified" +msgstr "コマンドが指定されていません" + +#: plugins/sudoers/sudoers.c:407 msgid "sudoers specifies that root is not allowed to sudo" msgstr "sudoers の指定により root が sudo を使用することは禁止されています" -#: plugins/sudoers/sudoers.c:411 +#: plugins/sudoers/sudoers.c:457 msgid "user not allowed to override closefrom limit" msgstr "ユーザーが closefrom 制限をオーバーライドすることは許されていません" -#: plugins/sudoers/sudoers.c:412 +#: plugins/sudoers/sudoers.c:458 msgid "you are not permitted to use the -C option" msgstr "-C オプションを使用することは許可されていません" -#: plugins/sudoers/sudoers.c:472 +#: plugins/sudoers/sudoers.c:518 #, c-format msgid "timestamp owner (%s): No such user" msgstr "タイムスタンプの所有者 (%s): そのようなユーザーはありません" -#: plugins/sudoers/sudoers.c:487 +#: plugins/sudoers/sudoers.c:533 msgid "no tty" msgstr "tty がありません" -#: plugins/sudoers/sudoers.c:488 +#: plugins/sudoers/sudoers.c:534 msgid "sorry, you must have a tty to run sudo" msgstr "残念ですが、sudo を実行するには tty が必要です" -#: plugins/sudoers/sudoers.c:495 +#: plugins/sudoers/sudoers.c:541 #, c-format msgid "invalid shell for user %s: %s" msgstr "ユーザー %s には無効な シェル: %s" -#: plugins/sudoers/sudoers.c:578 +#: plugins/sudoers/sudoers.c:624 msgid "command in current directory" msgstr "コマンドがカレントディレクトリにあります" -#: plugins/sudoers/sudoers.c:597 +#: plugins/sudoers/sudoers.c:639 +msgid "\"cd\" is a shell built-in command, it cannot be run directly." +msgstr "\"cd\" はシェルの内蔵コマンドで、直接実行できません。" + +#: plugins/sudoers/sudoers.c:641 +msgid "the -s option may be used to run a privileged shell." +msgstr "権限を昇格したシェルを実行するために -s オプションが使われることがあります。" + +#: plugins/sudoers/sudoers.c:643 +msgid "the -D option may be used to run a command in a specific directory." +msgstr "コマンドを実行するディレクトリを指定するために -D オプションを使うことができます。" + +#: plugins/sudoers/sudoers.c:652 msgid "user not allowed to set a command timeout" msgstr "ユーザーはコマンド実行の制限時間を設定することを許可されていません" -#: plugins/sudoers/sudoers.c:599 +#: plugins/sudoers/sudoers.c:654 msgid "sorry, you are not allowed set a command timeout" msgstr "残念ですが、あなたはコマンド実行の制限時間を設定することを許可されていません" -#: plugins/sudoers/sudoers.c:607 +#: plugins/sudoers/sudoers.c:662 msgid "user not allowed to preserve the environment" msgstr "ユーザーは環境変数を保存することを許可されていません" -#: plugins/sudoers/sudoers.c:609 +#: plugins/sudoers/sudoers.c:664 msgid "sorry, you are not allowed to preserve the environment" msgstr "残念ですが、あなたは環境変数を保存することを許可されていません" -#: plugins/sudoers/sudoers.c:945 -msgid "command too long" -msgstr "コマンド名が長すぎます" - -#: plugins/sudoers/sudoers.c:1003 +#: plugins/sudoers/sudoers.c:1037 msgid "sudoedit doesn't need to be run via sudo" msgstr "sudoedit の実行に sudo を使用する必要はありません" -#: plugins/sudoers/sudoers.c:1057 plugins/sudoers/sudoreplay.c:1547 +#: plugins/sudoers/sudoers.c:1096 plugins/sudoers/sudoreplay.c:1578 #: plugins/sudoers/tsdump.c:138 #, c-format msgid "unable to read %s" msgstr "%s を読み込めません" -#: plugins/sudoers/sudoers.c:1082 plugins/sudoers/visudo.c:432 -#: plugins/sudoers/visudo.c:726 +#: plugins/sudoers/sudoers.c:1121 plugins/sudoers/visudo.c:449 +#: plugins/sudoers/visudo.c:748 #, c-format msgid "unable to stat %s" msgstr "%s の状態取得 (stat) ができません" -#: plugins/sudoers/sudoers.c:1086 plugins/sudoers/visudo.c:1018 +#: plugins/sudoers/sudoers.c:1125 plugins/sudoers/visudo.c:1045 #, c-format msgid "%s is not a regular file" msgstr "%s は通常ファイルではありません" -#: plugins/sudoers/sudoers.c:1090 plugins/sudoers/timestamp.c:252 toke.l:1112 +#: plugins/sudoers/sudoers.c:1129 plugins/sudoers/timestamp.c:252 toke.l:1168 #, c-format msgid "%s is owned by uid %u, should be %u" msgstr "%s はユーザーID %u によって所有されています。これは %u であるべきです" -#: plugins/sudoers/sudoers.c:1094 toke.l:1117 +#: plugins/sudoers/sudoers.c:1133 toke.l:1173 #, c-format msgid "%s is world writable" msgstr "%s は誰でも書き込み可能です" -#: plugins/sudoers/sudoers.c:1098 toke.l:1120 +#: plugins/sudoers/sudoers.c:1137 toke.l:1176 #, c-format msgid "%s is owned by gid %u, should be %u" msgstr "%s のグループIDは %u になっています。これは %u であるべきです" -#: plugins/sudoers/sudoers.c:1131 +#: plugins/sudoers/sudoers.c:1170 #, c-format msgid "only root can use \"-c %s\"" msgstr "root のみ \"-c %s\" を使用できます" -#: plugins/sudoers/sudoers.c:1150 +#: plugins/sudoers/sudoers.c:1189 #, c-format -msgid "unknown login class: %s" -msgstr "不明なログインクラスです: %s" +msgid "unknown login class %s" +msgstr "不明なログインクラス %s" -#: plugins/sudoers/sudoers.c:1235 plugins/sudoers/sudoers.c:1250 +#: plugins/sudoers/sudoers.c:1275 plugins/sudoers/sudoers.c:1290 #, c-format msgid "unable to resolve host %s" msgstr "ホスト %s の名前解決ができません" -#: plugins/sudoers/sudoreplay.c:257 +#: plugins/sudoers/sudoreplay.c:259 #, c-format msgid "invalid filter option: %s" msgstr "無効なフィルターオプションです: %s" -#: plugins/sudoers/sudoreplay.c:273 +#: plugins/sudoers/sudoreplay.c:275 #, c-format msgid "invalid max wait: %s" msgstr "無効な最大待機時間です: %s" -#: plugins/sudoers/sudoreplay.c:296 +#: plugins/sudoers/sudoreplay.c:298 #, c-format msgid "invalid speed factor: %s" msgstr "無効な speed_factor の値です: %s" -#: plugins/sudoers/sudoreplay.c:332 +#: plugins/sudoers/sudoreplay.c:333 +#, c-format +msgid "invalid time offset %s" +msgstr "無効な時間オフセット %s" + +#: plugins/sudoers/sudoreplay.c:342 #, c-format msgid "%s/%.2s/%.2s/%.2s: %s" msgstr "%s/%.2s/%.2s/%.2s: %s" -#: plugins/sudoers/sudoreplay.c:337 +#: plugins/sudoers/sudoreplay.c:347 #, c-format msgid "%s/timing: %s" msgstr "%s/タイミング: %s" -#: plugins/sudoers/sudoreplay.c:341 -#, c-format -msgid "%s/%s: %s" -msgstr "%s/%s: %s" - -#: plugins/sudoers/sudoreplay.c:365 +#: plugins/sudoers/sudoreplay.c:375 #, c-format msgid "Replaying sudo session: %s" msgstr "再生する sudo セッション: %s" -#: plugins/sudoers/sudoreplay.c:627 +#: plugins/sudoers/sudoreplay.c:637 msgid "unable to set tty to raw mode" msgstr "tty を raw モードに設定できません" -#: plugins/sudoers/sudoreplay.c:678 +#: plugins/sudoers/sudoreplay.c:688 msgid "Warning: your terminal is too small to properly replay the log.\n" msgstr "警告: ログをきちんとリプレイするには端末が小さすぎます。\n" -#: plugins/sudoers/sudoreplay.c:679 +#: plugins/sudoers/sudoreplay.c:689 #, c-format msgid "Log geometry is %d x %d, your terminal's geometry is %d x %d." msgstr "ログの大きさは %d x %d で、端末の大きさは %d x %d です。" -#: plugins/sudoers/sudoreplay.c:707 +#: plugins/sudoers/sudoreplay.c:717 msgid "Replay finished, press any key to restore the terminal." msgstr "再生が終了しました、何かキーを押すと端末を回復します。" -#: plugins/sudoers/sudoreplay.c:1197 plugins/sudoers/sudoreplay.c:1227 +#: plugins/sudoers/sudoreplay.c:1218 plugins/sudoers/sudoreplay.c:1248 #, c-format msgid "ambiguous expression \"%s\"" msgstr "曖昧な式 \"%s です\"" -#: plugins/sudoers/sudoreplay.c:1249 +#: plugins/sudoers/sudoreplay.c:1270 msgid "unmatched ')' in expression" msgstr "式内で ')' が不一致です" -#: plugins/sudoers/sudoreplay.c:1253 +#: plugins/sudoers/sudoreplay.c:1274 #, c-format msgid "unknown search term \"%s\"" msgstr "不明な検索語 \"%s\" です" -#: plugins/sudoers/sudoreplay.c:1268 +#: plugins/sudoers/sudoreplay.c:1289 #, c-format msgid "%s requires an argument" msgstr "%s は引数が必要です" -#: plugins/sudoers/sudoreplay.c:1271 plugins/sudoers/sudoreplay.c:1523 +#: plugins/sudoers/sudoreplay.c:1292 plugins/sudoers/sudoreplay.c:1554 #, c-format msgid "invalid regular expression: %s" msgstr "無効な正規表現です: %s" -#: plugins/sudoers/sudoreplay.c:1276 +#: plugins/sudoers/sudoreplay.c:1297 #, c-format msgid "could not parse date \"%s\"" msgstr "日付 \"%s\" を構文解析できませんでした" -#: plugins/sudoers/sudoreplay.c:1285 +#: plugins/sudoers/sudoreplay.c:1306 msgid "unmatched '(' in expression" msgstr "式内で '(' が不一致です" -#: plugins/sudoers/sudoreplay.c:1287 +#: plugins/sudoers/sudoreplay.c:1308 msgid "illegal trailing \"or\"" msgstr "末尾に \"or\" を配置できません" -#: plugins/sudoers/sudoreplay.c:1289 +#: plugins/sudoers/sudoreplay.c:1310 msgid "illegal trailing \"!\"" msgstr "末尾に \"!\" を配置できません" -#: plugins/sudoers/sudoreplay.c:1347 +#: plugins/sudoers/sudoreplay.c:1368 #, c-format msgid "unknown search type %d" msgstr "未知の検索タイプ %d" -#: plugins/sudoers/sudoreplay.c:1614 +#: plugins/sudoers/sudoreplay.c:1645 #, c-format msgid "usage: %s [-hnRS] [-d dir] [-m num] [-s num] ID\n" msgstr "使用法: %s [-hnRS] [-d dir] [-m num] [-s num] ID\n" -#: plugins/sudoers/sudoreplay.c:1617 +#: plugins/sudoers/sudoreplay.c:1648 #, c-format msgid "usage: %s [-h] [-d dir] -l [search expression]\n" msgstr "使用法: %s [-h] [-d dir] -l [search expression]\n" -#: plugins/sudoers/sudoreplay.c:1626 +#: plugins/sudoers/sudoreplay.c:1657 #, c-format msgid "" "%s - replay sudo session logs\n" @@ -2784,7 +3429,7 @@ "%s - sudo セッションログをリプレイします\n" "\n" -#: plugins/sudoers/sudoreplay.c:1628 +#: plugins/sudoers/sudoreplay.c:1659 msgid "" "\n" "Options:\n" @@ -2812,11 +3457,11 @@ " -s, --speed=num 出力速度を速くする、または遅くする\n" " -V, --version バージョン情報を表示して終了する" -#: plugins/sudoers/testsudoers.c:348 +#: plugins/sudoers/testsudoers.c:344 msgid "\thost unmatched" msgstr "\tホストが一致しません" -#: plugins/sudoers/testsudoers.c:351 +#: plugins/sudoers/testsudoers.c:347 msgid "" "\n" "Command allowed" @@ -2824,7 +3469,7 @@ "\n" "コマンドが許可されました" -#: plugins/sudoers/testsudoers.c:352 +#: plugins/sudoers/testsudoers.c:348 msgid "" "\n" "Command denied" @@ -2832,7 +3477,7 @@ "\n" "コマンドが拒否されました" -#: plugins/sudoers/testsudoers.c:352 +#: plugins/sudoers/testsudoers.c:348 msgid "" "\n" "Command unmatched" @@ -2845,121 +3490,127 @@ msgid "%s is group writable" msgstr "%s はグループのメンバーによる書き込みが可能です" -#: plugins/sudoers/timestamp.c:336 plugins/sudoers/timestamp.c:680 +#: plugins/sudoers/timestamp.c:328 plugins/sudoers/timestamp.c:663 #, c-format msgid "unable to truncate time stamp file to %lld bytes" msgstr "タイムスタンプファイルを %lld バイトに切り詰めることができません" -#: plugins/sudoers/timestamp.c:866 +#: plugins/sudoers/timestamp.c:860 msgid "ignoring time stamp from the future" msgstr "未来の時刻のタイムスタンプを無視します" -#: plugins/sudoers/timestamp.c:889 +#: plugins/sudoers/timestamp.c:883 #, c-format msgid "time stamp too far in the future: %20.20s" msgstr "タイムスタンプが遠すぎる将来になっています: %20.20s" -#: plugins/sudoers/timestamp.c:1011 +#: plugins/sudoers/timestamp.c:1005 #, c-format msgid "unable to lock time stamp file %s" msgstr "タイムスタンプファイル %s をロックすることができません" -#: plugins/sudoers/timestamp.c:1055 plugins/sudoers/timestamp.c:1075 +#: plugins/sudoers/timestamp.c:1049 plugins/sudoers/timestamp.c:1069 #, c-format msgid "lecture status path too long: %s/%s" msgstr "受講状況格納パスが長すぎます: %s/%s" -#: plugins/sudoers/toke_util.c:124 +#: plugins/sudoers/toke_util.c:150 msgid "sudoedit should not be specified with a path" msgstr "sudoedit はパスなしで設定するべきです" -#: plugins/sudoers/visudo.c:226 +#: plugins/sudoers/visudo.c:238 msgid "the -x option will be removed in a future release" msgstr "-x オプションは将来のリリースでは削除されます" -#: plugins/sudoers/visudo.c:228 +#: plugins/sudoers/visudo.c:240 msgid "please consider using the cvtsudoers utility instead" msgstr "cvtsudoers ユーティリティーを代わりに使用することを検討してください" -#: plugins/sudoers/visudo.c:279 plugins/sudoers/visudo.c:659 +#: plugins/sudoers/visudo.c:292 plugins/sudoers/visudo.c:676 #, c-format msgid "press return to edit %s: " msgstr "%s を編集するためにリターンを押してください: " -#: plugins/sudoers/visudo.c:340 +#: plugins/sudoers/visudo.c:307 +#, c-format +msgid "contents of edit session left in %s" +msgstr "編集セッションの内容が %s 内に残っています" + +#: plugins/sudoers/visudo.c:361 #, c-format msgid "specified editor (%s) doesn't exist" msgstr "指定したエディター (%s) が存在しません" -#: plugins/sudoers/visudo.c:342 +#: plugins/sudoers/visudo.c:363 #, c-format msgid "no editor found (editor path = %s)" msgstr "エディターが見つかりません (エディターのパス = %s)" -#: plugins/sudoers/visudo.c:452 plugins/sudoers/visudo.c:460 +#: plugins/sudoers/visudo.c:469 plugins/sudoers/visudo.c:477 msgid "write error" msgstr "書き込みエラーです" -#: plugins/sudoers/visudo.c:506 +#: plugins/sudoers/visudo.c:523 #, c-format msgid "unable to stat temporary file (%s), %s unchanged" msgstr "一時ファイル (%s) の状態取得 (stat) ができません。%s は変更されません" -#: plugins/sudoers/visudo.c:513 +#: plugins/sudoers/visudo.c:530 #, c-format msgid "zero length temporary file (%s), %s unchanged" msgstr "一時ファイル (%s) の大きさが 0 です。%s は変更されません" -#: plugins/sudoers/visudo.c:519 +#: plugins/sudoers/visudo.c:536 #, c-format msgid "editor (%s) failed, %s unchanged" msgstr "エディター (%s) が異常終了しました。%s は変更されません" -#: plugins/sudoers/visudo.c:541 +#: plugins/sudoers/visudo.c:558 #, c-format msgid "%s unchanged" msgstr "%s は変更されません" -#: plugins/sudoers/visudo.c:598 +#: plugins/sudoers/visudo.c:615 #, c-format msgid "unable to re-open temporary file (%s), %s unchanged." msgstr "一時ファイル (%s) を再度開くことができません。%s は変更されません。" -#: plugins/sudoers/visudo.c:610 +#: plugins/sudoers/visudo.c:627 #, c-format msgid "unable to parse temporary file (%s), unknown error" msgstr "一時ファイル (%s) の構文解析ができません。不明なエラーです" -#: plugins/sudoers/visudo.c:648 +#: plugins/sudoers/visudo.c:665 #, c-format msgid "internal error, unable to find %s in list!" msgstr "内部エラー、リスト内に %s が見つかりません!" -#: plugins/sudoers/visudo.c:728 plugins/sudoers/visudo.c:737 +#: plugins/sudoers/visudo.c:722 plugins/sudoers/visudo.c:752 +#: plugins/sudoers/visudo.c:759 #, c-format msgid "unable to set (uid, gid) of %s to (%u, %u)" msgstr "%s の (ユーザーID, グループID) を (%u, %u) に設定できません" -#: plugins/sudoers/visudo.c:760 +#: plugins/sudoers/visudo.c:787 #, c-format msgid "%s and %s not on the same file system, using mv to rename" msgstr "%s と %s は同じファイルシステム上にありません。名前を変更するために mv を使用しています" -#: plugins/sudoers/visudo.c:774 +#: plugins/sudoers/visudo.c:798 #, c-format msgid "command failed: '%s %s %s', %s unchanged" msgstr "コマンドの失敗です: '%s %s %s'。%s は変更されません" -#: plugins/sudoers/visudo.c:784 +#: plugins/sudoers/visudo.c:805 #, c-format msgid "error renaming %s, %s unchanged" msgstr "%s の名前変更に失敗しました。%s は変更されません" -#: plugins/sudoers/visudo.c:805 +#: plugins/sudoers/visudo.c:825 msgid "What now? " msgstr "次は何でしょうか? " -#: plugins/sudoers/visudo.c:819 +#: plugins/sudoers/visudo.c:839 msgid "" "Options are:\n" " (e)dit sudoers file again\n" @@ -2971,66 +3622,41 @@ " x -- sudoers ファイルへの変更を保存せずに終了します\n" " Q -- sudoers ファイルへの変更を保存して終了します (*危険です!*)\n" -#: plugins/sudoers/visudo.c:865 +#: plugins/sudoers/visudo.c:885 #, c-format msgid "unable to run %s" msgstr "%s を実行できません" -#: plugins/sudoers/visudo.c:895 +#: plugins/sudoers/visudo.c:916 #, c-format msgid "%s: wrong owner (uid, gid) should be (%u, %u)\n" msgstr "%s: 所有権に誤りがあります。(ユーザーID, グループID) は (%u, %u) であるべきです\n" -#: plugins/sudoers/visudo.c:902 +#: plugins/sudoers/visudo.c:927 #, c-format msgid "%s: bad permissions, should be mode 0%o\n" msgstr "%s: アクセス権限に誤りがあります。モードは 0%o であるべきです\n" -#: plugins/sudoers/visudo.c:951 plugins/sudoers/visudo.c:958 +#: plugins/sudoers/visudo.c:978 plugins/sudoers/visudo.c:985 #, c-format msgid "%s: parsed OK\n" msgstr "%s: 正しく構文解析されました\n" -#: plugins/sudoers/visudo.c:977 +#: plugins/sudoers/visudo.c:1004 #, c-format msgid "%s busy, try again later" msgstr "%s がビジー状態です。後で再試行してください" -#: plugins/sudoers/visudo.c:980 -#, c-format -msgid "unable to lock %s" -msgstr "%s をロックできません" - -#: plugins/sudoers/visudo.c:981 +#: plugins/sudoers/visudo.c:1008 msgid "Edit anyway? [y/N]" msgstr "それでも編集しますか? [y/N]" -#: plugins/sudoers/visudo.c:1091 -#, c-format -msgid "Error: %s:%d:%d: cycle in %s \"%s\"" -msgstr "エラー: %s:%d:%d: %s \"%s\" でエイリアス定義が循環しています" - -#: plugins/sudoers/visudo.c:1092 -#, c-format -msgid "Warning: %s:%d:%d: cycle in %s \"%s\"" -msgstr "警告: %s:%d:%d: %s \"%s\" でエイリアス定義が循環しています" - -#: plugins/sudoers/visudo.c:1096 -#, c-format -msgid "Error: %s:%d:%d: %s \"%s\" referenced but not defined" -msgstr "エラー: %s:%d:%d: %s \"%s\" は参照されているのに定義されていません" - -#: plugins/sudoers/visudo.c:1097 -#, c-format -msgid "Warning: %s:%d:%d: %s \"%s\" referenced but not defined" -msgstr "警告: %s:%d:%d: %s \"%s\" は参照されているのに定義されていません" - -#: plugins/sudoers/visudo.c:1188 +#: plugins/sudoers/visudo.c:1104 #, c-format msgid "Warning: %s:%d:%d: unused %s \"%s\"" msgstr "警告: %s:%d:%d: エイリアス %s \"%s\" は使用されていません" -#: plugins/sudoers/visudo.c:1303 +#: plugins/sudoers/visudo.c:1220 #, c-format msgid "" "%s - safely edit the sudoers file\n" @@ -3039,7 +3665,7 @@ "%s - sudoers ファイルを安全に編集する\n" "\n" -#: plugins/sudoers/visudo.c:1305 +#: plugins/sudoers/visudo.c:1222 msgid "" "\n" "Options:\n" @@ -3059,40 +3685,105 @@ " -s, --strict 厳密な文法検査を行う\n" " -V, --version バージョン情報を表示して終了する\n" -#: toke.l:179 +#: toke.l:187 msgid "empty string" msgstr "空の文字列" -#: toke.l:189 toke.l:491 +#: toke.l:199 toke.l:513 msgid "empty group" msgstr "空のグループ" -#: toke.l:197 toke.l:489 +#: toke.l:209 toke.l:511 msgid "empty netgroup" msgstr "空のネットグループ" -#: toke.l:293 toke.l:305 toke.l:317 toke.l:333 toke.l:352 toke.l:392 +#: toke.l:305 toke.l:317 toke.l:329 toke.l:345 toke.l:364 toke.l:404 msgid "invalid line continuation" msgstr "無効な行の継続" -#: toke.l:528 toke.l:540 +#: toke.l:550 toke.l:562 msgid "invalid IPv6 address" msgstr "無効な IPv6 アドレス" -#: toke.l:764 +#: toke.l:789 msgid "unexpected line break in string" msgstr "文字列の予期せぬところに改行" -#: toke.l:1084 +#: toke.l:1139 msgid "too many levels of includes" msgstr "インクルードの階層が大きすぎます" +#~ msgid "%s: write buffer already in use" +#~ msgstr "%s: 書き込みバッファは使用中です" + +#~ msgid "unable to read diffie-hellman parameters: %s" +#~ msgstr "ディフィー・ヘルマン パラメーターを読み込めません: %s" + +#~ msgid "unknown defaults entry \"%s\"" +#~ msgstr "不明なデフォルト項目 \"%s\" です" + +#~ msgid "%s:%d unknown key: %s" +#~ msgstr "%s:%d 未知の鍵: %s" + +#~ msgid "unable to get TLS server method: %s" +#~ msgstr "TLS サーバーメソッドを取得できません: %s" + +#~ msgid "%s:%u unable to parse \"%s\"" +#~ msgstr "%s:%u \"%s\" を構文解析できません" + +#~ msgid "" +#~ "\n" +#~ "Options:\n" +#~ " -f, --file path to configuration file\n" +#~ " -h --help display help message and exit\n" +#~ " -n, --no-fork do not fork, run in the foreground\n" +#~ " -R, --random-drop percent chance connections will drop\n" +#~ " -V, --version display version information and exit\n" +#~ msgstr "" +#~ "\n" +#~ "オプション:\n" +#~ " -f, --file=sudoers sudoers ファイルの位置を指定する\n" +#~ " -h, --help ヘルプメッセージを表示して終了する\n" +#~ " -n, --no-fork フォークせずに、フォアグラウンドで実行する\n" +#~ " -R, --random-drop 接続がドロップする確率(%)\n" +#~ " -V, --version バージョン情報を表示して終了する\n" + +#~ msgid "" +#~ "\n" +#~ "Options:\n" +#~ " --help display help message and exit\n" +#~ " -A, --accept only send an accept event (no I/O)\n" +#~ " -h, --host host to send logs to\n" +#~ " -i, --iolog_id remote ID of I/O log to be resumed\n" +#~ " -p, --port port to use when connecting to host\n" +#~ " -r, --restart restart previous I/O log transfer\n" +#~ " -R, --reject reject the command with the given reason\n" +#~ " -b, --ca-bundle certificate bundle file to verify server's cert against\n" +#~ " -c, --cert certificate file for TLS handshake\n" +#~ " -k, --key private key file\n" +#~ " -n, --no-verify do not verify server certificate\n" +#~ " -t, --test test audit server by sending selected I/O log n times in parallel\n" +#~ " -V, --version display version information and exit\n" +#~ msgstr "" +#~ "\n" +#~ "オプション:\n" +#~ " --help ヘルプメッセージを表示して終了する\n" +#~ " -A, --accept 受け取りイベントのみを送る (I/O なし)\n" +#~ " -h, --host ログの送り先とするホスト\n" +#~ " -i, --iolog_id 復元するI/O ログのリモート ID \n" +#~ " -p, --port ホストに接続するのに使用するポート\n" +#~ " -r, --restart 以前の I/O ログ転送を再開する\n" +#~ " -R, --reject 与えられた理由によりコマンドを拒否する\n" +#~ " -b, --ca-bundle サーバーの証明書を検証するために突き合わせる証明書バンドルファイル\n" +#~ " -c, --cert TLSハンドシェイクのための証明書ファイル\n" +#~ " -k, --key 秘密鍵ファイル\n" +#~ " -n, --no-verify サーバーの証明書を検証しない\n" +#~ " -t, --test 選んだ I/O ログを n 重に並列送信することで監査サーバーを試験する\n" +#~ " -V, --version バージョン情報を表示して終了する\n" + #~ msgid "Preload the dummy exec functions contained in the sudo_noexec library" #~ msgstr "sudo_noexec ライブラリに含まれるダミーの exec 関数群を事前ロードします" -#~ msgid "unable to lock log file: %s" -#~ msgstr "ログファイルをロックできません: %s" - #~ msgid "sudo_ldap_conf_add_ports: port too large" #~ msgstr "sudo_ldap_conf_add_ports: ポートが大きすぎます" @@ -3147,9 +3838,6 @@ #~ msgid "Warning: cycle in %s `%s'" #~ msgstr "警告: 循環を発見 %s `%s'" -#~ msgid "Warning: %s `%s' referenced but not defined" -#~ msgstr "警告: %s `%s' は参照されていますが定義されていません" - #~ msgid "Warning: unused %s `%s'" #~ msgstr "警告: 使われていません %s `%s'" Binary files /tmp/tmpi0rdlgnl/ugezXHF7Xt/sudo-1.9.5p2/plugins/sudoers/po/ko.mo and /tmp/tmpi0rdlgnl/jboyaHmwzR/sudo-1.9.9/plugins/sudoers/po/ko.mo differ diff -Nru sudo-1.9.5p2/plugins/sudoers/po/ko.po sudo-1.9.9/plugins/sudoers/po/ko.po --- sudo-1.9.5p2/plugins/sudoers/po/ko.po 2021-01-09 20:12:16.000000000 +0000 +++ sudo-1.9.9/plugins/sudoers/po/ko.po 2022-01-27 21:24:22.000000000 +0000 @@ -1,14 +1,14 @@ # Korean translation for the sudoers plugin # This file is distributed under the same license as the sudo package. # Todd C. Miller , 2011-2015 -# Seong-ho Cho , 2016-2020. +# Seong-ho Cho , 2016-2021. # msgid "" msgstr "" -"Project-Id-Version: sudoers 1.9.4b1\n" +"Project-Id-Version: sudoers 1.9.9b1\n" "Report-Msgid-Bugs-To: https://bugzilla.sudo.ws\n" -"POT-Creation-Date: 2020-11-14 06:24-0700\n" -"PO-Revision-Date: 2020-12-11 01:02+0900\n" +"POT-Creation-Date: 2021-12-08 10:19-0700\n" +"PO-Revision-Date: 2021-12-14 13:20+0900\n" "Last-Translator: Seong-ho Cho \n" "Language-Team: Korean \n" "Language: ko\n" @@ -19,17 +19,17 @@ "Plural-Forms: nplurals=1; plural=0;\n" "X-Generator: Poedit 2.3.1\n" -#: confstr.sh:1 gram.y:1077 +#: confstr.sh:1 gram.y:1201 msgid "syntax error" msgstr "문법 오류" #: confstr.sh:2 msgid "%p's password: " -msgstr "%p의 암호: " +msgstr "%p 암호: " #: confstr.sh:3 msgid "[sudo] password for %p: " -msgstr "[sudo] %p의 암호: " +msgstr "[sudo] %p 암호: " #: confstr.sh:4 msgid "Password: " @@ -43,868 +43,1298 @@ msgid "Sorry, try again." msgstr "죄송합니다만, 다시 시도하십시오." -#: gram.y:220 gram.y:286 gram.y:293 gram.y:300 gram.y:307 gram.y:314 -#: gram.y:334 gram.y:358 gram.y:365 gram.y:372 gram.y:379 gram.y:386 -#: gram.y:455 gram.y:464 gram.y:475 gram.y:510 gram.y:517 gram.y:524 -#: gram.y:531 gram.y:558 gram.y:654 gram.y:661 gram.y:670 gram.y:679 -#: gram.y:696 gram.y:834 gram.y:841 gram.y:849 gram.y:855 gram.y:971 -#: gram.y:978 gram.y:985 gram.y:992 gram.y:999 gram.y:1025 gram.y:1032 -#: gram.y:1039 gram.y:1236 gram.y:1526 lib/eventlog/eventlog.c:280 -#: lib/eventlog/eventlog.c:352 lib/eventlog/eventlog.c:753 -#: lib/eventlog/eventlog.c:817 lib/eventlog/eventlog.c:1062 -#: lib/iolog/iolog_fileio.c:998 lib/iolog/iolog_json.c:120 -#: lib/iolog/iolog_json.c:305 lib/iolog/iolog_json.c:335 -#: lib/iolog/iolog_json.c:457 lib/iolog/iolog_util.c:106 -#: lib/iolog/iolog_util.c:115 lib/iolog/iolog_util.c:125 -#: lib/iolog/iolog_util.c:133 lib/iolog/iolog_util.c:137 -#: lib/iolog/iolog_util.c:196 logsrvd/sendlog.c:480 -#: plugins/sudoers/alias.c:126 plugins/sudoers/alias.c:134 -#: plugins/sudoers/alias.c:153 plugins/sudoers/audit.c:115 -#: plugins/sudoers/audit.c:210 plugins/sudoers/auth/bsdauth.c:143 -#: plugins/sudoers/auth/kerb5.c:118 plugins/sudoers/auth/kerb5.c:144 -#: plugins/sudoers/auth/pam.c:669 plugins/sudoers/auth/rfc1938.c:111 -#: plugins/sudoers/auth/sia.c:59 plugins/sudoers/cvtsudoers.c:119 -#: plugins/sudoers/cvtsudoers.c:160 plugins/sudoers/cvtsudoers.c:177 -#: plugins/sudoers/cvtsudoers.c:188 plugins/sudoers/cvtsudoers.c:300 -#: plugins/sudoers/cvtsudoers.c:428 plugins/sudoers/cvtsudoers.c:561 -#: plugins/sudoers/cvtsudoers.c:578 plugins/sudoers/cvtsudoers.c:641 -#: plugins/sudoers/cvtsudoers.c:756 plugins/sudoers/cvtsudoers.c:764 -#: plugins/sudoers/cvtsudoers.c:1178 plugins/sudoers/cvtsudoers.c:1182 -#: plugins/sudoers/cvtsudoers.c:1284 plugins/sudoers/cvtsudoers_json.c:76 +#: gram.y:233 gram.y:300 gram.y:309 gram.y:318 gram.y:328 gram.y:338 +#: gram.y:362 gram.y:389 gram.y:398 gram.y:406 gram.y:415 gram.y:424 +#: gram.y:498 gram.y:508 gram.y:520 gram.y:564 gram.y:573 gram.y:582 +#: gram.y:591 gram.y:718 gram.y:726 gram.y:737 gram.y:749 gram.y:768 +#: gram.y:923 gram.y:928 gram.y:936 gram.y:950 gram.y:956 gram.y:1078 +#: gram.y:1087 gram.y:1095 gram.y:1104 gram.y:1113 gram.y:1142 gram.y:1151 +#: gram.y:1159 gram.y:1249 gram.y:1377 gram.y:1744 gram.y:1794 +#: lib/eventlog/eventlog.c:309 lib/eventlog/eventlog.c:382 +#: lib/eventlog/eventlog.c:804 lib/eventlog/eventlog.c:881 +#: lib/eventlog/eventlog.c:1176 lib/iolog/iolog_json.c:150 +#: lib/iolog/iolog_json.c:382 lib/iolog/iolog_json.c:412 +#: lib/iolog/iolog_json.c:555 lib/iolog/iolog_legacy.c:100 +#: lib/iolog/iolog_legacy.c:111 lib/iolog/iolog_legacy.c:123 +#: lib/iolog/iolog_legacy.c:133 lib/iolog/iolog_legacy.c:139 +#: lib/iolog/iolog_loginfo.c:76 lib/iolog/iolog_loginfo.c:211 +#: logsrvd/iolog_writer.c:84 logsrvd/iolog_writer.c:89 +#: logsrvd/iolog_writer.c:123 logsrvd/iolog_writer.c:172 +#: logsrvd/iolog_writer.c:212 logsrvd/iolog_writer.c:225 +#: logsrvd/iolog_writer.c:261 logsrvd/iolog_writer.c:286 +#: logsrvd/iolog_writer.c:301 logsrvd/iolog_writer.c:314 +#: logsrvd/iolog_writer.c:327 logsrvd/iolog_writer.c:340 +#: logsrvd/iolog_writer.c:355 logsrvd/iolog_writer.c:393 +#: logsrvd/iolog_writer.c:399 logsrvd/iolog_writer.c:406 +#: logsrvd/iolog_writer.c:412 logsrvd/iolog_writer.c:596 +#: logsrvd/logsrv_util.c:64 logsrvd/logsrvd.c:296 logsrvd/logsrvd.c:305 +#: logsrvd/logsrvd.c:1011 logsrvd/logsrvd.c:1073 logsrvd/logsrvd_conf.c:1360 +#: logsrvd/logsrvd_journal.c:70 logsrvd/logsrvd_journal.c:203 +#: logsrvd/logsrvd_journal.c:204 logsrvd/logsrvd_journal.c:260 +#: logsrvd/logsrvd_journal.c:425 logsrvd/logsrvd_journal.c:427 +#: logsrvd/logsrvd_local.c:174 logsrvd/logsrvd_local.c:175 +#: logsrvd/logsrvd_local.c:237 logsrvd/logsrvd_local.c:238 +#: logsrvd/logsrvd_local.c:376 logsrvd/logsrvd_local.c:425 +#: logsrvd/logsrvd_local.c:426 logsrvd/logsrvd_local.c:431 +#: logsrvd/logsrvd_local.c:432 logsrvd/logsrvd_queue.c:154 +#: logsrvd/logsrvd_queue.c:184 logsrvd/logsrvd_queue.c:261 +#: logsrvd/logsrvd_relay.c:439 logsrvd/logsrvd_relay.c:738 +#: logsrvd/logsrvd_relay.c:843 logsrvd/sendlog.c:246 logsrvd/sendlog.c:255 +#: logsrvd/sendlog.c:333 logsrvd/sendlog.c:640 plugins/sudoers/audit.c:116 +#: plugins/sudoers/auth/bsdauth.c:147 plugins/sudoers/auth/kerb5.c:118 +#: plugins/sudoers/auth/kerb5.c:146 plugins/sudoers/auth/pam.c:689 +#: plugins/sudoers/auth/rfc1938.c:111 plugins/sudoers/auth/sia.c:59 +#: plugins/sudoers/check_aliases.c:134 plugins/sudoers/cvtsudoers.c:131 +#: plugins/sudoers/cvtsudoers.c:175 plugins/sudoers/cvtsudoers.c:192 +#: plugins/sudoers/cvtsudoers.c:203 plugins/sudoers/cvtsudoers.c:333 +#: plugins/sudoers/cvtsudoers.c:372 plugins/sudoers/cvtsudoers.c:392 +#: plugins/sudoers/cvtsudoers.c:534 plugins/sudoers/cvtsudoers.c:667 +#: plugins/sudoers/cvtsudoers.c:685 plugins/sudoers/cvtsudoers.c:755 +#: plugins/sudoers/cvtsudoers.c:870 plugins/sudoers/cvtsudoers.c:878 +#: plugins/sudoers/cvtsudoers.c:1373 plugins/sudoers/cvtsudoers.c:1377 +#: plugins/sudoers/cvtsudoers.c:1479 plugins/sudoers/cvtsudoers_csv.c:183 +#: plugins/sudoers/cvtsudoers_csv.c:246 plugins/sudoers/cvtsudoers_json.c:76 #: plugins/sudoers/cvtsudoers_ldif.c:151 plugins/sudoers/cvtsudoers_ldif.c:194 #: plugins/sudoers/cvtsudoers_ldif.c:235 plugins/sudoers/cvtsudoers_ldif.c:300 -#: plugins/sudoers/cvtsudoers_ldif.c:371 plugins/sudoers/cvtsudoers_ldif.c:421 -#: plugins/sudoers/cvtsudoers_ldif.c:429 plugins/sudoers/cvtsudoers_ldif.c:440 -#: plugins/sudoers/cvtsudoers_ldif.c:447 plugins/sudoers/cvtsudoers_ldif.c:460 -#: plugins/sudoers/cvtsudoers_ldif.c:468 plugins/sudoers/cvtsudoers_ldif.c:615 -#: plugins/sudoers/defaults.c:630 plugins/sudoers/defaults.c:923 -#: plugins/sudoers/defaults.c:1098 plugins/sudoers/editor.c:181 -#: plugins/sudoers/env.c:261 plugins/sudoers/exptilde.c:92 -#: plugins/sudoers/filedigest.c:54 plugins/sudoers/filedigest.c:70 -#: plugins/sudoers/gc.c:56 plugins/sudoers/group_plugin.c:133 -#: plugins/sudoers/interfaces.c:72 plugins/sudoers/iolog.c:596 -#: plugins/sudoers/iolog.c:613 plugins/sudoers/ldap.c:184 -#: plugins/sudoers/ldap.c:422 plugins/sudoers/ldap.c:432 -#: plugins/sudoers/ldap.c:437 plugins/sudoers/ldap.c:441 -#: plugins/sudoers/ldap.c:453 plugins/sudoers/ldap.c:744 -#: plugins/sudoers/ldap.c:908 plugins/sudoers/ldap.c:1281 -#: plugins/sudoers/ldap.c:1709 plugins/sudoers/ldap.c:1746 -#: plugins/sudoers/ldap.c:1827 plugins/sudoers/ldap.c:1962 -#: plugins/sudoers/ldap.c:2063 plugins/sudoers/ldap.c:2079 -#: plugins/sudoers/ldap_conf.c:218 plugins/sudoers/ldap_conf.c:249 -#: plugins/sudoers/ldap_conf.c:301 plugins/sudoers/ldap_conf.c:337 -#: plugins/sudoers/ldap_conf.c:441 plugins/sudoers/ldap_conf.c:456 -#: plugins/sudoers/ldap_conf.c:553 plugins/sudoers/ldap_conf.c:586 -#: plugins/sudoers/ldap_conf.c:678 plugins/sudoers/ldap_conf.c:760 -#: plugins/sudoers/ldap_util.c:326 plugins/sudoers/ldap_util.c:333 -#: plugins/sudoers/ldap_util.c:603 plugins/sudoers/linux_audit.c:84 -#: plugins/sudoers/log_client.c:105 plugins/sudoers/log_client.c:381 -#: plugins/sudoers/log_client.c:688 plugins/sudoers/log_client.c:706 -#: plugins/sudoers/log_client.c:1407 plugins/sudoers/log_client.c:1620 -#: plugins/sudoers/log_client.c:1942 plugins/sudoers/log_client.c:1999 -#: plugins/sudoers/logging.c:100 plugins/sudoers/logging.c:166 -#: plugins/sudoers/logging.c:426 plugins/sudoers/logging.c:446 -#: plugins/sudoers/logging.c:527 plugins/sudoers/match_command.c:281 -#: plugins/sudoers/match_command.c:449 plugins/sudoers/match_command.c:499 -#: plugins/sudoers/match_command.c:573 plugins/sudoers/match_digest.c:93 -#: plugins/sudoers/parse.c:199 plugins/sudoers/parse.c:213 -#: plugins/sudoers/parse.c:230 plugins/sudoers/parse.c:244 -#: plugins/sudoers/parse.c:264 plugins/sudoers/parse.c:275 +#: plugins/sudoers/cvtsudoers_ldif.c:376 plugins/sudoers/cvtsudoers_ldif.c:430 +#: plugins/sudoers/cvtsudoers_ldif.c:438 plugins/sudoers/cvtsudoers_ldif.c:449 +#: plugins/sudoers/cvtsudoers_ldif.c:456 plugins/sudoers/cvtsudoers_ldif.c:469 +#: plugins/sudoers/cvtsudoers_ldif.c:477 plugins/sudoers/cvtsudoers_ldif.c:624 +#: plugins/sudoers/cvtsudoers_merge.c:246 +#: plugins/sudoers/cvtsudoers_merge.c:292 +#: plugins/sudoers/cvtsudoers_merge.c:339 +#: plugins/sudoers/cvtsudoers_merge.c:360 +#: plugins/sudoers/cvtsudoers_merge.c:446 +#: plugins/sudoers/cvtsudoers_merge.c:457 +#: plugins/sudoers/cvtsudoers_merge.c:526 +#: plugins/sudoers/cvtsudoers_merge.c:696 +#: plugins/sudoers/cvtsudoers_merge.c:704 +#: plugins/sudoers/cvtsudoers_merge.c:927 +#: plugins/sudoers/cvtsudoers_merge.c:962 plugins/sudoers/defaults.c:665 +#: plugins/sudoers/defaults.c:1019 plugins/sudoers/defaults.c:1206 +#: plugins/sudoers/editor.c:190 plugins/sudoers/env.c:262 +#: plugins/sudoers/exptilde.c:92 plugins/sudoers/filedigest.c:54 +#: plugins/sudoers/filedigest.c:70 plugins/sudoers/gc.c:57 +#: plugins/sudoers/group_plugin.c:133 plugins/sudoers/interfaces.c:68 +#: plugins/sudoers/iolog.c:609 plugins/sudoers/iolog.c:635 +#: plugins/sudoers/ldap.c:184 plugins/sudoers/ldap.c:422 +#: plugins/sudoers/ldap.c:432 plugins/sudoers/ldap.c:437 +#: plugins/sudoers/ldap.c:441 plugins/sudoers/ldap.c:453 +#: plugins/sudoers/ldap.c:749 plugins/sudoers/ldap.c:913 +#: plugins/sudoers/ldap.c:1286 plugins/sudoers/ldap.c:1712 +#: plugins/sudoers/ldap.c:1749 plugins/sudoers/ldap.c:1830 +#: plugins/sudoers/ldap.c:1965 plugins/sudoers/ldap.c:2066 +#: plugins/sudoers/ldap.c:2082 plugins/sudoers/ldap_conf.c:218 +#: plugins/sudoers/ldap_conf.c:249 plugins/sudoers/ldap_conf.c:301 +#: plugins/sudoers/ldap_conf.c:337 plugins/sudoers/ldap_conf.c:441 +#: plugins/sudoers/ldap_conf.c:456 plugins/sudoers/ldap_conf.c:553 +#: plugins/sudoers/ldap_conf.c:586 plugins/sudoers/ldap_conf.c:678 +#: plugins/sudoers/ldap_conf.c:760 plugins/sudoers/ldap_util.c:293 +#: plugins/sudoers/ldap_util.c:300 plugins/sudoers/ldap_util.c:613 +#: plugins/sudoers/linux_audit.c:86 plugins/sudoers/log_client.c:112 +#: plugins/sudoers/log_client.c:390 plugins/sudoers/log_client.c:703 +#: plugins/sudoers/log_client.c:724 plugins/sudoers/log_client.c:1444 +#: plugins/sudoers/log_client.c:1662 plugins/sudoers/log_client.c:1989 +#: plugins/sudoers/log_client.c:2046 plugins/sudoers/logging.c:104 +#: plugins/sudoers/logging.c:184 plugins/sudoers/logging.c:468 +#: plugins/sudoers/logging.c:488 plugins/sudoers/logging.c:627 +#: plugins/sudoers/match_command.c:297 plugins/sudoers/match_command.c:497 +#: plugins/sudoers/match_command.c:546 plugins/sudoers/match_command.c:618 +#: plugins/sudoers/match_command.c:666 plugins/sudoers/match_digest.c:93 +#: plugins/sudoers/parse.c:201 plugins/sudoers/parse.c:218 +#: plugins/sudoers/parse.c:250 plugins/sudoers/parse.c:267 +#: plugins/sudoers/parse.c:290 plugins/sudoers/parse.c:301 #: plugins/sudoers/parse_ldif.c:153 plugins/sudoers/parse_ldif.c:184 -#: plugins/sudoers/parse_ldif.c:253 plugins/sudoers/parse_ldif.c:260 -#: plugins/sudoers/parse_ldif.c:265 plugins/sudoers/parse_ldif.c:341 -#: plugins/sudoers/parse_ldif.c:352 plugins/sudoers/parse_ldif.c:379 -#: plugins/sudoers/parse_ldif.c:396 plugins/sudoers/parse_ldif.c:408 -#: plugins/sudoers/parse_ldif.c:412 plugins/sudoers/parse_ldif.c:426 -#: plugins/sudoers/parse_ldif.c:594 plugins/sudoers/parse_ldif.c:624 -#: plugins/sudoers/parse_ldif.c:649 plugins/sudoers/parse_ldif.c:707 -#: plugins/sudoers/parse_ldif.c:724 plugins/sudoers/parse_ldif.c:752 -#: plugins/sudoers/parse_ldif.c:759 plugins/sudoers/policy.c:526 -#: plugins/sudoers/policy.c:874 plugins/sudoers/prompt.c:93 -#: plugins/sudoers/pwutil.c:194 plugins/sudoers/pwutil.c:265 -#: plugins/sudoers/pwutil.c:343 plugins/sudoers/pwutil.c:517 -#: plugins/sudoers/pwutil.c:581 plugins/sudoers/pwutil.c:652 -#: plugins/sudoers/pwutil.c:811 plugins/sudoers/pwutil.c:867 -#: plugins/sudoers/pwutil.c:911 plugins/sudoers/pwutil.c:968 -#: plugins/sudoers/sssd.c:145 plugins/sudoers/sssd.c:407 -#: plugins/sudoers/sssd.c:470 plugins/sudoers/sssd.c:514 -#: plugins/sudoers/sssd.c:561 plugins/sudoers/sssd.c:754 -#: plugins/sudoers/stubs.c:110 plugins/sudoers/stubs.c:118 -#: plugins/sudoers/sudoers.c:300 plugins/sudoers/sudoers.c:326 -#: plugins/sudoers/sudoers.c:370 plugins/sudoers/sudoers.c:381 -#: plugins/sudoers/sudoers.c:391 plugins/sudoers/sudoers.c:433 -#: plugins/sudoers/sudoers.c:794 plugins/sudoers/sudoers.c:927 -#: plugins/sudoers/sudoers.c:961 plugins/sudoers/sudoers.c:1265 -#: plugins/sudoers/sudoreplay.c:552 plugins/sudoers/sudoreplay.c:555 -#: plugins/sudoers/sudoreplay.c:1259 plugins/sudoers/sudoreplay.c:1469 -#: plugins/sudoers/sudoreplay.c:1473 plugins/sudoers/testsudoers.c:128 -#: plugins/sudoers/testsudoers.c:228 plugins/sudoers/testsudoers.c:245 -#: plugins/sudoers/testsudoers.c:587 plugins/sudoers/timestamp.c:432 -#: plugins/sudoers/timestamp.c:476 plugins/sudoers/timestamp.c:986 -#: plugins/sudoers/toke_util.c:51 plugins/sudoers/toke_util.c:104 -#: plugins/sudoers/toke_util.c:129 plugins/sudoers/toke_util.c:157 -#: plugins/sudoers/tsdump.c:123 plugins/sudoers/visudo.c:145 -#: plugins/sudoers/visudo.c:323 plugins/sudoers/visudo.c:329 -#: plugins/sudoers/visudo.c:439 plugins/sudoers/visudo.c:615 -#: plugins/sudoers/visudo.c:935 plugins/sudoers/visudo.c:1008 -#: plugins/sudoers/visudo.c:1129 toke.l:913 toke.l:1033 toke.l:1091 +#: plugins/sudoers/parse_ldif.c:253 plugins/sudoers/parse_ldif.c:261 +#: plugins/sudoers/parse_ldif.c:266 plugins/sudoers/parse_ldif.c:342 +#: plugins/sudoers/parse_ldif.c:353 plugins/sudoers/parse_ldif.c:380 +#: plugins/sudoers/parse_ldif.c:397 plugins/sudoers/parse_ldif.c:409 +#: plugins/sudoers/parse_ldif.c:413 plugins/sudoers/parse_ldif.c:427 +#: plugins/sudoers/parse_ldif.c:484 plugins/sudoers/parse_ldif.c:597 +#: plugins/sudoers/parse_ldif.c:627 plugins/sudoers/parse_ldif.c:652 +#: plugins/sudoers/parse_ldif.c:710 plugins/sudoers/parse_ldif.c:727 +#: plugins/sudoers/parse_ldif.c:755 plugins/sudoers/parse_ldif.c:762 +#: plugins/sudoers/policy.c:564 plugins/sudoers/policy.c:978 +#: plugins/sudoers/prompt.c:93 plugins/sudoers/pwutil.c:199 +#: plugins/sudoers/pwutil.c:270 plugins/sudoers/pwutil.c:348 +#: plugins/sudoers/pwutil.c:522 plugins/sudoers/pwutil.c:587 +#: plugins/sudoers/pwutil.c:659 plugins/sudoers/pwutil.c:857 +#: plugins/sudoers/pwutil.c:913 plugins/sudoers/pwutil.c:957 +#: plugins/sudoers/pwutil.c:1014 plugins/sudoers/sssd.c:145 +#: plugins/sudoers/sssd.c:407 plugins/sudoers/sssd.c:470 +#: plugins/sudoers/sssd.c:514 plugins/sudoers/sssd.c:558 +#: plugins/sudoers/sssd.c:751 plugins/sudoers/strvec_join.c:53 +#: plugins/sudoers/stubs.c:111 plugins/sudoers/stubs.c:119 +#: plugins/sudoers/sudoers.c:335 plugins/sudoers/sudoers.c:361 +#: plugins/sudoers/sudoers.c:429 plugins/sudoers/sudoers.c:438 +#: plugins/sudoers/sudoers.c:479 plugins/sudoers/sudoers.c:842 +#: plugins/sudoers/sudoers.c:980 plugins/sudoers/sudoers.c:1039 +#: plugins/sudoers/sudoers.c:1305 plugins/sudoers/sudoreplay.c:562 +#: plugins/sudoers/sudoreplay.c:565 plugins/sudoers/sudoreplay.c:1280 +#: plugins/sudoers/sudoreplay.c:1500 plugins/sudoers/sudoreplay.c:1504 +#: plugins/sudoers/testsudoers.c:120 plugins/sudoers/testsudoers.c:224 +#: plugins/sudoers/testsudoers.c:241 plugins/sudoers/testsudoers.c:580 +#: plugins/sudoers/timestamp.c:424 plugins/sudoers/timestamp.c:468 +#: plugins/sudoers/timestamp.c:980 plugins/sudoers/timestamp.c:1118 +#: plugins/sudoers/toke_util.c:77 plugins/sudoers/toke_util.c:105 +#: plugins/sudoers/toke_util.c:130 plugins/sudoers/toke_util.c:155 +#: plugins/sudoers/toke_util.c:193 plugins/sudoers/tsdump.c:123 +#: plugins/sudoers/visudo.c:145 plugins/sudoers/visudo.c:344 +#: plugins/sudoers/visudo.c:350 plugins/sudoers/visudo.c:456 +#: plugins/sudoers/visudo.c:632 plugins/sudoers/visudo.c:962 +#: plugins/sudoers/visudo.c:1035 toke.l:944 toke.l:1076 toke.l:1147 msgid "unable to allocate memory" msgstr "메모리를 할당할 수 없습니다" -#: gram.y:552 +#: gram.y:615 msgid "a digest requires a path name" msgstr "다이제스트에 경로 이름이 필요합니다" -#: gram.y:581 +#: gram.y:637 msgid "values for \"CWD\" must start with a '/', '~', or '*'" msgstr "%s: \"CWD\" 값은 '/'; '~'; '*' 문자로 시작해야합니다" -#: gram.y:593 +#: gram.y:643 +msgid "\"CWD\" path too long" +msgstr "\"CWD\" 경로가 너무 깁니다" + +#: gram.y:653 msgid "values for \"CHROOT\" must start with a '/', '~', or '*'" msgstr "%s: \"CHROOT\" 값은 '/'; '~'; '*' 문자로 시작해야합니다" -#: gram.y:715 +#: gram.y:659 +msgid "\"CHROOT\" path too long" +msgstr "\"CHROOT\" 경로가 너무 깁니다" + +#: gram.y:788 #, c-format msgid "syntax error, reserved word %s used as an alias name" msgstr "문법 오류. %s 예약어를 별칭으로 썼습니다" -#: gram.y:735 +#: gram.y:811 msgid "invalid notbefore value" -msgstr "잘못된 notbefore 값" +msgstr "부적절한 notbefore 값" -#: gram.y:743 +#: gram.y:820 msgid "invalid notafter value" -msgstr "잘못된 notafter 값" +msgstr "부적절한 notafter 값" -#: gram.y:752 plugins/sudoers/policy.c:335 +#: gram.y:830 plugins/sudoers/policy.c:353 msgid "timeout value too large" msgstr "제한 시간 값이 너무 큽니다" -#: gram.y:754 plugins/sudoers/policy.c:337 +#: gram.y:832 plugins/sudoers/policy.c:355 msgid "invalid timeout value" -msgstr "잘못된 제한 시간 값" +msgstr "부적절한 제한 시간 값" + +#: gram.y:946 plugins/sudoers/sudoers.c:998 +msgid "command too long" +msgstr "명령이 너무 깁니다" -#: gram.y:1079 +#: gram.y:1203 #, c-format msgid "%s:%d:%d: %s\n" msgstr "%s:%d:%d: %s\n" -#: gram.y:1526 lib/eventlog/eventlog.c:280 lib/eventlog/eventlog.c:753 -#: lib/eventlog/eventlog.c:815 lib/eventlog/eventlog.c:816 -#: lib/eventlog/eventlog.c:1062 lib/iolog/iolog_fileio.c:998 -#: lib/iolog/iolog_json.c:120 lib/iolog/iolog_json.c:304 -#: lib/iolog/iolog_json.c:335 lib/iolog/iolog_json.c:457 -#: lib/iolog/iolog_json.c:735 lib/iolog/iolog_util.c:106 -#: lib/iolog/iolog_util.c:115 lib/iolog/iolog_util.c:125 -#: lib/iolog/iolog_util.c:133 lib/iolog/iolog_util.c:137 -#: lib/iolog/iolog_util.c:196 logsrvd/logsrvd.c:1280 logsrvd/logsrvd.c:1293 -#: logsrvd/logsrvd.c:1338 logsrvd/sendlog.c:480 logsrvd/sendlog.c:1321 -#: logsrvd/sendlog.c:1328 logsrvd/sendlog.c:1746 plugins/sudoers/audit.c:115 -#: plugins/sudoers/audit.c:210 plugins/sudoers/auth/pam.c:482 -#: plugins/sudoers/auth/pam.c:669 plugins/sudoers/auth/rfc1938.c:111 -#: plugins/sudoers/cvtsudoers.c:119 plugins/sudoers/cvtsudoers.c:159 -#: plugins/sudoers/cvtsudoers.c:176 plugins/sudoers/cvtsudoers.c:187 -#: plugins/sudoers/cvtsudoers.c:299 plugins/sudoers/cvtsudoers.c:427 -#: plugins/sudoers/cvtsudoers.c:560 plugins/sudoers/cvtsudoers.c:577 -#: plugins/sudoers/cvtsudoers.c:641 plugins/sudoers/cvtsudoers.c:756 -#: plugins/sudoers/cvtsudoers.c:763 plugins/sudoers/cvtsudoers.c:1178 -#: plugins/sudoers/cvtsudoers.c:1182 plugins/sudoers/cvtsudoers.c:1284 +#: gram.y:1247 +#, c-format +msgid "Alias \"%s\" already defined" +msgstr "\"%s\" 별칭을 이미 정의했습니다" + +#: gram.y:1744 gram.y:1794 lib/eventlog/eventlog.c:309 +#: lib/eventlog/eventlog.c:804 lib/eventlog/eventlog.c:877 +#: lib/eventlog/eventlog.c:880 lib/eventlog/eventlog.c:1176 +#: lib/iolog/iolog_json.c:150 lib/iolog/iolog_json.c:381 +#: lib/iolog/iolog_json.c:412 lib/iolog/iolog_json.c:555 +#: lib/iolog/iolog_legacy.c:100 lib/iolog/iolog_legacy.c:111 +#: lib/iolog/iolog_legacy.c:123 lib/iolog/iolog_legacy.c:133 +#: lib/iolog/iolog_legacy.c:139 lib/iolog/iolog_loginfo.c:76 +#: lib/iolog/iolog_loginfo.c:211 logsrvd/iolog_writer.c:84 +#: logsrvd/iolog_writer.c:89 logsrvd/iolog_writer.c:123 +#: logsrvd/iolog_writer.c:162 logsrvd/iolog_writer.c:171 +#: logsrvd/iolog_writer.c:189 logsrvd/iolog_writer.c:211 +#: logsrvd/iolog_writer.c:224 logsrvd/iolog_writer.c:251 +#: logsrvd/iolog_writer.c:260 logsrvd/iolog_writer.c:276 +#: logsrvd/iolog_writer.c:285 logsrvd/iolog_writer.c:300 +#: logsrvd/iolog_writer.c:313 logsrvd/iolog_writer.c:326 +#: logsrvd/iolog_writer.c:339 logsrvd/iolog_writer.c:354 +#: logsrvd/iolog_writer.c:393 logsrvd/iolog_writer.c:399 +#: logsrvd/iolog_writer.c:406 logsrvd/iolog_writer.c:412 +#: logsrvd/iolog_writer.c:596 logsrvd/logsrv_util.c:64 logsrvd/logsrvd.c:296 +#: logsrvd/logsrvd.c:305 logsrvd/logsrvd.c:448 logsrvd/logsrvd.c:485 +#: logsrvd/logsrvd.c:593 logsrvd/logsrvd.c:1084 logsrvd/logsrvd.c:1400 +#: logsrvd/logsrvd.c:1406 logsrvd/logsrvd_conf.c:1360 +#: logsrvd/logsrvd_journal.c:70 logsrvd/logsrvd_journal.c:114 +#: logsrvd/logsrvd_journal.c:203 logsrvd/logsrvd_journal.c:233 +#: logsrvd/logsrvd_journal.c:237 logsrvd/logsrvd_journal.c:245 +#: logsrvd/logsrvd_journal.c:268 logsrvd/logsrvd_journal.c:272 +#: logsrvd/logsrvd_journal.c:425 logsrvd/logsrvd_local.c:174 +#: logsrvd/logsrvd_local.c:237 logsrvd/logsrvd_local.c:425 +#: logsrvd/logsrvd_local.c:431 logsrvd/logsrvd_local.c:450 +#: logsrvd/logsrvd_queue.c:153 logsrvd/logsrvd_queue.c:184 +#: logsrvd/logsrvd_queue.c:261 logsrvd/sendlog.c:246 logsrvd/sendlog.c:255 +#: logsrvd/sendlog.c:333 logsrvd/sendlog.c:640 logsrvd/sendlog.c:1526 +#: logsrvd/sendlog.c:1533 logsrvd/sendlog.c:1756 logsrvd/tls_init.c:293 +#: logsrvd/tls_init.c:314 logsrvd/tls_init.c:324 plugins/sudoers/audit.c:116 +#: plugins/sudoers/auth/pam.c:503 plugins/sudoers/auth/pam.c:689 +#: plugins/sudoers/auth/rfc1938.c:111 plugins/sudoers/check_aliases.c:134 +#: plugins/sudoers/cvtsudoers.c:131 plugins/sudoers/cvtsudoers.c:174 +#: plugins/sudoers/cvtsudoers.c:191 plugins/sudoers/cvtsudoers.c:202 +#: plugins/sudoers/cvtsudoers.c:332 plugins/sudoers/cvtsudoers.c:533 +#: plugins/sudoers/cvtsudoers.c:666 plugins/sudoers/cvtsudoers.c:684 +#: plugins/sudoers/cvtsudoers.c:755 plugins/sudoers/cvtsudoers.c:870 +#: plugins/sudoers/cvtsudoers.c:877 plugins/sudoers/cvtsudoers.c:1373 +#: plugins/sudoers/cvtsudoers.c:1377 plugins/sudoers/cvtsudoers.c:1479 +#: plugins/sudoers/cvtsudoers_csv.c:182 plugins/sudoers/cvtsudoers_csv.c:245 #: plugins/sudoers/cvtsudoers_json.c:75 plugins/sudoers/cvtsudoers_ldif.c:150 #: plugins/sudoers/cvtsudoers_ldif.c:193 plugins/sudoers/cvtsudoers_ldif.c:234 -#: plugins/sudoers/cvtsudoers_ldif.c:299 plugins/sudoers/cvtsudoers_ldif.c:370 -#: plugins/sudoers/cvtsudoers_ldif.c:420 plugins/sudoers/cvtsudoers_ldif.c:428 -#: plugins/sudoers/cvtsudoers_ldif.c:439 plugins/sudoers/cvtsudoers_ldif.c:446 -#: plugins/sudoers/cvtsudoers_ldif.c:459 plugins/sudoers/cvtsudoers_ldif.c:467 -#: plugins/sudoers/cvtsudoers_ldif.c:614 plugins/sudoers/defaults.c:630 -#: plugins/sudoers/defaults.c:923 plugins/sudoers/defaults.c:1098 -#: plugins/sudoers/editor.c:181 plugins/sudoers/env.c:261 +#: plugins/sudoers/cvtsudoers_ldif.c:299 plugins/sudoers/cvtsudoers_ldif.c:375 +#: plugins/sudoers/cvtsudoers_ldif.c:429 plugins/sudoers/cvtsudoers_ldif.c:437 +#: plugins/sudoers/cvtsudoers_ldif.c:448 plugins/sudoers/cvtsudoers_ldif.c:455 +#: plugins/sudoers/cvtsudoers_ldif.c:468 plugins/sudoers/cvtsudoers_ldif.c:476 +#: plugins/sudoers/cvtsudoers_ldif.c:623 +#: plugins/sudoers/cvtsudoers_merge.c:246 +#: plugins/sudoers/cvtsudoers_merge.c:292 +#: plugins/sudoers/cvtsudoers_merge.c:338 +#: plugins/sudoers/cvtsudoers_merge.c:359 +#: plugins/sudoers/cvtsudoers_merge.c:446 +#: plugins/sudoers/cvtsudoers_merge.c:454 +#: plugins/sudoers/cvtsudoers_merge.c:457 +#: plugins/sudoers/cvtsudoers_merge.c:523 +#: plugins/sudoers/cvtsudoers_merge.c:526 +#: plugins/sudoers/cvtsudoers_merge.c:695 +#: plugins/sudoers/cvtsudoers_merge.c:703 +#: plugins/sudoers/cvtsudoers_merge.c:926 +#: plugins/sudoers/cvtsudoers_merge.c:962 plugins/sudoers/defaults.c:665 +#: plugins/sudoers/defaults.c:1019 plugins/sudoers/defaults.c:1206 +#: plugins/sudoers/editor.c:190 plugins/sudoers/env.c:262 #: plugins/sudoers/exptilde.c:92 plugins/sudoers/filedigest.c:54 -#: plugins/sudoers/filedigest.c:70 plugins/sudoers/gc.c:56 -#: plugins/sudoers/group_plugin.c:132 plugins/sudoers/interfaces.c:72 -#: plugins/sudoers/iolog.c:596 plugins/sudoers/iolog.c:613 +#: plugins/sudoers/filedigest.c:70 plugins/sudoers/gc.c:57 +#: plugins/sudoers/group_plugin.c:132 plugins/sudoers/interfaces.c:68 +#: plugins/sudoers/iolog.c:609 plugins/sudoers/iolog.c:635 #: plugins/sudoers/ldap.c:184 plugins/sudoers/ldap.c:422 #: plugins/sudoers/ldap.c:432 plugins/sudoers/ldap.c:437 #: plugins/sudoers/ldap.c:441 plugins/sudoers/ldap.c:453 -#: plugins/sudoers/ldap.c:744 plugins/sudoers/ldap.c:908 -#: plugins/sudoers/ldap.c:1281 plugins/sudoers/ldap.c:1709 -#: plugins/sudoers/ldap.c:1746 plugins/sudoers/ldap.c:1827 -#: plugins/sudoers/ldap.c:1962 plugins/sudoers/ldap.c:2063 -#: plugins/sudoers/ldap.c:2079 plugins/sudoers/ldap_conf.c:218 +#: plugins/sudoers/ldap.c:749 plugins/sudoers/ldap.c:913 +#: plugins/sudoers/ldap.c:1286 plugins/sudoers/ldap.c:1712 +#: plugins/sudoers/ldap.c:1749 plugins/sudoers/ldap.c:1830 +#: plugins/sudoers/ldap.c:1965 plugins/sudoers/ldap.c:2066 +#: plugins/sudoers/ldap.c:2082 plugins/sudoers/ldap_conf.c:218 #: plugins/sudoers/ldap_conf.c:249 plugins/sudoers/ldap_conf.c:301 #: plugins/sudoers/ldap_conf.c:337 plugins/sudoers/ldap_conf.c:441 #: plugins/sudoers/ldap_conf.c:456 plugins/sudoers/ldap_conf.c:553 #: plugins/sudoers/ldap_conf.c:586 plugins/sudoers/ldap_conf.c:677 -#: plugins/sudoers/ldap_conf.c:760 plugins/sudoers/ldap_util.c:325 -#: plugins/sudoers/ldap_util.c:332 plugins/sudoers/ldap_util.c:603 -#: plugins/sudoers/linux_audit.c:84 plugins/sudoers/log_client.c:105 -#: plugins/sudoers/log_client.c:214 plugins/sudoers/log_client.c:235 -#: plugins/sudoers/log_client.c:248 plugins/sudoers/log_client.c:381 -#: plugins/sudoers/log_client.c:688 plugins/sudoers/log_client.c:706 -#: plugins/sudoers/log_client.c:1407 plugins/sudoers/log_client.c:1620 -#: plugins/sudoers/log_client.c:1942 plugins/sudoers/log_client.c:1999 -#: plugins/sudoers/logging.c:100 plugins/sudoers/logging.c:165 -#: plugins/sudoers/logging.c:166 plugins/sudoers/logging.c:425 -#: plugins/sudoers/logging.c:445 plugins/sudoers/logging.c:527 -#: plugins/sudoers/match_command.c:280 plugins/sudoers/match_command.c:448 -#: plugins/sudoers/match_command.c:498 plugins/sudoers/match_command.c:573 -#: plugins/sudoers/match_digest.c:93 plugins/sudoers/parse.c:198 -#: plugins/sudoers/parse.c:212 plugins/sudoers/parse.c:229 -#: plugins/sudoers/parse.c:243 plugins/sudoers/parse.c:263 -#: plugins/sudoers/parse.c:274 plugins/sudoers/parse_ldif.c:152 -#: plugins/sudoers/parse_ldif.c:183 plugins/sudoers/parse_ldif.c:252 -#: plugins/sudoers/parse_ldif.c:259 plugins/sudoers/parse_ldif.c:264 -#: plugins/sudoers/parse_ldif.c:340 plugins/sudoers/parse_ldif.c:351 -#: plugins/sudoers/parse_ldif.c:378 plugins/sudoers/parse_ldif.c:395 -#: plugins/sudoers/parse_ldif.c:407 plugins/sudoers/parse_ldif.c:411 -#: plugins/sudoers/parse_ldif.c:425 plugins/sudoers/parse_ldif.c:594 -#: plugins/sudoers/parse_ldif.c:623 plugins/sudoers/parse_ldif.c:648 -#: plugins/sudoers/parse_ldif.c:706 plugins/sudoers/parse_ldif.c:723 -#: plugins/sudoers/parse_ldif.c:751 plugins/sudoers/parse_ldif.c:758 -#: plugins/sudoers/policy.c:139 plugins/sudoers/policy.c:148 -#: plugins/sudoers/policy.c:157 plugins/sudoers/policy.c:183 -#: plugins/sudoers/policy.c:320 plugins/sudoers/policy.c:335 -#: plugins/sudoers/policy.c:337 plugins/sudoers/policy.c:366 -#: plugins/sudoers/policy.c:375 plugins/sudoers/policy.c:418 -#: plugins/sudoers/policy.c:428 plugins/sudoers/policy.c:437 -#: plugins/sudoers/policy.c:446 plugins/sudoers/policy.c:526 -#: plugins/sudoers/policy.c:874 plugins/sudoers/prompt.c:93 -#: plugins/sudoers/pwutil.c:194 plugins/sudoers/pwutil.c:265 -#: plugins/sudoers/pwutil.c:343 plugins/sudoers/pwutil.c:517 -#: plugins/sudoers/pwutil.c:581 plugins/sudoers/pwutil.c:652 -#: plugins/sudoers/pwutil.c:811 plugins/sudoers/pwutil.c:867 -#: plugins/sudoers/pwutil.c:911 plugins/sudoers/pwutil.c:968 -#: plugins/sudoers/set_perms.c:359 plugins/sudoers/set_perms.c:698 -#: plugins/sudoers/set_perms.c:1061 plugins/sudoers/set_perms.c:1364 -#: plugins/sudoers/set_perms.c:1529 plugins/sudoers/sssd.c:144 +#: plugins/sudoers/ldap_conf.c:760 plugins/sudoers/ldap_util.c:292 +#: plugins/sudoers/ldap_util.c:299 plugins/sudoers/ldap_util.c:613 +#: plugins/sudoers/linux_audit.c:86 plugins/sudoers/log_client.c:112 +#: plugins/sudoers/log_client.c:221 plugins/sudoers/log_client.c:242 +#: plugins/sudoers/log_client.c:255 plugins/sudoers/log_client.c:390 +#: plugins/sudoers/log_client.c:703 plugins/sudoers/log_client.c:724 +#: plugins/sudoers/log_client.c:1444 plugins/sudoers/log_client.c:1662 +#: plugins/sudoers/log_client.c:1989 plugins/sudoers/log_client.c:2046 +#: plugins/sudoers/logging.c:104 plugins/sudoers/logging.c:183 +#: plugins/sudoers/logging.c:184 plugins/sudoers/logging.c:467 +#: plugins/sudoers/logging.c:487 plugins/sudoers/logging.c:627 +#: plugins/sudoers/match_command.c:296 plugins/sudoers/match_command.c:496 +#: plugins/sudoers/match_command.c:545 plugins/sudoers/match_command.c:618 +#: plugins/sudoers/match_command.c:665 plugins/sudoers/match_digest.c:93 +#: plugins/sudoers/parse.c:200 plugins/sudoers/parse.c:217 +#: plugins/sudoers/parse.c:249 plugins/sudoers/parse.c:266 +#: plugins/sudoers/parse.c:289 plugins/sudoers/parse.c:300 +#: plugins/sudoers/parse_ldif.c:152 plugins/sudoers/parse_ldif.c:183 +#: plugins/sudoers/parse_ldif.c:252 plugins/sudoers/parse_ldif.c:260 +#: plugins/sudoers/parse_ldif.c:265 plugins/sudoers/parse_ldif.c:341 +#: plugins/sudoers/parse_ldif.c:352 plugins/sudoers/parse_ldif.c:379 +#: plugins/sudoers/parse_ldif.c:396 plugins/sudoers/parse_ldif.c:408 +#: plugins/sudoers/parse_ldif.c:412 plugins/sudoers/parse_ldif.c:426 +#: plugins/sudoers/parse_ldif.c:484 plugins/sudoers/parse_ldif.c:597 +#: plugins/sudoers/parse_ldif.c:626 plugins/sudoers/parse_ldif.c:651 +#: plugins/sudoers/parse_ldif.c:709 plugins/sudoers/parse_ldif.c:726 +#: plugins/sudoers/parse_ldif.c:754 plugins/sudoers/parse_ldif.c:761 +#: plugins/sudoers/policy.c:152 plugins/sudoers/policy.c:161 +#: plugins/sudoers/policy.c:170 plugins/sudoers/policy.c:197 +#: plugins/sudoers/policy.c:338 plugins/sudoers/policy.c:353 +#: plugins/sudoers/policy.c:355 plugins/sudoers/policy.c:385 +#: plugins/sudoers/policy.c:394 plugins/sudoers/policy.c:442 +#: plugins/sudoers/policy.c:452 plugins/sudoers/policy.c:461 +#: plugins/sudoers/policy.c:470 plugins/sudoers/policy.c:564 +#: plugins/sudoers/policy.c:978 plugins/sudoers/prompt.c:93 +#: plugins/sudoers/pwutil.c:199 plugins/sudoers/pwutil.c:270 +#: plugins/sudoers/pwutil.c:348 plugins/sudoers/pwutil.c:522 +#: plugins/sudoers/pwutil.c:587 plugins/sudoers/pwutil.c:659 +#: plugins/sudoers/pwutil.c:857 plugins/sudoers/pwutil.c:913 +#: plugins/sudoers/pwutil.c:957 plugins/sudoers/pwutil.c:1014 +#: plugins/sudoers/set_perms.c:363 plugins/sudoers/set_perms.c:706 +#: plugins/sudoers/set_perms.c:1073 plugins/sudoers/set_perms.c:1380 +#: plugins/sudoers/set_perms.c:1549 plugins/sudoers/sssd.c:144 #: plugins/sudoers/sssd.c:407 plugins/sudoers/sssd.c:470 -#: plugins/sudoers/sssd.c:514 plugins/sudoers/sssd.c:561 -#: plugins/sudoers/sssd.c:754 plugins/sudoers/stubs.c:110 -#: plugins/sudoers/stubs.c:118 plugins/sudoers/sudoers.c:300 -#: plugins/sudoers/sudoers.c:326 plugins/sudoers/sudoers.c:370 -#: plugins/sudoers/sudoers.c:381 plugins/sudoers/sudoers.c:391 -#: plugins/sudoers/sudoers.c:433 plugins/sudoers/sudoers.c:794 -#: plugins/sudoers/sudoers.c:927 plugins/sudoers/sudoers.c:961 -#: plugins/sudoers/sudoers.c:1265 plugins/sudoers/sudoreplay.c:552 -#: plugins/sudoers/sudoreplay.c:555 plugins/sudoers/sudoreplay.c:1259 -#: plugins/sudoers/sudoreplay.c:1469 plugins/sudoers/sudoreplay.c:1473 -#: plugins/sudoers/testsudoers.c:128 plugins/sudoers/testsudoers.c:228 -#: plugins/sudoers/testsudoers.c:245 plugins/sudoers/testsudoers.c:587 -#: plugins/sudoers/timestamp.c:432 plugins/sudoers/timestamp.c:476 -#: plugins/sudoers/timestamp.c:986 plugins/sudoers/toke_util.c:51 -#: plugins/sudoers/toke_util.c:104 plugins/sudoers/toke_util.c:128 -#: plugins/sudoers/toke_util.c:157 plugins/sudoers/tsdump.c:123 -#: plugins/sudoers/visudo.c:145 plugins/sudoers/visudo.c:323 -#: plugins/sudoers/visudo.c:329 plugins/sudoers/visudo.c:439 -#: plugins/sudoers/visudo.c:615 plugins/sudoers/visudo.c:935 -#: plugins/sudoers/visudo.c:1008 plugins/sudoers/visudo.c:1129 toke.l:913 -#: toke.l:1033 toke.l:1091 +#: plugins/sudoers/sssd.c:514 plugins/sudoers/sssd.c:558 +#: plugins/sudoers/sssd.c:751 plugins/sudoers/strvec_join.c:53 +#: plugins/sudoers/stubs.c:111 plugins/sudoers/stubs.c:119 +#: plugins/sudoers/sudoers.c:335 plugins/sudoers/sudoers.c:361 +#: plugins/sudoers/sudoers.c:429 plugins/sudoers/sudoers.c:438 +#: plugins/sudoers/sudoers.c:479 plugins/sudoers/sudoers.c:842 +#: plugins/sudoers/sudoers.c:980 plugins/sudoers/sudoers.c:1039 +#: plugins/sudoers/sudoers.c:1305 plugins/sudoers/sudoreplay.c:562 +#: plugins/sudoers/sudoreplay.c:565 plugins/sudoers/sudoreplay.c:1280 +#: plugins/sudoers/sudoreplay.c:1500 plugins/sudoers/sudoreplay.c:1504 +#: plugins/sudoers/testsudoers.c:120 plugins/sudoers/testsudoers.c:224 +#: plugins/sudoers/testsudoers.c:241 plugins/sudoers/testsudoers.c:580 +#: plugins/sudoers/timestamp.c:424 plugins/sudoers/timestamp.c:468 +#: plugins/sudoers/timestamp.c:980 plugins/sudoers/timestamp.c:1118 +#: plugins/sudoers/toke_util.c:77 plugins/sudoers/toke_util.c:105 +#: plugins/sudoers/toke_util.c:130 plugins/sudoers/toke_util.c:154 +#: plugins/sudoers/toke_util.c:193 plugins/sudoers/tsdump.c:123 +#: plugins/sudoers/visudo.c:145 plugins/sudoers/visudo.c:344 +#: plugins/sudoers/visudo.c:350 plugins/sudoers/visudo.c:456 +#: plugins/sudoers/visudo.c:632 plugins/sudoers/visudo.c:962 +#: plugins/sudoers/visudo.c:1035 toke.l:944 toke.l:1076 toke.l:1139 +#: toke.l:1147 #, c-format msgid "%s: %s" msgstr "%s: %s" -#: lib/eventlog/eventlog.c:285 lib/iolog/iolog_json.c:463 -#: lib/iolog/iolog_json.c:466 lib/iolog/iolog_json.c:468 -#: lib/iolog/iolog_json.c:560 plugins/sudoers/cvtsudoers_ldif.c:244 -#: plugins/sudoers/cvtsudoers_ldif.c:251 plugins/sudoers/cvtsudoers_ldif.c:571 -#: plugins/sudoers/env.c:323 plugins/sudoers/env.c:330 -#: plugins/sudoers/env.c:437 plugins/sudoers/iolog.c:618 -#: plugins/sudoers/ldap.c:517 plugins/sudoers/ldap.c:748 -#: plugins/sudoers/ldap.c:1081 plugins/sudoers/ldap_conf.c:222 -#: plugins/sudoers/ldap_conf.c:312 plugins/sudoers/linux_audit.c:90 -#: plugins/sudoers/policy.c:556 plugins/sudoers/policy.c:711 -#: plugins/sudoers/policy.c:721 plugins/sudoers/prompt.c:161 -#: plugins/sudoers/sudoers.c:983 plugins/sudoers/testsudoers.c:249 -#: plugins/sudoers/toke_util.c:169 +#: lib/eventlog/eventlog.c:314 lib/iolog/iolog_json.c:562 +#: lib/iolog/iolog_json.c:568 lib/iolog/iolog_json.c:574 +#: plugins/sudoers/cvtsudoers_csv.c:192 plugins/sudoers/cvtsudoers_csv.c:199 +#: plugins/sudoers/cvtsudoers_ldif.c:244 plugins/sudoers/cvtsudoers_ldif.c:251 +#: plugins/sudoers/cvtsudoers_ldif.c:580 plugins/sudoers/env.c:326 +#: plugins/sudoers/env.c:333 plugins/sudoers/env.c:444 +#: plugins/sudoers/ldap.c:520 plugins/sudoers/ldap.c:753 +#: plugins/sudoers/ldap.c:1086 plugins/sudoers/ldap_conf.c:222 +#: plugins/sudoers/ldap_conf.c:312 plugins/sudoers/ldap_util.c:485 +#: plugins/sudoers/linux_audit.c:92 plugins/sudoers/policy.c:594 +#: plugins/sudoers/policy.c:763 plugins/sudoers/policy.c:774 +#: plugins/sudoers/prompt.c:168 plugins/sudoers/strvec_join.c:62 +#: plugins/sudoers/testsudoers.c:245 plugins/sudoers/toke_util.c:206 +#: toke.l:908 toke.l:1110 #, c-format msgid "internal error, %s overflow" msgstr "내부 오류. %s 오버플로우" -#: lib/eventlog/eventlog.c:343 +#: lib/eventlog/eventlog.c:373 #, c-format msgid "unable to dup stdin: %m" msgstr "표준 입력을 복제할 수 없습니다: %m" -#: lib/eventlog/eventlog.c:388 +#: lib/eventlog/eventlog.c:415 #, c-format msgid "unable to execute %s: %m" msgstr "%s을(를) 실행할 수 없습니다: %m" -#: lib/eventlog/eventlog.c:428 plugins/sudoers/auth/aix_auth.c:198 +#: lib/eventlog/eventlog.c:456 plugins/sudoers/auth/aix_auth.c:198 msgid "unable to fork" msgstr "포킹할 수 없습니다" -#: lib/eventlog/eventlog.c:436 lib/eventlog/eventlog.c:490 +#: lib/eventlog/eventlog.c:464 lib/eventlog/eventlog.c:518 #, c-format msgid "unable to fork: %m" msgstr "포킹할 수 없습니다: %m" -#: lib/eventlog/eventlog.c:480 +#: lib/eventlog/eventlog.c:508 #, c-format msgid "unable to open pipe: %m" msgstr "파이프를 열 수 없습니다: %m" -#: lib/eventlog/eventlog.c:894 +#: lib/eventlog/eventlog.c:1007 #, c-format msgid "%8s : %s" msgstr "%8s : %s" -#: lib/eventlog/eventlog.c:923 +#: lib/eventlog/eventlog.c:1036 #, c-format msgid "%8s : (command continued) %s" msgstr "%8s : (명령 계속 실행) %s" -#: lib/iolog/iolog_fileio.c:155 -#, c-format -msgid "%s exists but is not a directory (0%o)" -msgstr "%s이(가) 있지만 디렉터리가 아닙니다(0%o)" - -#: lib/iolog/iolog_fileio.c:185 lib/iolog/iolog_fileio.c:231 -#: plugins/sudoers/timestamp.c:205 -#, c-format -msgid "unable to mkdir %s" -msgstr "mkdir %s 명령을 실행할 수 없습니다" - -#: lib/iolog/iolog_fileio.c:235 plugins/sudoers/visudo.c:732 -#: plugins/sudoers/visudo.c:743 -#, c-format -msgid "unable to change mode of %s to 0%o" -msgstr "%s 모드를 0%o 값으로 바꿀 수 없습니다" - -#: lib/iolog/iolog_json.c:114 +#: lib/iolog/iolog_json.c:140 #, c-format msgid "expected JSON_STRING, got %d" msgstr "JSON_STRING 값을 기대했지만, %d 결과가 나왔습니다" -#: lib/iolog/iolog_json.c:327 +#: lib/iolog/iolog_json.c:145 +msgid "JSON_ARRAY too large" +msgstr "JSON_ARRAY 값이 너무 큽니다" + +#: lib/iolog/iolog_json.c:404 msgid "missing double quote in name" msgstr "이름에 이중 따옴표가 빠졌습니다" -#: lib/iolog/iolog_json.c:414 +#: lib/iolog/iolog_json.c:501 +msgid "missing JSON_OBJECT" +msgstr "JSON_OBJECT 값이 빠졌습니다" + +#: lib/iolog/iolog_json.c:505 #, c-format msgid "expected JSON_OBJECT, got %d" msgstr "JSON_OBJECT 값을 기대했지만, %d 결과가 나왔습니다" -#: lib/iolog/iolog_json.c:629 lib/iolog/iolog_json.c:753 +#: lib/iolog/iolog_json.c:661 +#, c-format +msgid "json stack exhausted (max %u frames)" +msgstr "json 스택 용량이 부족합니다 (최대 %u 프레임)" + +#: lib/iolog/iolog_json.c:735 +msgid "objects must consist of name:value pairs" +msgstr "객체는 이름:값 쌍으로 구성해야 합니다" + +#: lib/iolog/iolog_json.c:740 lib/iolog/iolog_json.c:771 +#: lib/iolog/iolog_json.c:815 lib/iolog/iolog_json.c:837 +#: lib/iolog/iolog_json.c:859 lib/iolog/iolog_json.c:881 +#: lib/iolog/iolog_json.c:903 +msgid "missing separator between values" +msgstr "값을 구분하는 구분자가 빠졌습니다" + +#: lib/iolog/iolog_json.c:755 lib/iolog/iolog_json.c:929 msgid "unmatched close brace" msgstr "일치하지 않는 중괄호 닫기 표시" -#: lib/iolog/iolog_json.c:638 +#: lib/iolog/iolog_json.c:766 msgid "unexpected array" msgstr "예기치 않은 배열 발견" -#: lib/iolog/iolog_json.c:651 lib/iolog/iolog_json.c:755 +#: lib/iolog/iolog_json.c:786 lib/iolog/iolog_json.c:932 msgid "unmatched close bracket" msgstr "일치하지 않는 각괄호 닫기 표시" -#: lib/iolog/iolog_json.c:659 +#: lib/iolog/iolog_json.c:797 msgid "unexpected string" msgstr "예기치 않은 문자열 값 발견" -#: lib/iolog/iolog_json.c:669 +#: lib/iolog/iolog_json.c:808 msgid "missing colon after name" msgstr "이름 뒤에 콜론이 빠졌습니다" -#: lib/iolog/iolog_json.c:680 lib/iolog/iolog_json.c:695 -#: lib/iolog/iolog_json.c:710 +#: lib/iolog/iolog_json.c:829 lib/iolog/iolog_json.c:851 msgid "unexpected boolean" msgstr "예기치 않은 부울린 값 발견" -#: lib/iolog/iolog_json.c:726 +#: lib/iolog/iolog_json.c:873 +msgid "unexpected null" +msgstr "예기치 않은 NULL 값 발견" + +#: lib/iolog/iolog_json.c:894 msgid "unexpected number" msgstr "예기치 않은 숫자 값 발견" -#: lib/iolog/iolog_json.c:763 -#, c-format -msgid "%s:%u unable to parse \"%s\"" -msgstr "%s:%u \"%s\"을(를) 해석할 수 없습니다" +#: lib/iolog/iolog_json.c:941 +msgid "parse error" +msgstr "해석 오류" -#: lib/iolog/iolog_util.c:71 +#: lib/iolog/iolog_legacy.c:65 #, c-format msgid "%s: invalid log file" -msgstr "%s: 잘못된 로그 파일" +msgstr "%s: 부적절한 로그 파일" -#: lib/iolog/iolog_util.c:89 +#: lib/iolog/iolog_legacy.c:83 #, c-format msgid "%s: time stamp field is missing" msgstr "%s: 타임스탬프 필드가 빠졌습니다" -#: lib/iolog/iolog_util.c:95 +#: lib/iolog/iolog_legacy.c:89 #, c-format msgid "%s: time stamp %s: %s" msgstr "%s: %s 타임스탬프: %s" -#: lib/iolog/iolog_util.c:102 +#: lib/iolog/iolog_legacy.c:96 #, c-format msgid "%s: user field is missing" msgstr "%s: 사용자 필드가 빠졌습니다" -#: lib/iolog/iolog_util.c:111 +#: lib/iolog/iolog_legacy.c:107 #, c-format msgid "%s: runas user field is missing" msgstr "%s: 실행 사용자 필드가 빠졌습니다" -#: lib/iolog/iolog_util.c:120 +#: lib/iolog/iolog_legacy.c:118 #, c-format msgid "%s: runas group field is missing" msgstr "%s: 실행 그룹 필드가 빠졌습니다" -#: lib/iolog/iolog_util.c:419 +#: lib/iolog/iolog_mkdirs.c:89 +#, c-format +msgid "%s exists but is not a directory (0%o)" +msgstr "%s이(가) 있지만 디렉터리가 아닙니다(0%o)" + +#: lib/iolog/iolog_mkdirs.c:119 lib/iolog/iolog_mkdtemp.c:77 +#: logsrvd/iolog_writer.c:807 plugins/sudoers/timestamp.c:205 +#, c-format +msgid "unable to mkdir %s" +msgstr "mkdir %s 명령을 실행할 수 없습니다" + +#: lib/iolog/iolog_mkdtemp.c:81 plugins/sudoers/visudo.c:731 +#: plugins/sudoers/visudo.c:765 plugins/sudoers/visudo.c:771 +#, c-format +msgid "unable to change mode of %s to 0%o" +msgstr "%s 모드를 0%o 값으로 바꿀 수 없습니다" + +#: lib/iolog/iolog_timing.c:261 #, c-format msgid "error reading timing file: %s" msgstr "타이밍 파일 읽기 오류: %s" -#: lib/iolog/iolog_util.c:426 +#: lib/iolog/iolog_timing.c:268 #, c-format msgid "invalid timing file line: %s" -msgstr "잘못된 타이밍 파일 행: %s" +msgstr "부적절한 타이밍 파일 행: %s" -#: logsrvd/iolog_writer.c:919 -msgid "log is already complete, cannot be restarted" -msgstr "로그를 이미 끝냈으며, 다시 시작할 수 없습니다" +#: logsrvd/iolog_writer.c:130 plugins/sudoers/logging.c:803 +#: plugins/sudoers/policy.c:544 +msgid "unable to generate UUID" +msgstr "UUID를 만들 수 없습니다" -#: logsrvd/iolog_writer.c:950 -msgid "unable to restart log" -msgstr "로그를 다시 시작할 수 없습니다" +#: logsrvd/iolog_writer.c:158 logsrvd/iolog_writer.c:176 +#: logsrvd/iolog_writer.c:185 logsrvd/iolog_writer.c:203 +#: logsrvd/iolog_writer.c:216 logsrvd/iolog_writer.c:229 +#: logsrvd/iolog_writer.c:240 logsrvd/iolog_writer.c:247 +#: logsrvd/iolog_writer.c:265 logsrvd/iolog_writer.c:272 +#: logsrvd/iolog_writer.c:290 logsrvd/iolog_writer.c:305 +#: logsrvd/iolog_writer.c:318 logsrvd/iolog_writer.c:331 +#: logsrvd/iolog_writer.c:344 logsrvd/iolog_writer.c:359 +#, c-format +msgid "%s: protocol error: wrong type for %s" +msgstr "%s: 프로토콜 오류: %s의 잘못된 형식" + +#: logsrvd/iolog_writer.c:370 logsrvd/iolog_writer.c:375 +#: logsrvd/iolog_writer.c:380 logsrvd/iolog_writer.c:385 +#, c-format +msgid "%s: protocol error: %s missing from AcceptMessage" +msgstr "%s: 프로토콜 오류: AcceptMessage에 %s 빠짐" + +#: logsrvd/iolog_writer.c:446 +#, c-format +msgid "%s: unable to format session id" +msgstr "%s: 세션 ID를 포매팅할 수 없습니다" + +#: logsrvd/iolog_writer.c:460 logsrvd/iolog_writer.c:474 +#: logsrvd/iolog_writer.c:488 logsrvd/iolog_writer.c:503 +#: logsrvd/iolog_writer.c:517 logsrvd/iolog_writer.c:531 +#, c-format +msgid "%s: %s is not set" +msgstr "%s: %s을(를) 설정하지 않음" + +#: logsrvd/iolog_writer.c:567 logsrvd/iolog_writer.c:574 +#, c-format +msgid "unable to expand iolog path %s" +msgstr "%s 입출력 로그 경로를 확장할 수 없습니다" + +#: logsrvd/iolog_writer.c:592 +#, c-format +msgid "unable to create iolog path %s" +msgstr "%s 입출력 로그 경로를 만들 수 없습니다" + +#: logsrvd/iolog_writer.c:622 +#, c-format +msgid "invalid iofd %d" +msgstr "부적절한 입출력 파일 서술자 %d번" + +#: logsrvd/iolog_writer.c:642 +#, c-format +msgid "error closing iofd %d: %s" +msgstr "%d 입출력 파일 서술자 닫기 오류: %s" + +#: logsrvd/iolog_writer.c:662 +#, c-format +msgid "error flushing iofd %d: %s" +msgstr "%d 입출력 파일 서술자 제거 오류: %s" + +#: logsrvd/iolog_writer.c:777 +#, c-format +msgid "invalid I/O log %s: %s referenced but not present" +msgstr "부적절한 %s 입출력 로그: %s을(를) 참조했지만 없습니다" + +#: logsrvd/iolog_writer.c:789 logsrvd/logsrvd_journal.c:377 +#, c-format +msgid "%s: unable to find resume point [%lld, %ld]" +msgstr "%s: [%lld, %ld] 재개 지점을 찾을 수 없습니다" + +#: logsrvd/iolog_writer.c:811 logsrvd/logsrvd_journal.c:420 +#: logsrvd/logsrvd_queue.c:110 logsrvd/tls_init.c:245 +#: plugins/sudoers/check.c:274 plugins/sudoers/cvtsudoers.c:727 +#: plugins/sudoers/cvtsudoers.c:748 plugins/sudoers/cvtsudoers.c:1439 +#: plugins/sudoers/cvtsudoers_csv.c:681 plugins/sudoers/cvtsudoers_json.c:885 +#: plugins/sudoers/cvtsudoers_ldif.c:697 plugins/sudoers/sudoers.c:1092 +#: plugins/sudoers/sudoreplay.c:1466 plugins/sudoers/timestamp.c:433 +#: plugins/sudoers/tsdump.c:128 plugins/sudoers/visudo.c:949 +#, c-format +msgid "unable to open %s" +msgstr "%s을(를) 열 수 없습니다" -#: logsrvd/logsrv_util.c:99 logsrvd/logsrv_util.c:106 -#: plugins/sudoers/sudoreplay.c:352 plugins/sudoers/sudoreplay.c:358 +#: logsrvd/iolog_writer.c:823 logsrvd/logsrv_util.c:100 +#: logsrvd/logsrv_util.c:107 plugins/sudoers/sudoreplay.c:362 +#: plugins/sudoers/sudoreplay.c:368 #, c-format msgid "unable to open %s/%s" msgstr "%s/%s을(를) 열 수 없습니다" -#: logsrvd/logsrv_util.c:133 +#: logsrvd/iolog_writer.c:836 +#, c-format +msgid "unable to copy %s/%s to %s/%s: %s" +msgstr "%s/%s을(를) %s/%s(으)로 복사할 수 없습니다: %s" + +#: logsrvd/iolog_writer.c:865 logsrvd/logsrvd_journal.c:185 +#, c-format +msgid "unable to rename %s to %s" +msgstr "%s을(를) %s(으)로 이름을 바꿀 수 없습니다" + +#: logsrvd/logsrv_util.c:139 logsrvd/logsrv_util.c:168 +#, c-format +msgid "%s/%s: unable to find resume point [%lld, %ld]" +msgstr "%s/%s: [%lld, %ld] 재개 지점을 찾을 수 없습니다" + +#: logsrvd/logsrv_util.c:151 #, c-format msgid "missing I/O log file %s/%s" msgstr "입출력 로그 파일 %s/%s 빠짐" -#: logsrvd/logsrv_util.c:140 +#: logsrvd/logsrv_util.c:158 #, c-format msgid "%s/%s: unable to seek forward %zu" msgstr "%s/%s: %zu회 이전 탐색을 진행할 수 없습니다" -#: logsrvd/logsrv_util.c:150 -#, c-format -msgid "unable to find resume point [%lld, %ld] in %s/%s" -msgstr "%3$s/%4$s에서 재개 지점[%1$lld, %2$ld]을 찾을 수 없습니다" +#: logsrvd/logsrvd.c:266 logsrvd/logsrvd_queue.c:130 +msgid "unable to connect to relay" +msgstr "릴레이에 연결할 수 없습니다" + +#: logsrvd/logsrvd.c:325 logsrvd/logsrvd_relay.c:835 +#, c-format +msgid "server message too large: %zu" +msgstr "서버 메시지가 너무 깁니다: %zu" + +#: logsrvd/logsrvd.c:417 logsrvd/logsrvd.c:534 logsrvd/logsrvd.c:613 +#: logsrvd/logsrvd.c:837 logsrvd/logsrvd.c:851 logsrvd/logsrvd.c:1010 +#: logsrvd/logsrvd.c:1134 logsrvd/logsrvd.c:1307 logsrvd/logsrvd.c:1325 +#: logsrvd/logsrvd.c:1423 logsrvd/logsrvd.c:1546 logsrvd/logsrvd.c:1730 +#: logsrvd/logsrvd_journal.c:489 logsrvd/logsrvd_local.c:197 +#: logsrvd/logsrvd_queue.c:159 logsrvd/logsrvd_relay.c:167 +#: logsrvd/logsrvd_relay.c:244 logsrvd/logsrvd_relay.c:248 +#: logsrvd/logsrvd_relay.c:384 logsrvd/logsrvd_relay.c:576 +#: logsrvd/logsrvd_relay.c:737 logsrvd/logsrvd_relay.c:1121 +#: logsrvd/sendlog.c:1316 logsrvd/tls_client.c:131 logsrvd/tls_client.c:147 +#: logsrvd/tls_client.c:209 plugins/sudoers/audit.c:276 +#: plugins/sudoers/iolog.c:963 plugins/sudoers/iolog.c:1096 +#: plugins/sudoers/iolog.c:1194 plugins/sudoers/log_client.c:116 +#: plugins/sudoers/log_client.c:332 plugins/sudoers/log_client.c:348 +#: plugins/sudoers/log_client.c:395 plugins/sudoers/log_client.c:599 +#: plugins/sudoers/log_client.c:606 plugins/sudoers/log_client.c:1131 +#: plugins/sudoers/log_client.c:1413 plugins/sudoers/log_client.c:1454 +#: plugins/sudoers/log_client.c:1462 plugins/sudoers/log_client.c:1618 +#: plugins/sudoers/log_client.c:1734 plugins/sudoers/log_client.c:2054 +#: plugins/sudoers/log_client.c:2062 plugins/sudoers/logging.c:142 +#: plugins/sudoers/logging.c:198 plugins/sudoers/sudoreplay.c:522 +#: plugins/sudoers/sudoreplay.c:569 plugins/sudoers/sudoreplay.c:811 +#: plugins/sudoers/sudoreplay.c:923 plugins/sudoers/sudoreplay.c:1014 +#: plugins/sudoers/sudoreplay.c:1029 plugins/sudoers/sudoreplay.c:1036 +#: plugins/sudoers/sudoreplay.c:1043 plugins/sudoers/sudoreplay.c:1050 +#: plugins/sudoers/sudoreplay.c:1057 plugins/sudoers/sudoreplay.c:1184 +msgid "unable to add event to queue" +msgstr "큐에 이벤트를 추가할 수 없습니다" -#: logsrvd/logsrvd.c:290 logsrvd/logsrvd.c:353 logsrvd/logsrvd.c:394 -#: logsrvd/logsrvd.c:449 logsrvd/logsrvd.c:517 logsrvd/logsrvd.c:568 -#: logsrvd/logsrvd.c:600 logsrvd/logsrvd.c:632 +#: logsrvd/logsrvd.c:441 logsrvd/logsrvd.c:478 logsrvd/logsrvd.c:510 +#: logsrvd/logsrvd.c:558 logsrvd/logsrvd.c:630 logsrvd/logsrvd.c:660 +#: logsrvd/logsrvd.c:690 logsrvd/logsrvd.c:720 logsrvd/logsrvd_relay.c:505 +#: logsrvd/logsrvd_relay.c:538 +#, c-format +msgid "unexpected state %d for %s" +msgstr "%2$s의 예기치 않은 상태 %1$d번" + +#: logsrvd/logsrvd.c:442 logsrvd/logsrvd.c:479 logsrvd/logsrvd.c:511 +#: logsrvd/logsrvd.c:559 logsrvd/logsrvd.c:631 logsrvd/logsrvd.c:661 +#: logsrvd/logsrvd.c:691 logsrvd/logsrvd.c:721 logsrvd/logsrvd_relay.c:507 +#: logsrvd/logsrvd_relay.c:540 msgid "state machine error" msgstr "상태 머신 오류" -#: logsrvd/logsrvd.c:299 +#: logsrvd/logsrvd.c:448 logsrvd/logsrvd.c:449 msgid "invalid AcceptMessage" -msgstr "잘못된 AcceptMessage" - -#: logsrvd/logsrvd.c:307 -msgid "error parsing AcceptMessage" -msgstr "AcceptMessage 해석 오류" - -#: logsrvd/logsrvd.c:314 -msgid "error creating I/O log" -msgstr "입출력 로그 만드는 중 오류" - -#: logsrvd/logsrvd.c:321 -msgid "error logging accept event" -msgstr "수락 이벤트 로깅 중 오류" +msgstr "부적절한 AcceptMessage" -#: logsrvd/logsrvd.c:362 +#: logsrvd/logsrvd.c:485 logsrvd/logsrvd.c:486 msgid "invalid RejectMessage" -msgstr "잘못된 RejectMessage" +msgstr "부적절한 RejectMessage" -#: logsrvd/logsrvd.c:370 -msgid "error parsing RejectMessage" -msgstr "RejectMessage 해석 오류" - -#: logsrvd/logsrvd.c:376 -msgid "error logging reject event" -msgstr "거절 이벤트 로깅 중 오류" - -#: logsrvd/logsrvd.c:486 +#: logsrvd/logsrvd.c:593 logsrvd/logsrvd.c:594 msgid "invalid AlertMessage" -msgstr "잘못된 AlertMessage" - -#: logsrvd/logsrvd.c:494 -msgid "error parsing AlertMessage" -msgstr "AlertMessage 해석 오류" +msgstr "부적절한 AlertMessage" -#: logsrvd/logsrvd.c:502 -msgid "error logging alert event" -msgstr "경고 이벤트 로깅 중 오류" +#: logsrvd/logsrvd.c:635 logsrvd/logsrvd.c:665 logsrvd/logsrvd.c:695 +#, c-format +msgid "%s: unexpected IoBuffer" +msgstr "%s: 예기치 않은 입출력 버퍼 발견" -#: logsrvd/logsrvd.c:523 logsrvd/logsrvd.c:574 logsrvd/logsrvd.c:606 +#: logsrvd/logsrvd.c:636 logsrvd/logsrvd.c:666 logsrvd/logsrvd.c:696 msgid "protocol error" msgstr "프로토콜 오류" -#: logsrvd/logsrvd.c:533 -msgid "error writing IoBuffer" -msgstr "입출력 버퍼 기록 중 오류" - -#: logsrvd/logsrvd.c:585 -msgid "error writing ChangeWindowSize" -msgstr "ChangeWindowSize 기록 중 오류" - -#: logsrvd/logsrvd.c:617 -msgid "error writing CommandSuspend" -msgstr "CommandSuspend 기록 중 오류" +#: logsrvd/logsrvd.c:791 logsrvd/logsrvd_journal.c:357 +#: logsrvd/logsrvd_local.c:125 logsrvd/logsrvd_relay.c:671 +#, c-format +msgid "unexpected type_case value %d in %s from %s" +msgstr "%3$s의 %2$s에서 예기지 않은 type_case 값 %1$d" -#: logsrvd/logsrvd.c:702 +#: logsrvd/logsrvd.c:793 msgid "unrecognized ClientMessage type" msgstr "인식할 수 없는 ClientMessage 형식" -#: logsrvd/logsrvd.c:967 -msgid "client message too large" -msgstr "클라이언트 메시지가 너무 깁니다" - -#: logsrvd/logsrvd.c:1197 logsrvd/logsrvd.c:1205 +#: logsrvd/logsrvd.c:883 #, c-format -msgid "unable to set TLS 1.2 ciphersuite to %s: %s" -msgstr "%s에 TLS 1.2 암호 모음을 설정할 수 없습니다: %s" - -#: logsrvd/logsrvd.c:1225 logsrvd/logsrvd.c:1233 -#, c-format -msgid "unable to set TLS 1.3 ciphersuite to %s: %s" -msgstr "%s에 TLS 1.3 암호 모음을 설정할 수 없습니다: %s" - -#: logsrvd/logsrvd.c:1269 -#, c-format -msgid "unable to get TLS server method: %s" -msgstr "TLS 서버 처리 정보를 가져올 수 없습니다: %s" +msgid "timed out writing to client %s" +msgstr "%s 클라이언트 기록 시간 초과" -#: logsrvd/logsrvd.c:1274 +#: logsrvd/logsrvd.c:888 logsrvd/logsrvd_relay.c:907 logsrvd/sendlog.c:1420 #, c-format -msgid "unable to create TLS context: %s" -msgstr "TLS 컨텍스트를 만들 수 없습니다: %s" +msgid "missing write buffer for client %s" +msgstr "%s 클라이언트에서 기록 버퍼 빠짐" -#: logsrvd/logsrvd.c:1281 plugins/sudoers/log_client.c:236 +#: logsrvd/logsrvd.c:981 #, c-format -msgid "unable to load certificate %s" -msgstr "%s 인증서를 불러올 수 없습니다" +msgid "timed out reading from client %s" +msgstr "%s 클라이언트에서 읽기 시간 초과" -#: logsrvd/logsrvd.c:1294 plugins/sudoers/log_client.c:216 +#: logsrvd/logsrvd.c:1022 logsrvd/logsrvd_relay.c:771 #, c-format -msgid "unable to load certificate authority bundle %s" -msgstr "%s 인증서 인증 번들을 불러올 수 없습니다" +msgid "EOF from %s without proper TLS shutdown" +msgstr "적절한 TLS 셧다운 미이행을 동반한 %s의 파일끝(EOF)" -#: logsrvd/logsrvd.c:1339 plugins/sudoers/log_client.c:249 +#: logsrvd/logsrvd.c:1065 logsrvd/logsrvd_relay.c:200 logsrvd/sendlog.c:317 +#: plugins/sudoers/log_client.c:709 #, c-format -msgid "unable to load private key %s" -msgstr "%s 개인 키를 불러올 수 없습니다" +msgid "client message too large: %zu" +msgstr "클라이언드 메시지가 너무 깁니다: %zu" -#: logsrvd/logsrvd.c:1356 logsrvd/logsrvd.c:1365 -#, c-format -msgid "unable to set diffie-hellman parameters: %s" -msgstr "디피-헬먼 매개변수를 설정할 수 없습니다: %s" +#: logsrvd/logsrvd.c:1066 logsrvd/logsrvd_journal.c:246 +#: logsrvd/logsrvd_journal.c:247 +msgid "client message too large" +msgstr "클라이언트 메시지가 너무 깁니다" -#: logsrvd/logsrvd.c:1378 -#, c-format -msgid "unable to set minimum protocol version to TLS 1.2: %s" -msgstr "TLS 프로토콜 최소 버전을 1.2로 설정할 수 없습니다: %s" +#: logsrvd/logsrvd.c:1084 logsrvd/logsrvd.c:1085 +msgid "invalid ClientMessage" +msgstr "부적절한 ClientMessage" -#: logsrvd/logsrvd.c:1563 +#: logsrvd/logsrvd.c:1386 msgid "unable to get remote IP addr" msgstr "원격 IP 주소를 가져올 수 없습니다" -#: logsrvd/logsrvd.c:1591 plugins/sudoers/log_client.c:263 +#: logsrvd/logsrvd.c:1415 logsrvd/tls_client.c:196 +#: plugins/sudoers/log_client.c:270 #, c-format msgid "Unable to attach user data to the ssl object: %s" msgstr "ssl 객체에 사용자 데이터를 붙일 수 없습니다: %s" -#: logsrvd/logsrvd.c:1599 logsrvd/logsrvd.c:1721 logsrvd/logsrvd.c:1823 -#: logsrvd/sendlog.c:1125 logsrvd/sendlog.c:1481 logsrvd/sendlog.c:1496 -#: logsrvd/sendlog.c:1554 plugins/sudoers/iolog.c:956 -#: plugins/sudoers/iolog.c:1089 plugins/sudoers/iolog.c:1187 -#: plugins/sudoers/log_client.c:109 plugins/sudoers/log_client.c:324 -#: plugins/sudoers/log_client.c:340 plugins/sudoers/log_client.c:386 -#: plugins/sudoers/log_client.c:587 plugins/sudoers/log_client.c:594 -#: plugins/sudoers/log_client.c:1103 plugins/sudoers/log_client.c:1376 -#: plugins/sudoers/log_client.c:1417 plugins/sudoers/log_client.c:1425 -#: plugins/sudoers/log_client.c:1576 plugins/sudoers/log_client.c:1692 -#: plugins/sudoers/log_client.c:2007 plugins/sudoers/log_client.c:2015 -#: plugins/sudoers/sudoreplay.c:512 plugins/sudoers/sudoreplay.c:559 -#: plugins/sudoers/sudoreplay.c:791 plugins/sudoers/sudoreplay.c:903 -#: plugins/sudoers/sudoreplay.c:993 plugins/sudoers/sudoreplay.c:1008 -#: plugins/sudoers/sudoreplay.c:1015 plugins/sudoers/sudoreplay.c:1022 -#: plugins/sudoers/sudoreplay.c:1029 plugins/sudoers/sudoreplay.c:1036 -#: plugins/sudoers/sudoreplay.c:1163 -msgid "unable to add event to queue" -msgstr "큐에 이벤트를 추가할 수 없습니다" - -#: logsrvd/logsrvd.c:1775 logsrvd/logsrvd.c:2011 -msgid "unable setup listen socket" +#: logsrvd/logsrvd.c:1596 logsrvd/logsrvd.c:1949 +msgid "unable to setup listen socket" msgstr "감청 소켓을 설정할 수 없습니다" -#: logsrvd/logsrvd.c:1917 logsrvd/sendlog.c:124 +#: logsrvd/logsrvd.c:1713 #, c-format -msgid "" -"%s - send sudo I/O log to remote server\n" -"\n" -msgstr "" -"%s - 원격 서버에 sudo 입출력 로그를 보냅니다\n" -"\n" +msgid "unexpected signal %d" +msgstr "예기치 않은 시그널 %d번" -#: logsrvd/logsrvd.c:1920 -msgid "" -"\n" -"Options:\n" -" -f, --file path to configuration file\n" -" -h --help display help message and exit\n" -" -n, --no-fork do not fork, run in the foreground\n" -" -R, --random-drop percent chance connections will drop\n" -" -V, --version display version information and exit\n" -msgstr "" -"\n" -"Options:\n" -" -f, --file 설정 파일 경고\n" -" -h --help 도움말 메시지를 나타낸 후 나갑니다\n" -" -n, --no-fork 별도의 스레드를 만들지 않고, 전면에서 실행합니다\n" -" -R, --random-drop 연결을 쳐낼 백분율\n" -" -V, --version 버전 정보를 나타낸 후 나갑니다\n" +#: logsrvd/logsrvd.c:1851 +msgid "sudo log server" +msgstr "sudo 로그 서버" + +#: logsrvd/logsrvd.c:1853 logsrvd/sendlog.c:116 +msgid "Options:" +msgstr "옵션:" + +#: logsrvd/logsrvd.c:1855 +msgid "path to configuration file" +msgstr "설정 파일 경로" + +#: logsrvd/logsrvd.c:1857 logsrvd/sendlog.c:118 +msgid "display help message and exit" +msgstr "도움말 메시지를 표시한 후 빠져나갑니다" -#: logsrvd/logsrvd.c:1972 logsrvd/sendlog.c:1719 +#: logsrvd/logsrvd.c:1859 +msgid "do not fork, run in the foreground" +msgstr "프로세스를 포킹하지 않고, 포그라운드에서 실행" + +#: logsrvd/logsrvd.c:1861 +msgid "percent chance connections will drop" +msgstr "연결이 끊을 확률에 대한 백분율" + +#: logsrvd/logsrvd.c:1863 logsrvd/sendlog.c:148 +msgid "display version information and exit" +msgstr "버전 정보를 표시하고 빠져나갑니다" + +#: logsrvd/logsrvd.c:1913 logsrvd/sendlog.c:1725 msgid "Protobuf-C version 1.3 or higher required" msgstr "Protobuf-C 1.3 이상의 버전이 필요합니다" -#: logsrvd/logsrvd.c:1990 +#: logsrvd/logsrvd.c:1929 #, c-format msgid "invalid random drop value: %s" -msgstr "잘못된 임의 드롭 값: %s" +msgstr "부적절한 임의 철회 값: %s" -#: logsrvd/logsrvd.c:1994 logsrvd/sendlog.c:1769 -#: plugins/sudoers/cvtsudoers.c:228 plugins/sudoers/sudoreplay.c:299 +#: logsrvd/logsrvd.c:1932 logsrvd/sendlog.c:1779 +#: plugins/sudoers/cvtsudoers.c:246 plugins/sudoers/sudoreplay.c:301 #: plugins/sudoers/visudo.c:177 #, c-format msgid "%s version %s\n" msgstr "%s 버전 %s\n" -#: logsrvd/logsrvd_conf.c:331 +#: logsrvd/logsrvd_conf.c:390 plugins/sudoers/check.c:336 +#: plugins/sudoers/exptilde.c:85 plugins/sudoers/iolog.c:118 +#: plugins/sudoers/policy.c:1214 plugins/sudoers/sudoers.c:486 +#: plugins/sudoers/sudoers.c:1347 plugins/sudoers/testsudoers.c:215 +#: plugins/sudoers/testsudoers.c:382 +#, c-format +msgid "unknown user %s" +msgstr "알 수 없는 사용자 %s" + +#: logsrvd/logsrvd_conf.c:407 plugins/sudoers/iolog.c:143 +#: plugins/sudoers/sudoers.c:491 plugins/sudoers/sudoers.c:1381 +#: plugins/sudoers/testsudoers.c:406 +#, c-format +msgid "unknown group %s" +msgstr "알 수 없는 그룹 %s" + +#: logsrvd/logsrvd_conf.c:425 +#, c-format +msgid "unable to parse iolog mode %s" +msgstr "%s 입출력 로그 모드를 해석할 수 없습니다" + +#: logsrvd/logsrvd_conf.c:442 logsrvd/logsrvd_conf.c:1171 +#, c-format +msgid "invalid value for %s: %s" +msgstr "부적절한 %s 값: %s" + +#: logsrvd/logsrvd_conf.c:481 msgid "TLS not supported" msgstr "TLS를 지원하지 않습니다" -#: logsrvd/logsrvd_conf.c:343 +#: logsrvd/logsrvd_conf.c:503 #, c-format msgid "%s:%s" msgstr "%s:%s" -#: logsrvd/logsrvd_conf.c:409 logsrvd/logsrvd_conf.c:653 +#: logsrvd/logsrvd_conf.c:576 logsrvd/logsrvd_conf.c:970 #, c-format msgid "%s: not a fully qualified path" msgstr "%s: 완전하지 않은 경로" -#: logsrvd/logsrvd_conf.c:767 +#: logsrvd/logsrvd_conf.c:888 logsrvd/logsrvd_conf.c:904 +#: logsrvd/logsrvd_conf.c:1586 +#, c-format +msgid "unknown syslog facility %s" +msgstr "알 수 없는 syslog 수단 %s" + +#: logsrvd/logsrvd_conf.c:920 logsrvd/logsrvd_conf.c:936 +#: logsrvd/logsrvd_conf.c:952 logsrvd/logsrvd_conf.c:1590 +#: logsrvd/logsrvd_conf.c:1594 logsrvd/logsrvd_conf.c:1598 +#, c-format +msgid "unknown syslog priority %s" +msgstr "알 수 없는 syslog 우선 순위 %s" + +#: logsrvd/logsrvd_conf.c:1132 #, c-format msgid "%s:%d unmatched '[': %s" msgstr "%s:%d 일치하지 않는 '[': %s" -#: logsrvd/logsrvd_conf.c:778 +#: logsrvd/logsrvd_conf.c:1143 #, c-format msgid "%s:%d invalid config section: %s" -msgstr "%s:%d 잘못된 설정 섹션: %s" +msgstr "%s:%d 부적절한 설정 섹션: %s" -#: logsrvd/logsrvd_conf.c:786 +#: logsrvd/logsrvd_conf.c:1151 #, c-format msgid "%s:%d invalid configuration line: %s" -msgstr "%s:%d 잘못된 설정 행: %s" +msgstr "%s:%d 부적절한 설정 행: %s" -#: logsrvd/logsrvd_conf.c:792 +#: logsrvd/logsrvd_conf.c:1157 #, c-format msgid "%s:%d expected section name: %s" msgstr "%s:%d(에)서 섹션 이름이 나와야 합니다: %s" -#: logsrvd/logsrvd_conf.c:806 +#: logsrvd/logsrvd_conf.c:1179 #, c-format -msgid "invalid value for %s: %s" -msgstr "잘못된 %s 값: %s" +msgid "%s:%d [%s] illegal key: %s" +msgstr "%s:%d [%s] 잘못된 키: %s" -#: logsrvd/logsrvd_conf.c:814 +#: logsrvd/logsrvd_conf.c:1209 plugins/sudoers/cvtsudoers.c:268 +#: plugins/sudoers/logging.c:856 #, c-format -msgid "%s:%d unknown key: %s" -msgstr "%s:%d 알 수 없는 키: %s" +msgid "unable to open log file %s" +msgstr "%s 로그 파일을 열 수 없습니다" + +#: logsrvd/logsrvd_conf.c:1666 +msgid "unable to initialize server TLS context" +msgstr "서버 TLS 컨텍스트를 초기화할 수 없습니다" + +#: logsrvd/logsrvd_conf.c:1686 +msgid "unable to initialize relay TLS context" +msgstr "릴레이 TLS 컨텍스트를 초기화할 수 없습니다" + +#: logsrvd/logsrvd_journal.c:136 logsrvd/logsrvd_journal.c:416 +#: logsrvd/logsrvd_journal.c:421 +msgid "unable to create journal file" +msgstr "저널 파일을 만들 수 없습니다" -#: logsrvd/logsrvd_conf.c:1003 +#: logsrvd/logsrvd_journal.c:140 logsrvd/logsrvd_queue.c:104 +#: plugins/sudoers/visudo.c:1007 #, c-format -msgid "unknown syslog facility %s" -msgstr "알 수 없는 syslog 수단 %s" +msgid "unable to lock %s" +msgstr "%s을(를) 잠글 수 없습니다" -#: logsrvd/logsrvd_conf.c:1007 logsrvd/logsrvd_conf.c:1011 -#: logsrvd/logsrvd_conf.c:1015 +#: logsrvd/logsrvd_journal.c:143 +msgid "unable to lock journal file" +msgstr "저널 파일을 잠글 수 없습니다" + +#: logsrvd/logsrvd_journal.c:151 +msgid "unable to open journal file" +msgstr "저널 파일을 열 수 없습니다" + +#: logsrvd/logsrvd_journal.c:172 logsrvd/logsrvd_journal.c:452 +#: logsrvd/logsrvd_journal.c:457 +msgid "unable to write journal file" +msgstr "저널 파일을 기록할 수 없습니다" + +#: logsrvd/logsrvd_journal.c:180 logsrvd/logsrvd_journal.c:187 +msgid "unable to rename journal file" +msgstr "저널 파일 이름을 바꿀 수 없습니다" + +#: logsrvd/logsrvd_journal.c:234 logsrvd/logsrvd_journal.c:235 +#: logsrvd/logsrvd_journal.c:269 logsrvd/logsrvd_journal.c:270 +msgid "unexpected EOF reading journal file" +msgstr "저널 파일 읽는 중 예기치 않은 파일 끝 발견" + +#: logsrvd/logsrvd_journal.c:238 logsrvd/logsrvd_journal.c:239 +#: logsrvd/logsrvd_journal.c:273 logsrvd/logsrvd_journal.c:274 +msgid "error reading journal file" +msgstr "저널 파일 읽기 오류" + +#: logsrvd/logsrvd_journal.c:285 logsrvd/logsrvd_journal.c:376 +msgid "invalid journal file, unable to restart" +msgstr "부적절한 저널 파일. 다시 시작할 수 없습니다" + +#: logsrvd/logsrvd_journal.c:435 #, c-format -msgid "unknown syslog priority %s" -msgstr "알 수 없는 syslog 우선 순위 %s" +msgid "unable to seek to [%lld, %ld] in journal file %s" +msgstr "%3$s 저널 파일에서 [%1$lld, %2$ld] 위치를 탐색할 수 없습니다" -#: logsrvd/sendlog.c:127 -msgid "" -"\n" -"Options:\n" -" --help display help message and exit\n" -" -A, --accept only send an accept event (no I/O)\n" -" -h, --host host to send logs to\n" -" -i, --iolog_id remote ID of I/O log to be resumed\n" -" -p, --port port to use when connecting to host\n" -" -r, --restart restart previous I/O log transfer\n" -" -R, --reject reject the command with the given reason\n" -" -b, --ca-bundle certificate bundle file to verify server's cert against\n" -" -c, --cert certificate file for TLS handshake\n" -" -k, --key private key file\n" -" -n, --no-verify do not verify server certificate\n" -" -t, --test test audit server by sending selected I/O log n times in parallel\n" -" -V, --version display version information and exit\n" -msgstr "" -"\n" -"옵션:\n" -" --help 도움말 메시지를 나타낸 후 나갑니다\n" -" -A, --accept 수락 이벤트만 전송 (입출력 안 함)\n" -" -h, --host 로그 전송 대상 호스트\n" -" -i, --iolog_id 입출력 로그를 재개할 원격 ID\n" -" -p, --port 호스트 연결시 사용할 포트 번호\n" -" -r, --restart 이전 입출력 로그 전송 다시 시작\n" -" -R, --reject 주어진 조건에 대해 명령 거절\n" -" -b, --ca-bundle 서버 인증서 검증용 인증 번들 파일\n" -" -c, --cert TLS 핸드셰이크용 인증서 파일\n" -" -k, --key 개인 키 파일\n" -" -n, --no-verify 서버 인증서를 검증하지 않음\n" -" -t, --test 선택한 입출력 로그를 병렬로 n회 전송하여 감사 서버 테스트\n" -" -V, --version 버전 정보를 나타 후 나갑니다\n" +#: logsrvd/logsrvd_local.c:153 +msgid "error parsing AcceptMessage" +msgstr "AcceptMessage 해석 오류" + +#: logsrvd/logsrvd_local.c:164 +msgid "error creating I/O log" +msgstr "입출력 로그 만드는 중 오류" + +#: logsrvd/logsrvd_local.c:187 +msgid "error logging accept event" +msgstr "수락 이벤트 로깅 중 오류" + +#: logsrvd/logsrvd_local.c:226 +msgid "error parsing RejectMessage" +msgstr "RejectMessage 해석 오류" + +#: logsrvd/logsrvd_local.c:250 +msgid "error logging reject event" +msgstr "거절 이벤트 로깅 중 오류" -#: logsrvd/sendlog.c:164 plugins/sudoers/log_client.c:432 +#: logsrvd/logsrvd_local.c:386 logsrvd/logsrvd_local.c:394 +msgid "error logging exit event" +msgstr "끝내기 이벤트 기록 오류" + +#: logsrvd/logsrvd_local.c:451 logsrvd/logsrvd_local.c:452 +msgid "log is already complete, cannot be restarted" +msgstr "로그를 이미 끝냈으며, 다시 시작할 수 없습니다" + +#: logsrvd/logsrvd_local.c:482 +msgid "unable to restart log" +msgstr "로그를 다시 시작할 수 없습니다" + +#: logsrvd/logsrvd_local.c:498 +msgid "error parsing AlertMessage" +msgstr "AlertMessage 해석 오류" + +#: logsrvd/logsrvd_local.c:508 +msgid "error logging alert event" +msgstr "경고 이벤트 로깅 중 오류" + +#: logsrvd/logsrvd_local.c:543 logsrvd/logsrvd_local.c:596 +#: logsrvd/logsrvd_local.c:631 +#, c-format +msgid "unable to format timing buffer, length %d" +msgstr "길이 %d인 타이밍 버퍼를 포매팅할 수 없습니다" + +#: logsrvd/logsrvd_local.c:550 logsrvd/logsrvd_local.c:558 +#: logsrvd/logsrvd_local.c:603 logsrvd/logsrvd_local.c:638 +#: plugins/sudoers/sudoreplay.c:351 +#, c-format +msgid "%s/%s: %s" +msgstr "%s/%s: %s" + +#: logsrvd/logsrvd_local.c:578 +msgid "error writing IoBuffer" +msgstr "입출력 버퍼 기록 중 오류" + +#: logsrvd/logsrvd_local.c:613 +msgid "error writing ChangeWindowSize" +msgstr "ChangeWindowSize 기록 중 오류" + +#: logsrvd/logsrvd_local.c:648 +msgid "error writing CommandSuspend" +msgstr "CommandSuspend 기록 중 오류" + +#: logsrvd/logsrvd_relay.c:430 +msgid "TLS handshake with relay host failed" +msgstr "릴레이 호스트와의 TLS 핸드 셰이크 실패" + +#: logsrvd/logsrvd_relay.c:458 +msgid "unable to connect to relay host" +msgstr "릴레이 호스트에 연결할 수 없습니다" + +#: logsrvd/logsrvd_relay.c:513 +#, c-format +msgid "%s: invalid ServerHello, missing server_id" +msgstr "%s: 부적절한 ServerHello, server_id가 빠졌습니다" + +#: logsrvd/logsrvd_relay.c:515 logsrvd/sendlog.c:1121 +#: plugins/sudoers/log_client.c:1497 +msgid "invalid ServerHello" +msgstr "부적절한 ServerHello" + +#: logsrvd/logsrvd_relay.c:674 +msgid "unrecognized ServerMessage type" +msgstr "인식할 수 없는 ServerMessage 형식" + +#: logsrvd/logsrvd_relay.c:703 +#, c-format +msgid "timed out reading from relay %s (%s)" +msgstr "릴레이 %s에서 읽기 시간 초과 (%s)" + +#: logsrvd/logsrvd_relay.c:705 +msgid "timeout reading from relay" +msgstr "릴레이 데이터 읽기 시간 초과" + +#: logsrvd/logsrvd_relay.c:757 +msgid "relay host name does not match certificate" +msgstr "릴레이 호스트 이름이 인증서와 일치하지 않습니다" + +#: logsrvd/logsrvd_relay.c:763 logsrvd/logsrvd_relay.c:776 +#: logsrvd/logsrvd_relay.c:782 +msgid "error reading from relay" +msgstr "릴레이 데이터 읽는 중 오류" + +#: logsrvd/logsrvd_relay.c:803 +msgid "unable to read from relay" +msgstr "릴레이 데이터를 읽을 수 없습니다" + +#: logsrvd/logsrvd_relay.c:818 logsrvd/logsrvd_relay.c:936 +msgid "relay server closed connection" +msgstr "릴레이 서버 연결을 끊었습니다" + +#: logsrvd/logsrvd_relay.c:836 +msgid "server message too large" +msgstr "서버 메시지가 너무 깁니다" + +#: logsrvd/logsrvd_relay.c:900 +#, c-format +msgid "timed out writing to relay %s (%s)" +msgstr "릴레이 %s에 기록 시간 초과 (%s)" + +#: logsrvd/logsrvd_relay.c:902 +msgid "timeout writing to relay" +msgstr "릴레이 기록 시간 초과" + +#: logsrvd/logsrvd_relay.c:955 logsrvd/logsrvd_relay.c:961 +#: logsrvd/logsrvd_relay.c:971 +msgid "error writing to relay" +msgstr "릴레이 기록 중 오류" + +#: logsrvd/sendlog.c:114 +msgid "send sudo I/O log to remote server" +msgstr "원격 서버에 sudo 입출력 로그를 보냅니다" + +#: logsrvd/sendlog.c:120 +msgid "only send an accept event (no I/O)" +msgstr "허용 이벤트만 보냅니다 (입출력 안함)" + +#: logsrvd/sendlog.c:123 +msgid "certificate bundle file to verify server's cert against" +msgstr "서버의 인증서 검증에 활용할 인증서 번들 파일" + +#: logsrvd/sendlog.c:125 +msgid "certificate file for TLS handshake" +msgstr "TLS 암호 키 교환에 사용할 인증서 파일" + +#: logsrvd/sendlog.c:128 +msgid "host to send logs to" +msgstr "로그를 보낼 호스트" + +#: logsrvd/sendlog.c:130 +msgid "remote ID of I/O log to be resumed" +msgstr "다시 진행할 입출력 로그의 원격 ID" + +#: logsrvd/sendlog.c:133 +msgid "private key file" +msgstr "개인 키 파일" + +#: logsrvd/sendlog.c:135 +msgid "do not verify server certificate" +msgstr "서버 인증서를 검증하지 않습니다" + +#: logsrvd/sendlog.c:138 +msgid "port to use when connecting to host" +msgstr "호스트에 연결할 때 활용할 포트 번호" + +#: logsrvd/sendlog.c:140 +msgid "restart previous I/O log transfer" +msgstr "이전 입출력 로그 전송을 다시 시작합니다" + +#: logsrvd/sendlog.c:142 +msgid "reject the command with the given reason" +msgstr "주어진 사유로 명령 실행을 거절합니다" + +#: logsrvd/sendlog.c:144 +msgid "stop transfer after reaching this time" +msgstr "이 시간에 도달한 후 전송 중단" + +#: logsrvd/sendlog.c:146 +msgid "test audit server by sending selected I/O log n times in parallel" +msgstr "선택한 입출력 로그를 동시에 N번 보내어 감사 서버 시험" + +#: logsrvd/sendlog.c:171 plugins/sudoers/log_client.c:441 #, c-format msgid "unable to look up %s:%s: %s" msgstr "%s:%s을(를) 찾을 수 없습니다: %s" -#: logsrvd/sendlog.c:202 +#: logsrvd/sendlog.c:209 msgid "unable to get server IP addr" msgstr "서버 IP 주소를 가져올 수 없습니다" -#: logsrvd/sendlog.c:256 plugins/sudoers/sudoreplay.c:851 +#: logsrvd/sendlog.c:295 plugins/sudoers/sudoreplay.c:871 #, c-format msgid "unable to read %s/%s: %s" msgstr "%s/%s을(를) 읽을 수 없습니다: %s" -#: logsrvd/sendlog.c:277 plugins/sudoers/log_client.c:694 -#, c-format -msgid "client message too large: %zu" -msgstr "클라이언드 메시지가 너무 깁니다: %zu" - -#: logsrvd/sendlog.c:810 -#, c-format -msgid "%s: write buffer already in use" -msgstr "%s: 쓰기 버퍼를 이미 사용중입니다" - -#: logsrvd/sendlog.c:862 plugins/sudoers/iolog.c:880 -#: plugins/sudoers/iolog.c:949 +#: logsrvd/sendlog.c:1045 plugins/sudoers/iolog.c:887 +#: plugins/sudoers/iolog.c:956 #, c-format msgid "unexpected I/O event %d" msgstr "예기치 않은 입출력 이벤트 %d" -#: logsrvd/sendlog.c:908 logsrvd/sendlog.c:925 logsrvd/sendlog.c:959 -#: plugins/sudoers/log_client.c:1118 plugins/sudoers/log_client.c:1386 -#: plugins/sudoers/log_client.c:1454 plugins/sudoers/log_client.c:1490 +#: logsrvd/sendlog.c:1098 logsrvd/sendlog.c:1115 logsrvd/sendlog.c:1149 +#: plugins/sudoers/log_client.c:1146 plugins/sudoers/log_client.c:1423 +#: plugins/sudoers/log_client.c:1491 plugins/sudoers/log_client.c:1530 #, c-format msgid "%s: unexpected state %d" msgstr "%s: 예기치 않은 상태 번호 %d" -#: logsrvd/sendlog.c:931 plugins/sudoers/log_client.c:1460 -msgid "invalid ServerHello" -msgstr "잘못된 ServerHello" - -#: logsrvd/sendlog.c:995 plugins/sudoers/log_client.c:1534 +#: logsrvd/sendlog.c:1185 plugins/sudoers/log_client.c:1576 #, c-format msgid "error message received from server: %s" msgstr "서버로부터 오류 메시지를 받았습니다: %s" -#: logsrvd/sendlog.c:1008 plugins/sudoers/log_client.c:1547 +#: logsrvd/sendlog.c:1198 plugins/sudoers/log_client.c:1589 #, c-format msgid "abort message received from server: %s" msgstr "서버로부터 중단 메시지를 받았습니다: %s" -#: logsrvd/sendlog.c:1027 plugins/sudoers/log_client.c:1566 -msgid "unable to unpack ServerMessage" -msgstr "ServerMessage를 언팩할 수 없습니다" - -#: logsrvd/sendlog.c:1067 plugins/sudoers/log_client.c:1597 +#: logsrvd/sendlog.c:1257 plugins/sudoers/log_client.c:1639 #, c-format msgid "%s: unexpected type_case value %d" msgstr "%s: 예기지 않은 type_case 값 %d" -#: logsrvd/sendlog.c:1096 +#: logsrvd/sendlog.c:1286 msgid "timeout reading from server" msgstr "서버 데이터 읽기 시간 초과" -#: logsrvd/sendlog.c:1174 +#: logsrvd/sendlog.c:1368 msgid "premature EOF" msgstr "갑작스러운 EOF" -#: logsrvd/sendlog.c:1187 plugins/sudoers/log_client.c:1751 +#: logsrvd/sendlog.c:1381 plugins/sudoers/log_client.c:1800 #, c-format msgid "server message too large: %u" msgstr "서버 메시지가 너무 깁니다: %u" -#: logsrvd/sendlog.c:1238 +#: logsrvd/sendlog.c:1437 msgid "timeout writing to server" msgstr "서버 기록 시간 초과" -#: logsrvd/sendlog.c:1457 plugins/sudoers/log_client.c:296 +#: logsrvd/sendlog.c:1802 +msgid "both restart point and iolog ID must be specified" +msgstr "다시 시작 지점과 입출력 로그 ID를 반드시 지정해야합니다" + +#: logsrvd/sendlog.c:1806 +msgid "a restart point may not be set when no I/O is sent" +msgstr "입출력을 보내지 않을 때 다시 시작 지점을 지정하지 않습니다" + +#: logsrvd/sendlog.c:1882 +#, c-format +msgid "exited prematurely with state %d" +msgstr "%d 상태로 갑자기 빠져나왔습니다" + +#: logsrvd/sendlog.c:1883 +#, c-format +msgid "elapsed time sent to server [%lld, %ld]" +msgstr "경과 시간을 서버로 보냈습니다 [%lld, %ld]" + +#: logsrvd/sendlog.c:1885 +#, c-format +msgid "commit point received from server [%lld, %ld]" +msgstr "제출 지점 정보를 서버로부터 받았습니다 [%lld, %ld]" + +#: logsrvd/tls_client.c:106 plugins/sudoers/log_client.c:304 msgid "TLS handshake timeout occurred" msgstr "TLS 핸드셰이크 시간을 초과했습니다" -#: logsrvd/sendlog.c:1476 logsrvd/sendlog.c:1491 -#: plugins/sudoers/log_client.c:318 plugins/sudoers/log_client.c:334 +#: logsrvd/tls_client.c:126 logsrvd/tls_client.c:142 +#: plugins/sudoers/log_client.c:326 plugins/sudoers/log_client.c:342 msgid "unable to set event" msgstr "이벤트를 설정할 수 없습니다" -#: logsrvd/sendlog.c:1501 logsrvd/sendlog.c:1505 +#: logsrvd/tls_client.c:152 logsrvd/tls_client.c:156 #, c-format msgid "TLS connection failed: %s" msgstr "TLS 연결 실패: %s" -#: logsrvd/sendlog.c:1538 -#, c-format -msgid "Unable to initialize ssl context: %s" -msgstr "SSL 컨텍스트를 초기화할 수 없습니다: %s" - -#: logsrvd/sendlog.c:1543 plugins/sudoers/log_client.c:258 +#: logsrvd/tls_client.c:190 #, c-format -msgid "Unable to allocate ssl object: %s" +msgid "unable to allocate ssl object: %s" msgstr "SSL 객체를 할당할 수 없습니다: %s" -#: logsrvd/sendlog.c:1548 +#: logsrvd/tls_client.c:203 #, c-format msgid "Unable to attach socket to the ssl object: %s" msgstr "SSL 객체에 소켓을 붙일 수 없습니다: %s" -#: logsrvd/sendlog.c:1792 -msgid "both restart point and iolog ID must be specified" -msgstr "다시 시작 지점과 입출력 로그 ID를 반드시 지정해야합니다" +#: logsrvd/tls_client.c:231 +msgid "unable to initialize TLS context" +msgstr "TLS 컨텍스트를 초기화할 수 없습니다" -#: logsrvd/sendlog.c:1796 -msgid "a restart point may not be set when no I/O is sent" -msgstr "입출력을 보내지 않을 때 다시 시작 지점을 지정하지 않습니다" +#: logsrvd/tls_init.c:127 logsrvd/tls_init.c:135 +#, c-format +msgid "unable to set TLS 1.2 ciphersuite to %s: %s" +msgstr "%s에 TLS 1.2 암호 모음을 설정할 수 없습니다: %s" -#: logsrvd/sendlog.c:1871 +#: logsrvd/tls_init.c:155 logsrvd/tls_init.c:163 #, c-format -msgid "exited prematurely with state %d" -msgstr "%d 상태로 갑자기 빠져나왔습니다" +msgid "unable to set TLS 1.3 ciphersuite to %s: %s" +msgstr "%s에 TLS 1.3 암호 모음을 설정할 수 없습니다: %s" -#: logsrvd/sendlog.c:1872 +#: logsrvd/tls_init.c:195 logsrvd/tls_init.c:216 #, c-format -msgid "elapsed time sent to server [%lld, %ld]" -msgstr "경과 시간을 서버로 보냈습니다 [%lld, %ld]" +msgid "unable to set diffie-hellman parameters: %s" +msgstr "디피-헬먼 매개변수를 설정할 수 없습니다: %s" -#: logsrvd/sendlog.c:1874 +#: logsrvd/tls_init.c:272 #, c-format -msgid "commit point received from server [%lld, %ld]" -msgstr "제출 지점 정보를 서버로부터 받았습니다 [%lld, %ld]" +msgid "unable to create TLS context: %s" +msgstr "TLS 컨텍스트를 만들 수 없습니다: %s" -#: plugins/sudoers/alias.c:148 +#: logsrvd/tls_init.c:278 #, c-format -msgid "Alias \"%s\" already defined" -msgstr "\"%s\" 별칭을 이미 정의했습니다" +msgid "unable to set minimum protocol version to TLS 1.2: %s" +msgstr "TLS 프로토콜 최소 버전을 1.2로 설정할 수 없습니다: %s" -#: plugins/sudoers/audit.c:206 plugins/sudoers/audit.c:343 -#: plugins/sudoers/log_client.c:954 plugins/sudoers/log_client.c:1002 -#: plugins/sudoers/log_client.c:1050 plugins/sudoers/log_client.c:1175 -#: plugins/sudoers/logging.c:548 plugins/sudoers/policy.c:114 +#: plugins/sudoers/audit.c:267 plugins/sudoers/audit.c:419 +#: plugins/sudoers/log_client.c:979 plugins/sudoers/log_client.c:1028 +#: plugins/sudoers/log_client.c:1077 plugins/sudoers/log_client.c:1203 +#: plugins/sudoers/logging.c:551 plugins/sudoers/logging.c:648 +#: plugins/sudoers/logging.c:810 plugins/sudoers/policy.c:123 msgid "unable to get time of day" msgstr "일시 정보를 가져올 수 없습니다" @@ -913,45 +1343,45 @@ msgid "unable to change password for %s" msgstr "%s의 암호를 바꿀 수 없습니다" -#: plugins/sudoers/auth/bsdauth.c:70 +#: plugins/sudoers/auth/bsdauth.c:74 #, c-format msgid "unable to get login class for user %s" msgstr "%s 사용자의 로그인 클래스를 가져올 수 없습니다" -#: plugins/sudoers/auth/bsdauth.c:75 +#: plugins/sudoers/auth/bsdauth.c:79 msgid "unable to begin bsd authentication" msgstr "BSD 인증을 시작할 수 없습니다" -#: plugins/sudoers/auth/bsdauth.c:83 +#: plugins/sudoers/auth/bsdauth.c:87 msgid "invalid authentication type" -msgstr "잘못된 인증 형식입니다" +msgstr "부적절한 인증 형식" -#: plugins/sudoers/auth/bsdauth.c:92 +#: plugins/sudoers/auth/bsdauth.c:96 msgid "unable to initialize BSD authentication" msgstr "BSD 인증을 초기화할 수 없습니다" -#: plugins/sudoers/auth/bsdauth.c:179 +#: plugins/sudoers/auth/bsdauth.c:183 msgid "your account has expired" msgstr "계정 유효 기간이 지났습니다" -#: plugins/sudoers/auth/bsdauth.c:181 +#: plugins/sudoers/auth/bsdauth.c:185 msgid "approval failed" msgstr "승인 실패" -#: plugins/sudoers/auth/fwtk.c:54 +#: plugins/sudoers/auth/fwtk.c:58 msgid "unable to read fwtk config" msgstr "fwtk 설정을 읽을 수 없습니다" -#: plugins/sudoers/auth/fwtk.c:59 +#: plugins/sudoers/auth/fwtk.c:63 msgid "unable to connect to authentication server" msgstr "인증 서버에 연결할 수 없습니다" -#: plugins/sudoers/auth/fwtk.c:65 plugins/sudoers/auth/fwtk.c:89 -#: plugins/sudoers/auth/fwtk.c:121 +#: plugins/sudoers/auth/fwtk.c:69 plugins/sudoers/auth/fwtk.c:94 +#: plugins/sudoers/auth/fwtk.c:126 msgid "lost connection to authentication server" msgstr "인증 서버의 연결이 끊어졌습니다" -#: plugins/sudoers/auth/fwtk.c:69 +#: plugins/sudoers/auth/fwtk.c:73 #, c-format msgid "" "authentication server error:\n" @@ -965,83 +1395,83 @@ msgid "%s: unable to convert principal to string ('%s'): %s" msgstr "%s: 본인 정보를 문자열('%s')로 변환할 수 없습니다: %s" -#: plugins/sudoers/auth/kerb5.c:160 +#: plugins/sudoers/auth/kerb5.c:162 #, c-format msgid "%s: unable to parse '%s': %s" msgstr "%s: '%s'을(를) 해석할 수 없습니다: %s" -#: plugins/sudoers/auth/kerb5.c:169 +#: plugins/sudoers/auth/kerb5.c:171 #, c-format msgid "%s: unable to resolve credential cache: %s" msgstr "%s: 자격 정보 캐시를 해석할 수 없습니다: %s" -#: plugins/sudoers/auth/kerb5.c:216 +#: plugins/sudoers/auth/kerb5.c:220 #, c-format msgid "%s: unable to allocate options: %s" msgstr "%s: 옵션을 할당할 수 없습니다: %s" -#: plugins/sudoers/auth/kerb5.c:231 +#: plugins/sudoers/auth/kerb5.c:235 #, c-format msgid "%s: unable to get credentials: %s" msgstr "%s: 자격 정보를 가져올 수 없습니다: %s" -#: plugins/sudoers/auth/kerb5.c:244 +#: plugins/sudoers/auth/kerb5.c:248 #, c-format msgid "%s: unable to initialize credential cache: %s" msgstr "%s: 자격 정보 캐시를 초기화할 수 없습니다: %s" -#: plugins/sudoers/auth/kerb5.c:247 +#: plugins/sudoers/auth/kerb5.c:251 #, c-format msgid "%s: unable to store credential in cache: %s" msgstr "%s: 캐시에 자격 정보를 저장할 수 없습니다: %s" -#: plugins/sudoers/auth/kerb5.c:311 +#: plugins/sudoers/auth/kerb5.c:315 #, c-format msgid "%s: unable to get host principal: %s" msgstr "%s: 호스트 정보를 가져올 수 없습니다: %s" -#: plugins/sudoers/auth/kerb5.c:325 +#: plugins/sudoers/auth/kerb5.c:329 #, c-format msgid "%s: Cannot verify TGT! Possible attack!: %s" msgstr "%s: TGT를 검증할 수 없습니다! 공격 가능성이 있습니다!: %s" -#: plugins/sudoers/auth/pam.c:218 +#: plugins/sudoers/auth/pam.c:216 #, c-format msgid "unable to initialize PAM: %s" msgstr "PAM을 초기화할 수 없습니다: %s" -#: plugins/sudoers/auth/pam.c:317 +#: plugins/sudoers/auth/pam.c:338 #, c-format msgid "PAM authentication error: %s" msgstr "PAM 인증 오류: %s" -#: plugins/sudoers/auth/pam.c:336 +#: plugins/sudoers/auth/pam.c:357 msgid "account validation failure, is your account locked?" msgstr "계정 검증 실패, 계정이 잠겼습니까?" -#: plugins/sudoers/auth/pam.c:347 +#: plugins/sudoers/auth/pam.c:368 msgid "Account or password is expired, reset your password and try again" msgstr "계정 또는 암호 기한이 지났습니다. 암호를 다시 설정한 후 시도하십시오" -#: plugins/sudoers/auth/pam.c:353 +#: plugins/sudoers/auth/pam.c:374 #, c-format msgid "unable to change expired password: %s" msgstr "기한이 지난 암호를 바꿀 수 없습니다: %s" -#: plugins/sudoers/auth/pam.c:364 +#: plugins/sudoers/auth/pam.c:385 msgid "Password expired, contact your system administrator" msgstr "암호 기한이 지났습니다. 시스템 관리자에게 문의하십시오" -#: plugins/sudoers/auth/pam.c:369 +#: plugins/sudoers/auth/pam.c:390 msgid "Account expired or PAM config lacks an \"account\" section for sudo, contact your system administrator" msgstr "계정 기한이 지났거나 PAM 설정에 sudo에서 확인할 \"account\" 섹션이 빠졌습니다. 시스템 관리자에게 문의하십시오." -#: plugins/sudoers/auth/pam.c:377 plugins/sudoers/auth/pam.c:382 +#: plugins/sudoers/auth/pam.c:398 plugins/sudoers/auth/pam.c:403 #, c-format msgid "PAM account management error: %s" msgstr "PAM 계정 관리 오류: %s" -#: plugins/sudoers/auth/rfc1938.c:99 plugins/sudoers/visudo.c:243 +#: plugins/sudoers/auth/rfc1938.c:99 plugins/sudoers/visudo.c:255 #, c-format msgid "you do not exist in the %s database" msgstr "%s 데이터베이스에 없습니다" @@ -1050,31 +1480,31 @@ msgid "failed to initialise the ACE API library" msgstr "ACE API 라이브러리 초기화에 실패했습니다" -#: plugins/sudoers/auth/securid5.c:98 +#: plugins/sudoers/auth/securid5.c:103 msgid "unable to contact the SecurID server" msgstr "SecurID 서버에 연결할 수 없습니다" -#: plugins/sudoers/auth/securid5.c:107 +#: plugins/sudoers/auth/securid5.c:112 msgid "User ID locked for SecurID Authentication" msgstr "SecurID 인증 과정에 사용자 ID가 잠겼습니다" -#: plugins/sudoers/auth/securid5.c:111 plugins/sudoers/auth/securid5.c:162 +#: plugins/sudoers/auth/securid5.c:116 plugins/sudoers/auth/securid5.c:167 msgid "invalid username length for SecurID" msgstr "SecurID용 사용자 이름 길이가 잘못되었습니다" -#: plugins/sudoers/auth/securid5.c:115 plugins/sudoers/auth/securid5.c:167 +#: plugins/sudoers/auth/securid5.c:120 plugins/sudoers/auth/securid5.c:172 msgid "invalid Authentication Handle for SecurID" msgstr "SecurID용 인증 핸들이 잘못되었습니다" -#: plugins/sudoers/auth/securid5.c:119 +#: plugins/sudoers/auth/securid5.c:124 msgid "SecurID communication failed" msgstr "SecurID 통신에 실패했습니다" -#: plugins/sudoers/auth/securid5.c:123 plugins/sudoers/auth/securid5.c:210 +#: plugins/sudoers/auth/securid5.c:128 plugins/sudoers/auth/securid5.c:215 msgid "unknown SecurID error" msgstr "알 수 없는 SecurID 오류" -#: plugins/sudoers/auth/securid5.c:157 +#: plugins/sudoers/auth/securid5.c:162 msgid "invalid passcode length for SecurID" msgstr "SecurID용 암호 길이가 잘못되었습니다" @@ -1084,7 +1514,7 @@ #: plugins/sudoers/auth/sudo_auth.c:132 msgid "invalid authentication methods" -msgstr "잘못된 인증 방식" +msgstr "부적절한 인증 방식" #: plugins/sudoers/auth/sudo_auth.c:134 msgid "Invalid authentication methods compiled into sudo! You may not mix standalone and non-standalone authentication." @@ -1114,7 +1544,17 @@ msgid "unable to commit audit record" msgstr "감사 레코드를 제출할 수 없습니다" -#: plugins/sudoers/check.c:258 +#: plugins/sudoers/check.c:264 +#, c-format +msgid "error reading lecture file %s" +msgstr "%s 지시 파일 읽기 오류" + +#: plugins/sudoers/check.c:270 +#, c-format +msgid "ignoring lecture file %s: not a regular file" +msgstr "%s 지시 파일 무시: 일반 파일이 아닙니다" + +#: plugins/sudoers/check.c:283 msgid "" "\n" "We trust you have received the usual lecture from the local System\n" @@ -1134,118 +1574,122 @@ " #3) 막강한 힘에는 상당한 책임이 뒤따릅니다.\n" "\n" -#: plugins/sudoers/check.c:301 plugins/sudoers/check.c:311 -#: plugins/sudoers/sudoers.c:837 plugins/sudoers/sudoers.c:858 +#: plugins/sudoers/check.c:331 plugins/sudoers/check.c:341 +#: plugins/sudoers/sudoers.c:885 plugins/sudoers/sudoers.c:906 #: plugins/sudoers/tsdump.c:119 #, c-format -msgid "unknown uid: %u" -msgstr "알 수 없는 uid: %u" +msgid "unknown uid %u" +msgstr "알 수 없는 uid %u" + +#: plugins/sudoers/check_aliases.c:92 +#, c-format +msgid "Error: %s:%d:%d: cycle in %s \"%s\"" +msgstr "오류: %4$s \"%5$s\"의 %1$s:%2$d:%3$d: 사이클" + +#: plugins/sudoers/check_aliases.c:93 +#, c-format +msgid "Warning: %s:%d:%d: cycle in %s \"%s\"" +msgstr "경고: %4$s \"%5$s\"의 %1$s:%2$d:%3$d: 사이클" + +#: plugins/sudoers/check_aliases.c:97 +#, c-format +msgid "Error: %s:%d:%d: %s \"%s\" referenced but not defined" +msgstr "오류: %s:%d:%d: %s \"%s\"을(를) 참조했지만 정의하지 않았습니다" -#: plugins/sudoers/check.c:306 plugins/sudoers/exptilde.c:85 -#: plugins/sudoers/iolog.c:118 plugins/sudoers/policy.c:1088 -#: plugins/sudoers/sudoers.c:440 plugins/sudoers/sudoers.c:1307 -#: plugins/sudoers/testsudoers.c:219 plugins/sudoers/testsudoers.c:386 +#: plugins/sudoers/check_aliases.c:98 #, c-format -msgid "unknown user: %s" -msgstr "알 수 없는 사용자: %s" +msgid "Warning: %s:%d:%d: %s \"%s\" referenced but not defined" +msgstr "경고: %s:%d:%d: %s \"%s\"을(를) 참조했지만 정의하지 않았습니다" -#: plugins/sudoers/cvtsudoers.c:194 +#: plugins/sudoers/cvtsudoers.c:209 #, c-format msgid "order increment: %s: %s" msgstr "순서 증가: %s: %s" -#: plugins/sudoers/cvtsudoers.c:210 +#: plugins/sudoers/cvtsudoers.c:228 #, c-format msgid "starting order: %s: %s" msgstr "순서 시작: %s: %s" -#: plugins/sudoers/cvtsudoers.c:220 +#: plugins/sudoers/cvtsudoers.c:238 #, c-format msgid "order padding: %s: %s" msgstr "순서 패딩: %s: %s" -#: plugins/sudoers/cvtsudoers.c:230 plugins/sudoers/visudo.c:179 +#: plugins/sudoers/cvtsudoers.c:248 plugins/sudoers/visudo.c:179 #, c-format msgid "%s grammar version %d\n" msgstr "%s 문법 버전 %d\n" -#: plugins/sudoers/cvtsudoers.c:247 plugins/sudoers/testsudoers.c:167 +#: plugins/sudoers/cvtsudoers.c:277 plugins/sudoers/testsudoers.c:159 #, c-format msgid "unsupported input format %s" msgstr "지원하지 않는 %s 입력 형식" -#: plugins/sudoers/cvtsudoers.c:262 +#: plugins/sudoers/cvtsudoers.c:295 #, c-format msgid "unsupported output format %s" msgstr "지원하지 않는 %s 출력 형식" -#: plugins/sudoers/cvtsudoers.c:314 +#: plugins/sudoers/cvtsudoers.c:385 #, c-format msgid "%s: input and output files must be different" msgstr "%s: 입출력 파일은 달라야합니다" -#: plugins/sudoers/cvtsudoers.c:330 plugins/sudoers/sudoers.c:178 -#: plugins/sudoers/testsudoers.c:258 plugins/sudoers/visudo.c:249 -#: plugins/sudoers/visudo.c:603 plugins/sudoers/visudo.c:926 +#: plugins/sudoers/cvtsudoers.c:399 plugins/sudoers/sudoers.c:159 +#: plugins/sudoers/sudoers.c:205 plugins/sudoers/testsudoers.c:254 +#: plugins/sudoers/visudo.c:261 plugins/sudoers/visudo.c:620 +#: plugins/sudoers/visudo.c:953 msgid "unable to initialize sudoers default values" msgstr "sudoers 기본 값을 초기화할 수 없습니다" -#: plugins/sudoers/cvtsudoers.c:416 plugins/sudoers/ldap_conf.c:431 +#: plugins/sudoers/cvtsudoers.c:522 plugins/sudoers/ldap_conf.c:431 #, c-format msgid "%s: %s: %s: %s" msgstr "%s: %s: %s: %s" -#: plugins/sudoers/cvtsudoers.c:475 +#: plugins/sudoers/cvtsudoers.c:581 #, c-format -msgid "%s: unknown key word: %s" -msgstr "%s: 알 수 없는 키워드: %s" +msgid "%s: unknown key word %s" +msgstr "%s: 알 수 없는 키워드 %s" -#: plugins/sudoers/cvtsudoers.c:521 +#: plugins/sudoers/cvtsudoers.c:627 #, c-format msgid "invalid defaults type: %s" -msgstr "잘못된 기본 형식: %s" +msgstr "부적절한 기본 형식: %s" -#: plugins/sudoers/cvtsudoers.c:544 +#: plugins/sudoers/cvtsudoers.c:650 #, c-format msgid "invalid suppression type: %s" -msgstr "잘못된 생략 형식: %s" +msgstr "부적절한 생략 형식: %s" -#: plugins/sudoers/cvtsudoers.c:584 plugins/sudoers/cvtsudoers.c:598 +#: plugins/sudoers/cvtsudoers.c:691 plugins/sudoers/cvtsudoers.c:707 #, c-format msgid "invalid filter: %s" -msgstr "잘못된 필터: %s" - -#: plugins/sudoers/cvtsudoers.c:617 plugins/sudoers/cvtsudoers.c:634 -#: plugins/sudoers/cvtsudoers.c:1244 plugins/sudoers/cvtsudoers_json.c:872 -#: plugins/sudoers/cvtsudoers_ldif.c:688 plugins/sudoers/sudoers.c:1053 -#: plugins/sudoers/sudoreplay.c:1435 plugins/sudoers/timestamp.c:441 -#: plugins/sudoers/tsdump.c:128 plugins/sudoers/visudo.c:922 -#, c-format -msgid "unable to open %s" -msgstr "%s을(를) 열 수 없습니다" +msgstr "부적절한 필터: %s" -#: plugins/sudoers/cvtsudoers.c:637 plugins/sudoers/visudo.c:931 +#: plugins/sudoers/cvtsudoers.c:751 plugins/sudoers/visudo.c:958 #, c-format msgid "failed to parse %s file, unknown error" msgstr "%s 파일 해석에 실패했습니다. 알 수 없는 오류." -#: plugins/sudoers/cvtsudoers.c:645 +#: plugins/sudoers/cvtsudoers.c:759 #, c-format msgid "parse error in %s near line %d\n" msgstr "%s %d번째 줄 인근 해석 오류\n" -#: plugins/sudoers/cvtsudoers.c:648 +#: plugins/sudoers/cvtsudoers.c:762 #, c-format msgid "parse error in %s\n" msgstr "%s 해석 오류\n" -#: plugins/sudoers/cvtsudoers.c:1291 plugins/sudoers/sudoreplay.c:1124 -#: plugins/sudoers/timestamp.c:325 plugins/sudoers/timestamp.c:328 +#: plugins/sudoers/cvtsudoers.c:1486 plugins/sudoers/sudoreplay.c:1145 +#: plugins/sudoers/timestamp.c:317 plugins/sudoers/timestamp.c:320 #, c-format msgid "unable to write to %s" msgstr "%s에 기록할 수 없습니다" -#: plugins/sudoers/cvtsudoers.c:1314 +#: plugins/sudoers/cvtsudoers.c:1509 #, c-format msgid "" "%s - convert between sudoers file formats\n" @@ -1254,7 +1698,7 @@ "%s - sudoers 파일 형식을 변환합니다\n" "\n" -#: plugins/sudoers/cvtsudoers.c:1316 +#: plugins/sudoers/cvtsudoers.c:1511 msgid "" "\n" "Options:\n" @@ -1294,33 +1738,75 @@ " -s, --suppress=<섹션> 지정 <섹션> 출력은 제외합니다\n" " -V, --version 버전 정보를 표시하고 빠져나갑니다" -#: plugins/sudoers/cvtsudoers_json.c:480 plugins/sudoers/cvtsudoers_json.c:514 -#: plugins/sudoers/cvtsudoers_json.c:713 -#, c-format -msgid "unknown defaults entry \"%s\"" -msgstr "알 수 없는 \"%s\" 기본 항목" - -#: plugins/sudoers/cvtsudoers_json.c:651 plugins/sudoers/cvtsudoers_json.c:664 -#: plugins/sudoers/cvtsudoers_ldif.c:346 plugins/sudoers/cvtsudoers_ldif.c:357 -#: plugins/sudoers/ldap.c:503 +#: plugins/sudoers/cvtsudoers_csv.c:452 plugins/sudoers/cvtsudoers_csv.c:466 +#: plugins/sudoers/cvtsudoers_json.c:654 plugins/sudoers/cvtsudoers_json.c:669 +#: plugins/sudoers/cvtsudoers_ldif.c:347 plugins/sudoers/cvtsudoers_ldif.c:360 +#: plugins/sudoers/ldap.c:504 msgid "unable to get GMT time" msgstr "GMT 시간을 가져올 수 없습니다" -#: plugins/sudoers/cvtsudoers_json.c:654 plugins/sudoers/cvtsudoers_json.c:667 -#: plugins/sudoers/cvtsudoers_ldif.c:349 plugins/sudoers/cvtsudoers_ldif.c:360 -#: plugins/sudoers/ldap.c:509 +#: plugins/sudoers/cvtsudoers_csv.c:457 plugins/sudoers/cvtsudoers_csv.c:471 +#: plugins/sudoers/cvtsudoers_json.c:659 plugins/sudoers/cvtsudoers_json.c:674 +#: plugins/sudoers/cvtsudoers_ldif.c:352 plugins/sudoers/cvtsudoers_ldif.c:365 +#: plugins/sudoers/ldap.c:512 msgid "unable to format timestamp" msgstr "타임스탬프를 형식에 맞출 수 없습니다" -#: plugins/sudoers/cvtsudoers_ldif.c:640 +#: plugins/sudoers/cvtsudoers_json.c:480 plugins/sudoers/cvtsudoers_json.c:515 +#: plugins/sudoers/cvtsudoers_json.c:725 plugins/sudoers/defaults.c:189 +#, c-format +msgid "%s:%d:%d: unknown defaults entry \"%s\"" +msgstr "%s:%d:%d: 알 수 없는 \"%s\" 기본 항목" + +#: plugins/sudoers/cvtsudoers_ldif.c:649 #, c-format msgid "too many sudoers entries, maximum %u" msgstr "sudoers 항목이 너무 많습니다. 최대 갯수는 %u개 입니다" -#: plugins/sudoers/cvtsudoers_ldif.c:683 +#: plugins/sudoers/cvtsudoers_ldif.c:692 msgid "the SUDOERS_BASE environment variable is not set and the -b option was not specified." msgstr "SUDOERS_BASE 환경 변수를 설정하지 않았으며 -b 옵션을 지정하지 않았습니다." +#: plugins/sudoers/cvtsudoers_merge.c:438 +#, c-format +msgid "unable to find alias %s" +msgstr "%s 별칭을 찾을 수 없습니다" + +#: plugins/sudoers/cvtsudoers_merge.c:441 +#, c-format +msgid "%s:%d:%d: renaming alias %s to %s" +msgstr "%s:%d:%d: %s 별칭을 %s(으)로 바꿈" + +#: plugins/sudoers/cvtsudoers_merge.c:498 +#, c-format +msgid "%s:%d:%d: removing duplicate alias %s" +msgstr "%s:%d:%d: %s 중복 별칭 제거 중" + +#: plugins/sudoers/cvtsudoers_merge.c:658 +#, c-format +msgid "%s:%d:%d: conflicting Defaults entry \"%s\" host-specific in %s:%d:%d" +msgstr "%1$s:%2$d:%3$d: %5$s:%6$d:%7$d에서 호스트별 \"%4$s\" 기본 항목 중복" + +#: plugins/sudoers/cvtsudoers_merge.c:698 +#, c-format +msgid "%s:%d:%d: made Defaults \"%s\" specific to host %s" +msgstr "%s:%d:%d: \"%s\"에 대한 %s 호스트를 기본으로 지정" + +#: plugins/sudoers/cvtsudoers_merge.c:718 +#, c-format +msgid "%s:%d:%d: removing Defaults \"%s\" overridden by subsequent entries" +msgstr "%s:%d:%d: 하위 항목이 우선하는 기본 \"%s\" 항목 제거 중" + +#: plugins/sudoers/cvtsudoers_merge.c:723 +#, c-format +msgid "%s:%d:%d: unable to make Defaults \"%s\" host-specific" +msgstr "%s:%d:%d: 호스트별 \"%s\" 기본 항목을 설정할 수 없습니다" + +#: plugins/sudoers/cvtsudoers_merge.c:943 +#, c-format +msgid "%s:%d:%d: removing userspec overridden by subsequent entries" +msgstr "%s:%d:%d: 하위 항목이 우선하는 사용자 지정 항목 제거 중" + #: plugins/sudoers/def_data.c:50 #, c-format msgid "Syslog facility if syslog is being used for logging: %s" @@ -1573,7 +2059,7 @@ #: plugins/sudoers/def_data.c:274 msgid "Preload the sudo_noexec library which replaces the exec functions" -msgstr "exec 함수를 대체하는 sudo_noexec 라이브러리를 미리 불러옵니다" +msgstr "exec 함수를 대신하는 sudo_noexec 라이브러리를 미리 불러옵니다" #: plugins/sudoers/def_data.c:278 msgid "If LDAP directory is up, do we ignore local sudoers file" @@ -1900,95 +2386,194 @@ msgid "The format of logs to produce: %s" msgstr "로그 기록 형식: %s" -#: plugins/sudoers/defaults.c:185 +#: plugins/sudoers/def_data.c:574 +msgid "Enable SELinux RBAC support" +msgstr "SELinux RBAC 지원을 사용합니다" + +#: plugins/sudoers/def_data.c:578 #, c-format -msgid "%s:%d:%d: unknown defaults entry \"%s\"" -msgstr "%s:%d:%d: 알 수 없는 \"%s\" 기본 항목" +msgid "Path to the file that is created the first time sudo is run: %s" +msgstr "sudo를 처음 실행할 때 만든 파일의 경로: %s" + +#: plugins/sudoers/def_data.c:582 +msgid "Intercept further commands and apply sudoers restrictions to them" +msgstr "추가 명령을 가로채고 sudoer 제한을 적용합니다" + +#: plugins/sudoers/def_data.c:586 +msgid "Log sub-commands run by the original command" +msgstr "원본 명령으로 실행하는 하위 명령 기록" + +#: plugins/sudoers/def_data.c:590 +msgid "Log the exit status of commands" +msgstr "실행 명령 끝내기 상태 기록" + +#: plugins/sudoers/def_data.c:594 +msgid "Subsequent commands in an intercepted session must be authenticated" +msgstr "가로챈 세션에서의 순차 명령 실행시 인증해야 합니다" + +#: plugins/sudoers/def_data.c:598 +msgid "Allow an intercepted command to run set setuid or setgid programs" +msgstr "setuid 또는 setgid 프로그램을 실행할 가로채기 명령 실행 허용" + +#: plugins/sudoers/def_data.c:602 +#, c-format +msgid "The maximum size to which the process's address space may grow (in bytes): %s" +msgstr "프로세스 주소 영역을 확장할 최대 크기(바이트 단위): %s" + +#: plugins/sudoers/def_data.c:606 +#, c-format +msgid "The largest size core dump file that may be created (in bytes): %s" +msgstr "코어 덤프 파일 최대 생성 크기(바이트 단위): %s" + +#: plugins/sudoers/def_data.c:610 +#, c-format +msgid "The maximum amount of CPU time that the process may use (in seconds): %s" +msgstr "프로세스 최대 CPU 사용 시간(초 단위): %s" + +#: plugins/sudoers/def_data.c:614 +#, c-format +msgid "The maximum size of the data segment for the process (in bytes): %s" +msgstr "프로세스 데이터 세그먼트 최대 크기(바이트 단위): %s" + +#: plugins/sudoers/def_data.c:618 +#, c-format +msgid "The largest size file that the process may create (in bytes): %s" +msgstr "프로세스에서 만들 최대 파일 크기(바이트 단위): %s" + +#: plugins/sudoers/def_data.c:622 +#, c-format +msgid "The maximum number of locks that the process may establish: %s" +msgstr "프로세스 실행 최대 잠금 횟수: %s" + +#: plugins/sudoers/def_data.c:626 +#, c-format +msgid "The maximum size that the process may lock in memory (in bytes): %s" +msgstr "메모리에서 잠글 프로세스 최대 크기(바이트 단위): %s" + +#: plugins/sudoers/def_data.c:630 +#, c-format +msgid "The maximum number of files that the process may have open: %s" +msgstr "프로세스에서 열 파일 최대 갯수: %s" + +#: plugins/sudoers/def_data.c:634 +#, c-format +msgid "The maximum number of processes that the user may run simultaneously: %s" +msgstr "사용자가 동시 실행할 최대 프로세스 갯수: %s" + +#: plugins/sudoers/def_data.c:638 +#, c-format +msgid "The maximum size to which the process's resident set size may grow (in bytes): %s" +msgstr "프로세스 상주시 최대 확장 크기(바이트 단위): %s" + +#: plugins/sudoers/def_data.c:642 +#, c-format +msgid "The maximum size to which the process's stack may grow (in bytes): %s" +msgstr "프로세스 스택 크기 증가 최대 크기(바이트 단위): %s" -#: plugins/sudoers/defaults.c:188 +#: plugins/sudoers/defaults.c:192 #, c-format msgid "%s: unknown defaults entry \"%s\"" msgstr "%s: 알 수 없는 \"%s\" 기본 항목" -#: plugins/sudoers/defaults.c:234 +#: plugins/sudoers/defaults.c:241 #, c-format msgid "%s:%d:%d: no value specified for \"%s\"" msgstr "%s:%d:%d \"%s\"에 지정한 값이 없습니다" -#: plugins/sudoers/defaults.c:237 +#: plugins/sudoers/defaults.c:244 #, c-format msgid "%s: no value specified for \"%s\"" msgstr "%s: \"%s\"에 지정한 값이 없습니다" -#: plugins/sudoers/defaults.c:275 +#: plugins/sudoers/defaults.c:257 +#, c-format +msgid "%s:%d:%d: invalid operator \"%c=\" for \"%s\"" +msgstr "%1$s:%2$d:%3$d: \"%5$s\"에 부적절한 연산자 \"%4$c=\"" + +#: plugins/sudoers/defaults.c:260 +#, c-format +msgid "%s: invalid operator \"%c=\" for \"%s\"" +msgstr "%1$s: \"%3$s\"의 부적절한 연산자 \"%2$c=\"" + +#: plugins/sudoers/defaults.c:296 #, c-format msgid "%s:%d:%d: option \"%s\" does not take a value" msgstr "%s:%d:%d: \"%s\" 옵션에 값이 없습니다" -#: plugins/sudoers/defaults.c:278 +#: plugins/sudoers/defaults.c:299 #, c-format msgid "%s: option \"%s\" does not take a value" msgstr "%s: \"%s\" 옵션에 값이 없습니다" -#: plugins/sudoers/defaults.c:303 +#: plugins/sudoers/defaults.c:327 #, c-format msgid "%s:%d:%d: invalid Defaults type 0x%x for option \"%s\"" -msgstr "%1$s:%2$d:%3$d \"%5$s\" 옵션의 잘못된 기본 형식 0x%4$x" +msgstr "%1$s:%2$d:%3$d \"%5$s\" 옵션의 부적절한 기본 형식 0x%4$x" -#: plugins/sudoers/defaults.c:306 +#: plugins/sudoers/defaults.c:330 #, c-format msgid "%s: invalid Defaults type 0x%x for option \"%s\"" -msgstr "%1$s: \"%3$s\" 옵션의 잘못된 기본 형식 0x%2$x" +msgstr "%1$s: \"%3$s\" 옵션의 부적절한 기본 형식 0x%2$x" -#: plugins/sudoers/defaults.c:316 +#: plugins/sudoers/defaults.c:340 #, c-format msgid "%s:%d:%d: value \"%s\" is invalid for option \"%s\"" msgstr "%s:%d:%d: \"%s\" 값은 \"%s\" 옵션에 맞지 않습니다" -#: plugins/sudoers/defaults.c:319 +#: plugins/sudoers/defaults.c:343 #, c-format msgid "%s: value \"%s\" is invalid for option \"%s\"" msgstr "%s: \"%s\" 값은 \"%s\" 옵션에 맞지 않습니다" -#: plugins/sudoers/defaults.c:1030 +#: plugins/sudoers/defaults.c:1124 +#, c-format +msgid "%s:%d:%d: path name for \"%s\" too long" +msgstr "%s:%d:%d: \"%s\" 경로 이름이 너무 깁니다" + +#: plugins/sudoers/defaults.c:1127 +#, c-format +msgid "%s: path name for \"%s\" too long" +msgstr "%s: \"%s\" 경로 이름이 너무 깁니다" + +#: plugins/sudoers/defaults.c:1138 #, c-format msgid "%s:%d:%d: values for \"%s\" must start with a '/', '~', or '*'" msgstr "%s:%d:%d: \"%s\" 값은 '/'; '~'; '*' 문자로 시작해야합니다" -#: plugins/sudoers/defaults.c:1034 +#: plugins/sudoers/defaults.c:1142 #, c-format msgid "%s: values for \"%s\" must start with a '/', '~', or '*'" msgstr "%s: \"%s\" 값은 '/'; '~'; '*' 문자로 시작해야합니다" -#: plugins/sudoers/defaults.c:1045 +#: plugins/sudoers/defaults.c:1153 #, c-format msgid "%s:%d:%d: values for \"%s\" must start with a '/'" msgstr "%s:%d:%d: \"%s\" 값은 '/' 문자로 시작해야합니다" -#: plugins/sudoers/defaults.c:1049 +#: plugins/sudoers/defaults.c:1157 #, c-format msgid "%s: values for \"%s\" must start with a '/'" msgstr "%s: \"%s\" 값은 '/' 문자로 시작해야합니다" -#: plugins/sudoers/env.c:405 +#: plugins/sudoers/env.c:412 msgid "sudo_putenv: corrupted envp, length mismatch" msgstr "sudo_putenv: envp가 깨졌습니다. 길이가 일치하지 않습니다" -#: plugins/sudoers/env.c:1133 +#: plugins/sudoers/env.c:1095 msgid "unable to rebuild the environment" msgstr "환경 구성을 다시 갖출 수 없습니다" -#: plugins/sudoers/env.c:1207 +#: plugins/sudoers/env.c:1169 #, c-format msgid "sorry, you are not allowed to set the following environment variables: %s" msgstr "죄송하지만 다음 환경 변수를 설정하도록 허가받지 않았습니다: %s" -#: plugins/sudoers/file.c:107 +#: plugins/sudoers/file.c:108 #, c-format msgid "parse error in %s near line %d" msgstr "%s %d번째 줄에서 해석 오류" -#: plugins/sudoers/file.c:110 +#: plugins/sudoers/file.c:111 #, c-format msgid "parse error in %s" msgstr "%s 해석 오류" @@ -2013,7 +2598,7 @@ msgid "%s must only be writable by owner" msgstr "%s은(는) 소유자만 쓸 수 있습니다" -#: plugins/sudoers/group_plugin.c:96 plugins/sudoers/sssd.c:569 +#: plugins/sudoers/group_plugin.c:96 plugins/sudoers/sssd.c:566 #, c-format msgid "unable to load %s: %s" msgstr "%s을(를) 불러올 수 없습니다: %s" @@ -2028,59 +2613,54 @@ msgid "%s: incompatible group plugin major version %d, expected %d" msgstr "%s: 호환되지 않는 그룹 플러그인 주 버전 %d입니다. %d이(가) 필요합니다." -#: plugins/sudoers/interfaces.c:80 plugins/sudoers/interfaces.c:97 +#: plugins/sudoers/interfaces.c:76 plugins/sudoers/interfaces.c:93 #, c-format msgid "unable to parse IP address \"%s\"" msgstr "\"%s\" IP 주소를 해석할 수 없습니다" -#: plugins/sudoers/interfaces.c:85 plugins/sudoers/interfaces.c:102 +#: plugins/sudoers/interfaces.c:81 plugins/sudoers/interfaces.c:98 #, c-format msgid "unable to parse netmask \"%s\"" msgstr "\"%s\" 네트워크 마스크 주소를 해석할 수 없습니다" -#: plugins/sudoers/interfaces.c:130 +#: plugins/sudoers/interfaces.c:126 msgid "Local IP address and netmask pairs:\n" msgstr "로컬 IP 주소 및 넷마스크 쌍:\n" -#: plugins/sudoers/iolog.c:143 plugins/sudoers/sudoers.c:445 -#: plugins/sudoers/sudoers.c:1341 plugins/sudoers/testsudoers.c:410 -#, c-format -msgid "unknown group: %s" -msgstr "잘못된 그룹: %s" - -#: plugins/sudoers/iolog.c:622 +#: plugins/sudoers/iolog.c:626 msgid "unable to update sequence file" msgstr "시퀀스 파일을 업데이트할 수 없습니다" -#: plugins/sudoers/iolog.c:653 plugins/sudoers/iolog.c:841 -#: plugins/sudoers/iolog.c:994 plugins/sudoers/iolog.c:1001 -#: plugins/sudoers/iolog.c:1122 plugins/sudoers/iolog.c:1129 -#: plugins/sudoers/iolog.c:1228 plugins/sudoers/iolog.c:1235 +#: plugins/sudoers/iolog.c:660 plugins/sudoers/iolog.c:848 +#: plugins/sudoers/iolog.c:1001 plugins/sudoers/iolog.c:1008 +#: plugins/sudoers/iolog.c:1129 plugins/sudoers/iolog.c:1136 +#: plugins/sudoers/iolog.c:1235 plugins/sudoers/iolog.c:1242 #, c-format msgid "unable to write to I/O log file: %s" msgstr "입출력 로그에 기록할 수 없습니다: %s" -#: plugins/sudoers/iolog.c:661 +#: plugins/sudoers/iolog.c:668 #, c-format msgid "unable to create %s/%s" msgstr "%s/%s을(를) 만들 수 없습니다" -#: plugins/sudoers/iolog.c:886 +#: plugins/sudoers/iolog.c:893 #, c-format msgid "%s: internal error, I/O log file for event %d not open" msgstr "%s: 내부 오류. 이벤트 %d 번의 입출력 로그 파일을 열지 않았습니다" -#: plugins/sudoers/iolog.c:979 plugins/sudoers/iolog.c:1107 -#: plugins/sudoers/iolog.c:1212 plugins/sudoers/timestamp.c:855 -#: plugins/sudoers/timestamp.c:947 plugins/sudoers/visudo.c:493 -#: plugins/sudoers/visudo.c:499 +#: plugins/sudoers/iolog.c:986 plugins/sudoers/iolog.c:1114 +#: plugins/sudoers/iolog.c:1219 plugins/sudoers/timestamp.c:849 +#: plugins/sudoers/timestamp.c:941 plugins/sudoers/visudo.c:510 +#: plugins/sudoers/visudo.c:516 msgid "unable to read the clock" msgstr "클록을 읽을 수 없습니다" -#: plugins/sudoers/iolog.c:1204 plugins/sudoers/log_client.c:1193 +#: plugins/sudoers/iolog.c:1211 plugins/sudoers/log_client.c:1221 +#: plugins/sudoers/log_client.c:1231 plugins/sudoers/log_client.c:1235 #, c-format msgid "%s: internal error, invalid signal %d" -msgstr "%s: 내부 오류. 잘못된 시그널 %d번" +msgstr "%s: 내부 오류. 부적절한 시그널 %d번" #: plugins/sudoers/ldap.c:177 plugins/sudoers/ldap_conf.c:291 msgid "starttls not supported when using ldaps" @@ -2096,19 +2676,19 @@ msgid "you must set TLS_CERT in %s to use SSL" msgstr "SSL을 사용하려면 %s에서 TLS_CERT를 설정해야 합니다" -#: plugins/sudoers/ldap.c:1660 +#: plugins/sudoers/ldap.c:1663 #, c-format msgid "unable to initialize LDAP: %s" msgstr "LDAP를 초기화할 수 없습니다: %s" -#: plugins/sudoers/ldap.c:1697 +#: plugins/sudoers/ldap.c:1700 msgid "start_tls specified but LDAP libs do not support ldap_start_tls_s() or ldap_start_tls_s_np()" msgstr "start_tls를 지정했지만 LDAP 라이브러리에서 ldap_start_tls_s() 또는 ldap_start_tls_s_np() 함수를 지원하지 않습니다" -#: plugins/sudoers/ldap.c:1834 plugins/sudoers/parse_ldif.c:744 +#: plugins/sudoers/ldap.c:1837 plugins/sudoers/parse_ldif.c:747 #, c-format msgid "invalid sudoOrder attribute: %s" -msgstr "잘못된 sudoOrder 속성: %s" +msgstr "부적절한 sudoOrder 속성: %s" #: plugins/sudoers/ldap_conf.c:200 #, c-format @@ -2124,100 +2704,132 @@ msgid "unable to mix ldap and ldaps URIs" msgstr "ldap 및 ldaps URI를 함께 사용할 수 없습니다" -#: plugins/sudoers/ldap_util.c:553 plugins/sudoers/ldap_util.c:555 +#: plugins/sudoers/ldap_util.c:498 plugins/sudoers/ldap_util.c:505 +#: plugins/sudoers/ldap_util.c:513 plugins/sudoers/ldap_util.c:522 +#: plugins/sudoers/ldap_util.c:530 plugins/sudoers/ldap_util.c:540 +#: plugins/sudoers/ldap_util.c:548 +#, c-format +msgid "duplicate sudoOption: %s%s%s" +msgstr "sudoOption 복제: %s%s%s" + +#: plugins/sudoers/ldap_util.c:567 plugins/sudoers/ldap_util.c:569 #, c-format msgid "unable to convert sudoOption: %s%s%s" msgstr "sudoOption을 변환할 수 없습니다: %s%s%s" -#: plugins/sudoers/linux_audit.c:58 +#: plugins/sudoers/linux_audit.c:58 plugins/sudoers/linux_audit.c:60 msgid "unable to open audit system" msgstr "감시 시스템을 열 수 없습니다" -#: plugins/sudoers/linux_audit.c:101 +#: plugins/sudoers/linux_audit.c:103 msgid "unable to send audit message" msgstr "감시 메시지를 보낼 수 없습니다" -#: plugins/sudoers/log_client.c:113 plugins/sudoers/log_client.c:391 -#: plugins/sudoers/log_client.c:1431 plugins/sudoers/log_client.c:2023 +#: plugins/sudoers/log_client.c:120 plugins/sudoers/log_client.c:400 +#: plugins/sudoers/log_client.c:1468 plugins/sudoers/log_client.c:2070 msgid "error in event loop" msgstr "이벤트 루프 오류" -#: plugins/sudoers/log_client.c:193 +#: plugins/sudoers/log_client.c:200 #, c-format msgid "Creation of new SSL_CTX object failed: %s" msgstr "SSL_CTX 객체 만들기 실패: %s" -#: plugins/sudoers/log_client.c:345 plugins/sudoers/log_client.c:350 +#: plugins/sudoers/log_client.c:223 +#, c-format +msgid "unable to load certificate authority bundle %s" +msgstr "%s 인증서 인증 번들을 불러올 수 없습니다" + +#: plugins/sudoers/log_client.c:243 +#, c-format +msgid "unable to load certificate %s" +msgstr "%s 인증서를 불러올 수 없습니다" + +#: plugins/sudoers/log_client.c:256 +#, c-format +msgid "unable to load private key %s" +msgstr "%s 개인 키를 불러올 수 없습니다" + +#: plugins/sudoers/log_client.c:265 +#, c-format +msgid "Unable to allocate ssl object: %s" +msgstr "SSL 객체를 할당할 수 없습니다: %s" + +#: plugins/sudoers/log_client.c:353 plugins/sudoers/log_client.c:358 #, c-format msgid "TLS connection to %s:%s failed: %s" msgstr "%s:%s로의 TLS 연결 실패: %s" -#: plugins/sudoers/log_client.c:519 +#: plugins/sudoers/log_client.c:531 msgid "TLS initialization was unsuccessful" msgstr "TLS 초기화에 실패했습니다" -#: plugins/sudoers/log_client.c:528 +#: plugins/sudoers/log_client.c:541 msgid "TLS handshake was unsuccessful" msgstr "TLS 핸드셰이킹에 실패했습니다" -#: plugins/sudoers/log_client.c:1202 +#: plugins/sudoers/log_client.c:1239 #, c-format msgid "%s: internal error, invalid exit status %d" -msgstr "%s: 내부 오류. 잘못된 시그널 %d" +msgstr "%s: 내부 오류. 부적절한 종료 상태 %d" + +#: plugins/sudoers/log_client.c:1608 +msgid "unable to unpack ServerMessage" +msgstr "ServerMessage를 언팩할 수 없습니다" -#: plugins/sudoers/log_client.c:1738 +#: plugins/sudoers/log_client.c:1763 plugins/sudoers/log_client.c:1787 msgid "lost connection to log server" msgstr "로그 서버의 연결이 끊어졌습니다" -#: plugins/sudoers/log_client.c:1815 +#: plugins/sudoers/log_client.c:1864 msgid "missing write buffer" msgstr "기록 버퍼 빠짐" -#: plugins/sudoers/log_client.c:1964 +#: plugins/sudoers/log_client.c:2011 msgid "unable to connect to log server" msgstr "로그 서버에 연결할 수 없습니다" -#: plugins/sudoers/logging.c:244 +#: plugins/sudoers/logging.c:286 msgid "user NOT in sudoers" msgstr "사용자가 sudoers에 없습니다" -#: plugins/sudoers/logging.c:246 +#: plugins/sudoers/logging.c:288 msgid "user NOT authorized on host" msgstr "사용자가 호스트에서 인증하지 않았습니다" -#: plugins/sudoers/logging.c:248 +#: plugins/sudoers/logging.c:290 msgid "command not allowed" msgstr "명령을 허용하지 않았습니다" -#: plugins/sudoers/logging.c:269 +#: plugins/sudoers/logging.c:311 #, c-format msgid "%s is not in the sudoers file. This incident will be reported.\n" msgstr "%s은(는) sudoers 설정 파일에 없습니다. 이 시도를 보고합니다.\n" -#: plugins/sudoers/logging.c:272 +#: plugins/sudoers/logging.c:314 #, c-format msgid "%s is not allowed to run sudo on %s. This incident will be reported.\n" msgstr "%s은(는) %s에서 sudo를 실행하도록 허가받지 않았습니다. 이 시도를 보고합니다.\n" -#: plugins/sudoers/logging.c:276 +#: plugins/sudoers/logging.c:318 #, c-format msgid "Sorry, user %s may not run sudo on %s.\n" msgstr "죄송하지만, %s 사용자는 %s에서 sudo를 실행하면 안됩니다.\n" -#: plugins/sudoers/logging.c:279 +#: plugins/sudoers/logging.c:321 #, c-format msgid "Sorry, user %s is not allowed to execute '%s%s%s' as %s%s%s on %s.\n" msgstr "죄송하지만 %1$s 사용자는 '%2$s%3$s%4$s'을(를) %8$s의 %5$s%6$s%7$s(으)로 실행하도록 허가받지 않았습니다.\n" -#: plugins/sudoers/logging.c:316 plugins/sudoers/sudoers.c:583 -#: plugins/sudoers/sudoers.c:585 plugins/sudoers/sudoers.c:587 -#: plugins/sudoers/sudoers.c:589 plugins/sudoers/sudoers.c:739 -#: plugins/sudoers/sudoers.c:741 +#: plugins/sudoers/logging.c:358 plugins/sudoers/sudoers.c:629 +#: plugins/sudoers/sudoers.c:631 plugins/sudoers/sudoers.c:633 +#: plugins/sudoers/sudoers.c:635 plugins/sudoers/sudoers.c:785 +#: plugins/sudoers/sudoers.c:787 #, c-format msgid "%s: command not found" msgstr "%s: 명령이 없습니다" -#: plugins/sudoers/logging.c:318 plugins/sudoers/sudoers.c:579 +#: plugins/sudoers/logging.c:360 plugins/sudoers/sudoers.c:625 #, c-format msgid "" "ignoring \"%s\" found in '.'\n" @@ -2226,26 +2838,21 @@ "'.'에 무시 중인 \"%1$s\" 요소가 있습니다.\n" "\"%3$s\" 명령을 실행하려면, \"sudo ./%2$s\" 명령을 사용하십시오." -#: plugins/sudoers/logging.c:337 +#: plugins/sudoers/logging.c:379 #, c-format msgid "%u incorrect password attempt" msgid_plural "%u incorrect password attempts" msgstr[0] "잘못된 암호 입력 시도 %u번" -#: plugins/sudoers/logging.c:393 +#: plugins/sudoers/logging.c:435 msgid "authentication failure" msgstr "인증 실패" -#: plugins/sudoers/logging.c:433 plugins/sudoers/logging.c:453 +#: plugins/sudoers/logging.c:475 plugins/sudoers/logging.c:495 msgid "a password is required" msgstr "암호가 필요합니다" -#: plugins/sudoers/logging.c:729 -#, c-format -msgid "unable to open log file: %s" -msgstr "로그 파일을 열 수 없습니다: %s" - -#: plugins/sudoers/logging.c:762 +#: plugins/sudoers/logging.c:889 #, c-format msgid "unable to write log file: %s" msgstr "로그 파일에 기록할 수 없습니다: %s" @@ -2255,7 +2862,15 @@ msgid "digest for %s (%s) is not in %s form" msgstr "%s 다이제스트(%s)는 %s 형식이 아닙니다" -#: plugins/sudoers/parse.c:518 +#: plugins/sudoers/parse.c:233 +msgid "SELinux RBAC is not supported when intercept mode is enabled" +msgstr "차단 모드를 활성화하면 SELinux RBAC를 지원하지 않습니다" + +#: plugins/sudoers/parse.c:238 +msgid "SELinux RBAC is not supported when the log_subcmds flag is enabled" +msgstr "log_subcmds 플래그를 켜두면 SELinux RBAC를 지원하지 않습니다" + +#: plugins/sudoers/parse.c:549 #, c-format msgid "" "\n" @@ -2264,7 +2879,7 @@ "\n" "LDAP 역할: %s\n" -#: plugins/sudoers/parse.c:521 +#: plugins/sudoers/parse.c:552 msgid "" "\n" "Sudoers entry:\n" @@ -2272,104 +2887,115 @@ "\n" "Sudoers 항목:\n" -#: plugins/sudoers/parse.c:523 +#: plugins/sudoers/parse.c:554 msgid " RunAsUsers: " msgstr " 실행 사용자: " -#: plugins/sudoers/parse.c:538 +#: plugins/sudoers/parse.c:569 msgid " RunAsGroups: " msgstr " 실행 그룹: " -#: plugins/sudoers/parse.c:548 +#: plugins/sudoers/parse.c:579 msgid " Options: " msgstr " 옵션: " -#: plugins/sudoers/parse.c:602 +#: plugins/sudoers/parse.c:643 msgid " Commands:\n" msgstr " 명령:\n" -#: plugins/sudoers/parse.c:793 +#: plugins/sudoers/parse.c:834 #, c-format msgid "Matching Defaults entries for %s on %s:\n" msgstr "%2$s에서 %1$s에 일치하는 기본 항목:\n" -#: plugins/sudoers/parse.c:811 +#: plugins/sudoers/parse.c:852 #, c-format msgid "Runas and Command-specific defaults for %s:\n" msgstr "%s의 실행 권한 및 명령별 기본 값:\n" -#: plugins/sudoers/parse.c:829 +#: plugins/sudoers/parse.c:870 #, c-format msgid "User %s may run the following commands on %s:\n" msgstr "%s 사용자는 %s에서 다음 명령을 실행해야 합니다:\n" -#: plugins/sudoers/parse.c:844 +#: plugins/sudoers/parse.c:885 #, c-format msgid "User %s is not allowed to run sudo on %s.\n" msgstr "%s 사용자는 %s에서 sudo를 실행하도록 허가받지 않았습니다.\n" -#: plugins/sudoers/parse_ldif.c:614 +#: plugins/sudoers/parse_ldif.c:617 #, c-format msgid "ignoring incomplete sudoRole: cn: %s" msgstr "미완결 sudoRole 무시: cn: %s" -#: plugins/sudoers/parse_ldif.c:674 +#: plugins/sudoers/parse_ldif.c:677 #, c-format msgid "invalid LDIF attribute: %s" -msgstr "잘못된 LDIF 속성: %s" +msgstr "부적절한 LDIF 속성: %s" -#: plugins/sudoers/policy.c:78 plugins/sudoers/policy.c:102 +#: plugins/sudoers/policy.c:80 plugins/sudoers/policy.c:111 #, c-format msgid "invalid %.*s set by sudo front-end" msgstr "sudo 프론트엔드의 %.*s 설정이 잘못되었습니다" -#: plugins/sudoers/policy.c:310 plugins/sudoers/testsudoers.c:272 +#: plugins/sudoers/policy.c:206 plugins/sudoers/policy.c:215 +#, c-format +msgid "path name for \"%s\" too long" +msgstr "\"%s\" 경로 이름이 너무 깁니다" + +#: plugins/sudoers/policy.c:328 plugins/sudoers/testsudoers.c:268 msgid "unable to parse network address list" msgstr "네트워크 주소 목록을 해석할 수 없습니다" -#: plugins/sudoers/policy.c:455 +#: plugins/sudoers/policy.c:479 msgid "user name not set by sudo front-end" msgstr "sudo 프론트엔드에서 사용자 이름을 설정하지 않았습니다" -#: plugins/sudoers/policy.c:459 +#: plugins/sudoers/policy.c:483 msgid "user-ID not set by sudo front-end" msgstr "sudo 프론트엔드에서 사용자 ID를 설정하지 않았습니다" -#: plugins/sudoers/policy.c:463 +#: plugins/sudoers/policy.c:487 msgid "group-ID not set by sudo front-end" msgstr "sudo 프론트엔드에서 그룹 ID를 지정하지 않았습니다" -#: plugins/sudoers/policy.c:467 +#: plugins/sudoers/policy.c:491 msgid "host name not set by sudo front-end" msgstr "sudo 프론트엔드에서 호스트 이름을 설정하지 않았습니다" -#: plugins/sudoers/policy.c:643 +#: plugins/sudoers/policy.c:693 #, c-format msgid "invalid working directory: %s" -msgstr "잘못된 작업 디렉터리: %s" +msgstr "부적절한 작업 디렉터리: %s" -#: plugins/sudoers/policy.c:811 +#: plugins/sudoers/policy.c:869 #, c-format msgid "invalid chroot directory: %s" -msgstr "잘못된 루트 변경 디렉터리: %s" +msgstr "부적절한 루트 변경 디렉터리: %s" -#: plugins/sudoers/policy.c:947 plugins/sudoers/visudo.c:231 -#: plugins/sudoers/visudo.c:860 +#: plugins/sudoers/policy.c:1051 plugins/sudoers/visudo.c:243 +#: plugins/sudoers/visudo.c:880 #, c-format msgid "unable to execute %s" msgstr "%s을(를) 실행할 수 없습니다" -#: plugins/sudoers/policy.c:1111 +#: plugins/sudoers/policy.c:1121 plugins/sudoers/policy.c:1158 +#: plugins/sudoers/policy.c:1180 plugins/sudoers/policy.c:1206 +#, c-format +msgid "%s: invalid mode flags from sudo front end: 0x%x" +msgstr "%s: sudo 프론트엔드의 상태 플래그가 잘못되었습니다: 0x%x" + +#: plugins/sudoers/policy.c:1237 #, c-format msgid "Sudoers policy plugin version %s\n" msgstr "Sudoers 정책 플러그인 버전 %s\n" -#: plugins/sudoers/policy.c:1113 +#: plugins/sudoers/policy.c:1239 #, c-format msgid "Sudoers file grammar version %d\n" msgstr "Sudoers 파일 문법 버전 %d\n" -#: plugins/sudoers/policy.c:1117 +#: plugins/sudoers/policy.c:1243 #, c-format msgid "" "\n" @@ -2378,132 +3004,137 @@ "\n" "Sudoers 경로: %s\n" -#: plugins/sudoers/policy.c:1120 +#: plugins/sudoers/policy.c:1246 #, c-format msgid "nsswitch path: %s\n" msgstr "nsswitch 경로: %s\n" -#: plugins/sudoers/policy.c:1122 +#: plugins/sudoers/policy.c:1248 #, c-format msgid "ldap.conf path: %s\n" msgstr "ldap.conf 경로: %s\n" -#: plugins/sudoers/policy.c:1123 +#: plugins/sudoers/policy.c:1249 #, c-format msgid "ldap.secret path: %s\n" msgstr "ldap.secret 경로: %s\n" -#: plugins/sudoers/policy.c:1156 +#: plugins/sudoers/policy.c:1282 #, c-format msgid "unable to register hook of type %d (version %d.%d)" msgstr "%d 형식의 후크를 등록할 수 없습니다(버전 %d.%d)" -#: plugins/sudoers/pwutil.c:217 plugins/sudoers/pwutil.c:235 +#: plugins/sudoers/policy.c:1300 +#, c-format +msgid "unable to deregister hook of type %d (version %d.%d)" +msgstr "%d 형식의 후크 등록을 해제할 수 없습니다(버전 %d.%d)" + +#: plugins/sudoers/pwutil.c:222 plugins/sudoers/pwutil.c:240 #, c-format msgid "unable to cache uid %u" msgstr "%u uid를 캐시에 적재할 수 없습니다" -#: plugins/sudoers/pwutil.c:229 +#: plugins/sudoers/pwutil.c:234 #, c-format msgid "unable to cache uid %u, already exists" msgstr "%u uid를 캐시에 적재할 수 없습니다. 이미 존재합니다." -#: plugins/sudoers/pwutil.c:289 plugins/sudoers/pwutil.c:307 -#: plugins/sudoers/pwutil.c:370 plugins/sudoers/pwutil.c:415 +#: plugins/sudoers/pwutil.c:294 plugins/sudoers/pwutil.c:312 +#: plugins/sudoers/pwutil.c:375 plugins/sudoers/pwutil.c:420 #, c-format msgid "unable to cache user %s" msgstr "%s 사용자를 캐시에 적재할 수 없습니다" -#: plugins/sudoers/pwutil.c:302 +#: plugins/sudoers/pwutil.c:307 #, c-format msgid "unable to cache user %s, already exists" msgstr "%s 사용자를 캐시에 적재할 수 없습니다. 이미 존재합니다." -#: plugins/sudoers/pwutil.c:534 plugins/sudoers/pwutil.c:552 +#: plugins/sudoers/pwutil.c:539 plugins/sudoers/pwutil.c:557 #, c-format msgid "unable to cache gid %u" msgstr "%u GID를 캐시에 적재할 수 없습니다" -#: plugins/sudoers/pwutil.c:546 +#: plugins/sudoers/pwutil.c:551 #, c-format msgid "unable to cache gid %u, already exists" msgstr "%u gid를 캐시에 적재할 수 없습니다. 이미 존재합니다." -#: plugins/sudoers/pwutil.c:599 plugins/sudoers/pwutil.c:617 -#: plugins/sudoers/pwutil.c:665 plugins/sudoers/pwutil.c:707 +#: plugins/sudoers/pwutil.c:605 plugins/sudoers/pwutil.c:623 +#: plugins/sudoers/pwutil.c:684 plugins/sudoers/pwutil.c:733 #, c-format msgid "unable to cache group %s" msgstr "%s 그룹을 캐시에 적재할 수 없습니다" -#: plugins/sudoers/pwutil.c:612 +#: plugins/sudoers/pwutil.c:618 #, c-format msgid "unable to cache group %s, already exists" msgstr "%s 그룹을 캐시에 적재할 수 없습니다. 이미 존재합니다." -#: plugins/sudoers/pwutil.c:834 plugins/sudoers/pwutil.c:885 -#: plugins/sudoers/pwutil.c:935 plugins/sudoers/pwutil.c:987 +#: plugins/sudoers/pwutil.c:880 plugins/sudoers/pwutil.c:931 +#: plugins/sudoers/pwutil.c:981 plugins/sudoers/pwutil.c:1033 #, c-format msgid "unable to cache group list for %s, already exists" msgstr "%s 그룹 목록을 캐시에 적재할 수 없습니다. 이미 존재합니다." -#: plugins/sudoers/pwutil.c:840 plugins/sudoers/pwutil.c:890 -#: plugins/sudoers/pwutil.c:941 plugins/sudoers/pwutil.c:992 +#: plugins/sudoers/pwutil.c:886 plugins/sudoers/pwutil.c:936 +#: plugins/sudoers/pwutil.c:987 plugins/sudoers/pwutil.c:1038 #, c-format msgid "unable to cache group list for %s" msgstr "%s 그룹 목록을 캐시에 적재할 수 없습니다" -#: plugins/sudoers/pwutil.c:879 +#: plugins/sudoers/pwutil.c:925 #, c-format msgid "unable to parse groups for %s" msgstr "%s 그룹을 해석할 수 없습니다" -#: plugins/sudoers/pwutil.c:981 +#: plugins/sudoers/pwutil.c:1027 #, c-format msgid "unable to parse gids for %s" msgstr "%s 그룹 ID를 해석할 수 없습니다" -#: plugins/sudoers/set_perms.c:114 plugins/sudoers/set_perms.c:441 -#: plugins/sudoers/set_perms.c:844 plugins/sudoers/set_perms.c:1150 -#: plugins/sudoers/set_perms.c:1444 +#: plugins/sudoers/set_perms.c:114 plugins/sudoers/set_perms.c:445 +#: plugins/sudoers/set_perms.c:852 plugins/sudoers/set_perms.c:1162 +#: plugins/sudoers/set_perms.c:1460 msgid "perm stack overflow" msgstr "perm 스택 오버플로우" -#: plugins/sudoers/set_perms.c:122 plugins/sudoers/set_perms.c:372 -#: plugins/sudoers/set_perms.c:449 plugins/sudoers/set_perms.c:711 -#: plugins/sudoers/set_perms.c:852 plugins/sudoers/set_perms.c:1074 -#: plugins/sudoers/set_perms.c:1158 plugins/sudoers/set_perms.c:1377 -#: plugins/sudoers/set_perms.c:1452 plugins/sudoers/set_perms.c:1542 +#: plugins/sudoers/set_perms.c:125 plugins/sudoers/set_perms.c:376 +#: plugins/sudoers/set_perms.c:456 plugins/sudoers/set_perms.c:719 +#: plugins/sudoers/set_perms.c:863 plugins/sudoers/set_perms.c:1086 +#: plugins/sudoers/set_perms.c:1173 plugins/sudoers/set_perms.c:1393 +#: plugins/sudoers/set_perms.c:1471 plugins/sudoers/set_perms.c:1562 msgid "perm stack underflow" msgstr "parm 스택 언더플로우" -#: plugins/sudoers/set_perms.c:181 plugins/sudoers/set_perms.c:495 -#: plugins/sudoers/set_perms.c:1211 plugins/sudoers/set_perms.c:1485 +#: plugins/sudoers/set_perms.c:185 plugins/sudoers/set_perms.c:503 +#: plugins/sudoers/set_perms.c:1227 plugins/sudoers/set_perms.c:1505 msgid "unable to change to root gid" msgstr "루트 gid로 바꿀 수 없습니다" -#: plugins/sudoers/set_perms.c:272 plugins/sudoers/set_perms.c:592 -#: plugins/sudoers/set_perms.c:983 plugins/sudoers/set_perms.c:1288 +#: plugins/sudoers/set_perms.c:276 plugins/sudoers/set_perms.c:600 +#: plugins/sudoers/set_perms.c:995 plugins/sudoers/set_perms.c:1304 msgid "unable to change to runas gid" msgstr "실행 gid로 바꿀 수 없습니다" -#: plugins/sudoers/set_perms.c:277 plugins/sudoers/set_perms.c:597 -#: plugins/sudoers/set_perms.c:988 plugins/sudoers/set_perms.c:1293 +#: plugins/sudoers/set_perms.c:281 plugins/sudoers/set_perms.c:605 +#: plugins/sudoers/set_perms.c:1000 plugins/sudoers/set_perms.c:1309 msgid "unable to set runas group vector" msgstr "실행 그룹 벡터를 설정할 수 없습니다" -#: plugins/sudoers/set_perms.c:288 plugins/sudoers/set_perms.c:608 -#: plugins/sudoers/set_perms.c:997 plugins/sudoers/set_perms.c:1302 +#: plugins/sudoers/set_perms.c:292 plugins/sudoers/set_perms.c:616 +#: plugins/sudoers/set_perms.c:1009 plugins/sudoers/set_perms.c:1318 msgid "unable to change to runas uid" msgstr "실행 uid로 바꿀 수 없습니다" -#: plugins/sudoers/set_perms.c:306 plugins/sudoers/set_perms.c:626 -#: plugins/sudoers/set_perms.c:1013 plugins/sudoers/set_perms.c:1318 +#: plugins/sudoers/set_perms.c:310 plugins/sudoers/set_perms.c:634 +#: plugins/sudoers/set_perms.c:1025 plugins/sudoers/set_perms.c:1334 msgid "unable to change to sudoers gid" msgstr "sudoers gid로 바꿀 수 없습니다" -#: plugins/sudoers/set_perms.c:359 plugins/sudoers/set_perms.c:698 -#: plugins/sudoers/set_perms.c:1061 plugins/sudoers/set_perms.c:1364 -#: plugins/sudoers/set_perms.c:1529 +#: plugins/sudoers/set_perms.c:363 plugins/sudoers/set_perms.c:706 +#: plugins/sudoers/set_perms.c:1073 plugins/sudoers/set_perms.c:1380 +#: plugins/sudoers/set_perms.c:1549 msgid "too many processes" msgstr "동작 중인 프로세스가 너무 많습니다" @@ -2521,259 +3152,273 @@ msgid "truncated audit path argv[0]: %s" msgstr "argv[0] 감사 경로가 잘렸습니다: %s" -#: plugins/sudoers/sssd.c:572 +#: plugins/sudoers/sssd.c:569 msgid "unable to initialize SSS source. Is SSSD installed on your machine?" msgstr "SSS 소스를 초기화할 수 없습니다. 머신에 SSSD를 설치했습니까?" -#: plugins/sudoers/sssd.c:580 plugins/sudoers/sssd.c:589 -#: plugins/sudoers/sssd.c:598 plugins/sudoers/sssd.c:607 -#: plugins/sudoers/sssd.c:616 +#: plugins/sudoers/sssd.c:577 plugins/sudoers/sssd.c:586 +#: plugins/sudoers/sssd.c:595 plugins/sudoers/sssd.c:604 +#: plugins/sudoers/sssd.c:613 #, c-format msgid "unable to find symbol \"%s\" in %s" msgstr "%2$s에서 \"%1$s\" 심볼을 찾을 수 없습니다" -#: plugins/sudoers/sudoers.c:214 plugins/sudoers/sudoers.c:1010 +#: plugins/sudoers/sudoers.c:166 plugins/sudoers/sudoers.c:174 +#: plugins/sudoers/sudoers.c:228 plugins/sudoers/sudoers.c:249 +#: plugins/sudoers/sudoers.c:1049 msgid "problem with defaults entries" msgstr "기본 항목에 문제 발생" -#: plugins/sudoers/sudoers.c:218 +#: plugins/sudoers/sudoers.c:253 msgid "no valid sudoers sources found, quitting" msgstr "올바른 sudoers 설정 원본이 없습니다. 나갑니다." -#: plugins/sudoers/sudoers.c:292 +#: plugins/sudoers/sudoers.c:327 #, c-format msgid "user not allowed to change root directory to %s" -msgstr "%s 를 루트 디렉터리로 변환하도록 허용하지 않습니다" +msgstr "%s을(를) 루트 디렉터리로 변환하도록 허용하지 않습니다" -#: plugins/sudoers/sudoers.c:294 +#: plugins/sudoers/sudoers.c:329 #, c-format msgid "you are not permitted to use the -R option with %s" msgstr "-R 옵션과 %s 옵션의 병행 사용을 허가받지 않았습니다" -#: plugins/sudoers/sudoers.c:319 +#: plugins/sudoers/sudoers.c:354 #, c-format msgid "user not allowed to change directory to %s" -msgstr "%s 디렉터리로의 변경을 허용하지 않습니다" +msgstr "%s 디렉터리로의 이동을 허용하지 않습니다" -#: plugins/sudoers/sudoers.c:320 +#: plugins/sudoers/sudoers.c:355 #, c-format msgid "you are not permitted to use the -D option with %s" msgstr "-D 옵션과 %s 옵션의 병행 사용을 허가받지 않았습니다" -#: plugins/sudoers/sudoers.c:351 +#: plugins/sudoers/sudoers.c:382 +msgid "no command specified" +msgstr "지정한 명령이 없음" + +#: plugins/sudoers/sudoers.c:407 msgid "sudoers specifies that root is not allowed to sudo" msgstr "sudoers에서 root가 sudo를 실행하지 못하게 지정했습니다" -#: plugins/sudoers/sudoers.c:411 +#: plugins/sudoers/sudoers.c:457 msgid "user not allowed to override closefrom limit" msgstr "사용자가 closefrom 제한 값을 따로 적용하도록 허용하지 않았습니다" -#: plugins/sudoers/sudoers.c:412 +#: plugins/sudoers/sudoers.c:458 msgid "you are not permitted to use the -C option" msgstr "-C 옵션 사용을 허가받지 않았습니다" -#: plugins/sudoers/sudoers.c:472 +#: plugins/sudoers/sudoers.c:518 #, c-format msgid "timestamp owner (%s): No such user" msgstr "타임스탬프 소유자(%s): 사용자 없음" -#: plugins/sudoers/sudoers.c:487 +#: plugins/sudoers/sudoers.c:533 msgid "no tty" msgstr "tty 없음" -#: plugins/sudoers/sudoers.c:488 +#: plugins/sudoers/sudoers.c:534 msgid "sorry, you must have a tty to run sudo" msgstr "죄송하지만 sudo를 실행하려면 tty를 확보해야합니다" -#: plugins/sudoers/sudoers.c:495 +#: plugins/sudoers/sudoers.c:541 #, c-format msgid "invalid shell for user %s: %s" -msgstr "%s 사용자에게 잘못된 셸 제공: %s" +msgstr "%s 사용자에게 부적절한 셸 제공: %s" -#: plugins/sudoers/sudoers.c:578 +#: plugins/sudoers/sudoers.c:624 msgid "command in current directory" msgstr "현재 디렉터리의 명령" -#: plugins/sudoers/sudoers.c:597 +#: plugins/sudoers/sudoers.c:639 +msgid "\"cd\" is a shell built-in command, it cannot be run directly." +msgstr "\"cd\"는 셸 내장 명령으로, 직접 실행할 수 없습니다." + +#: plugins/sudoers/sudoers.c:641 +msgid "the -s option may be used to run a privileged shell." +msgstr "-s 옵션은 별도 권한을 부여한 셸에서 실행할 때 사용합니다." + +#: plugins/sudoers/sudoers.c:643 +msgid "the -D option may be used to run a command in a specific directory." +msgstr "-D 옵션은 지정 디렉터리에서 명령을 실행할 때 사용합니다." + +#: plugins/sudoers/sudoers.c:652 msgid "user not allowed to set a command timeout" msgstr "사용자가 명령 처리 제한 시간을 설정하도록 허용하지 않았습니다" -#: plugins/sudoers/sudoers.c:599 +#: plugins/sudoers/sudoers.c:654 msgid "sorry, you are not allowed set a command timeout" msgstr "죄송하지만, 명령 처리 제한 시간을 설정할 수 없습니다" -#: plugins/sudoers/sudoers.c:607 +#: plugins/sudoers/sudoers.c:662 msgid "user not allowed to preserve the environment" msgstr "사용자가 환경 설정 값을 유지하도록 허용하지 않았습니다" -#: plugins/sudoers/sudoers.c:609 +#: plugins/sudoers/sudoers.c:664 msgid "sorry, you are not allowed to preserve the environment" msgstr "죄송하지만 이 환경 상태를 유지하도록 허가받지 않았습니다" -#: plugins/sudoers/sudoers.c:945 -msgid "command too long" -msgstr "명령이 너무 깁니다" - -#: plugins/sudoers/sudoers.c:1003 +#: plugins/sudoers/sudoers.c:1037 msgid "sudoedit doesn't need to be run via sudo" msgstr "sudoedit는 sudo로 실행할 필요가 없습니다" -#: plugins/sudoers/sudoers.c:1057 plugins/sudoers/sudoreplay.c:1547 +#: plugins/sudoers/sudoers.c:1096 plugins/sudoers/sudoreplay.c:1578 #: plugins/sudoers/tsdump.c:138 #, c-format msgid "unable to read %s" msgstr "%s을(를) 읽을 수 없습니다" -#: plugins/sudoers/sudoers.c:1082 plugins/sudoers/visudo.c:432 -#: plugins/sudoers/visudo.c:726 +#: plugins/sudoers/sudoers.c:1121 plugins/sudoers/visudo.c:449 +#: plugins/sudoers/visudo.c:748 #, c-format msgid "unable to stat %s" msgstr "%s의 상태를 가져올 수 없습니다" -#: plugins/sudoers/sudoers.c:1086 plugins/sudoers/visudo.c:1018 +#: plugins/sudoers/sudoers.c:1125 plugins/sudoers/visudo.c:1045 #, c-format msgid "%s is not a regular file" msgstr "%s은(는) 일반 파일이 아닙니다" -#: plugins/sudoers/sudoers.c:1090 plugins/sudoers/timestamp.c:252 toke.l:1112 +#: plugins/sudoers/sudoers.c:1129 plugins/sudoers/timestamp.c:252 toke.l:1168 #, c-format msgid "%s is owned by uid %u, should be %u" msgstr "%s은(는) %u uid가 소유했지만, %u uid가 소유해야합니다" -#: plugins/sudoers/sudoers.c:1094 toke.l:1117 +#: plugins/sudoers/sudoers.c:1133 toke.l:1173 #, c-format msgid "%s is world writable" msgstr "%s에 모두가 기록할 수 있습니다" -#: plugins/sudoers/sudoers.c:1098 toke.l:1120 +#: plugins/sudoers/sudoers.c:1137 toke.l:1176 #, c-format msgid "%s is owned by gid %u, should be %u" msgstr "%s은(는) %u gid가 소유했지만, %u gid가 소유해야합니다" -#: plugins/sudoers/sudoers.c:1131 +#: plugins/sudoers/sudoers.c:1170 #, c-format msgid "only root can use \"-c %s\"" msgstr "루트만 \"-c %s\" 옵션을 사용할 수 있습니다" -#: plugins/sudoers/sudoers.c:1150 +#: plugins/sudoers/sudoers.c:1189 #, c-format -msgid "unknown login class: %s" -msgstr "알 수 없는 로그인 클래스: %s" +msgid "unknown login class %s" +msgstr "알 수 없는 로그인 클래스 %s" -#: plugins/sudoers/sudoers.c:1235 plugins/sudoers/sudoers.c:1250 +#: plugins/sudoers/sudoers.c:1275 plugins/sudoers/sudoers.c:1290 #, c-format msgid "unable to resolve host %s" msgstr "%s 호스트를 해석할 수 없습니다" -#: plugins/sudoers/sudoreplay.c:257 +#: plugins/sudoers/sudoreplay.c:259 #, c-format msgid "invalid filter option: %s" -msgstr "잘못된 필터 옵션: %s" +msgstr "부적절한 필터 옵션: %s" -#: plugins/sudoers/sudoreplay.c:273 +#: plugins/sudoers/sudoreplay.c:275 #, c-format msgid "invalid max wait: %s" -msgstr "잘못된 최대 대기 시간 값: %s" +msgstr "부적절한 최대 대기 시간 값: %s" -#: plugins/sudoers/sudoreplay.c:296 +#: plugins/sudoers/sudoreplay.c:298 #, c-format msgid "invalid speed factor: %s" -msgstr "잘못된 속도 인수: %s" +msgstr "부적절한 속도 인수: %s" + +#: plugins/sudoers/sudoreplay.c:333 +#, c-format +msgid "invalid time offset %s" +msgstr "부적절한 시간 오프셋 %s" -#: plugins/sudoers/sudoreplay.c:332 +#: plugins/sudoers/sudoreplay.c:342 #, c-format msgid "%s/%.2s/%.2s/%.2s: %s" msgstr "%s/%.2s/%.2s/%.2s: %s" -#: plugins/sudoers/sudoreplay.c:337 +#: plugins/sudoers/sudoreplay.c:347 #, c-format msgid "%s/timing: %s" msgstr "%s/timing: %s" -#: plugins/sudoers/sudoreplay.c:341 -#, c-format -msgid "%s/%s: %s" -msgstr "%s/%s: %s" - -#: plugins/sudoers/sudoreplay.c:365 +#: plugins/sudoers/sudoreplay.c:375 #, c-format msgid "Replaying sudo session: %s" msgstr "sudo 세션 재현 중: %s" -#: plugins/sudoers/sudoreplay.c:627 +#: plugins/sudoers/sudoreplay.c:637 msgid "unable to set tty to raw mode" msgstr "RAW 모드로 tty를 설정할 수 없습니다" -#: plugins/sudoers/sudoreplay.c:678 +#: plugins/sudoers/sudoreplay.c:688 msgid "Warning: your terminal is too small to properly replay the log.\n" msgstr "경고: 터미널 화면이 로그를 올바르게 나타내기에 너무 작습니다.\n" -#: plugins/sudoers/sudoreplay.c:679 +#: plugins/sudoers/sudoreplay.c:689 #, c-format msgid "Log geometry is %d x %d, your terminal's geometry is %d x %d." msgstr "로그 화면 크기는 %d x %d 이지만, 터미널 화면 크기는 %d x %d 입니다." -#: plugins/sudoers/sudoreplay.c:707 +#: plugins/sudoers/sudoreplay.c:717 msgid "Replay finished, press any key to restore the terminal." msgstr "재현에 끝났습니다. 터미널을 복원하려면 아무 키나 누르십시오." -#: plugins/sudoers/sudoreplay.c:1197 plugins/sudoers/sudoreplay.c:1227 +#: plugins/sudoers/sudoreplay.c:1218 plugins/sudoers/sudoreplay.c:1248 #, c-format msgid "ambiguous expression \"%s\"" msgstr "모호한 식 \"%s\"" -#: plugins/sudoers/sudoreplay.c:1249 +#: plugins/sudoers/sudoreplay.c:1270 msgid "unmatched ')' in expression" msgstr "수식에 일치하지 않는 ')'" -#: plugins/sudoers/sudoreplay.c:1253 +#: plugins/sudoers/sudoreplay.c:1274 #, c-format msgid "unknown search term \"%s\"" msgstr "알 수 없는 검색어 \"%s\"" -#: plugins/sudoers/sudoreplay.c:1268 +#: plugins/sudoers/sudoreplay.c:1289 #, c-format msgid "%s requires an argument" msgstr "%s에 인자가 필요합니다" -#: plugins/sudoers/sudoreplay.c:1271 plugins/sudoers/sudoreplay.c:1523 +#: plugins/sudoers/sudoreplay.c:1292 plugins/sudoers/sudoreplay.c:1554 #, c-format msgid "invalid regular expression: %s" -msgstr "잘못된 정규 표현식: %s" +msgstr "부적절한 정규 표현식: %s" -#: plugins/sudoers/sudoreplay.c:1276 +#: plugins/sudoers/sudoreplay.c:1297 #, c-format msgid "could not parse date \"%s\"" msgstr "\"%s\" 날짜를 해석할 수 없습니다" -#: plugins/sudoers/sudoreplay.c:1285 +#: plugins/sudoers/sudoreplay.c:1306 msgid "unmatched '(' in expression" msgstr "수식에 일치하지 않는 '('" -#: plugins/sudoers/sudoreplay.c:1287 +#: plugins/sudoers/sudoreplay.c:1308 msgid "illegal trailing \"or\"" msgstr "잘못된 후위 연산자 \"or\"" -#: plugins/sudoers/sudoreplay.c:1289 +#: plugins/sudoers/sudoreplay.c:1310 msgid "illegal trailing \"!\"" msgstr "잘못된 후위 문자 \"!\"" -#: plugins/sudoers/sudoreplay.c:1347 +#: plugins/sudoers/sudoreplay.c:1368 #, c-format msgid "unknown search type %d" msgstr "알 수 없는 검색 형식 %d" -#: plugins/sudoers/sudoreplay.c:1614 +#: plugins/sudoers/sudoreplay.c:1645 #, c-format msgid "usage: %s [-hnRS] [-d dir] [-m num] [-s num] ID\n" msgstr "사용법: %s [-hnRS] [-d <디렉터리>] [-m <숫자>] [-s <숫자>] \n" -#: plugins/sudoers/sudoreplay.c:1617 +#: plugins/sudoers/sudoreplay.c:1648 #, c-format msgid "usage: %s [-h] [-d dir] -l [search expression]\n" msgstr "사용법: %s [-h] [-d <디렉터리>] -l [<검색식>]\n" -#: plugins/sudoers/sudoreplay.c:1626 +#: plugins/sudoers/sudoreplay.c:1657 #, c-format msgid "" "%s - replay sudo session logs\n" @@ -2782,7 +3427,7 @@ "%s - sudo 세션 로그를 보여줍니다\n" "\n" -#: plugins/sudoers/sudoreplay.c:1628 +#: plugins/sudoers/sudoreplay.c:1659 msgid "" "\n" "Options:\n" @@ -2810,11 +3455,11 @@ " -s, --speed=<숫자> 출력 속도를 올리거나 내립니다\n" " -V, --version 버전 정보를 나타낸 후 빠져나갑니다" -#: plugins/sudoers/testsudoers.c:348 +#: plugins/sudoers/testsudoers.c:344 msgid "\thost unmatched" msgstr "\t호스트가 일치하지 않습니다" -#: plugins/sudoers/testsudoers.c:351 +#: plugins/sudoers/testsudoers.c:347 msgid "" "\n" "Command allowed" @@ -2822,7 +3467,7 @@ "\n" "명령 허용함" -#: plugins/sudoers/testsudoers.c:352 +#: plugins/sudoers/testsudoers.c:348 msgid "" "\n" "Command denied" @@ -2830,7 +3475,7 @@ "\n" "명령 거부함" -#: plugins/sudoers/testsudoers.c:352 +#: plugins/sudoers/testsudoers.c:348 msgid "" "\n" "Command unmatched" @@ -2843,121 +3488,127 @@ msgid "%s is group writable" msgstr "%s은(는) 그룹이 기록할 수 있습니다" -#: plugins/sudoers/timestamp.c:336 plugins/sudoers/timestamp.c:680 +#: plugins/sudoers/timestamp.c:328 plugins/sudoers/timestamp.c:663 #, c-format msgid "unable to truncate time stamp file to %lld bytes" msgstr "타임스탬프 파일을 %lld 바이트로 자를 수 없습니다" -#: plugins/sudoers/timestamp.c:866 +#: plugins/sudoers/timestamp.c:860 msgid "ignoring time stamp from the future" msgstr "미래 타임스탬프 값 무시" -#: plugins/sudoers/timestamp.c:889 +#: plugins/sudoers/timestamp.c:883 #, c-format msgid "time stamp too far in the future: %20.20s" msgstr "타임스탬프 값이 미래 값으로 너무 밀려있습니다: %20.20s" -#: plugins/sudoers/timestamp.c:1011 +#: plugins/sudoers/timestamp.c:1005 #, c-format msgid "unable to lock time stamp file %s" msgstr "%s 타임스탬프 파일을 잠글 수 없습니다" -#: plugins/sudoers/timestamp.c:1055 plugins/sudoers/timestamp.c:1075 +#: plugins/sudoers/timestamp.c:1049 plugins/sudoers/timestamp.c:1069 #, c-format msgid "lecture status path too long: %s/%s" msgstr "지침 상태 경로가 너무 깁니다: %s/%s" -#: plugins/sudoers/toke_util.c:124 +#: plugins/sudoers/toke_util.c:150 msgid "sudoedit should not be specified with a path" msgstr "sudoedit에 경로를 지정하면 안됩니다" -#: plugins/sudoers/visudo.c:226 +#: plugins/sudoers/visudo.c:238 msgid "the -x option will be removed in a future release" msgstr "-x 옵션은 추후 릴리스에서 제거 예정입니다" -#: plugins/sudoers/visudo.c:228 +#: plugins/sudoers/visudo.c:240 msgid "please consider using the cvtsudoers utility instead" msgstr "cvtsudoers 유틸리티를 대신 사용해보십시오" -#: plugins/sudoers/visudo.c:279 plugins/sudoers/visudo.c:659 +#: plugins/sudoers/visudo.c:292 plugins/sudoers/visudo.c:676 #, c-format msgid "press return to edit %s: " -msgstr "%s을(를) 편집하려면 return 키를 누르십시오:" +msgstr "%s 항목을 편집하려면 return 키를 누르십시오: " + +#: plugins/sudoers/visudo.c:307 +#, c-format +msgid "contents of edit session left in %s" +msgstr "%s에 편집 세션 내용이 남았습니다" -#: plugins/sudoers/visudo.c:340 +#: plugins/sudoers/visudo.c:361 #, c-format msgid "specified editor (%s) doesn't exist" msgstr "지정 편집기(%s)가 없습니다" -#: plugins/sudoers/visudo.c:342 +#: plugins/sudoers/visudo.c:363 #, c-format msgid "no editor found (editor path = %s)" msgstr "편집기가 없습니다(편집기 경로 = %s)" -#: plugins/sudoers/visudo.c:452 plugins/sudoers/visudo.c:460 +#: plugins/sudoers/visudo.c:469 plugins/sudoers/visudo.c:477 msgid "write error" msgstr "쓰기 오류" -#: plugins/sudoers/visudo.c:506 +#: plugins/sudoers/visudo.c:523 #, c-format msgid "unable to stat temporary file (%s), %s unchanged" msgstr "임시 파일 상태를 가져올 수 없습니다(%s). %s을(를) 바꾸지 않았습니다" -#: plugins/sudoers/visudo.c:513 +#: plugins/sudoers/visudo.c:530 #, c-format msgid "zero length temporary file (%s), %s unchanged" msgstr "임시 파일 길이가 0입니다(%s). %s을(를) 바꾸지 않았습니다" -#: plugins/sudoers/visudo.c:519 +#: plugins/sudoers/visudo.c:536 #, c-format msgid "editor (%s) failed, %s unchanged" msgstr "편집기(%s) 실패. %s을(를) 바꾸지 않았습니다" -#: plugins/sudoers/visudo.c:541 +#: plugins/sudoers/visudo.c:558 #, c-format msgid "%s unchanged" msgstr "%s 바꾸지 않음" -#: plugins/sudoers/visudo.c:598 +#: plugins/sudoers/visudo.c:615 #, c-format msgid "unable to re-open temporary file (%s), %s unchanged." msgstr "임시 파일(%s)을 다시 열 수 없습니다. %s을(를) 바꾸지 않았습니다." -#: plugins/sudoers/visudo.c:610 +#: plugins/sudoers/visudo.c:627 #, c-format msgid "unable to parse temporary file (%s), unknown error" msgstr "임시 파일(%s)을 해석할 수 없습니다. 알 수 없는 오류" -#: plugins/sudoers/visudo.c:648 +#: plugins/sudoers/visudo.c:665 #, c-format msgid "internal error, unable to find %s in list!" msgstr "내부 오류. %s을(를) 목록에서 찾을 수 없습니다!" -#: plugins/sudoers/visudo.c:728 plugins/sudoers/visudo.c:737 +#: plugins/sudoers/visudo.c:722 plugins/sudoers/visudo.c:752 +#: plugins/sudoers/visudo.c:759 #, c-format msgid "unable to set (uid, gid) of %s to (%u, %u)" msgstr "%s의 uid/gid를 %u/%u 값으로 설정할 수 없습니다" -#: plugins/sudoers/visudo.c:760 +#: plugins/sudoers/visudo.c:787 #, c-format msgid "%s and %s not on the same file system, using mv to rename" msgstr "%s 및 %s은(는) 동일한 파일 시스템에 없습니다. mv 명령으로 이름을 바꿉니다" -#: plugins/sudoers/visudo.c:774 +#: plugins/sudoers/visudo.c:798 #, c-format msgid "command failed: '%s %s %s', %s unchanged" msgstr "명령 실행 실패: '%s %s %s', %s을(를) 바꾸지 않았습니다" -#: plugins/sudoers/visudo.c:784 +#: plugins/sudoers/visudo.c:805 #, c-format msgid "error renaming %s, %s unchanged" msgstr "%s 이름 바꾸기 오류. %s을(를) 바꾸지 않았습니다" -#: plugins/sudoers/visudo.c:805 +#: plugins/sudoers/visudo.c:825 msgid "What now? " msgstr "어떻게 하시겠습니까? " -#: plugins/sudoers/visudo.c:819 +#: plugins/sudoers/visudo.c:839 msgid "" "Options are:\n" " (e)dit sudoers file again\n" @@ -2969,66 +3620,41 @@ " sudoers 파일을 바꾼 상태에서 저장하지 않고 나갑니다(X)\n" " sudoers 파일을 바꾼 상태에서 저장하고 끝냅니다(Q)\n" -#: plugins/sudoers/visudo.c:865 +#: plugins/sudoers/visudo.c:885 #, c-format msgid "unable to run %s" msgstr "%s을(를) 실행할 수 없음" -#: plugins/sudoers/visudo.c:895 +#: plugins/sudoers/visudo.c:916 #, c-format msgid "%s: wrong owner (uid, gid) should be (%u, %u)\n" msgstr "%s: 잘못된 소유자 uid/gid를 %u/%u 값으로 설정해야 합니다\n" -#: plugins/sudoers/visudo.c:902 +#: plugins/sudoers/visudo.c:927 #, c-format msgid "%s: bad permissions, should be mode 0%o\n" msgstr "%s: 잘못된 권한입니다. 0%o 모드 값을 설정해야 합니다\n" -#: plugins/sudoers/visudo.c:951 plugins/sudoers/visudo.c:958 +#: plugins/sudoers/visudo.c:978 plugins/sudoers/visudo.c:985 #, c-format msgid "%s: parsed OK\n" msgstr "%s: 해석 성공\n" -#: plugins/sudoers/visudo.c:977 +#: plugins/sudoers/visudo.c:1004 #, c-format msgid "%s busy, try again later" msgstr "%s을(를) 사용중입니다. 나중에 다시 시도하십시오" -#: plugins/sudoers/visudo.c:980 -#, c-format -msgid "unable to lock %s" -msgstr "%s을(를) 잠글 수 없습니다" - -#: plugins/sudoers/visudo.c:981 +#: plugins/sudoers/visudo.c:1008 msgid "Edit anyway? [y/N]" msgstr "그래도 편집하시겠습니까? [y/N]" -#: plugins/sudoers/visudo.c:1091 -#, c-format -msgid "Error: %s:%d:%d: cycle in %s \"%s\"" -msgstr "오류: %4$s \"%5$s\"의 %1$s:%2$d:%3$d: 사이클" - -#: plugins/sudoers/visudo.c:1092 -#, c-format -msgid "Warning: %s:%d:%d: cycle in %s \"%s\"" -msgstr "경고: %4$s \"%5$s\"의 %1$s:%2$d:%3$d: 사이클" - -#: plugins/sudoers/visudo.c:1096 -#, c-format -msgid "Error: %s:%d:%d: %s \"%s\" referenced but not defined" -msgstr "오류: %s:%d:%d: %s \"%s\"을(를) 참조했지만 정의하지 않았습니다" - -#: plugins/sudoers/visudo.c:1097 -#, c-format -msgid "Warning: %s:%d:%d: %s \"%s\" referenced but not defined" -msgstr "경고: %s:%d:%d: %s \"%s\"을(를) 참조했지만 정의하지 않았습니다" - -#: plugins/sudoers/visudo.c:1188 +#: plugins/sudoers/visudo.c:1104 #, c-format msgid "Warning: %s:%d:%d: unused %s \"%s\"" msgstr "경고: %s:%d:%d 사용하지 않는 %s \"%s\"이(가) 있습니다" -#: plugins/sudoers/visudo.c:1303 +#: plugins/sudoers/visudo.c:1220 #, c-format msgid "" "%s - safely edit the sudoers file\n" @@ -3037,7 +3663,7 @@ "%s - sudoers 파일을 안전하게 편집합니다\n" "\n" -#: plugins/sudoers/visudo.c:1305 +#: plugins/sudoers/visudo.c:1222 msgid "" "\n" "Options:\n" @@ -3057,43 +3683,108 @@ " -s, --strict 엄격한 문법 검사 시행\n" " -V, --version 버전 정보를 나타낸 후 빠져나갑니다\n" -#: toke.l:179 +#: toke.l:187 msgid "empty string" msgstr "빈 문자열" -#: toke.l:189 toke.l:491 +#: toke.l:199 toke.l:513 msgid "empty group" msgstr "빈 그룹" -#: toke.l:197 toke.l:489 +#: toke.l:209 toke.l:511 msgid "empty netgroup" msgstr "빈 네트워크 그룹" -#: toke.l:293 toke.l:305 toke.l:317 toke.l:333 toke.l:352 toke.l:392 +#: toke.l:305 toke.l:317 toke.l:329 toke.l:345 toke.l:364 toke.l:404 msgid "invalid line continuation" -msgstr "잘못된 행 연속 문자" +msgstr "부적절한 연속 문자" -#: toke.l:528 toke.l:540 +#: toke.l:550 toke.l:562 msgid "invalid IPv6 address" -msgstr "잘못된 IPv6 주소" +msgstr "부적절한 IPv6 주소" -#: toke.l:764 +#: toke.l:789 msgid "unexpected line break in string" msgstr "예기치 않은 개행 문자 발견" -#: toke.l:1084 +#: toke.l:1139 msgid "too many levels of includes" msgstr "포함 레벨이 너무 많습니다" +#~ msgid "%s: write buffer already in use" +#~ msgstr "%s: 쓰기 버퍼를 이미 사용중입니다" + +#~ msgid "unable to read diffie-hellman parameters: %s" +#~ msgstr "디피-헬먼 매개변수를 읽을 수 없습니다: %s" + +#~ msgid "unknown defaults entry \"%s\"" +#~ msgstr "알 수 없는 \"%s\" 기본 항목" + +#~ msgid "%s:%d unknown key: %s" +#~ msgstr "%s:%d 알 수 없는 키: %s" + +#~ msgid "unable to get TLS server method: %s" +#~ msgstr "TLS 서버 처리 정보를 가져올 수 없습니다: %s" + +#~ msgid "%s:%u unable to parse \"%s\"" +#~ msgstr "%s:%u \"%s\"을(를) 해석할 수 없습니다" + +#~ msgid "" +#~ "\n" +#~ "Options:\n" +#~ " -f, --file path to configuration file\n" +#~ " -h --help display help message and exit\n" +#~ " -n, --no-fork do not fork, run in the foreground\n" +#~ " -R, --random-drop percent chance connections will drop\n" +#~ " -V, --version display version information and exit\n" +#~ msgstr "" +#~ "\n" +#~ "Options:\n" +#~ " -f, --file 설정 파일 경고\n" +#~ " -h --help 도움말 메시지를 나타낸 후 나갑니다\n" +#~ " -n, --no-fork 별도의 스레드를 만들지 않고, 전면에서 실행합니다\n" +#~ " -R, --random-drop 연결을 쳐낼 백분율\n" +#~ " -V, --version 버전 정보를 나타낸 후 나갑니다\n" + +#~ msgid "" +#~ "\n" +#~ "Options:\n" +#~ " --help display help message and exit\n" +#~ " -A, --accept only send an accept event (no I/O)\n" +#~ " -h, --host host to send logs to\n" +#~ " -i, --iolog_id remote ID of I/O log to be resumed\n" +#~ " -p, --port port to use when connecting to host\n" +#~ " -r, --restart restart previous I/O log transfer\n" +#~ " -R, --reject reject the command with the given reason\n" +#~ " -b, --ca-bundle certificate bundle file to verify server's cert against\n" +#~ " -c, --cert certificate file for TLS handshake\n" +#~ " -k, --key private key file\n" +#~ " -n, --no-verify do not verify server certificate\n" +#~ " -t, --test test audit server by sending selected I/O log n times in parallel\n" +#~ " -V, --version display version information and exit\n" +#~ msgstr "" +#~ "\n" +#~ "옵션:\n" +#~ " --help 도움말 메시지를 나타낸 후 나갑니다\n" +#~ " -A, --accept 수락 이벤트만 전송 (입출력 안 함)\n" +#~ " -h, --host 로그 전송 대상 호스트\n" +#~ " -i, --iolog_id 입출력 로그를 재개할 원격 ID\n" +#~ " -p, --port 호스트 연결시 사용할 포트 번호\n" +#~ " -r, --restart 이전 입출력 로그 전송 다시 시작\n" +#~ " -R, --reject 주어진 조건에 대해 명령 거절\n" +#~ " -b, --ca-bundle 서버 인증서 검증용 인증 번들 파일\n" +#~ " -c, --cert TLS 핸드셰이크용 인증서 파일\n" +#~ " -k, --key 개인 키 파일\n" +#~ " -n, --no-verify 서버 인증서를 검증하지 않음\n" +#~ " -t, --test 선택한 입출력 로그를 병렬로 n회 전송하여 감사 서버 테스트\n" +#~ " -V, --version 버전 정보를 나타 후 나갑니다\n" + #~ msgid "Preload the dummy exec functions contained in the sudo_noexec library" #~ msgstr "sudo_noexec 라이브러리에 있는 모조 exec 함수 미리 불러오기" #~ msgid "sudo_ldap_conf_add_ports: port too large" #~ msgstr "sudo_ldap_conf_add_ports: 포트 값이 너무 큽니다" -#~ msgid "unable to lock log file: %s" -#~ msgstr "로그 파일을 잠글 수 없습니다: %s" - #~ msgid "No user or host" #~ msgstr "사용자 또는 호스트 없음" @@ -3141,6 +3832,3 @@ #~ msgid "Warning: cycle in %s `%s'" #~ msgstr "경고: %s의 사이클 `%s'" - -#~ msgid "Warning: %s `%s' referenced but not defined" -#~ msgstr "경고: %s `%s'을(를) 참조했지만 정의하지 않았습니다" Binary files /tmp/tmpi0rdlgnl/ugezXHF7Xt/sudo-1.9.5p2/plugins/sudoers/po/pl.mo and /tmp/tmpi0rdlgnl/jboyaHmwzR/sudo-1.9.9/plugins/sudoers/po/pl.mo differ diff -Nru sudo-1.9.5p2/plugins/sudoers/po/pl.po sudo-1.9.9/plugins/sudoers/po/pl.po --- sudo-1.9.5p2/plugins/sudoers/po/pl.po 2020-12-17 01:33:44.000000000 +0000 +++ sudo-1.9.9/plugins/sudoers/po/pl.po 2022-01-27 21:24:22.000000000 +0000 @@ -1,13 +1,13 @@ # Polish translation for sudo/sudoers. # This file is put in the public domain. -# Jakub Bogusz , 2011-2020. +# Jakub Bogusz , 2011-2021. # msgid "" msgstr "" -"Project-Id-Version: sudoers 1.9.4b1\n" +"Project-Id-Version: sudoers 1.9.9b1\n" "Report-Msgid-Bugs-To: https://bugzilla.sudo.ws\n" -"POT-Creation-Date: 2020-11-14 06:24-0700\n" -"PO-Revision-Date: 2020-11-17 20:30+0100\n" +"POT-Creation-Date: 2021-12-08 10:19-0700\n" +"PO-Revision-Date: 2021-12-11 19:35+0100\n" "Last-Translator: Jakub Bogusz \n" "Language-Team: Polish \n" "Language: pl\n" @@ -17,7 +17,7 @@ "X-Bugs: Report translation errors to the Language-Team address.\n" "Plural-Forms: nplurals=3; plural=(n==1 ? 0 : n%10>=2 && n%10<=4 && (n%100<10 || n%100>=20) ? 1 : 2);\n" -#: confstr.sh:1 gram.y:1077 +#: confstr.sh:1 gram.y:1201 msgid "syntax error" msgstr "błąd składni" @@ -41,868 +41,1298 @@ msgid "Sorry, try again." msgstr "Niestety, proszę spróbować ponownie." -#: gram.y:220 gram.y:286 gram.y:293 gram.y:300 gram.y:307 gram.y:314 -#: gram.y:334 gram.y:358 gram.y:365 gram.y:372 gram.y:379 gram.y:386 -#: gram.y:455 gram.y:464 gram.y:475 gram.y:510 gram.y:517 gram.y:524 -#: gram.y:531 gram.y:558 gram.y:654 gram.y:661 gram.y:670 gram.y:679 -#: gram.y:696 gram.y:834 gram.y:841 gram.y:849 gram.y:855 gram.y:971 -#: gram.y:978 gram.y:985 gram.y:992 gram.y:999 gram.y:1025 gram.y:1032 -#: gram.y:1039 gram.y:1236 gram.y:1526 lib/eventlog/eventlog.c:280 -#: lib/eventlog/eventlog.c:352 lib/eventlog/eventlog.c:753 -#: lib/eventlog/eventlog.c:817 lib/eventlog/eventlog.c:1062 -#: lib/iolog/iolog_fileio.c:998 lib/iolog/iolog_json.c:120 -#: lib/iolog/iolog_json.c:305 lib/iolog/iolog_json.c:335 -#: lib/iolog/iolog_json.c:457 lib/iolog/iolog_util.c:106 -#: lib/iolog/iolog_util.c:115 lib/iolog/iolog_util.c:125 -#: lib/iolog/iolog_util.c:133 lib/iolog/iolog_util.c:137 -#: lib/iolog/iolog_util.c:196 logsrvd/sendlog.c:480 -#: plugins/sudoers/alias.c:126 plugins/sudoers/alias.c:134 -#: plugins/sudoers/alias.c:153 plugins/sudoers/audit.c:115 -#: plugins/sudoers/audit.c:210 plugins/sudoers/auth/bsdauth.c:143 -#: plugins/sudoers/auth/kerb5.c:118 plugins/sudoers/auth/kerb5.c:144 -#: plugins/sudoers/auth/pam.c:669 plugins/sudoers/auth/rfc1938.c:111 -#: plugins/sudoers/auth/sia.c:59 plugins/sudoers/cvtsudoers.c:119 -#: plugins/sudoers/cvtsudoers.c:160 plugins/sudoers/cvtsudoers.c:177 -#: plugins/sudoers/cvtsudoers.c:188 plugins/sudoers/cvtsudoers.c:300 -#: plugins/sudoers/cvtsudoers.c:428 plugins/sudoers/cvtsudoers.c:561 -#: plugins/sudoers/cvtsudoers.c:578 plugins/sudoers/cvtsudoers.c:641 -#: plugins/sudoers/cvtsudoers.c:756 plugins/sudoers/cvtsudoers.c:764 -#: plugins/sudoers/cvtsudoers.c:1178 plugins/sudoers/cvtsudoers.c:1182 -#: plugins/sudoers/cvtsudoers.c:1284 plugins/sudoers/cvtsudoers_json.c:76 +#: gram.y:233 gram.y:300 gram.y:309 gram.y:318 gram.y:328 gram.y:338 +#: gram.y:362 gram.y:389 gram.y:398 gram.y:406 gram.y:415 gram.y:424 +#: gram.y:498 gram.y:508 gram.y:520 gram.y:564 gram.y:573 gram.y:582 +#: gram.y:591 gram.y:718 gram.y:726 gram.y:737 gram.y:749 gram.y:768 +#: gram.y:923 gram.y:928 gram.y:936 gram.y:950 gram.y:956 gram.y:1078 +#: gram.y:1087 gram.y:1095 gram.y:1104 gram.y:1113 gram.y:1142 gram.y:1151 +#: gram.y:1159 gram.y:1249 gram.y:1377 gram.y:1744 gram.y:1794 +#: lib/eventlog/eventlog.c:309 lib/eventlog/eventlog.c:382 +#: lib/eventlog/eventlog.c:804 lib/eventlog/eventlog.c:881 +#: lib/eventlog/eventlog.c:1176 lib/iolog/iolog_json.c:150 +#: lib/iolog/iolog_json.c:382 lib/iolog/iolog_json.c:412 +#: lib/iolog/iolog_json.c:555 lib/iolog/iolog_legacy.c:100 +#: lib/iolog/iolog_legacy.c:111 lib/iolog/iolog_legacy.c:123 +#: lib/iolog/iolog_legacy.c:133 lib/iolog/iolog_legacy.c:139 +#: lib/iolog/iolog_loginfo.c:76 lib/iolog/iolog_loginfo.c:211 +#: logsrvd/iolog_writer.c:84 logsrvd/iolog_writer.c:89 +#: logsrvd/iolog_writer.c:123 logsrvd/iolog_writer.c:172 +#: logsrvd/iolog_writer.c:212 logsrvd/iolog_writer.c:225 +#: logsrvd/iolog_writer.c:261 logsrvd/iolog_writer.c:286 +#: logsrvd/iolog_writer.c:301 logsrvd/iolog_writer.c:314 +#: logsrvd/iolog_writer.c:327 logsrvd/iolog_writer.c:340 +#: logsrvd/iolog_writer.c:355 logsrvd/iolog_writer.c:393 +#: logsrvd/iolog_writer.c:399 logsrvd/iolog_writer.c:406 +#: logsrvd/iolog_writer.c:412 logsrvd/iolog_writer.c:596 +#: logsrvd/logsrv_util.c:64 logsrvd/logsrvd.c:296 logsrvd/logsrvd.c:305 +#: logsrvd/logsrvd.c:1011 logsrvd/logsrvd.c:1073 logsrvd/logsrvd_conf.c:1360 +#: logsrvd/logsrvd_journal.c:70 logsrvd/logsrvd_journal.c:203 +#: logsrvd/logsrvd_journal.c:204 logsrvd/logsrvd_journal.c:260 +#: logsrvd/logsrvd_journal.c:425 logsrvd/logsrvd_journal.c:427 +#: logsrvd/logsrvd_local.c:174 logsrvd/logsrvd_local.c:175 +#: logsrvd/logsrvd_local.c:237 logsrvd/logsrvd_local.c:238 +#: logsrvd/logsrvd_local.c:376 logsrvd/logsrvd_local.c:425 +#: logsrvd/logsrvd_local.c:426 logsrvd/logsrvd_local.c:431 +#: logsrvd/logsrvd_local.c:432 logsrvd/logsrvd_queue.c:154 +#: logsrvd/logsrvd_queue.c:184 logsrvd/logsrvd_queue.c:261 +#: logsrvd/logsrvd_relay.c:439 logsrvd/logsrvd_relay.c:738 +#: logsrvd/logsrvd_relay.c:843 logsrvd/sendlog.c:246 logsrvd/sendlog.c:255 +#: logsrvd/sendlog.c:333 logsrvd/sendlog.c:640 plugins/sudoers/audit.c:116 +#: plugins/sudoers/auth/bsdauth.c:147 plugins/sudoers/auth/kerb5.c:118 +#: plugins/sudoers/auth/kerb5.c:146 plugins/sudoers/auth/pam.c:689 +#: plugins/sudoers/auth/rfc1938.c:111 plugins/sudoers/auth/sia.c:59 +#: plugins/sudoers/check_aliases.c:134 plugins/sudoers/cvtsudoers.c:131 +#: plugins/sudoers/cvtsudoers.c:175 plugins/sudoers/cvtsudoers.c:192 +#: plugins/sudoers/cvtsudoers.c:203 plugins/sudoers/cvtsudoers.c:333 +#: plugins/sudoers/cvtsudoers.c:372 plugins/sudoers/cvtsudoers.c:392 +#: plugins/sudoers/cvtsudoers.c:534 plugins/sudoers/cvtsudoers.c:667 +#: plugins/sudoers/cvtsudoers.c:685 plugins/sudoers/cvtsudoers.c:755 +#: plugins/sudoers/cvtsudoers.c:870 plugins/sudoers/cvtsudoers.c:878 +#: plugins/sudoers/cvtsudoers.c:1373 plugins/sudoers/cvtsudoers.c:1377 +#: plugins/sudoers/cvtsudoers.c:1479 plugins/sudoers/cvtsudoers_csv.c:183 +#: plugins/sudoers/cvtsudoers_csv.c:246 plugins/sudoers/cvtsudoers_json.c:76 #: plugins/sudoers/cvtsudoers_ldif.c:151 plugins/sudoers/cvtsudoers_ldif.c:194 #: plugins/sudoers/cvtsudoers_ldif.c:235 plugins/sudoers/cvtsudoers_ldif.c:300 -#: plugins/sudoers/cvtsudoers_ldif.c:371 plugins/sudoers/cvtsudoers_ldif.c:421 -#: plugins/sudoers/cvtsudoers_ldif.c:429 plugins/sudoers/cvtsudoers_ldif.c:440 -#: plugins/sudoers/cvtsudoers_ldif.c:447 plugins/sudoers/cvtsudoers_ldif.c:460 -#: plugins/sudoers/cvtsudoers_ldif.c:468 plugins/sudoers/cvtsudoers_ldif.c:615 -#: plugins/sudoers/defaults.c:630 plugins/sudoers/defaults.c:923 -#: plugins/sudoers/defaults.c:1098 plugins/sudoers/editor.c:181 -#: plugins/sudoers/env.c:261 plugins/sudoers/exptilde.c:92 -#: plugins/sudoers/filedigest.c:54 plugins/sudoers/filedigest.c:70 -#: plugins/sudoers/gc.c:56 plugins/sudoers/group_plugin.c:133 -#: plugins/sudoers/interfaces.c:72 plugins/sudoers/iolog.c:596 -#: plugins/sudoers/iolog.c:613 plugins/sudoers/ldap.c:184 -#: plugins/sudoers/ldap.c:422 plugins/sudoers/ldap.c:432 -#: plugins/sudoers/ldap.c:437 plugins/sudoers/ldap.c:441 -#: plugins/sudoers/ldap.c:453 plugins/sudoers/ldap.c:744 -#: plugins/sudoers/ldap.c:908 plugins/sudoers/ldap.c:1281 -#: plugins/sudoers/ldap.c:1709 plugins/sudoers/ldap.c:1746 -#: plugins/sudoers/ldap.c:1827 plugins/sudoers/ldap.c:1962 -#: plugins/sudoers/ldap.c:2063 plugins/sudoers/ldap.c:2079 -#: plugins/sudoers/ldap_conf.c:218 plugins/sudoers/ldap_conf.c:249 -#: plugins/sudoers/ldap_conf.c:301 plugins/sudoers/ldap_conf.c:337 -#: plugins/sudoers/ldap_conf.c:441 plugins/sudoers/ldap_conf.c:456 -#: plugins/sudoers/ldap_conf.c:553 plugins/sudoers/ldap_conf.c:586 -#: plugins/sudoers/ldap_conf.c:678 plugins/sudoers/ldap_conf.c:760 -#: plugins/sudoers/ldap_util.c:326 plugins/sudoers/ldap_util.c:333 -#: plugins/sudoers/ldap_util.c:603 plugins/sudoers/linux_audit.c:84 -#: plugins/sudoers/log_client.c:105 plugins/sudoers/log_client.c:381 -#: plugins/sudoers/log_client.c:688 plugins/sudoers/log_client.c:706 -#: plugins/sudoers/log_client.c:1407 plugins/sudoers/log_client.c:1620 -#: plugins/sudoers/log_client.c:1942 plugins/sudoers/log_client.c:1999 -#: plugins/sudoers/logging.c:100 plugins/sudoers/logging.c:166 -#: plugins/sudoers/logging.c:426 plugins/sudoers/logging.c:446 -#: plugins/sudoers/logging.c:527 plugins/sudoers/match_command.c:281 -#: plugins/sudoers/match_command.c:449 plugins/sudoers/match_command.c:499 -#: plugins/sudoers/match_command.c:573 plugins/sudoers/match_digest.c:93 -#: plugins/sudoers/parse.c:199 plugins/sudoers/parse.c:213 -#: plugins/sudoers/parse.c:230 plugins/sudoers/parse.c:244 -#: plugins/sudoers/parse.c:264 plugins/sudoers/parse.c:275 +#: plugins/sudoers/cvtsudoers_ldif.c:376 plugins/sudoers/cvtsudoers_ldif.c:430 +#: plugins/sudoers/cvtsudoers_ldif.c:438 plugins/sudoers/cvtsudoers_ldif.c:449 +#: plugins/sudoers/cvtsudoers_ldif.c:456 plugins/sudoers/cvtsudoers_ldif.c:469 +#: plugins/sudoers/cvtsudoers_ldif.c:477 plugins/sudoers/cvtsudoers_ldif.c:624 +#: plugins/sudoers/cvtsudoers_merge.c:246 +#: plugins/sudoers/cvtsudoers_merge.c:292 +#: plugins/sudoers/cvtsudoers_merge.c:339 +#: plugins/sudoers/cvtsudoers_merge.c:360 +#: plugins/sudoers/cvtsudoers_merge.c:446 +#: plugins/sudoers/cvtsudoers_merge.c:457 +#: plugins/sudoers/cvtsudoers_merge.c:526 +#: plugins/sudoers/cvtsudoers_merge.c:696 +#: plugins/sudoers/cvtsudoers_merge.c:704 +#: plugins/sudoers/cvtsudoers_merge.c:927 +#: plugins/sudoers/cvtsudoers_merge.c:962 plugins/sudoers/defaults.c:665 +#: plugins/sudoers/defaults.c:1019 plugins/sudoers/defaults.c:1206 +#: plugins/sudoers/editor.c:190 plugins/sudoers/env.c:262 +#: plugins/sudoers/exptilde.c:92 plugins/sudoers/filedigest.c:54 +#: plugins/sudoers/filedigest.c:70 plugins/sudoers/gc.c:57 +#: plugins/sudoers/group_plugin.c:133 plugins/sudoers/interfaces.c:68 +#: plugins/sudoers/iolog.c:609 plugins/sudoers/iolog.c:635 +#: plugins/sudoers/ldap.c:184 plugins/sudoers/ldap.c:422 +#: plugins/sudoers/ldap.c:432 plugins/sudoers/ldap.c:437 +#: plugins/sudoers/ldap.c:441 plugins/sudoers/ldap.c:453 +#: plugins/sudoers/ldap.c:749 plugins/sudoers/ldap.c:913 +#: plugins/sudoers/ldap.c:1286 plugins/sudoers/ldap.c:1712 +#: plugins/sudoers/ldap.c:1749 plugins/sudoers/ldap.c:1830 +#: plugins/sudoers/ldap.c:1965 plugins/sudoers/ldap.c:2066 +#: plugins/sudoers/ldap.c:2082 plugins/sudoers/ldap_conf.c:218 +#: plugins/sudoers/ldap_conf.c:249 plugins/sudoers/ldap_conf.c:301 +#: plugins/sudoers/ldap_conf.c:337 plugins/sudoers/ldap_conf.c:441 +#: plugins/sudoers/ldap_conf.c:456 plugins/sudoers/ldap_conf.c:553 +#: plugins/sudoers/ldap_conf.c:586 plugins/sudoers/ldap_conf.c:678 +#: plugins/sudoers/ldap_conf.c:760 plugins/sudoers/ldap_util.c:293 +#: plugins/sudoers/ldap_util.c:300 plugins/sudoers/ldap_util.c:613 +#: plugins/sudoers/linux_audit.c:86 plugins/sudoers/log_client.c:112 +#: plugins/sudoers/log_client.c:390 plugins/sudoers/log_client.c:703 +#: plugins/sudoers/log_client.c:724 plugins/sudoers/log_client.c:1444 +#: plugins/sudoers/log_client.c:1662 plugins/sudoers/log_client.c:1989 +#: plugins/sudoers/log_client.c:2046 plugins/sudoers/logging.c:104 +#: plugins/sudoers/logging.c:184 plugins/sudoers/logging.c:468 +#: plugins/sudoers/logging.c:488 plugins/sudoers/logging.c:627 +#: plugins/sudoers/match_command.c:297 plugins/sudoers/match_command.c:497 +#: plugins/sudoers/match_command.c:546 plugins/sudoers/match_command.c:618 +#: plugins/sudoers/match_command.c:666 plugins/sudoers/match_digest.c:93 +#: plugins/sudoers/parse.c:201 plugins/sudoers/parse.c:218 +#: plugins/sudoers/parse.c:250 plugins/sudoers/parse.c:267 +#: plugins/sudoers/parse.c:290 plugins/sudoers/parse.c:301 #: plugins/sudoers/parse_ldif.c:153 plugins/sudoers/parse_ldif.c:184 -#: plugins/sudoers/parse_ldif.c:253 plugins/sudoers/parse_ldif.c:260 -#: plugins/sudoers/parse_ldif.c:265 plugins/sudoers/parse_ldif.c:341 -#: plugins/sudoers/parse_ldif.c:352 plugins/sudoers/parse_ldif.c:379 -#: plugins/sudoers/parse_ldif.c:396 plugins/sudoers/parse_ldif.c:408 -#: plugins/sudoers/parse_ldif.c:412 plugins/sudoers/parse_ldif.c:426 -#: plugins/sudoers/parse_ldif.c:594 plugins/sudoers/parse_ldif.c:624 -#: plugins/sudoers/parse_ldif.c:649 plugins/sudoers/parse_ldif.c:707 -#: plugins/sudoers/parse_ldif.c:724 plugins/sudoers/parse_ldif.c:752 -#: plugins/sudoers/parse_ldif.c:759 plugins/sudoers/policy.c:526 -#: plugins/sudoers/policy.c:874 plugins/sudoers/prompt.c:93 -#: plugins/sudoers/pwutil.c:194 plugins/sudoers/pwutil.c:265 -#: plugins/sudoers/pwutil.c:343 plugins/sudoers/pwutil.c:517 -#: plugins/sudoers/pwutil.c:581 plugins/sudoers/pwutil.c:652 -#: plugins/sudoers/pwutil.c:811 plugins/sudoers/pwutil.c:867 -#: plugins/sudoers/pwutil.c:911 plugins/sudoers/pwutil.c:968 -#: plugins/sudoers/sssd.c:145 plugins/sudoers/sssd.c:407 -#: plugins/sudoers/sssd.c:470 plugins/sudoers/sssd.c:514 -#: plugins/sudoers/sssd.c:561 plugins/sudoers/sssd.c:754 -#: plugins/sudoers/stubs.c:110 plugins/sudoers/stubs.c:118 -#: plugins/sudoers/sudoers.c:300 plugins/sudoers/sudoers.c:326 -#: plugins/sudoers/sudoers.c:370 plugins/sudoers/sudoers.c:381 -#: plugins/sudoers/sudoers.c:391 plugins/sudoers/sudoers.c:433 -#: plugins/sudoers/sudoers.c:794 plugins/sudoers/sudoers.c:927 -#: plugins/sudoers/sudoers.c:961 plugins/sudoers/sudoers.c:1265 -#: plugins/sudoers/sudoreplay.c:552 plugins/sudoers/sudoreplay.c:555 -#: plugins/sudoers/sudoreplay.c:1259 plugins/sudoers/sudoreplay.c:1469 -#: plugins/sudoers/sudoreplay.c:1473 plugins/sudoers/testsudoers.c:128 -#: plugins/sudoers/testsudoers.c:228 plugins/sudoers/testsudoers.c:245 -#: plugins/sudoers/testsudoers.c:587 plugins/sudoers/timestamp.c:432 -#: plugins/sudoers/timestamp.c:476 plugins/sudoers/timestamp.c:986 -#: plugins/sudoers/toke_util.c:51 plugins/sudoers/toke_util.c:104 -#: plugins/sudoers/toke_util.c:129 plugins/sudoers/toke_util.c:157 -#: plugins/sudoers/tsdump.c:123 plugins/sudoers/visudo.c:145 -#: plugins/sudoers/visudo.c:323 plugins/sudoers/visudo.c:329 -#: plugins/sudoers/visudo.c:439 plugins/sudoers/visudo.c:615 -#: plugins/sudoers/visudo.c:935 plugins/sudoers/visudo.c:1008 -#: plugins/sudoers/visudo.c:1129 toke.l:913 toke.l:1033 toke.l:1091 +#: plugins/sudoers/parse_ldif.c:253 plugins/sudoers/parse_ldif.c:261 +#: plugins/sudoers/parse_ldif.c:266 plugins/sudoers/parse_ldif.c:342 +#: plugins/sudoers/parse_ldif.c:353 plugins/sudoers/parse_ldif.c:380 +#: plugins/sudoers/parse_ldif.c:397 plugins/sudoers/parse_ldif.c:409 +#: plugins/sudoers/parse_ldif.c:413 plugins/sudoers/parse_ldif.c:427 +#: plugins/sudoers/parse_ldif.c:484 plugins/sudoers/parse_ldif.c:597 +#: plugins/sudoers/parse_ldif.c:627 plugins/sudoers/parse_ldif.c:652 +#: plugins/sudoers/parse_ldif.c:710 plugins/sudoers/parse_ldif.c:727 +#: plugins/sudoers/parse_ldif.c:755 plugins/sudoers/parse_ldif.c:762 +#: plugins/sudoers/policy.c:564 plugins/sudoers/policy.c:978 +#: plugins/sudoers/prompt.c:93 plugins/sudoers/pwutil.c:199 +#: plugins/sudoers/pwutil.c:270 plugins/sudoers/pwutil.c:348 +#: plugins/sudoers/pwutil.c:522 plugins/sudoers/pwutil.c:587 +#: plugins/sudoers/pwutil.c:659 plugins/sudoers/pwutil.c:857 +#: plugins/sudoers/pwutil.c:913 plugins/sudoers/pwutil.c:957 +#: plugins/sudoers/pwutil.c:1014 plugins/sudoers/sssd.c:145 +#: plugins/sudoers/sssd.c:407 plugins/sudoers/sssd.c:470 +#: plugins/sudoers/sssd.c:514 plugins/sudoers/sssd.c:558 +#: plugins/sudoers/sssd.c:751 plugins/sudoers/strvec_join.c:53 +#: plugins/sudoers/stubs.c:111 plugins/sudoers/stubs.c:119 +#: plugins/sudoers/sudoers.c:335 plugins/sudoers/sudoers.c:361 +#: plugins/sudoers/sudoers.c:429 plugins/sudoers/sudoers.c:438 +#: plugins/sudoers/sudoers.c:479 plugins/sudoers/sudoers.c:842 +#: plugins/sudoers/sudoers.c:980 plugins/sudoers/sudoers.c:1039 +#: plugins/sudoers/sudoers.c:1305 plugins/sudoers/sudoreplay.c:562 +#: plugins/sudoers/sudoreplay.c:565 plugins/sudoers/sudoreplay.c:1280 +#: plugins/sudoers/sudoreplay.c:1500 plugins/sudoers/sudoreplay.c:1504 +#: plugins/sudoers/testsudoers.c:120 plugins/sudoers/testsudoers.c:224 +#: plugins/sudoers/testsudoers.c:241 plugins/sudoers/testsudoers.c:580 +#: plugins/sudoers/timestamp.c:424 plugins/sudoers/timestamp.c:468 +#: plugins/sudoers/timestamp.c:980 plugins/sudoers/timestamp.c:1118 +#: plugins/sudoers/toke_util.c:77 plugins/sudoers/toke_util.c:105 +#: plugins/sudoers/toke_util.c:130 plugins/sudoers/toke_util.c:155 +#: plugins/sudoers/toke_util.c:193 plugins/sudoers/tsdump.c:123 +#: plugins/sudoers/visudo.c:145 plugins/sudoers/visudo.c:344 +#: plugins/sudoers/visudo.c:350 plugins/sudoers/visudo.c:456 +#: plugins/sudoers/visudo.c:632 plugins/sudoers/visudo.c:962 +#: plugins/sudoers/visudo.c:1035 toke.l:944 toke.l:1076 toke.l:1147 msgid "unable to allocate memory" msgstr "nie udało się przydzielić pamięci" -#: gram.y:552 +#: gram.y:615 msgid "a digest requires a path name" msgstr "skrót wymaga nazwy pliku" -#: gram.y:581 +#: gram.y:637 msgid "values for \"CWD\" must start with a '/', '~', or '*'" msgstr "wartości \"CWD\" muszą zaczynać się od '/', '~' lub '*'" -#: gram.y:593 +#: gram.y:643 +msgid "\"CWD\" path too long" +msgstr "ścieżka \"CWD\" zbyt długa" + +#: gram.y:653 msgid "values for \"CHROOT\" must start with a '/', '~', or '*'" msgstr "wartości \"CHROOT\" muszą zaczynać się od '/', '~' lub '*'" -#: gram.y:715 +#: gram.y:659 +msgid "\"CHROOT\" path too long" +msgstr "ścieżka \"CHROOT\" zbyt długa" + +#: gram.y:788 #, c-format msgid "syntax error, reserved word %s used as an alias name" msgstr "błąd składni, słowo zastrzeżone %s użyte jako nazwa aliasu" -#: gram.y:735 +#: gram.y:811 msgid "invalid notbefore value" msgstr "błędna wartość notbefore" -#: gram.y:743 +#: gram.y:820 msgid "invalid notafter value" msgstr "błędna wartość notafter" -#: gram.y:752 plugins/sudoers/policy.c:335 +#: gram.y:830 plugins/sudoers/policy.c:353 msgid "timeout value too large" msgstr "wartość limitu czasu zbyt duża" -#: gram.y:754 plugins/sudoers/policy.c:337 +#: gram.y:832 plugins/sudoers/policy.c:355 msgid "invalid timeout value" msgstr "błędna wartość limitu czasu" -#: gram.y:1079 +#: gram.y:946 plugins/sudoers/sudoers.c:998 +msgid "command too long" +msgstr "polecenie zbyt długie" + +#: gram.y:1203 #, c-format msgid "%s:%d:%d: %s\n" msgstr "%s:%d:%d: %s\n" -#: gram.y:1526 lib/eventlog/eventlog.c:280 lib/eventlog/eventlog.c:753 -#: lib/eventlog/eventlog.c:815 lib/eventlog/eventlog.c:816 -#: lib/eventlog/eventlog.c:1062 lib/iolog/iolog_fileio.c:998 -#: lib/iolog/iolog_json.c:120 lib/iolog/iolog_json.c:304 -#: lib/iolog/iolog_json.c:335 lib/iolog/iolog_json.c:457 -#: lib/iolog/iolog_json.c:735 lib/iolog/iolog_util.c:106 -#: lib/iolog/iolog_util.c:115 lib/iolog/iolog_util.c:125 -#: lib/iolog/iolog_util.c:133 lib/iolog/iolog_util.c:137 -#: lib/iolog/iolog_util.c:196 logsrvd/logsrvd.c:1280 logsrvd/logsrvd.c:1293 -#: logsrvd/logsrvd.c:1338 logsrvd/sendlog.c:480 logsrvd/sendlog.c:1321 -#: logsrvd/sendlog.c:1328 logsrvd/sendlog.c:1746 plugins/sudoers/audit.c:115 -#: plugins/sudoers/audit.c:210 plugins/sudoers/auth/pam.c:482 -#: plugins/sudoers/auth/pam.c:669 plugins/sudoers/auth/rfc1938.c:111 -#: plugins/sudoers/cvtsudoers.c:119 plugins/sudoers/cvtsudoers.c:159 -#: plugins/sudoers/cvtsudoers.c:176 plugins/sudoers/cvtsudoers.c:187 -#: plugins/sudoers/cvtsudoers.c:299 plugins/sudoers/cvtsudoers.c:427 -#: plugins/sudoers/cvtsudoers.c:560 plugins/sudoers/cvtsudoers.c:577 -#: plugins/sudoers/cvtsudoers.c:641 plugins/sudoers/cvtsudoers.c:756 -#: plugins/sudoers/cvtsudoers.c:763 plugins/sudoers/cvtsudoers.c:1178 -#: plugins/sudoers/cvtsudoers.c:1182 plugins/sudoers/cvtsudoers.c:1284 +#: gram.y:1247 +#, c-format +msgid "Alias \"%s\" already defined" +msgstr "Alias \"%s\" jest już zdefiniowany" + +#: gram.y:1744 gram.y:1794 lib/eventlog/eventlog.c:309 +#: lib/eventlog/eventlog.c:804 lib/eventlog/eventlog.c:877 +#: lib/eventlog/eventlog.c:880 lib/eventlog/eventlog.c:1176 +#: lib/iolog/iolog_json.c:150 lib/iolog/iolog_json.c:381 +#: lib/iolog/iolog_json.c:412 lib/iolog/iolog_json.c:555 +#: lib/iolog/iolog_legacy.c:100 lib/iolog/iolog_legacy.c:111 +#: lib/iolog/iolog_legacy.c:123 lib/iolog/iolog_legacy.c:133 +#: lib/iolog/iolog_legacy.c:139 lib/iolog/iolog_loginfo.c:76 +#: lib/iolog/iolog_loginfo.c:211 logsrvd/iolog_writer.c:84 +#: logsrvd/iolog_writer.c:89 logsrvd/iolog_writer.c:123 +#: logsrvd/iolog_writer.c:162 logsrvd/iolog_writer.c:171 +#: logsrvd/iolog_writer.c:189 logsrvd/iolog_writer.c:211 +#: logsrvd/iolog_writer.c:224 logsrvd/iolog_writer.c:251 +#: logsrvd/iolog_writer.c:260 logsrvd/iolog_writer.c:276 +#: logsrvd/iolog_writer.c:285 logsrvd/iolog_writer.c:300 +#: logsrvd/iolog_writer.c:313 logsrvd/iolog_writer.c:326 +#: logsrvd/iolog_writer.c:339 logsrvd/iolog_writer.c:354 +#: logsrvd/iolog_writer.c:393 logsrvd/iolog_writer.c:399 +#: logsrvd/iolog_writer.c:406 logsrvd/iolog_writer.c:412 +#: logsrvd/iolog_writer.c:596 logsrvd/logsrv_util.c:64 logsrvd/logsrvd.c:296 +#: logsrvd/logsrvd.c:305 logsrvd/logsrvd.c:448 logsrvd/logsrvd.c:485 +#: logsrvd/logsrvd.c:593 logsrvd/logsrvd.c:1084 logsrvd/logsrvd.c:1400 +#: logsrvd/logsrvd.c:1406 logsrvd/logsrvd_conf.c:1360 +#: logsrvd/logsrvd_journal.c:70 logsrvd/logsrvd_journal.c:114 +#: logsrvd/logsrvd_journal.c:203 logsrvd/logsrvd_journal.c:233 +#: logsrvd/logsrvd_journal.c:237 logsrvd/logsrvd_journal.c:245 +#: logsrvd/logsrvd_journal.c:268 logsrvd/logsrvd_journal.c:272 +#: logsrvd/logsrvd_journal.c:425 logsrvd/logsrvd_local.c:174 +#: logsrvd/logsrvd_local.c:237 logsrvd/logsrvd_local.c:425 +#: logsrvd/logsrvd_local.c:431 logsrvd/logsrvd_local.c:450 +#: logsrvd/logsrvd_queue.c:153 logsrvd/logsrvd_queue.c:184 +#: logsrvd/logsrvd_queue.c:261 logsrvd/sendlog.c:246 logsrvd/sendlog.c:255 +#: logsrvd/sendlog.c:333 logsrvd/sendlog.c:640 logsrvd/sendlog.c:1526 +#: logsrvd/sendlog.c:1533 logsrvd/sendlog.c:1756 logsrvd/tls_init.c:293 +#: logsrvd/tls_init.c:314 logsrvd/tls_init.c:324 plugins/sudoers/audit.c:116 +#: plugins/sudoers/auth/pam.c:503 plugins/sudoers/auth/pam.c:689 +#: plugins/sudoers/auth/rfc1938.c:111 plugins/sudoers/check_aliases.c:134 +#: plugins/sudoers/cvtsudoers.c:131 plugins/sudoers/cvtsudoers.c:174 +#: plugins/sudoers/cvtsudoers.c:191 plugins/sudoers/cvtsudoers.c:202 +#: plugins/sudoers/cvtsudoers.c:332 plugins/sudoers/cvtsudoers.c:533 +#: plugins/sudoers/cvtsudoers.c:666 plugins/sudoers/cvtsudoers.c:684 +#: plugins/sudoers/cvtsudoers.c:755 plugins/sudoers/cvtsudoers.c:870 +#: plugins/sudoers/cvtsudoers.c:877 plugins/sudoers/cvtsudoers.c:1373 +#: plugins/sudoers/cvtsudoers.c:1377 plugins/sudoers/cvtsudoers.c:1479 +#: plugins/sudoers/cvtsudoers_csv.c:182 plugins/sudoers/cvtsudoers_csv.c:245 #: plugins/sudoers/cvtsudoers_json.c:75 plugins/sudoers/cvtsudoers_ldif.c:150 #: plugins/sudoers/cvtsudoers_ldif.c:193 plugins/sudoers/cvtsudoers_ldif.c:234 -#: plugins/sudoers/cvtsudoers_ldif.c:299 plugins/sudoers/cvtsudoers_ldif.c:370 -#: plugins/sudoers/cvtsudoers_ldif.c:420 plugins/sudoers/cvtsudoers_ldif.c:428 -#: plugins/sudoers/cvtsudoers_ldif.c:439 plugins/sudoers/cvtsudoers_ldif.c:446 -#: plugins/sudoers/cvtsudoers_ldif.c:459 plugins/sudoers/cvtsudoers_ldif.c:467 -#: plugins/sudoers/cvtsudoers_ldif.c:614 plugins/sudoers/defaults.c:630 -#: plugins/sudoers/defaults.c:923 plugins/sudoers/defaults.c:1098 -#: plugins/sudoers/editor.c:181 plugins/sudoers/env.c:261 +#: plugins/sudoers/cvtsudoers_ldif.c:299 plugins/sudoers/cvtsudoers_ldif.c:375 +#: plugins/sudoers/cvtsudoers_ldif.c:429 plugins/sudoers/cvtsudoers_ldif.c:437 +#: plugins/sudoers/cvtsudoers_ldif.c:448 plugins/sudoers/cvtsudoers_ldif.c:455 +#: plugins/sudoers/cvtsudoers_ldif.c:468 plugins/sudoers/cvtsudoers_ldif.c:476 +#: plugins/sudoers/cvtsudoers_ldif.c:623 +#: plugins/sudoers/cvtsudoers_merge.c:246 +#: plugins/sudoers/cvtsudoers_merge.c:292 +#: plugins/sudoers/cvtsudoers_merge.c:338 +#: plugins/sudoers/cvtsudoers_merge.c:359 +#: plugins/sudoers/cvtsudoers_merge.c:446 +#: plugins/sudoers/cvtsudoers_merge.c:454 +#: plugins/sudoers/cvtsudoers_merge.c:457 +#: plugins/sudoers/cvtsudoers_merge.c:523 +#: plugins/sudoers/cvtsudoers_merge.c:526 +#: plugins/sudoers/cvtsudoers_merge.c:695 +#: plugins/sudoers/cvtsudoers_merge.c:703 +#: plugins/sudoers/cvtsudoers_merge.c:926 +#: plugins/sudoers/cvtsudoers_merge.c:962 plugins/sudoers/defaults.c:665 +#: plugins/sudoers/defaults.c:1019 plugins/sudoers/defaults.c:1206 +#: plugins/sudoers/editor.c:190 plugins/sudoers/env.c:262 #: plugins/sudoers/exptilde.c:92 plugins/sudoers/filedigest.c:54 -#: plugins/sudoers/filedigest.c:70 plugins/sudoers/gc.c:56 -#: plugins/sudoers/group_plugin.c:132 plugins/sudoers/interfaces.c:72 -#: plugins/sudoers/iolog.c:596 plugins/sudoers/iolog.c:613 +#: plugins/sudoers/filedigest.c:70 plugins/sudoers/gc.c:57 +#: plugins/sudoers/group_plugin.c:132 plugins/sudoers/interfaces.c:68 +#: plugins/sudoers/iolog.c:609 plugins/sudoers/iolog.c:635 #: plugins/sudoers/ldap.c:184 plugins/sudoers/ldap.c:422 #: plugins/sudoers/ldap.c:432 plugins/sudoers/ldap.c:437 #: plugins/sudoers/ldap.c:441 plugins/sudoers/ldap.c:453 -#: plugins/sudoers/ldap.c:744 plugins/sudoers/ldap.c:908 -#: plugins/sudoers/ldap.c:1281 plugins/sudoers/ldap.c:1709 -#: plugins/sudoers/ldap.c:1746 plugins/sudoers/ldap.c:1827 -#: plugins/sudoers/ldap.c:1962 plugins/sudoers/ldap.c:2063 -#: plugins/sudoers/ldap.c:2079 plugins/sudoers/ldap_conf.c:218 +#: plugins/sudoers/ldap.c:749 plugins/sudoers/ldap.c:913 +#: plugins/sudoers/ldap.c:1286 plugins/sudoers/ldap.c:1712 +#: plugins/sudoers/ldap.c:1749 plugins/sudoers/ldap.c:1830 +#: plugins/sudoers/ldap.c:1965 plugins/sudoers/ldap.c:2066 +#: plugins/sudoers/ldap.c:2082 plugins/sudoers/ldap_conf.c:218 #: plugins/sudoers/ldap_conf.c:249 plugins/sudoers/ldap_conf.c:301 #: plugins/sudoers/ldap_conf.c:337 plugins/sudoers/ldap_conf.c:441 #: plugins/sudoers/ldap_conf.c:456 plugins/sudoers/ldap_conf.c:553 #: plugins/sudoers/ldap_conf.c:586 plugins/sudoers/ldap_conf.c:677 -#: plugins/sudoers/ldap_conf.c:760 plugins/sudoers/ldap_util.c:325 -#: plugins/sudoers/ldap_util.c:332 plugins/sudoers/ldap_util.c:603 -#: plugins/sudoers/linux_audit.c:84 plugins/sudoers/log_client.c:105 -#: plugins/sudoers/log_client.c:214 plugins/sudoers/log_client.c:235 -#: plugins/sudoers/log_client.c:248 plugins/sudoers/log_client.c:381 -#: plugins/sudoers/log_client.c:688 plugins/sudoers/log_client.c:706 -#: plugins/sudoers/log_client.c:1407 plugins/sudoers/log_client.c:1620 -#: plugins/sudoers/log_client.c:1942 plugins/sudoers/log_client.c:1999 -#: plugins/sudoers/logging.c:100 plugins/sudoers/logging.c:165 -#: plugins/sudoers/logging.c:166 plugins/sudoers/logging.c:425 -#: plugins/sudoers/logging.c:445 plugins/sudoers/logging.c:527 -#: plugins/sudoers/match_command.c:280 plugins/sudoers/match_command.c:448 -#: plugins/sudoers/match_command.c:498 plugins/sudoers/match_command.c:573 -#: plugins/sudoers/match_digest.c:93 plugins/sudoers/parse.c:198 -#: plugins/sudoers/parse.c:212 plugins/sudoers/parse.c:229 -#: plugins/sudoers/parse.c:243 plugins/sudoers/parse.c:263 -#: plugins/sudoers/parse.c:274 plugins/sudoers/parse_ldif.c:152 -#: plugins/sudoers/parse_ldif.c:183 plugins/sudoers/parse_ldif.c:252 -#: plugins/sudoers/parse_ldif.c:259 plugins/sudoers/parse_ldif.c:264 -#: plugins/sudoers/parse_ldif.c:340 plugins/sudoers/parse_ldif.c:351 -#: plugins/sudoers/parse_ldif.c:378 plugins/sudoers/parse_ldif.c:395 -#: plugins/sudoers/parse_ldif.c:407 plugins/sudoers/parse_ldif.c:411 -#: plugins/sudoers/parse_ldif.c:425 plugins/sudoers/parse_ldif.c:594 -#: plugins/sudoers/parse_ldif.c:623 plugins/sudoers/parse_ldif.c:648 -#: plugins/sudoers/parse_ldif.c:706 plugins/sudoers/parse_ldif.c:723 -#: plugins/sudoers/parse_ldif.c:751 plugins/sudoers/parse_ldif.c:758 -#: plugins/sudoers/policy.c:139 plugins/sudoers/policy.c:148 -#: plugins/sudoers/policy.c:157 plugins/sudoers/policy.c:183 -#: plugins/sudoers/policy.c:320 plugins/sudoers/policy.c:335 -#: plugins/sudoers/policy.c:337 plugins/sudoers/policy.c:366 -#: plugins/sudoers/policy.c:375 plugins/sudoers/policy.c:418 -#: plugins/sudoers/policy.c:428 plugins/sudoers/policy.c:437 -#: plugins/sudoers/policy.c:446 plugins/sudoers/policy.c:526 -#: plugins/sudoers/policy.c:874 plugins/sudoers/prompt.c:93 -#: plugins/sudoers/pwutil.c:194 plugins/sudoers/pwutil.c:265 -#: plugins/sudoers/pwutil.c:343 plugins/sudoers/pwutil.c:517 -#: plugins/sudoers/pwutil.c:581 plugins/sudoers/pwutil.c:652 -#: plugins/sudoers/pwutil.c:811 plugins/sudoers/pwutil.c:867 -#: plugins/sudoers/pwutil.c:911 plugins/sudoers/pwutil.c:968 -#: plugins/sudoers/set_perms.c:359 plugins/sudoers/set_perms.c:698 -#: plugins/sudoers/set_perms.c:1061 plugins/sudoers/set_perms.c:1364 -#: plugins/sudoers/set_perms.c:1529 plugins/sudoers/sssd.c:144 +#: plugins/sudoers/ldap_conf.c:760 plugins/sudoers/ldap_util.c:292 +#: plugins/sudoers/ldap_util.c:299 plugins/sudoers/ldap_util.c:613 +#: plugins/sudoers/linux_audit.c:86 plugins/sudoers/log_client.c:112 +#: plugins/sudoers/log_client.c:221 plugins/sudoers/log_client.c:242 +#: plugins/sudoers/log_client.c:255 plugins/sudoers/log_client.c:390 +#: plugins/sudoers/log_client.c:703 plugins/sudoers/log_client.c:724 +#: plugins/sudoers/log_client.c:1444 plugins/sudoers/log_client.c:1662 +#: plugins/sudoers/log_client.c:1989 plugins/sudoers/log_client.c:2046 +#: plugins/sudoers/logging.c:104 plugins/sudoers/logging.c:183 +#: plugins/sudoers/logging.c:184 plugins/sudoers/logging.c:467 +#: plugins/sudoers/logging.c:487 plugins/sudoers/logging.c:627 +#: plugins/sudoers/match_command.c:296 plugins/sudoers/match_command.c:496 +#: plugins/sudoers/match_command.c:545 plugins/sudoers/match_command.c:618 +#: plugins/sudoers/match_command.c:665 plugins/sudoers/match_digest.c:93 +#: plugins/sudoers/parse.c:200 plugins/sudoers/parse.c:217 +#: plugins/sudoers/parse.c:249 plugins/sudoers/parse.c:266 +#: plugins/sudoers/parse.c:289 plugins/sudoers/parse.c:300 +#: plugins/sudoers/parse_ldif.c:152 plugins/sudoers/parse_ldif.c:183 +#: plugins/sudoers/parse_ldif.c:252 plugins/sudoers/parse_ldif.c:260 +#: plugins/sudoers/parse_ldif.c:265 plugins/sudoers/parse_ldif.c:341 +#: plugins/sudoers/parse_ldif.c:352 plugins/sudoers/parse_ldif.c:379 +#: plugins/sudoers/parse_ldif.c:396 plugins/sudoers/parse_ldif.c:408 +#: plugins/sudoers/parse_ldif.c:412 plugins/sudoers/parse_ldif.c:426 +#: plugins/sudoers/parse_ldif.c:484 plugins/sudoers/parse_ldif.c:597 +#: plugins/sudoers/parse_ldif.c:626 plugins/sudoers/parse_ldif.c:651 +#: plugins/sudoers/parse_ldif.c:709 plugins/sudoers/parse_ldif.c:726 +#: plugins/sudoers/parse_ldif.c:754 plugins/sudoers/parse_ldif.c:761 +#: plugins/sudoers/policy.c:152 plugins/sudoers/policy.c:161 +#: plugins/sudoers/policy.c:170 plugins/sudoers/policy.c:197 +#: plugins/sudoers/policy.c:338 plugins/sudoers/policy.c:353 +#: plugins/sudoers/policy.c:355 plugins/sudoers/policy.c:385 +#: plugins/sudoers/policy.c:394 plugins/sudoers/policy.c:442 +#: plugins/sudoers/policy.c:452 plugins/sudoers/policy.c:461 +#: plugins/sudoers/policy.c:470 plugins/sudoers/policy.c:564 +#: plugins/sudoers/policy.c:978 plugins/sudoers/prompt.c:93 +#: plugins/sudoers/pwutil.c:199 plugins/sudoers/pwutil.c:270 +#: plugins/sudoers/pwutil.c:348 plugins/sudoers/pwutil.c:522 +#: plugins/sudoers/pwutil.c:587 plugins/sudoers/pwutil.c:659 +#: plugins/sudoers/pwutil.c:857 plugins/sudoers/pwutil.c:913 +#: plugins/sudoers/pwutil.c:957 plugins/sudoers/pwutil.c:1014 +#: plugins/sudoers/set_perms.c:363 plugins/sudoers/set_perms.c:706 +#: plugins/sudoers/set_perms.c:1073 plugins/sudoers/set_perms.c:1380 +#: plugins/sudoers/set_perms.c:1549 plugins/sudoers/sssd.c:144 #: plugins/sudoers/sssd.c:407 plugins/sudoers/sssd.c:470 -#: plugins/sudoers/sssd.c:514 plugins/sudoers/sssd.c:561 -#: plugins/sudoers/sssd.c:754 plugins/sudoers/stubs.c:110 -#: plugins/sudoers/stubs.c:118 plugins/sudoers/sudoers.c:300 -#: plugins/sudoers/sudoers.c:326 plugins/sudoers/sudoers.c:370 -#: plugins/sudoers/sudoers.c:381 plugins/sudoers/sudoers.c:391 -#: plugins/sudoers/sudoers.c:433 plugins/sudoers/sudoers.c:794 -#: plugins/sudoers/sudoers.c:927 plugins/sudoers/sudoers.c:961 -#: plugins/sudoers/sudoers.c:1265 plugins/sudoers/sudoreplay.c:552 -#: plugins/sudoers/sudoreplay.c:555 plugins/sudoers/sudoreplay.c:1259 -#: plugins/sudoers/sudoreplay.c:1469 plugins/sudoers/sudoreplay.c:1473 -#: plugins/sudoers/testsudoers.c:128 plugins/sudoers/testsudoers.c:228 -#: plugins/sudoers/testsudoers.c:245 plugins/sudoers/testsudoers.c:587 -#: plugins/sudoers/timestamp.c:432 plugins/sudoers/timestamp.c:476 -#: plugins/sudoers/timestamp.c:986 plugins/sudoers/toke_util.c:51 -#: plugins/sudoers/toke_util.c:104 plugins/sudoers/toke_util.c:128 -#: plugins/sudoers/toke_util.c:157 plugins/sudoers/tsdump.c:123 -#: plugins/sudoers/visudo.c:145 plugins/sudoers/visudo.c:323 -#: plugins/sudoers/visudo.c:329 plugins/sudoers/visudo.c:439 -#: plugins/sudoers/visudo.c:615 plugins/sudoers/visudo.c:935 -#: plugins/sudoers/visudo.c:1008 plugins/sudoers/visudo.c:1129 toke.l:913 -#: toke.l:1033 toke.l:1091 +#: plugins/sudoers/sssd.c:514 plugins/sudoers/sssd.c:558 +#: plugins/sudoers/sssd.c:751 plugins/sudoers/strvec_join.c:53 +#: plugins/sudoers/stubs.c:111 plugins/sudoers/stubs.c:119 +#: plugins/sudoers/sudoers.c:335 plugins/sudoers/sudoers.c:361 +#: plugins/sudoers/sudoers.c:429 plugins/sudoers/sudoers.c:438 +#: plugins/sudoers/sudoers.c:479 plugins/sudoers/sudoers.c:842 +#: plugins/sudoers/sudoers.c:980 plugins/sudoers/sudoers.c:1039 +#: plugins/sudoers/sudoers.c:1305 plugins/sudoers/sudoreplay.c:562 +#: plugins/sudoers/sudoreplay.c:565 plugins/sudoers/sudoreplay.c:1280 +#: plugins/sudoers/sudoreplay.c:1500 plugins/sudoers/sudoreplay.c:1504 +#: plugins/sudoers/testsudoers.c:120 plugins/sudoers/testsudoers.c:224 +#: plugins/sudoers/testsudoers.c:241 plugins/sudoers/testsudoers.c:580 +#: plugins/sudoers/timestamp.c:424 plugins/sudoers/timestamp.c:468 +#: plugins/sudoers/timestamp.c:980 plugins/sudoers/timestamp.c:1118 +#: plugins/sudoers/toke_util.c:77 plugins/sudoers/toke_util.c:105 +#: plugins/sudoers/toke_util.c:130 plugins/sudoers/toke_util.c:154 +#: plugins/sudoers/toke_util.c:193 plugins/sudoers/tsdump.c:123 +#: plugins/sudoers/visudo.c:145 plugins/sudoers/visudo.c:344 +#: plugins/sudoers/visudo.c:350 plugins/sudoers/visudo.c:456 +#: plugins/sudoers/visudo.c:632 plugins/sudoers/visudo.c:962 +#: plugins/sudoers/visudo.c:1035 toke.l:944 toke.l:1076 toke.l:1139 +#: toke.l:1147 #, c-format msgid "%s: %s" msgstr "%s: %s" -#: lib/eventlog/eventlog.c:285 lib/iolog/iolog_json.c:463 -#: lib/iolog/iolog_json.c:466 lib/iolog/iolog_json.c:468 -#: lib/iolog/iolog_json.c:560 plugins/sudoers/cvtsudoers_ldif.c:244 -#: plugins/sudoers/cvtsudoers_ldif.c:251 plugins/sudoers/cvtsudoers_ldif.c:571 -#: plugins/sudoers/env.c:323 plugins/sudoers/env.c:330 -#: plugins/sudoers/env.c:437 plugins/sudoers/iolog.c:618 -#: plugins/sudoers/ldap.c:517 plugins/sudoers/ldap.c:748 -#: plugins/sudoers/ldap.c:1081 plugins/sudoers/ldap_conf.c:222 -#: plugins/sudoers/ldap_conf.c:312 plugins/sudoers/linux_audit.c:90 -#: plugins/sudoers/policy.c:556 plugins/sudoers/policy.c:711 -#: plugins/sudoers/policy.c:721 plugins/sudoers/prompt.c:161 -#: plugins/sudoers/sudoers.c:983 plugins/sudoers/testsudoers.c:249 -#: plugins/sudoers/toke_util.c:169 +#: lib/eventlog/eventlog.c:314 lib/iolog/iolog_json.c:562 +#: lib/iolog/iolog_json.c:568 lib/iolog/iolog_json.c:574 +#: plugins/sudoers/cvtsudoers_csv.c:192 plugins/sudoers/cvtsudoers_csv.c:199 +#: plugins/sudoers/cvtsudoers_ldif.c:244 plugins/sudoers/cvtsudoers_ldif.c:251 +#: plugins/sudoers/cvtsudoers_ldif.c:580 plugins/sudoers/env.c:326 +#: plugins/sudoers/env.c:333 plugins/sudoers/env.c:444 +#: plugins/sudoers/ldap.c:520 plugins/sudoers/ldap.c:753 +#: plugins/sudoers/ldap.c:1086 plugins/sudoers/ldap_conf.c:222 +#: plugins/sudoers/ldap_conf.c:312 plugins/sudoers/ldap_util.c:485 +#: plugins/sudoers/linux_audit.c:92 plugins/sudoers/policy.c:594 +#: plugins/sudoers/policy.c:763 plugins/sudoers/policy.c:774 +#: plugins/sudoers/prompt.c:168 plugins/sudoers/strvec_join.c:62 +#: plugins/sudoers/testsudoers.c:245 plugins/sudoers/toke_util.c:206 +#: toke.l:908 toke.l:1110 #, c-format msgid "internal error, %s overflow" msgstr "błąd wewnętrzny, przepełnienie %s" -#: lib/eventlog/eventlog.c:343 +#: lib/eventlog/eventlog.c:373 #, c-format msgid "unable to dup stdin: %m" msgstr "nie udało się wykonać dup na stdin: %m" -#: lib/eventlog/eventlog.c:388 +#: lib/eventlog/eventlog.c:415 #, c-format msgid "unable to execute %s: %m" msgstr "nie udało się wywołać %s: %m" -#: lib/eventlog/eventlog.c:428 plugins/sudoers/auth/aix_auth.c:198 +#: lib/eventlog/eventlog.c:456 plugins/sudoers/auth/aix_auth.c:198 msgid "unable to fork" msgstr "nie udało się wykonać fork" -#: lib/eventlog/eventlog.c:436 lib/eventlog/eventlog.c:490 +#: lib/eventlog/eventlog.c:464 lib/eventlog/eventlog.c:518 #, c-format msgid "unable to fork: %m" msgstr "nie udało się wykonać fork: %m" -#: lib/eventlog/eventlog.c:480 +#: lib/eventlog/eventlog.c:508 #, c-format msgid "unable to open pipe: %m" msgstr "nie udało się otworzyć potoku: %m" -#: lib/eventlog/eventlog.c:894 +#: lib/eventlog/eventlog.c:1007 #, c-format msgid "%8s : %s" msgstr "%8s : %s" -#: lib/eventlog/eventlog.c:923 +#: lib/eventlog/eventlog.c:1036 #, c-format msgid "%8s : (command continued) %s" msgstr "%8s : (kontynuacja polecenia) %s" -#: lib/iolog/iolog_fileio.c:155 -#, c-format -msgid "%s exists but is not a directory (0%o)" -msgstr "%s istnieje, ale nie jest katalogiem (0%o)" - -#: lib/iolog/iolog_fileio.c:185 lib/iolog/iolog_fileio.c:231 -#: plugins/sudoers/timestamp.c:205 -#, c-format -msgid "unable to mkdir %s" -msgstr "nie udało się wykonać mkdir %s" - -#: lib/iolog/iolog_fileio.c:235 plugins/sudoers/visudo.c:732 -#: plugins/sudoers/visudo.c:743 -#, c-format -msgid "unable to change mode of %s to 0%o" -msgstr "nie udało się zmienić uprawnień %s na 0%o" - -#: lib/iolog/iolog_json.c:114 +#: lib/iolog/iolog_json.c:140 #, c-format msgid "expected JSON_STRING, got %d" msgstr "nieoczekiwany JSON_STRING, otrzymano %d" -#: lib/iolog/iolog_json.c:327 +#: lib/iolog/iolog_json.c:145 +msgid "JSON_ARRAY too large" +msgstr "JSON_ARRAY zbyt duża" + +#: lib/iolog/iolog_json.c:404 msgid "missing double quote in name" msgstr "brak podwójnego cudzysłowu w nazwie" -#: lib/iolog/iolog_json.c:414 +#: lib/iolog/iolog_json.c:501 +msgid "missing JSON_OBJECT" +msgstr "brakujący JSON_OBJECT" + +#: lib/iolog/iolog_json.c:505 #, c-format msgid "expected JSON_OBJECT, got %d" msgstr "oczekiwany JSON_OBJECT, otrzymano %d" -#: lib/iolog/iolog_json.c:629 lib/iolog/iolog_json.c:753 +#: lib/iolog/iolog_json.c:661 +#, c-format +msgid "json stack exhausted (max %u frames)" +msgstr "stos json wyczerpany (maksimum %u ramek)" + +#: lib/iolog/iolog_json.c:735 +msgid "objects must consist of name:value pairs" +msgstr "obiekty muszą składać się z kluczy nazwa:wartość" + +#: lib/iolog/iolog_json.c:740 lib/iolog/iolog_json.c:771 +#: lib/iolog/iolog_json.c:815 lib/iolog/iolog_json.c:837 +#: lib/iolog/iolog_json.c:859 lib/iolog/iolog_json.c:881 +#: lib/iolog/iolog_json.c:903 +msgid "missing separator between values" +msgstr "brak separatora między wartościami" + +#: lib/iolog/iolog_json.c:755 lib/iolog/iolog_json.c:929 msgid "unmatched close brace" msgstr "brak klamry zamykającej" -#: lib/iolog/iolog_json.c:638 +#: lib/iolog/iolog_json.c:766 msgid "unexpected array" msgstr "nieoczekiwana tablica" -#: lib/iolog/iolog_json.c:651 lib/iolog/iolog_json.c:755 +#: lib/iolog/iolog_json.c:786 lib/iolog/iolog_json.c:932 msgid "unmatched close bracket" msgstr "brak nawiasu zamykającego" -#: lib/iolog/iolog_json.c:659 +#: lib/iolog/iolog_json.c:797 msgid "unexpected string" msgstr "nieoczekiwany łańcuch" -#: lib/iolog/iolog_json.c:669 +#: lib/iolog/iolog_json.c:808 msgid "missing colon after name" msgstr "brak dwukropka po nazwie" -#: lib/iolog/iolog_json.c:680 lib/iolog/iolog_json.c:695 -#: lib/iolog/iolog_json.c:710 +#: lib/iolog/iolog_json.c:829 lib/iolog/iolog_json.c:851 msgid "unexpected boolean" msgstr "nieoczekiwana wartość logiczna" -#: lib/iolog/iolog_json.c:726 +#: lib/iolog/iolog_json.c:873 +msgid "unexpected null" +msgstr "nieoczekiwana wartość pusta" + +#: lib/iolog/iolog_json.c:894 msgid "unexpected number" msgstr "nieoczekiwana liczba" -#: lib/iolog/iolog_json.c:763 -#, c-format -msgid "%s:%u unable to parse \"%s\"" -msgstr "%s:%u nie udało się przeanalizować \"%s\"" +#: lib/iolog/iolog_json.c:941 +msgid "parse error" +msgstr "błąd składni" -#: lib/iolog/iolog_util.c:71 +#: lib/iolog/iolog_legacy.c:65 #, c-format msgid "%s: invalid log file" msgstr "%s: błędny plik logu" -#: lib/iolog/iolog_util.c:89 +#: lib/iolog/iolog_legacy.c:83 #, c-format msgid "%s: time stamp field is missing" msgstr "%s: brak pola znacznika czasu" -#: lib/iolog/iolog_util.c:95 +#: lib/iolog/iolog_legacy.c:89 #, c-format msgid "%s: time stamp %s: %s" msgstr "%s: znacznik czasu %s: %s" -#: lib/iolog/iolog_util.c:102 +#: lib/iolog/iolog_legacy.c:96 #, c-format msgid "%s: user field is missing" msgstr "%s: brak pola z użytkownikiem" -#: lib/iolog/iolog_util.c:111 +#: lib/iolog/iolog_legacy.c:107 #, c-format msgid "%s: runas user field is missing" msgstr "%s: brak pola z użytkownikiem runas" -#: lib/iolog/iolog_util.c:120 +#: lib/iolog/iolog_legacy.c:118 #, c-format msgid "%s: runas group field is missing" msgstr "%s: brak pola z grupą runas" -#: lib/iolog/iolog_util.c:419 +#: lib/iolog/iolog_mkdirs.c:89 +#, c-format +msgid "%s exists but is not a directory (0%o)" +msgstr "%s istnieje, ale nie jest katalogiem (0%o)" + +#: lib/iolog/iolog_mkdirs.c:119 lib/iolog/iolog_mkdtemp.c:77 +#: logsrvd/iolog_writer.c:807 plugins/sudoers/timestamp.c:205 +#, c-format +msgid "unable to mkdir %s" +msgstr "nie udało się wykonać mkdir %s" + +#: lib/iolog/iolog_mkdtemp.c:81 plugins/sudoers/visudo.c:731 +#: plugins/sudoers/visudo.c:765 plugins/sudoers/visudo.c:771 +#, c-format +msgid "unable to change mode of %s to 0%o" +msgstr "nie udało się zmienić uprawnień %s na 0%o" + +#: lib/iolog/iolog_timing.c:261 #, c-format msgid "error reading timing file: %s" msgstr "błąd podczas czytania pliku czasu: %s" -#: lib/iolog/iolog_util.c:426 +#: lib/iolog/iolog_timing.c:268 #, c-format msgid "invalid timing file line: %s" msgstr "błędna linia pliku czasu: %s" -#: logsrvd/iolog_writer.c:919 -msgid "log is already complete, cannot be restarted" -msgstr "log jest już kompletny, nie może być wznowiony" +#: logsrvd/iolog_writer.c:130 plugins/sudoers/logging.c:803 +#: plugins/sudoers/policy.c:544 +msgid "unable to generate UUID" +msgstr "nie udało się wygenerować UUID-a" -#: logsrvd/iolog_writer.c:950 -msgid "unable to restart log" -msgstr "nie udało się wznownić logu" +#: logsrvd/iolog_writer.c:158 logsrvd/iolog_writer.c:176 +#: logsrvd/iolog_writer.c:185 logsrvd/iolog_writer.c:203 +#: logsrvd/iolog_writer.c:216 logsrvd/iolog_writer.c:229 +#: logsrvd/iolog_writer.c:240 logsrvd/iolog_writer.c:247 +#: logsrvd/iolog_writer.c:265 logsrvd/iolog_writer.c:272 +#: logsrvd/iolog_writer.c:290 logsrvd/iolog_writer.c:305 +#: logsrvd/iolog_writer.c:318 logsrvd/iolog_writer.c:331 +#: logsrvd/iolog_writer.c:344 logsrvd/iolog_writer.c:359 +#, c-format +msgid "%s: protocol error: wrong type for %s" +msgstr "%s: błąd protokołu: niewłaściwy typ dla %s" -#: logsrvd/logsrv_util.c:99 logsrvd/logsrv_util.c:106 -#: plugins/sudoers/sudoreplay.c:352 plugins/sudoers/sudoreplay.c:358 +#: logsrvd/iolog_writer.c:370 logsrvd/iolog_writer.c:375 +#: logsrvd/iolog_writer.c:380 logsrvd/iolog_writer.c:385 +#, c-format +msgid "%s: protocol error: %s missing from AcceptMessage" +msgstr "%s: błąd protokołu: brak %s w AcceptMessage" + +#: logsrvd/iolog_writer.c:446 +#, c-format +msgid "%s: unable to format session id" +msgstr "%s: nie udało się sformatować id sesji" + +#: logsrvd/iolog_writer.c:460 logsrvd/iolog_writer.c:474 +#: logsrvd/iolog_writer.c:488 logsrvd/iolog_writer.c:503 +#: logsrvd/iolog_writer.c:517 logsrvd/iolog_writer.c:531 +#, c-format +msgid "%s: %s is not set" +msgstr "%s: %s nie jest ustawiony" + +#: logsrvd/iolog_writer.c:567 logsrvd/iolog_writer.c:574 +#, c-format +msgid "unable to expand iolog path %s" +msgstr "nie udało się rozwinąć ścieżki iologu %s" + +#: logsrvd/iolog_writer.c:592 +#, c-format +msgid "unable to create iolog path %s" +msgstr "nie udało się utworzyć ścieżki iologu %s" + +#: logsrvd/iolog_writer.c:622 +#, c-format +msgid "invalid iofd %d" +msgstr "błędny iofd %d" + +#: logsrvd/iolog_writer.c:642 +#, c-format +msgid "error closing iofd %d: %s" +msgstr "błąd zamykania iofd %d: %s" + +#: logsrvd/iolog_writer.c:662 +#, c-format +msgid "error flushing iofd %d: %s" +msgstr "błąd opróżniania bufora iofd %d: %s" + +#: logsrvd/iolog_writer.c:777 +#, c-format +msgid "invalid I/O log %s: %s referenced but not present" +msgstr "błędny log we/wy %s: %s użyty, ale nie zdefiniowany" + +#: logsrvd/iolog_writer.c:789 logsrvd/logsrvd_journal.c:377 +#, c-format +msgid "%s: unable to find resume point [%lld, %ld]" +msgstr "%s: nie udało się odnaleźć punktu wznowienia [%lld, %ld]" + +#: logsrvd/iolog_writer.c:811 logsrvd/logsrvd_journal.c:420 +#: logsrvd/logsrvd_queue.c:110 logsrvd/tls_init.c:245 +#: plugins/sudoers/check.c:274 plugins/sudoers/cvtsudoers.c:727 +#: plugins/sudoers/cvtsudoers.c:748 plugins/sudoers/cvtsudoers.c:1439 +#: plugins/sudoers/cvtsudoers_csv.c:681 plugins/sudoers/cvtsudoers_json.c:885 +#: plugins/sudoers/cvtsudoers_ldif.c:697 plugins/sudoers/sudoers.c:1092 +#: plugins/sudoers/sudoreplay.c:1466 plugins/sudoers/timestamp.c:433 +#: plugins/sudoers/tsdump.c:128 plugins/sudoers/visudo.c:949 +#, c-format +msgid "unable to open %s" +msgstr "nie udało się otworzyć %s" + +#: logsrvd/iolog_writer.c:823 logsrvd/logsrv_util.c:100 +#: logsrvd/logsrv_util.c:107 plugins/sudoers/sudoreplay.c:362 +#: plugins/sudoers/sudoreplay.c:368 #, c-format msgid "unable to open %s/%s" msgstr "nie udało się otworzyć %s/%s" -#: logsrvd/logsrv_util.c:133 +#: logsrvd/iolog_writer.c:836 +#, c-format +msgid "unable to copy %s/%s to %s/%s: %s" +msgstr "nie udało się skopiować %s/%s do %s/%s: %s" + +#: logsrvd/iolog_writer.c:865 logsrvd/logsrvd_journal.c:185 +#, c-format +msgid "unable to rename %s to %s" +msgstr "nie udało się zmienić nazwy %s na %s" + +#: logsrvd/logsrv_util.c:139 logsrvd/logsrv_util.c:168 +#, c-format +msgid "%s/%s: unable to find resume point [%lld, %ld]" +msgstr "%s/%s: nie udało się odnaleźć punktu wznowienia [%lld, %ld]" + +#: logsrvd/logsrv_util.c:151 #, c-format msgid "missing I/O log file %s/%s" msgstr "brak pliku logu we/wy %s/%s" -#: logsrvd/logsrv_util.c:140 +#: logsrvd/logsrv_util.c:158 #, c-format msgid "%s/%s: unable to seek forward %zu" msgstr "%s/%s: nie udało przesunąć %zu w przód" -#: logsrvd/logsrv_util.c:150 -#, c-format -msgid "unable to find resume point [%lld, %ld] in %s/%s" -msgstr "nie udało się odnaleźć punktu wznowienia [%lld, %ld] w %s/%s" +#: logsrvd/logsrvd.c:266 logsrvd/logsrvd_queue.c:130 +msgid "unable to connect to relay" +msgstr "nie udało się połączyć z przekaźnikiem" + +#: logsrvd/logsrvd.c:325 logsrvd/logsrvd_relay.c:835 +#, c-format +msgid "server message too large: %zu" +msgstr "komunikat serwera zbyt duży: %zu" + +#: logsrvd/logsrvd.c:417 logsrvd/logsrvd.c:534 logsrvd/logsrvd.c:613 +#: logsrvd/logsrvd.c:837 logsrvd/logsrvd.c:851 logsrvd/logsrvd.c:1010 +#: logsrvd/logsrvd.c:1134 logsrvd/logsrvd.c:1307 logsrvd/logsrvd.c:1325 +#: logsrvd/logsrvd.c:1423 logsrvd/logsrvd.c:1546 logsrvd/logsrvd.c:1730 +#: logsrvd/logsrvd_journal.c:489 logsrvd/logsrvd_local.c:197 +#: logsrvd/logsrvd_queue.c:159 logsrvd/logsrvd_relay.c:167 +#: logsrvd/logsrvd_relay.c:244 logsrvd/logsrvd_relay.c:248 +#: logsrvd/logsrvd_relay.c:384 logsrvd/logsrvd_relay.c:576 +#: logsrvd/logsrvd_relay.c:737 logsrvd/logsrvd_relay.c:1121 +#: logsrvd/sendlog.c:1316 logsrvd/tls_client.c:131 logsrvd/tls_client.c:147 +#: logsrvd/tls_client.c:209 plugins/sudoers/audit.c:276 +#: plugins/sudoers/iolog.c:963 plugins/sudoers/iolog.c:1096 +#: plugins/sudoers/iolog.c:1194 plugins/sudoers/log_client.c:116 +#: plugins/sudoers/log_client.c:332 plugins/sudoers/log_client.c:348 +#: plugins/sudoers/log_client.c:395 plugins/sudoers/log_client.c:599 +#: plugins/sudoers/log_client.c:606 plugins/sudoers/log_client.c:1131 +#: plugins/sudoers/log_client.c:1413 plugins/sudoers/log_client.c:1454 +#: plugins/sudoers/log_client.c:1462 plugins/sudoers/log_client.c:1618 +#: plugins/sudoers/log_client.c:1734 plugins/sudoers/log_client.c:2054 +#: plugins/sudoers/log_client.c:2062 plugins/sudoers/logging.c:142 +#: plugins/sudoers/logging.c:198 plugins/sudoers/sudoreplay.c:522 +#: plugins/sudoers/sudoreplay.c:569 plugins/sudoers/sudoreplay.c:811 +#: plugins/sudoers/sudoreplay.c:923 plugins/sudoers/sudoreplay.c:1014 +#: plugins/sudoers/sudoreplay.c:1029 plugins/sudoers/sudoreplay.c:1036 +#: plugins/sudoers/sudoreplay.c:1043 plugins/sudoers/sudoreplay.c:1050 +#: plugins/sudoers/sudoreplay.c:1057 plugins/sudoers/sudoreplay.c:1184 +msgid "unable to add event to queue" +msgstr "nie udało się dodać zdarzenia do kolejki" -#: logsrvd/logsrvd.c:290 logsrvd/logsrvd.c:353 logsrvd/logsrvd.c:394 -#: logsrvd/logsrvd.c:449 logsrvd/logsrvd.c:517 logsrvd/logsrvd.c:568 -#: logsrvd/logsrvd.c:600 logsrvd/logsrvd.c:632 +#: logsrvd/logsrvd.c:441 logsrvd/logsrvd.c:478 logsrvd/logsrvd.c:510 +#: logsrvd/logsrvd.c:558 logsrvd/logsrvd.c:630 logsrvd/logsrvd.c:660 +#: logsrvd/logsrvd.c:690 logsrvd/logsrvd.c:720 logsrvd/logsrvd_relay.c:505 +#: logsrvd/logsrvd_relay.c:538 +#, c-format +msgid "unexpected state %d for %s" +msgstr "nieoczekiwany stan %d dla %s" + +#: logsrvd/logsrvd.c:442 logsrvd/logsrvd.c:479 logsrvd/logsrvd.c:511 +#: logsrvd/logsrvd.c:559 logsrvd/logsrvd.c:631 logsrvd/logsrvd.c:661 +#: logsrvd/logsrvd.c:691 logsrvd/logsrvd.c:721 logsrvd/logsrvd_relay.c:507 +#: logsrvd/logsrvd_relay.c:540 msgid "state machine error" msgstr "błąd maszyny stanów" -#: logsrvd/logsrvd.c:299 +#: logsrvd/logsrvd.c:448 logsrvd/logsrvd.c:449 msgid "invalid AcceptMessage" msgstr "błędny AcceptMessage" -#: logsrvd/logsrvd.c:307 -msgid "error parsing AcceptMessage" -msgstr "błąd analizy AcceptMessage" - -#: logsrvd/logsrvd.c:314 -msgid "error creating I/O log" -msgstr "błąd tworzenia logu we/wy" - -#: logsrvd/logsrvd.c:321 -msgid "error logging accept event" -msgstr "błąd logowania zdarzenia akceptacji" - -#: logsrvd/logsrvd.c:362 +#: logsrvd/logsrvd.c:485 logsrvd/logsrvd.c:486 msgid "invalid RejectMessage" msgstr "błędny RejectMessage" -#: logsrvd/logsrvd.c:370 -msgid "error parsing RejectMessage" -msgstr "błąd analizy RejectMessage" - -#: logsrvd/logsrvd.c:376 -msgid "error logging reject event" -msgstr "błąd logowania zdarzenia odrzucenia" - -#: logsrvd/logsrvd.c:486 +#: logsrvd/logsrvd.c:593 logsrvd/logsrvd.c:594 msgid "invalid AlertMessage" msgstr "błędny AlertMessage" -#: logsrvd/logsrvd.c:494 -msgid "error parsing AlertMessage" -msgstr "błąd analizy AlertMessage" - -#: logsrvd/logsrvd.c:502 -msgid "error logging alert event" -msgstr "błąd logowania zdarzenia alarmu" +#: logsrvd/logsrvd.c:635 logsrvd/logsrvd.c:665 logsrvd/logsrvd.c:695 +#, c-format +msgid "%s: unexpected IoBuffer" +msgstr "%s: nieoczekiwany IoBuffer" -#: logsrvd/logsrvd.c:523 logsrvd/logsrvd.c:574 logsrvd/logsrvd.c:606 +#: logsrvd/logsrvd.c:636 logsrvd/logsrvd.c:666 logsrvd/logsrvd.c:696 msgid "protocol error" msgstr "błąd protokołu" -#: logsrvd/logsrvd.c:533 -msgid "error writing IoBuffer" -msgstr "błąd zapisu IoBuffer" - -#: logsrvd/logsrvd.c:585 -msgid "error writing ChangeWindowSize" -msgstr "błąd zapisu ChangeWindowSize" - -#: logsrvd/logsrvd.c:617 -msgid "error writing CommandSuspend" -msgstr "błąd zapisu CommandSuspend" +#: logsrvd/logsrvd.c:791 logsrvd/logsrvd_journal.c:357 +#: logsrvd/logsrvd_local.c:125 logsrvd/logsrvd_relay.c:671 +#, c-format +msgid "unexpected type_case value %d in %s from %s" +msgstr "nieoczekiwana wartość type_case %d w %s z %s" -#: logsrvd/logsrvd.c:702 +#: logsrvd/logsrvd.c:793 msgid "unrecognized ClientMessage type" msgstr "nie rozpoznany typ ClientMessage" -#: logsrvd/logsrvd.c:967 -msgid "client message too large" -msgstr "komunikat klienta zbyt duży" - -#: logsrvd/logsrvd.c:1197 logsrvd/logsrvd.c:1205 -#, c-format -msgid "unable to set TLS 1.2 ciphersuite to %s: %s" -msgstr "nie udało się ustawić szyfrowania TLS 1.2 na %s: %s" - -#: logsrvd/logsrvd.c:1225 logsrvd/logsrvd.c:1233 +#: logsrvd/logsrvd.c:883 #, c-format -msgid "unable to set TLS 1.3 ciphersuite to %s: %s" -msgstr "nie udało się ustawić szyfrowania TLS 1.3 na %s: %s" - -#: logsrvd/logsrvd.c:1269 -#, c-format -msgid "unable to get TLS server method: %s" -msgstr "nie udało się uzyskać metody serwera TLS: %s" +msgid "timed out writing to client %s" +msgstr "przekroczony limit czasu przy pisaniu do klienta %s" -#: logsrvd/logsrvd.c:1274 +#: logsrvd/logsrvd.c:888 logsrvd/logsrvd_relay.c:907 logsrvd/sendlog.c:1420 #, c-format -msgid "unable to create TLS context: %s" -msgstr "nie udało się utworzyć kontekstu TLS: %s" +msgid "missing write buffer for client %s" +msgstr "brak bufora zapisu dla klienta %s" -#: logsrvd/logsrvd.c:1281 plugins/sudoers/log_client.c:236 +#: logsrvd/logsrvd.c:981 #, c-format -msgid "unable to load certificate %s" -msgstr "nie udało się załadować certyfikatu %s" +msgid "timed out reading from client %s" +msgstr "przekroczony limit czasu przy czytaniu od klienta %s" -#: logsrvd/logsrvd.c:1294 plugins/sudoers/log_client.c:216 +#: logsrvd/logsrvd.c:1022 logsrvd/logsrvd_relay.c:771 #, c-format -msgid "unable to load certificate authority bundle %s" -msgstr "nie udało się załadować paczki certyfikatów CA %s" +msgid "EOF from %s without proper TLS shutdown" +msgstr "EOF od %s bez właściwego zakończenia połączenia TLS" -#: logsrvd/logsrvd.c:1339 plugins/sudoers/log_client.c:249 +#: logsrvd/logsrvd.c:1065 logsrvd/logsrvd_relay.c:200 logsrvd/sendlog.c:317 +#: plugins/sudoers/log_client.c:709 #, c-format -msgid "unable to load private key %s" -msgstr "nie udało się załadować klucza prywatnego %s" +msgid "client message too large: %zu" +msgstr "komunikat klienta zbyt duży %zu" -#: logsrvd/logsrvd.c:1356 logsrvd/logsrvd.c:1365 -#, c-format -msgid "unable to set diffie-hellman parameters: %s" -msgstr "nie udało się ustawić parametrów Diffie-Hellmana: %s" +#: logsrvd/logsrvd.c:1066 logsrvd/logsrvd_journal.c:246 +#: logsrvd/logsrvd_journal.c:247 +msgid "client message too large" +msgstr "komunikat klienta zbyt duży" -#: logsrvd/logsrvd.c:1378 -#, c-format -msgid "unable to set minimum protocol version to TLS 1.2: %s" -msgstr "nie udało się ustawić minimalnej wersji protokołu na TLS 1.2: %s" +#: logsrvd/logsrvd.c:1084 logsrvd/logsrvd.c:1085 +msgid "invalid ClientMessage" +msgstr "błędny ClientMessage" -#: logsrvd/logsrvd.c:1563 +#: logsrvd/logsrvd.c:1386 msgid "unable to get remote IP addr" msgstr "nie udało się uzyskać zdalnego adresu IP" -#: logsrvd/logsrvd.c:1591 plugins/sudoers/log_client.c:263 +#: logsrvd/logsrvd.c:1415 logsrvd/tls_client.c:196 +#: plugins/sudoers/log_client.c:270 #, c-format msgid "Unable to attach user data to the ssl object: %s" msgstr "Nie udało się dołączyć danych użytkownika do obiektu SSL: %s" -#: logsrvd/logsrvd.c:1599 logsrvd/logsrvd.c:1721 logsrvd/logsrvd.c:1823 -#: logsrvd/sendlog.c:1125 logsrvd/sendlog.c:1481 logsrvd/sendlog.c:1496 -#: logsrvd/sendlog.c:1554 plugins/sudoers/iolog.c:956 -#: plugins/sudoers/iolog.c:1089 plugins/sudoers/iolog.c:1187 -#: plugins/sudoers/log_client.c:109 plugins/sudoers/log_client.c:324 -#: plugins/sudoers/log_client.c:340 plugins/sudoers/log_client.c:386 -#: plugins/sudoers/log_client.c:587 plugins/sudoers/log_client.c:594 -#: plugins/sudoers/log_client.c:1103 plugins/sudoers/log_client.c:1376 -#: plugins/sudoers/log_client.c:1417 plugins/sudoers/log_client.c:1425 -#: plugins/sudoers/log_client.c:1576 plugins/sudoers/log_client.c:1692 -#: plugins/sudoers/log_client.c:2007 plugins/sudoers/log_client.c:2015 -#: plugins/sudoers/sudoreplay.c:512 plugins/sudoers/sudoreplay.c:559 -#: plugins/sudoers/sudoreplay.c:791 plugins/sudoers/sudoreplay.c:903 -#: plugins/sudoers/sudoreplay.c:993 plugins/sudoers/sudoreplay.c:1008 -#: plugins/sudoers/sudoreplay.c:1015 plugins/sudoers/sudoreplay.c:1022 -#: plugins/sudoers/sudoreplay.c:1029 plugins/sudoers/sudoreplay.c:1036 -#: plugins/sudoers/sudoreplay.c:1163 -msgid "unable to add event to queue" -msgstr "nie udało się dodać zdarzenia do kolejki" - -#: logsrvd/logsrvd.c:1775 logsrvd/logsrvd.c:2011 -msgid "unable setup listen socket" +#: logsrvd/logsrvd.c:1596 logsrvd/logsrvd.c:1949 +msgid "unable to setup listen socket" msgstr "nie udało się ustanowić gniazda nasłuchującego" -#: logsrvd/logsrvd.c:1917 logsrvd/sendlog.c:124 +#: logsrvd/logsrvd.c:1713 #, c-format -msgid "" -"%s - send sudo I/O log to remote server\n" -"\n" -msgstr "" -"%s - wysłanie logu we/wy sudo na zdalny serwer\n" -"\n" +msgid "unexpected signal %d" +msgstr "nieoczekiwany sygnał %d" -#: logsrvd/logsrvd.c:1920 -msgid "" -"\n" -"Options:\n" -" -f, --file path to configuration file\n" -" -h --help display help message and exit\n" -" -n, --no-fork do not fork, run in the foreground\n" -" -R, --random-drop percent chance connections will drop\n" -" -V, --version display version information and exit\n" -msgstr "" -"\n" -"Opcje:\n" -" -f, --file ścieżka do pliku konfiguracyjnego\n" -" -h, --help wyświetlenie opisu i zakończenie\n" -" -n, --no-fork bez wykonywania fork, działanie pierwszoplanowe\n" -" -R, --random-drop procentowe prawdopodobieństwo gubienia połączeń\n" -" -V, --version wyświetlenie informacji o wersji i zakończenie\n" +#: logsrvd/logsrvd.c:1851 +msgid "sudo log server" +msgstr "serwer logów sudo" + +#: logsrvd/logsrvd.c:1853 logsrvd/sendlog.c:116 +msgid "Options:" +msgstr "Opcje:" + +#: logsrvd/logsrvd.c:1855 +msgid "path to configuration file" +msgstr "ścieżka do pliku konfiguracyjnego" + +#: logsrvd/logsrvd.c:1857 logsrvd/sendlog.c:118 +msgid "display help message and exit" +msgstr "wyświetlenie pomocy i zakończenie" -#: logsrvd/logsrvd.c:1972 logsrvd/sendlog.c:1719 +#: logsrvd/logsrvd.c:1859 +msgid "do not fork, run in the foreground" +msgstr "bez wykonywania fork, działanie na pierwszym planie" + +#: logsrvd/logsrvd.c:1861 +msgid "percent chance connections will drop" +msgstr "procentowe prawdopodobieństwo odrzucenia połączenia" + +#: logsrvd/logsrvd.c:1863 logsrvd/sendlog.c:148 +msgid "display version information and exit" +msgstr "wyświetlenie informacji o wersji i zakończenie" + +#: logsrvd/logsrvd.c:1913 logsrvd/sendlog.c:1725 msgid "Protobuf-C version 1.3 or higher required" msgstr "Wymagany Protobuf-C w wersji 1.3 lub wyższej" -#: logsrvd/logsrvd.c:1990 +#: logsrvd/logsrvd.c:1929 #, c-format msgid "invalid random drop value: %s" msgstr "błędna wartość losowego gubienia: %s" -#: logsrvd/logsrvd.c:1994 logsrvd/sendlog.c:1769 -#: plugins/sudoers/cvtsudoers.c:228 plugins/sudoers/sudoreplay.c:299 +#: logsrvd/logsrvd.c:1932 logsrvd/sendlog.c:1779 +#: plugins/sudoers/cvtsudoers.c:246 plugins/sudoers/sudoreplay.c:301 #: plugins/sudoers/visudo.c:177 #, c-format msgid "%s version %s\n" msgstr "%s wersja %s\n" -#: logsrvd/logsrvd_conf.c:331 +#: logsrvd/logsrvd_conf.c:390 plugins/sudoers/check.c:336 +#: plugins/sudoers/exptilde.c:85 plugins/sudoers/iolog.c:118 +#: plugins/sudoers/policy.c:1214 plugins/sudoers/sudoers.c:486 +#: plugins/sudoers/sudoers.c:1347 plugins/sudoers/testsudoers.c:215 +#: plugins/sudoers/testsudoers.c:382 +#, c-format +msgid "unknown user %s" +msgstr "nieznany użytkownik %s" + +#: logsrvd/logsrvd_conf.c:407 plugins/sudoers/iolog.c:143 +#: plugins/sudoers/sudoers.c:491 plugins/sudoers/sudoers.c:1381 +#: plugins/sudoers/testsudoers.c:406 +#, c-format +msgid "unknown group %s" +msgstr "nieznana grupa %s" + +#: logsrvd/logsrvd_conf.c:425 +#, c-format +msgid "unable to parse iolog mode %s" +msgstr "nie udało się przeanalizować uprawnień iologu %s" + +#: logsrvd/logsrvd_conf.c:442 logsrvd/logsrvd_conf.c:1171 +#, c-format +msgid "invalid value for %s: %s" +msgstr "błędna wartość %s: %s" + +#: logsrvd/logsrvd_conf.c:481 msgid "TLS not supported" msgstr "TLS nie jest obsługiwany" -#: logsrvd/logsrvd_conf.c:343 +#: logsrvd/logsrvd_conf.c:503 #, c-format msgid "%s:%s" msgstr "%s:%s" -#: logsrvd/logsrvd_conf.c:409 logsrvd/logsrvd_conf.c:653 +#: logsrvd/logsrvd_conf.c:576 logsrvd/logsrvd_conf.c:970 #, c-format msgid "%s: not a fully qualified path" msgstr "%s: nie jest pełną ścieżką" -#: logsrvd/logsrvd_conf.c:767 +#: logsrvd/logsrvd_conf.c:888 logsrvd/logsrvd_conf.c:904 +#: logsrvd/logsrvd_conf.c:1586 +#, c-format +msgid "unknown syslog facility %s" +msgstr "nieznana wartość facility sysloga %s" + +#: logsrvd/logsrvd_conf.c:920 logsrvd/logsrvd_conf.c:936 +#: logsrvd/logsrvd_conf.c:952 logsrvd/logsrvd_conf.c:1590 +#: logsrvd/logsrvd_conf.c:1594 logsrvd/logsrvd_conf.c:1598 +#, c-format +msgid "unknown syslog priority %s" +msgstr "nieznany priorytet sysloga %s" + +#: logsrvd/logsrvd_conf.c:1132 #, c-format msgid "%s:%d unmatched '[': %s" msgstr "%s:%d niedopasowany '[': %s" -#: logsrvd/logsrvd_conf.c:778 +#: logsrvd/logsrvd_conf.c:1143 #, c-format msgid "%s:%d invalid config section: %s" msgstr "%s: %d błędna sekcja konfiguracji: %s" -#: logsrvd/logsrvd_conf.c:786 +#: logsrvd/logsrvd_conf.c:1151 #, c-format msgid "%s:%d invalid configuration line: %s" msgstr "%s:%d błędna linia konfiguracji: %s" -#: logsrvd/logsrvd_conf.c:792 +#: logsrvd/logsrvd_conf.c:1157 #, c-format msgid "%s:%d expected section name: %s" msgstr "%s:%d oczekiwano nazwy sekcji: %s" -#: logsrvd/logsrvd_conf.c:806 +#: logsrvd/logsrvd_conf.c:1179 #, c-format -msgid "invalid value for %s: %s" -msgstr "błędna wartość %s: %s" +msgid "%s:%d [%s] illegal key: %s" +msgstr "%s:%d [%s] niedozwolony klucz: %s" -#: logsrvd/logsrvd_conf.c:814 +#: logsrvd/logsrvd_conf.c:1209 plugins/sudoers/cvtsudoers.c:268 +#: plugins/sudoers/logging.c:856 #, c-format -msgid "%s:%d unknown key: %s" -msgstr "%s:%d nieznany klucz: %s" +msgid "unable to open log file %s" +msgstr "nie udało się otworzyć pliku logu %s" -#: logsrvd/logsrvd_conf.c:1003 +#: logsrvd/logsrvd_conf.c:1666 +msgid "unable to initialize server TLS context" +msgstr "nie udało się zainicjować kontekstu serwera TLS" + +#: logsrvd/logsrvd_conf.c:1686 +msgid "unable to initialize relay TLS context" +msgstr "nie udało się zainicjować kontekstu przekaźnika TLS" + +#: logsrvd/logsrvd_journal.c:136 logsrvd/logsrvd_journal.c:416 +#: logsrvd/logsrvd_journal.c:421 +msgid "unable to create journal file" +msgstr "nie udało się utworzuć pliku kroniki" + +#: logsrvd/logsrvd_journal.c:140 logsrvd/logsrvd_queue.c:104 +#: plugins/sudoers/visudo.c:1007 #, c-format -msgid "unknown syslog facility %s" -msgstr "nieznana wartość facility sysloga %s" +msgid "unable to lock %s" +msgstr "nie udało się zablokować %s" + +#: logsrvd/logsrvd_journal.c:143 +msgid "unable to lock journal file" +msgstr "nie udało się zablokować pliku kroniki" + +#: logsrvd/logsrvd_journal.c:151 +msgid "unable to open journal file" +msgstr "nie udało się otworzyć pliku kroniki" + +#: logsrvd/logsrvd_journal.c:172 logsrvd/logsrvd_journal.c:452 +#: logsrvd/logsrvd_journal.c:457 +msgid "unable to write journal file" +msgstr "nie udało się zapisać pliku kroniki" + +#: logsrvd/logsrvd_journal.c:180 logsrvd/logsrvd_journal.c:187 +msgid "unable to rename journal file" +msgstr "nie udało się zmienić nazwy pliku kroniki" + +#: logsrvd/logsrvd_journal.c:234 logsrvd/logsrvd_journal.c:235 +#: logsrvd/logsrvd_journal.c:269 logsrvd/logsrvd_journal.c:270 +msgid "unexpected EOF reading journal file" +msgstr "nieoczekiwany koniec pliku podczas odczytu pliku kroniki" + +#: logsrvd/logsrvd_journal.c:238 logsrvd/logsrvd_journal.c:239 +#: logsrvd/logsrvd_journal.c:273 logsrvd/logsrvd_journal.c:274 +msgid "error reading journal file" +msgstr "błąd podczas odczytu pliku kroniki" + +#: logsrvd/logsrvd_journal.c:285 logsrvd/logsrvd_journal.c:376 +msgid "invalid journal file, unable to restart" +msgstr "błędny plik kroniki, nie udało się zrestartować" -#: logsrvd/logsrvd_conf.c:1007 logsrvd/logsrvd_conf.c:1011 -#: logsrvd/logsrvd_conf.c:1015 +#: logsrvd/logsrvd_journal.c:435 #, c-format -msgid "unknown syslog priority %s" -msgstr "nieznany priorytet sysloga %s" +msgid "unable to seek to [%lld, %ld] in journal file %s" +msgstr "nie udało się przewinąć do [%lld, %ld] w pliku kroniki %s" -#: logsrvd/sendlog.c:127 -msgid "" -"\n" -"Options:\n" -" --help display help message and exit\n" -" -A, --accept only send an accept event (no I/O)\n" -" -h, --host host to send logs to\n" -" -i, --iolog_id remote ID of I/O log to be resumed\n" -" -p, --port port to use when connecting to host\n" -" -r, --restart restart previous I/O log transfer\n" -" -R, --reject reject the command with the given reason\n" -" -b, --ca-bundle certificate bundle file to verify server's cert against\n" -" -c, --cert certificate file for TLS handshake\n" -" -k, --key private key file\n" -" -n, --no-verify do not verify server certificate\n" -" -t, --test test audit server by sending selected I/O log n times in parallel\n" -" -V, --version display version information and exit\n" -msgstr "" -"\n" -"Opcje:\n" -" --help wyświetlenie opisu i zakończenie\n" -" -A, --accept samo wysłanie zdarzenia akceptującego (bez we/wy)\n" -" -h, --host host do wysyłania logów\n" -" -i, --iolog_id zdalny ID logu we/wy do wznowienia\n" -" -p, --port port do użycia przy łączeniu z hostem\n" -" -r, --restart wznowienie poprzedniego transferu logu we/wy\n" -" -R, --reject odrzucenie polecenia z podanego powodu\n" -" -b, --ca-bundle paczka certyfikatów do zweryfikowania certyfikatu serwera\n" -" -c, --cert plik certyfikatu do powitania TLS\n" -" -k, --key plik klucza prywatnego\n" -" -n, --no-verify bez weryfikowania certyfikatu serwera\n" -" -t, --test test serwera audytu przez wysłanie wybranego logu we/wy N razy równolegle\n" -" -V, --version wyświetlenie informacji o wersji i zakończenie\n" +#: logsrvd/logsrvd_local.c:153 +msgid "error parsing AcceptMessage" +msgstr "błąd analizy AcceptMessage" + +#: logsrvd/logsrvd_local.c:164 +msgid "error creating I/O log" +msgstr "błąd tworzenia logu we/wy" + +#: logsrvd/logsrvd_local.c:187 +msgid "error logging accept event" +msgstr "błąd logowania zdarzenia akceptacji" + +#: logsrvd/logsrvd_local.c:226 +msgid "error parsing RejectMessage" +msgstr "błąd analizy RejectMessage" + +#: logsrvd/logsrvd_local.c:250 +msgid "error logging reject event" +msgstr "błąd logowania zdarzenia odrzucenia" -#: logsrvd/sendlog.c:164 plugins/sudoers/log_client.c:432 +#: logsrvd/logsrvd_local.c:386 logsrvd/logsrvd_local.c:394 +msgid "error logging exit event" +msgstr "błąd logowania zdarzenia wyjścia" + +#: logsrvd/logsrvd_local.c:451 logsrvd/logsrvd_local.c:452 +msgid "log is already complete, cannot be restarted" +msgstr "log jest już kompletny, nie może być wznowiony" + +#: logsrvd/logsrvd_local.c:482 +msgid "unable to restart log" +msgstr "nie udało się wznownić logu" + +#: logsrvd/logsrvd_local.c:498 +msgid "error parsing AlertMessage" +msgstr "błąd analizy AlertMessage" + +#: logsrvd/logsrvd_local.c:508 +msgid "error logging alert event" +msgstr "błąd logowania zdarzenia alarmu" + +#: logsrvd/logsrvd_local.c:543 logsrvd/logsrvd_local.c:596 +#: logsrvd/logsrvd_local.c:631 +#, c-format +msgid "unable to format timing buffer, length %d" +msgstr "nie udało się sformatować bufora czasu, długość %d" + +#: logsrvd/logsrvd_local.c:550 logsrvd/logsrvd_local.c:558 +#: logsrvd/logsrvd_local.c:603 logsrvd/logsrvd_local.c:638 +#: plugins/sudoers/sudoreplay.c:351 +#, c-format +msgid "%s/%s: %s" +msgstr "%s/%s: %s" + +#: logsrvd/logsrvd_local.c:578 +msgid "error writing IoBuffer" +msgstr "błąd zapisu IoBuffer" + +#: logsrvd/logsrvd_local.c:613 +msgid "error writing ChangeWindowSize" +msgstr "błąd zapisu ChangeWindowSize" + +#: logsrvd/logsrvd_local.c:648 +msgid "error writing CommandSuspend" +msgstr "błąd zapisu CommandSuspend" + +#: logsrvd/logsrvd_relay.c:430 +msgid "TLS handshake with relay host failed" +msgstr "przywitanie TLS z hostem przekaźnika nie powiodło się" + +#: logsrvd/logsrvd_relay.c:458 +msgid "unable to connect to relay host" +msgstr "nie udało się połączyć z hostem przekaźnika" + +#: logsrvd/logsrvd_relay.c:513 +#, c-format +msgid "%s: invalid ServerHello, missing server_id" +msgstr "%s: błędne ServerHello, brak server_id" + +#: logsrvd/logsrvd_relay.c:515 logsrvd/sendlog.c:1121 +#: plugins/sudoers/log_client.c:1497 +msgid "invalid ServerHello" +msgstr "błędne ServerHello" + +#: logsrvd/logsrvd_relay.c:674 +msgid "unrecognized ServerMessage type" +msgstr "nie rozpoznany typ ServerMessage" + +#: logsrvd/logsrvd_relay.c:703 +#, c-format +msgid "timed out reading from relay %s (%s)" +msgstr "przekroczony limit czasu przy czytaniu z przekaźnika %s (%s)" + +#: logsrvd/logsrvd_relay.c:705 +msgid "timeout reading from relay" +msgstr "przekroczony limit czasu przy czytaniu z przekaźnika" + +#: logsrvd/logsrvd_relay.c:757 +msgid "relay host name does not match certificate" +msgstr "nazwa hosta przekaźnika nie pasuje do certyfikatu" + +#: logsrvd/logsrvd_relay.c:763 logsrvd/logsrvd_relay.c:776 +#: logsrvd/logsrvd_relay.c:782 +msgid "error reading from relay" +msgstr "błąd podczas odczytu z przekaźnika" + +#: logsrvd/logsrvd_relay.c:803 +msgid "unable to read from relay" +msgstr "nie udał się odczyt z przekaźnika" + +#: logsrvd/logsrvd_relay.c:818 logsrvd/logsrvd_relay.c:936 +msgid "relay server closed connection" +msgstr "serwer przekaźnika zamknął połączenie" + +#: logsrvd/logsrvd_relay.c:836 +msgid "server message too large" +msgstr "komunikat serwera zbyt duży" + +#: logsrvd/logsrvd_relay.c:900 +#, c-format +msgid "timed out writing to relay %s (%s)" +msgstr "przekroczony limit czasu przy pisaniu do przekaźnika %s (%s)" + +#: logsrvd/logsrvd_relay.c:902 +msgid "timeout writing to relay" +msgstr "przekroczony limit czasu przy pisaniu do przekaźnika" + +#: logsrvd/logsrvd_relay.c:955 logsrvd/logsrvd_relay.c:961 +#: logsrvd/logsrvd_relay.c:971 +msgid "error writing to relay" +msgstr "błąd zapisu do przekaźnika" + +#: logsrvd/sendlog.c:114 +msgid "send sudo I/O log to remote server" +msgstr "wysyłanie logu we/wy sudo na zdalny serwer" + +#: logsrvd/sendlog.c:120 +msgid "only send an accept event (no I/O)" +msgstr "samo wysłanie zdarzenia akceptującego (bez we/wy)" + +#: logsrvd/sendlog.c:123 +msgid "certificate bundle file to verify server's cert against" +msgstr "plik paczki certyfikatów do weryfikacji certyfikatu serwera" + +#: logsrvd/sendlog.c:125 +msgid "certificate file for TLS handshake" +msgstr "plik certyfikatu do powitania TLS" + +#: logsrvd/sendlog.c:128 +msgid "host to send logs to" +msgstr "host do wysyłania logów" + +#: logsrvd/sendlog.c:130 +msgid "remote ID of I/O log to be resumed" +msgstr "zdalny ID logu we/wy do wznowienia" + +#: logsrvd/sendlog.c:133 +msgid "private key file" +msgstr "plik klucza prywatnego" + +#: logsrvd/sendlog.c:135 +msgid "do not verify server certificate" +msgstr "bez weryfikacji certyfikatu serwera" + +#: logsrvd/sendlog.c:138 +msgid "port to use when connecting to host" +msgstr "port do użycia przy łączeniu z hostem" + +#: logsrvd/sendlog.c:140 +msgid "restart previous I/O log transfer" +msgstr "wznowienie poprzedniego transferu logu we/wy" + +#: logsrvd/sendlog.c:142 +msgid "reject the command with the given reason" +msgstr "odrzucenie polecenia z podanym powodem" + +#: logsrvd/sendlog.c:144 +msgid "stop transfer after reaching this time" +msgstr "zakończenie przesyłania po osiągnięciu tego czasu" + +#: logsrvd/sendlog.c:146 +msgid "test audit server by sending selected I/O log n times in parallel" +msgstr "test serwera audytu przez wysłanie wybranego logu we/wy N razy równolegle" + +#: logsrvd/sendlog.c:171 plugins/sudoers/log_client.c:441 #, c-format msgid "unable to look up %s:%s: %s" msgstr "nie udało się wyszukać %s:%s: %s" -#: logsrvd/sendlog.c:202 +#: logsrvd/sendlog.c:209 msgid "unable to get server IP addr" msgstr "nie udało się uzyskać adresu IP serwera" -#: logsrvd/sendlog.c:256 plugins/sudoers/sudoreplay.c:851 +#: logsrvd/sendlog.c:295 plugins/sudoers/sudoreplay.c:871 #, c-format msgid "unable to read %s/%s: %s" msgstr "nie udało się odczytać %s/%s: %s" -#: logsrvd/sendlog.c:277 plugins/sudoers/log_client.c:694 -#, c-format -msgid "client message too large: %zu" -msgstr "komunikat klienta zbyt duży %zu" - -#: logsrvd/sendlog.c:810 -#, c-format -msgid "%s: write buffer already in use" -msgstr "%s: bufor zapisu jest już w użyciu" - -#: logsrvd/sendlog.c:862 plugins/sudoers/iolog.c:880 -#: plugins/sudoers/iolog.c:949 +#: logsrvd/sendlog.c:1045 plugins/sudoers/iolog.c:887 +#: plugins/sudoers/iolog.c:956 #, c-format msgid "unexpected I/O event %d" msgstr "nieoczekiwane zdarzenie we/wy %d" -#: logsrvd/sendlog.c:908 logsrvd/sendlog.c:925 logsrvd/sendlog.c:959 -#: plugins/sudoers/log_client.c:1118 plugins/sudoers/log_client.c:1386 -#: plugins/sudoers/log_client.c:1454 plugins/sudoers/log_client.c:1490 +#: logsrvd/sendlog.c:1098 logsrvd/sendlog.c:1115 logsrvd/sendlog.c:1149 +#: plugins/sudoers/log_client.c:1146 plugins/sudoers/log_client.c:1423 +#: plugins/sudoers/log_client.c:1491 plugins/sudoers/log_client.c:1530 #, c-format msgid "%s: unexpected state %d" msgstr "%s: nieoczekiwany stan %d" -#: logsrvd/sendlog.c:931 plugins/sudoers/log_client.c:1460 -msgid "invalid ServerHello" -msgstr "błędne ServerHello" - -#: logsrvd/sendlog.c:995 plugins/sudoers/log_client.c:1534 +#: logsrvd/sendlog.c:1185 plugins/sudoers/log_client.c:1576 #, c-format msgid "error message received from server: %s" msgstr "odebrano od serwera komunikat błędu: %s" -#: logsrvd/sendlog.c:1008 plugins/sudoers/log_client.c:1547 +#: logsrvd/sendlog.c:1198 plugins/sudoers/log_client.c:1589 #, c-format msgid "abort message received from server: %s" msgstr "odebrano od serwera komunikat zerwania: %s" -#: logsrvd/sendlog.c:1027 plugins/sudoers/log_client.c:1566 -msgid "unable to unpack ServerMessage" -msgstr "nie udało się rozpakować ServerMessage" - -#: logsrvd/sendlog.c:1067 plugins/sudoers/log_client.c:1597 +#: logsrvd/sendlog.c:1257 plugins/sudoers/log_client.c:1639 #, c-format msgid "%s: unexpected type_case value %d" msgstr "%s: nieoczekiwana wartość type_case %d" -#: logsrvd/sendlog.c:1096 +#: logsrvd/sendlog.c:1286 msgid "timeout reading from server" msgstr "przekroczony limit czasu przy czytaniu z serwera" -#: logsrvd/sendlog.c:1174 +#: logsrvd/sendlog.c:1368 msgid "premature EOF" msgstr "przedwczesny EOF" -#: logsrvd/sendlog.c:1187 plugins/sudoers/log_client.c:1751 +#: logsrvd/sendlog.c:1381 plugins/sudoers/log_client.c:1800 #, c-format msgid "server message too large: %u" -msgstr "komunikat sewera zbyt duży: %u" +msgstr "komunikat serwera zbyt duży: %u" -#: logsrvd/sendlog.c:1238 +#: logsrvd/sendlog.c:1437 msgid "timeout writing to server" msgstr "przekroczony limit czasu przy pisaniu do serwera" -#: logsrvd/sendlog.c:1457 plugins/sudoers/log_client.c:296 +#: logsrvd/sendlog.c:1802 +msgid "both restart point and iolog ID must be specified" +msgstr "muszą być podane jednocześnie punkt wznowienia i ID iolog" + +#: logsrvd/sendlog.c:1806 +msgid "a restart point may not be set when no I/O is sent" +msgstr "nie można ustawić punktu restartu, jeśli żadne we/wy nie jest wysyłane" + +#: logsrvd/sendlog.c:1882 +#, c-format +msgid "exited prematurely with state %d" +msgstr "zakończono przedwcześnie ze stanem %d" + +#: logsrvd/sendlog.c:1883 +#, c-format +msgid "elapsed time sent to server [%lld, %ld]" +msgstr "miniony czas wysłany do serwera [%lld, %ld]" + +#: logsrvd/sendlog.c:1885 +#, c-format +msgid "commit point received from server [%lld, %ld]" +msgstr "odebrano od serwera punkt zatwierdzenia [%lld, %ld]" + +#: logsrvd/tls_client.c:106 plugins/sudoers/log_client.c:304 msgid "TLS handshake timeout occurred" msgstr "przekroczony limit czasu powitania TLS" -#: logsrvd/sendlog.c:1476 logsrvd/sendlog.c:1491 -#: plugins/sudoers/log_client.c:318 plugins/sudoers/log_client.c:334 +#: logsrvd/tls_client.c:126 logsrvd/tls_client.c:142 +#: plugins/sudoers/log_client.c:326 plugins/sudoers/log_client.c:342 msgid "unable to set event" msgstr "nie udało się ustawić zdarzenia" -#: logsrvd/sendlog.c:1501 logsrvd/sendlog.c:1505 +#: logsrvd/tls_client.c:152 logsrvd/tls_client.c:156 #, c-format msgid "TLS connection failed: %s" msgstr "Połączenie TLS nie powiodło się: %s" -#: logsrvd/sendlog.c:1538 -#, c-format -msgid "Unable to initialize ssl context: %s" -msgstr "Nie udało się zainicjować kontekstu SSL: %s" - -#: logsrvd/sendlog.c:1543 plugins/sudoers/log_client.c:258 +#: logsrvd/tls_client.c:190 #, c-format -msgid "Unable to allocate ssl object: %s" -msgstr "Nie udało się przydzielić obiektu SSL: %s" +msgid "unable to allocate ssl object: %s" +msgstr "nie udało się przydzielić obiektu SSL: %s" -#: logsrvd/sendlog.c:1548 +#: logsrvd/tls_client.c:203 #, c-format msgid "Unable to attach socket to the ssl object: %s" msgstr "Nie udało się dołączyć gniazda do obiektu SSL: %s" -#: logsrvd/sendlog.c:1792 -msgid "both restart point and iolog ID must be specified" -msgstr "muszą być podane jednocześnie punkt wznowienia i ID iolog" +#: logsrvd/tls_client.c:231 +msgid "unable to initialize TLS context" +msgstr "nie udało się zainicjować kontekstu TLS" -#: logsrvd/sendlog.c:1796 -msgid "a restart point may not be set when no I/O is sent" -msgstr "nie można ustawić punktu restartu, jeśli żadne we/wy nie jest wysyłane" +#: logsrvd/tls_init.c:127 logsrvd/tls_init.c:135 +#, c-format +msgid "unable to set TLS 1.2 ciphersuite to %s: %s" +msgstr "nie udało się ustawić szyfrowania TLS 1.2 na %s: %s" -#: logsrvd/sendlog.c:1871 +#: logsrvd/tls_init.c:155 logsrvd/tls_init.c:163 #, c-format -msgid "exited prematurely with state %d" -msgstr "zakończono przedwcześnie ze stanem %d" +msgid "unable to set TLS 1.3 ciphersuite to %s: %s" +msgstr "nie udało się ustawić szyfrowania TLS 1.3 na %s: %s" -#: logsrvd/sendlog.c:1872 +#: logsrvd/tls_init.c:195 logsrvd/tls_init.c:216 #, c-format -msgid "elapsed time sent to server [%lld, %ld]" -msgstr "miniony czas wysłany do serwera [%lld, %ld]" +msgid "unable to set diffie-hellman parameters: %s" +msgstr "nie udało się ustawić parametrów Diffie-Hellmana: %s" -#: logsrvd/sendlog.c:1874 +#: logsrvd/tls_init.c:272 #, c-format -msgid "commit point received from server [%lld, %ld]" -msgstr "odebrano od serwera punkt zatwierdzenia [%lld, %ld]" +msgid "unable to create TLS context: %s" +msgstr "nie udało się utworzyć kontekstu TLS: %s" -#: plugins/sudoers/alias.c:148 +#: logsrvd/tls_init.c:278 #, c-format -msgid "Alias \"%s\" already defined" -msgstr "Alias \"%s\" jest już zdefiniowany" +msgid "unable to set minimum protocol version to TLS 1.2: %s" +msgstr "nie udało się ustawić minimalnej wersji protokołu na TLS 1.2: %s" -#: plugins/sudoers/audit.c:206 plugins/sudoers/audit.c:343 -#: plugins/sudoers/log_client.c:954 plugins/sudoers/log_client.c:1002 -#: plugins/sudoers/log_client.c:1050 plugins/sudoers/log_client.c:1175 -#: plugins/sudoers/logging.c:548 plugins/sudoers/policy.c:114 +#: plugins/sudoers/audit.c:267 plugins/sudoers/audit.c:419 +#: plugins/sudoers/log_client.c:979 plugins/sudoers/log_client.c:1028 +#: plugins/sudoers/log_client.c:1077 plugins/sudoers/log_client.c:1203 +#: plugins/sudoers/logging.c:551 plugins/sudoers/logging.c:648 +#: plugins/sudoers/logging.c:810 plugins/sudoers/policy.c:123 msgid "unable to get time of day" msgstr "nie udało się pobrać aktualnego czasu" @@ -911,45 +1341,45 @@ msgid "unable to change password for %s" msgstr "nie udało się zmienić hasła dla %s" -#: plugins/sudoers/auth/bsdauth.c:70 +#: plugins/sudoers/auth/bsdauth.c:74 #, c-format msgid "unable to get login class for user %s" msgstr "nie udało się uzyskać klasy logowania dla użytkownika %s" -#: plugins/sudoers/auth/bsdauth.c:75 +#: plugins/sudoers/auth/bsdauth.c:79 msgid "unable to begin bsd authentication" msgstr "nie udało się rozpocząć uwierzytelnienia BSD" -#: plugins/sudoers/auth/bsdauth.c:83 +#: plugins/sudoers/auth/bsdauth.c:87 msgid "invalid authentication type" msgstr "błędny rodzaj uwierzytelnienia" -#: plugins/sudoers/auth/bsdauth.c:92 +#: plugins/sudoers/auth/bsdauth.c:96 msgid "unable to initialize BSD authentication" msgstr "nie udało się zainicjować uwierzytelnienia BSD" -#: plugins/sudoers/auth/bsdauth.c:179 +#: plugins/sudoers/auth/bsdauth.c:183 msgid "your account has expired" msgstr "konto wygasło" -#: plugins/sudoers/auth/bsdauth.c:181 +#: plugins/sudoers/auth/bsdauth.c:185 msgid "approval failed" msgstr "zezwolenie nie powiodło się" -#: plugins/sudoers/auth/fwtk.c:54 +#: plugins/sudoers/auth/fwtk.c:58 msgid "unable to read fwtk config" msgstr "nie udało się odczytać konfiguracji fwtk" -#: plugins/sudoers/auth/fwtk.c:59 +#: plugins/sudoers/auth/fwtk.c:63 msgid "unable to connect to authentication server" msgstr "nie udało się połączyć z serwerem uwierzytelniającym" -#: plugins/sudoers/auth/fwtk.c:65 plugins/sudoers/auth/fwtk.c:89 -#: plugins/sudoers/auth/fwtk.c:121 +#: plugins/sudoers/auth/fwtk.c:69 plugins/sudoers/auth/fwtk.c:94 +#: plugins/sudoers/auth/fwtk.c:126 msgid "lost connection to authentication server" msgstr "utracono połączenie z serwerem uwierzytelniającym" -#: plugins/sudoers/auth/fwtk.c:69 +#: plugins/sudoers/auth/fwtk.c:73 #, c-format msgid "" "authentication server error:\n" @@ -963,83 +1393,83 @@ msgid "%s: unable to convert principal to string ('%s'): %s" msgstr "%s: nie udało się przekształcić nazwy principal do łańcucha ('%s'): %s" -#: plugins/sudoers/auth/kerb5.c:160 +#: plugins/sudoers/auth/kerb5.c:162 #, c-format msgid "%s: unable to parse '%s': %s" msgstr "%s: nie udało się przeanalizować '%s': %s" -#: plugins/sudoers/auth/kerb5.c:169 +#: plugins/sudoers/auth/kerb5.c:171 #, c-format msgid "%s: unable to resolve credential cache: %s" msgstr "%s: nie udało się rozwiązać pamięci podręcznej danych uwierzytelniających: %s" -#: plugins/sudoers/auth/kerb5.c:216 +#: plugins/sudoers/auth/kerb5.c:220 #, c-format msgid "%s: unable to allocate options: %s" msgstr "%s: nie udało się przydzielić opcji: %s" -#: plugins/sudoers/auth/kerb5.c:231 +#: plugins/sudoers/auth/kerb5.c:235 #, c-format msgid "%s: unable to get credentials: %s" msgstr "%s: nie udało się pobrać danych uwierzytelniających: %s" -#: plugins/sudoers/auth/kerb5.c:244 +#: plugins/sudoers/auth/kerb5.c:248 #, c-format msgid "%s: unable to initialize credential cache: %s" msgstr "%s: nie udało się zainicjować pamięci podręcznej danych uwierzytelniających: %s" -#: plugins/sudoers/auth/kerb5.c:247 +#: plugins/sudoers/auth/kerb5.c:251 #, c-format msgid "%s: unable to store credential in cache: %s" msgstr "%s: nie udało się zapisać danych uwierzytelniających w pamięci podręcznej: %s" -#: plugins/sudoers/auth/kerb5.c:311 +#: plugins/sudoers/auth/kerb5.c:315 #, c-format msgid "%s: unable to get host principal: %s" msgstr "%s: nie udało się pobrać nazwy principal dla hosta: %s" -#: plugins/sudoers/auth/kerb5.c:325 +#: plugins/sudoers/auth/kerb5.c:329 #, c-format msgid "%s: Cannot verify TGT! Possible attack!: %s" msgstr "%s: Nie można zweryfikować TGT! Możliwy atak!: %s" -#: plugins/sudoers/auth/pam.c:218 +#: plugins/sudoers/auth/pam.c:216 #, c-format msgid "unable to initialize PAM: %s" msgstr "nie udało się zainicjować PAM: %s" -#: plugins/sudoers/auth/pam.c:317 +#: plugins/sudoers/auth/pam.c:338 #, c-format msgid "PAM authentication error: %s" msgstr "Błąd uwierzytelniania PAM: %s" -#: plugins/sudoers/auth/pam.c:336 +#: plugins/sudoers/auth/pam.c:357 msgid "account validation failure, is your account locked?" msgstr "błąd kontroli poprawności konta - konto zablokowane?" -#: plugins/sudoers/auth/pam.c:347 +#: plugins/sudoers/auth/pam.c:368 msgid "Account or password is expired, reset your password and try again" msgstr "Konto lub hasło wygasło, należy ustawić ponownie hasło i spróbować jeszcze raz" -#: plugins/sudoers/auth/pam.c:353 +#: plugins/sudoers/auth/pam.c:374 #, c-format msgid "unable to change expired password: %s" msgstr "nie udało się zmienić przedawnionego hasła: %s" -#: plugins/sudoers/auth/pam.c:364 +#: plugins/sudoers/auth/pam.c:385 msgid "Password expired, contact your system administrator" msgstr "Hasło wygasło, proszę skontaktować się z administratorem systemu" -#: plugins/sudoers/auth/pam.c:369 +#: plugins/sudoers/auth/pam.c:390 msgid "Account expired or PAM config lacks an \"account\" section for sudo, contact your system administrator" msgstr "Konto wygasło lub w konfiguracji PAM brak sekcji \"account\" dla sudo, proszę skontaktować się z administratorem systemu" -#: plugins/sudoers/auth/pam.c:377 plugins/sudoers/auth/pam.c:382 +#: plugins/sudoers/auth/pam.c:398 plugins/sudoers/auth/pam.c:403 #, c-format msgid "PAM account management error: %s" msgstr "Błąd zarządzania kontem PAM: %s" -#: plugins/sudoers/auth/rfc1938.c:99 plugins/sudoers/visudo.c:243 +#: plugins/sudoers/auth/rfc1938.c:99 plugins/sudoers/visudo.c:255 #, c-format msgid "you do not exist in the %s database" msgstr "nie istniejesz w bazie danych %s" @@ -1048,31 +1478,31 @@ msgid "failed to initialise the ACE API library" msgstr "nie udało się zainicjować biblioteki ACE API" -#: plugins/sudoers/auth/securid5.c:98 +#: plugins/sudoers/auth/securid5.c:103 msgid "unable to contact the SecurID server" msgstr "nie udało się połączyć z serwerem SecurID" -#: plugins/sudoers/auth/securid5.c:107 +#: plugins/sudoers/auth/securid5.c:112 msgid "User ID locked for SecurID Authentication" msgstr "ID użytkownika zablokowany dla uwierzytelnienia SecurID" -#: plugins/sudoers/auth/securid5.c:111 plugins/sudoers/auth/securid5.c:162 +#: plugins/sudoers/auth/securid5.c:116 plugins/sudoers/auth/securid5.c:167 msgid "invalid username length for SecurID" msgstr "błędna długość nazwy użytkownika dla SecurID" -#: plugins/sudoers/auth/securid5.c:115 plugins/sudoers/auth/securid5.c:167 +#: plugins/sudoers/auth/securid5.c:120 plugins/sudoers/auth/securid5.c:172 msgid "invalid Authentication Handle for SecurID" msgstr "błędny uchwyt uwierzytelnienia dla SecurID" -#: plugins/sudoers/auth/securid5.c:119 +#: plugins/sudoers/auth/securid5.c:124 msgid "SecurID communication failed" msgstr "błąd komunikacji SecurID" -#: plugins/sudoers/auth/securid5.c:123 plugins/sudoers/auth/securid5.c:210 +#: plugins/sudoers/auth/securid5.c:128 plugins/sudoers/auth/securid5.c:215 msgid "unknown SecurID error" msgstr "nieznany błąd SecurID" -#: plugins/sudoers/auth/securid5.c:157 +#: plugins/sudoers/auth/securid5.c:162 msgid "invalid passcode length for SecurID" msgstr "błędna długość hasła dla SecurID" @@ -1112,7 +1542,17 @@ msgid "unable to commit audit record" msgstr "nie udało się zatwierdzić rekordu audytowego" -#: plugins/sudoers/check.c:258 +#: plugins/sudoers/check.c:264 +#, c-format +msgid "error reading lecture file %s" +msgstr "błąd podczas czytania pliku instrukcji %s" + +#: plugins/sudoers/check.c:270 +#, c-format +msgid "ignoring lecture file %s: not a regular file" +msgstr "zignorowano plik instrukcji %s: nie jest zwykłym plikiem" + +#: plugins/sudoers/check.c:283 msgid "" "\n" "We trust you have received the usual lecture from the local System\n" @@ -1132,118 +1572,122 @@ " 3) z dużą władzą wiąże się duża odpowiedzialność.\n" "\n" -#: plugins/sudoers/check.c:301 plugins/sudoers/check.c:311 -#: plugins/sudoers/sudoers.c:837 plugins/sudoers/sudoers.c:858 +#: plugins/sudoers/check.c:331 plugins/sudoers/check.c:341 +#: plugins/sudoers/sudoers.c:885 plugins/sudoers/sudoers.c:906 #: plugins/sudoers/tsdump.c:119 #, c-format -msgid "unknown uid: %u" -msgstr "nieznany uid: %u" +msgid "unknown uid %u" +msgstr "nieznany uid %u" + +#: plugins/sudoers/check_aliases.c:92 +#, c-format +msgid "Error: %s:%d:%d: cycle in %s \"%s\"" +msgstr "Błąd: %s:%d:%d: cykl w %s \"%s\"" + +#: plugins/sudoers/check_aliases.c:93 +#, c-format +msgid "Warning: %s:%d:%d: cycle in %s \"%s\"" +msgstr "Uwaga: %s:%d:%d: cykl w %s \"%s\"" -#: plugins/sudoers/check.c:306 plugins/sudoers/exptilde.c:85 -#: plugins/sudoers/iolog.c:118 plugins/sudoers/policy.c:1088 -#: plugins/sudoers/sudoers.c:440 plugins/sudoers/sudoers.c:1307 -#: plugins/sudoers/testsudoers.c:219 plugins/sudoers/testsudoers.c:386 +#: plugins/sudoers/check_aliases.c:97 #, c-format -msgid "unknown user: %s" -msgstr "nieznany użytkownik: %s" +msgid "Error: %s:%d:%d: %s \"%s\" referenced but not defined" +msgstr "Błąd: %s:%d:%d: %s \"%s\" użyty, ale nie zdefiniowany" -#: plugins/sudoers/cvtsudoers.c:194 +#: plugins/sudoers/check_aliases.c:98 +#, c-format +msgid "Warning: %s:%d:%d: %s \"%s\" referenced but not defined" +msgstr "Uwaga: %s:%d:%d: %s \"%s\" użyty, ale nie zdefiniowany" + +#: plugins/sudoers/cvtsudoers.c:209 #, c-format msgid "order increment: %s: %s" msgstr "zwiększenie rangi: %s: %s" -#: plugins/sudoers/cvtsudoers.c:210 +#: plugins/sudoers/cvtsudoers.c:228 #, c-format msgid "starting order: %s: %s" msgstr "początkowa ranga: %s: %s" -#: plugins/sudoers/cvtsudoers.c:220 +#: plugins/sudoers/cvtsudoers.c:238 #, c-format msgid "order padding: %s: %s" msgstr "wyrównanie rangi: %s: %s" -#: plugins/sudoers/cvtsudoers.c:230 plugins/sudoers/visudo.c:179 +#: plugins/sudoers/cvtsudoers.c:248 plugins/sudoers/visudo.c:179 #, c-format msgid "%s grammar version %d\n" msgstr "%s, wersja gramatyki %d\n" -#: plugins/sudoers/cvtsudoers.c:247 plugins/sudoers/testsudoers.c:167 +#: plugins/sudoers/cvtsudoers.c:277 plugins/sudoers/testsudoers.c:159 #, c-format msgid "unsupported input format %s" msgstr "nieobsługiwany format wejścia %s" -#: plugins/sudoers/cvtsudoers.c:262 +#: plugins/sudoers/cvtsudoers.c:295 #, c-format msgid "unsupported output format %s" msgstr "nieobsługiwany format wyjścia %s" -#: plugins/sudoers/cvtsudoers.c:314 +#: plugins/sudoers/cvtsudoers.c:385 #, c-format msgid "%s: input and output files must be different" msgstr "%s: pliki wejściowy i wyjściowy muszą być różne" -#: plugins/sudoers/cvtsudoers.c:330 plugins/sudoers/sudoers.c:178 -#: plugins/sudoers/testsudoers.c:258 plugins/sudoers/visudo.c:249 -#: plugins/sudoers/visudo.c:603 plugins/sudoers/visudo.c:926 +#: plugins/sudoers/cvtsudoers.c:399 plugins/sudoers/sudoers.c:159 +#: plugins/sudoers/sudoers.c:205 plugins/sudoers/testsudoers.c:254 +#: plugins/sudoers/visudo.c:261 plugins/sudoers/visudo.c:620 +#: plugins/sudoers/visudo.c:953 msgid "unable to initialize sudoers default values" msgstr "nie udało się zainicjować wartości domyślnych sudoers" -#: plugins/sudoers/cvtsudoers.c:416 plugins/sudoers/ldap_conf.c:431 +#: plugins/sudoers/cvtsudoers.c:522 plugins/sudoers/ldap_conf.c:431 #, c-format msgid "%s: %s: %s: %s" msgstr "%s: %s: %s: %s" -#: plugins/sudoers/cvtsudoers.c:475 +#: plugins/sudoers/cvtsudoers.c:581 #, c-format -msgid "%s: unknown key word: %s" -msgstr "%s: nieznane słowo kluczowe: %s" +msgid "%s: unknown key word %s" +msgstr "%s: nieznane słowo kluczowe %s" -#: plugins/sudoers/cvtsudoers.c:521 +#: plugins/sudoers/cvtsudoers.c:627 #, c-format msgid "invalid defaults type: %s" msgstr "błędny typ wartości domyślnej: %s" -#: plugins/sudoers/cvtsudoers.c:544 +#: plugins/sudoers/cvtsudoers.c:650 #, c-format msgid "invalid suppression type: %s" msgstr "błędny typ ograniczenia: %s" -#: plugins/sudoers/cvtsudoers.c:584 plugins/sudoers/cvtsudoers.c:598 +#: plugins/sudoers/cvtsudoers.c:691 plugins/sudoers/cvtsudoers.c:707 #, c-format msgid "invalid filter: %s" msgstr "błędny filtr: %s" -#: plugins/sudoers/cvtsudoers.c:617 plugins/sudoers/cvtsudoers.c:634 -#: plugins/sudoers/cvtsudoers.c:1244 plugins/sudoers/cvtsudoers_json.c:872 -#: plugins/sudoers/cvtsudoers_ldif.c:688 plugins/sudoers/sudoers.c:1053 -#: plugins/sudoers/sudoreplay.c:1435 plugins/sudoers/timestamp.c:441 -#: plugins/sudoers/tsdump.c:128 plugins/sudoers/visudo.c:922 -#, c-format -msgid "unable to open %s" -msgstr "nie udało się otworzyć %s" - -#: plugins/sudoers/cvtsudoers.c:637 plugins/sudoers/visudo.c:931 +#: plugins/sudoers/cvtsudoers.c:751 plugins/sudoers/visudo.c:958 #, c-format msgid "failed to parse %s file, unknown error" msgstr "nie udało się przeanalizować pliku %s, nieznany błąd" -#: plugins/sudoers/cvtsudoers.c:645 +#: plugins/sudoers/cvtsudoers.c:759 #, c-format msgid "parse error in %s near line %d\n" msgstr "błąd składni w %s w okolicy linii %d\n" -#: plugins/sudoers/cvtsudoers.c:648 +#: plugins/sudoers/cvtsudoers.c:762 #, c-format msgid "parse error in %s\n" msgstr "błąd składni w %s\n" -#: plugins/sudoers/cvtsudoers.c:1291 plugins/sudoers/sudoreplay.c:1124 -#: plugins/sudoers/timestamp.c:325 plugins/sudoers/timestamp.c:328 +#: plugins/sudoers/cvtsudoers.c:1486 plugins/sudoers/sudoreplay.c:1145 +#: plugins/sudoers/timestamp.c:317 plugins/sudoers/timestamp.c:320 #, c-format msgid "unable to write to %s" msgstr "nie udało się zapisać do %s" -#: plugins/sudoers/cvtsudoers.c:1314 +#: plugins/sudoers/cvtsudoers.c:1509 #, c-format msgid "" "%s - convert between sudoers file formats\n" @@ -1252,7 +1696,7 @@ "%s - konwersja między formatami pliku sudoers\n" "\n" -#: plugins/sudoers/cvtsudoers.c:1316 +#: plugins/sudoers/cvtsudoers.c:1511 msgid "" "\n" "Options:\n" @@ -1293,33 +1737,75 @@ " -s, --suppress=sekcje pominięcie wyjścia z podanych sekcji\n" " -V, --version wyświetlenie informacji o wersji i zakończenie" -#: plugins/sudoers/cvtsudoers_json.c:480 plugins/sudoers/cvtsudoers_json.c:514 -#: plugins/sudoers/cvtsudoers_json.c:713 -#, c-format -msgid "unknown defaults entry \"%s\"" -msgstr "nieznany wpis domyślny \"%s\"" - -#: plugins/sudoers/cvtsudoers_json.c:651 plugins/sudoers/cvtsudoers_json.c:664 -#: plugins/sudoers/cvtsudoers_ldif.c:346 plugins/sudoers/cvtsudoers_ldif.c:357 -#: plugins/sudoers/ldap.c:503 +#: plugins/sudoers/cvtsudoers_csv.c:452 plugins/sudoers/cvtsudoers_csv.c:466 +#: plugins/sudoers/cvtsudoers_json.c:654 plugins/sudoers/cvtsudoers_json.c:669 +#: plugins/sudoers/cvtsudoers_ldif.c:347 plugins/sudoers/cvtsudoers_ldif.c:360 +#: plugins/sudoers/ldap.c:504 msgid "unable to get GMT time" msgstr "nie udało się pobrać czasu GMT" -#: plugins/sudoers/cvtsudoers_json.c:654 plugins/sudoers/cvtsudoers_json.c:667 -#: plugins/sudoers/cvtsudoers_ldif.c:349 plugins/sudoers/cvtsudoers_ldif.c:360 -#: plugins/sudoers/ldap.c:509 +#: plugins/sudoers/cvtsudoers_csv.c:457 plugins/sudoers/cvtsudoers_csv.c:471 +#: plugins/sudoers/cvtsudoers_json.c:659 plugins/sudoers/cvtsudoers_json.c:674 +#: plugins/sudoers/cvtsudoers_ldif.c:352 plugins/sudoers/cvtsudoers_ldif.c:365 +#: plugins/sudoers/ldap.c:512 msgid "unable to format timestamp" msgstr "nie udało się sformatować znacznika czasu" -#: plugins/sudoers/cvtsudoers_ldif.c:640 +#: plugins/sudoers/cvtsudoers_json.c:480 plugins/sudoers/cvtsudoers_json.c:515 +#: plugins/sudoers/cvtsudoers_json.c:725 plugins/sudoers/defaults.c:189 +#, c-format +msgid "%s:%d:%d: unknown defaults entry \"%s\"" +msgstr "%s:%d:%d: nieznany wpis domyślny \"%s\"" + +#: plugins/sudoers/cvtsudoers_ldif.c:649 #, c-format msgid "too many sudoers entries, maximum %u" msgstr "zbyt dużo wpisów sudoers, maksimum to %u" -#: plugins/sudoers/cvtsudoers_ldif.c:683 +#: plugins/sudoers/cvtsudoers_ldif.c:692 msgid "the SUDOERS_BASE environment variable is not set and the -b option was not specified." msgstr "zmienna środowiskowa SUDOERS_BASE nie jest ustawiona i nie podano opcji -b." +#: plugins/sudoers/cvtsudoers_merge.c:438 +#, c-format +msgid "unable to find alias %s" +msgstr "nie udało się odnaleźć aliasu %s" + +#: plugins/sudoers/cvtsudoers_merge.c:441 +#, c-format +msgid "%s:%d:%d: renaming alias %s to %s" +msgstr "%s:%d:%d: zmiana nazwy aliasu %s na %s" + +#: plugins/sudoers/cvtsudoers_merge.c:498 +#, c-format +msgid "%s:%d:%d: removing duplicate alias %s" +msgstr "%s:%d:%d: usuwanie powtórzonego aliasu %s" + +#: plugins/sudoers/cvtsudoers_merge.c:658 +#, c-format +msgid "%s:%d:%d: conflicting Defaults entry \"%s\" host-specific in %s:%d:%d" +msgstr "%s:%d:%d: konflikt z wpisem Defaults \"%s\" dla hosta w %s:%d:%d" + +#: plugins/sudoers/cvtsudoers_merge.c:698 +#, c-format +msgid "%s:%d:%d: made Defaults \"%s\" specific to host %s" +msgstr "%s:%d:%d: uczynienie Defaults \"%s\" obowiązującym tylko dla hosta %s" + +#: plugins/sudoers/cvtsudoers_merge.c:718 +#, c-format +msgid "%s:%d:%d: removing Defaults \"%s\" overridden by subsequent entries" +msgstr "%s:%d:%d: usuwanie Defaults \"%s\" nadpisanego przez kolejne wpisy" + +#: plugins/sudoers/cvtsudoers_merge.c:723 +#, c-format +msgid "%s:%d:%d: unable to make Defaults \"%s\" host-specific" +msgstr "%s:%d:%d: nie udało się uczynić Defaults \"%s\" obowiązującym tylko dla hosta" + +#: plugins/sudoers/cvtsudoers_merge.c:943 +#, c-format +msgid "%s:%d:%d: removing userspec overridden by subsequent entries" +msgstr "%s:%d:%d: usuwanie userspec nadpisanego przez kolejne wpisy" + #: plugins/sudoers/def_data.c:50 #, c-format msgid "Syslog facility if syslog is being used for logging: %s" @@ -1899,95 +2385,194 @@ msgid "The format of logs to produce: %s" msgstr "Format logów do tworzenia: %s" -#: plugins/sudoers/defaults.c:185 +#: plugins/sudoers/def_data.c:574 +msgid "Enable SELinux RBAC support" +msgstr "Włączenie obsługi RBAC SELinux" + +#: plugins/sudoers/def_data.c:578 #, c-format -msgid "%s:%d:%d: unknown defaults entry \"%s\"" -msgstr "%s:%d:%d: nieznany wpis domyślny \"%s\"" +msgid "Path to the file that is created the first time sudo is run: %s" +msgstr "Ścieżka do pliku tworzonego przy pierwszym uruchomieniu sudo: %s" + +#: plugins/sudoers/def_data.c:582 +msgid "Intercept further commands and apply sudoers restrictions to them" +msgstr "Przechwycenie dalszych poleceń i zastosowanie do nich restrykcji sudoers" + +#: plugins/sudoers/def_data.c:586 +msgid "Log sub-commands run by the original command" +msgstr "Logowanie podpoleceń uruchamianych przez pierwotne polecenie" + +#: plugins/sudoers/def_data.c:590 +msgid "Log the exit status of commands" +msgstr "Logowanie stanu wyjścia poleceń" + +#: plugins/sudoers/def_data.c:594 +msgid "Subsequent commands in an intercepted session must be authenticated" +msgstr "Dalsze polecenia w przechwyconej sesji muszą być uwierzytelniane" + +#: plugins/sudoers/def_data.c:598 +msgid "Allow an intercepted command to run set setuid or setgid programs" +msgstr "Zezwolenie na uruchamianie programów setuid lub setgid z przechwyconego polecenia" + +#: plugins/sudoers/def_data.c:602 +#, c-format +msgid "The maximum size to which the process's address space may grow (in bytes): %s" +msgstr "Maksymalny rozmiar, do jakiego może rosnąć przestrzeń adresowa procesu (w bajtach): %s" + +#: plugins/sudoers/def_data.c:606 +#, c-format +msgid "The largest size core dump file that may be created (in bytes): %s" +msgstr "Maksymalny rozmiar pliku core, jaki może być utworzony (w bajtach): %s" + +#: plugins/sudoers/def_data.c:610 +#, c-format +msgid "The maximum amount of CPU time that the process may use (in seconds): %s" +msgstr "Maksymalna ilość czasu CPU, jaką proces może użyć (w sekundach): %s" + +#: plugins/sudoers/def_data.c:614 +#, c-format +msgid "The maximum size of the data segment for the process (in bytes): %s" +msgstr "Maksymalny rozmiar segmentu danych procesu (w bajtach): %s" + +#: plugins/sudoers/def_data.c:618 +#, c-format +msgid "The largest size file that the process may create (in bytes): %s" +msgstr "Maksymalny rozmiar pliku, jaki proces może utworzyć (w bajtach): %s" + +#: plugins/sudoers/def_data.c:622 +#, c-format +msgid "The maximum number of locks that the process may establish: %s" +msgstr "Maksymalna liczba blokad, jaką proces może ustanowić: %s" + +#: plugins/sudoers/def_data.c:626 +#, c-format +msgid "The maximum size that the process may lock in memory (in bytes): %s" +msgstr "Maksymalny rozmiar, jaki proces może zablokować w pamięci (w bajtach): %s" + +#: plugins/sudoers/def_data.c:630 +#, c-format +msgid "The maximum number of files that the process may have open: %s" +msgstr "Maksymalna liczba plików, jaką proces może mieć otwartych: %s" + +#: plugins/sudoers/def_data.c:634 +#, c-format +msgid "The maximum number of processes that the user may run simultaneously: %s" +msgstr "Maksymalna liczba procesów, jaką użytkownik może jednocześnie uruchomić: %s" + +#: plugins/sudoers/def_data.c:638 +#, c-format +msgid "The maximum size to which the process's resident set size may grow (in bytes): %s" +msgstr "Maksymalny rozmiar, do jakiego może urosnąć rozmiar rezydentny procesu (w bajtach): %s" + +#: plugins/sudoers/def_data.c:642 +#, c-format +msgid "The maximum size to which the process's stack may grow (in bytes): %s" +msgstr "Maksymalny rozmiar, do jakiego może urosnąć stos procesu (w bajtach): %s" -#: plugins/sudoers/defaults.c:188 +#: plugins/sudoers/defaults.c:192 #, c-format msgid "%s: unknown defaults entry \"%s\"" msgstr "%s: nieznany wpis domyślny \"%s\"" -#: plugins/sudoers/defaults.c:234 +#: plugins/sudoers/defaults.c:241 #, c-format msgid "%s:%d:%d: no value specified for \"%s\"" msgstr "%s:%d:%d: nie podano wartości dla \"%s\"" -#: plugins/sudoers/defaults.c:237 +#: plugins/sudoers/defaults.c:244 #, c-format msgid "%s: no value specified for \"%s\"" msgstr "%s: nie podano wartości dla \"%s\"" -#: plugins/sudoers/defaults.c:275 +#: plugins/sudoers/defaults.c:257 +#, c-format +msgid "%s:%d:%d: invalid operator \"%c=\" for \"%s\"" +msgstr "%s:%d:%d: błędny operator \"%c=\" dla \"%s\"" + +#: plugins/sudoers/defaults.c:260 +#, c-format +msgid "%s: invalid operator \"%c=\" for \"%s\"" +msgstr "%s: błędny operator \"%c=\" dla \"%s\"" + +#: plugins/sudoers/defaults.c:296 #, c-format msgid "%s:%d:%d: option \"%s\" does not take a value" msgstr "%s:%d:%d: opcja \"%s\" nie przyjmuje wartości" -#: plugins/sudoers/defaults.c:278 +#: plugins/sudoers/defaults.c:299 #, c-format msgid "%s: option \"%s\" does not take a value" msgstr "%s: opcja \"%s\" nie przyjmuje wartości" -#: plugins/sudoers/defaults.c:303 +#: plugins/sudoers/defaults.c:327 #, c-format msgid "%s:%d:%d: invalid Defaults type 0x%x for option \"%s\"" msgstr "%s:%d:%d: błędny typ Defaults 0x%x dla opcji \"%s\"" -#: plugins/sudoers/defaults.c:306 +#: plugins/sudoers/defaults.c:330 #, c-format msgid "%s: invalid Defaults type 0x%x for option \"%s\"" msgstr "%s: błędny typ Defaults 0x%x dla opcji \"%s\"" -#: plugins/sudoers/defaults.c:316 +#: plugins/sudoers/defaults.c:340 #, c-format msgid "%s:%d:%d: value \"%s\" is invalid for option \"%s\"" msgstr "%s:%d:%d: błędna wartość \"%s\" dla opcji \"%s\"" -#: plugins/sudoers/defaults.c:319 +#: plugins/sudoers/defaults.c:343 #, c-format msgid "%s: value \"%s\" is invalid for option \"%s\"" msgstr "%s: błędna wartość \"%s\" dla opcji \"%s\"" -#: plugins/sudoers/defaults.c:1030 +#: plugins/sudoers/defaults.c:1124 +#, c-format +msgid "%s:%d:%d: path name for \"%s\" too long" +msgstr "%s:%d:%d: ścieżka pliku \"%s\" zbyt długa" + +#: plugins/sudoers/defaults.c:1127 +#, c-format +msgid "%s: path name for \"%s\" too long" +msgstr "%s: ścieżka pliku \"%s\" zbyt długa" + +#: plugins/sudoers/defaults.c:1138 #, c-format msgid "%s:%d:%d: values for \"%s\" must start with a '/', '~', or '*'" msgstr "%s:%d:%d: wartości \"%s\" muszą zaczynać się od '/', '~' lub '*'" -#: plugins/sudoers/defaults.c:1034 +#: plugins/sudoers/defaults.c:1142 #, c-format msgid "%s: values for \"%s\" must start with a '/', '~', or '*'" msgstr "%s: wartości \"%s\" muszą zaczynać się od '/', '~' lub '*'" -#: plugins/sudoers/defaults.c:1045 +#: plugins/sudoers/defaults.c:1153 #, c-format msgid "%s:%d:%d: values for \"%s\" must start with a '/'" msgstr "%s:%d:%d: wartości \"%s\" muszą zaczynać się od '/'" -#: plugins/sudoers/defaults.c:1049 +#: plugins/sudoers/defaults.c:1157 #, c-format msgid "%s: values for \"%s\" must start with a '/'" msgstr "%s: wartości \"%s\" muszą zaczynać się od '/'" -#: plugins/sudoers/env.c:405 +#: plugins/sudoers/env.c:412 msgid "sudo_putenv: corrupted envp, length mismatch" msgstr "sudo_putenv: uszkodzone envp, niezgodność długości" -#: plugins/sudoers/env.c:1133 +#: plugins/sudoers/env.c:1095 msgid "unable to rebuild the environment" msgstr "nie udało się przebudować środowiska" -#: plugins/sudoers/env.c:1207 +#: plugins/sudoers/env.c:1169 #, c-format msgid "sorry, you are not allowed to set the following environment variables: %s" msgstr "niestety nie jest dozwolone ustawianie następujących zmiennych środowiskowych: %s" -#: plugins/sudoers/file.c:107 +#: plugins/sudoers/file.c:108 #, c-format msgid "parse error in %s near line %d" msgstr "błąd składni w %s w okolicy linii %d" -#: plugins/sudoers/file.c:110 +#: plugins/sudoers/file.c:111 #, c-format msgid "parse error in %s" msgstr "błąd składni w %s" @@ -2012,7 +2597,7 @@ msgid "%s must only be writable by owner" msgstr "prawo zapisu do %s może mieć tylko właściciel" -#: plugins/sudoers/group_plugin.c:96 plugins/sudoers/sssd.c:569 +#: plugins/sudoers/group_plugin.c:96 plugins/sudoers/sssd.c:566 #, c-format msgid "unable to load %s: %s" msgstr "nie udało się załadować %s: %s" @@ -2027,56 +2612,51 @@ msgid "%s: incompatible group plugin major version %d, expected %d" msgstr "%s: niezgodna główna wersja wtyczki grup %d, oczekiwano %d" -#: plugins/sudoers/interfaces.c:80 plugins/sudoers/interfaces.c:97 +#: plugins/sudoers/interfaces.c:76 plugins/sudoers/interfaces.c:93 #, c-format msgid "unable to parse IP address \"%s\"" msgstr "nie udało się przeanalizować adresu IP \"%s\"" -#: plugins/sudoers/interfaces.c:85 plugins/sudoers/interfaces.c:102 +#: plugins/sudoers/interfaces.c:81 plugins/sudoers/interfaces.c:98 #, c-format msgid "unable to parse netmask \"%s\"" msgstr "nie udało się przeanalizować maski sieciowej \"%s\"" -#: plugins/sudoers/interfaces.c:130 +#: plugins/sudoers/interfaces.c:126 msgid "Local IP address and netmask pairs:\n" msgstr "Pary lokalnych adresów IP i masek:\n" -#: plugins/sudoers/iolog.c:143 plugins/sudoers/sudoers.c:445 -#: plugins/sudoers/sudoers.c:1341 plugins/sudoers/testsudoers.c:410 -#, c-format -msgid "unknown group: %s" -msgstr "nieznana grupa: %s" - -#: plugins/sudoers/iolog.c:622 +#: plugins/sudoers/iolog.c:626 msgid "unable to update sequence file" msgstr "nie udało się uaktualnić pliku sekwencji" -#: plugins/sudoers/iolog.c:653 plugins/sudoers/iolog.c:841 -#: plugins/sudoers/iolog.c:994 plugins/sudoers/iolog.c:1001 -#: plugins/sudoers/iolog.c:1122 plugins/sudoers/iolog.c:1129 -#: plugins/sudoers/iolog.c:1228 plugins/sudoers/iolog.c:1235 +#: plugins/sudoers/iolog.c:660 plugins/sudoers/iolog.c:848 +#: plugins/sudoers/iolog.c:1001 plugins/sudoers/iolog.c:1008 +#: plugins/sudoers/iolog.c:1129 plugins/sudoers/iolog.c:1136 +#: plugins/sudoers/iolog.c:1235 plugins/sudoers/iolog.c:1242 #, c-format msgid "unable to write to I/O log file: %s" msgstr "nie udało się zapisać do pliku logu we/wy: %s" -#: plugins/sudoers/iolog.c:661 +#: plugins/sudoers/iolog.c:668 #, c-format msgid "unable to create %s/%s" msgstr "nie udało się utworzyć %s/%s" -#: plugins/sudoers/iolog.c:886 +#: plugins/sudoers/iolog.c:893 #, c-format msgid "%s: internal error, I/O log file for event %d not open" msgstr "%s: błąd wewnętrzny, plik logu we/wy dla zdarzenia %d nie jest otwarty" -#: plugins/sudoers/iolog.c:979 plugins/sudoers/iolog.c:1107 -#: plugins/sudoers/iolog.c:1212 plugins/sudoers/timestamp.c:855 -#: plugins/sudoers/timestamp.c:947 plugins/sudoers/visudo.c:493 -#: plugins/sudoers/visudo.c:499 +#: plugins/sudoers/iolog.c:986 plugins/sudoers/iolog.c:1114 +#: plugins/sudoers/iolog.c:1219 plugins/sudoers/timestamp.c:849 +#: plugins/sudoers/timestamp.c:941 plugins/sudoers/visudo.c:510 +#: plugins/sudoers/visudo.c:516 msgid "unable to read the clock" msgstr "nie udało się odczytać zegara" -#: plugins/sudoers/iolog.c:1204 plugins/sudoers/log_client.c:1193 +#: plugins/sudoers/iolog.c:1211 plugins/sudoers/log_client.c:1221 +#: plugins/sudoers/log_client.c:1231 plugins/sudoers/log_client.c:1235 #, c-format msgid "%s: internal error, invalid signal %d" msgstr "%s: błąd wewnętrzny, błędny sygnał %d" @@ -2095,16 +2675,16 @@ msgid "you must set TLS_CERT in %s to use SSL" msgstr "aby używać SSL, trzeba ustawić TLS_CERT w %s" -#: plugins/sudoers/ldap.c:1660 +#: plugins/sudoers/ldap.c:1663 #, c-format msgid "unable to initialize LDAP: %s" msgstr "nie udało się zainicjować LDAP: %s" -#: plugins/sudoers/ldap.c:1697 +#: plugins/sudoers/ldap.c:1700 msgid "start_tls specified but LDAP libs do not support ldap_start_tls_s() or ldap_start_tls_s_np()" msgstr "wybrano start_tls, ale biblioteki LDAP nie obsługują ldap_start_tls_s() ani ldap_start_tls_s_np()" -#: plugins/sudoers/ldap.c:1834 plugins/sudoers/parse_ldif.c:744 +#: plugins/sudoers/ldap.c:1837 plugins/sudoers/parse_ldif.c:747 #, c-format msgid "invalid sudoOrder attribute: %s" msgstr "błędny atrybut sudoOrder: %s" @@ -2123,100 +2703,132 @@ msgid "unable to mix ldap and ldaps URIs" msgstr "nie można mieszać URI ldap i ldaps" -#: plugins/sudoers/ldap_util.c:553 plugins/sudoers/ldap_util.c:555 +#: plugins/sudoers/ldap_util.c:498 plugins/sudoers/ldap_util.c:505 +#: plugins/sudoers/ldap_util.c:513 plugins/sudoers/ldap_util.c:522 +#: plugins/sudoers/ldap_util.c:530 plugins/sudoers/ldap_util.c:540 +#: plugins/sudoers/ldap_util.c:548 +#, c-format +msgid "duplicate sudoOption: %s%s%s" +msgstr "powtórka sudoOption: %s%s%s" + +#: plugins/sudoers/ldap_util.c:567 plugins/sudoers/ldap_util.c:569 #, c-format msgid "unable to convert sudoOption: %s%s%s" msgstr "nie można skonwertować sudoOption: %s%s%s" -#: plugins/sudoers/linux_audit.c:58 +#: plugins/sudoers/linux_audit.c:58 plugins/sudoers/linux_audit.c:60 msgid "unable to open audit system" msgstr "nie udało się otworzyć systemu audytowego" -#: plugins/sudoers/linux_audit.c:101 +#: plugins/sudoers/linux_audit.c:103 msgid "unable to send audit message" msgstr "nie udało się wysłać komunikatu audytowego" -#: plugins/sudoers/log_client.c:113 plugins/sudoers/log_client.c:391 -#: plugins/sudoers/log_client.c:1431 plugins/sudoers/log_client.c:2023 +#: plugins/sudoers/log_client.c:120 plugins/sudoers/log_client.c:400 +#: plugins/sudoers/log_client.c:1468 plugins/sudoers/log_client.c:2070 msgid "error in event loop" msgstr "błąd w pętli zdarzeń" -#: plugins/sudoers/log_client.c:193 +#: plugins/sudoers/log_client.c:200 #, c-format msgid "Creation of new SSL_CTX object failed: %s" msgstr "Utworzenie nowego obiektu SSL_CTX nie powiodło się: %s" -#: plugins/sudoers/log_client.c:345 plugins/sudoers/log_client.c:350 +#: plugins/sudoers/log_client.c:223 +#, c-format +msgid "unable to load certificate authority bundle %s" +msgstr "nie udało się załadować paczki certyfikatów CA %s" + +#: plugins/sudoers/log_client.c:243 +#, c-format +msgid "unable to load certificate %s" +msgstr "nie udało się załadować certyfikatu %s" + +#: plugins/sudoers/log_client.c:256 +#, c-format +msgid "unable to load private key %s" +msgstr "nie udało się załadować klucza prywatnego %s" + +#: plugins/sudoers/log_client.c:265 +#, c-format +msgid "Unable to allocate ssl object: %s" +msgstr "Nie udało się przydzielić obiektu SSL: %s" + +#: plugins/sudoers/log_client.c:353 plugins/sudoers/log_client.c:358 #, c-format msgid "TLS connection to %s:%s failed: %s" msgstr "Połączenie TLS do %s:%s nie powiodło się: %s" -#: plugins/sudoers/log_client.c:519 +#: plugins/sudoers/log_client.c:531 msgid "TLS initialization was unsuccessful" msgstr "Inicjowanie TLS nie powiodło się" -#: plugins/sudoers/log_client.c:528 +#: plugins/sudoers/log_client.c:541 msgid "TLS handshake was unsuccessful" msgstr "Powitanie TLS nie powiodło się" -#: plugins/sudoers/log_client.c:1202 +#: plugins/sudoers/log_client.c:1239 #, c-format msgid "%s: internal error, invalid exit status %d" msgstr "%s: błąd wewnętrzny, błędny kod wyjścia %d" -#: plugins/sudoers/log_client.c:1738 +#: plugins/sudoers/log_client.c:1608 +msgid "unable to unpack ServerMessage" +msgstr "nie udało się rozpakować ServerMessage" + +#: plugins/sudoers/log_client.c:1763 plugins/sudoers/log_client.c:1787 msgid "lost connection to log server" msgstr "utracono połączenie z serwerem logów" -#: plugins/sudoers/log_client.c:1815 +#: plugins/sudoers/log_client.c:1864 msgid "missing write buffer" msgstr "brak bufora zapisu" -#: plugins/sudoers/log_client.c:1964 +#: plugins/sudoers/log_client.c:2011 msgid "unable to connect to log server" msgstr "nie udało się połączyć z serwerem logów" -#: plugins/sudoers/logging.c:244 +#: plugins/sudoers/logging.c:286 msgid "user NOT in sudoers" msgstr "użytkownik NIE występuje w sudoers" -#: plugins/sudoers/logging.c:246 +#: plugins/sudoers/logging.c:288 msgid "user NOT authorized on host" msgstr "użytkownik NIE jest autoryzowany na hoście" -#: plugins/sudoers/logging.c:248 +#: plugins/sudoers/logging.c:290 msgid "command not allowed" msgstr "polecenie niedozwolone" -#: plugins/sudoers/logging.c:269 +#: plugins/sudoers/logging.c:311 #, c-format msgid "%s is not in the sudoers file. This incident will be reported.\n" msgstr "%s nie występuje w pliku sudoers. Ten incydent zostanie zgłoszony.\n" -#: plugins/sudoers/logging.c:272 +#: plugins/sudoers/logging.c:314 #, c-format msgid "%s is not allowed to run sudo on %s. This incident will be reported.\n" msgstr "%s nie ma uprawnień do uruchamiania sudo na %s. Ten incydent zostanie zgłoszony.\n" -#: plugins/sudoers/logging.c:276 +#: plugins/sudoers/logging.c:318 #, c-format msgid "Sorry, user %s may not run sudo on %s.\n" msgstr "Niestety użytkownik %s nie może uruchamiać sudo na %s.\n" -#: plugins/sudoers/logging.c:279 +#: plugins/sudoers/logging.c:321 #, c-format msgid "Sorry, user %s is not allowed to execute '%s%s%s' as %s%s%s on %s.\n" msgstr "Niestety użytkownik %s nie ma uprawnień do uruchamiania '%s%s%s' jako %s%s%s na %s.\n" -#: plugins/sudoers/logging.c:316 plugins/sudoers/sudoers.c:583 -#: plugins/sudoers/sudoers.c:585 plugins/sudoers/sudoers.c:587 -#: plugins/sudoers/sudoers.c:589 plugins/sudoers/sudoers.c:739 -#: plugins/sudoers/sudoers.c:741 +#: plugins/sudoers/logging.c:358 plugins/sudoers/sudoers.c:629 +#: plugins/sudoers/sudoers.c:631 plugins/sudoers/sudoers.c:633 +#: plugins/sudoers/sudoers.c:635 plugins/sudoers/sudoers.c:785 +#: plugins/sudoers/sudoers.c:787 #, c-format msgid "%s: command not found" msgstr "%s: nie znaleziono polecenia" -#: plugins/sudoers/logging.c:318 plugins/sudoers/sudoers.c:579 +#: plugins/sudoers/logging.c:360 plugins/sudoers/sudoers.c:625 #, c-format msgid "" "ignoring \"%s\" found in '.'\n" @@ -2225,7 +2837,7 @@ "zignorowano plik \"%s\" znaleziony w '.'\n" "Proszę użyć \"sudo ./%s\", jeśli to \"%s\" ma być uruchomiony." -#: plugins/sudoers/logging.c:337 +#: plugins/sudoers/logging.c:379 #, c-format msgid "%u incorrect password attempt" msgid_plural "%u incorrect password attempts" @@ -2233,20 +2845,15 @@ msgstr[1] "%u błędne próby wprowadzenia hasła" msgstr[2] "%u błędnych prób wprowadzenia hasła" -#: plugins/sudoers/logging.c:393 +#: plugins/sudoers/logging.c:435 msgid "authentication failure" msgstr "błąd uwierzytelniania" -#: plugins/sudoers/logging.c:433 plugins/sudoers/logging.c:453 +#: plugins/sudoers/logging.c:475 plugins/sudoers/logging.c:495 msgid "a password is required" msgstr "wymagane jest hasło" -#: plugins/sudoers/logging.c:729 -#, c-format -msgid "unable to open log file: %s" -msgstr "nie udało się otworzyć pliku logu: %s" - -#: plugins/sudoers/logging.c:762 +#: plugins/sudoers/logging.c:889 #, c-format msgid "unable to write log file: %s" msgstr "nie udało się zapisać pliku logu: %s" @@ -2256,7 +2863,15 @@ msgid "digest for %s (%s) is not in %s form" msgstr "skrót dla %s (%s) nie jest w postaci %s" -#: plugins/sudoers/parse.c:518 +#: plugins/sudoers/parse.c:233 +msgid "SELinux RBAC is not supported when intercept mode is enabled" +msgstr "SELinux RBAC nie jest obsługiwane przy włączonym trybie przechwytywania" + +#: plugins/sudoers/parse.c:238 +msgid "SELinux RBAC is not supported when the log_subcmds flag is enabled" +msgstr "SELinux RBAC nie jest obsługiwane przy włączonej fladze log_subcmds" + +#: plugins/sudoers/parse.c:549 #, c-format msgid "" "\n" @@ -2265,7 +2880,7 @@ "\n" "Rola LDAP: %s\n" -#: plugins/sudoers/parse.c:521 +#: plugins/sudoers/parse.c:552 msgid "" "\n" "Sudoers entry:\n" @@ -2273,104 +2888,115 @@ "\n" "Wpis sudoers:\n" -#: plugins/sudoers/parse.c:523 +#: plugins/sudoers/parse.c:554 msgid " RunAsUsers: " msgstr " Jako użytkownicy: " -#: plugins/sudoers/parse.c:538 +#: plugins/sudoers/parse.c:569 msgid " RunAsGroups: " msgstr " Jako grupy: " -#: plugins/sudoers/parse.c:548 +#: plugins/sudoers/parse.c:579 msgid " Options: " msgstr " Opcje: " -#: plugins/sudoers/parse.c:602 +#: plugins/sudoers/parse.c:643 msgid " Commands:\n" msgstr " Polecenia:\n" -#: plugins/sudoers/parse.c:793 +#: plugins/sudoers/parse.c:834 #, c-format msgid "Matching Defaults entries for %s on %s:\n" msgstr "Pasujące wpisy Defaults dla %s na %s:\n" -#: plugins/sudoers/parse.c:811 +#: plugins/sudoers/parse.c:852 #, c-format msgid "Runas and Command-specific defaults for %s:\n" msgstr "Wartości specyficzne dla Runas i Command dla %s:\n" -#: plugins/sudoers/parse.c:829 +#: plugins/sudoers/parse.c:870 #, c-format msgid "User %s may run the following commands on %s:\n" msgstr "Użytkownik %s może uruchamiać na %s następujące polecenia:\n" -#: plugins/sudoers/parse.c:844 +#: plugins/sudoers/parse.c:885 #, c-format msgid "User %s is not allowed to run sudo on %s.\n" msgstr "Użytkownik %s nie ma uprawnień do uruchamiania sudo na %s.\n" -#: plugins/sudoers/parse_ldif.c:614 +#: plugins/sudoers/parse_ldif.c:617 #, c-format msgid "ignoring incomplete sudoRole: cn: %s" msgstr "zignorowano niekompletne sudoRole: cn: %s" -#: plugins/sudoers/parse_ldif.c:674 +#: plugins/sudoers/parse_ldif.c:677 #, c-format msgid "invalid LDIF attribute: %s" msgstr "błędny atrybut LDIF: %s" -#: plugins/sudoers/policy.c:78 plugins/sudoers/policy.c:102 +#: plugins/sudoers/policy.c:80 plugins/sudoers/policy.c:111 #, c-format msgid "invalid %.*s set by sudo front-end" msgstr "błędna wartość %.*s ustawiona przez frontend sudo" -#: plugins/sudoers/policy.c:310 plugins/sudoers/testsudoers.c:272 +#: plugins/sudoers/policy.c:206 plugins/sudoers/policy.c:215 +#, c-format +msgid "path name for \"%s\" too long" +msgstr "ścieżka pliku \"%s\" zbyt długa" + +#: plugins/sudoers/policy.c:328 plugins/sudoers/testsudoers.c:268 msgid "unable to parse network address list" msgstr "nie udało się przeanalizować listy adresów sieciowych" -#: plugins/sudoers/policy.c:455 +#: plugins/sudoers/policy.c:479 msgid "user name not set by sudo front-end" msgstr "nazwa użytkownika nie ustawiona przez frontend sudo" -#: plugins/sudoers/policy.c:459 +#: plugins/sudoers/policy.c:483 msgid "user-ID not set by sudo front-end" msgstr "ID użytkownika nie ustawiony przez frontend sudo" -#: plugins/sudoers/policy.c:463 +#: plugins/sudoers/policy.c:487 msgid "group-ID not set by sudo front-end" msgstr "ID grupy nie ustawiony przez frontend sudo" -#: plugins/sudoers/policy.c:467 +#: plugins/sudoers/policy.c:491 msgid "host name not set by sudo front-end" msgstr "nazwa hosta nie ustawiona przez frontend sudo" -#: plugins/sudoers/policy.c:643 +#: plugins/sudoers/policy.c:693 #, c-format msgid "invalid working directory: %s" msgstr "błędny katalog roboczy: %s" -#: plugins/sudoers/policy.c:811 +#: plugins/sudoers/policy.c:869 #, c-format msgid "invalid chroot directory: %s" msgstr "błędny katalog chroot: %s" -#: plugins/sudoers/policy.c:947 plugins/sudoers/visudo.c:231 -#: plugins/sudoers/visudo.c:860 +#: plugins/sudoers/policy.c:1051 plugins/sudoers/visudo.c:243 +#: plugins/sudoers/visudo.c:880 #, c-format msgid "unable to execute %s" msgstr "nie udało się wywołać %s" -#: plugins/sudoers/policy.c:1111 +#: plugins/sudoers/policy.c:1121 plugins/sudoers/policy.c:1158 +#: plugins/sudoers/policy.c:1180 plugins/sudoers/policy.c:1206 +#, c-format +msgid "%s: invalid mode flags from sudo front end: 0x%x" +msgstr "%s: błędne flagi trybu z frontendu sudo: 0x%x" + +#: plugins/sudoers/policy.c:1237 #, c-format msgid "Sudoers policy plugin version %s\n" msgstr "Wersja wtyczki polityki sudoers %s\n" -#: plugins/sudoers/policy.c:1113 +#: plugins/sudoers/policy.c:1239 #, c-format msgid "Sudoers file grammar version %d\n" msgstr "Wersja gramatyki pliku sudoers %d\n" -#: plugins/sudoers/policy.c:1117 +#: plugins/sudoers/policy.c:1243 #, c-format msgid "" "\n" @@ -2379,132 +3005,137 @@ "\n" "Ścieżka do sudoers: %s\n" -#: plugins/sudoers/policy.c:1120 +#: plugins/sudoers/policy.c:1246 #, c-format msgid "nsswitch path: %s\n" msgstr "ścieżka do nsswitch: %s\n" -#: plugins/sudoers/policy.c:1122 +#: plugins/sudoers/policy.c:1248 #, c-format msgid "ldap.conf path: %s\n" msgstr "ścieżka do ldap.conf: %s\n" -#: plugins/sudoers/policy.c:1123 +#: plugins/sudoers/policy.c:1249 #, c-format msgid "ldap.secret path: %s\n" msgstr "ścieżka do ldap.secret: %s\n" -#: plugins/sudoers/policy.c:1156 +#: plugins/sudoers/policy.c:1282 #, c-format msgid "unable to register hook of type %d (version %d.%d)" msgstr "nie udało się zarejestrować uchwytu typu %d (wersja %d.%d)" -#: plugins/sudoers/pwutil.c:217 plugins/sudoers/pwutil.c:235 +#: plugins/sudoers/policy.c:1300 +#, c-format +msgid "unable to deregister hook of type %d (version %d.%d)" +msgstr "nie udało się wyrejestrować uchwytu typu %d (wersja %d.%d)" + +#: plugins/sudoers/pwutil.c:222 plugins/sudoers/pwutil.c:240 #, c-format msgid "unable to cache uid %u" msgstr "nie udało się zapamiętać uid-a %u" -#: plugins/sudoers/pwutil.c:229 +#: plugins/sudoers/pwutil.c:234 #, c-format msgid "unable to cache uid %u, already exists" msgstr "nie udało się zapamiętać uid-a %u, już istnieje" -#: plugins/sudoers/pwutil.c:289 plugins/sudoers/pwutil.c:307 -#: plugins/sudoers/pwutil.c:370 plugins/sudoers/pwutil.c:415 +#: plugins/sudoers/pwutil.c:294 plugins/sudoers/pwutil.c:312 +#: plugins/sudoers/pwutil.c:375 plugins/sudoers/pwutil.c:420 #, c-format msgid "unable to cache user %s" msgstr "nie udało się zapamiętać użytkownika %s" -#: plugins/sudoers/pwutil.c:302 +#: plugins/sudoers/pwutil.c:307 #, c-format msgid "unable to cache user %s, already exists" msgstr "nie udało się zapamiętać użytkownika %s, już istnieje" -#: plugins/sudoers/pwutil.c:534 plugins/sudoers/pwutil.c:552 +#: plugins/sudoers/pwutil.c:539 plugins/sudoers/pwutil.c:557 #, c-format msgid "unable to cache gid %u" msgstr "nie udało się zapamiętać gid-a %u" -#: plugins/sudoers/pwutil.c:546 +#: plugins/sudoers/pwutil.c:551 #, c-format msgid "unable to cache gid %u, already exists" msgstr "nie udało się zapamiętać gid-a %u, już istnieje" -#: plugins/sudoers/pwutil.c:599 plugins/sudoers/pwutil.c:617 -#: plugins/sudoers/pwutil.c:665 plugins/sudoers/pwutil.c:707 +#: plugins/sudoers/pwutil.c:605 plugins/sudoers/pwutil.c:623 +#: plugins/sudoers/pwutil.c:684 plugins/sudoers/pwutil.c:733 #, c-format msgid "unable to cache group %s" msgstr "nie udało się zapamiętać grupy %s" -#: plugins/sudoers/pwutil.c:612 +#: plugins/sudoers/pwutil.c:618 #, c-format msgid "unable to cache group %s, already exists" msgstr "nie udało się zapamiętać grupy %s, już istnieje" -#: plugins/sudoers/pwutil.c:834 plugins/sudoers/pwutil.c:885 -#: plugins/sudoers/pwutil.c:935 plugins/sudoers/pwutil.c:987 +#: plugins/sudoers/pwutil.c:880 plugins/sudoers/pwutil.c:931 +#: plugins/sudoers/pwutil.c:981 plugins/sudoers/pwutil.c:1033 #, c-format msgid "unable to cache group list for %s, already exists" msgstr "nie udało się zapamiętać listy grup dla %s, już istnieje" -#: plugins/sudoers/pwutil.c:840 plugins/sudoers/pwutil.c:890 -#: plugins/sudoers/pwutil.c:941 plugins/sudoers/pwutil.c:992 +#: plugins/sudoers/pwutil.c:886 plugins/sudoers/pwutil.c:936 +#: plugins/sudoers/pwutil.c:987 plugins/sudoers/pwutil.c:1038 #, c-format msgid "unable to cache group list for %s" msgstr "nie udało się zapamiętać listy grup dla %s" -#: plugins/sudoers/pwutil.c:879 +#: plugins/sudoers/pwutil.c:925 #, c-format msgid "unable to parse groups for %s" msgstr "nie udało się przeanalizować grup dla %s" -#: plugins/sudoers/pwutil.c:981 +#: plugins/sudoers/pwutil.c:1027 #, c-format msgid "unable to parse gids for %s" msgstr "nie udało się przeanalizować gidów dla %s" -#: plugins/sudoers/set_perms.c:114 plugins/sudoers/set_perms.c:441 -#: plugins/sudoers/set_perms.c:844 plugins/sudoers/set_perms.c:1150 -#: plugins/sudoers/set_perms.c:1444 +#: plugins/sudoers/set_perms.c:114 plugins/sudoers/set_perms.c:445 +#: plugins/sudoers/set_perms.c:852 plugins/sudoers/set_perms.c:1162 +#: plugins/sudoers/set_perms.c:1460 msgid "perm stack overflow" msgstr "przepełnienie stosu uprawnień" -#: plugins/sudoers/set_perms.c:122 plugins/sudoers/set_perms.c:372 -#: plugins/sudoers/set_perms.c:449 plugins/sudoers/set_perms.c:711 -#: plugins/sudoers/set_perms.c:852 plugins/sudoers/set_perms.c:1074 -#: plugins/sudoers/set_perms.c:1158 plugins/sudoers/set_perms.c:1377 -#: plugins/sudoers/set_perms.c:1452 plugins/sudoers/set_perms.c:1542 +#: plugins/sudoers/set_perms.c:125 plugins/sudoers/set_perms.c:376 +#: plugins/sudoers/set_perms.c:456 plugins/sudoers/set_perms.c:719 +#: plugins/sudoers/set_perms.c:863 plugins/sudoers/set_perms.c:1086 +#: plugins/sudoers/set_perms.c:1173 plugins/sudoers/set_perms.c:1393 +#: plugins/sudoers/set_perms.c:1471 plugins/sudoers/set_perms.c:1562 msgid "perm stack underflow" msgstr "niedopełnienie stosu uprawnień" -#: plugins/sudoers/set_perms.c:181 plugins/sudoers/set_perms.c:495 -#: plugins/sudoers/set_perms.c:1211 plugins/sudoers/set_perms.c:1485 +#: plugins/sudoers/set_perms.c:185 plugins/sudoers/set_perms.c:503 +#: plugins/sudoers/set_perms.c:1227 plugins/sudoers/set_perms.c:1505 msgid "unable to change to root gid" msgstr "nie udało się zmienić na gid roota" -#: plugins/sudoers/set_perms.c:272 plugins/sudoers/set_perms.c:592 -#: plugins/sudoers/set_perms.c:983 plugins/sudoers/set_perms.c:1288 +#: plugins/sudoers/set_perms.c:276 plugins/sudoers/set_perms.c:600 +#: plugins/sudoers/set_perms.c:995 plugins/sudoers/set_perms.c:1304 msgid "unable to change to runas gid" msgstr "nie udało się zmienić na docelowy gid" -#: plugins/sudoers/set_perms.c:277 plugins/sudoers/set_perms.c:597 -#: plugins/sudoers/set_perms.c:988 plugins/sudoers/set_perms.c:1293 +#: plugins/sudoers/set_perms.c:281 plugins/sudoers/set_perms.c:605 +#: plugins/sudoers/set_perms.c:1000 plugins/sudoers/set_perms.c:1309 msgid "unable to set runas group vector" msgstr "nie udało się ustawić wektora grup docelowych" -#: plugins/sudoers/set_perms.c:288 plugins/sudoers/set_perms.c:608 -#: plugins/sudoers/set_perms.c:997 plugins/sudoers/set_perms.c:1302 +#: plugins/sudoers/set_perms.c:292 plugins/sudoers/set_perms.c:616 +#: plugins/sudoers/set_perms.c:1009 plugins/sudoers/set_perms.c:1318 msgid "unable to change to runas uid" msgstr "nie udało się zmienić na docelowy uid" -#: plugins/sudoers/set_perms.c:306 plugins/sudoers/set_perms.c:626 -#: plugins/sudoers/set_perms.c:1013 plugins/sudoers/set_perms.c:1318 +#: plugins/sudoers/set_perms.c:310 plugins/sudoers/set_perms.c:634 +#: plugins/sudoers/set_perms.c:1025 plugins/sudoers/set_perms.c:1334 msgid "unable to change to sudoers gid" msgstr "nie udało się zmienić na gid sudoers" -#: plugins/sudoers/set_perms.c:359 plugins/sudoers/set_perms.c:698 -#: plugins/sudoers/set_perms.c:1061 plugins/sudoers/set_perms.c:1364 -#: plugins/sudoers/set_perms.c:1529 +#: plugins/sudoers/set_perms.c:363 plugins/sudoers/set_perms.c:706 +#: plugins/sudoers/set_perms.c:1073 plugins/sudoers/set_perms.c:1380 +#: plugins/sudoers/set_perms.c:1549 msgid "too many processes" msgstr "zbyt dużo procesów" @@ -2522,259 +3153,273 @@ msgid "truncated audit path argv[0]: %s" msgstr "ucięta ścieżka audytu argv[0]: %s" -#: plugins/sudoers/sssd.c:572 +#: plugins/sudoers/sssd.c:569 msgid "unable to initialize SSS source. Is SSSD installed on your machine?" msgstr "nie udało się zainicjować źródła SSS. Czy SSSD jest zainstalowany na tej maszynie?" -#: plugins/sudoers/sssd.c:580 plugins/sudoers/sssd.c:589 -#: plugins/sudoers/sssd.c:598 plugins/sudoers/sssd.c:607 -#: plugins/sudoers/sssd.c:616 +#: plugins/sudoers/sssd.c:577 plugins/sudoers/sssd.c:586 +#: plugins/sudoers/sssd.c:595 plugins/sudoers/sssd.c:604 +#: plugins/sudoers/sssd.c:613 #, c-format msgid "unable to find symbol \"%s\" in %s" msgstr "nie udało się odnaleźć symbolu \"%s\" w %s" -#: plugins/sudoers/sudoers.c:214 plugins/sudoers/sudoers.c:1010 +#: plugins/sudoers/sudoers.c:166 plugins/sudoers/sudoers.c:174 +#: plugins/sudoers/sudoers.c:228 plugins/sudoers/sudoers.c:249 +#: plugins/sudoers/sudoers.c:1049 msgid "problem with defaults entries" msgstr "problem z wpisami domyślnymi" -#: plugins/sudoers/sudoers.c:218 +#: plugins/sudoers/sudoers.c:253 msgid "no valid sudoers sources found, quitting" msgstr "nie znaleziono poprawnych źródeł sudoers, zakończenie" -#: plugins/sudoers/sudoers.c:292 +#: plugins/sudoers/sudoers.c:327 #, c-format msgid "user not allowed to change root directory to %s" msgstr "użytkownik nie ma uprawnień do zmiany katalogu głównego na %s" -#: plugins/sudoers/sudoers.c:294 +#: plugins/sudoers/sudoers.c:329 #, c-format msgid "you are not permitted to use the -R option with %s" msgstr "brak uprawnień do używania opcji -R z %s" -#: plugins/sudoers/sudoers.c:319 +#: plugins/sudoers/sudoers.c:354 #, c-format msgid "user not allowed to change directory to %s" msgstr "użytkownik nie ma uprawnień do zmiany katalogu na %s" -#: plugins/sudoers/sudoers.c:320 +#: plugins/sudoers/sudoers.c:355 #, c-format msgid "you are not permitted to use the -D option with %s" msgstr "brak uprawnień do używania opcji -D z %s" -#: plugins/sudoers/sudoers.c:351 +#: plugins/sudoers/sudoers.c:382 +msgid "no command specified" +msgstr "nie podano polecenia" + +#: plugins/sudoers/sudoers.c:407 msgid "sudoers specifies that root is not allowed to sudo" msgstr "wg sudoers root nie ma prawa używać sudo" -#: plugins/sudoers/sudoers.c:411 +#: plugins/sudoers/sudoers.c:457 msgid "user not allowed to override closefrom limit" msgstr "użytkownik nie ma pozwolenia na zmianę limitu closefrom" -#: plugins/sudoers/sudoers.c:412 +#: plugins/sudoers/sudoers.c:458 msgid "you are not permitted to use the -C option" msgstr "brak uprawnień do używania opcji -C" -#: plugins/sudoers/sudoers.c:472 +#: plugins/sudoers/sudoers.c:518 #, c-format msgid "timestamp owner (%s): No such user" msgstr "właściciel znacznika czasu (%s): nie ma takiego użytkownika" -#: plugins/sudoers/sudoers.c:487 +#: plugins/sudoers/sudoers.c:533 msgid "no tty" msgstr "brak tty" -#: plugins/sudoers/sudoers.c:488 +#: plugins/sudoers/sudoers.c:534 msgid "sorry, you must have a tty to run sudo" msgstr "niestety do uruchomienia sudo konieczny jest tty" -#: plugins/sudoers/sudoers.c:495 +#: plugins/sudoers/sudoers.c:541 #, c-format msgid "invalid shell for user %s: %s" msgstr "błędna powłoka użytkownika %s: %s" -#: plugins/sudoers/sudoers.c:578 +#: plugins/sudoers/sudoers.c:624 msgid "command in current directory" msgstr "polecenie w bieżącym katalogu" -#: plugins/sudoers/sudoers.c:597 +#: plugins/sudoers/sudoers.c:639 +msgid "\"cd\" is a shell built-in command, it cannot be run directly." +msgstr "\"cd\" to polecenie wbudowane powłoki, nie może być uruchomione bezpośrednio." + +#: plugins/sudoers/sudoers.c:641 +msgid "the -s option may be used to run a privileged shell." +msgstr "można użyć opcji -s do uruchomienia powłoki uprzywilejowanej." + +#: plugins/sudoers/sudoers.c:643 +msgid "the -D option may be used to run a command in a specific directory." +msgstr "można użyć opcji -D do uruchomienia polecenia w podanym katalogu." + +#: plugins/sudoers/sudoers.c:652 msgid "user not allowed to set a command timeout" msgstr "użytkownik nie ma uprawnień do ustawienia limitu czasu polecenia" -#: plugins/sudoers/sudoers.c:599 +#: plugins/sudoers/sudoers.c:654 msgid "sorry, you are not allowed set a command timeout" msgstr "niestety brak uprawnień do ustawienia limitu czasu polecenia" -#: plugins/sudoers/sudoers.c:607 +#: plugins/sudoers/sudoers.c:662 msgid "user not allowed to preserve the environment" msgstr "użytkownik nie ma uprawnień do zachowania środowiska" -#: plugins/sudoers/sudoers.c:609 +#: plugins/sudoers/sudoers.c:664 msgid "sorry, you are not allowed to preserve the environment" msgstr "niestety brak uprawnień do zachowania środowiska" -#: plugins/sudoers/sudoers.c:945 -msgid "command too long" -msgstr "polecenie zbyt długie" - -#: plugins/sudoers/sudoers.c:1003 +#: plugins/sudoers/sudoers.c:1037 msgid "sudoedit doesn't need to be run via sudo" msgstr "sudoedit nie musi być uruchamiany przez sudo" -#: plugins/sudoers/sudoers.c:1057 plugins/sudoers/sudoreplay.c:1547 +#: plugins/sudoers/sudoers.c:1096 plugins/sudoers/sudoreplay.c:1578 #: plugins/sudoers/tsdump.c:138 #, c-format msgid "unable to read %s" msgstr "nie udało się odczytać %s" -#: plugins/sudoers/sudoers.c:1082 plugins/sudoers/visudo.c:432 -#: plugins/sudoers/visudo.c:726 +#: plugins/sudoers/sudoers.c:1121 plugins/sudoers/visudo.c:449 +#: plugins/sudoers/visudo.c:748 #, c-format msgid "unable to stat %s" msgstr "nie udało się wykonać stat na %s" -#: plugins/sudoers/sudoers.c:1086 plugins/sudoers/visudo.c:1018 +#: plugins/sudoers/sudoers.c:1125 plugins/sudoers/visudo.c:1045 #, c-format msgid "%s is not a regular file" msgstr "%s nie jest zwykłym plikiem" -#: plugins/sudoers/sudoers.c:1090 plugins/sudoers/timestamp.c:252 toke.l:1112 +#: plugins/sudoers/sudoers.c:1129 plugins/sudoers/timestamp.c:252 toke.l:1168 #, c-format msgid "%s is owned by uid %u, should be %u" msgstr "właścicielem %s jest uid %u, powinien być %u" -#: plugins/sudoers/sudoers.c:1094 toke.l:1117 +#: plugins/sudoers/sudoers.c:1133 toke.l:1173 #, c-format msgid "%s is world writable" msgstr "%s jest zapisywalny dla świata" -#: plugins/sudoers/sudoers.c:1098 toke.l:1120 +#: plugins/sudoers/sudoers.c:1137 toke.l:1176 #, c-format msgid "%s is owned by gid %u, should be %u" msgstr "właścicielem %s jest gid %u, powinien być %u" -#: plugins/sudoers/sudoers.c:1131 +#: plugins/sudoers/sudoers.c:1170 #, c-format msgid "only root can use \"-c %s\"" msgstr "tylko root może używać \"-c %s\"" -#: plugins/sudoers/sudoers.c:1150 +#: plugins/sudoers/sudoers.c:1189 #, c-format -msgid "unknown login class: %s" -msgstr "nieznana klasa logowania: %s" +msgid "unknown login class %s" +msgstr "nieznana klasa logowania %s" -#: plugins/sudoers/sudoers.c:1235 plugins/sudoers/sudoers.c:1250 +#: plugins/sudoers/sudoers.c:1275 plugins/sudoers/sudoers.c:1290 #, c-format msgid "unable to resolve host %s" msgstr "nie udało się rozwiązać nazwy hosta %s" -#: plugins/sudoers/sudoreplay.c:257 +#: plugins/sudoers/sudoreplay.c:259 #, c-format msgid "invalid filter option: %s" msgstr "błędna opcja filtra: %s" -#: plugins/sudoers/sudoreplay.c:273 +#: plugins/sudoers/sudoreplay.c:275 #, c-format msgid "invalid max wait: %s" msgstr "błędny maksymalny czas oczekiwania: %s" -#: plugins/sudoers/sudoreplay.c:296 +#: plugins/sudoers/sudoreplay.c:298 #, c-format msgid "invalid speed factor: %s" msgstr "błędny współczynnik szybkości: %s" -#: plugins/sudoers/sudoreplay.c:332 +#: plugins/sudoers/sudoreplay.c:333 +#, c-format +msgid "invalid time offset %s" +msgstr "błędny offset czasu %s" + +#: plugins/sudoers/sudoreplay.c:342 #, c-format msgid "%s/%.2s/%.2s/%.2s: %s" msgstr "%s/%.2s/%.2s/%.2s: %s" -#: plugins/sudoers/sudoreplay.c:337 +#: plugins/sudoers/sudoreplay.c:347 #, c-format msgid "%s/timing: %s" msgstr "%s/czas: %s" -#: plugins/sudoers/sudoreplay.c:341 -#, c-format -msgid "%s/%s: %s" -msgstr "%s/%s: %s" - -#: plugins/sudoers/sudoreplay.c:365 +#: plugins/sudoers/sudoreplay.c:375 #, c-format msgid "Replaying sudo session: %s" msgstr "Odtwarzanie sesji sudo: %s" -#: plugins/sudoers/sudoreplay.c:627 +#: plugins/sudoers/sudoreplay.c:637 msgid "unable to set tty to raw mode" msgstr "nie udało się przestawić tty w tryb surowy" -#: plugins/sudoers/sudoreplay.c:678 +#: plugins/sudoers/sudoreplay.c:688 msgid "Warning: your terminal is too small to properly replay the log.\n" msgstr "Uwaga: ten terminal jest za mały, aby właściwie odtworzyć log.\n" -#: plugins/sudoers/sudoreplay.c:679 +#: plugins/sudoers/sudoreplay.c:689 #, c-format msgid "Log geometry is %d x %d, your terminal's geometry is %d x %d." msgstr "Geometria logu to %d x %d, geometria terminala to %d x %d." -#: plugins/sudoers/sudoreplay.c:707 +#: plugins/sudoers/sudoreplay.c:717 msgid "Replay finished, press any key to restore the terminal." msgstr "Odtwarzanie zakończone, proszę nacisnąć dowolny klawisz, aby odzyskać terminal." -#: plugins/sudoers/sudoreplay.c:1197 plugins/sudoers/sudoreplay.c:1227 +#: plugins/sudoers/sudoreplay.c:1218 plugins/sudoers/sudoreplay.c:1248 #, c-format msgid "ambiguous expression \"%s\"" msgstr "niejednoznaczne wyrażenie \"%s\"" -#: plugins/sudoers/sudoreplay.c:1249 +#: plugins/sudoers/sudoreplay.c:1270 msgid "unmatched ')' in expression" msgstr "niesparowany ')' w wyrażeniu" -#: plugins/sudoers/sudoreplay.c:1253 +#: plugins/sudoers/sudoreplay.c:1274 #, c-format msgid "unknown search term \"%s\"" msgstr "nieznany warunek wyszukiwania \"%s\"" -#: plugins/sudoers/sudoreplay.c:1268 +#: plugins/sudoers/sudoreplay.c:1289 #, c-format msgid "%s requires an argument" msgstr "%s wymaga argumentu" -#: plugins/sudoers/sudoreplay.c:1271 plugins/sudoers/sudoreplay.c:1523 +#: plugins/sudoers/sudoreplay.c:1292 plugins/sudoers/sudoreplay.c:1554 #, c-format msgid "invalid regular expression: %s" msgstr "błędne wyrażenie regularne: %s" -#: plugins/sudoers/sudoreplay.c:1276 +#: plugins/sudoers/sudoreplay.c:1297 #, c-format msgid "could not parse date \"%s\"" msgstr "nie udało się przeanalizować daty \"%s\"" -#: plugins/sudoers/sudoreplay.c:1285 +#: plugins/sudoers/sudoreplay.c:1306 msgid "unmatched '(' in expression" msgstr "niesparowany '(' w wyrażeniu" -#: plugins/sudoers/sudoreplay.c:1287 +#: plugins/sudoers/sudoreplay.c:1308 msgid "illegal trailing \"or\"" msgstr "niedozwolone kończące \"or\"" -#: plugins/sudoers/sudoreplay.c:1289 +#: plugins/sudoers/sudoreplay.c:1310 msgid "illegal trailing \"!\"" msgstr "niedozwolony kończący \"!\"" -#: plugins/sudoers/sudoreplay.c:1347 +#: plugins/sudoers/sudoreplay.c:1368 #, c-format msgid "unknown search type %d" msgstr "nieznany typ wyszukiwania %d" -#: plugins/sudoers/sudoreplay.c:1614 +#: plugins/sudoers/sudoreplay.c:1645 #, c-format msgid "usage: %s [-hnRS] [-d dir] [-m num] [-s num] ID\n" msgstr "Składnia: %s [-hnRS] [-d katalog] [-m liczba] [-s wsp_szybkości] ID\n" -#: plugins/sudoers/sudoreplay.c:1617 +#: plugins/sudoers/sudoreplay.c:1648 #, c-format msgid "usage: %s [-h] [-d dir] -l [search expression]\n" msgstr "Składnia: %s [-h] [-d katalog] -l [wyrażenie wyszukiwania]\n" -#: plugins/sudoers/sudoreplay.c:1626 +#: plugins/sudoers/sudoreplay.c:1657 #, c-format msgid "" "%s - replay sudo session logs\n" @@ -2783,7 +3428,7 @@ "%s - odtwarzanie logów sesji sudo\n" "\n" -#: plugins/sudoers/sudoreplay.c:1628 +#: plugins/sudoers/sudoreplay.c:1659 msgid "" "\n" "Options:\n" @@ -2811,11 +3456,11 @@ " -s, --speed=ile przyspieszenie lub spowolnienie wyjścia\n" " -V, --version wyświetlenie informacji o wersji i zakończenie" -#: plugins/sudoers/testsudoers.c:348 +#: plugins/sudoers/testsudoers.c:344 msgid "\thost unmatched" msgstr "\thost nie znaleziony" -#: plugins/sudoers/testsudoers.c:351 +#: plugins/sudoers/testsudoers.c:347 msgid "" "\n" "Command allowed" @@ -2823,7 +3468,7 @@ "\n" "Polecenie dozwolone" -#: plugins/sudoers/testsudoers.c:352 +#: plugins/sudoers/testsudoers.c:348 msgid "" "\n" "Command denied" @@ -2831,7 +3476,7 @@ "\n" "Polecenie niedozwolone" -#: plugins/sudoers/testsudoers.c:352 +#: plugins/sudoers/testsudoers.c:348 msgid "" "\n" "Command unmatched" @@ -2844,121 +3489,127 @@ msgid "%s is group writable" msgstr "%s jest zapisywalny dla groupy" -#: plugins/sudoers/timestamp.c:336 plugins/sudoers/timestamp.c:680 +#: plugins/sudoers/timestamp.c:328 plugins/sudoers/timestamp.c:663 #, c-format msgid "unable to truncate time stamp file to %lld bytes" msgstr "nie udało się uciąć pliku znacznika czasu do długości %lld" -#: plugins/sudoers/timestamp.c:866 +#: plugins/sudoers/timestamp.c:860 msgid "ignoring time stamp from the future" msgstr "znacznik czasu zbyt daleko w przyszłości" -#: plugins/sudoers/timestamp.c:889 +#: plugins/sudoers/timestamp.c:883 #, c-format msgid "time stamp too far in the future: %20.20s" msgstr "znacznik czasu zbyt daleko w przyszłości: %20.20s" -#: plugins/sudoers/timestamp.c:1011 +#: plugins/sudoers/timestamp.c:1005 #, c-format msgid "unable to lock time stamp file %s" msgstr "nie udało się zablokować pliku znacznika czasu %s" -#: plugins/sudoers/timestamp.c:1055 plugins/sudoers/timestamp.c:1075 +#: plugins/sudoers/timestamp.c:1049 plugins/sudoers/timestamp.c:1069 #, c-format msgid "lecture status path too long: %s/%s" msgstr "ścieżka stanu instrukcji zbyt długa: %s/%s" -#: plugins/sudoers/toke_util.c:124 +#: plugins/sudoers/toke_util.c:150 msgid "sudoedit should not be specified with a path" msgstr "sudoedit nie powinien być podawany ze ścieżką" -#: plugins/sudoers/visudo.c:226 +#: plugins/sudoers/visudo.c:238 msgid "the -x option will be removed in a future release" msgstr "opcja -x będzie usunięta w kolejnej wersji" -#: plugins/sudoers/visudo.c:228 +#: plugins/sudoers/visudo.c:240 msgid "please consider using the cvtsudoers utility instead" msgstr "należy rozważyć użycie zamiast niej narzędzia cvtsudoers" -#: plugins/sudoers/visudo.c:279 plugins/sudoers/visudo.c:659 +#: plugins/sudoers/visudo.c:292 plugins/sudoers/visudo.c:676 #, c-format msgid "press return to edit %s: " msgstr "wciśnięcie return przejdzie do edycji %s: " -#: plugins/sudoers/visudo.c:340 +#: plugins/sudoers/visudo.c:307 +#, c-format +msgid "contents of edit session left in %s" +msgstr "zawartość sesji edycji pozostawiona w %s" + +#: plugins/sudoers/visudo.c:361 #, c-format msgid "specified editor (%s) doesn't exist" msgstr "podany edytor (%s) nie istnieje" -#: plugins/sudoers/visudo.c:342 +#: plugins/sudoers/visudo.c:363 #, c-format msgid "no editor found (editor path = %s)" msgstr "nie znaleziono edytora (ścieżka = %s)" -#: plugins/sudoers/visudo.c:452 plugins/sudoers/visudo.c:460 +#: plugins/sudoers/visudo.c:469 plugins/sudoers/visudo.c:477 msgid "write error" msgstr "błąd zapisu" -#: plugins/sudoers/visudo.c:506 +#: plugins/sudoers/visudo.c:523 #, c-format msgid "unable to stat temporary file (%s), %s unchanged" msgstr "nie udało się wykonać stat na pliku tymczasowym (%s), %s nie zmieniony" -#: plugins/sudoers/visudo.c:513 +#: plugins/sudoers/visudo.c:530 #, c-format msgid "zero length temporary file (%s), %s unchanged" msgstr "plik tymczasowy (%s) zerowej długości, %s nie zmieniony" -#: plugins/sudoers/visudo.c:519 +#: plugins/sudoers/visudo.c:536 #, c-format msgid "editor (%s) failed, %s unchanged" msgstr "błąd edytora (%s), %s nie zmieniony" -#: plugins/sudoers/visudo.c:541 +#: plugins/sudoers/visudo.c:558 #, c-format msgid "%s unchanged" msgstr "%s nie zmieniony" -#: plugins/sudoers/visudo.c:598 +#: plugins/sudoers/visudo.c:615 #, c-format msgid "unable to re-open temporary file (%s), %s unchanged." msgstr "nie udało się ponownie otworzyć pliku tymczasowego (%s), %s nie zmieniony." -#: plugins/sudoers/visudo.c:610 +#: plugins/sudoers/visudo.c:627 #, c-format msgid "unable to parse temporary file (%s), unknown error" msgstr "nie udało się przeanalizować pliku tymczasowego (%s), nieznany błąd" -#: plugins/sudoers/visudo.c:648 +#: plugins/sudoers/visudo.c:665 #, c-format msgid "internal error, unable to find %s in list!" msgstr "błąd wewnętrzny, nie znaleziono %s na liście!" -#: plugins/sudoers/visudo.c:728 plugins/sudoers/visudo.c:737 +#: plugins/sudoers/visudo.c:722 plugins/sudoers/visudo.c:752 +#: plugins/sudoers/visudo.c:759 #, c-format msgid "unable to set (uid, gid) of %s to (%u, %u)" msgstr "nie udało się ustawić (uid, gid) %s na (%u, %u)" -#: plugins/sudoers/visudo.c:760 +#: plugins/sudoers/visudo.c:787 #, c-format msgid "%s and %s not on the same file system, using mv to rename" msgstr "%s i %s nie są na tym samym systemie plików, użycie mv do zmiany nazwy" -#: plugins/sudoers/visudo.c:774 +#: plugins/sudoers/visudo.c:798 #, c-format msgid "command failed: '%s %s %s', %s unchanged" msgstr "polecenie nie powiodło się: '%s %s %s', %s nie zmieniony" -#: plugins/sudoers/visudo.c:784 +#: plugins/sudoers/visudo.c:805 #, c-format msgid "error renaming %s, %s unchanged" msgstr "błąd podczas zmiany nazwy %s, %s nie zmieniony" -#: plugins/sudoers/visudo.c:805 +#: plugins/sudoers/visudo.c:825 msgid "What now? " msgstr "Co teraz? " -#: plugins/sudoers/visudo.c:819 +#: plugins/sudoers/visudo.c:839 msgid "" "Options are:\n" " (e)dit sudoers file again\n" @@ -2970,66 +3621,41 @@ " (x) wyjście bez zapisu zmian do pliku sudoers\n" " (Q) wyjście i zapisanie zmian w pliku sudoers (NIEBEZPIECZNE!)\n" -#: plugins/sudoers/visudo.c:865 +#: plugins/sudoers/visudo.c:885 #, c-format msgid "unable to run %s" msgstr "nie udało się uruchomić %s" -#: plugins/sudoers/visudo.c:895 +#: plugins/sudoers/visudo.c:916 #, c-format msgid "%s: wrong owner (uid, gid) should be (%u, %u)\n" msgstr "%s: błędny właściciel, (uid, gid) powinny wynosić (%u, %u)\n" -#: plugins/sudoers/visudo.c:902 +#: plugins/sudoers/visudo.c:927 #, c-format msgid "%s: bad permissions, should be mode 0%o\n" msgstr "%s: błędne uprawnienia, powinny być 0%o\n" -#: plugins/sudoers/visudo.c:951 plugins/sudoers/visudo.c:958 +#: plugins/sudoers/visudo.c:978 plugins/sudoers/visudo.c:985 #, c-format msgid "%s: parsed OK\n" msgstr "%s: składnia poprawna\n" -#: plugins/sudoers/visudo.c:977 +#: plugins/sudoers/visudo.c:1004 #, c-format msgid "%s busy, try again later" msgstr "%s zajęty, proszę spróbować później" -#: plugins/sudoers/visudo.c:980 -#, c-format -msgid "unable to lock %s" -msgstr "nie udało się zablokować %s" - -#: plugins/sudoers/visudo.c:981 +#: plugins/sudoers/visudo.c:1008 msgid "Edit anyway? [y/N]" msgstr "Modyfikować mimo to? [y/N]" -#: plugins/sudoers/visudo.c:1091 -#, c-format -msgid "Error: %s:%d:%d: cycle in %s \"%s\"" -msgstr "Błąd: %s:%d:%d: cykl w %s \"%s\"" - -#: plugins/sudoers/visudo.c:1092 -#, c-format -msgid "Warning: %s:%d:%d: cycle in %s \"%s\"" -msgstr "Uwaga: %s:%d:%d: cykl w %s \"%s\"" - -#: plugins/sudoers/visudo.c:1096 -#, c-format -msgid "Error: %s:%d:%d: %s \"%s\" referenced but not defined" -msgstr "Błąd: %s:%d:%d: %s \"%s\" użyty, ale nie zdefiniowany" - -#: plugins/sudoers/visudo.c:1097 -#, c-format -msgid "Warning: %s:%d:%d: %s \"%s\" referenced but not defined" -msgstr "Uwaga: %s:%d:%d: %s \"%s\" użyty, ale nie zdefiniowany" - -#: plugins/sudoers/visudo.c:1188 +#: plugins/sudoers/visudo.c:1104 #, c-format msgid "Warning: %s:%d:%d: unused %s \"%s\"" msgstr "Uwaga: %s:%d:%d: nie użyty %s \"%s\"" -#: plugins/sudoers/visudo.c:1303 +#: plugins/sudoers/visudo.c:1220 #, c-format msgid "" "%s - safely edit the sudoers file\n" @@ -3038,7 +3664,7 @@ "%s - bezpieczna edycja pliku sudoers\n" "\n" -#: plugins/sudoers/visudo.c:1305 +#: plugins/sudoers/visudo.c:1222 msgid "" "\n" "Options:\n" @@ -3058,30 +3684,30 @@ " -s, --strict ścisłe sprawdzanie składni\n" " -V, --version wyświetlenie informacji o wersji i zakończenie\n" -#: toke.l:179 +#: toke.l:187 msgid "empty string" msgstr "pusty łańcuch" -#: toke.l:189 toke.l:491 +#: toke.l:199 toke.l:513 msgid "empty group" msgstr "pusta grupa" -#: toke.l:197 toke.l:489 +#: toke.l:209 toke.l:511 msgid "empty netgroup" msgstr "pusta grupa sieciowa" -#: toke.l:293 toke.l:305 toke.l:317 toke.l:333 toke.l:352 toke.l:392 +#: toke.l:305 toke.l:317 toke.l:329 toke.l:345 toke.l:364 toke.l:404 msgid "invalid line continuation" msgstr "błędna kontynuacja linii" -#: toke.l:528 toke.l:540 +#: toke.l:550 toke.l:562 msgid "invalid IPv6 address" msgstr "błędny adres IPv6" -#: toke.l:764 +#: toke.l:789 msgid "unexpected line break in string" msgstr "nieoczekiwany koniec linii w łańcuchu" -#: toke.l:1084 +#: toke.l:1139 msgid "too many levels of includes" msgstr "za dużo poziomów include" Binary files /tmp/tmpi0rdlgnl/ugezXHF7Xt/sudo-1.9.5p2/plugins/sudoers/po/pt.mo and /tmp/tmpi0rdlgnl/jboyaHmwzR/sudo-1.9.9/plugins/sudoers/po/pt.mo differ diff -Nru sudo-1.9.5p2/plugins/sudoers/po/pt.po sudo-1.9.9/plugins/sudoers/po/pt.po --- sudo-1.9.5p2/plugins/sudoers/po/pt.po 2020-12-17 01:33:44.000000000 +0000 +++ sudo-1.9.9/plugins/sudoers/po/pt.po 2022-01-27 21:24:06.000000000 +0000 @@ -2,14 +2,14 @@ # Copyright (C) 2018 Free Software Foundation, Inc. # This file is distributed under the same license as the sudo package. # Todd C. Miller , 2011-2018 -# Pedro Albuquerque , 2018, 2019, 2020. +# Pedro Albuquerque , 2018, 2019, 2020, 2021. # msgid "" msgstr "" -"Project-Id-Version: sudoers-1.9.4b1\n" +"Project-Id-Version: sudoers-1.9.8b2\n" "Report-Msgid-Bugs-To: https://bugzilla.sudo.ws\n" -"POT-Creation-Date: 2020-11-14 06:24-0700\n" -"PO-Revision-Date: 2020-11-18 07:00+0000\n" +"POT-Creation-Date: 2021-08-19 09:50-0600\n" +"PO-Revision-Date: 2021-08-22 07:21+0100\n" "Last-Translator: Pedro Albuquerque \n" "Language-Team: Portuguese \n" "Language: pt\n" @@ -18,9 +18,9 @@ "Content-Transfer-Encoding: 8bit\n" "X-Bugs: Report translation errors to the Language-Team address.\n" "Plural-Forms: nplurals=2; plural=(n > 1);\n" -"X-Generator: Geany / PoHelper 1.37\n" +"X-Generator: Poedit 2.3\n" -#: confstr.sh:1 gram.y:1077 +#: confstr.sh:1 gram.y:1191 msgid "syntax error" msgstr "erro de sintaxe" @@ -44,185 +44,236 @@ msgid "Sorry, try again." msgstr "Enganou-se, tente de novo." -#: gram.y:220 gram.y:286 gram.y:293 gram.y:300 gram.y:307 gram.y:314 -#: gram.y:334 gram.y:358 gram.y:365 gram.y:372 gram.y:379 gram.y:386 -#: gram.y:455 gram.y:464 gram.y:475 gram.y:510 gram.y:517 gram.y:524 -#: gram.y:531 gram.y:558 gram.y:654 gram.y:661 gram.y:670 gram.y:679 -#: gram.y:696 gram.y:834 gram.y:841 gram.y:849 gram.y:855 gram.y:971 -#: gram.y:978 gram.y:985 gram.y:992 gram.y:999 gram.y:1025 gram.y:1032 -#: gram.y:1039 gram.y:1236 gram.y:1526 lib/eventlog/eventlog.c:280 -#: lib/eventlog/eventlog.c:352 lib/eventlog/eventlog.c:753 -#: lib/eventlog/eventlog.c:817 lib/eventlog/eventlog.c:1062 -#: lib/iolog/iolog_fileio.c:998 lib/iolog/iolog_json.c:120 -#: lib/iolog/iolog_json.c:305 lib/iolog/iolog_json.c:335 -#: lib/iolog/iolog_json.c:457 lib/iolog/iolog_util.c:106 -#: lib/iolog/iolog_util.c:115 lib/iolog/iolog_util.c:125 -#: lib/iolog/iolog_util.c:133 lib/iolog/iolog_util.c:137 -#: lib/iolog/iolog_util.c:196 logsrvd/sendlog.c:480 -#: plugins/sudoers/alias.c:126 plugins/sudoers/alias.c:134 -#: plugins/sudoers/alias.c:153 plugins/sudoers/audit.c:115 -#: plugins/sudoers/audit.c:210 plugins/sudoers/auth/bsdauth.c:143 +#: gram.y:235 gram.y:302 gram.y:311 gram.y:320 gram.y:330 gram.y:340 +#: gram.y:364 gram.y:391 gram.y:400 gram.y:408 gram.y:417 gram.y:426 +#: gram.y:500 gram.y:510 gram.y:522 gram.y:566 gram.y:575 gram.y:584 +#: gram.y:593 gram.y:712 gram.y:720 gram.y:731 gram.y:743 gram.y:762 +#: gram.y:917 gram.y:922 gram.y:930 gram.y:940 gram.y:946 gram.y:1068 +#: gram.y:1077 gram.y:1085 gram.y:1094 gram.y:1103 gram.y:1132 gram.y:1141 +#: gram.y:1149 gram.y:1239 gram.y:1351 gram.y:1658 gram.y:1708 +#: lib/eventlog/eventlog.c:308 lib/eventlog/eventlog.c:381 +#: lib/eventlog/eventlog.c:783 lib/eventlog/eventlog.c:862 +#: lib/eventlog/eventlog.c:1146 lib/iolog/iolog_json.c:125 +#: lib/iolog/iolog_json.c:330 lib/iolog/iolog_json.c:360 +#: lib/iolog/iolog_json.c:503 lib/iolog/iolog_legacy.c:100 +#: lib/iolog/iolog_legacy.c:111 lib/iolog/iolog_legacy.c:123 +#: lib/iolog/iolog_legacy.c:133 lib/iolog/iolog_legacy.c:139 +#: lib/iolog/iolog_loginfo.c:76 lib/iolog/iolog_loginfo.c:210 +#: logsrvd/iolog_writer.c:85 logsrvd/iolog_writer.c:90 +#: logsrvd/iolog_writer.c:124 logsrvd/iolog_writer.c:172 +#: logsrvd/iolog_writer.c:212 logsrvd/iolog_writer.c:225 +#: logsrvd/iolog_writer.c:261 logsrvd/iolog_writer.c:286 +#: logsrvd/iolog_writer.c:301 logsrvd/iolog_writer.c:314 +#: logsrvd/iolog_writer.c:327 logsrvd/iolog_writer.c:340 +#: logsrvd/iolog_writer.c:355 logsrvd/iolog_writer.c:393 +#: logsrvd/iolog_writer.c:399 logsrvd/iolog_writer.c:406 +#: logsrvd/iolog_writer.c:412 logsrvd/iolog_writer.c:596 +#: logsrvd/logsrv_util.c:62 logsrvd/logsrvd.c:302 logsrvd/logsrvd.c:311 +#: logsrvd/logsrvd.c:1017 logsrvd/logsrvd.c:1079 logsrvd/logsrvd_conf.c:1361 +#: logsrvd/logsrvd_journal.c:71 logsrvd/logsrvd_journal.c:204 +#: logsrvd/logsrvd_journal.c:205 logsrvd/logsrvd_journal.c:261 +#: logsrvd/logsrvd_journal.c:426 logsrvd/logsrvd_journal.c:428 +#: logsrvd/logsrvd_local.c:173 logsrvd/logsrvd_local.c:174 +#: logsrvd/logsrvd_local.c:236 logsrvd/logsrvd_local.c:237 +#: logsrvd/logsrvd_local.c:317 logsrvd/logsrvd_local.c:318 +#: logsrvd/logsrvd_local.c:323 logsrvd/logsrvd_local.c:324 +#: logsrvd/logsrvd_queue.c:155 logsrvd/logsrvd_queue.c:185 +#: logsrvd/logsrvd_queue.c:262 logsrvd/logsrvd_relay.c:445 +#: logsrvd/logsrvd_relay.c:744 logsrvd/logsrvd_relay.c:846 +#: logsrvd/sendlog.c:302 logsrvd/sendlog.c:501 plugins/sudoers/audit.c:114 +#: plugins/sudoers/audit.c:271 plugins/sudoers/auth/bsdauth.c:143 #: plugins/sudoers/auth/kerb5.c:118 plugins/sudoers/auth/kerb5.c:144 -#: plugins/sudoers/auth/pam.c:669 plugins/sudoers/auth/rfc1938.c:111 -#: plugins/sudoers/auth/sia.c:59 plugins/sudoers/cvtsudoers.c:119 -#: plugins/sudoers/cvtsudoers.c:160 plugins/sudoers/cvtsudoers.c:177 -#: plugins/sudoers/cvtsudoers.c:188 plugins/sudoers/cvtsudoers.c:300 -#: plugins/sudoers/cvtsudoers.c:428 plugins/sudoers/cvtsudoers.c:561 -#: plugins/sudoers/cvtsudoers.c:578 plugins/sudoers/cvtsudoers.c:641 -#: plugins/sudoers/cvtsudoers.c:756 plugins/sudoers/cvtsudoers.c:764 -#: plugins/sudoers/cvtsudoers.c:1178 plugins/sudoers/cvtsudoers.c:1182 -#: plugins/sudoers/cvtsudoers.c:1284 plugins/sudoers/cvtsudoers_json.c:76 -#: plugins/sudoers/cvtsudoers_ldif.c:151 plugins/sudoers/cvtsudoers_ldif.c:194 -#: plugins/sudoers/cvtsudoers_ldif.c:235 plugins/sudoers/cvtsudoers_ldif.c:300 -#: plugins/sudoers/cvtsudoers_ldif.c:371 plugins/sudoers/cvtsudoers_ldif.c:421 -#: plugins/sudoers/cvtsudoers_ldif.c:429 plugins/sudoers/cvtsudoers_ldif.c:440 -#: plugins/sudoers/cvtsudoers_ldif.c:447 plugins/sudoers/cvtsudoers_ldif.c:460 -#: plugins/sudoers/cvtsudoers_ldif.c:468 plugins/sudoers/cvtsudoers_ldif.c:615 -#: plugins/sudoers/defaults.c:630 plugins/sudoers/defaults.c:923 -#: plugins/sudoers/defaults.c:1098 plugins/sudoers/editor.c:181 -#: plugins/sudoers/env.c:261 plugins/sudoers/exptilde.c:92 -#: plugins/sudoers/filedigest.c:54 plugins/sudoers/filedigest.c:70 -#: plugins/sudoers/gc.c:56 plugins/sudoers/group_plugin.c:133 -#: plugins/sudoers/interfaces.c:72 plugins/sudoers/iolog.c:596 -#: plugins/sudoers/iolog.c:613 plugins/sudoers/ldap.c:184 -#: plugins/sudoers/ldap.c:422 plugins/sudoers/ldap.c:432 -#: plugins/sudoers/ldap.c:437 plugins/sudoers/ldap.c:441 -#: plugins/sudoers/ldap.c:453 plugins/sudoers/ldap.c:744 -#: plugins/sudoers/ldap.c:908 plugins/sudoers/ldap.c:1281 -#: plugins/sudoers/ldap.c:1709 plugins/sudoers/ldap.c:1746 -#: plugins/sudoers/ldap.c:1827 plugins/sudoers/ldap.c:1962 -#: plugins/sudoers/ldap.c:2063 plugins/sudoers/ldap.c:2079 -#: plugins/sudoers/ldap_conf.c:218 plugins/sudoers/ldap_conf.c:249 -#: plugins/sudoers/ldap_conf.c:301 plugins/sudoers/ldap_conf.c:337 -#: plugins/sudoers/ldap_conf.c:441 plugins/sudoers/ldap_conf.c:456 -#: plugins/sudoers/ldap_conf.c:553 plugins/sudoers/ldap_conf.c:586 -#: plugins/sudoers/ldap_conf.c:678 plugins/sudoers/ldap_conf.c:760 -#: plugins/sudoers/ldap_util.c:326 plugins/sudoers/ldap_util.c:333 -#: plugins/sudoers/ldap_util.c:603 plugins/sudoers/linux_audit.c:84 -#: plugins/sudoers/log_client.c:105 plugins/sudoers/log_client.c:381 -#: plugins/sudoers/log_client.c:688 plugins/sudoers/log_client.c:706 -#: plugins/sudoers/log_client.c:1407 plugins/sudoers/log_client.c:1620 -#: plugins/sudoers/log_client.c:1942 plugins/sudoers/log_client.c:1999 -#: plugins/sudoers/logging.c:100 plugins/sudoers/logging.c:166 -#: plugins/sudoers/logging.c:426 plugins/sudoers/logging.c:446 -#: plugins/sudoers/logging.c:527 plugins/sudoers/match_command.c:281 -#: plugins/sudoers/match_command.c:449 plugins/sudoers/match_command.c:499 -#: plugins/sudoers/match_command.c:573 plugins/sudoers/match_digest.c:93 -#: plugins/sudoers/parse.c:199 plugins/sudoers/parse.c:213 -#: plugins/sudoers/parse.c:230 plugins/sudoers/parse.c:244 -#: plugins/sudoers/parse.c:264 plugins/sudoers/parse.c:275 +#: plugins/sudoers/auth/pam.c:691 plugins/sudoers/auth/rfc1938.c:111 +#: plugins/sudoers/auth/sia.c:59 plugins/sudoers/check_aliases.c:95 +#: plugins/sudoers/cvtsudoers.c:119 plugins/sudoers/cvtsudoers.c:160 +#: plugins/sudoers/cvtsudoers.c:177 plugins/sudoers/cvtsudoers.c:188 +#: plugins/sudoers/cvtsudoers.c:300 plugins/sudoers/cvtsudoers.c:428 +#: plugins/sudoers/cvtsudoers.c:561 plugins/sudoers/cvtsudoers.c:578 +#: plugins/sudoers/cvtsudoers.c:646 plugins/sudoers/cvtsudoers.c:761 +#: plugins/sudoers/cvtsudoers.c:769 plugins/sudoers/cvtsudoers.c:1183 +#: plugins/sudoers/cvtsudoers.c:1187 plugins/sudoers/cvtsudoers.c:1289 +#: plugins/sudoers/cvtsudoers_json.c:76 plugins/sudoers/cvtsudoers_ldif.c:151 +#: plugins/sudoers/cvtsudoers_ldif.c:194 plugins/sudoers/cvtsudoers_ldif.c:235 +#: plugins/sudoers/cvtsudoers_ldif.c:300 plugins/sudoers/cvtsudoers_ldif.c:371 +#: plugins/sudoers/cvtsudoers_ldif.c:425 plugins/sudoers/cvtsudoers_ldif.c:433 +#: plugins/sudoers/cvtsudoers_ldif.c:444 plugins/sudoers/cvtsudoers_ldif.c:451 +#: plugins/sudoers/cvtsudoers_ldif.c:464 plugins/sudoers/cvtsudoers_ldif.c:472 +#: plugins/sudoers/cvtsudoers_ldif.c:619 plugins/sudoers/defaults.c:652 +#: plugins/sudoers/defaults.c:947 plugins/sudoers/defaults.c:1122 +#: plugins/sudoers/editor.c:190 plugins/sudoers/env.c:262 +#: plugins/sudoers/exptilde.c:92 plugins/sudoers/filedigest.c:54 +#: plugins/sudoers/filedigest.c:70 plugins/sudoers/gc.c:57 +#: plugins/sudoers/group_plugin.c:133 plugins/sudoers/interfaces.c:68 +#: plugins/sudoers/iolog.c:606 plugins/sudoers/iolog.c:623 +#: plugins/sudoers/ldap.c:184 plugins/sudoers/ldap.c:422 +#: plugins/sudoers/ldap.c:432 plugins/sudoers/ldap.c:437 +#: plugins/sudoers/ldap.c:441 plugins/sudoers/ldap.c:453 +#: plugins/sudoers/ldap.c:744 plugins/sudoers/ldap.c:908 +#: plugins/sudoers/ldap.c:1281 plugins/sudoers/ldap.c:1709 +#: plugins/sudoers/ldap.c:1746 plugins/sudoers/ldap.c:1827 +#: plugins/sudoers/ldap.c:1962 plugins/sudoers/ldap.c:2063 +#: plugins/sudoers/ldap.c:2079 plugins/sudoers/ldap_conf.c:218 +#: plugins/sudoers/ldap_conf.c:249 plugins/sudoers/ldap_conf.c:301 +#: plugins/sudoers/ldap_conf.c:337 plugins/sudoers/ldap_conf.c:441 +#: plugins/sudoers/ldap_conf.c:456 plugins/sudoers/ldap_conf.c:553 +#: plugins/sudoers/ldap_conf.c:586 plugins/sudoers/ldap_conf.c:678 +#: plugins/sudoers/ldap_conf.c:760 plugins/sudoers/ldap_util.c:293 +#: plugins/sudoers/ldap_util.c:300 plugins/sudoers/ldap_util.c:615 +#: plugins/sudoers/linux_audit.c:86 plugins/sudoers/log_client.c:108 +#: plugins/sudoers/log_client.c:386 plugins/sudoers/log_client.c:699 +#: plugins/sudoers/log_client.c:720 plugins/sudoers/log_client.c:1440 +#: plugins/sudoers/log_client.c:1656 plugins/sudoers/log_client.c:1980 +#: plugins/sudoers/log_client.c:2037 plugins/sudoers/logging.c:101 +#: plugins/sudoers/logging.c:181 plugins/sudoers/logging.c:465 +#: plugins/sudoers/logging.c:485 plugins/sudoers/logging.c:627 +#: plugins/sudoers/match_command.c:297 plugins/sudoers/match_command.c:497 +#: plugins/sudoers/match_command.c:546 plugins/sudoers/match_command.c:618 +#: plugins/sudoers/match_command.c:666 plugins/sudoers/match_digest.c:93 +#: plugins/sudoers/parse.c:201 plugins/sudoers/parse.c:218 +#: plugins/sudoers/parse.c:238 plugins/sudoers/parse.c:255 +#: plugins/sudoers/parse.c:278 plugins/sudoers/parse.c:289 #: plugins/sudoers/parse_ldif.c:153 plugins/sudoers/parse_ldif.c:184 #: plugins/sudoers/parse_ldif.c:253 plugins/sudoers/parse_ldif.c:260 #: plugins/sudoers/parse_ldif.c:265 plugins/sudoers/parse_ldif.c:341 #: plugins/sudoers/parse_ldif.c:352 plugins/sudoers/parse_ldif.c:379 #: plugins/sudoers/parse_ldif.c:396 plugins/sudoers/parse_ldif.c:408 #: plugins/sudoers/parse_ldif.c:412 plugins/sudoers/parse_ldif.c:426 -#: plugins/sudoers/parse_ldif.c:594 plugins/sudoers/parse_ldif.c:624 -#: plugins/sudoers/parse_ldif.c:649 plugins/sudoers/parse_ldif.c:707 -#: plugins/sudoers/parse_ldif.c:724 plugins/sudoers/parse_ldif.c:752 -#: plugins/sudoers/parse_ldif.c:759 plugins/sudoers/policy.c:526 -#: plugins/sudoers/policy.c:874 plugins/sudoers/prompt.c:93 -#: plugins/sudoers/pwutil.c:194 plugins/sudoers/pwutil.c:265 -#: plugins/sudoers/pwutil.c:343 plugins/sudoers/pwutil.c:517 -#: plugins/sudoers/pwutil.c:581 plugins/sudoers/pwutil.c:652 -#: plugins/sudoers/pwutil.c:811 plugins/sudoers/pwutil.c:867 -#: plugins/sudoers/pwutil.c:911 plugins/sudoers/pwutil.c:968 -#: plugins/sudoers/sssd.c:145 plugins/sudoers/sssd.c:407 -#: plugins/sudoers/sssd.c:470 plugins/sudoers/sssd.c:514 -#: plugins/sudoers/sssd.c:561 plugins/sudoers/sssd.c:754 -#: plugins/sudoers/stubs.c:110 plugins/sudoers/stubs.c:118 -#: plugins/sudoers/sudoers.c:300 plugins/sudoers/sudoers.c:326 -#: plugins/sudoers/sudoers.c:370 plugins/sudoers/sudoers.c:381 -#: plugins/sudoers/sudoers.c:391 plugins/sudoers/sudoers.c:433 -#: plugins/sudoers/sudoers.c:794 plugins/sudoers/sudoers.c:927 -#: plugins/sudoers/sudoers.c:961 plugins/sudoers/sudoers.c:1265 -#: plugins/sudoers/sudoreplay.c:552 plugins/sudoers/sudoreplay.c:555 -#: plugins/sudoers/sudoreplay.c:1259 plugins/sudoers/sudoreplay.c:1469 -#: plugins/sudoers/sudoreplay.c:1473 plugins/sudoers/testsudoers.c:128 -#: plugins/sudoers/testsudoers.c:228 plugins/sudoers/testsudoers.c:245 -#: plugins/sudoers/testsudoers.c:587 plugins/sudoers/timestamp.c:432 -#: plugins/sudoers/timestamp.c:476 plugins/sudoers/timestamp.c:986 -#: plugins/sudoers/toke_util.c:51 plugins/sudoers/toke_util.c:104 -#: plugins/sudoers/toke_util.c:129 plugins/sudoers/toke_util.c:157 -#: plugins/sudoers/tsdump.c:123 plugins/sudoers/visudo.c:145 -#: plugins/sudoers/visudo.c:323 plugins/sudoers/visudo.c:329 -#: plugins/sudoers/visudo.c:439 plugins/sudoers/visudo.c:615 -#: plugins/sudoers/visudo.c:935 plugins/sudoers/visudo.c:1008 -#: plugins/sudoers/visudo.c:1129 toke.l:913 toke.l:1033 toke.l:1091 +#: plugins/sudoers/parse_ldif.c:483 plugins/sudoers/parse_ldif.c:596 +#: plugins/sudoers/parse_ldif.c:626 plugins/sudoers/parse_ldif.c:651 +#: plugins/sudoers/parse_ldif.c:709 plugins/sudoers/parse_ldif.c:726 +#: plugins/sudoers/parse_ldif.c:754 plugins/sudoers/parse_ldif.c:761 +#: plugins/sudoers/policy.c:556 plugins/sudoers/policy.c:923 +#: plugins/sudoers/prompt.c:93 plugins/sudoers/pwutil.c:195 +#: plugins/sudoers/pwutil.c:266 plugins/sudoers/pwutil.c:344 +#: plugins/sudoers/pwutil.c:518 plugins/sudoers/pwutil.c:583 +#: plugins/sudoers/pwutil.c:655 plugins/sudoers/pwutil.c:853 +#: plugins/sudoers/pwutil.c:909 plugins/sudoers/pwutil.c:953 +#: plugins/sudoers/pwutil.c:1010 plugins/sudoers/sssd.c:145 +#: plugins/sudoers/sssd.c:407 plugins/sudoers/sssd.c:470 +#: plugins/sudoers/sssd.c:514 plugins/sudoers/sssd.c:561 +#: plugins/sudoers/sssd.c:754 plugins/sudoers/strvec_join.c:53 +#: plugins/sudoers/stubs.c:111 plugins/sudoers/stubs.c:119 +#: plugins/sudoers/sudoers.c:335 plugins/sudoers/sudoers.c:361 +#: plugins/sudoers/sudoers.c:429 plugins/sudoers/sudoers.c:438 +#: plugins/sudoers/sudoers.c:479 plugins/sudoers/sudoers.c:833 +#: plugins/sudoers/sudoers.c:971 plugins/sudoers/sudoers.c:1030 +#: plugins/sudoers/sudoers.c:1296 plugins/sudoers/sudoreplay.c:562 +#: plugins/sudoers/sudoreplay.c:565 plugins/sudoers/sudoreplay.c:1280 +#: plugins/sudoers/sudoreplay.c:1490 plugins/sudoers/sudoreplay.c:1494 +#: plugins/sudoers/testsudoers.c:120 plugins/sudoers/testsudoers.c:224 +#: plugins/sudoers/testsudoers.c:241 plugins/sudoers/testsudoers.c:580 +#: plugins/sudoers/timestamp.c:424 plugins/sudoers/timestamp.c:468 +#: plugins/sudoers/timestamp.c:980 plugins/sudoers/timestamp.c:1118 +#: plugins/sudoers/toke_util.c:77 plugins/sudoers/toke_util.c:105 +#: plugins/sudoers/toke_util.c:130 plugins/sudoers/toke_util.c:155 +#: plugins/sudoers/toke_util.c:193 plugins/sudoers/tsdump.c:123 +#: plugins/sudoers/visudo.c:143 plugins/sudoers/visudo.c:321 +#: plugins/sudoers/visudo.c:327 plugins/sudoers/visudo.c:433 +#: plugins/sudoers/visudo.c:609 plugins/sudoers/visudo.c:926 +#: plugins/sudoers/visudo.c:999 toke.l:938 toke.l:1067 toke.l:1127 msgid "unable to allocate memory" msgstr "impossível alocar memória" -#: gram.y:552 +#: gram.y:617 msgid "a digest requires a path name" msgstr "um resumo requer um nome de caminho" -#: gram.y:581 +#: gram.y:639 msgid "values for \"CWD\" must start with a '/', '~', or '*'" msgstr "valores para \"CWD\" têm de começar por '/', '~' ou '*'" -#: gram.y:593 +#: gram.y:651 msgid "values for \"CHROOT\" must start with a '/', '~', or '*'" msgstr "valores para \"CHROOT\" têm de começar com \"/\", \"~\" ou \"*\"" -#: gram.y:715 +#: gram.y:782 #, c-format msgid "syntax error, reserved word %s used as an alias name" msgstr "erro de sintaxe, palavra reservada %s utilizada como nome aliás" -#: gram.y:735 +#: gram.y:805 msgid "invalid notbefore value" msgstr "valor notbefore inválido" -#: gram.y:743 +#: gram.y:814 msgid "invalid notafter value" msgstr "valor notafter inválido" -#: gram.y:752 plugins/sudoers/policy.c:335 +#: gram.y:824 plugins/sudoers/policy.c:345 msgid "timeout value too large" msgstr "valor de inacção muito grande" -#: gram.y:754 plugins/sudoers/policy.c:337 +#: gram.y:826 plugins/sudoers/policy.c:347 msgid "invalid timeout value" msgstr "valor de inacção inválido" -#: gram.y:1079 +#: gram.y:1193 #, c-format msgid "%s:%d:%d: %s\n" msgstr "%s:%d:%d: %s\n" -#: gram.y:1526 lib/eventlog/eventlog.c:280 lib/eventlog/eventlog.c:753 -#: lib/eventlog/eventlog.c:815 lib/eventlog/eventlog.c:816 -#: lib/eventlog/eventlog.c:1062 lib/iolog/iolog_fileio.c:998 -#: lib/iolog/iolog_json.c:120 lib/iolog/iolog_json.c:304 -#: lib/iolog/iolog_json.c:335 lib/iolog/iolog_json.c:457 -#: lib/iolog/iolog_json.c:735 lib/iolog/iolog_util.c:106 -#: lib/iolog/iolog_util.c:115 lib/iolog/iolog_util.c:125 -#: lib/iolog/iolog_util.c:133 lib/iolog/iolog_util.c:137 -#: lib/iolog/iolog_util.c:196 logsrvd/logsrvd.c:1280 logsrvd/logsrvd.c:1293 -#: logsrvd/logsrvd.c:1338 logsrvd/sendlog.c:480 logsrvd/sendlog.c:1321 -#: logsrvd/sendlog.c:1328 logsrvd/sendlog.c:1746 plugins/sudoers/audit.c:115 -#: plugins/sudoers/audit.c:210 plugins/sudoers/auth/pam.c:482 -#: plugins/sudoers/auth/pam.c:669 plugins/sudoers/auth/rfc1938.c:111 +#: gram.y:1237 +#, c-format +msgid "Alias \"%s\" already defined" +msgstr "Aliás \"%s\" já definido" + +#: gram.y:1658 gram.y:1708 lib/eventlog/eventlog.c:308 +#: lib/eventlog/eventlog.c:783 lib/eventlog/eventlog.c:858 +#: lib/eventlog/eventlog.c:861 lib/eventlog/eventlog.c:1146 +#: lib/iolog/iolog_json.c:125 lib/iolog/iolog_json.c:329 +#: lib/iolog/iolog_json.c:360 lib/iolog/iolog_json.c:503 +#: lib/iolog/iolog_legacy.c:100 lib/iolog/iolog_legacy.c:111 +#: lib/iolog/iolog_legacy.c:123 lib/iolog/iolog_legacy.c:133 +#: lib/iolog/iolog_legacy.c:139 lib/iolog/iolog_loginfo.c:76 +#: lib/iolog/iolog_loginfo.c:210 logsrvd/iolog_writer.c:85 +#: logsrvd/iolog_writer.c:90 logsrvd/iolog_writer.c:124 +#: logsrvd/iolog_writer.c:162 logsrvd/iolog_writer.c:171 +#: logsrvd/iolog_writer.c:189 logsrvd/iolog_writer.c:211 +#: logsrvd/iolog_writer.c:224 logsrvd/iolog_writer.c:251 +#: logsrvd/iolog_writer.c:260 logsrvd/iolog_writer.c:276 +#: logsrvd/iolog_writer.c:285 logsrvd/iolog_writer.c:300 +#: logsrvd/iolog_writer.c:313 logsrvd/iolog_writer.c:326 +#: logsrvd/iolog_writer.c:339 logsrvd/iolog_writer.c:354 +#: logsrvd/iolog_writer.c:393 logsrvd/iolog_writer.c:399 +#: logsrvd/iolog_writer.c:406 logsrvd/iolog_writer.c:412 +#: logsrvd/iolog_writer.c:596 logsrvd/logsrv_util.c:62 logsrvd/logsrvd.c:302 +#: logsrvd/logsrvd.c:311 logsrvd/logsrvd.c:454 logsrvd/logsrvd.c:491 +#: logsrvd/logsrvd.c:599 logsrvd/logsrvd.c:1090 logsrvd/logsrvd.c:1402 +#: logsrvd/logsrvd.c:1408 logsrvd/logsrvd_conf.c:1361 +#: logsrvd/logsrvd_journal.c:71 logsrvd/logsrvd_journal.c:115 +#: logsrvd/logsrvd_journal.c:204 logsrvd/logsrvd_journal.c:234 +#: logsrvd/logsrvd_journal.c:238 logsrvd/logsrvd_journal.c:246 +#: logsrvd/logsrvd_journal.c:269 logsrvd/logsrvd_journal.c:273 +#: logsrvd/logsrvd_journal.c:426 logsrvd/logsrvd_local.c:173 +#: logsrvd/logsrvd_local.c:236 logsrvd/logsrvd_local.c:317 +#: logsrvd/logsrvd_local.c:323 logsrvd/logsrvd_local.c:342 +#: logsrvd/logsrvd_queue.c:154 logsrvd/logsrvd_queue.c:185 +#: logsrvd/logsrvd_queue.c:262 logsrvd/sendlog.c:302 logsrvd/sendlog.c:501 +#: logsrvd/sendlog.c:1353 logsrvd/sendlog.c:1360 logsrvd/sendlog.c:1563 +#: logsrvd/tls_init.c:218 logsrvd/tls_init.c:239 logsrvd/tls_init.c:249 +#: plugins/sudoers/audit.c:114 plugins/sudoers/audit.c:271 +#: plugins/sudoers/auth/pam.c:505 plugins/sudoers/auth/pam.c:691 +#: plugins/sudoers/auth/rfc1938.c:111 plugins/sudoers/check_aliases.c:95 #: plugins/sudoers/cvtsudoers.c:119 plugins/sudoers/cvtsudoers.c:159 #: plugins/sudoers/cvtsudoers.c:176 plugins/sudoers/cvtsudoers.c:187 #: plugins/sudoers/cvtsudoers.c:299 plugins/sudoers/cvtsudoers.c:427 #: plugins/sudoers/cvtsudoers.c:560 plugins/sudoers/cvtsudoers.c:577 -#: plugins/sudoers/cvtsudoers.c:641 plugins/sudoers/cvtsudoers.c:756 -#: plugins/sudoers/cvtsudoers.c:763 plugins/sudoers/cvtsudoers.c:1178 -#: plugins/sudoers/cvtsudoers.c:1182 plugins/sudoers/cvtsudoers.c:1284 +#: plugins/sudoers/cvtsudoers.c:646 plugins/sudoers/cvtsudoers.c:761 +#: plugins/sudoers/cvtsudoers.c:768 plugins/sudoers/cvtsudoers.c:1183 +#: plugins/sudoers/cvtsudoers.c:1187 plugins/sudoers/cvtsudoers.c:1289 #: plugins/sudoers/cvtsudoers_json.c:75 plugins/sudoers/cvtsudoers_ldif.c:150 #: plugins/sudoers/cvtsudoers_ldif.c:193 plugins/sudoers/cvtsudoers_ldif.c:234 #: plugins/sudoers/cvtsudoers_ldif.c:299 plugins/sudoers/cvtsudoers_ldif.c:370 -#: plugins/sudoers/cvtsudoers_ldif.c:420 plugins/sudoers/cvtsudoers_ldif.c:428 -#: plugins/sudoers/cvtsudoers_ldif.c:439 plugins/sudoers/cvtsudoers_ldif.c:446 -#: plugins/sudoers/cvtsudoers_ldif.c:459 plugins/sudoers/cvtsudoers_ldif.c:467 -#: plugins/sudoers/cvtsudoers_ldif.c:614 plugins/sudoers/defaults.c:630 -#: plugins/sudoers/defaults.c:923 plugins/sudoers/defaults.c:1098 -#: plugins/sudoers/editor.c:181 plugins/sudoers/env.c:261 +#: plugins/sudoers/cvtsudoers_ldif.c:424 plugins/sudoers/cvtsudoers_ldif.c:432 +#: plugins/sudoers/cvtsudoers_ldif.c:443 plugins/sudoers/cvtsudoers_ldif.c:450 +#: plugins/sudoers/cvtsudoers_ldif.c:463 plugins/sudoers/cvtsudoers_ldif.c:471 +#: plugins/sudoers/cvtsudoers_ldif.c:618 plugins/sudoers/defaults.c:652 +#: plugins/sudoers/defaults.c:947 plugins/sudoers/defaults.c:1122 +#: plugins/sudoers/editor.c:190 plugins/sudoers/env.c:262 #: plugins/sudoers/exptilde.c:92 plugins/sudoers/filedigest.c:54 -#: plugins/sudoers/filedigest.c:70 plugins/sudoers/gc.c:56 -#: plugins/sudoers/group_plugin.c:132 plugins/sudoers/interfaces.c:72 -#: plugins/sudoers/iolog.c:596 plugins/sudoers/iolog.c:613 +#: plugins/sudoers/filedigest.c:70 plugins/sudoers/gc.c:57 +#: plugins/sudoers/group_plugin.c:132 plugins/sudoers/interfaces.c:68 +#: plugins/sudoers/iolog.c:606 plugins/sudoers/iolog.c:623 #: plugins/sudoers/ldap.c:184 plugins/sudoers/ldap.c:422 #: plugins/sudoers/ldap.c:432 plugins/sudoers/ldap.c:437 #: plugins/sudoers/ldap.c:441 plugins/sudoers/ldap.c:453 @@ -235,677 +286,1018 @@ #: plugins/sudoers/ldap_conf.c:337 plugins/sudoers/ldap_conf.c:441 #: plugins/sudoers/ldap_conf.c:456 plugins/sudoers/ldap_conf.c:553 #: plugins/sudoers/ldap_conf.c:586 plugins/sudoers/ldap_conf.c:677 -#: plugins/sudoers/ldap_conf.c:760 plugins/sudoers/ldap_util.c:325 -#: plugins/sudoers/ldap_util.c:332 plugins/sudoers/ldap_util.c:603 -#: plugins/sudoers/linux_audit.c:84 plugins/sudoers/log_client.c:105 -#: plugins/sudoers/log_client.c:214 plugins/sudoers/log_client.c:235 -#: plugins/sudoers/log_client.c:248 plugins/sudoers/log_client.c:381 -#: plugins/sudoers/log_client.c:688 plugins/sudoers/log_client.c:706 -#: plugins/sudoers/log_client.c:1407 plugins/sudoers/log_client.c:1620 -#: plugins/sudoers/log_client.c:1942 plugins/sudoers/log_client.c:1999 -#: plugins/sudoers/logging.c:100 plugins/sudoers/logging.c:165 -#: plugins/sudoers/logging.c:166 plugins/sudoers/logging.c:425 -#: plugins/sudoers/logging.c:445 plugins/sudoers/logging.c:527 -#: plugins/sudoers/match_command.c:280 plugins/sudoers/match_command.c:448 -#: plugins/sudoers/match_command.c:498 plugins/sudoers/match_command.c:573 -#: plugins/sudoers/match_digest.c:93 plugins/sudoers/parse.c:198 -#: plugins/sudoers/parse.c:212 plugins/sudoers/parse.c:229 -#: plugins/sudoers/parse.c:243 plugins/sudoers/parse.c:263 -#: plugins/sudoers/parse.c:274 plugins/sudoers/parse_ldif.c:152 -#: plugins/sudoers/parse_ldif.c:183 plugins/sudoers/parse_ldif.c:252 -#: plugins/sudoers/parse_ldif.c:259 plugins/sudoers/parse_ldif.c:264 -#: plugins/sudoers/parse_ldif.c:340 plugins/sudoers/parse_ldif.c:351 -#: plugins/sudoers/parse_ldif.c:378 plugins/sudoers/parse_ldif.c:395 -#: plugins/sudoers/parse_ldif.c:407 plugins/sudoers/parse_ldif.c:411 -#: plugins/sudoers/parse_ldif.c:425 plugins/sudoers/parse_ldif.c:594 -#: plugins/sudoers/parse_ldif.c:623 plugins/sudoers/parse_ldif.c:648 -#: plugins/sudoers/parse_ldif.c:706 plugins/sudoers/parse_ldif.c:723 -#: plugins/sudoers/parse_ldif.c:751 plugins/sudoers/parse_ldif.c:758 -#: plugins/sudoers/policy.c:139 plugins/sudoers/policy.c:148 -#: plugins/sudoers/policy.c:157 plugins/sudoers/policy.c:183 -#: plugins/sudoers/policy.c:320 plugins/sudoers/policy.c:335 -#: plugins/sudoers/policy.c:337 plugins/sudoers/policy.c:366 -#: plugins/sudoers/policy.c:375 plugins/sudoers/policy.c:418 -#: plugins/sudoers/policy.c:428 plugins/sudoers/policy.c:437 -#: plugins/sudoers/policy.c:446 plugins/sudoers/policy.c:526 -#: plugins/sudoers/policy.c:874 plugins/sudoers/prompt.c:93 -#: plugins/sudoers/pwutil.c:194 plugins/sudoers/pwutil.c:265 -#: plugins/sudoers/pwutil.c:343 plugins/sudoers/pwutil.c:517 -#: plugins/sudoers/pwutil.c:581 plugins/sudoers/pwutil.c:652 -#: plugins/sudoers/pwutil.c:811 plugins/sudoers/pwutil.c:867 -#: plugins/sudoers/pwutil.c:911 plugins/sudoers/pwutil.c:968 -#: plugins/sudoers/set_perms.c:359 plugins/sudoers/set_perms.c:698 -#: plugins/sudoers/set_perms.c:1061 plugins/sudoers/set_perms.c:1364 -#: plugins/sudoers/set_perms.c:1529 plugins/sudoers/sssd.c:144 +#: plugins/sudoers/ldap_conf.c:760 plugins/sudoers/ldap_util.c:292 +#: plugins/sudoers/ldap_util.c:299 plugins/sudoers/ldap_util.c:615 +#: plugins/sudoers/linux_audit.c:86 plugins/sudoers/log_client.c:108 +#: plugins/sudoers/log_client.c:217 plugins/sudoers/log_client.c:238 +#: plugins/sudoers/log_client.c:251 plugins/sudoers/log_client.c:386 +#: plugins/sudoers/log_client.c:699 plugins/sudoers/log_client.c:720 +#: plugins/sudoers/log_client.c:1440 plugins/sudoers/log_client.c:1656 +#: plugins/sudoers/log_client.c:1980 plugins/sudoers/log_client.c:2037 +#: plugins/sudoers/logging.c:101 plugins/sudoers/logging.c:180 +#: plugins/sudoers/logging.c:181 plugins/sudoers/logging.c:464 +#: plugins/sudoers/logging.c:484 plugins/sudoers/logging.c:627 +#: plugins/sudoers/match_command.c:296 plugins/sudoers/match_command.c:496 +#: plugins/sudoers/match_command.c:545 plugins/sudoers/match_command.c:618 +#: plugins/sudoers/match_command.c:665 plugins/sudoers/match_digest.c:93 +#: plugins/sudoers/parse.c:200 plugins/sudoers/parse.c:217 +#: plugins/sudoers/parse.c:237 plugins/sudoers/parse.c:254 +#: plugins/sudoers/parse.c:277 plugins/sudoers/parse.c:288 +#: plugins/sudoers/parse_ldif.c:152 plugins/sudoers/parse_ldif.c:183 +#: plugins/sudoers/parse_ldif.c:252 plugins/sudoers/parse_ldif.c:259 +#: plugins/sudoers/parse_ldif.c:264 plugins/sudoers/parse_ldif.c:340 +#: plugins/sudoers/parse_ldif.c:351 plugins/sudoers/parse_ldif.c:378 +#: plugins/sudoers/parse_ldif.c:395 plugins/sudoers/parse_ldif.c:407 +#: plugins/sudoers/parse_ldif.c:411 plugins/sudoers/parse_ldif.c:425 +#: plugins/sudoers/parse_ldif.c:483 plugins/sudoers/parse_ldif.c:596 +#: plugins/sudoers/parse_ldif.c:625 plugins/sudoers/parse_ldif.c:650 +#: plugins/sudoers/parse_ldif.c:708 plugins/sudoers/parse_ldif.c:725 +#: plugins/sudoers/parse_ldif.c:753 plugins/sudoers/parse_ldif.c:760 +#: plugins/sudoers/policy.c:152 plugins/sudoers/policy.c:161 +#: plugins/sudoers/policy.c:170 plugins/sudoers/policy.c:197 +#: plugins/sudoers/policy.c:330 plugins/sudoers/policy.c:345 +#: plugins/sudoers/policy.c:347 plugins/sudoers/policy.c:377 +#: plugins/sudoers/policy.c:386 plugins/sudoers/policy.c:434 +#: plugins/sudoers/policy.c:444 plugins/sudoers/policy.c:453 +#: plugins/sudoers/policy.c:462 plugins/sudoers/policy.c:556 +#: plugins/sudoers/policy.c:923 plugins/sudoers/prompt.c:93 +#: plugins/sudoers/pwutil.c:195 plugins/sudoers/pwutil.c:266 +#: plugins/sudoers/pwutil.c:344 plugins/sudoers/pwutil.c:518 +#: plugins/sudoers/pwutil.c:583 plugins/sudoers/pwutil.c:655 +#: plugins/sudoers/pwutil.c:853 plugins/sudoers/pwutil.c:909 +#: plugins/sudoers/pwutil.c:953 plugins/sudoers/pwutil.c:1010 +#: plugins/sudoers/set_perms.c:363 plugins/sudoers/set_perms.c:706 +#: plugins/sudoers/set_perms.c:1073 plugins/sudoers/set_perms.c:1380 +#: plugins/sudoers/set_perms.c:1549 plugins/sudoers/sssd.c:144 #: plugins/sudoers/sssd.c:407 plugins/sudoers/sssd.c:470 #: plugins/sudoers/sssd.c:514 plugins/sudoers/sssd.c:561 -#: plugins/sudoers/sssd.c:754 plugins/sudoers/stubs.c:110 -#: plugins/sudoers/stubs.c:118 plugins/sudoers/sudoers.c:300 -#: plugins/sudoers/sudoers.c:326 plugins/sudoers/sudoers.c:370 -#: plugins/sudoers/sudoers.c:381 plugins/sudoers/sudoers.c:391 -#: plugins/sudoers/sudoers.c:433 plugins/sudoers/sudoers.c:794 -#: plugins/sudoers/sudoers.c:927 plugins/sudoers/sudoers.c:961 -#: plugins/sudoers/sudoers.c:1265 plugins/sudoers/sudoreplay.c:552 -#: plugins/sudoers/sudoreplay.c:555 plugins/sudoers/sudoreplay.c:1259 -#: plugins/sudoers/sudoreplay.c:1469 plugins/sudoers/sudoreplay.c:1473 -#: plugins/sudoers/testsudoers.c:128 plugins/sudoers/testsudoers.c:228 -#: plugins/sudoers/testsudoers.c:245 plugins/sudoers/testsudoers.c:587 -#: plugins/sudoers/timestamp.c:432 plugins/sudoers/timestamp.c:476 -#: plugins/sudoers/timestamp.c:986 plugins/sudoers/toke_util.c:51 -#: plugins/sudoers/toke_util.c:104 plugins/sudoers/toke_util.c:128 -#: plugins/sudoers/toke_util.c:157 plugins/sudoers/tsdump.c:123 -#: plugins/sudoers/visudo.c:145 plugins/sudoers/visudo.c:323 -#: plugins/sudoers/visudo.c:329 plugins/sudoers/visudo.c:439 -#: plugins/sudoers/visudo.c:615 plugins/sudoers/visudo.c:935 -#: plugins/sudoers/visudo.c:1008 plugins/sudoers/visudo.c:1129 toke.l:913 -#: toke.l:1033 toke.l:1091 +#: plugins/sudoers/sssd.c:754 plugins/sudoers/strvec_join.c:53 +#: plugins/sudoers/stubs.c:111 plugins/sudoers/stubs.c:119 +#: plugins/sudoers/sudoers.c:335 plugins/sudoers/sudoers.c:361 +#: plugins/sudoers/sudoers.c:429 plugins/sudoers/sudoers.c:438 +#: plugins/sudoers/sudoers.c:479 plugins/sudoers/sudoers.c:833 +#: plugins/sudoers/sudoers.c:971 plugins/sudoers/sudoers.c:1030 +#: plugins/sudoers/sudoers.c:1296 plugins/sudoers/sudoreplay.c:562 +#: plugins/sudoers/sudoreplay.c:565 plugins/sudoers/sudoreplay.c:1280 +#: plugins/sudoers/sudoreplay.c:1490 plugins/sudoers/sudoreplay.c:1494 +#: plugins/sudoers/testsudoers.c:120 plugins/sudoers/testsudoers.c:224 +#: plugins/sudoers/testsudoers.c:241 plugins/sudoers/testsudoers.c:580 +#: plugins/sudoers/timestamp.c:424 plugins/sudoers/timestamp.c:468 +#: plugins/sudoers/timestamp.c:980 plugins/sudoers/timestamp.c:1118 +#: plugins/sudoers/toke_util.c:77 plugins/sudoers/toke_util.c:105 +#: plugins/sudoers/toke_util.c:130 plugins/sudoers/toke_util.c:154 +#: plugins/sudoers/toke_util.c:193 plugins/sudoers/tsdump.c:123 +#: plugins/sudoers/visudo.c:143 plugins/sudoers/visudo.c:321 +#: plugins/sudoers/visudo.c:327 plugins/sudoers/visudo.c:433 +#: plugins/sudoers/visudo.c:609 plugins/sudoers/visudo.c:926 +#: plugins/sudoers/visudo.c:999 toke.l:938 toke.l:1067 toke.l:1119 toke.l:1127 #, c-format msgid "%s: %s" msgstr "%s: %s" -#: lib/eventlog/eventlog.c:285 lib/iolog/iolog_json.c:463 -#: lib/iolog/iolog_json.c:466 lib/iolog/iolog_json.c:468 -#: lib/iolog/iolog_json.c:560 plugins/sudoers/cvtsudoers_ldif.c:244 -#: plugins/sudoers/cvtsudoers_ldif.c:251 plugins/sudoers/cvtsudoers_ldif.c:571 -#: plugins/sudoers/env.c:323 plugins/sudoers/env.c:330 -#: plugins/sudoers/env.c:437 plugins/sudoers/iolog.c:618 -#: plugins/sudoers/ldap.c:517 plugins/sudoers/ldap.c:748 -#: plugins/sudoers/ldap.c:1081 plugins/sudoers/ldap_conf.c:222 -#: plugins/sudoers/ldap_conf.c:312 plugins/sudoers/linux_audit.c:90 -#: plugins/sudoers/policy.c:556 plugins/sudoers/policy.c:711 -#: plugins/sudoers/policy.c:721 plugins/sudoers/prompt.c:161 -#: plugins/sudoers/sudoers.c:983 plugins/sudoers/testsudoers.c:249 -#: plugins/sudoers/toke_util.c:169 +#: lib/eventlog/eventlog.c:313 lib/iolog/iolog_json.c:509 +#: lib/iolog/iolog_json.c:512 lib/iolog/iolog_json.c:514 +#: plugins/sudoers/cvtsudoers_ldif.c:244 plugins/sudoers/cvtsudoers_ldif.c:251 +#: plugins/sudoers/cvtsudoers_ldif.c:575 plugins/sudoers/env.c:326 +#: plugins/sudoers/env.c:333 plugins/sudoers/env.c:444 +#: plugins/sudoers/iolog.c:628 plugins/sudoers/ldap.c:517 +#: plugins/sudoers/ldap.c:748 plugins/sudoers/ldap.c:1081 +#: plugins/sudoers/ldap_conf.c:222 plugins/sudoers/ldap_conf.c:312 +#: plugins/sudoers/linux_audit.c:92 plugins/sudoers/policy.c:586 +#: plugins/sudoers/policy.c:755 plugins/sudoers/policy.c:766 +#: plugins/sudoers/prompt.c:168 plugins/sudoers/strvec_join.c:62 +#: plugins/sudoers/testsudoers.c:245 plugins/sudoers/toke_util.c:206 #, c-format msgid "internal error, %s overflow" msgstr "erro interno, transporte %s" -#: lib/eventlog/eventlog.c:343 +#: lib/eventlog/eventlog.c:372 #, c-format msgid "unable to dup stdin: %m" msgstr "impossível duplicar stdin: %m" -#: lib/eventlog/eventlog.c:388 +#: lib/eventlog/eventlog.c:414 #, c-format msgid "unable to execute %s: %m" msgstr "impossível executar %s: %m" -#: lib/eventlog/eventlog.c:428 plugins/sudoers/auth/aix_auth.c:198 +#: lib/eventlog/eventlog.c:455 plugins/sudoers/auth/aix_auth.c:198 msgid "unable to fork" msgstr "impossível bifurcar" -#: lib/eventlog/eventlog.c:436 lib/eventlog/eventlog.c:490 +#: lib/eventlog/eventlog.c:463 lib/eventlog/eventlog.c:517 #, c-format msgid "unable to fork: %m" msgstr "impossível bifurcar: %m" -#: lib/eventlog/eventlog.c:480 +#: lib/eventlog/eventlog.c:507 #, c-format msgid "unable to open pipe: %m" msgstr "impossível abrir túnel: %m" -#: lib/eventlog/eventlog.c:894 +#: lib/eventlog/eventlog.c:979 #, c-format msgid "%8s : %s" msgstr "%8s : %s" -#: lib/eventlog/eventlog.c:923 +#: lib/eventlog/eventlog.c:1008 #, c-format msgid "%8s : (command continued) %s" msgstr "%8s : (comando continuado) %s" -#: lib/iolog/iolog_fileio.c:155 -#, c-format -msgid "%s exists but is not a directory (0%o)" -msgstr "%s existe mas não é uma pasta (0%o)" - -#: lib/iolog/iolog_fileio.c:185 lib/iolog/iolog_fileio.c:231 -#: plugins/sudoers/timestamp.c:205 -#, c-format -msgid "unable to mkdir %s" -msgstr "impossível criar pasta %s" - -#: lib/iolog/iolog_fileio.c:235 plugins/sudoers/visudo.c:732 -#: plugins/sudoers/visudo.c:743 -#, c-format -msgid "unable to change mode of %s to 0%o" -msgstr "impossível alterar o modo de %s para 0%o" - -#: lib/iolog/iolog_json.c:114 +#: lib/iolog/iolog_json.c:115 #, c-format msgid "expected JSON_STRING, got %d" msgstr "esperado JSON_STRING, obtido %d" -#: lib/iolog/iolog_json.c:327 +#: lib/iolog/iolog_json.c:120 +msgid "JSON_ARRAY too large" +msgstr "JSON_ARRAY muito grande" + +#: lib/iolog/iolog_json.c:352 msgid "missing double quote in name" msgstr "aspas dupla em falta no nome" -#: lib/iolog/iolog_json.c:414 +#: lib/iolog/iolog_json.c:449 +msgid "missing JSON_OBJECT" +msgstr "JSON_OBJECT em falta" + +#: lib/iolog/iolog_json.c:453 #, c-format msgid "expected JSON_OBJECT, got %d" msgstr "esperado JSON_OBJECT, obtido %d" -#: lib/iolog/iolog_json.c:629 lib/iolog/iolog_json.c:753 +#: lib/iolog/iolog_json.c:599 +#, c-format +msgid "json stack exhausted (max %u frames)" +msgstr "pilha json esgotada (máx. %u instâncias)" + +#: lib/iolog/iolog_json.c:673 +msgid "objects must consist of name:value pairs" +msgstr "os objectos têm de consistir em pares name:value" + +#: lib/iolog/iolog_json.c:678 lib/iolog/iolog_json.c:709 +#: lib/iolog/iolog_json.c:753 lib/iolog/iolog_json.c:775 +#: lib/iolog/iolog_json.c:797 lib/iolog/iolog_json.c:819 +#: lib/iolog/iolog_json.c:841 +msgid "missing separator between values" +msgstr "separador em falta entre valores" + +#: lib/iolog/iolog_json.c:693 lib/iolog/iolog_json.c:867 msgid "unmatched close brace" msgstr "chaveta esquerda sem par" -#: lib/iolog/iolog_json.c:638 +#: lib/iolog/iolog_json.c:704 msgid "unexpected array" msgstr "matriz inesperada" -#: lib/iolog/iolog_json.c:651 lib/iolog/iolog_json.c:755 +#: lib/iolog/iolog_json.c:724 lib/iolog/iolog_json.c:870 msgid "unmatched close bracket" msgstr "parêntese recto sem par" -#: lib/iolog/iolog_json.c:659 +#: lib/iolog/iolog_json.c:735 msgid "unexpected string" msgstr "cadeia inesperada" -#: lib/iolog/iolog_json.c:669 +#: lib/iolog/iolog_json.c:746 msgid "missing colon after name" msgstr "dois pontos em falta após o nome" -#: lib/iolog/iolog_json.c:680 lib/iolog/iolog_json.c:695 -#: lib/iolog/iolog_json.c:710 +#: lib/iolog/iolog_json.c:767 lib/iolog/iolog_json.c:789 msgid "unexpected boolean" msgstr "booleano inesperado" -#: lib/iolog/iolog_json.c:726 +#: lib/iolog/iolog_json.c:811 +msgid "unexpected null" +msgstr "nulo inesperado" + +#: lib/iolog/iolog_json.c:832 msgid "unexpected number" msgstr "número inesperado" -#: lib/iolog/iolog_json.c:763 -#, c-format -msgid "%s:%u unable to parse \"%s\"" -msgstr "%s:%u impossível analisar \"%s\"" +#: lib/iolog/iolog_json.c:879 +msgid "parse error" +msgstr "erro de análise" -#: lib/iolog/iolog_util.c:71 +#: lib/iolog/iolog_legacy.c:65 #, c-format msgid "%s: invalid log file" msgstr "%s: ficheiro de diário inválido" -#: lib/iolog/iolog_util.c:89 +#: lib/iolog/iolog_legacy.c:83 #, c-format msgid "%s: time stamp field is missing" msgstr "%s: campo de datação em falta" -#: lib/iolog/iolog_util.c:95 +#: lib/iolog/iolog_legacy.c:89 #, c-format msgid "%s: time stamp %s: %s" msgstr "%s: datação %s: %s" -#: lib/iolog/iolog_util.c:102 +#: lib/iolog/iolog_legacy.c:96 #, c-format msgid "%s: user field is missing" msgstr "%s: campo de utilizador em falta" -#: lib/iolog/iolog_util.c:111 +#: lib/iolog/iolog_legacy.c:107 #, c-format msgid "%s: runas user field is missing" msgstr "%s: campo de utilizador runas em falta" -#: lib/iolog/iolog_util.c:120 +#: lib/iolog/iolog_legacy.c:118 #, c-format msgid "%s: runas group field is missing" msgstr "%s: campo de grupo runas em falta" -#: lib/iolog/iolog_util.c:419 +#: lib/iolog/iolog_mkdirs.c:89 +#, c-format +msgid "%s exists but is not a directory (0%o)" +msgstr "%s existe mas não é uma pasta (0%o)" + +#: lib/iolog/iolog_mkdirs.c:119 lib/iolog/iolog_mkdtemp.c:77 +#: logsrvd/iolog_writer.c:788 plugins/sudoers/timestamp.c:205 +#, c-format +msgid "unable to mkdir %s" +msgstr "impossível criar pasta %s" + +#: lib/iolog/iolog_mkdtemp.c:81 plugins/sudoers/visudo.c:726 +#: plugins/sudoers/visudo.c:737 +#, c-format +msgid "unable to change mode of %s to 0%o" +msgstr "impossível alterar o modo de %s para 0%o" + +#: lib/iolog/iolog_timing.c:261 #, c-format msgid "error reading timing file: %s" msgstr "erro ao ler ficheiro de temporização: %s" -#: lib/iolog/iolog_util.c:426 +#: lib/iolog/iolog_timing.c:268 #, c-format msgid "invalid timing file line: %s" msgstr "linha de ficheiro de temporização inválida : %s" -#: logsrvd/iolog_writer.c:919 -msgid "log is already complete, cannot be restarted" -msgstr "diário já concluído, impossível reiniciar" +#: logsrvd/iolog_writer.c:131 plugins/sudoers/logging.c:803 +#: plugins/sudoers/policy.c:536 +msgid "unable to generate UUID" +msgstr "impossível gerar UUID" -#: logsrvd/iolog_writer.c:950 -msgid "unable to restart log" -msgstr "impossível reiniciar o diário" +#: logsrvd/iolog_writer.c:158 logsrvd/iolog_writer.c:176 +#: logsrvd/iolog_writer.c:185 logsrvd/iolog_writer.c:203 +#: logsrvd/iolog_writer.c:216 logsrvd/iolog_writer.c:229 +#: logsrvd/iolog_writer.c:240 logsrvd/iolog_writer.c:247 +#: logsrvd/iolog_writer.c:265 logsrvd/iolog_writer.c:272 +#: logsrvd/iolog_writer.c:290 logsrvd/iolog_writer.c:305 +#: logsrvd/iolog_writer.c:318 logsrvd/iolog_writer.c:331 +#: logsrvd/iolog_writer.c:344 logsrvd/iolog_writer.c:359 +#, c-format +msgid "%s: protocol error: wrong type for %s" +msgstr "%s: erro de protocolo: tipo errado para %s" -#: logsrvd/logsrv_util.c:99 logsrvd/logsrv_util.c:106 -#: plugins/sudoers/sudoreplay.c:352 plugins/sudoers/sudoreplay.c:358 +#: logsrvd/iolog_writer.c:370 logsrvd/iolog_writer.c:375 +#: logsrvd/iolog_writer.c:380 logsrvd/iolog_writer.c:385 +#, c-format +msgid "%s: protocol error: %s missing from AcceptMessage" +msgstr "%s: erro de protocolo: %s em falta de AcceptMessage" + +#: logsrvd/iolog_writer.c:446 +#, c-format +msgid "%s: unable to format session id" +msgstr "%s: impossível formatar a id da sessão" + +#: logsrvd/iolog_writer.c:460 logsrvd/iolog_writer.c:474 +#: logsrvd/iolog_writer.c:488 logsrvd/iolog_writer.c:503 +#: logsrvd/iolog_writer.c:517 logsrvd/iolog_writer.c:531 +#, c-format +msgid "%s: %s is not set" +msgstr "%s: %s não está definido" + +#: logsrvd/iolog_writer.c:567 logsrvd/iolog_writer.c:574 +#, c-format +msgid "unable to expand iolog path %s" +msgstr "impossível expandir caminho iolog %s" + +#: logsrvd/iolog_writer.c:592 +#, c-format +msgid "unable to create iolog path %s" +msgstr "impossível criar caminho iolog %s" + +#: logsrvd/iolog_writer.c:622 +#, c-format +msgid "invalid iofd %d" +msgstr "iofd %d inválido" + +#: logsrvd/iolog_writer.c:642 +#, c-format +msgid "error closing iofd %d: %s" +msgstr "erro ao fechar iofd %d: %s" + +#: logsrvd/iolog_writer.c:758 +#, c-format +msgid "invalid I/O log %s: %s referenced but not present" +msgstr "Diario de E/S %s inválido: %s referenciado mas ausente" + +#: logsrvd/iolog_writer.c:770 logsrvd/logsrvd_journal.c:378 +#, c-format +msgid "%s: unable to find resume point [%lld, %ld]" +msgstr "%s: impossível encontrar ponto de recomeço [%lld, %ld]" + +#: logsrvd/iolog_writer.c:792 logsrvd/logsrvd_journal.c:421 +#: logsrvd/logsrvd_queue.c:111 logsrvd/tls_init.c:293 +#: plugins/sudoers/check.c:274 plugins/sudoers/cvtsudoers.c:618 +#: plugins/sudoers/cvtsudoers.c:639 plugins/sudoers/cvtsudoers.c:1249 +#: plugins/sudoers/cvtsudoers_json.c:877 plugins/sudoers/cvtsudoers_ldif.c:692 +#: plugins/sudoers/sudoers.c:1083 plugins/sudoers/sudoreplay.c:1456 +#: plugins/sudoers/timestamp.c:433 plugins/sudoers/tsdump.c:128 +#: plugins/sudoers/visudo.c:913 +#, c-format +msgid "unable to open %s" +msgstr "impossível abrir %s" + +#: logsrvd/iolog_writer.c:804 logsrvd/logsrv_util.c:98 +#: logsrvd/logsrv_util.c:105 plugins/sudoers/sudoreplay.c:362 +#: plugins/sudoers/sudoreplay.c:368 #, c-format msgid "unable to open %s/%s" msgstr "impossível abrir %s/%s" -#: logsrvd/logsrv_util.c:133 +#: logsrvd/iolog_writer.c:817 +#, c-format +msgid "unable to copy %s/%s to %s/%s: %s" +msgstr "impossível copiar %s/%s para %s/%s: %s" + +#: logsrvd/iolog_writer.c:846 logsrvd/logsrvd_journal.c:186 +#, c-format +msgid "unable to rename %s to %s" +msgstr "impossível renomear %s como %s" + +#: logsrvd/logsrv_util.c:132 #, c-format msgid "missing I/O log file %s/%s" msgstr "ficheiro de diário E/S %s/%s em falta" -#: logsrvd/logsrv_util.c:140 +#: logsrvd/logsrv_util.c:139 #, c-format msgid "%s/%s: unable to seek forward %zu" msgstr "%s/%s: impossível procurar adiante %zu" -#: logsrvd/logsrv_util.c:150 +#: logsrvd/logsrv_util.c:149 #, c-format -msgid "unable to find resume point [%lld, %ld] in %s/%s" -msgstr "impossível localizar ponto de continuação [%lld, %ld] em %s/%s" +msgid "%s/%s: unable to find resume point [%lld, %ld]" +msgstr "%s/%s: impossível encontrar ponto de recomeço [%lld, %ld]" + +#: logsrvd/logsrvd.c:272 logsrvd/logsrvd_queue.c:131 +msgid "unable to connect to relay" +msgstr "impossível ligar ao relé" + +#: logsrvd/logsrvd.c:331 logsrvd/logsrvd_relay.c:838 +#, c-format +msgid "server message too large: %zu" +msgstr "mensagem do servidor muito grande: %zu" + +#: logsrvd/logsrvd.c:423 logsrvd/logsrvd.c:540 logsrvd/logsrvd.c:619 +#: logsrvd/logsrvd.c:843 logsrvd/logsrvd.c:857 logsrvd/logsrvd.c:1016 +#: logsrvd/logsrvd.c:1140 logsrvd/logsrvd.c:1309 logsrvd/logsrvd.c:1327 +#: logsrvd/logsrvd.c:1425 logsrvd/logsrvd.c:1548 logsrvd/logsrvd.c:1732 +#: logsrvd/logsrvd_journal.c:485 logsrvd/logsrvd_local.c:196 +#: logsrvd/logsrvd_queue.c:160 logsrvd/logsrvd_relay.c:173 +#: logsrvd/logsrvd_relay.c:250 logsrvd/logsrvd_relay.c:254 +#: logsrvd/logsrvd_relay.c:390 logsrvd/logsrvd_relay.c:582 +#: logsrvd/logsrvd_relay.c:743 logsrvd/logsrvd_relay.c:1124 +#: logsrvd/sendlog.c:1156 logsrvd/tls_client.c:136 logsrvd/tls_client.c:152 +#: logsrvd/tls_client.c:214 plugins/sudoers/audit.c:281 +#: plugins/sudoers/iolog.c:966 plugins/sudoers/iolog.c:1099 +#: plugins/sudoers/iolog.c:1197 plugins/sudoers/log_client.c:112 +#: plugins/sudoers/log_client.c:328 plugins/sudoers/log_client.c:344 +#: plugins/sudoers/log_client.c:391 plugins/sudoers/log_client.c:595 +#: plugins/sudoers/log_client.c:602 plugins/sudoers/log_client.c:1127 +#: plugins/sudoers/log_client.c:1409 plugins/sudoers/log_client.c:1450 +#: plugins/sudoers/log_client.c:1458 plugins/sudoers/log_client.c:1612 +#: plugins/sudoers/log_client.c:1728 plugins/sudoers/log_client.c:2045 +#: plugins/sudoers/log_client.c:2053 plugins/sudoers/logging.c:139 +#: plugins/sudoers/logging.c:195 plugins/sudoers/sudoreplay.c:522 +#: plugins/sudoers/sudoreplay.c:569 plugins/sudoers/sudoreplay.c:811 +#: plugins/sudoers/sudoreplay.c:923 plugins/sudoers/sudoreplay.c:1014 +#: plugins/sudoers/sudoreplay.c:1029 plugins/sudoers/sudoreplay.c:1036 +#: plugins/sudoers/sudoreplay.c:1043 plugins/sudoers/sudoreplay.c:1050 +#: plugins/sudoers/sudoreplay.c:1057 plugins/sudoers/sudoreplay.c:1184 +msgid "unable to add event to queue" +msgstr "impossível adicionar evento à fila" -#: logsrvd/logsrvd.c:290 logsrvd/logsrvd.c:353 logsrvd/logsrvd.c:394 -#: logsrvd/logsrvd.c:449 logsrvd/logsrvd.c:517 logsrvd/logsrvd.c:568 -#: logsrvd/logsrvd.c:600 logsrvd/logsrvd.c:632 +#: logsrvd/logsrvd.c:447 logsrvd/logsrvd.c:484 logsrvd/logsrvd.c:516 +#: logsrvd/logsrvd.c:564 logsrvd/logsrvd.c:636 logsrvd/logsrvd.c:666 +#: logsrvd/logsrvd.c:696 logsrvd/logsrvd.c:726 logsrvd/logsrvd_relay.c:511 +#: logsrvd/logsrvd_relay.c:544 +#, c-format +msgid "unexpected state %d for %s" +msgstr "estado %d inesperado para %s" + +#: logsrvd/logsrvd.c:448 logsrvd/logsrvd.c:485 logsrvd/logsrvd.c:517 +#: logsrvd/logsrvd.c:565 logsrvd/logsrvd.c:637 logsrvd/logsrvd.c:667 +#: logsrvd/logsrvd.c:697 logsrvd/logsrvd.c:727 logsrvd/logsrvd_relay.c:513 +#: logsrvd/logsrvd_relay.c:546 msgid "state machine error" msgstr "erro da máquina de estado" -#: logsrvd/logsrvd.c:299 +#: logsrvd/logsrvd.c:454 logsrvd/logsrvd.c:455 msgid "invalid AcceptMessage" msgstr "AcceptMessage inválida" -#: logsrvd/logsrvd.c:307 -msgid "error parsing AcceptMessage" -msgstr "erro ao analisar AcceptMessage" - -#: logsrvd/logsrvd.c:314 -msgid "error creating I/O log" -msgstr "erro ao criar diário de E/S" - -#: logsrvd/logsrvd.c:321 -msgid "error logging accept event" -msgstr "erro ao registar evento de aceitação" - -#: logsrvd/logsrvd.c:362 +#: logsrvd/logsrvd.c:491 logsrvd/logsrvd.c:492 msgid "invalid RejectMessage" msgstr "RejectMessage inválida" -#: logsrvd/logsrvd.c:370 -msgid "error parsing RejectMessage" -msgstr "erro ao analisar RejectMessage" - -#: logsrvd/logsrvd.c:376 -msgid "error logging reject event" -msgstr "erro ao registar evento de rejeição" - -#: logsrvd/logsrvd.c:486 +#: logsrvd/logsrvd.c:599 logsrvd/logsrvd.c:600 msgid "invalid AlertMessage" msgstr "AlertMessage inválida" -#: logsrvd/logsrvd.c:494 -msgid "error parsing AlertMessage" -msgstr "erro ao analisar AlertMessage" - -#: logsrvd/logsrvd.c:502 -msgid "error logging alert event" -msgstr "erro ao registar evento de alerta" +#: logsrvd/logsrvd.c:641 logsrvd/logsrvd.c:671 logsrvd/logsrvd.c:701 +#, c-format +msgid "%s: unexpected IoBuffer" +msgstr "%s: IoBuffer inesperado" -#: logsrvd/logsrvd.c:523 logsrvd/logsrvd.c:574 logsrvd/logsrvd.c:606 +#: logsrvd/logsrvd.c:642 logsrvd/logsrvd.c:672 logsrvd/logsrvd.c:702 msgid "protocol error" msgstr "erro de protocolo" -#: logsrvd/logsrvd.c:533 -msgid "error writing IoBuffer" -msgstr "erro ao escrever IObuffer" - -#: logsrvd/logsrvd.c:585 -msgid "error writing ChangeWindowSize" -msgstr "erro ao escrever ChangeWindowSize" - -#: logsrvd/logsrvd.c:617 -msgid "error writing CommandSuspend" -msgstr "erro ao escrever CommandSuspend" +#: logsrvd/logsrvd.c:797 logsrvd/logsrvd_journal.c:358 +#: logsrvd/logsrvd_local.c:125 logsrvd/logsrvd_relay.c:677 +#, c-format +msgid "unexpected type_case value %d in %s from %s" +msgstr "valor type_case %d inesperado em %s de %s" -#: logsrvd/logsrvd.c:702 +#: logsrvd/logsrvd.c:799 msgid "unrecognized ClientMessage type" msgstr "tipo de ClientMessage não reconhecido" -#: logsrvd/logsrvd.c:967 -msgid "client message too large" -msgstr "mensagem do cliente muito grande" - -#: logsrvd/logsrvd.c:1197 logsrvd/logsrvd.c:1205 +#: logsrvd/logsrvd.c:889 #, c-format -msgid "unable to set TLS 1.2 ciphersuite to %s: %s" -msgstr "impossível definir TLS 1.2 ciphersuite como %s: %s" +msgid "timed out writing to client %s" +msgstr "expirou ao escrever no cliente %s" -#: logsrvd/logsrvd.c:1225 logsrvd/logsrvd.c:1233 +#: logsrvd/logsrvd.c:894 logsrvd/logsrvd_relay.c:910 #, c-format -msgid "unable to set TLS 1.3 ciphersuite to %s: %s" -msgstr "impossível definir TLS 1.3 ciphersuite como %s: %s" +msgid "missing write buffer for client %s" +msgstr "buffer de escrita em falta para o cliente %s" -#: logsrvd/logsrvd.c:1269 +#: logsrvd/logsrvd.c:987 #, c-format -msgid "unable to get TLS server method: %s" -msgstr "impossível obter método TLS do servidor: %s" +msgid "timed out reading from client %s" +msgstr "expirou ao ler do cliente %s" -#: logsrvd/logsrvd.c:1274 +#: logsrvd/logsrvd.c:1028 logsrvd/logsrvd_relay.c:774 #, c-format -msgid "unable to create TLS context: %s" -msgstr "impossível criar contexto TLS: %s" +msgid "EOF from %s without proper TLS shutdown" +msgstr "EOF de %s sem encerramento apropriado de TLS" -#: logsrvd/logsrvd.c:1281 plugins/sudoers/log_client.c:236 +#: logsrvd/logsrvd.c:1071 logsrvd/logsrvd_relay.c:206 logsrvd/sendlog.c:290 +#: plugins/sudoers/log_client.c:705 #, c-format -msgid "unable to load certificate %s" -msgstr "impossível carregar certificado %s" - -#: logsrvd/logsrvd.c:1294 plugins/sudoers/log_client.c:216 -#, c-format -msgid "unable to load certificate authority bundle %s" -msgstr "Impossível carregar pacote da autoridade do certificado %s" - -#: logsrvd/logsrvd.c:1339 plugins/sudoers/log_client.c:249 -#, c-format -msgid "unable to load private key %s" -msgstr "impossível carregar chave privada %s" +msgid "client message too large: %zu" +msgstr "mensagem do cliente muito grande: %zu" -#: logsrvd/logsrvd.c:1356 logsrvd/logsrvd.c:1365 -#, c-format -msgid "unable to set diffie-hellman parameters: %s" -msgstr "impossível definir parâmetros diffie-hellman: %s" +#: logsrvd/logsrvd.c:1072 logsrvd/logsrvd_journal.c:247 +#: logsrvd/logsrvd_journal.c:248 +msgid "client message too large" +msgstr "mensagem do cliente muito grande" -#: logsrvd/logsrvd.c:1378 -#, c-format -msgid "unable to set minimum protocol version to TLS 1.2: %s" -msgstr "impossível definir versão mínima do protocolo como TLS 1.2: %s" +#: logsrvd/logsrvd.c:1090 logsrvd/logsrvd.c:1091 +msgid "invalid ClientMessage" +msgstr "ClientMessage inválida" -#: logsrvd/logsrvd.c:1563 +#: logsrvd/logsrvd.c:1388 msgid "unable to get remote IP addr" msgstr "impossível obter endereço IP remoto" -#: logsrvd/logsrvd.c:1591 plugins/sudoers/log_client.c:263 +#: logsrvd/logsrvd.c:1417 logsrvd/tls_client.c:201 +#: plugins/sudoers/log_client.c:266 #, c-format msgid "Unable to attach user data to the ssl object: %s" -msgstr "impossível anexar dados do utilizador ao objecto ssl: %s" +msgstr "Impossível anexar dados do utilizador ao objecto ssl: %s" -#: logsrvd/logsrvd.c:1599 logsrvd/logsrvd.c:1721 logsrvd/logsrvd.c:1823 -#: logsrvd/sendlog.c:1125 logsrvd/sendlog.c:1481 logsrvd/sendlog.c:1496 -#: logsrvd/sendlog.c:1554 plugins/sudoers/iolog.c:956 -#: plugins/sudoers/iolog.c:1089 plugins/sudoers/iolog.c:1187 -#: plugins/sudoers/log_client.c:109 plugins/sudoers/log_client.c:324 -#: plugins/sudoers/log_client.c:340 plugins/sudoers/log_client.c:386 -#: plugins/sudoers/log_client.c:587 plugins/sudoers/log_client.c:594 -#: plugins/sudoers/log_client.c:1103 plugins/sudoers/log_client.c:1376 -#: plugins/sudoers/log_client.c:1417 plugins/sudoers/log_client.c:1425 -#: plugins/sudoers/log_client.c:1576 plugins/sudoers/log_client.c:1692 -#: plugins/sudoers/log_client.c:2007 plugins/sudoers/log_client.c:2015 -#: plugins/sudoers/sudoreplay.c:512 plugins/sudoers/sudoreplay.c:559 -#: plugins/sudoers/sudoreplay.c:791 plugins/sudoers/sudoreplay.c:903 -#: plugins/sudoers/sudoreplay.c:993 plugins/sudoers/sudoreplay.c:1008 -#: plugins/sudoers/sudoreplay.c:1015 plugins/sudoers/sudoreplay.c:1022 -#: plugins/sudoers/sudoreplay.c:1029 plugins/sudoers/sudoreplay.c:1036 -#: plugins/sudoers/sudoreplay.c:1163 -msgid "unable to add event to queue" -msgstr "impossível adicionar evento à fila" - -#: logsrvd/logsrvd.c:1775 logsrvd/logsrvd.c:2011 -msgid "unable setup listen socket" +#: logsrvd/logsrvd.c:1598 logsrvd/logsrvd.c:1951 +msgid "unable to setup listen socket" msgstr "impossível definir o socket de escuta" -#: logsrvd/logsrvd.c:1917 logsrvd/sendlog.c:124 +#: logsrvd/logsrvd.c:1715 #, c-format -msgid "" -"%s - send sudo I/O log to remote server\n" -"\n" -msgstr "" -"%s - enviar diário sudo E/S para o servidor remoto\n" -"\n" +msgid "unexpected signal %d" +msgstr "sinal %d inesperado" -#: logsrvd/logsrvd.c:1920 -msgid "" -"\n" -"Options:\n" -" -f, --file path to configuration file\n" -" -h --help display help message and exit\n" -" -n, --no-fork do not fork, run in the foreground\n" -" -R, --random-drop percent chance connections will drop\n" -" -V, --version display version information and exit\n" -msgstr "" -"\n" -"Opções:\n" -" -f, --file caminho para o ficheiro de configuração\n" -" -h --help mostrar a mensagem de ajuda e sair\n" -" -n, --no-fork não bifurcar, executar em 2º plano\n" -" -R, --random-drop percentagem de hipóteses das ligações caírem\n" -" -V, --version mostrar informação da versão e sair\n" +#: logsrvd/logsrvd.c:1853 +msgid "sudo log server" +msgstr "servidor de diário sudo" + +#: logsrvd/logsrvd.c:1855 logsrvd/sendlog.c:122 +msgid "Options:" +msgstr "Opções:" + +#: logsrvd/logsrvd.c:1857 +msgid "path to configuration file" +msgstr "caminho do ficheiro de configuração" + +#: logsrvd/logsrvd.c:1859 logsrvd/sendlog.c:124 +msgid "display help message and exit" +msgstr "mostrar mensagem de ajuda e sair" + +#: logsrvd/logsrvd.c:1861 +msgid "do not fork, run in the foreground" +msgstr "não bifurcar, executar em 2º plano" + +#: logsrvd/logsrvd.c:1863 +msgid "percent chance connections will drop" +msgstr "probabilidade das ligações caírem" -#: logsrvd/logsrvd.c:1972 logsrvd/sendlog.c:1719 +#: logsrvd/logsrvd.c:1865 logsrvd/sendlog.c:154 +msgid "display version information and exit" +msgstr "mostrar informação da versão e sair" + +#: logsrvd/logsrvd.c:1915 logsrvd/sendlog.c:1532 msgid "Protobuf-C version 1.3 or higher required" msgstr "Requerida a versão Protobuf-C 1.3 ou superior" -#: logsrvd/logsrvd.c:1990 +#: logsrvd/logsrvd.c:1931 #, c-format msgid "invalid random drop value: %s" msgstr "valor de queda aleatório inválido: %s" -#: logsrvd/logsrvd.c:1994 logsrvd/sendlog.c:1769 -#: plugins/sudoers/cvtsudoers.c:228 plugins/sudoers/sudoreplay.c:299 -#: plugins/sudoers/visudo.c:177 +#: logsrvd/logsrvd.c:1934 logsrvd/sendlog.c:1586 +#: plugins/sudoers/cvtsudoers.c:228 plugins/sudoers/sudoreplay.c:301 +#: plugins/sudoers/visudo.c:175 #, c-format msgid "%s version %s\n" msgstr "%s versão %s\n" -#: logsrvd/logsrvd_conf.c:331 +#: logsrvd/logsrvd_conf.c:391 plugins/sudoers/check.c:336 +#: plugins/sudoers/exptilde.c:85 plugins/sudoers/iolog.c:115 +#: plugins/sudoers/policy.c:1159 plugins/sudoers/sudoers.c:486 +#: plugins/sudoers/sudoers.c:1338 plugins/sudoers/testsudoers.c:215 +#: plugins/sudoers/testsudoers.c:382 +#, c-format +msgid "unknown user %s" +msgstr "utilizador desconhecido %s" + +#: logsrvd/logsrvd_conf.c:408 plugins/sudoers/iolog.c:140 +#: plugins/sudoers/sudoers.c:491 plugins/sudoers/sudoers.c:1372 +#: plugins/sudoers/testsudoers.c:406 +#, c-format +msgid "unknown group %s" +msgstr "grupo desconhecido %s" + +#: logsrvd/logsrvd_conf.c:426 +#, c-format +msgid "unable to parse iolog mode %s" +msgstr "impossível analisar modo iolog %s" + +#: logsrvd/logsrvd_conf.c:443 logsrvd/logsrvd_conf.c:1172 +#, c-format +msgid "invalid value for %s: %s" +msgstr "valor inválido para %s: %s" + +#: logsrvd/logsrvd_conf.c:482 msgid "TLS not supported" msgstr "TLS não suportado" -#: logsrvd/logsrvd_conf.c:343 +#: logsrvd/logsrvd_conf.c:504 #, c-format msgid "%s:%s" msgstr "%s:%s" -#: logsrvd/logsrvd_conf.c:409 logsrvd/logsrvd_conf.c:653 +#: logsrvd/logsrvd_conf.c:577 logsrvd/logsrvd_conf.c:971 #, c-format msgid "%s: not a fully qualified path" msgstr "%s: não é um caminho completamente qualificado" -#: logsrvd/logsrvd_conf.c:767 +#: logsrvd/logsrvd_conf.c:889 logsrvd/logsrvd_conf.c:905 +#: logsrvd/logsrvd_conf.c:1587 +#, c-format +msgid "unknown syslog facility %s" +msgstr "facilidade syslog desconhecida %s" + +#: logsrvd/logsrvd_conf.c:921 logsrvd/logsrvd_conf.c:937 +#: logsrvd/logsrvd_conf.c:953 logsrvd/logsrvd_conf.c:1591 +#: logsrvd/logsrvd_conf.c:1595 logsrvd/logsrvd_conf.c:1599 +#, c-format +msgid "unknown syslog priority %s" +msgstr "prioridade syslog desconhecida %s" + +#: logsrvd/logsrvd_conf.c:1133 #, c-format msgid "%s:%d unmatched '[': %s" msgstr "%s:%d \"[\" sem par: %s" -#: logsrvd/logsrvd_conf.c:778 +#: logsrvd/logsrvd_conf.c:1144 #, c-format msgid "%s:%d invalid config section: %s" msgstr "%s:%d secção de configuração inválida: %s" -#: logsrvd/logsrvd_conf.c:786 +#: logsrvd/logsrvd_conf.c:1152 #, c-format msgid "%s:%d invalid configuration line: %s" msgstr "%s:%d linha de configuração inválida: %s" -#: logsrvd/logsrvd_conf.c:792 +#: logsrvd/logsrvd_conf.c:1158 #, c-format msgid "%s:%d expected section name: %s" msgstr "%s:%d esperado um nome de secção: %s" -#: logsrvd/logsrvd_conf.c:806 +#: logsrvd/logsrvd_conf.c:1180 #, c-format -msgid "invalid value for %s: %s" -msgstr "valor inválido para %s: %s" +msgid "%s:%d [%s] illegal key: %s" +msgstr "%s:%d [%s] chave ilegal: %s" -#: logsrvd/logsrvd_conf.c:814 +#: logsrvd/logsrvd_conf.c:1210 plugins/sudoers/logging.c:856 #, c-format -msgid "%s:%d unknown key: %s" -msgstr "%s:%d chave desconhecida: %s" +msgid "unable to open log file %s" +msgstr "impossível abrir o diário %s" -#: logsrvd/logsrvd_conf.c:1003 +#: logsrvd/logsrvd_conf.c:1667 +msgid "unable to initialize server TLS context" +msgstr "impossível inicializar contexto do servidor TLS" + +#: logsrvd/logsrvd_conf.c:1687 +msgid "unable to initialize relay TLS context" +msgstr "impossível inicializar contexto do intermédio TLS" + +#: logsrvd/logsrvd_journal.c:137 logsrvd/logsrvd_journal.c:417 +#: logsrvd/logsrvd_journal.c:422 +msgid "unable to create journal file" +msgstr "impossível criar o ficheiro de diário" + +#: logsrvd/logsrvd_journal.c:141 logsrvd/logsrvd_queue.c:105 +#: plugins/sudoers/visudo.c:971 #, c-format -msgid "unknown syslog facility %s" -msgstr "facilidade syslog desconhecida %s" +msgid "unable to lock %s" +msgstr "impossível bloquear %s" + +#: logsrvd/logsrvd_journal.c:144 +msgid "unable to lock journal file" +msgstr "impossível bloquear o diário" + +#: logsrvd/logsrvd_journal.c:152 +msgid "unable to open journal file" +msgstr "impossível abrir o ficheiro de diário" + +#: logsrvd/logsrvd_journal.c:173 logsrvd/logsrvd_journal.c:453 +#: logsrvd/logsrvd_journal.c:458 +msgid "unable to write journal file" +msgstr "impossível escrever no diário" + +#: logsrvd/logsrvd_journal.c:181 logsrvd/logsrvd_journal.c:188 +msgid "unable to rename journal file" +msgstr "impossível renomear o diário" + +#: logsrvd/logsrvd_journal.c:235 logsrvd/logsrvd_journal.c:236 +#: logsrvd/logsrvd_journal.c:270 logsrvd/logsrvd_journal.c:271 +msgid "unexpected EOF reading journal file" +msgstr "EOF inesperado ao ler o diário" + +#: logsrvd/logsrvd_journal.c:239 logsrvd/logsrvd_journal.c:240 +#: logsrvd/logsrvd_journal.c:274 logsrvd/logsrvd_journal.c:275 +msgid "error reading journal file" +msgstr "erro ao ler ficheiro de diário" + +#: logsrvd/logsrvd_journal.c:286 logsrvd/logsrvd_journal.c:377 +msgid "invalid journal file, unable to restart" +msgstr "ficheiro de diário inválido, impossível reiniciar" -#: logsrvd/logsrvd_conf.c:1007 logsrvd/logsrvd_conf.c:1011 -#: logsrvd/logsrvd_conf.c:1015 +#: logsrvd/logsrvd_journal.c:436 #, c-format -msgid "unknown syslog priority %s" -msgstr "prioridade syslog desconhecida %s" +msgid "unable to seek to [%lld, %ld] in journal file %s" +msgstr "impossível localizar [%lld, %ld] no ficheiro de diário %s" -#: logsrvd/sendlog.c:127 -msgid "" -"\n" -"Options:\n" -" --help display help message and exit\n" -" -A, --accept only send an accept event (no I/O)\n" -" -h, --host host to send logs to\n" -" -i, --iolog_id remote ID of I/O log to be resumed\n" -" -p, --port port to use when connecting to host\n" -" -r, --restart restart previous I/O log transfer\n" -" -R, --reject reject the command with the given reason\n" -" -b, --ca-bundle certificate bundle file to verify server's cert against\n" -" -c, --cert certificate file for TLS handshake\n" -" -k, --key private key file\n" -" -n, --no-verify do not verify server certificate\n" -" -t, --test test audit server by sending selected I/O log n times in parallel\n" -" -V, --version display version information and exit\n" -msgstr "" -"\n" -"Opções:\n" -" --help mostrar a mensagem de ajuda e sair\n" -" -A, --accept enviar só um evento de aceitação (sem E/S)\n" -" -h, --host anfitrião a quem enviar os diários\n" -" -i, --iolog_id ID remota do diário de E/S a resumir\n" -" -p, --port porta a usar ao ligar ao anfitrião\n" -" -r, --restart reiniciar a transferência de diário de E/S prévia\n" -" -R, --reject rejeitar o comando com o motivo dado\n" -" -b, --ca-bundle ficheiro de pacote de certificados para comparar com o do servidor\n" -" -c, --cert ficheiro de certificado para o handshake TLS\n" -" -k, --key ficheiro de chave privada\n" -" -n, --no-verify não verificar o certificado do servidor\n" -" -t, --test testar servidor de auditoria enviando o diário de E/S seleccionado n vezes em paralelo\n" -" -V, --version mostrar informação da versão e sair\n" +#: logsrvd/logsrvd_local.c:152 +msgid "error parsing AcceptMessage" +msgstr "erro ao analisar AcceptMessage" + +#: logsrvd/logsrvd_local.c:163 +msgid "error creating I/O log" +msgstr "erro ao criar diário de E/S" + +#: logsrvd/logsrvd_local.c:186 +msgid "error logging accept event" +msgstr "erro ao registar evento de aceitação" + +#: logsrvd/logsrvd_local.c:225 +msgid "error parsing RejectMessage" +msgstr "erro ao analisar RejectMessage" + +#: logsrvd/logsrvd_local.c:249 +msgid "error logging reject event" +msgstr "erro ao registar evento de rejeição" + +#: logsrvd/logsrvd_local.c:284 +msgid "error logging exit event" +msgstr "erro ao registar evento de saída" -#: logsrvd/sendlog.c:164 plugins/sudoers/log_client.c:432 +#: logsrvd/logsrvd_local.c:343 logsrvd/logsrvd_local.c:344 +msgid "log is already complete, cannot be restarted" +msgstr "diário já concluído, impossível reiniciar" + +#: logsrvd/logsrvd_local.c:374 +msgid "unable to restart log" +msgstr "impossível reiniciar o diário" + +#: logsrvd/logsrvd_local.c:390 +msgid "error parsing AlertMessage" +msgstr "erro ao analisar AlertMessage" + +#: logsrvd/logsrvd_local.c:400 +msgid "error logging alert event" +msgstr "erro ao registar evento de alerta" + +#: logsrvd/logsrvd_local.c:435 logsrvd/logsrvd_local.c:488 +#: logsrvd/logsrvd_local.c:523 +#, c-format +msgid "unable to format timing buffer, length %d" +msgstr "impossível formatar buffer de temporização, tamanho %d" + +#: logsrvd/logsrvd_local.c:442 logsrvd/logsrvd_local.c:450 +#: logsrvd/logsrvd_local.c:495 logsrvd/logsrvd_local.c:530 +#: plugins/sudoers/sudoreplay.c:351 +#, c-format +msgid "%s/%s: %s" +msgstr "%s/%s: %s" + +#: logsrvd/logsrvd_local.c:470 +msgid "error writing IoBuffer" +msgstr "erro ao escrever IObuffer" + +#: logsrvd/logsrvd_local.c:505 +msgid "error writing ChangeWindowSize" +msgstr "erro ao escrever ChangeWindowSize" + +#: logsrvd/logsrvd_local.c:540 +msgid "error writing CommandSuspend" +msgstr "erro ao escrever CommandSuspend" + +#: logsrvd/logsrvd_relay.c:436 +msgid "TLS handshake with relay host failed" +msgstr "Falha no TLS handshake com o servidor intermédio" + +#: logsrvd/logsrvd_relay.c:464 +msgid "unable to connect to relay host" +msgstr "impossível ligar ao servidor intermédio" + +#: logsrvd/logsrvd_relay.c:519 +#, c-format +msgid "%s: invalid ServerHello, missing server_id" +msgstr "%s: ServerHello inválido, server_id em falta" + +#: logsrvd/logsrvd_relay.c:521 logsrvd/sendlog.c:961 +#: plugins/sudoers/log_client.c:1493 +msgid "invalid ServerHello" +msgstr "ServerHello inválido" + +#: logsrvd/logsrvd_relay.c:680 +msgid "unrecognized ServerMessage type" +msgstr "tipo de ServerMessage não reconhecido" + +#: logsrvd/logsrvd_relay.c:709 +#, c-format +msgid "timed out reading from relay %s (%s)" +msgstr "expirou ao ler do relé %s (%s)" + +#: logsrvd/logsrvd_relay.c:711 +msgid "timeout reading from relay" +msgstr "leitura do servidor intermédio expirou" + +#: logsrvd/logsrvd_relay.c:762 +msgid "relay host name does not match certificate" +msgstr "nome de servidor intermédio não corresponde ao certificado" + +#: logsrvd/logsrvd_relay.c:766 logsrvd/logsrvd_relay.c:779 +#: logsrvd/logsrvd_relay.c:785 +msgid "error reading from relay" +msgstr "erro ao ler do servidor intermédio" + +#: logsrvd/logsrvd_relay.c:806 +msgid "unable to read from relay" +msgstr "impossível ler do servidor intermédio" + +#: logsrvd/logsrvd_relay.c:821 logsrvd/logsrvd_relay.c:939 +msgid "relay server closed connection" +msgstr "o servidor intermédio fechou a ligação" + +#: logsrvd/logsrvd_relay.c:839 +msgid "server message too large" +msgstr "mensagem do servidor muito grande" + +#: logsrvd/logsrvd_relay.c:903 +#, c-format +msgid "timed out writing to relay %s (%s)" +msgstr "expirou ao escrever no relé %s (%s)" + +#: logsrvd/logsrvd_relay.c:905 +msgid "timeout writing to relay" +msgstr "escrita no servidor intermédio expirou" + +#: logsrvd/logsrvd_relay.c:958 logsrvd/logsrvd_relay.c:964 +#: logsrvd/logsrvd_relay.c:974 +msgid "error writing to relay" +msgstr "erro ao escrever no servidor intermédio" + +#: logsrvd/sendlog.c:120 +msgid "send sudo I/O log to remote server" +msgstr "%s - enviar diário sudo E/S para o servidor remoto" + +#: logsrvd/sendlog.c:126 +msgid "only send an accept event (no I/O)" +msgstr "enviar só um evento de aceitação (sem E/S)" + +#: logsrvd/sendlog.c:129 +msgid "certificate bundle file to verify server's cert against" +msgstr "ficheiro de pacote de certificados contra o qual verificar o certificado do servidor" + +#: logsrvd/sendlog.c:131 +msgid "certificate file for TLS handshake" +msgstr "ficheiro de certificado para o TLS handshake" + +#: logsrvd/sendlog.c:134 +msgid "host to send logs to" +msgstr "anfitrião para onde enviar os diários" + +#: logsrvd/sendlog.c:136 +msgid "remote ID of I/O log to be resumed" +msgstr "a ID remota do diário de E/S a retomar" + +#: logsrvd/sendlog.c:139 +msgid "private key file" +msgstr "ficheiro de chave privada" + +#: logsrvd/sendlog.c:141 +msgid "do not verify server certificate" +msgstr "não verificar certificado do servidor" + +#: logsrvd/sendlog.c:144 +msgid "port to use when connecting to host" +msgstr "porta a usar ao ligar ao anfitrião" + +#: logsrvd/sendlog.c:146 +msgid "restart previous I/O log transfer" +msgstr "reiniciar transferência do diário de E/S prévia" + +#: logsrvd/sendlog.c:148 +msgid "reject the command with the given reason" +msgstr "rejeitar o comando com o motivo indicado" + +#: logsrvd/sendlog.c:150 +msgid "stop transfer after reaching this time" +msgstr "parar transferência após atingir este tempo" + +#: logsrvd/sendlog.c:152 +msgid "test audit server by sending selected I/O log n times in parallel" +msgstr "testar servidor de auditoria enviando o diário de E/S seleccionado n vezes em paralelo" + +#: logsrvd/sendlog.c:177 plugins/sudoers/log_client.c:437 #, c-format msgid "unable to look up %s:%s: %s" msgstr "impossível procurar %s:%s: %s" -#: logsrvd/sendlog.c:202 +#: logsrvd/sendlog.c:215 msgid "unable to get server IP addr" msgstr "impossível obter endereço IP do servidor" -#: logsrvd/sendlog.c:256 plugins/sudoers/sudoreplay.c:851 +#: logsrvd/sendlog.c:269 plugins/sudoers/sudoreplay.c:871 #, c-format msgid "unable to read %s/%s: %s" msgstr "impossível ler %s/%s: %s" -#: logsrvd/sendlog.c:277 plugins/sudoers/log_client.c:694 -#, c-format -msgid "client message too large: %zu" -msgstr "mensagem do cliente muito grande: %zu" - -#: logsrvd/sendlog.c:810 +#: logsrvd/sendlog.c:831 #, c-format msgid "%s: write buffer already in use" msgstr "%s: buffer de escrita já em uso" -#: logsrvd/sendlog.c:862 plugins/sudoers/iolog.c:880 -#: plugins/sudoers/iolog.c:949 +#: logsrvd/sendlog.c:892 plugins/sudoers/iolog.c:890 +#: plugins/sudoers/iolog.c:959 #, c-format msgid "unexpected I/O event %d" msgstr "evento de E/S %d inesperado" -#: logsrvd/sendlog.c:908 logsrvd/sendlog.c:925 logsrvd/sendlog.c:959 -#: plugins/sudoers/log_client.c:1118 plugins/sudoers/log_client.c:1386 -#: plugins/sudoers/log_client.c:1454 plugins/sudoers/log_client.c:1490 +#: logsrvd/sendlog.c:938 logsrvd/sendlog.c:955 logsrvd/sendlog.c:989 +#: plugins/sudoers/log_client.c:1142 plugins/sudoers/log_client.c:1419 +#: plugins/sudoers/log_client.c:1487 plugins/sudoers/log_client.c:1526 #, c-format msgid "%s: unexpected state %d" msgstr "%s: estado %d inesperado" -#: logsrvd/sendlog.c:931 plugins/sudoers/log_client.c:1460 -msgid "invalid ServerHello" -msgstr "ServerHello inválido" - -#: logsrvd/sendlog.c:995 plugins/sudoers/log_client.c:1534 +#: logsrvd/sendlog.c:1025 plugins/sudoers/log_client.c:1570 #, c-format msgid "error message received from server: %s" msgstr "recebida mensagem de erro do servidos: %s" -#: logsrvd/sendlog.c:1008 plugins/sudoers/log_client.c:1547 +#: logsrvd/sendlog.c:1038 plugins/sudoers/log_client.c:1583 #, c-format msgid "abort message received from server: %s" msgstr "recebida mensagem de aborto do servidos: %s" -#: logsrvd/sendlog.c:1027 plugins/sudoers/log_client.c:1566 -msgid "unable to unpack ServerMessage" -msgstr "impossível desempacotar ServerMessage" - -#: logsrvd/sendlog.c:1067 plugins/sudoers/log_client.c:1597 +#: logsrvd/sendlog.c:1097 plugins/sudoers/log_client.c:1633 #, c-format msgid "%s: unexpected type_case value %d" msgstr "%s: valor type_case %d inesperado" -#: logsrvd/sendlog.c:1096 +#: logsrvd/sendlog.c:1126 msgid "timeout reading from server" msgstr "leitura do servidor expirou" -#: logsrvd/sendlog.c:1174 +#: logsrvd/sendlog.c:1205 msgid "premature EOF" msgstr "EOF prematuro" -#: logsrvd/sendlog.c:1187 plugins/sudoers/log_client.c:1751 +#: logsrvd/sendlog.c:1218 plugins/sudoers/log_client.c:1791 #, c-format msgid "server message too large: %u" msgstr "mensagem do servidor muito grande: %u" -#: logsrvd/sendlog.c:1238 +#: logsrvd/sendlog.c:1269 msgid "timeout writing to server" msgstr "escrita no servidor expirou" -#: logsrvd/sendlog.c:1457 plugins/sudoers/log_client.c:296 +#: logsrvd/sendlog.c:1609 +msgid "both restart point and iolog ID must be specified" +msgstr "tem de especificar o ponto de reinício e a ID iolog" + +#: logsrvd/sendlog.c:1613 +msgid "a restart point may not be set when no I/O is sent" +msgstr "impossível definir um ponto de reinício sem E/S enviada" + +#: logsrvd/sendlog.c:1689 +#, c-format +msgid "exited prematurely with state %d" +msgstr "saída prematura com o estado %d" + +#: logsrvd/sendlog.c:1690 +#, c-format +msgid "elapsed time sent to server [%lld, %ld]" +msgstr "tempo decorrido de envio para o servidor [%lld, %ld]" + +#: logsrvd/sendlog.c:1692 +#, c-format +msgid "commit point received from server [%lld, %ld]" +msgstr "ponto de submissão recebido do servidor [%lld, %ld]" + +#: logsrvd/tls_client.c:111 plugins/sudoers/log_client.c:300 msgid "TLS handshake timeout occurred" -msgstr "handshake TLS expirou" +msgstr "TLS handshake expirou" -#: logsrvd/sendlog.c:1476 logsrvd/sendlog.c:1491 -#: plugins/sudoers/log_client.c:318 plugins/sudoers/log_client.c:334 +#: logsrvd/tls_client.c:131 logsrvd/tls_client.c:147 +#: plugins/sudoers/log_client.c:322 plugins/sudoers/log_client.c:338 msgid "unable to set event" msgstr "impossível definir o evento" -#: logsrvd/sendlog.c:1501 logsrvd/sendlog.c:1505 +#: logsrvd/tls_client.c:157 logsrvd/tls_client.c:161 #, c-format msgid "TLS connection failed: %s" -msgstr "falha na ligação TLS: %s" +msgstr "Falha na ligação TLS: %s" -#: logsrvd/sendlog.c:1538 +#: logsrvd/tls_client.c:195 #, c-format -msgid "Unable to initialize ssl context: %s" -msgstr "impossível inicializar contexto ssl: %s" +msgid "unable to allocate ssl object: %s" +msgstr "impossível alocar objecto ssl: %s" -#: logsrvd/sendlog.c:1543 plugins/sudoers/log_client.c:258 -#, c-format -msgid "Unable to allocate ssl object: %s" -msgstr "Impossível alocar objecto ssl: %s" - -#: logsrvd/sendlog.c:1548 +#: logsrvd/tls_client.c:208 #, c-format msgid "Unable to attach socket to the ssl object: %s" msgstr "Impossível anexar socket ao objecto ssl: %s" -#: logsrvd/sendlog.c:1792 -msgid "both restart point and iolog ID must be specified" -msgstr "tem de especificar o ponto de reinício e a ID iolog" +#: logsrvd/tls_client.c:236 +msgid "unable to initialize TLS context" +msgstr "impossível inicializar contexto TLS" -#: logsrvd/sendlog.c:1796 -msgid "a restart point may not be set when no I/O is sent" -msgstr "impossível definir um ponto de reinício sem E/S enviada" +#: logsrvd/tls_init.c:126 logsrvd/tls_init.c:134 +#, c-format +msgid "unable to set TLS 1.2 ciphersuite to %s: %s" +msgstr "impossível definir TLS 1.2 ciphersuite como %s: %s" -#: logsrvd/sendlog.c:1871 +#: logsrvd/tls_init.c:154 logsrvd/tls_init.c:162 #, c-format -msgid "exited prematurely with state %d" -msgstr "saída prematura com o estado %d" +msgid "unable to set TLS 1.3 ciphersuite to %s: %s" +msgstr "impossível definir TLS 1.3 ciphersuite como %s: %s" -#: logsrvd/sendlog.c:1872 +#: logsrvd/tls_init.c:197 #, c-format -msgid "elapsed time sent to server [%lld, %ld]" -msgstr "tempo decorrido de envio para o servidor [%lld, %ld]" +msgid "unable to create TLS context: %s" +msgstr "impossível criar contexto TLS: %s" -#: logsrvd/sendlog.c:1874 +#: logsrvd/tls_init.c:203 #, c-format -msgid "commit point received from server [%lld, %ld]" -msgstr "ponto de submissão recebido do servidor [%lld, %ld]" +msgid "unable to set minimum protocol version to TLS 1.2: %s" +msgstr "impossível definir versão mínima do protocolo como TLS 1.2: %s" -#: plugins/sudoers/alias.c:148 +#: logsrvd/tls_init.c:279 #, c-format -msgid "Alias \"%s\" already defined" -msgstr "Aliás \"%s\" já definido" +msgid "unable to set diffie-hellman parameters: %s" +msgstr "impossível definir parâmetros diffie-hellman: %s" -#: plugins/sudoers/audit.c:206 plugins/sudoers/audit.c:343 -#: plugins/sudoers/log_client.c:954 plugins/sudoers/log_client.c:1002 -#: plugins/sudoers/log_client.c:1050 plugins/sudoers/log_client.c:1175 -#: plugins/sudoers/logging.c:548 plugins/sudoers/policy.c:114 +#: logsrvd/tls_init.c:288 +#, c-format +msgid "unable to read diffie-hellman parameters: %s" +msgstr "impossível ler parâmetros diffie-hellman: %s" + +#: plugins/sudoers/audit.c:267 plugins/sudoers/audit.c:422 +#: plugins/sudoers/log_client.c:975 plugins/sudoers/log_client.c:1024 +#: plugins/sudoers/log_client.c:1073 plugins/sudoers/log_client.c:1199 +#: plugins/sudoers/logging.c:554 plugins/sudoers/logging.c:648 +#: plugins/sudoers/logging.c:810 plugins/sudoers/policy.c:123 msgid "unable to get time of day" msgstr "impossível obter hora do dia" @@ -1011,38 +1403,38 @@ msgid "unable to initialize PAM: %s" msgstr "impossível inicializar PAM: %s" -#: plugins/sudoers/auth/pam.c:317 +#: plugins/sudoers/auth/pam.c:340 #, c-format msgid "PAM authentication error: %s" -msgstr "erro de autenticação PAM: %s" +msgstr "Erro de autenticação PAM: %s" -#: plugins/sudoers/auth/pam.c:336 +#: plugins/sudoers/auth/pam.c:359 msgid "account validation failure, is your account locked?" msgstr "falha na validação de conta, tem a conta trancada?" -#: plugins/sudoers/auth/pam.c:347 +#: plugins/sudoers/auth/pam.c:370 msgid "Account or password is expired, reset your password and try again" msgstr "Conta ou senha expiradas, reponha a sua senha e tente novamente" -#: plugins/sudoers/auth/pam.c:353 +#: plugins/sudoers/auth/pam.c:376 #, c-format msgid "unable to change expired password: %s" msgstr "impossível alterar senha expirada: %s" -#: plugins/sudoers/auth/pam.c:364 +#: plugins/sudoers/auth/pam.c:387 msgid "Password expired, contact your system administrator" msgstr "Senha expirada, contacte o administrador do sistema" -#: plugins/sudoers/auth/pam.c:369 +#: plugins/sudoers/auth/pam.c:392 msgid "Account expired or PAM config lacks an \"account\" section for sudo, contact your system administrator" msgstr "Conta expirada ou configuração PAM sem secção \"account\" para sudo, contacte o administrador do sistema" -#: plugins/sudoers/auth/pam.c:377 plugins/sudoers/auth/pam.c:382 +#: plugins/sudoers/auth/pam.c:400 plugins/sudoers/auth/pam.c:405 #, c-format msgid "PAM account management error: %s" msgstr "Erro de gestão de conta PAM: %s" -#: plugins/sudoers/auth/rfc1938.c:99 plugins/sudoers/visudo.c:243 +#: plugins/sudoers/auth/rfc1938.c:99 plugins/sudoers/visudo.c:241 #, c-format msgid "you do not exist in the %s database" msgstr "utilizador não existente na base de dados %s" @@ -1069,7 +1461,7 @@ #: plugins/sudoers/auth/securid5.c:119 msgid "SecurID communication failed" -msgstr "falha na comunicação SecurID" +msgstr "Falha na comunicação SecurID" #: plugins/sudoers/auth/securid5.c:123 plugins/sudoers/auth/securid5.c:210 msgid "unknown SecurID error" @@ -1115,7 +1507,17 @@ msgid "unable to commit audit record" msgstr "impossível submeter registo de auditoria" -#: plugins/sudoers/check.c:258 +#: plugins/sudoers/check.c:264 +#, c-format +msgid "error reading lecture file %s" +msgstr "erro ao ler ficheiro de palestra %s" + +#: plugins/sudoers/check.c:270 +#, c-format +msgid "ignoring lecture file %s: not a regular file" +msgstr "a ignorar ficheiro de palestra %s: não é um ficheiro normal" + +#: plugins/sudoers/check.c:283 msgid "" "\n" "We trust you have received the usual lecture from the local System\n" @@ -1135,20 +1537,32 @@ " 3) lembre-se que com grande poder vem grande responsabilidade.\n" "\n" -#: plugins/sudoers/check.c:301 plugins/sudoers/check.c:311 -#: plugins/sudoers/sudoers.c:837 plugins/sudoers/sudoers.c:858 +#: plugins/sudoers/check.c:331 plugins/sudoers/check.c:341 +#: plugins/sudoers/sudoers.c:876 plugins/sudoers/sudoers.c:897 #: plugins/sudoers/tsdump.c:119 #, c-format -msgid "unknown uid: %u" -msgstr "uid desconhecida: %u" +msgid "unknown uid %u" +msgstr "uid desconhecida %u" -#: plugins/sudoers/check.c:306 plugins/sudoers/exptilde.c:85 -#: plugins/sudoers/iolog.c:118 plugins/sudoers/policy.c:1088 -#: plugins/sudoers/sudoers.c:440 plugins/sudoers/sudoers.c:1307 -#: plugins/sudoers/testsudoers.c:219 plugins/sudoers/testsudoers.c:386 +#: plugins/sudoers/check_aliases.c:56 #, c-format -msgid "unknown user: %s" -msgstr "utilizador desconhecido: %s" +msgid "Error: %s:%d:%d: cycle in %s \"%s\"" +msgstr "Erro: %s:%d:%d: ciclo em %s \"%s\"" + +#: plugins/sudoers/check_aliases.c:57 +#, c-format +msgid "Warning: %s:%d:%d: cycle in %s \"%s\"" +msgstr "Aviso: %s:%d:%d: ciclo em %s \"%s\"" + +#: plugins/sudoers/check_aliases.c:61 +#, c-format +msgid "Error: %s:%d:%d: %s \"%s\" referenced but not defined" +msgstr "Erro: %s:%d:%d: %s \"%s\" referenciado mas não definido" + +#: plugins/sudoers/check_aliases.c:62 +#, c-format +msgid "Warning: %s:%d:%d: %s \"%s\" referenced but not defined" +msgstr "Aviso: %s:%d:%d: %s \"%s\" referenciado mas não definido" #: plugins/sudoers/cvtsudoers.c:194 #, c-format @@ -1165,12 +1579,12 @@ msgid "order padding: %s: %s" msgstr "espaço de ordem: %s: %s" -#: plugins/sudoers/cvtsudoers.c:230 plugins/sudoers/visudo.c:179 +#: plugins/sudoers/cvtsudoers.c:230 plugins/sudoers/visudo.c:177 #, c-format msgid "%s grammar version %d\n" msgstr "%s versão gramatical %d\n" -#: plugins/sudoers/cvtsudoers.c:247 plugins/sudoers/testsudoers.c:167 +#: plugins/sudoers/cvtsudoers.c:247 plugins/sudoers/testsudoers.c:159 #, c-format msgid "unsupported input format %s" msgstr "formato de entrada %s não suportado" @@ -1185,9 +1599,10 @@ msgid "%s: input and output files must be different" msgstr "%s: os ficheiros de entrada e saída têm de ser diferentes" -#: plugins/sudoers/cvtsudoers.c:330 plugins/sudoers/sudoers.c:178 -#: plugins/sudoers/testsudoers.c:258 plugins/sudoers/visudo.c:249 -#: plugins/sudoers/visudo.c:603 plugins/sudoers/visudo.c:926 +#: plugins/sudoers/cvtsudoers.c:330 plugins/sudoers/sudoers.c:159 +#: plugins/sudoers/sudoers.c:205 plugins/sudoers/testsudoers.c:254 +#: plugins/sudoers/visudo.c:247 plugins/sudoers/visudo.c:597 +#: plugins/sudoers/visudo.c:917 msgid "unable to initialize sudoers default values" msgstr "impossível inicializar valores predefinidos de sudoers" @@ -1198,8 +1613,8 @@ #: plugins/sudoers/cvtsudoers.c:475 #, c-format -msgid "%s: unknown key word: %s" -msgstr "%s: palavra-chave desconhecida: %s" +msgid "%s: unknown key word %s" +msgstr "%s: palavra-chave desconhecida %s" #: plugins/sudoers/cvtsudoers.c:521 #, c-format @@ -1216,37 +1631,28 @@ msgid "invalid filter: %s" msgstr "filtro inválido: %s" -#: plugins/sudoers/cvtsudoers.c:617 plugins/sudoers/cvtsudoers.c:634 -#: plugins/sudoers/cvtsudoers.c:1244 plugins/sudoers/cvtsudoers_json.c:872 -#: plugins/sudoers/cvtsudoers_ldif.c:688 plugins/sudoers/sudoers.c:1053 -#: plugins/sudoers/sudoreplay.c:1435 plugins/sudoers/timestamp.c:441 -#: plugins/sudoers/tsdump.c:128 plugins/sudoers/visudo.c:922 -#, c-format -msgid "unable to open %s" -msgstr "impossível abrir %s" - -#: plugins/sudoers/cvtsudoers.c:637 plugins/sudoers/visudo.c:931 +#: plugins/sudoers/cvtsudoers.c:642 plugins/sudoers/visudo.c:922 #, c-format msgid "failed to parse %s file, unknown error" msgstr "falha ao analisar o ficheiro %s, erro desconhecido" -#: plugins/sudoers/cvtsudoers.c:645 +#: plugins/sudoers/cvtsudoers.c:650 #, c-format msgid "parse error in %s near line %d\n" msgstr "erro de análise em %s, perto da linha %d\n" -#: plugins/sudoers/cvtsudoers.c:648 +#: plugins/sudoers/cvtsudoers.c:653 #, c-format msgid "parse error in %s\n" msgstr "erro de análise em %s\n" -#: plugins/sudoers/cvtsudoers.c:1291 plugins/sudoers/sudoreplay.c:1124 -#: plugins/sudoers/timestamp.c:325 plugins/sudoers/timestamp.c:328 +#: plugins/sudoers/cvtsudoers.c:1296 plugins/sudoers/sudoreplay.c:1145 +#: plugins/sudoers/timestamp.c:317 plugins/sudoers/timestamp.c:320 #, c-format msgid "unable to write to %s" msgstr "impossível escrever em %s" -#: plugins/sudoers/cvtsudoers.c:1314 +#: plugins/sudoers/cvtsudoers.c:1319 #, c-format msgid "" "%s - convert between sudoers file formats\n" @@ -1255,7 +1661,7 @@ "%s - converte entre formatos de ficheiros sudoers\n" "\n" -#: plugins/sudoers/cvtsudoers.c:1316 +#: plugins/sudoers/cvtsudoers.c:1321 msgid "" "\n" "Options:\n" @@ -1296,7 +1702,7 @@ " -V, --version mostra informação da versão e sai" #: plugins/sudoers/cvtsudoers_json.c:480 plugins/sudoers/cvtsudoers_json.c:514 -#: plugins/sudoers/cvtsudoers_json.c:713 +#: plugins/sudoers/cvtsudoers_json.c:718 #, c-format msgid "unknown defaults entry \"%s\"" msgstr "entrada de predefinições \"%s\" desconhecida" @@ -1313,12 +1719,12 @@ msgid "unable to format timestamp" msgstr "impossível formatar datação" -#: plugins/sudoers/cvtsudoers_ldif.c:640 +#: plugins/sudoers/cvtsudoers_ldif.c:644 #, c-format msgid "too many sudoers entries, maximum %u" msgstr "demasiadas entradas sudoers, máximo %u" -#: plugins/sudoers/cvtsudoers_ldif.c:683 +#: plugins/sudoers/cvtsudoers_ldif.c:687 msgid "the SUDOERS_BASE environment variable is not set and the -b option was not specified." msgstr "a variável de ambiente SUDOERS_BASE não está definida e a opção -b não foi especificada." @@ -1889,18 +2295,47 @@ #: plugins/sudoers/def_data.c:562 #, c-format msgid "Working directory to change to before executing the command: %s" -msgstr "pasta de trabalho a alterar antes de executar o comando: %s" +msgstr "Pasta de trabalho a alterar antes de executar o comando: %s" #: plugins/sudoers/def_data.c:566 #, c-format msgid "Root directory to change to before executing the command: %s" -msgstr "pasta raiz a alterar antes de executar o comando: %s" +msgstr "Pasta raiz a alterar antes de executar o comando: %s" #: plugins/sudoers/def_data.c:570 #, c-format msgid "The format of logs to produce: %s" msgstr "O formato de diários a produzir: %s" +#: plugins/sudoers/def_data.c:574 +msgid "Enable SELinux RBAC support" +msgstr "Activar suporte a SELinux RBAC" + +#: plugins/sudoers/def_data.c:578 +#, c-format +msgid "Path to the file that is created the first time sudo is run: %s" +msgstr "Caminho para o ficheiro criado na 1ª execução de sudo: %s" + +#: plugins/sudoers/def_data.c:582 +msgid "Intercept further commands and apply sudoers restrictions to them" +msgstr "Interceptar comandos posteriores e aplicar-lhes restrições sudoers" + +#: plugins/sudoers/def_data.c:586 +msgid "Log any child processes run by the command" +msgstr "Registar processos filho executados pelo comando" + +#: plugins/sudoers/def_data.c:590 +msgid "Log the exit status of commands" +msgstr "Registar estado da saída de comandos" + +#: plugins/sudoers/def_data.c:594 +msgid "Subsequent commands in an intercepted session must be authenticated" +msgstr "Comandos subsequentes numa sessão interceptada têm de ser autenticados" + +#: plugins/sudoers/def_data.c:598 +msgid "Allow an intercepted command to run set setuid or setgid programs" +msgstr "Permitir que um comando interceptado execute os programas setuid ou setgid" + #: plugins/sudoers/defaults.c:185 #, c-format msgid "%s:%d:%d: unknown defaults entry \"%s\"" @@ -1921,75 +2356,85 @@ msgid "%s: no value specified for \"%s\"" msgstr "%s sem valor especificado para \"%s\"" -#: plugins/sudoers/defaults.c:275 +#: plugins/sudoers/defaults.c:250 +#, c-format +msgid "%s:%d:%d: invalid operator \"%c=\" for \"%s\"" +msgstr "%s:%d:%d: operador \"%c=\" inválido para \"%s\"" + +#: plugins/sudoers/defaults.c:253 +#, c-format +msgid "%s: invalid operator \"%c=\" for \"%s\"" +msgstr "%s: operador \"%c=\" inválido para \"%s\"" + +#: plugins/sudoers/defaults.c:289 #, c-format msgid "%s:%d:%d: option \"%s\" does not take a value" msgstr "%s:%d:%d: opção \"%s\" não recebe valores" -#: plugins/sudoers/defaults.c:278 +#: plugins/sudoers/defaults.c:292 #, c-format msgid "%s: option \"%s\" does not take a value" msgstr "%s opção \"%s\" não recebe valores" -#: plugins/sudoers/defaults.c:303 +#: plugins/sudoers/defaults.c:317 #, c-format msgid "%s:%d:%d: invalid Defaults type 0x%x for option \"%s\"" msgstr "%s:%d:%d: tipo Defaults 0x%x inválido para a opção \"%s\"" -#: plugins/sudoers/defaults.c:306 +#: plugins/sudoers/defaults.c:320 #, c-format msgid "%s: invalid Defaults type 0x%x for option \"%s\"" msgstr "%s tipo Defaults 0x%x inválido para a opção \"%s\"" -#: plugins/sudoers/defaults.c:316 +#: plugins/sudoers/defaults.c:330 #, c-format msgid "%s:%d:%d: value \"%s\" is invalid for option \"%s\"" msgstr "%s:%d:%d: valor \"%s\" é inválido para a opção \"%s\"" -#: plugins/sudoers/defaults.c:319 +#: plugins/sudoers/defaults.c:333 #, c-format msgid "%s: value \"%s\" is invalid for option \"%s\"" msgstr "%s valor \"%s\" é inválido para a opção \"%s\"" -#: plugins/sudoers/defaults.c:1030 +#: plugins/sudoers/defaults.c:1054 #, c-format msgid "%s:%d:%d: values for \"%s\" must start with a '/', '~', or '*'" msgstr "%s:%d:%d: valores para \"%s\" têm de começar com \"/\", \"~\" ou \"*\"" -#: plugins/sudoers/defaults.c:1034 +#: plugins/sudoers/defaults.c:1058 #, c-format msgid "%s: values for \"%s\" must start with a '/', '~', or '*'" msgstr "%s: valores para \"%s\" têm de começar com \"/\", \"~\" ou \"*\"" -#: plugins/sudoers/defaults.c:1045 +#: plugins/sudoers/defaults.c:1069 #, c-format msgid "%s:%d:%d: values for \"%s\" must start with a '/'" msgstr "%s:%d:%d: valores para \"%s\" têm de começar com \"/\"" -#: plugins/sudoers/defaults.c:1049 +#: plugins/sudoers/defaults.c:1073 #, c-format msgid "%s: values for \"%s\" must start with a '/'" msgstr "%s valores para \"%s\" têm de começar com \"/\"" -#: plugins/sudoers/env.c:405 +#: plugins/sudoers/env.c:412 msgid "sudo_putenv: corrupted envp, length mismatch" msgstr "sudo_putenv: envp corrompido, tamanho trocado" -#: plugins/sudoers/env.c:1133 +#: plugins/sudoers/env.c:1095 msgid "unable to rebuild the environment" msgstr "impossível reconstruir o ambiente" -#: plugins/sudoers/env.c:1207 +#: plugins/sudoers/env.c:1169 #, c-format msgid "sorry, you are not allowed to set the following environment variables: %s" msgstr "desculpe, não tem permissão para definir as seguintes variáveis de ambiente: %s" -#: plugins/sudoers/file.c:107 +#: plugins/sudoers/file.c:108 #, c-format msgid "parse error in %s near line %d" msgstr "erro de análise em %s perto da linha %d" -#: plugins/sudoers/file.c:110 +#: plugins/sudoers/file.c:111 #, c-format msgid "parse error in %s" msgstr "erro de análise em %s" @@ -2029,56 +2474,51 @@ msgid "%s: incompatible group plugin major version %d, expected %d" msgstr "%s: versão principal de extensão de grupo %d incompatível, esperada %d" -#: plugins/sudoers/interfaces.c:80 plugins/sudoers/interfaces.c:97 +#: plugins/sudoers/interfaces.c:76 plugins/sudoers/interfaces.c:93 #, c-format msgid "unable to parse IP address \"%s\"" msgstr "impossível analisar endereço IP \"%s\"" -#: plugins/sudoers/interfaces.c:85 plugins/sudoers/interfaces.c:102 +#: plugins/sudoers/interfaces.c:81 plugins/sudoers/interfaces.c:98 #, c-format msgid "unable to parse netmask \"%s\"" msgstr "impossível analisar netmask \"%s\"" -#: plugins/sudoers/interfaces.c:130 +#: plugins/sudoers/interfaces.c:126 msgid "Local IP address and netmask pairs:\n" msgstr "Pares endereço IP local e netmask:\n" -#: plugins/sudoers/iolog.c:143 plugins/sudoers/sudoers.c:445 -#: plugins/sudoers/sudoers.c:1341 plugins/sudoers/testsudoers.c:410 -#, c-format -msgid "unknown group: %s" -msgstr "grupo desconhecido: %s" - -#: plugins/sudoers/iolog.c:622 +#: plugins/sudoers/iolog.c:632 msgid "unable to update sequence file" msgstr "impossível actualizar o ficheiro de sequência" -#: plugins/sudoers/iolog.c:653 plugins/sudoers/iolog.c:841 -#: plugins/sudoers/iolog.c:994 plugins/sudoers/iolog.c:1001 -#: plugins/sudoers/iolog.c:1122 plugins/sudoers/iolog.c:1129 -#: plugins/sudoers/iolog.c:1228 plugins/sudoers/iolog.c:1235 +#: plugins/sudoers/iolog.c:663 plugins/sudoers/iolog.c:851 +#: plugins/sudoers/iolog.c:1004 plugins/sudoers/iolog.c:1011 +#: plugins/sudoers/iolog.c:1132 plugins/sudoers/iolog.c:1139 +#: plugins/sudoers/iolog.c:1238 plugins/sudoers/iolog.c:1245 #, c-format msgid "unable to write to I/O log file: %s" msgstr "impossível escrever no ficheiro de E/S: %s" -#: plugins/sudoers/iolog.c:661 +#: plugins/sudoers/iolog.c:671 #, c-format msgid "unable to create %s/%s" msgstr "impossível criar %s/%s" -#: plugins/sudoers/iolog.c:886 +#: plugins/sudoers/iolog.c:896 #, c-format msgid "%s: internal error, I/O log file for event %d not open" msgstr "%s: erro interno, ficheiro de diário E/S do evento %d não aberto" -#: plugins/sudoers/iolog.c:979 plugins/sudoers/iolog.c:1107 -#: plugins/sudoers/iolog.c:1212 plugins/sudoers/timestamp.c:855 -#: plugins/sudoers/timestamp.c:947 plugins/sudoers/visudo.c:493 -#: plugins/sudoers/visudo.c:499 +#: plugins/sudoers/iolog.c:989 plugins/sudoers/iolog.c:1117 +#: plugins/sudoers/iolog.c:1222 plugins/sudoers/timestamp.c:849 +#: plugins/sudoers/timestamp.c:941 plugins/sudoers/visudo.c:487 +#: plugins/sudoers/visudo.c:493 msgid "unable to read the clock" msgstr "impossível ler o relógio" -#: plugins/sudoers/iolog.c:1204 plugins/sudoers/log_client.c:1193 +#: plugins/sudoers/iolog.c:1214 plugins/sudoers/log_client.c:1217 +#: plugins/sudoers/log_client.c:1227 plugins/sudoers/log_client.c:1231 #, c-format msgid "%s: internal error, invalid signal %d" msgstr "%s: erro interno, sinal inválido %d" @@ -2106,7 +2546,7 @@ msgid "start_tls specified but LDAP libs do not support ldap_start_tls_s() or ldap_start_tls_s_np()" msgstr "start_tls especificado mas LDAP libs não suporta ldap_start_tls_s() ou ldap_start_tls_s_np()" -#: plugins/sudoers/ldap.c:1834 plugins/sudoers/parse_ldif.c:744 +#: plugins/sudoers/ldap.c:1834 plugins/sudoers/parse_ldif.c:746 #, c-format msgid "invalid sudoOrder attribute: %s" msgstr "atributo sudoOrder inválido: %s" @@ -2125,100 +2565,132 @@ msgid "unable to mix ldap and ldaps URIs" msgstr "impossível misturar URIs ldap e ldaps" -#: plugins/sudoers/ldap_util.c:553 plugins/sudoers/ldap_util.c:555 +#: plugins/sudoers/ldap_util.c:496 plugins/sudoers/ldap_util.c:503 +#: plugins/sudoers/ldap_util.c:511 plugins/sudoers/ldap_util.c:520 +#: plugins/sudoers/ldap_util.c:528 plugins/sudoers/ldap_util.c:538 +#: plugins/sudoers/ldap_util.c:546 +#, c-format +msgid "duplicate sudoOption: %s%s%s" +msgstr "sudoOption duplicada: %s%s%s" + +#: plugins/sudoers/ldap_util.c:565 plugins/sudoers/ldap_util.c:567 #, c-format msgid "unable to convert sudoOption: %s%s%s" msgstr "impossível converter sudoOption: %s%s%s" -#: plugins/sudoers/linux_audit.c:58 +#: plugins/sudoers/linux_audit.c:58 plugins/sudoers/linux_audit.c:60 msgid "unable to open audit system" msgstr "impossível abrir o sistema de auditoria" -#: plugins/sudoers/linux_audit.c:101 +#: plugins/sudoers/linux_audit.c:103 msgid "unable to send audit message" msgstr "impossível enviar mensagem de auditoria" -#: plugins/sudoers/log_client.c:113 plugins/sudoers/log_client.c:391 -#: plugins/sudoers/log_client.c:1431 plugins/sudoers/log_client.c:2023 +#: plugins/sudoers/log_client.c:116 plugins/sudoers/log_client.c:396 +#: plugins/sudoers/log_client.c:1464 plugins/sudoers/log_client.c:2061 msgid "error in event loop" msgstr "erro no ciclo do evento" -#: plugins/sudoers/log_client.c:193 +#: plugins/sudoers/log_client.c:196 #, c-format msgid "Creation of new SSL_CTX object failed: %s" msgstr "Falha ao criar o novo objecto SSL_CTX: %s" -#: plugins/sudoers/log_client.c:345 plugins/sudoers/log_client.c:350 +#: plugins/sudoers/log_client.c:219 +#, c-format +msgid "unable to load certificate authority bundle %s" +msgstr "impossível carregar pacote da autoridade do certificado %s" + +#: plugins/sudoers/log_client.c:239 +#, c-format +msgid "unable to load certificate %s" +msgstr "impossível carregar certificado %s" + +#: plugins/sudoers/log_client.c:252 +#, c-format +msgid "unable to load private key %s" +msgstr "impossível carregar chave privada %s" + +#: plugins/sudoers/log_client.c:261 +#, c-format +msgid "Unable to allocate ssl object: %s" +msgstr "Impossível alocar objecto ssl: %s" + +#: plugins/sudoers/log_client.c:349 plugins/sudoers/log_client.c:354 #, c-format msgid "TLS connection to %s:%s failed: %s" msgstr "Ligação TLS a %s:%s falhou: %s" -#: plugins/sudoers/log_client.c:519 +#: plugins/sudoers/log_client.c:527 msgid "TLS initialization was unsuccessful" msgstr "Inicialização TLS sem sucesso" -#: plugins/sudoers/log_client.c:528 +#: plugins/sudoers/log_client.c:537 msgid "TLS handshake was unsuccessful" -msgstr "handshake TLS sem sucesso" +msgstr "TLS handshake sem sucesso" -#: plugins/sudoers/log_client.c:1202 +#: plugins/sudoers/log_client.c:1235 #, c-format msgid "%s: internal error, invalid exit status %d" msgstr "%s: erro interno, sinal de saída %d inválido" -#: plugins/sudoers/log_client.c:1738 +#: plugins/sudoers/log_client.c:1602 +msgid "unable to unpack ServerMessage" +msgstr "impossível desempacotar ServerMessage" + +#: plugins/sudoers/log_client.c:1754 plugins/sudoers/log_client.c:1778 msgid "lost connection to log server" msgstr "ligação ao servidor de diários perdida" -#: plugins/sudoers/log_client.c:1815 +#: plugins/sudoers/log_client.c:1855 msgid "missing write buffer" msgstr "buffer de escrita em falta" -#: plugins/sudoers/log_client.c:1964 +#: plugins/sudoers/log_client.c:2002 msgid "unable to connect to log server" msgstr "impossível ligar ao servidor de diários" -#: plugins/sudoers/logging.c:244 +#: plugins/sudoers/logging.c:283 msgid "user NOT in sudoers" msgstr "utilizador NÃO está no sudores" -#: plugins/sudoers/logging.c:246 +#: plugins/sudoers/logging.c:285 msgid "user NOT authorized on host" msgstr "utilizador NÃO autorizado no anfitrião" -#: plugins/sudoers/logging.c:248 +#: plugins/sudoers/logging.c:287 msgid "command not allowed" msgstr "comando não permitido" -#: plugins/sudoers/logging.c:269 +#: plugins/sudoers/logging.c:308 #, c-format msgid "%s is not in the sudoers file. This incident will be reported.\n" msgstr "%s não está no ficheiro sudoers. O incidente será reportado.\n" -#: plugins/sudoers/logging.c:272 +#: plugins/sudoers/logging.c:311 #, c-format msgid "%s is not allowed to run sudo on %s. This incident will be reported.\n" msgstr "%s não tem permissão para executar sudo em %s. O incidente será reportado.\n" -#: plugins/sudoers/logging.c:276 +#: plugins/sudoers/logging.c:315 #, c-format msgid "Sorry, user %s may not run sudo on %s.\n" msgstr "Desculpe, %s não pode executar sudo em %s.\n" -#: plugins/sudoers/logging.c:279 +#: plugins/sudoers/logging.c:318 #, c-format msgid "Sorry, user %s is not allowed to execute '%s%s%s' as %s%s%s on %s.\n" msgstr "Desculpe, %s não tem permissão para executar \"%s%s%s\" como %s%s%s em %s.\n" -#: plugins/sudoers/logging.c:316 plugins/sudoers/sudoers.c:583 -#: plugins/sudoers/sudoers.c:585 plugins/sudoers/sudoers.c:587 -#: plugins/sudoers/sudoers.c:589 plugins/sudoers/sudoers.c:739 -#: plugins/sudoers/sudoers.c:741 +#: plugins/sudoers/logging.c:355 plugins/sudoers/sudoers.c:629 +#: plugins/sudoers/sudoers.c:631 plugins/sudoers/sudoers.c:633 +#: plugins/sudoers/sudoers.c:635 plugins/sudoers/sudoers.c:776 +#: plugins/sudoers/sudoers.c:778 #, c-format msgid "%s: command not found" msgstr "%s: comando não encontrado" -#: plugins/sudoers/logging.c:318 plugins/sudoers/sudoers.c:579 +#: plugins/sudoers/logging.c:357 plugins/sudoers/sudoers.c:625 #, c-format msgid "" "ignoring \"%s\" found in '.'\n" @@ -2227,27 +2699,22 @@ "a ignorar \"%s\" encontrado em \".\"\n" "Use \"sudo ./%s\" se este é o \"%s\" que deseja executar." -#: plugins/sudoers/logging.c:337 +#: plugins/sudoers/logging.c:376 #, c-format msgid "%u incorrect password attempt" msgid_plural "%u incorrect password attempts" msgstr[0] "%u tentativa incorrecta" msgstr[1] "%u tentativas incorrectas" -#: plugins/sudoers/logging.c:393 +#: plugins/sudoers/logging.c:432 msgid "authentication failure" msgstr "falha de autenticação" -#: plugins/sudoers/logging.c:433 plugins/sudoers/logging.c:453 +#: plugins/sudoers/logging.c:472 plugins/sudoers/logging.c:492 msgid "a password is required" msgstr "é necessária uma senha" -#: plugins/sudoers/logging.c:729 -#, c-format -msgid "unable to open log file: %s" -msgstr "impossível abrir o diário: %s" - -#: plugins/sudoers/logging.c:762 +#: plugins/sudoers/logging.c:889 #, c-format msgid "unable to write log file: %s" msgstr "impossível escrever o diário: %s" @@ -2257,7 +2724,7 @@ msgid "digest for %s (%s) is not in %s form" msgstr "resumo para %s (%s) não está na forma %s" -#: plugins/sudoers/parse.c:518 +#: plugins/sudoers/parse.c:537 #, c-format msgid "" "\n" @@ -2266,7 +2733,7 @@ "\n" "Papel LDAP: %s\n" -#: plugins/sudoers/parse.c:521 +#: plugins/sudoers/parse.c:540 msgid "" "\n" "Sudoers entry:\n" @@ -2274,104 +2741,110 @@ "\n" "Entrada sudoers:\n" -#: plugins/sudoers/parse.c:523 +#: plugins/sudoers/parse.c:542 msgid " RunAsUsers: " msgstr " RunAsUsers: " -#: plugins/sudoers/parse.c:538 +#: plugins/sudoers/parse.c:557 msgid " RunAsGroups: " msgstr " RunAsGroups: " -#: plugins/sudoers/parse.c:548 +#: plugins/sudoers/parse.c:567 msgid " Options: " msgstr " Opções: " -#: plugins/sudoers/parse.c:602 +#: plugins/sudoers/parse.c:623 msgid " Commands:\n" msgstr " Comandos:\n" -#: plugins/sudoers/parse.c:793 +#: plugins/sudoers/parse.c:814 #, c-format msgid "Matching Defaults entries for %s on %s:\n" msgstr "Entradas Defaults correspondentes para %s em %s:\n" -#: plugins/sudoers/parse.c:811 +#: plugins/sudoers/parse.c:832 #, c-format msgid "Runas and Command-specific defaults for %s:\n" msgstr "Predefinições Runas específicas de comandos para %s:\n" -#: plugins/sudoers/parse.c:829 +#: plugins/sudoers/parse.c:850 #, c-format msgid "User %s may run the following commands on %s:\n" msgstr "O utilizador %s pode executar os seguintes comandos em %s:\n" -#: plugins/sudoers/parse.c:844 +#: plugins/sudoers/parse.c:865 #, c-format msgid "User %s is not allowed to run sudo on %s.\n" msgstr "O utilizador %s não tem permissão para executar sudo em %s.\n" -#: plugins/sudoers/parse_ldif.c:614 +#: plugins/sudoers/parse_ldif.c:616 #, c-format msgid "ignoring incomplete sudoRole: cn: %s" msgstr "a ignorar sudoRole incompleto: cn: %s" -#: plugins/sudoers/parse_ldif.c:674 +#: plugins/sudoers/parse_ldif.c:676 #, c-format msgid "invalid LDIF attribute: %s" msgstr "atributo LDIF inválido: %s" -#: plugins/sudoers/policy.c:78 plugins/sudoers/policy.c:102 +#: plugins/sudoers/policy.c:80 plugins/sudoers/policy.c:111 #, c-format msgid "invalid %.*s set by sudo front-end" msgstr "%.*s inválido definido pelo front-end do sudo" -#: plugins/sudoers/policy.c:310 plugins/sudoers/testsudoers.c:272 +#: plugins/sudoers/policy.c:320 plugins/sudoers/testsudoers.c:268 msgid "unable to parse network address list" msgstr "impossível analisar a lista de endereços da rede" -#: plugins/sudoers/policy.c:455 +#: plugins/sudoers/policy.c:471 msgid "user name not set by sudo front-end" msgstr "nome de utilizador não definido pelo front-end do sudo" -#: plugins/sudoers/policy.c:459 +#: plugins/sudoers/policy.c:475 msgid "user-ID not set by sudo front-end" msgstr "ID de utilizador não definida pelo front-end do sudo" -#: plugins/sudoers/policy.c:463 +#: plugins/sudoers/policy.c:479 msgid "group-ID not set by sudo front-end" msgstr "ID de grupo não definida pelo front-end do sudo" -#: plugins/sudoers/policy.c:467 +#: plugins/sudoers/policy.c:483 msgid "host name not set by sudo front-end" -msgstr "Nome de anfitrião não definido pelo front-end do sudo" +msgstr "nome de anfitrião não definido pelo front-end do sudo" -#: plugins/sudoers/policy.c:643 +#: plugins/sudoers/policy.c:685 #, c-format msgid "invalid working directory: %s" msgstr "pasta de trabalho inválida: %s" -#: plugins/sudoers/policy.c:811 +#: plugins/sudoers/policy.c:861 #, c-format msgid "invalid chroot directory: %s" msgstr "pasta chroot inválida: %s" -#: plugins/sudoers/policy.c:947 plugins/sudoers/visudo.c:231 -#: plugins/sudoers/visudo.c:860 +#: plugins/sudoers/policy.c:996 plugins/sudoers/visudo.c:229 +#: plugins/sudoers/visudo.c:851 #, c-format msgid "unable to execute %s" msgstr "impossível executar %s" -#: plugins/sudoers/policy.c:1111 +#: plugins/sudoers/policy.c:1066 plugins/sudoers/policy.c:1103 +#: plugins/sudoers/policy.c:1125 plugins/sudoers/policy.c:1151 +#, c-format +msgid "%s: invalid mode flags from sudo front end: 0x%x" +msgstr "%s: bandeiras de modo inválidas do front-end do sudo: 0x%x" + +#: plugins/sudoers/policy.c:1182 #, c-format msgid "Sudoers policy plugin version %s\n" msgstr "Extensão de política sudoers versão %s\n" -#: plugins/sudoers/policy.c:1113 +#: plugins/sudoers/policy.c:1184 #, c-format msgid "Sudoers file grammar version %d\n" msgstr "Gramática do ficheiro sudoers versão %d\n" -#: plugins/sudoers/policy.c:1117 +#: plugins/sudoers/policy.c:1188 #, c-format msgid "" "\n" @@ -2380,132 +2853,137 @@ "\n" "Caminho do sudoers: %s\n" -#: plugins/sudoers/policy.c:1120 +#: plugins/sudoers/policy.c:1191 #, c-format msgid "nsswitch path: %s\n" msgstr "caminho nsswitch: %s\n" -#: plugins/sudoers/policy.c:1122 +#: plugins/sudoers/policy.c:1193 #, c-format msgid "ldap.conf path: %s\n" msgstr "caminho do ldap.conf: %s\n" -#: plugins/sudoers/policy.c:1123 +#: plugins/sudoers/policy.c:1194 #, c-format msgid "ldap.secret path: %s\n" msgstr "caminho do ldap.secret: %s\n" -#: plugins/sudoers/policy.c:1156 +#: plugins/sudoers/policy.c:1227 #, c-format msgid "unable to register hook of type %d (version %d.%d)" msgstr "impossível registar hook do tipo %d (versão %d.%d)" -#: plugins/sudoers/pwutil.c:217 plugins/sudoers/pwutil.c:235 +#: plugins/sudoers/policy.c:1245 +#, c-format +msgid "unable to deregister hook of type %d (version %d.%d)" +msgstr "impossível de-registar hook do tipo %d (versão %d.%d)" + +#: plugins/sudoers/pwutil.c:218 plugins/sudoers/pwutil.c:236 #, c-format msgid "unable to cache uid %u" msgstr "impossível guardar uid %u" -#: plugins/sudoers/pwutil.c:229 +#: plugins/sudoers/pwutil.c:230 #, c-format msgid "unable to cache uid %u, already exists" msgstr "impossível guardar uid %u, já existe" -#: plugins/sudoers/pwutil.c:289 plugins/sudoers/pwutil.c:307 -#: plugins/sudoers/pwutil.c:370 plugins/sudoers/pwutil.c:415 +#: plugins/sudoers/pwutil.c:290 plugins/sudoers/pwutil.c:308 +#: plugins/sudoers/pwutil.c:371 plugins/sudoers/pwutil.c:416 #, c-format msgid "unable to cache user %s" msgstr "impossível guardar utilizador %s" -#: plugins/sudoers/pwutil.c:302 +#: plugins/sudoers/pwutil.c:303 #, c-format msgid "unable to cache user %s, already exists" msgstr "impossível guardar utilizador %s, já existe" -#: plugins/sudoers/pwutil.c:534 plugins/sudoers/pwutil.c:552 +#: plugins/sudoers/pwutil.c:535 plugins/sudoers/pwutil.c:553 #, c-format msgid "unable to cache gid %u" msgstr "impossível guardar gid %u" -#: plugins/sudoers/pwutil.c:546 +#: plugins/sudoers/pwutil.c:547 #, c-format msgid "unable to cache gid %u, already exists" msgstr "impossível guardar gid %u, já existe" -#: plugins/sudoers/pwutil.c:599 plugins/sudoers/pwutil.c:617 -#: plugins/sudoers/pwutil.c:665 plugins/sudoers/pwutil.c:707 +#: plugins/sudoers/pwutil.c:601 plugins/sudoers/pwutil.c:619 +#: plugins/sudoers/pwutil.c:680 plugins/sudoers/pwutil.c:729 #, c-format msgid "unable to cache group %s" msgstr "impossível guardar grupo %s" -#: plugins/sudoers/pwutil.c:612 +#: plugins/sudoers/pwutil.c:614 #, c-format msgid "unable to cache group %s, already exists" msgstr "impossível guardar grupo %s, já existe" -#: plugins/sudoers/pwutil.c:834 plugins/sudoers/pwutil.c:885 -#: plugins/sudoers/pwutil.c:935 plugins/sudoers/pwutil.c:987 +#: plugins/sudoers/pwutil.c:876 plugins/sudoers/pwutil.c:927 +#: plugins/sudoers/pwutil.c:977 plugins/sudoers/pwutil.c:1029 #, c-format msgid "unable to cache group list for %s, already exists" msgstr "impossível guardar lista de grupo para %s, já existe" -#: plugins/sudoers/pwutil.c:840 plugins/sudoers/pwutil.c:890 -#: plugins/sudoers/pwutil.c:941 plugins/sudoers/pwutil.c:992 +#: plugins/sudoers/pwutil.c:882 plugins/sudoers/pwutil.c:932 +#: plugins/sudoers/pwutil.c:983 plugins/sudoers/pwutil.c:1034 #, c-format msgid "unable to cache group list for %s" msgstr "impossível guardar lista de grupos para %s" -#: plugins/sudoers/pwutil.c:879 +#: plugins/sudoers/pwutil.c:921 #, c-format msgid "unable to parse groups for %s" msgstr "impossível analisar grupos para %s" -#: plugins/sudoers/pwutil.c:981 +#: plugins/sudoers/pwutil.c:1023 #, c-format msgid "unable to parse gids for %s" msgstr "impossível analisar gids para %s" -#: plugins/sudoers/set_perms.c:114 plugins/sudoers/set_perms.c:441 -#: plugins/sudoers/set_perms.c:844 plugins/sudoers/set_perms.c:1150 -#: plugins/sudoers/set_perms.c:1444 +#: plugins/sudoers/set_perms.c:114 plugins/sudoers/set_perms.c:445 +#: plugins/sudoers/set_perms.c:852 plugins/sudoers/set_perms.c:1162 +#: plugins/sudoers/set_perms.c:1460 msgid "perm stack overflow" msgstr "transporte de pilha perm" -#: plugins/sudoers/set_perms.c:122 plugins/sudoers/set_perms.c:372 -#: plugins/sudoers/set_perms.c:449 plugins/sudoers/set_perms.c:711 -#: plugins/sudoers/set_perms.c:852 plugins/sudoers/set_perms.c:1074 -#: plugins/sudoers/set_perms.c:1158 plugins/sudoers/set_perms.c:1377 -#: plugins/sudoers/set_perms.c:1452 plugins/sudoers/set_perms.c:1542 +#: plugins/sudoers/set_perms.c:125 plugins/sudoers/set_perms.c:376 +#: plugins/sudoers/set_perms.c:456 plugins/sudoers/set_perms.c:719 +#: plugins/sudoers/set_perms.c:863 plugins/sudoers/set_perms.c:1086 +#: plugins/sudoers/set_perms.c:1173 plugins/sudoers/set_perms.c:1393 +#: plugins/sudoers/set_perms.c:1471 plugins/sudoers/set_perms.c:1562 msgid "perm stack underflow" msgstr "importe de pilha perm" -#: plugins/sudoers/set_perms.c:181 plugins/sudoers/set_perms.c:495 -#: plugins/sudoers/set_perms.c:1211 plugins/sudoers/set_perms.c:1485 +#: plugins/sudoers/set_perms.c:185 plugins/sudoers/set_perms.c:503 +#: plugins/sudoers/set_perms.c:1227 plugins/sudoers/set_perms.c:1505 msgid "unable to change to root gid" msgstr "impossível mudar para gid root" -#: plugins/sudoers/set_perms.c:272 plugins/sudoers/set_perms.c:592 -#: plugins/sudoers/set_perms.c:983 plugins/sudoers/set_perms.c:1288 +#: plugins/sudoers/set_perms.c:276 plugins/sudoers/set_perms.c:600 +#: plugins/sudoers/set_perms.c:995 plugins/sudoers/set_perms.c:1304 msgid "unable to change to runas gid" msgstr "impossível mudar para gid runas" -#: plugins/sudoers/set_perms.c:277 plugins/sudoers/set_perms.c:597 -#: plugins/sudoers/set_perms.c:988 plugins/sudoers/set_perms.c:1293 +#: plugins/sudoers/set_perms.c:281 plugins/sudoers/set_perms.c:605 +#: plugins/sudoers/set_perms.c:1000 plugins/sudoers/set_perms.c:1309 msgid "unable to set runas group vector" msgstr "impossível definir vector de grupo runas" -#: plugins/sudoers/set_perms.c:288 plugins/sudoers/set_perms.c:608 -#: plugins/sudoers/set_perms.c:997 plugins/sudoers/set_perms.c:1302 +#: plugins/sudoers/set_perms.c:292 plugins/sudoers/set_perms.c:616 +#: plugins/sudoers/set_perms.c:1009 plugins/sudoers/set_perms.c:1318 msgid "unable to change to runas uid" msgstr "impossível mudar para uid runas" -#: plugins/sudoers/set_perms.c:306 plugins/sudoers/set_perms.c:626 -#: plugins/sudoers/set_perms.c:1013 plugins/sudoers/set_perms.c:1318 +#: plugins/sudoers/set_perms.c:310 plugins/sudoers/set_perms.c:634 +#: plugins/sudoers/set_perms.c:1025 plugins/sudoers/set_perms.c:1334 msgid "unable to change to sudoers gid" msgstr "impossível mudar para gid sudoers" -#: plugins/sudoers/set_perms.c:359 plugins/sudoers/set_perms.c:698 -#: plugins/sudoers/set_perms.c:1061 plugins/sudoers/set_perms.c:1364 -#: plugins/sudoers/set_perms.c:1529 +#: plugins/sudoers/set_perms.c:363 plugins/sudoers/set_perms.c:706 +#: plugins/sudoers/set_perms.c:1073 plugins/sudoers/set_perms.c:1380 +#: plugins/sudoers/set_perms.c:1549 msgid "too many processes" msgstr "demasiados processos" @@ -2534,248 +3012,254 @@ msgid "unable to find symbol \"%s\" in %s" msgstr "impossível encontrar símbolo \"%s\" em %s" -#: plugins/sudoers/sudoers.c:214 plugins/sudoers/sudoers.c:1010 +#: plugins/sudoers/sudoers.c:166 plugins/sudoers/sudoers.c:174 +#: plugins/sudoers/sudoers.c:228 plugins/sudoers/sudoers.c:249 +#: plugins/sudoers/sudoers.c:1040 msgid "problem with defaults entries" msgstr "problema com entradas defaults" -#: plugins/sudoers/sudoers.c:218 +#: plugins/sudoers/sudoers.c:253 msgid "no valid sudoers sources found, quitting" msgstr "sme fontes sudoers válidas, a sair" -#: plugins/sudoers/sudoers.c:292 +#: plugins/sudoers/sudoers.c:327 #, c-format msgid "user not allowed to change root directory to %s" msgstr "utilizador sem permissão para alterar pasta chroot para %s" -#: plugins/sudoers/sudoers.c:294 +#: plugins/sudoers/sudoers.c:329 #, c-format msgid "you are not permitted to use the -R option with %s" msgstr "não tem permissão para usar a opção -R com %s" -#: plugins/sudoers/sudoers.c:319 +#: plugins/sudoers/sudoers.c:354 #, c-format msgid "user not allowed to change directory to %s" msgstr "utilizador sem permissão para alterar pasta para %s" -#: plugins/sudoers/sudoers.c:320 +#: plugins/sudoers/sudoers.c:355 #, c-format msgid "you are not permitted to use the -D option with %s" msgstr "não tem permissão para usar a opção -D com %s" -#: plugins/sudoers/sudoers.c:351 +#: plugins/sudoers/sudoers.c:382 +msgid "no command specified" +msgstr "nenhum comando especificado" + +#: plugins/sudoers/sudoers.c:407 msgid "sudoers specifies that root is not allowed to sudo" msgstr "sudoers especifica que root não tem permissão para sudo" -#: plugins/sudoers/sudoers.c:411 +#: plugins/sudoers/sudoers.c:457 msgid "user not allowed to override closefrom limit" msgstr "utilizador não autorizado a sobrepor o limite closefrom" -#: plugins/sudoers/sudoers.c:412 +#: plugins/sudoers/sudoers.c:458 msgid "you are not permitted to use the -C option" msgstr "não tem permissão para usar a opção -C" -#: plugins/sudoers/sudoers.c:472 +#: plugins/sudoers/sudoers.c:518 #, c-format msgid "timestamp owner (%s): No such user" msgstr "dono da datação (%s): utilizador inexistente" -#: plugins/sudoers/sudoers.c:487 +#: plugins/sudoers/sudoers.c:533 msgid "no tty" msgstr "sem tty" -#: plugins/sudoers/sudoers.c:488 +#: plugins/sudoers/sudoers.c:534 msgid "sorry, you must have a tty to run sudo" msgstr "desculpe, tem de ter um tty para executar sudo" -#: plugins/sudoers/sudoers.c:495 +#: plugins/sudoers/sudoers.c:541 #, c-format msgid "invalid shell for user %s: %s" msgstr "shell inválida para o utilizador %s: %s" -#: plugins/sudoers/sudoers.c:578 +#: plugins/sudoers/sudoers.c:624 msgid "command in current directory" msgstr "comando na pasta actual" -#: plugins/sudoers/sudoers.c:597 +#: plugins/sudoers/sudoers.c:643 msgid "user not allowed to set a command timeout" msgstr "utilizador sem permissão para definir um tempo de expiração" -#: plugins/sudoers/sudoers.c:599 +#: plugins/sudoers/sudoers.c:645 msgid "sorry, you are not allowed set a command timeout" msgstr "desculpe, não tem permissão para definir um tempo de inacção" -#: plugins/sudoers/sudoers.c:607 +#: plugins/sudoers/sudoers.c:653 msgid "user not allowed to preserve the environment" msgstr "utilizador sem permissão para definir preservar o ambiente" -#: plugins/sudoers/sudoers.c:609 +#: plugins/sudoers/sudoers.c:655 msgid "sorry, you are not allowed to preserve the environment" msgstr "desculpe, não tem permissão para preservar o ambiente" -#: plugins/sudoers/sudoers.c:945 +#: plugins/sudoers/sudoers.c:989 msgid "command too long" msgstr "comando muito longo" -#: plugins/sudoers/sudoers.c:1003 +#: plugins/sudoers/sudoers.c:1028 msgid "sudoedit doesn't need to be run via sudo" msgstr "sudoedit não precisa de ser executado via sudo" -#: plugins/sudoers/sudoers.c:1057 plugins/sudoers/sudoreplay.c:1547 +#: plugins/sudoers/sudoers.c:1087 plugins/sudoers/sudoreplay.c:1568 #: plugins/sudoers/tsdump.c:138 #, c-format msgid "unable to read %s" msgstr "impossível ler %s" -#: plugins/sudoers/sudoers.c:1082 plugins/sudoers/visudo.c:432 -#: plugins/sudoers/visudo.c:726 +#: plugins/sudoers/sudoers.c:1112 plugins/sudoers/visudo.c:426 +#: plugins/sudoers/visudo.c:720 #, c-format msgid "unable to stat %s" msgstr "impossível obter informações de %s" -#: plugins/sudoers/sudoers.c:1086 plugins/sudoers/visudo.c:1018 +#: plugins/sudoers/sudoers.c:1116 plugins/sudoers/visudo.c:1009 #, c-format msgid "%s is not a regular file" msgstr "%s não é um ficheiro normal" -#: plugins/sudoers/sudoers.c:1090 plugins/sudoers/timestamp.c:252 toke.l:1112 +#: plugins/sudoers/sudoers.c:1120 plugins/sudoers/timestamp.c:252 toke.l:1148 #, c-format msgid "%s is owned by uid %u, should be %u" msgstr "%s é propriedade de uid %u, deveria ser %u" -#: plugins/sudoers/sudoers.c:1094 toke.l:1117 +#: plugins/sudoers/sudoers.c:1124 toke.l:1153 #, c-format msgid "%s is world writable" msgstr "%s é escrito universalmente" -#: plugins/sudoers/sudoers.c:1098 toke.l:1120 +#: plugins/sudoers/sudoers.c:1128 toke.l:1156 #, c-format msgid "%s is owned by gid %u, should be %u" msgstr "%s é propriedade de gid %u, deveria ser %u" -#: plugins/sudoers/sudoers.c:1131 +#: plugins/sudoers/sudoers.c:1161 #, c-format msgid "only root can use \"-c %s\"" msgstr "só root pode usar \"-c %s\"" -#: plugins/sudoers/sudoers.c:1150 +#: plugins/sudoers/sudoers.c:1180 #, c-format -msgid "unknown login class: %s" -msgstr "classe de sessão desconhecida: %s" +msgid "unknown login class %s" +msgstr "classe de sessão desconhecida %s" -#: plugins/sudoers/sudoers.c:1235 plugins/sudoers/sudoers.c:1250 +#: plugins/sudoers/sudoers.c:1266 plugins/sudoers/sudoers.c:1281 #, c-format msgid "unable to resolve host %s" msgstr "impossível resolver o anfitrião %s" -#: plugins/sudoers/sudoreplay.c:257 +#: plugins/sudoers/sudoreplay.c:259 #, c-format msgid "invalid filter option: %s" msgstr "opção de filtro inválida: %s" -#: plugins/sudoers/sudoreplay.c:273 +#: plugins/sudoers/sudoreplay.c:275 #, c-format msgid "invalid max wait: %s" msgstr "espera máxima inválida: %s" -#: plugins/sudoers/sudoreplay.c:296 +#: plugins/sudoers/sudoreplay.c:298 #, c-format msgid "invalid speed factor: %s" msgstr "factor de velocidade inválido: %s" -#: plugins/sudoers/sudoreplay.c:332 +#: plugins/sudoers/sudoreplay.c:333 +#, c-format +msgid "invalid time offset %s" +msgstr "desvio de tempo %s inválido" + +#: plugins/sudoers/sudoreplay.c:342 #, c-format msgid "%s/%.2s/%.2s/%.2s: %s" msgstr "%s/%.2s/%.2s/%.2s: %s" -#: plugins/sudoers/sudoreplay.c:337 +#: plugins/sudoers/sudoreplay.c:347 #, c-format msgid "%s/timing: %s" msgstr "%s/temporização: %s" -#: plugins/sudoers/sudoreplay.c:341 -#, c-format -msgid "%s/%s: %s" -msgstr "%s/%s: %s" - -#: plugins/sudoers/sudoreplay.c:365 +#: plugins/sudoers/sudoreplay.c:375 #, c-format msgid "Replaying sudo session: %s" msgstr "A reproduzir sessão sudo: %s" -#: plugins/sudoers/sudoreplay.c:627 +#: plugins/sudoers/sudoreplay.c:637 msgid "unable to set tty to raw mode" msgstr "impossível definir tty para modo raw" -#: plugins/sudoers/sudoreplay.c:678 +#: plugins/sudoers/sudoreplay.c:688 msgid "Warning: your terminal is too small to properly replay the log.\n" msgstr "Aviso: o seu terminal é muito pequeno para reproduzir correctamente o diário.\n" -#: plugins/sudoers/sudoreplay.c:679 +#: plugins/sudoers/sudoreplay.c:689 #, c-format msgid "Log geometry is %d x %d, your terminal's geometry is %d x %d." msgstr "A geometria do diário é %d x %d, o seu terminal é %d x %d." -#: plugins/sudoers/sudoreplay.c:707 +#: plugins/sudoers/sudoreplay.c:717 msgid "Replay finished, press any key to restore the terminal." msgstr "Reprodução terminada, prima qualquer tecla para restaurar o terminal." -#: plugins/sudoers/sudoreplay.c:1197 plugins/sudoers/sudoreplay.c:1227 +#: plugins/sudoers/sudoreplay.c:1218 plugins/sudoers/sudoreplay.c:1248 #, c-format msgid "ambiguous expression \"%s\"" msgstr "expressão ambígua \"%s\"" -#: plugins/sudoers/sudoreplay.c:1249 +#: plugins/sudoers/sudoreplay.c:1270 msgid "unmatched ')' in expression" msgstr "\")\" sem par em expressão" -#: plugins/sudoers/sudoreplay.c:1253 +#: plugins/sudoers/sudoreplay.c:1274 #, c-format msgid "unknown search term \"%s\"" msgstr "termo de procura \"%s\" desconhecido" -#: plugins/sudoers/sudoreplay.c:1268 +#: plugins/sudoers/sudoreplay.c:1289 #, c-format msgid "%s requires an argument" msgstr "%s requer um argumento" -#: plugins/sudoers/sudoreplay.c:1271 plugins/sudoers/sudoreplay.c:1523 +#: plugins/sudoers/sudoreplay.c:1292 plugins/sudoers/sudoreplay.c:1544 #, c-format msgid "invalid regular expression: %s" msgstr "expressão regular inválida: %s" -#: plugins/sudoers/sudoreplay.c:1276 +#: plugins/sudoers/sudoreplay.c:1297 #, c-format msgid "could not parse date \"%s\"" msgstr "impossível analisar a data \"%s\"" -#: plugins/sudoers/sudoreplay.c:1285 +#: plugins/sudoers/sudoreplay.c:1306 msgid "unmatched '(' in expression" msgstr "\"(\" sem par em expressão" -#: plugins/sudoers/sudoreplay.c:1287 +#: plugins/sudoers/sudoreplay.c:1308 msgid "illegal trailing \"or\"" msgstr "\"or\" final ilegal" -#: plugins/sudoers/sudoreplay.c:1289 +#: plugins/sudoers/sudoreplay.c:1310 msgid "illegal trailing \"!\"" msgstr "\"!\" final ilegal" -#: plugins/sudoers/sudoreplay.c:1347 +#: plugins/sudoers/sudoreplay.c:1368 #, c-format msgid "unknown search type %d" msgstr "tipo de procura %d desconhecido" -#: plugins/sudoers/sudoreplay.c:1614 +#: plugins/sudoers/sudoreplay.c:1635 #, c-format msgid "usage: %s [-hnRS] [-d dir] [-m num] [-s num] ID\n" msgstr "uso: %s [-hnRS] [-d pasta] [-m núm] [-s núm] ID\n" -#: plugins/sudoers/sudoreplay.c:1617 +#: plugins/sudoers/sudoreplay.c:1638 #, c-format msgid "usage: %s [-h] [-d dir] -l [search expression]\n" msgstr "uso: %s [-h] [-d pasta] -l [expressão de procura]\n" -#: plugins/sudoers/sudoreplay.c:1626 +#: plugins/sudoers/sudoreplay.c:1647 #, c-format msgid "" "%s - replay sudo session logs\n" @@ -2784,7 +3268,7 @@ "%s - reproduz os diários de sessão sudo\n" "\n" -#: plugins/sudoers/sudoreplay.c:1628 +#: plugins/sudoers/sudoreplay.c:1649 msgid "" "\n" "Options:\n" @@ -2812,11 +3296,11 @@ " -s, --speed=número acelera ou trava a saída\n" " -V, --version mostra informação da versão e sai" -#: plugins/sudoers/testsudoers.c:348 +#: plugins/sudoers/testsudoers.c:344 msgid "\thost unmatched" msgstr "\thost sem correspondência" -#: plugins/sudoers/testsudoers.c:351 +#: plugins/sudoers/testsudoers.c:347 msgid "" "\n" "Command allowed" @@ -2824,7 +3308,7 @@ "\n" "Comando permitido" -#: plugins/sudoers/testsudoers.c:352 +#: plugins/sudoers/testsudoers.c:348 msgid "" "\n" "Command denied" @@ -2832,7 +3316,7 @@ "\n" "Comando negado" -#: plugins/sudoers/testsudoers.c:352 +#: plugins/sudoers/testsudoers.c:348 msgid "" "\n" "Command unmatched" @@ -2845,121 +3329,121 @@ msgid "%s is group writable" msgstr "%s é escrito pelo grupo" -#: plugins/sudoers/timestamp.c:336 plugins/sudoers/timestamp.c:680 +#: plugins/sudoers/timestamp.c:328 plugins/sudoers/timestamp.c:663 #, c-format msgid "unable to truncate time stamp file to %lld bytes" msgstr "impossível truncar o ficheiro de datação para %lld bytes" -#: plugins/sudoers/timestamp.c:866 +#: plugins/sudoers/timestamp.c:860 msgid "ignoring time stamp from the future" msgstr "a ignorar datação do futuro" -#: plugins/sudoers/timestamp.c:889 +#: plugins/sudoers/timestamp.c:883 #, c-format msgid "time stamp too far in the future: %20.20s" msgstr "datação demasiado no futuro: %20.20s" -#: plugins/sudoers/timestamp.c:1011 +#: plugins/sudoers/timestamp.c:1005 #, c-format msgid "unable to lock time stamp file %s" msgstr "impossível bloquear ficheiro de datação %s" -#: plugins/sudoers/timestamp.c:1055 plugins/sudoers/timestamp.c:1075 +#: plugins/sudoers/timestamp.c:1049 plugins/sudoers/timestamp.c:1069 #, c-format msgid "lecture status path too long: %s/%s" msgstr "caminho do estado da lição de moral muito longo: %s/%s" -#: plugins/sudoers/toke_util.c:124 +#: plugins/sudoers/toke_util.c:150 msgid "sudoedit should not be specified with a path" msgstr "sudoedit não deve ser especificado com um caminho" -#: plugins/sudoers/visudo.c:226 +#: plugins/sudoers/visudo.c:224 msgid "the -x option will be removed in a future release" msgstr "a opção -x será removida numa futura versão" -#: plugins/sudoers/visudo.c:228 +#: plugins/sudoers/visudo.c:226 msgid "please consider using the cvtsudoers utility instead" msgstr "por favor, considere usar antes o utilitário cvtsudoers" -#: plugins/sudoers/visudo.c:279 plugins/sudoers/visudo.c:659 +#: plugins/sudoers/visudo.c:277 plugins/sudoers/visudo.c:653 #, c-format msgid "press return to edit %s: " msgstr "prima Enter para editar %s: " -#: plugins/sudoers/visudo.c:340 +#: plugins/sudoers/visudo.c:338 #, c-format msgid "specified editor (%s) doesn't exist" msgstr "o editor especificado (%s) não existe" -#: plugins/sudoers/visudo.c:342 +#: plugins/sudoers/visudo.c:340 #, c-format msgid "no editor found (editor path = %s)" msgstr "sem editor (caminho do editor = %s)" -#: plugins/sudoers/visudo.c:452 plugins/sudoers/visudo.c:460 +#: plugins/sudoers/visudo.c:446 plugins/sudoers/visudo.c:454 msgid "write error" msgstr "erro de escrita" -#: plugins/sudoers/visudo.c:506 +#: plugins/sudoers/visudo.c:500 #, c-format msgid "unable to stat temporary file (%s), %s unchanged" msgstr "impossível obter informação do ficheiro temporário (%s), %s inalterado" -#: plugins/sudoers/visudo.c:513 +#: plugins/sudoers/visudo.c:507 #, c-format msgid "zero length temporary file (%s), %s unchanged" msgstr "ficheiro temporário de tamanho zero (%s), %s inalterado" -#: plugins/sudoers/visudo.c:519 +#: plugins/sudoers/visudo.c:513 #, c-format msgid "editor (%s) failed, %s unchanged" msgstr "falha no editor (%s), %s inalterado" -#: plugins/sudoers/visudo.c:541 +#: plugins/sudoers/visudo.c:535 #, c-format msgid "%s unchanged" msgstr "%s inalterado" -#: plugins/sudoers/visudo.c:598 +#: plugins/sudoers/visudo.c:592 #, c-format msgid "unable to re-open temporary file (%s), %s unchanged." msgstr "impossível reabrir o ficheiro temporário (%s), %s inalterado." -#: plugins/sudoers/visudo.c:610 +#: plugins/sudoers/visudo.c:604 #, c-format msgid "unable to parse temporary file (%s), unknown error" msgstr "impossível analisar o ficheiro temporário (%s), erro desconhecido" -#: plugins/sudoers/visudo.c:648 +#: plugins/sudoers/visudo.c:642 #, c-format msgid "internal error, unable to find %s in list!" msgstr "erro interno, impossível encontrar %s na lista!" -#: plugins/sudoers/visudo.c:728 plugins/sudoers/visudo.c:737 +#: plugins/sudoers/visudo.c:722 plugins/sudoers/visudo.c:731 #, c-format msgid "unable to set (uid, gid) of %s to (%u, %u)" msgstr "impossível definir (uid, gid) de %s para (%u, %u)" -#: plugins/sudoers/visudo.c:760 +#: plugins/sudoers/visudo.c:754 #, c-format msgid "%s and %s not on the same file system, using mv to rename" msgstr "%s e %s em sistemas de ficheiros diferentes, a usar mv para renomear" -#: plugins/sudoers/visudo.c:774 +#: plugins/sudoers/visudo.c:765 #, c-format msgid "command failed: '%s %s %s', %s unchanged" msgstr "falha no comando: \"%s %s %s\", %s inalterado" -#: plugins/sudoers/visudo.c:784 +#: plugins/sudoers/visudo.c:775 #, c-format msgid "error renaming %s, %s unchanged" msgstr "erro ao renomear %s, %s inalterado" -#: plugins/sudoers/visudo.c:805 +#: plugins/sudoers/visudo.c:796 msgid "What now? " -msgstr "E agora?" +msgstr "E agora? " -#: plugins/sudoers/visudo.c:819 +#: plugins/sudoers/visudo.c:810 msgid "" "Options are:\n" " (e)dit sudoers file again\n" @@ -2971,66 +3455,41 @@ " (x) sair sem gravar as alterações ao ficheiro sudoers\n" " (Q) sair e gravar as alterações ao ficheiro sudoers (PERIGO!)\n" -#: plugins/sudoers/visudo.c:865 +#: plugins/sudoers/visudo.c:856 #, c-format msgid "unable to run %s" msgstr "impossível executar %s" -#: plugins/sudoers/visudo.c:895 +#: plugins/sudoers/visudo.c:886 #, c-format msgid "%s: wrong owner (uid, gid) should be (%u, %u)\n" msgstr "%s: dono errrado (uid, gid), deveria ser (%u, %u)\n" -#: plugins/sudoers/visudo.c:902 +#: plugins/sudoers/visudo.c:893 #, c-format msgid "%s: bad permissions, should be mode 0%o\n" msgstr "%s: permissões erradas, devia ser modo 0%o\n" -#: plugins/sudoers/visudo.c:951 plugins/sudoers/visudo.c:958 +#: plugins/sudoers/visudo.c:942 plugins/sudoers/visudo.c:949 #, c-format msgid "%s: parsed OK\n" msgstr "%s: análise com sucesso\n" -#: plugins/sudoers/visudo.c:977 +#: plugins/sudoers/visudo.c:968 #, c-format msgid "%s busy, try again later" msgstr "%s ocupado, tente mais tarde" -#: plugins/sudoers/visudo.c:980 -#, c-format -msgid "unable to lock %s" -msgstr "impossível bloquear %s" - -#: plugins/sudoers/visudo.c:981 +#: plugins/sudoers/visudo.c:972 msgid "Edit anyway? [y/N]" msgstr "Editar mesmo assim ? [y/N]" -#: plugins/sudoers/visudo.c:1091 -#, c-format -msgid "Error: %s:%d:%d: cycle in %s \"%s\"" -msgstr "Erro: %s:%d:%d: ciclo em %s \"%s\"" - -#: plugins/sudoers/visudo.c:1092 -#, c-format -msgid "Warning: %s:%d:%d: cycle in %s \"%s\"" -msgstr "Aviso: %s:%d:%d: ciclo em %s \"%s\"" - -#: plugins/sudoers/visudo.c:1096 -#, c-format -msgid "Error: %s:%d:%d: %s \"%s\" referenced but not defined" -msgstr "Erro: %s:%d:%d: %s \"%s\" referenciado mas não definido" - -#: plugins/sudoers/visudo.c:1097 -#, c-format -msgid "Warning: %s:%d:%d: %s \"%s\" referenced but not defined" -msgstr "Aviso: %s:%d:%d: %s \"%s\" referenciado mas não definido" - -#: plugins/sudoers/visudo.c:1188 +#: plugins/sudoers/visudo.c:1068 #, c-format msgid "Warning: %s:%d:%d: unused %s \"%s\"" msgstr "Aviso: %s:%d:%d: não usado %s \"%s\"" -#: plugins/sudoers/visudo.c:1303 +#: plugins/sudoers/visudo.c:1184 #, c-format msgid "" "%s - safely edit the sudoers file\n" @@ -3039,7 +3498,7 @@ "%s - editar com segurança o ficheiro sudoers\n" "\n" -#: plugins/sudoers/visudo.c:1305 +#: plugins/sudoers/visudo.c:1186 msgid "" "\n" "Options:\n" @@ -3059,40 +3518,96 @@ " -s, --strict verificação de sintaxe estrita\n" " -V, --version mostra informação da versão e sai\n" -#: toke.l:179 +#: toke.l:187 msgid "empty string" msgstr "cadeia vazia" -#: toke.l:189 toke.l:491 +#: toke.l:199 toke.l:513 msgid "empty group" msgstr "grupo vazio" -#: toke.l:197 toke.l:489 +#: toke.l:209 toke.l:511 msgid "empty netgroup" msgstr "grupo de rede vazio" -#: toke.l:293 toke.l:305 toke.l:317 toke.l:333 toke.l:352 toke.l:392 +#: toke.l:305 toke.l:317 toke.l:329 toke.l:345 toke.l:364 toke.l:404 msgid "invalid line continuation" msgstr "continuação de linha inválida" -#: toke.l:528 toke.l:540 +#: toke.l:550 toke.l:562 msgid "invalid IPv6 address" msgstr "endereço IPv6 inválido" -#: toke.l:764 +#: toke.l:789 msgid "unexpected line break in string" msgstr "quebra de linha inesperada em cadeia" -#: toke.l:1084 +#: toke.l:1119 msgid "too many levels of includes" msgstr "demasiados níveis de includes" +#~ msgid "%s:%d unknown key: %s" +#~ msgstr "%s:%d chave desconhecida: %s" + +#~ msgid "unable to get TLS server method: %s" +#~ msgstr "impossível obter método TLS do servidor: %s" + +#~ msgid "%s:%u unable to parse \"%s\"" +#~ msgstr "%s:%u impossível analisar \"%s\"" + +#~ msgid "" +#~ "\n" +#~ "Options:\n" +#~ " -f, --file path to configuration file\n" +#~ " -h --help display help message and exit\n" +#~ " -n, --no-fork do not fork, run in the foreground\n" +#~ " -R, --random-drop percent chance connections will drop\n" +#~ " -V, --version display version information and exit\n" +#~ msgstr "" +#~ "\n" +#~ "Opções:\n" +#~ " -f, --file caminho para o ficheiro de configuração\n" +#~ " -h --help mostrar a mensagem de ajuda e sair\n" +#~ " -n, --no-fork não bifurcar, executar em 2º plano\n" +#~ " -R, --random-drop percentagem de hipóteses das ligações caírem\n" +#~ " -V, --version mostrar informação da versão e sair\n" + +#~ msgid "" +#~ "\n" +#~ "Options:\n" +#~ " --help display help message and exit\n" +#~ " -A, --accept only send an accept event (no I/O)\n" +#~ " -h, --host host to send logs to\n" +#~ " -i, --iolog_id remote ID of I/O log to be resumed\n" +#~ " -p, --port port to use when connecting to host\n" +#~ " -r, --restart restart previous I/O log transfer\n" +#~ " -R, --reject reject the command with the given reason\n" +#~ " -b, --ca-bundle certificate bundle file to verify server's cert against\n" +#~ " -c, --cert certificate file for TLS handshake\n" +#~ " -k, --key private key file\n" +#~ " -n, --no-verify do not verify server certificate\n" +#~ " -t, --test test audit server by sending selected I/O log n times in parallel\n" +#~ " -V, --version display version information and exit\n" +#~ msgstr "" +#~ "\n" +#~ "Opções:\n" +#~ " --help mostrar a mensagem de ajuda e sair\n" +#~ " -A, --accept enviar só um evento de aceitação (sem E/S)\n" +#~ " -h, --host anfitrião a quem enviar os diários\n" +#~ " -i, --iolog_id ID remota do diário de E/S a resumir\n" +#~ " -p, --port porta a usar ao ligar ao anfitrião\n" +#~ " -r, --restart reiniciar a transferência de diário de E/S prévia\n" +#~ " -R, --reject rejeitar o comando com o motivo dado\n" +#~ " -b, --ca-bundle ficheiro de pacote de certificados para comparar com o do servidor\n" +#~ " -c, --cert ficheiro de certificado para o handshake TLS\n" +#~ " -k, --key ficheiro de chave privada\n" +#~ " -n, --no-verify não verificar o certificado do servidor\n" +#~ " -t, --test testar servidor de auditoria enviando o diário de E/S seleccionado n vezes em paralelo\n" +#~ " -V, --version mostrar informação da versão e sair\n" + #~ msgid "Preload the dummy exec functions contained in the sudo_noexec library" #~ msgstr "Pré-carregar as funções dummy exec contidas na biblioteca sudo_noexec" -#~ msgid "unable to lock log file: %s" -#~ msgstr "impossível bloquear o diário: %s" - #~ msgid "sudo_ldap_conf_add_ports: port too large" #~ msgstr "sudo_ldap_conf_add_ports: porta muito grande" Binary files /tmp/tmpi0rdlgnl/ugezXHF7Xt/sudo-1.9.5p2/plugins/sudoers/po/pt_BR.mo and /tmp/tmpi0rdlgnl/jboyaHmwzR/sudo-1.9.9/plugins/sudoers/po/pt_BR.mo differ diff -Nru sudo-1.9.5p2/plugins/sudoers/po/pt_BR.po sudo-1.9.9/plugins/sudoers/po/pt_BR.po --- sudo-1.9.5p2/plugins/sudoers/po/pt_BR.po 2020-12-17 01:33:44.000000000 +0000 +++ sudo-1.9.9/plugins/sudoers/po/pt_BR.po 2022-01-27 21:24:06.000000000 +0000 @@ -1,15 +1,15 @@ # Brazilian Portuguese translation for sudoers plugin. # Traduções em português brasileiro para o pacote sudoers. -# Copyright (C) 2020 Free Software Foundation, Inc. +# Copyright (C) 2021 Free Software Foundation, Inc. # This file is distributed under the same license as the sudo package. -# Rafael Fontenelle , 2013-2020. +# Rafael Fontenelle , 2013-2021. # msgid "" msgstr "" -"Project-Id-Version: sudoers 1.9.4b1\n" +"Project-Id-Version: sudoers 1.9.8b2\n" "Report-Msgid-Bugs-To: https://bugzilla.sudo.ws\n" -"POT-Creation-Date: 2020-11-14 06:24-0700\n" -"PO-Revision-Date: 2020-11-23 08:55-0300\n" +"POT-Creation-Date: 2021-08-19 09:50-0600\n" +"PO-Revision-Date: 2021-08-22 10:47-0300\n" "Last-Translator: Rafael Fontenelle \n" "Language-Team: Brazilian Portuguese \n" "Language: pt_BR\n" @@ -17,10 +17,10 @@ "Content-Type: text/plain; charset=UTF-8\n" "Content-Transfer-Encoding: 8bit\n" "Plural-Forms: nplurals=2; plural=(n > 1)\n" -"X-Generator: Gtranslator 3.38.0\n" +"X-Generator: Gtranslator 40.0\n" "X-Bugs: Report translation errors to the Language-Team address.\n" -#: confstr.sh:1 gram.y:1077 +#: confstr.sh:1 gram.y:1191 msgid "syntax error" msgstr "erro de sintaxe" @@ -44,185 +44,236 @@ msgid "Sorry, try again." msgstr "Sinto muito, tente novamente." -#: gram.y:220 gram.y:286 gram.y:293 gram.y:300 gram.y:307 gram.y:314 -#: gram.y:334 gram.y:358 gram.y:365 gram.y:372 gram.y:379 gram.y:386 -#: gram.y:455 gram.y:464 gram.y:475 gram.y:510 gram.y:517 gram.y:524 -#: gram.y:531 gram.y:558 gram.y:654 gram.y:661 gram.y:670 gram.y:679 -#: gram.y:696 gram.y:834 gram.y:841 gram.y:849 gram.y:855 gram.y:971 -#: gram.y:978 gram.y:985 gram.y:992 gram.y:999 gram.y:1025 gram.y:1032 -#: gram.y:1039 gram.y:1236 gram.y:1526 lib/eventlog/eventlog.c:280 -#: lib/eventlog/eventlog.c:352 lib/eventlog/eventlog.c:753 -#: lib/eventlog/eventlog.c:817 lib/eventlog/eventlog.c:1062 -#: lib/iolog/iolog_fileio.c:998 lib/iolog/iolog_json.c:120 -#: lib/iolog/iolog_json.c:305 lib/iolog/iolog_json.c:335 -#: lib/iolog/iolog_json.c:457 lib/iolog/iolog_util.c:106 -#: lib/iolog/iolog_util.c:115 lib/iolog/iolog_util.c:125 -#: lib/iolog/iolog_util.c:133 lib/iolog/iolog_util.c:137 -#: lib/iolog/iolog_util.c:196 logsrvd/sendlog.c:480 -#: plugins/sudoers/alias.c:126 plugins/sudoers/alias.c:134 -#: plugins/sudoers/alias.c:153 plugins/sudoers/audit.c:115 -#: plugins/sudoers/audit.c:210 plugins/sudoers/auth/bsdauth.c:143 +#: gram.y:235 gram.y:302 gram.y:311 gram.y:320 gram.y:330 gram.y:340 +#: gram.y:364 gram.y:391 gram.y:400 gram.y:408 gram.y:417 gram.y:426 +#: gram.y:500 gram.y:510 gram.y:522 gram.y:566 gram.y:575 gram.y:584 +#: gram.y:593 gram.y:712 gram.y:720 gram.y:731 gram.y:743 gram.y:762 +#: gram.y:917 gram.y:922 gram.y:930 gram.y:940 gram.y:946 gram.y:1068 +#: gram.y:1077 gram.y:1085 gram.y:1094 gram.y:1103 gram.y:1132 gram.y:1141 +#: gram.y:1149 gram.y:1239 gram.y:1351 gram.y:1658 gram.y:1708 +#: lib/eventlog/eventlog.c:308 lib/eventlog/eventlog.c:381 +#: lib/eventlog/eventlog.c:783 lib/eventlog/eventlog.c:862 +#: lib/eventlog/eventlog.c:1146 lib/iolog/iolog_json.c:125 +#: lib/iolog/iolog_json.c:330 lib/iolog/iolog_json.c:360 +#: lib/iolog/iolog_json.c:503 lib/iolog/iolog_legacy.c:100 +#: lib/iolog/iolog_legacy.c:111 lib/iolog/iolog_legacy.c:123 +#: lib/iolog/iolog_legacy.c:133 lib/iolog/iolog_legacy.c:139 +#: lib/iolog/iolog_loginfo.c:76 lib/iolog/iolog_loginfo.c:210 +#: logsrvd/iolog_writer.c:85 logsrvd/iolog_writer.c:90 +#: logsrvd/iolog_writer.c:124 logsrvd/iolog_writer.c:172 +#: logsrvd/iolog_writer.c:212 logsrvd/iolog_writer.c:225 +#: logsrvd/iolog_writer.c:261 logsrvd/iolog_writer.c:286 +#: logsrvd/iolog_writer.c:301 logsrvd/iolog_writer.c:314 +#: logsrvd/iolog_writer.c:327 logsrvd/iolog_writer.c:340 +#: logsrvd/iolog_writer.c:355 logsrvd/iolog_writer.c:393 +#: logsrvd/iolog_writer.c:399 logsrvd/iolog_writer.c:406 +#: logsrvd/iolog_writer.c:412 logsrvd/iolog_writer.c:596 +#: logsrvd/logsrv_util.c:62 logsrvd/logsrvd.c:302 logsrvd/logsrvd.c:311 +#: logsrvd/logsrvd.c:1017 logsrvd/logsrvd.c:1079 logsrvd/logsrvd_conf.c:1361 +#: logsrvd/logsrvd_journal.c:71 logsrvd/logsrvd_journal.c:204 +#: logsrvd/logsrvd_journal.c:205 logsrvd/logsrvd_journal.c:261 +#: logsrvd/logsrvd_journal.c:426 logsrvd/logsrvd_journal.c:428 +#: logsrvd/logsrvd_local.c:173 logsrvd/logsrvd_local.c:174 +#: logsrvd/logsrvd_local.c:236 logsrvd/logsrvd_local.c:237 +#: logsrvd/logsrvd_local.c:317 logsrvd/logsrvd_local.c:318 +#: logsrvd/logsrvd_local.c:323 logsrvd/logsrvd_local.c:324 +#: logsrvd/logsrvd_queue.c:155 logsrvd/logsrvd_queue.c:185 +#: logsrvd/logsrvd_queue.c:262 logsrvd/logsrvd_relay.c:445 +#: logsrvd/logsrvd_relay.c:744 logsrvd/logsrvd_relay.c:846 +#: logsrvd/sendlog.c:302 logsrvd/sendlog.c:501 plugins/sudoers/audit.c:114 +#: plugins/sudoers/audit.c:271 plugins/sudoers/auth/bsdauth.c:143 #: plugins/sudoers/auth/kerb5.c:118 plugins/sudoers/auth/kerb5.c:144 -#: plugins/sudoers/auth/pam.c:669 plugins/sudoers/auth/rfc1938.c:111 -#: plugins/sudoers/auth/sia.c:59 plugins/sudoers/cvtsudoers.c:119 -#: plugins/sudoers/cvtsudoers.c:160 plugins/sudoers/cvtsudoers.c:177 -#: plugins/sudoers/cvtsudoers.c:188 plugins/sudoers/cvtsudoers.c:300 -#: plugins/sudoers/cvtsudoers.c:428 plugins/sudoers/cvtsudoers.c:561 -#: plugins/sudoers/cvtsudoers.c:578 plugins/sudoers/cvtsudoers.c:641 -#: plugins/sudoers/cvtsudoers.c:756 plugins/sudoers/cvtsudoers.c:764 -#: plugins/sudoers/cvtsudoers.c:1178 plugins/sudoers/cvtsudoers.c:1182 -#: plugins/sudoers/cvtsudoers.c:1284 plugins/sudoers/cvtsudoers_json.c:76 -#: plugins/sudoers/cvtsudoers_ldif.c:151 plugins/sudoers/cvtsudoers_ldif.c:194 -#: plugins/sudoers/cvtsudoers_ldif.c:235 plugins/sudoers/cvtsudoers_ldif.c:300 -#: plugins/sudoers/cvtsudoers_ldif.c:371 plugins/sudoers/cvtsudoers_ldif.c:421 -#: plugins/sudoers/cvtsudoers_ldif.c:429 plugins/sudoers/cvtsudoers_ldif.c:440 -#: plugins/sudoers/cvtsudoers_ldif.c:447 plugins/sudoers/cvtsudoers_ldif.c:460 -#: plugins/sudoers/cvtsudoers_ldif.c:468 plugins/sudoers/cvtsudoers_ldif.c:615 -#: plugins/sudoers/defaults.c:630 plugins/sudoers/defaults.c:923 -#: plugins/sudoers/defaults.c:1098 plugins/sudoers/editor.c:181 -#: plugins/sudoers/env.c:261 plugins/sudoers/exptilde.c:92 -#: plugins/sudoers/filedigest.c:54 plugins/sudoers/filedigest.c:70 -#: plugins/sudoers/gc.c:56 plugins/sudoers/group_plugin.c:133 -#: plugins/sudoers/interfaces.c:72 plugins/sudoers/iolog.c:596 -#: plugins/sudoers/iolog.c:613 plugins/sudoers/ldap.c:184 -#: plugins/sudoers/ldap.c:422 plugins/sudoers/ldap.c:432 -#: plugins/sudoers/ldap.c:437 plugins/sudoers/ldap.c:441 -#: plugins/sudoers/ldap.c:453 plugins/sudoers/ldap.c:744 -#: plugins/sudoers/ldap.c:908 plugins/sudoers/ldap.c:1281 -#: plugins/sudoers/ldap.c:1709 plugins/sudoers/ldap.c:1746 -#: plugins/sudoers/ldap.c:1827 plugins/sudoers/ldap.c:1962 -#: plugins/sudoers/ldap.c:2063 plugins/sudoers/ldap.c:2079 -#: plugins/sudoers/ldap_conf.c:218 plugins/sudoers/ldap_conf.c:249 -#: plugins/sudoers/ldap_conf.c:301 plugins/sudoers/ldap_conf.c:337 -#: plugins/sudoers/ldap_conf.c:441 plugins/sudoers/ldap_conf.c:456 -#: plugins/sudoers/ldap_conf.c:553 plugins/sudoers/ldap_conf.c:586 -#: plugins/sudoers/ldap_conf.c:678 plugins/sudoers/ldap_conf.c:760 -#: plugins/sudoers/ldap_util.c:326 plugins/sudoers/ldap_util.c:333 -#: plugins/sudoers/ldap_util.c:603 plugins/sudoers/linux_audit.c:84 -#: plugins/sudoers/log_client.c:105 plugins/sudoers/log_client.c:381 -#: plugins/sudoers/log_client.c:688 plugins/sudoers/log_client.c:706 -#: plugins/sudoers/log_client.c:1407 plugins/sudoers/log_client.c:1620 -#: plugins/sudoers/log_client.c:1942 plugins/sudoers/log_client.c:1999 -#: plugins/sudoers/logging.c:100 plugins/sudoers/logging.c:166 -#: plugins/sudoers/logging.c:426 plugins/sudoers/logging.c:446 -#: plugins/sudoers/logging.c:527 plugins/sudoers/match_command.c:281 -#: plugins/sudoers/match_command.c:449 plugins/sudoers/match_command.c:499 -#: plugins/sudoers/match_command.c:573 plugins/sudoers/match_digest.c:93 -#: plugins/sudoers/parse.c:199 plugins/sudoers/parse.c:213 -#: plugins/sudoers/parse.c:230 plugins/sudoers/parse.c:244 -#: plugins/sudoers/parse.c:264 plugins/sudoers/parse.c:275 +#: plugins/sudoers/auth/pam.c:691 plugins/sudoers/auth/rfc1938.c:111 +#: plugins/sudoers/auth/sia.c:59 plugins/sudoers/check_aliases.c:95 +#: plugins/sudoers/cvtsudoers.c:119 plugins/sudoers/cvtsudoers.c:160 +#: plugins/sudoers/cvtsudoers.c:177 plugins/sudoers/cvtsudoers.c:188 +#: plugins/sudoers/cvtsudoers.c:300 plugins/sudoers/cvtsudoers.c:428 +#: plugins/sudoers/cvtsudoers.c:561 plugins/sudoers/cvtsudoers.c:578 +#: plugins/sudoers/cvtsudoers.c:646 plugins/sudoers/cvtsudoers.c:761 +#: plugins/sudoers/cvtsudoers.c:769 plugins/sudoers/cvtsudoers.c:1183 +#: plugins/sudoers/cvtsudoers.c:1187 plugins/sudoers/cvtsudoers.c:1289 +#: plugins/sudoers/cvtsudoers_json.c:76 plugins/sudoers/cvtsudoers_ldif.c:151 +#: plugins/sudoers/cvtsudoers_ldif.c:194 plugins/sudoers/cvtsudoers_ldif.c:235 +#: plugins/sudoers/cvtsudoers_ldif.c:300 plugins/sudoers/cvtsudoers_ldif.c:371 +#: plugins/sudoers/cvtsudoers_ldif.c:425 plugins/sudoers/cvtsudoers_ldif.c:433 +#: plugins/sudoers/cvtsudoers_ldif.c:444 plugins/sudoers/cvtsudoers_ldif.c:451 +#: plugins/sudoers/cvtsudoers_ldif.c:464 plugins/sudoers/cvtsudoers_ldif.c:472 +#: plugins/sudoers/cvtsudoers_ldif.c:619 plugins/sudoers/defaults.c:652 +#: plugins/sudoers/defaults.c:947 plugins/sudoers/defaults.c:1122 +#: plugins/sudoers/editor.c:190 plugins/sudoers/env.c:262 +#: plugins/sudoers/exptilde.c:92 plugins/sudoers/filedigest.c:54 +#: plugins/sudoers/filedigest.c:70 plugins/sudoers/gc.c:57 +#: plugins/sudoers/group_plugin.c:133 plugins/sudoers/interfaces.c:68 +#: plugins/sudoers/iolog.c:606 plugins/sudoers/iolog.c:623 +#: plugins/sudoers/ldap.c:184 plugins/sudoers/ldap.c:422 +#: plugins/sudoers/ldap.c:432 plugins/sudoers/ldap.c:437 +#: plugins/sudoers/ldap.c:441 plugins/sudoers/ldap.c:453 +#: plugins/sudoers/ldap.c:744 plugins/sudoers/ldap.c:908 +#: plugins/sudoers/ldap.c:1281 plugins/sudoers/ldap.c:1709 +#: plugins/sudoers/ldap.c:1746 plugins/sudoers/ldap.c:1827 +#: plugins/sudoers/ldap.c:1962 plugins/sudoers/ldap.c:2063 +#: plugins/sudoers/ldap.c:2079 plugins/sudoers/ldap_conf.c:218 +#: plugins/sudoers/ldap_conf.c:249 plugins/sudoers/ldap_conf.c:301 +#: plugins/sudoers/ldap_conf.c:337 plugins/sudoers/ldap_conf.c:441 +#: plugins/sudoers/ldap_conf.c:456 plugins/sudoers/ldap_conf.c:553 +#: plugins/sudoers/ldap_conf.c:586 plugins/sudoers/ldap_conf.c:678 +#: plugins/sudoers/ldap_conf.c:760 plugins/sudoers/ldap_util.c:293 +#: plugins/sudoers/ldap_util.c:300 plugins/sudoers/ldap_util.c:615 +#: plugins/sudoers/linux_audit.c:86 plugins/sudoers/log_client.c:108 +#: plugins/sudoers/log_client.c:386 plugins/sudoers/log_client.c:699 +#: plugins/sudoers/log_client.c:720 plugins/sudoers/log_client.c:1440 +#: plugins/sudoers/log_client.c:1656 plugins/sudoers/log_client.c:1980 +#: plugins/sudoers/log_client.c:2037 plugins/sudoers/logging.c:101 +#: plugins/sudoers/logging.c:181 plugins/sudoers/logging.c:465 +#: plugins/sudoers/logging.c:485 plugins/sudoers/logging.c:627 +#: plugins/sudoers/match_command.c:297 plugins/sudoers/match_command.c:497 +#: plugins/sudoers/match_command.c:546 plugins/sudoers/match_command.c:618 +#: plugins/sudoers/match_command.c:666 plugins/sudoers/match_digest.c:93 +#: plugins/sudoers/parse.c:201 plugins/sudoers/parse.c:218 +#: plugins/sudoers/parse.c:238 plugins/sudoers/parse.c:255 +#: plugins/sudoers/parse.c:278 plugins/sudoers/parse.c:289 #: plugins/sudoers/parse_ldif.c:153 plugins/sudoers/parse_ldif.c:184 #: plugins/sudoers/parse_ldif.c:253 plugins/sudoers/parse_ldif.c:260 #: plugins/sudoers/parse_ldif.c:265 plugins/sudoers/parse_ldif.c:341 #: plugins/sudoers/parse_ldif.c:352 plugins/sudoers/parse_ldif.c:379 #: plugins/sudoers/parse_ldif.c:396 plugins/sudoers/parse_ldif.c:408 #: plugins/sudoers/parse_ldif.c:412 plugins/sudoers/parse_ldif.c:426 -#: plugins/sudoers/parse_ldif.c:594 plugins/sudoers/parse_ldif.c:624 -#: plugins/sudoers/parse_ldif.c:649 plugins/sudoers/parse_ldif.c:707 -#: plugins/sudoers/parse_ldif.c:724 plugins/sudoers/parse_ldif.c:752 -#: plugins/sudoers/parse_ldif.c:759 plugins/sudoers/policy.c:526 -#: plugins/sudoers/policy.c:874 plugins/sudoers/prompt.c:93 -#: plugins/sudoers/pwutil.c:194 plugins/sudoers/pwutil.c:265 -#: plugins/sudoers/pwutil.c:343 plugins/sudoers/pwutil.c:517 -#: plugins/sudoers/pwutil.c:581 plugins/sudoers/pwutil.c:652 -#: plugins/sudoers/pwutil.c:811 plugins/sudoers/pwutil.c:867 -#: plugins/sudoers/pwutil.c:911 plugins/sudoers/pwutil.c:968 -#: plugins/sudoers/sssd.c:145 plugins/sudoers/sssd.c:407 -#: plugins/sudoers/sssd.c:470 plugins/sudoers/sssd.c:514 -#: plugins/sudoers/sssd.c:561 plugins/sudoers/sssd.c:754 -#: plugins/sudoers/stubs.c:110 plugins/sudoers/stubs.c:118 -#: plugins/sudoers/sudoers.c:300 plugins/sudoers/sudoers.c:326 -#: plugins/sudoers/sudoers.c:370 plugins/sudoers/sudoers.c:381 -#: plugins/sudoers/sudoers.c:391 plugins/sudoers/sudoers.c:433 -#: plugins/sudoers/sudoers.c:794 plugins/sudoers/sudoers.c:927 -#: plugins/sudoers/sudoers.c:961 plugins/sudoers/sudoers.c:1265 -#: plugins/sudoers/sudoreplay.c:552 plugins/sudoers/sudoreplay.c:555 -#: plugins/sudoers/sudoreplay.c:1259 plugins/sudoers/sudoreplay.c:1469 -#: plugins/sudoers/sudoreplay.c:1473 plugins/sudoers/testsudoers.c:128 -#: plugins/sudoers/testsudoers.c:228 plugins/sudoers/testsudoers.c:245 -#: plugins/sudoers/testsudoers.c:587 plugins/sudoers/timestamp.c:432 -#: plugins/sudoers/timestamp.c:476 plugins/sudoers/timestamp.c:986 -#: plugins/sudoers/toke_util.c:51 plugins/sudoers/toke_util.c:104 -#: plugins/sudoers/toke_util.c:129 plugins/sudoers/toke_util.c:157 -#: plugins/sudoers/tsdump.c:123 plugins/sudoers/visudo.c:145 -#: plugins/sudoers/visudo.c:323 plugins/sudoers/visudo.c:329 -#: plugins/sudoers/visudo.c:439 plugins/sudoers/visudo.c:615 -#: plugins/sudoers/visudo.c:935 plugins/sudoers/visudo.c:1008 -#: plugins/sudoers/visudo.c:1129 toke.l:913 toke.l:1033 toke.l:1091 +#: plugins/sudoers/parse_ldif.c:483 plugins/sudoers/parse_ldif.c:596 +#: plugins/sudoers/parse_ldif.c:626 plugins/sudoers/parse_ldif.c:651 +#: plugins/sudoers/parse_ldif.c:709 plugins/sudoers/parse_ldif.c:726 +#: plugins/sudoers/parse_ldif.c:754 plugins/sudoers/parse_ldif.c:761 +#: plugins/sudoers/policy.c:556 plugins/sudoers/policy.c:923 +#: plugins/sudoers/prompt.c:93 plugins/sudoers/pwutil.c:195 +#: plugins/sudoers/pwutil.c:266 plugins/sudoers/pwutil.c:344 +#: plugins/sudoers/pwutil.c:518 plugins/sudoers/pwutil.c:583 +#: plugins/sudoers/pwutil.c:655 plugins/sudoers/pwutil.c:853 +#: plugins/sudoers/pwutil.c:909 plugins/sudoers/pwutil.c:953 +#: plugins/sudoers/pwutil.c:1010 plugins/sudoers/sssd.c:145 +#: plugins/sudoers/sssd.c:407 plugins/sudoers/sssd.c:470 +#: plugins/sudoers/sssd.c:514 plugins/sudoers/sssd.c:561 +#: plugins/sudoers/sssd.c:754 plugins/sudoers/strvec_join.c:53 +#: plugins/sudoers/stubs.c:111 plugins/sudoers/stubs.c:119 +#: plugins/sudoers/sudoers.c:335 plugins/sudoers/sudoers.c:361 +#: plugins/sudoers/sudoers.c:429 plugins/sudoers/sudoers.c:438 +#: plugins/sudoers/sudoers.c:479 plugins/sudoers/sudoers.c:833 +#: plugins/sudoers/sudoers.c:971 plugins/sudoers/sudoers.c:1030 +#: plugins/sudoers/sudoers.c:1296 plugins/sudoers/sudoreplay.c:562 +#: plugins/sudoers/sudoreplay.c:565 plugins/sudoers/sudoreplay.c:1280 +#: plugins/sudoers/sudoreplay.c:1490 plugins/sudoers/sudoreplay.c:1494 +#: plugins/sudoers/testsudoers.c:120 plugins/sudoers/testsudoers.c:224 +#: plugins/sudoers/testsudoers.c:241 plugins/sudoers/testsudoers.c:580 +#: plugins/sudoers/timestamp.c:424 plugins/sudoers/timestamp.c:468 +#: plugins/sudoers/timestamp.c:980 plugins/sudoers/timestamp.c:1118 +#: plugins/sudoers/toke_util.c:77 plugins/sudoers/toke_util.c:105 +#: plugins/sudoers/toke_util.c:130 plugins/sudoers/toke_util.c:155 +#: plugins/sudoers/toke_util.c:193 plugins/sudoers/tsdump.c:123 +#: plugins/sudoers/visudo.c:143 plugins/sudoers/visudo.c:321 +#: plugins/sudoers/visudo.c:327 plugins/sudoers/visudo.c:433 +#: plugins/sudoers/visudo.c:609 plugins/sudoers/visudo.c:926 +#: plugins/sudoers/visudo.c:999 toke.l:938 toke.l:1067 toke.l:1127 msgid "unable to allocate memory" msgstr "não foi possível alocar memória" -#: gram.y:552 +#: gram.y:617 msgid "a digest requires a path name" msgstr "um digest requer um nome de caminho" -#: gram.y:581 +#: gram.y:639 msgid "values for \"CWD\" must start with a '/', '~', or '*'" msgstr "valores para \"CWD\" devem iniciar com um \"/\", \"~\" ou \"*\"" -#: gram.y:593 +#: gram.y:651 msgid "values for \"CHROOT\" must start with a '/', '~', or '*'" msgstr "valores para \"CHROOT\" devem iniciar com um \"/\", \"~\" ou \"*\"" -#: gram.y:715 +#: gram.y:782 #, c-format msgid "syntax error, reserved word %s used as an alias name" msgstr "erro de sintaxe, palavra reservada %s usada como um nome de alias" -#: gram.y:735 +#: gram.y:805 msgid "invalid notbefore value" msgstr "valor de notbefore inválido" -#: gram.y:743 +#: gram.y:814 msgid "invalid notafter value" msgstr "falha de notafter inválido" -#: gram.y:752 plugins/sudoers/policy.c:335 +#: gram.y:824 plugins/sudoers/policy.c:345 msgid "timeout value too large" msgstr "valor de timeout grande demais" -#: gram.y:754 plugins/sudoers/policy.c:337 +#: gram.y:826 plugins/sudoers/policy.c:347 msgid "invalid timeout value" msgstr "valor de timeout inválido" -#: gram.y:1079 +#: gram.y:1193 #, c-format msgid "%s:%d:%d: %s\n" msgstr "%s:%d:%d: %s\n" -#: gram.y:1526 lib/eventlog/eventlog.c:280 lib/eventlog/eventlog.c:753 -#: lib/eventlog/eventlog.c:815 lib/eventlog/eventlog.c:816 -#: lib/eventlog/eventlog.c:1062 lib/iolog/iolog_fileio.c:998 -#: lib/iolog/iolog_json.c:120 lib/iolog/iolog_json.c:304 -#: lib/iolog/iolog_json.c:335 lib/iolog/iolog_json.c:457 -#: lib/iolog/iolog_json.c:735 lib/iolog/iolog_util.c:106 -#: lib/iolog/iolog_util.c:115 lib/iolog/iolog_util.c:125 -#: lib/iolog/iolog_util.c:133 lib/iolog/iolog_util.c:137 -#: lib/iolog/iolog_util.c:196 logsrvd/logsrvd.c:1280 logsrvd/logsrvd.c:1293 -#: logsrvd/logsrvd.c:1338 logsrvd/sendlog.c:480 logsrvd/sendlog.c:1321 -#: logsrvd/sendlog.c:1328 logsrvd/sendlog.c:1746 plugins/sudoers/audit.c:115 -#: plugins/sudoers/audit.c:210 plugins/sudoers/auth/pam.c:482 -#: plugins/sudoers/auth/pam.c:669 plugins/sudoers/auth/rfc1938.c:111 +#: gram.y:1237 +#, c-format +msgid "Alias \"%s\" already defined" +msgstr "Alias \"%s\" já definido" + +#: gram.y:1658 gram.y:1708 lib/eventlog/eventlog.c:308 +#: lib/eventlog/eventlog.c:783 lib/eventlog/eventlog.c:858 +#: lib/eventlog/eventlog.c:861 lib/eventlog/eventlog.c:1146 +#: lib/iolog/iolog_json.c:125 lib/iolog/iolog_json.c:329 +#: lib/iolog/iolog_json.c:360 lib/iolog/iolog_json.c:503 +#: lib/iolog/iolog_legacy.c:100 lib/iolog/iolog_legacy.c:111 +#: lib/iolog/iolog_legacy.c:123 lib/iolog/iolog_legacy.c:133 +#: lib/iolog/iolog_legacy.c:139 lib/iolog/iolog_loginfo.c:76 +#: lib/iolog/iolog_loginfo.c:210 logsrvd/iolog_writer.c:85 +#: logsrvd/iolog_writer.c:90 logsrvd/iolog_writer.c:124 +#: logsrvd/iolog_writer.c:162 logsrvd/iolog_writer.c:171 +#: logsrvd/iolog_writer.c:189 logsrvd/iolog_writer.c:211 +#: logsrvd/iolog_writer.c:224 logsrvd/iolog_writer.c:251 +#: logsrvd/iolog_writer.c:260 logsrvd/iolog_writer.c:276 +#: logsrvd/iolog_writer.c:285 logsrvd/iolog_writer.c:300 +#: logsrvd/iolog_writer.c:313 logsrvd/iolog_writer.c:326 +#: logsrvd/iolog_writer.c:339 logsrvd/iolog_writer.c:354 +#: logsrvd/iolog_writer.c:393 logsrvd/iolog_writer.c:399 +#: logsrvd/iolog_writer.c:406 logsrvd/iolog_writer.c:412 +#: logsrvd/iolog_writer.c:596 logsrvd/logsrv_util.c:62 logsrvd/logsrvd.c:302 +#: logsrvd/logsrvd.c:311 logsrvd/logsrvd.c:454 logsrvd/logsrvd.c:491 +#: logsrvd/logsrvd.c:599 logsrvd/logsrvd.c:1090 logsrvd/logsrvd.c:1402 +#: logsrvd/logsrvd.c:1408 logsrvd/logsrvd_conf.c:1361 +#: logsrvd/logsrvd_journal.c:71 logsrvd/logsrvd_journal.c:115 +#: logsrvd/logsrvd_journal.c:204 logsrvd/logsrvd_journal.c:234 +#: logsrvd/logsrvd_journal.c:238 logsrvd/logsrvd_journal.c:246 +#: logsrvd/logsrvd_journal.c:269 logsrvd/logsrvd_journal.c:273 +#: logsrvd/logsrvd_journal.c:426 logsrvd/logsrvd_local.c:173 +#: logsrvd/logsrvd_local.c:236 logsrvd/logsrvd_local.c:317 +#: logsrvd/logsrvd_local.c:323 logsrvd/logsrvd_local.c:342 +#: logsrvd/logsrvd_queue.c:154 logsrvd/logsrvd_queue.c:185 +#: logsrvd/logsrvd_queue.c:262 logsrvd/sendlog.c:302 logsrvd/sendlog.c:501 +#: logsrvd/sendlog.c:1353 logsrvd/sendlog.c:1360 logsrvd/sendlog.c:1563 +#: logsrvd/tls_init.c:218 logsrvd/tls_init.c:239 logsrvd/tls_init.c:249 +#: plugins/sudoers/audit.c:114 plugins/sudoers/audit.c:271 +#: plugins/sudoers/auth/pam.c:505 plugins/sudoers/auth/pam.c:691 +#: plugins/sudoers/auth/rfc1938.c:111 plugins/sudoers/check_aliases.c:95 #: plugins/sudoers/cvtsudoers.c:119 plugins/sudoers/cvtsudoers.c:159 #: plugins/sudoers/cvtsudoers.c:176 plugins/sudoers/cvtsudoers.c:187 #: plugins/sudoers/cvtsudoers.c:299 plugins/sudoers/cvtsudoers.c:427 #: plugins/sudoers/cvtsudoers.c:560 plugins/sudoers/cvtsudoers.c:577 -#: plugins/sudoers/cvtsudoers.c:641 plugins/sudoers/cvtsudoers.c:756 -#: plugins/sudoers/cvtsudoers.c:763 plugins/sudoers/cvtsudoers.c:1178 -#: plugins/sudoers/cvtsudoers.c:1182 plugins/sudoers/cvtsudoers.c:1284 +#: plugins/sudoers/cvtsudoers.c:646 plugins/sudoers/cvtsudoers.c:761 +#: plugins/sudoers/cvtsudoers.c:768 plugins/sudoers/cvtsudoers.c:1183 +#: plugins/sudoers/cvtsudoers.c:1187 plugins/sudoers/cvtsudoers.c:1289 #: plugins/sudoers/cvtsudoers_json.c:75 plugins/sudoers/cvtsudoers_ldif.c:150 #: plugins/sudoers/cvtsudoers_ldif.c:193 plugins/sudoers/cvtsudoers_ldif.c:234 #: plugins/sudoers/cvtsudoers_ldif.c:299 plugins/sudoers/cvtsudoers_ldif.c:370 -#: plugins/sudoers/cvtsudoers_ldif.c:420 plugins/sudoers/cvtsudoers_ldif.c:428 -#: plugins/sudoers/cvtsudoers_ldif.c:439 plugins/sudoers/cvtsudoers_ldif.c:446 -#: plugins/sudoers/cvtsudoers_ldif.c:459 plugins/sudoers/cvtsudoers_ldif.c:467 -#: plugins/sudoers/cvtsudoers_ldif.c:614 plugins/sudoers/defaults.c:630 -#: plugins/sudoers/defaults.c:923 plugins/sudoers/defaults.c:1098 -#: plugins/sudoers/editor.c:181 plugins/sudoers/env.c:261 +#: plugins/sudoers/cvtsudoers_ldif.c:424 plugins/sudoers/cvtsudoers_ldif.c:432 +#: plugins/sudoers/cvtsudoers_ldif.c:443 plugins/sudoers/cvtsudoers_ldif.c:450 +#: plugins/sudoers/cvtsudoers_ldif.c:463 plugins/sudoers/cvtsudoers_ldif.c:471 +#: plugins/sudoers/cvtsudoers_ldif.c:618 plugins/sudoers/defaults.c:652 +#: plugins/sudoers/defaults.c:947 plugins/sudoers/defaults.c:1122 +#: plugins/sudoers/editor.c:190 plugins/sudoers/env.c:262 #: plugins/sudoers/exptilde.c:92 plugins/sudoers/filedigest.c:54 -#: plugins/sudoers/filedigest.c:70 plugins/sudoers/gc.c:56 -#: plugins/sudoers/group_plugin.c:132 plugins/sudoers/interfaces.c:72 -#: plugins/sudoers/iolog.c:596 plugins/sudoers/iolog.c:613 +#: plugins/sudoers/filedigest.c:70 plugins/sudoers/gc.c:57 +#: plugins/sudoers/group_plugin.c:132 plugins/sudoers/interfaces.c:68 +#: plugins/sudoers/iolog.c:606 plugins/sudoers/iolog.c:623 #: plugins/sudoers/ldap.c:184 plugins/sudoers/ldap.c:422 #: plugins/sudoers/ldap.c:432 plugins/sudoers/ldap.c:437 #: plugins/sudoers/ldap.c:441 plugins/sudoers/ldap.c:453 @@ -235,682 +286,1021 @@ #: plugins/sudoers/ldap_conf.c:337 plugins/sudoers/ldap_conf.c:441 #: plugins/sudoers/ldap_conf.c:456 plugins/sudoers/ldap_conf.c:553 #: plugins/sudoers/ldap_conf.c:586 plugins/sudoers/ldap_conf.c:677 -#: plugins/sudoers/ldap_conf.c:760 plugins/sudoers/ldap_util.c:325 -#: plugins/sudoers/ldap_util.c:332 plugins/sudoers/ldap_util.c:603 -#: plugins/sudoers/linux_audit.c:84 plugins/sudoers/log_client.c:105 -#: plugins/sudoers/log_client.c:214 plugins/sudoers/log_client.c:235 -#: plugins/sudoers/log_client.c:248 plugins/sudoers/log_client.c:381 -#: plugins/sudoers/log_client.c:688 plugins/sudoers/log_client.c:706 -#: plugins/sudoers/log_client.c:1407 plugins/sudoers/log_client.c:1620 -#: plugins/sudoers/log_client.c:1942 plugins/sudoers/log_client.c:1999 -#: plugins/sudoers/logging.c:100 plugins/sudoers/logging.c:165 -#: plugins/sudoers/logging.c:166 plugins/sudoers/logging.c:425 -#: plugins/sudoers/logging.c:445 plugins/sudoers/logging.c:527 -#: plugins/sudoers/match_command.c:280 plugins/sudoers/match_command.c:448 -#: plugins/sudoers/match_command.c:498 plugins/sudoers/match_command.c:573 -#: plugins/sudoers/match_digest.c:93 plugins/sudoers/parse.c:198 -#: plugins/sudoers/parse.c:212 plugins/sudoers/parse.c:229 -#: plugins/sudoers/parse.c:243 plugins/sudoers/parse.c:263 -#: plugins/sudoers/parse.c:274 plugins/sudoers/parse_ldif.c:152 -#: plugins/sudoers/parse_ldif.c:183 plugins/sudoers/parse_ldif.c:252 -#: plugins/sudoers/parse_ldif.c:259 plugins/sudoers/parse_ldif.c:264 -#: plugins/sudoers/parse_ldif.c:340 plugins/sudoers/parse_ldif.c:351 -#: plugins/sudoers/parse_ldif.c:378 plugins/sudoers/parse_ldif.c:395 -#: plugins/sudoers/parse_ldif.c:407 plugins/sudoers/parse_ldif.c:411 -#: plugins/sudoers/parse_ldif.c:425 plugins/sudoers/parse_ldif.c:594 -#: plugins/sudoers/parse_ldif.c:623 plugins/sudoers/parse_ldif.c:648 -#: plugins/sudoers/parse_ldif.c:706 plugins/sudoers/parse_ldif.c:723 -#: plugins/sudoers/parse_ldif.c:751 plugins/sudoers/parse_ldif.c:758 -#: plugins/sudoers/policy.c:139 plugins/sudoers/policy.c:148 -#: plugins/sudoers/policy.c:157 plugins/sudoers/policy.c:183 -#: plugins/sudoers/policy.c:320 plugins/sudoers/policy.c:335 -#: plugins/sudoers/policy.c:337 plugins/sudoers/policy.c:366 -#: plugins/sudoers/policy.c:375 plugins/sudoers/policy.c:418 -#: plugins/sudoers/policy.c:428 plugins/sudoers/policy.c:437 -#: plugins/sudoers/policy.c:446 plugins/sudoers/policy.c:526 -#: plugins/sudoers/policy.c:874 plugins/sudoers/prompt.c:93 -#: plugins/sudoers/pwutil.c:194 plugins/sudoers/pwutil.c:265 -#: plugins/sudoers/pwutil.c:343 plugins/sudoers/pwutil.c:517 -#: plugins/sudoers/pwutil.c:581 plugins/sudoers/pwutil.c:652 -#: plugins/sudoers/pwutil.c:811 plugins/sudoers/pwutil.c:867 -#: plugins/sudoers/pwutil.c:911 plugins/sudoers/pwutil.c:968 -#: plugins/sudoers/set_perms.c:359 plugins/sudoers/set_perms.c:698 -#: plugins/sudoers/set_perms.c:1061 plugins/sudoers/set_perms.c:1364 -#: plugins/sudoers/set_perms.c:1529 plugins/sudoers/sssd.c:144 +#: plugins/sudoers/ldap_conf.c:760 plugins/sudoers/ldap_util.c:292 +#: plugins/sudoers/ldap_util.c:299 plugins/sudoers/ldap_util.c:615 +#: plugins/sudoers/linux_audit.c:86 plugins/sudoers/log_client.c:108 +#: plugins/sudoers/log_client.c:217 plugins/sudoers/log_client.c:238 +#: plugins/sudoers/log_client.c:251 plugins/sudoers/log_client.c:386 +#: plugins/sudoers/log_client.c:699 plugins/sudoers/log_client.c:720 +#: plugins/sudoers/log_client.c:1440 plugins/sudoers/log_client.c:1656 +#: plugins/sudoers/log_client.c:1980 plugins/sudoers/log_client.c:2037 +#: plugins/sudoers/logging.c:101 plugins/sudoers/logging.c:180 +#: plugins/sudoers/logging.c:181 plugins/sudoers/logging.c:464 +#: plugins/sudoers/logging.c:484 plugins/sudoers/logging.c:627 +#: plugins/sudoers/match_command.c:296 plugins/sudoers/match_command.c:496 +#: plugins/sudoers/match_command.c:545 plugins/sudoers/match_command.c:618 +#: plugins/sudoers/match_command.c:665 plugins/sudoers/match_digest.c:93 +#: plugins/sudoers/parse.c:200 plugins/sudoers/parse.c:217 +#: plugins/sudoers/parse.c:237 plugins/sudoers/parse.c:254 +#: plugins/sudoers/parse.c:277 plugins/sudoers/parse.c:288 +#: plugins/sudoers/parse_ldif.c:152 plugins/sudoers/parse_ldif.c:183 +#: plugins/sudoers/parse_ldif.c:252 plugins/sudoers/parse_ldif.c:259 +#: plugins/sudoers/parse_ldif.c:264 plugins/sudoers/parse_ldif.c:340 +#: plugins/sudoers/parse_ldif.c:351 plugins/sudoers/parse_ldif.c:378 +#: plugins/sudoers/parse_ldif.c:395 plugins/sudoers/parse_ldif.c:407 +#: plugins/sudoers/parse_ldif.c:411 plugins/sudoers/parse_ldif.c:425 +#: plugins/sudoers/parse_ldif.c:483 plugins/sudoers/parse_ldif.c:596 +#: plugins/sudoers/parse_ldif.c:625 plugins/sudoers/parse_ldif.c:650 +#: plugins/sudoers/parse_ldif.c:708 plugins/sudoers/parse_ldif.c:725 +#: plugins/sudoers/parse_ldif.c:753 plugins/sudoers/parse_ldif.c:760 +#: plugins/sudoers/policy.c:152 plugins/sudoers/policy.c:161 +#: plugins/sudoers/policy.c:170 plugins/sudoers/policy.c:197 +#: plugins/sudoers/policy.c:330 plugins/sudoers/policy.c:345 +#: plugins/sudoers/policy.c:347 plugins/sudoers/policy.c:377 +#: plugins/sudoers/policy.c:386 plugins/sudoers/policy.c:434 +#: plugins/sudoers/policy.c:444 plugins/sudoers/policy.c:453 +#: plugins/sudoers/policy.c:462 plugins/sudoers/policy.c:556 +#: plugins/sudoers/policy.c:923 plugins/sudoers/prompt.c:93 +#: plugins/sudoers/pwutil.c:195 plugins/sudoers/pwutil.c:266 +#: plugins/sudoers/pwutil.c:344 plugins/sudoers/pwutil.c:518 +#: plugins/sudoers/pwutil.c:583 plugins/sudoers/pwutil.c:655 +#: plugins/sudoers/pwutil.c:853 plugins/sudoers/pwutil.c:909 +#: plugins/sudoers/pwutil.c:953 plugins/sudoers/pwutil.c:1010 +#: plugins/sudoers/set_perms.c:363 plugins/sudoers/set_perms.c:706 +#: plugins/sudoers/set_perms.c:1073 plugins/sudoers/set_perms.c:1380 +#: plugins/sudoers/set_perms.c:1549 plugins/sudoers/sssd.c:144 #: plugins/sudoers/sssd.c:407 plugins/sudoers/sssd.c:470 #: plugins/sudoers/sssd.c:514 plugins/sudoers/sssd.c:561 -#: plugins/sudoers/sssd.c:754 plugins/sudoers/stubs.c:110 -#: plugins/sudoers/stubs.c:118 plugins/sudoers/sudoers.c:300 -#: plugins/sudoers/sudoers.c:326 plugins/sudoers/sudoers.c:370 -#: plugins/sudoers/sudoers.c:381 plugins/sudoers/sudoers.c:391 -#: plugins/sudoers/sudoers.c:433 plugins/sudoers/sudoers.c:794 -#: plugins/sudoers/sudoers.c:927 plugins/sudoers/sudoers.c:961 -#: plugins/sudoers/sudoers.c:1265 plugins/sudoers/sudoreplay.c:552 -#: plugins/sudoers/sudoreplay.c:555 plugins/sudoers/sudoreplay.c:1259 -#: plugins/sudoers/sudoreplay.c:1469 plugins/sudoers/sudoreplay.c:1473 -#: plugins/sudoers/testsudoers.c:128 plugins/sudoers/testsudoers.c:228 -#: plugins/sudoers/testsudoers.c:245 plugins/sudoers/testsudoers.c:587 -#: plugins/sudoers/timestamp.c:432 plugins/sudoers/timestamp.c:476 -#: plugins/sudoers/timestamp.c:986 plugins/sudoers/toke_util.c:51 -#: plugins/sudoers/toke_util.c:104 plugins/sudoers/toke_util.c:128 -#: plugins/sudoers/toke_util.c:157 plugins/sudoers/tsdump.c:123 -#: plugins/sudoers/visudo.c:145 plugins/sudoers/visudo.c:323 -#: plugins/sudoers/visudo.c:329 plugins/sudoers/visudo.c:439 -#: plugins/sudoers/visudo.c:615 plugins/sudoers/visudo.c:935 -#: plugins/sudoers/visudo.c:1008 plugins/sudoers/visudo.c:1129 toke.l:913 -#: toke.l:1033 toke.l:1091 +#: plugins/sudoers/sssd.c:754 plugins/sudoers/strvec_join.c:53 +#: plugins/sudoers/stubs.c:111 plugins/sudoers/stubs.c:119 +#: plugins/sudoers/sudoers.c:335 plugins/sudoers/sudoers.c:361 +#: plugins/sudoers/sudoers.c:429 plugins/sudoers/sudoers.c:438 +#: plugins/sudoers/sudoers.c:479 plugins/sudoers/sudoers.c:833 +#: plugins/sudoers/sudoers.c:971 plugins/sudoers/sudoers.c:1030 +#: plugins/sudoers/sudoers.c:1296 plugins/sudoers/sudoreplay.c:562 +#: plugins/sudoers/sudoreplay.c:565 plugins/sudoers/sudoreplay.c:1280 +#: plugins/sudoers/sudoreplay.c:1490 plugins/sudoers/sudoreplay.c:1494 +#: plugins/sudoers/testsudoers.c:120 plugins/sudoers/testsudoers.c:224 +#: plugins/sudoers/testsudoers.c:241 plugins/sudoers/testsudoers.c:580 +#: plugins/sudoers/timestamp.c:424 plugins/sudoers/timestamp.c:468 +#: plugins/sudoers/timestamp.c:980 plugins/sudoers/timestamp.c:1118 +#: plugins/sudoers/toke_util.c:77 plugins/sudoers/toke_util.c:105 +#: plugins/sudoers/toke_util.c:130 plugins/sudoers/toke_util.c:154 +#: plugins/sudoers/toke_util.c:193 plugins/sudoers/tsdump.c:123 +#: plugins/sudoers/visudo.c:143 plugins/sudoers/visudo.c:321 +#: plugins/sudoers/visudo.c:327 plugins/sudoers/visudo.c:433 +#: plugins/sudoers/visudo.c:609 plugins/sudoers/visudo.c:926 +#: plugins/sudoers/visudo.c:999 toke.l:938 toke.l:1067 toke.l:1119 toke.l:1127 #, c-format msgid "%s: %s" msgstr "%s: %s" -#: lib/eventlog/eventlog.c:285 lib/iolog/iolog_json.c:463 -#: lib/iolog/iolog_json.c:466 lib/iolog/iolog_json.c:468 -#: lib/iolog/iolog_json.c:560 plugins/sudoers/cvtsudoers_ldif.c:244 -#: plugins/sudoers/cvtsudoers_ldif.c:251 plugins/sudoers/cvtsudoers_ldif.c:571 -#: plugins/sudoers/env.c:323 plugins/sudoers/env.c:330 -#: plugins/sudoers/env.c:437 plugins/sudoers/iolog.c:618 -#: plugins/sudoers/ldap.c:517 plugins/sudoers/ldap.c:748 -#: plugins/sudoers/ldap.c:1081 plugins/sudoers/ldap_conf.c:222 -#: plugins/sudoers/ldap_conf.c:312 plugins/sudoers/linux_audit.c:90 -#: plugins/sudoers/policy.c:556 plugins/sudoers/policy.c:711 -#: plugins/sudoers/policy.c:721 plugins/sudoers/prompt.c:161 -#: plugins/sudoers/sudoers.c:983 plugins/sudoers/testsudoers.c:249 -#: plugins/sudoers/toke_util.c:169 +#: lib/eventlog/eventlog.c:313 lib/iolog/iolog_json.c:509 +#: lib/iolog/iolog_json.c:512 lib/iolog/iolog_json.c:514 +#: plugins/sudoers/cvtsudoers_ldif.c:244 plugins/sudoers/cvtsudoers_ldif.c:251 +#: plugins/sudoers/cvtsudoers_ldif.c:575 plugins/sudoers/env.c:326 +#: plugins/sudoers/env.c:333 plugins/sudoers/env.c:444 +#: plugins/sudoers/iolog.c:628 plugins/sudoers/ldap.c:517 +#: plugins/sudoers/ldap.c:748 plugins/sudoers/ldap.c:1081 +#: plugins/sudoers/ldap_conf.c:222 plugins/sudoers/ldap_conf.c:312 +#: plugins/sudoers/linux_audit.c:92 plugins/sudoers/policy.c:586 +#: plugins/sudoers/policy.c:755 plugins/sudoers/policy.c:766 +#: plugins/sudoers/prompt.c:168 plugins/sudoers/strvec_join.c:62 +#: plugins/sudoers/testsudoers.c:245 plugins/sudoers/toke_util.c:206 #, c-format msgid "internal error, %s overflow" msgstr "erro interno, estouro de pilha de %s" -#: lib/eventlog/eventlog.c:343 +#: lib/eventlog/eventlog.c:372 #, c-format msgid "unable to dup stdin: %m" msgstr "não foi possível fazer dup da entrada padrão: %m" -#: lib/eventlog/eventlog.c:388 +#: lib/eventlog/eventlog.c:414 #, c-format msgid "unable to execute %s: %m" msgstr "não foi possível executar %s: %m" -#: lib/eventlog/eventlog.c:428 plugins/sudoers/auth/aix_auth.c:198 +#: lib/eventlog/eventlog.c:455 plugins/sudoers/auth/aix_auth.c:198 msgid "unable to fork" msgstr "não foi possível fazer fork" -#: lib/eventlog/eventlog.c:436 lib/eventlog/eventlog.c:490 +#: lib/eventlog/eventlog.c:463 lib/eventlog/eventlog.c:517 #, c-format msgid "unable to fork: %m" msgstr "não foi possível fazer fork: %m" -#: lib/eventlog/eventlog.c:480 +#: lib/eventlog/eventlog.c:507 #, c-format msgid "unable to open pipe: %m" msgstr "não foi possível abrir um encadeamento (pipe): %m" -#: lib/eventlog/eventlog.c:894 +#: lib/eventlog/eventlog.c:979 #, c-format msgid "%8s : %s" msgstr "%8s : %s" -#: lib/eventlog/eventlog.c:923 +#: lib/eventlog/eventlog.c:1008 #, c-format msgid "%8s : (command continued) %s" msgstr "%8s : (comando continuado) %s" -#: lib/iolog/iolog_fileio.c:155 -#, c-format -msgid "%s exists but is not a directory (0%o)" -msgstr "%s existe, mas não é um diretório (0%o)" - -#: lib/iolog/iolog_fileio.c:185 lib/iolog/iolog_fileio.c:231 -#: plugins/sudoers/timestamp.c:205 -#, c-format -msgid "unable to mkdir %s" -msgstr "não foi possível fazer mkdir %s" - -#: lib/iolog/iolog_fileio.c:235 plugins/sudoers/visudo.c:732 -#: plugins/sudoers/visudo.c:743 -#, c-format -msgid "unable to change mode of %s to 0%o" -msgstr "não foi possível alterar modo de %s para 0%o" - -#: lib/iolog/iolog_json.c:114 +#: lib/iolog/iolog_json.c:115 #, c-format msgid "expected JSON_STRING, got %d" msgstr "esperava JSON_STRING, obteve %d" -#: lib/iolog/iolog_json.c:327 +#: lib/iolog/iolog_json.c:120 +msgid "JSON_ARRAY too large" +msgstr "JSON_ARRAY grande demais" + +#: lib/iolog/iolog_json.c:352 msgid "missing double quote in name" msgstr "faltando aspas duplas no nome" -#: lib/iolog/iolog_json.c:414 +#: lib/iolog/iolog_json.c:449 +msgid "missing JSON_OBJECT" +msgstr "faltando JSON_OBJECT" + +#: lib/iolog/iolog_json.c:453 #, c-format msgid "expected JSON_OBJECT, got %d" msgstr "esperava JSON_OBJECT, obteve %d" -#: lib/iolog/iolog_json.c:629 lib/iolog/iolog_json.c:753 +#: lib/iolog/iolog_json.c:599 +#, c-format +msgid "json stack exhausted (max %u frames)" +msgstr "pilha json esgotada (máx %u quadros)" + +#: lib/iolog/iolog_json.c:673 +msgid "objects must consist of name:value pairs" +msgstr "objetos devem consistir de pares nome:valor" + +#: lib/iolog/iolog_json.c:678 lib/iolog/iolog_json.c:709 +#: lib/iolog/iolog_json.c:753 lib/iolog/iolog_json.c:775 +#: lib/iolog/iolog_json.c:797 lib/iolog/iolog_json.c:819 +#: lib/iolog/iolog_json.c:841 +msgid "missing separator between values" +msgstr "faltando separador entre valores" + +#: lib/iolog/iolog_json.c:693 lib/iolog/iolog_json.c:867 msgid "unmatched close brace" msgstr "chave de fechamento sem correspondente" -#: lib/iolog/iolog_json.c:638 +#: lib/iolog/iolog_json.c:704 msgid "unexpected array" msgstr "array inesperado" -#: lib/iolog/iolog_json.c:651 lib/iolog/iolog_json.c:755 +#: lib/iolog/iolog_json.c:724 lib/iolog/iolog_json.c:870 msgid "unmatched close bracket" msgstr "colchete de fechamento sem correspondente" -#: lib/iolog/iolog_json.c:659 +#: lib/iolog/iolog_json.c:735 msgid "unexpected string" msgstr "string inesperada" -#: lib/iolog/iolog_json.c:669 +#: lib/iolog/iolog_json.c:746 msgid "missing colon after name" msgstr "faltando caractere de dois pontos após o nome" -#: lib/iolog/iolog_json.c:680 lib/iolog/iolog_json.c:695 -#: lib/iolog/iolog_json.c:710 +#: lib/iolog/iolog_json.c:767 lib/iolog/iolog_json.c:789 msgid "unexpected boolean" msgstr "booleano inesperado" -#: lib/iolog/iolog_json.c:726 +#: lib/iolog/iolog_json.c:811 +msgid "unexpected null" +msgstr "nulo inesperado" + +#: lib/iolog/iolog_json.c:832 msgid "unexpected number" msgstr "número inesperado" -#: lib/iolog/iolog_json.c:763 -#, c-format -msgid "%s:%u unable to parse \"%s\"" -msgstr "%s:%u não foi possível analisar \"%s\"" +#: lib/iolog/iolog_json.c:879 +msgid "parse error" +msgstr "erro de análise" -#: lib/iolog/iolog_util.c:71 +#: lib/iolog/iolog_legacy.c:65 #, c-format msgid "%s: invalid log file" msgstr "%s: arquivo de log inválido" -#: lib/iolog/iolog_util.c:89 +#: lib/iolog/iolog_legacy.c:83 #, c-format msgid "%s: time stamp field is missing" msgstr "%s: campo de marca de tempo está faltando" -#: lib/iolog/iolog_util.c:95 +#: lib/iolog/iolog_legacy.c:89 #, c-format msgid "%s: time stamp %s: %s" msgstr "%s: marca de tempo %s: %s" -#: lib/iolog/iolog_util.c:102 +#: lib/iolog/iolog_legacy.c:96 #, c-format msgid "%s: user field is missing" msgstr "%s: campo de usuário está faltando" -#: lib/iolog/iolog_util.c:111 +#: lib/iolog/iolog_legacy.c:107 #, c-format msgid "%s: runas user field is missing" msgstr "%s: campo de usuário, a ser executado como, está faltando" -#: lib/iolog/iolog_util.c:120 +#: lib/iolog/iolog_legacy.c:118 #, c-format msgid "%s: runas group field is missing" msgstr "%s: campo de grupo, a ser executado como, está faltando" +#: lib/iolog/iolog_mkdirs.c:89 +#, c-format +msgid "%s exists but is not a directory (0%o)" +msgstr "%s existe, mas não é um diretório (0%o)" + +#: lib/iolog/iolog_mkdirs.c:119 lib/iolog/iolog_mkdtemp.c:77 +#: logsrvd/iolog_writer.c:788 plugins/sudoers/timestamp.c:205 +#, c-format +msgid "unable to mkdir %s" +msgstr "não foi possível fazer mkdir %s" + +#: lib/iolog/iolog_mkdtemp.c:81 plugins/sudoers/visudo.c:726 +#: plugins/sudoers/visudo.c:737 +#, c-format +msgid "unable to change mode of %s to 0%o" +msgstr "não foi possível alterar modo de %s para 0%o" + # timing é o nome do arquivo gerado pelo sudo; não traduzir. -#: lib/iolog/iolog_util.c:419 +#: lib/iolog/iolog_timing.c:261 #, c-format msgid "error reading timing file: %s" msgstr "erro ao ler o arquivo timing: %s" # timing é o nome do arquivo gerado pelo sudo; não traduzir. -#: lib/iolog/iolog_util.c:426 +#: lib/iolog/iolog_timing.c:268 #, c-format msgid "invalid timing file line: %s" msgstr "linha inválida no arquivo timing: %s" -#: logsrvd/iolog_writer.c:919 -msgid "log is already complete, cannot be restarted" -msgstr "o log já está completo, não é possível ser reiniciado" +#: logsrvd/iolog_writer.c:131 plugins/sudoers/logging.c:803 +#: plugins/sudoers/policy.c:536 +msgid "unable to generate UUID" +msgstr "não foi possível gerar o UUID" -#: logsrvd/iolog_writer.c:950 -msgid "unable to restart log" -msgstr "não foi possível reiniciar o log" +#: logsrvd/iolog_writer.c:158 logsrvd/iolog_writer.c:176 +#: logsrvd/iolog_writer.c:185 logsrvd/iolog_writer.c:203 +#: logsrvd/iolog_writer.c:216 logsrvd/iolog_writer.c:229 +#: logsrvd/iolog_writer.c:240 logsrvd/iolog_writer.c:247 +#: logsrvd/iolog_writer.c:265 logsrvd/iolog_writer.c:272 +#: logsrvd/iolog_writer.c:290 logsrvd/iolog_writer.c:305 +#: logsrvd/iolog_writer.c:318 logsrvd/iolog_writer.c:331 +#: logsrvd/iolog_writer.c:344 logsrvd/iolog_writer.c:359 +#, c-format +msgid "%s: protocol error: wrong type for %s" +msgstr "%s erro de protocolo: tipo errado para %s" + +#: logsrvd/iolog_writer.c:370 logsrvd/iolog_writer.c:375 +#: logsrvd/iolog_writer.c:380 logsrvd/iolog_writer.c:385 +#, c-format +msgid "%s: protocol error: %s missing from AcceptMessage" +msgstr "%s: erro de protocolo: faltando %s de AcceptMessage" -#: logsrvd/logsrv_util.c:99 logsrvd/logsrv_util.c:106 -#: plugins/sudoers/sudoreplay.c:352 plugins/sudoers/sudoreplay.c:358 +#: logsrvd/iolog_writer.c:446 +#, c-format +msgid "%s: unable to format session id" +msgstr "%s: não foi possível formatar o id de sessão" + +#: logsrvd/iolog_writer.c:460 logsrvd/iolog_writer.c:474 +#: logsrvd/iolog_writer.c:488 logsrvd/iolog_writer.c:503 +#: logsrvd/iolog_writer.c:517 logsrvd/iolog_writer.c:531 +#, c-format +msgid "%s: %s is not set" +msgstr "%s: %s não está definido" + +#: logsrvd/iolog_writer.c:567 logsrvd/iolog_writer.c:574 +#, c-format +msgid "unable to expand iolog path %s" +msgstr "não foi possível expandir o caminho de iolog %s" + +#: logsrvd/iolog_writer.c:592 +#, c-format +msgid "unable to create iolog path %s" +msgstr "não foi possível criar o caminho de iolog %s" + +#: logsrvd/iolog_writer.c:622 +#, c-format +msgid "invalid iofd %d" +msgstr "iofd inválido %d" + +#: logsrvd/iolog_writer.c:642 +#, c-format +msgid "error closing iofd %d: %s" +msgstr "erro ao fechar o iofd %d: %s" + +#: logsrvd/iolog_writer.c:758 +#, c-format +msgid "invalid I/O log %s: %s referenced but not present" +msgstr "log de E/S inválido %s: %s referenciado, mas não definido" + +#: logsrvd/iolog_writer.c:770 logsrvd/logsrvd_journal.c:378 +#, c-format +msgid "%s: unable to find resume point [%lld, %ld]" +msgstr "%s: não foi possível localizar o ponto de resumo [%lld, %ld]" + +#: logsrvd/iolog_writer.c:792 logsrvd/logsrvd_journal.c:421 +#: logsrvd/logsrvd_queue.c:111 logsrvd/tls_init.c:293 +#: plugins/sudoers/check.c:274 plugins/sudoers/cvtsudoers.c:618 +#: plugins/sudoers/cvtsudoers.c:639 plugins/sudoers/cvtsudoers.c:1249 +#: plugins/sudoers/cvtsudoers_json.c:877 plugins/sudoers/cvtsudoers_ldif.c:692 +#: plugins/sudoers/sudoers.c:1083 plugins/sudoers/sudoreplay.c:1456 +#: plugins/sudoers/timestamp.c:433 plugins/sudoers/tsdump.c:128 +#: plugins/sudoers/visudo.c:913 +#, c-format +msgid "unable to open %s" +msgstr "não foi possível abrir %s" + +#: logsrvd/iolog_writer.c:804 logsrvd/logsrv_util.c:98 +#: logsrvd/logsrv_util.c:105 plugins/sudoers/sudoreplay.c:362 +#: plugins/sudoers/sudoreplay.c:368 #, c-format msgid "unable to open %s/%s" msgstr "não foi possível abrir %s/%s" -#: logsrvd/logsrv_util.c:133 +#: logsrvd/iolog_writer.c:817 +#, c-format +msgid "unable to copy %s/%s to %s/%s: %s" +msgstr "não foi possível copiar %s/%s para %s/%s: %s" + +#: logsrvd/iolog_writer.c:846 logsrvd/logsrvd_journal.c:186 +#, c-format +msgid "unable to rename %s to %s" +msgstr "não foi possível renomear %s para %s" + +#: logsrvd/logsrv_util.c:132 #, c-format msgid "missing I/O log file %s/%s" msgstr "faltando arquivo de log de E/S %s/%s" -#: logsrvd/logsrv_util.c:140 +#: logsrvd/logsrv_util.c:139 #, c-format msgid "%s/%s: unable to seek forward %zu" msgstr "%s/%s: não foi possível buscar para frente %zu" -#: logsrvd/logsrv_util.c:150 +#: logsrvd/logsrv_util.c:149 #, c-format -msgid "unable to find resume point [%lld, %ld] in %s/%s" -msgstr "não foi possível localizar o ponto de resumo [%lld, %ld] em %s/%s" +msgid "%s/%s: unable to find resume point [%lld, %ld]" +msgstr "%s/%s: não foi possível localizar o ponto de resumo [%lld, %ld]" + +#: logsrvd/logsrvd.c:272 logsrvd/logsrvd_queue.c:131 +msgid "unable to connect to relay" +msgstr "não foi possível conectar à retransmissão" + +#: logsrvd/logsrvd.c:331 logsrvd/logsrvd_relay.c:838 +#, c-format +msgid "server message too large: %zu" +msgstr "mensagem do servidor grande demais: %zu" + +#: logsrvd/logsrvd.c:423 logsrvd/logsrvd.c:540 logsrvd/logsrvd.c:619 +#: logsrvd/logsrvd.c:843 logsrvd/logsrvd.c:857 logsrvd/logsrvd.c:1016 +#: logsrvd/logsrvd.c:1140 logsrvd/logsrvd.c:1309 logsrvd/logsrvd.c:1327 +#: logsrvd/logsrvd.c:1425 logsrvd/logsrvd.c:1548 logsrvd/logsrvd.c:1732 +#: logsrvd/logsrvd_journal.c:485 logsrvd/logsrvd_local.c:196 +#: logsrvd/logsrvd_queue.c:160 logsrvd/logsrvd_relay.c:173 +#: logsrvd/logsrvd_relay.c:250 logsrvd/logsrvd_relay.c:254 +#: logsrvd/logsrvd_relay.c:390 logsrvd/logsrvd_relay.c:582 +#: logsrvd/logsrvd_relay.c:743 logsrvd/logsrvd_relay.c:1124 +#: logsrvd/sendlog.c:1156 logsrvd/tls_client.c:136 logsrvd/tls_client.c:152 +#: logsrvd/tls_client.c:214 plugins/sudoers/audit.c:281 +#: plugins/sudoers/iolog.c:966 plugins/sudoers/iolog.c:1099 +#: plugins/sudoers/iolog.c:1197 plugins/sudoers/log_client.c:112 +#: plugins/sudoers/log_client.c:328 plugins/sudoers/log_client.c:344 +#: plugins/sudoers/log_client.c:391 plugins/sudoers/log_client.c:595 +#: plugins/sudoers/log_client.c:602 plugins/sudoers/log_client.c:1127 +#: plugins/sudoers/log_client.c:1409 plugins/sudoers/log_client.c:1450 +#: plugins/sudoers/log_client.c:1458 plugins/sudoers/log_client.c:1612 +#: plugins/sudoers/log_client.c:1728 plugins/sudoers/log_client.c:2045 +#: plugins/sudoers/log_client.c:2053 plugins/sudoers/logging.c:139 +#: plugins/sudoers/logging.c:195 plugins/sudoers/sudoreplay.c:522 +#: plugins/sudoers/sudoreplay.c:569 plugins/sudoers/sudoreplay.c:811 +#: plugins/sudoers/sudoreplay.c:923 plugins/sudoers/sudoreplay.c:1014 +#: plugins/sudoers/sudoreplay.c:1029 plugins/sudoers/sudoreplay.c:1036 +#: plugins/sudoers/sudoreplay.c:1043 plugins/sudoers/sudoreplay.c:1050 +#: plugins/sudoers/sudoreplay.c:1057 plugins/sudoers/sudoreplay.c:1184 +msgid "unable to add event to queue" +msgstr "não foi possível adicionar evento para a fila" -#: logsrvd/logsrvd.c:290 logsrvd/logsrvd.c:353 logsrvd/logsrvd.c:394 -#: logsrvd/logsrvd.c:449 logsrvd/logsrvd.c:517 logsrvd/logsrvd.c:568 -#: logsrvd/logsrvd.c:600 logsrvd/logsrvd.c:632 +#: logsrvd/logsrvd.c:447 logsrvd/logsrvd.c:484 logsrvd/logsrvd.c:516 +#: logsrvd/logsrvd.c:564 logsrvd/logsrvd.c:636 logsrvd/logsrvd.c:666 +#: logsrvd/logsrvd.c:696 logsrvd/logsrvd.c:726 logsrvd/logsrvd_relay.c:511 +#: logsrvd/logsrvd_relay.c:544 +#, c-format +msgid "unexpected state %d for %s" +msgstr "estado inesperado %d para %s" + +#: logsrvd/logsrvd.c:448 logsrvd/logsrvd.c:485 logsrvd/logsrvd.c:517 +#: logsrvd/logsrvd.c:565 logsrvd/logsrvd.c:637 logsrvd/logsrvd.c:667 +#: logsrvd/logsrvd.c:697 logsrvd/logsrvd.c:727 logsrvd/logsrvd_relay.c:513 +#: logsrvd/logsrvd_relay.c:546 msgid "state machine error" msgstr "erro na máquina de estado" -#: logsrvd/logsrvd.c:299 +#: logsrvd/logsrvd.c:454 logsrvd/logsrvd.c:455 msgid "invalid AcceptMessage" msgstr "AcceptMessage inválido" -#: logsrvd/logsrvd.c:307 -msgid "error parsing AcceptMessage" -msgstr "erro ao analisar AcceptMessage" - -#: logsrvd/logsrvd.c:314 -msgid "error creating I/O log" -msgstr "erro ao criar o log de E/S" - -#: logsrvd/logsrvd.c:321 -msgid "error logging accept event" -msgstr "erro a registrar log de evento de aceite" - -#: logsrvd/logsrvd.c:362 +#: logsrvd/logsrvd.c:491 logsrvd/logsrvd.c:492 msgid "invalid RejectMessage" msgstr "RejectMessage inválido" -#: logsrvd/logsrvd.c:370 -msgid "error parsing RejectMessage" -msgstr "erro ao analisar RejectMessage" - -#: logsrvd/logsrvd.c:376 -msgid "error logging reject event" -msgstr "erro a registrar log de evento de rejeição" - -#: logsrvd/logsrvd.c:486 +#: logsrvd/logsrvd.c:599 logsrvd/logsrvd.c:600 msgid "invalid AlertMessage" msgstr "AlertMessage inválido" -#: logsrvd/logsrvd.c:494 -msgid "error parsing AlertMessage" -msgstr "erro ao analisar AlertMessage" - -#: logsrvd/logsrvd.c:502 -msgid "error logging alert event" -msgstr "erro a registrar log de evento de alerta" +#: logsrvd/logsrvd.c:641 logsrvd/logsrvd.c:671 logsrvd/logsrvd.c:701 +#, c-format +msgid "%s: unexpected IoBuffer" +msgstr "%s: IoBuffer inesperado" -#: logsrvd/logsrvd.c:523 logsrvd/logsrvd.c:574 logsrvd/logsrvd.c:606 +#: logsrvd/logsrvd.c:642 logsrvd/logsrvd.c:672 logsrvd/logsrvd.c:702 msgid "protocol error" msgstr "erro de protocolo" -#: logsrvd/logsrvd.c:533 -msgid "error writing IoBuffer" -msgstr "erro ao escrever IoBuffer" - -#: logsrvd/logsrvd.c:585 -msgid "error writing ChangeWindowSize" -msgstr "erro ao escrever ChangeWindowSize" - -#: logsrvd/logsrvd.c:617 -msgid "error writing CommandSuspend" -msgstr "erro ao escrever CommandSuspend" +#: logsrvd/logsrvd.c:797 logsrvd/logsrvd_journal.c:358 +#: logsrvd/logsrvd_local.c:125 logsrvd/logsrvd_relay.c:677 +#, c-format +msgid "unexpected type_case value %d in %s from %s" +msgstr "type_case com valor inesperado %d em %s de %s" -#: logsrvd/logsrvd.c:702 +#: logsrvd/logsrvd.c:799 msgid "unrecognized ClientMessage type" msgstr "tipo não reconhecido de ClientMessage" -#: logsrvd/logsrvd.c:967 -msgid "client message too large" -msgstr "mensagem do cliente grande demais" - -#: logsrvd/logsrvd.c:1197 logsrvd/logsrvd.c:1205 -#, c-format -msgid "unable to set TLS 1.2 ciphersuite to %s: %s" -msgstr "não foi possível definir conjunto de cifras TLS 1.2 para %s: %s" - -#: logsrvd/logsrvd.c:1225 logsrvd/logsrvd.c:1233 -#, c-format -msgid "unable to set TLS 1.3 ciphersuite to %s: %s" -msgstr "não foi possível definir conjunto de cifras TLS 1.3 para %s: %s" - -#: logsrvd/logsrvd.c:1269 +#: logsrvd/logsrvd.c:889 #, c-format -msgid "unable to get TLS server method: %s" -msgstr "não foi possível obter o método do servidor TLS: %s" +msgid "timed out writing to client %s" +msgstr "esgotado o tempo limite de escrita para cliente %s" -#: logsrvd/logsrvd.c:1274 +#: logsrvd/logsrvd.c:894 logsrvd/logsrvd_relay.c:910 #, c-format -msgid "unable to create TLS context: %s" -msgstr "não foi possível criar o contexto de TLS: %s" +msgid "missing write buffer for client %s" +msgstr "faltando buffer de escrita para cliente %s" -#: logsrvd/logsrvd.c:1281 plugins/sudoers/log_client.c:236 +#: logsrvd/logsrvd.c:987 #, c-format -msgid "unable to load certificate %s" -msgstr "não foi possível carregar o certificado %s" +msgid "timed out reading from client %s" +msgstr "esgotado o tempo limite de leitura do cliente %s" -#: logsrvd/logsrvd.c:1294 plugins/sudoers/log_client.c:216 +#: logsrvd/logsrvd.c:1028 logsrvd/logsrvd_relay.c:774 #, c-format -msgid "unable to load certificate authority bundle %s" -msgstr "não foi possível carregar o novo pacote de autoridade certificadora %s" +msgid "EOF from %s without proper TLS shutdown" +msgstr "EOF de %s sem desligamento TLS adequado" -#: logsrvd/logsrvd.c:1339 plugins/sudoers/log_client.c:249 +#: logsrvd/logsrvd.c:1071 logsrvd/logsrvd_relay.c:206 logsrvd/sendlog.c:290 +#: plugins/sudoers/log_client.c:705 #, c-format -msgid "unable to load private key %s" -msgstr "não foi possível carregar a chave privada %s" +msgid "client message too large: %zu" +msgstr "mensagem do cliente grande demais: %zu" -#: logsrvd/logsrvd.c:1356 logsrvd/logsrvd.c:1365 -#, c-format -msgid "unable to set diffie-hellman parameters: %s" -msgstr "não foi possível definir os parâmetros de diffie-hellman: %s" +#: logsrvd/logsrvd.c:1072 logsrvd/logsrvd_journal.c:247 +#: logsrvd/logsrvd_journal.c:248 +msgid "client message too large" +msgstr "mensagem do cliente grande demais" -#: logsrvd/logsrvd.c:1378 -#, c-format -msgid "unable to set minimum protocol version to TLS 1.2: %s" -msgstr "não foi possível definir a versão mínima do protocolo para TLS 1.2: %s" +#: logsrvd/logsrvd.c:1090 logsrvd/logsrvd.c:1091 +msgid "invalid ClientMessage" +msgstr "ClientMessage inválido" -#: logsrvd/logsrvd.c:1563 +#: logsrvd/logsrvd.c:1388 msgid "unable to get remote IP addr" msgstr "não foi possível obter o endereço IP remoto" -#: logsrvd/logsrvd.c:1591 plugins/sudoers/log_client.c:263 +#: logsrvd/logsrvd.c:1417 logsrvd/tls_client.c:201 +#: plugins/sudoers/log_client.c:266 #, c-format msgid "Unable to attach user data to the ssl object: %s" msgstr "Não foi possível anexar dados do usuário ao objeto ssl: %s" -#: logsrvd/logsrvd.c:1599 logsrvd/logsrvd.c:1721 logsrvd/logsrvd.c:1823 -#: logsrvd/sendlog.c:1125 logsrvd/sendlog.c:1481 logsrvd/sendlog.c:1496 -#: logsrvd/sendlog.c:1554 plugins/sudoers/iolog.c:956 -#: plugins/sudoers/iolog.c:1089 plugins/sudoers/iolog.c:1187 -#: plugins/sudoers/log_client.c:109 plugins/sudoers/log_client.c:324 -#: plugins/sudoers/log_client.c:340 plugins/sudoers/log_client.c:386 -#: plugins/sudoers/log_client.c:587 plugins/sudoers/log_client.c:594 -#: plugins/sudoers/log_client.c:1103 plugins/sudoers/log_client.c:1376 -#: plugins/sudoers/log_client.c:1417 plugins/sudoers/log_client.c:1425 -#: plugins/sudoers/log_client.c:1576 plugins/sudoers/log_client.c:1692 -#: plugins/sudoers/log_client.c:2007 plugins/sudoers/log_client.c:2015 -#: plugins/sudoers/sudoreplay.c:512 plugins/sudoers/sudoreplay.c:559 -#: plugins/sudoers/sudoreplay.c:791 plugins/sudoers/sudoreplay.c:903 -#: plugins/sudoers/sudoreplay.c:993 plugins/sudoers/sudoreplay.c:1008 -#: plugins/sudoers/sudoreplay.c:1015 plugins/sudoers/sudoreplay.c:1022 -#: plugins/sudoers/sudoreplay.c:1029 plugins/sudoers/sudoreplay.c:1036 -#: plugins/sudoers/sudoreplay.c:1163 -msgid "unable to add event to queue" -msgstr "não foi possível adicionar evento para a fila" - -#: logsrvd/logsrvd.c:1775 logsrvd/logsrvd.c:2011 -msgid "unable setup listen socket" +#: logsrvd/logsrvd.c:1598 logsrvd/logsrvd.c:1951 +msgid "unable to setup listen socket" msgstr "não foi possível configurar soquete de escuta" -#: logsrvd/logsrvd.c:1917 logsrvd/sendlog.c:124 +#: logsrvd/logsrvd.c:1715 #, c-format -msgid "" -"%s - send sudo I/O log to remote server\n" -"\n" -msgstr "" -"%s - envia log de E/S do sudo para servidor remoto\n" -"\n" +msgid "unexpected signal %d" +msgstr "string inesperada %d" -#: logsrvd/logsrvd.c:1920 -msgid "" -"\n" -"Options:\n" -" -f, --file path to configuration file\n" -" -h --help display help message and exit\n" -" -n, --no-fork do not fork, run in the foreground\n" -" -R, --random-drop percent chance connections will drop\n" -" -V, --version display version information and exit\n" -msgstr "" -"\n" -"Opções:\n" -" -f, --file caminho para o arquivo de configuração\n" -" -h, --help exibe uma mensagem de ajuda e sai\n" -" -n, --no-fork não faz fork, executa em primeiro plano\n" -" -R, --random-drop chance em porcentagem das conexões caírem\n" -" -V, --version exibe a informação da versão e sai\n" +#: logsrvd/logsrvd.c:1853 +msgid "sudo log server" +msgstr "servidor de log do sudo" -#: logsrvd/logsrvd.c:1972 logsrvd/sendlog.c:1719 +#: logsrvd/logsrvd.c:1855 logsrvd/sendlog.c:122 +msgid "Options:" +msgstr "Opções:" + +#: logsrvd/logsrvd.c:1857 +msgid "path to configuration file" +msgstr "caminho para o arquivo de autenticação" + +#: logsrvd/logsrvd.c:1859 logsrvd/sendlog.c:124 +msgid "display help message and exit" +msgstr "exibe uma mensagem de ajuda e sai" + +#: logsrvd/logsrvd.c:1861 +msgid "do not fork, run in the foreground" +msgstr "não faz fork, executa em primeiro plano" + +#: logsrvd/logsrvd.c:1863 +msgid "percent chance connections will drop" +msgstr "chance em porcentagem das conexões caírem" + +#: logsrvd/logsrvd.c:1865 logsrvd/sendlog.c:154 +msgid "display version information and exit" +msgstr "exibe as informações de versão e sai" + +#: logsrvd/logsrvd.c:1915 logsrvd/sendlog.c:1532 msgid "Protobuf-C version 1.3 or higher required" msgstr "Protobuf-C versão 1.3 ou superior é necessário" # "random-drop" foi uma escolha por fazer referência à opção de linha de comando -- Rafael -#: logsrvd/logsrvd.c:1990 +#: logsrvd/logsrvd.c:1931 #, c-format msgid "invalid random drop value: %s" msgstr "valor de \"random-drop\" inválido: %s" -#: logsrvd/logsrvd.c:1994 logsrvd/sendlog.c:1769 -#: plugins/sudoers/cvtsudoers.c:228 plugins/sudoers/sudoreplay.c:299 -#: plugins/sudoers/visudo.c:177 +#: logsrvd/logsrvd.c:1934 logsrvd/sendlog.c:1586 +#: plugins/sudoers/cvtsudoers.c:228 plugins/sudoers/sudoreplay.c:301 +#: plugins/sudoers/visudo.c:175 #, c-format msgid "%s version %s\n" msgstr "%s versão %s\n" -#: logsrvd/logsrvd_conf.c:331 +#: logsrvd/logsrvd_conf.c:391 plugins/sudoers/check.c:336 +#: plugins/sudoers/exptilde.c:85 plugins/sudoers/iolog.c:115 +#: plugins/sudoers/policy.c:1159 plugins/sudoers/sudoers.c:486 +#: plugins/sudoers/sudoers.c:1338 plugins/sudoers/testsudoers.c:215 +#: plugins/sudoers/testsudoers.c:382 +#, c-format +msgid "unknown user %s" +msgstr "usuário desconhecido %s" + +#: logsrvd/logsrvd_conf.c:408 plugins/sudoers/iolog.c:140 +#: plugins/sudoers/sudoers.c:491 plugins/sudoers/sudoers.c:1372 +#: plugins/sudoers/testsudoers.c:406 +#, c-format +msgid "unknown group %s" +msgstr "grupo desconhecido %s" + +#: logsrvd/logsrvd_conf.c:426 +#, c-format +msgid "unable to parse iolog mode %s" +msgstr "não foi possível analisar o modo iolog %s" + +#: logsrvd/logsrvd_conf.c:443 logsrvd/logsrvd_conf.c:1172 +#, c-format +msgid "invalid value for %s: %s" +msgstr "valor inválido para %s: %s" + +#: logsrvd/logsrvd_conf.c:482 msgid "TLS not supported" msgstr "sem suporte a TLS" -#: logsrvd/logsrvd_conf.c:343 +#: logsrvd/logsrvd_conf.c:504 #, c-format msgid "%s:%s" msgstr "%s:%s" -#: logsrvd/logsrvd_conf.c:409 logsrvd/logsrvd_conf.c:653 +#: logsrvd/logsrvd_conf.c:577 logsrvd/logsrvd_conf.c:971 #, c-format msgid "%s: not a fully qualified path" msgstr "%s: não um caminho totalmente qualificado" -#: logsrvd/logsrvd_conf.c:767 +#: logsrvd/logsrvd_conf.c:889 logsrvd/logsrvd_conf.c:905 +#: logsrvd/logsrvd_conf.c:1587 +#, c-format +msgid "unknown syslog facility %s" +msgstr "facilidade de syslog desconhecida %s" + +#: logsrvd/logsrvd_conf.c:921 logsrvd/logsrvd_conf.c:937 +#: logsrvd/logsrvd_conf.c:953 logsrvd/logsrvd_conf.c:1591 +#: logsrvd/logsrvd_conf.c:1595 logsrvd/logsrvd_conf.c:1599 +#, c-format +msgid "unknown syslog priority %s" +msgstr "prioridade de syslog desconhecida %s" + +#: logsrvd/logsrvd_conf.c:1133 #, c-format msgid "%s:%d unmatched '[': %s" msgstr "%s:%d \"[\" sem correspondente: %s" -#: logsrvd/logsrvd_conf.c:778 +#: logsrvd/logsrvd_conf.c:1144 #, c-format msgid "%s:%d invalid config section: %s" msgstr "%s:%d seção inválida de configuração: %s" -#: logsrvd/logsrvd_conf.c:786 +#: logsrvd/logsrvd_conf.c:1152 #, c-format msgid "%s:%d invalid configuration line: %s" msgstr "%s:%d linha inválida de configuração: %s" -#: logsrvd/logsrvd_conf.c:792 +#: logsrvd/logsrvd_conf.c:1158 #, c-format msgid "%s:%d expected section name: %s" msgstr "%s:%d esperava um nome de seção: %s" -#: logsrvd/logsrvd_conf.c:806 +#: logsrvd/logsrvd_conf.c:1180 #, c-format -msgid "invalid value for %s: %s" -msgstr "valor inválido para %s: %s" +msgid "%s:%d [%s] illegal key: %s" +msgstr "%s:%d [%s] chave ilegal: %s" -#: logsrvd/logsrvd_conf.c:814 +#: logsrvd/logsrvd_conf.c:1210 plugins/sudoers/logging.c:856 #, c-format -msgid "%s:%d unknown key: %s" -msgstr "%s:%d chave desconhecida: %s" +msgid "unable to open log file %s" +msgstr "não foi possível abrir o arquivo de log %s" + +#: logsrvd/logsrvd_conf.c:1667 +msgid "unable to initialize server TLS context" +msgstr "não foi possível inicializar o contexto TLS do servidor" + +#: logsrvd/logsrvd_conf.c:1687 +msgid "unable to initialize relay TLS context" +msgstr "não foi possível inicializar o contexto TLS da retransmissão" + +#: logsrvd/logsrvd_journal.c:137 logsrvd/logsrvd_journal.c:417 +#: logsrvd/logsrvd_journal.c:422 +msgid "unable to create journal file" +msgstr "não foi possível criar o arquivo de journal" -#: logsrvd/logsrvd_conf.c:1003 +#: logsrvd/logsrvd_journal.c:141 logsrvd/logsrvd_queue.c:105 +#: plugins/sudoers/visudo.c:971 #, c-format -msgid "unknown syslog facility %s" -msgstr "facilidade de syslog desconhecida %s" +msgid "unable to lock %s" +msgstr "não foi possível travar %s" -#: logsrvd/logsrvd_conf.c:1007 logsrvd/logsrvd_conf.c:1011 -#: logsrvd/logsrvd_conf.c:1015 +#: logsrvd/logsrvd_journal.c:144 +msgid "unable to lock journal file" +msgstr "não foi possível travar o arquivo de journal" + +#: logsrvd/logsrvd_journal.c:152 +msgid "unable to open journal file" +msgstr "não foi possível abrir o arquivo de journal" + +#: logsrvd/logsrvd_journal.c:173 logsrvd/logsrvd_journal.c:453 +#: logsrvd/logsrvd_journal.c:458 +msgid "unable to write journal file" +msgstr "não foi possível escrever o arquivo de journal" + +#: logsrvd/logsrvd_journal.c:181 logsrvd/logsrvd_journal.c:188 +msgid "unable to rename journal file" +msgstr "não foi possível renomear o arquivo de journal" + +#: logsrvd/logsrvd_journal.c:235 logsrvd/logsrvd_journal.c:236 +#: logsrvd/logsrvd_journal.c:270 logsrvd/logsrvd_journal.c:271 +msgid "unexpected EOF reading journal file" +msgstr "EOF inesperado ao ler o arquivo de journal" + +#: logsrvd/logsrvd_journal.c:239 logsrvd/logsrvd_journal.c:240 +#: logsrvd/logsrvd_journal.c:274 logsrvd/logsrvd_journal.c:275 +msgid "error reading journal file" +msgstr "erro ao ler o arquivo de journal" + +#: logsrvd/logsrvd_journal.c:286 logsrvd/logsrvd_journal.c:377 +msgid "invalid journal file, unable to restart" +msgstr "arquivo de journal inválido, não foi possível reiniciar" + +#: logsrvd/logsrvd_journal.c:436 #, c-format -msgid "unknown syslog priority %s" -msgstr "prioridade de syslog desconhecida %s" +msgid "unable to seek to [%lld, %ld] in journal file %s" +msgstr "não foi possível procurar [%lld, %ld] em arquivo de journal %s" -#: logsrvd/sendlog.c:127 -msgid "" -"\n" -"Options:\n" -" --help display help message and exit\n" -" -A, --accept only send an accept event (no I/O)\n" -" -h, --host host to send logs to\n" -" -i, --iolog_id remote ID of I/O log to be resumed\n" -" -p, --port port to use when connecting to host\n" -" -r, --restart restart previous I/O log transfer\n" -" -R, --reject reject the command with the given reason\n" -" -b, --ca-bundle certificate bundle file to verify server's cert against\n" -" -c, --cert certificate file for TLS handshake\n" -" -k, --key private key file\n" -" -n, --no-verify do not verify server certificate\n" -" -t, --test test audit server by sending selected I/O log n times in parallel\n" -" -V, --version display version information and exit\n" -msgstr "" -"\n" -"Opções:\n" -" --help exibe mensagem de ajuda e sai\n" -" -A, --accept só envia um evento de aceite (sem E/S)\n" -" -h, --host máquina a ser enviado logs\n" -" -i, --iolog_id ID remoto do log de E/S para ser resumido\n" -" -p, --port porta para usar ao conectar à máquina\n" -" -r, --restart reinicia transferência anterior de log de E/S\n" -" -R, --reject rejeita a comando com o motivo dado\n" -" -b, --ca-bundle arquivo de pacote de certificados para verificar\n" -" o certificado do servidor\n" -" -c, --cert arquivo de certificado para negociação TLS\n" -" -k, --key arquivo de chave privada\n" -" -n, --no-verify não verifica o certificado do servidor\n" -" -t, --test teste o servidor de auditoria enviando o log de\n" -" E/S selecionado n vezes em paralelo\n" -" -V, --version exibe informações de versão e sai\n" +#: logsrvd/logsrvd_local.c:152 +msgid "error parsing AcceptMessage" +msgstr "erro ao analisar AcceptMessage" + +#: logsrvd/logsrvd_local.c:163 +msgid "error creating I/O log" +msgstr "erro ao criar o log de E/S" + +#: logsrvd/logsrvd_local.c:186 +msgid "error logging accept event" +msgstr "erro a registrar log de evento de aceite" + +#: logsrvd/logsrvd_local.c:225 +msgid "error parsing RejectMessage" +msgstr "erro ao analisar RejectMessage" + +#: logsrvd/logsrvd_local.c:249 +msgid "error logging reject event" +msgstr "erro a registrar log de evento de rejeição" + +#: logsrvd/logsrvd_local.c:284 +msgid "error logging exit event" +msgstr "erro a registrar log de evento de saída" + +#: logsrvd/logsrvd_local.c:343 logsrvd/logsrvd_local.c:344 +msgid "log is already complete, cannot be restarted" +msgstr "o log já está completo, não é possível ser reiniciado" + +#: logsrvd/logsrvd_local.c:374 +msgid "unable to restart log" +msgstr "não foi possível reiniciar o log" + +#: logsrvd/logsrvd_local.c:390 +msgid "error parsing AlertMessage" +msgstr "erro ao analisar AlertMessage" + +#: logsrvd/logsrvd_local.c:400 +msgid "error logging alert event" +msgstr "erro a registrar log de evento de alerta" + +#: logsrvd/logsrvd_local.c:435 logsrvd/logsrvd_local.c:488 +#: logsrvd/logsrvd_local.c:523 +#, c-format +msgid "unable to format timing buffer, length %d" +msgstr "não é possível formatar o buffer de tempo, comprimento %d" + +#: logsrvd/logsrvd_local.c:442 logsrvd/logsrvd_local.c:450 +#: logsrvd/logsrvd_local.c:495 logsrvd/logsrvd_local.c:530 +#: plugins/sudoers/sudoreplay.c:351 +#, c-format +msgid "%s/%s: %s" +msgstr "%s/%s: %s" + +#: logsrvd/logsrvd_local.c:470 +msgid "error writing IoBuffer" +msgstr "erro ao escrever IoBuffer" + +#: logsrvd/logsrvd_local.c:505 +msgid "error writing ChangeWindowSize" +msgstr "erro ao escrever ChangeWindowSize" + +#: logsrvd/logsrvd_local.c:540 +msgid "error writing CommandSuspend" +msgstr "erro ao escrever CommandSuspend" + +#: logsrvd/logsrvd_relay.c:436 +msgid "TLS handshake with relay host failed" +msgstr "falha na negociação TLS com host de retransmissão" + +#: logsrvd/logsrvd_relay.c:464 +msgid "unable to connect to relay host" +msgstr "não foi possível conectar ao host de retransmissão" + +#: logsrvd/logsrvd_relay.c:519 +#, c-format +msgid "%s: invalid ServerHello, missing server_id" +msgstr "%s: ServerHello inválido, faltando server_id" + +#: logsrvd/logsrvd_relay.c:521 logsrvd/sendlog.c:961 +#: plugins/sudoers/log_client.c:1493 +msgid "invalid ServerHello" +msgstr "ServerHello inválido" + +#: logsrvd/logsrvd_relay.c:680 +msgid "unrecognized ServerMessage type" +msgstr "tipo não reconhecido de ServerMessage" + +#: logsrvd/logsrvd_relay.c:709 +#, c-format +msgid "timed out reading from relay %s (%s)" +msgstr "esgotado o tempo limite de leitura da retransmissão %s (%s)" + +#: logsrvd/logsrvd_relay.c:711 +msgid "timeout reading from relay" +msgstr "esgotado o tempo limite de leitura da retransmissão" + +#: logsrvd/logsrvd_relay.c:762 +msgid "relay host name does not match certificate" +msgstr "o nome do host de retransmissão não corresponde ao certificado" + +#: logsrvd/logsrvd_relay.c:766 logsrvd/logsrvd_relay.c:779 +#: logsrvd/logsrvd_relay.c:785 +msgid "error reading from relay" +msgstr "erro ao ler da retransmissão" + +#: logsrvd/logsrvd_relay.c:806 +msgid "unable to read from relay" +msgstr "não foi possível ler da retransmissão" + +#: logsrvd/logsrvd_relay.c:821 logsrvd/logsrvd_relay.c:939 +msgid "relay server closed connection" +msgstr "conexão fechada com o servidor de retransmissão" + +#: logsrvd/logsrvd_relay.c:839 +msgid "server message too large" +msgstr "mensagem do servidor grande demais" + +#: logsrvd/logsrvd_relay.c:903 +#, c-format +msgid "timed out writing to relay %s (%s)" +msgstr "esgotado o tempo limite de escrita para retransmissão %s (%s)" + +#: logsrvd/logsrvd_relay.c:905 +msgid "timeout writing to relay" +msgstr "esgotado o tempo limite de escrita para retransmissão" + +#: logsrvd/logsrvd_relay.c:958 logsrvd/logsrvd_relay.c:964 +#: logsrvd/logsrvd_relay.c:974 +msgid "error writing to relay" +msgstr "erro ao escrever para retransmissão" -#: logsrvd/sendlog.c:164 plugins/sudoers/log_client.c:432 +#: logsrvd/sendlog.c:120 +msgid "send sudo I/O log to remote server" +msgstr "envia log de E/S do sudo para servidor remoto" + +#: logsrvd/sendlog.c:126 +msgid "only send an accept event (no I/O)" +msgstr "só envia um evento de aceite (sem E/S)" + +#: logsrvd/sendlog.c:129 +msgid "certificate bundle file to verify server's cert against" +msgstr "arquivo de pacote de certificados para verificar o certificado do servidor" + +#: logsrvd/sendlog.c:131 +msgid "certificate file for TLS handshake" +msgstr "arquivo de certificado para negociação TLS" + +#: logsrvd/sendlog.c:134 +msgid "host to send logs to" +msgstr "máquina a ser enviado logs" + +#: logsrvd/sendlog.c:136 +msgid "remote ID of I/O log to be resumed" +msgstr "ID remoto do log de E/S para ser resumido" + +#: logsrvd/sendlog.c:139 +msgid "private key file" +msgstr "arquivo de chave privada" + +#: logsrvd/sendlog.c:141 +msgid "do not verify server certificate" +msgstr "não verifica o certificado do servidor" + +#: logsrvd/sendlog.c:144 +msgid "port to use when connecting to host" +msgstr "porta para usar ao conectar à máquina" + +#: logsrvd/sendlog.c:146 +msgid "restart previous I/O log transfer" +msgstr "reinicia transferência anterior de log de E/S" + +#: logsrvd/sendlog.c:148 +msgid "reject the command with the given reason" +msgstr "rejeita a comando com o motivo dado" + +#: logsrvd/sendlog.c:150 +msgid "stop transfer after reaching this time" +msgstr "interrompe a transferência após chegar a este tempo" + +#: logsrvd/sendlog.c:152 +msgid "test audit server by sending selected I/O log n times in parallel" +msgstr "testa o servidor de auditoria enviando o log de E/S selecionado n vezes em paralelo" + +#: logsrvd/sendlog.c:177 plugins/sudoers/log_client.c:437 #, c-format msgid "unable to look up %s:%s: %s" msgstr "não foi possível procurar %s:%s: %s" -#: logsrvd/sendlog.c:202 +#: logsrvd/sendlog.c:215 msgid "unable to get server IP addr" msgstr "não foi possível obter o endereço IP" -#: logsrvd/sendlog.c:256 plugins/sudoers/sudoreplay.c:851 +#: logsrvd/sendlog.c:269 plugins/sudoers/sudoreplay.c:871 #, c-format msgid "unable to read %s/%s: %s" msgstr "não foi possível ler %s/%s: %s" -#: logsrvd/sendlog.c:277 plugins/sudoers/log_client.c:694 -#, c-format -msgid "client message too large: %zu" -msgstr "mensagem do cliente grande demais: %zu" - -#: logsrvd/sendlog.c:810 +#: logsrvd/sendlog.c:831 #, c-format msgid "%s: write buffer already in use" msgstr "%s: buffer de escrita já em uso" -#: logsrvd/sendlog.c:862 plugins/sudoers/iolog.c:880 -#: plugins/sudoers/iolog.c:949 +#: logsrvd/sendlog.c:892 plugins/sudoers/iolog.c:890 +#: plugins/sudoers/iolog.c:959 #, c-format msgid "unexpected I/O event %d" msgstr "E/S com evento inesperado %d" -#: logsrvd/sendlog.c:908 logsrvd/sendlog.c:925 logsrvd/sendlog.c:959 -#: plugins/sudoers/log_client.c:1118 plugins/sudoers/log_client.c:1386 -#: plugins/sudoers/log_client.c:1454 plugins/sudoers/log_client.c:1490 +#: logsrvd/sendlog.c:938 logsrvd/sendlog.c:955 logsrvd/sendlog.c:989 +#: plugins/sudoers/log_client.c:1142 plugins/sudoers/log_client.c:1419 +#: plugins/sudoers/log_client.c:1487 plugins/sudoers/log_client.c:1526 #, c-format msgid "%s: unexpected state %d" msgstr "%s: estado inesperado %d" -#: logsrvd/sendlog.c:931 plugins/sudoers/log_client.c:1460 -msgid "invalid ServerHello" -msgstr "ServerHello inválido" - -#: logsrvd/sendlog.c:995 plugins/sudoers/log_client.c:1534 +#: logsrvd/sendlog.c:1025 plugins/sudoers/log_client.c:1570 #, c-format msgid "error message received from server: %s" msgstr "mensagem de erro recebida do servidor: %s" -#: logsrvd/sendlog.c:1008 plugins/sudoers/log_client.c:1547 +#: logsrvd/sendlog.c:1038 plugins/sudoers/log_client.c:1583 #, c-format msgid "abort message received from server: %s" msgstr "mensagem de abortar recebida do servidor: %s" -#: logsrvd/sendlog.c:1027 plugins/sudoers/log_client.c:1566 -msgid "unable to unpack ServerMessage" -msgstr "não foi possível desempacotar ServerMessage" - -#: logsrvd/sendlog.c:1067 plugins/sudoers/log_client.c:1597 +#: logsrvd/sendlog.c:1097 plugins/sudoers/log_client.c:1633 #, c-format msgid "%s: unexpected type_case value %d" msgstr "%s: type_case com valor inesperado %d" -#: logsrvd/sendlog.c:1096 +#: logsrvd/sendlog.c:1126 msgid "timeout reading from server" msgstr "esgotado o tempo limite de leitura do servidor" -#: logsrvd/sendlog.c:1174 +#: logsrvd/sendlog.c:1205 msgid "premature EOF" msgstr "EOF prematuro" -#: logsrvd/sendlog.c:1187 plugins/sudoers/log_client.c:1751 +#: logsrvd/sendlog.c:1218 plugins/sudoers/log_client.c:1791 #, c-format msgid "server message too large: %u" msgstr "mensagem do servidor grande demais: %u" -#: logsrvd/sendlog.c:1238 +#: logsrvd/sendlog.c:1269 msgid "timeout writing to server" msgstr "esgotado o tempo limite de escrita para servidor" -#: logsrvd/sendlog.c:1457 plugins/sudoers/log_client.c:296 +#: logsrvd/sendlog.c:1609 +msgid "both restart point and iolog ID must be specified" +msgstr "ambos ponto de ponto de reinício e ID do iolog devem ser especificados" + +#: logsrvd/sendlog.c:1613 +msgid "a restart point may not be set when no I/O is sent" +msgstr "um ponto de reinício pode não estar definido quando nenhuma E/S é enviada" + +#: logsrvd/sendlog.c:1689 +#, c-format +msgid "exited prematurely with state %d" +msgstr "sai prematuramente com estado %d" + +#: logsrvd/sendlog.c:1690 +#, c-format +msgid "elapsed time sent to server [%lld, %ld]" +msgstr "tempo decorrido enviado ao servidor [%lld, %ld]" + +#: logsrvd/sendlog.c:1692 +#, c-format +msgid "commit point received from server [%lld, %ld]" +msgstr "ponto de confirmação recebido do servidor [%lld, %ld]" + +#: logsrvd/tls_client.c:111 plugins/sudoers/log_client.c:300 msgid "TLS handshake timeout occurred" msgstr "esgotado o tempo limite da negociação TLS" -#: logsrvd/sendlog.c:1476 logsrvd/sendlog.c:1491 -#: plugins/sudoers/log_client.c:318 plugins/sudoers/log_client.c:334 +#: logsrvd/tls_client.c:131 logsrvd/tls_client.c:147 +#: plugins/sudoers/log_client.c:322 plugins/sudoers/log_client.c:338 msgid "unable to set event" msgstr "não foi possível definir evento" -#: logsrvd/sendlog.c:1501 logsrvd/sendlog.c:1505 +#: logsrvd/tls_client.c:157 logsrvd/tls_client.c:161 #, c-format msgid "TLS connection failed: %s" msgstr "falha de conexão de TLS: %s" -#: logsrvd/sendlog.c:1538 +#: logsrvd/tls_client.c:195 #, c-format -msgid "Unable to initialize ssl context: %s" -msgstr "Não foi possível inicializar o contexto de ssl: %s" +msgid "unable to allocate ssl object: %s" +msgstr "não foi possível alocar objeto ssl: %s" -#: logsrvd/sendlog.c:1543 plugins/sudoers/log_client.c:258 -#, c-format -msgid "Unable to allocate ssl object: %s" -msgstr "Não foi possível alocar objeto ssl: %s" - -#: logsrvd/sendlog.c:1548 +#: logsrvd/tls_client.c:208 #, c-format msgid "Unable to attach socket to the ssl object: %s" msgstr "Não foi possível anexar soquete ao objeto ssl: %s" -#: logsrvd/sendlog.c:1792 -msgid "both restart point and iolog ID must be specified" -msgstr "ambos ponto de ponto de reinício e ID do iolog devem ser especificados" +#: logsrvd/tls_client.c:236 +msgid "unable to initialize TLS context" +msgstr "não foi possível inicializar o contexto TLS" -#: logsrvd/sendlog.c:1796 -msgid "a restart point may not be set when no I/O is sent" -msgstr "um ponto de reinício pode não estar definido quando nenhuma E/S é enviada" +#: logsrvd/tls_init.c:126 logsrvd/tls_init.c:134 +#, c-format +msgid "unable to set TLS 1.2 ciphersuite to %s: %s" +msgstr "não foi possível definir conjunto de cifras TLS 1.2 para %s: %s" -#: logsrvd/sendlog.c:1871 +#: logsrvd/tls_init.c:154 logsrvd/tls_init.c:162 #, c-format -msgid "exited prematurely with state %d" -msgstr "sai prematuramente com estado %d" +msgid "unable to set TLS 1.3 ciphersuite to %s: %s" +msgstr "não foi possível definir conjunto de cifras TLS 1.3 para %s: %s" -#: logsrvd/sendlog.c:1872 +#: logsrvd/tls_init.c:197 #, c-format -msgid "elapsed time sent to server [%lld, %ld]" -msgstr "tempo decorrido enviado ao servidor [%lld, %ld]" +msgid "unable to create TLS context: %s" +msgstr "não foi possível criar o contexto de TLS: %s" -#: logsrvd/sendlog.c:1874 +#: logsrvd/tls_init.c:203 #, c-format -msgid "commit point received from server [%lld, %ld]" -msgstr "ponto de confirmação recebido do servidor [%lld, %ld]" +msgid "unable to set minimum protocol version to TLS 1.2: %s" +msgstr "não foi possível definir a versão mínima do protocolo para TLS 1.2: %s" -#: plugins/sudoers/alias.c:148 +#: logsrvd/tls_init.c:279 #, c-format -msgid "Alias \"%s\" already defined" -msgstr "Alias \"%s\" já definido" +msgid "unable to set diffie-hellman parameters: %s" +msgstr "não foi possível definir os parâmetros de diffie-hellman: %s" + +#: logsrvd/tls_init.c:288 +#, c-format +msgid "unable to read diffie-hellman parameters: %s" +msgstr "não foi possível ler os parâmetros de diffie-hellman: %s" -#: plugins/sudoers/audit.c:206 plugins/sudoers/audit.c:343 -#: plugins/sudoers/log_client.c:954 plugins/sudoers/log_client.c:1002 -#: plugins/sudoers/log_client.c:1050 plugins/sudoers/log_client.c:1175 -#: plugins/sudoers/logging.c:548 plugins/sudoers/policy.c:114 +#: plugins/sudoers/audit.c:267 plugins/sudoers/audit.c:422 +#: plugins/sudoers/log_client.c:975 plugins/sudoers/log_client.c:1024 +#: plugins/sudoers/log_client.c:1073 plugins/sudoers/log_client.c:1199 +#: plugins/sudoers/logging.c:554 plugins/sudoers/logging.c:648 +#: plugins/sudoers/logging.c:810 plugins/sudoers/policy.c:123 msgid "unable to get time of day" msgstr "não foi possível obter o horário do dia" @@ -1016,38 +1406,38 @@ msgid "unable to initialize PAM: %s" msgstr "não foi possível inicializar PAM: %s" -#: plugins/sudoers/auth/pam.c:317 +#: plugins/sudoers/auth/pam.c:340 #, c-format msgid "PAM authentication error: %s" msgstr "Erro de autenticação PAM: %s" -#: plugins/sudoers/auth/pam.c:336 +#: plugins/sudoers/auth/pam.c:359 msgid "account validation failure, is your account locked?" msgstr "falha de verificação da conta; sua conta está travada?" -#: plugins/sudoers/auth/pam.c:347 +#: plugins/sudoers/auth/pam.c:370 msgid "Account or password is expired, reset your password and try again" msgstr "Conta ou senha expirou; redefina sua senha e tente novamente" -#: plugins/sudoers/auth/pam.c:353 +#: plugins/sudoers/auth/pam.c:376 #, c-format msgid "unable to change expired password: %s" msgstr "não foi possível alterar a senha expirada: %s" -#: plugins/sudoers/auth/pam.c:364 +#: plugins/sudoers/auth/pam.c:387 msgid "Password expired, contact your system administrator" msgstr "Senha expirou; entre em contato com o administrador do seu sistema" -#: plugins/sudoers/auth/pam.c:369 +#: plugins/sudoers/auth/pam.c:392 msgid "Account expired or PAM config lacks an \"account\" section for sudo, contact your system administrator" msgstr "Conta expirou ou a configuração do PAM não possui uma seção \"account\" para sudo; contate o administrador do seu sistema" -#: plugins/sudoers/auth/pam.c:377 plugins/sudoers/auth/pam.c:382 +#: plugins/sudoers/auth/pam.c:400 plugins/sudoers/auth/pam.c:405 #, c-format msgid "PAM account management error: %s" msgstr "erro de gerenciamento de conta PAM: %s" -#: plugins/sudoers/auth/rfc1938.c:99 plugins/sudoers/visudo.c:243 +#: plugins/sudoers/auth/rfc1938.c:99 plugins/sudoers/visudo.c:241 #, c-format msgid "you do not exist in the %s database" msgstr "você não existe no banco de dados de %s" @@ -1120,7 +1510,17 @@ msgid "unable to commit audit record" msgstr "não foi possível enviar o registro de auditoria" -#: plugins/sudoers/check.c:258 +#: plugins/sudoers/check.c:264 +#, c-format +msgid "error reading lecture file %s" +msgstr "erro ao ler o arquivo de instruções: %s" + +#: plugins/sudoers/check.c:270 +#, c-format +msgid "ignoring lecture file %s: not a regular file" +msgstr "ignorando o arquivo de instruções %s: não é um arquivo comum" + +#: plugins/sudoers/check.c:283 msgid "" "\n" "We trust you have received the usual lecture from the local System\n" @@ -1140,20 +1540,32 @@ " #3) Com grandes poderes vêm grandes responsabilidades.\n" "\n" -#: plugins/sudoers/check.c:301 plugins/sudoers/check.c:311 -#: plugins/sudoers/sudoers.c:837 plugins/sudoers/sudoers.c:858 +#: plugins/sudoers/check.c:331 plugins/sudoers/check.c:341 +#: plugins/sudoers/sudoers.c:876 plugins/sudoers/sudoers.c:897 #: plugins/sudoers/tsdump.c:119 #, c-format -msgid "unknown uid: %u" -msgstr "uid desconhecido: %u" +msgid "unknown uid %u" +msgstr "uid desconhecido %u" + +#: plugins/sudoers/check_aliases.c:56 +#, c-format +msgid "Error: %s:%d:%d: cycle in %s \"%s\"" +msgstr "Erro: %s:%d:%d: ciclo em %s \"%s\"" + +#: plugins/sudoers/check_aliases.c:57 +#, c-format +msgid "Warning: %s:%d:%d: cycle in %s \"%s\"" +msgstr "Aviso: %s:%d:%d: ciclo em %s \"%s\"" + +#: plugins/sudoers/check_aliases.c:61 +#, c-format +msgid "Error: %s:%d:%d: %s \"%s\" referenced but not defined" +msgstr "Erro: %s:%d:%d: %s \"%s\" referenciado, mas não definido" -#: plugins/sudoers/check.c:306 plugins/sudoers/exptilde.c:85 -#: plugins/sudoers/iolog.c:118 plugins/sudoers/policy.c:1088 -#: plugins/sudoers/sudoers.c:440 plugins/sudoers/sudoers.c:1307 -#: plugins/sudoers/testsudoers.c:219 plugins/sudoers/testsudoers.c:386 +#: plugins/sudoers/check_aliases.c:62 #, c-format -msgid "unknown user: %s" -msgstr "usuário desconhecido: %s" +msgid "Warning: %s:%d:%d: %s \"%s\" referenced but not defined" +msgstr "Aviso: %s:%d:%d: %s \"%s\" referenciado, mas não definido" #: plugins/sudoers/cvtsudoers.c:194 #, c-format @@ -1170,12 +1582,12 @@ msgid "order padding: %s: %s" msgstr "preenchimento de ordem: %s: %s" -#: plugins/sudoers/cvtsudoers.c:230 plugins/sudoers/visudo.c:179 +#: plugins/sudoers/cvtsudoers.c:230 plugins/sudoers/visudo.c:177 #, c-format msgid "%s grammar version %d\n" msgstr "gramática de %s versão %d\n" -#: plugins/sudoers/cvtsudoers.c:247 plugins/sudoers/testsudoers.c:167 +#: plugins/sudoers/cvtsudoers.c:247 plugins/sudoers/testsudoers.c:159 #, c-format msgid "unsupported input format %s" msgstr "formato de entrada sem suporte %s" @@ -1190,9 +1602,10 @@ msgid "%s: input and output files must be different" msgstr "%s: arquivos de entrada e saída devem ser diferentes" -#: plugins/sudoers/cvtsudoers.c:330 plugins/sudoers/sudoers.c:178 -#: plugins/sudoers/testsudoers.c:258 plugins/sudoers/visudo.c:249 -#: plugins/sudoers/visudo.c:603 plugins/sudoers/visudo.c:926 +#: plugins/sudoers/cvtsudoers.c:330 plugins/sudoers/sudoers.c:159 +#: plugins/sudoers/sudoers.c:205 plugins/sudoers/testsudoers.c:254 +#: plugins/sudoers/visudo.c:247 plugins/sudoers/visudo.c:597 +#: plugins/sudoers/visudo.c:917 msgid "unable to initialize sudoers default values" msgstr "não foi possível inicializar valores padrões do sudoers" @@ -1203,8 +1616,8 @@ #: plugins/sudoers/cvtsudoers.c:475 #, c-format -msgid "%s: unknown key word: %s" -msgstr "%s: palavra-chave desconhecida: %s" +msgid "%s: unknown key word %s" +msgstr "%s: palavra-chave desconhecida %s" #: plugins/sudoers/cvtsudoers.c:521 #, c-format @@ -1221,37 +1634,28 @@ msgid "invalid filter: %s" msgstr "filtro inválido: %s" -#: plugins/sudoers/cvtsudoers.c:617 plugins/sudoers/cvtsudoers.c:634 -#: plugins/sudoers/cvtsudoers.c:1244 plugins/sudoers/cvtsudoers_json.c:872 -#: plugins/sudoers/cvtsudoers_ldif.c:688 plugins/sudoers/sudoers.c:1053 -#: plugins/sudoers/sudoreplay.c:1435 plugins/sudoers/timestamp.c:441 -#: plugins/sudoers/tsdump.c:128 plugins/sudoers/visudo.c:922 -#, c-format -msgid "unable to open %s" -msgstr "não foi possível abrir %s" - -#: plugins/sudoers/cvtsudoers.c:637 plugins/sudoers/visudo.c:931 +#: plugins/sudoers/cvtsudoers.c:642 plugins/sudoers/visudo.c:922 #, c-format msgid "failed to parse %s file, unknown error" msgstr "falha em analisar o arquivo %s, erro desconhecido" -#: plugins/sudoers/cvtsudoers.c:645 +#: plugins/sudoers/cvtsudoers.c:650 #, c-format msgid "parse error in %s near line %d\n" msgstr "erro de análise em %s perto da linha %d\n" -#: plugins/sudoers/cvtsudoers.c:648 +#: plugins/sudoers/cvtsudoers.c:653 #, c-format msgid "parse error in %s\n" msgstr "erro de análise em \"%s\"\n" -#: plugins/sudoers/cvtsudoers.c:1291 plugins/sudoers/sudoreplay.c:1124 -#: plugins/sudoers/timestamp.c:325 plugins/sudoers/timestamp.c:328 +#: plugins/sudoers/cvtsudoers.c:1296 plugins/sudoers/sudoreplay.c:1145 +#: plugins/sudoers/timestamp.c:317 plugins/sudoers/timestamp.c:320 #, c-format msgid "unable to write to %s" msgstr "não foi possível gravar em %s" -#: plugins/sudoers/cvtsudoers.c:1314 +#: plugins/sudoers/cvtsudoers.c:1319 #, c-format msgid "" "%s - convert between sudoers file formats\n" @@ -1260,7 +1664,7 @@ "%s - converte entre formatos de arquivo sudoers\n" "\n" -#: plugins/sudoers/cvtsudoers.c:1316 +#: plugins/sudoers/cvtsudoers.c:1321 msgid "" "\n" "Options:\n" @@ -1302,7 +1706,7 @@ " -V, --version exibe informações de versão e sai" #: plugins/sudoers/cvtsudoers_json.c:480 plugins/sudoers/cvtsudoers_json.c:514 -#: plugins/sudoers/cvtsudoers_json.c:713 +#: plugins/sudoers/cvtsudoers_json.c:718 #, c-format msgid "unknown defaults entry \"%s\"" msgstr "entrada de Defaults \"%s\" desconhecida" @@ -1319,12 +1723,12 @@ msgid "unable to format timestamp" msgstr "não é possível formatar marca de tempo" -#: plugins/sudoers/cvtsudoers_ldif.c:640 +#: plugins/sudoers/cvtsudoers_ldif.c:644 #, c-format msgid "too many sudoers entries, maximum %u" msgstr "entradas de sudoers demais, máximo %u" -#: plugins/sudoers/cvtsudoers_ldif.c:683 +#: plugins/sudoers/cvtsudoers_ldif.c:687 msgid "the SUDOERS_BASE environment variable is not set and the -b option was not specified." msgstr "a variável de ambiente SUDOERS_BASE não está definida e a opção -b não foi especificada." @@ -1909,6 +2313,35 @@ msgid "The format of logs to produce: %s" msgstr "O formato dos logs para produzir: %s" +#: plugins/sudoers/def_data.c:574 +msgid "Enable SELinux RBAC support" +msgstr "Habilita suporte a RBAC no SELinux" + +#: plugins/sudoers/def_data.c:578 +#, c-format +msgid "Path to the file that is created the first time sudo is run: %s" +msgstr "Caminho para o arquivo que é criado na primeira execução do sudo: %s" + +#: plugins/sudoers/def_data.c:582 +msgid "Intercept further commands and apply sudoers restrictions to them" +msgstr "Intercepta outros comandos e aplica restrições sudoers a eles" + +#: plugins/sudoers/def_data.c:586 +msgid "Log any child processes run by the command" +msgstr "Registra log qualquer processo filho executado pelo comando" + +#: plugins/sudoers/def_data.c:590 +msgid "Log the exit status of commands" +msgstr "Registra log o status de saída dos comandos" + +#: plugins/sudoers/def_data.c:594 +msgid "Subsequent commands in an intercepted session must be authenticated" +msgstr "Os comandos subsequentes em uma sessão interceptada devem ser autenticados" + +#: plugins/sudoers/def_data.c:598 +msgid "Allow an intercepted command to run set setuid or setgid programs" +msgstr "Permite que um comando interceptado execute os programas setuid ou setgid definidos" + #: plugins/sudoers/defaults.c:185 #, c-format msgid "%s:%d:%d: unknown defaults entry \"%s\"" @@ -1929,75 +2362,85 @@ msgid "%s: no value specified for \"%s\"" msgstr "%s: nenhum valor especificado para \"%s\"" -#: plugins/sudoers/defaults.c:275 +#: plugins/sudoers/defaults.c:250 +#, c-format +msgid "%s:%d:%d: invalid operator \"%c=\" for \"%s\"" +msgstr "%s:%d:%d: operador inválido \"%c=\" para \"%s\"" + +#: plugins/sudoers/defaults.c:253 +#, c-format +msgid "%s: invalid operator \"%c=\" for \"%s\"" +msgstr "%s: operador inválido \"%c=\" para \"%s\"" + +#: plugins/sudoers/defaults.c:289 #, c-format msgid "%s:%d:%d: option \"%s\" does not take a value" msgstr "%s:%d:%d: a opção \"%s\" não aceita um valor" -#: plugins/sudoers/defaults.c:278 +#: plugins/sudoers/defaults.c:292 #, c-format msgid "%s: option \"%s\" does not take a value" msgstr "%s: a opção \"%s\" não leva um valor" -#: plugins/sudoers/defaults.c:303 +#: plugins/sudoers/defaults.c:317 #, c-format msgid "%s:%d:%d: invalid Defaults type 0x%x for option \"%s\"" msgstr "%s:%d:%d: tipo de Defaults 0x%x inválido para a opção \"%s\"" -#: plugins/sudoers/defaults.c:306 +#: plugins/sudoers/defaults.c:320 #, c-format msgid "%s: invalid Defaults type 0x%x for option \"%s\"" msgstr "%s: Tipo de Defaults 0x%x inválido para a opção \"%s\"" -#: plugins/sudoers/defaults.c:316 +#: plugins/sudoers/defaults.c:330 #, c-format msgid "%s:%d:%d: value \"%s\" is invalid for option \"%s\"" msgstr "%s:%d:%d: valor \"%s\" é inválido para a opção \"%s\"" -#: plugins/sudoers/defaults.c:319 +#: plugins/sudoers/defaults.c:333 #, c-format msgid "%s: value \"%s\" is invalid for option \"%s\"" msgstr "%s: o valor \"%s\" é inválido para a opção \"%s\"" -#: plugins/sudoers/defaults.c:1030 +#: plugins/sudoers/defaults.c:1054 #, c-format msgid "%s:%d:%d: values for \"%s\" must start with a '/', '~', or '*'" msgstr "%s:%d:%d: valores para \"%s\" devem iniciar com um \"/\", \"~\" ou \"*\"" -#: plugins/sudoers/defaults.c:1034 +#: plugins/sudoers/defaults.c:1058 #, c-format msgid "%s: values for \"%s\" must start with a '/', '~', or '*'" msgstr "%s: valores para \"%s\" devem iniciar com um \"/\", '~', ou '*'" -#: plugins/sudoers/defaults.c:1045 +#: plugins/sudoers/defaults.c:1069 #, c-format msgid "%s:%d:%d: values for \"%s\" must start with a '/'" msgstr "%s:%d:%d: valores para \"%s\" devem iniciar com um \"/\"" -#: plugins/sudoers/defaults.c:1049 +#: plugins/sudoers/defaults.c:1073 #, c-format msgid "%s: values for \"%s\" must start with a '/'" msgstr "%s: valores para \"%s\" devem iniciar com um \"/\"" -#: plugins/sudoers/env.c:405 +#: plugins/sudoers/env.c:412 msgid "sudo_putenv: corrupted envp, length mismatch" msgstr "sudo_putenv: envp corrompido, cumprimento não confere" -#: plugins/sudoers/env.c:1133 +#: plugins/sudoers/env.c:1095 msgid "unable to rebuild the environment" msgstr "não foi possível recompilar o ambiente" -#: plugins/sudoers/env.c:1207 +#: plugins/sudoers/env.c:1169 #, c-format msgid "sorry, you are not allowed to set the following environment variables: %s" msgstr "sinto muito, você não tem permissão para definir as seguintes variáveis de ambiente: %s" -#: plugins/sudoers/file.c:107 +#: plugins/sudoers/file.c:108 #, c-format msgid "parse error in %s near line %d" msgstr "erro de análise em %s próximo à linha %d" -#: plugins/sudoers/file.c:110 +#: plugins/sudoers/file.c:111 #, c-format msgid "parse error in %s" msgstr "erro de análise em %s" @@ -2037,56 +2480,51 @@ msgid "%s: incompatible group plugin major version %d, expected %d" msgstr "%s: versão maior do plug-in de grupo %d incompatível, esperava %d" -#: plugins/sudoers/interfaces.c:80 plugins/sudoers/interfaces.c:97 +#: plugins/sudoers/interfaces.c:76 plugins/sudoers/interfaces.c:93 #, c-format msgid "unable to parse IP address \"%s\"" msgstr "não foi possível analisar o endereço IP \"%s\"" -#: plugins/sudoers/interfaces.c:85 plugins/sudoers/interfaces.c:102 +#: plugins/sudoers/interfaces.c:81 plugins/sudoers/interfaces.c:98 #, c-format msgid "unable to parse netmask \"%s\"" msgstr "não foi possível analisar a máscara de rede \"%s\"" -#: plugins/sudoers/interfaces.c:130 +#: plugins/sudoers/interfaces.c:126 msgid "Local IP address and netmask pairs:\n" msgstr "Par de endereço IP e máscara de rede locais:\n" -#: plugins/sudoers/iolog.c:143 plugins/sudoers/sudoers.c:445 -#: plugins/sudoers/sudoers.c:1341 plugins/sudoers/testsudoers.c:410 -#, c-format -msgid "unknown group: %s" -msgstr "grupo desconhecido %s" - -#: plugins/sudoers/iolog.c:622 +#: plugins/sudoers/iolog.c:632 msgid "unable to update sequence file" msgstr "não foi possível atualizar o arquivo de sequência" -#: plugins/sudoers/iolog.c:653 plugins/sudoers/iolog.c:841 -#: plugins/sudoers/iolog.c:994 plugins/sudoers/iolog.c:1001 -#: plugins/sudoers/iolog.c:1122 plugins/sudoers/iolog.c:1129 -#: plugins/sudoers/iolog.c:1228 plugins/sudoers/iolog.c:1235 +#: plugins/sudoers/iolog.c:663 plugins/sudoers/iolog.c:851 +#: plugins/sudoers/iolog.c:1004 plugins/sudoers/iolog.c:1011 +#: plugins/sudoers/iolog.c:1132 plugins/sudoers/iolog.c:1139 +#: plugins/sudoers/iolog.c:1238 plugins/sudoers/iolog.c:1245 #, c-format msgid "unable to write to I/O log file: %s" msgstr "não foi possível gravar no arquivo de log de E/S: %s" -#: plugins/sudoers/iolog.c:661 +#: plugins/sudoers/iolog.c:671 #, c-format msgid "unable to create %s/%s" msgstr "não foi possível criar %s/%s" -#: plugins/sudoers/iolog.c:886 +#: plugins/sudoers/iolog.c:896 #, c-format msgid "%s: internal error, I/O log file for event %d not open" msgstr "%s: erro interno, o arquivo de log de E/S para evento %d não está aberto" -#: plugins/sudoers/iolog.c:979 plugins/sudoers/iolog.c:1107 -#: plugins/sudoers/iolog.c:1212 plugins/sudoers/timestamp.c:855 -#: plugins/sudoers/timestamp.c:947 plugins/sudoers/visudo.c:493 -#: plugins/sudoers/visudo.c:499 +#: plugins/sudoers/iolog.c:989 plugins/sudoers/iolog.c:1117 +#: plugins/sudoers/iolog.c:1222 plugins/sudoers/timestamp.c:849 +#: plugins/sudoers/timestamp.c:941 plugins/sudoers/visudo.c:487 +#: plugins/sudoers/visudo.c:493 msgid "unable to read the clock" msgstr "não foi possível ler do relógio" -#: plugins/sudoers/iolog.c:1204 plugins/sudoers/log_client.c:1193 +#: plugins/sudoers/iolog.c:1214 plugins/sudoers/log_client.c:1217 +#: plugins/sudoers/log_client.c:1227 plugins/sudoers/log_client.c:1231 #, c-format msgid "%s: internal error, invalid signal %d" msgstr "%s: erro interno, sinal inválido %d" @@ -2114,7 +2552,7 @@ msgid "start_tls specified but LDAP libs do not support ldap_start_tls_s() or ldap_start_tls_s_np()" msgstr "start_tls especificado, mas bibliotecas LDAP não possuem suporte a ldap_start_tls_s() ou ldap_start_tls_s_np()" -#: plugins/sudoers/ldap.c:1834 plugins/sudoers/parse_ldif.c:744 +#: plugins/sudoers/ldap.c:1834 plugins/sudoers/parse_ldif.c:746 #, c-format msgid "invalid sudoOrder attribute: %s" msgstr "atributo sudoOrder inválido: %s" @@ -2133,100 +2571,132 @@ msgid "unable to mix ldap and ldaps URIs" msgstr "não foi possível misturar ldap e ldaps URIs" -#: plugins/sudoers/ldap_util.c:553 plugins/sudoers/ldap_util.c:555 +#: plugins/sudoers/ldap_util.c:496 plugins/sudoers/ldap_util.c:503 +#: plugins/sudoers/ldap_util.c:511 plugins/sudoers/ldap_util.c:520 +#: plugins/sudoers/ldap_util.c:528 plugins/sudoers/ldap_util.c:538 +#: plugins/sudoers/ldap_util.c:546 +#, c-format +msgid "duplicate sudoOption: %s%s%s" +msgstr "sudoOption duplicado: %s%s%s" + +#: plugins/sudoers/ldap_util.c:565 plugins/sudoers/ldap_util.c:567 #, c-format msgid "unable to convert sudoOption: %s%s%s" msgstr "não foi possível converter sudoOption: %s%s%s" -#: plugins/sudoers/linux_audit.c:58 +#: plugins/sudoers/linux_audit.c:58 plugins/sudoers/linux_audit.c:60 msgid "unable to open audit system" msgstr "não foi possível abrir o sistema de auditoria" -#: plugins/sudoers/linux_audit.c:101 +#: plugins/sudoers/linux_audit.c:103 msgid "unable to send audit message" msgstr "não foi possível enviar mensagem de auditoria" -#: plugins/sudoers/log_client.c:113 plugins/sudoers/log_client.c:391 -#: plugins/sudoers/log_client.c:1431 plugins/sudoers/log_client.c:2023 +#: plugins/sudoers/log_client.c:116 plugins/sudoers/log_client.c:396 +#: plugins/sudoers/log_client.c:1464 plugins/sudoers/log_client.c:2061 msgid "error in event loop" msgstr "erro no evento de loop" -#: plugins/sudoers/log_client.c:193 +#: plugins/sudoers/log_client.c:196 #, c-format msgid "Creation of new SSL_CTX object failed: %s" msgstr "Criação do novo objeto SSL_CTX falhou: %s" -#: plugins/sudoers/log_client.c:345 plugins/sudoers/log_client.c:350 +#: plugins/sudoers/log_client.c:219 +#, c-format +msgid "unable to load certificate authority bundle %s" +msgstr "não foi possível carregar o novo pacote de autoridade certificadora %s" + +#: plugins/sudoers/log_client.c:239 +#, c-format +msgid "unable to load certificate %s" +msgstr "não foi possível carregar o certificado %s" + +#: plugins/sudoers/log_client.c:252 +#, c-format +msgid "unable to load private key %s" +msgstr "não foi possível carregar a chave privada %s" + +#: plugins/sudoers/log_client.c:261 +#, c-format +msgid "Unable to allocate ssl object: %s" +msgstr "Não foi possível alocar objeto ssl: %s" + +#: plugins/sudoers/log_client.c:349 plugins/sudoers/log_client.c:354 #, c-format msgid "TLS connection to %s:%s failed: %s" msgstr "falha de conexão de TLS com %s:%s: %s" -#: plugins/sudoers/log_client.c:519 +#: plugins/sudoers/log_client.c:527 msgid "TLS initialization was unsuccessful" msgstr "A inicialização do TLS não teve êxito" -#: plugins/sudoers/log_client.c:528 +#: plugins/sudoers/log_client.c:537 msgid "TLS handshake was unsuccessful" msgstr "A negociação TLS não teve êxito" -#: plugins/sudoers/log_client.c:1202 +#: plugins/sudoers/log_client.c:1235 #, c-format msgid "%s: internal error, invalid exit status %d" msgstr "%s: erro interno, status de saída inválido %d" -#: plugins/sudoers/log_client.c:1738 +#: plugins/sudoers/log_client.c:1602 +msgid "unable to unpack ServerMessage" +msgstr "não foi possível desempacotar ServerMessage" + +#: plugins/sudoers/log_client.c:1754 plugins/sudoers/log_client.c:1778 msgid "lost connection to log server" msgstr "conexão perdida com o servidor de log" -#: plugins/sudoers/log_client.c:1815 +#: plugins/sudoers/log_client.c:1855 msgid "missing write buffer" msgstr "faltando buffer de escrita" -#: plugins/sudoers/log_client.c:1964 +#: plugins/sudoers/log_client.c:2002 msgid "unable to connect to log server" msgstr "não foi possível conectar ao servidor de log" -#: plugins/sudoers/logging.c:244 +#: plugins/sudoers/logging.c:283 msgid "user NOT in sudoers" msgstr "usuário NÃO ESTÁ no sudoers" -#: plugins/sudoers/logging.c:246 +#: plugins/sudoers/logging.c:285 msgid "user NOT authorized on host" msgstr "usuário NÃO ESTÁ autorizado na máquina" -#: plugins/sudoers/logging.c:248 +#: plugins/sudoers/logging.c:287 msgid "command not allowed" msgstr "comando não permitido" -#: plugins/sudoers/logging.c:269 +#: plugins/sudoers/logging.c:308 #, c-format msgid "%s is not in the sudoers file. This incident will be reported.\n" msgstr "%s não está no arquivo sudoers. Este incidente será relatado.\n" -#: plugins/sudoers/logging.c:272 +#: plugins/sudoers/logging.c:311 #, c-format msgid "%s is not allowed to run sudo on %s. This incident will be reported.\n" msgstr "%s não tem permissão para executar sudo em %s. Este incidente será relatado.\n" -#: plugins/sudoers/logging.c:276 +#: plugins/sudoers/logging.c:315 #, c-format msgid "Sorry, user %s may not run sudo on %s.\n" msgstr "Sinto muito, usuário %s não pode executar sudo em %s.\n" -#: plugins/sudoers/logging.c:279 +#: plugins/sudoers/logging.c:318 #, c-format msgid "Sorry, user %s is not allowed to execute '%s%s%s' as %s%s%s on %s.\n" msgstr "Sinto muito, usuário %s não tem permissão para executar \"%s%s%s\" como %s%s%s em %s.\n" -#: plugins/sudoers/logging.c:316 plugins/sudoers/sudoers.c:583 -#: plugins/sudoers/sudoers.c:585 plugins/sudoers/sudoers.c:587 -#: plugins/sudoers/sudoers.c:589 plugins/sudoers/sudoers.c:739 -#: plugins/sudoers/sudoers.c:741 +#: plugins/sudoers/logging.c:355 plugins/sudoers/sudoers.c:629 +#: plugins/sudoers/sudoers.c:631 plugins/sudoers/sudoers.c:633 +#: plugins/sudoers/sudoers.c:635 plugins/sudoers/sudoers.c:776 +#: plugins/sudoers/sudoers.c:778 #, c-format msgid "%s: command not found" msgstr "%s: comando não encontrado" -#: plugins/sudoers/logging.c:318 plugins/sudoers/sudoers.c:579 +#: plugins/sudoers/logging.c:357 plugins/sudoers/sudoers.c:625 #, c-format msgid "" "ignoring \"%s\" found in '.'\n" @@ -2235,27 +2705,22 @@ "ignorando \"%s\" encontrado em \".\"\n" "Use \"sudo ./%s\" se isto é o \"%s\" que você deseja executar." -#: plugins/sudoers/logging.c:337 +#: plugins/sudoers/logging.c:376 #, c-format msgid "%u incorrect password attempt" msgid_plural "%u incorrect password attempts" msgstr[0] "%u tentativa de senha incorreta" msgstr[1] "%u tentativas de senha incorreta" -#: plugins/sudoers/logging.c:393 +#: plugins/sudoers/logging.c:432 msgid "authentication failure" msgstr "falha de autenticação" -#: plugins/sudoers/logging.c:433 plugins/sudoers/logging.c:453 +#: plugins/sudoers/logging.c:472 plugins/sudoers/logging.c:492 msgid "a password is required" msgstr "uma senha é necessária" -#: plugins/sudoers/logging.c:729 -#, c-format -msgid "unable to open log file: %s" -msgstr "não foi possível abrir o arquivo de log: %s" - -#: plugins/sudoers/logging.c:762 +#: plugins/sudoers/logging.c:889 #, c-format msgid "unable to write log file: %s" msgstr "não foi possível gravar no arquivo de log: %s" @@ -2265,7 +2730,7 @@ msgid "digest for %s (%s) is not in %s form" msgstr "digest de %s (%s) não está na forma %s" -#: plugins/sudoers/parse.c:518 +#: plugins/sudoers/parse.c:537 #, c-format msgid "" "\n" @@ -2274,7 +2739,7 @@ "\n" "Papel LDAP: %s\n" -#: plugins/sudoers/parse.c:521 +#: plugins/sudoers/parse.c:540 msgid "" "\n" "Sudoers entry:\n" @@ -2282,104 +2747,110 @@ "\n" "Entradas no sudoers:\n" -#: plugins/sudoers/parse.c:523 +#: plugins/sudoers/parse.c:542 msgid " RunAsUsers: " msgstr " UsuáriosRunAs: " -#: plugins/sudoers/parse.c:538 +#: plugins/sudoers/parse.c:557 msgid " RunAsGroups: " msgstr " GruposRunAs: " -#: plugins/sudoers/parse.c:548 +#: plugins/sudoers/parse.c:567 msgid " Options: " msgstr " Opções: " -#: plugins/sudoers/parse.c:602 +#: plugins/sudoers/parse.c:623 msgid " Commands:\n" msgstr " Comandos:\n" -#: plugins/sudoers/parse.c:793 +#: plugins/sudoers/parse.c:814 #, c-format msgid "Matching Defaults entries for %s on %s:\n" msgstr "Entradas de Defaults correspondentes a %s em %s:\n" -#: plugins/sudoers/parse.c:811 +#: plugins/sudoers/parse.c:832 #, c-format msgid "Runas and Command-specific defaults for %s:\n" msgstr "Padrão específico de comandos e \"runas\" de %s:\n" -#: plugins/sudoers/parse.c:829 +#: plugins/sudoers/parse.c:850 #, c-format msgid "User %s may run the following commands on %s:\n" msgstr "Usuário %s pode executar os seguintes comandos em %s:\n" -#: plugins/sudoers/parse.c:844 +#: plugins/sudoers/parse.c:865 #, c-format msgid "User %s is not allowed to run sudo on %s.\n" msgstr "Usuário %s não tem permissão para executar sudo em %s.\n" -#: plugins/sudoers/parse_ldif.c:614 +#: plugins/sudoers/parse_ldif.c:616 #, c-format msgid "ignoring incomplete sudoRole: cn: %s" msgstr "ignorando sudoRole incompleto: cn: %s" -#: plugins/sudoers/parse_ldif.c:674 +#: plugins/sudoers/parse_ldif.c:676 #, c-format msgid "invalid LDIF attribute: %s" msgstr "atributo LDIF inválido: %s" -#: plugins/sudoers/policy.c:78 plugins/sudoers/policy.c:102 +#: plugins/sudoers/policy.c:80 plugins/sudoers/policy.c:111 #, c-format msgid "invalid %.*s set by sudo front-end" msgstr "%.*s inválido definido pelo front-end do sudo" -#: plugins/sudoers/policy.c:310 plugins/sudoers/testsudoers.c:272 +#: plugins/sudoers/policy.c:320 plugins/sudoers/testsudoers.c:268 msgid "unable to parse network address list" msgstr "não foi possível analisar a lista de endereços de rede" -#: plugins/sudoers/policy.c:455 +#: plugins/sudoers/policy.c:471 msgid "user name not set by sudo front-end" msgstr "nome de usuário não definido pelo front-end do sudo" -#: plugins/sudoers/policy.c:459 +#: plugins/sudoers/policy.c:475 msgid "user-ID not set by sudo front-end" msgstr "ID de usuário não definido pelo front-end do sudo" -#: plugins/sudoers/policy.c:463 +#: plugins/sudoers/policy.c:479 msgid "group-ID not set by sudo front-end" msgstr "ID de grupo não definido pelo front-end do sudo" -#: plugins/sudoers/policy.c:467 +#: plugins/sudoers/policy.c:483 msgid "host name not set by sudo front-end" msgstr "nome da máquina não definido pelo front-end do sudo" -#: plugins/sudoers/policy.c:643 +#: plugins/sudoers/policy.c:685 #, c-format msgid "invalid working directory: %s" msgstr "diretório de trabalho inválido: %s" -#: plugins/sudoers/policy.c:811 +#: plugins/sudoers/policy.c:861 #, c-format msgid "invalid chroot directory: %s" msgstr "diretório de chroot inválido: %s" -#: plugins/sudoers/policy.c:947 plugins/sudoers/visudo.c:231 -#: plugins/sudoers/visudo.c:860 +#: plugins/sudoers/policy.c:996 plugins/sudoers/visudo.c:229 +#: plugins/sudoers/visudo.c:851 #, c-format msgid "unable to execute %s" msgstr "não foi possível executar %s" -#: plugins/sudoers/policy.c:1111 +#: plugins/sudoers/policy.c:1066 plugins/sudoers/policy.c:1103 +#: plugins/sudoers/policy.c:1125 plugins/sudoers/policy.c:1151 +#, c-format +msgid "%s: invalid mode flags from sudo front end: 0x%x" +msgstr "%s: opções de modo inválidas pelo front-end do sudo: 0x%x" + +#: plugins/sudoers/policy.c:1182 #, c-format msgid "Sudoers policy plugin version %s\n" msgstr "Versão de plug-in de política do sudoers %s\n" -#: plugins/sudoers/policy.c:1113 +#: plugins/sudoers/policy.c:1184 #, c-format msgid "Sudoers file grammar version %d\n" msgstr "Versão de gramática de arquivo do sudoers %d\n" -#: plugins/sudoers/policy.c:1117 +#: plugins/sudoers/policy.c:1188 #, c-format msgid "" "\n" @@ -2388,132 +2859,137 @@ "\n" "Caminho do sudoers: %s\n" -#: plugins/sudoers/policy.c:1120 +#: plugins/sudoers/policy.c:1191 #, c-format msgid "nsswitch path: %s\n" msgstr "caminho do nsswitch: %s\n" -#: plugins/sudoers/policy.c:1122 +#: plugins/sudoers/policy.c:1193 #, c-format msgid "ldap.conf path: %s\n" msgstr "caminho do ldap.conf: %s\n" -#: plugins/sudoers/policy.c:1123 +#: plugins/sudoers/policy.c:1194 #, c-format msgid "ldap.secret path: %s\n" msgstr "caminho do ldap.secret: %s\n" -#: plugins/sudoers/policy.c:1156 +#: plugins/sudoers/policy.c:1227 #, c-format msgid "unable to register hook of type %d (version %d.%d)" msgstr "não foi possível registrar hook do tipo %d (versão %d.%d)" -#: plugins/sudoers/pwutil.c:217 plugins/sudoers/pwutil.c:235 +#: plugins/sudoers/policy.c:1245 +#, c-format +msgid "unable to deregister hook of type %d (version %d.%d)" +msgstr "não foi possível cancelar registro de hook do tipo %d (versão %d.%d)" + +#: plugins/sudoers/pwutil.c:218 plugins/sudoers/pwutil.c:236 #, c-format msgid "unable to cache uid %u" msgstr "não foi possível fazer cache de uid %u" -#: plugins/sudoers/pwutil.c:229 +#: plugins/sudoers/pwutil.c:230 #, c-format msgid "unable to cache uid %u, already exists" msgstr "não foi possível fazer cache de uid %u, já existe" -#: plugins/sudoers/pwutil.c:289 plugins/sudoers/pwutil.c:307 -#: plugins/sudoers/pwutil.c:370 plugins/sudoers/pwutil.c:415 +#: plugins/sudoers/pwutil.c:290 plugins/sudoers/pwutil.c:308 +#: plugins/sudoers/pwutil.c:371 plugins/sudoers/pwutil.c:416 #, c-format msgid "unable to cache user %s" msgstr "não foi possível fazer cache de usuário %s" -#: plugins/sudoers/pwutil.c:302 +#: plugins/sudoers/pwutil.c:303 #, c-format msgid "unable to cache user %s, already exists" msgstr "não foi possível fazer cache de usuário %s, já existe" -#: plugins/sudoers/pwutil.c:534 plugins/sudoers/pwutil.c:552 +#: plugins/sudoers/pwutil.c:535 plugins/sudoers/pwutil.c:553 #, c-format msgid "unable to cache gid %u" msgstr "não foi possível fazer cache de gid %u" -#: plugins/sudoers/pwutil.c:546 +#: plugins/sudoers/pwutil.c:547 #, c-format msgid "unable to cache gid %u, already exists" msgstr "não foi possível fazer cache de gid %u, já existe" -#: plugins/sudoers/pwutil.c:599 plugins/sudoers/pwutil.c:617 -#: plugins/sudoers/pwutil.c:665 plugins/sudoers/pwutil.c:707 +#: plugins/sudoers/pwutil.c:601 plugins/sudoers/pwutil.c:619 +#: plugins/sudoers/pwutil.c:680 plugins/sudoers/pwutil.c:729 #, c-format msgid "unable to cache group %s" msgstr "não foi possível fazer cache de grupo %s" -#: plugins/sudoers/pwutil.c:612 +#: plugins/sudoers/pwutil.c:614 #, c-format msgid "unable to cache group %s, already exists" msgstr "não foi possível fazer cache de grupo %s, já existe" -#: plugins/sudoers/pwutil.c:834 plugins/sudoers/pwutil.c:885 -#: plugins/sudoers/pwutil.c:935 plugins/sudoers/pwutil.c:987 +#: plugins/sudoers/pwutil.c:876 plugins/sudoers/pwutil.c:927 +#: plugins/sudoers/pwutil.c:977 plugins/sudoers/pwutil.c:1029 #, c-format msgid "unable to cache group list for %s, already exists" msgstr "não foi possível fazer cache da lista de grupos de %s, já existe" -#: plugins/sudoers/pwutil.c:840 plugins/sudoers/pwutil.c:890 -#: plugins/sudoers/pwutil.c:941 plugins/sudoers/pwutil.c:992 +#: plugins/sudoers/pwutil.c:882 plugins/sudoers/pwutil.c:932 +#: plugins/sudoers/pwutil.c:983 plugins/sudoers/pwutil.c:1034 #, c-format msgid "unable to cache group list for %s" msgstr "não foi fazer cache de lista de grupos para %s" -#: plugins/sudoers/pwutil.c:879 +#: plugins/sudoers/pwutil.c:921 #, c-format msgid "unable to parse groups for %s" msgstr "não foi possível analisar grupos de %s" -#: plugins/sudoers/pwutil.c:981 +#: plugins/sudoers/pwutil.c:1023 #, c-format msgid "unable to parse gids for %s" msgstr "não foi possível analisar os gids de %s" -#: plugins/sudoers/set_perms.c:114 plugins/sudoers/set_perms.c:441 -#: plugins/sudoers/set_perms.c:844 plugins/sudoers/set_perms.c:1150 -#: plugins/sudoers/set_perms.c:1444 +#: plugins/sudoers/set_perms.c:114 plugins/sudoers/set_perms.c:445 +#: plugins/sudoers/set_perms.c:852 plugins/sudoers/set_perms.c:1162 +#: plugins/sudoers/set_perms.c:1460 msgid "perm stack overflow" msgstr "estouro da pilha de permissões" -#: plugins/sudoers/set_perms.c:122 plugins/sudoers/set_perms.c:372 -#: plugins/sudoers/set_perms.c:449 plugins/sudoers/set_perms.c:711 -#: plugins/sudoers/set_perms.c:852 plugins/sudoers/set_perms.c:1074 -#: plugins/sudoers/set_perms.c:1158 plugins/sudoers/set_perms.c:1377 -#: plugins/sudoers/set_perms.c:1452 plugins/sudoers/set_perms.c:1542 +#: plugins/sudoers/set_perms.c:125 plugins/sudoers/set_perms.c:376 +#: plugins/sudoers/set_perms.c:456 plugins/sudoers/set_perms.c:719 +#: plugins/sudoers/set_perms.c:863 plugins/sudoers/set_perms.c:1086 +#: plugins/sudoers/set_perms.c:1173 plugins/sudoers/set_perms.c:1393 +#: plugins/sudoers/set_perms.c:1471 plugins/sudoers/set_perms.c:1562 msgid "perm stack underflow" msgstr "esvaziamento da pilha de permissões" -#: plugins/sudoers/set_perms.c:181 plugins/sudoers/set_perms.c:495 -#: plugins/sudoers/set_perms.c:1211 plugins/sudoers/set_perms.c:1485 +#: plugins/sudoers/set_perms.c:185 plugins/sudoers/set_perms.c:503 +#: plugins/sudoers/set_perms.c:1227 plugins/sudoers/set_perms.c:1505 msgid "unable to change to root gid" msgstr "não foi possível alterar gid de root" -#: plugins/sudoers/set_perms.c:272 plugins/sudoers/set_perms.c:592 -#: plugins/sudoers/set_perms.c:983 plugins/sudoers/set_perms.c:1288 +#: plugins/sudoers/set_perms.c:276 plugins/sudoers/set_perms.c:600 +#: plugins/sudoers/set_perms.c:995 plugins/sudoers/set_perms.c:1304 msgid "unable to change to runas gid" msgstr "não foi possível alterar para gid de \"runas\"" -#: plugins/sudoers/set_perms.c:277 plugins/sudoers/set_perms.c:597 -#: plugins/sudoers/set_perms.c:988 plugins/sudoers/set_perms.c:1293 +#: plugins/sudoers/set_perms.c:281 plugins/sudoers/set_perms.c:605 +#: plugins/sudoers/set_perms.c:1000 plugins/sudoers/set_perms.c:1309 msgid "unable to set runas group vector" msgstr "não foi possível definir vetor de grupo de \"runas\"" -#: plugins/sudoers/set_perms.c:288 plugins/sudoers/set_perms.c:608 -#: plugins/sudoers/set_perms.c:997 plugins/sudoers/set_perms.c:1302 +#: plugins/sudoers/set_perms.c:292 plugins/sudoers/set_perms.c:616 +#: plugins/sudoers/set_perms.c:1009 plugins/sudoers/set_perms.c:1318 msgid "unable to change to runas uid" msgstr "não foi possível alterar para uid de \"runas\"" -#: plugins/sudoers/set_perms.c:306 plugins/sudoers/set_perms.c:626 -#: plugins/sudoers/set_perms.c:1013 plugins/sudoers/set_perms.c:1318 +#: plugins/sudoers/set_perms.c:310 plugins/sudoers/set_perms.c:634 +#: plugins/sudoers/set_perms.c:1025 plugins/sudoers/set_perms.c:1334 msgid "unable to change to sudoers gid" msgstr "não foi possível alterar para gid de sudoers" -#: plugins/sudoers/set_perms.c:359 plugins/sudoers/set_perms.c:698 -#: plugins/sudoers/set_perms.c:1061 plugins/sudoers/set_perms.c:1364 -#: plugins/sudoers/set_perms.c:1529 +#: plugins/sudoers/set_perms.c:363 plugins/sudoers/set_perms.c:706 +#: plugins/sudoers/set_perms.c:1073 plugins/sudoers/set_perms.c:1380 +#: plugins/sudoers/set_perms.c:1549 msgid "too many processes" msgstr "processos demais" @@ -2542,250 +3018,256 @@ msgid "unable to find symbol \"%s\" in %s" msgstr "não foi possível localizar símbolo \"%s\" em %s" -#: plugins/sudoers/sudoers.c:214 plugins/sudoers/sudoers.c:1010 +#: plugins/sudoers/sudoers.c:166 plugins/sudoers/sudoers.c:174 +#: plugins/sudoers/sudoers.c:228 plugins/sudoers/sudoers.c:249 +#: plugins/sudoers/sudoers.c:1040 msgid "problem with defaults entries" msgstr "problema com o entradas padrão" -#: plugins/sudoers/sudoers.c:218 +#: plugins/sudoers/sudoers.c:253 msgid "no valid sudoers sources found, quitting" msgstr "nenhuma fonte de sudoers válida encontrada; saindo" -#: plugins/sudoers/sudoers.c:292 +#: plugins/sudoers/sudoers.c:327 #, c-format msgid "user not allowed to change root directory to %s" msgstr "usuário sem permissão para alterar o diretório raiz para %s" -#: plugins/sudoers/sudoers.c:294 +#: plugins/sudoers/sudoers.c:329 #, c-format msgid "you are not permitted to use the -R option with %s" msgstr "você não tem permissão para usar a opção -R com %s" -#: plugins/sudoers/sudoers.c:319 +#: plugins/sudoers/sudoers.c:354 #, c-format msgid "user not allowed to change directory to %s" msgstr "usuário sem permissão para alterar o diretório para %s" -#: plugins/sudoers/sudoers.c:320 +#: plugins/sudoers/sudoers.c:355 #, c-format msgid "you are not permitted to use the -D option with %s" msgstr "você não tem permissão para usar a opção -D com %s" -#: plugins/sudoers/sudoers.c:351 +#: plugins/sudoers/sudoers.c:382 +msgid "no command specified" +msgstr "nenhum comando especificado" + +#: plugins/sudoers/sudoers.c:407 msgid "sudoers specifies that root is not allowed to sudo" msgstr "sudoers especifica que o root não tem permissão para usar sudo" -#: plugins/sudoers/sudoers.c:411 +#: plugins/sudoers/sudoers.c:457 msgid "user not allowed to override closefrom limit" msgstr "usuário sem permissão para substituir o limite closefrom" -#: plugins/sudoers/sudoers.c:412 +#: plugins/sudoers/sudoers.c:458 msgid "you are not permitted to use the -C option" msgstr "você não tem permissão para usar a opção -C" -#: plugins/sudoers/sudoers.c:472 +#: plugins/sudoers/sudoers.c:518 #, c-format msgid "timestamp owner (%s): No such user" msgstr "dono da marca de tempo (%s): Usuário inexistente" -#: plugins/sudoers/sudoers.c:487 +#: plugins/sudoers/sudoers.c:533 msgid "no tty" msgstr "nenhum tty" -#: plugins/sudoers/sudoers.c:488 +#: plugins/sudoers/sudoers.c:534 msgid "sorry, you must have a tty to run sudo" msgstr "sinto muito, você deve ter um tty para executar sudo" -#: plugins/sudoers/sudoers.c:495 +#: plugins/sudoers/sudoers.c:541 #, c-format msgid "invalid shell for user %s: %s" msgstr "shell inválido para o usuário %s: %s" -#: plugins/sudoers/sudoers.c:578 +#: plugins/sudoers/sudoers.c:624 msgid "command in current directory" msgstr "comando no diretório atual" -#: plugins/sudoers/sudoers.c:597 +#: plugins/sudoers/sudoers.c:643 msgid "user not allowed to set a command timeout" msgstr "usuário sem permissão para definir um tempo limite de comando" -#: plugins/sudoers/sudoers.c:599 +#: plugins/sudoers/sudoers.c:645 msgid "sorry, you are not allowed set a command timeout" msgstr "sinto muito, você não tem permissão para definir um tempo limite de comando" -#: plugins/sudoers/sudoers.c:607 +#: plugins/sudoers/sudoers.c:653 msgid "user not allowed to preserve the environment" msgstr "usuário sem permissão para preservar o ambiente" -#: plugins/sudoers/sudoers.c:609 +#: plugins/sudoers/sudoers.c:655 msgid "sorry, you are not allowed to preserve the environment" msgstr "sinto muito, você não tem permissão para preservar o ambiente" -#: plugins/sudoers/sudoers.c:945 +#: plugins/sudoers/sudoers.c:989 msgid "command too long" msgstr "comando muito grande" -#: plugins/sudoers/sudoers.c:1003 +#: plugins/sudoers/sudoers.c:1028 msgid "sudoedit doesn't need to be run via sudo" msgstr "sudoedit não precisa ser executado via sudo" -#: plugins/sudoers/sudoers.c:1057 plugins/sudoers/sudoreplay.c:1547 +#: plugins/sudoers/sudoers.c:1087 plugins/sudoers/sudoreplay.c:1568 #: plugins/sudoers/tsdump.c:138 #, c-format msgid "unable to read %s" msgstr "não foi possível ler %s" -#: plugins/sudoers/sudoers.c:1082 plugins/sudoers/visudo.c:432 -#: plugins/sudoers/visudo.c:726 +#: plugins/sudoers/sudoers.c:1112 plugins/sudoers/visudo.c:426 +#: plugins/sudoers/visudo.c:720 #, c-format msgid "unable to stat %s" msgstr "não foi possível obter o estado de %s" -#: plugins/sudoers/sudoers.c:1086 plugins/sudoers/visudo.c:1018 +#: plugins/sudoers/sudoers.c:1116 plugins/sudoers/visudo.c:1009 #, c-format msgid "%s is not a regular file" msgstr "%s não é um arquivo comum" -#: plugins/sudoers/sudoers.c:1090 plugins/sudoers/timestamp.c:252 toke.l:1112 +#: plugins/sudoers/sudoers.c:1120 plugins/sudoers/timestamp.c:252 toke.l:1148 #, c-format msgid "%s is owned by uid %u, should be %u" msgstr "%s tem como dono o uid %u, deveria ser %u" -#: plugins/sudoers/sudoers.c:1094 toke.l:1117 +#: plugins/sudoers/sudoers.c:1124 toke.l:1153 #, c-format msgid "%s is world writable" msgstr "%s é gravável globalmente" -#: plugins/sudoers/sudoers.c:1098 toke.l:1120 +#: plugins/sudoers/sudoers.c:1128 toke.l:1156 #, c-format msgid "%s is owned by gid %u, should be %u" msgstr "%s tem como dono o gid %u, deveria ser %u" -#: plugins/sudoers/sudoers.c:1131 +#: plugins/sudoers/sudoers.c:1161 #, c-format msgid "only root can use \"-c %s\"" msgstr "apenas o root pode usar \"-c %s\"" -#: plugins/sudoers/sudoers.c:1150 +#: plugins/sudoers/sudoers.c:1180 #, c-format -msgid "unknown login class: %s" -msgstr "classe de login desconhecida: %s" +msgid "unknown login class %s" +msgstr "classe de login desconhecida %s" -#: plugins/sudoers/sudoers.c:1235 plugins/sudoers/sudoers.c:1250 +#: plugins/sudoers/sudoers.c:1266 plugins/sudoers/sudoers.c:1281 #, c-format msgid "unable to resolve host %s" msgstr "não foi possível resolver máquina %s" -#: plugins/sudoers/sudoreplay.c:257 +#: plugins/sudoers/sudoreplay.c:259 #, c-format msgid "invalid filter option: %s" msgstr "opção de filtro inválida: %s" -#: plugins/sudoers/sudoreplay.c:273 +#: plugins/sudoers/sudoreplay.c:275 #, c-format msgid "invalid max wait: %s" msgstr "espera máxima inválida: %s" -#: plugins/sudoers/sudoreplay.c:296 +#: plugins/sudoers/sudoreplay.c:298 #, c-format msgid "invalid speed factor: %s" msgstr "fator de velocidade inválido: %s" +#: plugins/sudoers/sudoreplay.c:333 +#, c-format +msgid "invalid time offset %s" +msgstr "deslocamento de tempo inválido %s" + # timing é o nome do arquivo gerado pelo sudo; não traduzir. -#: plugins/sudoers/sudoreplay.c:332 +#: plugins/sudoers/sudoreplay.c:342 #, c-format msgid "%s/%.2s/%.2s/%.2s: %s" msgstr "%s/%.2s/%.2s/%.2s: %s" # timing é o nome do arquivo gerado pelo sudo; não traduzir. -#: plugins/sudoers/sudoreplay.c:337 +#: plugins/sudoers/sudoreplay.c:347 #, c-format msgid "%s/timing: %s" msgstr "%s/timing: %s" -#: plugins/sudoers/sudoreplay.c:341 -#, c-format -msgid "%s/%s: %s" -msgstr "%s/%s: %s" - -#: plugins/sudoers/sudoreplay.c:365 +#: plugins/sudoers/sudoreplay.c:375 #, c-format msgid "Replaying sudo session: %s" msgstr "Reproduzindo sessão de sudo: %s" -#: plugins/sudoers/sudoreplay.c:627 +#: plugins/sudoers/sudoreplay.c:637 msgid "unable to set tty to raw mode" msgstr "não foi possível definir o tty para modo raw" -#: plugins/sudoers/sudoreplay.c:678 +#: plugins/sudoers/sudoreplay.c:688 msgid "Warning: your terminal is too small to properly replay the log.\n" msgstr "Aviso: seu terminal é muito pequeno para reproduzir adequadamente o log.\n" -#: plugins/sudoers/sudoreplay.c:679 +#: plugins/sudoers/sudoreplay.c:689 #, c-format msgid "Log geometry is %d x %d, your terminal's geometry is %d x %d." msgstr "Geometria do log é %d x %d; geometria do seu terminal é %d x %d." -#: plugins/sudoers/sudoreplay.c:707 +#: plugins/sudoers/sudoreplay.c:717 msgid "Replay finished, press any key to restore the terminal." msgstr "Reprodução finalizada, pressione qualquer tecla para restaurar o terminal." -#: plugins/sudoers/sudoreplay.c:1197 plugins/sudoers/sudoreplay.c:1227 +#: plugins/sudoers/sudoreplay.c:1218 plugins/sudoers/sudoreplay.c:1248 #, c-format msgid "ambiguous expression \"%s\"" msgstr "expressão ambígua \"%s\"" -#: plugins/sudoers/sudoreplay.c:1249 +#: plugins/sudoers/sudoreplay.c:1270 msgid "unmatched ')' in expression" msgstr "\")\" não coincidente na expressão" -#: plugins/sudoers/sudoreplay.c:1253 +#: plugins/sudoers/sudoreplay.c:1274 #, c-format msgid "unknown search term \"%s\"" msgstr "termo de pesquisa desconhecido \"%s\"" -#: plugins/sudoers/sudoreplay.c:1268 +#: plugins/sudoers/sudoreplay.c:1289 #, c-format msgid "%s requires an argument" msgstr "%s requer um argumento" -#: plugins/sudoers/sudoreplay.c:1271 plugins/sudoers/sudoreplay.c:1523 +#: plugins/sudoers/sudoreplay.c:1292 plugins/sudoers/sudoreplay.c:1544 #, c-format msgid "invalid regular expression: %s" msgstr "expressão regular inválida: %s" -#: plugins/sudoers/sudoreplay.c:1276 +#: plugins/sudoers/sudoreplay.c:1297 #, c-format msgid "could not parse date \"%s\"" msgstr "não foi possível analisar a data \"%s\"" -#: plugins/sudoers/sudoreplay.c:1285 +#: plugins/sudoers/sudoreplay.c:1306 msgid "unmatched '(' in expression" msgstr "\"(\" sem correspondente na expressão" -#: plugins/sudoers/sudoreplay.c:1287 +#: plugins/sudoers/sudoreplay.c:1308 msgid "illegal trailing \"or\"" msgstr "fim de linha ilegal com \"or\"" -#: plugins/sudoers/sudoreplay.c:1289 +#: plugins/sudoers/sudoreplay.c:1310 msgid "illegal trailing \"!\"" msgstr "fim de linha ilegal com \"!\"" -#: plugins/sudoers/sudoreplay.c:1347 +#: plugins/sudoers/sudoreplay.c:1368 #, c-format msgid "unknown search type %d" msgstr "tipo de pesquisa desconhecido %d" -#: plugins/sudoers/sudoreplay.c:1614 +#: plugins/sudoers/sudoreplay.c:1635 #, c-format msgid "usage: %s [-hnRS] [-d dir] [-m num] [-s num] ID\n" msgstr "uso: %s [-hnRS] [-d diretório] [-m número] [-s número] ID\n" -#: plugins/sudoers/sudoreplay.c:1617 +#: plugins/sudoers/sudoreplay.c:1638 #, c-format msgid "usage: %s [-h] [-d dir] -l [search expression]\n" msgstr "uso: %s [-h] [-d diretório] -l [expressão de pesquisa]\n" -#: plugins/sudoers/sudoreplay.c:1626 +#: plugins/sudoers/sudoreplay.c:1647 #, c-format msgid "" "%s - replay sudo session logs\n" @@ -2794,7 +3276,7 @@ "%s - reproduz logs de sessão do sudo\n" "\n" -#: plugins/sudoers/sudoreplay.c:1628 +#: plugins/sudoers/sudoreplay.c:1649 msgid "" "\n" "Options:\n" @@ -2823,11 +3305,11 @@ " -s, --speed=núm aumenta ou diminui a velocidade da saída\n" " -V, --version exibe a informação da versão e sai" -#: plugins/sudoers/testsudoers.c:348 +#: plugins/sudoers/testsudoers.c:344 msgid "\thost unmatched" msgstr "\tmáquina sem correspondente" -#: plugins/sudoers/testsudoers.c:351 +#: plugins/sudoers/testsudoers.c:347 msgid "" "\n" "Command allowed" @@ -2835,7 +3317,7 @@ "\n" "Comando permitido" -#: plugins/sudoers/testsudoers.c:352 +#: plugins/sudoers/testsudoers.c:348 msgid "" "\n" "Command denied" @@ -2843,7 +3325,7 @@ "\n" "Comando negado" -#: plugins/sudoers/testsudoers.c:352 +#: plugins/sudoers/testsudoers.c:348 msgid "" "\n" "Command unmatched" @@ -2856,121 +3338,121 @@ msgid "%s is group writable" msgstr "%s é gravável pelo grupo" -#: plugins/sudoers/timestamp.c:336 plugins/sudoers/timestamp.c:680 +#: plugins/sudoers/timestamp.c:328 plugins/sudoers/timestamp.c:663 #, c-format msgid "unable to truncate time stamp file to %lld bytes" msgstr "não foi possível truncar o arquivo de marca de tempo para %lld bytes" -#: plugins/sudoers/timestamp.c:866 +#: plugins/sudoers/timestamp.c:860 msgid "ignoring time stamp from the future" msgstr "ignorado marca de tempo no futuro" -#: plugins/sudoers/timestamp.c:889 +#: plugins/sudoers/timestamp.c:883 #, c-format msgid "time stamp too far in the future: %20.20s" msgstr "marca de tempo muito a frente no futuro: %20.20s" -#: plugins/sudoers/timestamp.c:1011 +#: plugins/sudoers/timestamp.c:1005 #, c-format msgid "unable to lock time stamp file %s" msgstr "não foi possível travar o arquivo de marca de tempo %s" -#: plugins/sudoers/timestamp.c:1055 plugins/sudoers/timestamp.c:1075 +#: plugins/sudoers/timestamp.c:1049 plugins/sudoers/timestamp.c:1069 #, c-format msgid "lecture status path too long: %s/%s" msgstr "caminho de status de instruções muito longo: %s/%s" -#: plugins/sudoers/toke_util.c:124 +#: plugins/sudoers/toke_util.c:150 msgid "sudoedit should not be specified with a path" msgstr "sudoedit não deve ser especificado com um caminho" -#: plugins/sudoers/visudo.c:226 +#: plugins/sudoers/visudo.c:224 msgid "the -x option will be removed in a future release" msgstr "a opção -x será removida em um lançamento futuro" -#: plugins/sudoers/visudo.c:228 +#: plugins/sudoers/visudo.c:226 msgid "please consider using the cvtsudoers utility instead" msgstr "por favor, em vez disso, considere usar o utilitário cvtsudoers" -#: plugins/sudoers/visudo.c:279 plugins/sudoers/visudo.c:659 +#: plugins/sudoers/visudo.c:277 plugins/sudoers/visudo.c:653 #, c-format msgid "press return to edit %s: " msgstr "pressione enter para editar %s: " -#: plugins/sudoers/visudo.c:340 +#: plugins/sudoers/visudo.c:338 #, c-format msgid "specified editor (%s) doesn't exist" msgstr "editor especificado (%s) não existe" -#: plugins/sudoers/visudo.c:342 +#: plugins/sudoers/visudo.c:340 #, c-format msgid "no editor found (editor path = %s)" msgstr "nenhum editor encontrado (caminho do editor = %s)" -#: plugins/sudoers/visudo.c:452 plugins/sudoers/visudo.c:460 +#: plugins/sudoers/visudo.c:446 plugins/sudoers/visudo.c:454 msgid "write error" msgstr "erro de escrita" -#: plugins/sudoers/visudo.c:506 +#: plugins/sudoers/visudo.c:500 #, c-format msgid "unable to stat temporary file (%s), %s unchanged" msgstr "não foi possível obter estado de arquivo temporário (%s), %s sem alteração" -#: plugins/sudoers/visudo.c:513 +#: plugins/sudoers/visudo.c:507 #, c-format msgid "zero length temporary file (%s), %s unchanged" msgstr "arquivo de temporário (%s) com comprimento zero, %s sem alteração" -#: plugins/sudoers/visudo.c:519 +#: plugins/sudoers/visudo.c:513 #, c-format msgid "editor (%s) failed, %s unchanged" msgstr "editor (%s) falhou, %s sem alteração" -#: plugins/sudoers/visudo.c:541 +#: plugins/sudoers/visudo.c:535 #, c-format msgid "%s unchanged" msgstr "%s sem alteração" -#: plugins/sudoers/visudo.c:598 +#: plugins/sudoers/visudo.c:592 #, c-format msgid "unable to re-open temporary file (%s), %s unchanged." msgstr "não foi possível reabrir arquivo temporário (%s), %s sem alteração." -#: plugins/sudoers/visudo.c:610 +#: plugins/sudoers/visudo.c:604 #, c-format msgid "unable to parse temporary file (%s), unknown error" msgstr "não foi possível analisar arquivo temporário (%s), erro desconhecido" -#: plugins/sudoers/visudo.c:648 +#: plugins/sudoers/visudo.c:642 #, c-format msgid "internal error, unable to find %s in list!" msgstr "erro interno, não foi possível localizar %s na lista!" -#: plugins/sudoers/visudo.c:728 plugins/sudoers/visudo.c:737 +#: plugins/sudoers/visudo.c:722 plugins/sudoers/visudo.c:731 #, c-format msgid "unable to set (uid, gid) of %s to (%u, %u)" msgstr "não foi possível definir (uid, gid) de %s para (%u, %u)" -#: plugins/sudoers/visudo.c:760 +#: plugins/sudoers/visudo.c:754 #, c-format msgid "%s and %s not on the same file system, using mv to rename" msgstr "%s e %s não estão no mesmo sistema de arquivos, usando mv para renomear" -#: plugins/sudoers/visudo.c:774 +#: plugins/sudoers/visudo.c:765 #, c-format msgid "command failed: '%s %s %s', %s unchanged" msgstr "comando \"%s %s %s\" falhou, %s sem alteração" -#: plugins/sudoers/visudo.c:784 +#: plugins/sudoers/visudo.c:775 #, c-format msgid "error renaming %s, %s unchanged" msgstr "erro ao renomear %s, %s sem alteração" -#: plugins/sudoers/visudo.c:805 +#: plugins/sudoers/visudo.c:796 msgid "What now? " msgstr "Agora o que? " -#: plugins/sudoers/visudo.c:819 +#: plugins/sudoers/visudo.c:810 msgid "" "Options are:\n" " (e)dit sudoers file again\n" @@ -2982,66 +3464,41 @@ " e(x)it - sair sem salvar alterações no arquivo sudoers\n" " (Q)uit - sair e salvar alterações no arquivo sudoers (PERIGO!)\n" -#: plugins/sudoers/visudo.c:865 +#: plugins/sudoers/visudo.c:856 #, c-format msgid "unable to run %s" msgstr "não foi possível executar %s" -#: plugins/sudoers/visudo.c:895 +#: plugins/sudoers/visudo.c:886 #, c-format msgid "%s: wrong owner (uid, gid) should be (%u, %u)\n" msgstr "%s: dono (uid, gid) incorreto; deveria ser (%u, %u)\n" -#: plugins/sudoers/visudo.c:902 +#: plugins/sudoers/visudo.c:893 #, c-format msgid "%s: bad permissions, should be mode 0%o\n" msgstr "%s: permissões incorretas; deveria estar no modo 0%o\n" -#: plugins/sudoers/visudo.c:951 plugins/sudoers/visudo.c:958 +#: plugins/sudoers/visudo.c:942 plugins/sudoers/visudo.c:949 #, c-format msgid "%s: parsed OK\n" msgstr "%s: análise OK\n" -#: plugins/sudoers/visudo.c:977 +#: plugins/sudoers/visudo.c:968 #, c-format msgid "%s busy, try again later" msgstr "%s ocupado, tente novamente" -#: plugins/sudoers/visudo.c:980 -#, c-format -msgid "unable to lock %s" -msgstr "não foi possível travar %s" - -#: plugins/sudoers/visudo.c:981 +#: plugins/sudoers/visudo.c:972 msgid "Edit anyway? [y/N]" msgstr "Editar mesmo assim? [y/N]" -#: plugins/sudoers/visudo.c:1091 -#, c-format -msgid "Error: %s:%d:%d: cycle in %s \"%s\"" -msgstr "Erro: %s:%d:%d: ciclo em %s \"%s\"" - -#: plugins/sudoers/visudo.c:1092 -#, c-format -msgid "Warning: %s:%d:%d: cycle in %s \"%s\"" -msgstr "Aviso: %s:%d:%d: ciclo em %s \"%s\"" - -#: plugins/sudoers/visudo.c:1096 -#, c-format -msgid "Error: %s:%d:%d: %s \"%s\" referenced but not defined" -msgstr "Erro: %s:%d:%d: %s \"%s\" referenciado, mas não definido" - -#: plugins/sudoers/visudo.c:1097 -#, c-format -msgid "Warning: %s:%d:%d: %s \"%s\" referenced but not defined" -msgstr "Aviso: %s:%d:%d: %s \"%s\" referenciado, mas não definido" - -#: plugins/sudoers/visudo.c:1188 +#: plugins/sudoers/visudo.c:1068 #, c-format msgid "Warning: %s:%d:%d: unused %s \"%s\"" msgstr "Aviso: %s:%d:%d: %s não usado \"%s\"" -#: plugins/sudoers/visudo.c:1303 +#: plugins/sudoers/visudo.c:1184 #, c-format msgid "" "%s - safely edit the sudoers file\n" @@ -3050,7 +3507,7 @@ "%s - edita o arquivo sudoers com segurança\n" "\n" -#: plugins/sudoers/visudo.c:1305 +#: plugins/sudoers/visudo.c:1186 msgid "" "\n" "Options:\n" @@ -3070,40 +3527,98 @@ " -s, --strict verificação rigorosa de sintaxe\n" " -V, --version exibe a informação da versão e sai\n" -#: toke.l:179 +#: toke.l:187 msgid "empty string" msgstr "string vazia" -#: toke.l:189 toke.l:491 +#: toke.l:199 toke.l:513 msgid "empty group" msgstr "grupo vazio" -#: toke.l:197 toke.l:489 +#: toke.l:209 toke.l:511 msgid "empty netgroup" msgstr "netgroup vazio" -#: toke.l:293 toke.l:305 toke.l:317 toke.l:333 toke.l:352 toke.l:392 +#: toke.l:305 toke.l:317 toke.l:329 toke.l:345 toke.l:364 toke.l:404 msgid "invalid line continuation" msgstr "continuação de linha inválida" -#: toke.l:528 toke.l:540 +#: toke.l:550 toke.l:562 msgid "invalid IPv6 address" msgstr "endereço IPv6 inválido" -#: toke.l:764 +#: toke.l:789 msgid "unexpected line break in string" msgstr "quebra de linha inesperada na string" -#: toke.l:1084 +#: toke.l:1119 msgid "too many levels of includes" msgstr "níveis de inclusões demais" +#~ msgid "unable to get TLS server method: %s" +#~ msgstr "não foi possível obter o método do servidor TLS: %s" + +#~ msgid "%s:%d unknown key: %s" +#~ msgstr "%s:%d chave desconhecida: %s" + +#~ msgid "%s:%u unable to parse \"%s\"" +#~ msgstr "%s:%u não foi possível analisar \"%s\"" + +#~ msgid "" +#~ "\n" +#~ "Options:\n" +#~ " -f, --file path to configuration file\n" +#~ " -h --help display help message and exit\n" +#~ " -n, --no-fork do not fork, run in the foreground\n" +#~ " -R, --random-drop percent chance connections will drop\n" +#~ " -V, --version display version information and exit\n" +#~ msgstr "" +#~ "\n" +#~ "Opções:\n" +#~ " -f, --file caminho para o arquivo de configuração\n" +#~ " -h, --help exibe uma mensagem de ajuda e sai\n" +#~ " -n, --no-fork não faz fork, executa em primeiro plano\n" +#~ " -R, --random-drop chance em porcentagem das conexões caírem\n" +#~ " -V, --version exibe a informação da versão e sai\n" + +#~ msgid "" +#~ "\n" +#~ "Options:\n" +#~ " --help display help message and exit\n" +#~ " -A, --accept only send an accept event (no I/O)\n" +#~ " -h, --host host to send logs to\n" +#~ " -i, --iolog_id remote ID of I/O log to be resumed\n" +#~ " -p, --port port to use when connecting to host\n" +#~ " -r, --restart restart previous I/O log transfer\n" +#~ " -R, --reject reject the command with the given reason\n" +#~ " -b, --ca-bundle certificate bundle file to verify server's cert against\n" +#~ " -c, --cert certificate file for TLS handshake\n" +#~ " -k, --key private key file\n" +#~ " -n, --no-verify do not verify server certificate\n" +#~ " -t, --test test audit server by sending selected I/O log n times in parallel\n" +#~ " -V, --version display version information and exit\n" +#~ msgstr "" +#~ "\n" +#~ "Opções:\n" +#~ " --help exibe mensagem de ajuda e sai\n" +#~ " -A, --accept só envia um evento de aceite (sem E/S)\n" +#~ " -h, --host máquina a ser enviado logs\n" +#~ " -i, --iolog_id ID remoto do log de E/S para ser resumido\n" +#~ " -p, --port porta para usar ao conectar à máquina\n" +#~ " -r, --restart reinicia transferência anterior de log de E/S\n" +#~ " -R, --reject rejeita a comando com o motivo dado\n" +#~ " -b, --ca-bundle arquivo de pacote de certificados para verificar\n" +#~ " o certificado do servidor\n" +#~ " -c, --cert arquivo de certificado para negociação TLS\n" +#~ " -k, --key arquivo de chave privada\n" +#~ " -n, --no-verify não verifica o certificado do servidor\n" +#~ " -t, --test teste o servidor de auditoria enviando o log de\n" +#~ " E/S selecionado n vezes em paralelo\n" +#~ " -V, --version exibe informações de versão e sai\n" + #~ msgid "Preload the dummy exec functions contained in the sudo_noexec library" #~ msgstr "Pré-carrega as funções de exec de teste contidas na biblioteca sudo_noexec" -#~ msgid "unable to lock log file: %s" -#~ msgstr "não foi possível travar o arquivo de log: %s" - #~ msgid "sudo_ldap_conf_add_ports: port too large" #~ msgstr "sudo_ldap_conf_add_ports: porta muito grande" @@ -3192,9 +3707,6 @@ #~ msgid "Warning: cycle in %s `%s'" #~ msgstr "Aviso: ciclo em %s \"%s\"" -#~ msgid "Warning: %s `%s' referenced but not defined" -#~ msgstr "Aviso: %s \"%s\" referenciado, mas não definido" - #~ msgid "Warning: unused %s `%s'" #~ msgstr "Aviso: %s não usado \"%s\"" Binary files /tmp/tmpi0rdlgnl/ugezXHF7Xt/sudo-1.9.5p2/plugins/sudoers/po/sr.mo and /tmp/tmpi0rdlgnl/jboyaHmwzR/sudo-1.9.9/plugins/sudoers/po/sr.mo differ diff -Nru sudo-1.9.5p2/plugins/sudoers/po/sr.po sudo-1.9.9/plugins/sudoers/po/sr.po --- sudo-1.9.5p2/plugins/sudoers/po/sr.po 2021-01-09 20:12:16.000000000 +0000 +++ sudo-1.9.9/plugins/sudoers/po/sr.po 2022-01-27 21:24:22.000000000 +0000 @@ -1,12 +1,12 @@ # Serbian translation for sudoers. # This file is put in the public domain. -# Мирослав Николић , 2014—2020. +# Мирослав Николић , 2014–2021. msgid "" msgstr "" -"Project-Id-Version: sudoers-1.9.4b1\n" +"Project-Id-Version: sudoers-1.9.9b1\n" "Report-Msgid-Bugs-To: https://bugzilla.sudo.ws\n" -"POT-Creation-Date: 2020-11-14 06:24-0700\n" -"PO-Revision-Date: 2020-12-11 08:03+0200\n" +"POT-Creation-Date: 2021-12-08 10:19-0700\n" +"PO-Revision-Date: 2021-12-11 20:55+0200\n" "Last-Translator: Мирослав Николић \n" "Language-Team: Serbian <(nothing)>\n" "Language: sr\n" @@ -16,7 +16,7 @@ "Plural-Forms: nplurals=3; plural=(n%10==1 && n%100!=11 ? 0 : n%10>=2 && n%10<=4 && (n%100<10 || n%100>=20) ? 1 : 2);\n" "X-Bugs: Report translation errors to the Language-Team address.\n" -#: confstr.sh:1 gram.y:1077 +#: confstr.sh:1 gram.y:1201 msgid "syntax error" msgstr "грешка синтаксе" @@ -40,868 +40,1298 @@ msgid "Sorry, try again." msgstr "Извините, покушајте поново." -#: gram.y:220 gram.y:286 gram.y:293 gram.y:300 gram.y:307 gram.y:314 -#: gram.y:334 gram.y:358 gram.y:365 gram.y:372 gram.y:379 gram.y:386 -#: gram.y:455 gram.y:464 gram.y:475 gram.y:510 gram.y:517 gram.y:524 -#: gram.y:531 gram.y:558 gram.y:654 gram.y:661 gram.y:670 gram.y:679 -#: gram.y:696 gram.y:834 gram.y:841 gram.y:849 gram.y:855 gram.y:971 -#: gram.y:978 gram.y:985 gram.y:992 gram.y:999 gram.y:1025 gram.y:1032 -#: gram.y:1039 gram.y:1236 gram.y:1526 lib/eventlog/eventlog.c:280 -#: lib/eventlog/eventlog.c:352 lib/eventlog/eventlog.c:753 -#: lib/eventlog/eventlog.c:817 lib/eventlog/eventlog.c:1062 -#: lib/iolog/iolog_fileio.c:998 lib/iolog/iolog_json.c:120 -#: lib/iolog/iolog_json.c:305 lib/iolog/iolog_json.c:335 -#: lib/iolog/iolog_json.c:457 lib/iolog/iolog_util.c:106 -#: lib/iolog/iolog_util.c:115 lib/iolog/iolog_util.c:125 -#: lib/iolog/iolog_util.c:133 lib/iolog/iolog_util.c:137 -#: lib/iolog/iolog_util.c:196 logsrvd/sendlog.c:480 -#: plugins/sudoers/alias.c:126 plugins/sudoers/alias.c:134 -#: plugins/sudoers/alias.c:153 plugins/sudoers/audit.c:115 -#: plugins/sudoers/audit.c:210 plugins/sudoers/auth/bsdauth.c:143 -#: plugins/sudoers/auth/kerb5.c:118 plugins/sudoers/auth/kerb5.c:144 -#: plugins/sudoers/auth/pam.c:669 plugins/sudoers/auth/rfc1938.c:111 -#: plugins/sudoers/auth/sia.c:59 plugins/sudoers/cvtsudoers.c:119 -#: plugins/sudoers/cvtsudoers.c:160 plugins/sudoers/cvtsudoers.c:177 -#: plugins/sudoers/cvtsudoers.c:188 plugins/sudoers/cvtsudoers.c:300 -#: plugins/sudoers/cvtsudoers.c:428 plugins/sudoers/cvtsudoers.c:561 -#: plugins/sudoers/cvtsudoers.c:578 plugins/sudoers/cvtsudoers.c:641 -#: plugins/sudoers/cvtsudoers.c:756 plugins/sudoers/cvtsudoers.c:764 -#: plugins/sudoers/cvtsudoers.c:1178 plugins/sudoers/cvtsudoers.c:1182 -#: plugins/sudoers/cvtsudoers.c:1284 plugins/sudoers/cvtsudoers_json.c:76 +#: gram.y:233 gram.y:300 gram.y:309 gram.y:318 gram.y:328 gram.y:338 +#: gram.y:362 gram.y:389 gram.y:398 gram.y:406 gram.y:415 gram.y:424 +#: gram.y:498 gram.y:508 gram.y:520 gram.y:564 gram.y:573 gram.y:582 +#: gram.y:591 gram.y:718 gram.y:726 gram.y:737 gram.y:749 gram.y:768 +#: gram.y:923 gram.y:928 gram.y:936 gram.y:950 gram.y:956 gram.y:1078 +#: gram.y:1087 gram.y:1095 gram.y:1104 gram.y:1113 gram.y:1142 gram.y:1151 +#: gram.y:1159 gram.y:1249 gram.y:1377 gram.y:1744 gram.y:1794 +#: lib/eventlog/eventlog.c:309 lib/eventlog/eventlog.c:382 +#: lib/eventlog/eventlog.c:804 lib/eventlog/eventlog.c:881 +#: lib/eventlog/eventlog.c:1176 lib/iolog/iolog_json.c:150 +#: lib/iolog/iolog_json.c:382 lib/iolog/iolog_json.c:412 +#: lib/iolog/iolog_json.c:555 lib/iolog/iolog_legacy.c:100 +#: lib/iolog/iolog_legacy.c:111 lib/iolog/iolog_legacy.c:123 +#: lib/iolog/iolog_legacy.c:133 lib/iolog/iolog_legacy.c:139 +#: lib/iolog/iolog_loginfo.c:76 lib/iolog/iolog_loginfo.c:211 +#: logsrvd/iolog_writer.c:84 logsrvd/iolog_writer.c:89 +#: logsrvd/iolog_writer.c:123 logsrvd/iolog_writer.c:172 +#: logsrvd/iolog_writer.c:212 logsrvd/iolog_writer.c:225 +#: logsrvd/iolog_writer.c:261 logsrvd/iolog_writer.c:286 +#: logsrvd/iolog_writer.c:301 logsrvd/iolog_writer.c:314 +#: logsrvd/iolog_writer.c:327 logsrvd/iolog_writer.c:340 +#: logsrvd/iolog_writer.c:355 logsrvd/iolog_writer.c:393 +#: logsrvd/iolog_writer.c:399 logsrvd/iolog_writer.c:406 +#: logsrvd/iolog_writer.c:412 logsrvd/iolog_writer.c:596 +#: logsrvd/logsrv_util.c:64 logsrvd/logsrvd.c:296 logsrvd/logsrvd.c:305 +#: logsrvd/logsrvd.c:1011 logsrvd/logsrvd.c:1073 logsrvd/logsrvd_conf.c:1360 +#: logsrvd/logsrvd_journal.c:70 logsrvd/logsrvd_journal.c:203 +#: logsrvd/logsrvd_journal.c:204 logsrvd/logsrvd_journal.c:260 +#: logsrvd/logsrvd_journal.c:425 logsrvd/logsrvd_journal.c:427 +#: logsrvd/logsrvd_local.c:174 logsrvd/logsrvd_local.c:175 +#: logsrvd/logsrvd_local.c:237 logsrvd/logsrvd_local.c:238 +#: logsrvd/logsrvd_local.c:376 logsrvd/logsrvd_local.c:425 +#: logsrvd/logsrvd_local.c:426 logsrvd/logsrvd_local.c:431 +#: logsrvd/logsrvd_local.c:432 logsrvd/logsrvd_queue.c:154 +#: logsrvd/logsrvd_queue.c:184 logsrvd/logsrvd_queue.c:261 +#: logsrvd/logsrvd_relay.c:439 logsrvd/logsrvd_relay.c:738 +#: logsrvd/logsrvd_relay.c:843 logsrvd/sendlog.c:246 logsrvd/sendlog.c:255 +#: logsrvd/sendlog.c:333 logsrvd/sendlog.c:640 plugins/sudoers/audit.c:116 +#: plugins/sudoers/auth/bsdauth.c:147 plugins/sudoers/auth/kerb5.c:118 +#: plugins/sudoers/auth/kerb5.c:146 plugins/sudoers/auth/pam.c:689 +#: plugins/sudoers/auth/rfc1938.c:111 plugins/sudoers/auth/sia.c:59 +#: plugins/sudoers/check_aliases.c:134 plugins/sudoers/cvtsudoers.c:131 +#: plugins/sudoers/cvtsudoers.c:175 plugins/sudoers/cvtsudoers.c:192 +#: plugins/sudoers/cvtsudoers.c:203 plugins/sudoers/cvtsudoers.c:333 +#: plugins/sudoers/cvtsudoers.c:372 plugins/sudoers/cvtsudoers.c:392 +#: plugins/sudoers/cvtsudoers.c:534 plugins/sudoers/cvtsudoers.c:667 +#: plugins/sudoers/cvtsudoers.c:685 plugins/sudoers/cvtsudoers.c:755 +#: plugins/sudoers/cvtsudoers.c:870 plugins/sudoers/cvtsudoers.c:878 +#: plugins/sudoers/cvtsudoers.c:1373 plugins/sudoers/cvtsudoers.c:1377 +#: plugins/sudoers/cvtsudoers.c:1479 plugins/sudoers/cvtsudoers_csv.c:183 +#: plugins/sudoers/cvtsudoers_csv.c:246 plugins/sudoers/cvtsudoers_json.c:76 #: plugins/sudoers/cvtsudoers_ldif.c:151 plugins/sudoers/cvtsudoers_ldif.c:194 #: plugins/sudoers/cvtsudoers_ldif.c:235 plugins/sudoers/cvtsudoers_ldif.c:300 -#: plugins/sudoers/cvtsudoers_ldif.c:371 plugins/sudoers/cvtsudoers_ldif.c:421 -#: plugins/sudoers/cvtsudoers_ldif.c:429 plugins/sudoers/cvtsudoers_ldif.c:440 -#: plugins/sudoers/cvtsudoers_ldif.c:447 plugins/sudoers/cvtsudoers_ldif.c:460 -#: plugins/sudoers/cvtsudoers_ldif.c:468 plugins/sudoers/cvtsudoers_ldif.c:615 -#: plugins/sudoers/defaults.c:630 plugins/sudoers/defaults.c:923 -#: plugins/sudoers/defaults.c:1098 plugins/sudoers/editor.c:181 -#: plugins/sudoers/env.c:261 plugins/sudoers/exptilde.c:92 -#: plugins/sudoers/filedigest.c:54 plugins/sudoers/filedigest.c:70 -#: plugins/sudoers/gc.c:56 plugins/sudoers/group_plugin.c:133 -#: plugins/sudoers/interfaces.c:72 plugins/sudoers/iolog.c:596 -#: plugins/sudoers/iolog.c:613 plugins/sudoers/ldap.c:184 -#: plugins/sudoers/ldap.c:422 plugins/sudoers/ldap.c:432 -#: plugins/sudoers/ldap.c:437 plugins/sudoers/ldap.c:441 -#: plugins/sudoers/ldap.c:453 plugins/sudoers/ldap.c:744 -#: plugins/sudoers/ldap.c:908 plugins/sudoers/ldap.c:1281 -#: plugins/sudoers/ldap.c:1709 plugins/sudoers/ldap.c:1746 -#: plugins/sudoers/ldap.c:1827 plugins/sudoers/ldap.c:1962 -#: plugins/sudoers/ldap.c:2063 plugins/sudoers/ldap.c:2079 -#: plugins/sudoers/ldap_conf.c:218 plugins/sudoers/ldap_conf.c:249 -#: plugins/sudoers/ldap_conf.c:301 plugins/sudoers/ldap_conf.c:337 -#: plugins/sudoers/ldap_conf.c:441 plugins/sudoers/ldap_conf.c:456 -#: plugins/sudoers/ldap_conf.c:553 plugins/sudoers/ldap_conf.c:586 -#: plugins/sudoers/ldap_conf.c:678 plugins/sudoers/ldap_conf.c:760 -#: plugins/sudoers/ldap_util.c:326 plugins/sudoers/ldap_util.c:333 -#: plugins/sudoers/ldap_util.c:603 plugins/sudoers/linux_audit.c:84 -#: plugins/sudoers/log_client.c:105 plugins/sudoers/log_client.c:381 -#: plugins/sudoers/log_client.c:688 plugins/sudoers/log_client.c:706 -#: plugins/sudoers/log_client.c:1407 plugins/sudoers/log_client.c:1620 -#: plugins/sudoers/log_client.c:1942 plugins/sudoers/log_client.c:1999 -#: plugins/sudoers/logging.c:100 plugins/sudoers/logging.c:166 -#: plugins/sudoers/logging.c:426 plugins/sudoers/logging.c:446 -#: plugins/sudoers/logging.c:527 plugins/sudoers/match_command.c:281 -#: plugins/sudoers/match_command.c:449 plugins/sudoers/match_command.c:499 -#: plugins/sudoers/match_command.c:573 plugins/sudoers/match_digest.c:93 -#: plugins/sudoers/parse.c:199 plugins/sudoers/parse.c:213 -#: plugins/sudoers/parse.c:230 plugins/sudoers/parse.c:244 -#: plugins/sudoers/parse.c:264 plugins/sudoers/parse.c:275 +#: plugins/sudoers/cvtsudoers_ldif.c:376 plugins/sudoers/cvtsudoers_ldif.c:430 +#: plugins/sudoers/cvtsudoers_ldif.c:438 plugins/sudoers/cvtsudoers_ldif.c:449 +#: plugins/sudoers/cvtsudoers_ldif.c:456 plugins/sudoers/cvtsudoers_ldif.c:469 +#: plugins/sudoers/cvtsudoers_ldif.c:477 plugins/sudoers/cvtsudoers_ldif.c:624 +#: plugins/sudoers/cvtsudoers_merge.c:246 +#: plugins/sudoers/cvtsudoers_merge.c:292 +#: plugins/sudoers/cvtsudoers_merge.c:339 +#: plugins/sudoers/cvtsudoers_merge.c:360 +#: plugins/sudoers/cvtsudoers_merge.c:446 +#: plugins/sudoers/cvtsudoers_merge.c:457 +#: plugins/sudoers/cvtsudoers_merge.c:526 +#: plugins/sudoers/cvtsudoers_merge.c:696 +#: plugins/sudoers/cvtsudoers_merge.c:704 +#: plugins/sudoers/cvtsudoers_merge.c:927 +#: plugins/sudoers/cvtsudoers_merge.c:962 plugins/sudoers/defaults.c:665 +#: plugins/sudoers/defaults.c:1019 plugins/sudoers/defaults.c:1206 +#: plugins/sudoers/editor.c:190 plugins/sudoers/env.c:262 +#: plugins/sudoers/exptilde.c:92 plugins/sudoers/filedigest.c:54 +#: plugins/sudoers/filedigest.c:70 plugins/sudoers/gc.c:57 +#: plugins/sudoers/group_plugin.c:133 plugins/sudoers/interfaces.c:68 +#: plugins/sudoers/iolog.c:609 plugins/sudoers/iolog.c:635 +#: plugins/sudoers/ldap.c:184 plugins/sudoers/ldap.c:422 +#: plugins/sudoers/ldap.c:432 plugins/sudoers/ldap.c:437 +#: plugins/sudoers/ldap.c:441 plugins/sudoers/ldap.c:453 +#: plugins/sudoers/ldap.c:749 plugins/sudoers/ldap.c:913 +#: plugins/sudoers/ldap.c:1286 plugins/sudoers/ldap.c:1712 +#: plugins/sudoers/ldap.c:1749 plugins/sudoers/ldap.c:1830 +#: plugins/sudoers/ldap.c:1965 plugins/sudoers/ldap.c:2066 +#: plugins/sudoers/ldap.c:2082 plugins/sudoers/ldap_conf.c:218 +#: plugins/sudoers/ldap_conf.c:249 plugins/sudoers/ldap_conf.c:301 +#: plugins/sudoers/ldap_conf.c:337 plugins/sudoers/ldap_conf.c:441 +#: plugins/sudoers/ldap_conf.c:456 plugins/sudoers/ldap_conf.c:553 +#: plugins/sudoers/ldap_conf.c:586 plugins/sudoers/ldap_conf.c:678 +#: plugins/sudoers/ldap_conf.c:760 plugins/sudoers/ldap_util.c:293 +#: plugins/sudoers/ldap_util.c:300 plugins/sudoers/ldap_util.c:613 +#: plugins/sudoers/linux_audit.c:86 plugins/sudoers/log_client.c:112 +#: plugins/sudoers/log_client.c:390 plugins/sudoers/log_client.c:703 +#: plugins/sudoers/log_client.c:724 plugins/sudoers/log_client.c:1444 +#: plugins/sudoers/log_client.c:1662 plugins/sudoers/log_client.c:1989 +#: plugins/sudoers/log_client.c:2046 plugins/sudoers/logging.c:104 +#: plugins/sudoers/logging.c:184 plugins/sudoers/logging.c:468 +#: plugins/sudoers/logging.c:488 plugins/sudoers/logging.c:627 +#: plugins/sudoers/match_command.c:297 plugins/sudoers/match_command.c:497 +#: plugins/sudoers/match_command.c:546 plugins/sudoers/match_command.c:618 +#: plugins/sudoers/match_command.c:666 plugins/sudoers/match_digest.c:93 +#: plugins/sudoers/parse.c:201 plugins/sudoers/parse.c:218 +#: plugins/sudoers/parse.c:250 plugins/sudoers/parse.c:267 +#: plugins/sudoers/parse.c:290 plugins/sudoers/parse.c:301 #: plugins/sudoers/parse_ldif.c:153 plugins/sudoers/parse_ldif.c:184 -#: plugins/sudoers/parse_ldif.c:253 plugins/sudoers/parse_ldif.c:260 -#: plugins/sudoers/parse_ldif.c:265 plugins/sudoers/parse_ldif.c:341 -#: plugins/sudoers/parse_ldif.c:352 plugins/sudoers/parse_ldif.c:379 -#: plugins/sudoers/parse_ldif.c:396 plugins/sudoers/parse_ldif.c:408 -#: plugins/sudoers/parse_ldif.c:412 plugins/sudoers/parse_ldif.c:426 -#: plugins/sudoers/parse_ldif.c:594 plugins/sudoers/parse_ldif.c:624 -#: plugins/sudoers/parse_ldif.c:649 plugins/sudoers/parse_ldif.c:707 -#: plugins/sudoers/parse_ldif.c:724 plugins/sudoers/parse_ldif.c:752 -#: plugins/sudoers/parse_ldif.c:759 plugins/sudoers/policy.c:526 -#: plugins/sudoers/policy.c:874 plugins/sudoers/prompt.c:93 -#: plugins/sudoers/pwutil.c:194 plugins/sudoers/pwutil.c:265 -#: plugins/sudoers/pwutil.c:343 plugins/sudoers/pwutil.c:517 -#: plugins/sudoers/pwutil.c:581 plugins/sudoers/pwutil.c:652 -#: plugins/sudoers/pwutil.c:811 plugins/sudoers/pwutil.c:867 -#: plugins/sudoers/pwutil.c:911 plugins/sudoers/pwutil.c:968 -#: plugins/sudoers/sssd.c:145 plugins/sudoers/sssd.c:407 -#: plugins/sudoers/sssd.c:470 plugins/sudoers/sssd.c:514 -#: plugins/sudoers/sssd.c:561 plugins/sudoers/sssd.c:754 -#: plugins/sudoers/stubs.c:110 plugins/sudoers/stubs.c:118 -#: plugins/sudoers/sudoers.c:300 plugins/sudoers/sudoers.c:326 -#: plugins/sudoers/sudoers.c:370 plugins/sudoers/sudoers.c:381 -#: plugins/sudoers/sudoers.c:391 plugins/sudoers/sudoers.c:433 -#: plugins/sudoers/sudoers.c:794 plugins/sudoers/sudoers.c:927 -#: plugins/sudoers/sudoers.c:961 plugins/sudoers/sudoers.c:1265 -#: plugins/sudoers/sudoreplay.c:552 plugins/sudoers/sudoreplay.c:555 -#: plugins/sudoers/sudoreplay.c:1259 plugins/sudoers/sudoreplay.c:1469 -#: plugins/sudoers/sudoreplay.c:1473 plugins/sudoers/testsudoers.c:128 -#: plugins/sudoers/testsudoers.c:228 plugins/sudoers/testsudoers.c:245 -#: plugins/sudoers/testsudoers.c:587 plugins/sudoers/timestamp.c:432 -#: plugins/sudoers/timestamp.c:476 plugins/sudoers/timestamp.c:986 -#: plugins/sudoers/toke_util.c:51 plugins/sudoers/toke_util.c:104 -#: plugins/sudoers/toke_util.c:129 plugins/sudoers/toke_util.c:157 -#: plugins/sudoers/tsdump.c:123 plugins/sudoers/visudo.c:145 -#: plugins/sudoers/visudo.c:323 plugins/sudoers/visudo.c:329 -#: plugins/sudoers/visudo.c:439 plugins/sudoers/visudo.c:615 -#: plugins/sudoers/visudo.c:935 plugins/sudoers/visudo.c:1008 -#: plugins/sudoers/visudo.c:1129 toke.l:913 toke.l:1033 toke.l:1091 +#: plugins/sudoers/parse_ldif.c:253 plugins/sudoers/parse_ldif.c:261 +#: plugins/sudoers/parse_ldif.c:266 plugins/sudoers/parse_ldif.c:342 +#: plugins/sudoers/parse_ldif.c:353 plugins/sudoers/parse_ldif.c:380 +#: plugins/sudoers/parse_ldif.c:397 plugins/sudoers/parse_ldif.c:409 +#: plugins/sudoers/parse_ldif.c:413 plugins/sudoers/parse_ldif.c:427 +#: plugins/sudoers/parse_ldif.c:484 plugins/sudoers/parse_ldif.c:597 +#: plugins/sudoers/parse_ldif.c:627 plugins/sudoers/parse_ldif.c:652 +#: plugins/sudoers/parse_ldif.c:710 plugins/sudoers/parse_ldif.c:727 +#: plugins/sudoers/parse_ldif.c:755 plugins/sudoers/parse_ldif.c:762 +#: plugins/sudoers/policy.c:564 plugins/sudoers/policy.c:978 +#: plugins/sudoers/prompt.c:93 plugins/sudoers/pwutil.c:199 +#: plugins/sudoers/pwutil.c:270 plugins/sudoers/pwutil.c:348 +#: plugins/sudoers/pwutil.c:522 plugins/sudoers/pwutil.c:587 +#: plugins/sudoers/pwutil.c:659 plugins/sudoers/pwutil.c:857 +#: plugins/sudoers/pwutil.c:913 plugins/sudoers/pwutil.c:957 +#: plugins/sudoers/pwutil.c:1014 plugins/sudoers/sssd.c:145 +#: plugins/sudoers/sssd.c:407 plugins/sudoers/sssd.c:470 +#: plugins/sudoers/sssd.c:514 plugins/sudoers/sssd.c:558 +#: plugins/sudoers/sssd.c:751 plugins/sudoers/strvec_join.c:53 +#: plugins/sudoers/stubs.c:111 plugins/sudoers/stubs.c:119 +#: plugins/sudoers/sudoers.c:335 plugins/sudoers/sudoers.c:361 +#: plugins/sudoers/sudoers.c:429 plugins/sudoers/sudoers.c:438 +#: plugins/sudoers/sudoers.c:479 plugins/sudoers/sudoers.c:842 +#: plugins/sudoers/sudoers.c:980 plugins/sudoers/sudoers.c:1039 +#: plugins/sudoers/sudoers.c:1305 plugins/sudoers/sudoreplay.c:562 +#: plugins/sudoers/sudoreplay.c:565 plugins/sudoers/sudoreplay.c:1280 +#: plugins/sudoers/sudoreplay.c:1500 plugins/sudoers/sudoreplay.c:1504 +#: plugins/sudoers/testsudoers.c:120 plugins/sudoers/testsudoers.c:224 +#: plugins/sudoers/testsudoers.c:241 plugins/sudoers/testsudoers.c:580 +#: plugins/sudoers/timestamp.c:424 plugins/sudoers/timestamp.c:468 +#: plugins/sudoers/timestamp.c:980 plugins/sudoers/timestamp.c:1118 +#: plugins/sudoers/toke_util.c:77 plugins/sudoers/toke_util.c:105 +#: plugins/sudoers/toke_util.c:130 plugins/sudoers/toke_util.c:155 +#: plugins/sudoers/toke_util.c:193 plugins/sudoers/tsdump.c:123 +#: plugins/sudoers/visudo.c:145 plugins/sudoers/visudo.c:344 +#: plugins/sudoers/visudo.c:350 plugins/sudoers/visudo.c:456 +#: plugins/sudoers/visudo.c:632 plugins/sudoers/visudo.c:962 +#: plugins/sudoers/visudo.c:1035 toke.l:944 toke.l:1076 toke.l:1147 msgid "unable to allocate memory" msgstr "не могу да доделим меморију" -#: gram.y:552 +#: gram.y:615 msgid "a digest requires a path name" msgstr "зборник захтева назив путање" -#: gram.y:581 +#: gram.y:637 msgid "values for \"CWD\" must start with a '/', '~', or '*'" msgstr "вредност за „CWD“ мора почети са /, ~, или *" -#: gram.y:593 +#: gram.y:643 +msgid "\"CWD\" path too long" +msgstr "„CWD“ путања је предуга" + +#: gram.y:653 msgid "values for \"CHROOT\" must start with a '/', '~', or '*'" msgstr "вредност за „CHROOT“ мора почети са /, ~, или *" -#: gram.y:715 +#: gram.y:659 +msgid "\"CHROOT\" path too long" +msgstr "„CHROOT“ путања је предуга" + +#: gram.y:788 #, c-format msgid "syntax error, reserved word %s used as an alias name" msgstr "грешка синтаксе, резервисана реч „%s“ је коришћена као назив алијаса" -#: gram.y:735 +#: gram.y:811 msgid "invalid notbefore value" msgstr "неисправна вредност не-пре" -#: gram.y:743 +#: gram.y:820 msgid "invalid notafter value" msgstr "неисправна вредност не-после" -#: gram.y:752 plugins/sudoers/policy.c:335 +#: gram.y:830 plugins/sudoers/policy.c:353 msgid "timeout value too large" msgstr "вредност временског истека је превелика" -#: gram.y:754 plugins/sudoers/policy.c:337 +#: gram.y:832 plugins/sudoers/policy.c:355 msgid "invalid timeout value" msgstr "неисправна вредност временског ограничења" -#: gram.y:1079 +#: gram.y:946 plugins/sudoers/sudoers.c:998 +msgid "command too long" +msgstr "наредба је предуга" + +#: gram.y:1203 #, c-format msgid "%s:%d:%d: %s\n" msgstr "%s:%d:%d: %s\n" -#: gram.y:1526 lib/eventlog/eventlog.c:280 lib/eventlog/eventlog.c:753 -#: lib/eventlog/eventlog.c:815 lib/eventlog/eventlog.c:816 -#: lib/eventlog/eventlog.c:1062 lib/iolog/iolog_fileio.c:998 -#: lib/iolog/iolog_json.c:120 lib/iolog/iolog_json.c:304 -#: lib/iolog/iolog_json.c:335 lib/iolog/iolog_json.c:457 -#: lib/iolog/iolog_json.c:735 lib/iolog/iolog_util.c:106 -#: lib/iolog/iolog_util.c:115 lib/iolog/iolog_util.c:125 -#: lib/iolog/iolog_util.c:133 lib/iolog/iolog_util.c:137 -#: lib/iolog/iolog_util.c:196 logsrvd/logsrvd.c:1280 logsrvd/logsrvd.c:1293 -#: logsrvd/logsrvd.c:1338 logsrvd/sendlog.c:480 logsrvd/sendlog.c:1321 -#: logsrvd/sendlog.c:1328 logsrvd/sendlog.c:1746 plugins/sudoers/audit.c:115 -#: plugins/sudoers/audit.c:210 plugins/sudoers/auth/pam.c:482 -#: plugins/sudoers/auth/pam.c:669 plugins/sudoers/auth/rfc1938.c:111 -#: plugins/sudoers/cvtsudoers.c:119 plugins/sudoers/cvtsudoers.c:159 -#: plugins/sudoers/cvtsudoers.c:176 plugins/sudoers/cvtsudoers.c:187 -#: plugins/sudoers/cvtsudoers.c:299 plugins/sudoers/cvtsudoers.c:427 -#: plugins/sudoers/cvtsudoers.c:560 plugins/sudoers/cvtsudoers.c:577 -#: plugins/sudoers/cvtsudoers.c:641 plugins/sudoers/cvtsudoers.c:756 -#: plugins/sudoers/cvtsudoers.c:763 plugins/sudoers/cvtsudoers.c:1178 -#: plugins/sudoers/cvtsudoers.c:1182 plugins/sudoers/cvtsudoers.c:1284 +#: gram.y:1247 +#, c-format +msgid "Alias \"%s\" already defined" +msgstr "Псеудоним „%s“ је већ одређен" + +#: gram.y:1744 gram.y:1794 lib/eventlog/eventlog.c:309 +#: lib/eventlog/eventlog.c:804 lib/eventlog/eventlog.c:877 +#: lib/eventlog/eventlog.c:880 lib/eventlog/eventlog.c:1176 +#: lib/iolog/iolog_json.c:150 lib/iolog/iolog_json.c:381 +#: lib/iolog/iolog_json.c:412 lib/iolog/iolog_json.c:555 +#: lib/iolog/iolog_legacy.c:100 lib/iolog/iolog_legacy.c:111 +#: lib/iolog/iolog_legacy.c:123 lib/iolog/iolog_legacy.c:133 +#: lib/iolog/iolog_legacy.c:139 lib/iolog/iolog_loginfo.c:76 +#: lib/iolog/iolog_loginfo.c:211 logsrvd/iolog_writer.c:84 +#: logsrvd/iolog_writer.c:89 logsrvd/iolog_writer.c:123 +#: logsrvd/iolog_writer.c:162 logsrvd/iolog_writer.c:171 +#: logsrvd/iolog_writer.c:189 logsrvd/iolog_writer.c:211 +#: logsrvd/iolog_writer.c:224 logsrvd/iolog_writer.c:251 +#: logsrvd/iolog_writer.c:260 logsrvd/iolog_writer.c:276 +#: logsrvd/iolog_writer.c:285 logsrvd/iolog_writer.c:300 +#: logsrvd/iolog_writer.c:313 logsrvd/iolog_writer.c:326 +#: logsrvd/iolog_writer.c:339 logsrvd/iolog_writer.c:354 +#: logsrvd/iolog_writer.c:393 logsrvd/iolog_writer.c:399 +#: logsrvd/iolog_writer.c:406 logsrvd/iolog_writer.c:412 +#: logsrvd/iolog_writer.c:596 logsrvd/logsrv_util.c:64 logsrvd/logsrvd.c:296 +#: logsrvd/logsrvd.c:305 logsrvd/logsrvd.c:448 logsrvd/logsrvd.c:485 +#: logsrvd/logsrvd.c:593 logsrvd/logsrvd.c:1084 logsrvd/logsrvd.c:1400 +#: logsrvd/logsrvd.c:1406 logsrvd/logsrvd_conf.c:1360 +#: logsrvd/logsrvd_journal.c:70 logsrvd/logsrvd_journal.c:114 +#: logsrvd/logsrvd_journal.c:203 logsrvd/logsrvd_journal.c:233 +#: logsrvd/logsrvd_journal.c:237 logsrvd/logsrvd_journal.c:245 +#: logsrvd/logsrvd_journal.c:268 logsrvd/logsrvd_journal.c:272 +#: logsrvd/logsrvd_journal.c:425 logsrvd/logsrvd_local.c:174 +#: logsrvd/logsrvd_local.c:237 logsrvd/logsrvd_local.c:425 +#: logsrvd/logsrvd_local.c:431 logsrvd/logsrvd_local.c:450 +#: logsrvd/logsrvd_queue.c:153 logsrvd/logsrvd_queue.c:184 +#: logsrvd/logsrvd_queue.c:261 logsrvd/sendlog.c:246 logsrvd/sendlog.c:255 +#: logsrvd/sendlog.c:333 logsrvd/sendlog.c:640 logsrvd/sendlog.c:1526 +#: logsrvd/sendlog.c:1533 logsrvd/sendlog.c:1756 logsrvd/tls_init.c:293 +#: logsrvd/tls_init.c:314 logsrvd/tls_init.c:324 plugins/sudoers/audit.c:116 +#: plugins/sudoers/auth/pam.c:503 plugins/sudoers/auth/pam.c:689 +#: plugins/sudoers/auth/rfc1938.c:111 plugins/sudoers/check_aliases.c:134 +#: plugins/sudoers/cvtsudoers.c:131 plugins/sudoers/cvtsudoers.c:174 +#: plugins/sudoers/cvtsudoers.c:191 plugins/sudoers/cvtsudoers.c:202 +#: plugins/sudoers/cvtsudoers.c:332 plugins/sudoers/cvtsudoers.c:533 +#: plugins/sudoers/cvtsudoers.c:666 plugins/sudoers/cvtsudoers.c:684 +#: plugins/sudoers/cvtsudoers.c:755 plugins/sudoers/cvtsudoers.c:870 +#: plugins/sudoers/cvtsudoers.c:877 plugins/sudoers/cvtsudoers.c:1373 +#: plugins/sudoers/cvtsudoers.c:1377 plugins/sudoers/cvtsudoers.c:1479 +#: plugins/sudoers/cvtsudoers_csv.c:182 plugins/sudoers/cvtsudoers_csv.c:245 #: plugins/sudoers/cvtsudoers_json.c:75 plugins/sudoers/cvtsudoers_ldif.c:150 #: plugins/sudoers/cvtsudoers_ldif.c:193 plugins/sudoers/cvtsudoers_ldif.c:234 -#: plugins/sudoers/cvtsudoers_ldif.c:299 plugins/sudoers/cvtsudoers_ldif.c:370 -#: plugins/sudoers/cvtsudoers_ldif.c:420 plugins/sudoers/cvtsudoers_ldif.c:428 -#: plugins/sudoers/cvtsudoers_ldif.c:439 plugins/sudoers/cvtsudoers_ldif.c:446 -#: plugins/sudoers/cvtsudoers_ldif.c:459 plugins/sudoers/cvtsudoers_ldif.c:467 -#: plugins/sudoers/cvtsudoers_ldif.c:614 plugins/sudoers/defaults.c:630 -#: plugins/sudoers/defaults.c:923 plugins/sudoers/defaults.c:1098 -#: plugins/sudoers/editor.c:181 plugins/sudoers/env.c:261 +#: plugins/sudoers/cvtsudoers_ldif.c:299 plugins/sudoers/cvtsudoers_ldif.c:375 +#: plugins/sudoers/cvtsudoers_ldif.c:429 plugins/sudoers/cvtsudoers_ldif.c:437 +#: plugins/sudoers/cvtsudoers_ldif.c:448 plugins/sudoers/cvtsudoers_ldif.c:455 +#: plugins/sudoers/cvtsudoers_ldif.c:468 plugins/sudoers/cvtsudoers_ldif.c:476 +#: plugins/sudoers/cvtsudoers_ldif.c:623 +#: plugins/sudoers/cvtsudoers_merge.c:246 +#: plugins/sudoers/cvtsudoers_merge.c:292 +#: plugins/sudoers/cvtsudoers_merge.c:338 +#: plugins/sudoers/cvtsudoers_merge.c:359 +#: plugins/sudoers/cvtsudoers_merge.c:446 +#: plugins/sudoers/cvtsudoers_merge.c:454 +#: plugins/sudoers/cvtsudoers_merge.c:457 +#: plugins/sudoers/cvtsudoers_merge.c:523 +#: plugins/sudoers/cvtsudoers_merge.c:526 +#: plugins/sudoers/cvtsudoers_merge.c:695 +#: plugins/sudoers/cvtsudoers_merge.c:703 +#: plugins/sudoers/cvtsudoers_merge.c:926 +#: plugins/sudoers/cvtsudoers_merge.c:962 plugins/sudoers/defaults.c:665 +#: plugins/sudoers/defaults.c:1019 plugins/sudoers/defaults.c:1206 +#: plugins/sudoers/editor.c:190 plugins/sudoers/env.c:262 #: plugins/sudoers/exptilde.c:92 plugins/sudoers/filedigest.c:54 -#: plugins/sudoers/filedigest.c:70 plugins/sudoers/gc.c:56 -#: plugins/sudoers/group_plugin.c:132 plugins/sudoers/interfaces.c:72 -#: plugins/sudoers/iolog.c:596 plugins/sudoers/iolog.c:613 +#: plugins/sudoers/filedigest.c:70 plugins/sudoers/gc.c:57 +#: plugins/sudoers/group_plugin.c:132 plugins/sudoers/interfaces.c:68 +#: plugins/sudoers/iolog.c:609 plugins/sudoers/iolog.c:635 #: plugins/sudoers/ldap.c:184 plugins/sudoers/ldap.c:422 #: plugins/sudoers/ldap.c:432 plugins/sudoers/ldap.c:437 #: plugins/sudoers/ldap.c:441 plugins/sudoers/ldap.c:453 -#: plugins/sudoers/ldap.c:744 plugins/sudoers/ldap.c:908 -#: plugins/sudoers/ldap.c:1281 plugins/sudoers/ldap.c:1709 -#: plugins/sudoers/ldap.c:1746 plugins/sudoers/ldap.c:1827 -#: plugins/sudoers/ldap.c:1962 plugins/sudoers/ldap.c:2063 -#: plugins/sudoers/ldap.c:2079 plugins/sudoers/ldap_conf.c:218 +#: plugins/sudoers/ldap.c:749 plugins/sudoers/ldap.c:913 +#: plugins/sudoers/ldap.c:1286 plugins/sudoers/ldap.c:1712 +#: plugins/sudoers/ldap.c:1749 plugins/sudoers/ldap.c:1830 +#: plugins/sudoers/ldap.c:1965 plugins/sudoers/ldap.c:2066 +#: plugins/sudoers/ldap.c:2082 plugins/sudoers/ldap_conf.c:218 #: plugins/sudoers/ldap_conf.c:249 plugins/sudoers/ldap_conf.c:301 #: plugins/sudoers/ldap_conf.c:337 plugins/sudoers/ldap_conf.c:441 #: plugins/sudoers/ldap_conf.c:456 plugins/sudoers/ldap_conf.c:553 #: plugins/sudoers/ldap_conf.c:586 plugins/sudoers/ldap_conf.c:677 -#: plugins/sudoers/ldap_conf.c:760 plugins/sudoers/ldap_util.c:325 -#: plugins/sudoers/ldap_util.c:332 plugins/sudoers/ldap_util.c:603 -#: plugins/sudoers/linux_audit.c:84 plugins/sudoers/log_client.c:105 -#: plugins/sudoers/log_client.c:214 plugins/sudoers/log_client.c:235 -#: plugins/sudoers/log_client.c:248 plugins/sudoers/log_client.c:381 -#: plugins/sudoers/log_client.c:688 plugins/sudoers/log_client.c:706 -#: plugins/sudoers/log_client.c:1407 plugins/sudoers/log_client.c:1620 -#: plugins/sudoers/log_client.c:1942 plugins/sudoers/log_client.c:1999 -#: plugins/sudoers/logging.c:100 plugins/sudoers/logging.c:165 -#: plugins/sudoers/logging.c:166 plugins/sudoers/logging.c:425 -#: plugins/sudoers/logging.c:445 plugins/sudoers/logging.c:527 -#: plugins/sudoers/match_command.c:280 plugins/sudoers/match_command.c:448 -#: plugins/sudoers/match_command.c:498 plugins/sudoers/match_command.c:573 -#: plugins/sudoers/match_digest.c:93 plugins/sudoers/parse.c:198 -#: plugins/sudoers/parse.c:212 plugins/sudoers/parse.c:229 -#: plugins/sudoers/parse.c:243 plugins/sudoers/parse.c:263 -#: plugins/sudoers/parse.c:274 plugins/sudoers/parse_ldif.c:152 -#: plugins/sudoers/parse_ldif.c:183 plugins/sudoers/parse_ldif.c:252 -#: plugins/sudoers/parse_ldif.c:259 plugins/sudoers/parse_ldif.c:264 -#: plugins/sudoers/parse_ldif.c:340 plugins/sudoers/parse_ldif.c:351 -#: plugins/sudoers/parse_ldif.c:378 plugins/sudoers/parse_ldif.c:395 -#: plugins/sudoers/parse_ldif.c:407 plugins/sudoers/parse_ldif.c:411 -#: plugins/sudoers/parse_ldif.c:425 plugins/sudoers/parse_ldif.c:594 -#: plugins/sudoers/parse_ldif.c:623 plugins/sudoers/parse_ldif.c:648 -#: plugins/sudoers/parse_ldif.c:706 plugins/sudoers/parse_ldif.c:723 -#: plugins/sudoers/parse_ldif.c:751 plugins/sudoers/parse_ldif.c:758 -#: plugins/sudoers/policy.c:139 plugins/sudoers/policy.c:148 -#: plugins/sudoers/policy.c:157 plugins/sudoers/policy.c:183 -#: plugins/sudoers/policy.c:320 plugins/sudoers/policy.c:335 -#: plugins/sudoers/policy.c:337 plugins/sudoers/policy.c:366 -#: plugins/sudoers/policy.c:375 plugins/sudoers/policy.c:418 -#: plugins/sudoers/policy.c:428 plugins/sudoers/policy.c:437 -#: plugins/sudoers/policy.c:446 plugins/sudoers/policy.c:526 -#: plugins/sudoers/policy.c:874 plugins/sudoers/prompt.c:93 -#: plugins/sudoers/pwutil.c:194 plugins/sudoers/pwutil.c:265 -#: plugins/sudoers/pwutil.c:343 plugins/sudoers/pwutil.c:517 -#: plugins/sudoers/pwutil.c:581 plugins/sudoers/pwutil.c:652 -#: plugins/sudoers/pwutil.c:811 plugins/sudoers/pwutil.c:867 -#: plugins/sudoers/pwutil.c:911 plugins/sudoers/pwutil.c:968 -#: plugins/sudoers/set_perms.c:359 plugins/sudoers/set_perms.c:698 -#: plugins/sudoers/set_perms.c:1061 plugins/sudoers/set_perms.c:1364 -#: plugins/sudoers/set_perms.c:1529 plugins/sudoers/sssd.c:144 +#: plugins/sudoers/ldap_conf.c:760 plugins/sudoers/ldap_util.c:292 +#: plugins/sudoers/ldap_util.c:299 plugins/sudoers/ldap_util.c:613 +#: plugins/sudoers/linux_audit.c:86 plugins/sudoers/log_client.c:112 +#: plugins/sudoers/log_client.c:221 plugins/sudoers/log_client.c:242 +#: plugins/sudoers/log_client.c:255 plugins/sudoers/log_client.c:390 +#: plugins/sudoers/log_client.c:703 plugins/sudoers/log_client.c:724 +#: plugins/sudoers/log_client.c:1444 plugins/sudoers/log_client.c:1662 +#: plugins/sudoers/log_client.c:1989 plugins/sudoers/log_client.c:2046 +#: plugins/sudoers/logging.c:104 plugins/sudoers/logging.c:183 +#: plugins/sudoers/logging.c:184 plugins/sudoers/logging.c:467 +#: plugins/sudoers/logging.c:487 plugins/sudoers/logging.c:627 +#: plugins/sudoers/match_command.c:296 plugins/sudoers/match_command.c:496 +#: plugins/sudoers/match_command.c:545 plugins/sudoers/match_command.c:618 +#: plugins/sudoers/match_command.c:665 plugins/sudoers/match_digest.c:93 +#: plugins/sudoers/parse.c:200 plugins/sudoers/parse.c:217 +#: plugins/sudoers/parse.c:249 plugins/sudoers/parse.c:266 +#: plugins/sudoers/parse.c:289 plugins/sudoers/parse.c:300 +#: plugins/sudoers/parse_ldif.c:152 plugins/sudoers/parse_ldif.c:183 +#: plugins/sudoers/parse_ldif.c:252 plugins/sudoers/parse_ldif.c:260 +#: plugins/sudoers/parse_ldif.c:265 plugins/sudoers/parse_ldif.c:341 +#: plugins/sudoers/parse_ldif.c:352 plugins/sudoers/parse_ldif.c:379 +#: plugins/sudoers/parse_ldif.c:396 plugins/sudoers/parse_ldif.c:408 +#: plugins/sudoers/parse_ldif.c:412 plugins/sudoers/parse_ldif.c:426 +#: plugins/sudoers/parse_ldif.c:484 plugins/sudoers/parse_ldif.c:597 +#: plugins/sudoers/parse_ldif.c:626 plugins/sudoers/parse_ldif.c:651 +#: plugins/sudoers/parse_ldif.c:709 plugins/sudoers/parse_ldif.c:726 +#: plugins/sudoers/parse_ldif.c:754 plugins/sudoers/parse_ldif.c:761 +#: plugins/sudoers/policy.c:152 plugins/sudoers/policy.c:161 +#: plugins/sudoers/policy.c:170 plugins/sudoers/policy.c:197 +#: plugins/sudoers/policy.c:338 plugins/sudoers/policy.c:353 +#: plugins/sudoers/policy.c:355 plugins/sudoers/policy.c:385 +#: plugins/sudoers/policy.c:394 plugins/sudoers/policy.c:442 +#: plugins/sudoers/policy.c:452 plugins/sudoers/policy.c:461 +#: plugins/sudoers/policy.c:470 plugins/sudoers/policy.c:564 +#: plugins/sudoers/policy.c:978 plugins/sudoers/prompt.c:93 +#: plugins/sudoers/pwutil.c:199 plugins/sudoers/pwutil.c:270 +#: plugins/sudoers/pwutil.c:348 plugins/sudoers/pwutil.c:522 +#: plugins/sudoers/pwutil.c:587 plugins/sudoers/pwutil.c:659 +#: plugins/sudoers/pwutil.c:857 plugins/sudoers/pwutil.c:913 +#: plugins/sudoers/pwutil.c:957 plugins/sudoers/pwutil.c:1014 +#: plugins/sudoers/set_perms.c:363 plugins/sudoers/set_perms.c:706 +#: plugins/sudoers/set_perms.c:1073 plugins/sudoers/set_perms.c:1380 +#: plugins/sudoers/set_perms.c:1549 plugins/sudoers/sssd.c:144 #: plugins/sudoers/sssd.c:407 plugins/sudoers/sssd.c:470 -#: plugins/sudoers/sssd.c:514 plugins/sudoers/sssd.c:561 -#: plugins/sudoers/sssd.c:754 plugins/sudoers/stubs.c:110 -#: plugins/sudoers/stubs.c:118 plugins/sudoers/sudoers.c:300 -#: plugins/sudoers/sudoers.c:326 plugins/sudoers/sudoers.c:370 -#: plugins/sudoers/sudoers.c:381 plugins/sudoers/sudoers.c:391 -#: plugins/sudoers/sudoers.c:433 plugins/sudoers/sudoers.c:794 -#: plugins/sudoers/sudoers.c:927 plugins/sudoers/sudoers.c:961 -#: plugins/sudoers/sudoers.c:1265 plugins/sudoers/sudoreplay.c:552 -#: plugins/sudoers/sudoreplay.c:555 plugins/sudoers/sudoreplay.c:1259 -#: plugins/sudoers/sudoreplay.c:1469 plugins/sudoers/sudoreplay.c:1473 -#: plugins/sudoers/testsudoers.c:128 plugins/sudoers/testsudoers.c:228 -#: plugins/sudoers/testsudoers.c:245 plugins/sudoers/testsudoers.c:587 -#: plugins/sudoers/timestamp.c:432 plugins/sudoers/timestamp.c:476 -#: plugins/sudoers/timestamp.c:986 plugins/sudoers/toke_util.c:51 -#: plugins/sudoers/toke_util.c:104 plugins/sudoers/toke_util.c:128 -#: plugins/sudoers/toke_util.c:157 plugins/sudoers/tsdump.c:123 -#: plugins/sudoers/visudo.c:145 plugins/sudoers/visudo.c:323 -#: plugins/sudoers/visudo.c:329 plugins/sudoers/visudo.c:439 -#: plugins/sudoers/visudo.c:615 plugins/sudoers/visudo.c:935 -#: plugins/sudoers/visudo.c:1008 plugins/sudoers/visudo.c:1129 toke.l:913 -#: toke.l:1033 toke.l:1091 +#: plugins/sudoers/sssd.c:514 plugins/sudoers/sssd.c:558 +#: plugins/sudoers/sssd.c:751 plugins/sudoers/strvec_join.c:53 +#: plugins/sudoers/stubs.c:111 plugins/sudoers/stubs.c:119 +#: plugins/sudoers/sudoers.c:335 plugins/sudoers/sudoers.c:361 +#: plugins/sudoers/sudoers.c:429 plugins/sudoers/sudoers.c:438 +#: plugins/sudoers/sudoers.c:479 plugins/sudoers/sudoers.c:842 +#: plugins/sudoers/sudoers.c:980 plugins/sudoers/sudoers.c:1039 +#: plugins/sudoers/sudoers.c:1305 plugins/sudoers/sudoreplay.c:562 +#: plugins/sudoers/sudoreplay.c:565 plugins/sudoers/sudoreplay.c:1280 +#: plugins/sudoers/sudoreplay.c:1500 plugins/sudoers/sudoreplay.c:1504 +#: plugins/sudoers/testsudoers.c:120 plugins/sudoers/testsudoers.c:224 +#: plugins/sudoers/testsudoers.c:241 plugins/sudoers/testsudoers.c:580 +#: plugins/sudoers/timestamp.c:424 plugins/sudoers/timestamp.c:468 +#: plugins/sudoers/timestamp.c:980 plugins/sudoers/timestamp.c:1118 +#: plugins/sudoers/toke_util.c:77 plugins/sudoers/toke_util.c:105 +#: plugins/sudoers/toke_util.c:130 plugins/sudoers/toke_util.c:154 +#: plugins/sudoers/toke_util.c:193 plugins/sudoers/tsdump.c:123 +#: plugins/sudoers/visudo.c:145 plugins/sudoers/visudo.c:344 +#: plugins/sudoers/visudo.c:350 plugins/sudoers/visudo.c:456 +#: plugins/sudoers/visudo.c:632 plugins/sudoers/visudo.c:962 +#: plugins/sudoers/visudo.c:1035 toke.l:944 toke.l:1076 toke.l:1139 +#: toke.l:1147 #, c-format msgid "%s: %s" msgstr "%s: %s" -#: lib/eventlog/eventlog.c:285 lib/iolog/iolog_json.c:463 -#: lib/iolog/iolog_json.c:466 lib/iolog/iolog_json.c:468 -#: lib/iolog/iolog_json.c:560 plugins/sudoers/cvtsudoers_ldif.c:244 -#: plugins/sudoers/cvtsudoers_ldif.c:251 plugins/sudoers/cvtsudoers_ldif.c:571 -#: plugins/sudoers/env.c:323 plugins/sudoers/env.c:330 -#: plugins/sudoers/env.c:437 plugins/sudoers/iolog.c:618 -#: plugins/sudoers/ldap.c:517 plugins/sudoers/ldap.c:748 -#: plugins/sudoers/ldap.c:1081 plugins/sudoers/ldap_conf.c:222 -#: plugins/sudoers/ldap_conf.c:312 plugins/sudoers/linux_audit.c:90 -#: plugins/sudoers/policy.c:556 plugins/sudoers/policy.c:711 -#: plugins/sudoers/policy.c:721 plugins/sudoers/prompt.c:161 -#: plugins/sudoers/sudoers.c:983 plugins/sudoers/testsudoers.c:249 -#: plugins/sudoers/toke_util.c:169 +#: lib/eventlog/eventlog.c:314 lib/iolog/iolog_json.c:562 +#: lib/iolog/iolog_json.c:568 lib/iolog/iolog_json.c:574 +#: plugins/sudoers/cvtsudoers_csv.c:192 plugins/sudoers/cvtsudoers_csv.c:199 +#: plugins/sudoers/cvtsudoers_ldif.c:244 plugins/sudoers/cvtsudoers_ldif.c:251 +#: plugins/sudoers/cvtsudoers_ldif.c:580 plugins/sudoers/env.c:326 +#: plugins/sudoers/env.c:333 plugins/sudoers/env.c:444 +#: plugins/sudoers/ldap.c:520 plugins/sudoers/ldap.c:753 +#: plugins/sudoers/ldap.c:1086 plugins/sudoers/ldap_conf.c:222 +#: plugins/sudoers/ldap_conf.c:312 plugins/sudoers/ldap_util.c:485 +#: plugins/sudoers/linux_audit.c:92 plugins/sudoers/policy.c:594 +#: plugins/sudoers/policy.c:763 plugins/sudoers/policy.c:774 +#: plugins/sudoers/prompt.c:168 plugins/sudoers/strvec_join.c:62 +#: plugins/sudoers/testsudoers.c:245 plugins/sudoers/toke_util.c:206 +#: toke.l:908 toke.l:1110 #, c-format msgid "internal error, %s overflow" msgstr "унутрашња грешка, прекорачење „%s“" -#: lib/eventlog/eventlog.c:343 +#: lib/eventlog/eventlog.c:373 #, c-format msgid "unable to dup stdin: %m" msgstr "не могу да удвостручим стандардни улаз: %m" -#: lib/eventlog/eventlog.c:388 +#: lib/eventlog/eventlog.c:415 #, c-format msgid "unable to execute %s: %m" msgstr "не могу да извршим „%s“: %m" -#: lib/eventlog/eventlog.c:428 plugins/sudoers/auth/aix_auth.c:198 +#: lib/eventlog/eventlog.c:456 plugins/sudoers/auth/aix_auth.c:198 msgid "unable to fork" msgstr "не могу да исцепим" -#: lib/eventlog/eventlog.c:436 lib/eventlog/eventlog.c:490 +#: lib/eventlog/eventlog.c:464 lib/eventlog/eventlog.c:518 #, c-format msgid "unable to fork: %m" msgstr "не могу да исцепим: %m" -#: lib/eventlog/eventlog.c:480 +#: lib/eventlog/eventlog.c:508 #, c-format msgid "unable to open pipe: %m" msgstr "не могу да отворим спојку: %m" -#: lib/eventlog/eventlog.c:894 +#: lib/eventlog/eventlog.c:1007 #, c-format msgid "%8s : %s" msgstr "%8s : %s" -#: lib/eventlog/eventlog.c:923 +#: lib/eventlog/eventlog.c:1036 #, c-format msgid "%8s : (command continued) %s" msgstr "%8s : (наредба је настављена) %s" -#: lib/iolog/iolog_fileio.c:155 -#, c-format -msgid "%s exists but is not a directory (0%o)" -msgstr "%s постоји али није директоријум (0%o)" - -#: lib/iolog/iolog_fileio.c:185 lib/iolog/iolog_fileio.c:231 -#: plugins/sudoers/timestamp.c:205 -#, c-format -msgid "unable to mkdir %s" -msgstr "не могу да направим директоријум „%s“" - -#: lib/iolog/iolog_fileio.c:235 plugins/sudoers/visudo.c:732 -#: plugins/sudoers/visudo.c:743 -#, c-format -msgid "unable to change mode of %s to 0%o" -msgstr "не могу да променим режим „%s“ на 0%o" - -#: lib/iolog/iolog_json.c:114 +#: lib/iolog/iolog_json.c:140 #, c-format msgid "expected JSON_STRING, got %d" msgstr "очекивах „JSON_STRING“, добих „%d“" -#: lib/iolog/iolog_json.c:327 +#: lib/iolog/iolog_json.c:145 +msgid "JSON_ARRAY too large" +msgstr "„JSON_ARRAY“ је превелик" + +#: lib/iolog/iolog_json.c:404 msgid "missing double quote in name" msgstr "недостају наводници у називу" -#: lib/iolog/iolog_json.c:414 +#: lib/iolog/iolog_json.c:501 +msgid "missing JSON_OBJECT" +msgstr "недостаје „JSON_OBJECT“" + +#: lib/iolog/iolog_json.c:505 #, c-format msgid "expected JSON_OBJECT, got %d" msgstr "очекивах „JSON_OBJECT“, добих „%d“" -#: lib/iolog/iolog_json.c:629 lib/iolog/iolog_json.c:753 +#: lib/iolog/iolog_json.c:661 +#, c-format +msgid "json stack exhausted (max %u frames)" +msgstr "јсон спремник је исцрпљен (највише %u кадра)" + +#: lib/iolog/iolog_json.c:735 +msgid "objects must consist of name:value pairs" +msgstr "објекти морају да садрже пар „назив:вредност“" + +#: lib/iolog/iolog_json.c:740 lib/iolog/iolog_json.c:771 +#: lib/iolog/iolog_json.c:815 lib/iolog/iolog_json.c:837 +#: lib/iolog/iolog_json.c:859 lib/iolog/iolog_json.c:881 +#: lib/iolog/iolog_json.c:903 +msgid "missing separator between values" +msgstr "недостаје раздвајач између вредности" + +#: lib/iolog/iolog_json.c:755 lib/iolog/iolog_json.c:929 msgid "unmatched close brace" msgstr "непоклопљена затворена велика заграда" -#: lib/iolog/iolog_json.c:638 +#: lib/iolog/iolog_json.c:766 msgid "unexpected array" msgstr "неочекиван низ" -#: lib/iolog/iolog_json.c:651 lib/iolog/iolog_json.c:755 +#: lib/iolog/iolog_json.c:786 lib/iolog/iolog_json.c:932 msgid "unmatched close bracket" msgstr "непоклопљена затворена средња заграда" -#: lib/iolog/iolog_json.c:659 +#: lib/iolog/iolog_json.c:797 msgid "unexpected string" msgstr "неочекивана ниска" -#: lib/iolog/iolog_json.c:669 +#: lib/iolog/iolog_json.c:808 msgid "missing colon after name" msgstr "недостају две тачке након имена" -#: lib/iolog/iolog_json.c:680 lib/iolog/iolog_json.c:695 -#: lib/iolog/iolog_json.c:710 +#: lib/iolog/iolog_json.c:829 lib/iolog/iolog_json.c:851 msgid "unexpected boolean" msgstr "неочекивана логичка вредност" -#: lib/iolog/iolog_json.c:726 +#: lib/iolog/iolog_json.c:873 +msgid "unexpected null" +msgstr "неочекивана ништица" + +#: lib/iolog/iolog_json.c:894 msgid "unexpected number" msgstr "неочекивани број" -#: lib/iolog/iolog_json.c:763 -#, c-format -msgid "%s:%u unable to parse \"%s\"" -msgstr "„%s:%u“ не могу да обрадим „%s“" +#: lib/iolog/iolog_json.c:941 +msgid "parse error" +msgstr "грешка обраде" -#: lib/iolog/iolog_util.c:71 +#: lib/iolog/iolog_legacy.c:65 #, c-format msgid "%s: invalid log file" msgstr "%s: неисправна датотека дневника" -#: lib/iolog/iolog_util.c:89 +#: lib/iolog/iolog_legacy.c:83 #, c-format msgid "%s: time stamp field is missing" msgstr "%s: недостаје поље временске ознаке" -#: lib/iolog/iolog_util.c:95 +#: lib/iolog/iolog_legacy.c:89 #, c-format msgid "%s: time stamp %s: %s" msgstr "%s: временска ознака %s: %s" -#: lib/iolog/iolog_util.c:102 +#: lib/iolog/iolog_legacy.c:96 #, c-format msgid "%s: user field is missing" msgstr "%s: недостаје поље корисника" -#: lib/iolog/iolog_util.c:111 +#: lib/iolog/iolog_legacy.c:107 #, c-format msgid "%s: runas user field is missing" msgstr "%s: недостаје поље „покрени-као корисник“" -#: lib/iolog/iolog_util.c:120 +#: lib/iolog/iolog_legacy.c:118 #, c-format msgid "%s: runas group field is missing" msgstr "%s: недостаје поље „покрени-као група“" -#: lib/iolog/iolog_util.c:419 +#: lib/iolog/iolog_mkdirs.c:89 +#, c-format +msgid "%s exists but is not a directory (0%o)" +msgstr "%s постоји али није директоријум (0%o)" + +#: lib/iolog/iolog_mkdirs.c:119 lib/iolog/iolog_mkdtemp.c:77 +#: logsrvd/iolog_writer.c:807 plugins/sudoers/timestamp.c:205 +#, c-format +msgid "unable to mkdir %s" +msgstr "не могу да направим директоријум „%s“" + +#: lib/iolog/iolog_mkdtemp.c:81 plugins/sudoers/visudo.c:731 +#: plugins/sudoers/visudo.c:765 plugins/sudoers/visudo.c:771 +#, c-format +msgid "unable to change mode of %s to 0%o" +msgstr "не могу да променим режим „%s“ на 0%o" + +#: lib/iolog/iolog_timing.c:261 #, c-format msgid "error reading timing file: %s" msgstr "грешка читања датотеке временисања: %s" -#: lib/iolog/iolog_util.c:426 +#: lib/iolog/iolog_timing.c:268 #, c-format msgid "invalid timing file line: %s" msgstr "неисправан ред датотеке временисања: %s" -#: logsrvd/iolog_writer.c:919 -msgid "log is already complete, cannot be restarted" -msgstr "дневик је већ довршен, не може бити поново покренут" +#: logsrvd/iolog_writer.c:130 plugins/sudoers/logging.c:803 +#: plugins/sudoers/policy.c:544 +msgid "unable to generate UUID" +msgstr "не могу да створим УУИБ" -#: logsrvd/iolog_writer.c:950 -msgid "unable to restart log" -msgstr "не могу поново да покренем дневник" +#: logsrvd/iolog_writer.c:158 logsrvd/iolog_writer.c:176 +#: logsrvd/iolog_writer.c:185 logsrvd/iolog_writer.c:203 +#: logsrvd/iolog_writer.c:216 logsrvd/iolog_writer.c:229 +#: logsrvd/iolog_writer.c:240 logsrvd/iolog_writer.c:247 +#: logsrvd/iolog_writer.c:265 logsrvd/iolog_writer.c:272 +#: logsrvd/iolog_writer.c:290 logsrvd/iolog_writer.c:305 +#: logsrvd/iolog_writer.c:318 logsrvd/iolog_writer.c:331 +#: logsrvd/iolog_writer.c:344 logsrvd/iolog_writer.c:359 +#, c-format +msgid "%s: protocol error: wrong type for %s" +msgstr "%s: грешка протокола: погрешна врста за „%s“" + +#: logsrvd/iolog_writer.c:370 logsrvd/iolog_writer.c:375 +#: logsrvd/iolog_writer.c:380 logsrvd/iolog_writer.c:385 +#, c-format +msgid "%s: protocol error: %s missing from AcceptMessage" +msgstr "%s: грешка протокола: „%s“ недостаје из прихвата поруке" + +#: logsrvd/iolog_writer.c:446 +#, c-format +msgid "%s: unable to format session id" +msgstr "%s: не могу да форматирам иб сесије" -#: logsrvd/logsrv_util.c:99 logsrvd/logsrv_util.c:106 -#: plugins/sudoers/sudoreplay.c:352 plugins/sudoers/sudoreplay.c:358 +#: logsrvd/iolog_writer.c:460 logsrvd/iolog_writer.c:474 +#: logsrvd/iolog_writer.c:488 logsrvd/iolog_writer.c:503 +#: logsrvd/iolog_writer.c:517 logsrvd/iolog_writer.c:531 +#, c-format +msgid "%s: %s is not set" +msgstr "%s: „%s“ није постављено " + +#: logsrvd/iolog_writer.c:567 logsrvd/iolog_writer.c:574 +#, c-format +msgid "unable to expand iolog path %s" +msgstr "не могу да раширим путању „%s“ У/И дневника" + +#: logsrvd/iolog_writer.c:592 +#, c-format +msgid "unable to create iolog path %s" +msgstr "не могу да створим путању „%s“ У/И дневника" + +#: logsrvd/iolog_writer.c:622 +#, c-format +msgid "invalid iofd %d" +msgstr "неисправан описник датотеке У/И %d" + +#: logsrvd/iolog_writer.c:642 +#, c-format +msgid "error closing iofd %d: %s" +msgstr "грешка затварања описника датотеке У/И %d: %s" + +#: logsrvd/iolog_writer.c:662 +#, c-format +msgid "error flushing iofd %d: %s" +msgstr "грешка исипања описника датотеке У/И %d: %s" + +#: logsrvd/iolog_writer.c:777 +#, c-format +msgid "invalid I/O log %s: %s referenced but not present" +msgstr "неисправан У/И дневник „%s“: „%s“ је упутно али није присутно" + +#: logsrvd/iolog_writer.c:789 logsrvd/logsrvd_journal.c:377 +#, c-format +msgid "%s: unable to find resume point [%lld, %ld]" +msgstr "%s: не могу да нађем тачку наставка [%lld, %ld]" + +#: logsrvd/iolog_writer.c:811 logsrvd/logsrvd_journal.c:420 +#: logsrvd/logsrvd_queue.c:110 logsrvd/tls_init.c:245 +#: plugins/sudoers/check.c:274 plugins/sudoers/cvtsudoers.c:727 +#: plugins/sudoers/cvtsudoers.c:748 plugins/sudoers/cvtsudoers.c:1439 +#: plugins/sudoers/cvtsudoers_csv.c:681 plugins/sudoers/cvtsudoers_json.c:885 +#: plugins/sudoers/cvtsudoers_ldif.c:697 plugins/sudoers/sudoers.c:1092 +#: plugins/sudoers/sudoreplay.c:1466 plugins/sudoers/timestamp.c:433 +#: plugins/sudoers/tsdump.c:128 plugins/sudoers/visudo.c:949 +#, c-format +msgid "unable to open %s" +msgstr "не могу да отворим „%s“" + +#: logsrvd/iolog_writer.c:823 logsrvd/logsrv_util.c:100 +#: logsrvd/logsrv_util.c:107 plugins/sudoers/sudoreplay.c:362 +#: plugins/sudoers/sudoreplay.c:368 #, c-format msgid "unable to open %s/%s" msgstr "не могу да отворим „%s/%s“" -#: logsrvd/logsrv_util.c:133 +#: logsrvd/iolog_writer.c:836 +#, c-format +msgid "unable to copy %s/%s to %s/%s: %s" +msgstr "не могу да умножим „%s/%s“ у „%s/%s“: %s" + +#: logsrvd/iolog_writer.c:865 logsrvd/logsrvd_journal.c:185 +#, c-format +msgid "unable to rename %s to %s" +msgstr "не могу да преименујем „%s“ у „%s“" + +#: logsrvd/logsrv_util.c:139 logsrvd/logsrv_util.c:168 +#, c-format +msgid "%s/%s: unable to find resume point [%lld, %ld]" +msgstr "%s/%s: не могу да нађем тачку наставка [%lld, %ld]" + +#: logsrvd/logsrv_util.c:151 #, c-format msgid "missing I/O log file %s/%s" msgstr "недостаје У/И датотека дневника „%s/%s“" -#: logsrvd/logsrv_util.c:140 +#: logsrvd/logsrv_util.c:158 #, c-format msgid "%s/%s: unable to seek forward %zu" msgstr "%s/%s: не могу да премотам унапред „%zu“" -#: logsrvd/logsrv_util.c:150 -#, c-format -msgid "unable to find resume point [%lld, %ld] in %s/%s" -msgstr "не могу да нађем тачку наставка [%lld, %ld] у „%s/%s“" +#: logsrvd/logsrvd.c:266 logsrvd/logsrvd_queue.c:130 +msgid "unable to connect to relay" +msgstr "не могу да се повежем са преносником" + +#: logsrvd/logsrvd.c:325 logsrvd/logsrvd_relay.c:835 +#, c-format +msgid "server message too large: %zu" +msgstr "порука сервера је превелика: %zu" + +#: logsrvd/logsrvd.c:417 logsrvd/logsrvd.c:534 logsrvd/logsrvd.c:613 +#: logsrvd/logsrvd.c:837 logsrvd/logsrvd.c:851 logsrvd/logsrvd.c:1010 +#: logsrvd/logsrvd.c:1134 logsrvd/logsrvd.c:1307 logsrvd/logsrvd.c:1325 +#: logsrvd/logsrvd.c:1423 logsrvd/logsrvd.c:1546 logsrvd/logsrvd.c:1730 +#: logsrvd/logsrvd_journal.c:489 logsrvd/logsrvd_local.c:197 +#: logsrvd/logsrvd_queue.c:159 logsrvd/logsrvd_relay.c:167 +#: logsrvd/logsrvd_relay.c:244 logsrvd/logsrvd_relay.c:248 +#: logsrvd/logsrvd_relay.c:384 logsrvd/logsrvd_relay.c:576 +#: logsrvd/logsrvd_relay.c:737 logsrvd/logsrvd_relay.c:1121 +#: logsrvd/sendlog.c:1316 logsrvd/tls_client.c:131 logsrvd/tls_client.c:147 +#: logsrvd/tls_client.c:209 plugins/sudoers/audit.c:276 +#: plugins/sudoers/iolog.c:963 plugins/sudoers/iolog.c:1096 +#: plugins/sudoers/iolog.c:1194 plugins/sudoers/log_client.c:116 +#: plugins/sudoers/log_client.c:332 plugins/sudoers/log_client.c:348 +#: plugins/sudoers/log_client.c:395 plugins/sudoers/log_client.c:599 +#: plugins/sudoers/log_client.c:606 plugins/sudoers/log_client.c:1131 +#: plugins/sudoers/log_client.c:1413 plugins/sudoers/log_client.c:1454 +#: plugins/sudoers/log_client.c:1462 plugins/sudoers/log_client.c:1618 +#: plugins/sudoers/log_client.c:1734 plugins/sudoers/log_client.c:2054 +#: plugins/sudoers/log_client.c:2062 plugins/sudoers/logging.c:142 +#: plugins/sudoers/logging.c:198 plugins/sudoers/sudoreplay.c:522 +#: plugins/sudoers/sudoreplay.c:569 plugins/sudoers/sudoreplay.c:811 +#: plugins/sudoers/sudoreplay.c:923 plugins/sudoers/sudoreplay.c:1014 +#: plugins/sudoers/sudoreplay.c:1029 plugins/sudoers/sudoreplay.c:1036 +#: plugins/sudoers/sudoreplay.c:1043 plugins/sudoers/sudoreplay.c:1050 +#: plugins/sudoers/sudoreplay.c:1057 plugins/sudoers/sudoreplay.c:1184 +msgid "unable to add event to queue" +msgstr "не могу да додам догађај у ред" -#: logsrvd/logsrvd.c:290 logsrvd/logsrvd.c:353 logsrvd/logsrvd.c:394 -#: logsrvd/logsrvd.c:449 logsrvd/logsrvd.c:517 logsrvd/logsrvd.c:568 -#: logsrvd/logsrvd.c:600 logsrvd/logsrvd.c:632 +#: logsrvd/logsrvd.c:441 logsrvd/logsrvd.c:478 logsrvd/logsrvd.c:510 +#: logsrvd/logsrvd.c:558 logsrvd/logsrvd.c:630 logsrvd/logsrvd.c:660 +#: logsrvd/logsrvd.c:690 logsrvd/logsrvd.c:720 logsrvd/logsrvd_relay.c:505 +#: logsrvd/logsrvd_relay.c:538 +#, c-format +msgid "unexpected state %d for %s" +msgstr "неочекивано стање %d за „%s“" + +#: logsrvd/logsrvd.c:442 logsrvd/logsrvd.c:479 logsrvd/logsrvd.c:511 +#: logsrvd/logsrvd.c:559 logsrvd/logsrvd.c:631 logsrvd/logsrvd.c:661 +#: logsrvd/logsrvd.c:691 logsrvd/logsrvd.c:721 logsrvd/logsrvd_relay.c:507 +#: logsrvd/logsrvd_relay.c:540 msgid "state machine error" msgstr "грешка машине стања" -#: logsrvd/logsrvd.c:299 +#: logsrvd/logsrvd.c:448 logsrvd/logsrvd.c:449 msgid "invalid AcceptMessage" msgstr "неисправна „Порука прихвата“" -#: logsrvd/logsrvd.c:307 -msgid "error parsing AcceptMessage" -msgstr "грешка обраде „Поруке прихвата“" - -#: logsrvd/logsrvd.c:314 -msgid "error creating I/O log" -msgstr "грешка стварања У/И дневника" - -#: logsrvd/logsrvd.c:321 -msgid "error logging accept event" -msgstr "грешка прибележавања догађаја прихвата" - -#: logsrvd/logsrvd.c:362 +#: logsrvd/logsrvd.c:485 logsrvd/logsrvd.c:486 msgid "invalid RejectMessage" msgstr "неисправна „Порука одбијања“" -#: logsrvd/logsrvd.c:370 -msgid "error parsing RejectMessage" -msgstr "грешка обраде „Поруке одбијања“" - -#: logsrvd/logsrvd.c:376 -msgid "error logging reject event" -msgstr "грешка прибележавања догађаја одбијања" - -#: logsrvd/logsrvd.c:486 +#: logsrvd/logsrvd.c:593 logsrvd/logsrvd.c:594 msgid "invalid AlertMessage" msgstr "неисправна „Порука узбуне“" -#: logsrvd/logsrvd.c:494 -msgid "error parsing AlertMessage" -msgstr "грешка обраде „Поруке узбуне“" - -#: logsrvd/logsrvd.c:502 -msgid "error logging alert event" -msgstr "грешка прибележавања догађаја упозорења" +#: logsrvd/logsrvd.c:635 logsrvd/logsrvd.c:665 logsrvd/logsrvd.c:695 +#, c-format +msgid "%s: unexpected IoBuffer" +msgstr "%s: неочекивана У/И међумеморија" -#: logsrvd/logsrvd.c:523 logsrvd/logsrvd.c:574 logsrvd/logsrvd.c:606 +#: logsrvd/logsrvd.c:636 logsrvd/logsrvd.c:666 logsrvd/logsrvd.c:696 msgid "protocol error" msgstr "грешка протокола" -#: logsrvd/logsrvd.c:533 -msgid "error writing IoBuffer" -msgstr "Грешка писања „Уи_Међумеморије“" - -#: logsrvd/logsrvd.c:585 -msgid "error writing ChangeWindowSize" -msgstr "грешка писања „Промени_величину_прозора“" - -#: logsrvd/logsrvd.c:617 -msgid "error writing CommandSuspend" -msgstr "грешка писања „Обуставе_наредбе“" +#: logsrvd/logsrvd.c:791 logsrvd/logsrvd_journal.c:357 +#: logsrvd/logsrvd_local.c:125 logsrvd/logsrvd_relay.c:671 +#, c-format +msgid "unexpected type_case value %d in %s from %s" +msgstr "неочекивана вредност врсте_слова %d у „%s“ из „%s“" -#: logsrvd/logsrvd.c:702 +#: logsrvd/logsrvd.c:793 msgid "unrecognized ClientMessage type" msgstr "непозната врста „Поруке_клијента“" -#: logsrvd/logsrvd.c:967 -msgid "client message too large" -msgstr "порука клијента је превелика" - -#: logsrvd/logsrvd.c:1197 logsrvd/logsrvd.c:1205 -#, c-format -msgid "unable to set TLS 1.2 ciphersuite to %s: %s" -msgstr "не могу да подесим шифрарник ТЛС-а 1.2 на „%s“: %s" - -#: logsrvd/logsrvd.c:1225 logsrvd/logsrvd.c:1233 +#: logsrvd/logsrvd.c:883 #, c-format -msgid "unable to set TLS 1.3 ciphersuite to %s: %s" -msgstr "не могу да подесим шифрарник ТЛС-а 1.3 на „%s“: %s" +msgid "timed out writing to client %s" +msgstr "истекло је време писања на клијенту „%s“" -#: logsrvd/logsrvd.c:1269 +#: logsrvd/logsrvd.c:888 logsrvd/logsrvd_relay.c:907 logsrvd/sendlog.c:1420 #, c-format -msgid "unable to get TLS server method: %s" -msgstr "не могу да добавим метод ТЛС сервера: %s" +msgid "missing write buffer for client %s" +msgstr "недостаје међумеморија писања за клијента „%s“" -#: logsrvd/logsrvd.c:1274 +#: logsrvd/logsrvd.c:981 #, c-format -msgid "unable to create TLS context: %s" -msgstr "Не могу да створим ТЛС контекст: %s" +msgid "timed out reading from client %s" +msgstr "истекло је време читања са клијента „%s“" -#: logsrvd/logsrvd.c:1281 plugins/sudoers/log_client.c:236 +#: logsrvd/logsrvd.c:1022 logsrvd/logsrvd_relay.c:771 #, c-format -msgid "unable to load certificate %s" -msgstr "не могу да учитам уверење „%s“" +msgid "EOF from %s without proper TLS shutdown" +msgstr "крај датотеке из „%s“ без одговарајућег ТЛС гашења" -#: logsrvd/logsrvd.c:1294 plugins/sudoers/log_client.c:216 +#: logsrvd/logsrvd.c:1065 logsrvd/logsrvd_relay.c:200 logsrvd/sendlog.c:317 +#: plugins/sudoers/log_client.c:709 #, c-format -msgid "unable to load certificate authority bundle %s" -msgstr "не могу да учитам комплет ауторитета уверења „%s“" - -#: logsrvd/logsrvd.c:1339 plugins/sudoers/log_client.c:249 -#, c-format -msgid "unable to load private key %s" -msgstr "не могу да учитам лични кључ „%s“" +msgid "client message too large: %zu" +msgstr "порука клијента је превелика: %zu" -#: logsrvd/logsrvd.c:1356 logsrvd/logsrvd.c:1365 -#, c-format -msgid "unable to set diffie-hellman parameters: %s" -msgstr "не могу да подесим „diffie-hellman“ параметре: %s" +#: logsrvd/logsrvd.c:1066 logsrvd/logsrvd_journal.c:246 +#: logsrvd/logsrvd_journal.c:247 +msgid "client message too large" +msgstr "порука клијента је превелика" -#: logsrvd/logsrvd.c:1378 -#, c-format -msgid "unable to set minimum protocol version to TLS 1.2: %s" -msgstr "не могу да подесим најмање издање протокола на „TLS 1.2“: %s" +#: logsrvd/logsrvd.c:1084 logsrvd/logsrvd.c:1085 +msgid "invalid ClientMessage" +msgstr "неисправна „Порука клијента“" -#: logsrvd/logsrvd.c:1563 +#: logsrvd/logsrvd.c:1386 msgid "unable to get remote IP addr" msgstr "не могу да добавим удаљену ИП адресу" -#: logsrvd/logsrvd.c:1591 plugins/sudoers/log_client.c:263 +#: logsrvd/logsrvd.c:1415 logsrvd/tls_client.c:196 +#: plugins/sudoers/log_client.c:270 #, c-format msgid "Unable to attach user data to the ssl object: %s" msgstr "Не могу да прикачим податке корисника ссл објекту: %s" -#: logsrvd/logsrvd.c:1599 logsrvd/logsrvd.c:1721 logsrvd/logsrvd.c:1823 -#: logsrvd/sendlog.c:1125 logsrvd/sendlog.c:1481 logsrvd/sendlog.c:1496 -#: logsrvd/sendlog.c:1554 plugins/sudoers/iolog.c:956 -#: plugins/sudoers/iolog.c:1089 plugins/sudoers/iolog.c:1187 -#: plugins/sudoers/log_client.c:109 plugins/sudoers/log_client.c:324 -#: plugins/sudoers/log_client.c:340 plugins/sudoers/log_client.c:386 -#: plugins/sudoers/log_client.c:587 plugins/sudoers/log_client.c:594 -#: plugins/sudoers/log_client.c:1103 plugins/sudoers/log_client.c:1376 -#: plugins/sudoers/log_client.c:1417 plugins/sudoers/log_client.c:1425 -#: plugins/sudoers/log_client.c:1576 plugins/sudoers/log_client.c:1692 -#: plugins/sudoers/log_client.c:2007 plugins/sudoers/log_client.c:2015 -#: plugins/sudoers/sudoreplay.c:512 plugins/sudoers/sudoreplay.c:559 -#: plugins/sudoers/sudoreplay.c:791 plugins/sudoers/sudoreplay.c:903 -#: plugins/sudoers/sudoreplay.c:993 plugins/sudoers/sudoreplay.c:1008 -#: plugins/sudoers/sudoreplay.c:1015 plugins/sudoers/sudoreplay.c:1022 -#: plugins/sudoers/sudoreplay.c:1029 plugins/sudoers/sudoreplay.c:1036 -#: plugins/sudoers/sudoreplay.c:1163 -msgid "unable to add event to queue" -msgstr "не могу да додам догађај у ред" - -#: logsrvd/logsrvd.c:1775 logsrvd/logsrvd.c:2011 -msgid "unable setup listen socket" +#: logsrvd/logsrvd.c:1596 logsrvd/logsrvd.c:1949 +msgid "unable to setup listen socket" msgstr "не могу да подесим прикључницу ослушкивања" -#: logsrvd/logsrvd.c:1917 logsrvd/sendlog.c:124 +#: logsrvd/logsrvd.c:1713 #, c-format -msgid "" -"%s - send sudo I/O log to remote server\n" -"\n" -msgstr "" -"%s – шаље У/И дневник судоа удаљеном серверу\n" -"\n" +msgid "unexpected signal %d" +msgstr "неочекивани сигнал %d" -#: logsrvd/logsrvd.c:1920 -msgid "" -"\n" -"Options:\n" -" -f, --file path to configuration file\n" -" -h --help display help message and exit\n" -" -n, --no-fork do not fork, run in the foreground\n" -" -R, --random-drop percent chance connections will drop\n" -" -V, --version display version information and exit\n" -msgstr "" -"\n" -"Опције:\n" -" -f, --file путања до датотеке подешавања\n" -" -h --help приказује поруку помоћи и излази\n" -" -n, --no-fork не исцепљује, ради у првом плану\n" -" -R, --random-drop процентуалне шансе везе ће одбацити\n" -" -V, --version приказује податке о издању и излази\n" +#: logsrvd/logsrvd.c:1851 +msgid "sudo log server" +msgstr "сервер судо дневника" + +#: logsrvd/logsrvd.c:1853 logsrvd/sendlog.c:116 +msgid "Options:" +msgstr "Опције:" -#: logsrvd/logsrvd.c:1972 logsrvd/sendlog.c:1719 +#: logsrvd/logsrvd.c:1855 +msgid "path to configuration file" +msgstr "путања до датотеке подешавања" + +#: logsrvd/logsrvd.c:1857 logsrvd/sendlog.c:118 +msgid "display help message and exit" +msgstr "приказује поруку помоћи и излази" + +#: logsrvd/logsrvd.c:1859 +msgid "do not fork, run in the foreground" +msgstr "не клонира, ради у првом плану" + +#: logsrvd/logsrvd.c:1861 +msgid "percent chance connections will drop" +msgstr "просенат шанси за одбацивање веза" + +#: logsrvd/logsrvd.c:1863 logsrvd/sendlog.c:148 +msgid "display version information and exit" +msgstr "приказује податке о издању и излази" + +#: logsrvd/logsrvd.c:1913 logsrvd/sendlog.c:1725 msgid "Protobuf-C version 1.3 or higher required" msgstr "Потребно је „Protobuf-C“ издање 1.3 или новије" -#: logsrvd/logsrvd.c:1990 +#: logsrvd/logsrvd.c:1929 #, c-format msgid "invalid random drop value: %s" msgstr "неисправна вредност одбацивања насумичности: %s" -#: logsrvd/logsrvd.c:1994 logsrvd/sendlog.c:1769 -#: plugins/sudoers/cvtsudoers.c:228 plugins/sudoers/sudoreplay.c:299 +#: logsrvd/logsrvd.c:1932 logsrvd/sendlog.c:1779 +#: plugins/sudoers/cvtsudoers.c:246 plugins/sudoers/sudoreplay.c:301 #: plugins/sudoers/visudo.c:177 #, c-format msgid "%s version %s\n" msgstr "%s издање %s\n" -#: logsrvd/logsrvd_conf.c:331 +#: logsrvd/logsrvd_conf.c:390 plugins/sudoers/check.c:336 +#: plugins/sudoers/exptilde.c:85 plugins/sudoers/iolog.c:118 +#: plugins/sudoers/policy.c:1214 plugins/sudoers/sudoers.c:486 +#: plugins/sudoers/sudoers.c:1347 plugins/sudoers/testsudoers.c:215 +#: plugins/sudoers/testsudoers.c:382 +#, c-format +msgid "unknown user %s" +msgstr "непознат корисник „%s“" + +#: logsrvd/logsrvd_conf.c:407 plugins/sudoers/iolog.c:143 +#: plugins/sudoers/sudoers.c:491 plugins/sudoers/sudoers.c:1381 +#: plugins/sudoers/testsudoers.c:406 +#, c-format +msgid "unknown group %s" +msgstr "непозната група „%s“" + +#: logsrvd/logsrvd_conf.c:425 +#, c-format +msgid "unable to parse iolog mode %s" +msgstr "не могу да обрадим режим У/И дневника „%s“" + +#: logsrvd/logsrvd_conf.c:442 logsrvd/logsrvd_conf.c:1171 +#, c-format +msgid "invalid value for %s: %s" +msgstr "неисправна вредност за „%s“: %s" + +#: logsrvd/logsrvd_conf.c:481 msgid "TLS not supported" msgstr "ТЛС није подржано" -#: logsrvd/logsrvd_conf.c:343 +#: logsrvd/logsrvd_conf.c:503 #, c-format msgid "%s:%s" msgstr "%s:%s" -#: logsrvd/logsrvd_conf.c:409 logsrvd/logsrvd_conf.c:653 +#: logsrvd/logsrvd_conf.c:576 logsrvd/logsrvd_conf.c:970 #, c-format msgid "%s: not a fully qualified path" msgstr "%s: није потпуно квалификована путања" -#: logsrvd/logsrvd_conf.c:767 +#: logsrvd/logsrvd_conf.c:888 logsrvd/logsrvd_conf.c:904 +#: logsrvd/logsrvd_conf.c:1586 +#, c-format +msgid "unknown syslog facility %s" +msgstr "непознато постројење системског дневика „%s“" + +#: logsrvd/logsrvd_conf.c:920 logsrvd/logsrvd_conf.c:936 +#: logsrvd/logsrvd_conf.c:952 logsrvd/logsrvd_conf.c:1590 +#: logsrvd/logsrvd_conf.c:1594 logsrvd/logsrvd_conf.c:1598 +#, c-format +msgid "unknown syslog priority %s" +msgstr "непознат приоритет системског дневика „%s“" + +#: logsrvd/logsrvd_conf.c:1132 #, c-format msgid "%s:%d unmatched '[': %s" msgstr "„%s:%d“ непоклопљена [: %s" -#: logsrvd/logsrvd_conf.c:778 +#: logsrvd/logsrvd_conf.c:1143 #, c-format msgid "%s:%d invalid config section: %s" msgstr "„%s:%d“ неисправан одељак подешавања: %s" -#: logsrvd/logsrvd_conf.c:786 +#: logsrvd/logsrvd_conf.c:1151 #, c-format msgid "%s:%d invalid configuration line: %s" msgstr "„%s:%d“ неисправан ред подешавања: %s" -#: logsrvd/logsrvd_conf.c:792 +#: logsrvd/logsrvd_conf.c:1157 #, c-format msgid "%s:%d expected section name: %s" msgstr "„%s:%d“ очекиван је назив одељка: %s" -#: logsrvd/logsrvd_conf.c:806 +#: logsrvd/logsrvd_conf.c:1179 #, c-format -msgid "invalid value for %s: %s" -msgstr "неисправна вредност за „%s“: %s" +msgid "%s:%d [%s] illegal key: %s" +msgstr "%s:%d [%s] неисправан кључ: %s" -#: logsrvd/logsrvd_conf.c:814 +#: logsrvd/logsrvd_conf.c:1209 plugins/sudoers/cvtsudoers.c:268 +#: plugins/sudoers/logging.c:856 #, c-format -msgid "%s:%d unknown key: %s" -msgstr "„%s:%d“ непознат кључ: %s" +msgid "unable to open log file %s" +msgstr "не могу да отворим датотеку дневника „%s“" + +#: logsrvd/logsrvd_conf.c:1666 +msgid "unable to initialize server TLS context" +msgstr "не могу да покренем ТЛС контекст сервера" + +#: logsrvd/logsrvd_conf.c:1686 +msgid "unable to initialize relay TLS context" +msgstr "не могу да покренем ТЛС контекст преносника" + +#: logsrvd/logsrvd_journal.c:136 logsrvd/logsrvd_journal.c:416 +#: logsrvd/logsrvd_journal.c:421 +msgid "unable to create journal file" +msgstr "не могу да направим датотеку дневника" -#: logsrvd/logsrvd_conf.c:1003 +#: logsrvd/logsrvd_journal.c:140 logsrvd/logsrvd_queue.c:104 +#: plugins/sudoers/visudo.c:1007 #, c-format -msgid "unknown syslog facility %s" -msgstr "непознато постројење системског дневика „%s“" +msgid "unable to lock %s" +msgstr "не могу да закључам „%s“" -#: logsrvd/logsrvd_conf.c:1007 logsrvd/logsrvd_conf.c:1011 -#: logsrvd/logsrvd_conf.c:1015 +#: logsrvd/logsrvd_journal.c:143 +msgid "unable to lock journal file" +msgstr "не могу да закључам датотеку дневника" + +#: logsrvd/logsrvd_journal.c:151 +msgid "unable to open journal file" +msgstr "не могу да отворим датотеку дневника" + +#: logsrvd/logsrvd_journal.c:172 logsrvd/logsrvd_journal.c:452 +#: logsrvd/logsrvd_journal.c:457 +msgid "unable to write journal file" +msgstr "не могу да запишем датотеку дневника" + +#: logsrvd/logsrvd_journal.c:180 logsrvd/logsrvd_journal.c:187 +msgid "unable to rename journal file" +msgstr "не могу да преименујем датотеку дневника" + +#: logsrvd/logsrvd_journal.c:234 logsrvd/logsrvd_journal.c:235 +#: logsrvd/logsrvd_journal.c:269 logsrvd/logsrvd_journal.c:270 +msgid "unexpected EOF reading journal file" +msgstr "неочекивани крај датотеке читајући датотеку дневника" + +#: logsrvd/logsrvd_journal.c:238 logsrvd/logsrvd_journal.c:239 +#: logsrvd/logsrvd_journal.c:273 logsrvd/logsrvd_journal.c:274 +msgid "error reading journal file" +msgstr "грешка читања датотеке дневника" + +#: logsrvd/logsrvd_journal.c:285 logsrvd/logsrvd_journal.c:376 +msgid "invalid journal file, unable to restart" +msgstr "неисправна датотека дневника, не могу поново да почнем" + +#: logsrvd/logsrvd_journal.c:435 #, c-format -msgid "unknown syslog priority %s" -msgstr "непознат приоритет системског дневика „%s“" +msgid "unable to seek to [%lld, %ld] in journal file %s" +msgstr "не могу да премотам на [%lld, %ld] у датотеци дневника „%s“" -#: logsrvd/sendlog.c:127 -msgid "" -"\n" -"Options:\n" -" --help display help message and exit\n" -" -A, --accept only send an accept event (no I/O)\n" -" -h, --host host to send logs to\n" -" -i, --iolog_id remote ID of I/O log to be resumed\n" -" -p, --port port to use when connecting to host\n" -" -r, --restart restart previous I/O log transfer\n" -" -R, --reject reject the command with the given reason\n" -" -b, --ca-bundle certificate bundle file to verify server's cert against\n" -" -c, --cert certificate file for TLS handshake\n" -" -k, --key private key file\n" -" -n, --no-verify do not verify server certificate\n" -" -t, --test test audit server by sending selected I/O log n times in parallel\n" -" -V, --version display version information and exit\n" -msgstr "" -"\n" -"Опције:\n" -" --help приказује поруку помоћи и излази\n" -" -A, --accept шаље само догађај прихвата (не У/И)\n" -" -h, --host домаћин коме се шаљу дневници\n" -" -i, --iolog_id удаљени ИБ У/И дневника који ће се наставити\n" -" -p, --port прикључник за коришћење приликом повезивања са домаћином\n" -" -r, --restart поново покреће претходни пренос У/И дневника\n" -" -R, --reject одбацује наредбу са датим разлогом\n" -" -b, --ca-bundle датотека групе уверења за проверу уверења сервера\n" -" -c, --cert датотека уверења за ТЛС руковање\n" -" -k, --key датотека личног кључа\n" -" -n, --no-verify не потврђује уверење сервера\n" -" -t, --test проверава сервер испитивања шаљући изабрани У/И дневник n пута у паралели\n" -" -V, --version приказује податке о издању и излази\n" +#: logsrvd/logsrvd_local.c:153 +msgid "error parsing AcceptMessage" +msgstr "грешка обраде „Поруке прихвата“" + +#: logsrvd/logsrvd_local.c:164 +msgid "error creating I/O log" +msgstr "грешка стварања У/И дневника" + +#: logsrvd/logsrvd_local.c:187 +msgid "error logging accept event" +msgstr "грешка прибележавања догађаја прихвата" + +#: logsrvd/logsrvd_local.c:226 +msgid "error parsing RejectMessage" +msgstr "грешка обраде „Поруке одбијања“" + +#: logsrvd/logsrvd_local.c:250 +msgid "error logging reject event" +msgstr "грешка прибележавања догађаја одбијања" + +#: logsrvd/logsrvd_local.c:386 logsrvd/logsrvd_local.c:394 +msgid "error logging exit event" +msgstr "грешка прибележавања догађаја излаза" + +#: logsrvd/logsrvd_local.c:451 logsrvd/logsrvd_local.c:452 +msgid "log is already complete, cannot be restarted" +msgstr "дневик је већ довршен, не може бити поново покренут" + +#: logsrvd/logsrvd_local.c:482 +msgid "unable to restart log" +msgstr "не могу поново да покренем дневник" + +#: logsrvd/logsrvd_local.c:498 +msgid "error parsing AlertMessage" +msgstr "грешка обраде „Поруке узбуне“" + +#: logsrvd/logsrvd_local.c:508 +msgid "error logging alert event" +msgstr "грешка прибележавања догађаја упозорења" + +#: logsrvd/logsrvd_local.c:543 logsrvd/logsrvd_local.c:596 +#: logsrvd/logsrvd_local.c:631 +#, c-format +msgid "unable to format timing buffer, length %d" +msgstr "не могу да обликујем међумеморију временисања, трајање %d" + +#: logsrvd/logsrvd_local.c:550 logsrvd/logsrvd_local.c:558 +#: logsrvd/logsrvd_local.c:603 logsrvd/logsrvd_local.c:638 +#: plugins/sudoers/sudoreplay.c:351 +#, c-format +msgid "%s/%s: %s" +msgstr "%s/%s: %s" + +#: logsrvd/logsrvd_local.c:578 +msgid "error writing IoBuffer" +msgstr "Грешка писања „Уи_Међумеморије“" + +#: logsrvd/logsrvd_local.c:613 +msgid "error writing ChangeWindowSize" +msgstr "грешка писања „Промени_величину_прозора“" + +#: logsrvd/logsrvd_local.c:648 +msgid "error writing CommandSuspend" +msgstr "грешка писања „Обуставе_наредбе“" + +#: logsrvd/logsrvd_relay.c:430 +msgid "TLS handshake with relay host failed" +msgstr "ТЛС руковање са домаћином преносника није успело" + +#: logsrvd/logsrvd_relay.c:458 +msgid "unable to connect to relay host" +msgstr "Не могу да се повежем са домаћином преносника" + +#: logsrvd/logsrvd_relay.c:513 +#, c-format +msgid "%s: invalid ServerHello, missing server_id" +msgstr "%s: неисправан поздрав сервера, недостаје иб сервера" -#: logsrvd/sendlog.c:164 plugins/sudoers/log_client.c:432 +#: logsrvd/logsrvd_relay.c:515 logsrvd/sendlog.c:1121 +#: plugins/sudoers/log_client.c:1497 +msgid "invalid ServerHello" +msgstr "неисправан „Поздрав_сервера“" + +#: logsrvd/logsrvd_relay.c:674 +msgid "unrecognized ServerMessage type" +msgstr "непозната врста „Поруке_сервера“" + +#: logsrvd/logsrvd_relay.c:703 +#, c-format +msgid "timed out reading from relay %s (%s)" +msgstr "истекло је време читања са преносника „%s“ (%s)" + +#: logsrvd/logsrvd_relay.c:705 +msgid "timeout reading from relay" +msgstr "истекло је време читања са преносника" + +#: logsrvd/logsrvd_relay.c:757 +msgid "relay host name does not match certificate" +msgstr "назив домаћина преносника не одговара уверењу" + +#: logsrvd/logsrvd_relay.c:763 logsrvd/logsrvd_relay.c:776 +#: logsrvd/logsrvd_relay.c:782 +msgid "error reading from relay" +msgstr "грешка читања са преносника" + +#: logsrvd/logsrvd_relay.c:803 +msgid "unable to read from relay" +msgstr "не могу да читам са преносника" + +#: logsrvd/logsrvd_relay.c:818 logsrvd/logsrvd_relay.c:936 +msgid "relay server closed connection" +msgstr "сервер преносника је затворио везу" + +#: logsrvd/logsrvd_relay.c:836 +msgid "server message too large" +msgstr "порука сервера је превелика" + +#: logsrvd/logsrvd_relay.c:900 +#, c-format +msgid "timed out writing to relay %s (%s)" +msgstr "истекло је време писања на преноснику „%s“ (%s)" + +#: logsrvd/logsrvd_relay.c:902 +msgid "timeout writing to relay" +msgstr "истекло је време писања на преноснику" + +#: logsrvd/logsrvd_relay.c:955 logsrvd/logsrvd_relay.c:961 +#: logsrvd/logsrvd_relay.c:971 +msgid "error writing to relay" +msgstr "грешка писања на преноснику" + +#: logsrvd/sendlog.c:114 +msgid "send sudo I/O log to remote server" +msgstr "шаље У/И дневник судоа удаљеном серверу" + +#: logsrvd/sendlog.c:120 +msgid "only send an accept event (no I/O)" +msgstr "шаље само догађај прихвата (не У/И)" + +#: logsrvd/sendlog.c:123 +msgid "certificate bundle file to verify server's cert against" +msgstr "датотека скупа уверења за проверавање уверења сервера" + +#: logsrvd/sendlog.c:125 +msgid "certificate file for TLS handshake" +msgstr "датотека уверења за ТЛС руковање" + +#: logsrvd/sendlog.c:128 +msgid "host to send logs to" +msgstr "домаћин коме шаље дневнике" + +#: logsrvd/sendlog.c:130 +msgid "remote ID of I/O log to be resumed" +msgstr "ИБ удаљеног У/И дневника који ће бити враћен" + +#: logsrvd/sendlog.c:133 +msgid "private key file" +msgstr "датотека приватног кључа" + +#: logsrvd/sendlog.c:135 +msgid "do not verify server certificate" +msgstr "не проверава уверење сервера" + +#: logsrvd/sendlog.c:138 +msgid "port to use when connecting to host" +msgstr "прикључник за коришћење приликом повезивања на домаћина" + +#: logsrvd/sendlog.c:140 +msgid "restart previous I/O log transfer" +msgstr "поново покреће претходни пренос У/И дневника" + +#: logsrvd/sendlog.c:142 +msgid "reject the command with the given reason" +msgstr "одбацује наредбу са датим разлогом" + +#: logsrvd/sendlog.c:144 +msgid "stop transfer after reaching this time" +msgstr "прекида пренос након достизања овог времена" + +#: logsrvd/sendlog.c:146 +msgid "test audit server by sending selected I/O log n times in parallel" +msgstr "тестира анкетни сервер шаљући изабрани У/И дневник n пута у паралели" + +#: logsrvd/sendlog.c:171 plugins/sudoers/log_client.c:441 #, c-format msgid "unable to look up %s:%s: %s" msgstr "не могу да потражим „%s:%s“: %s" -#: logsrvd/sendlog.c:202 +#: logsrvd/sendlog.c:209 msgid "unable to get server IP addr" msgstr "не могу да добавим ИП адресу сервера" -#: logsrvd/sendlog.c:256 plugins/sudoers/sudoreplay.c:851 +#: logsrvd/sendlog.c:295 plugins/sudoers/sudoreplay.c:871 #, c-format msgid "unable to read %s/%s: %s" msgstr "не могу да прочитам „%s/%s“: %s" -#: logsrvd/sendlog.c:277 plugins/sudoers/log_client.c:694 -#, c-format -msgid "client message too large: %zu" -msgstr "порука клијента је превелика: %zu" - -#: logsrvd/sendlog.c:810 -#, c-format -msgid "%s: write buffer already in use" -msgstr "%s: међумеморија писања је већ у употреби" - -#: logsrvd/sendlog.c:862 plugins/sudoers/iolog.c:880 -#: plugins/sudoers/iolog.c:949 +#: logsrvd/sendlog.c:1045 plugins/sudoers/iolog.c:887 +#: plugins/sudoers/iolog.c:956 #, c-format msgid "unexpected I/O event %d" msgstr "неочекивани У/И догађај „%d“" -#: logsrvd/sendlog.c:908 logsrvd/sendlog.c:925 logsrvd/sendlog.c:959 -#: plugins/sudoers/log_client.c:1118 plugins/sudoers/log_client.c:1386 -#: plugins/sudoers/log_client.c:1454 plugins/sudoers/log_client.c:1490 +#: logsrvd/sendlog.c:1098 logsrvd/sendlog.c:1115 logsrvd/sendlog.c:1149 +#: plugins/sudoers/log_client.c:1146 plugins/sudoers/log_client.c:1423 +#: plugins/sudoers/log_client.c:1491 plugins/sudoers/log_client.c:1530 #, c-format msgid "%s: unexpected state %d" msgstr "%s: неочекивано стање „%d“" -#: logsrvd/sendlog.c:931 plugins/sudoers/log_client.c:1460 -msgid "invalid ServerHello" -msgstr "неисправан „Поздрав_сервера“" - -#: logsrvd/sendlog.c:995 plugins/sudoers/log_client.c:1534 +#: logsrvd/sendlog.c:1185 plugins/sudoers/log_client.c:1576 #, c-format msgid "error message received from server: %s" msgstr "порука грешке је примљена са сервера: %s" -#: logsrvd/sendlog.c:1008 plugins/sudoers/log_client.c:1547 +#: logsrvd/sendlog.c:1198 plugins/sudoers/log_client.c:1589 #, c-format msgid "abort message received from server: %s" msgstr "порука прекида је примљена са сервера: %s" -#: logsrvd/sendlog.c:1027 plugins/sudoers/log_client.c:1566 -msgid "unable to unpack ServerMessage" -msgstr "не могу да отпакујем „Поруку_сервера“" - -#: logsrvd/sendlog.c:1067 plugins/sudoers/log_client.c:1597 +#: logsrvd/sendlog.c:1257 plugins/sudoers/log_client.c:1639 #, c-format msgid "%s: unexpected type_case value %d" msgstr "%s: неочекивана вредност врсте_слова „%d“" -#: logsrvd/sendlog.c:1096 +#: logsrvd/sendlog.c:1286 msgid "timeout reading from server" msgstr "истекло је време читања са сервера" -#: logsrvd/sendlog.c:1174 +#: logsrvd/sendlog.c:1368 msgid "premature EOF" msgstr "прерани крај датотеке" -#: logsrvd/sendlog.c:1187 plugins/sudoers/log_client.c:1751 +#: logsrvd/sendlog.c:1381 plugins/sudoers/log_client.c:1800 #, c-format msgid "server message too large: %u" msgstr "порука сервера је превелика: %u" -#: logsrvd/sendlog.c:1238 +#: logsrvd/sendlog.c:1437 msgid "timeout writing to server" msgstr "истекло је време писања на сервер" -#: logsrvd/sendlog.c:1457 plugins/sudoers/log_client.c:296 +#: logsrvd/sendlog.c:1802 +msgid "both restart point and iolog ID must be specified" +msgstr "мора бити наведена и тачка поновног покретања и ИБ уи_дневника" + +#: logsrvd/sendlog.c:1806 +msgid "a restart point may not be set when no I/O is sent" +msgstr "тачка поновног покретања се не може подесити када није послат У/И" + +#: logsrvd/sendlog.c:1882 +#, c-format +msgid "exited prematurely with state %d" +msgstr "изађох прерано са стањем „%d“" + +#: logsrvd/sendlog.c:1883 +#, c-format +msgid "elapsed time sent to server [%lld, %ld]" +msgstr "протекло време послато серверу [%lld, %ld]" + +#: logsrvd/sendlog.c:1885 +#, c-format +msgid "commit point received from server [%lld, %ld]" +msgstr "тачка слања примљена са сервера [%lld, %ld]" + +#: logsrvd/tls_client.c:106 plugins/sudoers/log_client.c:304 msgid "TLS handshake timeout occurred" msgstr "дошло је до временског истека ТЛС руковања" -#: logsrvd/sendlog.c:1476 logsrvd/sendlog.c:1491 -#: plugins/sudoers/log_client.c:318 plugins/sudoers/log_client.c:334 +#: logsrvd/tls_client.c:126 logsrvd/tls_client.c:142 +#: plugins/sudoers/log_client.c:326 plugins/sudoers/log_client.c:342 msgid "unable to set event" msgstr "не могу да подесим догађај" -#: logsrvd/sendlog.c:1501 logsrvd/sendlog.c:1505 +#: logsrvd/tls_client.c:152 logsrvd/tls_client.c:156 #, c-format msgid "TLS connection failed: %s" msgstr "ТЛС веза није успела: %s" -#: logsrvd/sendlog.c:1538 -#, c-format -msgid "Unable to initialize ssl context: %s" -msgstr "Не могу да покренем ссл контекст: %s" - -#: logsrvd/sendlog.c:1543 plugins/sudoers/log_client.c:258 +#: logsrvd/tls_client.c:190 #, c-format -msgid "Unable to allocate ssl object: %s" -msgstr "Не могу да доделим ссл објекат: %s" +msgid "unable to allocate ssl object: %s" +msgstr "не могу да доделим ссл објекат: %s" -#: logsrvd/sendlog.c:1548 +#: logsrvd/tls_client.c:203 #, c-format msgid "Unable to attach socket to the ssl object: %s" msgstr "Не могу да прикачим прикључницу ссл објекту: %s" -#: logsrvd/sendlog.c:1792 -msgid "both restart point and iolog ID must be specified" -msgstr "мора бити наведена и тачка поновног покретања и ИБ уи_дневника" +#: logsrvd/tls_client.c:231 +msgid "unable to initialize TLS context" +msgstr "не могу да покренем ТЛС контекст" -#: logsrvd/sendlog.c:1796 -msgid "a restart point may not be set when no I/O is sent" -msgstr "тачка поновног покретања се не може подесити када није послат У/И" +#: logsrvd/tls_init.c:127 logsrvd/tls_init.c:135 +#, c-format +msgid "unable to set TLS 1.2 ciphersuite to %s: %s" +msgstr "не могу да подесим шифрарник ТЛС-а 1.2 на „%s“: %s" -#: logsrvd/sendlog.c:1871 +#: logsrvd/tls_init.c:155 logsrvd/tls_init.c:163 #, c-format -msgid "exited prematurely with state %d" -msgstr "изађох прерано са стањем „%d“" +msgid "unable to set TLS 1.3 ciphersuite to %s: %s" +msgstr "не могу да подесим шифрарник ТЛС-а 1.3 на „%s“: %s" -#: logsrvd/sendlog.c:1872 +#: logsrvd/tls_init.c:195 logsrvd/tls_init.c:216 #, c-format -msgid "elapsed time sent to server [%lld, %ld]" -msgstr "протекло време послато серверу [%lld, %ld]" +msgid "unable to set diffie-hellman parameters: %s" +msgstr "не могу да подесим „diffie-hellman“ параметре: %s" -#: logsrvd/sendlog.c:1874 +#: logsrvd/tls_init.c:272 #, c-format -msgid "commit point received from server [%lld, %ld]" -msgstr "тачка слања примљена са сервера [%lld, %ld]" +msgid "unable to create TLS context: %s" +msgstr "Не могу да створим ТЛС контекст: %s" -#: plugins/sudoers/alias.c:148 +#: logsrvd/tls_init.c:278 #, c-format -msgid "Alias \"%s\" already defined" -msgstr "Псеудоним „%s“ је већ одређен" +msgid "unable to set minimum protocol version to TLS 1.2: %s" +msgstr "не могу да подесим најмање издање протокола на „TLS 1.2“: %s" -#: plugins/sudoers/audit.c:206 plugins/sudoers/audit.c:343 -#: plugins/sudoers/log_client.c:954 plugins/sudoers/log_client.c:1002 -#: plugins/sudoers/log_client.c:1050 plugins/sudoers/log_client.c:1175 -#: plugins/sudoers/logging.c:548 plugins/sudoers/policy.c:114 +#: plugins/sudoers/audit.c:267 plugins/sudoers/audit.c:419 +#: plugins/sudoers/log_client.c:979 plugins/sudoers/log_client.c:1028 +#: plugins/sudoers/log_client.c:1077 plugins/sudoers/log_client.c:1203 +#: plugins/sudoers/logging.c:551 plugins/sudoers/logging.c:648 +#: plugins/sudoers/logging.c:810 plugins/sudoers/policy.c:123 msgid "unable to get time of day" msgstr "не могу да добавим време дана" @@ -910,45 +1340,45 @@ msgid "unable to change password for %s" msgstr "не могу да изменим лозинку за „%s“" -#: plugins/sudoers/auth/bsdauth.c:70 +#: plugins/sudoers/auth/bsdauth.c:74 #, c-format msgid "unable to get login class for user %s" msgstr "не могу да добавим разред пријаве за корисника „%s“" -#: plugins/sudoers/auth/bsdauth.c:75 +#: plugins/sudoers/auth/bsdauth.c:79 msgid "unable to begin bsd authentication" msgstr "не могу да почнем бсд потврђивање идентитета" -#: plugins/sudoers/auth/bsdauth.c:83 +#: plugins/sudoers/auth/bsdauth.c:87 msgid "invalid authentication type" msgstr "неисправна врста потврђивање идентитета" -#: plugins/sudoers/auth/bsdauth.c:92 +#: plugins/sudoers/auth/bsdauth.c:96 msgid "unable to initialize BSD authentication" msgstr "не могу да покренем БСД потврђивање идентитета" -#: plugins/sudoers/auth/bsdauth.c:179 +#: plugins/sudoers/auth/bsdauth.c:183 msgid "your account has expired" msgstr "ваш налог је истекао" -#: plugins/sudoers/auth/bsdauth.c:181 +#: plugins/sudoers/auth/bsdauth.c:185 msgid "approval failed" msgstr "доказивање није успело" -#: plugins/sudoers/auth/fwtk.c:54 +#: plugins/sudoers/auth/fwtk.c:58 msgid "unable to read fwtk config" msgstr "не могу да читам „fwtk“ подешавања" -#: plugins/sudoers/auth/fwtk.c:59 +#: plugins/sudoers/auth/fwtk.c:63 msgid "unable to connect to authentication server" msgstr "не могу да се повежем на сервер потврђивања идентитета" -#: plugins/sudoers/auth/fwtk.c:65 plugins/sudoers/auth/fwtk.c:89 -#: plugins/sudoers/auth/fwtk.c:121 +#: plugins/sudoers/auth/fwtk.c:69 plugins/sudoers/auth/fwtk.c:94 +#: plugins/sudoers/auth/fwtk.c:126 msgid "lost connection to authentication server" msgstr "изгубио сам везу са сервером потврђивања идентитета" -#: plugins/sudoers/auth/fwtk.c:69 +#: plugins/sudoers/auth/fwtk.c:73 #, c-format msgid "" "authentication server error:\n" @@ -962,83 +1392,83 @@ msgid "%s: unable to convert principal to string ('%s'): %s" msgstr "%s: не могу да претворим главника у ниску („%s“): %s" -#: plugins/sudoers/auth/kerb5.c:160 +#: plugins/sudoers/auth/kerb5.c:162 #, c-format msgid "%s: unable to parse '%s': %s" msgstr "%s: не могу да обрадим „%s“: %s" -#: plugins/sudoers/auth/kerb5.c:169 +#: plugins/sudoers/auth/kerb5.c:171 #, c-format msgid "%s: unable to resolve credential cache: %s" msgstr "%s: не могу да решим оставу пуномоћства: %s" -#: plugins/sudoers/auth/kerb5.c:216 +#: plugins/sudoers/auth/kerb5.c:220 #, c-format msgid "%s: unable to allocate options: %s" msgstr "%s: не могу да доделим опције: %s" -#: plugins/sudoers/auth/kerb5.c:231 +#: plugins/sudoers/auth/kerb5.c:235 #, c-format msgid "%s: unable to get credentials: %s" msgstr "%s: не могу да добавим пуномоћства: %s" -#: plugins/sudoers/auth/kerb5.c:244 +#: plugins/sudoers/auth/kerb5.c:248 #, c-format msgid "%s: unable to initialize credential cache: %s" msgstr "%s: не могу да покренем оставу пуномоћства: %s" -#: plugins/sudoers/auth/kerb5.c:247 +#: plugins/sudoers/auth/kerb5.c:251 #, c-format msgid "%s: unable to store credential in cache: %s" msgstr "%s: не могу да сместим пуномоћства у оставу: %s" -#: plugins/sudoers/auth/kerb5.c:311 +#: plugins/sudoers/auth/kerb5.c:315 #, c-format msgid "%s: unable to get host principal: %s" msgstr "%s: не могу да добавим главника домаћина: %s" -#: plugins/sudoers/auth/kerb5.c:325 +#: plugins/sudoers/auth/kerb5.c:329 #, c-format msgid "%s: Cannot verify TGT! Possible attack!: %s" msgstr "%s: Не могу потврдити ТГТ! Могући напад!: %s" -#: plugins/sudoers/auth/pam.c:218 +#: plugins/sudoers/auth/pam.c:216 #, c-format msgid "unable to initialize PAM: %s" msgstr "не могу да покренем ПАМ: %s" -#: plugins/sudoers/auth/pam.c:317 +#: plugins/sudoers/auth/pam.c:338 #, c-format msgid "PAM authentication error: %s" msgstr "Грешка ПАМ потврђивања идентитета: %s" -#: plugins/sudoers/auth/pam.c:336 +#: plugins/sudoers/auth/pam.c:357 msgid "account validation failure, is your account locked?" msgstr "неуспех провере налога, да ли је ваш налог закључан?" -#: plugins/sudoers/auth/pam.c:347 +#: plugins/sudoers/auth/pam.c:368 msgid "Account or password is expired, reset your password and try again" msgstr "Налог или лозинка је истекла, поново поставите лозинку и покушајте поново" -#: plugins/sudoers/auth/pam.c:353 +#: plugins/sudoers/auth/pam.c:374 #, c-format msgid "unable to change expired password: %s" msgstr "не могу да изменим истеклу лозинку: %s" -#: plugins/sudoers/auth/pam.c:364 +#: plugins/sudoers/auth/pam.c:385 msgid "Password expired, contact your system administrator" msgstr "Лозинка је истекла, обратите се администратору система" -#: plugins/sudoers/auth/pam.c:369 +#: plugins/sudoers/auth/pam.c:390 msgid "Account expired or PAM config lacks an \"account\" section for sudo, contact your system administrator" msgstr "Налог је истекао или ПАМ подешавањима недостаје одељак „налог“ за судо, обратите се администратору система" -#: plugins/sudoers/auth/pam.c:377 plugins/sudoers/auth/pam.c:382 +#: plugins/sudoers/auth/pam.c:398 plugins/sudoers/auth/pam.c:403 #, c-format msgid "PAM account management error: %s" msgstr "грешка управљања ПАМ налогом: %s" -#: plugins/sudoers/auth/rfc1938.c:99 plugins/sudoers/visudo.c:243 +#: plugins/sudoers/auth/rfc1938.c:99 plugins/sudoers/visudo.c:255 #, c-format msgid "you do not exist in the %s database" msgstr "ви не постојите у бази подтака „%s“" @@ -1047,31 +1477,31 @@ msgid "failed to initialise the ACE API library" msgstr "нисам успео да покренем АЦЕ АПИ библиотеку" -#: plugins/sudoers/auth/securid5.c:98 +#: plugins/sudoers/auth/securid5.c:103 msgid "unable to contact the SecurID server" msgstr "не могу да ступим у везу са сервером безбеднног ИБ-а" -#: plugins/sudoers/auth/securid5.c:107 +#: plugins/sudoers/auth/securid5.c:112 msgid "User ID locked for SecurID Authentication" msgstr "ИБ корисника је закључан за потврђивање идентитета безбедног ИБ-а" -#: plugins/sudoers/auth/securid5.c:111 plugins/sudoers/auth/securid5.c:162 +#: plugins/sudoers/auth/securid5.c:116 plugins/sudoers/auth/securid5.c:167 msgid "invalid username length for SecurID" msgstr "неисправна дужина корисничког имена за безбедни ИБ" -#: plugins/sudoers/auth/securid5.c:115 plugins/sudoers/auth/securid5.c:167 +#: plugins/sudoers/auth/securid5.c:120 plugins/sudoers/auth/securid5.c:172 msgid "invalid Authentication Handle for SecurID" msgstr "неисправна ручка потврђивања идентитета за безбедни ИБ" -#: plugins/sudoers/auth/securid5.c:119 +#: plugins/sudoers/auth/securid5.c:124 msgid "SecurID communication failed" msgstr "Није успело комуницирање безбедног ИБ-а" -#: plugins/sudoers/auth/securid5.c:123 plugins/sudoers/auth/securid5.c:210 +#: plugins/sudoers/auth/securid5.c:128 plugins/sudoers/auth/securid5.c:215 msgid "unknown SecurID error" msgstr "непозната грешка безбедног ИБ-а" -#: plugins/sudoers/auth/securid5.c:157 +#: plugins/sudoers/auth/securid5.c:162 msgid "invalid passcode length for SecurID" msgstr "неисправна дужина пропусне шифре за безбедни ИБ" @@ -1111,7 +1541,17 @@ msgid "unable to commit audit record" msgstr "не могу да предам снимак прегледа" -#: plugins/sudoers/check.c:258 +#: plugins/sudoers/check.c:264 +#, c-format +msgid "error reading lecture file %s" +msgstr "грешка читања датотеке обучавања „%s“" + +#: plugins/sudoers/check.c:270 +#, c-format +msgid "ignoring lecture file %s: not a regular file" +msgstr "занемарујем датотеку обучавања „%s“: није обична датотека" + +#: plugins/sudoers/check.c:283 msgid "" "\n" "We trust you have received the usual lecture from the local System\n" @@ -1131,118 +1571,122 @@ " #3) Са великом моћи долази и велика одговорност.\n" "\n" -#: plugins/sudoers/check.c:301 plugins/sudoers/check.c:311 -#: plugins/sudoers/sudoers.c:837 plugins/sudoers/sudoers.c:858 +#: plugins/sudoers/check.c:331 plugins/sudoers/check.c:341 +#: plugins/sudoers/sudoers.c:885 plugins/sudoers/sudoers.c:906 #: plugins/sudoers/tsdump.c:119 #, c-format -msgid "unknown uid: %u" -msgstr "непознат јиб: %u" +msgid "unknown uid %u" +msgstr "непознат јиб %u" + +#: plugins/sudoers/check_aliases.c:92 +#, c-format +msgid "Error: %s:%d:%d: cycle in %s \"%s\"" +msgstr "Грешка: %s:%d:%d: циклус у „%s“ „%s“" + +#: plugins/sudoers/check_aliases.c:93 +#, c-format +msgid "Warning: %s:%d:%d: cycle in %s \"%s\"" +msgstr "Упозорење: %s:%d:%d: циклус у „%s“ „%s“" + +#: plugins/sudoers/check_aliases.c:97 +#, c-format +msgid "Error: %s:%d:%d: %s \"%s\" referenced but not defined" +msgstr "Грешка: %s:%d:%d: упута за „%s“ „%s“ постоји али није одређена" -#: plugins/sudoers/check.c:306 plugins/sudoers/exptilde.c:85 -#: plugins/sudoers/iolog.c:118 plugins/sudoers/policy.c:1088 -#: plugins/sudoers/sudoers.c:440 plugins/sudoers/sudoers.c:1307 -#: plugins/sudoers/testsudoers.c:219 plugins/sudoers/testsudoers.c:386 +#: plugins/sudoers/check_aliases.c:98 #, c-format -msgid "unknown user: %s" -msgstr "непознат корисник: %s" +msgid "Warning: %s:%d:%d: %s \"%s\" referenced but not defined" +msgstr "Упозорење: %s:%d:%d: упута за „%s“ „%s“ постоји али није одређена" -#: plugins/sudoers/cvtsudoers.c:194 +#: plugins/sudoers/cvtsudoers.c:209 #, c-format msgid "order increment: %s: %s" msgstr "повећање поретка: %s: %s" -#: plugins/sudoers/cvtsudoers.c:210 +#: plugins/sudoers/cvtsudoers.c:228 #, c-format msgid "starting order: %s: %s" msgstr "поредак почетка: %s: %s" -#: plugins/sudoers/cvtsudoers.c:220 +#: plugins/sudoers/cvtsudoers.c:238 #, c-format msgid "order padding: %s: %s" msgstr "попуњавање поретка: %s: %s" -#: plugins/sudoers/cvtsudoers.c:230 plugins/sudoers/visudo.c:179 +#: plugins/sudoers/cvtsudoers.c:248 plugins/sudoers/visudo.c:179 #, c-format msgid "%s grammar version %d\n" msgstr "%s граматика издање %d\n" -#: plugins/sudoers/cvtsudoers.c:247 plugins/sudoers/testsudoers.c:167 +#: plugins/sudoers/cvtsudoers.c:277 plugins/sudoers/testsudoers.c:159 #, c-format msgid "unsupported input format %s" msgstr "неподржан запис улаза „%s“" -#: plugins/sudoers/cvtsudoers.c:262 +#: plugins/sudoers/cvtsudoers.c:295 #, c-format msgid "unsupported output format %s" msgstr "неподржан запис излаза „%s“" -#: plugins/sudoers/cvtsudoers.c:314 +#: plugins/sudoers/cvtsudoers.c:385 #, c-format msgid "%s: input and output files must be different" msgstr "%s: улазна датотека треба да се разликује од излазне" -#: plugins/sudoers/cvtsudoers.c:330 plugins/sudoers/sudoers.c:178 -#: plugins/sudoers/testsudoers.c:258 plugins/sudoers/visudo.c:249 -#: plugins/sudoers/visudo.c:603 plugins/sudoers/visudo.c:926 +#: plugins/sudoers/cvtsudoers.c:399 plugins/sudoers/sudoers.c:159 +#: plugins/sudoers/sudoers.c:205 plugins/sudoers/testsudoers.c:254 +#: plugins/sudoers/visudo.c:261 plugins/sudoers/visudo.c:620 +#: plugins/sudoers/visudo.c:953 msgid "unable to initialize sudoers default values" msgstr "не могу да покренем основне вредности судоерса" -#: plugins/sudoers/cvtsudoers.c:416 plugins/sudoers/ldap_conf.c:431 +#: plugins/sudoers/cvtsudoers.c:522 plugins/sudoers/ldap_conf.c:431 #, c-format msgid "%s: %s: %s: %s" msgstr "%s: %s: %s: %s" -#: plugins/sudoers/cvtsudoers.c:475 +#: plugins/sudoers/cvtsudoers.c:581 #, c-format -msgid "%s: unknown key word: %s" -msgstr "%s: непозната реч кључа: %s" +msgid "%s: unknown key word %s" +msgstr "%s: непозната реч кључа „%s“" -#: plugins/sudoers/cvtsudoers.c:521 +#: plugins/sudoers/cvtsudoers.c:627 #, c-format msgid "invalid defaults type: %s" msgstr "неисправна врста основности: %s" -#: plugins/sudoers/cvtsudoers.c:544 +#: plugins/sudoers/cvtsudoers.c:650 #, c-format msgid "invalid suppression type: %s" msgstr "неисправна врста потискивања: %s" -#: plugins/sudoers/cvtsudoers.c:584 plugins/sudoers/cvtsudoers.c:598 +#: plugins/sudoers/cvtsudoers.c:691 plugins/sudoers/cvtsudoers.c:707 #, c-format msgid "invalid filter: %s" msgstr "неисправан филтер: %s" -#: plugins/sudoers/cvtsudoers.c:617 plugins/sudoers/cvtsudoers.c:634 -#: plugins/sudoers/cvtsudoers.c:1244 plugins/sudoers/cvtsudoers_json.c:872 -#: plugins/sudoers/cvtsudoers_ldif.c:688 plugins/sudoers/sudoers.c:1053 -#: plugins/sudoers/sudoreplay.c:1435 plugins/sudoers/timestamp.c:441 -#: plugins/sudoers/tsdump.c:128 plugins/sudoers/visudo.c:922 -#, c-format -msgid "unable to open %s" -msgstr "не могу да отворим „%s“" - -#: plugins/sudoers/cvtsudoers.c:637 plugins/sudoers/visudo.c:931 +#: plugins/sudoers/cvtsudoers.c:751 plugins/sudoers/visudo.c:958 #, c-format msgid "failed to parse %s file, unknown error" msgstr "нисам успео да обрадим %s датотеку, непозната грешка" -#: plugins/sudoers/cvtsudoers.c:645 +#: plugins/sudoers/cvtsudoers.c:759 #, c-format msgid "parse error in %s near line %d\n" msgstr "грешка обраде у %s близу реда %d\n" -#: plugins/sudoers/cvtsudoers.c:648 +#: plugins/sudoers/cvtsudoers.c:762 #, c-format msgid "parse error in %s\n" msgstr "грешка обраде у %s\n" -#: plugins/sudoers/cvtsudoers.c:1291 plugins/sudoers/sudoreplay.c:1124 -#: plugins/sudoers/timestamp.c:325 plugins/sudoers/timestamp.c:328 +#: plugins/sudoers/cvtsudoers.c:1486 plugins/sudoers/sudoreplay.c:1145 +#: plugins/sudoers/timestamp.c:317 plugins/sudoers/timestamp.c:320 #, c-format msgid "unable to write to %s" msgstr "не могу да пишем у „%s“" -#: plugins/sudoers/cvtsudoers.c:1314 +#: plugins/sudoers/cvtsudoers.c:1509 #, c-format msgid "" "%s - convert between sudoers file formats\n" @@ -1251,7 +1695,7 @@ "%s – претвара међусобно записе датотеке судоерса\n" "\n" -#: plugins/sudoers/cvtsudoers.c:1316 +#: plugins/sudoers/cvtsudoers.c:1511 msgid "" "\n" "Options:\n" @@ -1291,33 +1735,75 @@ " -s, --suppress=одељци потискује излаз неких одељака\n" " -V, --version приказује податке о издању и излази" -#: plugins/sudoers/cvtsudoers_json.c:480 plugins/sudoers/cvtsudoers_json.c:514 -#: plugins/sudoers/cvtsudoers_json.c:713 -#, c-format -msgid "unknown defaults entry \"%s\"" -msgstr "непознат унос основности „%s“" - -#: plugins/sudoers/cvtsudoers_json.c:651 plugins/sudoers/cvtsudoers_json.c:664 -#: plugins/sudoers/cvtsudoers_ldif.c:346 plugins/sudoers/cvtsudoers_ldif.c:357 -#: plugins/sudoers/ldap.c:503 +#: plugins/sudoers/cvtsudoers_csv.c:452 plugins/sudoers/cvtsudoers_csv.c:466 +#: plugins/sudoers/cvtsudoers_json.c:654 plugins/sudoers/cvtsudoers_json.c:669 +#: plugins/sudoers/cvtsudoers_ldif.c:347 plugins/sudoers/cvtsudoers_ldif.c:360 +#: plugins/sudoers/ldap.c:504 msgid "unable to get GMT time" msgstr "не могу да добавим ГМТ време" -#: plugins/sudoers/cvtsudoers_json.c:654 plugins/sudoers/cvtsudoers_json.c:667 -#: plugins/sudoers/cvtsudoers_ldif.c:349 plugins/sudoers/cvtsudoers_ldif.c:360 -#: plugins/sudoers/ldap.c:509 +#: plugins/sudoers/cvtsudoers_csv.c:457 plugins/sudoers/cvtsudoers_csv.c:471 +#: plugins/sudoers/cvtsudoers_json.c:659 plugins/sudoers/cvtsudoers_json.c:674 +#: plugins/sudoers/cvtsudoers_ldif.c:352 plugins/sudoers/cvtsudoers_ldif.c:365 +#: plugins/sudoers/ldap.c:512 msgid "unable to format timestamp" msgstr "не могу да обликујем временску ознаку" -#: plugins/sudoers/cvtsudoers_ldif.c:640 +#: plugins/sudoers/cvtsudoers_json.c:480 plugins/sudoers/cvtsudoers_json.c:515 +#: plugins/sudoers/cvtsudoers_json.c:725 plugins/sudoers/defaults.c:189 +#, c-format +msgid "%s:%d:%d: unknown defaults entry \"%s\"" +msgstr "%s:%d:%d: непознат унос основности „%s“" + +#: plugins/sudoers/cvtsudoers_ldif.c:649 #, c-format msgid "too many sudoers entries, maximum %u" msgstr "превише уноса судоерса, највише %u" -#: plugins/sudoers/cvtsudoers_ldif.c:683 +#: plugins/sudoers/cvtsudoers_ldif.c:692 msgid "the SUDOERS_BASE environment variable is not set and the -b option was not specified." msgstr "променљива „SUDOERS_BASE“ окружења није постављена и „-b“ опција није наведена." +#: plugins/sudoers/cvtsudoers_merge.c:438 +#, c-format +msgid "unable to find alias %s" +msgstr "не могу да нађем алијас „%s“" + +#: plugins/sudoers/cvtsudoers_merge.c:441 +#, c-format +msgid "%s:%d:%d: renaming alias %s to %s" +msgstr "%s:%d:%d: преименујем алијаса „%s“ у „%s“" + +#: plugins/sudoers/cvtsudoers_merge.c:498 +#, c-format +msgid "%s:%d:%d: removing duplicate alias %s" +msgstr "%s:%d:%d: уклањам двоструког алијаса „%s“" + +#: plugins/sudoers/cvtsudoers_merge.c:658 +#, c-format +msgid "%s:%d:%d: conflicting Defaults entry \"%s\" host-specific in %s:%d:%d" +msgstr "%s:%d:%d: сукобљавајући унос основности „%s“ домаћину специфичан у „%s:%d:%d“" + +#: plugins/sudoers/cvtsudoers_merge.c:698 +#, c-format +msgid "%s:%d:%d: made Defaults \"%s\" specific to host %s" +msgstr "%s:%d:%d: правим основности „%s“ специфичне домаћину „%s“" + +#: plugins/sudoers/cvtsudoers_merge.c:718 +#, c-format +msgid "%s:%d:%d: removing Defaults \"%s\" overridden by subsequent entries" +msgstr "%s:%d:%d: уклањам основности „%s“ преписане следећим уносима" + +#: plugins/sudoers/cvtsudoers_merge.c:723 +#, c-format +msgid "%s:%d:%d: unable to make Defaults \"%s\" host-specific" +msgstr "%s:%d:%d: не могу да учиним основности „%s“ домаћину специфичне" + +#: plugins/sudoers/cvtsudoers_merge.c:943 +#, c-format +msgid "%s:%d:%d: removing userspec overridden by subsequent entries" +msgstr "%s:%d:%d: уклањам корисничку специфичност преписану следећим уносима" + #: plugins/sudoers/def_data.c:50 #, c-format msgid "Syslog facility if syslog is being used for logging: %s" @@ -1897,95 +2383,194 @@ msgid "The format of logs to produce: %s" msgstr "Формат резултирајућих дневника: %s" -#: plugins/sudoers/defaults.c:185 +#: plugins/sudoers/def_data.c:574 +msgid "Enable SELinux RBAC support" +msgstr "Укључује СЕЛинукс РБАЦ подршку" + +#: plugins/sudoers/def_data.c:578 #, c-format -msgid "%s:%d:%d: unknown defaults entry \"%s\"" -msgstr "%s:%d:%d: непознат унос основности „%s“" +msgid "Path to the file that is created the first time sudo is run: %s" +msgstr "Путања до датотеке која је створена приликом првог покретања судоа: %s" + +#: plugins/sudoers/def_data.c:582 +msgid "Intercept further commands and apply sudoers restrictions to them" +msgstr "Пресреће будуће наредбе и примењује „sudoers“ ограничења на њима" + +#: plugins/sudoers/def_data.c:586 +msgid "Log sub-commands run by the original command" +msgstr "Бележи поднаредбе које покрене изворна наредба" + +#: plugins/sudoers/def_data.c:590 +msgid "Log the exit status of commands" +msgstr "Бележи стање излаза наредбе" + +#: plugins/sudoers/def_data.c:594 +msgid "Subsequent commands in an intercepted session must be authenticated" +msgstr "Наредне наредбе у пресретнутој сесији морају бити аутентификоване" + +#: plugins/sudoers/def_data.c:598 +msgid "Allow an intercepted command to run set setuid or setgid programs" +msgstr "Омогућава пресретнутој наредби да покрене поставку „setuid“ или „setgid“ програма" + +#: plugins/sudoers/def_data.c:602 +#, c-format +msgid "The maximum size to which the process's address space may grow (in bytes): %s" +msgstr "Највећа величина до које може да нарасте адресни простор процеса (у бајтовима): %s" + +#: plugins/sudoers/def_data.c:606 +#, c-format +msgid "The largest size core dump file that may be created (in bytes): %s" +msgstr "Највећа величина избачаја датотеке језгра која се може направити (у бајтовима): %s" + +#: plugins/sudoers/def_data.c:610 +#, c-format +msgid "The maximum amount of CPU time that the process may use (in seconds): %s" +msgstr "Највећа количина времена процесора које процес може да користи (у секундама): %s" + +#: plugins/sudoers/def_data.c:614 +#, c-format +msgid "The maximum size of the data segment for the process (in bytes): %s" +msgstr "Највећа величина сегмента података за процес (у бајтовима): %s" -#: plugins/sudoers/defaults.c:188 +#: plugins/sudoers/def_data.c:618 +#, c-format +msgid "The largest size file that the process may create (in bytes): %s" +msgstr "Највећа величина датотеке коју процес може да направи (у бајтовима): %s" + +#: plugins/sudoers/def_data.c:622 +#, c-format +msgid "The maximum number of locks that the process may establish: %s" +msgstr "Највећи број закључавања која процес може да успостави: %s" + +#: plugins/sudoers/def_data.c:626 +#, c-format +msgid "The maximum size that the process may lock in memory (in bytes): %s" +msgstr "Највећа величина коју процес може да закључа у меморији (у бајтовима): %s" + +#: plugins/sudoers/def_data.c:630 +#, c-format +msgid "The maximum number of files that the process may have open: %s" +msgstr "Највећи број датотека које процес може да отвори: %s" + +#: plugins/sudoers/def_data.c:634 +#, c-format +msgid "The maximum number of processes that the user may run simultaneously: %s" +msgstr "Највећи број процеса које корисник може да покрене истовремено: %s" + +#: plugins/sudoers/def_data.c:638 +#, c-format +msgid "The maximum size to which the process's resident set size may grow (in bytes): %s" +msgstr "Највећа величина до које може да нарасте резидентна величина скупа процеса (у бајтовима): %s" + +#: plugins/sudoers/def_data.c:642 +#, c-format +msgid "The maximum size to which the process's stack may grow (in bytes): %s" +msgstr "Највећа величина до које може да нарасте спремник процеса (у бајтовима): %s" + +#: plugins/sudoers/defaults.c:192 #, c-format msgid "%s: unknown defaults entry \"%s\"" msgstr "%s: непознат унос основности „%s“" -#: plugins/sudoers/defaults.c:234 +#: plugins/sudoers/defaults.c:241 #, c-format msgid "%s:%d:%d: no value specified for \"%s\"" msgstr "%s:%d:%d: није наведена вредност за „%s“" -#: plugins/sudoers/defaults.c:237 +#: plugins/sudoers/defaults.c:244 #, c-format msgid "%s: no value specified for \"%s\"" msgstr "%s: није наведена вредност за „%s“" -#: plugins/sudoers/defaults.c:275 +#: plugins/sudoers/defaults.c:257 +#, c-format +msgid "%s:%d:%d: invalid operator \"%c=\" for \"%s\"" +msgstr "%s:%d:%d: неисправан оператор „%c=“ за „%s“" + +#: plugins/sudoers/defaults.c:260 +#, c-format +msgid "%s: invalid operator \"%c=\" for \"%s\"" +msgstr "%s: неисправан оператор „%c=“ за „%s“" + +#: plugins/sudoers/defaults.c:296 #, c-format msgid "%s:%d:%d: option \"%s\" does not take a value" msgstr "%s:%d:%d: опција „%s“ не узима вредност" -#: plugins/sudoers/defaults.c:278 +#: plugins/sudoers/defaults.c:299 #, c-format msgid "%s: option \"%s\" does not take a value" msgstr "%s: опција „%s“ не узима вредност" -#: plugins/sudoers/defaults.c:303 +#: plugins/sudoers/defaults.c:327 #, c-format msgid "%s:%d:%d: invalid Defaults type 0x%x for option \"%s\"" msgstr "%s:%d:%d: неисправна врста основности 0x%x за опцију „%s“" -#: plugins/sudoers/defaults.c:306 +#: plugins/sudoers/defaults.c:330 #, c-format msgid "%s: invalid Defaults type 0x%x for option \"%s\"" msgstr "%s: неисправна врста основности 0x%x за опцију „%s“" -#: plugins/sudoers/defaults.c:316 +#: plugins/sudoers/defaults.c:340 #, c-format msgid "%s:%d:%d: value \"%s\" is invalid for option \"%s\"" msgstr "%s:%d:%d: вредност „%s“ је неисправна за опцију „%s“" -#: plugins/sudoers/defaults.c:319 +#: plugins/sudoers/defaults.c:343 #, c-format msgid "%s: value \"%s\" is invalid for option \"%s\"" msgstr "%s: вредност „%s“ је неисправна за опцију „%s“" -#: plugins/sudoers/defaults.c:1030 +#: plugins/sudoers/defaults.c:1124 +#, c-format +msgid "%s:%d:%d: path name for \"%s\" too long" +msgstr "%s:%d:%d: назив путање за „%s“ је предуг" + +#: plugins/sudoers/defaults.c:1127 +#, c-format +msgid "%s: path name for \"%s\" too long" +msgstr "%s: назив путање за „%s“ је предуг" + +#: plugins/sudoers/defaults.c:1138 #, c-format msgid "%s:%d:%d: values for \"%s\" must start with a '/', '~', or '*'" msgstr "%s:%d:%d: вредност за „%s“ мора да почиње са /, ~ или *" -#: plugins/sudoers/defaults.c:1034 +#: plugins/sudoers/defaults.c:1142 #, c-format msgid "%s: values for \"%s\" must start with a '/', '~', or '*'" msgstr "%s: вредност за „%s“ мора да почиње са /, ~ или *" -#: plugins/sudoers/defaults.c:1045 +#: plugins/sudoers/defaults.c:1153 #, c-format msgid "%s:%d:%d: values for \"%s\" must start with a '/'" msgstr "%s:%d:%d: вредност за „%s“ мора да почиње са /" -#: plugins/sudoers/defaults.c:1049 +#: plugins/sudoers/defaults.c:1157 #, c-format msgid "%s: values for \"%s\" must start with a '/'" msgstr "%s: вредност за „%s“ мора да почиње /" -#: plugins/sudoers/env.c:405 +#: plugins/sudoers/env.c:412 msgid "sudo_putenv: corrupted envp, length mismatch" msgstr "sudo_putenv: оштећено стави окружење, дужине не одговарају" -#: plugins/sudoers/env.c:1133 +#: plugins/sudoers/env.c:1095 msgid "unable to rebuild the environment" msgstr "не могу поново да изградим окружење" -#: plugins/sudoers/env.c:1207 +#: plugins/sudoers/env.c:1169 #, c-format msgid "sorry, you are not allowed to set the following environment variables: %s" msgstr "извините, није вам дозвољено да подесите следеће променљиве окружења: %s" -#: plugins/sudoers/file.c:107 +#: plugins/sudoers/file.c:108 #, c-format msgid "parse error in %s near line %d" msgstr "грешка обраде у %s близу реда %d" -#: plugins/sudoers/file.c:110 +#: plugins/sudoers/file.c:111 #, c-format msgid "parse error in %s" msgstr "грешка обраде у %s" @@ -2010,7 +2595,7 @@ msgid "%s must only be writable by owner" msgstr "Само корисник може да пише у „%s“" -#: plugins/sudoers/group_plugin.c:96 plugins/sudoers/sssd.c:569 +#: plugins/sudoers/group_plugin.c:96 plugins/sudoers/sssd.c:566 #, c-format msgid "unable to load %s: %s" msgstr "не могу да учитам %s: %s" @@ -2025,56 +2610,51 @@ msgid "%s: incompatible group plugin major version %d, expected %d" msgstr "%s: несагласно веће издање прикључка групе %d, очекивано је %d" -#: plugins/sudoers/interfaces.c:80 plugins/sudoers/interfaces.c:97 +#: plugins/sudoers/interfaces.c:76 plugins/sudoers/interfaces.c:93 #, c-format msgid "unable to parse IP address \"%s\"" msgstr "не могу да обрадим ИП адресу „%s“" -#: plugins/sudoers/interfaces.c:85 plugins/sudoers/interfaces.c:102 +#: plugins/sudoers/interfaces.c:81 plugins/sudoers/interfaces.c:98 #, c-format msgid "unable to parse netmask \"%s\"" msgstr "не могу да обрадим мрежну маску „%s“" -#: plugins/sudoers/interfaces.c:130 +#: plugins/sudoers/interfaces.c:126 msgid "Local IP address and netmask pairs:\n" msgstr "Месна ИП адреса и парови мрежне маске:\n" -#: plugins/sudoers/iolog.c:143 plugins/sudoers/sudoers.c:445 -#: plugins/sudoers/sudoers.c:1341 plugins/sudoers/testsudoers.c:410 -#, c-format -msgid "unknown group: %s" -msgstr "непозната група: %s" - -#: plugins/sudoers/iolog.c:622 +#: plugins/sudoers/iolog.c:626 msgid "unable to update sequence file" msgstr "не могу да освежим датотеку низа" -#: plugins/sudoers/iolog.c:653 plugins/sudoers/iolog.c:841 -#: plugins/sudoers/iolog.c:994 plugins/sudoers/iolog.c:1001 -#: plugins/sudoers/iolog.c:1122 plugins/sudoers/iolog.c:1129 -#: plugins/sudoers/iolog.c:1228 plugins/sudoers/iolog.c:1235 +#: plugins/sudoers/iolog.c:660 plugins/sudoers/iolog.c:848 +#: plugins/sudoers/iolog.c:1001 plugins/sudoers/iolog.c:1008 +#: plugins/sudoers/iolog.c:1129 plugins/sudoers/iolog.c:1136 +#: plugins/sudoers/iolog.c:1235 plugins/sudoers/iolog.c:1242 #, c-format msgid "unable to write to I/O log file: %s" msgstr "не могу да пишем у датотеку дневника У/И: %s" -#: plugins/sudoers/iolog.c:661 +#: plugins/sudoers/iolog.c:668 #, c-format msgid "unable to create %s/%s" msgstr "не могу да направим „%s/%s“" -#: plugins/sudoers/iolog.c:886 +#: plugins/sudoers/iolog.c:893 #, c-format msgid "%s: internal error, I/O log file for event %d not open" msgstr "%s: унутрашња грешка, датотека У/И дневника за догађај %d није отворена" -#: plugins/sudoers/iolog.c:979 plugins/sudoers/iolog.c:1107 -#: plugins/sudoers/iolog.c:1212 plugins/sudoers/timestamp.c:855 -#: plugins/sudoers/timestamp.c:947 plugins/sudoers/visudo.c:493 -#: plugins/sudoers/visudo.c:499 +#: plugins/sudoers/iolog.c:986 plugins/sudoers/iolog.c:1114 +#: plugins/sudoers/iolog.c:1219 plugins/sudoers/timestamp.c:849 +#: plugins/sudoers/timestamp.c:941 plugins/sudoers/visudo.c:510 +#: plugins/sudoers/visudo.c:516 msgid "unable to read the clock" msgstr "не могу да прочитам сат" -#: plugins/sudoers/iolog.c:1204 plugins/sudoers/log_client.c:1193 +#: plugins/sudoers/iolog.c:1211 plugins/sudoers/log_client.c:1221 +#: plugins/sudoers/log_client.c:1231 plugins/sudoers/log_client.c:1235 #, c-format msgid "%s: internal error, invalid signal %d" msgstr "%s: унутрашња грешка, неисправан сигнал %d" @@ -2093,16 +2673,16 @@ msgid "you must set TLS_CERT in %s to use SSL" msgstr "морате да подесите „TLS_CERT“ у „%s“ да користите ССЛ" -#: plugins/sudoers/ldap.c:1660 +#: plugins/sudoers/ldap.c:1663 #, c-format msgid "unable to initialize LDAP: %s" msgstr "не могу да покренем ЛДАП: %s" -#: plugins/sudoers/ldap.c:1697 +#: plugins/sudoers/ldap.c:1700 msgid "start_tls specified but LDAP libs do not support ldap_start_tls_s() or ldap_start_tls_s_np()" msgstr "„start_tls“ је наведено али ЛДАП библиотеке не подржавају „ldap_start_tls_s()“ или „ldap_start_tls_s_np()“" -#: plugins/sudoers/ldap.c:1834 plugins/sudoers/parse_ldif.c:744 +#: plugins/sudoers/ldap.c:1837 plugins/sudoers/parse_ldif.c:747 #, c-format msgid "invalid sudoOrder attribute: %s" msgstr "неисправна особина „sudoOrder“: %s" @@ -2121,100 +2701,132 @@ msgid "unable to mix ldap and ldaps URIs" msgstr "не могу да помешам лдап и лдапс путање" -#: plugins/sudoers/ldap_util.c:553 plugins/sudoers/ldap_util.c:555 +#: plugins/sudoers/ldap_util.c:498 plugins/sudoers/ldap_util.c:505 +#: plugins/sudoers/ldap_util.c:513 plugins/sudoers/ldap_util.c:522 +#: plugins/sudoers/ldap_util.c:530 plugins/sudoers/ldap_util.c:540 +#: plugins/sudoers/ldap_util.c:548 +#, c-format +msgid "duplicate sudoOption: %s%s%s" +msgstr "двострука судо опција: %s%s%s" + +#: plugins/sudoers/ldap_util.c:567 plugins/sudoers/ldap_util.c:569 #, c-format msgid "unable to convert sudoOption: %s%s%s" msgstr "не могу да претворим „sudoOption“: %s%s%s" -#: plugins/sudoers/linux_audit.c:58 +#: plugins/sudoers/linux_audit.c:58 plugins/sudoers/linux_audit.c:60 msgid "unable to open audit system" msgstr "не могу да отворим систем прегледа" -#: plugins/sudoers/linux_audit.c:101 +#: plugins/sudoers/linux_audit.c:103 msgid "unable to send audit message" msgstr "не могу да пошаљем поруку прегледа" -#: plugins/sudoers/log_client.c:113 plugins/sudoers/log_client.c:391 -#: plugins/sudoers/log_client.c:1431 plugins/sudoers/log_client.c:2023 +#: plugins/sudoers/log_client.c:120 plugins/sudoers/log_client.c:400 +#: plugins/sudoers/log_client.c:1468 plugins/sudoers/log_client.c:2070 msgid "error in event loop" msgstr "грешка у петљи догађаја" -#: plugins/sudoers/log_client.c:193 +#: plugins/sudoers/log_client.c:200 #, c-format msgid "Creation of new SSL_CTX object failed: %s" msgstr "Стварање новог „SSL_CTX“ објекта није успело: %s" -#: plugins/sudoers/log_client.c:345 plugins/sudoers/log_client.c:350 +#: plugins/sudoers/log_client.c:223 +#, c-format +msgid "unable to load certificate authority bundle %s" +msgstr "не могу да учитам комплет ауторитета уверења „%s“" + +#: plugins/sudoers/log_client.c:243 +#, c-format +msgid "unable to load certificate %s" +msgstr "не могу да учитам уверење „%s“" + +#: plugins/sudoers/log_client.c:256 +#, c-format +msgid "unable to load private key %s" +msgstr "не могу да учитам лични кључ „%s“" + +#: plugins/sudoers/log_client.c:265 +#, c-format +msgid "Unable to allocate ssl object: %s" +msgstr "Не могу да доделим ссл објекат: %s" + +#: plugins/sudoers/log_client.c:353 plugins/sudoers/log_client.c:358 #, c-format msgid "TLS connection to %s:%s failed: %s" msgstr "ТЛС повезивање са „%s:%s“ није успело: %s" -#: plugins/sudoers/log_client.c:519 +#: plugins/sudoers/log_client.c:531 msgid "TLS initialization was unsuccessful" msgstr "ТЛС покретање беше безуспешно" -#: plugins/sudoers/log_client.c:528 +#: plugins/sudoers/log_client.c:541 msgid "TLS handshake was unsuccessful" msgstr "ТЛС руковање беше безуспешно" -#: plugins/sudoers/log_client.c:1202 +#: plugins/sudoers/log_client.c:1239 #, c-format msgid "%s: internal error, invalid exit status %d" msgstr "%s: унутрашња грешка, неисправно излазно стање %d" -#: plugins/sudoers/log_client.c:1738 +#: plugins/sudoers/log_client.c:1608 +msgid "unable to unpack ServerMessage" +msgstr "не могу да отпакујем „Поруку_сервера“" + +#: plugins/sudoers/log_client.c:1763 plugins/sudoers/log_client.c:1787 msgid "lost connection to log server" msgstr "изгубих везу са сервером дневника" -#: plugins/sudoers/log_client.c:1815 +#: plugins/sudoers/log_client.c:1864 msgid "missing write buffer" msgstr "недостаје међумеморија писања" -#: plugins/sudoers/log_client.c:1964 +#: plugins/sudoers/log_client.c:2011 msgid "unable to connect to log server" msgstr "не могу да се повежем на сервер дневника" -#: plugins/sudoers/logging.c:244 +#: plugins/sudoers/logging.c:286 msgid "user NOT in sudoers" msgstr "корисник НИЈЕ у судоерсу" -#: plugins/sudoers/logging.c:246 +#: plugins/sudoers/logging.c:288 msgid "user NOT authorized on host" msgstr "корисник НИЈЕ овлашћен на домаћину" -#: plugins/sudoers/logging.c:248 +#: plugins/sudoers/logging.c:290 msgid "command not allowed" msgstr "наредба није допуштена" -#: plugins/sudoers/logging.c:269 +#: plugins/sudoers/logging.c:311 #, c-format msgid "%s is not in the sudoers file. This incident will be reported.\n" msgstr "„%s“ се не налази у датотеци судоерса. О овом инциденту ће бити поднет извештај.\n" -#: plugins/sudoers/logging.c:272 +#: plugins/sudoers/logging.c:314 #, c-format msgid "%s is not allowed to run sudo on %s. This incident will be reported.\n" msgstr "„%s“ нема права да покрене судо над „%s“. О овом инциденту ће бити поднет извештај.\n" -#: plugins/sudoers/logging.c:276 +#: plugins/sudoers/logging.c:318 #, c-format msgid "Sorry, user %s may not run sudo on %s.\n" msgstr "Извините, корисник %s не може покренути судо на %s.\n" -#: plugins/sudoers/logging.c:279 +#: plugins/sudoers/logging.c:321 #, c-format msgid "Sorry, user %s is not allowed to execute '%s%s%s' as %s%s%s on %s.\n" msgstr "Извините, кориснику %s није дозвољено да изврши „%s%s%s“ као %s%s%s на %s.\n" -#: plugins/sudoers/logging.c:316 plugins/sudoers/sudoers.c:583 -#: plugins/sudoers/sudoers.c:585 plugins/sudoers/sudoers.c:587 -#: plugins/sudoers/sudoers.c:589 plugins/sudoers/sudoers.c:739 -#: plugins/sudoers/sudoers.c:741 +#: plugins/sudoers/logging.c:358 plugins/sudoers/sudoers.c:629 +#: plugins/sudoers/sudoers.c:631 plugins/sudoers/sudoers.c:633 +#: plugins/sudoers/sudoers.c:635 plugins/sudoers/sudoers.c:785 +#: plugins/sudoers/sudoers.c:787 #, c-format msgid "%s: command not found" msgstr "%s: нема такве наредбе" -#: plugins/sudoers/logging.c:318 plugins/sudoers/sudoers.c:579 +#: plugins/sudoers/logging.c:360 plugins/sudoers/sudoers.c:625 #, c-format msgid "" "ignoring \"%s\" found in '.'\n" @@ -2223,7 +2835,7 @@ "занемарујем „%s“ пронађено у „.“\n" "Користите „sudo ./%s“ ако је то „%s“ које желите да покренете." -#: plugins/sudoers/logging.c:337 +#: plugins/sudoers/logging.c:379 #, c-format msgid "%u incorrect password attempt" msgid_plural "%u incorrect password attempts" @@ -2231,20 +2843,15 @@ msgstr[1] "%u покушаја нетачне лозинке" msgstr[2] "%u покушаја нетачне лозинке" -#: plugins/sudoers/logging.c:393 +#: plugins/sudoers/logging.c:435 msgid "authentication failure" msgstr "потврђивање идентитета није успело" -#: plugins/sudoers/logging.c:433 plugins/sudoers/logging.c:453 +#: plugins/sudoers/logging.c:475 plugins/sudoers/logging.c:495 msgid "a password is required" msgstr "потребна је лозинка" -#: plugins/sudoers/logging.c:729 -#, c-format -msgid "unable to open log file: %s" -msgstr "не могу да отворим датотеку дневника: %s" - -#: plugins/sudoers/logging.c:762 +#: plugins/sudoers/logging.c:889 #, c-format msgid "unable to write log file: %s" msgstr "не могу да запишем датотеку дневника: %s" @@ -2254,7 +2861,15 @@ msgid "digest for %s (%s) is not in %s form" msgstr "приказ за %s (%s) није у %s облику" -#: plugins/sudoers/parse.c:518 +#: plugins/sudoers/parse.c:233 +msgid "SELinux RBAC is not supported when intercept mode is enabled" +msgstr "„SELinux RBAC“ није подржано када је укључен режим пресретања" + +#: plugins/sudoers/parse.c:238 +msgid "SELinux RBAC is not supported when the log_subcmds flag is enabled" +msgstr "„SELinux RBAC“ није подржано када је укључена заставица „log_subcmds“" + +#: plugins/sudoers/parse.c:549 #, c-format msgid "" "\n" @@ -2263,7 +2878,7 @@ "\n" "ЛДАП улога: %s\n" -#: plugins/sudoers/parse.c:521 +#: plugins/sudoers/parse.c:552 msgid "" "\n" "Sudoers entry:\n" @@ -2271,104 +2886,115 @@ "\n" "Унос судоерса:\n" -#: plugins/sudoers/parse.c:523 +#: plugins/sudoers/parse.c:554 msgid " RunAsUsers: " msgstr " „Покрени-као“ корисници: " -#: plugins/sudoers/parse.c:538 +#: plugins/sudoers/parse.c:569 msgid " RunAsGroups: " msgstr " „Покрени-као“ групе: " -#: plugins/sudoers/parse.c:548 +#: plugins/sudoers/parse.c:579 msgid " Options: " msgstr " Опције: " -#: plugins/sudoers/parse.c:602 +#: plugins/sudoers/parse.c:643 msgid " Commands:\n" msgstr " Наредбе:\n" -#: plugins/sudoers/parse.c:793 +#: plugins/sudoers/parse.c:834 #, c-format msgid "Matching Defaults entries for %s on %s:\n" msgstr "Упоређује уносе основности за „%s“ на %s:\n" -#: plugins/sudoers/parse.c:811 +#: plugins/sudoers/parse.c:852 #, c-format msgid "Runas and Command-specific defaults for %s:\n" msgstr "Покрени-као и Наредбено-посебне основности за „%s“:\n" -#: plugins/sudoers/parse.c:829 +#: plugins/sudoers/parse.c:870 #, c-format msgid "User %s may run the following commands on %s:\n" msgstr "Корисник „%s“ може да покреће следеће наредбе на %s:\n" -#: plugins/sudoers/parse.c:844 +#: plugins/sudoers/parse.c:885 #, c-format msgid "User %s is not allowed to run sudo on %s.\n" msgstr "Корисник „%s“ нема права да покрене судо над „%s“.\n" -#: plugins/sudoers/parse_ldif.c:614 +#: plugins/sudoers/parse_ldif.c:617 #, c-format msgid "ignoring incomplete sudoRole: cn: %s" msgstr "занемарујем непотпуно „sudoRole“: cn: %s" -#: plugins/sudoers/parse_ldif.c:674 +#: plugins/sudoers/parse_ldif.c:677 #, c-format msgid "invalid LDIF attribute: %s" msgstr "неисправна особина „LDIF“: %s" -#: plugins/sudoers/policy.c:78 plugins/sudoers/policy.c:102 +#: plugins/sudoers/policy.c:80 plugins/sudoers/policy.c:111 #, c-format msgid "invalid %.*s set by sudo front-end" msgstr "судо челник је поставио неисправну „%.*s“" -#: plugins/sudoers/policy.c:310 plugins/sudoers/testsudoers.c:272 +#: plugins/sudoers/policy.c:206 plugins/sudoers/policy.c:215 +#, c-format +msgid "path name for \"%s\" too long" +msgstr "назив путање за „%s“ је предуг" + +#: plugins/sudoers/policy.c:328 plugins/sudoers/testsudoers.c:268 msgid "unable to parse network address list" msgstr "не могу да обрадим списак адреса мреже" -#: plugins/sudoers/policy.c:455 +#: plugins/sudoers/policy.c:479 msgid "user name not set by sudo front-end" msgstr "судо челник није поставио име корисника" -#: plugins/sudoers/policy.c:459 +#: plugins/sudoers/policy.c:483 msgid "user-ID not set by sudo front-end" msgstr "судо челник није поставио ИБ корисника" -#: plugins/sudoers/policy.c:463 +#: plugins/sudoers/policy.c:487 msgid "group-ID not set by sudo front-end" msgstr "судо челник није поставио ИБ групе" -#: plugins/sudoers/policy.c:467 +#: plugins/sudoers/policy.c:491 msgid "host name not set by sudo front-end" msgstr "судо челник није поставио назив домаћина" -#: plugins/sudoers/policy.c:643 +#: plugins/sudoers/policy.c:693 #, c-format msgid "invalid working directory: %s" msgstr "неисправан радни директоријум: %s" -#: plugins/sudoers/policy.c:811 +#: plugins/sudoers/policy.c:869 #, c-format msgid "invalid chroot directory: %s" msgstr "неисправан „chroot“ директоријум: %s" -#: plugins/sudoers/policy.c:947 plugins/sudoers/visudo.c:231 -#: plugins/sudoers/visudo.c:860 +#: plugins/sudoers/policy.c:1051 plugins/sudoers/visudo.c:243 +#: plugins/sudoers/visudo.c:880 #, c-format msgid "unable to execute %s" msgstr "не могу да извршим „%s“" -#: plugins/sudoers/policy.c:1111 +#: plugins/sudoers/policy.c:1121 plugins/sudoers/policy.c:1158 +#: plugins/sudoers/policy.c:1180 plugins/sudoers/policy.c:1206 +#, c-format +msgid "%s: invalid mode flags from sudo front end: 0x%x" +msgstr "%s: неисправне заставице од судо челника: 0×%x" + +#: plugins/sudoers/policy.c:1237 #, c-format msgid "Sudoers policy plugin version %s\n" msgstr "Издање %s прикључка политике судоерса\n" -#: plugins/sudoers/policy.c:1113 +#: plugins/sudoers/policy.c:1239 #, c-format msgid "Sudoers file grammar version %d\n" msgstr "Граматика датотеке судоерса издање %d\n" -#: plugins/sudoers/policy.c:1117 +#: plugins/sudoers/policy.c:1243 #, c-format msgid "" "\n" @@ -2377,132 +3003,137 @@ "\n" "Путања судоерса: %s\n" -#: plugins/sudoers/policy.c:1120 +#: plugins/sudoers/policy.c:1246 #, c-format msgid "nsswitch path: %s\n" msgstr "путања нс-прекидача: %s\n" -#: plugins/sudoers/policy.c:1122 +#: plugins/sudoers/policy.c:1248 #, c-format msgid "ldap.conf path: %s\n" msgstr "путања лдап.подешавања: %s\n" -#: plugins/sudoers/policy.c:1123 +#: plugins/sudoers/policy.c:1249 #, c-format msgid "ldap.secret path: %s\n" msgstr "путања лдап.тајне: %s\n" -#: plugins/sudoers/policy.c:1156 +#: plugins/sudoers/policy.c:1282 #, c-format msgid "unable to register hook of type %d (version %d.%d)" msgstr "немогу да региструјем прикачку врсте „%d“ (издање %d.%d)" -#: plugins/sudoers/pwutil.c:217 plugins/sudoers/pwutil.c:235 +#: plugins/sudoers/policy.c:1300 +#, c-format +msgid "unable to deregister hook of type %d (version %d.%d)" +msgstr "немогу да поништим регистровање прикачке врсте „%d“ (издање %d.%d)" + +#: plugins/sudoers/pwutil.c:222 plugins/sudoers/pwutil.c:240 #, c-format msgid "unable to cache uid %u" msgstr "не могу да сместим у оставу јиб „%u“" -#: plugins/sudoers/pwutil.c:229 +#: plugins/sudoers/pwutil.c:234 #, c-format msgid "unable to cache uid %u, already exists" msgstr "не могу да сместим у оставу јиб „%u“, већ постоји" -#: plugins/sudoers/pwutil.c:289 plugins/sudoers/pwutil.c:307 -#: plugins/sudoers/pwutil.c:370 plugins/sudoers/pwutil.c:415 +#: plugins/sudoers/pwutil.c:294 plugins/sudoers/pwutil.c:312 +#: plugins/sudoers/pwutil.c:375 plugins/sudoers/pwutil.c:420 #, c-format msgid "unable to cache user %s" msgstr "не могу да сместим у оставу корисника „%s“" -#: plugins/sudoers/pwutil.c:302 +#: plugins/sudoers/pwutil.c:307 #, c-format msgid "unable to cache user %s, already exists" msgstr "не могу да сместим у оставу корисника „%s“, већ постоји" -#: plugins/sudoers/pwutil.c:534 plugins/sudoers/pwutil.c:552 +#: plugins/sudoers/pwutil.c:539 plugins/sudoers/pwutil.c:557 #, c-format msgid "unable to cache gid %u" msgstr "не могу да сместим у оставу гиб „%u“" -#: plugins/sudoers/pwutil.c:546 +#: plugins/sudoers/pwutil.c:551 #, c-format msgid "unable to cache gid %u, already exists" msgstr "не могу да сместим у оставу гиб „%u“, већ постоји" -#: plugins/sudoers/pwutil.c:599 plugins/sudoers/pwutil.c:617 -#: plugins/sudoers/pwutil.c:665 plugins/sudoers/pwutil.c:707 +#: plugins/sudoers/pwutil.c:605 plugins/sudoers/pwutil.c:623 +#: plugins/sudoers/pwutil.c:684 plugins/sudoers/pwutil.c:733 #, c-format msgid "unable to cache group %s" msgstr "не могу да сместим у оставу групу „%s“" -#: plugins/sudoers/pwutil.c:612 +#: plugins/sudoers/pwutil.c:618 #, c-format msgid "unable to cache group %s, already exists" msgstr "не могу да сместим у оставу групу „%s“, већ постоји" -#: plugins/sudoers/pwutil.c:834 plugins/sudoers/pwutil.c:885 -#: plugins/sudoers/pwutil.c:935 plugins/sudoers/pwutil.c:987 +#: plugins/sudoers/pwutil.c:880 plugins/sudoers/pwutil.c:931 +#: plugins/sudoers/pwutil.c:981 plugins/sudoers/pwutil.c:1033 #, c-format msgid "unable to cache group list for %s, already exists" msgstr "не могу да сместим у оставу списак групе за „%s“, већ постоји" -#: plugins/sudoers/pwutil.c:840 plugins/sudoers/pwutil.c:890 -#: plugins/sudoers/pwutil.c:941 plugins/sudoers/pwutil.c:992 +#: plugins/sudoers/pwutil.c:886 plugins/sudoers/pwutil.c:936 +#: plugins/sudoers/pwutil.c:987 plugins/sudoers/pwutil.c:1038 #, c-format msgid "unable to cache group list for %s" msgstr "не могу да сместим у оставу списак групе за „%s“" -#: plugins/sudoers/pwutil.c:879 +#: plugins/sudoers/pwutil.c:925 #, c-format msgid "unable to parse groups for %s" msgstr "не могу да обрадим групе за „%s“" -#: plugins/sudoers/pwutil.c:981 +#: plugins/sudoers/pwutil.c:1027 #, c-format msgid "unable to parse gids for %s" msgstr "не могу да обрадим гид-ове за „%s“" -#: plugins/sudoers/set_perms.c:114 plugins/sudoers/set_perms.c:441 -#: plugins/sudoers/set_perms.c:844 plugins/sudoers/set_perms.c:1150 -#: plugins/sudoers/set_perms.c:1444 +#: plugins/sudoers/set_perms.c:114 plugins/sudoers/set_perms.c:445 +#: plugins/sudoers/set_perms.c:852 plugins/sudoers/set_perms.c:1162 +#: plugins/sudoers/set_perms.c:1460 msgid "perm stack overflow" msgstr "стално прекорачење спремника" -#: plugins/sudoers/set_perms.c:122 plugins/sudoers/set_perms.c:372 -#: plugins/sudoers/set_perms.c:449 plugins/sudoers/set_perms.c:711 -#: plugins/sudoers/set_perms.c:852 plugins/sudoers/set_perms.c:1074 -#: plugins/sudoers/set_perms.c:1158 plugins/sudoers/set_perms.c:1377 -#: plugins/sudoers/set_perms.c:1452 plugins/sudoers/set_perms.c:1542 +#: plugins/sudoers/set_perms.c:125 plugins/sudoers/set_perms.c:376 +#: plugins/sudoers/set_perms.c:456 plugins/sudoers/set_perms.c:719 +#: plugins/sudoers/set_perms.c:863 plugins/sudoers/set_perms.c:1086 +#: plugins/sudoers/set_perms.c:1173 plugins/sudoers/set_perms.c:1393 +#: plugins/sudoers/set_perms.c:1471 plugins/sudoers/set_perms.c:1562 msgid "perm stack underflow" msgstr "стално поткорачење спремника" -#: plugins/sudoers/set_perms.c:181 plugins/sudoers/set_perms.c:495 -#: plugins/sudoers/set_perms.c:1211 plugins/sudoers/set_perms.c:1485 +#: plugins/sudoers/set_perms.c:185 plugins/sudoers/set_perms.c:503 +#: plugins/sudoers/set_perms.c:1227 plugins/sudoers/set_perms.c:1505 msgid "unable to change to root gid" msgstr "не могу да пређем на гиб администратора" -#: plugins/sudoers/set_perms.c:272 plugins/sudoers/set_perms.c:592 -#: plugins/sudoers/set_perms.c:983 plugins/sudoers/set_perms.c:1288 +#: plugins/sudoers/set_perms.c:276 plugins/sudoers/set_perms.c:600 +#: plugins/sudoers/set_perms.c:995 plugins/sudoers/set_perms.c:1304 msgid "unable to change to runas gid" msgstr "не могу да пређем на гиб покреникао" -#: plugins/sudoers/set_perms.c:277 plugins/sudoers/set_perms.c:597 -#: plugins/sudoers/set_perms.c:988 plugins/sudoers/set_perms.c:1293 +#: plugins/sudoers/set_perms.c:281 plugins/sudoers/set_perms.c:605 +#: plugins/sudoers/set_perms.c:1000 plugins/sudoers/set_perms.c:1309 msgid "unable to set runas group vector" msgstr "не могу да подесим вектор „покрени-као група“" -#: plugins/sudoers/set_perms.c:288 plugins/sudoers/set_perms.c:608 -#: plugins/sudoers/set_perms.c:997 plugins/sudoers/set_perms.c:1302 +#: plugins/sudoers/set_perms.c:292 plugins/sudoers/set_perms.c:616 +#: plugins/sudoers/set_perms.c:1009 plugins/sudoers/set_perms.c:1318 msgid "unable to change to runas uid" msgstr "не могу да пређем на јиб покреникао" -#: plugins/sudoers/set_perms.c:306 plugins/sudoers/set_perms.c:626 -#: plugins/sudoers/set_perms.c:1013 plugins/sudoers/set_perms.c:1318 +#: plugins/sudoers/set_perms.c:310 plugins/sudoers/set_perms.c:634 +#: plugins/sudoers/set_perms.c:1025 plugins/sudoers/set_perms.c:1334 msgid "unable to change to sudoers gid" msgstr "не могу да пређем на гиб судоерса" -#: plugins/sudoers/set_perms.c:359 plugins/sudoers/set_perms.c:698 -#: plugins/sudoers/set_perms.c:1061 plugins/sudoers/set_perms.c:1364 -#: plugins/sudoers/set_perms.c:1529 +#: plugins/sudoers/set_perms.c:363 plugins/sudoers/set_perms.c:706 +#: plugins/sudoers/set_perms.c:1073 plugins/sudoers/set_perms.c:1380 +#: plugins/sudoers/set_perms.c:1549 msgid "too many processes" msgstr "превише процеса" @@ -2520,259 +3151,273 @@ msgid "truncated audit path argv[0]: %s" msgstr "„argv[0]“ скраћене путање прегледа: %s" -#: plugins/sudoers/sssd.c:572 +#: plugins/sudoers/sssd.c:569 msgid "unable to initialize SSS source. Is SSSD installed on your machine?" msgstr "не могу да покренем ССС извор. Да ли је СССД инсталиран на вашем рачунару?" -#: plugins/sudoers/sssd.c:580 plugins/sudoers/sssd.c:589 -#: plugins/sudoers/sssd.c:598 plugins/sudoers/sssd.c:607 -#: plugins/sudoers/sssd.c:616 +#: plugins/sudoers/sssd.c:577 plugins/sudoers/sssd.c:586 +#: plugins/sudoers/sssd.c:595 plugins/sudoers/sssd.c:604 +#: plugins/sudoers/sssd.c:613 #, c-format msgid "unable to find symbol \"%s\" in %s" msgstr "не могу да нађем симбол „%s“ у „%s“" -#: plugins/sudoers/sudoers.c:214 plugins/sudoers/sudoers.c:1010 +#: plugins/sudoers/sudoers.c:166 plugins/sudoers/sudoers.c:174 +#: plugins/sudoers/sudoers.c:228 plugins/sudoers/sudoers.c:249 +#: plugins/sudoers/sudoers.c:1049 msgid "problem with defaults entries" msgstr "неприлике са основним уносима" -#: plugins/sudoers/sudoers.c:218 +#: plugins/sudoers/sudoers.c:253 msgid "no valid sudoers sources found, quitting" msgstr "нисам пронашао исправне изворе судоерса, прекидам" -#: plugins/sudoers/sudoers.c:292 +#: plugins/sudoers/sudoers.c:327 #, c-format msgid "user not allowed to change root directory to %s" msgstr "кориснику није дозвољено да промени корени директоријум у „%s“" -#: plugins/sudoers/sudoers.c:294 +#: plugins/sudoers/sudoers.c:329 #, c-format msgid "you are not permitted to use the -R option with %s" msgstr "није вам допуштено да користите опцију „-R“ са „%s“" -#: plugins/sudoers/sudoers.c:319 +#: plugins/sudoers/sudoers.c:354 #, c-format msgid "user not allowed to change directory to %s" msgstr "кориснику није дозвољено да промени директоријум у „%s“" -#: plugins/sudoers/sudoers.c:320 +#: plugins/sudoers/sudoers.c:355 #, c-format msgid "you are not permitted to use the -D option with %s" msgstr "није вам допуштено да користите опцију „-D“ са „%s“" -#: plugins/sudoers/sudoers.c:351 +#: plugins/sudoers/sudoers.c:382 +msgid "no command specified" +msgstr "није наведена наредба" + +#: plugins/sudoers/sudoers.c:407 msgid "sudoers specifies that root is not allowed to sudo" msgstr "судоерси наводе да администратор није дозвољен у судоу" -#: plugins/sudoers/sudoers.c:411 +#: plugins/sudoers/sudoers.c:457 msgid "user not allowed to override closefrom limit" msgstr "кориснику није дозвољено да препише „closefrom“ ограничење" -#: plugins/sudoers/sudoers.c:412 +#: plugins/sudoers/sudoers.c:458 msgid "you are not permitted to use the -C option" msgstr "није вам допуштено да користите опцију „-C“" -#: plugins/sudoers/sudoers.c:472 +#: plugins/sudoers/sudoers.c:518 #, c-format msgid "timestamp owner (%s): No such user" msgstr "власник временске ознаке (%s): нема таквог корисника" -#: plugins/sudoers/sudoers.c:487 +#: plugins/sudoers/sudoers.c:533 msgid "no tty" msgstr "нема конзоле" -#: plugins/sudoers/sudoers.c:488 +#: plugins/sudoers/sudoers.c:534 msgid "sorry, you must have a tty to run sudo" msgstr "извините, морате имати конзолу да покренете судо" -#: plugins/sudoers/sudoers.c:495 +#: plugins/sudoers/sudoers.c:541 #, c-format msgid "invalid shell for user %s: %s" msgstr "неисправна шкољка за корисника „%s“: %s" -#: plugins/sudoers/sudoers.c:578 +#: plugins/sudoers/sudoers.c:624 msgid "command in current directory" msgstr "наредба у текућем директоријуму" -#: plugins/sudoers/sudoers.c:597 +#: plugins/sudoers/sudoers.c:639 +msgid "\"cd\" is a shell built-in command, it cannot be run directly." +msgstr "„cd“ је уграђена наредба шкољке, не може бити покренута директно." + +#: plugins/sudoers/sudoers.c:641 +msgid "the -s option may be used to run a privileged shell." +msgstr "опција „-s“ се може користити за покретање привилеговане шкољке." + +#: plugins/sudoers/sudoers.c:643 +msgid "the -D option may be used to run a command in a specific directory." +msgstr "опција „-D“ се може користити за покретање наредбе у специфичном директоријуму." + +#: plugins/sudoers/sudoers.c:652 msgid "user not allowed to set a command timeout" msgstr "кориснику није дозвољено да подеси време истека наредбе" -#: plugins/sudoers/sudoers.c:599 +#: plugins/sudoers/sudoers.c:654 msgid "sorry, you are not allowed set a command timeout" msgstr "извините, није вам дозвољено да подесите време истека наредбе" -#: plugins/sudoers/sudoers.c:607 +#: plugins/sudoers/sudoers.c:662 msgid "user not allowed to preserve the environment" msgstr "кориснику није дозвољено да сачува окружење" -#: plugins/sudoers/sudoers.c:609 +#: plugins/sudoers/sudoers.c:664 msgid "sorry, you are not allowed to preserve the environment" msgstr "извините, није вам дозвољено да сачувате окружење" -#: plugins/sudoers/sudoers.c:945 -msgid "command too long" -msgstr "наредба је предуга" - -#: plugins/sudoers/sudoers.c:1003 +#: plugins/sudoers/sudoers.c:1037 msgid "sudoedit doesn't need to be run via sudo" msgstr "„sudoedit“ не треба да се покреће путем „sudo“-а" -#: plugins/sudoers/sudoers.c:1057 plugins/sudoers/sudoreplay.c:1547 +#: plugins/sudoers/sudoers.c:1096 plugins/sudoers/sudoreplay.c:1578 #: plugins/sudoers/tsdump.c:138 #, c-format msgid "unable to read %s" msgstr "не могу да прочитам „%s“" -#: plugins/sudoers/sudoers.c:1082 plugins/sudoers/visudo.c:432 -#: plugins/sudoers/visudo.c:726 +#: plugins/sudoers/sudoers.c:1121 plugins/sudoers/visudo.c:449 +#: plugins/sudoers/visudo.c:748 #, c-format msgid "unable to stat %s" msgstr "не могу да добијем податке о „%s“" -#: plugins/sudoers/sudoers.c:1086 plugins/sudoers/visudo.c:1018 +#: plugins/sudoers/sudoers.c:1125 plugins/sudoers/visudo.c:1045 #, c-format msgid "%s is not a regular file" msgstr "„%s“ није обична датотека" -#: plugins/sudoers/sudoers.c:1090 plugins/sudoers/timestamp.c:252 toke.l:1112 +#: plugins/sudoers/sudoers.c:1129 plugins/sudoers/timestamp.c:252 toke.l:1168 #, c-format msgid "%s is owned by uid %u, should be %u" msgstr "%s је у власништву уиб-а %u, а треба бити %u" -#: plugins/sudoers/sudoers.c:1094 toke.l:1117 +#: plugins/sudoers/sudoers.c:1133 toke.l:1173 #, c-format msgid "%s is world writable" msgstr "Сви могу да пишу у „%s“" -#: plugins/sudoers/sudoers.c:1098 toke.l:1120 +#: plugins/sudoers/sudoers.c:1137 toke.l:1176 #, c-format msgid "%s is owned by gid %u, should be %u" msgstr "%s је у власништву уиб-а %u, а треба бити %u" -#: plugins/sudoers/sudoers.c:1131 +#: plugins/sudoers/sudoers.c:1170 #, c-format msgid "only root can use \"-c %s\"" msgstr "само администратор може да користи „-c %s“" -#: plugins/sudoers/sudoers.c:1150 +#: plugins/sudoers/sudoers.c:1189 #, c-format -msgid "unknown login class: %s" -msgstr "непознат разред пријављивања: %s" +msgid "unknown login class %s" +msgstr "непознат разред пријављивања „%s“" -#: plugins/sudoers/sudoers.c:1235 plugins/sudoers/sudoers.c:1250 +#: plugins/sudoers/sudoers.c:1275 plugins/sudoers/sudoers.c:1290 #, c-format msgid "unable to resolve host %s" msgstr "не могу да решим домаћина „%s“" -#: plugins/sudoers/sudoreplay.c:257 +#: plugins/sudoers/sudoreplay.c:259 #, c-format msgid "invalid filter option: %s" msgstr "неисправна опција пропусника: %s" -#: plugins/sudoers/sudoreplay.c:273 +#: plugins/sudoers/sudoreplay.c:275 #, c-format msgid "invalid max wait: %s" msgstr "неисправно најдуже чекање: %s" -#: plugins/sudoers/sudoreplay.c:296 +#: plugins/sudoers/sudoreplay.c:298 #, c-format msgid "invalid speed factor: %s" msgstr "неисправан чинилац брзине: %s" -#: plugins/sudoers/sudoreplay.c:332 +#: plugins/sudoers/sudoreplay.c:333 +#, c-format +msgid "invalid time offset %s" +msgstr "неисправан временски помак „%s“" + +#: plugins/sudoers/sudoreplay.c:342 #, c-format msgid "%s/%.2s/%.2s/%.2s: %s" msgstr "%s/%.2s/%.2s/%.2s: %s" -#: plugins/sudoers/sudoreplay.c:337 +#: plugins/sudoers/sudoreplay.c:347 #, c-format msgid "%s/timing: %s" msgstr "%s/временисање: %s" -#: plugins/sudoers/sudoreplay.c:341 -#, c-format -msgid "%s/%s: %s" -msgstr "%s/%s: %s" - -#: plugins/sudoers/sudoreplay.c:365 +#: plugins/sudoers/sudoreplay.c:375 #, c-format msgid "Replaying sudo session: %s" msgstr "Понављам сесију судоа: %s" -#: plugins/sudoers/sudoreplay.c:627 +#: plugins/sudoers/sudoreplay.c:637 msgid "unable to set tty to raw mode" msgstr "не могу да подесим конзолу на сирови режим" -#: plugins/sudoers/sudoreplay.c:678 +#: plugins/sudoers/sudoreplay.c:688 msgid "Warning: your terminal is too small to properly replay the log.\n" msgstr "Упозорење: ваш терминал је премали да би исправно приказао дневник.\n" -#: plugins/sudoers/sudoreplay.c:679 +#: plugins/sudoers/sudoreplay.c:689 #, c-format msgid "Log geometry is %d x %d, your terminal's geometry is %d x %d." msgstr "Геометрија дневника је %d x %d, а геометрија терминала је %d x %d." -#: plugins/sudoers/sudoreplay.c:707 +#: plugins/sudoers/sudoreplay.c:717 msgid "Replay finished, press any key to restore the terminal." msgstr "Одговор је завршен, притисните неки тастер да повратите терминал." -#: plugins/sudoers/sudoreplay.c:1197 plugins/sudoers/sudoreplay.c:1227 +#: plugins/sudoers/sudoreplay.c:1218 plugins/sudoers/sudoreplay.c:1248 #, c-format msgid "ambiguous expression \"%s\"" msgstr "нејасан израз „%s“" -#: plugins/sudoers/sudoreplay.c:1249 +#: plugins/sudoers/sudoreplay.c:1270 msgid "unmatched ')' in expression" msgstr "непоклопљена ) у изразу" -#: plugins/sudoers/sudoreplay.c:1253 +#: plugins/sudoers/sudoreplay.c:1274 #, c-format msgid "unknown search term \"%s\"" msgstr "непознат појам претраге „%s“" -#: plugins/sudoers/sudoreplay.c:1268 +#: plugins/sudoers/sudoreplay.c:1289 #, c-format msgid "%s requires an argument" msgstr "„%s“ захтева аргумент" -#: plugins/sudoers/sudoreplay.c:1271 plugins/sudoers/sudoreplay.c:1523 +#: plugins/sudoers/sudoreplay.c:1292 plugins/sudoers/sudoreplay.c:1554 #, c-format msgid "invalid regular expression: %s" msgstr "неисправан регуларан израз: %s" -#: plugins/sudoers/sudoreplay.c:1276 +#: plugins/sudoers/sudoreplay.c:1297 #, c-format msgid "could not parse date \"%s\"" msgstr "не могу да обрадим датум „%s“" -#: plugins/sudoers/sudoreplay.c:1285 +#: plugins/sudoers/sudoreplay.c:1306 msgid "unmatched '(' in expression" msgstr "непоклопљена ( у изразу" -#: plugins/sudoers/sudoreplay.c:1287 +#: plugins/sudoers/sudoreplay.c:1308 msgid "illegal trailing \"or\"" msgstr "недозвољено пратеће „или“" -#: plugins/sudoers/sudoreplay.c:1289 +#: plugins/sudoers/sudoreplay.c:1310 msgid "illegal trailing \"!\"" msgstr "недозвољени пратећи „!“" -#: plugins/sudoers/sudoreplay.c:1347 +#: plugins/sudoers/sudoreplay.c:1368 #, c-format msgid "unknown search type %d" msgstr "непозната врста претраге „%d“" -#: plugins/sudoers/sudoreplay.c:1614 +#: plugins/sudoers/sudoreplay.c:1645 #, c-format msgid "usage: %s [-hnRS] [-d dir] [-m num] [-s num] ID\n" msgstr "употреба: %s [-hnRS] [-d дир] [-m број] [-s број] ИБ\n" -#: plugins/sudoers/sudoreplay.c:1617 +#: plugins/sudoers/sudoreplay.c:1648 #, c-format msgid "usage: %s [-h] [-d dir] -l [search expression]\n" msgstr "употреба: %s [-h] [-d дир] -l [израз претраге]\n" -#: plugins/sudoers/sudoreplay.c:1626 +#: plugins/sudoers/sudoreplay.c:1657 #, c-format msgid "" "%s - replay sudo session logs\n" @@ -2781,7 +3426,7 @@ "%s — понавља дневнике сесије судоа\n" "\n" -#: plugins/sudoers/sudoreplay.c:1628 +#: plugins/sudoers/sudoreplay.c:1659 msgid "" "\n" "Options:\n" @@ -2809,11 +3454,11 @@ " -s, --speed=број убрзава или успорава излаз\n" " -V, --version приказује податке о издању и излази" -#: plugins/sudoers/testsudoers.c:348 +#: plugins/sudoers/testsudoers.c:344 msgid "\thost unmatched" msgstr "\tдомаћин није поклопљен" -#: plugins/sudoers/testsudoers.c:351 +#: plugins/sudoers/testsudoers.c:347 msgid "" "\n" "Command allowed" @@ -2821,7 +3466,7 @@ "\n" "Наредба је допуштена" -#: plugins/sudoers/testsudoers.c:352 +#: plugins/sudoers/testsudoers.c:348 msgid "" "\n" "Command denied" @@ -2829,7 +3474,7 @@ "\n" "Наредба је одбијена" -#: plugins/sudoers/testsudoers.c:352 +#: plugins/sudoers/testsudoers.c:348 msgid "" "\n" "Command unmatched" @@ -2842,121 +3487,127 @@ msgid "%s is group writable" msgstr "Група може да пише у „%s“" -#: plugins/sudoers/timestamp.c:336 plugins/sudoers/timestamp.c:680 +#: plugins/sudoers/timestamp.c:328 plugins/sudoers/timestamp.c:663 #, c-format msgid "unable to truncate time stamp file to %lld bytes" msgstr "не могу да скратим датотеку временске ознаке на %lld бајта" -#: plugins/sudoers/timestamp.c:866 +#: plugins/sudoers/timestamp.c:860 msgid "ignoring time stamp from the future" msgstr "занемарујем временску ознаку из будућности" -#: plugins/sudoers/timestamp.c:889 +#: plugins/sudoers/timestamp.c:883 #, c-format msgid "time stamp too far in the future: %20.20s" msgstr "временска ознака је превише у будућности: %20.20s" -#: plugins/sudoers/timestamp.c:1011 +#: plugins/sudoers/timestamp.c:1005 #, c-format msgid "unable to lock time stamp file %s" msgstr "не могу да закључам датотеку временске ознаке „%s“" -#: plugins/sudoers/timestamp.c:1055 plugins/sudoers/timestamp.c:1075 +#: plugins/sudoers/timestamp.c:1049 plugins/sudoers/timestamp.c:1069 #, c-format msgid "lecture status path too long: %s/%s" msgstr "путања стања обучавања је предуга: %s/%s" -#: plugins/sudoers/toke_util.c:124 +#: plugins/sudoers/toke_util.c:150 msgid "sudoedit should not be specified with a path" msgstr "„sudoedit“ не треба да се наводи са путањом" -#: plugins/sudoers/visudo.c:226 +#: plugins/sudoers/visudo.c:238 msgid "the -x option will be removed in a future release" msgstr "опција „-x“ биће уклоњена у наредном издању" -#: plugins/sudoers/visudo.c:228 +#: plugins/sudoers/visudo.c:240 msgid "please consider using the cvtsudoers utility instead" msgstr "размотрите коришћење помагала „cvtsudoers“" -#: plugins/sudoers/visudo.c:279 plugins/sudoers/visudo.c:659 +#: plugins/sudoers/visudo.c:292 plugins/sudoers/visudo.c:676 #, c-format msgid "press return to edit %s: " msgstr "притисните „унеси“ да уредите „%s“: " -#: plugins/sudoers/visudo.c:340 +#: plugins/sudoers/visudo.c:307 +#, c-format +msgid "contents of edit session left in %s" +msgstr "садржај сесије уређивања је остао у „%s“" + +#: plugins/sudoers/visudo.c:361 #, c-format msgid "specified editor (%s) doesn't exist" msgstr "наведени уређивач (%s) не постоји" -#: plugins/sudoers/visudo.c:342 +#: plugins/sudoers/visudo.c:363 #, c-format msgid "no editor found (editor path = %s)" msgstr "нисам пронашао уређивача (путања уређивача = %s)" -#: plugins/sudoers/visudo.c:452 plugins/sudoers/visudo.c:460 +#: plugins/sudoers/visudo.c:469 plugins/sudoers/visudo.c:477 msgid "write error" msgstr "грешка писања" -#: plugins/sudoers/visudo.c:506 +#: plugins/sudoers/visudo.c:523 #, c-format msgid "unable to stat temporary file (%s), %s unchanged" msgstr "не могу да добавим податке привремене датотеке (%s), %s је неизмењено" -#: plugins/sudoers/visudo.c:513 +#: plugins/sudoers/visudo.c:530 #, c-format msgid "zero length temporary file (%s), %s unchanged" msgstr "привремена датотека нулте дужине (%s), %s је неизмењено" -#: plugins/sudoers/visudo.c:519 +#: plugins/sudoers/visudo.c:536 #, c-format msgid "editor (%s) failed, %s unchanged" msgstr "уређивач (%s) није успео, %s је неизмењено" -#: plugins/sudoers/visudo.c:541 +#: plugins/sudoers/visudo.c:558 #, c-format msgid "%s unchanged" msgstr "„%s“ је неизмењено" -#: plugins/sudoers/visudo.c:598 +#: plugins/sudoers/visudo.c:615 #, c-format msgid "unable to re-open temporary file (%s), %s unchanged." msgstr "не могу поново да отворим привремену датотеку (%s), %s је неизмењено." -#: plugins/sudoers/visudo.c:610 +#: plugins/sudoers/visudo.c:627 #, c-format msgid "unable to parse temporary file (%s), unknown error" msgstr "не могу да обрадим привремену датотеку (%s), непозната грешка" -#: plugins/sudoers/visudo.c:648 +#: plugins/sudoers/visudo.c:665 #, c-format msgid "internal error, unable to find %s in list!" msgstr "унутрашња грешка, не могу да пронађем „%s“ на списку!" -#: plugins/sudoers/visudo.c:728 plugins/sudoers/visudo.c:737 +#: plugins/sudoers/visudo.c:722 plugins/sudoers/visudo.c:752 +#: plugins/sudoers/visudo.c:759 #, c-format msgid "unable to set (uid, gid) of %s to (%u, %u)" msgstr "не могу да подесим (јиб, гиб) за %s на (%u, %u)" -#: plugins/sudoers/visudo.c:760 +#: plugins/sudoers/visudo.c:787 #, c-format msgid "%s and %s not on the same file system, using mv to rename" msgstr "„%s“ и „%s“ нису на истом систему датотека, користим „mv“ за преименовање" -#: plugins/sudoers/visudo.c:774 +#: plugins/sudoers/visudo.c:798 #, c-format msgid "command failed: '%s %s %s', %s unchanged" msgstr "наредба није успела: „%s %s %s“, %s је неизмењено" -#: plugins/sudoers/visudo.c:784 +#: plugins/sudoers/visudo.c:805 #, c-format msgid "error renaming %s, %s unchanged" msgstr "грешка преименовања „%s“, %s је неизмењено" -#: plugins/sudoers/visudo.c:805 +#: plugins/sudoers/visudo.c:825 msgid "What now? " msgstr "Шта сада? " -#: plugins/sudoers/visudo.c:819 +#: plugins/sudoers/visudo.c:839 msgid "" "Options are:\n" " (e)dit sudoers file again\n" @@ -2968,66 +3619,41 @@ " x — излази без чувања измена у датотеци судоерса\n" " Q — прекида и чува измене у датотеци судоерса (ОПАСНО!)\n" -#: plugins/sudoers/visudo.c:865 +#: plugins/sudoers/visudo.c:885 #, c-format msgid "unable to run %s" msgstr "не могу да покренем %s" -#: plugins/sudoers/visudo.c:895 +#: plugins/sudoers/visudo.c:916 #, c-format msgid "%s: wrong owner (uid, gid) should be (%u, %u)\n" msgstr "%s: погрешан власник (јиб, гиб) треба бити (%u, %u)\n" -#: plugins/sudoers/visudo.c:902 +#: plugins/sudoers/visudo.c:927 #, c-format msgid "%s: bad permissions, should be mode 0%o\n" msgstr "%s: лоша овлашћења, требају бити у режиму 0%o\n" -#: plugins/sudoers/visudo.c:951 plugins/sudoers/visudo.c:958 +#: plugins/sudoers/visudo.c:978 plugins/sudoers/visudo.c:985 #, c-format msgid "%s: parsed OK\n" msgstr "%s: успешно је обрађено\n" -#: plugins/sudoers/visudo.c:977 +#: plugins/sudoers/visudo.c:1004 #, c-format msgid "%s busy, try again later" msgstr "„%s“ је заузет, покушајте касније" -#: plugins/sudoers/visudo.c:980 -#, c-format -msgid "unable to lock %s" -msgstr "не могу да закључам „%s“" - -#: plugins/sudoers/visudo.c:981 +#: plugins/sudoers/visudo.c:1008 msgid "Edit anyway? [y/N]" msgstr "Да ипак уреим? [д/Н]" -#: plugins/sudoers/visudo.c:1091 -#, c-format -msgid "Error: %s:%d:%d: cycle in %s \"%s\"" -msgstr "Грешка: %s:%d:%d: циклус у „%s“ „%s“" - -#: plugins/sudoers/visudo.c:1092 -#, c-format -msgid "Warning: %s:%d:%d: cycle in %s \"%s\"" -msgstr "Упозорење: %s:%d:%d: циклус у „%s“ „%s“" - -#: plugins/sudoers/visudo.c:1096 -#, c-format -msgid "Error: %s:%d:%d: %s \"%s\" referenced but not defined" -msgstr "Грешка: %s:%d:%d: упута за „%s“ „%s“ постоји али није одређена" - -#: plugins/sudoers/visudo.c:1097 -#, c-format -msgid "Warning: %s:%d:%d: %s \"%s\" referenced but not defined" -msgstr "Упозорење: %s:%d:%d: упута за „%s“ „%s“ постоји али није одређена" - -#: plugins/sudoers/visudo.c:1188 +#: plugins/sudoers/visudo.c:1104 #, c-format msgid "Warning: %s:%d:%d: unused %s \"%s\"" msgstr "Упозорење: %s:%d:%d: некоришћено „%s“ „%s“" -#: plugins/sudoers/visudo.c:1303 +#: plugins/sudoers/visudo.c:1220 #, c-format msgid "" "%s - safely edit the sudoers file\n" @@ -3036,7 +3662,7 @@ "%s — безбедно уређује датотеку судоерса\n" "\n" -#: plugins/sudoers/visudo.c:1305 +#: plugins/sudoers/visudo.c:1222 msgid "" "\n" "Options:\n" @@ -3056,43 +3682,108 @@ " -s, --strict строга провера синтаксе\n" " -V, --version приказује податке о издању и излази\n" -#: toke.l:179 +#: toke.l:187 msgid "empty string" msgstr "празна ниска" -#: toke.l:189 toke.l:491 +#: toke.l:199 toke.l:513 msgid "empty group" msgstr "празна група" -#: toke.l:197 toke.l:489 +#: toke.l:209 toke.l:511 msgid "empty netgroup" msgstr "празна мрежна група" -#: toke.l:293 toke.l:305 toke.l:317 toke.l:333 toke.l:352 toke.l:392 +#: toke.l:305 toke.l:317 toke.l:329 toke.l:345 toke.l:364 toke.l:404 msgid "invalid line continuation" msgstr "неисправан наставак реда" -#: toke.l:528 toke.l:540 +#: toke.l:550 toke.l:562 msgid "invalid IPv6 address" msgstr "неисправна ИПв6 адреса" -#: toke.l:764 +#: toke.l:789 msgid "unexpected line break in string" msgstr "неочекивани прекид реда у нисци" -#: toke.l:1084 +#: toke.l:1139 msgid "too many levels of includes" msgstr "превише нивоа укључивања" +#~ msgid "%s: write buffer already in use" +#~ msgstr "%s: међумеморија писања је већ у употреби" + +#~ msgid "unable to read diffie-hellman parameters: %s" +#~ msgstr "не могу да читам „diffie-hellman“ параметре: %s" + +#~ msgid "unknown defaults entry \"%s\"" +#~ msgstr "непознат унос основности „%s“" + +#~ msgid "%s:%d unknown key: %s" +#~ msgstr "„%s:%d“ непознат кључ: %s" + +#~ msgid "unable to get TLS server method: %s" +#~ msgstr "не могу да добавим метод ТЛС сервера: %s" + +#~ msgid "%s:%u unable to parse \"%s\"" +#~ msgstr "„%s:%u“ не могу да обрадим „%s“" + +#~ msgid "" +#~ "\n" +#~ "Options:\n" +#~ " -f, --file path to configuration file\n" +#~ " -h --help display help message and exit\n" +#~ " -n, --no-fork do not fork, run in the foreground\n" +#~ " -R, --random-drop percent chance connections will drop\n" +#~ " -V, --version display version information and exit\n" +#~ msgstr "" +#~ "\n" +#~ "Опције:\n" +#~ " -f, --file путања до датотеке подешавања\n" +#~ " -h --help приказује поруку помоћи и излази\n" +#~ " -n, --no-fork не исцепљује, ради у првом плану\n" +#~ " -R, --random-drop процентуалне шансе везе ће одбацити\n" +#~ " -V, --version приказује податке о издању и излази\n" + +#~ msgid "" +#~ "\n" +#~ "Options:\n" +#~ " --help display help message and exit\n" +#~ " -A, --accept only send an accept event (no I/O)\n" +#~ " -h, --host host to send logs to\n" +#~ " -i, --iolog_id remote ID of I/O log to be resumed\n" +#~ " -p, --port port to use when connecting to host\n" +#~ " -r, --restart restart previous I/O log transfer\n" +#~ " -R, --reject reject the command with the given reason\n" +#~ " -b, --ca-bundle certificate bundle file to verify server's cert against\n" +#~ " -c, --cert certificate file for TLS handshake\n" +#~ " -k, --key private key file\n" +#~ " -n, --no-verify do not verify server certificate\n" +#~ " -t, --test test audit server by sending selected I/O log n times in parallel\n" +#~ " -V, --version display version information and exit\n" +#~ msgstr "" +#~ "\n" +#~ "Опције:\n" +#~ " --help приказује поруку помоћи и излази\n" +#~ " -A, --accept шаље само догађај прихвата (не У/И)\n" +#~ " -h, --host домаћин коме се шаљу дневници\n" +#~ " -i, --iolog_id удаљени ИБ У/И дневника који ће се наставити\n" +#~ " -p, --port прикључник за коришћење приликом повезивања са домаћином\n" +#~ " -r, --restart поново покреће претходни пренос У/И дневника\n" +#~ " -R, --reject одбацује наредбу са датим разлогом\n" +#~ " -b, --ca-bundle датотека групе уверења за проверу уверења сервера\n" +#~ " -c, --cert датотека уверења за ТЛС руковање\n" +#~ " -k, --key датотека личног кључа\n" +#~ " -n, --no-verify не потврђује уверење сервера\n" +#~ " -t, --test проверава сервер испитивања шаљући изабрани У/И дневник n пута у паралели\n" +#~ " -V, --version приказује податке о издању и излази\n" + #~ msgid "Preload the dummy exec functions contained in the sudo_noexec library" #~ msgstr "Унапред учитава лажне функције извршавања које се налазе у библиотеци „sudo_noexec“" #~ msgid "sudo_ldap_conf_add_ports: port too large" #~ msgstr "sudo_ldap_conf_add_ports: прикључник је превелик" -#~ msgid "unable to lock log file: %s" -#~ msgstr "не могу да закључам датотеку дневника: %s" - #~ msgid "SSL_connect failed: ssl_error=%d, stack=%s\n" #~ msgstr "„SSL_повезивање“ није успело: ssl_грешка=%d, спремник=%s\n" @@ -3183,9 +3874,6 @@ #~ msgid "Warning: cycle in %s `%s'" #~ msgstr "Упозорење: циклус у „%s“ „%s“" -#~ msgid "Warning: %s `%s' referenced but not defined" -#~ msgstr "Упозорење: упута за „%s“ „%s“ постоји али није одређена" - #~ msgid "Warning: unused %s `%s'" #~ msgstr "Упозорење: некоришћено „%s“ „%s“" diff -Nru sudo-1.9.5p2/plugins/sudoers/po/sudoers.pot sudo-1.9.9/plugins/sudoers/po/sudoers.pot --- sudo-1.9.5p2/plugins/sudoers/po/sudoers.pot 2021-01-23 15:46:35.000000000 +0000 +++ sudo-1.9.9/plugins/sudoers/po/sudoers.pot 2022-01-27 21:24:22.000000000 +0000 @@ -5,9 +5,9 @@ #, fuzzy msgid "" msgstr "" -"Project-Id-Version: sudo 1.9.5\n" +"Project-Id-Version: sudo 1.9.9\n" "Report-Msgid-Bugs-To: https://bugzilla.sudo.ws\n" -"POT-Creation-Date: 2021-01-09 12:59-0700\n" +"POT-Creation-Date: 2022-01-18 16:50-0700\n" "PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n" "Last-Translator: FULL NAME \n" "Language-Team: LANGUAGE \n" @@ -17,7 +17,7 @@ "Content-Transfer-Encoding: 8bit\n" "Plural-Forms: nplurals=INTEGER; plural=EXPRESSION;\n" -#: confstr.sh:1 gram.y:1075 +#: confstr.sh:1 gram.y:1201 msgid "syntax error" msgstr "" @@ -41,891 +41,1348 @@ msgid "Sorry, try again." msgstr "" -#: gram.y:224 gram.y:290 gram.y:297 gram.y:304 gram.y:311 gram.y:318 gram.y:338 -#: gram.y:362 gram.y:369 gram.y:376 gram.y:383 gram.y:390 gram.y:459 gram.y:468 -#: gram.y:479 gram.y:514 gram.y:521 gram.y:528 gram.y:535 gram.y:562 gram.y:658 -#: gram.y:665 gram.y:674 gram.y:683 gram.y:700 gram.y:838 gram.y:845 gram.y:853 -#: gram.y:859 gram.y:967 gram.y:974 gram.y:981 gram.y:988 gram.y:995 -#: gram.y:1021 gram.y:1028 gram.y:1035 gram.y:1123 gram.y:1244 gram.y:1534 -#: lib/eventlog/eventlog.c:288 lib/eventlog/eventlog.c:360 -#: lib/eventlog/eventlog.c:761 lib/eventlog/eventlog.c:825 -#: lib/eventlog/eventlog.c:1070 lib/iolog/iolog_fileio.c:998 -#: lib/iolog/iolog_json.c:120 lib/iolog/iolog_json.c:305 -#: lib/iolog/iolog_json.c:335 lib/iolog/iolog_json.c:457 -#: lib/iolog/iolog_util.c:106 lib/iolog/iolog_util.c:115 -#: lib/iolog/iolog_util.c:125 lib/iolog/iolog_util.c:133 -#: lib/iolog/iolog_util.c:137 lib/iolog/iolog_util.c:196 logsrvd/sendlog.c:480 -#: plugins/sudoers/audit.c:115 plugins/sudoers/audit.c:265 -#: plugins/sudoers/auth/bsdauth.c:143 plugins/sudoers/auth/kerb5.c:118 -#: plugins/sudoers/auth/kerb5.c:144 plugins/sudoers/auth/pam.c:669 +#: gram.y:233 gram.y:300 gram.y:309 gram.y:318 gram.y:328 gram.y:338 gram.y:362 +#: gram.y:389 gram.y:398 gram.y:406 gram.y:415 gram.y:424 gram.y:498 gram.y:508 +#: gram.y:520 gram.y:564 gram.y:573 gram.y:582 gram.y:591 gram.y:718 gram.y:726 +#: gram.y:737 gram.y:749 gram.y:768 gram.y:923 gram.y:928 gram.y:936 gram.y:950 +#: gram.y:956 gram.y:1078 gram.y:1087 gram.y:1095 gram.y:1104 gram.y:1113 +#: gram.y:1142 gram.y:1151 gram.y:1159 gram.y:1249 gram.y:1379 gram.y:1745 +#: gram.y:1795 lib/eventlog/eventlog.c:309 lib/eventlog/eventlog.c:382 +#: lib/eventlog/eventlog.c:804 lib/eventlog/eventlog.c:881 +#: lib/eventlog/eventlog.c:1176 lib/iolog/iolog_json.c:150 +#: lib/iolog/iolog_json.c:382 lib/iolog/iolog_json.c:412 +#: lib/iolog/iolog_json.c:555 lib/iolog/iolog_legacy.c:100 +#: lib/iolog/iolog_legacy.c:111 lib/iolog/iolog_legacy.c:123 +#: lib/iolog/iolog_legacy.c:133 lib/iolog/iolog_legacy.c:139 +#: lib/iolog/iolog_loginfo.c:76 lib/iolog/iolog_loginfo.c:212 +#: logsrvd/iolog_writer.c:84 logsrvd/iolog_writer.c:89 +#: logsrvd/iolog_writer.c:123 logsrvd/iolog_writer.c:172 +#: logsrvd/iolog_writer.c:212 logsrvd/iolog_writer.c:225 +#: logsrvd/iolog_writer.c:261 logsrvd/iolog_writer.c:286 +#: logsrvd/iolog_writer.c:301 logsrvd/iolog_writer.c:314 +#: logsrvd/iolog_writer.c:327 logsrvd/iolog_writer.c:340 +#: logsrvd/iolog_writer.c:355 logsrvd/iolog_writer.c:393 +#: logsrvd/iolog_writer.c:399 logsrvd/iolog_writer.c:406 +#: logsrvd/iolog_writer.c:412 logsrvd/iolog_writer.c:596 +#: logsrvd/logsrv_util.c:64 logsrvd/logsrvd.c:296 logsrvd/logsrvd.c:305 +#: logsrvd/logsrvd.c:1011 logsrvd/logsrvd.c:1073 logsrvd/logsrvd_conf.c:1360 +#: logsrvd/logsrvd_journal.c:70 logsrvd/logsrvd_journal.c:203 +#: logsrvd/logsrvd_journal.c:204 logsrvd/logsrvd_journal.c:260 +#: logsrvd/logsrvd_journal.c:425 logsrvd/logsrvd_journal.c:427 +#: logsrvd/logsrvd_local.c:174 logsrvd/logsrvd_local.c:175 +#: logsrvd/logsrvd_local.c:237 logsrvd/logsrvd_local.c:238 +#: logsrvd/logsrvd_local.c:376 logsrvd/logsrvd_local.c:425 +#: logsrvd/logsrvd_local.c:426 logsrvd/logsrvd_local.c:431 +#: logsrvd/logsrvd_local.c:432 logsrvd/logsrvd_queue.c:154 +#: logsrvd/logsrvd_queue.c:184 logsrvd/logsrvd_queue.c:261 +#: logsrvd/logsrvd_relay.c:439 logsrvd/logsrvd_relay.c:738 +#: logsrvd/logsrvd_relay.c:843 logsrvd/sendlog.c:246 logsrvd/sendlog.c:255 +#: logsrvd/sendlog.c:333 logsrvd/sendlog.c:640 plugins/sudoers/audit.c:116 +#: plugins/sudoers/auth/bsdauth.c:150 plugins/sudoers/auth/kerb5.c:118 +#: plugins/sudoers/auth/kerb5.c:146 plugins/sudoers/auth/pam.c:688 #: plugins/sudoers/auth/rfc1938.c:111 plugins/sudoers/auth/sia.c:59 -#: plugins/sudoers/cvtsudoers.c:119 plugins/sudoers/cvtsudoers.c:160 -#: plugins/sudoers/cvtsudoers.c:177 plugins/sudoers/cvtsudoers.c:188 -#: plugins/sudoers/cvtsudoers.c:300 plugins/sudoers/cvtsudoers.c:428 -#: plugins/sudoers/cvtsudoers.c:561 plugins/sudoers/cvtsudoers.c:578 -#: plugins/sudoers/cvtsudoers.c:641 plugins/sudoers/cvtsudoers.c:756 -#: plugins/sudoers/cvtsudoers.c:764 plugins/sudoers/cvtsudoers.c:1178 -#: plugins/sudoers/cvtsudoers.c:1182 plugins/sudoers/cvtsudoers.c:1284 -#: plugins/sudoers/cvtsudoers_json.c:76 plugins/sudoers/cvtsudoers_ldif.c:151 -#: plugins/sudoers/cvtsudoers_ldif.c:194 plugins/sudoers/cvtsudoers_ldif.c:235 -#: plugins/sudoers/cvtsudoers_ldif.c:300 plugins/sudoers/cvtsudoers_ldif.c:371 -#: plugins/sudoers/cvtsudoers_ldif.c:421 plugins/sudoers/cvtsudoers_ldif.c:429 -#: plugins/sudoers/cvtsudoers_ldif.c:440 plugins/sudoers/cvtsudoers_ldif.c:447 -#: plugins/sudoers/cvtsudoers_ldif.c:460 plugins/sudoers/cvtsudoers_ldif.c:468 -#: plugins/sudoers/cvtsudoers_ldif.c:615 plugins/sudoers/defaults.c:634 -#: plugins/sudoers/defaults.c:927 plugins/sudoers/defaults.c:1102 -#: plugins/sudoers/editor.c:181 plugins/sudoers/env.c:261 +#: plugins/sudoers/check_aliases.c:134 plugins/sudoers/cvtsudoers.c:131 +#: plugins/sudoers/cvtsudoers.c:175 plugins/sudoers/cvtsudoers.c:192 +#: plugins/sudoers/cvtsudoers.c:203 plugins/sudoers/cvtsudoers.c:333 +#: plugins/sudoers/cvtsudoers.c:372 plugins/sudoers/cvtsudoers.c:392 +#: plugins/sudoers/cvtsudoers.c:537 plugins/sudoers/cvtsudoers.c:670 +#: plugins/sudoers/cvtsudoers.c:688 plugins/sudoers/cvtsudoers.c:758 +#: plugins/sudoers/cvtsudoers.c:873 plugins/sudoers/cvtsudoers.c:881 +#: plugins/sudoers/cvtsudoers.c:1376 plugins/sudoers/cvtsudoers.c:1380 +#: plugins/sudoers/cvtsudoers.c:1482 plugins/sudoers/cvtsudoers_csv.c:183 +#: plugins/sudoers/cvtsudoers_csv.c:246 plugins/sudoers/cvtsudoers_json.c:76 +#: plugins/sudoers/cvtsudoers_ldif.c:151 plugins/sudoers/cvtsudoers_ldif.c:194 +#: plugins/sudoers/cvtsudoers_ldif.c:235 plugins/sudoers/cvtsudoers_ldif.c:300 +#: plugins/sudoers/cvtsudoers_ldif.c:376 plugins/sudoers/cvtsudoers_ldif.c:430 +#: plugins/sudoers/cvtsudoers_ldif.c:438 plugins/sudoers/cvtsudoers_ldif.c:449 +#: plugins/sudoers/cvtsudoers_ldif.c:456 plugins/sudoers/cvtsudoers_ldif.c:469 +#: plugins/sudoers/cvtsudoers_ldif.c:477 plugins/sudoers/cvtsudoers_ldif.c:624 +#: plugins/sudoers/cvtsudoers_merge.c:274 +#: plugins/sudoers/cvtsudoers_merge.c:337 +#: plugins/sudoers/cvtsudoers_merge.c:383 +#: plugins/sudoers/cvtsudoers_merge.c:430 +#: plugins/sudoers/cvtsudoers_merge.c:451 +#: plugins/sudoers/cvtsudoers_merge.c:537 +#: plugins/sudoers/cvtsudoers_merge.c:548 +#: plugins/sudoers/cvtsudoers_merge.c:617 +#: plugins/sudoers/cvtsudoers_merge.c:822 +#: plugins/sudoers/cvtsudoers_merge.c:830 +#: plugins/sudoers/cvtsudoers_merge.c:1118 +#: plugins/sudoers/cvtsudoers_merge.c:1188 +#: plugins/sudoers/cvtsudoers_merge.c:1194 +#: plugins/sudoers/cvtsudoers_merge.c:1201 plugins/sudoers/defaults.c:665 +#: plugins/sudoers/defaults.c:1027 plugins/sudoers/defaults.c:1214 +#: plugins/sudoers/editor.c:190 plugins/sudoers/env.c:262 #: plugins/sudoers/exptilde.c:92 plugins/sudoers/filedigest.c:54 -#: plugins/sudoers/filedigest.c:70 plugins/sudoers/gc.c:56 -#: plugins/sudoers/group_plugin.c:133 plugins/sudoers/interfaces.c:72 -#: plugins/sudoers/iolog.c:596 plugins/sudoers/iolog.c:613 -#: plugins/sudoers/ldap.c:184 plugins/sudoers/ldap.c:422 -#: plugins/sudoers/ldap.c:432 plugins/sudoers/ldap.c:437 -#: plugins/sudoers/ldap.c:441 plugins/sudoers/ldap.c:453 -#: plugins/sudoers/ldap.c:744 plugins/sudoers/ldap.c:908 -#: plugins/sudoers/ldap.c:1281 plugins/sudoers/ldap.c:1709 -#: plugins/sudoers/ldap.c:1746 plugins/sudoers/ldap.c:1827 -#: plugins/sudoers/ldap.c:1962 plugins/sudoers/ldap.c:2063 -#: plugins/sudoers/ldap.c:2079 plugins/sudoers/ldap_conf.c:218 +#: plugins/sudoers/filedigest.c:70 plugins/sudoers/gc.c:57 +#: plugins/sudoers/group_plugin.c:133 plugins/sudoers/interfaces.c:68 +#: plugins/sudoers/iolog.c:609 plugins/sudoers/iolog.c:635 +#: plugins/sudoers/ldap.c:184 plugins/sudoers/ldap.c:433 +#: plugins/sudoers/ldap.c:443 plugins/sudoers/ldap.c:448 +#: plugins/sudoers/ldap.c:452 plugins/sudoers/ldap.c:464 +#: plugins/sudoers/ldap.c:760 plugins/sudoers/ldap.c:924 +#: plugins/sudoers/ldap.c:1340 plugins/sudoers/ldap.c:1766 +#: plugins/sudoers/ldap.c:1803 plugins/sudoers/ldap.c:1884 +#: plugins/sudoers/ldap.c:2019 plugins/sudoers/ldap.c:2120 +#: plugins/sudoers/ldap.c:2136 plugins/sudoers/ldap_conf.c:218 #: plugins/sudoers/ldap_conf.c:249 plugins/sudoers/ldap_conf.c:301 -#: plugins/sudoers/ldap_conf.c:337 plugins/sudoers/ldap_conf.c:441 -#: plugins/sudoers/ldap_conf.c:456 plugins/sudoers/ldap_conf.c:553 -#: plugins/sudoers/ldap_conf.c:586 plugins/sudoers/ldap_conf.c:678 -#: plugins/sudoers/ldap_conf.c:760 plugins/sudoers/ldap_util.c:326 -#: plugins/sudoers/ldap_util.c:333 plugins/sudoers/ldap_util.c:603 -#: plugins/sudoers/linux_audit.c:86 plugins/sudoers/log_client.c:105 -#: plugins/sudoers/log_client.c:381 plugins/sudoers/log_client.c:686 -#: plugins/sudoers/log_client.c:704 plugins/sudoers/log_client.c:1413 -#: plugins/sudoers/log_client.c:1626 plugins/sudoers/log_client.c:1951 -#: plugins/sudoers/log_client.c:2008 plugins/sudoers/logging.c:100 -#: plugins/sudoers/logging.c:166 plugins/sudoers/logging.c:426 -#: plugins/sudoers/logging.c:446 plugins/sudoers/logging.c:527 -#: plugins/sudoers/match_command.c:277 plugins/sudoers/match_command.c:445 -#: plugins/sudoers/match_command.c:495 plugins/sudoers/match_command.c:569 -#: plugins/sudoers/match_digest.c:93 plugins/sudoers/parse.c:199 -#: plugins/sudoers/parse.c:213 plugins/sudoers/parse.c:230 -#: plugins/sudoers/parse.c:244 plugins/sudoers/parse.c:264 -#: plugins/sudoers/parse.c:275 plugins/sudoers/parse_ldif.c:153 -#: plugins/sudoers/parse_ldif.c:184 plugins/sudoers/parse_ldif.c:253 -#: plugins/sudoers/parse_ldif.c:260 plugins/sudoers/parse_ldif.c:265 -#: plugins/sudoers/parse_ldif.c:341 plugins/sudoers/parse_ldif.c:352 -#: plugins/sudoers/parse_ldif.c:379 plugins/sudoers/parse_ldif.c:396 -#: plugins/sudoers/parse_ldif.c:408 plugins/sudoers/parse_ldif.c:412 -#: plugins/sudoers/parse_ldif.c:426 plugins/sudoers/parse_ldif.c:594 -#: plugins/sudoers/parse_ldif.c:624 plugins/sudoers/parse_ldif.c:649 -#: plugins/sudoers/parse_ldif.c:707 plugins/sudoers/parse_ldif.c:724 -#: plugins/sudoers/parse_ldif.c:752 plugins/sudoers/parse_ldif.c:759 -#: plugins/sudoers/policy.c:526 plugins/sudoers/policy.c:874 -#: plugins/sudoers/prompt.c:93 plugins/sudoers/pwutil.c:194 -#: plugins/sudoers/pwutil.c:265 plugins/sudoers/pwutil.c:343 -#: plugins/sudoers/pwutil.c:517 plugins/sudoers/pwutil.c:581 -#: plugins/sudoers/pwutil.c:652 plugins/sudoers/pwutil.c:811 -#: plugins/sudoers/pwutil.c:867 plugins/sudoers/pwutil.c:911 -#: plugins/sudoers/pwutil.c:968 plugins/sudoers/sssd.c:145 -#: plugins/sudoers/sssd.c:407 plugins/sudoers/sssd.c:470 -#: plugins/sudoers/sssd.c:514 plugins/sudoers/sssd.c:561 -#: plugins/sudoers/sssd.c:754 plugins/sudoers/stubs.c:110 -#: plugins/sudoers/stubs.c:118 plugins/sudoers/sudoers.c:298 -#: plugins/sudoers/sudoers.c:324 plugins/sudoers/sudoers.c:368 -#: plugins/sudoers/sudoers.c:379 plugins/sudoers/sudoers.c:389 -#: plugins/sudoers/sudoers.c:431 plugins/sudoers/sudoers.c:792 -#: plugins/sudoers/sudoers.c:927 plugins/sudoers/sudoers.c:961 -#: plugins/sudoers/sudoers.c:1265 plugins/sudoers/sudoreplay.c:552 -#: plugins/sudoers/sudoreplay.c:555 plugins/sudoers/sudoreplay.c:1259 -#: plugins/sudoers/sudoreplay.c:1469 plugins/sudoers/sudoreplay.c:1473 -#: plugins/sudoers/testsudoers.c:128 plugins/sudoers/testsudoers.c:228 -#: plugins/sudoers/testsudoers.c:245 plugins/sudoers/testsudoers.c:587 -#: plugins/sudoers/timestamp.c:422 plugins/sudoers/timestamp.c:466 -#: plugins/sudoers/timestamp.c:967 plugins/sudoers/toke_util.c:51 -#: plugins/sudoers/toke_util.c:104 plugins/sudoers/toke_util.c:129 -#: plugins/sudoers/toke_util.c:157 plugins/sudoers/tsdump.c:123 -#: plugins/sudoers/visudo.c:145 plugins/sudoers/visudo.c:323 -#: plugins/sudoers/visudo.c:329 plugins/sudoers/visudo.c:439 -#: plugins/sudoers/visudo.c:615 plugins/sudoers/visudo.c:935 -#: plugins/sudoers/visudo.c:1008 plugins/sudoers/visudo.c:1129 toke.l:916 -#: toke.l:1036 toke.l:1094 +#: plugins/sudoers/ldap_conf.c:337 plugins/sudoers/ldap_conf.c:443 +#: plugins/sudoers/ldap_conf.c:458 plugins/sudoers/ldap_conf.c:563 +#: plugins/sudoers/ldap_conf.c:596 plugins/sudoers/ldap_conf.c:688 +#: plugins/sudoers/ldap_conf.c:770 plugins/sudoers/ldap_util.c:293 +#: plugins/sudoers/ldap_util.c:300 plugins/sudoers/ldap_util.c:613 +#: plugins/sudoers/linux_audit.c:86 plugins/sudoers/log_client.c:112 +#: plugins/sudoers/log_client.c:390 plugins/sudoers/log_client.c:703 +#: plugins/sudoers/log_client.c:724 plugins/sudoers/log_client.c:1444 +#: plugins/sudoers/log_client.c:1662 plugins/sudoers/log_client.c:1989 +#: plugins/sudoers/log_client.c:2046 plugins/sudoers/logging.c:104 +#: plugins/sudoers/logging.c:184 plugins/sudoers/logging.c:468 +#: plugins/sudoers/logging.c:488 plugins/sudoers/logging.c:627 +#: plugins/sudoers/match_command.c:297 plugins/sudoers/match_command.c:497 +#: plugins/sudoers/match_command.c:546 plugins/sudoers/match_command.c:618 +#: plugins/sudoers/match_command.c:666 plugins/sudoers/match_digest.c:93 +#: plugins/sudoers/parse.c:201 plugins/sudoers/parse.c:218 +#: plugins/sudoers/parse.c:250 plugins/sudoers/parse.c:267 +#: plugins/sudoers/parse.c:290 plugins/sudoers/parse.c:301 +#: plugins/sudoers/parse_ldif.c:153 plugins/sudoers/parse_ldif.c:184 +#: plugins/sudoers/parse_ldif.c:253 plugins/sudoers/parse_ldif.c:261 +#: plugins/sudoers/parse_ldif.c:266 plugins/sudoers/parse_ldif.c:342 +#: plugins/sudoers/parse_ldif.c:353 plugins/sudoers/parse_ldif.c:380 +#: plugins/sudoers/parse_ldif.c:397 plugins/sudoers/parse_ldif.c:409 +#: plugins/sudoers/parse_ldif.c:413 plugins/sudoers/parse_ldif.c:427 +#: plugins/sudoers/parse_ldif.c:484 plugins/sudoers/parse_ldif.c:597 +#: plugins/sudoers/parse_ldif.c:627 plugins/sudoers/parse_ldif.c:652 +#: plugins/sudoers/parse_ldif.c:710 plugins/sudoers/parse_ldif.c:727 +#: plugins/sudoers/parse_ldif.c:755 plugins/sudoers/parse_ldif.c:762 +#: plugins/sudoers/policy.c:570 plugins/sudoers/policy.c:981 +#: plugins/sudoers/prompt.c:93 plugins/sudoers/pwutil.c:199 +#: plugins/sudoers/pwutil.c:270 plugins/sudoers/pwutil.c:348 +#: plugins/sudoers/pwutil.c:522 plugins/sudoers/pwutil.c:587 +#: plugins/sudoers/pwutil.c:659 plugins/sudoers/pwutil.c:857 +#: plugins/sudoers/pwutil.c:913 plugins/sudoers/pwutil.c:957 +#: plugins/sudoers/pwutil.c:1014 plugins/sudoers/sssd.c:145 +#: plugins/sudoers/sssd.c:410 plugins/sudoers/sssd.c:473 +#: plugins/sudoers/sssd.c:517 plugins/sudoers/sssd.c:561 +#: plugins/sudoers/sssd.c:754 plugins/sudoers/strvec_join.c:53 +#: plugins/sudoers/stubs.c:111 plugins/sudoers/stubs.c:119 +#: plugins/sudoers/sudoers.c:335 plugins/sudoers/sudoers.c:361 +#: plugins/sudoers/sudoers.c:429 plugins/sudoers/sudoers.c:438 +#: plugins/sudoers/sudoers.c:479 plugins/sudoers/sudoers.c:842 +#: plugins/sudoers/sudoers.c:980 plugins/sudoers/sudoers.c:1039 +#: plugins/sudoers/sudoers.c:1305 plugins/sudoers/sudoreplay.c:562 +#: plugins/sudoers/sudoreplay.c:565 plugins/sudoers/sudoreplay.c:1280 +#: plugins/sudoers/sudoreplay.c:1500 plugins/sudoers/sudoreplay.c:1504 +#: plugins/sudoers/testsudoers.c:120 plugins/sudoers/testsudoers.c:224 +#: plugins/sudoers/testsudoers.c:241 plugins/sudoers/testsudoers.c:580 +#: plugins/sudoers/timestamp.c:424 plugins/sudoers/timestamp.c:468 +#: plugins/sudoers/timestamp.c:980 plugins/sudoers/timestamp.c:1118 +#: plugins/sudoers/toke_util.c:77 plugins/sudoers/toke_util.c:105 +#: plugins/sudoers/toke_util.c:130 plugins/sudoers/toke_util.c:155 +#: plugins/sudoers/toke_util.c:193 plugins/sudoers/tsdump.c:123 +#: plugins/sudoers/visudo.c:145 plugins/sudoers/visudo.c:344 +#: plugins/sudoers/visudo.c:350 plugins/sudoers/visudo.c:456 +#: plugins/sudoers/visudo.c:632 plugins/sudoers/visudo.c:962 +#: plugins/sudoers/visudo.c:1035 toke.l:944 toke.l:1076 toke.l:1147 msgid "unable to allocate memory" msgstr "" -#: gram.y:556 +#: gram.y:615 msgid "a digest requires a path name" msgstr "" -#: gram.y:585 +#: gram.y:637 msgid "values for \"CWD\" must start with a '/', '~', or '*'" msgstr "" -#: gram.y:597 +#: gram.y:643 +msgid "\"CWD\" path too long" +msgstr "" + +#: gram.y:653 msgid "values for \"CHROOT\" must start with a '/', '~', or '*'" msgstr "" -#: gram.y:719 +#: gram.y:659 +msgid "\"CHROOT\" path too long" +msgstr "" + +#: gram.y:788 #, c-format msgid "syntax error, reserved word %s used as an alias name" msgstr "" -#: gram.y:739 +#: gram.y:811 msgid "invalid notbefore value" msgstr "" -#: gram.y:747 +#: gram.y:820 msgid "invalid notafter value" msgstr "" -#: gram.y:756 plugins/sudoers/policy.c:335 +#: gram.y:830 plugins/sudoers/policy.c:353 msgid "timeout value too large" msgstr "" -#: gram.y:758 plugins/sudoers/policy.c:337 +#: gram.y:832 plugins/sudoers/policy.c:355 msgid "invalid timeout value" msgstr "" -#: gram.y:1077 +#: gram.y:946 plugins/sudoers/sudoers.c:998 +msgid "command too long" +msgstr "" + +#: gram.y:1203 #, c-format msgid "%s:%d:%d: %s\n" msgstr "" -#: gram.y:1121 +#: gram.y:1247 #, c-format msgid "Alias \"%s\" already defined" msgstr "" -#: gram.y:1534 lib/eventlog/eventlog.c:288 lib/eventlog/eventlog.c:761 -#: lib/eventlog/eventlog.c:823 lib/eventlog/eventlog.c:824 -#: lib/eventlog/eventlog.c:1070 lib/iolog/iolog_fileio.c:998 -#: lib/iolog/iolog_json.c:120 lib/iolog/iolog_json.c:304 -#: lib/iolog/iolog_json.c:335 lib/iolog/iolog_json.c:457 -#: lib/iolog/iolog_json.c:735 lib/iolog/iolog_util.c:106 -#: lib/iolog/iolog_util.c:115 lib/iolog/iolog_util.c:125 -#: lib/iolog/iolog_util.c:133 lib/iolog/iolog_util.c:137 -#: lib/iolog/iolog_util.c:196 logsrvd/logsrvd.c:1290 logsrvd/logsrvd.c:1303 -#: logsrvd/logsrvd.c:1348 logsrvd/sendlog.c:480 logsrvd/sendlog.c:1321 -#: logsrvd/sendlog.c:1328 logsrvd/sendlog.c:1746 plugins/sudoers/audit.c:115 -#: plugins/sudoers/audit.c:265 plugins/sudoers/auth/pam.c:482 -#: plugins/sudoers/auth/pam.c:669 plugins/sudoers/auth/rfc1938.c:111 -#: plugins/sudoers/cvtsudoers.c:119 plugins/sudoers/cvtsudoers.c:159 -#: plugins/sudoers/cvtsudoers.c:176 plugins/sudoers/cvtsudoers.c:187 -#: plugins/sudoers/cvtsudoers.c:299 plugins/sudoers/cvtsudoers.c:427 -#: plugins/sudoers/cvtsudoers.c:560 plugins/sudoers/cvtsudoers.c:577 -#: plugins/sudoers/cvtsudoers.c:641 plugins/sudoers/cvtsudoers.c:756 -#: plugins/sudoers/cvtsudoers.c:763 plugins/sudoers/cvtsudoers.c:1178 -#: plugins/sudoers/cvtsudoers.c:1182 plugins/sudoers/cvtsudoers.c:1284 +#: gram.y:1745 gram.y:1795 lib/eventlog/eventlog.c:309 +#: lib/eventlog/eventlog.c:804 lib/eventlog/eventlog.c:877 +#: lib/eventlog/eventlog.c:880 lib/eventlog/eventlog.c:1176 +#: lib/iolog/iolog_json.c:150 lib/iolog/iolog_json.c:381 +#: lib/iolog/iolog_json.c:412 lib/iolog/iolog_json.c:555 +#: lib/iolog/iolog_legacy.c:100 lib/iolog/iolog_legacy.c:111 +#: lib/iolog/iolog_legacy.c:123 lib/iolog/iolog_legacy.c:133 +#: lib/iolog/iolog_legacy.c:139 lib/iolog/iolog_loginfo.c:76 +#: lib/iolog/iolog_loginfo.c:212 logsrvd/iolog_writer.c:84 +#: logsrvd/iolog_writer.c:89 logsrvd/iolog_writer.c:123 +#: logsrvd/iolog_writer.c:162 logsrvd/iolog_writer.c:171 +#: logsrvd/iolog_writer.c:189 logsrvd/iolog_writer.c:211 +#: logsrvd/iolog_writer.c:224 logsrvd/iolog_writer.c:251 +#: logsrvd/iolog_writer.c:260 logsrvd/iolog_writer.c:276 +#: logsrvd/iolog_writer.c:285 logsrvd/iolog_writer.c:300 +#: logsrvd/iolog_writer.c:313 logsrvd/iolog_writer.c:326 +#: logsrvd/iolog_writer.c:339 logsrvd/iolog_writer.c:354 +#: logsrvd/iolog_writer.c:393 logsrvd/iolog_writer.c:399 +#: logsrvd/iolog_writer.c:406 logsrvd/iolog_writer.c:412 +#: logsrvd/iolog_writer.c:596 logsrvd/logsrv_util.c:64 logsrvd/logsrvd.c:296 +#: logsrvd/logsrvd.c:305 logsrvd/logsrvd.c:448 logsrvd/logsrvd.c:485 +#: logsrvd/logsrvd.c:593 logsrvd/logsrvd.c:1084 logsrvd/logsrvd.c:1400 +#: logsrvd/logsrvd.c:1406 logsrvd/logsrvd_conf.c:1360 +#: logsrvd/logsrvd_journal.c:70 logsrvd/logsrvd_journal.c:114 +#: logsrvd/logsrvd_journal.c:203 logsrvd/logsrvd_journal.c:233 +#: logsrvd/logsrvd_journal.c:237 logsrvd/logsrvd_journal.c:245 +#: logsrvd/logsrvd_journal.c:268 logsrvd/logsrvd_journal.c:272 +#: logsrvd/logsrvd_journal.c:425 logsrvd/logsrvd_local.c:174 +#: logsrvd/logsrvd_local.c:237 logsrvd/logsrvd_local.c:425 +#: logsrvd/logsrvd_local.c:431 logsrvd/logsrvd_local.c:450 +#: logsrvd/logsrvd_queue.c:153 logsrvd/logsrvd_queue.c:184 +#: logsrvd/logsrvd_queue.c:261 logsrvd/sendlog.c:246 logsrvd/sendlog.c:255 +#: logsrvd/sendlog.c:333 logsrvd/sendlog.c:640 logsrvd/sendlog.c:1526 +#: logsrvd/sendlog.c:1533 logsrvd/sendlog.c:1756 logsrvd/tls_init.c:293 +#: logsrvd/tls_init.c:314 logsrvd/tls_init.c:324 plugins/sudoers/audit.c:116 +#: plugins/sudoers/auth/pam.c:502 plugins/sudoers/auth/pam.c:688 +#: plugins/sudoers/auth/rfc1938.c:111 plugins/sudoers/check_aliases.c:134 +#: plugins/sudoers/cvtsudoers.c:131 plugins/sudoers/cvtsudoers.c:174 +#: plugins/sudoers/cvtsudoers.c:191 plugins/sudoers/cvtsudoers.c:202 +#: plugins/sudoers/cvtsudoers.c:332 plugins/sudoers/cvtsudoers.c:536 +#: plugins/sudoers/cvtsudoers.c:669 plugins/sudoers/cvtsudoers.c:687 +#: plugins/sudoers/cvtsudoers.c:758 plugins/sudoers/cvtsudoers.c:873 +#: plugins/sudoers/cvtsudoers.c:880 plugins/sudoers/cvtsudoers.c:1376 +#: plugins/sudoers/cvtsudoers.c:1380 plugins/sudoers/cvtsudoers.c:1482 +#: plugins/sudoers/cvtsudoers_csv.c:182 plugins/sudoers/cvtsudoers_csv.c:245 #: plugins/sudoers/cvtsudoers_json.c:75 plugins/sudoers/cvtsudoers_ldif.c:150 #: plugins/sudoers/cvtsudoers_ldif.c:193 plugins/sudoers/cvtsudoers_ldif.c:234 -#: plugins/sudoers/cvtsudoers_ldif.c:299 plugins/sudoers/cvtsudoers_ldif.c:370 -#: plugins/sudoers/cvtsudoers_ldif.c:420 plugins/sudoers/cvtsudoers_ldif.c:428 -#: plugins/sudoers/cvtsudoers_ldif.c:439 plugins/sudoers/cvtsudoers_ldif.c:446 -#: plugins/sudoers/cvtsudoers_ldif.c:459 plugins/sudoers/cvtsudoers_ldif.c:467 -#: plugins/sudoers/cvtsudoers_ldif.c:614 plugins/sudoers/defaults.c:634 -#: plugins/sudoers/defaults.c:927 plugins/sudoers/defaults.c:1102 -#: plugins/sudoers/editor.c:181 plugins/sudoers/env.c:261 +#: plugins/sudoers/cvtsudoers_ldif.c:299 plugins/sudoers/cvtsudoers_ldif.c:375 +#: plugins/sudoers/cvtsudoers_ldif.c:429 plugins/sudoers/cvtsudoers_ldif.c:437 +#: plugins/sudoers/cvtsudoers_ldif.c:448 plugins/sudoers/cvtsudoers_ldif.c:455 +#: plugins/sudoers/cvtsudoers_ldif.c:468 plugins/sudoers/cvtsudoers_ldif.c:476 +#: plugins/sudoers/cvtsudoers_ldif.c:623 plugins/sudoers/cvtsudoers_merge.c:273 +#: plugins/sudoers/cvtsudoers_merge.c:337 +#: plugins/sudoers/cvtsudoers_merge.c:383 +#: plugins/sudoers/cvtsudoers_merge.c:429 +#: plugins/sudoers/cvtsudoers_merge.c:450 +#: plugins/sudoers/cvtsudoers_merge.c:537 +#: plugins/sudoers/cvtsudoers_merge.c:545 +#: plugins/sudoers/cvtsudoers_merge.c:548 +#: plugins/sudoers/cvtsudoers_merge.c:614 +#: plugins/sudoers/cvtsudoers_merge.c:617 +#: plugins/sudoers/cvtsudoers_merge.c:821 +#: plugins/sudoers/cvtsudoers_merge.c:829 +#: plugins/sudoers/cvtsudoers_merge.c:1117 +#: plugins/sudoers/cvtsudoers_merge.c:1187 +#: plugins/sudoers/cvtsudoers_merge.c:1193 +#: plugins/sudoers/cvtsudoers_merge.c:1201 plugins/sudoers/defaults.c:665 +#: plugins/sudoers/defaults.c:1027 plugins/sudoers/defaults.c:1214 +#: plugins/sudoers/editor.c:190 plugins/sudoers/env.c:262 #: plugins/sudoers/exptilde.c:92 plugins/sudoers/filedigest.c:54 -#: plugins/sudoers/filedigest.c:70 plugins/sudoers/gc.c:56 -#: plugins/sudoers/group_plugin.c:132 plugins/sudoers/interfaces.c:72 -#: plugins/sudoers/iolog.c:596 plugins/sudoers/iolog.c:613 -#: plugins/sudoers/ldap.c:184 plugins/sudoers/ldap.c:422 -#: plugins/sudoers/ldap.c:432 plugins/sudoers/ldap.c:437 -#: plugins/sudoers/ldap.c:441 plugins/sudoers/ldap.c:453 -#: plugins/sudoers/ldap.c:744 plugins/sudoers/ldap.c:908 -#: plugins/sudoers/ldap.c:1281 plugins/sudoers/ldap.c:1709 -#: plugins/sudoers/ldap.c:1746 plugins/sudoers/ldap.c:1827 -#: plugins/sudoers/ldap.c:1962 plugins/sudoers/ldap.c:2063 -#: plugins/sudoers/ldap.c:2079 plugins/sudoers/ldap_conf.c:218 +#: plugins/sudoers/filedigest.c:70 plugins/sudoers/gc.c:57 +#: plugins/sudoers/group_plugin.c:132 plugins/sudoers/interfaces.c:68 +#: plugins/sudoers/iolog.c:609 plugins/sudoers/iolog.c:635 +#: plugins/sudoers/ldap.c:184 plugins/sudoers/ldap.c:433 +#: plugins/sudoers/ldap.c:443 plugins/sudoers/ldap.c:448 +#: plugins/sudoers/ldap.c:452 plugins/sudoers/ldap.c:464 +#: plugins/sudoers/ldap.c:760 plugins/sudoers/ldap.c:924 +#: plugins/sudoers/ldap.c:1340 plugins/sudoers/ldap.c:1766 +#: plugins/sudoers/ldap.c:1803 plugins/sudoers/ldap.c:1884 +#: plugins/sudoers/ldap.c:2019 plugins/sudoers/ldap.c:2120 +#: plugins/sudoers/ldap.c:2136 plugins/sudoers/ldap_conf.c:218 #: plugins/sudoers/ldap_conf.c:249 plugins/sudoers/ldap_conf.c:301 -#: plugins/sudoers/ldap_conf.c:337 plugins/sudoers/ldap_conf.c:441 -#: plugins/sudoers/ldap_conf.c:456 plugins/sudoers/ldap_conf.c:553 -#: plugins/sudoers/ldap_conf.c:586 plugins/sudoers/ldap_conf.c:677 -#: plugins/sudoers/ldap_conf.c:760 plugins/sudoers/ldap_util.c:325 -#: plugins/sudoers/ldap_util.c:332 plugins/sudoers/ldap_util.c:603 -#: plugins/sudoers/linux_audit.c:86 plugins/sudoers/log_client.c:105 -#: plugins/sudoers/log_client.c:214 plugins/sudoers/log_client.c:235 -#: plugins/sudoers/log_client.c:248 plugins/sudoers/log_client.c:381 -#: plugins/sudoers/log_client.c:686 plugins/sudoers/log_client.c:704 -#: plugins/sudoers/log_client.c:1413 plugins/sudoers/log_client.c:1626 -#: plugins/sudoers/log_client.c:1951 plugins/sudoers/log_client.c:2008 -#: plugins/sudoers/logging.c:100 plugins/sudoers/logging.c:165 -#: plugins/sudoers/logging.c:166 plugins/sudoers/logging.c:425 -#: plugins/sudoers/logging.c:445 plugins/sudoers/logging.c:527 -#: plugins/sudoers/match_command.c:276 plugins/sudoers/match_command.c:444 -#: plugins/sudoers/match_command.c:494 plugins/sudoers/match_command.c:569 -#: plugins/sudoers/match_digest.c:93 plugins/sudoers/parse.c:198 -#: plugins/sudoers/parse.c:212 plugins/sudoers/parse.c:229 -#: plugins/sudoers/parse.c:243 plugins/sudoers/parse.c:263 -#: plugins/sudoers/parse.c:274 plugins/sudoers/parse_ldif.c:152 -#: plugins/sudoers/parse_ldif.c:183 plugins/sudoers/parse_ldif.c:252 -#: plugins/sudoers/parse_ldif.c:259 plugins/sudoers/parse_ldif.c:264 -#: plugins/sudoers/parse_ldif.c:340 plugins/sudoers/parse_ldif.c:351 -#: plugins/sudoers/parse_ldif.c:378 plugins/sudoers/parse_ldif.c:395 -#: plugins/sudoers/parse_ldif.c:407 plugins/sudoers/parse_ldif.c:411 -#: plugins/sudoers/parse_ldif.c:425 plugins/sudoers/parse_ldif.c:594 -#: plugins/sudoers/parse_ldif.c:623 plugins/sudoers/parse_ldif.c:648 -#: plugins/sudoers/parse_ldif.c:706 plugins/sudoers/parse_ldif.c:723 -#: plugins/sudoers/parse_ldif.c:751 plugins/sudoers/parse_ldif.c:758 -#: plugins/sudoers/policy.c:139 plugins/sudoers/policy.c:148 -#: plugins/sudoers/policy.c:157 plugins/sudoers/policy.c:183 -#: plugins/sudoers/policy.c:320 plugins/sudoers/policy.c:335 -#: plugins/sudoers/policy.c:337 plugins/sudoers/policy.c:366 -#: plugins/sudoers/policy.c:375 plugins/sudoers/policy.c:418 -#: plugins/sudoers/policy.c:428 plugins/sudoers/policy.c:437 -#: plugins/sudoers/policy.c:446 plugins/sudoers/policy.c:526 -#: plugins/sudoers/policy.c:874 plugins/sudoers/prompt.c:93 -#: plugins/sudoers/pwutil.c:194 plugins/sudoers/pwutil.c:265 -#: plugins/sudoers/pwutil.c:343 plugins/sudoers/pwutil.c:517 -#: plugins/sudoers/pwutil.c:581 plugins/sudoers/pwutil.c:652 -#: plugins/sudoers/pwutil.c:811 plugins/sudoers/pwutil.c:867 -#: plugins/sudoers/pwutil.c:911 plugins/sudoers/pwutil.c:968 -#: plugins/sudoers/set_perms.c:359 plugins/sudoers/set_perms.c:698 -#: plugins/sudoers/set_perms.c:1061 plugins/sudoers/set_perms.c:1364 -#: plugins/sudoers/set_perms.c:1529 plugins/sudoers/sssd.c:144 -#: plugins/sudoers/sssd.c:407 plugins/sudoers/sssd.c:470 -#: plugins/sudoers/sssd.c:514 plugins/sudoers/sssd.c:561 -#: plugins/sudoers/sssd.c:754 plugins/sudoers/stubs.c:110 -#: plugins/sudoers/stubs.c:118 plugins/sudoers/sudoers.c:298 -#: plugins/sudoers/sudoers.c:324 plugins/sudoers/sudoers.c:368 -#: plugins/sudoers/sudoers.c:379 plugins/sudoers/sudoers.c:389 -#: plugins/sudoers/sudoers.c:431 plugins/sudoers/sudoers.c:792 -#: plugins/sudoers/sudoers.c:927 plugins/sudoers/sudoers.c:961 -#: plugins/sudoers/sudoers.c:1265 plugins/sudoers/sudoreplay.c:552 -#: plugins/sudoers/sudoreplay.c:555 plugins/sudoers/sudoreplay.c:1259 -#: plugins/sudoers/sudoreplay.c:1469 plugins/sudoers/sudoreplay.c:1473 -#: plugins/sudoers/testsudoers.c:128 plugins/sudoers/testsudoers.c:228 -#: plugins/sudoers/testsudoers.c:245 plugins/sudoers/testsudoers.c:587 -#: plugins/sudoers/timestamp.c:422 plugins/sudoers/timestamp.c:466 -#: plugins/sudoers/timestamp.c:967 plugins/sudoers/toke_util.c:51 -#: plugins/sudoers/toke_util.c:104 plugins/sudoers/toke_util.c:128 -#: plugins/sudoers/toke_util.c:157 plugins/sudoers/tsdump.c:123 -#: plugins/sudoers/visudo.c:145 plugins/sudoers/visudo.c:323 -#: plugins/sudoers/visudo.c:329 plugins/sudoers/visudo.c:439 -#: plugins/sudoers/visudo.c:615 plugins/sudoers/visudo.c:935 -#: plugins/sudoers/visudo.c:1008 plugins/sudoers/visudo.c:1129 toke.l:916 -#: toke.l:1036 toke.l:1094 +#: plugins/sudoers/ldap_conf.c:337 plugins/sudoers/ldap_conf.c:443 +#: plugins/sudoers/ldap_conf.c:458 plugins/sudoers/ldap_conf.c:563 +#: plugins/sudoers/ldap_conf.c:596 plugins/sudoers/ldap_conf.c:687 +#: plugins/sudoers/ldap_conf.c:770 plugins/sudoers/ldap_util.c:292 +#: plugins/sudoers/ldap_util.c:299 plugins/sudoers/ldap_util.c:613 +#: plugins/sudoers/linux_audit.c:86 plugins/sudoers/log_client.c:112 +#: plugins/sudoers/log_client.c:221 plugins/sudoers/log_client.c:242 +#: plugins/sudoers/log_client.c:255 plugins/sudoers/log_client.c:390 +#: plugins/sudoers/log_client.c:703 plugins/sudoers/log_client.c:724 +#: plugins/sudoers/log_client.c:1444 plugins/sudoers/log_client.c:1662 +#: plugins/sudoers/log_client.c:1989 plugins/sudoers/log_client.c:2046 +#: plugins/sudoers/logging.c:104 plugins/sudoers/logging.c:183 +#: plugins/sudoers/logging.c:184 plugins/sudoers/logging.c:467 +#: plugins/sudoers/logging.c:487 plugins/sudoers/logging.c:627 +#: plugins/sudoers/match_command.c:296 plugins/sudoers/match_command.c:496 +#: plugins/sudoers/match_command.c:545 plugins/sudoers/match_command.c:618 +#: plugins/sudoers/match_command.c:665 plugins/sudoers/match_digest.c:93 +#: plugins/sudoers/parse.c:200 plugins/sudoers/parse.c:217 +#: plugins/sudoers/parse.c:249 plugins/sudoers/parse.c:266 +#: plugins/sudoers/parse.c:289 plugins/sudoers/parse.c:300 +#: plugins/sudoers/parse_ldif.c:152 plugins/sudoers/parse_ldif.c:183 +#: plugins/sudoers/parse_ldif.c:252 plugins/sudoers/parse_ldif.c:260 +#: plugins/sudoers/parse_ldif.c:265 plugins/sudoers/parse_ldif.c:341 +#: plugins/sudoers/parse_ldif.c:352 plugins/sudoers/parse_ldif.c:379 +#: plugins/sudoers/parse_ldif.c:396 plugins/sudoers/parse_ldif.c:408 +#: plugins/sudoers/parse_ldif.c:412 plugins/sudoers/parse_ldif.c:426 +#: plugins/sudoers/parse_ldif.c:484 plugins/sudoers/parse_ldif.c:597 +#: plugins/sudoers/parse_ldif.c:626 plugins/sudoers/parse_ldif.c:651 +#: plugins/sudoers/parse_ldif.c:709 plugins/sudoers/parse_ldif.c:726 +#: plugins/sudoers/parse_ldif.c:754 plugins/sudoers/parse_ldif.c:761 +#: plugins/sudoers/policy.c:152 plugins/sudoers/policy.c:161 +#: plugins/sudoers/policy.c:170 plugins/sudoers/policy.c:197 +#: plugins/sudoers/policy.c:338 plugins/sudoers/policy.c:353 +#: plugins/sudoers/policy.c:355 plugins/sudoers/policy.c:391 +#: plugins/sudoers/policy.c:400 plugins/sudoers/policy.c:448 +#: plugins/sudoers/policy.c:458 plugins/sudoers/policy.c:467 +#: plugins/sudoers/policy.c:476 plugins/sudoers/policy.c:570 +#: plugins/sudoers/policy.c:981 plugins/sudoers/prompt.c:93 +#: plugins/sudoers/pwutil.c:199 plugins/sudoers/pwutil.c:270 +#: plugins/sudoers/pwutil.c:348 plugins/sudoers/pwutil.c:522 +#: plugins/sudoers/pwutil.c:587 plugins/sudoers/pwutil.c:659 +#: plugins/sudoers/pwutil.c:857 plugins/sudoers/pwutil.c:913 +#: plugins/sudoers/pwutil.c:957 plugins/sudoers/pwutil.c:1014 +#: plugins/sudoers/set_perms.c:363 plugins/sudoers/set_perms.c:706 +#: plugins/sudoers/set_perms.c:1073 plugins/sudoers/set_perms.c:1380 +#: plugins/sudoers/set_perms.c:1549 plugins/sudoers/sssd.c:144 +#: plugins/sudoers/sssd.c:410 plugins/sudoers/sssd.c:473 +#: plugins/sudoers/sssd.c:517 plugins/sudoers/sssd.c:561 +#: plugins/sudoers/sssd.c:754 plugins/sudoers/strvec_join.c:53 +#: plugins/sudoers/stubs.c:111 plugins/sudoers/stubs.c:119 +#: plugins/sudoers/sudoers.c:335 plugins/sudoers/sudoers.c:361 +#: plugins/sudoers/sudoers.c:429 plugins/sudoers/sudoers.c:438 +#: plugins/sudoers/sudoers.c:479 plugins/sudoers/sudoers.c:842 +#: plugins/sudoers/sudoers.c:980 plugins/sudoers/sudoers.c:1039 +#: plugins/sudoers/sudoers.c:1305 plugins/sudoers/sudoreplay.c:562 +#: plugins/sudoers/sudoreplay.c:565 plugins/sudoers/sudoreplay.c:1280 +#: plugins/sudoers/sudoreplay.c:1500 plugins/sudoers/sudoreplay.c:1504 +#: plugins/sudoers/testsudoers.c:120 plugins/sudoers/testsudoers.c:224 +#: plugins/sudoers/testsudoers.c:241 plugins/sudoers/testsudoers.c:580 +#: plugins/sudoers/timestamp.c:424 plugins/sudoers/timestamp.c:468 +#: plugins/sudoers/timestamp.c:980 plugins/sudoers/timestamp.c:1118 +#: plugins/sudoers/toke_util.c:77 plugins/sudoers/toke_util.c:105 +#: plugins/sudoers/toke_util.c:130 plugins/sudoers/toke_util.c:154 +#: plugins/sudoers/toke_util.c:193 plugins/sudoers/tsdump.c:123 +#: plugins/sudoers/visudo.c:145 plugins/sudoers/visudo.c:344 +#: plugins/sudoers/visudo.c:350 plugins/sudoers/visudo.c:456 +#: plugins/sudoers/visudo.c:632 plugins/sudoers/visudo.c:962 +#: plugins/sudoers/visudo.c:1035 toke.l:944 toke.l:1076 toke.l:1139 toke.l:1147 #, c-format msgid "%s: %s" msgstr "" -#: lib/eventlog/eventlog.c:293 lib/iolog/iolog_json.c:463 -#: lib/iolog/iolog_json.c:466 lib/iolog/iolog_json.c:468 -#: lib/iolog/iolog_json.c:560 plugins/sudoers/cvtsudoers_ldif.c:244 -#: plugins/sudoers/cvtsudoers_ldif.c:251 plugins/sudoers/cvtsudoers_ldif.c:571 -#: plugins/sudoers/env.c:323 plugins/sudoers/env.c:330 -#: plugins/sudoers/env.c:437 plugins/sudoers/iolog.c:618 -#: plugins/sudoers/ldap.c:517 plugins/sudoers/ldap.c:748 -#: plugins/sudoers/ldap.c:1081 plugins/sudoers/ldap_conf.c:222 -#: plugins/sudoers/ldap_conf.c:312 plugins/sudoers/linux_audit.c:92 -#: plugins/sudoers/policy.c:556 plugins/sudoers/policy.c:711 -#: plugins/sudoers/policy.c:721 plugins/sudoers/prompt.c:161 -#: plugins/sudoers/sudoers.c:983 plugins/sudoers/testsudoers.c:249 -#: plugins/sudoers/toke_util.c:169 +#: lib/eventlog/eventlog.c:314 lib/iolog/iolog_json.c:562 +#: lib/iolog/iolog_json.c:568 lib/iolog/iolog_json.c:574 +#: plugins/sudoers/cvtsudoers_csv.c:192 plugins/sudoers/cvtsudoers_csv.c:199 +#: plugins/sudoers/cvtsudoers_ldif.c:244 plugins/sudoers/cvtsudoers_ldif.c:251 +#: plugins/sudoers/cvtsudoers_ldif.c:580 plugins/sudoers/env.c:326 +#: plugins/sudoers/env.c:333 plugins/sudoers/env.c:444 +#: plugins/sudoers/ldap.c:531 plugins/sudoers/ldap.c:764 +#: plugins/sudoers/ldap.c:1137 plugins/sudoers/ldap_conf.c:222 +#: plugins/sudoers/ldap_conf.c:312 plugins/sudoers/ldap_util.c:485 +#: plugins/sudoers/linux_audit.c:92 plugins/sudoers/policy.c:600 +#: plugins/sudoers/policy.c:769 plugins/sudoers/policy.c:780 +#: plugins/sudoers/prompt.c:168 plugins/sudoers/strvec_join.c:62 +#: plugins/sudoers/testsudoers.c:245 plugins/sudoers/toke_util.c:206 toke.l:908 +#: toke.l:1110 #, c-format msgid "internal error, %s overflow" msgstr "" -#: lib/eventlog/eventlog.c:351 +#: lib/eventlog/eventlog.c:373 #, c-format msgid "unable to dup stdin: %m" msgstr "" -#: lib/eventlog/eventlog.c:396 +#: lib/eventlog/eventlog.c:415 #, c-format msgid "unable to execute %s: %m" msgstr "" -#: lib/eventlog/eventlog.c:436 plugins/sudoers/auth/aix_auth.c:198 +#: lib/eventlog/eventlog.c:456 plugins/sudoers/auth/aix_auth.c:198 msgid "unable to fork" msgstr "" -#: lib/eventlog/eventlog.c:444 lib/eventlog/eventlog.c:498 +#: lib/eventlog/eventlog.c:464 lib/eventlog/eventlog.c:518 #, c-format msgid "unable to fork: %m" msgstr "" -#: lib/eventlog/eventlog.c:488 +#: lib/eventlog/eventlog.c:508 #, c-format msgid "unable to open pipe: %m" msgstr "" -#: lib/eventlog/eventlog.c:902 +#: lib/eventlog/eventlog.c:1007 #, c-format msgid "%8s : %s" msgstr "" -#: lib/eventlog/eventlog.c:931 +#: lib/eventlog/eventlog.c:1036 #, c-format msgid "%8s : (command continued) %s" msgstr "" -#: lib/iolog/iolog_fileio.c:155 +#: lib/iolog/iolog_json.c:140 #, c-format -msgid "%s exists but is not a directory (0%o)" +msgid "expected JSON_STRING, got %d" msgstr "" -#: lib/iolog/iolog_fileio.c:185 lib/iolog/iolog_fileio.c:231 -#: plugins/sudoers/timestamp.c:205 -#, c-format -msgid "unable to mkdir %s" +#: lib/iolog/iolog_json.c:145 +msgid "JSON_ARRAY too large" +msgstr "" + +#: lib/iolog/iolog_json.c:404 +msgid "missing double quote in name" +msgstr "" + +#: lib/iolog/iolog_json.c:501 +msgid "missing JSON_OBJECT" msgstr "" -#: lib/iolog/iolog_fileio.c:235 plugins/sudoers/visudo.c:732 -#: plugins/sudoers/visudo.c:743 +#: lib/iolog/iolog_json.c:505 #, c-format -msgid "unable to change mode of %s to 0%o" +msgid "expected JSON_OBJECT, got %d" msgstr "" -#: lib/iolog/iolog_json.c:114 +#: lib/iolog/iolog_json.c:661 #, c-format -msgid "expected JSON_STRING, got %d" +msgid "json stack exhausted (max %u frames)" msgstr "" -#: lib/iolog/iolog_json.c:327 -msgid "missing double quote in name" +#: lib/iolog/iolog_json.c:735 +msgid "objects must consist of name:value pairs" msgstr "" -#: lib/iolog/iolog_json.c:414 -#, c-format -msgid "expected JSON_OBJECT, got %d" +#: lib/iolog/iolog_json.c:740 lib/iolog/iolog_json.c:771 +#: lib/iolog/iolog_json.c:815 lib/iolog/iolog_json.c:837 +#: lib/iolog/iolog_json.c:859 lib/iolog/iolog_json.c:881 +#: lib/iolog/iolog_json.c:903 +msgid "missing separator between values" msgstr "" -#: lib/iolog/iolog_json.c:629 lib/iolog/iolog_json.c:753 +#: lib/iolog/iolog_json.c:755 lib/iolog/iolog_json.c:929 msgid "unmatched close brace" msgstr "" -#: lib/iolog/iolog_json.c:638 +#: lib/iolog/iolog_json.c:766 msgid "unexpected array" msgstr "" -#: lib/iolog/iolog_json.c:651 lib/iolog/iolog_json.c:755 +#: lib/iolog/iolog_json.c:786 lib/iolog/iolog_json.c:932 msgid "unmatched close bracket" msgstr "" -#: lib/iolog/iolog_json.c:659 +#: lib/iolog/iolog_json.c:797 msgid "unexpected string" msgstr "" -#: lib/iolog/iolog_json.c:669 +#: lib/iolog/iolog_json.c:808 msgid "missing colon after name" msgstr "" -#: lib/iolog/iolog_json.c:680 lib/iolog/iolog_json.c:695 -#: lib/iolog/iolog_json.c:710 +#: lib/iolog/iolog_json.c:829 lib/iolog/iolog_json.c:851 msgid "unexpected boolean" msgstr "" -#: lib/iolog/iolog_json.c:726 +#: lib/iolog/iolog_json.c:873 +msgid "unexpected null" +msgstr "" + +#: lib/iolog/iolog_json.c:894 msgid "unexpected number" msgstr "" -#: lib/iolog/iolog_json.c:763 -#, c-format -msgid "%s:%u unable to parse \"%s\"" +#: lib/iolog/iolog_json.c:941 +msgid "parse error" msgstr "" -#: lib/iolog/iolog_util.c:71 +#: lib/iolog/iolog_legacy.c:65 #, c-format msgid "%s: invalid log file" msgstr "" -#: lib/iolog/iolog_util.c:89 +#: lib/iolog/iolog_legacy.c:83 #, c-format msgid "%s: time stamp field is missing" msgstr "" -#: lib/iolog/iolog_util.c:95 +#: lib/iolog/iolog_legacy.c:89 #, c-format msgid "%s: time stamp %s: %s" msgstr "" -#: lib/iolog/iolog_util.c:102 +#: lib/iolog/iolog_legacy.c:96 #, c-format msgid "%s: user field is missing" msgstr "" -#: lib/iolog/iolog_util.c:111 +#: lib/iolog/iolog_legacy.c:107 #, c-format msgid "%s: runas user field is missing" msgstr "" -#: lib/iolog/iolog_util.c:120 +#: lib/iolog/iolog_legacy.c:118 #, c-format msgid "%s: runas group field is missing" msgstr "" -#: lib/iolog/iolog_util.c:419 +#: lib/iolog/iolog_mkdirs.c:89 +#, c-format +msgid "%s exists but is not a directory (0%o)" +msgstr "" + +#: lib/iolog/iolog_mkdirs.c:119 lib/iolog/iolog_mkdtemp.c:77 +#: logsrvd/iolog_writer.c:807 plugins/sudoers/timestamp.c:205 +#, c-format +msgid "unable to mkdir %s" +msgstr "" + +#: lib/iolog/iolog_mkdtemp.c:81 plugins/sudoers/visudo.c:731 +#: plugins/sudoers/visudo.c:765 plugins/sudoers/visudo.c:771 +#, c-format +msgid "unable to change mode of %s to 0%o" +msgstr "" + +#: lib/iolog/iolog_timing.c:261 #, c-format msgid "error reading timing file: %s" msgstr "" -#: lib/iolog/iolog_util.c:426 +#: lib/iolog/iolog_timing.c:268 #, c-format msgid "invalid timing file line: %s" msgstr "" -#: logsrvd/iolog_writer.c:919 -msgid "log is already complete, cannot be restarted" +#: logsrvd/iolog_writer.c:130 plugins/sudoers/logging.c:803 +#: plugins/sudoers/policy.c:550 +msgid "unable to generate UUID" msgstr "" -#: logsrvd/iolog_writer.c:950 -msgid "unable to restart log" +#: logsrvd/iolog_writer.c:158 logsrvd/iolog_writer.c:176 +#: logsrvd/iolog_writer.c:185 logsrvd/iolog_writer.c:203 +#: logsrvd/iolog_writer.c:216 logsrvd/iolog_writer.c:229 +#: logsrvd/iolog_writer.c:240 logsrvd/iolog_writer.c:247 +#: logsrvd/iolog_writer.c:265 logsrvd/iolog_writer.c:272 +#: logsrvd/iolog_writer.c:290 logsrvd/iolog_writer.c:305 +#: logsrvd/iolog_writer.c:318 logsrvd/iolog_writer.c:331 +#: logsrvd/iolog_writer.c:344 logsrvd/iolog_writer.c:359 +#, c-format +msgid "%s: protocol error: wrong type for %s" msgstr "" -#: logsrvd/logsrv_util.c:99 logsrvd/logsrv_util.c:106 -#: plugins/sudoers/sudoreplay.c:352 plugins/sudoers/sudoreplay.c:358 +#: logsrvd/iolog_writer.c:370 logsrvd/iolog_writer.c:375 +#: logsrvd/iolog_writer.c:380 logsrvd/iolog_writer.c:385 #, c-format -msgid "unable to open %s/%s" +msgid "%s: protocol error: %s missing from AcceptMessage" msgstr "" -#: logsrvd/logsrv_util.c:133 +#: logsrvd/iolog_writer.c:446 #, c-format -msgid "missing I/O log file %s/%s" +msgid "%s: unable to format session id" msgstr "" -#: logsrvd/logsrv_util.c:140 +#: logsrvd/iolog_writer.c:460 logsrvd/iolog_writer.c:474 +#: logsrvd/iolog_writer.c:488 logsrvd/iolog_writer.c:503 +#: logsrvd/iolog_writer.c:517 logsrvd/iolog_writer.c:531 #, c-format -msgid "%s/%s: unable to seek forward %zu" +msgid "%s: %s is not set" msgstr "" -#: logsrvd/logsrv_util.c:150 +#: logsrvd/iolog_writer.c:567 logsrvd/iolog_writer.c:574 #, c-format -msgid "unable to find resume point [%lld, %ld] in %s/%s" +msgid "unable to expand iolog path %s" msgstr "" -#: logsrvd/logsrvd.c:294 logsrvd/logsrvd.c:357 logsrvd/logsrvd.c:398 -#: logsrvd/logsrvd.c:453 logsrvd/logsrvd.c:521 logsrvd/logsrvd.c:572 -#: logsrvd/logsrvd.c:604 logsrvd/logsrvd.c:636 -msgid "state machine error" +#: logsrvd/iolog_writer.c:592 +#, c-format +msgid "unable to create iolog path %s" msgstr "" -#: logsrvd/logsrvd.c:303 -msgid "invalid AcceptMessage" +#: logsrvd/iolog_writer.c:622 +#, c-format +msgid "invalid iofd %d" msgstr "" -#: logsrvd/logsrvd.c:311 -msgid "error parsing AcceptMessage" +#: logsrvd/iolog_writer.c:642 +#, c-format +msgid "error closing iofd %d: %s" msgstr "" -#: logsrvd/logsrvd.c:318 -msgid "error creating I/O log" +#: logsrvd/iolog_writer.c:662 +#, c-format +msgid "error flushing iofd %d: %s" msgstr "" -#: logsrvd/logsrvd.c:325 -msgid "error logging accept event" +#: logsrvd/iolog_writer.c:777 +#, c-format +msgid "invalid I/O log %s: %s referenced but not present" msgstr "" -#: logsrvd/logsrvd.c:366 -msgid "invalid RejectMessage" +#: logsrvd/iolog_writer.c:789 logsrvd/logsrvd_journal.c:377 +#, c-format +msgid "%s: unable to find resume point [%lld, %ld]" msgstr "" -#: logsrvd/logsrvd.c:374 -msgid "error parsing RejectMessage" +#: logsrvd/iolog_writer.c:811 logsrvd/logsrvd_journal.c:420 +#: logsrvd/logsrvd_queue.c:110 logsrvd/tls_init.c:245 +#: plugins/sudoers/check.c:267 plugins/sudoers/cvtsudoers.c:730 +#: plugins/sudoers/cvtsudoers.c:751 plugins/sudoers/cvtsudoers.c:1442 +#: plugins/sudoers/cvtsudoers_csv.c:681 plugins/sudoers/cvtsudoers_json.c:885 +#: plugins/sudoers/cvtsudoers_ldif.c:697 plugins/sudoers/sudoers.c:1092 +#: plugins/sudoers/sudoreplay.c:1466 plugins/sudoers/timestamp.c:433 +#: plugins/sudoers/tsdump.c:128 plugins/sudoers/visudo.c:949 +#, c-format +msgid "unable to open %s" msgstr "" -#: logsrvd/logsrvd.c:380 -msgid "error logging reject event" +#: logsrvd/iolog_writer.c:823 logsrvd/logsrv_util.c:100 +#: logsrvd/logsrv_util.c:107 plugins/sudoers/sudoreplay.c:362 +#: plugins/sudoers/sudoreplay.c:368 +#, c-format +msgid "unable to open %s/%s" msgstr "" -#: logsrvd/logsrvd.c:490 -msgid "invalid AlertMessage" +#: logsrvd/iolog_writer.c:836 +#, c-format +msgid "unable to copy %s/%s to %s/%s: %s" msgstr "" -#: logsrvd/logsrvd.c:498 -msgid "error parsing AlertMessage" +#: logsrvd/iolog_writer.c:865 logsrvd/logsrvd_journal.c:185 +#, c-format +msgid "unable to rename %s to %s" msgstr "" -#: logsrvd/logsrvd.c:506 -msgid "error logging alert event" +#: logsrvd/logsrv_util.c:139 logsrvd/logsrv_util.c:168 +#, c-format +msgid "%s/%s: unable to find resume point [%lld, %ld]" msgstr "" -#: logsrvd/logsrvd.c:527 logsrvd/logsrvd.c:578 logsrvd/logsrvd.c:610 -msgid "protocol error" +#: logsrvd/logsrv_util.c:151 +#, c-format +msgid "missing I/O log file %s/%s" msgstr "" -#: logsrvd/logsrvd.c:537 -msgid "error writing IoBuffer" +#: logsrvd/logsrv_util.c:158 +#, c-format +msgid "%s/%s: unable to seek forward %zu" msgstr "" -#: logsrvd/logsrvd.c:589 -msgid "error writing ChangeWindowSize" +#: logsrvd/logsrvd.c:266 logsrvd/logsrvd_queue.c:130 +msgid "unable to connect to relay" msgstr "" -#: logsrvd/logsrvd.c:621 -msgid "error writing CommandSuspend" +#: logsrvd/logsrvd.c:325 logsrvd/logsrvd_relay.c:835 +#, c-format +msgid "server message too large: %zu" msgstr "" -#: logsrvd/logsrvd.c:706 -msgid "unrecognized ClientMessage type" +#: logsrvd/logsrvd.c:417 logsrvd/logsrvd.c:534 logsrvd/logsrvd.c:613 +#: logsrvd/logsrvd.c:837 logsrvd/logsrvd.c:851 logsrvd/logsrvd.c:1010 +#: logsrvd/logsrvd.c:1134 logsrvd/logsrvd.c:1307 logsrvd/logsrvd.c:1325 +#: logsrvd/logsrvd.c:1423 logsrvd/logsrvd.c:1546 logsrvd/logsrvd.c:1730 +#: logsrvd/logsrvd_journal.c:489 logsrvd/logsrvd_local.c:197 +#: logsrvd/logsrvd_queue.c:159 logsrvd/logsrvd_relay.c:167 +#: logsrvd/logsrvd_relay.c:244 logsrvd/logsrvd_relay.c:248 +#: logsrvd/logsrvd_relay.c:384 logsrvd/logsrvd_relay.c:576 +#: logsrvd/logsrvd_relay.c:737 logsrvd/logsrvd_relay.c:1121 +#: logsrvd/sendlog.c:1316 logsrvd/tls_client.c:131 logsrvd/tls_client.c:147 +#: logsrvd/tls_client.c:209 plugins/sudoers/audit.c:276 +#: plugins/sudoers/iolog.c:963 plugins/sudoers/iolog.c:1096 +#: plugins/sudoers/iolog.c:1194 plugins/sudoers/log_client.c:116 +#: plugins/sudoers/log_client.c:332 plugins/sudoers/log_client.c:348 +#: plugins/sudoers/log_client.c:395 plugins/sudoers/log_client.c:599 +#: plugins/sudoers/log_client.c:606 plugins/sudoers/log_client.c:1131 +#: plugins/sudoers/log_client.c:1413 plugins/sudoers/log_client.c:1454 +#: plugins/sudoers/log_client.c:1462 plugins/sudoers/log_client.c:1618 +#: plugins/sudoers/log_client.c:1734 plugins/sudoers/log_client.c:2054 +#: plugins/sudoers/log_client.c:2062 plugins/sudoers/logging.c:142 +#: plugins/sudoers/logging.c:198 plugins/sudoers/sudoreplay.c:522 +#: plugins/sudoers/sudoreplay.c:569 plugins/sudoers/sudoreplay.c:811 +#: plugins/sudoers/sudoreplay.c:923 plugins/sudoers/sudoreplay.c:1014 +#: plugins/sudoers/sudoreplay.c:1029 plugins/sudoers/sudoreplay.c:1036 +#: plugins/sudoers/sudoreplay.c:1043 plugins/sudoers/sudoreplay.c:1050 +#: plugins/sudoers/sudoreplay.c:1057 plugins/sudoers/sudoreplay.c:1184 +msgid "unable to add event to queue" msgstr "" -#: logsrvd/logsrvd.c:977 -msgid "client message too large" +#: logsrvd/logsrvd.c:441 logsrvd/logsrvd.c:478 logsrvd/logsrvd.c:510 +#: logsrvd/logsrvd.c:558 logsrvd/logsrvd.c:630 logsrvd/logsrvd.c:660 +#: logsrvd/logsrvd.c:690 logsrvd/logsrvd.c:720 logsrvd/logsrvd_relay.c:505 +#: logsrvd/logsrvd_relay.c:538 +#, c-format +msgid "unexpected state %d for %s" msgstr "" -#: logsrvd/logsrvd.c:1207 logsrvd/logsrvd.c:1215 -#, c-format -msgid "unable to set TLS 1.2 ciphersuite to %s: %s" +#: logsrvd/logsrvd.c:442 logsrvd/logsrvd.c:479 logsrvd/logsrvd.c:511 +#: logsrvd/logsrvd.c:559 logsrvd/logsrvd.c:631 logsrvd/logsrvd.c:661 +#: logsrvd/logsrvd.c:691 logsrvd/logsrvd.c:721 logsrvd/logsrvd_relay.c:507 +#: logsrvd/logsrvd_relay.c:540 +msgid "state machine error" msgstr "" -#: logsrvd/logsrvd.c:1235 logsrvd/logsrvd.c:1243 -#, c-format -msgid "unable to set TLS 1.3 ciphersuite to %s: %s" +#: logsrvd/logsrvd.c:448 logsrvd/logsrvd.c:449 +msgid "invalid AcceptMessage" +msgstr "" + +#: logsrvd/logsrvd.c:485 logsrvd/logsrvd.c:486 +msgid "invalid RejectMessage" +msgstr "" + +#: logsrvd/logsrvd.c:593 logsrvd/logsrvd.c:594 +msgid "invalid AlertMessage" msgstr "" -#: logsrvd/logsrvd.c:1279 +#: logsrvd/logsrvd.c:635 logsrvd/logsrvd.c:665 logsrvd/logsrvd.c:695 #, c-format -msgid "unable to get TLS server method: %s" +msgid "%s: unexpected IoBuffer" msgstr "" -#: logsrvd/logsrvd.c:1284 +#: logsrvd/logsrvd.c:636 logsrvd/logsrvd.c:666 logsrvd/logsrvd.c:696 +msgid "protocol error" +msgstr "" + +#: logsrvd/logsrvd.c:791 logsrvd/logsrvd_journal.c:357 +#: logsrvd/logsrvd_local.c:125 logsrvd/logsrvd_relay.c:671 #, c-format -msgid "unable to create TLS context: %s" +msgid "unexpected type_case value %d in %s from %s" msgstr "" -#: logsrvd/logsrvd.c:1291 plugins/sudoers/log_client.c:236 +#: logsrvd/logsrvd.c:793 +msgid "unrecognized ClientMessage type" +msgstr "" + +#: logsrvd/logsrvd.c:883 #, c-format -msgid "unable to load certificate %s" +msgid "timed out writing to client %s" msgstr "" -#: logsrvd/logsrvd.c:1304 plugins/sudoers/log_client.c:216 +#: logsrvd/logsrvd.c:888 logsrvd/logsrvd_relay.c:907 logsrvd/sendlog.c:1420 #, c-format -msgid "unable to load certificate authority bundle %s" +msgid "missing write buffer for client %s" msgstr "" -#: logsrvd/logsrvd.c:1349 plugins/sudoers/log_client.c:249 +#: logsrvd/logsrvd.c:981 #, c-format -msgid "unable to load private key %s" +msgid "timed out reading from client %s" msgstr "" -#: logsrvd/logsrvd.c:1366 logsrvd/logsrvd.c:1375 +#: logsrvd/logsrvd.c:1022 logsrvd/logsrvd_relay.c:771 #, c-format -msgid "unable to set diffie-hellman parameters: %s" +msgid "EOF from %s without proper TLS shutdown" msgstr "" -#: logsrvd/logsrvd.c:1388 +#: logsrvd/logsrvd.c:1065 logsrvd/logsrvd_relay.c:200 logsrvd/sendlog.c:317 +#: plugins/sudoers/log_client.c:709 #, c-format -msgid "unable to set minimum protocol version to TLS 1.2: %s" +msgid "client message too large: %zu" msgstr "" -#: logsrvd/logsrvd.c:1573 +#: logsrvd/logsrvd.c:1066 logsrvd/logsrvd_journal.c:246 +#: logsrvd/logsrvd_journal.c:247 +msgid "client message too large" +msgstr "" + +#: logsrvd/logsrvd.c:1084 logsrvd/logsrvd.c:1085 +msgid "invalid ClientMessage" +msgstr "" + +#: logsrvd/logsrvd.c:1386 msgid "unable to get remote IP addr" msgstr "" -#: logsrvd/logsrvd.c:1601 plugins/sudoers/log_client.c:263 +#: logsrvd/logsrvd.c:1415 logsrvd/tls_client.c:196 +#: plugins/sudoers/log_client.c:270 #, c-format msgid "Unable to attach user data to the ssl object: %s" msgstr "" -#: logsrvd/logsrvd.c:1609 logsrvd/logsrvd.c:1731 logsrvd/logsrvd.c:1833 -#: logsrvd/sendlog.c:1125 logsrvd/sendlog.c:1481 logsrvd/sendlog.c:1496 -#: logsrvd/sendlog.c:1554 plugins/sudoers/iolog.c:956 -#: plugins/sudoers/iolog.c:1089 plugins/sudoers/iolog.c:1187 -#: plugins/sudoers/log_client.c:109 plugins/sudoers/log_client.c:324 -#: plugins/sudoers/log_client.c:340 plugins/sudoers/log_client.c:386 -#: plugins/sudoers/log_client.c:585 plugins/sudoers/log_client.c:592 -#: plugins/sudoers/log_client.c:1109 plugins/sudoers/log_client.c:1382 -#: plugins/sudoers/log_client.c:1423 plugins/sudoers/log_client.c:1431 -#: plugins/sudoers/log_client.c:1582 plugins/sudoers/log_client.c:1698 -#: plugins/sudoers/log_client.c:2016 plugins/sudoers/log_client.c:2024 -#: plugins/sudoers/sudoreplay.c:512 plugins/sudoers/sudoreplay.c:559 -#: plugins/sudoers/sudoreplay.c:791 plugins/sudoers/sudoreplay.c:903 -#: plugins/sudoers/sudoreplay.c:993 plugins/sudoers/sudoreplay.c:1008 -#: plugins/sudoers/sudoreplay.c:1015 plugins/sudoers/sudoreplay.c:1022 -#: plugins/sudoers/sudoreplay.c:1029 plugins/sudoers/sudoreplay.c:1036 -#: plugins/sudoers/sudoreplay.c:1163 -msgid "unable to add event to queue" +#: logsrvd/logsrvd.c:1596 logsrvd/logsrvd.c:1948 +msgid "unable to setup listen socket" msgstr "" -#: logsrvd/logsrvd.c:1785 logsrvd/logsrvd.c:2027 -msgid "unable setup listen socket" +#: logsrvd/logsrvd.c:1713 +#, c-format +msgid "unexpected signal %d" msgstr "" -#: logsrvd/logsrvd.c:1933 logsrvd/sendlog.c:124 -#, c-format -msgid "" -"%s - send sudo I/O log to remote server\n" -"\n" +#: logsrvd/logsrvd.c:1850 +msgid "sudo log server" msgstr "" -#: logsrvd/logsrvd.c:1936 -msgid "" -"\n" -"Options:\n" -" -f, --file path to configuration file\n" -" -h --help display help message and exit\n" -" -n, --no-fork do not fork, run in the foreground\n" -" -R, --random-drop percent chance connections will drop\n" -" -V, --version display version information and exit\n" +#: logsrvd/logsrvd.c:1852 logsrvd/sendlog.c:116 +msgid "Options:" +msgstr "" + +#: logsrvd/logsrvd.c:1854 +msgid "path to configuration file" +msgstr "" + +#: logsrvd/logsrvd.c:1856 logsrvd/sendlog.c:118 +msgid "display help message and exit" +msgstr "" + +#: logsrvd/logsrvd.c:1858 +msgid "do not fork, run in the foreground" msgstr "" -#: logsrvd/logsrvd.c:1988 logsrvd/sendlog.c:1719 +#: logsrvd/logsrvd.c:1860 +msgid "percent chance connections will drop" +msgstr "" + +#: logsrvd/logsrvd.c:1862 logsrvd/sendlog.c:148 +msgid "display version information and exit" +msgstr "" + +#: logsrvd/logsrvd.c:1912 logsrvd/sendlog.c:1725 msgid "Protobuf-C version 1.3 or higher required" msgstr "" -#: logsrvd/logsrvd.c:2006 +#: logsrvd/logsrvd.c:1928 #, c-format msgid "invalid random drop value: %s" msgstr "" -#: logsrvd/logsrvd.c:2010 logsrvd/sendlog.c:1769 -#: plugins/sudoers/cvtsudoers.c:228 plugins/sudoers/sudoreplay.c:299 +#: logsrvd/logsrvd.c:1931 logsrvd/sendlog.c:1779 +#: plugins/sudoers/cvtsudoers.c:246 plugins/sudoers/sudoreplay.c:301 #: plugins/sudoers/visudo.c:177 #, c-format msgid "%s version %s\n" msgstr "" -#: logsrvd/logsrvd_conf.c:331 +#: logsrvd/logsrvd_conf.c:390 plugins/sudoers/check.c:329 +#: plugins/sudoers/exptilde.c:85 plugins/sudoers/iolog.c:118 +#: plugins/sudoers/policy.c:1217 plugins/sudoers/sudoers.c:486 +#: plugins/sudoers/sudoers.c:1347 plugins/sudoers/testsudoers.c:215 +#: plugins/sudoers/testsudoers.c:382 +#, c-format +msgid "unknown user %s" +msgstr "" + +#: logsrvd/logsrvd_conf.c:407 plugins/sudoers/iolog.c:143 +#: plugins/sudoers/sudoers.c:491 plugins/sudoers/sudoers.c:1381 +#: plugins/sudoers/testsudoers.c:406 +#, c-format +msgid "unknown group %s" +msgstr "" + +#: logsrvd/logsrvd_conf.c:425 +#, c-format +msgid "unable to parse iolog mode %s" +msgstr "" + +#: logsrvd/logsrvd_conf.c:442 logsrvd/logsrvd_conf.c:1171 +#, c-format +msgid "invalid value for %s: %s" +msgstr "" + +#: logsrvd/logsrvd_conf.c:481 msgid "TLS not supported" msgstr "" -#: logsrvd/logsrvd_conf.c:343 +#: logsrvd/logsrvd_conf.c:503 #, c-format msgid "%s:%s" msgstr "" -#: logsrvd/logsrvd_conf.c:410 logsrvd/logsrvd_conf.c:655 +#: logsrvd/logsrvd_conf.c:576 logsrvd/logsrvd_conf.c:970 #, c-format msgid "%s: not a fully qualified path" msgstr "" -#: logsrvd/logsrvd_conf.c:769 +#: logsrvd/logsrvd_conf.c:888 logsrvd/logsrvd_conf.c:904 +#: logsrvd/logsrvd_conf.c:1586 +#, c-format +msgid "unknown syslog facility %s" +msgstr "" + +#: logsrvd/logsrvd_conf.c:920 logsrvd/logsrvd_conf.c:936 +#: logsrvd/logsrvd_conf.c:952 logsrvd/logsrvd_conf.c:1590 +#: logsrvd/logsrvd_conf.c:1594 logsrvd/logsrvd_conf.c:1598 +#, c-format +msgid "unknown syslog priority %s" +msgstr "" + +#: logsrvd/logsrvd_conf.c:1132 #, c-format msgid "%s:%d unmatched '[': %s" msgstr "" -#: logsrvd/logsrvd_conf.c:780 +#: logsrvd/logsrvd_conf.c:1143 #, c-format msgid "%s:%d invalid config section: %s" msgstr "" -#: logsrvd/logsrvd_conf.c:788 +#: logsrvd/logsrvd_conf.c:1151 #, c-format msgid "%s:%d invalid configuration line: %s" msgstr "" -#: logsrvd/logsrvd_conf.c:794 +#: logsrvd/logsrvd_conf.c:1157 #, c-format msgid "%s:%d expected section name: %s" msgstr "" -#: logsrvd/logsrvd_conf.c:808 +#: logsrvd/logsrvd_conf.c:1179 #, c-format -msgid "invalid value for %s: %s" +msgid "%s:%d [%s] illegal key: %s" +msgstr "" + +#: logsrvd/logsrvd_conf.c:1209 plugins/sudoers/cvtsudoers.c:268 +#: plugins/sudoers/logging.c:856 +#, c-format +msgid "unable to open log file %s" +msgstr "" + +#: logsrvd/logsrvd_conf.c:1666 +msgid "unable to initialize server TLS context" +msgstr "" + +#: logsrvd/logsrvd_conf.c:1686 +msgid "unable to initialize relay TLS context" msgstr "" -#: logsrvd/logsrvd_conf.c:816 +#: logsrvd/logsrvd_journal.c:136 logsrvd/logsrvd_journal.c:416 +#: logsrvd/logsrvd_journal.c:421 +msgid "unable to create journal file" +msgstr "" + +#: logsrvd/logsrvd_journal.c:140 logsrvd/logsrvd_queue.c:104 +#: plugins/sudoers/visudo.c:1007 #, c-format -msgid "%s:%d unknown key: %s" +msgid "unable to lock %s" +msgstr "" + +#: logsrvd/logsrvd_journal.c:143 +msgid "unable to lock journal file" +msgstr "" + +#: logsrvd/logsrvd_journal.c:151 +msgid "unable to open journal file" +msgstr "" + +#: logsrvd/logsrvd_journal.c:172 logsrvd/logsrvd_journal.c:452 +#: logsrvd/logsrvd_journal.c:457 +msgid "unable to write journal file" +msgstr "" + +#: logsrvd/logsrvd_journal.c:180 logsrvd/logsrvd_journal.c:187 +msgid "unable to rename journal file" +msgstr "" + +#: logsrvd/logsrvd_journal.c:234 logsrvd/logsrvd_journal.c:235 +#: logsrvd/logsrvd_journal.c:269 logsrvd/logsrvd_journal.c:270 +msgid "unexpected EOF reading journal file" +msgstr "" + +#: logsrvd/logsrvd_journal.c:238 logsrvd/logsrvd_journal.c:239 +#: logsrvd/logsrvd_journal.c:273 logsrvd/logsrvd_journal.c:274 +msgid "error reading journal file" msgstr "" -#: logsrvd/logsrvd_conf.c:1005 +#: logsrvd/logsrvd_journal.c:285 logsrvd/logsrvd_journal.c:376 +msgid "invalid journal file, unable to restart" +msgstr "" + +#: logsrvd/logsrvd_journal.c:435 #, c-format -msgid "unknown syslog facility %s" +msgid "unable to seek to [%lld, %ld] in journal file %s" +msgstr "" + +#: logsrvd/logsrvd_local.c:153 +msgid "error parsing AcceptMessage" msgstr "" -#: logsrvd/logsrvd_conf.c:1009 logsrvd/logsrvd_conf.c:1013 -#: logsrvd/logsrvd_conf.c:1017 +#: logsrvd/logsrvd_local.c:164 +msgid "error creating I/O log" +msgstr "" + +#: logsrvd/logsrvd_local.c:187 +msgid "error logging accept event" +msgstr "" + +#: logsrvd/logsrvd_local.c:226 +msgid "error parsing RejectMessage" +msgstr "" + +#: logsrvd/logsrvd_local.c:250 +msgid "error logging reject event" +msgstr "" + +#: logsrvd/logsrvd_local.c:386 logsrvd/logsrvd_local.c:394 +msgid "error logging exit event" +msgstr "" + +#: logsrvd/logsrvd_local.c:451 logsrvd/logsrvd_local.c:452 +msgid "log is already complete, cannot be restarted" +msgstr "" + +#: logsrvd/logsrvd_local.c:482 +msgid "unable to restart log" +msgstr "" + +#: logsrvd/logsrvd_local.c:498 +msgid "error parsing AlertMessage" +msgstr "" + +#: logsrvd/logsrvd_local.c:508 +msgid "error logging alert event" +msgstr "" + +#: logsrvd/logsrvd_local.c:543 logsrvd/logsrvd_local.c:596 +#: logsrvd/logsrvd_local.c:631 #, c-format -msgid "unknown syslog priority %s" +msgid "unable to format timing buffer, length %d" msgstr "" -#: logsrvd/sendlog.c:127 -msgid "" -"\n" -"Options:\n" -" --help display help message and exit\n" -" -A, --accept only send an accept event (no I/O)\n" -" -h, --host host to send logs to\n" -" -i, --iolog_id remote ID of I/O log to be resumed\n" -" -p, --port port to use when connecting to host\n" -" -r, --restart restart previous I/O log transfer\n" -" -R, --reject reject the command with the given reason\n" -" -b, --ca-bundle certificate bundle file to verify server's cert " -"against\n" -" -c, --cert certificate file for TLS handshake\n" -" -k, --key private key file\n" -" -n, --no-verify do not verify server certificate\n" -" -t, --test test audit server by sending selected I/O log n " -"times in parallel\n" -" -V, --version display version information and exit\n" +#: logsrvd/logsrvd_local.c:550 logsrvd/logsrvd_local.c:558 +#: logsrvd/logsrvd_local.c:603 logsrvd/logsrvd_local.c:638 +#: plugins/sudoers/sudoreplay.c:351 +#, c-format +msgid "%s/%s: %s" +msgstr "" + +#: logsrvd/logsrvd_local.c:578 +msgid "error writing IoBuffer" +msgstr "" + +#: logsrvd/logsrvd_local.c:613 +msgid "error writing ChangeWindowSize" +msgstr "" + +#: logsrvd/logsrvd_local.c:648 +msgid "error writing CommandSuspend" msgstr "" -#: logsrvd/sendlog.c:164 plugins/sudoers/log_client.c:432 +#: logsrvd/logsrvd_relay.c:430 +msgid "TLS handshake with relay host failed" +msgstr "" + +#: logsrvd/logsrvd_relay.c:458 +msgid "unable to connect to relay host" +msgstr "" + +#: logsrvd/logsrvd_relay.c:513 #, c-format -msgid "unable to look up %s:%s: %s" +msgid "%s: invalid ServerHello, missing server_id" msgstr "" -#: logsrvd/sendlog.c:202 -msgid "unable to get server IP addr" +#: logsrvd/logsrvd_relay.c:515 logsrvd/sendlog.c:1121 +#: plugins/sudoers/log_client.c:1497 +msgid "invalid ServerHello" +msgstr "" + +#: logsrvd/logsrvd_relay.c:674 +msgid "unrecognized ServerMessage type" msgstr "" -#: logsrvd/sendlog.c:256 plugins/sudoers/sudoreplay.c:851 +#: logsrvd/logsrvd_relay.c:703 #, c-format -msgid "unable to read %s/%s: %s" +msgid "timed out reading from relay %s (%s)" +msgstr "" + +#: logsrvd/logsrvd_relay.c:705 +msgid "timeout reading from relay" +msgstr "" + +#: logsrvd/logsrvd_relay.c:757 +msgid "relay host name does not match certificate" +msgstr "" + +#: logsrvd/logsrvd_relay.c:763 logsrvd/logsrvd_relay.c:776 +#: logsrvd/logsrvd_relay.c:782 +msgid "error reading from relay" +msgstr "" + +#: logsrvd/logsrvd_relay.c:803 +msgid "unable to read from relay" +msgstr "" + +#: logsrvd/logsrvd_relay.c:818 logsrvd/logsrvd_relay.c:936 +msgid "relay server closed connection" +msgstr "" + +#: logsrvd/logsrvd_relay.c:836 +msgid "server message too large" msgstr "" -#: logsrvd/sendlog.c:277 plugins/sudoers/log_client.c:692 +#: logsrvd/logsrvd_relay.c:900 #, c-format -msgid "client message too large: %zu" +msgid "timed out writing to relay %s (%s)" +msgstr "" + +#: logsrvd/logsrvd_relay.c:902 +msgid "timeout writing to relay" +msgstr "" + +#: logsrvd/logsrvd_relay.c:955 logsrvd/logsrvd_relay.c:961 +#: logsrvd/logsrvd_relay.c:971 +msgid "error writing to relay" +msgstr "" + +#: logsrvd/sendlog.c:114 +msgid "send sudo I/O log to remote server" msgstr "" -#: logsrvd/sendlog.c:810 +#: logsrvd/sendlog.c:120 +msgid "only send an accept event (no I/O)" +msgstr "" + +#: logsrvd/sendlog.c:123 +msgid "certificate bundle file to verify server's cert against" +msgstr "" + +#: logsrvd/sendlog.c:125 +msgid "certificate file for TLS handshake" +msgstr "" + +#: logsrvd/sendlog.c:128 +msgid "host to send logs to" +msgstr "" + +#: logsrvd/sendlog.c:130 +msgid "remote ID of I/O log to be resumed" +msgstr "" + +#: logsrvd/sendlog.c:133 +msgid "private key file" +msgstr "" + +#: logsrvd/sendlog.c:135 +msgid "do not verify server certificate" +msgstr "" + +#: logsrvd/sendlog.c:138 +msgid "port to use when connecting to host" +msgstr "" + +#: logsrvd/sendlog.c:140 +msgid "restart previous I/O log transfer" +msgstr "" + +#: logsrvd/sendlog.c:142 +msgid "reject the command with the given reason" +msgstr "" + +#: logsrvd/sendlog.c:144 +msgid "stop transfer after reaching this time" +msgstr "" + +#: logsrvd/sendlog.c:146 +msgid "test audit server by sending selected I/O log n times in parallel" +msgstr "" + +#: logsrvd/sendlog.c:171 plugins/sudoers/log_client.c:441 #, c-format -msgid "%s: write buffer already in use" +msgid "unable to look up %s:%s: %s" msgstr "" -#: logsrvd/sendlog.c:862 plugins/sudoers/iolog.c:880 -#: plugins/sudoers/iolog.c:949 +#: logsrvd/sendlog.c:209 +msgid "unable to get server IP addr" +msgstr "" + +#: logsrvd/sendlog.c:295 plugins/sudoers/sudoreplay.c:871 #, c-format -msgid "unexpected I/O event %d" +msgid "unable to read %s/%s: %s" msgstr "" -#: logsrvd/sendlog.c:908 logsrvd/sendlog.c:925 logsrvd/sendlog.c:959 -#: plugins/sudoers/log_client.c:1124 plugins/sudoers/log_client.c:1392 -#: plugins/sudoers/log_client.c:1460 plugins/sudoers/log_client.c:1496 +#: logsrvd/sendlog.c:1045 plugins/sudoers/iolog.c:887 +#: plugins/sudoers/iolog.c:956 #, c-format -msgid "%s: unexpected state %d" +msgid "unexpected I/O event %d" msgstr "" -#: logsrvd/sendlog.c:931 plugins/sudoers/log_client.c:1466 -msgid "invalid ServerHello" +#: logsrvd/sendlog.c:1098 logsrvd/sendlog.c:1115 logsrvd/sendlog.c:1149 +#: plugins/sudoers/log_client.c:1146 plugins/sudoers/log_client.c:1423 +#: plugins/sudoers/log_client.c:1491 plugins/sudoers/log_client.c:1530 +#, c-format +msgid "%s: unexpected state %d" msgstr "" -#: logsrvd/sendlog.c:995 plugins/sudoers/log_client.c:1540 +#: logsrvd/sendlog.c:1185 plugins/sudoers/log_client.c:1576 #, c-format msgid "error message received from server: %s" msgstr "" -#: logsrvd/sendlog.c:1008 plugins/sudoers/log_client.c:1553 +#: logsrvd/sendlog.c:1198 plugins/sudoers/log_client.c:1589 #, c-format msgid "abort message received from server: %s" msgstr "" -#: logsrvd/sendlog.c:1027 plugins/sudoers/log_client.c:1572 -msgid "unable to unpack ServerMessage" -msgstr "" - -#: logsrvd/sendlog.c:1067 plugins/sudoers/log_client.c:1603 +#: logsrvd/sendlog.c:1257 plugins/sudoers/log_client.c:1639 #, c-format msgid "%s: unexpected type_case value %d" msgstr "" -#: logsrvd/sendlog.c:1096 +#: logsrvd/sendlog.c:1286 msgid "timeout reading from server" msgstr "" -#: logsrvd/sendlog.c:1174 +#: logsrvd/sendlog.c:1368 msgid "premature EOF" msgstr "" -#: logsrvd/sendlog.c:1187 plugins/sudoers/log_client.c:1760 +#: logsrvd/sendlog.c:1381 plugins/sudoers/log_client.c:1800 #, c-format msgid "server message too large: %u" msgstr "" -#: logsrvd/sendlog.c:1238 +#: logsrvd/sendlog.c:1437 msgid "timeout writing to server" msgstr "" -#: logsrvd/sendlog.c:1457 plugins/sudoers/log_client.c:296 +#: logsrvd/sendlog.c:1802 +msgid "both restart point and iolog ID must be specified" +msgstr "" + +#: logsrvd/sendlog.c:1806 +msgid "a restart point may not be set when no I/O is sent" +msgstr "" + +#: logsrvd/sendlog.c:1882 +#, c-format +msgid "exited prematurely with state %d" +msgstr "" + +#: logsrvd/sendlog.c:1883 +#, c-format +msgid "elapsed time sent to server [%lld, %ld]" +msgstr "" + +#: logsrvd/sendlog.c:1885 +#, c-format +msgid "commit point received from server [%lld, %ld]" +msgstr "" + +#: logsrvd/tls_client.c:106 plugins/sudoers/log_client.c:304 msgid "TLS handshake timeout occurred" msgstr "" -#: logsrvd/sendlog.c:1476 logsrvd/sendlog.c:1491 -#: plugins/sudoers/log_client.c:318 plugins/sudoers/log_client.c:334 +#: logsrvd/tls_client.c:126 logsrvd/tls_client.c:142 +#: plugins/sudoers/log_client.c:326 plugins/sudoers/log_client.c:342 msgid "unable to set event" msgstr "" -#: logsrvd/sendlog.c:1501 logsrvd/sendlog.c:1505 +#: logsrvd/tls_client.c:152 logsrvd/tls_client.c:156 #, c-format msgid "TLS connection failed: %s" msgstr "" -#: logsrvd/sendlog.c:1538 +#: logsrvd/tls_client.c:190 #, c-format -msgid "Unable to initialize ssl context: %s" +msgid "unable to allocate ssl object: %s" msgstr "" -#: logsrvd/sendlog.c:1543 plugins/sudoers/log_client.c:258 +#: logsrvd/tls_client.c:203 #, c-format -msgid "Unable to allocate ssl object: %s" +msgid "Unable to attach socket to the ssl object: %s" msgstr "" -#: logsrvd/sendlog.c:1548 -#, c-format -msgid "Unable to attach socket to the ssl object: %s" +#: logsrvd/tls_client.c:231 +msgid "unable to initialize TLS context" msgstr "" -#: logsrvd/sendlog.c:1792 -msgid "both restart point and iolog ID must be specified" +#: logsrvd/tls_init.c:127 logsrvd/tls_init.c:135 +#, c-format +msgid "unable to set TLS 1.2 ciphersuite to %s: %s" msgstr "" -#: logsrvd/sendlog.c:1796 -msgid "a restart point may not be set when no I/O is sent" +#: logsrvd/tls_init.c:155 logsrvd/tls_init.c:163 +#, c-format +msgid "unable to set TLS 1.3 ciphersuite to %s: %s" msgstr "" -#: logsrvd/sendlog.c:1871 +#: logsrvd/tls_init.c:195 logsrvd/tls_init.c:216 #, c-format -msgid "exited prematurely with state %d" +msgid "unable to set diffie-hellman parameters: %s" msgstr "" -#: logsrvd/sendlog.c:1872 +#: logsrvd/tls_init.c:272 #, c-format -msgid "elapsed time sent to server [%lld, %ld]" +msgid "unable to create TLS context: %s" msgstr "" -#: logsrvd/sendlog.c:1874 +#: logsrvd/tls_init.c:278 #, c-format -msgid "commit point received from server [%lld, %ld]" +msgid "unable to set minimum protocol version to TLS 1.2: %s" msgstr "" -#: plugins/sudoers/audit.c:261 plugins/sudoers/audit.c:400 -#: plugins/sudoers/log_client.c:960 plugins/sudoers/log_client.c:1008 -#: plugins/sudoers/log_client.c:1056 plugins/sudoers/log_client.c:1181 -#: plugins/sudoers/logging.c:548 plugins/sudoers/policy.c:114 +#: plugins/sudoers/audit.c:267 plugins/sudoers/audit.c:419 +#: plugins/sudoers/log_client.c:979 plugins/sudoers/log_client.c:1028 +#: plugins/sudoers/log_client.c:1077 plugins/sudoers/log_client.c:1203 +#: plugins/sudoers/logging.c:551 plugins/sudoers/logging.c:648 +#: plugins/sudoers/logging.c:810 plugins/sudoers/policy.c:123 msgid "unable to get time of day" msgstr "" -#: plugins/sudoers/auth/aix_auth.c:277 +#: plugins/sudoers/auth/aix_auth.c:280 #, c-format msgid "unable to change password for %s" msgstr "" -#: plugins/sudoers/auth/bsdauth.c:70 +#: plugins/sudoers/auth/bsdauth.c:74 #, c-format msgid "unable to get login class for user %s" msgstr "" -#: plugins/sudoers/auth/bsdauth.c:75 +#: plugins/sudoers/auth/bsdauth.c:79 msgid "unable to begin bsd authentication" msgstr "" -#: plugins/sudoers/auth/bsdauth.c:83 +#: plugins/sudoers/auth/bsdauth.c:87 msgid "invalid authentication type" msgstr "" -#: plugins/sudoers/auth/bsdauth.c:92 +#: plugins/sudoers/auth/bsdauth.c:96 msgid "unable to initialize BSD authentication" msgstr "" -#: plugins/sudoers/auth/bsdauth.c:179 +#: plugins/sudoers/auth/bsdauth.c:186 msgid "your account has expired" msgstr "" -#: plugins/sudoers/auth/bsdauth.c:181 +#: plugins/sudoers/auth/bsdauth.c:188 msgid "approval failed" msgstr "" -#: plugins/sudoers/auth/fwtk.c:54 +#: plugins/sudoers/auth/fwtk.c:61 msgid "unable to read fwtk config" msgstr "" -#: plugins/sudoers/auth/fwtk.c:59 +#: plugins/sudoers/auth/fwtk.c:66 msgid "unable to connect to authentication server" msgstr "" -#: plugins/sudoers/auth/fwtk.c:65 plugins/sudoers/auth/fwtk.c:89 -#: plugins/sudoers/auth/fwtk.c:121 +#: plugins/sudoers/auth/fwtk.c:72 plugins/sudoers/auth/fwtk.c:97 +#: plugins/sudoers/auth/fwtk.c:129 msgid "lost connection to authentication server" msgstr "" -#: plugins/sudoers/auth/fwtk.c:69 +#: plugins/sudoers/auth/fwtk.c:76 #, c-format msgid "" "authentication server error:\n" @@ -937,150 +1394,150 @@ msgid "%s: unable to convert principal to string ('%s'): %s" msgstr "" -#: plugins/sudoers/auth/kerb5.c:160 +#: plugins/sudoers/auth/kerb5.c:162 #, c-format msgid "%s: unable to parse '%s': %s" msgstr "" -#: plugins/sudoers/auth/kerb5.c:169 +#: plugins/sudoers/auth/kerb5.c:171 #, c-format msgid "%s: unable to resolve credential cache: %s" msgstr "" -#: plugins/sudoers/auth/kerb5.c:216 +#: plugins/sudoers/auth/kerb5.c:220 #, c-format msgid "%s: unable to allocate options: %s" msgstr "" -#: plugins/sudoers/auth/kerb5.c:231 +#: plugins/sudoers/auth/kerb5.c:235 #, c-format msgid "%s: unable to get credentials: %s" msgstr "" -#: plugins/sudoers/auth/kerb5.c:244 +#: plugins/sudoers/auth/kerb5.c:248 #, c-format msgid "%s: unable to initialize credential cache: %s" msgstr "" -#: plugins/sudoers/auth/kerb5.c:247 +#: plugins/sudoers/auth/kerb5.c:251 #, c-format msgid "%s: unable to store credential in cache: %s" msgstr "" -#: plugins/sudoers/auth/kerb5.c:311 +#: plugins/sudoers/auth/kerb5.c:315 #, c-format msgid "%s: unable to get host principal: %s" msgstr "" -#: plugins/sudoers/auth/kerb5.c:325 +#: plugins/sudoers/auth/kerb5.c:329 #, c-format msgid "%s: Cannot verify TGT! Possible attack!: %s" msgstr "" -#: plugins/sudoers/auth/pam.c:218 +#: plugins/sudoers/auth/pam.c:224 #, c-format msgid "unable to initialize PAM: %s" msgstr "" -#: plugins/sudoers/auth/pam.c:317 +#: plugins/sudoers/auth/pam.c:337 #, c-format msgid "PAM authentication error: %s" msgstr "" -#: plugins/sudoers/auth/pam.c:336 +#: plugins/sudoers/auth/pam.c:356 msgid "account validation failure, is your account locked?" msgstr "" -#: plugins/sudoers/auth/pam.c:347 +#: plugins/sudoers/auth/pam.c:367 msgid "Account or password is expired, reset your password and try again" msgstr "" -#: plugins/sudoers/auth/pam.c:353 +#: plugins/sudoers/auth/pam.c:373 #, c-format msgid "unable to change expired password: %s" msgstr "" -#: plugins/sudoers/auth/pam.c:364 +#: plugins/sudoers/auth/pam.c:384 msgid "Password expired, contact your system administrator" msgstr "" -#: plugins/sudoers/auth/pam.c:369 +#: plugins/sudoers/auth/pam.c:389 msgid "" "Account expired or PAM config lacks an \"account\" section for sudo, contact " "your system administrator" msgstr "" -#: plugins/sudoers/auth/pam.c:377 plugins/sudoers/auth/pam.c:382 +#: plugins/sudoers/auth/pam.c:397 plugins/sudoers/auth/pam.c:402 #, c-format msgid "PAM account management error: %s" msgstr "" -#: plugins/sudoers/auth/rfc1938.c:99 plugins/sudoers/visudo.c:243 +#: plugins/sudoers/auth/rfc1938.c:99 plugins/sudoers/visudo.c:255 #, c-format msgid "you do not exist in the %s database" msgstr "" -#: plugins/sudoers/auth/securid5.c:72 +#: plugins/sudoers/auth/securid5.c:75 msgid "failed to initialise the ACE API library" msgstr "" -#: plugins/sudoers/auth/securid5.c:98 +#: plugins/sudoers/auth/securid5.c:106 msgid "unable to contact the SecurID server" msgstr "" -#: plugins/sudoers/auth/securid5.c:107 +#: plugins/sudoers/auth/securid5.c:115 msgid "User ID locked for SecurID Authentication" msgstr "" -#: plugins/sudoers/auth/securid5.c:111 plugins/sudoers/auth/securid5.c:162 +#: plugins/sudoers/auth/securid5.c:119 plugins/sudoers/auth/securid5.c:170 msgid "invalid username length for SecurID" msgstr "" -#: plugins/sudoers/auth/securid5.c:115 plugins/sudoers/auth/securid5.c:167 +#: plugins/sudoers/auth/securid5.c:123 plugins/sudoers/auth/securid5.c:175 msgid "invalid Authentication Handle for SecurID" msgstr "" -#: plugins/sudoers/auth/securid5.c:119 +#: plugins/sudoers/auth/securid5.c:127 msgid "SecurID communication failed" msgstr "" -#: plugins/sudoers/auth/securid5.c:123 plugins/sudoers/auth/securid5.c:210 +#: plugins/sudoers/auth/securid5.c:131 plugins/sudoers/auth/securid5.c:218 msgid "unknown SecurID error" msgstr "" -#: plugins/sudoers/auth/securid5.c:157 +#: plugins/sudoers/auth/securid5.c:165 msgid "invalid passcode length for SecurID" msgstr "" -#: plugins/sudoers/auth/sia.c:69 plugins/sudoers/auth/sia.c:123 +#: plugins/sudoers/auth/sia.c:69 plugins/sudoers/auth/sia.c:126 msgid "unable to initialize SIA session" msgstr "" -#: plugins/sudoers/auth/sudo_auth.c:132 +#: plugins/sudoers/auth/sudo_auth.c:134 msgid "invalid authentication methods" msgstr "" -#: plugins/sudoers/auth/sudo_auth.c:134 +#: plugins/sudoers/auth/sudo_auth.c:136 msgid "" "Invalid authentication methods compiled into sudo! You may not mix " "standalone and non-standalone authentication." msgstr "" -#: plugins/sudoers/auth/sudo_auth.c:255 plugins/sudoers/auth/sudo_auth.c:305 +#: plugins/sudoers/auth/sudo_auth.c:257 plugins/sudoers/auth/sudo_auth.c:309 msgid "no authentication methods" msgstr "" -#: plugins/sudoers/auth/sudo_auth.c:257 +#: plugins/sudoers/auth/sudo_auth.c:259 msgid "" "There are no authentication methods compiled into sudo! If you want to turn " "off authentication, use the --disable-authentication configure option." msgstr "" -#: plugins/sudoers/auth/sudo_auth.c:307 +#: plugins/sudoers/auth/sudo_auth.c:311 msgid "Unable to initialize authentication methods." msgstr "" -#: plugins/sudoers/auth/sudo_auth.c:471 +#: plugins/sudoers/auth/sudo_auth.c:482 msgid "Authentication methods:" msgstr "" @@ -1092,27 +1549,17 @@ msgid "unable to commit audit record" msgstr "" -#: plugins/sudoers/check.c:264 +#: plugins/sudoers/check.c:257 #, c-format msgid "error reading lecture file %s" msgstr "" -#: plugins/sudoers/check.c:270 +#: plugins/sudoers/check.c:263 #, c-format msgid "ignoring lecture file %s: not a regular file" msgstr "" -#: plugins/sudoers/check.c:274 plugins/sudoers/cvtsudoers.c:617 -#: plugins/sudoers/cvtsudoers.c:634 plugins/sudoers/cvtsudoers.c:1244 -#: plugins/sudoers/cvtsudoers_json.c:872 plugins/sudoers/cvtsudoers_ldif.c:688 -#: plugins/sudoers/sudoers.c:1053 plugins/sudoers/sudoreplay.c:1435 -#: plugins/sudoers/timestamp.c:431 plugins/sudoers/tsdump.c:128 -#: plugins/sudoers/visudo.c:922 -#, c-format -msgid "unable to open %s" -msgstr "" - -#: plugins/sudoers/check.c:283 +#: plugins/sudoers/check.c:276 msgid "" "\n" "We trust you have received the usual lecture from the local System\n" @@ -1124,116 +1571,129 @@ "\n" msgstr "" -#: plugins/sudoers/check.c:325 plugins/sudoers/check.c:335 -#: plugins/sudoers/sudoers.c:835 plugins/sudoers/sudoers.c:856 +#: plugins/sudoers/check.c:324 plugins/sudoers/check.c:334 +#: plugins/sudoers/sudoers.c:885 plugins/sudoers/sudoers.c:906 #: plugins/sudoers/tsdump.c:119 #, c-format -msgid "unknown uid: %u" +msgid "unknown uid %u" +msgstr "" + +#: plugins/sudoers/check_aliases.c:92 +#, c-format +msgid "Error: %s:%d:%d: cycle in %s \"%s\"" +msgstr "" + +#: plugins/sudoers/check_aliases.c:93 +#, c-format +msgid "Warning: %s:%d:%d: cycle in %s \"%s\"" msgstr "" -#: plugins/sudoers/check.c:330 plugins/sudoers/exptilde.c:85 -#: plugins/sudoers/iolog.c:118 plugins/sudoers/policy.c:1091 -#: plugins/sudoers/sudoers.c:438 plugins/sudoers/sudoers.c:1307 -#: plugins/sudoers/testsudoers.c:219 plugins/sudoers/testsudoers.c:386 +#: plugins/sudoers/check_aliases.c:97 #, c-format -msgid "unknown user: %s" +msgid "Error: %s:%d:%d: %s \"%s\" referenced but not defined" msgstr "" -#: plugins/sudoers/cvtsudoers.c:194 +#: plugins/sudoers/check_aliases.c:98 +#, c-format +msgid "Warning: %s:%d:%d: %s \"%s\" referenced but not defined" +msgstr "" + +#: plugins/sudoers/cvtsudoers.c:209 #, c-format msgid "order increment: %s: %s" msgstr "" -#: plugins/sudoers/cvtsudoers.c:210 +#: plugins/sudoers/cvtsudoers.c:228 #, c-format msgid "starting order: %s: %s" msgstr "" -#: plugins/sudoers/cvtsudoers.c:220 +#: plugins/sudoers/cvtsudoers.c:238 #, c-format msgid "order padding: %s: %s" msgstr "" -#: plugins/sudoers/cvtsudoers.c:230 plugins/sudoers/visudo.c:179 +#: plugins/sudoers/cvtsudoers.c:248 plugins/sudoers/visudo.c:179 #, c-format msgid "%s grammar version %d\n" msgstr "" -#: plugins/sudoers/cvtsudoers.c:247 plugins/sudoers/testsudoers.c:167 +#: plugins/sudoers/cvtsudoers.c:277 plugins/sudoers/testsudoers.c:159 #, c-format msgid "unsupported input format %s" msgstr "" -#: plugins/sudoers/cvtsudoers.c:262 +#: plugins/sudoers/cvtsudoers.c:295 #, c-format msgid "unsupported output format %s" msgstr "" -#: plugins/sudoers/cvtsudoers.c:314 +#: plugins/sudoers/cvtsudoers.c:385 #, c-format msgid "%s: input and output files must be different" msgstr "" -#: plugins/sudoers/cvtsudoers.c:330 plugins/sudoers/sudoers.c:176 -#: plugins/sudoers/testsudoers.c:258 plugins/sudoers/visudo.c:249 -#: plugins/sudoers/visudo.c:603 plugins/sudoers/visudo.c:926 +#: plugins/sudoers/cvtsudoers.c:399 plugins/sudoers/sudoers.c:159 +#: plugins/sudoers/sudoers.c:205 plugins/sudoers/testsudoers.c:254 +#: plugins/sudoers/visudo.c:261 plugins/sudoers/visudo.c:620 +#: plugins/sudoers/visudo.c:953 msgid "unable to initialize sudoers default values" msgstr "" -#: plugins/sudoers/cvtsudoers.c:416 plugins/sudoers/ldap_conf.c:431 +#: plugins/sudoers/cvtsudoers.c:525 plugins/sudoers/ldap_conf.c:433 #, c-format msgid "%s: %s: %s: %s" msgstr "" -#: plugins/sudoers/cvtsudoers.c:475 +#: plugins/sudoers/cvtsudoers.c:584 #, c-format -msgid "%s: unknown key word: %s" +msgid "%s: unknown key word %s" msgstr "" -#: plugins/sudoers/cvtsudoers.c:521 +#: plugins/sudoers/cvtsudoers.c:630 #, c-format msgid "invalid defaults type: %s" msgstr "" -#: plugins/sudoers/cvtsudoers.c:544 +#: plugins/sudoers/cvtsudoers.c:653 #, c-format msgid "invalid suppression type: %s" msgstr "" -#: plugins/sudoers/cvtsudoers.c:584 plugins/sudoers/cvtsudoers.c:598 +#: plugins/sudoers/cvtsudoers.c:694 plugins/sudoers/cvtsudoers.c:710 #, c-format msgid "invalid filter: %s" msgstr "" -#: plugins/sudoers/cvtsudoers.c:637 plugins/sudoers/visudo.c:931 +#: plugins/sudoers/cvtsudoers.c:754 plugins/sudoers/visudo.c:958 #, c-format msgid "failed to parse %s file, unknown error" msgstr "" -#: plugins/sudoers/cvtsudoers.c:645 +#: plugins/sudoers/cvtsudoers.c:762 #, c-format msgid "parse error in %s near line %d\n" msgstr "" -#: plugins/sudoers/cvtsudoers.c:648 +#: plugins/sudoers/cvtsudoers.c:765 #, c-format msgid "parse error in %s\n" msgstr "" -#: plugins/sudoers/cvtsudoers.c:1291 plugins/sudoers/sudoreplay.c:1124 -#: plugins/sudoers/timestamp.c:315 plugins/sudoers/timestamp.c:318 +#: plugins/sudoers/cvtsudoers.c:1489 plugins/sudoers/sudoreplay.c:1145 +#: plugins/sudoers/timestamp.c:317 plugins/sudoers/timestamp.c:320 #, c-format msgid "unable to write to %s" msgstr "" -#: plugins/sudoers/cvtsudoers.c:1314 +#: plugins/sudoers/cvtsudoers.c:1512 #, c-format msgid "" "%s - convert between sudoers file formats\n" "\n" msgstr "" -#: plugins/sudoers/cvtsudoers.c:1316 +#: plugins/sudoers/cvtsudoers.c:1514 msgid "" "\n" "Options:\n" @@ -1255,35 +1715,88 @@ " -V, --version display version information and exit" msgstr "" -#: plugins/sudoers/cvtsudoers_json.c:480 plugins/sudoers/cvtsudoers_json.c:514 -#: plugins/sudoers/cvtsudoers_json.c:713 -#, c-format -msgid "unknown defaults entry \"%s\"" -msgstr "" - -#: plugins/sudoers/cvtsudoers_json.c:651 plugins/sudoers/cvtsudoers_json.c:664 -#: plugins/sudoers/cvtsudoers_ldif.c:346 plugins/sudoers/cvtsudoers_ldif.c:357 -#: plugins/sudoers/ldap.c:503 +#: plugins/sudoers/cvtsudoers_csv.c:452 plugins/sudoers/cvtsudoers_csv.c:466 +#: plugins/sudoers/cvtsudoers_json.c:654 plugins/sudoers/cvtsudoers_json.c:669 +#: plugins/sudoers/cvtsudoers_ldif.c:347 plugins/sudoers/cvtsudoers_ldif.c:360 +#: plugins/sudoers/ldap.c:515 msgid "unable to get GMT time" msgstr "" -#: plugins/sudoers/cvtsudoers_json.c:654 plugins/sudoers/cvtsudoers_json.c:667 -#: plugins/sudoers/cvtsudoers_ldif.c:349 plugins/sudoers/cvtsudoers_ldif.c:360 -#: plugins/sudoers/ldap.c:509 +#: plugins/sudoers/cvtsudoers_csv.c:457 plugins/sudoers/cvtsudoers_csv.c:471 +#: plugins/sudoers/cvtsudoers_json.c:659 plugins/sudoers/cvtsudoers_json.c:674 +#: plugins/sudoers/cvtsudoers_ldif.c:352 plugins/sudoers/cvtsudoers_ldif.c:365 +#: plugins/sudoers/ldap.c:523 msgid "unable to format timestamp" msgstr "" -#: plugins/sudoers/cvtsudoers_ldif.c:640 +#: plugins/sudoers/cvtsudoers_json.c:480 plugins/sudoers/cvtsudoers_json.c:515 +#: plugins/sudoers/cvtsudoers_json.c:725 plugins/sudoers/defaults.c:189 +#, c-format +msgid "%s:%d:%d: unknown defaults entry \"%s\"" +msgstr "" + +#: plugins/sudoers/cvtsudoers_ldif.c:649 #, c-format msgid "too many sudoers entries, maximum %u" msgstr "" -#: plugins/sudoers/cvtsudoers_ldif.c:683 +#: plugins/sudoers/cvtsudoers_ldif.c:692 msgid "" "the SUDOERS_BASE environment variable is not set and the -b option was not " "specified." msgstr "" +#: plugins/sudoers/cvtsudoers_merge.c:252 +#: plugins/sudoers/cvtsudoers_merge.c:293 +#, c-format +msgid "%s:%d:%d: converting host list to ALL" +msgstr "" + +#: plugins/sudoers/cvtsudoers_merge.c:529 +#, c-format +msgid "unable to find alias %s" +msgstr "" + +#: plugins/sudoers/cvtsudoers_merge.c:532 +#, c-format +msgid "%s:%d:%d: renaming alias %s to %s" +msgstr "" + +#: plugins/sudoers/cvtsudoers_merge.c:589 +#, c-format +msgid "%s:%d:%d: removing duplicate alias %s" +msgstr "" + +#: plugins/sudoers/cvtsudoers_merge.c:787 +#, c-format +msgid "%s:%d:%d: conflicting Defaults entry \"%s\" host-specific in %s:%d:%d" +msgstr "" + +#: plugins/sudoers/cvtsudoers_merge.c:824 +#, c-format +msgid "%s:%d:%d: made Defaults \"%s\" specific to host %s" +msgstr "" + +#: plugins/sudoers/cvtsudoers_merge.c:850 +#, c-format +msgid "%s:%d:%d: unable to make Defaults \"%s\" host-specific" +msgstr "" + +#: plugins/sudoers/cvtsudoers_merge.c:860 +#, c-format +msgid "%s:%d:%d: removing Defaults \"%s\" overridden by subsequent entries" +msgstr "" + +#: plugins/sudoers/cvtsudoers_merge.c:1048 +#, c-format +msgid "%s:%d:%d: merging userspec into %s:%d:%d" +msgstr "" + +#: plugins/sudoers/cvtsudoers_merge.c:1142 +#, c-format +msgid "%s:%d:%d: removing userspec overridden by subsequent entries" +msgstr "" + #: plugins/sudoers/def_data.c:50 #, c-format msgid "Syslog facility if syslog is being used for logging: %s" @@ -1680,292 +2193,397 @@ msgstr "" #: plugins/sudoers/def_data.c:402 -msgid "Attempt to establish PAM credentials for the target user" +#, c-format +msgid "PAM service name to use when sudo is run with the -A option: %s" msgstr "" #: plugins/sudoers/def_data.c:406 -msgid "Create a new PAM session for the command to run in" +msgid "Attempt to establish PAM credentials for the target user" msgstr "" #: plugins/sudoers/def_data.c:410 -msgid "Perform PAM account validation management" +msgid "Create a new PAM session for the command to run in" msgstr "" #: plugins/sudoers/def_data.c:414 +msgid "Perform PAM account validation management" +msgstr "" + +#: plugins/sudoers/def_data.c:418 #, c-format msgid "Maximum I/O log sequence number: %s" msgstr "" -#: plugins/sudoers/def_data.c:418 +#: plugins/sudoers/def_data.c:422 msgid "Enable sudoers netgroup support" msgstr "" -#: plugins/sudoers/def_data.c:422 +#: plugins/sudoers/def_data.c:426 msgid "" "Check parent directories for writability when editing files with sudoedit" msgstr "" -#: plugins/sudoers/def_data.c:426 +#: plugins/sudoers/def_data.c:430 msgid "Follow symbolic links when editing files with sudoedit" msgstr "" -#: plugins/sudoers/def_data.c:430 +#: plugins/sudoers/def_data.c:434 msgid "Query the group plugin for unknown system groups" msgstr "" -#: plugins/sudoers/def_data.c:434 +#: plugins/sudoers/def_data.c:438 msgid "Match netgroups based on the entire tuple: user, host and domain" msgstr "" -#: plugins/sudoers/def_data.c:438 +#: plugins/sudoers/def_data.c:442 msgid "Allow commands to be run even if sudo cannot write to the audit log" msgstr "" -#: plugins/sudoers/def_data.c:442 +#: plugins/sudoers/def_data.c:446 msgid "Allow commands to be run even if sudo cannot write to the I/O log" msgstr "" -#: plugins/sudoers/def_data.c:446 +#: plugins/sudoers/def_data.c:450 msgid "Allow commands to be run even if sudo cannot write to the log file" msgstr "" -#: plugins/sudoers/def_data.c:450 +#: plugins/sudoers/def_data.c:454 msgid "Resolve groups in sudoers and match on the group ID, not the name" msgstr "" -#: plugins/sudoers/def_data.c:454 +#: plugins/sudoers/def_data.c:458 #, c-format msgid "" "Log entries larger than this value will be split into multiple syslog " "messages: %u" msgstr "" -#: plugins/sudoers/def_data.c:458 +#: plugins/sudoers/def_data.c:462 #, c-format msgid "User that will own the I/O log files: %s" msgstr "" -#: plugins/sudoers/def_data.c:462 +#: plugins/sudoers/def_data.c:466 #, c-format msgid "Group that will own the I/O log files: %s" msgstr "" -#: plugins/sudoers/def_data.c:466 +#: plugins/sudoers/def_data.c:470 #, c-format msgid "File mode to use for the I/O log files: 0%o" msgstr "" -#: plugins/sudoers/def_data.c:470 +#: plugins/sudoers/def_data.c:474 #, c-format msgid "Execute commands by file descriptor instead of by path: %s" msgstr "" -#: plugins/sudoers/def_data.c:474 +#: plugins/sudoers/def_data.c:478 msgid "" "Ignore unknown Defaults entries in sudoers instead of producing a warning" msgstr "" -#: plugins/sudoers/def_data.c:478 +#: plugins/sudoers/def_data.c:482 #, c-format msgid "Time in seconds after which the command will be terminated: %u" msgstr "" -#: plugins/sudoers/def_data.c:482 +#: plugins/sudoers/def_data.c:486 msgid "Allow the user to specify a timeout on the command line" msgstr "" -#: plugins/sudoers/def_data.c:486 +#: plugins/sudoers/def_data.c:490 msgid "Flush I/O log data to disk immediately instead of buffering it" msgstr "" -#: plugins/sudoers/def_data.c:490 +#: plugins/sudoers/def_data.c:494 msgid "Include the process ID when logging via syslog" msgstr "" -#: plugins/sudoers/def_data.c:494 +#: plugins/sudoers/def_data.c:498 #, c-format msgid "Type of authentication timestamp record: %s" msgstr "" -#: plugins/sudoers/def_data.c:498 +#: plugins/sudoers/def_data.c:502 #, c-format msgid "Authentication failure message: %s" msgstr "" -#: plugins/sudoers/def_data.c:502 +#: plugins/sudoers/def_data.c:506 msgid "Ignore case when matching user names" msgstr "" -#: plugins/sudoers/def_data.c:506 +#: plugins/sudoers/def_data.c:510 msgid "Ignore case when matching group names" msgstr "" -#: plugins/sudoers/def_data.c:510 +#: plugins/sudoers/def_data.c:514 msgid "Log when a command is allowed by sudoers" msgstr "" -#: plugins/sudoers/def_data.c:514 +#: plugins/sudoers/def_data.c:518 msgid "Log when a command is denied by sudoers" msgstr "" -#: plugins/sudoers/def_data.c:518 +#: plugins/sudoers/def_data.c:522 msgid "Sudo log server(s) to connect to with optional port" msgstr "" -#: plugins/sudoers/def_data.c:522 +#: plugins/sudoers/def_data.c:526 #, c-format msgid "Sudo log server timeout in seconds: %u" msgstr "" -#: plugins/sudoers/def_data.c:526 +#: plugins/sudoers/def_data.c:530 msgid "" "Enable SO_KEEPALIVE socket option on the socket connected to the logserver" msgstr "" -#: plugins/sudoers/def_data.c:530 +#: plugins/sudoers/def_data.c:534 #, c-format msgid "Path to the audit server's CA bundle file: %s" msgstr "" -#: plugins/sudoers/def_data.c:534 +#: plugins/sudoers/def_data.c:538 #, c-format msgid "Path to the sudoers certificate file: %s" msgstr "" -#: plugins/sudoers/def_data.c:538 +#: plugins/sudoers/def_data.c:542 #, c-format msgid "Path to the sudoers private key file: %s" msgstr "" -#: plugins/sudoers/def_data.c:542 +#: plugins/sudoers/def_data.c:546 msgid "Verify that the log server's certificate is valid" msgstr "" -#: plugins/sudoers/def_data.c:546 +#: plugins/sudoers/def_data.c:550 msgid "Allow the use of unknown runas user and/or group ID" msgstr "" -#: plugins/sudoers/def_data.c:550 +#: plugins/sudoers/def_data.c:554 msgid "Only permit running commands as a user with a valid shell" msgstr "" -#: plugins/sudoers/def_data.c:554 +#: plugins/sudoers/def_data.c:558 msgid "Set the pam remote user to the user running sudo" msgstr "" -#: plugins/sudoers/def_data.c:558 +#: plugins/sudoers/def_data.c:562 msgid "Set the pam remote host to the local host name" msgstr "" -#: plugins/sudoers/def_data.c:562 +#: plugins/sudoers/def_data.c:566 #, c-format msgid "Working directory to change to before executing the command: %s" msgstr "" -#: plugins/sudoers/def_data.c:566 +#: plugins/sudoers/def_data.c:570 #, c-format msgid "Root directory to change to before executing the command: %s" msgstr "" -#: plugins/sudoers/def_data.c:570 +#: plugins/sudoers/def_data.c:574 #, c-format msgid "The format of logs to produce: %s" msgstr "" -#: plugins/sudoers/def_data.c:574 +#: plugins/sudoers/def_data.c:578 msgid "Enable SELinux RBAC support" msgstr "" -#: plugins/sudoers/defaults.c:185 +#: plugins/sudoers/def_data.c:582 #, c-format -msgid "%s:%d:%d: unknown defaults entry \"%s\"" +msgid "Path to the file that is created the first time sudo is run: %s" +msgstr "" + +#: plugins/sudoers/def_data.c:586 +msgid "Intercept further commands and apply sudoers restrictions to them" +msgstr "" + +#: plugins/sudoers/def_data.c:590 +msgid "Log sub-commands run by the original command" +msgstr "" + +#: plugins/sudoers/def_data.c:594 +msgid "Log the exit status of commands" +msgstr "" + +#: plugins/sudoers/def_data.c:598 +msgid "Subsequent commands in an intercepted session must be authenticated" msgstr "" -#: plugins/sudoers/defaults.c:188 +#: plugins/sudoers/def_data.c:602 +msgid "Allow an intercepted command to run set setuid or setgid programs" +msgstr "" + +#: plugins/sudoers/def_data.c:606 +#, c-format +msgid "" +"The maximum size to which the process's address space may grow (in bytes): %s" +msgstr "" + +#: plugins/sudoers/def_data.c:610 +#, c-format +msgid "The largest size core dump file that may be created (in bytes): %s" +msgstr "" + +#: plugins/sudoers/def_data.c:614 +#, c-format +msgid "" +"The maximum amount of CPU time that the process may use (in seconds): %s" +msgstr "" + +#: plugins/sudoers/def_data.c:618 +#, c-format +msgid "The maximum size of the data segment for the process (in bytes): %s" +msgstr "" + +#: plugins/sudoers/def_data.c:622 +#, c-format +msgid "The largest size file that the process may create (in bytes): %s" +msgstr "" + +#: plugins/sudoers/def_data.c:626 +#, c-format +msgid "The maximum number of locks that the process may establish: %s" +msgstr "" + +#: plugins/sudoers/def_data.c:630 +#, c-format +msgid "The maximum size that the process may lock in memory (in bytes): %s" +msgstr "" + +#: plugins/sudoers/def_data.c:634 +#, c-format +msgid "The maximum number of files that the process may have open: %s" +msgstr "" + +#: plugins/sudoers/def_data.c:638 +#, c-format +msgid "" +"The maximum number of processes that the user may run simultaneously: %s" +msgstr "" + +#: plugins/sudoers/def_data.c:642 +#, c-format +msgid "" +"The maximum size to which the process's resident set size may grow (in " +"bytes): %s" +msgstr "" + +#: plugins/sudoers/def_data.c:646 +#, c-format +msgid "The maximum size to which the process's stack may grow (in bytes): %s" +msgstr "" + +#: plugins/sudoers/defaults.c:192 #, c-format msgid "%s: unknown defaults entry \"%s\"" msgstr "" -#: plugins/sudoers/defaults.c:234 +#: plugins/sudoers/defaults.c:241 #, c-format msgid "%s:%d:%d: no value specified for \"%s\"" msgstr "" -#: plugins/sudoers/defaults.c:237 +#: plugins/sudoers/defaults.c:244 #, c-format msgid "%s: no value specified for \"%s\"" msgstr "" -#: plugins/sudoers/defaults.c:275 +#: plugins/sudoers/defaults.c:257 +#, c-format +msgid "%s:%d:%d: invalid operator \"%c=\" for \"%s\"" +msgstr "" + +#: plugins/sudoers/defaults.c:260 +#, c-format +msgid "%s: invalid operator \"%c=\" for \"%s\"" +msgstr "" + +#: plugins/sudoers/defaults.c:296 #, c-format msgid "%s:%d:%d: option \"%s\" does not take a value" msgstr "" -#: plugins/sudoers/defaults.c:278 +#: plugins/sudoers/defaults.c:299 #, c-format msgid "%s: option \"%s\" does not take a value" msgstr "" -#: plugins/sudoers/defaults.c:303 +#: plugins/sudoers/defaults.c:327 #, c-format msgid "%s:%d:%d: invalid Defaults type 0x%x for option \"%s\"" msgstr "" -#: plugins/sudoers/defaults.c:306 +#: plugins/sudoers/defaults.c:330 #, c-format msgid "%s: invalid Defaults type 0x%x for option \"%s\"" msgstr "" -#: plugins/sudoers/defaults.c:316 +#: plugins/sudoers/defaults.c:340 #, c-format msgid "%s:%d:%d: value \"%s\" is invalid for option \"%s\"" msgstr "" -#: plugins/sudoers/defaults.c:319 +#: plugins/sudoers/defaults.c:343 #, c-format msgid "%s: value \"%s\" is invalid for option \"%s\"" msgstr "" -#: plugins/sudoers/defaults.c:1034 +#: plugins/sudoers/defaults.c:1132 +#, c-format +msgid "%s:%d:%d: path name for \"%s\" too long" +msgstr "" + +#: plugins/sudoers/defaults.c:1135 +#, c-format +msgid "%s: path name for \"%s\" too long" +msgstr "" + +#: plugins/sudoers/defaults.c:1146 #, c-format msgid "%s:%d:%d: values for \"%s\" must start with a '/', '~', or '*'" msgstr "" -#: plugins/sudoers/defaults.c:1038 +#: plugins/sudoers/defaults.c:1150 #, c-format msgid "%s: values for \"%s\" must start with a '/', '~', or '*'" msgstr "" -#: plugins/sudoers/defaults.c:1049 +#: plugins/sudoers/defaults.c:1161 #, c-format msgid "%s:%d:%d: values for \"%s\" must start with a '/'" msgstr "" -#: plugins/sudoers/defaults.c:1053 +#: plugins/sudoers/defaults.c:1165 #, c-format msgid "%s: values for \"%s\" must start with a '/'" msgstr "" -#: plugins/sudoers/env.c:405 +#: plugins/sudoers/env.c:412 msgid "sudo_putenv: corrupted envp, length mismatch" msgstr "" -#: plugins/sudoers/env.c:1135 +#: plugins/sudoers/env.c:1095 msgid "unable to rebuild the environment" msgstr "" -#: plugins/sudoers/env.c:1209 +#: plugins/sudoers/env.c:1169 #, c-format msgid "" "sorry, you are not allowed to set the following environment variables: %s" msgstr "" -#: plugins/sudoers/file.c:107 +#: plugins/sudoers/file.c:108 #, c-format msgid "parse error in %s near line %d" msgstr "" -#: plugins/sudoers/file.c:110 +#: plugins/sudoers/file.c:111 #, c-format msgid "parse error in %s" msgstr "" @@ -2005,56 +2623,51 @@ msgid "%s: incompatible group plugin major version %d, expected %d" msgstr "" -#: plugins/sudoers/interfaces.c:80 plugins/sudoers/interfaces.c:97 +#: plugins/sudoers/interfaces.c:76 plugins/sudoers/interfaces.c:93 #, c-format msgid "unable to parse IP address \"%s\"" msgstr "" -#: plugins/sudoers/interfaces.c:85 plugins/sudoers/interfaces.c:102 +#: plugins/sudoers/interfaces.c:81 plugins/sudoers/interfaces.c:98 #, c-format msgid "unable to parse netmask \"%s\"" msgstr "" -#: plugins/sudoers/interfaces.c:130 +#: plugins/sudoers/interfaces.c:126 msgid "Local IP address and netmask pairs:\n" msgstr "" -#: plugins/sudoers/iolog.c:143 plugins/sudoers/sudoers.c:443 -#: plugins/sudoers/sudoers.c:1341 plugins/sudoers/testsudoers.c:410 -#, c-format -msgid "unknown group: %s" -msgstr "" - -#: plugins/sudoers/iolog.c:622 +#: plugins/sudoers/iolog.c:626 msgid "unable to update sequence file" msgstr "" -#: plugins/sudoers/iolog.c:653 plugins/sudoers/iolog.c:841 -#: plugins/sudoers/iolog.c:994 plugins/sudoers/iolog.c:1001 -#: plugins/sudoers/iolog.c:1122 plugins/sudoers/iolog.c:1129 -#: plugins/sudoers/iolog.c:1228 plugins/sudoers/iolog.c:1235 +#: plugins/sudoers/iolog.c:660 plugins/sudoers/iolog.c:848 +#: plugins/sudoers/iolog.c:1001 plugins/sudoers/iolog.c:1008 +#: plugins/sudoers/iolog.c:1129 plugins/sudoers/iolog.c:1136 +#: plugins/sudoers/iolog.c:1235 plugins/sudoers/iolog.c:1242 #, c-format msgid "unable to write to I/O log file: %s" msgstr "" -#: plugins/sudoers/iolog.c:661 +#: plugins/sudoers/iolog.c:668 #, c-format msgid "unable to create %s/%s" msgstr "" -#: plugins/sudoers/iolog.c:886 +#: plugins/sudoers/iolog.c:893 #, c-format msgid "%s: internal error, I/O log file for event %d not open" msgstr "" -#: plugins/sudoers/iolog.c:979 plugins/sudoers/iolog.c:1107 -#: plugins/sudoers/iolog.c:1212 plugins/sudoers/timestamp.c:836 -#: plugins/sudoers/timestamp.c:928 plugins/sudoers/visudo.c:493 -#: plugins/sudoers/visudo.c:499 +#: plugins/sudoers/iolog.c:986 plugins/sudoers/iolog.c:1114 +#: plugins/sudoers/iolog.c:1219 plugins/sudoers/timestamp.c:849 +#: plugins/sudoers/timestamp.c:941 plugins/sudoers/visudo.c:510 +#: plugins/sudoers/visudo.c:516 msgid "unable to read the clock" msgstr "" -#: plugins/sudoers/iolog.c:1204 plugins/sudoers/log_client.c:1199 +#: plugins/sudoers/iolog.c:1211 plugins/sudoers/log_client.c:1221 +#: plugins/sudoers/log_client.c:1231 plugins/sudoers/log_client.c:1235 #, c-format msgid "%s: internal error, invalid signal %d" msgstr "" @@ -2073,18 +2686,18 @@ msgid "you must set TLS_CERT in %s to use SSL" msgstr "" -#: plugins/sudoers/ldap.c:1660 +#: plugins/sudoers/ldap.c:1717 #, c-format msgid "unable to initialize LDAP: %s" msgstr "" -#: plugins/sudoers/ldap.c:1697 +#: plugins/sudoers/ldap.c:1754 msgid "" "start_tls specified but LDAP libs do not support ldap_start_tls_s() or " "ldap_start_tls_s_np()" msgstr "" -#: plugins/sudoers/ldap.c:1834 plugins/sudoers/parse_ldif.c:744 +#: plugins/sudoers/ldap.c:1891 plugins/sudoers/parse_ldif.c:747 #, c-format msgid "invalid sudoOrder attribute: %s" msgstr "" @@ -2103,7 +2716,15 @@ msgid "unable to mix ldap and ldaps URIs" msgstr "" -#: plugins/sudoers/ldap_util.c:553 plugins/sudoers/ldap_util.c:555 +#: plugins/sudoers/ldap_util.c:498 plugins/sudoers/ldap_util.c:505 +#: plugins/sudoers/ldap_util.c:513 plugins/sudoers/ldap_util.c:522 +#: plugins/sudoers/ldap_util.c:530 plugins/sudoers/ldap_util.c:540 +#: plugins/sudoers/ldap_util.c:548 +#, c-format +msgid "duplicate sudoOption: %s%s%s" +msgstr "" + +#: plugins/sudoers/ldap_util.c:567 plugins/sudoers/ldap_util.c:569 #, c-format msgid "unable to convert sudoOption: %s%s%s" msgstr "" @@ -2116,114 +2737,133 @@ msgid "unable to send audit message" msgstr "" -#: plugins/sudoers/log_client.c:113 plugins/sudoers/log_client.c:391 -#: plugins/sudoers/log_client.c:1437 plugins/sudoers/log_client.c:2032 +#: plugins/sudoers/log_client.c:120 plugins/sudoers/log_client.c:400 +#: plugins/sudoers/log_client.c:1468 plugins/sudoers/log_client.c:2070 msgid "error in event loop" msgstr "" -#: plugins/sudoers/log_client.c:193 +#: plugins/sudoers/log_client.c:200 #, c-format msgid "Creation of new SSL_CTX object failed: %s" msgstr "" -#: plugins/sudoers/log_client.c:345 plugins/sudoers/log_client.c:350 +#: plugins/sudoers/log_client.c:223 +#, c-format +msgid "unable to load certificate authority bundle %s" +msgstr "" + +#: plugins/sudoers/log_client.c:243 +#, c-format +msgid "unable to load certificate %s" +msgstr "" + +#: plugins/sudoers/log_client.c:256 +#, c-format +msgid "unable to load private key %s" +msgstr "" + +#: plugins/sudoers/log_client.c:265 +#, c-format +msgid "Unable to allocate ssl object: %s" +msgstr "" + +#: plugins/sudoers/log_client.c:353 plugins/sudoers/log_client.c:358 #, c-format msgid "TLS connection to %s:%s failed: %s" msgstr "" -#: plugins/sudoers/log_client.c:519 +#: plugins/sudoers/log_client.c:531 msgid "TLS initialization was unsuccessful" msgstr "" -#: plugins/sudoers/log_client.c:528 +#: plugins/sudoers/log_client.c:541 msgid "TLS handshake was unsuccessful" msgstr "" -#: plugins/sudoers/log_client.c:1208 +#: plugins/sudoers/log_client.c:1239 #, c-format msgid "%s: internal error, invalid exit status %d" msgstr "" -#: plugins/sudoers/log_client.c:1723 plugins/sudoers/log_client.c:1747 +#: plugins/sudoers/log_client.c:1608 +msgid "unable to unpack ServerMessage" +msgstr "" + +#: plugins/sudoers/log_client.c:1763 plugins/sudoers/log_client.c:1787 msgid "lost connection to log server" msgstr "" -#: plugins/sudoers/log_client.c:1824 +#: plugins/sudoers/log_client.c:1864 msgid "missing write buffer" msgstr "" -#: plugins/sudoers/log_client.c:1973 +#: plugins/sudoers/log_client.c:2011 msgid "unable to connect to log server" msgstr "" -#: plugins/sudoers/logging.c:244 +#: plugins/sudoers/logging.c:286 msgid "user NOT in sudoers" msgstr "" -#: plugins/sudoers/logging.c:246 +#: plugins/sudoers/logging.c:288 msgid "user NOT authorized on host" msgstr "" -#: plugins/sudoers/logging.c:248 +#: plugins/sudoers/logging.c:290 msgid "command not allowed" msgstr "" -#: plugins/sudoers/logging.c:269 +#: plugins/sudoers/logging.c:311 #, c-format msgid "%s is not in the sudoers file. This incident will be reported.\n" msgstr "" -#: plugins/sudoers/logging.c:272 +#: plugins/sudoers/logging.c:314 #, c-format msgid "%s is not allowed to run sudo on %s. This incident will be reported.\n" msgstr "" -#: plugins/sudoers/logging.c:276 +#: plugins/sudoers/logging.c:318 #, c-format msgid "Sorry, user %s may not run sudo on %s.\n" msgstr "" -#: plugins/sudoers/logging.c:279 +#: plugins/sudoers/logging.c:321 #, c-format msgid "Sorry, user %s is not allowed to execute '%s%s%s' as %s%s%s on %s.\n" msgstr "" -#: plugins/sudoers/logging.c:316 plugins/sudoers/sudoers.c:581 -#: plugins/sudoers/sudoers.c:583 plugins/sudoers/sudoers.c:585 -#: plugins/sudoers/sudoers.c:587 plugins/sudoers/sudoers.c:737 -#: plugins/sudoers/sudoers.c:739 +#: plugins/sudoers/logging.c:358 plugins/sudoers/sudoers.c:629 +#: plugins/sudoers/sudoers.c:631 plugins/sudoers/sudoers.c:633 +#: plugins/sudoers/sudoers.c:635 plugins/sudoers/sudoers.c:785 +#: plugins/sudoers/sudoers.c:787 #, c-format msgid "%s: command not found" msgstr "" -#: plugins/sudoers/logging.c:318 plugins/sudoers/sudoers.c:577 +#: plugins/sudoers/logging.c:360 plugins/sudoers/sudoers.c:625 #, c-format msgid "" "ignoring \"%s\" found in '.'\n" "Use \"sudo ./%s\" if this is the \"%s\" you wish to run." msgstr "" -#: plugins/sudoers/logging.c:337 +#: plugins/sudoers/logging.c:379 #, c-format msgid "%u incorrect password attempt" msgid_plural "%u incorrect password attempts" msgstr[0] "" msgstr[1] "" -#: plugins/sudoers/logging.c:393 +#: plugins/sudoers/logging.c:435 msgid "authentication failure" msgstr "" -#: plugins/sudoers/logging.c:433 plugins/sudoers/logging.c:453 +#: plugins/sudoers/logging.c:475 plugins/sudoers/logging.c:495 msgid "a password is required" msgstr "" -#: plugins/sudoers/logging.c:739 -#, c-format -msgid "unable to open log file: %s" -msgstr "" - -#: plugins/sudoers/logging.c:772 +#: plugins/sudoers/logging.c:889 #, c-format msgid "unable to write log file: %s" msgstr "" @@ -2233,249 +2873,273 @@ msgid "digest for %s (%s) is not in %s form" msgstr "" -#: plugins/sudoers/parse.c:518 +#: plugins/sudoers/parse.c:233 +msgid "SELinux RBAC is not supported when intercept mode is enabled" +msgstr "" + +#: plugins/sudoers/parse.c:238 +msgid "SELinux RBAC is not supported when the log_subcmds flag is enabled" +msgstr "" + +#: plugins/sudoers/parse.c:549 #, c-format msgid "" "\n" "LDAP Role: %s\n" msgstr "" -#: plugins/sudoers/parse.c:521 +#: plugins/sudoers/parse.c:552 msgid "" "\n" "Sudoers entry:\n" msgstr "" -#: plugins/sudoers/parse.c:523 +#: plugins/sudoers/parse.c:554 msgid " RunAsUsers: " msgstr "" -#: plugins/sudoers/parse.c:538 +#: plugins/sudoers/parse.c:569 msgid " RunAsGroups: " msgstr "" -#: plugins/sudoers/parse.c:548 +#: plugins/sudoers/parse.c:579 msgid " Options: " msgstr "" -#: plugins/sudoers/parse.c:602 +#: plugins/sudoers/parse.c:643 msgid " Commands:\n" msgstr "" -#: plugins/sudoers/parse.c:793 +#: plugins/sudoers/parse.c:834 #, c-format msgid "Matching Defaults entries for %s on %s:\n" msgstr "" -#: plugins/sudoers/parse.c:811 +#: plugins/sudoers/parse.c:852 #, c-format msgid "Runas and Command-specific defaults for %s:\n" msgstr "" -#: plugins/sudoers/parse.c:829 +#: plugins/sudoers/parse.c:870 #, c-format msgid "User %s may run the following commands on %s:\n" msgstr "" -#: plugins/sudoers/parse.c:844 +#: plugins/sudoers/parse.c:885 #, c-format msgid "User %s is not allowed to run sudo on %s.\n" msgstr "" -#: plugins/sudoers/parse_ldif.c:614 +#: plugins/sudoers/parse_ldif.c:617 #, c-format msgid "ignoring incomplete sudoRole: cn: %s" msgstr "" -#: plugins/sudoers/parse_ldif.c:674 +#: plugins/sudoers/parse_ldif.c:677 #, c-format msgid "invalid LDIF attribute: %s" msgstr "" -#: plugins/sudoers/policy.c:78 plugins/sudoers/policy.c:102 +#: plugins/sudoers/policy.c:80 plugins/sudoers/policy.c:111 #, c-format msgid "invalid %.*s set by sudo front-end" msgstr "" -#: plugins/sudoers/policy.c:310 plugins/sudoers/testsudoers.c:272 +#: plugins/sudoers/policy.c:206 plugins/sudoers/policy.c:215 +#, c-format +msgid "path name for \"%s\" too long" +msgstr "" + +#: plugins/sudoers/policy.c:328 plugins/sudoers/testsudoers.c:268 msgid "unable to parse network address list" msgstr "" -#: plugins/sudoers/policy.c:455 +#: plugins/sudoers/policy.c:485 msgid "user name not set by sudo front-end" msgstr "" -#: plugins/sudoers/policy.c:459 +#: plugins/sudoers/policy.c:489 msgid "user-ID not set by sudo front-end" msgstr "" -#: plugins/sudoers/policy.c:463 +#: plugins/sudoers/policy.c:493 msgid "group-ID not set by sudo front-end" msgstr "" -#: plugins/sudoers/policy.c:467 +#: plugins/sudoers/policy.c:497 msgid "host name not set by sudo front-end" msgstr "" -#: plugins/sudoers/policy.c:643 +#: plugins/sudoers/policy.c:699 #, c-format msgid "invalid working directory: %s" msgstr "" -#: plugins/sudoers/policy.c:811 +#: plugins/sudoers/policy.c:875 #, c-format msgid "invalid chroot directory: %s" msgstr "" -#: plugins/sudoers/policy.c:947 plugins/sudoers/visudo.c:231 -#: plugins/sudoers/visudo.c:860 +#: plugins/sudoers/policy.c:1054 plugins/sudoers/visudo.c:243 +#: plugins/sudoers/visudo.c:880 #, c-format msgid "unable to execute %s" msgstr "" -#: plugins/sudoers/policy.c:1114 +#: plugins/sudoers/policy.c:1124 plugins/sudoers/policy.c:1161 +#: plugins/sudoers/policy.c:1183 plugins/sudoers/policy.c:1209 +#, c-format +msgid "%s: invalid mode flags from sudo front end: 0x%x" +msgstr "" + +#: plugins/sudoers/policy.c:1240 #, c-format msgid "Sudoers policy plugin version %s\n" msgstr "" -#: plugins/sudoers/policy.c:1116 +#: plugins/sudoers/policy.c:1242 #, c-format msgid "Sudoers file grammar version %d\n" msgstr "" -#: plugins/sudoers/policy.c:1120 +#: plugins/sudoers/policy.c:1246 #, c-format msgid "" "\n" "Sudoers path: %s\n" msgstr "" -#: plugins/sudoers/policy.c:1123 +#: plugins/sudoers/policy.c:1249 #, c-format msgid "nsswitch path: %s\n" msgstr "" -#: plugins/sudoers/policy.c:1125 +#: plugins/sudoers/policy.c:1251 #, c-format msgid "ldap.conf path: %s\n" msgstr "" -#: plugins/sudoers/policy.c:1126 +#: plugins/sudoers/policy.c:1252 #, c-format msgid "ldap.secret path: %s\n" msgstr "" -#: plugins/sudoers/policy.c:1159 +#: plugins/sudoers/policy.c:1285 #, c-format msgid "unable to register hook of type %d (version %d.%d)" msgstr "" -#: plugins/sudoers/pwutil.c:217 plugins/sudoers/pwutil.c:235 +#: plugins/sudoers/policy.c:1303 +#, c-format +msgid "unable to deregister hook of type %d (version %d.%d)" +msgstr "" + +#: plugins/sudoers/pwutil.c:222 plugins/sudoers/pwutil.c:240 #, c-format msgid "unable to cache uid %u" msgstr "" -#: plugins/sudoers/pwutil.c:229 +#: plugins/sudoers/pwutil.c:234 #, c-format msgid "unable to cache uid %u, already exists" msgstr "" -#: plugins/sudoers/pwutil.c:289 plugins/sudoers/pwutil.c:307 -#: plugins/sudoers/pwutil.c:370 plugins/sudoers/pwutil.c:415 +#: plugins/sudoers/pwutil.c:294 plugins/sudoers/pwutil.c:312 +#: plugins/sudoers/pwutil.c:375 plugins/sudoers/pwutil.c:420 #, c-format msgid "unable to cache user %s" msgstr "" -#: plugins/sudoers/pwutil.c:302 +#: plugins/sudoers/pwutil.c:307 #, c-format msgid "unable to cache user %s, already exists" msgstr "" -#: plugins/sudoers/pwutil.c:534 plugins/sudoers/pwutil.c:552 +#: plugins/sudoers/pwutil.c:539 plugins/sudoers/pwutil.c:557 #, c-format msgid "unable to cache gid %u" msgstr "" -#: plugins/sudoers/pwutil.c:546 +#: plugins/sudoers/pwutil.c:551 #, c-format msgid "unable to cache gid %u, already exists" msgstr "" -#: plugins/sudoers/pwutil.c:599 plugins/sudoers/pwutil.c:617 -#: plugins/sudoers/pwutil.c:665 plugins/sudoers/pwutil.c:707 +#: plugins/sudoers/pwutil.c:605 plugins/sudoers/pwutil.c:623 +#: plugins/sudoers/pwutil.c:684 plugins/sudoers/pwutil.c:733 #, c-format msgid "unable to cache group %s" msgstr "" -#: plugins/sudoers/pwutil.c:612 +#: plugins/sudoers/pwutil.c:618 #, c-format msgid "unable to cache group %s, already exists" msgstr "" -#: plugins/sudoers/pwutil.c:834 plugins/sudoers/pwutil.c:885 -#: plugins/sudoers/pwutil.c:935 plugins/sudoers/pwutil.c:987 +#: plugins/sudoers/pwutil.c:880 plugins/sudoers/pwutil.c:931 +#: plugins/sudoers/pwutil.c:981 plugins/sudoers/pwutil.c:1033 #, c-format msgid "unable to cache group list for %s, already exists" msgstr "" -#: plugins/sudoers/pwutil.c:840 plugins/sudoers/pwutil.c:890 -#: plugins/sudoers/pwutil.c:941 plugins/sudoers/pwutil.c:992 +#: plugins/sudoers/pwutil.c:886 plugins/sudoers/pwutil.c:936 +#: plugins/sudoers/pwutil.c:987 plugins/sudoers/pwutil.c:1038 #, c-format msgid "unable to cache group list for %s" msgstr "" -#: plugins/sudoers/pwutil.c:879 +#: plugins/sudoers/pwutil.c:925 #, c-format msgid "unable to parse groups for %s" msgstr "" -#: plugins/sudoers/pwutil.c:981 +#: plugins/sudoers/pwutil.c:1027 #, c-format msgid "unable to parse gids for %s" msgstr "" -#: plugins/sudoers/set_perms.c:114 plugins/sudoers/set_perms.c:441 -#: plugins/sudoers/set_perms.c:844 plugins/sudoers/set_perms.c:1150 -#: plugins/sudoers/set_perms.c:1444 +#: plugins/sudoers/set_perms.c:114 plugins/sudoers/set_perms.c:445 +#: plugins/sudoers/set_perms.c:852 plugins/sudoers/set_perms.c:1162 +#: plugins/sudoers/set_perms.c:1460 msgid "perm stack overflow" msgstr "" -#: plugins/sudoers/set_perms.c:122 plugins/sudoers/set_perms.c:372 -#: plugins/sudoers/set_perms.c:449 plugins/sudoers/set_perms.c:711 -#: plugins/sudoers/set_perms.c:852 plugins/sudoers/set_perms.c:1074 -#: plugins/sudoers/set_perms.c:1158 plugins/sudoers/set_perms.c:1377 -#: plugins/sudoers/set_perms.c:1452 plugins/sudoers/set_perms.c:1542 +#: plugins/sudoers/set_perms.c:125 plugins/sudoers/set_perms.c:376 +#: plugins/sudoers/set_perms.c:456 plugins/sudoers/set_perms.c:719 +#: plugins/sudoers/set_perms.c:863 plugins/sudoers/set_perms.c:1086 +#: plugins/sudoers/set_perms.c:1173 plugins/sudoers/set_perms.c:1393 +#: plugins/sudoers/set_perms.c:1471 plugins/sudoers/set_perms.c:1562 msgid "perm stack underflow" msgstr "" -#: plugins/sudoers/set_perms.c:181 plugins/sudoers/set_perms.c:495 -#: plugins/sudoers/set_perms.c:1211 plugins/sudoers/set_perms.c:1485 +#: plugins/sudoers/set_perms.c:185 plugins/sudoers/set_perms.c:503 +#: plugins/sudoers/set_perms.c:1227 plugins/sudoers/set_perms.c:1505 msgid "unable to change to root gid" msgstr "" -#: plugins/sudoers/set_perms.c:272 plugins/sudoers/set_perms.c:592 -#: plugins/sudoers/set_perms.c:983 plugins/sudoers/set_perms.c:1288 +#: plugins/sudoers/set_perms.c:276 plugins/sudoers/set_perms.c:600 +#: plugins/sudoers/set_perms.c:995 plugins/sudoers/set_perms.c:1304 msgid "unable to change to runas gid" msgstr "" -#: plugins/sudoers/set_perms.c:277 plugins/sudoers/set_perms.c:597 -#: plugins/sudoers/set_perms.c:988 plugins/sudoers/set_perms.c:1293 +#: plugins/sudoers/set_perms.c:281 plugins/sudoers/set_perms.c:605 +#: plugins/sudoers/set_perms.c:1000 plugins/sudoers/set_perms.c:1309 msgid "unable to set runas group vector" msgstr "" -#: plugins/sudoers/set_perms.c:288 plugins/sudoers/set_perms.c:608 -#: plugins/sudoers/set_perms.c:997 plugins/sudoers/set_perms.c:1302 +#: plugins/sudoers/set_perms.c:292 plugins/sudoers/set_perms.c:616 +#: plugins/sudoers/set_perms.c:1009 plugins/sudoers/set_perms.c:1318 msgid "unable to change to runas uid" msgstr "" -#: plugins/sudoers/set_perms.c:306 plugins/sudoers/set_perms.c:626 -#: plugins/sudoers/set_perms.c:1013 plugins/sudoers/set_perms.c:1318 +#: plugins/sudoers/set_perms.c:310 plugins/sudoers/set_perms.c:634 +#: plugins/sudoers/set_perms.c:1025 plugins/sudoers/set_perms.c:1334 msgid "unable to change to sudoers gid" msgstr "" -#: plugins/sudoers/set_perms.c:359 plugins/sudoers/set_perms.c:698 -#: plugins/sudoers/set_perms.c:1061 plugins/sudoers/set_perms.c:1364 -#: plugins/sudoers/set_perms.c:1529 +#: plugins/sudoers/set_perms.c:363 plugins/sudoers/set_perms.c:706 +#: plugins/sudoers/set_perms.c:1073 plugins/sudoers/set_perms.c:1380 +#: plugins/sudoers/set_perms.c:1549 msgid "too many processes" msgstr "" @@ -2504,255 +3168,269 @@ msgid "unable to find symbol \"%s\" in %s" msgstr "" -#: plugins/sudoers/sudoers.c:212 plugins/sudoers/sudoers.c:1010 +#: plugins/sudoers/sudoers.c:166 plugins/sudoers/sudoers.c:174 +#: plugins/sudoers/sudoers.c:228 plugins/sudoers/sudoers.c:249 +#: plugins/sudoers/sudoers.c:1049 msgid "problem with defaults entries" msgstr "" -#: plugins/sudoers/sudoers.c:216 +#: plugins/sudoers/sudoers.c:253 msgid "no valid sudoers sources found, quitting" msgstr "" -#: plugins/sudoers/sudoers.c:290 +#: plugins/sudoers/sudoers.c:327 #, c-format msgid "user not allowed to change root directory to %s" msgstr "" -#: plugins/sudoers/sudoers.c:292 +#: plugins/sudoers/sudoers.c:329 #, c-format msgid "you are not permitted to use the -R option with %s" msgstr "" -#: plugins/sudoers/sudoers.c:317 +#: plugins/sudoers/sudoers.c:354 #, c-format msgid "user not allowed to change directory to %s" msgstr "" -#: plugins/sudoers/sudoers.c:318 +#: plugins/sudoers/sudoers.c:355 #, c-format msgid "you are not permitted to use the -D option with %s" msgstr "" -#: plugins/sudoers/sudoers.c:349 +#: plugins/sudoers/sudoers.c:382 +msgid "no command specified" +msgstr "" + +#: plugins/sudoers/sudoers.c:407 msgid "sudoers specifies that root is not allowed to sudo" msgstr "" -#: plugins/sudoers/sudoers.c:409 +#: plugins/sudoers/sudoers.c:457 msgid "user not allowed to override closefrom limit" msgstr "" -#: plugins/sudoers/sudoers.c:410 +#: plugins/sudoers/sudoers.c:458 msgid "you are not permitted to use the -C option" msgstr "" -#: plugins/sudoers/sudoers.c:470 +#: plugins/sudoers/sudoers.c:518 #, c-format msgid "timestamp owner (%s): No such user" msgstr "" -#: plugins/sudoers/sudoers.c:485 +#: plugins/sudoers/sudoers.c:533 msgid "no tty" msgstr "" -#: plugins/sudoers/sudoers.c:486 +#: plugins/sudoers/sudoers.c:534 msgid "sorry, you must have a tty to run sudo" msgstr "" -#: plugins/sudoers/sudoers.c:493 +#: plugins/sudoers/sudoers.c:541 #, c-format msgid "invalid shell for user %s: %s" msgstr "" -#: plugins/sudoers/sudoers.c:576 +#: plugins/sudoers/sudoers.c:624 msgid "command in current directory" msgstr "" -#: plugins/sudoers/sudoers.c:595 +#: plugins/sudoers/sudoers.c:639 +msgid "\"cd\" is a shell built-in command, it cannot be run directly." +msgstr "" + +#: plugins/sudoers/sudoers.c:641 +msgid "the -s option may be used to run a privileged shell." +msgstr "" + +#: plugins/sudoers/sudoers.c:643 +msgid "the -D option may be used to run a command in a specific directory." +msgstr "" + +#: plugins/sudoers/sudoers.c:652 msgid "user not allowed to set a command timeout" msgstr "" -#: plugins/sudoers/sudoers.c:597 +#: plugins/sudoers/sudoers.c:654 msgid "sorry, you are not allowed set a command timeout" msgstr "" -#: plugins/sudoers/sudoers.c:605 +#: plugins/sudoers/sudoers.c:662 msgid "user not allowed to preserve the environment" msgstr "" -#: plugins/sudoers/sudoers.c:607 +#: plugins/sudoers/sudoers.c:664 msgid "sorry, you are not allowed to preserve the environment" msgstr "" -#: plugins/sudoers/sudoers.c:945 -msgid "command too long" -msgstr "" - -#: plugins/sudoers/sudoers.c:1003 +#: plugins/sudoers/sudoers.c:1037 msgid "sudoedit doesn't need to be run via sudo" msgstr "" -#: plugins/sudoers/sudoers.c:1057 plugins/sudoers/sudoreplay.c:1547 +#: plugins/sudoers/sudoers.c:1096 plugins/sudoers/sudoreplay.c:1578 #: plugins/sudoers/tsdump.c:138 #, c-format msgid "unable to read %s" msgstr "" -#: plugins/sudoers/sudoers.c:1082 plugins/sudoers/visudo.c:432 -#: plugins/sudoers/visudo.c:726 +#: plugins/sudoers/sudoers.c:1121 plugins/sudoers/visudo.c:449 +#: plugins/sudoers/visudo.c:748 #, c-format msgid "unable to stat %s" msgstr "" -#: plugins/sudoers/sudoers.c:1086 plugins/sudoers/visudo.c:1018 +#: plugins/sudoers/sudoers.c:1125 plugins/sudoers/visudo.c:1045 #, c-format msgid "%s is not a regular file" msgstr "" -#: plugins/sudoers/sudoers.c:1090 plugins/sudoers/timestamp.c:252 toke.l:1115 +#: plugins/sudoers/sudoers.c:1129 plugins/sudoers/timestamp.c:252 toke.l:1168 #, c-format msgid "%s is owned by uid %u, should be %u" msgstr "" -#: plugins/sudoers/sudoers.c:1094 toke.l:1120 +#: plugins/sudoers/sudoers.c:1133 toke.l:1173 #, c-format msgid "%s is world writable" msgstr "" -#: plugins/sudoers/sudoers.c:1098 toke.l:1123 +#: plugins/sudoers/sudoers.c:1137 toke.l:1176 #, c-format msgid "%s is owned by gid %u, should be %u" msgstr "" -#: plugins/sudoers/sudoers.c:1131 +#: plugins/sudoers/sudoers.c:1170 #, c-format msgid "only root can use \"-c %s\"" msgstr "" -#: plugins/sudoers/sudoers.c:1150 +#: plugins/sudoers/sudoers.c:1189 #, c-format -msgid "unknown login class: %s" +msgid "unknown login class %s" msgstr "" -#: plugins/sudoers/sudoers.c:1235 plugins/sudoers/sudoers.c:1250 +#: plugins/sudoers/sudoers.c:1275 plugins/sudoers/sudoers.c:1290 #, c-format msgid "unable to resolve host %s" msgstr "" -#: plugins/sudoers/sudoreplay.c:257 +#: plugins/sudoers/sudoreplay.c:259 #, c-format msgid "invalid filter option: %s" msgstr "" -#: plugins/sudoers/sudoreplay.c:273 +#: plugins/sudoers/sudoreplay.c:275 #, c-format msgid "invalid max wait: %s" msgstr "" -#: plugins/sudoers/sudoreplay.c:296 +#: plugins/sudoers/sudoreplay.c:298 #, c-format msgid "invalid speed factor: %s" msgstr "" -#: plugins/sudoers/sudoreplay.c:332 +#: plugins/sudoers/sudoreplay.c:333 #, c-format -msgid "%s/%.2s/%.2s/%.2s: %s" +msgid "invalid time offset %s" msgstr "" -#: plugins/sudoers/sudoreplay.c:337 +#: plugins/sudoers/sudoreplay.c:342 #, c-format -msgid "%s/timing: %s" +msgid "%s/%.2s/%.2s/%.2s: %s" msgstr "" -#: plugins/sudoers/sudoreplay.c:341 +#: plugins/sudoers/sudoreplay.c:347 #, c-format -msgid "%s/%s: %s" +msgid "%s/timing: %s" msgstr "" -#: plugins/sudoers/sudoreplay.c:365 +#: plugins/sudoers/sudoreplay.c:375 #, c-format msgid "Replaying sudo session: %s" msgstr "" -#: plugins/sudoers/sudoreplay.c:627 +#: plugins/sudoers/sudoreplay.c:637 msgid "unable to set tty to raw mode" msgstr "" -#: plugins/sudoers/sudoreplay.c:678 +#: plugins/sudoers/sudoreplay.c:688 msgid "Warning: your terminal is too small to properly replay the log.\n" msgstr "" -#: plugins/sudoers/sudoreplay.c:679 +#: plugins/sudoers/sudoreplay.c:689 #, c-format msgid "Log geometry is %d x %d, your terminal's geometry is %d x %d." msgstr "" -#: plugins/sudoers/sudoreplay.c:707 +#: plugins/sudoers/sudoreplay.c:717 msgid "Replay finished, press any key to restore the terminal." msgstr "" -#: plugins/sudoers/sudoreplay.c:1197 plugins/sudoers/sudoreplay.c:1227 +#: plugins/sudoers/sudoreplay.c:1218 plugins/sudoers/sudoreplay.c:1248 #, c-format msgid "ambiguous expression \"%s\"" msgstr "" -#: plugins/sudoers/sudoreplay.c:1249 +#: plugins/sudoers/sudoreplay.c:1270 msgid "unmatched ')' in expression" msgstr "" -#: plugins/sudoers/sudoreplay.c:1253 +#: plugins/sudoers/sudoreplay.c:1274 #, c-format msgid "unknown search term \"%s\"" msgstr "" -#: plugins/sudoers/sudoreplay.c:1268 +#: plugins/sudoers/sudoreplay.c:1289 #, c-format msgid "%s requires an argument" msgstr "" -#: plugins/sudoers/sudoreplay.c:1271 plugins/sudoers/sudoreplay.c:1523 +#: plugins/sudoers/sudoreplay.c:1292 plugins/sudoers/sudoreplay.c:1554 #, c-format msgid "invalid regular expression: %s" msgstr "" -#: plugins/sudoers/sudoreplay.c:1276 +#: plugins/sudoers/sudoreplay.c:1297 #, c-format msgid "could not parse date \"%s\"" msgstr "" -#: plugins/sudoers/sudoreplay.c:1285 +#: plugins/sudoers/sudoreplay.c:1306 msgid "unmatched '(' in expression" msgstr "" -#: plugins/sudoers/sudoreplay.c:1287 +#: plugins/sudoers/sudoreplay.c:1308 msgid "illegal trailing \"or\"" msgstr "" -#: plugins/sudoers/sudoreplay.c:1289 +#: plugins/sudoers/sudoreplay.c:1310 msgid "illegal trailing \"!\"" msgstr "" -#: plugins/sudoers/sudoreplay.c:1347 +#: plugins/sudoers/sudoreplay.c:1368 #, c-format msgid "unknown search type %d" msgstr "" -#: plugins/sudoers/sudoreplay.c:1614 +#: plugins/sudoers/sudoreplay.c:1645 #, c-format msgid "usage: %s [-hnRS] [-d dir] [-m num] [-s num] ID\n" msgstr "" -#: plugins/sudoers/sudoreplay.c:1617 +#: plugins/sudoers/sudoreplay.c:1648 #, c-format msgid "usage: %s [-h] [-d dir] -l [search expression]\n" msgstr "" -#: plugins/sudoers/sudoreplay.c:1626 +#: plugins/sudoers/sudoreplay.c:1657 #, c-format msgid "" "%s - replay sudo session logs\n" "\n" msgstr "" -#: plugins/sudoers/sudoreplay.c:1628 +#: plugins/sudoers/sudoreplay.c:1659 msgid "" "\n" "Options:\n" @@ -2769,23 +3447,23 @@ " -V, --version display version information and exit" msgstr "" -#: plugins/sudoers/testsudoers.c:348 +#: plugins/sudoers/testsudoers.c:344 msgid "\thost unmatched" msgstr "" -#: plugins/sudoers/testsudoers.c:351 +#: plugins/sudoers/testsudoers.c:347 msgid "" "\n" "Command allowed" msgstr "" -#: plugins/sudoers/testsudoers.c:352 +#: plugins/sudoers/testsudoers.c:348 msgid "" "\n" "Command denied" msgstr "" -#: plugins/sudoers/testsudoers.c:352 +#: plugins/sudoers/testsudoers.c:348 msgid "" "\n" "Command unmatched" @@ -2796,121 +3474,127 @@ msgid "%s is group writable" msgstr "" -#: plugins/sudoers/timestamp.c:326 plugins/sudoers/timestamp.c:661 +#: plugins/sudoers/timestamp.c:328 plugins/sudoers/timestamp.c:663 #, c-format msgid "unable to truncate time stamp file to %lld bytes" msgstr "" -#: plugins/sudoers/timestamp.c:847 +#: plugins/sudoers/timestamp.c:860 msgid "ignoring time stamp from the future" msgstr "" -#: plugins/sudoers/timestamp.c:870 +#: plugins/sudoers/timestamp.c:883 #, c-format msgid "time stamp too far in the future: %20.20s" msgstr "" -#: plugins/sudoers/timestamp.c:992 +#: plugins/sudoers/timestamp.c:1005 #, c-format msgid "unable to lock time stamp file %s" msgstr "" -#: plugins/sudoers/timestamp.c:1036 plugins/sudoers/timestamp.c:1056 +#: plugins/sudoers/timestamp.c:1049 plugins/sudoers/timestamp.c:1069 #, c-format msgid "lecture status path too long: %s/%s" msgstr "" -#: plugins/sudoers/toke_util.c:124 +#: plugins/sudoers/toke_util.c:150 msgid "sudoedit should not be specified with a path" msgstr "" -#: plugins/sudoers/visudo.c:226 +#: plugins/sudoers/visudo.c:238 msgid "the -x option will be removed in a future release" msgstr "" -#: plugins/sudoers/visudo.c:228 +#: plugins/sudoers/visudo.c:240 msgid "please consider using the cvtsudoers utility instead" msgstr "" -#: plugins/sudoers/visudo.c:279 plugins/sudoers/visudo.c:659 +#: plugins/sudoers/visudo.c:292 plugins/sudoers/visudo.c:676 #, c-format msgid "press return to edit %s: " msgstr "" -#: plugins/sudoers/visudo.c:340 +#: plugins/sudoers/visudo.c:307 +#, c-format +msgid "contents of edit session left in %s" +msgstr "" + +#: plugins/sudoers/visudo.c:361 #, c-format msgid "specified editor (%s) doesn't exist" msgstr "" -#: plugins/sudoers/visudo.c:342 +#: plugins/sudoers/visudo.c:363 #, c-format msgid "no editor found (editor path = %s)" msgstr "" -#: plugins/sudoers/visudo.c:452 plugins/sudoers/visudo.c:460 +#: plugins/sudoers/visudo.c:469 plugins/sudoers/visudo.c:477 msgid "write error" msgstr "" -#: plugins/sudoers/visudo.c:506 +#: plugins/sudoers/visudo.c:523 #, c-format msgid "unable to stat temporary file (%s), %s unchanged" msgstr "" -#: plugins/sudoers/visudo.c:513 +#: plugins/sudoers/visudo.c:530 #, c-format msgid "zero length temporary file (%s), %s unchanged" msgstr "" -#: plugins/sudoers/visudo.c:519 +#: plugins/sudoers/visudo.c:536 #, c-format msgid "editor (%s) failed, %s unchanged" msgstr "" -#: plugins/sudoers/visudo.c:541 +#: plugins/sudoers/visudo.c:558 #, c-format msgid "%s unchanged" msgstr "" -#: plugins/sudoers/visudo.c:598 +#: plugins/sudoers/visudo.c:615 #, c-format msgid "unable to re-open temporary file (%s), %s unchanged." msgstr "" -#: plugins/sudoers/visudo.c:610 +#: plugins/sudoers/visudo.c:627 #, c-format msgid "unable to parse temporary file (%s), unknown error" msgstr "" -#: plugins/sudoers/visudo.c:648 +#: plugins/sudoers/visudo.c:665 #, c-format msgid "internal error, unable to find %s in list!" msgstr "" -#: plugins/sudoers/visudo.c:728 plugins/sudoers/visudo.c:737 +#: plugins/sudoers/visudo.c:722 plugins/sudoers/visudo.c:752 +#: plugins/sudoers/visudo.c:759 #, c-format msgid "unable to set (uid, gid) of %s to (%u, %u)" msgstr "" -#: plugins/sudoers/visudo.c:760 +#: plugins/sudoers/visudo.c:787 #, c-format msgid "%s and %s not on the same file system, using mv to rename" msgstr "" -#: plugins/sudoers/visudo.c:774 +#: plugins/sudoers/visudo.c:798 #, c-format msgid "command failed: '%s %s %s', %s unchanged" msgstr "" -#: plugins/sudoers/visudo.c:784 +#: plugins/sudoers/visudo.c:805 #, c-format msgid "error renaming %s, %s unchanged" msgstr "" -#: plugins/sudoers/visudo.c:805 +#: plugins/sudoers/visudo.c:825 msgid "What now? " msgstr "" -#: plugins/sudoers/visudo.c:819 +#: plugins/sudoers/visudo.c:839 msgid "" "Options are:\n" " (e)dit sudoers file again\n" @@ -2918,73 +3602,48 @@ " (Q)uit and save changes to sudoers file (DANGER!)\n" msgstr "" -#: plugins/sudoers/visudo.c:865 +#: plugins/sudoers/visudo.c:885 #, c-format msgid "unable to run %s" msgstr "" -#: plugins/sudoers/visudo.c:895 +#: plugins/sudoers/visudo.c:916 #, c-format msgid "%s: wrong owner (uid, gid) should be (%u, %u)\n" msgstr "" -#: plugins/sudoers/visudo.c:902 +#: plugins/sudoers/visudo.c:927 #, c-format msgid "%s: bad permissions, should be mode 0%o\n" msgstr "" -#: plugins/sudoers/visudo.c:951 plugins/sudoers/visudo.c:958 +#: plugins/sudoers/visudo.c:978 plugins/sudoers/visudo.c:985 #, c-format msgid "%s: parsed OK\n" msgstr "" -#: plugins/sudoers/visudo.c:977 +#: plugins/sudoers/visudo.c:1004 #, c-format msgid "%s busy, try again later" msgstr "" -#: plugins/sudoers/visudo.c:980 -#, c-format -msgid "unable to lock %s" -msgstr "" - -#: plugins/sudoers/visudo.c:981 +#: plugins/sudoers/visudo.c:1008 msgid "Edit anyway? [y/N]" msgstr "" -#: plugins/sudoers/visudo.c:1091 -#, c-format -msgid "Error: %s:%d:%d: cycle in %s \"%s\"" -msgstr "" - -#: plugins/sudoers/visudo.c:1092 -#, c-format -msgid "Warning: %s:%d:%d: cycle in %s \"%s\"" -msgstr "" - -#: plugins/sudoers/visudo.c:1096 -#, c-format -msgid "Error: %s:%d:%d: %s \"%s\" referenced but not defined" -msgstr "" - -#: plugins/sudoers/visudo.c:1097 -#, c-format -msgid "Warning: %s:%d:%d: %s \"%s\" referenced but not defined" -msgstr "" - -#: plugins/sudoers/visudo.c:1188 +#: plugins/sudoers/visudo.c:1104 #, c-format msgid "Warning: %s:%d:%d: unused %s \"%s\"" msgstr "" -#: plugins/sudoers/visudo.c:1303 +#: plugins/sudoers/visudo.c:1220 #, c-format msgid "" "%s - safely edit the sudoers file\n" "\n" msgstr "" -#: plugins/sudoers/visudo.c:1305 +#: plugins/sudoers/visudo.c:1222 msgid "" "\n" "Options:\n" @@ -2996,30 +3655,30 @@ " -V, --version display version information and exit\n" msgstr "" -#: toke.l:182 +#: toke.l:187 msgid "empty string" msgstr "" -#: toke.l:192 toke.l:494 +#: toke.l:199 toke.l:513 msgid "empty group" msgstr "" -#: toke.l:200 toke.l:492 +#: toke.l:209 toke.l:511 msgid "empty netgroup" msgstr "" -#: toke.l:296 toke.l:308 toke.l:320 toke.l:336 toke.l:355 toke.l:395 +#: toke.l:305 toke.l:317 toke.l:329 toke.l:345 toke.l:364 toke.l:404 msgid "invalid line continuation" msgstr "" -#: toke.l:531 toke.l:543 +#: toke.l:550 toke.l:562 msgid "invalid IPv6 address" msgstr "" -#: toke.l:767 +#: toke.l:789 msgid "unexpected line break in string" msgstr "" -#: toke.l:1087 +#: toke.l:1139 msgid "too many levels of includes" msgstr "" Binary files /tmp/tmpi0rdlgnl/ugezXHF7Xt/sudo-1.9.5p2/plugins/sudoers/po/sv.mo and /tmp/tmpi0rdlgnl/jboyaHmwzR/sudo-1.9.9/plugins/sudoers/po/sv.mo differ diff -Nru sudo-1.9.5p2/plugins/sudoers/po/sv.po sudo-1.9.9/plugins/sudoers/po/sv.po --- sudo-1.9.5p2/plugins/sudoers/po/sv.po 2021-01-09 20:12:16.000000000 +0000 +++ sudo-1.9.9/plugins/sudoers/po/sv.po 2022-01-27 21:24:06.000000000 +0000 @@ -1,15 +1,16 @@ # Swedish translation for sudoers. -# Copyright © 2012, 2016, 2017, 2018, 2019, 2020 Free Software Foundation, Inc. +# Copyright © 2012, 2016, 2017, 2018, 2019, 2020, 2021 Free Software Foundation, Inc. # This file is put in the public domain. # Daniel Nylander , 2012. -# Sebastian Rasmussen , 2016, 2017, 2018, 2019, 2020. +# Sebastian Rasmussen , 2016, 2017, 2018, 2019, 2020, 2021. +# Luna Jernberg , 2021. # msgid "" msgstr "" -"Project-Id-Version: sudoers 1.9.4b1\n" +"Project-Id-Version: sudoers 1.9.7b1\n" "Report-Msgid-Bugs-To: https://bugzilla.sudo.ws\n" -"POT-Creation-Date: 2020-11-14 06:24-0700\n" -"PO-Revision-Date: 2020-12-26 03:34+0100\n" +"POT-Creation-Date: 2021-05-01 16:27-0600\n" +"PO-Revision-Date: 2021-05-05 21:51+0200\n" "Last-Translator: Sebastian Rasmussen \n" "Language-Team: Swedish \n" "Language: sv\n" @@ -18,9 +19,9 @@ "Content-Transfer-Encoding: 8bit\n" "X-Bugs: Report translation errors to the Language-Team address.\n" "Plural-Forms: nplurals=2; plural=(n != 1);\n" -"X-Generator: Poedit 2.4.2\n" +"X-Generator: Poedit 2.2.4\n" -#: confstr.sh:1 gram.y:1077 +#: confstr.sh:1 gram.y:1183 msgid "syntax error" msgstr "syntaxfel" @@ -44,429 +45,458 @@ msgid "Sorry, try again." msgstr "Försök igen." -#: gram.y:220 gram.y:286 gram.y:293 gram.y:300 gram.y:307 gram.y:314 -#: gram.y:334 gram.y:358 gram.y:365 gram.y:372 gram.y:379 gram.y:386 -#: gram.y:455 gram.y:464 gram.y:475 gram.y:510 gram.y:517 gram.y:524 -#: gram.y:531 gram.y:558 gram.y:654 gram.y:661 gram.y:670 gram.y:679 -#: gram.y:696 gram.y:834 gram.y:841 gram.y:849 gram.y:855 gram.y:971 -#: gram.y:978 gram.y:985 gram.y:992 gram.y:999 gram.y:1025 gram.y:1032 -#: gram.y:1039 gram.y:1236 gram.y:1526 lib/eventlog/eventlog.c:280 -#: lib/eventlog/eventlog.c:352 lib/eventlog/eventlog.c:753 -#: lib/eventlog/eventlog.c:817 lib/eventlog/eventlog.c:1062 -#: lib/iolog/iolog_fileio.c:998 lib/iolog/iolog_json.c:120 -#: lib/iolog/iolog_json.c:305 lib/iolog/iolog_json.c:335 -#: lib/iolog/iolog_json.c:457 lib/iolog/iolog_util.c:106 -#: lib/iolog/iolog_util.c:115 lib/iolog/iolog_util.c:125 -#: lib/iolog/iolog_util.c:133 lib/iolog/iolog_util.c:137 -#: lib/iolog/iolog_util.c:196 logsrvd/sendlog.c:480 -#: plugins/sudoers/alias.c:126 plugins/sudoers/alias.c:134 -#: plugins/sudoers/alias.c:153 plugins/sudoers/audit.c:115 -#: plugins/sudoers/audit.c:210 plugins/sudoers/auth/bsdauth.c:143 +#: gram.y:233 gram.y:300 gram.y:309 gram.y:318 gram.y:328 gram.y:338 +#: gram.y:362 gram.y:389 gram.y:398 gram.y:406 gram.y:415 gram.y:424 +#: gram.y:496 gram.y:506 gram.y:518 gram.y:562 gram.y:571 gram.y:580 +#: gram.y:589 gram.y:619 gram.y:716 gram.y:724 gram.y:735 gram.y:747 +#: gram.y:766 gram.y:914 gram.y:922 gram.y:932 gram.y:938 gram.y:1060 +#: gram.y:1069 gram.y:1077 gram.y:1086 gram.y:1095 gram.y:1124 gram.y:1133 +#: gram.y:1141 gram.y:1231 gram.y:1343 gram.y:1650 gram.y:1700 +#: lib/eventlog/eventlog.c:260 lib/eventlog/eventlog.c:333 +#: lib/eventlog/eventlog.c:733 lib/eventlog/eventlog.c:797 +#: lib/eventlog/eventlog.c:1053 lib/iolog/iolog_json.c:125 +#: lib/iolog/iolog_json.c:330 lib/iolog/iolog_json.c:360 +#: lib/iolog/iolog_json.c:503 lib/iolog/iolog_legacy.c:100 +#: lib/iolog/iolog_legacy.c:111 lib/iolog/iolog_legacy.c:123 +#: lib/iolog/iolog_legacy.c:133 lib/iolog/iolog_legacy.c:139 +#: lib/iolog/iolog_loginfo.c:76 lib/iolog/iolog_loginfo.c:210 +#: logsrvd/logsrvd.c:1021 logsrvd/logsrvd.c:1089 logsrvd/logsrvd_journal.c:142 +#: logsrvd/logsrvd_journal.c:196 logsrvd/logsrvd_journal.c:248 +#: logsrvd/logsrvd_journal.c:380 logsrvd/logsrvd_relay.c:443 +#: logsrvd/logsrvd_relay.c:743 logsrvd/logsrvd_relay.c:857 +#: logsrvd/sendlog.c:500 plugins/sudoers/audit.c:115 +#: plugins/sudoers/audit.c:263 plugins/sudoers/auth/bsdauth.c:143 #: plugins/sudoers/auth/kerb5.c:118 plugins/sudoers/auth/kerb5.c:144 -#: plugins/sudoers/auth/pam.c:669 plugins/sudoers/auth/rfc1938.c:111 -#: plugins/sudoers/auth/sia.c:59 plugins/sudoers/cvtsudoers.c:119 -#: plugins/sudoers/cvtsudoers.c:160 plugins/sudoers/cvtsudoers.c:177 -#: plugins/sudoers/cvtsudoers.c:188 plugins/sudoers/cvtsudoers.c:300 -#: plugins/sudoers/cvtsudoers.c:428 plugins/sudoers/cvtsudoers.c:561 -#: plugins/sudoers/cvtsudoers.c:578 plugins/sudoers/cvtsudoers.c:641 -#: plugins/sudoers/cvtsudoers.c:756 plugins/sudoers/cvtsudoers.c:764 -#: plugins/sudoers/cvtsudoers.c:1178 plugins/sudoers/cvtsudoers.c:1182 -#: plugins/sudoers/cvtsudoers.c:1284 plugins/sudoers/cvtsudoers_json.c:76 -#: plugins/sudoers/cvtsudoers_ldif.c:151 plugins/sudoers/cvtsudoers_ldif.c:194 -#: plugins/sudoers/cvtsudoers_ldif.c:235 plugins/sudoers/cvtsudoers_ldif.c:300 -#: plugins/sudoers/cvtsudoers_ldif.c:371 plugins/sudoers/cvtsudoers_ldif.c:421 -#: plugins/sudoers/cvtsudoers_ldif.c:429 plugins/sudoers/cvtsudoers_ldif.c:440 -#: plugins/sudoers/cvtsudoers_ldif.c:447 plugins/sudoers/cvtsudoers_ldif.c:460 -#: plugins/sudoers/cvtsudoers_ldif.c:468 plugins/sudoers/cvtsudoers_ldif.c:615 -#: plugins/sudoers/defaults.c:630 plugins/sudoers/defaults.c:923 -#: plugins/sudoers/defaults.c:1098 plugins/sudoers/editor.c:181 -#: plugins/sudoers/env.c:261 plugins/sudoers/exptilde.c:92 -#: plugins/sudoers/filedigest.c:54 plugins/sudoers/filedigest.c:70 -#: plugins/sudoers/gc.c:56 plugins/sudoers/group_plugin.c:133 -#: plugins/sudoers/interfaces.c:72 plugins/sudoers/iolog.c:596 -#: plugins/sudoers/iolog.c:613 plugins/sudoers/ldap.c:184 -#: plugins/sudoers/ldap.c:422 plugins/sudoers/ldap.c:432 -#: plugins/sudoers/ldap.c:437 plugins/sudoers/ldap.c:441 -#: plugins/sudoers/ldap.c:453 plugins/sudoers/ldap.c:744 -#: plugins/sudoers/ldap.c:908 plugins/sudoers/ldap.c:1281 -#: plugins/sudoers/ldap.c:1709 plugins/sudoers/ldap.c:1746 -#: plugins/sudoers/ldap.c:1827 plugins/sudoers/ldap.c:1962 -#: plugins/sudoers/ldap.c:2063 plugins/sudoers/ldap.c:2079 -#: plugins/sudoers/ldap_conf.c:218 plugins/sudoers/ldap_conf.c:249 -#: plugins/sudoers/ldap_conf.c:301 plugins/sudoers/ldap_conf.c:337 -#: plugins/sudoers/ldap_conf.c:441 plugins/sudoers/ldap_conf.c:456 -#: plugins/sudoers/ldap_conf.c:553 plugins/sudoers/ldap_conf.c:586 -#: plugins/sudoers/ldap_conf.c:678 plugins/sudoers/ldap_conf.c:760 -#: plugins/sudoers/ldap_util.c:326 plugins/sudoers/ldap_util.c:333 -#: plugins/sudoers/ldap_util.c:603 plugins/sudoers/linux_audit.c:84 -#: plugins/sudoers/log_client.c:105 plugins/sudoers/log_client.c:381 -#: plugins/sudoers/log_client.c:688 plugins/sudoers/log_client.c:706 -#: plugins/sudoers/log_client.c:1407 plugins/sudoers/log_client.c:1620 -#: plugins/sudoers/log_client.c:1942 plugins/sudoers/log_client.c:1999 -#: plugins/sudoers/logging.c:100 plugins/sudoers/logging.c:166 -#: plugins/sudoers/logging.c:426 plugins/sudoers/logging.c:446 -#: plugins/sudoers/logging.c:527 plugins/sudoers/match_command.c:281 -#: plugins/sudoers/match_command.c:449 plugins/sudoers/match_command.c:499 -#: plugins/sudoers/match_command.c:573 plugins/sudoers/match_digest.c:93 -#: plugins/sudoers/parse.c:199 plugins/sudoers/parse.c:213 -#: plugins/sudoers/parse.c:230 plugins/sudoers/parse.c:244 -#: plugins/sudoers/parse.c:264 plugins/sudoers/parse.c:275 +#: plugins/sudoers/auth/pam.c:692 plugins/sudoers/auth/rfc1938.c:111 +#: plugins/sudoers/auth/sia.c:59 plugins/sudoers/check_aliases.c:95 +#: plugins/sudoers/cvtsudoers.c:119 plugins/sudoers/cvtsudoers.c:160 +#: plugins/sudoers/cvtsudoers.c:177 plugins/sudoers/cvtsudoers.c:188 +#: plugins/sudoers/cvtsudoers.c:300 plugins/sudoers/cvtsudoers.c:428 +#: plugins/sudoers/cvtsudoers.c:561 plugins/sudoers/cvtsudoers.c:578 +#: plugins/sudoers/cvtsudoers.c:646 plugins/sudoers/cvtsudoers.c:761 +#: plugins/sudoers/cvtsudoers.c:769 plugins/sudoers/cvtsudoers.c:1183 +#: plugins/sudoers/cvtsudoers.c:1187 plugins/sudoers/cvtsudoers.c:1289 +#: plugins/sudoers/cvtsudoers_json.c:76 plugins/sudoers/cvtsudoers_ldif.c:151 +#: plugins/sudoers/cvtsudoers_ldif.c:194 plugins/sudoers/cvtsudoers_ldif.c:235 +#: plugins/sudoers/cvtsudoers_ldif.c:300 plugins/sudoers/cvtsudoers_ldif.c:371 +#: plugins/sudoers/cvtsudoers_ldif.c:421 plugins/sudoers/cvtsudoers_ldif.c:429 +#: plugins/sudoers/cvtsudoers_ldif.c:440 plugins/sudoers/cvtsudoers_ldif.c:447 +#: plugins/sudoers/cvtsudoers_ldif.c:460 plugins/sudoers/cvtsudoers_ldif.c:468 +#: plugins/sudoers/cvtsudoers_ldif.c:615 plugins/sudoers/defaults.c:638 +#: plugins/sudoers/defaults.c:933 plugins/sudoers/defaults.c:1108 +#: plugins/sudoers/editor.c:187 plugins/sudoers/env.c:262 +#: plugins/sudoers/exptilde.c:92 plugins/sudoers/filedigest.c:54 +#: plugins/sudoers/filedigest.c:70 plugins/sudoers/gc.c:57 +#: plugins/sudoers/group_plugin.c:133 plugins/sudoers/interfaces.c:72 +#: plugins/sudoers/iolog.c:609 plugins/sudoers/iolog.c:626 +#: plugins/sudoers/ldap.c:184 plugins/sudoers/ldap.c:422 +#: plugins/sudoers/ldap.c:432 plugins/sudoers/ldap.c:437 +#: plugins/sudoers/ldap.c:441 plugins/sudoers/ldap.c:453 +#: plugins/sudoers/ldap.c:744 plugins/sudoers/ldap.c:908 +#: plugins/sudoers/ldap.c:1281 plugins/sudoers/ldap.c:1709 +#: plugins/sudoers/ldap.c:1746 plugins/sudoers/ldap.c:1827 +#: plugins/sudoers/ldap.c:1962 plugins/sudoers/ldap.c:2063 +#: plugins/sudoers/ldap.c:2079 plugins/sudoers/ldap_conf.c:218 +#: plugins/sudoers/ldap_conf.c:249 plugins/sudoers/ldap_conf.c:301 +#: plugins/sudoers/ldap_conf.c:337 plugins/sudoers/ldap_conf.c:441 +#: plugins/sudoers/ldap_conf.c:456 plugins/sudoers/ldap_conf.c:553 +#: plugins/sudoers/ldap_conf.c:586 plugins/sudoers/ldap_conf.c:678 +#: plugins/sudoers/ldap_conf.c:760 plugins/sudoers/ldap_util.c:326 +#: plugins/sudoers/ldap_util.c:333 plugins/sudoers/ldap_util.c:648 +#: plugins/sudoers/linux_audit.c:86 plugins/sudoers/log_client.c:105 +#: plugins/sudoers/log_client.c:381 plugins/sudoers/log_client.c:686 +#: plugins/sudoers/log_client.c:704 plugins/sudoers/log_client.c:1413 +#: plugins/sudoers/log_client.c:1626 plugins/sudoers/log_client.c:1950 +#: plugins/sudoers/log_client.c:2007 plugins/sudoers/logging.c:100 +#: plugins/sudoers/logging.c:166 plugins/sudoers/logging.c:426 +#: plugins/sudoers/logging.c:446 plugins/sudoers/logging.c:527 +#: plugins/sudoers/match_command.c:286 plugins/sudoers/match_command.c:484 +#: plugins/sudoers/match_command.c:533 plugins/sudoers/match_command.c:604 +#: plugins/sudoers/match_command.c:650 plugins/sudoers/match_digest.c:93 +#: plugins/sudoers/parse.c:199 plugins/sudoers/parse.c:216 +#: plugins/sudoers/parse.c:236 plugins/sudoers/parse.c:253 +#: plugins/sudoers/parse.c:276 plugins/sudoers/parse.c:287 #: plugins/sudoers/parse_ldif.c:153 plugins/sudoers/parse_ldif.c:184 #: plugins/sudoers/parse_ldif.c:253 plugins/sudoers/parse_ldif.c:260 #: plugins/sudoers/parse_ldif.c:265 plugins/sudoers/parse_ldif.c:341 #: plugins/sudoers/parse_ldif.c:352 plugins/sudoers/parse_ldif.c:379 #: plugins/sudoers/parse_ldif.c:396 plugins/sudoers/parse_ldif.c:408 #: plugins/sudoers/parse_ldif.c:412 plugins/sudoers/parse_ldif.c:426 -#: plugins/sudoers/parse_ldif.c:594 plugins/sudoers/parse_ldif.c:624 -#: plugins/sudoers/parse_ldif.c:649 plugins/sudoers/parse_ldif.c:707 -#: plugins/sudoers/parse_ldif.c:724 plugins/sudoers/parse_ldif.c:752 -#: plugins/sudoers/parse_ldif.c:759 plugins/sudoers/policy.c:526 -#: plugins/sudoers/policy.c:874 plugins/sudoers/prompt.c:93 -#: plugins/sudoers/pwutil.c:194 plugins/sudoers/pwutil.c:265 -#: plugins/sudoers/pwutil.c:343 plugins/sudoers/pwutil.c:517 -#: plugins/sudoers/pwutil.c:581 plugins/sudoers/pwutil.c:652 -#: plugins/sudoers/pwutil.c:811 plugins/sudoers/pwutil.c:867 -#: plugins/sudoers/pwutil.c:911 plugins/sudoers/pwutil.c:968 -#: plugins/sudoers/sssd.c:145 plugins/sudoers/sssd.c:407 -#: plugins/sudoers/sssd.c:470 plugins/sudoers/sssd.c:514 -#: plugins/sudoers/sssd.c:561 plugins/sudoers/sssd.c:754 -#: plugins/sudoers/stubs.c:110 plugins/sudoers/stubs.c:118 -#: plugins/sudoers/sudoers.c:300 plugins/sudoers/sudoers.c:326 -#: plugins/sudoers/sudoers.c:370 plugins/sudoers/sudoers.c:381 -#: plugins/sudoers/sudoers.c:391 plugins/sudoers/sudoers.c:433 -#: plugins/sudoers/sudoers.c:794 plugins/sudoers/sudoers.c:927 -#: plugins/sudoers/sudoers.c:961 plugins/sudoers/sudoers.c:1265 -#: plugins/sudoers/sudoreplay.c:552 plugins/sudoers/sudoreplay.c:555 -#: plugins/sudoers/sudoreplay.c:1259 plugins/sudoers/sudoreplay.c:1469 -#: plugins/sudoers/sudoreplay.c:1473 plugins/sudoers/testsudoers.c:128 -#: plugins/sudoers/testsudoers.c:228 plugins/sudoers/testsudoers.c:245 -#: plugins/sudoers/testsudoers.c:587 plugins/sudoers/timestamp.c:432 -#: plugins/sudoers/timestamp.c:476 plugins/sudoers/timestamp.c:986 -#: plugins/sudoers/toke_util.c:51 plugins/sudoers/toke_util.c:104 -#: plugins/sudoers/toke_util.c:129 plugins/sudoers/toke_util.c:157 -#: plugins/sudoers/tsdump.c:123 plugins/sudoers/visudo.c:145 -#: plugins/sudoers/visudo.c:323 plugins/sudoers/visudo.c:329 -#: plugins/sudoers/visudo.c:439 plugins/sudoers/visudo.c:615 -#: plugins/sudoers/visudo.c:935 plugins/sudoers/visudo.c:1008 -#: plugins/sudoers/visudo.c:1129 toke.l:913 toke.l:1033 toke.l:1091 +#: plugins/sudoers/parse_ldif.c:483 plugins/sudoers/parse_ldif.c:596 +#: plugins/sudoers/parse_ldif.c:626 plugins/sudoers/parse_ldif.c:651 +#: plugins/sudoers/parse_ldif.c:709 plugins/sudoers/parse_ldif.c:726 +#: plugins/sudoers/parse_ldif.c:754 plugins/sudoers/parse_ldif.c:761 +#: plugins/sudoers/policy.c:543 plugins/sudoers/policy.c:890 +#: plugins/sudoers/prompt.c:93 plugins/sudoers/pwutil.c:195 +#: plugins/sudoers/pwutil.c:266 plugins/sudoers/pwutil.c:344 +#: plugins/sudoers/pwutil.c:518 plugins/sudoers/pwutil.c:583 +#: plugins/sudoers/pwutil.c:655 plugins/sudoers/pwutil.c:853 +#: plugins/sudoers/pwutil.c:909 plugins/sudoers/pwutil.c:953 +#: plugins/sudoers/pwutil.c:1010 plugins/sudoers/sssd.c:145 +#: plugins/sudoers/sssd.c:407 plugins/sudoers/sssd.c:470 +#: plugins/sudoers/sssd.c:514 plugins/sudoers/sssd.c:561 +#: plugins/sudoers/sssd.c:754 plugins/sudoers/strvec_join.c:53 +#: plugins/sudoers/stubs.c:111 plugins/sudoers/stubs.c:119 +#: plugins/sudoers/sudoers.c:299 plugins/sudoers/sudoers.c:325 +#: plugins/sudoers/sudoers.c:374 plugins/sudoers/sudoers.c:384 +#: plugins/sudoers/sudoers.c:425 plugins/sudoers/sudoers.c:787 +#: plugins/sudoers/sudoers.c:922 plugins/sudoers/sudoers.c:975 +#: plugins/sudoers/sudoers.c:1241 plugins/sudoers/sudoreplay.c:552 +#: plugins/sudoers/sudoreplay.c:555 plugins/sudoers/sudoreplay.c:1259 +#: plugins/sudoers/sudoreplay.c:1469 plugins/sudoers/sudoreplay.c:1473 +#: plugins/sudoers/testsudoers.c:120 plugins/sudoers/testsudoers.c:224 +#: plugins/sudoers/testsudoers.c:241 plugins/sudoers/testsudoers.c:580 +#: plugins/sudoers/timestamp.c:424 plugins/sudoers/timestamp.c:468 +#: plugins/sudoers/timestamp.c:980 plugins/sudoers/timestamp.c:1118 +#: plugins/sudoers/toke_util.c:77 plugins/sudoers/toke_util.c:105 +#: plugins/sudoers/toke_util.c:130 plugins/sudoers/toke_util.c:155 +#: plugins/sudoers/toke_util.c:193 plugins/sudoers/tsdump.c:123 +#: plugins/sudoers/visudo.c:143 plugins/sudoers/visudo.c:321 +#: plugins/sudoers/visudo.c:327 plugins/sudoers/visudo.c:433 +#: plugins/sudoers/visudo.c:609 plugins/sudoers/visudo.c:926 +#: plugins/sudoers/visudo.c:999 toke.l:928 toke.l:1057 toke.l:1117 msgid "unable to allocate memory" msgstr "kan inte allokera minne" -#: gram.y:552 +#: gram.y:613 msgid "a digest requires a path name" msgstr "en kontrollsumma kräver ett sökvägsnamn" -#: gram.y:581 +#: gram.y:643 msgid "values for \"CWD\" must start with a '/', '~', or '*'" msgstr "värden för ”CWD” måste börja med ett ”/”, ”~” eller ”*”" -#: gram.y:593 +#: gram.y:655 msgid "values for \"CHROOT\" must start with a '/', '~', or '*'" msgstr "värden för ”CHROOT” måste börja med ett ”/”, ”~” eller ”*”" -#: gram.y:715 +#: gram.y:786 #, c-format msgid "syntax error, reserved word %s used as an alias name" msgstr "syntaxfel, reserverat ord %s använt som ett aliasnamn" -#: gram.y:735 +#: gram.y:809 msgid "invalid notbefore value" msgstr "ogiltigt notbefore-värde" -#: gram.y:743 +#: gram.y:818 msgid "invalid notafter value" msgstr "ogiltigt notafter-värde" -#: gram.y:752 plugins/sudoers/policy.c:335 +#: gram.y:828 plugins/sudoers/policy.c:339 msgid "timeout value too large" msgstr "tidsgränsvärde för stort" -#: gram.y:754 plugins/sudoers/policy.c:337 +#: gram.y:830 plugins/sudoers/policy.c:341 msgid "invalid timeout value" msgstr "ogiltigt värde för tidsgräns" -#: gram.y:1079 +#: gram.y:1185 #, c-format msgid "%s:%d:%d: %s\n" msgstr "%s:%d:%d: %s\n" -#: gram.y:1526 lib/eventlog/eventlog.c:280 lib/eventlog/eventlog.c:753 -#: lib/eventlog/eventlog.c:815 lib/eventlog/eventlog.c:816 -#: lib/eventlog/eventlog.c:1062 lib/iolog/iolog_fileio.c:998 -#: lib/iolog/iolog_json.c:120 lib/iolog/iolog_json.c:304 -#: lib/iolog/iolog_json.c:335 lib/iolog/iolog_json.c:457 -#: lib/iolog/iolog_json.c:735 lib/iolog/iolog_util.c:106 -#: lib/iolog/iolog_util.c:115 lib/iolog/iolog_util.c:125 -#: lib/iolog/iolog_util.c:133 lib/iolog/iolog_util.c:137 -#: lib/iolog/iolog_util.c:196 logsrvd/logsrvd.c:1280 logsrvd/logsrvd.c:1293 -#: logsrvd/logsrvd.c:1338 logsrvd/sendlog.c:480 logsrvd/sendlog.c:1321 -#: logsrvd/sendlog.c:1328 logsrvd/sendlog.c:1746 plugins/sudoers/audit.c:115 -#: plugins/sudoers/audit.c:210 plugins/sudoers/auth/pam.c:482 -#: plugins/sudoers/auth/pam.c:669 plugins/sudoers/auth/rfc1938.c:111 -#: plugins/sudoers/cvtsudoers.c:119 plugins/sudoers/cvtsudoers.c:159 -#: plugins/sudoers/cvtsudoers.c:176 plugins/sudoers/cvtsudoers.c:187 -#: plugins/sudoers/cvtsudoers.c:299 plugins/sudoers/cvtsudoers.c:427 -#: plugins/sudoers/cvtsudoers.c:560 plugins/sudoers/cvtsudoers.c:577 -#: plugins/sudoers/cvtsudoers.c:641 plugins/sudoers/cvtsudoers.c:756 -#: plugins/sudoers/cvtsudoers.c:763 plugins/sudoers/cvtsudoers.c:1178 -#: plugins/sudoers/cvtsudoers.c:1182 plugins/sudoers/cvtsudoers.c:1284 -#: plugins/sudoers/cvtsudoers_json.c:75 plugins/sudoers/cvtsudoers_ldif.c:150 -#: plugins/sudoers/cvtsudoers_ldif.c:193 plugins/sudoers/cvtsudoers_ldif.c:234 -#: plugins/sudoers/cvtsudoers_ldif.c:299 plugins/sudoers/cvtsudoers_ldif.c:370 -#: plugins/sudoers/cvtsudoers_ldif.c:420 plugins/sudoers/cvtsudoers_ldif.c:428 -#: plugins/sudoers/cvtsudoers_ldif.c:439 plugins/sudoers/cvtsudoers_ldif.c:446 -#: plugins/sudoers/cvtsudoers_ldif.c:459 plugins/sudoers/cvtsudoers_ldif.c:467 -#: plugins/sudoers/cvtsudoers_ldif.c:614 plugins/sudoers/defaults.c:630 -#: plugins/sudoers/defaults.c:923 plugins/sudoers/defaults.c:1098 -#: plugins/sudoers/editor.c:181 plugins/sudoers/env.c:261 -#: plugins/sudoers/exptilde.c:92 plugins/sudoers/filedigest.c:54 -#: plugins/sudoers/filedigest.c:70 plugins/sudoers/gc.c:56 -#: plugins/sudoers/group_plugin.c:132 plugins/sudoers/interfaces.c:72 -#: plugins/sudoers/iolog.c:596 plugins/sudoers/iolog.c:613 -#: plugins/sudoers/ldap.c:184 plugins/sudoers/ldap.c:422 -#: plugins/sudoers/ldap.c:432 plugins/sudoers/ldap.c:437 -#: plugins/sudoers/ldap.c:441 plugins/sudoers/ldap.c:453 -#: plugins/sudoers/ldap.c:744 plugins/sudoers/ldap.c:908 -#: plugins/sudoers/ldap.c:1281 plugins/sudoers/ldap.c:1709 -#: plugins/sudoers/ldap.c:1746 plugins/sudoers/ldap.c:1827 -#: plugins/sudoers/ldap.c:1962 plugins/sudoers/ldap.c:2063 -#: plugins/sudoers/ldap.c:2079 plugins/sudoers/ldap_conf.c:218 -#: plugins/sudoers/ldap_conf.c:249 plugins/sudoers/ldap_conf.c:301 -#: plugins/sudoers/ldap_conf.c:337 plugins/sudoers/ldap_conf.c:441 -#: plugins/sudoers/ldap_conf.c:456 plugins/sudoers/ldap_conf.c:553 -#: plugins/sudoers/ldap_conf.c:586 plugins/sudoers/ldap_conf.c:677 -#: plugins/sudoers/ldap_conf.c:760 plugins/sudoers/ldap_util.c:325 -#: plugins/sudoers/ldap_util.c:332 plugins/sudoers/ldap_util.c:603 -#: plugins/sudoers/linux_audit.c:84 plugins/sudoers/log_client.c:105 -#: plugins/sudoers/log_client.c:214 plugins/sudoers/log_client.c:235 -#: plugins/sudoers/log_client.c:248 plugins/sudoers/log_client.c:381 -#: plugins/sudoers/log_client.c:688 plugins/sudoers/log_client.c:706 -#: plugins/sudoers/log_client.c:1407 plugins/sudoers/log_client.c:1620 -#: plugins/sudoers/log_client.c:1942 plugins/sudoers/log_client.c:1999 -#: plugins/sudoers/logging.c:100 plugins/sudoers/logging.c:165 -#: plugins/sudoers/logging.c:166 plugins/sudoers/logging.c:425 -#: plugins/sudoers/logging.c:445 plugins/sudoers/logging.c:527 -#: plugins/sudoers/match_command.c:280 plugins/sudoers/match_command.c:448 -#: plugins/sudoers/match_command.c:498 plugins/sudoers/match_command.c:573 +#: gram.y:1229 +#, c-format +msgid "Alias \"%s\" already defined" +msgstr "Aliaset ”%s” är redan definierat" + +#: gram.y:1650 gram.y:1700 lib/eventlog/eventlog.c:260 +#: lib/eventlog/eventlog.c:733 lib/eventlog/eventlog.c:795 +#: lib/eventlog/eventlog.c:796 lib/eventlog/eventlog.c:1053 +#: lib/iolog/iolog_json.c:125 lib/iolog/iolog_json.c:329 +#: lib/iolog/iolog_json.c:360 lib/iolog/iolog_json.c:503 +#: lib/iolog/iolog_legacy.c:100 lib/iolog/iolog_legacy.c:111 +#: lib/iolog/iolog_legacy.c:123 lib/iolog/iolog_legacy.c:133 +#: lib/iolog/iolog_legacy.c:139 lib/iolog/iolog_loginfo.c:76 +#: lib/iolog/iolog_loginfo.c:210 logsrvd/sendlog.c:500 logsrvd/sendlog.c:1343 +#: logsrvd/sendlog.c:1350 logsrvd/sendlog.c:1545 logsrvd/tls_init.c:221 +#: logsrvd/tls_init.c:242 logsrvd/tls_init.c:252 plugins/sudoers/audit.c:115 +#: plugins/sudoers/audit.c:263 plugins/sudoers/auth/pam.c:505 +#: plugins/sudoers/auth/pam.c:692 plugins/sudoers/auth/rfc1938.c:111 +#: plugins/sudoers/check_aliases.c:95 plugins/sudoers/cvtsudoers.c:119 +#: plugins/sudoers/cvtsudoers.c:159 plugins/sudoers/cvtsudoers.c:176 +#: plugins/sudoers/cvtsudoers.c:187 plugins/sudoers/cvtsudoers.c:299 +#: plugins/sudoers/cvtsudoers.c:427 plugins/sudoers/cvtsudoers.c:560 +#: plugins/sudoers/cvtsudoers.c:577 plugins/sudoers/cvtsudoers.c:646 +#: plugins/sudoers/cvtsudoers.c:761 plugins/sudoers/cvtsudoers.c:768 +#: plugins/sudoers/cvtsudoers.c:1183 plugins/sudoers/cvtsudoers.c:1187 +#: plugins/sudoers/cvtsudoers.c:1289 plugins/sudoers/cvtsudoers_json.c:75 +#: plugins/sudoers/cvtsudoers_ldif.c:150 plugins/sudoers/cvtsudoers_ldif.c:193 +#: plugins/sudoers/cvtsudoers_ldif.c:234 plugins/sudoers/cvtsudoers_ldif.c:299 +#: plugins/sudoers/cvtsudoers_ldif.c:370 plugins/sudoers/cvtsudoers_ldif.c:420 +#: plugins/sudoers/cvtsudoers_ldif.c:428 plugins/sudoers/cvtsudoers_ldif.c:439 +#: plugins/sudoers/cvtsudoers_ldif.c:446 plugins/sudoers/cvtsudoers_ldif.c:459 +#: plugins/sudoers/cvtsudoers_ldif.c:467 plugins/sudoers/cvtsudoers_ldif.c:614 +#: plugins/sudoers/defaults.c:638 plugins/sudoers/defaults.c:933 +#: plugins/sudoers/defaults.c:1108 plugins/sudoers/editor.c:187 +#: plugins/sudoers/env.c:262 plugins/sudoers/exptilde.c:92 +#: plugins/sudoers/filedigest.c:54 plugins/sudoers/filedigest.c:70 +#: plugins/sudoers/gc.c:57 plugins/sudoers/group_plugin.c:132 +#: plugins/sudoers/interfaces.c:72 plugins/sudoers/iolog.c:609 +#: plugins/sudoers/iolog.c:626 plugins/sudoers/ldap.c:184 +#: plugins/sudoers/ldap.c:422 plugins/sudoers/ldap.c:432 +#: plugins/sudoers/ldap.c:437 plugins/sudoers/ldap.c:441 +#: plugins/sudoers/ldap.c:453 plugins/sudoers/ldap.c:744 +#: plugins/sudoers/ldap.c:908 plugins/sudoers/ldap.c:1281 +#: plugins/sudoers/ldap.c:1709 plugins/sudoers/ldap.c:1746 +#: plugins/sudoers/ldap.c:1827 plugins/sudoers/ldap.c:1962 +#: plugins/sudoers/ldap.c:2063 plugins/sudoers/ldap.c:2079 +#: plugins/sudoers/ldap_conf.c:218 plugins/sudoers/ldap_conf.c:249 +#: plugins/sudoers/ldap_conf.c:301 plugins/sudoers/ldap_conf.c:337 +#: plugins/sudoers/ldap_conf.c:441 plugins/sudoers/ldap_conf.c:456 +#: plugins/sudoers/ldap_conf.c:553 plugins/sudoers/ldap_conf.c:586 +#: plugins/sudoers/ldap_conf.c:677 plugins/sudoers/ldap_conf.c:760 +#: plugins/sudoers/ldap_util.c:325 plugins/sudoers/ldap_util.c:332 +#: plugins/sudoers/ldap_util.c:648 plugins/sudoers/linux_audit.c:86 +#: plugins/sudoers/log_client.c:105 plugins/sudoers/log_client.c:214 +#: plugins/sudoers/log_client.c:235 plugins/sudoers/log_client.c:248 +#: plugins/sudoers/log_client.c:381 plugins/sudoers/log_client.c:686 +#: plugins/sudoers/log_client.c:704 plugins/sudoers/log_client.c:1413 +#: plugins/sudoers/log_client.c:1626 plugins/sudoers/log_client.c:1950 +#: plugins/sudoers/log_client.c:2007 plugins/sudoers/logging.c:100 +#: plugins/sudoers/logging.c:165 plugins/sudoers/logging.c:166 +#: plugins/sudoers/logging.c:425 plugins/sudoers/logging.c:445 +#: plugins/sudoers/logging.c:527 plugins/sudoers/match_command.c:285 +#: plugins/sudoers/match_command.c:483 plugins/sudoers/match_command.c:532 +#: plugins/sudoers/match_command.c:604 plugins/sudoers/match_command.c:649 #: plugins/sudoers/match_digest.c:93 plugins/sudoers/parse.c:198 -#: plugins/sudoers/parse.c:212 plugins/sudoers/parse.c:229 -#: plugins/sudoers/parse.c:243 plugins/sudoers/parse.c:263 -#: plugins/sudoers/parse.c:274 plugins/sudoers/parse_ldif.c:152 +#: plugins/sudoers/parse.c:215 plugins/sudoers/parse.c:235 +#: plugins/sudoers/parse.c:252 plugins/sudoers/parse.c:275 +#: plugins/sudoers/parse.c:286 plugins/sudoers/parse_ldif.c:152 #: plugins/sudoers/parse_ldif.c:183 plugins/sudoers/parse_ldif.c:252 #: plugins/sudoers/parse_ldif.c:259 plugins/sudoers/parse_ldif.c:264 #: plugins/sudoers/parse_ldif.c:340 plugins/sudoers/parse_ldif.c:351 #: plugins/sudoers/parse_ldif.c:378 plugins/sudoers/parse_ldif.c:395 #: plugins/sudoers/parse_ldif.c:407 plugins/sudoers/parse_ldif.c:411 -#: plugins/sudoers/parse_ldif.c:425 plugins/sudoers/parse_ldif.c:594 -#: plugins/sudoers/parse_ldif.c:623 plugins/sudoers/parse_ldif.c:648 -#: plugins/sudoers/parse_ldif.c:706 plugins/sudoers/parse_ldif.c:723 -#: plugins/sudoers/parse_ldif.c:751 plugins/sudoers/parse_ldif.c:758 -#: plugins/sudoers/policy.c:139 plugins/sudoers/policy.c:148 -#: plugins/sudoers/policy.c:157 plugins/sudoers/policy.c:183 -#: plugins/sudoers/policy.c:320 plugins/sudoers/policy.c:335 -#: plugins/sudoers/policy.c:337 plugins/sudoers/policy.c:366 -#: plugins/sudoers/policy.c:375 plugins/sudoers/policy.c:418 -#: plugins/sudoers/policy.c:428 plugins/sudoers/policy.c:437 -#: plugins/sudoers/policy.c:446 plugins/sudoers/policy.c:526 -#: plugins/sudoers/policy.c:874 plugins/sudoers/prompt.c:93 -#: plugins/sudoers/pwutil.c:194 plugins/sudoers/pwutil.c:265 -#: plugins/sudoers/pwutil.c:343 plugins/sudoers/pwutil.c:517 -#: plugins/sudoers/pwutil.c:581 plugins/sudoers/pwutil.c:652 -#: plugins/sudoers/pwutil.c:811 plugins/sudoers/pwutil.c:867 -#: plugins/sudoers/pwutil.c:911 plugins/sudoers/pwutil.c:968 -#: plugins/sudoers/set_perms.c:359 plugins/sudoers/set_perms.c:698 -#: plugins/sudoers/set_perms.c:1061 plugins/sudoers/set_perms.c:1364 -#: plugins/sudoers/set_perms.c:1529 plugins/sudoers/sssd.c:144 -#: plugins/sudoers/sssd.c:407 plugins/sudoers/sssd.c:470 -#: plugins/sudoers/sssd.c:514 plugins/sudoers/sssd.c:561 -#: plugins/sudoers/sssd.c:754 plugins/sudoers/stubs.c:110 -#: plugins/sudoers/stubs.c:118 plugins/sudoers/sudoers.c:300 -#: plugins/sudoers/sudoers.c:326 plugins/sudoers/sudoers.c:370 -#: plugins/sudoers/sudoers.c:381 plugins/sudoers/sudoers.c:391 -#: plugins/sudoers/sudoers.c:433 plugins/sudoers/sudoers.c:794 -#: plugins/sudoers/sudoers.c:927 plugins/sudoers/sudoers.c:961 -#: plugins/sudoers/sudoers.c:1265 plugins/sudoers/sudoreplay.c:552 -#: plugins/sudoers/sudoreplay.c:555 plugins/sudoers/sudoreplay.c:1259 -#: plugins/sudoers/sudoreplay.c:1469 plugins/sudoers/sudoreplay.c:1473 -#: plugins/sudoers/testsudoers.c:128 plugins/sudoers/testsudoers.c:228 -#: plugins/sudoers/testsudoers.c:245 plugins/sudoers/testsudoers.c:587 -#: plugins/sudoers/timestamp.c:432 plugins/sudoers/timestamp.c:476 -#: plugins/sudoers/timestamp.c:986 plugins/sudoers/toke_util.c:51 -#: plugins/sudoers/toke_util.c:104 plugins/sudoers/toke_util.c:128 -#: plugins/sudoers/toke_util.c:157 plugins/sudoers/tsdump.c:123 -#: plugins/sudoers/visudo.c:145 plugins/sudoers/visudo.c:323 -#: plugins/sudoers/visudo.c:329 plugins/sudoers/visudo.c:439 -#: plugins/sudoers/visudo.c:615 plugins/sudoers/visudo.c:935 -#: plugins/sudoers/visudo.c:1008 plugins/sudoers/visudo.c:1129 toke.l:913 -#: toke.l:1033 toke.l:1091 +#: plugins/sudoers/parse_ldif.c:425 plugins/sudoers/parse_ldif.c:483 +#: plugins/sudoers/parse_ldif.c:596 plugins/sudoers/parse_ldif.c:625 +#: plugins/sudoers/parse_ldif.c:650 plugins/sudoers/parse_ldif.c:708 +#: plugins/sudoers/parse_ldif.c:725 plugins/sudoers/parse_ldif.c:753 +#: plugins/sudoers/parse_ldif.c:760 plugins/sudoers/policy.c:149 +#: plugins/sudoers/policy.c:158 plugins/sudoers/policy.c:167 +#: plugins/sudoers/policy.c:193 plugins/sudoers/policy.c:324 +#: plugins/sudoers/policy.c:339 plugins/sudoers/policy.c:341 +#: plugins/sudoers/policy.c:371 plugins/sudoers/policy.c:380 +#: plugins/sudoers/policy.c:428 plugins/sudoers/policy.c:438 +#: plugins/sudoers/policy.c:447 plugins/sudoers/policy.c:456 +#: plugins/sudoers/policy.c:543 plugins/sudoers/policy.c:890 +#: plugins/sudoers/prompt.c:93 plugins/sudoers/pwutil.c:195 +#: plugins/sudoers/pwutil.c:266 plugins/sudoers/pwutil.c:344 +#: plugins/sudoers/pwutil.c:518 plugins/sudoers/pwutil.c:583 +#: plugins/sudoers/pwutil.c:655 plugins/sudoers/pwutil.c:853 +#: plugins/sudoers/pwutil.c:909 plugins/sudoers/pwutil.c:953 +#: plugins/sudoers/pwutil.c:1010 plugins/sudoers/set_perms.c:359 +#: plugins/sudoers/set_perms.c:698 plugins/sudoers/set_perms.c:1061 +#: plugins/sudoers/set_perms.c:1364 plugins/sudoers/set_perms.c:1529 +#: plugins/sudoers/sssd.c:144 plugins/sudoers/sssd.c:407 +#: plugins/sudoers/sssd.c:470 plugins/sudoers/sssd.c:514 +#: plugins/sudoers/sssd.c:561 plugins/sudoers/sssd.c:754 +#: plugins/sudoers/strvec_join.c:53 plugins/sudoers/stubs.c:111 +#: plugins/sudoers/stubs.c:119 plugins/sudoers/sudoers.c:299 +#: plugins/sudoers/sudoers.c:325 plugins/sudoers/sudoers.c:374 +#: plugins/sudoers/sudoers.c:384 plugins/sudoers/sudoers.c:425 +#: plugins/sudoers/sudoers.c:787 plugins/sudoers/sudoers.c:922 +#: plugins/sudoers/sudoers.c:975 plugins/sudoers/sudoers.c:1241 +#: plugins/sudoers/sudoreplay.c:552 plugins/sudoers/sudoreplay.c:555 +#: plugins/sudoers/sudoreplay.c:1259 plugins/sudoers/sudoreplay.c:1469 +#: plugins/sudoers/sudoreplay.c:1473 plugins/sudoers/testsudoers.c:120 +#: plugins/sudoers/testsudoers.c:224 plugins/sudoers/testsudoers.c:241 +#: plugins/sudoers/testsudoers.c:580 plugins/sudoers/timestamp.c:424 +#: plugins/sudoers/timestamp.c:468 plugins/sudoers/timestamp.c:980 +#: plugins/sudoers/timestamp.c:1118 plugins/sudoers/toke_util.c:77 +#: plugins/sudoers/toke_util.c:105 plugins/sudoers/toke_util.c:130 +#: plugins/sudoers/toke_util.c:154 plugins/sudoers/toke_util.c:193 +#: plugins/sudoers/tsdump.c:123 plugins/sudoers/visudo.c:143 +#: plugins/sudoers/visudo.c:321 plugins/sudoers/visudo.c:327 +#: plugins/sudoers/visudo.c:433 plugins/sudoers/visudo.c:609 +#: plugins/sudoers/visudo.c:926 plugins/sudoers/visudo.c:999 toke.l:928 +#: toke.l:1057 toke.l:1109 toke.l:1117 #, c-format msgid "%s: %s" msgstr "%s: %s" -#: lib/eventlog/eventlog.c:285 lib/iolog/iolog_json.c:463 -#: lib/iolog/iolog_json.c:466 lib/iolog/iolog_json.c:468 -#: lib/iolog/iolog_json.c:560 plugins/sudoers/cvtsudoers_ldif.c:244 -#: plugins/sudoers/cvtsudoers_ldif.c:251 plugins/sudoers/cvtsudoers_ldif.c:571 -#: plugins/sudoers/env.c:323 plugins/sudoers/env.c:330 -#: plugins/sudoers/env.c:437 plugins/sudoers/iolog.c:618 -#: plugins/sudoers/ldap.c:517 plugins/sudoers/ldap.c:748 -#: plugins/sudoers/ldap.c:1081 plugins/sudoers/ldap_conf.c:222 -#: plugins/sudoers/ldap_conf.c:312 plugins/sudoers/linux_audit.c:90 -#: plugins/sudoers/policy.c:556 plugins/sudoers/policy.c:711 -#: plugins/sudoers/policy.c:721 plugins/sudoers/prompt.c:161 -#: plugins/sudoers/sudoers.c:983 plugins/sudoers/testsudoers.c:249 -#: plugins/sudoers/toke_util.c:169 +#: lib/eventlog/eventlog.c:265 lib/iolog/iolog_json.c:509 +#: lib/iolog/iolog_json.c:512 lib/iolog/iolog_json.c:514 +#: plugins/sudoers/cvtsudoers_ldif.c:244 plugins/sudoers/cvtsudoers_ldif.c:251 +#: plugins/sudoers/cvtsudoers_ldif.c:571 plugins/sudoers/env.c:326 +#: plugins/sudoers/env.c:333 plugins/sudoers/env.c:444 +#: plugins/sudoers/iolog.c:631 plugins/sudoers/ldap.c:517 +#: plugins/sudoers/ldap.c:748 plugins/sudoers/ldap.c:1081 +#: plugins/sudoers/ldap_conf.c:222 plugins/sudoers/ldap_conf.c:312 +#: plugins/sudoers/linux_audit.c:92 plugins/sudoers/policy.c:573 +#: plugins/sudoers/policy.c:728 plugins/sudoers/policy.c:738 +#: plugins/sudoers/prompt.c:161 plugins/sudoers/strvec_join.c:62 +#: plugins/sudoers/testsudoers.c:245 plugins/sudoers/toke_util.c:206 #, c-format msgid "internal error, %s overflow" msgstr "internt fel, %s spill" -#: lib/eventlog/eventlog.c:343 +#: lib/eventlog/eventlog.c:324 #, c-format msgid "unable to dup stdin: %m" msgstr "kan inte duplicera stdin: %m" -#: lib/eventlog/eventlog.c:388 +#: lib/eventlog/eventlog.c:366 #, c-format msgid "unable to execute %s: %m" msgstr "kan inte köra %s: %m" -#: lib/eventlog/eventlog.c:428 plugins/sudoers/auth/aix_auth.c:198 +#: lib/eventlog/eventlog.c:407 plugins/sudoers/auth/aix_auth.c:198 msgid "unable to fork" msgstr "kan inte grena process" -#: lib/eventlog/eventlog.c:436 lib/eventlog/eventlog.c:490 +#: lib/eventlog/eventlog.c:415 lib/eventlog/eventlog.c:469 #, c-format msgid "unable to fork: %m" msgstr "kan inte grena process: %m" -#: lib/eventlog/eventlog.c:480 +#: lib/eventlog/eventlog.c:459 #, c-format msgid "unable to open pipe: %m" msgstr "kan inte öppna rör: %m" -#: lib/eventlog/eventlog.c:894 +#: lib/eventlog/eventlog.c:882 #, c-format msgid "%8s : %s" msgstr "%8s : %s" -#: lib/eventlog/eventlog.c:923 +#: lib/eventlog/eventlog.c:911 #, c-format msgid "%8s : (command continued) %s" msgstr "%8s : (kommando fortsätter) %s" -#: lib/iolog/iolog_fileio.c:155 -#, c-format -msgid "%s exists but is not a directory (0%o)" -msgstr "%s finns men är inte en katalog (0%o)" - -#: lib/iolog/iolog_fileio.c:185 lib/iolog/iolog_fileio.c:231 -#: plugins/sudoers/timestamp.c:205 -#, c-format -msgid "unable to mkdir %s" -msgstr "kan inte skapa katalogen %s" - -#: lib/iolog/iolog_fileio.c:235 plugins/sudoers/visudo.c:732 -#: plugins/sudoers/visudo.c:743 -#, c-format -msgid "unable to change mode of %s to 0%o" -msgstr "kan inte ändra läge för %s till 0%o" - -#: lib/iolog/iolog_json.c:114 +#: lib/iolog/iolog_json.c:115 #, c-format msgid "expected JSON_STRING, got %d" msgstr "förväntade JSON_STRING, fick %d" -#: lib/iolog/iolog_json.c:327 +#: lib/iolog/iolog_json.c:120 +msgid "JSON_ARRAY too large" +msgstr "JSON_ARRAY för stor" + +#: lib/iolog/iolog_json.c:352 msgid "missing double quote in name" msgstr "saknar citationstecken i namn" -#: lib/iolog/iolog_json.c:414 +#: lib/iolog/iolog_json.c:449 +msgid "missing JSON_OBJECT" +msgstr "saknar JSON_OBJECT" + +#: lib/iolog/iolog_json.c:453 #, c-format msgid "expected JSON_OBJECT, got %d" msgstr "förväntade JSON_OBJECT, fick %d" -#: lib/iolog/iolog_json.c:629 lib/iolog/iolog_json.c:753 +#: lib/iolog/iolog_json.c:599 +#, c-format +msgid "json stack exhausted (max %u frames)" +msgstr "json-stack utarmad (max %u ramar)" + +#: lib/iolog/iolog_json.c:673 +msgid "objects must consist of name:value pairs" +msgstr "objekt måste bestå av namn:värde-par" + +#: lib/iolog/iolog_json.c:678 lib/iolog/iolog_json.c:709 +#: lib/iolog/iolog_json.c:753 lib/iolog/iolog_json.c:775 +#: lib/iolog/iolog_json.c:797 lib/iolog/iolog_json.c:819 +#: lib/iolog/iolog_json.c:841 +msgid "missing separator between values" +msgstr "saknar separator mellan värden" + +#: lib/iolog/iolog_json.c:693 lib/iolog/iolog_json.c:867 msgid "unmatched close brace" msgstr "omatchad avslutningsklammerparentes" -#: lib/iolog/iolog_json.c:638 +#: lib/iolog/iolog_json.c:704 msgid "unexpected array" -msgstr "oväntat array" +msgstr "oväntad array" -#: lib/iolog/iolog_json.c:651 lib/iolog/iolog_json.c:755 +#: lib/iolog/iolog_json.c:724 lib/iolog/iolog_json.c:870 msgid "unmatched close bracket" msgstr "omatchad avslutningsklammer" -#: lib/iolog/iolog_json.c:659 +#: lib/iolog/iolog_json.c:735 msgid "unexpected string" msgstr "oväntad sträng" -#: lib/iolog/iolog_json.c:669 +#: lib/iolog/iolog_json.c:746 msgid "missing colon after name" msgstr "saknar kolon efter namn" -#: lib/iolog/iolog_json.c:680 lib/iolog/iolog_json.c:695 -#: lib/iolog/iolog_json.c:710 +#: lib/iolog/iolog_json.c:767 lib/iolog/iolog_json.c:789 msgid "unexpected boolean" msgstr "oväntad boolean" -#: lib/iolog/iolog_json.c:726 +#: lib/iolog/iolog_json.c:811 +msgid "unexpected null" +msgstr "oväntat null" + +#: lib/iolog/iolog_json.c:832 msgid "unexpected number" msgstr "oväntat nummer" -#: lib/iolog/iolog_json.c:763 -#, c-format -msgid "%s:%u unable to parse \"%s\"" -msgstr "%s:%u kan inte tolka ”%s”" +#: lib/iolog/iolog_json.c:879 +msgid "parse error" +msgstr "tolkningsfel" -#: lib/iolog/iolog_util.c:71 +#: lib/iolog/iolog_legacy.c:65 #, c-format msgid "%s: invalid log file" msgstr "%s: ogiltig loggfil" -#: lib/iolog/iolog_util.c:89 +#: lib/iolog/iolog_legacy.c:83 #, c-format msgid "%s: time stamp field is missing" msgstr "%s: tidsstämpelfält saknas" -#: lib/iolog/iolog_util.c:95 +#: lib/iolog/iolog_legacy.c:89 #, c-format msgid "%s: time stamp %s: %s" msgstr "%s: tidsstämpel %s: %s" -#: lib/iolog/iolog_util.c:102 +#: lib/iolog/iolog_legacy.c:96 #, c-format msgid "%s: user field is missing" msgstr "%s: användarfältet saknas" -#: lib/iolog/iolog_util.c:111 +#: lib/iolog/iolog_legacy.c:107 #, c-format msgid "%s: runas user field is missing" msgstr "%s: runas-användarfältet saknas" -#: lib/iolog/iolog_util.c:120 +#: lib/iolog/iolog_legacy.c:118 #, c-format msgid "%s: runas group field is missing" msgstr "%s: runas-gruppfältet saknas" -#: lib/iolog/iolog_util.c:419 +#: lib/iolog/iolog_mkdirs.c:89 +#, c-format +msgid "%s exists but is not a directory (0%o)" +msgstr "%s finns men är inte en katalog (0%o)" + +#: lib/iolog/iolog_mkdirs.c:119 lib/iolog/iolog_mkdtemp.c:72 +#: plugins/sudoers/timestamp.c:205 +#, c-format +msgid "unable to mkdir %s" +msgstr "kan inte skapa katalogen %s" + +#: lib/iolog/iolog_mkdtemp.c:76 plugins/sudoers/visudo.c:726 +#: plugins/sudoers/visudo.c:737 +#, c-format +msgid "unable to change mode of %s to 0%o" +msgstr "kan inte ändra läge för %s till 0%o" + +#: lib/iolog/iolog_timing.c:255 #, c-format msgid "error reading timing file: %s" msgstr "fel vid inläsning av tidsmätningsfil: %s" -#: lib/iolog/iolog_util.c:426 +#: lib/iolog/iolog_timing.c:262 #, c-format msgid "invalid timing file line: %s" msgstr "ogiltig rad i tidsmätningsfil: %s" -#: logsrvd/iolog_writer.c:919 -msgid "log is already complete, cannot be restarted" -msgstr "logg är redan komplett, kan inte startas om" - -#: logsrvd/iolog_writer.c:950 -msgid "unable to restart log" -msgstr "kan inte starta om logg" - #: logsrvd/logsrv_util.c:99 logsrvd/logsrv_util.c:106 #: plugins/sudoers/sudoreplay.c:352 plugins/sudoers/sudoreplay.c:358 #, c-format @@ -488,141 +518,62 @@ msgid "unable to find resume point [%lld, %ld] in %s/%s" msgstr "kan inte hitta omstartspunkt [%lld, %ld] i %s/%s" -#: logsrvd/logsrvd.c:290 logsrvd/logsrvd.c:353 logsrvd/logsrvd.c:394 -#: logsrvd/logsrvd.c:449 logsrvd/logsrvd.c:517 logsrvd/logsrvd.c:568 -#: logsrvd/logsrvd.c:600 logsrvd/logsrvd.c:632 +#: logsrvd/logsrvd.c:434 logsrvd/logsrvd.c:473 logsrvd/logsrvd.c:507 +#: logsrvd/logsrvd.c:557 logsrvd/logsrvd.c:632 logsrvd/logsrvd.c:664 +#: logsrvd/logsrvd.c:696 logsrvd/logsrvd.c:726 logsrvd/logsrvd_relay.c:511 +#: logsrvd/logsrvd_relay.c:544 msgid "state machine error" msgstr "fel i tillståndsmaskin" -#: logsrvd/logsrvd.c:299 +#: logsrvd/logsrvd.c:443 msgid "invalid AcceptMessage" msgstr "ogiltigt AcceptMessage" -#: logsrvd/logsrvd.c:307 -msgid "error parsing AcceptMessage" -msgstr "fel vid tolkning av AcceptMessage" - -#: logsrvd/logsrvd.c:314 -msgid "error creating I/O log" -msgstr "fel vid skapande av I/O-logg" - -#: logsrvd/logsrvd.c:321 -msgid "error logging accept event" -msgstr "fel vid loggning av acceptanshändelse" - -#: logsrvd/logsrvd.c:362 +#: logsrvd/logsrvd.c:482 msgid "invalid RejectMessage" msgstr "ogiltigt RejectMessage" -#: logsrvd/logsrvd.c:370 -msgid "error parsing RejectMessage" -msgstr "fel vid tolkning av RejectMessage" - -#: logsrvd/logsrvd.c:376 -msgid "error logging reject event" -msgstr "fel vid loggning av avböjningshändelse" - -#: logsrvd/logsrvd.c:486 +#: logsrvd/logsrvd.c:593 msgid "invalid AlertMessage" msgstr "ogiltigt AlertMessage" -#: logsrvd/logsrvd.c:494 -msgid "error parsing AlertMessage" -msgstr "fel vid tolkning av AlertMessage" - -#: logsrvd/logsrvd.c:502 -msgid "error logging alert event" -msgstr "fel vid loggning av alarmhändelse" - -#: logsrvd/logsrvd.c:523 logsrvd/logsrvd.c:574 logsrvd/logsrvd.c:606 +#: logsrvd/logsrvd.c:638 logsrvd/logsrvd.c:670 logsrvd/logsrvd.c:702 msgid "protocol error" msgstr "protokollfel" -#: logsrvd/logsrvd.c:533 -msgid "error writing IoBuffer" -msgstr "fel vid skrivning av IoBuffer" - -#: logsrvd/logsrvd.c:585 -msgid "error writing ChangeWindowSize" -msgstr "fel vid skrivning av ChangeWindowSize" - -#: logsrvd/logsrvd.c:617 -msgid "error writing CommandSuspend" -msgstr "fel vid skrivning av CommandSuspend" - -#: logsrvd/logsrvd.c:702 +#: logsrvd/logsrvd.c:797 msgid "unrecognized ClientMessage type" msgstr "okänd ClientMessage-typ" -#: logsrvd/logsrvd.c:967 +#: logsrvd/logsrvd.c:1082 logsrvd/logsrvd_journal.c:238 msgid "client message too large" msgstr "klientmeddelande för stort" -#: logsrvd/logsrvd.c:1197 logsrvd/logsrvd.c:1205 -#, c-format -msgid "unable to set TLS 1.2 ciphersuite to %s: %s" -msgstr "kan inte ställa in TLS 1.2-krypteringssvit till %s: %s" - -#: logsrvd/logsrvd.c:1225 logsrvd/logsrvd.c:1233 -#, c-format -msgid "unable to set TLS 1.3 ciphersuite to %s: %s" -msgstr "kan inte ställa in TLS 1.3-krypteringssvit till %s: %s" - -#: logsrvd/logsrvd.c:1269 -#, c-format -msgid "unable to get TLS server method: %s" -msgstr "kan inte hämta TLS-servermetod: %s" - -#: logsrvd/logsrvd.c:1274 -#, c-format -msgid "unable to create TLS context: %s" -msgstr "kan inte skapa TLS-kontext: %s" - -#: logsrvd/logsrvd.c:1281 plugins/sudoers/log_client.c:236 -#, c-format -msgid "unable to load certificate %s" -msgstr "kan inte läsa in certifikat %s" - -#: logsrvd/logsrvd.c:1294 plugins/sudoers/log_client.c:216 -#, c-format -msgid "unable to load certificate authority bundle %s" -msgstr "kan inte läsa in certifikatauktoritetsbunt %s" - -#: logsrvd/logsrvd.c:1339 plugins/sudoers/log_client.c:249 -#, c-format -msgid "unable to load private key %s" -msgstr "kan inte läsa in privat nyckel %s" +#: logsrvd/logsrvd.c:1102 +msgid "invalid ClientMessage" +msgstr "ogiltigt ClientMessage" -#: logsrvd/logsrvd.c:1356 logsrvd/logsrvd.c:1365 -#, c-format -msgid "unable to set diffie-hellman parameters: %s" -msgstr "kunde inte sätta diffie-hellman-parametrar: %s" - -#: logsrvd/logsrvd.c:1378 -#, c-format -msgid "unable to set minimum protocol version to TLS 1.2: %s" -msgstr "kunde inte sätta minsta protokollversion till TLS 1.2: %s" - -#: logsrvd/logsrvd.c:1563 +#: logsrvd/logsrvd.c:1408 msgid "unable to get remote IP addr" msgstr "kan inte hämta fjärr-IP-adress" -#: logsrvd/logsrvd.c:1591 plugins/sudoers/log_client.c:263 +#: logsrvd/logsrvd.c:1436 logsrvd/tls_client.c:203 +#: plugins/sudoers/log_client.c:263 #, c-format msgid "Unable to attach user data to the ssl object: %s" msgstr "Kan inte fästa användardata på ssl-objektet: %s" -#: logsrvd/logsrvd.c:1599 logsrvd/logsrvd.c:1721 logsrvd/logsrvd.c:1823 -#: logsrvd/sendlog.c:1125 logsrvd/sendlog.c:1481 logsrvd/sendlog.c:1496 -#: logsrvd/sendlog.c:1554 plugins/sudoers/iolog.c:956 -#: plugins/sudoers/iolog.c:1089 plugins/sudoers/iolog.c:1187 +#: logsrvd/logsrvd.c:1444 logsrvd/logsrvd.c:1570 logsrvd/logsrvd.c:1755 +#: logsrvd/sendlog.c:1146 logsrvd/tls_client.c:138 logsrvd/tls_client.c:154 +#: logsrvd/tls_client.c:216 plugins/sudoers/iolog.c:969 +#: plugins/sudoers/iolog.c:1102 plugins/sudoers/iolog.c:1200 #: plugins/sudoers/log_client.c:109 plugins/sudoers/log_client.c:324 #: plugins/sudoers/log_client.c:340 plugins/sudoers/log_client.c:386 -#: plugins/sudoers/log_client.c:587 plugins/sudoers/log_client.c:594 -#: plugins/sudoers/log_client.c:1103 plugins/sudoers/log_client.c:1376 -#: plugins/sudoers/log_client.c:1417 plugins/sudoers/log_client.c:1425 -#: plugins/sudoers/log_client.c:1576 plugins/sudoers/log_client.c:1692 -#: plugins/sudoers/log_client.c:2007 plugins/sudoers/log_client.c:2015 +#: plugins/sudoers/log_client.c:585 plugins/sudoers/log_client.c:592 +#: plugins/sudoers/log_client.c:1109 plugins/sudoers/log_client.c:1382 +#: plugins/sudoers/log_client.c:1423 plugins/sudoers/log_client.c:1431 +#: plugins/sudoers/log_client.c:1582 plugins/sudoers/log_client.c:1698 +#: plugins/sudoers/log_client.c:2015 plugins/sudoers/log_client.c:2023 #: plugins/sudoers/sudoreplay.c:512 plugins/sudoers/sudoreplay.c:559 #: plugins/sudoers/sudoreplay.c:791 plugins/sudoers/sudoreplay.c:903 #: plugins/sudoers/sudoreplay.c:993 plugins/sudoers/sudoreplay.c:1008 @@ -632,280 +583,462 @@ msgid "unable to add event to queue" msgstr "kan inte lägga till händelse till kö" -#: logsrvd/logsrvd.c:1775 logsrvd/logsrvd.c:2011 -msgid "unable setup listen socket" -msgstr "kan inte ställa in lyssningsuttag" +#: logsrvd/logsrvd.c:1620 logsrvd/logsrvd.c:1953 +msgid "unable to setup listen socket" +msgstr "det går inte att ställa in lyssningsuttag" + +#: logsrvd/logsrvd.c:1855 +msgid "sudo log server" +msgstr "sudo-loggserver" + +#: logsrvd/logsrvd.c:1857 logsrvd/sendlog.c:122 +msgid "Options:" +msgstr "Alternativ:" + +#: logsrvd/logsrvd.c:1859 +msgid "path to configuration file" +msgstr "sökväg till konfigurationsfil" + +#: logsrvd/logsrvd.c:1861 logsrvd/sendlog.c:124 +msgid "display help message and exit" +msgstr "visa hjälpmeddelande och avsluta" + +#: logsrvd/logsrvd.c:1863 +msgid "do not fork, run in the foreground" +msgstr "grena inte, kör i förgrunden" + +#: logsrvd/logsrvd.c:1865 +msgid "percent chance connections will drop" +msgstr "procents chans att anslutningar slängs" + +#: logsrvd/logsrvd.c:1867 logsrvd/sendlog.c:152 +msgid "display version information and exit" +msgstr "visa versionsinformation och avsluta" -#: logsrvd/logsrvd.c:1917 logsrvd/sendlog.c:124 -#, c-format -msgid "" -"%s - send sudo I/O log to remote server\n" -"\n" -msgstr "" -"%s - skicka sudo I/O-logg till fjärrserver\n" -"\n" - -#: logsrvd/logsrvd.c:1920 -msgid "" -"\n" -"Options:\n" -" -f, --file path to configuration file\n" -" -h --help display help message and exit\n" -" -n, --no-fork do not fork, run in the foreground\n" -" -R, --random-drop percent chance connections will drop\n" -" -V, --version display version information and exit\n" -msgstr "" -"\n" -"Flaggor:\n" -" -f, --file sökväg till konfigurationsfil\n" -" -h --help visa hjälptext och avslutan\n" -" -n, --no-fork grena inte, kör i förgrunden\n" -" -R, --random-drop antal procents chans att anslutningar bryts\n" -" -V, --version visa versionsinformation och avsluta\n" - -#: logsrvd/logsrvd.c:1972 logsrvd/sendlog.c:1719 +#: logsrvd/logsrvd.c:1917 logsrvd/sendlog.c:1518 msgid "Protobuf-C version 1.3 or higher required" msgstr "Protobuf-C version 1.3 eller högre krävs" -#: logsrvd/logsrvd.c:1990 +#: logsrvd/logsrvd.c:1933 #, c-format msgid "invalid random drop value: %s" msgstr "ogiltigt slumpmässigt avbrottsvärde: %s" -#: logsrvd/logsrvd.c:1994 logsrvd/sendlog.c:1769 +#: logsrvd/logsrvd.c:1936 logsrvd/sendlog.c:1568 #: plugins/sudoers/cvtsudoers.c:228 plugins/sudoers/sudoreplay.c:299 -#: plugins/sudoers/visudo.c:177 +#: plugins/sudoers/visudo.c:175 #, c-format msgid "%s version %s\n" msgstr "%s version %s\n" -#: logsrvd/logsrvd_conf.c:331 +#: logsrvd/logsrvd_conf.c:446 msgid "TLS not supported" msgstr "TLS stöds inte" -#: logsrvd/logsrvd_conf.c:343 +#: logsrvd/logsrvd_conf.c:468 #, c-format msgid "%s:%s" msgstr "%s:%s" -#: logsrvd/logsrvd_conf.c:409 logsrvd/logsrvd_conf.c:653 +#: logsrvd/logsrvd_conf.c:541 logsrvd/logsrvd_conf.c:876 #, c-format msgid "%s: not a fully qualified path" msgstr "%s: inte fullständigt kvalificerad sökväg" -#: logsrvd/logsrvd_conf.c:767 +#: logsrvd/logsrvd_conf.c:1035 #, c-format msgid "%s:%d unmatched '[': %s" msgstr "%s:%d omatchad ”[”: %s" -#: logsrvd/logsrvd_conf.c:778 +#: logsrvd/logsrvd_conf.c:1046 #, c-format msgid "%s:%d invalid config section: %s" msgstr "%s:%d ogiltigt konfigurationsavsnitt: %s" -#: logsrvd/logsrvd_conf.c:786 +#: logsrvd/logsrvd_conf.c:1054 #, c-format msgid "%s:%d invalid configuration line: %s" msgstr "%s:%d ogiltig konfigurationsrad: %s" -#: logsrvd/logsrvd_conf.c:792 +#: logsrvd/logsrvd_conf.c:1060 #, c-format msgid "%s:%d expected section name: %s" msgstr "%s:%d avsnittsnamn förväntades: %s" -#: logsrvd/logsrvd_conf.c:806 +#: logsrvd/logsrvd_conf.c:1074 #, c-format msgid "invalid value for %s: %s" msgstr "ogiltigt värde för %s: %s" -#: logsrvd/logsrvd_conf.c:814 +#: logsrvd/logsrvd_conf.c:1082 #, c-format msgid "%s:%d unknown key: %s" msgstr "%s:%d okänd nyckel: %s" -#: logsrvd/logsrvd_conf.c:1003 +#: logsrvd/logsrvd_conf.c:1294 #, c-format msgid "unknown syslog facility %s" msgstr "okänd syslog-funktionalitet: %s" -#: logsrvd/logsrvd_conf.c:1007 logsrvd/logsrvd_conf.c:1011 -#: logsrvd/logsrvd_conf.c:1015 +#: logsrvd/logsrvd_conf.c:1298 logsrvd/logsrvd_conf.c:1302 +#: logsrvd/logsrvd_conf.c:1306 #, c-format msgid "unknown syslog priority %s" msgstr "okänd syslog-prioritet: %s" -#: logsrvd/sendlog.c:127 -msgid "" -"\n" -"Options:\n" -" --help display help message and exit\n" -" -A, --accept only send an accept event (no I/O)\n" -" -h, --host host to send logs to\n" -" -i, --iolog_id remote ID of I/O log to be resumed\n" -" -p, --port port to use when connecting to host\n" -" -r, --restart restart previous I/O log transfer\n" -" -R, --reject reject the command with the given reason\n" -" -b, --ca-bundle certificate bundle file to verify server's cert against\n" -" -c, --cert certificate file for TLS handshake\n" -" -k, --key private key file\n" -" -n, --no-verify do not verify server certificate\n" -" -t, --test test audit server by sending selected I/O log n times in parallel\n" -" -V, --version display version information and exit\n" -msgstr "" -"\n" -"Flaggor:\n" -" --help visa hjälpmeddelande och avsluta\n" -" -A, --accept skicka endast en accepteringshändelse (ingen I/O)\n" -" -h, --host värd att skicka loggar till\n" -" -i, --iolog_id fjärr-ID för I/O-logg som ska återupptas\n" -" -p, --port port att använda vid anslutning till värd\n" -" -r, --restart start om förgående överföring av I/O-logg\n" -" -R, --reject avböj kommandot med angiven anledning\n" -" -b, --ca-bundle certifikatbuntfil att verifiera serverns certifikat mot\n" -" -c, --cert certifikatfil för TLS-handskakning\n" -" -k, --key privat nyckelfil\n" -" -n, --no-verify verifiera inter servercertifikat\n" -" -t, --test testa granskningsserver genom att skicka valda I/O-loggmeddelanden parallellt n gånger\n" -" -V, --version visa versionsinformation och avsluta\n" +#: logsrvd/logsrvd_conf.c:1374 +msgid "unable to initialize server TLS context" +msgstr "kan inte initiera TLS-serverkontext" + +#: logsrvd/logsrvd_conf.c:1394 +msgid "unable to initialize relay TLS context" +msgstr "kan inte initiera TLS-reläkontext" + +#: logsrvd/logsrvd_journal.c:126 logsrvd/logsrvd_journal.c:367 +#: logsrvd/logsrvd_journal.c:373 +msgid "unable to create journal file" +msgstr "kan inte skapa journalfil" + +#: logsrvd/logsrvd_journal.c:134 +msgid "unable to lock journal file" +msgstr "kan inte låsa journalfil" + +#: logsrvd/logsrvd_journal.c:163 logsrvd/logsrvd_journal.c:406 +#: logsrvd/logsrvd_journal.c:411 +msgid "unable to write journal file" +msgstr "kan inte skriva journalfil" + +#: logsrvd/logsrvd_journal.c:171 logsrvd/logsrvd_journal.c:178 +msgid "unable to rename journal file" +msgstr "kan inte byta namn på journalfil" + +#: logsrvd/logsrvd_journal.c:228 logsrvd/logsrvd_journal.c:258 +msgid "unexpected EOF reading journal file" +msgstr "oväntat filslut vid läsning av journalfil" + +#: logsrvd/logsrvd_journal.c:230 logsrvd/logsrvd_journal.c:260 +msgid "error reading journal file" +msgstr "fel vid inläsning av journalfil" + +#: logsrvd/logsrvd_journal.c:270 logsrvd/logsrvd_journal.c:325 +msgid "invalid journal file, unable to restart" +msgstr "ogiltig journalfil, kunde inte starta om" + +#: logsrvd/logsrvd_local.c:149 +msgid "error parsing AcceptMessage" +msgstr "fel vid tolkning av AcceptMessage" + +#: logsrvd/logsrvd_local.c:156 +msgid "error creating I/O log" +msgstr "fel vid skapande av I/O-logg" + +#: logsrvd/logsrvd_local.c:164 +msgid "error logging accept event" +msgstr "fel vid loggning av acceptanshändelse" + +#: logsrvd/logsrvd_local.c:196 +msgid "error parsing RejectMessage" +msgstr "fel vid tolkning av RejectMessage" + +#: logsrvd/logsrvd_local.c:202 +msgid "error logging reject event" +msgstr "fel vid loggning av avböjningshändelse" + +#: logsrvd/logsrvd_local.c:276 +msgid "log is already complete, cannot be restarted" +msgstr "logg är redan komplett, kan inte startas om" + +#: logsrvd/logsrvd_local.c:307 +msgid "unable to restart log" +msgstr "kan inte starta om logg" + +#: logsrvd/logsrvd_local.c:322 +msgid "error parsing AlertMessage" +msgstr "fel vid tolkning av AlertMessage" + +#: logsrvd/logsrvd_local.c:330 +msgid "error logging alert event" +msgstr "fel vid loggning av alarmhändelse" + +#: logsrvd/logsrvd_local.c:397 +msgid "error writing IoBuffer" +msgstr "fel vid skrivning av IoBuffer" + +#: logsrvd/logsrvd_local.c:434 +msgid "error writing ChangeWindowSize" +msgstr "fel vid skrivning av ChangeWindowSize" + +#: logsrvd/logsrvd_local.c:474 +msgid "error writing CommandSuspend" +msgstr "fel vid skrivning av CommandSuspend" + +#: logsrvd/logsrvd_relay.c:434 +msgid "TLS handshake with relay host failed" +msgstr "TLS-handskakning med relävärd misslyckades" + +#: logsrvd/logsrvd_relay.c:462 +msgid "unable to connect to relay host" +msgstr "kan inte ansluta till relävärd" + +#: logsrvd/logsrvd_relay.c:519 logsrvd/sendlog.c:951 +#: plugins/sudoers/log_client.c:1466 +msgid "invalid ServerHello" +msgstr "ogiltigt ServerHello" -#: logsrvd/sendlog.c:164 plugins/sudoers/log_client.c:432 +#: logsrvd/logsrvd_relay.c:677 +msgid "unrecognized ServerMessage type" +msgstr "okänd ServerMessage-typ" + +#: logsrvd/logsrvd_relay.c:709 +msgid "timeout reading from relay" +msgstr "tidsgräns passerad vid läsning från relä" + +#: logsrvd/logsrvd_relay.c:761 +msgid "relay host name does not match certificate" +msgstr "relävärdnamnet matchar inte certifikatet" + +#: logsrvd/logsrvd_relay.c:765 logsrvd/logsrvd_relay.c:786 +#: logsrvd/logsrvd_relay.c:794 +msgid "error reading from relay" +msgstr "fel vid läsning från relä" + +#: logsrvd/logsrvd_relay.c:817 +msgid "unable to read from relay" +msgstr "kan inte läsa från relä" + +#: logsrvd/logsrvd_relay.c:831 logsrvd/logsrvd_relay.c:951 +msgid "relay server closed connection" +msgstr "reläserver stängde anslutningen" + +#: logsrvd/logsrvd_relay.c:850 +msgid "server message too large" +msgstr "servermeddelandet för stort" + +#: logsrvd/logsrvd_relay.c:915 +msgid "timeout writing to relay" +msgstr "tidsgräns passerad vid skrivning till relä" + +#: logsrvd/logsrvd_relay.c:973 logsrvd/logsrvd_relay.c:981 +#: logsrvd/logsrvd_relay.c:993 +msgid "error writing to relay" +msgstr "fel vid skrivning till relä" + +#: logsrvd/sendlog.c:120 +msgid "send sudo I/O log to remote server" +msgstr "skicka sudo I/O-logg till fjärrserver" + +#: logsrvd/sendlog.c:126 +msgid "only send an accept event (no I/O)" +msgstr "skicka endast en accepteringshändelse (ingen I/O)" + +#: logsrvd/sendlog.c:129 +msgid "certificate bundle file to verify server's cert against" +msgstr "certifikatbuntfil för att verifiera serverns certifikat mot" + +#: logsrvd/sendlog.c:131 +msgid "certificate file for TLS handshake" +msgstr "certifikatfil för TLS-handskakning" + +#: logsrvd/sendlog.c:134 +msgid "host to send logs to" +msgstr "värd att skicka loggar till" + +#: logsrvd/sendlog.c:136 +msgid "remote ID of I/O log to be resumed" +msgstr "fjärr-ID för I/O-logg som ska återupptas" + +#: logsrvd/sendlog.c:139 +msgid "private key file" +msgstr "privat nyckelfil" + +#: logsrvd/sendlog.c:141 +msgid "do not verify server certificate" +msgstr "verifiera inte servercertifikat" + +#: logsrvd/sendlog.c:144 +msgid "port to use when connecting to host" +msgstr "port som ska användas när du ansluter till värd" + +#: logsrvd/sendlog.c:146 +msgid "restart previous I/O log transfer" +msgstr "starta om tidigare I/O-loggöverföring" + +#: logsrvd/sendlog.c:148 +msgid "reject the command with the given reason" +msgstr "avvisa kommandot med angiven anledning" + +#: logsrvd/sendlog.c:150 +msgid "test audit server by sending selected I/O log n times in parallel" +msgstr "testa granskningsservern genom att skicka utvalda I/O-loggar n gånger parallellt" + +#: logsrvd/sendlog.c:175 plugins/sudoers/log_client.c:432 #, c-format msgid "unable to look up %s:%s: %s" msgstr "kan inte slå upp %s:%s: %s" -#: logsrvd/sendlog.c:202 +#: logsrvd/sendlog.c:213 msgid "unable to get server IP addr" msgstr "kan inte hämta server-IP-adress" -#: logsrvd/sendlog.c:256 plugins/sudoers/sudoreplay.c:851 +#: logsrvd/sendlog.c:267 plugins/sudoers/sudoreplay.c:851 #, c-format msgid "unable to read %s/%s: %s" msgstr "kan inte läsa %s/%s: %s" -#: logsrvd/sendlog.c:277 plugins/sudoers/log_client.c:694 +#: logsrvd/sendlog.c:288 plugins/sudoers/log_client.c:692 #, c-format msgid "client message too large: %zu" msgstr "klientmeddelande för stort: %zu" -#: logsrvd/sendlog.c:810 +#: logsrvd/sendlog.c:830 #, c-format msgid "%s: write buffer already in use" msgstr "%s: skrivbuffert används redan" -#: logsrvd/sendlog.c:862 plugins/sudoers/iolog.c:880 -#: plugins/sudoers/iolog.c:949 +#: logsrvd/sendlog.c:882 plugins/sudoers/iolog.c:893 +#: plugins/sudoers/iolog.c:962 #, c-format msgid "unexpected I/O event %d" msgstr "oväntad I/O-händelse %d" -#: logsrvd/sendlog.c:908 logsrvd/sendlog.c:925 logsrvd/sendlog.c:959 -#: plugins/sudoers/log_client.c:1118 plugins/sudoers/log_client.c:1386 -#: plugins/sudoers/log_client.c:1454 plugins/sudoers/log_client.c:1490 +#: logsrvd/sendlog.c:928 logsrvd/sendlog.c:945 logsrvd/sendlog.c:979 +#: plugins/sudoers/log_client.c:1124 plugins/sudoers/log_client.c:1392 +#: plugins/sudoers/log_client.c:1460 plugins/sudoers/log_client.c:1496 #, c-format msgid "%s: unexpected state %d" msgstr "%s: oväntat tillstånd %d" -#: logsrvd/sendlog.c:931 plugins/sudoers/log_client.c:1460 -msgid "invalid ServerHello" -msgstr "ogiltigt ServerHello" - -#: logsrvd/sendlog.c:995 plugins/sudoers/log_client.c:1534 +#: logsrvd/sendlog.c:1015 plugins/sudoers/log_client.c:1540 #, c-format msgid "error message received from server: %s" msgstr "felmeddelande mottaget från server: %s" -#: logsrvd/sendlog.c:1008 plugins/sudoers/log_client.c:1547 +#: logsrvd/sendlog.c:1028 plugins/sudoers/log_client.c:1553 #, c-format msgid "abort message received from server: %s" msgstr "avbrottsmeddelande mottaget från server: %s" -#: logsrvd/sendlog.c:1027 plugins/sudoers/log_client.c:1566 +#: logsrvd/sendlog.c:1047 plugins/sudoers/log_client.c:1572 msgid "unable to unpack ServerMessage" msgstr "kan inte packa upp ServerMessage" -#: logsrvd/sendlog.c:1067 plugins/sudoers/log_client.c:1597 +#: logsrvd/sendlog.c:1087 plugins/sudoers/log_client.c:1603 #, c-format msgid "%s: unexpected type_case value %d" msgstr "%s: oväntat type_case-värde %d" -#: logsrvd/sendlog.c:1096 +#: logsrvd/sendlog.c:1116 msgid "timeout reading from server" msgstr "tidsgräns passerad vid läsning från server" -#: logsrvd/sendlog.c:1174 +#: logsrvd/sendlog.c:1195 msgid "premature EOF" msgstr "oväntad EOF" -#: logsrvd/sendlog.c:1187 plugins/sudoers/log_client.c:1751 +#: logsrvd/sendlog.c:1208 plugins/sudoers/log_client.c:1761 #, c-format msgid "server message too large: %u" msgstr "servermeddelande för långt: %u" -#: logsrvd/sendlog.c:1238 +#: logsrvd/sendlog.c:1259 msgid "timeout writing to server" msgstr "tidsgräns passerad vid skrivning till server" -#: logsrvd/sendlog.c:1457 plugins/sudoers/log_client.c:296 +#: logsrvd/sendlog.c:1591 +msgid "both restart point and iolog ID must be specified" +msgstr "både omstartspunkt och iolog-ID måste anges" + +#: logsrvd/sendlog.c:1595 +msgid "a restart point may not be set when no I/O is sent" +msgstr "en omstartspunkt får inte sättas när ingen I/O skickas" + +#: logsrvd/sendlog.c:1671 +#, c-format +msgid "exited prematurely with state %d" +msgstr "avslutade oväntat i tillstånd %d" + +#: logsrvd/sendlog.c:1672 +#, c-format +msgid "elapsed time sent to server [%lld, %ld]" +msgstr "förfluten tid skickad till server [%lld, %ld]" + +#: logsrvd/sendlog.c:1674 +#, c-format +msgid "commit point received from server [%lld, %ld]" +msgstr "incheckningspunkt mottagen från server [%lld, %ld]" + +#: logsrvd/tls_client.c:113 plugins/sudoers/log_client.c:296 msgid "TLS handshake timeout occurred" msgstr "Tidsgräns för TLS-handskakning uppnådd" -#: logsrvd/sendlog.c:1476 logsrvd/sendlog.c:1491 +#: logsrvd/tls_client.c:133 logsrvd/tls_client.c:149 #: plugins/sudoers/log_client.c:318 plugins/sudoers/log_client.c:334 msgid "unable to set event" msgstr "kan inte ställa in händelse" -#: logsrvd/sendlog.c:1501 logsrvd/sendlog.c:1505 +#: logsrvd/tls_client.c:159 logsrvd/tls_client.c:163 #, c-format msgid "TLS connection failed: %s" msgstr "TLS-anslutning misslyckades: %s" -#: logsrvd/sendlog.c:1538 +#: logsrvd/tls_client.c:197 #, c-format -msgid "Unable to initialize ssl context: %s" -msgstr "Kan inte initiera ssl-kontext: %s" +msgid "unable to allocate ssl object: %s" +msgstr "kan inte allokera ssl-objekt: %s" -#: logsrvd/sendlog.c:1543 plugins/sudoers/log_client.c:258 -#, c-format -msgid "Unable to allocate ssl object: %s" -msgstr "Kan inte allokera ssl-objekt: %s" - -#: logsrvd/sendlog.c:1548 +#: logsrvd/tls_client.c:210 #, c-format msgid "Unable to attach socket to the ssl object: %s" msgstr "Kan inte fästa kontakt på ssl-objektet: %s" -#: logsrvd/sendlog.c:1792 -msgid "both restart point and iolog ID must be specified" -msgstr "både omstartspunkt och iolog-ID måste anges" +#: logsrvd/tls_client.c:238 +msgid "unable to initialize TLS context" +msgstr "kan inte initiera TLS-kontext" -#: logsrvd/sendlog.c:1796 -msgid "a restart point may not be set when no I/O is sent" -msgstr "en omstartspunkt får inte sättas när ingen I/O skickas" +#: logsrvd/tls_init.c:129 logsrvd/tls_init.c:137 +#, c-format +msgid "unable to set TLS 1.2 ciphersuite to %s: %s" +msgstr "kan inte ställa in TLS 1.2-krypteringssvit till %s: %s" -#: logsrvd/sendlog.c:1871 +#: logsrvd/tls_init.c:157 logsrvd/tls_init.c:165 #, c-format -msgid "exited prematurely with state %d" -msgstr "avslutade oväntat i tillstånd %d" +msgid "unable to set TLS 1.3 ciphersuite to %s: %s" +msgstr "kan inte ställa in TLS 1.3-krypteringssvit till %s: %s" -#: logsrvd/sendlog.c:1872 +#: logsrvd/tls_init.c:200 #, c-format -msgid "elapsed time sent to server [%lld, %ld]" -msgstr "förfluten tid skickad till server [%lld, %ld]" +msgid "unable to create TLS context: %s" +msgstr "kan inte skapa TLS-kontext: %s" -#: logsrvd/sendlog.c:1874 +#: logsrvd/tls_init.c:206 #, c-format -msgid "commit point received from server [%lld, %ld]" -msgstr "incheckningspunkt mottagen från server [%lld, %ld]" +msgid "unable to set minimum protocol version to TLS 1.2: %s" +msgstr "kunde inte sätta minsta protokollversion till TLS 1.2: %s" -#: plugins/sudoers/alias.c:148 +#: logsrvd/tls_init.c:282 #, c-format -msgid "Alias \"%s\" already defined" -msgstr "Aliaset ”%s” är redan definierat" +msgid "unable to set diffie-hellman parameters: %s" +msgstr "kunde inte sätta diffie-hellman-parametrar: %s" + +#: logsrvd/tls_init.c:291 +#, c-format +msgid "unable to read diffie-hellman parameters: %s" +msgstr "kunde inte läsa diffie-hellman-parametrar: %s" + +#: logsrvd/tls_init.c:296 plugins/sudoers/check.c:274 +#: plugins/sudoers/cvtsudoers.c:618 plugins/sudoers/cvtsudoers.c:639 +#: plugins/sudoers/cvtsudoers.c:1249 plugins/sudoers/cvtsudoers_json.c:872 +#: plugins/sudoers/cvtsudoers_ldif.c:688 plugins/sudoers/sudoers.c:1028 +#: plugins/sudoers/sudoreplay.c:1435 plugins/sudoers/timestamp.c:433 +#: plugins/sudoers/tsdump.c:128 plugins/sudoers/visudo.c:913 +#, c-format +msgid "unable to open %s" +msgstr "kan inte öppna %s" -#: plugins/sudoers/audit.c:206 plugins/sudoers/audit.c:343 -#: plugins/sudoers/log_client.c:954 plugins/sudoers/log_client.c:1002 -#: plugins/sudoers/log_client.c:1050 plugins/sudoers/log_client.c:1175 -#: plugins/sudoers/logging.c:548 plugins/sudoers/policy.c:114 +#: plugins/sudoers/audit.c:259 plugins/sudoers/audit.c:398 +#: plugins/sudoers/log_client.c:960 plugins/sudoers/log_client.c:1008 +#: plugins/sudoers/log_client.c:1056 plugins/sudoers/log_client.c:1181 +#: plugins/sudoers/logging.c:548 plugins/sudoers/policy.c:120 msgid "unable to get time of day" msgstr "kan inte hämta tid på dagen" @@ -1011,38 +1144,38 @@ msgid "unable to initialize PAM: %s" msgstr "kan inte initiera PAM: %s" -#: plugins/sudoers/auth/pam.c:317 +#: plugins/sudoers/auth/pam.c:340 #, c-format msgid "PAM authentication error: %s" msgstr "PAM-autentiseringsfel: %s" -#: plugins/sudoers/auth/pam.c:336 +#: plugins/sudoers/auth/pam.c:359 msgid "account validation failure, is your account locked?" msgstr "kontovalidering misslyckades. Är ditt konto låst?" -#: plugins/sudoers/auth/pam.c:347 +#: plugins/sudoers/auth/pam.c:370 msgid "Account or password is expired, reset your password and try again" msgstr "Kontot eller lösenordet har gått ut. Återställ ditt lösenord och försök igen" -#: plugins/sudoers/auth/pam.c:353 +#: plugins/sudoers/auth/pam.c:376 #, c-format msgid "unable to change expired password: %s" msgstr "kan inte ändra utgånget lösenord: %s" -#: plugins/sudoers/auth/pam.c:364 +#: plugins/sudoers/auth/pam.c:387 msgid "Password expired, contact your system administrator" msgstr "Lösenordet har gått ut. Kontakta din systemadministratör" -#: plugins/sudoers/auth/pam.c:369 +#: plugins/sudoers/auth/pam.c:392 msgid "Account expired or PAM config lacks an \"account\" section for sudo, contact your system administrator" msgstr "Konto utgånget eller så saknar PAM-konfigurationen ett ”account”-avsnitt för sudo, kontakta din systemadministratör" -#: plugins/sudoers/auth/pam.c:377 plugins/sudoers/auth/pam.c:382 +#: plugins/sudoers/auth/pam.c:400 plugins/sudoers/auth/pam.c:405 #, c-format msgid "PAM account management error: %s" msgstr "Fel vid hantering av PAM-konto: %s" -#: plugins/sudoers/auth/rfc1938.c:99 plugins/sudoers/visudo.c:243 +#: plugins/sudoers/auth/rfc1938.c:99 plugins/sudoers/visudo.c:241 #, c-format msgid "you do not exist in the %s database" msgstr "du finns inte i %s-databasen" @@ -1115,7 +1248,17 @@ msgid "unable to commit audit record" msgstr "kan inte bekräfta granskningsberättelse" -#: plugins/sudoers/check.c:258 +#: plugins/sudoers/check.c:264 +#, c-format +msgid "error reading lecture file %s" +msgstr "fel vid inläsning av lektionsfil %s" + +#: plugins/sudoers/check.c:270 +#, c-format +msgid "ignoring lecture file %s: not a regular file" +msgstr "hoppar över lektionsfil %s: inte en vanlig fil" + +#: plugins/sudoers/check.c:283 msgid "" "\n" "We trust you have received the usual lecture from the local System\n" @@ -1135,21 +1278,41 @@ " #3) Med stor makt kommer ett stort ansvar.\n" "\n" -#: plugins/sudoers/check.c:301 plugins/sudoers/check.c:311 -#: plugins/sudoers/sudoers.c:837 plugins/sudoers/sudoers.c:858 +#: plugins/sudoers/check.c:325 plugins/sudoers/check.c:335 +#: plugins/sudoers/sudoers.c:830 plugins/sudoers/sudoers.c:851 #: plugins/sudoers/tsdump.c:119 #, c-format msgid "unknown uid: %u" msgstr "okänt uid: %u" -#: plugins/sudoers/check.c:306 plugins/sudoers/exptilde.c:85 -#: plugins/sudoers/iolog.c:118 plugins/sudoers/policy.c:1088 -#: plugins/sudoers/sudoers.c:440 plugins/sudoers/sudoers.c:1307 -#: plugins/sudoers/testsudoers.c:219 plugins/sudoers/testsudoers.c:386 +#: plugins/sudoers/check.c:330 plugins/sudoers/exptilde.c:85 +#: plugins/sudoers/iolog.c:118 plugins/sudoers/policy.c:1123 +#: plugins/sudoers/sudoers.c:432 plugins/sudoers/sudoers.c:1283 +#: plugins/sudoers/testsudoers.c:215 plugins/sudoers/testsudoers.c:382 #, c-format msgid "unknown user: %s" msgstr "okänd användare: %s" +#: plugins/sudoers/check_aliases.c:56 +#, c-format +msgid "Error: %s:%d:%d: cycle in %s \"%s\"" +msgstr "Fel: %s:%d:%d: cykel i %s ”%s”" + +#: plugins/sudoers/check_aliases.c:57 +#, c-format +msgid "Warning: %s:%d:%d: cycle in %s \"%s\"" +msgstr "Varning: %s:%d:%d: cykel i %s ”%s”" + +#: plugins/sudoers/check_aliases.c:61 +#, c-format +msgid "Error: %s:%d:%d: %s \"%s\" referenced but not defined" +msgstr "Fel: %s:%d:%d: %s ”%s” refererad till men inte definierad" + +#: plugins/sudoers/check_aliases.c:62 +#, c-format +msgid "Warning: %s:%d:%d: %s \"%s\" referenced but not defined" +msgstr "Varning: %s:%d:%d: %s ”%s” refererad till men inte definierad" + #: plugins/sudoers/cvtsudoers.c:194 #, c-format msgid "order increment: %s: %s" @@ -1165,12 +1328,12 @@ msgid "order padding: %s: %s" msgstr "ordningsutfyllnad: %s: %s" -#: plugins/sudoers/cvtsudoers.c:230 plugins/sudoers/visudo.c:179 +#: plugins/sudoers/cvtsudoers.c:230 plugins/sudoers/visudo.c:177 #, c-format msgid "%s grammar version %d\n" msgstr "%s grammatikversion %d\n" -#: plugins/sudoers/cvtsudoers.c:247 plugins/sudoers/testsudoers.c:167 +#: plugins/sudoers/cvtsudoers.c:247 plugins/sudoers/testsudoers.c:159 #, c-format msgid "unsupported input format %s" msgstr "inmatningsformat %s stöds inte" @@ -1185,9 +1348,9 @@ msgid "%s: input and output files must be different" msgstr "%s: in- och utmatningsfiler måste vara olika" -#: plugins/sudoers/cvtsudoers.c:330 plugins/sudoers/sudoers.c:178 -#: plugins/sudoers/testsudoers.c:258 plugins/sudoers/visudo.c:249 -#: plugins/sudoers/visudo.c:603 plugins/sudoers/visudo.c:926 +#: plugins/sudoers/cvtsudoers.c:330 plugins/sudoers/sudoers.c:177 +#: plugins/sudoers/testsudoers.c:254 plugins/sudoers/visudo.c:247 +#: plugins/sudoers/visudo.c:597 plugins/sudoers/visudo.c:917 msgid "unable to initialize sudoers default values" msgstr "kan inte initiera sudoers standardvärden" @@ -1216,37 +1379,28 @@ msgid "invalid filter: %s" msgstr "ogiltigt filter: %s" -#: plugins/sudoers/cvtsudoers.c:617 plugins/sudoers/cvtsudoers.c:634 -#: plugins/sudoers/cvtsudoers.c:1244 plugins/sudoers/cvtsudoers_json.c:872 -#: plugins/sudoers/cvtsudoers_ldif.c:688 plugins/sudoers/sudoers.c:1053 -#: plugins/sudoers/sudoreplay.c:1435 plugins/sudoers/timestamp.c:441 -#: plugins/sudoers/tsdump.c:128 plugins/sudoers/visudo.c:922 -#, c-format -msgid "unable to open %s" -msgstr "kan inte öppna %s" - -#: plugins/sudoers/cvtsudoers.c:637 plugins/sudoers/visudo.c:931 +#: plugins/sudoers/cvtsudoers.c:642 plugins/sudoers/visudo.c:922 #, c-format msgid "failed to parse %s file, unknown error" msgstr "misslyckades med att tolka %s-filen, okänt fel" -#: plugins/sudoers/cvtsudoers.c:645 +#: plugins/sudoers/cvtsudoers.c:650 #, c-format msgid "parse error in %s near line %d\n" msgstr "tolkningsfel i %s nära rad %d\n" -#: plugins/sudoers/cvtsudoers.c:648 +#: plugins/sudoers/cvtsudoers.c:653 #, c-format msgid "parse error in %s\n" msgstr "tolkningsfel i %s\n" -#: plugins/sudoers/cvtsudoers.c:1291 plugins/sudoers/sudoreplay.c:1124 -#: plugins/sudoers/timestamp.c:325 plugins/sudoers/timestamp.c:328 +#: plugins/sudoers/cvtsudoers.c:1296 plugins/sudoers/sudoreplay.c:1124 +#: plugins/sudoers/timestamp.c:317 plugins/sudoers/timestamp.c:320 #, c-format msgid "unable to write to %s" msgstr "kan inte skriva till %s" -#: plugins/sudoers/cvtsudoers.c:1314 +#: plugins/sudoers/cvtsudoers.c:1319 #, c-format msgid "" "%s - convert between sudoers file formats\n" @@ -1255,7 +1409,7 @@ "%s - konvertera mellan sudoers filformat\n" "\n" -#: plugins/sudoers/cvtsudoers.c:1316 +#: plugins/sudoers/cvtsudoers.c:1321 msgid "" "\n" "Options:\n" @@ -1901,6 +2055,15 @@ msgid "The format of logs to produce: %s" msgstr "Formatet för loggarna som ska produceras: %s" +#: plugins/sudoers/def_data.c:574 +msgid "Enable SELinux RBAC support" +msgstr "Aktivera SELinux RBAC-stöd" + +#: plugins/sudoers/def_data.c:578 +#, c-format +msgid "Path to the file that is created the first time sudo is run: %s" +msgstr "Sökväg till filen som skapas första gången sudo körs: %s" + #: plugins/sudoers/defaults.c:185 #, c-format msgid "%s:%d:%d: unknown defaults entry \"%s\"" @@ -1951,35 +2114,35 @@ msgid "%s: value \"%s\" is invalid for option \"%s\"" msgstr "%s: värdet ”%s” är ogiltigt för flaggan ”%s”" -#: plugins/sudoers/defaults.c:1030 +#: plugins/sudoers/defaults.c:1040 #, c-format msgid "%s:%d:%d: values for \"%s\" must start with a '/', '~', or '*'" msgstr "%s:%d:%d: värden för ”%s” måste börja med ett ”/”, ”~” eller ”*”" -#: plugins/sudoers/defaults.c:1034 +#: plugins/sudoers/defaults.c:1044 #, c-format msgid "%s: values for \"%s\" must start with a '/', '~', or '*'" msgstr "%s: värden för ”%s” måste börja med ett ”/”, ”~” eller ”*”" -#: plugins/sudoers/defaults.c:1045 +#: plugins/sudoers/defaults.c:1055 #, c-format msgid "%s:%d:%d: values for \"%s\" must start with a '/'" msgstr "%s:%d:%d: värden för ”%s” måste börja med ett ”/”" -#: plugins/sudoers/defaults.c:1049 +#: plugins/sudoers/defaults.c:1059 #, c-format msgid "%s: values for \"%s\" must start with a '/'" msgstr "%s: värden för ”%s” måste börja med ett ”/”" -#: plugins/sudoers/env.c:405 +#: plugins/sudoers/env.c:412 msgid "sudo_putenv: corrupted envp, length mismatch" msgstr "sudo_putenv: trasig envp, längd stämmer inte" -#: plugins/sudoers/env.c:1133 +#: plugins/sudoers/env.c:1095 msgid "unable to rebuild the environment" msgstr "kan inte återuppbygga miljön" -#: plugins/sudoers/env.c:1207 +#: plugins/sudoers/env.c:1169 #, c-format msgid "sorry, you are not allowed to set the following environment variables: %s" msgstr "du får inte lov att ställa in följande miljövariabler: %s" @@ -2043,42 +2206,42 @@ msgid "Local IP address and netmask pairs:\n" msgstr "Lokala IP-adress- och nätmaskpar:\n" -#: plugins/sudoers/iolog.c:143 plugins/sudoers/sudoers.c:445 -#: plugins/sudoers/sudoers.c:1341 plugins/sudoers/testsudoers.c:410 +#: plugins/sudoers/iolog.c:143 plugins/sudoers/sudoers.c:437 +#: plugins/sudoers/sudoers.c:1317 plugins/sudoers/testsudoers.c:406 #, c-format msgid "unknown group: %s" msgstr "okänd grupp: %s" -#: plugins/sudoers/iolog.c:622 +#: plugins/sudoers/iolog.c:635 msgid "unable to update sequence file" msgstr "kan inte uppdatera sekvensfil" -#: plugins/sudoers/iolog.c:653 plugins/sudoers/iolog.c:841 -#: plugins/sudoers/iolog.c:994 plugins/sudoers/iolog.c:1001 -#: plugins/sudoers/iolog.c:1122 plugins/sudoers/iolog.c:1129 -#: plugins/sudoers/iolog.c:1228 plugins/sudoers/iolog.c:1235 +#: plugins/sudoers/iolog.c:666 plugins/sudoers/iolog.c:854 +#: plugins/sudoers/iolog.c:1007 plugins/sudoers/iolog.c:1014 +#: plugins/sudoers/iolog.c:1135 plugins/sudoers/iolog.c:1142 +#: plugins/sudoers/iolog.c:1241 plugins/sudoers/iolog.c:1248 #, c-format msgid "unable to write to I/O log file: %s" msgstr "kan inte skriva till I/O-loggfil: %s" -#: plugins/sudoers/iolog.c:661 +#: plugins/sudoers/iolog.c:674 #, c-format msgid "unable to create %s/%s" msgstr "kan inte skapa %s/%s" -#: plugins/sudoers/iolog.c:886 +#: plugins/sudoers/iolog.c:899 #, c-format msgid "%s: internal error, I/O log file for event %d not open" msgstr "%s: internt fel, I/O-loggfil för händelse %d inte öppen" -#: plugins/sudoers/iolog.c:979 plugins/sudoers/iolog.c:1107 -#: plugins/sudoers/iolog.c:1212 plugins/sudoers/timestamp.c:855 -#: plugins/sudoers/timestamp.c:947 plugins/sudoers/visudo.c:493 -#: plugins/sudoers/visudo.c:499 +#: plugins/sudoers/iolog.c:992 plugins/sudoers/iolog.c:1120 +#: plugins/sudoers/iolog.c:1225 plugins/sudoers/timestamp.c:849 +#: plugins/sudoers/timestamp.c:941 plugins/sudoers/visudo.c:487 +#: plugins/sudoers/visudo.c:493 msgid "unable to read the clock" msgstr "kan inte läsa klockan" -#: plugins/sudoers/iolog.c:1204 plugins/sudoers/log_client.c:1193 +#: plugins/sudoers/iolog.c:1217 plugins/sudoers/log_client.c:1199 #, c-format msgid "%s: internal error, invalid signal %d" msgstr "%s: internt fel, ogiltig signal %d" @@ -2106,7 +2269,7 @@ msgid "start_tls specified but LDAP libs do not support ldap_start_tls_s() or ldap_start_tls_s_np()" msgstr "start_tls angivet men LDAP-bibliotek har inte stöd för ldap_start_tls_s() eller ldap_start_tls_s_np()" -#: plugins/sudoers/ldap.c:1834 plugins/sudoers/parse_ldif.c:744 +#: plugins/sudoers/ldap.c:1834 plugins/sudoers/parse_ldif.c:746 #, c-format msgid "invalid sudoOrder attribute: %s" msgstr "ogiltigt sudoOrder-attribut: %s" @@ -2125,21 +2288,29 @@ msgid "unable to mix ldap and ldaps URIs" msgstr "kan inte blanda ldap- och ldaps-URI:er" -#: plugins/sudoers/ldap_util.c:553 plugins/sudoers/ldap_util.c:555 +#: plugins/sudoers/ldap_util.c:529 plugins/sudoers/ldap_util.c:536 +#: plugins/sudoers/ldap_util.c:544 plugins/sudoers/ldap_util.c:553 +#: plugins/sudoers/ldap_util.c:561 plugins/sudoers/ldap_util.c:571 +#: plugins/sudoers/ldap_util.c:579 +#, c-format +msgid "duplicate sudoOption: %s%s%s" +msgstr "duplicerad sudoOption: %s%s%s" + +#: plugins/sudoers/ldap_util.c:598 plugins/sudoers/ldap_util.c:600 #, c-format msgid "unable to convert sudoOption: %s%s%s" msgstr "kan inte konvertera sudoOption: %s%s%s" -#: plugins/sudoers/linux_audit.c:58 +#: plugins/sudoers/linux_audit.c:58 plugins/sudoers/linux_audit.c:60 msgid "unable to open audit system" msgstr "kan inte öppna granskningssystem" -#: plugins/sudoers/linux_audit.c:101 +#: plugins/sudoers/linux_audit.c:103 msgid "unable to send audit message" msgstr "kan inte skicka granskningsmeddelande" #: plugins/sudoers/log_client.c:113 plugins/sudoers/log_client.c:391 -#: plugins/sudoers/log_client.c:1431 plugins/sudoers/log_client.c:2023 +#: plugins/sudoers/log_client.c:1437 plugins/sudoers/log_client.c:2031 msgid "error in event loop" msgstr "fel i händelseloop" @@ -2148,6 +2319,26 @@ msgid "Creation of new SSL_CTX object failed: %s" msgstr "Skapande av nytt SSL_CTX-objekt misslyckades: %s" +#: plugins/sudoers/log_client.c:216 +#, c-format +msgid "unable to load certificate authority bundle %s" +msgstr "kan inte läsa in certifikatauktoritetsbunt %s" + +#: plugins/sudoers/log_client.c:236 +#, c-format +msgid "unable to load certificate %s" +msgstr "kan inte läsa in certifikat %s" + +#: plugins/sudoers/log_client.c:249 +#, c-format +msgid "unable to load private key %s" +msgstr "kan inte läsa in privat nyckel %s" + +#: plugins/sudoers/log_client.c:258 +#, c-format +msgid "Unable to allocate ssl object: %s" +msgstr "Kan inte allokera ssl-objekt: %s" + #: plugins/sudoers/log_client.c:345 plugins/sudoers/log_client.c:350 #, c-format msgid "TLS connection to %s:%s failed: %s" @@ -2161,20 +2352,20 @@ msgid "TLS handshake was unsuccessful" msgstr "TLS-handskakning misslyckades" -#: plugins/sudoers/log_client.c:1202 +#: plugins/sudoers/log_client.c:1208 #, c-format msgid "%s: internal error, invalid exit status %d" msgstr "%s: internt fel, ogiltig avslutningskod %d" -#: plugins/sudoers/log_client.c:1738 +#: plugins/sudoers/log_client.c:1724 plugins/sudoers/log_client.c:1748 msgid "lost connection to log server" msgstr "förlorade kontakten med loggservern" -#: plugins/sudoers/log_client.c:1815 +#: plugins/sudoers/log_client.c:1825 msgid "missing write buffer" msgstr "saknar skrivbuffert" -#: plugins/sudoers/log_client.c:1964 +#: plugins/sudoers/log_client.c:1972 msgid "unable to connect to log server" msgstr "kan inte ansluta till loggserver" @@ -2210,15 +2401,15 @@ msgid "Sorry, user %s is not allowed to execute '%s%s%s' as %s%s%s on %s.\n" msgstr "Tyvärr, användaren %s tillåts inte att köra ”%s%s%s” som %s%s%s på %s.\n" -#: plugins/sudoers/logging.c:316 plugins/sudoers/sudoers.c:583 -#: plugins/sudoers/sudoers.c:585 plugins/sudoers/sudoers.c:587 -#: plugins/sudoers/sudoers.c:589 plugins/sudoers/sudoers.c:739 -#: plugins/sudoers/sudoers.c:741 +#: plugins/sudoers/logging.c:316 plugins/sudoers/sudoers.c:575 +#: plugins/sudoers/sudoers.c:577 plugins/sudoers/sudoers.c:579 +#: plugins/sudoers/sudoers.c:581 plugins/sudoers/sudoers.c:723 +#: plugins/sudoers/sudoers.c:725 #, c-format msgid "%s: command not found" msgstr "%s: kommandot hittades inte" -#: plugins/sudoers/logging.c:318 plugins/sudoers/sudoers.c:579 +#: plugins/sudoers/logging.c:318 plugins/sudoers/sudoers.c:571 #, c-format msgid "" "ignoring \"%s\" found in '.'\n" @@ -2242,12 +2433,12 @@ msgid "a password is required" msgstr "ett lösenord krävs" -#: plugins/sudoers/logging.c:729 +#: plugins/sudoers/logging.c:739 #, c-format msgid "unable to open log file: %s" msgstr "kan inte öppna loggfil: %s" -#: plugins/sudoers/logging.c:762 +#: plugins/sudoers/logging.c:772 #, c-format msgid "unable to write log file: %s" msgstr "kan inte skriva till loggfil: %s" @@ -2257,7 +2448,7 @@ msgid "digest for %s (%s) is not in %s form" msgstr "kontrollsumma för %s (%s) är inte på %s-form" -#: plugins/sudoers/parse.c:518 +#: plugins/sudoers/parse.c:530 #, c-format msgid "" "\n" @@ -2266,7 +2457,7 @@ "\n" "LDAP-roll: %s\n" -#: plugins/sudoers/parse.c:521 +#: plugins/sudoers/parse.c:533 msgid "" "\n" "Sudoers entry:\n" @@ -2274,104 +2465,110 @@ "\n" "Sudoers-post:\n" -#: plugins/sudoers/parse.c:523 +#: plugins/sudoers/parse.c:535 msgid " RunAsUsers: " msgstr " KörSomAnvändare: " -#: plugins/sudoers/parse.c:538 +#: plugins/sudoers/parse.c:550 msgid " RunAsGroups: " msgstr " KörSomGrupper: " -#: plugins/sudoers/parse.c:548 +#: plugins/sudoers/parse.c:560 msgid " Options: " msgstr " Flaggor: " -#: plugins/sudoers/parse.c:602 +#: plugins/sudoers/parse.c:614 msgid " Commands:\n" msgstr " Kommandon:\n" -#: plugins/sudoers/parse.c:793 +#: plugins/sudoers/parse.c:805 #, c-format msgid "Matching Defaults entries for %s on %s:\n" msgstr "Matchande standardposter för %s på %s:\n" -#: plugins/sudoers/parse.c:811 +#: plugins/sudoers/parse.c:823 #, c-format msgid "Runas and Command-specific defaults for %s:\n" msgstr "Runas- och kommando-specifika standardvärden för %s:\n" -#: plugins/sudoers/parse.c:829 +#: plugins/sudoers/parse.c:841 #, c-format msgid "User %s may run the following commands on %s:\n" msgstr "Användare %s får köra följande kommandon på %s:\n" -#: plugins/sudoers/parse.c:844 +#: plugins/sudoers/parse.c:856 #, c-format msgid "User %s is not allowed to run sudo on %s.\n" msgstr "Användaren %s tillåts inte att köra sudo på %s.\n" -#: plugins/sudoers/parse_ldif.c:614 +#: plugins/sudoers/parse_ldif.c:616 #, c-format msgid "ignoring incomplete sudoRole: cn: %s" msgstr "hoppar över ofullständig sudoRole: cn: %s" -#: plugins/sudoers/parse_ldif.c:674 +#: plugins/sudoers/parse_ldif.c:676 #, c-format msgid "invalid LDIF attribute: %s" msgstr "ogiltigt LDIF-attribut: %s" -#: plugins/sudoers/policy.c:78 plugins/sudoers/policy.c:102 +#: plugins/sudoers/policy.c:78 plugins/sudoers/policy.c:108 #, c-format msgid "invalid %.*s set by sudo front-end" msgstr "ogiltigt %.*s inställt av sudo-framände" -#: plugins/sudoers/policy.c:310 plugins/sudoers/testsudoers.c:272 +#: plugins/sudoers/policy.c:314 plugins/sudoers/testsudoers.c:268 msgid "unable to parse network address list" msgstr "kan inte tolka nätverksadresslista" -#: plugins/sudoers/policy.c:455 +#: plugins/sudoers/policy.c:465 msgid "user name not set by sudo front-end" msgstr "användarnamn inte inställt av sudo-framände" -#: plugins/sudoers/policy.c:459 +#: plugins/sudoers/policy.c:469 msgid "user-ID not set by sudo front-end" msgstr "användar-ID inte inställt av sudo-framände" -#: plugins/sudoers/policy.c:463 +#: plugins/sudoers/policy.c:473 msgid "group-ID not set by sudo front-end" msgstr "grupp-ID inte inställt av sudo-framände" -#: plugins/sudoers/policy.c:467 +#: plugins/sudoers/policy.c:477 msgid "host name not set by sudo front-end" msgstr "värdnamn inte inställt av sudo-framände" -#: plugins/sudoers/policy.c:643 +#: plugins/sudoers/policy.c:660 #, c-format msgid "invalid working directory: %s" msgstr "ogiltig arbetskatalog: %s" -#: plugins/sudoers/policy.c:811 +#: plugins/sudoers/policy.c:828 #, c-format msgid "invalid chroot directory: %s" msgstr "ogiltig chroot-katalog: %s" -#: plugins/sudoers/policy.c:947 plugins/sudoers/visudo.c:231 -#: plugins/sudoers/visudo.c:860 +#: plugins/sudoers/policy.c:963 plugins/sudoers/visudo.c:229 +#: plugins/sudoers/visudo.c:851 #, c-format msgid "unable to execute %s" msgstr "kan inte köra %s" -#: plugins/sudoers/policy.c:1111 +#: plugins/sudoers/policy.c:1030 plugins/sudoers/policy.c:1067 +#: plugins/sudoers/policy.c:1089 plugins/sudoers/policy.c:1115 +#, c-format +msgid "%s: invalid mode flags from sudo front end: 0x%x" +msgstr "%s: ogiltiga lägesflaggor från sudo-framände: 0x%x" + +#: plugins/sudoers/policy.c:1146 #, c-format msgid "Sudoers policy plugin version %s\n" msgstr "Sudoers policyinsticksmodul version %s\n" -#: plugins/sudoers/policy.c:1113 +#: plugins/sudoers/policy.c:1148 #, c-format msgid "Sudoers file grammar version %d\n" msgstr "Sudoers-filgrammatik version %d\n" -#: plugins/sudoers/policy.c:1117 +#: plugins/sudoers/policy.c:1152 #, c-format msgid "" "\n" @@ -2380,86 +2577,91 @@ "\n" "Sökväg till sudoers: %s\n" -#: plugins/sudoers/policy.c:1120 +#: plugins/sudoers/policy.c:1155 #, c-format msgid "nsswitch path: %s\n" msgstr "Sökväg till nsswitch: %s\n" -#: plugins/sudoers/policy.c:1122 +#: plugins/sudoers/policy.c:1157 #, c-format msgid "ldap.conf path: %s\n" msgstr "Sökväg till ldap.conf: %s\n" -#: plugins/sudoers/policy.c:1123 +#: plugins/sudoers/policy.c:1158 #, c-format msgid "ldap.secret path: %s\n" msgstr "Sökväg till ldap.secret: %s\n" -#: plugins/sudoers/policy.c:1156 +#: plugins/sudoers/policy.c:1191 #, c-format msgid "unable to register hook of type %d (version %d.%d)" msgstr "kan inte registrera krok av typ %d (version %d.%d)" -#: plugins/sudoers/pwutil.c:217 plugins/sudoers/pwutil.c:235 +#: plugins/sudoers/policy.c:1209 +#, c-format +msgid "unable to deregister hook of type %d (version %d.%d)" +msgstr "kan inte avregistrera krok av typ %d (version %d.%d)" + +#: plugins/sudoers/pwutil.c:218 plugins/sudoers/pwutil.c:236 #, c-format msgid "unable to cache uid %u" msgstr "kan inte cacha uid %u" -#: plugins/sudoers/pwutil.c:229 +#: plugins/sudoers/pwutil.c:230 #, c-format msgid "unable to cache uid %u, already exists" msgstr "kan inte cacha uid %u, finns redan" -#: plugins/sudoers/pwutil.c:289 plugins/sudoers/pwutil.c:307 -#: plugins/sudoers/pwutil.c:370 plugins/sudoers/pwutil.c:415 +#: plugins/sudoers/pwutil.c:290 plugins/sudoers/pwutil.c:308 +#: plugins/sudoers/pwutil.c:371 plugins/sudoers/pwutil.c:416 #, c-format msgid "unable to cache user %s" msgstr "kan inte cacha användare %s" -#: plugins/sudoers/pwutil.c:302 +#: plugins/sudoers/pwutil.c:303 #, c-format msgid "unable to cache user %s, already exists" msgstr "kan inte cacha användare %s, finns redan" -#: plugins/sudoers/pwutil.c:534 plugins/sudoers/pwutil.c:552 +#: plugins/sudoers/pwutil.c:535 plugins/sudoers/pwutil.c:553 #, c-format msgid "unable to cache gid %u" msgstr "kan inte cacha gid %u" -#: plugins/sudoers/pwutil.c:546 +#: plugins/sudoers/pwutil.c:547 #, c-format msgid "unable to cache gid %u, already exists" msgstr "kan inte cacha gid %u, finns redan" -#: plugins/sudoers/pwutil.c:599 plugins/sudoers/pwutil.c:617 -#: plugins/sudoers/pwutil.c:665 plugins/sudoers/pwutil.c:707 +#: plugins/sudoers/pwutil.c:601 plugins/sudoers/pwutil.c:619 +#: plugins/sudoers/pwutil.c:680 plugins/sudoers/pwutil.c:729 #, c-format msgid "unable to cache group %s" msgstr "kan inte cacha grupp %s" -#: plugins/sudoers/pwutil.c:612 +#: plugins/sudoers/pwutil.c:614 #, c-format msgid "unable to cache group %s, already exists" msgstr "kan inte cacha grupp %s, finns redan" -#: plugins/sudoers/pwutil.c:834 plugins/sudoers/pwutil.c:885 -#: plugins/sudoers/pwutil.c:935 plugins/sudoers/pwutil.c:987 +#: plugins/sudoers/pwutil.c:876 plugins/sudoers/pwutil.c:927 +#: plugins/sudoers/pwutil.c:977 plugins/sudoers/pwutil.c:1029 #, c-format msgid "unable to cache group list for %s, already exists" msgstr "kan inte cacha grupplista för %s, finns redan" -#: plugins/sudoers/pwutil.c:840 plugins/sudoers/pwutil.c:890 -#: plugins/sudoers/pwutil.c:941 plugins/sudoers/pwutil.c:992 +#: plugins/sudoers/pwutil.c:882 plugins/sudoers/pwutil.c:932 +#: plugins/sudoers/pwutil.c:983 plugins/sudoers/pwutil.c:1034 #, c-format msgid "unable to cache group list for %s" msgstr "kan inte cacha grupplista för %s" -#: plugins/sudoers/pwutil.c:879 +#: plugins/sudoers/pwutil.c:921 #, c-format msgid "unable to parse groups for %s" msgstr "kan inte tolka grupper för %s" -#: plugins/sudoers/pwutil.c:981 +#: plugins/sudoers/pwutil.c:1023 #, c-format msgid "unable to parse gids for %s" msgstr "kan inte tolka gids för %s" @@ -2534,135 +2736,139 @@ msgid "unable to find symbol \"%s\" in %s" msgstr "kan inte hitta symbol ”%s” i %s" -#: plugins/sudoers/sudoers.c:214 plugins/sudoers/sudoers.c:1010 +#: plugins/sudoers/sudoers.c:213 plugins/sudoers/sudoers.c:985 msgid "problem with defaults entries" msgstr "problem med standardposter" -#: plugins/sudoers/sudoers.c:218 +#: plugins/sudoers/sudoers.c:217 msgid "no valid sudoers sources found, quitting" msgstr "inga giltiga sudoers-källor hittades, avslutar" -#: plugins/sudoers/sudoers.c:292 +#: plugins/sudoers/sudoers.c:291 #, c-format msgid "user not allowed to change root directory to %s" msgstr "användare inte tillåten att ändra rotkatalog till %s" -#: plugins/sudoers/sudoers.c:294 +#: plugins/sudoers/sudoers.c:293 #, c-format msgid "you are not permitted to use the -R option with %s" msgstr "du tillåts inte att använda flaggan -R med %s" -#: plugins/sudoers/sudoers.c:319 +#: plugins/sudoers/sudoers.c:318 #, c-format msgid "user not allowed to change directory to %s" msgstr "användare inte tillåten att ändra katalog till %s" -#: plugins/sudoers/sudoers.c:320 +#: plugins/sudoers/sudoers.c:319 #, c-format msgid "you are not permitted to use the -D option with %s" msgstr "du tillåts inte att använda flaggan -D med %s" -#: plugins/sudoers/sudoers.c:351 +#: plugins/sudoers/sudoers.c:345 +msgid "no command specified" +msgstr "inget kommando specificerat" + +#: plugins/sudoers/sudoers.c:355 msgid "sudoers specifies that root is not allowed to sudo" msgstr "sudoers anger att root inte tillåts att använda sudo" -#: plugins/sudoers/sudoers.c:411 +#: plugins/sudoers/sudoers.c:403 msgid "user not allowed to override closefrom limit" msgstr "användare inte tillåten att åsidosätta closefrom-begränsning" -#: plugins/sudoers/sudoers.c:412 +#: plugins/sudoers/sudoers.c:404 msgid "you are not permitted to use the -C option" msgstr "du tillåts inte att använda flaggan -C" -#: plugins/sudoers/sudoers.c:472 +#: plugins/sudoers/sudoers.c:464 #, c-format msgid "timestamp owner (%s): No such user" msgstr "tidsstämpelägare (%s): Det finns ingen sådan användare" -#: plugins/sudoers/sudoers.c:487 +#: plugins/sudoers/sudoers.c:479 msgid "no tty" msgstr "ingen tty" -#: plugins/sudoers/sudoers.c:488 +#: plugins/sudoers/sudoers.c:480 msgid "sorry, you must have a tty to run sudo" msgstr "tyvärr, du måste ha en tty för att köra sudo" -#: plugins/sudoers/sudoers.c:495 +#: plugins/sudoers/sudoers.c:487 #, c-format msgid "invalid shell for user %s: %s" msgstr "ogiltigt skal för användare %s: %s" -#: plugins/sudoers/sudoers.c:578 +#: plugins/sudoers/sudoers.c:570 msgid "command in current directory" msgstr "kommando i aktuell katalog" -#: plugins/sudoers/sudoers.c:597 +#: plugins/sudoers/sudoers.c:589 msgid "user not allowed to set a command timeout" msgstr "användare inte tillåten att ställa in en tidsgräns för kommandon" -#: plugins/sudoers/sudoers.c:599 +#: plugins/sudoers/sudoers.c:591 msgid "sorry, you are not allowed set a command timeout" msgstr "tyvärr, du tillåts inte att ställa in en tidsgräns för kommandon" -#: plugins/sudoers/sudoers.c:607 +#: plugins/sudoers/sudoers.c:599 msgid "user not allowed to preserve the environment" msgstr "användare inte tillåten att behålla miljön" -#: plugins/sudoers/sudoers.c:609 +#: plugins/sudoers/sudoers.c:601 msgid "sorry, you are not allowed to preserve the environment" msgstr "tyvärr, du tillåts inte att behålla miljövariabler" -#: plugins/sudoers/sudoers.c:945 +#: plugins/sudoers/sudoers.c:936 msgid "command too long" msgstr "kommandot för långt" -#: plugins/sudoers/sudoers.c:1003 +#: plugins/sudoers/sudoers.c:973 msgid "sudoedit doesn't need to be run via sudo" msgstr "sudoedit behöver inte köras via sudo" -#: plugins/sudoers/sudoers.c:1057 plugins/sudoers/sudoreplay.c:1547 +#: plugins/sudoers/sudoers.c:1032 plugins/sudoers/sudoreplay.c:1547 #: plugins/sudoers/tsdump.c:138 #, c-format msgid "unable to read %s" msgstr "kan inte läsa %s" -#: plugins/sudoers/sudoers.c:1082 plugins/sudoers/visudo.c:432 -#: plugins/sudoers/visudo.c:726 +#: plugins/sudoers/sudoers.c:1057 plugins/sudoers/visudo.c:426 +#: plugins/sudoers/visudo.c:720 #, c-format msgid "unable to stat %s" msgstr "kan inte ta status på %s" -#: plugins/sudoers/sudoers.c:1086 plugins/sudoers/visudo.c:1018 +#: plugins/sudoers/sudoers.c:1061 plugins/sudoers/visudo.c:1009 #, c-format msgid "%s is not a regular file" msgstr "%s är inte en vanlig fil" -#: plugins/sudoers/sudoers.c:1090 plugins/sudoers/timestamp.c:252 toke.l:1112 +#: plugins/sudoers/sudoers.c:1065 plugins/sudoers/timestamp.c:252 toke.l:1138 #, c-format msgid "%s is owned by uid %u, should be %u" msgstr "%s ägs av uid %u, ska vara %u" -#: plugins/sudoers/sudoers.c:1094 toke.l:1117 +#: plugins/sudoers/sudoers.c:1069 toke.l:1143 #, c-format msgid "%s is world writable" msgstr "%s är skrivbar för alla" -#: plugins/sudoers/sudoers.c:1098 toke.l:1120 +#: plugins/sudoers/sudoers.c:1073 toke.l:1146 #, c-format msgid "%s is owned by gid %u, should be %u" msgstr "%s ägs av gid %u, ska vara %u" -#: plugins/sudoers/sudoers.c:1131 +#: plugins/sudoers/sudoers.c:1106 #, c-format msgid "only root can use \"-c %s\"" msgstr "endast root kan använda ”-c %s”" -#: plugins/sudoers/sudoers.c:1150 +#: plugins/sudoers/sudoers.c:1125 #, c-format msgid "unknown login class: %s" msgstr "okänd inloggningsklass: %s" -#: plugins/sudoers/sudoers.c:1235 plugins/sudoers/sudoers.c:1250 +#: plugins/sudoers/sudoers.c:1211 plugins/sudoers/sudoers.c:1226 #, c-format msgid "unable to resolve host %s" msgstr "kan inte slå upp värddatorn %s" @@ -2812,11 +3018,11 @@ " -s, --speed=num påskynda eller fördröj utmatning\n" " -V, --version visa versionsinformation och avsluta" -#: plugins/sudoers/testsudoers.c:348 +#: plugins/sudoers/testsudoers.c:344 msgid "\thost unmatched" msgstr "\tvärd omatchad" -#: plugins/sudoers/testsudoers.c:351 +#: plugins/sudoers/testsudoers.c:347 msgid "" "\n" "Command allowed" @@ -2824,7 +3030,7 @@ "\n" "Kommandot tillåts" -#: plugins/sudoers/testsudoers.c:352 +#: plugins/sudoers/testsudoers.c:348 msgid "" "\n" "Command denied" @@ -2832,7 +3038,7 @@ "\n" "Kommandot nekades" -#: plugins/sudoers/testsudoers.c:352 +#: plugins/sudoers/testsudoers.c:348 msgid "" "\n" "Command unmatched" @@ -2845,122 +3051,122 @@ msgid "%s is group writable" msgstr "%s är skrivbar för gruppen" -#: plugins/sudoers/timestamp.c:336 plugins/sudoers/timestamp.c:680 +#: plugins/sudoers/timestamp.c:328 plugins/sudoers/timestamp.c:663 #, c-format msgid "unable to truncate time stamp file to %lld bytes" msgstr "kan inte trunkera tidsstämpelfil till %lld byte" -#: plugins/sudoers/timestamp.c:866 +#: plugins/sudoers/timestamp.c:860 msgid "ignoring time stamp from the future" msgstr "ignorerar tidsstämpel från framtiden" -#: plugins/sudoers/timestamp.c:889 +#: plugins/sudoers/timestamp.c:883 #, c-format msgid "time stamp too far in the future: %20.20s" msgstr "tidsstämpel är för långt in i framtiden: %20.20s" -#: plugins/sudoers/timestamp.c:1011 +#: plugins/sudoers/timestamp.c:1005 #, c-format msgid "unable to lock time stamp file %s" msgstr "kan inte låsa tidsstämpelfil %s" -#: plugins/sudoers/timestamp.c:1055 plugins/sudoers/timestamp.c:1075 +#: plugins/sudoers/timestamp.c:1049 plugins/sudoers/timestamp.c:1069 #, c-format msgid "lecture status path too long: %s/%s" msgstr "sökväg för lektionsstatus för lång: %s/%s" -#: plugins/sudoers/toke_util.c:124 +#: plugins/sudoers/toke_util.c:150 msgid "sudoedit should not be specified with a path" msgstr "sudoedit ska inte anges med en sökväg" -#: plugins/sudoers/visudo.c:226 +#: plugins/sudoers/visudo.c:224 msgid "the -x option will be removed in a future release" msgstr "flaggan -x kommer att tas bort i en framtida version" -#: plugins/sudoers/visudo.c:228 +#: plugins/sudoers/visudo.c:226 msgid "please consider using the cvtsudoers utility instead" msgstr "överväg att använda verktyget cvtsudoers istället" -#: plugins/sudoers/visudo.c:279 plugins/sudoers/visudo.c:659 +#: plugins/sudoers/visudo.c:277 plugins/sudoers/visudo.c:653 #, c-format msgid "press return to edit %s: " msgstr "tryck på retur för att redigera %s: " -#: plugins/sudoers/visudo.c:340 +#: plugins/sudoers/visudo.c:338 #, c-format msgid "specified editor (%s) doesn't exist" msgstr "angiven redigerare (%s) finns inte" -#: plugins/sudoers/visudo.c:342 +#: plugins/sudoers/visudo.c:340 #, c-format msgid "no editor found (editor path = %s)" msgstr "ingen textredigerare hittad (sökväg för textredigerare = %s)" -#: plugins/sudoers/visudo.c:452 plugins/sudoers/visudo.c:460 +#: plugins/sudoers/visudo.c:446 plugins/sudoers/visudo.c:454 msgid "write error" msgstr "skrivfel" -#: plugins/sudoers/visudo.c:506 +#: plugins/sudoers/visudo.c:500 #, c-format msgid "unable to stat temporary file (%s), %s unchanged" msgstr "kan inte hämta filinformation för temporärfil (%s), %s oförändrad" # sebras: not an exact translation, but I think it captures the meaning of the original text. -#: plugins/sudoers/visudo.c:513 +#: plugins/sudoers/visudo.c:507 #, c-format msgid "zero length temporary file (%s), %s unchanged" msgstr "temporärfil tom (%s), %s oförändrad" -#: plugins/sudoers/visudo.c:519 +#: plugins/sudoers/visudo.c:513 #, c-format msgid "editor (%s) failed, %s unchanged" msgstr "redigeraren (%s) misslyckades, %s är oförändrad" -#: plugins/sudoers/visudo.c:541 +#: plugins/sudoers/visudo.c:535 #, c-format msgid "%s unchanged" msgstr "%s oförändrad" -#: plugins/sudoers/visudo.c:598 +#: plugins/sudoers/visudo.c:592 #, c-format msgid "unable to re-open temporary file (%s), %s unchanged." msgstr "kan inte återöppna temporärfil (%s), %s är oförändrad." -#: plugins/sudoers/visudo.c:610 +#: plugins/sudoers/visudo.c:604 #, c-format msgid "unable to parse temporary file (%s), unknown error" msgstr "kan inte tolka temporärfil (%s), okänt fel" -#: plugins/sudoers/visudo.c:648 +#: plugins/sudoers/visudo.c:642 #, c-format msgid "internal error, unable to find %s in list!" msgstr "internt fel, kan inte hitta %s i listan!" -#: plugins/sudoers/visudo.c:728 plugins/sudoers/visudo.c:737 +#: plugins/sudoers/visudo.c:722 plugins/sudoers/visudo.c:731 #, c-format msgid "unable to set (uid, gid) of %s to (%u, %u)" msgstr "kan inte ställa in (uid, gid) för %s till (%u, %u)" -#: plugins/sudoers/visudo.c:760 +#: plugins/sudoers/visudo.c:754 #, c-format msgid "%s and %s not on the same file system, using mv to rename" msgstr "%s och %s finns inte på samma filsystem, använder mv för att byta namn" -#: plugins/sudoers/visudo.c:774 +#: plugins/sudoers/visudo.c:765 #, c-format msgid "command failed: '%s %s %s', %s unchanged" msgstr "kommandot misslyckades: ”%s %s %s”, %s är oförändrad" -#: plugins/sudoers/visudo.c:784 +#: plugins/sudoers/visudo.c:775 #, c-format msgid "error renaming %s, %s unchanged" msgstr "fel vid namnbyte för %s, %s är oförändrad" -#: plugins/sudoers/visudo.c:805 +#: plugins/sudoers/visudo.c:796 msgid "What now? " msgstr "Nu då? " -#: plugins/sudoers/visudo.c:819 +#: plugins/sudoers/visudo.c:810 msgid "" "Options are:\n" " (e)dit sudoers file again\n" @@ -2972,66 +3178,46 @@ " avsluta (x) utan att spara ändringar i sudoers-filen\n" " Avsluta (Q) och spara ändringar i sudoers-filen (FARLIGT!)\n" -#: plugins/sudoers/visudo.c:865 +#: plugins/sudoers/visudo.c:856 #, c-format msgid "unable to run %s" msgstr "kan inte köra %s" -#: plugins/sudoers/visudo.c:895 +#: plugins/sudoers/visudo.c:886 #, c-format msgid "%s: wrong owner (uid, gid) should be (%u, %u)\n" msgstr "%s: felaktig ägare (uid, gid) ska vara (%u, %u)\n" -#: plugins/sudoers/visudo.c:902 +#: plugins/sudoers/visudo.c:893 #, c-format msgid "%s: bad permissions, should be mode 0%o\n" msgstr "%s: felaktiga rättigheter, bör vara läge 0%o\n" -#: plugins/sudoers/visudo.c:951 plugins/sudoers/visudo.c:958 +#: plugins/sudoers/visudo.c:942 plugins/sudoers/visudo.c:949 #, c-format msgid "%s: parsed OK\n" msgstr "%s: tolkad OK\n" -#: plugins/sudoers/visudo.c:977 +#: plugins/sudoers/visudo.c:968 #, c-format msgid "%s busy, try again later" msgstr "%s är upptagen, försök igen senare" -#: plugins/sudoers/visudo.c:980 +#: plugins/sudoers/visudo.c:971 #, c-format msgid "unable to lock %s" msgstr "kan inte låsa %s" -#: plugins/sudoers/visudo.c:981 +#: plugins/sudoers/visudo.c:972 msgid "Edit anyway? [y/N]" msgstr "Redigera ändå? [y/N]" -#: plugins/sudoers/visudo.c:1091 -#, c-format -msgid "Error: %s:%d:%d: cycle in %s \"%s\"" -msgstr "Fel: %s:%d:%d: cykel i %s ”%s”" - -#: plugins/sudoers/visudo.c:1092 -#, c-format -msgid "Warning: %s:%d:%d: cycle in %s \"%s\"" -msgstr "Varning: %s:%d:%d: cykel i %s ”%s”" - -#: plugins/sudoers/visudo.c:1096 -#, c-format -msgid "Error: %s:%d:%d: %s \"%s\" referenced but not defined" -msgstr "Fel: %s:%d:%d: %s ”%s” refererad till men inte definierad" - -#: plugins/sudoers/visudo.c:1097 -#, c-format -msgid "Warning: %s:%d:%d: %s \"%s\" referenced but not defined" -msgstr "Varning: %s:%d:%d: %s ”%s” refererad till men inte definierad" - -#: plugins/sudoers/visudo.c:1188 +#: plugins/sudoers/visudo.c:1067 #, c-format msgid "Warning: %s:%d:%d: unused %s \"%s\"" msgstr "Varning: %s:%d:%d: oanvänd %s ”%s”" -#: plugins/sudoers/visudo.c:1303 +#: plugins/sudoers/visudo.c:1183 #, c-format msgid "" "%s - safely edit the sudoers file\n" @@ -3040,7 +3226,7 @@ "%s - redigera sudoers-filen på ett säkert sätt\n" "\n" -#: plugins/sudoers/visudo.c:1305 +#: plugins/sudoers/visudo.c:1185 msgid "" "\n" "Options:\n" @@ -3060,43 +3246,96 @@ " -s, --strict strikt syntaxkontroll\n" " -V, --version visa versionsinformation och avsluta\n" -#: toke.l:179 +#: toke.l:187 msgid "empty string" msgstr "tom sträng" -#: toke.l:189 toke.l:491 +#: toke.l:199 toke.l:503 msgid "empty group" msgstr "tom grupp" -#: toke.l:197 toke.l:489 +#: toke.l:209 toke.l:501 msgid "empty netgroup" msgstr "tom nätgrupp" -#: toke.l:293 toke.l:305 toke.l:317 toke.l:333 toke.l:352 toke.l:392 +#: toke.l:305 toke.l:317 toke.l:329 toke.l:345 toke.l:364 toke.l:404 msgid "invalid line continuation" msgstr "ogiltig radfortsättning" -#: toke.l:528 toke.l:540 +#: toke.l:540 toke.l:552 msgid "invalid IPv6 address" msgstr "ogiltig IPv6-adress" -#: toke.l:764 +#: toke.l:779 msgid "unexpected line break in string" msgstr "oväntad radbrytning i sträng" -#: toke.l:1084 +#: toke.l:1109 msgid "too many levels of includes" msgstr "för många nivåer av inkluderingar" +#~ msgid "%s:%u unable to parse \"%s\"" +#~ msgstr "%s:%u kan inte tolka ”%s”" + +#~ msgid "unable to get TLS server method: %s" +#~ msgstr "kan inte hämta TLS-servermetod: %s" + +#~ msgid "" +#~ "\n" +#~ "Options:\n" +#~ " -f, --file path to configuration file\n" +#~ " -h --help display help message and exit\n" +#~ " -n, --no-fork do not fork, run in the foreground\n" +#~ " -R, --random-drop percent chance connections will drop\n" +#~ " -V, --version display version information and exit\n" +#~ msgstr "" +#~ "\n" +#~ "Flaggor:\n" +#~ " -f, --file sökväg till konfigurationsfil\n" +#~ " -h --help visa hjälptext och avslutan\n" +#~ " -n, --no-fork grena inte, kör i förgrunden\n" +#~ " -R, --random-drop antal procents chans att anslutningar bryts\n" +#~ " -V, --version visa versionsinformation och avsluta\n" + +#~ msgid "" +#~ "\n" +#~ "Options:\n" +#~ " --help display help message and exit\n" +#~ " -A, --accept only send an accept event (no I/O)\n" +#~ " -h, --host host to send logs to\n" +#~ " -i, --iolog_id remote ID of I/O log to be resumed\n" +#~ " -p, --port port to use when connecting to host\n" +#~ " -r, --restart restart previous I/O log transfer\n" +#~ " -R, --reject reject the command with the given reason\n" +#~ " -b, --ca-bundle certificate bundle file to verify server's cert against\n" +#~ " -c, --cert certificate file for TLS handshake\n" +#~ " -k, --key private key file\n" +#~ " -n, --no-verify do not verify server certificate\n" +#~ " -t, --test test audit server by sending selected I/O log n times in parallel\n" +#~ " -V, --version display version information and exit\n" +#~ msgstr "" +#~ "\n" +#~ "Flaggor:\n" +#~ " --help visa hjälpmeddelande och avsluta\n" +#~ " -A, --accept skicka endast en accepteringshändelse (ingen I/O)\n" +#~ " -h, --host värd att skicka loggar till\n" +#~ " -i, --iolog_id fjärr-ID för I/O-logg som ska återupptas\n" +#~ " -p, --port port att använda vid anslutning till värd\n" +#~ " -r, --restart start om förgående överföring av I/O-logg\n" +#~ " -R, --reject avböj kommandot med angiven anledning\n" +#~ " -b, --ca-bundle certifikatbuntfil att verifiera serverns certifikat mot\n" +#~ " -c, --cert certifikatfil för TLS-handskakning\n" +#~ " -k, --key privat nyckelfil\n" +#~ " -n, --no-verify verifiera inter servercertifikat\n" +#~ " -t, --test testa granskningsserver genom att skicka valda I/O-loggmeddelanden parallellt n gånger\n" +#~ " -V, --version visa versionsinformation och avsluta\n" + #~ msgid "Preload the dummy exec functions contained in the sudo_noexec library" #~ msgstr "Förinläs attrapp-exec-funktioner som finns i biblioteket sudo_noexec" #~ msgid "sudo_ldap_conf_add_ports: port too large" #~ msgstr "sudo_ldap_conf_add_ports: port är för stor" -#~ msgid "unable to lock log file: %s" -#~ msgstr "kan inte låsa loggfil: %s" - #~ msgid "SSL_connect failed: ssl_error=%d, stack=%s\n" #~ msgstr "SSL_connect misslyckades: ssl_error=%d, stack=%s\n" Binary files /tmp/tmpi0rdlgnl/ugezXHF7Xt/sudo-1.9.5p2/plugins/sudoers/po/uk.mo and /tmp/tmpi0rdlgnl/jboyaHmwzR/sudo-1.9.9/plugins/sudoers/po/uk.mo differ diff -Nru sudo-1.9.5p2/plugins/sudoers/po/uk.po sudo-1.9.9/plugins/sudoers/po/uk.po --- sudo-1.9.5p2/plugins/sudoers/po/uk.po 2020-12-17 01:33:44.000000000 +0000 +++ sudo-1.9.9/plugins/sudoers/po/uk.po 2022-01-27 21:24:22.000000000 +0000 @@ -1,13 +1,13 @@ # Ukrainian translation for sudoers. # This file is put in the public domain. # -# Yuri Chornoivan , 2011, 2012, 2013, 2014, 2015, 2016, 2017, 2018, 2019, 2020. +# Yuri Chornoivan , 2011-2021. msgid "" msgstr "" -"Project-Id-Version: sudoers 1.9.4b1\n" +"Project-Id-Version: sudoers 1.9.9b1\n" "Report-Msgid-Bugs-To: https://bugzilla.sudo.ws\n" -"POT-Creation-Date: 2020-11-14 06:24-0700\n" -"PO-Revision-Date: 2020-11-17 18:30+0200\n" +"POT-Creation-Date: 2021-12-08 10:19-0700\n" +"PO-Revision-Date: 2021-12-10 18:18+0200\n" "Last-Translator: Yuri Chornoivan \n" "Language-Team: Ukrainian \n" "Language: uk\n" @@ -16,9 +16,9 @@ "Content-Transfer-Encoding: 8bit\n" "X-Bugs: Report translation errors to the Language-Team address.\n" "Plural-Forms: nplurals=4; plural=n==1 ? 3 : n%10==1 && n%100!=11 ? 0 : n%10>=2 && n%10<=4 && (n%100<10 || n%100>=20) ? 1 : 2;\n" -"X-Generator: Lokalize 20.11.70\n" +"X-Generator: Lokalize 20.12.0\n" -#: confstr.sh:1 gram.y:1077 +#: confstr.sh:1 gram.y:1201 msgid "syntax error" msgstr "синтаксична помилка" @@ -42,869 +42,1298 @@ msgid "Sorry, try again." msgstr "Вибачте, повторіть спробу." -#: gram.y:220 gram.y:286 gram.y:293 gram.y:300 gram.y:307 gram.y:314 -#: gram.y:334 gram.y:358 gram.y:365 gram.y:372 gram.y:379 gram.y:386 -#: gram.y:455 gram.y:464 gram.y:475 gram.y:510 gram.y:517 gram.y:524 -#: gram.y:531 gram.y:558 gram.y:654 gram.y:661 gram.y:670 gram.y:679 -#: gram.y:696 gram.y:834 gram.y:841 gram.y:849 gram.y:855 gram.y:971 -#: gram.y:978 gram.y:985 gram.y:992 gram.y:999 gram.y:1025 gram.y:1032 -#: gram.y:1039 gram.y:1236 gram.y:1526 lib/eventlog/eventlog.c:280 -#: lib/eventlog/eventlog.c:352 lib/eventlog/eventlog.c:753 -#: lib/eventlog/eventlog.c:817 lib/eventlog/eventlog.c:1062 -#: lib/iolog/iolog_fileio.c:998 lib/iolog/iolog_json.c:120 -#: lib/iolog/iolog_json.c:305 lib/iolog/iolog_json.c:335 -#: lib/iolog/iolog_json.c:457 lib/iolog/iolog_util.c:106 -#: lib/iolog/iolog_util.c:115 lib/iolog/iolog_util.c:125 -#: lib/iolog/iolog_util.c:133 lib/iolog/iolog_util.c:137 -#: lib/iolog/iolog_util.c:196 logsrvd/sendlog.c:480 -#: plugins/sudoers/alias.c:126 plugins/sudoers/alias.c:134 -#: plugins/sudoers/alias.c:153 plugins/sudoers/audit.c:115 -#: plugins/sudoers/audit.c:210 plugins/sudoers/auth/bsdauth.c:143 -#: plugins/sudoers/auth/kerb5.c:118 plugins/sudoers/auth/kerb5.c:144 -#: plugins/sudoers/auth/pam.c:669 plugins/sudoers/auth/rfc1938.c:111 -#: plugins/sudoers/auth/sia.c:59 plugins/sudoers/cvtsudoers.c:119 -#: plugins/sudoers/cvtsudoers.c:160 plugins/sudoers/cvtsudoers.c:177 -#: plugins/sudoers/cvtsudoers.c:188 plugins/sudoers/cvtsudoers.c:300 -#: plugins/sudoers/cvtsudoers.c:428 plugins/sudoers/cvtsudoers.c:561 -#: plugins/sudoers/cvtsudoers.c:578 plugins/sudoers/cvtsudoers.c:641 -#: plugins/sudoers/cvtsudoers.c:756 plugins/sudoers/cvtsudoers.c:764 -#: plugins/sudoers/cvtsudoers.c:1178 plugins/sudoers/cvtsudoers.c:1182 -#: plugins/sudoers/cvtsudoers.c:1284 plugins/sudoers/cvtsudoers_json.c:76 +#: gram.y:233 gram.y:300 gram.y:309 gram.y:318 gram.y:328 gram.y:338 +#: gram.y:362 gram.y:389 gram.y:398 gram.y:406 gram.y:415 gram.y:424 +#: gram.y:498 gram.y:508 gram.y:520 gram.y:564 gram.y:573 gram.y:582 +#: gram.y:591 gram.y:718 gram.y:726 gram.y:737 gram.y:749 gram.y:768 +#: gram.y:923 gram.y:928 gram.y:936 gram.y:950 gram.y:956 gram.y:1078 +#: gram.y:1087 gram.y:1095 gram.y:1104 gram.y:1113 gram.y:1142 gram.y:1151 +#: gram.y:1159 gram.y:1249 gram.y:1377 gram.y:1744 gram.y:1794 +#: lib/eventlog/eventlog.c:309 lib/eventlog/eventlog.c:382 +#: lib/eventlog/eventlog.c:804 lib/eventlog/eventlog.c:881 +#: lib/eventlog/eventlog.c:1176 lib/iolog/iolog_json.c:150 +#: lib/iolog/iolog_json.c:382 lib/iolog/iolog_json.c:412 +#: lib/iolog/iolog_json.c:555 lib/iolog/iolog_legacy.c:100 +#: lib/iolog/iolog_legacy.c:111 lib/iolog/iolog_legacy.c:123 +#: lib/iolog/iolog_legacy.c:133 lib/iolog/iolog_legacy.c:139 +#: lib/iolog/iolog_loginfo.c:76 lib/iolog/iolog_loginfo.c:211 +#: logsrvd/iolog_writer.c:84 logsrvd/iolog_writer.c:89 +#: logsrvd/iolog_writer.c:123 logsrvd/iolog_writer.c:172 +#: logsrvd/iolog_writer.c:212 logsrvd/iolog_writer.c:225 +#: logsrvd/iolog_writer.c:261 logsrvd/iolog_writer.c:286 +#: logsrvd/iolog_writer.c:301 logsrvd/iolog_writer.c:314 +#: logsrvd/iolog_writer.c:327 logsrvd/iolog_writer.c:340 +#: logsrvd/iolog_writer.c:355 logsrvd/iolog_writer.c:393 +#: logsrvd/iolog_writer.c:399 logsrvd/iolog_writer.c:406 +#: logsrvd/iolog_writer.c:412 logsrvd/iolog_writer.c:596 +#: logsrvd/logsrv_util.c:64 logsrvd/logsrvd.c:296 logsrvd/logsrvd.c:305 +#: logsrvd/logsrvd.c:1011 logsrvd/logsrvd.c:1073 logsrvd/logsrvd_conf.c:1360 +#: logsrvd/logsrvd_journal.c:70 logsrvd/logsrvd_journal.c:203 +#: logsrvd/logsrvd_journal.c:204 logsrvd/logsrvd_journal.c:260 +#: logsrvd/logsrvd_journal.c:425 logsrvd/logsrvd_journal.c:427 +#: logsrvd/logsrvd_local.c:174 logsrvd/logsrvd_local.c:175 +#: logsrvd/logsrvd_local.c:237 logsrvd/logsrvd_local.c:238 +#: logsrvd/logsrvd_local.c:376 logsrvd/logsrvd_local.c:425 +#: logsrvd/logsrvd_local.c:426 logsrvd/logsrvd_local.c:431 +#: logsrvd/logsrvd_local.c:432 logsrvd/logsrvd_queue.c:154 +#: logsrvd/logsrvd_queue.c:184 logsrvd/logsrvd_queue.c:261 +#: logsrvd/logsrvd_relay.c:439 logsrvd/logsrvd_relay.c:738 +#: logsrvd/logsrvd_relay.c:843 logsrvd/sendlog.c:246 logsrvd/sendlog.c:255 +#: logsrvd/sendlog.c:333 logsrvd/sendlog.c:640 plugins/sudoers/audit.c:116 +#: plugins/sudoers/auth/bsdauth.c:147 plugins/sudoers/auth/kerb5.c:118 +#: plugins/sudoers/auth/kerb5.c:146 plugins/sudoers/auth/pam.c:689 +#: plugins/sudoers/auth/rfc1938.c:111 plugins/sudoers/auth/sia.c:59 +#: plugins/sudoers/check_aliases.c:134 plugins/sudoers/cvtsudoers.c:131 +#: plugins/sudoers/cvtsudoers.c:175 plugins/sudoers/cvtsudoers.c:192 +#: plugins/sudoers/cvtsudoers.c:203 plugins/sudoers/cvtsudoers.c:333 +#: plugins/sudoers/cvtsudoers.c:372 plugins/sudoers/cvtsudoers.c:392 +#: plugins/sudoers/cvtsudoers.c:534 plugins/sudoers/cvtsudoers.c:667 +#: plugins/sudoers/cvtsudoers.c:685 plugins/sudoers/cvtsudoers.c:755 +#: plugins/sudoers/cvtsudoers.c:870 plugins/sudoers/cvtsudoers.c:878 +#: plugins/sudoers/cvtsudoers.c:1373 plugins/sudoers/cvtsudoers.c:1377 +#: plugins/sudoers/cvtsudoers.c:1479 plugins/sudoers/cvtsudoers_csv.c:183 +#: plugins/sudoers/cvtsudoers_csv.c:246 plugins/sudoers/cvtsudoers_json.c:76 #: plugins/sudoers/cvtsudoers_ldif.c:151 plugins/sudoers/cvtsudoers_ldif.c:194 #: plugins/sudoers/cvtsudoers_ldif.c:235 plugins/sudoers/cvtsudoers_ldif.c:300 -#: plugins/sudoers/cvtsudoers_ldif.c:371 plugins/sudoers/cvtsudoers_ldif.c:421 -#: plugins/sudoers/cvtsudoers_ldif.c:429 plugins/sudoers/cvtsudoers_ldif.c:440 -#: plugins/sudoers/cvtsudoers_ldif.c:447 plugins/sudoers/cvtsudoers_ldif.c:460 -#: plugins/sudoers/cvtsudoers_ldif.c:468 plugins/sudoers/cvtsudoers_ldif.c:615 -#: plugins/sudoers/defaults.c:630 plugins/sudoers/defaults.c:923 -#: plugins/sudoers/defaults.c:1098 plugins/sudoers/editor.c:181 -#: plugins/sudoers/env.c:261 plugins/sudoers/exptilde.c:92 -#: plugins/sudoers/filedigest.c:54 plugins/sudoers/filedigest.c:70 -#: plugins/sudoers/gc.c:56 plugins/sudoers/group_plugin.c:133 -#: plugins/sudoers/interfaces.c:72 plugins/sudoers/iolog.c:596 -#: plugins/sudoers/iolog.c:613 plugins/sudoers/ldap.c:184 -#: plugins/sudoers/ldap.c:422 plugins/sudoers/ldap.c:432 -#: plugins/sudoers/ldap.c:437 plugins/sudoers/ldap.c:441 -#: plugins/sudoers/ldap.c:453 plugins/sudoers/ldap.c:744 -#: plugins/sudoers/ldap.c:908 plugins/sudoers/ldap.c:1281 -#: plugins/sudoers/ldap.c:1709 plugins/sudoers/ldap.c:1746 -#: plugins/sudoers/ldap.c:1827 plugins/sudoers/ldap.c:1962 -#: plugins/sudoers/ldap.c:2063 plugins/sudoers/ldap.c:2079 -#: plugins/sudoers/ldap_conf.c:218 plugins/sudoers/ldap_conf.c:249 -#: plugins/sudoers/ldap_conf.c:301 plugins/sudoers/ldap_conf.c:337 -#: plugins/sudoers/ldap_conf.c:441 plugins/sudoers/ldap_conf.c:456 -#: plugins/sudoers/ldap_conf.c:553 plugins/sudoers/ldap_conf.c:586 -#: plugins/sudoers/ldap_conf.c:678 plugins/sudoers/ldap_conf.c:760 -#: plugins/sudoers/ldap_util.c:326 plugins/sudoers/ldap_util.c:333 -#: plugins/sudoers/ldap_util.c:603 plugins/sudoers/linux_audit.c:84 -#: plugins/sudoers/log_client.c:105 plugins/sudoers/log_client.c:381 -#: plugins/sudoers/log_client.c:688 plugins/sudoers/log_client.c:706 -#: plugins/sudoers/log_client.c:1407 plugins/sudoers/log_client.c:1620 -#: plugins/sudoers/log_client.c:1942 plugins/sudoers/log_client.c:1999 -#: plugins/sudoers/logging.c:100 plugins/sudoers/logging.c:166 -#: plugins/sudoers/logging.c:426 plugins/sudoers/logging.c:446 -#: plugins/sudoers/logging.c:527 plugins/sudoers/match_command.c:281 -#: plugins/sudoers/match_command.c:449 plugins/sudoers/match_command.c:499 -#: plugins/sudoers/match_command.c:573 plugins/sudoers/match_digest.c:93 -#: plugins/sudoers/parse.c:199 plugins/sudoers/parse.c:213 -#: plugins/sudoers/parse.c:230 plugins/sudoers/parse.c:244 -#: plugins/sudoers/parse.c:264 plugins/sudoers/parse.c:275 +#: plugins/sudoers/cvtsudoers_ldif.c:376 plugins/sudoers/cvtsudoers_ldif.c:430 +#: plugins/sudoers/cvtsudoers_ldif.c:438 plugins/sudoers/cvtsudoers_ldif.c:449 +#: plugins/sudoers/cvtsudoers_ldif.c:456 plugins/sudoers/cvtsudoers_ldif.c:469 +#: plugins/sudoers/cvtsudoers_ldif.c:477 plugins/sudoers/cvtsudoers_ldif.c:624 +#: plugins/sudoers/cvtsudoers_merge.c:246 +#: plugins/sudoers/cvtsudoers_merge.c:292 +#: plugins/sudoers/cvtsudoers_merge.c:339 +#: plugins/sudoers/cvtsudoers_merge.c:360 +#: plugins/sudoers/cvtsudoers_merge.c:446 +#: plugins/sudoers/cvtsudoers_merge.c:457 +#: plugins/sudoers/cvtsudoers_merge.c:526 +#: plugins/sudoers/cvtsudoers_merge.c:696 +#: plugins/sudoers/cvtsudoers_merge.c:704 +#: plugins/sudoers/cvtsudoers_merge.c:927 +#: plugins/sudoers/cvtsudoers_merge.c:962 plugins/sudoers/defaults.c:665 +#: plugins/sudoers/defaults.c:1019 plugins/sudoers/defaults.c:1206 +#: plugins/sudoers/editor.c:190 plugins/sudoers/env.c:262 +#: plugins/sudoers/exptilde.c:92 plugins/sudoers/filedigest.c:54 +#: plugins/sudoers/filedigest.c:70 plugins/sudoers/gc.c:57 +#: plugins/sudoers/group_plugin.c:133 plugins/sudoers/interfaces.c:68 +#: plugins/sudoers/iolog.c:609 plugins/sudoers/iolog.c:635 +#: plugins/sudoers/ldap.c:184 plugins/sudoers/ldap.c:422 +#: plugins/sudoers/ldap.c:432 plugins/sudoers/ldap.c:437 +#: plugins/sudoers/ldap.c:441 plugins/sudoers/ldap.c:453 +#: plugins/sudoers/ldap.c:749 plugins/sudoers/ldap.c:913 +#: plugins/sudoers/ldap.c:1286 plugins/sudoers/ldap.c:1712 +#: plugins/sudoers/ldap.c:1749 plugins/sudoers/ldap.c:1830 +#: plugins/sudoers/ldap.c:1965 plugins/sudoers/ldap.c:2066 +#: plugins/sudoers/ldap.c:2082 plugins/sudoers/ldap_conf.c:218 +#: plugins/sudoers/ldap_conf.c:249 plugins/sudoers/ldap_conf.c:301 +#: plugins/sudoers/ldap_conf.c:337 plugins/sudoers/ldap_conf.c:441 +#: plugins/sudoers/ldap_conf.c:456 plugins/sudoers/ldap_conf.c:553 +#: plugins/sudoers/ldap_conf.c:586 plugins/sudoers/ldap_conf.c:678 +#: plugins/sudoers/ldap_conf.c:760 plugins/sudoers/ldap_util.c:293 +#: plugins/sudoers/ldap_util.c:300 plugins/sudoers/ldap_util.c:613 +#: plugins/sudoers/linux_audit.c:86 plugins/sudoers/log_client.c:112 +#: plugins/sudoers/log_client.c:390 plugins/sudoers/log_client.c:703 +#: plugins/sudoers/log_client.c:724 plugins/sudoers/log_client.c:1444 +#: plugins/sudoers/log_client.c:1662 plugins/sudoers/log_client.c:1989 +#: plugins/sudoers/log_client.c:2046 plugins/sudoers/logging.c:104 +#: plugins/sudoers/logging.c:184 plugins/sudoers/logging.c:468 +#: plugins/sudoers/logging.c:488 plugins/sudoers/logging.c:627 +#: plugins/sudoers/match_command.c:297 plugins/sudoers/match_command.c:497 +#: plugins/sudoers/match_command.c:546 plugins/sudoers/match_command.c:618 +#: plugins/sudoers/match_command.c:666 plugins/sudoers/match_digest.c:93 +#: plugins/sudoers/parse.c:201 plugins/sudoers/parse.c:218 +#: plugins/sudoers/parse.c:250 plugins/sudoers/parse.c:267 +#: plugins/sudoers/parse.c:290 plugins/sudoers/parse.c:301 #: plugins/sudoers/parse_ldif.c:153 plugins/sudoers/parse_ldif.c:184 -#: plugins/sudoers/parse_ldif.c:253 plugins/sudoers/parse_ldif.c:260 -#: plugins/sudoers/parse_ldif.c:265 plugins/sudoers/parse_ldif.c:341 -#: plugins/sudoers/parse_ldif.c:352 plugins/sudoers/parse_ldif.c:379 -#: plugins/sudoers/parse_ldif.c:396 plugins/sudoers/parse_ldif.c:408 -#: plugins/sudoers/parse_ldif.c:412 plugins/sudoers/parse_ldif.c:426 -#: plugins/sudoers/parse_ldif.c:594 plugins/sudoers/parse_ldif.c:624 -#: plugins/sudoers/parse_ldif.c:649 plugins/sudoers/parse_ldif.c:707 -#: plugins/sudoers/parse_ldif.c:724 plugins/sudoers/parse_ldif.c:752 -#: plugins/sudoers/parse_ldif.c:759 plugins/sudoers/policy.c:526 -#: plugins/sudoers/policy.c:874 plugins/sudoers/prompt.c:93 -#: plugins/sudoers/pwutil.c:194 plugins/sudoers/pwutil.c:265 -#: plugins/sudoers/pwutil.c:343 plugins/sudoers/pwutil.c:517 -#: plugins/sudoers/pwutil.c:581 plugins/sudoers/pwutil.c:652 -#: plugins/sudoers/pwutil.c:811 plugins/sudoers/pwutil.c:867 -#: plugins/sudoers/pwutil.c:911 plugins/sudoers/pwutil.c:968 -#: plugins/sudoers/sssd.c:145 plugins/sudoers/sssd.c:407 -#: plugins/sudoers/sssd.c:470 plugins/sudoers/sssd.c:514 -#: plugins/sudoers/sssd.c:561 plugins/sudoers/sssd.c:754 -#: plugins/sudoers/stubs.c:110 plugins/sudoers/stubs.c:118 -#: plugins/sudoers/sudoers.c:300 plugins/sudoers/sudoers.c:326 -#: plugins/sudoers/sudoers.c:370 plugins/sudoers/sudoers.c:381 -#: plugins/sudoers/sudoers.c:391 plugins/sudoers/sudoers.c:433 -#: plugins/sudoers/sudoers.c:794 plugins/sudoers/sudoers.c:927 -#: plugins/sudoers/sudoers.c:961 plugins/sudoers/sudoers.c:1265 -#: plugins/sudoers/sudoreplay.c:552 plugins/sudoers/sudoreplay.c:555 -#: plugins/sudoers/sudoreplay.c:1259 plugins/sudoers/sudoreplay.c:1469 -#: plugins/sudoers/sudoreplay.c:1473 plugins/sudoers/testsudoers.c:128 -#: plugins/sudoers/testsudoers.c:228 plugins/sudoers/testsudoers.c:245 -#: plugins/sudoers/testsudoers.c:587 plugins/sudoers/timestamp.c:432 -#: plugins/sudoers/timestamp.c:476 plugins/sudoers/timestamp.c:986 -#: plugins/sudoers/toke_util.c:51 plugins/sudoers/toke_util.c:104 -#: plugins/sudoers/toke_util.c:129 plugins/sudoers/toke_util.c:157 -#: plugins/sudoers/tsdump.c:123 plugins/sudoers/visudo.c:145 -#: plugins/sudoers/visudo.c:323 plugins/sudoers/visudo.c:329 -#: plugins/sudoers/visudo.c:439 plugins/sudoers/visudo.c:615 -#: plugins/sudoers/visudo.c:935 plugins/sudoers/visudo.c:1008 -#: plugins/sudoers/visudo.c:1129 toke.l:913 toke.l:1033 toke.l:1091 +#: plugins/sudoers/parse_ldif.c:253 plugins/sudoers/parse_ldif.c:261 +#: plugins/sudoers/parse_ldif.c:266 plugins/sudoers/parse_ldif.c:342 +#: plugins/sudoers/parse_ldif.c:353 plugins/sudoers/parse_ldif.c:380 +#: plugins/sudoers/parse_ldif.c:397 plugins/sudoers/parse_ldif.c:409 +#: plugins/sudoers/parse_ldif.c:413 plugins/sudoers/parse_ldif.c:427 +#: plugins/sudoers/parse_ldif.c:484 plugins/sudoers/parse_ldif.c:597 +#: plugins/sudoers/parse_ldif.c:627 plugins/sudoers/parse_ldif.c:652 +#: plugins/sudoers/parse_ldif.c:710 plugins/sudoers/parse_ldif.c:727 +#: plugins/sudoers/parse_ldif.c:755 plugins/sudoers/parse_ldif.c:762 +#: plugins/sudoers/policy.c:564 plugins/sudoers/policy.c:978 +#: plugins/sudoers/prompt.c:93 plugins/sudoers/pwutil.c:199 +#: plugins/sudoers/pwutil.c:270 plugins/sudoers/pwutil.c:348 +#: plugins/sudoers/pwutil.c:522 plugins/sudoers/pwutil.c:587 +#: plugins/sudoers/pwutil.c:659 plugins/sudoers/pwutil.c:857 +#: plugins/sudoers/pwutil.c:913 plugins/sudoers/pwutil.c:957 +#: plugins/sudoers/pwutil.c:1014 plugins/sudoers/sssd.c:145 +#: plugins/sudoers/sssd.c:407 plugins/sudoers/sssd.c:470 +#: plugins/sudoers/sssd.c:514 plugins/sudoers/sssd.c:558 +#: plugins/sudoers/sssd.c:751 plugins/sudoers/strvec_join.c:53 +#: plugins/sudoers/stubs.c:111 plugins/sudoers/stubs.c:119 +#: plugins/sudoers/sudoers.c:335 plugins/sudoers/sudoers.c:361 +#: plugins/sudoers/sudoers.c:429 plugins/sudoers/sudoers.c:438 +#: plugins/sudoers/sudoers.c:479 plugins/sudoers/sudoers.c:842 +#: plugins/sudoers/sudoers.c:980 plugins/sudoers/sudoers.c:1039 +#: plugins/sudoers/sudoers.c:1305 plugins/sudoers/sudoreplay.c:562 +#: plugins/sudoers/sudoreplay.c:565 plugins/sudoers/sudoreplay.c:1280 +#: plugins/sudoers/sudoreplay.c:1500 plugins/sudoers/sudoreplay.c:1504 +#: plugins/sudoers/testsudoers.c:120 plugins/sudoers/testsudoers.c:224 +#: plugins/sudoers/testsudoers.c:241 plugins/sudoers/testsudoers.c:580 +#: plugins/sudoers/timestamp.c:424 plugins/sudoers/timestamp.c:468 +#: plugins/sudoers/timestamp.c:980 plugins/sudoers/timestamp.c:1118 +#: plugins/sudoers/toke_util.c:77 plugins/sudoers/toke_util.c:105 +#: plugins/sudoers/toke_util.c:130 plugins/sudoers/toke_util.c:155 +#: plugins/sudoers/toke_util.c:193 plugins/sudoers/tsdump.c:123 +#: plugins/sudoers/visudo.c:145 plugins/sudoers/visudo.c:344 +#: plugins/sudoers/visudo.c:350 plugins/sudoers/visudo.c:456 +#: plugins/sudoers/visudo.c:632 plugins/sudoers/visudo.c:962 +#: plugins/sudoers/visudo.c:1035 toke.l:944 toke.l:1076 toke.l:1147 msgid "unable to allocate memory" msgstr "не вдалося отримати потрібний об’єм пам’яті" -#: gram.y:552 +#: gram.y:615 msgid "a digest requires a path name" msgstr "для контрольної суми слід вказати шлях" -#: gram.y:581 +#: gram.y:637 msgid "values for \"CWD\" must start with a '/', '~', or '*'" msgstr "значення «CWD» мають починатися з «/», «~» або «*»" -#: gram.y:593 +#: gram.y:643 +msgid "\"CWD\" path too long" +msgstr "Шлях «CWD» є надто довгим" + +#: gram.y:653 msgid "values for \"CHROOT\" must start with a '/', '~', or '*'" msgstr "значення «CHROOT» мають починатися з «/», «~» або «*»" -#: gram.y:715 +#: gram.y:659 +msgid "\"CHROOT\" path too long" +msgstr "Шлях «CHROOT» є надто довгим" + +#: gram.y:788 #, c-format msgid "syntax error, reserved word %s used as an alias name" msgstr "синтаксична помилка, як назву замінника використано зарезервоване слово %s" -#: gram.y:735 +#: gram.y:811 msgid "invalid notbefore value" msgstr "некоректне значення notbefore" -#: gram.y:743 +#: gram.y:820 msgid "invalid notafter value" msgstr "некоректне значення notafter" -#: gram.y:752 plugins/sudoers/policy.c:335 +#: gram.y:830 plugins/sudoers/policy.c:353 msgid "timeout value too large" msgstr "значення часу очікування є надто великим" -#: gram.y:754 plugins/sudoers/policy.c:337 +#: gram.y:832 plugins/sudoers/policy.c:355 msgid "invalid timeout value" msgstr "некоректне значення часу очікування" -#: gram.y:1079 +#: gram.y:946 plugins/sudoers/sudoers.c:998 +msgid "command too long" +msgstr "надто довга команда" + +#: gram.y:1203 #, c-format msgid "%s:%d:%d: %s\n" msgstr "%s:%d:%d: %s\n" -#: gram.y:1526 lib/eventlog/eventlog.c:280 lib/eventlog/eventlog.c:753 -#: lib/eventlog/eventlog.c:815 lib/eventlog/eventlog.c:816 -#: lib/eventlog/eventlog.c:1062 lib/iolog/iolog_fileio.c:998 -#: lib/iolog/iolog_json.c:120 lib/iolog/iolog_json.c:304 -#: lib/iolog/iolog_json.c:335 lib/iolog/iolog_json.c:457 -#: lib/iolog/iolog_json.c:735 lib/iolog/iolog_util.c:106 -#: lib/iolog/iolog_util.c:115 lib/iolog/iolog_util.c:125 -#: lib/iolog/iolog_util.c:133 lib/iolog/iolog_util.c:137 -#: lib/iolog/iolog_util.c:196 logsrvd/logsrvd.c:1280 logsrvd/logsrvd.c:1293 -#: logsrvd/logsrvd.c:1338 logsrvd/sendlog.c:480 logsrvd/sendlog.c:1321 -#: logsrvd/sendlog.c:1328 logsrvd/sendlog.c:1746 plugins/sudoers/audit.c:115 -#: plugins/sudoers/audit.c:210 plugins/sudoers/auth/pam.c:482 -#: plugins/sudoers/auth/pam.c:669 plugins/sudoers/auth/rfc1938.c:111 -#: plugins/sudoers/cvtsudoers.c:119 plugins/sudoers/cvtsudoers.c:159 -#: plugins/sudoers/cvtsudoers.c:176 plugins/sudoers/cvtsudoers.c:187 -#: plugins/sudoers/cvtsudoers.c:299 plugins/sudoers/cvtsudoers.c:427 -#: plugins/sudoers/cvtsudoers.c:560 plugins/sudoers/cvtsudoers.c:577 -#: plugins/sudoers/cvtsudoers.c:641 plugins/sudoers/cvtsudoers.c:756 -#: plugins/sudoers/cvtsudoers.c:763 plugins/sudoers/cvtsudoers.c:1178 -#: plugins/sudoers/cvtsudoers.c:1182 plugins/sudoers/cvtsudoers.c:1284 +#: gram.y:1247 +#, c-format +msgid "Alias \"%s\" already defined" +msgstr "Замінник «%s» вже визначено" + +#: gram.y:1744 gram.y:1794 lib/eventlog/eventlog.c:309 +#: lib/eventlog/eventlog.c:804 lib/eventlog/eventlog.c:877 +#: lib/eventlog/eventlog.c:880 lib/eventlog/eventlog.c:1176 +#: lib/iolog/iolog_json.c:150 lib/iolog/iolog_json.c:381 +#: lib/iolog/iolog_json.c:412 lib/iolog/iolog_json.c:555 +#: lib/iolog/iolog_legacy.c:100 lib/iolog/iolog_legacy.c:111 +#: lib/iolog/iolog_legacy.c:123 lib/iolog/iolog_legacy.c:133 +#: lib/iolog/iolog_legacy.c:139 lib/iolog/iolog_loginfo.c:76 +#: lib/iolog/iolog_loginfo.c:211 logsrvd/iolog_writer.c:84 +#: logsrvd/iolog_writer.c:89 logsrvd/iolog_writer.c:123 +#: logsrvd/iolog_writer.c:162 logsrvd/iolog_writer.c:171 +#: logsrvd/iolog_writer.c:189 logsrvd/iolog_writer.c:211 +#: logsrvd/iolog_writer.c:224 logsrvd/iolog_writer.c:251 +#: logsrvd/iolog_writer.c:260 logsrvd/iolog_writer.c:276 +#: logsrvd/iolog_writer.c:285 logsrvd/iolog_writer.c:300 +#: logsrvd/iolog_writer.c:313 logsrvd/iolog_writer.c:326 +#: logsrvd/iolog_writer.c:339 logsrvd/iolog_writer.c:354 +#: logsrvd/iolog_writer.c:393 logsrvd/iolog_writer.c:399 +#: logsrvd/iolog_writer.c:406 logsrvd/iolog_writer.c:412 +#: logsrvd/iolog_writer.c:596 logsrvd/logsrv_util.c:64 logsrvd/logsrvd.c:296 +#: logsrvd/logsrvd.c:305 logsrvd/logsrvd.c:448 logsrvd/logsrvd.c:485 +#: logsrvd/logsrvd.c:593 logsrvd/logsrvd.c:1084 logsrvd/logsrvd.c:1400 +#: logsrvd/logsrvd.c:1406 logsrvd/logsrvd_conf.c:1360 +#: logsrvd/logsrvd_journal.c:70 logsrvd/logsrvd_journal.c:114 +#: logsrvd/logsrvd_journal.c:203 logsrvd/logsrvd_journal.c:233 +#: logsrvd/logsrvd_journal.c:237 logsrvd/logsrvd_journal.c:245 +#: logsrvd/logsrvd_journal.c:268 logsrvd/logsrvd_journal.c:272 +#: logsrvd/logsrvd_journal.c:425 logsrvd/logsrvd_local.c:174 +#: logsrvd/logsrvd_local.c:237 logsrvd/logsrvd_local.c:425 +#: logsrvd/logsrvd_local.c:431 logsrvd/logsrvd_local.c:450 +#: logsrvd/logsrvd_queue.c:153 logsrvd/logsrvd_queue.c:184 +#: logsrvd/logsrvd_queue.c:261 logsrvd/sendlog.c:246 logsrvd/sendlog.c:255 +#: logsrvd/sendlog.c:333 logsrvd/sendlog.c:640 logsrvd/sendlog.c:1526 +#: logsrvd/sendlog.c:1533 logsrvd/sendlog.c:1756 logsrvd/tls_init.c:293 +#: logsrvd/tls_init.c:314 logsrvd/tls_init.c:324 plugins/sudoers/audit.c:116 +#: plugins/sudoers/auth/pam.c:503 plugins/sudoers/auth/pam.c:689 +#: plugins/sudoers/auth/rfc1938.c:111 plugins/sudoers/check_aliases.c:134 +#: plugins/sudoers/cvtsudoers.c:131 plugins/sudoers/cvtsudoers.c:174 +#: plugins/sudoers/cvtsudoers.c:191 plugins/sudoers/cvtsudoers.c:202 +#: plugins/sudoers/cvtsudoers.c:332 plugins/sudoers/cvtsudoers.c:533 +#: plugins/sudoers/cvtsudoers.c:666 plugins/sudoers/cvtsudoers.c:684 +#: plugins/sudoers/cvtsudoers.c:755 plugins/sudoers/cvtsudoers.c:870 +#: plugins/sudoers/cvtsudoers.c:877 plugins/sudoers/cvtsudoers.c:1373 +#: plugins/sudoers/cvtsudoers.c:1377 plugins/sudoers/cvtsudoers.c:1479 +#: plugins/sudoers/cvtsudoers_csv.c:182 plugins/sudoers/cvtsudoers_csv.c:245 #: plugins/sudoers/cvtsudoers_json.c:75 plugins/sudoers/cvtsudoers_ldif.c:150 #: plugins/sudoers/cvtsudoers_ldif.c:193 plugins/sudoers/cvtsudoers_ldif.c:234 -#: plugins/sudoers/cvtsudoers_ldif.c:299 plugins/sudoers/cvtsudoers_ldif.c:370 -#: plugins/sudoers/cvtsudoers_ldif.c:420 plugins/sudoers/cvtsudoers_ldif.c:428 -#: plugins/sudoers/cvtsudoers_ldif.c:439 plugins/sudoers/cvtsudoers_ldif.c:446 -#: plugins/sudoers/cvtsudoers_ldif.c:459 plugins/sudoers/cvtsudoers_ldif.c:467 -#: plugins/sudoers/cvtsudoers_ldif.c:614 plugins/sudoers/defaults.c:630 -#: plugins/sudoers/defaults.c:923 plugins/sudoers/defaults.c:1098 -#: plugins/sudoers/editor.c:181 plugins/sudoers/env.c:261 +#: plugins/sudoers/cvtsudoers_ldif.c:299 plugins/sudoers/cvtsudoers_ldif.c:375 +#: plugins/sudoers/cvtsudoers_ldif.c:429 plugins/sudoers/cvtsudoers_ldif.c:437 +#: plugins/sudoers/cvtsudoers_ldif.c:448 plugins/sudoers/cvtsudoers_ldif.c:455 +#: plugins/sudoers/cvtsudoers_ldif.c:468 plugins/sudoers/cvtsudoers_ldif.c:476 +#: plugins/sudoers/cvtsudoers_ldif.c:623 +#: plugins/sudoers/cvtsudoers_merge.c:246 +#: plugins/sudoers/cvtsudoers_merge.c:292 +#: plugins/sudoers/cvtsudoers_merge.c:338 +#: plugins/sudoers/cvtsudoers_merge.c:359 +#: plugins/sudoers/cvtsudoers_merge.c:446 +#: plugins/sudoers/cvtsudoers_merge.c:454 +#: plugins/sudoers/cvtsudoers_merge.c:457 +#: plugins/sudoers/cvtsudoers_merge.c:523 +#: plugins/sudoers/cvtsudoers_merge.c:526 +#: plugins/sudoers/cvtsudoers_merge.c:695 +#: plugins/sudoers/cvtsudoers_merge.c:703 +#: plugins/sudoers/cvtsudoers_merge.c:926 +#: plugins/sudoers/cvtsudoers_merge.c:962 plugins/sudoers/defaults.c:665 +#: plugins/sudoers/defaults.c:1019 plugins/sudoers/defaults.c:1206 +#: plugins/sudoers/editor.c:190 plugins/sudoers/env.c:262 #: plugins/sudoers/exptilde.c:92 plugins/sudoers/filedigest.c:54 -#: plugins/sudoers/filedigest.c:70 plugins/sudoers/gc.c:56 -#: plugins/sudoers/group_plugin.c:132 plugins/sudoers/interfaces.c:72 -#: plugins/sudoers/iolog.c:596 plugins/sudoers/iolog.c:613 +#: plugins/sudoers/filedigest.c:70 plugins/sudoers/gc.c:57 +#: plugins/sudoers/group_plugin.c:132 plugins/sudoers/interfaces.c:68 +#: plugins/sudoers/iolog.c:609 plugins/sudoers/iolog.c:635 #: plugins/sudoers/ldap.c:184 plugins/sudoers/ldap.c:422 #: plugins/sudoers/ldap.c:432 plugins/sudoers/ldap.c:437 #: plugins/sudoers/ldap.c:441 plugins/sudoers/ldap.c:453 -#: plugins/sudoers/ldap.c:744 plugins/sudoers/ldap.c:908 -#: plugins/sudoers/ldap.c:1281 plugins/sudoers/ldap.c:1709 -#: plugins/sudoers/ldap.c:1746 plugins/sudoers/ldap.c:1827 -#: plugins/sudoers/ldap.c:1962 plugins/sudoers/ldap.c:2063 -#: plugins/sudoers/ldap.c:2079 plugins/sudoers/ldap_conf.c:218 +#: plugins/sudoers/ldap.c:749 plugins/sudoers/ldap.c:913 +#: plugins/sudoers/ldap.c:1286 plugins/sudoers/ldap.c:1712 +#: plugins/sudoers/ldap.c:1749 plugins/sudoers/ldap.c:1830 +#: plugins/sudoers/ldap.c:1965 plugins/sudoers/ldap.c:2066 +#: plugins/sudoers/ldap.c:2082 plugins/sudoers/ldap_conf.c:218 #: plugins/sudoers/ldap_conf.c:249 plugins/sudoers/ldap_conf.c:301 #: plugins/sudoers/ldap_conf.c:337 plugins/sudoers/ldap_conf.c:441 #: plugins/sudoers/ldap_conf.c:456 plugins/sudoers/ldap_conf.c:553 #: plugins/sudoers/ldap_conf.c:586 plugins/sudoers/ldap_conf.c:677 -#: plugins/sudoers/ldap_conf.c:760 plugins/sudoers/ldap_util.c:325 -#: plugins/sudoers/ldap_util.c:332 plugins/sudoers/ldap_util.c:603 -#: plugins/sudoers/linux_audit.c:84 plugins/sudoers/log_client.c:105 -#: plugins/sudoers/log_client.c:214 plugins/sudoers/log_client.c:235 -#: plugins/sudoers/log_client.c:248 plugins/sudoers/log_client.c:381 -#: plugins/sudoers/log_client.c:688 plugins/sudoers/log_client.c:706 -#: plugins/sudoers/log_client.c:1407 plugins/sudoers/log_client.c:1620 -#: plugins/sudoers/log_client.c:1942 plugins/sudoers/log_client.c:1999 -#: plugins/sudoers/logging.c:100 plugins/sudoers/logging.c:165 -#: plugins/sudoers/logging.c:166 plugins/sudoers/logging.c:425 -#: plugins/sudoers/logging.c:445 plugins/sudoers/logging.c:527 -#: plugins/sudoers/match_command.c:280 plugins/sudoers/match_command.c:448 -#: plugins/sudoers/match_command.c:498 plugins/sudoers/match_command.c:573 -#: plugins/sudoers/match_digest.c:93 plugins/sudoers/parse.c:198 -#: plugins/sudoers/parse.c:212 plugins/sudoers/parse.c:229 -#: plugins/sudoers/parse.c:243 plugins/sudoers/parse.c:263 -#: plugins/sudoers/parse.c:274 plugins/sudoers/parse_ldif.c:152 -#: plugins/sudoers/parse_ldif.c:183 plugins/sudoers/parse_ldif.c:252 -#: plugins/sudoers/parse_ldif.c:259 plugins/sudoers/parse_ldif.c:264 -#: plugins/sudoers/parse_ldif.c:340 plugins/sudoers/parse_ldif.c:351 -#: plugins/sudoers/parse_ldif.c:378 plugins/sudoers/parse_ldif.c:395 -#: plugins/sudoers/parse_ldif.c:407 plugins/sudoers/parse_ldif.c:411 -#: plugins/sudoers/parse_ldif.c:425 plugins/sudoers/parse_ldif.c:594 -#: plugins/sudoers/parse_ldif.c:623 plugins/sudoers/parse_ldif.c:648 -#: plugins/sudoers/parse_ldif.c:706 plugins/sudoers/parse_ldif.c:723 -#: plugins/sudoers/parse_ldif.c:751 plugins/sudoers/parse_ldif.c:758 -#: plugins/sudoers/policy.c:139 plugins/sudoers/policy.c:148 -#: plugins/sudoers/policy.c:157 plugins/sudoers/policy.c:183 -#: plugins/sudoers/policy.c:320 plugins/sudoers/policy.c:335 -#: plugins/sudoers/policy.c:337 plugins/sudoers/policy.c:366 -#: plugins/sudoers/policy.c:375 plugins/sudoers/policy.c:418 -#: plugins/sudoers/policy.c:428 plugins/sudoers/policy.c:437 -#: plugins/sudoers/policy.c:446 plugins/sudoers/policy.c:526 -#: plugins/sudoers/policy.c:874 plugins/sudoers/prompt.c:93 -#: plugins/sudoers/pwutil.c:194 plugins/sudoers/pwutil.c:265 -#: plugins/sudoers/pwutil.c:343 plugins/sudoers/pwutil.c:517 -#: plugins/sudoers/pwutil.c:581 plugins/sudoers/pwutil.c:652 -#: plugins/sudoers/pwutil.c:811 plugins/sudoers/pwutil.c:867 -#: plugins/sudoers/pwutil.c:911 plugins/sudoers/pwutil.c:968 -#: plugins/sudoers/set_perms.c:359 plugins/sudoers/set_perms.c:698 -#: plugins/sudoers/set_perms.c:1061 plugins/sudoers/set_perms.c:1364 -#: plugins/sudoers/set_perms.c:1529 plugins/sudoers/sssd.c:144 +#: plugins/sudoers/ldap_conf.c:760 plugins/sudoers/ldap_util.c:292 +#: plugins/sudoers/ldap_util.c:299 plugins/sudoers/ldap_util.c:613 +#: plugins/sudoers/linux_audit.c:86 plugins/sudoers/log_client.c:112 +#: plugins/sudoers/log_client.c:221 plugins/sudoers/log_client.c:242 +#: plugins/sudoers/log_client.c:255 plugins/sudoers/log_client.c:390 +#: plugins/sudoers/log_client.c:703 plugins/sudoers/log_client.c:724 +#: plugins/sudoers/log_client.c:1444 plugins/sudoers/log_client.c:1662 +#: plugins/sudoers/log_client.c:1989 plugins/sudoers/log_client.c:2046 +#: plugins/sudoers/logging.c:104 plugins/sudoers/logging.c:183 +#: plugins/sudoers/logging.c:184 plugins/sudoers/logging.c:467 +#: plugins/sudoers/logging.c:487 plugins/sudoers/logging.c:627 +#: plugins/sudoers/match_command.c:296 plugins/sudoers/match_command.c:496 +#: plugins/sudoers/match_command.c:545 plugins/sudoers/match_command.c:618 +#: plugins/sudoers/match_command.c:665 plugins/sudoers/match_digest.c:93 +#: plugins/sudoers/parse.c:200 plugins/sudoers/parse.c:217 +#: plugins/sudoers/parse.c:249 plugins/sudoers/parse.c:266 +#: plugins/sudoers/parse.c:289 plugins/sudoers/parse.c:300 +#: plugins/sudoers/parse_ldif.c:152 plugins/sudoers/parse_ldif.c:183 +#: plugins/sudoers/parse_ldif.c:252 plugins/sudoers/parse_ldif.c:260 +#: plugins/sudoers/parse_ldif.c:265 plugins/sudoers/parse_ldif.c:341 +#: plugins/sudoers/parse_ldif.c:352 plugins/sudoers/parse_ldif.c:379 +#: plugins/sudoers/parse_ldif.c:396 plugins/sudoers/parse_ldif.c:408 +#: plugins/sudoers/parse_ldif.c:412 plugins/sudoers/parse_ldif.c:426 +#: plugins/sudoers/parse_ldif.c:484 plugins/sudoers/parse_ldif.c:597 +#: plugins/sudoers/parse_ldif.c:626 plugins/sudoers/parse_ldif.c:651 +#: plugins/sudoers/parse_ldif.c:709 plugins/sudoers/parse_ldif.c:726 +#: plugins/sudoers/parse_ldif.c:754 plugins/sudoers/parse_ldif.c:761 +#: plugins/sudoers/policy.c:152 plugins/sudoers/policy.c:161 +#: plugins/sudoers/policy.c:170 plugins/sudoers/policy.c:197 +#: plugins/sudoers/policy.c:338 plugins/sudoers/policy.c:353 +#: plugins/sudoers/policy.c:355 plugins/sudoers/policy.c:385 +#: plugins/sudoers/policy.c:394 plugins/sudoers/policy.c:442 +#: plugins/sudoers/policy.c:452 plugins/sudoers/policy.c:461 +#: plugins/sudoers/policy.c:470 plugins/sudoers/policy.c:564 +#: plugins/sudoers/policy.c:978 plugins/sudoers/prompt.c:93 +#: plugins/sudoers/pwutil.c:199 plugins/sudoers/pwutil.c:270 +#: plugins/sudoers/pwutil.c:348 plugins/sudoers/pwutil.c:522 +#: plugins/sudoers/pwutil.c:587 plugins/sudoers/pwutil.c:659 +#: plugins/sudoers/pwutil.c:857 plugins/sudoers/pwutil.c:913 +#: plugins/sudoers/pwutil.c:957 plugins/sudoers/pwutil.c:1014 +#: plugins/sudoers/set_perms.c:363 plugins/sudoers/set_perms.c:706 +#: plugins/sudoers/set_perms.c:1073 plugins/sudoers/set_perms.c:1380 +#: plugins/sudoers/set_perms.c:1549 plugins/sudoers/sssd.c:144 #: plugins/sudoers/sssd.c:407 plugins/sudoers/sssd.c:470 -#: plugins/sudoers/sssd.c:514 plugins/sudoers/sssd.c:561 -#: plugins/sudoers/sssd.c:754 plugins/sudoers/stubs.c:110 -#: plugins/sudoers/stubs.c:118 plugins/sudoers/sudoers.c:300 -#: plugins/sudoers/sudoers.c:326 plugins/sudoers/sudoers.c:370 -#: plugins/sudoers/sudoers.c:381 plugins/sudoers/sudoers.c:391 -#: plugins/sudoers/sudoers.c:433 plugins/sudoers/sudoers.c:794 -#: plugins/sudoers/sudoers.c:927 plugins/sudoers/sudoers.c:961 -#: plugins/sudoers/sudoers.c:1265 plugins/sudoers/sudoreplay.c:552 -#: plugins/sudoers/sudoreplay.c:555 plugins/sudoers/sudoreplay.c:1259 -#: plugins/sudoers/sudoreplay.c:1469 plugins/sudoers/sudoreplay.c:1473 -#: plugins/sudoers/testsudoers.c:128 plugins/sudoers/testsudoers.c:228 -#: plugins/sudoers/testsudoers.c:245 plugins/sudoers/testsudoers.c:587 -#: plugins/sudoers/timestamp.c:432 plugins/sudoers/timestamp.c:476 -#: plugins/sudoers/timestamp.c:986 plugins/sudoers/toke_util.c:51 -#: plugins/sudoers/toke_util.c:104 plugins/sudoers/toke_util.c:128 -#: plugins/sudoers/toke_util.c:157 plugins/sudoers/tsdump.c:123 -#: plugins/sudoers/visudo.c:145 plugins/sudoers/visudo.c:323 -#: plugins/sudoers/visudo.c:329 plugins/sudoers/visudo.c:439 -#: plugins/sudoers/visudo.c:615 plugins/sudoers/visudo.c:935 -#: plugins/sudoers/visudo.c:1008 plugins/sudoers/visudo.c:1129 toke.l:913 -#: toke.l:1033 toke.l:1091 +#: plugins/sudoers/sssd.c:514 plugins/sudoers/sssd.c:558 +#: plugins/sudoers/sssd.c:751 plugins/sudoers/strvec_join.c:53 +#: plugins/sudoers/stubs.c:111 plugins/sudoers/stubs.c:119 +#: plugins/sudoers/sudoers.c:335 plugins/sudoers/sudoers.c:361 +#: plugins/sudoers/sudoers.c:429 plugins/sudoers/sudoers.c:438 +#: plugins/sudoers/sudoers.c:479 plugins/sudoers/sudoers.c:842 +#: plugins/sudoers/sudoers.c:980 plugins/sudoers/sudoers.c:1039 +#: plugins/sudoers/sudoers.c:1305 plugins/sudoers/sudoreplay.c:562 +#: plugins/sudoers/sudoreplay.c:565 plugins/sudoers/sudoreplay.c:1280 +#: plugins/sudoers/sudoreplay.c:1500 plugins/sudoers/sudoreplay.c:1504 +#: plugins/sudoers/testsudoers.c:120 plugins/sudoers/testsudoers.c:224 +#: plugins/sudoers/testsudoers.c:241 plugins/sudoers/testsudoers.c:580 +#: plugins/sudoers/timestamp.c:424 plugins/sudoers/timestamp.c:468 +#: plugins/sudoers/timestamp.c:980 plugins/sudoers/timestamp.c:1118 +#: plugins/sudoers/toke_util.c:77 plugins/sudoers/toke_util.c:105 +#: plugins/sudoers/toke_util.c:130 plugins/sudoers/toke_util.c:154 +#: plugins/sudoers/toke_util.c:193 plugins/sudoers/tsdump.c:123 +#: plugins/sudoers/visudo.c:145 plugins/sudoers/visudo.c:344 +#: plugins/sudoers/visudo.c:350 plugins/sudoers/visudo.c:456 +#: plugins/sudoers/visudo.c:632 plugins/sudoers/visudo.c:962 +#: plugins/sudoers/visudo.c:1035 toke.l:944 toke.l:1076 toke.l:1139 +#: toke.l:1147 #, c-format msgid "%s: %s" msgstr "%s: %s" -#: lib/eventlog/eventlog.c:285 lib/iolog/iolog_json.c:463 -#: lib/iolog/iolog_json.c:466 lib/iolog/iolog_json.c:468 -#: lib/iolog/iolog_json.c:560 plugins/sudoers/cvtsudoers_ldif.c:244 -#: plugins/sudoers/cvtsudoers_ldif.c:251 plugins/sudoers/cvtsudoers_ldif.c:571 -#: plugins/sudoers/env.c:323 plugins/sudoers/env.c:330 -#: plugins/sudoers/env.c:437 plugins/sudoers/iolog.c:618 -#: plugins/sudoers/ldap.c:517 plugins/sudoers/ldap.c:748 -#: plugins/sudoers/ldap.c:1081 plugins/sudoers/ldap_conf.c:222 -#: plugins/sudoers/ldap_conf.c:312 plugins/sudoers/linux_audit.c:90 -#: plugins/sudoers/policy.c:556 plugins/sudoers/policy.c:711 -#: plugins/sudoers/policy.c:721 plugins/sudoers/prompt.c:161 -#: plugins/sudoers/sudoers.c:983 plugins/sudoers/testsudoers.c:249 -#: plugins/sudoers/toke_util.c:169 +#: lib/eventlog/eventlog.c:314 lib/iolog/iolog_json.c:562 +#: lib/iolog/iolog_json.c:568 lib/iolog/iolog_json.c:574 +#: plugins/sudoers/cvtsudoers_csv.c:192 plugins/sudoers/cvtsudoers_csv.c:199 +#: plugins/sudoers/cvtsudoers_ldif.c:244 plugins/sudoers/cvtsudoers_ldif.c:251 +#: plugins/sudoers/cvtsudoers_ldif.c:580 plugins/sudoers/env.c:326 +#: plugins/sudoers/env.c:333 plugins/sudoers/env.c:444 +#: plugins/sudoers/ldap.c:520 plugins/sudoers/ldap.c:753 +#: plugins/sudoers/ldap.c:1086 plugins/sudoers/ldap_conf.c:222 +#: plugins/sudoers/ldap_conf.c:312 plugins/sudoers/ldap_util.c:485 +#: plugins/sudoers/linux_audit.c:92 plugins/sudoers/policy.c:594 +#: plugins/sudoers/policy.c:763 plugins/sudoers/policy.c:774 +#: plugins/sudoers/prompt.c:168 plugins/sudoers/strvec_join.c:62 +#: plugins/sudoers/testsudoers.c:245 plugins/sudoers/toke_util.c:206 +#: toke.l:908 toke.l:1110 #, c-format msgid "internal error, %s overflow" msgstr "внутрішня помилка, переповнення %s" -#: lib/eventlog/eventlog.c:343 +#: lib/eventlog/eventlog.c:373 #, c-format msgid "unable to dup stdin: %m" msgstr "не вдалося здублювати stdin: %m" -#: lib/eventlog/eventlog.c:388 +#: lib/eventlog/eventlog.c:415 #, c-format msgid "unable to execute %s: %m" msgstr "не вдалося виконати %s: %m" -#: lib/eventlog/eventlog.c:428 plugins/sudoers/auth/aix_auth.c:198 +#: lib/eventlog/eventlog.c:456 plugins/sudoers/auth/aix_auth.c:198 msgid "unable to fork" msgstr "не вдалося створити відгалуження" -#: lib/eventlog/eventlog.c:436 lib/eventlog/eventlog.c:490 +#: lib/eventlog/eventlog.c:464 lib/eventlog/eventlog.c:518 #, c-format msgid "unable to fork: %m" msgstr "не вдалося створити відгалуження: %m" -#: lib/eventlog/eventlog.c:480 +#: lib/eventlog/eventlog.c:508 #, c-format msgid "unable to open pipe: %m" msgstr "не вдалося відкрити канал: %m" -#: lib/eventlog/eventlog.c:894 +#: lib/eventlog/eventlog.c:1007 #, c-format msgid "%8s : %s" msgstr "%8s : %s" -#: lib/eventlog/eventlog.c:923 +#: lib/eventlog/eventlog.c:1036 #, c-format msgid "%8s : (command continued) %s" msgstr "%8s : (команда продовжується) %s" -#: lib/iolog/iolog_fileio.c:155 -#, c-format -msgid "%s exists but is not a directory (0%o)" -msgstr "%s існує, але не є каталогом (0%o)" - -#: lib/iolog/iolog_fileio.c:185 lib/iolog/iolog_fileio.c:231 -#: plugins/sudoers/timestamp.c:205 -#, c-format -msgid "unable to mkdir %s" -msgstr "не вдалося створити каталог %s" - -#: lib/iolog/iolog_fileio.c:235 plugins/sudoers/visudo.c:732 -#: plugins/sudoers/visudo.c:743 -#, c-format -msgid "unable to change mode of %s to 0%o" -msgstr "не вдалося змінити режим доступу до %s на значення 0%o" - -#: lib/iolog/iolog_json.c:114 +#: lib/iolog/iolog_json.c:140 #, c-format msgid "expected JSON_STRING, got %d" msgstr "мало бути використано JSON_STRING, отримано %d" -#: lib/iolog/iolog_json.c:327 +#: lib/iolog/iolog_json.c:145 +msgid "JSON_ARRAY too large" +msgstr "JSON_ARRAY є надто великим" + +#: lib/iolog/iolog_json.c:404 msgid "missing double quote in name" msgstr "пропущено подвійні лапки у назві" -#: lib/iolog/iolog_json.c:414 +#: lib/iolog/iolog_json.c:501 +msgid "missing JSON_OBJECT" +msgstr "пропущено JSON_OBJECT" + +#: lib/iolog/iolog_json.c:505 #, c-format msgid "expected JSON_OBJECT, got %d" msgstr "мало бути використано JSON_OBJECT, отримано %d" -#: lib/iolog/iolog_json.c:629 lib/iolog/iolog_json.c:753 +#: lib/iolog/iolog_json.c:661 +#, c-format +msgid "json stack exhausted (max %u frames)" +msgstr "вичерпано стек json (у стеку має бути не більше %u кадрів)" + +#: lib/iolog/iolog_json.c:735 +msgid "objects must consist of name:value pairs" +msgstr "об'єкти мають складатися з пар «назва:значення»" + +#: lib/iolog/iolog_json.c:740 lib/iolog/iolog_json.c:771 +#: lib/iolog/iolog_json.c:815 lib/iolog/iolog_json.c:837 +#: lib/iolog/iolog_json.c:859 lib/iolog/iolog_json.c:881 +#: lib/iolog/iolog_json.c:903 +msgid "missing separator between values" +msgstr "пропущено роздільник між значеннями" + +#: lib/iolog/iolog_json.c:755 lib/iolog/iolog_json.c:929 msgid "unmatched close brace" msgstr "завершальна фігурна дужка без початкової" -#: lib/iolog/iolog_json.c:638 +#: lib/iolog/iolog_json.c:766 msgid "unexpected array" msgstr "неочікуваний масив" -#: lib/iolog/iolog_json.c:651 lib/iolog/iolog_json.c:755 +#: lib/iolog/iolog_json.c:786 lib/iolog/iolog_json.c:932 msgid "unmatched close bracket" msgstr "завершальна дужка без початкової" -#: lib/iolog/iolog_json.c:659 +#: lib/iolog/iolog_json.c:797 msgid "unexpected string" msgstr "неочікуваний рядок" -#: lib/iolog/iolog_json.c:669 +#: lib/iolog/iolog_json.c:808 msgid "missing colon after name" msgstr "пропущено двокрапку після назви" -#: lib/iolog/iolog_json.c:680 lib/iolog/iolog_json.c:695 -#: lib/iolog/iolog_json.c:710 +#: lib/iolog/iolog_json.c:829 lib/iolog/iolog_json.c:851 msgid "unexpected boolean" msgstr "неочікуване булеве значення" -#: lib/iolog/iolog_json.c:726 +#: lib/iolog/iolog_json.c:873 +msgid "unexpected null" +msgstr "неочікуване порожнє значення" + +#: lib/iolog/iolog_json.c:894 msgid "unexpected number" msgstr "неочікуване число" -#: lib/iolog/iolog_json.c:763 -#, c-format -msgid "%s:%u unable to parse \"%s\"" -msgstr "%s:%u не вдалося обробити «%s»" +#: lib/iolog/iolog_json.c:941 +msgid "parse error" +msgstr "помилка обробки" -#: lib/iolog/iolog_util.c:71 +#: lib/iolog/iolog_legacy.c:65 #, c-format msgid "%s: invalid log file" msgstr "%s: некоректний файл журналу" -#: lib/iolog/iolog_util.c:89 +#: lib/iolog/iolog_legacy.c:83 #, c-format msgid "%s: time stamp field is missing" msgstr "%s: не вказано даних щодо часової позначки" -#: lib/iolog/iolog_util.c:95 +#: lib/iolog/iolog_legacy.c:89 #, c-format msgid "%s: time stamp %s: %s" msgstr "%s: часова позначка %s: %s" -#: lib/iolog/iolog_util.c:102 +#: lib/iolog/iolog_legacy.c:96 #, c-format msgid "%s: user field is missing" msgstr "%s: не вказано даних щодо користувача" -#: lib/iolog/iolog_util.c:111 +#: lib/iolog/iolog_legacy.c:107 #, c-format msgid "%s: runas user field is missing" msgstr "%s: не вказано даних щодо користувача, від імені якого відбуватиметься виконання" -#: lib/iolog/iolog_util.c:120 +#: lib/iolog/iolog_legacy.c:118 #, c-format msgid "%s: runas group field is missing" msgstr "%s: не вказано даних щодо групи, від імені якої відбуватиметься виконання" -#: lib/iolog/iolog_util.c:419 +#: lib/iolog/iolog_mkdirs.c:89 +#, c-format +msgid "%s exists but is not a directory (0%o)" +msgstr "%s існує, але не є каталогом (0%o)" + +#: lib/iolog/iolog_mkdirs.c:119 lib/iolog/iolog_mkdtemp.c:77 +#: logsrvd/iolog_writer.c:807 plugins/sudoers/timestamp.c:205 +#, c-format +msgid "unable to mkdir %s" +msgstr "не вдалося створити каталог %s" + +#: lib/iolog/iolog_mkdtemp.c:81 plugins/sudoers/visudo.c:731 +#: plugins/sudoers/visudo.c:765 plugins/sudoers/visudo.c:771 +#, c-format +msgid "unable to change mode of %s to 0%o" +msgstr "не вдалося змінити режим доступу до %s на значення 0%o" + +#: lib/iolog/iolog_timing.c:261 #, c-format msgid "error reading timing file: %s" msgstr "помилка під час спроби читання файла часових позначок: %s" -#: lib/iolog/iolog_util.c:426 +#: lib/iolog/iolog_timing.c:268 #, c-format msgid "invalid timing file line: %s" msgstr "некоректний рядок у файлі timing: %s" -#: logsrvd/iolog_writer.c:919 -msgid "log is already complete, cannot be restarted" -msgstr "журнал вже завершено — його не можна перезапустити" +#: logsrvd/iolog_writer.c:130 plugins/sudoers/logging.c:803 +#: plugins/sudoers/policy.c:544 +msgid "unable to generate UUID" +msgstr "не вдалося створити UUID" -#: logsrvd/iolog_writer.c:950 -msgid "unable to restart log" -msgstr "не вдалося перезапустити журнал" +#: logsrvd/iolog_writer.c:158 logsrvd/iolog_writer.c:176 +#: logsrvd/iolog_writer.c:185 logsrvd/iolog_writer.c:203 +#: logsrvd/iolog_writer.c:216 logsrvd/iolog_writer.c:229 +#: logsrvd/iolog_writer.c:240 logsrvd/iolog_writer.c:247 +#: logsrvd/iolog_writer.c:265 logsrvd/iolog_writer.c:272 +#: logsrvd/iolog_writer.c:290 logsrvd/iolog_writer.c:305 +#: logsrvd/iolog_writer.c:318 logsrvd/iolog_writer.c:331 +#: logsrvd/iolog_writer.c:344 logsrvd/iolog_writer.c:359 +#, c-format +msgid "%s: protocol error: wrong type for %s" +msgstr "%s: помилка протоколу: помилковий тип для %s" + +#: logsrvd/iolog_writer.c:370 logsrvd/iolog_writer.c:375 +#: logsrvd/iolog_writer.c:380 logsrvd/iolog_writer.c:385 +#, c-format +msgid "%s: protocol error: %s missing from AcceptMessage" +msgstr "%s: помилка протоколу: не вистачає %s з AcceptMessage" -#: logsrvd/logsrv_util.c:99 logsrvd/logsrv_util.c:106 -#: plugins/sudoers/sudoreplay.c:352 plugins/sudoers/sudoreplay.c:358 +#: logsrvd/iolog_writer.c:446 +#, c-format +msgid "%s: unable to format session id" +msgstr "%s: не вдалося виконати форматування ідентифікатора сеансу" + +#: logsrvd/iolog_writer.c:460 logsrvd/iolog_writer.c:474 +#: logsrvd/iolog_writer.c:488 logsrvd/iolog_writer.c:503 +#: logsrvd/iolog_writer.c:517 logsrvd/iolog_writer.c:531 +#, c-format +msgid "%s: %s is not set" +msgstr "%s: %s не встановлено" + +#: logsrvd/iolog_writer.c:567 logsrvd/iolog_writer.c:574 +#, c-format +msgid "unable to expand iolog path %s" +msgstr "не вдалося розгорнути шлях iolog %s" + +#: logsrvd/iolog_writer.c:592 +#, c-format +msgid "unable to create iolog path %s" +msgstr "не вдалося створити шлях iolog %s" + +#: logsrvd/iolog_writer.c:622 +#, c-format +msgid "invalid iofd %d" +msgstr "некоректний файловий дескриптор введення-виведення %d" + +#: logsrvd/iolog_writer.c:642 +#, c-format +msgid "error closing iofd %d: %s" +msgstr "помилка під час спроби закрити дескриптор файла введення-виведення %d: %s" + +#: logsrvd/iolog_writer.c:662 +#, c-format +msgid "error flushing iofd %d: %s" +msgstr "помилка під час спроби витерти дескриптор файла введення-виведення %d: %s" + +#: logsrvd/iolog_writer.c:777 +#, c-format +msgid "invalid I/O log %s: %s referenced but not present" +msgstr "некоректний журнал введення-виведення %s: маємо посилання на %s без самого запису" + +#: logsrvd/iolog_writer.c:789 logsrvd/logsrvd_journal.c:377 +#, c-format +msgid "%s: unable to find resume point [%lld, %ld]" +msgstr "%s: не вдалося знайти точку відновлення [%lld, %ld]" + +#: logsrvd/iolog_writer.c:811 logsrvd/logsrvd_journal.c:420 +#: logsrvd/logsrvd_queue.c:110 logsrvd/tls_init.c:245 +#: plugins/sudoers/check.c:274 plugins/sudoers/cvtsudoers.c:727 +#: plugins/sudoers/cvtsudoers.c:748 plugins/sudoers/cvtsudoers.c:1439 +#: plugins/sudoers/cvtsudoers_csv.c:681 plugins/sudoers/cvtsudoers_json.c:885 +#: plugins/sudoers/cvtsudoers_ldif.c:697 plugins/sudoers/sudoers.c:1092 +#: plugins/sudoers/sudoreplay.c:1466 plugins/sudoers/timestamp.c:433 +#: plugins/sudoers/tsdump.c:128 plugins/sudoers/visudo.c:949 +#, c-format +msgid "unable to open %s" +msgstr "не вдалося відкрити %s" + +#: logsrvd/iolog_writer.c:823 logsrvd/logsrv_util.c:100 +#: logsrvd/logsrv_util.c:107 plugins/sudoers/sudoreplay.c:362 +#: plugins/sudoers/sudoreplay.c:368 #, c-format msgid "unable to open %s/%s" msgstr "не вдалося відкрити %s/%s" -#: logsrvd/logsrv_util.c:133 +#: logsrvd/iolog_writer.c:836 +#, c-format +msgid "unable to copy %s/%s to %s/%s: %s" +msgstr "не вдалося скопіювати %s/%s до %s/%s: %s" + +#: logsrvd/iolog_writer.c:865 logsrvd/logsrvd_journal.c:185 +#, c-format +msgid "unable to rename %s to %s" +msgstr "не вдалося перейменувати %s на %s" + +#: logsrvd/logsrv_util.c:139 logsrvd/logsrv_util.c:168 +#, c-format +msgid "%s/%s: unable to find resume point [%lld, %ld]" +msgstr "%s/%s: не вдалося знайти точку відновлення [%lld, %ld]" + +#: logsrvd/logsrv_util.c:151 #, c-format msgid "missing I/O log file %s/%s" msgstr "не вистачає файла журналу введення-виведення, %s/%s" -#: logsrvd/logsrv_util.c:140 +#: logsrvd/logsrv_util.c:158 #, c-format msgid "%s/%s: unable to seek forward %zu" msgstr "%s/%s: неможливо виконати позиціювання вперед на %zu" -#: logsrvd/logsrv_util.c:150 -#, c-format -msgid "unable to find resume point [%lld, %ld] in %s/%s" -msgstr "не вдалося знайти точку відновлення [%lld, %ld] у %s/%s" +#: logsrvd/logsrvd.c:266 logsrvd/logsrvd_queue.c:130 +msgid "unable to connect to relay" +msgstr "не вдалося встановити з'єднання із ретранслятором" + +#: logsrvd/logsrvd.c:325 logsrvd/logsrvd_relay.c:835 +#, c-format +msgid "server message too large: %zu" +msgstr "надто велике повідомлення сервера: %zu" + +#: logsrvd/logsrvd.c:417 logsrvd/logsrvd.c:534 logsrvd/logsrvd.c:613 +#: logsrvd/logsrvd.c:837 logsrvd/logsrvd.c:851 logsrvd/logsrvd.c:1010 +#: logsrvd/logsrvd.c:1134 logsrvd/logsrvd.c:1307 logsrvd/logsrvd.c:1325 +#: logsrvd/logsrvd.c:1423 logsrvd/logsrvd.c:1546 logsrvd/logsrvd.c:1730 +#: logsrvd/logsrvd_journal.c:489 logsrvd/logsrvd_local.c:197 +#: logsrvd/logsrvd_queue.c:159 logsrvd/logsrvd_relay.c:167 +#: logsrvd/logsrvd_relay.c:244 logsrvd/logsrvd_relay.c:248 +#: logsrvd/logsrvd_relay.c:384 logsrvd/logsrvd_relay.c:576 +#: logsrvd/logsrvd_relay.c:737 logsrvd/logsrvd_relay.c:1121 +#: logsrvd/sendlog.c:1316 logsrvd/tls_client.c:131 logsrvd/tls_client.c:147 +#: logsrvd/tls_client.c:209 plugins/sudoers/audit.c:276 +#: plugins/sudoers/iolog.c:963 plugins/sudoers/iolog.c:1096 +#: plugins/sudoers/iolog.c:1194 plugins/sudoers/log_client.c:116 +#: plugins/sudoers/log_client.c:332 plugins/sudoers/log_client.c:348 +#: plugins/sudoers/log_client.c:395 plugins/sudoers/log_client.c:599 +#: plugins/sudoers/log_client.c:606 plugins/sudoers/log_client.c:1131 +#: plugins/sudoers/log_client.c:1413 plugins/sudoers/log_client.c:1454 +#: plugins/sudoers/log_client.c:1462 plugins/sudoers/log_client.c:1618 +#: plugins/sudoers/log_client.c:1734 plugins/sudoers/log_client.c:2054 +#: plugins/sudoers/log_client.c:2062 plugins/sudoers/logging.c:142 +#: plugins/sudoers/logging.c:198 plugins/sudoers/sudoreplay.c:522 +#: plugins/sudoers/sudoreplay.c:569 plugins/sudoers/sudoreplay.c:811 +#: plugins/sudoers/sudoreplay.c:923 plugins/sudoers/sudoreplay.c:1014 +#: plugins/sudoers/sudoreplay.c:1029 plugins/sudoers/sudoreplay.c:1036 +#: plugins/sudoers/sudoreplay.c:1043 plugins/sudoers/sudoreplay.c:1050 +#: plugins/sudoers/sudoreplay.c:1057 plugins/sudoers/sudoreplay.c:1184 +msgid "unable to add event to queue" +msgstr "не вдалося додати подію до черги обробки" -#: logsrvd/logsrvd.c:290 logsrvd/logsrvd.c:353 logsrvd/logsrvd.c:394 -#: logsrvd/logsrvd.c:449 logsrvd/logsrvd.c:517 logsrvd/logsrvd.c:568 -#: logsrvd/logsrvd.c:600 logsrvd/logsrvd.c:632 +#: logsrvd/logsrvd.c:441 logsrvd/logsrvd.c:478 logsrvd/logsrvd.c:510 +#: logsrvd/logsrvd.c:558 logsrvd/logsrvd.c:630 logsrvd/logsrvd.c:660 +#: logsrvd/logsrvd.c:690 logsrvd/logsrvd.c:720 logsrvd/logsrvd_relay.c:505 +#: logsrvd/logsrvd_relay.c:538 +#, c-format +msgid "unexpected state %d for %s" +msgstr "неочікуваний стан %d %s" + +#: logsrvd/logsrvd.c:442 logsrvd/logsrvd.c:479 logsrvd/logsrvd.c:511 +#: logsrvd/logsrvd.c:559 logsrvd/logsrvd.c:631 logsrvd/logsrvd.c:661 +#: logsrvd/logsrvd.c:691 logsrvd/logsrvd.c:721 logsrvd/logsrvd_relay.c:507 +#: logsrvd/logsrvd_relay.c:540 msgid "state machine error" msgstr "помилка скінченного автомата" -#: logsrvd/logsrvd.c:299 +#: logsrvd/logsrvd.c:448 logsrvd/logsrvd.c:449 msgid "invalid AcceptMessage" msgstr "некоректне AcceptMessage" -#: logsrvd/logsrvd.c:307 -msgid "error parsing AcceptMessage" -msgstr "помилка під час спроби обробити AcceptMessage" - -#: logsrvd/logsrvd.c:314 -msgid "error creating I/O log" -msgstr "помилка під час створення журналу введення-виведення" - -#: logsrvd/logsrvd.c:321 -msgid "error logging accept event" -msgstr "помилка під час обробки події підтвердження дії журналу" - -#: logsrvd/logsrvd.c:362 +#: logsrvd/logsrvd.c:485 logsrvd/logsrvd.c:486 msgid "invalid RejectMessage" msgstr "некоректне RejectMessage" -#: logsrvd/logsrvd.c:370 -msgid "error parsing RejectMessage" -msgstr "помилка під час проби обробити RejectMessage" - -#: logsrvd/logsrvd.c:376 -msgid "error logging reject event" -msgstr "помилка під час обробки події відмови у записі до журналу" - -#: logsrvd/logsrvd.c:486 +#: logsrvd/logsrvd.c:593 logsrvd/logsrvd.c:594 msgid "invalid AlertMessage" msgstr "некоректне AlertMessage" -#: logsrvd/logsrvd.c:494 -msgid "error parsing AlertMessage" -msgstr "помилка під час спроби обробити AlertMessage" - -#: logsrvd/logsrvd.c:502 -msgid "error logging alert event" -msgstr "помилка під час обробки події критичного повідомлення журналу" +#: logsrvd/logsrvd.c:635 logsrvd/logsrvd.c:665 logsrvd/logsrvd.c:695 +#, c-format +msgid "%s: unexpected IoBuffer" +msgstr "%s: неочікуване значення IoBuffer" -#: logsrvd/logsrvd.c:523 logsrvd/logsrvd.c:574 logsrvd/logsrvd.c:606 +#: logsrvd/logsrvd.c:636 logsrvd/logsrvd.c:666 logsrvd/logsrvd.c:696 msgid "protocol error" msgstr "помилка протоколу" -#: logsrvd/logsrvd.c:533 -msgid "error writing IoBuffer" -msgstr "помилка під час спроби записати IoBuffer" - -#: logsrvd/logsrvd.c:585 -msgid "error writing ChangeWindowSize" -msgstr "помилка під час спроби записати ChangeWindowSize" - -#: logsrvd/logsrvd.c:617 -msgid "error writing CommandSuspend" -msgstr "помилка під час спроби записати CommandSuspend" +#: logsrvd/logsrvd.c:791 logsrvd/logsrvd_journal.c:357 +#: logsrvd/logsrvd_local.c:125 logsrvd/logsrvd_relay.c:671 +#, c-format +msgid "unexpected type_case value %d in %s from %s" +msgstr "неочікуване значення type_case %d у %s від %s" -#: logsrvd/logsrvd.c:702 +#: logsrvd/logsrvd.c:793 msgid "unrecognized ClientMessage type" msgstr "нерозпізнаний тип ClientMessage" -#: logsrvd/logsrvd.c:967 -msgid "client message too large" -msgstr "повідомлення клієнта є надто великим" - -#: logsrvd/logsrvd.c:1197 logsrvd/logsrvd.c:1205 -#, c-format -msgid "unable to set TLS 1.2 ciphersuite to %s: %s" -msgstr "не вдалося встановити комплекс шифрування TLS 1.2 у %s: %s" - -#: logsrvd/logsrvd.c:1225 logsrvd/logsrvd.c:1233 -#, c-format -msgid "unable to set TLS 1.3 ciphersuite to %s: %s" -msgstr "не вдалося встановити комплекс шифрування TLS 1.3 у %s: %s" - -#: logsrvd/logsrvd.c:1269 +#: logsrvd/logsrvd.c:883 #, c-format -msgid "unable to get TLS server method: %s" -msgstr "не вдалося отримати спосіб TLS сервера: %s" +msgid "timed out writing to client %s" +msgstr "перевищено час очікування на завершення запису до клієнта %s" -#: logsrvd/logsrvd.c:1274 +#: logsrvd/logsrvd.c:888 logsrvd/logsrvd_relay.c:907 logsrvd/sendlog.c:1420 #, c-format -msgid "unable to create TLS context: %s" -msgstr "не вдалося створити контекст TLS: %s" +msgid "missing write buffer for client %s" +msgstr "пропущено буфер запису для клієнта %s" -#: logsrvd/logsrvd.c:1281 plugins/sudoers/log_client.c:236 +#: logsrvd/logsrvd.c:981 #, c-format -msgid "unable to load certificate %s" -msgstr "не вдалося завантажити сертифікат %s" +msgid "timed out reading from client %s" +msgstr "перевищено час очікування на читання з клієнта %s" -#: logsrvd/logsrvd.c:1294 plugins/sudoers/log_client.c:216 +#: logsrvd/logsrvd.c:1022 logsrvd/logsrvd_relay.c:771 #, c-format -msgid "unable to load certificate authority bundle %s" -msgstr "не вдалося завантажити комплект служби сертифікації %s" +msgid "EOF from %s without proper TLS shutdown" +msgstr "EOF від %s без належного закриття TLS" -#: logsrvd/logsrvd.c:1339 plugins/sudoers/log_client.c:249 +#: logsrvd/logsrvd.c:1065 logsrvd/logsrvd_relay.c:200 logsrvd/sendlog.c:317 +#: plugins/sudoers/log_client.c:709 #, c-format -msgid "unable to load private key %s" -msgstr "не вдалося завантажити закритий ключ %s" +msgid "client message too large: %zu" +msgstr "повідомлення клієнта є надто довгим: %zu" -#: logsrvd/logsrvd.c:1356 logsrvd/logsrvd.c:1365 -#, c-format -msgid "unable to set diffie-hellman parameters: %s" -msgstr "не вдалося встановити параметри Діфі-Гелмана: %s" +#: logsrvd/logsrvd.c:1066 logsrvd/logsrvd_journal.c:246 +#: logsrvd/logsrvd_journal.c:247 +msgid "client message too large" +msgstr "повідомлення клієнта є надто великим" -#: logsrvd/logsrvd.c:1378 -#, c-format -msgid "unable to set minimum protocol version to TLS 1.2: %s" -msgstr "не вдалося встановити мінімальну версію протоколу у значення TLS 1.2: %s" +#: logsrvd/logsrvd.c:1084 logsrvd/logsrvd.c:1085 +msgid "invalid ClientMessage" +msgstr "некоректне ClientMessage" -#: logsrvd/logsrvd.c:1563 +#: logsrvd/logsrvd.c:1386 msgid "unable to get remote IP addr" msgstr "не вдалося отримати віддалену IP-адресу" -#: logsrvd/logsrvd.c:1591 plugins/sudoers/log_client.c:263 +#: logsrvd/logsrvd.c:1415 logsrvd/tls_client.c:196 +#: plugins/sudoers/log_client.c:270 #, c-format msgid "Unable to attach user data to the ssl object: %s" msgstr "Не вдалося долучити дані користувача до об'єкта SSL: %s" -#: logsrvd/logsrvd.c:1599 logsrvd/logsrvd.c:1721 logsrvd/logsrvd.c:1823 -#: logsrvd/sendlog.c:1125 logsrvd/sendlog.c:1481 logsrvd/sendlog.c:1496 -#: logsrvd/sendlog.c:1554 plugins/sudoers/iolog.c:956 -#: plugins/sudoers/iolog.c:1089 plugins/sudoers/iolog.c:1187 -#: plugins/sudoers/log_client.c:109 plugins/sudoers/log_client.c:324 -#: plugins/sudoers/log_client.c:340 plugins/sudoers/log_client.c:386 -#: plugins/sudoers/log_client.c:587 plugins/sudoers/log_client.c:594 -#: plugins/sudoers/log_client.c:1103 plugins/sudoers/log_client.c:1376 -#: plugins/sudoers/log_client.c:1417 plugins/sudoers/log_client.c:1425 -#: plugins/sudoers/log_client.c:1576 plugins/sudoers/log_client.c:1692 -#: plugins/sudoers/log_client.c:2007 plugins/sudoers/log_client.c:2015 -#: plugins/sudoers/sudoreplay.c:512 plugins/sudoers/sudoreplay.c:559 -#: plugins/sudoers/sudoreplay.c:791 plugins/sudoers/sudoreplay.c:903 -#: plugins/sudoers/sudoreplay.c:993 plugins/sudoers/sudoreplay.c:1008 -#: plugins/sudoers/sudoreplay.c:1015 plugins/sudoers/sudoreplay.c:1022 -#: plugins/sudoers/sudoreplay.c:1029 plugins/sudoers/sudoreplay.c:1036 -#: plugins/sudoers/sudoreplay.c:1163 -msgid "unable to add event to queue" -msgstr "не вдалося додати подію до черги обробки" - -#: logsrvd/logsrvd.c:1775 logsrvd/logsrvd.c:2011 -msgid "unable setup listen socket" +#: logsrvd/logsrvd.c:1596 logsrvd/logsrvd.c:1949 +msgid "unable to setup listen socket" msgstr "не вдалося налаштувати сокет очікування на дані" -#: logsrvd/logsrvd.c:1917 logsrvd/sendlog.c:124 +#: logsrvd/logsrvd.c:1713 #, c-format -msgid "" -"%s - send sudo I/O log to remote server\n" -"\n" -msgstr "" -"%s — надсилання журналу введення-виведення sudo на віддалений сервер\n" -"\n" +msgid "unexpected signal %d" +msgstr "неочікуваний сигнал %d" -#: logsrvd/logsrvd.c:1920 -msgid "" -"\n" -"Options:\n" -" -f, --file path to configuration file\n" -" -h --help display help message and exit\n" -" -n, --no-fork do not fork, run in the foreground\n" -" -R, --random-drop percent chance connections will drop\n" -" -V, --version display version information and exit\n" -msgstr "" -"\n" -"Параметри:\n" -" -f, --file шлях до файла налаштувань\n" -" -h --help показати довідкове повідомлення і вийти\n" -" -n, --no-fork не відгалужувати, запустити на передньому плані\n" -" -R, --random-drop ймовірність скидання з'єднань у відсотках\n" -" -V, --version вивести дані щодо версії і завершити роботу\n" +#: logsrvd/logsrvd.c:1851 +msgid "sudo log server" +msgstr "сервер журналу sudo" + +#: logsrvd/logsrvd.c:1853 logsrvd/sendlog.c:116 +msgid "Options:" +msgstr "Параметри:" + +#: logsrvd/logsrvd.c:1855 +msgid "path to configuration file" +msgstr "шлях до файла налаштувань" + +#: logsrvd/logsrvd.c:1857 logsrvd/sendlog.c:118 +msgid "display help message and exit" +msgstr "показати довідкове повідомлення і завершити роботу" + +#: logsrvd/logsrvd.c:1859 +msgid "do not fork, run in the foreground" +msgstr "не відгалужувати, не переходити у фоновий режим під час виконання" + +#: logsrvd/logsrvd.c:1861 +msgid "percent chance connections will drop" +msgstr "ймовірність розірвання з'єднання" -#: logsrvd/logsrvd.c:1972 logsrvd/sendlog.c:1719 +#: logsrvd/logsrvd.c:1863 logsrvd/sendlog.c:148 +msgid "display version information and exit" +msgstr "показати дані щодо версії і завершити роботу" + +#: logsrvd/logsrvd.c:1913 logsrvd/sendlog.c:1725 msgid "Protobuf-C version 1.3 or higher required" msgstr "Потрібна версія Protobuf-C 1.3 або новіша" -#: logsrvd/logsrvd.c:1990 +#: logsrvd/logsrvd.c:1929 #, c-format msgid "invalid random drop value: %s" msgstr "некоректне значення ймовірності скидання: %s" -#: logsrvd/logsrvd.c:1994 logsrvd/sendlog.c:1769 -#: plugins/sudoers/cvtsudoers.c:228 plugins/sudoers/sudoreplay.c:299 +#: logsrvd/logsrvd.c:1932 logsrvd/sendlog.c:1779 +#: plugins/sudoers/cvtsudoers.c:246 plugins/sudoers/sudoreplay.c:301 #: plugins/sudoers/visudo.c:177 #, c-format msgid "%s version %s\n" msgstr "%s, версія %s\n" -#: logsrvd/logsrvd_conf.c:331 +#: logsrvd/logsrvd_conf.c:390 plugins/sudoers/check.c:336 +#: plugins/sudoers/exptilde.c:85 plugins/sudoers/iolog.c:118 +#: plugins/sudoers/policy.c:1214 plugins/sudoers/sudoers.c:486 +#: plugins/sudoers/sudoers.c:1347 plugins/sudoers/testsudoers.c:215 +#: plugins/sudoers/testsudoers.c:382 +#, c-format +msgid "unknown user %s" +msgstr "невідомий користувач %s" + +#: logsrvd/logsrvd_conf.c:407 plugins/sudoers/iolog.c:143 +#: plugins/sudoers/sudoers.c:491 plugins/sudoers/sudoers.c:1381 +#: plugins/sudoers/testsudoers.c:406 +#, c-format +msgid "unknown group %s" +msgstr "невідома група %s" + +#: logsrvd/logsrvd_conf.c:425 +#, c-format +msgid "unable to parse iolog mode %s" +msgstr "не вдалося обробити запис режиму iolog %s" + +#: logsrvd/logsrvd_conf.c:442 logsrvd/logsrvd_conf.c:1171 +#, c-format +msgid "invalid value for %s: %s" +msgstr "некоректне значення %s: %s" + +#: logsrvd/logsrvd_conf.c:481 msgid "TLS not supported" msgstr "Підтримки TLS не передбачено" -#: logsrvd/logsrvd_conf.c:343 +#: logsrvd/logsrvd_conf.c:503 #, c-format msgid "%s:%s" msgstr "%s:%s" -#: logsrvd/logsrvd_conf.c:409 logsrvd/logsrvd_conf.c:653 +#: logsrvd/logsrvd_conf.c:576 logsrvd/logsrvd_conf.c:970 #, c-format msgid "%s: not a fully qualified path" msgstr "%s: не є повноцінним записом шляхуnot a fully qualified path" -#: logsrvd/logsrvd_conf.c:767 +#: logsrvd/logsrvd_conf.c:888 logsrvd/logsrvd_conf.c:904 +#: logsrvd/logsrvd_conf.c:1586 +#, c-format +msgid "unknown syslog facility %s" +msgstr "невідома можливість syslog %s" + +#: logsrvd/logsrvd_conf.c:920 logsrvd/logsrvd_conf.c:936 +#: logsrvd/logsrvd_conf.c:952 logsrvd/logsrvd_conf.c:1590 +#: logsrvd/logsrvd_conf.c:1594 logsrvd/logsrvd_conf.c:1598 +#, c-format +msgid "unknown syslog priority %s" +msgstr "невідома пріоритетність syslog %s" + +#: logsrvd/logsrvd_conf.c:1132 #, c-format msgid "%s:%d unmatched '[': %s" msgstr "%s:%d «[» без пари: %s" -#: logsrvd/logsrvd_conf.c:778 +#: logsrvd/logsrvd_conf.c:1143 #, c-format msgid "%s:%d invalid config section: %s" msgstr "%s:%d некоректний розділ налаштувань: %s" -#: logsrvd/logsrvd_conf.c:786 +#: logsrvd/logsrvd_conf.c:1151 #, c-format msgid "%s:%d invalid configuration line: %s" msgstr "%s:%d некоректний рядок налаштувань: %s" -#: logsrvd/logsrvd_conf.c:792 +#: logsrvd/logsrvd_conf.c:1157 #, c-format msgid "%s:%d expected section name: %s" msgstr "%s:%d мало бути вказано назву розділу: %s" -#: logsrvd/logsrvd_conf.c:806 +#: logsrvd/logsrvd_conf.c:1179 #, c-format -msgid "invalid value for %s: %s" -msgstr "некоректне значення %s: %s" +msgid "%s:%d [%s] illegal key: %s" +msgstr "%s:%d [%s] заборонений ключ: %s" -#: logsrvd/logsrvd_conf.c:814 +#: logsrvd/logsrvd_conf.c:1209 plugins/sudoers/cvtsudoers.c:268 +#: plugins/sudoers/logging.c:856 #, c-format -msgid "%s:%d unknown key: %s" -msgstr "%s:%d невідомий ключ: %s" +msgid "unable to open log file %s" +msgstr "не вдалося відкрити файл журналу %s" + +#: logsrvd/logsrvd_conf.c:1666 +msgid "unable to initialize server TLS context" +msgstr "не вдалося ініціалізувати контекст сервера TLS" + +#: logsrvd/logsrvd_conf.c:1686 +msgid "unable to initialize relay TLS context" +msgstr "не вдалося ініціалізувати контекст ретранслятора TLS" -#: logsrvd/logsrvd_conf.c:1003 +#: logsrvd/logsrvd_journal.c:136 logsrvd/logsrvd_journal.c:416 +#: logsrvd/logsrvd_journal.c:421 +msgid "unable to create journal file" +msgstr "не вдалося створити файл журналу" + +#: logsrvd/logsrvd_journal.c:140 logsrvd/logsrvd_queue.c:104 +#: plugins/sudoers/visudo.c:1007 #, c-format -msgid "unknown syslog facility %s" -msgstr "невідома можливість syslog %s" +msgid "unable to lock %s" +msgstr "не вдалося заблокувати %s" + +#: logsrvd/logsrvd_journal.c:143 +msgid "unable to lock journal file" +msgstr "не вдалося заблокувати файл журналу" + +#: logsrvd/logsrvd_journal.c:151 +msgid "unable to open journal file" +msgstr "не вдалося відкрити файл журналу" + +#: logsrvd/logsrvd_journal.c:172 logsrvd/logsrvd_journal.c:452 +#: logsrvd/logsrvd_journal.c:457 +msgid "unable to write journal file" +msgstr "не вдалося записати файл журналу" + +#: logsrvd/logsrvd_journal.c:180 logsrvd/logsrvd_journal.c:187 +msgid "unable to rename journal file" +msgstr "не вдалося перейменувати файл журналу" + +#: logsrvd/logsrvd_journal.c:234 logsrvd/logsrvd_journal.c:235 +#: logsrvd/logsrvd_journal.c:269 logsrvd/logsrvd_journal.c:270 +msgid "unexpected EOF reading journal file" +msgstr "неочікуваний символ кінця файла під час читання файла журналу" + +#: logsrvd/logsrvd_journal.c:238 logsrvd/logsrvd_journal.c:239 +#: logsrvd/logsrvd_journal.c:273 logsrvd/logsrvd_journal.c:274 +msgid "error reading journal file" +msgstr "помилка під час спроби читання файла журналу" + +#: logsrvd/logsrvd_journal.c:285 logsrvd/logsrvd_journal.c:376 +msgid "invalid journal file, unable to restart" +msgstr "некоректний файл журналу, неможливо перезапустити" -#: logsrvd/logsrvd_conf.c:1007 logsrvd/logsrvd_conf.c:1011 -#: logsrvd/logsrvd_conf.c:1015 +#: logsrvd/logsrvd_journal.c:435 #, c-format -msgid "unknown syslog priority %s" -msgstr "невідома пріоритетність syslog %s" +msgid "unable to seek to [%lld, %ld] in journal file %s" +msgstr "не вдалося встановити позицію [%lld, %ld] у файлі журналу %s" -#: logsrvd/sendlog.c:127 -msgid "" -"\n" -"Options:\n" -" --help display help message and exit\n" -" -A, --accept only send an accept event (no I/O)\n" -" -h, --host host to send logs to\n" -" -i, --iolog_id remote ID of I/O log to be resumed\n" -" -p, --port port to use when connecting to host\n" -" -r, --restart restart previous I/O log transfer\n" -" -R, --reject reject the command with the given reason\n" -" -b, --ca-bundle certificate bundle file to verify server's cert against\n" -" -c, --cert certificate file for TLS handshake\n" -" -k, --key private key file\n" -" -n, --no-verify do not verify server certificate\n" -" -t, --test test audit server by sending selected I/O log n times in parallel\n" -" -V, --version display version information and exit\n" -msgstr "" -"\n" -"Параметри:\n" -" --help вивести довідкове повідомлення і завершити роботу\n" -" -A, --accept надсилати лише подію прийняття (без введення-виведення)\n" -" -h, --host вказати вузол для надсилання журналів\n" -" -i, --iolog_id вказати ідентифікатор журналу введення-виведення, яки слід відновити\n" -" -p, --port вказати порт, яким слід скористатися для з'єднання з вузлом\n" -" -r, --restart перезапустити попереднє передавання журналу введення-виведення\n" -" -R, --reject відмовити у виконанні команди із зазначенням вказаної причини\n" -" -b, --ca-bundle вказати файла пакета сертифікатів для перевірки сертифіката сервера\n" -" -c, --cert вказати файл сертифіката для узгодження зв'язку TLS\n" -" -k, --key вказати файл закритого ключа\n" -" -n, --no-verify не перевіряти сертифікат сервера\n" -" -t, --test перевірити сервер аудиту надсиланням вибраного журналу введення-виведення\n" -" паралельно n разів\n" -" -V, --version вивести дані щодо версії і завершити роботу\n" +#: logsrvd/logsrvd_local.c:153 +msgid "error parsing AcceptMessage" +msgstr "помилка під час спроби обробити AcceptMessage" + +#: logsrvd/logsrvd_local.c:164 +msgid "error creating I/O log" +msgstr "помилка під час створення журналу введення-виведення" -#: logsrvd/sendlog.c:164 plugins/sudoers/log_client.c:432 +#: logsrvd/logsrvd_local.c:187 +msgid "error logging accept event" +msgstr "помилка під час обробки події підтвердження дії журналу" + +#: logsrvd/logsrvd_local.c:226 +msgid "error parsing RejectMessage" +msgstr "помилка під час проби обробити RejectMessage" + +#: logsrvd/logsrvd_local.c:250 +msgid "error logging reject event" +msgstr "помилка під час обробки події відмови у записі до журналу" + +#: logsrvd/logsrvd_local.c:386 logsrvd/logsrvd_local.c:394 +msgid "error logging exit event" +msgstr "помилка під час спроби записати до журналу подію виходу" + +#: logsrvd/logsrvd_local.c:451 logsrvd/logsrvd_local.c:452 +msgid "log is already complete, cannot be restarted" +msgstr "журнал вже завершено — його не можна перезапустити" + +#: logsrvd/logsrvd_local.c:482 +msgid "unable to restart log" +msgstr "не вдалося перезапустити журнал" + +#: logsrvd/logsrvd_local.c:498 +msgid "error parsing AlertMessage" +msgstr "помилка під час спроби обробити AlertMessage" + +#: logsrvd/logsrvd_local.c:508 +msgid "error logging alert event" +msgstr "помилка під час обробки події критичного повідомлення журналу" + +#: logsrvd/logsrvd_local.c:543 logsrvd/logsrvd_local.c:596 +#: logsrvd/logsrvd_local.c:631 +#, c-format +msgid "unable to format timing buffer, length %d" +msgstr "не вдалося виконати форматування буфера часових позначок, довжина — %d" + +#: logsrvd/logsrvd_local.c:550 logsrvd/logsrvd_local.c:558 +#: logsrvd/logsrvd_local.c:603 logsrvd/logsrvd_local.c:638 +#: plugins/sudoers/sudoreplay.c:351 +#, c-format +msgid "%s/%s: %s" +msgstr "%s/%s: %s" + +#: logsrvd/logsrvd_local.c:578 +msgid "error writing IoBuffer" +msgstr "помилка під час спроби записати IoBuffer" + +#: logsrvd/logsrvd_local.c:613 +msgid "error writing ChangeWindowSize" +msgstr "помилка під час спроби записати ChangeWindowSize" + +#: logsrvd/logsrvd_local.c:648 +msgid "error writing CommandSuspend" +msgstr "помилка під час спроби записати CommandSuspend" + +#: logsrvd/logsrvd_relay.c:430 +msgid "TLS handshake with relay host failed" +msgstr "помилка спроби ініціалізації зв'язку TLS із вузлом ретранслятора" + +#: logsrvd/logsrvd_relay.c:458 +msgid "unable to connect to relay host" +msgstr "не вдалося встановити з'єднання із вузлом ретранслятора" + +#: logsrvd/logsrvd_relay.c:513 +#, c-format +msgid "%s: invalid ServerHello, missing server_id" +msgstr "%s: некоректне значення ServerHello — пропущено server_id" + +#: logsrvd/logsrvd_relay.c:515 logsrvd/sendlog.c:1121 +#: plugins/sudoers/log_client.c:1497 +msgid "invalid ServerHello" +msgstr "некоректне ServerHello" + +#: logsrvd/logsrvd_relay.c:674 +msgid "unrecognized ServerMessage type" +msgstr "нерозпізнаний тип ServerMessage" + +#: logsrvd/logsrvd_relay.c:703 +#, c-format +msgid "timed out reading from relay %s (%s)" +msgstr "перевищено час очікування на читання з ретранслятора %s (%s)" + +#: logsrvd/logsrvd_relay.c:705 +msgid "timeout reading from relay" +msgstr "перевищено час очікування на читання з ретранслятора" + +#: logsrvd/logsrvd_relay.c:757 +msgid "relay host name does not match certificate" +msgstr "назва вузла ретранслятора не відповідає сертифікату" + +#: logsrvd/logsrvd_relay.c:763 logsrvd/logsrvd_relay.c:776 +#: logsrvd/logsrvd_relay.c:782 +msgid "error reading from relay" +msgstr "помилка під час спроби читання з ретранслятора" + +#: logsrvd/logsrvd_relay.c:803 +msgid "unable to read from relay" +msgstr "не вдалося прочитати з ретранслятора" + +#: logsrvd/logsrvd_relay.c:818 logsrvd/logsrvd_relay.c:936 +msgid "relay server closed connection" +msgstr "сервер-ретранслятор розірвав з'єднання" + +#: logsrvd/logsrvd_relay.c:836 +msgid "server message too large" +msgstr "повідомлення сервера є надто великим" + +#: logsrvd/logsrvd_relay.c:900 +#, c-format +msgid "timed out writing to relay %s (%s)" +msgstr "перевищено час очікування на завершення запису до ретранслятора %s (%s)" + +#: logsrvd/logsrvd_relay.c:902 +msgid "timeout writing to relay" +msgstr "перевищено час очікування на запис до ретранслятора" + +#: logsrvd/logsrvd_relay.c:955 logsrvd/logsrvd_relay.c:961 +#: logsrvd/logsrvd_relay.c:971 +msgid "error writing to relay" +msgstr "помилка під час спроби записати до ретранслятора" + +#: logsrvd/sendlog.c:114 +msgid "send sudo I/O log to remote server" +msgstr "надіслати журнал введення-виведення sudo на віддалений сервер" + +#: logsrvd/sendlog.c:120 +msgid "only send an accept event (no I/O)" +msgstr "надіслати лише подію прийняття (без введення-виведення)" + +#: logsrvd/sendlog.c:123 +msgid "certificate bundle file to verify server's cert against" +msgstr "файл пакунка сертифікатів, за яким слід перевіряти сертифікат сервера" + +#: logsrvd/sendlog.c:125 +msgid "certificate file for TLS handshake" +msgstr "файл сертифіката для підтвердження зв'язку TLS" + +#: logsrvd/sendlog.c:128 +msgid "host to send logs to" +msgstr "вузол, на який слід надіслати журнал" + +#: logsrvd/sendlog.c:130 +msgid "remote ID of I/O log to be resumed" +msgstr "віддалений ідентифікатор журналу введення-виведення, який слід продовжити" + +#: logsrvd/sendlog.c:133 +msgid "private key file" +msgstr "файл закритого ключа" + +#: logsrvd/sendlog.c:135 +msgid "do not verify server certificate" +msgstr "не перевіряти сертифікат сервера" + +#: logsrvd/sendlog.c:138 +msgid "port to use when connecting to host" +msgstr "порт, яким слід скористатися для з'єднання із вузлом" + +#: logsrvd/sendlog.c:140 +msgid "restart previous I/O log transfer" +msgstr "перезапустити попередній обмін даними журналу введення-виведення" + +#: logsrvd/sendlog.c:142 +msgid "reject the command with the given reason" +msgstr "відкинути команду із вказаною причиною" + +#: logsrvd/sendlog.c:144 +msgid "stop transfer after reaching this time" +msgstr "припинити передавання даних після досягнення цієї тривалості" + +#: logsrvd/sendlog.c:146 +msgid "test audit server by sending selected I/O log n times in parallel" +msgstr "перевірити сервер аудиту надсиланням вибраного журналу введення-виведення n разів у паралельному режимі" + +#: logsrvd/sendlog.c:171 plugins/sudoers/log_client.c:441 #, c-format msgid "unable to look up %s:%s: %s" msgstr "не вдалося виконати пошук %s:%s: %s" -#: logsrvd/sendlog.c:202 +#: logsrvd/sendlog.c:209 msgid "unable to get server IP addr" msgstr "не вдалося отримати IP-адресу сервера" -#: logsrvd/sendlog.c:256 plugins/sudoers/sudoreplay.c:851 +#: logsrvd/sendlog.c:295 plugins/sudoers/sudoreplay.c:871 #, c-format msgid "unable to read %s/%s: %s" msgstr "не вдалося прочитати %s/%s: %s" -#: logsrvd/sendlog.c:277 plugins/sudoers/log_client.c:694 -#, c-format -msgid "client message too large: %zu" -msgstr "повідомлення клієнта є надто довгим: %zu" - -#: logsrvd/sendlog.c:810 -#, c-format -msgid "%s: write buffer already in use" -msgstr "%s: буфер запису вже використовується" - -#: logsrvd/sendlog.c:862 plugins/sudoers/iolog.c:880 -#: plugins/sudoers/iolog.c:949 +#: logsrvd/sendlog.c:1045 plugins/sudoers/iolog.c:887 +#: plugins/sudoers/iolog.c:956 #, c-format msgid "unexpected I/O event %d" msgstr "неочікувана подія введення-виведення — %d" -#: logsrvd/sendlog.c:908 logsrvd/sendlog.c:925 logsrvd/sendlog.c:959 -#: plugins/sudoers/log_client.c:1118 plugins/sudoers/log_client.c:1386 -#: plugins/sudoers/log_client.c:1454 plugins/sudoers/log_client.c:1490 +#: logsrvd/sendlog.c:1098 logsrvd/sendlog.c:1115 logsrvd/sendlog.c:1149 +#: plugins/sudoers/log_client.c:1146 plugins/sudoers/log_client.c:1423 +#: plugins/sudoers/log_client.c:1491 plugins/sudoers/log_client.c:1530 #, c-format msgid "%s: unexpected state %d" msgstr "%s: неочікуваний стан — %d" -#: logsrvd/sendlog.c:931 plugins/sudoers/log_client.c:1460 -msgid "invalid ServerHello" -msgstr "некоректне ServerHello" - -#: logsrvd/sendlog.c:995 plugins/sudoers/log_client.c:1534 +#: logsrvd/sendlog.c:1185 plugins/sudoers/log_client.c:1576 #, c-format msgid "error message received from server: %s" msgstr "отримано повідомлення про помилку від сервера: %s" -#: logsrvd/sendlog.c:1008 plugins/sudoers/log_client.c:1547 +#: logsrvd/sendlog.c:1198 plugins/sudoers/log_client.c:1589 #, c-format msgid "abort message received from server: %s" msgstr "отримано повідомлення про переривання від сервера: %s" -#: logsrvd/sendlog.c:1027 plugins/sudoers/log_client.c:1566 -msgid "unable to unpack ServerMessage" -msgstr "не вдалося розпакувати ServerMessage" - -#: logsrvd/sendlog.c:1067 plugins/sudoers/log_client.c:1597 +#: logsrvd/sendlog.c:1257 plugins/sudoers/log_client.c:1639 #, c-format msgid "%s: unexpected type_case value %d" msgstr "%s: неочікуване значення type_case — %d" -#: logsrvd/sendlog.c:1096 +#: logsrvd/sendlog.c:1286 msgid "timeout reading from server" msgstr "перевищено час очікування на читання з сервера" -#: logsrvd/sendlog.c:1174 +#: logsrvd/sendlog.c:1368 msgid "premature EOF" msgstr "передчасне завершення файла" -#: logsrvd/sendlog.c:1187 plugins/sudoers/log_client.c:1751 +#: logsrvd/sendlog.c:1381 plugins/sudoers/log_client.c:1800 #, c-format msgid "server message too large: %u" msgstr "повідомлення сервера є надто великим: %u" -#: logsrvd/sendlog.c:1238 +#: logsrvd/sendlog.c:1437 msgid "timeout writing to server" msgstr "перевищено час очікування на запис на сервері" -#: logsrvd/sendlog.c:1457 plugins/sudoers/log_client.c:296 +#: logsrvd/sendlog.c:1802 +msgid "both restart point and iolog ID must be specified" +msgstr "слід вказати одночасно точку перезапуску та ідентифікатор журналу введення-виведення" + +#: logsrvd/sendlog.c:1806 +msgid "a restart point may not be set when no I/O is sent" +msgstr "точку перезапуску не можна встановлювати, якщо не надсилається жодних даних введення-виведення" + +#: logsrvd/sendlog.c:1882 +#, c-format +msgid "exited prematurely with state %d" +msgstr "передчасний вихід зі станом %d" + +#: logsrvd/sendlog.c:1883 +#, c-format +msgid "elapsed time sent to server [%lld, %ld]" +msgstr "на сервер надіслано дані щодо часу, який лишився [%lld, %ld]" + +#: logsrvd/sendlog.c:1885 +#, c-format +msgid "commit point received from server [%lld, %ld]" +msgstr "отримано точку внеску від сервера [%lld, %ld]" + +#: logsrvd/tls_client.c:106 plugins/sudoers/log_client.c:304 msgid "TLS handshake timeout occurred" msgstr "сталося перевищення часу очікування на узгодження зв'язку TLS" -#: logsrvd/sendlog.c:1476 logsrvd/sendlog.c:1491 -#: plugins/sudoers/log_client.c:318 plugins/sudoers/log_client.c:334 +#: logsrvd/tls_client.c:126 logsrvd/tls_client.c:142 +#: plugins/sudoers/log_client.c:326 plugins/sudoers/log_client.c:342 msgid "unable to set event" msgstr "не вдалося встановити подію" -#: logsrvd/sendlog.c:1501 logsrvd/sendlog.c:1505 +#: logsrvd/tls_client.c:152 logsrvd/tls_client.c:156 #, c-format msgid "TLS connection failed: %s" msgstr "Не вдалося встановити з'єднання TLS: %s" -#: logsrvd/sendlog.c:1538 -#, c-format -msgid "Unable to initialize ssl context: %s" -msgstr "Не вдалося ініціалізувати контекст SSL: %s" - -#: logsrvd/sendlog.c:1543 plugins/sudoers/log_client.c:258 +#: logsrvd/tls_client.c:190 #, c-format -msgid "Unable to allocate ssl object: %s" -msgstr "Не вдалося розмістити об'єкт SSL у пам'яті: %s" +msgid "unable to allocate ssl object: %s" +msgstr "не вдалося розмістити об'єкт SSL у пам'яті: %s" -#: logsrvd/sendlog.c:1548 +#: logsrvd/tls_client.c:203 #, c-format msgid "Unable to attach socket to the ssl object: %s" msgstr "Не вдалося долучити сокет до об'єкта SSL: %s" -#: logsrvd/sendlog.c:1792 -msgid "both restart point and iolog ID must be specified" -msgstr "слід вказати одночасно точку перезапуску та ідентифікатор журналу введення-виведення" +#: logsrvd/tls_client.c:231 +msgid "unable to initialize TLS context" +msgstr "не вдалося ініціалізувати контекст TLS" -#: logsrvd/sendlog.c:1796 -msgid "a restart point may not be set when no I/O is sent" -msgstr "точку перезапуску не можна встановлювати, якщо не надсилається жодних даних введення-виведення" +#: logsrvd/tls_init.c:127 logsrvd/tls_init.c:135 +#, c-format +msgid "unable to set TLS 1.2 ciphersuite to %s: %s" +msgstr "не вдалося встановити комплекс шифрування TLS 1.2 у %s: %s" -#: logsrvd/sendlog.c:1871 +#: logsrvd/tls_init.c:155 logsrvd/tls_init.c:163 #, c-format -msgid "exited prematurely with state %d" -msgstr "передчасний вихід зі станом %d" +msgid "unable to set TLS 1.3 ciphersuite to %s: %s" +msgstr "не вдалося встановити комплекс шифрування TLS 1.3 у %s: %s" -#: logsrvd/sendlog.c:1872 +#: logsrvd/tls_init.c:195 logsrvd/tls_init.c:216 #, c-format -msgid "elapsed time sent to server [%lld, %ld]" -msgstr "на сервер надіслано дані щодо часу, який лишився [%lld, %ld]" +msgid "unable to set diffie-hellman parameters: %s" +msgstr "не вдалося встановити параметри Діфі-Гелмана: %s" -#: logsrvd/sendlog.c:1874 +#: logsrvd/tls_init.c:272 #, c-format -msgid "commit point received from server [%lld, %ld]" -msgstr "отримано точку внеску від сервера [%lld, %ld]" +msgid "unable to create TLS context: %s" +msgstr "не вдалося створити контекст TLS: %s" -#: plugins/sudoers/alias.c:148 +#: logsrvd/tls_init.c:278 #, c-format -msgid "Alias \"%s\" already defined" -msgstr "Замінник «%s» вже визначено" +msgid "unable to set minimum protocol version to TLS 1.2: %s" +msgstr "не вдалося встановити мінімальну версію протоколу у значення TLS 1.2: %s" -#: plugins/sudoers/audit.c:206 plugins/sudoers/audit.c:343 -#: plugins/sudoers/log_client.c:954 plugins/sudoers/log_client.c:1002 -#: plugins/sudoers/log_client.c:1050 plugins/sudoers/log_client.c:1175 -#: plugins/sudoers/logging.c:548 plugins/sudoers/policy.c:114 +#: plugins/sudoers/audit.c:267 plugins/sudoers/audit.c:419 +#: plugins/sudoers/log_client.c:979 plugins/sudoers/log_client.c:1028 +#: plugins/sudoers/log_client.c:1077 plugins/sudoers/log_client.c:1203 +#: plugins/sudoers/logging.c:551 plugins/sudoers/logging.c:648 +#: plugins/sudoers/logging.c:810 plugins/sudoers/policy.c:123 msgid "unable to get time of day" msgstr "не вдалося отримати дані щодо пори доби" @@ -913,45 +1342,45 @@ msgid "unable to change password for %s" msgstr "не вдалося змінити пароль до %s" -#: plugins/sudoers/auth/bsdauth.c:70 +#: plugins/sudoers/auth/bsdauth.c:74 #, c-format msgid "unable to get login class for user %s" msgstr "не вдалося отримати клас входу до системи для користувача %s" -#: plugins/sudoers/auth/bsdauth.c:75 +#: plugins/sudoers/auth/bsdauth.c:79 msgid "unable to begin bsd authentication" msgstr "не вдалося розпочати розпізнавання за BSD" -#: plugins/sudoers/auth/bsdauth.c:83 +#: plugins/sudoers/auth/bsdauth.c:87 msgid "invalid authentication type" msgstr "некоректний тип розпізнавання" -#: plugins/sudoers/auth/bsdauth.c:92 +#: plugins/sudoers/auth/bsdauth.c:96 msgid "unable to initialize BSD authentication" msgstr "не вдалося ініціалізувати розпізнавання за BSD" -#: plugins/sudoers/auth/bsdauth.c:179 +#: plugins/sudoers/auth/bsdauth.c:183 msgid "your account has expired" msgstr "термін дії вашого облікового запису вичерпано" -#: plugins/sudoers/auth/bsdauth.c:181 +#: plugins/sudoers/auth/bsdauth.c:185 msgid "approval failed" msgstr "не вдалося підтвердити" -#: plugins/sudoers/auth/fwtk.c:54 +#: plugins/sudoers/auth/fwtk.c:58 msgid "unable to read fwtk config" msgstr "не вдалося прочитати налаштування fwtk" -#: plugins/sudoers/auth/fwtk.c:59 +#: plugins/sudoers/auth/fwtk.c:63 msgid "unable to connect to authentication server" msgstr "не вдалося встановити з’єднання з сервером розпізнавання" -#: plugins/sudoers/auth/fwtk.c:65 plugins/sudoers/auth/fwtk.c:89 -#: plugins/sudoers/auth/fwtk.c:121 +#: plugins/sudoers/auth/fwtk.c:69 plugins/sudoers/auth/fwtk.c:94 +#: plugins/sudoers/auth/fwtk.c:126 msgid "lost connection to authentication server" msgstr "втрачено зв’язок з сервером розпізнавання" -#: plugins/sudoers/auth/fwtk.c:69 +#: plugins/sudoers/auth/fwtk.c:73 #, c-format msgid "" "authentication server error:\n" @@ -965,83 +1394,83 @@ msgid "%s: unable to convert principal to string ('%s'): %s" msgstr "%s: не вдалося перетворити реєстраційний запис на рядок («%s»): %s" -#: plugins/sudoers/auth/kerb5.c:160 +#: plugins/sudoers/auth/kerb5.c:162 #, c-format msgid "%s: unable to parse '%s': %s" msgstr "%s: не вдалося обробити «%s»: %s" -#: plugins/sudoers/auth/kerb5.c:169 +#: plugins/sudoers/auth/kerb5.c:171 #, c-format msgid "%s: unable to resolve credential cache: %s" msgstr "%s: не вдалося визначити кеш реєстраційних даних: %s" -#: plugins/sudoers/auth/kerb5.c:216 +#: plugins/sudoers/auth/kerb5.c:220 #, c-format msgid "%s: unable to allocate options: %s" msgstr "%s: не вдалося розмістити параметри: %s" -#: plugins/sudoers/auth/kerb5.c:231 +#: plugins/sudoers/auth/kerb5.c:235 #, c-format msgid "%s: unable to get credentials: %s" msgstr "%s: не вдалося отримати реєстраційні дані: %s" -#: plugins/sudoers/auth/kerb5.c:244 +#: plugins/sudoers/auth/kerb5.c:248 #, c-format msgid "%s: unable to initialize credential cache: %s" msgstr "%s: не вдалося ініціалізувати кеш реєстраційних даних: %s" -#: plugins/sudoers/auth/kerb5.c:247 +#: plugins/sudoers/auth/kerb5.c:251 #, c-format msgid "%s: unable to store credential in cache: %s" msgstr "%s: не вдалося зберегти реєстраційні дані у кеші: %s" -#: plugins/sudoers/auth/kerb5.c:311 +#: plugins/sudoers/auth/kerb5.c:315 #, c-format msgid "%s: unable to get host principal: %s" msgstr "%s: не вдалося отримати реєстраційний запис вузла: %s" -#: plugins/sudoers/auth/kerb5.c:325 +#: plugins/sudoers/auth/kerb5.c:329 #, c-format msgid "%s: Cannot verify TGT! Possible attack!: %s" msgstr "%s: спроба перевірки TGT зазнала невдачі! Ймовірно, вас атаковано: %s" -#: plugins/sudoers/auth/pam.c:218 +#: plugins/sudoers/auth/pam.c:216 #, c-format msgid "unable to initialize PAM: %s" msgstr "не вдалося ініціалізувати PAM: %s" -#: plugins/sudoers/auth/pam.c:317 +#: plugins/sudoers/auth/pam.c:338 #, c-format msgid "PAM authentication error: %s" msgstr "Помилка розпізнавання PAM: %s" -#: plugins/sudoers/auth/pam.c:336 +#: plugins/sudoers/auth/pam.c:357 msgid "account validation failure, is your account locked?" msgstr "помилка під час спроби перевірки облікового запису. Ваш обліковий запис заблоковано?" -#: plugins/sudoers/auth/pam.c:347 +#: plugins/sudoers/auth/pam.c:368 msgid "Account or password is expired, reset your password and try again" msgstr "Строк дії облікового запису або пароля збіг, визначте новий пароль і повторіть спробу" -#: plugins/sudoers/auth/pam.c:353 +#: plugins/sudoers/auth/pam.c:374 #, c-format msgid "unable to change expired password: %s" msgstr "не вдалося змінити пароль, строк дії якого завершився: %s" -#: plugins/sudoers/auth/pam.c:364 +#: plugins/sudoers/auth/pam.c:385 msgid "Password expired, contact your system administrator" msgstr "Строк дії пароля збіг, зверніться до адміністратора вашої системи щодо поновлення пароля" -#: plugins/sudoers/auth/pam.c:369 +#: plugins/sudoers/auth/pam.c:390 msgid "Account expired or PAM config lacks an \"account\" section for sudo, contact your system administrator" msgstr "Строк дії облікового запису збіг або у файлі налаштувань PAM немає розділу \"account\" для sudo. Повідомте про це адміністратора вашої системи." -#: plugins/sudoers/auth/pam.c:377 plugins/sudoers/auth/pam.c:382 +#: plugins/sudoers/auth/pam.c:398 plugins/sudoers/auth/pam.c:403 #, c-format msgid "PAM account management error: %s" msgstr "Помилка керування обліковими записами PAM: %s" -#: plugins/sudoers/auth/rfc1938.c:99 plugins/sudoers/visudo.c:243 +#: plugins/sudoers/auth/rfc1938.c:99 plugins/sudoers/visudo.c:255 #, c-format msgid "you do not exist in the %s database" msgstr "вас немає у базі даних %s" @@ -1050,31 +1479,31 @@ msgid "failed to initialise the ACE API library" msgstr "не вдалося ініціалізувати бібліотеку програмного інтерфейсу до ACE" -#: plugins/sudoers/auth/securid5.c:98 +#: plugins/sudoers/auth/securid5.c:103 msgid "unable to contact the SecurID server" msgstr "не вдалося встановити зв’язок з сервером SecurID" -#: plugins/sudoers/auth/securid5.c:107 +#: plugins/sudoers/auth/securid5.c:112 msgid "User ID locked for SecurID Authentication" msgstr "Ідентифікатор користувача заблоковано для розпізнавання SecurID" -#: plugins/sudoers/auth/securid5.c:111 plugins/sudoers/auth/securid5.c:162 +#: plugins/sudoers/auth/securid5.c:116 plugins/sudoers/auth/securid5.c:167 msgid "invalid username length for SecurID" msgstr "некоректна довжина імені користувача для SecurID" -#: plugins/sudoers/auth/securid5.c:115 plugins/sudoers/auth/securid5.c:167 +#: plugins/sudoers/auth/securid5.c:120 plugins/sudoers/auth/securid5.c:172 msgid "invalid Authentication Handle for SecurID" msgstr "некоректний дескриптор розпізнавання для SecurID" -#: plugins/sudoers/auth/securid5.c:119 +#: plugins/sudoers/auth/securid5.c:124 msgid "SecurID communication failed" msgstr "спроба обміну даними з SecurID зазнала невдачі" -#: plugins/sudoers/auth/securid5.c:123 plugins/sudoers/auth/securid5.c:210 +#: plugins/sudoers/auth/securid5.c:128 plugins/sudoers/auth/securid5.c:215 msgid "unknown SecurID error" msgstr "невідома помилка SecurID" -#: plugins/sudoers/auth/securid5.c:157 +#: plugins/sudoers/auth/securid5.c:162 msgid "invalid passcode length for SecurID" msgstr "некоректна довжина коду пароля для SecurID" @@ -1114,7 +1543,17 @@ msgid "unable to commit audit record" msgstr "не вдалося надіслати запис аудита" -#: plugins/sudoers/check.c:258 +#: plugins/sudoers/check.c:264 +#, c-format +msgid "error reading lecture file %s" +msgstr "помилка під час спроби читання файла настанов %s" + +#: plugins/sudoers/check.c:270 +#, c-format +msgid "ignoring lecture file %s: not a regular file" +msgstr "ігноруємо файл настанов %s: він не є звичайним файлом" + +#: plugins/sudoers/check.c:283 msgid "" "\n" "We trust you have received the usual lecture from the local System\n" @@ -1134,118 +1573,122 @@ " #3) Користування широкими правами розширює сферу відповідальності.\n" "\n" -#: plugins/sudoers/check.c:301 plugins/sudoers/check.c:311 -#: plugins/sudoers/sudoers.c:837 plugins/sudoers/sudoers.c:858 +#: plugins/sudoers/check.c:331 plugins/sudoers/check.c:341 +#: plugins/sudoers/sudoers.c:885 plugins/sudoers/sudoers.c:906 #: plugins/sudoers/tsdump.c:119 #, c-format -msgid "unknown uid: %u" -msgstr "невідоме значення uid: %u" +msgid "unknown uid %u" +msgstr "невідоме значення uid %u" + +#: plugins/sudoers/check_aliases.c:92 +#, c-format +msgid "Error: %s:%d:%d: cycle in %s \"%s\"" +msgstr "Помилка: %s:%d:%d: цикл у %s «%s»" + +#: plugins/sudoers/check_aliases.c:93 +#, c-format +msgid "Warning: %s:%d:%d: cycle in %s \"%s\"" +msgstr "Попередження: %s:%d:%d: цикл у %s «%s»" + +#: plugins/sudoers/check_aliases.c:97 +#, c-format +msgid "Error: %s:%d:%d: %s \"%s\" referenced but not defined" +msgstr "Помилка: виявлено посилання %s:%d:%d: %s «%s», яке не визначено" -#: plugins/sudoers/check.c:306 plugins/sudoers/exptilde.c:85 -#: plugins/sudoers/iolog.c:118 plugins/sudoers/policy.c:1088 -#: plugins/sudoers/sudoers.c:440 plugins/sudoers/sudoers.c:1307 -#: plugins/sudoers/testsudoers.c:219 plugins/sudoers/testsudoers.c:386 +#: plugins/sudoers/check_aliases.c:98 #, c-format -msgid "unknown user: %s" -msgstr "невідомий користувач: %s" +msgid "Warning: %s:%d:%d: %s \"%s\" referenced but not defined" +msgstr "Попередження: виявлено посилання %s:%d:%d: %s «%s», яке не визначено" -#: plugins/sudoers/cvtsudoers.c:194 +#: plugins/sudoers/cvtsudoers.c:209 #, c-format msgid "order increment: %s: %s" msgstr "збільшення порядку: %s: %s" -#: plugins/sudoers/cvtsudoers.c:210 +#: plugins/sudoers/cvtsudoers.c:228 #, c-format msgid "starting order: %s: %s" msgstr "початковий порядок: %s: %s" -#: plugins/sudoers/cvtsudoers.c:220 +#: plugins/sudoers/cvtsudoers.c:238 #, c-format msgid "order padding: %s: %s" msgstr "доповнення порядку: %s: %s" -#: plugins/sudoers/cvtsudoers.c:230 plugins/sudoers/visudo.c:179 +#: plugins/sudoers/cvtsudoers.c:248 plugins/sudoers/visudo.c:179 #, c-format msgid "%s grammar version %d\n" msgstr "Граматична перевірка %s, версія %d\n" -#: plugins/sudoers/cvtsudoers.c:247 plugins/sudoers/testsudoers.c:167 +#: plugins/sudoers/cvtsudoers.c:277 plugins/sudoers/testsudoers.c:159 #, c-format msgid "unsupported input format %s" msgstr "непідтримуваний формат вхідних даних, %s" -#: plugins/sudoers/cvtsudoers.c:262 +#: plugins/sudoers/cvtsudoers.c:295 #, c-format msgid "unsupported output format %s" msgstr "непідтримуваний формат виведення, %s" -#: plugins/sudoers/cvtsudoers.c:314 +#: plugins/sudoers/cvtsudoers.c:385 #, c-format msgid "%s: input and output files must be different" msgstr "%s: файли вхідних і вихідних даних мають бути різними файлами" -#: plugins/sudoers/cvtsudoers.c:330 plugins/sudoers/sudoers.c:178 -#: plugins/sudoers/testsudoers.c:258 plugins/sudoers/visudo.c:249 -#: plugins/sudoers/visudo.c:603 plugins/sudoers/visudo.c:926 +#: plugins/sudoers/cvtsudoers.c:399 plugins/sudoers/sudoers.c:159 +#: plugins/sudoers/sudoers.c:205 plugins/sudoers/testsudoers.c:254 +#: plugins/sudoers/visudo.c:261 plugins/sudoers/visudo.c:620 +#: plugins/sudoers/visudo.c:953 msgid "unable to initialize sudoers default values" msgstr "не вдалося ініціалізувати типові значення sudoers" -#: plugins/sudoers/cvtsudoers.c:416 plugins/sudoers/ldap_conf.c:431 +#: plugins/sudoers/cvtsudoers.c:522 plugins/sudoers/ldap_conf.c:431 #, c-format msgid "%s: %s: %s: %s" msgstr "%s: %s: %s: %s" -#: plugins/sudoers/cvtsudoers.c:475 +#: plugins/sudoers/cvtsudoers.c:581 #, c-format -msgid "%s: unknown key word: %s" -msgstr "%s: невідоме ключове слово: %s" +msgid "%s: unknown key word %s" +msgstr "%s: невідоме ключове слово %s" -#: plugins/sudoers/cvtsudoers.c:521 +#: plugins/sudoers/cvtsudoers.c:627 #, c-format msgid "invalid defaults type: %s" msgstr "некоректний тип типових значень: %s" -#: plugins/sudoers/cvtsudoers.c:544 +#: plugins/sudoers/cvtsudoers.c:650 #, c-format msgid "invalid suppression type: %s" msgstr "некоректний тип придушення: %s" -#: plugins/sudoers/cvtsudoers.c:584 plugins/sudoers/cvtsudoers.c:598 +#: plugins/sudoers/cvtsudoers.c:691 plugins/sudoers/cvtsudoers.c:707 #, c-format msgid "invalid filter: %s" msgstr "некоректний фільтр: %s" -#: plugins/sudoers/cvtsudoers.c:617 plugins/sudoers/cvtsudoers.c:634 -#: plugins/sudoers/cvtsudoers.c:1244 plugins/sudoers/cvtsudoers_json.c:872 -#: plugins/sudoers/cvtsudoers_ldif.c:688 plugins/sudoers/sudoers.c:1053 -#: plugins/sudoers/sudoreplay.c:1435 plugins/sudoers/timestamp.c:441 -#: plugins/sudoers/tsdump.c:128 plugins/sudoers/visudo.c:922 -#, c-format -msgid "unable to open %s" -msgstr "не вдалося відкрити %s" - -#: plugins/sudoers/cvtsudoers.c:637 plugins/sudoers/visudo.c:931 +#: plugins/sudoers/cvtsudoers.c:751 plugins/sudoers/visudo.c:958 #, c-format msgid "failed to parse %s file, unknown error" msgstr "не вдалося обробити файл %s, невідома помилка" -#: plugins/sudoers/cvtsudoers.c:645 +#: plugins/sudoers/cvtsudoers.c:759 #, c-format msgid "parse error in %s near line %d\n" msgstr "помилка обробки у %s поблизу рядка %d\n" -#: plugins/sudoers/cvtsudoers.c:648 +#: plugins/sudoers/cvtsudoers.c:762 #, c-format msgid "parse error in %s\n" msgstr "помилка обробки у %s\n" -#: plugins/sudoers/cvtsudoers.c:1291 plugins/sudoers/sudoreplay.c:1124 -#: plugins/sudoers/timestamp.c:325 plugins/sudoers/timestamp.c:328 +#: plugins/sudoers/cvtsudoers.c:1486 plugins/sudoers/sudoreplay.c:1145 +#: plugins/sudoers/timestamp.c:317 plugins/sudoers/timestamp.c:320 #, c-format msgid "unable to write to %s" msgstr "не вдалося виконати запис до %s" -#: plugins/sudoers/cvtsudoers.c:1314 +#: plugins/sudoers/cvtsudoers.c:1509 #, c-format msgid "" "%s - convert between sudoers file formats\n" @@ -1254,7 +1697,7 @@ "%s — перетворення форматів файлів sudoers\n" "\n" -#: plugins/sudoers/cvtsudoers.c:1316 +#: plugins/sudoers/cvtsudoers.c:1511 msgid "" "\n" "Options:\n" @@ -1294,33 +1737,75 @@ " -s, --suppress=розділи придушити виведення певних розділів\n" " -V, --version вивести дані щодо версії і завершити роботу" -#: plugins/sudoers/cvtsudoers_json.c:480 plugins/sudoers/cvtsudoers_json.c:514 -#: plugins/sudoers/cvtsudoers_json.c:713 -#, c-format -msgid "unknown defaults entry \"%s\"" -msgstr "невідомий запис типових параметрів «%s»" - -#: plugins/sudoers/cvtsudoers_json.c:651 plugins/sudoers/cvtsudoers_json.c:664 -#: plugins/sudoers/cvtsudoers_ldif.c:346 plugins/sudoers/cvtsudoers_ldif.c:357 -#: plugins/sudoers/ldap.c:503 +#: plugins/sudoers/cvtsudoers_csv.c:452 plugins/sudoers/cvtsudoers_csv.c:466 +#: plugins/sudoers/cvtsudoers_json.c:654 plugins/sudoers/cvtsudoers_json.c:669 +#: plugins/sudoers/cvtsudoers_ldif.c:347 plugins/sudoers/cvtsudoers_ldif.c:360 +#: plugins/sudoers/ldap.c:504 msgid "unable to get GMT time" msgstr "не вдалося отримати гринвіцький час" -#: plugins/sudoers/cvtsudoers_json.c:654 plugins/sudoers/cvtsudoers_json.c:667 -#: plugins/sudoers/cvtsudoers_ldif.c:349 plugins/sudoers/cvtsudoers_ldif.c:360 -#: plugins/sudoers/ldap.c:509 +#: plugins/sudoers/cvtsudoers_csv.c:457 plugins/sudoers/cvtsudoers_csv.c:471 +#: plugins/sudoers/cvtsudoers_json.c:659 plugins/sudoers/cvtsudoers_json.c:674 +#: plugins/sudoers/cvtsudoers_ldif.c:352 plugins/sudoers/cvtsudoers_ldif.c:365 +#: plugins/sudoers/ldap.c:512 msgid "unable to format timestamp" msgstr "не вдалося виконати форматування часового штампа" -#: plugins/sudoers/cvtsudoers_ldif.c:640 +#: plugins/sudoers/cvtsudoers_json.c:480 plugins/sudoers/cvtsudoers_json.c:515 +#: plugins/sudoers/cvtsudoers_json.c:725 plugins/sudoers/defaults.c:189 +#, c-format +msgid "%s:%d:%d: unknown defaults entry \"%s\"" +msgstr "%s:%d:%d: невідомий запис типових параметрів, «%s»" + +#: plugins/sudoers/cvtsudoers_ldif.c:649 #, c-format msgid "too many sudoers entries, maximum %u" msgstr "забагато записів sudoers, максимальна кількість — %u" -#: plugins/sudoers/cvtsudoers_ldif.c:683 +#: plugins/sudoers/cvtsudoers_ldif.c:692 msgid "the SUDOERS_BASE environment variable is not set and the -b option was not specified." msgstr "не встановлено значення змінної середовища SUDOERS_BASE і не вказано параметра -b." +#: plugins/sudoers/cvtsudoers_merge.c:438 +#, c-format +msgid "unable to find alias %s" +msgstr "не вдалося знайти альтернативну назву %s" + +#: plugins/sudoers/cvtsudoers_merge.c:441 +#, c-format +msgid "%s:%d:%d: renaming alias %s to %s" +msgstr "%s:%d:%d: перейменування альтернативної назви %s на %s" + +#: plugins/sudoers/cvtsudoers_merge.c:498 +#, c-format +msgid "%s:%d:%d: removing duplicate alias %s" +msgstr "%s:%d:%d: вилучення дубліката альтернативної назви %s" + +#: plugins/sudoers/cvtsudoers_merge.c:658 +#, c-format +msgid "%s:%d:%d: conflicting Defaults entry \"%s\" host-specific in %s:%d:%d" +msgstr "%s:%d:%d: конфлікт запису Defaults «%s» специфічним для вузла у %s:%d:%d" + +#: plugins/sudoers/cvtsudoers_merge.c:698 +#, c-format +msgid "%s:%d:%d: made Defaults \"%s\" specific to host %s" +msgstr "%s:%d:%d: Defaults «%s» зроблено специфічним для вузла %s" + +#: plugins/sudoers/cvtsudoers_merge.c:718 +#, c-format +msgid "%s:%d:%d: removing Defaults \"%s\" overridden by subsequent entries" +msgstr "%s:%d:%d: вилучення Defaults «%s» перевизначено наступними записами" + +#: plugins/sudoers/cvtsudoers_merge.c:723 +#, c-format +msgid "%s:%d:%d: unable to make Defaults \"%s\" host-specific" +msgstr "%s:%d:%d: не вдалося зробити Defaults «%s» специфічними для вузла" + +#: plugins/sudoers/cvtsudoers_merge.c:943 +#, c-format +msgid "%s:%d:%d: removing userspec overridden by subsequent entries" +msgstr "%s:%d:%d: вилучення userspec перевизначено наступними записами" + #: plugins/sudoers/def_data.c:50 #, c-format msgid "Syslog facility if syslog is being used for logging: %s" @@ -1900,95 +2385,194 @@ msgid "The format of logs to produce: %s" msgstr "Формат журналу: %s" -#: plugins/sudoers/defaults.c:185 +#: plugins/sudoers/def_data.c:574 +msgid "Enable SELinux RBAC support" +msgstr "Увімкнути підтримку RBAC SELinux" + +#: plugins/sudoers/def_data.c:578 #, c-format -msgid "%s:%d:%d: unknown defaults entry \"%s\"" -msgstr "%s:%d:%d: невідомий запис типових параметрів, «%s»" +msgid "Path to the file that is created the first time sudo is run: %s" +msgstr "Шлях до файла, який було створено під час першого запуску sudo: %s" + +#: plugins/sudoers/def_data.c:582 +msgid "Intercept further commands and apply sudoers restrictions to them" +msgstr "Перехоплювати подальші команди і застосовувати до них обмеження sudoers" + +#: plugins/sudoers/def_data.c:586 +msgid "Log sub-commands run by the original command" +msgstr "Записувати до журналу підкоманди, які запущено початковою командою" + +#: plugins/sudoers/def_data.c:590 +msgid "Log the exit status of commands" +msgstr "Записувати до журналу стан виходу команд" + +#: plugins/sudoers/def_data.c:594 +msgid "Subsequent commands in an intercepted session must be authenticated" +msgstr "Для виконання наступних команд у перехопленому сеансі слід пройти розпізнавання" + +#: plugins/sudoers/def_data.c:598 +msgid "Allow an intercepted command to run set setuid or setgid programs" +msgstr "Дозволити перехопленій команді запускати програми зі встановлення setuid або setgid" + +#: plugins/sudoers/def_data.c:602 +#, c-format +msgid "The maximum size to which the process's address space may grow (in bytes): %s" +msgstr "Максимальний розмір, до якого може зростати адресний простір процесу (у байтах): %s" + +#: plugins/sudoers/def_data.c:606 +#, c-format +msgid "The largest size core dump file that may be created (in bytes): %s" +msgstr "Найбільший розмір файла дампа ядра, який може бути створено (у байтах): %s" + +#: plugins/sudoers/def_data.c:610 +#, c-format +msgid "The maximum amount of CPU time that the process may use (in seconds): %s" +msgstr "Максимальна кількість часу процесора, який може використовувати процес (у секундах): %s" + +#: plugins/sudoers/def_data.c:614 +#, c-format +msgid "The maximum size of the data segment for the process (in bytes): %s" +msgstr "Максимальний розмір сегмента даних для процесу (у байтах): %s" + +#: plugins/sudoers/def_data.c:618 +#, c-format +msgid "The largest size file that the process may create (in bytes): %s" +msgstr "Найбільший розмір файла, який може створювати процес (у байтах): %s" + +#: plugins/sudoers/def_data.c:622 +#, c-format +msgid "The maximum number of locks that the process may establish: %s" +msgstr "Максимальна кількість блокувань, які може встановлювати процес: %s" + +#: plugins/sudoers/def_data.c:626 +#, c-format +msgid "The maximum size that the process may lock in memory (in bytes): %s" +msgstr "Максимальний розмір, який процес може блокувати у пам'яті (у байтах): %s" -#: plugins/sudoers/defaults.c:188 +#: plugins/sudoers/def_data.c:630 +#, c-format +msgid "The maximum number of files that the process may have open: %s" +msgstr "Максимальна кількість файлів, які може відкривати процес: %s" + +#: plugins/sudoers/def_data.c:634 +#, c-format +msgid "The maximum number of processes that the user may run simultaneously: %s" +msgstr "Максимальна кількість процесів, які користувач може запускати одночасно: %s" + +#: plugins/sudoers/def_data.c:638 +#, c-format +msgid "The maximum size to which the process's resident set size may grow (in bytes): %s" +msgstr "Максимальний розмір, до якого може зростати розмір резидентного набору (у байтах): %s" + +#: plugins/sudoers/def_data.c:642 +#, c-format +msgid "The maximum size to which the process's stack may grow (in bytes): %s" +msgstr "Максимальний розмір, до якого може зростати стос процесу (у байтах): %s" + +#: plugins/sudoers/defaults.c:192 #, c-format msgid "%s: unknown defaults entry \"%s\"" msgstr "%s: невідомий запис типових параметрів, «%s»" -#: plugins/sudoers/defaults.c:234 +#: plugins/sudoers/defaults.c:241 #, c-format msgid "%s:%d:%d: no value specified for \"%s\"" msgstr "%s:%d:%d: не вказано значення для «%s»" -#: plugins/sudoers/defaults.c:237 +#: plugins/sudoers/defaults.c:244 #, c-format msgid "%s: no value specified for \"%s\"" msgstr "%s: не вказано значення для «%s»" -#: plugins/sudoers/defaults.c:275 +#: plugins/sudoers/defaults.c:257 +#, c-format +msgid "%s:%d:%d: invalid operator \"%c=\" for \"%s\"" +msgstr "%s:%d:%d: некоректний оператор «%c=» для «%s»" + +#: plugins/sudoers/defaults.c:260 +#, c-format +msgid "%s: invalid operator \"%c=\" for \"%s\"" +msgstr "%s: некоректний оператор «%c=» для «%s»" + +#: plugins/sudoers/defaults.c:296 #, c-format msgid "%s:%d:%d: option \"%s\" does not take a value" msgstr "%s:%d:%d: параметру «%s» не потрібно передавати значення" -#: plugins/sudoers/defaults.c:278 +#: plugins/sudoers/defaults.c:299 #, c-format msgid "%s: option \"%s\" does not take a value" msgstr "%s: параметру «%s» не потрібно передавати значення" -#: plugins/sudoers/defaults.c:303 +#: plugins/sudoers/defaults.c:327 #, c-format msgid "%s:%d:%d: invalid Defaults type 0x%x for option \"%s\"" msgstr "%s:%d:%d: некоректний тип Defaults, 0x%x, для параметра «%s»" -#: plugins/sudoers/defaults.c:306 +#: plugins/sudoers/defaults.c:330 #, c-format msgid "%s: invalid Defaults type 0x%x for option \"%s\"" msgstr "%s: некоректний тип Defaults, 0x%x, для параметра «%s»" -#: plugins/sudoers/defaults.c:316 +#: plugins/sudoers/defaults.c:340 #, c-format msgid "%s:%d:%d: value \"%s\" is invalid for option \"%s\"" msgstr "%s:%d:%d: значення «%s» є некоректним для параметра «%s»" -#: plugins/sudoers/defaults.c:319 +#: plugins/sudoers/defaults.c:343 #, c-format msgid "%s: value \"%s\" is invalid for option \"%s\"" msgstr "%s: значення «%s» є некоректним для параметра «%s»" -#: plugins/sudoers/defaults.c:1030 +#: plugins/sudoers/defaults.c:1124 +#, c-format +msgid "%s:%d:%d: path name for \"%s\" too long" +msgstr "%s:%d:%d: назва шляху «%s» є надто довгою" + +#: plugins/sudoers/defaults.c:1127 +#, c-format +msgid "%s: path name for \"%s\" too long" +msgstr "%s: назва шляху для «%s» є надто довгою" + +#: plugins/sudoers/defaults.c:1138 #, c-format msgid "%s:%d:%d: values for \"%s\" must start with a '/', '~', or '*'" msgstr "%s:%d:%d: значення для «%s» має починатися з «/», «~» або «*»" -#: plugins/sudoers/defaults.c:1034 +#: plugins/sudoers/defaults.c:1142 #, c-format msgid "%s: values for \"%s\" must start with a '/', '~', or '*'" msgstr "%s: значення для «%s» має починатися з «/», «~» або «*»" -#: plugins/sudoers/defaults.c:1045 +#: plugins/sudoers/defaults.c:1153 #, c-format msgid "%s:%d:%d: values for \"%s\" must start with a '/'" msgstr "%s:%d:%d: значення для «%s» має починатися з «/»" -#: plugins/sudoers/defaults.c:1049 +#: plugins/sudoers/defaults.c:1157 #, c-format msgid "%s: values for \"%s\" must start with a '/'" msgstr "%s: значення для «%s» має починатися з «/»" -#: plugins/sudoers/env.c:405 +#: plugins/sudoers/env.c:412 msgid "sudo_putenv: corrupted envp, length mismatch" msgstr "sudo_putenv: помилкове значення envp, невідповідність довжин" -#: plugins/sudoers/env.c:1133 +#: plugins/sudoers/env.c:1095 msgid "unable to rebuild the environment" msgstr "не вдалося перебудувати середовище" -#: plugins/sudoers/env.c:1207 +#: plugins/sudoers/env.c:1169 #, c-format msgid "sorry, you are not allowed to set the following environment variables: %s" msgstr "вибачте, вам не дозволено встановлювати такі змінні середовища: %s" -#: plugins/sudoers/file.c:107 +#: plugins/sudoers/file.c:108 #, c-format msgid "parse error in %s near line %d" msgstr "помилка обробки у %s поблизу рядка %d" -#: plugins/sudoers/file.c:110 +#: plugins/sudoers/file.c:111 #, c-format msgid "parse error in %s" msgstr "помилка обробки у %s" @@ -2013,7 +2597,7 @@ msgid "%s must only be writable by owner" msgstr "%s має бути доступним до запису лише для власника" -#: plugins/sudoers/group_plugin.c:96 plugins/sudoers/sssd.c:569 +#: plugins/sudoers/group_plugin.c:96 plugins/sudoers/sssd.c:566 #, c-format msgid "unable to load %s: %s" msgstr "не вдалося завантажити %s: %s" @@ -2028,56 +2612,51 @@ msgid "%s: incompatible group plugin major version %d, expected %d" msgstr "%s: несумісна основна версія додатка обробки груп %d, мало бути — %d" -#: plugins/sudoers/interfaces.c:80 plugins/sudoers/interfaces.c:97 +#: plugins/sudoers/interfaces.c:76 plugins/sudoers/interfaces.c:93 #, c-format msgid "unable to parse IP address \"%s\"" msgstr "не вдалося обробити IP-адресу «%s»" -#: plugins/sudoers/interfaces.c:85 plugins/sudoers/interfaces.c:102 +#: plugins/sudoers/interfaces.c:81 plugins/sudoers/interfaces.c:98 #, c-format msgid "unable to parse netmask \"%s\"" msgstr "не вдалося обробити маску мережі «%s»" -#: plugins/sudoers/interfaces.c:130 +#: plugins/sudoers/interfaces.c:126 msgid "Local IP address and netmask pairs:\n" msgstr "Пари локальних IP-адрес і масок мережі:\n" -#: plugins/sudoers/iolog.c:143 plugins/sudoers/sudoers.c:445 -#: plugins/sudoers/sudoers.c:1341 plugins/sudoers/testsudoers.c:410 -#, c-format -msgid "unknown group: %s" -msgstr "невідома група: %s" - -#: plugins/sudoers/iolog.c:622 +#: plugins/sudoers/iolog.c:626 msgid "unable to update sequence file" msgstr "не вдалося оновити файл послідовності" -#: plugins/sudoers/iolog.c:653 plugins/sudoers/iolog.c:841 -#: plugins/sudoers/iolog.c:994 plugins/sudoers/iolog.c:1001 -#: plugins/sudoers/iolog.c:1122 plugins/sudoers/iolog.c:1129 -#: plugins/sudoers/iolog.c:1228 plugins/sudoers/iolog.c:1235 +#: plugins/sudoers/iolog.c:660 plugins/sudoers/iolog.c:848 +#: plugins/sudoers/iolog.c:1001 plugins/sudoers/iolog.c:1008 +#: plugins/sudoers/iolog.c:1129 plugins/sudoers/iolog.c:1136 +#: plugins/sudoers/iolog.c:1235 plugins/sudoers/iolog.c:1242 #, c-format msgid "unable to write to I/O log file: %s" msgstr "не вдалося здійснити запис до файла журналу введення-виведення: %s" -#: plugins/sudoers/iolog.c:661 +#: plugins/sudoers/iolog.c:668 #, c-format msgid "unable to create %s/%s" msgstr "не вдалося створити %s/%s" -#: plugins/sudoers/iolog.c:886 +#: plugins/sudoers/iolog.c:893 #, c-format msgid "%s: internal error, I/O log file for event %d not open" msgstr "%s: внутрішня помилка, файл журналу введення-виведення для події %d не відкрито" -#: plugins/sudoers/iolog.c:979 plugins/sudoers/iolog.c:1107 -#: plugins/sudoers/iolog.c:1212 plugins/sudoers/timestamp.c:855 -#: plugins/sudoers/timestamp.c:947 plugins/sudoers/visudo.c:493 -#: plugins/sudoers/visudo.c:499 +#: plugins/sudoers/iolog.c:986 plugins/sudoers/iolog.c:1114 +#: plugins/sudoers/iolog.c:1219 plugins/sudoers/timestamp.c:849 +#: plugins/sudoers/timestamp.c:941 plugins/sudoers/visudo.c:510 +#: plugins/sudoers/visudo.c:516 msgid "unable to read the clock" msgstr "не вдалося прочитати час на годиннику" -#: plugins/sudoers/iolog.c:1204 plugins/sudoers/log_client.c:1193 +#: plugins/sudoers/iolog.c:1211 plugins/sudoers/log_client.c:1221 +#: plugins/sudoers/log_client.c:1231 plugins/sudoers/log_client.c:1235 #, c-format msgid "%s: internal error, invalid signal %d" msgstr "%s: внутрішня помилка, некоректний сигнал %d" @@ -2096,16 +2675,16 @@ msgid "you must set TLS_CERT in %s to use SSL" msgstr "щоб скористатися SSL, вам слід встановити для TLS_CERT значення %s" -#: plugins/sudoers/ldap.c:1660 +#: plugins/sudoers/ldap.c:1663 #, c-format msgid "unable to initialize LDAP: %s" msgstr "не вдалося ініціалізувати LDAP: %s" -#: plugins/sudoers/ldap.c:1697 +#: plugins/sudoers/ldap.c:1700 msgid "start_tls specified but LDAP libs do not support ldap_start_tls_s() or ldap_start_tls_s_np()" msgstr "start_tls вказано, але у бібліотеках LDAP не передбачено підтримки ldap_start_tls_s() або ldap_start_tls_s_np()" -#: plugins/sudoers/ldap.c:1834 plugins/sudoers/parse_ldif.c:744 +#: plugins/sudoers/ldap.c:1837 plugins/sudoers/parse_ldif.c:747 #, c-format msgid "invalid sudoOrder attribute: %s" msgstr "некоректний атрибут sudoOrder: %s" @@ -2124,100 +2703,132 @@ msgid "unable to mix ldap and ldaps URIs" msgstr "не можна використовувати суміш з адрес ldap і ldaps" -#: plugins/sudoers/ldap_util.c:553 plugins/sudoers/ldap_util.c:555 +#: plugins/sudoers/ldap_util.c:498 plugins/sudoers/ldap_util.c:505 +#: plugins/sudoers/ldap_util.c:513 plugins/sudoers/ldap_util.c:522 +#: plugins/sudoers/ldap_util.c:530 plugins/sudoers/ldap_util.c:540 +#: plugins/sudoers/ldap_util.c:548 +#, c-format +msgid "duplicate sudoOption: %s%s%s" +msgstr "дублювання sudoOption: %s%s%s" + +#: plugins/sudoers/ldap_util.c:567 plugins/sudoers/ldap_util.c:569 #, c-format msgid "unable to convert sudoOption: %s%s%s" msgstr "не вдалося перетворити запис sudoOption: %s%s%s" -#: plugins/sudoers/linux_audit.c:58 +#: plugins/sudoers/linux_audit.c:58 plugins/sudoers/linux_audit.c:60 msgid "unable to open audit system" msgstr "не вдалося відкрити систему аудита" -#: plugins/sudoers/linux_audit.c:101 +#: plugins/sudoers/linux_audit.c:103 msgid "unable to send audit message" msgstr "не вдалося надіслати повідомлення аудита" -#: plugins/sudoers/log_client.c:113 plugins/sudoers/log_client.c:391 -#: plugins/sudoers/log_client.c:1431 plugins/sudoers/log_client.c:2023 +#: plugins/sudoers/log_client.c:120 plugins/sudoers/log_client.c:400 +#: plugins/sudoers/log_client.c:1468 plugins/sudoers/log_client.c:2070 msgid "error in event loop" msgstr "помилка у циклі обробки подій" -#: plugins/sudoers/log_client.c:193 +#: plugins/sudoers/log_client.c:200 #, c-format msgid "Creation of new SSL_CTX object failed: %s" msgstr "Не вдалося створити об'єкт SSL_CTX: %s" -#: plugins/sudoers/log_client.c:345 plugins/sudoers/log_client.c:350 +#: plugins/sudoers/log_client.c:223 +#, c-format +msgid "unable to load certificate authority bundle %s" +msgstr "не вдалося завантажити комплект служби сертифікації %s" + +#: plugins/sudoers/log_client.c:243 +#, c-format +msgid "unable to load certificate %s" +msgstr "не вдалося завантажити сертифікат %s" + +#: plugins/sudoers/log_client.c:256 +#, c-format +msgid "unable to load private key %s" +msgstr "не вдалося завантажити закритий ключ %s" + +#: plugins/sudoers/log_client.c:265 +#, c-format +msgid "Unable to allocate ssl object: %s" +msgstr "Не вдалося розмістити об'єкт SSL у пам'яті: %s" + +#: plugins/sudoers/log_client.c:353 plugins/sudoers/log_client.c:358 #, c-format msgid "TLS connection to %s:%s failed: %s" msgstr "Не вдалося встановити з'єднання TLS із %s:%s: %s" -#: plugins/sudoers/log_client.c:519 +#: plugins/sudoers/log_client.c:531 msgid "TLS initialization was unsuccessful" msgstr "Спроба ініціалізувати TLS завершилася невдало" -#: plugins/sudoers/log_client.c:528 +#: plugins/sudoers/log_client.c:541 msgid "TLS handshake was unsuccessful" msgstr "Спроба узгодити зв'язок TLS завершилася невдало" -#: plugins/sudoers/log_client.c:1202 +#: plugins/sudoers/log_client.c:1239 #, c-format msgid "%s: internal error, invalid exit status %d" msgstr "%s: внутрішня помилка, некоректний стан виходу %d" -#: plugins/sudoers/log_client.c:1738 +#: plugins/sudoers/log_client.c:1608 +msgid "unable to unpack ServerMessage" +msgstr "не вдалося розпакувати ServerMessage" + +#: plugins/sudoers/log_client.c:1763 plugins/sudoers/log_client.c:1787 msgid "lost connection to log server" msgstr "втрачено зв’язок з сервером журналу" -#: plugins/sudoers/log_client.c:1815 +#: plugins/sudoers/log_client.c:1864 msgid "missing write buffer" msgstr "не вказано буфер запису" -#: plugins/sudoers/log_client.c:1964 +#: plugins/sudoers/log_client.c:2011 msgid "unable to connect to log server" msgstr "не вдалося встановити з'єднання із сервером журналу" -#: plugins/sudoers/logging.c:244 +#: plugins/sudoers/logging.c:286 msgid "user NOT in sudoers" msgstr "користувача немає у списку sudoers" -#: plugins/sudoers/logging.c:246 +#: plugins/sudoers/logging.c:288 msgid "user NOT authorized on host" msgstr "користувача не уповноважено на дії на вузлі" -#: plugins/sudoers/logging.c:248 +#: plugins/sudoers/logging.c:290 msgid "command not allowed" msgstr "виконання команди заборонено" -#: plugins/sudoers/logging.c:269 +#: plugins/sudoers/logging.c:311 #, c-format msgid "%s is not in the sudoers file. This incident will be reported.\n" msgstr "%s немає у файлі sudoers. Запис про подію додано до звіту.\n" -#: plugins/sudoers/logging.c:272 +#: plugins/sudoers/logging.c:314 #, c-format msgid "%s is not allowed to run sudo on %s. This incident will be reported.\n" msgstr "%s заборонено виконувати sudo на %s. Запис про подію додано до звіту.\n" -#: plugins/sudoers/logging.c:276 +#: plugins/sudoers/logging.c:318 #, c-format msgid "Sorry, user %s may not run sudo on %s.\n" msgstr "Вибачте, користувач %s не має права виконувати sudo на %s.\n" -#: plugins/sudoers/logging.c:279 +#: plugins/sudoers/logging.c:321 #, c-format msgid "Sorry, user %s is not allowed to execute '%s%s%s' as %s%s%s on %s.\n" msgstr "Вибачте, користувач %s не має права виконувати «%s%s%s» від імені %s%s%s на %s.\n" -#: plugins/sudoers/logging.c:316 plugins/sudoers/sudoers.c:583 -#: plugins/sudoers/sudoers.c:585 plugins/sudoers/sudoers.c:587 -#: plugins/sudoers/sudoers.c:589 plugins/sudoers/sudoers.c:739 -#: plugins/sudoers/sudoers.c:741 +#: plugins/sudoers/logging.c:358 plugins/sudoers/sudoers.c:629 +#: plugins/sudoers/sudoers.c:631 plugins/sudoers/sudoers.c:633 +#: plugins/sudoers/sudoers.c:635 plugins/sudoers/sudoers.c:785 +#: plugins/sudoers/sudoers.c:787 #, c-format msgid "%s: command not found" msgstr "%s: команду не знайдено" -#: plugins/sudoers/logging.c:318 plugins/sudoers/sudoers.c:579 +#: plugins/sudoers/logging.c:360 plugins/sudoers/sudoers.c:625 #, c-format msgid "" "ignoring \"%s\" found in '.'\n" @@ -2226,7 +2837,7 @@ "пропущено «%s» знайдений у «.»\n" "Скористайтеся командою «sudo ./%s», якщо вам потрібно виконати саме «%s»." -#: plugins/sudoers/logging.c:337 +#: plugins/sudoers/logging.c:379 #, c-format msgid "%u incorrect password attempt" msgid_plural "%u incorrect password attempts" @@ -2235,20 +2846,15 @@ msgstr[2] "%u невдалих спроб введення пароля" msgstr[3] "одна невдала спроба введення пароля" -#: plugins/sudoers/logging.c:393 +#: plugins/sudoers/logging.c:435 msgid "authentication failure" msgstr "помилка під час спроби розпізнавання" -#: plugins/sudoers/logging.c:433 plugins/sudoers/logging.c:453 +#: plugins/sudoers/logging.c:475 plugins/sudoers/logging.c:495 msgid "a password is required" msgstr "слід вказати пароль" -#: plugins/sudoers/logging.c:729 -#, c-format -msgid "unable to open log file: %s" -msgstr "не вдалося відкрити файл журналу: %s" - -#: plugins/sudoers/logging.c:762 +#: plugins/sudoers/logging.c:889 #, c-format msgid "unable to write log file: %s" msgstr "не вдалося виконати запис до файла журналу: %s" @@ -2258,7 +2864,15 @@ msgid "digest for %s (%s) is not in %s form" msgstr "контрольну суму для %s (%s) подано не у формі %s" -#: plugins/sudoers/parse.c:518 +#: plugins/sudoers/parse.c:233 +msgid "SELinux RBAC is not supported when intercept mode is enabled" +msgstr "Якщо увімкнено режим перехоплення, підтримки RBAC SELinux не передбачено" + +#: plugins/sudoers/parse.c:238 +msgid "SELinux RBAC is not supported when the log_subcmds flag is enabled" +msgstr "Якщо увімкнено прапорець log_subcmds, підтримки RBAC SELinux не передбачено" + +#: plugins/sudoers/parse.c:549 #, c-format msgid "" "\n" @@ -2267,7 +2881,7 @@ "\n" "Роль LDAP: %s\n" -#: plugins/sudoers/parse.c:521 +#: plugins/sudoers/parse.c:552 msgid "" "\n" "Sudoers entry:\n" @@ -2275,104 +2889,115 @@ "\n" "Запис sudoers:\n" -#: plugins/sudoers/parse.c:523 +#: plugins/sudoers/parse.c:554 msgid " RunAsUsers: " msgstr " Користувачі для запуску: " -#: plugins/sudoers/parse.c:538 +#: plugins/sudoers/parse.c:569 msgid " RunAsGroups: " msgstr " Групи для запуску: " -#: plugins/sudoers/parse.c:548 +#: plugins/sudoers/parse.c:579 msgid " Options: " msgstr " Параметри: " -#: plugins/sudoers/parse.c:602 +#: plugins/sudoers/parse.c:643 msgid " Commands:\n" msgstr " Команди:\n" -#: plugins/sudoers/parse.c:793 +#: plugins/sudoers/parse.c:834 #, c-format msgid "Matching Defaults entries for %s on %s:\n" msgstr "Відповідність записів Defaults для %s на %s:\n" -#: plugins/sudoers/parse.c:811 +#: plugins/sudoers/parse.c:852 #, c-format msgid "Runas and Command-specific defaults for %s:\n" msgstr "Типові значення для запуску від імені і команд для %s:\n" -#: plugins/sudoers/parse.c:829 +#: plugins/sudoers/parse.c:870 #, c-format msgid "User %s may run the following commands on %s:\n" msgstr "Користувач %s має право виконувати на %s такі команди:\n" -#: plugins/sudoers/parse.c:844 +#: plugins/sudoers/parse.c:885 #, c-format msgid "User %s is not allowed to run sudo on %s.\n" msgstr "Користувач %s не має права виконувати sudo на %s.\n" -#: plugins/sudoers/parse_ldif.c:614 +#: plugins/sudoers/parse_ldif.c:617 #, c-format msgid "ignoring incomplete sudoRole: cn: %s" msgstr "ігноруємо неповний запис sudoRole: cn: %s" -#: plugins/sudoers/parse_ldif.c:674 +#: plugins/sudoers/parse_ldif.c:677 #, c-format msgid "invalid LDIF attribute: %s" msgstr "некоректний атрибут LDIF: %s" -#: plugins/sudoers/policy.c:78 plugins/sudoers/policy.c:102 +#: plugins/sudoers/policy.c:80 plugins/sudoers/policy.c:111 #, c-format msgid "invalid %.*s set by sudo front-end" msgstr "оболонкою sudo встановлено некоректне значення параметра %.*s" -#: plugins/sudoers/policy.c:310 plugins/sudoers/testsudoers.c:272 +#: plugins/sudoers/policy.c:206 plugins/sudoers/policy.c:215 +#, c-format +msgid "path name for \"%s\" too long" +msgstr "назва шляху для «%s» є надто довгою" + +#: plugins/sudoers/policy.c:328 plugins/sudoers/testsudoers.c:268 msgid "unable to parse network address list" msgstr "не вдалося обробити список мережевих адрес" -#: plugins/sudoers/policy.c:455 +#: plugins/sudoers/policy.c:479 msgid "user name not set by sudo front-end" msgstr "ім'я користувача не встановлено за допомогою оболонки sudo" -#: plugins/sudoers/policy.c:459 +#: plugins/sudoers/policy.c:483 msgid "user-ID not set by sudo front-end" msgstr "ідентифікатор користувача не встановлено за допомогою оболонки sudo" -#: plugins/sudoers/policy.c:463 +#: plugins/sudoers/policy.c:487 msgid "group-ID not set by sudo front-end" msgstr "ідентифікатор групи не встановлено за допомогою оболонки sudo" -#: plugins/sudoers/policy.c:467 +#: plugins/sudoers/policy.c:491 msgid "host name not set by sudo front-end" msgstr "назву вузла не встановлено за допомогою оболонки sudo" -#: plugins/sudoers/policy.c:643 +#: plugins/sudoers/policy.c:693 #, c-format msgid "invalid working directory: %s" msgstr "некоректний робочий каталог: %s" -#: plugins/sudoers/policy.c:811 +#: plugins/sudoers/policy.c:869 #, c-format msgid "invalid chroot directory: %s" msgstr "некоректний каталог chroot: %s" -#: plugins/sudoers/policy.c:947 plugins/sudoers/visudo.c:231 -#: plugins/sudoers/visudo.c:860 +#: plugins/sudoers/policy.c:1051 plugins/sudoers/visudo.c:243 +#: plugins/sudoers/visudo.c:880 #, c-format msgid "unable to execute %s" msgstr "не вдалося виконати %s" -#: plugins/sudoers/policy.c:1111 +#: plugins/sudoers/policy.c:1121 plugins/sudoers/policy.c:1158 +#: plugins/sudoers/policy.c:1180 plugins/sudoers/policy.c:1206 +#, c-format +msgid "%s: invalid mode flags from sudo front end: 0x%x" +msgstr "%s: некоректні прапорці режиму від оболонки sudo: 0x%x" + +#: plugins/sudoers/policy.c:1237 #, c-format msgid "Sudoers policy plugin version %s\n" msgstr "Додаток правил sudoers версії %s\n" -#: plugins/sudoers/policy.c:1113 +#: plugins/sudoers/policy.c:1239 #, c-format msgid "Sudoers file grammar version %d\n" msgstr "Граматична перевірка файла sudoers версії %d\n" -#: plugins/sudoers/policy.c:1117 +#: plugins/sudoers/policy.c:1243 #, c-format msgid "" "\n" @@ -2381,132 +3006,137 @@ "\n" "Шлях до sudoers: %s\n" -#: plugins/sudoers/policy.c:1120 +#: plugins/sudoers/policy.c:1246 #, c-format msgid "nsswitch path: %s\n" msgstr "Шлях до nsswitch: %s\n" -#: plugins/sudoers/policy.c:1122 +#: plugins/sudoers/policy.c:1248 #, c-format msgid "ldap.conf path: %s\n" msgstr "Шлях до ldap.conf: %s\n" -#: plugins/sudoers/policy.c:1123 +#: plugins/sudoers/policy.c:1249 #, c-format msgid "ldap.secret path: %s\n" msgstr "Шлях до ldap.secret: %s\n" -#: plugins/sudoers/policy.c:1156 +#: plugins/sudoers/policy.c:1282 #, c-format msgid "unable to register hook of type %d (version %d.%d)" msgstr "неможливо зареєструвати процедуру перехоплення типу %d (версія %d.%d)" -#: plugins/sudoers/pwutil.c:217 plugins/sudoers/pwutil.c:235 +#: plugins/sudoers/policy.c:1300 +#, c-format +msgid "unable to deregister hook of type %d (version %d.%d)" +msgstr "неможливо скасувати реєстрацію процедури перехоплення типу %d (версія %d.%d)" + +#: plugins/sudoers/pwutil.c:222 plugins/sudoers/pwutil.c:240 #, c-format msgid "unable to cache uid %u" msgstr "не вдалося кешувати uid %u" -#: plugins/sudoers/pwutil.c:229 +#: plugins/sudoers/pwutil.c:234 #, c-format msgid "unable to cache uid %u, already exists" msgstr "не вдалося кешувати uid %u, запис вже існує" -#: plugins/sudoers/pwutil.c:289 plugins/sudoers/pwutil.c:307 -#: plugins/sudoers/pwutil.c:370 plugins/sudoers/pwutil.c:415 +#: plugins/sudoers/pwutil.c:294 plugins/sudoers/pwutil.c:312 +#: plugins/sudoers/pwutil.c:375 plugins/sudoers/pwutil.c:420 #, c-format msgid "unable to cache user %s" msgstr "не вдалося кешувати користувача %s" -#: plugins/sudoers/pwutil.c:302 +#: plugins/sudoers/pwutil.c:307 #, c-format msgid "unable to cache user %s, already exists" msgstr "не вдалося кешувати користувача %s, запис вже існує" -#: plugins/sudoers/pwutil.c:534 plugins/sudoers/pwutil.c:552 +#: plugins/sudoers/pwutil.c:539 plugins/sudoers/pwutil.c:557 #, c-format msgid "unable to cache gid %u" msgstr "не вдалося кешувати gid %u" -#: plugins/sudoers/pwutil.c:546 +#: plugins/sudoers/pwutil.c:551 #, c-format msgid "unable to cache gid %u, already exists" msgstr "не вдалося кешувати gid %u, запис вже існує" -#: plugins/sudoers/pwutil.c:599 plugins/sudoers/pwutil.c:617 -#: plugins/sudoers/pwutil.c:665 plugins/sudoers/pwutil.c:707 +#: plugins/sudoers/pwutil.c:605 plugins/sudoers/pwutil.c:623 +#: plugins/sudoers/pwutil.c:684 plugins/sudoers/pwutil.c:733 #, c-format msgid "unable to cache group %s" msgstr "не вдалося кешувати групу %s" -#: plugins/sudoers/pwutil.c:612 +#: plugins/sudoers/pwutil.c:618 #, c-format msgid "unable to cache group %s, already exists" msgstr "не вдалося кешувати групу %s, запис вже існує" -#: plugins/sudoers/pwutil.c:834 plugins/sudoers/pwutil.c:885 -#: plugins/sudoers/pwutil.c:935 plugins/sudoers/pwutil.c:987 +#: plugins/sudoers/pwutil.c:880 plugins/sudoers/pwutil.c:931 +#: plugins/sudoers/pwutil.c:981 plugins/sudoers/pwutil.c:1033 #, c-format msgid "unable to cache group list for %s, already exists" msgstr "не вдалося кешувати список груп %s, запис вже існує" -#: plugins/sudoers/pwutil.c:840 plugins/sudoers/pwutil.c:890 -#: plugins/sudoers/pwutil.c:941 plugins/sudoers/pwutil.c:992 +#: plugins/sudoers/pwutil.c:886 plugins/sudoers/pwutil.c:936 +#: plugins/sudoers/pwutil.c:987 plugins/sudoers/pwutil.c:1038 #, c-format msgid "unable to cache group list for %s" msgstr "не вдалося кешувати список груп %s" -#: plugins/sudoers/pwutil.c:879 +#: plugins/sudoers/pwutil.c:925 #, c-format msgid "unable to parse groups for %s" msgstr "не вдалося обробити записи груп %s" -#: plugins/sudoers/pwutil.c:981 +#: plugins/sudoers/pwutil.c:1027 #, c-format msgid "unable to parse gids for %s" msgstr "не вдалося обробити записи ідентифікаторів груп %s" -#: plugins/sudoers/set_perms.c:114 plugins/sudoers/set_perms.c:441 -#: plugins/sudoers/set_perms.c:844 plugins/sudoers/set_perms.c:1150 -#: plugins/sudoers/set_perms.c:1444 +#: plugins/sudoers/set_perms.c:114 plugins/sudoers/set_perms.c:445 +#: plugins/sudoers/set_perms.c:852 plugins/sudoers/set_perms.c:1162 +#: plugins/sudoers/set_perms.c:1460 msgid "perm stack overflow" msgstr "переповнення стека доступу" -#: plugins/sudoers/set_perms.c:122 plugins/sudoers/set_perms.c:372 -#: plugins/sudoers/set_perms.c:449 plugins/sudoers/set_perms.c:711 -#: plugins/sudoers/set_perms.c:852 plugins/sudoers/set_perms.c:1074 -#: plugins/sudoers/set_perms.c:1158 plugins/sudoers/set_perms.c:1377 -#: plugins/sudoers/set_perms.c:1452 plugins/sudoers/set_perms.c:1542 +#: plugins/sudoers/set_perms.c:125 plugins/sudoers/set_perms.c:376 +#: plugins/sudoers/set_perms.c:456 plugins/sudoers/set_perms.c:719 +#: plugins/sudoers/set_perms.c:863 plugins/sudoers/set_perms.c:1086 +#: plugins/sudoers/set_perms.c:1173 plugins/sudoers/set_perms.c:1393 +#: plugins/sudoers/set_perms.c:1471 plugins/sudoers/set_perms.c:1562 msgid "perm stack underflow" msgstr "вичерпання стека доступу" -#: plugins/sudoers/set_perms.c:181 plugins/sudoers/set_perms.c:495 -#: plugins/sudoers/set_perms.c:1211 plugins/sudoers/set_perms.c:1485 +#: plugins/sudoers/set_perms.c:185 plugins/sudoers/set_perms.c:503 +#: plugins/sudoers/set_perms.c:1227 plugins/sudoers/set_perms.c:1505 msgid "unable to change to root gid" msgstr "не вдалося змінити ідентифікатор групи (gid) root" -#: plugins/sudoers/set_perms.c:272 plugins/sudoers/set_perms.c:592 -#: plugins/sudoers/set_perms.c:983 plugins/sudoers/set_perms.c:1288 +#: plugins/sudoers/set_perms.c:276 plugins/sudoers/set_perms.c:600 +#: plugins/sudoers/set_perms.c:995 plugins/sudoers/set_perms.c:1304 msgid "unable to change to runas gid" msgstr "не вдалося змінити gid на runas" -#: plugins/sudoers/set_perms.c:277 plugins/sudoers/set_perms.c:597 -#: plugins/sudoers/set_perms.c:988 plugins/sudoers/set_perms.c:1293 +#: plugins/sudoers/set_perms.c:281 plugins/sudoers/set_perms.c:605 +#: plugins/sudoers/set_perms.c:1000 plugins/sudoers/set_perms.c:1309 msgid "unable to set runas group vector" msgstr "не вдалося встановити вектор групи виконання" -#: plugins/sudoers/set_perms.c:288 plugins/sudoers/set_perms.c:608 -#: plugins/sudoers/set_perms.c:997 plugins/sudoers/set_perms.c:1302 +#: plugins/sudoers/set_perms.c:292 plugins/sudoers/set_perms.c:616 +#: plugins/sudoers/set_perms.c:1009 plugins/sudoers/set_perms.c:1318 msgid "unable to change to runas uid" msgstr "не вдалося змінити uid на runas" -#: plugins/sudoers/set_perms.c:306 plugins/sudoers/set_perms.c:626 -#: plugins/sudoers/set_perms.c:1013 plugins/sudoers/set_perms.c:1318 +#: plugins/sudoers/set_perms.c:310 plugins/sudoers/set_perms.c:634 +#: plugins/sudoers/set_perms.c:1025 plugins/sudoers/set_perms.c:1334 msgid "unable to change to sudoers gid" msgstr "не вдалося змінити gid на sudoers" -#: plugins/sudoers/set_perms.c:359 plugins/sudoers/set_perms.c:698 -#: plugins/sudoers/set_perms.c:1061 plugins/sudoers/set_perms.c:1364 -#: plugins/sudoers/set_perms.c:1529 +#: plugins/sudoers/set_perms.c:363 plugins/sudoers/set_perms.c:706 +#: plugins/sudoers/set_perms.c:1073 plugins/sudoers/set_perms.c:1380 +#: plugins/sudoers/set_perms.c:1549 msgid "too many processes" msgstr "забагато процесів" @@ -2524,259 +3154,273 @@ msgid "truncated audit path argv[0]: %s" msgstr "обрізаний шлях аудиту argv[0]: %s" -#: plugins/sudoers/sssd.c:572 +#: plugins/sudoers/sssd.c:569 msgid "unable to initialize SSS source. Is SSSD installed on your machine?" msgstr "Не вдалося ініціалізувати джерело SSS. Чи встановлено у вашій системі SSSD?" -#: plugins/sudoers/sssd.c:580 plugins/sudoers/sssd.c:589 -#: plugins/sudoers/sssd.c:598 plugins/sudoers/sssd.c:607 -#: plugins/sudoers/sssd.c:616 +#: plugins/sudoers/sssd.c:577 plugins/sudoers/sssd.c:586 +#: plugins/sudoers/sssd.c:595 plugins/sudoers/sssd.c:604 +#: plugins/sudoers/sssd.c:613 #, c-format msgid "unable to find symbol \"%s\" in %s" msgstr "не вдалося знайти символ «%s» у %s" -#: plugins/sudoers/sudoers.c:214 plugins/sudoers/sudoers.c:1010 +#: plugins/sudoers/sudoers.c:166 plugins/sudoers/sudoers.c:174 +#: plugins/sudoers/sudoers.c:228 plugins/sudoers/sudoers.c:249 +#: plugins/sudoers/sudoers.c:1049 msgid "problem with defaults entries" msgstr "проблема з типовими записами" -#: plugins/sudoers/sudoers.c:218 +#: plugins/sudoers/sudoers.c:253 msgid "no valid sudoers sources found, quitting" msgstr "не знайдено коректних джерел даних sudoers, завершення роботи" -#: plugins/sudoers/sudoers.c:292 +#: plugins/sudoers/sudoers.c:327 #, c-format msgid "user not allowed to change root directory to %s" msgstr "користувачеві заборонено змінювати кореневий каталог на %s" -#: plugins/sudoers/sudoers.c:294 +#: plugins/sudoers/sudoers.c:329 #, c-format msgid "you are not permitted to use the -R option with %s" msgstr "вам не дозволено використовувати параметр -R з %s" -#: plugins/sudoers/sudoers.c:319 +#: plugins/sudoers/sudoers.c:354 #, c-format msgid "user not allowed to change directory to %s" msgstr "користувачеві заборонено змінювати каталог на %s" -#: plugins/sudoers/sudoers.c:320 +#: plugins/sudoers/sudoers.c:355 #, c-format msgid "you are not permitted to use the -D option with %s" msgstr "вам не дозволено використовувати параметр -D з %s" -#: plugins/sudoers/sudoers.c:351 +#: plugins/sudoers/sudoers.c:382 +msgid "no command specified" +msgstr "не вказано команду" + +#: plugins/sudoers/sudoers.c:407 msgid "sudoers specifies that root is not allowed to sudo" msgstr "sudoers вказує, що sudo не можна користуватися для виконання команд від root" -#: plugins/sudoers/sudoers.c:411 +#: plugins/sudoers/sudoers.c:457 msgid "user not allowed to override closefrom limit" msgstr "користувачеві заборонено перевизначати обмеження closefrom" -#: plugins/sudoers/sudoers.c:412 +#: plugins/sudoers/sudoers.c:458 msgid "you are not permitted to use the -C option" msgstr "вам не дозволено використовувати параметр -C" -#: plugins/sudoers/sudoers.c:472 +#: plugins/sudoers/sudoers.c:518 #, c-format msgid "timestamp owner (%s): No such user" msgstr "власник часового штампа (%s): не знайдено користувача з таким іменем" -#: plugins/sudoers/sudoers.c:487 +#: plugins/sudoers/sudoers.c:533 msgid "no tty" msgstr "немає tty" -#: plugins/sudoers/sudoers.c:488 +#: plugins/sudoers/sudoers.c:534 msgid "sorry, you must have a tty to run sudo" msgstr "вибачте, для виконання sudo вашому користувачеві потрібен tty" -#: plugins/sudoers/sudoers.c:495 +#: plugins/sudoers/sudoers.c:541 #, c-format msgid "invalid shell for user %s: %s" msgstr "некоректний запис оболонки для користувача %s: %s" -#: plugins/sudoers/sudoers.c:578 +#: plugins/sudoers/sudoers.c:624 msgid "command in current directory" msgstr "команда у поточному каталозі" -#: plugins/sudoers/sudoers.c:597 +#: plugins/sudoers/sudoers.c:639 +msgid "\"cd\" is a shell built-in command, it cannot be run directly." +msgstr "«cd» є вбудованою командою оболонки, її не може бути запущено безпосередньо." + +#: plugins/sudoers/sudoers.c:641 +msgid "the -s option may be used to run a privileged shell." +msgstr "параметр -s може бути використано для запуску привілейованої оболонки." + +#: plugins/sudoers/sudoers.c:643 +msgid "the -D option may be used to run a command in a specific directory." +msgstr "параметр -D може бути використано для запуску команди у вказаному каталозі." + +#: plugins/sudoers/sudoers.c:652 msgid "user not allowed to set a command timeout" msgstr "користувачеві заборонено встановлювати час очікування на виконання команди" -#: plugins/sudoers/sudoers.c:599 +#: plugins/sudoers/sudoers.c:654 msgid "sorry, you are not allowed set a command timeout" msgstr "вибачте, вам не дозволено встановлювати час очікування на виконання команди" -#: plugins/sudoers/sudoers.c:607 +#: plugins/sudoers/sudoers.c:662 msgid "user not allowed to preserve the environment" msgstr "користувачеві заборонено зберігати середовище" -#: plugins/sudoers/sudoers.c:609 +#: plugins/sudoers/sudoers.c:664 msgid "sorry, you are not allowed to preserve the environment" msgstr "вибачте, вам не дозволено зберігати середовище" -#: plugins/sudoers/sudoers.c:945 -msgid "command too long" -msgstr "надто довга команда" - -#: plugins/sudoers/sudoers.c:1003 +#: plugins/sudoers/sudoers.c:1037 msgid "sudoedit doesn't need to be run via sudo" msgstr "Немає потреби у запуску sudoedit за допомогою sudo" -#: plugins/sudoers/sudoers.c:1057 plugins/sudoers/sudoreplay.c:1547 +#: plugins/sudoers/sudoers.c:1096 plugins/sudoers/sudoreplay.c:1578 #: plugins/sudoers/tsdump.c:138 #, c-format msgid "unable to read %s" msgstr "не вдалося прочитати %s" -#: plugins/sudoers/sudoers.c:1082 plugins/sudoers/visudo.c:432 -#: plugins/sudoers/visudo.c:726 +#: plugins/sudoers/sudoers.c:1121 plugins/sudoers/visudo.c:449 +#: plugins/sudoers/visudo.c:748 #, c-format msgid "unable to stat %s" msgstr "не вдалося виконати stat для %s" -#: plugins/sudoers/sudoers.c:1086 plugins/sudoers/visudo.c:1018 +#: plugins/sudoers/sudoers.c:1125 plugins/sudoers/visudo.c:1045 #, c-format msgid "%s is not a regular file" msgstr "%s не є звичайним файлом" -#: plugins/sudoers/sudoers.c:1090 plugins/sudoers/timestamp.c:252 toke.l:1112 +#: plugins/sudoers/sudoers.c:1129 plugins/sudoers/timestamp.c:252 toke.l:1168 #, c-format msgid "%s is owned by uid %u, should be %u" msgstr "%s належить uid %u, має належати %u" -#: plugins/sudoers/sudoers.c:1094 toke.l:1117 +#: plugins/sudoers/sudoers.c:1133 toke.l:1173 #, c-format msgid "%s is world writable" msgstr "Запис до «%s» можливий для довільного користувача" -#: plugins/sudoers/sudoers.c:1098 toke.l:1120 +#: plugins/sudoers/sudoers.c:1137 toke.l:1176 #, c-format msgid "%s is owned by gid %u, should be %u" msgstr "%s належить gid %u, має належати %u" -#: plugins/sudoers/sudoers.c:1131 +#: plugins/sudoers/sudoers.c:1170 #, c-format msgid "only root can use \"-c %s\"" msgstr "використовувати «-c %s» може лише root" -#: plugins/sudoers/sudoers.c:1150 +#: plugins/sudoers/sudoers.c:1189 #, c-format -msgid "unknown login class: %s" -msgstr "невідомий клас входу: %s" +msgid "unknown login class %s" +msgstr "невідомий клас входу %s" -#: plugins/sudoers/sudoers.c:1235 plugins/sudoers/sudoers.c:1250 +#: plugins/sudoers/sudoers.c:1275 plugins/sudoers/sudoers.c:1290 #, c-format msgid "unable to resolve host %s" msgstr "не вдалося визначити адресу вузла %s" -#: plugins/sudoers/sudoreplay.c:257 +#: plugins/sudoers/sudoreplay.c:259 #, c-format msgid "invalid filter option: %s" msgstr "некоректний параметр фільтрування: %s" -#: plugins/sudoers/sudoreplay.c:273 +#: plugins/sudoers/sudoreplay.c:275 #, c-format msgid "invalid max wait: %s" msgstr "некоректне значення макс. очікування: %s" -#: plugins/sudoers/sudoreplay.c:296 +#: plugins/sudoers/sudoreplay.c:298 #, c-format msgid "invalid speed factor: %s" msgstr "некоректний коефіцієнт швидкості: %s" -#: plugins/sudoers/sudoreplay.c:332 +#: plugins/sudoers/sudoreplay.c:333 +#, c-format +msgid "invalid time offset %s" +msgstr "некоректний зсув часу %s" + +#: plugins/sudoers/sudoreplay.c:342 #, c-format msgid "%s/%.2s/%.2s/%.2s: %s" msgstr "%s/%.2s/%.2s/%.2s: %s" -#: plugins/sudoers/sudoreplay.c:337 +#: plugins/sudoers/sudoreplay.c:347 #, c-format msgid "%s/timing: %s" msgstr "%s/розклад за часом: %s" -#: plugins/sudoers/sudoreplay.c:341 -#, c-format -msgid "%s/%s: %s" -msgstr "%s/%s: %s" - -#: plugins/sudoers/sudoreplay.c:365 +#: plugins/sudoers/sudoreplay.c:375 #, c-format msgid "Replaying sudo session: %s" msgstr "Відтворення сеансу sudo: %s" -#: plugins/sudoers/sudoreplay.c:627 +#: plugins/sudoers/sudoreplay.c:637 msgid "unable to set tty to raw mode" msgstr "не вдалося перевести tty у режим без обробки даних" -#: plugins/sudoers/sudoreplay.c:678 +#: plugins/sudoers/sudoreplay.c:688 msgid "Warning: your terminal is too small to properly replay the log.\n" msgstr "Попередження: розміри вашого термінала є замалими для належного показу журналу.\n" -#: plugins/sudoers/sudoreplay.c:679 +#: plugins/sudoers/sudoreplay.c:689 #, c-format msgid "Log geometry is %d x %d, your terminal's geometry is %d x %d." msgstr "Встановлено формат журналу %d x %d, тоді як формат термінала — %d x %d." -#: plugins/sudoers/sudoreplay.c:707 +#: plugins/sudoers/sudoreplay.c:717 msgid "Replay finished, press any key to restore the terminal." msgstr "Відтворення завершено, натисніть будь-яку клавішу, щоб повернутися до термінала." -#: plugins/sudoers/sudoreplay.c:1197 plugins/sudoers/sudoreplay.c:1227 +#: plugins/sudoers/sudoreplay.c:1218 plugins/sudoers/sudoreplay.c:1248 #, c-format msgid "ambiguous expression \"%s\"" msgstr "неоднозначний вираз «%s»" -#: plugins/sudoers/sudoreplay.c:1249 +#: plugins/sudoers/sudoreplay.c:1270 msgid "unmatched ')' in expression" msgstr "зайва дужка, «)», у виразі" -#: plugins/sudoers/sudoreplay.c:1253 +#: plugins/sudoers/sudoreplay.c:1274 #, c-format msgid "unknown search term \"%s\"" msgstr "невідомий ключ пошуку «%s»" -#: plugins/sudoers/sudoreplay.c:1268 +#: plugins/sudoers/sudoreplay.c:1289 #, c-format msgid "%s requires an argument" msgstr "%s потребує визначення аргументу" -#: plugins/sudoers/sudoreplay.c:1271 plugins/sudoers/sudoreplay.c:1523 +#: plugins/sudoers/sudoreplay.c:1292 plugins/sudoers/sudoreplay.c:1554 #, c-format msgid "invalid regular expression: %s" msgstr "некоректний формальний вираз: %s" -#: plugins/sudoers/sudoreplay.c:1276 +#: plugins/sudoers/sudoreplay.c:1297 #, c-format msgid "could not parse date \"%s\"" msgstr "не вдалося обробити дату «%s»" -#: plugins/sudoers/sudoreplay.c:1285 +#: plugins/sudoers/sudoreplay.c:1306 msgid "unmatched '(' in expression" msgstr "зайва дужка, «(», у виразі" -#: plugins/sudoers/sudoreplay.c:1287 +#: plugins/sudoers/sudoreplay.c:1308 msgid "illegal trailing \"or\"" msgstr "помилкове завершальне «or»" -#: plugins/sudoers/sudoreplay.c:1289 +#: plugins/sudoers/sudoreplay.c:1310 msgid "illegal trailing \"!\"" msgstr "помилкове завершальне «!»" -#: plugins/sudoers/sudoreplay.c:1347 +#: plugins/sudoers/sudoreplay.c:1368 #, c-format msgid "unknown search type %d" msgstr "невідомий тип пошуку %d" -#: plugins/sudoers/sudoreplay.c:1614 +#: plugins/sudoers/sudoreplay.c:1645 #, c-format msgid "usage: %s [-hnRS] [-d dir] [-m num] [-s num] ID\n" msgstr "користування: %s [-hnRS] [-d каталог] [-m число] [-s число] ідентифікатор\n" -#: plugins/sudoers/sudoreplay.c:1617 +#: plugins/sudoers/sudoreplay.c:1648 #, c-format msgid "usage: %s [-h] [-d dir] -l [search expression]\n" msgstr "використання: %s [-h] [-d каталог] -l [вираз для пошуку]\n" -#: plugins/sudoers/sudoreplay.c:1626 +#: plugins/sudoers/sudoreplay.c:1657 #, c-format msgid "" "%s - replay sudo session logs\n" @@ -2785,7 +3429,7 @@ "%s — відтворення журналів сеансів sudo\n" "\n" -#: plugins/sudoers/sudoreplay.c:1628 +#: plugins/sudoers/sudoreplay.c:1659 msgid "" "\n" "Options:\n" @@ -2813,11 +3457,11 @@ " -s, --speed=коеф_швидк коефіцієнт прискорення або сповільнення виводу даних\n" " -V, --version показати дані щодо версії і завершити роботу" -#: plugins/sudoers/testsudoers.c:348 +#: plugins/sudoers/testsudoers.c:344 msgid "\thost unmatched" msgstr "\tвідповідника вузла не знайдено" -#: plugins/sudoers/testsudoers.c:351 +#: plugins/sudoers/testsudoers.c:347 msgid "" "\n" "Command allowed" @@ -2825,7 +3469,7 @@ "\n" "Команду дозволено" -#: plugins/sudoers/testsudoers.c:352 +#: plugins/sudoers/testsudoers.c:348 msgid "" "\n" "Command denied" @@ -2833,7 +3477,7 @@ "\n" "Команду заборонено" -#: plugins/sudoers/testsudoers.c:352 +#: plugins/sudoers/testsudoers.c:348 msgid "" "\n" "Command unmatched" @@ -2846,121 +3490,127 @@ msgid "%s is group writable" msgstr "%s доступний до запису учасниками групи" -#: plugins/sudoers/timestamp.c:336 plugins/sudoers/timestamp.c:680 +#: plugins/sudoers/timestamp.c:328 plugins/sudoers/timestamp.c:663 #, c-format msgid "unable to truncate time stamp file to %lld bytes" msgstr "не вдалося обрізати файл часової позначки до %lld байтів" -#: plugins/sudoers/timestamp.c:866 +#: plugins/sudoers/timestamp.c:860 msgid "ignoring time stamp from the future" msgstr "ігноруємо часову позначку з майбутнього" -#: plugins/sudoers/timestamp.c:889 +#: plugins/sudoers/timestamp.c:883 #, c-format msgid "time stamp too far in the future: %20.20s" msgstr "занадто далека часова позначка у майбутньому: %20.20s" -#: plugins/sudoers/timestamp.c:1011 +#: plugins/sudoers/timestamp.c:1005 #, c-format msgid "unable to lock time stamp file %s" msgstr "не вдалося заблокувати файл часової позначки %s" -#: plugins/sudoers/timestamp.c:1055 plugins/sudoers/timestamp.c:1075 +#: plugins/sudoers/timestamp.c:1049 plugins/sudoers/timestamp.c:1069 #, c-format msgid "lecture status path too long: %s/%s" msgstr "шлях до даних щодо стану отримання настанов є занадто довгим: %s/%s" -#: plugins/sudoers/toke_util.c:124 +#: plugins/sudoers/toke_util.c:150 msgid "sudoedit should not be specified with a path" msgstr "sudoedit не слід вказувати разом із шляхом" -#: plugins/sudoers/visudo.c:226 +#: plugins/sudoers/visudo.c:238 msgid "the -x option will be removed in a future release" msgstr "параметр -x буде вилучено у наступному випуску" -#: plugins/sudoers/visudo.c:228 +#: plugins/sudoers/visudo.c:240 msgid "please consider using the cvtsudoers utility instead" msgstr "будь ласка, скористайтеся замість нього програмою cvtsudoers" -#: plugins/sudoers/visudo.c:279 plugins/sudoers/visudo.c:659 +#: plugins/sudoers/visudo.c:292 plugins/sudoers/visudo.c:676 #, c-format msgid "press return to edit %s: " msgstr "натисніть Enter для редагування %s: " -#: plugins/sudoers/visudo.c:340 +#: plugins/sudoers/visudo.c:307 +#, c-format +msgid "contents of edit session left in %s" +msgstr "дані сеансу редагування залишилися у %s" + +#: plugins/sudoers/visudo.c:361 #, c-format msgid "specified editor (%s) doesn't exist" msgstr "вказаного редактора (%s) не існує" -#: plugins/sudoers/visudo.c:342 +#: plugins/sudoers/visudo.c:363 #, c-format msgid "no editor found (editor path = %s)" msgstr "не знайдено жодного редактора (шлях до редактора = %s)" -#: plugins/sudoers/visudo.c:452 plugins/sudoers/visudo.c:460 +#: plugins/sudoers/visudo.c:469 plugins/sudoers/visudo.c:477 msgid "write error" msgstr "помилка запису" -#: plugins/sudoers/visudo.c:506 +#: plugins/sudoers/visudo.c:523 #, c-format msgid "unable to stat temporary file (%s), %s unchanged" msgstr "не вдалося обробити stat файл тимчасових даних (%s), %s не змінено" -#: plugins/sudoers/visudo.c:513 +#: plugins/sudoers/visudo.c:530 #, c-format msgid "zero length temporary file (%s), %s unchanged" msgstr "файл тимчасових даних має нульовий об’єм (%s), %s не змінено" -#: plugins/sudoers/visudo.c:519 +#: plugins/sudoers/visudo.c:536 #, c-format msgid "editor (%s) failed, %s unchanged" msgstr "помилка редактора (%s), %s не змінено" -#: plugins/sudoers/visudo.c:541 +#: plugins/sudoers/visudo.c:558 #, c-format msgid "%s unchanged" msgstr "%s не змінено" -#: plugins/sudoers/visudo.c:598 +#: plugins/sudoers/visudo.c:615 #, c-format msgid "unable to re-open temporary file (%s), %s unchanged." msgstr "не вдалося повторно відкрити файл тимчасових даних (%s), %s не змінено." -#: plugins/sudoers/visudo.c:610 +#: plugins/sudoers/visudo.c:627 #, c-format msgid "unable to parse temporary file (%s), unknown error" msgstr "не вдалося обробити файл тимчасових даних (%s), невідома помилка" -#: plugins/sudoers/visudo.c:648 +#: plugins/sudoers/visudo.c:665 #, c-format msgid "internal error, unable to find %s in list!" msgstr "внутрішня помилка, не вдалося знайти %s у списку!" -#: plugins/sudoers/visudo.c:728 plugins/sudoers/visudo.c:737 +#: plugins/sudoers/visudo.c:722 plugins/sudoers/visudo.c:752 +#: plugins/sudoers/visudo.c:759 #, c-format msgid "unable to set (uid, gid) of %s to (%u, %u)" msgstr "не вдалося встановити (uid, gid) %s у значення (%u, %u)" -#: plugins/sudoers/visudo.c:760 +#: plugins/sudoers/visudo.c:787 #, c-format msgid "%s and %s not on the same file system, using mv to rename" msgstr "%s і %s не перебувають у одній файловій системі, використовуємо mv для перейменування" -#: plugins/sudoers/visudo.c:774 +#: plugins/sudoers/visudo.c:798 #, c-format msgid "command failed: '%s %s %s', %s unchanged" msgstr "помилка команди: «%s %s %s», %s не змінено" -#: plugins/sudoers/visudo.c:784 +#: plugins/sudoers/visudo.c:805 #, c-format msgid "error renaming %s, %s unchanged" msgstr "помилка перейменування %s, %s не змінено" -#: plugins/sudoers/visudo.c:805 +#: plugins/sudoers/visudo.c:825 msgid "What now? " msgstr "А зараз що? " -#: plugins/sudoers/visudo.c:819 +#: plugins/sudoers/visudo.c:839 msgid "" "Options are:\n" " (e)dit sudoers file again\n" @@ -2972,66 +3622,41 @@ " (x) — вийти без внесення змін до файла sudoers\n" " (Q) — вийти зі збереженням файла sudoers (НЕБЕЗПЕЧНО!)\n" -#: plugins/sudoers/visudo.c:865 +#: plugins/sudoers/visudo.c:885 #, c-format msgid "unable to run %s" msgstr "не вдалося виконати %s" -#: plugins/sudoers/visudo.c:895 +#: plugins/sudoers/visudo.c:916 #, c-format msgid "%s: wrong owner (uid, gid) should be (%u, %u)\n" msgstr "%s: помилковий власник (uid, gid), має бути (%u, %u)\n" -#: plugins/sudoers/visudo.c:902 +#: plugins/sudoers/visudo.c:927 #, c-format msgid "%s: bad permissions, should be mode 0%o\n" msgstr "%s: помилкові права доступу, режим доступу має бути 0%o\n" -#: plugins/sudoers/visudo.c:951 plugins/sudoers/visudo.c:958 +#: plugins/sudoers/visudo.c:978 plugins/sudoers/visudo.c:985 #, c-format msgid "%s: parsed OK\n" msgstr "%s: вдала обробка\n" -#: plugins/sudoers/visudo.c:977 +#: plugins/sudoers/visudo.c:1004 #, c-format msgid "%s busy, try again later" msgstr "%s зайнято, повторіть спробу пізніше" -#: plugins/sudoers/visudo.c:980 -#, c-format -msgid "unable to lock %s" -msgstr "не вдалося заблокувати %s" - -#: plugins/sudoers/visudo.c:981 +#: plugins/sudoers/visudo.c:1008 msgid "Edit anyway? [y/N]" msgstr "Редагувати попри усе? [y/N]" -#: plugins/sudoers/visudo.c:1091 -#, c-format -msgid "Error: %s:%d:%d: cycle in %s \"%s\"" -msgstr "Помилка: %s:%d:%d: цикл у %s «%s»" - -#: plugins/sudoers/visudo.c:1092 -#, c-format -msgid "Warning: %s:%d:%d: cycle in %s \"%s\"" -msgstr "Попередження: %s:%d:%d: цикл у %s «%s»" - -#: plugins/sudoers/visudo.c:1096 -#, c-format -msgid "Error: %s:%d:%d: %s \"%s\" referenced but not defined" -msgstr "Помилка: виявлено посилання %s:%d:%d: %s «%s», яке не визначено" - -#: plugins/sudoers/visudo.c:1097 -#, c-format -msgid "Warning: %s:%d:%d: %s \"%s\" referenced but not defined" -msgstr "Попередження: виявлено посилання %s:%d:%d: %s «%s», яке не визначено" - -#: plugins/sudoers/visudo.c:1188 +#: plugins/sudoers/visudo.c:1104 #, c-format msgid "Warning: %s:%d:%d: unused %s \"%s\"" msgstr "Попередження: %s:%d:%d: не використано %s «%s»" -#: plugins/sudoers/visudo.c:1303 +#: plugins/sudoers/visudo.c:1220 #, c-format msgid "" "%s - safely edit the sudoers file\n" @@ -3040,7 +3665,7 @@ "%s — безпечне редагування файла sudoers\n" "\n" -#: plugins/sudoers/visudo.c:1305 +#: plugins/sudoers/visudo.c:1222 msgid "" "\n" "Options:\n" @@ -3060,39 +3685,105 @@ " -s, --strict строга перевірка синтаксису\n" " -V, --version показати дані щодо версії і завершити роботу\n" -#: toke.l:179 +#: toke.l:187 msgid "empty string" msgstr "порожній рядок" -#: toke.l:189 toke.l:491 +#: toke.l:199 toke.l:513 msgid "empty group" msgstr "порожня група" -#: toke.l:197 toke.l:489 +#: toke.l:209 toke.l:511 msgid "empty netgroup" msgstr "порожня мережева група" -#: toke.l:293 toke.l:305 toke.l:317 toke.l:333 toke.l:352 toke.l:392 +#: toke.l:305 toke.l:317 toke.l:329 toke.l:345 toke.l:364 toke.l:404 msgid "invalid line continuation" msgstr "некоректне продовження рядка" -#: toke.l:528 toke.l:540 +#: toke.l:550 toke.l:562 msgid "invalid IPv6 address" msgstr "некоректна адреса IPv6" -#: toke.l:764 +#: toke.l:789 msgid "unexpected line break in string" msgstr "неочікуваний розрив рядків у рядку" -#: toke.l:1084 +#: toke.l:1139 msgid "too many levels of includes" msgstr "занадто високий рівень вкладеності" +#~ msgid "%s: write buffer already in use" +#~ msgstr "%s: буфер запису вже використовується" + +#~ msgid "unable to read diffie-hellman parameters: %s" +#~ msgstr "не вдалося прочитати параметри Діфі-Гелмана: %s" + +#~ msgid "unknown defaults entry \"%s\"" +#~ msgstr "невідомий запис типових параметрів «%s»" + +#~ msgid "%s:%d unknown key: %s" +#~ msgstr "%s:%d невідомий ключ: %s" + +#~ msgid "unable to get TLS server method: %s" +#~ msgstr "не вдалося отримати спосіб TLS сервера: %s" + +#~ msgid "%s:%u unable to parse \"%s\"" +#~ msgstr "%s:%u не вдалося обробити «%s»" + +#~ msgid "" +#~ "\n" +#~ "Options:\n" +#~ " -f, --file path to configuration file\n" +#~ " -h --help display help message and exit\n" +#~ " -n, --no-fork do not fork, run in the foreground\n" +#~ " -R, --random-drop percent chance connections will drop\n" +#~ " -V, --version display version information and exit\n" +#~ msgstr "" +#~ "\n" +#~ "Параметри:\n" +#~ " -f, --file шлях до файла налаштувань\n" +#~ " -h --help показати довідкове повідомлення і вийти\n" +#~ " -n, --no-fork не відгалужувати, запустити на передньому плані\n" +#~ " -R, --random-drop ймовірність скидання з'єднань у відсотках\n" +#~ " -V, --version вивести дані щодо версії і завершити роботу\n" + +#~ msgid "" +#~ "\n" +#~ "Options:\n" +#~ " --help display help message and exit\n" +#~ " -A, --accept only send an accept event (no I/O)\n" +#~ " -h, --host host to send logs to\n" +#~ " -i, --iolog_id remote ID of I/O log to be resumed\n" +#~ " -p, --port port to use when connecting to host\n" +#~ " -r, --restart restart previous I/O log transfer\n" +#~ " -R, --reject reject the command with the given reason\n" +#~ " -b, --ca-bundle certificate bundle file to verify server's cert against\n" +#~ " -c, --cert certificate file for TLS handshake\n" +#~ " -k, --key private key file\n" +#~ " -n, --no-verify do not verify server certificate\n" +#~ " -t, --test test audit server by sending selected I/O log n times in parallel\n" +#~ " -V, --version display version information and exit\n" +#~ msgstr "" +#~ "\n" +#~ "Параметри:\n" +#~ " --help вивести довідкове повідомлення і завершити роботу\n" +#~ " -A, --accept надсилати лише подію прийняття (без введення-виведення)\n" +#~ " -h, --host вказати вузол для надсилання журналів\n" +#~ " -i, --iolog_id вказати ідентифікатор журналу введення-виведення, яки слід відновити\n" +#~ " -p, --port вказати порт, яким слід скористатися для з'єднання з вузлом\n" +#~ " -r, --restart перезапустити попереднє передавання журналу введення-виведення\n" +#~ " -R, --reject відмовити у виконанні команди із зазначенням вказаної причини\n" +#~ " -b, --ca-bundle вказати файла пакета сертифікатів для перевірки сертифіката сервера\n" +#~ " -c, --cert вказати файл сертифіката для узгодження зв'язку TLS\n" +#~ " -k, --key вказати файл закритого ключа\n" +#~ " -n, --no-verify не перевіряти сертифікат сервера\n" +#~ " -t, --test перевірити сервер аудиту надсиланням вибраного журналу введення-виведення\n" +#~ " паралельно n разів\n" +#~ " -V, --version вивести дані щодо версії і завершити роботу\n" + #~ msgid "Preload the dummy exec functions contained in the sudo_noexec library" #~ msgstr "Попередньо завантажувати фіктивні функції виконання з бібліотеки sudo_noexec" -#~ msgid "unable to lock log file: %s" -#~ msgstr "не вдалося заблокувати файл журналу: %s" - #~ msgid "sudo_ldap_conf_add_ports: port too large" #~ msgstr "sudo_ldap_conf_add_ports: занадто великий номер порту" Binary files /tmp/tmpi0rdlgnl/ugezXHF7Xt/sudo-1.9.5p2/plugins/sudoers/po/zh_CN.mo and /tmp/tmpi0rdlgnl/jboyaHmwzR/sudo-1.9.9/plugins/sudoers/po/zh_CN.mo differ diff -Nru sudo-1.9.5p2/plugins/sudoers/po/zh_CN.po sudo-1.9.9/plugins/sudoers/po/zh_CN.po --- sudo-1.9.5p2/plugins/sudoers/po/zh_CN.po 2020-12-17 01:33:44.000000000 +0000 +++ sudo-1.9.9/plugins/sudoers/po/zh_CN.po 2022-01-27 21:24:22.000000000 +0000 @@ -1,14 +1,14 @@ # Chinese simplified translation for sudoers. # This file is put in the public domain. # Wylmer Wang , 2011-2018 -# Boyuan Yang <073plan@gmail.com>, 2019, 2020. +# Boyuan Yang <073plan@gmail.com>, 2019, 2020, 2021. # msgid "" msgstr "" -"Project-Id-Version: sudoers 1.9.4b1\n" +"Project-Id-Version: sudoers 1.9.9b1\n" "Report-Msgid-Bugs-To: https://bugzilla.sudo.ws\n" -"POT-Creation-Date: 2020-11-14 06:24-0700\n" -"PO-Revision-Date: 2020-11-29 15:59-0500\n" +"POT-Creation-Date: 2021-12-08 10:19-0700\n" +"PO-Revision-Date: 2021-12-10 14:04-0500\n" "Last-Translator: Boyuan Yang <073plan@gmail.com>\n" "Language-Team: Chinese (simplified) \n" "Language: zh_CN\n" @@ -17,9 +17,9 @@ "Content-Transfer-Encoding: 8bit\n" "X-Bugs: Report translation errors to the Language-Team address.\n" "Plural-Forms: nplurals=1; plural=0;\n" -"X-Generator: Poedit 2.4.2\n" +"X-Generator: Poedit 3.0\n" -#: confstr.sh:1 gram.y:1077 +#: confstr.sh:1 gram.y:1201 msgid "syntax error" msgstr "语法错误" @@ -43,857 +43,1311 @@ msgid "Sorry, try again." msgstr "对不起,请重试。" -#: gram.y:220 gram.y:286 gram.y:293 gram.y:300 gram.y:307 gram.y:314 -#: gram.y:334 gram.y:358 gram.y:365 gram.y:372 gram.y:379 gram.y:386 -#: gram.y:455 gram.y:464 gram.y:475 gram.y:510 gram.y:517 gram.y:524 -#: gram.y:531 gram.y:558 gram.y:654 gram.y:661 gram.y:670 gram.y:679 -#: gram.y:696 gram.y:834 gram.y:841 gram.y:849 gram.y:855 gram.y:971 -#: gram.y:978 gram.y:985 gram.y:992 gram.y:999 gram.y:1025 gram.y:1032 -#: gram.y:1039 gram.y:1236 gram.y:1526 lib/eventlog/eventlog.c:280 -#: lib/eventlog/eventlog.c:352 lib/eventlog/eventlog.c:753 -#: lib/eventlog/eventlog.c:817 lib/eventlog/eventlog.c:1062 -#: lib/iolog/iolog_fileio.c:998 lib/iolog/iolog_json.c:120 -#: lib/iolog/iolog_json.c:305 lib/iolog/iolog_json.c:335 -#: lib/iolog/iolog_json.c:457 lib/iolog/iolog_util.c:106 -#: lib/iolog/iolog_util.c:115 lib/iolog/iolog_util.c:125 -#: lib/iolog/iolog_util.c:133 lib/iolog/iolog_util.c:137 -#: lib/iolog/iolog_util.c:196 logsrvd/sendlog.c:480 -#: plugins/sudoers/alias.c:126 plugins/sudoers/alias.c:134 -#: plugins/sudoers/alias.c:153 plugins/sudoers/audit.c:115 -#: plugins/sudoers/audit.c:210 plugins/sudoers/auth/bsdauth.c:143 -#: plugins/sudoers/auth/kerb5.c:118 plugins/sudoers/auth/kerb5.c:144 -#: plugins/sudoers/auth/pam.c:669 plugins/sudoers/auth/rfc1938.c:111 -#: plugins/sudoers/auth/sia.c:59 plugins/sudoers/cvtsudoers.c:119 -#: plugins/sudoers/cvtsudoers.c:160 plugins/sudoers/cvtsudoers.c:177 -#: plugins/sudoers/cvtsudoers.c:188 plugins/sudoers/cvtsudoers.c:300 -#: plugins/sudoers/cvtsudoers.c:428 plugins/sudoers/cvtsudoers.c:561 -#: plugins/sudoers/cvtsudoers.c:578 plugins/sudoers/cvtsudoers.c:641 -#: plugins/sudoers/cvtsudoers.c:756 plugins/sudoers/cvtsudoers.c:764 -#: plugins/sudoers/cvtsudoers.c:1178 plugins/sudoers/cvtsudoers.c:1182 -#: plugins/sudoers/cvtsudoers.c:1284 plugins/sudoers/cvtsudoers_json.c:76 +#: gram.y:233 gram.y:300 gram.y:309 gram.y:318 gram.y:328 gram.y:338 +#: gram.y:362 gram.y:389 gram.y:398 gram.y:406 gram.y:415 gram.y:424 +#: gram.y:498 gram.y:508 gram.y:520 gram.y:564 gram.y:573 gram.y:582 +#: gram.y:591 gram.y:718 gram.y:726 gram.y:737 gram.y:749 gram.y:768 +#: gram.y:923 gram.y:928 gram.y:936 gram.y:950 gram.y:956 gram.y:1078 +#: gram.y:1087 gram.y:1095 gram.y:1104 gram.y:1113 gram.y:1142 gram.y:1151 +#: gram.y:1159 gram.y:1249 gram.y:1377 gram.y:1744 gram.y:1794 +#: lib/eventlog/eventlog.c:309 lib/eventlog/eventlog.c:382 +#: lib/eventlog/eventlog.c:804 lib/eventlog/eventlog.c:881 +#: lib/eventlog/eventlog.c:1176 lib/iolog/iolog_json.c:150 +#: lib/iolog/iolog_json.c:382 lib/iolog/iolog_json.c:412 +#: lib/iolog/iolog_json.c:555 lib/iolog/iolog_legacy.c:100 +#: lib/iolog/iolog_legacy.c:111 lib/iolog/iolog_legacy.c:123 +#: lib/iolog/iolog_legacy.c:133 lib/iolog/iolog_legacy.c:139 +#: lib/iolog/iolog_loginfo.c:76 lib/iolog/iolog_loginfo.c:211 +#: logsrvd/iolog_writer.c:84 logsrvd/iolog_writer.c:89 +#: logsrvd/iolog_writer.c:123 logsrvd/iolog_writer.c:172 +#: logsrvd/iolog_writer.c:212 logsrvd/iolog_writer.c:225 +#: logsrvd/iolog_writer.c:261 logsrvd/iolog_writer.c:286 +#: logsrvd/iolog_writer.c:301 logsrvd/iolog_writer.c:314 +#: logsrvd/iolog_writer.c:327 logsrvd/iolog_writer.c:340 +#: logsrvd/iolog_writer.c:355 logsrvd/iolog_writer.c:393 +#: logsrvd/iolog_writer.c:399 logsrvd/iolog_writer.c:406 +#: logsrvd/iolog_writer.c:412 logsrvd/iolog_writer.c:596 +#: logsrvd/logsrv_util.c:64 logsrvd/logsrvd.c:296 logsrvd/logsrvd.c:305 +#: logsrvd/logsrvd.c:1011 logsrvd/logsrvd.c:1073 logsrvd/logsrvd_conf.c:1360 +#: logsrvd/logsrvd_journal.c:70 logsrvd/logsrvd_journal.c:203 +#: logsrvd/logsrvd_journal.c:204 logsrvd/logsrvd_journal.c:260 +#: logsrvd/logsrvd_journal.c:425 logsrvd/logsrvd_journal.c:427 +#: logsrvd/logsrvd_local.c:174 logsrvd/logsrvd_local.c:175 +#: logsrvd/logsrvd_local.c:237 logsrvd/logsrvd_local.c:238 +#: logsrvd/logsrvd_local.c:376 logsrvd/logsrvd_local.c:425 +#: logsrvd/logsrvd_local.c:426 logsrvd/logsrvd_local.c:431 +#: logsrvd/logsrvd_local.c:432 logsrvd/logsrvd_queue.c:154 +#: logsrvd/logsrvd_queue.c:184 logsrvd/logsrvd_queue.c:261 +#: logsrvd/logsrvd_relay.c:439 logsrvd/logsrvd_relay.c:738 +#: logsrvd/logsrvd_relay.c:843 logsrvd/sendlog.c:246 logsrvd/sendlog.c:255 +#: logsrvd/sendlog.c:333 logsrvd/sendlog.c:640 plugins/sudoers/audit.c:116 +#: plugins/sudoers/auth/bsdauth.c:147 plugins/sudoers/auth/kerb5.c:118 +#: plugins/sudoers/auth/kerb5.c:146 plugins/sudoers/auth/pam.c:689 +#: plugins/sudoers/auth/rfc1938.c:111 plugins/sudoers/auth/sia.c:59 +#: plugins/sudoers/check_aliases.c:134 plugins/sudoers/cvtsudoers.c:131 +#: plugins/sudoers/cvtsudoers.c:175 plugins/sudoers/cvtsudoers.c:192 +#: plugins/sudoers/cvtsudoers.c:203 plugins/sudoers/cvtsudoers.c:333 +#: plugins/sudoers/cvtsudoers.c:372 plugins/sudoers/cvtsudoers.c:392 +#: plugins/sudoers/cvtsudoers.c:534 plugins/sudoers/cvtsudoers.c:667 +#: plugins/sudoers/cvtsudoers.c:685 plugins/sudoers/cvtsudoers.c:755 +#: plugins/sudoers/cvtsudoers.c:870 plugins/sudoers/cvtsudoers.c:878 +#: plugins/sudoers/cvtsudoers.c:1373 plugins/sudoers/cvtsudoers.c:1377 +#: plugins/sudoers/cvtsudoers.c:1479 plugins/sudoers/cvtsudoers_csv.c:183 +#: plugins/sudoers/cvtsudoers_csv.c:246 plugins/sudoers/cvtsudoers_json.c:76 #: plugins/sudoers/cvtsudoers_ldif.c:151 plugins/sudoers/cvtsudoers_ldif.c:194 #: plugins/sudoers/cvtsudoers_ldif.c:235 plugins/sudoers/cvtsudoers_ldif.c:300 -#: plugins/sudoers/cvtsudoers_ldif.c:371 plugins/sudoers/cvtsudoers_ldif.c:421 -#: plugins/sudoers/cvtsudoers_ldif.c:429 plugins/sudoers/cvtsudoers_ldif.c:440 -#: plugins/sudoers/cvtsudoers_ldif.c:447 plugins/sudoers/cvtsudoers_ldif.c:460 -#: plugins/sudoers/cvtsudoers_ldif.c:468 plugins/sudoers/cvtsudoers_ldif.c:615 -#: plugins/sudoers/defaults.c:630 plugins/sudoers/defaults.c:923 -#: plugins/sudoers/defaults.c:1098 plugins/sudoers/editor.c:181 -#: plugins/sudoers/env.c:261 plugins/sudoers/exptilde.c:92 -#: plugins/sudoers/filedigest.c:54 plugins/sudoers/filedigest.c:70 -#: plugins/sudoers/gc.c:56 plugins/sudoers/group_plugin.c:133 -#: plugins/sudoers/interfaces.c:72 plugins/sudoers/iolog.c:596 -#: plugins/sudoers/iolog.c:613 plugins/sudoers/ldap.c:184 -#: plugins/sudoers/ldap.c:422 plugins/sudoers/ldap.c:432 -#: plugins/sudoers/ldap.c:437 plugins/sudoers/ldap.c:441 -#: plugins/sudoers/ldap.c:453 plugins/sudoers/ldap.c:744 -#: plugins/sudoers/ldap.c:908 plugins/sudoers/ldap.c:1281 -#: plugins/sudoers/ldap.c:1709 plugins/sudoers/ldap.c:1746 -#: plugins/sudoers/ldap.c:1827 plugins/sudoers/ldap.c:1962 -#: plugins/sudoers/ldap.c:2063 plugins/sudoers/ldap.c:2079 -#: plugins/sudoers/ldap_conf.c:218 plugins/sudoers/ldap_conf.c:249 -#: plugins/sudoers/ldap_conf.c:301 plugins/sudoers/ldap_conf.c:337 -#: plugins/sudoers/ldap_conf.c:441 plugins/sudoers/ldap_conf.c:456 -#: plugins/sudoers/ldap_conf.c:553 plugins/sudoers/ldap_conf.c:586 -#: plugins/sudoers/ldap_conf.c:678 plugins/sudoers/ldap_conf.c:760 -#: plugins/sudoers/ldap_util.c:326 plugins/sudoers/ldap_util.c:333 -#: plugins/sudoers/ldap_util.c:603 plugins/sudoers/linux_audit.c:84 -#: plugins/sudoers/log_client.c:105 plugins/sudoers/log_client.c:381 -#: plugins/sudoers/log_client.c:688 plugins/sudoers/log_client.c:706 -#: plugins/sudoers/log_client.c:1407 plugins/sudoers/log_client.c:1620 -#: plugins/sudoers/log_client.c:1942 plugins/sudoers/log_client.c:1999 -#: plugins/sudoers/logging.c:100 plugins/sudoers/logging.c:166 -#: plugins/sudoers/logging.c:426 plugins/sudoers/logging.c:446 -#: plugins/sudoers/logging.c:527 plugins/sudoers/match_command.c:281 -#: plugins/sudoers/match_command.c:449 plugins/sudoers/match_command.c:499 -#: plugins/sudoers/match_command.c:573 plugins/sudoers/match_digest.c:93 -#: plugins/sudoers/parse.c:199 plugins/sudoers/parse.c:213 -#: plugins/sudoers/parse.c:230 plugins/sudoers/parse.c:244 -#: plugins/sudoers/parse.c:264 plugins/sudoers/parse.c:275 +#: plugins/sudoers/cvtsudoers_ldif.c:376 plugins/sudoers/cvtsudoers_ldif.c:430 +#: plugins/sudoers/cvtsudoers_ldif.c:438 plugins/sudoers/cvtsudoers_ldif.c:449 +#: plugins/sudoers/cvtsudoers_ldif.c:456 plugins/sudoers/cvtsudoers_ldif.c:469 +#: plugins/sudoers/cvtsudoers_ldif.c:477 plugins/sudoers/cvtsudoers_ldif.c:624 +#: plugins/sudoers/cvtsudoers_merge.c:246 +#: plugins/sudoers/cvtsudoers_merge.c:292 +#: plugins/sudoers/cvtsudoers_merge.c:339 +#: plugins/sudoers/cvtsudoers_merge.c:360 +#: plugins/sudoers/cvtsudoers_merge.c:446 +#: plugins/sudoers/cvtsudoers_merge.c:457 +#: plugins/sudoers/cvtsudoers_merge.c:526 +#: plugins/sudoers/cvtsudoers_merge.c:696 +#: plugins/sudoers/cvtsudoers_merge.c:704 +#: plugins/sudoers/cvtsudoers_merge.c:927 +#: plugins/sudoers/cvtsudoers_merge.c:962 plugins/sudoers/defaults.c:665 +#: plugins/sudoers/defaults.c:1019 plugins/sudoers/defaults.c:1206 +#: plugins/sudoers/editor.c:190 plugins/sudoers/env.c:262 +#: plugins/sudoers/exptilde.c:92 plugins/sudoers/filedigest.c:54 +#: plugins/sudoers/filedigest.c:70 plugins/sudoers/gc.c:57 +#: plugins/sudoers/group_plugin.c:133 plugins/sudoers/interfaces.c:68 +#: plugins/sudoers/iolog.c:609 plugins/sudoers/iolog.c:635 +#: plugins/sudoers/ldap.c:184 plugins/sudoers/ldap.c:422 +#: plugins/sudoers/ldap.c:432 plugins/sudoers/ldap.c:437 +#: plugins/sudoers/ldap.c:441 plugins/sudoers/ldap.c:453 +#: plugins/sudoers/ldap.c:749 plugins/sudoers/ldap.c:913 +#: plugins/sudoers/ldap.c:1286 plugins/sudoers/ldap.c:1712 +#: plugins/sudoers/ldap.c:1749 plugins/sudoers/ldap.c:1830 +#: plugins/sudoers/ldap.c:1965 plugins/sudoers/ldap.c:2066 +#: plugins/sudoers/ldap.c:2082 plugins/sudoers/ldap_conf.c:218 +#: plugins/sudoers/ldap_conf.c:249 plugins/sudoers/ldap_conf.c:301 +#: plugins/sudoers/ldap_conf.c:337 plugins/sudoers/ldap_conf.c:441 +#: plugins/sudoers/ldap_conf.c:456 plugins/sudoers/ldap_conf.c:553 +#: plugins/sudoers/ldap_conf.c:586 plugins/sudoers/ldap_conf.c:678 +#: plugins/sudoers/ldap_conf.c:760 plugins/sudoers/ldap_util.c:293 +#: plugins/sudoers/ldap_util.c:300 plugins/sudoers/ldap_util.c:613 +#: plugins/sudoers/linux_audit.c:86 plugins/sudoers/log_client.c:112 +#: plugins/sudoers/log_client.c:390 plugins/sudoers/log_client.c:703 +#: plugins/sudoers/log_client.c:724 plugins/sudoers/log_client.c:1444 +#: plugins/sudoers/log_client.c:1662 plugins/sudoers/log_client.c:1989 +#: plugins/sudoers/log_client.c:2046 plugins/sudoers/logging.c:104 +#: plugins/sudoers/logging.c:184 plugins/sudoers/logging.c:468 +#: plugins/sudoers/logging.c:488 plugins/sudoers/logging.c:627 +#: plugins/sudoers/match_command.c:297 plugins/sudoers/match_command.c:497 +#: plugins/sudoers/match_command.c:546 plugins/sudoers/match_command.c:618 +#: plugins/sudoers/match_command.c:666 plugins/sudoers/match_digest.c:93 +#: plugins/sudoers/parse.c:201 plugins/sudoers/parse.c:218 +#: plugins/sudoers/parse.c:250 plugins/sudoers/parse.c:267 +#: plugins/sudoers/parse.c:290 plugins/sudoers/parse.c:301 #: plugins/sudoers/parse_ldif.c:153 plugins/sudoers/parse_ldif.c:184 -#: plugins/sudoers/parse_ldif.c:253 plugins/sudoers/parse_ldif.c:260 -#: plugins/sudoers/parse_ldif.c:265 plugins/sudoers/parse_ldif.c:341 -#: plugins/sudoers/parse_ldif.c:352 plugins/sudoers/parse_ldif.c:379 -#: plugins/sudoers/parse_ldif.c:396 plugins/sudoers/parse_ldif.c:408 -#: plugins/sudoers/parse_ldif.c:412 plugins/sudoers/parse_ldif.c:426 -#: plugins/sudoers/parse_ldif.c:594 plugins/sudoers/parse_ldif.c:624 -#: plugins/sudoers/parse_ldif.c:649 plugins/sudoers/parse_ldif.c:707 -#: plugins/sudoers/parse_ldif.c:724 plugins/sudoers/parse_ldif.c:752 -#: plugins/sudoers/parse_ldif.c:759 plugins/sudoers/policy.c:526 -#: plugins/sudoers/policy.c:874 plugins/sudoers/prompt.c:93 -#: plugins/sudoers/pwutil.c:194 plugins/sudoers/pwutil.c:265 -#: plugins/sudoers/pwutil.c:343 plugins/sudoers/pwutil.c:517 -#: plugins/sudoers/pwutil.c:581 plugins/sudoers/pwutil.c:652 -#: plugins/sudoers/pwutil.c:811 plugins/sudoers/pwutil.c:867 -#: plugins/sudoers/pwutil.c:911 plugins/sudoers/pwutil.c:968 -#: plugins/sudoers/sssd.c:145 plugins/sudoers/sssd.c:407 -#: plugins/sudoers/sssd.c:470 plugins/sudoers/sssd.c:514 -#: plugins/sudoers/sssd.c:561 plugins/sudoers/sssd.c:754 -#: plugins/sudoers/stubs.c:110 plugins/sudoers/stubs.c:118 -#: plugins/sudoers/sudoers.c:300 plugins/sudoers/sudoers.c:326 -#: plugins/sudoers/sudoers.c:370 plugins/sudoers/sudoers.c:381 -#: plugins/sudoers/sudoers.c:391 plugins/sudoers/sudoers.c:433 -#: plugins/sudoers/sudoers.c:794 plugins/sudoers/sudoers.c:927 -#: plugins/sudoers/sudoers.c:961 plugins/sudoers/sudoers.c:1265 -#: plugins/sudoers/sudoreplay.c:552 plugins/sudoers/sudoreplay.c:555 -#: plugins/sudoers/sudoreplay.c:1259 plugins/sudoers/sudoreplay.c:1469 -#: plugins/sudoers/sudoreplay.c:1473 plugins/sudoers/testsudoers.c:128 -#: plugins/sudoers/testsudoers.c:228 plugins/sudoers/testsudoers.c:245 -#: plugins/sudoers/testsudoers.c:587 plugins/sudoers/timestamp.c:432 -#: plugins/sudoers/timestamp.c:476 plugins/sudoers/timestamp.c:986 -#: plugins/sudoers/toke_util.c:51 plugins/sudoers/toke_util.c:104 -#: plugins/sudoers/toke_util.c:129 plugins/sudoers/toke_util.c:157 -#: plugins/sudoers/tsdump.c:123 plugins/sudoers/visudo.c:145 -#: plugins/sudoers/visudo.c:323 plugins/sudoers/visudo.c:329 -#: plugins/sudoers/visudo.c:439 plugins/sudoers/visudo.c:615 -#: plugins/sudoers/visudo.c:935 plugins/sudoers/visudo.c:1008 -#: plugins/sudoers/visudo.c:1129 toke.l:913 toke.l:1033 toke.l:1091 +#: plugins/sudoers/parse_ldif.c:253 plugins/sudoers/parse_ldif.c:261 +#: plugins/sudoers/parse_ldif.c:266 plugins/sudoers/parse_ldif.c:342 +#: plugins/sudoers/parse_ldif.c:353 plugins/sudoers/parse_ldif.c:380 +#: plugins/sudoers/parse_ldif.c:397 plugins/sudoers/parse_ldif.c:409 +#: plugins/sudoers/parse_ldif.c:413 plugins/sudoers/parse_ldif.c:427 +#: plugins/sudoers/parse_ldif.c:484 plugins/sudoers/parse_ldif.c:597 +#: plugins/sudoers/parse_ldif.c:627 plugins/sudoers/parse_ldif.c:652 +#: plugins/sudoers/parse_ldif.c:710 plugins/sudoers/parse_ldif.c:727 +#: plugins/sudoers/parse_ldif.c:755 plugins/sudoers/parse_ldif.c:762 +#: plugins/sudoers/policy.c:564 plugins/sudoers/policy.c:978 +#: plugins/sudoers/prompt.c:93 plugins/sudoers/pwutil.c:199 +#: plugins/sudoers/pwutil.c:270 plugins/sudoers/pwutil.c:348 +#: plugins/sudoers/pwutil.c:522 plugins/sudoers/pwutil.c:587 +#: plugins/sudoers/pwutil.c:659 plugins/sudoers/pwutil.c:857 +#: plugins/sudoers/pwutil.c:913 plugins/sudoers/pwutil.c:957 +#: plugins/sudoers/pwutil.c:1014 plugins/sudoers/sssd.c:145 +#: plugins/sudoers/sssd.c:407 plugins/sudoers/sssd.c:470 +#: plugins/sudoers/sssd.c:514 plugins/sudoers/sssd.c:558 +#: plugins/sudoers/sssd.c:751 plugins/sudoers/strvec_join.c:53 +#: plugins/sudoers/stubs.c:111 plugins/sudoers/stubs.c:119 +#: plugins/sudoers/sudoers.c:335 plugins/sudoers/sudoers.c:361 +#: plugins/sudoers/sudoers.c:429 plugins/sudoers/sudoers.c:438 +#: plugins/sudoers/sudoers.c:479 plugins/sudoers/sudoers.c:842 +#: plugins/sudoers/sudoers.c:980 plugins/sudoers/sudoers.c:1039 +#: plugins/sudoers/sudoers.c:1305 plugins/sudoers/sudoreplay.c:562 +#: plugins/sudoers/sudoreplay.c:565 plugins/sudoers/sudoreplay.c:1280 +#: plugins/sudoers/sudoreplay.c:1500 plugins/sudoers/sudoreplay.c:1504 +#: plugins/sudoers/testsudoers.c:120 plugins/sudoers/testsudoers.c:224 +#: plugins/sudoers/testsudoers.c:241 plugins/sudoers/testsudoers.c:580 +#: plugins/sudoers/timestamp.c:424 plugins/sudoers/timestamp.c:468 +#: plugins/sudoers/timestamp.c:980 plugins/sudoers/timestamp.c:1118 +#: plugins/sudoers/toke_util.c:77 plugins/sudoers/toke_util.c:105 +#: plugins/sudoers/toke_util.c:130 plugins/sudoers/toke_util.c:155 +#: plugins/sudoers/toke_util.c:193 plugins/sudoers/tsdump.c:123 +#: plugins/sudoers/visudo.c:145 plugins/sudoers/visudo.c:344 +#: plugins/sudoers/visudo.c:350 plugins/sudoers/visudo.c:456 +#: plugins/sudoers/visudo.c:632 plugins/sudoers/visudo.c:962 +#: plugins/sudoers/visudo.c:1035 toke.l:944 toke.l:1076 toke.l:1147 msgid "unable to allocate memory" msgstr "无法分配内存" -#: gram.y:552 +#: gram.y:615 msgid "a digest requires a path name" msgstr "摘要需要路径参数" -#: gram.y:581 +#: gram.y:637 msgid "values for \"CWD\" must start with a '/', '~', or '*'" msgstr "“CWD”的值必须以“/”、“~”或“*”开头" -#: gram.y:593 +#: gram.y:643 +msgid "\"CWD\" path too long" +msgstr "“CWD”路径过长" + +#: gram.y:653 msgid "values for \"CHROOT\" must start with a '/', '~', or '*'" msgstr "“CHROOT”的值必须以“/”、“~”或“*”开头" -#: gram.y:715 +#: gram.y:659 +msgid "\"CHROOT\" path too long" +msgstr "“CHROOT”路径过长" + +#: gram.y:788 #, c-format msgid "syntax error, reserved word %s used as an alias name" msgstr "语法错误,保留字 %s 被用作别名" -#: gram.y:735 +#: gram.y:811 msgid "invalid notbefore value" msgstr "无效的 notbefore 值" -#: gram.y:743 +#: gram.y:820 msgid "invalid notafter value" msgstr "无效的 notafter 值" -#: gram.y:752 plugins/sudoers/policy.c:335 +#: gram.y:830 plugins/sudoers/policy.c:353 msgid "timeout value too large" msgstr "超时值过大" -#: gram.y:754 plugins/sudoers/policy.c:337 +#: gram.y:832 plugins/sudoers/policy.c:355 msgid "invalid timeout value" msgstr "无效的超时值" -#: gram.y:1079 +#: gram.y:946 plugins/sudoers/sudoers.c:998 +msgid "command too long" +msgstr "命令过长" + +#: gram.y:1203 #, c-format msgid "%s:%d:%d: %s\n" msgstr "%s:%d:%d: %s\n" -#: gram.y:1526 lib/eventlog/eventlog.c:280 lib/eventlog/eventlog.c:753 -#: lib/eventlog/eventlog.c:815 lib/eventlog/eventlog.c:816 -#: lib/eventlog/eventlog.c:1062 lib/iolog/iolog_fileio.c:998 -#: lib/iolog/iolog_json.c:120 lib/iolog/iolog_json.c:304 -#: lib/iolog/iolog_json.c:335 lib/iolog/iolog_json.c:457 -#: lib/iolog/iolog_json.c:735 lib/iolog/iolog_util.c:106 -#: lib/iolog/iolog_util.c:115 lib/iolog/iolog_util.c:125 -#: lib/iolog/iolog_util.c:133 lib/iolog/iolog_util.c:137 -#: lib/iolog/iolog_util.c:196 logsrvd/logsrvd.c:1280 logsrvd/logsrvd.c:1293 -#: logsrvd/logsrvd.c:1338 logsrvd/sendlog.c:480 logsrvd/sendlog.c:1321 -#: logsrvd/sendlog.c:1328 logsrvd/sendlog.c:1746 plugins/sudoers/audit.c:115 -#: plugins/sudoers/audit.c:210 plugins/sudoers/auth/pam.c:482 -#: plugins/sudoers/auth/pam.c:669 plugins/sudoers/auth/rfc1938.c:111 -#: plugins/sudoers/cvtsudoers.c:119 plugins/sudoers/cvtsudoers.c:159 -#: plugins/sudoers/cvtsudoers.c:176 plugins/sudoers/cvtsudoers.c:187 -#: plugins/sudoers/cvtsudoers.c:299 plugins/sudoers/cvtsudoers.c:427 -#: plugins/sudoers/cvtsudoers.c:560 plugins/sudoers/cvtsudoers.c:577 -#: plugins/sudoers/cvtsudoers.c:641 plugins/sudoers/cvtsudoers.c:756 -#: plugins/sudoers/cvtsudoers.c:763 plugins/sudoers/cvtsudoers.c:1178 -#: plugins/sudoers/cvtsudoers.c:1182 plugins/sudoers/cvtsudoers.c:1284 +#: gram.y:1247 +#, c-format +msgid "Alias \"%s\" already defined" +msgstr "别名“%s”已定义过" + +#: gram.y:1744 gram.y:1794 lib/eventlog/eventlog.c:309 +#: lib/eventlog/eventlog.c:804 lib/eventlog/eventlog.c:877 +#: lib/eventlog/eventlog.c:880 lib/eventlog/eventlog.c:1176 +#: lib/iolog/iolog_json.c:150 lib/iolog/iolog_json.c:381 +#: lib/iolog/iolog_json.c:412 lib/iolog/iolog_json.c:555 +#: lib/iolog/iolog_legacy.c:100 lib/iolog/iolog_legacy.c:111 +#: lib/iolog/iolog_legacy.c:123 lib/iolog/iolog_legacy.c:133 +#: lib/iolog/iolog_legacy.c:139 lib/iolog/iolog_loginfo.c:76 +#: lib/iolog/iolog_loginfo.c:211 logsrvd/iolog_writer.c:84 +#: logsrvd/iolog_writer.c:89 logsrvd/iolog_writer.c:123 +#: logsrvd/iolog_writer.c:162 logsrvd/iolog_writer.c:171 +#: logsrvd/iolog_writer.c:189 logsrvd/iolog_writer.c:211 +#: logsrvd/iolog_writer.c:224 logsrvd/iolog_writer.c:251 +#: logsrvd/iolog_writer.c:260 logsrvd/iolog_writer.c:276 +#: logsrvd/iolog_writer.c:285 logsrvd/iolog_writer.c:300 +#: logsrvd/iolog_writer.c:313 logsrvd/iolog_writer.c:326 +#: logsrvd/iolog_writer.c:339 logsrvd/iolog_writer.c:354 +#: logsrvd/iolog_writer.c:393 logsrvd/iolog_writer.c:399 +#: logsrvd/iolog_writer.c:406 logsrvd/iolog_writer.c:412 +#: logsrvd/iolog_writer.c:596 logsrvd/logsrv_util.c:64 logsrvd/logsrvd.c:296 +#: logsrvd/logsrvd.c:305 logsrvd/logsrvd.c:448 logsrvd/logsrvd.c:485 +#: logsrvd/logsrvd.c:593 logsrvd/logsrvd.c:1084 logsrvd/logsrvd.c:1400 +#: logsrvd/logsrvd.c:1406 logsrvd/logsrvd_conf.c:1360 +#: logsrvd/logsrvd_journal.c:70 logsrvd/logsrvd_journal.c:114 +#: logsrvd/logsrvd_journal.c:203 logsrvd/logsrvd_journal.c:233 +#: logsrvd/logsrvd_journal.c:237 logsrvd/logsrvd_journal.c:245 +#: logsrvd/logsrvd_journal.c:268 logsrvd/logsrvd_journal.c:272 +#: logsrvd/logsrvd_journal.c:425 logsrvd/logsrvd_local.c:174 +#: logsrvd/logsrvd_local.c:237 logsrvd/logsrvd_local.c:425 +#: logsrvd/logsrvd_local.c:431 logsrvd/logsrvd_local.c:450 +#: logsrvd/logsrvd_queue.c:153 logsrvd/logsrvd_queue.c:184 +#: logsrvd/logsrvd_queue.c:261 logsrvd/sendlog.c:246 logsrvd/sendlog.c:255 +#: logsrvd/sendlog.c:333 logsrvd/sendlog.c:640 logsrvd/sendlog.c:1526 +#: logsrvd/sendlog.c:1533 logsrvd/sendlog.c:1756 logsrvd/tls_init.c:293 +#: logsrvd/tls_init.c:314 logsrvd/tls_init.c:324 plugins/sudoers/audit.c:116 +#: plugins/sudoers/auth/pam.c:503 plugins/sudoers/auth/pam.c:689 +#: plugins/sudoers/auth/rfc1938.c:111 plugins/sudoers/check_aliases.c:134 +#: plugins/sudoers/cvtsudoers.c:131 plugins/sudoers/cvtsudoers.c:174 +#: plugins/sudoers/cvtsudoers.c:191 plugins/sudoers/cvtsudoers.c:202 +#: plugins/sudoers/cvtsudoers.c:332 plugins/sudoers/cvtsudoers.c:533 +#: plugins/sudoers/cvtsudoers.c:666 plugins/sudoers/cvtsudoers.c:684 +#: plugins/sudoers/cvtsudoers.c:755 plugins/sudoers/cvtsudoers.c:870 +#: plugins/sudoers/cvtsudoers.c:877 plugins/sudoers/cvtsudoers.c:1373 +#: plugins/sudoers/cvtsudoers.c:1377 plugins/sudoers/cvtsudoers.c:1479 +#: plugins/sudoers/cvtsudoers_csv.c:182 plugins/sudoers/cvtsudoers_csv.c:245 #: plugins/sudoers/cvtsudoers_json.c:75 plugins/sudoers/cvtsudoers_ldif.c:150 #: plugins/sudoers/cvtsudoers_ldif.c:193 plugins/sudoers/cvtsudoers_ldif.c:234 -#: plugins/sudoers/cvtsudoers_ldif.c:299 plugins/sudoers/cvtsudoers_ldif.c:370 -#: plugins/sudoers/cvtsudoers_ldif.c:420 plugins/sudoers/cvtsudoers_ldif.c:428 -#: plugins/sudoers/cvtsudoers_ldif.c:439 plugins/sudoers/cvtsudoers_ldif.c:446 -#: plugins/sudoers/cvtsudoers_ldif.c:459 plugins/sudoers/cvtsudoers_ldif.c:467 -#: plugins/sudoers/cvtsudoers_ldif.c:614 plugins/sudoers/defaults.c:630 -#: plugins/sudoers/defaults.c:923 plugins/sudoers/defaults.c:1098 -#: plugins/sudoers/editor.c:181 plugins/sudoers/env.c:261 +#: plugins/sudoers/cvtsudoers_ldif.c:299 plugins/sudoers/cvtsudoers_ldif.c:375 +#: plugins/sudoers/cvtsudoers_ldif.c:429 plugins/sudoers/cvtsudoers_ldif.c:437 +#: plugins/sudoers/cvtsudoers_ldif.c:448 plugins/sudoers/cvtsudoers_ldif.c:455 +#: plugins/sudoers/cvtsudoers_ldif.c:468 plugins/sudoers/cvtsudoers_ldif.c:476 +#: plugins/sudoers/cvtsudoers_ldif.c:623 +#: plugins/sudoers/cvtsudoers_merge.c:246 +#: plugins/sudoers/cvtsudoers_merge.c:292 +#: plugins/sudoers/cvtsudoers_merge.c:338 +#: plugins/sudoers/cvtsudoers_merge.c:359 +#: plugins/sudoers/cvtsudoers_merge.c:446 +#: plugins/sudoers/cvtsudoers_merge.c:454 +#: plugins/sudoers/cvtsudoers_merge.c:457 +#: plugins/sudoers/cvtsudoers_merge.c:523 +#: plugins/sudoers/cvtsudoers_merge.c:526 +#: plugins/sudoers/cvtsudoers_merge.c:695 +#: plugins/sudoers/cvtsudoers_merge.c:703 +#: plugins/sudoers/cvtsudoers_merge.c:926 +#: plugins/sudoers/cvtsudoers_merge.c:962 plugins/sudoers/defaults.c:665 +#: plugins/sudoers/defaults.c:1019 plugins/sudoers/defaults.c:1206 +#: plugins/sudoers/editor.c:190 plugins/sudoers/env.c:262 #: plugins/sudoers/exptilde.c:92 plugins/sudoers/filedigest.c:54 -#: plugins/sudoers/filedigest.c:70 plugins/sudoers/gc.c:56 -#: plugins/sudoers/group_plugin.c:132 plugins/sudoers/interfaces.c:72 -#: plugins/sudoers/iolog.c:596 plugins/sudoers/iolog.c:613 +#: plugins/sudoers/filedigest.c:70 plugins/sudoers/gc.c:57 +#: plugins/sudoers/group_plugin.c:132 plugins/sudoers/interfaces.c:68 +#: plugins/sudoers/iolog.c:609 plugins/sudoers/iolog.c:635 #: plugins/sudoers/ldap.c:184 plugins/sudoers/ldap.c:422 #: plugins/sudoers/ldap.c:432 plugins/sudoers/ldap.c:437 #: plugins/sudoers/ldap.c:441 plugins/sudoers/ldap.c:453 -#: plugins/sudoers/ldap.c:744 plugins/sudoers/ldap.c:908 -#: plugins/sudoers/ldap.c:1281 plugins/sudoers/ldap.c:1709 -#: plugins/sudoers/ldap.c:1746 plugins/sudoers/ldap.c:1827 -#: plugins/sudoers/ldap.c:1962 plugins/sudoers/ldap.c:2063 -#: plugins/sudoers/ldap.c:2079 plugins/sudoers/ldap_conf.c:218 +#: plugins/sudoers/ldap.c:749 plugins/sudoers/ldap.c:913 +#: plugins/sudoers/ldap.c:1286 plugins/sudoers/ldap.c:1712 +#: plugins/sudoers/ldap.c:1749 plugins/sudoers/ldap.c:1830 +#: plugins/sudoers/ldap.c:1965 plugins/sudoers/ldap.c:2066 +#: plugins/sudoers/ldap.c:2082 plugins/sudoers/ldap_conf.c:218 #: plugins/sudoers/ldap_conf.c:249 plugins/sudoers/ldap_conf.c:301 #: plugins/sudoers/ldap_conf.c:337 plugins/sudoers/ldap_conf.c:441 #: plugins/sudoers/ldap_conf.c:456 plugins/sudoers/ldap_conf.c:553 #: plugins/sudoers/ldap_conf.c:586 plugins/sudoers/ldap_conf.c:677 -#: plugins/sudoers/ldap_conf.c:760 plugins/sudoers/ldap_util.c:325 -#: plugins/sudoers/ldap_util.c:332 plugins/sudoers/ldap_util.c:603 -#: plugins/sudoers/linux_audit.c:84 plugins/sudoers/log_client.c:105 -#: plugins/sudoers/log_client.c:214 plugins/sudoers/log_client.c:235 -#: plugins/sudoers/log_client.c:248 plugins/sudoers/log_client.c:381 -#: plugins/sudoers/log_client.c:688 plugins/sudoers/log_client.c:706 -#: plugins/sudoers/log_client.c:1407 plugins/sudoers/log_client.c:1620 -#: plugins/sudoers/log_client.c:1942 plugins/sudoers/log_client.c:1999 -#: plugins/sudoers/logging.c:100 plugins/sudoers/logging.c:165 -#: plugins/sudoers/logging.c:166 plugins/sudoers/logging.c:425 -#: plugins/sudoers/logging.c:445 plugins/sudoers/logging.c:527 -#: plugins/sudoers/match_command.c:280 plugins/sudoers/match_command.c:448 -#: plugins/sudoers/match_command.c:498 plugins/sudoers/match_command.c:573 -#: plugins/sudoers/match_digest.c:93 plugins/sudoers/parse.c:198 -#: plugins/sudoers/parse.c:212 plugins/sudoers/parse.c:229 -#: plugins/sudoers/parse.c:243 plugins/sudoers/parse.c:263 -#: plugins/sudoers/parse.c:274 plugins/sudoers/parse_ldif.c:152 -#: plugins/sudoers/parse_ldif.c:183 plugins/sudoers/parse_ldif.c:252 -#: plugins/sudoers/parse_ldif.c:259 plugins/sudoers/parse_ldif.c:264 -#: plugins/sudoers/parse_ldif.c:340 plugins/sudoers/parse_ldif.c:351 -#: plugins/sudoers/parse_ldif.c:378 plugins/sudoers/parse_ldif.c:395 -#: plugins/sudoers/parse_ldif.c:407 plugins/sudoers/parse_ldif.c:411 -#: plugins/sudoers/parse_ldif.c:425 plugins/sudoers/parse_ldif.c:594 -#: plugins/sudoers/parse_ldif.c:623 plugins/sudoers/parse_ldif.c:648 -#: plugins/sudoers/parse_ldif.c:706 plugins/sudoers/parse_ldif.c:723 -#: plugins/sudoers/parse_ldif.c:751 plugins/sudoers/parse_ldif.c:758 -#: plugins/sudoers/policy.c:139 plugins/sudoers/policy.c:148 -#: plugins/sudoers/policy.c:157 plugins/sudoers/policy.c:183 -#: plugins/sudoers/policy.c:320 plugins/sudoers/policy.c:335 -#: plugins/sudoers/policy.c:337 plugins/sudoers/policy.c:366 -#: plugins/sudoers/policy.c:375 plugins/sudoers/policy.c:418 -#: plugins/sudoers/policy.c:428 plugins/sudoers/policy.c:437 -#: plugins/sudoers/policy.c:446 plugins/sudoers/policy.c:526 -#: plugins/sudoers/policy.c:874 plugins/sudoers/prompt.c:93 -#: plugins/sudoers/pwutil.c:194 plugins/sudoers/pwutil.c:265 -#: plugins/sudoers/pwutil.c:343 plugins/sudoers/pwutil.c:517 -#: plugins/sudoers/pwutil.c:581 plugins/sudoers/pwutil.c:652 -#: plugins/sudoers/pwutil.c:811 plugins/sudoers/pwutil.c:867 -#: plugins/sudoers/pwutil.c:911 plugins/sudoers/pwutil.c:968 -#: plugins/sudoers/set_perms.c:359 plugins/sudoers/set_perms.c:698 -#: plugins/sudoers/set_perms.c:1061 plugins/sudoers/set_perms.c:1364 -#: plugins/sudoers/set_perms.c:1529 plugins/sudoers/sssd.c:144 +#: plugins/sudoers/ldap_conf.c:760 plugins/sudoers/ldap_util.c:292 +#: plugins/sudoers/ldap_util.c:299 plugins/sudoers/ldap_util.c:613 +#: plugins/sudoers/linux_audit.c:86 plugins/sudoers/log_client.c:112 +#: plugins/sudoers/log_client.c:221 plugins/sudoers/log_client.c:242 +#: plugins/sudoers/log_client.c:255 plugins/sudoers/log_client.c:390 +#: plugins/sudoers/log_client.c:703 plugins/sudoers/log_client.c:724 +#: plugins/sudoers/log_client.c:1444 plugins/sudoers/log_client.c:1662 +#: plugins/sudoers/log_client.c:1989 plugins/sudoers/log_client.c:2046 +#: plugins/sudoers/logging.c:104 plugins/sudoers/logging.c:183 +#: plugins/sudoers/logging.c:184 plugins/sudoers/logging.c:467 +#: plugins/sudoers/logging.c:487 plugins/sudoers/logging.c:627 +#: plugins/sudoers/match_command.c:296 plugins/sudoers/match_command.c:496 +#: plugins/sudoers/match_command.c:545 plugins/sudoers/match_command.c:618 +#: plugins/sudoers/match_command.c:665 plugins/sudoers/match_digest.c:93 +#: plugins/sudoers/parse.c:200 plugins/sudoers/parse.c:217 +#: plugins/sudoers/parse.c:249 plugins/sudoers/parse.c:266 +#: plugins/sudoers/parse.c:289 plugins/sudoers/parse.c:300 +#: plugins/sudoers/parse_ldif.c:152 plugins/sudoers/parse_ldif.c:183 +#: plugins/sudoers/parse_ldif.c:252 plugins/sudoers/parse_ldif.c:260 +#: plugins/sudoers/parse_ldif.c:265 plugins/sudoers/parse_ldif.c:341 +#: plugins/sudoers/parse_ldif.c:352 plugins/sudoers/parse_ldif.c:379 +#: plugins/sudoers/parse_ldif.c:396 plugins/sudoers/parse_ldif.c:408 +#: plugins/sudoers/parse_ldif.c:412 plugins/sudoers/parse_ldif.c:426 +#: plugins/sudoers/parse_ldif.c:484 plugins/sudoers/parse_ldif.c:597 +#: plugins/sudoers/parse_ldif.c:626 plugins/sudoers/parse_ldif.c:651 +#: plugins/sudoers/parse_ldif.c:709 plugins/sudoers/parse_ldif.c:726 +#: plugins/sudoers/parse_ldif.c:754 plugins/sudoers/parse_ldif.c:761 +#: plugins/sudoers/policy.c:152 plugins/sudoers/policy.c:161 +#: plugins/sudoers/policy.c:170 plugins/sudoers/policy.c:197 +#: plugins/sudoers/policy.c:338 plugins/sudoers/policy.c:353 +#: plugins/sudoers/policy.c:355 plugins/sudoers/policy.c:385 +#: plugins/sudoers/policy.c:394 plugins/sudoers/policy.c:442 +#: plugins/sudoers/policy.c:452 plugins/sudoers/policy.c:461 +#: plugins/sudoers/policy.c:470 plugins/sudoers/policy.c:564 +#: plugins/sudoers/policy.c:978 plugins/sudoers/prompt.c:93 +#: plugins/sudoers/pwutil.c:199 plugins/sudoers/pwutil.c:270 +#: plugins/sudoers/pwutil.c:348 plugins/sudoers/pwutil.c:522 +#: plugins/sudoers/pwutil.c:587 plugins/sudoers/pwutil.c:659 +#: plugins/sudoers/pwutil.c:857 plugins/sudoers/pwutil.c:913 +#: plugins/sudoers/pwutil.c:957 plugins/sudoers/pwutil.c:1014 +#: plugins/sudoers/set_perms.c:363 plugins/sudoers/set_perms.c:706 +#: plugins/sudoers/set_perms.c:1073 plugins/sudoers/set_perms.c:1380 +#: plugins/sudoers/set_perms.c:1549 plugins/sudoers/sssd.c:144 #: plugins/sudoers/sssd.c:407 plugins/sudoers/sssd.c:470 -#: plugins/sudoers/sssd.c:514 plugins/sudoers/sssd.c:561 -#: plugins/sudoers/sssd.c:754 plugins/sudoers/stubs.c:110 -#: plugins/sudoers/stubs.c:118 plugins/sudoers/sudoers.c:300 -#: plugins/sudoers/sudoers.c:326 plugins/sudoers/sudoers.c:370 -#: plugins/sudoers/sudoers.c:381 plugins/sudoers/sudoers.c:391 -#: plugins/sudoers/sudoers.c:433 plugins/sudoers/sudoers.c:794 -#: plugins/sudoers/sudoers.c:927 plugins/sudoers/sudoers.c:961 -#: plugins/sudoers/sudoers.c:1265 plugins/sudoers/sudoreplay.c:552 -#: plugins/sudoers/sudoreplay.c:555 plugins/sudoers/sudoreplay.c:1259 -#: plugins/sudoers/sudoreplay.c:1469 plugins/sudoers/sudoreplay.c:1473 -#: plugins/sudoers/testsudoers.c:128 plugins/sudoers/testsudoers.c:228 -#: plugins/sudoers/testsudoers.c:245 plugins/sudoers/testsudoers.c:587 -#: plugins/sudoers/timestamp.c:432 plugins/sudoers/timestamp.c:476 -#: plugins/sudoers/timestamp.c:986 plugins/sudoers/toke_util.c:51 -#: plugins/sudoers/toke_util.c:104 plugins/sudoers/toke_util.c:128 -#: plugins/sudoers/toke_util.c:157 plugins/sudoers/tsdump.c:123 -#: plugins/sudoers/visudo.c:145 plugins/sudoers/visudo.c:323 -#: plugins/sudoers/visudo.c:329 plugins/sudoers/visudo.c:439 -#: plugins/sudoers/visudo.c:615 plugins/sudoers/visudo.c:935 -#: plugins/sudoers/visudo.c:1008 plugins/sudoers/visudo.c:1129 toke.l:913 -#: toke.l:1033 toke.l:1091 +#: plugins/sudoers/sssd.c:514 plugins/sudoers/sssd.c:558 +#: plugins/sudoers/sssd.c:751 plugins/sudoers/strvec_join.c:53 +#: plugins/sudoers/stubs.c:111 plugins/sudoers/stubs.c:119 +#: plugins/sudoers/sudoers.c:335 plugins/sudoers/sudoers.c:361 +#: plugins/sudoers/sudoers.c:429 plugins/sudoers/sudoers.c:438 +#: plugins/sudoers/sudoers.c:479 plugins/sudoers/sudoers.c:842 +#: plugins/sudoers/sudoers.c:980 plugins/sudoers/sudoers.c:1039 +#: plugins/sudoers/sudoers.c:1305 plugins/sudoers/sudoreplay.c:562 +#: plugins/sudoers/sudoreplay.c:565 plugins/sudoers/sudoreplay.c:1280 +#: plugins/sudoers/sudoreplay.c:1500 plugins/sudoers/sudoreplay.c:1504 +#: plugins/sudoers/testsudoers.c:120 plugins/sudoers/testsudoers.c:224 +#: plugins/sudoers/testsudoers.c:241 plugins/sudoers/testsudoers.c:580 +#: plugins/sudoers/timestamp.c:424 plugins/sudoers/timestamp.c:468 +#: plugins/sudoers/timestamp.c:980 plugins/sudoers/timestamp.c:1118 +#: plugins/sudoers/toke_util.c:77 plugins/sudoers/toke_util.c:105 +#: plugins/sudoers/toke_util.c:130 plugins/sudoers/toke_util.c:154 +#: plugins/sudoers/toke_util.c:193 plugins/sudoers/tsdump.c:123 +#: plugins/sudoers/visudo.c:145 plugins/sudoers/visudo.c:344 +#: plugins/sudoers/visudo.c:350 plugins/sudoers/visudo.c:456 +#: plugins/sudoers/visudo.c:632 plugins/sudoers/visudo.c:962 +#: plugins/sudoers/visudo.c:1035 toke.l:944 toke.l:1076 toke.l:1139 +#: toke.l:1147 #, c-format msgid "%s: %s" msgstr "%s:%s" -#: lib/eventlog/eventlog.c:285 lib/iolog/iolog_json.c:463 -#: lib/iolog/iolog_json.c:466 lib/iolog/iolog_json.c:468 -#: lib/iolog/iolog_json.c:560 plugins/sudoers/cvtsudoers_ldif.c:244 -#: plugins/sudoers/cvtsudoers_ldif.c:251 plugins/sudoers/cvtsudoers_ldif.c:571 -#: plugins/sudoers/env.c:323 plugins/sudoers/env.c:330 -#: plugins/sudoers/env.c:437 plugins/sudoers/iolog.c:618 -#: plugins/sudoers/ldap.c:517 plugins/sudoers/ldap.c:748 -#: plugins/sudoers/ldap.c:1081 plugins/sudoers/ldap_conf.c:222 -#: plugins/sudoers/ldap_conf.c:312 plugins/sudoers/linux_audit.c:90 -#: plugins/sudoers/policy.c:556 plugins/sudoers/policy.c:711 -#: plugins/sudoers/policy.c:721 plugins/sudoers/prompt.c:161 -#: plugins/sudoers/sudoers.c:983 plugins/sudoers/testsudoers.c:249 -#: plugins/sudoers/toke_util.c:169 +#: lib/eventlog/eventlog.c:314 lib/iolog/iolog_json.c:562 +#: lib/iolog/iolog_json.c:568 lib/iolog/iolog_json.c:574 +#: plugins/sudoers/cvtsudoers_csv.c:192 plugins/sudoers/cvtsudoers_csv.c:199 +#: plugins/sudoers/cvtsudoers_ldif.c:244 plugins/sudoers/cvtsudoers_ldif.c:251 +#: plugins/sudoers/cvtsudoers_ldif.c:580 plugins/sudoers/env.c:326 +#: plugins/sudoers/env.c:333 plugins/sudoers/env.c:444 +#: plugins/sudoers/ldap.c:520 plugins/sudoers/ldap.c:753 +#: plugins/sudoers/ldap.c:1086 plugins/sudoers/ldap_conf.c:222 +#: plugins/sudoers/ldap_conf.c:312 plugins/sudoers/ldap_util.c:485 +#: plugins/sudoers/linux_audit.c:92 plugins/sudoers/policy.c:594 +#: plugins/sudoers/policy.c:763 plugins/sudoers/policy.c:774 +#: plugins/sudoers/prompt.c:168 plugins/sudoers/strvec_join.c:62 +#: plugins/sudoers/testsudoers.c:245 plugins/sudoers/toke_util.c:206 +#: toke.l:908 toke.l:1110 #, c-format msgid "internal error, %s overflow" msgstr "内部错误,%s 溢出" -#: lib/eventlog/eventlog.c:343 +#: lib/eventlog/eventlog.c:373 #, c-format msgid "unable to dup stdin: %m" msgstr "无法 dup stdin:%m" -#: lib/eventlog/eventlog.c:388 +#: lib/eventlog/eventlog.c:415 #, c-format msgid "unable to execute %s: %m" msgstr "无法执行 %s:%m" -#: lib/eventlog/eventlog.c:428 plugins/sudoers/auth/aix_auth.c:198 +#: lib/eventlog/eventlog.c:456 plugins/sudoers/auth/aix_auth.c:198 msgid "unable to fork" msgstr "无法执行 fork" -#: lib/eventlog/eventlog.c:436 lib/eventlog/eventlog.c:490 +#: lib/eventlog/eventlog.c:464 lib/eventlog/eventlog.c:518 #, c-format msgid "unable to fork: %m" msgstr "无法执行 fork:%m" -#: lib/eventlog/eventlog.c:480 +#: lib/eventlog/eventlog.c:508 #, c-format msgid "unable to open pipe: %m" msgstr "无法打开管道:%m" -#: lib/eventlog/eventlog.c:894 +#: lib/eventlog/eventlog.c:1007 #, c-format msgid "%8s : %s" msgstr "%8s:%s" -#: lib/eventlog/eventlog.c:923 +#: lib/eventlog/eventlog.c:1036 #, c-format msgid "%8s : (command continued) %s" msgstr "%8s:(命令继续执行) %s" -#: lib/iolog/iolog_fileio.c:155 -#, c-format -msgid "%s exists but is not a directory (0%o)" -msgstr "%s 存在,但不是目录(0%o)" - -#: lib/iolog/iolog_fileio.c:185 lib/iolog/iolog_fileio.c:231 -#: plugins/sudoers/timestamp.c:205 -#, c-format -msgid "unable to mkdir %s" -msgstr "无法创建目录 %s" - -#: lib/iolog/iolog_fileio.c:235 plugins/sudoers/visudo.c:732 -#: plugins/sudoers/visudo.c:743 -#, c-format -msgid "unable to change mode of %s to 0%o" -msgstr "无法将 %s 的模式更改为 0%o" - -#: lib/iolog/iolog_json.c:114 +#: lib/iolog/iolog_json.c:140 #, c-format msgid "expected JSON_STRING, got %d" msgstr "期望得到 JSON_STRING,但得到了 %d" -#: lib/iolog/iolog_json.c:327 +#: lib/iolog/iolog_json.c:145 +msgid "JSON_ARRAY too large" +msgstr "JSON_ARRAY 过大" + +#: lib/iolog/iolog_json.c:404 msgid "missing double quote in name" msgstr "名称中缺少双引号" -#: lib/iolog/iolog_json.c:414 +#: lib/iolog/iolog_json.c:501 +msgid "missing JSON_OBJECT" +msgstr "缺少 JSON_OBJECT" + +#: lib/iolog/iolog_json.c:505 #, c-format msgid "expected JSON_OBJECT, got %d" msgstr "期望得到 JSON_OBJECT,但得到了 %d" -#: lib/iolog/iolog_json.c:629 lib/iolog/iolog_json.c:753 +#: lib/iolog/iolog_json.c:661 +#, c-format +msgid "json stack exhausted (max %u frames)" +msgstr "json 栈耗尽(最大 %u 帧)" + +#: lib/iolog/iolog_json.c:735 +msgid "objects must consist of name:value pairs" +msgstr "对象必须包含 名称:值 对" + +#: lib/iolog/iolog_json.c:740 lib/iolog/iolog_json.c:771 +#: lib/iolog/iolog_json.c:815 lib/iolog/iolog_json.c:837 +#: lib/iolog/iolog_json.c:859 lib/iolog/iolog_json.c:881 +#: lib/iolog/iolog_json.c:903 +msgid "missing separator between values" +msgstr "值之间缺少分隔符" + +#: lib/iolog/iolog_json.c:755 lib/iolog/iolog_json.c:929 msgid "unmatched close brace" msgstr "不匹配的右括号" -#: lib/iolog/iolog_json.c:638 +#: lib/iolog/iolog_json.c:766 msgid "unexpected array" msgstr "未预期的数组" -#: lib/iolog/iolog_json.c:651 lib/iolog/iolog_json.c:755 +#: lib/iolog/iolog_json.c:786 lib/iolog/iolog_json.c:932 msgid "unmatched close bracket" msgstr "不匹配的右花括号" -#: lib/iolog/iolog_json.c:659 +#: lib/iolog/iolog_json.c:797 msgid "unexpected string" msgstr "未预期的字符串" -#: lib/iolog/iolog_json.c:669 +#: lib/iolog/iolog_json.c:808 msgid "missing colon after name" msgstr "名称后缺少冒号" -#: lib/iolog/iolog_json.c:680 lib/iolog/iolog_json.c:695 -#: lib/iolog/iolog_json.c:710 +#: lib/iolog/iolog_json.c:829 lib/iolog/iolog_json.c:851 msgid "unexpected boolean" msgstr "未预期的布尔值" -#: lib/iolog/iolog_json.c:726 +#: lib/iolog/iolog_json.c:873 +msgid "unexpected null" +msgstr "未预期的 null" + +#: lib/iolog/iolog_json.c:894 msgid "unexpected number" msgstr "未预期的数字" -#: lib/iolog/iolog_json.c:763 -#, c-format -msgid "%s:%u unable to parse \"%s\"" -msgstr "%s:%u 无法解析 \"%s\"" +#: lib/iolog/iolog_json.c:941 +msgid "parse error" +msgstr "解析错误" -#: lib/iolog/iolog_util.c:71 +#: lib/iolog/iolog_legacy.c:65 #, c-format msgid "%s: invalid log file" msgstr "%s:无效的日志文件" -#: lib/iolog/iolog_util.c:89 +#: lib/iolog/iolog_legacy.c:83 #, c-format msgid "%s: time stamp field is missing" msgstr "%s:缺少 时间戳 字段" -#: lib/iolog/iolog_util.c:95 +#: lib/iolog/iolog_legacy.c:89 #, c-format msgid "%s: time stamp %s: %s" msgstr "%s:时间戳 %s:%s" -#: lib/iolog/iolog_util.c:102 +#: lib/iolog/iolog_legacy.c:96 #, c-format msgid "%s: user field is missing" msgstr "%s:缺少 用户 字段" -#: lib/iolog/iolog_util.c:111 +#: lib/iolog/iolog_legacy.c:107 #, c-format msgid "%s: runas user field is missing" msgstr "%s:缺少 runas 用户 字段" -#: lib/iolog/iolog_util.c:120 +#: lib/iolog/iolog_legacy.c:118 #, c-format msgid "%s: runas group field is missing" msgstr "%s:缺少 runas 组 字段" -#: lib/iolog/iolog_util.c:419 +#: lib/iolog/iolog_mkdirs.c:89 +#, c-format +msgid "%s exists but is not a directory (0%o)" +msgstr "%s 存在,但不是目录(0%o)" + +#: lib/iolog/iolog_mkdirs.c:119 lib/iolog/iolog_mkdtemp.c:77 +#: logsrvd/iolog_writer.c:807 plugins/sudoers/timestamp.c:205 +#, c-format +msgid "unable to mkdir %s" +msgstr "无法创建目录 %s" + +#: lib/iolog/iolog_mkdtemp.c:81 plugins/sudoers/visudo.c:731 +#: plugins/sudoers/visudo.c:765 plugins/sudoers/visudo.c:771 +#, c-format +msgid "unable to change mode of %s to 0%o" +msgstr "无法将 %s 的模式更改为 0%o" + +#: lib/iolog/iolog_timing.c:261 #, c-format msgid "error reading timing file: %s" msgstr "读取时序文件出错:%s" -#: lib/iolog/iolog_util.c:426 +#: lib/iolog/iolog_timing.c:268 #, c-format msgid "invalid timing file line: %s" msgstr "无效的时序文件行:%s" -#: logsrvd/iolog_writer.c:919 -msgid "log is already complete, cannot be restarted" -msgstr "日志已完成,无法重新启动" +#: logsrvd/iolog_writer.c:130 plugins/sudoers/logging.c:803 +#: plugins/sudoers/policy.c:544 +msgid "unable to generate UUID" +msgstr "无法生成 UUID" -#: logsrvd/iolog_writer.c:950 -msgid "unable to restart log" -msgstr "无法重新启动 log" +#: logsrvd/iolog_writer.c:158 logsrvd/iolog_writer.c:176 +#: logsrvd/iolog_writer.c:185 logsrvd/iolog_writer.c:203 +#: logsrvd/iolog_writer.c:216 logsrvd/iolog_writer.c:229 +#: logsrvd/iolog_writer.c:240 logsrvd/iolog_writer.c:247 +#: logsrvd/iolog_writer.c:265 logsrvd/iolog_writer.c:272 +#: logsrvd/iolog_writer.c:290 logsrvd/iolog_writer.c:305 +#: logsrvd/iolog_writer.c:318 logsrvd/iolog_writer.c:331 +#: logsrvd/iolog_writer.c:344 logsrvd/iolog_writer.c:359 +#, c-format +msgid "%s: protocol error: wrong type for %s" +msgstr "%s:协议错误:%s 的错误类型" + +#: logsrvd/iolog_writer.c:370 logsrvd/iolog_writer.c:375 +#: logsrvd/iolog_writer.c:380 logsrvd/iolog_writer.c:385 +#, c-format +msgid "%s: protocol error: %s missing from AcceptMessage" +msgstr "%s:协议错误:AcceptMessage 中 %s 缺失" + +#: logsrvd/iolog_writer.c:446 +#, c-format +msgid "%s: unable to format session id" +msgstr "%s:无法格式化会话 id" + +#: logsrvd/iolog_writer.c:460 logsrvd/iolog_writer.c:474 +#: logsrvd/iolog_writer.c:488 logsrvd/iolog_writer.c:503 +#: logsrvd/iolog_writer.c:517 logsrvd/iolog_writer.c:531 +#, c-format +msgid "%s: %s is not set" +msgstr "%s:%s 未设置" + +#: logsrvd/iolog_writer.c:567 logsrvd/iolog_writer.c:574 +#, fuzzy, c-format +#| msgid "unable to open log file: %s" +msgid "unable to expand iolog path %s" +msgstr "无法打开日志文件:%s" + +#: logsrvd/iolog_writer.c:592 +#, c-format +msgid "unable to create iolog path %s" +msgstr "无法创建 iolog 路径 %s" + +#: logsrvd/iolog_writer.c:622 +#, c-format +msgid "invalid iofd %d" +msgstr "无效的 iofd %d" -#: logsrvd/logsrv_util.c:99 logsrvd/logsrv_util.c:106 -#: plugins/sudoers/sudoreplay.c:352 plugins/sudoers/sudoreplay.c:358 +#: logsrvd/iolog_writer.c:642 +#, c-format +msgid "error closing iofd %d: %s" +msgstr "关闭 iofd %d 时出错:%s" + +#: logsrvd/iolog_writer.c:662 +#, fuzzy, c-format +#| msgid "error closing iofd %d: %s" +msgid "error flushing iofd %d: %s" +msgstr "关闭 iofd %d 时出错:%s" + +#: logsrvd/iolog_writer.c:777 +#, c-format +msgid "invalid I/O log %s: %s referenced but not present" +msgstr "无效的 I/O 日志 %s:%s 被引用但不存在" + +#: logsrvd/iolog_writer.c:789 logsrvd/logsrvd_journal.c:377 +#, fuzzy, c-format +#| msgid "unable to find resume point [%lld, %ld] in %s/%s" +msgid "%s: unable to find resume point [%lld, %ld]" +msgstr "无法找到恢复点 [%lld, %ld](在 %s/%s 中)" + +#: logsrvd/iolog_writer.c:811 logsrvd/logsrvd_journal.c:420 +#: logsrvd/logsrvd_queue.c:110 logsrvd/tls_init.c:245 +#: plugins/sudoers/check.c:274 plugins/sudoers/cvtsudoers.c:727 +#: plugins/sudoers/cvtsudoers.c:748 plugins/sudoers/cvtsudoers.c:1439 +#: plugins/sudoers/cvtsudoers_csv.c:681 plugins/sudoers/cvtsudoers_json.c:885 +#: plugins/sudoers/cvtsudoers_ldif.c:697 plugins/sudoers/sudoers.c:1092 +#: plugins/sudoers/sudoreplay.c:1466 plugins/sudoers/timestamp.c:433 +#: plugins/sudoers/tsdump.c:128 plugins/sudoers/visudo.c:949 +#, c-format +msgid "unable to open %s" +msgstr "无法打开 %s" + +#: logsrvd/iolog_writer.c:823 logsrvd/logsrv_util.c:100 +#: logsrvd/logsrv_util.c:107 plugins/sudoers/sudoreplay.c:362 +#: plugins/sudoers/sudoreplay.c:368 #, c-format msgid "unable to open %s/%s" msgstr "无法打开 %s/%s" -#: logsrvd/logsrv_util.c:133 +#: logsrvd/iolog_writer.c:836 +#, c-format +msgid "unable to copy %s/%s to %s/%s: %s" +msgstr "无法复制 %s/%s 到 %s/%s:%s" + +#: logsrvd/iolog_writer.c:865 logsrvd/logsrvd_journal.c:185 +#, c-format +msgid "unable to rename %s to %s" +msgstr "无法将 %s 重命名为 %s" + +#: logsrvd/logsrv_util.c:139 logsrvd/logsrv_util.c:168 +#, fuzzy, c-format +#| msgid "unable to find resume point [%lld, %ld] in %s/%s" +msgid "%s/%s: unable to find resume point [%lld, %ld]" +msgstr "无法找到恢复点 [%lld, %ld](在 %s/%s 中)" + +#: logsrvd/logsrv_util.c:151 #, c-format msgid "missing I/O log file %s/%s" msgstr "缺失 I/O 日志文件 %s/%s" -#: logsrvd/logsrv_util.c:140 +#: logsrvd/logsrv_util.c:158 #, c-format msgid "%s/%s: unable to seek forward %zu" msgstr "%s/%s:无法向前查找 %zu" -#: logsrvd/logsrv_util.c:150 -#, c-format -msgid "unable to find resume point [%lld, %ld] in %s/%s" -msgstr "无法找到恢复点 [%lld, %ld](在 %s/%s 中)" +#: logsrvd/logsrvd.c:266 logsrvd/logsrvd_queue.c:130 +#, fuzzy +#| msgid "unable to connect to relay host" +msgid "unable to connect to relay" +msgstr "无法连接到中继主机" + +#: logsrvd/logsrvd.c:325 logsrvd/logsrvd_relay.c:835 +#, c-format +msgid "server message too large: %zu" +msgstr "服务器消息过大:%zu" + +#: logsrvd/logsrvd.c:417 logsrvd/logsrvd.c:534 logsrvd/logsrvd.c:613 +#: logsrvd/logsrvd.c:837 logsrvd/logsrvd.c:851 logsrvd/logsrvd.c:1010 +#: logsrvd/logsrvd.c:1134 logsrvd/logsrvd.c:1307 logsrvd/logsrvd.c:1325 +#: logsrvd/logsrvd.c:1423 logsrvd/logsrvd.c:1546 logsrvd/logsrvd.c:1730 +#: logsrvd/logsrvd_journal.c:489 logsrvd/logsrvd_local.c:197 +#: logsrvd/logsrvd_queue.c:159 logsrvd/logsrvd_relay.c:167 +#: logsrvd/logsrvd_relay.c:244 logsrvd/logsrvd_relay.c:248 +#: logsrvd/logsrvd_relay.c:384 logsrvd/logsrvd_relay.c:576 +#: logsrvd/logsrvd_relay.c:737 logsrvd/logsrvd_relay.c:1121 +#: logsrvd/sendlog.c:1316 logsrvd/tls_client.c:131 logsrvd/tls_client.c:147 +#: logsrvd/tls_client.c:209 plugins/sudoers/audit.c:276 +#: plugins/sudoers/iolog.c:963 plugins/sudoers/iolog.c:1096 +#: plugins/sudoers/iolog.c:1194 plugins/sudoers/log_client.c:116 +#: plugins/sudoers/log_client.c:332 plugins/sudoers/log_client.c:348 +#: plugins/sudoers/log_client.c:395 plugins/sudoers/log_client.c:599 +#: plugins/sudoers/log_client.c:606 plugins/sudoers/log_client.c:1131 +#: plugins/sudoers/log_client.c:1413 plugins/sudoers/log_client.c:1454 +#: plugins/sudoers/log_client.c:1462 plugins/sudoers/log_client.c:1618 +#: plugins/sudoers/log_client.c:1734 plugins/sudoers/log_client.c:2054 +#: plugins/sudoers/log_client.c:2062 plugins/sudoers/logging.c:142 +#: plugins/sudoers/logging.c:198 plugins/sudoers/sudoreplay.c:522 +#: plugins/sudoers/sudoreplay.c:569 plugins/sudoers/sudoreplay.c:811 +#: plugins/sudoers/sudoreplay.c:923 plugins/sudoers/sudoreplay.c:1014 +#: plugins/sudoers/sudoreplay.c:1029 plugins/sudoers/sudoreplay.c:1036 +#: plugins/sudoers/sudoreplay.c:1043 plugins/sudoers/sudoreplay.c:1050 +#: plugins/sudoers/sudoreplay.c:1057 plugins/sudoers/sudoreplay.c:1184 +msgid "unable to add event to queue" +msgstr "无法将事件添加到队列" + +#: logsrvd/logsrvd.c:441 logsrvd/logsrvd.c:478 logsrvd/logsrvd.c:510 +#: logsrvd/logsrvd.c:558 logsrvd/logsrvd.c:630 logsrvd/logsrvd.c:660 +#: logsrvd/logsrvd.c:690 logsrvd/logsrvd.c:720 logsrvd/logsrvd_relay.c:505 +#: logsrvd/logsrvd_relay.c:538 +#, fuzzy, c-format +#| msgid "%s: unexpected state %d" +msgid "unexpected state %d for %s" +msgstr "%s:未预期的状态 %d" -#: logsrvd/logsrvd.c:290 logsrvd/logsrvd.c:353 logsrvd/logsrvd.c:394 -#: logsrvd/logsrvd.c:449 logsrvd/logsrvd.c:517 logsrvd/logsrvd.c:568 -#: logsrvd/logsrvd.c:600 logsrvd/logsrvd.c:632 +#: logsrvd/logsrvd.c:442 logsrvd/logsrvd.c:479 logsrvd/logsrvd.c:511 +#: logsrvd/logsrvd.c:559 logsrvd/logsrvd.c:631 logsrvd/logsrvd.c:661 +#: logsrvd/logsrvd.c:691 logsrvd/logsrvd.c:721 logsrvd/logsrvd_relay.c:507 +#: logsrvd/logsrvd_relay.c:540 msgid "state machine error" msgstr "状态机错误" -#: logsrvd/logsrvd.c:299 +#: logsrvd/logsrvd.c:448 logsrvd/logsrvd.c:449 msgid "invalid AcceptMessage" msgstr "无效的 AcceptMessage" -#: logsrvd/logsrvd.c:307 -msgid "error parsing AcceptMessage" -msgstr "解析 AcceptMessage 出错" - -#: logsrvd/logsrvd.c:314 -msgid "error creating I/O log" -msgstr "创建 I/O 日志出错" - -#: logsrvd/logsrvd.c:321 -msgid "error logging accept event" -msgstr "记录接受事件时出错" - -#: logsrvd/logsrvd.c:362 +#: logsrvd/logsrvd.c:485 logsrvd/logsrvd.c:486 msgid "invalid RejectMessage" msgstr "无效的 RejectMessage" -#: logsrvd/logsrvd.c:370 -msgid "error parsing RejectMessage" -msgstr "解析 RejectMessage 出错" - -#: logsrvd/logsrvd.c:376 -msgid "error logging reject event" -msgstr "记录拒绝事件时出错" - -#: logsrvd/logsrvd.c:486 +#: logsrvd/logsrvd.c:593 logsrvd/logsrvd.c:594 msgid "invalid AlertMessage" msgstr "无效的 AlertMessage" -#: logsrvd/logsrvd.c:494 -msgid "error parsing AlertMessage" -msgstr "解析 AlertMessage 出错" - -#: logsrvd/logsrvd.c:502 -msgid "error logging alert event" -msgstr "记录警告事件时出错" +#: logsrvd/logsrvd.c:635 logsrvd/logsrvd.c:665 logsrvd/logsrvd.c:695 +#, c-format +msgid "%s: unexpected IoBuffer" +msgstr "%s:未预期的 IoBuffer" -#: logsrvd/logsrvd.c:523 logsrvd/logsrvd.c:574 logsrvd/logsrvd.c:606 +#: logsrvd/logsrvd.c:636 logsrvd/logsrvd.c:666 logsrvd/logsrvd.c:696 msgid "protocol error" msgstr "协议错误" -#: logsrvd/logsrvd.c:533 -msgid "error writing IoBuffer" -msgstr "写入 IoBuffer 出错" - -#: logsrvd/logsrvd.c:585 -msgid "error writing ChangeWindowSize" -msgstr "写入 ChangeWindowSize 出错" - -#: logsrvd/logsrvd.c:617 -msgid "error writing CommandSuspend" -msgstr "写入 CommandSuspend 出错" +#: logsrvd/logsrvd.c:791 logsrvd/logsrvd_journal.c:357 +#: logsrvd/logsrvd_local.c:125 logsrvd/logsrvd_relay.c:671 +#, fuzzy, c-format +#| msgid "%s: unexpected type_case value %d" +msgid "unexpected type_case value %d in %s from %s" +msgstr "%s:未预期的 type_case 值 %d" -#: logsrvd/logsrvd.c:702 +#: logsrvd/logsrvd.c:793 msgid "unrecognized ClientMessage type" msgstr "无法识别的 ClientMessage 类型" -#: logsrvd/logsrvd.c:967 -msgid "client message too large" -msgstr "客户端消息过长" - -#: logsrvd/logsrvd.c:1197 logsrvd/logsrvd.c:1205 -#, c-format -msgid "unable to set TLS 1.2 ciphersuite to %s: %s" -msgstr "无法将 TLS 1.2 密码套件设置为 %s: %s" - -#: logsrvd/logsrvd.c:1225 logsrvd/logsrvd.c:1233 -#, c-format -msgid "unable to set TLS 1.3 ciphersuite to %s: %s" -msgstr "无法将 TLS 1.3 密码套件设置为 %s: %s" - -#: logsrvd/logsrvd.c:1269 -#, c-format -msgid "unable to get TLS server method: %s" -msgstr "无法获取 TLS 服务器方法:%s" +#: logsrvd/logsrvd.c:883 +#, fuzzy, c-format +#| msgid "timeout writing to relay" +msgid "timed out writing to client %s" +msgstr "写入中继时超时" -#: logsrvd/logsrvd.c:1274 -#, c-format -msgid "unable to create TLS context: %s" -msgstr "无法创建 TLS 上下文:%s" +#: logsrvd/logsrvd.c:888 logsrvd/logsrvd_relay.c:907 logsrvd/sendlog.c:1420 +#, fuzzy, c-format +#| msgid "missing write buffer" +msgid "missing write buffer for client %s" +msgstr "缺失写缓冲" -#: logsrvd/logsrvd.c:1281 plugins/sudoers/log_client.c:236 +#: logsrvd/logsrvd.c:981 #, c-format -msgid "unable to load certificate %s" -msgstr "无法加载证书 %s" +msgid "timed out reading from client %s" +msgstr "从客户端 %s 读取超时" -#: logsrvd/logsrvd.c:1294 plugins/sudoers/log_client.c:216 +#: logsrvd/logsrvd.c:1022 logsrvd/logsrvd_relay.c:771 #, c-format -msgid "unable to load certificate authority bundle %s" -msgstr "无法加载数字证书认证机构集合(CA bundle) %s" +msgid "EOF from %s without proper TLS shutdown" +msgstr "" -#: logsrvd/logsrvd.c:1339 plugins/sudoers/log_client.c:249 +#: logsrvd/logsrvd.c:1065 logsrvd/logsrvd_relay.c:200 logsrvd/sendlog.c:317 +#: plugins/sudoers/log_client.c:709 #, c-format -msgid "unable to load private key %s" -msgstr "无法加载私钥 %s" +msgid "client message too large: %zu" +msgstr "客户端消息过大:%zu" -#: logsrvd/logsrvd.c:1356 logsrvd/logsrvd.c:1365 -#, c-format -msgid "unable to set diffie-hellman parameters: %s" -msgstr "无法设置 diffie-hellman 参数:%s" +#: logsrvd/logsrvd.c:1066 logsrvd/logsrvd_journal.c:246 +#: logsrvd/logsrvd_journal.c:247 +msgid "client message too large" +msgstr "客户端消息过长" -#: logsrvd/logsrvd.c:1378 -#, c-format -msgid "unable to set minimum protocol version to TLS 1.2: %s" -msgstr "无法将最低协议版本设置为 TLS 1.2:%s" +#: logsrvd/logsrvd.c:1084 logsrvd/logsrvd.c:1085 +msgid "invalid ClientMessage" +msgstr "无效的 ClientMessage" -#: logsrvd/logsrvd.c:1563 +#: logsrvd/logsrvd.c:1386 msgid "unable to get remote IP addr" msgstr "无法获取远程 IP 地址" -#: logsrvd/logsrvd.c:1591 plugins/sudoers/log_client.c:263 +#: logsrvd/logsrvd.c:1415 logsrvd/tls_client.c:196 +#: plugins/sudoers/log_client.c:270 #, c-format msgid "Unable to attach user data to the ssl object: %s" msgstr "无法将用户数据附加到 ssl 对象上:%s" -#: logsrvd/logsrvd.c:1599 logsrvd/logsrvd.c:1721 logsrvd/logsrvd.c:1823 -#: logsrvd/sendlog.c:1125 logsrvd/sendlog.c:1481 logsrvd/sendlog.c:1496 -#: logsrvd/sendlog.c:1554 plugins/sudoers/iolog.c:956 -#: plugins/sudoers/iolog.c:1089 plugins/sudoers/iolog.c:1187 -#: plugins/sudoers/log_client.c:109 plugins/sudoers/log_client.c:324 -#: plugins/sudoers/log_client.c:340 plugins/sudoers/log_client.c:386 -#: plugins/sudoers/log_client.c:587 plugins/sudoers/log_client.c:594 -#: plugins/sudoers/log_client.c:1103 plugins/sudoers/log_client.c:1376 -#: plugins/sudoers/log_client.c:1417 plugins/sudoers/log_client.c:1425 -#: plugins/sudoers/log_client.c:1576 plugins/sudoers/log_client.c:1692 -#: plugins/sudoers/log_client.c:2007 plugins/sudoers/log_client.c:2015 -#: plugins/sudoers/sudoreplay.c:512 plugins/sudoers/sudoreplay.c:559 -#: plugins/sudoers/sudoreplay.c:791 plugins/sudoers/sudoreplay.c:903 -#: plugins/sudoers/sudoreplay.c:993 plugins/sudoers/sudoreplay.c:1008 -#: plugins/sudoers/sudoreplay.c:1015 plugins/sudoers/sudoreplay.c:1022 -#: plugins/sudoers/sudoreplay.c:1029 plugins/sudoers/sudoreplay.c:1036 -#: plugins/sudoers/sudoreplay.c:1163 -msgid "unable to add event to queue" -msgstr "无法将事件添加到队列" - -#: logsrvd/logsrvd.c:1775 logsrvd/logsrvd.c:2011 -msgid "unable setup listen socket" +#: logsrvd/logsrvd.c:1596 logsrvd/logsrvd.c:1949 +msgid "unable to setup listen socket" msgstr "无法设置监听套接字" -#: logsrvd/logsrvd.c:1917 logsrvd/sendlog.c:124 +#: logsrvd/logsrvd.c:1713 #, c-format -msgid "" -"%s - send sudo I/O log to remote server\n" -"\n" -msgstr "" -"%s - 将 sudo I/O 日志发送到远程服务器\n" -"\n" +msgid "unexpected signal %d" +msgstr "未预期的信号 %d" -#: logsrvd/logsrvd.c:1920 -msgid "" -"\n" -"Options:\n" -" -f, --file path to configuration file\n" -" -h --help display help message and exit\n" -" -n, --no-fork do not fork, run in the foreground\n" -" -R, --random-drop percent chance connections will drop\n" -" -V, --version display version information and exit\n" +#: logsrvd/logsrvd.c:1851 +msgid "sudo log server" +msgstr "sudo 日志服务器" + +#: logsrvd/logsrvd.c:1853 logsrvd/sendlog.c:116 +msgid "Options:" +msgstr "选项:" + +#: logsrvd/logsrvd.c:1855 +msgid "path to configuration file" +msgstr "配置文件路径" + +#: logsrvd/logsrvd.c:1857 logsrvd/sendlog.c:118 +msgid "display help message and exit" +msgstr "显示帮助信息并退出" + +#: logsrvd/logsrvd.c:1859 +msgid "do not fork, run in the foreground" +msgstr "不要进行 fork,在前台运行" + +#: logsrvd/logsrvd.c:1861 +msgid "percent chance connections will drop" msgstr "" -"\n" -"选项:\n" -" -f, --file 指定配置文件的位置\n" -" -h, --help 显示帮助信息并退出\n" -" -n, --no-fork 不要进行 fork,在前台运行\n" -" -R, --random-drop 指定丢弃连接的百分比概率\n" -" -V, --version 显示版本信息并退出\n" -#: logsrvd/logsrvd.c:1972 logsrvd/sendlog.c:1719 +#: logsrvd/logsrvd.c:1863 logsrvd/sendlog.c:148 +msgid "display version information and exit" +msgstr "显示版本信息并退出" + +#: logsrvd/logsrvd.c:1913 logsrvd/sendlog.c:1725 msgid "Protobuf-C version 1.3 or higher required" msgstr "需要 Protobuf-C 1.3 版或更高版本" -#: logsrvd/logsrvd.c:1990 +#: logsrvd/logsrvd.c:1929 #, c-format msgid "invalid random drop value: %s" msgstr "无效的随机丢弃值:%s" -#: logsrvd/logsrvd.c:1994 logsrvd/sendlog.c:1769 -#: plugins/sudoers/cvtsudoers.c:228 plugins/sudoers/sudoreplay.c:299 +#: logsrvd/logsrvd.c:1932 logsrvd/sendlog.c:1779 +#: plugins/sudoers/cvtsudoers.c:246 plugins/sudoers/sudoreplay.c:301 #: plugins/sudoers/visudo.c:177 #, c-format msgid "%s version %s\n" msgstr "%s 版本 %s\n" -#: logsrvd/logsrvd_conf.c:331 +#: logsrvd/logsrvd_conf.c:390 plugins/sudoers/check.c:336 +#: plugins/sudoers/exptilde.c:85 plugins/sudoers/iolog.c:118 +#: plugins/sudoers/policy.c:1214 plugins/sudoers/sudoers.c:486 +#: plugins/sudoers/sudoers.c:1347 plugins/sudoers/testsudoers.c:215 +#: plugins/sudoers/testsudoers.c:382 +#, c-format +msgid "unknown user %s" +msgstr "未知用户 %s" + +#: logsrvd/logsrvd_conf.c:407 plugins/sudoers/iolog.c:143 +#: plugins/sudoers/sudoers.c:491 plugins/sudoers/sudoers.c:1381 +#: plugins/sudoers/testsudoers.c:406 +#, c-format +msgid "unknown group %s" +msgstr "未知组 %s" + +#: logsrvd/logsrvd_conf.c:425 +#, c-format +msgid "unable to parse iolog mode %s" +msgstr "无法解析 iolog 模式 %s" + +#: logsrvd/logsrvd_conf.c:442 logsrvd/logsrvd_conf.c:1171 +#, c-format +msgid "invalid value for %s: %s" +msgstr "用于 %s 的无效的值:%s" + +#: logsrvd/logsrvd_conf.c:481 msgid "TLS not supported" msgstr "不支持 TLS" -#: logsrvd/logsrvd_conf.c:343 +#: logsrvd/logsrvd_conf.c:503 #, c-format msgid "%s:%s" msgstr "%s:%s" -#: logsrvd/logsrvd_conf.c:409 logsrvd/logsrvd_conf.c:653 +#: logsrvd/logsrvd_conf.c:576 logsrvd/logsrvd_conf.c:970 #, c-format msgid "%s: not a fully qualified path" msgstr "%s:不是完全合格的路径" -#: logsrvd/logsrvd_conf.c:767 +#: logsrvd/logsrvd_conf.c:888 logsrvd/logsrvd_conf.c:904 +#: logsrvd/logsrvd_conf.c:1586 +#, c-format +msgid "unknown syslog facility %s" +msgstr "未知的 syslog 设施 %s" + +#: logsrvd/logsrvd_conf.c:920 logsrvd/logsrvd_conf.c:936 +#: logsrvd/logsrvd_conf.c:952 logsrvd/logsrvd_conf.c:1590 +#: logsrvd/logsrvd_conf.c:1594 logsrvd/logsrvd_conf.c:1598 +#, c-format +msgid "unknown syslog priority %s" +msgstr "位置的 syslog 优先级 %s" + +#: logsrvd/logsrvd_conf.c:1132 #, c-format msgid "%s:%d unmatched '[': %s" msgstr "%s:%d 不匹配的 '[':%s" -#: logsrvd/logsrvd_conf.c:778 -#, fuzzy, c-format -#| msgid "invalid filter option: %s" +#: logsrvd/logsrvd_conf.c:1143 +#, c-format msgid "%s:%d invalid config section: %s" -msgstr "无效的过滤器选项:%s" +msgstr "%s:%d 无效的配置段:%s" -#: logsrvd/logsrvd_conf.c:786 +#: logsrvd/logsrvd_conf.c:1151 #, c-format msgid "%s:%d invalid configuration line: %s" msgstr "%s:%d 无效的配置行:%s" -#: logsrvd/logsrvd_conf.c:792 +#: logsrvd/logsrvd_conf.c:1157 #, c-format msgid "%s:%d expected section name: %s" msgstr "" -#: logsrvd/logsrvd_conf.c:806 +#: logsrvd/logsrvd_conf.c:1179 #, c-format -msgid "invalid value for %s: %s" -msgstr "用于 %s 的无效的值:%s" +msgid "%s:%d [%s] illegal key: %s" +msgstr "" -#: logsrvd/logsrvd_conf.c:814 -#, fuzzy, c-format -#| msgid "%s: unknown key word: %s" -msgid "%s:%d unknown key: %s" -msgstr "%s:未知的关键词:%s" +#: logsrvd/logsrvd_conf.c:1209 plugins/sudoers/cvtsudoers.c:268 +#: plugins/sudoers/logging.c:856 +#, c-format +msgid "unable to open log file %s" +msgstr "无法打开日志文件 %s" + +#: logsrvd/logsrvd_conf.c:1666 +msgid "unable to initialize server TLS context" +msgstr "无法初始化服务器 TLS 上下文" + +#: logsrvd/logsrvd_conf.c:1686 +msgid "unable to initialize relay TLS context" +msgstr "无法初始化中继 TLS 上下文" + +#: logsrvd/logsrvd_journal.c:136 logsrvd/logsrvd_journal.c:416 +#: logsrvd/logsrvd_journal.c:421 +msgid "unable to create journal file" +msgstr "无法创建日志文件" + +#: logsrvd/logsrvd_journal.c:140 logsrvd/logsrvd_queue.c:104 +#: plugins/sudoers/visudo.c:1007 +#, c-format +msgid "unable to lock %s" +msgstr "无法锁定 %s" + +#: logsrvd/logsrvd_journal.c:143 +msgid "unable to lock journal file" +msgstr "无法锁定日志文件" + +#: logsrvd/logsrvd_journal.c:151 +msgid "unable to open journal file" +msgstr "无法打开日志文件" + +#: logsrvd/logsrvd_journal.c:172 logsrvd/logsrvd_journal.c:452 +#: logsrvd/logsrvd_journal.c:457 +msgid "unable to write journal file" +msgstr "无法写入日志文件" + +#: logsrvd/logsrvd_journal.c:180 logsrvd/logsrvd_journal.c:187 +msgid "unable to rename journal file" +msgstr "无法重命名日志文件" + +#: logsrvd/logsrvd_journal.c:234 logsrvd/logsrvd_journal.c:235 +#: logsrvd/logsrvd_journal.c:269 logsrvd/logsrvd_journal.c:270 +msgid "unexpected EOF reading journal file" +msgstr "读取日志文件时未预期的 EOF" + +#: logsrvd/logsrvd_journal.c:238 logsrvd/logsrvd_journal.c:239 +#: logsrvd/logsrvd_journal.c:273 logsrvd/logsrvd_journal.c:274 +msgid "error reading journal file" +msgstr "读取日志文件出错" + +#: logsrvd/logsrvd_journal.c:285 logsrvd/logsrvd_journal.c:376 +msgid "invalid journal file, unable to restart" +msgstr "无效的日志文件,无法重新启动" -#: logsrvd/logsrvd_conf.c:1003 +#: logsrvd/logsrvd_journal.c:435 #, fuzzy, c-format -#| msgid "unknown login class: %s" -msgid "unknown syslog facility %s" -msgstr "未知的登录类别:%s" +#| msgid "unable to find resume point [%lld, %ld] in %s/%s" +msgid "unable to seek to [%lld, %ld] in journal file %s" +msgstr "无法找到恢复点 [%lld, %ld](在 %s/%s 中)" -#: logsrvd/logsrvd_conf.c:1007 logsrvd/logsrvd_conf.c:1011 -#: logsrvd/logsrvd_conf.c:1015 +#: logsrvd/logsrvd_local.c:153 +msgid "error parsing AcceptMessage" +msgstr "解析 AcceptMessage 出错" + +#: logsrvd/logsrvd_local.c:164 +msgid "error creating I/O log" +msgstr "创建 I/O 日志出错" + +#: logsrvd/logsrvd_local.c:187 +msgid "error logging accept event" +msgstr "记录接受事件时出错" + +#: logsrvd/logsrvd_local.c:226 +msgid "error parsing RejectMessage" +msgstr "解析 RejectMessage 出错" + +#: logsrvd/logsrvd_local.c:250 +msgid "error logging reject event" +msgstr "记录拒绝事件时出错" + +#: logsrvd/logsrvd_local.c:386 logsrvd/logsrvd_local.c:394 +#, fuzzy +#| msgid "error logging alert event" +msgid "error logging exit event" +msgstr "记录警告事件时出错" + +#: logsrvd/logsrvd_local.c:451 logsrvd/logsrvd_local.c:452 +msgid "log is already complete, cannot be restarted" +msgstr "日志已完成,无法重新启动" + +#: logsrvd/logsrvd_local.c:482 +msgid "unable to restart log" +msgstr "无法重新启动 log" + +#: logsrvd/logsrvd_local.c:498 +msgid "error parsing AlertMessage" +msgstr "解析 AlertMessage 出错" + +#: logsrvd/logsrvd_local.c:508 +msgid "error logging alert event" +msgstr "记录警告事件时出错" + +#: logsrvd/logsrvd_local.c:543 logsrvd/logsrvd_local.c:596 +#: logsrvd/logsrvd_local.c:631 #, c-format -msgid "unknown syslog priority %s" -msgstr "位置的 syslog 优先级 %s" +msgid "unable to format timing buffer, length %d" +msgstr "无法格式化时间缓冲区,长度 %d" -#: logsrvd/sendlog.c:127 -msgid "" -"\n" -"Options:\n" -" --help display help message and exit\n" -" -A, --accept only send an accept event (no I/O)\n" -" -h, --host host to send logs to\n" -" -i, --iolog_id remote ID of I/O log to be resumed\n" -" -p, --port port to use when connecting to host\n" -" -r, --restart restart previous I/O log transfer\n" -" -R, --reject reject the command with the given reason\n" -" -b, --ca-bundle certificate bundle file to verify server's cert against\n" -" -c, --cert certificate file for TLS handshake\n" -" -k, --key private key file\n" -" -n, --no-verify do not verify server certificate\n" -" -t, --test test audit server by sending selected I/O log n times in parallel\n" -" -V, --version display version information and exit\n" +#: logsrvd/logsrvd_local.c:550 logsrvd/logsrvd_local.c:558 +#: logsrvd/logsrvd_local.c:603 logsrvd/logsrvd_local.c:638 +#: plugins/sudoers/sudoreplay.c:351 +#, c-format +msgid "%s/%s: %s" +msgstr "%s/%s:%s" + +#: logsrvd/logsrvd_local.c:578 +msgid "error writing IoBuffer" +msgstr "写入 IoBuffer 出错" + +#: logsrvd/logsrvd_local.c:613 +msgid "error writing ChangeWindowSize" +msgstr "写入 ChangeWindowSize 出错" + +#: logsrvd/logsrvd_local.c:648 +msgid "error writing CommandSuspend" +msgstr "写入 CommandSuspend 出错" + +#: logsrvd/logsrvd_relay.c:430 +msgid "TLS handshake with relay host failed" +msgstr "与中继主机的 TLS 握手失败" + +#: logsrvd/logsrvd_relay.c:458 +msgid "unable to connect to relay host" +msgstr "无法连接到中继主机" + +#: logsrvd/logsrvd_relay.c:513 +#, c-format +msgid "%s: invalid ServerHello, missing server_id" +msgstr "%s:无效的 ServerHello,缺少 server_id" + +#: logsrvd/logsrvd_relay.c:515 logsrvd/sendlog.c:1121 +#: plugins/sudoers/log_client.c:1497 +msgid "invalid ServerHello" +msgstr "无效的 ServerHello" + +#: logsrvd/logsrvd_relay.c:674 +msgid "unrecognized ServerMessage type" +msgstr "无法识别的 ServerMessage 类型" + +#: logsrvd/logsrvd_relay.c:703 +#, c-format +msgid "timed out reading from relay %s (%s)" +msgstr "从中继 %s 读取超时(%s)" + +#: logsrvd/logsrvd_relay.c:705 +msgid "timeout reading from relay" +msgstr "从中继读取超时" + +#: logsrvd/logsrvd_relay.c:757 +msgid "relay host name does not match certificate" +msgstr "中继主机名称与证书不匹配" + +#: logsrvd/logsrvd_relay.c:763 logsrvd/logsrvd_relay.c:776 +#: logsrvd/logsrvd_relay.c:782 +msgid "error reading from relay" +msgstr "从中继读取出错" + +#: logsrvd/logsrvd_relay.c:803 +msgid "unable to read from relay" +msgstr "无法从中继读取" + +#: logsrvd/logsrvd_relay.c:818 logsrvd/logsrvd_relay.c:936 +msgid "relay server closed connection" +msgstr "中继服务器关闭了连接" + +#: logsrvd/logsrvd_relay.c:836 +msgid "server message too large" +msgstr "服务器消息过大" + +#: logsrvd/logsrvd_relay.c:900 +#, c-format +msgid "timed out writing to relay %s (%s)" +msgstr "写入中继 %s 时超时(%s)" + +#: logsrvd/logsrvd_relay.c:902 +msgid "timeout writing to relay" +msgstr "写入中继时超时" + +#: logsrvd/logsrvd_relay.c:955 logsrvd/logsrvd_relay.c:961 +#: logsrvd/logsrvd_relay.c:971 +msgid "error writing to relay" +msgstr "写入中继时出错" + +#: logsrvd/sendlog.c:114 +msgid "send sudo I/O log to remote server" +msgstr "将 sudo I/O 日志发送到远程服务器" + +#: logsrvd/sendlog.c:120 +msgid "only send an accept event (no I/O)" +msgstr "只发送一个 accept 事件(没有 I/O)" + +#: logsrvd/sendlog.c:123 +msgid "certificate bundle file to verify server's cert against" msgstr "" -#: logsrvd/sendlog.c:164 plugins/sudoers/log_client.c:432 -#, fuzzy, c-format -#| msgid "unable to load %s: %s" +#: logsrvd/sendlog.c:125 +msgid "certificate file for TLS handshake" +msgstr "用于 TLS 握手的证书文件" + +#: logsrvd/sendlog.c:128 +msgid "host to send logs to" +msgstr "" + +#: logsrvd/sendlog.c:130 +msgid "remote ID of I/O log to be resumed" +msgstr "" + +#: logsrvd/sendlog.c:133 +msgid "private key file" +msgstr "私钥文件" + +#: logsrvd/sendlog.c:135 +msgid "do not verify server certificate" +msgstr "不要验证服务器证书" + +#: logsrvd/sendlog.c:138 +msgid "port to use when connecting to host" +msgstr "连接到主机时使用的端口" + +#: logsrvd/sendlog.c:140 +msgid "restart previous I/O log transfer" +msgstr "重新开始先前的 I/O 日志传输" + +#: logsrvd/sendlog.c:142 +msgid "reject the command with the given reason" +msgstr "" + +#: logsrvd/sendlog.c:144 +msgid "stop transfer after reaching this time" +msgstr "" + +#: logsrvd/sendlog.c:146 +msgid "test audit server by sending selected I/O log n times in parallel" +msgstr "" + +#: logsrvd/sendlog.c:171 plugins/sudoers/log_client.c:441 +#, c-format msgid "unable to look up %s:%s: %s" -msgstr "无法加载 %s:%s" +msgstr "无法查找 %s:%s:%s" -#: logsrvd/sendlog.c:202 +#: logsrvd/sendlog.c:209 msgid "unable to get server IP addr" msgstr "无法获取服务器 IP 地址" -#: logsrvd/sendlog.c:256 plugins/sudoers/sudoreplay.c:851 +#: logsrvd/sendlog.c:295 plugins/sudoers/sudoreplay.c:871 #, c-format msgid "unable to read %s/%s: %s" msgstr "无法读取 %s/%s:%s" -#: logsrvd/sendlog.c:277 plugins/sudoers/log_client.c:694 -#, c-format -msgid "client message too large: %zu" -msgstr "客户端消息过大:%zu" - -#: logsrvd/sendlog.c:810 -#, c-format -msgid "%s: write buffer already in use" -msgstr "%s:写缓冲已在使用" - -#: logsrvd/sendlog.c:862 plugins/sudoers/iolog.c:880 -#: plugins/sudoers/iolog.c:949 +#: logsrvd/sendlog.c:1045 plugins/sudoers/iolog.c:887 +#: plugins/sudoers/iolog.c:956 #, c-format msgid "unexpected I/O event %d" msgstr "未预期的 I/O 事件 %d" -#: logsrvd/sendlog.c:908 logsrvd/sendlog.c:925 logsrvd/sendlog.c:959 -#: plugins/sudoers/log_client.c:1118 plugins/sudoers/log_client.c:1386 -#: plugins/sudoers/log_client.c:1454 plugins/sudoers/log_client.c:1490 +#: logsrvd/sendlog.c:1098 logsrvd/sendlog.c:1115 logsrvd/sendlog.c:1149 +#: plugins/sudoers/log_client.c:1146 plugins/sudoers/log_client.c:1423 +#: plugins/sudoers/log_client.c:1491 plugins/sudoers/log_client.c:1530 #, c-format msgid "%s: unexpected state %d" msgstr "%s:未预期的状态 %d" -#: logsrvd/sendlog.c:931 plugins/sudoers/log_client.c:1460 -msgid "invalid ServerHello" -msgstr "无效的 ServerHello" - -#: logsrvd/sendlog.c:995 plugins/sudoers/log_client.c:1534 +#: logsrvd/sendlog.c:1185 plugins/sudoers/log_client.c:1576 #, c-format msgid "error message received from server: %s" msgstr "从服务器收到了错误消息:%s" -#: logsrvd/sendlog.c:1008 plugins/sudoers/log_client.c:1547 +#: logsrvd/sendlog.c:1198 plugins/sudoers/log_client.c:1589 #, c-format msgid "abort message received from server: %s" msgstr "从服务器收到了中止消息:%s" -#: logsrvd/sendlog.c:1027 plugins/sudoers/log_client.c:1566 -msgid "unable to unpack ServerMessage" -msgstr "无法解包 ServerMessage" - -#: logsrvd/sendlog.c:1067 plugins/sudoers/log_client.c:1597 +#: logsrvd/sendlog.c:1257 plugins/sudoers/log_client.c:1639 #, c-format msgid "%s: unexpected type_case value %d" -msgstr "" +msgstr "%s:未预期的 type_case 值 %d" -#: logsrvd/sendlog.c:1096 +#: logsrvd/sendlog.c:1286 msgid "timeout reading from server" msgstr "从服务器读取超时" -#: logsrvd/sendlog.c:1174 +#: logsrvd/sendlog.c:1368 msgid "premature EOF" msgstr "过早的文件结束" -#: logsrvd/sendlog.c:1187 plugins/sudoers/log_client.c:1751 +#: logsrvd/sendlog.c:1381 plugins/sudoers/log_client.c:1800 #, c-format msgid "server message too large: %u" msgstr "服务器消息过大:%u" -#: logsrvd/sendlog.c:1238 +#: logsrvd/sendlog.c:1437 msgid "timeout writing to server" msgstr "写入服务器时超时" -#: logsrvd/sendlog.c:1457 plugins/sudoers/log_client.c:296 +#: logsrvd/sendlog.c:1802 +msgid "both restart point and iolog ID must be specified" +msgstr "" + +#: logsrvd/sendlog.c:1806 +msgid "a restart point may not be set when no I/O is sent" +msgstr "" + +#: logsrvd/sendlog.c:1882 +#, c-format +msgid "exited prematurely with state %d" +msgstr "过早地退出,状态码为 %d" + +#: logsrvd/sendlog.c:1883 +#, c-format +msgid "elapsed time sent to server [%lld, %ld]" +msgstr "" + +#: logsrvd/sendlog.c:1885 +#, c-format +msgid "commit point received from server [%lld, %ld]" +msgstr "" + +#: logsrvd/tls_client.c:106 plugins/sudoers/log_client.c:304 msgid "TLS handshake timeout occurred" msgstr "TLS 握手超时" -#: logsrvd/sendlog.c:1476 logsrvd/sendlog.c:1491 -#: plugins/sudoers/log_client.c:318 plugins/sudoers/log_client.c:334 +#: logsrvd/tls_client.c:126 logsrvd/tls_client.c:142 +#: plugins/sudoers/log_client.c:326 plugins/sudoers/log_client.c:342 msgid "unable to set event" msgstr "无法设置事件" -#: logsrvd/sendlog.c:1501 logsrvd/sendlog.c:1505 +#: logsrvd/tls_client.c:152 logsrvd/tls_client.c:156 #, c-format msgid "TLS connection failed: %s" msgstr "TLS 连接失败:%s" -#: logsrvd/sendlog.c:1538 +#: logsrvd/tls_client.c:190 #, c-format -msgid "Unable to initialize ssl context: %s" -msgstr "无法初始化 ssl 上下文:%s" - -#: logsrvd/sendlog.c:1543 plugins/sudoers/log_client.c:258 -#, c-format -msgid "Unable to allocate ssl object: %s" +msgid "unable to allocate ssl object: %s" msgstr "无法分配 ssl 对象:%s" -#: logsrvd/sendlog.c:1548 +#: logsrvd/tls_client.c:203 #, c-format msgid "Unable to attach socket to the ssl object: %s" msgstr "无法将套接字附加给 ssl 对象:%s" -#: logsrvd/sendlog.c:1792 -msgid "both restart point and iolog ID must be specified" -msgstr "" +#: logsrvd/tls_client.c:231 +msgid "unable to initialize TLS context" +msgstr "无法初始化 TLS 上下文" -#: logsrvd/sendlog.c:1796 -msgid "a restart point may not be set when no I/O is sent" -msgstr "" +#: logsrvd/tls_init.c:127 logsrvd/tls_init.c:135 +#, c-format +msgid "unable to set TLS 1.2 ciphersuite to %s: %s" +msgstr "无法将 TLS 1.2 密码套件设置为 %s: %s" -#: logsrvd/sendlog.c:1871 +#: logsrvd/tls_init.c:155 logsrvd/tls_init.c:163 #, c-format -msgid "exited prematurely with state %d" -msgstr "过早地退出,状态码为 %d" +msgid "unable to set TLS 1.3 ciphersuite to %s: %s" +msgstr "无法将 TLS 1.3 密码套件设置为 %s: %s" -#: logsrvd/sendlog.c:1872 +#: logsrvd/tls_init.c:195 logsrvd/tls_init.c:216 #, c-format -msgid "elapsed time sent to server [%lld, %ld]" -msgstr "" +msgid "unable to set diffie-hellman parameters: %s" +msgstr "无法设置 diffie-hellman 参数:%s" -#: logsrvd/sendlog.c:1874 +#: logsrvd/tls_init.c:272 #, c-format -msgid "commit point received from server [%lld, %ld]" -msgstr "" +msgid "unable to create TLS context: %s" +msgstr "无法创建 TLS 上下文:%s" -#: plugins/sudoers/alias.c:148 +#: logsrvd/tls_init.c:278 #, c-format -msgid "Alias \"%s\" already defined" -msgstr "别名“%s”已定义过" +msgid "unable to set minimum protocol version to TLS 1.2: %s" +msgstr "无法将最低协议版本设置为 TLS 1.2:%s" -#: plugins/sudoers/audit.c:206 plugins/sudoers/audit.c:343 -#: plugins/sudoers/log_client.c:954 plugins/sudoers/log_client.c:1002 -#: plugins/sudoers/log_client.c:1050 plugins/sudoers/log_client.c:1175 -#: plugins/sudoers/logging.c:548 plugins/sudoers/policy.c:114 +#: plugins/sudoers/audit.c:267 plugins/sudoers/audit.c:419 +#: plugins/sudoers/log_client.c:979 plugins/sudoers/log_client.c:1028 +#: plugins/sudoers/log_client.c:1077 plugins/sudoers/log_client.c:1203 +#: plugins/sudoers/logging.c:551 plugins/sudoers/logging.c:648 +#: plugins/sudoers/logging.c:810 plugins/sudoers/policy.c:123 msgid "unable to get time of day" msgstr "无法获取时间" @@ -902,45 +1356,45 @@ msgid "unable to change password for %s" msgstr "无法为 %s 更改密码" -#: plugins/sudoers/auth/bsdauth.c:70 +#: plugins/sudoers/auth/bsdauth.c:74 #, c-format msgid "unable to get login class for user %s" msgstr "无法获取用户 %s 的登录类别(login class)" -#: plugins/sudoers/auth/bsdauth.c:75 +#: plugins/sudoers/auth/bsdauth.c:79 msgid "unable to begin bsd authentication" msgstr "无法开始 bsd 认证" -#: plugins/sudoers/auth/bsdauth.c:83 +#: plugins/sudoers/auth/bsdauth.c:87 msgid "invalid authentication type" msgstr "无效的认证类型" -#: plugins/sudoers/auth/bsdauth.c:92 +#: plugins/sudoers/auth/bsdauth.c:96 msgid "unable to initialize BSD authentication" msgstr "无法初始化 bsd 认证" -#: plugins/sudoers/auth/bsdauth.c:179 +#: plugins/sudoers/auth/bsdauth.c:183 msgid "your account has expired" msgstr "您的账户已过期" -#: plugins/sudoers/auth/bsdauth.c:181 +#: plugins/sudoers/auth/bsdauth.c:185 msgid "approval failed" msgstr "批准失败" -#: plugins/sudoers/auth/fwtk.c:54 +#: plugins/sudoers/auth/fwtk.c:58 msgid "unable to read fwtk config" msgstr "无法读取 fwtk 配置" -#: plugins/sudoers/auth/fwtk.c:59 +#: plugins/sudoers/auth/fwtk.c:63 msgid "unable to connect to authentication server" msgstr "无法连接到认证服务器" -#: plugins/sudoers/auth/fwtk.c:65 plugins/sudoers/auth/fwtk.c:89 -#: plugins/sudoers/auth/fwtk.c:121 +#: plugins/sudoers/auth/fwtk.c:69 plugins/sudoers/auth/fwtk.c:94 +#: plugins/sudoers/auth/fwtk.c:126 msgid "lost connection to authentication server" msgstr "丢失了到认证服务器的连接" -#: plugins/sudoers/auth/fwtk.c:69 +#: plugins/sudoers/auth/fwtk.c:73 #, c-format msgid "" "authentication server error:\n" @@ -954,83 +1408,83 @@ msgid "%s: unable to convert principal to string ('%s'): %s" msgstr "%s:无法将主体(principal)转换为字符串(“%s”):%s" -#: plugins/sudoers/auth/kerb5.c:160 +#: plugins/sudoers/auth/kerb5.c:162 #, c-format msgid "%s: unable to parse '%s': %s" msgstr "%s:无法解析“%s”:%s" -#: plugins/sudoers/auth/kerb5.c:169 +#: plugins/sudoers/auth/kerb5.c:171 #, c-format msgid "%s: unable to resolve credential cache: %s" msgstr "%s:无法解析凭据缓存:%s" -#: plugins/sudoers/auth/kerb5.c:216 +#: plugins/sudoers/auth/kerb5.c:220 #, c-format msgid "%s: unable to allocate options: %s" msgstr "%s:无法分配选项:%s" -#: plugins/sudoers/auth/kerb5.c:231 +#: plugins/sudoers/auth/kerb5.c:235 #, c-format msgid "%s: unable to get credentials: %s" msgstr "%s:无法获取凭据:%s" -#: plugins/sudoers/auth/kerb5.c:244 +#: plugins/sudoers/auth/kerb5.c:248 #, c-format msgid "%s: unable to initialize credential cache: %s" msgstr "%s:无法初始化凭据缓存:%s" -#: plugins/sudoers/auth/kerb5.c:247 +#: plugins/sudoers/auth/kerb5.c:251 #, c-format msgid "%s: unable to store credential in cache: %s" msgstr "%s:无法在缓存中储存凭据:%s" -#: plugins/sudoers/auth/kerb5.c:311 +#: plugins/sudoers/auth/kerb5.c:315 #, c-format msgid "%s: unable to get host principal: %s" msgstr "%s:无法获取主机主体(principal):%s" -#: plugins/sudoers/auth/kerb5.c:325 +#: plugins/sudoers/auth/kerb5.c:329 #, c-format msgid "%s: Cannot verify TGT! Possible attack!: %s" msgstr "%s:无法验证目标!可能遭到了攻击!:%s" -#: plugins/sudoers/auth/pam.c:218 +#: plugins/sudoers/auth/pam.c:216 #, c-format msgid "unable to initialize PAM: %s" msgstr "无法初始化 PAM:%s" -#: plugins/sudoers/auth/pam.c:317 +#: plugins/sudoers/auth/pam.c:338 #, c-format msgid "PAM authentication error: %s" msgstr "PAM 认证出错:%s" -#: plugins/sudoers/auth/pam.c:336 +#: plugins/sudoers/auth/pam.c:357 msgid "account validation failure, is your account locked?" msgstr "账户验证失败,您的账户是不是上锁了?" -#: plugins/sudoers/auth/pam.c:347 +#: plugins/sudoers/auth/pam.c:368 msgid "Account or password is expired, reset your password and try again" msgstr "账户或密码过期,重置您的密码并重试" -#: plugins/sudoers/auth/pam.c:353 +#: plugins/sudoers/auth/pam.c:374 #, c-format msgid "unable to change expired password: %s" msgstr "无法更改过期的密码:%s" -#: plugins/sudoers/auth/pam.c:364 +#: plugins/sudoers/auth/pam.c:385 msgid "Password expired, contact your system administrator" msgstr "密码过期,联系您的系统管理员" -#: plugins/sudoers/auth/pam.c:369 +#: plugins/sudoers/auth/pam.c:390 msgid "Account expired or PAM config lacks an \"account\" section for sudo, contact your system administrator" msgstr "账户过期,或 PAM 配置缺少 sudo 使用的“account”节,联系您的系统管理员" -#: plugins/sudoers/auth/pam.c:377 plugins/sudoers/auth/pam.c:382 +#: plugins/sudoers/auth/pam.c:398 plugins/sudoers/auth/pam.c:403 #, c-format msgid "PAM account management error: %s" msgstr "PAM 账户管理出错:%s" -#: plugins/sudoers/auth/rfc1938.c:99 plugins/sudoers/visudo.c:243 +#: plugins/sudoers/auth/rfc1938.c:99 plugins/sudoers/visudo.c:255 #, c-format msgid "you do not exist in the %s database" msgstr "%s 数据库中没有您" @@ -1039,31 +1493,31 @@ msgid "failed to initialise the ACE API library" msgstr "初始化 ACE API 库失败" -#: plugins/sudoers/auth/securid5.c:98 +#: plugins/sudoers/auth/securid5.c:103 msgid "unable to contact the SecurID server" msgstr "无法联络 SecurID 服务器" -#: plugins/sudoers/auth/securid5.c:107 +#: plugins/sudoers/auth/securid5.c:112 msgid "User ID locked for SecurID Authentication" msgstr "为进行 SecurID 认证,已锁定用户 ID" -#: plugins/sudoers/auth/securid5.c:111 plugins/sudoers/auth/securid5.c:162 +#: plugins/sudoers/auth/securid5.c:116 plugins/sudoers/auth/securid5.c:167 msgid "invalid username length for SecurID" msgstr "SecurID 的用户名长度无效" -#: plugins/sudoers/auth/securid5.c:115 plugins/sudoers/auth/securid5.c:167 +#: plugins/sudoers/auth/securid5.c:120 plugins/sudoers/auth/securid5.c:172 msgid "invalid Authentication Handle for SecurID" msgstr "SecurID 的认证句柄无效" -#: plugins/sudoers/auth/securid5.c:119 +#: plugins/sudoers/auth/securid5.c:124 msgid "SecurID communication failed" msgstr "SecurID 通讯失败" -#: plugins/sudoers/auth/securid5.c:123 plugins/sudoers/auth/securid5.c:210 +#: plugins/sudoers/auth/securid5.c:128 plugins/sudoers/auth/securid5.c:215 msgid "unknown SecurID error" msgstr "未知的 SecurID 错误" -#: plugins/sudoers/auth/securid5.c:157 +#: plugins/sudoers/auth/securid5.c:162 msgid "invalid passcode length for SecurID" msgstr "无效的 SecurID 密码长度" @@ -1103,7 +1557,19 @@ msgid "unable to commit audit record" msgstr "无法提交审核记录" -#: plugins/sudoers/check.c:258 +#: plugins/sudoers/check.c:264 +#, fuzzy, c-format +#| msgid "error reading timing file: %s" +msgid "error reading lecture file %s" +msgstr "读取时序文件出错:%s" + +#: plugins/sudoers/check.c:270 +#, fuzzy, c-format +#| msgid "%s is not a regular file" +msgid "ignoring lecture file %s: not a regular file" +msgstr "%s 不是常规文件" + +#: plugins/sudoers/check.c:283 msgid "" "\n" "We trust you have received the usual lecture from the local System\n" @@ -1123,118 +1589,122 @@ " #3) 权力越大,责任越大。\n" "\n" -#: plugins/sudoers/check.c:301 plugins/sudoers/check.c:311 -#: plugins/sudoers/sudoers.c:837 plugins/sudoers/sudoers.c:858 +#: plugins/sudoers/check.c:331 plugins/sudoers/check.c:341 +#: plugins/sudoers/sudoers.c:885 plugins/sudoers/sudoers.c:906 #: plugins/sudoers/tsdump.c:119 #, c-format -msgid "unknown uid: %u" -msgstr "未知的用户 ID:%u" +msgid "unknown uid %u" +msgstr "未知的用户 ID %u" -#: plugins/sudoers/check.c:306 plugins/sudoers/exptilde.c:85 -#: plugins/sudoers/iolog.c:118 plugins/sudoers/policy.c:1088 -#: plugins/sudoers/sudoers.c:440 plugins/sudoers/sudoers.c:1307 -#: plugins/sudoers/testsudoers.c:219 plugins/sudoers/testsudoers.c:386 +#: plugins/sudoers/check_aliases.c:92 #, c-format -msgid "unknown user: %s" -msgstr "未知用户:%s" +msgid "Error: %s:%d:%d: cycle in %s \"%s\"" +msgstr "错误:%s:%d:%d 在 %s “%s”中循环" -#: plugins/sudoers/cvtsudoers.c:194 +#: plugins/sudoers/check_aliases.c:93 +#, c-format +msgid "Warning: %s:%d:%d: cycle in %s \"%s\"" +msgstr "警告:%s:%d:%d 在 %s “%s”中循环" + +#: plugins/sudoers/check_aliases.c:97 +#, c-format +msgid "Error: %s:%d:%d: %s \"%s\" referenced but not defined" +msgstr "错误:%s:%d:%d:引用了 %s“%s”但尚未定义" + +#: plugins/sudoers/check_aliases.c:98 +#, c-format +msgid "Warning: %s:%d:%d: %s \"%s\" referenced but not defined" +msgstr "警告:%s:%d:%d:引用了 %s“%s”但尚未定义" + +#: plugins/sudoers/cvtsudoers.c:209 #, c-format msgid "order increment: %s: %s" msgstr "顺序增量:%s: %s" -#: plugins/sudoers/cvtsudoers.c:210 +#: plugins/sudoers/cvtsudoers.c:228 #, c-format msgid "starting order: %s: %s" msgstr "起始顺序:%s:%s" -#: plugins/sudoers/cvtsudoers.c:220 +#: plugins/sudoers/cvtsudoers.c:238 #, c-format msgid "order padding: %s: %s" msgstr "顺序填充:%s: %s" -#: plugins/sudoers/cvtsudoers.c:230 plugins/sudoers/visudo.c:179 +#: plugins/sudoers/cvtsudoers.c:248 plugins/sudoers/visudo.c:179 #, c-format msgid "%s grammar version %d\n" msgstr "%s 语法版本 %d\n" -#: plugins/sudoers/cvtsudoers.c:247 plugins/sudoers/testsudoers.c:167 +#: plugins/sudoers/cvtsudoers.c:277 plugins/sudoers/testsudoers.c:159 #, c-format msgid "unsupported input format %s" msgstr "不支持的输入格式 %s" -#: plugins/sudoers/cvtsudoers.c:262 +#: plugins/sudoers/cvtsudoers.c:295 #, c-format msgid "unsupported output format %s" msgstr "不支持的输出格式 %s" -#: plugins/sudoers/cvtsudoers.c:314 +#: plugins/sudoers/cvtsudoers.c:385 #, c-format msgid "%s: input and output files must be different" msgstr "%s:输入和输出文件不能相同" -#: plugins/sudoers/cvtsudoers.c:330 plugins/sudoers/sudoers.c:178 -#: plugins/sudoers/testsudoers.c:258 plugins/sudoers/visudo.c:249 -#: plugins/sudoers/visudo.c:603 plugins/sudoers/visudo.c:926 +#: plugins/sudoers/cvtsudoers.c:399 plugins/sudoers/sudoers.c:159 +#: plugins/sudoers/sudoers.c:205 plugins/sudoers/testsudoers.c:254 +#: plugins/sudoers/visudo.c:261 plugins/sudoers/visudo.c:620 +#: plugins/sudoers/visudo.c:953 msgid "unable to initialize sudoers default values" msgstr "无法初始化 sudoers 默认值" -#: plugins/sudoers/cvtsudoers.c:416 plugins/sudoers/ldap_conf.c:431 +#: plugins/sudoers/cvtsudoers.c:522 plugins/sudoers/ldap_conf.c:431 #, c-format msgid "%s: %s: %s: %s" msgstr "%s:%s:%s:%s" -#: plugins/sudoers/cvtsudoers.c:475 +#: plugins/sudoers/cvtsudoers.c:581 #, c-format -msgid "%s: unknown key word: %s" -msgstr "%s:未知的关键词:%s" +msgid "%s: unknown key word %s" +msgstr "%s:未知的关键词 %s" -#: plugins/sudoers/cvtsudoers.c:521 +#: plugins/sudoers/cvtsudoers.c:627 #, c-format msgid "invalid defaults type: %s" msgstr "无效的默认值类型:%s" -#: plugins/sudoers/cvtsudoers.c:544 +#: plugins/sudoers/cvtsudoers.c:650 #, c-format msgid "invalid suppression type: %s" msgstr "无效的压缩类型:%s" -#: plugins/sudoers/cvtsudoers.c:584 plugins/sudoers/cvtsudoers.c:598 +#: plugins/sudoers/cvtsudoers.c:691 plugins/sudoers/cvtsudoers.c:707 #, c-format msgid "invalid filter: %s" msgstr "无效的过滤器:%s" -#: plugins/sudoers/cvtsudoers.c:617 plugins/sudoers/cvtsudoers.c:634 -#: plugins/sudoers/cvtsudoers.c:1244 plugins/sudoers/cvtsudoers_json.c:872 -#: plugins/sudoers/cvtsudoers_ldif.c:688 plugins/sudoers/sudoers.c:1053 -#: plugins/sudoers/sudoreplay.c:1435 plugins/sudoers/timestamp.c:441 -#: plugins/sudoers/tsdump.c:128 plugins/sudoers/visudo.c:922 -#, c-format -msgid "unable to open %s" -msgstr "无法打开 %s" - -#: plugins/sudoers/cvtsudoers.c:637 plugins/sudoers/visudo.c:931 +#: plugins/sudoers/cvtsudoers.c:751 plugins/sudoers/visudo.c:958 #, c-format msgid "failed to parse %s file, unknown error" msgstr "解析 %s 文件失败,未知错误" -#: plugins/sudoers/cvtsudoers.c:645 +#: plugins/sudoers/cvtsudoers.c:759 #, c-format msgid "parse error in %s near line %d\n" msgstr "%s 中第 %d 行附近出现解析错误\n" -#: plugins/sudoers/cvtsudoers.c:648 +#: plugins/sudoers/cvtsudoers.c:762 #, c-format msgid "parse error in %s\n" msgstr "%s 中出现解析错误\n" -#: plugins/sudoers/cvtsudoers.c:1291 plugins/sudoers/sudoreplay.c:1124 -#: plugins/sudoers/timestamp.c:325 plugins/sudoers/timestamp.c:328 +#: plugins/sudoers/cvtsudoers.c:1486 plugins/sudoers/sudoreplay.c:1145 +#: plugins/sudoers/timestamp.c:317 plugins/sudoers/timestamp.c:320 #, c-format msgid "unable to write to %s" msgstr "无法写入 %s" -#: plugins/sudoers/cvtsudoers.c:1314 +#: plugins/sudoers/cvtsudoers.c:1509 #, c-format msgid "" "%s - convert between sudoers file formats\n" @@ -1243,7 +1713,7 @@ "%s - 转换 sudoers 文件格式\n" "\n" -#: plugins/sudoers/cvtsudoers.c:1316 +#: plugins/sudoers/cvtsudoers.c:1511 msgid "" "\n" "Options:\n" @@ -1283,33 +1753,77 @@ " -s, --suppress=sections 压缩某些部分的输出\n" " -V, --version 显示版本信息并退出" -#: plugins/sudoers/cvtsudoers_json.c:480 plugins/sudoers/cvtsudoers_json.c:514 -#: plugins/sudoers/cvtsudoers_json.c:713 -#, c-format -msgid "unknown defaults entry \"%s\"" -msgstr "未知的默认条目“%s”" - -#: plugins/sudoers/cvtsudoers_json.c:651 plugins/sudoers/cvtsudoers_json.c:664 -#: plugins/sudoers/cvtsudoers_ldif.c:346 plugins/sudoers/cvtsudoers_ldif.c:357 -#: plugins/sudoers/ldap.c:503 +#: plugins/sudoers/cvtsudoers_csv.c:452 plugins/sudoers/cvtsudoers_csv.c:466 +#: plugins/sudoers/cvtsudoers_json.c:654 plugins/sudoers/cvtsudoers_json.c:669 +#: plugins/sudoers/cvtsudoers_ldif.c:347 plugins/sudoers/cvtsudoers_ldif.c:360 +#: plugins/sudoers/ldap.c:504 msgid "unable to get GMT time" msgstr "无法获取 GMT 时间" -#: plugins/sudoers/cvtsudoers_json.c:654 plugins/sudoers/cvtsudoers_json.c:667 -#: plugins/sudoers/cvtsudoers_ldif.c:349 plugins/sudoers/cvtsudoers_ldif.c:360 -#: plugins/sudoers/ldap.c:509 +#: plugins/sudoers/cvtsudoers_csv.c:457 plugins/sudoers/cvtsudoers_csv.c:471 +#: plugins/sudoers/cvtsudoers_json.c:659 plugins/sudoers/cvtsudoers_json.c:674 +#: plugins/sudoers/cvtsudoers_ldif.c:352 plugins/sudoers/cvtsudoers_ldif.c:365 +#: plugins/sudoers/ldap.c:512 msgid "unable to format timestamp" msgstr "无法格式化时间戳" -#: plugins/sudoers/cvtsudoers_ldif.c:640 +#: plugins/sudoers/cvtsudoers_json.c:480 plugins/sudoers/cvtsudoers_json.c:515 +#: plugins/sudoers/cvtsudoers_json.c:725 plugins/sudoers/defaults.c:189 +#, c-format +msgid "%s:%d:%d: unknown defaults entry \"%s\"" +msgstr "%s:%d:%d:未知的默认条目“%s”" + +#: plugins/sudoers/cvtsudoers_ldif.c:649 #, c-format msgid "too many sudoers entries, maximum %u" msgstr "sudoers 条目过多,最多为 %u" -#: plugins/sudoers/cvtsudoers_ldif.c:683 +#: plugins/sudoers/cvtsudoers_ldif.c:692 msgid "the SUDOERS_BASE environment variable is not set and the -b option was not specified." msgstr "没有设置 SUDOERS_BASE 环境变量,并且没有指定 -b 选项。" +#: plugins/sudoers/cvtsudoers_merge.c:438 +#, c-format +msgid "unable to find alias %s" +msgstr "无法找到别名 %s" + +#: plugins/sudoers/cvtsudoers_merge.c:441 +#, fuzzy, c-format +#| msgid "%s:%d no value specified for \"%s\"" +msgid "%s:%d:%d: renaming alias %s to %s" +msgstr "%s:%d 没有给“%s”指定值" + +#: plugins/sudoers/cvtsudoers_merge.c:498 +#, c-format +msgid "%s:%d:%d: removing duplicate alias %s" +msgstr "" + +#: plugins/sudoers/cvtsudoers_merge.c:658 +#, c-format +msgid "%s:%d:%d: conflicting Defaults entry \"%s\" host-specific in %s:%d:%d" +msgstr "" + +#: plugins/sudoers/cvtsudoers_merge.c:698 +#, fuzzy, c-format +#| msgid "%s:%d invalid Defaults type 0x%x for option \"%s\"" +msgid "%s:%d:%d: made Defaults \"%s\" specific to host %s" +msgstr "%1$s:%2$d 选项“%4$s”的默认类型 0x%3$x 无效" + +#: plugins/sudoers/cvtsudoers_merge.c:718 +#, c-format +msgid "%s:%d:%d: removing Defaults \"%s\" overridden by subsequent entries" +msgstr "" + +#: plugins/sudoers/cvtsudoers_merge.c:723 +#, c-format +msgid "%s:%d:%d: unable to make Defaults \"%s\" host-specific" +msgstr "" + +#: plugins/sudoers/cvtsudoers_merge.c:943 +#, c-format +msgid "%s:%d:%d: removing userspec overridden by subsequent entries" +msgstr "" + #: plugins/sudoers/def_data.c:50 #, c-format msgid "Syslog facility if syslog is being used for logging: %s" @@ -1892,103 +2406,201 @@ msgid "The format of logs to produce: %s" msgstr "要产生日志的格式:%s" -#: plugins/sudoers/defaults.c:185 -#, fuzzy, c-format -#| msgid "%s:%d: unknown defaults entry \"%s\"" -msgid "%s:%d:%d: unknown defaults entry \"%s\"" -msgstr "%s:%d:未知的默认条目“%s”" +#: plugins/sudoers/def_data.c:574 +msgid "Enable SELinux RBAC support" +msgstr "启用 SELinux RBAC 支持" + +#: plugins/sudoers/def_data.c:578 +#, c-format +msgid "Path to the file that is created the first time sudo is run: %s" +msgstr "" + +#: plugins/sudoers/def_data.c:582 +msgid "Intercept further commands and apply sudoers restrictions to them" +msgstr "" + +#: plugins/sudoers/def_data.c:586 +msgid "Log sub-commands run by the original command" +msgstr "记录原始命令所执行的子命令" + +#: plugins/sudoers/def_data.c:590 +msgid "Log the exit status of commands" +msgstr "记录所执行命令的返回状态值" + +#: plugins/sudoers/def_data.c:594 +msgid "Subsequent commands in an intercepted session must be authenticated" +msgstr "" + +#: plugins/sudoers/def_data.c:598 +msgid "Allow an intercepted command to run set setuid or setgid programs" +msgstr "" + +#: plugins/sudoers/def_data.c:602 +#, c-format +msgid "The maximum size to which the process's address space may grow (in bytes): %s" +msgstr "" + +#: plugins/sudoers/def_data.c:606 +#, c-format +msgid "The largest size core dump file that may be created (in bytes): %s" +msgstr "" -#: plugins/sudoers/defaults.c:188 +#: plugins/sudoers/def_data.c:610 +#, c-format +msgid "The maximum amount of CPU time that the process may use (in seconds): %s" +msgstr "" + +#: plugins/sudoers/def_data.c:614 +#, c-format +msgid "The maximum size of the data segment for the process (in bytes): %s" +msgstr "" + +#: plugins/sudoers/def_data.c:618 +#, c-format +msgid "The largest size file that the process may create (in bytes): %s" +msgstr "" + +#: plugins/sudoers/def_data.c:622 +#, c-format +msgid "The maximum number of locks that the process may establish: %s" +msgstr "" + +#: plugins/sudoers/def_data.c:626 +#, c-format +msgid "The maximum size that the process may lock in memory (in bytes): %s" +msgstr "" + +#: plugins/sudoers/def_data.c:630 +#, c-format +msgid "The maximum number of files that the process may have open: %s" +msgstr "" + +#: plugins/sudoers/def_data.c:634 +#, c-format +msgid "The maximum number of processes that the user may run simultaneously: %s" +msgstr "" + +#: plugins/sudoers/def_data.c:638 +#, c-format +msgid "The maximum size to which the process's resident set size may grow (in bytes): %s" +msgstr "" + +#: plugins/sudoers/def_data.c:642 +#, c-format +msgid "The maximum size to which the process's stack may grow (in bytes): %s" +msgstr "" + +#: plugins/sudoers/defaults.c:192 #, c-format msgid "%s: unknown defaults entry \"%s\"" msgstr "%s:未知的默认条目“%s”" -#: plugins/sudoers/defaults.c:234 -#, fuzzy, c-format -#| msgid "%s:%d no value specified for \"%s\"" +#: plugins/sudoers/defaults.c:241 +#, c-format msgid "%s:%d:%d: no value specified for \"%s\"" -msgstr "%s:%d 没有给“%s”指定值" +msgstr "%s:%d:%d:没有为“%s”指定值" -#: plugins/sudoers/defaults.c:237 +#: plugins/sudoers/defaults.c:244 #, c-format msgid "%s: no value specified for \"%s\"" msgstr "%s:没有给“%s”指定值" -#: plugins/sudoers/defaults.c:275 +#: plugins/sudoers/defaults.c:257 #, fuzzy, c-format -#| msgid "%s:%d option \"%s\" does not take a value" +#| msgid "%s:%d no value specified for \"%s\"" +msgid "%s:%d:%d: invalid operator \"%c=\" for \"%s\"" +msgstr "%s:%d 没有给“%s”指定值" + +#: plugins/sudoers/defaults.c:260 +#, fuzzy, c-format +#| msgid "%s: invalid Defaults type 0x%x for option \"%s\"" +msgid "%s: invalid operator \"%c=\" for \"%s\"" +msgstr "%1$s:选项“%3$s”的默认类型 0x%2$x 无效" + +#: plugins/sudoers/defaults.c:296 +#, c-format msgid "%s:%d:%d: option \"%s\" does not take a value" -msgstr "%s:%d “%s”选项不带值" +msgstr "%s:%d:%d:选项“%s”不接受值" -#: plugins/sudoers/defaults.c:278 +#: plugins/sudoers/defaults.c:299 #, c-format msgid "%s: option \"%s\" does not take a value" -msgstr "%s:“%s”选项不带值" +msgstr "%s:“%s”选项不接受值" -#: plugins/sudoers/defaults.c:303 +#: plugins/sudoers/defaults.c:327 #, fuzzy, c-format #| msgid "%s:%d invalid Defaults type 0x%x for option \"%s\"" msgid "%s:%d:%d: invalid Defaults type 0x%x for option \"%s\"" msgstr "%1$s:%2$d 选项“%4$s”的默认类型 0x%3$x 无效" -#: plugins/sudoers/defaults.c:306 +#: plugins/sudoers/defaults.c:330 #, c-format msgid "%s: invalid Defaults type 0x%x for option \"%s\"" msgstr "%1$s:选项“%3$s”的默认类型 0x%2$x 无效" -#: plugins/sudoers/defaults.c:316 +#: plugins/sudoers/defaults.c:340 #, fuzzy, c-format #| msgid "%s:%d value \"%s\" is invalid for option \"%s\"" msgid "%s:%d:%d: value \"%s\" is invalid for option \"%s\"" msgstr "%1$s:%2$d 值“%3$s”对选项“%4$s”无效" -#: plugins/sudoers/defaults.c:319 +#: plugins/sudoers/defaults.c:343 #, c-format msgid "%s: value \"%s\" is invalid for option \"%s\"" msgstr "%s:值“%s”对选项“%s”无效" -#: plugins/sudoers/defaults.c:1030 +#: plugins/sudoers/defaults.c:1124 +#, c-format +msgid "%s:%d:%d: path name for \"%s\" too long" +msgstr "%s:%d:%d:“%s”的路径名过长" + +#: plugins/sudoers/defaults.c:1127 +#, c-format +msgid "%s: path name for \"%s\" too long" +msgstr "%s:“%s”的路径名过长" + +#: plugins/sudoers/defaults.c:1138 #, fuzzy, c-format #| msgid "%s:%d values for \"%s\" must start with a '/'" msgid "%s:%d:%d: values for \"%s\" must start with a '/', '~', or '*'" msgstr "%s:%d “%s”的值必须以“/”开头" -#: plugins/sudoers/defaults.c:1034 +#: plugins/sudoers/defaults.c:1142 #, fuzzy, c-format #| msgid "%s: values for \"%s\" must start with a '/'" msgid "%s: values for \"%s\" must start with a '/', '~', or '*'" msgstr "%s:“%s”的值必须以“/”开头" -#: plugins/sudoers/defaults.c:1045 +#: plugins/sudoers/defaults.c:1153 #, fuzzy, c-format #| msgid "%s:%d values for \"%s\" must start with a '/'" msgid "%s:%d:%d: values for \"%s\" must start with a '/'" msgstr "%s:%d “%s”的值必须以“/”开头" -#: plugins/sudoers/defaults.c:1049 +#: plugins/sudoers/defaults.c:1157 #, c-format msgid "%s: values for \"%s\" must start with a '/'" msgstr "%s:“%s”的值必须以“/”开头" -#: plugins/sudoers/env.c:405 +#: plugins/sudoers/env.c:412 msgid "sudo_putenv: corrupted envp, length mismatch" msgstr "sudo_putenv:envp 损坏,长度不符" -#: plugins/sudoers/env.c:1133 +#: plugins/sudoers/env.c:1095 msgid "unable to rebuild the environment" msgstr "无法重建环境" -#: plugins/sudoers/env.c:1207 +#: plugins/sudoers/env.c:1169 #, c-format msgid "sorry, you are not allowed to set the following environment variables: %s" msgstr "对不起,您无权设置以下环境变量:%s" -#: plugins/sudoers/file.c:107 +#: plugins/sudoers/file.c:108 #, c-format msgid "parse error in %s near line %d" msgstr "%s 中第 %d 行附近有解析错误" -#: plugins/sudoers/file.c:110 +#: plugins/sudoers/file.c:111 #, c-format msgid "parse error in %s" msgstr "%s 中出现解析错误" @@ -2013,7 +2625,7 @@ msgid "%s must only be writable by owner" msgstr "%s 必须只对所有者可写" -#: plugins/sudoers/group_plugin.c:96 plugins/sudoers/sssd.c:569 +#: plugins/sudoers/group_plugin.c:96 plugins/sudoers/sssd.c:566 #, c-format msgid "unable to load %s: %s" msgstr "无法加载 %s:%s" @@ -2028,56 +2640,51 @@ msgid "%s: incompatible group plugin major version %d, expected %d" msgstr "%s:不兼容的组插件主版本号 %d,应为 %d" -#: plugins/sudoers/interfaces.c:80 plugins/sudoers/interfaces.c:97 +#: plugins/sudoers/interfaces.c:76 plugins/sudoers/interfaces.c:93 #, c-format msgid "unable to parse IP address \"%s\"" msgstr "无法解析 IP 地址列表“%s”" -#: plugins/sudoers/interfaces.c:85 plugins/sudoers/interfaces.c:102 +#: plugins/sudoers/interfaces.c:81 plugins/sudoers/interfaces.c:98 #, c-format msgid "unable to parse netmask \"%s\"" msgstr "无法解析网络掩码“%s”" -#: plugins/sudoers/interfaces.c:130 +#: plugins/sudoers/interfaces.c:126 msgid "Local IP address and netmask pairs:\n" msgstr "本地 IP 地址和网络掩码对:\n" -#: plugins/sudoers/iolog.c:143 plugins/sudoers/sudoers.c:445 -#: plugins/sudoers/sudoers.c:1341 plugins/sudoers/testsudoers.c:410 -#, c-format -msgid "unknown group: %s" -msgstr "未知组:%s" - -#: plugins/sudoers/iolog.c:622 +#: plugins/sudoers/iolog.c:626 msgid "unable to update sequence file" msgstr "无法更新序列文件" -#: plugins/sudoers/iolog.c:653 plugins/sudoers/iolog.c:841 -#: plugins/sudoers/iolog.c:994 plugins/sudoers/iolog.c:1001 -#: plugins/sudoers/iolog.c:1122 plugins/sudoers/iolog.c:1129 -#: plugins/sudoers/iolog.c:1228 plugins/sudoers/iolog.c:1235 +#: plugins/sudoers/iolog.c:660 plugins/sudoers/iolog.c:848 +#: plugins/sudoers/iolog.c:1001 plugins/sudoers/iolog.c:1008 +#: plugins/sudoers/iolog.c:1129 plugins/sudoers/iolog.c:1136 +#: plugins/sudoers/iolog.c:1235 plugins/sudoers/iolog.c:1242 #, c-format msgid "unable to write to I/O log file: %s" msgstr "无法写入 I/O 日志文件:%s" -#: plugins/sudoers/iolog.c:661 +#: plugins/sudoers/iolog.c:668 #, c-format msgid "unable to create %s/%s" msgstr "无法创建 %s/%s" -#: plugins/sudoers/iolog.c:886 +#: plugins/sudoers/iolog.c:893 #, c-format msgid "%s: internal error, I/O log file for event %d not open" msgstr "%s:内部错误,事件 %d 的 I/O 日志文件未打开" -#: plugins/sudoers/iolog.c:979 plugins/sudoers/iolog.c:1107 -#: plugins/sudoers/iolog.c:1212 plugins/sudoers/timestamp.c:855 -#: plugins/sudoers/timestamp.c:947 plugins/sudoers/visudo.c:493 -#: plugins/sudoers/visudo.c:499 +#: plugins/sudoers/iolog.c:986 plugins/sudoers/iolog.c:1114 +#: plugins/sudoers/iolog.c:1219 plugins/sudoers/timestamp.c:849 +#: plugins/sudoers/timestamp.c:941 plugins/sudoers/visudo.c:510 +#: plugins/sudoers/visudo.c:516 msgid "unable to read the clock" msgstr "无法读取时钟" -#: plugins/sudoers/iolog.c:1204 plugins/sudoers/log_client.c:1193 +#: plugins/sudoers/iolog.c:1211 plugins/sudoers/log_client.c:1221 +#: plugins/sudoers/log_client.c:1231 plugins/sudoers/log_client.c:1235 #, c-format msgid "%s: internal error, invalid signal %d" msgstr "%s:内部错误,信号 %d 无效" @@ -2096,16 +2703,16 @@ msgid "you must set TLS_CERT in %s to use SSL" msgstr "要使用 SSL,您必须在 %s 中设置 TLS_CERT" -#: plugins/sudoers/ldap.c:1660 +#: plugins/sudoers/ldap.c:1663 #, c-format msgid "unable to initialize LDAP: %s" msgstr "无法初始化 LDAP:%s" -#: plugins/sudoers/ldap.c:1697 +#: plugins/sudoers/ldap.c:1700 msgid "start_tls specified but LDAP libs do not support ldap_start_tls_s() or ldap_start_tls_s_np()" msgstr "指定了 start_tls,但 LDAP 库不支持 ldap_start_tls_s() 或 ldap_start_tls_s_np()" -#: plugins/sudoers/ldap.c:1834 plugins/sudoers/parse_ldif.c:744 +#: plugins/sudoers/ldap.c:1837 plugins/sudoers/parse_ldif.c:747 #, c-format msgid "invalid sudoOrder attribute: %s" msgstr "无效的 sudoOrder 属性:%s" @@ -2124,100 +2731,132 @@ msgid "unable to mix ldap and ldaps URIs" msgstr "无法混合 ldap 和 ldaps URI" -#: plugins/sudoers/ldap_util.c:553 plugins/sudoers/ldap_util.c:555 +#: plugins/sudoers/ldap_util.c:498 plugins/sudoers/ldap_util.c:505 +#: plugins/sudoers/ldap_util.c:513 plugins/sudoers/ldap_util.c:522 +#: plugins/sudoers/ldap_util.c:530 plugins/sudoers/ldap_util.c:540 +#: plugins/sudoers/ldap_util.c:548 +#, c-format +msgid "duplicate sudoOption: %s%s%s" +msgstr "重复的 sudoOption: %s%s%s" + +#: plugins/sudoers/ldap_util.c:567 plugins/sudoers/ldap_util.c:569 #, c-format msgid "unable to convert sudoOption: %s%s%s" msgstr "无法转换 sudoOption: %s%s%s" -#: plugins/sudoers/linux_audit.c:58 +#: plugins/sudoers/linux_audit.c:58 plugins/sudoers/linux_audit.c:60 msgid "unable to open audit system" msgstr "无法打开审核系统" -#: plugins/sudoers/linux_audit.c:101 +#: plugins/sudoers/linux_audit.c:103 msgid "unable to send audit message" msgstr "无法发送审核消息" -#: plugins/sudoers/log_client.c:113 plugins/sudoers/log_client.c:391 -#: plugins/sudoers/log_client.c:1431 plugins/sudoers/log_client.c:2023 +#: plugins/sudoers/log_client.c:120 plugins/sudoers/log_client.c:400 +#: plugins/sudoers/log_client.c:1468 plugins/sudoers/log_client.c:2070 msgid "error in event loop" msgstr "事件循环中出错" -#: plugins/sudoers/log_client.c:193 +#: plugins/sudoers/log_client.c:200 #, c-format msgid "Creation of new SSL_CTX object failed: %s" msgstr "创建新的 SSL_CTX 对象失败:%s" -#: plugins/sudoers/log_client.c:345 plugins/sudoers/log_client.c:350 +#: plugins/sudoers/log_client.c:223 +#, c-format +msgid "unable to load certificate authority bundle %s" +msgstr "无法加载数字证书认证机构集合(CA bundle) %s" + +#: plugins/sudoers/log_client.c:243 +#, c-format +msgid "unable to load certificate %s" +msgstr "无法加载证书 %s" + +#: plugins/sudoers/log_client.c:256 +#, c-format +msgid "unable to load private key %s" +msgstr "无法加载私钥 %s" + +#: plugins/sudoers/log_client.c:265 +#, c-format +msgid "Unable to allocate ssl object: %s" +msgstr "无法分配 ssl 对象:%s" + +#: plugins/sudoers/log_client.c:353 plugins/sudoers/log_client.c:358 #, c-format msgid "TLS connection to %s:%s failed: %s" msgstr "到 %s:%s 的 TLS 连接失败:%s" -#: plugins/sudoers/log_client.c:519 +#: plugins/sudoers/log_client.c:531 msgid "TLS initialization was unsuccessful" msgstr "TLS 初始化不成功" -#: plugins/sudoers/log_client.c:528 +#: plugins/sudoers/log_client.c:541 msgid "TLS handshake was unsuccessful" msgstr "TLS 握手不成功" -#: plugins/sudoers/log_client.c:1202 +#: plugins/sudoers/log_client.c:1239 #, c-format msgid "%s: internal error, invalid exit status %d" msgstr "%s:内部错误,无效的退出状态 %d" -#: plugins/sudoers/log_client.c:1738 +#: plugins/sudoers/log_client.c:1608 +msgid "unable to unpack ServerMessage" +msgstr "无法解包 ServerMessage" + +#: plugins/sudoers/log_client.c:1763 plugins/sudoers/log_client.c:1787 msgid "lost connection to log server" msgstr "丢失了到日志服务器的连接" -#: plugins/sudoers/log_client.c:1815 +#: plugins/sudoers/log_client.c:1864 msgid "missing write buffer" msgstr "缺失写缓冲" -#: plugins/sudoers/log_client.c:1964 +#: plugins/sudoers/log_client.c:2011 msgid "unable to connect to log server" msgstr "无法连接到日志服务器" -#: plugins/sudoers/logging.c:244 +#: plugins/sudoers/logging.c:286 msgid "user NOT in sudoers" msgstr "用户不在 sudoers 中" -#: plugins/sudoers/logging.c:246 +#: plugins/sudoers/logging.c:288 msgid "user NOT authorized on host" msgstr "用户未获得此主机上的授权" -#: plugins/sudoers/logging.c:248 +#: plugins/sudoers/logging.c:290 msgid "command not allowed" msgstr "命令禁止使用" -#: plugins/sudoers/logging.c:269 +#: plugins/sudoers/logging.c:311 #, c-format msgid "%s is not in the sudoers file. This incident will be reported.\n" msgstr "%s 不在 sudoers 文件中。此事将被报告。\n" -#: plugins/sudoers/logging.c:272 +#: plugins/sudoers/logging.c:314 #, c-format msgid "%s is not allowed to run sudo on %s. This incident will be reported.\n" msgstr "%s 无权在 %s 上运行 sudo。此事将被报告。\n" -#: plugins/sudoers/logging.c:276 +#: plugins/sudoers/logging.c:318 #, c-format msgid "Sorry, user %s may not run sudo on %s.\n" msgstr "对不起,用户 %s 不能在 %s 上运行 sudo。\n" -#: plugins/sudoers/logging.c:279 +#: plugins/sudoers/logging.c:321 #, c-format msgid "Sorry, user %s is not allowed to execute '%s%s%s' as %s%s%s on %s.\n" msgstr "对不起,用户 %1$s 无权以 %5$s%6$s%7$s 的身份在 %8$s 上执行 %2$s%3$s%4$s。\n" -#: plugins/sudoers/logging.c:316 plugins/sudoers/sudoers.c:583 -#: plugins/sudoers/sudoers.c:585 plugins/sudoers/sudoers.c:587 -#: plugins/sudoers/sudoers.c:589 plugins/sudoers/sudoers.c:739 -#: plugins/sudoers/sudoers.c:741 +#: plugins/sudoers/logging.c:358 plugins/sudoers/sudoers.c:629 +#: plugins/sudoers/sudoers.c:631 plugins/sudoers/sudoers.c:633 +#: plugins/sudoers/sudoers.c:635 plugins/sudoers/sudoers.c:785 +#: plugins/sudoers/sudoers.c:787 #, c-format msgid "%s: command not found" msgstr "%s:找不到命令" -#: plugins/sudoers/logging.c:318 plugins/sudoers/sudoers.c:579 +#: plugins/sudoers/logging.c:360 plugins/sudoers/sudoers.c:625 #, c-format msgid "" "ignoring \"%s\" found in '.'\n" @@ -2226,26 +2865,21 @@ "忽略在“.”中找到的“%s”\n" "请使用“sudo ./%s”,如果这是您想运行的“%s”。" -#: plugins/sudoers/logging.c:337 +#: plugins/sudoers/logging.c:379 #, c-format msgid "%u incorrect password attempt" msgid_plural "%u incorrect password attempts" msgstr[0] "%u 次错误密码尝试" -#: plugins/sudoers/logging.c:393 +#: plugins/sudoers/logging.c:435 msgid "authentication failure" msgstr "认证失败" -#: plugins/sudoers/logging.c:433 plugins/sudoers/logging.c:453 +#: plugins/sudoers/logging.c:475 plugins/sudoers/logging.c:495 msgid "a password is required" msgstr "需要密码" -#: plugins/sudoers/logging.c:729 -#, c-format -msgid "unable to open log file: %s" -msgstr "无法打开日志文件:%s" - -#: plugins/sudoers/logging.c:762 +#: plugins/sudoers/logging.c:889 #, c-format msgid "unable to write log file: %s" msgstr "无法写入日志文件: %s" @@ -2255,7 +2889,15 @@ msgid "digest for %s (%s) is not in %s form" msgstr "%s(%s) 的摘要不是 %s 形式" -#: plugins/sudoers/parse.c:518 +#: plugins/sudoers/parse.c:233 +msgid "SELinux RBAC is not supported when intercept mode is enabled" +msgstr "" + +#: plugins/sudoers/parse.c:238 +msgid "SELinux RBAC is not supported when the log_subcmds flag is enabled" +msgstr "在 log_subcmds 启用时不支持 SELinux RBAC" + +#: plugins/sudoers/parse.c:549 #, c-format msgid "" "\n" @@ -2264,7 +2906,7 @@ "\n" "LDAP 角色:%s\n" -#: plugins/sudoers/parse.c:521 +#: plugins/sudoers/parse.c:552 msgid "" "\n" "Sudoers entry:\n" @@ -2272,104 +2914,116 @@ "\n" "Sudoers 条目:\n" -#: plugins/sudoers/parse.c:523 +#: plugins/sudoers/parse.c:554 msgid " RunAsUsers: " msgstr " RunAs 用户:" -#: plugins/sudoers/parse.c:538 +#: plugins/sudoers/parse.c:569 msgid " RunAsGroups: " msgstr " RunAs 组:" -#: plugins/sudoers/parse.c:548 +#: plugins/sudoers/parse.c:579 msgid " Options: " msgstr " 选项:" -#: plugins/sudoers/parse.c:602 +#: plugins/sudoers/parse.c:643 msgid " Commands:\n" msgstr " 命令:\n" -#: plugins/sudoers/parse.c:793 +#: plugins/sudoers/parse.c:834 #, c-format msgid "Matching Defaults entries for %s on %s:\n" msgstr "匹配 %2$s 上 %1$s 的默认条目:\n" -#: plugins/sudoers/parse.c:811 +#: plugins/sudoers/parse.c:852 #, c-format msgid "Runas and Command-specific defaults for %s:\n" msgstr "%s Runas 和命令特定的默认值:\n" -#: plugins/sudoers/parse.c:829 +#: plugins/sudoers/parse.c:870 #, c-format msgid "User %s may run the following commands on %s:\n" msgstr "用户 %s 可以在 %s 上运行以下命令:\n" -#: plugins/sudoers/parse.c:844 +#: plugins/sudoers/parse.c:885 #, c-format msgid "User %s is not allowed to run sudo on %s.\n" msgstr "用户 %s 无权在 %s 上运行 sudo。\n" -#: plugins/sudoers/parse_ldif.c:614 +#: plugins/sudoers/parse_ldif.c:617 #, c-format msgid "ignoring incomplete sudoRole: cn: %s" msgstr "将忽略不完整的 sudoRole:cn:%s" -#: plugins/sudoers/parse_ldif.c:674 +#: plugins/sudoers/parse_ldif.c:677 #, c-format msgid "invalid LDIF attribute: %s" msgstr "无效的 LDIF 属性:%s" -#: plugins/sudoers/policy.c:78 plugins/sudoers/policy.c:102 +#: plugins/sudoers/policy.c:80 plugins/sudoers/policy.c:111 #, c-format msgid "invalid %.*s set by sudo front-end" msgstr "sudo 前端设置了无效的 %.*s" -#: plugins/sudoers/policy.c:310 plugins/sudoers/testsudoers.c:272 +#: plugins/sudoers/policy.c:206 plugins/sudoers/policy.c:215 +#, c-format +msgid "path name for \"%s\" too long" +msgstr "" + +#: plugins/sudoers/policy.c:328 plugins/sudoers/testsudoers.c:268 msgid "unable to parse network address list" msgstr "无法解析网络地址列表" -#: plugins/sudoers/policy.c:455 +#: plugins/sudoers/policy.c:479 msgid "user name not set by sudo front-end" msgstr "用户名未通过 sudo 前端设置" -#: plugins/sudoers/policy.c:459 +#: plugins/sudoers/policy.c:483 msgid "user-ID not set by sudo front-end" msgstr "用户 ID 未通过 sudo 前端设置" -#: plugins/sudoers/policy.c:463 +#: plugins/sudoers/policy.c:487 msgid "group-ID not set by sudo front-end" msgstr "组 ID 未通过 sudo 前端设置" -#: plugins/sudoers/policy.c:467 +#: plugins/sudoers/policy.c:491 msgid "host name not set by sudo front-end" msgstr "主机名未通过 sudo 前端设置" -#: plugins/sudoers/policy.c:643 +#: plugins/sudoers/policy.c:693 #, c-format msgid "invalid working directory: %s" msgstr "无效的工作目录:%s" -#: plugins/sudoers/policy.c:811 +#: plugins/sudoers/policy.c:869 #, c-format msgid "invalid chroot directory: %s" msgstr "无法的 chroot 目录:%s" -#: plugins/sudoers/policy.c:947 plugins/sudoers/visudo.c:231 -#: plugins/sudoers/visudo.c:860 +#: plugins/sudoers/policy.c:1051 plugins/sudoers/visudo.c:243 +#: plugins/sudoers/visudo.c:880 #, c-format msgid "unable to execute %s" msgstr "无法执行 %s" -#: plugins/sudoers/policy.c:1111 +#: plugins/sudoers/policy.c:1121 plugins/sudoers/policy.c:1158 +#: plugins/sudoers/policy.c:1180 plugins/sudoers/policy.c:1206 +#, fuzzy, c-format +#| msgid "invalid %.*s set by sudo front-end" +msgid "%s: invalid mode flags from sudo front end: 0x%x" +msgstr "sudo 前端设置了无效的 %.*s" + +#: plugins/sudoers/policy.c:1237 #, c-format msgid "Sudoers policy plugin version %s\n" msgstr "Sudoers 策略插件版本 %s\n" -#: plugins/sudoers/policy.c:1113 +#: plugins/sudoers/policy.c:1239 #, c-format msgid "Sudoers file grammar version %d\n" msgstr "Sudoers 文件语法版本 %d\n" -#: plugins/sudoers/policy.c:1117 +#: plugins/sudoers/policy.c:1243 #, c-format msgid "" "\n" @@ -2378,132 +3032,137 @@ "\n" "Sudoers 路径:%s\n" -#: plugins/sudoers/policy.c:1120 +#: plugins/sudoers/policy.c:1246 #, c-format msgid "nsswitch path: %s\n" msgstr "nsswitch 路径:%s\n" -#: plugins/sudoers/policy.c:1122 +#: plugins/sudoers/policy.c:1248 #, c-format msgid "ldap.conf path: %s\n" msgstr "ldap.conf 路径:%s\n" -#: plugins/sudoers/policy.c:1123 +#: plugins/sudoers/policy.c:1249 #, c-format msgid "ldap.secret path: %s\n" msgstr "ldap.secret 路径:%s\n" -#: plugins/sudoers/policy.c:1156 +#: plugins/sudoers/policy.c:1282 #, c-format msgid "unable to register hook of type %d (version %d.%d)" msgstr "无法注册类型为 %d 的钩子(hook)(版本 %d.%d)" -#: plugins/sudoers/pwutil.c:217 plugins/sudoers/pwutil.c:235 +#: plugins/sudoers/policy.c:1300 +#, c-format +msgid "unable to deregister hook of type %d (version %d.%d)" +msgstr "无法取消注册类型为 %d 的钩子(hook)(版本 %d.%d)" + +#: plugins/sudoers/pwutil.c:222 plugins/sudoers/pwutil.c:240 #, c-format msgid "unable to cache uid %u" msgstr "无法缓存用户 ID %u" -#: plugins/sudoers/pwutil.c:229 +#: plugins/sudoers/pwutil.c:234 #, c-format msgid "unable to cache uid %u, already exists" msgstr "无法缓存用户 ID %u,已存在" -#: plugins/sudoers/pwutil.c:289 plugins/sudoers/pwutil.c:307 -#: plugins/sudoers/pwutil.c:370 plugins/sudoers/pwutil.c:415 +#: plugins/sudoers/pwutil.c:294 plugins/sudoers/pwutil.c:312 +#: plugins/sudoers/pwutil.c:375 plugins/sudoers/pwutil.c:420 #, c-format msgid "unable to cache user %s" msgstr "无法缓存用户 %s" -#: plugins/sudoers/pwutil.c:302 +#: plugins/sudoers/pwutil.c:307 #, c-format msgid "unable to cache user %s, already exists" msgstr "无法缓存用户 %s,已存在" -#: plugins/sudoers/pwutil.c:534 plugins/sudoers/pwutil.c:552 +#: plugins/sudoers/pwutil.c:539 plugins/sudoers/pwutil.c:557 #, c-format msgid "unable to cache gid %u" msgstr "无法缓存组 ID %u" -#: plugins/sudoers/pwutil.c:546 +#: plugins/sudoers/pwutil.c:551 #, c-format msgid "unable to cache gid %u, already exists" msgstr "无法缓存组 ID %u,已存在" -#: plugins/sudoers/pwutil.c:599 plugins/sudoers/pwutil.c:617 -#: plugins/sudoers/pwutil.c:665 plugins/sudoers/pwutil.c:707 +#: plugins/sudoers/pwutil.c:605 plugins/sudoers/pwutil.c:623 +#: plugins/sudoers/pwutil.c:684 plugins/sudoers/pwutil.c:733 #, c-format msgid "unable to cache group %s" msgstr "无法缓存组 %s" -#: plugins/sudoers/pwutil.c:612 +#: plugins/sudoers/pwutil.c:618 #, c-format msgid "unable to cache group %s, already exists" msgstr "无法缓存组 %s,已存在" -#: plugins/sudoers/pwutil.c:834 plugins/sudoers/pwutil.c:885 -#: plugins/sudoers/pwutil.c:935 plugins/sudoers/pwutil.c:987 +#: plugins/sudoers/pwutil.c:880 plugins/sudoers/pwutil.c:931 +#: plugins/sudoers/pwutil.c:981 plugins/sudoers/pwutil.c:1033 #, c-format msgid "unable to cache group list for %s, already exists" msgstr "无法缓存组列表 %s,已存在" -#: plugins/sudoers/pwutil.c:840 plugins/sudoers/pwutil.c:890 -#: plugins/sudoers/pwutil.c:941 plugins/sudoers/pwutil.c:992 +#: plugins/sudoers/pwutil.c:886 plugins/sudoers/pwutil.c:936 +#: plugins/sudoers/pwutil.c:987 plugins/sudoers/pwutil.c:1038 #, c-format msgid "unable to cache group list for %s" msgstr "无法缓存组列表 %s" -#: plugins/sudoers/pwutil.c:879 +#: plugins/sudoers/pwutil.c:925 #, c-format msgid "unable to parse groups for %s" msgstr "无法对 %s 解析组" -#: plugins/sudoers/pwutil.c:981 +#: plugins/sudoers/pwutil.c:1027 #, c-format msgid "unable to parse gids for %s" msgstr "无法解析 %s 的组 ID" -#: plugins/sudoers/set_perms.c:114 plugins/sudoers/set_perms.c:441 -#: plugins/sudoers/set_perms.c:844 plugins/sudoers/set_perms.c:1150 -#: plugins/sudoers/set_perms.c:1444 +#: plugins/sudoers/set_perms.c:114 plugins/sudoers/set_perms.c:445 +#: plugins/sudoers/set_perms.c:852 plugins/sudoers/set_perms.c:1162 +#: plugins/sudoers/set_perms.c:1460 msgid "perm stack overflow" msgstr "权限堆栈上溢" -#: plugins/sudoers/set_perms.c:122 plugins/sudoers/set_perms.c:372 -#: plugins/sudoers/set_perms.c:449 plugins/sudoers/set_perms.c:711 -#: plugins/sudoers/set_perms.c:852 plugins/sudoers/set_perms.c:1074 -#: plugins/sudoers/set_perms.c:1158 plugins/sudoers/set_perms.c:1377 -#: plugins/sudoers/set_perms.c:1452 plugins/sudoers/set_perms.c:1542 +#: plugins/sudoers/set_perms.c:125 plugins/sudoers/set_perms.c:376 +#: plugins/sudoers/set_perms.c:456 plugins/sudoers/set_perms.c:719 +#: plugins/sudoers/set_perms.c:863 plugins/sudoers/set_perms.c:1086 +#: plugins/sudoers/set_perms.c:1173 plugins/sudoers/set_perms.c:1393 +#: plugins/sudoers/set_perms.c:1471 plugins/sudoers/set_perms.c:1562 msgid "perm stack underflow" msgstr "权限堆栈下溢" -#: plugins/sudoers/set_perms.c:181 plugins/sudoers/set_perms.c:495 -#: plugins/sudoers/set_perms.c:1211 plugins/sudoers/set_perms.c:1485 +#: plugins/sudoers/set_perms.c:185 plugins/sudoers/set_perms.c:503 +#: plugins/sudoers/set_perms.c:1227 plugins/sudoers/set_perms.c:1505 msgid "unable to change to root gid" msgstr "无法切换为 root 组 ID" -#: plugins/sudoers/set_perms.c:272 plugins/sudoers/set_perms.c:592 -#: plugins/sudoers/set_perms.c:983 plugins/sudoers/set_perms.c:1288 +#: plugins/sudoers/set_perms.c:276 plugins/sudoers/set_perms.c:600 +#: plugins/sudoers/set_perms.c:995 plugins/sudoers/set_perms.c:1304 msgid "unable to change to runas gid" msgstr "无法切换为 runas 组 ID" -#: plugins/sudoers/set_perms.c:277 plugins/sudoers/set_perms.c:597 -#: plugins/sudoers/set_perms.c:988 plugins/sudoers/set_perms.c:1293 +#: plugins/sudoers/set_perms.c:281 plugins/sudoers/set_perms.c:605 +#: plugins/sudoers/set_perms.c:1000 plugins/sudoers/set_perms.c:1309 msgid "unable to set runas group vector" msgstr "无法设置 runas 组向量" -#: plugins/sudoers/set_perms.c:288 plugins/sudoers/set_perms.c:608 -#: plugins/sudoers/set_perms.c:997 plugins/sudoers/set_perms.c:1302 +#: plugins/sudoers/set_perms.c:292 plugins/sudoers/set_perms.c:616 +#: plugins/sudoers/set_perms.c:1009 plugins/sudoers/set_perms.c:1318 msgid "unable to change to runas uid" msgstr "无法切换为 runas 用户 ID" -#: plugins/sudoers/set_perms.c:306 plugins/sudoers/set_perms.c:626 -#: plugins/sudoers/set_perms.c:1013 plugins/sudoers/set_perms.c:1318 +#: plugins/sudoers/set_perms.c:310 plugins/sudoers/set_perms.c:634 +#: plugins/sudoers/set_perms.c:1025 plugins/sudoers/set_perms.c:1334 msgid "unable to change to sudoers gid" msgstr "无法切换为 sudoers 组 ID" -#: plugins/sudoers/set_perms.c:359 plugins/sudoers/set_perms.c:698 -#: plugins/sudoers/set_perms.c:1061 plugins/sudoers/set_perms.c:1364 -#: plugins/sudoers/set_perms.c:1529 +#: plugins/sudoers/set_perms.c:363 plugins/sudoers/set_perms.c:706 +#: plugins/sudoers/set_perms.c:1073 plugins/sudoers/set_perms.c:1380 +#: plugins/sudoers/set_perms.c:1549 msgid "too many processes" msgstr "进程过多" @@ -2521,266 +3180,273 @@ msgid "truncated audit path argv[0]: %s" msgstr "截断的审核路径 argv[0]:%s" -#: plugins/sudoers/sssd.c:572 +#: plugins/sudoers/sssd.c:569 msgid "unable to initialize SSS source. Is SSSD installed on your machine?" msgstr "无法初始化 SSS 资源。您的计算机上安装 SSSD 了吗?" -#: plugins/sudoers/sssd.c:580 plugins/sudoers/sssd.c:589 -#: plugins/sudoers/sssd.c:598 plugins/sudoers/sssd.c:607 -#: plugins/sudoers/sssd.c:616 +#: plugins/sudoers/sssd.c:577 plugins/sudoers/sssd.c:586 +#: plugins/sudoers/sssd.c:595 plugins/sudoers/sssd.c:604 +#: plugins/sudoers/sssd.c:613 #, c-format msgid "unable to find symbol \"%s\" in %s" msgstr "无法在 %s 中找到符号“%s”" -#: plugins/sudoers/sudoers.c:214 plugins/sudoers/sudoers.c:1010 +#: plugins/sudoers/sudoers.c:166 plugins/sudoers/sudoers.c:174 +#: plugins/sudoers/sudoers.c:228 plugins/sudoers/sudoers.c:249 +#: plugins/sudoers/sudoers.c:1049 msgid "problem with defaults entries" msgstr "默认条目有问题" -#: plugins/sudoers/sudoers.c:218 +#: plugins/sudoers/sudoers.c:253 msgid "no valid sudoers sources found, quitting" msgstr "没有找到有效的 sudoers 资源,退出" -#: plugins/sudoers/sudoers.c:292 +#: plugins/sudoers/sudoers.c:327 #, c-format msgid "user not allowed to change root directory to %s" msgstr "用户不允许将根目录设置为 %s" -#: plugins/sudoers/sudoers.c:294 -#, fuzzy, c-format -#| msgid "you are not permitted to use the -C option" +#: plugins/sudoers/sudoers.c:329 +#, c-format msgid "you are not permitted to use the -R option with %s" -msgstr "您无权使用 -C 选项" +msgstr "您无权和 %s 一起使用 -R 选项" -#: plugins/sudoers/sudoers.c:319 +#: plugins/sudoers/sudoers.c:354 #, c-format msgid "user not allowed to change directory to %s" msgstr "用户不允许将目录变更为 %s" -#: plugins/sudoers/sudoers.c:320 -#, fuzzy, c-format -#| msgid "you are not permitted to use the -C option" +#: plugins/sudoers/sudoers.c:355 +#, c-format msgid "you are not permitted to use the -D option with %s" -msgstr "您无权使用 -C 选项" +msgstr "您无权和 %s 一起使用 -D 选项" + +#: plugins/sudoers/sudoers.c:382 +msgid "no command specified" +msgstr "未指定命令" -#: plugins/sudoers/sudoers.c:351 +#: plugins/sudoers/sudoers.c:407 msgid "sudoers specifies that root is not allowed to sudo" msgstr "sudoers 指定 root 不允许执行 sudo" -#: plugins/sudoers/sudoers.c:411 +#: plugins/sudoers/sudoers.c:457 msgid "user not allowed to override closefrom limit" msgstr "" -#: plugins/sudoers/sudoers.c:412 +#: plugins/sudoers/sudoers.c:458 msgid "you are not permitted to use the -C option" msgstr "您无权使用 -C 选项" -#: plugins/sudoers/sudoers.c:472 +#: plugins/sudoers/sudoers.c:518 #, c-format msgid "timestamp owner (%s): No such user" msgstr "时间戳所有者(%s):无此用户" -#: plugins/sudoers/sudoers.c:487 +#: plugins/sudoers/sudoers.c:533 msgid "no tty" msgstr "无终端" -#: plugins/sudoers/sudoers.c:488 +#: plugins/sudoers/sudoers.c:534 msgid "sorry, you must have a tty to run sudo" msgstr "抱歉,您必须拥有一个终端来执行 sudo" -#: plugins/sudoers/sudoers.c:495 -#, fuzzy, c-format -#| msgid "invalid speed factor: %s" +#: plugins/sudoers/sudoers.c:541 +#, c-format msgid "invalid shell for user %s: %s" -msgstr "无法的速度系数:%s" +msgstr "用户 %s 的无效 shell:%s" -#: plugins/sudoers/sudoers.c:578 +#: plugins/sudoers/sudoers.c:624 msgid "command in current directory" msgstr "当前目录中的命令" -#: plugins/sudoers/sudoers.c:597 -#, fuzzy -#| msgid "sorry, you are not allowed set a command timeout" +#: plugins/sudoers/sudoers.c:639 +msgid "\"cd\" is a shell built-in command, it cannot be run directly." +msgstr "“cd”是 shell 内置命令,它无法直接运行。" + +#: plugins/sudoers/sudoers.c:641 +msgid "the -s option may be used to run a privileged shell." +msgstr "" + +#: plugins/sudoers/sudoers.c:643 +msgid "the -D option may be used to run a command in a specific directory." +msgstr "" + +#: plugins/sudoers/sudoers.c:652 msgid "user not allowed to set a command timeout" -msgstr "抱歉,您无权设置超时时间" +msgstr "不允许用户设置超时时间" -#: plugins/sudoers/sudoers.c:599 +#: plugins/sudoers/sudoers.c:654 msgid "sorry, you are not allowed set a command timeout" msgstr "抱歉,您无权设置超时时间" -#: plugins/sudoers/sudoers.c:607 -#, fuzzy -#| msgid "sorry, you are not allowed to preserve the environment" +#: plugins/sudoers/sudoers.c:662 msgid "user not allowed to preserve the environment" -msgstr "抱歉,您无权保留环境" +msgstr "不允许用户保留环境" -#: plugins/sudoers/sudoers.c:609 +#: plugins/sudoers/sudoers.c:664 msgid "sorry, you are not allowed to preserve the environment" msgstr "抱歉,您无权保留环境" -#: plugins/sudoers/sudoers.c:945 -msgid "command too long" -msgstr "命令过长" - -#: plugins/sudoers/sudoers.c:1003 +#: plugins/sudoers/sudoers.c:1037 msgid "sudoedit doesn't need to be run via sudo" msgstr "sudoedit 无需经由 sudo 运行" -#: plugins/sudoers/sudoers.c:1057 plugins/sudoers/sudoreplay.c:1547 +#: plugins/sudoers/sudoers.c:1096 plugins/sudoers/sudoreplay.c:1578 #: plugins/sudoers/tsdump.c:138 #, c-format msgid "unable to read %s" msgstr "无法读取 %s" -#: plugins/sudoers/sudoers.c:1082 plugins/sudoers/visudo.c:432 -#: plugins/sudoers/visudo.c:726 +#: plugins/sudoers/sudoers.c:1121 plugins/sudoers/visudo.c:449 +#: plugins/sudoers/visudo.c:748 #, c-format msgid "unable to stat %s" msgstr "无法 stat %s" -#: plugins/sudoers/sudoers.c:1086 plugins/sudoers/visudo.c:1018 +#: plugins/sudoers/sudoers.c:1125 plugins/sudoers/visudo.c:1045 #, c-format msgid "%s is not a regular file" msgstr "%s 不是常规文件" -#: plugins/sudoers/sudoers.c:1090 plugins/sudoers/timestamp.c:252 toke.l:1112 +#: plugins/sudoers/sudoers.c:1129 plugins/sudoers/timestamp.c:252 toke.l:1168 #, c-format msgid "%s is owned by uid %u, should be %u" msgstr "%s 属于用户 ID %u,应为 %u" -#: plugins/sudoers/sudoers.c:1094 toke.l:1117 +#: plugins/sudoers/sudoers.c:1133 toke.l:1173 #, c-format msgid "%s is world writable" msgstr "%s 可被任何人写" -#: plugins/sudoers/sudoers.c:1098 toke.l:1120 +#: plugins/sudoers/sudoers.c:1137 toke.l:1176 #, c-format msgid "%s is owned by gid %u, should be %u" msgstr "%s 属于组 ID %u,应为 %u" -#: plugins/sudoers/sudoers.c:1131 +#: plugins/sudoers/sudoers.c:1170 #, c-format msgid "only root can use \"-c %s\"" msgstr "只有 root 才能使用“-c %s”" -#: plugins/sudoers/sudoers.c:1150 +#: plugins/sudoers/sudoers.c:1189 #, c-format -msgid "unknown login class: %s" -msgstr "未知的登录类别:%s" +msgid "unknown login class %s" +msgstr "未知的登录类别 %s" -#: plugins/sudoers/sudoers.c:1235 plugins/sudoers/sudoers.c:1250 +#: plugins/sudoers/sudoers.c:1275 plugins/sudoers/sudoers.c:1290 #, c-format msgid "unable to resolve host %s" msgstr "无法解析主机:%s" -#: plugins/sudoers/sudoreplay.c:257 +#: plugins/sudoers/sudoreplay.c:259 #, c-format msgid "invalid filter option: %s" msgstr "无效的过滤器选项:%s" -#: plugins/sudoers/sudoreplay.c:273 +#: plugins/sudoers/sudoreplay.c:275 #, c-format msgid "invalid max wait: %s" msgstr "无效的最大等待:%s" -#: plugins/sudoers/sudoreplay.c:296 +#: plugins/sudoers/sudoreplay.c:298 #, c-format msgid "invalid speed factor: %s" msgstr "无法的速度系数:%s" -#: plugins/sudoers/sudoreplay.c:332 +#: plugins/sudoers/sudoreplay.c:333 +#, c-format +msgid "invalid time offset %s" +msgstr "无效的时间偏移量 %s" + +#: plugins/sudoers/sudoreplay.c:342 #, c-format msgid "%s/%.2s/%.2s/%.2s: %s" msgstr "%s/%.2s/%.2s/%.2s: %s" -#: plugins/sudoers/sudoreplay.c:337 +#: plugins/sudoers/sudoreplay.c:347 #, c-format msgid "%s/timing: %s" msgstr "%s/时序:%s" -#: plugins/sudoers/sudoreplay.c:341 -#, c-format -msgid "%s/%s: %s" -msgstr "%s/%s:%s" - -#: plugins/sudoers/sudoreplay.c:365 +#: plugins/sudoers/sudoreplay.c:375 #, c-format msgid "Replaying sudo session: %s" msgstr "回放 sudo 会话:%s" -#: plugins/sudoers/sudoreplay.c:627 +#: plugins/sudoers/sudoreplay.c:637 msgid "unable to set tty to raw mode" msgstr "无法将终端设为原始模式" -#: plugins/sudoers/sudoreplay.c:678 +#: plugins/sudoers/sudoreplay.c:688 msgid "Warning: your terminal is too small to properly replay the log.\n" msgstr "警告:您的终端尺寸太小,不能正常地回放日志。\n" -#: plugins/sudoers/sudoreplay.c:679 +#: plugins/sudoers/sudoreplay.c:689 #, c-format msgid "Log geometry is %d x %d, your terminal's geometry is %d x %d." msgstr "日志的几何尺寸为 %dx%d,您终端的几何尺寸为 %dx%d。" -#: plugins/sudoers/sudoreplay.c:707 +#: plugins/sudoers/sudoreplay.c:717 msgid "Replay finished, press any key to restore the terminal." msgstr "回放完成,请按任意键返回终端。" -#: plugins/sudoers/sudoreplay.c:1197 plugins/sudoers/sudoreplay.c:1227 +#: plugins/sudoers/sudoreplay.c:1218 plugins/sudoers/sudoreplay.c:1248 #, c-format msgid "ambiguous expression \"%s\"" msgstr "有歧义的表达式“%s”" -#: plugins/sudoers/sudoreplay.c:1249 +#: plugins/sudoers/sudoreplay.c:1270 msgid "unmatched ')' in expression" msgstr "表达式中的“)”不匹配" -#: plugins/sudoers/sudoreplay.c:1253 +#: plugins/sudoers/sudoreplay.c:1274 #, c-format msgid "unknown search term \"%s\"" msgstr "未知的搜索词“%s”" -#: plugins/sudoers/sudoreplay.c:1268 +#: plugins/sudoers/sudoreplay.c:1289 #, c-format msgid "%s requires an argument" msgstr "%s 需要参数" -#: plugins/sudoers/sudoreplay.c:1271 plugins/sudoers/sudoreplay.c:1523 +#: plugins/sudoers/sudoreplay.c:1292 plugins/sudoers/sudoreplay.c:1554 #, c-format msgid "invalid regular expression: %s" msgstr "无效的正则表达式:%s" -#: plugins/sudoers/sudoreplay.c:1276 +#: plugins/sudoers/sudoreplay.c:1297 #, c-format msgid "could not parse date \"%s\"" msgstr "无法解析日期“%s”" -#: plugins/sudoers/sudoreplay.c:1285 +#: plugins/sudoers/sudoreplay.c:1306 msgid "unmatched '(' in expression" msgstr "表达式中的“(”不匹配" -#: plugins/sudoers/sudoreplay.c:1287 +#: plugins/sudoers/sudoreplay.c:1308 msgid "illegal trailing \"or\"" msgstr "非法的结尾字符“or”" -#: plugins/sudoers/sudoreplay.c:1289 +#: plugins/sudoers/sudoreplay.c:1310 msgid "illegal trailing \"!\"" msgstr "非法的结尾字符“!”" -#: plugins/sudoers/sudoreplay.c:1347 +#: plugins/sudoers/sudoreplay.c:1368 #, c-format msgid "unknown search type %d" msgstr "未知的搜索类型 %d" -#: plugins/sudoers/sudoreplay.c:1614 +#: plugins/sudoers/sudoreplay.c:1645 #, c-format msgid "usage: %s [-hnRS] [-d dir] [-m num] [-s num] ID\n" msgstr "用法:%s [-hnRS] [-d 目录] [-m 数值] [-s 数值] ID\n" -#: plugins/sudoers/sudoreplay.c:1617 +#: plugins/sudoers/sudoreplay.c:1648 #, c-format msgid "usage: %s [-h] [-d dir] -l [search expression]\n" msgstr "用法:%s [-h] [-d 目录] -l [搜索表达式]\n" -#: plugins/sudoers/sudoreplay.c:1626 +#: plugins/sudoers/sudoreplay.c:1657 #, c-format msgid "" "%s - replay sudo session logs\n" @@ -2789,7 +3455,7 @@ "%s - 回放 sudo 会话记录\n" "\n" -#: plugins/sudoers/sudoreplay.c:1628 +#: plugins/sudoers/sudoreplay.c:1659 msgid "" "\n" "Options:\n" @@ -2817,11 +3483,11 @@ " -s, --speed=数值 加速或减慢输出\n" " -V, --version 显示版本信息并退出" -#: plugins/sudoers/testsudoers.c:348 +#: plugins/sudoers/testsudoers.c:344 msgid "\thost unmatched" msgstr "\t主机不匹配" -#: plugins/sudoers/testsudoers.c:351 +#: plugins/sudoers/testsudoers.c:347 msgid "" "\n" "Command allowed" @@ -2829,7 +3495,7 @@ "\n" "命令允许" -#: plugins/sudoers/testsudoers.c:352 +#: plugins/sudoers/testsudoers.c:348 msgid "" "\n" "Command denied" @@ -2837,7 +3503,7 @@ "\n" "命令被拒" -#: plugins/sudoers/testsudoers.c:352 +#: plugins/sudoers/testsudoers.c:348 msgid "" "\n" "Command unmatched" @@ -2850,121 +3516,127 @@ msgid "%s is group writable" msgstr "%s 可被组写" -#: plugins/sudoers/timestamp.c:336 plugins/sudoers/timestamp.c:680 +#: plugins/sudoers/timestamp.c:328 plugins/sudoers/timestamp.c:663 #, c-format msgid "unable to truncate time stamp file to %lld bytes" msgstr "无法将时间戳文件截短为 %lld 字节" -#: plugins/sudoers/timestamp.c:866 +#: plugins/sudoers/timestamp.c:860 msgid "ignoring time stamp from the future" msgstr "将忽略超前的时间戳" -#: plugins/sudoers/timestamp.c:889 +#: plugins/sudoers/timestamp.c:883 #, c-format msgid "time stamp too far in the future: %20.20s" msgstr "时间戳太超前:%20.20s" -#: plugins/sudoers/timestamp.c:1011 +#: plugins/sudoers/timestamp.c:1005 #, c-format msgid "unable to lock time stamp file %s" msgstr "无法锁定时间戳文件 %s" -#: plugins/sudoers/timestamp.c:1055 plugins/sudoers/timestamp.c:1075 +#: plugins/sudoers/timestamp.c:1049 plugins/sudoers/timestamp.c:1069 #, c-format msgid "lecture status path too long: %s/%s" msgstr "致辞(lecture)状态路径过长:%s/%s" -#: plugins/sudoers/toke_util.c:124 +#: plugins/sudoers/toke_util.c:150 msgid "sudoedit should not be specified with a path" msgstr "不应当带路径调用 sudoedit" -#: plugins/sudoers/visudo.c:226 +#: plugins/sudoers/visudo.c:238 msgid "the -x option will be removed in a future release" msgstr "未来版本中 -x 选项会移除" -#: plugins/sudoers/visudo.c:228 +#: plugins/sudoers/visudo.c:240 msgid "please consider using the cvtsudoers utility instead" msgstr "请考虑换用 cvtsudoers 工具" -#: plugins/sudoers/visudo.c:279 plugins/sudoers/visudo.c:659 +#: plugins/sudoers/visudo.c:292 plugins/sudoers/visudo.c:676 #, c-format msgid "press return to edit %s: " msgstr "按回车键编辑 %s:" -#: plugins/sudoers/visudo.c:340 +#: plugins/sudoers/visudo.c:307 +#, c-format +msgid "contents of edit session left in %s" +msgstr "" + +#: plugins/sudoers/visudo.c:361 #, c-format msgid "specified editor (%s) doesn't exist" msgstr "指定的编辑器(%s)不存在" -#: plugins/sudoers/visudo.c:342 +#: plugins/sudoers/visudo.c:363 #, c-format msgid "no editor found (editor path = %s)" msgstr "未找到编辑器(编辑器路径 = %s)" -#: plugins/sudoers/visudo.c:452 plugins/sudoers/visudo.c:460 +#: plugins/sudoers/visudo.c:469 plugins/sudoers/visudo.c:477 msgid "write error" msgstr "写错误" -#: plugins/sudoers/visudo.c:506 +#: plugins/sudoers/visudo.c:523 #, c-format msgid "unable to stat temporary file (%s), %s unchanged" msgstr "无法 stat 临时文件(%s),%s 未更改" -#: plugins/sudoers/visudo.c:513 +#: plugins/sudoers/visudo.c:530 #, c-format msgid "zero length temporary file (%s), %s unchanged" msgstr "零长度的临时文件(%s),%s 未更改" -#: plugins/sudoers/visudo.c:519 +#: plugins/sudoers/visudo.c:536 #, c-format msgid "editor (%s) failed, %s unchanged" msgstr "编辑器(%s)失败,%s 未更改" -#: plugins/sudoers/visudo.c:541 +#: plugins/sudoers/visudo.c:558 #, c-format msgid "%s unchanged" msgstr "%s 未更改" -#: plugins/sudoers/visudo.c:598 +#: plugins/sudoers/visudo.c:615 #, c-format msgid "unable to re-open temporary file (%s), %s unchanged." msgstr "无法重新打开临时文件(%s),%s 未更改。" -#: plugins/sudoers/visudo.c:610 +#: plugins/sudoers/visudo.c:627 #, c-format msgid "unable to parse temporary file (%s), unknown error" msgstr "无法解析临时文件(%s),未知错误" -#: plugins/sudoers/visudo.c:648 +#: plugins/sudoers/visudo.c:665 #, c-format msgid "internal error, unable to find %s in list!" msgstr "内部错误,在列表中找不到 %s!" -#: plugins/sudoers/visudo.c:728 plugins/sudoers/visudo.c:737 +#: plugins/sudoers/visudo.c:722 plugins/sudoers/visudo.c:752 +#: plugins/sudoers/visudo.c:759 #, c-format msgid "unable to set (uid, gid) of %s to (%u, %u)" msgstr "无法将 %s 的 (uid, gid) 设为 (%u, %u)" -#: plugins/sudoers/visudo.c:760 +#: plugins/sudoers/visudo.c:787 #, c-format msgid "%s and %s not on the same file system, using mv to rename" msgstr "%s 和 %s 不在同一个文件系统,使用 mv 进行重命名" -#: plugins/sudoers/visudo.c:774 +#: plugins/sudoers/visudo.c:798 #, c-format msgid "command failed: '%s %s %s', %s unchanged" msgstr "命令失败:“%s %s %s”,%s 未更改" -#: plugins/sudoers/visudo.c:784 +#: plugins/sudoers/visudo.c:805 #, c-format msgid "error renaming %s, %s unchanged" msgstr "重命名 %s 出错,%s 未更改" -#: plugins/sudoers/visudo.c:805 +#: plugins/sudoers/visudo.c:825 msgid "What now? " msgstr "现在做什么?" -#: plugins/sudoers/visudo.c:819 +#: plugins/sudoers/visudo.c:839 msgid "" "Options are:\n" " (e)dit sudoers file again\n" @@ -2976,70 +3648,41 @@ " 退出,不保存对 sudoers 文件的更改(x)\n" " 退出并将更改保存到 sudoers 文件(危险!)(Q)\n" -#: plugins/sudoers/visudo.c:865 +#: plugins/sudoers/visudo.c:885 #, c-format msgid "unable to run %s" msgstr "无法运行 %s" -#: plugins/sudoers/visudo.c:895 +#: plugins/sudoers/visudo.c:916 #, c-format msgid "%s: wrong owner (uid, gid) should be (%u, %u)\n" msgstr "%s:错误的所有者(uid, gid),应为 (%u, %u)\n" -#: plugins/sudoers/visudo.c:902 +#: plugins/sudoers/visudo.c:927 #, c-format msgid "%s: bad permissions, should be mode 0%o\n" msgstr "%s:权限不正确,模式应该是 0%o\n" -#: plugins/sudoers/visudo.c:951 plugins/sudoers/visudo.c:958 +#: plugins/sudoers/visudo.c:978 plugins/sudoers/visudo.c:985 #, c-format msgid "%s: parsed OK\n" msgstr "%s:解析正确\n" -#: plugins/sudoers/visudo.c:977 +#: plugins/sudoers/visudo.c:1004 #, c-format msgid "%s busy, try again later" msgstr "%s 忙,请稍后重试" -#: plugins/sudoers/visudo.c:980 -#, c-format -msgid "unable to lock %s" -msgstr "无法锁定 %s" - -#: plugins/sudoers/visudo.c:981 +#: plugins/sudoers/visudo.c:1008 msgid "Edit anyway? [y/N]" msgstr "仍然编辑?[y/N]" -#: plugins/sudoers/visudo.c:1091 -#, fuzzy, c-format -#| msgid "Error: %s:%d cycle in %s \"%s\"" -msgid "Error: %s:%d:%d: cycle in %s \"%s\"" -msgstr "错误:%s:%d 在 %s “%s”中循环" - -#: plugins/sudoers/visudo.c:1092 -#, fuzzy, c-format -#| msgid "Warning: %s:%d cycle in %s \"%s\"" -msgid "Warning: %s:%d:%d: cycle in %s \"%s\"" -msgstr "警告:%s:%d 在 %s “%s”中循环" - -#: plugins/sudoers/visudo.c:1096 -#, fuzzy, c-format -#| msgid "Error: %s:%d %s \"%s\" referenced but not defined" -msgid "Error: %s:%d:%d: %s \"%s\" referenced but not defined" -msgstr "错误:%s:%d 引用了 %s “%s”但尚未定义" - -#: plugins/sudoers/visudo.c:1097 -#, fuzzy, c-format -#| msgid "Warning: %s:%d %s \"%s\" referenced but not defined" -msgid "Warning: %s:%d:%d: %s \"%s\" referenced but not defined" -msgstr "警告:%s:%d 引用了 %s “%s”但尚未定义" - -#: plugins/sudoers/visudo.c:1188 +#: plugins/sudoers/visudo.c:1104 #, c-format msgid "Warning: %s:%d:%d: unused %s \"%s\"" msgstr "警告:%s:%d:%d:未使用的 %s“%s”" -#: plugins/sudoers/visudo.c:1303 +#: plugins/sudoers/visudo.c:1220 #, c-format msgid "" "%s - safely edit the sudoers file\n" @@ -3048,7 +3691,7 @@ "%s - 安全地编辑 sudoers 文件\n" "\n" -#: plugins/sudoers/visudo.c:1305 +#: plugins/sudoers/visudo.c:1222 msgid "" "\n" "Options:\n" @@ -3068,42 +3711,74 @@ " -s, --strict 严格语法检查\n" " -V, --version 显示版本信息并退出\n" -#: toke.l:179 +#: toke.l:187 msgid "empty string" msgstr "空字符串" -#: toke.l:189 toke.l:491 +#: toke.l:199 toke.l:513 msgid "empty group" msgstr "空组" -#: toke.l:197 toke.l:489 +#: toke.l:209 toke.l:511 msgid "empty netgroup" msgstr "" -#: toke.l:293 toke.l:305 toke.l:317 toke.l:333 toke.l:352 toke.l:392 +#: toke.l:305 toke.l:317 toke.l:329 toke.l:345 toke.l:364 toke.l:404 #, fuzzy #| msgid "invalid authentication type" msgid "invalid line continuation" msgstr "无效的认证类型" -#: toke.l:528 toke.l:540 +#: toke.l:550 toke.l:562 msgid "invalid IPv6 address" msgstr "无效的 IPv6 地址" -#: toke.l:764 +#: toke.l:789 msgid "unexpected line break in string" msgstr "字符串中未预期的换行" -#: toke.l:1084 +#: toke.l:1139 msgid "too many levels of includes" msgstr "include 嵌套层数过多" +#~ msgid "%s: write buffer already in use" +#~ msgstr "%s:写缓冲已在使用" + +#~ msgid "unable to read diffie-hellman parameters: %s" +#~ msgstr "无法读取 diffie-hellman 参数:%s" + +#~ msgid "unknown defaults entry \"%s\"" +#~ msgstr "未知的默认条目“%s”" + +#~ msgid "%s:%d unknown key: %s" +#~ msgstr "%s:%d 未知的键:%s" + +#~ msgid "unable to get TLS server method: %s" +#~ msgstr "无法获取 TLS 服务器方法:%s" + +#~ msgid "%s:%u unable to parse \"%s\"" +#~ msgstr "%s:%u 无法解析 \"%s\"" + +#~ msgid "" +#~ "\n" +#~ "Options:\n" +#~ " -f, --file path to configuration file\n" +#~ " -h --help display help message and exit\n" +#~ " -n, --no-fork do not fork, run in the foreground\n" +#~ " -R, --random-drop percent chance connections will drop\n" +#~ " -V, --version display version information and exit\n" +#~ msgstr "" +#~ "\n" +#~ "选项:\n" +#~ " -f, --file 指定配置文件的位置\n" +#~ " -h, --help 显示帮助信息并退出\n" +#~ " -n, --no-fork 不要进行 fork,在前台运行\n" +#~ " -R, --random-drop 指定丢弃连接的百分比概率\n" +#~ " -V, --version 显示版本信息并退出\n" + #~ msgid "Preload the dummy exec functions contained in the sudo_noexec library" #~ msgstr "预加载“sudo_noexec”库中包含的哑 exec 函数" -#~ msgid "unable to lock log file: %s" -#~ msgstr "无法锁定日志文件:%s" - #~ msgid "sudo_ldap_conf_add_ports: port too large" #~ msgstr "sudo_ldap_conf_add_ports:端口太大" @@ -3158,9 +3833,6 @@ #~ msgid "Warning: cycle in %s `%s'" #~ msgstr "警告:在 %s “%s”中循环" -#~ msgid "Warning: %s `%s' referenced but not defined" -#~ msgstr "警告:引用了 %s “%s”但尚未定义" - #~ msgid "Warning: unused %s `%s'" #~ msgstr "警告:%s “%s”未使用" Binary files /tmp/tmpi0rdlgnl/ugezXHF7Xt/sudo-1.9.5p2/plugins/sudoers/po/zh_TW.mo and /tmp/tmpi0rdlgnl/jboyaHmwzR/sudo-1.9.9/plugins/sudoers/po/zh_TW.mo differ diff -Nru sudo-1.9.5p2/plugins/sudoers/po/zh_TW.po sudo-1.9.9/plugins/sudoers/po/zh_TW.po --- sudo-1.9.5p2/plugins/sudoers/po/zh_TW.po 2020-12-17 01:33:44.000000000 +0000 +++ sudo-1.9.9/plugins/sudoers/po/zh_TW.po 2022-01-27 21:24:22.000000000 +0000 @@ -3,13 +3,13 @@ # # Todd C. Miller , 2011-2018. # Hugwalk , 2019. -# Yi-Jyun Pan , 2019, 2020. +# Yi-Jyun Pan , 2019, 2020, 2021. msgid "" msgstr "" -"Project-Id-Version: sudoers 1.9.4b1\n" +"Project-Id-Version: sudoers 1.9.9b1\n" "Report-Msgid-Bugs-To: https://bugzilla.sudo.ws\n" -"POT-Creation-Date: 2020-11-14 06:24-0700\n" -"PO-Revision-Date: 2020-11-19 00:53+0800\n" +"POT-Creation-Date: 2021-12-08 10:19-0700\n" +"PO-Revision-Date: 2021-12-11 16:13+0800\n" "Last-Translator: Yi-Jyun Pan \n" "Language-Team: Chinese (traditional) \n" "Language: zh_TW\n" @@ -18,9 +18,9 @@ "Content-Transfer-Encoding: 8bit\n" "X-Bugs: Report translation errors to the Language-Team address.\n" "Plural-Forms: nplurals=1; plural=0;\n" -"X-Generator: Poedit 2.4.1\n" +"X-Generator: Poedit 3.0\n" -#: confstr.sh:1 gram.y:1077 +#: confstr.sh:1 gram.y:1201 msgid "syntax error" msgstr "語法錯誤" @@ -44,869 +44,1298 @@ msgid "Sorry, try again." msgstr "抱歉,請重試。" -#: gram.y:220 gram.y:286 gram.y:293 gram.y:300 gram.y:307 gram.y:314 -#: gram.y:334 gram.y:358 gram.y:365 gram.y:372 gram.y:379 gram.y:386 -#: gram.y:455 gram.y:464 gram.y:475 gram.y:510 gram.y:517 gram.y:524 -#: gram.y:531 gram.y:558 gram.y:654 gram.y:661 gram.y:670 gram.y:679 -#: gram.y:696 gram.y:834 gram.y:841 gram.y:849 gram.y:855 gram.y:971 -#: gram.y:978 gram.y:985 gram.y:992 gram.y:999 gram.y:1025 gram.y:1032 -#: gram.y:1039 gram.y:1236 gram.y:1526 lib/eventlog/eventlog.c:280 -#: lib/eventlog/eventlog.c:352 lib/eventlog/eventlog.c:753 -#: lib/eventlog/eventlog.c:817 lib/eventlog/eventlog.c:1062 -#: lib/iolog/iolog_fileio.c:998 lib/iolog/iolog_json.c:120 -#: lib/iolog/iolog_json.c:305 lib/iolog/iolog_json.c:335 -#: lib/iolog/iolog_json.c:457 lib/iolog/iolog_util.c:106 -#: lib/iolog/iolog_util.c:115 lib/iolog/iolog_util.c:125 -#: lib/iolog/iolog_util.c:133 lib/iolog/iolog_util.c:137 -#: lib/iolog/iolog_util.c:196 logsrvd/sendlog.c:480 -#: plugins/sudoers/alias.c:126 plugins/sudoers/alias.c:134 -#: plugins/sudoers/alias.c:153 plugins/sudoers/audit.c:115 -#: plugins/sudoers/audit.c:210 plugins/sudoers/auth/bsdauth.c:143 -#: plugins/sudoers/auth/kerb5.c:118 plugins/sudoers/auth/kerb5.c:144 -#: plugins/sudoers/auth/pam.c:669 plugins/sudoers/auth/rfc1938.c:111 -#: plugins/sudoers/auth/sia.c:59 plugins/sudoers/cvtsudoers.c:119 -#: plugins/sudoers/cvtsudoers.c:160 plugins/sudoers/cvtsudoers.c:177 -#: plugins/sudoers/cvtsudoers.c:188 plugins/sudoers/cvtsudoers.c:300 -#: plugins/sudoers/cvtsudoers.c:428 plugins/sudoers/cvtsudoers.c:561 -#: plugins/sudoers/cvtsudoers.c:578 plugins/sudoers/cvtsudoers.c:641 -#: plugins/sudoers/cvtsudoers.c:756 plugins/sudoers/cvtsudoers.c:764 -#: plugins/sudoers/cvtsudoers.c:1178 plugins/sudoers/cvtsudoers.c:1182 -#: plugins/sudoers/cvtsudoers.c:1284 plugins/sudoers/cvtsudoers_json.c:76 +#: gram.y:233 gram.y:300 gram.y:309 gram.y:318 gram.y:328 gram.y:338 +#: gram.y:362 gram.y:389 gram.y:398 gram.y:406 gram.y:415 gram.y:424 +#: gram.y:498 gram.y:508 gram.y:520 gram.y:564 gram.y:573 gram.y:582 +#: gram.y:591 gram.y:718 gram.y:726 gram.y:737 gram.y:749 gram.y:768 +#: gram.y:923 gram.y:928 gram.y:936 gram.y:950 gram.y:956 gram.y:1078 +#: gram.y:1087 gram.y:1095 gram.y:1104 gram.y:1113 gram.y:1142 gram.y:1151 +#: gram.y:1159 gram.y:1249 gram.y:1377 gram.y:1744 gram.y:1794 +#: lib/eventlog/eventlog.c:309 lib/eventlog/eventlog.c:382 +#: lib/eventlog/eventlog.c:804 lib/eventlog/eventlog.c:881 +#: lib/eventlog/eventlog.c:1176 lib/iolog/iolog_json.c:150 +#: lib/iolog/iolog_json.c:382 lib/iolog/iolog_json.c:412 +#: lib/iolog/iolog_json.c:555 lib/iolog/iolog_legacy.c:100 +#: lib/iolog/iolog_legacy.c:111 lib/iolog/iolog_legacy.c:123 +#: lib/iolog/iolog_legacy.c:133 lib/iolog/iolog_legacy.c:139 +#: lib/iolog/iolog_loginfo.c:76 lib/iolog/iolog_loginfo.c:211 +#: logsrvd/iolog_writer.c:84 logsrvd/iolog_writer.c:89 +#: logsrvd/iolog_writer.c:123 logsrvd/iolog_writer.c:172 +#: logsrvd/iolog_writer.c:212 logsrvd/iolog_writer.c:225 +#: logsrvd/iolog_writer.c:261 logsrvd/iolog_writer.c:286 +#: logsrvd/iolog_writer.c:301 logsrvd/iolog_writer.c:314 +#: logsrvd/iolog_writer.c:327 logsrvd/iolog_writer.c:340 +#: logsrvd/iolog_writer.c:355 logsrvd/iolog_writer.c:393 +#: logsrvd/iolog_writer.c:399 logsrvd/iolog_writer.c:406 +#: logsrvd/iolog_writer.c:412 logsrvd/iolog_writer.c:596 +#: logsrvd/logsrv_util.c:64 logsrvd/logsrvd.c:296 logsrvd/logsrvd.c:305 +#: logsrvd/logsrvd.c:1011 logsrvd/logsrvd.c:1073 logsrvd/logsrvd_conf.c:1360 +#: logsrvd/logsrvd_journal.c:70 logsrvd/logsrvd_journal.c:203 +#: logsrvd/logsrvd_journal.c:204 logsrvd/logsrvd_journal.c:260 +#: logsrvd/logsrvd_journal.c:425 logsrvd/logsrvd_journal.c:427 +#: logsrvd/logsrvd_local.c:174 logsrvd/logsrvd_local.c:175 +#: logsrvd/logsrvd_local.c:237 logsrvd/logsrvd_local.c:238 +#: logsrvd/logsrvd_local.c:376 logsrvd/logsrvd_local.c:425 +#: logsrvd/logsrvd_local.c:426 logsrvd/logsrvd_local.c:431 +#: logsrvd/logsrvd_local.c:432 logsrvd/logsrvd_queue.c:154 +#: logsrvd/logsrvd_queue.c:184 logsrvd/logsrvd_queue.c:261 +#: logsrvd/logsrvd_relay.c:439 logsrvd/logsrvd_relay.c:738 +#: logsrvd/logsrvd_relay.c:843 logsrvd/sendlog.c:246 logsrvd/sendlog.c:255 +#: logsrvd/sendlog.c:333 logsrvd/sendlog.c:640 plugins/sudoers/audit.c:116 +#: plugins/sudoers/auth/bsdauth.c:147 plugins/sudoers/auth/kerb5.c:118 +#: plugins/sudoers/auth/kerb5.c:146 plugins/sudoers/auth/pam.c:689 +#: plugins/sudoers/auth/rfc1938.c:111 plugins/sudoers/auth/sia.c:59 +#: plugins/sudoers/check_aliases.c:134 plugins/sudoers/cvtsudoers.c:131 +#: plugins/sudoers/cvtsudoers.c:175 plugins/sudoers/cvtsudoers.c:192 +#: plugins/sudoers/cvtsudoers.c:203 plugins/sudoers/cvtsudoers.c:333 +#: plugins/sudoers/cvtsudoers.c:372 plugins/sudoers/cvtsudoers.c:392 +#: plugins/sudoers/cvtsudoers.c:534 plugins/sudoers/cvtsudoers.c:667 +#: plugins/sudoers/cvtsudoers.c:685 plugins/sudoers/cvtsudoers.c:755 +#: plugins/sudoers/cvtsudoers.c:870 plugins/sudoers/cvtsudoers.c:878 +#: plugins/sudoers/cvtsudoers.c:1373 plugins/sudoers/cvtsudoers.c:1377 +#: plugins/sudoers/cvtsudoers.c:1479 plugins/sudoers/cvtsudoers_csv.c:183 +#: plugins/sudoers/cvtsudoers_csv.c:246 plugins/sudoers/cvtsudoers_json.c:76 #: plugins/sudoers/cvtsudoers_ldif.c:151 plugins/sudoers/cvtsudoers_ldif.c:194 #: plugins/sudoers/cvtsudoers_ldif.c:235 plugins/sudoers/cvtsudoers_ldif.c:300 -#: plugins/sudoers/cvtsudoers_ldif.c:371 plugins/sudoers/cvtsudoers_ldif.c:421 -#: plugins/sudoers/cvtsudoers_ldif.c:429 plugins/sudoers/cvtsudoers_ldif.c:440 -#: plugins/sudoers/cvtsudoers_ldif.c:447 plugins/sudoers/cvtsudoers_ldif.c:460 -#: plugins/sudoers/cvtsudoers_ldif.c:468 plugins/sudoers/cvtsudoers_ldif.c:615 -#: plugins/sudoers/defaults.c:630 plugins/sudoers/defaults.c:923 -#: plugins/sudoers/defaults.c:1098 plugins/sudoers/editor.c:181 -#: plugins/sudoers/env.c:261 plugins/sudoers/exptilde.c:92 -#: plugins/sudoers/filedigest.c:54 plugins/sudoers/filedigest.c:70 -#: plugins/sudoers/gc.c:56 plugins/sudoers/group_plugin.c:133 -#: plugins/sudoers/interfaces.c:72 plugins/sudoers/iolog.c:596 -#: plugins/sudoers/iolog.c:613 plugins/sudoers/ldap.c:184 -#: plugins/sudoers/ldap.c:422 plugins/sudoers/ldap.c:432 -#: plugins/sudoers/ldap.c:437 plugins/sudoers/ldap.c:441 -#: plugins/sudoers/ldap.c:453 plugins/sudoers/ldap.c:744 -#: plugins/sudoers/ldap.c:908 plugins/sudoers/ldap.c:1281 -#: plugins/sudoers/ldap.c:1709 plugins/sudoers/ldap.c:1746 -#: plugins/sudoers/ldap.c:1827 plugins/sudoers/ldap.c:1962 -#: plugins/sudoers/ldap.c:2063 plugins/sudoers/ldap.c:2079 -#: plugins/sudoers/ldap_conf.c:218 plugins/sudoers/ldap_conf.c:249 -#: plugins/sudoers/ldap_conf.c:301 plugins/sudoers/ldap_conf.c:337 -#: plugins/sudoers/ldap_conf.c:441 plugins/sudoers/ldap_conf.c:456 -#: plugins/sudoers/ldap_conf.c:553 plugins/sudoers/ldap_conf.c:586 -#: plugins/sudoers/ldap_conf.c:678 plugins/sudoers/ldap_conf.c:760 -#: plugins/sudoers/ldap_util.c:326 plugins/sudoers/ldap_util.c:333 -#: plugins/sudoers/ldap_util.c:603 plugins/sudoers/linux_audit.c:84 -#: plugins/sudoers/log_client.c:105 plugins/sudoers/log_client.c:381 -#: plugins/sudoers/log_client.c:688 plugins/sudoers/log_client.c:706 -#: plugins/sudoers/log_client.c:1407 plugins/sudoers/log_client.c:1620 -#: plugins/sudoers/log_client.c:1942 plugins/sudoers/log_client.c:1999 -#: plugins/sudoers/logging.c:100 plugins/sudoers/logging.c:166 -#: plugins/sudoers/logging.c:426 plugins/sudoers/logging.c:446 -#: plugins/sudoers/logging.c:527 plugins/sudoers/match_command.c:281 -#: plugins/sudoers/match_command.c:449 plugins/sudoers/match_command.c:499 -#: plugins/sudoers/match_command.c:573 plugins/sudoers/match_digest.c:93 -#: plugins/sudoers/parse.c:199 plugins/sudoers/parse.c:213 -#: plugins/sudoers/parse.c:230 plugins/sudoers/parse.c:244 -#: plugins/sudoers/parse.c:264 plugins/sudoers/parse.c:275 +#: plugins/sudoers/cvtsudoers_ldif.c:376 plugins/sudoers/cvtsudoers_ldif.c:430 +#: plugins/sudoers/cvtsudoers_ldif.c:438 plugins/sudoers/cvtsudoers_ldif.c:449 +#: plugins/sudoers/cvtsudoers_ldif.c:456 plugins/sudoers/cvtsudoers_ldif.c:469 +#: plugins/sudoers/cvtsudoers_ldif.c:477 plugins/sudoers/cvtsudoers_ldif.c:624 +#: plugins/sudoers/cvtsudoers_merge.c:246 +#: plugins/sudoers/cvtsudoers_merge.c:292 +#: plugins/sudoers/cvtsudoers_merge.c:339 +#: plugins/sudoers/cvtsudoers_merge.c:360 +#: plugins/sudoers/cvtsudoers_merge.c:446 +#: plugins/sudoers/cvtsudoers_merge.c:457 +#: plugins/sudoers/cvtsudoers_merge.c:526 +#: plugins/sudoers/cvtsudoers_merge.c:696 +#: plugins/sudoers/cvtsudoers_merge.c:704 +#: plugins/sudoers/cvtsudoers_merge.c:927 +#: plugins/sudoers/cvtsudoers_merge.c:962 plugins/sudoers/defaults.c:665 +#: plugins/sudoers/defaults.c:1019 plugins/sudoers/defaults.c:1206 +#: plugins/sudoers/editor.c:190 plugins/sudoers/env.c:262 +#: plugins/sudoers/exptilde.c:92 plugins/sudoers/filedigest.c:54 +#: plugins/sudoers/filedigest.c:70 plugins/sudoers/gc.c:57 +#: plugins/sudoers/group_plugin.c:133 plugins/sudoers/interfaces.c:68 +#: plugins/sudoers/iolog.c:609 plugins/sudoers/iolog.c:635 +#: plugins/sudoers/ldap.c:184 plugins/sudoers/ldap.c:422 +#: plugins/sudoers/ldap.c:432 plugins/sudoers/ldap.c:437 +#: plugins/sudoers/ldap.c:441 plugins/sudoers/ldap.c:453 +#: plugins/sudoers/ldap.c:749 plugins/sudoers/ldap.c:913 +#: plugins/sudoers/ldap.c:1286 plugins/sudoers/ldap.c:1712 +#: plugins/sudoers/ldap.c:1749 plugins/sudoers/ldap.c:1830 +#: plugins/sudoers/ldap.c:1965 plugins/sudoers/ldap.c:2066 +#: plugins/sudoers/ldap.c:2082 plugins/sudoers/ldap_conf.c:218 +#: plugins/sudoers/ldap_conf.c:249 plugins/sudoers/ldap_conf.c:301 +#: plugins/sudoers/ldap_conf.c:337 plugins/sudoers/ldap_conf.c:441 +#: plugins/sudoers/ldap_conf.c:456 plugins/sudoers/ldap_conf.c:553 +#: plugins/sudoers/ldap_conf.c:586 plugins/sudoers/ldap_conf.c:678 +#: plugins/sudoers/ldap_conf.c:760 plugins/sudoers/ldap_util.c:293 +#: plugins/sudoers/ldap_util.c:300 plugins/sudoers/ldap_util.c:613 +#: plugins/sudoers/linux_audit.c:86 plugins/sudoers/log_client.c:112 +#: plugins/sudoers/log_client.c:390 plugins/sudoers/log_client.c:703 +#: plugins/sudoers/log_client.c:724 plugins/sudoers/log_client.c:1444 +#: plugins/sudoers/log_client.c:1662 plugins/sudoers/log_client.c:1989 +#: plugins/sudoers/log_client.c:2046 plugins/sudoers/logging.c:104 +#: plugins/sudoers/logging.c:184 plugins/sudoers/logging.c:468 +#: plugins/sudoers/logging.c:488 plugins/sudoers/logging.c:627 +#: plugins/sudoers/match_command.c:297 plugins/sudoers/match_command.c:497 +#: plugins/sudoers/match_command.c:546 plugins/sudoers/match_command.c:618 +#: plugins/sudoers/match_command.c:666 plugins/sudoers/match_digest.c:93 +#: plugins/sudoers/parse.c:201 plugins/sudoers/parse.c:218 +#: plugins/sudoers/parse.c:250 plugins/sudoers/parse.c:267 +#: plugins/sudoers/parse.c:290 plugins/sudoers/parse.c:301 #: plugins/sudoers/parse_ldif.c:153 plugins/sudoers/parse_ldif.c:184 -#: plugins/sudoers/parse_ldif.c:253 plugins/sudoers/parse_ldif.c:260 -#: plugins/sudoers/parse_ldif.c:265 plugins/sudoers/parse_ldif.c:341 -#: plugins/sudoers/parse_ldif.c:352 plugins/sudoers/parse_ldif.c:379 -#: plugins/sudoers/parse_ldif.c:396 plugins/sudoers/parse_ldif.c:408 -#: plugins/sudoers/parse_ldif.c:412 plugins/sudoers/parse_ldif.c:426 -#: plugins/sudoers/parse_ldif.c:594 plugins/sudoers/parse_ldif.c:624 -#: plugins/sudoers/parse_ldif.c:649 plugins/sudoers/parse_ldif.c:707 -#: plugins/sudoers/parse_ldif.c:724 plugins/sudoers/parse_ldif.c:752 -#: plugins/sudoers/parse_ldif.c:759 plugins/sudoers/policy.c:526 -#: plugins/sudoers/policy.c:874 plugins/sudoers/prompt.c:93 -#: plugins/sudoers/pwutil.c:194 plugins/sudoers/pwutil.c:265 -#: plugins/sudoers/pwutil.c:343 plugins/sudoers/pwutil.c:517 -#: plugins/sudoers/pwutil.c:581 plugins/sudoers/pwutil.c:652 -#: plugins/sudoers/pwutil.c:811 plugins/sudoers/pwutil.c:867 -#: plugins/sudoers/pwutil.c:911 plugins/sudoers/pwutil.c:968 -#: plugins/sudoers/sssd.c:145 plugins/sudoers/sssd.c:407 -#: plugins/sudoers/sssd.c:470 plugins/sudoers/sssd.c:514 -#: plugins/sudoers/sssd.c:561 plugins/sudoers/sssd.c:754 -#: plugins/sudoers/stubs.c:110 plugins/sudoers/stubs.c:118 -#: plugins/sudoers/sudoers.c:300 plugins/sudoers/sudoers.c:326 -#: plugins/sudoers/sudoers.c:370 plugins/sudoers/sudoers.c:381 -#: plugins/sudoers/sudoers.c:391 plugins/sudoers/sudoers.c:433 -#: plugins/sudoers/sudoers.c:794 plugins/sudoers/sudoers.c:927 -#: plugins/sudoers/sudoers.c:961 plugins/sudoers/sudoers.c:1265 -#: plugins/sudoers/sudoreplay.c:552 plugins/sudoers/sudoreplay.c:555 -#: plugins/sudoers/sudoreplay.c:1259 plugins/sudoers/sudoreplay.c:1469 -#: plugins/sudoers/sudoreplay.c:1473 plugins/sudoers/testsudoers.c:128 -#: plugins/sudoers/testsudoers.c:228 plugins/sudoers/testsudoers.c:245 -#: plugins/sudoers/testsudoers.c:587 plugins/sudoers/timestamp.c:432 -#: plugins/sudoers/timestamp.c:476 plugins/sudoers/timestamp.c:986 -#: plugins/sudoers/toke_util.c:51 plugins/sudoers/toke_util.c:104 -#: plugins/sudoers/toke_util.c:129 plugins/sudoers/toke_util.c:157 -#: plugins/sudoers/tsdump.c:123 plugins/sudoers/visudo.c:145 -#: plugins/sudoers/visudo.c:323 plugins/sudoers/visudo.c:329 -#: plugins/sudoers/visudo.c:439 plugins/sudoers/visudo.c:615 -#: plugins/sudoers/visudo.c:935 plugins/sudoers/visudo.c:1008 -#: plugins/sudoers/visudo.c:1129 toke.l:913 toke.l:1033 toke.l:1091 +#: plugins/sudoers/parse_ldif.c:253 plugins/sudoers/parse_ldif.c:261 +#: plugins/sudoers/parse_ldif.c:266 plugins/sudoers/parse_ldif.c:342 +#: plugins/sudoers/parse_ldif.c:353 plugins/sudoers/parse_ldif.c:380 +#: plugins/sudoers/parse_ldif.c:397 plugins/sudoers/parse_ldif.c:409 +#: plugins/sudoers/parse_ldif.c:413 plugins/sudoers/parse_ldif.c:427 +#: plugins/sudoers/parse_ldif.c:484 plugins/sudoers/parse_ldif.c:597 +#: plugins/sudoers/parse_ldif.c:627 plugins/sudoers/parse_ldif.c:652 +#: plugins/sudoers/parse_ldif.c:710 plugins/sudoers/parse_ldif.c:727 +#: plugins/sudoers/parse_ldif.c:755 plugins/sudoers/parse_ldif.c:762 +#: plugins/sudoers/policy.c:564 plugins/sudoers/policy.c:978 +#: plugins/sudoers/prompt.c:93 plugins/sudoers/pwutil.c:199 +#: plugins/sudoers/pwutil.c:270 plugins/sudoers/pwutil.c:348 +#: plugins/sudoers/pwutil.c:522 plugins/sudoers/pwutil.c:587 +#: plugins/sudoers/pwutil.c:659 plugins/sudoers/pwutil.c:857 +#: plugins/sudoers/pwutil.c:913 plugins/sudoers/pwutil.c:957 +#: plugins/sudoers/pwutil.c:1014 plugins/sudoers/sssd.c:145 +#: plugins/sudoers/sssd.c:407 plugins/sudoers/sssd.c:470 +#: plugins/sudoers/sssd.c:514 plugins/sudoers/sssd.c:558 +#: plugins/sudoers/sssd.c:751 plugins/sudoers/strvec_join.c:53 +#: plugins/sudoers/stubs.c:111 plugins/sudoers/stubs.c:119 +#: plugins/sudoers/sudoers.c:335 plugins/sudoers/sudoers.c:361 +#: plugins/sudoers/sudoers.c:429 plugins/sudoers/sudoers.c:438 +#: plugins/sudoers/sudoers.c:479 plugins/sudoers/sudoers.c:842 +#: plugins/sudoers/sudoers.c:980 plugins/sudoers/sudoers.c:1039 +#: plugins/sudoers/sudoers.c:1305 plugins/sudoers/sudoreplay.c:562 +#: plugins/sudoers/sudoreplay.c:565 plugins/sudoers/sudoreplay.c:1280 +#: plugins/sudoers/sudoreplay.c:1500 plugins/sudoers/sudoreplay.c:1504 +#: plugins/sudoers/testsudoers.c:120 plugins/sudoers/testsudoers.c:224 +#: plugins/sudoers/testsudoers.c:241 plugins/sudoers/testsudoers.c:580 +#: plugins/sudoers/timestamp.c:424 plugins/sudoers/timestamp.c:468 +#: plugins/sudoers/timestamp.c:980 plugins/sudoers/timestamp.c:1118 +#: plugins/sudoers/toke_util.c:77 plugins/sudoers/toke_util.c:105 +#: plugins/sudoers/toke_util.c:130 plugins/sudoers/toke_util.c:155 +#: plugins/sudoers/toke_util.c:193 plugins/sudoers/tsdump.c:123 +#: plugins/sudoers/visudo.c:145 plugins/sudoers/visudo.c:344 +#: plugins/sudoers/visudo.c:350 plugins/sudoers/visudo.c:456 +#: plugins/sudoers/visudo.c:632 plugins/sudoers/visudo.c:962 +#: plugins/sudoers/visudo.c:1035 toke.l:944 toke.l:1076 toke.l:1147 msgid "unable to allocate memory" msgstr "無法分配記憶體" -#: gram.y:552 +#: gram.y:615 msgid "a digest requires a path name" msgstr "摘要需要路徑名稱" -#: gram.y:581 +#: gram.y:637 msgid "values for \"CWD\" must start with a '/', '~', or '*'" msgstr "\"CWD\" 的值開頭必須是 '/'、'~' 或 '*'" -#: gram.y:593 +#: gram.y:643 +msgid "\"CWD\" path too long" +msgstr "「CWD」路徑過長" + +#: gram.y:653 msgid "values for \"CHROOT\" must start with a '/', '~', or '*'" msgstr "\"CHROOT\" 的值開頭必須是 '/'、'~' 或 '*'" -#: gram.y:715 +#: gram.y:659 +msgid "\"CHROOT\" path too long" +msgstr "「CHROOT」路徑過長 " + +#: gram.y:788 #, c-format msgid "syntax error, reserved word %s used as an alias name" msgstr "語法錯誤,保留字 %s 被用作別名名稱" -#: gram.y:735 +#: gram.y:811 msgid "invalid notbefore value" msgstr "notbefore 的值無效" -#: gram.y:743 +#: gram.y:820 msgid "invalid notafter value" msgstr "notafter 的值無效" -#: gram.y:752 plugins/sudoers/policy.c:335 +#: gram.y:830 plugins/sudoers/policy.c:353 msgid "timeout value too large" msgstr "timeout 值過長" -#: gram.y:754 plugins/sudoers/policy.c:337 +#: gram.y:832 plugins/sudoers/policy.c:355 msgid "invalid timeout value" msgstr "timeout 值無效" -#: gram.y:1079 +#: gram.y:946 plugins/sudoers/sudoers.c:998 +msgid "command too long" +msgstr "指令過長" + +#: gram.y:1203 #, c-format msgid "%s:%d:%d: %s\n" msgstr "%s:%d:%d: %s\n" -#: gram.y:1526 lib/eventlog/eventlog.c:280 lib/eventlog/eventlog.c:753 -#: lib/eventlog/eventlog.c:815 lib/eventlog/eventlog.c:816 -#: lib/eventlog/eventlog.c:1062 lib/iolog/iolog_fileio.c:998 -#: lib/iolog/iolog_json.c:120 lib/iolog/iolog_json.c:304 -#: lib/iolog/iolog_json.c:335 lib/iolog/iolog_json.c:457 -#: lib/iolog/iolog_json.c:735 lib/iolog/iolog_util.c:106 -#: lib/iolog/iolog_util.c:115 lib/iolog/iolog_util.c:125 -#: lib/iolog/iolog_util.c:133 lib/iolog/iolog_util.c:137 -#: lib/iolog/iolog_util.c:196 logsrvd/logsrvd.c:1280 logsrvd/logsrvd.c:1293 -#: logsrvd/logsrvd.c:1338 logsrvd/sendlog.c:480 logsrvd/sendlog.c:1321 -#: logsrvd/sendlog.c:1328 logsrvd/sendlog.c:1746 plugins/sudoers/audit.c:115 -#: plugins/sudoers/audit.c:210 plugins/sudoers/auth/pam.c:482 -#: plugins/sudoers/auth/pam.c:669 plugins/sudoers/auth/rfc1938.c:111 -#: plugins/sudoers/cvtsudoers.c:119 plugins/sudoers/cvtsudoers.c:159 -#: plugins/sudoers/cvtsudoers.c:176 plugins/sudoers/cvtsudoers.c:187 -#: plugins/sudoers/cvtsudoers.c:299 plugins/sudoers/cvtsudoers.c:427 -#: plugins/sudoers/cvtsudoers.c:560 plugins/sudoers/cvtsudoers.c:577 -#: plugins/sudoers/cvtsudoers.c:641 plugins/sudoers/cvtsudoers.c:756 -#: plugins/sudoers/cvtsudoers.c:763 plugins/sudoers/cvtsudoers.c:1178 -#: plugins/sudoers/cvtsudoers.c:1182 plugins/sudoers/cvtsudoers.c:1284 +#: gram.y:1247 +#, c-format +msgid "Alias \"%s\" already defined" +msgstr "別名「%s」已定義過" + +#: gram.y:1744 gram.y:1794 lib/eventlog/eventlog.c:309 +#: lib/eventlog/eventlog.c:804 lib/eventlog/eventlog.c:877 +#: lib/eventlog/eventlog.c:880 lib/eventlog/eventlog.c:1176 +#: lib/iolog/iolog_json.c:150 lib/iolog/iolog_json.c:381 +#: lib/iolog/iolog_json.c:412 lib/iolog/iolog_json.c:555 +#: lib/iolog/iolog_legacy.c:100 lib/iolog/iolog_legacy.c:111 +#: lib/iolog/iolog_legacy.c:123 lib/iolog/iolog_legacy.c:133 +#: lib/iolog/iolog_legacy.c:139 lib/iolog/iolog_loginfo.c:76 +#: lib/iolog/iolog_loginfo.c:211 logsrvd/iolog_writer.c:84 +#: logsrvd/iolog_writer.c:89 logsrvd/iolog_writer.c:123 +#: logsrvd/iolog_writer.c:162 logsrvd/iolog_writer.c:171 +#: logsrvd/iolog_writer.c:189 logsrvd/iolog_writer.c:211 +#: logsrvd/iolog_writer.c:224 logsrvd/iolog_writer.c:251 +#: logsrvd/iolog_writer.c:260 logsrvd/iolog_writer.c:276 +#: logsrvd/iolog_writer.c:285 logsrvd/iolog_writer.c:300 +#: logsrvd/iolog_writer.c:313 logsrvd/iolog_writer.c:326 +#: logsrvd/iolog_writer.c:339 logsrvd/iolog_writer.c:354 +#: logsrvd/iolog_writer.c:393 logsrvd/iolog_writer.c:399 +#: logsrvd/iolog_writer.c:406 logsrvd/iolog_writer.c:412 +#: logsrvd/iolog_writer.c:596 logsrvd/logsrv_util.c:64 logsrvd/logsrvd.c:296 +#: logsrvd/logsrvd.c:305 logsrvd/logsrvd.c:448 logsrvd/logsrvd.c:485 +#: logsrvd/logsrvd.c:593 logsrvd/logsrvd.c:1084 logsrvd/logsrvd.c:1400 +#: logsrvd/logsrvd.c:1406 logsrvd/logsrvd_conf.c:1360 +#: logsrvd/logsrvd_journal.c:70 logsrvd/logsrvd_journal.c:114 +#: logsrvd/logsrvd_journal.c:203 logsrvd/logsrvd_journal.c:233 +#: logsrvd/logsrvd_journal.c:237 logsrvd/logsrvd_journal.c:245 +#: logsrvd/logsrvd_journal.c:268 logsrvd/logsrvd_journal.c:272 +#: logsrvd/logsrvd_journal.c:425 logsrvd/logsrvd_local.c:174 +#: logsrvd/logsrvd_local.c:237 logsrvd/logsrvd_local.c:425 +#: logsrvd/logsrvd_local.c:431 logsrvd/logsrvd_local.c:450 +#: logsrvd/logsrvd_queue.c:153 logsrvd/logsrvd_queue.c:184 +#: logsrvd/logsrvd_queue.c:261 logsrvd/sendlog.c:246 logsrvd/sendlog.c:255 +#: logsrvd/sendlog.c:333 logsrvd/sendlog.c:640 logsrvd/sendlog.c:1526 +#: logsrvd/sendlog.c:1533 logsrvd/sendlog.c:1756 logsrvd/tls_init.c:293 +#: logsrvd/tls_init.c:314 logsrvd/tls_init.c:324 plugins/sudoers/audit.c:116 +#: plugins/sudoers/auth/pam.c:503 plugins/sudoers/auth/pam.c:689 +#: plugins/sudoers/auth/rfc1938.c:111 plugins/sudoers/check_aliases.c:134 +#: plugins/sudoers/cvtsudoers.c:131 plugins/sudoers/cvtsudoers.c:174 +#: plugins/sudoers/cvtsudoers.c:191 plugins/sudoers/cvtsudoers.c:202 +#: plugins/sudoers/cvtsudoers.c:332 plugins/sudoers/cvtsudoers.c:533 +#: plugins/sudoers/cvtsudoers.c:666 plugins/sudoers/cvtsudoers.c:684 +#: plugins/sudoers/cvtsudoers.c:755 plugins/sudoers/cvtsudoers.c:870 +#: plugins/sudoers/cvtsudoers.c:877 plugins/sudoers/cvtsudoers.c:1373 +#: plugins/sudoers/cvtsudoers.c:1377 plugins/sudoers/cvtsudoers.c:1479 +#: plugins/sudoers/cvtsudoers_csv.c:182 plugins/sudoers/cvtsudoers_csv.c:245 #: plugins/sudoers/cvtsudoers_json.c:75 plugins/sudoers/cvtsudoers_ldif.c:150 #: plugins/sudoers/cvtsudoers_ldif.c:193 plugins/sudoers/cvtsudoers_ldif.c:234 -#: plugins/sudoers/cvtsudoers_ldif.c:299 plugins/sudoers/cvtsudoers_ldif.c:370 -#: plugins/sudoers/cvtsudoers_ldif.c:420 plugins/sudoers/cvtsudoers_ldif.c:428 -#: plugins/sudoers/cvtsudoers_ldif.c:439 plugins/sudoers/cvtsudoers_ldif.c:446 -#: plugins/sudoers/cvtsudoers_ldif.c:459 plugins/sudoers/cvtsudoers_ldif.c:467 -#: plugins/sudoers/cvtsudoers_ldif.c:614 plugins/sudoers/defaults.c:630 -#: plugins/sudoers/defaults.c:923 plugins/sudoers/defaults.c:1098 -#: plugins/sudoers/editor.c:181 plugins/sudoers/env.c:261 +#: plugins/sudoers/cvtsudoers_ldif.c:299 plugins/sudoers/cvtsudoers_ldif.c:375 +#: plugins/sudoers/cvtsudoers_ldif.c:429 plugins/sudoers/cvtsudoers_ldif.c:437 +#: plugins/sudoers/cvtsudoers_ldif.c:448 plugins/sudoers/cvtsudoers_ldif.c:455 +#: plugins/sudoers/cvtsudoers_ldif.c:468 plugins/sudoers/cvtsudoers_ldif.c:476 +#: plugins/sudoers/cvtsudoers_ldif.c:623 +#: plugins/sudoers/cvtsudoers_merge.c:246 +#: plugins/sudoers/cvtsudoers_merge.c:292 +#: plugins/sudoers/cvtsudoers_merge.c:338 +#: plugins/sudoers/cvtsudoers_merge.c:359 +#: plugins/sudoers/cvtsudoers_merge.c:446 +#: plugins/sudoers/cvtsudoers_merge.c:454 +#: plugins/sudoers/cvtsudoers_merge.c:457 +#: plugins/sudoers/cvtsudoers_merge.c:523 +#: plugins/sudoers/cvtsudoers_merge.c:526 +#: plugins/sudoers/cvtsudoers_merge.c:695 +#: plugins/sudoers/cvtsudoers_merge.c:703 +#: plugins/sudoers/cvtsudoers_merge.c:926 +#: plugins/sudoers/cvtsudoers_merge.c:962 plugins/sudoers/defaults.c:665 +#: plugins/sudoers/defaults.c:1019 plugins/sudoers/defaults.c:1206 +#: plugins/sudoers/editor.c:190 plugins/sudoers/env.c:262 #: plugins/sudoers/exptilde.c:92 plugins/sudoers/filedigest.c:54 -#: plugins/sudoers/filedigest.c:70 plugins/sudoers/gc.c:56 -#: plugins/sudoers/group_plugin.c:132 plugins/sudoers/interfaces.c:72 -#: plugins/sudoers/iolog.c:596 plugins/sudoers/iolog.c:613 +#: plugins/sudoers/filedigest.c:70 plugins/sudoers/gc.c:57 +#: plugins/sudoers/group_plugin.c:132 plugins/sudoers/interfaces.c:68 +#: plugins/sudoers/iolog.c:609 plugins/sudoers/iolog.c:635 #: plugins/sudoers/ldap.c:184 plugins/sudoers/ldap.c:422 #: plugins/sudoers/ldap.c:432 plugins/sudoers/ldap.c:437 #: plugins/sudoers/ldap.c:441 plugins/sudoers/ldap.c:453 -#: plugins/sudoers/ldap.c:744 plugins/sudoers/ldap.c:908 -#: plugins/sudoers/ldap.c:1281 plugins/sudoers/ldap.c:1709 -#: plugins/sudoers/ldap.c:1746 plugins/sudoers/ldap.c:1827 -#: plugins/sudoers/ldap.c:1962 plugins/sudoers/ldap.c:2063 -#: plugins/sudoers/ldap.c:2079 plugins/sudoers/ldap_conf.c:218 +#: plugins/sudoers/ldap.c:749 plugins/sudoers/ldap.c:913 +#: plugins/sudoers/ldap.c:1286 plugins/sudoers/ldap.c:1712 +#: plugins/sudoers/ldap.c:1749 plugins/sudoers/ldap.c:1830 +#: plugins/sudoers/ldap.c:1965 plugins/sudoers/ldap.c:2066 +#: plugins/sudoers/ldap.c:2082 plugins/sudoers/ldap_conf.c:218 #: plugins/sudoers/ldap_conf.c:249 plugins/sudoers/ldap_conf.c:301 #: plugins/sudoers/ldap_conf.c:337 plugins/sudoers/ldap_conf.c:441 #: plugins/sudoers/ldap_conf.c:456 plugins/sudoers/ldap_conf.c:553 #: plugins/sudoers/ldap_conf.c:586 plugins/sudoers/ldap_conf.c:677 -#: plugins/sudoers/ldap_conf.c:760 plugins/sudoers/ldap_util.c:325 -#: plugins/sudoers/ldap_util.c:332 plugins/sudoers/ldap_util.c:603 -#: plugins/sudoers/linux_audit.c:84 plugins/sudoers/log_client.c:105 -#: plugins/sudoers/log_client.c:214 plugins/sudoers/log_client.c:235 -#: plugins/sudoers/log_client.c:248 plugins/sudoers/log_client.c:381 -#: plugins/sudoers/log_client.c:688 plugins/sudoers/log_client.c:706 -#: plugins/sudoers/log_client.c:1407 plugins/sudoers/log_client.c:1620 -#: plugins/sudoers/log_client.c:1942 plugins/sudoers/log_client.c:1999 -#: plugins/sudoers/logging.c:100 plugins/sudoers/logging.c:165 -#: plugins/sudoers/logging.c:166 plugins/sudoers/logging.c:425 -#: plugins/sudoers/logging.c:445 plugins/sudoers/logging.c:527 -#: plugins/sudoers/match_command.c:280 plugins/sudoers/match_command.c:448 -#: plugins/sudoers/match_command.c:498 plugins/sudoers/match_command.c:573 -#: plugins/sudoers/match_digest.c:93 plugins/sudoers/parse.c:198 -#: plugins/sudoers/parse.c:212 plugins/sudoers/parse.c:229 -#: plugins/sudoers/parse.c:243 plugins/sudoers/parse.c:263 -#: plugins/sudoers/parse.c:274 plugins/sudoers/parse_ldif.c:152 -#: plugins/sudoers/parse_ldif.c:183 plugins/sudoers/parse_ldif.c:252 -#: plugins/sudoers/parse_ldif.c:259 plugins/sudoers/parse_ldif.c:264 -#: plugins/sudoers/parse_ldif.c:340 plugins/sudoers/parse_ldif.c:351 -#: plugins/sudoers/parse_ldif.c:378 plugins/sudoers/parse_ldif.c:395 -#: plugins/sudoers/parse_ldif.c:407 plugins/sudoers/parse_ldif.c:411 -#: plugins/sudoers/parse_ldif.c:425 plugins/sudoers/parse_ldif.c:594 -#: plugins/sudoers/parse_ldif.c:623 plugins/sudoers/parse_ldif.c:648 -#: plugins/sudoers/parse_ldif.c:706 plugins/sudoers/parse_ldif.c:723 -#: plugins/sudoers/parse_ldif.c:751 plugins/sudoers/parse_ldif.c:758 -#: plugins/sudoers/policy.c:139 plugins/sudoers/policy.c:148 -#: plugins/sudoers/policy.c:157 plugins/sudoers/policy.c:183 -#: plugins/sudoers/policy.c:320 plugins/sudoers/policy.c:335 -#: plugins/sudoers/policy.c:337 plugins/sudoers/policy.c:366 -#: plugins/sudoers/policy.c:375 plugins/sudoers/policy.c:418 -#: plugins/sudoers/policy.c:428 plugins/sudoers/policy.c:437 -#: plugins/sudoers/policy.c:446 plugins/sudoers/policy.c:526 -#: plugins/sudoers/policy.c:874 plugins/sudoers/prompt.c:93 -#: plugins/sudoers/pwutil.c:194 plugins/sudoers/pwutil.c:265 -#: plugins/sudoers/pwutil.c:343 plugins/sudoers/pwutil.c:517 -#: plugins/sudoers/pwutil.c:581 plugins/sudoers/pwutil.c:652 -#: plugins/sudoers/pwutil.c:811 plugins/sudoers/pwutil.c:867 -#: plugins/sudoers/pwutil.c:911 plugins/sudoers/pwutil.c:968 -#: plugins/sudoers/set_perms.c:359 plugins/sudoers/set_perms.c:698 -#: plugins/sudoers/set_perms.c:1061 plugins/sudoers/set_perms.c:1364 -#: plugins/sudoers/set_perms.c:1529 plugins/sudoers/sssd.c:144 +#: plugins/sudoers/ldap_conf.c:760 plugins/sudoers/ldap_util.c:292 +#: plugins/sudoers/ldap_util.c:299 plugins/sudoers/ldap_util.c:613 +#: plugins/sudoers/linux_audit.c:86 plugins/sudoers/log_client.c:112 +#: plugins/sudoers/log_client.c:221 plugins/sudoers/log_client.c:242 +#: plugins/sudoers/log_client.c:255 plugins/sudoers/log_client.c:390 +#: plugins/sudoers/log_client.c:703 plugins/sudoers/log_client.c:724 +#: plugins/sudoers/log_client.c:1444 plugins/sudoers/log_client.c:1662 +#: plugins/sudoers/log_client.c:1989 plugins/sudoers/log_client.c:2046 +#: plugins/sudoers/logging.c:104 plugins/sudoers/logging.c:183 +#: plugins/sudoers/logging.c:184 plugins/sudoers/logging.c:467 +#: plugins/sudoers/logging.c:487 plugins/sudoers/logging.c:627 +#: plugins/sudoers/match_command.c:296 plugins/sudoers/match_command.c:496 +#: plugins/sudoers/match_command.c:545 plugins/sudoers/match_command.c:618 +#: plugins/sudoers/match_command.c:665 plugins/sudoers/match_digest.c:93 +#: plugins/sudoers/parse.c:200 plugins/sudoers/parse.c:217 +#: plugins/sudoers/parse.c:249 plugins/sudoers/parse.c:266 +#: plugins/sudoers/parse.c:289 plugins/sudoers/parse.c:300 +#: plugins/sudoers/parse_ldif.c:152 plugins/sudoers/parse_ldif.c:183 +#: plugins/sudoers/parse_ldif.c:252 plugins/sudoers/parse_ldif.c:260 +#: plugins/sudoers/parse_ldif.c:265 plugins/sudoers/parse_ldif.c:341 +#: plugins/sudoers/parse_ldif.c:352 plugins/sudoers/parse_ldif.c:379 +#: plugins/sudoers/parse_ldif.c:396 plugins/sudoers/parse_ldif.c:408 +#: plugins/sudoers/parse_ldif.c:412 plugins/sudoers/parse_ldif.c:426 +#: plugins/sudoers/parse_ldif.c:484 plugins/sudoers/parse_ldif.c:597 +#: plugins/sudoers/parse_ldif.c:626 plugins/sudoers/parse_ldif.c:651 +#: plugins/sudoers/parse_ldif.c:709 plugins/sudoers/parse_ldif.c:726 +#: plugins/sudoers/parse_ldif.c:754 plugins/sudoers/parse_ldif.c:761 +#: plugins/sudoers/policy.c:152 plugins/sudoers/policy.c:161 +#: plugins/sudoers/policy.c:170 plugins/sudoers/policy.c:197 +#: plugins/sudoers/policy.c:338 plugins/sudoers/policy.c:353 +#: plugins/sudoers/policy.c:355 plugins/sudoers/policy.c:385 +#: plugins/sudoers/policy.c:394 plugins/sudoers/policy.c:442 +#: plugins/sudoers/policy.c:452 plugins/sudoers/policy.c:461 +#: plugins/sudoers/policy.c:470 plugins/sudoers/policy.c:564 +#: plugins/sudoers/policy.c:978 plugins/sudoers/prompt.c:93 +#: plugins/sudoers/pwutil.c:199 plugins/sudoers/pwutil.c:270 +#: plugins/sudoers/pwutil.c:348 plugins/sudoers/pwutil.c:522 +#: plugins/sudoers/pwutil.c:587 plugins/sudoers/pwutil.c:659 +#: plugins/sudoers/pwutil.c:857 plugins/sudoers/pwutil.c:913 +#: plugins/sudoers/pwutil.c:957 plugins/sudoers/pwutil.c:1014 +#: plugins/sudoers/set_perms.c:363 plugins/sudoers/set_perms.c:706 +#: plugins/sudoers/set_perms.c:1073 plugins/sudoers/set_perms.c:1380 +#: plugins/sudoers/set_perms.c:1549 plugins/sudoers/sssd.c:144 #: plugins/sudoers/sssd.c:407 plugins/sudoers/sssd.c:470 -#: plugins/sudoers/sssd.c:514 plugins/sudoers/sssd.c:561 -#: plugins/sudoers/sssd.c:754 plugins/sudoers/stubs.c:110 -#: plugins/sudoers/stubs.c:118 plugins/sudoers/sudoers.c:300 -#: plugins/sudoers/sudoers.c:326 plugins/sudoers/sudoers.c:370 -#: plugins/sudoers/sudoers.c:381 plugins/sudoers/sudoers.c:391 -#: plugins/sudoers/sudoers.c:433 plugins/sudoers/sudoers.c:794 -#: plugins/sudoers/sudoers.c:927 plugins/sudoers/sudoers.c:961 -#: plugins/sudoers/sudoers.c:1265 plugins/sudoers/sudoreplay.c:552 -#: plugins/sudoers/sudoreplay.c:555 plugins/sudoers/sudoreplay.c:1259 -#: plugins/sudoers/sudoreplay.c:1469 plugins/sudoers/sudoreplay.c:1473 -#: plugins/sudoers/testsudoers.c:128 plugins/sudoers/testsudoers.c:228 -#: plugins/sudoers/testsudoers.c:245 plugins/sudoers/testsudoers.c:587 -#: plugins/sudoers/timestamp.c:432 plugins/sudoers/timestamp.c:476 -#: plugins/sudoers/timestamp.c:986 plugins/sudoers/toke_util.c:51 -#: plugins/sudoers/toke_util.c:104 plugins/sudoers/toke_util.c:128 -#: plugins/sudoers/toke_util.c:157 plugins/sudoers/tsdump.c:123 -#: plugins/sudoers/visudo.c:145 plugins/sudoers/visudo.c:323 -#: plugins/sudoers/visudo.c:329 plugins/sudoers/visudo.c:439 -#: plugins/sudoers/visudo.c:615 plugins/sudoers/visudo.c:935 -#: plugins/sudoers/visudo.c:1008 plugins/sudoers/visudo.c:1129 toke.l:913 -#: toke.l:1033 toke.l:1091 +#: plugins/sudoers/sssd.c:514 plugins/sudoers/sssd.c:558 +#: plugins/sudoers/sssd.c:751 plugins/sudoers/strvec_join.c:53 +#: plugins/sudoers/stubs.c:111 plugins/sudoers/stubs.c:119 +#: plugins/sudoers/sudoers.c:335 plugins/sudoers/sudoers.c:361 +#: plugins/sudoers/sudoers.c:429 plugins/sudoers/sudoers.c:438 +#: plugins/sudoers/sudoers.c:479 plugins/sudoers/sudoers.c:842 +#: plugins/sudoers/sudoers.c:980 plugins/sudoers/sudoers.c:1039 +#: plugins/sudoers/sudoers.c:1305 plugins/sudoers/sudoreplay.c:562 +#: plugins/sudoers/sudoreplay.c:565 plugins/sudoers/sudoreplay.c:1280 +#: plugins/sudoers/sudoreplay.c:1500 plugins/sudoers/sudoreplay.c:1504 +#: plugins/sudoers/testsudoers.c:120 plugins/sudoers/testsudoers.c:224 +#: plugins/sudoers/testsudoers.c:241 plugins/sudoers/testsudoers.c:580 +#: plugins/sudoers/timestamp.c:424 plugins/sudoers/timestamp.c:468 +#: plugins/sudoers/timestamp.c:980 plugins/sudoers/timestamp.c:1118 +#: plugins/sudoers/toke_util.c:77 plugins/sudoers/toke_util.c:105 +#: plugins/sudoers/toke_util.c:130 plugins/sudoers/toke_util.c:154 +#: plugins/sudoers/toke_util.c:193 plugins/sudoers/tsdump.c:123 +#: plugins/sudoers/visudo.c:145 plugins/sudoers/visudo.c:344 +#: plugins/sudoers/visudo.c:350 plugins/sudoers/visudo.c:456 +#: plugins/sudoers/visudo.c:632 plugins/sudoers/visudo.c:962 +#: plugins/sudoers/visudo.c:1035 toke.l:944 toke.l:1076 toke.l:1139 +#: toke.l:1147 #, c-format msgid "%s: %s" msgstr "%s:%s" -#: lib/eventlog/eventlog.c:285 lib/iolog/iolog_json.c:463 -#: lib/iolog/iolog_json.c:466 lib/iolog/iolog_json.c:468 -#: lib/iolog/iolog_json.c:560 plugins/sudoers/cvtsudoers_ldif.c:244 -#: plugins/sudoers/cvtsudoers_ldif.c:251 plugins/sudoers/cvtsudoers_ldif.c:571 -#: plugins/sudoers/env.c:323 plugins/sudoers/env.c:330 -#: plugins/sudoers/env.c:437 plugins/sudoers/iolog.c:618 -#: plugins/sudoers/ldap.c:517 plugins/sudoers/ldap.c:748 -#: plugins/sudoers/ldap.c:1081 plugins/sudoers/ldap_conf.c:222 -#: plugins/sudoers/ldap_conf.c:312 plugins/sudoers/linux_audit.c:90 -#: plugins/sudoers/policy.c:556 plugins/sudoers/policy.c:711 -#: plugins/sudoers/policy.c:721 plugins/sudoers/prompt.c:161 -#: plugins/sudoers/sudoers.c:983 plugins/sudoers/testsudoers.c:249 -#: plugins/sudoers/toke_util.c:169 +#: lib/eventlog/eventlog.c:314 lib/iolog/iolog_json.c:562 +#: lib/iolog/iolog_json.c:568 lib/iolog/iolog_json.c:574 +#: plugins/sudoers/cvtsudoers_csv.c:192 plugins/sudoers/cvtsudoers_csv.c:199 +#: plugins/sudoers/cvtsudoers_ldif.c:244 plugins/sudoers/cvtsudoers_ldif.c:251 +#: plugins/sudoers/cvtsudoers_ldif.c:580 plugins/sudoers/env.c:326 +#: plugins/sudoers/env.c:333 plugins/sudoers/env.c:444 +#: plugins/sudoers/ldap.c:520 plugins/sudoers/ldap.c:753 +#: plugins/sudoers/ldap.c:1086 plugins/sudoers/ldap_conf.c:222 +#: plugins/sudoers/ldap_conf.c:312 plugins/sudoers/ldap_util.c:485 +#: plugins/sudoers/linux_audit.c:92 plugins/sudoers/policy.c:594 +#: plugins/sudoers/policy.c:763 plugins/sudoers/policy.c:774 +#: plugins/sudoers/prompt.c:168 plugins/sudoers/strvec_join.c:62 +#: plugins/sudoers/testsudoers.c:245 plugins/sudoers/toke_util.c:206 +#: toke.l:908 toke.l:1110 #, c-format msgid "internal error, %s overflow" msgstr "內部錯誤,%s 溢出" -#: lib/eventlog/eventlog.c:343 +#: lib/eventlog/eventlog.c:373 #, c-format msgid "unable to dup stdin: %m" msgstr "無法 dup stdin:%m" -#: lib/eventlog/eventlog.c:388 +#: lib/eventlog/eventlog.c:415 #, c-format msgid "unable to execute %s: %m" msgstr "無法執行 %s:%m" -#: lib/eventlog/eventlog.c:428 plugins/sudoers/auth/aix_auth.c:198 +#: lib/eventlog/eventlog.c:456 plugins/sudoers/auth/aix_auth.c:198 msgid "unable to fork" msgstr "無法執行 fork" -#: lib/eventlog/eventlog.c:436 lib/eventlog/eventlog.c:490 +#: lib/eventlog/eventlog.c:464 lib/eventlog/eventlog.c:518 #, c-format msgid "unable to fork: %m" msgstr "無法執行 fork:%m" -#: lib/eventlog/eventlog.c:480 +#: lib/eventlog/eventlog.c:508 #, c-format msgid "unable to open pipe: %m" msgstr "無法開啟管線:%m" -#: lib/eventlog/eventlog.c:894 +#: lib/eventlog/eventlog.c:1007 #, c-format msgid "%8s : %s" msgstr "%8s : %s" -#: lib/eventlog/eventlog.c:923 +#: lib/eventlog/eventlog.c:1036 #, c-format msgid "%8s : (command continued) %s" msgstr "%8s : (指令繼續執行) %s" -#: lib/iolog/iolog_fileio.c:155 -#, c-format -msgid "%s exists but is not a directory (0%o)" -msgstr "%s 存在,但非目錄 (0%o)" - -#: lib/iolog/iolog_fileio.c:185 lib/iolog/iolog_fileio.c:231 -#: plugins/sudoers/timestamp.c:205 -#, c-format -msgid "unable to mkdir %s" -msgstr "無法建立目錄 %s" - -#: lib/iolog/iolog_fileio.c:235 plugins/sudoers/visudo.c:732 -#: plugins/sudoers/visudo.c:743 -#, c-format -msgid "unable to change mode of %s to 0%o" -msgstr "無法將 %s 的模式變更為 0%o" - -#: lib/iolog/iolog_json.c:114 +#: lib/iolog/iolog_json.c:140 #, c-format msgid "expected JSON_STRING, got %d" msgstr "應為 JSON_STRNG,但收到 %d" -#: lib/iolog/iolog_json.c:327 +#: lib/iolog/iolog_json.c:145 +msgid "JSON_ARRAY too large" +msgstr "JSON_ARRAY 太大" + +#: lib/iolog/iolog_json.c:404 msgid "missing double quote in name" msgstr "名稱中缺少雙引號" -#: lib/iolog/iolog_json.c:414 +#: lib/iolog/iolog_json.c:501 +msgid "missing JSON_OBJECT" +msgstr "缺少 JSON_OBJECT" + +#: lib/iolog/iolog_json.c:505 #, c-format msgid "expected JSON_OBJECT, got %d" msgstr "應為 JSON_OBJECT,但收到 %d" -#: lib/iolog/iolog_json.c:629 lib/iolog/iolog_json.c:753 +#: lib/iolog/iolog_json.c:661 +#, c-format +msgid "json stack exhausted (max %u frames)" +msgstr "JSON 堆疊用盡(最多 %u 個框架)" + +#: lib/iolog/iolog_json.c:735 +msgid "objects must consist of name:value pairs" +msgstr "物件必須由「鍵:值」對組成" + +#: lib/iolog/iolog_json.c:740 lib/iolog/iolog_json.c:771 +#: lib/iolog/iolog_json.c:815 lib/iolog/iolog_json.c:837 +#: lib/iolog/iolog_json.c:859 lib/iolog/iolog_json.c:881 +#: lib/iolog/iolog_json.c:903 +msgid "missing separator between values" +msgstr "數值間缺少分隔符號" + +#: lib/iolog/iolog_json.c:755 lib/iolog/iolog_json.c:929 msgid "unmatched close brace" msgstr "未對稱的右大括弧" -#: lib/iolog/iolog_json.c:638 +#: lib/iolog/iolog_json.c:766 msgid "unexpected array" msgstr "不應有陣列" -#: lib/iolog/iolog_json.c:651 lib/iolog/iolog_json.c:755 +#: lib/iolog/iolog_json.c:786 lib/iolog/iolog_json.c:932 msgid "unmatched close bracket" msgstr "未對稱的右中括弧" -#: lib/iolog/iolog_json.c:659 +#: lib/iolog/iolog_json.c:797 msgid "unexpected string" msgstr "不應有字串" -#: lib/iolog/iolog_json.c:669 +#: lib/iolog/iolog_json.c:808 msgid "missing colon after name" msgstr "名稱後缺少冒號" -#: lib/iolog/iolog_json.c:680 lib/iolog/iolog_json.c:695 -#: lib/iolog/iolog_json.c:710 +#: lib/iolog/iolog_json.c:829 lib/iolog/iolog_json.c:851 msgid "unexpected boolean" msgstr "不應有布林值" -#: lib/iolog/iolog_json.c:726 +#: lib/iolog/iolog_json.c:873 +msgid "unexpected null" +msgstr "不應有 null" + +#: lib/iolog/iolog_json.c:894 msgid "unexpected number" msgstr "不應有數字" -#: lib/iolog/iolog_json.c:763 -#, c-format -msgid "%s:%u unable to parse \"%s\"" -msgstr "%s:%u 無法解析「%s」" +#: lib/iolog/iolog_json.c:941 +msgid "parse error" +msgstr "解析發生錯誤" -#: lib/iolog/iolog_util.c:71 +#: lib/iolog/iolog_legacy.c:65 #, c-format msgid "%s: invalid log file" msgstr "%s:無效的記錄檔案" -#: lib/iolog/iolog_util.c:89 +#: lib/iolog/iolog_legacy.c:83 #, c-format msgid "%s: time stamp field is missing" msgstr "%s:缺少 時間戳 欄位" -#: lib/iolog/iolog_util.c:95 +#: lib/iolog/iolog_legacy.c:89 #, c-format msgid "%s: time stamp %s: %s" msgstr "%s:時間戳 %s:%s" -#: lib/iolog/iolog_util.c:102 +#: lib/iolog/iolog_legacy.c:96 #, c-format msgid "%s: user field is missing" msgstr "%s:缺少 使用者 欄位" -#: lib/iolog/iolog_util.c:111 +#: lib/iolog/iolog_legacy.c:107 #, c-format msgid "%s: runas user field is missing" msgstr "%s:缺少 runas 使用者 欄位" -#: lib/iolog/iolog_util.c:120 +#: lib/iolog/iolog_legacy.c:118 #, c-format msgid "%s: runas group field is missing" msgstr "%s:缺少 runas 群組 欄位" -#: lib/iolog/iolog_util.c:419 +#: lib/iolog/iolog_mkdirs.c:89 +#, c-format +msgid "%s exists but is not a directory (0%o)" +msgstr "%s 存在,但非目錄 (0%o)" + +#: lib/iolog/iolog_mkdirs.c:119 lib/iolog/iolog_mkdtemp.c:77 +#: logsrvd/iolog_writer.c:807 plugins/sudoers/timestamp.c:205 +#, c-format +msgid "unable to mkdir %s" +msgstr "無法建立目錄 %s" + +#: lib/iolog/iolog_mkdtemp.c:81 plugins/sudoers/visudo.c:731 +#: plugins/sudoers/visudo.c:765 plugins/sudoers/visudo.c:771 +#, c-format +msgid "unable to change mode of %s to 0%o" +msgstr "無法將 %s 的模式變更為 0%o" + +#: lib/iolog/iolog_timing.c:261 #, c-format msgid "error reading timing file: %s" msgstr "讀取計時檔案時發生錯誤:%s" -#: lib/iolog/iolog_util.c:426 +#: lib/iolog/iolog_timing.c:268 #, c-format msgid "invalid timing file line: %s" msgstr "無效的計時檔案行號:%s" -#: logsrvd/iolog_writer.c:919 -msgid "log is already complete, cannot be restarted" -msgstr "記錄已完成,無法重新開始" +#: logsrvd/iolog_writer.c:130 plugins/sudoers/logging.c:803 +#: plugins/sudoers/policy.c:544 +msgid "unable to generate UUID" +msgstr "無法產生 UUID" -#: logsrvd/iolog_writer.c:950 -msgid "unable to restart log" -msgstr "無法重新啟動記錄" +#: logsrvd/iolog_writer.c:158 logsrvd/iolog_writer.c:176 +#: logsrvd/iolog_writer.c:185 logsrvd/iolog_writer.c:203 +#: logsrvd/iolog_writer.c:216 logsrvd/iolog_writer.c:229 +#: logsrvd/iolog_writer.c:240 logsrvd/iolog_writer.c:247 +#: logsrvd/iolog_writer.c:265 logsrvd/iolog_writer.c:272 +#: logsrvd/iolog_writer.c:290 logsrvd/iolog_writer.c:305 +#: logsrvd/iolog_writer.c:318 logsrvd/iolog_writer.c:331 +#: logsrvd/iolog_writer.c:344 logsrvd/iolog_writer.c:359 +#, c-format +msgid "%s: protocol error: wrong type for %s" +msgstr "%s:通訊協定有誤:%s 類型有錯" + +#: logsrvd/iolog_writer.c:370 logsrvd/iolog_writer.c:375 +#: logsrvd/iolog_writer.c:380 logsrvd/iolog_writer.c:385 +#, c-format +msgid "%s: protocol error: %s missing from AcceptMessage" +msgstr "%s:通訊協定有誤:AcceptMessage 缺少 %s" + +#: logsrvd/iolog_writer.c:446 +#, c-format +msgid "%s: unable to format session id" +msgstr "%s:無法格式化工作階段 ID" + +#: logsrvd/iolog_writer.c:460 logsrvd/iolog_writer.c:474 +#: logsrvd/iolog_writer.c:488 logsrvd/iolog_writer.c:503 +#: logsrvd/iolog_writer.c:517 logsrvd/iolog_writer.c:531 +#, c-format +msgid "%s: %s is not set" +msgstr "%s:%s 未設定" + +#: logsrvd/iolog_writer.c:567 logsrvd/iolog_writer.c:574 +#, c-format +msgid "unable to expand iolog path %s" +msgstr "無法展開 iolog 路徑 %s" + +#: logsrvd/iolog_writer.c:592 +#, c-format +msgid "unable to create iolog path %s" +msgstr "無法建立 iolog 路徑 %s" + +#: logsrvd/iolog_writer.c:622 +#, c-format +msgid "invalid iofd %d" +msgstr "無效的 iofd %d" + +#: logsrvd/iolog_writer.c:642 +#, c-format +msgid "error closing iofd %d: %s" +msgstr "關閉 iofd %d 時發生錯誤:%s" + +#: logsrvd/iolog_writer.c:662 +#, c-format +msgid "error flushing iofd %d: %s" +msgstr "排清 iofd %d 時發生錯誤:%s" + +#: logsrvd/iolog_writer.c:777 +#, c-format +msgid "invalid I/O log %s: %s referenced but not present" +msgstr "無效的 I/O log %s:%s 有參考,但未呈現" + +#: logsrvd/iolog_writer.c:789 logsrvd/logsrvd_journal.c:377 +#, c-format +msgid "%s: unable to find resume point [%lld, %ld]" +msgstr "%s:找不到繼續點 [%lld, %ld]" + +#: logsrvd/iolog_writer.c:811 logsrvd/logsrvd_journal.c:420 +#: logsrvd/logsrvd_queue.c:110 logsrvd/tls_init.c:245 +#: plugins/sudoers/check.c:274 plugins/sudoers/cvtsudoers.c:727 +#: plugins/sudoers/cvtsudoers.c:748 plugins/sudoers/cvtsudoers.c:1439 +#: plugins/sudoers/cvtsudoers_csv.c:681 plugins/sudoers/cvtsudoers_json.c:885 +#: plugins/sudoers/cvtsudoers_ldif.c:697 plugins/sudoers/sudoers.c:1092 +#: plugins/sudoers/sudoreplay.c:1466 plugins/sudoers/timestamp.c:433 +#: plugins/sudoers/tsdump.c:128 plugins/sudoers/visudo.c:949 +#, c-format +msgid "unable to open %s" +msgstr "無法開啟 %s" -#: logsrvd/logsrv_util.c:99 logsrvd/logsrv_util.c:106 -#: plugins/sudoers/sudoreplay.c:352 plugins/sudoers/sudoreplay.c:358 +#: logsrvd/iolog_writer.c:823 logsrvd/logsrv_util.c:100 +#: logsrvd/logsrv_util.c:107 plugins/sudoers/sudoreplay.c:362 +#: plugins/sudoers/sudoreplay.c:368 #, c-format msgid "unable to open %s/%s" msgstr "無法開啟 %s/%s" -#: logsrvd/logsrv_util.c:133 +#: logsrvd/iolog_writer.c:836 +#, c-format +msgid "unable to copy %s/%s to %s/%s: %s" +msgstr "無法複製 %s/%s 至 %s/%s:%s" + +#: logsrvd/iolog_writer.c:865 logsrvd/logsrvd_journal.c:185 +#, c-format +msgid "unable to rename %s to %s" +msgstr "無法重新命名 %s 至 %s" + +#: logsrvd/logsrv_util.c:139 logsrvd/logsrv_util.c:168 +#, c-format +msgid "%s/%s: unable to find resume point [%lld, %ld]" +msgstr "%s/%s:找不到繼續點 [%lld, %ld]" + +#: logsrvd/logsrv_util.c:151 #, c-format msgid "missing I/O log file %s/%s" msgstr "缺少 I/O 記錄檔 %s/%s" -#: logsrvd/logsrv_util.c:140 +#: logsrvd/logsrv_util.c:158 #, c-format msgid "%s/%s: unable to seek forward %zu" msgstr "%s/%s:無法往前搜尋 %zu" -#: logsrvd/logsrv_util.c:150 -#, c-format -msgid "unable to find resume point [%lld, %ld] in %s/%s" -msgstr "%3$s/%4$s 中找不到繼續點 [%1$lld, %2$ld]" +#: logsrvd/logsrvd.c:266 logsrvd/logsrvd_queue.c:130 +msgid "unable to connect to relay" +msgstr "無法連線至轉送點" + +#: logsrvd/logsrvd.c:325 logsrvd/logsrvd_relay.c:835 +#, c-format +msgid "server message too large: %zu" +msgstr "伺服器訊息過長:%zu" + +#: logsrvd/logsrvd.c:417 logsrvd/logsrvd.c:534 logsrvd/logsrvd.c:613 +#: logsrvd/logsrvd.c:837 logsrvd/logsrvd.c:851 logsrvd/logsrvd.c:1010 +#: logsrvd/logsrvd.c:1134 logsrvd/logsrvd.c:1307 logsrvd/logsrvd.c:1325 +#: logsrvd/logsrvd.c:1423 logsrvd/logsrvd.c:1546 logsrvd/logsrvd.c:1730 +#: logsrvd/logsrvd_journal.c:489 logsrvd/logsrvd_local.c:197 +#: logsrvd/logsrvd_queue.c:159 logsrvd/logsrvd_relay.c:167 +#: logsrvd/logsrvd_relay.c:244 logsrvd/logsrvd_relay.c:248 +#: logsrvd/logsrvd_relay.c:384 logsrvd/logsrvd_relay.c:576 +#: logsrvd/logsrvd_relay.c:737 logsrvd/logsrvd_relay.c:1121 +#: logsrvd/sendlog.c:1316 logsrvd/tls_client.c:131 logsrvd/tls_client.c:147 +#: logsrvd/tls_client.c:209 plugins/sudoers/audit.c:276 +#: plugins/sudoers/iolog.c:963 plugins/sudoers/iolog.c:1096 +#: plugins/sudoers/iolog.c:1194 plugins/sudoers/log_client.c:116 +#: plugins/sudoers/log_client.c:332 plugins/sudoers/log_client.c:348 +#: plugins/sudoers/log_client.c:395 plugins/sudoers/log_client.c:599 +#: plugins/sudoers/log_client.c:606 plugins/sudoers/log_client.c:1131 +#: plugins/sudoers/log_client.c:1413 plugins/sudoers/log_client.c:1454 +#: plugins/sudoers/log_client.c:1462 plugins/sudoers/log_client.c:1618 +#: plugins/sudoers/log_client.c:1734 plugins/sudoers/log_client.c:2054 +#: plugins/sudoers/log_client.c:2062 plugins/sudoers/logging.c:142 +#: plugins/sudoers/logging.c:198 plugins/sudoers/sudoreplay.c:522 +#: plugins/sudoers/sudoreplay.c:569 plugins/sudoers/sudoreplay.c:811 +#: plugins/sudoers/sudoreplay.c:923 plugins/sudoers/sudoreplay.c:1014 +#: plugins/sudoers/sudoreplay.c:1029 plugins/sudoers/sudoreplay.c:1036 +#: plugins/sudoers/sudoreplay.c:1043 plugins/sudoers/sudoreplay.c:1050 +#: plugins/sudoers/sudoreplay.c:1057 plugins/sudoers/sudoreplay.c:1184 +msgid "unable to add event to queue" +msgstr "無法將事件附加到佇列" -#: logsrvd/logsrvd.c:290 logsrvd/logsrvd.c:353 logsrvd/logsrvd.c:394 -#: logsrvd/logsrvd.c:449 logsrvd/logsrvd.c:517 logsrvd/logsrvd.c:568 -#: logsrvd/logsrvd.c:600 logsrvd/logsrvd.c:632 +#: logsrvd/logsrvd.c:441 logsrvd/logsrvd.c:478 logsrvd/logsrvd.c:510 +#: logsrvd/logsrvd.c:558 logsrvd/logsrvd.c:630 logsrvd/logsrvd.c:660 +#: logsrvd/logsrvd.c:690 logsrvd/logsrvd.c:720 logsrvd/logsrvd_relay.c:505 +#: logsrvd/logsrvd_relay.c:538 +#, c-format +msgid "unexpected state %d for %s" +msgstr "%2$s 發生非預期狀態 %1$d" + +#: logsrvd/logsrvd.c:442 logsrvd/logsrvd.c:479 logsrvd/logsrvd.c:511 +#: logsrvd/logsrvd.c:559 logsrvd/logsrvd.c:631 logsrvd/logsrvd.c:661 +#: logsrvd/logsrvd.c:691 logsrvd/logsrvd.c:721 logsrvd/logsrvd_relay.c:507 +#: logsrvd/logsrvd_relay.c:540 msgid "state machine error" msgstr "狀態機器發生錯誤" -#: logsrvd/logsrvd.c:299 +#: logsrvd/logsrvd.c:448 logsrvd/logsrvd.c:449 msgid "invalid AcceptMessage" msgstr "無效的 AcceptMessage" -#: logsrvd/logsrvd.c:307 -msgid "error parsing AcceptMessage" -msgstr "解析 AcceptMessage 時發生錯誤" - -#: logsrvd/logsrvd.c:314 -msgid "error creating I/O log" -msgstr "建立 I/O 日誌時發生錯誤" - -#: logsrvd/logsrvd.c:321 -msgid "error logging accept event" -msgstr "記錄接受事件時發生錯誤" - -#: logsrvd/logsrvd.c:362 +#: logsrvd/logsrvd.c:485 logsrvd/logsrvd.c:486 msgid "invalid RejectMessage" msgstr "無效的 RejectMessage" -#: logsrvd/logsrvd.c:370 -msgid "error parsing RejectMessage" -msgstr "解析 RejectMessage 時發生錯誤" - -#: logsrvd/logsrvd.c:376 -msgid "error logging reject event" -msgstr "記錄拒絕事件時發生錯誤" - -#: logsrvd/logsrvd.c:486 +#: logsrvd/logsrvd.c:593 logsrvd/logsrvd.c:594 msgid "invalid AlertMessage" msgstr "無效的 AlertMessage" -#: logsrvd/logsrvd.c:494 -msgid "error parsing AlertMessage" -msgstr "解析 AlertMessage 時發生錯誤" - -#: logsrvd/logsrvd.c:502 -msgid "error logging alert event" -msgstr "記錄提醒事件時發生錯誤" +#: logsrvd/logsrvd.c:635 logsrvd/logsrvd.c:665 logsrvd/logsrvd.c:695 +#, c-format +msgid "%s: unexpected IoBuffer" +msgstr "%s:非預期的 IoBuffer" -#: logsrvd/logsrvd.c:523 logsrvd/logsrvd.c:574 logsrvd/logsrvd.c:606 +#: logsrvd/logsrvd.c:636 logsrvd/logsrvd.c:666 logsrvd/logsrvd.c:696 msgid "protocol error" msgstr "通訊協定錯誤" -#: logsrvd/logsrvd.c:533 -msgid "error writing IoBuffer" -msgstr "寫入 IoBuffer 時發生錯誤" - -#: logsrvd/logsrvd.c:585 -msgid "error writing ChangeWindowSize" -msgstr "寫入 ChangeWindowSize 時發生錯誤" - -#: logsrvd/logsrvd.c:617 -msgid "error writing CommandSuspend" -msgstr "寫入 CommandSuspend 時發生錯誤" +#: logsrvd/logsrvd.c:791 logsrvd/logsrvd_journal.c:357 +#: logsrvd/logsrvd_local.c:125 logsrvd/logsrvd_relay.c:671 +#, c-format +msgid "unexpected type_case value %d in %s from %s" +msgstr "從 %3$s 收到的 %2$s 中,發現非預期的 type_case 值 %1$d" -#: logsrvd/logsrvd.c:702 +#: logsrvd/logsrvd.c:793 msgid "unrecognized ClientMessage type" msgstr "無法識別的 ClientMessage 類型" -#: logsrvd/logsrvd.c:967 -msgid "client message too large" -msgstr "用戶端訊息過長" - -#: logsrvd/logsrvd.c:1197 logsrvd/logsrvd.c:1205 +#: logsrvd/logsrvd.c:883 #, c-format -msgid "unable to set TLS 1.2 ciphersuite to %s: %s" -msgstr "無法將 TLS 1.2 加密套件設為 %s:%s" - -#: logsrvd/logsrvd.c:1225 logsrvd/logsrvd.c:1233 -#, c-format -msgid "unable to set TLS 1.3 ciphersuite to %s: %s" -msgstr "無法將 TLS 1.3 加密套件設為 %s:%s" - -#: logsrvd/logsrvd.c:1269 -#, c-format -msgid "unable to get TLS server method: %s" -msgstr "無法取得 TLS 伺服器方法:%s" +msgid "timed out writing to client %s" +msgstr "寫入 %s 用戶端等待逾時" -#: logsrvd/logsrvd.c:1274 +#: logsrvd/logsrvd.c:888 logsrvd/logsrvd_relay.c:907 logsrvd/sendlog.c:1420 #, c-format -msgid "unable to create TLS context: %s" -msgstr "無法建立 TLS 情境:%s" +msgid "missing write buffer for client %s" +msgstr "缺少 %s 用戶端的寫入緩衝區" -#: logsrvd/logsrvd.c:1281 plugins/sudoers/log_client.c:236 +#: logsrvd/logsrvd.c:981 #, c-format -msgid "unable to load certificate %s" -msgstr "無法載入 %s 憑證" +msgid "timed out reading from client %s" +msgstr "從 %s 用戶端讀取等待逾時" -#: logsrvd/logsrvd.c:1294 plugins/sudoers/log_client.c:216 +#: logsrvd/logsrvd.c:1022 logsrvd/logsrvd_relay.c:771 #, c-format -msgid "unable to load certificate authority bundle %s" -msgstr "無法載入 %s 憑證授權單位組合" +msgid "EOF from %s without proper TLS shutdown" +msgstr "從 %s 收到 EOF,但其未正確關閉 TLS。" -#: logsrvd/logsrvd.c:1339 plugins/sudoers/log_client.c:249 +#: logsrvd/logsrvd.c:1065 logsrvd/logsrvd_relay.c:200 logsrvd/sendlog.c:317 +#: plugins/sudoers/log_client.c:709 #, c-format -msgid "unable to load private key %s" -msgstr "無法載入 %s 私鑰" +msgid "client message too large: %zu" +msgstr "用戶端訊息過長:%zu" -#: logsrvd/logsrvd.c:1356 logsrvd/logsrvd.c:1365 -#, c-format -msgid "unable to set diffie-hellman parameters: %s" -msgstr "無法設定迪菲-赫爾曼參數:%s" +#: logsrvd/logsrvd.c:1066 logsrvd/logsrvd_journal.c:246 +#: logsrvd/logsrvd_journal.c:247 +msgid "client message too large" +msgstr "用戶端訊息過長" -#: logsrvd/logsrvd.c:1378 -#, c-format -msgid "unable to set minimum protocol version to TLS 1.2: %s" -msgstr "無法將最低通訊協定版本設為 TLS 1.2:%s" +#: logsrvd/logsrvd.c:1084 logsrvd/logsrvd.c:1085 +msgid "invalid ClientMessage" +msgstr "無效的 ClientMessage" -#: logsrvd/logsrvd.c:1563 +#: logsrvd/logsrvd.c:1386 msgid "unable to get remote IP addr" msgstr "無法取得遠端 IP 地址" -#: logsrvd/logsrvd.c:1591 plugins/sudoers/log_client.c:263 +#: logsrvd/logsrvd.c:1415 logsrvd/tls_client.c:196 +#: plugins/sudoers/log_client.c:270 #, c-format msgid "Unable to attach user data to the ssl object: %s" msgstr "無法將使用者資料連結至 SSL 物件:%s" -#: logsrvd/logsrvd.c:1599 logsrvd/logsrvd.c:1721 logsrvd/logsrvd.c:1823 -#: logsrvd/sendlog.c:1125 logsrvd/sendlog.c:1481 logsrvd/sendlog.c:1496 -#: logsrvd/sendlog.c:1554 plugins/sudoers/iolog.c:956 -#: plugins/sudoers/iolog.c:1089 plugins/sudoers/iolog.c:1187 -#: plugins/sudoers/log_client.c:109 plugins/sudoers/log_client.c:324 -#: plugins/sudoers/log_client.c:340 plugins/sudoers/log_client.c:386 -#: plugins/sudoers/log_client.c:587 plugins/sudoers/log_client.c:594 -#: plugins/sudoers/log_client.c:1103 plugins/sudoers/log_client.c:1376 -#: plugins/sudoers/log_client.c:1417 plugins/sudoers/log_client.c:1425 -#: plugins/sudoers/log_client.c:1576 plugins/sudoers/log_client.c:1692 -#: plugins/sudoers/log_client.c:2007 plugins/sudoers/log_client.c:2015 -#: plugins/sudoers/sudoreplay.c:512 plugins/sudoers/sudoreplay.c:559 -#: plugins/sudoers/sudoreplay.c:791 plugins/sudoers/sudoreplay.c:903 -#: plugins/sudoers/sudoreplay.c:993 plugins/sudoers/sudoreplay.c:1008 -#: plugins/sudoers/sudoreplay.c:1015 plugins/sudoers/sudoreplay.c:1022 -#: plugins/sudoers/sudoreplay.c:1029 plugins/sudoers/sudoreplay.c:1036 -#: plugins/sudoers/sudoreplay.c:1163 -msgid "unable to add event to queue" -msgstr "無法將事件附加到佇列" - -#: logsrvd/logsrvd.c:1775 logsrvd/logsrvd.c:2011 -msgid "unable setup listen socket" -msgstr "無法設定監聽通訊端 (socket)" +#: logsrvd/logsrvd.c:1596 logsrvd/logsrvd.c:1949 +msgid "unable to setup listen socket" +msgstr "無法設定監聽 socket 通訊端" -#: logsrvd/logsrvd.c:1917 logsrvd/sendlog.c:124 +#: logsrvd/logsrvd.c:1713 #, c-format -msgid "" -"%s - send sudo I/O log to remote server\n" -"\n" -msgstr "" -"%s - 傳送 sudo I/O 記錄至遠端伺服器\n" -"\n" +msgid "unexpected signal %d" +msgstr "發生非預期信號 %d" -#: logsrvd/logsrvd.c:1920 -#, fuzzy -msgid "" -"\n" -"Options:\n" -" -f, --file path to configuration file\n" -" -h --help display help message and exit\n" -" -n, --no-fork do not fork, run in the foreground\n" -" -R, --random-drop percent chance connections will drop\n" -" -V, --version display version information and exit\n" -msgstr "" -"\n" -"選項:\n" -" -f, --file 設定檔路徑\n" -" -h, --help 顯示說明訊息並退出\n" -" -n, --no-fork 不要 fork,在前景執行\n" -" -R, --random-drop percent chance connections will drop\n" -" -V, --version 顯示版本資訊後離開\n" +#: logsrvd/logsrvd.c:1851 +msgid "sudo log server" +msgstr "sudo 記錄伺服器" + +#: logsrvd/logsrvd.c:1853 logsrvd/sendlog.c:116 +msgid "Options:" +msgstr "選項:" + +#: logsrvd/logsrvd.c:1855 +msgid "path to configuration file" +msgstr "設定檔路徑" + +#: logsrvd/logsrvd.c:1857 logsrvd/sendlog.c:118 +msgid "display help message and exit" +msgstr "顯示說明訊息後結束" + +#: logsrvd/logsrvd.c:1859 +msgid "do not fork, run in the foreground" +msgstr "不要 fork,在前景執行" + +#: logsrvd/logsrvd.c:1861 +msgid "percent chance connections will drop" +msgstr "拋棄連線的機率百分比" -#: logsrvd/logsrvd.c:1972 logsrvd/sendlog.c:1719 +#: logsrvd/logsrvd.c:1863 logsrvd/sendlog.c:148 +msgid "display version information and exit" +msgstr "顯示版本資訊後結束" + +#: logsrvd/logsrvd.c:1913 logsrvd/sendlog.c:1725 msgid "Protobuf-C version 1.3 or higher required" msgstr "需要 Protobuf-C 版本 1.3 或更高版本" -#: logsrvd/logsrvd.c:1990 +#: logsrvd/logsrvd.c:1929 #, c-format msgid "invalid random drop value: %s" msgstr "隨機丟棄值無效:%s" -#: logsrvd/logsrvd.c:1994 logsrvd/sendlog.c:1769 -#: plugins/sudoers/cvtsudoers.c:228 plugins/sudoers/sudoreplay.c:299 +#: logsrvd/logsrvd.c:1932 logsrvd/sendlog.c:1779 +#: plugins/sudoers/cvtsudoers.c:246 plugins/sudoers/sudoreplay.c:301 #: plugins/sudoers/visudo.c:177 #, c-format msgid "%s version %s\n" msgstr "%s 版本 %s\n" -#: logsrvd/logsrvd_conf.c:331 +#: logsrvd/logsrvd_conf.c:390 plugins/sudoers/check.c:336 +#: plugins/sudoers/exptilde.c:85 plugins/sudoers/iolog.c:118 +#: plugins/sudoers/policy.c:1214 plugins/sudoers/sudoers.c:486 +#: plugins/sudoers/sudoers.c:1347 plugins/sudoers/testsudoers.c:215 +#: plugins/sudoers/testsudoers.c:382 +#, c-format +msgid "unknown user %s" +msgstr "未知使用者 %s" + +#: logsrvd/logsrvd_conf.c:407 plugins/sudoers/iolog.c:143 +#: plugins/sudoers/sudoers.c:491 plugins/sudoers/sudoers.c:1381 +#: plugins/sudoers/testsudoers.c:406 +#, c-format +msgid "unknown group %s" +msgstr "未知群組 %s" + +#: logsrvd/logsrvd_conf.c:425 +#, c-format +msgid "unable to parse iolog mode %s" +msgstr "無法解析 iolog 模式 %s" + +#: logsrvd/logsrvd_conf.c:442 logsrvd/logsrvd_conf.c:1171 +#, c-format +msgid "invalid value for %s: %s" +msgstr "%s 的值無效:%s" + +#: logsrvd/logsrvd_conf.c:481 msgid "TLS not supported" msgstr "不支援 TLS" -#: logsrvd/logsrvd_conf.c:343 +#: logsrvd/logsrvd_conf.c:503 #, c-format msgid "%s:%s" msgstr "%s:%s" -#: logsrvd/logsrvd_conf.c:409 logsrvd/logsrvd_conf.c:653 +#: logsrvd/logsrvd_conf.c:576 logsrvd/logsrvd_conf.c:970 #, c-format msgid "%s: not a fully qualified path" msgstr "%s:路徑不完全合法" -#: logsrvd/logsrvd_conf.c:767 +#: logsrvd/logsrvd_conf.c:888 logsrvd/logsrvd_conf.c:904 +#: logsrvd/logsrvd_conf.c:1586 +#, c-format +msgid "unknown syslog facility %s" +msgstr "未知的 syslog 裝置 %s" + +#: logsrvd/logsrvd_conf.c:920 logsrvd/logsrvd_conf.c:936 +#: logsrvd/logsrvd_conf.c:952 logsrvd/logsrvd_conf.c:1590 +#: logsrvd/logsrvd_conf.c:1594 logsrvd/logsrvd_conf.c:1598 +#, c-format +msgid "unknown syslog priority %s" +msgstr "未知 syslog 優先級 %s" + +#: logsrvd/logsrvd_conf.c:1132 #, c-format msgid "%s:%d unmatched '[': %s" msgstr "%s:%d 不對稱的 '[': %s" -#: logsrvd/logsrvd_conf.c:778 +#: logsrvd/logsrvd_conf.c:1143 #, c-format msgid "%s:%d invalid config section: %s" msgstr "%s:%d 無效的設定檔區段:%s" -#: logsrvd/logsrvd_conf.c:786 +#: logsrvd/logsrvd_conf.c:1151 #, c-format msgid "%s:%d invalid configuration line: %s" msgstr "%s:%d 無效的設定檔行:%s" -#: logsrvd/logsrvd_conf.c:792 +#: logsrvd/logsrvd_conf.c:1157 #, c-format msgid "%s:%d expected section name: %s" msgstr "%s:%d 應有區段名稱:%s" -#: logsrvd/logsrvd_conf.c:806 +#: logsrvd/logsrvd_conf.c:1179 #, c-format -msgid "invalid value for %s: %s" -msgstr "%s 的值無效:%s" +msgid "%s:%d [%s] illegal key: %s" +msgstr "%s:%d [%s] 本設定鍵無效:%s" -#: logsrvd/logsrvd_conf.c:814 +#: logsrvd/logsrvd_conf.c:1209 plugins/sudoers/cvtsudoers.c:268 +#: plugins/sudoers/logging.c:856 #, c-format -msgid "%s:%d unknown key: %s" -msgstr "%s:%d 未知鍵:%s" +msgid "unable to open log file %s" +msgstr "無法開啟記錄檔案 %s" + +#: logsrvd/logsrvd_conf.c:1666 +msgid "unable to initialize server TLS context" +msgstr "無法初始化伺服器 TLS 上下文" + +#: logsrvd/logsrvd_conf.c:1686 +msgid "unable to initialize relay TLS context" +msgstr "無法初始化轉送 TLS 上下文" + +#: logsrvd/logsrvd_journal.c:136 logsrvd/logsrvd_journal.c:416 +#: logsrvd/logsrvd_journal.c:421 +msgid "unable to create journal file" +msgstr "無法建立日誌檔案" -#: logsrvd/logsrvd_conf.c:1003 +#: logsrvd/logsrvd_journal.c:140 logsrvd/logsrvd_queue.c:104 +#: plugins/sudoers/visudo.c:1007 #, c-format -msgid "unknown syslog facility %s" -msgstr "未知的 syslog 裝置 %s" +msgid "unable to lock %s" +msgstr "無法鎖定 %s" -#: logsrvd/logsrvd_conf.c:1007 logsrvd/logsrvd_conf.c:1011 -#: logsrvd/logsrvd_conf.c:1015 +#: logsrvd/logsrvd_journal.c:143 +msgid "unable to lock journal file" +msgstr "無法鎖定日誌檔案" + +#: logsrvd/logsrvd_journal.c:151 +msgid "unable to open journal file" +msgstr "無法開啟日誌檔案" + +#: logsrvd/logsrvd_journal.c:172 logsrvd/logsrvd_journal.c:452 +#: logsrvd/logsrvd_journal.c:457 +msgid "unable to write journal file" +msgstr "無法寫入日誌檔案" + +#: logsrvd/logsrvd_journal.c:180 logsrvd/logsrvd_journal.c:187 +msgid "unable to rename journal file" +msgstr "無法重新命名日誌檔案" + +#: logsrvd/logsrvd_journal.c:234 logsrvd/logsrvd_journal.c:235 +#: logsrvd/logsrvd_journal.c:269 logsrvd/logsrvd_journal.c:270 +msgid "unexpected EOF reading journal file" +msgstr "讀取日誌檔案時遇到非預期的結束字元 (EOF)" + +#: logsrvd/logsrvd_journal.c:238 logsrvd/logsrvd_journal.c:239 +#: logsrvd/logsrvd_journal.c:273 logsrvd/logsrvd_journal.c:274 +msgid "error reading journal file" +msgstr "讀取日誌檔案時發生錯誤" + +#: logsrvd/logsrvd_journal.c:285 logsrvd/logsrvd_journal.c:376 +msgid "invalid journal file, unable to restart" +msgstr "日誌檔案無效,無法重新開始" + +#: logsrvd/logsrvd_journal.c:435 #, c-format -msgid "unknown syslog priority %s" -msgstr "未知 syslog 優先級 %s" +msgid "unable to seek to [%lld, %ld] in journal file %s" +msgstr "無法搜尋至 %3$s 檔案的 [%1$lld, %2$ld] 位置" -#: logsrvd/sendlog.c:127 -msgid "" -"\n" -"Options:\n" -" --help display help message and exit\n" -" -A, --accept only send an accept event (no I/O)\n" -" -h, --host host to send logs to\n" -" -i, --iolog_id remote ID of I/O log to be resumed\n" -" -p, --port port to use when connecting to host\n" -" -r, --restart restart previous I/O log transfer\n" -" -R, --reject reject the command with the given reason\n" -" -b, --ca-bundle certificate bundle file to verify server's cert against\n" -" -c, --cert certificate file for TLS handshake\n" -" -k, --key private key file\n" -" -n, --no-verify do not verify server certificate\n" -" -t, --test test audit server by sending selected I/O log n times in parallel\n" -" -V, --version display version information and exit\n" -msgstr "" -"\n" -"選項:\n" -" --help 顯示說明訊息後離開\n" -" -A, --accept 只傳送接受事件 (無 I/O)\n" -" -h, --host 要傳送記錄至的目標主機\n" -" -i, --iolog_id 要繼續的 I/O 記錄的遠端 ID\n" -" -p, --port 連線到主機時要使用的連線埠\n" -" -r, --restart 重新啟動上次的 I/O 記錄傳輸\n" -" -R, --reject 以提供的原因拒絕命令\n" -" -b, --ca-bundle 用來核驗伺服器憑證針對對象的憑證組合檔案\n" -" -c, --cert 用於 TLS 交握的憑證檔案\n" -" -k, --key 私鑰檔案\n" -" -n, --no-verify 不核驗伺服器憑證\n" -" -t, --test 透過並行傳送選取的 I/O 記錄 n 次來測試稽核伺服器\n" -" -V, --version 顯示版本資訊後離開\n" +#: logsrvd/logsrvd_local.c:153 +msgid "error parsing AcceptMessage" +msgstr "解析 AcceptMessage 時發生錯誤" + +#: logsrvd/logsrvd_local.c:164 +msgid "error creating I/O log" +msgstr "建立 I/O 日誌時發生錯誤" + +#: logsrvd/logsrvd_local.c:187 +msgid "error logging accept event" +msgstr "記錄接受事件時發生錯誤" + +#: logsrvd/logsrvd_local.c:226 +msgid "error parsing RejectMessage" +msgstr "解析 RejectMessage 時發生錯誤" + +#: logsrvd/logsrvd_local.c:250 +msgid "error logging reject event" +msgstr "記錄拒絕事件時發生錯誤" + +#: logsrvd/logsrvd_local.c:386 logsrvd/logsrvd_local.c:394 +msgid "error logging exit event" +msgstr "記錄離開 (exit) 事件時發生錯誤" + +#: logsrvd/logsrvd_local.c:451 logsrvd/logsrvd_local.c:452 +msgid "log is already complete, cannot be restarted" +msgstr "記錄已完成,無法重新開始" + +#: logsrvd/logsrvd_local.c:482 +msgid "unable to restart log" +msgstr "無法重新啟動記錄" + +#: logsrvd/logsrvd_local.c:498 +msgid "error parsing AlertMessage" +msgstr "解析 AlertMessage 時發生錯誤" + +#: logsrvd/logsrvd_local.c:508 +msgid "error logging alert event" +msgstr "記錄提醒事件時發生錯誤" + +#: logsrvd/logsrvd_local.c:543 logsrvd/logsrvd_local.c:596 +#: logsrvd/logsrvd_local.c:631 +#, c-format +msgid "unable to format timing buffer, length %d" +msgstr "無法格式化計時緩衝區,長度 %d" -#: logsrvd/sendlog.c:164 plugins/sudoers/log_client.c:432 +#: logsrvd/logsrvd_local.c:550 logsrvd/logsrvd_local.c:558 +#: logsrvd/logsrvd_local.c:603 logsrvd/logsrvd_local.c:638 +#: plugins/sudoers/sudoreplay.c:351 +#, c-format +msgid "%s/%s: %s" +msgstr "%s/%s: %s" + +#: logsrvd/logsrvd_local.c:578 +msgid "error writing IoBuffer" +msgstr "寫入 IoBuffer 時發生錯誤" + +#: logsrvd/logsrvd_local.c:613 +msgid "error writing ChangeWindowSize" +msgstr "寫入 ChangeWindowSize 時發生錯誤" + +#: logsrvd/logsrvd_local.c:648 +msgid "error writing CommandSuspend" +msgstr "寫入 CommandSuspend 時發生錯誤" + +#: logsrvd/logsrvd_relay.c:430 +msgid "TLS handshake with relay host failed" +msgstr "無法與轉送主機進行 TLS 交握" + +#: logsrvd/logsrvd_relay.c:458 +msgid "unable to connect to relay host" +msgstr "無法連線至轉送主機" + +#: logsrvd/logsrvd_relay.c:513 +#, c-format +msgid "%s: invalid ServerHello, missing server_id" +msgstr "%s:無效的 ServerHello,缺少 server_id" + +#: logsrvd/logsrvd_relay.c:515 logsrvd/sendlog.c:1121 +#: plugins/sudoers/log_client.c:1497 +msgid "invalid ServerHello" +msgstr "無效的 ServerHello" + +#: logsrvd/logsrvd_relay.c:674 +msgid "unrecognized ServerMessage type" +msgstr "未知 ServerMessage 類型" + +#: logsrvd/logsrvd_relay.c:703 +#, c-format +msgid "timed out reading from relay %s (%s)" +msgstr "從轉送點 %s 讀取等待逾時 (%s)" + +#: logsrvd/logsrvd_relay.c:705 +msgid "timeout reading from relay" +msgstr "從轉送點讀取時等待逾時" + +#: logsrvd/logsrvd_relay.c:757 +msgid "relay host name does not match certificate" +msgstr "轉送點主機名稱與憑證不同" + +#: logsrvd/logsrvd_relay.c:763 logsrvd/logsrvd_relay.c:776 +#: logsrvd/logsrvd_relay.c:782 +msgid "error reading from relay" +msgstr "從轉送點讀取時發生錯誤" + +#: logsrvd/logsrvd_relay.c:803 +msgid "unable to read from relay" +msgstr "無法從轉送點讀取" + +#: logsrvd/logsrvd_relay.c:818 logsrvd/logsrvd_relay.c:936 +msgid "relay server closed connection" +msgstr "轉送伺服器已經關閉連線" + +#: logsrvd/logsrvd_relay.c:836 +msgid "server message too large" +msgstr "伺服器訊息過長" + +#: logsrvd/logsrvd_relay.c:900 +#, c-format +msgid "timed out writing to relay %s (%s)" +msgstr "寫入轉送點 %s 等待逾時 (%s)" + +#: logsrvd/logsrvd_relay.c:902 +msgid "timeout writing to relay" +msgstr "寫入至轉送點時等待逾時" + +#: logsrvd/logsrvd_relay.c:955 logsrvd/logsrvd_relay.c:961 +#: logsrvd/logsrvd_relay.c:971 +msgid "error writing to relay" +msgstr "寫入至轉送點時發生錯誤" + +#: logsrvd/sendlog.c:114 +msgid "send sudo I/O log to remote server" +msgstr "傳送 sudo I/O 記錄到遠端伺服器" + +#: logsrvd/sendlog.c:120 +msgid "only send an accept event (no I/O)" +msgstr "只傳送接受事件(無 I/O)" + +#: logsrvd/sendlog.c:123 +msgid "certificate bundle file to verify server's cert against" +msgstr "用來驗證伺服器 cert against 的憑證組合檔案" + +#: logsrvd/sendlog.c:125 +msgid "certificate file for TLS handshake" +msgstr "用在 TLS 交握的憑證檔案" + +#: logsrvd/sendlog.c:128 +msgid "host to send logs to" +msgstr "記錄的傳送目的地主機" + +#: logsrvd/sendlog.c:130 +msgid "remote ID of I/O log to be resumed" +msgstr "要恢復的 I/O 記錄的遠端 ID" + +#: logsrvd/sendlog.c:133 +msgid "private key file" +msgstr "私鑰檔案" + +#: logsrvd/sendlog.c:135 +msgid "do not verify server certificate" +msgstr "不要驗證伺服器的憑證" + +#: logsrvd/sendlog.c:138 +msgid "port to use when connecting to host" +msgstr "連接主機時要使用的連接埠" + +#: logsrvd/sendlog.c:140 +msgid "restart previous I/O log transfer" +msgstr "重新開始上一個 I/O 記錄傳輸" + +#: logsrvd/sendlog.c:142 +msgid "reject the command with the given reason" +msgstr "以指定理由拒絕命令" + +#: logsrvd/sendlog.c:144 +msgid "stop transfer after reaching this time" +msgstr "超過指定時間時停止傳輸" + +#: logsrvd/sendlog.c:146 +msgid "test audit server by sending selected I/O log n times in parallel" +msgstr "透過平行傳送選取 I/O 記錄 n 次來測試稽核伺服器" + +#: logsrvd/sendlog.c:171 plugins/sudoers/log_client.c:441 #, c-format msgid "unable to look up %s:%s: %s" msgstr "無法查看 %s:%s: %s" -#: logsrvd/sendlog.c:202 +#: logsrvd/sendlog.c:209 msgid "unable to get server IP addr" msgstr "無法取得伺服器 IP 地址" -#: logsrvd/sendlog.c:256 plugins/sudoers/sudoreplay.c:851 +#: logsrvd/sendlog.c:295 plugins/sudoers/sudoreplay.c:871 #, c-format msgid "unable to read %s/%s: %s" msgstr "無法讀取 %s/%s: %s" -#: logsrvd/sendlog.c:277 plugins/sudoers/log_client.c:694 -#, c-format -msgid "client message too large: %zu" -msgstr "用戶端訊息過長:%zu" - -#: logsrvd/sendlog.c:810 -#, c-format -msgid "%s: write buffer already in use" -msgstr "%s:寫入緩衝區正被使用" - -#: logsrvd/sendlog.c:862 plugins/sudoers/iolog.c:880 -#: plugins/sudoers/iolog.c:949 +#: logsrvd/sendlog.c:1045 plugins/sudoers/iolog.c:887 +#: plugins/sudoers/iolog.c:956 #, c-format msgid "unexpected I/O event %d" msgstr "不應有的 I/O 事件 %d" -#: logsrvd/sendlog.c:908 logsrvd/sendlog.c:925 logsrvd/sendlog.c:959 -#: plugins/sudoers/log_client.c:1118 plugins/sudoers/log_client.c:1386 -#: plugins/sudoers/log_client.c:1454 plugins/sudoers/log_client.c:1490 +#: logsrvd/sendlog.c:1098 logsrvd/sendlog.c:1115 logsrvd/sendlog.c:1149 +#: plugins/sudoers/log_client.c:1146 plugins/sudoers/log_client.c:1423 +#: plugins/sudoers/log_client.c:1491 plugins/sudoers/log_client.c:1530 #, c-format msgid "%s: unexpected state %d" msgstr "%s:不應有的狀態 %d" -#: logsrvd/sendlog.c:931 plugins/sudoers/log_client.c:1460 -msgid "invalid ServerHello" -msgstr "無效的 ServerHello" - -#: logsrvd/sendlog.c:995 plugins/sudoers/log_client.c:1534 +#: logsrvd/sendlog.c:1185 plugins/sudoers/log_client.c:1576 #, c-format msgid "error message received from server: %s" msgstr "自伺服器接收到錯誤訊息:%s" -#: logsrvd/sendlog.c:1008 plugins/sudoers/log_client.c:1547 +#: logsrvd/sendlog.c:1198 plugins/sudoers/log_client.c:1589 #, c-format msgid "abort message received from server: %s" msgstr "自伺服器接收到中止訊息:%s" -#: logsrvd/sendlog.c:1027 plugins/sudoers/log_client.c:1566 -msgid "unable to unpack ServerMessage" -msgstr "無法解開 ServerMessage" - -#: logsrvd/sendlog.c:1067 plugins/sudoers/log_client.c:1597 +#: logsrvd/sendlog.c:1257 plugins/sudoers/log_client.c:1639 #, c-format msgid "%s: unexpected type_case value %d" msgstr "%s:不應有的 type_case 值 %d" -#: logsrvd/sendlog.c:1096 +#: logsrvd/sendlog.c:1286 msgid "timeout reading from server" msgstr "從伺服器讀取逾時" -#: logsrvd/sendlog.c:1174 +#: logsrvd/sendlog.c:1368 msgid "premature EOF" msgstr "檔案過早結束" -#: logsrvd/sendlog.c:1187 plugins/sudoers/log_client.c:1751 +#: logsrvd/sendlog.c:1381 plugins/sudoers/log_client.c:1800 #, c-format msgid "server message too large: %u" msgstr "伺服器訊息過長:%u" -#: logsrvd/sendlog.c:1238 +#: logsrvd/sendlog.c:1437 msgid "timeout writing to server" msgstr "寫入至伺服器逾時" -#: logsrvd/sendlog.c:1457 plugins/sudoers/log_client.c:296 +#: logsrvd/sendlog.c:1802 +msgid "both restart point and iolog ID must be specified" +msgstr "必須指定重新啟動點 (restart point) 和 iolog ID" + +#: logsrvd/sendlog.c:1806 +msgid "a restart point may not be set when no I/O is sent" +msgstr "未傳送 I/O 時,不應設定重新開始點" + +#: logsrvd/sendlog.c:1882 +#, c-format +msgid "exited prematurely with state %d" +msgstr "過早結束,狀態碼 %d" + +#: logsrvd/sendlog.c:1883 +#, c-format +msgid "elapsed time sent to server [%lld, %ld]" +msgstr "已傳送耗用時間至伺服器 [%lld, %ld]" + +#: logsrvd/sendlog.c:1885 +#, c-format +msgid "commit point received from server [%lld, %ld]" +msgstr "自伺服器接收到提交點 (commit point) [%lld, %ld]" + +#: logsrvd/tls_client.c:106 plugins/sudoers/log_client.c:304 msgid "TLS handshake timeout occurred" msgstr "遇到 TLS 交握逾時" -#: logsrvd/sendlog.c:1476 logsrvd/sendlog.c:1491 -#: plugins/sudoers/log_client.c:318 plugins/sudoers/log_client.c:334 +#: logsrvd/tls_client.c:126 logsrvd/tls_client.c:142 +#: plugins/sudoers/log_client.c:326 plugins/sudoers/log_client.c:342 msgid "unable to set event" msgstr "無法設定事件" -#: logsrvd/sendlog.c:1501 logsrvd/sendlog.c:1505 +#: logsrvd/tls_client.c:152 logsrvd/tls_client.c:156 #, c-format msgid "TLS connection failed: %s" msgstr "TLS 連線失敗:%s" -#: logsrvd/sendlog.c:1538 -#, c-format -msgid "Unable to initialize ssl context: %s" -msgstr "無法初始化 SSL 上下文:%s" - -#: logsrvd/sendlog.c:1543 plugins/sudoers/log_client.c:258 +#: logsrvd/tls_client.c:190 #, c-format -msgid "Unable to allocate ssl object: %s" +msgid "unable to allocate ssl object: %s" msgstr "無法配置 SSL 物件:%s" -#: logsrvd/sendlog.c:1548 +#: logsrvd/tls_client.c:203 #, c-format msgid "Unable to attach socket to the ssl object: %s" msgstr "無法將 socket 通訊端連結至 SSL 物件:%s" -#: logsrvd/sendlog.c:1792 -msgid "both restart point and iolog ID must be specified" -msgstr "必須指定重新啟動點 (restart point) 和 iolog ID" +#: logsrvd/tls_client.c:231 +msgid "unable to initialize TLS context" +msgstr "無法初始化 TLS 上下文" -#: logsrvd/sendlog.c:1796 -msgid "a restart point may not be set when no I/O is sent" -msgstr "未傳送 I/O 時,不應設定重新開始點" +#: logsrvd/tls_init.c:127 logsrvd/tls_init.c:135 +#, c-format +msgid "unable to set TLS 1.2 ciphersuite to %s: %s" +msgstr "無法將 TLS 1.2 加密套件設為 %s:%s" -#: logsrvd/sendlog.c:1871 +#: logsrvd/tls_init.c:155 logsrvd/tls_init.c:163 #, c-format -msgid "exited prematurely with state %d" -msgstr "過早結束,狀態碼 %d" +msgid "unable to set TLS 1.3 ciphersuite to %s: %s" +msgstr "無法將 TLS 1.3 加密套件設為 %s:%s" -#: logsrvd/sendlog.c:1872 +#: logsrvd/tls_init.c:195 logsrvd/tls_init.c:216 #, c-format -msgid "elapsed time sent to server [%lld, %ld]" -msgstr "已傳送耗用時間至伺服器 [%lld, %ld]" +msgid "unable to set diffie-hellman parameters: %s" +msgstr "無法設定迪菲-赫爾曼參數:%s" -#: logsrvd/sendlog.c:1874 +#: logsrvd/tls_init.c:272 #, c-format -msgid "commit point received from server [%lld, %ld]" -msgstr "自伺服器接收到提交點 (commit point) [%lld, %ld]" +msgid "unable to create TLS context: %s" +msgstr "無法建立 TLS 情境:%s" -#: plugins/sudoers/alias.c:148 +#: logsrvd/tls_init.c:278 #, c-format -msgid "Alias \"%s\" already defined" -msgstr "別名「%s」已定義過" +msgid "unable to set minimum protocol version to TLS 1.2: %s" +msgstr "無法將最低通訊協定版本設為 TLS 1.2:%s" -#: plugins/sudoers/audit.c:206 plugins/sudoers/audit.c:343 -#: plugins/sudoers/log_client.c:954 plugins/sudoers/log_client.c:1002 -#: plugins/sudoers/log_client.c:1050 plugins/sudoers/log_client.c:1175 -#: plugins/sudoers/logging.c:548 plugins/sudoers/policy.c:114 +#: plugins/sudoers/audit.c:267 plugins/sudoers/audit.c:419 +#: plugins/sudoers/log_client.c:979 plugins/sudoers/log_client.c:1028 +#: plugins/sudoers/log_client.c:1077 plugins/sudoers/log_client.c:1203 +#: plugins/sudoers/logging.c:551 plugins/sudoers/logging.c:648 +#: plugins/sudoers/logging.c:810 plugins/sudoers/policy.c:123 msgid "unable to get time of day" msgstr "無法取得一日時間" @@ -915,45 +1344,45 @@ msgid "unable to change password for %s" msgstr "無法變更 %s 的密碼" -#: plugins/sudoers/auth/bsdauth.c:70 +#: plugins/sudoers/auth/bsdauth.c:74 #, c-format msgid "unable to get login class for user %s" msgstr "無法取得使用者 %s 的登入類別" -#: plugins/sudoers/auth/bsdauth.c:75 +#: plugins/sudoers/auth/bsdauth.c:79 msgid "unable to begin bsd authentication" msgstr "無法開始進行 BSD 認證" -#: plugins/sudoers/auth/bsdauth.c:83 +#: plugins/sudoers/auth/bsdauth.c:87 msgid "invalid authentication type" msgstr "無效的認證類型" -#: plugins/sudoers/auth/bsdauth.c:92 +#: plugins/sudoers/auth/bsdauth.c:96 msgid "unable to initialize BSD authentication" msgstr "無法初始化 BSD 認證程序" -#: plugins/sudoers/auth/bsdauth.c:179 +#: plugins/sudoers/auth/bsdauth.c:183 msgid "your account has expired" msgstr "您的帳號已經過期" -#: plugins/sudoers/auth/bsdauth.c:181 +#: plugins/sudoers/auth/bsdauth.c:185 msgid "approval failed" msgstr "核可失敗" -#: plugins/sudoers/auth/fwtk.c:54 +#: plugins/sudoers/auth/fwtk.c:58 msgid "unable to read fwtk config" msgstr "無法讀取 fwtk 組態設定" -#: plugins/sudoers/auth/fwtk.c:59 +#: plugins/sudoers/auth/fwtk.c:63 msgid "unable to connect to authentication server" msgstr "無法連線到認證伺服器" -#: plugins/sudoers/auth/fwtk.c:65 plugins/sudoers/auth/fwtk.c:89 -#: plugins/sudoers/auth/fwtk.c:121 +#: plugins/sudoers/auth/fwtk.c:69 plugins/sudoers/auth/fwtk.c:94 +#: plugins/sudoers/auth/fwtk.c:126 msgid "lost connection to authentication server" msgstr "失去對認證伺服器的連線" -#: plugins/sudoers/auth/fwtk.c:69 +#: plugins/sudoers/auth/fwtk.c:73 #, c-format msgid "" "authentication server error:\n" @@ -967,83 +1396,83 @@ msgid "%s: unable to convert principal to string ('%s'): %s" msgstr "%s:無法將主體轉換成字串 ('%s'):%s" -#: plugins/sudoers/auth/kerb5.c:160 +#: plugins/sudoers/auth/kerb5.c:162 #, c-format msgid "%s: unable to parse '%s': %s" msgstr "%s:無法解析「%s」:%s" -#: plugins/sudoers/auth/kerb5.c:169 +#: plugins/sudoers/auth/kerb5.c:171 #, c-format msgid "%s: unable to resolve credential cache: %s" msgstr "%s:無法解析憑證快取:%s" -#: plugins/sudoers/auth/kerb5.c:216 +#: plugins/sudoers/auth/kerb5.c:220 #, c-format msgid "%s: unable to allocate options: %s" msgstr "%s:無法分配選項:%s" -#: plugins/sudoers/auth/kerb5.c:231 +#: plugins/sudoers/auth/kerb5.c:235 #, c-format msgid "%s: unable to get credentials: %s" msgstr "%s:無法取得憑證:%s" -#: plugins/sudoers/auth/kerb5.c:244 +#: plugins/sudoers/auth/kerb5.c:248 #, c-format msgid "%s: unable to initialize credential cache: %s" msgstr "%s:無法初始化憑證快取:%s" -#: plugins/sudoers/auth/kerb5.c:247 +#: plugins/sudoers/auth/kerb5.c:251 #, c-format msgid "%s: unable to store credential in cache: %s" msgstr "%s:無法將憑證儲存於快取:%s" -#: plugins/sudoers/auth/kerb5.c:311 +#: plugins/sudoers/auth/kerb5.c:315 #, c-format msgid "%s: unable to get host principal: %s" msgstr "%s:無法取得主機主體:%s" -#: plugins/sudoers/auth/kerb5.c:325 +#: plugins/sudoers/auth/kerb5.c:329 #, c-format msgid "%s: Cannot verify TGT! Possible attack!: %s" msgstr "%s:無法驗證 TGT!可能發生攻擊事件!:%s" -#: plugins/sudoers/auth/pam.c:218 +#: plugins/sudoers/auth/pam.c:216 #, c-format msgid "unable to initialize PAM: %s" msgstr "無法初始化 PAM:%s" -#: plugins/sudoers/auth/pam.c:317 +#: plugins/sudoers/auth/pam.c:338 #, c-format msgid "PAM authentication error: %s" msgstr "PAM 認證發生錯誤:%s" -#: plugins/sudoers/auth/pam.c:336 +#: plugins/sudoers/auth/pam.c:357 msgid "account validation failure, is your account locked?" msgstr "檢查帳號有效性失敗,請檢查您的帳號是否被鎖定。" -#: plugins/sudoers/auth/pam.c:347 +#: plugins/sudoers/auth/pam.c:368 msgid "Account or password is expired, reset your password and try again" msgstr "帳號或密碼已標為過期,請重設密碼後重試" -#: plugins/sudoers/auth/pam.c:353 +#: plugins/sudoers/auth/pam.c:374 #, c-format msgid "unable to change expired password: %s" msgstr "無法變更已過期密碼:%s" -#: plugins/sudoers/auth/pam.c:364 +#: plugins/sudoers/auth/pam.c:385 msgid "Password expired, contact your system administrator" msgstr "密碼已標為過期,請聯絡您的系統管理員" -#: plugins/sudoers/auth/pam.c:369 +#: plugins/sudoers/auth/pam.c:390 msgid "Account expired or PAM config lacks an \"account\" section for sudo, contact your system administrator" msgstr "帳號已過期或是 PAM 組態設定缺少 sudo 的 \"account\" 部份,請聯絡您的系統管理員" -#: plugins/sudoers/auth/pam.c:377 plugins/sudoers/auth/pam.c:382 +#: plugins/sudoers/auth/pam.c:398 plugins/sudoers/auth/pam.c:403 #, c-format msgid "PAM account management error: %s" msgstr "PAM 帳號管理發生錯誤:%s" -#: plugins/sudoers/auth/rfc1938.c:99 plugins/sudoers/visudo.c:243 +#: plugins/sudoers/auth/rfc1938.c:99 plugins/sudoers/visudo.c:255 #, c-format msgid "you do not exist in the %s database" msgstr "您不在 %s 資料庫中" @@ -1052,31 +1481,31 @@ msgid "failed to initialise the ACE API library" msgstr "無法初始化 ACE API 函式庫" -#: plugins/sudoers/auth/securid5.c:98 +#: plugins/sudoers/auth/securid5.c:103 msgid "unable to contact the SecurID server" msgstr "無法聯繫 SecurID 伺服器" -#: plugins/sudoers/auth/securid5.c:107 +#: plugins/sudoers/auth/securid5.c:112 msgid "User ID locked for SecurID Authentication" msgstr "用於 SecurID 認證的使用者 ID 已被鎖定" -#: plugins/sudoers/auth/securid5.c:111 plugins/sudoers/auth/securid5.c:162 +#: plugins/sudoers/auth/securid5.c:116 plugins/sudoers/auth/securid5.c:167 msgid "invalid username length for SecurID" msgstr "用於 SecurID 的使用者名稱長度無效" -#: plugins/sudoers/auth/securid5.c:115 plugins/sudoers/auth/securid5.c:167 +#: plugins/sudoers/auth/securid5.c:120 plugins/sudoers/auth/securid5.c:172 msgid "invalid Authentication Handle for SecurID" msgstr "用於 SecurID 的認證處理無效" -#: plugins/sudoers/auth/securid5.c:119 +#: plugins/sudoers/auth/securid5.c:124 msgid "SecurID communication failed" msgstr "SecurID 通訊失敗" -#: plugins/sudoers/auth/securid5.c:123 plugins/sudoers/auth/securid5.c:210 +#: plugins/sudoers/auth/securid5.c:128 plugins/sudoers/auth/securid5.c:215 msgid "unknown SecurID error" msgstr "未知 SecurID 錯誤" -#: plugins/sudoers/auth/securid5.c:157 +#: plugins/sudoers/auth/securid5.c:162 msgid "invalid passcode length for SecurID" msgstr "用於 SecurID 的密碼長度無效" @@ -1116,7 +1545,17 @@ msgid "unable to commit audit record" msgstr "無法提交稽核記錄" -#: plugins/sudoers/check.c:258 +#: plugins/sudoers/check.c:264 +#, c-format +msgid "error reading lecture file %s" +msgstr "讀取使用指引檔案 %s 時發生錯誤" + +#: plugins/sudoers/check.c:270 +#, c-format +msgid "ignoring lecture file %s: not a regular file" +msgstr "忽略使用指引檔案 %s:不是一般檔案" + +#: plugins/sudoers/check.c:283 msgid "" "\n" "We trust you have received the usual lecture from the local System\n" @@ -1136,118 +1575,122 @@ " #3) 權力越大則責任越大。\n" "\n" -#: plugins/sudoers/check.c:301 plugins/sudoers/check.c:311 -#: plugins/sudoers/sudoers.c:837 plugins/sudoers/sudoers.c:858 +#: plugins/sudoers/check.c:331 plugins/sudoers/check.c:341 +#: plugins/sudoers/sudoers.c:885 plugins/sudoers/sudoers.c:906 #: plugins/sudoers/tsdump.c:119 #, c-format -msgid "unknown uid: %u" -msgstr "未知 UID:%u" +msgid "unknown uid %u" +msgstr "未知 uid %u" + +#: plugins/sudoers/check_aliases.c:92 +#, c-format +msgid "Error: %s:%d:%d: cycle in %s \"%s\"" +msgstr "錯誤:%s:%d:%d: %s「%s」中有循環" + +#: plugins/sudoers/check_aliases.c:93 +#, c-format +msgid "Warning: %s:%d:%d: cycle in %s \"%s\"" +msgstr "警告:%s:%d:%d: %s「%s」中有循環" + +#: plugins/sudoers/check_aliases.c:97 +#, c-format +msgid "Error: %s:%d:%d: %s \"%s\" referenced but not defined" +msgstr "錯誤:%s:%d:%d: 已引用但未定義 %s「%s」" -#: plugins/sudoers/check.c:306 plugins/sudoers/exptilde.c:85 -#: plugins/sudoers/iolog.c:118 plugins/sudoers/policy.c:1088 -#: plugins/sudoers/sudoers.c:440 plugins/sudoers/sudoers.c:1307 -#: plugins/sudoers/testsudoers.c:219 plugins/sudoers/testsudoers.c:386 +#: plugins/sudoers/check_aliases.c:98 #, c-format -msgid "unknown user: %s" -msgstr "未知使用者:%s" +msgid "Warning: %s:%d:%d: %s \"%s\" referenced but not defined" +msgstr "警告:%s:%d:%d: 已引用但未定義 %s「%s」" -#: plugins/sudoers/cvtsudoers.c:194 +#: plugins/sudoers/cvtsudoers.c:209 #, c-format msgid "order increment: %s: %s" msgstr "新增順序:%s:%s" -#: plugins/sudoers/cvtsudoers.c:210 +#: plugins/sudoers/cvtsudoers.c:228 #, c-format msgid "starting order: %s: %s" msgstr "順序開頭:%s:%s" -#: plugins/sudoers/cvtsudoers.c:220 +#: plugins/sudoers/cvtsudoers.c:238 #, c-format msgid "order padding: %s: %s" msgstr "順序間距:%s:%s" -#: plugins/sudoers/cvtsudoers.c:230 plugins/sudoers/visudo.c:179 +#: plugins/sudoers/cvtsudoers.c:248 plugins/sudoers/visudo.c:179 #, c-format msgid "%s grammar version %d\n" msgstr "%s 語法版本 %d\n" -#: plugins/sudoers/cvtsudoers.c:247 plugins/sudoers/testsudoers.c:167 +#: plugins/sudoers/cvtsudoers.c:277 plugins/sudoers/testsudoers.c:159 #, c-format msgid "unsupported input format %s" msgstr "不支援的輸入格式 %s" -#: plugins/sudoers/cvtsudoers.c:262 +#: plugins/sudoers/cvtsudoers.c:295 #, c-format msgid "unsupported output format %s" msgstr "不支援的輸出格式 %s" -#: plugins/sudoers/cvtsudoers.c:314 +#: plugins/sudoers/cvtsudoers.c:385 #, c-format msgid "%s: input and output files must be different" msgstr "%s:輸入及輸出檔案必須不一致" -#: plugins/sudoers/cvtsudoers.c:330 plugins/sudoers/sudoers.c:178 -#: plugins/sudoers/testsudoers.c:258 plugins/sudoers/visudo.c:249 -#: plugins/sudoers/visudo.c:603 plugins/sudoers/visudo.c:926 +#: plugins/sudoers/cvtsudoers.c:399 plugins/sudoers/sudoers.c:159 +#: plugins/sudoers/sudoers.c:205 plugins/sudoers/testsudoers.c:254 +#: plugins/sudoers/visudo.c:261 plugins/sudoers/visudo.c:620 +#: plugins/sudoers/visudo.c:953 msgid "unable to initialize sudoers default values" msgstr "無法初始化 sudoers 預設值" -#: plugins/sudoers/cvtsudoers.c:416 plugins/sudoers/ldap_conf.c:431 +#: plugins/sudoers/cvtsudoers.c:522 plugins/sudoers/ldap_conf.c:431 #, c-format msgid "%s: %s: %s: %s" msgstr "%s: %s: %s: %s" -#: plugins/sudoers/cvtsudoers.c:475 +#: plugins/sudoers/cvtsudoers.c:581 #, c-format -msgid "%s: unknown key word: %s" -msgstr "%s:關鍵詞未知:%s" +msgid "%s: unknown key word %s" +msgstr "%s:未知關鍵字 %s" -#: plugins/sudoers/cvtsudoers.c:521 +#: plugins/sudoers/cvtsudoers.c:627 #, c-format msgid "invalid defaults type: %s" msgstr "預設類型無效:%s" -#: plugins/sudoers/cvtsudoers.c:544 +#: plugins/sudoers/cvtsudoers.c:650 #, c-format msgid "invalid suppression type: %s" msgstr "隱藏類型無效:%s" -#: plugins/sudoers/cvtsudoers.c:584 plugins/sudoers/cvtsudoers.c:598 +#: plugins/sudoers/cvtsudoers.c:691 plugins/sudoers/cvtsudoers.c:707 #, c-format msgid "invalid filter: %s" msgstr "篩選器無效:%s" -#: plugins/sudoers/cvtsudoers.c:617 plugins/sudoers/cvtsudoers.c:634 -#: plugins/sudoers/cvtsudoers.c:1244 plugins/sudoers/cvtsudoers_json.c:872 -#: plugins/sudoers/cvtsudoers_ldif.c:688 plugins/sudoers/sudoers.c:1053 -#: plugins/sudoers/sudoreplay.c:1435 plugins/sudoers/timestamp.c:441 -#: plugins/sudoers/tsdump.c:128 plugins/sudoers/visudo.c:922 -#, c-format -msgid "unable to open %s" -msgstr "無法開啟 %s" - -#: plugins/sudoers/cvtsudoers.c:637 plugins/sudoers/visudo.c:931 +#: plugins/sudoers/cvtsudoers.c:751 plugins/sudoers/visudo.c:958 #, c-format msgid "failed to parse %s file, unknown error" msgstr "無法解析 %s 檔案,原因:未知錯誤" -#: plugins/sudoers/cvtsudoers.c:645 +#: plugins/sudoers/cvtsudoers.c:759 #, c-format msgid "parse error in %s near line %d\n" msgstr "因接近行 %2$d 的 %1$s 字串而導致解析錯誤\n" -#: plugins/sudoers/cvtsudoers.c:648 +#: plugins/sudoers/cvtsudoers.c:762 #, c-format msgid "parse error in %s\n" msgstr "因 %s 導致解析錯誤\n" -#: plugins/sudoers/cvtsudoers.c:1291 plugins/sudoers/sudoreplay.c:1124 -#: plugins/sudoers/timestamp.c:325 plugins/sudoers/timestamp.c:328 +#: plugins/sudoers/cvtsudoers.c:1486 plugins/sudoers/sudoreplay.c:1145 +#: plugins/sudoers/timestamp.c:317 plugins/sudoers/timestamp.c:320 #, c-format msgid "unable to write to %s" msgstr "無法寫入 %s" -#: plugins/sudoers/cvtsudoers.c:1314 +#: plugins/sudoers/cvtsudoers.c:1509 #, c-format msgid "" "%s - convert between sudoers file formats\n" @@ -1256,7 +1699,7 @@ "%s - 轉換 sudoers 檔案之間的格式\n" "\n" -#: plugins/sudoers/cvtsudoers.c:1316 +#: plugins/sudoers/cvtsudoers.c:1511 msgid "" "\n" "Options:\n" @@ -1296,33 +1739,76 @@ " -s, --suppress=部份 隱藏某些部分的輸出\n" " -V, --version 顯示版本訊息後退出" -#: plugins/sudoers/cvtsudoers_json.c:480 plugins/sudoers/cvtsudoers_json.c:514 -#: plugins/sudoers/cvtsudoers_json.c:713 -#, c-format -msgid "unknown defaults entry \"%s\"" -msgstr "預設項目「%s」未知" - -#: plugins/sudoers/cvtsudoers_json.c:651 plugins/sudoers/cvtsudoers_json.c:664 -#: plugins/sudoers/cvtsudoers_ldif.c:346 plugins/sudoers/cvtsudoers_ldif.c:357 -#: plugins/sudoers/ldap.c:503 +#: plugins/sudoers/cvtsudoers_csv.c:452 plugins/sudoers/cvtsudoers_csv.c:466 +#: plugins/sudoers/cvtsudoers_json.c:654 plugins/sudoers/cvtsudoers_json.c:669 +#: plugins/sudoers/cvtsudoers_ldif.c:347 plugins/sudoers/cvtsudoers_ldif.c:360 +#: plugins/sudoers/ldap.c:504 msgid "unable to get GMT time" msgstr "無法取得 GMT 時間" -#: plugins/sudoers/cvtsudoers_json.c:654 plugins/sudoers/cvtsudoers_json.c:667 -#: plugins/sudoers/cvtsudoers_ldif.c:349 plugins/sudoers/cvtsudoers_ldif.c:360 -#: plugins/sudoers/ldap.c:509 +#: plugins/sudoers/cvtsudoers_csv.c:457 plugins/sudoers/cvtsudoers_csv.c:471 +#: plugins/sudoers/cvtsudoers_json.c:659 plugins/sudoers/cvtsudoers_json.c:674 +#: plugins/sudoers/cvtsudoers_ldif.c:352 plugins/sudoers/cvtsudoers_ldif.c:365 +#: plugins/sudoers/ldap.c:512 msgid "unable to format timestamp" msgstr "無法格式化時間戳" -#: plugins/sudoers/cvtsudoers_ldif.c:640 +#: plugins/sudoers/cvtsudoers_json.c:480 plugins/sudoers/cvtsudoers_json.c:515 +#: plugins/sudoers/cvtsudoers_json.c:725 plugins/sudoers/defaults.c:189 +#, c-format +msgid "%s:%d:%d: unknown defaults entry \"%s\"" +msgstr "%s:%d:%d: 未知的預設條目「%s」" + +#: plugins/sudoers/cvtsudoers_ldif.c:649 #, c-format msgid "too many sudoers entries, maximum %u" msgstr "過多 sudoers 項,最大值為 %u" -#: plugins/sudoers/cvtsudoers_ldif.c:683 +#: plugins/sudoers/cvtsudoers_ldif.c:692 msgid "the SUDOERS_BASE environment variable is not set and the -b option was not specified." msgstr "未設定 SUDOERS_BASE 環境變數,且亦未指定 -b 選項。" +#: plugins/sudoers/cvtsudoers_merge.c:438 +#, c-format +msgid "unable to find alias %s" +msgstr "找不到 %s 別名" + +#: plugins/sudoers/cvtsudoers_merge.c:441 +#, c-format +msgid "%s:%d:%d: renaming alias %s to %s" +msgstr "%s:%d:%d: 將 %s 別名重新命名為 %s" + +#: plugins/sudoers/cvtsudoers_merge.c:498 +#, c-format +msgid "%s:%d:%d: removing duplicate alias %s" +msgstr "%s:%d:%d: 移除重複別名 %s" + +#: plugins/sudoers/cvtsudoers_merge.c:658 +#, c-format +msgid "%s:%d:%d: conflicting Defaults entry \"%s\" host-specific in %s:%d:%d" +msgstr "" + +#: plugins/sudoers/cvtsudoers_merge.c:698 +#, fuzzy, c-format +#| msgid "%s:%d:%d: invalid Defaults type 0x%x for option \"%s\"" +msgid "%s:%d:%d: made Defaults \"%s\" specific to host %s" +msgstr "%1$s:%2$d:%3$d: 選項「%5$s」的預設 (Defaults) 類型 0x%4$x 無效" + +#: plugins/sudoers/cvtsudoers_merge.c:718 +#, c-format +msgid "%s:%d:%d: removing Defaults \"%s\" overridden by subsequent entries" +msgstr "%s:%d:%d: 移除被後續項目覆蓋的 Defaults「%s」" + +#: plugins/sudoers/cvtsudoers_merge.c:723 +#, c-format +msgid "%s:%d:%d: unable to make Defaults \"%s\" host-specific" +msgstr "" + +#: plugins/sudoers/cvtsudoers_merge.c:943 +#, c-format +msgid "%s:%d:%d: removing userspec overridden by subsequent entries" +msgstr "%s:%d:%d: 移除被後續項目覆蓋的 userspec" + #: plugins/sudoers/def_data.c:50 #, c-format msgid "Syslog facility if syslog is being used for logging: %s" @@ -1902,95 +2388,194 @@ msgid "The format of logs to produce: %s" msgstr "要產出的記錄格式:%s" -#: plugins/sudoers/defaults.c:185 +#: plugins/sudoers/def_data.c:574 +msgid "Enable SELinux RBAC support" +msgstr "啟用 SELinux RBAC 支援" + +#: plugins/sudoers/def_data.c:578 #, c-format -msgid "%s:%d:%d: unknown defaults entry \"%s\"" -msgstr "%s:%d:%d: 未知的預設條目「%s」" +msgid "Path to the file that is created the first time sudo is run: %s" +msgstr "sudo 第一次執行時建立的檔案路徑:%s" + +#: plugins/sudoers/def_data.c:582 +msgid "Intercept further commands and apply sudoers restrictions to them" +msgstr "攔截之後的命令,並對這些命令套用 sudoers 限制" + +#: plugins/sudoers/def_data.c:586 +msgid "Log sub-commands run by the original command" +msgstr "記錄原始命令執行的子命令" + +#: plugins/sudoers/def_data.c:590 +msgid "Log the exit status of commands" +msgstr "記錄命令的離開狀態碼" + +#: plugins/sudoers/def_data.c:594 +msgid "Subsequent commands in an intercepted session must be authenticated" +msgstr "被攔截工作階段中的後續命令需要進行身份驗證" + +#: plugins/sudoers/def_data.c:598 +msgid "Allow an intercepted command to run set setuid or setgid programs" +msgstr "允許被攔截的命令執行設定 setuid 或 setgid 的程式" + +#: plugins/sudoers/def_data.c:602 +#, c-format +msgid "The maximum size to which the process's address space may grow (in bytes): %s" +msgstr "這個處理程序的地址空間可能增長到的最大大小(位元組):%s" + +#: plugins/sudoers/def_data.c:606 +#, c-format +msgid "The largest size core dump file that may be created (in bytes): %s" +msgstr "可能建立出的最大核心傾印檔案大小(位元組):%s" + +#: plugins/sudoers/def_data.c:610 +#, c-format +msgid "The maximum amount of CPU time that the process may use (in seconds): %s" +msgstr "處理程序最長可能耗用的 CPU 時間(秒):%s" + +#: plugins/sudoers/def_data.c:614 +#, c-format +msgid "The maximum size of the data segment for the process (in bytes): %s" +msgstr "處理程序資料區段的最大大小(位元組):%s" + +#: plugins/sudoers/def_data.c:618 +#, c-format +msgid "The largest size file that the process may create (in bytes): %s" +msgstr "處理程式最大可能建立出的檔案大小(位元組):%s" + +#: plugins/sudoers/def_data.c:622 +#, c-format +msgid "The maximum number of locks that the process may establish: %s" +msgstr "處理程序最多可能建立的鎖 (lock) 數量:%s" + +#: plugins/sudoers/def_data.c:626 +#, c-format +msgid "The maximum size that the process may lock in memory (in bytes): %s" +msgstr "處理程序最大可能在記憶體中鎖定的大小(位元組):%s" + +#: plugins/sudoers/def_data.c:630 +#, c-format +msgid "The maximum number of files that the process may have open: %s" +msgstr "處理程序最多可能開啟的檔案數量:%s" + +#: plugins/sudoers/def_data.c:634 +#, c-format +msgid "The maximum number of processes that the user may run simultaneously: %s" +msgstr "使用者可能同時執行的最大處理程序數量:%s" + +#: plugins/sudoers/def_data.c:638 +#, c-format +msgid "The maximum size to which the process's resident set size may grow (in bytes): %s" +msgstr "這個處理程序的 resident set 可能增長到的最大大小(位元組):%s" + +#: plugins/sudoers/def_data.c:642 +#, c-format +msgid "The maximum size to which the process's stack may grow (in bytes): %s" +msgstr "這個處理程序的堆疊可能增長到的最大大小(位元組):%s" -#: plugins/sudoers/defaults.c:188 +#: plugins/sudoers/defaults.c:192 #, c-format msgid "%s: unknown defaults entry \"%s\"" msgstr "%s:未知的預設條目「%s」" -#: plugins/sudoers/defaults.c:234 +#: plugins/sudoers/defaults.c:241 #, c-format msgid "%s:%d:%d: no value specified for \"%s\"" msgstr "%s:%d:%d: 沒有指定「%s」的值" -#: plugins/sudoers/defaults.c:237 +#: plugins/sudoers/defaults.c:244 #, c-format msgid "%s: no value specified for \"%s\"" msgstr "%s:沒有給「%s」指定值" -#: plugins/sudoers/defaults.c:275 +#: plugins/sudoers/defaults.c:257 +#, c-format +msgid "%s:%d:%d: invalid operator \"%c=\" for \"%s\"" +msgstr "%1$s:%2$d:%3$d: 「%5$s」的運算子「%4$c=」無效" + +#: plugins/sudoers/defaults.c:260 +#, c-format +msgid "%s: invalid operator \"%c=\" for \"%s\"" +msgstr "%1$s:「%3$s」的運算子「%2$c=」無效" + +#: plugins/sudoers/defaults.c:296 #, c-format msgid "%s:%d:%d: option \"%s\" does not take a value" msgstr "%s:%d:%d: 「%s」選項不帶值" -#: plugins/sudoers/defaults.c:278 +#: plugins/sudoers/defaults.c:299 #, c-format msgid "%s: option \"%s\" does not take a value" msgstr "%s:「%s」選項不帶值" -#: plugins/sudoers/defaults.c:303 +#: plugins/sudoers/defaults.c:327 #, c-format msgid "%s:%d:%d: invalid Defaults type 0x%x for option \"%s\"" msgstr "%1$s:%2$d:%3$d: 選項「%5$s」的預設 (Defaults) 類型 0x%4$x 無效" -#: plugins/sudoers/defaults.c:306 +#: plugins/sudoers/defaults.c:330 #, c-format msgid "%s: invalid Defaults type 0x%x for option \"%s\"" msgstr "%1$s:選項「%3$s」的預設類型 0x%2$x 無效" -#: plugins/sudoers/defaults.c:316 +#: plugins/sudoers/defaults.c:340 #, c-format msgid "%s:%d:%d: value \"%s\" is invalid for option \"%s\"" msgstr "%s:%d:%d: 「%s」值對「%s」選項無效" -#: plugins/sudoers/defaults.c:319 +#: plugins/sudoers/defaults.c:343 #, c-format msgid "%s: value \"%s\" is invalid for option \"%s\"" msgstr "%s:值「%s」對選項「%s」無效" -#: plugins/sudoers/defaults.c:1030 +#: plugins/sudoers/defaults.c:1124 +#, c-format +msgid "%s:%d:%d: path name for \"%s\" too long" +msgstr "%s:%d:%d: 「%s」的路徑名稱過長" + +#: plugins/sudoers/defaults.c:1127 +#, c-format +msgid "%s: path name for \"%s\" too long" +msgstr "%s:「%s」的路徑名稱過長" + +#: plugins/sudoers/defaults.c:1138 #, c-format msgid "%s:%d:%d: values for \"%s\" must start with a '/', '~', or '*'" msgstr "%s:%d:%d: \"%s\" 的值開頭必須是 '/'、'~' 或 '*'" -#: plugins/sudoers/defaults.c:1034 +#: plugins/sudoers/defaults.c:1142 #, c-format msgid "%s: values for \"%s\" must start with a '/', '~', or '*'" msgstr "%s: \"%s\" 的值開頭必須是 '/'、'~' 或 '*'" -#: plugins/sudoers/defaults.c:1045 +#: plugins/sudoers/defaults.c:1153 #, c-format msgid "%s:%d:%d: values for \"%s\" must start with a '/'" msgstr "%s:%d:%d: \"%s\" 的值開頭必須是 '/'" -#: plugins/sudoers/defaults.c:1049 +#: plugins/sudoers/defaults.c:1157 #, c-format msgid "%s: values for \"%s\" must start with a '/'" msgstr "%s:「%s」的值必須以「/」開頭" -#: plugins/sudoers/env.c:405 +#: plugins/sudoers/env.c:412 msgid "sudo_putenv: corrupted envp, length mismatch" msgstr "sudo_putenv:envp 損壞,長度不符" -#: plugins/sudoers/env.c:1133 +#: plugins/sudoers/env.c:1095 msgid "unable to rebuild the environment" msgstr "無法重建環境" -#: plugins/sudoers/env.c:1207 +#: plugins/sudoers/env.c:1169 #, c-format msgid "sorry, you are not allowed to set the following environment variables: %s" msgstr "對不起,您沒有權限設定以下環境變數:%s" -#: plugins/sudoers/file.c:107 +#: plugins/sudoers/file.c:108 #, c-format msgid "parse error in %s near line %d" msgstr "解析接近第 %2$d 行的 %1$s 時發生錯誤" -#: plugins/sudoers/file.c:110 +#: plugins/sudoers/file.c:111 #, c-format msgid "parse error in %s" msgstr "解析 %s 中的內容時發生錯誤" @@ -2015,7 +2600,7 @@ msgid "%s must only be writable by owner" msgstr "%s 必須只允許所有者可寫" -#: plugins/sudoers/group_plugin.c:96 plugins/sudoers/sssd.c:569 +#: plugins/sudoers/group_plugin.c:96 plugins/sudoers/sssd.c:566 #, c-format msgid "unable to load %s: %s" msgstr "無法載入 %s:%s" @@ -2030,56 +2615,51 @@ msgid "%s: incompatible group plugin major version %d, expected %d" msgstr "%s:不相容的群組外掛程式主要版本號碼 %d,版本應該為 %d" -#: plugins/sudoers/interfaces.c:80 plugins/sudoers/interfaces.c:97 +#: plugins/sudoers/interfaces.c:76 plugins/sudoers/interfaces.c:93 #, c-format msgid "unable to parse IP address \"%s\"" msgstr "無法解析 IP 位址列表「%s」" -#: plugins/sudoers/interfaces.c:85 plugins/sudoers/interfaces.c:102 +#: plugins/sudoers/interfaces.c:81 plugins/sudoers/interfaces.c:98 #, c-format msgid "unable to parse netmask \"%s\"" msgstr "無法解析網路遮罩「%s」" -#: plugins/sudoers/interfaces.c:130 +#: plugins/sudoers/interfaces.c:126 msgid "Local IP address and netmask pairs:\n" msgstr "本機 IP 位址和網路遮罩配對:\n" -#: plugins/sudoers/iolog.c:143 plugins/sudoers/sudoers.c:445 -#: plugins/sudoers/sudoers.c:1341 plugins/sudoers/testsudoers.c:410 -#, c-format -msgid "unknown group: %s" -msgstr "未知群組:%s" - -#: plugins/sudoers/iolog.c:622 +#: plugins/sudoers/iolog.c:626 msgid "unable to update sequence file" msgstr "無法更新序列檔" -#: plugins/sudoers/iolog.c:653 plugins/sudoers/iolog.c:841 -#: plugins/sudoers/iolog.c:994 plugins/sudoers/iolog.c:1001 -#: plugins/sudoers/iolog.c:1122 plugins/sudoers/iolog.c:1129 -#: plugins/sudoers/iolog.c:1228 plugins/sudoers/iolog.c:1235 +#: plugins/sudoers/iolog.c:660 plugins/sudoers/iolog.c:848 +#: plugins/sudoers/iolog.c:1001 plugins/sudoers/iolog.c:1008 +#: plugins/sudoers/iolog.c:1129 plugins/sudoers/iolog.c:1136 +#: plugins/sudoers/iolog.c:1235 plugins/sudoers/iolog.c:1242 #, c-format msgid "unable to write to I/O log file: %s" msgstr "無法寫入 I/O 記錄檔案:%s" -#: plugins/sudoers/iolog.c:661 +#: plugins/sudoers/iolog.c:668 #, c-format msgid "unable to create %s/%s" msgstr "無法建立 %s/%s" -#: plugins/sudoers/iolog.c:886 +#: plugins/sudoers/iolog.c:893 #, c-format msgid "%s: internal error, I/O log file for event %d not open" msgstr "%s:內部錯誤,未開啟事件 %d 的 I/O 記錄檔案" -#: plugins/sudoers/iolog.c:979 plugins/sudoers/iolog.c:1107 -#: plugins/sudoers/iolog.c:1212 plugins/sudoers/timestamp.c:855 -#: plugins/sudoers/timestamp.c:947 plugins/sudoers/visudo.c:493 -#: plugins/sudoers/visudo.c:499 +#: plugins/sudoers/iolog.c:986 plugins/sudoers/iolog.c:1114 +#: plugins/sudoers/iolog.c:1219 plugins/sudoers/timestamp.c:849 +#: plugins/sudoers/timestamp.c:941 plugins/sudoers/visudo.c:510 +#: plugins/sudoers/visudo.c:516 msgid "unable to read the clock" msgstr "無法讀取時鐘" -#: plugins/sudoers/iolog.c:1204 plugins/sudoers/log_client.c:1193 +#: plugins/sudoers/iolog.c:1211 plugins/sudoers/log_client.c:1221 +#: plugins/sudoers/log_client.c:1231 plugins/sudoers/log_client.c:1235 #, c-format msgid "%s: internal error, invalid signal %d" msgstr "%s:內部錯誤,訊號 %d 無效" @@ -2098,16 +2678,16 @@ msgid "you must set TLS_CERT in %s to use SSL" msgstr "要使用 SSL,您必須在 %s 設定 TLS_CERT" -#: plugins/sudoers/ldap.c:1660 +#: plugins/sudoers/ldap.c:1663 #, c-format msgid "unable to initialize LDAP: %s" msgstr "無法初始化 LDAP:%s" -#: plugins/sudoers/ldap.c:1697 +#: plugins/sudoers/ldap.c:1700 msgid "start_tls specified but LDAP libs do not support ldap_start_tls_s() or ldap_start_tls_s_np()" msgstr "指定了 start_tls,但 LDAP 函式庫不支援 ldap_start_tls_s() 或 ldap_start_tls_s_np()" -#: plugins/sudoers/ldap.c:1834 plugins/sudoers/parse_ldif.c:744 +#: plugins/sudoers/ldap.c:1837 plugins/sudoers/parse_ldif.c:747 #, c-format msgid "invalid sudoOrder attribute: %s" msgstr "無效的 sudoOrder 屬性:%s" @@ -2126,100 +2706,132 @@ msgid "unable to mix ldap and ldaps URIs" msgstr "無法混合 ldap 和 ldaps URI" -#: plugins/sudoers/ldap_util.c:553 plugins/sudoers/ldap_util.c:555 +#: plugins/sudoers/ldap_util.c:498 plugins/sudoers/ldap_util.c:505 +#: plugins/sudoers/ldap_util.c:513 plugins/sudoers/ldap_util.c:522 +#: plugins/sudoers/ldap_util.c:530 plugins/sudoers/ldap_util.c:540 +#: plugins/sudoers/ldap_util.c:548 +#, c-format +msgid "duplicate sudoOption: %s%s%s" +msgstr "sudoOption 有重複:%s%s%s" + +#: plugins/sudoers/ldap_util.c:567 plugins/sudoers/ldap_util.c:569 #, c-format msgid "unable to convert sudoOption: %s%s%s" msgstr "無法轉換 sudoOption: %s%s%s" -#: plugins/sudoers/linux_audit.c:58 +#: plugins/sudoers/linux_audit.c:58 plugins/sudoers/linux_audit.c:60 msgid "unable to open audit system" msgstr "無法開啟稽核系統" -#: plugins/sudoers/linux_audit.c:101 +#: plugins/sudoers/linux_audit.c:103 msgid "unable to send audit message" msgstr "無法傳送稽核訊息" -#: plugins/sudoers/log_client.c:113 plugins/sudoers/log_client.c:391 -#: plugins/sudoers/log_client.c:1431 plugins/sudoers/log_client.c:2023 +#: plugins/sudoers/log_client.c:120 plugins/sudoers/log_client.c:400 +#: plugins/sudoers/log_client.c:1468 plugins/sudoers/log_client.c:2070 msgid "error in event loop" msgstr "事件循環中發生錯誤" -#: plugins/sudoers/log_client.c:193 +#: plugins/sudoers/log_client.c:200 #, c-format msgid "Creation of new SSL_CTX object failed: %s" msgstr "建立新 SSL_CTX 物件失敗:%s" -#: plugins/sudoers/log_client.c:345 plugins/sudoers/log_client.c:350 +#: plugins/sudoers/log_client.c:223 +#, c-format +msgid "unable to load certificate authority bundle %s" +msgstr "無法載入 %s 憑證授權單位組合" + +#: plugins/sudoers/log_client.c:243 +#, c-format +msgid "unable to load certificate %s" +msgstr "無法載入 %s 憑證" + +#: plugins/sudoers/log_client.c:256 +#, c-format +msgid "unable to load private key %s" +msgstr "無法載入 %s 私鑰" + +#: plugins/sudoers/log_client.c:265 +#, c-format +msgid "Unable to allocate ssl object: %s" +msgstr "無法配置 SSL 物件:%s" + +#: plugins/sudoers/log_client.c:353 plugins/sudoers/log_client.c:358 #, c-format msgid "TLS connection to %s:%s failed: %s" msgstr "TLS 連線至 %s:%s 失敗:%s" -#: plugins/sudoers/log_client.c:519 +#: plugins/sudoers/log_client.c:531 msgid "TLS initialization was unsuccessful" msgstr "TLS 初始化失敗" -#: plugins/sudoers/log_client.c:528 +#: plugins/sudoers/log_client.c:541 msgid "TLS handshake was unsuccessful" msgstr "TLS 交握失敗" -#: plugins/sudoers/log_client.c:1202 +#: plugins/sudoers/log_client.c:1239 #, c-format msgid "%s: internal error, invalid exit status %d" msgstr "%s:內部錯誤,退出狀態碼 %d 無效" -#: plugins/sudoers/log_client.c:1738 +#: plugins/sudoers/log_client.c:1608 +msgid "unable to unpack ServerMessage" +msgstr "無法解開 ServerMessage" + +#: plugins/sudoers/log_client.c:1763 plugins/sudoers/log_client.c:1787 msgid "lost connection to log server" msgstr "失去對記錄伺服器的連線" -#: plugins/sudoers/log_client.c:1815 +#: plugins/sudoers/log_client.c:1864 msgid "missing write buffer" msgstr "缺少寫入緩衝區" -#: plugins/sudoers/log_client.c:1964 +#: plugins/sudoers/log_client.c:2011 msgid "unable to connect to log server" msgstr "無法連線到記錄伺服器" -#: plugins/sudoers/logging.c:244 +#: plugins/sudoers/logging.c:286 msgid "user NOT in sudoers" msgstr "使用者不在 sudoers 中" -#: plugins/sudoers/logging.c:246 +#: plugins/sudoers/logging.c:288 msgid "user NOT authorized on host" msgstr "使用者未取得此主機上的授權" -#: plugins/sudoers/logging.c:248 +#: plugins/sudoers/logging.c:290 msgid "command not allowed" msgstr "不允許使用指令" -#: plugins/sudoers/logging.c:269 +#: plugins/sudoers/logging.c:311 #, c-format msgid "%s is not in the sudoers file. This incident will be reported.\n" msgstr "%s 不在 sudoers 檔案中。此事件將會回報。\n" -#: plugins/sudoers/logging.c:272 +#: plugins/sudoers/logging.c:314 #, c-format msgid "%s is not allowed to run sudo on %s. This incident will be reported.\n" msgstr "%s 沒有權限在 %s 上執行 sudo。此事件將會回報。\n" -#: plugins/sudoers/logging.c:276 +#: plugins/sudoers/logging.c:318 #, c-format msgid "Sorry, user %s may not run sudo on %s.\n" msgstr "對不起,使用者 %s 不能在 %s 上執行 sudo。\n" -#: plugins/sudoers/logging.c:279 +#: plugins/sudoers/logging.c:321 #, c-format msgid "Sorry, user %s is not allowed to execute '%s%s%s' as %s%s%s on %s.\n" msgstr "對不起,使用者 %1$s 不允許以 %8$s 上的 %5$s%6$s%7$s 身份執行「%2$s%3$s%4$s」\n" -#: plugins/sudoers/logging.c:316 plugins/sudoers/sudoers.c:583 -#: plugins/sudoers/sudoers.c:585 plugins/sudoers/sudoers.c:587 -#: plugins/sudoers/sudoers.c:589 plugins/sudoers/sudoers.c:739 -#: plugins/sudoers/sudoers.c:741 +#: plugins/sudoers/logging.c:358 plugins/sudoers/sudoers.c:629 +#: plugins/sudoers/sudoers.c:631 plugins/sudoers/sudoers.c:633 +#: plugins/sudoers/sudoers.c:635 plugins/sudoers/sudoers.c:785 +#: plugins/sudoers/sudoers.c:787 #, c-format msgid "%s: command not found" msgstr "%s:找不到指令" -#: plugins/sudoers/logging.c:318 plugins/sudoers/sudoers.c:579 +#: plugins/sudoers/logging.c:360 plugins/sudoers/sudoers.c:625 #, c-format msgid "" "ignoring \"%s\" found in '.'\n" @@ -2228,26 +2840,21 @@ "忽略在「.」中找到的「%s」\n" "請使用「sudo ./%s」,若這是您想執行的「%s」。" -#: plugins/sudoers/logging.c:337 +#: plugins/sudoers/logging.c:379 #, c-format msgid "%u incorrect password attempt" msgid_plural "%u incorrect password attempts" msgstr[0] "%u 次密碼錯誤嘗試" -#: plugins/sudoers/logging.c:393 +#: plugins/sudoers/logging.c:435 msgid "authentication failure" msgstr "認證失敗" -#: plugins/sudoers/logging.c:433 plugins/sudoers/logging.c:453 +#: plugins/sudoers/logging.c:475 plugins/sudoers/logging.c:495 msgid "a password is required" msgstr "需要密碼" -#: plugins/sudoers/logging.c:729 -#, c-format -msgid "unable to open log file: %s" -msgstr "無法開啟記錄檔案:%s" - -#: plugins/sudoers/logging.c:762 +#: plugins/sudoers/logging.c:889 #, c-format msgid "unable to write log file: %s" msgstr "無法寫入記錄檔案:%s" @@ -2257,7 +2864,15 @@ msgid "digest for %s (%s) is not in %s form" msgstr "%s(%s) 的摘要的形式不是 %s" -#: plugins/sudoers/parse.c:518 +#: plugins/sudoers/parse.c:233 +msgid "SELinux RBAC is not supported when intercept mode is enabled" +msgstr "不支援在啟用攔截模式時使用 SELinux RBAC" + +#: plugins/sudoers/parse.c:238 +msgid "SELinux RBAC is not supported when the log_subcmds flag is enabled" +msgstr "不支援在啟用 log_subcmds 旗標時使用 SELinux RBAC" + +#: plugins/sudoers/parse.c:549 #, c-format msgid "" "\n" @@ -2266,7 +2881,7 @@ "\n" "LDAP 角色:%s\n" -#: plugins/sudoers/parse.c:521 +#: plugins/sudoers/parse.c:552 msgid "" "\n" "Sudoers entry:\n" @@ -2274,104 +2889,115 @@ "\n" "Sudoers 條目:\n" -#: plugins/sudoers/parse.c:523 +#: plugins/sudoers/parse.c:554 msgid " RunAsUsers: " msgstr " RunAs 使用者:" -#: plugins/sudoers/parse.c:538 +#: plugins/sudoers/parse.c:569 msgid " RunAsGroups: " msgstr " RunAs 群組:" -#: plugins/sudoers/parse.c:548 +#: plugins/sudoers/parse.c:579 msgid " Options: " msgstr " 選項:" -#: plugins/sudoers/parse.c:602 +#: plugins/sudoers/parse.c:643 msgid " Commands:\n" msgstr " 指令:\n" -#: plugins/sudoers/parse.c:793 +#: plugins/sudoers/parse.c:834 #, c-format msgid "Matching Defaults entries for %s on %s:\n" msgstr "比較 %s (%s 上) 的預設條目:\n" -#: plugins/sudoers/parse.c:811 +#: plugins/sudoers/parse.c:852 #, c-format msgid "Runas and Command-specific defaults for %s:\n" msgstr "%s RunAs 和指令指定的預設值:\n" -#: plugins/sudoers/parse.c:829 +#: plugins/sudoers/parse.c:870 #, c-format msgid "User %s may run the following commands on %s:\n" msgstr "使用者 %s 可以在 %s 上執行以下指令:\n" -#: plugins/sudoers/parse.c:844 +#: plugins/sudoers/parse.c:885 #, c-format msgid "User %s is not allowed to run sudo on %s.\n" msgstr "使用者 %s 沒有權限在 %s 上執行 sudo。\n" -#: plugins/sudoers/parse_ldif.c:614 +#: plugins/sudoers/parse_ldif.c:617 #, c-format msgid "ignoring incomplete sudoRole: cn: %s" msgstr "將忽略不完整的 sudoRole:cn:%s" -#: plugins/sudoers/parse_ldif.c:674 +#: plugins/sudoers/parse_ldif.c:677 #, c-format msgid "invalid LDIF attribute: %s" msgstr "LDIF 屬性無效:%s" -#: plugins/sudoers/policy.c:78 plugins/sudoers/policy.c:102 +#: plugins/sudoers/policy.c:80 plugins/sudoers/policy.c:111 #, c-format msgid "invalid %.*s set by sudo front-end" msgstr "sudo 前端設定的 %.*s 無效" -#: plugins/sudoers/policy.c:310 plugins/sudoers/testsudoers.c:272 +#: plugins/sudoers/policy.c:206 plugins/sudoers/policy.c:215 +#, c-format +msgid "path name for \"%s\" too long" +msgstr "「%s」的路徑名稱太長" + +#: plugins/sudoers/policy.c:328 plugins/sudoers/testsudoers.c:268 msgid "unable to parse network address list" msgstr "無法解析網路位址列表" -#: plugins/sudoers/policy.c:455 +#: plugins/sudoers/policy.c:479 msgid "user name not set by sudo front-end" msgstr "sudo 前端未設定使用者名稱" -#: plugins/sudoers/policy.c:459 +#: plugins/sudoers/policy.c:483 msgid "user-ID not set by sudo front-end" msgstr "sudo 前端未設定使用者 ID (user-ID)" -#: plugins/sudoers/policy.c:463 +#: plugins/sudoers/policy.c:487 msgid "group-ID not set by sudo front-end" msgstr "sudo 前端未設定群組 ID (group-ID)" -#: plugins/sudoers/policy.c:467 +#: plugins/sudoers/policy.c:491 msgid "host name not set by sudo front-end" msgstr "sudo 前端未設定主機名稱" -#: plugins/sudoers/policy.c:643 +#: plugins/sudoers/policy.c:693 #, c-format msgid "invalid working directory: %s" msgstr "無效的工作目錄:%s" -#: plugins/sudoers/policy.c:811 +#: plugins/sudoers/policy.c:869 #, c-format msgid "invalid chroot directory: %s" msgstr "無效的 chroot 目錄:%s" -#: plugins/sudoers/policy.c:947 plugins/sudoers/visudo.c:231 -#: plugins/sudoers/visudo.c:860 +#: plugins/sudoers/policy.c:1051 plugins/sudoers/visudo.c:243 +#: plugins/sudoers/visudo.c:880 #, c-format msgid "unable to execute %s" msgstr "無法執行 %s" -#: plugins/sudoers/policy.c:1111 +#: plugins/sudoers/policy.c:1121 plugins/sudoers/policy.c:1158 +#: plugins/sudoers/policy.c:1180 plugins/sudoers/policy.c:1206 +#, c-format +msgid "%s: invalid mode flags from sudo front end: 0x%x" +msgstr "%s:來自 sudo 前端的無效 mode 旗標:0x%x" + +#: plugins/sudoers/policy.c:1237 #, c-format msgid "Sudoers policy plugin version %s\n" msgstr "Sudoers 策略外掛程式版本 %s\n" -#: plugins/sudoers/policy.c:1113 +#: plugins/sudoers/policy.c:1239 #, c-format msgid "Sudoers file grammar version %d\n" msgstr "Sudoers 檔案文法版本 %d\n" -#: plugins/sudoers/policy.c:1117 +#: plugins/sudoers/policy.c:1243 #, c-format msgid "" "\n" @@ -2380,132 +3006,137 @@ "\n" "Sudoers 路徑:%s\n" -#: plugins/sudoers/policy.c:1120 +#: plugins/sudoers/policy.c:1246 #, c-format msgid "nsswitch path: %s\n" msgstr "nsswitch 路徑:%s\n" -#: plugins/sudoers/policy.c:1122 +#: plugins/sudoers/policy.c:1248 #, c-format msgid "ldap.conf path: %s\n" msgstr "ldap.conf 路徑:%s\n" -#: plugins/sudoers/policy.c:1123 +#: plugins/sudoers/policy.c:1249 #, c-format msgid "ldap.secret path: %s\n" msgstr "ldap.secret 路徑:%s\n" -#: plugins/sudoers/policy.c:1156 +#: plugins/sudoers/policy.c:1282 #, c-format msgid "unable to register hook of type %d (version %d.%d)" msgstr "無法註冊類型為 %d 的觸發器 (版本 %d.%d)" -#: plugins/sudoers/pwutil.c:217 plugins/sudoers/pwutil.c:235 +#: plugins/sudoers/policy.c:1300 +#, c-format +msgid "unable to deregister hook of type %d (version %d.%d)" +msgstr "無法取消註冊類型為 %d 的觸發器 (版本 %d.%d)" + +#: plugins/sudoers/pwutil.c:222 plugins/sudoers/pwutil.c:240 #, c-format msgid "unable to cache uid %u" msgstr "無法快取使用者 ID %u" -#: plugins/sudoers/pwutil.c:229 +#: plugins/sudoers/pwutil.c:234 #, c-format msgid "unable to cache uid %u, already exists" msgstr "無法快取使用者 ID %u,原因:使用者 ID 已存在" -#: plugins/sudoers/pwutil.c:289 plugins/sudoers/pwutil.c:307 -#: plugins/sudoers/pwutil.c:370 plugins/sudoers/pwutil.c:415 +#: plugins/sudoers/pwutil.c:294 plugins/sudoers/pwutil.c:312 +#: plugins/sudoers/pwutil.c:375 plugins/sudoers/pwutil.c:420 #, c-format msgid "unable to cache user %s" msgstr "無法快取 %s 使用者" -#: plugins/sudoers/pwutil.c:302 +#: plugins/sudoers/pwutil.c:307 #, c-format msgid "unable to cache user %s, already exists" msgstr "無法快取使用者 %s,原因:已存在" -#: plugins/sudoers/pwutil.c:534 plugins/sudoers/pwutil.c:552 +#: plugins/sudoers/pwutil.c:539 plugins/sudoers/pwutil.c:557 #, c-format msgid "unable to cache gid %u" msgstr "無法快取群組 ID %u" -#: plugins/sudoers/pwutil.c:546 +#: plugins/sudoers/pwutil.c:551 #, c-format msgid "unable to cache gid %u, already exists" msgstr "無法快取群組 ID %u,原因:已經存在" -#: plugins/sudoers/pwutil.c:599 plugins/sudoers/pwutil.c:617 -#: plugins/sudoers/pwutil.c:665 plugins/sudoers/pwutil.c:707 +#: plugins/sudoers/pwutil.c:605 plugins/sudoers/pwutil.c:623 +#: plugins/sudoers/pwutil.c:684 plugins/sudoers/pwutil.c:733 #, c-format msgid "unable to cache group %s" msgstr "無法快取 %s 群組" -#: plugins/sudoers/pwutil.c:612 +#: plugins/sudoers/pwutil.c:618 #, c-format msgid "unable to cache group %s, already exists" msgstr "無法快取群組 %s,原因:已經存在" -#: plugins/sudoers/pwutil.c:834 plugins/sudoers/pwutil.c:885 -#: plugins/sudoers/pwutil.c:935 plugins/sudoers/pwutil.c:987 +#: plugins/sudoers/pwutil.c:880 plugins/sudoers/pwutil.c:931 +#: plugins/sudoers/pwutil.c:981 plugins/sudoers/pwutil.c:1033 #, c-format msgid "unable to cache group list for %s, already exists" msgstr "無法快取群組列表 %s,原因:已經存在" -#: plugins/sudoers/pwutil.c:840 plugins/sudoers/pwutil.c:890 -#: plugins/sudoers/pwutil.c:941 plugins/sudoers/pwutil.c:992 +#: plugins/sudoers/pwutil.c:886 plugins/sudoers/pwutil.c:936 +#: plugins/sudoers/pwutil.c:987 plugins/sudoers/pwutil.c:1038 #, c-format msgid "unable to cache group list for %s" msgstr "無法快取 %s 的群組列表" -#: plugins/sudoers/pwutil.c:879 +#: plugins/sudoers/pwutil.c:925 #, c-format msgid "unable to parse groups for %s" msgstr "無法解析 %s 的群組" -#: plugins/sudoers/pwutil.c:981 +#: plugins/sudoers/pwutil.c:1027 #, c-format msgid "unable to parse gids for %s" msgstr "無法解析 %s 的群組 ID" -#: plugins/sudoers/set_perms.c:114 plugins/sudoers/set_perms.c:441 -#: plugins/sudoers/set_perms.c:844 plugins/sudoers/set_perms.c:1150 -#: plugins/sudoers/set_perms.c:1444 +#: plugins/sudoers/set_perms.c:114 plugins/sudoers/set_perms.c:445 +#: plugins/sudoers/set_perms.c:852 plugins/sudoers/set_perms.c:1162 +#: plugins/sudoers/set_perms.c:1460 msgid "perm stack overflow" msgstr "權限堆疊溢位" -#: plugins/sudoers/set_perms.c:122 plugins/sudoers/set_perms.c:372 -#: plugins/sudoers/set_perms.c:449 plugins/sudoers/set_perms.c:711 -#: plugins/sudoers/set_perms.c:852 plugins/sudoers/set_perms.c:1074 -#: plugins/sudoers/set_perms.c:1158 plugins/sudoers/set_perms.c:1377 -#: plugins/sudoers/set_perms.c:1452 plugins/sudoers/set_perms.c:1542 +#: plugins/sudoers/set_perms.c:125 plugins/sudoers/set_perms.c:376 +#: plugins/sudoers/set_perms.c:456 plugins/sudoers/set_perms.c:719 +#: plugins/sudoers/set_perms.c:863 plugins/sudoers/set_perms.c:1086 +#: plugins/sudoers/set_perms.c:1173 plugins/sudoers/set_perms.c:1393 +#: plugins/sudoers/set_perms.c:1471 plugins/sudoers/set_perms.c:1562 msgid "perm stack underflow" msgstr "權限堆疊反向溢位" -#: plugins/sudoers/set_perms.c:181 plugins/sudoers/set_perms.c:495 -#: plugins/sudoers/set_perms.c:1211 plugins/sudoers/set_perms.c:1485 +#: plugins/sudoers/set_perms.c:185 plugins/sudoers/set_perms.c:503 +#: plugins/sudoers/set_perms.c:1227 plugins/sudoers/set_perms.c:1505 msgid "unable to change to root gid" msgstr "無法切換為 root 群組 ID" -#: plugins/sudoers/set_perms.c:272 plugins/sudoers/set_perms.c:592 -#: plugins/sudoers/set_perms.c:983 plugins/sudoers/set_perms.c:1288 +#: plugins/sudoers/set_perms.c:276 plugins/sudoers/set_perms.c:600 +#: plugins/sudoers/set_perms.c:995 plugins/sudoers/set_perms.c:1304 msgid "unable to change to runas gid" msgstr "無法切換為 runas 群組 ID" -#: plugins/sudoers/set_perms.c:277 plugins/sudoers/set_perms.c:597 -#: plugins/sudoers/set_perms.c:988 plugins/sudoers/set_perms.c:1293 +#: plugins/sudoers/set_perms.c:281 plugins/sudoers/set_perms.c:605 +#: plugins/sudoers/set_perms.c:1000 plugins/sudoers/set_perms.c:1309 msgid "unable to set runas group vector" msgstr "無法設定 runas 群組集合" -#: plugins/sudoers/set_perms.c:288 plugins/sudoers/set_perms.c:608 -#: plugins/sudoers/set_perms.c:997 plugins/sudoers/set_perms.c:1302 +#: plugins/sudoers/set_perms.c:292 plugins/sudoers/set_perms.c:616 +#: plugins/sudoers/set_perms.c:1009 plugins/sudoers/set_perms.c:1318 msgid "unable to change to runas uid" msgstr "無法切換成 runas 使用者 ID" -#: plugins/sudoers/set_perms.c:306 plugins/sudoers/set_perms.c:626 -#: plugins/sudoers/set_perms.c:1013 plugins/sudoers/set_perms.c:1318 +#: plugins/sudoers/set_perms.c:310 plugins/sudoers/set_perms.c:634 +#: plugins/sudoers/set_perms.c:1025 plugins/sudoers/set_perms.c:1334 msgid "unable to change to sudoers gid" msgstr "無法切換為 sudoers 群組 ID" -#: plugins/sudoers/set_perms.c:359 plugins/sudoers/set_perms.c:698 -#: plugins/sudoers/set_perms.c:1061 plugins/sudoers/set_perms.c:1364 -#: plugins/sudoers/set_perms.c:1529 +#: plugins/sudoers/set_perms.c:363 plugins/sudoers/set_perms.c:706 +#: plugins/sudoers/set_perms.c:1073 plugins/sudoers/set_perms.c:1380 +#: plugins/sudoers/set_perms.c:1549 msgid "too many processes" msgstr "行程過多" @@ -2523,259 +3154,273 @@ msgid "truncated audit path argv[0]: %s" msgstr "截短的稽核路徑 argv[0]:%s" -#: plugins/sudoers/sssd.c:572 +#: plugins/sudoers/sssd.c:569 msgid "unable to initialize SSS source. Is SSSD installed on your machine?" msgstr "無法初始化 SSS 來源。是否已在您的電腦上安裝 SSSD?" -#: plugins/sudoers/sssd.c:580 plugins/sudoers/sssd.c:589 -#: plugins/sudoers/sssd.c:598 plugins/sudoers/sssd.c:607 -#: plugins/sudoers/sssd.c:616 +#: plugins/sudoers/sssd.c:577 plugins/sudoers/sssd.c:586 +#: plugins/sudoers/sssd.c:595 plugins/sudoers/sssd.c:604 +#: plugins/sudoers/sssd.c:613 #, c-format msgid "unable to find symbol \"%s\" in %s" msgstr "無法在 %2$s 中找到符號「%1$s」" -#: plugins/sudoers/sudoers.c:214 plugins/sudoers/sudoers.c:1010 +#: plugins/sudoers/sudoers.c:166 plugins/sudoers/sudoers.c:174 +#: plugins/sudoers/sudoers.c:228 plugins/sudoers/sudoers.c:249 +#: plugins/sudoers/sudoers.c:1049 msgid "problem with defaults entries" msgstr "預設條目有問題" -#: plugins/sudoers/sudoers.c:218 +#: plugins/sudoers/sudoers.c:253 msgid "no valid sudoers sources found, quitting" msgstr "未找到有效的 sudoers 來源,退出" -#: plugins/sudoers/sudoers.c:292 +#: plugins/sudoers/sudoers.c:327 #, c-format msgid "user not allowed to change root directory to %s" msgstr "不允許使用者切換根目錄至 %s" -#: plugins/sudoers/sudoers.c:294 +#: plugins/sudoers/sudoers.c:329 #, c-format msgid "you are not permitted to use the -R option with %s" msgstr "不允許您將 -R 選項與 %s 一起使用" -#: plugins/sudoers/sudoers.c:319 +#: plugins/sudoers/sudoers.c:354 #, c-format msgid "user not allowed to change directory to %s" msgstr "不允許使用者切換至 %s 目錄" -#: plugins/sudoers/sudoers.c:320 +#: plugins/sudoers/sudoers.c:355 #, c-format msgid "you are not permitted to use the -D option with %s" msgstr "不允許您將 -D 選項與 %s 一起使用" -#: plugins/sudoers/sudoers.c:351 +#: plugins/sudoers/sudoers.c:382 +msgid "no command specified" +msgstr "未指定命令" + +#: plugins/sudoers/sudoers.c:407 msgid "sudoers specifies that root is not allowed to sudo" msgstr "sudoers 指定 root 不允許執行 sudo" -#: plugins/sudoers/sudoers.c:411 +#: plugins/sudoers/sudoers.c:457 msgid "user not allowed to override closefrom limit" msgstr "使用者不允許覆蓋 closefrom 限制" -#: plugins/sudoers/sudoers.c:412 +#: plugins/sudoers/sudoers.c:458 msgid "you are not permitted to use the -C option" msgstr "您沒有權限使用 -C 選項" -#: plugins/sudoers/sudoers.c:472 +#: plugins/sudoers/sudoers.c:518 #, c-format msgid "timestamp owner (%s): No such user" msgstr "時間戳所有者 (%s):無此使用者" -#: plugins/sudoers/sudoers.c:487 +#: plugins/sudoers/sudoers.c:533 msgid "no tty" msgstr "找不到終端" -#: plugins/sudoers/sudoers.c:488 +#: plugins/sudoers/sudoers.c:534 msgid "sorry, you must have a tty to run sudo" msgstr "抱歉,您必須先要有終端才能執行 sudo" -#: plugins/sudoers/sudoers.c:495 +#: plugins/sudoers/sudoers.c:541 #, c-format msgid "invalid shell for user %s: %s" msgstr "%s 使用者的 Shell 無效:%s" -#: plugins/sudoers/sudoers.c:578 +#: plugins/sudoers/sudoers.c:624 msgid "command in current directory" msgstr "目前目錄中的指令" -#: plugins/sudoers/sudoers.c:597 +#: plugins/sudoers/sudoers.c:639 +msgid "\"cd\" is a shell built-in command, it cannot be run directly." +msgstr "「cd」是 shell 內建的命令,不能直接執行。" + +#: plugins/sudoers/sudoers.c:641 +msgid "the -s option may be used to run a privileged shell." +msgstr "-s 選項可用來執行具特殊權限的 shell。" + +#: plugins/sudoers/sudoers.c:643 +msgid "the -D option may be used to run a command in a specific directory." +msgstr "-D 選項可用來在特定目錄執行命令。" + +#: plugins/sudoers/sudoers.c:652 msgid "user not allowed to set a command timeout" msgstr "使用者不允許設定命令逾時" -#: plugins/sudoers/sudoers.c:599 +#: plugins/sudoers/sudoers.c:654 msgid "sorry, you are not allowed set a command timeout" msgstr "抱歉,您沒有權限設定逾時時間" -#: plugins/sudoers/sudoers.c:607 +#: plugins/sudoers/sudoers.c:662 msgid "user not allowed to preserve the environment" msgstr "使用者不允許保留環境" -#: plugins/sudoers/sudoers.c:609 +#: plugins/sudoers/sudoers.c:664 msgid "sorry, you are not allowed to preserve the environment" msgstr "抱歉,您沒有權限保留環境" -#: plugins/sudoers/sudoers.c:945 -msgid "command too long" -msgstr "指令過長" - -#: plugins/sudoers/sudoers.c:1003 +#: plugins/sudoers/sudoers.c:1037 msgid "sudoedit doesn't need to be run via sudo" msgstr "sudoedit 不用以 sudo 執行" -#: plugins/sudoers/sudoers.c:1057 plugins/sudoers/sudoreplay.c:1547 +#: plugins/sudoers/sudoers.c:1096 plugins/sudoers/sudoreplay.c:1578 #: plugins/sudoers/tsdump.c:138 #, c-format msgid "unable to read %s" msgstr "無法讀取 %s" -#: plugins/sudoers/sudoers.c:1082 plugins/sudoers/visudo.c:432 -#: plugins/sudoers/visudo.c:726 +#: plugins/sudoers/sudoers.c:1121 plugins/sudoers/visudo.c:449 +#: plugins/sudoers/visudo.c:748 #, c-format msgid "unable to stat %s" msgstr "無法 stat %s" -#: plugins/sudoers/sudoers.c:1086 plugins/sudoers/visudo.c:1018 +#: plugins/sudoers/sudoers.c:1125 plugins/sudoers/visudo.c:1045 #, c-format msgid "%s is not a regular file" msgstr "%s 不是一般檔案" -#: plugins/sudoers/sudoers.c:1090 plugins/sudoers/timestamp.c:252 toke.l:1112 +#: plugins/sudoers/sudoers.c:1129 plugins/sudoers/timestamp.c:252 toke.l:1168 #, c-format msgid "%s is owned by uid %u, should be %u" msgstr "%s 由使用者 ID %u 所有,應為 %u" -#: plugins/sudoers/sudoers.c:1094 toke.l:1117 +#: plugins/sudoers/sudoers.c:1133 toke.l:1173 #, c-format msgid "%s is world writable" msgstr "%s 允許任何人寫入" -#: plugins/sudoers/sudoers.c:1098 toke.l:1120 +#: plugins/sudoers/sudoers.c:1137 toke.l:1176 #, c-format msgid "%s is owned by gid %u, should be %u" msgstr "%s 屬於群組 ID %u,應為 %u" -#: plugins/sudoers/sudoers.c:1131 +#: plugins/sudoers/sudoers.c:1170 #, c-format msgid "only root can use \"-c %s\"" msgstr "只有 root 才能使用「-c %s」" -#: plugins/sudoers/sudoers.c:1150 +#: plugins/sudoers/sudoers.c:1189 #, c-format -msgid "unknown login class: %s" -msgstr "未知的登入類別:%s" +msgid "unknown login class %s" +msgstr "未知登入類別 %s" -#: plugins/sudoers/sudoers.c:1235 plugins/sudoers/sudoers.c:1250 +#: plugins/sudoers/sudoers.c:1275 plugins/sudoers/sudoers.c:1290 #, c-format msgid "unable to resolve host %s" msgstr "無法解析主機:%s" -#: plugins/sudoers/sudoreplay.c:257 +#: plugins/sudoers/sudoreplay.c:259 #, c-format msgid "invalid filter option: %s" msgstr "無效的過濾器選項:%s" -#: plugins/sudoers/sudoreplay.c:273 +#: plugins/sudoers/sudoreplay.c:275 #, c-format msgid "invalid max wait: %s" msgstr "無效的最大等待時間:%s" -#: plugins/sudoers/sudoreplay.c:296 +#: plugins/sudoers/sudoreplay.c:298 #, c-format msgid "invalid speed factor: %s" msgstr "無效的速度因數:%s" -#: plugins/sudoers/sudoreplay.c:332 +#: plugins/sudoers/sudoreplay.c:333 +#, c-format +msgid "invalid time offset %s" +msgstr "時間偏移值 %s 無效" + +#: plugins/sudoers/sudoreplay.c:342 #, c-format msgid "%s/%.2s/%.2s/%.2s: %s" msgstr "%s/%.2s/%.2s/%.2s: %s" -#: plugins/sudoers/sudoreplay.c:337 +#: plugins/sudoers/sudoreplay.c:347 #, c-format msgid "%s/timing: %s" msgstr "%s/計時:%s" -#: plugins/sudoers/sudoreplay.c:341 -#, c-format -msgid "%s/%s: %s" -msgstr "%s/%s: %s" - -#: plugins/sudoers/sudoreplay.c:365 +#: plugins/sudoers/sudoreplay.c:375 #, c-format msgid "Replaying sudo session: %s" msgstr "重播 sudo 工作階段:%s" -#: plugins/sudoers/sudoreplay.c:627 +#: plugins/sudoers/sudoreplay.c:637 msgid "unable to set tty to raw mode" msgstr "無法將終端設為原始 (RAW) 模式" -#: plugins/sudoers/sudoreplay.c:678 +#: plugins/sudoers/sudoreplay.c:688 msgid "Warning: your terminal is too small to properly replay the log.\n" msgstr "警告:您的終端尺寸太小,不能正常地重播記錄。\n" -#: plugins/sudoers/sudoreplay.c:679 +#: plugins/sudoers/sudoreplay.c:689 #, c-format msgid "Log geometry is %d x %d, your terminal's geometry is %d x %d." msgstr "記錄的幾何尺寸為 %dx%d,但您終端的幾何尺寸為 %dx%d。" -#: plugins/sudoers/sudoreplay.c:707 +#: plugins/sudoers/sudoreplay.c:717 msgid "Replay finished, press any key to restore the terminal." msgstr "重播完成,請按任意鍵返回終端。" -#: plugins/sudoers/sudoreplay.c:1197 plugins/sudoers/sudoreplay.c:1227 +#: plugins/sudoers/sudoreplay.c:1218 plugins/sudoers/sudoreplay.c:1248 #, c-format msgid "ambiguous expression \"%s\"" msgstr "不明確的表達式「%s」" -#: plugins/sudoers/sudoreplay.c:1249 +#: plugins/sudoers/sudoreplay.c:1270 msgid "unmatched ')' in expression" msgstr "表達式中的「)」不對稱" -#: plugins/sudoers/sudoreplay.c:1253 +#: plugins/sudoers/sudoreplay.c:1274 #, c-format msgid "unknown search term \"%s\"" msgstr "未知的搜尋詞彙「%s」" -#: plugins/sudoers/sudoreplay.c:1268 +#: plugins/sudoers/sudoreplay.c:1289 #, c-format msgid "%s requires an argument" msgstr "%s 需要參數" -#: plugins/sudoers/sudoreplay.c:1271 plugins/sudoers/sudoreplay.c:1523 +#: plugins/sudoers/sudoreplay.c:1292 plugins/sudoers/sudoreplay.c:1554 #, c-format msgid "invalid regular expression: %s" msgstr "無效的正規表示式:%s" -#: plugins/sudoers/sudoreplay.c:1276 +#: plugins/sudoers/sudoreplay.c:1297 #, c-format msgid "could not parse date \"%s\"" msgstr "無法解析日期「%s」" -#: plugins/sudoers/sudoreplay.c:1285 +#: plugins/sudoers/sudoreplay.c:1306 msgid "unmatched '(' in expression" msgstr "表達式中的「(」不對稱" -#: plugins/sudoers/sudoreplay.c:1287 +#: plugins/sudoers/sudoreplay.c:1308 msgid "illegal trailing \"or\"" msgstr "無效的結尾字元「or」" -#: plugins/sudoers/sudoreplay.c:1289 +#: plugins/sudoers/sudoreplay.c:1310 msgid "illegal trailing \"!\"" msgstr "無效的結尾字元「!」" -#: plugins/sudoers/sudoreplay.c:1347 +#: plugins/sudoers/sudoreplay.c:1368 #, c-format msgid "unknown search type %d" msgstr "未知的搜尋類型 %d" -#: plugins/sudoers/sudoreplay.c:1614 +#: plugins/sudoers/sudoreplay.c:1645 #, c-format msgid "usage: %s [-hnRS] [-d dir] [-m num] [-s num] ID\n" msgstr "用法:%s [-hnRS] [-d 目錄] [-m 數值] [-s 數值] ID\n" -#: plugins/sudoers/sudoreplay.c:1617 +#: plugins/sudoers/sudoreplay.c:1648 #, c-format msgid "usage: %s [-h] [-d dir] -l [search expression]\n" msgstr "用法:%s [-h] [-d 目錄] -l [搜尋表達式]\n" -#: plugins/sudoers/sudoreplay.c:1626 +#: plugins/sudoers/sudoreplay.c:1657 #, c-format msgid "" "%s - replay sudo session logs\n" @@ -2784,7 +3429,7 @@ "%s - 重播 sudo 工作階段記錄\n" "\n" -#: plugins/sudoers/sudoreplay.c:1628 +#: plugins/sudoers/sudoreplay.c:1659 msgid "" "\n" "Options:\n" @@ -2812,11 +3457,11 @@ " -s, --speed=數值 加速或減速輸出速度\n" " -V, --version 顯示版本訊息並退出" -#: plugins/sudoers/testsudoers.c:348 +#: plugins/sudoers/testsudoers.c:344 msgid "\thost unmatched" msgstr "\t主機不相符" -#: plugins/sudoers/testsudoers.c:351 +#: plugins/sudoers/testsudoers.c:347 msgid "" "\n" "Command allowed" @@ -2824,7 +3469,7 @@ "\n" "指令已允許" -#: plugins/sudoers/testsudoers.c:352 +#: plugins/sudoers/testsudoers.c:348 msgid "" "\n" "Command denied" @@ -2832,7 +3477,7 @@ "\n" "指令被拒" -#: plugins/sudoers/testsudoers.c:352 +#: plugins/sudoers/testsudoers.c:348 msgid "" "\n" "Command unmatched" @@ -2845,121 +3490,127 @@ msgid "%s is group writable" msgstr "%s 允許群組寫入" -#: plugins/sudoers/timestamp.c:336 plugins/sudoers/timestamp.c:680 +#: plugins/sudoers/timestamp.c:328 plugins/sudoers/timestamp.c:663 #, c-format msgid "unable to truncate time stamp file to %lld bytes" msgstr "無法將時間戳檔案截短為 %lld 位元組" -#: plugins/sudoers/timestamp.c:866 +#: plugins/sudoers/timestamp.c:860 msgid "ignoring time stamp from the future" msgstr "將忽略未來時間的時間戳" -#: plugins/sudoers/timestamp.c:889 +#: plugins/sudoers/timestamp.c:883 #, c-format msgid "time stamp too far in the future: %20.20s" msgstr "時間戳超前目前時間過多:%20.20s" -#: plugins/sudoers/timestamp.c:1011 +#: plugins/sudoers/timestamp.c:1005 #, c-format msgid "unable to lock time stamp file %s" msgstr "無法鎖定時間戳檔案 %s" -#: plugins/sudoers/timestamp.c:1055 plugins/sudoers/timestamp.c:1075 +#: plugins/sudoers/timestamp.c:1049 plugins/sudoers/timestamp.c:1069 #, c-format msgid "lecture status path too long: %s/%s" msgstr "指引狀態路徑過長:%s/%s" -#: plugins/sudoers/toke_util.c:124 +#: plugins/sudoers/toke_util.c:150 msgid "sudoedit should not be specified with a path" msgstr "sudoedit 不應用路徑指定" -#: plugins/sudoers/visudo.c:226 +#: plugins/sudoers/visudo.c:238 msgid "the -x option will be removed in a future release" msgstr "未來版本會移除 -x 選項" -#: plugins/sudoers/visudo.c:228 +#: plugins/sudoers/visudo.c:240 msgid "please consider using the cvtsudoers utility instead" msgstr "請考慮換用 cvtsudoers 工具" -#: plugins/sudoers/visudo.c:279 plugins/sudoers/visudo.c:659 +#: plugins/sudoers/visudo.c:292 plugins/sudoers/visudo.c:676 #, c-format msgid "press return to edit %s: " msgstr "按確認鍵編輯 %s:" -#: plugins/sudoers/visudo.c:340 +#: plugins/sudoers/visudo.c:307 +#, c-format +msgid "contents of edit session left in %s" +msgstr "" + +#: plugins/sudoers/visudo.c:361 #, c-format msgid "specified editor (%s) doesn't exist" msgstr "指定的編輯器 (%s) 不存在" -#: plugins/sudoers/visudo.c:342 +#: plugins/sudoers/visudo.c:363 #, c-format msgid "no editor found (editor path = %s)" msgstr "未找到編輯器 (編輯器路徑 = %s)" -#: plugins/sudoers/visudo.c:452 plugins/sudoers/visudo.c:460 +#: plugins/sudoers/visudo.c:469 plugins/sudoers/visudo.c:477 msgid "write error" msgstr "寫入時發生錯誤" -#: plugins/sudoers/visudo.c:506 +#: plugins/sudoers/visudo.c:523 #, c-format msgid "unable to stat temporary file (%s), %s unchanged" msgstr "無法 stat 暫存檔 (%s),%s 未變更" -#: plugins/sudoers/visudo.c:513 +#: plugins/sudoers/visudo.c:530 #, c-format msgid "zero length temporary file (%s), %s unchanged" msgstr "暫存檔內沒有內容 (%s),%s 未變更" -#: plugins/sudoers/visudo.c:519 +#: plugins/sudoers/visudo.c:536 #, c-format msgid "editor (%s) failed, %s unchanged" msgstr "編輯器 (%s) 執行失敗,%s 未變更" -#: plugins/sudoers/visudo.c:541 +#: plugins/sudoers/visudo.c:558 #, c-format msgid "%s unchanged" msgstr "%s 未變更" -#: plugins/sudoers/visudo.c:598 +#: plugins/sudoers/visudo.c:615 #, c-format msgid "unable to re-open temporary file (%s), %s unchanged." msgstr "無法重新開啟暫存檔 (%s),%s 未變更。" -#: plugins/sudoers/visudo.c:610 +#: plugins/sudoers/visudo.c:627 #, c-format msgid "unable to parse temporary file (%s), unknown error" msgstr "無法解析暫存檔 (%s),未知錯誤" -#: plugins/sudoers/visudo.c:648 +#: plugins/sudoers/visudo.c:665 #, c-format msgid "internal error, unable to find %s in list!" msgstr "內部錯誤,原因:列表中找不到 %s!" -#: plugins/sudoers/visudo.c:728 plugins/sudoers/visudo.c:737 +#: plugins/sudoers/visudo.c:722 plugins/sudoers/visudo.c:752 +#: plugins/sudoers/visudo.c:759 #, c-format msgid "unable to set (uid, gid) of %s to (%u, %u)" msgstr "無法將 %s 的 (uid, gid) 設為 (%u, %u)" -#: plugins/sudoers/visudo.c:760 +#: plugins/sudoers/visudo.c:787 #, c-format msgid "%s and %s not on the same file system, using mv to rename" msgstr "%s 和 %s 不在同一個檔案系統,將使用 mv 進行重新命名" -#: plugins/sudoers/visudo.c:774 +#: plugins/sudoers/visudo.c:798 #, c-format msgid "command failed: '%s %s %s', %s unchanged" msgstr "指令失敗:「%s %s %s」,%s 未變更" -#: plugins/sudoers/visudo.c:784 +#: plugins/sudoers/visudo.c:805 #, c-format msgid "error renaming %s, %s unchanged" msgstr "重新命名 %s 發生錯誤,%s 未變更" -#: plugins/sudoers/visudo.c:805 +#: plugins/sudoers/visudo.c:825 msgid "What now? " msgstr "現在該做些什麼?" -#: plugins/sudoers/visudo.c:819 +#: plugins/sudoers/visudo.c:839 msgid "" "Options are:\n" " (e)dit sudoers file again\n" @@ -2971,66 +3622,41 @@ " 退出,不儲存對 sudoers 檔案的變更 (x)\n" " 退出並將變更儲存到 sudoers 檔案(十分危險!)(Q)\n" -#: plugins/sudoers/visudo.c:865 +#: plugins/sudoers/visudo.c:885 #, c-format msgid "unable to run %s" msgstr "無法執行 %s" -#: plugins/sudoers/visudo.c:895 +#: plugins/sudoers/visudo.c:916 #, c-format msgid "%s: wrong owner (uid, gid) should be (%u, %u)\n" msgstr "%s:所有者無效,(uid, gid) 應為 (%u, %u)\n" -#: plugins/sudoers/visudo.c:902 +#: plugins/sudoers/visudo.c:927 #, c-format msgid "%s: bad permissions, should be mode 0%o\n" msgstr "%s:權限不正確,模式應該是 0%o\n" -#: plugins/sudoers/visudo.c:951 plugins/sudoers/visudo.c:958 +#: plugins/sudoers/visudo.c:978 plugins/sudoers/visudo.c:985 #, c-format msgid "%s: parsed OK\n" msgstr "%s:解析正確\n" -#: plugins/sudoers/visudo.c:977 +#: plugins/sudoers/visudo.c:1004 #, c-format msgid "%s busy, try again later" msgstr "%s 忙碌中,請稍後重試" -#: plugins/sudoers/visudo.c:980 -#, c-format -msgid "unable to lock %s" -msgstr "無法鎖定 %s" - -#: plugins/sudoers/visudo.c:981 +#: plugins/sudoers/visudo.c:1008 msgid "Edit anyway? [y/N]" msgstr "仍然編輯?[y/N]" -#: plugins/sudoers/visudo.c:1091 -#, c-format -msgid "Error: %s:%d:%d: cycle in %s \"%s\"" -msgstr "錯誤:%s:%d:%d: %s「%s」中有循環" - -#: plugins/sudoers/visudo.c:1092 -#, c-format -msgid "Warning: %s:%d:%d: cycle in %s \"%s\"" -msgstr "警告:%s:%d:%d: %s「%s」中有循環" - -#: plugins/sudoers/visudo.c:1096 -#, c-format -msgid "Error: %s:%d:%d: %s \"%s\" referenced but not defined" -msgstr "錯誤:%s:%d:%d: 已引用但未定義 %s「%s」" - -#: plugins/sudoers/visudo.c:1097 -#, c-format -msgid "Warning: %s:%d:%d: %s \"%s\" referenced but not defined" -msgstr "警告:%s:%d:%d: 已引用但未定義 %s「%s」" - -#: plugins/sudoers/visudo.c:1188 +#: plugins/sudoers/visudo.c:1104 #, c-format msgid "Warning: %s:%d:%d: unused %s \"%s\"" msgstr "警告:%s:%d:%d: %s「%s」未使用" -#: plugins/sudoers/visudo.c:1303 +#: plugins/sudoers/visudo.c:1220 #, c-format msgid "" "%s - safely edit the sudoers file\n" @@ -3039,7 +3665,7 @@ "%s - 安全地編輯 sudoers 檔案\n" "\n" -#: plugins/sudoers/visudo.c:1305 +#: plugins/sudoers/visudo.c:1222 msgid "" "\n" "Options:\n" @@ -3059,40 +3685,106 @@ " -s, --strict 嚴格語法檢查\n" " -V, --version 顯示版本訊息並退出\n" -#: toke.l:179 +#: toke.l:187 msgid "empty string" msgstr "字串空白" -#: toke.l:189 toke.l:491 +#: toke.l:199 toke.l:513 msgid "empty group" msgstr "group 空白" -#: toke.l:197 toke.l:489 +#: toke.l:209 toke.l:511 msgid "empty netgroup" msgstr "netgroup 空白" -#: toke.l:293 toke.l:305 toke.l:317 toke.l:333 toke.l:352 toke.l:392 +#: toke.l:305 toke.l:317 toke.l:329 toke.l:345 toke.l:364 toke.l:404 msgid "invalid line continuation" msgstr "無效的行接續符號" -#: toke.l:528 toke.l:540 +#: toke.l:550 toke.l:562 msgid "invalid IPv6 address" msgstr "無效的 IPv6 地址" -#: toke.l:764 +#: toke.l:789 msgid "unexpected line break in string" msgstr "字串中有非預期的斷行字元" -#: toke.l:1084 +#: toke.l:1139 msgid "too many levels of includes" msgstr "include 嵌套層數過多" +#~ msgid "%s: write buffer already in use" +#~ msgstr "%s:寫入緩衝區正被使用" + +#~ msgid "unable to read diffie-hellman parameters: %s" +#~ msgstr "無法讀取 Diffie-Hellman 參數:%s" + +#~ msgid "unknown defaults entry \"%s\"" +#~ msgstr "預設項目「%s」未知" + +#~ msgid "%s:%d unknown key: %s" +#~ msgstr "%s:%d 未知鍵:%s" + +#~ msgid "unable to get TLS server method: %s" +#~ msgstr "無法取得 TLS 伺服器方法:%s" + +#~ msgid "%s:%u unable to parse \"%s\"" +#~ msgstr "%s:%u 無法解析「%s」" + +#, fuzzy +#~ msgid "" +#~ "\n" +#~ "Options:\n" +#~ " -f, --file path to configuration file\n" +#~ " -h --help display help message and exit\n" +#~ " -n, --no-fork do not fork, run in the foreground\n" +#~ " -R, --random-drop percent chance connections will drop\n" +#~ " -V, --version display version information and exit\n" +#~ msgstr "" +#~ "\n" +#~ "選項:\n" +#~ " -f, --file 設定檔路徑\n" +#~ " -h, --help 顯示說明訊息並退出\n" +#~ " -n, --no-fork 不要 fork,在前景執行\n" +#~ " -R, --random-drop percent chance connections will drop\n" +#~ " -V, --version 顯示版本資訊後離開\n" + +#~ msgid "" +#~ "\n" +#~ "Options:\n" +#~ " --help display help message and exit\n" +#~ " -A, --accept only send an accept event (no I/O)\n" +#~ " -h, --host host to send logs to\n" +#~ " -i, --iolog_id remote ID of I/O log to be resumed\n" +#~ " -p, --port port to use when connecting to host\n" +#~ " -r, --restart restart previous I/O log transfer\n" +#~ " -R, --reject reject the command with the given reason\n" +#~ " -b, --ca-bundle certificate bundle file to verify server's cert against\n" +#~ " -c, --cert certificate file for TLS handshake\n" +#~ " -k, --key private key file\n" +#~ " -n, --no-verify do not verify server certificate\n" +#~ " -t, --test test audit server by sending selected I/O log n times in parallel\n" +#~ " -V, --version display version information and exit\n" +#~ msgstr "" +#~ "\n" +#~ "選項:\n" +#~ " --help 顯示說明訊息後離開\n" +#~ " -A, --accept 只傳送接受事件 (無 I/O)\n" +#~ " -h, --host 要傳送記錄至的目標主機\n" +#~ " -i, --iolog_id 要繼續的 I/O 記錄的遠端 ID\n" +#~ " -p, --port 連線到主機時要使用的連線埠\n" +#~ " -r, --restart 重新啟動上次的 I/O 記錄傳輸\n" +#~ " -R, --reject 以提供的原因拒絕命令\n" +#~ " -b, --ca-bundle 用來核驗伺服器憑證針對對象的憑證組合檔案\n" +#~ " -c, --cert 用於 TLS 交握的憑證檔案\n" +#~ " -k, --key 私鑰檔案\n" +#~ " -n, --no-verify 不核驗伺服器憑證\n" +#~ " -t, --test 透過並行傳送選取的 I/O 記錄 n 次來測試稽核伺服器\n" +#~ " -V, --version 顯示版本資訊後離開\n" + #~ msgid "Preload the dummy exec functions contained in the sudo_noexec library" #~ msgstr "預載「sudo_noexec」函式庫中包含的空 exec 函數" -#~ msgid "unable to lock log file: %s" -#~ msgstr "無法鎖定記錄檔案:%s" - #~ msgid "sudo_ldap_conf_add_ports: port too large" #~ msgstr "sudo_ldap_conf_add_ports:連線埠過大" diff -Nru sudo-1.9.5p2/plugins/sudoers/policy.c sudo-1.9.9/plugins/sudoers/policy.c --- sudo-1.9.5p2/plugins/sudoers/policy.c 2021-01-23 15:45:11.000000000 +0000 +++ sudo-1.9.9/plugins/sudoers/policy.c 2022-01-27 21:24:22.000000000 +0000 @@ -1,7 +1,7 @@ /* * SPDX-License-Identifier: ISC * - * Copyright (c) 2010-2020 Todd C. Miller + * Copyright (c) 2010-2021 Todd C. Miller * * Permission to use, copy, modify, and distribute this software for any * purpose with or without fee is hereby granted, provided that the above @@ -38,6 +38,8 @@ #include "sudoers_version.h" #include "interfaces.h" +static char **command_info; + /* * Command execution args to be filled in: argv, envp and command info. */ @@ -59,7 +61,7 @@ extern sudo_dso_public struct policy_plugin sudoers_policy; #ifdef HAVE_BSD_AUTH_H -extern char *login_style; +char *login_style; #endif /* HAVE_BSD_AUTH_H */ static int @@ -75,23 +77,29 @@ CLR(*flags, fval); debug_return_int(false); default: - sudo_warn(U_("invalid %.*s set by sudo front-end"), + sudo_warnx(U_("invalid %.*s set by sudo front-end"), varlen, line); debug_return_int(-1); } } +#define RUN_VALID_FLAGS (MODE_ASKPASS|MODE_PRESERVE_ENV|MODE_RESET_HOME|MODE_IMPLIED_SHELL|MODE_LOGIN_SHELL|MODE_NONINTERACTIVE|MODE_IGNORE_TICKET|MODE_PRESERVE_GROUPS|MODE_SHELL|MODE_RUN|MODE_POLICY_INTERCEPTED) +#define EDIT_VALID_FLAGS (MODE_ASKPASS|MODE_NONINTERACTIVE|MODE_IGNORE_TICKET|MODE_EDIT) +#define LIST_VALID_FLAGS (MODE_ASKPASS|MODE_NONINTERACTIVE|MODE_IGNORE_TICKET|MODE_LIST|MODE_CHECK) +#define VALIDATE_VALID_FLAGS (MODE_ASKPASS|MODE_NONINTERACTIVE|MODE_IGNORE_TICKET|MODE_VALIDATE) +#define INVALIDATE_VALID_FLAGS (MODE_ASKPASS|MODE_NONINTERACTIVE|MODE_IGNORE_TICKET|MODE_INVALIDATE) + /* * Deserialize args, settings and user_info arrays. * Fills in struct sudo_user and other common sudoers state. */ int -sudoers_policy_deserialize_info(void *v) +sudoers_policy_deserialize_info(void *v, struct defaults_list *defaults) { - const int edit_mask = MODE_EDIT|MODE_IGNORE_TICKET|MODE_NONINTERACTIVE; struct sudoers_open_info *info = v; const char *p, *errstr, *groups = NULL; const char *remhost = NULL; + unsigned char uuid[16]; char * const *cur; int flags = 0; debug_decl(sudoers_policy_deserialize_info, SUDOERS_DEBUG_PLUGIN); @@ -100,7 +108,7 @@ (strncmp((s), (v), sizeof(v) - 1) == 0) #define INVALID(v) do { \ - sudo_warn(U_("invalid %.*s set by sudo front-end"), \ + sudo_warnx(U_("invalid %.*s set by sudo front-end"), \ (int)(sizeof(v) - 2), (v)); \ } while (0) @@ -117,6 +125,10 @@ } /* Parse sudo.conf plugin args. */ + sudoers_file = _PATH_SUDOERS; + sudoers_mode = SUDOERS_MODE; + sudoers_uid = SUDOERS_UID; + sudoers_gid = SUDOERS_GID; if (info->plugin_args != NULL) { for (cur = info->plugin_args; *cur != NULL; cur++) { if (MATCHES(*cur, "error_recovery=")) { @@ -174,6 +186,7 @@ } /* Parse command line settings. */ + sudo_mode = 0; user_closefrom = -1; for (cur = info->settings; *cur != NULL; cur++) { if (MATCHES(*cur, "closefrom=")) { @@ -189,11 +202,19 @@ if (MATCHES(*cur, "cmnd_chroot=")) { CHECK(*cur, "cmnd_chroot="); user_runchroot = *cur + sizeof("cmnd_chroot=") - 1; + if (strlen(user_runchroot) >= PATH_MAX) { + sudo_warnx(U_("path name for \"%s\" too long"), "cmnd_chroot"); + goto bad; + } continue; } if (MATCHES(*cur, "cmnd_cwd=")) { CHECK(*cur, "cmnd_cwd="); user_runcwd = *cur + sizeof("cmnd_cwd=") - 1; + if (strlen(user_runcwd) >= PATH_MAX) { + sudo_warnx(U_("path name for \"%s\" too long"), "cmnd_cwd"); + goto bad; + } continue; } if (MATCHES(*cur, "runas_user=")) { @@ -211,7 +232,8 @@ if (MATCHES(*cur, "prompt=")) { /* Allow epmpty prompt. */ user_prompt = *cur + sizeof("prompt=") - 1; - def_passprompt_override = true; + if (!append_default("passprompt_override", NULL, true, NULL, defaults)) + goto oom; continue; } if (MATCHES(*cur, "set_home=")) { @@ -271,36 +293,31 @@ if (MATCHES(*cur, "login_class=")) { CHECK(*cur, "login_class="); login_class = *cur + sizeof("login_class=") - 1; - def_use_loginclass = true; - continue; - } -#ifdef HAVE_PRIV_SET - if (MATCHES(*cur, "runas_privs=")) { - CHECK(*cur, "runas_privs="); - def_privs = *cur + sizeof("runas_privs=") - 1; - continue; - } - if (MATCHES(*cur, "runas_limitprivs=")) { - CHECK(*cur, "runas_limitprivs="); - def_limitprivs = *cur + sizeof("runas_limitprivs=") - 1; + if (!append_default("use_loginclass", NULL, true, NULL, defaults)) + goto oom; continue; } -#endif /* HAVE_PRIV_SET */ #ifdef HAVE_SELINUX if (MATCHES(*cur, "selinux_role=")) { CHECK(*cur, "selinux_role="); - user_role = *cur + sizeof("selinux_role=") - 1; + free(user_role); + user_role = strdup(*cur + sizeof("selinux_role=") - 1); + if (user_role == NULL) + goto oom; continue; } if (MATCHES(*cur, "selinux_type=")) { CHECK(*cur, "selinux_type="); - user_type = *cur + sizeof("selinux_type=") - 1; + free(user_type); + user_type = strdup(*cur + sizeof("selinux_type=") - 1); + if (user_type == NULL) + goto oom; continue; } #endif /* HAVE_SELINUX */ #ifdef HAVE_BSD_AUTH_H if (MATCHES(*cur, "bsdauth_type=")) { - CHECK(*cur, "login_style="); + CHECK(*cur, "bsdauth_type="); login_style = *cur + sizeof("bsdauth_type=") - 1; continue; } @@ -316,7 +333,7 @@ if (MATCHES(*cur, "max_groups=")) { errno = 0; p = *cur + sizeof("max_groups=") - 1; - sudo_user.max_groups = sudo_strtonum(p, 1, INT_MAX, &errstr); + sudo_user.max_groups = sudo_strtonum(p, 1, 1024, &errstr); if (sudo_user.max_groups == 0) { sudo_warnx(U_("%s: %s"), *cur, U_(errstr)); goto bad; @@ -340,6 +357,12 @@ } continue; } + if (MATCHES(*cur, "askpass=")) { + if (parse_bool(*cur, sizeof("askpass") - 1, &flags, + MODE_ASKPASS) == -1) + goto bad; + continue; + } #ifdef ENABLE_SUDO_PLUGIN_API if (MATCHES(*cur, "plugin_dir=")) { CHECK(*cur, "plugin_dir="); @@ -349,12 +372,6 @@ #endif } - /* Sudo front-end should restrict mode flags for sudoedit. */ - if (ISSET(flags, MODE_EDIT) && (flags & edit_mask) != flags) { - sudo_warnx(U_("invalid mode flags from sudo front end: 0x%x"), flags); - goto bad; - } - user_gid = (gid_t)-1; user_sid = (pid_t)-1; user_uid = (gid_t)-1; @@ -362,6 +379,7 @@ for (cur = info->user_info; *cur != NULL; cur++) { if (MATCHES(*cur, "user=")) { CHECK(*cur, "user="); + free(user_name); if ((user_name = strdup(*cur + sizeof("user=") - 1)) == NULL) goto oom; continue; @@ -391,12 +409,14 @@ } if (MATCHES(*cur, "cwd=")) { CHECK(*cur, "cwd="); + free(user_cwd); if ((user_cwd = strdup(*cur + sizeof("cwd=") - 1)) == NULL) goto oom; continue; } if (MATCHES(*cur, "tty=")) { CHECK(*cur, "tty="); + free(user_ttypath); if ((user_ttypath = strdup(*cur + sizeof("tty=") - 1)) == NULL) goto oom; user_tty = user_ttypath; @@ -406,6 +426,9 @@ } if (MATCHES(*cur, "host=")) { CHECK(*cur, "host="); + if (user_shost != user_host) + free(user_shost); + free(user_host); if ((user_host = strdup(*cur + sizeof("host=") - 1)) == NULL) goto oom; if ((p = strchr(user_host, '.')) != NULL) { @@ -475,6 +498,9 @@ goto bad; } + if (user_srunhost != user_runhost) + free(user_srunhost); + free(user_runhost); if ((user_runhost = strdup(remhost ? remhost : user_host)) == NULL) goto oom; if ((p = strchr(user_runhost, '.')) != NULL) { @@ -489,8 +515,8 @@ goto oom; } if (user_runcwd == NULL) { - if ((user_runcwd = strdup(user_cwd)) == NULL) - goto oom; + /* Unlike user_cwd, user_runcwd is not free()d. */ + user_runcwd = user_cwd; } if (user_tty == NULL) { if ((user_tty = strdup("unknown")) == NULL) @@ -518,6 +544,17 @@ /* Some systems support fexecve() which we use for digest matches. */ cmnd_fd = -1; + /* Create a UUID to store in the event log. */ + sudo_uuid_create(uuid); + if (sudo_uuid_to_string(uuid, sudo_user.uuid_str, sizeof(sudo_user.uuid_str)) == NULL) { + sudo_warnx("%s", U_("unable to generate UUID")); + goto bad; + } + +#ifdef NO_ROOT_MAILER + eventlog_set_mailuid(user_uid); +#endif + /* Dump settings and user info (XXX - plugin args) */ for (cur = info->settings; *cur != NULL; cur++) sudo_debug_printf(SUDO_DEBUG_INFO, "settings: %s", *cur); @@ -578,22 +615,30 @@ * Store the execution environment and other front-end settings. * Builds up the command_info list and sets argv and envp. * Consumes iolog_path if not NULL. - * Returns 1 on success and -1 on error. + * Returns true on success, else false. */ bool sudoers_policy_store_result(bool accepted, char *argv[], char *envp[], mode_t cmnd_umask, char *iolog_path, void *v) { struct sudoers_exec_args *exec_args = v; - char **command_info; int info_len = 0; debug_decl(sudoers_policy_store_result, SUDOERS_DEBUG_PLUGIN); if (exec_args == NULL) debug_return_bool(true); /* nothing to do */ + /* Free old data, if any. */ + if (command_info != NULL) { + char **cur; + sudoers_gc_remove(GC_VECTOR, command_info); + for (cur = command_info; *cur != NULL; cur++) + free(*cur); + free(command_info); + } + /* Increase the length of command_info as needed, it is *not* checked. */ - command_info = calloc(55, sizeof(char *)); + command_info = calloc(68, sizeof(char *)); if (command_info == NULL) goto oom; @@ -602,6 +647,10 @@ if (command_info[info_len++] == NULL) goto oom; } + if (def_log_subcmds) { + if ((command_info[info_len++] = strdup("log_subcmds=true")) == NULL) + goto oom; + } if (def_log_input || def_log_output) { if (iolog_path) command_info[info_len++] = iolog_path; /* now owned */ @@ -628,7 +677,7 @@ goto oom; } if (def_maxseq != NULL) { - if (asprintf(&command_info[info_len++], "maxseq=%s", def_maxseq) == -1) + if ((command_info[info_len++] = sudo_new_key_val("maxseq", def_maxseq)) == NULL) goto oom; } } @@ -705,8 +754,10 @@ glsize = sizeof("runas_groups=") - 1 + ((gidlist->ngids + 1) * (MAX_UID_T_LEN + 1)); gid_list = malloc(glsize); - if (gid_list == NULL) + if (gid_list == NULL) { + sudo_gidlist_delref(gidlist); goto oom; + } memcpy(gid_list, "runas_groups=", sizeof("runas_groups=") - 1); cp = gid_list + sizeof("runas_groups=") - 1; @@ -717,6 +768,7 @@ if (len < 0 || (size_t)len >= glsize - (cp - gid_list)) { sudo_warnx(U_("internal error, %s overflow"), __func__); free(gid_list); + sudo_gidlist_delref(gidlist); goto bad; } cp += len; @@ -727,6 +779,7 @@ if (len < 0 || (size_t)len >= glsize - (cp - gid_list)) { sudo_warnx(U_("internal error, %s overflow"), __func__); free(gid_list); + sudo_gidlist_delref(gidlist); goto bad; } cp += len; @@ -743,6 +796,10 @@ if ((command_info[info_len++] = strdup("ignore_iolog_errors=true")) == NULL) goto oom; } + if (def_intercept) { + if ((command_info[info_len++] = strdup("intercept=true")) == NULL) + goto oom; + } if (def_noexec) { if ((command_info[info_len++] = strdup("noexec=true")) == NULL) goto oom; @@ -839,6 +896,50 @@ goto oom; } } + if (def_rlimit_as != NULL) { + if ((command_info[info_len++] = sudo_new_key_val("rlimit_as", def_rlimit_as)) == NULL) + goto oom; + } + if (def_rlimit_core != NULL) { + if ((command_info[info_len++] = sudo_new_key_val("rlimit_core", def_rlimit_core)) == NULL) + goto oom; + } + if (def_rlimit_cpu != NULL) { + if ((command_info[info_len++] = sudo_new_key_val("rlimit_cpu", def_rlimit_cpu)) == NULL) + goto oom; + } + if (def_rlimit_data != NULL) { + if ((command_info[info_len++] = sudo_new_key_val("rlimit_data", def_rlimit_data)) == NULL) + goto oom; + } + if (def_rlimit_fsize != NULL) { + if ((command_info[info_len++] = sudo_new_key_val("rlimit_fsize", def_rlimit_fsize)) == NULL) + goto oom; + } + if (def_rlimit_locks != NULL) { + if ((command_info[info_len++] = sudo_new_key_val("rlimit_locks", def_rlimit_locks)) == NULL) + goto oom; + } + if (def_rlimit_memlock != NULL) { + if ((command_info[info_len++] = sudo_new_key_val("rlimit_memlock", def_rlimit_memlock)) == NULL) + goto oom; + } + if (def_rlimit_nofile != NULL) { + if ((command_info[info_len++] = sudo_new_key_val("rlimit_nofile", def_rlimit_nofile)) == NULL) + goto oom; + } + if (def_rlimit_nproc != NULL) { + if ((command_info[info_len++] = sudo_new_key_val("rlimit_nproc", def_rlimit_nproc)) == NULL) + goto oom; + } + if (def_rlimit_rss != NULL) { + if ((command_info[info_len++] = sudo_new_key_val("rlimit_rss", def_rlimit_rss)) == NULL) + goto oom; + } + if (def_rlimit_stack != NULL) { + if ((command_info[info_len++] = sudo_new_key_val("rlimit_stack", def_rlimit_stack)) == NULL) + goto oom; + } #ifdef HAVE_LOGIN_CAP_H if (def_use_loginclass) { if ((command_info[info_len++] = sudo_new_key_val("login_class", login_class)) == NULL) @@ -866,15 +967,14 @@ } #endif /* HAVE_SELINUX */ - /* Free on exit; they are not available in the close function. */ - sudoers_gc_add(GC_VECTOR, envp); - sudoers_gc_add(GC_VECTOR, command_info); - /* Fill in exec environment info. */ *(exec_args->argv) = argv; *(exec_args->envp) = envp; *(exec_args->info) = command_info; + /* Free command_info on exit. */ + sudoers_gc_add(GC_VECTOR, command_info); + debug_return_bool(true); oom: @@ -936,6 +1036,7 @@ if (sudo_version >= SUDO_API_MKVERSION(1, 15)) *errstr = audit_msg; } + debug_return_int(ret); } @@ -948,10 +1049,11 @@ /* Close the session we opened in sudoers_policy_init_session(). */ (void)sudo_auth_end_session(runas_pw); - /* We do not currently log the exit status. */ if (error_code) { errno = error_code; sudo_warn(U_("unable to execute %s"), safe_cmnd); + } else { + log_exit_status(exit_status); } } @@ -961,26 +1063,13 @@ /* Free stashed copy of the environment. */ (void)env_init(NULL); - /* Free remaining references to password and group entries. */ - /* XXX - move cleanup to function in sudoers.c */ - if (sudo_user.pw != NULL) { - sudo_pw_delref(sudo_user.pw); - sudo_user.pw = NULL; - } - if (runas_pw != NULL) { - sudo_pw_delref(runas_pw); - runas_pw = NULL; - } - if (runas_gr != NULL) { - sudo_gr_delref(runas_gr); - runas_gr = NULL; - } - if (user_gid_list != NULL) { - sudo_gidlist_delref(user_gid_list); - user_gid_list = NULL; - } - free(user_gids); - user_gids = NULL; + /* Free sudoers sources, sudo_user and passwd/group caches. */ + sudoers_cleanup(); + + /* command_info is freed by the g/c code. */ + command_info = NULL; + + /* Free error message passed back to front-end, if any. */ free(audit_msg); audit_msg = NULL; @@ -1021,24 +1110,35 @@ char **command_infop[], char **argv_out[], char **user_env_out[], const char **errstr) { + int valid_flags = RUN_VALID_FLAGS; struct sudoers_exec_args exec_args; int ret; debug_decl(sudoers_policy_check, SUDOERS_DEBUG_PLUGIN); - if (!ISSET(sudo_mode, MODE_EDIT)) + if (ISSET(sudo_mode, MODE_EDIT)) + valid_flags = EDIT_VALID_FLAGS; + else SET(sudo_mode, MODE_RUN); + if ((sudo_mode & valid_flags) != sudo_mode) { + sudo_warnx(U_("%s: invalid mode flags from sudo front end: 0x%x"), + __func__, sudo_mode); + debug_return_int(-1); + } + exec_args.argv = argv_out; exec_args.envp = user_env_out; exec_args.info = command_infop; ret = sudoers_policy_main(argc, argv, 0, env_add, false, &exec_args); +#ifndef NO_LEAKS if (ret == true && sudo_version >= SUDO_API_MKVERSION(1, 3)) { /* Unset close function if we don't need it to avoid extra process. */ - if (!def_log_input && !def_log_output && !def_use_pty && - !sudo_auth_needs_end_session()) + if (!def_log_input && !def_log_output && !def_log_exit_status && + !def_use_pty && !sudo_auth_needs_end_session()) sudoers_policy.close = NULL; } +#endif /* The audit functions set audit_msg on failure. */ if (ret != 1 && audit_msg != NULL) { @@ -1051,13 +1151,19 @@ static int sudoers_policy_validate(const char **errstr) { + char *argv[] = { "validate", NULL }; + const int argc = 1; int ret; debug_decl(sudoers_policy_validate, SUDOERS_DEBUG_PLUGIN); - user_cmnd = "validate"; SET(sudo_mode, MODE_VALIDATE); + if ((sudo_mode & VALIDATE_VALID_FLAGS) != sudo_mode) { + sudo_warnx(U_("%s: invalid mode flags from sudo front end: 0x%x"), + __func__, sudo_mode); + debug_return_int(-1); + } - ret = sudoers_policy_main(0, NULL, I_VERIFYPW, NULL, false, NULL); + ret = sudoers_policy_main(argc, argv, I_VERIFYPW, NULL, false, NULL); /* The audit functions set audit_msg on failure. */ if (ret != 1 && audit_msg != NULL) { @@ -1072,10 +1178,13 @@ { debug_decl(sudoers_policy_invalidate, SUDOERS_DEBUG_PLUGIN); - user_cmnd = "kill"; - /* XXX - plugin API should support a return value for fatal errors. */ - timestamp_remove(unlinkit); - sudoers_cleanup(); + SET(sudo_mode, MODE_INVALIDATE); + if ((sudo_mode & INVALIDATE_VALID_FLAGS) != sudo_mode) { + sudo_warnx(U_("%s: invalid mode flags from sudo front end: 0x%x"), + __func__, sudo_mode); + } else { + timestamp_remove(unlinkit); + } debug_return; } @@ -1084,18 +1193,28 @@ sudoers_policy_list(int argc, char * const argv[], int verbose, const char *list_user, const char **errstr) { + char *list_argv[] = { "list", NULL }; int ret; debug_decl(sudoers_policy_list, SUDOERS_DEBUG_PLUGIN); - user_cmnd = "list"; - if (argc) - SET(sudo_mode, MODE_CHECK); - else + if (argc == 0) { SET(sudo_mode, MODE_LIST); + argc = 1; + argv = list_argv; + } else { + SET(sudo_mode, MODE_CHECK); + } + + if ((sudo_mode & LIST_VALID_FLAGS) != sudo_mode) { + sudo_warnx(U_("%s: invalid mode flags from sudo front end: 0x%x"), + __func__, sudo_mode); + debug_return_int(-1); + } + if (list_user) { list_pw = sudo_getpwnam(list_user); if (list_pw == NULL) { - sudo_warnx(U_("unknown user: %s"), list_user); + sudo_warnx(U_("unknown user %s"), list_user); debug_return_int(-1); } } @@ -1170,6 +1289,24 @@ } } +/* + * De-register environment function hooks. + */ +static void +sudoers_policy_deregister_hooks(int version, int (*deregister_hook)(struct sudo_hook *hook)) +{ + struct sudo_hook *hook; + + for (hook = sudoers_hooks; hook->hook_fn != NULL; hook++) { + if (deregister_hook(hook) != 0) { + sudo_warn_nodebug( + U_("unable to deregister hook of type %d (version %d.%d)"), + hook->hook_type, SUDO_API_VERSION_GET_MAJOR(hook->hook_version), + SUDO_API_VERSION_GET_MINOR(hook->hook_version)); + } + } +} + sudo_dso_public struct policy_plugin sudoers_policy = { SUDO_POLICY_PLUGIN, SUDO_API_VERSION, @@ -1182,5 +1319,6 @@ sudoers_policy_invalidate, sudoers_policy_init_session, sudoers_policy_register_hooks, + sudoers_policy_deregister_hooks, NULL /* event_alloc() filled in by sudo */ }; diff -Nru sudo-1.9.5p2/plugins/sudoers/prompt.c sudo-1.9.9/plugins/sudoers/prompt.c --- sudo-1.9.5p2/plugins/sudoers/prompt.c 2020-12-17 01:33:44.000000000 +0000 +++ sudo-1.9.9/plugins/sudoers/prompt.c 2022-01-27 21:24:06.000000000 +0000 @@ -45,12 +45,12 @@ size_t len, n; int subst; const char *p; - char *np, *new_prompt, *endp; + char *np, *new_prompt; debug_decl(expand_prompt, SUDOERS_DEBUG_AUTH); /* How much space do we need to malloc for the prompt? */ subst = 0; - for (p = old_prompt, len = strlen(old_prompt); *p; p++) { + for (p = old_prompt, len = strlen(old_prompt); *p != '\0'; p++) { if (p[0] =='%') { switch (p[1]) { case 'h': @@ -95,44 +95,48 @@ } if (subst) { - endp = new_prompt + len; - for (p = old_prompt, np = new_prompt; *p; p++) { + for (p = old_prompt, np = new_prompt; *p != '\0'; p++) { if (p[0] =='%') { switch (p[1]) { case 'h': p++; - n = strlcpy(np, user_shost, np - endp); - if (n >= (size_t)(np - endp)) + n = strlcpy(np, user_shost, len); + if (n >= len) goto oflow; np += n; + len -= n; continue; case 'H': p++; - n = strlcpy(np, user_host, np - endp); - if (n >= (size_t)(np - endp)) + n = strlcpy(np, user_host, len); + if (n >= len) goto oflow; np += n; + len -= n; continue; case 'p': p++; - n = strlcpy(np, auth_user, np - endp); - if (n >= (size_t)(np - endp)) - goto oflow; + n = strlcpy(np, auth_user, len); + if (n >= len) + goto oflow; np += n; + len -= n; continue; case 'u': p++; - n = strlcpy(np, user_name, np - endp); - if (n >= (size_t)(np - endp)) + n = strlcpy(np, user_name, len); + if (n >= len) goto oflow; np += n; + len -= n; continue; case 'U': p++; - n = strlcpy(np, runas_pw->pw_name, np - endp); - if (n >= (size_t)(np - endp)) + n = strlcpy(np, runas_pw->pw_name, len); + if (n >= len) goto oflow; np += n; + len -= n; continue; case '%': /* convert %% -> % */ @@ -143,10 +147,13 @@ break; } } - *np++ = *p; - if (np >= endp) + if (len < 2) /* len includes NUL */ goto oflow; + *np++ = *p; + len--; } + if (len != 1) + goto oflow; *np = '\0'; } else { /* Nothing to expand. */ diff -Nru sudo-1.9.5p2/plugins/sudoers/pwutil.c sudo-1.9.9/plugins/sudoers/pwutil.c --- sudo-1.9.5p2/plugins/sudoers/pwutil.c 2020-12-17 01:33:44.000000000 +0000 +++ sudo-1.9.9/plugins/sudoers/pwutil.c 2022-01-27 21:24:22.000000000 +0000 @@ -28,6 +28,7 @@ #include +#include #include #include #include @@ -89,10 +90,14 @@ { debug_decl(sudo_pwutil_set_backend, SUDOERS_DEBUG_NSS); - make_pwitem = pwitem; - make_gritem = gritem; - make_gidlist_item = gidlist_item; - make_grlist_item = grlist_item; + if (pwitem != NULL) + make_pwitem = pwitem; + if (gritem != NULL) + make_gritem = gritem; + if (gidlist_item != NULL) + make_gidlist_item = gidlist_item; + if (grlist_item != NULL) + make_grlist_item = grlist_item; debug_return; } @@ -561,7 +566,8 @@ item->d.gr ? item->d.gr->gr_name : "unknown", item->registry, node ? "cache hit" : "cached"); } - item->refcnt++; + if (item->d.gr != NULL) + item->refcnt++; debug_return_ptr(item->d.gr); } @@ -631,18 +637,19 @@ } /* - * Take a gid in string form "#123" and return a faked up group struct. + * Take a group name, ID, members and return a faked up group struct. */ struct group * -sudo_fakegrnam(const char *group) +sudo_mkgrent(const char *group, gid_t gid, ...) { struct cache_item_gr *gritem; struct cache_item *item; - const char *errstr; struct group *gr; - size_t len, name_len; + size_t nmem, nsize, total; + char *cp, *mem; + va_list ap; int i; - debug_decl(sudo_fakegrnam, SUDOERS_DEBUG_NSS); + debug_decl(sudo_mkgrent, SUDOERS_DEBUG_NSS); if (grcache_bygid == NULL) grcache_bygid = rbcreate(cmp_grgid); @@ -653,28 +660,47 @@ debug_return_ptr(NULL); } - name_len = strlen(group); - len = sizeof(*gritem) + name_len + 1; + /* Allocate in one big chunk for easy freeing. */ + nsize = strlen(group) + 1; + total = sizeof(*gritem) + nsize; + va_start(ap, gid); + for (nmem = 1; (mem = va_arg(ap, char *)) != NULL; nmem++) { + total += strlen(mem) + 1; + } + va_end(ap); + total += sizeof(char *) * nmem; for (i = 0; i < 2; i++) { struct rbtree *grcache; struct rbnode *node; - gritem = calloc(1, len); + /* + * Fill in group contents and make strings relative to space + * at the end of the buffer. Note that gr_mem must come + * immediately after struct group to guarantee proper alignment. + */ + gritem = calloc(1, total); if (gritem == NULL) { sudo_warn(U_("unable to cache group %s"), group); debug_return_ptr(NULL); } gr = &gritem->gr; - gr->gr_gid = (gid_t) sudo_strtoid(group + 1, &errstr); - gr->gr_name = (char *)(gritem + 1); - memcpy(gr->gr_name, group, name_len + 1); - if (errstr != NULL) { - sudo_debug_printf(SUDO_DEBUG_DIAG|SUDO_DEBUG_LINENO, - "gid %s %s", group, errstr); - free(gritem); - debug_return_ptr(NULL); - } + gr->gr_gid = gid; + gr->gr_passwd = "*"; + cp = (char *)(gritem + 1); + gr->gr_mem = (char **)cp; + cp += sizeof(char *) * nmem; + va_start(ap, gid); + for (nmem = 0; (mem = va_arg(ap, char *)) != NULL; nmem++) { + size_t len = strlen(mem) + 1; + memcpy(cp, mem, len); + gr->gr_mem[nmem] = cp; + cp += len; + } + va_end(ap); + gr->gr_mem[nmem] = NULL; + gr->gr_name = cp; + memcpy(gr->gr_name, group, nsize); item = &gritem->cache; item->refcnt = 1; @@ -714,6 +740,26 @@ debug_return_ptr(item->d.gr); } +/* + * Take a gid in string form "#123" and return a faked up group struct. + */ +struct group * +sudo_fakegrnam(const char *group) +{ + const char *errstr; + gid_t gid; + debug_decl(sudo_fakegrnam, SUDOERS_DEBUG_NSS); + + gid = (gid_t) sudo_strtoid(group + 1, &errstr); + if (errstr != NULL) { + sudo_debug_printf(SUDO_DEBUG_DIAG|SUDO_DEBUG_LINENO, + "gid %s %s", group, errstr); + debug_return_ptr(NULL); + } + + debug_return_ptr(sudo_mkgrent(group, gid, (char *)NULL)); +} + void sudo_gidlist_addref(struct gid_list *gidlist) { diff -Nru sudo-1.9.5p2/plugins/sudoers/pwutil_impl.c sudo-1.9.9/plugins/sudoers/pwutil_impl.c --- sudo-1.9.5p2/plugins/sudoers/pwutil_impl.c 2020-12-17 01:33:44.000000000 +0000 +++ sudo-1.9.9/plugins/sudoers/pwutil_impl.c 2022-01-27 21:24:22.000000000 +0000 @@ -235,7 +235,7 @@ * elements. Fills in datum from user_gids or from sudo_getgrouplist2(3). */ struct cache_item * -sudo_make_gidlist_item(const struct passwd *pw, char * const *unused1, +sudo_make_gidlist_item(const struct passwd *pw, char * const *gidstrs, unsigned int type) { char *cp; @@ -246,12 +246,42 @@ int i, ngids; debug_decl(sudo_make_gidlist_item, SUDOERS_DEBUG_NSS); - /* Don't use user_gids if the entry type says we must query the db. */ - if (type != ENTRY_TYPE_QUERIED && pw == sudo_user.pw && sudo_user.gids != NULL) { - gids = user_gids; - ngids = user_ngids; - user_gids = NULL; - user_ngids = 0; + /* + * Ignore supplied gids if the entry type says we must query the group db. + */ + if (type != ENTRY_TYPE_QUERIED && (gidstrs != NULL || + (pw == sudo_user.pw && sudo_user.gids != NULL))) { + if (gidstrs != NULL) { + /* Use supplied gids list (string format). */ + ngids = 1; + for (i = 0; gidstrs[i] != NULL; i++) + ngids++; + gids = reallocarray(NULL, ngids, sizeof(GETGROUPS_T)); + if (gids == NULL) { + sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO, + "unable to allocate memory"); + debug_return_ptr(NULL); + } + ngids = 1; + gids[0] = pw->pw_gid; + for (i = 0; gidstrs[i] != NULL; i++) { + const char *errstr; + GETGROUPS_T gid = (gid_t) sudo_strtoid(gidstrs[i], &errstr); + if (errstr != NULL) { + sudo_debug_printf(SUDO_DEBUG_DIAG|SUDO_DEBUG_LINENO, + "gid %s %s", gidstrs[i], errstr); + continue; + } + if (gid != gids[0]) + gids[ngids++] = gid; + } + } else { + /* Adopt sudo_user.gids. */ + gids = user_gids; + ngids = user_ngids; + user_gids = NULL; + user_ngids = 0; + } type = ENTRY_TYPE_FRONTEND; } else { type = ENTRY_TYPE_QUERIED; @@ -263,7 +293,9 @@ "unable to allocate memory"); debug_return_ptr(NULL); } - (void)sudo_getgrouplist2(pw->pw_name, pw->pw_gid, &gids, &ngids); + /* Clamp to max_groups if insufficient space for all groups. */ + if (sudo_getgrouplist2(pw->pw_name, pw->pw_gid, &gids, &ngids) == -1) + ngids = sudo_user.max_groups; } else { gids = NULL; if (sudo_getgrouplist2(pw->pw_name, pw->pw_gid, &gids, &ngids) == -1) { @@ -327,12 +359,12 @@ sudo_make_grlist_item(const struct passwd *pw, char * const *unused1) { char *cp; - size_t nsize, ngroups, total, len; + size_t groupname_len, len, ngroups, nsize, total; struct cache_item_grlist *grlitem; struct group_list *grlist; struct gid_list *gidlist; struct group *grp = NULL; - int i, groupname_len; + int i; debug_decl(sudo_make_grlist_item, SUDOERS_DEBUG_NSS); gidlist = sudo_get_gidlist(pw, ENTRY_TYPE_ANY); @@ -344,7 +376,7 @@ } #ifdef _SC_LOGIN_NAME_MAX - groupname_len = MAX((int)sysconf(_SC_LOGIN_NAME_MAX), 32); + groupname_len = MAX(sysconf(_SC_LOGIN_NAME_MAX), 32); #else groupname_len = MAX(LOGIN_NAME_MAX, 32); #endif diff -Nru sudo-1.9.5p2/plugins/sudoers/rcstr.c sudo-1.9.9/plugins/sudoers/rcstr.c --- sudo-1.9.5p2/plugins/sudoers/rcstr.c 2021-01-09 20:12:16.000000000 +0000 +++ sudo-1.9.9/plugins/sudoers/rcstr.c 1970-01-01 00:00:00.000000000 +0000 @@ -1,100 +0,0 @@ -/* - * SPDX-License-Identifier: ISC - * - * Copyright (c) 2016-2018 Todd C. Miller - * - * Permission to use, copy, modify, and distribute this software for any - * purpose with or without fee is hereby granted, provided that the above - * copyright notice and this permission notice appear in all copies. - * - * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES - * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF - * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR - * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES - * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN - * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF - * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. - */ - -/* - * This is an open source non-commercial project. Dear PVS-Studio, please check it. - * PVS-Studio Static Code Analyzer for C, C++ and C#: http://www.viva64.com - */ - -#include - -#include -#include -#include - -#include "sudoers.h" - -/* Trivial reference-counted strings. */ -struct rcstr { - int refcnt; - char str[1]; /* actually bigger */ -}; - -/* - * Allocate a reference-counted string and copy src to it. - * Returns the newly-created string with a refcnt of 1. - */ -char * -rcstr_dup(const char *src) -{ - size_t len = strlen(src); - char *dst; - debug_decl(rcstr_dup, SUDOERS_DEBUG_UTIL); - - dst = rcstr_alloc(len); - memcpy(dst, src, len); - dst[len] = '\0'; - debug_return_ptr(dst); -} - -char * -rcstr_alloc(size_t len) -{ - struct rcstr *rcs; - debug_decl(rcstr_dup, SUDOERS_DEBUG_UTIL); - - /* Note: sizeof(struct rcstr) includes space for the NUL */ - rcs = malloc(sizeof(struct rcstr) + len); - if (rcs == NULL) - return NULL; - - rcs->refcnt = 1; - rcs->str[0] = '\0'; - /* cppcheck-suppress memleak */ - debug_return_ptr(rcs->str); // -V773 -} - -char * -rcstr_addref(const char *s) -{ - struct rcstr *rcs; - debug_decl(rcstr_dup, SUDOERS_DEBUG_UTIL); - - if (s == NULL) - debug_return_ptr(NULL); - - rcs = __containerof((const void *)s, struct rcstr, str); - rcs->refcnt++; - debug_return_ptr(rcs->str); -} - -void -rcstr_delref(const char *s) -{ - struct rcstr *rcs; - debug_decl(rcstr_dup, SUDOERS_DEBUG_UTIL); - - if (s != NULL) { - rcs = __containerof((const void *)s, struct rcstr, str); - if (--rcs->refcnt == 0) { - rcs->str[0] = '\0'; - free(rcs); - } - } - debug_return; -} diff -Nru sudo-1.9.5p2/plugins/sudoers/regress/check_symbols/check_symbols.c sudo-1.9.9/plugins/sudoers/regress/check_symbols/check_symbols.c --- sudo-1.9.5p2/plugins/sudoers/regress/check_symbols/check_symbols.c 2020-12-17 01:33:44.000000000 +0000 +++ sudo-1.9.9/plugins/sudoers/regress/check_symbols/check_symbols.c 2022-01-27 21:24:06.000000000 +0000 @@ -92,8 +92,10 @@ sudo_dso_unload(handle); - printf("%s: %d tests run, %d errors, %d%% success rate\n", getprogname(), - ntests, errors, (ntests - errors) * 100 / ntests); + if (ntests != 0) { + printf("%s: %d tests run, %d errors, %d%% success rate\n", + getprogname(), ntests, errors, (ntests - errors) * 100 / ntests); + } exit(errors); } diff -Nru sudo-1.9.5p2/plugins/sudoers/regress/corpus/seed/policy/policy.1 sudo-1.9.9/plugins/sudoers/regress/corpus/seed/policy/policy.1 --- sudo-1.9.5p2/plugins/sudoers/regress/corpus/seed/policy/policy.1 1970-01-01 00:00:00.000000000 +0000 +++ sudo-1.9.9/plugins/sudoers/regress/corpus/seed/policy/policy.1 2022-01-27 21:24:06.000000000 +0000 @@ -0,0 +1 @@ + diff -Nru sudo-1.9.5p2/plugins/sudoers/regress/corpus/seed/policy/policy.2 sudo-1.9.9/plugins/sudoers/regress/corpus/seed/policy/policy.2 --- sudo-1.9.5p2/plugins/sudoers/regress/corpus/seed/policy/policy.2 1970-01-01 00:00:00.000000000 +0000 +++ sudo-1.9.9/plugins/sudoers/regress/corpus/seed/policy/policy.2 2022-01-27 21:24:06.000000000 +0000 @@ -0,0 +1,5 @@ +# Minimal test case +user=root +uid=0 +gid=0 +host=localhost diff -Nru sudo-1.9.5p2/plugins/sudoers/regress/corpus/seed/policy/policy.3 sudo-1.9.9/plugins/sudoers/regress/corpus/seed/policy/policy.3 --- sudo-1.9.5p2/plugins/sudoers/regress/corpus/seed/policy/policy.3 1970-01-01 00:00:00.000000000 +0000 +++ sudo-1.9.9/plugins/sudoers/regress/corpus/seed/policy/policy.3 2022-01-27 21:24:06.000000000 +0000 @@ -0,0 +1,11 @@ +# Reproduce CVE-2021-3156 +run_shell=true +sudoedit=true +user=millert +uid=1000 +gid=1000 +cwd=/home/millert +host=localhost +argv=foo +argv=\ +argv=AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA diff -Nru sudo-1.9.5p2/plugins/sudoers/regress/corpus/seed/policy/policy.4 sudo-1.9.9/plugins/sudoers/regress/corpus/seed/policy/policy.4 --- sudo-1.9.5p2/plugins/sudoers/regress/corpus/seed/policy/policy.4 1970-01-01 00:00:00.000000000 +0000 +++ sudo-1.9.9/plugins/sudoers/regress/corpus/seed/policy/policy.4 2022-01-27 21:24:06.000000000 +0000 @@ -0,0 +1,36 @@ +# sudo -u nobody /usr/bin/id + +plugin_path=/usr/libexec/sudo/sudoers.so +runas_user=nobody +progname=sudo +network_addrs=127.0.0.1/255.255.255.0 +plugin_dir=/usr/libexec/sudo/ + +user=millert +pid=1234 +ppid=1230 +pgid=1234 +tcpgid=1234 +sid=1230 +uid=1000 +euid=0 +gid=1000 +egid=1000 +groups=20,0,1000 +umask=022 +cwd=/home/millert +tty=/dev/pts/1 +host=sudo.ws +lines=24 +cols=80 +rlimit_core=infinity,infinity +rlimit_cpu=infinity,infinity +rlimit_data=1610612736,34359738368 +rlimit_fsize=infinity,infinity +rlimit_memlock=2727370752,8182112256 +rlimit_nofile=256,1024 +rlimit_nproc=256,512 +rlimit_rss=8175603712,8182112256 +rlimit_stack=4194304,33554432 + +argv=/usr/bin/id diff -Nru sudo-1.9.5p2/plugins/sudoers/regress/corpus/seed/policy/policy.5 sudo-1.9.9/plugins/sudoers/regress/corpus/seed/policy/policy.5 --- sudo-1.9.5p2/plugins/sudoers/regress/corpus/seed/policy/policy.5 1970-01-01 00:00:00.000000000 +0000 +++ sudo-1.9.9/plugins/sudoers/regress/corpus/seed/policy/policy.5 2022-01-27 21:24:06.000000000 +0000 @@ -0,0 +1,36 @@ +# sudoedit /etc/hosts + +plugin_path=/usr/libexec/sudo/sudoers.so +progname=sudoedit +network_addrs=127.0.0.1/255.255.255.0 +plugin_dir=/usr/libexec/sudo/ + +user=millert +pid=1234 +ppid=1230 +pgid=1234 +tcpgid=1234 +sid=1230 +uid=1000 +euid=0 +gid=1000 +egid=1000 +groups=20,0,1000 +umask=022 +cwd=/home/millert +tty=/dev/pts/1 +host=sudo.ws +lines=24 +cols=80 +rlimit_core=infinity,infinity +rlimit_cpu=infinity,infinity +rlimit_data=1610612736,34359738368 +rlimit_fsize=infinity,infinity +rlimit_memlock=2727370752,8182112256 +rlimit_nofile=256,1024 +rlimit_nproc=256,512 +rlimit_rss=8175603712,8182112256 +rlimit_stack=4194304,33554432 + +argv=sudoedit +argv=/etc/hosts diff -Nru sudo-1.9.5p2/plugins/sudoers/regress/cvtsudoers/sudoers1 sudo-1.9.9/plugins/sudoers/regress/cvtsudoers/sudoers1 --- sudo-1.9.5p2/plugins/sudoers/regress/cvtsudoers/sudoers1 1970-01-01 00:00:00.000000000 +0000 +++ sudo-1.9.9/plugins/sudoers/regress/cvtsudoers/sudoers1 2022-01-27 21:24:22.000000000 +0000 @@ -0,0 +1,97 @@ +## sudoers file. +## +## This file MUST be edited with the 'visudo' command as root. +## Failure to use 'visudo' may result in syntax or file permission errors +## that prevent sudo from running. +## +## See the sudoers man page for the details on how to write a sudoers file. +## + +## +## Host alias specification +## +## Groups of machines. These may include host names (optionally with wildcards), +## IP addresses, network numbers or netgroups. +Host_Alias WEBSERVERS = www1, www2, www3 + +## +## User alias specification +## +## Groups of users. These may consist of user names, uids, Unix groups, +## or netgroups. +User_Alias ADMINS = millert, dowdy, mikef + +## +## Cmnd alias specification +## +## Groups of commands. Often used to group related commands together. +Cmnd_Alias PROCESSES = /usr/bin/nice, /bin/kill, /usr/bin/renice, \ + /usr/bin/pkill, /usr/bin/top +Cmnd_Alias REBOOT = /sbin/halt, /sbin/reboot, /sbin/poweroff + +## +## Defaults specification +## +## You may wish to keep some of the following environment variables +## when running commands via sudo. +## +## Locale settings +# Defaults env_keep += "LANG LANGUAGE LINGUAS LC_* _XKB_CHARSET" +## +## Run X applications through sudo; HOME is used to find the +## .Xauthority file. Note that other programs use HOME to find +## configuration files and this may lead to privilege escalation! +# Defaults env_keep += "HOME" +## +## X11 resource path settings +# Defaults env_keep += "XAPPLRESDIR XFILESEARCHPATH XUSERFILESEARCHPATH" +## +## Desktop path settings +# Defaults env_keep += "QTDIR KDEDIR" +## +## Allow sudo-run commands to inherit the callers' ConsoleKit session +# Defaults env_keep += "XDG_SESSION_COOKIE" +## +## Uncomment to enable special input methods. Care should be taken as +## this may allow users to subvert the command being run via sudo. +# Defaults env_keep += "XMODIFIERS GTK_IM_MODULE QT_IM_MODULE QT_IM_SWITCHER" +## +## Uncomment to use a hard-coded PATH instead of the user's to find commands +# Defaults secure_path="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin" +## +## Uncomment to send mail if the user does not enter the correct password. +# Defaults mail_badpass +## +## Uncomment to enable logging of a command's output, except for +## sudoreplay and reboot. Use sudoreplay to play back logged sessions. +Defaults log_output +Defaults!/usr/bin/sudoreplay !log_output +Defaults!/usr/local/bin/sudoreplay !log_output +Defaults!REBOOT !log_output + +## +## Runas alias specification +## + +## +## User privilege specification +## +root ALL=(ALL) ALL +ALL ALL=(ALL) /usr/bin/id + +## Uncomment to allow members of group wheel to execute any command +# %wheel ALL=(ALL) ALL + +## Same thing without a password +# %wheel ALL=(ALL) NOPASSWD: ALL + +## Uncomment to allow members of group sudo to execute any command +# %sudo ALL=(ALL) ALL + +## Uncomment to allow any user to run sudo if they know the password +## of the user they are running the command as (root by default). +# Defaults targetpw # Ask for the password of the target user +# ALL ALL=(ALL) ALL # WARNING: only use this together with 'Defaults targetpw' + +## Read drop-in files from /etc/sudoers.d +#@includedir /etc/sudoers.d diff -Nru sudo-1.9.5p2/plugins/sudoers/regress/cvtsudoers/sudoers2 sudo-1.9.9/plugins/sudoers/regress/cvtsudoers/sudoers2 --- sudo-1.9.5p2/plugins/sudoers/regress/cvtsudoers/sudoers2 1970-01-01 00:00:00.000000000 +0000 +++ sudo-1.9.9/plugins/sudoers/regress/cvtsudoers/sudoers2 2022-01-27 21:24:22.000000000 +0000 @@ -0,0 +1,97 @@ +## sudoers file. +## +## This file MUST be edited with the 'visudo' command as root. +## Failure to use 'visudo' may result in syntax or file permission errors +## that prevent sudo from running. +## +## See the sudoers man page for the details on how to write a sudoers file. +## + +## +## Host alias specification +## +## Groups of machines. These may include host names (optionally with wildcards), +## IP addresses, network numbers or netgroups. +Host_Alias WEBSERVERS = www1, www2, www3, www4 + +## +## User alias specification +## +## Groups of users. These may consist of user names, uids, Unix groups, +## or netgroups. +User_Alias ADMINS = millert, dowdy, mikef + +## +## Cmnd alias specification +## +## Groups of commands. Often used to group related commands together. +Cmnd_Alias PROCESSES = /usr/bin/nice, /bin/kill, /usr/bin/renice, \ + /usr/bin/pkill, /usr/bin/top +Cmnd_Alias REBOOT = /sbin/halt, /sbin/reboot, /sbin/poweroff + +## +## Defaults specification +## +## You may wish to keep some of the following environment variables +## when running commands via sudo. +## +## Locale settings +# Defaults env_keep += "LANG LANGUAGE LINGUAS LC_* _XKB_CHARSET" +## +## Run X applications through sudo; HOME is used to find the +## .Xauthority file. Note that other programs use HOME to find +## configuration files and this may lead to privilege escalation! +# Defaults env_keep += "HOME" +## +## X11 resource path settings +# Defaults env_keep += "XAPPLRESDIR XFILESEARCHPATH XUSERFILESEARCHPATH" +## +## Desktop path settings +# Defaults env_keep += "QTDIR KDEDIR" +## +## Allow sudo-run commands to inherit the callers' ConsoleKit session +# Defaults env_keep += "XDG_SESSION_COOKIE" +## +## Uncomment to enable special input methods. Care should be taken as +## this may allow users to subvert the command being run via sudo. +# Defaults env_keep += "XMODIFIERS GTK_IM_MODULE QT_IM_MODULE QT_IM_SWITCHER" +## +## Uncomment to use a hard-coded PATH instead of the user's to find commands +# Defaults secure_path="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin" +## +## Uncomment to send mail if the user does not enter the correct password. +# Defaults mail_badpass +## +## Uncomment to enable logging of a command's output, except for +## sudoreplay and reboot. Use sudoreplay to play back logged sessions. +Defaults log_output +Defaults!/usr/bin/sudoreplay !log_output +Defaults!/usr/local/bin/sudoreplay !log_output +Defaults!REBOOT !log_output + +## +## Runas alias specification +## + +## +## User privilege specification +## +root ALL=(ALL) ALL +ALL ALL=(ALL) /usr/bin/id + +## Uncomment to allow members of group wheel to execute any command +# %wheel ALL=(ALL) ALL + +## Same thing without a password +# %wheel ALL=(ALL) NOPASSWD: ALL + +## Uncomment to allow members of group sudo to execute any command +# %sudo ALL=(ALL) ALL + +## Uncomment to allow any user to run sudo if they know the password +## of the user they are running the command as (root by default). +# Defaults targetpw # Ask for the password of the target user +# ALL ALL=(ALL) ALL # WARNING: only use this together with 'Defaults targetpw' + +## Read drop-in files from /etc/sudoers.d +#@includedir /etc/sudoers.d diff -Nru sudo-1.9.5p2/plugins/sudoers/regress/cvtsudoers/sudoers3 sudo-1.9.9/plugins/sudoers/regress/cvtsudoers/sudoers3 --- sudo-1.9.5p2/plugins/sudoers/regress/cvtsudoers/sudoers3 1970-01-01 00:00:00.000000000 +0000 +++ sudo-1.9.9/plugins/sudoers/regress/cvtsudoers/sudoers3 2022-01-27 21:24:22.000000000 +0000 @@ -0,0 +1,97 @@ +## sudoers file. +## +## This file MUST be edited with the 'visudo' command as root. +## Failure to use 'visudo' may result in syntax or file permission errors +## that prevent sudo from running. +## +## See the sudoers man page for the details on how to write a sudoers file. +## + +## +## Host alias specification +## +## Groups of machines. These may include host names (optionally with wildcards), +## IP addresses, network numbers or netgroups. +Host_Alias WEBSERVERS_1 = www1, www2, www3, www5 + +## +## User alias specification +## +## Groups of users. These may consist of user names, uids, Unix groups, +## or netgroups. +User_Alias ADMINS = millert, dowdy, mikef + +## +## Cmnd alias specification +## +## Groups of commands. Often used to group related commands together. +Cmnd_Alias PROCESSES = /usr/bin/nice, /bin/kill, /usr/bin/renice, \ + /usr/bin/pkill, /usr/bin/top +Cmnd_Alias REBOOT = /sbin/halt, /sbin/reboot, /sbin/poweroff + +## +## Defaults specification +## +## You may wish to keep some of the following environment variables +## when running commands via sudo. +## +## Locale settings +# Defaults env_keep += "LANG LANGUAGE LINGUAS LC_* _XKB_CHARSET" +## +## Run X applications through sudo; HOME is used to find the +## .Xauthority file. Note that other programs use HOME to find +## configuration files and this may lead to privilege escalation! +# Defaults env_keep += "HOME" +## +## X11 resource path settings +# Defaults env_keep += "XAPPLRESDIR XFILESEARCHPATH XUSERFILESEARCHPATH" +## +## Desktop path settings +# Defaults env_keep += "QTDIR KDEDIR" +## +## Allow sudo-run commands to inherit the callers' ConsoleKit session +# Defaults env_keep += "XDG_SESSION_COOKIE" +## +## Uncomment to enable special input methods. Care should be taken as +## this may allow users to subvert the command being run via sudo. +# Defaults env_keep += "XMODIFIERS GTK_IM_MODULE QT_IM_MODULE QT_IM_SWITCHER" +## +## Uncomment to use a hard-coded PATH instead of the user's to find commands +# Defaults secure_path="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin" +## +## Uncomment to send mail if the user does not enter the correct password. +# Defaults mail_badpass +## +## Uncomment to enable logging of a command's output, except for +## sudoreplay and reboot. Use sudoreplay to play back logged sessions. +# Defaults log_output +# Defaults!/usr/bin/sudoreplay !log_output +# Defaults!/usr/local/bin/sudoreplay !log_output +# Defaults!REBOOT !log_output + +## +## Runas alias specification +## + +## +## User privilege specification +## +root ALL=(ALL) ALL +ALL ALL=(ALL) /usr/bin/id + +## Uncomment to allow members of group wheel to execute any command +# %wheel ALL=(ALL) ALL + +## Same thing without a password +# %wheel ALL=(ALL) NOPASSWD: ALL + +## Uncomment to allow members of group sudo to execute any command +# %sudo ALL=(ALL) ALL + +## Uncomment to allow any user to run sudo if they know the password +## of the user they are running the command as (root by default). +# Defaults targetpw # Ask for the password of the target user +# ALL ALL=(ALL) ALL # WARNING: only use this together with 'Defaults targetpw' + +## Read drop-in files from /etc/sudoers.d +#@includedir /etc/sudoers.d diff -Nru sudo-1.9.5p2/plugins/sudoers/regress/cvtsudoers/test34.out.ok sudo-1.9.9/plugins/sudoers/regress/cvtsudoers/test34.out.ok --- sudo-1.9.5p2/plugins/sudoers/regress/cvtsudoers/test34.out.ok 1970-01-01 00:00:00.000000000 +0000 +++ sudo-1.9.9/plugins/sudoers/regress/cvtsudoers/test34.out.ok 2022-01-27 21:24:22.000000000 +0000 @@ -0,0 +1,16 @@ +Defaults log_output +Defaults!/usr/bin/sudoreplay !log_output +Defaults!/usr/local/bin/sudoreplay !log_output +Defaults!REBOOT !log_output + +User_Alias ADMINS = millert, dowdy, mikef +Cmnd_Alias PROCESSES = /usr/bin/nice, /bin/kill, /usr/bin/renice,\ + /usr/bin/pkill, /usr/bin/top +Cmnd_Alias REBOOT = /sbin/halt, /sbin/reboot, /sbin/poweroff +Host_Alias WEBSERVERS = www1, www2, www3 +Host_Alias WEBSERVERS_1 = www1, www2, www3, www5 +Host_Alias WEBSERVERS_2 = www1, www2, www3, www4 + +root ALL = (ALL) ALL + +ALL ALL = (ALL) /usr/bin/id diff -Nru sudo-1.9.5p2/plugins/sudoers/regress/cvtsudoers/test34.sh sudo-1.9.9/plugins/sudoers/regress/cvtsudoers/test34.sh --- sudo-1.9.5p2/plugins/sudoers/regress/cvtsudoers/test34.sh 1970-01-01 00:00:00.000000000 +0000 +++ sudo-1.9.9/plugins/sudoers/regress/cvtsudoers/test34.sh 2022-01-27 21:24:22.000000000 +0000 @@ -0,0 +1,8 @@ +#!/bin/sh +# +# Test cvtsudoers merge +# + +: ${CVTSUDOERS=cvtsudoers} + +$CVTSUDOERS -f sudoers -l /dev/null xerxes:${TESTDIR}/sudoers1 ${TESTDIR}/sudoers2 xyzzy:${TESTDIR}/sudoers3 diff -Nru sudo-1.9.5p2/plugins/sudoers/regress/cvtsudoers/test35.out.ok sudo-1.9.9/plugins/sudoers/regress/cvtsudoers/test35.out.ok --- sudo-1.9.5p2/plugins/sudoers/regress/cvtsudoers/test35.out.ok 1970-01-01 00:00:00.000000000 +0000 +++ sudo-1.9.9/plugins/sudoers/regress/cvtsudoers/test35.out.ok 2022-01-27 21:24:22.000000000 +0000 @@ -0,0 +1,16 @@ +Defaults@xerxes, xyzzy log_output +Defaults!/usr/bin/sudoreplay !log_output +Defaults!/usr/local/bin/sudoreplay !log_output +Defaults!REBOOT !log_output + +User_Alias ADMINS = millert, dowdy, mikef +Cmnd_Alias PROCESSES = /usr/bin/nice, /bin/kill, /usr/bin/renice,\ + /usr/bin/pkill, /usr/bin/top +Cmnd_Alias REBOOT = /sbin/halt, /sbin/reboot, /sbin/poweroff +Host_Alias WEBSERVERS = www1, www2, www3 +Host_Alias WEBSERVERS_1 = www1, www2, www3, www5 +Host_Alias WEBSERVERS_2 = www1, www2, www3, www4 + +root ALL = (ALL) ALL + +ALL ALL = (ALL) /usr/bin/id diff -Nru sudo-1.9.5p2/plugins/sudoers/regress/cvtsudoers/test35.sh sudo-1.9.9/plugins/sudoers/regress/cvtsudoers/test35.sh --- sudo-1.9.5p2/plugins/sudoers/regress/cvtsudoers/test35.sh 1970-01-01 00:00:00.000000000 +0000 +++ sudo-1.9.9/plugins/sudoers/regress/cvtsudoers/test35.sh 2022-01-27 21:24:22.000000000 +0000 @@ -0,0 +1,8 @@ +#!/bin/sh +# +# Test cvtsudoers merge +# + +: ${CVTSUDOERS=cvtsudoers} + +$CVTSUDOERS -f sudoers -l /dev/null xerxes:${TESTDIR}/sudoers1 xyzzy:${TESTDIR}/sudoers2 ${TESTDIR}/sudoers3 diff -Nru sudo-1.9.5p2/plugins/sudoers/regress/cvtsudoers/test36.out.ok sudo-1.9.9/plugins/sudoers/regress/cvtsudoers/test36.out.ok --- sudo-1.9.5p2/plugins/sudoers/regress/cvtsudoers/test36.out.ok 1970-01-01 00:00:00.000000000 +0000 +++ sudo-1.9.9/plugins/sudoers/regress/cvtsudoers/test36.out.ok 2022-01-27 21:24:22.000000000 +0000 @@ -0,0 +1,15 @@ +Defaults log_output +Defaults!/usr/bin/sudoreplay !log_output +Defaults!/usr/local/bin/sudoreplay !log_output +Defaults!REBOOT !log_output + +User_Alias ADMINS = millert, dowdy, mikef +Cmnd_Alias PROCESSES = /usr/bin/nice, /bin/kill, /usr/bin/renice,\ + /usr/bin/pkill, /usr/bin/top +Cmnd_Alias REBOOT = /sbin/halt, /sbin/reboot, /sbin/poweroff +Host_Alias WEBSERVERS = www1, www2, www3 +Host_Alias WEBSERVERS_1 = www1, www2, www3, www4 + +root ALL = (ALL) ALL + +ALL ALL = (ALL) /usr/bin/id diff -Nru sudo-1.9.5p2/plugins/sudoers/regress/cvtsudoers/test36.sh sudo-1.9.9/plugins/sudoers/regress/cvtsudoers/test36.sh --- sudo-1.9.5p2/plugins/sudoers/regress/cvtsudoers/test36.sh 1970-01-01 00:00:00.000000000 +0000 +++ sudo-1.9.9/plugins/sudoers/regress/cvtsudoers/test36.sh 2022-01-27 21:24:22.000000000 +0000 @@ -0,0 +1,8 @@ +#!/bin/sh +# +# Test cvtsudoers merge +# + +: ${CVTSUDOERS=cvtsudoers} + +$CVTSUDOERS -f sudoers -l /dev/null xerxes:${TESTDIR}/sudoers1 xyzzy:${TESTDIR}/sudoers2 plugh:${TESTDIR}/sudoers2 diff -Nru sudo-1.9.5p2/plugins/sudoers/regress/editor/check_editor.c sudo-1.9.9/plugins/sudoers/regress/editor/check_editor.c --- sudo-1.9.5p2/plugins/sudoers/regress/editor/check_editor.c 1970-01-01 00:00:00.000000000 +0000 +++ sudo-1.9.9/plugins/sudoers/regress/editor/check_editor.c 2022-01-27 21:24:22.000000000 +0000 @@ -0,0 +1,153 @@ +/* + * SPDX-License-Identifier: ISC + * + * Copyright (c) 2021 Todd C. Miller + * + * Permission to use, copy, modify, and distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR + * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN + * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF + * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + */ + +#include + +#include +#include +#include + +#define SUDO_ERROR_WRAP 0 + +#include "sudoers.h" +#include + +/* Note hard-coded array lengths. */ +struct test_data { + char *editor_var; + int nfiles; + char *files[4]; + char *editor_path; + int edit_argc; + char *edit_argv[10]; +} test_data[] = { + { + /* Bug #942 */ + "SUDO_EDITOR=sh -c \"vi \\$1\"", + 1, + { "/etc/motd", NULL }, + "/usr/bin/sh", + 5, + { "sh", "-c", "vi $1", "--", "/etc/motd", NULL } + }, + { + /* Try connecting to the emacs server, falling back on plain emacs. */ + "VISUAL=sh -c \"emacsclient -a emacs -n \\\"\\$@\\\" || emacs \\\"\\$@\\\"\"", + 1, + { "/etc/motd", NULL }, + "/usr/bin/sh", + 5, + { "sh", "-c", "emacsclient -a emacs -n \"$@\" || emacs \"$@\"", "--", "/etc/motd", NULL } + }, + { + /* GitHub issue #99 */ + "EDITOR=/usr/bin/vi\\", + 1, + { "/etc/hosts", "/bogus/file", NULL }, + "/usr/bin/vi\\", + 3, + { "/usr/bin/vi\\", "--", "/etc/hosts", "/bogus/file", NULL } + }, + { NULL } +}; + +sudo_dso_public int main(int argc, char *argv[]); + +/* STUB */ +int +find_path(const char *infile, char **outfile, struct stat *sbp, + const char *path, const char *runchroot, int ignore_dot, + char * const *allowlist) +{ + if (infile[0] == '/') { + *outfile = strdup(infile); + } else { + if (asprintf(outfile, "/usr/bin/%s", infile) == -1) + *outfile = NULL; + } + if (*outfile == NULL) + return NOT_FOUND_ERROR; + return FOUND; +} + +int +main(int argc, char *argv[]) +{ + struct test_data *data; + int ntests = 0, errors = 0; + + initprogname(argc > 0 ? argv[0] : "check_editor"); + + for (data = test_data; data->editor_var != NULL; data++) { + const char *env_editor = NULL; + char *cp, *editor_path, **edit_argv = NULL; + int i, edit_argc = 0; + + /* clear existing editor environment vars */ + putenv("VISUAL="); + putenv("EDITOR="); + putenv("SUDO_EDITOR="); + + putenv(data->editor_var); + editor_path = find_editor(data->nfiles, data->files, &edit_argc, + &edit_argv, NULL, &env_editor); + ntests++; + if (strcmp(editor_path, data->editor_path) != 0) { + sudo_warnx("test %d: editor_path: expected \"%s\", got \"%s\"", + ntests, data->editor_path, editor_path); + errors++; + } + ntests++; + cp = strchr(data->editor_var, '=') + 1; + if (strcmp(env_editor, cp) != 0) { + sudo_warnx("test %d: env_editor: expected \"%s\", got \"%s\"", + ntests, cp, env_editor ? env_editor : "(NULL)"); + errors++; + } + ntests++; + if (edit_argc != data->edit_argc) { + sudo_warnx("test %d: edit_argc: expected %d, got %d", + ntests, data->edit_argc, edit_argc); + errors++; + } else { + ntests++; + for (i = 0; i < edit_argc; i++) { + if (strcmp(edit_argv[i], data->edit_argv[i]) != 0) { + sudo_warnx("test %d: edit_argv[%d]: expected \"%s\", got \"%s\"", + ntests, i, data->edit_argv[i], edit_argv[i]); + errors++; + break; + } + } + } + + free(editor_path); + edit_argc -= data->nfiles + 1; + for (i = 0; i < edit_argc; i++) { + free(edit_argv[i]); + } + free(edit_argv); + } + + if (ntests != 0) { + printf("%s: %d tests run, %d errors, %d%% success rate\n", + getprogname(), ntests, errors, (ntests - errors) * 100 / ntests); + } + + exit(errors); +} diff -Nru sudo-1.9.5p2/plugins/sudoers/regress/exptilde/check_exptilde.c sudo-1.9.9/plugins/sudoers/regress/exptilde/check_exptilde.c --- sudo-1.9.5p2/plugins/sudoers/regress/exptilde/check_exptilde.c 2020-12-17 01:33:44.000000000 +0000 +++ sudo-1.9.9/plugins/sudoers/regress/exptilde/check_exptilde.c 2022-01-27 21:24:06.000000000 +0000 @@ -42,7 +42,9 @@ { "foo/bar", NULL, NULL, false }, { "~root", "/", NULL, true }, { "~", "/home/millert", "millert", true }, + { "~/foo", "/home/millert/foo", "millert", true }, { "~millert", "/home/millert", "millert", true }, + { "~millert/bar", "/home/millert/bar", "millert", true }, { NULL } }; @@ -94,8 +96,10 @@ } } - printf("%s: %d tests run, %d errors, %d%% success rate\n", getprogname(), - ntests, errors, (ntests - errors) * 100 / ntests); + if (ntests != 0) { + printf("%s: %d tests run, %d errors, %d%% success rate\n", + getprogname(), ntests, errors, (ntests - errors) * 100 / ntests); + } exit(errors); } diff -Nru sudo-1.9.5p2/plugins/sudoers/regress/fuzz/fuzz_policy.c sudo-1.9.9/plugins/sudoers/regress/fuzz/fuzz_policy.c --- sudo-1.9.5p2/plugins/sudoers/regress/fuzz/fuzz_policy.c 1970-01-01 00:00:00.000000000 +0000 +++ sudo-1.9.9/plugins/sudoers/regress/fuzz/fuzz_policy.c 2022-01-27 21:24:23.000000000 +0000 @@ -0,0 +1,845 @@ +/* + * Copyright (c) 2021 Todd C. Miller + * + * Permission to use, copy, modify, and distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR + * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN + * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF + * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + */ + +#include + +#include +#include +#include +#include + +#include +#include +#include +#if defined(HAVE_STDINT_H) +# include +#elif defined(HAVE_INTTYPES_H) +# include +#endif +#include +#include +#include +#include +#include +#ifndef HAVE_GETADDRINFO +# include "compat/getaddrinfo.h" +#endif + +#include "sudoers.h" +#include "interfaces.h" + +extern char **environ; +extern sudo_dso_public struct policy_plugin sudoers_policy; + +const char *path_plugin_dir = _PATH_SUDO_PLUGIN_DIR; +char *audit_msg; + +static int pass; + +static FILE * +open_data(const uint8_t *data, size_t size) +{ +#ifdef HAVE_FMEMOPEN + /* Operate in-memory. */ + return fmemopen((void *)data, size, "r"); +#else + char tempfile[] = "/tmp/sudoers.XXXXXX"; + size_t nwritten; + int fd; + + /* Use (unlinked) temporary file. */ + fd = mkstemp(tempfile); + if (fd == -1) + return NULL; + unlink(tempfile); + nwritten = write(fd, data, size); + if (nwritten != size) { + close(fd); + return NULL; + } + lseek(fd, 0, SEEK_SET); + return fdopen(fd, "r"); +#endif +} + +/* + * Array that gets resized as needed. + */ +struct dynamic_array { + char **entries; + size_t len; + size_t size; +}; + +static void +free_strvec(char **vec) +{ + int i; + + for (i = 0; vec[i] != NULL; i++) + free(vec[i]); +} + +static void +free_dynamic_array(struct dynamic_array *arr) +{ + if (arr->entries != NULL) { + free_strvec(arr->entries); + free(arr->entries); + } + memset(arr, 0, sizeof(*arr)); +} + +static bool +push(struct dynamic_array *arr, const char *entry) +{ + char *copy = NULL; + + if (entry != NULL) { + if ((copy = strdup(entry)) == NULL) + return false; + } + + if (arr->len + (entry != NULL) >= arr->size) { + char **tmp = reallocarray(arr->entries, arr->size + 128, sizeof(char *)); + if (tmp == NULL) { + free(copy); + return false; + } + arr->entries = tmp; + arr->size += 128; + } + if (copy != NULL) + arr->entries[arr->len++] = copy; + arr->entries[arr->len] = NULL; + + return true; +} + +static int +fuzz_conversation(int num_msgs, const struct sudo_conv_message msgs[], + struct sudo_conv_reply replies[], struct sudo_conv_callback *callback) +{ + int n; + + for (n = 0; n < num_msgs; n++) { + const struct sudo_conv_message *msg = &msgs[n]; + + switch (msg->msg_type & 0xff) { + case SUDO_CONV_PROMPT_ECHO_ON: + case SUDO_CONV_PROMPT_MASK: + case SUDO_CONV_PROMPT_ECHO_OFF: + /* input not supported */ + return -1; + case SUDO_CONV_ERROR_MSG: + case SUDO_CONV_INFO_MSG: + /* no output for fuzzers */ + break; + default: + return -1; + } + } + return 0; +} + +static int +fuzz_printf(int msg_type, const char *fmt, ...) +{ + return 0; +} + +int +fuzz_hook_stub(struct sudo_hook *hook) +{ + return 0; +} + +/* + * The fuzzing environment may not have DNS available, this may result + * in long delays that cause a timeout when fuzzing. This getaddrinfo() + * can look up "localhost" and returns an error for anything else. + */ +#ifdef FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION +int +# ifdef HAVE_GETADDRINFO +getaddrinfo( +# else +sudo_getaddrinfo( +# endif + const char *nodename, const char *servname, + const struct addrinfo *hints, struct addrinfo **res) +{ + struct addrinfo *ai; + struct in_addr addr; + + /* Stub getaddrinfo(3) to avoid a DNS timeout in CIfuzz. */ + if (strcmp(nodename, "localhost") != 0 || servname != NULL) + return EAI_FAIL; + + /* Hard-code localhost. */ + ai = calloc(1, sizeof(*ai) + sizeof(struct sockaddr_in)); + if (ai == NULL) + return EAI_MEMORY; + ai->ai_canonname = strdup("localhost"); + if (ai == NULL) { + free(ai); + return EAI_MEMORY; + } + ai->ai_family = AF_INET; + ai->ai_protocol = IPPROTO_TCP; + ai->ai_addrlen = sizeof(struct sockaddr_in); + ai->ai_addr = (struct sockaddr *)(ai + 1); + inet_pton(AF_INET, "127.0.0.1", &addr); + ((struct sockaddr_in *)ai->ai_addr)->sin_family = AF_INET; + ((struct sockaddr_in *)ai->ai_addr)->sin_addr = addr; + *res = ai; + return 0; +} + +void +# ifdef HAVE_GETADDRINFO +freeaddrinfo(struct addrinfo *ai) +# else +sudo_freeaddrinfo(struct addrinfo *ai) +# endif +{ + struct addrinfo *next; + + while (ai != NULL) { + next = ai->ai_next; + free(ai->ai_canonname); + free(ai); + ai = next; + } +} +#endif /* FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION */ + +enum fuzz_policy_pass { + PASS_NONE, + PASS_VERSION, + PASS_CHECK_LOG_LOCAL, + PASS_CHECK_LOG_REMOTE, + PASS_CHECK_NOT_FOUND, + PASS_CHECK_NOT_FOUND_DOT, + PASS_LIST, + PASS_LIST_OTHER, + PASS_LIST_CHECK, + PASS_VALIDATE, + PASS_INVALIDATE +}; + +int +LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) +{ + struct dynamic_array plugin_args = { NULL }; + struct dynamic_array settings = { NULL }; + struct dynamic_array user_info = { NULL }; + struct dynamic_array argv = { NULL }; + struct dynamic_array env_add = { NULL }; + char **command_info = NULL, **argv_out = NULL, **user_env_out = NULL; + const char *errstr = NULL; + const int num_passes = 10; + char *line = NULL; + size_t linesize = 0; + ssize_t linelen; + int res = 1; + FILE *fp; + + fp = open_data(data, size); + if (fp == NULL) + return 0; + + setprogname("fuzz_policy"); + sudoers_debug_register(getprogname(), NULL); + sudo_warn_set_conversation(fuzz_conversation); + + /* user_info and settings must be non-NULL (even if empty). */ + push(&user_info, NULL); + push(&settings, NULL); + + /* Iterate over each line of data. */ + while ((linelen = getdelim(&line, &linesize, '\n', fp)) != -1) { + if (line[linelen - 1] == '\n') + line[linelen - 1] = '\0'; + + /* Skip comments and blank lines. */ + if (line[0] == '#' || line[0] == '\0') + continue; + + /* plugin args */ + if (strncmp(line, "error_recovery=", sizeof("error_recovery=") - 1) == 0) { + push(&plugin_args, line); + continue; + } + if (strncmp(line, "sudoers_file=", sizeof("sudoers_file=") - 1) == 0) { + push(&plugin_args, line); + continue; + } + if (strncmp(line, "sudoers_mode=", sizeof("sudoers_mode=") - 1) == 0) { + push(&plugin_args, line); + continue; + } + if (strncmp(line, "sudoers_gid=", sizeof("sudoers_gid=") - 1) == 0) { + push(&plugin_args, line); + continue; + } + if (strncmp(line, "sudoers_uid=", sizeof("sudoers_uid=") - 1) == 0) { + push(&plugin_args, line); + continue; + } + if (strncmp(line, "ldap_conf=", sizeof("ldap_conf=") - 1) == 0) { + push(&plugin_args, line); + continue; + } + if (strncmp(line, "ldap_secret=", sizeof("ldap_secret=") - 1) == 0) { + push(&plugin_args, line); + continue; + } + + /* user info */ + if (strncmp(line, "user=", sizeof("user=") - 1) == 0) { + push(&user_info, line); + continue; + } + if (strncmp(line, "uid=", sizeof("uid=") - 1) == 0) { + push(&user_info, line); + continue; + } + if (strncmp(line, "gid=", sizeof("gid=") - 1) == 0) { + push(&user_info, line); + continue; + } + if (strncmp(line, "groups=", sizeof("groups=") - 1) == 0) { + push(&user_info, line); + continue; + } + if (strncmp(line, "cwd=", sizeof("cwd=") - 1) == 0) { + push(&user_info, line); + continue; + } + if (strncmp(line, "tty=", sizeof("tty=") - 1) == 0) { + push(&user_info, line); + continue; + } + if (strncmp(line, "host=", sizeof("host=") - 1) == 0) { + push(&user_info, line); + continue; + } + if (strncmp(line, "lines=", sizeof("lines=") - 1) == 0) { + push(&user_info, line); + continue; + } + if (strncmp(line, "cols=", sizeof("cols=") - 1) == 0) { + push(&user_info, line); + continue; + } + if (strncmp(line, "sid=", sizeof("sid=") - 1) == 0) { + push(&user_info, line); + continue; + } + if (strncmp(line, "umask=", sizeof("umask=") - 1) == 0) { + push(&user_info, line); + continue; + } + if (strncmp(line, "rlimit_", sizeof("rlimit_") - 1) == 0) { + push(&user_info, line); + continue; + } + + /* First argv entry is the command, the rest are args. */ + if (strncmp(line, "argv=", sizeof("argv=") - 1) == 0) { + push(&argv, line); + continue; + } + + /* Additional environment variables to add. */ + if (strncmp(line, "env=", sizeof("env=") - 1) == 0) { + push(&env_add, line); + continue; + } + + /* Treat anything else as a setting. */ + push(&settings, line); + } + fclose(fp); + free(line); + line = NULL; + + /* Exercise code paths that use KRB5CCNAME and SUDO_PROMPT. */ + putenv("KRB5CCNAME=/tmp/krb5cc_123456"); + putenv("SUDO_PROMPT=[sudo] password for %p: "); + + sudoers_policy.register_hooks(SUDO_API_VERSION, fuzz_hook_stub); + + for (pass = 1; res == 1 && pass <= num_passes; pass++) { + /* Call policy open function */ + res = sudoers_policy.open(SUDO_API_VERSION, fuzz_conversation, + fuzz_printf, settings.entries, user_info.entries, environ, + plugin_args.entries, &errstr); + if (res == 1) { + if (argv.len == 0) { + /* Must have a command to check. */ + push(&argv, "/usr/bin/id"); + } + + switch (pass) { + case PASS_NONE: + break; + case PASS_VERSION: + /* sudo -V */ + sudoers_policy.show_version(true); + break; + case PASS_CHECK_LOG_LOCAL: { + /* sudo command w/ local I/O logging (MODE_RUN) */ + sudoers_policy.check_policy(argv.len, argv.entries, + env_add.entries, &command_info, &argv_out, &user_env_out, + &errstr); + /* call check_policy() again to check for leaks. */ + sudoers_policy.check_policy(argv.len, argv.entries, + env_add.entries, &command_info, &argv_out, &user_env_out, + &errstr); + /* sudo_auth_begin_session() is stubbed out below. */ + sudoers_policy.init_session(NULL, NULL, NULL); + break; + } + case PASS_CHECK_LOG_REMOTE: + /* sudo command w/ remote I/O logging (MODE_RUN) */ + sudoers_policy.check_policy(argv.len, argv.entries, + env_add.entries, &command_info, &argv_out, &user_env_out, + &errstr); + /* call check_policy() again to check for leaks. */ + sudoers_policy.check_policy(argv.len, argv.entries, + env_add.entries, &command_info, &argv_out, &user_env_out, + &errstr); + /* sudo_auth_begin_session() is stubbed out below. */ + sudoers_policy.init_session(NULL, NULL, NULL); + break; + case PASS_CHECK_NOT_FOUND: + /* sudo command (not found) */ + sudoers_policy.check_policy(argv.len, argv.entries, + env_add.entries, &command_info, &argv_out, &user_env_out, + &errstr); + /* sudo_auth_begin_session() is stubbed out below. */ + sudoers_policy.init_session(NULL, NULL, NULL); + break; + case PASS_CHECK_NOT_FOUND_DOT: + /* sudo command (found but in cwd) */ + sudoers_policy.check_policy(argv.len, argv.entries, + env_add.entries, &command_info, &argv_out, &user_env_out, + &errstr); + /* call check_policy() again to check for leaks. */ + sudoers_policy.check_policy(argv.len, argv.entries, + env_add.entries, &command_info, &argv_out, &user_env_out, + &errstr); + /* sudo_auth_begin_session() is stubbed out below. */ + sudoers_policy.init_session(NULL, NULL, NULL); + break; + case PASS_LIST: + /* sudo -l (MODE_LIST) */ + sudoers_policy.list(0, NULL, false, NULL, &errstr); + /* call list() again to check for leaks. */ + sudoers_policy.list(0, NULL, false, NULL, &errstr); + break; + case PASS_LIST_OTHER: + /* sudo -l -U root (MODE_LIST) */ + sudoers_policy.list(0, NULL, false, "root", &errstr); + /* call list() again to check for leaks. */ + sudoers_policy.list(0, NULL, false, "root", &errstr); + break; + case PASS_LIST_CHECK: + /* sudo -l command (MODE_CHECK) */ + sudoers_policy.list(argv.len, argv.entries, false, NULL, + &errstr); + /* call list() again to check for leaks. */ + sudoers_policy.list(argv.len, argv.entries, false, NULL, + &errstr); + break; + case PASS_VALIDATE: + /* sudo -v (MODE_VALIDATE) */ + sudoers_policy.validate(&errstr); + /* call validate() again to check for leaks. */ + sudoers_policy.validate(&errstr); + break; + case PASS_INVALIDATE: + /* sudo -k */ + sudoers_policy.invalidate(false); + /* call invalidate() again to check for leaks. */ + sudoers_policy.invalidate(false); + break; + } + } + + /* Free resources. */ + if (sudoers_policy.close != NULL) + sudoers_policy.close(0, 0); + else + sudoers_cleanup(); + + /* Call a second time to free old env pointer. */ + env_init(NULL); + } + + sudoers_policy.deregister_hooks(SUDO_API_VERSION, fuzz_hook_stub); + sudoers_gc_run(); + + free_dynamic_array(&plugin_args); + free_dynamic_array(&settings); + free_dynamic_array(&user_info); + free_dynamic_array(&argv); + free_dynamic_array(&env_add); + + sudoers_debug_deregister(); + + fflush(stdout); + + return 0; +} + +/* STUB */ +bool +user_is_exempt(void) +{ + return false; +} + +/* STUB */ +bool +set_interfaces(const char *ai) +{ + return true; +} + +/* STUB */ +void +dump_interfaces(const char *ai) +{ + return; +} + +/* STUB */ +void +dump_auth_methods(void) +{ + return; +} + +/* STUB */ +int +sudo_auth_begin_session(struct passwd *pw, char **user_env[]) +{ + return 1; +} + +/* STUB */ +int +sudo_auth_end_session(struct passwd *pw) +{ + return 1; +} + +/* STUB */ +bool +sudo_auth_needs_end_session(void) +{ + return false; +} + +/* STUB */ +int +timestamp_remove(bool unlink_it) +{ + return true; +} + +/* STUB */ +int +create_admin_success_flag(void) +{ + return true; +} + +/* STUB */ +static int +sudo_file_open(struct sudo_nss *nss) +{ + return 0; +} + +/* STUB */ +static int +sudo_file_close(struct sudo_nss *nss) +{ + return 0; +} + +/* STUB */ +static struct sudoers_parse_tree * +sudo_file_parse(struct sudo_nss *nss) +{ + static struct sudoers_parse_tree parse_tree; + + return &parse_tree; +} + +/* STUB */ +static int +sudo_file_query(struct sudo_nss *nss, struct passwd *pw) +{ + return 0; +} + +/* STUB */ +static int +sudo_file_getdefs(struct sudo_nss *nss) +{ + /* Set some Defaults */ + set_default("log_input", NULL, true, "sudoers", 1, 1, false); + set_default("log_output", NULL, true, "sudoers", 1, 1, false); + set_default("env_file", "/dev/null", true, "sudoers", 1, 1, false); + set_default("restricted_env_file", "/dev/null", true, "sudoers", 1, 1, false); + set_default("exempt_group", "sudo", true, "sudoers", 1, 1, false); + set_default("runchroot", "/", true, "sudoers", 1, 1, false); + set_default("runcwd", "~", true, "sudoers", 1, 1, false); + set_default("fqdn", NULL, true, "sudoers", 1, 1, false); + set_default("runas_default", "root", true, "sudoers", 1, 1, false); + set_default("tty_tickets", NULL, true, "sudoers", 1, 1, false); + set_default("umask", "022", true, "sudoers", 1, 1, false); + set_default("logfile", "/var/log/sudo", true, "sudoers", 1, 1, false); + set_default("syslog", "auth", true, "sudoers", 1, 1, false); + set_default("syslog_goodpri", "notice", true, "sudoers", 1, 1, false); + set_default("syslog_badpri", "alert", true, "sudoers", 1, 1, false); + set_default("syslog_maxlen", "2048", true, "sudoers", 1, 1, false); + set_default("loglinelen", "0", true, "sudoers", 1, 1, false); + set_default("log_year", NULL, true, "sudoers", 1, 1, false); + set_default("log_host", NULL, true, "sudoers", 1, 1, false); + set_default("mailerpath", NULL, false, "sudoers", 1, 1, false); + set_default("mailerflags", "-t", true, "sudoers", 1, 1, false); + set_default("mailto", "root@localhost", true, "sudoers", 1, 1, false); + set_default("mailfrom", "sudo@sudo.ws", true, "sudoers", 1, 1, false); + set_default("mailsub", "Someone has been naughty on %h", true, "sudoers", 1, 1, false); + set_default("timestampowner", "#0", true, "sudoers", 1, 1, false); + set_default("compress_io", NULL, true, "sudoers", 1, 1, false); + set_default("iolog_flush", NULL, true, "sudoers", 1, 1, false); + set_default("iolog_flush", NULL, true, "sudoers", 1, 1, false); + set_default("maxseq", "2176782336", true, "sudoers", 1, 1, false); + set_default("sudoedit_checkdir", NULL, false, "sudoers", 1, 1, false); + set_default("sudoedit_follow", NULL, true, "sudoers", 1, 1, false); + set_default("ignore_iolog_errors", NULL, true, "sudoers", 1, 1, false); + set_default("ignore_iolog_errors", NULL, true, "sudoers", 1, 1, false); + set_default("noexec", NULL, true, "sudoers", 1, 1, false); + set_default("exec_background", NULL, true, "sudoers", 1, 1, false); + set_default("use_pty", NULL, true, "sudoers", 1, 1, false); + set_default("utmp_runas", NULL, true, "sudoers", 1, 1, false); + set_default("iolog_mode", "0640", true, "sudoers", 1, 1, false); + set_default("iolog_user", NULL, false, "sudoers", 1, 1, false); + set_default("iolog_group", NULL, false, "sudoers", 1, 1, false); + if (pass != PASS_CHECK_LOG_LOCAL) { + set_default("log_servers", "localhost", true, "sudoers", 1, 1, false); + set_default("log_server_timeout", "30", true, "sudoers", 1, 1, false); + set_default("log_server_cabundle", "/etc/ssl/cacert.pem", true, "sudoers", 1, 1, false); + set_default("log_server_peer_cert", "/etc/ssl/localhost.crt", true, "sudoers", 1, 1, false); + set_default("log_server_peer_key", "/etc/ssl/private/localhost.key", true, "sudoers", 1, 1, false); + } + + return 0; +} + +static struct sudo_nss sudo_nss_file = { + { NULL, NULL }, + sudo_file_open, + sudo_file_close, + sudo_file_parse, + sudo_file_query, + sudo_file_getdefs +}; + +struct sudo_nss_list * +sudo_read_nss(void) +{ + static struct sudo_nss_list snl = TAILQ_HEAD_INITIALIZER(snl); + + if (TAILQ_EMPTY(&snl)) + TAILQ_INSERT_TAIL(&snl, &sudo_nss_file, entries); + + return &snl; +} + +/* STUB */ +int +check_user(int validated, int mode) +{ + return true; +} + +/* STUB */ +bool +check_user_shell(const struct passwd *pw) +{ + return true; +} + +/* STUB */ +void +group_plugin_unload(void) +{ + return; +} + +/* STUB */ +bool +log_warning(int flags, const char *fmt, ...) +{ + return true; +} + +/* STUB */ +bool +log_warningx(int flags, const char *fmt, ...) +{ + return true; +} + +/* STUB */ +bool +gai_log_warning(int flags, int errnum, const char *fmt, ...) +{ + return true; +} + +/* STUB */ +bool +log_denial(int status, bool inform_user) +{ + return true; +} + +/* STUB */ +bool +log_failure(int status, int flags) +{ + return true; +} + +/* STUB */ +bool +log_exit_status(int exit_status) +{ + return true; +} + +/* STUB */ +int +audit_failure(char *const argv[], char const *const fmt, ...) +{ + return 0; +} + +/* STUB */ +int +sudoers_lookup(struct sudo_nss_list *snl, struct passwd *pw, int *cmnd_status, + int pwflag) +{ + return VALIDATE_SUCCESS; +} + +/* STUB */ +int +display_cmnd(struct sudo_nss_list *snl, struct passwd *pw) +{ + return true; +} + +/* STUB */ +int +display_privs(struct sudo_nss_list *snl, struct passwd *pw, bool verbose) +{ + return true; +} + +/* STUB */ +int +find_path(const char *infile, char **outfile, struct stat *sbp, + const char *path, const char *runchroot, int ignore_dot, + char * const *allowlist) +{ + switch (pass) { + case PASS_CHECK_NOT_FOUND: + return NOT_FOUND; + case PASS_CHECK_NOT_FOUND_DOT: + return NOT_FOUND_DOT; + default: + if (infile[0] == '/') { + *outfile = strdup(infile); + } else { + if (asprintf(outfile, "/usr/bin/%s", infile) == -1) + *outfile = NULL; + } + if (*outfile == NULL) + return NOT_FOUND_ERROR; + return FOUND; + } +} + +/* STUB */ +bool +expand_iolog_path(const char *inpath, char *path, size_t pathlen, + const struct iolog_path_escape *escapes, void *closure) +{ + return strlcpy(path, inpath, pathlen) < pathlen; +} + +/* STUB */ +bool +iolog_nextid(char *iolog_dir, char sessid[7]) +{ + strlcpy(sessid, "000001", 7); + return true; +} + +/* STUB */ +bool +cb_maxseq(const union sudo_defs_val *sd_un) +{ + return true; +} + +/* STUB */ +bool +cb_iolog_user(const union sudo_defs_val *sd_un) +{ + return true; +} + +/* STUB */ +bool +cb_iolog_group(const union sudo_defs_val *sd_un) +{ + return true; +} + +/* STUB */ +bool +cb_iolog_mode(const union sudo_defs_val *sd_un) +{ + return true; +} + +/* STUB */ +bool +cb_group_plugin(const union sudo_defs_val *sd_un) +{ + return true; +} diff -Nru sudo-1.9.5p2/plugins/sudoers/regress/fuzz/fuzz_policy.dict sudo-1.9.9/plugins/sudoers/regress/fuzz/fuzz_policy.dict --- sudo-1.9.5p2/plugins/sudoers/regress/fuzz/fuzz_policy.dict 1970-01-01 00:00:00.000000000 +0000 +++ sudo-1.9.9/plugins/sudoers/regress/fuzz/fuzz_policy.dict 2022-01-27 21:24:06.000000000 +0000 @@ -0,0 +1,51 @@ +# Policy plugin keywords (all are keyword = value) + +# sudoers plugin options from sudo.conf +"error_recovery" +"sudoers_file" +"sudoers_uid" +"sudoers_gid" +"sudoers_mode" +"ldap_conf" +"ldap_secret" + +# command line settings from front-end +"closefrom" +"cmnd_chroot" +"cmnd_cwd" +"runas_user" +"runas_group" +"prompt" +"set_home" +"preserve_environment" +"run_shell" +"login_shell" +"implied_shell" +"preserve_groups" +"ignore_ticket" +"noninteractive" +"sudoedit" +"login_class" +"runas_privs" +"runas_limitprivs" +"selinux_role" +"selinux_type" +"bsdauth_type" +"network_addrs" +"max_groups" +"remote_host" +"timeout" +"plugin_dir" + +# user information from front-end +"user" +"uid" +"gid" +"groups" +"cwd" +"tty" +"host" +"lines" +"cols" +"sid" +"umask" diff -Nru sudo-1.9.5p2/plugins/sudoers/regress/fuzz/fuzz_stubs.c sudo-1.9.9/plugins/sudoers/regress/fuzz/fuzz_stubs.c --- sudo-1.9.5p2/plugins/sudoers/regress/fuzz/fuzz_stubs.c 1970-01-01 00:00:00.000000000 +0000 +++ sudo-1.9.9/plugins/sudoers/regress/fuzz/fuzz_stubs.c 2022-01-27 21:24:06.000000000 +0000 @@ -0,0 +1,85 @@ +/* + * Copyright (c) 2021 Todd C. Miller + * + * Permission to use, copy, modify, and distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR + * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN + * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF + * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + */ + +#include + +#include + +#include +#include +#include +#include +#include +#include +#include +#if defined(HAVE_STDINT_H) +# include +#elif defined(HAVE_INTTYPES_H) +# include +#endif +#include +#include +#ifdef NEED_RESOLV_H +# include +# include +#endif /* NEED_RESOLV_H */ +#include + +#include "sudoers.h" +#include "interfaces.h" + +struct interface_list * +get_interfaces(void) +{ + static struct interface_list empty = SLIST_HEAD_INITIALIZER(interfaces); + return ∅ +} + +void +init_eventlog_config(void) +{ + return; +} + +int +group_plugin_query(const char *user, const char *group, const struct passwd *pw) +{ + return false; +} + +bool +set_perms(int perm) +{ + return true; +} + +bool +restore_perms(void) +{ + return true; +} + +bool +rewind_perms(void) +{ + return true; +} + +bool +sudo_nss_can_continue(struct sudo_nss *nss, int match) +{ + return true; +} diff -Nru sudo-1.9.5p2/plugins/sudoers/regress/fuzz/fuzz_sudoers.c sudo-1.9.9/plugins/sudoers/regress/fuzz/fuzz_sudoers.c --- sudo-1.9.5p2/plugins/sudoers/regress/fuzz/fuzz_sudoers.c 1970-01-01 00:00:00.000000000 +0000 +++ sudo-1.9.9/plugins/sudoers/regress/fuzz/fuzz_sudoers.c 2022-01-27 21:24:22.000000000 +0000 @@ -0,0 +1,387 @@ +/* + * Copyright (c) 2021 Todd C. Miller + * + * Permission to use, copy, modify, and distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR + * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN + * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF + * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + */ + +#include + +#include + +#include +#include +#include +#include +#include +#include +#include +#if defined(HAVE_STDINT_H) +# include +#elif defined(HAVE_INTTYPES_H) +# include +#endif +#include +#include +#ifdef NEED_RESOLV_H +# include +# include +#endif /* NEED_RESOLV_H */ +#include + +#include "sudoers.h" +#include "interfaces.h" + +static int fuzz_conversation(int num_msgs, const struct sudo_conv_message msgs[], struct sudo_conv_reply replies[], struct sudo_conv_callback *callback); +static int fuzz_printf(int msg_type, const char *fmt, ...); + +/* Required to link with parser. */ +struct sudo_user sudo_user; +struct passwd *list_pw; +sudo_conv_t sudo_conv = fuzz_conversation; +sudo_printf_t sudo_printf = fuzz_printf; +bool sudoers_recovery = true; +int sudo_mode; + +FILE * +open_sudoers(const char *file, bool doedit, bool *keepopen) +{ + /* + * If we allow the fuzzer to choose include paths it will + * include random files in the file system. + * This leads to bug reports that cannot be reproduced. + */ + return NULL; +} + +static int +fuzz_printf(int msg_type, const char *fmt, ...) +{ + return 0; +} + +static int +fuzz_conversation(int num_msgs, const struct sudo_conv_message msgs[], + struct sudo_conv_reply replies[], struct sudo_conv_callback *callback) +{ + int n; + + for (n = 0; n < num_msgs; n++) { + const struct sudo_conv_message *msg = &msgs[n]; + + switch (msg->msg_type & 0xff) { + case SUDO_CONV_PROMPT_ECHO_ON: + case SUDO_CONV_PROMPT_MASK: + case SUDO_CONV_PROMPT_ECHO_OFF: + /* input not supported */ + return -1; + case SUDO_CONV_ERROR_MSG: + case SUDO_CONV_INFO_MSG: + /* no output for fuzzers */ + break; + default: + return -1; + } + } + return 0; +} + +bool +init_envtables(void) +{ + return true; +} + +int +set_cmnd_path(const char *runchroot) +{ + /* Cannot return FOUND without also setting user_cmnd to a new value. */ + return NOT_FOUND; +} + +/* STUB */ +bool +log_warningx(int flags, const char *fmt, ...) +{ + return true; +} + +static int +sudo_fuzz_query(struct sudo_nss *nss, struct passwd *pw) +{ + return 0; +} + +static int +cb_unused(struct sudoers_parse_tree *parse_tree, struct alias *a, void *v) +{ + return 0; +} + +static FILE * +open_data(const uint8_t *data, size_t size) +{ +#ifdef HAVE_FMEMOPEN + /* Operate in-memory. */ + return fmemopen((void *)data, size, "r"); +#else + char tempfile[] = "/tmp/sudoers.XXXXXX"; + size_t nwritten; + int fd; + + /* Use (unlinked) temporary file. */ + fd = mkstemp(tempfile); + if (fd == -1) + return NULL; + unlink(tempfile); + nwritten = write(fd, data, size); + if (nwritten != size) { + close(fd); + return NULL; + } + lseek(fd, 0, SEEK_SET); + return fdopen(fd, "r"); +#endif +} + +static struct user_data { + char *user; + char *runuser; + char *rungroup; +} user_data[] = { + { "root", NULL, NULL }, + { "millert", "operator", NULL }, + { "millert", NULL, "wheel" }, + { "operator", NULL, NULL }, + { NULL } +}; + +int +LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) +{ + struct user_data *ud; + struct sudo_nss sudo_nss_fuzz; + struct sudo_nss_list snl = TAILQ_HEAD_INITIALIZER(snl); + struct sudoers_parse_tree parse_tree; + struct interface_list *interfaces; + struct passwd *pw; + struct group *gr; + char *gids[10]; + FILE *fp; + + /* Don't waste time fuzzing tiny inputs. */ + if (size < 5) + return 0; + + fp = open_data(data, size); + if (fp == NULL) + return 0; + + setprogname("fuzz_sudoers"); + sudoers_debug_register(getprogname(), NULL); + sudo_warn_set_conversation(fuzz_conversation); + + /* Sudoers locale setup. */ + sudoers_initlocale(setlocale(LC_ALL, ""), "C"); + sudo_warn_set_locale_func(sudoers_warn_setlocale); + bindtextdomain("sudoers", LOCALEDIR); + textdomain("sudoers"); + + /* Use the sudoers locale for everything. */ + sudoers_setlocale(SUDOERS_LOCALE_SUDOERS, NULL); + + /* Prime the group cache */ + gr = sudo_mkgrent("wheel", 0, "millert", "root", (char *)NULL); + if (gr == NULL) + goto done; + sudo_gr_delref(gr); + + gr = sudo_mkgrent("operator", 5, "operator", "root", "millert", (char *)NULL); + if (gr == NULL) + goto done; + sudo_gr_delref(gr); + + gr = sudo_mkgrent("staff", 20, "root", "millert", (char *)NULL); + if (gr == NULL) + goto done; + sudo_gr_delref(gr); + + gr = sudo_mkgrent("sudo", 100, "root", "millert", (char *)NULL); + if (gr == NULL) + goto done; + sudo_gr_delref(gr); + + /* Prime the passwd cache */ + pw = sudo_mkpwent("root", 0, 0, "/", "/bin/sh"); + if (pw == NULL) + goto done; + gids[0] = "0"; + gids[1] = "20"; + gids[2] = "5"; + gids[3] = NULL; + if (sudo_set_gidlist(pw, gids, ENTRY_TYPE_FRONTEND) == -1) + goto done; + sudo_pw_delref(pw); + + pw = sudo_mkpwent("operator", 2, 5, "/operator", "/sbin/nologin"); + if (pw == NULL) + goto done; + gids[0] = "5"; + gids[1] = NULL; + if (sudo_set_gidlist(pw, gids, ENTRY_TYPE_FRONTEND) == -1) + goto done; + sudo_pw_delref(pw); + + pw = sudo_mkpwent("millert", 8036, 20, "/home/millert", "/bin/tcsh"); + if (pw == NULL) + goto done; + gids[0] = "0"; + gids[1] = "20"; + gids[2] = "5"; + gids[3] = "100"; + gids[4] = NULL; + if (sudo_set_gidlist(pw, gids, ENTRY_TYPE_FRONTEND) == -1) + goto done; + sudo_pw_delref(pw); + + /* The minimum needed to perform matching (user_cmnd must be dynamic). */ + user_host = user_shost = user_runhost = user_srunhost = "localhost"; + user_cmnd = strdup("/usr/bin/id"); + if (user_cmnd == NULL) + goto done; + user_args = "-u"; + user_base = "id"; + + /* Add a fake network interfaces. */ + interfaces = get_interfaces(); + if (SLIST_EMPTY(interfaces)) { + static struct interface interface; + + interface.family = AF_INET; + inet_pton(AF_INET, "128.138.243.151", &interface.addr.ip4); + inet_pton(AF_INET, "255.255.255.0", &interface.netmask.ip4); + SLIST_INSERT_HEAD(interfaces, &interface, entries); + } + + /* Only one sudoers source, the sudoers file itself. */ + init_parse_tree(&parse_tree, NULL, NULL); + memset(&sudo_nss_fuzz, 0, sizeof(sudo_nss_fuzz)); + sudo_nss_fuzz.parse_tree = &parse_tree; + sudo_nss_fuzz.query = sudo_fuzz_query; + TAILQ_INSERT_TAIL(&snl, &sudo_nss_fuzz, entries); + + /* Initialize defaults and parse sudoers. */ + init_defaults(); + init_parser("sudoers", false, true); + sudoersrestart(fp); + sudoersparse(); + reparent_parse_tree(&parse_tree); + + if (!parse_error) { + /* Match user/host/command against parsed policy. */ + for (ud = user_data; ud->user != NULL; ud++) { + int cmnd_status; + + /* Invoking user. */ + user_name = ud->user; + if (sudo_user.pw != NULL) + sudo_pw_delref(sudo_user.pw); + sudo_user.pw = sudo_getpwnam(user_name); + if (sudo_user.pw == NULL) { + sudo_warnx_nodebug("unknown user %s", user_name); + continue; + } + + /* Run user. */ + if (runas_pw != NULL) + sudo_pw_delref(runas_pw); + if (ud->runuser != NULL) { + sudo_user.runas_user = ud->runuser; + SET(sudo_user.flags, RUNAS_USER_SPECIFIED); + runas_pw = sudo_getpwnam(sudo_user.runas_user); + } else { + sudo_user.runas_user = NULL; + CLR(sudo_user.flags, RUNAS_USER_SPECIFIED); + runas_pw = sudo_getpwnam("root"); + } + if (runas_pw == NULL) { + sudo_warnx_nodebug("unknown run user %s", sudo_user.runas_user); + continue; + } + + /* Run group. */ + if (runas_gr != NULL) + sudo_gr_delref(runas_gr); + if (ud->rungroup != NULL) { + sudo_user.runas_group = ud->rungroup; + SET(sudo_user.flags, RUNAS_GROUP_SPECIFIED); + runas_gr = sudo_getgrnam(sudo_user.runas_group); + if (runas_gr == NULL) { + sudo_warnx_nodebug("unknown run group %s", + sudo_user.runas_group); + continue; + } + } else { + sudo_user.runas_group = NULL; + CLR(sudo_user.flags, RUNAS_GROUP_SPECIFIED); + runas_gr = NULL; + } + + update_defaults(&parse_tree, NULL, SETDEF_ALL, false); + + sudoers_lookup(&snl, sudo_user.pw, &cmnd_status, false); + + /* Match again as a pseudo-command (list, validate, etc). */ + sudoers_lookup(&snl, sudo_user.pw, &cmnd_status, true); + + /* Display privileges. */ + display_privs(&snl, sudo_user.pw, false); + display_privs(&snl, sudo_user.pw, true); + } + + /* Expand tildes in runcwd and runchroot. */ + if (runas_pw != NULL) { + if (def_runcwd != NULL && strcmp(def_runcwd, "*") != 0) { + expand_tilde(&def_runcwd, runas_pw->pw_name); + } + if (def_runchroot != NULL && strcmp(def_runchroot, "*") != 0) { + expand_tilde(&def_runchroot, runas_pw->pw_name); + } + } + + /* Check Defaults and aliases. */ + check_defaults(&parse_tree, false); + check_aliases(&parse_tree, true, false, cb_unused); + } + +done: + /* Cleanup. */ + fclose(fp); + free_parse_tree(&parse_tree); + init_parser(NULL, true, true); + if (sudo_user.pw != NULL) + sudo_pw_delref(sudo_user.pw); + if (runas_pw != NULL) + sudo_pw_delref(runas_pw); + if (runas_gr != NULL) + sudo_gr_delref(runas_gr); + sudo_freepwcache(); + sudo_freegrcache(); + free(user_cmnd); + free(safe_cmnd); + memset(&sudo_user, 0, sizeof(sudo_user)); + sudoers_setlocale(SUDOERS_LOCALE_USER, NULL); + sudoers_debug_deregister(); + fflush(stdout); + + return 0; +} diff -Nru sudo-1.9.5p2/plugins/sudoers/regress/fuzz/fuzz_sudoers.dict sudo-1.9.9/plugins/sudoers/regress/fuzz/fuzz_sudoers.dict --- sudo-1.9.5p2/plugins/sudoers/regress/fuzz/fuzz_sudoers.dict 1970-01-01 00:00:00.000000000 +0000 +++ sudo-1.9.9/plugins/sudoers/regress/fuzz/fuzz_sudoers.dict 2022-01-27 21:24:06.000000000 +0000 @@ -0,0 +1,195 @@ +# Sudoers policy keywords (all are keyword = value) + +# Aliases +"Cmnd_Alias" +"Cmd_Alias" +"Host_Alias" +"Runas_Alias" +"User_Alias" + +# Special keywords +"ALL" +"(ALL:ALL)" +"sudoedit" + +# Date_Spec +"20170214083000Z" +"2017021408Z" +"20160315220000-0500" +"20151201235900" + +# Timeout_Spec +"7d8h30m10s" +"14d" +"8h30m" +"600s" +"3600" + +# Command digests +"sha224:" +"sha256:" +"sha384:" +"sha512:" + +# Command tags +"NOPASSWD" +"PASSWD" +"NOEXEC" +"EXEC" +"SETENV" +"NOSETENV" +"LOG_INPUT" +"NOLOG_INPUT" +"LOG_OUTPUT" +"NOLOG_OUTPUT" +"FOLLOWLNK" +"NOFOLLOWLNK" +"MAIL" +"NOMAIL" + +# Command options +"CHROOT" +"CWD" +"CMND_TIMEOUT" +"NOTBEFORE" +"NOTAFTER" +"ROLE" +"TYPE" +"PRIVS" +"LIMITPRIVS" + +# Defaults settings +"Defaults" +"syslog" +"syslog_goodpri" +"syslog_badpri" +"long_otp_prompt" +"ignore_dot" +"mail_always" +"mail_badpass" +"mail_no_user" +"mail_no_host" +"mail_no_perms" +"mail_all_cmnds" +"tty_tickets" +"lecture" +"lecture_file" +"authenticate" +"root_sudo" +"log_host" +"log_year" +"shell_noargs" +"set_home" +"always_set_home" +"path_info" +"fqdn" +"insults" +"requiretty" +"env_editor" +"rootpw" +"runaspw" +"targetpw" +"use_loginclass" +"set_logname" +"stay_setuid" +"preserve_groups" +"loglinelen" +"timestamp_timeout" +"passwd_timeout" +"passwd_tries" +"umask" +"logfile" +"mailerpath" +"mailerflags" +"mailto" +"mailfrom" +"mailsub" +"badpass_message" +"lecture_status_dir" +"timestampdir" +"timestampowner" +"exempt_group" +"passprompt" +"passprompt_override" +"runas_default" +"secure_path" +"editor" +"listpw" +"verifypw" +"noexec" +"ignore_local_sudoers" +"closefrom" +"closefrom_override" +"setenv" +"env_reset" +"env_check" +"env_delete" +"env_keep" +"role" +"type" +"env_file" +"restricted_env_file" +"sudoers_locale" +"visiblepw" +"pwfeedback" +"fast_glob" +"umask_override" +"log_input" +"log_output" +"compress_io" +"use_pty" +"group_plugin" +"iolog_dir" +"iolog_file" +"set_utmp" +"utmp_runas" +"privs" +"limitprivs" +"exec_background" +"pam_service" +"pam_login_service" +"pam_setcred" +"pam_session" +"pam_acct_mgmt" +"maxseq" +"use_netgroups" +"sudoedit_checkdir" +"sudoedit_follow" +"always_query_group_plugin" +"netgroup_tuple" +"ignore_audit_errors" +"ignore_iolog_errors" +"ignore_logfile_errors" +"match_group_by_gid" +"syslog_maxlen" +"iolog_user" +"iolog_group" +"iolog_mode" +"fdexec" +"ignore_unknown_defaults" +"command_timeout" +"user_command_timeouts" +"iolog_flush" +"syslog_pid" +"timestamp_type" +"authfail_message" +"case_insensitive_user" +"case_insensitive_group" +"log_allowed" +"log_denied" +"log_servers" +"log_server_timeout" +"log_server_keepalive" +"log_server_cabundle" +"log_server_peer_cert" +"log_server_peer_key" +"log_server_verify" +"runas_allow_unknown_id" +"runas_check_shell" +"pam_ruser" +"pam_rhost" +"runcwd" +"runchroot" +"log_format" +"selinux" +"admin_flag" diff -Nru sudo-1.9.5p2/plugins/sudoers/regress/fuzz/fuzz_sudoers.out.ok sudo-1.9.9/plugins/sudoers/regress/fuzz/fuzz_sudoers.out.ok --- sudo-1.9.5p2/plugins/sudoers/regress/fuzz/fuzz_sudoers.out.ok 1970-01-01 00:00:00.000000000 +0000 +++ sudo-1.9.9/plugins/sudoers/regress/fuzz/fuzz_sudoers.out.ok 2022-01-27 21:24:06.000000000 +0000 @@ -0,0 +1,577 @@ +Running: examples/sudoers +Matching Defaults entries for root on localhost: + syslog=auth, runcwd=~ + +Runas and Command-specific defaults for root: + Defaults>root !set_logname Defaults!/usr/bin/more, /usr/bin/pg, /usr/bin/less noexec + + +User root may run the following commands on localhost: + (ALL) ALL + (ALL) ALL + +Matching Defaults entries for root on localhost: + syslog=auth, runcwd=~ + +Runas and Command-specific defaults for root: + Defaults>root !set_logname Defaults!/usr/bin/more, /usr/bin/pg, /usr/bin/less noexec + + +User root may run the following commands on localhost: + +Sudoers entry: + RunAsUsers: ALL + Commands: + ALL + +Sudoers entry: + RunAsUsers: ALL + Commands: + ALL + +Matching Defaults entries for millert on localhost: + syslog=auth, runcwd=~, !lecture, runchroot=*, !authenticate + +Runas and Command-specific defaults for millert: + Defaults>root !set_logname Defaults!/usr/bin/more, /usr/bin/pg, /usr/bin/less noexec + + +User millert may run the following commands on localhost: + (ALL) ALL + (root) NOPASSWD: ALL + +Matching Defaults entries for millert on localhost: + syslog=auth, runcwd=~, !lecture, runchroot=*, !authenticate + +Runas and Command-specific defaults for millert: + Defaults>root !set_logname Defaults!/usr/bin/more, /usr/bin/pg, /usr/bin/less noexec + + +User millert may run the following commands on localhost: + +Sudoers entry: + RunAsUsers: ALL + Commands: + ALL + +Sudoers entry: + RunAsUsers: root + Options: !authenticate + Commands: + ALL + +Matching Defaults entries for millert on localhost: + syslog=auth, runcwd=~, !lecture, runchroot=*, !authenticate + +Runas and Command-specific defaults for millert: + Defaults>root !set_logname Defaults!/usr/bin/more, /usr/bin/pg, /usr/bin/less noexec + + +User millert may run the following commands on localhost: + (ALL) ALL + (root) NOPASSWD: ALL + +Matching Defaults entries for millert on localhost: + syslog=auth, runcwd=~, !lecture, runchroot=*, !authenticate + +Runas and Command-specific defaults for millert: + Defaults>root !set_logname Defaults!/usr/bin/more, /usr/bin/pg, /usr/bin/less noexec + + +User millert may run the following commands on localhost: + +Sudoers entry: + RunAsUsers: ALL + Commands: + ALL + +Sudoers entry: + RunAsUsers: root + Options: !authenticate + Commands: + ALL + +Matching Defaults entries for operator on localhost: + syslog=auth, runcwd=~ + +Runas and Command-specific defaults for operator: + Defaults>root !set_logname Defaults!/usr/bin/more, /usr/bin/pg, /usr/bin/less noexec + + +User operator may run the following commands on localhost: + (root) /usr/sbin/dump, /usr/sbin/rdump, /usr/sbin/restore, /usr/sbin/rrestore, /usr/bin/mt, sha224:0GomF8mNN3wlDt1HD9XldjJ3SNgpFdbjO1+NsQ== /home/operator/bin/start_backups, /usr/bin/kill, /usr/bin/top, /usr/sbin/shutdown, /usr/sbin/halt, /usr/sbin/reboot, /usr/sbin/lpc, /usr/bin/lprm, sudoedit /etc/printcap, /usr/oper/bin/ + +Matching Defaults entries for operator on localhost: + syslog=auth, runcwd=~ + +Runas and Command-specific defaults for operator: + Defaults>root !set_logname Defaults!/usr/bin/more, /usr/bin/pg, /usr/bin/less noexec + + +User operator may run the following commands on localhost: + +Sudoers entry: + RunAsUsers: root + Commands: + /usr/sbin/dump + /usr/sbin/rdump + /usr/sbin/restore + /usr/sbin/rrestore + /usr/bin/mt + sha224:0GomF8mNN3wlDt1HD9XldjJ3SNgpFdbjO1+NsQ== /home/operator/bin/start_backups + /usr/bin/kill + /usr/bin/top + /usr/sbin/shutdown + /usr/sbin/halt + /usr/sbin/reboot + /usr/sbin/lpc + /usr/bin/lprm + sudoedit /etc/printcap + /usr/oper/bin/ + +Executed examples/sudoers +Running: regress/sudoers/test1.in +User root is not allowed to run sudo on localhost. + +User root is not allowed to run sudo on localhost. + +User millert is not allowed to run sudo on localhost. + +User millert is not allowed to run sudo on localhost. + +User millert is not allowed to run sudo on localhost. + +User millert is not allowed to run sudo on localhost. + +User operator is not allowed to run sudo on localhost. + +User operator is not allowed to run sudo on localhost. + +Executed regress/sudoers/test1.in +Running: regress/sudoers/test2.in +User root is not allowed to run sudo on localhost. + +User root is not allowed to run sudo on localhost. + +User millert is not allowed to run sudo on localhost. + +User millert is not allowed to run sudo on localhost. + +User millert is not allowed to run sudo on localhost. + +User millert is not allowed to run sudo on localhost. + +User operator is not allowed to run sudo on localhost. + +User operator is not allowed to run sudo on localhost. + +Executed regress/sudoers/test2.in +Running: regress/sudoers/test3.in +User root is not allowed to run sudo on localhost. + +User root is not allowed to run sudo on localhost. + +User millert is not allowed to run sudo on localhost. + +User millert is not allowed to run sudo on localhost. + +User millert is not allowed to run sudo on localhost. + +User millert is not allowed to run sudo on localhost. + +User operator is not allowed to run sudo on localhost. + +User operator is not allowed to run sudo on localhost. + +Executed regress/sudoers/test3.in +Running: regress/sudoers/test4.in +sudoers:7:1: invalid line continuation +User_Alias BAR = bar +^~~~~~~~~~ +Executed regress/sudoers/test4.in +Running: regress/sudoers/test5.in +sudoers:2:19: empty string +User_Alias FOO = "" + ^ +sudoers:3:2: empty string +"" ALL = ALL + ^ +Executed regress/sudoers/test5.in +Running: regress/sudoers/test6.in +Runas and Command-specific defaults for root: + Defaults>#123 set_home + Defaults>#123 set_home + + +User root may run the following commands on localhost: + (root) ALL + (#0 : #0) ALL + (root) ALL + (#0 : #0) ALL + (root) ALL + (root) ALL + +Runas and Command-specific defaults for root: + Defaults>#123 set_home + Defaults>#123 set_home + + +User root may run the following commands on localhost: + +Sudoers entry: + RunAsUsers: root + Commands: + ALL + +Sudoers entry: + RunAsUsers: #0 + RunAsGroups: #0 + Commands: + ALL + +Sudoers entry: + RunAsUsers: root + Commands: + ALL + +Sudoers entry: + RunAsUsers: #0 + RunAsGroups: #0 + Commands: + ALL + +Sudoers entry: + RunAsUsers: root + Commands: + ALL + +Sudoers entry: + RunAsUsers: root + Commands: + ALL + +Runas and Command-specific defaults for millert: + Defaults>#123 set_home + Defaults>#123 set_home + + +User millert may run the following commands on localhost: + (root) ALL + (root) ALL + +Runas and Command-specific defaults for millert: + Defaults>#123 set_home + Defaults>#123 set_home + + +User millert may run the following commands on localhost: + +Sudoers entry: + RunAsUsers: root + Commands: + ALL + +Sudoers entry: + RunAsUsers: root + Commands: + ALL + +Runas and Command-specific defaults for millert: + Defaults>#123 set_home + Defaults>#123 set_home + + +User millert may run the following commands on localhost: + (root) ALL + (root) ALL + +Runas and Command-specific defaults for millert: + Defaults>#123 set_home + Defaults>#123 set_home + + +User millert may run the following commands on localhost: + +Sudoers entry: + RunAsUsers: root + Commands: + ALL + +Sudoers entry: + RunAsUsers: root + Commands: + ALL + +User operator is not allowed to run sudo on localhost. + +User operator is not allowed to run sudo on localhost. + +Executed regress/sudoers/test6.in +Running: regress/sudoers/test7.in +sudoers:2:21: empty group +User_Alias FOO1 = "%" + ^ +sudoers:3:22: empty group +User_Alias FOO2 = "%:" + ^ +sudoers:4:21: empty netgroup +User_Alias FOO3 = "+" + ^ +sudoers:5:19: empty group +User_Alias FOO4 = % + ^ +sudoers:6:19: empty group +User_Alias FOO5 = %: + ^~ +sudoers:7:19: empty netgroup +User_Alias FOO6 = + + ^ +Executed regress/sudoers/test7.in +Running: regress/sudoers/test8.in +sudoers:8:20: unexpected line break in string +User_Alias UA4 = "x + ^ +Executed regress/sudoers/test8.in +Running: regress/sudoers/test9.in +Executed regress/sudoers/test9.in +Running: regress/sudoers/test10.in +Executed regress/sudoers/test10.in +Running: regress/sudoers/test11.in +sudoers:1:6: syntax error +bogus + ^ +Executed regress/sudoers/test11.in +Running: regress/sudoers/test12.in +sudoers:1:17: syntax error +user ALL = (ALL) + ^ +Executed regress/sudoers/test12.in +Running: regress/sudoers/test13.in +sudoers:1:17: syntax error +user ALL = (ALL) + ^ +Executed regress/sudoers/test13.in +Running: regress/sudoers/test14.in +User root is not allowed to run sudo on localhost. + +User root is not allowed to run sudo on localhost. + +User millert may run the following commands on localhost: + (root) sha224:d06a2617c98d377c250edd470fd5e576327748d82915d6e33b5f8db1, sha224:d7910e1967342b4605cb73a550944044c631cd3514001900966962ac /bin/ls, sha256:hOtoe/iK6SlGg7w4BfZBBdSsXjUmTJ5+ts51yjh7vkM=, sha256:1IXHRCxXgSnIEnb+xBz4PAfWaPdXIBWKFF0QCwxJ5G4= /bin/sh, sha512:srzYEQ2aqzm+it3f74opTMkIImZRLxBARVpb0g9RSouJYdLt7DTRMEY4Ry9NyaOiDoUIplpNjqYH0JMYPVdFnw /bin/kill + +User millert may run the following commands on localhost: + +Sudoers entry: + RunAsUsers: root + Commands: + sha224:d06a2617c98d377c250edd470fd5e576327748d82915d6e33b5f8db1, sha224:d7910e1967342b4605cb73a550944044c631cd3514001900966962ac /bin/ls + sha256:hOtoe/iK6SlGg7w4BfZBBdSsXjUmTJ5+ts51yjh7vkM=, sha256:1IXHRCxXgSnIEnb+xBz4PAfWaPdXIBWKFF0QCwxJ5G4= /bin/sh + sha512:srzYEQ2aqzm+it3f74opTMkIImZRLxBARVpb0g9RSouJYdLt7DTRMEY4Ry9NyaOiDoUIplpNjqYH0JMYPVdFnw /bin/kill + +User millert may run the following commands on localhost: + (root) sha224:d06a2617c98d377c250edd470fd5e576327748d82915d6e33b5f8db1, sha224:d7910e1967342b4605cb73a550944044c631cd3514001900966962ac /bin/ls, sha256:hOtoe/iK6SlGg7w4BfZBBdSsXjUmTJ5+ts51yjh7vkM=, sha256:1IXHRCxXgSnIEnb+xBz4PAfWaPdXIBWKFF0QCwxJ5G4= /bin/sh, sha512:srzYEQ2aqzm+it3f74opTMkIImZRLxBARVpb0g9RSouJYdLt7DTRMEY4Ry9NyaOiDoUIplpNjqYH0JMYPVdFnw /bin/kill + +User millert may run the following commands on localhost: + +Sudoers entry: + RunAsUsers: root + Commands: + sha224:d06a2617c98d377c250edd470fd5e576327748d82915d6e33b5f8db1, sha224:d7910e1967342b4605cb73a550944044c631cd3514001900966962ac /bin/ls + sha256:hOtoe/iK6SlGg7w4BfZBBdSsXjUmTJ5+ts51yjh7vkM=, sha256:1IXHRCxXgSnIEnb+xBz4PAfWaPdXIBWKFF0QCwxJ5G4= /bin/sh + sha512:srzYEQ2aqzm+it3f74opTMkIImZRLxBARVpb0g9RSouJYdLt7DTRMEY4Ry9NyaOiDoUIplpNjqYH0JMYPVdFnw /bin/kill + +User operator may run the following commands on localhost: + (root) sha384:knMlCLkJ71K6uRrKo5C1CAvZ5kq+mRpjKDD/RofGosFjiGcYhiYYZORVyiRHgBnu, sha256:1IXHRCxXgSnIEnb+xBz4PAfWaPdXIBWKFF0QCwxJ5G4= ALL + +User operator may run the following commands on localhost: + +Sudoers entry: + RunAsUsers: root + Commands: + sha384:knMlCLkJ71K6uRrKo5C1CAvZ5kq+mRpjKDD/RofGosFjiGcYhiYYZORVyiRHgBnu, sha256:1IXHRCxXgSnIEnb+xBz4PAfWaPdXIBWKFF0QCwxJ5G4= ALL + +Executed regress/sudoers/test14.in +Running: regress/sudoers/test15.in +User root is not allowed to run sudo on localhost. + +User root is not allowed to run sudo on localhost. + +User millert is not allowed to run sudo on localhost. + +User millert is not allowed to run sudo on localhost. + +User millert is not allowed to run sudo on localhost. + +User millert is not allowed to run sudo on localhost. + +User operator is not allowed to run sudo on localhost. + +User operator is not allowed to run sudo on localhost. + +Executed regress/sudoers/test15.in +Running: regress/sudoers/test16.in +User root is not allowed to run sudo on localhost. + +User root is not allowed to run sudo on localhost. + +User millert is not allowed to run sudo on localhost. + +User millert is not allowed to run sudo on localhost. + +User millert is not allowed to run sudo on localhost. + +User millert is not allowed to run sudo on localhost. + +User operator is not allowed to run sudo on localhost. + +User operator is not allowed to run sudo on localhost. + +Executed regress/sudoers/test16.in +Running: regress/sudoers/test17.in +User root is not allowed to run sudo on localhost. + +User root is not allowed to run sudo on localhost. + +User millert is not allowed to run sudo on localhost. + +User millert is not allowed to run sudo on localhost. + +User millert is not allowed to run sudo on localhost. + +User millert is not allowed to run sudo on localhost. + +User operator is not allowed to run sudo on localhost. + +User operator is not allowed to run sudo on localhost. + +Executed regress/sudoers/test17.in +Running: regress/sudoers/test18.in +sudoers:4:21: invalid timeout value +user0 ALL = TIMEOUT=7dd4h10m30s /usr/bin/id, /usr/bin/who, TIMEOUT=0 /bin/ls + ^~~~~~~~~~~ +sudoers:5:21: invalid timeout value +user1 ALL = TIMEOUT=7d4h10mm30s /usr/bin/id + ^~~~~~~~~~~ +sudoers:6:21: invalid timeout value +user2 ALL = TIMEOUT=4hg10m30s /usr/bin/id + ^~~~~~~~~ +sudoers:7:21: invalid timeout value +user3 ALL = TIMEOUT=10m30ss /usr/bin/id + ^~~~~~~ +sudoers:8:21: invalid timeout value +user4 ALL = TIMEOUT=14g /usr/bin/id + ^~~ +Executed regress/sudoers/test18.in +Running: regress/sudoers/test19.in +User root is not allowed to run sudo on localhost. + +User root is not allowed to run sudo on localhost. + +User millert is not allowed to run sudo on localhost. + +User millert is not allowed to run sudo on localhost. + +User millert is not allowed to run sudo on localhost. + +User millert is not allowed to run sudo on localhost. + +User operator is not allowed to run sudo on localhost. + +User operator is not allowed to run sudo on localhost. + +Executed regress/sudoers/test19.in +Running: regress/sudoers/test20.in +User root is not allowed to run sudo on localhost. + +User root is not allowed to run sudo on localhost. + +User millert is not allowed to run sudo on localhost. + +User millert is not allowed to run sudo on localhost. + +User millert is not allowed to run sudo on localhost. + +User millert is not allowed to run sudo on localhost. + +User operator is not allowed to run sudo on localhost. + +User operator is not allowed to run sudo on localhost. + +Executed regress/sudoers/test20.in +Running: regress/sudoers/test21.in +User root is not allowed to run sudo on localhost. + +User root is not allowed to run sudo on localhost. + +User millert is not allowed to run sudo on localhost. + +User millert is not allowed to run sudo on localhost. + +User millert is not allowed to run sudo on localhost. + +User millert is not allowed to run sudo on localhost. + +User operator is not allowed to run sudo on localhost. + +User operator is not allowed to run sudo on localhost. + +Executed regress/sudoers/test21.in +Running: regress/sudoers/test22.in +User root is not allowed to run sudo on localhost. + +User root is not allowed to run sudo on localhost. + +User millert is not allowed to run sudo on localhost. + +User millert is not allowed to run sudo on localhost. + +User millert is not allowed to run sudo on localhost. + +User millert is not allowed to run sudo on localhost. + +User operator is not allowed to run sudo on localhost. + +User operator is not allowed to run sudo on localhost. + +Executed regress/sudoers/test22.in +Running: regress/sudoers/test23.in +User root is not allowed to run sudo on localhost. + +User root is not allowed to run sudo on localhost. + +User millert is not allowed to run sudo on localhost. + +User millert is not allowed to run sudo on localhost. + +User millert is not allowed to run sudo on localhost. + +User millert is not allowed to run sudo on localhost. + +User operator is not allowed to run sudo on localhost. + +User operator is not allowed to run sudo on localhost. + +Executed regress/sudoers/test23.in +Running: regress/sudoers/test24.in +User root is not allowed to run sudo on localhost. + +User root is not allowed to run sudo on localhost. + +User millert is not allowed to run sudo on localhost. + +User millert is not allowed to run sudo on localhost. + +User millert is not allowed to run sudo on localhost. + +User millert is not allowed to run sudo on localhost. + +User operator is not allowed to run sudo on localhost. + +User operator is not allowed to run sudo on localhost. + +Executed regress/sudoers/test24.in +Running: regress/sudoers/test25.in +sudoers:4:28: syntax error +foo ALL = CWD=~ron /bin/ls \ + ^~ +Executed regress/sudoers/test25.in diff -Nru sudo-1.9.5p2/plugins/sudoers/regress/fuzz/fuzz_sudoers_ldif.c sudo-1.9.9/plugins/sudoers/regress/fuzz/fuzz_sudoers_ldif.c --- sudo-1.9.5p2/plugins/sudoers/regress/fuzz/fuzz_sudoers_ldif.c 1970-01-01 00:00:00.000000000 +0000 +++ sudo-1.9.9/plugins/sudoers/regress/fuzz/fuzz_sudoers_ldif.c 2022-01-27 21:24:22.000000000 +0000 @@ -0,0 +1,150 @@ +/* + * Copyright (c) 2021 Todd C. Miller + * + * Permission to use, copy, modify, and distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR + * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN + * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF + * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + */ + +#include + +#include +#include +#include +#include +#if defined(HAVE_STDINT_H) +# include +#elif defined(HAVE_INTTYPES_H) +# include +#endif + +#include "sudoers.h" + +static int fuzz_printf(int msg_type, const char *fmt, ...); + +/* Required to link with parser. */ +struct sudo_user sudo_user; +struct passwd *list_pw; +sudo_printf_t sudo_printf = fuzz_printf; + +FILE * +open_sudoers(const char *file, bool doedit, bool *keepopen) +{ + /* + * If we allow the fuzzer to choose include paths it will + * include random files in the file system. + * This leads to bug reports that cannot be reproduced. + */ + return NULL; +} + +static int +fuzz_printf(int msg_type, const char *fmt, ...) +{ + return 0; +} + +bool +init_envtables(void) +{ + return true; +} + +int +set_cmnd_path(const char *runchroot) +{ + /* Cannot return FOUND without also setting user_cmnd to a new value. */ + return NOT_FOUND; +} + +static FILE * +open_data(const uint8_t *data, size_t size) +{ +#ifdef HAVE_FMEMOPEN + /* Operate in-memory. */ + return fmemopen((void *)data, size, "r"); +#else + char tempfile[] = "/tmp/ldif.XXXXXX"; + size_t nwritten; + int fd; + + /* Use (unlinked) temporary file. */ + fd = mkstemp(tempfile); + if (fd == -1) + return NULL; + unlink(tempfile); + nwritten = write(fd, data, size); + if (nwritten != size) { + close(fd); + return NULL; + } + lseek(fd, 0, SEEK_SET); + return fdopen(fd, "r"); +#endif +} + +static int +fuzz_conversation(int num_msgs, const struct sudo_conv_message msgs[], + struct sudo_conv_reply replies[], struct sudo_conv_callback *callback) +{ + int n; + + for (n = 0; n < num_msgs; n++) { + const struct sudo_conv_message *msg = &msgs[n]; + + switch (msg->msg_type & 0xff) { + case SUDO_CONV_PROMPT_ECHO_ON: + case SUDO_CONV_PROMPT_MASK: + case SUDO_CONV_PROMPT_ECHO_OFF: + /* input not supported */ + return -1; + case SUDO_CONV_ERROR_MSG: + case SUDO_CONV_INFO_MSG: + /* no output for fuzzers */ + break; + default: + return -1; + } + } + return 0; +} + +int +LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) +{ + struct sudoers_parse_tree parse_tree; + FILE *fp; + + /* Don't waste time fuzzing tiny inputs. */ + if (size < 5) + return 0; + + fp = open_data(data, size); + if (fp == NULL) + return 0; + + setprogname("fuzz_sudoers_ldif"); + sudoers_debug_register(getprogname(), NULL); + sudo_warn_set_conversation(fuzz_conversation); + + /* Initialize defaults and parse LDIF-format sudoers. */ + init_defaults(); + init_parse_tree(&parse_tree, NULL, NULL); + sudoers_parse_ldif(&parse_tree, fp, NULL, true); + + /* Cleanup. */ + free_parse_tree(&parse_tree); + fclose(fp); + sudoers_debug_deregister(); + fflush(stdout); + + return 0; +} diff -Nru sudo-1.9.5p2/plugins/sudoers/regress/fuzz/fuzz_sudoers_ldif.dict sudo-1.9.9/plugins/sudoers/regress/fuzz/fuzz_sudoers_ldif.dict --- sudo-1.9.5p2/plugins/sudoers/regress/fuzz/fuzz_sudoers_ldif.dict 1970-01-01 00:00:00.000000000 +0000 +++ sudo-1.9.9/plugins/sudoers/regress/fuzz/fuzz_sudoers_ldif.dict 2022-01-27 21:24:06.000000000 +0000 @@ -0,0 +1,14 @@ +# Sudoers LDIF attributes + +"description" +"objectClass" +"organizationalRole" +"sudoCommand" +"sudoHost" +"sudoOption" +"sudoOption" +"sudoOrder" +"sudoRunAs" +"sudoRunAsGroup" +"sudoRunAsUser" +"sudoUser" diff -Nru sudo-1.9.5p2/plugins/sudoers/regress/parser/check_base64.c sudo-1.9.9/plugins/sudoers/regress/parser/check_base64.c --- sudo-1.9.5p2/plugins/sudoers/regress/parser/check_base64.c 2020-12-17 01:33:44.000000000 +0000 +++ sudo-1.9.9/plugins/sudoers/regress/parser/check_base64.c 2022-01-27 21:24:06.000000000 +0000 @@ -108,7 +108,10 @@ } ntests *= 2; /* we test in both directions */ - printf("check_base64: %d tests run, %d errors, %d%% success rate\n", - ntests, errors, (ntests - errors) * 100 / ntests); + if (ntests != 0) { + printf("%s: %d tests run, %d errors, %d%% success rate\n", + getprogname(), ntests, errors, (ntests - errors) * 100 / ntests); + } + exit(errors); } diff -Nru sudo-1.9.5p2/plugins/sudoers/regress/parser/check_fill.c sudo-1.9.9/plugins/sudoers/regress/parser/check_fill.c --- sudo-1.9.5p2/plugins/sudoers/regress/parser/check_fill.c 2020-12-17 01:33:44.000000000 +0000 +++ sudo-1.9.9/plugins/sudoers/regress/parser/check_fill.c 2022-01-27 21:24:06.000000000 +0000 @@ -175,8 +175,10 @@ errors += do_tests(check_fill_args, args_data, nitems(args_data)); ntests = nitems(txt_data) + nitems(cmd_data) + nitems(args_data); - printf("%s: %d tests run, %d errors, %d%% success rate\n", getprogname(), - ntests, errors, (ntests - errors) * 100 / ntests); + if (ntests != 0) { + printf("%s: %d tests run, %d errors, %d%% success rate\n", + getprogname(), ntests, errors, (ntests - errors) * 100 / ntests); + } exit(errors); } @@ -187,3 +189,17 @@ { return; } + +/* STUB */ +bool +parser_leak_add(enum parser_leak_types type, void *v) +{ + return true; +} + +/* STUB */ +bool +parser_leak_remove(enum parser_leak_types type, void *v) +{ + return true; +} diff -Nru sudo-1.9.5p2/plugins/sudoers/regress/parser/check_gentime.c sudo-1.9.9/plugins/sudoers/regress/parser/check_gentime.c --- sudo-1.9.5p2/plugins/sudoers/regress/parser/check_gentime.c 2020-12-17 01:33:44.000000000 +0000 +++ sudo-1.9.9/plugins/sudoers/regress/parser/check_gentime.c 2022-01-27 21:24:06.000000000 +0000 @@ -77,7 +77,9 @@ errors++; } } - printf("check_gentime: %d tests run, %d errors, %d%% success rate\n", - ntests, errors, (ntests - errors) * 100 / ntests); + if (ntests != 0) { + printf("%s: %d tests run, %d errors, %d%% success rate\n", + getprogname(), ntests, errors, (ntests - errors) * 100 / ntests); + } exit(errors); } diff -Nru sudo-1.9.5p2/plugins/sudoers/regress/parser/check_hexchar.c sudo-1.9.9/plugins/sudoers/regress/parser/check_hexchar.c --- sudo-1.9.5p2/plugins/sudoers/regress/parser/check_hexchar.c 2020-12-17 01:33:44.000000000 +0000 +++ sudo-1.9.9/plugins/sudoers/regress/parser/check_hexchar.c 2022-01-27 21:24:06.000000000 +0000 @@ -75,7 +75,9 @@ errors++; } } - printf("check_hexchar: %d tests run, %d errors, %d%% success rate\n", - ntests, errors, (ntests - errors) * 100 / ntests); + if (ntests != 0) { + printf("%s: %d tests run, %d errors, %d%% success rate\n", + getprogname(), ntests, errors, (ntests - errors) * 100 / ntests); + } exit(errors); } diff -Nru sudo-1.9.5p2/plugins/sudoers/regress/starttime/check_starttime.c sudo-1.9.9/plugins/sudoers/regress/starttime/check_starttime.c --- sudo-1.9.5p2/plugins/sudoers/regress/starttime/check_starttime.c 2020-12-17 01:33:44.000000000 +0000 +++ sudo-1.9.9/plugins/sudoers/regress/starttime/check_starttime.c 2022-01-27 21:24:06.000000000 +0000 @@ -111,8 +111,10 @@ } } - printf("%s: %d tests run, %d errors, %d%% success rate\n", getprogname(), - ntests, errors, (ntests - errors) * 100 / ntests); + if (ntests != 0) { + printf("%s: %d tests run, %d errors, %d%% success rate\n", + getprogname(), ntests, errors, (ntests - errors) * 100 / ntests); + } exit(errors); } diff -Nru sudo-1.9.5p2/plugins/sudoers/regress/sudoers/test14.in sudo-1.9.9/plugins/sudoers/regress/sudoers/test14.in --- sudo-1.9.5p2/plugins/sudoers/regress/sudoers/test14.in 2020-12-17 01:33:44.000000000 +0000 +++ sudo-1.9.9/plugins/sudoers/regress/sudoers/test14.in 2022-01-27 21:24:06.000000000 +0000 @@ -3,4 +3,4 @@ millert ALL = LS, SH, sha512:srzYEQ2aqzm+it3f74opTMkIImZRLxBARVpb0g9RSouJYdLt7DTRMEY4Ry9NyaOiDoUIplpNjqYH0JMYPVdFnw /bin/kill -operator ALL = sha256:hOtoe/iK6SlGg7w4BfZBBdSsXjUmTJ5+ts51yjh7vkM=, sha256:1IXHRCxXgSnIEnb+xBz4PAfWaPdXIBWKFF0QCwxJ5G4= ALL +operator ALL = sha384:knMlCLkJ71K6uRrKo5C1CAvZ5kq+mRpjKDD/RofGosFjiGcYhiYYZORVyiRHgBnu, sha256:1IXHRCxXgSnIEnb+xBz4PAfWaPdXIBWKFF0QCwxJ5G4= ALL diff -Nru sudo-1.9.5p2/plugins/sudoers/regress/sudoers/test14.json.ok sudo-1.9.9/plugins/sudoers/regress/sudoers/test14.json.ok --- sudo-1.9.5p2/plugins/sudoers/regress/sudoers/test14.json.ok 2020-12-17 01:33:44.000000000 +0000 +++ sudo-1.9.9/plugins/sudoers/regress/sudoers/test14.json.ok 2022-01-27 21:24:06.000000000 +0000 @@ -51,7 +51,7 @@ "Commands": [ { "command": "ALL", - "sha256": "hOtoe/iK6SlGg7w4BfZBBdSsXjUmTJ5+ts51yjh7vkM=", + "sha384": "knMlCLkJ71K6uRrKo5C1CAvZ5kq+mRpjKDD/RofGosFjiGcYhiYYZORVyiRHgBnu", "sha256": "1IXHRCxXgSnIEnb+xBz4PAfWaPdXIBWKFF0QCwxJ5G4=" } ] diff -Nru sudo-1.9.5p2/plugins/sudoers/regress/sudoers/test14.ldif.ok sudo-1.9.9/plugins/sudoers/regress/sudoers/test14.ldif.ok --- sudo-1.9.5p2/plugins/sudoers/regress/sudoers/test14.ldif.ok 2020-12-17 01:33:44.000000000 +0000 +++ sudo-1.9.9/plugins/sudoers/regress/sudoers/test14.ldif.ok 2022-01-27 21:24:06.000000000 +0000 @@ -15,6 +15,6 @@ cn: operator sudoUser: operator sudoHost: ALL -sudoCommand: sha256:hOtoe/iK6SlGg7w4BfZBBdSsXjUmTJ5+ts51yjh7vkM=, sha256:1IXHRCxXgSnIEnb+xBz4PAfWaPdXIBWKFF0QCwxJ5G4= ALL +sudoCommand: sha384:knMlCLkJ71K6uRrKo5C1CAvZ5kq+mRpjKDD/RofGosFjiGcYhiYYZORVyiRHgBnu, sha256:1IXHRCxXgSnIEnb+xBz4PAfWaPdXIBWKFF0QCwxJ5G4= ALL sudoOrder: 2 diff -Nru sudo-1.9.5p2/plugins/sudoers/regress/sudoers/test14.ldif2sudo.ok sudo-1.9.9/plugins/sudoers/regress/sudoers/test14.ldif2sudo.ok --- sudo-1.9.5p2/plugins/sudoers/regress/sudoers/test14.ldif2sudo.ok 2020-12-17 01:33:44.000000000 +0000 +++ sudo-1.9.9/plugins/sudoers/regress/sudoers/test14.ldif2sudo.ok 2022-01-27 21:24:06.000000000 +0000 @@ -7,5 +7,6 @@ /bin/kill # sudoRole operator -operator ALL = sha256:hOtoe/iK6SlGg7w4BfZBBdSsXjUmTJ5+ts51yjh7vkM=,\ +operator ALL =\ + sha384:knMlCLkJ71K6uRrKo5C1CAvZ5kq+mRpjKDD/RofGosFjiGcYhiYYZORVyiRHgBnu,\ sha256:1IXHRCxXgSnIEnb+xBz4PAfWaPdXIBWKFF0QCwxJ5G4= ALL diff -Nru sudo-1.9.5p2/plugins/sudoers/regress/sudoers/test14.out.ok sudo-1.9.9/plugins/sudoers/regress/sudoers/test14.out.ok --- sudo-1.9.5p2/plugins/sudoers/regress/sudoers/test14.out.ok 2020-12-17 01:33:44.000000000 +0000 +++ sudo-1.9.9/plugins/sudoers/regress/sudoers/test14.out.ok 2022-01-27 21:24:06.000000000 +0000 @@ -4,4 +4,4 @@ Cmnd_Alias SH = sha256:hOtoe/iK6SlGg7w4BfZBBdSsXjUmTJ5+ts51yjh7vkM=, sha256:1IXHRCxXgSnIEnb+xBz4PAfWaPdXIBWKFF0QCwxJ5G4= /bin/sh millert ALL = LS, SH, sha512:srzYEQ2aqzm+it3f74opTMkIImZRLxBARVpb0g9RSouJYdLt7DTRMEY4Ry9NyaOiDoUIplpNjqYH0JMYPVdFnw /bin/kill -operator ALL = sha256:hOtoe/iK6SlGg7w4BfZBBdSsXjUmTJ5+ts51yjh7vkM=, sha256:1IXHRCxXgSnIEnb+xBz4PAfWaPdXIBWKFF0QCwxJ5G4= ALL +operator ALL = sha384:knMlCLkJ71K6uRrKo5C1CAvZ5kq+mRpjKDD/RofGosFjiGcYhiYYZORVyiRHgBnu, sha256:1IXHRCxXgSnIEnb+xBz4PAfWaPdXIBWKFF0QCwxJ5G4= ALL diff -Nru sudo-1.9.5p2/plugins/sudoers/regress/sudoers/test14.toke.ok sudo-1.9.9/plugins/sudoers/regress/sudoers/test14.toke.ok --- sudo-1.9.5p2/plugins/sudoers/regress/sudoers/test14.toke.ok 2020-12-17 01:33:44.000000000 +0000 +++ sudo-1.9.9/plugins/sudoers/regress/sudoers/test14.toke.ok 2022-01-27 21:24:06.000000000 +0000 @@ -3,4 +3,4 @@ WORD(6) ALL = ALIAS , ALIAS , SHA512_TOK : DIGEST COMMAND -WORD(6) ALL = SHA256_TOK : DIGEST , SHA256_TOK : DIGEST ALL +WORD(6) ALL = SHA384_TOK : DIGEST , SHA256_TOK : DIGEST ALL diff -Nru sudo-1.9.5p2/plugins/sudoers/regress/sudoers/test22.sudo.ok sudo-1.9.9/plugins/sudoers/regress/sudoers/test22.sudo.ok --- sudo-1.9.5p2/plugins/sudoers/regress/sudoers/test22.sudo.ok 2020-12-17 01:33:44.000000000 +0000 +++ sudo-1.9.9/plugins/sudoers/regress/sudoers/test22.sudo.ok 1970-01-01 00:00:00.000000000 +0000 @@ -1,7 +0,0 @@ -user1 ALL = () ALL - -user2 ALL = () ALL - -user3 ALL = () ALL - -user4 ALL = () ALL diff -Nru sudo-1.9.5p2/plugins/sudoers/regress/sudoers/test23.sudo.ok sudo-1.9.9/plugins/sudoers/regress/sudoers/test23.sudo.ok --- sudo-1.9.5p2/plugins/sudoers/regress/sudoers/test23.sudo.ok 2020-12-17 01:33:44.000000000 +0000 +++ sudo-1.9.9/plugins/sudoers/regress/sudoers/test23.sudo.ok 1970-01-01 00:00:00.000000000 +0000 @@ -1,8 +0,0 @@ -Defaults env_check="COLORTERM LANG LANGUAGE LC_* LINGUAS" -Defaults env_check+="TERM TZ" -Defaults env_delete="IFS CDPATH LOCALDOMAIN RES_OPTIONS HOSTALIASES" -Defaults env_delete+="NLSPATH PATH_LOCALE LD_* _RLD*" -Defaults env_keep+="LANG LANGUAGE LINGUAS LC_* _XKB_CHARSET" -Defaults env_keep-=_XKB_CHARSET -Defaults env_keep+="XAPPLRESDIR XFILESEARCHPATH XUSERFILESEARCHPATH" -Defaults env_keep+=XDG_SESSION_COOKIE diff -Nru sudo-1.9.5p2/plugins/sudoers/regress/sudoers/test24.sudo.ok sudo-1.9.9/plugins/sudoers/regress/sudoers/test24.sudo.ok --- sudo-1.9.5p2/plugins/sudoers/regress/sudoers/test24.sudo.ok 2020-12-17 01:33:44.000000000 +0000 +++ sudo-1.9.9/plugins/sudoers/regress/sudoers/test24.sudo.ok 1970-01-01 00:00:00.000000000 +0000 @@ -1,6 +0,0 @@ -Defaults runcwd=~ -Defaults runchroot=/ - -user0 ALL = CHROOT=/var/www CWD=/htdocs /bin/ksh - -user1 ALL = CWD=~root /usr/bin/id, CWD=/tmp /bin/ls diff -Nru sudo-1.9.5p2/plugins/sudoers/regress/sudoers/test25.in sudo-1.9.9/plugins/sudoers/regress/sudoers/test25.in --- sudo-1.9.5p2/plugins/sudoers/regress/sudoers/test25.in 1970-01-01 00:00:00.000000000 +0000 +++ sudo-1.9.9/plugins/sudoers/regress/sudoers/test25.in 2022-01-27 21:24:06.000000000 +0000 @@ -0,0 +1,3 @@ +# Test continuation character when there is nothing to continue +# Used to leak "~ron" when run under address sanitizer +foo ALL = CWD=~ron /bin/ls \ diff -Nru sudo-1.9.5p2/plugins/sudoers/regress/sudoers/test25.out.ok sudo-1.9.9/plugins/sudoers/regress/sudoers/test25.out.ok --- sudo-1.9.5p2/plugins/sudoers/regress/sudoers/test25.out.ok 1970-01-01 00:00:00.000000000 +0000 +++ sudo-1.9.9/plugins/sudoers/regress/sudoers/test25.out.ok 2022-01-27 21:24:06.000000000 +0000 @@ -0,0 +1 @@ + diff -Nru sudo-1.9.5p2/plugins/sudoers/regress/sudoers/test25.toke.ok sudo-1.9.9/plugins/sudoers/regress/sudoers/test25.toke.ok --- sudo-1.9.5p2/plugins/sudoers/regress/sudoers/test25.toke.ok 1970-01-01 00:00:00.000000000 +0000 +++ sudo-1.9.9/plugins/sudoers/regress/sudoers/test25.toke.ok 2022-01-27 21:24:06.000000000 +0000 @@ -0,0 +1,3 @@ +# +# +WORD(6) ALL = CWD = WORD(5) COMMAND <*> \ No newline at end of file diff -Nru sudo-1.9.5p2/plugins/sudoers/regress/sudoers/test26.in sudo-1.9.9/plugins/sudoers/regress/sudoers/test26.in --- sudo-1.9.5p2/plugins/sudoers/regress/sudoers/test26.in 1970-01-01 00:00:00.000000000 +0000 +++ sudo-1.9.9/plugins/sudoers/regress/sudoers/test26.in 2022-01-27 21:24:06.000000000 +0000 @@ -0,0 +1,128 @@ +# Defaults settings that trigger callbacks +Defaults fqdn +Defaults runas_default=root +Defaults tty_tickets +Defaults umask=022 +Defaults runchroot=/ +Defaults logfile=/var/log/sudo +Defaults log_format=json +Defaults syslog=auth, syslog_badpri=alert, syslog_goodpri=notice +Defaults syslog_maxlen=2048 +Defaults !loglinelen, log_year, log_host +Defaults !mailerpath, mailerflags="-t", mailfrom="sudo@sudo.ws", mailto="root@localhost", mailsub="*** Sudo information for %h ***" + +# All other Defaults settings +Defaults long_otp_prompt +Defaults ignore_dot +Defaults !mail_always +Defaults !mail_badpass +Defaults !mail_no_user +Defaults !mail_no_host +Defaults !mail_no_perms +Defaults !mail_all_cmnds +Defaults lecture=always +Defaults lecture_file=/etc/sudo.lecture +Defaults authenticate +Defaults root_sudo +Defaults shell_noargs +Defaults set_home +Defaults always_set_home +Defaults path_info +Defaults insults +Defaults !requiretty +Defaults env_editor +Defaults !rootpw +Defaults !runaspw +Defaults !targetpw +Defaults use_loginclass +Defaults set_logname +Defaults !stay_setuid +Defaults !preserve_groups +Defaults timestamp_timeout=.5 +Defaults passwd_timeout=5 +Defaults passwd_tries=3 +Defaults badpass_message="Take off, eh!" +Defaults lecture_status_dir="/var/lib/sudo/lectured" +Defaults timestampdir="/run/sudo/ts" +Defaults timestampowner=root +Defaults exempt_group=sudo +Defaults passprompt="%p's sudo password: " +Defaults passprompt_override +Defaults secure_path="/usr/bin:/usr/sbin:/bin:/sbin" +Defaults editor=/usr/bin/vi +Defaults listpw=any +Defaults verifypw=all +Defaults noexec +Defaults ignore_local_sudoers +Defaults closefrom=3 +Defaults closefrom_override +Defaults !setenv +Defaults env_reset +Defaults env_check += "TERMCAP" +Defaults !env_delete +Defaults env_keep += "LANG LANGUAGE LINGUAS LC_* _XKB_CHARSET" +#Defaults role +#Defaults type +Defaults env_file="/etc/environment" +Defaults restricted_env_file="/etc/environment.sudo" +Defaults sudoers_locale=C +Defaults !visiblepw +Defaults pwfeedback +Defaults fast_glob +Defaults umask_override +Defaults log_input +Defaults log_output +Defaults compress_io +Defaults use_pty +#Defaults group_plugin +Defaults iolog_dir="/var/log/sudo-io" +Defaults iolog_file="%{seq}" +Defaults set_utmp +Defaults utmp_runas +#Defaults privs +#Defaults limitprivs +Defaults !exec_background +Defaults pam_service="sudo" +Defaults pam_login_service="sudo-login" +Defaults pam_setcred +Defaults pam_session +Defaults pam_acct_mgmt +Defaults maxseq=2176782336 +Defaults use_netgroups +Defaults sudoedit_checkdir +Defaults !sudoedit_follow +Defaults always_query_group_plugin +Defaults netgroup_tuple +Defaults ignore_audit_errors +Defaults ignore_iolog_errors +Defaults ignore_logfile_errors +Defaults !match_group_by_gid +Defaults iolog_user=root +Defaults iolog_group=root +Defaults iolog_mode=0600 +Defaults fdexec=digest_only +Defaults !ignore_unknown_defaults +Defaults command_timeout=7d8h30m10s +Defaults user_command_timeouts +Defaults iolog_flush +Defaults syslog_pid +Defaults timestamp_type=tty +Defaults authfail_message="Learn to type!" +Defaults case_insensitive_user +Defaults case_insensitive_group +Defaults log_allowed +Defaults log_denied +Defaults !log_servers +Defaults log_server_timeout=10 +Defaults log_server_keepalive +Defaults !log_server_cabundle +Defaults !log_server_peer_cert +Defaults !log_server_peer_key +Defaults !log_server_verify +Defaults runas_allow_unknown_id +Defaults runas_check_shell +Defaults pam_ruser +Defaults pam_rhost +Defaults runcwd=~ +Defaults !selinux +Defaults !admin_flag diff -Nru sudo-1.9.5p2/plugins/sudoers/regress/sudoers/test26.json.ok sudo-1.9.9/plugins/sudoers/regress/sudoers/test26.json.ok --- sudo-1.9.5p2/plugins/sudoers/regress/sudoers/test26.json.ok 1970-01-01 00:00:00.000000000 +0000 +++ sudo-1.9.9/plugins/sudoers/regress/sudoers/test26.json.ok 2022-01-27 21:24:06.000000000 +0000 @@ -0,0 +1,626 @@ +{ + "Defaults": [ + { + "Options": [ + { "fqdn": true } + ] + }, + { + "Options": [ + { "runas_default": "root" } + ] + }, + { + "Options": [ + { "tty_tickets": true } + ] + }, + { + "Options": [ + { "umask": "022" } + ] + }, + { + "Options": [ + { "runchroot": "/" } + ] + }, + { + "Options": [ + { "logfile": "/var/log/sudo" } + ] + }, + { + "Options": [ + { "log_format": "json" } + ] + }, + { + "Options": [ + { "syslog": "auth" }, + { "syslog_badpri": "alert" }, + { "syslog_goodpri": "notice" } + ] + }, + { + "Options": [ + { "syslog_maxlen": "2048" } + ] + }, + { + "Options": [ + { "loglinelen": false }, + { "log_year": true }, + { "log_host": true } + ] + }, + { + "Options": [ + { "mailerpath": false }, + { "mailerflags": "-t" }, + { "mailfrom": "sudo@sudo.ws" }, + { "mailto": "root@localhost" }, + { "mailsub": "*** Sudo information for %h ***" } + ] + }, + { + "Options": [ + { "long_otp_prompt": true } + ] + }, + { + "Options": [ + { "ignore_dot": true } + ] + }, + { + "Options": [ + { "mail_always": false } + ] + }, + { + "Options": [ + { "mail_badpass": false } + ] + }, + { + "Options": [ + { "mail_no_user": false } + ] + }, + { + "Options": [ + { "mail_no_host": false } + ] + }, + { + "Options": [ + { "mail_no_perms": false } + ] + }, + { + "Options": [ + { "mail_all_cmnds": false } + ] + }, + { + "Options": [ + { "lecture": "always" } + ] + }, + { + "Options": [ + { "lecture_file": "/etc/sudo.lecture" } + ] + }, + { + "Options": [ + { "authenticate": true } + ] + }, + { + "Options": [ + { "root_sudo": true } + ] + }, + { + "Options": [ + { "shell_noargs": true } + ] + }, + { + "Options": [ + { "set_home": true } + ] + }, + { + "Options": [ + { "always_set_home": true } + ] + }, + { + "Options": [ + { "path_info": true } + ] + }, + { + "Options": [ + { "insults": true } + ] + }, + { + "Options": [ + { "requiretty": false } + ] + }, + { + "Options": [ + { "env_editor": true } + ] + }, + { + "Options": [ + { "rootpw": false } + ] + }, + { + "Options": [ + { "runaspw": false } + ] + }, + { + "Options": [ + { "targetpw": false } + ] + }, + { + "Options": [ + { "use_loginclass": true } + ] + }, + { + "Options": [ + { "set_logname": true } + ] + }, + { + "Options": [ + { "stay_setuid": false } + ] + }, + { + "Options": [ + { "preserve_groups": false } + ] + }, + { + "Options": [ + { "timestamp_timeout": ".5" } + ] + }, + { + "Options": [ + { "passwd_timeout": "5" } + ] + }, + { + "Options": [ + { "passwd_tries": "3" } + ] + }, + { + "Options": [ + { "badpass_message": "Take off, eh!" } + ] + }, + { + "Options": [ + { "lecture_status_dir": "/var/lib/sudo/lectured" } + ] + }, + { + "Options": [ + { "timestampdir": "/run/sudo/ts" } + ] + }, + { + "Options": [ + { "timestampowner": "root" } + ] + }, + { + "Options": [ + { "exempt_group": "sudo" } + ] + }, + { + "Options": [ + { "passprompt": "%p's sudo password: " } + ] + }, + { + "Options": [ + { "passprompt_override": true } + ] + }, + { + "Options": [ + { "secure_path": "/usr/bin:/usr/sbin:/bin:/sbin" } + ] + }, + { + "Options": [ + { "editor": "/usr/bin/vi" } + ] + }, + { + "Options": [ + { "listpw": "any" } + ] + }, + { + "Options": [ + { "verifypw": "all" } + ] + }, + { + "Options": [ + { "noexec": true } + ] + }, + { + "Options": [ + { "ignore_local_sudoers": true } + ] + }, + { + "Options": [ + { "closefrom": "3" } + ] + }, + { + "Options": [ + { "closefrom_override": true } + ] + }, + { + "Options": [ + { "setenv": false } + ] + }, + { + "Options": [ + { "env_reset": true } + ] + }, + { + "Options": [ + { + "operation": "list_add", + "env_check": [ + "TERMCAP" + ] + } + ] + }, + { + "Options": [ + { "env_delete": false } + ] + }, + { + "Options": [ + { + "operation": "list_add", + "env_keep": [ + "LANG", + "LANGUAGE", + "LINGUAS", + "LC_*", + "_XKB_CHARSET" + ] + } + ] + }, + { + "Options": [ + { "env_file": "/etc/environment" } + ] + }, + { + "Options": [ + { "restricted_env_file": "/etc/environment.sudo" } + ] + }, + { + "Options": [ + { "sudoers_locale": "C" } + ] + }, + { + "Options": [ + { "visiblepw": false } + ] + }, + { + "Options": [ + { "pwfeedback": true } + ] + }, + { + "Options": [ + { "fast_glob": true } + ] + }, + { + "Options": [ + { "umask_override": true } + ] + }, + { + "Options": [ + { "log_input": true } + ] + }, + { + "Options": [ + { "log_output": true } + ] + }, + { + "Options": [ + { "compress_io": true } + ] + }, + { + "Options": [ + { "use_pty": true } + ] + }, + { + "Options": [ + { "iolog_dir": "/var/log/sudo-io" } + ] + }, + { + "Options": [ + { "iolog_file": "%{seq}" } + ] + }, + { + "Options": [ + { "set_utmp": true } + ] + }, + { + "Options": [ + { "utmp_runas": true } + ] + }, + { + "Options": [ + { "exec_background": false } + ] + }, + { + "Options": [ + { "pam_service": "sudo" } + ] + }, + { + "Options": [ + { "pam_login_service": "sudo-login" } + ] + }, + { + "Options": [ + { "pam_setcred": true } + ] + }, + { + "Options": [ + { "pam_session": true } + ] + }, + { + "Options": [ + { "pam_acct_mgmt": true } + ] + }, + { + "Options": [ + { "maxseq": "2176782336" } + ] + }, + { + "Options": [ + { "use_netgroups": true } + ] + }, + { + "Options": [ + { "sudoedit_checkdir": true } + ] + }, + { + "Options": [ + { "sudoedit_follow": false } + ] + }, + { + "Options": [ + { "always_query_group_plugin": true } + ] + }, + { + "Options": [ + { "netgroup_tuple": true } + ] + }, + { + "Options": [ + { "ignore_audit_errors": true } + ] + }, + { + "Options": [ + { "ignore_iolog_errors": true } + ] + }, + { + "Options": [ + { "ignore_logfile_errors": true } + ] + }, + { + "Options": [ + { "match_group_by_gid": false } + ] + }, + { + "Options": [ + { "iolog_user": "root" } + ] + }, + { + "Options": [ + { "iolog_group": "root" } + ] + }, + { + "Options": [ + { "iolog_mode": "0600" } + ] + }, + { + "Options": [ + { "fdexec": "digest_only" } + ] + }, + { + "Options": [ + { "ignore_unknown_defaults": false } + ] + }, + { + "Options": [ + { "command_timeout": "7d8h30m10s" } + ] + }, + { + "Options": [ + { "user_command_timeouts": true } + ] + }, + { + "Options": [ + { "iolog_flush": true } + ] + }, + { + "Options": [ + { "syslog_pid": true } + ] + }, + { + "Options": [ + { "timestamp_type": "tty" } + ] + }, + { + "Options": [ + { "authfail_message": "Learn to type!" } + ] + }, + { + "Options": [ + { "case_insensitive_user": true } + ] + }, + { + "Options": [ + { "case_insensitive_group": true } + ] + }, + { + "Options": [ + { "log_allowed": true } + ] + }, + { + "Options": [ + { "log_denied": true } + ] + }, + { + "Options": [ + { "log_servers": false } + ] + }, + { + "Options": [ + { "log_server_timeout": "10" } + ] + }, + { + "Options": [ + { "log_server_keepalive": true } + ] + }, + { + "Options": [ + { "log_server_cabundle": false } + ] + }, + { + "Options": [ + { "log_server_peer_cert": false } + ] + }, + { + "Options": [ + { "log_server_peer_key": false } + ] + }, + { + "Options": [ + { "log_server_verify": false } + ] + }, + { + "Options": [ + { "runas_allow_unknown_id": true } + ] + }, + { + "Options": [ + { "runas_check_shell": true } + ] + }, + { + "Options": [ + { "pam_ruser": true } + ] + }, + { + "Options": [ + { "pam_rhost": true } + ] + }, + { + "Options": [ + { "runcwd": "~" } + ] + }, + { + "Options": [ + { "selinux": false } + ] + }, + { + "Options": [ + { "admin_flag": false } + ] + } + ] +} diff -Nru sudo-1.9.5p2/plugins/sudoers/regress/sudoers/test26.ldif.ok sudo-1.9.9/plugins/sudoers/regress/sudoers/test26.ldif.ok --- sudo-1.9.5p2/plugins/sudoers/regress/sudoers/test26.ldif.ok 1970-01-01 00:00:00.000000000 +0000 +++ sudo-1.9.9/plugins/sudoers/regress/sudoers/test26.ldif.ok 2022-01-27 21:24:06.000000000 +0000 @@ -0,0 +1,134 @@ +dn: cn=defaults,ou=SUDOers,dc=sudo,dc=ws +objectClass: top +objectClass: sudoRole +cn: defaults +description: Default sudoOption's go here +sudoOption: fqdn +sudoOption: runas_default=root +sudoOption: tty_tickets +sudoOption: umask=022 +sudoOption: runchroot=/ +sudoOption: logfile=/var/log/sudo +sudoOption: log_format=json +sudoOption: syslog=auth +sudoOption: syslog_badpri=alert +sudoOption: syslog_goodpri=notice +sudoOption: syslog_maxlen=2048 +sudoOption: !loglinelen +sudoOption: log_year +sudoOption: log_host +sudoOption: !mailerpath +sudoOption: mailerflags=-t +sudoOption: mailfrom=sudo@sudo.ws +sudoOption: mailto=root@localhost +sudoOption: mailsub=*** Sudo information for %h *** +sudoOption: long_otp_prompt +sudoOption: ignore_dot +sudoOption: !mail_always +sudoOption: !mail_badpass +sudoOption: !mail_no_user +sudoOption: !mail_no_host +sudoOption: !mail_no_perms +sudoOption: !mail_all_cmnds +sudoOption: lecture=always +sudoOption: lecture_file=/etc/sudo.lecture +sudoOption: authenticate +sudoOption: root_sudo +sudoOption: shell_noargs +sudoOption: set_home +sudoOption: always_set_home +sudoOption: path_info +sudoOption: insults +sudoOption: !requiretty +sudoOption: env_editor +sudoOption: !rootpw +sudoOption: !runaspw +sudoOption: !targetpw +sudoOption: use_loginclass +sudoOption: set_logname +sudoOption: !stay_setuid +sudoOption: !preserve_groups +sudoOption: timestamp_timeout=.5 +sudoOption: passwd_timeout=5 +sudoOption: passwd_tries=3 +sudoOption: badpass_message=Take off, eh! +sudoOption: lecture_status_dir=/var/lib/sudo/lectured +sudoOption: timestampdir=/run/sudo/ts +sudoOption: timestampowner=root +sudoOption: exempt_group=sudo +sudoOption: passprompt=%p's sudo password: +sudoOption: passprompt_override +sudoOption: secure_path=/usr/bin:/usr/sbin:/bin:/sbin +sudoOption: editor=/usr/bin/vi +sudoOption: listpw=any +sudoOption: verifypw=all +sudoOption: noexec +sudoOption: ignore_local_sudoers +sudoOption: closefrom=3 +sudoOption: closefrom_override +sudoOption: !setenv +sudoOption: env_reset +sudoOption: env_check+=TERMCAP +sudoOption: !env_delete +sudoOption: env_keep+=LANG LANGUAGE LINGUAS LC_* _XKB_CHARSET +sudoOption: env_file=/etc/environment +sudoOption: restricted_env_file=/etc/environment.sudo +sudoOption: sudoers_locale=C +sudoOption: !visiblepw +sudoOption: pwfeedback +sudoOption: fast_glob +sudoOption: umask_override +sudoOption: log_input +sudoOption: log_output +sudoOption: compress_io +sudoOption: use_pty +sudoOption: iolog_dir=/var/log/sudo-io +sudoOption: iolog_file=%{seq} +sudoOption: set_utmp +sudoOption: utmp_runas +sudoOption: !exec_background +sudoOption: pam_service=sudo +sudoOption: pam_login_service=sudo-login +sudoOption: pam_setcred +sudoOption: pam_session +sudoOption: pam_acct_mgmt +sudoOption: maxseq=2176782336 +sudoOption: use_netgroups +sudoOption: sudoedit_checkdir +sudoOption: !sudoedit_follow +sudoOption: always_query_group_plugin +sudoOption: netgroup_tuple +sudoOption: ignore_audit_errors +sudoOption: ignore_iolog_errors +sudoOption: ignore_logfile_errors +sudoOption: !match_group_by_gid +sudoOption: iolog_user=root +sudoOption: iolog_group=root +sudoOption: iolog_mode=0600 +sudoOption: fdexec=digest_only +sudoOption: !ignore_unknown_defaults +sudoOption: command_timeout=7d8h30m10s +sudoOption: user_command_timeouts +sudoOption: iolog_flush +sudoOption: syslog_pid +sudoOption: timestamp_type=tty +sudoOption: authfail_message=Learn to type! +sudoOption: case_insensitive_user +sudoOption: case_insensitive_group +sudoOption: log_allowed +sudoOption: log_denied +sudoOption: !log_servers +sudoOption: log_server_timeout=10 +sudoOption: log_server_keepalive +sudoOption: !log_server_cabundle +sudoOption: !log_server_peer_cert +sudoOption: !log_server_peer_key +sudoOption: !log_server_verify +sudoOption: runas_allow_unknown_id +sudoOption: runas_check_shell +sudoOption: pam_ruser +sudoOption: pam_rhost +sudoOption: runcwd=~ +sudoOption: !selinux +sudoOption: !admin_flag + diff -Nru sudo-1.9.5p2/plugins/sudoers/regress/sudoers/test26.ldif2sudo.ok sudo-1.9.9/plugins/sudoers/regress/sudoers/test26.ldif2sudo.ok --- sudo-1.9.5p2/plugins/sudoers/regress/sudoers/test26.ldif2sudo.ok 1970-01-01 00:00:00.000000000 +0000 +++ sudo-1.9.9/plugins/sudoers/regress/sudoers/test26.ldif2sudo.ok 2022-01-27 21:24:06.000000000 +0000 @@ -0,0 +1,128 @@ +Defaults fqdn +Defaults runas_default=root +Defaults tty_tickets +Defaults umask=022 +Defaults runchroot=/ +Defaults logfile=/var/log/sudo +Defaults log_format=json +Defaults syslog=auth +Defaults syslog_badpri=alert +Defaults syslog_goodpri=notice +Defaults syslog_maxlen=2048 +Defaults !loglinelen +Defaults log_year +Defaults log_host +Defaults !mailerpath +Defaults mailerflags=-t +Defaults mailfrom=sudo@sudo.ws +Defaults mailto=root@localhost +Defaults mailsub="*** Sudo information for %h ***" +Defaults long_otp_prompt +Defaults ignore_dot +Defaults !mail_always +Defaults !mail_badpass +Defaults !mail_no_user +Defaults !mail_no_host +Defaults !mail_no_perms +Defaults !mail_all_cmnds +Defaults lecture=always +Defaults lecture_file=/etc/sudo.lecture +Defaults authenticate +Defaults root_sudo +Defaults shell_noargs +Defaults set_home +Defaults always_set_home +Defaults path_info +Defaults insults +Defaults !requiretty +Defaults env_editor +Defaults !rootpw +Defaults !runaspw +Defaults !targetpw +Defaults use_loginclass +Defaults set_logname +Defaults !stay_setuid +Defaults !preserve_groups +Defaults timestamp_timeout=.5 +Defaults passwd_timeout=5 +Defaults passwd_tries=3 +Defaults badpass_message="Take off, eh!" +Defaults lecture_status_dir=/var/lib/sudo/lectured +Defaults timestampdir=/run/sudo/ts +Defaults timestampowner=root +Defaults exempt_group=sudo +Defaults passprompt="%p's sudo password:" +Defaults passprompt_override +Defaults secure_path=/usr/bin\:/usr/sbin\:/bin\:/sbin +Defaults editor=/usr/bin/vi +Defaults listpw=any +Defaults verifypw=all +Defaults noexec +Defaults ignore_local_sudoers +Defaults closefrom=3 +Defaults closefrom_override +Defaults !setenv +Defaults env_reset +Defaults env_check+=TERMCAP +Defaults !env_delete +Defaults env_keep+="LANG LANGUAGE LINGUAS LC_* _XKB_CHARSET" +Defaults env_file=/etc/environment +Defaults restricted_env_file=/etc/environment.sudo +Defaults sudoers_locale=C +Defaults !visiblepw +Defaults pwfeedback +Defaults fast_glob +Defaults umask_override +Defaults log_input +Defaults log_output +Defaults compress_io +Defaults use_pty +Defaults iolog_dir=/var/log/sudo-io +Defaults iolog_file=%{seq} +Defaults set_utmp +Defaults utmp_runas +Defaults !exec_background +Defaults pam_service=sudo +Defaults pam_login_service=sudo-login +Defaults pam_setcred +Defaults pam_session +Defaults pam_acct_mgmt +Defaults maxseq=2176782336 +Defaults use_netgroups +Defaults sudoedit_checkdir +Defaults !sudoedit_follow +Defaults always_query_group_plugin +Defaults netgroup_tuple +Defaults ignore_audit_errors +Defaults ignore_iolog_errors +Defaults ignore_logfile_errors +Defaults !match_group_by_gid +Defaults iolog_user=root +Defaults iolog_group=root +Defaults iolog_mode=0600 +Defaults fdexec=digest_only +Defaults !ignore_unknown_defaults +Defaults command_timeout=7d8h30m10s +Defaults user_command_timeouts +Defaults iolog_flush +Defaults syslog_pid +Defaults timestamp_type=tty +Defaults authfail_message="Learn to type!" +Defaults case_insensitive_user +Defaults case_insensitive_group +Defaults log_allowed +Defaults log_denied +Defaults !log_servers +Defaults log_server_timeout=10 +Defaults log_server_keepalive +Defaults !log_server_cabundle +Defaults !log_server_peer_cert +Defaults !log_server_peer_key +Defaults !log_server_verify +Defaults runas_allow_unknown_id +Defaults runas_check_shell +Defaults pam_ruser +Defaults pam_rhost +Defaults runcwd=~ +Defaults !selinux +Defaults !admin_flag diff -Nru sudo-1.9.5p2/plugins/sudoers/regress/sudoers/test26.out.ok sudo-1.9.9/plugins/sudoers/regress/sudoers/test26.out.ok --- sudo-1.9.5p2/plugins/sudoers/regress/sudoers/test26.out.ok 1970-01-01 00:00:00.000000000 +0000 +++ sudo-1.9.9/plugins/sudoers/regress/sudoers/test26.out.ok 2022-01-27 21:24:06.000000000 +0000 @@ -0,0 +1,122 @@ +Parses OK + +Defaults fqdn +Defaults runas_default=root +Defaults tty_tickets +Defaults umask=022 +Defaults runchroot=/ +Defaults logfile=/var/log/sudo +Defaults log_format=json +Defaults syslog=auth, syslog_badpri=alert, syslog_goodpri=notice +Defaults syslog_maxlen=2048 +Defaults !loglinelen, log_year, log_host +Defaults !mailerpath, mailerflags=-t, mailfrom=sudo@sudo.ws, mailto=root@localhost, mailsub="*** Sudo information for %h ***" +Defaults long_otp_prompt +Defaults ignore_dot +Defaults !mail_always +Defaults !mail_badpass +Defaults !mail_no_user +Defaults !mail_no_host +Defaults !mail_no_perms +Defaults !mail_all_cmnds +Defaults lecture=always +Defaults lecture_file=/etc/sudo.lecture +Defaults authenticate +Defaults root_sudo +Defaults shell_noargs +Defaults set_home +Defaults always_set_home +Defaults path_info +Defaults insults +Defaults !requiretty +Defaults env_editor +Defaults !rootpw +Defaults !runaspw +Defaults !targetpw +Defaults use_loginclass +Defaults set_logname +Defaults !stay_setuid +Defaults !preserve_groups +Defaults timestamp_timeout=.5 +Defaults passwd_timeout=5 +Defaults passwd_tries=3 +Defaults badpass_message="Take off, eh!" +Defaults lecture_status_dir=/var/lib/sudo/lectured +Defaults timestampdir=/run/sudo/ts +Defaults timestampowner=root +Defaults exempt_group=sudo +Defaults passprompt="%p's sudo password: " +Defaults passprompt_override +Defaults secure_path=/usr/bin\:/usr/sbin\:/bin\:/sbin +Defaults editor=/usr/bin/vi +Defaults listpw=any +Defaults verifypw=all +Defaults noexec +Defaults ignore_local_sudoers +Defaults closefrom=3 +Defaults closefrom_override +Defaults !setenv +Defaults env_reset +Defaults env_check+=TERMCAP +Defaults !env_delete +Defaults env_keep+="LANG LANGUAGE LINGUAS LC_* _XKB_CHARSET" +Defaults env_file=/etc/environment +Defaults restricted_env_file=/etc/environment.sudo +Defaults sudoers_locale=C +Defaults !visiblepw +Defaults pwfeedback +Defaults fast_glob +Defaults umask_override +Defaults log_input +Defaults log_output +Defaults compress_io +Defaults use_pty +Defaults iolog_dir=/var/log/sudo-io +Defaults iolog_file=%{seq} +Defaults set_utmp +Defaults utmp_runas +Defaults !exec_background +Defaults pam_service=sudo +Defaults pam_login_service=sudo-login +Defaults pam_setcred +Defaults pam_session +Defaults pam_acct_mgmt +Defaults maxseq=2176782336 +Defaults use_netgroups +Defaults sudoedit_checkdir +Defaults !sudoedit_follow +Defaults always_query_group_plugin +Defaults netgroup_tuple +Defaults ignore_audit_errors +Defaults ignore_iolog_errors +Defaults ignore_logfile_errors +Defaults !match_group_by_gid +Defaults iolog_user=root +Defaults iolog_group=root +Defaults iolog_mode=0600 +Defaults fdexec=digest_only +Defaults !ignore_unknown_defaults +Defaults command_timeout=7d8h30m10s +Defaults user_command_timeouts +Defaults iolog_flush +Defaults syslog_pid +Defaults timestamp_type=tty +Defaults authfail_message="Learn to type!" +Defaults case_insensitive_user +Defaults case_insensitive_group +Defaults log_allowed +Defaults log_denied +Defaults !log_servers +Defaults log_server_timeout=10 +Defaults log_server_keepalive +Defaults !log_server_cabundle +Defaults !log_server_peer_cert +Defaults !log_server_peer_key +Defaults !log_server_verify +Defaults runas_allow_unknown_id +Defaults runas_check_shell +Defaults pam_ruser +Defaults pam_rhost +Defaults runcwd=~ +Defaults !selinux +Defaults !admin_flag diff -Nru sudo-1.9.5p2/plugins/sudoers/regress/sudoers/test26.toke.ok sudo-1.9.9/plugins/sudoers/regress/sudoers/test26.toke.ok --- sudo-1.9.5p2/plugins/sudoers/regress/sudoers/test26.toke.ok 1970-01-01 00:00:00.000000000 +0000 +++ sudo-1.9.9/plugins/sudoers/regress/sudoers/test26.toke.ok 2022-01-27 21:24:06.000000000 +0000 @@ -0,0 +1,128 @@ +# +DEFAULTS DEFVAR +DEFAULTS DEFVAR = WORD(2) +DEFAULTS DEFVAR +DEFAULTS DEFVAR = WORD(2) +DEFAULTS DEFVAR = WORD(2) +DEFAULTS DEFVAR = WORD(2) +DEFAULTS DEFVAR = WORD(2) +DEFAULTS DEFVAR = WORD(2) , DEFVAR = WORD(2) , DEFVAR = WORD(2) +DEFAULTS DEFVAR = WORD(2) +DEFAULTS !DEFVAR , DEFVAR , DEFVAR +DEFAULTS !DEFVAR , DEFVAR = BEGINSTR STRBODY ENDSTR WORD(4) , DEFVAR = BEGINSTR STRBODY ENDSTR WORD(4) , DEFVAR = BEGINSTR STRBODY ENDSTR WORD(4) , DEFVAR = BEGINSTR STRBODY ENDSTR WORD(4) + +# +DEFAULTS DEFVAR +DEFAULTS DEFVAR +DEFAULTS !DEFVAR +DEFAULTS !DEFVAR +DEFAULTS !DEFVAR +DEFAULTS !DEFVAR +DEFAULTS !DEFVAR +DEFAULTS !DEFVAR +DEFAULTS DEFVAR = WORD(2) +DEFAULTS DEFVAR = WORD(2) +DEFAULTS DEFVAR +DEFAULTS DEFVAR +DEFAULTS DEFVAR +DEFAULTS DEFVAR +DEFAULTS DEFVAR +DEFAULTS DEFVAR +DEFAULTS DEFVAR +DEFAULTS !DEFVAR +DEFAULTS DEFVAR +DEFAULTS !DEFVAR +DEFAULTS !DEFVAR +DEFAULTS !DEFVAR +DEFAULTS DEFVAR +DEFAULTS DEFVAR +DEFAULTS !DEFVAR +DEFAULTS !DEFVAR +DEFAULTS DEFVAR = WORD(2) +DEFAULTS DEFVAR = WORD(2) +DEFAULTS DEFVAR = WORD(2) +DEFAULTS DEFVAR = BEGINSTR STRBODY ENDSTR WORD(4) +DEFAULTS DEFVAR = BEGINSTR STRBODY ENDSTR WORD(4) +DEFAULTS DEFVAR = BEGINSTR STRBODY ENDSTR WORD(4) +DEFAULTS DEFVAR = WORD(2) +DEFAULTS DEFVAR = WORD(2) +DEFAULTS DEFVAR = BEGINSTR STRBODY ENDSTR WORD(4) +DEFAULTS DEFVAR +DEFAULTS DEFVAR = BEGINSTR STRBODY ENDSTR WORD(4) +DEFAULTS DEFVAR = WORD(2) +DEFAULTS DEFVAR = WORD(2) +DEFAULTS DEFVAR = WORD(2) +DEFAULTS DEFVAR +DEFAULTS DEFVAR +DEFAULTS DEFVAR = WORD(2) +DEFAULTS DEFVAR +DEFAULTS !DEFVAR +DEFAULTS DEFVAR +DEFAULTS DEFVAR += BEGINSTR STRBODY ENDSTR WORD(4) +DEFAULTS !DEFVAR +DEFAULTS DEFVAR += BEGINSTR STRBODY ENDSTR WORD(4) +# +# +DEFAULTS DEFVAR = BEGINSTR STRBODY ENDSTR WORD(4) +DEFAULTS DEFVAR = BEGINSTR STRBODY ENDSTR WORD(4) +DEFAULTS DEFVAR = WORD(2) +DEFAULTS !DEFVAR +DEFAULTS DEFVAR +DEFAULTS DEFVAR +DEFAULTS DEFVAR +DEFAULTS DEFVAR +DEFAULTS DEFVAR +DEFAULTS DEFVAR +DEFAULTS DEFVAR +# +DEFAULTS DEFVAR = BEGINSTR STRBODY ENDSTR WORD(4) +DEFAULTS DEFVAR = BEGINSTR STRBODY ENDSTR WORD(4) +DEFAULTS DEFVAR +DEFAULTS DEFVAR +# +# +DEFAULTS !DEFVAR +DEFAULTS DEFVAR = BEGINSTR STRBODY ENDSTR WORD(4) +DEFAULTS DEFVAR = BEGINSTR STRBODY ENDSTR WORD(4) +DEFAULTS DEFVAR +DEFAULTS DEFVAR +DEFAULTS DEFVAR +DEFAULTS DEFVAR = WORD(2) +DEFAULTS DEFVAR +DEFAULTS DEFVAR +DEFAULTS !DEFVAR +DEFAULTS DEFVAR +DEFAULTS DEFVAR +DEFAULTS DEFVAR +DEFAULTS DEFVAR +DEFAULTS DEFVAR +DEFAULTS !DEFVAR +DEFAULTS DEFVAR = WORD(2) +DEFAULTS DEFVAR = WORD(2) +DEFAULTS DEFVAR = WORD(2) +DEFAULTS DEFVAR = WORD(2) +DEFAULTS !DEFVAR +DEFAULTS DEFVAR = WORD(2) +DEFAULTS DEFVAR +DEFAULTS DEFVAR +DEFAULTS DEFVAR +DEFAULTS DEFVAR = WORD(2) +DEFAULTS DEFVAR = BEGINSTR STRBODY ENDSTR WORD(4) +DEFAULTS DEFVAR +DEFAULTS DEFVAR +DEFAULTS DEFVAR +DEFAULTS DEFVAR +DEFAULTS !DEFVAR +DEFAULTS DEFVAR = WORD(2) +DEFAULTS DEFVAR +DEFAULTS !DEFVAR +DEFAULTS !DEFVAR +DEFAULTS !DEFVAR +DEFAULTS !DEFVAR +DEFAULTS DEFVAR +DEFAULTS DEFVAR +DEFAULTS DEFVAR +DEFAULTS DEFVAR +DEFAULTS DEFVAR = WORD(2) +DEFAULTS !DEFVAR +DEFAULTS !DEFVAR diff -Nru sudo-1.9.5p2/plugins/sudoers/regress/sudoers/test27.in sudo-1.9.9/plugins/sudoers/regress/sudoers/test27.in --- sudo-1.9.5p2/plugins/sudoers/regress/sudoers/test27.in 1970-01-01 00:00:00.000000000 +0000 +++ sudo-1.9.9/plugins/sudoers/regress/sudoers/test27.in 2022-01-27 21:24:06.000000000 +0000 @@ -0,0 +1,13 @@ +# Query the group plugin too (if there is one) +Defaults always_query_group_plugin + +# Test RunasGroup with and without RunasUser +root ALL = ( root : wheel ) ALL +millert ALL = ( : wheel ) ALL +%sudo ALL = ( : ALL ) ALL + +# Test RunasUser with %group syntax +operator ALL = ( %wheel ) ALL + +# Test netgroup for user and host ++netusers +nethosts = ( +netrunas ) ALL diff -Nru sudo-1.9.5p2/plugins/sudoers/regress/sudoers/test27.json.ok sudo-1.9.9/plugins/sudoers/regress/sudoers/test27.json.ok --- sudo-1.9.5p2/plugins/sudoers/regress/sudoers/test27.json.ok 1970-01-01 00:00:00.000000000 +0000 +++ sudo-1.9.9/plugins/sudoers/regress/sudoers/test27.json.ok 2022-01-27 21:24:06.000000000 +0000 @@ -0,0 +1,119 @@ +{ + "Defaults": [ + { + "Options": [ + { "always_query_group_plugin": true } + ] + } + ], + "User_Specs": [ + { + "User_List": [ + { "username": "root" } + ], + "Host_List": [ + { "hostname": "ALL" } + ], + "Cmnd_Specs": [ + { + "runasusers": [ + { "username": "root" } + ], + "runasgroups": [ + { "usergroup": "wheel" } + ], + "Options": [ + { "setenv": true } + ], + "Commands": [ + { "command": "ALL" } + ] + } + ] + }, + { + "User_List": [ + { "username": "millert" } + ], + "Host_List": [ + { "hostname": "ALL" } + ], + "Cmnd_Specs": [ + { + "runasgroups": [ + { "usergroup": "wheel" } + ], + "Options": [ + { "setenv": true } + ], + "Commands": [ + { "command": "ALL" } + ] + } + ] + }, + { + "User_List": [ + { "usergroup": "sudo" } + ], + "Host_List": [ + { "hostname": "ALL" } + ], + "Cmnd_Specs": [ + { + "runasgroups": [ + { "usergroup": "ALL" } + ], + "Options": [ + { "setenv": true } + ], + "Commands": [ + { "command": "ALL" } + ] + } + ] + }, + { + "User_List": [ + { "username": "operator" } + ], + "Host_List": [ + { "hostname": "ALL" } + ], + "Cmnd_Specs": [ + { + "runasusers": [ + { "usergroup": "wheel" } + ], + "Options": [ + { "setenv": true } + ], + "Commands": [ + { "command": "ALL" } + ] + } + ] + }, + { + "User_List": [ + { "netgroup": "netusers" } + ], + "Host_List": [ + { "netgroup": "nethosts" } + ], + "Cmnd_Specs": [ + { + "runasusers": [ + { "netgroup": "netrunas" } + ], + "Options": [ + { "setenv": true } + ], + "Commands": [ + { "command": "ALL" } + ] + } + ] + } + ] +} diff -Nru sudo-1.9.5p2/plugins/sudoers/regress/sudoers/test27.ldif.ok sudo-1.9.9/plugins/sudoers/regress/sudoers/test27.ldif.ok --- sudo-1.9.5p2/plugins/sudoers/regress/sudoers/test27.ldif.ok 1970-01-01 00:00:00.000000000 +0000 +++ sudo-1.9.9/plugins/sudoers/regress/sudoers/test27.ldif.ok 2022-01-27 21:24:06.000000000 +0000 @@ -0,0 +1,58 @@ +dn: cn=defaults,ou=SUDOers,dc=sudo,dc=ws +objectClass: top +objectClass: sudoRole +cn: defaults +description: Default sudoOption's go here +sudoOption: always_query_group_plugin + +dn: cn=root,ou=SUDOers,dc=sudo,dc=ws +objectClass: top +objectClass: sudoRole +cn: root +sudoUser: root +sudoHost: ALL +sudoRunAsUser: root +sudoRunAsGroup: wheel +sudoCommand: ALL +sudoOrder: 1 + +dn: cn=millert,ou=SUDOers,dc=sudo,dc=ws +objectClass: top +objectClass: sudoRole +cn: millert +sudoUser: millert +sudoHost: ALL +sudoRunAsGroup: wheel +sudoCommand: ALL +sudoOrder: 2 + +dn: cn=%sudo,ou=SUDOers,dc=sudo,dc=ws +objectClass: top +objectClass: sudoRole +cn: %sudo +sudoUser: %sudo +sudoHost: ALL +sudoRunAsGroup: ALL +sudoCommand: ALL +sudoOrder: 3 + +dn: cn=operator,ou=SUDOers,dc=sudo,dc=ws +objectClass: top +objectClass: sudoRole +cn: operator +sudoUser: operator +sudoHost: ALL +sudoRunAsUser: %wheel +sudoCommand: ALL +sudoOrder: 4 + +dn: cn=\+netusers,ou=SUDOers,dc=sudo,dc=ws +objectClass: top +objectClass: sudoRole +cn: \+netusers +sudoUser: +netusers +sudoHost: +nethosts +sudoRunAsUser: +netrunas +sudoCommand: ALL +sudoOrder: 5 + diff -Nru sudo-1.9.5p2/plugins/sudoers/regress/sudoers/test27.ldif2sudo.ok sudo-1.9.9/plugins/sudoers/regress/sudoers/test27.ldif2sudo.ok --- sudo-1.9.5p2/plugins/sudoers/regress/sudoers/test27.ldif2sudo.ok 1970-01-01 00:00:00.000000000 +0000 +++ sudo-1.9.9/plugins/sudoers/regress/sudoers/test27.ldif2sudo.ok 2022-01-27 21:24:06.000000000 +0000 @@ -0,0 +1,16 @@ +Defaults always_query_group_plugin + +# sudoRole root +root ALL = (root : wheel) ALL + +# sudoRole millert +millert ALL = ( : wheel) ALL + +# sudoRole %sudo +%sudo ALL = ( : ALL) ALL + +# sudoRole operator +operator ALL = (%wheel) ALL + +# sudoRole +netusers ++netusers +nethosts = (+netrunas) ALL diff -Nru sudo-1.9.5p2/plugins/sudoers/regress/sudoers/test27.out.ok sudo-1.9.9/plugins/sudoers/regress/sudoers/test27.out.ok --- sudo-1.9.5p2/plugins/sudoers/regress/sudoers/test27.out.ok 1970-01-01 00:00:00.000000000 +0000 +++ sudo-1.9.9/plugins/sudoers/regress/sudoers/test27.out.ok 2022-01-27 21:24:06.000000000 +0000 @@ -0,0 +1,9 @@ +Parses OK + +Defaults always_query_group_plugin + +root ALL = (root : wheel) ALL +millert ALL = ( : wheel) ALL +%sudo ALL = ( : ALL) ALL +operator ALL = (%wheel) ALL ++netusers +nethosts = (+netrunas) ALL diff -Nru sudo-1.9.5p2/plugins/sudoers/regress/sudoers/test27.toke.ok sudo-1.9.9/plugins/sudoers/regress/sudoers/test27.toke.ok --- sudo-1.9.5p2/plugins/sudoers/regress/sudoers/test27.toke.ok 1970-01-01 00:00:00.000000000 +0000 +++ sudo-1.9.9/plugins/sudoers/regress/sudoers/test27.toke.ok 2022-01-27 21:24:06.000000000 +0000 @@ -0,0 +1,13 @@ +# +DEFAULTS DEFVAR + +# +WORD(6) ALL = ( WORD(6) : WORD(6) ) ALL +WORD(6) ALL = ( : WORD(6) ) ALL +USERGROUP ALL = ( : ALL ) ALL + +# +WORD(6) ALL = ( USERGROUP ) ALL + +# +NETGROUP NETGROUP = ( NETGROUP ) ALL diff -Nru sudo-1.9.5p2/plugins/sudoers/regress/sudoers/test4.toke.ok sudo-1.9.9/plugins/sudoers/regress/sudoers/test4.toke.ok --- sudo-1.9.5p2/plugins/sudoers/regress/sudoers/test4.toke.ok 2020-12-17 01:33:44.000000000 +0000 +++ sudo-1.9.9/plugins/sudoers/regress/sudoers/test4.toke.ok 2022-01-27 21:24:06.000000000 +0000 @@ -2,4 +2,4 @@ USERALIAS ALIAS = WORD(6) : ALIAS = WORD(6) # -USERALIAS ALIAS = WORD(6) <*> ERROR ALIAS = WORD(6) +USERALIAS ALIAS = WORD(6) ERROR <*> ALIAS = WORD(6) diff -Nru sudo-1.9.5p2/plugins/sudoers/regress/sudoers/test5.toke.ok sudo-1.9.9/plugins/sudoers/regress/sudoers/test5.toke.ok --- sudo-1.9.5p2/plugins/sudoers/regress/sudoers/test5.toke.ok 2020-12-17 01:33:44.000000000 +0000 +++ sudo-1.9.9/plugins/sudoers/regress/sudoers/test5.toke.ok 2022-01-27 21:24:06.000000000 +0000 @@ -1,3 +1,3 @@ # -USERALIAS ALIAS = BEGINSTR ENDSTR <*> ERROR -BEGINSTR ENDSTR <*> ERROR ALL = ALL +USERALIAS ALIAS = BEGINSTR ENDSTR ERROR <*> +BEGINSTR ENDSTR ERROR <*> ALL = ALL diff -Nru sudo-1.9.5p2/plugins/sudoers/regress/sudoers/test7.toke.ok sudo-1.9.9/plugins/sudoers/regress/sudoers/test7.toke.ok --- sudo-1.9.5p2/plugins/sudoers/regress/sudoers/test7.toke.ok 2020-12-17 01:33:44.000000000 +0000 +++ sudo-1.9.9/plugins/sudoers/regress/sudoers/test7.toke.ok 2022-01-27 21:24:06.000000000 +0000 @@ -1,7 +1,7 @@ # -USERALIAS ALIAS = BEGINSTR STRBODY ENDSTR <*> ERROR -USERALIAS ALIAS = BEGINSTR STRBODY ENDSTR <*> ERROR -USERALIAS ALIAS = BEGINSTR STRBODY ENDSTR <*> ERROR -USERALIAS ALIAS = <*> ERROR -USERALIAS ALIAS = <*> ERROR -USERALIAS ALIAS = <*> ERROR +USERALIAS ALIAS = BEGINSTR STRBODY ENDSTR ERROR <*> +USERALIAS ALIAS = BEGINSTR STRBODY ENDSTR ERROR <*> +USERALIAS ALIAS = BEGINSTR STRBODY ENDSTR ERROR <*> +USERALIAS ALIAS = ERROR <*> +USERALIAS ALIAS = ERROR <*> +USERALIAS ALIAS = ERROR <*> diff -Nru sudo-1.9.5p2/plugins/sudoers/regress/sudoers/test8.toke.ok sudo-1.9.9/plugins/sudoers/regress/sudoers/test8.toke.ok --- sudo-1.9.5p2/plugins/sudoers/regress/sudoers/test8.toke.ok 2020-12-17 01:33:44.000000000 +0000 +++ sudo-1.9.9/plugins/sudoers/regress/sudoers/test8.toke.ok 2022-01-27 21:24:06.000000000 +0000 @@ -4,4 +4,4 @@ USERALIAS ALIAS = WORD(6) # -USERALIAS ALIAS = BEGINSTR STRBODY <*> ERROR +USERALIAS ALIAS = BEGINSTR STRBODY ERROR <*> diff -Nru sudo-1.9.5p2/plugins/sudoers/regress/testsudoers/test11.sh sudo-1.9.9/plugins/sudoers/regress/testsudoers/test11.sh --- sudo-1.9.5p2/plugins/sudoers/regress/testsudoers/test11.sh 2020-12-17 01:33:44.000000000 +0000 +++ sudo-1.9.9/plugins/sudoers/regress/testsudoers/test11.sh 2022-01-27 21:24:06.000000000 +0000 @@ -6,9 +6,6 @@ : ${TESTSUDOERS=testsudoers} -# Avoid warnings about memory leaks when there is a syntax error -ASAN_OPTIONS=detect_leaks=0; export ASAN_OPTIONS - MYUID=`\ls -ln $TESTDIR/test2.inc | awk '{print $3}'` MYGID=`\ls -ln $TESTDIR/test2.inc | awk '{print $4}'` diff -Nru sudo-1.9.5p2/plugins/sudoers/regress/testsudoers/test12.sh sudo-1.9.9/plugins/sudoers/regress/testsudoers/test12.sh --- sudo-1.9.5p2/plugins/sudoers/regress/testsudoers/test12.sh 2020-12-17 01:33:44.000000000 +0000 +++ sudo-1.9.9/plugins/sudoers/regress/testsudoers/test12.sh 2022-01-27 21:24:06.000000000 +0000 @@ -6,9 +6,6 @@ : ${TESTSUDOERS=testsudoers} -# Avoid warnings about memory leaks when there is a syntax error -ASAN_OPTIONS=detect_leaks=0; export ASAN_OPTIONS - echo "Testing sudoers with multiple syntax errors" echo "" $TESTSUDOERS -d <&1 | sed 's/\(syntax error\), .*/\1/' diff -Nru sudo-1.9.5p2/plugins/sudoers/regress/testsudoers/test13.sh sudo-1.9.9/plugins/sudoers/regress/testsudoers/test13.sh --- sudo-1.9.5p2/plugins/sudoers/regress/testsudoers/test13.sh 2020-12-17 01:33:44.000000000 +0000 +++ sudo-1.9.9/plugins/sudoers/regress/testsudoers/test13.sh 2022-01-27 21:24:06.000000000 +0000 @@ -6,9 +6,6 @@ : ${TESTSUDOERS=testsudoers} -# Avoid warnings about memory leaks when there is a syntax error -ASAN_OPTIONS=detect_leaks=0; export ASAN_OPTIONS - echo "Testing alias definitions using reserved words" echo "" $TESTSUDOERS -d <&1 diff -Nru sudo-1.9.5p2/plugins/sudoers/regress/testsudoers/test16.out.ok sudo-1.9.9/plugins/sudoers/regress/testsudoers/test16.out.ok --- sudo-1.9.5p2/plugins/sudoers/regress/testsudoers/test16.out.ok 1970-01-01 00:00:00.000000000 +0000 +++ sudo-1.9.9/plugins/sudoers/regress/testsudoers/test16.out.ok 2022-01-27 21:24:22.000000000 +0000 @@ -0,0 +1,10 @@ +Parses OK + +Entries for user root: + +ALL = (ALL) ALL + host matched + runas matched + cmnd allowed + +Command allowed diff -Nru sudo-1.9.5p2/plugins/sudoers/regress/testsudoers/test16.sh sudo-1.9.9/plugins/sudoers/regress/testsudoers/test16.sh --- sudo-1.9.5p2/plugins/sudoers/regress/testsudoers/test16.sh 1970-01-01 00:00:00.000000000 +0000 +++ sudo-1.9.9/plugins/sudoers/regress/testsudoers/test16.sh 2022-01-27 21:24:22.000000000 +0000 @@ -0,0 +1,41 @@ +#!/bin/sh +# +# Test to exercise Bug #994, a crash matching sudoCommand ALL. +# + +: ${TESTSUDOERS=testsudoers} + +$TESTSUDOERS -i ldif root id <<-EOF +dn: dc=sudo,dc=ws +objectClass: dcObject +objectClass: organization +dc: bigwheel +o: Big Wheel +description: Big Wheel + +# Organizational Role for Directory Manager +dn: cn=Manager,dc=sudo,dc=ws +objectClass: organizationalRole +cn: Manager +description: Directory Manager + +# SUDOers, sudo.ws +dn: ou=SUDOers,dc=sudo,dc=ws +objectClass: top +objectClass: organizationalUnit +description: SUDO Configuration Subtree +ou: SUDOers + +# root, SUDOers, sudo.ws +dn: cn=root,ou=SUDOers,dc=sudo,dc=ws +objectClass: top +objectClass: sudoRole +cn: root +sudoUser: root +sudoRunAs: ALL +sudoHost: ALL +sudoCommand: ALL +sudoOrder: 10 +EOF + +exit 0 diff -Nru sudo-1.9.5p2/plugins/sudoers/regress/testsudoers/test17.out.ok sudo-1.9.9/plugins/sudoers/regress/testsudoers/test17.out.ok --- sudo-1.9.5p2/plugins/sudoers/regress/testsudoers/test17.out.ok 1970-01-01 00:00:00.000000000 +0000 +++ sudo-1.9.9/plugins/sudoers/regress/testsudoers/test17.out.ok 2022-01-27 21:24:22.000000000 +0000 @@ -0,0 +1,10 @@ +Parses OK + +Entries for user root: + +ALL = (ALL) sha224:fIoq2MAfM/PZKTbkn9RE4VZ8YHjwnwTgE28Hxw== ALL + host matched + runas matched + cmnd allowed + +Command allowed diff -Nru sudo-1.9.5p2/plugins/sudoers/regress/testsudoers/test17.sh sudo-1.9.9/plugins/sudoers/regress/testsudoers/test17.sh --- sudo-1.9.5p2/plugins/sudoers/regress/testsudoers/test17.sh 1970-01-01 00:00:00.000000000 +0000 +++ sudo-1.9.9/plugins/sudoers/regress/testsudoers/test17.sh 2022-01-27 21:24:22.000000000 +0000 @@ -0,0 +1,51 @@ +#!/bin/sh +# +# Test that digest matching works with LDAP sudoCommand: ALL +# + +: ${TESTSUDOERS=testsudoers} + +# Create test command with known digest +TESTDIR="`pwd`/regress/testsudoers" +cat >"$TESTDIR/hello" <&1 $TESTSUDOERS -U 1 root id <"$TESTFILE" < + * + * Permission to use, copy, modify, and distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR + * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN + * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF + * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + */ + +#include + +#include +#include +#include + +#define SUDO_ERROR_WRAP 0 + +#include "sudoers.h" + +struct test_data { + char *input; + char *result; + size_t result_len; + size_t bufsize; +} test_data[] = { + { "\\\0ABC", "\\", 1, 2 }, /* 1 */ + { "\\ \\;", "\\ ;", 3, 4 }, /* 2 */ + { "\\\t\\;", "\\\t;", 3, 4 }, /* 3 */ + { "\\foo", "foo", 3, 4 }, /* 4 */ + { "foo\\ bar", "foo\\ bar", 8, 9 }, /* 5 */ + { "foo bar", "f", 7, 2 }, /* 6 */ + { "foo bar", "", 7, 1 }, /* 7 */ + { "foo bar", NULL, 7, 0 }, /* 8 */ + { NULL } +}; + +sudo_dso_public int main(int argc, char *argv[]); + +static void +test_strlcpy_unescape(int *ntests_out, int *errors_out) +{ + int ntests = *ntests_out; + int errors = *errors_out; + struct test_data *td; + char buf[1024]; + size_t len; + + for (td = test_data; td->input != NULL; td++) { + ntests++; + memset(buf, 'A', sizeof(buf)); + len = strlcpy_unescape(buf, td->input, td->bufsize); + if (len != td->result_len) { + sudo_warnx("%d: \"%s\": bad return %zu, expected %zu", + ntests, td->input, len, td->result_len); + errors++; + } + len = td->result ? strlen(td->result) : 0; + if ((len != 0 || td->bufsize != 0) && len >= td->bufsize) { + sudo_warnx("%d: \"%s\": bad length %zu >= %zu", + ntests, td->input, len, td->bufsize); + errors++; + } + if (td->result != NULL && strcmp(td->result, buf) != 0) { + sudo_warnx("%d: \"%s\": got \"%s\", expected \"%s\"", + ntests, td->input, buf, td->result); + errors++; + } + if (buf[td->bufsize] != 'A') { + sudo_warnx("%d: \"%s\": wrote past end of buffer at %zu (0x%x)", + ntests, td->input, td->bufsize, buf[td->bufsize]); + errors++; + } + } + + *ntests_out = ntests; + *errors_out = errors; +} + +static void +test_strvec_join(char sep, int *ntests_out, int *errors_out) +{ + int ntests = *ntests_out; + int errors = *errors_out; + char buf[64*1024 + 1], expected[64*1024 + 3]; + char *argv[3], *result; + + /* Test joining an argument vector while unescaping. */ + /* Simulate: sudoedit -s '\' `perl -e 'print "A" x 65536'` */ + memset(buf, 'A', sizeof(buf)); + buf[sizeof(buf) - 1] = '\0'; + argv[0] = "\\"; + argv[1] = buf; + argv[2] = NULL; + + memset(expected, 'A', sizeof(expected)); + expected[0] = '\\'; + expected[1] = sep; + expected[sizeof(expected) - 1] = '\0'; + + ntests++; + result = strvec_join(argv, sep, strlcpy_unescape); + if (result == NULL) { + sudo_warnx("%d: failed to join argument vector", ntests); + errors++; + } else if (strcmp(result, expected) != 0) { + sudo_warnx("%d: got \"%s\", expected \"%s\"", ntests, + result, expected); + errors++; + } + free(result); + + *ntests_out = ntests; + *errors_out = errors; +} + +int +main(int argc, char *argv[]) +{ + int ntests = 0, errors = 0; + + initprogname(argc > 0 ? argv[0] : "check_unesc"); + + /* strlcpy_unescape tests */ + test_strlcpy_unescape(&ntests, &errors); + + /* strvec_join test */ + test_strvec_join(' ', &ntests, &errors); + test_strvec_join('\n', &ntests, &errors); + + if (ntests != 0) { + printf("%s: %d tests run, %d errors, %d%% success rate\n", + getprogname(), ntests, errors, (ntests - errors) * 100 / ntests); + } + + exit(errors); +} diff -Nru sudo-1.9.5p2/plugins/sudoers/set_perms.c sudo-1.9.9/plugins/sudoers/set_perms.c --- sudo-1.9.5p2/plugins/sudoers/set_perms.c 2020-12-17 01:33:44.000000000 +0000 +++ sudo-1.9.9/plugins/sudoers/set_perms.c 2022-01-27 21:24:06.000000000 +0000 @@ -80,7 +80,7 @@ { debug_decl(rewind_perms, SUDOERS_DEBUG_PERMS); - if (perm_stack_depth != 0) { + if (perm_stack_depth > 0) { while (perm_stack_depth > 1) { if (!restore_perms()) debug_return_bool(false); @@ -116,8 +116,11 @@ goto bad; } - state = &perm_stack[perm_stack_depth]; - if (perm != PERM_INITIAL) { + if (perm == PERM_INITIAL) { + if (perm_stack_depth > 1) + rewind_perms(); + perm_stack_depth = 0; + } else { if (perm_stack_depth == 0) { errstr = N_("perm stack underflow"); errno = EINVAL; @@ -125,6 +128,7 @@ } ostate = &perm_stack[perm_stack_depth - 1]; } + state = &perm_stack[perm_stack_depth]; switch (perm) { case PERM_INITIAL: @@ -443,8 +447,11 @@ goto bad; } - state = &perm_stack[perm_stack_depth]; - if (perm != PERM_INITIAL) { + if (perm == PERM_INITIAL) { + if (perm_stack_depth > 1) + rewind_perms(); + perm_stack_depth = 0; + } else { if (perm_stack_depth == 0) { errstr = N_("perm stack underflow"); errno = EINVAL; @@ -452,6 +459,7 @@ } ostate = &perm_stack[perm_stack_depth - 1]; } + state = &perm_stack[perm_stack_depth]; switch (perm) { case PERM_INITIAL: @@ -846,8 +854,11 @@ goto bad; } - state = &perm_stack[perm_stack_depth]; - if (perm != PERM_INITIAL) { + if (perm == PERM_INITIAL) { + if (perm_stack_depth > 1) + rewind_perms(); + perm_stack_depth = 0; + } else { if (perm_stack_depth == 0) { errstr = N_("perm stack underflow"); errno = EINVAL; @@ -855,6 +866,7 @@ } ostate = &perm_stack[perm_stack_depth - 1]; } + state = &perm_stack[perm_stack_depth]; switch (perm) { case PERM_INITIAL: @@ -1152,8 +1164,11 @@ goto bad; } - state = &perm_stack[perm_stack_depth]; - if (perm != PERM_INITIAL) { + if (perm == PERM_INITIAL) { + if (perm_stack_depth > 1) + rewind_perms(); + perm_stack_depth = 0; + } else { if (perm_stack_depth == 0) { errstr = N_("perm stack underflow"); errno = EINVAL; @@ -1161,6 +1176,7 @@ } ostate = &perm_stack[perm_stack_depth - 1]; } + state = &perm_stack[perm_stack_depth]; /* * Since we only have setuid() and seteuid() and semantics @@ -1446,8 +1462,11 @@ goto bad; } - state = &perm_stack[perm_stack_depth]; - if (perm != PERM_INITIAL) { + if (perm == PERM_INITIAL) { + if (perm_stack_depth > 1) + rewind_perms(); + perm_stack_depth = 0; + } else { if (perm_stack_depth == 0) { errstr = N_("perm stack underflow"); errno = EINVAL; @@ -1455,6 +1474,7 @@ } ostate = &perm_stack[perm_stack_depth - 1]; } + state = &perm_stack[perm_stack_depth]; switch (perm) { case PERM_INITIAL: diff -Nru sudo-1.9.5p2/plugins/sudoers/sssd.c sudo-1.9.9/plugins/sudoers/sssd.c --- sudo-1.9.5p2/plugins/sudoers/sssd.c 2020-12-17 01:33:44.000000000 +0000 +++ sudo-1.9.9/plugins/sudoers/sssd.c 2022-01-27 21:24:22.000000000 +0000 @@ -1,7 +1,7 @@ /* * SPDX-License-Identifier: ISC * - * Copyright (c) 2003-2020 Todd C. Miller + * Copyright (c) 2003-2022 Todd C. Miller * Copyright (c) 2011 Daniel Kopecek * * This code is derived from software contributed by Aaron Spangler. @@ -189,8 +189,13 @@ /* Walk through sudoUser values. */ for (i = 0; val_array[i] != NULL && !ret; ++i) { const char *val = val_array[i]; + bool negated = false; sudo_debug_printf(SUDO_DEBUG_DEBUG, "val[%d]=%s", i, val); + if (*val == '!') { + val++; + negated = true; + } switch (*val) { case '+': /* Netgroup spec found, check membership. */ @@ -214,8 +219,14 @@ break; } sudo_debug_printf(SUDO_DEBUG_DIAG, - "sssd/ldap sudoUser '%s' ... %s (%s)", val, - ret ? "MATCH!" : "not", handle->pw->pw_name); + "sssd/ldap sudoUser '%s%s' ... %s (%s)", negated ? "!" : "", + val, ret ? "MATCH!" : "not", handle->pw->pw_name); + + /* A negated match overrides all other entries. */ + if (ret && negated) { + ret = false; + break; + } } handle->fn_free_values(val_array); debug_return_bool(ret); @@ -329,22 +340,14 @@ rc = 0; cleanup: - if (cn_array != NULL) - handle->fn_free_values(cn_array); - if (cmnds != NULL) - handle->fn_free_values(cmnds); - if (hosts != NULL) - handle->fn_free_values(hosts); - if (runasusers != NULL) - handle->fn_free_values(runasusers); - if (runasgroups != NULL) - handle->fn_free_values(runasgroups); - if (opts != NULL) - handle->fn_free_values(opts); - if (notbefore != NULL) - handle->fn_free_values(notbefore); - if (notafter != NULL) - handle->fn_free_values(notafter); + handle->fn_free_values(cn_array); + handle->fn_free_values(cmnds); + handle->fn_free_values(hosts); + handle->fn_free_values(runasusers); + handle->fn_free_values(runasgroups); + handle->fn_free_values(opts); + handle->fn_free_values(notbefore); + handle->fn_free_values(notafter); *rc_out = rc; @@ -363,14 +366,14 @@ /* We only have a single userspec */ if ((us = calloc(1, sizeof(*us))) == NULL) goto oom; - us->file = rcstr_dup("SSSD"); + us->file = sudo_rcstr_dup("SSSD"); TAILQ_INIT(&us->users); TAILQ_INIT(&us->privileges); STAILQ_INIT(&us->comments); TAILQ_INSERT_TAIL(&handle->parse_tree.userspecs, us, entries); /* We only include rules where the user matches. */ - if ((m = new_member_all(NULL)) == NULL) + if ((m = sudo_ldap_new_member_all()) == NULL) goto oom; TAILQ_INSERT_TAIL(&us->users, m, entries); @@ -441,7 +444,7 @@ char *cp; if (asprintf(&cp, "sudoRole %s", cn_array[0]) == -1) goto oom; - source = rcstr_dup(cp); + source = sudo_rcstr_dup(cp); free(cp); if (source == NULL) goto oom; @@ -450,7 +453,7 @@ cn_array = NULL; } if (source == NULL) { - if ((source = rcstr_dup("sudoRole UNKNOWN")) == NULL) + if ((source = sudo_rcstr_dup("sudoRole UNKNOWN")) == NULL) goto oom; } @@ -460,7 +463,7 @@ int op; op = sudo_ldap_parse_option(val_array[i], &var, &val); - if (!sudo_ldap_add_default(var, val, op, source, defs)) + if (!append_default(var, val, op, source, defs)) goto oom; } ret = true; @@ -470,7 +473,7 @@ sudo_warnx(U_("%s: %s"), __func__, U_("unable to allocate memory")); done: - rcstr_delref(source); + sudo_rcstr_delref(source); handle->fn_free_values(val_array); debug_return_bool(ret); } @@ -532,9 +535,6 @@ sudo_dso_unload(handle->ssslib); if (handle->pw != NULL) sudo_pw_delref(handle->pw); - free(handle->ipa_host); - if (handle->ipa_host != handle->ipa_shost) - free(handle->ipa_shost); free_parse_tree(&handle->parse_tree); free(handle); nss->handle = NULL; diff -Nru sudo-1.9.5p2/plugins/sudoers/strlcpy_unesc.c sudo-1.9.9/plugins/sudoers/strlcpy_unesc.c --- sudo-1.9.5p2/plugins/sudoers/strlcpy_unesc.c 1970-01-01 00:00:00.000000000 +0000 +++ sudo-1.9.9/plugins/sudoers/strlcpy_unesc.c 2022-01-27 21:24:06.000000000 +0000 @@ -0,0 +1,52 @@ +/* + * SPDX-License-Identifier: ISC + * + * Copyright (c) 2021 Todd C. Miller + * + * Permission to use, copy, modify, and distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR + * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN + * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF + * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + */ + +/* + * This is an open source non-commercial project. Dear PVS-Studio, please check it. + * PVS-Studio Static Code Analyzer for C, C++ and C#: http://www.viva64.com + */ + +#include + +#include +#include +#include + +#include "sudoers.h" + +size_t +strlcpy_unescape(char *dst, const char *src, size_t size) +{ + size_t len = 0; + char ch; + debug_decl(strlcpy_unescape, SUDOERS_DEBUG_UTIL); + + while ((ch = *src++) != '\0') { + if (ch == '\\' && *src != '\0' && !isspace((unsigned char)*src)) + ch = *src++; + if (size > 1) { + *dst++ = ch; + size--; + } + len++; + } + if (size > 0) + *dst = '\0'; + + debug_return_size_t(len); +} diff -Nru sudo-1.9.5p2/plugins/sudoers/strvec_join.c sudo-1.9.9/plugins/sudoers/strvec_join.c --- sudo-1.9.5p2/plugins/sudoers/strvec_join.c 1970-01-01 00:00:00.000000000 +0000 +++ sudo-1.9.9/plugins/sudoers/strvec_join.c 2022-01-27 21:24:06.000000000 +0000 @@ -0,0 +1,74 @@ +/* + * SPDX-License-Identifier: ISC + * + * Copyright (c) 2021 Todd C. Miller + * + * Permission to use, copy, modify, and distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR + * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN + * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF + * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + */ + +/* + * This is an open source non-commercial project. Dear PVS-Studio, please check it. + * PVS-Studio Static Code Analyzer for C, C++ and C#: http://www.viva64.com + */ + +#include + +#include +#include +#include + +#include "sudoers.h" + +#ifdef HAVE_STRLCPY +# define cpy_default strlcpy +#else +# define cpy_default sudo_strlcpy +#endif + +/* + * Join a NULL-terminated array of strings using the specified separator + * char. If non-NULL, the copy function must have strlcpy-like semantics. + */ +char * +strvec_join(char *const argv[], char sep, size_t (*cpy)(char *, const char *, size_t)) +{ + char *dst, *result = NULL; + char *const *av; + size_t n, size = 0; + debug_decl(strvec_join, SUDOERS_DEBUG_UTIL); + + for (av = argv; *av != NULL; av++) + size += strlen(*av) + 1; + if (size == 0 || (result = malloc(size)) == NULL) { + sudo_warnx(U_("%s: %s"), __func__, U_("unable to allocate memory")); + debug_return_ptr(NULL); + } + + if (cpy == NULL) + cpy = cpy_default; + for (dst = result, av = argv; *av != NULL; av++) { + n = cpy(dst, *av, size); + if (n >= size) { + sudo_warnx(U_("internal error, %s overflow"), __func__); + free(result); + debug_return_ptr(NULL); + } + dst += n; + size -= n; + *dst++ = sep; + size--; + } + *--dst = '\0'; + + debug_return_str(result); +} diff -Nru sudo-1.9.5p2/plugins/sudoers/stubs.c sudo-1.9.9/plugins/sudoers/stubs.c --- sudo-1.9.5p2/plugins/sudoers/stubs.c 2020-12-17 01:33:44.000000000 +0000 +++ sudo-1.9.9/plugins/sudoers/stubs.c 2022-01-27 21:24:06.000000000 +0000 @@ -84,7 +84,8 @@ int set_cmnd_path(const char *runchroot) { - return FOUND; + /* Cannot return FOUND without also setting user_cmnd to a new value. */ + return NOT_FOUND; } /* STUB */ diff -Nru sudo-1.9.5p2/plugins/sudoers/sudo_ldap.h sudo-1.9.9/plugins/sudoers/sudo_ldap.h --- sudo-1.9.5p2/plugins/sudoers/sudo_ldap.h 2020-12-17 01:33:44.000000000 +0000 +++ sudo-1.9.9/plugins/sudoers/sudo_ldap.h 2022-01-27 21:24:06.000000000 +0000 @@ -24,8 +24,8 @@ /* ldap_util.c */ bool sudo_ldap_is_negated(char **valp); -bool sudo_ldap_add_default(const char *var, const char *val, int op, char *source, struct defaults_list *defs); int sudo_ldap_parse_option(char *optstr, char **varp, char **valp); struct privilege *sudo_ldap_role_to_priv(const char *cn, void *hosts, void *runasusers, void *runasgroups, void *cmnds, void *opts, const char *notbefore, const char *notafter, bool warnings, bool store_options, sudo_ldap_iter_t iter); +struct member *sudo_ldap_new_member_all(void); #endif /* SUDOERS_LDAP_H */ diff -Nru sudo-1.9.5p2/plugins/sudoers/sudo_ldap_conf.h sudo-1.9.9/plugins/sudoers/sudo_ldap_conf.h --- sudo-1.9.5p2/plugins/sudoers/sudo_ldap_conf.h 2020-12-17 01:33:44.000000000 +0000 +++ sudo-1.9.9/plugins/sudoers/sudo_ldap_conf.h 2022-01-27 21:24:22.000000000 +0000 @@ -64,6 +64,11 @@ } while (0) #endif +/* + * Configuration data types. + * When adding a new data type, be sure to update sudo_ldap_parse_keyword() + * and sudo_ldap_set_options_table(). + */ #define CONF_BOOL 0 #define CONF_INT 1 #define CONF_STR 2 @@ -77,7 +82,7 @@ struct ldap_config_table { const char *conf_str; /* config file string */ - int type; /* CONF_BOOL, CONF_INT, CONF_STR */ + int type; /* CONF_* value, see above */ int opt_val; /* LDAP_OPT_* (or -1 for sudo internal) */ void *valp; /* pointer into ldap_conf */ }; diff -Nru sudo-1.9.5p2/plugins/sudoers/sudoers.c sudo-1.9.9/plugins/sudoers/sudoers.c --- sudo-1.9.5p2/plugins/sudoers/sudoers.c 2021-01-23 15:45:11.000000000 +0000 +++ sudo-1.9.9/plugins/sudoers/sudoers.c 2022-01-27 21:24:23.000000000 +0000 @@ -63,6 +63,7 @@ #include "sudoers.h" #include "parse.h" +#include "check.h" #include "auth/sudo_auth.h" #include "sudo_iolog.h" @@ -70,7 +71,6 @@ * Prototypes */ static int set_cmnd(void); -static int create_admin_success_flag(void); static bool init_vars(char * const *); static bool set_loginclass(struct passwd *); static bool set_runasgr(const char *, bool); @@ -85,9 +85,6 @@ struct passwd *list_pw; uid_t timestamp_uid; gid_t timestamp_gid; -#ifdef HAVE_BSD_AUTH_H -char *login_style; -#endif /* HAVE_BSD_AUTH_H */ bool force_umask; int sudo_mode; @@ -96,6 +93,7 @@ static bool unknown_runas_uid; static bool unknown_runas_gid; static int cmnd_status = -1; +static struct defaults_list initial_defaults = TAILQ_HEAD_INITIALIZER(initial_defaults); #ifdef __linux__ static struct rlimit nproclimit; @@ -151,6 +149,36 @@ #endif /* __linux__ */ } +static bool +sudoers_reinit_defaults(void) +{ + struct sudo_nss *nss, *nss_next; + debug_decl(sudoers_reinit_defaults, SUDOERS_DEBUG_PLUGIN); + + if (!init_defaults()) { + sudo_warnx("%s", U_("unable to initialize sudoers default values")); + debug_return_bool(false); + } + + if (!update_defaults(NULL, &initial_defaults, + SETDEF_GENERIC|SETDEF_HOST|SETDEF_USER|SETDEF_RUNAS, false)) { + log_warningx(SLOG_SEND_MAIL|SLOG_NO_STDERR, + N_("problem with defaults entries")); + debug_return_bool(false); + } + + TAILQ_FOREACH_SAFE(nss, snl, entries, nss_next) { + if (nss->getdefs(nss) == -1 || !update_defaults(nss->parse_tree, NULL, + SETDEF_GENERIC|SETDEF_HOST|SETDEF_USER|SETDEF_RUNAS, false)) { + log_warningx(SLOG_SEND_MAIL|SLOG_NO_STDERR, + N_("problem with defaults entries")); + /* not a fatal error */ + } + } + + debug_return_int(true); +} + int sudoers_init(void *info, char * const envp[]) { @@ -159,8 +187,9 @@ static int ret = -1; debug_decl(sudoers_init, SUDOERS_DEBUG_PLUGIN); - if (ret == true) - debug_return_int(true); + /* Only initialize once. */ + if (snl != NULL) + debug_return_int(ret); bindtextdomain("sudoers", LOCALEDIR); @@ -178,7 +207,7 @@ } /* Parse info from front-end. */ - sudo_mode = sudoers_policy_deserialize_info(info); + sudo_mode = sudoers_policy_deserialize_info(info, &initial_defaults); if (ISSET(sudo_mode, MODE_ERROR)) debug_return_int(-1); @@ -192,6 +221,14 @@ if (!set_perms(PERM_ROOT)) debug_return_int(-1); + /* Update defaults set by front-end. */ + if (!update_defaults(NULL, &initial_defaults, + SETDEF_GENERIC|SETDEF_HOST|SETDEF_USER|SETDEF_RUNAS, false)) { + log_warningx(SLOG_SEND_MAIL|SLOG_NO_STDERR, + N_("problem with defaults entries")); + debug_return_int(-1); + } + /* * Open and parse sudoers, set global defaults. * Uses the C locale unless another is specified in sudoers. @@ -328,18 +365,39 @@ debug_return_bool(true); } +static bool need_reinit; + int sudoers_policy_main(int argc, char * const argv[], int pwflag, char *env_add[], bool verbose, void *closure) { char *iolog_path = NULL; mode_t cmnd_umask = ACCESSPERMS; - struct sudo_nss *nss; int oldlocale, validated, ret = -1; debug_decl(sudoers_policy_main, SUDOERS_DEBUG_PLUGIN); sudo_warn_set_locale_func(sudoers_warn_setlocale); + if (argc == 0) { + sudo_warnx("%s", U_("no command specified")); + debug_return_int(-1); + } + + /* Was previous command was intercepted? */ + if (def_intercept) + SET(sudo_mode, MODE_POLICY_INTERCEPTED); + + /* Only certain mode flags are legal for intercepted commands. */ + if (ISSET(sudo_mode, MODE_POLICY_INTERCEPTED)) + sudo_mode &= MODE_INTERCEPT_MASK; + + /* Re-initialize defaults if we are called multiple times. */ + if (need_reinit) { + if (!sudoers_reinit_defaults()) + debug_return_int(-1); + } + need_reinit = true; + unlimit_nproc(); /* Is root even allowed to run sudo? */ @@ -358,39 +416,29 @@ sudo_user.env_vars = env_add; /* - * Make a local copy of argc/argv, with special handling - * for pseudo-commands and the '-i' option. + * Make a local copy of argc/argv, with special handling for the + * '-i' option. We also allocate an extra slot for bash's --login. */ - if (argc == 0) { - NewArgc = 1; - NewArgv = reallocarray(NULL, NewArgc + 1, sizeof(char *)); - if (NewArgv == NULL) { - sudo_warnx(U_("%s: %s"), __func__, U_("unable to allocate memory")); - goto done; - } - sudoers_gc_add(GC_VECTOR, NewArgv); - NewArgv[0] = user_cmnd; - NewArgv[1] = NULL; - } else { - /* Must leave an extra slot before NewArgv for bash's --login */ - NewArgc = argc; - NewArgv = reallocarray(NULL, NewArgc + 2, sizeof(char *)); - if (NewArgv == NULL) { + if (NewArgv != NULL) { + sudoers_gc_remove(GC_PTR, NewArgv); + free(NewArgv); + } + NewArgc = argc; + NewArgv = reallocarray(NULL, NewArgc + 2, sizeof(char *)); + if (NewArgv == NULL) { + sudo_warnx(U_("%s: %s"), __func__, U_("unable to allocate memory")); + goto done; + } + sudoers_gc_add(GC_PTR, NewArgv); + memcpy(NewArgv, argv, argc * sizeof(char *)); + NewArgv[NewArgc] = NULL; + if (ISSET(sudo_mode, MODE_LOGIN_SHELL) && runas_pw != NULL) { + NewArgv[0] = strdup(runas_pw->pw_shell); + if (NewArgv[0] == NULL) { sudo_warnx(U_("%s: %s"), __func__, U_("unable to allocate memory")); goto done; } - sudoers_gc_add(GC_VECTOR, NewArgv); - NewArgv++; /* reserve an extra slot for --login */ - memcpy(NewArgv, argv, argc * sizeof(char *)); - NewArgv[NewArgc] = NULL; - if (ISSET(sudo_mode, MODE_LOGIN_SHELL) && runas_pw != NULL) { - NewArgv[0] = strdup(runas_pw->pw_shell); - if (NewArgv[0] == NULL) { - sudo_warnx(U_("%s: %s"), __func__, U_("unable to allocate memory")); - goto done; - } - sudoers_gc_add(GC_PTR, NewArgv[0]); - } + sudoers_gc_add(GC_PTR, NewArgv[0]); } /* If given the -P option, set the "preserve_groups" flag. */ @@ -435,12 +483,12 @@ /* Defer uid/gid checks until after defaults have been updated. */ if (unknown_runas_uid && !def_runas_allow_unknown_id) { - log_warningx(SLOG_AUDIT, N_("unknown user: %s"), runas_pw->pw_name); + log_warningx(SLOG_AUDIT, N_("unknown user %s"), runas_pw->pw_name); goto done; } if (runas_gr != NULL) { if (unknown_runas_gid && !def_runas_allow_unknown_id) { - log_warningx(SLOG_AUDIT, N_("unknown group: %s"), + log_warningx(SLOG_AUDIT, N_("unknown group %s"), runas_gr->gr_name); goto done; } @@ -585,6 +633,15 @@ audit_failure(NewArgv, N_("%s: command not found"), user_cmnd); sudo_warnx(U_("%s: command not found"), user_cmnd); + if (strncmp(user_cmnd, "cd", 2) == 0 && (user_cmnd[2] == '\0' || + isblank((unsigned char)user_cmnd[2]))) { + sudo_warnx("%s", + U_("\"cd\" is a shell built-in command, it cannot be run directly.")); + sudo_warnx("%s", + U_("the -s option may be used to run a privileged shell.")); + sudo_warnx("%s", + U_("the -D option may be used to run a command in a specific directory.")); + } } goto bad; } @@ -643,14 +700,6 @@ goto done; } - /* Cleanup sudoers sources */ - TAILQ_FOREACH(nss, snl, entries) { - nss->close(nss); - } - if (def_group_plugin) - group_plugin_unload(); - init_parser(NULL, false, false); - if (ISSET(sudo_mode, (MODE_VALIDATE|MODE_CHECK|MODE_LIST))) { /* ret already set appropriately */ goto done; @@ -684,11 +733,10 @@ */ if (NewArgc > 1 && strcmp(NewArgv[0], "-bash") == 0 && strcmp(NewArgv[1], "-c") == 0) { - /* Use the extra slot before NewArgv so we can store --login. */ - NewArgv--; - NewArgc++; - NewArgv[0] = NewArgv[1]; + /* We allocated extra space for the --login above. */ + memmove(&NewArgv[2], &NewArgv[1], sizeof(char *) * NewArgc); NewArgv[1] = "--login"; + NewArgc++; } #if defined(_AIX) || (defined(__linux__) && !defined(HAVE_PAM)) @@ -730,7 +778,7 @@ free(safe_cmnd); safe_cmnd = find_editor(NewArgc - 1, NewArgv + 1, &edit_argc, - &edit_argv, NULL, &env_editor, false); + &edit_argv, NULL, &env_editor); if (safe_cmnd == NULL) { if (errno != ENOENT) goto done; @@ -740,7 +788,9 @@ env_editor ? env_editor : def_editor); goto bad; } - sudoers_gc_add(GC_VECTOR, edit_argv); + /* find_editor() already g/c'd edit_argv[] */ + sudoers_gc_remove(GC_PTR, NewArgv); + free(NewArgv); NewArgv = edit_argv; NewArgc = edit_argc; @@ -754,6 +804,10 @@ ret = false; done: + if (def_group_plugin) + group_plugin_unload(); + init_parser(NULL, false, false); + if (ret == -1) { /* Free stashed copy of the environment. */ (void)env_init(NULL); @@ -769,10 +823,6 @@ restore_nproc(); - /* Destroy the password and group caches and free the contents. */ - sudo_freepwcache(); - sudo_freegrcache(); - sudo_warn_set_locale_func(NULL); debug_return_int(ret); @@ -832,7 +882,7 @@ * YP/NIS/NIS+/LDAP/etc daemon has died. */ if (sudo_mode == MODE_KILL || sudo_mode == MODE_INVALIDATE) { - sudo_warnx(U_("unknown uid: %u"), (unsigned int) user_uid); + sudo_warnx(U_("unknown uid %u"), (unsigned int) user_uid); debug_return_bool(false); } @@ -853,7 +903,7 @@ /* It is now safe to use log_warningx() and set_perms() */ if (unknown_user) { - log_warningx(SLOG_SEND_MAIL, N_("unknown uid: %u"), + log_warningx(SLOG_SEND_MAIL, N_("unknown uid %u"), (unsigned int) user_uid); debug_return_bool(false); } @@ -889,6 +939,8 @@ int ret; debug_decl(set_cmnd_path, SUDOERS_DEBUG_PLUGIN); + free(user_cmnd); + user_cmnd = NULL; if (def_secure_path && !user_is_exempt()) path = def_secure_path; if (!set_perms(PERM_RUNAS)) @@ -922,15 +974,16 @@ debug_decl(set_cmnd, SUDOERS_DEBUG_PLUGIN); /* Allocate user_stat for find_path() and match functions. */ + free(user_stat); user_stat = calloc(1, sizeof(struct stat)); if (user_stat == NULL) { sudo_warnx(U_("%s: %s"), __func__, U_("unable to allocate memory")); debug_return_int(NOT_FOUND_ERROR); } - /* Default value for cmnd, overridden below. */ - if (user_cmnd == NULL) - user_cmnd = NewArgv[0]; + /* Re-initialize for when we are called multiple times. */ + free(safe_cmnd); + safe_cmnd = NULL; if (ISSET(sudo_mode, MODE_RUN|MODE_EDIT|MODE_CHECK)) { if (!ISSET(sudo_mode, MODE_EDIT)) { @@ -950,17 +1003,9 @@ } /* set user_args */ + free(user_args); + user_args = NULL; if (NewArgc > 1) { - char *to, *from, **av; - size_t size, n; - - /* Alloc and build up user_args. */ - for (size = 0, av = NewArgv + 1; *av; av++) - size += strlen(*av) + 1; - if (size == 0 || (user_args = malloc(size)) == NULL) { - sudo_warnx(U_("%s: %s"), __func__, U_("unable to allocate memory")); - debug_return_int(NOT_FOUND_ERROR); - } if (ISSET(sudo_mode, MODE_SHELL|MODE_LOGIN_SHELL) && ISSET(sudo_mode, MODE_RUN)) { /* @@ -968,53 +1013,34 @@ * escapes potential meta chars. We unescape non-spaces * for sudoers matching and logging purposes. */ - for (to = user_args, av = NewArgv + 1; (from = *av); av++) { - while (*from) { - if (from[0] == '\\' && from[1] != '\0' && - !isspace((unsigned char)from[1])) { - from++; - } - if (size - (to - user_args) < 1) { - sudo_warnx(U_("internal error, %s overflow"), - __func__); - debug_return_int(NOT_FOUND_ERROR); - } - *to++ = *from++; - } - if (size - (to - user_args) < 1) { - sudo_warnx(U_("internal error, %s overflow"), - __func__); - debug_return_int(NOT_FOUND_ERROR); - } - *to++ = ' '; - } - *--to = '\0'; + user_args = strvec_join(NewArgv + 1, ' ', strlcpy_unescape); } else { - for (to = user_args, av = NewArgv + 1; *av; av++) { - n = strlcpy(to, *av, size - (to - user_args)); - if (n >= size - (to - user_args)) { - sudo_warnx(U_("internal error, %s overflow"), __func__); - debug_return_int(NOT_FOUND_ERROR); - } - to += n; - *to++ = ' '; - } - *--to = '\0'; + user_args = strvec_join(NewArgv + 1, ' ', NULL); } + if (user_args == NULL) + debug_return_int(NOT_FOUND_ERROR); } } - - if ((user_base = strrchr(user_cmnd, '/')) != NULL) - user_base++; - else - user_base = user_cmnd; + if (user_cmnd == NULL) { + user_cmnd = strdup(NewArgv[0]); + if (user_cmnd == NULL) + debug_return_int(NOT_FOUND_ERROR); + } + user_base = sudo_basename(user_cmnd); /* Convert "sudo sudoedit" -> "sudoedit" */ if (ISSET(sudo_mode, MODE_RUN) && strcmp(user_base, "sudoedit") == 0) { + char *new_cmnd; + CLR(sudo_mode, MODE_RUN); SET(sudo_mode, MODE_EDIT); sudo_warnx("%s", U_("sudoedit doesn't need to be run via sudo")); - user_base = user_cmnd = "sudoedit"; + if ((new_cmnd = strdup("sudoedit")) == NULL) { + sudo_warnx(U_("%s: %s"), __func__, U_("unable to allocate memory")); + debug_return_int(NOT_FOUND_ERROR); + } + free(user_cmnd); + user_base = user_cmnd = new_cmnd; } TAILQ_FOREACH(nss, snl, entries) { @@ -1160,7 +1186,7 @@ * class themselves. We do this because if login.conf gets * corrupted we want the admin to be able to use sudo to fix it. */ - log_warningx(errflags, N_("unknown login class: %s"), login_class); + log_warningx(errflags, N_("unknown login class %s"), login_class); def_use_loginclass = false; if (login_class) ret = false; @@ -1184,8 +1210,9 @@ /* * Look up the fully qualified domain name of host. * Use AI_FQDN if available since "canonical" is not always the same as fqdn. - * Returns true on success, setting longp and shortp. - * Returns false on failure, longp and shortp are unchanged. + * Returns 0 on success, setting longp and shortp. + * Returns non-zero on failure, longp and shortp are unchanged. + * See gai_strerror() for the list of error return codes. */ static int resolve_host(const char *host, char **longp, char **shortp) @@ -1317,7 +1344,7 @@ if (pw == NULL) { if ((pw = sudo_getpwnam(user)) == NULL) { if (!quiet) - log_warningx(SLOG_AUDIT, N_("unknown user: %s"), user); + log_warningx(SLOG_AUDIT, N_("unknown user %s"), user); debug_return_bool(false); } } @@ -1351,7 +1378,7 @@ if (gr == NULL) { if ((gr = sudo_getgrnam(group)) == NULL) { if (!quiet) - log_warningx(SLOG_AUDIT, N_("unknown group: %s"), group); + log_warningx(SLOG_AUDIT, N_("unknown group %s"), group); debug_return_bool(false); } } @@ -1637,64 +1664,43 @@ /* * Cleanup hook for sudo_fatal()/sudo_fatalx() + * Also called at policy close time. */ void sudoers_cleanup(void) { struct sudo_nss *nss; + struct defaults *def; debug_decl(sudoers_cleanup, SUDOERS_DEBUG_PLUGIN); if (snl != NULL) { TAILQ_FOREACH(nss, snl, entries) { nss->close(nss); } + snl = NULL; + init_parser(NULL, false, false); + } + while ((def = TAILQ_FIRST(&initial_defaults)) != NULL) { + TAILQ_REMOVE(&initial_defaults, def, entries); + free(def->var); + free(def->val); + free(def); } + need_reinit = false; if (def_group_plugin) group_plugin_unload(); + sudo_user_free(); sudo_freepwcache(); sudo_freegrcache(); - debug_return; -} + /* Clear globals */ + list_pw = NULL; + NewArgv = NULL; + NewArgc = 0; + prev_user = NULL; -#ifdef USE_ADMIN_FLAG -static int -create_admin_success_flag(void) -{ - char flagfile[PATH_MAX]; - int len, ret = -1; - debug_decl(create_admin_success_flag, SUDOERS_DEBUG_PLUGIN); - - /* Check whether the user is in the sudo or admin group. */ - if (!user_in_group(sudo_user.pw, "sudo") && - !user_in_group(sudo_user.pw, "admin")) - debug_return_int(true); - - /* Build path to flag file. */ - len = snprintf(flagfile, sizeof(flagfile), "%s/.sudo_as_admin_successful", - user_dir); - if (len < 0 || len >= ssizeof(flagfile)) - debug_return_int(false); - - /* Create admin flag file if it doesn't already exist. */ - if (set_perms(PERM_USER)) { - int fd = open(flagfile, O_CREAT|O_WRONLY|O_NONBLOCK|O_EXCL, 0644); - ret = fd != -1 || errno == EEXIST; - if (fd != -1) - close(fd); - if (!restore_perms()) - ret = -1; - } - debug_return_int(ret); -} -#else /* !USE_ADMIN_FLAG */ -static int -create_admin_success_flag(void) -{ - /* STUB */ - return true; + debug_return; } -#endif /* USE_ADMIN_FLAG */ static bool tty_present(void) @@ -1709,3 +1715,52 @@ } debug_return_bool(true); } + +/* + * Free memory allocated for struct sudo_user. + */ +void +sudo_user_free(void) +{ + debug_decl(sudo_user_free, SUDOERS_DEBUG_PLUGIN); + + /* Free remaining references to password and group entries. */ + if (sudo_user.pw != NULL) + sudo_pw_delref(sudo_user.pw); + if (runas_pw != NULL) + sudo_pw_delref(runas_pw); + if (runas_gr != NULL) + sudo_gr_delref(runas_gr); + if (user_gid_list != NULL) + sudo_gidlist_delref(user_gid_list); + + /* Free dynamic contents of sudo_user. */ + free(user_cwd); + free(user_name); + free(user_gids); + if (user_ttypath != NULL) + free(user_ttypath); + else + free(user_tty); + if (user_shost != user_host) + free(user_shost); + free(user_host); + if (user_srunhost != user_runhost) + free(user_srunhost); + free(user_runhost); + free(user_cmnd); + free(user_args); + free(safe_cmnd); + free(user_stat); +#ifdef HAVE_SELINUX + free(user_role); + free(user_type); +#endif +#ifdef HAVE_PRIV_SET + free(runas_privs); + free(runas_limitprivs); +#endif + memset(&sudo_user, 0, sizeof(sudo_user)); + + debug_return; +} diff -Nru sudo-1.9.5p2/plugins/sudoers/sudoers.h sudo-1.9.9/plugins/sudoers/sudoers.h --- sudo-1.9.5p2/plugins/sudoers/sudoers.h 2020-12-17 01:34:30.000000000 +0000 +++ sudo-1.9.9/plugins/sudoers/sudoers.h 2022-01-27 21:24:22.000000000 +0000 @@ -130,6 +130,7 @@ uid_t uid; uid_t gid; pid_t sid; + char uuid_str[37]; }; /* @@ -156,7 +157,7 @@ #define FLAG_NO_USER 0x020 #define FLAG_NO_HOST 0x040 #define FLAG_NO_CHECK 0x080 -#define FLAG_NON_INTERACTIVE 0x100 +#define FLAG_NO_USER_INPUT 0x100 #define FLAG_BAD_PASSWORD 0x200 /* @@ -184,7 +185,7 @@ #define MODE_MASK 0x0000ffff /* Mode flags */ -#define MODE_BACKGROUND 0x00010000 /* XXX - unused */ +#define MODE_ASKPASS 0x00010000 #define MODE_SHELL 0x00020000 #define MODE_LOGIN_SHELL 0x00040000 #define MODE_IMPLIED_SHELL 0x00080000 @@ -193,6 +194,10 @@ #define MODE_PRESERVE_ENV 0x00400000 #define MODE_NONINTERACTIVE 0x00800000 #define MODE_IGNORE_TICKET 0x01000000 +#define MODE_POLICY_INTERCEPTED 0x02000000 + +/* Mode bits allowed for intercepted commands. */ +#define MODE_INTERCEPT_MASK (MODE_RUN|MODE_NONINTERACTIVE|MODE_IGNORE_TICKET|MODE_POLICY_INTERCEPTED) /* * Used with set_perms() @@ -292,7 +297,7 @@ int verify_user(struct passwd *pw, char *prompt, int validated, struct sudo_conv_callback *callback); int sudo_auth_begin_session(struct passwd *pw, char **user_env[]); int sudo_auth_end_session(struct passwd *pw); -int sudo_auth_init(struct passwd *pw); +int sudo_auth_init(struct passwd *pw, int mode); int sudo_auth_approval(struct passwd *pw, int validated, bool exempt); int sudo_auth_cleanup(struct passwd *pw, bool force); @@ -314,6 +319,7 @@ /* toke.l */ YY_DECL; +void sudoersrestart(FILE *); extern FILE *sudoersin; extern const char *sudoers_file; extern char *sudoers; @@ -340,6 +346,7 @@ sudo_dso_public void sudo_gr_delref(struct group *); bool user_in_group(const struct passwd *, const char *); struct group *sudo_fakegrnam(const char *); +struct group *sudo_mkgrent(const char *group, gid_t gid, ...); struct gid_list *sudo_get_gidlist(const struct passwd *pw, unsigned int type); struct group_list *sudo_get_grlist(const struct passwd *pw); struct passwd *sudo_fakepwnam(const char *, gid_t); @@ -389,6 +396,9 @@ int sudo_setenv(const char *var, const char *val, int overwrite); int sudo_unsetenv(const char *var); char *sudo_getenv(const char *name); +char *sudo_getenv_nodebug(const char *name); +int sudo_putenv_nodebug(char *str, bool dupcheck, bool overwrite); +int sudo_unsetenv_nodebug(const char *var); int sudoers_hook_getenv(const char *name, char **value, void *closure); int sudoers_hook_putenv(char *string, void *closure); int sudoers_hook_setenv(const char *name, const char *value, int overwrite, void *closure); @@ -404,6 +414,7 @@ int sudoers_init(void *info, char * const envp[]); int sudoers_policy_main(int argc, char * const argv[], int pwflag, char *env_add[], bool verbose, void *closure); void sudoers_cleanup(void); +void sudo_user_free(void); extern struct sudo_user sudo_user; extern struct passwd *list_pw; extern bool force_umask; @@ -419,7 +430,7 @@ void sudoers_debug_deregister(void); /* policy.c */ -int sudoers_policy_deserialize_info(void *v); +int sudoers_policy_deserialize_info(void *v, struct defaults_list *defaults); bool sudoers_policy_store_result(bool accepted, char *argv[], char *envp[], mode_t cmnd_umask, char *iolog_path, void *v); extern const char *path_ldap_conf; extern const char *path_ldap_secret; @@ -434,7 +445,7 @@ /* editor.c */ char *find_editor(int nfiles, char **files, int *argc_out, char ***argv_out, - char * const *allowlist, const char **env_editor, bool env_error); + char * const *allowlist, const char **env_editor); /* exptilde.c */ bool expand_tilde(char **path, const char *user); @@ -448,11 +459,12 @@ bool sudoers_gc_add(enum sudoers_gc_types type, void *ptr); bool sudoers_gc_remove(enum sudoers_gc_types type, void *ptr); void sudoers_gc_init(void); +void sudoers_gc_run(void); + +/* strlcpy_unesc.c */ +size_t strlcpy_unescape(char *dst, const char *src, size_t size); -/* rcstr.c */ -char *rcstr_dup(const char *src); -char *rcstr_alloc(size_t len); -char *rcstr_addref(const char *s); -void rcstr_delref(const char *s); +/* strvec_join.c */ +char *strvec_join(char *const argv[], char sep, size_t (*cpy)(char *, const char *, size_t)); #endif /* SUDOERS_SUDOERS_H */ diff -Nru sudo-1.9.5p2/plugins/sudoers/sudoers.in sudo-1.9.9/plugins/sudoers/sudoers.in --- sudo-1.9.5p2/plugins/sudoers/sudoers.in 2020-12-17 01:33:44.000000000 +0000 +++ sudo-1.9.9/plugins/sudoers/sudoers.in 2022-01-27 21:24:22.000000000 +0000 @@ -76,21 +76,21 @@ ## ## User privilege specification ## -root ALL=(ALL) ALL +root ALL=(ALL:ALL) ALL ## Uncomment to allow members of group wheel to execute any command -# %wheel ALL=(ALL) ALL +# %wheel ALL=(ALL:ALL) ALL ## Same thing without a password -# %wheel ALL=(ALL) NOPASSWD: ALL +# %wheel ALL=(ALL:ALL) NOPASSWD: ALL ## Uncomment to allow members of group sudo to execute any command -# %sudo ALL=(ALL) ALL +# %sudo ALL=(ALL:ALL) ALL ## Uncomment to allow any user to run sudo if they know the password ## of the user they are running the command as (root by default). # Defaults targetpw # Ask for the password of the target user -# ALL ALL=(ALL) ALL # WARNING: only use this together with 'Defaults targetpw' +# ALL ALL=(ALL:ALL) ALL # WARNING: only use this together with 'Defaults targetpw' ## Read drop-in files from @sysconfdir@/sudoers.d @includedir @sysconfdir@/sudoers.d diff -Nru sudo-1.9.5p2/plugins/sudoers/sudoers_debug.c sudo-1.9.9/plugins/sudoers/sudoers_debug.c --- sudo-1.9.5p2/plugins/sudoers/sudoers_debug.c 2020-12-17 01:33:44.000000000 +0000 +++ sudo-1.9.9/plugins/sudoers/sudoers_debug.c 2022-01-27 21:24:06.000000000 +0000 @@ -90,7 +90,7 @@ if (debug_files != NULL && !TAILQ_EMPTY(debug_files)) { if (program != NULL) { instance = sudo_debug_register(program, sudoers_subsystem_names, - sudoers_subsystem_ids, debug_files); + sudoers_subsystem_ids, debug_files, -1); } TAILQ_FOREACH_SAFE(debug_file, debug_files, entries, debug_next) { TAILQ_REMOVE(debug_files, debug_file, entries); diff -Nru sudo-1.9.5p2/plugins/sudoers/sudoers_hooks.c sudo-1.9.9/plugins/sudoers/sudoers_hooks.c --- sudo-1.9.5p2/plugins/sudoers/sudoers_hooks.c 1970-01-01 00:00:00.000000000 +0000 +++ sudo-1.9.9/plugins/sudoers/sudoers_hooks.c 2022-01-27 21:24:06.000000000 +0000 @@ -0,0 +1,155 @@ +/* + * SPDX-License-Identifier: ISC + * + * Copyright (c) 2000-2005, 2007-2019 + * Todd C. Miller + * + * Permission to use, copy, modify, and distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR + * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN + * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF + * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + * + * Sponsored in part by the Defense Advanced Research Projects + * Agency (DARPA) and Air Force Research Laboratory, Air Force + * Materiel Command, USAF, under agreement number F39502-99-1-0512. + */ + +/* + * This is an open source non-commercial project. Dear PVS-Studio, please check it. + * PVS-Studio Static Code Analyzer for C, C++ and C#: http://www.viva64.com + */ + +#include + +#include +#include +#include +#include + +#include "sudoers.h" + +/* + * Similar to setenv(3) but operates on a private copy of the environment. + * Does not include warnings or debugging to avoid recursive calls. + */ +static int +sudo_setenv_nodebug(const char *var, const char *val, int overwrite) +{ + char *ep, *estring = NULL; + const char *cp; + size_t esize; + int ret = -1; + + if (var == NULL || *var == '\0') { + errno = EINVAL; + goto done; + } + + /* + * POSIX says a var name with '=' is an error but BSD + * just ignores the '=' and anything after it. + */ + for (cp = var; *cp && *cp != '='; cp++) + continue; + esize = (size_t)(cp - var) + 2; + if (val) { + esize += strlen(val); /* glibc treats a NULL val as "" */ + } + + /* Allocate and fill in estring. */ + if ((estring = ep = malloc(esize)) == NULL) + goto done; + for (cp = var; *cp && *cp != '='; cp++) + *ep++ = *cp; + *ep++ = '='; + if (val) { + for (cp = val; *cp; cp++) + *ep++ = *cp; + } + *ep = '\0'; + + ret = sudo_putenv_nodebug(estring, true, overwrite); +done: + if (ret == -1) + free(estring); + else + sudoers_gc_add(GC_PTR, estring); + return ret; +} + +int +sudoers_hook_getenv(const char *name, char **value, void *closure) +{ + static bool in_progress = false; /* avoid recursion */ + + if (in_progress || env_get() == NULL) + return SUDO_HOOK_RET_NEXT; + + in_progress = true; + + /* Hack to make GNU gettext() find the sudoers locale when needed. */ + if (*name == 'L' && sudoers_getlocale() == SUDOERS_LOCALE_SUDOERS) { + if (strcmp(name, "LANGUAGE") == 0 || strcmp(name, "LANG") == 0) { + *value = NULL; + goto done; + } + if (strcmp(name, "LC_ALL") == 0 || strcmp(name, "LC_MESSAGES") == 0) { + *value = def_sudoers_locale; + goto done; + } + } + + *value = sudo_getenv_nodebug(name); +done: + in_progress = false; + return SUDO_HOOK_RET_STOP; +} + +int +sudoers_hook_putenv(char *string, void *closure) +{ + static bool in_progress = false; /* avoid recursion */ + + if (in_progress || env_get() == NULL) + return SUDO_HOOK_RET_NEXT; + + in_progress = true; + sudo_putenv_nodebug(string, true, true); + in_progress = false; + return SUDO_HOOK_RET_STOP; +} + +int +sudoers_hook_setenv(const char *name, const char *value, int overwrite, void *closure) +{ + static bool in_progress = false; /* avoid recursion */ + + if (in_progress || env_get() == NULL) + return SUDO_HOOK_RET_NEXT; + + in_progress = true; + sudo_setenv_nodebug(name, value, overwrite); + in_progress = false; + return SUDO_HOOK_RET_STOP; +} + +int +sudoers_hook_unsetenv(const char *name, void *closure) +{ + static bool in_progress = false; /* avoid recursion */ + + if (in_progress || env_get() == NULL) + return SUDO_HOOK_RET_NEXT; + + in_progress = true; + sudo_unsetenv_nodebug(name); + in_progress = false; + return SUDO_HOOK_RET_STOP; +} diff -Nru sudo-1.9.5p2/plugins/sudoers/sudoreplay.c sudo-1.9.9/plugins/sudoers/sudoreplay.c --- sudo-1.9.5p2/plugins/sudoers/sudoreplay.c 2020-12-17 01:33:44.000000000 +0000 +++ sudo-1.9.9/plugins/sudoers/sudoreplay.c 2022-01-27 21:24:22.000000000 +0000 @@ -1,7 +1,7 @@ /* * SPDX-License-Identifier: ISC * - * Copyright (c) 2009-2020 Todd C. Miller + * Copyright (c) 2009-2021 Todd C. Miller * * Permission to use, copy, modify, and distribute this software for any * purpose with or without fee is hereby granted, provided that the above @@ -82,6 +82,7 @@ struct sudo_event *sigquit_ev; struct sudo_event *sigterm_ev; struct sudo_event *sigtstp_ev; + struct timespec *offset; struct timespec *max_delay; struct timing_closure timing; int iolog_dir_fd; @@ -176,8 +177,8 @@ static void read_keyboard(int fd, int what, void *v); static void help(void) __attribute__((__noreturn__)); static int replay_session(int iolog_dir_fd, const char *iolog_dir, - struct timespec *max_wait, const char *decimal, bool interactive, - bool suspend_wait); + struct timespec *offset, struct timespec *max_wait, const char *decimal, + bool interactive, bool suspend_wait); static void sudoreplay_cleanup(void); static void usage(int); static void write_output(int fd, int what, void *v); @@ -195,7 +196,7 @@ isalnum((unsigned char)(s)[3]) && isalnum((unsigned char)(s)[4]) && \ (s)[5] == '/' && \ isalnum((unsigned char)(s)[6]) && isalnum((unsigned char)(s)[7]) && \ - (s)[8] == '\0') + (s)[6] == '\0') sudo_dso_public int main(int argc, char *argv[]); @@ -207,6 +208,7 @@ bool interactive = true, suspend_wait = false, resize = true; const char *decimal, *id, *user = NULL, *pattern = NULL, *tty = NULL; char *cp, *ep, iolog_dir[PATH_MAX]; + struct timespec offset = { 0, 0}; struct eventlog *evlog; struct timespec max_delay_storage, *max_delay = NULL; double dval; @@ -232,7 +234,7 @@ if (sudo_conf_read(NULL, SUDO_CONF_DEBUG) == -1) exit(EXIT_FAILURE); sudo_debug_register(getprogname(), NULL, NULL, - sudo_conf_debug_files(getprogname())); + sudo_conf_debug_files(getprogname()), -1); while ((ch = getopt_long(argc, argv, short_opts, long_opts, NULL)) != -1) { switch (ch) { @@ -323,8 +325,16 @@ iolog_files[IOFD_TTYOUT].enabled = true; } - /* 6 digit ID in base 36, e.g. 01G712AB or free-form name */ + /* Check for offset in @sec.nsec form at the end of the id. */ id = argv[0]; + if ((cp = strchr(id, '@')) != NULL) { + ep = iolog_parse_delay(cp + 1, &offset, decimal); + if (ep == NULL || *ep != '\0') + sudo_fatalx(U_("invalid time offset %s"), cp + 1); + *cp = '\0'; + } + + /* 6 digit ID in base 36, e.g. 01G712AB or free-form name */ if (VALID_ID(id)) { len = snprintf(iolog_dir, sizeof(iolog_dir), "%s/%.2s/%.2s/%.2s", session_dir, id, &id[2], &id[4]); @@ -376,8 +386,8 @@ evlog = NULL; /* Replay session corresponding to iolog_files[]. */ - exitcode = replay_session(iolog_dir_fd, iolog_dir, max_delay, decimal, - interactive, suspend_wait); + exitcode = replay_session(iolog_dir_fd, iolog_dir, &offset, max_delay, + decimal, interactive, suspend_wait); restore_terminal_size(); sudo_term_restore(ttyfd, true); @@ -774,6 +784,16 @@ closure->iobuf.toread = timing->u.nbytes; } + if (sudo_timespecisset(closure->offset)) { + if (sudo_timespeccmp(&timing->delay, closure->offset, >)) { + sudo_timespecsub(&timing->delay, closure->offset, &timing->delay); + sudo_timespecclear(closure->offset); + } else { + sudo_timespecsub(closure->offset, &timing->delay, closure->offset); + sudo_timespecclear(&timing->delay); + } + } + if (nodelay) { /* Already waited, fire immediately. */ timing->delay.tv_sec = 0; @@ -957,8 +977,8 @@ static struct replay_closure * replay_closure_alloc(int iolog_dir_fd, const char *iolog_dir, - struct timespec *max_delay, const char *decimal, bool interactive, - bool suspend_wait) + struct timespec *offset, struct timespec *max_delay, const char *decimal, + bool interactive, bool suspend_wait) { struct replay_closure *closure; debug_decl(replay_closure_alloc, SUDO_DEBUG_UTIL); @@ -969,6 +989,7 @@ closure->iolog_dir_fd = iolog_dir_fd; closure->iolog_dir = iolog_dir; closure->interactive = interactive; + closure->offset = offset; closure->suspend_wait = suspend_wait; closure->max_delay = max_delay; closure->timing.decimal = decimal; @@ -1042,7 +1063,7 @@ } static int -replay_session(int iolog_dir_fd, const char *iolog_dir, +replay_session(int iolog_dir_fd, const char *iolog_dir, struct timespec *offset, struct timespec *max_delay, const char *decimal, bool interactive, bool suspend_wait) { @@ -1051,8 +1072,8 @@ debug_decl(replay_session, SUDO_DEBUG_UTIL); /* Allocate the delay closure and read the first timing record. */ - closure = replay_closure_alloc(iolog_dir_fd, iolog_dir, max_delay, decimal, - interactive, suspend_wait); + closure = replay_closure_alloc(iolog_dir_fd, iolog_dir, offset, max_delay, + decimal, interactive, suspend_wait); if (get_timing_record(closure) != 0) { ret = 1; goto done; @@ -1367,6 +1388,11 @@ if ((evlog = iolog_parse_loginfo(-1, log_dir)) == NULL) goto done; + if (evlog->command == NULL || evlog->submituser == NULL || + evlog->runuser == NULL) { + goto done; + } + /* Match on search expression if there is one. */ if (!STAILQ_EMPTY(&search_expr) && !match_expr(&search_expr, evlog, true)) goto done; @@ -1388,13 +1414,18 @@ } /* XXX - print lines + cols? */ timestr = get_timestr(evlog->submit_time.tv_sec, 1); - printf("%s : %s : TTY=%s ; CWD=%s ; USER=%s ; ", - timestr ? timestr : "invalid date", - evlog->submituser, evlog->ttyname, evlog->cwd, evlog->runuser); - if (evlog->rungroup) - printf("GROUP=%s ; ", evlog->rungroup); - if (evlog->submithost) + printf("%s : %s : ", timestr ? timestr : "invalid date", evlog->submituser); + if (evlog->submithost != NULL) printf("HOST=%s ; ", evlog->submithost); + if (evlog->ttyname != NULL) + printf("TTY=%s ; ", evlog->ttyname); + if (evlog->runchroot != NULL) + printf("CHROOT=%s ; ", evlog->runchroot); + if (evlog->runcwd != NULL || evlog->cwd != NULL) + printf("CWD=%s ; ", evlog->runcwd ? evlog->runcwd : evlog->cwd); + printf("USER=%s ; ", evlog->runuser); + if (evlog->rungroup != NULL) + printf("GROUP=%s ; ", evlog->rungroup); printf("TSID=%s ; COMMAND=%s\n", idstr, evlog->command); ret = 0; diff -Nru sudo-1.9.5p2/plugins/sudoers/testsudoers.c sudo-1.9.9/plugins/sudoers/testsudoers.c --- sudo-1.9.5p2/plugins/sudoers/testsudoers.c 2020-12-17 01:33:44.000000000 +0000 +++ sudo-1.9.9/plugins/sudoers/testsudoers.c 2022-01-27 21:24:06.000000000 +0000 @@ -68,19 +68,11 @@ static int testsudoers_error(const char *msg); static int testsudoers_output(const char *buf); -/* tsgetgrpw.c */ -extern void setgrfile(const char *); -extern void setgrent(void); -extern void endgrent(void); -extern struct group *getgrent(void); -extern struct group *getgrnam(const char *); -extern struct group *getgrgid(gid_t); -extern void setpwfile(const char *); -extern void setpwent(void); -extern void endpwent(void); -extern struct passwd *getpwent(void); -extern struct passwd *getpwnam(const char *); -extern struct passwd *getpwuid(uid_t); +/* testsudoers_pwutil.c */ +extern struct cache_item *testsudoers_make_gritem(gid_t gid, const char *group); +extern struct cache_item *testsudoers_make_grlist_item(const struct passwd *pw, char * const *groups); +extern struct cache_item *testsudoers_make_gidlist_item(const struct passwd *pw, char * const *gids, unsigned int type); +extern struct cache_item *testsudoers_make_pwitem(uid_t uid, const char *user); /* gram.y */ extern int (*trace_print)(const char *msg); @@ -194,11 +186,18 @@ argc -= optind; argv += optind; - /* Set group/passwd file and init the cache. */ - if (grfile) - setgrfile(grfile); - if (pwfile) - setpwfile(pwfile); + if (grfile != NULL || pwfile != NULL) { + /* Set group/passwd file and init the cache. */ + if (grfile) + testsudoers_setgrfile(grfile); + if (pwfile) + testsudoers_setpwfile(pwfile); + + /* Use custom passwd/group backend. */ + sudo_pwutil_set_backend(testsudoers_make_pwitem, + testsudoers_make_gritem, testsudoers_make_gidlist_item, + testsudoers_make_grlist_item); + } if (argc < 2) { if (!dflag) @@ -209,14 +208,11 @@ } else { user_name = *argv++; user_cmnd = *argv++; - if ((p = strrchr(user_cmnd, '/')) != NULL) - user_base = p + 1; - else - user_base = user_cmnd; + user_base = sudo_basename(user_cmnd); argc -= 2; } if ((sudo_user.pw = sudo_getpwnam(user_name)) == NULL) - sudo_fatalx(U_("unknown user: %s"), user_name); + sudo_fatalx(U_("unknown user %s"), user_name); if (user_host == NULL) { if ((user_host = sudo_gethostname()) == NULL) @@ -383,7 +379,7 @@ } if (pw == NULL) { if ((pw = sudo_getpwnam(user)) == NULL) - sudo_fatalx(U_("unknown user: %s"), user); + sudo_fatalx(U_("unknown user %s"), user); } if (runas_pw != NULL) sudo_pw_delref(runas_pw); @@ -407,7 +403,7 @@ } if (gr == NULL) { if ((gr = sudo_getgrnam(group)) == NULL) - sudo_fatalx(U_("unknown group: %s"), group); + sudo_fatalx(U_("unknown group %s"), group); } if (runas_gr != NULL) sudo_gr_delref(runas_gr); @@ -447,12 +443,8 @@ const char *base; debug_decl(open_sudoers, SUDOERS_DEBUG_UTIL); - base = strrchr(file, '/'); - if (base != NULL) - base++; - else - base = file; - + /* Report errors using the basename for consistent test output. */ + base = sudo_basename(file); switch (sudo_secure_file(file, sudoers_uid, sudoers_gid, &sb)) { case SUDO_PATH_SECURE: fp = fopen(file, "r"); @@ -509,7 +501,8 @@ int set_cmnd_path(const char *runchroot) { - return FOUND; + /* Cannot return FOUND without also setting user_cmnd to a new value. */ + return NOT_FOUND; } static bool diff -Nru sudo-1.9.5p2/plugins/sudoers/testsudoers_pwutil.c sudo-1.9.9/plugins/sudoers/testsudoers_pwutil.c --- sudo-1.9.5p2/plugins/sudoers/testsudoers_pwutil.c 1970-01-01 00:00:00.000000000 +0000 +++ sudo-1.9.9/plugins/sudoers/testsudoers_pwutil.c 2022-01-27 21:24:06.000000000 +0000 @@ -0,0 +1,14 @@ +/* Use custom passwd/group functions with the normal pwutil_impl.c */ +#define sudo_make_pwitem testsudoers_make_pwitem +#define sudo_make_gritem testsudoers_make_gritem +#define sudo_make_gidlist_item testsudoers_make_gidlist_item +#define sudo_make_grlist_item testsudoers_make_grlist_item + +#define getpwnam testsudoers_getpwnam +#define getpwuid testsudoers_getpwuid +#define getgrnam testsudoers_getgrnam +#define getgrgid testsudoers_getgrgid +#define sudo_getgrouplist2_v1 testsudoers_getgrouplist2_v1 + +#include "tsgetgrpw.h" +#include "pwutil_impl.c" diff -Nru sudo-1.9.5p2/plugins/sudoers/timestamp.c sudo-1.9.9/plugins/sudoers/timestamp.c --- sudo-1.9.5p2/plugins/sudoers/timestamp.c 2021-01-23 15:45:11.000000000 +0000 +++ sudo-1.9.9/plugins/sudoers/timestamp.c 2022-01-27 21:24:22.000000000 +0000 @@ -1,7 +1,7 @@ /* * SPDX-License-Identifier: ISC * - * Copyright (c) 2014-2020 Todd C. Miller + * Copyright (c) 2014-2021 Todd C. Miller * * Permission to use, copy, modify, and distribute this software for any * purpose with or without fee is hereby granted, provided that the above @@ -185,7 +185,7 @@ * Returns false on failure and displays a warning to stderr. */ static bool -ts_mkdirs(char *path, uid_t owner, gid_t group, mode_t mode, +ts_mkdirs(const char *path, uid_t owner, gid_t group, mode_t mode, mode_t parent_mode, bool quiet) { bool ret; @@ -304,6 +304,8 @@ if (offset == -1) { old_eof = lseek(fd, 0, SEEK_CUR); + if (old_eof == -1) + debug_return_ssize_t(-1); nwritten = write(fd, entry, entry->size); } else { old_eof = offset; @@ -750,6 +752,9 @@ debug_return; } +#define TIMESPEC_VALID(ts) \ + ((ts)->tv_sec >= 0 && (ts)->tv_nsec >= 0 && (ts)->tv_nsec < 1000000000L) + /* * Check the time stamp file and directory and return their status. * Called with the file position before the locked record to read. @@ -801,13 +806,21 @@ /* Make sure what we read matched the expected record. */ if (entry.version != TS_VERSION || entry.size != nread) { - /* do something else? */ sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO, "invalid time stamp file @ %lld", (long long)cookie->pos); status = TS_OLD; goto done; } + /* Sanity check time stamps. */ + if (!TIMESPEC_VALID(&entry.start_time) || !TIMESPEC_VALID(&entry.ts)) { + sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO, + "invalid timespec in time stamp file @ %lld", + (long long)cookie->pos); + status = TS_OLD; + goto done; + } + if (ISSET(entry.flags, TS_DISABLED)) { sudo_debug_printf(SUDO_DEBUG_DEBUG|SUDO_DEBUG_LINENO, "time stamp record disabled"); @@ -1082,3 +1095,51 @@ done: debug_return_int(ret); } + +#ifdef _PATH_SUDO_ADMIN_FLAG +int +create_admin_success_flag(void) +{ + char *flagfile; + int ret = -1; + debug_decl(create_admin_success_flag, SUDOERS_DEBUG_AUTH); + + /* Is the admin flag file even enabled? */ + if (!def_admin_flag) + debug_return_int(true); + + /* Check whether the user is in the sudo or admin group. */ + if (!user_in_group(sudo_user.pw, "sudo") && + !user_in_group(sudo_user.pw, "admin")) + debug_return_int(true); + + /* Build path to flag file. */ + if ((flagfile = strdup(def_admin_flag)) == NULL) { + sudo_warnx(U_("%s: %s"), __func__, U_("unable to allocate memory")); + debug_return_int(-1); + } + if (!expand_tilde(&flagfile, user_name)) { + free(flagfile); + debug_return_int(false); + } + + /* Create admin flag file if it doesn't already exist. */ + if (set_perms(PERM_USER)) { + int fd = open(flagfile, O_CREAT|O_WRONLY|O_NONBLOCK|O_EXCL, 0644); + ret = fd != -1 || errno == EEXIST; + if (fd != -1) + close(fd); + if (!restore_perms()) + ret = -1; + } + free(flagfile); + debug_return_int(ret); +} +#else /* !_PATH_SUDO_ADMIN_FLAG */ +int +create_admin_success_flag(void) +{ + /* STUB */ + return true; +} +#endif /* _PATH_SUDO_ADMIN_FLAG */ diff -Nru sudo-1.9.5p2/plugins/sudoers/timestr.c sudo-1.9.9/plugins/sudoers/timestr.c --- sudo-1.9.5p2/plugins/sudoers/timestr.c 2020-12-17 01:33:44.000000000 +0000 +++ sudo-1.9.9/plugins/sudoers/timestr.c 2022-01-27 21:24:22.000000000 +0000 @@ -37,13 +37,15 @@ get_timestr(time_t tstamp, int log_year) { static char buf[128]; - struct tm *timeptr; + struct tm tm; + int len; - if ((timeptr = localtime(&tstamp)) != NULL) { + if (localtime_r(&tstamp, &tm) != NULL) { /* strftime() does not guarantee to NUL-terminate so we must check. */ buf[sizeof(buf) - 1] = '\0'; - if (strftime(buf, sizeof(buf), log_year ? "%h %e %T %Y" : "%h %e %T", - timeptr) != 0 && buf[sizeof(buf) - 1] == '\0') + len = strftime(buf, sizeof(buf), log_year ? "%h %e %T %Y" : "%h %e %T", + &tm); + if (len != 0 && buf[sizeof(buf) - 1] == '\0') return buf; } return NULL; diff -Nru sudo-1.9.5p2/plugins/sudoers/toke.c sudo-1.9.9/plugins/sudoers/toke.c --- sudo-1.9.5p2/plugins/sudoers/toke.c 2021-01-09 20:12:16.000000000 +0000 +++ sudo-1.9.9/plugins/sudoers/toke.c 2022-01-27 21:24:22.000000000 +0000 @@ -393,8 +393,8 @@ *yy_cp = '\0'; \ (yy_c_buf_p) = yy_cp; -#define YY_NUM_RULES 81 -#define YY_END_OF_BUFFER 82 +#define YY_NUM_RULES 83 +#define YY_END_OF_BUFFER 84 /* This struct is not used in this scanner, but its presence is necessary. */ struct yy_trans_info @@ -402,132 +402,138 @@ flex_int32_t yy_verify; flex_int32_t yy_nxt; }; -static yyconst flex_int16_t yy_accept[1126] = +static yyconst flex_int16_t yy_accept[1184] = { 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 82, 67, - 77, 76, 80, 75, 66, 79, 40, 70, 71, 40, - 72, 67, 67, 67, 67, 74, 73, 80, 67, 57, - 57, 57, 57, 57, 57, 57, 57, 57, 57, 57, - 57, 57, 80, 67, 67, 77, 79, 57, 57, 57, - 57, 57, 2, 80, 1, 67, 57, 57, 57, 67, - 17, 16, 16, 17, 16, 16, 80, 79, 80, 3, - 9, 8, 9, 4, 9, 5, 80, 13, 13, 13, - 11, 12, 80, 19, 19, 18, 18, 18, 19, 18, - - 18, 18, 18, 19, 19, 19, 19, 19, 19, 18, - 19, 19, 68, 68, 69, 68, 64, 64, 64, 64, - 64, 64, 64, 57, 57, 57, 57, 57, 57, 57, - 57, 57, 57, 80, 64, 64, 67, 0, 77, 76, - 75, 79, 79, 0, 0, 67, 42, 0, 40, 0, - 41, 0, 65, 65, 0, 67, 67, 0, 67, 67, - 67, 67, 0, 45, 67, 57, 57, 57, 57, 57, - 57, 57, 57, 57, 57, 57, 57, 57, 57, 57, - 57, 57, 0, 78, 67, 67, 67, 67, 77, 0, - 0, 0, 0, 0, 79, 67, 67, 67, 67, 67, - - 2, 1, 0, 1, 58, 58, 0, 57, 67, 17, - 17, 15, 0, 14, 15, 0, 3, 9, 0, 6, - 7, 9, 9, 13, 0, 13, 13, 0, 10, 0, - 42, 0, 0, 41, 19, 19, 0, 19, 0, 0, - 18, 18, 18, 18, 18, 18, 19, 19, 57, 19, - 19, 19, 19, 19, 19, 19, 19, 19, 68, 68, - 68, 64, 0, 42, 0, 41, 0, 64, 64, 0, - 64, 64, 64, 64, 64, 64, 57, 57, 57, 57, - 57, 57, 57, 57, 57, 57, 64, 64, 64, 64, - 79, 79, 79, 0, 42, 67, 67, 67, 67, 67, - - 0, 0, 45, 45, 67, 57, 47, 57, 51, 57, - 57, 57, 57, 57, 57, 57, 57, 57, 57, 57, - 57, 57, 57, 57, 57, 57, 57, 67, 67, 0, - 0, 0, 0, 0, 79, 67, 67, 67, 67, 67, - 67, 0, 67, 10, 0, 0, 0, 18, 18, 18, + 0, 0, 0, 0, 0, 0, 0, 0, 84, 69, + 79, 78, 82, 77, 68, 81, 42, 72, 73, 42, + 74, 69, 69, 69, 69, 76, 75, 82, 69, 59, + 59, 59, 59, 59, 59, 59, 59, 59, 59, 59, + 59, 59, 59, 82, 69, 69, 79, 81, 59, 59, + 59, 59, 59, 2, 82, 1, 69, 59, 59, 59, + 69, 17, 16, 16, 17, 16, 16, 82, 81, 82, + 3, 9, 8, 9, 4, 9, 5, 82, 13, 13, + 13, 11, 12, 82, 19, 19, 18, 18, 18, 19, + + 18, 18, 18, 18, 19, 19, 19, 19, 19, 19, + 19, 18, 19, 19, 70, 70, 71, 70, 66, 66, + 66, 66, 66, 66, 66, 59, 59, 59, 59, 59, + 59, 59, 59, 59, 59, 59, 82, 66, 66, 69, + 0, 79, 78, 77, 81, 81, 0, 0, 69, 44, + 0, 42, 0, 43, 0, 67, 67, 0, 69, 69, + 0, 69, 69, 69, 69, 0, 47, 69, 59, 59, + 59, 59, 59, 59, 59, 59, 59, 59, 59, 59, + 59, 59, 59, 59, 59, 59, 0, 80, 69, 69, + 69, 69, 79, 0, 0, 0, 0, 0, 81, 69, + + 69, 69, 69, 69, 2, 1, 0, 1, 60, 60, + 0, 59, 69, 17, 17, 15, 0, 14, 15, 0, + 3, 9, 0, 6, 7, 9, 9, 13, 0, 13, + 13, 0, 10, 0, 44, 0, 0, 43, 19, 19, + 0, 19, 0, 0, 18, 18, 18, 18, 18, 18, + 19, 19, 59, 19, 19, 19, 19, 19, 19, 19, + 19, 19, 19, 70, 70, 70, 66, 0, 44, 0, + 43, 0, 66, 66, 0, 66, 66, 66, 66, 66, + 66, 59, 59, 59, 59, 59, 59, 59, 59, 59, + 59, 59, 66, 66, 66, 66, 81, 81, 81, 0, + + 44, 69, 69, 69, 69, 69, 0, 0, 47, 47, + 69, 59, 49, 59, 53, 59, 59, 59, 59, 59, + 59, 59, 59, 59, 59, 59, 59, 59, 59, 59, + 59, 59, 59, 59, 59, 69, 69, 0, 0, 0, + 0, 0, 81, 69, 69, 69, 69, 69, 69, 0, + 69, 10, 0, 0, 0, 18, 18, 18, 19, 19, 19, 19, 19, 19, 19, 19, 19, 19, 19, 19, - 19, 19, 19, 19, 19, 0, 64, 64, 64, 64, - 64, 57, 47, 57, 57, 57, 57, 57, 57, 57, - 57, 57, 57, 57, 57, 64, 64, 79, 79, 79, - 67, 67, 67, 67, 67, 67, 0, 46, 46, 46, - - 0, 0, 45, 45, 45, 45, 45, 45, 45, 67, - 57, 57, 57, 57, 57, 57, 57, 57, 57, 57, - 57, 57, 57, 57, 57, 57, 57, 53, 57, 57, - 54, 67, 67, 67, 67, 0, 0, 0, 0, 0, - 0, 79, 67, 67, 67, 67, 0, 0, 0, 0, - 0, 18, 18, 19, 19, 57, 19, 19, 19, 19, - 19, 19, 19, 19, 19, 19, 19, 19, 19, 64, - 64, 64, 64, 64, 64, 57, 57, 57, 57, 57, - 57, 57, 57, 57, 57, 57, 57, 57, 64, 64, - 64, 64, 67, 67, 67, 0, 0, 46, 46, 46, - - 0, 45, 45, 0, 45, 45, 45, 45, 45, 45, - 45, 45, 45, 45, 45, 67, 57, 0, 29, 57, - 57, 57, 57, 0, 36, 57, 57, 57, 57, 57, - 57, 57, 57, 57, 55, 57, 57, 67, 67, 67, - 67, 67, 0, 0, 0, 79, 67, 67, 67, 0, - 0, 0, 18, 18, 19, 57, 57, 19, 19, 19, + 19, 19, 19, 19, 19, 0, 66, 66, 66, 66, + 66, 59, 49, 59, 59, 59, 59, 59, 59, 59, + 59, 59, 59, 59, 59, 59, 59, 66, 66, 81, + + 81, 81, 69, 69, 69, 69, 69, 69, 0, 48, + 48, 48, 0, 0, 47, 47, 47, 47, 47, 47, + 47, 69, 59, 59, 59, 59, 59, 59, 59, 59, + 59, 59, 59, 59, 59, 59, 59, 59, 59, 59, + 59, 55, 59, 59, 56, 69, 69, 69, 69, 0, + 0, 0, 0, 0, 0, 81, 69, 69, 69, 69, + 0, 0, 0, 0, 0, 18, 18, 19, 19, 19, + 59, 19, 19, 19, 19, 19, 19, 19, 19, 19, + 19, 19, 19, 19, 19, 66, 66, 66, 66, 66, + 66, 59, 59, 59, 59, 59, 59, 59, 59, 59, + + 59, 59, 59, 59, 59, 59, 66, 66, 66, 66, + 69, 69, 69, 0, 0, 48, 48, 48, 0, 47, + 47, 0, 47, 47, 47, 47, 47, 47, 47, 47, + 47, 47, 47, 69, 59, 0, 29, 59, 59, 59, + 59, 59, 0, 38, 59, 59, 59, 59, 59, 59, + 59, 59, 59, 59, 57, 59, 59, 69, 69, 69, + 69, 69, 0, 0, 0, 81, 69, 69, 69, 0, + 0, 0, 18, 18, 19, 19, 59, 59, 19, 19, 19, 19, 19, 19, 19, 19, 19, 19, 19, 19, - 64, 64, 64, 57, 57, 57, 57, 57, 57, 57, - 57, 57, 57, 57, 64, 64, 64, 64, 64, 67, - 67, 67, 67, 67, 0, 46, 0, 45, 45, 45, - - 0, 0, 0, 45, 45, 45, 45, 45, 45, 45, - 45, 45, 45, 45, 45, 45, 67, 52, 57, 57, - 57, 57, 57, 57, 57, 57, 57, 57, 57, 57, - 57, 57, 57, 59, 60, 61, 62, 67, 0, 0, - 79, 67, 67, 67, 0, 0, 0, 0, 0, 19, - 57, 57, 19, 19, 57, 19, 19, 19, 19, 19, - 19, 19, 19, 19, 19, 64, 64, 64, 64, 64, - 57, 57, 57, 57, 57, 57, 57, 57, 57, 57, - 57, 59, 60, 61, 62, 64, 43, 43, 43, 0, - 0, 45, 45, 45, 45, 45, 45, 45, 0, 0, - - 0, 0, 0, 45, 45, 45, 45, 45, 45, 45, - 45, 45, 45, 45, 45, 45, 45, 67, 0, 38, - 57, 57, 57, 0, 28, 57, 57, 57, 0, 37, - 57, 57, 57, 57, 0, 27, 0, 30, 48, 67, - 0, 0, 79, 67, 67, 67, 43, 43, 43, 57, - 57, 19, 57, 57, 19, 19, 19, 43, 43, 43, - 57, 57, 57, 57, 57, 57, 57, 64, 67, 43, - 43, 43, 43, 0, 45, 0, 45, 45, 45, 45, - 45, 45, 45, 45, 45, 45, 45, 0, 0, 0, - 45, 45, 45, 45, 45, 45, 45, 45, 45, 45, - - 45, 45, 45, 20, 57, 57, 57, 57, 57, 57, - 57, 57, 50, 57, 63, 0, 0, 79, 67, 24, - 58, 0, 43, 43, 43, 43, 57, 57, 19, 57, - 57, 19, 19, 19, 64, 43, 43, 43, 43, 57, - 57, 57, 57, 57, 57, 57, 63, 44, 44, 44, - 44, 45, 0, 0, 0, 45, 45, 45, 45, 45, - 45, 45, 45, 45, 45, 45, 45, 45, 0, 0, - 0, 0, 0, 45, 45, 45, 45, 45, 45, 45, - 45, 67, 57, 57, 57, 0, 39, 57, 57, 0, - 26, 0, 31, 49, 0, 24, 22, 79, 25, 0, - - 67, 44, 44, 44, 44, 57, 57, 57, 57, 44, - 44, 44, 44, 57, 57, 57, 57, 67, 67, 44, - 44, 44, 44, 0, 0, 0, 0, 0, 45, 45, - 45, 45, 45, 45, 45, 45, 45, 45, 45, 45, - 45, 45, 45, 45, 45, 45, 45, 45, 67, 56, - 0, 34, 57, 57, 57, 25, 22, 22, 22, 22, - 79, 24, 0, 0, 0, 0, 0, 24, 0, 0, - 0, 44, 44, 44, 44, 57, 57, 57, 64, 64, - 44, 44, 44, 44, 57, 57, 57, 67, 67, 67, - 0, 0, 0, 45, 45, 45, 45, 45, 45, 45, + 19, 19, 66, 66, 66, 59, 59, 59, 59, 59, + 59, 59, 59, 59, 59, 59, 59, 59, 66, 66, + 66, 66, 66, 69, 69, 69, 69, 69, 0, 48, + 0, 47, 47, 47, 0, 0, 0, 47, 47, 47, + 47, 47, 47, 47, 47, 47, 47, 47, 47, 47, + 69, 54, 59, 59, 59, 59, 59, 59, 59, 59, + 59, 59, 59, 59, 59, 59, 59, 59, 59, 61, + 62, 63, 64, 69, 0, 0, 81, 69, 69, 69, + 0, 0, 0, 0, 0, 19, 19, 59, 59, 19, + 19, 19, 59, 19, 19, 19, 19, 19, 19, 19, + 19, 19, 19, 66, 66, 66, 66, 66, 59, 59, + + 59, 59, 59, 59, 59, 59, 59, 59, 59, 59, + 59, 61, 62, 63, 64, 66, 45, 45, 45, 0, + 0, 47, 47, 47, 47, 47, 47, 47, 0, 0, + 0, 0, 0, 47, 47, 47, 47, 47, 47, 47, + 47, 47, 47, 47, 47, 47, 47, 69, 0, 40, + 59, 59, 59, 59, 0, 28, 59, 59, 59, 59, + 0, 39, 59, 59, 59, 59, 0, 27, 0, 32, + 50, 69, 0, 0, 81, 69, 69, 69, 45, 45, + 45, 19, 59, 59, 19, 19, 59, 59, 19, 19, + 19, 45, 45, 45, 59, 59, 59, 59, 59, 59, + + 59, 59, 59, 66, 69, 45, 45, 45, 45, 0, + 47, 0, 47, 47, 47, 47, 47, 47, 47, 47, + 47, 47, 47, 0, 0, 0, 47, 47, 47, 47, + 47, 47, 47, 47, 47, 47, 47, 47, 47, 20, + 59, 59, 59, 59, 59, 59, 59, 59, 59, 59, + 52, 59, 65, 0, 0, 81, 69, 24, 60, 0, + 45, 45, 45, 45, 19, 59, 59, 19, 19, 59, + 59, 19, 19, 19, 66, 45, 45, 45, 45, 59, + 59, 59, 59, 59, 59, 59, 59, 59, 65, 46, + 46, 46, 46, 47, 0, 0, 0, 47, 47, 47, + + 47, 47, 47, 47, 47, 47, 47, 47, 47, 47, + 0, 0, 0, 0, 0, 47, 47, 47, 47, 47, + 47, 47, 47, 69, 59, 59, 59, 59, 0, 41, + 59, 59, 59, 0, 26, 0, 33, 51, 0, 24, + 22, 81, 25, 0, 69, 46, 46, 46, 46, 19, + 59, 59, 19, 59, 59, 46, 46, 46, 46, 59, + 59, 59, 59, 59, 59, 69, 69, 46, 46, 46, + 46, 0, 0, 0, 0, 0, 47, 47, 47, 47, + 47, 47, 47, 47, 47, 47, 47, 47, 47, 47, + 47, 47, 47, 47, 47, 47, 69, 0, 30, 58, + + 0, 36, 59, 59, 59, 59, 25, 22, 22, 22, + 22, 81, 24, 0, 0, 0, 0, 0, 24, 0, + 0, 0, 46, 46, 46, 46, 59, 19, 59, 59, + 66, 66, 46, 46, 46, 46, 59, 59, 59, 59, + 69, 69, 69, 0, 0, 0, 47, 47, 47, 47, + 47, 47, 47, 47, 47, 47, 47, 47, 47, 47, + 47, 47, 47, 47, 21, 0, 34, 59, 59, 59, + 22, 81, 0, 24, 0, 0, 0, 19, 59, 59, + 66, 66, 66, 59, 59, 59, 69, 69, 69, 69, + 69, 0, 0, 0, 0, 0, 47, 47, 47, 47, + + 47, 47, 47, 47, 0, 31, 0, 37, 59, 23, + 0, 0, 0, 0, 0, 59, 66, 66, 66, 66, + 66, 59, 69, 69, 69, 47, 47, 47, 47, 47, + 47, 0, 35, 23, 23, 23, 23, 0, 0, 0, + 66, 66, 66, 69, 69, 69, 69, 69, 47, 47, + 47, 47, 47, 23, 0, 0, 0, 0, 0, 66, + 66, 66, 66, 66, 45, 45, 45, 45, 45, 45, 45, 45, 45, 45, 45, 45, 45, 45, 45, 45, - 45, 21, 0, 32, 57, 57, 22, 79, 0, 24, - 0, 0, 0, 57, 57, 64, 64, 64, 57, 57, - 67, 67, 67, 67, 67, 0, 0, 0, 0, 0, - 45, 45, 45, 45, 45, 45, 45, 45, 0, 35, - 57, 23, 0, 0, 0, 0, 0, 57, 64, 64, - 64, 64, 64, 57, 67, 67, 67, 45, 45, 45, - 45, 45, 45, 0, 33, 23, 23, 23, 23, 0, - 0, 0, 64, 64, 64, 67, 67, 67, 67, 67, - 45, 45, 45, 45, 45, 23, 0, 0, 0, 0, - - 0, 64, 64, 64, 64, 64, 43, 43, 43, 43, - 43, 43, 43, 43, 43, 43, 43, 43, 43, 43, - 43, 43, 43, 43, 0 + 45, 45, 0 } ; static yyconst flex_int32_t yy_ec[256] = @@ -574,1205 +580,1214 @@ 20, 20, 20, 20 } ; -static yyconst flex_int16_t yy_base[1228] = +static yyconst flex_int16_t yy_base[1286] = { 0, 0, 73, 123, 194, 81, 97, 265, 338, 411, 466, - 128, 137, 522, 0, 157, 172, 596, 0, 6501, 6444, - 74, 8253, 6486, 6460, 8253, 668, 72, 8253, 8253, 6408, - 8253, 174, 680, 195, 95, 6434, 8253, 8253, 29, 743, - 6419, 54, 35, 77, 799, 52, 6428, 6381, 44, 6378, - 6386, 50, 861, 226, 127, 225, 890, 216, 105, 6344, - 76, 6341, 192, 266, 145, 359, 6365, 6364, 6376, 132, - 0, 8253, 6405, 6400, 8253, 0, 427, 954, 230, 0, - 6344, 8253, 116, 8253, 169, 8253, 275, 6342, 202, 182, - 8253, 293, 246, 434, 982, 1026, 284, 294, 1084, 1134, - - 6332, 148, 106, 1190, 6328, 6329, 6293, 6303, 6298, 329, - 0, 294, 6278, 227, 8253, 372, 6269, 333, 6268, 447, - 1237, 360, 465, 1300, 6268, 315, 111, 1356, 6250, 6261, - 6237, 6238, 6208, 1418, 485, 387, 6188, 719, 358, 8253, - 6235, 259, 8253, 6238, 655, 824, 6183, 858, 436, 892, - 6179, 919, 929, 6177, 1448, 981, 1463, 6202, 6213, 996, - 1006, 495, 6187, 343, 100, 1526, 1582, 6172, 6160, 6159, - 6157, 6150, 6147, 6151, 6126, 895, 6106, 6100, 6087, 6072, - 6077, 6073, 492, 8253, 184, 717, 307, 392, 1241, 6051, - 6046, 6025, 6017, 6016, 836, 676, 194, 207, 368, 414, - - 949, 727, 1104, 749, 1224, 5999, 1644, 1241, 833, 0, - 6045, 960, 6048, 8253, 8253, 1381, 0, 5994, 1300, 8253, - 8253, 5985, 1134, 5984, 6029, 941, 366, 966, 752, 6009, - 846, 879, 1431, 5954, 1653, 0, 1502, 1710, 1662, 1445, - 1751, 5992, 1602, 1674, 1218, 1801, 1857, 5944, 0, 5935, - 5928, 5918, 5915, 1687, 5905, 5897, 5873, 5846, 5839, 985, - 665, 5831, 1787, 5814, 1892, 5806, 1919, 1750, 5805, 1949, - 1726, 1964, 5843, 1916, 1946, 1612, 2027, 2083, 5816, 5805, - 5782, 5778, 5775, 1966, 5738, 5736, 390, 1500, 365, 897, - 457, 474, 496, 2103, 2128, 2140, 2180, 2220, 2258, 5760, - - 5736, 2303, 717, 2349, 928, 2412, 2468, 5718, 0, 5728, - 5719, 5720, 5690, 5703, 5683, 5660, 5659, 5667, 5662, 5656, - 286, 5633, 5618, 5630, 5628, 5620, 5617, 1389, 154, 370, - 5580, 5570, 5558, 5560, 1392, 335, 1077, 5556, 798, 654, - 782, 2180, 393, 1228, 2152, 2194, 2206, 2513, 5596, 2558, - 0, 5576, 5567, 5545, 5547, 5533, 5526, 5517, 5496, 5493, - 5467, 5454, 5448, 1410, 5409, 2259, 2605, 2645, 2685, 2725, - 5443, 2770, 0, 5424, 5415, 5389, 5387, 5375, 5359, 5344, - 5356, 5342, 5337, 5324, 5335, 1657, 940, 8253, 826, 949, - 2278, 1085, 2817, 2857, 1889, 464, 5336, 5321, 2230, 1095, - - 5320, 5297, 1265, 2323, 2897, 2369, 1684, 2943, 2490, 1331, - 3006, 900, 1659, 1105, 471, 1643, 1710, 1192, 1106, 801, - 657, 1238, 1007, 827, 1274, 867, 1445, 5284, 1013, 1240, - 5281, 1420, 1395, 1226, 905, 5252, 5237, 5228, 5212, 5226, - 5202, 1490, 1189, 1709, 1094, 1419, 2533, 5211, 2580, 2617, - 2115, 3062, 3107, 1726, 5166, 1266, 1727, 5144, 5137, 5140, - 5130, 5108, 5106, 5102, 5099, 3152, 1491, 1514, 1739, 2627, - 1379, 3199, 3239, 2658, 1583, 5103, 2005, 5055, 1621, 2006, - 5040, 5033, 5023, 5020, 5011, 5008, 4996, 5003, 1776, 1620, - 1749, 1624, 3279, 3319, 3359, 4952, 4950, 2665, 4921, 4912, - - 4911, 4910, 1619, 2696, 1977, 2706, 2000, 3399, 0, 2747, - 3446, 2790, 2288, 3492, 2829, 1384, 1487, 2261, 8253, 982, - 1690, 1383, 723, 2350, 8253, 1867, 1262, 1658, 1761, 1609, - 1491, 1714, 1706, 1917, 4909, 1900, 1631, 1891, 1832, 1940, - 2137, 1747, 4861, 4819, 4820, 2110, 1949, 1963, 1921, 2841, - 2869, 2881, 4826, 4797, 4772, 4772, 4751, 4766, 4757, 4731, - 4732, 4723, 4722, 4711, 4679, 2015, 2166, 2248, 276, 2214, - 3539, 3579, 3619, 4598, 4591, 4582, 4591, 4580, 4523, 4499, - 4492, 4480, 4450, 4410, 2358, 2156, 2542, 2359, 2127, 2917, - 1958, 3659, 3699, 2803, 4432, 4417, 4416, 4371, 3737, 2003, - - 2965, 3084, 3129, 2244, 2388, 2594, 3172, 2979, 3784, 0, - 3211, 3831, 3222, 2379, 3877, 3251, 2297, 4355, 2560, 2085, - 1858, 2304, 2561, 1930, 2479, 2771, 1191, 1762, 2390, 2375, - 2772, 2773, 2469, 4289, 4282, 4281, 4261, 2204, 4249, 4225, - 2693, 2716, 2514, 2943, 3261, 4274, 3291, 3303, 2929, 2992, - 4223, 4219, 3331, 4222, 2314, 3348, 4170, 4174, 3359, 3360, - 2399, 2500, 2589, 2635, 2714, 3373, 2168, 3924, 3964, 3350, - 3362, 4130, 4103, 3401, 4080, 2523, 3402, 4069, 4052, 3447, - 3448, 4026, 4025, 3977, 3878, 3036, 4003, 4042, 4081, 3904, - 3900, 3896, 3419, 4121, 3466, 3094, 4166, 3514, 3549, 3871, - - 3561, 3591, 3184, 2645, 2881, 3334, 3528, 3601, 3631, 4213, - 0, 3633, 4260, 3644, 3139, 4306, 3671, 2136, 3449, 8253, - 4369, 3096, 2377, 3493, 8253, 1488, 2654, 3307, 3494, 8253, - 2573, 2959, 2695, 2906, 3495, 8253, 3671, 8253, 3842, 2683, - 3758, 3743, 2867, 1330, 1986, 2684, 3683, 3710, 3721, 3743, - 3705, 4430, 3672, 3638, 2875, 1030, 3564, 4487, 4526, 4565, - 4621, 2824, 2213, 2652, 3579, 2876, 1562, 2939, 3758, 2763, - 4678, 4717, 3769, 3568, 3565, 3807, 2818, 3851, 3222, 4757, - 0, 3899, 4770, 3934, 3390, 4815, 3946, 3976, 3988, 4015, - 3303, 3514, 3913, 4027, 4027, 4054, 4862, 0, 4056, 4909, - - 4067, 3817, 4093, 2957, 4972, 2263, 1881, 3880, 3205, 2307, - 4122, 4123, 3497, 3165, 3488, 3444, 3384, 3288, 2604, 3602, - 3396, 4141, 3430, 4187, 4234, 4112, 3355, 3305, 5045, 3287, - 3219, 3878, 3879, 0, 4280, 3236, 5102, 5141, 4291, 5197, - 2392, 4214, 2967, 3159, 4215, 4216, 3127, 5255, 5295, 5335, - 5375, 3135, 4329, 4499, 4511, 3109, 3280, 3373, 4536, 3562, - 5415, 0, 4548, 5428, 4575, 4339, 5473, 4587, 4688, 3102, - 4700, 4729, 4741, 3946, 3988, 4599, 2482, 2505, 5520, 0, - 4792, 3861, 3042, 4816, 2493, 4261, 8253, 2606, 3451, 4369, - 8253, 4370, 8253, 3041, 2943, 4598, 3748, 3858, 2927, 4852, - - 4863, 4890, 4931, 5114, 5126, 4817, 2837, 2770, 2752, 5532, - 5572, 5612, 5652, 5176, 2705, 2924, 3089, 5268, 3576, 5692, - 5732, 5153, 3657, 5164, 2720, 5280, 5308, 5033, 2671, 2606, - 3965, 4067, 5318, 4094, 5772, 0, 5347, 5785, 5358, 4747, - 5830, 5387, 5398, 5449, 5494, 4511, 2597, 3019, 3182, 2536, - 4818, 8253, 5476, 3132, 3185, 8253, 3350, 4375, 8253, 3354, - 4647, 5559, 5567, 5599, 5610, 5625, 4972, 5654, 5692, 5558, - 2551, 5664, 5707, 5719, 2527, 5198, 2285, 2143, 5747, 3759, - 5877, 5917, 5759, 3806, 5521, 2120, 3497, 5957, 5997, 6037, - 5807, 5852, 5889, 2111, 2028, 4110, 4430, 5899, 4549, 6077, - - 0, 5929, 6090, 5940, 4882, 5969, 2015, 5980, 6008, 4942, - 1944, 1833, 5696, 8253, 6037, 3540, 8253, 4727, 6048, 6058, - 6112, 6137, 6149, 5926, 1783, 6161, 6201, 6241, 6190, 1709, - 6178, 3870, 6281, 6321, 6190, 6228, 1673, 6253, 6265, 6025, - 1475, 1302, 4603, 1251, 1148, 6293, 0, 3951, 6009, 8253, - 6321, 4861, 6332, 902, 6344, 6359, 6309, 6230, 6369, 4001, - 6409, 6449, 6382, 6410, 6489, 6529, 6569, 6421, 6431, 6459, - 858, 0, 694, 6293, 8253, 3656, 5478, 8253, 3709, 6471, - 6501, 6513, 6609, 6649, 6689, 6542, 4002, 6729, 6769, 6554, - 8253, 6580, 6592, 5817, 8253, 8253, 6619, 668, 6631, 6661, - - 6398, 6671, 4318, 6809, 6849, 6702, 6709, 6747, 6785, 6795, - 6823, 6833, 6859, 6869, 6907, 320, 6917, 6123, 8253, 6927, - 5862, 134, 6955, 6720, 8253, 7011, 7031, 7051, 7071, 7091, - 7111, 7131, 7151, 7171, 7191, 4157, 7211, 7231, 3749, 7251, - 7271, 7291, 7311, 7331, 7351, 7371, 7391, 7411, 7431, 7451, - 7471, 7491, 7511, 7531, 7551, 7571, 4159, 4560, 7580, 7599, - 7619, 7639, 4178, 7659, 7679, 7699, 7719, 7731, 7751, 4962, - 7771, 7791, 7811, 7831, 7851, 7871, 7891, 7911, 4562, 7920, - 4605, 4843, 5180, 7928, 7947, 5190, 5334, 5374, 5414, 7956, - 7965, 5511, 5590, 5607, 7973, 7982, 5611, 5645, 7990, 7999, - - 8018, 5683, 8030, 5731, 8040, 8048, 8057, 8076, 6074, 8088, - 8108, 5771, 8118, 8126, 8135, 8154, 8174, 8194, 5916, 8204, - 5183, 5956, 8213, 6224, 5551, 8232, 4808 + 128, 137, 522, 0, 157, 172, 596, 0, 6774, 6717, + 74, 8226, 6768, 6753, 8226, 668, 72, 8226, 8226, 6701, + 8226, 174, 680, 195, 95, 6727, 8226, 8226, 29, 743, + 6712, 54, 35, 77, 799, 6688, 52, 6699, 6685, 44, + 6674, 6680, 50, 861, 226, 127, 225, 890, 216, 105, + 6646, 76, 6643, 192, 266, 145, 359, 6668, 6667, 6679, + 132, 0, 8226, 6708, 6703, 8226, 0, 427, 954, 230, + 0, 6653, 8226, 116, 8226, 169, 8226, 275, 6651, 202, + 182, 8226, 293, 246, 434, 982, 1026, 284, 294, 1084, + + 1134, 6652, 148, 106, 1190, 6649, 6647, 6659, 6645, 6647, + 6640, 329, 0, 294, 6614, 227, 8226, 372, 6596, 333, + 6584, 447, 1237, 360, 465, 1300, 6594, 315, 111, 1356, + 6591, 6589, 6591, 6566, 6564, 6559, 1418, 485, 387, 6537, + 719, 358, 8226, 6585, 259, 8226, 6553, 655, 824, 6497, + 858, 436, 892, 6477, 919, 929, 6475, 1448, 981, 1463, + 6488, 6499, 996, 1006, 495, 6484, 343, 100, 1526, 1582, + 6449, 6432, 6441, 6439, 6432, 6414, 6408, 6401, 6395, 1086, + 6385, 6392, 6353, 6343, 6329, 6324, 492, 8226, 184, 717, + 307, 392, 1241, 6289, 6294, 6283, 6258, 6248, 836, 676, + + 194, 207, 368, 414, 927, 727, 1381, 749, 1224, 6261, + 1644, 1241, 833, 0, 6309, 941, 6312, 8226, 8226, 1415, + 0, 6248, 1300, 8226, 8226, 6236, 1235, 6224, 6269, 985, + 366, 949, 752, 6273, 846, 879, 1498, 6219, 1653, 0, + 1682, 1713, 1505, 1445, 1754, 6247, 1602, 1679, 942, 1804, + 1860, 6209, 0, 6203, 6173, 6165, 6175, 6156, 1690, 6147, + 6145, 6120, 6092, 6095, 1456, 665, 6083, 1790, 6071, 1895, + 6059, 1922, 1753, 6055, 1952, 1729, 1967, 6087, 1919, 1949, + 1612, 2030, 2086, 6047, 6052, 6039, 6031, 6041, 6026, 1969, + 6017, 6007, 390, 1659, 365, 897, 457, 474, 496, 2106, + + 2131, 2143, 2183, 2223, 2261, 6039, 6026, 2306, 717, 2352, + 911, 2415, 2471, 6008, 0, 6008, 5984, 5989, 5982, 5930, + 5943, 5929, 5926, 5905, 5900, 5911, 5910, 5897, 286, 5873, + 5858, 5852, 5845, 5808, 5807, 1110, 154, 370, 5779, 5769, + 5748, 5753, 1392, 335, 1173, 5755, 798, 654, 782, 2183, + 393, 966, 2155, 2197, 2209, 2516, 5790, 2561, 0, 5757, + 5747, 5752, 5715, 5722, 5693, 5700, 5700, 5687, 5684, 5683, + 5678, 5655, 5655, 1104, 5610, 2262, 2608, 2648, 2688, 2728, + 5660, 2773, 0, 5640, 5624, 5627, 5596, 5609, 5583, 5586, + 5567, 5554, 5564, 5549, 5544, 5525, 5536, 1389, 940, 8226, + + 826, 1111, 2281, 928, 2820, 2860, 1892, 464, 5543, 5527, + 2233, 1118, 5488, 5487, 1122, 2326, 2900, 2372, 1657, 2946, + 2493, 1227, 3009, 1193, 1240, 1257, 890, 471, 1717, 1666, + 1112, 968, 1007, 801, 657, 1053, 1445, 827, 1359, 867, + 1238, 5463, 1013, 1415, 5451, 1711, 1395, 1461, 1249, 5395, + 5354, 5356, 5340, 5347, 5327, 1655, 1188, 1712, 1356, 1446, + 2536, 5373, 2583, 2620, 2118, 3065, 3110, 1690, 5343, 5340, + 1266, 2009, 5339, 5320, 5308, 5296, 5279, 5270, 5233, 5227, + 5234, 3155, 1779, 1517, 1494, 2630, 1476, 3202, 3242, 2661, + 1583, 5249, 2031, 5222, 5195, 1701, 2264, 5193, 5183, 5165, + + 5164, 5095, 5085, 5076, 5060, 5067, 1738, 1419, 1628, 1710, + 3282, 3322, 3362, 5072, 5058, 2668, 5042, 5035, 5034, 5033, + 1369, 2699, 1980, 2709, 2003, 3402, 0, 2750, 3449, 2793, + 2291, 3495, 2832, 1420, 1906, 2353, 8226, 1504, 1775, 1689, + 1863, 723, 2354, 8226, 1870, 1764, 1679, 1779, 1907, 1618, + 1985, 1949, 1979, 903, 5002, 1216, 1990, 1615, 1835, 1909, + 1094, 1924, 4974, 4932, 4932, 2113, 1899, 1968, 2130, 2844, + 2872, 2884, 4963, 4962, 4937, 4910, 4884, 4875, 4857, 4848, + 4846, 4825, 4838, 4831, 4824, 4824, 4807, 2172, 2248, 2380, + 276, 2217, 3542, 3582, 3622, 4791, 4799, 4769, 4760, 4775, + + 4754, 4752, 4731, 4744, 4720, 4715, 4694, 4665, 2138, 2159, + 2361, 2490, 2301, 2920, 2171, 3662, 3702, 2806, 4683, 4660, + 4646, 4621, 3740, 2172, 2968, 3087, 3132, 2245, 2389, 2391, + 3175, 2597, 3787, 0, 3214, 3834, 3225, 2503, 3880, 3254, + 2302, 4565, 2563, 2238, 940, 2289, 2373, 2564, 1933, 2013, + 2572, 2774, 1584, 2376, 2393, 2544, 2775, 2776, 2395, 4537, + 4519, 4518, 4515, 1164, 4501, 4491, 2696, 2719, 2604, 2945, + 3264, 4500, 3294, 3306, 2932, 3010, 4476, 4453, 4433, 3334, + 4436, 4425, 2526, 3351, 4406, 4358, 3362, 3363, 2015, 2547, + 2638, 2642, 2717, 3376, 2644, 3927, 3967, 3353, 3365, 4364, + + 4337, 4330, 3404, 4295, 4290, 2571, 3405, 4266, 4267, 3450, + 3451, 4217, 4213, 4192, 4190, 2958, 4006, 4045, 4084, 4197, + 4171, 4170, 3422, 4124, 3469, 3097, 4169, 3517, 3552, 4163, + 3564, 3594, 3187, 2247, 2884, 3337, 3531, 3604, 3634, 4216, + 0, 3636, 4263, 3647, 3142, 4309, 3674, 2684, 3452, 8226, + 4372, 2956, 1635, 4088, 3496, 8226, 2968, 2803, 1693, 2651, + 3497, 8226, 3058, 2826, 1384, 2379, 3498, 8226, 3674, 8226, + 4087, 2686, 4059, 4027, 3290, 2445, 2818, 2687, 3686, 3713, + 3724, 4038, 4033, 4014, 4007, 3987, 3976, 3929, 3899, 3859, + 3791, 4429, 4468, 4507, 4563, 2951, 3772, 3207, 3265, 2777, + + 3309, 3103, 3361, 2858, 3761, 3149, 4620, 4659, 3772, 3768, + 3742, 3810, 3376, 3854, 3518, 4699, 0, 3902, 4712, 3937, + 3820, 4757, 3949, 3979, 3991, 4018, 3306, 3333, 3916, 4030, + 4030, 4057, 4804, 0, 4059, 4851, 4070, 3864, 4096, 3356, + 4914, 2880, 3665, 2497, 4125, 2949, 2656, 3590, 4126, 4127, + 3544, 3205, 3445, 3401, 3379, 3631, 3184, 4107, 3305, 4145, + 3319, 4190, 4237, 4201, 4975, 3222, 3169, 4264, 3545, 3165, + 3137, 4265, 4266, 0, 4283, 3579, 5032, 5071, 4331, 5127, + 3092, 2927, 4311, 3627, 2970, 3072, 4468, 4469, 3041, 5185, + 5225, 5265, 5305, 3011, 4441, 4482, 4519, 2989, 3583, 3903, + + 4529, 3950, 5345, 0, 4632, 5358, 4643, 4457, 5403, 4671, + 4681, 2983, 4734, 4779, 4826, 3991, 4108, 4345, 3078, 3123, + 5450, 0, 4834, 3871, 4893, 3136, 4894, 2907, 4172, 8226, + 3247, 3308, 3546, 4354, 8226, 4373, 8226, 2900, 2843, 4530, + 3751, 4315, 2819, 4514, 5059, 5052, 5083, 5097, 5197, 5225, + 4563, 2752, 3670, 2733, 2711, 5462, 5502, 5542, 5582, 5226, + 5227, 2689, 3931, 3364, 3935, 5238, 3240, 5622, 5662, 5250, + 3399, 5276, 2662, 5288, 5317, 4884, 2609, 2587, 4070, 4113, + 5327, 4348, 5702, 0, 5380, 5715, 5423, 4744, 5760, 5474, + 5485, 5513, 5524, 4330, 2573, 3488, 1460, 4806, 8226, 2478, + + 4807, 8226, 5404, 2452, 2396, 3500, 8226, 3236, 4509, 8226, + 3767, 4176, 5569, 5577, 5609, 5620, 5635, 5127, 5664, 5797, + 5568, 2344, 5674, 5686, 5436, 2321, 4888, 2266, 2147, 2122, + 5735, 3699, 5812, 5852, 5747, 3762, 5841, 2093, 2086, 3611, + 5892, 5932, 5972, 5829, 5873, 5904, 2088, 2016, 4349, 4455, + 5839, 4543, 6012, 0, 5916, 6025, 5942, 5062, 5954, 1931, + 5983, 5994, 5216, 1899, 1834, 4891, 8226, 6062, 6063, 1785, + 8226, 4708, 6051, 6074, 6097, 6109, 6121, 6148, 4896, 1761, + 6182, 6222, 6262, 6150, 6161, 1564, 6161, 3809, 6302, 6342, + 6138, 6199, 1369, 6234, 6246, 5864, 1302, 1161, 4549, 1148, + + 1066, 6274, 0, 4632, 5405, 8226, 5406, 8226, 6162, 5354, + 6209, 1018, 6286, 6314, 6086, 5551, 6324, 3810, 6382, 6422, + 6355, 6163, 6462, 6502, 6542, 6362, 6393, 6403, 858, 0, + 694, 6164, 8226, 3886, 5618, 8226, 3907, 6434, 6446, 6474, + 6582, 6622, 6662, 6484, 3873, 6702, 6742, 6515, 8226, 6522, + 6553, 5883, 8226, 8226, 6563, 668, 6594, 6606, 6634, 6640, + 3980, 6782, 6822, 6652, 6678, 6716, 6726, 6764, 6792, 6802, + 6832, 6842, 6880, 320, 6890, 6863, 8226, 6901, 6152, 134, + 6928, 6911, 8226, 6984, 7004, 7024, 7044, 7064, 7084, 7104, + 7124, 7144, 7164, 5304, 7184, 7204, 4654, 7224, 7244, 7264, + + 7284, 7304, 7324, 7344, 7364, 7384, 7404, 7424, 7444, 7464, + 7484, 7504, 7524, 7544, 5501, 5541, 7553, 7572, 7592, 7612, + 4724, 7632, 7652, 7672, 7692, 7704, 7724, 4903, 7744, 7764, + 7784, 7804, 7824, 7844, 7864, 7884, 5600, 7893, 5617, 5621, + 5655, 7901, 7920, 5117, 5787, 5791, 5811, 7929, 7938, 5928, + 5971, 6011, 7946, 7955, 6341, 6378, 7963, 7972, 7991, 5798, + 8003, 6381, 8013, 8021, 8030, 8049, 6419, 8061, 8081, 6501, + 8091, 8099, 8108, 8127, 8147, 8167, 6538, 8177, 4345, 6541, + 8186, 6581, 3917, 8205, 3533 } ; -static yyconst flex_int16_t yy_def[1228] = +static yyconst flex_int16_t yy_def[1286] = { 0, - 1125, 1, 1, 1, 1126, 1126, 1127, 1127, 1128, 1128, - 1129, 1129, 1125, 13, 1130, 1130, 1125, 17, 1125, 1131, - 1125, 1125, 1125, 1125, 1125, 1132, 1133, 1125, 1125, 1134, - 1125, 1135, 1131, 33, 33, 1136, 1125, 1125, 1131, 1125, + 1183, 1, 1, 1, 1184, 1184, 1185, 1185, 1186, 1186, + 1187, 1187, 1183, 13, 1188, 1188, 1183, 17, 1183, 1189, + 1183, 1183, 1183, 1183, 1183, 1190, 1191, 1183, 1183, 1192, + 1183, 1193, 1189, 33, 33, 1194, 1183, 1183, 1189, 1183, 40, 40, 40, 40, 40, 45, 45, 45, 45, 45, - 45, 45, 1131, 33, 1131, 1125, 1132, 40, 40, 45, - 45, 45, 1125, 1125, 1125, 1137, 45, 45, 45, 1131, - 1138, 1125, 1125, 1138, 1125, 1138, 1125, 1132, 1125, 1139, - 1140, 1125, 1140, 1125, 1140, 1125, 1141, 1142, 1142, 1142, - 1125, 1125, 1143, 1144, 1145, 1125, 96, 96, 96, 1125, - - 100, 100, 100, 100, 104, 104, 104, 104, 104, 96, - 99, 99, 1146, 1146, 1125, 1146, 1147, 1148, 1149, 1150, - 1147, 121, 121, 1125, 124, 124, 124, 124, 128, 128, - 128, 128, 128, 1147, 121, 1147, 1131, 1131, 1125, 1125, - 1125, 1151, 1125, 1125, 1152, 1125, 1153, 1125, 1143, 1153, - 1154, 1154, 1155, 1156, 1131, 1131, 1131, 1157, 157, 157, - 157, 157, 1158, 1159, 1131, 1125, 166, 167, 167, 167, - 167, 167, 167, 167, 167, 167, 167, 167, 167, 167, - 167, 167, 1125, 1125, 1131, 1131, 1131, 1131, 1125, 1125, - 1125, 1125, 1125, 1125, 1151, 1131, 157, 1131, 1131, 1131, - - 1125, 1125, 1125, 1125, 1160, 1161, 1131, 167, 1131, 1162, - 1162, 1125, 1125, 1125, 1125, 1152, 1163, 1164, 1164, 1125, - 1125, 1164, 1164, 1165, 1125, 1165, 1165, 1125, 1125, 1125, - 1143, 1143, 1143, 1166, 1167, 1168, 1166, 1169, 1125, 1125, - 1168, 241, 241, 241, 241, 1125, 246, 247, 1170, 247, - 247, 247, 247, 247, 247, 247, 1168, 1168, 1171, 1171, - 1171, 1172, 1172, 1173, 1173, 1174, 1174, 1175, 1176, 1172, - 1172, 1172, 272, 272, 272, 272, 1125, 277, 278, 278, - 278, 278, 278, 278, 278, 278, 1172, 1172, 1172, 1172, - 1177, 1177, 1178, 1125, 1125, 1131, 1131, 1131, 1131, 299, - - 1179, 1125, 1180, 1125, 1131, 1125, 306, 307, 307, 307, - 307, 307, 307, 307, 307, 307, 307, 307, 307, 307, - 307, 307, 307, 307, 307, 307, 307, 1131, 1131, 1125, - 1125, 1125, 1125, 1125, 1177, 1131, 1131, 299, 1131, 1131, - 1131, 1125, 1131, 1125, 1125, 1125, 1125, 1168, 348, 246, - 247, 247, 247, 247, 247, 247, 247, 247, 247, 247, - 247, 247, 247, 1168, 1168, 1125, 1172, 1172, 1172, 272, - 370, 277, 278, 278, 278, 278, 278, 278, 278, 278, - 278, 278, 278, 278, 278, 1172, 1172, 1125, 1178, 1178, - 1131, 1131, 1131, 1131, 1131, 1131, 1181, 1182, 1182, 399, - - 1183, 1182, 1184, 304, 1125, 405, 405, 1125, 405, 1131, - 1125, 411, 411, 411, 411, 411, 411, 411, 411, 411, - 411, 411, 411, 411, 411, 411, 411, 411, 411, 411, - 411, 1131, 1131, 1131, 1131, 1125, 1125, 1125, 1125, 1125, - 1125, 1185, 1131, 1131, 1131, 1131, 1125, 1125, 1125, 1125, - 1125, 348, 246, 247, 247, 1186, 247, 247, 247, 247, - 247, 247, 247, 247, 247, 452, 466, 466, 466, 1172, - 1172, 1172, 1172, 1172, 1172, 278, 278, 278, 278, 278, - 278, 278, 278, 278, 278, 278, 278, 278, 1172, 1172, - 1172, 1172, 1131, 1131, 1131, 1125, 1187, 1187, 498, 1187, - - 1188, 1189, 1190, 1125, 1191, 408, 1191, 1125, 508, 1191, - 1125, 511, 511, 1125, 511, 1131, 411, 1125, 1125, 411, - 411, 411, 411, 1125, 1125, 411, 411, 411, 411, 411, - 411, 411, 411, 411, 411, 411, 411, 1131, 1131, 1131, - 1131, 1131, 1125, 1125, 1125, 1185, 1131, 1131, 1131, 1125, - 1125, 1125, 452, 453, 247, 1186, 1186, 247, 247, 247, - 247, 247, 247, 247, 247, 466, 466, 466, 466, 466, - 1172, 1172, 1172, 278, 278, 278, 278, 278, 278, 278, - 278, 278, 278, 278, 1172, 1172, 1172, 1172, 1172, 1131, - 1131, 1131, 1131, 1131, 1192, 1192, 1193, 1194, 1125, 1125, - - 1125, 1125, 1125, 1195, 1195, 1196, 514, 1196, 1125, 609, - 1196, 1125, 612, 612, 1125, 612, 1131, 411, 411, 411, - 411, 411, 411, 411, 411, 411, 411, 411, 411, 411, - 411, 411, 411, 1131, 1131, 1131, 1131, 1131, 1125, 1125, - 1185, 1131, 1131, 1131, 1125, 1125, 1125, 1125, 1125, 247, - 1186, 1186, 247, 247, 1186, 247, 247, 247, 247, 247, - 466, 466, 466, 466, 466, 1172, 1172, 1172, 1172, 1172, - 278, 278, 278, 278, 278, 278, 278, 278, 278, 278, - 278, 1172, 1172, 1172, 1172, 1172, 1131, 1131, 1131, 1125, - 1197, 1198, 599, 1125, 694, 694, 1125, 694, 1125, 1125, - - 1125, 1125, 1125, 1125, 1199, 1199, 1200, 615, 1200, 1125, - 710, 1200, 1125, 713, 713, 1125, 713, 1131, 1125, 1125, - 1125, 721, 721, 1125, 1125, 721, 721, 721, 1125, 1125, - 721, 721, 721, 721, 1125, 1125, 1125, 1125, 721, 1131, - 1125, 1125, 1201, 1131, 1131, 1131, 1125, 1125, 1125, 1202, - 1202, 1125, 1202, 1202, 752, 752, 1203, 1172, 1172, 1172, - 1125, 761, 761, 761, 761, 761, 761, 1172, 1131, 1131, - 1131, 1131, 1131, 1125, 1204, 1125, 1205, 697, 1205, 1205, - 780, 1205, 1125, 783, 783, 1125, 783, 1125, 1125, 1125, - 1125, 1206, 1206, 1207, 716, 1207, 1125, 797, 1207, 1125, - - 800, 800, 800, 1131, 1125, 805, 805, 805, 805, 805, - 805, 805, 805, 805, 1131, 1125, 1125, 1208, 1131, 1131, - 1131, 1125, 1125, 1125, 1125, 1125, 1209, 1209, 1125, 1209, - 1209, 829, 829, 1210, 1211, 1211, 1211, 1211, 1211, 1125, - 840, 840, 840, 840, 840, 840, 1211, 1131, 1131, 1131, - 1131, 1125, 1125, 1125, 1125, 1212, 1212, 1213, 786, 1213, - 1213, 861, 1213, 1125, 864, 864, 1125, 864, 1125, 1125, - 1125, 1125, 1125, 1125, 1214, 1214, 1215, 1215, 1215, 879, - 1215, 1131, 805, 805, 805, 1125, 1125, 805, 805, 1125, - 1125, 1125, 1125, 805, 1125, 1125, 1216, 1208, 1131, 1217, - - 1218, 1125, 1125, 1125, 1125, 1209, 1209, 1209, 1209, 1211, - 1211, 1211, 1211, 840, 840, 840, 840, 1131, 1131, 1131, - 1131, 1131, 1131, 1125, 1125, 1125, 1125, 1125, 1125, 1219, - 1219, 1220, 867, 1220, 1220, 935, 1220, 1125, 938, 938, - 1125, 938, 1125, 1125, 1125, 1125, 1221, 1221, 1131, 805, - 1125, 1125, 805, 805, 805, 1125, 1216, 1216, 1125, 1216, - 1208, 1217, 1217, 1217, 1217, 1125, 1217, 1218, 1218, 1125, - 1125, 1125, 1125, 1125, 1125, 1209, 1209, 1209, 1211, 1211, - 1211, 1211, 1211, 1211, 840, 840, 840, 1131, 1131, 1131, - 1125, 1125, 1125, 1125, 1222, 1222, 1223, 941, 1223, 1223, - - 1000, 1223, 1125, 1003, 1003, 1003, 1125, 1125, 1125, 1125, - 1125, 1131, 1125, 1125, 805, 805, 1125, 1208, 1125, 1125, - 1125, 1125, 1125, 1209, 1209, 1211, 1211, 1211, 840, 840, - 1131, 1131, 1131, 1131, 1131, 1125, 1125, 1125, 1125, 1125, - 1125, 1224, 1224, 1225, 1225, 1225, 1046, 1046, 1125, 1125, - 805, 1226, 1125, 1125, 1125, 1125, 1125, 1209, 1211, 1211, - 1211, 1211, 1211, 840, 1131, 1131, 1131, 1125, 1125, 1125, - 1125, 1227, 1227, 1125, 1125, 1226, 1226, 1125, 1226, 1125, - 1125, 1125, 1211, 1211, 1211, 1131, 1131, 1131, 1131, 1131, - 1125, 1125, 1125, 1125, 1125, 1125, 1125, 1125, 1125, 1125, - - 1125, 1211, 1211, 1211, 1211, 1211, 1131, 1131, 1131, 1125, - 1125, 1125, 1211, 1211, 1211, 1131, 1131, 1131, 1125, 1125, - 1125, 1211, 1211, 1211, 0, 1125, 1125, 1125, 1125, 1125, - 1125, 1125, 1125, 1125, 1125, 1125, 1125, 1125, 1125, 1125, - 1125, 1125, 1125, 1125, 1125, 1125, 1125, 1125, 1125, 1125, - 1125, 1125, 1125, 1125, 1125, 1125, 1125, 1125, 1125, 1125, - 1125, 1125, 1125, 1125, 1125, 1125, 1125, 1125, 1125, 1125, - 1125, 1125, 1125, 1125, 1125, 1125, 1125, 1125, 1125, 1125, - 1125, 1125, 1125, 1125, 1125, 1125, 1125, 1125, 1125, 1125, - 1125, 1125, 1125, 1125, 1125, 1125, 1125, 1125, 1125, 1125, - - 1125, 1125, 1125, 1125, 1125, 1125, 1125, 1125, 1125, 1125, - 1125, 1125, 1125, 1125, 1125, 1125, 1125, 1125, 1125, 1125, - 1125, 1125, 1125, 1125, 1125, 1125, 1125 + 45, 45, 45, 1189, 33, 1189, 1183, 1190, 40, 40, + 45, 45, 45, 1183, 1183, 1183, 1195, 45, 45, 45, + 1189, 1196, 1183, 1183, 1196, 1183, 1196, 1183, 1190, 1183, + 1197, 1198, 1183, 1198, 1183, 1198, 1183, 1199, 1200, 1200, + 1200, 1183, 1183, 1201, 1202, 1203, 1183, 97, 97, 97, + + 1183, 101, 101, 101, 101, 105, 105, 105, 105, 105, + 105, 97, 100, 100, 1204, 1204, 1183, 1204, 1205, 1206, + 1207, 1208, 1205, 123, 123, 1183, 126, 126, 126, 126, + 130, 130, 130, 130, 130, 130, 1205, 123, 1205, 1189, + 1189, 1183, 1183, 1183, 1209, 1183, 1183, 1210, 1183, 1211, + 1183, 1201, 1211, 1212, 1212, 1213, 1214, 1189, 1189, 1189, + 1215, 160, 160, 160, 160, 1216, 1217, 1189, 1183, 169, + 170, 170, 170, 170, 170, 170, 170, 170, 170, 170, + 170, 170, 170, 170, 170, 170, 1183, 1183, 1189, 1189, + 1189, 1189, 1183, 1183, 1183, 1183, 1183, 1183, 1209, 1189, + + 160, 1189, 1189, 1189, 1183, 1183, 1183, 1183, 1218, 1219, + 1189, 170, 1189, 1220, 1220, 1183, 1183, 1183, 1183, 1210, + 1221, 1222, 1222, 1183, 1183, 1222, 1222, 1223, 1183, 1223, + 1223, 1183, 1183, 1183, 1201, 1201, 1201, 1224, 1225, 1226, + 1224, 1227, 1183, 1183, 1226, 245, 245, 245, 245, 1183, + 250, 251, 1228, 251, 251, 251, 251, 251, 251, 251, + 251, 1226, 1226, 1229, 1229, 1229, 1230, 1230, 1231, 1231, + 1232, 1232, 1233, 1234, 1230, 1230, 1230, 277, 277, 277, + 277, 1183, 282, 283, 283, 283, 283, 283, 283, 283, + 283, 283, 1230, 1230, 1230, 1230, 1235, 1235, 1236, 1183, + + 1183, 1189, 1189, 1189, 1189, 305, 1237, 1183, 1238, 1183, + 1189, 1183, 312, 313, 313, 313, 313, 313, 313, 313, + 313, 313, 313, 313, 313, 313, 313, 313, 313, 313, + 313, 313, 313, 313, 313, 1189, 1189, 1183, 1183, 1183, + 1183, 1183, 1235, 1189, 1189, 305, 1189, 1189, 1189, 1183, + 1189, 1183, 1183, 1183, 1183, 1226, 356, 250, 251, 251, + 251, 251, 251, 251, 251, 251, 251, 251, 251, 251, + 251, 251, 251, 1226, 1226, 1183, 1230, 1230, 1230, 277, + 380, 282, 283, 283, 283, 283, 283, 283, 283, 283, + 283, 283, 283, 283, 283, 283, 283, 1230, 1230, 1183, + + 1236, 1236, 1189, 1189, 1189, 1189, 1189, 1189, 1239, 1240, + 1240, 411, 1241, 1240, 1242, 310, 1183, 417, 417, 1183, + 417, 1189, 1183, 423, 423, 423, 423, 423, 423, 423, + 423, 423, 423, 423, 423, 423, 423, 423, 423, 423, + 423, 423, 423, 423, 423, 1189, 1189, 1189, 1189, 1183, + 1183, 1183, 1183, 1183, 1183, 1243, 1189, 1189, 1189, 1189, + 1183, 1183, 1183, 1183, 1183, 356, 250, 251, 251, 251, + 1244, 251, 251, 251, 251, 251, 251, 251, 251, 251, + 251, 466, 482, 482, 482, 1230, 1230, 1230, 1230, 1230, + 1230, 283, 283, 283, 283, 283, 283, 283, 283, 283, + + 283, 283, 283, 283, 283, 283, 1230, 1230, 1230, 1230, + 1189, 1189, 1189, 1183, 1245, 1245, 516, 1245, 1246, 1247, + 1248, 1183, 1249, 420, 1249, 1183, 526, 1249, 1183, 529, + 529, 1183, 529, 1189, 423, 1183, 1183, 423, 423, 423, + 423, 423, 1183, 1183, 423, 423, 423, 423, 423, 423, + 423, 423, 423, 423, 423, 423, 423, 1189, 1189, 1189, + 1189, 1189, 1183, 1183, 1183, 1243, 1189, 1189, 1189, 1183, + 1183, 1183, 466, 467, 251, 251, 1244, 1244, 251, 251, + 251, 251, 251, 251, 251, 251, 251, 482, 482, 482, + 482, 482, 1230, 1230, 1230, 283, 283, 283, 283, 283, + + 283, 283, 283, 283, 283, 283, 283, 283, 1230, 1230, + 1230, 1230, 1230, 1189, 1189, 1189, 1189, 1189, 1250, 1250, + 1251, 1252, 1183, 1183, 1183, 1183, 1183, 1253, 1253, 1254, + 532, 1254, 1183, 633, 1254, 1183, 636, 636, 1183, 636, + 1189, 423, 423, 423, 423, 423, 423, 423, 423, 423, + 423, 423, 423, 423, 423, 423, 423, 423, 423, 1189, + 1189, 1189, 1189, 1189, 1183, 1183, 1243, 1189, 1189, 1189, + 1183, 1183, 1183, 1183, 1183, 251, 251, 1244, 1244, 251, + 251, 251, 1244, 251, 251, 251, 251, 251, 482, 482, + 482, 482, 482, 1230, 1230, 1230, 1230, 1230, 283, 283, + + 283, 283, 283, 283, 283, 283, 283, 283, 283, 283, + 283, 1230, 1230, 1230, 1230, 1230, 1189, 1189, 1189, 1183, + 1255, 1256, 623, 1183, 724, 724, 1183, 724, 1183, 1183, + 1183, 1183, 1183, 1183, 1257, 1257, 1258, 639, 1258, 1183, + 740, 1258, 1183, 743, 743, 1183, 743, 1189, 1183, 1183, + 1183, 751, 751, 751, 1183, 1183, 751, 751, 751, 751, + 1183, 1183, 751, 751, 751, 751, 1183, 1183, 1183, 1183, + 751, 1189, 1183, 1183, 1259, 1189, 1189, 1189, 1183, 1183, + 1183, 251, 1260, 1260, 251, 251, 1260, 1260, 251, 251, + 1261, 1230, 1230, 1230, 1183, 795, 795, 795, 795, 795, + + 795, 795, 795, 1230, 1189, 1189, 1189, 1189, 1189, 1183, + 1262, 1183, 1263, 727, 1263, 1263, 816, 1263, 1183, 819, + 819, 1183, 819, 1183, 1183, 1183, 1183, 1264, 1264, 1265, + 746, 1265, 1183, 833, 1265, 1183, 836, 836, 836, 1189, + 1183, 841, 841, 841, 841, 841, 841, 841, 841, 841, + 841, 841, 1189, 1183, 1183, 1266, 1189, 1189, 1189, 1183, + 1183, 1183, 1183, 1183, 1183, 1267, 1267, 865, 865, 1267, + 1267, 865, 865, 1268, 1269, 1269, 1269, 1269, 1269, 1183, + 880, 880, 880, 880, 880, 880, 880, 880, 1269, 1189, + 1189, 1189, 1189, 1183, 1183, 1183, 1183, 1270, 1270, 1271, + + 822, 1271, 1271, 903, 1271, 1183, 906, 906, 1183, 906, + 1183, 1183, 1183, 1183, 1183, 1183, 1272, 1272, 1273, 1273, + 1273, 921, 1273, 1189, 841, 841, 841, 841, 1183, 1183, + 841, 841, 841, 1183, 1183, 1183, 1183, 841, 1183, 1183, + 1274, 1266, 1189, 1275, 1276, 1183, 1183, 1183, 1183, 865, + 1267, 1267, 865, 1267, 1267, 1269, 1269, 1269, 1269, 880, + 880, 880, 880, 880, 880, 1189, 1189, 1189, 1189, 1189, + 1189, 1183, 1183, 1183, 1183, 1183, 1183, 1277, 1277, 1278, + 909, 1278, 1278, 983, 1278, 1183, 986, 986, 1183, 986, + 1183, 1183, 1183, 1183, 1279, 1279, 1189, 1183, 1183, 841, + + 1183, 1183, 841, 841, 841, 841, 1183, 1274, 1274, 1183, + 1274, 1266, 1275, 1275, 1275, 1275, 1183, 1275, 1276, 1276, + 1183, 1183, 1183, 1183, 1183, 1183, 1267, 865, 1267, 1267, + 1269, 1269, 1269, 1269, 1269, 1269, 880, 880, 880, 880, + 1189, 1189, 1189, 1183, 1183, 1183, 1183, 1280, 1280, 1281, + 989, 1281, 1281, 1053, 1281, 1183, 1056, 1056, 1056, 1183, + 1183, 1183, 1183, 1183, 1189, 1183, 1183, 841, 841, 841, + 1183, 1266, 1183, 1183, 1183, 1183, 1183, 865, 1267, 1267, + 1269, 1269, 1269, 880, 880, 880, 1189, 1189, 1189, 1189, + 1189, 1183, 1183, 1183, 1183, 1183, 1183, 1282, 1282, 1283, + + 1283, 1283, 1102, 1102, 1183, 1183, 1183, 1183, 841, 1284, + 1183, 1183, 1183, 1183, 1183, 1267, 1269, 1269, 1269, 1269, + 1269, 880, 1189, 1189, 1189, 1183, 1183, 1183, 1183, 1285, + 1285, 1183, 1183, 1284, 1284, 1183, 1284, 1183, 1183, 1183, + 1269, 1269, 1269, 1189, 1189, 1189, 1189, 1189, 1183, 1183, + 1183, 1183, 1183, 1183, 1183, 1183, 1183, 1183, 1183, 1269, + 1269, 1269, 1269, 1269, 1189, 1189, 1189, 1183, 1183, 1183, + 1269, 1269, 1269, 1189, 1189, 1189, 1183, 1183, 1183, 1269, + 1269, 1269, 0, 1183, 1183, 1183, 1183, 1183, 1183, 1183, + 1183, 1183, 1183, 1183, 1183, 1183, 1183, 1183, 1183, 1183, + + 1183, 1183, 1183, 1183, 1183, 1183, 1183, 1183, 1183, 1183, + 1183, 1183, 1183, 1183, 1183, 1183, 1183, 1183, 1183, 1183, + 1183, 1183, 1183, 1183, 1183, 1183, 1183, 1183, 1183, 1183, + 1183, 1183, 1183, 1183, 1183, 1183, 1183, 1183, 1183, 1183, + 1183, 1183, 1183, 1183, 1183, 1183, 1183, 1183, 1183, 1183, + 1183, 1183, 1183, 1183, 1183, 1183, 1183, 1183, 1183, 1183, + 1183, 1183, 1183, 1183, 1183, 1183, 1183, 1183, 1183, 1183, + 1183, 1183, 1183, 1183, 1183, 1183, 1183, 1183, 1183, 1183, + 1183, 1183, 1183, 1183, 1183 } ; -static yyconst flex_int16_t yy_nxt[8328] = +static yyconst flex_int16_t yy_nxt[8301] = { 0, 20, 21, 22, 20, 23, 21, 24, 25, 26, 27, 28, 29, 20, 30, 31, 20, 20, 32, 33, 34, 35, 33, 33, 33, 33, 33, 33, 33, 36, 37, 38, 39, 40, 41, 42, 41, 43, 44, 45, 45, - 45, 45, 46, 47, 48, 45, 49, 50, 51, 52, - 45, 45, 45, 45, 45, 53, 20, 54, 54, 54, - 54, 54, 54, 20, 20, 20, 20, 20, 20, 20, - 20, 55, 20, 20, 56, 139, 177, 167, 56, 139, - 148, 57, 21, 72, 138, 73, 21, 74, 171, 75, - 181, 178, 173, 169, 165, 75, 167, 174, 21, 72, - - 149, 73, 21, 74, 182, 75, 170, 58, 59, 75, - 76, 75, 60, 161, 161, 161, 161, 161, 162, 167, - 61, 179, 172, 62, 63, 75, 76, 150, 63, 89, - 22, 64, 23, 89, 90, 91, 77, 65, 89, 22, - 66, 23, 89, 90, 91, 220, 204, 167, 247, 199, - 204, 251, 77, 278, 20, 138, 281, 41, 21, 22, - 38, 23, 21, 114, 115, 67, 197, 68, 305, 69, - 45, 219, 45, 21, 22, 38, 23, 21, 114, 115, - 154, 154, 138, 92, 154, 154, 184, 138, 227, 263, - 247, 187, 92, 201, 70, 63, 187, 201, 221, 63, - - 188, 250, 64, 226, 154, 209, 202, 226, 65, 138, - 137, 66, 116, 160, 160, 160, 160, 160, 160, 160, - 160, 160, 160, 435, 219, 20, 189, 116, 41, 155, - 189, 183, 184, 261, 213, 183, 67, 225, 68, 138, - 69, 45, 137, 45, 159, 159, 159, 159, 159, 159, - 159, 159, 159, 159, 148, 169, 338, 225, 167, 190, - 191, 143, 138, 292, 192, 70, 21, 22, 170, 23, - 21, 24, 193, 78, 232, 194, 223, 184, 339, 213, - 223, 203, 260, 196, 146, 146, 146, 146, 146, 146, - 146, 146, 146, 146, 228, 229, 664, 230, 228, 236, - - 224, 233, 243, 243, 243, 243, 243, 243, 243, 243, - 243, 243, 244, 244, 244, 244, 244, 245, 424, 425, - 79, 80, 80, 80, 80, 80, 80, 80, 80, 80, - 80, 80, 80, 80, 80, 80, 80, 80, 80, 21, - 22, 148, 23, 21, 24, 1125, 78, 242, 242, 242, - 242, 242, 242, 242, 242, 242, 242, 278, 257, 139, - 302, 232, 138, 139, 328, 206, 206, 258, 280, 206, - 206, 304, 227, 183, 184, 138, 213, 183, 274, 274, - 274, 274, 274, 274, 274, 274, 274, 274, 265, 206, - 138, 443, 184, 79, 80, 80, 80, 80, 80, 80, - - 80, 80, 80, 80, 80, 80, 80, 80, 80, 80, - 80, 80, 21, 22, 207, 23, 21, 24, 82, 78, - 263, 225, 386, 138, 83, 84, 85, 260, 212, 184, - 436, 213, 212, 214, 234, 215, 340, 234, 437, 214, - 86, 215, 263, 234, 148, 263, 234, 138, 138, 234, - 234, 289, 329, 269, 269, 215, 215, 269, 269, 143, - 290, 292, 446, 236, 1125, 234, 87, 21, 22, 138, - 23, 21, 24, 82, 78, 341, 388, 269, 292, 83, - 84, 85, 215, 275, 275, 275, 275, 275, 276, 237, - 234, 233, 158, 183, 184, 86, 213, 183, 143, 1125, - - 390, 262, 270, 273, 273, 273, 273, 273, 273, 273, - 273, 273, 273, 300, 300, 300, 300, 300, 300, 138, - 521, 87, 38, 21, 22, 38, 23, 21, 24, 38, - 38, 93, 28, 29, 38, 94, 31, 38, 38, 95, - 96, 97, 98, 96, 96, 96, 96, 96, 96, 96, - 36, 99, 38, 38, 100, 101, 101, 101, 102, 103, - 104, 104, 104, 104, 105, 106, 107, 104, 108, 104, - 109, 104, 104, 104, 104, 104, 104, 79, 38, 110, - 110, 110, 110, 110, 110, 111, 111, 111, 111, 111, - 111, 111, 111, 112, 111, 111, 117, 21, 22, 117, - - 23, 21, 24, 38, 38, 118, 28, 29, 117, 119, - 31, 117, 117, 120, 121, 122, 123, 121, 121, 121, - 121, 121, 121, 121, 36, 37, 38, 117, 124, 125, - 125, 125, 126, 127, 128, 128, 128, 128, 129, 130, - 131, 128, 132, 128, 133, 128, 128, 128, 128, 128, - 128, 134, 117, 135, 135, 135, 135, 135, 135, 117, - 117, 117, 117, 117, 117, 117, 117, 136, 117, 117, - 143, 261, 144, 146, 146, 146, 146, 146, 146, 146, - 146, 146, 146, 145, 1097, 1125, 146, 146, 146, 146, - 146, 146, 146, 146, 146, 146, 156, 529, 157, 157, - - 157, 157, 157, 157, 157, 157, 157, 157, 158, 138, - 776, 445, 159, 159, 159, 159, 159, 159, 183, 184, - 260, 213, 183, 137, 137, 137, 137, 137, 204, 137, - 137, 138, 204, 137, 302, 138, 336, 159, 159, 159, - 159, 159, 159, 137, 337, 404, 137, 137, 137, 137, - 204, 1125, 137, 344, 204, 137, 137, 344, 137, 137, - 137, 166, 166, 166, 166, 166, 166, 166, 166, 166, - 166, 158, 138, 622, 137, 166, 166, 166, 166, 166, - 166, 167, 167, 167, 167, 168, 167, 167, 167, 167, - 167, 167, 167, 167, 167, 167, 167, 167, 138, 167, - - 159, 159, 159, 159, 159, 159, 137, 137, 137, 137, - 137, 137, 137, 137, 137, 137, 137, 167, 167, 167, - 167, 167, 167, 167, 167, 167, 167, 1125, 143, 1125, - 390, 167, 167, 167, 167, 167, 167, 138, 143, 528, - 292, 167, 146, 146, 146, 146, 146, 146, 146, 146, - 146, 146, 336, 138, 1125, 1125, 137, 137, 137, 137, - 137, 137, 183, 184, 532, 185, 186, 137, 137, 137, - 336, 137, 137, 294, 1125, 137, 295, 295, 295, 295, - 295, 295, 295, 295, 295, 295, 998, 148, 138, 137, - 137, 137, 143, 343, 144, 1125, 147, 147, 147, 147, - - 147, 233, 147, 147, 335, 145, 147, 1125, 146, 146, - 146, 146, 146, 146, 146, 146, 146, 146, 1053, 534, - 147, 147, 147, 151, 151, 151, 151, 151, 1125, 151, - 151, 315, 316, 151, 233, 154, 154, 317, 318, 154, - 154, 319, 226, 320, 321, 517, 226, 151, 151, 151, - 201, 388, 263, 390, 201, 195, 143, 387, 144, 154, - 138, 183, 184, 202, 213, 183, 542, 228, 229, 216, - 230, 228, 1125, 1125, 1125, 1125, 1125, 1125, 1125, 1125, - 1125, 1125, 154, 138, 155, 154, 259, 410, 154, 154, - 259, 154, 154, 154, 154, 263, 225, 154, 154, 296, - - 297, 298, 296, 296, 296, 296, 296, 296, 296, 492, - 1125, 236, 154, 154, 300, 300, 300, 300, 300, 300, - 300, 300, 300, 300, 300, 300, 300, 300, 300, 300, - 300, 300, 300, 300, 619, 1125, 138, 239, 154, 236, - 260, 1125, 240, 236, 241, 241, 241, 241, 241, 241, - 241, 241, 241, 241, 158, 236, 531, 536, 242, 242, - 242, 242, 242, 242, 236, 236, 236, 236, 236, 236, - 236, 236, 236, 236, 236, 236, 236, 236, 236, 236, - 236, 833, 247, 242, 242, 242, 242, 242, 242, 236, - 236, 236, 236, 236, 236, 236, 236, 236, 236, 236, - - 1125, 391, 236, 236, 236, 236, 236, 236, 236, 236, - 236, 236, 1125, 500, 500, 500, 236, 236, 236, 236, - 236, 236, 146, 146, 146, 146, 146, 146, 146, 146, - 146, 146, 138, 1125, 1125, 183, 184, 336, 213, 183, - 138, 236, 236, 236, 236, 236, 236, 236, 527, 138, - 520, 236, 246, 246, 246, 246, 246, 246, 246, 246, - 246, 246, 158, 236, 1125, 336, 246, 246, 246, 246, - 246, 246, 247, 247, 247, 247, 248, 247, 247, 247, - 247, 247, 247, 247, 247, 247, 247, 247, 247, 219, - 249, 242, 242, 242, 242, 242, 242, 236, 236, 236, - - 236, 236, 236, 236, 236, 236, 236, 236, 247, 247, - 247, 247, 247, 247, 247, 247, 247, 247, 1125, 1125, - 1125, 547, 247, 247, 247, 247, 247, 247, 526, 344, - 206, 206, 247, 344, 206, 206, 349, 349, 349, 349, - 349, 349, 189, 731, 138, 541, 189, 236, 236, 236, - 236, 236, 236, 271, 206, 272, 272, 272, 272, 272, - 272, 272, 272, 272, 272, 158, 1125, 776, 1125, 273, - 273, 273, 273, 273, 273, 190, 191, 315, 316, 207, - 192, 138, 302, 317, 318, 537, 530, 319, 193, 320, - 1125, 194, 263, 404, 273, 273, 273, 273, 273, 273, - - 262, 218, 1125, 262, 624, 218, 556, 218, 218, 262, - 533, 557, 262, 262, 218, 262, 262, 262, 277, 277, - 277, 277, 277, 277, 277, 277, 277, 277, 158, 218, - 998, 262, 277, 277, 277, 277, 277, 277, 278, 278, - 278, 278, 279, 278, 278, 278, 278, 278, 278, 278, - 278, 278, 278, 278, 278, 263, 278, 273, 273, 273, - 273, 273, 273, 262, 262, 262, 262, 262, 262, 262, - 262, 262, 262, 262, 278, 278, 278, 278, 278, 278, - 278, 278, 278, 278, 1125, 138, 138, 819, 278, 278, - 278, 278, 278, 278, 143, 470, 292, 516, 278, 1125, - - 1125, 1125, 1125, 1125, 1125, 1125, 1125, 1125, 1125, 432, - 433, 1125, 434, 262, 262, 262, 262, 262, 262, 183, - 184, 540, 287, 288, 262, 262, 262, 621, 262, 262, - 466, 467, 262, 468, 263, 231, 231, 231, 231, 138, - 538, 231, 231, 539, 138, 231, 262, 262, 262, 154, - 138, 442, 137, 153, 137, 137, 153, 617, 137, 137, - 231, 231, 153, 345, 346, 347, 345, 345, 345, 345, - 345, 345, 345, 1125, 138, 138, 153, 153, 137, 156, - 549, 299, 299, 299, 299, 299, 299, 299, 299, 299, - 299, 158, 143, 535, 292, 299, 299, 299, 299, 299, - - 299, 183, 184, 933, 213, 183, 234, 234, 234, 234, - 234, 236, 234, 234, 236, 1125, 234, 568, 138, 1125, - 299, 299, 299, 299, 299, 299, 137, 628, 167, 137, - 234, 234, 234, 569, 236, 137, 618, 236, 137, 137, - 808, 137, 137, 137, 306, 306, 306, 306, 306, 306, - 306, 306, 306, 306, 158, 263, 546, 137, 306, 306, - 306, 306, 306, 306, 167, 167, 167, 167, 167, 167, - 167, 167, 167, 167, 167, 167, 167, 167, 167, 167, - 167, 138, 167, 299, 299, 299, 299, 299, 299, 137, - 137, 137, 137, 137, 137, 137, 137, 137, 137, 137, - - 167, 167, 167, 167, 167, 167, 167, 167, 167, 167, - 1125, 158, 278, 846, 167, 167, 167, 167, 167, 167, - 349, 349, 349, 349, 349, 349, 349, 349, 349, 349, - 371, 371, 371, 371, 371, 371, 302, 1125, 263, 137, - 137, 137, 137, 137, 137, 206, 587, 404, 137, 205, - 137, 137, 205, 234, 137, 137, 234, 627, 205, 1125, - 518, 575, 234, 154, 518, 234, 576, 154, 234, 234, - 154, 1125, 205, 205, 137, 263, 154, 489, 490, 263, - 491, 633, 236, 522, 234, 589, 1125, 519, 523, 1036, - 154, 154, 349, 349, 349, 349, 349, 349, 349, 349, - - 349, 349, 509, 509, 509, 509, 509, 510, 237, 234, - 154, 524, 263, 154, 625, 524, 154, 154, 1125, 154, - 154, 154, 154, 356, 357, 154, 154, 518, 524, 358, - 359, 518, 524, 360, 1125, 361, 620, 158, 525, 236, - 154, 154, 1125, 630, 367, 368, 369, 367, 367, 367, - 367, 367, 367, 367, 519, 525, 269, 269, 1064, 236, - 269, 269, 236, 629, 138, 239, 154, 240, 588, 348, - 348, 348, 348, 348, 348, 348, 348, 348, 348, 158, - 269, 263, 548, 348, 348, 348, 348, 348, 348, 1125, - 1125, 262, 262, 262, 262, 262, 585, 262, 262, 586, - - 570, 262, 138, 626, 263, 270, 732, 638, 348, 348, - 348, 348, 348, 348, 236, 262, 262, 262, 236, 350, - 350, 350, 350, 350, 350, 350, 350, 350, 350, 158, - 236, 263, 1058, 350, 350, 350, 350, 350, 350, 247, - 247, 247, 247, 247, 247, 247, 247, 247, 247, 247, - 247, 247, 247, 247, 247, 247, 635, 249, 348, 348, - 348, 348, 348, 348, 236, 236, 236, 236, 236, 236, - 236, 236, 236, 236, 236, 247, 247, 247, 247, 247, - 247, 247, 247, 247, 247, 1125, 1125, 138, 138, 247, - 247, 247, 247, 247, 247, 1125, 264, 264, 264, 264, - - 264, 623, 264, 264, 722, 391, 264, 392, 392, 392, - 392, 392, 392, 634, 236, 236, 236, 236, 236, 236, - 264, 264, 264, 266, 266, 266, 266, 266, 1125, 266, - 266, 885, 167, 266, 371, 371, 371, 371, 371, 371, - 371, 371, 371, 371, 138, 1125, 138, 266, 266, 266, - 269, 632, 631, 262, 268, 262, 262, 268, 1125, 262, - 262, 302, 636, 268, 371, 371, 371, 371, 371, 371, - 371, 371, 371, 371, 590, 726, 138, 268, 268, 262, - 271, 644, 370, 370, 370, 370, 370, 370, 370, 370, - 370, 370, 158, 504, 302, 138, 370, 370, 370, 370, - - 370, 370, 378, 379, 138, 506, 518, 524, 380, 381, - 518, 524, 382, 138, 383, 642, 1125, 302, 138, 263, - 302, 370, 370, 370, 370, 370, 370, 262, 506, 643, - 262, 404, 302, 519, 525, 236, 262, 661, 236, 262, - 262, 138, 262, 262, 262, 372, 372, 372, 372, 372, - 372, 372, 372, 372, 372, 158, 933, 820, 262, 372, - 372, 372, 372, 372, 372, 278, 278, 278, 278, 278, - 278, 278, 278, 278, 278, 278, 278, 278, 278, 278, - 278, 278, 263, 278, 370, 370, 370, 370, 370, 370, - 262, 262, 262, 262, 262, 262, 262, 262, 262, 262, - - 262, 278, 278, 278, 278, 278, 278, 278, 278, 278, - 278, 1125, 143, 1125, 292, 278, 278, 278, 278, 278, - 278, 295, 295, 295, 295, 295, 295, 295, 295, 295, - 295, 447, 721, 448, 448, 448, 448, 448, 448, 859, - 262, 262, 262, 262, 262, 262, 295, 295, 295, 295, - 295, 295, 295, 295, 295, 295, 391, 637, 392, 392, - 392, 392, 392, 392, 392, 392, 392, 392, 447, 1029, - 448, 448, 448, 448, 448, 448, 448, 448, 448, 448, - 683, 206, 263, 641, 666, 206, 236, 686, 206, 236, - 662, 138, 138, 1025, 206, 138, 391, 804, 393, 393, - - 393, 393, 393, 393, 393, 393, 393, 393, 206, 206, - 447, 263, 449, 449, 449, 449, 449, 449, 449, 449, - 449, 449, 447, 263, 450, 450, 450, 450, 450, 451, - 448, 448, 448, 448, 236, 138, 391, 236, 394, 394, - 394, 394, 394, 395, 392, 392, 392, 392, 498, 498, - 499, 500, 500, 500, 500, 500, 500, 500, 401, 138, - 269, 302, 518, 278, 269, 842, 518, 269, 236, 740, - 663, 236, 506, 269, 665, 138, 396, 396, 396, 396, - 396, 396, 396, 396, 396, 396, 158, 269, 269, 519, - 396, 396, 396, 396, 396, 396, 493, 494, 495, 493, - - 493, 493, 493, 493, 493, 493, 610, 610, 610, 610, - 610, 611, 884, 138, 167, 396, 396, 396, 396, 396, - 396, 398, 399, 400, 400, 400, 400, 400, 400, 400, - 400, 401, 1125, 138, 1024, 402, 402, 402, 402, 402, - 402, 409, 409, 409, 409, 409, 409, 409, 409, 409, - 409, 524, 138, 723, 753, 524, 889, 718, 167, 754, - 402, 402, 402, 402, 402, 402, 302, 405, 406, 407, - 405, 405, 405, 405, 405, 405, 405, 408, 525, 685, - 682, 409, 409, 409, 409, 409, 409, 508, 508, 508, - 508, 508, 508, 508, 508, 508, 508, 711, 711, 711, - - 711, 711, 712, 1125, 504, 302, 409, 409, 409, 409, - 409, 409, 137, 263, 263, 137, 506, 167, 1125, 236, - 734, 137, 236, 807, 137, 137, 733, 137, 137, 137, - 411, 411, 411, 411, 411, 411, 411, 411, 411, 411, - 158, 278, 915, 137, 411, 411, 411, 411, 411, 411, - 167, 167, 167, 167, 167, 167, 167, 167, 167, 167, - 167, 167, 167, 167, 167, 167, 167, 138, 167, 396, - 396, 396, 396, 396, 396, 137, 137, 137, 137, 137, - 137, 137, 137, 137, 137, 137, 167, 167, 167, 167, - 167, 167, 167, 167, 167, 167, 1125, 1125, 504, 302, - - 167, 167, 167, 167, 167, 167, 1125, 1125, 507, 507, - 507, 507, 507, 507, 507, 507, 507, 507, 739, 727, - 236, 1125, 302, 236, 728, 137, 137, 137, 137, 137, - 137, 452, 452, 452, 452, 452, 452, 452, 452, 452, - 452, 158, 953, 970, 167, 452, 452, 452, 452, 452, - 452, 550, 551, 552, 550, 550, 550, 550, 550, 550, - 550, 719, 724, 764, 684, 719, 724, 970, 765, 138, - 452, 452, 452, 452, 452, 452, 453, 453, 453, 453, - 453, 453, 453, 453, 453, 453, 745, 167, 720, 725, - 453, 453, 453, 453, 453, 453, 447, 263, 448, 448, - - 448, 448, 448, 448, 448, 448, 448, 448, 811, 236, - 504, 302, 236, 167, 302, 452, 452, 452, 452, 452, - 452, 470, 607, 471, 471, 471, 471, 471, 471, 471, - 471, 471, 471, 447, 859, 448, 448, 448, 448, 448, - 448, 448, 448, 448, 448, 571, 572, 573, 571, 571, - 571, 571, 571, 571, 571, 236, 954, 167, 236, 138, - 263, 470, 302, 472, 472, 472, 472, 472, 472, 472, - 472, 472, 472, 506, 470, 899, 471, 471, 471, 471, - 471, 471, 263, 596, 596, 596, 596, 596, 596, 596, - 596, 596, 596, 401, 167, 143, 843, 292, 809, 778, - - 263, 470, 278, 473, 473, 473, 473, 473, 474, 471, - 471, 471, 471, 263, 601, 602, 603, 601, 601, 601, - 601, 601, 601, 601, 515, 515, 515, 515, 515, 515, - 515, 515, 515, 515, 236, 167, 924, 236, 138, 138, - 263, 262, 813, 475, 475, 475, 475, 475, 475, 475, - 475, 475, 475, 743, 985, 815, 821, 475, 475, 475, - 475, 475, 475, 504, 302, 605, 605, 605, 605, 605, - 605, 138, 729, 735, 737, 506, 729, 735, 737, 757, - 769, 744, 475, 475, 475, 475, 475, 475, 476, 476, - 476, 476, 476, 476, 476, 476, 476, 476, 978, 730, - - 736, 738, 476, 476, 476, 476, 476, 476, 609, 609, - 609, 609, 609, 609, 609, 609, 609, 609, 138, 590, - 977, 591, 591, 591, 591, 591, 591, 475, 475, 475, - 475, 475, 475, 391, 776, 392, 392, 392, 392, 392, - 392, 392, 392, 392, 392, 1125, 778, 608, 608, 608, - 608, 608, 608, 608, 608, 608, 608, 645, 138, 646, - 646, 646, 646, 646, 646, 646, 646, 646, 646, 143, - 841, 292, 138, 391, 278, 392, 392, 392, 392, 392, - 392, 392, 392, 392, 392, 645, 976, 647, 647, 647, - 647, 647, 647, 647, 647, 647, 647, 645, 302, 648, - - 648, 648, 648, 648, 649, 646, 646, 646, 646, 607, - 832, 845, 138, 504, 302, 505, 505, 505, 505, 505, - 505, 505, 505, 505, 505, 506, 278, 247, 818, 507, - 507, 507, 507, 507, 507, 687, 688, 689, 687, 687, - 687, 687, 687, 687, 687, 645, 167, 646, 646, 646, - 646, 646, 646, 814, 507, 507, 507, 507, 507, 507, - 302, 511, 512, 513, 511, 511, 511, 511, 511, 511, - 511, 514, 138, 278, 986, 515, 515, 515, 515, 515, - 515, 699, 138, 700, 700, 700, 700, 700, 700, 700, - 700, 700, 700, 719, 263, 1125, 302, 719, 138, 167, - - 515, 515, 515, 515, 515, 515, 137, 607, 746, 137, - 812, 847, 138, 916, 956, 137, 278, 882, 137, 137, - 720, 137, 137, 137, 167, 167, 167, 167, 167, 167, - 167, 167, 167, 167, 158, 504, 302, 137, 167, 167, - 167, 167, 167, 167, 167, 167, 167, 167, 167, 167, - 167, 167, 167, 167, 167, 167, 167, 167, 167, 167, - 167, 138, 167, 137, 137, 137, 137, 137, 137, 137, - 137, 137, 137, 137, 137, 137, 137, 137, 137, 137, - 553, 553, 553, 553, 553, 553, 553, 553, 553, 553, - 950, 263, 167, 167, 553, 553, 553, 553, 553, 553, - - 699, 768, 701, 701, 701, 701, 701, 701, 701, 701, - 701, 701, 781, 781, 781, 781, 781, 782, 869, 553, - 553, 553, 553, 553, 553, 554, 554, 554, 554, 554, - 554, 554, 554, 554, 554, 987, 167, 778, 278, 554, - 554, 554, 554, 554, 554, 699, 806, 702, 702, 702, - 702, 702, 703, 700, 700, 700, 700, 798, 798, 798, - 798, 798, 799, 693, 553, 553, 553, 553, 553, 553, - 236, 236, 566, 236, 236, 567, 236, 236, 236, 236, - 1125, 1015, 263, 167, 236, 236, 236, 236, 236, 236, - 616, 616, 616, 616, 616, 616, 616, 616, 616, 616, + 46, 45, 47, 48, 49, 45, 50, 51, 52, 53, + 45, 45, 45, 45, 45, 54, 20, 55, 55, 55, + 55, 55, 55, 20, 20, 20, 20, 20, 20, 20, + 20, 56, 20, 20, 57, 142, 181, 170, 57, 142, + 151, 58, 21, 73, 141, 74, 21, 75, 174, 76, + 185, 182, 177, 172, 168, 76, 170, 178, 21, 73, + + 152, 74, 21, 75, 186, 76, 173, 59, 60, 76, + 77, 76, 61, 164, 164, 164, 164, 164, 165, 170, + 62, 183, 175, 63, 64, 76, 77, 153, 64, 90, + 22, 65, 23, 90, 91, 92, 78, 66, 90, 22, + 67, 23, 90, 91, 92, 224, 208, 170, 251, 203, + 208, 255, 78, 283, 20, 141, 286, 41, 21, 22, + 38, 23, 21, 116, 117, 68, 201, 69, 311, 70, + 45, 223, 45, 21, 22, 38, 23, 21, 116, 117, + 157, 157, 141, 93, 157, 157, 188, 141, 231, 268, + 251, 191, 93, 205, 71, 64, 191, 205, 225, 64, + + 192, 254, 65, 230, 157, 213, 206, 230, 66, 141, + 140, 67, 118, 163, 163, 163, 163, 163, 163, 163, + 163, 163, 163, 449, 223, 20, 193, 118, 41, 158, + 193, 187, 188, 266, 217, 187, 68, 229, 69, 141, + 70, 45, 140, 45, 162, 162, 162, 162, 162, 162, + 162, 162, 162, 162, 151, 172, 346, 229, 170, 194, + 195, 146, 141, 298, 196, 71, 21, 22, 173, 23, + 21, 24, 197, 79, 236, 198, 227, 188, 347, 217, + 227, 207, 265, 200, 149, 149, 149, 149, 149, 149, + 149, 149, 149, 149, 232, 233, 692, 234, 232, 240, + + 228, 237, 247, 247, 247, 247, 247, 247, 247, 247, + 247, 247, 248, 248, 248, 248, 248, 249, 438, 439, + 80, 81, 81, 81, 81, 81, 81, 81, 81, 81, + 81, 81, 81, 81, 81, 81, 81, 81, 81, 21, + 22, 151, 23, 21, 24, 1183, 79, 246, 246, 246, + 246, 246, 246, 246, 246, 246, 246, 283, 262, 142, + 308, 236, 141, 142, 336, 210, 210, 263, 285, 210, + 210, 310, 231, 187, 188, 141, 217, 187, 279, 279, + 279, 279, 279, 279, 279, 279, 279, 279, 270, 210, + 141, 457, 188, 80, 81, 81, 81, 81, 81, 81, - 699, 894, 700, 700, 700, 700, 700, 700, 917, 236, - 236, 236, 236, 236, 236, 470, 167, 471, 471, 471, - 471, 471, 471, 471, 471, 471, 471, 504, 302, 706, - 706, 706, 706, 706, 706, 1016, 167, 138, 1125, 607, - 710, 710, 710, 710, 710, 710, 710, 710, 710, 710, - 778, 888, 1012, 835, 263, 470, 167, 471, 471, 471, - 471, 471, 471, 471, 471, 471, 471, 1125, 909, 709, - 709, 709, 709, 709, 709, 709, 709, 709, 709, 747, - 748, 749, 747, 747, 747, 747, 747, 747, 747, 897, - 143, 263, 292, 897, 263, 590, 776, 591, 591, 591, - - 591, 591, 591, 591, 591, 591, 591, 645, 778, 646, - 646, 646, 646, 646, 646, 646, 646, 646, 646, 645, - 302, 646, 646, 646, 646, 646, 646, 646, 646, 646, - 646, 607, 724, 908, 138, 590, 724, 592, 592, 592, - 592, 592, 592, 592, 592, 592, 592, 167, 898, 729, - 504, 302, 959, 729, 960, 907, 1017, 810, 960, 725, - 735, 737, 607, 719, 735, 737, 666, 719, 667, 667, - 667, 667, 667, 667, 138, 590, 730, 593, 593, 593, - 593, 593, 594, 591, 591, 591, 591, 736, 738, 776, - 720, 758, 759, 760, 758, 758, 758, 758, 758, 758, - - 758, 859, 724, 729, 906, 263, 724, 729, 862, 862, - 862, 862, 862, 863, 138, 504, 302, 605, 605, 605, - 605, 605, 605, 605, 605, 605, 605, 506, 263, 725, - 730, 604, 604, 604, 604, 604, 604, 698, 698, 698, - 698, 698, 698, 698, 698, 698, 698, 822, 735, 737, - 719, 138, 735, 737, 719, 896, 604, 604, 604, 604, - 604, 604, 504, 302, 606, 606, 606, 606, 606, 606, - 606, 606, 606, 606, 607, 736, 738, 720, 608, 608, - 608, 608, 608, 608, 780, 780, 780, 780, 780, 780, - 780, 780, 780, 780, 724, 729, 735, 955, 724, 729, - - 735, 895, 167, 608, 608, 608, 608, 608, 608, 302, - 612, 613, 614, 612, 612, 612, 612, 612, 612, 612, - 615, 725, 730, 736, 616, 616, 616, 616, 616, 616, - 1125, 302, 779, 779, 779, 779, 779, 779, 779, 779, - 779, 779, 708, 138, 504, 302, 278, 1030, 167, 616, - 616, 616, 616, 616, 616, 666, 708, 667, 667, 667, - 667, 667, 667, 667, 667, 667, 667, 788, 789, 790, - 788, 788, 788, 788, 788, 788, 788, 699, 1125, 700, - 700, 700, 700, 700, 700, 700, 700, 700, 700, 1051, - 859, 167, 918, 693, 263, 666, 502, 668, 668, 668, - - 668, 668, 668, 668, 668, 668, 668, 699, 900, 700, - 700, 700, 700, 700, 700, 700, 700, 700, 700, 717, - 717, 717, 717, 717, 717, 717, 717, 717, 717, 844, - 900, 138, 900, 901, 263, 666, 834, 669, 669, 669, - 669, 669, 670, 667, 667, 667, 667, 1125, 302, 504, - 302, 793, 793, 793, 793, 793, 793, 138, 1078, 708, - 1079, 708, 797, 797, 797, 797, 797, 797, 797, 797, - 797, 797, 737, 918, 263, 590, 737, 591, 591, 591, - 591, 591, 591, 591, 591, 591, 591, 1125, 831, 796, - 796, 796, 796, 796, 796, 796, 796, 796, 796, 738, - - 822, 823, 823, 823, 823, 823, 823, 823, 823, 823, - 823, 1096, 138, 1079, 138, 590, 830, 591, 591, 591, - 591, 591, 591, 591, 591, 591, 591, 822, 824, 824, - 824, 824, 824, 824, 824, 824, 824, 824, 822, 825, - 825, 825, 825, 825, 826, 823, 823, 823, 823, 958, - 959, 828, 960, 958, 138, 694, 695, 696, 694, 694, - 694, 694, 694, 694, 694, 697, 217, 217, 217, 698, - 698, 698, 698, 698, 698, 979, 848, 849, 850, 851, - 848, 848, 848, 848, 848, 848, 769, 770, 770, 770, - 770, 770, 770, 827, 698, 698, 698, 698, 698, 698, - - 504, 302, 706, 706, 706, 706, 706, 706, 706, 706, - 706, 706, 607, 138, 263, 817, 705, 705, 705, 705, - 705, 705, 979, 816, 138, 853, 854, 855, 853, 853, - 853, 853, 853, 853, 853, 880, 880, 880, 880, 880, - 881, 705, 705, 705, 705, 705, 705, 504, 302, 707, - 707, 707, 707, 707, 707, 707, 707, 707, 707, 708, - 143, 263, 292, 709, 709, 709, 709, 709, 709, 787, - 787, 787, 787, 787, 787, 787, 787, 787, 787, 890, - 892, 886, 167, 890, 892, 886, 1031, 699, 709, 709, - 709, 709, 709, 709, 302, 713, 714, 715, 713, 713, - - 713, 713, 713, 713, 713, 716, 891, 893, 887, 717, - 717, 717, 717, 717, 717, 776, 138, 857, 857, 857, - 857, 857, 857, 961, 693, 138, 949, 778, 502, 504, - 302, 167, 401, 263, 717, 717, 717, 717, 717, 717, - 666, 708, 667, 667, 667, 667, 667, 667, 667, 667, - 667, 667, 861, 861, 861, 861, 861, 861, 861, 861, - 861, 861, 1125, 302, 860, 860, 860, 860, 860, 860, - 860, 860, 860, 860, 708, 1072, 1072, 1072, 1072, 263, - 666, 776, 667, 667, 667, 667, 667, 667, 667, 667, - 667, 667, 869, 859, 870, 870, 870, 870, 870, 870, - - 870, 870, 870, 870, 869, 302, 871, 871, 871, 871, - 871, 871, 871, 871, 871, 871, 795, 1059, 1086, 263, - 769, 770, 770, 770, 770, 770, 770, 770, 770, 770, - 770, 869, 263, 872, 872, 872, 872, 872, 873, 870, - 870, 870, 870, 504, 302, 803, 803, 803, 803, 803, - 803, 803, 803, 803, 803, 795, 263, 138, 138, 769, - 771, 771, 771, 771, 771, 771, 771, 771, 771, 771, - 1125, 302, 504, 302, 876, 876, 876, 876, 876, 876, - 263, 263, 795, 776, 795, 879, 879, 879, 879, 879, - 879, 879, 879, 879, 879, 933, 767, 138, 769, 772, - - 772, 772, 772, 772, 773, 770, 770, 770, 770, 1125, - 1125, 878, 878, 878, 878, 878, 878, 878, 878, 878, - 878, 766, 933, 890, 892, 763, 776, 890, 892, 822, - 823, 823, 823, 823, 823, 823, 138, 776, 933, 777, - 777, 777, 777, 777, 777, 777, 777, 777, 777, 778, - 891, 893, 762, 779, 779, 779, 779, 779, 779, 902, - 903, 904, 905, 902, 902, 902, 902, 902, 902, 163, - 163, 163, 163, 167, 167, 163, 761, 163, 779, 779, - 779, 779, 779, 779, 783, 784, 785, 783, 783, 783, - 783, 783, 783, 783, 786, 217, 217, 217, 787, 787, - - 787, 787, 787, 787, 822, 823, 823, 823, 823, 823, - 823, 823, 823, 823, 823, 886, 890, 892, 756, 886, - 890, 892, 755, 787, 787, 787, 787, 787, 787, 504, - 302, 793, 793, 793, 793, 793, 793, 793, 793, 793, - 793, 708, 887, 891, 893, 792, 792, 792, 792, 792, - 792, 822, 823, 823, 823, 823, 823, 823, 823, 823, - 823, 823, 886, 278, 278, 278, 886, 752, 751, 750, - 792, 792, 792, 792, 792, 792, 504, 302, 794, 794, - 794, 794, 794, 794, 794, 794, 794, 794, 795, 887, - 645, 742, 796, 796, 796, 796, 796, 796, 910, 911, - - 912, 913, 910, 910, 910, 910, 910, 910, 835, 836, - 836, 836, 836, 836, 836, 741, 138, 796, 796, 796, - 796, 796, 796, 302, 800, 801, 802, 800, 800, 800, - 800, 800, 800, 800, 1102, 263, 138, 138, 803, 803, - 803, 803, 803, 803, 138, 924, 263, 925, 925, 925, - 925, 925, 925, 925, 925, 925, 925, 936, 936, 936, - 936, 936, 937, 803, 803, 803, 803, 803, 803, 137, - 890, 892, 137, 263, 890, 892, 958, 959, 137, 960, - 958, 137, 137, 1125, 137, 137, 137, 167, 167, 167, - 167, 167, 167, 167, 167, 167, 167, 891, 893, 693, - - 137, 167, 167, 167, 167, 167, 167, 167, 167, 805, - 167, 167, 167, 167, 167, 167, 167, 167, 167, 167, - 167, 167, 167, 167, 138, 167, 137, 137, 137, 137, - 137, 137, 137, 137, 137, 137, 137, 137, 137, 137, - 137, 137, 137, 236, 502, 401, 776, 236, 247, 247, - 247, 247, 247, 247, 247, 247, 247, 247, 998, 236, - 401, 681, 247, 247, 247, 247, 247, 247, 247, 247, - 247, 247, 247, 247, 247, 247, 247, 247, 247, 247, - 247, 247, 829, 247, 247, 680, 249, 236, 236, 236, - 236, 236, 236, 236, 236, 236, 236, 236, 236, 236, + 81, 81, 81, 81, 81, 81, 81, 81, 81, 81, + 81, 81, 21, 22, 211, 23, 21, 24, 83, 79, + 268, 229, 398, 141, 84, 85, 86, 265, 216, 188, + 450, 217, 216, 218, 238, 219, 348, 238, 451, 218, + 87, 219, 268, 238, 151, 268, 238, 141, 141, 238, + 238, 295, 337, 274, 274, 219, 219, 274, 274, 146, + 296, 298, 460, 240, 1183, 238, 88, 21, 22, 141, + 23, 21, 24, 83, 79, 349, 400, 274, 298, 84, + 85, 86, 219, 280, 280, 280, 280, 280, 281, 241, + 238, 237, 161, 187, 188, 87, 217, 187, 146, 1183, + + 402, 267, 275, 278, 278, 278, 278, 278, 278, 278, + 278, 278, 278, 306, 306, 306, 306, 306, 306, 141, + 540, 88, 38, 21, 22, 38, 23, 21, 24, 38, + 38, 94, 28, 29, 38, 95, 31, 38, 38, 96, + 97, 98, 99, 97, 97, 97, 97, 97, 97, 97, + 36, 100, 38, 38, 101, 102, 102, 102, 103, 104, + 105, 105, 106, 105, 107, 108, 109, 105, 110, 105, + 111, 105, 105, 105, 105, 105, 105, 80, 38, 112, + 112, 112, 112, 112, 112, 113, 113, 113, 113, 113, + 113, 113, 113, 114, 113, 113, 119, 21, 22, 119, + + 23, 21, 24, 38, 38, 120, 28, 29, 119, 121, + 31, 119, 119, 122, 123, 124, 125, 123, 123, 123, + 123, 123, 123, 123, 36, 37, 38, 119, 126, 127, + 127, 127, 128, 129, 130, 130, 131, 130, 132, 133, + 134, 130, 135, 130, 136, 130, 130, 130, 130, 130, + 130, 137, 119, 138, 138, 138, 138, 138, 138, 119, + 119, 119, 119, 119, 119, 119, 119, 139, 119, 119, + 146, 266, 147, 149, 149, 149, 149, 149, 149, 149, + 149, 149, 149, 148, 1155, 1183, 149, 149, 149, 149, + 149, 149, 149, 149, 149, 149, 159, 549, 160, 160, + + 160, 160, 160, 160, 160, 160, 160, 160, 161, 141, + 812, 459, 162, 162, 162, 162, 162, 162, 187, 188, + 265, 217, 187, 140, 140, 140, 140, 140, 208, 140, + 140, 141, 208, 140, 308, 141, 344, 162, 162, 162, + 162, 162, 162, 140, 345, 416, 140, 140, 140, 140, + 208, 1183, 140, 352, 208, 140, 140, 352, 140, 140, + 140, 169, 169, 169, 169, 169, 169, 169, 169, 169, + 169, 161, 141, 647, 140, 169, 169, 169, 169, 169, + 169, 170, 170, 170, 170, 171, 170, 170, 170, 170, + 170, 170, 170, 170, 170, 170, 170, 170, 141, 170, + + 162, 162, 162, 162, 162, 162, 140, 140, 140, 140, + 140, 140, 140, 140, 140, 140, 140, 170, 170, 170, + 170, 170, 170, 170, 170, 170, 170, 1183, 146, 1183, + 402, 170, 170, 170, 170, 170, 170, 141, 146, 548, + 298, 170, 149, 149, 149, 149, 149, 149, 149, 149, + 149, 149, 344, 141, 1183, 1183, 140, 140, 140, 140, + 140, 140, 187, 188, 552, 189, 190, 140, 140, 140, + 344, 140, 140, 300, 1183, 140, 301, 301, 301, 301, + 301, 301, 301, 301, 301, 301, 1051, 151, 141, 140, + 140, 140, 146, 351, 147, 1183, 150, 150, 150, 150, + + 150, 237, 150, 150, 343, 148, 150, 1183, 149, 149, + 149, 149, 149, 149, 149, 149, 149, 149, 1183, 554, + 150, 150, 150, 154, 154, 154, 154, 154, 205, 154, + 154, 1183, 205, 154, 237, 157, 157, 539, 657, 157, + 157, 206, 187, 188, 403, 217, 187, 154, 154, 154, + 232, 233, 268, 234, 232, 199, 146, 399, 147, 157, + 357, 357, 357, 357, 357, 357, 141, 352, 1183, 220, + 422, 352, 1183, 1183, 1183, 1183, 1183, 1183, 1183, 1183, + 1183, 1183, 157, 141, 158, 157, 230, 752, 157, 157, + 230, 157, 157, 157, 157, 268, 1183, 157, 157, 302, - 236, 236, 236, 236, 835, 836, 836, 836, 836, 836, - 836, 836, 836, 836, 836, 924, 679, 926, 926, 926, - 926, 926, 926, 926, 926, 926, 926, 924, 302, 927, - 927, 927, 927, 927, 928, 925, 925, 925, 925, 795, - 678, 677, 263, 835, 837, 837, 837, 837, 837, 837, - 837, 837, 837, 837, 868, 868, 868, 868, 868, 868, - 868, 868, 868, 868, 776, 1125, 931, 931, 931, 931, - 931, 931, 301, 301, 397, 397, 859, 998, 301, 676, - 397, 263, 835, 838, 838, 838, 838, 838, 839, 836, - 836, 836, 836, 935, 935, 935, 935, 935, 935, 935, - - 935, 935, 935, 1125, 900, 934, 934, 934, 934, 934, - 934, 934, 934, 934, 934, 504, 302, 496, 496, 776, - 263, 262, 675, 496, 262, 674, 900, 795, 900, 900, - 262, 998, 673, 262, 262, 672, 262, 262, 262, 278, - 278, 278, 278, 278, 278, 278, 278, 278, 278, 143, - 671, 292, 262, 278, 278, 278, 278, 278, 278, 278, - 278, 278, 278, 278, 278, 278, 278, 278, 278, 278, - 278, 840, 278, 278, 278, 278, 263, 278, 262, 262, - 262, 262, 262, 262, 262, 262, 262, 262, 262, 262, - 262, 262, 262, 262, 262, 769, 770, 770, 770, 770, - - 770, 770, 770, 770, 770, 770, 943, 944, 945, 943, - 943, 943, 943, 943, 943, 943, 869, 1018, 870, 870, - 870, 870, 870, 870, 870, 870, 870, 870, 1052, 143, - 660, 292, 1052, 138, 769, 770, 770, 770, 770, 770, - 770, 770, 770, 770, 770, 869, 659, 870, 870, 870, - 870, 870, 870, 870, 870, 870, 870, 869, 658, 870, - 870, 870, 870, 870, 870, 1001, 1001, 1001, 1001, 1001, - 1002, 657, 138, 776, 656, 857, 857, 857, 857, 857, - 857, 857, 857, 857, 857, 778, 776, 655, 858, 858, - 858, 858, 858, 858, 858, 858, 858, 858, 859, 654, - - 653, 652, 860, 860, 860, 860, 860, 860, 504, 302, - 948, 948, 948, 948, 948, 948, 651, 951, 951, 951, - 1095, 951, 951, 951, 650, 1125, 1095, 860, 860, 860, - 860, 860, 860, 864, 865, 866, 864, 864, 864, 864, - 864, 864, 864, 867, 952, 952, 952, 868, 868, 868, - 868, 868, 868, 963, 1125, 497, 497, 963, 964, 965, - 966, 497, 1077, 1078, 963, 1079, 1077, 167, 963, 964, - 965, 966, 868, 868, 868, 868, 868, 868, 504, 302, + 303, 304, 302, 302, 302, 302, 302, 302, 302, 510, + 546, 240, 157, 157, 306, 306, 306, 306, 306, 306, + 306, 306, 306, 306, 306, 306, 306, 306, 306, 306, + 306, 306, 306, 306, 1111, 1183, 141, 243, 157, 240, + 229, 1183, 244, 240, 245, 245, 245, 245, 245, 245, + 245, 245, 245, 245, 161, 240, 547, 556, 246, 246, + 246, 246, 246, 246, 240, 240, 240, 240, 240, 240, + 240, 240, 240, 240, 240, 240, 240, 240, 240, 240, + 240, 1183, 1183, 246, 246, 246, 246, 246, 246, 240, + 240, 240, 240, 240, 240, 240, 240, 240, 240, 240, + + 1183, 550, 240, 240, 240, 240, 240, 240, 240, 240, + 240, 240, 1183, 400, 663, 402, 240, 240, 240, 240, + 240, 240, 322, 323, 482, 483, 324, 484, 325, 326, + 446, 447, 327, 448, 328, 329, 518, 518, 518, 308, + 1183, 240, 240, 240, 240, 240, 240, 240, 545, 141, + 416, 240, 250, 250, 250, 250, 250, 250, 250, 250, + 250, 250, 161, 240, 812, 141, 250, 250, 250, 250, + 250, 250, 251, 251, 251, 251, 252, 251, 251, 251, + 251, 251, 251, 251, 251, 251, 251, 251, 251, 1051, + 253, 246, 246, 246, 246, 246, 246, 240, 240, 240, + + 240, 240, 240, 240, 240, 240, 240, 240, 251, 251, + 251, 251, 251, 251, 251, 251, 251, 251, 1183, 141, + 567, 1183, 251, 251, 251, 251, 251, 251, 141, 772, + 210, 210, 251, 344, 210, 210, 187, 188, 535, 217, + 187, 536, 193, 141, 1183, 536, 193, 240, 240, 240, + 240, 240, 240, 276, 210, 277, 277, 277, 277, 277, + 277, 277, 277, 277, 277, 161, 1183, 658, 537, 278, + 278, 278, 278, 278, 278, 194, 195, 322, 323, 211, + 196, 324, 141, 325, 326, 1183, 555, 327, 197, 328, + 223, 198, 268, 534, 278, 278, 278, 278, 278, 278, + + 267, 222, 538, 267, 141, 222, 577, 222, 222, 267, + 562, 578, 267, 267, 222, 267, 267, 267, 282, 282, + 282, 282, 282, 282, 282, 282, 282, 282, 161, 222, + 981, 267, 282, 282, 282, 282, 282, 282, 283, 283, + 283, 283, 284, 283, 283, 283, 283, 283, 283, 283, + 283, 283, 283, 283, 283, 268, 283, 278, 278, 278, + 278, 278, 278, 267, 267, 267, 267, 267, 267, 267, + 267, 267, 267, 267, 283, 283, 283, 283, 283, 283, + 283, 283, 283, 283, 1183, 1092, 308, 1183, 283, 283, + 283, 283, 283, 283, 146, 553, 298, 416, 283, 149, + + 149, 149, 149, 149, 149, 149, 149, 149, 149, 507, + 508, 141, 509, 267, 267, 267, 267, 267, 267, 187, + 188, 560, 293, 294, 267, 267, 267, 344, 267, 267, + 170, 851, 267, 1183, 1183, 1183, 1183, 1183, 1183, 1183, + 1183, 1183, 1183, 1183, 268, 611, 267, 267, 267, 157, + 141, 456, 140, 156, 140, 140, 156, 264, 140, 140, + 557, 264, 156, 353, 354, 355, 353, 353, 353, 353, + 353, 353, 353, 1183, 268, 141, 156, 156, 140, 159, + 561, 305, 305, 305, 305, 305, 305, 305, 305, 305, + 305, 161, 486, 641, 551, 305, 305, 305, 305, 305, + + 305, 141, 235, 235, 235, 235, 157, 569, 235, 235, + 157, 265, 235, 157, 240, 141, 141, 240, 141, 157, + 305, 305, 305, 305, 305, 305, 140, 235, 235, 140, + 1065, 268, 1183, 157, 157, 140, 591, 240, 140, 140, + 240, 140, 140, 140, 312, 312, 312, 312, 312, 312, + 312, 312, 312, 312, 161, 592, 643, 140, 312, 312, + 312, 312, 312, 312, 170, 170, 170, 170, 170, 170, + 170, 170, 170, 170, 170, 170, 170, 170, 170, 170, + 170, 141, 170, 305, 305, 305, 305, 305, 305, 140, + 140, 140, 140, 140, 140, 140, 140, 140, 140, 140, + + 170, 170, 170, 170, 170, 170, 170, 170, 170, 170, + 1183, 161, 1183, 1122, 170, 170, 170, 170, 170, 170, + 357, 357, 357, 357, 357, 357, 357, 357, 357, 357, + 381, 381, 381, 381, 381, 381, 763, 660, 268, 140, + 140, 140, 140, 140, 140, 210, 1183, 612, 140, 209, + 140, 140, 209, 238, 140, 140, 238, 146, 209, 298, + 187, 188, 238, 217, 187, 238, 653, 543, 238, 238, + 141, 543, 209, 209, 140, 527, 527, 527, 527, 527, + 528, 170, 240, 268, 238, 843, 238, 238, 238, 238, + 238, 536, 238, 238, 544, 536, 238, 357, 357, 357, + + 357, 357, 357, 357, 357, 357, 357, 1183, 241, 238, + 238, 238, 238, 157, 268, 650, 157, 1183, 537, 157, + 157, 566, 157, 157, 157, 157, 365, 366, 157, 157, + 367, 558, 368, 369, 559, 645, 370, 847, 371, 170, + 161, 598, 240, 157, 157, 1183, 599, 377, 378, 379, + 377, 377, 377, 377, 377, 377, 377, 541, 609, 274, + 274, 610, 542, 274, 274, 268, 141, 141, 243, 157, + 244, 613, 356, 356, 356, 356, 356, 356, 356, 356, + 356, 356, 161, 274, 268, 568, 356, 356, 356, 356, + 356, 356, 1183, 268, 267, 267, 267, 267, 267, 240, + + 267, 267, 240, 1183, 267, 590, 649, 1183, 275, 644, + 1116, 356, 356, 356, 356, 356, 356, 240, 267, 267, + 267, 240, 358, 358, 358, 358, 358, 358, 358, 358, + 358, 358, 161, 240, 1109, 651, 358, 358, 358, 358, + 358, 358, 251, 251, 251, 251, 251, 251, 251, 251, + 251, 251, 251, 251, 251, 251, 251, 251, 251, 661, + 253, 356, 356, 356, 356, 356, 356, 240, 240, 240, + 240, 240, 240, 240, 240, 240, 240, 240, 251, 251, + 251, 251, 251, 251, 251, 251, 251, 251, 1183, 141, + 141, 1183, 251, 251, 251, 251, 251, 251, 1183, 269, + + 269, 269, 269, 269, 648, 269, 269, 646, 403, 269, + 404, 404, 404, 404, 404, 404, 308, 240, 240, 240, + 240, 240, 240, 269, 269, 269, 271, 271, 271, 271, + 271, 662, 271, 271, 1183, 1183, 271, 381, 381, 381, + 381, 381, 381, 381, 381, 381, 381, 141, 308, 652, + 271, 271, 271, 274, 141, 642, 267, 273, 267, 267, + 273, 1183, 267, 267, 141, 668, 273, 381, 381, 381, + 381, 381, 381, 381, 381, 381, 381, 1183, 757, 141, + 273, 273, 267, 276, 664, 380, 380, 380, 380, 380, + 380, 380, 380, 380, 380, 161, 522, 308, 655, 380, + + 380, 380, 380, 380, 380, 389, 390, 1183, 524, 391, + 543, 392, 393, 1183, 543, 394, 656, 395, 1183, 1183, + 308, 654, 268, 141, 380, 380, 380, 380, 380, 380, + 267, 524, 536, 267, 669, 240, 536, 544, 240, 267, + 659, 1183, 267, 267, 981, 267, 267, 267, 382, 382, + 382, 382, 382, 382, 382, 382, 382, 382, 161, 537, + 758, 267, 382, 382, 382, 382, 382, 382, 283, 283, + 283, 283, 283, 283, 283, 283, 283, 283, 283, 283, + 283, 283, 283, 283, 283, 268, 283, 380, 380, 380, + 380, 380, 380, 267, 267, 267, 267, 267, 267, 267, + + 267, 267, 267, 267, 283, 283, 283, 283, 283, 283, + 283, 283, 283, 283, 1183, 146, 901, 298, 283, 283, + 283, 283, 283, 283, 301, 301, 301, 301, 301, 301, + 301, 301, 301, 301, 461, 1085, 462, 462, 462, 462, + 462, 462, 1084, 267, 267, 267, 267, 267, 267, 301, + 301, 301, 301, 301, 301, 301, 301, 301, 301, 403, + 712, 404, 404, 404, 404, 404, 404, 404, 404, 404, + 404, 461, 1080, 462, 462, 462, 462, 462, 462, 462, + 462, 462, 462, 713, 210, 141, 667, 614, 210, 308, + 670, 210, 240, 268, 689, 240, 1079, 210, 141, 403, + + 416, 405, 405, 405, 405, 405, 405, 405, 405, 405, + 405, 210, 210, 461, 268, 463, 463, 463, 463, 463, + 463, 463, 463, 463, 463, 461, 141, 464, 464, 464, + 464, 464, 465, 462, 462, 462, 462, 240, 141, 403, + 240, 406, 406, 406, 406, 406, 407, 404, 404, 404, + 404, 516, 516, 517, 518, 518, 518, 518, 518, 518, + 518, 413, 308, 274, 308, 543, 1183, 274, 240, 543, + 274, 240, 690, 524, 751, 524, 274, 693, 141, 408, + 408, 408, 408, 408, 408, 408, 408, 408, 408, 161, + 274, 274, 544, 408, 408, 408, 408, 408, 408, 511, + + 512, 513, 511, 511, 511, 511, 511, 511, 511, 634, + 634, 634, 634, 634, 635, 1078, 141, 1183, 408, 408, + 408, 408, 408, 408, 410, 411, 412, 412, 412, 412, + 412, 412, 412, 412, 413, 753, 141, 1021, 414, 414, + 414, 414, 414, 414, 421, 421, 421, 421, 421, 421, + 421, 421, 421, 421, 536, 543, 268, 141, 536, 543, + 1021, 716, 748, 414, 414, 414, 414, 414, 414, 308, + 417, 418, 419, 417, 417, 417, 417, 417, 417, 417, + 420, 537, 544, 714, 421, 421, 421, 421, 421, 421, + 526, 526, 526, 526, 526, 526, 526, 526, 526, 526, + + 240, 1183, 691, 240, 1183, 522, 308, 522, 308, 421, + 421, 421, 421, 421, 421, 140, 268, 524, 140, 631, + 764, 1183, 754, 1183, 140, 170, 852, 140, 140, 765, + 140, 140, 140, 423, 423, 423, 423, 423, 423, 423, + 423, 423, 423, 161, 771, 1069, 140, 423, 423, 423, + 423, 423, 423, 170, 170, 170, 170, 170, 170, 170, + 170, 170, 170, 170, 170, 170, 170, 170, 170, 170, + 141, 170, 408, 408, 408, 408, 408, 408, 140, 140, + 140, 140, 140, 140, 140, 140, 140, 140, 140, 170, + 170, 170, 170, 170, 170, 170, 170, 170, 170, 1183, + + 141, 1068, 857, 170, 170, 170, 170, 170, 170, 1183, + 715, 525, 525, 525, 525, 525, 525, 525, 525, 525, + 525, 741, 741, 741, 741, 741, 742, 170, 140, 140, + 140, 140, 140, 140, 466, 466, 466, 466, 466, 466, + 466, 466, 466, 466, 161, 268, 170, 928, 466, 466, + 466, 466, 466, 466, 570, 571, 572, 570, 570, 570, + 570, 570, 570, 570, 749, 755, 787, 240, 749, 755, + 240, 788, 1183, 466, 466, 466, 466, 466, 466, 467, + 467, 467, 467, 467, 467, 467, 467, 467, 467, 766, + 308, 750, 756, 467, 467, 467, 467, 467, 467, 461, + + 1183, 462, 462, 462, 462, 462, 462, 462, 462, 462, + 462, 800, 759, 1183, 308, 901, 801, 760, 466, 466, + 466, 466, 466, 466, 486, 631, 487, 487, 487, 487, + 487, 487, 487, 487, 487, 487, 461, 814, 462, 462, + 462, 462, 462, 462, 462, 462, 462, 462, 593, 594, + 595, 593, 593, 593, 593, 593, 593, 593, 240, 141, + 694, 240, 240, 268, 486, 240, 488, 488, 488, 488, + 488, 488, 488, 488, 488, 488, 777, 486, 972, 487, + 487, 487, 487, 487, 487, 268, 620, 620, 620, 620, + 620, 620, 620, 620, 620, 620, 413, 170, 146, 268, + + 298, 848, 932, 268, 486, 170, 489, 489, 489, 489, + 489, 490, 487, 487, 487, 487, 268, 625, 626, 627, + 625, 625, 625, 625, 625, 625, 625, 533, 533, 533, + 533, 533, 533, 533, 533, 533, 533, 240, 1037, 141, + 240, 141, 141, 268, 267, 840, 491, 491, 491, 491, + 491, 491, 491, 491, 491, 491, 775, 1030, 853, 859, + 491, 491, 491, 491, 491, 491, 522, 308, 629, 629, + 629, 629, 629, 629, 141, 761, 767, 769, 524, 761, + 767, 769, 791, 1029, 776, 491, 491, 491, 491, 491, + 491, 492, 492, 492, 492, 492, 492, 492, 492, 492, + + 492, 1027, 762, 768, 770, 492, 492, 492, 492, 492, + 492, 633, 633, 633, 633, 633, 633, 633, 633, 633, + 633, 885, 614, 283, 615, 615, 615, 615, 615, 615, + 491, 491, 491, 491, 491, 491, 403, 846, 404, 404, + 404, 404, 404, 404, 404, 404, 404, 404, 1183, 170, + 632, 632, 632, 632, 632, 632, 632, 632, 632, 632, + 671, 141, 672, 672, 672, 672, 672, 672, 672, 672, + 672, 672, 170, 141, 141, 141, 403, 850, 404, 404, + 404, 404, 404, 404, 404, 404, 404, 404, 671, 858, + 673, 673, 673, 673, 673, 673, 673, 673, 673, 673, + + 671, 308, 674, 674, 674, 674, 674, 675, 672, 672, + 672, 672, 631, 268, 1007, 141, 522, 308, 523, 523, + 523, 523, 523, 523, 523, 523, 523, 523, 524, 170, + 889, 926, 525, 525, 525, 525, 525, 525, 717, 718, + 719, 717, 717, 717, 717, 717, 717, 717, 671, 170, + 672, 672, 672, 672, 672, 672, 1003, 525, 525, 525, + 525, 525, 525, 308, 529, 530, 531, 529, 529, 529, + 529, 529, 529, 529, 532, 141, 283, 962, 533, 533, + 533, 533, 533, 533, 729, 931, 730, 730, 730, 730, + 730, 730, 730, 730, 730, 730, 842, 283, 170, 911, + + 141, 881, 170, 533, 533, 533, 533, 533, 533, 140, + 778, 749, 140, 268, 170, 749, 964, 814, 140, 283, + 845, 140, 140, 804, 140, 140, 140, 170, 170, 170, + 170, 170, 170, 170, 170, 170, 170, 161, 750, 723, + 140, 170, 170, 170, 170, 170, 170, 170, 170, 170, + 170, 170, 170, 170, 170, 170, 170, 170, 170, 170, + 170, 170, 170, 170, 141, 170, 140, 140, 140, 140, + 140, 140, 140, 140, 140, 140, 140, 140, 140, 140, + 140, 140, 140, 573, 573, 573, 573, 573, 573, 573, + 573, 573, 573, 849, 522, 308, 268, 573, 573, 573, + + 573, 573, 573, 729, 170, 731, 731, 731, 731, 731, + 731, 731, 731, 731, 731, 817, 817, 817, 817, 817, + 818, 965, 573, 573, 573, 573, 573, 573, 574, 574, + 574, 574, 574, 574, 574, 574, 574, 574, 887, 1183, + 308, 961, 574, 574, 574, 574, 574, 574, 729, 283, + 732, 732, 732, 732, 732, 733, 730, 730, 730, 730, + 834, 834, 834, 834, 834, 835, 805, 573, 573, 573, + 573, 573, 573, 240, 240, 588, 240, 240, 589, 240, + 240, 240, 240, 1183, 1000, 170, 955, 240, 240, 240, + 240, 240, 240, 640, 640, 640, 640, 640, 640, 640, + + 640, 640, 640, 729, 141, 730, 730, 730, 730, 730, + 730, 954, 240, 240, 240, 240, 240, 240, 486, 952, + 487, 487, 487, 487, 487, 487, 487, 487, 487, 487, + 522, 308, 736, 736, 736, 736, 736, 736, 1010, 141, + 1011, 938, 631, 740, 740, 740, 740, 740, 740, 740, + 740, 740, 740, 283, 170, 943, 966, 268, 486, 883, + 487, 487, 487, 487, 487, 487, 487, 487, 487, 487, + 1183, 951, 739, 739, 739, 739, 739, 739, 739, 739, + 739, 739, 779, 780, 781, 779, 779, 779, 779, 779, + 779, 779, 146, 1004, 298, 141, 170, 268, 614, 884, + + 615, 615, 615, 615, 615, 615, 615, 615, 615, 615, + 671, 283, 672, 672, 672, 672, 672, 672, 672, 672, + 672, 672, 671, 308, 672, 672, 672, 672, 672, 672, + 672, 672, 672, 672, 631, 755, 860, 141, 614, 755, + 616, 616, 616, 616, 616, 616, 616, 616, 616, 616, + 308, 856, 761, 522, 308, 283, 761, 170, 1005, 886, + 141, 738, 756, 767, 769, 631, 749, 767, 769, 694, + 749, 695, 695, 695, 695, 695, 695, 141, 614, 762, + 617, 617, 617, 617, 617, 618, 615, 615, 615, 615, + 768, 770, 812, 750, 792, 793, 794, 792, 792, 792, + + 792, 792, 792, 792, 814, 755, 761, 283, 268, 755, + 761, 141, 888, 283, 1039, 966, 924, 141, 522, 308, + 629, 629, 629, 629, 629, 629, 629, 629, 629, 629, + 524, 268, 756, 762, 628, 628, 628, 628, 628, 628, + 728, 728, 728, 728, 728, 728, 728, 728, 728, 728, + 940, 767, 769, 749, 141, 767, 769, 749, 939, 628, + 628, 628, 628, 628, 628, 522, 308, 630, 630, 630, + 630, 630, 630, 630, 630, 630, 630, 631, 768, 770, + 750, 632, 632, 632, 632, 632, 632, 816, 816, 816, + 816, 816, 816, 816, 816, 816, 816, 755, 761, 767, + + 141, 755, 761, 767, 522, 308, 632, 632, 632, 632, + 632, 632, 308, 636, 637, 638, 636, 636, 636, 636, + 636, 636, 636, 639, 756, 762, 768, 640, 640, 640, + 640, 640, 640, 1183, 1183, 815, 815, 815, 815, 815, + 815, 815, 815, 815, 815, 1153, 814, 522, 308, 170, + 1070, 1153, 640, 640, 640, 640, 640, 640, 694, 738, + 695, 695, 695, 695, 695, 695, 695, 695, 695, 695, + 824, 825, 826, 824, 824, 824, 824, 824, 824, 824, + 729, 953, 730, 730, 730, 730, 730, 730, 730, 730, + 730, 730, 1006, 170, 251, 170, 875, 268, 694, 812, + + 696, 696, 696, 696, 696, 696, 696, 696, 696, 696, + 729, 814, 730, 730, 730, 730, 730, 730, 730, 730, + 730, 730, 747, 747, 747, 747, 747, 747, 747, 747, + 747, 747, 941, 146, 268, 298, 941, 268, 694, 933, + 697, 697, 697, 697, 697, 698, 695, 695, 695, 695, + 1183, 308, 522, 308, 829, 829, 829, 829, 829, 829, + 283, 1086, 738, 963, 738, 833, 833, 833, 833, 833, + 833, 833, 833, 833, 833, 769, 283, 268, 614, 769, + 615, 615, 615, 615, 615, 615, 615, 615, 615, 615, + 1183, 942, 832, 832, 832, 832, 832, 832, 832, 832, + + 832, 832, 770, 860, 861, 861, 861, 861, 861, 861, + 861, 861, 861, 861, 927, 1031, 1028, 141, 614, 251, + 615, 615, 615, 615, 615, 615, 615, 615, 615, 615, + 860, 862, 862, 862, 862, 862, 862, 862, 862, 862, + 862, 860, 863, 863, 863, 863, 863, 864, 861, 861, + 861, 861, 1009, 1010, 268, 1011, 1009, 141, 724, 725, + 726, 724, 724, 724, 724, 724, 724, 724, 727, 1071, + 723, 1011, 728, 728, 728, 728, 728, 728, 1031, 890, + 891, 892, 893, 890, 890, 890, 890, 890, 890, 805, + 806, 806, 806, 806, 806, 806, 520, 728, 728, 728, + + 728, 728, 728, 522, 308, 736, 736, 736, 736, 736, + 736, 736, 736, 736, 736, 631, 141, 268, 882, 735, + 735, 735, 735, 735, 735, 1087, 1117, 141, 895, 896, + 897, 895, 895, 895, 895, 895, 895, 895, 904, 904, + 904, 904, 904, 905, 735, 735, 735, 735, 735, 735, + 522, 308, 737, 737, 737, 737, 737, 737, 737, 737, + 737, 737, 738, 874, 141, 268, 739, 739, 739, 739, + 739, 739, 823, 823, 823, 823, 823, 823, 823, 823, + 823, 823, 922, 922, 922, 922, 922, 923, 1136, 1144, + 1137, 739, 739, 739, 739, 739, 739, 308, 743, 744, + + 745, 743, 743, 743, 743, 743, 743, 743, 746, 1154, + 873, 1137, 747, 747, 747, 747, 747, 747, 812, 812, + 899, 899, 899, 899, 899, 899, 141, 1130, 141, 1130, + 814, 901, 522, 308, 872, 1130, 997, 747, 747, 747, + 747, 747, 747, 694, 738, 695, 695, 695, 695, 695, + 695, 695, 695, 695, 695, 903, 903, 903, 903, 903, + 903, 903, 903, 903, 903, 1183, 1183, 902, 902, 902, + 902, 902, 902, 902, 902, 902, 902, 1038, 901, 871, + 283, 1040, 268, 694, 283, 695, 695, 695, 695, 695, + 695, 695, 695, 695, 695, 911, 1160, 912, 912, 912, + + 912, 912, 912, 912, 912, 912, 912, 911, 308, 913, + 913, 913, 913, 913, 913, 913, 913, 913, 913, 738, + 870, 869, 268, 805, 806, 806, 806, 806, 806, 806, + 806, 806, 806, 806, 911, 268, 914, 914, 914, 914, + 914, 915, 912, 912, 912, 912, 522, 308, 839, 839, + 839, 839, 839, 839, 839, 839, 839, 839, 831, 868, + 867, 141, 805, 807, 807, 807, 807, 807, 807, 807, + 807, 807, 807, 1183, 308, 522, 308, 918, 918, 918, + 918, 918, 918, 866, 865, 831, 812, 831, 921, 921, + 921, 921, 921, 921, 921, 921, 921, 921, 901, 855, + + 141, 805, 808, 808, 808, 808, 808, 809, 806, 806, + 806, 806, 1183, 944, 920, 920, 920, 920, 920, 920, + 920, 920, 920, 920, 854, 308, 929, 934, 936, 812, + 929, 934, 936, 170, 844, 944, 831, 944, 945, 141, + 812, 981, 813, 813, 813, 813, 813, 813, 813, 813, + 813, 813, 814, 930, 935, 937, 815, 815, 815, 815, + 815, 815, 141, 946, 947, 948, 949, 946, 946, 946, + 946, 946, 946, 929, 170, 170, 170, 929, 146, 729, + 298, 815, 815, 815, 815, 815, 815, 819, 820, 821, + 819, 819, 819, 819, 819, 819, 819, 822, 723, 520, + + 930, 823, 823, 823, 823, 823, 823, 860, 861, 861, + 861, 861, 861, 861, 861, 861, 861, 861, 860, 861, + 861, 861, 861, 861, 861, 413, 823, 823, 823, 823, + 823, 823, 522, 308, 829, 829, 829, 829, 829, 829, + 829, 829, 829, 829, 738, 268, 1072, 268, 828, 828, + 828, 828, 828, 828, 860, 861, 861, 861, 861, 861, + 861, 861, 861, 861, 861, 929, 934, 936, 268, 929, + 934, 936, 268, 828, 828, 828, 828, 828, 828, 522, + 308, 830, 830, 830, 830, 830, 830, 830, 830, 830, + 830, 831, 930, 935, 937, 832, 832, 832, 832, 832, + + 832, 956, 957, 958, 959, 956, 956, 956, 956, 956, + 956, 803, 929, 251, 251, 251, 929, 146, 802, 298, + 832, 832, 832, 832, 832, 832, 308, 836, 837, 838, + 836, 836, 836, 836, 836, 836, 836, 799, 268, 930, + 798, 839, 839, 839, 839, 839, 839, 308, 875, 876, + 876, 876, 876, 876, 876, 934, 1064, 1064, 831, 934, + 283, 522, 308, 1064, 1183, 812, 839, 839, 839, 839, + 839, 839, 140, 831, 936, 140, 981, 981, 936, 797, + 1012, 140, 935, 796, 140, 140, 268, 140, 140, 140, + 170, 170, 170, 170, 170, 170, 170, 170, 170, 170, + + 795, 937, 790, 140, 170, 170, 170, 170, 170, 170, + 170, 170, 170, 170, 170, 170, 170, 170, 841, 170, + 170, 170, 170, 170, 170, 170, 170, 141, 170, 140, + 140, 140, 140, 140, 140, 140, 140, 140, 140, 140, + 140, 140, 140, 140, 140, 140, 875, 876, 876, 876, + 876, 876, 876, 876, 876, 876, 876, 972, 789, 973, + 973, 973, 973, 973, 973, 973, 973, 973, 973, 934, + 936, 812, 786, 934, 936, 984, 984, 984, 984, 984, + 985, 785, 784, 1051, 268, 875, 877, 877, 877, 877, + 877, 877, 877, 877, 877, 877, 935, 937, 972, 783, + + 974, 974, 974, 974, 974, 974, 974, 974, 974, 974, + 1009, 1010, 782, 1011, 1009, 1014, 671, 283, 283, 1014, + 1015, 1016, 1017, 268, 875, 878, 878, 878, 878, 878, + 879, 876, 876, 876, 876, 972, 944, 975, 975, 975, + 975, 975, 976, 973, 973, 973, 973, 910, 910, 910, + 910, 910, 910, 910, 910, 910, 910, 774, 944, 1183, + 944, 944, 268, 267, 1001, 812, 267, 773, 1001, 1018, + 141, 1051, 267, 141, 141, 267, 267, 1051, 267, 267, + 267, 283, 283, 283, 283, 283, 283, 283, 283, 283, + 283, 1002, 141, 1183, 267, 283, 283, 283, 283, 283, + + 283, 283, 283, 283, 283, 283, 283, 283, 283, 880, + 283, 283, 283, 283, 283, 283, 283, 283, 268, 283, + 267, 267, 267, 267, 267, 267, 267, 267, 267, 267, + 267, 267, 267, 267, 267, 267, 267, 805, 806, 806, + 806, 806, 806, 806, 806, 806, 806, 806, 812, 723, + 979, 979, 979, 979, 979, 979, 1130, 1130, 1130, 1130, + 901, 983, 983, 983, 983, 983, 983, 983, 983, 983, + 983, 221, 221, 221, 520, 141, 805, 806, 806, 806, + 806, 806, 806, 806, 806, 806, 806, 1183, 413, 982, + 982, 982, 982, 982, 982, 982, 982, 982, 982, 991, + + 992, 993, 991, 991, 991, 991, 991, 991, 991, 1110, + 146, 413, 298, 1110, 141, 812, 711, 899, 899, 899, + 899, 899, 899, 899, 899, 899, 899, 814, 812, 710, + 900, 900, 900, 900, 900, 900, 900, 900, 900, 900, + 901, 221, 221, 221, 902, 902, 902, 902, 902, 902, + 911, 709, 912, 912, 912, 912, 912, 912, 912, 912, + 912, 912, 1054, 1054, 1054, 1054, 1054, 1055, 708, 902, + 902, 902, 902, 902, 902, 906, 907, 908, 906, 906, + 906, 906, 906, 906, 906, 909, 707, 706, 705, 910, + 910, 910, 910, 910, 910, 911, 704, 912, 912, 912, + + 912, 912, 912, 912, 912, 912, 912, 998, 1001, 703, + 702, 998, 1001, 701, 910, 910, 910, 910, 910, 910, + 522, 308, 918, 918, 918, 918, 918, 918, 918, 918, + 918, 918, 831, 700, 999, 1002, 917, 917, 917, 917, + 917, 917, 911, 699, 912, 912, 912, 912, 912, 912, + 522, 308, 996, 996, 996, 996, 996, 996, 688, 687, + 686, 917, 917, 917, 917, 917, 917, 522, 308, 919, + 919, 919, 919, 919, 919, 919, 919, 919, 919, 685, + 684, 683, 682, 920, 920, 920, 920, 920, 920, 1066, + 681, 680, 1066, 1066, 998, 1001, 1066, 1107, 998, 1001, + + 972, 1107, 973, 973, 973, 973, 973, 973, 920, 920, + 920, 920, 920, 920, 140, 253, 1067, 140, 253, 1067, + 253, 999, 1002, 140, 1108, 679, 140, 140, 678, 140, + 140, 140, 170, 170, 170, 170, 170, 170, 170, 170, + 170, 170, 170, 170, 677, 140, 170, 170, 170, 170, + 170, 170, 170, 170, 170, 170, 170, 170, 170, 170, + 170, 170, 170, 925, 170, 170, 170, 170, 170, 141, + 170, 140, 140, 140, 140, 140, 140, 140, 140, 140, + 140, 140, 140, 140, 140, 140, 140, 140, 240, 676, + 1183, 1183, 240, 251, 251, 251, 251, 251, 251, 251, + + 251, 251, 251, 450, 240, 666, 665, 251, 251, 251, + 251, 251, 251, 251, 251, 251, 251, 251, 251, 251, + 251, 251, 251, 251, 950, 251, 251, 251, 251, 251, + 1183, 253, 240, 240, 240, 240, 240, 240, 240, 240, + 240, 240, 240, 240, 240, 240, 240, 240, 240, 875, 876, 876, 876, 876, 876, 876, 876, 876, 876, 876, - 795, 436, 640, 639, 875, 875, 875, 875, 875, 875, - - 1047, 1047, 1047, 1047, 1047, 1048, 970, 967, 971, 971, - 971, 971, 971, 971, 971, 971, 971, 971, 969, 875, - 875, 875, 875, 875, 875, 504, 302, 877, 877, 877, - 877, 877, 877, 877, 877, 877, 877, 1125, 599, 502, - 401, 878, 878, 878, 878, 878, 878, 970, 595, 972, - 972, 972, 972, 972, 972, 972, 972, 972, 972, 302, - 1007, 1007, 1007, 1007, 1007, 1007, 878, 878, 878, 878, - 878, 878, 137, 1125, 249, 137, 962, 249, 401, 249, - 164, 137, 962, 962, 137, 137, 962, 137, 137, 137, - 167, 167, 167, 167, 167, 167, 167, 167, 167, 167, - - 962, 962, 962, 137, 167, 167, 167, 167, 167, 167, - 167, 167, 167, 167, 167, 167, 167, 167, 167, 167, - 167, 167, 167, 883, 167, 167, 167, 138, 167, 137, - 137, 137, 137, 137, 137, 137, 137, 137, 137, 137, - 137, 137, 137, 137, 137, 137, 886, 584, 583, 924, - 886, 925, 925, 925, 925, 925, 925, 582, 236, 581, - 580, 579, 236, 247, 247, 247, 247, 247, 247, 247, - 247, 247, 247, 887, 236, 578, 577, 247, 247, 247, - 247, 247, 247, 247, 247, 247, 247, 247, 247, 247, - 247, 247, 247, 247, 247, 247, 247, 247, 247, 247, + 1014, 623, 520, 413, 1014, 1015, 1016, 1017, 1021, 619, + 1022, 1022, 1022, 1022, 1022, 1022, 1022, 1022, 1022, 1022, + 1103, 1103, 1103, 1103, 1103, 1104, 413, 268, 875, 876, + 876, 876, 876, 876, 876, 876, 876, 876, 876, 1021, + + 167, 1023, 1023, 1023, 1023, 1023, 1023, 1023, 1023, 1023, + 1023, 608, 607, 1021, 1020, 1024, 1024, 1024, 1024, 1024, + 1025, 1026, 1026, 1026, 1026, 606, 268, 267, 1183, 253, + 267, 1013, 253, 605, 253, 604, 267, 1013, 1013, 267, + 267, 1013, 267, 267, 267, 283, 283, 283, 283, 283, + 283, 283, 283, 283, 283, 1013, 1013, 1013, 267, 283, + 283, 283, 283, 283, 283, 283, 283, 283, 283, 283, + 283, 283, 283, 283, 283, 283, 960, 283, 283, 283, + 283, 283, 268, 283, 267, 267, 267, 267, 267, 267, + 267, 267, 267, 267, 267, 267, 267, 267, 267, 267, + + 267, 966, 603, 967, 967, 967, 967, 967, 967, 967, + 967, 967, 967, 1021, 602, 1026, 1026, 1026, 1022, 1022, + 1022, 1022, 1022, 1022, 1022, 601, 998, 998, 1001, 600, + 998, 998, 1001, 308, 1060, 1060, 1060, 1060, 1060, 1060, + 141, 966, 597, 968, 968, 968, 968, 968, 968, 968, + 968, 968, 968, 999, 999, 1002, 1041, 1042, 1043, 1041, + 1041, 1041, 1041, 1041, 1041, 1041, 966, 596, 967, 967, + 967, 967, 967, 967, 251, 283, 283, 161, 587, 586, + 141, 966, 585, 969, 969, 969, 969, 969, 970, 971, + 971, 971, 971, 141, 1044, 1045, 1046, 1044, 1044, 1044, + + 1044, 1044, 1044, 1044, 972, 141, 973, 973, 973, 973, + 973, 973, 973, 973, 973, 973, 166, 166, 584, 583, + 141, 966, 166, 971, 971, 971, 967, 967, 967, 967, + 967, 967, 967, 972, 582, 973, 973, 973, 973, 973, + 973, 973, 973, 973, 973, 990, 990, 990, 990, 990, + 990, 990, 990, 990, 990, 1135, 1136, 581, 1137, 1135, + 141, 812, 580, 979, 979, 979, 979, 979, 979, 979, + 979, 979, 979, 901, 812, 579, 980, 980, 980, 980, + 980, 980, 980, 980, 980, 980, 981, 576, 575, 461, + 982, 982, 982, 982, 982, 982, 812, 450, 1049, 1049, + + 1049, 1049, 1049, 1049, 565, 1066, 1105, 1107, 981, 1066, + 1105, 1107, 450, 564, 450, 982, 982, 982, 982, 982, + 982, 986, 987, 988, 986, 986, 986, 986, 986, 986, + 986, 989, 1067, 1106, 1108, 990, 990, 990, 990, 990, + 990, 1053, 1053, 1053, 1053, 1053, 1053, 1053, 1053, 1053, + 1053, 563, 1021, 170, 1022, 1022, 1022, 1022, 1022, 1022, + 990, 990, 990, 990, 990, 990, 522, 308, 996, 996, + 996, 996, 996, 996, 996, 996, 996, 996, 1031, 1183, + 1032, 1032, 1032, 1032, 1032, 1032, 1032, 1032, 1032, 1032, + 1183, 1183, 1052, 1052, 1052, 1052, 1052, 1052, 1052, 1052, + + 1052, 1052, 308, 1060, 1060, 1060, 1060, 1060, 1060, 1060, + 1060, 1060, 1060, 166, 166, 413, 520, 268, 1031, 166, + 1033, 1033, 1033, 1033, 1033, 1033, 1033, 1033, 1033, 1033, + 308, 1061, 1061, 1061, 1061, 1061, 1061, 1061, 1061, 1061, + 1061, 308, 1062, 1062, 1062, 1062, 1062, 1063, 1060, 1060, + 1060, 1060, 1132, 307, 307, 413, 1132, 268, 1031, 307, + 1034, 1034, 1034, 1034, 1034, 1035, 1036, 1036, 1036, 1036, + 1183, 167, 506, 505, 1183, 1183, 1183, 1183, 1014, 1133, + 504, 503, 1014, 1015, 1016, 1017, 1075, 1076, 1077, 1075, + 1075, 1075, 1075, 1075, 1075, 1075, 502, 268, 1031, 501, + + 1036, 1036, 1036, 1032, 1032, 1032, 1032, 1032, 1032, 1032, + 1183, 500, 409, 409, 1183, 1015, 1016, 1017, 409, 1135, + 1136, 1183, 1137, 1135, 1018, 1183, 1183, 1183, 1017, 514, + 514, 499, 1018, 515, 515, 514, 498, 268, 966, 515, + 967, 967, 967, 967, 967, 967, 967, 967, 967, 967, + 1073, 497, 496, 1074, 1074, 1074, 1074, 1074, 1074, 1074, + 1074, 1074, 1074, 495, 1018, 1183, 494, 519, 519, 1183, + 1183, 1183, 1183, 519, 493, 1018, 276, 141, 966, 485, + 967, 967, 967, 967, 967, 967, 967, 967, 967, 967, + 1021, 481, 1022, 1022, 1022, 1022, 1022, 1022, 1022, 1022, + + 1022, 1022, 1021, 480, 1022, 1022, 1022, 1022, 1022, 1022, + 1022, 1022, 1022, 1022, 479, 478, 477, 141, 812, 1020, + 1049, 1049, 1049, 1049, 1049, 1049, 1049, 1049, 1049, 1049, + 981, 812, 476, 1050, 1050, 1050, 1050, 1050, 1050, 1050, + 1050, 1050, 1050, 1051, 475, 474, 473, 1052, 1052, 1052, + 1052, 1052, 1052, 1081, 1082, 1083, 1081, 1081, 1081, 1081, + 1081, 1081, 1081, 1031, 472, 1032, 1032, 1032, 1032, 1032, + 1032, 471, 1052, 1052, 1052, 1052, 1052, 1052, 1056, 1057, + 1058, 1056, 1056, 1056, 1056, 1056, 1056, 1056, 470, 469, + 268, 468, 1059, 1059, 1059, 1059, 1059, 1059, 1183, 619, + + 619, 1019, 268, 621, 621, 619, 244, 1019, 1019, 621, + 253, 1019, 458, 253, 455, 253, 454, 1059, 1059, 1059, + 1059, 1059, 1059, 622, 622, 1019, 1019, 1019, 1031, 622, + 1032, 1032, 1032, 1032, 1032, 1032, 1032, 1032, 1032, 1032, + 453, 452, 1066, 445, 444, 1092, 1066, 1093, 1093, 1093, + 1093, 1093, 1093, 1093, 1093, 1093, 1093, 1059, 1059, 1059, + 1059, 1059, 1059, 1059, 1059, 1059, 1059, 268, 1031, 1067, + 1032, 1032, 1032, 1032, 1032, 1032, 1032, 1032, 1032, 1032, + 1092, 443, 1093, 1093, 1093, 1093, 1093, 1093, 442, 1092, + 283, 1094, 1094, 1094, 1094, 1094, 1094, 1094, 1094, 1094, + + 1094, 1149, 1149, 1149, 1149, 1149, 1149, 268, 1087, 441, + 1088, 1088, 1088, 1088, 1088, 1088, 1088, 1088, 1088, 1088, + 1092, 440, 1095, 1095, 1095, 1095, 1095, 1096, 1093, 1093, + 1093, 1093, 812, 437, 1099, 1099, 1099, 1099, 1099, 1099, + 720, 720, 436, 435, 1051, 434, 720, 141, 1087, 433, + 1089, 1089, 1089, 1089, 1089, 1089, 1089, 1089, 1089, 1089, + 1102, 1102, 1102, 1102, 1102, 1102, 1102, 1102, 1102, 1102, + 1183, 432, 1101, 1101, 1101, 1101, 1101, 1101, 1101, 1101, + 1101, 1101, 431, 721, 721, 430, 429, 141, 1087, 721, + 1090, 1090, 1090, 1090, 1090, 1091, 1088, 1088, 1088, 1088, + + 308, 1060, 1060, 1060, 1060, 1060, 1060, 1060, 1060, 1060, + 1060, 308, 1060, 1060, 1060, 1060, 1060, 1060, 1060, 1060, + 1060, 1060, 428, 722, 722, 427, 426, 141, 812, 722, + 1099, 1099, 1099, 1099, 1099, 1099, 1099, 1099, 1099, 1099, + 1051, 812, 425, 1100, 1100, 1100, 1100, 1100, 1100, 1100, + 1100, 1100, 1100, 424, 167, 159, 397, 1101, 1101, 1101, + 1101, 1101, 1101, 1105, 1107, 396, 388, 1105, 1107, 1074, + 1074, 1074, 1074, 1074, 1074, 1074, 1074, 1074, 1074, 387, + 386, 385, 1101, 1101, 1101, 1101, 1101, 1101, 384, 383, + 1106, 1108, 1074, 1074, 1074, 1074, 1074, 1074, 1074, 1074, + + 1074, 1074, 1111, 267, 1112, 1112, 1112, 1112, 1112, 1112, + 376, 170, 170, 1111, 272, 1112, 1112, 1112, 1112, 1112, + 1112, 1112, 1112, 1112, 1112, 1111, 270, 1113, 1113, 1113, + 1113, 1113, 1113, 1113, 1113, 1113, 1113, 1111, 268, 1114, + 1114, 1114, 1114, 1114, 1115, 1112, 1112, 1112, 1112, 1105, + 265, 1105, 375, 1105, 1087, 1105, 1088, 1088, 1088, 1088, + 1088, 1088, 1107, 1132, 1132, 1132, 1107, 1132, 1132, 1132, + 1177, 1177, 1177, 1177, 1177, 1177, 1106, 374, 1106, 1123, + 1124, 1125, 1123, 1123, 1123, 1123, 1123, 1123, 1123, 1108, + 1133, 1133, 1133, 141, 373, 372, 364, 251, 1117, 283, + + 1118, 1118, 1118, 1118, 1118, 1118, 1118, 1118, 1118, 1118, + 283, 170, 283, 363, 362, 361, 141, 1126, 1127, 1128, + 1126, 1126, 1126, 1126, 1126, 1126, 1126, 1138, 1139, 1140, + 1138, 1138, 1138, 1138, 1138, 1138, 1138, 268, 1117, 360, + 1119, 1119, 1119, 1119, 1119, 1119, 1119, 1119, 1119, 1119, + 1092, 359, 1093, 1093, 1093, 1093, 1093, 1093, 1093, 1093, + 1093, 1093, 1092, 1183, 1093, 1093, 1093, 1093, 1093, 1093, + 1093, 1093, 1093, 1093, 241, 233, 228, 268, 1117, 229, + 1120, 1120, 1120, 1120, 1120, 1121, 1118, 1118, 1118, 1118, + 812, 223, 1131, 1131, 1131, 1131, 1131, 1131, 1131, 1131, + + 1131, 1131, 1111, 223, 1112, 1112, 1112, 1112, 1112, 1112, + 1112, 1112, 1112, 1112, 188, 215, 350, 268, 1087, 342, + 1088, 1088, 1088, 1088, 1088, 1088, 1088, 1088, 1088, 1088, + 1111, 341, 1112, 1112, 1112, 1112, 1112, 1112, 1112, 1112, + 1112, 1112, 1141, 1142, 1143, 1141, 1141, 1141, 1141, 1141, + 1141, 1141, 340, 810, 810, 339, 338, 141, 1087, 810, + 1088, 1088, 1088, 1088, 1088, 1088, 1088, 1088, 1088, 1088, + 335, 1117, 334, 1118, 1118, 1118, 1118, 1118, 1118, 268, + 1149, 1149, 1149, 1149, 1149, 1149, 1149, 1149, 1149, 1149, + 811, 811, 333, 894, 894, 332, 811, 141, 1117, 894, + + 1118, 1118, 1118, 1118, 1118, 1118, 1118, 1118, 1118, 1118, + 268, 1150, 1150, 1150, 1150, 1150, 1150, 1150, 1150, 1150, + 1150, 1151, 1151, 1151, 1151, 1151, 1152, 1149, 1149, 1149, + 1149, 253, 331, 330, 253, 321, 253, 268, 1117, 320, + 1118, 1118, 1118, 1118, 1118, 1118, 1118, 1118, 1118, 1118, + 1155, 319, 1156, 1156, 1156, 1156, 1156, 1156, 1156, 1156, + 1156, 1156, 1155, 318, 1157, 1157, 1157, 1157, 1157, 1157, + 1157, 1157, 1157, 1157, 317, 316, 315, 268, 1144, 314, + 1145, 1145, 1145, 1145, 1145, 1145, 1145, 1145, 1145, 1145, + 1155, 313, 1158, 1158, 1158, 1158, 1158, 1159, 1156, 1156, - 574, 249, 236, 236, 236, 236, 236, 236, 236, 236, - 236, 236, 236, 236, 236, 236, 236, 236, 236, 835, - 836, 836, 836, 836, 836, 836, 836, 836, 836, 836, - 970, 158, 973, 973, 973, 973, 973, 974, 975, 975, - 975, 975, 970, 565, 975, 975, 975, 971, 971, 971, - 971, 971, 971, 971, 564, 563, 562, 263, 835, 836, - 836, 836, 836, 836, 836, 836, 836, 836, 836, 918, - 561, 919, 919, 919, 919, 919, 919, 951, 560, 559, - 558, 951, 991, 992, 993, 991, 991, 991, 991, 991, - 991, 991, 501, 501, 1011, 1011, 263, 262, 501, 1013, - - 262, 1011, 249, 1013, 952, 249, 262, 249, 138, 262, - 262, 555, 262, 262, 262, 278, 278, 278, 278, 278, - 278, 278, 278, 278, 278, 278, 1014, 447, 262, 278, - 278, 278, 278, 278, 278, 278, 278, 278, 278, 278, - 278, 278, 278, 278, 278, 278, 914, 278, 278, 278, - 278, 278, 263, 278, 262, 262, 262, 262, 262, 262, - 262, 262, 262, 262, 262, 262, 262, 262, 262, 262, - 262, 918, 436, 919, 919, 919, 919, 919, 919, 919, - 919, 919, 919, 545, 436, 544, 988, 989, 990, 988, - 988, 988, 988, 988, 988, 988, 924, 436, 925, 925, - - 925, 925, 925, 925, 925, 925, 925, 925, 543, 1125, - 138, 918, 1125, 920, 920, 920, 920, 920, 920, 920, - 920, 920, 920, 138, 924, 401, 925, 925, 925, 925, - 925, 925, 925, 925, 925, 925, 942, 942, 942, 942, - 942, 942, 942, 942, 942, 942, 595, 595, 502, 401, - 138, 918, 595, 921, 921, 921, 921, 921, 922, 923, - 923, 923, 923, 776, 164, 996, 996, 996, 996, 996, - 996, 488, 487, 486, 485, 933, 1000, 1000, 1000, 1000, - 1000, 1000, 1000, 1000, 1000, 1000, 597, 597, 484, 483, - 138, 918, 597, 923, 923, 923, 919, 919, 919, 919, - - 919, 919, 919, 1125, 482, 999, 999, 999, 999, 999, - 999, 999, 999, 999, 999, 302, 1007, 1007, 1007, 1007, - 1007, 1007, 1007, 1007, 1007, 1007, 598, 598, 481, 480, - 138, 776, 598, 931, 931, 931, 931, 931, 931, 931, - 931, 931, 931, 859, 776, 479, 932, 932, 932, 932, - 932, 932, 932, 932, 932, 932, 933, 478, 477, 271, - 934, 934, 934, 934, 934, 934, 302, 1008, 1008, 1008, - 1008, 1008, 1008, 1008, 1008, 1008, 1008, 1013, 469, 1077, - 1078, 1013, 1079, 1077, 465, 934, 934, 934, 934, 934, - 934, 938, 939, 940, 938, 938, 938, 938, 938, 938, - - 938, 941, 464, 463, 1014, 942, 942, 942, 942, 942, - 942, 302, 1009, 1009, 1009, 1009, 1009, 1010, 1007, 1007, - 1007, 1007, 1013, 690, 690, 462, 1013, 167, 461, 690, - 942, 942, 942, 942, 942, 942, 504, 302, 948, 948, - 948, 948, 948, 948, 948, 948, 948, 948, 979, 1014, - 980, 980, 980, 980, 980, 980, 980, 980, 980, 980, - 1125, 1072, 460, 1072, 1125, 1125, 1125, 1125, 963, 1072, - 278, 459, 963, 964, 965, 966, 1021, 1022, 1023, 1021, - 1021, 1021, 1021, 1021, 1021, 1021, 458, 263, 979, 457, - 981, 981, 981, 981, 981, 981, 981, 981, 981, 981, - - 1125, 456, 691, 691, 1125, 964, 965, 966, 691, 455, - 454, 1125, 240, 444, 967, 1125, 1125, 1125, 966, 692, - 692, 441, 967, 774, 774, 692, 440, 263, 979, 774, - 982, 982, 982, 982, 982, 983, 984, 984, 984, 984, - 1019, 439, 438, 1020, 1020, 1020, 1020, 1020, 1020, 1020, - 1020, 1020, 1020, 431, 967, 1125, 430, 775, 775, 1125, - 1125, 1125, 1125, 775, 429, 967, 428, 263, 979, 427, - 984, 984, 984, 980, 980, 980, 980, 980, 980, 980, - 970, 426, 971, 971, 971, 971, 971, 971, 971, 971, - 971, 971, 423, 1125, 422, 249, 968, 1013, 249, 421, - - 249, 1013, 968, 968, 420, 419, 968, 263, 918, 969, - 919, 919, 919, 919, 919, 919, 919, 919, 919, 919, - 968, 968, 968, 970, 1014, 971, 971, 971, 971, 971, - 971, 971, 971, 971, 971, 970, 418, 971, 971, 971, - 971, 971, 971, 852, 852, 417, 416, 138, 918, 852, - 919, 919, 919, 919, 919, 919, 919, 919, 919, 919, - 415, 414, 413, 412, 164, 1026, 1027, 1028, 1026, 1026, - 1026, 1026, 1026, 1026, 1026, 979, 156, 980, 980, 980, - 980, 980, 980, 929, 929, 385, 384, 138, 776, 929, - 996, 996, 996, 996, 996, 996, 996, 996, 996, 996, - - 933, 776, 263, 997, 997, 997, 997, 997, 997, 997, - 997, 997, 997, 998, 263, 377, 376, 999, 999, 999, - 999, 999, 999, 1036, 375, 1037, 1037, 1037, 1037, 1037, - 1037, 1037, 1037, 1037, 1037, 1091, 1091, 1091, 1091, 1091, - 1091, 374, 999, 999, 999, 999, 999, 999, 1003, 1004, - 1005, 1003, 1003, 1003, 1003, 1003, 1003, 1003, 373, 262, - 366, 267, 1006, 1006, 1006, 1006, 1006, 1006, 1036, 265, - 1038, 1038, 1038, 1038, 1038, 1038, 1038, 1038, 1038, 1038, - 1119, 1119, 1119, 1119, 1119, 1119, 263, 1006, 1006, 1006, - 1006, 1006, 1006, 979, 260, 980, 980, 980, 980, 980, - - 980, 980, 980, 980, 980, 1036, 365, 1039, 1039, 1039, - 1039, 1039, 1040, 1037, 1037, 1037, 1037, 1006, 1006, 1006, - 1006, 1006, 1006, 1006, 1006, 1006, 1006, 1049, 994, 994, - 364, 1049, 263, 979, 994, 980, 980, 980, 980, 980, - 980, 980, 980, 980, 980, 776, 363, 1043, 1043, 1043, - 1043, 1043, 1043, 362, 1050, 355, 354, 998, 1046, 1046, - 1046, 1046, 1046, 1046, 1046, 1046, 1046, 1046, 1041, 1041, - 353, 352, 263, 1031, 1041, 1032, 1032, 1032, 1032, 1032, - 1032, 1032, 1032, 1032, 1032, 1125, 351, 1045, 1045, 1045, - 1045, 1045, 1045, 1045, 1045, 1045, 1045, 302, 1007, 1007, - - 1007, 1007, 1007, 1007, 1007, 1007, 1007, 1007, 1125, 237, - 1049, 229, 138, 1031, 1049, 1033, 1033, 1033, 1033, 1033, - 1033, 1033, 1033, 1033, 1033, 302, 1007, 1007, 1007, 1007, - 1007, 1007, 1007, 1007, 1007, 1007, 224, 1050, 1049, 225, - 219, 1036, 1049, 1037, 1037, 1037, 1037, 1037, 1037, 219, - 184, 211, 138, 1031, 342, 1034, 1034, 1034, 1034, 1034, - 1035, 1032, 1032, 1032, 1032, 1050, 1020, 1020, 1020, 1020, - 1020, 1020, 1020, 1020, 1020, 1020, 1020, 1020, 1020, 1020, - 1020, 1020, 1020, 1020, 1020, 1020, 249, 334, 167, 249, - 333, 249, 138, 776, 332, 1043, 1043, 1043, 1043, 1043, - - 1043, 1043, 1043, 1043, 1043, 998, 776, 331, 1044, 1044, - 1044, 1044, 1044, 1044, 1044, 1044, 1044, 1044, 330, 327, - 326, 325, 1045, 1045, 1045, 1045, 1045, 1045, 1053, 324, - 1054, 1054, 1054, 1054, 1054, 1054, 1054, 1054, 1054, 1054, - 323, 1116, 1116, 1116, 1116, 1116, 1116, 1045, 1045, 1045, - 1045, 1045, 1045, 1053, 322, 1055, 1055, 1055, 1055, 1055, - 1055, 1055, 1055, 1055, 1055, 1053, 314, 1056, 1056, 1056, - 1056, 1056, 1057, 1054, 1054, 1054, 1054, 1059, 138, 1060, - 1060, 1060, 1060, 1060, 1060, 1060, 1060, 1060, 1060, 313, - 312, 1049, 311, 310, 309, 1049, 1065, 1066, 1067, 1065, - - 1065, 1065, 1065, 1065, 1065, 1065, 1031, 308, 1032, 1032, - 1032, 1032, 1032, 1032, 307, 164, 263, 1059, 1050, 1061, - 1061, 1061, 1061, 1061, 1061, 1061, 1061, 1061, 1061, 137, - 164, 1074, 239, 138, 152, 1074, 1071, 1071, 150, 278, - 143, 141, 1071, 138, 286, 138, 1068, 1069, 1070, 1068, - 1068, 1068, 1068, 1068, 1068, 1068, 263, 1059, 1075, 1062, - 1062, 1062, 1062, 1062, 1063, 1060, 1060, 1060, 1060, 1036, - 285, 1037, 1037, 1037, 1037, 1037, 1037, 1037, 1037, 1037, - 1037, 1036, 284, 1037, 1037, 1037, 1037, 1037, 1037, 1037, - 1037, 1037, 1037, 283, 1074, 282, 263, 1031, 1074, 1032, - - 1032, 1032, 1032, 1032, 1032, 1032, 1032, 1032, 1032, 776, - 278, 1073, 1073, 1073, 1073, 1073, 1073, 1073, 1073, 1073, - 1073, 1075, 1074, 267, 263, 1053, 1074, 1054, 1054, 1054, - 1054, 1054, 1054, 260, 256, 255, 138, 1031, 254, 1032, - 1032, 1032, 1032, 1032, 1032, 1032, 1032, 1032, 1032, 1075, - 1080, 1081, 1082, 1080, 1080, 1080, 1080, 1080, 1080, 1080, - 1053, 253, 1054, 1054, 1054, 1054, 1054, 1054, 1054, 1054, - 1054, 1054, 167, 252, 247, 1053, 138, 1054, 1054, 1054, - 1054, 1054, 1054, 1054, 1054, 1054, 1054, 1083, 1084, 1085, - 1083, 1083, 1083, 1083, 1083, 1083, 1083, 225, 1059, 219, - - 1060, 1060, 1060, 1060, 1060, 1060, 211, 140, 177, 208, - 174, 1074, 200, 198, 1097, 1074, 1098, 1098, 1098, 1098, - 1098, 1098, 180, 179, 263, 1059, 176, 1060, 1060, 1060, - 1060, 1060, 1060, 1060, 1060, 1060, 1060, 263, 1075, 1091, - 1091, 1091, 1091, 1091, 1091, 1091, 1091, 1091, 1091, 1092, - 1092, 1092, 1092, 1092, 1092, 1092, 1092, 1092, 1092, 278, - 175, 167, 164, 152, 263, 1059, 141, 1060, 1060, 1060, - 1060, 1060, 1060, 1060, 1060, 1060, 1060, 1093, 1093, 1093, - 1093, 1093, 1094, 1091, 1091, 1091, 1091, 1097, 140, 1098, - 1098, 1098, 1098, 1098, 1098, 1098, 1098, 1098, 1098, 138, - - 1125, 1125, 1125, 1125, 263, 1086, 1125, 1087, 1087, 1087, - 1087, 1087, 1087, 1087, 1087, 1087, 1087, 1097, 1125, 1099, - 1099, 1099, 1099, 1099, 1099, 1099, 1099, 1099, 1099, 1097, - 1125, 1100, 1100, 1100, 1100, 1100, 1101, 1098, 1098, 1098, - 1098, 1125, 1125, 1125, 138, 1086, 1125, 1088, 1088, 1088, - 1088, 1088, 1088, 1088, 1088, 1088, 1088, 1125, 1125, 1125, - 1107, 1108, 1109, 1107, 1107, 1107, 1107, 1107, 1107, 1107, - 1086, 1125, 1087, 1087, 1087, 1087, 1087, 1087, 1125, 1125, - 1125, 1125, 1125, 1125, 138, 1086, 1125, 1089, 1089, 1089, - 1089, 1089, 1090, 1087, 1087, 1087, 1087, 138, 1091, 1091, - - 1091, 1091, 1091, 1091, 1091, 1091, 1091, 1091, 1125, 138, - 1091, 1091, 1091, 1091, 1091, 1091, 1091, 1091, 1091, 1091, - 1125, 1125, 1125, 1125, 138, 1102, 1125, 1103, 1103, 1103, - 1103, 1103, 1103, 1103, 1103, 1103, 1103, 1110, 1111, 1112, - 1110, 1110, 1110, 1110, 1110, 1110, 1110, 1097, 1125, 1098, - 1098, 1098, 1098, 1098, 1098, 1098, 1098, 1098, 1098, 1125, - 1125, 1125, 1125, 1125, 263, 1102, 1125, 1104, 1104, 1104, - 1104, 1104, 1104, 1104, 1104, 1104, 1104, 1097, 1125, 1098, - 1098, 1098, 1098, 1098, 1098, 1098, 1098, 1098, 1098, 1113, - 1114, 1115, 1113, 1113, 1113, 1113, 1113, 1113, 1113, 1125, - - 1125, 1125, 1125, 1125, 263, 1102, 1125, 1105, 1105, 1105, - 1105, 1105, 1106, 1103, 1103, 1103, 1103, 1125, 1102, 1125, - 1103, 1103, 1103, 1103, 1103, 1103, 263, 1116, 1116, 1116, - 1116, 1116, 1116, 1116, 1116, 1116, 1116, 1125, 1122, 1122, - 1122, 1122, 1122, 1122, 263, 1086, 1125, 1087, 1087, 1087, - 1087, 1087, 1087, 1087, 1087, 1087, 1087, 263, 1125, 1125, - 1125, 1125, 1125, 1125, 138, 1107, 1107, 1107, 1107, 1107, - 1107, 1107, 1107, 1107, 1107, 263, 1125, 1125, 1125, 1125, - 1125, 1125, 1125, 1125, 138, 1086, 1125, 1087, 1087, 1087, - 1087, 1087, 1087, 1087, 1087, 1087, 1087, 1125, 1125, 1125, - - 1125, 1125, 138, 1117, 1117, 1117, 1117, 1117, 1118, 1116, - 1116, 1116, 1116, 1119, 1119, 1119, 1119, 1119, 1119, 1119, - 1119, 1119, 1119, 1125, 138, 1102, 1125, 1103, 1103, 1103, - 1103, 1103, 1103, 1103, 1103, 1103, 1103, 1125, 1125, 1125, - 138, 1110, 1110, 1110, 1110, 1110, 1110, 1110, 1110, 1110, - 1110, 1120, 1120, 1120, 1120, 1120, 1121, 1119, 1119, 1119, - 1119, 1125, 1125, 1125, 263, 1102, 1125, 1103, 1103, 1103, - 1103, 1103, 1103, 1103, 1103, 1103, 1103, 1122, 1122, 1122, - 1122, 1122, 1122, 1122, 1122, 1122, 1122, 1113, 1113, 1113, - 1113, 1113, 1113, 1113, 1113, 1113, 1113, 1125, 1125, 1125, - - 1125, 1125, 1125, 1125, 263, 1125, 1125, 1125, 1125, 1125, - 1125, 1125, 1125, 1125, 263, 1125, 1125, 1125, 1125, 1125, - 1125, 1125, 1125, 1125, 263, 1123, 1123, 1123, 1123, 1123, - 1124, 1122, 1122, 1122, 1122, 1116, 1116, 1116, 1116, 1116, - 1116, 1116, 1116, 1116, 1116, 1119, 1119, 1119, 1119, 1119, - 1119, 1119, 1119, 1119, 1119, 1125, 1125, 1125, 1125, 1125, - 1125, 1125, 263, 1125, 1125, 1125, 1125, 1125, 1125, 1125, - 1125, 1125, 138, 1122, 1122, 1122, 1122, 1122, 1122, 1122, - 1122, 1122, 1122, 1125, 1125, 1125, 1125, 1125, 1125, 1125, - 1125, 1125, 1125, 1125, 1125, 1125, 1125, 1125, 1125, 1125, + 1156, 1156, 1165, 1166, 1167, 1165, 1165, 1165, 1165, 1165, + 1165, 1165, 167, 977, 977, 140, 167, 141, 1144, 977, + 1146, 1146, 1146, 1146, 1146, 1146, 1146, 1146, 1146, 1146, + 243, 1144, 155, 1145, 1145, 1145, 1145, 1145, 1145, 141, + 1149, 1149, 1149, 1149, 1149, 1149, 1149, 1149, 1149, 1149, + 1047, 1047, 153, 1097, 1097, 146, 1047, 141, 1144, 1097, + 1147, 1147, 1147, 1147, 1147, 1148, 1145, 1145, 1145, 1145, + 141, 1149, 1149, 1149, 1149, 1149, 1149, 1149, 1149, 1149, + 1149, 1168, 1169, 1170, 1168, 1168, 1168, 1168, 1168, 1168, + 1168, 144, 141, 1129, 1129, 292, 291, 141, 1160, 1129, + + 1161, 1161, 1161, 1161, 1161, 1161, 1161, 1161, 1161, 1161, + 1155, 290, 1156, 1156, 1156, 1156, 1156, 1156, 1156, 1156, + 1156, 1156, 1155, 289, 1156, 1156, 1156, 1156, 1156, 1156, + 1156, 1156, 1156, 1156, 288, 287, 283, 268, 1160, 272, + 1162, 1162, 1162, 1162, 1162, 1162, 1162, 1162, 1162, 1162, + 1155, 268, 1156, 1156, 1156, 1156, 1156, 1156, 1171, 1172, + 1173, 1171, 1171, 1171, 1171, 1171, 1171, 1171, 1160, 265, + 1161, 1161, 1161, 1161, 1161, 1161, 261, 268, 1160, 260, + 1163, 1163, 1163, 1163, 1163, 1164, 1161, 1161, 1161, 1161, + 259, 258, 257, 256, 251, 268, 1174, 1174, 1174, 1174, + + 1174, 1174, 1174, 1174, 1174, 1174, 229, 268, 223, 215, + 143, 181, 212, 178, 204, 202, 184, 268, 1144, 183, + 1145, 1145, 1145, 1145, 1145, 1145, 1145, 1145, 1145, 1145, + 180, 179, 176, 141, 1165, 1165, 1165, 1165, 1165, 1165, + 1165, 1165, 1165, 1165, 1175, 1175, 1175, 1175, 1175, 1176, + 1174, 1174, 1174, 1174, 170, 167, 155, 141, 1144, 144, + 1145, 1145, 1145, 1145, 1145, 1145, 1145, 1145, 1145, 1145, + 143, 141, 141, 1183, 1183, 1183, 1183, 1183, 1183, 1183, + 1183, 141, 1177, 1177, 1177, 1177, 1177, 1177, 1177, 1177, + 1177, 1177, 1183, 1183, 1183, 1183, 1183, 141, 1160, 1183, + + 1161, 1161, 1161, 1161, 1161, 1161, 1161, 1161, 1161, 1161, + 1168, 1168, 1168, 1168, 1168, 1168, 1168, 1168, 1168, 1168, + 1178, 1178, 1178, 1178, 1178, 1179, 1177, 1177, 1177, 1177, + 1183, 1183, 1183, 1183, 1183, 1183, 1183, 268, 1160, 1183, + 1161, 1161, 1161, 1161, 1161, 1161, 1161, 1161, 1161, 1161, + 1180, 1180, 1180, 1180, 1180, 1180, 1180, 1180, 1180, 1180, + 1171, 1171, 1171, 1171, 1171, 1171, 1171, 1171, 1171, 1171, + 1183, 1183, 1183, 1183, 1183, 1183, 1183, 268, 1183, 1183, + 1183, 1174, 1174, 1174, 1174, 1174, 1174, 268, 1183, 1183, + 1183, 1183, 1183, 1183, 1183, 1183, 1183, 268, 1181, 1181, + + 1181, 1181, 1181, 1182, 1180, 1180, 1180, 1180, 1174, 1174, + 1174, 1174, 1174, 1174, 1174, 1174, 1174, 1174, 141, 1177, + 1177, 1177, 1177, 1177, 1177, 1177, 1177, 1177, 1177, 1180, + 1180, 1180, 1180, 1180, 1180, 268, 1183, 1183, 1183, 1183, + 1183, 1183, 1183, 1183, 1183, 141, 1180, 1180, 1180, 1180, + 1180, 1180, 1180, 1180, 1180, 1180, 1183, 1183, 1183, 1183, + 1183, 1183, 1183, 1183, 1183, 1183, 268, 1183, 1183, 1183, + 1183, 1183, 1183, 1183, 1183, 1183, 1183, 1183, 1183, 1183, + 1183, 1183, 1183, 268, 72, 72, 72, 72, 72, 72, + 72, 72, 72, 72, 72, 72, 72, 72, 72, 72, - 1125, 1125, 1125, 1125, 1125, 1125, 1125, 1125, 1125, 1125, - 263, 71, 71, 71, 71, 71, 71, 71, 71, 71, - 71, 71, 71, 71, 71, 71, 71, 71, 71, 71, - 71, 38, 38, 38, 38, 38, 38, 38, 38, 38, + 72, 72, 72, 72, 38, 38, 38, 38, 38, 38, 38, 38, 38, 38, 38, 38, 38, 38, 38, 38, - 38, 81, 81, 81, 81, 81, 81, 81, 81, 81, - 81, 81, 81, 81, 81, 81, 81, 81, 81, 81, - 81, 88, 88, 88, 88, 88, 88, 88, 88, 88, - 88, 88, 88, 88, 88, 88, 88, 88, 88, 88, - 88, 113, 113, 113, 113, 113, 113, 113, 113, 113, - - 113, 113, 113, 113, 113, 113, 113, 113, 113, 113, - 113, 137, 1125, 1125, 137, 1125, 1125, 1125, 1125, 137, - 1125, 137, 137, 137, 1125, 1125, 137, 137, 137, 137, - 137, 142, 142, 142, 142, 142, 142, 142, 142, 142, - 142, 142, 142, 142, 142, 142, 142, 142, 142, 142, - 142, 147, 1125, 1125, 147, 1125, 1125, 147, 1125, 147, - 1125, 147, 147, 147, 147, 1125, 147, 147, 147, 147, - 147, 151, 1125, 1125, 151, 1125, 1125, 1125, 1125, 151, - 1125, 151, 151, 151, 1125, 1125, 151, 151, 151, 151, - 151, 153, 1125, 1125, 153, 153, 153, 1125, 153, 153, - - 1125, 153, 153, 153, 1125, 1125, 153, 153, 153, 153, - 153, 205, 1125, 1125, 205, 205, 205, 1125, 205, 205, - 1125, 205, 205, 205, 1125, 1125, 205, 205, 205, 205, - 205, 210, 1125, 1125, 210, 210, 210, 1125, 210, 210, - 1125, 210, 210, 210, 1125, 210, 210, 1125, 210, 210, - 210, 218, 1125, 1125, 218, 218, 1125, 1125, 218, 218, - 1125, 218, 218, 218, 218, 1125, 218, 218, 218, 218, - 218, 222, 222, 222, 222, 222, 222, 222, 222, 222, - 222, 222, 222, 222, 222, 222, 222, 222, 222, 222, - 222, 224, 224, 1125, 224, 224, 1125, 224, 224, 224, - - 224, 224, 224, 224, 224, 224, 224, 224, 224, 224, - 224, 231, 1125, 1125, 231, 1125, 1125, 231, 1125, 231, - 1125, 231, 231, 231, 231, 1125, 231, 231, 231, 231, - 231, 235, 1125, 1125, 235, 1125, 1125, 1125, 1125, 235, - 1125, 235, 235, 235, 1125, 235, 235, 235, 235, 235, - 235, 238, 1125, 1125, 238, 238, 238, 1125, 238, 238, - 1125, 238, 238, 238, 1125, 238, 238, 238, 238, 238, - 238, 259, 1125, 1125, 1125, 259, 259, 259, 259, 259, - 259, 259, 259, 259, 259, 259, 259, 259, 259, 259, - 259, 262, 1125, 1125, 262, 1125, 1125, 1125, 1125, 262, - - 1125, 262, 262, 262, 1125, 1125, 262, 262, 262, 262, - 262, 264, 1125, 1125, 264, 1125, 1125, 264, 1125, 264, - 1125, 264, 264, 264, 264, 1125, 264, 264, 264, 264, - 264, 266, 1125, 1125, 266, 1125, 1125, 1125, 1125, 266, - 1125, 266, 266, 266, 1125, 1125, 266, 266, 266, 266, - 266, 268, 1125, 1125, 268, 268, 268, 1125, 268, 268, - 1125, 268, 268, 268, 1125, 1125, 268, 268, 268, 268, - 268, 291, 291, 291, 291, 291, 291, 291, 291, 291, - 291, 291, 291, 291, 291, 291, 291, 291, 291, 291, - 291, 293, 293, 1125, 293, 293, 293, 293, 293, 293, - - 293, 293, 293, 293, 293, 293, 293, 293, 293, 293, - 293, 147, 1125, 1125, 147, 1125, 1125, 1125, 1125, 147, - 1125, 147, 147, 147, 1125, 1125, 147, 147, 147, 147, - 147, 151, 1125, 1125, 151, 1125, 1125, 1125, 1125, 151, - 1125, 151, 151, 151, 1125, 1125, 151, 151, 151, 151, - 151, 153, 1125, 1125, 153, 153, 153, 1125, 153, 153, - 1125, 153, 153, 153, 1125, 1125, 153, 153, 153, 153, - 153, 154, 1125, 1125, 154, 154, 154, 1125, 154, 154, - 1125, 154, 154, 154, 1125, 1125, 154, 154, 154, 154, - 154, 303, 303, 303, 1125, 1125, 1125, 1125, 303, 205, - - 1125, 1125, 205, 205, 205, 1125, 205, 205, 1125, 205, - 205, 205, 1125, 1125, 205, 205, 205, 205, 205, 206, - 1125, 1125, 206, 206, 206, 1125, 206, 206, 1125, 206, - 206, 206, 1125, 1125, 206, 206, 206, 206, 206, 210, - 1125, 1125, 210, 210, 210, 1125, 210, 210, 1125, 210, - 210, 210, 1125, 210, 210, 1125, 210, 210, 210, 218, - 1125, 1125, 218, 218, 1125, 1125, 218, 218, 1125, 218, - 218, 218, 218, 1125, 218, 218, 218, 218, 218, 224, - 224, 1125, 224, 224, 1125, 224, 224, 224, 224, 224, - 224, 224, 224, 224, 224, 224, 224, 224, 224, 234, - - 1125, 1125, 234, 1125, 1125, 1125, 1125, 234, 1125, 234, - 234, 234, 1125, 1125, 234, 234, 234, 234, 234, 235, - 1125, 1125, 235, 1125, 1125, 1125, 1125, 235, 1125, 235, - 235, 235, 1125, 235, 235, 235, 235, 235, 235, 236, - 1125, 1125, 236, 236, 1125, 236, 236, 1125, 1125, 236, - 236, 238, 1125, 1125, 238, 238, 238, 1125, 238, 238, - 1125, 238, 238, 238, 1125, 238, 238, 238, 238, 238, - 238, 259, 1125, 1125, 1125, 259, 259, 259, 259, 259, - 259, 259, 259, 259, 259, 259, 259, 259, 259, 259, - 259, 262, 1125, 1125, 262, 1125, 1125, 1125, 1125, 262, - - 1125, 262, 262, 262, 1125, 1125, 262, 262, 262, 262, - 262, 264, 1125, 1125, 264, 1125, 1125, 1125, 1125, 264, - 1125, 264, 264, 264, 1125, 1125, 264, 264, 264, 264, - 264, 266, 1125, 1125, 266, 1125, 1125, 1125, 1125, 266, - 1125, 266, 266, 266, 1125, 1125, 266, 266, 266, 266, - 266, 268, 1125, 1125, 268, 268, 268, 1125, 268, 268, - 1125, 268, 268, 268, 1125, 1125, 268, 268, 268, 268, - 268, 269, 1125, 1125, 269, 269, 269, 1125, 269, 269, - 1125, 269, 269, 269, 1125, 1125, 269, 269, 269, 269, - 269, 291, 291, 291, 291, 291, 291, 291, 291, 291, - - 291, 291, 291, 291, 291, 291, 291, 291, 291, 291, - 291, 389, 389, 389, 389, 389, 389, 389, 389, 389, - 389, 389, 389, 389, 389, 389, 389, 389, 389, 389, - 389, 403, 403, 403, 1125, 1125, 1125, 1125, 403, 503, - 503, 503, 1125, 1125, 1125, 1125, 503, 291, 291, 291, - 291, 291, 291, 291, 291, 291, 291, 291, 291, 291, - 291, 291, 291, 291, 291, 291, 291, 600, 600, 600, - 1125, 1125, 1125, 1125, 600, 604, 604, 604, 604, 1125, - 1125, 1125, 1125, 604, 704, 704, 704, 1125, 1125, 1125, - 1125, 704, 705, 705, 705, 705, 1125, 1125, 1125, 1125, - - 705, 791, 791, 791, 1125, 1125, 1125, 1125, 791, 792, - 792, 792, 792, 1125, 1125, 1125, 1125, 792, 291, 291, - 291, 291, 291, 291, 291, 291, 291, 291, 291, 291, - 291, 291, 291, 291, 291, 291, 291, 291, 236, 1125, - 1125, 236, 236, 1125, 236, 236, 1125, 1125, 236, 236, - 856, 1125, 856, 856, 1125, 1125, 1125, 1125, 856, 874, - 874, 874, 1125, 1125, 1125, 1125, 874, 875, 875, 875, - 875, 1125, 1125, 1125, 1125, 875, 291, 291, 291, 291, - 291, 291, 291, 291, 291, 291, 291, 291, 291, 291, - 291, 291, 291, 291, 291, 291, 236, 1125, 1125, 236, - - 236, 1125, 236, 236, 1125, 1125, 236, 236, 262, 1125, - 1125, 262, 1125, 1125, 1125, 1125, 262, 1125, 262, 262, - 262, 1125, 1125, 262, 262, 262, 262, 262, 930, 1125, - 930, 930, 1125, 1125, 1125, 1125, 930, 946, 946, 946, - 1125, 1125, 1125, 1125, 946, 947, 947, 947, 1125, 1125, - 1125, 1125, 1125, 947, 957, 957, 957, 957, 957, 957, - 957, 957, 957, 957, 957, 957, 957, 957, 957, 957, - 957, 957, 957, 957, 962, 962, 1125, 962, 962, 962, - 962, 1125, 962, 1125, 962, 962, 962, 1125, 1125, 962, - 962, 962, 962, 962, 968, 968, 1125, 968, 968, 968, - - 968, 1125, 968, 1125, 968, 968, 968, 1125, 1125, 968, - 968, 968, 968, 968, 995, 1125, 995, 995, 1125, 1125, - 1125, 1125, 995, 1042, 1125, 1042, 1042, 1125, 1125, 1125, - 1125, 1042, 1076, 1076, 1076, 1076, 1076, 1076, 1076, 1076, - 1076, 1076, 1076, 1076, 1076, 1076, 1076, 1076, 1076, 1076, - 1076, 1076, 19, 1125, 1125, 1125, 1125, 1125, 1125, 1125, - 1125, 1125, 1125, 1125, 1125, 1125, 1125, 1125, 1125, 1125, - 1125, 1125, 1125, 1125, 1125, 1125, 1125, 1125, 1125, 1125, - 1125, 1125, 1125, 1125, 1125, 1125, 1125, 1125, 1125, 1125, - 1125, 1125, 1125, 1125, 1125, 1125, 1125, 1125, 1125, 1125, + 38, 38, 38, 38, 82, 82, 82, 82, 82, 82, + 82, 82, 82, 82, 82, 82, 82, 82, 82, 82, + 82, 82, 82, 82, 89, 89, 89, 89, 89, 89, + 89, 89, 89, 89, 89, 89, 89, 89, 89, 89, + 89, 89, 89, 89, 115, 115, 115, 115, 115, 115, + 115, 115, 115, 115, 115, 115, 115, 115, 115, 115, + 115, 115, 115, 115, 140, 1183, 1183, 140, 1183, 1183, + 1183, 1183, 140, 1183, 140, 140, 140, 1183, 1183, 140, + + 140, 140, 140, 140, 145, 145, 145, 145, 145, 145, + 145, 145, 145, 145, 145, 145, 145, 145, 145, 145, + 145, 145, 145, 145, 150, 1183, 1183, 150, 1183, 1183, + 150, 1183, 150, 1183, 150, 150, 150, 150, 1183, 150, + 150, 150, 150, 150, 154, 1183, 1183, 154, 1183, 1183, + 1183, 1183, 154, 1183, 154, 154, 154, 1183, 1183, 154, + 154, 154, 154, 154, 156, 1183, 1183, 156, 156, 156, + 1183, 156, 156, 1183, 156, 156, 156, 1183, 1183, 156, + 156, 156, 156, 156, 209, 1183, 1183, 209, 209, 209, + 1183, 209, 209, 1183, 209, 209, 209, 1183, 1183, 209, + + 209, 209, 209, 209, 214, 1183, 1183, 214, 214, 214, + 1183, 214, 214, 1183, 214, 214, 214, 1183, 214, 214, + 1183, 214, 214, 214, 222, 1183, 1183, 222, 222, 1183, + 1183, 222, 222, 1183, 222, 222, 222, 222, 1183, 222, + 222, 222, 222, 222, 226, 226, 226, 226, 226, 226, + 226, 226, 226, 226, 226, 226, 226, 226, 226, 226, + 226, 226, 226, 226, 228, 228, 1183, 228, 228, 1183, + 228, 228, 228, 228, 228, 228, 228, 228, 228, 228, + 228, 228, 228, 228, 235, 1183, 1183, 235, 1183, 1183, + 235, 1183, 235, 1183, 235, 235, 235, 235, 1183, 235, + + 235, 235, 235, 235, 239, 1183, 1183, 239, 1183, 1183, + 1183, 1183, 239, 1183, 239, 239, 239, 1183, 239, 239, + 239, 239, 239, 239, 242, 1183, 1183, 242, 242, 242, + 1183, 242, 242, 1183, 242, 242, 242, 1183, 242, 242, + 242, 242, 242, 242, 264, 1183, 1183, 1183, 264, 264, + 264, 264, 264, 264, 264, 264, 264, 264, 264, 264, + 264, 264, 264, 264, 267, 1183, 1183, 267, 1183, 1183, + 1183, 1183, 267, 1183, 267, 267, 267, 1183, 1183, 267, + 267, 267, 267, 267, 269, 1183, 1183, 269, 1183, 1183, + 269, 1183, 269, 1183, 269, 269, 269, 269, 1183, 269, + + 269, 269, 269, 269, 271, 1183, 1183, 271, 1183, 1183, + 1183, 1183, 271, 1183, 271, 271, 271, 1183, 1183, 271, + 271, 271, 271, 271, 273, 1183, 1183, 273, 273, 273, + 1183, 273, 273, 1183, 273, 273, 273, 1183, 1183, 273, + 273, 273, 273, 273, 297, 297, 297, 297, 297, 297, + 297, 297, 297, 297, 297, 297, 297, 297, 297, 297, + 297, 297, 297, 297, 299, 299, 1183, 299, 299, 299, + 299, 299, 299, 299, 299, 299, 299, 299, 299, 299, + 299, 299, 299, 299, 150, 1183, 1183, 150, 1183, 1183, + 1183, 1183, 150, 1183, 150, 150, 150, 1183, 1183, 150, + + 150, 150, 150, 150, 154, 1183, 1183, 154, 1183, 1183, + 1183, 1183, 154, 1183, 154, 154, 154, 1183, 1183, 154, + 154, 154, 154, 154, 156, 1183, 1183, 156, 156, 156, + 1183, 156, 156, 1183, 156, 156, 156, 1183, 1183, 156, + 156, 156, 156, 156, 157, 1183, 1183, 157, 157, 157, + 1183, 157, 157, 1183, 157, 157, 157, 1183, 1183, 157, + 157, 157, 157, 157, 309, 309, 309, 1183, 1183, 1183, + 1183, 309, 209, 1183, 1183, 209, 209, 209, 1183, 209, + 209, 1183, 209, 209, 209, 1183, 1183, 209, 209, 209, + 209, 209, 210, 1183, 1183, 210, 210, 210, 1183, 210, + + 210, 1183, 210, 210, 210, 1183, 1183, 210, 210, 210, + 210, 210, 214, 1183, 1183, 214, 214, 214, 1183, 214, + 214, 1183, 214, 214, 214, 1183, 214, 214, 1183, 214, + 214, 214, 222, 1183, 1183, 222, 222, 1183, 1183, 222, + 222, 1183, 222, 222, 222, 222, 1183, 222, 222, 222, + 222, 222, 228, 228, 1183, 228, 228, 1183, 228, 228, + 228, 228, 228, 228, 228, 228, 228, 228, 228, 228, + 228, 228, 238, 1183, 1183, 238, 1183, 1183, 1183, 1183, + 238, 1183, 238, 238, 238, 1183, 1183, 238, 238, 238, + 238, 238, 239, 1183, 1183, 239, 1183, 1183, 1183, 1183, + + 239, 1183, 239, 239, 239, 1183, 239, 239, 239, 239, + 239, 239, 240, 1183, 1183, 240, 240, 1183, 240, 240, + 1183, 1183, 240, 240, 242, 1183, 1183, 242, 242, 242, + 1183, 242, 242, 1183, 242, 242, 242, 1183, 242, 242, + 242, 242, 242, 242, 264, 1183, 1183, 1183, 264, 264, + 264, 264, 264, 264, 264, 264, 264, 264, 264, 264, + 264, 264, 264, 264, 267, 1183, 1183, 267, 1183, 1183, + 1183, 1183, 267, 1183, 267, 267, 267, 1183, 1183, 267, + 267, 267, 267, 267, 269, 1183, 1183, 269, 1183, 1183, + 1183, 1183, 269, 1183, 269, 269, 269, 1183, 1183, 269, + + 269, 269, 269, 269, 271, 1183, 1183, 271, 1183, 1183, + 1183, 1183, 271, 1183, 271, 271, 271, 1183, 1183, 271, + 271, 271, 271, 271, 273, 1183, 1183, 273, 273, 273, + 1183, 273, 273, 1183, 273, 273, 273, 1183, 1183, 273, + 273, 273, 273, 273, 274, 1183, 1183, 274, 274, 274, + 1183, 274, 274, 1183, 274, 274, 274, 1183, 1183, 274, + 274, 274, 274, 274, 297, 297, 297, 297, 297, 297, + 297, 297, 297, 297, 297, 297, 297, 297, 297, 297, + 297, 297, 297, 297, 401, 401, 401, 401, 401, 401, + 401, 401, 401, 401, 401, 401, 401, 401, 401, 401, + + 401, 401, 401, 401, 415, 415, 415, 1183, 1183, 1183, + 1183, 415, 521, 521, 521, 1183, 1183, 1183, 1183, 521, + 297, 297, 297, 297, 297, 297, 297, 297, 297, 297, + 297, 297, 297, 297, 297, 297, 297, 297, 297, 297, + 624, 624, 624, 1183, 1183, 1183, 1183, 624, 628, 628, + 628, 628, 1183, 1183, 1183, 1183, 628, 734, 734, 734, + 1183, 1183, 1183, 1183, 734, 735, 735, 735, 735, 1183, + 1183, 1183, 1183, 735, 827, 827, 827, 1183, 1183, 1183, + 1183, 827, 828, 828, 828, 828, 1183, 1183, 1183, 1183, + 828, 297, 297, 297, 297, 297, 297, 297, 297, 297, + + 297, 297, 297, 297, 297, 297, 297, 297, 297, 297, + 297, 240, 1183, 1183, 240, 240, 1183, 240, 240, 1183, + 1183, 240, 240, 898, 1183, 898, 898, 1183, 1183, 1183, + 1183, 898, 916, 916, 916, 1183, 1183, 1183, 1183, 916, + 917, 917, 917, 917, 1183, 1183, 1183, 1183, 917, 297, + 297, 297, 297, 297, 297, 297, 297, 297, 297, 297, + 297, 297, 297, 297, 297, 297, 297, 297, 297, 240, + 1183, 1183, 240, 240, 1183, 240, 240, 1183, 1183, 240, + 240, 267, 1183, 1183, 267, 1183, 1183, 1183, 1183, 267, + 1183, 267, 267, 267, 1183, 1183, 267, 267, 267, 267, + + 267, 978, 1183, 978, 978, 1183, 1183, 1183, 1183, 978, + 994, 994, 994, 1183, 1183, 1183, 1183, 994, 995, 995, + 995, 1183, 1183, 1183, 1183, 1183, 995, 1008, 1008, 1008, + 1008, 1008, 1008, 1008, 1008, 1008, 1008, 1008, 1008, 1008, + 1008, 1008, 1008, 1008, 1008, 1008, 1008, 1013, 1013, 1183, + 1013, 1013, 1013, 1013, 1183, 1013, 1183, 1013, 1013, 1013, + 1183, 1183, 1013, 1013, 1013, 1013, 1013, 1019, 1019, 1183, + 1019, 1019, 1019, 1019, 1183, 1019, 1183, 1019, 1019, 1019, + 1183, 1183, 1019, 1019, 1019, 1019, 1019, 1048, 1183, 1048, + 1048, 1183, 1183, 1183, 1183, 1048, 1098, 1183, 1098, 1098, + + 1183, 1183, 1183, 1183, 1098, 1134, 1134, 1134, 1134, 1134, + 1134, 1134, 1134, 1134, 1134, 1134, 1134, 1134, 1134, 1134, + 1134, 1134, 1134, 1134, 1134, 19, 1183, 1183, 1183, 1183, + 1183, 1183, 1183, 1183, 1183, 1183, 1183, 1183, 1183, 1183, + 1183, 1183, 1183, 1183, 1183, 1183, 1183, 1183, 1183, 1183, + 1183, 1183, 1183, 1183, 1183, 1183, 1183, 1183, 1183, 1183, + 1183, 1183, 1183, 1183, 1183, 1183, 1183, 1183, 1183, 1183, + 1183, 1183, 1183, 1183, 1183, 1183, 1183, 1183, 1183, 1183, + 1183, 1183, 1183, 1183, 1183, 1183, 1183, 1183, 1183, 1183, + 1183, 1183, 1183, 1183, 1183, 1183, 1183, 1183, 1183, 1183 - 1125, 1125, 1125, 1125, 1125, 1125, 1125, 1125, 1125, 1125, - 1125, 1125, 1125, 1125, 1125, 1125, 1125, 1125, 1125, 1125, - 1125, 1125, 1125, 1125, 1125, 1125, 1125 } ; -static yyconst flex_int16_t yy_chk[8328] = +static yyconst flex_int16_t yy_chk[8301] = { 0, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, @@ -1781,57 +1796,57 @@ 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, - 1, 1, 1, 1, 2, 21, 49, 43, 2, 21, + 1, 1, 1, 1, 2, 21, 50, 43, 2, 21, 27, 2, 5, 5, 39, 5, 5, 5, 43, 5, - 52, 49, 46, 42, 39, 5, 42, 46, 6, 6, + 53, 50, 47, 42, 39, 5, 42, 47, 6, 6, - 27, 6, 6, 6, 52, 6, 42, 2, 2, 5, + 27, 6, 6, 6, 53, 6, 42, 2, 2, 5, 5, 6, 2, 35, 35, 35, 35, 35, 35, 44, - 2, 61, 44, 2, 3, 6, 6, 27, 3, 11, + 2, 62, 44, 2, 3, 6, 6, 27, 3, 11, 11, 3, 11, 11, 11, 11, 5, 3, 12, 12, - 3, 12, 12, 12, 12, 83, 65, 59, 103, 61, - 65, 103, 6, 127, 3, 165, 127, 3, 15, 15, - 15, 15, 15, 15, 15, 3, 59, 3, 165, 3, - 3, 83, 3, 16, 16, 16, 16, 16, 16, 16, - 32, 32, 55, 11, 32, 32, 185, 70, 90, 1122, - 102, 55, 12, 63, 3, 4, 70, 63, 85, 4, - - 55, 102, 4, 89, 32, 70, 63, 89, 4, 329, - 197, 4, 15, 34, 34, 34, 34, 34, 34, 34, - 34, 34, 34, 329, 85, 4, 56, 16, 4, 32, - 56, 79, 79, 114, 79, 79, 4, 90, 4, 185, - 4, 4, 54, 4, 54, 54, 54, 54, 54, 54, - 54, 54, 54, 54, 93, 58, 197, 89, 58, 56, - 56, 142, 198, 142, 56, 4, 7, 7, 58, 7, - 7, 7, 56, 7, 93, 56, 87, 87, 198, 87, - 87, 64, 114, 58, 64, 64, 64, 64, 64, 64, - 64, 64, 64, 64, 92, 92, 569, 92, 92, 569, + 3, 12, 12, 12, 12, 84, 66, 60, 104, 62, + 66, 104, 6, 129, 3, 168, 129, 3, 15, 15, + 15, 15, 15, 15, 15, 3, 60, 3, 168, 3, + 3, 84, 3, 16, 16, 16, 16, 16, 16, 16, + 32, 32, 56, 11, 32, 32, 189, 71, 91, 1180, + 103, 56, 12, 64, 3, 4, 71, 64, 86, 4, + + 56, 103, 4, 90, 32, 71, 64, 90, 4, 337, + 201, 4, 15, 34, 34, 34, 34, 34, 34, 34, + 34, 34, 34, 337, 86, 4, 57, 16, 4, 32, + 57, 80, 80, 116, 80, 80, 4, 91, 4, 189, + 4, 4, 55, 4, 55, 55, 55, 55, 55, 55, + 55, 55, 55, 55, 94, 59, 201, 90, 59, 57, + 57, 145, 202, 145, 57, 4, 7, 7, 59, 7, + 7, 7, 57, 7, 94, 57, 88, 88, 202, 88, + 88, 65, 116, 59, 65, 65, 65, 65, 65, 65, + 65, 65, 65, 65, 93, 93, 591, 93, 93, 591, - 92, 93, 97, 97, 97, 97, 97, 97, 97, 97, - 97, 97, 98, 98, 98, 98, 98, 98, 321, 321, + 93, 94, 98, 98, 98, 98, 98, 98, 98, 98, + 98, 98, 99, 99, 99, 99, 99, 99, 329, 329, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 8, - 8, 118, 8, 8, 8, 110, 8, 110, 110, 110, - 110, 110, 110, 110, 110, 110, 110, 126, 112, 139, - 164, 118, 187, 139, 187, 66, 66, 112, 126, 66, - 66, 164, 227, 116, 116, 1116, 116, 116, 122, 122, - 122, 122, 122, 122, 122, 122, 122, 122, 118, 66, - 336, 336, 287, 8, 8, 8, 8, 8, 8, 8, + 8, 120, 8, 8, 8, 112, 8, 112, 112, 112, + 112, 112, 112, 112, 112, 112, 112, 128, 114, 142, + 167, 120, 191, 142, 191, 67, 67, 114, 128, 67, + 67, 167, 231, 118, 118, 1174, 118, 118, 124, 124, + 124, 124, 124, 124, 124, 124, 124, 124, 120, 67, + 344, 344, 293, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, - 8, 8, 9, 9, 66, 9, 9, 9, 9, 9, - 289, 227, 289, 199, 9, 9, 9, 116, 77, 77, - 330, 77, 77, 77, 94, 77, 199, 94, 330, 77, - 9, 77, 136, 94, 149, 287, 94, 188, 343, 94, - 94, 136, 188, 120, 120, 77, 77, 120, 120, 291, - 136, 291, 343, 94, 149, 94, 9, 10, 10, 200, - 10, 10, 10, 10, 10, 200, 292, 120, 292, 10, - 10, 10, 77, 123, 123, 123, 123, 123, 123, 94, - 94, 149, 396, 183, 183, 10, 183, 183, 293, 415, - - 293, 135, 120, 135, 135, 135, 135, 135, 135, 135, - 135, 135, 135, 162, 162, 162, 162, 162, 162, 396, - 415, 10, 13, 13, 13, 13, 13, 13, 13, 13, + 8, 8, 9, 9, 67, 9, 9, 9, 9, 9, + 295, 231, 295, 203, 9, 9, 9, 118, 78, 78, + 338, 78, 78, 78, 95, 78, 203, 95, 338, 78, + 9, 78, 139, 95, 152, 293, 95, 192, 351, 95, + 95, 139, 192, 122, 122, 78, 78, 122, 122, 297, + 139, 297, 351, 95, 152, 95, 9, 10, 10, 204, + 10, 10, 10, 10, 10, 204, 298, 122, 298, 10, + 10, 10, 78, 125, 125, 125, 125, 125, 125, 95, + 95, 152, 408, 187, 187, 10, 187, 187, 299, 428, + + 299, 138, 122, 138, 138, 138, 138, 138, 138, 138, + 138, 138, 138, 165, 165, 165, 165, 165, 165, 408, + 428, 10, 13, 13, 13, 13, 13, 13, 13, 13, 13, 13, 13, 13, 13, 13, 13, 13, 13, 13, 13, 13, 13, 13, 13, 13, 13, 13, 13, 13, 13, 13, 13, 13, 13, 13, 13, 13, 13, 13, @@ -1847,849 +1862,846 @@ 17, 17, 17, 17, 17, 17, 17, 17, 17, 17, 17, 17, 17, 17, 17, 17, 17, 17, 17, 17, 17, 17, 17, 17, 17, 17, 17, 17, 17, 17, - 26, 261, 26, 145, 145, 145, 145, 145, 145, 145, - 145, 145, 145, 26, 1098, 421, 26, 26, 26, 26, - 26, 26, 26, 26, 26, 26, 33, 421, 33, 33, - - 33, 33, 33, 33, 33, 33, 33, 33, 33, 340, - 1073, 340, 33, 33, 33, 33, 33, 33, 186, 186, - 261, 186, 186, 138, 138, 138, 138, 138, 202, 138, - 138, 196, 202, 138, 303, 33, 196, 33, 33, 33, - 33, 33, 33, 40, 196, 303, 40, 138, 138, 138, - 204, 523, 40, 229, 204, 40, 40, 229, 40, 40, + 26, 266, 26, 148, 148, 148, 148, 148, 148, 148, + 148, 148, 148, 26, 1156, 435, 26, 26, 26, 26, + 26, 26, 26, 26, 26, 26, 33, 435, 33, 33, + + 33, 33, 33, 33, 33, 33, 33, 33, 33, 348, + 1131, 348, 33, 33, 33, 33, 33, 33, 190, 190, + 266, 190, 190, 141, 141, 141, 141, 141, 206, 141, + 141, 200, 206, 141, 309, 33, 200, 33, 33, 33, + 33, 33, 33, 40, 200, 309, 40, 141, 141, 141, + 208, 542, 40, 233, 208, 40, 40, 233, 40, 40, 40, 40, 40, 40, 40, 40, 40, 40, 40, 40, - 40, 40, 186, 523, 40, 40, 40, 40, 40, 40, + 40, 40, 190, 542, 40, 40, 40, 40, 40, 40, 40, 40, 40, 40, 40, 40, 40, 40, 40, 40, 40, 40, 40, 40, 40, 40, 40, 40, 40, 40, 40, 40, 40, 40, 40, 40, 40, 40, 40, 40, 40, 40, 40, 40, 40, 40, 40, 45, 45, 45, - 45, 45, 45, 45, 45, 45, 45, 45, 389, 420, - 389, 45, 45, 45, 45, 45, 45, 341, 195, 420, - 195, 45, 146, 146, 146, 146, 146, 146, 146, 146, - 146, 146, 341, 339, 231, 424, 45, 45, 45, 45, - 45, 45, 53, 53, 424, 53, 53, 53, 53, 53, - 339, 53, 53, 148, 231, 53, 148, 148, 148, 148, - 148, 148, 148, 148, 148, 148, 1071, 232, 209, 53, - 53, 53, 57, 209, 57, 426, 150, 150, 150, 150, - - 150, 231, 150, 150, 195, 57, 150, 232, 57, 57, - 57, 57, 57, 57, 57, 57, 57, 57, 1054, 426, - 150, 150, 150, 152, 152, 152, 152, 152, 412, 152, - 152, 176, 176, 152, 232, 153, 153, 176, 176, 153, - 153, 176, 226, 176, 176, 412, 226, 152, 152, 152, - 201, 390, 290, 390, 201, 57, 78, 290, 78, 153, - 435, 212, 212, 201, 212, 212, 435, 228, 228, 78, - 228, 228, 78, 78, 78, 78, 78, 78, 78, 78, - 78, 78, 95, 305, 153, 95, 260, 305, 95, 95, - 260, 95, 95, 95, 95, 387, 226, 95, 95, 156, - - 156, 156, 156, 156, 156, 156, 156, 156, 156, 387, - 520, 95, 95, 95, 160, 160, 160, 160, 160, 160, - 160, 160, 160, 160, 161, 161, 161, 161, 161, 161, - 161, 161, 161, 161, 520, 423, 156, 95, 95, 96, - 260, 429, 96, 96, 96, 96, 96, 96, 96, 96, - 96, 96, 96, 96, 96, 96, 423, 429, 96, 96, - 96, 96, 96, 96, 96, 96, 96, 96, 96, 96, - 96, 96, 96, 96, 96, 96, 96, 96, 96, 96, - 96, 756, 756, 96, 96, 96, 96, 96, 96, 96, - 96, 96, 96, 96, 96, 96, 96, 96, 96, 96, - - 99, 392, 99, 99, 99, 99, 99, 99, 99, 99, - 99, 99, 99, 400, 400, 400, 99, 99, 99, 99, - 99, 99, 203, 203, 203, 203, 203, 203, 203, 203, - 203, 203, 337, 414, 419, 223, 223, 337, 223, 223, - 392, 99, 99, 99, 99, 99, 99, 100, 419, 445, - 414, 100, 100, 100, 100, 100, 100, 100, 100, 100, - 100, 100, 100, 100, 1045, 445, 100, 100, 100, 100, - 100, 100, 100, 100, 100, 100, 100, 100, 100, 100, - 100, 100, 100, 100, 100, 100, 100, 100, 100, 223, - 100, 100, 100, 100, 100, 100, 100, 100, 100, 100, - - 100, 100, 100, 100, 100, 100, 100, 100, 104, 104, - 104, 104, 104, 104, 104, 104, 104, 104, 104, 627, - 418, 443, 104, 104, 104, 104, 104, 104, 418, 344, - 205, 205, 104, 344, 205, 205, 245, 245, 245, 245, - 245, 245, 189, 627, 443, 434, 189, 104, 104, 104, - 104, 104, 104, 121, 205, 121, 121, 121, 121, 121, - 121, 121, 121, 121, 121, 121, 422, 1044, 430, 121, - 121, 121, 121, 121, 121, 189, 189, 208, 208, 205, - 189, 434, 403, 208, 208, 430, 422, 208, 189, 208, - 527, 189, 121, 403, 121, 121, 121, 121, 121, 121, - - 124, 219, 425, 124, 527, 219, 456, 219, 219, 124, - 425, 456, 124, 124, 219, 124, 124, 124, 124, 124, - 124, 124, 124, 124, 124, 124, 124, 124, 124, 219, - 1042, 124, 124, 124, 124, 124, 124, 124, 124, 124, - 124, 124, 124, 124, 124, 124, 124, 124, 124, 124, - 124, 124, 124, 124, 124, 124, 124, 124, 124, 124, - 124, 124, 124, 124, 124, 124, 124, 124, 124, 124, - 124, 124, 124, 124, 128, 128, 128, 128, 128, 128, - 128, 128, 128, 128, 128, 744, 410, 744, 128, 128, - 128, 128, 128, 128, 335, 471, 335, 410, 128, 216, - - 216, 216, 216, 216, 216, 216, 216, 216, 216, 328, - 328, 522, 328, 128, 128, 128, 128, 128, 128, 134, - 134, 433, 134, 134, 134, 134, 134, 522, 134, 134, - 364, 364, 134, 364, 471, 233, 233, 233, 233, 516, - 432, 233, 233, 432, 328, 233, 134, 134, 134, 155, - 433, 335, 155, 155, 155, 155, 155, 516, 155, 155, - 233, 233, 155, 240, 240, 240, 240, 240, 240, 240, - 240, 240, 240, 427, 446, 432, 155, 155, 155, 157, - 446, 157, 157, 157, 157, 157, 157, 157, 157, 157, - 157, 157, 442, 427, 442, 157, 157, 157, 157, 157, - - 157, 288, 288, 1041, 288, 288, 237, 237, 237, 237, - 237, 467, 237, 237, 467, 517, 237, 467, 157, 531, - 157, 157, 157, 157, 157, 157, 166, 531, 726, 166, - 237, 237, 237, 468, 468, 166, 517, 468, 166, 166, - 726, 166, 166, 166, 166, 166, 166, 166, 166, 166, - 166, 166, 166, 166, 166, 288, 442, 166, 166, 166, - 166, 166, 166, 166, 166, 166, 166, 166, 166, 166, - 166, 166, 166, 166, 166, 166, 166, 166, 166, 166, - 166, 166, 166, 166, 166, 166, 166, 166, 166, 166, - 166, 166, 166, 166, 166, 166, 166, 166, 166, 166, - - 167, 167, 167, 167, 167, 167, 167, 167, 167, 167, - 167, 475, 767, 767, 167, 167, 167, 167, 167, 167, - 243, 243, 243, 243, 243, 243, 243, 243, 243, 243, - 276, 276, 276, 276, 276, 276, 503, 530, 475, 167, - 167, 167, 167, 167, 167, 207, 490, 503, 207, 207, - 207, 207, 207, 235, 207, 207, 235, 530, 207, 537, - 413, 479, 235, 239, 413, 235, 479, 239, 235, 235, - 239, 416, 207, 207, 207, 490, 239, 386, 386, 492, - 386, 537, 235, 416, 235, 492, 528, 413, 416, 1037, - 239, 239, 244, 244, 244, 244, 244, 244, 244, 244, - - 244, 244, 407, 407, 407, 407, 407, 407, 235, 235, - 238, 417, 386, 238, 528, 417, 238, 238, 521, 238, - 238, 238, 238, 254, 254, 238, 238, 454, 457, 254, - 254, 454, 457, 254, 533, 254, 521, 444, 417, 238, - 238, 238, 532, 533, 271, 271, 271, 271, 271, 271, - 271, 271, 271, 271, 454, 457, 268, 268, 1030, 469, - 268, 268, 469, 532, 444, 238, 238, 241, 491, 241, - 241, 241, 241, 241, 241, 241, 241, 241, 241, 241, - 268, 271, 444, 241, 241, 241, 241, 241, 241, 529, - 628, 263, 263, 263, 263, 263, 489, 263, 263, 489, - - 469, 263, 542, 529, 491, 268, 628, 542, 241, 241, - 241, 241, 241, 241, 246, 263, 263, 263, 246, 246, - 246, 246, 246, 246, 246, 246, 246, 246, 246, 246, - 246, 489, 1025, 246, 246, 246, 246, 246, 246, 246, - 246, 246, 246, 246, 246, 246, 246, 246, 246, 246, - 246, 246, 246, 246, 246, 246, 539, 246, 246, 246, - 246, 246, 246, 246, 246, 246, 246, 246, 246, 246, - 246, 246, 246, 246, 246, 247, 247, 247, 247, 247, - 247, 247, 247, 247, 247, 247, 621, 539, 1012, 247, - 247, 247, 247, 247, 247, 526, 265, 265, 265, 265, - - 265, 526, 265, 265, 621, 395, 265, 395, 395, 395, - 395, 395, 395, 538, 247, 247, 247, 247, 247, 247, - 265, 265, 265, 267, 267, 267, 267, 267, 536, 267, - 267, 807, 807, 267, 274, 274, 274, 274, 274, 274, - 274, 274, 274, 274, 395, 534, 538, 267, 267, 267, - 270, 536, 534, 270, 270, 270, 270, 270, 624, 270, - 270, 1011, 540, 270, 275, 275, 275, 275, 275, 275, - 275, 275, 275, 275, 591, 624, 549, 270, 270, 270, - 272, 549, 272, 272, 272, 272, 272, 272, 272, 272, - 272, 272, 272, 505, 505, 540, 272, 272, 272, 272, - - 272, 272, 284, 284, 547, 505, 477, 480, 284, 284, - 477, 480, 284, 591, 284, 547, 507, 507, 548, 272, - 600, 272, 272, 272, 272, 272, 272, 277, 507, 548, - 277, 600, 1007, 477, 480, 566, 277, 566, 566, 277, - 277, 745, 277, 277, 277, 277, 277, 277, 277, 277, - 277, 277, 277, 277, 277, 277, 995, 745, 277, 277, - 277, 277, 277, 277, 277, 277, 277, 277, 277, 277, - 277, 277, 277, 277, 277, 277, 277, 277, 277, 277, - 277, 277, 277, 277, 277, 277, 277, 277, 277, 277, - 277, 277, 277, 277, 277, 277, 277, 277, 277, 277, - - 277, 278, 278, 278, 278, 278, 278, 278, 278, 278, - 278, 278, 546, 620, 546, 278, 278, 278, 278, 278, - 278, 294, 294, 294, 294, 294, 294, 294, 294, 294, - 294, 451, 620, 451, 451, 451, 451, 451, 451, 994, - 278, 278, 278, 278, 278, 278, 295, 295, 295, 295, - 295, 295, 295, 295, 295, 295, 296, 541, 296, 296, - 296, 296, 296, 296, 296, 296, 296, 296, 345, 986, - 345, 345, 345, 345, 345, 345, 345, 345, 345, 345, - 586, 342, 589, 546, 667, 342, 567, 589, 342, 567, - 567, 718, 541, 978, 342, 296, 297, 718, 297, 297, - - 297, 297, 297, 297, 297, 297, 297, 297, 342, 342, - 346, 586, 346, 346, 346, 346, 346, 346, 346, 346, - 346, 346, 347, 667, 347, 347, 347, 347, 347, 347, - 347, 347, 347, 347, 570, 297, 298, 570, 298, 298, - 298, 298, 298, 298, 298, 298, 298, 298, 399, 399, - 399, 399, 399, 399, 399, 399, 399, 399, 399, 638, - 366, 604, 518, 763, 366, 763, 518, 366, 568, 638, - 568, 568, 604, 366, 570, 298, 299, 299, 299, 299, - 299, 299, 299, 299, 299, 299, 299, 366, 366, 518, - 299, 299, 299, 299, 299, 299, 391, 391, 391, 391, - - 391, 391, 391, 391, 391, 391, 513, 513, 513, 513, - 513, 513, 806, 299, 806, 299, 299, 299, 299, 299, - 299, 302, 302, 302, 302, 302, 302, 302, 302, 302, - 302, 302, 622, 391, 977, 302, 302, 302, 302, 302, - 302, 404, 404, 404, 404, 404, 404, 404, 404, 404, - 404, 524, 617, 622, 655, 524, 810, 617, 810, 655, - 302, 302, 302, 302, 302, 302, 304, 304, 304, 304, - 304, 304, 304, 304, 304, 304, 304, 304, 524, 588, - 585, 304, 304, 304, 304, 304, 304, 406, 406, 406, - 406, 406, 406, 406, 406, 406, 406, 614, 614, 614, - - 614, 614, 614, 630, 605, 605, 304, 304, 304, 304, - 304, 304, 306, 585, 588, 306, 605, 723, 629, 661, - 630, 306, 661, 723, 306, 306, 629, 306, 306, 306, - 306, 306, 306, 306, 306, 306, 306, 306, 306, 306, - 306, 841, 841, 306, 306, 306, 306, 306, 306, 306, - 306, 306, 306, 306, 306, 306, 306, 306, 306, 306, - 306, 306, 306, 306, 306, 306, 306, 306, 306, 306, - 306, 306, 306, 306, 306, 306, 306, 306, 306, 306, - 306, 306, 306, 306, 306, 306, 307, 307, 307, 307, - 307, 307, 307, 307, 307, 307, 307, 633, 877, 877, + 45, 45, 45, 45, 45, 45, 45, 45, 401, 434, + 401, 45, 45, 45, 45, 45, 45, 349, 199, 434, + 199, 45, 149, 149, 149, 149, 149, 149, 149, 149, + 149, 149, 349, 347, 235, 438, 45, 45, 45, 45, + 45, 45, 54, 54, 438, 54, 54, 54, 54, 54, + 347, 54, 54, 151, 235, 54, 151, 151, 151, 151, + 151, 151, 151, 151, 151, 151, 1129, 236, 213, 54, + 54, 54, 58, 213, 58, 440, 153, 153, 153, 153, + + 153, 235, 153, 153, 199, 58, 153, 236, 58, 58, + 58, 58, 58, 58, 58, 58, 58, 58, 427, 440, + 153, 153, 153, 155, 155, 155, 155, 155, 205, 155, + 155, 554, 205, 155, 236, 156, 156, 427, 554, 156, + 156, 205, 216, 216, 404, 216, 216, 155, 155, 155, + 232, 232, 296, 232, 232, 58, 79, 296, 79, 156, + 249, 249, 249, 249, 249, 249, 311, 352, 645, 79, + 311, 352, 79, 79, 79, 79, 79, 79, 79, 79, + 79, 79, 96, 404, 156, 96, 230, 645, 96, 96, + 230, 96, 96, 96, 96, 399, 432, 96, 96, 159, + + 159, 159, 159, 159, 159, 159, 159, 159, 159, 399, + 432, 96, 96, 96, 163, 163, 163, 163, 163, 163, + 163, 163, 163, 163, 164, 164, 164, 164, 164, 164, + 164, 164, 164, 164, 1112, 433, 159, 96, 96, 97, + 230, 443, 97, 97, 97, 97, 97, 97, 97, 97, + 97, 97, 97, 97, 97, 97, 433, 443, 97, 97, + 97, 97, 97, 97, 97, 97, 97, 97, 97, 97, + 97, 97, 97, 97, 97, 97, 97, 97, 97, 97, + 97, 436, 1101, 97, 97, 97, 97, 97, 97, 97, + 97, 97, 97, 97, 97, 97, 97, 97, 97, 97, + + 100, 436, 100, 100, 100, 100, 100, 100, 100, 100, + 100, 100, 100, 402, 561, 402, 100, 100, 100, 100, + 100, 100, 180, 180, 374, 374, 180, 374, 180, 180, + 336, 336, 180, 336, 180, 180, 412, 412, 412, 415, + 431, 100, 100, 100, 100, 100, 100, 101, 431, 561, + 415, 101, 101, 101, 101, 101, 101, 101, 101, 101, + 101, 101, 101, 101, 1100, 336, 101, 101, 101, 101, + 101, 101, 101, 101, 101, 101, 101, 101, 101, 101, + 101, 101, 101, 101, 101, 101, 101, 101, 101, 1098, + 101, 101, 101, 101, 101, 101, 101, 101, 101, 101, + + 101, 101, 101, 101, 101, 101, 101, 101, 105, 105, + 105, 105, 105, 105, 105, 105, 105, 105, 105, 664, + 457, 424, 105, 105, 105, 105, 105, 105, 345, 664, + 209, 209, 105, 345, 209, 209, 227, 227, 424, 227, + 227, 425, 193, 457, 556, 425, 193, 105, 105, 105, + 105, 105, 105, 123, 209, 123, 123, 123, 123, 123, + 123, 123, 123, 123, 123, 123, 441, 556, 425, 123, + 123, 123, 123, 123, 123, 193, 193, 212, 212, 209, + 193, 212, 422, 212, 212, 426, 441, 212, 193, 212, + 227, 193, 123, 422, 123, 123, 123, 123, 123, 123, + + 126, 223, 426, 126, 449, 223, 471, 223, 223, 126, + 449, 471, 126, 126, 223, 126, 126, 126, 126, 126, + 126, 126, 126, 126, 126, 126, 126, 126, 126, 223, + 1097, 126, 126, 126, 126, 126, 126, 126, 126, 126, + 126, 126, 126, 126, 126, 126, 126, 126, 126, 126, + 126, 126, 126, 126, 126, 126, 126, 126, 126, 126, + 126, 126, 126, 126, 126, 126, 126, 126, 126, 126, + 126, 126, 126, 126, 130, 130, 130, 130, 130, 130, + 130, 130, 130, 130, 130, 1093, 521, 439, 130, 130, + 130, 130, 130, 130, 343, 439, 343, 521, 130, 207, + + 207, 207, 207, 207, 207, 207, 207, 207, 207, 398, + 398, 459, 398, 130, 130, 130, 130, 130, 130, 137, + 137, 447, 137, 137, 137, 137, 137, 459, 137, 137, + 765, 765, 137, 220, 220, 220, 220, 220, 220, 220, + 220, 220, 220, 444, 398, 508, 137, 137, 137, 158, + 447, 343, 158, 158, 158, 158, 158, 265, 158, 158, + 444, 265, 158, 244, 244, 244, 244, 244, 244, 244, + 244, 244, 244, 437, 508, 534, 158, 158, 158, 160, + 448, 160, 160, 160, 160, 160, 160, 160, 160, 160, + 160, 160, 487, 534, 437, 160, 160, 160, 160, 160, + + 160, 460, 237, 237, 237, 237, 243, 460, 237, 237, + 243, 265, 237, 243, 485, 997, 448, 485, 160, 243, + 160, 160, 160, 160, 160, 160, 169, 237, 237, 169, + 997, 487, 538, 243, 243, 169, 484, 484, 169, 169, + 484, 169, 169, 169, 169, 169, 169, 169, 169, 169, + 169, 169, 169, 169, 169, 485, 538, 169, 169, 169, + 169, 169, 169, 169, 169, 169, 169, 169, 169, 169, + 169, 169, 169, 169, 169, 169, 169, 169, 169, 169, + 169, 169, 169, 169, 169, 169, 169, 169, 169, 169, + 169, 169, 169, 169, 169, 169, 169, 169, 169, 169, - 307, 307, 307, 307, 307, 307, 409, 625, 409, 409, - 409, 409, 409, 409, 409, 409, 409, 409, 633, 625, - 662, 878, 878, 662, 625, 307, 307, 307, 307, 307, - 307, 348, 348, 348, 348, 348, 348, 348, 348, 348, - 348, 348, 885, 975, 885, 348, 348, 348, 348, 348, - 348, 447, 447, 447, 447, 447, 447, 447, 447, 447, - 447, 619, 623, 676, 587, 619, 623, 971, 676, 643, - 348, 348, 348, 348, 348, 348, 350, 350, 350, 350, - 350, 350, 350, 350, 350, 350, 643, 950, 619, 623, - 350, 350, 350, 350, 350, 350, 449, 587, 449, 449, - - 449, 449, 449, 449, 449, 449, 449, 449, 731, 663, - 606, 606, 663, 731, 947, 350, 350, 350, 350, 350, - 350, 367, 606, 367, 367, 367, 367, 367, 367, 367, - 367, 367, 367, 450, 930, 450, 450, 450, 450, 450, - 450, 450, 450, 450, 450, 470, 470, 470, 470, 470, - 470, 470, 470, 470, 470, 664, 888, 888, 664, 819, - 367, 368, 704, 368, 368, 368, 368, 368, 368, 368, - 368, 368, 368, 704, 474, 819, 474, 474, 474, 474, - 474, 474, 470, 498, 498, 498, 498, 498, 498, 498, - 498, 498, 498, 498, 727, 641, 764, 641, 727, 929, - - 368, 369, 764, 369, 369, 369, 369, 369, 369, 369, - 369, 369, 369, 474, 504, 504, 504, 504, 504, 504, - 504, 504, 504, 504, 506, 506, 506, 506, 506, 506, - 506, 506, 506, 506, 665, 733, 925, 665, 740, 746, - 369, 370, 733, 370, 370, 370, 370, 370, 370, 370, - 370, 370, 370, 641, 915, 740, 746, 370, 370, 370, - 370, 370, 370, 510, 510, 510, 510, 510, 510, 510, - 510, 642, 626, 631, 632, 510, 626, 631, 632, 665, - 770, 642, 370, 370, 370, 370, 370, 370, 372, 372, - 372, 372, 372, 372, 372, 372, 372, 372, 909, 626, - - 631, 632, 372, 372, 372, 372, 372, 372, 512, 512, - 512, 512, 512, 512, 512, 512, 512, 512, 770, 594, - 908, 594, 594, 594, 594, 594, 594, 372, 372, 372, - 372, 372, 372, 393, 777, 393, 393, 393, 393, 393, - 393, 393, 393, 393, 393, 515, 777, 515, 515, 515, - 515, 515, 515, 515, 515, 515, 515, 550, 594, 550, - 550, 550, 550, 550, 550, 550, 550, 550, 550, 743, - 762, 743, 393, 394, 762, 394, 394, 394, 394, 394, - 394, 394, 394, 394, 394, 551, 907, 551, 551, 551, - 551, 551, 551, 551, 551, 551, 551, 552, 705, 552, - - 552, 552, 552, 552, 552, 552, 552, 552, 552, 705, - 755, 766, 394, 405, 405, 405, 405, 405, 405, 405, - 405, 405, 405, 405, 405, 405, 766, 755, 743, 405, - 405, 405, 405, 405, 405, 590, 590, 590, 590, 590, - 590, 590, 590, 590, 590, 649, 734, 649, 649, 649, - 649, 649, 649, 734, 405, 405, 405, 405, 405, 405, - 408, 408, 408, 408, 408, 408, 408, 408, 408, 408, - 408, 408, 590, 916, 916, 408, 408, 408, 408, 408, - 408, 601, 899, 601, 601, 601, 601, 601, 601, 601, - 601, 601, 601, 650, 768, 608, 608, 650, 644, 732, - - 408, 408, 408, 408, 408, 408, 411, 608, 644, 411, - 732, 768, 804, 843, 895, 411, 843, 804, 411, 411, - 650, 411, 411, 411, 411, 411, 411, 411, 411, 411, - 411, 411, 411, 411, 411, 948, 948, 411, 411, 411, - 411, 411, 411, 411, 411, 411, 411, 411, 411, 411, - 411, 411, 411, 411, 411, 411, 411, 411, 411, 411, - 411, 411, 411, 411, 411, 411, 411, 411, 411, 411, - 411, 411, 411, 411, 411, 411, 411, 411, 411, 411, - 452, 452, 452, 452, 452, 452, 452, 452, 452, 452, - 883, 686, 894, 883, 452, 452, 452, 452, 452, 452, - - 602, 686, 602, 602, 602, 602, 602, 602, 602, 602, - 602, 602, 696, 696, 696, 696, 696, 696, 870, 452, - 452, 452, 452, 452, 452, 453, 453, 453, 453, 453, - 453, 453, 453, 453, 453, 917, 722, 856, 917, 453, - 453, 453, 453, 453, 453, 603, 722, 603, 603, 603, - 603, 603, 603, 603, 603, 603, 603, 715, 715, 715, - 715, 715, 715, 852, 453, 453, 453, 453, 453, 453, - 466, 466, 466, 466, 466, 466, 466, 466, 466, 466, - 466, 954, 847, 954, 466, 466, 466, 466, 466, 466, - 607, 607, 607, 607, 607, 607, 607, 607, 607, 607, - - 703, 814, 703, 703, 703, 703, 703, 703, 844, 466, - 466, 466, 466, 466, 466, 472, 814, 472, 472, 472, - 472, 472, 472, 472, 472, 472, 472, 611, 611, 611, - 611, 611, 611, 611, 611, 955, 955, 949, 779, 611, - 613, 613, 613, 613, 613, 613, 613, 613, 613, 613, - 779, 809, 949, 836, 472, 473, 809, 473, 473, 473, - 473, 473, 473, 473, 473, 473, 473, 616, 831, 616, - 616, 616, 616, 616, 616, 616, 616, 616, 616, 645, - 645, 645, 645, 645, 645, 645, 645, 645, 645, 818, - 818, 836, 818, 818, 473, 493, 857, 493, 493, 493, - - 493, 493, 493, 493, 493, 493, 493, 647, 857, 647, - 647, 647, 647, 647, 647, 647, 647, 647, 647, 648, - 791, 648, 648, 648, 648, 648, 648, 648, 648, 648, - 648, 791, 653, 830, 493, 494, 653, 494, 494, 494, - 494, 494, 494, 494, 494, 494, 494, 728, 818, 656, - 706, 706, 957, 656, 957, 828, 960, 728, 960, 653, - 659, 660, 706, 671, 659, 660, 670, 671, 670, 670, - 670, 670, 670, 670, 494, 495, 656, 495, 495, 495, - 495, 495, 495, 495, 495, 495, 495, 659, 660, 858, - 671, 666, 666, 666, 666, 666, 666, 666, 666, 666, - - 666, 858, 674, 677, 827, 670, 674, 677, 785, 785, - 785, 785, 785, 785, 495, 508, 508, 508, 508, 508, - 508, 508, 508, 508, 508, 508, 508, 508, 666, 674, - 677, 508, 508, 508, 508, 508, 508, 693, 693, 693, - 693, 693, 693, 693, 693, 693, 693, 823, 680, 681, - 719, 821, 680, 681, 719, 817, 508, 508, 508, 508, - 508, 508, 511, 511, 511, 511, 511, 511, 511, 511, - 511, 511, 511, 511, 511, 680, 681, 719, 511, 511, - 511, 511, 511, 511, 695, 695, 695, 695, 695, 695, - 695, 695, 695, 695, 724, 729, 735, 889, 724, 729, - - 735, 816, 889, 511, 511, 511, 511, 511, 511, 514, - 514, 514, 514, 514, 514, 514, 514, 514, 514, 514, - 514, 724, 729, 735, 514, 514, 514, 514, 514, 514, - 698, 792, 698, 698, 698, 698, 698, 698, 698, 698, - 698, 698, 792, 815, 707, 707, 987, 987, 813, 514, - 514, 514, 514, 514, 514, 571, 707, 571, 571, 571, - 571, 571, 571, 571, 571, 571, 571, 699, 699, 699, - 699, 699, 699, 699, 699, 699, 699, 701, 860, 701, - 701, 701, 701, 701, 701, 701, 701, 701, 701, 1016, - 860, 1016, 919, 775, 571, 572, 774, 572, 572, 572, - - 572, 572, 572, 572, 572, 572, 572, 702, 820, 702, - 702, 702, 702, 702, 702, 702, 702, 702, 702, 708, - 708, 708, 708, 708, 708, 708, 708, 708, 708, 765, - 820, 919, 820, 820, 572, 573, 757, 573, 573, 573, - 573, 573, 573, 573, 573, 573, 573, 709, 709, 712, - 712, 712, 712, 712, 712, 712, 712, 820, 1076, 709, - 1076, 712, 714, 714, 714, 714, 714, 714, 714, 714, - 714, 714, 737, 923, 573, 592, 737, 592, 592, 592, - 592, 592, 592, 592, 592, 592, 592, 717, 754, 717, - 717, 717, 717, 717, 717, 717, 717, 717, 717, 737, - - 747, 747, 747, 747, 747, 747, 747, 747, 747, 747, - 747, 1079, 923, 1079, 592, 593, 753, 593, 593, 593, - 593, 593, 593, 593, 593, 593, 593, 748, 748, 748, - 748, 748, 748, 748, 748, 748, 748, 748, 749, 749, - 749, 749, 749, 749, 749, 749, 749, 749, 749, 897, - 897, 751, 897, 897, 593, 599, 599, 599, 599, 599, - 599, 599, 599, 599, 599, 599, 1139, 1139, 1139, 599, - 599, 599, 599, 599, 599, 980, 769, 769, 769, 769, - 769, 769, 769, 769, 769, 769, 773, 773, 773, 773, - 773, 773, 773, 750, 599, 599, 599, 599, 599, 599, - - 609, 609, 609, 609, 609, 609, 609, 609, 609, 609, - 609, 609, 609, 769, 980, 742, 609, 609, 609, 609, - 609, 609, 984, 741, 773, 776, 776, 776, 776, 776, - 776, 776, 776, 776, 776, 802, 802, 802, 802, 802, - 802, 609, 609, 609, 609, 609, 609, 612, 612, 612, - 612, 612, 612, 612, 612, 612, 612, 612, 612, 612, - 898, 984, 898, 612, 612, 612, 612, 612, 612, 778, - 778, 778, 778, 778, 778, 778, 778, 778, 778, 832, - 833, 808, 739, 832, 833, 808, 1032, 700, 612, 612, - 612, 612, 612, 612, 615, 615, 615, 615, 615, 615, - - 615, 615, 615, 615, 615, 615, 832, 833, 808, 615, - 615, 615, 615, 615, 615, 782, 882, 782, 782, 782, - 782, 782, 782, 898, 692, 1032, 882, 782, 691, 793, - 793, 808, 690, 685, 615, 615, 615, 615, 615, 615, - 668, 793, 668, 668, 668, 668, 668, 668, 668, 668, - 668, 668, 784, 784, 784, 784, 784, 784, 784, 784, - 784, 784, 787, 874, 787, 787, 787, 787, 787, 787, - 787, 787, 787, 787, 874, 1048, 1048, 1048, 1048, 668, - 669, 931, 669, 669, 669, 669, 669, 669, 669, 669, - 669, 669, 788, 931, 788, 788, 788, 788, 788, 788, - - 788, 788, 788, 788, 789, 875, 789, 789, 789, 789, - 789, 789, 789, 789, 789, 789, 875, 1060, 1087, 669, - 687, 687, 687, 687, 687, 687, 687, 687, 687, 687, - 687, 790, 684, 790, 790, 790, 790, 790, 790, 790, - 790, 790, 790, 794, 794, 795, 795, 795, 795, 795, - 795, 795, 795, 795, 795, 794, 1060, 1087, 687, 688, - 688, 688, 688, 688, 688, 688, 688, 688, 688, 688, - 796, 796, 799, 799, 799, 799, 799, 799, 799, 799, - 683, 682, 796, 932, 799, 801, 801, 801, 801, 801, - 801, 801, 801, 801, 801, 932, 679, 688, 689, 689, - - 689, 689, 689, 689, 689, 689, 689, 689, 689, 803, - 934, 803, 803, 803, 803, 803, 803, 803, 803, 803, - 803, 678, 934, 811, 812, 675, 996, 811, 812, 826, - 826, 826, 826, 826, 826, 826, 689, 694, 996, 694, - 694, 694, 694, 694, 694, 694, 694, 694, 694, 694, - 811, 812, 673, 694, 694, 694, 694, 694, 694, 822, - 822, 822, 822, 822, 822, 822, 822, 822, 822, 1136, - 1136, 1157, 1157, 811, 812, 1136, 672, 1157, 694, 694, - 694, 694, 694, 694, 697, 697, 697, 697, 697, 697, - 697, 697, 697, 697, 697, 1163, 1163, 1163, 697, 697, - - 697, 697, 697, 697, 824, 824, 824, 824, 824, 824, - 824, 824, 824, 824, 824, 842, 845, 846, 658, 842, - 845, 846, 657, 697, 697, 697, 697, 697, 697, 710, - 710, 710, 710, 710, 710, 710, 710, 710, 710, 710, - 710, 710, 842, 845, 846, 710, 710, 710, 710, 710, - 710, 825, 825, 825, 825, 825, 825, 825, 825, 825, - 825, 825, 886, 842, 845, 846, 886, 654, 652, 651, - 710, 710, 710, 710, 710, 710, 713, 713, 713, 713, - 713, 713, 713, 713, 713, 713, 713, 713, 713, 886, - 646, 640, 713, 713, 713, 713, 713, 713, 835, 835, - - 835, 835, 835, 835, 835, 835, 835, 835, 839, 839, - 839, 839, 839, 839, 839, 639, 637, 713, 713, 713, - 713, 713, 713, 716, 716, 716, 716, 716, 716, 716, - 716, 716, 716, 716, 1103, 835, 636, 635, 716, 716, - 716, 716, 716, 716, 634, 853, 839, 853, 853, 853, - 853, 853, 853, 853, 853, 853, 853, 866, 866, 866, - 866, 866, 866, 716, 716, 716, 716, 716, 716, 721, - 890, 892, 721, 1103, 890, 892, 958, 958, 721, 958, - 958, 721, 721, 618, 721, 721, 721, 721, 721, 721, - 721, 721, 721, 721, 721, 721, 721, 890, 892, 598, - - 721, 721, 721, 721, 721, 721, 721, 721, 721, 721, - 721, 721, 721, 721, 721, 721, 721, 721, 721, 721, - 721, 721, 721, 721, 721, 721, 721, 721, 721, 721, - 721, 721, 721, 721, 721, 721, 721, 721, 721, 721, - 721, 721, 721, 752, 597, 596, 997, 752, 752, 752, - 752, 752, 752, 752, 752, 752, 752, 752, 997, 752, - 595, 584, 752, 752, 752, 752, 752, 752, 752, 752, - 752, 752, 752, 752, 752, 752, 752, 752, 752, 752, - 752, 752, 752, 752, 752, 583, 752, 752, 752, 752, - 752, 752, 752, 752, 752, 752, 752, 752, 752, 752, - - 752, 752, 752, 752, 758, 758, 758, 758, 758, 758, - 758, 758, 758, 758, 758, 854, 582, 854, 854, 854, - 854, 854, 854, 854, 854, 854, 854, 855, 946, 855, - 855, 855, 855, 855, 855, 855, 855, 855, 855, 946, - 581, 580, 758, 759, 759, 759, 759, 759, 759, 759, - 759, 759, 759, 759, 859, 859, 859, 859, 859, 859, - 859, 859, 859, 859, 863, 999, 863, 863, 863, 863, - 863, 863, 1158, 1158, 1179, 1179, 863, 999, 1158, 579, - 1179, 759, 760, 760, 760, 760, 760, 760, 760, 760, - 760, 760, 760, 865, 865, 865, 865, 865, 865, 865, - - 865, 865, 865, 868, 896, 868, 868, 868, 868, 868, - 868, 868, 868, 868, 868, 876, 876, 1181, 1181, 1043, - 760, 761, 578, 1181, 761, 577, 896, 876, 896, 896, - 761, 1043, 576, 761, 761, 575, 761, 761, 761, 761, - 761, 761, 761, 761, 761, 761, 761, 761, 761, 961, - 574, 961, 761, 761, 761, 761, 761, 761, 761, 761, - 761, 761, 761, 761, 761, 761, 761, 761, 761, 761, - 761, 761, 761, 761, 761, 761, 761, 761, 761, 761, - 761, 761, 761, 761, 761, 761, 761, 761, 761, 761, - 761, 761, 761, 761, 761, 771, 771, 771, 771, 771, - - 771, 771, 771, 771, 771, 771, 869, 869, 869, 869, - 869, 869, 869, 869, 869, 869, 871, 961, 871, 871, - 871, 871, 871, 871, 871, 871, 871, 871, 1018, 1018, - 565, 1018, 1018, 771, 772, 772, 772, 772, 772, 772, - 772, 772, 772, 772, 772, 872, 564, 872, 872, 872, - 872, 872, 872, 872, 872, 872, 872, 873, 563, 873, - 873, 873, 873, 873, 873, 940, 940, 940, 940, 940, - 940, 562, 772, 780, 561, 780, 780, 780, 780, 780, - 780, 780, 780, 780, 780, 780, 783, 560, 783, 783, - 783, 783, 783, 783, 783, 783, 783, 783, 783, 559, - - 558, 557, 783, 783, 783, 783, 783, 783, 881, 881, - 881, 881, 881, 881, 881, 881, 556, 884, 906, 951, - 1227, 884, 906, 951, 555, 554, 1227, 783, 783, 783, - 783, 783, 783, 786, 786, 786, 786, 786, 786, 786, - 786, 786, 786, 786, 884, 906, 951, 786, 786, 786, - 786, 786, 786, 900, 553, 1182, 1182, 900, 900, 900, - 900, 1182, 1052, 1052, 901, 1052, 1052, 884, 901, 901, - 901, 901, 786, 786, 786, 786, 786, 786, 797, 797, - 797, 797, 797, 797, 797, 797, 797, 797, 797, 797, - 797, 545, 544, 543, 797, 797, 797, 797, 797, 797, - - 1005, 1005, 1005, 1005, 1005, 1005, 902, 900, 902, 902, - 902, 902, 902, 902, 902, 902, 902, 902, 901, 797, - 797, 797, 797, 797, 797, 800, 800, 800, 800, 800, - 800, 800, 800, 800, 800, 800, 800, 535, 502, 501, - 500, 800, 800, 800, 800, 800, 800, 903, 499, 903, - 903, 903, 903, 903, 903, 903, 903, 903, 903, 1010, - 1010, 1010, 1010, 1010, 1010, 1010, 800, 800, 800, 800, - 800, 800, 805, 967, 1170, 805, 967, 1170, 497, 1170, - 496, 805, 967, 967, 805, 805, 967, 805, 805, 805, - 805, 805, 805, 805, 805, 805, 805, 805, 805, 805, - - 967, 967, 967, 805, 805, 805, 805, 805, 805, 805, - 805, 805, 805, 805, 805, 805, 805, 805, 805, 805, - 805, 805, 805, 805, 805, 805, 805, 805, 805, 805, - 805, 805, 805, 805, 805, 805, 805, 805, 805, 805, - 805, 805, 805, 805, 805, 805, 829, 488, 487, 928, - 829, 928, 928, 928, 928, 928, 928, 486, 829, 485, - 484, 483, 829, 829, 829, 829, 829, 829, 829, 829, - 829, 829, 829, 829, 829, 482, 481, 829, 829, 829, - 829, 829, 829, 829, 829, 829, 829, 829, 829, 829, - 829, 829, 829, 829, 829, 829, 829, 829, 829, 829, - - 478, 829, 829, 829, 829, 829, 829, 829, 829, 829, - 829, 829, 829, 829, 829, 829, 829, 829, 829, 837, - 837, 837, 837, 837, 837, 837, 837, 837, 837, 837, - 904, 476, 904, 904, 904, 904, 904, 904, 904, 904, - 904, 904, 905, 465, 905, 905, 905, 905, 905, 905, - 905, 905, 905, 905, 464, 463, 462, 837, 838, 838, - 838, 838, 838, 838, 838, 838, 838, 838, 838, 922, - 461, 922, 922, 922, 922, 922, 922, 914, 460, 459, - 458, 914, 924, 924, 924, 924, 924, 924, 924, 924, - 924, 924, 1183, 1183, 1221, 1221, 838, 840, 1183, 976, - - 840, 1221, 1186, 976, 914, 1186, 840, 1186, 922, 840, - 840, 455, 840, 840, 840, 840, 840, 840, 840, 840, - 840, 840, 840, 840, 840, 914, 976, 448, 840, 840, - 840, 840, 840, 840, 840, 840, 840, 840, 840, 840, - 840, 840, 840, 840, 840, 840, 840, 840, 840, 840, - 840, 840, 840, 840, 840, 840, 840, 840, 840, 840, - 840, 840, 840, 840, 840, 840, 840, 840, 840, 840, - 840, 848, 441, 848, 848, 848, 848, 848, 848, 848, - 848, 848, 848, 440, 439, 438, 918, 918, 918, 918, - 918, 918, 918, 918, 918, 918, 926, 437, 926, 926, - - 926, 926, 926, 926, 926, 926, 926, 926, 436, 431, - 848, 849, 428, 849, 849, 849, 849, 849, 849, 849, - 849, 849, 849, 918, 927, 402, 927, 927, 927, 927, - 927, 927, 927, 927, 927, 927, 933, 933, 933, 933, - 933, 933, 933, 933, 933, 933, 1187, 1187, 401, 398, - 849, 850, 1187, 850, 850, 850, 850, 850, 850, 850, - 850, 850, 850, 937, 397, 937, 937, 937, 937, 937, - 937, 385, 384, 383, 382, 937, 939, 939, 939, 939, - 939, 939, 939, 939, 939, 939, 1188, 1188, 381, 380, - 850, 851, 1188, 851, 851, 851, 851, 851, 851, 851, - - 851, 851, 851, 942, 379, 942, 942, 942, 942, 942, - 942, 942, 942, 942, 942, 943, 943, 943, 943, 943, - 943, 943, 943, 943, 943, 943, 1189, 1189, 378, 377, - 851, 861, 1189, 861, 861, 861, 861, 861, 861, 861, - 861, 861, 861, 861, 864, 376, 864, 864, 864, 864, - 864, 864, 864, 864, 864, 864, 864, 375, 374, 371, - 864, 864, 864, 864, 864, 864, 944, 944, 944, 944, - 944, 944, 944, 944, 944, 944, 944, 953, 365, 1077, - 1077, 953, 1077, 1077, 363, 864, 864, 864, 864, 864, - 864, 867, 867, 867, 867, 867, 867, 867, 867, 867, - - 867, 867, 362, 361, 953, 867, 867, 867, 867, 867, - 867, 945, 945, 945, 945, 945, 945, 945, 945, 945, - 945, 945, 985, 1192, 1192, 360, 985, 953, 359, 1192, - 867, 867, 867, 867, 867, 867, 879, 879, 879, 879, - 879, 879, 879, 879, 879, 879, 879, 879, 910, 985, - 910, 910, 910, 910, 910, 910, 910, 910, 910, 910, - 962, 1225, 358, 1225, 962, 962, 962, 962, 963, 1225, - 985, 357, 963, 963, 963, 963, 970, 970, 970, 970, - 970, 970, 970, 970, 970, 970, 356, 910, 911, 355, - 911, 911, 911, 911, 911, 911, 911, 911, 911, 911, - - 964, 354, 1193, 1193, 964, 964, 964, 964, 1193, 353, - 352, 965, 349, 338, 962, 965, 965, 965, 965, 1194, - 1194, 334, 963, 1197, 1197, 1194, 333, 911, 912, 1197, - 912, 912, 912, 912, 912, 912, 912, 912, 912, 912, - 966, 332, 331, 966, 966, 966, 966, 966, 966, 966, - 966, 966, 966, 327, 964, 968, 326, 1198, 1198, 968, - 968, 968, 968, 1198, 325, 965, 324, 912, 913, 323, - 913, 913, 913, 913, 913, 913, 913, 913, 913, 913, - 972, 322, 972, 972, 972, 972, 972, 972, 972, 972, - 972, 972, 320, 969, 319, 1202, 969, 1013, 1202, 318, - - 1202, 1013, 969, 969, 317, 316, 969, 913, 920, 968, - 920, 920, 920, 920, 920, 920, 920, 920, 920, 920, - 969, 969, 969, 973, 1013, 973, 973, 973, 973, 973, - 973, 973, 973, 973, 973, 974, 315, 974, 974, 974, - 974, 974, 974, 1204, 1204, 314, 313, 920, 921, 1204, - 921, 921, 921, 921, 921, 921, 921, 921, 921, 921, - 312, 311, 310, 308, 301, 979, 979, 979, 979, 979, - 979, 979, 979, 979, 979, 983, 300, 983, 983, 983, - 983, 983, 983, 1212, 1212, 286, 285, 921, 935, 1212, - 935, 935, 935, 935, 935, 935, 935, 935, 935, 935, - - 935, 938, 979, 938, 938, 938, 938, 938, 938, 938, - 938, 938, 938, 938, 983, 283, 282, 938, 938, 938, - 938, 938, 938, 991, 281, 991, 991, 991, 991, 991, - 991, 991, 991, 991, 991, 1094, 1094, 1094, 1094, 1094, - 1094, 280, 938, 938, 938, 938, 938, 938, 941, 941, - 941, 941, 941, 941, 941, 941, 941, 941, 279, 273, - 269, 266, 941, 941, 941, 941, 941, 941, 992, 264, - 992, 992, 992, 992, 992, 992, 992, 992, 992, 992, - 1121, 1121, 1121, 1121, 1121, 1121, 262, 941, 941, 941, - 941, 941, 941, 981, 259, 981, 981, 981, 981, 981, + 170, 170, 170, 170, 170, 170, 170, 170, 170, 170, + 170, 491, 653, 1086, 170, 170, 170, 170, 170, 170, + 247, 247, 247, 247, 247, 247, 247, 247, 247, 247, + 281, 281, 281, 281, 281, 281, 653, 558, 491, 170, + 170, 170, 170, 170, 170, 211, 550, 509, 211, 211, + 211, 211, 211, 239, 211, 211, 239, 456, 211, 456, + 294, 294, 239, 294, 294, 239, 550, 430, 239, 239, + 558, 430, 211, 211, 211, 419, 419, 419, 419, 419, + 419, 753, 239, 509, 239, 753, 241, 241, 241, 241, + 241, 468, 241, 241, 430, 468, 241, 248, 248, 248, + + 248, 248, 248, 248, 248, 248, 248, 547, 239, 239, + 241, 241, 241, 242, 294, 547, 242, 540, 468, 242, + 242, 456, 242, 242, 242, 242, 259, 259, 242, 242, + 259, 446, 259, 259, 446, 540, 259, 759, 259, 759, + 458, 496, 242, 242, 242, 429, 496, 276, 276, 276, + 276, 276, 276, 276, 276, 276, 276, 429, 507, 273, + 273, 507, 429, 273, 273, 510, 446, 458, 242, 242, + 245, 510, 245, 245, 245, 245, 245, 245, 245, 245, + 245, 245, 245, 273, 276, 458, 245, 245, 245, 245, + 245, 245, 546, 507, 268, 268, 268, 268, 268, 483, + + 268, 268, 483, 539, 268, 483, 546, 548, 273, 539, + 1080, 245, 245, 245, 245, 245, 245, 250, 268, 268, + 268, 250, 250, 250, 250, 250, 250, 250, 250, 250, + 250, 250, 250, 250, 1070, 548, 250, 250, 250, 250, + 250, 250, 250, 250, 250, 250, 250, 250, 250, 250, + 250, 250, 250, 250, 250, 250, 250, 250, 250, 559, + 250, 250, 250, 250, 250, 250, 250, 250, 250, 250, + 250, 250, 250, 250, 250, 250, 250, 250, 251, 251, + 251, 251, 251, 251, 251, 251, 251, 251, 251, 1065, + 559, 541, 251, 251, 251, 251, 251, 251, 545, 270, + + 270, 270, 270, 270, 545, 270, 270, 541, 407, 270, + 407, 407, 407, 407, 407, 407, 1064, 251, 251, 251, + 251, 251, 251, 270, 270, 270, 272, 272, 272, 272, + 272, 560, 272, 272, 535, 549, 272, 279, 279, 279, + 279, 279, 279, 279, 279, 279, 279, 407, 1060, 549, + 272, 272, 272, 275, 567, 535, 275, 275, 275, 275, + 275, 649, 275, 275, 560, 567, 275, 280, 280, 280, + 280, 280, 280, 280, 280, 280, 280, 552, 649, 562, + 275, 275, 275, 277, 562, 277, 277, 277, 277, 277, + 277, 277, 277, 277, 277, 277, 523, 523, 552, 277, + + 277, 277, 277, 277, 277, 290, 290, 553, 523, 290, + 472, 290, 290, 551, 472, 290, 553, 290, 557, 525, + 525, 551, 277, 568, 277, 277, 277, 277, 277, 277, + 282, 525, 493, 282, 568, 689, 493, 472, 689, 282, + 557, 650, 282, 282, 1048, 282, 282, 282, 282, 282, + 282, 282, 282, 282, 282, 282, 282, 282, 282, 493, + 650, 282, 282, 282, 282, 282, 282, 282, 282, 282, + 282, 282, 282, 282, 282, 282, 282, 282, 282, 282, + 282, 282, 282, 282, 282, 282, 282, 282, 282, 282, + 282, 282, 282, 282, 282, 282, 282, 282, 282, 282, + + 282, 282, 282, 282, 283, 283, 283, 283, 283, 283, + 283, 283, 283, 283, 283, 566, 1047, 566, 283, 283, + 283, 283, 283, 283, 300, 300, 300, 300, 300, 300, + 300, 300, 300, 300, 465, 1039, 465, 465, 465, 465, + 465, 465, 1038, 283, 283, 283, 283, 283, 283, 301, + 301, 301, 301, 301, 301, 301, 301, 301, 301, 302, + 609, 302, 302, 302, 302, 302, 302, 302, 302, 302, + 302, 353, 1030, 353, 353, 353, 353, 353, 353, 353, + 353, 353, 353, 610, 350, 569, 566, 615, 350, 624, + 569, 350, 588, 609, 588, 588, 1029, 350, 302, 303, + + 624, 303, 303, 303, 303, 303, 303, 303, 303, 303, + 303, 350, 350, 354, 610, 354, 354, 354, 354, 354, + 354, 354, 354, 354, 354, 355, 615, 355, 355, 355, + 355, 355, 355, 355, 355, 355, 355, 592, 303, 304, + 592, 304, 304, 304, 304, 304, 304, 304, 304, 304, + 304, 411, 411, 411, 411, 411, 411, 411, 411, 411, + 411, 411, 628, 376, 734, 497, 644, 376, 589, 497, + 376, 589, 589, 628, 644, 734, 376, 592, 304, 305, + 305, 305, 305, 305, 305, 305, 305, 305, 305, 305, + 376, 376, 497, 305, 305, 305, 305, 305, 305, 403, + + 403, 403, 403, 403, 403, 403, 403, 403, 403, 531, + 531, 531, 531, 531, 531, 1028, 305, 646, 305, 305, + 305, 305, 305, 305, 308, 308, 308, 308, 308, 308, + 308, 308, 308, 308, 308, 646, 403, 1026, 308, 308, + 308, 308, 308, 308, 416, 416, 416, 416, 416, 416, + 416, 416, 416, 416, 536, 543, 613, 641, 536, 543, + 1022, 613, 641, 308, 308, 308, 308, 308, 308, 310, + 310, 310, 310, 310, 310, 310, 310, 310, 310, 310, + 310, 536, 543, 611, 310, 310, 310, 310, 310, 310, + 418, 418, 418, 418, 418, 418, 418, 418, 418, 418, + + 590, 647, 590, 590, 654, 629, 629, 630, 630, 310, + 310, 310, 310, 310, 310, 312, 611, 629, 312, 630, + 654, 655, 647, 659, 312, 766, 766, 312, 312, 655, + 312, 312, 312, 312, 312, 312, 312, 312, 312, 312, + 312, 312, 312, 312, 659, 1005, 312, 312, 312, 312, + 312, 312, 312, 312, 312, 312, 312, 312, 312, 312, + 312, 312, 312, 312, 312, 312, 312, 312, 312, 312, + 312, 312, 312, 312, 312, 312, 312, 312, 312, 312, + 312, 312, 312, 312, 312, 312, 312, 312, 312, 313, + 313, 313, 313, 313, 313, 313, 313, 313, 313, 313, + + 776, 1004, 776, 313, 313, 313, 313, 313, 313, 421, + 612, 421, 421, 421, 421, 421, 421, 421, 421, 421, + 421, 638, 638, 638, 638, 638, 638, 1000, 313, 313, + 313, 313, 313, 313, 356, 356, 356, 356, 356, 356, + 356, 356, 356, 356, 356, 612, 844, 844, 356, 356, + 356, 356, 356, 356, 461, 461, 461, 461, 461, 461, + 461, 461, 461, 461, 643, 648, 683, 690, 643, 648, + 690, 683, 656, 356, 356, 356, 356, 356, 356, 358, + 358, 358, 358, 358, 358, 358, 358, 358, 358, 656, + 995, 643, 648, 358, 358, 358, 358, 358, 358, 463, + + 651, 463, 463, 463, 463, 463, 463, 463, 463, 463, + 463, 706, 651, 632, 632, 978, 706, 651, 358, 358, + 358, 358, 358, 358, 377, 632, 377, 377, 377, 377, + 377, 377, 377, 377, 377, 377, 464, 977, 464, 464, + 464, 464, 464, 464, 464, 464, 464, 464, 486, 486, + 486, 486, 486, 486, 486, 486, 486, 486, 691, 669, + 695, 691, 692, 377, 378, 692, 378, 378, 378, 378, + 378, 378, 378, 378, 378, 378, 669, 490, 973, 490, + 490, 490, 490, 490, 490, 486, 516, 516, 516, 516, + 516, 516, 516, 516, 516, 516, 516, 760, 667, 695, + + 667, 760, 847, 378, 379, 847, 379, 379, 379, 379, + 379, 379, 379, 379, 379, 379, 490, 522, 522, 522, + 522, 522, 522, 522, 522, 522, 522, 524, 524, 524, + 524, 524, 524, 524, 524, 524, 524, 693, 962, 748, + 693, 772, 778, 379, 380, 748, 380, 380, 380, 380, + 380, 380, 380, 380, 380, 380, 667, 955, 772, 778, + 380, 380, 380, 380, 380, 380, 528, 528, 528, 528, + 528, 528, 528, 528, 668, 652, 657, 658, 528, 652, + 657, 658, 693, 954, 668, 380, 380, 380, 380, 380, + 380, 382, 382, 382, 382, 382, 382, 382, 382, 382, + + 382, 952, 652, 657, 658, 382, 382, 382, 382, 382, + 382, 530, 530, 530, 530, 530, 530, 530, 530, 530, + 530, 800, 618, 800, 618, 618, 618, 618, 618, 618, + 382, 382, 382, 382, 382, 382, 405, 758, 405, 405, + 405, 405, 405, 405, 405, 405, 405, 405, 533, 758, + 533, 533, 533, 533, 533, 533, 533, 533, 533, 533, + 570, 618, 570, 570, 570, 570, 570, 570, 570, 570, + 570, 570, 764, 777, 943, 405, 406, 764, 406, 406, + 406, 406, 406, 406, 406, 406, 406, 406, 571, 777, + 571, 571, 571, 571, 571, 571, 571, 571, 571, 571, + + 572, 735, 572, 572, 572, 572, 572, 572, 572, 572, + 572, 572, 735, 804, 939, 406, 417, 417, 417, 417, + 417, 417, 417, 417, 417, 417, 417, 417, 417, 842, + 804, 842, 417, 417, 417, 417, 417, 417, 614, 614, + 614, 614, 614, 614, 614, 614, 614, 614, 675, 938, + 675, 675, 675, 675, 675, 675, 928, 417, 417, 417, + 417, 417, 417, 420, 420, 420, 420, 420, 420, 420, + 420, 420, 420, 420, 420, 614, 882, 882, 420, 420, + 420, 420, 420, 420, 625, 846, 625, 625, 625, 625, + 625, 625, 625, 625, 625, 625, 752, 796, 846, 912, + + 670, 796, 752, 420, 420, 420, 420, 420, 420, 423, + 670, 676, 423, 716, 757, 676, 885, 898, 423, 885, + 757, 423, 423, 716, 423, 423, 423, 423, 423, 423, + 423, 423, 423, 423, 423, 423, 423, 423, 676, 894, + 423, 423, 423, 423, 423, 423, 423, 423, 423, 423, + 423, 423, 423, 423, 423, 423, 423, 423, 423, 423, + 423, 423, 423, 423, 423, 423, 423, 423, 423, 423, + 423, 423, 423, 423, 423, 423, 423, 423, 423, 423, + 423, 423, 423, 466, 466, 466, 466, 466, 466, 466, + 466, 466, 466, 763, 919, 919, 889, 466, 466, 466, + + 466, 466, 466, 626, 763, 626, 626, 626, 626, 626, + 626, 626, 626, 626, 626, 726, 726, 726, 726, 726, + 726, 886, 466, 466, 466, 466, 466, 466, 467, 467, + 467, 467, 467, 467, 467, 467, 467, 467, 802, 920, + 920, 881, 467, 467, 467, 467, 467, 467, 627, 802, + 627, 627, 627, 627, 627, 627, 627, 627, 627, 627, + 745, 745, 745, 745, 745, 745, 806, 467, 467, 467, + 467, 467, 467, 482, 482, 482, 482, 482, 482, 482, + 482, 482, 482, 482, 926, 926, 871, 482, 482, 482, + 482, 482, 482, 631, 631, 631, 631, 631, 631, 631, + + 631, 631, 631, 733, 806, 733, 733, 733, 733, 733, + 733, 870, 482, 482, 482, 482, 482, 482, 488, 867, + 488, 488, 488, 488, 488, 488, 488, 488, 488, 488, + 635, 635, 635, 635, 635, 635, 635, 635, 1008, 857, + 1008, 852, 635, 637, 637, 637, 637, 637, 637, 637, + 637, 637, 637, 798, 852, 857, 967, 488, 489, 798, + 489, 489, 489, 489, 489, 489, 489, 489, 489, 489, + 640, 866, 640, 640, 640, 640, 640, 640, 640, 640, + 640, 640, 671, 671, 671, 671, 671, 671, 671, 671, + 671, 671, 775, 931, 775, 967, 931, 489, 511, 799, + + 511, 511, 511, 511, 511, 511, 511, 511, 511, 511, + 673, 799, 673, 673, 673, 673, 673, 673, 673, 673, + 673, 673, 674, 827, 674, 674, 674, 674, 674, 674, + 674, 674, 674, 674, 827, 680, 861, 511, 512, 680, + 512, 512, 512, 512, 512, 512, 512, 512, 512, 512, + 828, 775, 684, 736, 736, 801, 684, 932, 932, 801, + 859, 828, 680, 687, 688, 736, 699, 687, 688, 698, + 699, 698, 698, 698, 698, 698, 698, 512, 513, 684, + 513, 513, 513, 513, 513, 513, 513, 513, 513, 513, + 687, 688, 813, 699, 694, 694, 694, 694, 694, 694, + + 694, 694, 694, 694, 813, 703, 707, 803, 698, 703, + 707, 840, 803, 964, 964, 971, 840, 513, 526, 526, + 526, 526, 526, 526, 526, 526, 526, 526, 526, 526, + 526, 694, 703, 707, 526, 526, 526, 526, 526, 526, + 723, 723, 723, 723, 723, 723, 723, 723, 723, 723, + 855, 710, 711, 749, 971, 710, 711, 749, 854, 526, + 526, 526, 526, 526, 526, 529, 529, 529, 529, 529, + 529, 529, 529, 529, 529, 529, 529, 529, 710, 711, + 749, 529, 529, 529, 529, 529, 529, 725, 725, 725, + 725, 725, 725, 725, 725, 725, 725, 755, 761, 767, + + 853, 755, 761, 767, 996, 996, 529, 529, 529, 529, + 529, 529, 532, 532, 532, 532, 532, 532, 532, 532, + 532, 532, 532, 532, 755, 761, 767, 532, 532, 532, + 532, 532, 532, 728, 815, 728, 728, 728, 728, 728, + 728, 728, 728, 728, 728, 1285, 815, 737, 737, 1006, + 1006, 1285, 532, 532, 532, 532, 532, 532, 593, 737, + 593, 593, 593, 593, 593, 593, 593, 593, 593, 593, + 729, 729, 729, 729, 729, 729, 729, 729, 729, 729, + 731, 869, 731, 731, 731, 731, 731, 731, 731, 731, + 731, 731, 933, 851, 869, 933, 876, 593, 594, 899, + + 594, 594, 594, 594, 594, 594, 594, 594, 594, 594, + 732, 899, 732, 732, 732, 732, 732, 732, 732, 732, + 732, 732, 738, 738, 738, 738, 738, 738, 738, 738, + 738, 738, 856, 856, 876, 856, 856, 594, 595, 848, + 595, 595, 595, 595, 595, 595, 595, 595, 595, 595, + 739, 739, 742, 742, 742, 742, 742, 742, 742, 742, + 1040, 1040, 739, 884, 742, 744, 744, 744, 744, 744, + 744, 744, 744, 744, 744, 769, 884, 595, 616, 769, + 616, 616, 616, 616, 616, 616, 616, 616, 616, 616, + 747, 856, 747, 747, 747, 747, 747, 747, 747, 747, - 981, 981, 981, 981, 981, 993, 258, 993, 993, 993, - 993, 993, 993, 993, 993, 993, 993, 998, 998, 998, - 998, 998, 998, 998, 998, 998, 998, 1024, 1219, 1219, - 257, 1024, 981, 982, 1219, 982, 982, 982, 982, 982, - 982, 982, 982, 982, 982, 1002, 256, 1002, 1002, 1002, - 1002, 1002, 1002, 255, 1024, 253, 252, 1002, 1004, 1004, - 1004, 1004, 1004, 1004, 1004, 1004, 1004, 1004, 1222, 1222, - 251, 250, 982, 988, 1222, 988, 988, 988, 988, 988, - 988, 988, 988, 988, 988, 1006, 248, 1006, 1006, 1006, - 1006, 1006, 1006, 1006, 1006, 1006, 1006, 1008, 1008, 1008, - - 1008, 1008, 1008, 1008, 1008, 1008, 1008, 1008, 242, 234, - 1049, 230, 988, 989, 1049, 989, 989, 989, 989, 989, - 989, 989, 989, 989, 989, 1009, 1009, 1009, 1009, 1009, - 1009, 1009, 1009, 1009, 1009, 1009, 225, 1049, 1015, 224, - 222, 1040, 1015, 1040, 1040, 1040, 1040, 1040, 1040, 218, - 213, 211, 989, 990, 206, 990, 990, 990, 990, 990, - 990, 990, 990, 990, 990, 1015, 1019, 1019, 1019, 1019, - 1019, 1019, 1019, 1019, 1019, 1019, 1020, 1020, 1020, 1020, - 1020, 1020, 1020, 1020, 1020, 1020, 1209, 194, 1015, 1209, - 193, 1209, 990, 1000, 192, 1000, 1000, 1000, 1000, 1000, - - 1000, 1000, 1000, 1000, 1000, 1000, 1003, 191, 1003, 1003, - 1003, 1003, 1003, 1003, 1003, 1003, 1003, 1003, 190, 182, - 181, 180, 1003, 1003, 1003, 1003, 1003, 1003, 1021, 179, - 1021, 1021, 1021, 1021, 1021, 1021, 1021, 1021, 1021, 1021, - 178, 1118, 1118, 1118, 1118, 1118, 1118, 1003, 1003, 1003, - 1003, 1003, 1003, 1022, 177, 1022, 1022, 1022, 1022, 1022, - 1022, 1022, 1022, 1022, 1022, 1023, 175, 1023, 1023, 1023, - 1023, 1023, 1023, 1023, 1023, 1023, 1023, 1026, 1118, 1026, - 1026, 1026, 1026, 1026, 1026, 1026, 1026, 1026, 1026, 174, - 173, 1029, 172, 171, 170, 1029, 1031, 1031, 1031, 1031, - - 1031, 1031, 1031, 1031, 1031, 1031, 1035, 169, 1035, 1035, - 1035, 1035, 1035, 1035, 168, 163, 1026, 1027, 1029, 1027, - 1027, 1027, 1027, 1027, 1027, 1027, 1027, 1027, 1027, 159, - 158, 1058, 154, 1031, 151, 1058, 1224, 1224, 147, 1029, - 144, 141, 1224, 137, 133, 1035, 1036, 1036, 1036, 1036, - 1036, 1036, 1036, 1036, 1036, 1036, 1027, 1028, 1058, 1028, - 1028, 1028, 1028, 1028, 1028, 1028, 1028, 1028, 1028, 1038, - 132, 1038, 1038, 1038, 1038, 1038, 1038, 1038, 1038, 1038, - 1038, 1039, 131, 1039, 1039, 1039, 1039, 1039, 1039, 1039, - 1039, 1039, 1039, 130, 1074, 129, 1028, 1033, 1074, 1033, - - 1033, 1033, 1033, 1033, 1033, 1033, 1033, 1033, 1033, 1046, - 125, 1046, 1046, 1046, 1046, 1046, 1046, 1046, 1046, 1046, - 1046, 1074, 1051, 119, 117, 1057, 1051, 1057, 1057, 1057, - 1057, 1057, 1057, 113, 109, 108, 1033, 1034, 107, 1034, - 1034, 1034, 1034, 1034, 1034, 1034, 1034, 1034, 1034, 1051, - 1053, 1053, 1053, 1053, 1053, 1053, 1053, 1053, 1053, 1053, - 1055, 106, 1055, 1055, 1055, 1055, 1055, 1055, 1055, 1055, - 1055, 1055, 1051, 105, 101, 1056, 1034, 1056, 1056, 1056, - 1056, 1056, 1056, 1056, 1056, 1056, 1056, 1059, 1059, 1059, - 1059, 1059, 1059, 1059, 1059, 1059, 1059, 88, 1063, 81, - - 1063, 1063, 1063, 1063, 1063, 1063, 74, 73, 69, 68, - 67, 1064, 62, 60, 1101, 1064, 1101, 1101, 1101, 1101, - 1101, 1101, 51, 50, 1059, 1061, 48, 1061, 1061, 1061, - 1061, 1061, 1061, 1061, 1061, 1061, 1061, 1063, 1064, 1068, - 1068, 1068, 1068, 1068, 1068, 1068, 1068, 1068, 1068, 1069, - 1069, 1069, 1069, 1069, 1069, 1069, 1069, 1069, 1069, 1064, - 47, 41, 36, 30, 1061, 1062, 24, 1062, 1062, 1062, - 1062, 1062, 1062, 1062, 1062, 1062, 1062, 1070, 1070, 1070, - 1070, 1070, 1070, 1070, 1070, 1070, 1070, 1080, 23, 1080, - 1080, 1080, 1080, 1080, 1080, 1080, 1080, 1080, 1080, 20, - - 19, 0, 0, 0, 1062, 1065, 0, 1065, 1065, 1065, - 1065, 1065, 1065, 1065, 1065, 1065, 1065, 1081, 0, 1081, - 1081, 1081, 1081, 1081, 1081, 1081, 1081, 1081, 1081, 1082, - 0, 1082, 1082, 1082, 1082, 1082, 1082, 1082, 1082, 1082, - 1082, 0, 0, 0, 1065, 1066, 0, 1066, 1066, 1066, - 1066, 1066, 1066, 1066, 1066, 1066, 1066, 0, 0, 0, - 1086, 1086, 1086, 1086, 1086, 1086, 1086, 1086, 1086, 1086, - 1090, 0, 1090, 1090, 1090, 1090, 1090, 1090, 0, 0, - 0, 0, 0, 0, 1066, 1067, 0, 1067, 1067, 1067, - 1067, 1067, 1067, 1067, 1067, 1067, 1067, 1086, 1092, 1092, - - 1092, 1092, 1092, 1092, 1092, 1092, 1092, 1092, 0, 1090, - 1093, 1093, 1093, 1093, 1093, 1093, 1093, 1093, 1093, 1093, - 0, 0, 0, 0, 1067, 1083, 0, 1083, 1083, 1083, - 1083, 1083, 1083, 1083, 1083, 1083, 1083, 1097, 1097, 1097, - 1097, 1097, 1097, 1097, 1097, 1097, 1097, 1099, 0, 1099, - 1099, 1099, 1099, 1099, 1099, 1099, 1099, 1099, 1099, 0, - 0, 0, 0, 0, 1083, 1084, 0, 1084, 1084, 1084, - 1084, 1084, 1084, 1084, 1084, 1084, 1084, 1100, 0, 1100, - 1100, 1100, 1100, 1100, 1100, 1100, 1100, 1100, 1100, 1102, - 1102, 1102, 1102, 1102, 1102, 1102, 1102, 1102, 1102, 0, - - 0, 0, 0, 0, 1084, 1085, 0, 1085, 1085, 1085, - 1085, 1085, 1085, 1085, 1085, 1085, 1085, 0, 1106, 0, - 1106, 1106, 1106, 1106, 1106, 1106, 1102, 1107, 1107, 1107, - 1107, 1107, 1107, 1107, 1107, 1107, 1107, 0, 1124, 1124, - 1124, 1124, 1124, 1124, 1085, 1088, 0, 1088, 1088, 1088, - 1088, 1088, 1088, 1088, 1088, 1088, 1088, 1106, 0, 0, - 0, 0, 0, 0, 1107, 1108, 1108, 1108, 1108, 1108, - 1108, 1108, 1108, 1108, 1108, 1124, 0, 0, 0, 0, - 0, 0, 0, 0, 1088, 1089, 0, 1089, 1089, 1089, - 1089, 1089, 1089, 1089, 1089, 1089, 1089, 0, 0, 0, - - 0, 0, 1108, 1109, 1109, 1109, 1109, 1109, 1109, 1109, - 1109, 1109, 1109, 1110, 1110, 1110, 1110, 1110, 1110, 1110, - 1110, 1110, 1110, 0, 1089, 1104, 0, 1104, 1104, 1104, - 1104, 1104, 1104, 1104, 1104, 1104, 1104, 0, 0, 0, - 1109, 1111, 1111, 1111, 1111, 1111, 1111, 1111, 1111, 1111, - 1111, 1112, 1112, 1112, 1112, 1112, 1112, 1112, 1112, 1112, - 1112, 0, 0, 0, 1104, 1105, 0, 1105, 1105, 1105, - 1105, 1105, 1105, 1105, 1105, 1105, 1105, 1113, 1113, 1113, - 1113, 1113, 1113, 1113, 1113, 1113, 1113, 1114, 1114, 1114, - 1114, 1114, 1114, 1114, 1114, 1114, 1114, 0, 0, 0, - - 0, 0, 0, 0, 1105, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 1113, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 1114, 1115, 1115, 1115, 1115, 1115, - 1115, 1115, 1115, 1115, 1115, 1117, 1117, 1117, 1117, 1117, - 1117, 1117, 1117, 1117, 1117, 1120, 1120, 1120, 1120, 1120, - 1120, 1120, 1120, 1120, 1120, 0, 0, 0, 0, 0, - 0, 0, 1115, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 1117, 1123, 1123, 1123, 1123, 1123, 1123, 1123, - 1123, 1123, 1123, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 747, 747, 769, 779, 779, 779, 779, 779, 779, 779, + 779, 779, 779, 779, 843, 1032, 953, 616, 617, 953, + 617, 617, 617, 617, 617, 617, 617, 617, 617, 617, + 780, 780, 780, 780, 780, 780, 780, 780, 780, 780, + 780, 781, 781, 781, 781, 781, 781, 781, 781, 781, + 781, 781, 941, 941, 1032, 941, 941, 617, 623, 623, + 623, 623, 623, 623, 623, 623, 623, 623, 623, 1011, + 811, 1011, 623, 623, 623, 623, 623, 623, 1036, 805, + 805, 805, 805, 805, 805, 805, 805, 805, 805, 809, + 809, 809, 809, 809, 809, 809, 810, 623, 623, 623, + + 623, 623, 623, 633, 633, 633, 633, 633, 633, 633, + 633, 633, 633, 633, 633, 633, 805, 1036, 797, 633, + 633, 633, 633, 633, 633, 1088, 1118, 809, 812, 812, + 812, 812, 812, 812, 812, 812, 812, 812, 821, 821, + 821, 821, 821, 821, 633, 633, 633, 633, 633, 633, + 636, 636, 636, 636, 636, 636, 636, 636, 636, 636, + 636, 636, 636, 791, 1088, 1118, 636, 636, 636, 636, + 636, 636, 814, 814, 814, 814, 814, 814, 814, 814, + 814, 814, 838, 838, 838, 838, 838, 838, 1134, 1145, + 1134, 636, 636, 636, 636, 636, 636, 639, 639, 639, + + 639, 639, 639, 639, 639, 639, 639, 639, 639, 1137, + 790, 1137, 639, 639, 639, 639, 639, 639, 818, 900, + 818, 818, 818, 818, 818, 818, 924, 1283, 1145, 1283, + 818, 900, 829, 829, 789, 1283, 924, 639, 639, 639, + 639, 639, 639, 696, 829, 696, 696, 696, 696, 696, + 696, 696, 696, 696, 696, 820, 820, 820, 820, 820, + 820, 820, 820, 820, 820, 823, 902, 823, 823, 823, + 823, 823, 823, 823, 823, 823, 823, 963, 902, 788, + 963, 965, 696, 697, 965, 697, 697, 697, 697, 697, + 697, 697, 697, 697, 697, 824, 1161, 824, 824, 824, + + 824, 824, 824, 824, 824, 824, 824, 825, 916, 825, + 825, 825, 825, 825, 825, 825, 825, 825, 825, 916, + 787, 786, 697, 717, 717, 717, 717, 717, 717, 717, + 717, 717, 717, 717, 826, 1161, 826, 826, 826, 826, + 826, 826, 826, 826, 826, 826, 830, 830, 831, 831, + 831, 831, 831, 831, 831, 831, 831, 831, 830, 785, + 784, 717, 718, 718, 718, 718, 718, 718, 718, 718, + 718, 718, 718, 832, 832, 835, 835, 835, 835, 835, + 835, 835, 835, 783, 782, 832, 979, 835, 837, 837, + 837, 837, 837, 837, 837, 837, 837, 837, 979, 774, + + 718, 719, 719, 719, 719, 719, 719, 719, 719, 719, + 719, 719, 839, 858, 839, 839, 839, 839, 839, 839, + 839, 839, 839, 839, 773, 917, 845, 849, 850, 980, + 845, 849, 850, 771, 754, 858, 917, 858, 858, 719, + 724, 980, 724, 724, 724, 724, 724, 724, 724, 724, + 724, 724, 724, 845, 849, 850, 724, 724, 724, 724, + 724, 724, 858, 860, 860, 860, 860, 860, 860, 860, + 860, 860, 860, 929, 845, 849, 850, 929, 1012, 730, + 1012, 724, 724, 724, 724, 724, 724, 727, 727, 727, + 727, 727, 727, 727, 727, 727, 727, 727, 722, 721, + + 929, 727, 727, 727, 727, 727, 727, 862, 862, 862, + 862, 862, 862, 862, 862, 862, 862, 862, 864, 864, + 864, 864, 864, 864, 864, 720, 727, 727, 727, 727, + 727, 727, 740, 740, 740, 740, 740, 740, 740, 740, + 740, 740, 740, 740, 740, 715, 1012, 714, 740, 740, + 740, 740, 740, 740, 863, 863, 863, 863, 863, 863, + 863, 863, 863, 863, 863, 868, 872, 873, 713, 868, + 872, 873, 712, 740, 740, 740, 740, 740, 740, 743, + 743, 743, 743, 743, 743, 743, 743, 743, 743, 743, + 743, 743, 868, 872, 873, 743, 743, 743, 743, 743, + + 743, 875, 875, 875, 875, 875, 875, 875, 875, 875, + 875, 709, 883, 868, 872, 873, 883, 942, 708, 942, + 743, 743, 743, 743, 743, 743, 746, 746, 746, 746, + 746, 746, 746, 746, 746, 746, 746, 705, 875, 883, + 704, 746, 746, 746, 746, 746, 746, 994, 879, 879, + 879, 879, 879, 879, 879, 934, 1279, 1279, 994, 934, + 883, 918, 918, 1279, 982, 1049, 746, 746, 746, 746, + 746, 746, 751, 918, 936, 751, 982, 1049, 936, 702, + 942, 751, 934, 701, 751, 751, 879, 751, 751, 751, + 751, 751, 751, 751, 751, 751, 751, 751, 751, 751, + + 700, 936, 686, 751, 751, 751, 751, 751, 751, 751, + 751, 751, 751, 751, 751, 751, 751, 751, 751, 751, + 751, 751, 751, 751, 751, 751, 751, 751, 751, 751, + 751, 751, 751, 751, 751, 751, 751, 751, 751, 751, + 751, 751, 751, 751, 751, 751, 792, 792, 792, 792, + 792, 792, 792, 792, 792, 792, 792, 895, 685, 895, + 895, 895, 895, 895, 895, 895, 895, 895, 895, 887, + 888, 1050, 682, 887, 888, 908, 908, 908, 908, 908, + 908, 681, 679, 1050, 792, 793, 793, 793, 793, 793, + 793, 793, 793, 793, 793, 793, 887, 888, 896, 678, + + 896, 896, 896, 896, 896, 896, 896, 896, 896, 896, + 1009, 1009, 677, 1009, 1009, 944, 672, 887, 888, 944, + 944, 944, 944, 793, 794, 794, 794, 794, 794, 794, + 794, 794, 794, 794, 794, 897, 940, 897, 897, 897, + 897, 897, 897, 897, 897, 897, 897, 901, 901, 901, + 901, 901, 901, 901, 901, 901, 901, 666, 940, 1052, + 940, 940, 794, 795, 951, 1099, 795, 665, 951, 944, + 663, 1052, 795, 662, 661, 795, 795, 1099, 795, 795, + 795, 795, 795, 795, 795, 795, 795, 795, 795, 795, + 795, 951, 660, 642, 795, 795, 795, 795, 795, 795, + + 795, 795, 795, 795, 795, 795, 795, 795, 795, 795, + 795, 795, 795, 795, 795, 795, 795, 795, 795, 795, + 795, 795, 795, 795, 795, 795, 795, 795, 795, 795, + 795, 795, 795, 795, 795, 795, 795, 807, 807, 807, + 807, 807, 807, 807, 807, 807, 807, 807, 905, 622, + 905, 905, 905, 905, 905, 905, 1104, 1104, 1104, 1104, + 905, 907, 907, 907, 907, 907, 907, 907, 907, 907, + 907, 1197, 1197, 1197, 621, 807, 808, 808, 808, 808, + 808, 808, 808, 808, 808, 808, 808, 910, 620, 910, + 910, 910, 910, 910, 910, 910, 910, 910, 910, 911, + + 911, 911, 911, 911, 911, 911, 911, 911, 911, 1072, + 1072, 619, 1072, 1072, 808, 816, 608, 816, 816, 816, + 816, 816, 816, 816, 816, 816, 816, 816, 819, 607, + 819, 819, 819, 819, 819, 819, 819, 819, 819, 819, + 819, 1221, 1221, 1221, 819, 819, 819, 819, 819, 819, + 913, 606, 913, 913, 913, 913, 913, 913, 913, 913, + 913, 913, 988, 988, 988, 988, 988, 988, 605, 819, + 819, 819, 819, 819, 819, 822, 822, 822, 822, 822, + 822, 822, 822, 822, 822, 822, 604, 603, 602, 822, + 822, 822, 822, 822, 822, 914, 601, 914, 914, 914, + + 914, 914, 914, 914, 914, 914, 914, 998, 1001, 600, + 599, 998, 1001, 598, 822, 822, 822, 822, 822, 822, + 833, 833, 833, 833, 833, 833, 833, 833, 833, 833, + 833, 833, 833, 597, 998, 1001, 833, 833, 833, 833, + 833, 833, 915, 596, 915, 915, 915, 915, 915, 915, + 923, 923, 923, 923, 923, 923, 923, 923, 587, 586, + 585, 833, 833, 833, 833, 833, 833, 836, 836, 836, + 836, 836, 836, 836, 836, 836, 836, 836, 836, 584, + 583, 582, 581, 836, 836, 836, 836, 836, 836, 1027, + 580, 579, 1066, 1027, 925, 927, 1066, 1079, 925, 927, + + 976, 1079, 976, 976, 976, 976, 976, 976, 836, 836, + 836, 836, 836, 836, 841, 1228, 1027, 841, 1228, 1066, + 1228, 925, 927, 841, 1079, 578, 841, 841, 577, 841, + 841, 841, 841, 841, 841, 841, 841, 841, 841, 841, + 841, 841, 925, 927, 576, 841, 841, 841, 841, 841, + 841, 841, 841, 841, 841, 841, 841, 841, 841, 841, + 841, 841, 841, 841, 841, 841, 841, 841, 841, 841, + 841, 841, 841, 841, 841, 841, 841, 841, 841, 841, + 841, 841, 841, 841, 841, 841, 841, 841, 865, 575, + 574, 573, 865, 865, 865, 865, 865, 865, 865, 865, + + 865, 865, 865, 565, 865, 564, 563, 865, 865, 865, + 865, 865, 865, 865, 865, 865, 865, 865, 865, 865, + 865, 865, 865, 865, 865, 865, 865, 865, 865, 865, + 555, 865, 865, 865, 865, 865, 865, 865, 865, 865, + 865, 865, 865, 865, 865, 865, 865, 865, 865, 877, + 877, 877, 877, 877, 877, 877, 877, 877, 877, 877, + 945, 520, 519, 518, 945, 945, 945, 945, 946, 517, + 946, 946, 946, 946, 946, 946, 946, 946, 946, 946, + 1058, 1058, 1058, 1058, 1058, 1058, 515, 877, 878, 878, + 878, 878, 878, 878, 878, 878, 878, 878, 878, 947, + + 514, 947, 947, 947, 947, 947, 947, 947, 947, 947, + 947, 506, 505, 948, 945, 948, 948, 948, 948, 948, + 948, 948, 948, 948, 948, 504, 878, 880, 1018, 1244, + 880, 1018, 1244, 503, 1244, 502, 880, 1018, 1018, 880, + 880, 1018, 880, 880, 880, 880, 880, 880, 880, 880, + 880, 880, 880, 880, 880, 1018, 1018, 1018, 880, 880, + 880, 880, 880, 880, 880, 880, 880, 880, 880, 880, + 880, 880, 880, 880, 880, 880, 880, 880, 880, 880, + 880, 880, 880, 880, 880, 880, 880, 880, 880, 880, + 880, 880, 880, 880, 880, 880, 880, 880, 880, 880, + + 880, 890, 501, 890, 890, 890, 890, 890, 890, 890, + 890, 890, 890, 949, 500, 949, 949, 949, 949, 949, + 949, 949, 949, 949, 949, 499, 950, 960, 961, 498, + 950, 960, 961, 1063, 1063, 1063, 1063, 1063, 1063, 1063, + 890, 891, 495, 891, 891, 891, 891, 891, 891, 891, + 891, 891, 891, 950, 960, 961, 966, 966, 966, 966, + 966, 966, 966, 966, 966, 966, 970, 494, 970, 970, + 970, 970, 970, 970, 950, 960, 961, 492, 481, 480, + 891, 892, 479, 892, 892, 892, 892, 892, 892, 892, + 892, 892, 892, 966, 972, 972, 972, 972, 972, 972, + + 972, 972, 972, 972, 974, 970, 974, 974, 974, 974, + 974, 974, 974, 974, 974, 974, 1194, 1194, 478, 477, + 892, 893, 1194, 893, 893, 893, 893, 893, 893, 893, + 893, 893, 893, 975, 476, 975, 975, 975, 975, 975, + 975, 975, 975, 975, 975, 981, 981, 981, 981, 981, + 981, 981, 981, 981, 981, 1110, 1110, 475, 1110, 1110, + 893, 903, 474, 903, 903, 903, 903, 903, 903, 903, + 903, 903, 903, 903, 906, 473, 906, 906, 906, 906, + 906, 906, 906, 906, 906, 906, 906, 470, 469, 462, + 906, 906, 906, 906, 906, 906, 985, 455, 985, 985, + + 985, 985, 985, 985, 454, 1003, 1105, 1107, 985, 1003, + 1105, 1107, 453, 452, 451, 906, 906, 906, 906, 906, + 906, 909, 909, 909, 909, 909, 909, 909, 909, 909, + 909, 909, 1003, 1105, 1107, 909, 909, 909, 909, 909, + 909, 987, 987, 987, 987, 987, 987, 987, 987, 987, + 987, 450, 1025, 1003, 1025, 1025, 1025, 1025, 1025, 1025, + 909, 909, 909, 909, 909, 909, 921, 921, 921, 921, + 921, 921, 921, 921, 921, 921, 921, 921, 956, 445, + 956, 956, 956, 956, 956, 956, 956, 956, 956, 956, + 990, 442, 990, 990, 990, 990, 990, 990, 990, 990, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 1123, 1126, 1126, 1126, 1126, 1126, 1126, 1126, 1126, 1126, + 990, 990, 991, 991, 991, 991, 991, 991, 991, 991, + 991, 991, 991, 1215, 1215, 414, 413, 956, 957, 1215, + 957, 957, 957, 957, 957, 957, 957, 957, 957, 957, + 992, 992, 992, 992, 992, 992, 992, 992, 992, 992, + 992, 993, 993, 993, 993, 993, 993, 993, 993, 993, + 993, 993, 1116, 1216, 1216, 410, 1116, 957, 958, 1216, + 958, 958, 958, 958, 958, 958, 958, 958, 958, 958, + 1013, 409, 397, 396, 1013, 1013, 1013, 1013, 1014, 1116, + 395, 394, 1014, 1014, 1014, 1014, 1021, 1021, 1021, 1021, + 1021, 1021, 1021, 1021, 1021, 1021, 393, 958, 959, 392, + + 959, 959, 959, 959, 959, 959, 959, 959, 959, 959, + 1015, 391, 1237, 1237, 1015, 1015, 1015, 1015, 1237, 1135, + 1135, 1016, 1135, 1135, 1013, 1016, 1016, 1016, 1016, 1239, + 1239, 390, 1014, 1240, 1240, 1239, 389, 959, 968, 1240, + 968, 968, 968, 968, 968, 968, 968, 968, 968, 968, + 1017, 388, 387, 1017, 1017, 1017, 1017, 1017, 1017, 1017, + 1017, 1017, 1017, 386, 1015, 1019, 385, 1241, 1241, 1019, + 1019, 1019, 1019, 1241, 384, 1016, 381, 968, 969, 375, + 969, 969, 969, 969, 969, 969, 969, 969, 969, 969, + 1023, 373, 1023, 1023, 1023, 1023, 1023, 1023, 1023, 1023, + + 1023, 1023, 1024, 372, 1024, 1024, 1024, 1024, 1024, 1024, + 1024, 1024, 1024, 1024, 371, 370, 369, 969, 983, 1019, + 983, 983, 983, 983, 983, 983, 983, 983, 983, 983, + 983, 986, 368, 986, 986, 986, 986, 986, 986, 986, + 986, 986, 986, 986, 367, 366, 365, 986, 986, 986, + 986, 986, 986, 1031, 1031, 1031, 1031, 1031, 1031, 1031, + 1031, 1031, 1031, 1035, 364, 1035, 1035, 1035, 1035, 1035, + 1035, 363, 986, 986, 986, 986, 986, 986, 989, 989, + 989, 989, 989, 989, 989, 989, 989, 989, 362, 361, + 1031, 360, 989, 989, 989, 989, 989, 989, 1020, 1245, + + 1245, 1020, 1035, 1246, 1246, 1245, 357, 1020, 1020, 1246, + 1260, 1020, 346, 1260, 342, 1260, 341, 989, 989, 989, + 989, 989, 989, 1247, 1247, 1020, 1020, 1020, 1033, 1247, + 1033, 1033, 1033, 1033, 1033, 1033, 1033, 1033, 1033, 1033, + 340, 339, 1037, 335, 334, 1044, 1037, 1044, 1044, 1044, + 1044, 1044, 1044, 1044, 1044, 1044, 1044, 1051, 1051, 1051, + 1051, 1051, 1051, 1051, 1051, 1051, 1051, 1033, 1034, 1037, + 1034, 1034, 1034, 1034, 1034, 1034, 1034, 1034, 1034, 1034, + 1096, 333, 1096, 1096, 1096, 1096, 1096, 1096, 332, 1045, + 1037, 1045, 1045, 1045, 1045, 1045, 1045, 1045, 1045, 1045, + + 1045, 1152, 1152, 1152, 1152, 1152, 1152, 1034, 1041, 331, + 1041, 1041, 1041, 1041, 1041, 1041, 1041, 1041, 1041, 1041, + 1046, 330, 1046, 1046, 1046, 1046, 1046, 1046, 1046, 1046, + 1046, 1046, 1055, 328, 1055, 1055, 1055, 1055, 1055, 1055, + 1250, 1250, 327, 326, 1055, 325, 1250, 1041, 1042, 324, + 1042, 1042, 1042, 1042, 1042, 1042, 1042, 1042, 1042, 1042, + 1057, 1057, 1057, 1057, 1057, 1057, 1057, 1057, 1057, 1057, + 1059, 323, 1059, 1059, 1059, 1059, 1059, 1059, 1059, 1059, + 1059, 1059, 322, 1251, 1251, 321, 320, 1042, 1043, 1251, + 1043, 1043, 1043, 1043, 1043, 1043, 1043, 1043, 1043, 1043, + + 1061, 1061, 1061, 1061, 1061, 1061, 1061, 1061, 1061, 1061, + 1061, 1062, 1062, 1062, 1062, 1062, 1062, 1062, 1062, 1062, + 1062, 1062, 319, 1252, 1252, 318, 317, 1043, 1053, 1252, + 1053, 1053, 1053, 1053, 1053, 1053, 1053, 1053, 1053, 1053, + 1053, 1056, 316, 1056, 1056, 1056, 1056, 1056, 1056, 1056, + 1056, 1056, 1056, 314, 307, 306, 292, 1056, 1056, 1056, + 1056, 1056, 1056, 1068, 1069, 291, 289, 1068, 1069, 1073, + 1073, 1073, 1073, 1073, 1073, 1073, 1073, 1073, 1073, 288, + 287, 286, 1056, 1056, 1056, 1056, 1056, 1056, 285, 284, + 1068, 1069, 1074, 1074, 1074, 1074, 1074, 1074, 1074, 1074, + + 1074, 1074, 1115, 278, 1115, 1115, 1115, 1115, 1115, 1115, + 274, 1068, 1069, 1075, 271, 1075, 1075, 1075, 1075, 1075, + 1075, 1075, 1075, 1075, 1075, 1076, 269, 1076, 1076, 1076, + 1076, 1076, 1076, 1076, 1076, 1076, 1076, 1077, 267, 1077, + 1077, 1077, 1077, 1077, 1077, 1077, 1077, 1077, 1077, 1078, + 264, 1084, 263, 1078, 1091, 1084, 1091, 1091, 1091, 1091, + 1091, 1091, 1085, 1109, 1122, 1132, 1085, 1109, 1122, 1132, + 1179, 1179, 1179, 1179, 1179, 1179, 1078, 262, 1084, 1087, + 1087, 1087, 1087, 1087, 1087, 1087, 1087, 1087, 1087, 1085, + 1109, 1122, 1132, 1091, 261, 260, 258, 1078, 1081, 1084, + + 1081, 1081, 1081, 1081, 1081, 1081, 1081, 1081, 1081, 1081, + 1085, 1109, 1122, 257, 256, 255, 1087, 1092, 1092, 1092, + 1092, 1092, 1092, 1092, 1092, 1092, 1092, 1111, 1111, 1111, + 1111, 1111, 1111, 1111, 1111, 1111, 1111, 1081, 1082, 254, + 1082, 1082, 1082, 1082, 1082, 1082, 1082, 1082, 1082, 1082, + 1094, 252, 1094, 1094, 1094, 1094, 1094, 1094, 1094, 1094, + 1094, 1094, 1095, 246, 1095, 1095, 1095, 1095, 1095, 1095, + 1095, 1095, 1095, 1095, 238, 234, 229, 1082, 1083, 228, + 1083, 1083, 1083, 1083, 1083, 1083, 1083, 1083, 1083, 1083, + 1102, 226, 1102, 1102, 1102, 1102, 1102, 1102, 1102, 1102, + + 1102, 1102, 1113, 222, 1113, 1113, 1113, 1113, 1113, 1113, + 1113, 1113, 1113, 1113, 217, 215, 210, 1083, 1089, 198, + 1089, 1089, 1089, 1089, 1089, 1089, 1089, 1089, 1089, 1089, + 1114, 197, 1114, 1114, 1114, 1114, 1114, 1114, 1114, 1114, + 1114, 1114, 1117, 1117, 1117, 1117, 1117, 1117, 1117, 1117, + 1117, 1117, 196, 1255, 1255, 195, 194, 1089, 1090, 1255, + 1090, 1090, 1090, 1090, 1090, 1090, 1090, 1090, 1090, 1090, + 186, 1121, 185, 1121, 1121, 1121, 1121, 1121, 1121, 1117, 1126, 1126, 1126, 1126, 1126, 1126, 1126, 1126, 1126, 1126, - 1126, 1127, 1127, 1127, 1127, 1127, 1127, 1127, 1127, 1127, - 1127, 1127, 1127, 1127, 1127, 1127, 1127, 1127, 1127, 1127, + 1256, 1256, 184, 1262, 1262, 183, 1256, 1090, 1119, 1262, + + 1119, 1119, 1119, 1119, 1119, 1119, 1119, 1119, 1119, 1119, + 1121, 1127, 1127, 1127, 1127, 1127, 1127, 1127, 1127, 1127, 1127, 1128, 1128, 1128, 1128, 1128, 1128, 1128, 1128, 1128, - 1128, 1128, 1128, 1128, 1128, 1128, 1128, 1128, 1128, 1128, - 1128, 1129, 1129, 1129, 1129, 1129, 1129, 1129, 1129, 1129, - 1129, 1129, 1129, 1129, 1129, 1129, 1129, 1129, 1129, 1129, - 1129, 1130, 1130, 1130, 1130, 1130, 1130, 1130, 1130, 1130, - - 1130, 1130, 1130, 1130, 1130, 1130, 1130, 1130, 1130, 1130, - 1130, 1131, 0, 0, 1131, 0, 0, 0, 0, 1131, - 0, 1131, 1131, 1131, 0, 0, 1131, 1131, 1131, 1131, - 1131, 1132, 1132, 1132, 1132, 1132, 1132, 1132, 1132, 1132, - 1132, 1132, 1132, 1132, 1132, 1132, 1132, 1132, 1132, 1132, - 1132, 1133, 0, 0, 1133, 0, 0, 1133, 0, 1133, - 0, 1133, 1133, 1133, 1133, 0, 1133, 1133, 1133, 1133, - 1133, 1134, 0, 0, 1134, 0, 0, 0, 0, 1134, - 0, 1134, 1134, 1134, 0, 0, 1134, 1134, 1134, 1134, - 1134, 1135, 0, 0, 1135, 1135, 1135, 0, 1135, 1135, - - 0, 1135, 1135, 1135, 0, 0, 1135, 1135, 1135, 1135, - 1135, 1137, 0, 0, 1137, 1137, 1137, 0, 1137, 1137, - 0, 1137, 1137, 1137, 0, 0, 1137, 1137, 1137, 1137, - 1137, 1138, 0, 0, 1138, 1138, 1138, 0, 1138, 1138, - 0, 1138, 1138, 1138, 0, 1138, 1138, 0, 1138, 1138, - 1138, 1140, 0, 0, 1140, 1140, 0, 0, 1140, 1140, - 0, 1140, 1140, 1140, 1140, 0, 1140, 1140, 1140, 1140, - 1140, 1141, 1141, 1141, 1141, 1141, 1141, 1141, 1141, 1141, - 1141, 1141, 1141, 1141, 1141, 1141, 1141, 1141, 1141, 1141, - 1141, 1142, 1142, 0, 1142, 1142, 0, 1142, 1142, 1142, + 1128, 1267, 182, 181, 1267, 179, 1267, 1119, 1120, 178, + 1120, 1120, 1120, 1120, 1120, 1120, 1120, 1120, 1120, 1120, + 1138, 177, 1138, 1138, 1138, 1138, 1138, 1138, 1138, 1138, + 1138, 1138, 1139, 176, 1139, 1139, 1139, 1139, 1139, 1139, + 1139, 1139, 1139, 1139, 175, 174, 173, 1120, 1123, 172, + 1123, 1123, 1123, 1123, 1123, 1123, 1123, 1123, 1123, 1123, + 1140, 171, 1140, 1140, 1140, 1140, 1140, 1140, 1140, 1140, + + 1140, 1140, 1144, 1144, 1144, 1144, 1144, 1144, 1144, 1144, + 1144, 1144, 166, 1270, 1270, 162, 161, 1123, 1124, 1270, + 1124, 1124, 1124, 1124, 1124, 1124, 1124, 1124, 1124, 1124, + 157, 1148, 154, 1148, 1148, 1148, 1148, 1148, 1148, 1144, + 1150, 1150, 1150, 1150, 1150, 1150, 1150, 1150, 1150, 1150, + 1277, 1277, 150, 1280, 1280, 147, 1277, 1124, 1125, 1280, + 1125, 1125, 1125, 1125, 1125, 1125, 1125, 1125, 1125, 1125, + 1148, 1151, 1151, 1151, 1151, 1151, 1151, 1151, 1151, 1151, + 1151, 1155, 1155, 1155, 1155, 1155, 1155, 1155, 1155, 1155, + 1155, 144, 140, 1282, 1282, 136, 135, 1125, 1141, 1282, + 1141, 1141, 1141, 1141, 1141, 1141, 1141, 1141, 1141, 1141, + 1157, 134, 1157, 1157, 1157, 1157, 1157, 1157, 1157, 1157, + 1157, 1157, 1158, 133, 1158, 1158, 1158, 1158, 1158, 1158, + 1158, 1158, 1158, 1158, 132, 131, 127, 1141, 1142, 121, 1142, 1142, 1142, 1142, 1142, 1142, 1142, 1142, 1142, 1142, - 1142, 1143, 0, 0, 1143, 0, 0, 1143, 0, 1143, - 0, 1143, 1143, 1143, 1143, 0, 1143, 1143, 1143, 1143, - 1143, 1144, 0, 0, 1144, 0, 0, 0, 0, 1144, - 0, 1144, 1144, 1144, 0, 1144, 1144, 1144, 1144, 1144, - 1144, 1145, 0, 0, 1145, 1145, 1145, 0, 1145, 1145, - 0, 1145, 1145, 1145, 0, 1145, 1145, 1145, 1145, 1145, - 1145, 1146, 0, 0, 0, 1146, 1146, 1146, 1146, 1146, - 1146, 1146, 1146, 1146, 1146, 1146, 1146, 1146, 1146, 1146, - 1146, 1147, 0, 0, 1147, 0, 0, 0, 0, 1147, + 1159, 119, 1159, 1159, 1159, 1159, 1159, 1159, 1160, 1160, + 1160, 1160, 1160, 1160, 1160, 1160, 1160, 1160, 1164, 115, + 1164, 1164, 1164, 1164, 1164, 1164, 111, 1142, 1143, 110, + 1143, 1143, 1143, 1143, 1143, 1143, 1143, 1143, 1143, 1143, + 109, 108, 107, 106, 102, 1160, 1165, 1165, 1165, 1165, - 0, 1147, 1147, 1147, 0, 0, 1147, 1147, 1147, 1147, - 1147, 1148, 0, 0, 1148, 0, 0, 1148, 0, 1148, - 0, 1148, 1148, 1148, 1148, 0, 1148, 1148, 1148, 1148, - 1148, 1149, 0, 0, 1149, 0, 0, 0, 0, 1149, - 0, 1149, 1149, 1149, 0, 0, 1149, 1149, 1149, 1149, - 1149, 1150, 0, 0, 1150, 1150, 1150, 0, 1150, 1150, - 0, 1150, 1150, 1150, 0, 0, 1150, 1150, 1150, 1150, - 1150, 1151, 1151, 1151, 1151, 1151, 1151, 1151, 1151, 1151, - 1151, 1151, 1151, 1151, 1151, 1151, 1151, 1151, 1151, 1151, - 1151, 1152, 1152, 0, 1152, 1152, 1152, 1152, 1152, 1152, - - 1152, 1152, 1152, 1152, 1152, 1152, 1152, 1152, 1152, 1152, - 1152, 1153, 0, 0, 1153, 0, 0, 0, 0, 1153, - 0, 1153, 1153, 1153, 0, 0, 1153, 1153, 1153, 1153, - 1153, 1154, 0, 0, 1154, 0, 0, 0, 0, 1154, - 0, 1154, 1154, 1154, 0, 0, 1154, 1154, 1154, 1154, - 1154, 1155, 0, 0, 1155, 1155, 1155, 0, 1155, 1155, - 0, 1155, 1155, 1155, 0, 0, 1155, 1155, 1155, 1155, - 1155, 1156, 0, 0, 1156, 1156, 1156, 0, 1156, 1156, - 0, 1156, 1156, 1156, 0, 0, 1156, 1156, 1156, 1156, - 1156, 1159, 1159, 1159, 0, 0, 0, 0, 1159, 1160, - - 0, 0, 1160, 1160, 1160, 0, 1160, 1160, 0, 1160, - 1160, 1160, 0, 0, 1160, 1160, 1160, 1160, 1160, 1161, - 0, 0, 1161, 1161, 1161, 0, 1161, 1161, 0, 1161, - 1161, 1161, 0, 0, 1161, 1161, 1161, 1161, 1161, 1162, - 0, 0, 1162, 1162, 1162, 0, 1162, 1162, 0, 1162, - 1162, 1162, 0, 1162, 1162, 0, 1162, 1162, 1162, 1164, - 0, 0, 1164, 1164, 0, 0, 1164, 1164, 0, 1164, - 1164, 1164, 1164, 0, 1164, 1164, 1164, 1164, 1164, 1165, - 1165, 0, 1165, 1165, 0, 1165, 1165, 1165, 1165, 1165, - 1165, 1165, 1165, 1165, 1165, 1165, 1165, 1165, 1165, 1166, - - 0, 0, 1166, 0, 0, 0, 0, 1166, 0, 1166, - 1166, 1166, 0, 0, 1166, 1166, 1166, 1166, 1166, 1167, - 0, 0, 1167, 0, 0, 0, 0, 1167, 0, 1167, - 1167, 1167, 0, 1167, 1167, 1167, 1167, 1167, 1167, 1168, - 0, 0, 1168, 1168, 0, 1168, 1168, 0, 0, 1168, - 1168, 1169, 0, 0, 1169, 1169, 1169, 0, 1169, 1169, - 0, 1169, 1169, 1169, 0, 1169, 1169, 1169, 1169, 1169, - 1169, 1171, 0, 0, 0, 1171, 1171, 1171, 1171, 1171, + 1165, 1165, 1165, 1165, 1165, 1165, 89, 1164, 82, 75, + 74, 70, 69, 68, 63, 61, 52, 1143, 1146, 51, + 1146, 1146, 1146, 1146, 1146, 1146, 1146, 1146, 1146, 1146, + 49, 48, 46, 1165, 1166, 1166, 1166, 1166, 1166, 1166, + 1166, 1166, 1166, 1166, 1167, 1167, 1167, 1167, 1167, 1167, + 1167, 1167, 1167, 1167, 41, 36, 30, 1146, 1147, 24, + 1147, 1147, 1147, 1147, 1147, 1147, 1147, 1147, 1147, 1147, + 23, 1166, 20, 19, 0, 0, 0, 0, 0, 0, + 0, 1167, 1168, 1168, 1168, 1168, 1168, 1168, 1168, 1168, + 1168, 1168, 0, 0, 0, 0, 0, 1147, 1162, 0, + + 1162, 1162, 1162, 1162, 1162, 1162, 1162, 1162, 1162, 1162, + 1169, 1169, 1169, 1169, 1169, 1169, 1169, 1169, 1169, 1169, + 1170, 1170, 1170, 1170, 1170, 1170, 1170, 1170, 1170, 1170, + 0, 0, 0, 0, 0, 0, 0, 1162, 1163, 0, + 1163, 1163, 1163, 1163, 1163, 1163, 1163, 1163, 1163, 1163, 1171, 1171, 1171, 1171, 1171, 1171, 1171, 1171, 1171, 1171, - 1171, 1172, 0, 0, 1172, 0, 0, 0, 0, 1172, + 1172, 1172, 1172, 1172, 1172, 1172, 1172, 1172, 1172, 1172, + 0, 0, 0, 0, 0, 0, 0, 1163, 0, 0, + 0, 1176, 1176, 1176, 1176, 1176, 1176, 1171, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 1172, 1173, 1173, + + 1173, 1173, 1173, 1173, 1173, 1173, 1173, 1173, 1175, 1175, + 1175, 1175, 1175, 1175, 1175, 1175, 1175, 1175, 1176, 1178, + 1178, 1178, 1178, 1178, 1178, 1178, 1178, 1178, 1178, 1182, + 1182, 1182, 1182, 1182, 1182, 1173, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 1175, 1181, 1181, 1181, 1181, + 1181, 1181, 1181, 1181, 1181, 1181, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 1182, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 1181, 1184, 1184, 1184, 1184, 1184, 1184, + 1184, 1184, 1184, 1184, 1184, 1184, 1184, 1184, 1184, 1184, - 0, 1172, 1172, 1172, 0, 0, 1172, 1172, 1172, 1172, - 1172, 1173, 0, 0, 1173, 0, 0, 0, 0, 1173, - 0, 1173, 1173, 1173, 0, 0, 1173, 1173, 1173, 1173, - 1173, 1174, 0, 0, 1174, 0, 0, 0, 0, 1174, - 0, 1174, 1174, 1174, 0, 0, 1174, 1174, 1174, 1174, - 1174, 1175, 0, 0, 1175, 1175, 1175, 0, 1175, 1175, - 0, 1175, 1175, 1175, 0, 0, 1175, 1175, 1175, 1175, - 1175, 1176, 0, 0, 1176, 1176, 1176, 0, 1176, 1176, - 0, 1176, 1176, 1176, 0, 0, 1176, 1176, 1176, 1176, - 1176, 1177, 1177, 1177, 1177, 1177, 1177, 1177, 1177, 1177, - - 1177, 1177, 1177, 1177, 1177, 1177, 1177, 1177, 1177, 1177, - 1177, 1178, 1178, 1178, 1178, 1178, 1178, 1178, 1178, 1178, - 1178, 1178, 1178, 1178, 1178, 1178, 1178, 1178, 1178, 1178, - 1178, 1180, 1180, 1180, 0, 0, 0, 0, 1180, 1184, - 1184, 1184, 0, 0, 0, 0, 1184, 1185, 1185, 1185, + 1184, 1184, 1184, 1184, 1185, 1185, 1185, 1185, 1185, 1185, 1185, 1185, 1185, 1185, 1185, 1185, 1185, 1185, 1185, 1185, - 1185, 1185, 1185, 1185, 1185, 1185, 1185, 1190, 1190, 1190, - 0, 0, 0, 0, 1190, 1191, 1191, 1191, 1191, 0, - 0, 0, 0, 1191, 1195, 1195, 1195, 0, 0, 0, - 0, 1195, 1196, 1196, 1196, 1196, 0, 0, 0, 0, - - 1196, 1199, 1199, 1199, 0, 0, 0, 0, 1199, 1200, - 1200, 1200, 1200, 0, 0, 0, 0, 1200, 1201, 1201, - 1201, 1201, 1201, 1201, 1201, 1201, 1201, 1201, 1201, 1201, - 1201, 1201, 1201, 1201, 1201, 1201, 1201, 1201, 1203, 0, - 0, 1203, 1203, 0, 1203, 1203, 0, 0, 1203, 1203, - 1205, 0, 1205, 1205, 0, 0, 0, 0, 1205, 1206, - 1206, 1206, 0, 0, 0, 0, 1206, 1207, 1207, 1207, - 1207, 0, 0, 0, 0, 1207, 1208, 1208, 1208, 1208, - 1208, 1208, 1208, 1208, 1208, 1208, 1208, 1208, 1208, 1208, - 1208, 1208, 1208, 1208, 1208, 1208, 1210, 0, 0, 1210, - - 1210, 0, 1210, 1210, 0, 0, 1210, 1210, 1211, 0, - 0, 1211, 0, 0, 0, 0, 1211, 0, 1211, 1211, - 1211, 0, 0, 1211, 1211, 1211, 1211, 1211, 1213, 0, - 1213, 1213, 0, 0, 0, 0, 1213, 1214, 1214, 1214, - 0, 0, 0, 0, 1214, 1215, 1215, 1215, 0, 0, - 0, 0, 0, 1215, 1216, 1216, 1216, 1216, 1216, 1216, - 1216, 1216, 1216, 1216, 1216, 1216, 1216, 1216, 1216, 1216, - 1216, 1216, 1216, 1216, 1217, 1217, 0, 1217, 1217, 1217, - 1217, 0, 1217, 0, 1217, 1217, 1217, 0, 0, 1217, - 1217, 1217, 1217, 1217, 1218, 1218, 0, 1218, 1218, 1218, - - 1218, 0, 1218, 0, 1218, 1218, 1218, 0, 0, 1218, - 1218, 1218, 1218, 1218, 1220, 0, 1220, 1220, 0, 0, - 0, 0, 1220, 1223, 0, 1223, 1223, 0, 0, 0, - 0, 1223, 1226, 1226, 1226, 1226, 1226, 1226, 1226, 1226, - 1226, 1226, 1226, 1226, 1226, 1226, 1226, 1226, 1226, 1226, - 1226, 1226, 1125, 1125, 1125, 1125, 1125, 1125, 1125, 1125, - 1125, 1125, 1125, 1125, 1125, 1125, 1125, 1125, 1125, 1125, - 1125, 1125, 1125, 1125, 1125, 1125, 1125, 1125, 1125, 1125, - 1125, 1125, 1125, 1125, 1125, 1125, 1125, 1125, 1125, 1125, - 1125, 1125, 1125, 1125, 1125, 1125, 1125, 1125, 1125, 1125, + 1185, 1185, 1185, 1185, 1186, 1186, 1186, 1186, 1186, 1186, + 1186, 1186, 1186, 1186, 1186, 1186, 1186, 1186, 1186, 1186, + 1186, 1186, 1186, 1186, 1187, 1187, 1187, 1187, 1187, 1187, + 1187, 1187, 1187, 1187, 1187, 1187, 1187, 1187, 1187, 1187, + 1187, 1187, 1187, 1187, 1188, 1188, 1188, 1188, 1188, 1188, + 1188, 1188, 1188, 1188, 1188, 1188, 1188, 1188, 1188, 1188, + 1188, 1188, 1188, 1188, 1189, 0, 0, 1189, 0, 0, + 0, 0, 1189, 0, 1189, 1189, 1189, 0, 0, 1189, + + 1189, 1189, 1189, 1189, 1190, 1190, 1190, 1190, 1190, 1190, + 1190, 1190, 1190, 1190, 1190, 1190, 1190, 1190, 1190, 1190, + 1190, 1190, 1190, 1190, 1191, 0, 0, 1191, 0, 0, + 1191, 0, 1191, 0, 1191, 1191, 1191, 1191, 0, 1191, + 1191, 1191, 1191, 1191, 1192, 0, 0, 1192, 0, 0, + 0, 0, 1192, 0, 1192, 1192, 1192, 0, 0, 1192, + 1192, 1192, 1192, 1192, 1193, 0, 0, 1193, 1193, 1193, + 0, 1193, 1193, 0, 1193, 1193, 1193, 0, 0, 1193, + 1193, 1193, 1193, 1193, 1195, 0, 0, 1195, 1195, 1195, + 0, 1195, 1195, 0, 1195, 1195, 1195, 0, 0, 1195, + + 1195, 1195, 1195, 1195, 1196, 0, 0, 1196, 1196, 1196, + 0, 1196, 1196, 0, 1196, 1196, 1196, 0, 1196, 1196, + 0, 1196, 1196, 1196, 1198, 0, 0, 1198, 1198, 0, + 0, 1198, 1198, 0, 1198, 1198, 1198, 1198, 0, 1198, + 1198, 1198, 1198, 1198, 1199, 1199, 1199, 1199, 1199, 1199, + 1199, 1199, 1199, 1199, 1199, 1199, 1199, 1199, 1199, 1199, + 1199, 1199, 1199, 1199, 1200, 1200, 0, 1200, 1200, 0, + 1200, 1200, 1200, 1200, 1200, 1200, 1200, 1200, 1200, 1200, + 1200, 1200, 1200, 1200, 1201, 0, 0, 1201, 0, 0, + 1201, 0, 1201, 0, 1201, 1201, 1201, 1201, 0, 1201, + + 1201, 1201, 1201, 1201, 1202, 0, 0, 1202, 0, 0, + 0, 0, 1202, 0, 1202, 1202, 1202, 0, 1202, 1202, + 1202, 1202, 1202, 1202, 1203, 0, 0, 1203, 1203, 1203, + 0, 1203, 1203, 0, 1203, 1203, 1203, 0, 1203, 1203, + 1203, 1203, 1203, 1203, 1204, 0, 0, 0, 1204, 1204, + 1204, 1204, 1204, 1204, 1204, 1204, 1204, 1204, 1204, 1204, + 1204, 1204, 1204, 1204, 1205, 0, 0, 1205, 0, 0, + 0, 0, 1205, 0, 1205, 1205, 1205, 0, 0, 1205, + 1205, 1205, 1205, 1205, 1206, 0, 0, 1206, 0, 0, + 1206, 0, 1206, 0, 1206, 1206, 1206, 1206, 0, 1206, + + 1206, 1206, 1206, 1206, 1207, 0, 0, 1207, 0, 0, + 0, 0, 1207, 0, 1207, 1207, 1207, 0, 0, 1207, + 1207, 1207, 1207, 1207, 1208, 0, 0, 1208, 1208, 1208, + 0, 1208, 1208, 0, 1208, 1208, 1208, 0, 0, 1208, + 1208, 1208, 1208, 1208, 1209, 1209, 1209, 1209, 1209, 1209, + 1209, 1209, 1209, 1209, 1209, 1209, 1209, 1209, 1209, 1209, + 1209, 1209, 1209, 1209, 1210, 1210, 0, 1210, 1210, 1210, + 1210, 1210, 1210, 1210, 1210, 1210, 1210, 1210, 1210, 1210, + 1210, 1210, 1210, 1210, 1211, 0, 0, 1211, 0, 0, + 0, 0, 1211, 0, 1211, 1211, 1211, 0, 0, 1211, + + 1211, 1211, 1211, 1211, 1212, 0, 0, 1212, 0, 0, + 0, 0, 1212, 0, 1212, 1212, 1212, 0, 0, 1212, + 1212, 1212, 1212, 1212, 1213, 0, 0, 1213, 1213, 1213, + 0, 1213, 1213, 0, 1213, 1213, 1213, 0, 0, 1213, + 1213, 1213, 1213, 1213, 1214, 0, 0, 1214, 1214, 1214, + 0, 1214, 1214, 0, 1214, 1214, 1214, 0, 0, 1214, + 1214, 1214, 1214, 1214, 1217, 1217, 1217, 0, 0, 0, + 0, 1217, 1218, 0, 0, 1218, 1218, 1218, 0, 1218, + 1218, 0, 1218, 1218, 1218, 0, 0, 1218, 1218, 1218, + 1218, 1218, 1219, 0, 0, 1219, 1219, 1219, 0, 1219, + + 1219, 0, 1219, 1219, 1219, 0, 0, 1219, 1219, 1219, + 1219, 1219, 1220, 0, 0, 1220, 1220, 1220, 0, 1220, + 1220, 0, 1220, 1220, 1220, 0, 1220, 1220, 0, 1220, + 1220, 1220, 1222, 0, 0, 1222, 1222, 0, 0, 1222, + 1222, 0, 1222, 1222, 1222, 1222, 0, 1222, 1222, 1222, + 1222, 1222, 1223, 1223, 0, 1223, 1223, 0, 1223, 1223, + 1223, 1223, 1223, 1223, 1223, 1223, 1223, 1223, 1223, 1223, + 1223, 1223, 1224, 0, 0, 1224, 0, 0, 0, 0, + 1224, 0, 1224, 1224, 1224, 0, 0, 1224, 1224, 1224, + 1224, 1224, 1225, 0, 0, 1225, 0, 0, 0, 0, + + 1225, 0, 1225, 1225, 1225, 0, 1225, 1225, 1225, 1225, + 1225, 1225, 1226, 0, 0, 1226, 1226, 0, 1226, 1226, + 0, 0, 1226, 1226, 1227, 0, 0, 1227, 1227, 1227, + 0, 1227, 1227, 0, 1227, 1227, 1227, 0, 1227, 1227, + 1227, 1227, 1227, 1227, 1229, 0, 0, 0, 1229, 1229, + 1229, 1229, 1229, 1229, 1229, 1229, 1229, 1229, 1229, 1229, + 1229, 1229, 1229, 1229, 1230, 0, 0, 1230, 0, 0, + 0, 0, 1230, 0, 1230, 1230, 1230, 0, 0, 1230, + 1230, 1230, 1230, 1230, 1231, 0, 0, 1231, 0, 0, + 0, 0, 1231, 0, 1231, 1231, 1231, 0, 0, 1231, + + 1231, 1231, 1231, 1231, 1232, 0, 0, 1232, 0, 0, + 0, 0, 1232, 0, 1232, 1232, 1232, 0, 0, 1232, + 1232, 1232, 1232, 1232, 1233, 0, 0, 1233, 1233, 1233, + 0, 1233, 1233, 0, 1233, 1233, 1233, 0, 0, 1233, + 1233, 1233, 1233, 1233, 1234, 0, 0, 1234, 1234, 1234, + 0, 1234, 1234, 0, 1234, 1234, 1234, 0, 0, 1234, + 1234, 1234, 1234, 1234, 1235, 1235, 1235, 1235, 1235, 1235, + 1235, 1235, 1235, 1235, 1235, 1235, 1235, 1235, 1235, 1235, + 1235, 1235, 1235, 1235, 1236, 1236, 1236, 1236, 1236, 1236, + 1236, 1236, 1236, 1236, 1236, 1236, 1236, 1236, 1236, 1236, + + 1236, 1236, 1236, 1236, 1238, 1238, 1238, 0, 0, 0, + 0, 1238, 1242, 1242, 1242, 0, 0, 0, 0, 1242, + 1243, 1243, 1243, 1243, 1243, 1243, 1243, 1243, 1243, 1243, + 1243, 1243, 1243, 1243, 1243, 1243, 1243, 1243, 1243, 1243, + 1248, 1248, 1248, 0, 0, 0, 0, 1248, 1249, 1249, + 1249, 1249, 0, 0, 0, 0, 1249, 1253, 1253, 1253, + 0, 0, 0, 0, 1253, 1254, 1254, 1254, 1254, 0, + 0, 0, 0, 1254, 1257, 1257, 1257, 0, 0, 0, + 0, 1257, 1258, 1258, 1258, 1258, 0, 0, 0, 0, + 1258, 1259, 1259, 1259, 1259, 1259, 1259, 1259, 1259, 1259, + + 1259, 1259, 1259, 1259, 1259, 1259, 1259, 1259, 1259, 1259, + 1259, 1261, 0, 0, 1261, 1261, 0, 1261, 1261, 0, + 0, 1261, 1261, 1263, 0, 1263, 1263, 0, 0, 0, + 0, 1263, 1264, 1264, 1264, 0, 0, 0, 0, 1264, + 1265, 1265, 1265, 1265, 0, 0, 0, 0, 1265, 1266, + 1266, 1266, 1266, 1266, 1266, 1266, 1266, 1266, 1266, 1266, + 1266, 1266, 1266, 1266, 1266, 1266, 1266, 1266, 1266, 1268, + 0, 0, 1268, 1268, 0, 1268, 1268, 0, 0, 1268, + 1268, 1269, 0, 0, 1269, 0, 0, 0, 0, 1269, + 0, 1269, 1269, 1269, 0, 0, 1269, 1269, 1269, 1269, + + 1269, 1271, 0, 1271, 1271, 0, 0, 0, 0, 1271, + 1272, 1272, 1272, 0, 0, 0, 0, 1272, 1273, 1273, + 1273, 0, 0, 0, 0, 0, 1273, 1274, 1274, 1274, + 1274, 1274, 1274, 1274, 1274, 1274, 1274, 1274, 1274, 1274, + 1274, 1274, 1274, 1274, 1274, 1274, 1274, 1275, 1275, 0, + 1275, 1275, 1275, 1275, 0, 1275, 0, 1275, 1275, 1275, + 0, 0, 1275, 1275, 1275, 1275, 1275, 1276, 1276, 0, + 1276, 1276, 1276, 1276, 0, 1276, 0, 1276, 1276, 1276, + 0, 0, 1276, 1276, 1276, 1276, 1276, 1278, 0, 1278, + 1278, 0, 0, 0, 0, 1278, 1281, 0, 1281, 1281, + + 0, 0, 0, 0, 1281, 1284, 1284, 1284, 1284, 1284, + 1284, 1284, 1284, 1284, 1284, 1284, 1284, 1284, 1284, 1284, + 1284, 1284, 1284, 1284, 1284, 1183, 1183, 1183, 1183, 1183, + 1183, 1183, 1183, 1183, 1183, 1183, 1183, 1183, 1183, 1183, + 1183, 1183, 1183, 1183, 1183, 1183, 1183, 1183, 1183, 1183, + 1183, 1183, 1183, 1183, 1183, 1183, 1183, 1183, 1183, 1183, + 1183, 1183, 1183, 1183, 1183, 1183, 1183, 1183, 1183, 1183, + 1183, 1183, 1183, 1183, 1183, 1183, 1183, 1183, 1183, 1183, + 1183, 1183, 1183, 1183, 1183, 1183, 1183, 1183, 1183, 1183, + 1183, 1183, 1183, 1183, 1183, 1183, 1183, 1183, 1183, 1183 - 1125, 1125, 1125, 1125, 1125, 1125, 1125, 1125, 1125, 1125, - 1125, 1125, 1125, 1125, 1125, 1125, 1125, 1125, 1125, 1125, - 1125, 1125, 1125, 1125, 1125, 1125, 1125 } ; static yy_state_type yy_last_accepting_state; @@ -2711,7 +2723,7 @@ /* * SPDX-License-Identifier: ISC * - * Copyright (c) 1996, 1998-2005, 2007-2020 + * Copyright (c) 1996, 1998-2005, 2007-2021 * Todd C. Miller * * Permission to use, copy, modify, and distribute this software for any @@ -2764,6 +2776,7 @@ int sudolineno; /* current sudoers line number. */ char *sudoers; /* sudoers file being parsed. */ +char *sudoers_errstr; /* description of last error from lexer. */ struct sudolinebuf sudolinebuf; /* sudoers line being parsed. */ /* Default sudoers path, mode and owner (may be set via sudo.conf) */ @@ -2779,6 +2792,10 @@ static bool pop_include(void); static yy_size_t sudoers_input(char *buf, yy_size_t max_size); +#ifndef TRACELEXER +static struct sudo_lbuf trace_lbuf; +#endif + int (*trace_print)(const char *msg) = sudoers_trace_print; #define ECHO ignore_result(fwrite(sudoerstext, sudoersleng, 1, sudoersout)) @@ -2804,7 +2821,7 @@ -#line 2802 "toke.c" +#line 2819 "toke.c" #define INITIAL 0 #define GOTDEFS 1 @@ -3024,9 +3041,9 @@ } { -#line 117 "toke.l" +#line 122 "toke.l" -#line 3024 "toke.c" +#line 3041 "toke.c" while ( 1 ) /* loops until end-of-file is reached */ { @@ -3054,13 +3071,13 @@ while ( yy_chk[yy_base[yy_current_state] + yy_c] != yy_current_state ) { yy_current_state = (int) yy_def[yy_current_state]; - if ( yy_current_state >= 1126 ) + if ( yy_current_state >= 1184 ) yy_c = yy_meta[(unsigned int) yy_c]; } yy_current_state = yy_nxt[yy_base[yy_current_state] + (unsigned int) yy_c]; ++yy_cp; } - while ( yy_base[yy_current_state] != 8253 ); + while ( yy_base[yy_current_state] != 8226 ); yy_find_action: yy_act = yy_accept[yy_current_state]; @@ -3086,7 +3103,7 @@ case 1: YY_RULE_SETUP -#line 118 "toke.l" +#line 123 "toke.l" { LEXTRACE(", "); return ','; @@ -3094,12 +3111,12 @@ YY_BREAK case 2: YY_RULE_SETUP -#line 123 "toke.l" +#line 128 "toke.l" BEGIN STARTDEFS; YY_BREAK case 3: YY_RULE_SETUP -#line 125 "toke.l" +#line 130 "toke.l" { BEGIN INDEFS; LEXTRACE("DEFVAR "); @@ -3111,7 +3128,7 @@ case 4: YY_RULE_SETUP -#line 134 "toke.l" +#line 139 "toke.l" { BEGIN STARTDEFS; LEXTRACE(", "); @@ -3120,7 +3137,7 @@ YY_BREAK case 5: YY_RULE_SETUP -#line 140 "toke.l" +#line 145 "toke.l" { LEXTRACE("= "); return '='; @@ -3128,7 +3145,7 @@ YY_BREAK case 6: YY_RULE_SETUP -#line 145 "toke.l" +#line 150 "toke.l" { LEXTRACE("+= "); return '+'; @@ -3136,7 +3153,7 @@ YY_BREAK case 7: YY_RULE_SETUP -#line 150 "toke.l" +#line 155 "toke.l" { LEXTRACE("-= "); return '-'; @@ -3144,7 +3161,7 @@ YY_BREAK case 8: YY_RULE_SETUP -#line 155 "toke.l" +#line 160 "toke.l" { LEXTRACE("BEGINSTR "); sudoerslval.string = NULL; @@ -3154,7 +3171,7 @@ YY_BREAK case 9: YY_RULE_SETUP -#line 162 "toke.l" +#line 167 "toke.l" { LEXTRACE("WORD(2) "); if (!fill(sudoerstext, sudoersleng)) @@ -3167,7 +3184,7 @@ case 10: /* rule 10 can match eol */ YY_RULE_SETUP -#line 171 "toke.l" +#line 176 "toke.l" { /* Line continuation char followed by newline. */ sudolineno++; @@ -3176,13 +3193,13 @@ YY_BREAK case 11: YY_RULE_SETUP -#line 177 "toke.l" +#line 182 "toke.l" { LEXTRACE("ENDSTR "); BEGIN prev_state; if (sudoerslval.string == NULL) { - sudoerserror(N_("empty string")); + sudoers_errstr = N_("empty string"); LEXTRACE("ERROR "); return ERROR; } @@ -3192,7 +3209,9 @@ if (sudoerslval.string[1] == '\0' || (sudoerslval.string[1] == ':' && sudoerslval.string[2] == '\0')) { - sudoerserror(N_("empty group")); + parser_leak_remove(LEAK_PTR, sudoerslval.string); + free(sudoerslval.string); + sudoers_errstr = N_("empty group"); LEXTRACE("ERROR "); return ERROR; } @@ -3200,7 +3219,9 @@ return USERGROUP; case '+': if (sudoerslval.string[1] == '\0') { - sudoerserror(N_("empty netgroup")); + parser_leak_remove(LEAK_PTR, sudoerslval.string); + free(sudoerslval.string); + sudoers_errstr = N_("empty netgroup"); LEXTRACE("ERROR "); return ERROR; } @@ -3214,7 +3235,7 @@ YY_BREAK case 12: YY_RULE_SETUP -#line 212 "toke.l" +#line 221 "toke.l" { LEXTRACE("BACKSLASH "); if (!append(sudoerstext, sudoersleng)) @@ -3223,7 +3244,7 @@ YY_BREAK case 13: YY_RULE_SETUP -#line 218 "toke.l" +#line 227 "toke.l" { LEXTRACE("STRBODY "); if (!append(sudoerstext, sudoersleng)) @@ -3234,7 +3255,7 @@ case 14: YY_RULE_SETUP -#line 226 "toke.l" +#line 235 "toke.l" { /* quoted fnmatch glob char, pass verbatim */ LEXTRACE("QUOTEDCHAR "); @@ -3245,7 +3266,7 @@ YY_BREAK case 15: YY_RULE_SETUP -#line 234 "toke.l" +#line 243 "toke.l" { /* quoted sudoers special char, strip backslash */ LEXTRACE("QUOTEDCHAR "); @@ -3257,7 +3278,7 @@ case 16: /* rule 16 can match eol */ YY_RULE_SETUP -#line 242 "toke.l" +#line 251 "toke.l" { BEGIN INITIAL; sudoersless(0); @@ -3267,7 +3288,7 @@ YY_BREAK case 17: YY_RULE_SETUP -#line 249 "toke.l" +#line 258 "toke.l" { LEXTRACE("ARG "); if (!fill_args(sudoerstext, sudoersleng, sawspace)) @@ -3278,7 +3299,7 @@ case 18: YY_RULE_SETUP -#line 257 "toke.l" +#line 266 "toke.l" { /* Only return DIGEST if the length is correct. */ yy_size_t digest_len = @@ -3296,7 +3317,7 @@ YY_BREAK case 19: YY_RULE_SETUP -#line 272 "toke.l" +#line 281 "toke.l" { /* Only return DIGEST if the length is correct. */ yy_size_t len, digest_len = @@ -3321,10 +3342,10 @@ YY_BREAK case 20: YY_RULE_SETUP -#line 294 "toke.l" +#line 303 "toke.l" { if (continued) { - sudoerserror(N_("invalid line continuation")); + sudoers_errstr = N_("invalid line continuation"); LEXTRACE("ERROR "); return ERROR; } @@ -3336,10 +3357,10 @@ YY_BREAK case 21: YY_RULE_SETUP -#line 306 "toke.l" +#line 315 "toke.l" { if (continued) { - sudoerserror(N_("invalid line continuation")); + sudoers_errstr = N_("invalid line continuation"); LEXTRACE("ERROR "); return ERROR; } @@ -3352,10 +3373,10 @@ case 22: /* rule 22 can match eol */ YY_RULE_SETUP -#line 318 "toke.l" +#line 327 "toke.l" { if (continued) { - sudoerserror(N_("invalid line continuation")); + sudoers_errstr = N_("invalid line continuation"); LEXTRACE("ERROR "); return ERROR; } @@ -3372,10 +3393,10 @@ case 23: /* rule 23 can match eol */ YY_RULE_SETUP -#line 334 "toke.l" +#line 343 "toke.l" { if (continued) { - sudoerserror(N_("invalid line continuation")); + sudoers_errstr = N_("invalid line continuation"); LEXTRACE("ERROR "); return ERROR; } @@ -3391,13 +3412,13 @@ YY_BREAK case 24: YY_RULE_SETUP -#line 350 "toke.l" +#line 359 "toke.l" { char deftype; int n; if (continued) { - sudoerserror(N_("invalid line continuation")); + sudoers_errstr = N_("invalid line continuation"); LEXTRACE("ERROR "); return ERROR; } @@ -3435,12 +3456,12 @@ YY_BREAK case 25: YY_RULE_SETUP -#line 391 "toke.l" +#line 400 "toke.l" { int n; if (continued) { - sudoerserror(N_("invalid line continuation")); + sudoers_errstr = N_("invalid line continuation"); LEXTRACE("ERROR "); return ERROR; } @@ -3465,7 +3486,7 @@ YY_BREAK case 26: YY_RULE_SETUP -#line 418 "toke.l" +#line 427 "toke.l" { /* cmnd does not require passwd for this user */ LEXTRACE("NOPASSWD "); @@ -3474,7 +3495,7 @@ YY_BREAK case 27: YY_RULE_SETUP -#line 424 "toke.l" +#line 433 "toke.l" { /* cmnd requires passwd for this user */ LEXTRACE("PASSWD "); @@ -3483,7 +3504,7 @@ YY_BREAK case 28: YY_RULE_SETUP -#line 430 "toke.l" +#line 439 "toke.l" { LEXTRACE("NOEXEC "); return NOEXEC; @@ -3491,7 +3512,7 @@ YY_BREAK case 29: YY_RULE_SETUP -#line 435 "toke.l" +#line 444 "toke.l" { LEXTRACE("EXEC "); return EXEC; @@ -3499,99 +3520,115 @@ YY_BREAK case 30: YY_RULE_SETUP -#line 440 "toke.l" +#line 449 "toke.l" +{ + LEXTRACE("INTERCEPT "); + return INTERCEPT; + } + YY_BREAK +case 31: +YY_RULE_SETUP +#line 454 "toke.l" +{ + LEXTRACE("NOINTERCEPT "); + return NOINTERCEPT; + } + YY_BREAK +case 32: +YY_RULE_SETUP +#line 459 "toke.l" { LEXTRACE("SETENV "); return SETENV; } YY_BREAK -case 31: +case 33: YY_RULE_SETUP -#line 445 "toke.l" +#line 464 "toke.l" { LEXTRACE("NOSETENV "); return NOSETENV; } YY_BREAK -case 32: +case 34: YY_RULE_SETUP -#line 450 "toke.l" +#line 469 "toke.l" { LEXTRACE("LOG_OUTPUT "); return LOG_OUTPUT; } YY_BREAK -case 33: +case 35: YY_RULE_SETUP -#line 455 "toke.l" +#line 474 "toke.l" { LEXTRACE("NOLOG_OUTPUT "); return NOLOG_OUTPUT; } YY_BREAK -case 34: +case 36: YY_RULE_SETUP -#line 460 "toke.l" +#line 479 "toke.l" { LEXTRACE("LOG_INPUT "); return LOG_INPUT; } YY_BREAK -case 35: +case 37: YY_RULE_SETUP -#line 465 "toke.l" +#line 484 "toke.l" { LEXTRACE("NOLOG_INPUT "); return NOLOG_INPUT; } YY_BREAK -case 36: +case 38: YY_RULE_SETUP -#line 470 "toke.l" +#line 489 "toke.l" { LEXTRACE("MAIL "); return MAIL; } YY_BREAK -case 37: +case 39: YY_RULE_SETUP -#line 475 "toke.l" +#line 494 "toke.l" { LEXTRACE("NOMAIL "); return NOMAIL; } YY_BREAK -case 38: +case 40: YY_RULE_SETUP -#line 480 "toke.l" +#line 499 "toke.l" { LEXTRACE("FOLLOW "); return FOLLOWLNK; } YY_BREAK -case 39: +case 41: YY_RULE_SETUP -#line 485 "toke.l" +#line 504 "toke.l" { LEXTRACE("NOFOLLOW "); return NOFOLLOWLNK; } YY_BREAK -case 40: +case 42: YY_RULE_SETUP -#line 490 "toke.l" +#line 509 "toke.l" { if (sudoerstext[0] == '+') - sudoerserror(N_("empty netgroup")); + sudoers_errstr = N_("empty netgroup"); else - sudoerserror(N_("empty group")); + sudoers_errstr = N_("empty group"); LEXTRACE("ERROR "); return ERROR; } YY_BREAK -case 41: +case 43: YY_RULE_SETUP -#line 499 "toke.l" +#line 518 "toke.l" { /* netgroup */ if (!fill(sudoerstext, sudoersleng)) @@ -3600,9 +3637,9 @@ return NETGROUP; } YY_BREAK -case 42: +case 44: YY_RULE_SETUP -#line 507 "toke.l" +#line 526 "toke.l" { /* group */ if (!fill(sudoerstext, sudoersleng)) @@ -3611,9 +3648,9 @@ return USERGROUP; } YY_BREAK -case 43: +case 45: YY_RULE_SETUP -#line 515 "toke.l" +#line 534 "toke.l" { if (!fill(sudoerstext, sudoersleng)) yyterminate(); @@ -3621,9 +3658,9 @@ return NTWKADDR; } YY_BREAK -case 44: +case 46: YY_RULE_SETUP -#line 522 "toke.l" +#line 541 "toke.l" { if (!fill(sudoerstext, sudoersleng)) yyterminate(); @@ -3631,12 +3668,12 @@ return NTWKADDR; } YY_BREAK -case 45: +case 47: YY_RULE_SETUP -#line 529 "toke.l" +#line 548 "toke.l" { if (!ipv6_valid(sudoerstext)) { - sudoerserror(N_("invalid IPv6 address")); + sudoers_errstr = N_("invalid IPv6 address"); LEXTRACE("ERROR "); return ERROR; } @@ -3646,12 +3683,12 @@ return NTWKADDR; } YY_BREAK -case 46: +case 48: YY_RULE_SETUP -#line 541 "toke.l" +#line 560 "toke.l" { if (!ipv6_valid(sudoerstext)) { - sudoerserror(N_("invalid IPv6 address")); + sudoers_errstr = N_("invalid IPv6 address"); LEXTRACE("ERROR "); return ERROR; } @@ -3661,42 +3698,42 @@ return NTWKADDR; } YY_BREAK -case 47: +case 49: YY_RULE_SETUP -#line 553 "toke.l" +#line 572 "toke.l" { LEXTRACE("ALL "); return ALL; } YY_BREAK -case 48: +case 50: YY_RULE_SETUP -#line 559 "toke.l" +#line 578 "toke.l" { LEXTRACE("CMND_TIMEOUT "); return CMND_TIMEOUT; } YY_BREAK -case 49: +case 51: YY_RULE_SETUP -#line 564 "toke.l" +#line 583 "toke.l" { LEXTRACE("NOTBEFORE "); return NOTBEFORE; } YY_BREAK -case 50: +case 52: YY_RULE_SETUP -#line 569 "toke.l" +#line 588 "toke.l" { LEXTRACE("NOTAFTER "); return NOTAFTER; } YY_BREAK -case 51: +case 53: YY_RULE_SETUP -#line 574 "toke.l" +#line 593 "toke.l" { LEXTRACE("CWD "); prev_state = YY_START; @@ -3704,9 +3741,9 @@ return CWD; } YY_BREAK -case 52: +case 54: YY_RULE_SETUP -#line 581 "toke.l" +#line 600 "toke.l" { LEXTRACE("CHROOT "); prev_state = YY_START; @@ -3714,9 +3751,9 @@ return CHROOT; } YY_BREAK -case 53: +case 55: YY_RULE_SETUP -#line 588 "toke.l" +#line 607 "toke.l" { #ifdef HAVE_SELINUX LEXTRACE("ROLE "); @@ -3726,9 +3763,9 @@ #endif } YY_BREAK -case 54: +case 56: YY_RULE_SETUP -#line 597 "toke.l" +#line 616 "toke.l" { #ifdef HAVE_SELINUX LEXTRACE("TYPE "); @@ -3738,9 +3775,9 @@ #endif } YY_BREAK -case 55: +case 57: YY_RULE_SETUP -#line 605 "toke.l" +#line 624 "toke.l" { #ifdef HAVE_PRIV_SET LEXTRACE("PRIVS "); @@ -3750,9 +3787,9 @@ #endif } YY_BREAK -case 56: +case 58: YY_RULE_SETUP -#line 614 "toke.l" +#line 633 "toke.l" { #ifdef HAVE_PRIV_SET LEXTRACE("LIMITPRIVS "); @@ -3762,9 +3799,9 @@ #endif } YY_BREAK -case 57: +case 59: YY_RULE_SETUP -#line 623 "toke.l" +#line 642 "toke.l" { got_alias: if (!fill(sudoerstext, sudoersleng)) @@ -3773,9 +3810,9 @@ return ALIAS; } YY_BREAK -case 58: +case 60: YY_RULE_SETUP -#line 631 "toke.l" +#line 650 "toke.l" { /* XXX - no way to specify digest for command */ /* no command args allowed for Defaults!/path */ @@ -3785,9 +3822,9 @@ return COMMAND; } YY_BREAK -case 59: +case 61: YY_RULE_SETUP -#line 640 "toke.l" +#line 659 "toke.l" { digest_type = SUDO_DIGEST_SHA224; BEGIN WANTDIGEST; @@ -3795,9 +3832,9 @@ return SHA224_TOK; } YY_BREAK -case 60: +case 62: YY_RULE_SETUP -#line 647 "toke.l" +#line 666 "toke.l" { digest_type = SUDO_DIGEST_SHA256; BEGIN WANTDIGEST; @@ -3805,9 +3842,9 @@ return SHA256_TOK; } YY_BREAK -case 61: +case 63: YY_RULE_SETUP -#line 654 "toke.l" +#line 673 "toke.l" { digest_type = SUDO_DIGEST_SHA384; BEGIN WANTDIGEST; @@ -3815,9 +3852,9 @@ return SHA384_TOK; } YY_BREAK -case 62: +case 64: YY_RULE_SETUP -#line 661 "toke.l" +#line 680 "toke.l" { digest_type = SUDO_DIGEST_SHA512; BEGIN WANTDIGEST; @@ -3825,9 +3862,9 @@ return SHA512_TOK; } YY_BREAK -case 63: +case 65: YY_RULE_SETUP -#line 668 "toke.l" +#line 687 "toke.l" { BEGIN GOTCMND; LEXTRACE("COMMAND "); @@ -3835,9 +3872,9 @@ yyterminate(); } /* sudo -e */ YY_BREAK -case 64: +case 66: YY_RULE_SETUP -#line 675 "toke.l" +#line 694 "toke.l" { BEGIN prev_state; if (!fill(sudoerstext, sudoersleng)) @@ -3846,9 +3883,9 @@ return WORD; } YY_BREAK -case 65: +case 67: YY_RULE_SETUP -#line 683 "toke.l" +#line 702 "toke.l" { /* directories can't have args... */ if (sudoerstext[sudoersleng - 1] == '/') { @@ -3863,9 +3900,9 @@ yyterminate(); } /* a pathname */ YY_BREAK -case 66: +case 68: YY_RULE_SETUP -#line 697 "toke.l" +#line 716 "toke.l" { LEXTRACE("BEGINSTR "); sudoerslval.string = NULL; @@ -3873,9 +3910,9 @@ BEGIN INSTR; } YY_BREAK -case 67: +case 69: YY_RULE_SETUP -#line 704 "toke.l" +#line 723 "toke.l" { /* a word */ if (!fill(sudoerstext, sudoersleng)) @@ -3885,9 +3922,9 @@ } YY_BREAK -case 68: +case 70: YY_RULE_SETUP -#line 713 "toke.l" +#line 732 "toke.l" { /* include file/directory */ if (!fill(sudoerstext, sudoersleng)) @@ -3897,9 +3934,9 @@ return WORD; } YY_BREAK -case 69: +case 71: YY_RULE_SETUP -#line 722 "toke.l" +#line 741 "toke.l" { LEXTRACE("BEGINSTR "); sudoerslval.string = NULL; @@ -3908,49 +3945,49 @@ } YY_BREAK -case 70: +case 72: YY_RULE_SETUP -#line 730 "toke.l" +#line 749 "toke.l" { LEXTRACE("( "); return '('; } YY_BREAK -case 71: +case 73: YY_RULE_SETUP -#line 735 "toke.l" +#line 754 "toke.l" { LEXTRACE(") "); return ')'; } YY_BREAK -case 72: +case 74: YY_RULE_SETUP -#line 740 "toke.l" +#line 759 "toke.l" { LEXTRACE(", "); return ','; } /* return ',' */ YY_BREAK -case 73: +case 75: YY_RULE_SETUP -#line 745 "toke.l" +#line 764 "toke.l" { LEXTRACE("= "); return '='; } /* return '=' */ YY_BREAK -case 74: +case 76: YY_RULE_SETUP -#line 750 "toke.l" +#line 769 "toke.l" { LEXTRACE(": "); return ':'; } /* return ':' */ YY_BREAK -case 75: +case 77: YY_RULE_SETUP -#line 755 "toke.l" +#line 774 "toke.l" { if (sudoersleng & 1) { LEXTRACE("!"); @@ -3958,16 +3995,19 @@ } } YY_BREAK -case 76: -/* rule 76 can match eol */ +case 78: +/* rule 78 can match eol */ YY_RULE_SETUP -#line 762 "toke.l" +#line 781 "toke.l" { if (YY_START == INSTR) { + /* throw away old string */ + parser_leak_remove(LEAK_PTR, sudoerslval.string); + free(sudoerslval.string); /* re-scan after changing state */ BEGIN INITIAL; sudoersless(0); - sudoerserror(N_("unexpected line break in string")); + sudoers_errstr = N_("unexpected line break in string"); LEXTRACE("ERROR "); return ERROR; } @@ -3978,27 +4018,27 @@ return '\n'; } /* return newline */ YY_BREAK -case 77: +case 79: YY_RULE_SETUP -#line 778 "toke.l" +#line 800 "toke.l" { /* throw away space/tabs */ sawspace = true; /* but remember for fill_args */ } YY_BREAK -case 78: -/* rule 78 can match eol */ +case 80: +/* rule 80 can match eol */ YY_RULE_SETUP -#line 782 "toke.l" +#line 804 "toke.l" { sawspace = true; /* remember for fill_args */ sudolineno++; continued = true; } /* throw away EOL after \ */ YY_BREAK -case 79: -/* rule 79 can match eol */ +case 81: +/* rule 81 can match eol */ YY_RULE_SETUP -#line 788 "toke.l" +#line 810 "toke.l" { if (sudoerstext[sudoersleng - 1] == '\n') { /* comment ending in a newline */ @@ -4006,7 +4046,7 @@ sudolineno++; continued = false; } else if (!feof(sudoersin)) { - sudoerserror(strerror(errno)); + sudoers_errstr = strerror(errno); LEXTRACE("ERROR "); return ERROR; } @@ -4014,9 +4054,9 @@ return '\n'; } /* comment, not uid/gid */ YY_BREAK -case 80: +case 82: YY_RULE_SETUP -#line 803 "toke.l" +#line 825 "toke.l" { LEXTRACE("NOMATCH "); return NOMATCH; @@ -4031,18 +4071,18 @@ case YY_STATE_EOF(WANTDIGEST): case YY_STATE_EOF(GOTINC): case YY_STATE_EOF(EXPECTPATH): -#line 808 "toke.l" +#line 830 "toke.l" { if (!pop_include()) yyterminate(); } YY_BREAK -case 81: +case 83: YY_RULE_SETUP -#line 813 "toke.l" +#line 835 "toke.l" ECHO; YY_BREAK -#line 4040 "toke.c" +#line 4080 "toke.c" case YY_END_OF_BUFFER: { @@ -4336,7 +4376,7 @@ while ( yy_chk[yy_base[yy_current_state] + yy_c] != yy_current_state ) { yy_current_state = (int) yy_def[yy_current_state]; - if ( yy_current_state >= 1126 ) + if ( yy_current_state >= 1184 ) yy_c = yy_meta[(unsigned int) yy_c]; } yy_current_state = yy_nxt[yy_base[yy_current_state] + (unsigned int) yy_c]; @@ -4364,11 +4404,11 @@ while ( yy_chk[yy_base[yy_current_state] + yy_c] != yy_current_state ) { yy_current_state = (int) yy_def[yy_current_state]; - if ( yy_current_state >= 1126 ) + if ( yy_current_state >= 1184 ) yy_c = yy_meta[(unsigned int) yy_c]; } yy_current_state = yy_nxt[yy_base[yy_current_state] + (unsigned int) yy_c]; - yy_is_jam = (yy_current_state == 1125); + yy_is_jam = (yy_current_state == 1183); return yy_is_jam ? 0 : yy_current_state; } @@ -5003,7 +5043,7 @@ #define YYTABLES_NAME "yytables" -#line 813 "toke.l" +#line 835 "toke.l" struct path_list { @@ -5048,6 +5088,7 @@ int max_paths = 32; struct dirent *dent; struct path_list **paths = NULL; + const size_t dirlen = strlen(dirpath); debug_decl(read_dir_files, SUDOERS_DEBUG_PARSER); dir = opendir(dirpath); @@ -5061,27 +5102,32 @@ if (paths == NULL) goto oom; while ((dent = readdir(dir)) != NULL) { + const size_t namelen = NAMLEN(dent); struct path_list *pl; struct stat sb; size_t len; char *path; /* Ignore files that end in '~' or have a '.' in them. */ - if (dent->d_name[0] == '\0' || dent->d_name[NAMLEN(dent) - 1] == '~' + if (namelen == 0 || dent->d_name[namelen - 1] == '~' || strchr(dent->d_name, '.') != NULL) { continue; } - len = strlen(dirpath) + 1 + NAMLEN(dent); - if ((path = rcstr_alloc(len)) == NULL) + len = dirlen + 1 + namelen; + if ((path = sudo_rcstr_alloc(len)) == NULL) goto oom; - (void)snprintf(path, len + 1, "%s/%s", dirpath, dent->d_name); + if ((size_t)snprintf(path, len + 1, "%s/%s", dirpath, dent->d_name) != len) { + sudo_warnx(U_("internal error, %s overflow"), __func__); + sudo_rcstr_delref(path); + goto bad; + } if (stat(path, &sb) != 0 || !S_ISREG(sb.st_mode)) { - rcstr_delref(path); + sudo_rcstr_delref(path); continue; } pl = malloc(sizeof(*pl)); if (pl == NULL) { - rcstr_delref(path); + sudo_rcstr_delref(path); goto oom; } pl->path = path; @@ -5090,7 +5136,7 @@ max_paths <<= 1; tmp = reallocarray(paths, max_paths, sizeof(*paths)); if (tmp == NULL) { - rcstr_delref(path); + sudo_rcstr_delref(path); free(pl); goto oom; } @@ -5113,7 +5159,7 @@ if (dir != NULL) closedir(dir); for (i = 0; i < count; i++) { - rcstr_delref(paths[i]->path); + sudo_rcstr_delref(paths[i]->path); free(paths[i]); } free(paths); @@ -5159,14 +5205,19 @@ struct path_list *pl; debug_decl(init_lexer, SUDOERS_DEBUG_PARSER); +#ifndef TRACELEXER + free(trace_lbuf.buf); + sudo_lbuf_init(&trace_lbuf, NULL, 0, NULL, 0); +#endif + while (idepth) { idepth--; while ((pl = SLIST_FIRST(&istack[idepth].more)) != NULL) { SLIST_REMOVE_HEAD(&istack[idepth].more, entries); - rcstr_delref(pl->path); + sudo_rcstr_delref(pl->path); free(pl); } - rcstr_delref(istack[idepth].path); + sudo_rcstr_delref(istack[idepth].path); if (idepth && !istack[idepth].keepopen) fclose(istack[idepth].bs->yy_input_file); sudoers_delete_buffer(istack[idepth].bs); @@ -5183,6 +5234,7 @@ continued = false; digest_type = -1; prev_state = INITIAL; + BEGIN INITIAL; debug_return; } @@ -5193,39 +5245,45 @@ * Returns a reference-counted string. */ static char * -expand_include(const char *opath, size_t olen) +expand_include(const char *opath) { const char *cp, *ep; char *path, *pp; - int dirlen = 0, len; - size_t shost_len = 0; + size_t len, olen, dirlen = 0; bool subst = false; debug_decl(expand_include, SUDOERS_DEBUG_PARSER); /* Strip double quotes if present. */ - if (*opath == '"') { + olen = strlen(opath); + if (olen > 1 && opath[0] == '"' && opath[olen - 1] == '"') { opath++; olen -= 2; } + if (olen == 0) + debug_return_ptr(NULL); /* Relative paths are located in the same dir as the sudoers file. */ if (*opath != '/') { char *dirend = strrchr(sudoers, '/'); if (dirend != NULL) - dirlen = (int)(dirend - sudoers) + 1; + dirlen = (size_t)(dirend - sudoers) + 1; } + cp = opath; + ep = opath + olen; len = olen; - for (cp = opath, ep = opath + olen; cp < ep; cp++) { + while (cp < ep) { if (cp[0] == '%' && cp[1] == 'h') { - shost_len = strlen(user_shost); - len += shost_len - 2; subst = true; + len += strlen(user_shost); + cp += 2; + continue; } + cp++; } /* Make a copy of the fully-qualified path and return it. */ - path = pp = rcstr_alloc(len + dirlen); + path = pp = sudo_rcstr_alloc(len + dirlen); if (path == NULL) { sudo_warnx(U_("%s: %s"), __func__, U_("unable to allocate memory")); sudoerserror(NULL); @@ -5240,12 +5298,18 @@ cp = opath; while (cp < ep) { if (cp[0] == '%' && cp[1] == 'h') { - memcpy(pp, user_shost, shost_len); - pp += shost_len; + size_t n = strlcpy(pp, user_shost, len + 1); + if (n >= len + 1) + goto oflow; cp += 2; + pp += n; + len -= n; continue; } + if (len < 1) + goto oflow; *pp++ = *cp++; + len--; } *pp = '\0'; } else { @@ -5254,6 +5318,11 @@ } debug_return_str(path); +oflow: + sudo_warnx(U_("internal error, %s overflow"), __func__); + sudoerserror(NULL); + sudo_rcstr_delref(path); + debug_return_str(NULL); } /* @@ -5270,7 +5339,7 @@ FILE *fp; debug_decl(push_include, SUDOERS_DEBUG_PARSER); - if ((path = expand_include(opath, strlen(opath))) == NULL) + if ((path = expand_include(opath)) == NULL) debug_return_bool(false); /* push current state onto stack */ @@ -5278,8 +5347,10 @@ struct include_stack *new_istack; if (idepth > MAX_SUDOERS_DEPTH) { - sudoerserror(N_("too many levels of includes")); - rcstr_delref(path); + if (sudoers_warnings) + sudo_warnx(U_("%s: %s"), path, U_("too many levels of includes")); + sudoerserror(NULL); + sudo_rcstr_delref(path); debug_return_bool(false); } istacksize += SUDOERS_STACK_INCREMENT; @@ -5287,7 +5358,7 @@ if (new_istack == NULL) { sudo_warnx(U_("%s: %s"), __func__, U_("unable to allocate memory")); sudoerserror(NULL); - rcstr_delref(path); + sudo_rcstr_delref(path); debug_return_bool(false); } istack = new_istack; @@ -5323,19 +5394,19 @@ } } /* A missing or insecure include dir is not a fatal error. */ - rcstr_delref(path); + sudo_rcstr_delref(path); debug_return_bool(true); } count = switch_dir(&istack[idepth], path); if (count <= 0) { /* switch_dir() called sudoerserror() for us */ - rcstr_delref(path); + sudo_rcstr_delref(path); debug_return_bool(count ? false : true); } /* Parse the first dir entry we can open, leave the rest for later. */ do { - rcstr_delref(path); + sudo_rcstr_delref(path); if ((pl = SLIST_FIRST(&istack[idepth].more)) == NULL) { /* Unable to open any files in include dir, not an error. */ debug_return_bool(true); @@ -5348,7 +5419,7 @@ if ((fp = open_sudoers(path, true, &keepopen)) == NULL) { /* The error was already printed by open_sudoers() */ sudoerserror(NULL); - rcstr_delref(path); + sudo_rcstr_delref(path); debug_return_bool(false); } } @@ -5392,7 +5463,7 @@ if (fp != NULL) { sudolinebuf.len = sudolinebuf.off = 0; sudolinebuf.toke_start = sudolinebuf.toke_end = 0; - rcstr_delref(sudoers); + sudo_rcstr_delref(sudoers); sudoers = pl->path; sudolineno = 1; sudoers_switch_to_buffer(sudoers_create_buffer(fp, YY_BUF_SIZE)); @@ -5400,7 +5471,7 @@ break; } /* Unable to open path in include dir, go to next one. */ - rcstr_delref(pl->path); + sudo_rcstr_delref(pl->path); free(pl); } /* If no path list, just pop the last dir on the stack. */ @@ -5409,7 +5480,7 @@ sudoers_switch_to_buffer(istack[idepth].bs); free(sudolinebuf.buf); sudolinebuf = istack[idepth].line; - rcstr_delref(sudoers); + sudo_rcstr_delref(sudoers); sudoers = istack[idepth].path; sudolineno = istack[idepth].lineno; keepopen = istack[idepth].keepopen; @@ -5427,53 +5498,70 @@ int sudoers_trace_print(const char *msg) { - static bool initialized; - static struct sudo_lbuf lbuf; - - if (!initialized) { - initialized = true; - sudo_lbuf_init(&lbuf, NULL, 0, NULL, 0); - } - - sudo_lbuf_append(&lbuf, "%s", msg); - /* XXX - assumes a final newline */ + sudo_lbuf_append(&trace_lbuf, "%s", msg); if (strchr(msg, '\n') != NULL) { sudo_debug_printf2(NULL, NULL, 0, SUDOERS_DEBUG_PARSER|SUDO_DEBUG_DEBUG, - "%s:%d: %s", sudoers, sudolineno, lbuf.buf); - lbuf.len = 0; + "%s:%d: %s", sudoers, sudolineno, trace_lbuf.buf); + trace_lbuf.len = 0; } return 0; } #endif /* TRACELEXER */ +/* + * Custom input function that uses getdelim(3) and stores the buffer + * where the error functions can access it for better reporting. + * On success, buf is guaranteed to end in a newline and not contain + * embedded NULs. Calls YY_FATAL_ERROR on error. + */ static yy_size_t sudoers_input(char *buf, yy_size_t max_size) { + char *cp; size_t avail = sudolinebuf.len - sudolinebuf.off; /* Refill line buffer if needed. */ if (avail == 0) { + /* + * Some getdelim(3) implementations write NUL to buf on EOF. + * We peek ahead one char to detect EOF and skip the getdelim() call. + * This will preserve the original value of the last line read. + */ + int ch = getc(sudoersin); + if (ch == EOF) + goto sudoers_eof; + ungetc(ch, sudoersin); avail = getdelim(&sudolinebuf.buf, &sudolinebuf.size, '\n', sudoersin); if (avail == (size_t)-1) { +sudoers_eof: /* EOF or error. */ - if (ferror(sudoersin) && errno != EINTR) - YY_FATAL_ERROR("input in flex scanner failed"); - return 0; + if (feof(sudoersin)) + return 0; + YY_FATAL_ERROR("input in flex scanner failed"); + } + + /* getdelim() can return embedded NULs, truncate if we find one. */ + cp = memchr(sudolinebuf.buf, '\0', avail); + if (cp != NULL) { + *cp++ = '\n'; + *cp = '\0'; + avail = (size_t)(cp - sudolinebuf.buf); } /* Add trailing newline if it is missing. */ if (sudolinebuf.buf[avail - 1] != '\n') { - if (avail == sudolinebuf.size) { - char *cp = realloc(sudolinebuf.buf, avail + 1); + if (avail + 2 >= sudolinebuf.size) { + cp = realloc(sudolinebuf.buf, avail + 2); if (cp == NULL) { YY_FATAL_ERROR("unable to allocate memory"); return 0; } sudolinebuf.buf = cp; - sudolinebuf.size++; + sudolinebuf.size = avail + 2; } sudolinebuf.buf[avail++] = '\n'; + sudolinebuf.buf[avail] = '\0'; } sudolinebuf.len = avail; diff -Nru sudo-1.9.5p2/plugins/sudoers/toke.h sudo-1.9.9/plugins/sudoers/toke.h --- sudo-1.9.5p2/plugins/sudoers/toke.h 2020-12-17 01:33:44.000000000 +0000 +++ sudo-1.9.9/plugins/sudoers/toke.h 2022-01-27 21:24:06.000000000 +0000 @@ -27,12 +27,13 @@ size_t toke_start; /* starting column of current token */ size_t toke_end; /* ending column of current token */ }; +extern char *sudoers_errstr; extern struct sudolinebuf sudolinebuf; bool append(const char *, size_t); bool fill_args(const char *, size_t, int); bool fill_cmnd(const char *, size_t); -bool fill_txt(const char *, size_t, size_t); +bool fill(const char *, size_t); bool ipv6_valid(const char *s); int sudoers_trace_print(const char *); void sudoerserrorf(const char *, ...) __printf0like(1, 2); @@ -43,8 +44,6 @@ extern int (*trace_print)(const char *msg); #endif -#define fill(a, b) fill_txt(a, b, 0) - #define LEXTRACE(msg) do { \ if (trace_print != NULL) \ (*trace_print)(msg); \ diff -Nru sudo-1.9.5p2/plugins/sudoers/toke.l sudo-1.9.9/plugins/sudoers/toke.l --- sudo-1.9.5p2/plugins/sudoers/toke.l 2021-01-09 20:12:16.000000000 +0000 +++ sudo-1.9.9/plugins/sudoers/toke.l 2022-01-27 21:24:22.000000000 +0000 @@ -2,7 +2,7 @@ /* * SPDX-License-Identifier: ISC * - * Copyright (c) 1996, 1998-2005, 2007-2020 + * Copyright (c) 1996, 1998-2005, 2007-2021 * Todd C. Miller * * Permission to use, copy, modify, and distribute this software for any @@ -55,6 +55,7 @@ int sudolineno; /* current sudoers line number. */ char *sudoers; /* sudoers file being parsed. */ +char *sudoers_errstr; /* description of last error from lexer. */ struct sudolinebuf sudolinebuf; /* sudoers line being parsed. */ /* Default sudoers path, mode and owner (may be set via sudo.conf) */ @@ -70,6 +71,10 @@ static bool pop_include(void); static yy_size_t sudoers_input(char *buf, yy_size_t max_size); +#ifndef TRACELEXER +static struct sudo_lbuf trace_lbuf; +#endif + int (*trace_print)(const char *msg) = sudoers_trace_print; #define ECHO ignore_result(fwrite(sudoerstext, sudoersleng, 1, sudoersout)) @@ -179,7 +184,7 @@ BEGIN prev_state; if (sudoerslval.string == NULL) { - sudoerserror(N_("empty string")); + sudoers_errstr = N_("empty string"); LEXTRACE("ERROR "); return ERROR; } @@ -189,7 +194,9 @@ if (sudoerslval.string[1] == '\0' || (sudoerslval.string[1] == ':' && sudoerslval.string[2] == '\0')) { - sudoerserror(N_("empty group")); + parser_leak_remove(LEAK_PTR, sudoerslval.string); + free(sudoerslval.string); + sudoers_errstr = N_("empty group"); LEXTRACE("ERROR "); return ERROR; } @@ -197,7 +204,9 @@ return USERGROUP; case '+': if (sudoerslval.string[1] == '\0') { - sudoerserror(N_("empty netgroup")); + parser_leak_remove(LEAK_PTR, sudoerslval.string); + free(sudoerslval.string); + sudoers_errstr = N_("empty netgroup"); LEXTRACE("ERROR "); return ERROR; } @@ -293,7 +302,7 @@ @include { if (continued) { - sudoerserror(N_("invalid line continuation")); + sudoers_errstr = N_("invalid line continuation"); LEXTRACE("ERROR "); return ERROR; } @@ -305,7 +314,7 @@ @includedir { if (continued) { - sudoerserror(N_("invalid line continuation")); + sudoers_errstr = N_("invalid line continuation"); LEXTRACE("ERROR "); return ERROR; } @@ -317,7 +326,7 @@ ^#include[[:blank:]]+.*(\r\n|\n)? { if (continued) { - sudoerserror(N_("invalid line continuation")); + sudoers_errstr = N_("invalid line continuation"); LEXTRACE("ERROR "); return ERROR; } @@ -333,7 +342,7 @@ ^#includedir[[:blank:]]+.*(\r\n|\n)? { if (continued) { - sudoerserror(N_("invalid line continuation")); + sudoers_errstr = N_("invalid line continuation"); LEXTRACE("ERROR "); return ERROR; } @@ -352,7 +361,7 @@ int n; if (continued) { - sudoerserror(N_("invalid line continuation")); + sudoers_errstr = N_("invalid line continuation"); LEXTRACE("ERROR "); return ERROR; } @@ -392,7 +401,7 @@ int n; if (continued) { - sudoerserror(N_("invalid line continuation")); + sudoers_errstr = N_("invalid line continuation"); LEXTRACE("ERROR "); return ERROR; } @@ -437,6 +446,16 @@ return EXEC; } +INTERCEPT[[:blank:]]*: { + LEXTRACE("INTERCEPT "); + return INTERCEPT; + } + +NOINTERCEPT[[:blank:]]*: { + LEXTRACE("NOINTERCEPT "); + return NOINTERCEPT; + } + SETENV[[:blank:]]*: { LEXTRACE("SETENV "); return SETENV; @@ -489,9 +508,9 @@ (\+|\%|\%:) { if (sudoerstext[0] == '+') - sudoerserror(N_("empty netgroup")); + sudoers_errstr = N_("empty netgroup"); else - sudoerserror(N_("empty group")); + sudoers_errstr = N_("empty group"); LEXTRACE("ERROR "); return ERROR; } @@ -528,7 +547,7 @@ {IPV6ADDR}(\/{IPV6ADDR})? { if (!ipv6_valid(sudoerstext)) { - sudoerserror(N_("invalid IPv6 address")); + sudoers_errstr = N_("invalid IPv6 address"); LEXTRACE("ERROR "); return ERROR; } @@ -540,7 +559,7 @@ {IPV6ADDR}\/([0-9]|[1-9][0-9]|1[01][0-9]|12[0-8]) { if (!ipv6_valid(sudoerstext)) { - sudoerserror(N_("invalid IPv6 address")); + sudoers_errstr = N_("invalid IPv6 address"); LEXTRACE("ERROR "); return ERROR; } @@ -761,10 +780,13 @@ <*>\r?\n { if (YY_START == INSTR) { + /* throw away old string */ + parser_leak_remove(LEAK_PTR, sudoerslval.string); + free(sudoerslval.string); /* re-scan after changing state */ BEGIN INITIAL; sudoersless(0); - sudoerserror(N_("unexpected line break in string")); + sudoers_errstr = N_("unexpected line break in string"); LEXTRACE("ERROR "); return ERROR; } @@ -792,7 +814,7 @@ sudolineno++; continued = false; } else if (!feof(sudoersin)) { - sudoerserror(strerror(errno)); + sudoers_errstr = strerror(errno); LEXTRACE("ERROR "); return ERROR; } @@ -853,6 +875,7 @@ int max_paths = 32; struct dirent *dent; struct path_list **paths = NULL; + const size_t dirlen = strlen(dirpath); debug_decl(read_dir_files, SUDOERS_DEBUG_PARSER); dir = opendir(dirpath); @@ -866,27 +889,32 @@ if (paths == NULL) goto oom; while ((dent = readdir(dir)) != NULL) { + const size_t namelen = NAMLEN(dent); struct path_list *pl; struct stat sb; size_t len; char *path; /* Ignore files that end in '~' or have a '.' in them. */ - if (dent->d_name[0] == '\0' || dent->d_name[NAMLEN(dent) - 1] == '~' + if (namelen == 0 || dent->d_name[namelen - 1] == '~' || strchr(dent->d_name, '.') != NULL) { continue; } - len = strlen(dirpath) + 1 + NAMLEN(dent); - if ((path = rcstr_alloc(len)) == NULL) + len = dirlen + 1 + namelen; + if ((path = sudo_rcstr_alloc(len)) == NULL) goto oom; - (void)snprintf(path, len + 1, "%s/%s", dirpath, dent->d_name); + if ((size_t)snprintf(path, len + 1, "%s/%s", dirpath, dent->d_name) != len) { + sudo_warnx(U_("internal error, %s overflow"), __func__); + sudo_rcstr_delref(path); + goto bad; + } if (stat(path, &sb) != 0 || !S_ISREG(sb.st_mode)) { - rcstr_delref(path); + sudo_rcstr_delref(path); continue; } pl = malloc(sizeof(*pl)); if (pl == NULL) { - rcstr_delref(path); + sudo_rcstr_delref(path); goto oom; } pl->path = path; @@ -895,7 +923,7 @@ max_paths <<= 1; tmp = reallocarray(paths, max_paths, sizeof(*paths)); if (tmp == NULL) { - rcstr_delref(path); + sudo_rcstr_delref(path); free(pl); goto oom; } @@ -918,7 +946,7 @@ if (dir != NULL) closedir(dir); for (i = 0; i < count; i++) { - rcstr_delref(paths[i]->path); + sudo_rcstr_delref(paths[i]->path); free(paths[i]); } free(paths); @@ -964,14 +992,19 @@ struct path_list *pl; debug_decl(init_lexer, SUDOERS_DEBUG_PARSER); +#ifndef TRACELEXER + free(trace_lbuf.buf); + sudo_lbuf_init(&trace_lbuf, NULL, 0, NULL, 0); +#endif + while (idepth) { idepth--; while ((pl = SLIST_FIRST(&istack[idepth].more)) != NULL) { SLIST_REMOVE_HEAD(&istack[idepth].more, entries); - rcstr_delref(pl->path); + sudo_rcstr_delref(pl->path); free(pl); } - rcstr_delref(istack[idepth].path); + sudo_rcstr_delref(istack[idepth].path); if (idepth && !istack[idepth].keepopen) fclose(istack[idepth].bs->yy_input_file); sudoers_delete_buffer(istack[idepth].bs); @@ -988,6 +1021,7 @@ continued = false; digest_type = -1; prev_state = INITIAL; + BEGIN INITIAL; debug_return; } @@ -998,39 +1032,45 @@ * Returns a reference-counted string. */ static char * -expand_include(const char *opath, size_t olen) +expand_include(const char *opath) { const char *cp, *ep; char *path, *pp; - int dirlen = 0, len; - size_t shost_len = 0; + size_t len, olen, dirlen = 0; bool subst = false; debug_decl(expand_include, SUDOERS_DEBUG_PARSER); /* Strip double quotes if present. */ - if (*opath == '"') { + olen = strlen(opath); + if (olen > 1 && opath[0] == '"' && opath[olen - 1] == '"') { opath++; olen -= 2; } + if (olen == 0) + debug_return_ptr(NULL); /* Relative paths are located in the same dir as the sudoers file. */ if (*opath != '/') { char *dirend = strrchr(sudoers, '/'); if (dirend != NULL) - dirlen = (int)(dirend - sudoers) + 1; + dirlen = (size_t)(dirend - sudoers) + 1; } + cp = opath; + ep = opath + olen; len = olen; - for (cp = opath, ep = opath + olen; cp < ep; cp++) { + while (cp < ep) { if (cp[0] == '%' && cp[1] == 'h') { - shost_len = strlen(user_shost); - len += shost_len - 2; subst = true; + len += strlen(user_shost); + cp += 2; + continue; } + cp++; } /* Make a copy of the fully-qualified path and return it. */ - path = pp = rcstr_alloc(len + dirlen); + path = pp = sudo_rcstr_alloc(dirlen + len); if (path == NULL) { sudo_warnx(U_("%s: %s"), __func__, U_("unable to allocate memory")); sudoerserror(NULL); @@ -1045,12 +1085,18 @@ cp = opath; while (cp < ep) { if (cp[0] == '%' && cp[1] == 'h') { - memcpy(pp, user_shost, shost_len); - pp += shost_len; + size_t n = strlcpy(pp, user_shost, len + 1); + if (n >= len + 1) + goto oflow; cp += 2; + pp += n; + len -= n; continue; } + if (len < 1) + goto oflow; *pp++ = *cp++; + len--; } *pp = '\0'; } else { @@ -1059,6 +1105,11 @@ } debug_return_str(path); +oflow: + sudo_warnx(U_("internal error, %s overflow"), __func__); + sudoerserror(NULL); + sudo_rcstr_delref(path); + debug_return_str(NULL); } /* @@ -1075,7 +1126,7 @@ FILE *fp; debug_decl(push_include, SUDOERS_DEBUG_PARSER); - if ((path = expand_include(opath, strlen(opath))) == NULL) + if ((path = expand_include(opath)) == NULL) debug_return_bool(false); /* push current state onto stack */ @@ -1083,8 +1134,10 @@ struct include_stack *new_istack; if (idepth > MAX_SUDOERS_DEPTH) { - sudoerserror(N_("too many levels of includes")); - rcstr_delref(path); + if (sudoers_warnings) + sudo_warnx(U_("%s: %s"), path, U_("too many levels of includes")); + sudoerserror(NULL); + sudo_rcstr_delref(path); debug_return_bool(false); } istacksize += SUDOERS_STACK_INCREMENT; @@ -1092,7 +1145,7 @@ if (new_istack == NULL) { sudo_warnx(U_("%s: %s"), __func__, U_("unable to allocate memory")); sudoerserror(NULL); - rcstr_delref(path); + sudo_rcstr_delref(path); debug_return_bool(false); } istack = new_istack; @@ -1128,19 +1181,19 @@ } } /* A missing or insecure include dir is not a fatal error. */ - rcstr_delref(path); + sudo_rcstr_delref(path); debug_return_bool(true); } count = switch_dir(&istack[idepth], path); if (count <= 0) { /* switch_dir() called sudoerserror() for us */ - rcstr_delref(path); + sudo_rcstr_delref(path); debug_return_bool(count ? false : true); } /* Parse the first dir entry we can open, leave the rest for later. */ do { - rcstr_delref(path); + sudo_rcstr_delref(path); if ((pl = SLIST_FIRST(&istack[idepth].more)) == NULL) { /* Unable to open any files in include dir, not an error. */ debug_return_bool(true); @@ -1153,7 +1206,7 @@ if ((fp = open_sudoers(path, true, &keepopen)) == NULL) { /* The error was already printed by open_sudoers() */ sudoerserror(NULL); - rcstr_delref(path); + sudo_rcstr_delref(path); debug_return_bool(false); } } @@ -1197,7 +1250,7 @@ if (fp != NULL) { sudolinebuf.len = sudolinebuf.off = 0; sudolinebuf.toke_start = sudolinebuf.toke_end = 0; - rcstr_delref(sudoers); + sudo_rcstr_delref(sudoers); sudoers = pl->path; sudolineno = 1; sudoers_switch_to_buffer(sudoers_create_buffer(fp, YY_BUF_SIZE)); @@ -1205,7 +1258,7 @@ break; } /* Unable to open path in include dir, go to next one. */ - rcstr_delref(pl->path); + sudo_rcstr_delref(pl->path); free(pl); } /* If no path list, just pop the last dir on the stack. */ @@ -1214,7 +1267,7 @@ sudoers_switch_to_buffer(istack[idepth].bs); free(sudolinebuf.buf); sudolinebuf = istack[idepth].line; - rcstr_delref(sudoers); + sudo_rcstr_delref(sudoers); sudoers = istack[idepth].path; sudolineno = istack[idepth].lineno; keepopen = istack[idepth].keepopen; @@ -1232,53 +1285,70 @@ int sudoers_trace_print(const char *msg) { - static bool initialized; - static struct sudo_lbuf lbuf; - - if (!initialized) { - initialized = true; - sudo_lbuf_init(&lbuf, NULL, 0, NULL, 0); - } - - sudo_lbuf_append(&lbuf, "%s", msg); - /* XXX - assumes a final newline */ + sudo_lbuf_append(&trace_lbuf, "%s", msg); if (strchr(msg, '\n') != NULL) { sudo_debug_printf2(NULL, NULL, 0, SUDOERS_DEBUG_PARSER|SUDO_DEBUG_DEBUG, - "%s:%d: %s", sudoers, sudolineno, lbuf.buf); - lbuf.len = 0; + "%s:%d: %s", sudoers, sudolineno, trace_lbuf.buf); + trace_lbuf.len = 0; } return 0; } #endif /* TRACELEXER */ +/* + * Custom input function that uses getdelim(3) and stores the buffer + * where the error functions can access it for better reporting. + * On success, buf is guaranteed to end in a newline and not contain + * embedded NULs. Calls YY_FATAL_ERROR on error. + */ static yy_size_t sudoers_input(char *buf, yy_size_t max_size) { + char *cp; size_t avail = sudolinebuf.len - sudolinebuf.off; /* Refill line buffer if needed. */ if (avail == 0) { + /* + * Some getdelim(3) implementations write NUL to buf on EOF. + * We peek ahead one char to detect EOF and skip the getdelim() call. + * This will preserve the original value of the last line read. + */ + int ch = getc(sudoersin); + if (ch == EOF) + goto sudoers_eof; + ungetc(ch, sudoersin); avail = getdelim(&sudolinebuf.buf, &sudolinebuf.size, '\n', sudoersin); if (avail == (size_t)-1) { +sudoers_eof: /* EOF or error. */ - if (ferror(sudoersin) && errno != EINTR) - YY_FATAL_ERROR("input in flex scanner failed"); - return 0; + if (feof(sudoersin)) + return 0; + YY_FATAL_ERROR("input in flex scanner failed"); + } + + /* getdelim() can return embedded NULs, truncate if we find one. */ + cp = memchr(sudolinebuf.buf, '\0', avail); + if (cp != NULL) { + *cp++ = '\n'; + *cp = '\0'; + avail = (size_t)(cp - sudolinebuf.buf); } /* Add trailing newline if it is missing. */ if (sudolinebuf.buf[avail - 1] != '\n') { - if (avail == sudolinebuf.size) { - char *cp = realloc(sudolinebuf.buf, avail + 1); + if (avail + 2 >= sudolinebuf.size) { + cp = realloc(sudolinebuf.buf, avail + 2); if (cp == NULL) { YY_FATAL_ERROR("unable to allocate memory"); return 0; } sudolinebuf.buf = cp; - sudolinebuf.size++; + sudolinebuf.size = avail + 2; } sudolinebuf.buf[avail++] = '\n'; + sudolinebuf.buf[avail] = '\0'; } sudolinebuf.len = avail; diff -Nru sudo-1.9.5p2/plugins/sudoers/toke_util.c sudo-1.9.9/plugins/sudoers/toke_util.c --- sudo-1.9.5p2/plugins/sudoers/toke_util.c 2021-01-09 20:12:16.000000000 +0000 +++ sudo-1.9.9/plugins/sudoers/toke_util.c 2022-01-27 21:24:06.000000000 +0000 @@ -39,23 +39,15 @@ static unsigned int arg_len = 0; static unsigned int arg_size = 0; -bool -fill_txt(const char *src, size_t len, size_t olen) +/* + * Copy the string and collapse any escaped characters. + * Requires that dst have at least len + 1 bytes free. + */ +static void +copy_string(char *dst, const char *src, size_t len) { - char *dst; int h; - debug_decl(fill_txt, SUDOERS_DEBUG_PARSER); - - dst = olen ? realloc(sudoerslval.string, olen + len + 1) : malloc(len + 1); - if (dst == NULL) { - sudo_warnx(U_("%s: %s"), __func__, U_("unable to allocate memory")); - sudoerserror(NULL); - debug_return_bool(false); - } - sudoerslval.string = dst; - /* Copy the string and collapse any escaped characters. */ - dst += olen; while (len--) { if (*src == '\\' && len) { if (src[1] == 'x' && len >= 3 && (h = hexchar(src + 2)) != -1) { @@ -72,19 +64,53 @@ } } *dst = '\0'; +} + +bool +fill(const char *src, size_t len) +{ + char *dst; + debug_decl(fill, SUDOERS_DEBUG_PARSER); + + dst = malloc(len + 1); + if (dst == NULL) { + sudo_warnx(U_("%s: %s"), __func__, U_("unable to allocate memory")); + sudoerserror(NULL); + debug_return_bool(false); + } + parser_leak_add(LEAK_PTR, dst); + copy_string(dst, src, len); + sudoerslval.string = dst; + debug_return_bool(true); } bool append(const char *src, size_t len) { - int olen = 0; + size_t olen = 0; + char *dst; debug_decl(append, SUDOERS_DEBUG_PARSER); - if (sudoerslval.string != NULL) + if (sudoerslval.string != NULL) { olen = strlen(sudoerslval.string); + parser_leak_remove(LEAK_PTR, sudoerslval.string); + } - debug_return_bool(fill_txt(src, len, olen)); + dst = realloc(sudoerslval.string, olen + len + 1); + if (dst == NULL) { + /* realloc failure, avoid leaking original */ + free(sudoerslval.string); + sudoerslval.string = NULL; + sudo_warnx(U_("%s: %s"), __func__, U_("unable to allocate memory")); + sudoerserror(NULL); + debug_return_bool(false); + } + parser_leak_add(LEAK_PTR, dst); + copy_string(dst + olen, src, len); + sudoerslval.string = dst; + + debug_return_bool(true); } #define SPECIAL(c) \ @@ -132,6 +158,7 @@ } } + parser_leak_add(LEAK_PTR, sudoerslval.command.cmnd); debug_return_bool(true); } @@ -143,21 +170,31 @@ debug_decl(fill_args, SUDOERS_DEBUG_PARSER); if (arg_size == 0) { +#ifdef NO_LEAKS + if (sudoerslval.command.args != NULL) { + sudo_warnx("%s: command.args %p, should be NULL", __func__, + sudoerslval.command.args); + sudoerslval.command.args = NULL; + } +#endif addspace = 0; new_len = len; - } else + } else { new_len = arg_len + len + addspace; + } if (new_len >= arg_size) { /* Allocate in increments of 128 bytes to avoid excessive realloc(). */ arg_size = (new_len + 1 + 127) & ~127; + parser_leak_remove(LEAK_PTR, sudoerslval.command.args); p = realloc(sudoerslval.command.args, arg_size); if (p == NULL) { sudo_warnx(U_("%s: %s"), __func__, U_("unable to allocate memory")); goto bad; - } else - sudoerslval.command.args = p; + } + parser_leak_add(LEAK_PTR, p); + sudoerslval.command.args = p; } /* Efficiently append the arg (with a leading space if needed). */ @@ -167,6 +204,7 @@ len = arg_size - (p - sudoerslval.command.args); if (strlcpy(p, s, len) >= len) { sudo_warnx(U_("internal error, %s overflow"), __func__); + parser_leak_remove(LEAK_PTR, sudoerslval.command.args); goto bad; } arg_len = new_len; diff -Nru sudo-1.9.5p2/plugins/sudoers/tsdump.c sudo-1.9.9/plugins/sudoers/tsdump.c --- sudo-1.9.5p2/plugins/sudoers/tsdump.c 2020-12-17 01:33:44.000000000 +0000 +++ sudo-1.9.9/plugins/sudoers/tsdump.c 2022-01-27 21:24:06.000000000 +0000 @@ -116,7 +116,7 @@ if (user == NULL) { if ((pw = getpwuid(geteuid())) == NULL) - sudo_fatalx(U_("unknown uid: %u"), (unsigned int)geteuid()); + sudo_fatalx(U_("unknown uid %u"), (unsigned int)geteuid()); user = pw->pw_name; } if (asprintf(&fname, "%s/%s", _PATH_SUDO_TIMEDIR, user) == -1) diff -Nru sudo-1.9.5p2/plugins/sudoers/tsgetgrpw.c sudo-1.9.9/plugins/sudoers/tsgetgrpw.c --- sudo-1.9.5p2/plugins/sudoers/tsgetgrpw.c 2021-01-09 20:12:16.000000000 +0000 +++ sudo-1.9.9/plugins/sudoers/tsgetgrpw.c 2022-01-27 21:24:06.000000000 +0000 @@ -59,30 +59,16 @@ static const char *grfile = "/etc/group"; static int gr_stayopen; -void setgrfile(const char *); -void setgrent(void); -void endgrent(void); -struct group *getgrent(void); -struct group *getgrnam(const char *); -struct group *getgrgid(gid_t); - -void setpwfile(const char *); -void setpwent(void); -void endpwent(void); -struct passwd *getpwent(void); -struct passwd *getpwnam(const char *); -struct passwd *getpwuid(uid_t); - void -setpwfile(const char *file) +testsudoers_setpwfile(const char *file) { pwfile = file; if (pwf != NULL) - endpwent(); + testsudoers_endpwent(); } void -setpwent(void) +testsudoers_setpwent(void) { if (pwf == NULL) { pwf = fopen(pwfile, "r"); @@ -99,7 +85,7 @@ } void -endpwent(void) +testsudoers_endpwent(void) { if (pwf != NULL) { fclose(pwf); @@ -109,7 +95,7 @@ } struct passwd * -getpwent(void) +testsudoers_getpwent(void) { static struct passwd pw; static char pwbuf[LINE_MAX]; @@ -161,7 +147,7 @@ } struct passwd * -getpwnam(const char *name) +testsudoers_getpwnam(const char *name) { struct passwd *pw; @@ -175,7 +161,7 @@ } else { rewind(pwf); } - while ((pw = getpwent()) != NULL) { + while ((pw = testsudoers_getpwent()) != NULL) { if (strcmp(pw->pw_name, name) == 0) break; } @@ -187,7 +173,7 @@ } struct passwd * -getpwuid(uid_t uid) +testsudoers_getpwuid(uid_t uid) { struct passwd *pw; @@ -201,7 +187,7 @@ } else { rewind(pwf); } - while ((pw = getpwent()) != NULL) { + while ((pw = testsudoers_getpwent()) != NULL) { if (pw->pw_uid == uid) break; } @@ -213,7 +199,7 @@ } void -setgrfile(const char *file) +testsudoers_setgrfile(const char *file) { grfile = file; if (grf != NULL) @@ -221,7 +207,7 @@ } void -setgrent(void) +testsudoers_setgrent(void) { if (grf == NULL) { grf = fopen(grfile, "r"); @@ -238,7 +224,7 @@ } void -endgrent(void) +testsudoers_endgrent(void) { if (grf != NULL) { fclose(grf); @@ -248,7 +234,7 @@ } struct group * -getgrent(void) +testsudoers_getgrent(void) { static struct group gr; static char grbuf[LINE_MAX], *gr_mem[GRMEM_MAX+1]; @@ -297,7 +283,7 @@ } struct group * -getgrnam(const char *name) +testsudoers_getgrnam(const char *name) { struct group *gr; @@ -311,7 +297,7 @@ } else { rewind(grf); } - while ((gr = getgrent()) != NULL) { + while ((gr = testsudoers_getgrent()) != NULL) { if (strcmp(gr->gr_name, name) == 0) break; } @@ -323,7 +309,7 @@ } struct group * -getgrgid(gid_t gid) +testsudoers_getgrgid(gid_t gid) { struct group *gr; @@ -337,7 +323,7 @@ } else { rewind(grf); } - while ((gr = getgrent()) != NULL) { + while ((gr = testsudoers_getgrent()) != NULL) { if (gr->gr_gid == gid) break; } @@ -352,7 +338,7 @@ * Copied from getgrouplist.c */ int -sudo_getgrouplist2_v1(const char *name, GETGROUPS_T basegid, +testsudoers_getgrouplist2_v1(const char *name, GETGROUPS_T basegid, GETGROUPS_T **groupsp, int *ngroupsp) { GETGROUPS_T *groups = *groupsp; @@ -378,8 +364,8 @@ /* We support BSD semantics where the first element is the base gid */ groups[0] = basegid; - setgrent(); - while ((grp = getgrent()) != NULL) { + testsudoers_setgrent(); + while ((grp = testsudoers_getgrent()) != NULL) { if (grp->gr_gid == basegid || grp->gr_mem == NULL) continue; @@ -419,7 +405,7 @@ ret = 0; done: - endgrent(); + testsudoers_endgrent(); *groupsp = groups; *ngroupsp = ngroups; diff -Nru sudo-1.9.5p2/plugins/sudoers/tsgetgrpw.h sudo-1.9.9/plugins/sudoers/tsgetgrpw.h --- sudo-1.9.5p2/plugins/sudoers/tsgetgrpw.h 2020-12-17 01:33:44.000000000 +0000 +++ sudo-1.9.9/plugins/sudoers/tsgetgrpw.h 2022-01-27 21:24:06.000000000 +0000 @@ -1,7 +1,7 @@ /* * SPDX-License-Identifier: ISC * - * Copyright (c) 2010 Todd C. Miller + * Copyright (c) 2010, 2021 Todd C. Miller * * Permission to use, copy, modify, and distribute this software for any * purpose with or without fee is hereby granted, provided that the above @@ -24,51 +24,19 @@ #include -/* - * Define away the system prototypes so we don't have any conflicts. - */ - -#define setgrfile sys_setgrfile -#define setgrent sys_setgrent -#define endgrent sys_endgrent -#define getgrent sys_getgrent -#define getgrnam sys_getgrnam -#define getgrgid sys_getgrgid - -#define setpwfile sys_setpwfile -#define setpwent sys_setpwent -#define endpwent sys_endpwent -#define getpwent sys_getpwent -#define getpwnam sys_getpwnam -#define getpwuid sys_getpwuid - #include #include -#undef setgrfile -#undef setgrent -#undef endgrent -#undef getgrent -#undef getgrnam -#undef getgrgid - -void setgrfile(const char *); -void setgrent(void); -void endgrent(void); -struct group *getgrent(void); -struct group *getgrnam(const char *); -struct group *getgrgid(gid_t); - -#undef setpwfile -#undef setpwent -#undef endpwent -#undef getpwent -#undef getpwnam -#undef getpwuid - -void setpwfile(const char *); -void setpwent(void); -void endpwent(void); -struct passwd *getpwent(void); -struct passwd *getpwnam(const char *); -struct passwd *getpwuid(uid_t); +void testsudoers_setgrfile(const char *); +void testsudoers_setgrent(void); +void testsudoers_endgrent(void); +struct group *testsudoers_getgrent(void); +struct group *testsudoers_getgrnam(const char *); +struct group *testsudoers_getgrgid(gid_t); + +void testsudoers_setpwfile(const char *); +void testsudoers_setpwent(void); +void testsudoers_endpwent(void); +struct passwd *testsudoers_getpwent(void); +struct passwd *testsudoers_getpwnam(const char *); +struct passwd *testsudoers_getpwuid(uid_t); diff -Nru sudo-1.9.5p2/plugins/sudoers/visudo.c sudo-1.9.9/plugins/sudoers/visudo.c --- sudo-1.9.5p2/plugins/sudoers/visudo.c 2021-01-09 20:12:16.000000000 +0000 +++ sudo-1.9.9/plugins/sudoers/visudo.c 2022-01-27 21:24:22.000000000 +0000 @@ -85,11 +85,10 @@ */ static void quit(int); static int whatnow(void); -static int check_aliases(bool strict, bool quiet); static char *get_editor(int *editor_argc, char ***editor_argv); -static bool check_syntax(const char *, bool, bool, bool); +static bool check_syntax(const char *, bool, bool, bool, bool); static bool edit_sudoers(struct sudoersfile *, char *, int, char **, int); -static bool install_sudoers(struct sudoersfile *, bool); +static bool install_sudoers(struct sudoersfile *, bool, bool); static int print_unused(struct sudoers_parse_tree *, struct alias *, void *); static bool reparse_sudoers(char *, int, char **, bool, bool); static int run_command(char *, char **); @@ -100,7 +99,6 @@ static void visudo_cleanup(void); extern void get_hostname(void); -extern void sudoersrestart(FILE *); /* * Globals @@ -109,12 +107,14 @@ struct passwd *list_pw; static struct sudoersfile_list sudoerslist = TAILQ_HEAD_INITIALIZER(sudoerslist); static bool checkonly; -static const char short_opts[] = "cf:hqsVx:"; +static const char short_opts[] = "cf:hOPqsVx:"; static struct option long_opts[] = { { "check", no_argument, NULL, 'c' }, { "export", required_argument, NULL, 'x' }, { "file", required_argument, NULL, 'f' }, { "help", no_argument, NULL, 'h' }, + { "owner", no_argument, NULL, 'O' }, + { "perms", no_argument, NULL, 'P' }, { "quiet", no_argument, NULL, 'q' }, { "strict", no_argument, NULL, 's' }, { "version", no_argument, NULL, 'V' }, @@ -130,7 +130,7 @@ char *editor, **editor_argv; const char *export_path = NULL; int ch, oldlocale, editor_argc, exitcode = 0; - bool quiet, strict, fflag; + bool use_perms, use_owner, quiet, strict, fflag; debug_decl(main, SUDOERS_DEBUG_MAIN); #if defined(SUDO_DEVEL) && defined(__OpenBSD__) @@ -170,7 +170,7 @@ /* * Arg handling. */ - checkonly = fflag = quiet = strict = false; + fflag = quiet = strict = use_owner = use_perms = false; while ((ch = getopt_long(argc, argv, short_opts, long_opts, NULL)) != -1) { switch (ch) { case 'V': @@ -189,6 +189,12 @@ case 'h': help(); break; + case 'O': + use_owner = true; /* check/set owner */ + break; + case 'P': + use_perms = true; /* check/set perms */ + break; case 's': strict = true; /* strict mode */ break; @@ -220,6 +226,12 @@ usage(1); } + /* Check/set owner and mode for installed sudoers file. */ + if (!fflag) { + use_owner = true; + use_perms = true; + } + if (export_path != NULL) { /* Backward compatibility for the time being. */ sudo_warnx("%s", @@ -249,7 +261,8 @@ sudo_fatalx("%s", U_("unable to initialize sudoers default values")); if (checkonly) { - exitcode = check_syntax(sudoers_file, quiet, strict, fflag) ? 0 : 1; + exitcode = check_syntax(sudoers_file, quiet, strict, use_owner, + use_perms) ? 0 : 1; goto done; } @@ -289,7 +302,15 @@ */ if (reparse_sudoers(editor, editor_argc, editor_argv, strict, quiet)) { TAILQ_FOREACH(sp, &sudoerslist, entries) { - (void) install_sudoers(sp, fflag); + if (!install_sudoers(sp, use_owner, use_perms)) { + if (sp->tpath != NULL) { + sudo_warnx(U_("contents of edit session left in %s"), + sp->tpath); + free(sp->tpath); + sp->tpath = NULL; + } + exitcode = 1; + } } } free(editor); @@ -333,7 +354,7 @@ } editor_path = find_editor(2, files, editor_argc, editor_argv, allowlist, - &env_editor, true); + &env_editor); if (editor_path == NULL) { if (def_env_editor && env_editor != NULL) { /* We are honoring $EDITOR so this is a fatal error. */ @@ -382,15 +403,11 @@ static bool editor_supports_plus(const char *editor) { - const char *editor_base = strrchr(editor, '/'); - const char *cp; + const char *cp, *editor_base; char **av; debug_decl(editor_supports_plus, SUDOERS_DEBUG_UTIL); - if (editor_base != NULL) - editor_base++; - else - editor_base = editor; + editor_base = sudo_basename(editor); if (*editor_base == 'r') editor_base++; @@ -502,7 +519,7 @@ /* * Check for zero length sudoers file. */ - if (stat(sp->tpath, &sb) < 0) { + if (stat(sp->tpath, &sb) == -1) { sudo_warnx(U_("unable to stat temporary file (%s), %s unchanged"), sp->tpath, sp->path); goto done; @@ -556,21 +573,21 @@ if (!check_defaults(&parsed_policy, quiet)) { struct defaults *d; - rcstr_delref(errorfile); + sudo_rcstr_delref(errorfile); errorfile = NULL; errorlineno = -1; /* XXX - should edit all files with errors */ TAILQ_FOREACH(d, &parsed_policy.defaults, entries) { if (d->error) { /* Defaults parse error, set errorfile/errorlineno. */ - errorfile = rcstr_addref(d->file); + errorfile = sudo_rcstr_addref(d->file); errorlineno = d->line; break; } } parse_error = true; } - if (check_aliases(strict, quiet) != 0) { + if (check_aliases(&parsed_policy, strict, quiet, print_unused) != 0) { parse_error = true; } debug_return; @@ -610,8 +627,8 @@ sudo_warnx(U_("unable to parse temporary file (%s), unknown error"), sp->tpath); parse_error = true; - rcstr_delref(errorfile); - if ((errorfile = rcstr_dup(sp->path)) == NULL) + sudo_rcstr_delref(errorfile); + if ((errorfile = sudo_rcstr_dup(sp->path)) == NULL) sudo_fatalx(U_("%s: %s"), __func__, U_("unable to allocate memory")); } fclose(sudoersin); @@ -682,33 +699,38 @@ * move it into place. Returns true on success, else false. */ static bool -install_sudoers(struct sudoersfile *sp, bool oldperms) +install_sudoers(struct sudoersfile *sp, bool set_owner, bool set_mode) { struct stat sb; bool ret = false; debug_decl(install_sudoers, SUDOERS_DEBUG_UTIL); - if (sp->tpath == NULL) + if (sp->tpath == NULL) { + ret = true; goto done; + } if (!sp->modified) { /* * No changes but fix owner/mode if needed. */ (void) unlink(sp->tpath); - if (!oldperms && fstat(sp->fd, &sb) != -1) { - if (sb.st_uid != sudoers_uid || sb.st_gid != sudoers_gid) { - if (chown(sp->path, sudoers_uid, sudoers_gid) != 0) { - sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_ERRNO, - "%s: unable to chown %d:%d %s", __func__, - (int)sudoers_uid, (int)sudoers_gid, sp->path); + if (fstat(sp->fd, &sb) == 0) { + if (set_owner) { + if (sb.st_uid != sudoers_uid || sb.st_gid != sudoers_gid) { + if (chown(sp->path, sudoers_uid, sudoers_gid) != 0) { + sudo_warn(U_("unable to set (uid, gid) of %s to (%u, %u)"), + sp->path, (unsigned int)sudoers_uid, + (unsigned int)sudoers_gid); + } } } - if ((sb.st_mode & ACCESSPERMS) != sudoers_mode) { - if (chmod(sp->path, sudoers_mode) != 0) { - sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_ERRNO, - "%s: unable to chmod 0%o %s", __func__, - (int)sudoers_mode, sp->path); + if (set_mode) { + if ((sb.st_mode & ACCESSPERMS) != sudoers_mode) { + if (chmod(sp->path, sudoers_mode) != 0) { + sudo_warn(U_("unable to change mode of %s to 0%o"), + sp->path, (unsigned int)sudoers_mode); + } } } } @@ -720,30 +742,35 @@ * Change mode and ownership of temp file so when * we move it to sp->path things are kosher. */ - if (oldperms) { - /* Use perms of the existing file. */ + if (!set_owner || !set_mode) { + /* Preserve owner/perms of the existing file. */ if (fstat(sp->fd, &sb) == -1) sudo_fatal(U_("unable to stat %s"), sp->path); - if (chown(sp->tpath, sb.st_uid, sb.st_gid) != 0) { - sudo_warn(U_("unable to set (uid, gid) of %s to (%u, %u)"), - sp->tpath, (unsigned int)sb.st_uid, (unsigned int)sb.st_gid); - } - if (chmod(sp->tpath, sb.st_mode & ACCESSPERMS) != 0) { - sudo_warn(U_("unable to change mode of %s to 0%o"), sp->tpath, - (unsigned int)(sb.st_mode & ACCESSPERMS)); - } - } else { + } + if (set_owner) { if (chown(sp->tpath, sudoers_uid, sudoers_gid) != 0) { sudo_warn(U_("unable to set (uid, gid) of %s to (%u, %u)"), sp->tpath, (unsigned int)sudoers_uid, (unsigned int)sudoers_gid); goto done; } + } else { + if (chown(sp->tpath, sb.st_uid, sb.st_gid) != 0) { + sudo_warn(U_("unable to set (uid, gid) of %s to (%u, %u)"), + sp->tpath, (unsigned int)sb.st_uid, (unsigned int)sb.st_gid); + } + } + if (set_mode) { if (chmod(sp->tpath, sudoers_mode) != 0) { sudo_warn(U_("unable to change mode of %s to 0%o"), sp->tpath, (unsigned int)sudoers_mode); goto done; } + } else { + if (chmod(sp->tpath, sb.st_mode & ACCESSPERMS) != 0) { + sudo_warn(U_("unable to change mode of %s to 0%o"), sp->tpath, + (unsigned int)(sb.st_mode & ACCESSPERMS)); + } } /* @@ -761,28 +788,21 @@ sp->tpath, sp->path); /* Build up argument vector for the command */ - if ((av[0] = strrchr(_PATH_MV, '/')) != NULL) - av[0]++; - else - av[0] = _PATH_MV; + av[0] = sudo_basename(_PATH_MV); av[1] = sp->tpath; av[2] = sp->path; av[3] = NULL; /* And run it... */ - if (run_command(_PATH_MV, av)) { + if (run_command(_PATH_MV, av) != 0) { sudo_warnx(U_("command failed: '%s %s %s', %s unchanged"), _PATH_MV, sp->tpath, sp->path, sp->path); - (void) unlink(sp->tpath); - free(sp->tpath); - sp->tpath = NULL; goto done; } free(sp->tpath); sp->tpath = NULL; } else { sudo_warn(U_("error renaming %s, %s unchanged"), sp->tpath, sp->path); - (void) unlink(sp->tpath); goto done; } } @@ -881,26 +901,32 @@ } static bool -check_owner(const char *path, bool quiet) +check_file(const char *path, bool quiet, bool check_owner, bool check_mode) { struct stat sb; bool ok = true; - debug_decl(check_owner, SUDOERS_DEBUG_UTIL); + debug_decl(check_file, SUDOERS_DEBUG_UTIL); if (stat(path, &sb) == 0) { - if (sb.st_uid != sudoers_uid || sb.st_gid != sudoers_gid) { - ok = false; - if (!quiet) { - fprintf(stderr, - _("%s: wrong owner (uid, gid) should be (%u, %u)\n"), - path, (unsigned int)sudoers_uid, (unsigned int)sudoers_gid); + if (check_owner) { + if (sb.st_uid != sudoers_uid || sb.st_gid != sudoers_gid) { + ok = false; + if (!quiet) { + fprintf(stderr, + _("%s: wrong owner (uid, gid) should be (%u, %u)\n"), + path, (unsigned int)sudoers_uid, + (unsigned int)sudoers_gid); } + } } - if ((sb.st_mode & ALLPERMS) != sudoers_mode) { - ok = false; - if (!quiet) { - fprintf(stderr, _("%s: bad permissions, should be mode 0%o\n"), - path, (unsigned int)sudoers_mode); + if (check_mode) { + if ((sb.st_mode & ALLPERMS) != sudoers_mode) { + ok = false; + if (!quiet) { + fprintf(stderr, + _("%s: bad permissions, should be mode 0%o\n"), + path, (unsigned int)sudoers_mode); + } } } } @@ -908,7 +934,8 @@ } static bool -check_syntax(const char *file, bool quiet, bool strict, bool oldperms) +check_syntax(const char *file, bool quiet, bool strict, bool check_owner, + bool check_mode) { bool ok = false; int oldlocale; @@ -930,8 +957,8 @@ if (!quiet) sudo_warnx(U_("failed to parse %s file, unknown error"), file); parse_error = true; - rcstr_delref(errorfile); - if ((errorfile = rcstr_dup(file)) == NULL) + sudo_rcstr_delref(errorfile); + if ((errorfile = sudo_rcstr_dup(file)) == NULL) sudo_fatalx(U_("%s: %s"), __func__, U_("unable to allocate memory")); } if (!parse_error) { @@ -946,14 +973,14 @@ struct sudoersfile *sp; /* Parsed OK, check mode and owner. */ - if (oldperms || check_owner(file, quiet)) { + if (check_file(file, quiet, check_owner, check_mode)) { if (!quiet) (void) printf(_("%s: parsed OK\n"), file); } else { ok = false; } TAILQ_FOREACH(sp, &sudoerslist, entries) { - if (oldperms || check_owner(sp->path, quiet)) { + if (check_file(sp->path, quiet, check_owner, check_mode)) { if (!quiet) (void) printf(_("%s: parsed OK\n"), sp->path); } else { @@ -1024,6 +1051,7 @@ bad: if (entry->fd != -1) close(entry->fd); + free(entry->path); free(entry); debug_return_ptr(NULL); } @@ -1066,128 +1094,17 @@ debug_return_ptr(fp); } +/* Display unused aliases from check_aliases(). */ static int -check_alias(char *name, int type, char *file, int line, int column, - bool strict, bool quiet) +print_unused(struct sudoers_parse_tree *parse_tree, struct alias *a, void *v) { - struct member *m; - struct alias *a; - int errors = 0; - debug_decl(check_alias, SUDOERS_DEBUG_ALIAS); - - if ((a = alias_get(&parsed_policy, name, type)) != NULL) { - /* check alias contents */ - TAILQ_FOREACH(m, &a->members, entries) { - if (m->type != ALIAS) - continue; - errors += check_alias(m->name, type, a->file, a->line, a->column, - strict, quiet); - } - alias_put(a); - } else { - if (!quiet) { - if (errno == ELOOP) { - fprintf(stderr, strict ? - U_("Error: %s:%d:%d: cycle in %s \"%s\"") : - U_("Warning: %s:%d:%d: cycle in %s \"%s\""), - file, line, column, alias_type_to_string(type), name); - } else { - fprintf(stderr, strict ? - U_("Error: %s:%d:%d: %s \"%s\" referenced but not defined") : - U_("Warning: %s:%d:%d: %s \"%s\" referenced but not defined"), - file, line, column, alias_type_to_string(type), name); - } - fputc('\n', stderr); - if (strict && errorfile == NULL) { - errorfile = rcstr_addref(file); - errorlineno = line; - } - } - errors++; - } + const bool quiet = *((bool *)v); - debug_return_int(errors); -} - -/* - * Iterate through the sudoers datastructures looking for undefined - * aliases or unused aliases. - */ -static int -check_aliases(bool strict, bool quiet) -{ - struct rbtree *used_aliases; - struct cmndspec *cs; - struct member *m; - struct privilege *priv; - struct userspec *us; - int errors = 0; - debug_decl(check_aliases, SUDOERS_DEBUG_ALIAS); - - used_aliases = alloc_aliases(); - if (used_aliases == NULL) { - sudo_warnx(U_("%s: %s"), __func__, U_("unable to allocate memory")); - debug_return_int(-1); - } - - /* Forward check. */ - TAILQ_FOREACH(us, &parsed_policy.userspecs, entries) { - TAILQ_FOREACH(m, &us->users, entries) { - if (m->type == ALIAS) { - errors += check_alias(m->name, USERALIAS, - us->file, us->line, us->column, strict, quiet); - } - } - TAILQ_FOREACH(priv, &us->privileges, entries) { - TAILQ_FOREACH(m, &priv->hostlist, entries) { - if (m->type == ALIAS) { - errors += check_alias(m->name, HOSTALIAS, - us->file, us->line, us->column, strict, quiet); - } - } - TAILQ_FOREACH(cs, &priv->cmndlist, entries) { - if (cs->runasuserlist != NULL) { - TAILQ_FOREACH(m, cs->runasuserlist, entries) { - if (m->type == ALIAS) { - errors += check_alias(m->name, RUNASALIAS, - us->file, us->line, us->column, strict, quiet); - } - } - } - if (cs->runasgrouplist != NULL) { - TAILQ_FOREACH(m, cs->runasgrouplist, entries) { - if (m->type == ALIAS) { - errors += check_alias(m->name, RUNASALIAS, - us->file, us->line, us->column, strict, quiet); - } - } - } - if ((m = cs->cmnd)->type == ALIAS) { - errors += check_alias(m->name, CMNDALIAS, - us->file, us->line, us->column, strict, quiet); - } - } - } + if (!quiet) { + fprintf(stderr, U_("Warning: %s:%d:%d: unused %s \"%s\""), a->file, + a->line, a->column, alias_type_to_string(a->type), a->name); + fputc('\n', stderr); } - - /* Reverse check (destructive) */ - if (!alias_find_used(&parsed_policy, used_aliases)) - errors++; - free_aliases(used_aliases); - - /* If all aliases were referenced we will have an empty tree. */ - if (!no_aliases(&parsed_policy) && !quiet) - alias_apply(&parsed_policy, print_unused, NULL); - - debug_return_int(strict ? errors : 0); -} - -static int -print_unused(struct sudoers_parse_tree *parse_tree, struct alias *a, void *v) -{ - fprintf(stderr, U_("Warning: %s:%d:%d: unused %s \"%s\""), - a->file, a->line, a->column, alias_type_to_string(a->type), a->name); - fputc('\n', stderr); return 0; } diff -Nru sudo-1.9.5p2/plugins/system_group/Makefile.in sudo-1.9.9/plugins/system_group/Makefile.in --- sudo-1.9.5p2/plugins/system_group/Makefile.in 2021-01-09 20:12:16.000000000 +0000 +++ sudo-1.9.9/plugins/system_group/Makefile.in 2022-01-27 21:24:06.000000000 +0000 @@ -38,7 +38,7 @@ AWK = @AWK@ # Our install program supports extra flags... -INSTALL = $(SHELL) $(top_srcdir)/install-sh -c +INSTALL = $(SHELL) $(scriptdir)/install-sh -c INSTALL_OWNER = -o $(install_uid) -g $(install_gid) INSTALL_BACKUP = @INSTALL_BACKUP@ @@ -166,6 +166,8 @@ INSTALL_BACKUP='$(INSTALL_BACKUP)' $(LIBTOOL) $(LTFLAGS) --mode=install $(INSTALL) $(INSTALL_OWNER) -m $(shlib_mode) system_group.la $(DESTDIR)$(plugindir); \ fi +install-fuzzer: + uninstall: -$(LIBTOOL) $(LTFLAGS) --mode=uninstall rm -f $(DESTDIR)$(plugindir)/system_group.la -test -z "$(INSTALL_BACKUP)" || \ @@ -182,7 +184,11 @@ pvs-studio: $(POBJS) plog-converter $(PVS_LOG_OPTS) $(POBJS) -check: +fuzz: + +check-fuzzer: + +check: check-fuzzer clean: -$(LIBTOOL) $(LTFLAGS) --mode=clean rm -f *.lo *.o *.la @@ -200,6 +206,8 @@ cleandir: realclean +.PHONY: clean mostlyclean distclean cleandir clobber realclean + # Autogenerated dependencies, do not modify system_group.lo: $(srcdir)/system_group.c $(incdir)/compat/stdbool.h \ $(incdir)/sudo_compat.h $(incdir)/sudo_dso.h \ Binary files /tmp/tmpi0rdlgnl/ugezXHF7Xt/sudo-1.9.5p2/po/ca.mo and /tmp/tmpi0rdlgnl/jboyaHmwzR/sudo-1.9.9/po/ca.mo differ diff -Nru sudo-1.9.5p2/po/ca.po sudo-1.9.9/po/ca.po --- sudo-1.9.5p2/po/ca.po 2020-12-17 01:33:44.000000000 +0000 +++ sudo-1.9.9/po/ca.po 2022-01-27 21:24:06.000000000 +0000 @@ -1,12 +1,12 @@ # translation of sudo to Catalan # This file is put in the public domain. -# Walter Garcia-Fontes , 2020. +# Walter Garcia-Fontes , 2021. msgid "" msgstr "" -"Project-Id-Version: sudo 1.8.29rc1\n" +"Project-Id-Version: sudo 1.9.6b1\n" "Report-Msgid-Bugs-To: https://bugzilla.sudo.ws\n" -"POT-Creation-Date: 2019-10-21 19:55-0600\n" -"PO-Revision-Date: 2020-03-03 12:42+0100\n" +"POT-Creation-Date: 2021-01-09 12:59-0700\n" +"PO-Revision-Date: 2021-04-20 14:35+0200\n" "Last-Translator: Walter Garcia-Fontes \n" "Language-Team: Catalan \n" "Language: ca\n" @@ -15,381 +15,450 @@ "Content-Transfer-Encoding: 8bit\n" "X-Bugs: Report translation errors to the Language-Team address.\n" -#: lib/util/aix.c:92 lib/util/aix.c:172 +#: lib/util/aix.c:89 lib/util/aix.c:169 msgid "unable to open userdb" msgstr "no s'ha pogut obrir userdb" -#: lib/util/aix.c:227 +#: lib/util/aix.c:224 #, c-format msgid "unable to switch to registry \"%s\" for %s" msgstr "no s'ha pogut passar al registre \"%s\" per a %s" -#: lib/util/aix.c:252 +#: lib/util/aix.c:249 msgid "unable to restore registry" msgstr "no s'ha pogut restaurar el registre" -#: lib/util/aix.c:275 lib/util/gidlist.c:71 lib/util/gidlist.c:81 -#: lib/util/sudo_conf.c:193 lib/util/sudo_conf.c:279 lib/util/sudo_conf.c:356 -#: lib/util/sudo_conf.c:560 src/conversation.c:84 src/exec_common.c:114 -#: src/exec_common.c:130 src/exec_common.c:139 src/exec_monitor.c:212 -#: src/exec_monitor.c:467 src/exec_monitor.c:473 src/exec_monitor.c:481 -#: src/exec_monitor.c:489 src/exec_monitor.c:496 src/exec_monitor.c:503 -#: src/exec_monitor.c:510 src/exec_monitor.c:517 src/exec_monitor.c:524 -#: src/exec_monitor.c:531 src/exec_monitor.c:538 src/exec_nopty.c:214 -#: src/exec_nopty.c:220 src/exec_nopty.c:229 src/exec_nopty.c:236 -#: src/exec_nopty.c:243 src/exec_nopty.c:250 src/exec_nopty.c:257 -#: src/exec_nopty.c:264 src/exec_nopty.c:271 src/exec_nopty.c:278 -#: src/exec_nopty.c:285 src/exec_nopty.c:292 src/exec_nopty.c:299 -#: src/exec_nopty.c:307 src/exec_nopty.c:480 src/exec_pty.c:786 -#: src/exec_pty.c:795 src/exec_pty.c:852 src/exec_pty.c:1002 -#: src/exec_pty.c:1165 src/exec_pty.c:1171 src/exec_pty.c:1180 -#: src/exec_pty.c:1187 src/exec_pty.c:1194 src/exec_pty.c:1201 -#: src/exec_pty.c:1208 src/exec_pty.c:1215 src/exec_pty.c:1222 -#: src/exec_pty.c:1229 src/exec_pty.c:1236 src/exec_pty.c:1243 -#: src/exec_pty.c:1251 src/exec_pty.c:1668 src/load_plugins.c:59 -#: src/load_plugins.c:72 src/load_plugins.c:225 src/load_plugins.c:246 -#: src/load_plugins.c:315 src/load_plugins.c:321 src/load_plugins.c:335 -#: src/load_plugins.c:341 src/parse_args.c:186 src/parse_args.c:207 -#: src/parse_args.c:282 src/parse_args.c:583 src/parse_args.c:605 -#: src/preserve_fds.c:54 src/preserve_fds.c:139 src/selinux.c:91 -#: src/selinux.c:337 src/selinux.c:450 src/selinux.c:459 src/sesh.c:117 -#: src/sudo.c:619 src/sudo.c:679 src/sudo.c:689 src/sudo.c:710 src/sudo.c:729 -#: src/sudo.c:738 src/sudo.c:747 src/sudo.c:764 src/sudo.c:805 src/sudo.c:815 -#: src/sudo.c:841 src/sudo.c:1041 src/sudo.c:1062 src/sudo.c:1240 -#: src/sudo.c:1356 src/sudo_edit.c:258 src/sudo_edit.c:794 src/sudo_edit.c:891 -#: src/sudo_edit.c:1005 src/sudo_edit.c:1025 +#: lib/util/aix.c:272 lib/util/gidlist.c:66 lib/util/gidlist.c:76 +#: lib/util/json.c:54 lib/util/json.c:183 lib/util/sudo_conf.c:198 +#: lib/util/sudo_conf.c:284 lib/util/sudo_conf.c:361 lib/util/sudo_conf.c:647 +#: src/conversation.c:80 src/exec_common.c:106 src/exec_common.c:122 +#: src/exec_common.c:131 src/exec_monitor.c:206 src/exec_monitor.c:455 +#: src/exec_monitor.c:461 src/exec_monitor.c:469 src/exec_monitor.c:477 +#: src/exec_monitor.c:484 src/exec_monitor.c:491 src/exec_monitor.c:498 +#: src/exec_monitor.c:505 src/exec_monitor.c:512 src/exec_monitor.c:519 +#: src/exec_monitor.c:526 src/exec_nopty.c:212 src/exec_nopty.c:221 +#: src/exec_nopty.c:228 src/exec_nopty.c:235 src/exec_nopty.c:242 +#: src/exec_nopty.c:249 src/exec_nopty.c:256 src/exec_nopty.c:263 +#: src/exec_nopty.c:270 src/exec_nopty.c:277 src/exec_nopty.c:284 +#: src/exec_nopty.c:291 src/exec_nopty.c:299 src/exec_nopty.c:473 +#: src/exec_pty.c:834 src/exec_pty.c:843 src/exec_pty.c:900 +#: src/exec_pty.c:1053 src/exec_pty.c:1225 src/exec_pty.c:1234 +#: src/exec_pty.c:1241 src/exec_pty.c:1248 src/exec_pty.c:1255 +#: src/exec_pty.c:1262 src/exec_pty.c:1269 src/exec_pty.c:1276 +#: src/exec_pty.c:1283 src/exec_pty.c:1290 src/exec_pty.c:1297 +#: src/exec_pty.c:1305 src/exec_pty.c:1747 src/load_plugins.c:52 +#: src/load_plugins.c:65 src/load_plugins.c:163 src/load_plugins.c:188 +#: src/load_plugins.c:223 src/load_plugins.c:455 src/load_plugins.c:461 +#: src/parse_args.c:181 src/parse_args.c:202 src/parse_args.c:275 +#: src/parse_args.c:616 src/parse_args.c:638 src/parse_args.c:663 +#: src/preserve_fds.c:46 src/preserve_fds.c:131 src/selinux.c:90 +#: src/selinux.c:360 src/selinux.c:489 src/selinux.c:498 src/sesh.c:110 +#: src/sesh.c:143 src/sesh.c:149 src/sesh.c:156 src/sesh.c:162 src/sesh.c:407 +#: src/sudo.c:632 src/sudo.c:702 src/sudo.c:712 src/sudo.c:733 src/sudo.c:752 +#: src/sudo.c:761 src/sudo.c:770 src/sudo.c:787 src/sudo.c:829 src/sudo.c:839 +#: src/sudo.c:868 src/sudo.c:1054 src/sudo.c:1076 src/sudo.c:1378 +#: src/sudo.c:1551 src/sudo.c:1776 src/sudo.c:2120 src/sudo_edit.c:89 +#: src/sudo_edit.c:151 src/sudo_edit.c:431 src/sudo_edit.c:440 +#: src/sudo_edit.c:539 src/sudo_edit.c:546 src/sudo_edit.c:682 +#: src/sudo_edit.c:702 #, c-format msgid "%s: %s" msgstr "%s: %s" -#: lib/util/aix.c:275 lib/util/gidlist.c:71 lib/util/sudo_conf.c:194 -#: lib/util/sudo_conf.c:279 lib/util/sudo_conf.c:356 lib/util/sudo_conf.c:560 -#: src/conversation.c:85 src/exec_common.c:114 src/exec_common.c:131 -#: src/exec_common.c:140 src/exec_monitor.c:467 src/exec_monitor.c:473 -#: src/exec_monitor.c:481 src/exec_monitor.c:489 src/exec_monitor.c:496 -#: src/exec_monitor.c:503 src/exec_monitor.c:510 src/exec_monitor.c:517 -#: src/exec_monitor.c:524 src/exec_monitor.c:531 src/exec_monitor.c:538 -#: src/exec_nopty.c:214 src/exec_nopty.c:220 src/exec_nopty.c:229 -#: src/exec_nopty.c:236 src/exec_nopty.c:243 src/exec_nopty.c:250 -#: src/exec_nopty.c:257 src/exec_nopty.c:264 src/exec_nopty.c:271 -#: src/exec_nopty.c:278 src/exec_nopty.c:285 src/exec_nopty.c:292 -#: src/exec_nopty.c:299 src/exec_nopty.c:307 src/exec_pty.c:786 -#: src/exec_pty.c:795 src/exec_pty.c:852 src/exec_pty.c:1165 -#: src/exec_pty.c:1171 src/exec_pty.c:1180 src/exec_pty.c:1187 -#: src/exec_pty.c:1194 src/exec_pty.c:1201 src/exec_pty.c:1208 -#: src/exec_pty.c:1215 src/exec_pty.c:1222 src/exec_pty.c:1229 -#: src/exec_pty.c:1236 src/exec_pty.c:1243 src/exec_pty.c:1251 -#: src/exec_pty.c:1668 src/load_plugins.c:225 src/load_plugins.c:246 -#: src/load_plugins.c:315 src/load_plugins.c:321 src/load_plugins.c:335 -#: src/load_plugins.c:341 src/parse_args.c:186 src/parse_args.c:208 -#: src/parse_args.c:282 src/parse_args.c:583 src/parse_args.c:605 -#: src/preserve_fds.c:54 src/preserve_fds.c:139 src/selinux.c:91 -#: src/selinux.c:337 src/selinux.c:450 src/selinux.c:459 src/sesh.c:117 -#: src/sudo.c:619 src/sudo.c:841 src/sudo.c:1041 src/sudo.c:1062 -#: src/sudo.c:1240 src/sudo.c:1356 src/sudo_edit.c:258 src/sudo_edit.c:794 -#: src/sudo_edit.c:891 src/sudo_edit.c:1005 src/sudo_edit.c:1025 +#: lib/util/aix.c:272 lib/util/gidlist.c:66 lib/util/json.c:55 +#: lib/util/json.c:184 lib/util/sudo_conf.c:199 lib/util/sudo_conf.c:284 +#: lib/util/sudo_conf.c:361 lib/util/sudo_conf.c:647 src/conversation.c:81 +#: src/exec_common.c:106 src/exec_common.c:123 src/exec_common.c:132 +#: src/exec_monitor.c:455 src/exec_monitor.c:461 src/exec_monitor.c:469 +#: src/exec_monitor.c:477 src/exec_monitor.c:484 src/exec_monitor.c:491 +#: src/exec_monitor.c:498 src/exec_monitor.c:505 src/exec_monitor.c:512 +#: src/exec_monitor.c:519 src/exec_monitor.c:526 src/exec_nopty.c:212 +#: src/exec_nopty.c:221 src/exec_nopty.c:228 src/exec_nopty.c:235 +#: src/exec_nopty.c:242 src/exec_nopty.c:249 src/exec_nopty.c:256 +#: src/exec_nopty.c:263 src/exec_nopty.c:270 src/exec_nopty.c:277 +#: src/exec_nopty.c:284 src/exec_nopty.c:291 src/exec_nopty.c:299 +#: src/exec_pty.c:834 src/exec_pty.c:843 src/exec_pty.c:900 +#: src/exec_pty.c:1225 src/exec_pty.c:1234 src/exec_pty.c:1241 +#: src/exec_pty.c:1248 src/exec_pty.c:1255 src/exec_pty.c:1262 +#: src/exec_pty.c:1269 src/exec_pty.c:1276 src/exec_pty.c:1283 +#: src/exec_pty.c:1290 src/exec_pty.c:1297 src/exec_pty.c:1305 +#: src/exec_pty.c:1747 src/load_plugins.c:163 src/load_plugins.c:188 +#: src/load_plugins.c:223 src/load_plugins.c:455 src/load_plugins.c:461 +#: src/parse_args.c:181 src/parse_args.c:203 src/parse_args.c:275 +#: src/parse_args.c:616 src/parse_args.c:638 src/parse_args.c:663 +#: src/preserve_fds.c:46 src/preserve_fds.c:131 src/selinux.c:90 +#: src/selinux.c:360 src/selinux.c:489 src/selinux.c:498 src/sesh.c:110 +#: src/sesh.c:408 src/sudo.c:236 src/sudo.c:632 src/sudo.c:868 src/sudo.c:1054 +#: src/sudo.c:1076 src/sudo.c:1378 src/sudo.c:1551 src/sudo.c:1776 +#: src/sudo.c:2120 src/sudo_edit.c:89 src/sudo_edit.c:151 src/sudo_edit.c:431 +#: src/sudo_edit.c:440 src/sudo_edit.c:539 src/sudo_edit.c:546 +#: src/sudo_edit.c:682 src/sudo_edit.c:702 msgid "unable to allocate memory" msgstr "no s'ha pogut assignar memòria" -#: lib/util/strsignal.c:55 +#: lib/util/mkdir_parents.c:69 lib/util/sudo_conf.c:686 src/selinux.c:234 +#: src/selinux.c:264 src/sudo.c:367 src/sudo_edit.c:496 src/sudo_edit.c:559 +#, c-format +msgid "unable to open %s" +msgstr "no s'ha pogut obrir %s" + +#: lib/util/mkdir_parents.c:84 +#, c-format +msgid "unable to mkdir %s" +msgstr "no es pot mkdir %s" + +#: lib/util/mkdir_parents.c:93 lib/util/sudo_conf.c:663 src/copy_file.c:150 +#, c-format +msgid "unable to stat %s" +msgstr "no es pot obrir %s" + +#: lib/util/mkdir_parents.c:98 +#, c-format +msgid "%s exists but is not a directory (0%o)" +msgstr "%s existeix però no és un directori (0%o)" + +#: lib/util/strsignal.c:50 msgid "Unknown signal" msgstr "Senyal desconegut" -#: lib/util/strtoid.c:96 lib/util/strtomode.c:56 lib/util/strtonum.c:161 -#: lib/util/strtonum.c:196 +#: lib/util/strtoid.c:87 lib/util/strtomode.c:52 lib/util/strtonum.c:148 +#: lib/util/strtonum.c:187 src/sesh.c:143 src/sesh.c:156 msgid "invalid value" msgstr "valor no vàlid" -#: lib/util/strtomode.c:62 lib/util/strtonum.c:173 +#: lib/util/strtomode.c:58 lib/util/strtonum.c:160 msgid "value too large" msgstr "valor massa gran" -#: lib/util/strtomode.c:62 lib/util/strtonum.c:167 +#: lib/util/strtomode.c:58 lib/util/strtonum.c:154 msgid "value too small" msgstr "valor massa petit" -#: lib/util/sudo_conf.c:212 +#: lib/util/sudo_conf.c:217 #, c-format msgid "invalid Path value \"%s\" in %s, line %u" msgstr "valor Path no vàlid «%s» a %s, línia %u" -#: lib/util/sudo_conf.c:378 lib/util/sudo_conf.c:431 +#: lib/util/sudo_conf.c:383 lib/util/sudo_conf.c:399 lib/util/sudo_conf.c:452 #, c-format msgid "invalid value for %s \"%s\" in %s, line %u" msgstr "valor no vàlid per a %s «%s» a %s, línia %u" -#: lib/util/sudo_conf.c:399 +#: lib/util/sudo_conf.c:420 #, c-format msgid "unsupported group source \"%s\" in %s, line %u" msgstr "font de grup no suportat «%s» a %s, línia %u" -#: lib/util/sudo_conf.c:415 +#: lib/util/sudo_conf.c:436 #, c-format msgid "invalid max groups \"%s\" in %s, line %u" msgstr "grups «%s» max no vàlids a %s, línia %u" -#: lib/util/sudo_conf.c:576 -#, c-format -msgid "unable to stat %s" -msgstr "no es pot obrir %s" - -#: lib/util/sudo_conf.c:579 +#: lib/util/sudo_conf.c:666 #, c-format msgid "%s is not a regular file" msgstr "%s no és un fitxer regular" -#: lib/util/sudo_conf.c:582 +#: lib/util/sudo_conf.c:669 src/copy_file.c:162 #, c-format msgid "%s is owned by uid %u, should be %u" msgstr "%s és propietat de l'uid %u, hauria de ser %u" -#: lib/util/sudo_conf.c:586 +#: lib/util/sudo_conf.c:673 #, c-format msgid "%s is world writable" msgstr "%s és escrivible per tothom" -#: lib/util/sudo_conf.c:589 +#: lib/util/sudo_conf.c:676 #, c-format msgid "%s is group writable" msgstr "%s és escrivible pel grup" -#: lib/util/sudo_conf.c:599 src/selinux.c:233 src/selinux.c:250 src/sudo.c:363 +#: src/copy_file.c:93 #, c-format -msgid "unable to open %s" -msgstr "no s'ha pogut obrir %s" +msgid "%s: truncate %s to zero bytes? (y/n) [n] " +msgstr "%s: voleu truncar %s a zero bytes? (y/n) [n] " + +#: src/copy_file.c:97 +#, c-format +msgid "not overwriting %s" +msgstr "no se sobreescriurà %s" + +#: src/copy_file.c:119 +#, c-format +msgid "unable to read from %s" +msgstr "no es pot llegir de %s" + +#: src/copy_file.c:136 src/sudo_edit.c:322 +#, c-format +msgid "unable to write to %s" +msgstr "no s'ha pogut escriure a %s" + +#: src/copy_file.c:154 src/sesh.c:215 src/sudo_edit.c:199 +#, c-format +msgid "%s: not a regular file" +msgstr "%s: no és un fitxer regular" -#: src/exec.c:111 +#: src/copy_file.c:158 +#, c-format +msgid "%s: bad file mode: 0%o" +msgstr "%s: mode de fitxer dolent: 0%o" + +#: src/edit_open.c:265 +msgid "unable to restore current working directory" +msgstr "no s'ha pogut restaurar el directori actual de treball" + +#: src/exec.c:128 #, c-format msgid "unknown login class %s" msgstr "classe d'inici de sessió %s desconeguda" -#: src/exec.c:123 +#: src/exec.c:140 msgid "unable to set user context" msgstr "no s'ha pogut establir el context d'usuari" -#: src/exec.c:139 +#: src/exec.c:156 msgid "unable to set process priority" msgstr "no s'ha pogut establir la prioritat del procés" -#: src/exec.c:150 +#: src/exec.c:170 #, c-format msgid "unable to change root to %s" msgstr "no s'ha pogut canviar l'usuari primari a %s" -#: src/exec.c:163 src/exec.c:169 src/exec.c:176 +#: src/exec.c:183 src/exec.c:189 src/exec.c:196 #, c-format msgid "unable to change to runas uid (%u, %u)" msgstr "no s'ha pogut canviar a runas uid (%u, %u)" -#: src/exec.c:194 +#: src/exec.c:214 #, c-format msgid "unable to change directory to %s" msgstr "no s'ha pogut canviar el directori a %s" -#: src/exec.c:293 src/exec_monitor.c:576 src/exec_monitor.c:578 -#: src/exec_nopty.c:538 src/exec_pty.c:530 src/exec_pty.c:1336 -#: src/exec_pty.c:1338 src/signal.c:150 src/signal.c:164 +#: src/exec.c:218 +#, c-format +msgid "starting from %s" +msgstr "començant des de %s" + +#: src/exec.c:300 src/exec_monitor.c:564 src/exec_monitor.c:566 +#: src/exec_nopty.c:531 src/exec_pty.c:575 src/exec_pty.c:1393 +#: src/exec_pty.c:1395 src/signal.c:139 src/signal.c:153 #, c-format msgid "unable to set handler for signal %d" msgstr "no es pot establir el gestor per al senyal %d" -#: src/exec_common.c:173 +#: src/exec_common.c:165 msgid "unable to remove PRIV_PROC_EXEC from PRIV_LIMIT" msgstr "no s'ha pogut remoure PRIV_PROC_EXEC de PRIV_LIMIT" -#: src/exec_monitor.c:366 +#: src/exec_monitor.c:360 msgid "error reading from socketpair" msgstr "error en llegir del parell de sòcols" -#: src/exec_monitor.c:383 +#: src/exec_monitor.c:377 #, c-format msgid "unexpected reply type on backchannel: %d" msgstr "tipus de resposta inesperada al canal posterior: %d" -#: src/exec_monitor.c:475 src/exec_monitor.c:483 src/exec_monitor.c:491 -#: src/exec_monitor.c:498 src/exec_monitor.c:505 src/exec_monitor.c:512 -#: src/exec_monitor.c:519 src/exec_monitor.c:526 src/exec_monitor.c:533 -#: src/exec_monitor.c:540 src/exec_nopty.c:222 src/exec_nopty.c:231 -#: src/exec_nopty.c:238 src/exec_nopty.c:245 src/exec_nopty.c:252 -#: src/exec_nopty.c:259 src/exec_nopty.c:266 src/exec_nopty.c:273 -#: src/exec_nopty.c:280 src/exec_nopty.c:287 src/exec_nopty.c:294 -#: src/exec_nopty.c:301 src/exec_nopty.c:309 src/exec_pty.c:652 -#: src/exec_pty.c:657 src/exec_pty.c:754 src/exec_pty.c:761 src/exec_pty.c:858 -#: src/exec_pty.c:1173 src/exec_pty.c:1182 src/exec_pty.c:1189 -#: src/exec_pty.c:1196 src/exec_pty.c:1203 src/exec_pty.c:1210 -#: src/exec_pty.c:1217 src/exec_pty.c:1224 src/exec_pty.c:1231 -#: src/exec_pty.c:1238 src/exec_pty.c:1245 src/exec_pty.c:1621 -#: src/exec_pty.c:1631 src/exec_pty.c:1676 src/exec_pty.c:1683 -#: src/exec_pty.c:1710 +#: src/exec_monitor.c:463 src/exec_monitor.c:471 src/exec_monitor.c:479 +#: src/exec_monitor.c:486 src/exec_monitor.c:493 src/exec_monitor.c:500 +#: src/exec_monitor.c:507 src/exec_monitor.c:514 src/exec_monitor.c:521 +#: src/exec_monitor.c:528 src/exec_nopty.c:214 src/exec_nopty.c:223 +#: src/exec_nopty.c:230 src/exec_nopty.c:237 src/exec_nopty.c:244 +#: src/exec_nopty.c:251 src/exec_nopty.c:258 src/exec_nopty.c:265 +#: src/exec_nopty.c:272 src/exec_nopty.c:279 src/exec_nopty.c:286 +#: src/exec_nopty.c:293 src/exec_nopty.c:301 src/exec_pty.c:700 +#: src/exec_pty.c:705 src/exec_pty.c:802 src/exec_pty.c:809 src/exec_pty.c:906 +#: src/exec_pty.c:1227 src/exec_pty.c:1236 src/exec_pty.c:1243 +#: src/exec_pty.c:1250 src/exec_pty.c:1257 src/exec_pty.c:1264 +#: src/exec_pty.c:1271 src/exec_pty.c:1278 src/exec_pty.c:1285 +#: src/exec_pty.c:1292 src/exec_pty.c:1299 src/exec_pty.c:1700 +#: src/exec_pty.c:1710 src/exec_pty.c:1755 src/exec_pty.c:1762 +#: src/exec_pty.c:1789 msgid "unable to add event to queue" msgstr "no s'ha pogut afegir un esdeveniment a la cua" -#: src/exec_monitor.c:594 +#: src/exec_monitor.c:582 msgid "unable to set controlling tty" msgstr "no s'ha pogut configurar la tty controladora" -#: src/exec_monitor.c:602 src/exec_nopty.c:366 src/exec_pty.c:1415 -#: src/exec_pty.c:1436 src/exec_pty.c:1456 src/tgetpass.c:307 +#: src/exec_monitor.c:590 src/exec_nopty.c:358 src/exec_pty.c:1472 +#: src/exec_pty.c:1493 src/exec_pty.c:1513 src/tgetpass.c:306 msgid "unable to create pipe" msgstr "no s'ha pogut crear un conducte" -#: src/exec_monitor.c:610 +#: src/exec_monitor.c:598 msgid "unable to receive message from parent" msgstr "no s'ha pogut enviar el missatge del pare" -#: src/exec_monitor.c:624 src/exec_nopty.c:395 src/exec_pty.c:1494 -#: src/tgetpass.c:311 +#: src/exec_monitor.c:612 src/exec_nopty.c:387 src/exec_pty.c:1551 +#: src/sudo_edit.c:363 src/tgetpass.c:310 msgid "unable to fork" msgstr "no s'ha pogut bifurcar" -#: src/exec_monitor.c:628 src/exec_monitor.c:727 src/exec_nopty.c:448 +#: src/exec_monitor.c:616 src/exec_monitor.c:715 src/exec_nopty.c:441 msgid "unable to restore tty label" msgstr "no s'ha pogut restaurar l'etiqueta tty" -#: src/exec_monitor.c:644 src/sesh.c:127 src/sudo.c:1100 +#: src/exec_monitor.c:632 src/sesh.c:120 src/sudo.c:1132 #, c-format msgid "unable to execute %s" msgstr "no s'ha pogut executar %s" -#: src/exec_nopty.c:360 src/exec_pty.c:1345 +#: src/exec_nopty.c:352 src/exec_pty.c:1402 msgid "policy plugin failed session initialization" msgstr "el connector de política ha fallat la inicialització de la sessió" -#: src/exec_nopty.c:437 src/exec_pty.c:1581 +#: src/exec_nopty.c:429 src/exec_pty.c:1639 msgid "error in event loop" msgstr "error al bucle d'esdeveniment" -#: src/exec_nopty.c:546 src/exec_pty.c:565 src/signal.c:112 +#: src/exec_nopty.c:539 src/exec_pty.c:613 src/signal.c:101 #, c-format msgid "unable to restore handler for signal %d" msgstr "no s'ha pogut restaurar el gestor per al senyal %d" -#: src/exec_pty.c:158 +#: src/exec_pty.c:152 msgid "unable to allocate pty" msgstr "no s'ha pogut assignar pty" -#: src/exec_pty.c:1325 +#: src/exec_pty.c:216 src/exec_pty.c:256 src/exec_pty.c:296 src/exec_pty.c:347 +#: src/exec_pty.c:398 +msgid "I/O plugin error" +msgstr "error de conector I/O" + +#: src/exec_pty.c:220 src/exec_pty.c:260 src/exec_pty.c:300 src/exec_pty.c:351 +#: src/exec_pty.c:402 +msgid "command rejected by I/O plugin" +msgstr "ordre rebutjada per connector I/O" + +#: src/exec_pty.c:449 +msgid "error logging suspend" +msgstr "error en registrar suspensió" + +#: src/exec_pty.c:483 +msgid "error changing window size" +msgstr "error en canviar la mida de la finestra" + +#: src/exec_pty.c:1382 msgid "unable to create sockets" msgstr "no s'ha pogut crear el sòcol" -#: src/exec_pty.c:1538 +#: src/exec_pty.c:1594 msgid "unable to send message to monitor process" msgstr "no s'ha pogut enviar el missatge per monitorar el procés" -#: src/load_plugins.c:57 src/load_plugins.c:70 src/load_plugins.c:92 -#: src/load_plugins.c:122 src/load_plugins.c:134 src/load_plugins.c:140 -#: src/load_plugins.c:181 src/load_plugins.c:189 src/load_plugins.c:196 -#: src/load_plugins.c:202 +#: src/load_plugins.c:50 src/load_plugins.c:63 src/load_plugins.c:85 +#: src/load_plugins.c:115 src/load_plugins.c:129 src/load_plugins.c:135 +#: src/load_plugins.c:283 src/load_plugins.c:293 src/load_plugins.c:303 +#: src/load_plugins.c:350 #, c-format msgid "error in %s, line %d while loading plugin \"%s\"" msgstr "error a %s, línia %d quan s'estava carregant el connector «%s»" -#: src/load_plugins.c:94 +#: src/load_plugins.c:87 #, c-format msgid "%s%s: %s" msgstr "%s%s: %s" -#: src/load_plugins.c:136 +#: src/load_plugins.c:131 #, c-format msgid "%s must be owned by uid %d" msgstr "%s ha de ser propietat de l'uid %d" -#: src/load_plugins.c:142 +#: src/load_plugins.c:137 #, c-format msgid "%s must be only be writable by owner" msgstr "%s ha de ser escrivible únicament pel propietari" -#: src/load_plugins.c:183 +#: src/load_plugins.c:247 src/load_plugins.c:318 +#, c-format +msgid "ignoring duplicate plugin \"%s\" in %s, line %d" +msgstr "s'ignorarà el connector duplicat «%s» a %s, línia %d" + +#: src/load_plugins.c:285 #, c-format msgid "unable to load %s: %s" msgstr "no s'ha pogut carregar %s: %s" -#: src/load_plugins.c:191 +#: src/load_plugins.c:295 #, c-format msgid "unable to find symbol \"%s\" in %s" msgstr "no s'ha pogut trobar el símbol «%s» a %s" -#: src/load_plugins.c:198 -#, c-format -msgid "unknown policy type %d found in %s" -msgstr "s'ha trobat un tipus desconegut de política %d a %s" - -#: src/load_plugins.c:204 +#: src/load_plugins.c:305 #, c-format msgid "incompatible plugin major version %d (expected %d) found in %s" msgstr "s'ha trobat una versió major %d incompatible de connector (s'esperava %d) a %s" -#: src/load_plugins.c:213 +#: src/load_plugins.c:323 #, c-format msgid "ignoring policy plugin \"%s\" in %s, line %d" msgstr "s'ignorarà el connector de política «%s» a %s, línia %d" -#: src/load_plugins.c:215 +#: src/load_plugins.c:326 msgid "only a single policy plugin may be specified" msgstr "sols es pot especificar un únic connector de política" -#: src/load_plugins.c:218 +#: src/load_plugins.c:352 #, c-format -msgid "ignoring duplicate policy plugin \"%s\" in %s, line %d" -msgstr "s'ignorarà el connector entrada/sortida duplicat «%s» a %s, línia %d" +msgid "unknown plugin type %d found in %s" +msgstr "tipus desconegut de connector %d trobat a %s" -#: src/load_plugins.c:237 -#, c-format -msgid "ignoring duplicate I/O plugin \"%s\" in %s, line %d" -msgstr "s'ignorarà el connector entrada/sortida duplica «%s» a %s, línia %d" - -#: src/load_plugins.c:353 +#: src/load_plugins.c:535 #, c-format msgid "policy plugin %s does not include a check_policy method" msgstr "el connector de política %s no inclou un mètode check_policy" -#: src/net_ifs.c:183 src/net_ifs.c:200 src/net_ifs.c:345 src/sudo.c:473 +#: src/net_ifs.c:179 src/net_ifs.c:197 src/net_ifs.c:343 src/sudo.c:479 +#: src/sudo_edit.c:400 src/sudo_edit.c:408 #, c-format msgid "internal error, %s overflow" msgstr "error intern, sobreeiximent de %s" -#: src/parse_args.c:228 +#: src/parse_args.c:223 #, c-format msgid "invalid environment variable name: %s" msgstr "nom no vàlid de variable d'entorn: %s" -#: src/parse_args.c:329 +#: src/parse_args.c:325 msgid "the argument to -C must be a number greater than or equal to 3" msgstr "l'argument per a -C ha de ser un número més gran o igual a 3" -#: src/parse_args.c:523 -msgid "you may not specify both the `-i' and `-s' options" -msgstr "no podeu especificar a l'hora les opcions `-i' i `-s'" - -#: src/parse_args.c:527 -msgid "you may not specify both the `-i' and `-E' options" -msgstr "no podeu especificar a l'hora les opcons `-i' i `-E'" - -#: src/parse_args.c:537 -msgid "the `-E' option is not valid in edit mode" -msgstr "l'opció `-E' no és vàlida al mode editar" +#: src/parse_args.c:552 +msgid "you may not specify both the -i and -s options" +msgstr "no podeu especificar a l'hora les opcions -i i -s" + +#: src/parse_args.c:557 +msgid "you may not specify both the -i and -E options" +msgstr "no podeu especificar a l'hora les opcions -i i -E" + +#: src/parse_args.c:567 +msgid "the -E option is not valid in edit mode" +msgstr "l'opció -E no és vàlida al mode editar" -#: src/parse_args.c:539 +#: src/parse_args.c:570 msgid "you may not specify environment variables in edit mode" msgstr "no podeu especificar variables d'entorn al mode editar" -#: src/parse_args.c:547 -msgid "the `-U' option may only be used with the `-l' option" -msgstr "l'opció `-U' sols es pot usar amb l'opció `-l'" - -#: src/parse_args.c:551 -msgid "the `-A' and `-S' options may not be used together" -msgstr "no es poden usar a l'hora les opcions `-A' i `-S'" +#: src/parse_args.c:580 +msgid "the -U option may only be used with the -l option" +msgstr "l'opció -U sols es pot usar amb l'opció -l" + +#: src/parse_args.c:584 +msgid "the -A and -S options may not be used together" +msgstr "no es poden usar a l'hora les opcions -A i -S" -#: src/parse_args.c:627 +#: src/parse_args.c:677 msgid "sudoedit is not supported on this platform" msgstr "aquesta plataforma no dóna suport a sudoedit" -#: src/parse_args.c:700 +#: src/parse_args.c:759 msgid "Only one of the -e, -h, -i, -K, -l, -s, -v or -V options may be specified" msgstr "Sols es pot especificar una de les opcions -e, -h, -i, -K, -l, -s, -v o -V" -#: src/parse_args.c:714 +#: src/parse_args.c:773 #, c-format msgid "" "%s - edit files as another user\n" @@ -398,7 +467,7 @@ "%s - edita fitxers com un altre usuari\n" "\n" -#: src/parse_args.c:716 +#: src/parse_args.c:775 #, c-format msgid "" "%s - execute a command as another user\n" @@ -407,8 +476,7 @@ "%s - executa una ordre com un altre usuari\n" "\n" -#: src/parse_args.c:721 -#, c-format +#: src/parse_args.c:780 msgid "" "\n" "Options:\n" @@ -416,528 +484,569 @@ "\n" "Opcions:\n" -#: src/parse_args.c:723 +#: src/parse_args.c:782 msgid "use a helper program for password prompting" msgstr "usa un programa auxiliar per a la pregunta de la contrasenya" -#: src/parse_args.c:726 +#: src/parse_args.c:785 msgid "use specified BSD authentication type" msgstr "usa el tipus d'autenticació BSD especificat" -#: src/parse_args.c:729 +#: src/parse_args.c:788 msgid "run command in the background" msgstr "executa l'ordre en el segon pla" -#: src/parse_args.c:731 +#: src/parse_args.c:790 msgid "ring bell when prompting" msgstr "fer un avís sonor quan es pregunti" -#: src/parse_args.c:733 +#: src/parse_args.c:792 msgid "close all file descriptors >= num" msgstr "tanca tots els descriptors de fitxer >= num" -#: src/parse_args.c:736 +#: src/parse_args.c:795 msgid "run command with the specified BSD login class" msgstr "executa l'ordre amb la classe d'inici de sesssió BSD especificada" -#: src/parse_args.c:739 +#: src/parse_args.c:798 +msgid "change the working directory before running command" +msgstr "canvia el directori de treball abans d'executar l'ordre" + +#: src/parse_args.c:800 msgid "preserve user environment when running command" msgstr "preserva l'entorn de l'usuari quan s'executi l'ordre" -#: src/parse_args.c:741 +#: src/parse_args.c:802 msgid "preserve specific environment variables" msgstr "preserva les variables específiques d'entorn" -#: src/parse_args.c:743 +#: src/parse_args.c:804 msgid "edit files instead of running a command" msgstr "edita els fitxers en comptes d'executar una ordre" -#: src/parse_args.c:745 +#: src/parse_args.c:806 msgid "run command as the specified group name or ID" msgstr "executa l'ordre com el nom o ID especificats de grup" -#: src/parse_args.c:747 +#: src/parse_args.c:808 msgid "set HOME variable to target user's home dir" msgstr "estableix la variable HOME per apuntar al directori de l'usuari" -#: src/parse_args.c:749 +#: src/parse_args.c:810 msgid "display help message and exit" msgstr "mostra el missatge d'ajuda i surt" -#: src/parse_args.c:751 +#: src/parse_args.c:812 msgid "run command on host (if supported by plugin)" msgstr "executa l'ordre a l'amfitrió (si està suportat pel connector)" -#: src/parse_args.c:753 +#: src/parse_args.c:814 msgid "run login shell as the target user; a command may also be specified" msgstr "executa l'intèrpret d'ordres de l'inici de sessió com a usuari de destinació; també es pot especificar una ordre" -#: src/parse_args.c:755 +#: src/parse_args.c:816 msgid "remove timestamp file completely" msgstr "suprimeix completament el fitxer de marca de temps" -#: src/parse_args.c:757 +#: src/parse_args.c:818 msgid "invalidate timestamp file" msgstr "fitxer de marca de temps no vàlid" -#: src/parse_args.c:759 +#: src/parse_args.c:820 msgid "list user's privileges or check a specific command; use twice for longer format" msgstr "fes una llista dels privilegis de l'usuari o verifica una ordre específica; usueu-lo dues vegades per a formats més llargs" -#: src/parse_args.c:761 +#: src/parse_args.c:822 msgid "non-interactive mode, no prompts are used" msgstr "mode no interactiu, no es preguntarà res" -#: src/parse_args.c:763 +#: src/parse_args.c:824 msgid "preserve group vector instead of setting to target's" msgstr "preserva el vector de grup en comptes d'establir-lo d'acord amb la destinació" -#: src/parse_args.c:765 +#: src/parse_args.c:826 msgid "use the specified password prompt" msgstr "usa la pregunta específica de contrasenya" -#: src/parse_args.c:768 +#: src/parse_args.c:828 +msgid "change the root directory before running command" +msgstr "canvia el directori arrel abans d'executar l'ordre" + +#: src/parse_args.c:831 msgid "create SELinux security context with specified role" msgstr "crea un context de seguretat SELinux amb el rol especificat" -#: src/parse_args.c:771 +#: src/parse_args.c:834 msgid "read password from standard input" msgstr "llegeix la contrasenya des de l'entrada estàndard" -#: src/parse_args.c:773 +#: src/parse_args.c:836 msgid "run shell as the target user; a command may also be specified" msgstr "executa l'intèrpret d'ordres com a usuari de destinació; també es pot especificar una ordre" -#: src/parse_args.c:776 +#: src/parse_args.c:839 msgid "create SELinux security context with specified type" msgstr "crea el context de seguretat SELinux amb el tipus especificat" -#: src/parse_args.c:779 +#: src/parse_args.c:842 msgid "terminate command after the specified time limit" msgstr "finalitza l'ordre després del límit especificat de temps" -#: src/parse_args.c:781 +#: src/parse_args.c:844 msgid "in list mode, display privileges for user" msgstr "en mode llista, mostra els privilegis per a l'usuari" -#: src/parse_args.c:783 +#: src/parse_args.c:846 msgid "run command (or edit file) as specified user name or ID" msgstr "executa l'ordre (o edita el fitxer) com el nom o ID especificats d'usuari" -#: src/parse_args.c:785 +#: src/parse_args.c:848 msgid "display version information and exit" msgstr "mostra la informació de versió i surt" -#: src/parse_args.c:787 +#: src/parse_args.c:850 msgid "update user's timestamp without running a command" msgstr "actualitza la marca de temps de l'usuari sense executar una ordre" -#: src/parse_args.c:789 +#: src/parse_args.c:852 msgid "stop processing command line arguments" msgstr "deixa de processar els arguments de línia d'ordres" -#: src/selinux.c:85 +#: src/selinux.c:84 msgid "unable to open audit system" msgstr "no s'ha pogut obrir el sistema d'auditoria" -#: src/selinux.c:95 +#: src/selinux.c:94 msgid "unable to send audit message" msgstr "no s'ha pogut enviar el missatge d'auditoria" -#: src/selinux.c:129 +#: src/selinux.c:128 #, c-format msgid "unable to fgetfilecon %s" msgstr "no s'ha pogut fgetfilecon %s" -#: src/selinux.c:134 +#: src/selinux.c:133 #, c-format msgid "%s changed labels" msgstr "%s ha canviat les etiquetes" -#: src/selinux.c:142 +#: src/selinux.c:141 #, c-format msgid "unable to restore context for %s" msgstr "no s'ha pogut restaurar el context per a %s" -#: src/selinux.c:190 +#: src/selinux.c:189 #, c-format msgid "unable to open %s, not relabeling tty" msgstr "no s'ha pogut obrir %s, no es canviaran les etiquetes per a la tty" -#: src/selinux.c:194 src/selinux.c:237 src/selinux.c:254 +#: src/selinux.c:193 src/selinux.c:238 src/selinux.c:268 #, c-format msgid "%s is not a character device, not relabeling tty" msgstr "%s no es un dispositiu de caràcters, no es canviarà l'etiqueta del tty" -#: src/selinux.c:203 +#: src/selinux.c:202 msgid "unable to get current tty context, not relabeling tty" msgstr "no s'ha pogut obtenir el context tty actual, no es canviaran les etiquetes per a la tty" -#: src/selinux.c:210 +#: src/selinux.c:209 msgid "unknown security class \"chr_file\", not relabeling tty" msgstr "classe de seguretat «char_file» desconeguda, no es canviaran les etiquetes de la tty" -#: src/selinux.c:215 +#: src/selinux.c:214 msgid "unable to get new tty context, not relabeling tty" msgstr "no s'ha pogut obtenir el nou context tty, no es canviaran les etiquetes tty" -#: src/selinux.c:224 +#: src/selinux.c:223 msgid "unable to set new tty context" msgstr "no s'ha pogut establir el nou context tty" -#: src/selinux.c:298 +#: src/selinux.c:321 #, c-format msgid "you must specify a role for type %s" msgstr "heu d'especificar un rol per al tipus %s" -#: src/selinux.c:304 +#: src/selinux.c:327 #, c-format msgid "unable to get default type for role %s" msgstr "no s'ha pogut obtenir un tipus predeterminat per al rol %s" -#: src/selinux.c:316 +#: src/selinux.c:339 msgid "failed to get new context" msgstr "no s'ha pogut obtenir el context nou" -#: src/selinux.c:325 +#: src/selinux.c:348 #, c-format msgid "failed to set new role %s" msgstr "no s'ha pogut establir el nou rol %s" -#: src/selinux.c:329 +#: src/selinux.c:352 #, c-format msgid "failed to set new type %s" msgstr "no s'ha pogut establir el nou tipus %s" -#: src/selinux.c:341 +#: src/selinux.c:364 #, c-format msgid "%s is not a valid context" msgstr "%s no és un context vàlid" -#: src/selinux.c:373 +#: src/selinux.c:396 msgid "failed to get old context" msgstr "no s'ha pogut obtenir el context vell" -#: src/selinux.c:379 +#: src/selinux.c:402 msgid "unable to determine enforcing mode." msgstr "no s'ha pogut determinar el mode de fer complir" -#: src/selinux.c:396 +#: src/selinux.c:419 #, c-format msgid "unable to set tty context to %s" msgstr "no s'ha pogut establir el context tty a %s" -#: src/selinux.c:428 +#: src/selinux.c:440 #, c-format msgid "unable to set exec context to %s" msgstr "no s'ha pogut establir el context exec a %s" -#: src/selinux.c:435 +#: src/selinux.c:447 #, c-format msgid "unable to set key creation context to %s" msgstr "no s'ha pogut establir el context de creació de clau a %s" -#: src/sesh.c:79 +#: src/sesh.c:72 msgid "requires at least one argument" msgstr "es requereix almenys un argument" -#: src/sesh.c:108 +#: src/sesh.c:101 #, c-format msgid "invalid file descriptor number: %s" msgstr "número no vàlid de descriptor de fitxer: %s" -#: src/sesh.c:122 +#: src/sesh.c:115 #, c-format msgid "unable to run %s as a login shell" msgstr "no s'ha pogut executar %s com a intèrpret d'ordres d'inici de sessió" -#: src/signal.c:90 +#: src/sesh.c:197 src/sesh.c:297 src/sudo_edit.c:206 +#, c-format +msgid "%s: editing symbolic links is not permitted" +msgstr "%s: no es permet l'edició de enllaços simbòlics" + +#: src/sesh.c:200 src/sesh.c:300 src/sudo_edit.c:209 +#, c-format +msgid "%s: editing files in a writable directory is not permitted" +msgstr "%s: no es permet l'edició de fitxers a un directori amb permís d'escriptura" + +#: src/sesh.c:284 src/sesh.c:305 src/sesh.c:314 src/sesh.c:322 +#: src/sudo_edit.c:333 +#, c-format +msgid "contents of edit session left in %s" +msgstr "els continguts de la sessió d'edició s'han deixat a %s" + +#: src/sesh.c:412 src/sudo_edit.c:93 +msgid "unable to get group list" +msgstr "no es pot obtenir la llista de grup" + +#: src/signal.c:79 #, c-format msgid "unable to save handler for signal %d" msgstr "no s'ha pogut desar el gestorper al senyal %d" -#: src/solaris.c:83 +#: src/solaris.c:72 msgid "resource control limit has been reached" msgstr "s'ha assolit el límit de control de recursos" -#: src/solaris.c:86 +#: src/solaris.c:75 #, c-format msgid "user \"%s\" is not a member of project \"%s\"" msgstr "l'usuari \"%s\" no és un membre del projecte \"%s\"" -#: src/solaris.c:90 +#: src/solaris.c:79 msgid "the invoking task is final" msgstr "la tasca invocant és final" -#: src/solaris.c:93 +#: src/solaris.c:82 #, c-format msgid "could not join project \"%s\"" msgstr "no es pot fer la incorporació al projecte \"%s\"" -#: src/solaris.c:98 +#: src/solaris.c:89 #, c-format msgid "no resource pool accepting default bindings exists for project \"%s\"" msgstr "no hi ha vinculacions predeterminades d'acceptació de conjunt de recursos per al projecte \"%s\"" -#: src/solaris.c:102 +#: src/solaris.c:93 #, c-format msgid "specified resource pool does not exist for project \"%s\"" msgstr "no existeix el conjunt de recursos especifica per al projecte \"%s\"" -#: src/solaris.c:106 +#: src/solaris.c:97 #, c-format msgid "could not bind to default resource pool for project \"%s\"" msgstr "no s'ha pogut vincular al conjunt de recursos predeterminats per al projecte \"%s\"" -#: src/solaris.c:112 +#: src/solaris.c:104 #, c-format msgid "setproject failed for project \"%s\"" msgstr "ha fallat setproject per al projecte \"%s\"" -#: src/solaris.c:114 +#: src/solaris.c:106 #, c-format msgid "warning, resource control assignment failed for project \"%s\"" msgstr "advertiment, l'assignació de control de recursos ha fallat per al projecte \"%s\"" -#: src/sudo.c:204 +#: src/sudo.c:222 #, c-format msgid "Sudo version %s\n" msgstr "Versió de sudo %s\n" -#: src/sudo.c:206 +#: src/sudo.c:224 #, c-format msgid "Configure options: %s\n" msgstr "Opcions de configuració: %s\n" -#: src/sudo.c:214 +#: src/sudo.c:232 msgid "fatal error, unable to load plugins" msgstr "error fatal, no s'han pogut carregar els connectors" -#: src/sudo.c:222 -msgid "unable to initialize policy plugin" -msgstr "no s'ha pogut inicialitzar el connector de polítiques" - -#: src/sudo.c:266 +#: src/sudo.c:278 msgid "plugin did not return a command to execute" msgstr "el connector no ha retornat una ordre a executar" -#: src/sudo.c:282 -#, c-format -msgid "error initializing I/O plugin %s" -msgstr "no se pogut iniciliatzar el connector %s entrada/sortida" - -#: src/sudo.c:306 +#: src/sudo.c:310 #, c-format msgid "unexpected sudo mode 0x%x" msgstr "mode 0x%x inesperat de sudo" -#: src/sudo.c:538 +#: src/sudo.c:546 #, c-format msgid "you do not exist in the %s database" msgstr "no existiu a la base de dades %s" -#: src/sudo.c:595 +#: src/sudo.c:603 msgid "unable to determine tty" msgstr "no s'ha pogut determinar la tty" -#: src/sudo.c:887 +#: src/sudo.c:914 #, c-format msgid "%s must be owned by uid %d and have the setuid bit set" msgstr "%s ha de ser propietat de l'uid %d i tenir el bit setuid establert" -#: src/sudo.c:890 +#: src/sudo.c:917 #, c-format msgid "effective uid is not %d, is %s on a file system with the 'nosuid' option set or an NFS file system without root privileges?" msgstr "" "l'uid efectiu no és %d, és %s a un sistema de fitxers amb l'opció\n" "'nosuid' establarta o un sistema de fitxers NFS sense d'usuari primari? " -#: src/sudo.c:896 +#: src/sudo.c:923 #, c-format msgid "effective uid is not %d, is sudo installed setuid root?" msgstr "l'uid efectiu no és %d, és el sudo instal·lat com a setuid root?" -#: src/sudo.c:912 +#: src/sudo.c:939 msgid "unable to set supplementary group IDs" msgstr "no s'han pogut establir els IDs de grup suplementaris" -#: src/sudo.c:919 +#: src/sudo.c:946 #, c-format msgid "unable to set effective gid to runas gid %u" msgstr "no s'ha pogut establir el gid efectiu per a runas gid %u" -#: src/sudo.c:925 +#: src/sudo.c:952 #, c-format msgid "unable to set gid to runas gid %u" msgstr "no s'ha pogut establir el gid a runas gid %u" -#: src/sudo.c:982 +#: src/sudo.c:995 #, c-format msgid "unexpected child termination condition: %d" msgstr "condició de terminació del fill inesperada: %d" -#: src/sudo.c:1128 +#: src/sudo.c:1104 +msgid "unable to initialize policy plugin" +msgstr "no s'ha pogut inicialitzar el connector de polítiques" + +#: src/sudo.c:1167 #, c-format -msgid "policy plugin %s is missing the `check_policy' method" -msgstr "no hi ha el mètode `check_policy' al connector de polítiques %s" +msgid "policy plugin %s is missing the \"check_policy\" method" +msgstr "al connector de política %s li manca el mètoda «check_policy»" + +#: src/sudo.c:1182 src/sudo.c:1235 src/sudo.c:1279 +msgid "command rejected by policy" +msgstr "ordre rebutjada per una política" -#: src/sudo.c:1146 +#: src/sudo.c:1187 src/sudo.c:1240 src/sudo.c:1284 src/sudo.c:1358 +msgid "policy plugin error" +msgstr "error de connector de política" + +#: src/sudo.c:1221 #, c-format msgid "policy plugin %s does not support listing privileges" msgstr "el connector de política %s no dóna suport a llistar privilegis" -#: src/sudo.c:1163 +#: src/sudo.c:1265 #, c-format msgid "policy plugin %s does not support the -v option" msgstr "el connector de polítiques %s no dóna suport a l'opció -v" -#: src/sudo.c:1178 +#: src/sudo.c:1303 #, c-format msgid "policy plugin %s does not support the -k/-K options" msgstr "el connector de polítiques %s no dóna suport a les opcions -k/-K" -#: src/sudo_edit.c:221 -msgid "no writable temporary directory found" -msgstr "no s'ha trobat un directori temporari amb permís d'escriptura" +#: src/sudo.c:1436 +#, c-format +msgid "error initializing I/O plugin %s" +msgstr "no se pogut iniciliatzar el connector %s entrada/sortida" -#: src/sudo_edit.c:288 src/sudo_edit.c:377 -msgid "unable to restore current working directory" -msgstr "no s'ha pogut restaurar el directori actual de treball" +#: src/sudo.c:1590 +#, c-format +msgid "error initializing audit plugin %s" +msgstr "error en inicialitzar el connector d'auditoria %s" -#: src/sudo_edit.c:594 src/sudo_edit.c:707 +#: src/sudo.c:1668 #, c-format -msgid "%s: not a regular file" -msgstr "%s: no és un fitxer regular" +msgid "%s: unable to log error event%s%s" +msgstr "%s: no es pot registra l'esdeveniment d'error%s%s" -#: src/sudo_edit.c:601 +#: src/sudo.c:1703 #, c-format -msgid "%s: editing symbolic links is not permitted" -msgstr "%s: no es permet l'edició de enllaços simbòlics" +msgid "%s: unable to log accept event%s%s" +msgstr "%s: no es pot registrar l'esdeveniment d'acceptació%s%s" -#: src/sudo_edit.c:604 +#: src/sudo.c:1708 src/sudo.c:1746 +msgid "audit plugin error" +msgstr "error de connector d'auditoria" + +#: src/sudo.c:1741 #, c-format -msgid "%s: editing files in a writable directory is not permitted" -msgstr "%s: no es permet l'edició de fitxers a un directori amb permís d'escriptura" +msgid "%s: unable to log reject event%s%s" +msgstr "%s: no es pot registrar l'esdeveniment de rebuig%s%s" -#: src/sudo_edit.c:637 src/sudo_edit.c:747 +#: src/sudo.c:1799 #, c-format -msgid "%s: short write" -msgstr "%s: escriptura breu" +msgid "error initializing approval plugin %s" +msgstr "error en inicialitzar el connector d'aprovació %s" + +#: src/sudo.c:1875 +msgid "command rejected by approver" +msgstr "ordre rebutjada per l'aprovador" + +#: src/sudo.c:1884 +msgid "approval plugin error" +msgstr "error de connector d'aprovació" + +#: src/sudo_edit.c:112 +msgid "no writable temporary directory found" +msgstr "no s'ha trobat un directori temporari amb permís d'escriptura" -#: src/sudo_edit.c:708 +#: src/sudo_edit.c:293 #, c-format msgid "%s left unmodified" msgstr "%s s'ha deixat sense modificar" -#: src/sudo_edit.c:721 src/sudo_edit.c:908 +#: src/sudo_edit.c:306 src/sudo_edit.c:571 #, c-format msgid "%s unchanged" msgstr "%s sense canviar" -#: src/sudo_edit.c:736 src/sudo_edit.c:758 -#, c-format -msgid "unable to write to %s" -msgstr "no s'ha pogut escriure a %s" - -#: src/sudo_edit.c:737 src/sudo_edit.c:756 src/sudo_edit.c:759 -#: src/sudo_edit.c:933 src/sudo_edit.c:937 -#, c-format -msgid "contents of edit session left in %s" -msgstr "els continguts de la sessió d'edició s'han deixat a %s" - -#: src/sudo_edit.c:755 -msgid "unable to read temporary file" -msgstr "no s'ha pogut llegir el fitxer temporal" - -#: src/sudo_edit.c:838 +#: src/sudo_edit.c:483 msgid "sesh: internal error: odd number of paths" msgstr "sesh: error intern: nombre imparell de camins" -#: src/sudo_edit.c:840 +#: src/sudo_edit.c:485 msgid "sesh: unable to create temporary files" msgstr "sesh: no es poden crear fitxers temporal" -#: src/sudo_edit.c:842 src/sudo_edit.c:940 +#: src/sudo_edit.c:487 src/sudo_edit.c:605 +msgid "sesh: killed by a signal" +msgstr "sesh: avortat per un senyal" + +#: src/sudo_edit.c:489 src/sudo_edit.c:608 #, c-format msgid "sesh: unknown error %d" msgstr "sesh: error desconegut %d" -#: src/sudo_edit.c:932 +#: src/sudo_edit.c:598 msgid "unable to copy temporary files back to their original location" msgstr "no es poden copiar els fitxers temporals un altre cop a la seva ubicació original" -#: src/sudo_edit.c:936 +#: src/sudo_edit.c:602 msgid "unable to copy some of the temporary files back to their original location" msgstr "no es poden copiar alguns dels fitxers temporals un altre cop a la seva ubicació original" -#: src/sudo_edit.c:981 +#: src/sudo_edit.c:645 #, c-format msgid "unable to change uid to root (%u)" msgstr "no s'ha pogut canviar l'uid a l'usuari primari (%u)" -#: src/sudo_edit.c:998 +#: src/sudo_edit.c:666 msgid "plugin error: missing file list for sudoedit" msgstr "error de connector: no hi ha la llista de fitxers per a sudoedit" -#: src/sudo_edit.c:1039 src/sudo_edit.c:1052 +#: src/sudo_edit.c:717 src/sudo_edit.c:725 msgid "unable to read the clock" msgstr "no es pot llegir el rellotge" -#: src/tgetpass.c:102 +#: src/tgetpass.c:95 msgid "timed out reading password" msgstr "s'exhaurit el temps d'espera quan es llegia la contrasenya" -#: src/tgetpass.c:105 +#: src/tgetpass.c:98 msgid "no password was provided" msgstr "no s'ha donat una contrasenya" -#: src/tgetpass.c:108 +#: src/tgetpass.c:101 msgid "unable to read password" msgstr "no s'ha pogut llegir la contrasenya" -#: src/tgetpass.c:147 +#: src/tgetpass.c:141 msgid "a terminal is required to read the password; either use the -S option to read from standard input or configure an askpass helper" msgstr "cal una terminal per llegir la contrasenya; o bé useu l'opció -S per llegir de l'entrada estàndard o configureu un assistent askpass" -#: src/tgetpass.c:157 +#: src/tgetpass.c:152 msgid "no askpass program specified, try setting SUDO_ASKPASS" msgstr "no s'ha especificat un programa askpass, proveu d'establir SUDO_ASKPASS" -#: src/tgetpass.c:322 +#: src/tgetpass.c:327 #, c-format msgid "unable to set gid to %u" msgstr "no s'ha pogut establir el gid a %u" -#: src/tgetpass.c:326 +#: src/tgetpass.c:331 #, c-format msgid "unable to set uid to %u" msgstr "no s'ha pogut establir el uid a %u" -#: src/tgetpass.c:331 +#: src/tgetpass.c:336 #, c-format msgid "unable to run %s" msgstr "no s'ha pogut executar %s" -#: src/utmp.c:295 +#: src/utmp.c:287 msgid "unable to save stdin" msgstr "no s'ha pogut desar el stdin" -#: src/utmp.c:297 +#: src/utmp.c:289 msgid "unable to dup2 stdin" msgstr "no s'ha pogut fer dup2 stdin" -#: src/utmp.c:300 +#: src/utmp.c:292 msgid "unable to restore stdin" msgstr "no s'ha pogut restaurar stdin" -#~ msgid "error reading from signal pipe" -#~ msgstr "error en llegir del conducte del senyal" +#~ msgid "ignoring duplicate policy plugin \"%s\" in %s, line %d" +#~ msgstr "s'ignorarà el connector entrada/sortida duplicat «%s» a %s, línia %d" -#~ msgid "error reading from pipe" -#~ msgstr "error en llegir del conducte" +#~ msgid "%s: short write" +#~ msgstr "%s: escriptura breu" -#~ msgid "unable to get group vector" -#~ msgstr "no s'ha pogut obtenir el vector de grup" +#~ msgid "unable to read temporary file" +#~ msgstr "no s'ha pogut llegir el fitxer temporal" + +#~ msgid "error reading from signal pipe" +#~ msgstr "error en llegir del conducte del senyal" #~ msgid "unknown uid %u: who are you?" #~ msgstr "uid %u desconegut: qui sou?" Binary files /tmp/tmpi0rdlgnl/ugezXHF7Xt/sudo-1.9.5p2/po/cs.mo and /tmp/tmpi0rdlgnl/jboyaHmwzR/sudo-1.9.9/po/cs.mo differ diff -Nru sudo-1.9.5p2/po/cs.po sudo-1.9.9/po/cs.po --- sudo-1.9.5p2/po/cs.po 2020-12-17 01:33:44.000000000 +0000 +++ sudo-1.9.9/po/cs.po 2022-01-27 21:24:22.000000000 +0000 @@ -2,14 +2,14 @@ # This file is put in the public domain. # Todd C. Miller , 2011-2013 # Petr Pisar , 2013, 2014, 2015, 2016, 2017, 2018, 2019. -# Petr Pisar , 2020. +# Petr Pisar , 2020, 2021. # msgid "" msgstr "" -"Project-Id-Version: sudo 1.9.3b1\n" +"Project-Id-Version: sudo 1.9.9b1\n" "Report-Msgid-Bugs-To: https://bugzilla.sudo.ws\n" -"POT-Creation-Date: 2020-09-12 08:28-0600\n" -"PO-Revision-Date: 2020-09-14 19:42+02:00\n" +"POT-Creation-Date: 2021-12-08 10:19-0700\n" +"PO-Revision-Date: 2021-12-12 15:41+01:00\n" "Last-Translator: Petr Pisar \n" "Language-Team: Czech \n" "Language: cs\n" @@ -32,87 +32,94 @@ msgstr "registr nelze obnovit" #: lib/util/aix.c:272 lib/util/gidlist.c:66 lib/util/gidlist.c:76 -#: lib/util/json.c:54 lib/util/json.c:180 lib/util/sudo_conf.c:186 -#: lib/util/sudo_conf.c:272 lib/util/sudo_conf.c:349 lib/util/sudo_conf.c:575 -#: src/conversation.c:80 src/exec_common.c:106 src/exec_common.c:122 -#: src/exec_common.c:131 src/exec_monitor.c:206 src/exec_monitor.c:455 -#: src/exec_monitor.c:461 src/exec_monitor.c:469 src/exec_monitor.c:477 -#: src/exec_monitor.c:484 src/exec_monitor.c:491 src/exec_monitor.c:498 -#: src/exec_monitor.c:505 src/exec_monitor.c:512 src/exec_monitor.c:519 -#: src/exec_monitor.c:526 src/exec_nopty.c:212 src/exec_nopty.c:221 -#: src/exec_nopty.c:228 src/exec_nopty.c:235 src/exec_nopty.c:242 -#: src/exec_nopty.c:249 src/exec_nopty.c:256 src/exec_nopty.c:263 -#: src/exec_nopty.c:270 src/exec_nopty.c:277 src/exec_nopty.c:284 -#: src/exec_nopty.c:291 src/exec_nopty.c:299 src/exec_nopty.c:473 -#: src/exec_pty.c:827 src/exec_pty.c:836 src/exec_pty.c:893 -#: src/exec_pty.c:1046 src/exec_pty.c:1218 src/exec_pty.c:1227 -#: src/exec_pty.c:1234 src/exec_pty.c:1241 src/exec_pty.c:1248 -#: src/exec_pty.c:1255 src/exec_pty.c:1262 src/exec_pty.c:1269 -#: src/exec_pty.c:1276 src/exec_pty.c:1283 src/exec_pty.c:1290 -#: src/exec_pty.c:1298 src/exec_pty.c:1740 src/load_plugins.c:52 -#: src/load_plugins.c:65 src/load_plugins.c:163 src/load_plugins.c:188 -#: src/load_plugins.c:223 src/load_plugins.c:463 src/load_plugins.c:469 -#: src/parse_args.c:181 src/parse_args.c:202 src/parse_args.c:275 -#: src/parse_args.c:616 src/parse_args.c:638 src/parse_args.c:663 -#: src/preserve_fds.c:46 src/preserve_fds.c:131 src/selinux.c:90 -#: src/selinux.c:360 src/selinux.c:489 src/selinux.c:498 src/sesh.c:115 -#: src/sudo.c:632 src/sudo.c:701 src/sudo.c:711 src/sudo.c:732 src/sudo.c:751 -#: src/sudo.c:760 src/sudo.c:769 src/sudo.c:786 src/sudo.c:828 src/sudo.c:838 -#: src/sudo.c:867 src/sudo.c:1053 src/sudo.c:1075 src/sudo.c:1373 -#: src/sudo.c:1546 src/sudo.c:1740 src/sudo.c:2084 src/sudo_edit.c:263 -#: src/sudo_edit.c:770 src/sudo_edit.c:854 src/sudo_edit.c:976 -#: src/sudo_edit.c:996 +#: lib/util/json.c:54 lib/util/json.c:183 lib/util/sudo_conf.c:218 +#: lib/util/sudo_conf.c:304 lib/util/sudo_conf.c:381 lib/util/sudo_conf.c:665 +#: src/conversation.c:80 src/exec_monitor.c:206 src/exec_monitor.c:456 +#: src/exec_monitor.c:462 src/exec_monitor.c:470 src/exec_monitor.c:478 +#: src/exec_monitor.c:485 src/exec_monitor.c:492 src/exec_monitor.c:499 +#: src/exec_monitor.c:506 src/exec_monitor.c:513 src/exec_monitor.c:520 +#: src/exec_monitor.c:527 src/exec_nopty.c:219 src/exec_nopty.c:228 +#: src/exec_nopty.c:235 src/exec_nopty.c:242 src/exec_nopty.c:249 +#: src/exec_nopty.c:256 src/exec_nopty.c:263 src/exec_nopty.c:270 +#: src/exec_nopty.c:277 src/exec_nopty.c:284 src/exec_nopty.c:291 +#: src/exec_nopty.c:298 src/exec_nopty.c:306 src/exec_nopty.c:503 +#: src/exec_preload.c:143 src/exec_preload.c:204 src/exec_pty.c:840 +#: src/exec_pty.c:849 src/exec_pty.c:906 src/exec_pty.c:1059 +#: src/exec_pty.c:1231 src/exec_pty.c:1240 src/exec_pty.c:1247 +#: src/exec_pty.c:1254 src/exec_pty.c:1261 src/exec_pty.c:1268 +#: src/exec_pty.c:1275 src/exec_pty.c:1282 src/exec_pty.c:1289 +#: src/exec_pty.c:1296 src/exec_pty.c:1303 src/exec_pty.c:1311 +#: src/exec_pty.c:1774 src/load_plugins.c:156 src/load_plugins.c:181 +#: src/load_plugins.c:217 src/load_plugins.c:449 src/load_plugins.c:455 +#: src/parse_args.c:190 src/parse_args.c:211 src/parse_args.c:285 +#: src/parse_args.c:630 src/parse_args.c:652 src/parse_args.c:677 +#: src/preserve_fds.c:46 src/preserve_fds.c:131 src/selinux.c:89 +#: src/selinux.c:369 src/selinux.c:489 src/selinux.c:498 src/sesh.c:113 +#: src/sesh.c:146 src/sesh.c:152 src/sesh.c:159 src/sesh.c:165 src/sesh.c:410 +#: src/sudo.c:636 src/sudo.c:706 src/sudo.c:716 src/sudo.c:741 src/sudo.c:764 +#: src/sudo.c:773 src/sudo.c:782 src/sudo.c:799 src/sudo.c:849 src/sudo.c:859 +#: src/sudo.c:888 src/sudo.c:1087 src/sudo.c:1108 src/sudo.c:1401 +#: src/sudo.c:1570 src/sudo.c:1797 src/sudo.c:2131 src/sudo_edit.c:89 +#: src/sudo_edit.c:149 src/sudo_edit.c:429 src/sudo_edit.c:438 +#: src/sudo_edit.c:539 src/sudo_edit.c:546 src/sudo_edit.c:677 +#: src/sudo_edit.c:697 src/sudo_intercept_common.c:113 +#: src/sudo_intercept_common.c:317 #, c-format msgid "%s: %s" msgstr "%s: %s" #: lib/util/aix.c:272 lib/util/gidlist.c:66 lib/util/json.c:55 -#: lib/util/json.c:181 lib/util/sudo_conf.c:187 lib/util/sudo_conf.c:272 -#: lib/util/sudo_conf.c:349 lib/util/sudo_conf.c:575 src/conversation.c:81 -#: src/exec_common.c:106 src/exec_common.c:123 src/exec_common.c:132 -#: src/exec_monitor.c:455 src/exec_monitor.c:461 src/exec_monitor.c:469 -#: src/exec_monitor.c:477 src/exec_monitor.c:484 src/exec_monitor.c:491 -#: src/exec_monitor.c:498 src/exec_monitor.c:505 src/exec_monitor.c:512 -#: src/exec_monitor.c:519 src/exec_monitor.c:526 src/exec_nopty.c:212 -#: src/exec_nopty.c:221 src/exec_nopty.c:228 src/exec_nopty.c:235 -#: src/exec_nopty.c:242 src/exec_nopty.c:249 src/exec_nopty.c:256 -#: src/exec_nopty.c:263 src/exec_nopty.c:270 src/exec_nopty.c:277 -#: src/exec_nopty.c:284 src/exec_nopty.c:291 src/exec_nopty.c:299 -#: src/exec_pty.c:827 src/exec_pty.c:836 src/exec_pty.c:893 -#: src/exec_pty.c:1218 src/exec_pty.c:1227 src/exec_pty.c:1234 -#: src/exec_pty.c:1241 src/exec_pty.c:1248 src/exec_pty.c:1255 -#: src/exec_pty.c:1262 src/exec_pty.c:1269 src/exec_pty.c:1276 -#: src/exec_pty.c:1283 src/exec_pty.c:1290 src/exec_pty.c:1298 -#: src/exec_pty.c:1740 src/load_plugins.c:163 src/load_plugins.c:188 -#: src/load_plugins.c:223 src/load_plugins.c:463 src/load_plugins.c:469 -#: src/parse_args.c:181 src/parse_args.c:203 src/parse_args.c:275 -#: src/parse_args.c:616 src/parse_args.c:638 src/parse_args.c:663 -#: src/preserve_fds.c:46 src/preserve_fds.c:131 src/selinux.c:90 -#: src/selinux.c:360 src/selinux.c:489 src/selinux.c:498 src/sesh.c:115 -#: src/sudo.c:235 src/sudo.c:632 src/sudo.c:867 src/sudo.c:1053 -#: src/sudo.c:1075 src/sudo.c:1373 src/sudo.c:1546 src/sudo.c:1740 -#: src/sudo.c:2084 src/sudo_edit.c:263 src/sudo_edit.c:770 src/sudo_edit.c:854 -#: src/sudo_edit.c:976 src/sudo_edit.c:996 +#: lib/util/json.c:184 lib/util/sudo_conf.c:219 lib/util/sudo_conf.c:304 +#: lib/util/sudo_conf.c:381 lib/util/sudo_conf.c:665 src/conversation.c:81 +#: src/exec_intercept.c:100 src/exec_intercept.c:330 src/exec_intercept.c:354 +#: src/exec_intercept.c:377 src/exec_intercept.c:385 src/exec_intercept.c:410 +#: src/exec_intercept.c:416 src/exec_intercept.c:425 src/exec_intercept.c:431 +#: src/exec_intercept.c:565 src/exec_intercept.c:706 src/exec_monitor.c:456 +#: src/exec_monitor.c:462 src/exec_monitor.c:470 src/exec_monitor.c:478 +#: src/exec_monitor.c:485 src/exec_monitor.c:492 src/exec_monitor.c:499 +#: src/exec_monitor.c:506 src/exec_monitor.c:513 src/exec_monitor.c:520 +#: src/exec_monitor.c:527 src/exec_nopty.c:219 src/exec_nopty.c:228 +#: src/exec_nopty.c:235 src/exec_nopty.c:242 src/exec_nopty.c:249 +#: src/exec_nopty.c:256 src/exec_nopty.c:263 src/exec_nopty.c:270 +#: src/exec_nopty.c:277 src/exec_nopty.c:284 src/exec_nopty.c:291 +#: src/exec_nopty.c:298 src/exec_nopty.c:306 src/exec_preload.c:143 +#: src/exec_preload.c:204 src/exec_pty.c:840 src/exec_pty.c:849 +#: src/exec_pty.c:906 src/exec_pty.c:1231 src/exec_pty.c:1240 +#: src/exec_pty.c:1247 src/exec_pty.c:1254 src/exec_pty.c:1261 +#: src/exec_pty.c:1268 src/exec_pty.c:1275 src/exec_pty.c:1282 +#: src/exec_pty.c:1289 src/exec_pty.c:1296 src/exec_pty.c:1303 +#: src/exec_pty.c:1311 src/exec_pty.c:1774 src/load_plugins.c:156 +#: src/load_plugins.c:181 src/load_plugins.c:217 src/load_plugins.c:449 +#: src/load_plugins.c:455 src/parse_args.c:190 src/parse_args.c:212 +#: src/parse_args.c:285 src/parse_args.c:630 src/parse_args.c:652 +#: src/parse_args.c:677 src/preserve_fds.c:46 src/preserve_fds.c:131 +#: src/selinux.c:89 src/selinux.c:369 src/selinux.c:489 src/selinux.c:498 +#: src/sesh.c:113 src/sesh.c:411 src/sudo.c:227 src/sudo.c:636 src/sudo.c:888 +#: src/sudo.c:1087 src/sudo.c:1108 src/sudo.c:1401 src/sudo.c:1570 +#: src/sudo.c:1797 src/sudo.c:2131 src/sudo_edit.c:89 src/sudo_edit.c:149 +#: src/sudo_edit.c:429 src/sudo_edit.c:438 src/sudo_edit.c:539 +#: src/sudo_edit.c:546 src/sudo_edit.c:677 src/sudo_edit.c:697 +#: src/sudo_intercept_common.c:113 src/sudo_intercept_common.c:317 msgid "unable to allocate memory" msgstr "nelze alokovat paměť" -#: lib/util/mkdir_parents.c:69 lib/util/sudo_conf.c:614 src/selinux.c:234 -#: src/selinux.c:264 src/sudo.c:369 +#: lib/util/mkdir_parents.c:68 lib/util/sudo_conf.c:704 src/selinux.c:235 +#: src/selinux.c:265 src/sudo.c:368 src/sudo_edit.c:494 src/sudo_edit.c:559 #, c-format msgid "unable to open %s" msgstr "%s nelze otevřít" -#: lib/util/mkdir_parents.c:84 +#: lib/util/mkdir_parents.c:83 #, c-format msgid "unable to mkdir %s" msgstr "adresář %s nelze vytvořit" -#: lib/util/mkdir_parents.c:93 lib/util/sudo_conf.c:591 +#: lib/util/mkdir_parents.c:92 lib/util/sudo_conf.c:681 src/copy_file.c:150 #, c-format msgid "unable to stat %s" msgstr "nelze získat údaje o %s" -#: lib/util/mkdir_parents.c:98 +#: lib/util/mkdir_parents.c:97 #, c-format msgid "%s exists but is not a directory (0%o)" msgstr "%s existuje, ale nejedná se o adresář (0%o)" @@ -122,7 +129,7 @@ msgstr "Neznámý signál" #: lib/util/strtoid.c:87 lib/util/strtomode.c:52 lib/util/strtonum.c:148 -#: lib/util/strtonum.c:187 +#: lib/util/strtonum.c:187 src/sesh.c:146 src/sesh.c:159 msgid "invalid value" msgstr "neplatná hodnota" @@ -134,111 +141,174 @@ msgid "value too small" msgstr "hodnota je příliš malá" -#: lib/util/sudo_conf.c:205 +#: lib/util/sudo_conf.c:237 #, c-format msgid "invalid Path value \"%s\" in %s, line %u" msgstr "neplatná hodnota Path „%s“ v %s, řádek %u" -#: lib/util/sudo_conf.c:371 lib/util/sudo_conf.c:387 lib/util/sudo_conf.c:440 +#: lib/util/sudo_conf.c:403 lib/util/sudo_conf.c:419 lib/util/sudo_conf.c:472 #, c-format msgid "invalid value for %s \"%s\" in %s, line %u" msgstr "neplatná hodnota pro %s „%s“ v %s, řádek %u" -#: lib/util/sudo_conf.c:408 +#: lib/util/sudo_conf.c:440 #, c-format msgid "unsupported group source \"%s\" in %s, line %u" msgstr "nepodporovaný zdroj skupin „%s“ v %s, řádek %u" # This is about maximal GID. English text "max groups" is wrong. -#: lib/util/sudo_conf.c:424 +#: lib/util/sudo_conf.c:456 #, c-format msgid "invalid max groups \"%s\" in %s, line %u" msgstr "neplatné maximum skupin „%s“ v %s, řádek %u" -#: lib/util/sudo_conf.c:594 +#: lib/util/sudo_conf.c:684 #, c-format msgid "%s is not a regular file" msgstr "%s není obyčejný soubor" -#: lib/util/sudo_conf.c:597 +#: lib/util/sudo_conf.c:687 src/copy_file.c:163 #, c-format msgid "%s is owned by uid %u, should be %u" msgstr "%s je vlastněn UID %u, avšak UID by mělo být %u" -#: lib/util/sudo_conf.c:601 +#: lib/util/sudo_conf.c:691 #, c-format msgid "%s is world writable" msgstr "%s je zapisovatelný pro všechny" -#: lib/util/sudo_conf.c:604 +#: lib/util/sudo_conf.c:694 #, c-format msgid "%s is group writable" msgstr "%s je zapisovatelný pro skupinu" -#: src/copy_file.c:91 +#: src/copy_file.c:93 #, c-format msgid "%s: truncate %s to zero bytes? (y/n) [n] " msgstr "%s: zkrátit %s na nula bajtů? (y pro ano / n pro ne) [n] " -#: src/copy_file.c:95 +#: src/copy_file.c:97 #, c-format msgid "not overwriting %s" msgstr "%s nebude přepsáno" -#: src/copy_file.c:117 +#: src/copy_file.c:119 #, c-format msgid "unable to read from %s" msgstr "z %s nelze číst" -#: src/copy_file.c:134 src/sudo_edit.c:695 +#: src/copy_file.c:136 src/sudo_edit.c:320 #, c-format msgid "unable to write to %s" msgstr "do %s nelze zapsat" -#: src/exec.c:128 +#: src/copy_file.c:154 src/sesh.c:218 src/sudo_edit.c:197 +#, c-format +msgid "%s: not a regular file" +msgstr "%s: nejedná se o obyčejný soubor" + +#: src/copy_file.c:158 +#, c-format +msgid "%s: bad file mode: 0%o" +msgstr "%s: chybná práva souboru: 0%o" + +#: src/edit_open.c:331 +msgid "unable to restore current working directory" +msgstr "současný pracovní adresář nelze obnovit" + +#: src/exec.c:130 #, c-format msgid "unknown login class %s" msgstr "neznámá přihlašovací třída %s" -#: src/exec.c:140 +#: src/exec.c:142 msgid "unable to set user context" msgstr "nelze nastavit kontext uživatele" -#: src/exec.c:156 +#: src/exec.c:158 msgid "unable to set process priority" msgstr "nelze nastavit prioritu procesu" -#: src/exec.c:170 +#: src/exec.c:175 #, c-format msgid "unable to change root to %s" msgstr "kořenový adresář nelze změnit na %s" -#: src/exec.c:183 src/exec.c:189 src/exec.c:196 +#: src/exec.c:188 src/exec.c:194 src/exec.c:201 #, c-format msgid "unable to change to runas uid (%u, %u)" msgstr "nelze změnit UID na (%u, %u)" -#: src/exec.c:214 +#: src/exec.c:219 #, c-format msgid "unable to change directory to %s" msgstr "pracovní adresář nelze změnit na %s" -#: src/exec.c:218 +#: src/exec.c:223 #, c-format msgid "starting from %s" msgstr "začíná se od %s" -#: src/exec.c:300 src/exec_monitor.c:564 src/exec_monitor.c:566 -#: src/exec_nopty.c:531 src/exec_pty.c:568 src/exec_pty.c:1386 -#: src/exec_pty.c:1388 src/signal.c:139 src/signal.c:153 +#: src/exec.c:305 src/exec_monitor.c:565 src/exec_monitor.c:567 +#: src/exec_nopty.c:561 src/exec_pty.c:581 src/exec_pty.c:1411 +#: src/exec_pty.c:1413 src/signal.c:144 src/signal.c:151 src/signal.c:165 #, c-format msgid "unable to set handler for signal %d" msgstr "obsluhu pro signál %d nelze nastavit" -#: src/exec_common.c:165 +#: src/exec_common.c:56 msgid "unable to remove PRIV_PROC_EXEC from PRIV_LIMIT" msgstr "z PRIV_LIMIT nelze odstranit PRIV_PROC_EXEC" +#: src/exec_intercept.c:112 src/exec_intercept.c:116 src/exec_intercept.c:667 +#: src/exec_intercept.c:671 src/exec_intercept.c:857 src/exec_intercept.c:861 +#: src/exec_intercept.c:872 src/exec_intercept.c:876 src/exec_monitor.c:464 +#: src/exec_monitor.c:472 src/exec_monitor.c:480 src/exec_monitor.c:487 +#: src/exec_monitor.c:494 src/exec_monitor.c:501 src/exec_monitor.c:508 +#: src/exec_monitor.c:515 src/exec_monitor.c:522 src/exec_monitor.c:529 +#: src/exec_nopty.c:221 src/exec_nopty.c:230 src/exec_nopty.c:237 +#: src/exec_nopty.c:244 src/exec_nopty.c:251 src/exec_nopty.c:258 +#: src/exec_nopty.c:265 src/exec_nopty.c:272 src/exec_nopty.c:279 +#: src/exec_nopty.c:286 src/exec_nopty.c:293 src/exec_nopty.c:300 +#: src/exec_nopty.c:308 src/exec_pty.c:706 src/exec_pty.c:711 +#: src/exec_pty.c:808 src/exec_pty.c:815 src/exec_pty.c:912 +#: src/exec_pty.c:1233 src/exec_pty.c:1242 src/exec_pty.c:1249 +#: src/exec_pty.c:1256 src/exec_pty.c:1263 src/exec_pty.c:1270 +#: src/exec_pty.c:1277 src/exec_pty.c:1284 src/exec_pty.c:1291 +#: src/exec_pty.c:1298 src/exec_pty.c:1305 src/exec_pty.c:1727 +#: src/exec_pty.c:1737 src/exec_pty.c:1782 src/exec_pty.c:1789 +#: src/exec_pty.c:1816 +msgid "unable to add event to queue" +msgstr "událost nelze přidat do fronty" + +#: src/exec_intercept.c:314 +msgid "invalid PolicyCheckRequest" +msgstr "neplatný požadavek PolicyCheckRequest" + +#: src/exec_intercept.c:362 src/sudo.c:1213 src/sudo.c:1258 src/sudo.c:1302 +msgid "command rejected by policy" +msgstr "příkaz zamítnut politikou" + +#: src/exec_intercept.c:455 src/sudo.c:1218 src/sudo.c:1263 src/sudo.c:1307 +#: src/sudo.c:1381 +msgid "policy plugin error" +msgstr "chyba modulu s politikou" + +#: src/exec_intercept.c:561 +#, c-format +msgid "client request too large: %zu" +msgstr "požadavek od klienta je příliš dlouhý: %zu" + +#: src/exec_intercept.c:659 +#, c-format +msgid "unexpected type_case value %d in %s from %s" +msgstr "nečekaná hodnota type_case %d v %s od %s" + +#: src/exec_intercept.c:694 +#, c-format +msgid "server message too large: %zu" +msgstr "zpráva serveru je příliš dlouhá: %zu" + #: src/exec_monitor.c:360 msgid "error reading from socketpair" msgstr "chyba při čtení z dvojice socketů" @@ -248,203 +318,180 @@ msgid "unexpected reply type on backchannel: %d" msgstr "neočekávaný druh odpovědi na zpětném kanálu: %d" -#: src/exec_monitor.c:463 src/exec_monitor.c:471 src/exec_monitor.c:479 -#: src/exec_monitor.c:486 src/exec_monitor.c:493 src/exec_monitor.c:500 -#: src/exec_monitor.c:507 src/exec_monitor.c:514 src/exec_monitor.c:521 -#: src/exec_monitor.c:528 src/exec_nopty.c:214 src/exec_nopty.c:223 -#: src/exec_nopty.c:230 src/exec_nopty.c:237 src/exec_nopty.c:244 -#: src/exec_nopty.c:251 src/exec_nopty.c:258 src/exec_nopty.c:265 -#: src/exec_nopty.c:272 src/exec_nopty.c:279 src/exec_nopty.c:286 -#: src/exec_nopty.c:293 src/exec_nopty.c:301 src/exec_pty.c:693 -#: src/exec_pty.c:698 src/exec_pty.c:795 src/exec_pty.c:802 src/exec_pty.c:899 -#: src/exec_pty.c:1220 src/exec_pty.c:1229 src/exec_pty.c:1236 -#: src/exec_pty.c:1243 src/exec_pty.c:1250 src/exec_pty.c:1257 -#: src/exec_pty.c:1264 src/exec_pty.c:1271 src/exec_pty.c:1278 -#: src/exec_pty.c:1285 src/exec_pty.c:1292 src/exec_pty.c:1693 -#: src/exec_pty.c:1703 src/exec_pty.c:1748 src/exec_pty.c:1755 -#: src/exec_pty.c:1782 -msgid "unable to add event to queue" -msgstr "událost nelze přidat do fronty" - -#: src/exec_monitor.c:582 +#: src/exec_monitor.c:583 msgid "unable to set controlling tty" msgstr "řídicí terminál nelze nastavit" -#: src/exec_monitor.c:590 src/exec_nopty.c:358 src/exec_pty.c:1465 -#: src/exec_pty.c:1486 src/exec_pty.c:1506 src/tgetpass.c:306 +#: src/exec_monitor.c:591 src/exec_nopty.c:369 src/exec_pty.c:1490 +#: src/exec_pty.c:1511 src/exec_pty.c:1531 src/tgetpass.c:307 msgid "unable to create pipe" msgstr "nelze vytvořit rouru" -#: src/exec_monitor.c:598 +#: src/exec_monitor.c:601 msgid "unable to receive message from parent" msgstr "od rodiče nelze přijmout zprávu" -#: src/exec_monitor.c:612 src/exec_nopty.c:387 src/exec_pty.c:1544 -#: src/sudo_edit.c:735 src/tgetpass.c:310 +#: src/exec_monitor.c:617 src/exec_nopty.c:407 src/exec_pty.c:1569 +#: src/sudo_edit.c:361 src/tgetpass.c:311 msgid "unable to fork" msgstr "nelze vytvořit potomka" -#: src/exec_monitor.c:616 src/exec_monitor.c:715 src/exec_nopty.c:441 +#: src/exec_monitor.c:621 src/exec_monitor.c:722 src/exec_nopty.c:471 msgid "unable to restore tty label" msgstr "nelze obnovit značku TTY" -#: src/exec_monitor.c:632 src/sesh.c:125 src/sudo.c:1131 +#: src/exec_monitor.c:637 src/sesh.c:123 src/sudo.c:1164 #, c-format msgid "unable to execute %s" msgstr "%s nelze spustit" -#: src/exec_nopty.c:352 src/exec_pty.c:1395 +#: src/exec_nopty.c:363 src/exec_pty.c:1420 msgid "policy plugin failed session initialization" msgstr "modul s politikami zrušil inicializaci relace" -#: src/exec_nopty.c:429 src/exec_pty.c:1632 +#: src/exec_nopty.c:377 src/exec_pty.c:1391 src/exec_pty.c:1399 +msgid "unable to create sockets" +msgstr "nelze vytvořit sockety" + +#: src/exec_nopty.c:459 src/exec_pty.c:1666 msgid "error in event loop" msgstr "chyba ve smyčce s událostmi" -#: src/exec_nopty.c:539 src/exec_pty.c:606 src/signal.c:101 +#: src/exec_nopty.c:569 src/exec_pty.c:619 src/signal.c:101 #, c-format msgid "unable to restore handler for signal %d" msgstr "nelze obnovit obsluhu signálu %d" -#: src/exec_pty.c:152 +#: src/exec_pty.c:158 msgid "unable to allocate pty" msgstr "nelze alokovat PTY" -#: src/exec_pty.c:216 src/exec_pty.c:255 src/exec_pty.c:294 src/exec_pty.c:344 -#: src/exec_pty.c:394 +#: src/exec_pty.c:222 src/exec_pty.c:262 src/exec_pty.c:302 src/exec_pty.c:353 +#: src/exec_pty.c:404 msgid "I/O plugin error" msgstr "chyba vstupně-výstupního modulu" -#: src/exec_pty.c:219 src/exec_pty.c:258 src/exec_pty.c:297 src/exec_pty.c:347 -#: src/exec_pty.c:397 +#: src/exec_pty.c:226 src/exec_pty.c:266 src/exec_pty.c:306 src/exec_pty.c:357 +#: src/exec_pty.c:408 msgid "command rejected by I/O plugin" msgstr "příkaz zamítnut vstupně-výstupním modulem" -#: src/exec_pty.c:444 +#: src/exec_pty.c:455 msgid "error logging suspend" msgstr "chyba pozastavování protokolu" -#: src/exec_pty.c:477 +#: src/exec_pty.c:489 msgid "error changing window size" msgstr "chyba při měnění velikosti okna" -#: src/exec_pty.c:1375 -msgid "unable to create sockets" -msgstr "nelze vytvořit sockety" - -#: src/exec_pty.c:1587 +#: src/exec_pty.c:1615 msgid "unable to send message to monitor process" msgstr "dohlížejícímu procesu nelze odeslat zprávu" -#: src/load_plugins.c:50 src/load_plugins.c:63 src/load_plugins.c:85 -#: src/load_plugins.c:115 src/load_plugins.c:129 src/load_plugins.c:135 -#: src/load_plugins.c:287 src/load_plugins.c:297 src/load_plugins.c:307 -#: src/load_plugins.c:354 +#: src/load_plugins.c:108 src/load_plugins.c:122 src/load_plugins.c:128 +#: src/load_plugins.c:277 src/load_plugins.c:287 src/load_plugins.c:297 +#: src/load_plugins.c:344 #, c-format msgid "error in %s, line %d while loading plugin \"%s\"" msgstr "chyba v %s na řádku %d při zavádění modulu „%s“" -#: src/load_plugins.c:87 -#, c-format -msgid "%s%s: %s" -msgstr "%s%s: %s" - -#: src/load_plugins.c:131 +#: src/load_plugins.c:124 #, c-format msgid "%s must be owned by uid %d" msgstr "%s musí být vlastněn UID %d" -#: src/load_plugins.c:137 +#: src/load_plugins.c:130 #, c-format msgid "%s must be only be writable by owner" msgstr "%s musí být zapisovatelný jen vlastníkem" -#: src/load_plugins.c:247 src/load_plugins.c:322 +#: src/load_plugins.c:241 src/load_plugins.c:312 #, c-format msgid "ignoring duplicate plugin \"%s\" in %s, line %d" msgstr "ignoruje je opakovaný modul „%s“ v %s na řádku %d" -#: src/load_plugins.c:289 +#: src/load_plugins.c:279 #, c-format msgid "unable to load %s: %s" msgstr "%s nelze zavést: %s" -#: src/load_plugins.c:299 +#: src/load_plugins.c:289 #, c-format msgid "unable to find symbol \"%s\" in %s" msgstr "v %s nelze nalézt symbol „%s“" -#: src/load_plugins.c:309 +#: src/load_plugins.c:299 #, c-format msgid "incompatible plugin major version %d (expected %d) found in %s" msgstr "neslučitelná hlavní verze modulu %d (očekáváno %d) nalezena v %s" -#: src/load_plugins.c:327 +#: src/load_plugins.c:317 #, c-format msgid "ignoring policy plugin \"%s\" in %s, line %d" msgstr "ignoruje se modul politiky „%s“ v %s na řádku %d" -#: src/load_plugins.c:330 +#: src/load_plugins.c:320 msgid "only a single policy plugin may be specified" msgstr "lze zadat pouze jeden modul s politikou" -#: src/load_plugins.c:356 +#: src/load_plugins.c:346 #, c-format msgid "unknown plugin type %d found in %s" msgstr "v %2$s nalezen neznámý druh modulu %1$d" -#: src/load_plugins.c:552 +#: src/load_plugins.c:529 #, c-format msgid "policy plugin %s does not include a check_policy method" msgstr "modul s politikou %s neobsahuje metodu check_policy" -#: src/net_ifs.c:178 src/net_ifs.c:195 src/net_ifs.c:340 src/sudo.c:479 +#: src/net_ifs.c:210 src/net_ifs.c:376 src/net_ifs.c:437 src/net_ifs.c:624 +#: src/net_ifs.c:855 src/sudo.c:483 src/sudo_edit.c:398 src/sudo_edit.c:406 #, c-format msgid "internal error, %s overflow" msgstr "vnitřní chyba, přetečení v %s" -#: src/parse_args.c:223 +#: src/parse_args.c:232 #, c-format msgid "invalid environment variable name: %s" msgstr "neplatný název proměnné prostředí: %s" -#: src/parse_args.c:325 +#: src/parse_args.c:335 msgid "the argument to -C must be a number greater than or equal to 3" msgstr "argument u -C musí být číslo větší nebo rovno 3" -#: src/parse_args.c:552 +#: src/parse_args.c:566 msgid "you may not specify both the -i and -s options" msgstr "nesmíte zadávat přepínače -i a -s spolu" -#: src/parse_args.c:557 +#: src/parse_args.c:571 msgid "you may not specify both the -i and -E options" msgstr "nesmíte zadávat přepínače -i a -E spolu" -#: src/parse_args.c:567 +#: src/parse_args.c:581 msgid "the -E option is not valid in edit mode" msgstr "přepínač -E není platný v režimu úprav" -#: src/parse_args.c:570 +#: src/parse_args.c:584 msgid "you may not specify environment variables in edit mode" msgstr "v režimu úprav nesmíte zadávat proměnné prostředí" -#: src/parse_args.c:580 +#: src/parse_args.c:594 msgid "the -U option may only be used with the -l option" msgstr "přepínač -U smí být použit jen s přepínačem -l" -#: src/parse_args.c:584 +#: src/parse_args.c:598 msgid "the -A and -S options may not be used together" msgstr "přepínače -A a -S smí nesmí být použity spolu" -#: src/parse_args.c:677 +#: src/parse_args.c:691 msgid "sudoedit is not supported on this platform" msgstr "na této platformě není sudoedit podporován" -#: src/parse_args.c:759 +#: src/parse_args.c:774 msgid "Only one of the -e, -h, -i, -K, -l, -s, -v or -V options may be specified" msgstr "Smí být zadán pouze jeden z přepínačů -e, -h, -i, -K, -l, -s, -v nebo -V" -#: src/parse_args.c:773 +#: src/parse_args.c:790 #, c-format msgid "" "%s - edit files as another user\n" @@ -453,7 +500,7 @@ "%s – upraví soubory jako jiný uživatel\n" "\n" -#: src/parse_args.c:775 +#: src/parse_args.c:792 #, c-format msgid "" "%s - execute a command as another user\n" @@ -462,7 +509,7 @@ "%s – vykoná příkaz jako jiný uživatel\n" "\n" -#: src/parse_args.c:780 +#: src/parse_args.c:798 msgid "" "\n" "Options:\n" @@ -470,225 +517,215 @@ "\n" "Přepínače:\n" -#: src/parse_args.c:782 +#: src/parse_args.c:800 msgid "use a helper program for password prompting" msgstr "dotazuje se na heslo prostřednictvím pomocného programu" -#: src/parse_args.c:785 +#: src/parse_args.c:803 msgid "use specified BSD authentication type" msgstr "použije zadaný druh BSD autentizace" -#: src/parse_args.c:788 +#: src/parse_args.c:807 msgid "run command in the background" msgstr "spustí příkaz na pozadí" -#: src/parse_args.c:790 +#: src/parse_args.c:810 msgid "ring bell when prompting" msgstr "při výzvě vydá zvukové znamení" -#: src/parse_args.c:792 +#: src/parse_args.c:812 msgid "close all file descriptors >= num" msgstr "uzavře všechny deskriptory souboru >= číslu" -#: src/parse_args.c:795 +#: src/parse_args.c:815 msgid "run command with the specified BSD login class" msgstr "spustí příkaz se zadanou přihlašovací třídou BSD" -#: src/parse_args.c:798 +#: src/parse_args.c:818 msgid "change the working directory before running command" msgstr "změní pracovní adresář před spuštěním příkazu" -#: src/parse_args.c:800 +#: src/parse_args.c:821 msgid "preserve user environment when running command" msgstr "při spuštění příkazu zachová uživatelské prostředí" -#: src/parse_args.c:802 +#: src/parse_args.c:823 msgid "preserve specific environment variables" msgstr "zachová určité proměnné prostředí" -#: src/parse_args.c:804 +#: src/parse_args.c:825 msgid "edit files instead of running a command" msgstr "místo spuštění příkazu upraví soubory" -#: src/parse_args.c:806 +#: src/parse_args.c:828 msgid "run command as the specified group name or ID" msgstr "spustí příkaz jako skupina určení názvem nebo ID" -#: src/parse_args.c:808 +#: src/parse_args.c:831 msgid "set HOME variable to target user's home dir" msgstr "nastaví proměnnou HOME na domovský adresář uživatele" -#: src/parse_args.c:810 +#: src/parse_args.c:834 msgid "display help message and exit" msgstr "zobrazí nápovědu a skončí" -#: src/parse_args.c:812 +#: src/parse_args.c:836 msgid "run command on host (if supported by plugin)" msgstr "spustí příkaz na stroji (je-li podporováno modulem)" -#: src/parse_args.c:814 +#: src/parse_args.c:839 msgid "run login shell as the target user; a command may also be specified" msgstr "spustí přihlašovací shell jako cílový uživatel; příkaz lze rovněž zadat" -#: src/parse_args.c:816 +#: src/parse_args.c:841 msgid "remove timestamp file completely" msgstr "úplně odstraní soubor s časovými údaji" -#: src/parse_args.c:818 +#: src/parse_args.c:844 msgid "invalidate timestamp file" msgstr "zneplatní soubor s časovými údaji" -#: src/parse_args.c:820 +#: src/parse_args.c:847 msgid "list user's privileges or check a specific command; use twice for longer format" msgstr "vypíše oprávnění uživatele nebo zkontroluje určitý příkaz; pro delší výstup použijte dvakrát" -#: src/parse_args.c:822 +#: src/parse_args.c:850 msgid "non-interactive mode, no prompts are used" msgstr "neinteraktivní režim, nepoužijí se žádné dotazy" -#: src/parse_args.c:824 +#: src/parse_args.c:853 msgid "preserve group vector instead of setting to target's" msgstr "zachová vektor skupin namísto nastavení na skupiny cíle" -#: src/parse_args.c:826 +#: src/parse_args.c:856 msgid "use the specified password prompt" msgstr "použije určený dotaz na heslo" -#: src/parse_args.c:828 +#: src/parse_args.c:858 msgid "change the root directory before running command" msgstr "změní kořenový adresář přes spuštěním příkazu" -#: src/parse_args.c:831 +#: src/parse_args.c:861 msgid "create SELinux security context with specified role" msgstr "vytvoří selinuxový bezpečnostní kontext se zadanou rolí" -#: src/parse_args.c:834 +#: src/parse_args.c:864 msgid "read password from standard input" msgstr "načte heslo ze standardní vstupu" -#: src/parse_args.c:836 +#: src/parse_args.c:867 msgid "run shell as the target user; a command may also be specified" msgstr "spustí shell jako cílový uživatel; příkaz lze rovněž zadat" -#: src/parse_args.c:839 +#: src/parse_args.c:871 msgid "create SELinux security context with specified type" msgstr "vytvoří selinuxový bezpečnostní kontext se zadaným typem" -#: src/parse_args.c:842 +#: src/parse_args.c:874 msgid "terminate command after the specified time limit" msgstr "po uplynutí zadaného času ukončí příkaz" -#: src/parse_args.c:844 +#: src/parse_args.c:877 msgid "in list mode, display privileges for user" msgstr "v režimu výpisu zobrazí oprávnění uživatele" -#: src/parse_args.c:846 +#: src/parse_args.c:880 msgid "run command (or edit file) as specified user name or ID" msgstr "spustí příkaz (nebo upraví soubor) jako uživatel určený jménem nebo ID" -#: src/parse_args.c:848 +#: src/parse_args.c:882 msgid "display version information and exit" msgstr "zobrazí údaje o verzi a skončí" -#: src/parse_args.c:850 +#: src/parse_args.c:885 msgid "update user's timestamp without running a command" msgstr "aktualizuje časové údaje uživatele bez spuštění příkazu" -#: src/parse_args.c:852 +#: src/parse_args.c:888 msgid "stop processing command line arguments" msgstr "přestane zpracovávat argumenty příkazového řádku" -#: src/selinux.c:84 +#: src/selinux.c:83 msgid "unable to open audit system" msgstr "nelze otevřít auditní systém" -#: src/selinux.c:94 +#: src/selinux.c:93 msgid "unable to send audit message" msgstr "nelze odeslat auditní zprávu" -#: src/selinux.c:128 +#: src/selinux.c:129 #, c-format msgid "unable to fgetfilecon %s" msgstr "nelze získat kontext souboru %s pomocí fgetfilecon" -#: src/selinux.c:133 +#: src/selinux.c:134 #, c-format msgid "%s changed labels" msgstr "%s změnilo značky" -#: src/selinux.c:141 +#: src/selinux.c:142 #, c-format msgid "unable to restore context for %s" msgstr "nelze obnovit kontext %s" -#: src/selinux.c:189 +#: src/selinux.c:190 #, c-format msgid "unable to open %s, not relabeling tty" msgstr "%s nelze otevřít, TTY nebude značka přepsána" -#: src/selinux.c:193 src/selinux.c:238 src/selinux.c:268 +#: src/selinux.c:194 src/selinux.c:239 src/selinux.c:269 #, c-format msgid "%s is not a character device, not relabeling tty" msgstr "%s není znakové zařízení, TTY nebude značka přepsána" -#: src/selinux.c:202 +#: src/selinux.c:203 msgid "unable to get current tty context, not relabeling tty" msgstr "nelze získat kontext současného TTY, TTY nebude značka přepsána" -#: src/selinux.c:209 +#: src/selinux.c:210 msgid "unknown security class \"chr_file\", not relabeling tty" msgstr "neznámá bezpečnostní třída „chr_file“, TTY nebude značka přepsána" -#: src/selinux.c:214 +#: src/selinux.c:215 msgid "unable to get new tty context, not relabeling tty" msgstr "nelze získat nový kontext TTY, TTY nebude značka přepsána" -#: src/selinux.c:223 +#: src/selinux.c:224 msgid "unable to set new tty context" msgstr "nelze nastavit nový kontext TTY" -#: src/selinux.c:321 -#, c-format -msgid "you must specify a role for type %s" -msgstr "pro typ %s musíte zadat roli" - #: src/selinux.c:327 +msgid "failed to get new context" +msgstr "nepodařilo se získat nový kontext" + +#: src/selinux.c:345 #, c-format msgid "unable to get default type for role %s" msgstr "výchozí typ pro roli %s nelze získat" -#: src/selinux.c:339 -msgid "failed to get new context" -msgstr "nepodařilo se získat nový kontext" - -#: src/selinux.c:348 +#: src/selinux.c:357 #, c-format msgid "failed to set new role %s" msgstr "nepodařilo se nastavit novou roli %s" -#: src/selinux.c:352 +#: src/selinux.c:361 #, c-format msgid "failed to set new type %s" msgstr "nepodařilo se nastavit nový typ %s" -#: src/selinux.c:364 +#: src/selinux.c:373 #, c-format msgid "%s is not a valid context" msgstr "%s není platný kontext" -#: src/selinux.c:396 +#: src/selinux.c:402 msgid "failed to get old context" msgstr "nepodařilo se získat starý kontext" -#: src/selinux.c:402 +#: src/selinux.c:408 msgid "unable to determine enforcing mode." msgstr "nepodařilo se určit režim vynucování SELinuxu." -#: src/selinux.c:419 -#, c-format -msgid "unable to set tty context to %s" -msgstr "nepodařilo se nastavit kontext TTY na %s" - #: src/selinux.c:440 #, c-format msgid "unable to set exec context to %s" @@ -699,20 +736,40 @@ msgid "unable to set key creation context to %s" msgstr "nepodařilo se nastavit kontext pro vytváření klíčů na %s" -#: src/sesh.c:77 +#: src/sesh.c:72 msgid "requires at least one argument" msgstr "je třeba alespoň jeden argument" -#: src/sesh.c:106 +#: src/sesh.c:104 #, c-format msgid "invalid file descriptor number: %s" msgstr "neplatné číslo deskriptoru souboru: %s" -#: src/sesh.c:120 +#: src/sesh.c:118 #, c-format msgid "unable to run %s as a login shell" msgstr "%s nelze spustit jako přihlašovací shell" +#: src/sesh.c:200 src/sesh.c:300 src/sudo_edit.c:204 +#, c-format +msgid "%s: editing symbolic links is not permitted" +msgstr "%s: úprava symbolických odkazů není dovolena" + +#: src/sesh.c:203 src/sesh.c:303 src/sudo_edit.c:207 +#, c-format +msgid "%s: editing files in a writable directory is not permitted" +msgstr "%s: úprava souborů v adresáři, do kterého lze zapisovat, není dovolena" + +#: src/sesh.c:287 src/sesh.c:308 src/sesh.c:317 src/sesh.c:325 +#: src/sudo_edit.c:331 +#, c-format +msgid "contents of edit session left in %s" +msgstr "obsah relace s úpravami ponechán v %s" + +#: src/sesh.c:416 src/sudo_edit.c:94 +msgid "unable to get group list" +msgstr "nelze získat seznam skupin" + #: src/signal.c:79 #, c-format msgid "unable to save handler for signal %d" @@ -761,203 +818,198 @@ msgid "warning, resource control assignment failed for project \"%s\"" msgstr "pozor, nepodařilo se přiřadit řízení zdrojů projektu „%s“" -#: src/sudo.c:220 +#: src/sudo.c:213 #, c-format msgid "Sudo version %s\n" msgstr "Sudo verze %s\n" -#: src/sudo.c:222 +#: src/sudo.c:215 #, c-format msgid "Configure options: %s\n" msgstr "Přepínače configure: %s\n" -#: src/sudo.c:231 +#: src/sudo.c:223 msgid "fatal error, unable to load plugins" msgstr "nepřekonatelná chyba, moduly nelze zavést" -#: src/sudo.c:277 +#: src/sudo.c:269 msgid "plugin did not return a command to execute" msgstr "modul nevrátil příkaz k provedení" -#: src/sudo.c:312 +#: src/sudo.c:302 #, c-format msgid "unexpected sudo mode 0x%x" msgstr "neočekávaný režim programu sudo 0x%x" -#: src/sudo.c:546 +#: src/sudo.c:550 #, c-format msgid "you do not exist in the %s database" msgstr "neexistujete v databázi %s" -#: src/sudo.c:603 +#: src/sudo.c:607 msgid "unable to determine tty" msgstr "nelze určit terminál" -#: src/sudo.c:913 +#: src/sudo.c:948 #, c-format msgid "%s must be owned by uid %d and have the setuid bit set" msgstr "%s musí být vlastněn UID %d a mít nastaven bit setuid" -#: src/sudo.c:916 +#: src/sudo.c:951 #, c-format msgid "effective uid is not %d, is %s on a file system with the 'nosuid' option set or an NFS file system without root privileges?" msgstr "efektivní UID není %d, nalézá se %s na souborovém systému s nastavenou volbou „nosuid“ nebo na souborovém systému NFS bez práv roota?" -#: src/sudo.c:922 +#: src/sudo.c:957 #, c-format msgid "effective uid is not %d, is sudo installed setuid root?" msgstr "efektivní UID není %d, je sudo nainstalované jako setuid vlastněné rootem?" -#: src/sudo.c:938 +#: src/sudo.c:973 src/tgetpass.c:333 msgid "unable to set supplementary group IDs" msgstr "nelze nastavit ID doplňkových skupin" -#: src/sudo.c:945 +#: src/sudo.c:980 #, c-format msgid "unable to set effective gid to runas gid %u" msgstr "efektivní GID nelze nastavit na %u" -#: src/sudo.c:951 +#: src/sudo.c:986 #, c-format msgid "unable to set gid to runas gid %u" msgstr "GID nelze nastavit na %u" -#: src/sudo.c:994 +#: src/sudo.c:1029 #, c-format msgid "unexpected child termination condition: %d" msgstr "neočekávaný důvod ukončení potomka: %d" -#: src/sudo.c:1103 +#: src/sudo.c:1136 msgid "unable to initialize policy plugin" msgstr "modul s politikami nelze inicializovat" -#: src/sudo.c:1166 +#: src/sudo.c:1198 #, c-format msgid "policy plugin %s is missing the \"check_policy\" method" msgstr "modulu s politikami %s chybí metoda „check_policy“" -#: src/sudo.c:1181 src/sudo.c:1234 src/sudo.c:1278 -msgid "command rejected by policy" -msgstr "příkaz zamítnut politikou" - -#: src/sudo.c:1186 src/sudo.c:1239 src/sudo.c:1283 -msgid "policy plugin error" -msgstr "chyba modulu s politikou" - -#: src/sudo.c:1220 +#: src/sudo.c:1244 #, c-format msgid "policy plugin %s does not support listing privileges" msgstr "modul s politikami %s nepodporuje získání seznamu oprávnění" -#: src/sudo.c:1264 +#: src/sudo.c:1288 #, c-format msgid "policy plugin %s does not support the -v option" msgstr "modul s politikami %s nepodporuje přepínač -v" -#: src/sudo.c:1302 +#: src/sudo.c:1326 #, c-format msgid "policy plugin %s does not support the -k/-K options" msgstr "modul s politikami %s nepodporuje přepínače -k/-K" -#: src/sudo.c:1431 +#: src/sudo.c:1455 #, c-format msgid "error initializing I/O plugin %s" msgstr "chyba při inicializaci vstupně-výstupního modulu %s" -#: src/sudo.c:1585 +#: src/sudo.c:1458 +msgid "error initializing I/O plugin" +msgstr "chyba při inicializaci vstupně-výstupního modulu" + +#: src/sudo.c:1607 #, c-format msgid "error initializing audit plugin %s" msgstr "chyba při inicializaci auditního modulu %s" -#: src/sudo.c:1763 +#: src/sudo.c:1686 +#, c-format +msgid "%s: unable to log error event%s%s" +msgstr "%s nelze zaznamenat chybovou událost%s%s" + +#: src/sudo.c:1722 +#, c-format +msgid "%s: unable to log accept event%s%s" +msgstr "%s nelze zaznamenat přijímací událost%s%s " + +#: src/sudo.c:1727 src/sudo.c:1765 +msgid "audit plugin error" +msgstr "chyba auditního modulu" + +#: src/sudo.c:1760 +#, c-format +msgid "%s: unable to log reject event%s%s" +msgstr "%s nelze zaznamenat zamítací událost%s%s " + +#: src/sudo.c:1820 #, c-format msgid "error initializing approval plugin %s" msgstr "chyba při inicializaci schvalovacího modulu %s" -#: src/sudo.c:1839 +#: src/sudo.c:1890 msgid "command rejected by approver" msgstr "příkaz zamítnut schvalovatelem" -#: src/sudo.c:1848 +#: src/sudo.c:1900 msgid "approval plugin error" msgstr "chyba schvalovacího modulu" -#: src/sudo_edit.c:226 +#: src/sudo_edit.c:113 msgid "no writable temporary directory found" msgstr "nenalezen žádný dočasný adresář, do kterého lze zapisovat" -#: src/sudo_edit.c:351 -msgid "unable to restore current working directory" -msgstr "současný pracovní adresář nelze obnovit" - -#: src/sudo_edit.c:566 src/sudo_edit.c:666 -#, c-format -msgid "%s: not a regular file" -msgstr "%s: nejedná se o obyčejný soubor" - -#: src/sudo_edit.c:573 -#, c-format -msgid "%s: editing symbolic links is not permitted" -msgstr "%s: úprava symbolických odkazů není dovolena" - -#: src/sudo_edit.c:576 -#, c-format -msgid "%s: editing files in a writable directory is not permitted" -msgstr "%s: úprava souborů v adresáři, do kterého lze zapisovat, není dovolena" - -#: src/sudo_edit.c:667 +#: src/sudo_edit.c:291 #, c-format msgid "%s left unmodified" msgstr "%s ponechán nezměněn" -#: src/sudo_edit.c:680 src/sudo_edit.c:871 +#: src/sudo_edit.c:304 src/sudo_edit.c:571 #, c-format msgid "%s unchanged" msgstr "%s nezměněn" -#: src/sudo_edit.c:706 src/sudo_edit.c:909 -#, c-format -msgid "contents of edit session left in %s" -msgstr "obsah relace s úpravami ponechán v %s" - -#: src/sudo_edit.c:814 +#: src/sudo_edit.c:481 msgid "sesh: internal error: odd number of paths" msgstr "sesh: vnitřní chyba: lichý počet cest" -#: src/sudo_edit.c:816 +#: src/sudo_edit.c:483 msgid "sesh: unable to create temporary files" msgstr "sesh: nelze vytvořit dočasné soubory" -#: src/sudo_edit.c:818 src/sudo_edit.c:902 +#: src/sudo_edit.c:485 src/sudo_edit.c:609 msgid "sesh: killed by a signal" msgstr "sesh: zabit signálem" -#: src/sudo_edit.c:820 src/sudo_edit.c:905 +#: src/sudo_edit.c:487 src/sudo_edit.c:612 #, c-format msgid "sesh: unknown error %d" msgstr "sesh: neznámá chyba %d" -#: src/sudo_edit.c:895 +#: src/sudo_edit.c:602 msgid "unable to copy temporary files back to their original location" msgstr "dočasné soubory nelze zkopírovat zpět na jejich původní místo" -#: src/sudo_edit.c:899 +#: src/sudo_edit.c:606 msgid "unable to copy some of the temporary files back to their original location" msgstr "některé z dočasných souborů nelze zkopírovat zpět na jejich původní místo" -#: src/sudo_edit.c:943 +#: src/sudo_edit.c:649 #, c-format msgid "unable to change uid to root (%u)" msgstr "UID nelze změnit na roota (%u)" -#: src/sudo_edit.c:960 +#: src/sudo_edit.c:670 msgid "plugin error: missing file list for sudoedit" msgstr "chyba modulu: programu sudoedit chybí seznam souborů" -#: src/sudo_edit.c:1011 src/sudo_edit.c:1024 +#: src/sudo_edit.c:713 src/sudo_edit.c:727 msgid "unable to read the clock" msgstr "nelze přečíst hodiny" +#: src/sudo_intercept_common.c:341 +msgid "intercept port not set" +msgstr "zachytávací port nenastaven" + #: src/tgetpass.c:95 msgid "timed out reading password" msgstr "při čtení hesla vypršel čas" @@ -978,33 +1030,51 @@ msgid "no askpass program specified, try setting SUDO_ASKPASS" msgstr "program pro dotazování se na heslo nebyl zadán, zkuste nastavit SUDO_ASKPASS" -#: src/tgetpass.c:327 +#: src/tgetpass.c:328 #, c-format msgid "unable to set gid to %u" msgstr "GID nelze nastavit na %u" -#: src/tgetpass.c:331 +#: src/tgetpass.c:338 #, c-format msgid "unable to set uid to %u" msgstr "UID nelze nastavit na %u" -#: src/tgetpass.c:336 +#: src/tgetpass.c:343 #, c-format msgid "unable to run %s" msgstr "%s nelze spustit" -#: src/utmp.c:287 +#: src/utmp.c:288 msgid "unable to save stdin" msgstr "standardní vstup nelze uložit" -#: src/utmp.c:289 +#: src/utmp.c:290 msgid "unable to dup2 stdin" msgstr "standardní vstup nelze zduplikovat voláním dup2" -#: src/utmp.c:292 +#: src/utmp.c:293 msgid "unable to restore stdin" msgstr "standardní vstup nelze obnovit" +#~ msgid "unable to dup intercept fd" +#~ msgstr "zachycený deskriptor souboru nelze zduplikovat" + +#~ msgid "%s: missing message header" +#~ msgstr "%s: chybí hlavička zprávy" + +#~ msgid "%s: expected message type %d, got %d" +#~ msgstr "%s: očekávaný typ zprávy %d, obdržen %d" + +#~ msgid "you must specify a role for type %s" +#~ msgstr "pro typ %s musíte zadat roli" + +#~ msgid "unable to set tty context to %s" +#~ msgstr "nepodařilo se nastavit kontext TTY na %s" + +#~ msgid "%s%s: %s" +#~ msgstr "%s%s: %s" + #~ msgid "%s: short write" #~ msgstr "%s: krátký zápis" @@ -1017,9 +1087,6 @@ #~ msgid "no tty present and no askpass program specified" #~ msgstr "chybí terminál a program pro dotazování se na heslo nebyl zadán" -#~ msgid "unable to get group vector" -#~ msgstr "nelze získat vektor skupin" - #~ msgid "unknown uid %u: who are you?" #~ msgstr "neznámé UID %u: kdo jsi?" Binary files /tmp/tmpi0rdlgnl/ugezXHF7Xt/sudo-1.9.5p2/po/de.mo and /tmp/tmpi0rdlgnl/jboyaHmwzR/sudo-1.9.9/po/de.mo differ diff -Nru sudo-1.9.5p2/po/de.po sudo-1.9.9/po/de.po --- sudo-1.9.5p2/po/de.po 2020-12-17 01:33:44.000000000 +0000 +++ sudo-1.9.9/po/de.po 2022-01-27 21:24:22.000000000 +0000 @@ -1,13 +1,13 @@ # German translation for sudo. # This file is distributed under the same license as the sudo package. -# Jakob Kramer , 2012, 2013, 2014. -# Mario Blättermann , 2012, 2014-2017, 2019-2020. +# Jakob Kramer , 2012, 2013-2014. +# Mario Blättermann , 2012, 2014-2017, 2019-2021. msgid "" msgstr "" -"Project-Id-Version: sudo 1.9.3b1\n" +"Project-Id-Version: sudo 1.9.9b1\n" "Report-Msgid-Bugs-To: https://bugzilla.sudo.ws\n" -"POT-Creation-Date: 2020-09-12 08:28-0600\n" -"PO-Revision-Date: 2020-09-15 20:11+0200\n" +"POT-Creation-Date: 2021-12-08 10:19-0700\n" +"PO-Revision-Date: 2021-12-10 12:19+0100\n" "Last-Translator: Mario Blättermann \n" "Language-Team: German \n" "Language: de\n" @@ -16,7 +16,7 @@ "Content-Transfer-Encoding: 8bit\n" "X-Bugs: Report translation errors to the Language-Team address.\n" "Plural-Forms: nplurals=2; plural=(n != 1);\n" -"X-Generator: Lokalize 20.08.1\n" +"X-Generator: Lokalize 21.08.3\n" #: lib/util/aix.c:89 lib/util/aix.c:169 msgid "unable to open userdb" @@ -32,87 +32,94 @@ msgstr "Registrierungsdatenbank konnte nicht wiederhergestellt werden" #: lib/util/aix.c:272 lib/util/gidlist.c:66 lib/util/gidlist.c:76 -#: lib/util/json.c:54 lib/util/json.c:180 lib/util/sudo_conf.c:186 -#: lib/util/sudo_conf.c:272 lib/util/sudo_conf.c:349 lib/util/sudo_conf.c:575 -#: src/conversation.c:80 src/exec_common.c:106 src/exec_common.c:122 -#: src/exec_common.c:131 src/exec_monitor.c:206 src/exec_monitor.c:455 -#: src/exec_monitor.c:461 src/exec_monitor.c:469 src/exec_monitor.c:477 -#: src/exec_monitor.c:484 src/exec_monitor.c:491 src/exec_monitor.c:498 -#: src/exec_monitor.c:505 src/exec_monitor.c:512 src/exec_monitor.c:519 -#: src/exec_monitor.c:526 src/exec_nopty.c:212 src/exec_nopty.c:221 -#: src/exec_nopty.c:228 src/exec_nopty.c:235 src/exec_nopty.c:242 -#: src/exec_nopty.c:249 src/exec_nopty.c:256 src/exec_nopty.c:263 -#: src/exec_nopty.c:270 src/exec_nopty.c:277 src/exec_nopty.c:284 -#: src/exec_nopty.c:291 src/exec_nopty.c:299 src/exec_nopty.c:473 -#: src/exec_pty.c:827 src/exec_pty.c:836 src/exec_pty.c:893 -#: src/exec_pty.c:1046 src/exec_pty.c:1218 src/exec_pty.c:1227 -#: src/exec_pty.c:1234 src/exec_pty.c:1241 src/exec_pty.c:1248 -#: src/exec_pty.c:1255 src/exec_pty.c:1262 src/exec_pty.c:1269 -#: src/exec_pty.c:1276 src/exec_pty.c:1283 src/exec_pty.c:1290 -#: src/exec_pty.c:1298 src/exec_pty.c:1740 src/load_plugins.c:52 -#: src/load_plugins.c:65 src/load_plugins.c:163 src/load_plugins.c:188 -#: src/load_plugins.c:223 src/load_plugins.c:463 src/load_plugins.c:469 -#: src/parse_args.c:181 src/parse_args.c:202 src/parse_args.c:275 -#: src/parse_args.c:616 src/parse_args.c:638 src/parse_args.c:663 -#: src/preserve_fds.c:46 src/preserve_fds.c:131 src/selinux.c:90 -#: src/selinux.c:360 src/selinux.c:489 src/selinux.c:498 src/sesh.c:115 -#: src/sudo.c:632 src/sudo.c:701 src/sudo.c:711 src/sudo.c:732 src/sudo.c:751 -#: src/sudo.c:760 src/sudo.c:769 src/sudo.c:786 src/sudo.c:828 src/sudo.c:838 -#: src/sudo.c:867 src/sudo.c:1053 src/sudo.c:1075 src/sudo.c:1373 -#: src/sudo.c:1546 src/sudo.c:1740 src/sudo.c:2084 src/sudo_edit.c:263 -#: src/sudo_edit.c:770 src/sudo_edit.c:854 src/sudo_edit.c:976 -#: src/sudo_edit.c:996 +#: lib/util/json.c:54 lib/util/json.c:183 lib/util/sudo_conf.c:218 +#: lib/util/sudo_conf.c:304 lib/util/sudo_conf.c:381 lib/util/sudo_conf.c:665 +#: src/conversation.c:80 src/exec_monitor.c:206 src/exec_monitor.c:456 +#: src/exec_monitor.c:462 src/exec_monitor.c:470 src/exec_monitor.c:478 +#: src/exec_monitor.c:485 src/exec_monitor.c:492 src/exec_monitor.c:499 +#: src/exec_monitor.c:506 src/exec_monitor.c:513 src/exec_monitor.c:520 +#: src/exec_monitor.c:527 src/exec_nopty.c:219 src/exec_nopty.c:228 +#: src/exec_nopty.c:235 src/exec_nopty.c:242 src/exec_nopty.c:249 +#: src/exec_nopty.c:256 src/exec_nopty.c:263 src/exec_nopty.c:270 +#: src/exec_nopty.c:277 src/exec_nopty.c:284 src/exec_nopty.c:291 +#: src/exec_nopty.c:298 src/exec_nopty.c:306 src/exec_nopty.c:503 +#: src/exec_preload.c:143 src/exec_preload.c:204 src/exec_pty.c:840 +#: src/exec_pty.c:849 src/exec_pty.c:906 src/exec_pty.c:1059 +#: src/exec_pty.c:1231 src/exec_pty.c:1240 src/exec_pty.c:1247 +#: src/exec_pty.c:1254 src/exec_pty.c:1261 src/exec_pty.c:1268 +#: src/exec_pty.c:1275 src/exec_pty.c:1282 src/exec_pty.c:1289 +#: src/exec_pty.c:1296 src/exec_pty.c:1303 src/exec_pty.c:1311 +#: src/exec_pty.c:1774 src/load_plugins.c:156 src/load_plugins.c:181 +#: src/load_plugins.c:217 src/load_plugins.c:449 src/load_plugins.c:455 +#: src/parse_args.c:190 src/parse_args.c:211 src/parse_args.c:285 +#: src/parse_args.c:630 src/parse_args.c:652 src/parse_args.c:677 +#: src/preserve_fds.c:46 src/preserve_fds.c:131 src/selinux.c:89 +#: src/selinux.c:369 src/selinux.c:489 src/selinux.c:498 src/sesh.c:113 +#: src/sesh.c:146 src/sesh.c:152 src/sesh.c:159 src/sesh.c:165 src/sesh.c:410 +#: src/sudo.c:636 src/sudo.c:706 src/sudo.c:716 src/sudo.c:741 src/sudo.c:764 +#: src/sudo.c:773 src/sudo.c:782 src/sudo.c:799 src/sudo.c:849 src/sudo.c:859 +#: src/sudo.c:888 src/sudo.c:1087 src/sudo.c:1108 src/sudo.c:1401 +#: src/sudo.c:1570 src/sudo.c:1797 src/sudo.c:2131 src/sudo_edit.c:89 +#: src/sudo_edit.c:149 src/sudo_edit.c:429 src/sudo_edit.c:438 +#: src/sudo_edit.c:539 src/sudo_edit.c:546 src/sudo_edit.c:677 +#: src/sudo_edit.c:697 src/sudo_intercept_common.c:113 +#: src/sudo_intercept_common.c:317 #, c-format msgid "%s: %s" msgstr "%s: %s" #: lib/util/aix.c:272 lib/util/gidlist.c:66 lib/util/json.c:55 -#: lib/util/json.c:181 lib/util/sudo_conf.c:187 lib/util/sudo_conf.c:272 -#: lib/util/sudo_conf.c:349 lib/util/sudo_conf.c:575 src/conversation.c:81 -#: src/exec_common.c:106 src/exec_common.c:123 src/exec_common.c:132 -#: src/exec_monitor.c:455 src/exec_monitor.c:461 src/exec_monitor.c:469 -#: src/exec_monitor.c:477 src/exec_monitor.c:484 src/exec_monitor.c:491 -#: src/exec_monitor.c:498 src/exec_monitor.c:505 src/exec_monitor.c:512 -#: src/exec_monitor.c:519 src/exec_monitor.c:526 src/exec_nopty.c:212 -#: src/exec_nopty.c:221 src/exec_nopty.c:228 src/exec_nopty.c:235 -#: src/exec_nopty.c:242 src/exec_nopty.c:249 src/exec_nopty.c:256 -#: src/exec_nopty.c:263 src/exec_nopty.c:270 src/exec_nopty.c:277 -#: src/exec_nopty.c:284 src/exec_nopty.c:291 src/exec_nopty.c:299 -#: src/exec_pty.c:827 src/exec_pty.c:836 src/exec_pty.c:893 -#: src/exec_pty.c:1218 src/exec_pty.c:1227 src/exec_pty.c:1234 -#: src/exec_pty.c:1241 src/exec_pty.c:1248 src/exec_pty.c:1255 -#: src/exec_pty.c:1262 src/exec_pty.c:1269 src/exec_pty.c:1276 -#: src/exec_pty.c:1283 src/exec_pty.c:1290 src/exec_pty.c:1298 -#: src/exec_pty.c:1740 src/load_plugins.c:163 src/load_plugins.c:188 -#: src/load_plugins.c:223 src/load_plugins.c:463 src/load_plugins.c:469 -#: src/parse_args.c:181 src/parse_args.c:203 src/parse_args.c:275 -#: src/parse_args.c:616 src/parse_args.c:638 src/parse_args.c:663 -#: src/preserve_fds.c:46 src/preserve_fds.c:131 src/selinux.c:90 -#: src/selinux.c:360 src/selinux.c:489 src/selinux.c:498 src/sesh.c:115 -#: src/sudo.c:235 src/sudo.c:632 src/sudo.c:867 src/sudo.c:1053 -#: src/sudo.c:1075 src/sudo.c:1373 src/sudo.c:1546 src/sudo.c:1740 -#: src/sudo.c:2084 src/sudo_edit.c:263 src/sudo_edit.c:770 src/sudo_edit.c:854 -#: src/sudo_edit.c:976 src/sudo_edit.c:996 +#: lib/util/json.c:184 lib/util/sudo_conf.c:219 lib/util/sudo_conf.c:304 +#: lib/util/sudo_conf.c:381 lib/util/sudo_conf.c:665 src/conversation.c:81 +#: src/exec_intercept.c:100 src/exec_intercept.c:330 src/exec_intercept.c:354 +#: src/exec_intercept.c:377 src/exec_intercept.c:385 src/exec_intercept.c:410 +#: src/exec_intercept.c:416 src/exec_intercept.c:425 src/exec_intercept.c:431 +#: src/exec_intercept.c:565 src/exec_intercept.c:706 src/exec_monitor.c:456 +#: src/exec_monitor.c:462 src/exec_monitor.c:470 src/exec_monitor.c:478 +#: src/exec_monitor.c:485 src/exec_monitor.c:492 src/exec_monitor.c:499 +#: src/exec_monitor.c:506 src/exec_monitor.c:513 src/exec_monitor.c:520 +#: src/exec_monitor.c:527 src/exec_nopty.c:219 src/exec_nopty.c:228 +#: src/exec_nopty.c:235 src/exec_nopty.c:242 src/exec_nopty.c:249 +#: src/exec_nopty.c:256 src/exec_nopty.c:263 src/exec_nopty.c:270 +#: src/exec_nopty.c:277 src/exec_nopty.c:284 src/exec_nopty.c:291 +#: src/exec_nopty.c:298 src/exec_nopty.c:306 src/exec_preload.c:143 +#: src/exec_preload.c:204 src/exec_pty.c:840 src/exec_pty.c:849 +#: src/exec_pty.c:906 src/exec_pty.c:1231 src/exec_pty.c:1240 +#: src/exec_pty.c:1247 src/exec_pty.c:1254 src/exec_pty.c:1261 +#: src/exec_pty.c:1268 src/exec_pty.c:1275 src/exec_pty.c:1282 +#: src/exec_pty.c:1289 src/exec_pty.c:1296 src/exec_pty.c:1303 +#: src/exec_pty.c:1311 src/exec_pty.c:1774 src/load_plugins.c:156 +#: src/load_plugins.c:181 src/load_plugins.c:217 src/load_plugins.c:449 +#: src/load_plugins.c:455 src/parse_args.c:190 src/parse_args.c:212 +#: src/parse_args.c:285 src/parse_args.c:630 src/parse_args.c:652 +#: src/parse_args.c:677 src/preserve_fds.c:46 src/preserve_fds.c:131 +#: src/selinux.c:89 src/selinux.c:369 src/selinux.c:489 src/selinux.c:498 +#: src/sesh.c:113 src/sesh.c:411 src/sudo.c:227 src/sudo.c:636 src/sudo.c:888 +#: src/sudo.c:1087 src/sudo.c:1108 src/sudo.c:1401 src/sudo.c:1570 +#: src/sudo.c:1797 src/sudo.c:2131 src/sudo_edit.c:89 src/sudo_edit.c:149 +#: src/sudo_edit.c:429 src/sudo_edit.c:438 src/sudo_edit.c:539 +#: src/sudo_edit.c:546 src/sudo_edit.c:677 src/sudo_edit.c:697 +#: src/sudo_intercept_common.c:113 src/sudo_intercept_common.c:317 msgid "unable to allocate memory" msgstr "Speicher konnte nicht zugewiesen werden" -#: lib/util/mkdir_parents.c:69 lib/util/sudo_conf.c:614 src/selinux.c:234 -#: src/selinux.c:264 src/sudo.c:369 +#: lib/util/mkdir_parents.c:68 lib/util/sudo_conf.c:704 src/selinux.c:235 +#: src/selinux.c:265 src/sudo.c:368 src/sudo_edit.c:494 src/sudo_edit.c:559 #, c-format msgid "unable to open %s" msgstr "%s konnte nicht geöffnet werden" -#: lib/util/mkdir_parents.c:84 +#: lib/util/mkdir_parents.c:83 #, c-format msgid "unable to mkdir %s" msgstr "Verzeichnis %s konnte nicht erstellt werden" -#: lib/util/mkdir_parents.c:93 lib/util/sudo_conf.c:591 +#: lib/util/mkdir_parents.c:92 lib/util/sudo_conf.c:681 src/copy_file.c:150 #, c-format msgid "unable to stat %s" msgstr "stat konnte nicht auf %s angewendet werden" -#: lib/util/mkdir_parents.c:98 +#: lib/util/mkdir_parents.c:97 #, c-format msgid "%s exists but is not a directory (0%o)" msgstr "%s existiert, aber ist kein Verzeichnis (0%o)" @@ -122,7 +129,7 @@ msgstr "Unbekanntes Signal" #: lib/util/strtoid.c:87 lib/util/strtomode.c:52 lib/util/strtonum.c:148 -#: lib/util/strtonum.c:187 +#: lib/util/strtonum.c:187 src/sesh.c:146 src/sesh.c:159 msgid "invalid value" msgstr "ungültiger Wert" @@ -134,110 +141,173 @@ msgid "value too small" msgstr "Wert zu klein" -#: lib/util/sudo_conf.c:205 +#: lib/util/sudo_conf.c:237 #, c-format msgid "invalid Path value \"%s\" in %s, line %u" msgstr "Ungültiger Pfad-Wert »%s« in %s, Zeile %u" -#: lib/util/sudo_conf.c:371 lib/util/sudo_conf.c:387 lib/util/sudo_conf.c:440 +#: lib/util/sudo_conf.c:403 lib/util/sudo_conf.c:419 lib/util/sudo_conf.c:472 #, c-format msgid "invalid value for %s \"%s\" in %s, line %u" msgstr "Ungültiger Wert für %s »%s« in %s, Zeile %u" -#: lib/util/sudo_conf.c:408 +#: lib/util/sudo_conf.c:440 #, c-format msgid "unsupported group source \"%s\" in %s, line %u" msgstr "Nicht unterstützte Gruppenquelle »%s« in %s, Zeile %u" -#: lib/util/sudo_conf.c:424 +#: lib/util/sudo_conf.c:456 #, c-format msgid "invalid max groups \"%s\" in %s, line %u" msgstr "Ungültige Maximalzahl an Gruppen »%s« in %s, Zeile %u" -#: lib/util/sudo_conf.c:594 +#: lib/util/sudo_conf.c:684 #, c-format msgid "%s is not a regular file" msgstr "%s ist keine reguläre Datei" -#: lib/util/sudo_conf.c:597 +#: lib/util/sudo_conf.c:687 src/copy_file.c:163 #, c-format msgid "%s is owned by uid %u, should be %u" msgstr "%s gehört Benutzer mit UID %u, sollte allerdings %u gehören" -#: lib/util/sudo_conf.c:601 +#: lib/util/sudo_conf.c:691 #, c-format msgid "%s is world writable" msgstr "%s kann von allen verändert werden" -#: lib/util/sudo_conf.c:604 +#: lib/util/sudo_conf.c:694 #, c-format msgid "%s is group writable" msgstr "%s kann von der Gruppe verändert werden" -#: src/copy_file.c:91 +#: src/copy_file.c:93 #, c-format msgid "%s: truncate %s to zero bytes? (y/n) [n] " msgstr "%s: %s auf null Byte kürzen? (j/n) [n] " -#: src/copy_file.c:95 +#: src/copy_file.c:97 #, c-format msgid "not overwriting %s" msgstr "%s wird nicht überschrieben" -#: src/copy_file.c:117 +#: src/copy_file.c:119 #, c-format msgid "unable to read from %s" msgstr "Aus %s konnte nicht gelesen werden" -#: src/copy_file.c:134 src/sudo_edit.c:695 +#: src/copy_file.c:136 src/sudo_edit.c:320 #, c-format msgid "unable to write to %s" msgstr "%s konnte nicht beschrieben werden" -#: src/exec.c:128 +#: src/copy_file.c:154 src/sesh.c:218 src/sudo_edit.c:197 +#, c-format +msgid "%s: not a regular file" +msgstr "%s: Keine reguläre Datei" + +#: src/copy_file.c:158 +#, c-format +msgid "%s: bad file mode: 0%o" +msgstr "%s: falscher Dateimodus: 0%o" + +#: src/edit_open.c:331 +msgid "unable to restore current working directory" +msgstr "Aktueller Arbeitsordner konnte nicht wiederhergestellt werden" + +#: src/exec.c:130 #, c-format msgid "unknown login class %s" msgstr "Unbekannte Anmeldungsklasse %s" -#: src/exec.c:140 +#: src/exec.c:142 msgid "unable to set user context" msgstr "Benutzerkontext konnte nicht gesetzt werden" -#: src/exec.c:156 +#: src/exec.c:158 msgid "unable to set process priority" msgstr "Prozesspriorität konnte nicht gesetzt werden" -#: src/exec.c:170 +#: src/exec.c:175 #, c-format msgid "unable to change root to %s" msgstr "Wurzelverzeichnis konnte nicht zu %s geändert werden" -#: src/exec.c:183 src/exec.c:189 src/exec.c:196 +#: src/exec.c:188 src/exec.c:194 src/exec.c:201 #, c-format msgid "unable to change to runas uid (%u, %u)" msgstr "Es konnte nicht zu »runas«-GID gewechselt werden (%u, %u)" -#: src/exec.c:214 +#: src/exec.c:219 #, c-format msgid "unable to change directory to %s" msgstr "In Verzeichnis »%s« konnte nicht gewechselt werden" -#: src/exec.c:218 +#: src/exec.c:223 #, c-format msgid "starting from %s" msgstr "beginnend mit %s" -#: src/exec.c:300 src/exec_monitor.c:564 src/exec_monitor.c:566 -#: src/exec_nopty.c:531 src/exec_pty.c:568 src/exec_pty.c:1386 -#: src/exec_pty.c:1388 src/signal.c:139 src/signal.c:153 +#: src/exec.c:305 src/exec_monitor.c:565 src/exec_monitor.c:567 +#: src/exec_nopty.c:561 src/exec_pty.c:581 src/exec_pty.c:1411 +#: src/exec_pty.c:1413 src/signal.c:144 src/signal.c:151 src/signal.c:165 #, c-format msgid "unable to set handler for signal %d" msgstr "Handler für Signal %d konnte nicht gesetzt werden" -#: src/exec_common.c:165 +#: src/exec_common.c:56 msgid "unable to remove PRIV_PROC_EXEC from PRIV_LIMIT" msgstr "PRIV_PROC_EXEC konnte nicht von PRIV_LIMIT entfernt werden" +#: src/exec_intercept.c:112 src/exec_intercept.c:116 src/exec_intercept.c:667 +#: src/exec_intercept.c:671 src/exec_intercept.c:857 src/exec_intercept.c:861 +#: src/exec_intercept.c:872 src/exec_intercept.c:876 src/exec_monitor.c:464 +#: src/exec_monitor.c:472 src/exec_monitor.c:480 src/exec_monitor.c:487 +#: src/exec_monitor.c:494 src/exec_monitor.c:501 src/exec_monitor.c:508 +#: src/exec_monitor.c:515 src/exec_monitor.c:522 src/exec_monitor.c:529 +#: src/exec_nopty.c:221 src/exec_nopty.c:230 src/exec_nopty.c:237 +#: src/exec_nopty.c:244 src/exec_nopty.c:251 src/exec_nopty.c:258 +#: src/exec_nopty.c:265 src/exec_nopty.c:272 src/exec_nopty.c:279 +#: src/exec_nopty.c:286 src/exec_nopty.c:293 src/exec_nopty.c:300 +#: src/exec_nopty.c:308 src/exec_pty.c:706 src/exec_pty.c:711 +#: src/exec_pty.c:808 src/exec_pty.c:815 src/exec_pty.c:912 +#: src/exec_pty.c:1233 src/exec_pty.c:1242 src/exec_pty.c:1249 +#: src/exec_pty.c:1256 src/exec_pty.c:1263 src/exec_pty.c:1270 +#: src/exec_pty.c:1277 src/exec_pty.c:1284 src/exec_pty.c:1291 +#: src/exec_pty.c:1298 src/exec_pty.c:1305 src/exec_pty.c:1727 +#: src/exec_pty.c:1737 src/exec_pty.c:1782 src/exec_pty.c:1789 +#: src/exec_pty.c:1816 +msgid "unable to add event to queue" +msgstr "Ereignis konnte nicht zur Warteschlange hinzugefügt werden" + +#: src/exec_intercept.c:314 +msgid "invalid PolicyCheckRequest" +msgstr "ungültige PolicyCheckRequest" + +#: src/exec_intercept.c:362 src/sudo.c:1213 src/sudo.c:1258 src/sudo.c:1302 +msgid "command rejected by policy" +msgstr "Befehl wurde durch Regelwerk abgewiesen" + +#: src/exec_intercept.c:455 src/sudo.c:1218 src/sudo.c:1263 src/sudo.c:1307 +#: src/sudo.c:1381 +msgid "policy plugin error" +msgstr "Regelwerk-Plugin-Fehler" + +#: src/exec_intercept.c:561 +#, c-format +msgid "client request too large: %zu" +msgstr "Client-Anfrage ist zu groß: %zu" + +#: src/exec_intercept.c:659 +#, c-format +msgid "unexpected type_case value %d in %s from %s" +msgstr "unerwarteter Wert %d für type_case in %s aus %s" + +#: src/exec_intercept.c:694 +#, c-format +msgid "server message too large: %zu" +msgstr "Server-Meldung ist zu groß: %zu" + #: src/exec_monitor.c:360 msgid "error reading from socketpair" msgstr "Fehler beim Lesen des Socket-Paars" @@ -247,203 +317,180 @@ msgid "unexpected reply type on backchannel: %d" msgstr "Unerwarteter Antworttyp auf Rückmeldungskanal: %d" -#: src/exec_monitor.c:463 src/exec_monitor.c:471 src/exec_monitor.c:479 -#: src/exec_monitor.c:486 src/exec_monitor.c:493 src/exec_monitor.c:500 -#: src/exec_monitor.c:507 src/exec_monitor.c:514 src/exec_monitor.c:521 -#: src/exec_monitor.c:528 src/exec_nopty.c:214 src/exec_nopty.c:223 -#: src/exec_nopty.c:230 src/exec_nopty.c:237 src/exec_nopty.c:244 -#: src/exec_nopty.c:251 src/exec_nopty.c:258 src/exec_nopty.c:265 -#: src/exec_nopty.c:272 src/exec_nopty.c:279 src/exec_nopty.c:286 -#: src/exec_nopty.c:293 src/exec_nopty.c:301 src/exec_pty.c:693 -#: src/exec_pty.c:698 src/exec_pty.c:795 src/exec_pty.c:802 src/exec_pty.c:899 -#: src/exec_pty.c:1220 src/exec_pty.c:1229 src/exec_pty.c:1236 -#: src/exec_pty.c:1243 src/exec_pty.c:1250 src/exec_pty.c:1257 -#: src/exec_pty.c:1264 src/exec_pty.c:1271 src/exec_pty.c:1278 -#: src/exec_pty.c:1285 src/exec_pty.c:1292 src/exec_pty.c:1693 -#: src/exec_pty.c:1703 src/exec_pty.c:1748 src/exec_pty.c:1755 -#: src/exec_pty.c:1782 -msgid "unable to add event to queue" -msgstr "Ereignis konnte nicht zur Warteschlange hinzugefügt werden" - -#: src/exec_monitor.c:582 +#: src/exec_monitor.c:583 msgid "unable to set controlling tty" msgstr "Kontrollierendes TTY konnte nicht gesetzt werden" -#: src/exec_monitor.c:590 src/exec_nopty.c:358 src/exec_pty.c:1465 -#: src/exec_pty.c:1486 src/exec_pty.c:1506 src/tgetpass.c:306 +#: src/exec_monitor.c:591 src/exec_nopty.c:369 src/exec_pty.c:1490 +#: src/exec_pty.c:1511 src/exec_pty.c:1531 src/tgetpass.c:307 msgid "unable to create pipe" msgstr "Weiterleitung konnte nicht erstellt werden" -#: src/exec_monitor.c:598 +#: src/exec_monitor.c:601 msgid "unable to receive message from parent" msgstr "Die Nachricht konnte nicht empfangen werden" -#: src/exec_monitor.c:612 src/exec_nopty.c:387 src/exec_pty.c:1544 -#: src/sudo_edit.c:735 src/tgetpass.c:310 +#: src/exec_monitor.c:617 src/exec_nopty.c:407 src/exec_pty.c:1569 +#: src/sudo_edit.c:361 src/tgetpass.c:311 msgid "unable to fork" msgstr "Es konnte nicht geforkt werden" -#: src/exec_monitor.c:616 src/exec_monitor.c:715 src/exec_nopty.c:441 +#: src/exec_monitor.c:621 src/exec_monitor.c:722 src/exec_nopty.c:471 msgid "unable to restore tty label" msgstr "TTY-Kennzeichnung konnte nicht wiederhergestellt werden" -#: src/exec_monitor.c:632 src/sesh.c:125 src/sudo.c:1131 +#: src/exec_monitor.c:637 src/sesh.c:123 src/sudo.c:1164 #, c-format msgid "unable to execute %s" msgstr "%s konnte nicht ausgeführt werden" -#: src/exec_nopty.c:352 src/exec_pty.c:1395 +#: src/exec_nopty.c:363 src/exec_pty.c:1420 msgid "policy plugin failed session initialization" msgstr "Regelwerks-Plugin konnte Sitzung nicht initialisieren" -#: src/exec_nopty.c:429 src/exec_pty.c:1632 +#: src/exec_nopty.c:377 src/exec_pty.c:1391 src/exec_pty.c:1399 +msgid "unable to create sockets" +msgstr "Sockets konnten nicht hergestellt werden" + +#: src/exec_nopty.c:459 src/exec_pty.c:1666 msgid "error in event loop" msgstr "Fehler in Ereignisschleife" -#: src/exec_nopty.c:539 src/exec_pty.c:606 src/signal.c:101 +#: src/exec_nopty.c:569 src/exec_pty.c:619 src/signal.c:101 #, c-format msgid "unable to restore handler for signal %d" msgstr "Handler für Signal %d konnte nicht wiederhergestellt werden" -#: src/exec_pty.c:152 +#: src/exec_pty.c:158 msgid "unable to allocate pty" msgstr "PTY konnte nicht vergeben werden" -#: src/exec_pty.c:216 src/exec_pty.c:255 src/exec_pty.c:294 src/exec_pty.c:344 -#: src/exec_pty.c:394 +#: src/exec_pty.c:222 src/exec_pty.c:262 src/exec_pty.c:302 src/exec_pty.c:353 +#: src/exec_pty.c:404 msgid "I/O plugin error" msgstr "E/A-Pluginfehler" -#: src/exec_pty.c:219 src/exec_pty.c:258 src/exec_pty.c:297 src/exec_pty.c:347 -#: src/exec_pty.c:397 +#: src/exec_pty.c:226 src/exec_pty.c:266 src/exec_pty.c:306 src/exec_pty.c:357 +#: src/exec_pty.c:408 msgid "command rejected by I/O plugin" msgstr "Befehl wurde vom E/A-Plugin abgewiesen" -#: src/exec_pty.c:444 +#: src/exec_pty.c:455 msgid "error logging suspend" msgstr "Fehler bei der Aussetzung der Protokollierung" -#: src/exec_pty.c:477 +#: src/exec_pty.c:489 msgid "error changing window size" msgstr "Fehler beim Ändern der Fenstergröße" -#: src/exec_pty.c:1375 -msgid "unable to create sockets" -msgstr "Sockets konnten nicht hergestellt werden" - -#: src/exec_pty.c:1587 +#: src/exec_pty.c:1615 msgid "unable to send message to monitor process" msgstr "Die Nachricht konnte nicht an den überwachenden Prozess verschickt werden" -#: src/load_plugins.c:50 src/load_plugins.c:63 src/load_plugins.c:85 -#: src/load_plugins.c:115 src/load_plugins.c:129 src/load_plugins.c:135 -#: src/load_plugins.c:287 src/load_plugins.c:297 src/load_plugins.c:307 -#: src/load_plugins.c:354 +#: src/load_plugins.c:108 src/load_plugins.c:122 src/load_plugins.c:128 +#: src/load_plugins.c:277 src/load_plugins.c:287 src/load_plugins.c:297 +#: src/load_plugins.c:344 #, c-format msgid "error in %s, line %d while loading plugin \"%s\"" msgstr "Fehler in %s, Zeile %d, während Plugin »%s« geladen wurde" -#: src/load_plugins.c:87 -#, c-format -msgid "%s%s: %s" -msgstr "%s%s: %s" - -#: src/load_plugins.c:131 +#: src/load_plugins.c:124 #, c-format msgid "%s must be owned by uid %d" msgstr "%s muss Benutzer mit UID %d gehören" -#: src/load_plugins.c:137 +#: src/load_plugins.c:130 #, c-format msgid "%s must be only be writable by owner" msgstr "%s darf nur vom Besitzer beschreibbar sein" -#: src/load_plugins.c:247 src/load_plugins.c:322 +#: src/load_plugins.c:241 src/load_plugins.c:312 #, c-format msgid "ignoring duplicate plugin \"%s\" in %s, line %d" msgstr "Doppelt vorhandenes Plugin »%s« in %s, Zeile %d, wird ignoriert" -#: src/load_plugins.c:289 +#: src/load_plugins.c:279 #, c-format msgid "unable to load %s: %s" msgstr "»%s« konnte nicht geladen werden: %s" -#: src/load_plugins.c:299 +#: src/load_plugins.c:289 #, c-format msgid "unable to find symbol \"%s\" in %s" msgstr "Symbol »%s« konnte in %s nicht gefunden werden" -#: src/load_plugins.c:309 +#: src/load_plugins.c:299 #, c-format msgid "incompatible plugin major version %d (expected %d) found in %s" msgstr "Inkompatible Hauptversion %d des Regelwerks (%d erwartet) wurde in %s gefunden" -#: src/load_plugins.c:327 +#: src/load_plugins.c:317 #, c-format msgid "ignoring policy plugin \"%s\" in %s, line %d" msgstr "Regelwerks-Plugin »%s« in %s, Zeile %d, wird ignoriert" -#: src/load_plugins.c:330 +#: src/load_plugins.c:320 msgid "only a single policy plugin may be specified" msgstr "Nur ein einziges Regelwerks-Plugin kann geladen werden" -#: src/load_plugins.c:356 +#: src/load_plugins.c:346 #, c-format msgid "unknown plugin type %d found in %s" msgstr "Unbekannter Plugintyp %d wurde in %s gefunden" -#: src/load_plugins.c:552 +#: src/load_plugins.c:529 #, c-format msgid "policy plugin %s does not include a check_policy method" msgstr "Das Regelwerks-Plugin %s enthält keine check_policy-Methode" -#: src/net_ifs.c:178 src/net_ifs.c:195 src/net_ifs.c:340 src/sudo.c:479 +#: src/net_ifs.c:210 src/net_ifs.c:376 src/net_ifs.c:437 src/net_ifs.c:624 +#: src/net_ifs.c:855 src/sudo.c:483 src/sudo_edit.c:398 src/sudo_edit.c:406 #, c-format msgid "internal error, %s overflow" msgstr "Interner Fehler: %s-Überlauf" -#: src/parse_args.c:223 +#: src/parse_args.c:232 #, c-format msgid "invalid environment variable name: %s" msgstr "Unzulässiger Name der Umgebungsvariable: %s" -#: src/parse_args.c:325 +#: src/parse_args.c:335 msgid "the argument to -C must be a number greater than or equal to 3" msgstr "Das Argument für -C muss eine Zahl größer oder gleich 3 sein" -#: src/parse_args.c:552 +#: src/parse_args.c:566 msgid "you may not specify both the -i and -s options" msgstr "Die Optionen -i und -s können nicht gemeinsam benutzt werden" -#: src/parse_args.c:557 +#: src/parse_args.c:571 msgid "you may not specify both the -i and -E options" msgstr "Die Optionen -i und -E können nicht gemeinsam benutzt werden" -#: src/parse_args.c:567 +#: src/parse_args.c:581 msgid "the -E option is not valid in edit mode" msgstr "Die Option -E ist im Bearbeiten-Modus ungültig" -#: src/parse_args.c:570 +#: src/parse_args.c:584 msgid "you may not specify environment variables in edit mode" msgstr "Im Bearbeiten-Modus können keine Umgebungsvariablen gesetzt werden" -#: src/parse_args.c:580 +#: src/parse_args.c:594 msgid "the -U option may only be used with the -l option" msgstr "Die Option -U kann nur zusammen mit -l benutzt werden" -#: src/parse_args.c:584 +#: src/parse_args.c:598 msgid "the -A and -S options may not be used together" msgstr "Die Optionen -A und -S können nicht gemeinsam benutzt werden" -#: src/parse_args.c:677 +#: src/parse_args.c:691 msgid "sudoedit is not supported on this platform" msgstr "sudoedit ist auf dieser Plattform nicht verfügbar" -#: src/parse_args.c:759 +#: src/parse_args.c:774 msgid "Only one of the -e, -h, -i, -K, -l, -s, -v or -V options may be specified" msgstr "Nur eine der Optionen -e, -h, -i, -K, -l, -s, -v oder -V darf angegeben werden" -#: src/parse_args.c:773 +#: src/parse_args.c:790 #, c-format msgid "" "%s - edit files as another user\n" @@ -452,7 +499,7 @@ "%s - Dateien als anderer Benutzer verändern\n" "\n" -#: src/parse_args.c:775 +#: src/parse_args.c:792 #, c-format msgid "" "%s - execute a command as another user\n" @@ -461,7 +508,7 @@ "%s - Einen Befehl als anderer Benutzer ausführen\n" "\n" -#: src/parse_args.c:780 +#: src/parse_args.c:798 msgid "" "\n" "Options:\n" @@ -469,229 +516,219 @@ "\n" "Optionen:\n" -#: src/parse_args.c:782 +#: src/parse_args.c:800 msgid "use a helper program for password prompting" msgstr "Hilfsprogramm zum Eingeben des Passworts verwenden" -#: src/parse_args.c:785 +#: src/parse_args.c:803 msgid "use specified BSD authentication type" msgstr "Angegebenen BSD-Legitimierungstypen verwenden" -#: src/parse_args.c:788 +#: src/parse_args.c:807 msgid "run command in the background" msgstr "Befehl im Hintergrund ausführen" -#: src/parse_args.c:790 +#: src/parse_args.c:810 msgid "ring bell when prompting" msgstr "Bei Eingabeaufforderung Systemklang abspielen" -#: src/parse_args.c:792 +#: src/parse_args.c:812 msgid "close all file descriptors >= num" msgstr "Alle Dateideskriptoren >= num schließen" -#: src/parse_args.c:795 +#: src/parse_args.c:815 msgid "run command with the specified BSD login class" msgstr "Befehl unter angegebener Login-Klasse ausführen" -#: src/parse_args.c:798 +#: src/parse_args.c:818 msgid "change the working directory before running command" msgstr "Arbeitsverzeichnis vor der Ausführung des Befehls wechseln" -#: src/parse_args.c:800 +#: src/parse_args.c:821 msgid "preserve user environment when running command" msgstr "Benutzerumgebung beim Starten des Befehls beibehalten" -#: src/parse_args.c:802 +#: src/parse_args.c:823 msgid "preserve specific environment variables" msgstr "Spezifische Umgebungsvariablen beibehalten" -#: src/parse_args.c:804 +#: src/parse_args.c:825 msgid "edit files instead of running a command" msgstr "Dateien bearbeiten, statt einen Befehl auszuführen" -#: src/parse_args.c:806 +#: src/parse_args.c:828 msgid "run command as the specified group name or ID" msgstr "Befehl unter angegebenem Gruppennamen oder Gruppen-ID ausführen" -#: src/parse_args.c:808 +#: src/parse_args.c:831 msgid "set HOME variable to target user's home dir" msgstr "HOME-Variable als Home-Verzeichnis des Zielbenutzers setzen" -#: src/parse_args.c:810 +#: src/parse_args.c:834 msgid "display help message and exit" msgstr "Hilfe ausgeben und beenden" -#: src/parse_args.c:812 +#: src/parse_args.c:836 msgid "run command on host (if supported by plugin)" msgstr "Befehl auf entferntem System ausführen (falls vom Plugin unterstützt)" -#: src/parse_args.c:814 +#: src/parse_args.c:839 msgid "run login shell as the target user; a command may also be specified" msgstr "Anmeldeshell als Zielbenutzer starten; es kann auch ein Befehl angegeben werden" -#: src/parse_args.c:816 +#: src/parse_args.c:841 msgid "remove timestamp file completely" msgstr "Zeitstempeldateien komplett entfernen" -#: src/parse_args.c:818 +#: src/parse_args.c:844 msgid "invalidate timestamp file" msgstr "Zeitstempeldatei ungültig machen" -#: src/parse_args.c:820 +#: src/parse_args.c:847 msgid "list user's privileges or check a specific command; use twice for longer format" msgstr "Benutzerrechte aufzählen oder einen bestimmten Befehl testen; für ein längeres Format zweimal angeben" -#: src/parse_args.c:822 +#: src/parse_args.c:850 msgid "non-interactive mode, no prompts are used" msgstr "Nicht-interaktiver Modus, es werden keine Eingabeaufforderungen verwendet" -#: src/parse_args.c:824 +#: src/parse_args.c:853 msgid "preserve group vector instead of setting to target's" msgstr "Gruppen-Vektor beibehalten, statt auf den des Zielbenutzers zu setzen" -#: src/parse_args.c:826 +#: src/parse_args.c:856 msgid "use the specified password prompt" msgstr "Angegebene Passwort-Eingabeaufforderung benutzen" -#: src/parse_args.c:828 +#: src/parse_args.c:858 msgid "change the root directory before running command" msgstr "Wurzelverzeichnis vor der Ausführung des Befehls wechseln" -#: src/parse_args.c:831 +#: src/parse_args.c:861 msgid "create SELinux security context with specified role" msgstr "SELinux-Sicherheitskontext mit angegebener Funktion erstellen" -#: src/parse_args.c:834 +#: src/parse_args.c:864 msgid "read password from standard input" msgstr "Passwort von der Standardeingabe lesen" -#: src/parse_args.c:836 +#: src/parse_args.c:867 msgid "run shell as the target user; a command may also be specified" msgstr "Shell als Zielbenutzer ausführen; es kann auch ein Befehl angegeben werden" -#: src/parse_args.c:839 +#: src/parse_args.c:871 msgid "create SELinux security context with specified type" msgstr "SELinux-Sicherheitskontext mit angegebenem Typ erstellen" -#: src/parse_args.c:842 +#: src/parse_args.c:874 msgid "terminate command after the specified time limit" msgstr "Befehlausführung nach der angegebenen Zeitbegrenzung abbrechen" -#: src/parse_args.c:844 +#: src/parse_args.c:877 msgid "in list mode, display privileges for user" msgstr "im Aufzählungsmodus, Rechte des Benutzers anzeigen" -#: src/parse_args.c:846 +#: src/parse_args.c:880 msgid "run command (or edit file) as specified user name or ID" msgstr "Befehl oder Datei unter angegebenem Benutzernamen oder Benutzer-ID ausführen bzw. ändern" -#: src/parse_args.c:848 +#: src/parse_args.c:882 msgid "display version information and exit" msgstr "Versionsinformation anzeigen und beenden" -#: src/parse_args.c:850 +#: src/parse_args.c:885 msgid "update user's timestamp without running a command" msgstr "Den Zeitstempel des Benutzers erneuern, ohne einen Befehl auszuführen" -#: src/parse_args.c:852 +#: src/parse_args.c:888 msgid "stop processing command line arguments" msgstr "Aufhören, die Befehlszeilenargumente zu verarbeiten" -#: src/selinux.c:84 +#: src/selinux.c:83 msgid "unable to open audit system" msgstr "Das Audit-System konnte nicht geöffnet werden" -#: src/selinux.c:94 +#: src/selinux.c:93 msgid "unable to send audit message" msgstr "Die Audit-Nachricht konnte nicht verschickt werden" -#: src/selinux.c:128 +#: src/selinux.c:129 #, c-format msgid "unable to fgetfilecon %s" msgstr "»fgetfilecon« konnte nicht auf %s angewendet werden" -#: src/selinux.c:133 +#: src/selinux.c:134 #, c-format msgid "%s changed labels" msgstr "%s änderte die Kennzeichnung" -#: src/selinux.c:141 +#: src/selinux.c:142 #, c-format msgid "unable to restore context for %s" msgstr "Der Kontext für %s konnte nicht wiederhergestellt werden" -#: src/selinux.c:189 +#: src/selinux.c:190 #, c-format msgid "unable to open %s, not relabeling tty" msgstr "%s konnte nicht geöffnet werden, TTY wird nicht neu gekennzeichnet" -#: src/selinux.c:193 src/selinux.c:238 src/selinux.c:268 +#: src/selinux.c:194 src/selinux.c:239 src/selinux.c:269 #, c-format msgid "%s is not a character device, not relabeling tty" msgstr "%s ist kein zeichenorientiertes Gerät, TTY wird nicht neu gekennzeichnet." -#: src/selinux.c:202 +#: src/selinux.c:203 msgid "unable to get current tty context, not relabeling tty" msgstr "" "Aktueller TTY-Kontext konnte nicht festgestellt werden, TTY wird nicht neu\n" "gekennzeichnet." -#: src/selinux.c:209 +#: src/selinux.c:210 msgid "unknown security class \"chr_file\", not relabeling tty" msgstr "Unbekannte Sicherheitsklasse »chr_file«, TTY wird nicht neu gekennzeichnet." -#: src/selinux.c:214 +#: src/selinux.c:215 msgid "unable to get new tty context, not relabeling tty" msgstr "" "Neuer TTY-Kontext konnte nicht festgestellt werden, TTY wird nicht neu\n" "gekennzeichnet." -#: src/selinux.c:223 +#: src/selinux.c:224 msgid "unable to set new tty context" msgstr "Neuer TTY-Kontext konnte nicht festgestellt werden" -#: src/selinux.c:321 -#, c-format -msgid "you must specify a role for type %s" -msgstr "Für den Typen %s muss eine Funktion angegeben werden" - #: src/selinux.c:327 +msgid "failed to get new context" +msgstr "»new_context« konnte nicht geholt werden" + +#: src/selinux.c:345 #, c-format msgid "unable to get default type for role %s" msgstr "Standardtyp für Funktion %s konnte nicht ermittelt werden" -#: src/selinux.c:339 -msgid "failed to get new context" -msgstr "»new_context« konnte nicht geholt werden" - -#: src/selinux.c:348 +#: src/selinux.c:357 #, c-format msgid "failed to set new role %s" msgstr "Neue Funktion %s konnte nicht festgelegt werden" -#: src/selinux.c:352 +#: src/selinux.c:361 #, c-format msgid "failed to set new type %s" msgstr "Neuer Typ %s konnte nicht festgelegt werden" -#: src/selinux.c:364 +#: src/selinux.c:373 #, c-format msgid "%s is not a valid context" msgstr "%s ist kein gültiger Kontext" -#: src/selinux.c:396 +#: src/selinux.c:402 msgid "failed to get old context" msgstr "»old_context« konnte nicht geholt werden" -#: src/selinux.c:402 +#: src/selinux.c:408 msgid "unable to determine enforcing mode." msgstr "»Enforcing«-Modus konnte nicht bestimmt werden." -#: src/selinux.c:419 -#, c-format -msgid "unable to set tty context to %s" -msgstr "TTY-Kontext konnte nicht auf %s gesetzt werden" - #: src/selinux.c:440 #, c-format msgid "unable to set exec context to %s" @@ -702,20 +739,40 @@ msgid "unable to set key creation context to %s" msgstr "Kontext der Schüsselerstellung konnte nicht auf %s festgelegt werden." -#: src/sesh.c:77 +#: src/sesh.c:72 msgid "requires at least one argument" msgstr "Benötigt mindestens ein Argument" -#: src/sesh.c:106 +#: src/sesh.c:104 #, c-format msgid "invalid file descriptor number: %s" msgstr "Unzulässige Dateideskriptornummer: %s" -#: src/sesh.c:120 +#: src/sesh.c:118 #, c-format msgid "unable to run %s as a login shell" msgstr "%s konnte nicht als Anmeldeshell ausgeführt werden" +#: src/sesh.c:200 src/sesh.c:300 src/sudo_edit.c:204 +#, c-format +msgid "%s: editing symbolic links is not permitted" +msgstr "%s: Bearbeiten symbolischer Links ist nicht erlaubt" + +#: src/sesh.c:203 src/sesh.c:303 src/sudo_edit.c:207 +#, c-format +msgid "%s: editing files in a writable directory is not permitted" +msgstr "%s: Bearbeiten von Dateien in einem beschreibbaren Ordner ist nicht erlaubt" + +#: src/sesh.c:287 src/sesh.c:308 src/sesh.c:317 src/sesh.c:325 +#: src/sudo_edit.c:331 +#, c-format +msgid "contents of edit session left in %s" +msgstr "Bearbeitungssitzung wurden in %s gelassen" + +#: src/sesh.c:416 src/sudo_edit.c:94 +msgid "unable to get group list" +msgstr "Gruppenliste konnte nicht geholt werden" + #: src/signal.c:79 #, c-format msgid "unable to save handler for signal %d" @@ -764,203 +821,198 @@ msgid "warning, resource control assignment failed for project \"%s\"" msgstr "Warnung: Ressourcenkontrolle von Projekt »%s« konnte nicht zugewiesen werden" -#: src/sudo.c:220 +#: src/sudo.c:213 #, c-format msgid "Sudo version %s\n" msgstr "Sudo-Version %s\n" -#: src/sudo.c:222 +#: src/sudo.c:215 #, c-format msgid "Configure options: %s\n" msgstr "Optionen für »configure«: %s\n" -#: src/sudo.c:231 +#: src/sudo.c:223 msgid "fatal error, unable to load plugins" msgstr "Schwerwiegender Fehler, Plugins konnten nicht geladen werden" -#: src/sudo.c:277 +#: src/sudo.c:269 msgid "plugin did not return a command to execute" msgstr "Plugin gab keinen auszuführenden Befehl zurück" -#: src/sudo.c:312 +#: src/sudo.c:302 #, c-format msgid "unexpected sudo mode 0x%x" msgstr "Unerwarteter sudo-Modus 0x%x" -#: src/sudo.c:546 +#: src/sudo.c:550 #, c-format msgid "you do not exist in the %s database" msgstr "Sie sind in der %s-Datenbank nicht enthalten" -#: src/sudo.c:603 +#: src/sudo.c:607 msgid "unable to determine tty" msgstr "TTY konnte nicht ermittelt werden" -#: src/sudo.c:913 +#: src/sudo.c:948 #, c-format msgid "%s must be owned by uid %d and have the setuid bit set" msgstr "%s muss dem Benutzer mit UID %d gehören und das »setuid«-Bit gesetzt haben" -#: src/sudo.c:916 +#: src/sudo.c:951 #, c-format msgid "effective uid is not %d, is %s on a file system with the 'nosuid' option set or an NFS file system without root privileges?" msgstr "Effektive UID ist nicht %d. Liegt %s auf einem Dateisystem mit gesetzter »nosuid«-Option oder auf einem NFS-Dateisystem ohne Root-Rechte?" -#: src/sudo.c:922 +#: src/sudo.c:957 #, c-format msgid "effective uid is not %d, is sudo installed setuid root?" msgstr "Effektive UID ist nicht %d. Wurde sudo mit »setuid root« installiert?" -#: src/sudo.c:938 +#: src/sudo.c:973 src/tgetpass.c:333 msgid "unable to set supplementary group IDs" msgstr "Zusätzliche Gruppenkennungen konnten nicht gesetzt werden" -#: src/sudo.c:945 +#: src/sudo.c:980 #, c-format msgid "unable to set effective gid to runas gid %u" msgstr "Effektive GID konnte nicht auf »runas«-GID %u gesetzt werden" -#: src/sudo.c:951 +#: src/sudo.c:986 #, c-format msgid "unable to set gid to runas gid %u" msgstr "GID konnte nicht auf »runas«-GID %u gesetzt werden" -#: src/sudo.c:994 +#: src/sudo.c:1029 #, c-format msgid "unexpected child termination condition: %d" msgstr "Unerwartete Abbruchbedingung eines Unterprozesses: %d" -#: src/sudo.c:1103 +#: src/sudo.c:1136 msgid "unable to initialize policy plugin" msgstr "Regelwerks-Plugin konnte nicht initialisiert werden" -#: src/sudo.c:1166 +#: src/sudo.c:1198 #, c-format msgid "policy plugin %s is missing the \"check_policy\" method" msgstr "Dem Regelwerks-Plugin %s fehlt die »check_policy«-Methode" -#: src/sudo.c:1181 src/sudo.c:1234 src/sudo.c:1278 -msgid "command rejected by policy" -msgstr "Befehl wurde durch Regelwerk abgewiesen" - -#: src/sudo.c:1186 src/sudo.c:1239 src/sudo.c:1283 -msgid "policy plugin error" -msgstr "Regelwerk-Plugin-Fehler" - -#: src/sudo.c:1220 +#: src/sudo.c:1244 #, c-format msgid "policy plugin %s does not support listing privileges" msgstr "Regelwerks-Plugin %s unterstützt das Auflisten von Privilegien nicht" -#: src/sudo.c:1264 +#: src/sudo.c:1288 #, c-format msgid "policy plugin %s does not support the -v option" msgstr "Regelwerks-Plugin %s unterstützt die Option -v nicht" -#: src/sudo.c:1302 +#: src/sudo.c:1326 #, c-format msgid "policy plugin %s does not support the -k/-K options" msgstr "Regelwerks-Plugin %s unterstützt die Optionen -k und -K nicht" -#: src/sudo.c:1431 +#: src/sudo.c:1455 #, c-format msgid "error initializing I/O plugin %s" msgstr "E/A-Plugin %s konnte nicht initialisiert werden" -#: src/sudo.c:1585 +#: src/sudo.c:1458 +msgid "error initializing I/O plugin" +msgstr "E/A-Plugin konnte nicht initialisiert werden" + +#: src/sudo.c:1607 #, c-format msgid "error initializing audit plugin %s" msgstr "Audit-Plugin %s konnte nicht initialisiert werden" -#: src/sudo.c:1763 +#: src/sudo.c:1686 +#, c-format +msgid "%s: unable to log error event%s%s" +msgstr "%s: Fehlerereignis%s%s konnte nicht protokolliert werden" + +#: src/sudo.c:1722 +#, c-format +msgid "%s: unable to log accept event%s%s" +msgstr "%s: Ereignis%s%s konnte für das Protokoll nicht akzeptiert werden" + +#: src/sudo.c:1727 src/sudo.c:1765 +msgid "audit plugin error" +msgstr "Audit-Pluginfehler" + +#: src/sudo.c:1760 +#, c-format +msgid "%s: unable to log reject event%s%s" +msgstr "%s: Ereignis%s%s wurde vom Protokoll abgewiesen" + +#: src/sudo.c:1820 #, c-format msgid "error initializing approval plugin %s" msgstr "Genehmigungs-Plugin %s konnte nicht initialisiert werden" -#: src/sudo.c:1839 +#: src/sudo.c:1890 msgid "command rejected by approver" msgstr "Befehl wurde vom Genehmigenden abgewiesen" -#: src/sudo.c:1848 +#: src/sudo.c:1900 msgid "approval plugin error" msgstr "Genehmigungs-Plugin-Fehler" -#: src/sudo_edit.c:226 +#: src/sudo_edit.c:113 msgid "no writable temporary directory found" msgstr "Kein beschreibbares temporäres Verzeichnis gefunden" -#: src/sudo_edit.c:351 -msgid "unable to restore current working directory" -msgstr "Aktueller Arbeitsordner konnte nicht wiederhergestellt werden" - -#: src/sudo_edit.c:566 src/sudo_edit.c:666 -#, c-format -msgid "%s: not a regular file" -msgstr "%s: Keine reguläre Datei" - -#: src/sudo_edit.c:573 -#, c-format -msgid "%s: editing symbolic links is not permitted" -msgstr "%s: Bearbeiten symbolischer Links ist nicht erlaubt" - -#: src/sudo_edit.c:576 -#, c-format -msgid "%s: editing files in a writable directory is not permitted" -msgstr "%s: Bearbeiten von Dateien in einem beschreibbaren Ordner ist nicht erlaubt" - -#: src/sudo_edit.c:667 +#: src/sudo_edit.c:291 #, c-format msgid "%s left unmodified" msgstr "%s blieb unverändert" -#: src/sudo_edit.c:680 src/sudo_edit.c:871 +#: src/sudo_edit.c:304 src/sudo_edit.c:571 #, c-format msgid "%s unchanged" msgstr "%s unverändert" -#: src/sudo_edit.c:706 src/sudo_edit.c:909 -#, c-format -msgid "contents of edit session left in %s" -msgstr "Bearbeitungssitzung wurden in %s gelassen" - -#: src/sudo_edit.c:814 +#: src/sudo_edit.c:481 msgid "sesh: internal error: odd number of paths" msgstr "sesh: interner Fehler: seltsame Anzahl an Pfaden" -#: src/sudo_edit.c:816 +#: src/sudo_edit.c:483 msgid "sesh: unable to create temporary files" msgstr "sesh: Temporäre Dateien konnten nicht angelegt werden" -#: src/sudo_edit.c:818 src/sudo_edit.c:902 +#: src/sudo_edit.c:485 src/sudo_edit.c:609 msgid "sesh: killed by a signal" msgstr "sesh: von einem Signal getötet" -#: src/sudo_edit.c:820 src/sudo_edit.c:905 +#: src/sudo_edit.c:487 src/sudo_edit.c:612 #, c-format msgid "sesh: unknown error %d" msgstr "sesh: unbekannter Fehler %d" -#: src/sudo_edit.c:895 +#: src/sudo_edit.c:602 msgid "unable to copy temporary files back to their original location" msgstr "Temporäre Dateien konnten nicht an ihre ursprünglichen Orte zurück kopiert werden" -#: src/sudo_edit.c:899 +#: src/sudo_edit.c:606 msgid "unable to copy some of the temporary files back to their original location" msgstr "Einige der temporären Dateien konnten nicht an ihre ursprünglichen Orte zurück kopiert werden" -#: src/sudo_edit.c:943 +#: src/sudo_edit.c:649 #, c-format msgid "unable to change uid to root (%u)" msgstr "UID konnte nicht zu Root (%u) geändert werden" -#: src/sudo_edit.c:960 +#: src/sudo_edit.c:670 msgid "plugin error: missing file list for sudoedit" msgstr "Plugin-Fehler: Fehlende Dateiliste für sudoedit" -#: src/sudo_edit.c:1011 src/sudo_edit.c:1024 +#: src/sudo_edit.c:713 src/sudo_edit.c:727 msgid "unable to read the clock" msgstr "Die Uhr konnte nicht gelesen werden" +#: src/sudo_intercept_common.c:341 +msgid "intercept port not set" +msgstr "Intercept-Port ist nicht gesetzt" + #: src/tgetpass.c:95 msgid "timed out reading password" msgstr "Zeitüberschreitung beim Lesen des Passworts" @@ -981,33 +1033,42 @@ msgid "no askpass program specified, try setting SUDO_ASKPASS" msgstr "Kein »askpass«-Programm angegeben, es wird versucht, SUDO_ASKPASS zu setzen" -#: src/tgetpass.c:327 +#: src/tgetpass.c:328 #, c-format msgid "unable to set gid to %u" msgstr "GID konnte nicht als %u festgelegt werden" -#: src/tgetpass.c:331 +#: src/tgetpass.c:338 #, c-format msgid "unable to set uid to %u" msgstr "UID konnte nicht als %u festgelegt werden" -#: src/tgetpass.c:336 +#: src/tgetpass.c:343 #, c-format msgid "unable to run %s" msgstr "%s konnte nicht ausgeführt werden" -#: src/utmp.c:287 +#: src/utmp.c:288 msgid "unable to save stdin" msgstr "Standardeingabe konnte nicht gespeichert werden" -#: src/utmp.c:289 +#: src/utmp.c:290 msgid "unable to dup2 stdin" msgstr "dup2 konnte nicht auf die Standardeingabe angewendet werden" -#: src/utmp.c:292 +#: src/utmp.c:293 msgid "unable to restore stdin" msgstr "Standardeingabe konnte nicht wiederhergestellt werden" +#~ msgid "%s%s: %s" +#~ msgstr "%s%s: %s" + +#~ msgid "you must specify a role for type %s" +#~ msgstr "Für den Typen %s muss eine Funktion angegeben werden" + +#~ msgid "unable to set tty context to %s" +#~ msgstr "TTY-Kontext konnte nicht auf %s gesetzt werden" + #~ msgid "%s: short write" #~ msgstr "%s: Zu kurzer Schreibvorgang" Binary files /tmp/tmpi0rdlgnl/ugezXHF7Xt/sudo-1.9.5p2/po/eo.mo and /tmp/tmpi0rdlgnl/jboyaHmwzR/sudo-1.9.9/po/eo.mo differ diff -Nru sudo-1.9.5p2/po/eo.po sudo-1.9.9/po/eo.po --- sudo-1.9.5p2/po/eo.po 2020-12-17 01:33:44.000000000 +0000 +++ sudo-1.9.9/po/eo.po 2022-01-27 21:24:22.000000000 +0000 @@ -1,14 +1,14 @@ # Esperanto translations for sudo package. # This file is distributed under the same license as the sudo package. -# Keith Bowes , 2012, 2020. +# Keith Bowes , 2012, 2020-2021 # Felipe Castro , 2013, 2014, 2015, 2016, 2017, 2018, 2019, 2020. # msgid "" msgstr "" -"Project-Id-Version: sudo 1.9.3b1\n" +"Project-Id-Version: sudo 1.9.9b1\n" "Report-Msgid-Bugs-To: https://bugzilla.sudo.ws\n" -"POT-Creation-Date: 2020-09-12 08:28-0600\n" -"PO-Revision-Date: 2020-09-20 12:15-0400\n" +"POT-Creation-Date: 2021-12-08 10:19-0700\n" +"PO-Revision-Date: 2021-12-11 12:51-0500\n" "Last-Translator: Keith Bowes \n" "Language-Team: Esperanto \n" "Language: eo\n" @@ -33,87 +33,94 @@ msgstr "ne eblas restarigi registrejon" #: lib/util/aix.c:272 lib/util/gidlist.c:66 lib/util/gidlist.c:76 -#: lib/util/json.c:54 lib/util/json.c:180 lib/util/sudo_conf.c:186 -#: lib/util/sudo_conf.c:272 lib/util/sudo_conf.c:349 lib/util/sudo_conf.c:575 -#: src/conversation.c:80 src/exec_common.c:106 src/exec_common.c:122 -#: src/exec_common.c:131 src/exec_monitor.c:206 src/exec_monitor.c:455 -#: src/exec_monitor.c:461 src/exec_monitor.c:469 src/exec_monitor.c:477 -#: src/exec_monitor.c:484 src/exec_monitor.c:491 src/exec_monitor.c:498 -#: src/exec_monitor.c:505 src/exec_monitor.c:512 src/exec_monitor.c:519 -#: src/exec_monitor.c:526 src/exec_nopty.c:212 src/exec_nopty.c:221 -#: src/exec_nopty.c:228 src/exec_nopty.c:235 src/exec_nopty.c:242 -#: src/exec_nopty.c:249 src/exec_nopty.c:256 src/exec_nopty.c:263 -#: src/exec_nopty.c:270 src/exec_nopty.c:277 src/exec_nopty.c:284 -#: src/exec_nopty.c:291 src/exec_nopty.c:299 src/exec_nopty.c:473 -#: src/exec_pty.c:827 src/exec_pty.c:836 src/exec_pty.c:893 -#: src/exec_pty.c:1046 src/exec_pty.c:1218 src/exec_pty.c:1227 -#: src/exec_pty.c:1234 src/exec_pty.c:1241 src/exec_pty.c:1248 -#: src/exec_pty.c:1255 src/exec_pty.c:1262 src/exec_pty.c:1269 -#: src/exec_pty.c:1276 src/exec_pty.c:1283 src/exec_pty.c:1290 -#: src/exec_pty.c:1298 src/exec_pty.c:1740 src/load_plugins.c:52 -#: src/load_plugins.c:65 src/load_plugins.c:163 src/load_plugins.c:188 -#: src/load_plugins.c:223 src/load_plugins.c:463 src/load_plugins.c:469 -#: src/parse_args.c:181 src/parse_args.c:202 src/parse_args.c:275 -#: src/parse_args.c:616 src/parse_args.c:638 src/parse_args.c:663 -#: src/preserve_fds.c:46 src/preserve_fds.c:131 src/selinux.c:90 -#: src/selinux.c:360 src/selinux.c:489 src/selinux.c:498 src/sesh.c:115 -#: src/sudo.c:632 src/sudo.c:701 src/sudo.c:711 src/sudo.c:732 src/sudo.c:751 -#: src/sudo.c:760 src/sudo.c:769 src/sudo.c:786 src/sudo.c:828 src/sudo.c:838 -#: src/sudo.c:867 src/sudo.c:1053 src/sudo.c:1075 src/sudo.c:1373 -#: src/sudo.c:1546 src/sudo.c:1740 src/sudo.c:2084 src/sudo_edit.c:263 -#: src/sudo_edit.c:770 src/sudo_edit.c:854 src/sudo_edit.c:976 -#: src/sudo_edit.c:996 +#: lib/util/json.c:54 lib/util/json.c:183 lib/util/sudo_conf.c:218 +#: lib/util/sudo_conf.c:304 lib/util/sudo_conf.c:381 lib/util/sudo_conf.c:665 +#: src/conversation.c:80 src/exec_monitor.c:206 src/exec_monitor.c:456 +#: src/exec_monitor.c:462 src/exec_monitor.c:470 src/exec_monitor.c:478 +#: src/exec_monitor.c:485 src/exec_monitor.c:492 src/exec_monitor.c:499 +#: src/exec_monitor.c:506 src/exec_monitor.c:513 src/exec_monitor.c:520 +#: src/exec_monitor.c:527 src/exec_nopty.c:219 src/exec_nopty.c:228 +#: src/exec_nopty.c:235 src/exec_nopty.c:242 src/exec_nopty.c:249 +#: src/exec_nopty.c:256 src/exec_nopty.c:263 src/exec_nopty.c:270 +#: src/exec_nopty.c:277 src/exec_nopty.c:284 src/exec_nopty.c:291 +#: src/exec_nopty.c:298 src/exec_nopty.c:306 src/exec_nopty.c:503 +#: src/exec_preload.c:143 src/exec_preload.c:204 src/exec_pty.c:840 +#: src/exec_pty.c:849 src/exec_pty.c:906 src/exec_pty.c:1059 +#: src/exec_pty.c:1231 src/exec_pty.c:1240 src/exec_pty.c:1247 +#: src/exec_pty.c:1254 src/exec_pty.c:1261 src/exec_pty.c:1268 +#: src/exec_pty.c:1275 src/exec_pty.c:1282 src/exec_pty.c:1289 +#: src/exec_pty.c:1296 src/exec_pty.c:1303 src/exec_pty.c:1311 +#: src/exec_pty.c:1774 src/load_plugins.c:156 src/load_plugins.c:181 +#: src/load_plugins.c:217 src/load_plugins.c:449 src/load_plugins.c:455 +#: src/parse_args.c:190 src/parse_args.c:211 src/parse_args.c:285 +#: src/parse_args.c:630 src/parse_args.c:652 src/parse_args.c:677 +#: src/preserve_fds.c:46 src/preserve_fds.c:131 src/selinux.c:89 +#: src/selinux.c:369 src/selinux.c:489 src/selinux.c:498 src/sesh.c:113 +#: src/sesh.c:146 src/sesh.c:152 src/sesh.c:159 src/sesh.c:165 src/sesh.c:410 +#: src/sudo.c:636 src/sudo.c:706 src/sudo.c:716 src/sudo.c:741 src/sudo.c:764 +#: src/sudo.c:773 src/sudo.c:782 src/sudo.c:799 src/sudo.c:849 src/sudo.c:859 +#: src/sudo.c:888 src/sudo.c:1087 src/sudo.c:1108 src/sudo.c:1401 +#: src/sudo.c:1570 src/sudo.c:1797 src/sudo.c:2131 src/sudo_edit.c:89 +#: src/sudo_edit.c:149 src/sudo_edit.c:429 src/sudo_edit.c:438 +#: src/sudo_edit.c:539 src/sudo_edit.c:546 src/sudo_edit.c:677 +#: src/sudo_edit.c:697 src/sudo_intercept_common.c:113 +#: src/sudo_intercept_common.c:317 #, c-format msgid "%s: %s" msgstr "%s: %s" #: lib/util/aix.c:272 lib/util/gidlist.c:66 lib/util/json.c:55 -#: lib/util/json.c:181 lib/util/sudo_conf.c:187 lib/util/sudo_conf.c:272 -#: lib/util/sudo_conf.c:349 lib/util/sudo_conf.c:575 src/conversation.c:81 -#: src/exec_common.c:106 src/exec_common.c:123 src/exec_common.c:132 -#: src/exec_monitor.c:455 src/exec_monitor.c:461 src/exec_monitor.c:469 -#: src/exec_monitor.c:477 src/exec_monitor.c:484 src/exec_monitor.c:491 -#: src/exec_monitor.c:498 src/exec_monitor.c:505 src/exec_monitor.c:512 -#: src/exec_monitor.c:519 src/exec_monitor.c:526 src/exec_nopty.c:212 -#: src/exec_nopty.c:221 src/exec_nopty.c:228 src/exec_nopty.c:235 -#: src/exec_nopty.c:242 src/exec_nopty.c:249 src/exec_nopty.c:256 -#: src/exec_nopty.c:263 src/exec_nopty.c:270 src/exec_nopty.c:277 -#: src/exec_nopty.c:284 src/exec_nopty.c:291 src/exec_nopty.c:299 -#: src/exec_pty.c:827 src/exec_pty.c:836 src/exec_pty.c:893 -#: src/exec_pty.c:1218 src/exec_pty.c:1227 src/exec_pty.c:1234 -#: src/exec_pty.c:1241 src/exec_pty.c:1248 src/exec_pty.c:1255 -#: src/exec_pty.c:1262 src/exec_pty.c:1269 src/exec_pty.c:1276 -#: src/exec_pty.c:1283 src/exec_pty.c:1290 src/exec_pty.c:1298 -#: src/exec_pty.c:1740 src/load_plugins.c:163 src/load_plugins.c:188 -#: src/load_plugins.c:223 src/load_plugins.c:463 src/load_plugins.c:469 -#: src/parse_args.c:181 src/parse_args.c:203 src/parse_args.c:275 -#: src/parse_args.c:616 src/parse_args.c:638 src/parse_args.c:663 -#: src/preserve_fds.c:46 src/preserve_fds.c:131 src/selinux.c:90 -#: src/selinux.c:360 src/selinux.c:489 src/selinux.c:498 src/sesh.c:115 -#: src/sudo.c:235 src/sudo.c:632 src/sudo.c:867 src/sudo.c:1053 -#: src/sudo.c:1075 src/sudo.c:1373 src/sudo.c:1546 src/sudo.c:1740 -#: src/sudo.c:2084 src/sudo_edit.c:263 src/sudo_edit.c:770 src/sudo_edit.c:854 -#: src/sudo_edit.c:976 src/sudo_edit.c:996 +#: lib/util/json.c:184 lib/util/sudo_conf.c:219 lib/util/sudo_conf.c:304 +#: lib/util/sudo_conf.c:381 lib/util/sudo_conf.c:665 src/conversation.c:81 +#: src/exec_intercept.c:100 src/exec_intercept.c:330 src/exec_intercept.c:354 +#: src/exec_intercept.c:377 src/exec_intercept.c:385 src/exec_intercept.c:410 +#: src/exec_intercept.c:416 src/exec_intercept.c:425 src/exec_intercept.c:431 +#: src/exec_intercept.c:565 src/exec_intercept.c:706 src/exec_monitor.c:456 +#: src/exec_monitor.c:462 src/exec_monitor.c:470 src/exec_monitor.c:478 +#: src/exec_monitor.c:485 src/exec_monitor.c:492 src/exec_monitor.c:499 +#: src/exec_monitor.c:506 src/exec_monitor.c:513 src/exec_monitor.c:520 +#: src/exec_monitor.c:527 src/exec_nopty.c:219 src/exec_nopty.c:228 +#: src/exec_nopty.c:235 src/exec_nopty.c:242 src/exec_nopty.c:249 +#: src/exec_nopty.c:256 src/exec_nopty.c:263 src/exec_nopty.c:270 +#: src/exec_nopty.c:277 src/exec_nopty.c:284 src/exec_nopty.c:291 +#: src/exec_nopty.c:298 src/exec_nopty.c:306 src/exec_preload.c:143 +#: src/exec_preload.c:204 src/exec_pty.c:840 src/exec_pty.c:849 +#: src/exec_pty.c:906 src/exec_pty.c:1231 src/exec_pty.c:1240 +#: src/exec_pty.c:1247 src/exec_pty.c:1254 src/exec_pty.c:1261 +#: src/exec_pty.c:1268 src/exec_pty.c:1275 src/exec_pty.c:1282 +#: src/exec_pty.c:1289 src/exec_pty.c:1296 src/exec_pty.c:1303 +#: src/exec_pty.c:1311 src/exec_pty.c:1774 src/load_plugins.c:156 +#: src/load_plugins.c:181 src/load_plugins.c:217 src/load_plugins.c:449 +#: src/load_plugins.c:455 src/parse_args.c:190 src/parse_args.c:212 +#: src/parse_args.c:285 src/parse_args.c:630 src/parse_args.c:652 +#: src/parse_args.c:677 src/preserve_fds.c:46 src/preserve_fds.c:131 +#: src/selinux.c:89 src/selinux.c:369 src/selinux.c:489 src/selinux.c:498 +#: src/sesh.c:113 src/sesh.c:411 src/sudo.c:227 src/sudo.c:636 src/sudo.c:888 +#: src/sudo.c:1087 src/sudo.c:1108 src/sudo.c:1401 src/sudo.c:1570 +#: src/sudo.c:1797 src/sudo.c:2131 src/sudo_edit.c:89 src/sudo_edit.c:149 +#: src/sudo_edit.c:429 src/sudo_edit.c:438 src/sudo_edit.c:539 +#: src/sudo_edit.c:546 src/sudo_edit.c:677 src/sudo_edit.c:697 +#: src/sudo_intercept_common.c:113 src/sudo_intercept_common.c:317 msgid "unable to allocate memory" msgstr "ne eblas generi memoron" -#: lib/util/mkdir_parents.c:69 lib/util/sudo_conf.c:614 src/selinux.c:234 -#: src/selinux.c:264 src/sudo.c:369 +#: lib/util/mkdir_parents.c:68 lib/util/sudo_conf.c:704 src/selinux.c:235 +#: src/selinux.c:265 src/sudo.c:368 src/sudo_edit.c:494 src/sudo_edit.c:559 #, c-format msgid "unable to open %s" msgstr "ne eblas malfermi %s" -#: lib/util/mkdir_parents.c:84 +#: lib/util/mkdir_parents.c:83 #, c-format msgid "unable to mkdir %s" msgstr "ne eblas apliki mkdir al %s" -#: lib/util/mkdir_parents.c:93 lib/util/sudo_conf.c:591 +#: lib/util/mkdir_parents.c:92 lib/util/sudo_conf.c:681 src/copy_file.c:150 #, c-format msgid "unable to stat %s" msgstr "ne eblas apliki stat al %s" -#: lib/util/mkdir_parents.c:98 +#: lib/util/mkdir_parents.c:97 #, c-format msgid "%s exists but is not a directory (0%o)" msgstr "%s ekzistas sed ne estas dosierujo (0%o)" @@ -123,7 +130,7 @@ msgstr "Nekonata signalo" #: lib/util/strtoid.c:87 lib/util/strtomode.c:52 lib/util/strtonum.c:148 -#: lib/util/strtonum.c:187 +#: lib/util/strtonum.c:187 src/sesh.c:146 src/sesh.c:159 msgid "invalid value" msgstr "nevalida valoro" @@ -135,110 +142,173 @@ msgid "value too small" msgstr "valoro tro malgrandas" -#: lib/util/sudo_conf.c:205 +#: lib/util/sudo_conf.c:237 #, c-format msgid "invalid Path value \"%s\" in %s, line %u" msgstr "nevalida voja valoro \"%s\" en %s, linio %u" -#: lib/util/sudo_conf.c:371 lib/util/sudo_conf.c:387 lib/util/sudo_conf.c:440 +#: lib/util/sudo_conf.c:403 lib/util/sudo_conf.c:419 lib/util/sudo_conf.c:472 #, c-format msgid "invalid value for %s \"%s\" in %s, line %u" msgstr "nevalida valoro por %s \"%s\" en %s, linio %u" -#: lib/util/sudo_conf.c:408 +#: lib/util/sudo_conf.c:440 #, c-format msgid "unsupported group source \"%s\" in %s, line %u" msgstr "nekomprenata grupa fonto \"%s\" en %s, linio %u" -#: lib/util/sudo_conf.c:424 +#: lib/util/sudo_conf.c:456 #, c-format msgid "invalid max groups \"%s\" in %s, line %u" msgstr "nevalidaj maksimumaj grupoj \"%s\" en %s, linio %u" -#: lib/util/sudo_conf.c:594 +#: lib/util/sudo_conf.c:684 #, c-format msgid "%s is not a regular file" msgstr "%s estas ne regula dosiero" -#: lib/util/sudo_conf.c:597 +#: lib/util/sudo_conf.c:687 src/copy_file.c:163 #, c-format msgid "%s is owned by uid %u, should be %u" msgstr "%s estas estrata de uid %u, devas esti %u" -#: lib/util/sudo_conf.c:601 +#: lib/util/sudo_conf.c:691 #, c-format msgid "%s is world writable" msgstr "%s estas skribebla de ĉiuj" -#: lib/util/sudo_conf.c:604 +#: lib/util/sudo_conf.c:694 #, c-format msgid "%s is group writable" msgstr "%s estas skribebla de la tuta grupo" -#: src/copy_file.c:91 +#: src/copy_file.c:93 #, c-format msgid "%s: truncate %s to zero bytes? (y/n) [n] " msgstr "%s: ĉu distranĉi %s ĝis nul bajto? (y/n) [n]" -#: src/copy_file.c:95 +#: src/copy_file.c:97 #, c-format msgid "not overwriting %s" msgstr "ne anstataŭigos je %s" -#: src/copy_file.c:117 +#: src/copy_file.c:119 #, c-format msgid "unable to read from %s" msgstr "ne eblas legi ell %s" -#: src/copy_file.c:134 src/sudo_edit.c:695 +#: src/copy_file.c:136 src/sudo_edit.c:320 #, c-format msgid "unable to write to %s" msgstr "ne eblas skribi al %s" -#: src/exec.c:128 +#: src/copy_file.c:154 src/sesh.c:218 src/sudo_edit.c:197 +#, c-format +msgid "%s: not a regular file" +msgstr "%s: ne regula dosiero" + +#: src/copy_file.c:158 +#, c-format +msgid "%s: bad file mode: 0%o" +msgstr "%s: malbona dosiera reĝimo: 0%o" + +#: src/edit_open.c:331 +msgid "unable to restore current working directory" +msgstr "ne eblas restarigi nune kurantan dosierujon" + +#: src/exec.c:130 #, c-format msgid "unknown login class %s" msgstr "nekonata ensaluta klaso %s" -#: src/exec.c:140 +#: src/exec.c:142 msgid "unable to set user context" msgstr "ne eblas elekti uzanto-kuntekston" -#: src/exec.c:156 +#: src/exec.c:158 msgid "unable to set process priority" msgstr "ne eblas elekti procezan prioritaton" -#: src/exec.c:170 +#: src/exec.c:175 #, c-format msgid "unable to change root to %s" msgstr "ne eblas ŝanĝi ĉefuzanton al %s" -#: src/exec.c:183 src/exec.c:189 src/exec.c:196 +#: src/exec.c:188 src/exec.c:194 src/exec.c:201 #, c-format msgid "unable to change to runas uid (%u, %u)" msgstr "ne eblas ŝanĝi al plenumigkiela uid (%u, %u)" -#: src/exec.c:214 +#: src/exec.c:219 #, c-format msgid "unable to change directory to %s" msgstr "ne eblas ŝanĝi dosierujon al %s" -#: src/exec.c:218 +#: src/exec.c:223 #, c-format msgid "starting from %s" msgstr "komenciĝas de %s" -#: src/exec.c:300 src/exec_monitor.c:564 src/exec_monitor.c:566 -#: src/exec_nopty.c:531 src/exec_pty.c:568 src/exec_pty.c:1386 -#: src/exec_pty.c:1388 src/signal.c:139 src/signal.c:153 +#: src/exec.c:305 src/exec_monitor.c:565 src/exec_monitor.c:567 +#: src/exec_nopty.c:561 src/exec_pty.c:581 src/exec_pty.c:1411 +#: src/exec_pty.c:1413 src/signal.c:144 src/signal.c:151 src/signal.c:165 #, c-format msgid "unable to set handler for signal %d" msgstr "ne eblas difini traktilon por la signalo %d" -#: src/exec_common.c:165 +#: src/exec_common.c:56 msgid "unable to remove PRIV_PROC_EXEC from PRIV_LIMIT" msgstr "ne eblas forigi PRIV_PROC_EXEC-on de PRIV_LIMIT" +#: src/exec_intercept.c:112 src/exec_intercept.c:116 src/exec_intercept.c:667 +#: src/exec_intercept.c:671 src/exec_intercept.c:857 src/exec_intercept.c:861 +#: src/exec_intercept.c:872 src/exec_intercept.c:876 src/exec_monitor.c:464 +#: src/exec_monitor.c:472 src/exec_monitor.c:480 src/exec_monitor.c:487 +#: src/exec_monitor.c:494 src/exec_monitor.c:501 src/exec_monitor.c:508 +#: src/exec_monitor.c:515 src/exec_monitor.c:522 src/exec_monitor.c:529 +#: src/exec_nopty.c:221 src/exec_nopty.c:230 src/exec_nopty.c:237 +#: src/exec_nopty.c:244 src/exec_nopty.c:251 src/exec_nopty.c:258 +#: src/exec_nopty.c:265 src/exec_nopty.c:272 src/exec_nopty.c:279 +#: src/exec_nopty.c:286 src/exec_nopty.c:293 src/exec_nopty.c:300 +#: src/exec_nopty.c:308 src/exec_pty.c:706 src/exec_pty.c:711 +#: src/exec_pty.c:808 src/exec_pty.c:815 src/exec_pty.c:912 +#: src/exec_pty.c:1233 src/exec_pty.c:1242 src/exec_pty.c:1249 +#: src/exec_pty.c:1256 src/exec_pty.c:1263 src/exec_pty.c:1270 +#: src/exec_pty.c:1277 src/exec_pty.c:1284 src/exec_pty.c:1291 +#: src/exec_pty.c:1298 src/exec_pty.c:1305 src/exec_pty.c:1727 +#: src/exec_pty.c:1737 src/exec_pty.c:1782 src/exec_pty.c:1789 +#: src/exec_pty.c:1816 +msgid "unable to add event to queue" +msgstr "ne eblas aldoni al la atendovico eventon" + +#: src/exec_intercept.c:314 +msgid "invalid PolicyCheckRequest" +msgstr "nevalida PolicyCheckRequest" + +#: src/exec_intercept.c:362 src/sudo.c:1213 src/sudo.c:1258 src/sudo.c:1302 +msgid "command rejected by policy" +msgstr "komando rifuzita pro konduto-regularo" + +#: src/exec_intercept.c:455 src/sudo.c:1218 src/sudo.c:1263 src/sudo.c:1307 +#: src/sudo.c:1381 +msgid "policy plugin error" +msgstr "eraro de konduta kromprogramo" + +#: src/exec_intercept.c:561 +#, c-format +msgid "client request too large: %zu" +msgstr "klienta peto tro granda: %zu" + +#: src/exec_intercept.c:659 +#, c-format +msgid "unexpected type_case value %d in %s from %s" +msgstr "neatendita valoro %d de type_case en %s el %s" + +#: src/exec_intercept.c:694 +#, c-format +msgid "server message too large: %zu" +msgstr "servila mesaĝo tro granda: %zu" + #: src/exec_monitor.c:360 msgid "error reading from socketpair" msgstr "eraro dum legi la konektingan paron" @@ -248,203 +318,180 @@ msgid "unexpected reply type on backchannel: %d" msgstr "neatendita respondotipo ĉe la postkanalo: %d" -#: src/exec_monitor.c:463 src/exec_monitor.c:471 src/exec_monitor.c:479 -#: src/exec_monitor.c:486 src/exec_monitor.c:493 src/exec_monitor.c:500 -#: src/exec_monitor.c:507 src/exec_monitor.c:514 src/exec_monitor.c:521 -#: src/exec_monitor.c:528 src/exec_nopty.c:214 src/exec_nopty.c:223 -#: src/exec_nopty.c:230 src/exec_nopty.c:237 src/exec_nopty.c:244 -#: src/exec_nopty.c:251 src/exec_nopty.c:258 src/exec_nopty.c:265 -#: src/exec_nopty.c:272 src/exec_nopty.c:279 src/exec_nopty.c:286 -#: src/exec_nopty.c:293 src/exec_nopty.c:301 src/exec_pty.c:693 -#: src/exec_pty.c:698 src/exec_pty.c:795 src/exec_pty.c:802 src/exec_pty.c:899 -#: src/exec_pty.c:1220 src/exec_pty.c:1229 src/exec_pty.c:1236 -#: src/exec_pty.c:1243 src/exec_pty.c:1250 src/exec_pty.c:1257 -#: src/exec_pty.c:1264 src/exec_pty.c:1271 src/exec_pty.c:1278 -#: src/exec_pty.c:1285 src/exec_pty.c:1292 src/exec_pty.c:1693 -#: src/exec_pty.c:1703 src/exec_pty.c:1748 src/exec_pty.c:1755 -#: src/exec_pty.c:1782 -msgid "unable to add event to queue" -msgstr "ne eblas aldoni al la atendovico eventon" - -#: src/exec_monitor.c:582 +#: src/exec_monitor.c:583 msgid "unable to set controlling tty" msgstr "ne eblas elekti la regan tty-on" -#: src/exec_monitor.c:590 src/exec_nopty.c:358 src/exec_pty.c:1465 -#: src/exec_pty.c:1486 src/exec_pty.c:1506 src/tgetpass.c:306 +#: src/exec_monitor.c:591 src/exec_nopty.c:369 src/exec_pty.c:1490 +#: src/exec_pty.c:1511 src/exec_pty.c:1531 src/tgetpass.c:307 msgid "unable to create pipe" msgstr "ne eblas krei tubon" -#: src/exec_monitor.c:598 +#: src/exec_monitor.c:601 msgid "unable to receive message from parent" msgstr "ne eblas ricevi mesaĝon el supre" -#: src/exec_monitor.c:612 src/exec_nopty.c:387 src/exec_pty.c:1544 -#: src/sudo_edit.c:735 src/tgetpass.c:310 +#: src/exec_monitor.c:617 src/exec_nopty.c:407 src/exec_pty.c:1569 +#: src/sudo_edit.c:361 src/tgetpass.c:311 msgid "unable to fork" msgstr "ne eblas forki" -#: src/exec_monitor.c:616 src/exec_monitor.c:715 src/exec_nopty.c:441 +#: src/exec_monitor.c:621 src/exec_monitor.c:722 src/exec_nopty.c:471 msgid "unable to restore tty label" msgstr "ne eblis reatingi tty-etikedon" -#: src/exec_monitor.c:632 src/sesh.c:125 src/sudo.c:1131 +#: src/exec_monitor.c:637 src/sesh.c:123 src/sudo.c:1164 #, c-format msgid "unable to execute %s" msgstr "ne eblas plenumigi: %s" -#: src/exec_nopty.c:352 src/exec_pty.c:1395 +#: src/exec_nopty.c:363 src/exec_pty.c:1420 msgid "policy plugin failed session initialization" msgstr "konduta kromprogramo fiaskis dum seanca komenciĝo" -#: src/exec_nopty.c:429 src/exec_pty.c:1632 +#: src/exec_nopty.c:377 src/exec_pty.c:1391 src/exec_pty.c:1399 +msgid "unable to create sockets" +msgstr "ne eblas krei konektingojn" + +#: src/exec_nopty.c:459 src/exec_pty.c:1666 msgid "error in event loop" msgstr "eraro en la eventa iteracio" -#: src/exec_nopty.c:539 src/exec_pty.c:606 src/signal.c:101 +#: src/exec_nopty.c:569 src/exec_pty.c:619 src/signal.c:101 #, c-format msgid "unable to restore handler for signal %d" msgstr "ne eblas restarigi traktilon por la signalo %d" -#: src/exec_pty.c:152 +#: src/exec_pty.c:158 msgid "unable to allocate pty" msgstr "ne eblis generi pty-on" -#: src/exec_pty.c:216 src/exec_pty.c:255 src/exec_pty.c:294 src/exec_pty.c:344 -#: src/exec_pty.c:394 +#: src/exec_pty.c:222 src/exec_pty.c:262 src/exec_pty.c:302 src/exec_pty.c:353 +#: src/exec_pty.c:404 msgid "I/O plugin error" msgstr "En/eliga kromprograma eraro" -#: src/exec_pty.c:219 src/exec_pty.c:258 src/exec_pty.c:297 src/exec_pty.c:347 -#: src/exec_pty.c:397 +#: src/exec_pty.c:226 src/exec_pty.c:266 src/exec_pty.c:306 src/exec_pty.c:357 +#: src/exec_pty.c:408 msgid "command rejected by I/O plugin" msgstr "komando rifuzita de en/eliga kromprogramo" -#: src/exec_pty.c:444 +#: src/exec_pty.c:455 msgid "error logging suspend" msgstr "ni paŭzas la protokoladon de eraroj" -#: src/exec_pty.c:477 +#: src/exec_pty.c:489 msgid "error changing window size" msgstr "eraro dum ŝanĝo de fenestro-grando" -#: src/exec_pty.c:1375 -msgid "unable to create sockets" -msgstr "ne eblas krei konektingojn" - -#: src/exec_pty.c:1587 +#: src/exec_pty.c:1615 msgid "unable to send message to monitor process" msgstr "ne eblas sendi mesaĝon al observa procezo" -#: src/load_plugins.c:50 src/load_plugins.c:63 src/load_plugins.c:85 -#: src/load_plugins.c:115 src/load_plugins.c:129 src/load_plugins.c:135 -#: src/load_plugins.c:287 src/load_plugins.c:297 src/load_plugins.c:307 -#: src/load_plugins.c:354 +#: src/load_plugins.c:108 src/load_plugins.c:122 src/load_plugins.c:128 +#: src/load_plugins.c:277 src/load_plugins.c:287 src/load_plugins.c:297 +#: src/load_plugins.c:344 #, c-format msgid "error in %s, line %d while loading plugin \"%s\"" msgstr "eraro en %s, linio %d dum ŝargi kromprogramon \"%s\"" -#: src/load_plugins.c:87 -#, c-format -msgid "%s%s: %s" -msgstr "%s%s: %s" - -#: src/load_plugins.c:131 +#: src/load_plugins.c:124 #, c-format msgid "%s must be owned by uid %d" msgstr "%s devas esti estrita de uid %d" -#: src/load_plugins.c:137 +#: src/load_plugins.c:130 #, c-format msgid "%s must be only be writable by owner" msgstr "%s estas skribebla nur de estro" -#: src/load_plugins.c:247 src/load_plugins.c:322 +#: src/load_plugins.c:241 src/load_plugins.c:312 #, c-format msgid "ignoring duplicate plugin \"%s\" in %s, line %d" msgstr "ni malatentas duobligitan kromprogramon \"%s\" en %s, linio %d" -#: src/load_plugins.c:289 +#: src/load_plugins.c:279 #, c-format msgid "unable to load %s: %s" msgstr "maleblas ŝarĝi je %s: %s" -#: src/load_plugins.c:299 +#: src/load_plugins.c:289 #, c-format msgid "unable to find symbol \"%s\" in %s" msgstr "ne eblas trovi simbolon \"%s\" en %s" -#: src/load_plugins.c:309 +#: src/load_plugins.c:299 #, c-format msgid "incompatible plugin major version %d (expected %d) found in %s" msgstr "malkongrua granda versio %d de kromprogramo (atendite %d) trovita en %s" -#: src/load_plugins.c:327 +#: src/load_plugins.c:317 #, c-format msgid "ignoring policy plugin \"%s\" in %s, line %d" msgstr "ni malatentas kondutan kromprogramon \"%s\" en %s, linio %d" -#: src/load_plugins.c:330 +#: src/load_plugins.c:320 msgid "only a single policy plugin may be specified" msgstr "nur unu konduta kromprogramo povas esti indikata" -#: src/load_plugins.c:356 +#: src/load_plugins.c:346 #, c-format msgid "unknown plugin type %d found in %s" msgstr "nekonata kromprograma tipo %d trovita en %s" -#: src/load_plugins.c:552 +#: src/load_plugins.c:529 #, c-format msgid "policy plugin %s does not include a check_policy method" msgstr "konduta kromprogramo %s ne inkluzivas la metodon check_policy" -#: src/net_ifs.c:178 src/net_ifs.c:195 src/net_ifs.c:340 src/sudo.c:479 +#: src/net_ifs.c:210 src/net_ifs.c:376 src/net_ifs.c:437 src/net_ifs.c:624 +#: src/net_ifs.c:855 src/sudo.c:483 src/sudo_edit.c:398 src/sudo_edit.c:406 #, c-format msgid "internal error, %s overflow" msgstr "interna eraro, superfluo en %s" -#: src/parse_args.c:223 +#: src/parse_args.c:232 #, c-format msgid "invalid environment variable name: %s" msgstr "malvalida medivariabla nomo: %s" -#: src/parse_args.c:325 +#: src/parse_args.c:335 msgid "the argument to -C must be a number greater than or equal to 3" msgstr "la parametro de -C devas esti nombron almenaŭ 3" -#: src/parse_args.c:552 +#: src/parse_args.c:566 msgid "you may not specify both the -i and -s options" msgstr "vi ne rajtas specifi ambaŭ parametrojn -i kaj -s" -#: src/parse_args.c:557 +#: src/parse_args.c:571 msgid "you may not specify both the -i and -E options" msgstr "vi ne rajtas specifi ambaŭ parametrojn -i kaj -E" -#: src/parse_args.c:567 +#: src/parse_args.c:581 msgid "the -E option is not valid in edit mode" msgstr "la parametro -E ne validas en redakta reĝimo" -#: src/parse_args.c:570 +#: src/parse_args.c:584 msgid "you may not specify environment variables in edit mode" msgstr "vi ne rajtas specifi medivariablojn en redakta reĝimo" -#: src/parse_args.c:580 +#: src/parse_args.c:594 msgid "the -U option may only be used with the -l option" msgstr "la parametro '-U' nur povas esti uzata kun '-l'" -#: src/parse_args.c:584 +#: src/parse_args.c:598 msgid "the -A and -S options may not be used together" msgstr "vi ne rajtas kune uzi la parametrojn '-A' kaj '-S'" -#: src/parse_args.c:677 +#: src/parse_args.c:691 msgid "sudoedit is not supported on this platform" msgstr "sudoedit ne estas havebla en ĉi tiu platformon" -#: src/parse_args.c:759 +#: src/parse_args.c:774 msgid "Only one of the -e, -h, -i, -K, -l, -s, -v or -V options may be specified" msgstr "Vi rajtas specifi nur unu el -e, -h, -i, -K, -l, -s, -v aŭ -V" -#: src/parse_args.c:773 +#: src/parse_args.c:790 #, c-format msgid "" "%s - edit files as another user\n" @@ -453,7 +500,7 @@ "%s - redakti dosierojn kiel alia uzanto\n" "\n" -#: src/parse_args.c:775 +#: src/parse_args.c:792 #, c-format msgid "" "%s - execute a command as another user\n" @@ -462,7 +509,7 @@ "%s - plenumigi komandon kiel alia uzanto\n" "\n" -#: src/parse_args.c:780 +#: src/parse_args.c:798 msgid "" "\n" "Options:\n" @@ -470,225 +517,215 @@ "\n" "Parametroj:\n" -#: src/parse_args.c:782 +#: src/parse_args.c:800 msgid "use a helper program for password prompting" msgstr "uzi helpoprogrogramon por pasvortilo" -#: src/parse_args.c:785 +#: src/parse_args.c:803 msgid "use specified BSD authentication type" msgstr "uzi specifitan BSD-konstatan tipon" -#: src/parse_args.c:788 +#: src/parse_args.c:807 msgid "run command in the background" msgstr "plenumigi komandon fone" -#: src/parse_args.c:790 +#: src/parse_args.c:810 msgid "ring bell when prompting" msgstr "sonigi pepon kiam invitanta" -#: src/parse_args.c:792 +#: src/parse_args.c:812 msgid "close all file descriptors >= num" msgstr "fermi ĉiujn dosierpriskribilojn >= numeron" -#: src/parse_args.c:795 +#: src/parse_args.c:815 msgid "run command with the specified BSD login class" msgstr "plenumigi komandon per specifita BSD-ensaluta klaso" -#: src/parse_args.c:798 +#: src/parse_args.c:818 msgid "change the working directory before running command" msgstr "ŝanĝu la kurantan dosierujon antaŭ plenumi komandon" -#: src/parse_args.c:800 +#: src/parse_args.c:821 msgid "preserve user environment when running command" msgstr "konservi uzanto-medivariablojn dum plenumigi komandon" -#: src/parse_args.c:802 +#: src/parse_args.c:823 msgid "preserve specific environment variables" msgstr "konservi specifajn medivariablojn" -#: src/parse_args.c:804 +#: src/parse_args.c:825 msgid "edit files instead of running a command" msgstr "redakti dosierojn anstataŭ plenumigi komandon" -#: src/parse_args.c:806 +#: src/parse_args.c:828 msgid "run command as the specified group name or ID" msgstr "plenumigi komandon kiel la specifitan grupnomon aŭ identigilon" -#: src/parse_args.c:808 +#: src/parse_args.c:831 msgid "set HOME variable to target user's home dir" msgstr "valorizi medivariablon HOME je la hejma dosierujo de la cela uzanto" -#: src/parse_args.c:810 +#: src/parse_args.c:834 msgid "display help message and exit" msgstr "elmontri helpan mesaĝon kaj eliri" -#: src/parse_args.c:812 +#: src/parse_args.c:836 msgid "run command on host (if supported by plugin)" msgstr "plenumigi komandon en gastiganto (se permesata de kromprogramo)" -#: src/parse_args.c:814 +#: src/parse_args.c:839 msgid "run login shell as the target user; a command may also be specified" msgstr "plenumigi ensalutan ŝelon kiel celan uzanton; komando ankaŭ enmeteblas" -#: src/parse_args.c:816 +#: src/parse_args.c:841 msgid "remove timestamp file completely" msgstr "tute forigi tempo-indikilan dosieron" -#: src/parse_args.c:818 +#: src/parse_args.c:844 msgid "invalidate timestamp file" msgstr "eksvalidigi tempo-indikilan dosieron" -#: src/parse_args.c:820 +#: src/parse_args.c:847 msgid "list user's privileges or check a specific command; use twice for longer format" msgstr "listigi privilegiojn de la uzanto aŭ kontroli specifan komandon; uzu dufoje por pli longa formato" -#: src/parse_args.c:822 +#: src/parse_args.c:850 msgid "non-interactive mode, no prompts are used" msgstr "neinteraga reĝimo, ne demandos al uzanto" -#: src/parse_args.c:824 +#: src/parse_args.c:853 msgid "preserve group vector instead of setting to target's" msgstr "konservi grupan vektoron anstataŭ elekti celan" -#: src/parse_args.c:826 +#: src/parse_args.c:856 msgid "use the specified password prompt" msgstr "uzi specifitan pasvortilon" -#: src/parse_args.c:828 +#: src/parse_args.c:858 msgid "change the root directory before running command" msgstr "ŝanĝu la radikan dosierujon antaŭ ol plenumigi komandon" -#: src/parse_args.c:831 +#: src/parse_args.c:861 msgid "create SELinux security context with specified role" msgstr "krei SELinux-sekurecan kuntekston kun specifita rolo" -#: src/parse_args.c:834 +#: src/parse_args.c:864 msgid "read password from standard input" msgstr "legi pasvorton el norma enigo" -#: src/parse_args.c:836 +#: src/parse_args.c:867 msgid "run shell as the target user; a command may also be specified" msgstr "plenumigi ŝelon kiel cela uzanto; komando ankaŭ specifebla" -#: src/parse_args.c:839 +#: src/parse_args.c:871 msgid "create SELinux security context with specified type" msgstr "krei SELinux-sekurecan kuntekston kun specifita rolo" -#: src/parse_args.c:842 +#: src/parse_args.c:874 msgid "terminate command after the specified time limit" msgstr "finigi la komandon post la specifita tempolimo" -#: src/parse_args.c:844 +#: src/parse_args.c:877 msgid "in list mode, display privileges for user" msgstr "en lista reĝimo elmontri privilegiojn por uzanto" -#: src/parse_args.c:846 +#: src/parse_args.c:880 msgid "run command (or edit file) as specified user name or ID" msgstr "plenumigi komandon (aŭ redakti dosieron) kiel specifita uzanto" -#: src/parse_args.c:848 +#: src/parse_args.c:882 msgid "display version information and exit" msgstr "elmontri eldonan informon kaj eliri" -#: src/parse_args.c:850 +#: src/parse_args.c:885 msgid "update user's timestamp without running a command" msgstr "ĝisdatigi la tempo-indikilon de la uzanto, sed ne plenumigi komandon" -#: src/parse_args.c:852 +#: src/parse_args.c:888 msgid "stop processing command line arguments" msgstr "ĉesigi procedi komandliniajn parametrojn" -#: src/selinux.c:84 +#: src/selinux.c:83 msgid "unable to open audit system" msgstr "ne eblas malfermi aŭdan sistemon" -#: src/selinux.c:94 +#: src/selinux.c:93 msgid "unable to send audit message" msgstr "ne eblas sendi aŭdan mesaĝon" -#: src/selinux.c:128 +#: src/selinux.c:129 #, c-format msgid "unable to fgetfilecon %s" msgstr "ne eblas voki fgetfilecon %s" -#: src/selinux.c:133 +#: src/selinux.c:134 #, c-format msgid "%s changed labels" msgstr "%s ŝanĝis etikedojn" -#: src/selinux.c:141 +#: src/selinux.c:142 #, c-format msgid "unable to restore context for %s" msgstr "ne eblas restarigi kuntekston por %s" -#: src/selinux.c:189 +#: src/selinux.c:190 #, c-format msgid "unable to open %s, not relabeling tty" msgstr "ne eblas malfermi %s, ne remarkanta tty-on" -#: src/selinux.c:193 src/selinux.c:238 src/selinux.c:268 +#: src/selinux.c:194 src/selinux.c:239 src/selinux.c:269 #, c-format msgid "%s is not a character device, not relabeling tty" msgstr "%s ne estas signo-aparato, ni ne remarkas tty" -#: src/selinux.c:202 +#: src/selinux.c:203 msgid "unable to get current tty context, not relabeling tty" msgstr "ne eblas akiri aktualan tty-kuntekston, ne remarkanta" -#: src/selinux.c:209 +#: src/selinux.c:210 msgid "unknown security class \"chr_file\", not relabeling tty" msgstr "nekonata sekurecan klason \"chr_file\", ni ne remarkas tty" -#: src/selinux.c:214 +#: src/selinux.c:215 msgid "unable to get new tty context, not relabeling tty" msgstr "ne eblas akiri novan tty-kuntekston, ni ne remarkas tty" -#: src/selinux.c:223 +#: src/selinux.c:224 msgid "unable to set new tty context" msgstr "ne eblas elekti novan tty-kuntekston" -#: src/selinux.c:321 -#, c-format -msgid "you must specify a role for type %s" -msgstr "vi devas specifi rolon por tipon %s" - #: src/selinux.c:327 +msgid "failed to get new context" +msgstr "malsukcesis akiri novan kuntekston" + +#: src/selinux.c:345 #, c-format msgid "unable to get default type for role %s" msgstr "ne eblas akiri aŭtomatan tipon por rolo %s" -#: src/selinux.c:339 -msgid "failed to get new context" -msgstr "malsukcesis akiri novan kuntekston" - -#: src/selinux.c:348 +#: src/selinux.c:357 #, c-format msgid "failed to set new role %s" msgstr "malsukcesis elekti novan rolon %s" -#: src/selinux.c:352 +#: src/selinux.c:361 #, c-format msgid "failed to set new type %s" msgstr "malsukcesis elekti novan tipon %s" -#: src/selinux.c:364 +#: src/selinux.c:373 #, c-format msgid "%s is not a valid context" msgstr "%s ne estas valida kunteksto" -#: src/selinux.c:396 +#: src/selinux.c:402 msgid "failed to get old context" msgstr "malsukcesis akiri malnovan kuntekston" -#: src/selinux.c:402 +#: src/selinux.c:408 msgid "unable to determine enforcing mode." msgstr "ne povas determini eldevigan reĝimon." -#: src/selinux.c:419 -#, c-format -msgid "unable to set tty context to %s" -msgstr "ne eblas agordi tty-kuntekston al %s" - #: src/selinux.c:440 #, c-format msgid "unable to set exec context to %s" @@ -699,20 +736,40 @@ msgid "unable to set key creation context to %s" msgstr "ne eblas elekti kuntekston de kreo de ŝlosilo al %s" -#: src/sesh.c:77 +#: src/sesh.c:72 msgid "requires at least one argument" msgstr "postulas almenaŭ unu parametron" -#: src/sesh.c:106 +#: src/sesh.c:104 #, c-format msgid "invalid file descriptor number: %s" msgstr "malvalida dosierpriskribila numero: %s" -#: src/sesh.c:120 +#: src/sesh.c:118 #, c-format msgid "unable to run %s as a login shell" msgstr "ne eblas lanĉi %s kiel ensalut-ŝelo" +#: src/sesh.c:200 src/sesh.c:300 src/sudo_edit.c:204 +#, c-format +msgid "%s: editing symbolic links is not permitted" +msgstr "%s: redakto de simbolaj ligoj ne estas permesata" + +#: src/sesh.c:203 src/sesh.c:303 src/sudo_edit.c:207 +#, c-format +msgid "%s: editing files in a writable directory is not permitted" +msgstr "%s: redakto de dosieroj en skribebla dosierujo ne estas permesata" + +#: src/sesh.c:287 src/sesh.c:308 src/sesh.c:317 src/sesh.c:325 +#: src/sudo_edit.c:331 +#, c-format +msgid "contents of edit session left in %s" +msgstr "enhavo de redakta seanco restas en %s" + +#: src/sesh.c:416 src/sudo_edit.c:94 +msgid "unable to get group list" +msgstr "ne eblas atingi grupan liston" + #: src/signal.c:79 #, c-format msgid "unable to save handler for signal %d" @@ -761,203 +818,198 @@ msgid "warning, resource control assignment failed for project \"%s\"" msgstr "averto, rimedo-rega asigno malsukcesis por projekto \"%s\"" -#: src/sudo.c:220 +#: src/sudo.c:213 #, c-format msgid "Sudo version %s\n" msgstr "Sudo: eldono %s\n" -#: src/sudo.c:222 +#: src/sudo.c:215 #, c-format msgid "Configure options: %s\n" msgstr "Muntaj parametroj: %s\n" -#: src/sudo.c:231 +#: src/sudo.c:223 msgid "fatal error, unable to load plugins" msgstr "ĉesiga eraro: ne eblas ŝargi kromprogramojn" -#: src/sudo.c:277 +#: src/sudo.c:269 msgid "plugin did not return a command to execute" msgstr "kromprogramo ne liveris komandon por plenumi" -#: src/sudo.c:312 +#: src/sudo.c:302 #, c-format msgid "unexpected sudo mode 0x%x" msgstr "neatendita sudo-reĝimon 0x%x" -#: src/sudo.c:546 +#: src/sudo.c:550 #, c-format msgid "you do not exist in the %s database" msgstr "vi ne ekzistas en la datumbazo %s" -#: src/sudo.c:603 +#: src/sudo.c:607 msgid "unable to determine tty" msgstr "ne eblas determini tty-on" -#: src/sudo.c:913 +#: src/sudo.c:948 #, c-format msgid "%s must be owned by uid %d and have the setuid bit set" msgstr "%s devas esti posedata de uid %d kaj la setuid-bito devas esti markita" -#: src/sudo.c:916 +#: src/sudo.c:951 #, c-format msgid "effective uid is not %d, is %s on a file system with the 'nosuid' option set or an NFS file system without root privileges?" msgstr "efektiva uid ne estas %d; ĉu %s estas en dosiersistemo kun la elekto 'nosuid' aŭ reta dosiersistemo sen ĉefuzanto-privilegioj?" -#: src/sudo.c:922 +#: src/sudo.c:957 #, c-format msgid "effective uid is not %d, is sudo installed setuid root?" msgstr "efektiva uid ne estas %d; ĉu sudo estas instalita kiel setuid-radiko?" -#: src/sudo.c:938 +#: src/sudo.c:973 src/tgetpass.c:333 msgid "unable to set supplementary group IDs" msgstr "ne eblas elekti suplementajn grupajn identigilojn" -#: src/sudo.c:945 +#: src/sudo.c:980 #, c-format msgid "unable to set effective gid to runas gid %u" msgstr "ne eblas elekti efikan gid-on al plenumigkiela gid %u" -#: src/sudo.c:951 +#: src/sudo.c:986 #, c-format msgid "unable to set gid to runas gid %u" msgstr "ne eblas elekti gid-on kiel plenumigkielan gid-on %u" -#: src/sudo.c:994 +#: src/sudo.c:1029 #, c-format msgid "unexpected child termination condition: %d" msgstr "neatendita ido finiĝis laŭ la kondiĉo: %d" -#: src/sudo.c:1103 +#: src/sudo.c:1136 msgid "unable to initialize policy plugin" msgstr "ne eblas komenci konduktan kromprogramon" -#: src/sudo.c:1166 +#: src/sudo.c:1198 #, c-format msgid "policy plugin %s is missing the \"check_policy\" method" msgstr "konduta kromprogramo %s ne inkluzivas la metodon \"check_policy\"" -#: src/sudo.c:1181 src/sudo.c:1234 src/sudo.c:1278 -msgid "command rejected by policy" -msgstr "komando rifuzita pro konduto-regularo" - -#: src/sudo.c:1186 src/sudo.c:1239 src/sudo.c:1283 -msgid "policy plugin error" -msgstr "eraro de konduta kromprogramo" - -#: src/sudo.c:1220 +#: src/sudo.c:1244 #, c-format msgid "policy plugin %s does not support listing privileges" msgstr "konduta kromprogramo %s ne komprenas listigon de privilegioj" -#: src/sudo.c:1264 +#: src/sudo.c:1288 #, c-format msgid "policy plugin %s does not support the -v option" msgstr "konduta kromprogramo %s ne komprenas la parametron -v" -#: src/sudo.c:1302 +#: src/sudo.c:1326 #, c-format msgid "policy plugin %s does not support the -k/-K options" msgstr "konduta kromprogramo %s ne komprenas la parametrojn -k kaj -K" -#: src/sudo.c:1431 +#: src/sudo.c:1455 #, c-format msgid "error initializing I/O plugin %s" msgstr "eraro dum lanĉo de eneliga kromprogramo %s" -#: src/sudo.c:1585 +#: src/sudo.c:1458 +msgid "error initializing I/O plugin" +msgstr "eraro dum lanĉo de eneliga kromprogramo" + +#: src/sudo.c:1607 #, c-format msgid "error initializing audit plugin %s" msgstr "eraro dum lanĉo de ekzamena kromprogramo %s" -#: src/sudo.c:1763 +#: src/sudo.c:1686 +#, c-format +msgid "%s: unable to log error event%s%s" +msgstr "%smaleblas protokoli eraro-eventon%s%s" + +#: src/sudo.c:1722 +#, c-format +msgid "%s: unable to log accept event%s%s" +msgstr "%s: maleblas protokoli akcepto-eventon%s%s" + +#: src/sudo.c:1727 src/sudo.c:1765 +msgid "audit plugin error" +msgstr "Kontrolo-kromprograma eraro" + +#: src/sudo.c:1760 +#, c-format +msgid "%s: unable to log reject event%s%s" +msgstr "%s: neeblas protokoli malakcepto-eventon%s%s" + +#: src/sudo.c:1820 #, c-format msgid "error initializing approval plugin %s" msgstr "eraro dum lanĉo de aproba kromprogramo %s" -#: src/sudo.c:1839 +#: src/sudo.c:1890 msgid "command rejected by approver" msgstr "komando rifuzita de aprobanto" -#: src/sudo.c:1848 +#: src/sudo.c:1900 msgid "approval plugin error" msgstr "eraro de aproba kromprogramo" -#: src/sudo_edit.c:226 +#: src/sudo_edit.c:113 msgid "no writable temporary directory found" msgstr "neniu skribebla provizora dosierujo estis trovata" -#: src/sudo_edit.c:351 -msgid "unable to restore current working directory" -msgstr "ne eblas restarigi nune kurantan dosierujon" - -#: src/sudo_edit.c:566 src/sudo_edit.c:666 -#, c-format -msgid "%s: not a regular file" -msgstr "%s: ne regula dosiero" - -#: src/sudo_edit.c:573 -#, c-format -msgid "%s: editing symbolic links is not permitted" -msgstr "%s: redakto de simbolaj ligoj ne estas permesata" - -#: src/sudo_edit.c:576 -#, c-format -msgid "%s: editing files in a writable directory is not permitted" -msgstr "%s: redakto de dosieroj en skribebla dosierujo ne estas permesata" - -#: src/sudo_edit.c:667 +#: src/sudo_edit.c:291 #, c-format msgid "%s left unmodified" msgstr "%s restas ne modifita" -#: src/sudo_edit.c:680 src/sudo_edit.c:871 +#: src/sudo_edit.c:304 src/sudo_edit.c:571 #, c-format msgid "%s unchanged" msgstr "%s ne ŝanĝita" -#: src/sudo_edit.c:706 src/sudo_edit.c:909 -#, c-format -msgid "contents of edit session left in %s" -msgstr "enhavo de redakta seanco restas en %s" - -#: src/sudo_edit.c:814 +#: src/sudo_edit.c:481 msgid "sesh: internal error: odd number of paths" msgstr "sesh: interna eraro: malpara nombro da vojoj" -#: src/sudo_edit.c:816 +#: src/sudo_edit.c:483 msgid "sesh: unable to create temporary files" msgstr "sesh: ne eblas krei provizorajn dosierojn" -#: src/sudo_edit.c:818 src/sudo_edit.c:902 +#: src/sudo_edit.c:485 src/sudo_edit.c:609 msgid "sesh: killed by a signal" msgstr "sesh: mortigita de signalo" -#: src/sudo_edit.c:820 src/sudo_edit.c:905 +#: src/sudo_edit.c:487 src/sudo_edit.c:612 #, c-format msgid "sesh: unknown error %d" msgstr "sesh: nekonata eraro %d" -#: src/sudo_edit.c:895 +#: src/sudo_edit.c:602 msgid "unable to copy temporary files back to their original location" msgstr "ne eblas retrokopii provizorajn dosierojn al ilia originala loko" -#: src/sudo_edit.c:899 +#: src/sudo_edit.c:606 msgid "unable to copy some of the temporary files back to their original location" msgstr "ne eblas retrokopii kelkajn el la provizoraj dosieroj al ilia originala loko" -#: src/sudo_edit.c:943 +#: src/sudo_edit.c:649 #, c-format msgid "unable to change uid to root (%u)" msgstr "ne eblas ŝanĝi uid-on al ĉefuzanto (%u)" -#: src/sudo_edit.c:960 +#: src/sudo_edit.c:670 msgid "plugin error: missing file list for sudoedit" msgstr "kromprograma eraro: malhavas dosieran liston por sudoedit" -#: src/sudo_edit.c:1011 src/sudo_edit.c:1024 +#: src/sudo_edit.c:713 src/sudo_edit.c:727 msgid "unable to read the clock" msgstr "ne eblas legi la horloĝon" +#: src/sudo_intercept_common.c:341 +msgid "intercept port not set" +msgstr "interkapta pordo ne agordita" + #: src/tgetpass.c:95 msgid "timed out reading password" msgstr "tro da tempo por kapti pasvorton" @@ -978,113 +1030,29 @@ msgid "no askpass program specified, try setting SUDO_ASKPASS" msgstr "neniu programo askpass indikita, provu difini SUDO_ASKPASS" -#: src/tgetpass.c:327 +#: src/tgetpass.c:328 #, c-format msgid "unable to set gid to %u" msgstr "ne eblas elekti gid-on al %u" -#: src/tgetpass.c:331 +#: src/tgetpass.c:338 #, c-format msgid "unable to set uid to %u" msgstr "ne eblas elekti uid-on al %u" -#: src/tgetpass.c:336 +#: src/tgetpass.c:343 #, c-format msgid "unable to run %s" msgstr "ne eblas plenumigi: %s" -#: src/utmp.c:287 +#: src/utmp.c:288 msgid "unable to save stdin" msgstr "ne eblas konservi norman enigon" -#: src/utmp.c:289 +#: src/utmp.c:290 msgid "unable to dup2 stdin" msgstr "ne eblas dup2 el norma enigo" -#: src/utmp.c:292 +#: src/utmp.c:293 msgid "unable to restore stdin" msgstr "ne eblas restarigi norman enigon" - -#~ msgid "%s: short write" -#~ msgstr "%s: mallonga skribado" - -#~ msgid "unable to read temporary file" -#~ msgstr "ne eblas legi provizoran dosieron" - -#~ msgid "ignoring duplicate policy plugin \"%s\" in %s, line %d" -#~ msgstr "ni malatentas duobligantan kondutan kromprogramon \"%s\" en %s, linio %d" - -#~ msgid "no tty present and no askpass program specified" -#~ msgstr "neniu tty ĉeestas kaj neniu pasvorto-programo specifita" - -#~ msgid "unable to get group vector" -#~ msgstr "ne eblas elekti grupan vektoron" - -#~ msgid "unknown uid %u: who are you?" -#~ msgstr "nekonata uid %u: kiu vi estas?" - -#~ msgid "error reading from signal pipe" -#~ msgstr "eraro dum legi la signalan tubon" - -#~ msgid "internal error, tried allocate zero bytes" -#~ msgstr "interna eraro, provo rezervi neniun bajton" - -#~ msgid "unable to set terminal to raw mode" -#~ msgstr "ne eblas elekti nudan reĝimon ĉe la terminalo" - -#~ msgid "unable to open socket" -#~ msgstr "ne eblas malfermi konektingon" - -#~ msgid "%s: %s: %s\n" -#~ msgstr "%s: %s: %s\n" - -#~ msgid "%s: %s\n" -#~ msgstr "%s: %s\n" - -#~ msgid "internal error, tried to emalloc2(0)" -#~ msgstr "interna eraro, provis je emalloc2(0)" - -#~ msgid "internal error, tried to ecalloc(0)" -#~ msgstr "interna eraro, provis je ecalloc(0)" - -#~ msgid "internal error, tried to erealloc(0)" -#~ msgstr "interna eraro, provis je erealloc(0)" - -#~ msgid "internal error, tried to erealloc3(0)" -#~ msgstr "interna eraro, provis je erealloc3(0)" - -#~ msgid "internal error, tried to erecalloc(0)" -#~ msgstr "interna eraro, provis je erealloc(0)" - -#~ msgid "load_interfaces: overflow detected" -#~ msgstr "load_interfaces: superfluo malkovrita" - -#~ msgid "value out of range" -#~ msgstr "valoro ne en permesata skalo" - -#~ msgid "select failed" -#~ msgstr "elekto malsukcesis" - -#~ msgid "list user's available commands\n" -#~ msgstr "listigi disponeblajn komandojn de uzanto\n" - -#~ msgid "run a shell as target user\n" -#~ msgstr "plenumigi ŝelon kiel cela uzanto\n" - -#~ msgid "when listing, list specified user's privileges\n" -#~ msgstr "dum listigo, listigi privilegiojn de specifita uzanto\n" - -#~ msgid ": " -#~ msgstr ": " - -#~ msgid "internal error, emalloc2() overflow" -#~ msgstr "interna eraro, emalloc2() superfluo" - -#~ msgid "internal error, erealloc3() overflow" -#~ msgstr "interna eraro, erealloc3() superfluo" - -#~ msgid "%s: at least one policy plugin must be specified" -#~ msgstr "%s: almenaŭ unu konduku devas esti specifita" - -#~ msgid "must be setuid root" -#~ msgstr "devas esti ĉefuzanto setuid" Binary files /tmp/tmpi0rdlgnl/ugezXHF7Xt/sudo-1.9.5p2/po/fa.mo and /tmp/tmpi0rdlgnl/jboyaHmwzR/sudo-1.9.9/po/fa.mo differ diff -Nru sudo-1.9.5p2/po/fa.po sudo-1.9.9/po/fa.po --- sudo-1.9.5p2/po/fa.po 1970-01-01 00:00:00.000000000 +0000 +++ sudo-1.9.9/po/fa.po 2022-01-27 21:24:22.000000000 +0000 @@ -0,0 +1,1085 @@ +# Portable object template file for sudo +# This file is put in the public domain. +# Todd C. Miller , 2011-2018 +# +msgid "" +msgstr "" +"Project-Id-Version: sudo 1.9.8b2\n" +"Report-Msgid-Bugs-To: https://bugzilla.sudo.ws\n" +"POT-Creation-Date: 2021-08-16 10:46-0600\n" +"PO-Revision-Date: 2021-12-01 18:40+0330\n" +"Last-Translator: eshagh \n" +"Language-Team: Persian \n" +"Language: fa\n" +"X-Bugs: Report translation errors to the Language-Team address.\n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=UTF-8\n" +"Content-Transfer-Encoding: 8bit\n" +"X-Generator: Poedit 3.0\n" +"Plural-Forms: nplurals=2; plural=(n==0 || n==1);\n" + +#: lib/util/aix.c:89 lib/util/aix.c:169 +msgid "unable to open userdb" +msgstr "نمی‌توان پایگاه دادهٔ کاربر را گشود" + +#: lib/util/aix.c:224 +#, c-format +msgid "unable to switch to registry \"%s\" for %s" +msgstr "نمی‌توان ریجستری را به «%s» برای %s تعویض کرد" + +#: lib/util/aix.c:249 +msgid "unable to restore registry" +msgstr "نمی‌توان ریجستری را بازگرداند" + +#: lib/util/aix.c:272 lib/util/gidlist.c:66 lib/util/gidlist.c:76 +#: lib/util/json.c:54 lib/util/json.c:183 lib/util/sudo_conf.c:211 +#: lib/util/sudo_conf.c:297 lib/util/sudo_conf.c:374 lib/util/sudo_conf.c:658 +#: src/conversation.c:80 src/exec_monitor.c:206 src/exec_monitor.c:456 +#: src/exec_monitor.c:462 src/exec_monitor.c:470 src/exec_monitor.c:478 +#: src/exec_monitor.c:485 src/exec_monitor.c:492 src/exec_monitor.c:499 +#: src/exec_monitor.c:506 src/exec_monitor.c:513 src/exec_monitor.c:520 +#: src/exec_monitor.c:527 src/exec_nopty.c:225 src/exec_nopty.c:235 +#: src/exec_nopty.c:245 src/exec_nopty.c:252 src/exec_nopty.c:259 +#: src/exec_nopty.c:266 src/exec_nopty.c:273 src/exec_nopty.c:280 +#: src/exec_nopty.c:287 src/exec_nopty.c:294 src/exec_nopty.c:301 +#: src/exec_nopty.c:308 src/exec_nopty.c:315 src/exec_nopty.c:323 +#: src/exec_nopty.c:511 src/exec_preload.c:143 src/exec_preload.c:203 +#: src/exec_pty.c:844 src/exec_pty.c:853 src/exec_pty.c:910 +#: src/exec_pty.c:1063 src/exec_pty.c:1237 src/exec_pty.c:1247 +#: src/exec_pty.c:1257 src/exec_pty.c:1264 src/exec_pty.c:1271 +#: src/exec_pty.c:1278 src/exec_pty.c:1285 src/exec_pty.c:1292 +#: src/exec_pty.c:1299 src/exec_pty.c:1306 src/exec_pty.c:1313 +#: src/exec_pty.c:1320 src/exec_pty.c:1328 src/exec_pty.c:1782 +#: src/load_plugins.c:156 src/load_plugins.c:181 src/load_plugins.c:217 +#: src/load_plugins.c:449 src/load_plugins.c:455 src/parse_args.c:190 +#: src/parse_args.c:211 src/parse_args.c:285 src/parse_args.c:630 +#: src/parse_args.c:652 src/parse_args.c:677 src/preserve_fds.c:46 +#: src/preserve_fds.c:131 src/selinux.c:90 src/selinux.c:360 src/selinux.c:489 +#: src/selinux.c:498 src/sesh.c:113 src/sesh.c:146 src/sesh.c:152 +#: src/sesh.c:159 src/sesh.c:165 src/sesh.c:410 src/sudo.c:636 src/sudo.c:706 +#: src/sudo.c:716 src/sudo.c:741 src/sudo.c:760 src/sudo.c:769 src/sudo.c:778 +#: src/sudo.c:795 src/sudo.c:837 src/sudo.c:847 src/sudo.c:876 src/sudo.c:1061 +#: src/sudo.c:1082 src/sudo.c:1374 src/sudo.c:1543 src/sudo.c:1770 +#: src/sudo.c:2104 src/sudo_edit.c:89 src/sudo_edit.c:149 src/sudo_edit.c:429 +#: src/sudo_edit.c:438 src/sudo_edit.c:539 src/sudo_edit.c:546 +#: src/sudo_edit.c:686 src/sudo_edit.c:706 src/sudo_intercept_common.c:160 +#, c-format +msgid "%s: %s" +msgstr "%s: %s" + +#: lib/util/aix.c:272 lib/util/gidlist.c:66 lib/util/json.c:55 +#: lib/util/json.c:184 lib/util/sudo_conf.c:212 lib/util/sudo_conf.c:297 +#: lib/util/sudo_conf.c:374 lib/util/sudo_conf.c:658 src/conversation.c:81 +#: src/exec_intercept.c:154 src/exec_intercept.c:181 src/exec_intercept.c:204 +#: src/exec_intercept.c:225 src/exec_intercept.c:231 src/exec_intercept.c:240 +#: src/exec_intercept.c:246 src/exec_intercept.c:312 src/exec_intercept.c:407 +#: src/exec_intercept.c:627 src/exec_monitor.c:456 src/exec_monitor.c:462 +#: src/exec_monitor.c:470 src/exec_monitor.c:478 src/exec_monitor.c:485 +#: src/exec_monitor.c:492 src/exec_monitor.c:499 src/exec_monitor.c:506 +#: src/exec_monitor.c:513 src/exec_monitor.c:520 src/exec_monitor.c:527 +#: src/exec_nopty.c:225 src/exec_nopty.c:235 src/exec_nopty.c:245 +#: src/exec_nopty.c:252 src/exec_nopty.c:259 src/exec_nopty.c:266 +#: src/exec_nopty.c:273 src/exec_nopty.c:280 src/exec_nopty.c:287 +#: src/exec_nopty.c:294 src/exec_nopty.c:301 src/exec_nopty.c:308 +#: src/exec_nopty.c:315 src/exec_nopty.c:323 src/exec_preload.c:143 +#: src/exec_preload.c:203 src/exec_pty.c:844 src/exec_pty.c:853 +#: src/exec_pty.c:910 src/exec_pty.c:1237 src/exec_pty.c:1247 +#: src/exec_pty.c:1257 src/exec_pty.c:1264 src/exec_pty.c:1271 +#: src/exec_pty.c:1278 src/exec_pty.c:1285 src/exec_pty.c:1292 +#: src/exec_pty.c:1299 src/exec_pty.c:1306 src/exec_pty.c:1313 +#: src/exec_pty.c:1320 src/exec_pty.c:1328 src/exec_pty.c:1782 +#: src/load_plugins.c:156 src/load_plugins.c:181 src/load_plugins.c:217 +#: src/load_plugins.c:449 src/load_plugins.c:455 src/parse_args.c:190 +#: src/parse_args.c:212 src/parse_args.c:285 src/parse_args.c:630 +#: src/parse_args.c:652 src/parse_args.c:677 src/preserve_fds.c:46 +#: src/preserve_fds.c:131 src/selinux.c:90 src/selinux.c:360 src/selinux.c:489 +#: src/selinux.c:498 src/sesh.c:113 src/sesh.c:411 src/sudo.c:227 +#: src/sudo.c:636 src/sudo.c:876 src/sudo.c:1061 src/sudo.c:1082 +#: src/sudo.c:1374 src/sudo.c:1543 src/sudo.c:1770 src/sudo.c:2104 +#: src/sudo_edit.c:89 src/sudo_edit.c:149 src/sudo_edit.c:429 +#: src/sudo_edit.c:438 src/sudo_edit.c:539 src/sudo_edit.c:546 +#: src/sudo_edit.c:686 src/sudo_edit.c:706 src/sudo_intercept_common.c:160 +msgid "unable to allocate memory" +msgstr "نمی‌توان حافظه را تخصیص داد" + +#: lib/util/mkdir_parents.c:69 lib/util/sudo_conf.c:697 src/selinux.c:234 +#: src/selinux.c:264 src/sudo.c:368 src/sudo_edit.c:494 src/sudo_edit.c:559 +#, c-format +msgid "unable to open %s" +msgstr "نمی‌توان %s را گشود" + +#: lib/util/mkdir_parents.c:84 +#, c-format +msgid "unable to mkdir %s" +msgstr "نمی‌توان شاخهٔ %s را ایجاد کرد" + +#: lib/util/mkdir_parents.c:93 lib/util/sudo_conf.c:674 src/copy_file.c:150 +#, fuzzy, c-format +msgid "unable to stat %s" +msgstr "ناتوان در وضعیت %s" + +#: lib/util/mkdir_parents.c:98 +#, c-format +msgid "%s exists but is not a directory (0%o)" +msgstr "%s وجود دارد ولی یک شاخه نیست (0%o)" + +#: lib/util/strsignal.c:50 +msgid "Unknown signal" +msgstr "سیگنال ناشناخته" + +#: lib/util/strtoid.c:87 lib/util/strtomode.c:52 lib/util/strtonum.c:148 +#: lib/util/strtonum.c:187 src/sesh.c:146 src/sesh.c:159 +msgid "invalid value" +msgstr "مقدار نامعتبر" + +#: lib/util/strtomode.c:58 lib/util/strtonum.c:160 +msgid "value too large" +msgstr "مقدار بسیار بزرگ است" + +#: lib/util/strtomode.c:58 lib/util/strtonum.c:154 +msgid "value too small" +msgstr "مقدار بسیار کوچک است" + +#: lib/util/sudo_conf.c:230 +#, c-format +msgid "invalid Path value \"%s\" in %s, line %u" +msgstr "مقدار مسیر نامعتبر «%s» در %s، خط %u" + +#: lib/util/sudo_conf.c:396 lib/util/sudo_conf.c:412 lib/util/sudo_conf.c:465 +#, c-format +msgid "invalid value for %s \"%s\" in %s, line %u" +msgstr "مقدار نامعتبر برای %s «%s» در %s، خط %u" + +#: lib/util/sudo_conf.c:433 +#, c-format +msgid "unsupported group source \"%s\" in %s, line %u" +msgstr "گروه منبع پشتیبانی نشدهٔ «%s» در %s، خط %u" + +#: lib/util/sudo_conf.c:449 +#, c-format +msgid "invalid max groups \"%s\" in %s, line %u" +msgstr "بیشینهٔ گروه‌های نامعتبر «%s» در %s، خط %u" + +#: lib/util/sudo_conf.c:677 +#, c-format +msgid "%s is not a regular file" +msgstr "%s یک پروندهٔ معمولی نیست" + +#: lib/util/sudo_conf.c:680 src/copy_file.c:163 +#, c-format +msgid "%s is owned by uid %u, should be %u" +msgstr "" + +#: lib/util/sudo_conf.c:684 +#, c-format +msgid "%s is world writable" +msgstr "مورد %s توسط همه قابل نوشتن است" + +#: lib/util/sudo_conf.c:687 +#, c-format +msgid "%s is group writable" +msgstr "مورد %s توسط گروه قابل نوشتن است" + +# در این رشته از نویسه ایزوله اولین نویسهٔ قوی استفاده شده است +#: src/copy_file.c:93 +#, c-format +msgid "%s: truncate %s to zero bytes? (y/n) [n] " +msgstr "%s: پروندهٔ ⁨%s⁩ به صفر بایت کوتاه شود؟ (y/n) [n] " + +# در این رشته از نویسه ایزوله اولین نویسهٔ قوی استفاده شده است +#: src/copy_file.c:97 +#, c-format +msgid "not overwriting %s" +msgstr "پروندهٔ ⁨%s⁩ بازنویسی نشد" + +#: src/copy_file.c:119 +#, c-format +msgid "unable to read from %s" +msgstr "خواندن از %s ممکن نیست" + +#: src/copy_file.c:136 src/sudo_edit.c:320 +#, c-format +msgid "unable to write to %s" +msgstr "نوشتن به %s ممکن نیست" + +#: src/copy_file.c:154 src/sesh.c:218 src/sudo_edit.c:197 +#, c-format +msgid "%s: not a regular file" +msgstr "%s: یک پرونده معمولی نیست" + +# در این رشته از نویسه ایزوله چپ‌به‌راست استفاده شده است +#: src/copy_file.c:158 +#, c-format +msgid "%s: bad file mode: 0%o" +msgstr "%s: حالت پرونده بد: ⁦0%o⁩" + +#: src/edit_open.c:265 +msgid "unable to restore current working directory" +msgstr "نمی‌توان شاخه کاری فعلی را بازگرداند" + +#: src/exec.c:130 +#, c-format +msgid "unknown login class %s" +msgstr "کلاس ورود ناشناختهٔ %s" + +#: src/exec.c:142 +msgid "unable to set user context" +msgstr "نمی‌توان مفاد کاربر را تنظیم کرد" + +#: src/exec.c:158 +msgid "unable to set process priority" +msgstr "" + +#: src/exec.c:172 +#, c-format +msgid "unable to change root to %s" +msgstr "نمی‌توان روت را به %s تغییر داد" + +#: src/exec.c:185 src/exec.c:191 src/exec.c:198 +#, c-format +msgid "unable to change to runas uid (%u, %u)" +msgstr "" + +#: src/exec.c:216 +#, c-format +msgid "unable to change directory to %s" +msgstr "نمی‌توان شاخه را به %s تغییر داد" + +#: src/exec.c:220 +#, c-format +msgid "starting from %s" +msgstr "شروع از %s" + +#: src/exec.c:302 src/exec_monitor.c:565 src/exec_monitor.c:567 +#: src/exec_nopty.c:569 src/exec_pty.c:585 src/exec_pty.c:1425 +#: src/exec_pty.c:1427 src/signal.c:144 src/signal.c:151 src/signal.c:165 +#, c-format +msgid "unable to set handler for signal %d" +msgstr "" + +#: src/exec_common.c:56 +msgid "unable to remove PRIV_PROC_EXEC from PRIV_LIMIT" +msgstr "" + +#: src/exec_common.c:85 +msgid "unable to dup intercept fd" +msgstr "" + +#: src/exec_intercept.c:138 +msgid "invalid PolicyCheckRequest" +msgstr "" + +#: src/exec_intercept.c:191 src/sudo.c:1187 src/sudo.c:1232 src/sudo.c:1276 +msgid "command rejected by policy" +msgstr "دستور توسط خط‌مشی رد شد" + +#: src/exec_intercept.c:272 src/sudo.c:1192 src/sudo.c:1237 src/sudo.c:1281 +#: src/sudo.c:1355 +msgid "policy plugin error" +msgstr "خطای افزایهٔ خط‌مشی" + +#: src/exec_intercept.c:304 +#, c-format +msgid "client message too large: %zu" +msgstr "پیام کارخواه بسیار بزرگ: %zu" + +#: src/exec_intercept.c:340 +#, c-format +msgid "unexpected type_case value %d in %s from %s" +msgstr "" + +#: src/exec_intercept.c:367 src/exec_intercept.c:371 src/exec_intercept.c:634 +#: src/exec_intercept.c:638 src/exec_monitor.c:464 src/exec_monitor.c:472 +#: src/exec_monitor.c:480 src/exec_monitor.c:487 src/exec_monitor.c:494 +#: src/exec_monitor.c:501 src/exec_monitor.c:508 src/exec_monitor.c:515 +#: src/exec_monitor.c:522 src/exec_monitor.c:529 src/exec_nopty.c:227 +#: src/exec_nopty.c:237 src/exec_nopty.c:247 src/exec_nopty.c:254 +#: src/exec_nopty.c:261 src/exec_nopty.c:268 src/exec_nopty.c:275 +#: src/exec_nopty.c:282 src/exec_nopty.c:289 src/exec_nopty.c:296 +#: src/exec_nopty.c:303 src/exec_nopty.c:310 src/exec_nopty.c:317 +#: src/exec_nopty.c:325 src/exec_pty.c:710 src/exec_pty.c:715 +#: src/exec_pty.c:812 src/exec_pty.c:819 src/exec_pty.c:916 +#: src/exec_pty.c:1239 src/exec_pty.c:1249 src/exec_pty.c:1259 +#: src/exec_pty.c:1266 src/exec_pty.c:1273 src/exec_pty.c:1280 +#: src/exec_pty.c:1287 src/exec_pty.c:1294 src/exec_pty.c:1301 +#: src/exec_pty.c:1308 src/exec_pty.c:1315 src/exec_pty.c:1322 +#: src/exec_pty.c:1735 src/exec_pty.c:1745 src/exec_pty.c:1790 +#: src/exec_pty.c:1797 src/exec_pty.c:1824 +msgid "unable to add event to queue" +msgstr "نمی‌توان رویداد را به صف افزود" + +#: src/exec_intercept.c:395 +#, c-format +msgid "server message too large: %zu" +msgstr "پیام کارساز بسیار بزرگ: %zu" + +#: src/exec_intercept.c:608 src/exec_intercept.c:620 +#, c-format +msgid "%s: missing message header" +msgstr "%s: سرایند پیام گمشده" + +#: src/exec_intercept.c:613 +#, c-format +msgid "%s: expected message type %d, got %d" +msgstr "" + +#: src/exec_monitor.c:360 +msgid "error reading from socketpair" +msgstr "" + +#: src/exec_monitor.c:377 +#, c-format +msgid "unexpected reply type on backchannel: %d" +msgstr "" + +#: src/exec_monitor.c:583 +msgid "unable to set controlling tty" +msgstr "" + +#: src/exec_monitor.c:591 src/exec_nopty.c:383 src/exec_pty.c:1504 +#: src/exec_pty.c:1525 src/exec_pty.c:1545 src/tgetpass.c:307 +msgid "unable to create pipe" +msgstr "نمی‌توان لوله را ایجاد کرد" + +#: src/exec_monitor.c:601 +msgid "unable to receive message from parent" +msgstr "نمی‌توان پیام را از والد گرفت" + +#: src/exec_monitor.c:617 src/exec_nopty.c:421 src/exec_pty.c:1583 +#: src/sudo_edit.c:361 src/tgetpass.c:311 +msgid "unable to fork" +msgstr "نمی‌توان فورک کرد" + +#: src/exec_monitor.c:621 src/exec_monitor.c:722 src/exec_nopty.c:479 +msgid "unable to restore tty label" +msgstr "" + +#: src/exec_monitor.c:637 src/sesh.c:123 src/sudo.c:1138 +#, c-format +msgid "unable to execute %s" +msgstr "نمی‌توان %s را اجرا کرد" + +#: src/exec_nopty.c:377 src/exec_pty.c:1434 +msgid "policy plugin failed session initialization" +msgstr "" + +#: src/exec_nopty.c:391 src/exec_pty.c:1405 src/exec_pty.c:1413 +msgid "unable to create sockets" +msgstr "نمی‌توان سوکت‌ها را ایجاد کرد" + +#: src/exec_nopty.c:467 src/exec_pty.c:1674 +msgid "error in event loop" +msgstr "خطایی در حلقهٔ رویداد رخ داد" + +#: src/exec_nopty.c:577 src/exec_pty.c:623 src/signal.c:101 +#, c-format +msgid "unable to restore handler for signal %d" +msgstr "" + +#: src/exec_pty.c:162 +msgid "unable to allocate pty" +msgstr "" + +#: src/exec_pty.c:226 src/exec_pty.c:266 src/exec_pty.c:306 src/exec_pty.c:357 +#: src/exec_pty.c:408 +msgid "I/O plugin error" +msgstr "خطای افزایهٔ ورودی/خروجی" + +#: src/exec_pty.c:230 src/exec_pty.c:270 src/exec_pty.c:310 src/exec_pty.c:361 +#: src/exec_pty.c:412 +msgid "command rejected by I/O plugin" +msgstr "دستور توسط افزایهٔ ورودی/خروجی رد شد" + +#: src/exec_pty.c:459 +msgid "error logging suspend" +msgstr "" + +#: src/exec_pty.c:493 +msgid "error changing window size" +msgstr "هنگام تغییر اندازهٔ پنجره خطایی رخ داد" + +#: src/exec_pty.c:1629 +msgid "unable to send message to monitor process" +msgstr "" + +#: src/load_plugins.c:108 src/load_plugins.c:122 src/load_plugins.c:128 +#: src/load_plugins.c:277 src/load_plugins.c:287 src/load_plugins.c:297 +#: src/load_plugins.c:344 +#, c-format +msgid "error in %s, line %d while loading plugin \"%s\"" +msgstr "" + +#: src/load_plugins.c:124 +#, c-format +msgid "%s must be owned by uid %d" +msgstr "مالک %s باید شناسهٔ کاربری %d باشد" + +#: src/load_plugins.c:130 +#, c-format +msgid "%s must be only be writable by owner" +msgstr "%s باید فقط توسط مالک قابل نوشتن باشد" + +#: src/load_plugins.c:241 src/load_plugins.c:312 +#, c-format +msgid "ignoring duplicate plugin \"%s\" in %s, line %d" +msgstr "" + +#: src/load_plugins.c:279 +#, c-format +msgid "unable to load %s: %s" +msgstr "نمی‌توان %s را بار کرد: %s" + +#: src/load_plugins.c:289 +#, c-format +msgid "unable to find symbol \"%s\" in %s" +msgstr "نمی‌توان نماد «%s» را در %s یافت" + +#: src/load_plugins.c:299 +#, c-format +msgid "incompatible plugin major version %d (expected %d) found in %s" +msgstr "" + +#: src/load_plugins.c:317 +#, c-format +msgid "ignoring policy plugin \"%s\" in %s, line %d" +msgstr "" + +#: src/load_plugins.c:320 +msgid "only a single policy plugin may be specified" +msgstr "" + +#: src/load_plugins.c:346 +#, c-format +msgid "unknown plugin type %d found in %s" +msgstr "گونهٔ افزایهٔ ناشناختهٔ %d در %s یافت شد" + +#: src/load_plugins.c:529 +#, c-format +msgid "policy plugin %s does not include a check_policy method" +msgstr "" + +#: src/net_ifs.c:210 src/net_ifs.c:376 src/net_ifs.c:437 src/net_ifs.c:624 +#: src/net_ifs.c:855 src/sudo.c:483 src/sudo_edit.c:398 src/sudo_edit.c:406 +#, c-format +msgid "internal error, %s overflow" +msgstr "" + +#: src/parse_args.c:232 +#, c-format +msgid "invalid environment variable name: %s" +msgstr "نام متغیر محیطی نامعتبر: %s" + +# در این رشته از نویسه LRM استفاده شده است +#: src/parse_args.c:335 +msgid "the argument to -C must be a number greater than or equal to 3" +msgstr "آرگومان ‎-C باید عددی بزرگ‌تر یا مساوی ۳ باشد" + +# در این رشته از نویسه LRM استفاده شده است +#: src/parse_args.c:566 +msgid "you may not specify both the -i and -s options" +msgstr "شما نباید هر دو گزینهٔ ‎-i و ‎-s را مشخص کنید" + +# در این رشته از نویسه LRM استفاده شده است +#: src/parse_args.c:571 +msgid "you may not specify both the -i and -E options" +msgstr "شما نباید هر دو گزینهٔ ‎-i و ‎-E را مشخص کنید" + +# در این رشته از نویسه LRM استفاده شده است +#: src/parse_args.c:581 +msgid "the -E option is not valid in edit mode" +msgstr "گزینهٔ ‎-E در حالت ویرایش معتبر نیست" + +#: src/parse_args.c:584 +msgid "you may not specify environment variables in edit mode" +msgstr "شما نباید متغیرهای محیطی را در حالت ویرایش مشخص کنید" + +# در این رشته از نویسه LRM استفاده شده است +#: src/parse_args.c:594 +msgid "the -U option may only be used with the -l option" +msgstr "گزینهٔ ‎-U باید فقط همراه گزینهٔ ‎-l استفاده شود" + +# در این رشته از نویسه LRM استفاده شده است +#: src/parse_args.c:598 +msgid "the -A and -S options may not be used together" +msgstr "گزینه‌های ‎-A و ‎-S نباید با یکدیگر استفاده شوند" + +#: src/parse_args.c:691 +msgid "sudoedit is not supported on this platform" +msgstr "sudoedit در این بن‌سازه پشتیبانی نمی‌شود" + +# در این رشته از نویسه LRM استفاده شده است +#: src/parse_args.c:774 +msgid "Only one of the -e, -h, -i, -K, -l, -s, -v or -V options may be specified" +msgstr "فقط یکی از گزینه‌های ‎-e, -h, -i, -K, -l, -s, -v یا ‎-V باید مشخص شود" + +#: src/parse_args.c:790 +#, c-format +msgid "" +"%s - edit files as another user\n" +"\n" +msgstr "" +"%s - پرونده‌ها را به عنوان کاربری دیگر ویرایش کنید\n" +"\n" + +#: src/parse_args.c:792 +#, c-format +msgid "" +"%s - execute a command as another user\n" +"\n" +msgstr "" +"%s - دستوری را به عنوان کاربری دیگر اجرا کنید\n" +"\n" + +#: src/parse_args.c:798 +msgid "" +"\n" +"Options:\n" +msgstr "" +"\n" +"گزینه‌ها:\n" + +#: src/parse_args.c:800 +msgid "use a helper program for password prompting" +msgstr "از یک برنامهٔ کمکی برای اعلان گذرواژه استفاده می‌کند" + +#: src/parse_args.c:803 +msgid "use specified BSD authentication type" +msgstr "" + +#: src/parse_args.c:807 +msgid "run command in the background" +msgstr "دستور را در پس‌زمینه اجرا می‌کند" + +#: src/parse_args.c:810 +msgid "ring bell when prompting" +msgstr "هنگام اعلان صدای زنگ پخش می‌کند" + +#: src/parse_args.c:812 +msgid "close all file descriptors >= num" +msgstr "همهٔ توصیف‌گرهای پرونده >= num را می‌بندد" + +#: src/parse_args.c:815 +msgid "run command with the specified BSD login class" +msgstr "دستور را همراه کلاس ورود بی‌اس‌دی مشخص‌شده اجرا می‌کند" + +#: src/parse_args.c:818 +msgid "change the working directory before running command" +msgstr "پیش از اجرای دستور شاخهٔ کار را تغییر می‌دهد" + +#: src/parse_args.c:821 +msgid "preserve user environment when running command" +msgstr "هنگام اجرای دستور محیط کاربر را حفظ می‌کند" + +#: src/parse_args.c:823 +msgid "preserve specific environment variables" +msgstr "متغیرهای محیطی مشخص‌شده را حفظ می‌کند" + +#: src/parse_args.c:825 +msgid "edit files instead of running a command" +msgstr "به‌جای اجرای یک دستور، پرونده‌ها را ویرایش می‌کند" + +#: src/parse_args.c:828 +msgid "run command as the specified group name or ID" +msgstr "دستور به عنوان نام گروه یا شناسهٔ مشخص‌شده اجرا می‌شود" + +#: src/parse_args.c:831 +msgid "set HOME variable to target user's home dir" +msgstr "متغیر HOME را به عنوان شاخهٔ خانهٔ کاربر هدف تنظیم می‌کند" + +#: src/parse_args.c:834 +msgid "display help message and exit" +msgstr "پیام راهنما را نمایش و خارج می‌شود" + +#: src/parse_args.c:836 +msgid "run command on host (if supported by plugin)" +msgstr "دستور را در میزبان اجرا می‌کند (اگر توسط افزایه پشتیبانی شود)" + +#: src/parse_args.c:839 +msgid "run login shell as the target user; a command may also be specified" +msgstr "پوسته ورود به عنوان کاربر هدف اجرا می‌شود؛ یک دستور نیز می‌تواند مشخص شود" + +#: src/parse_args.c:841 +msgid "remove timestamp file completely" +msgstr "پروندهٔ مهر زمانی را به طور کامل برمی‌دارد" + +#: src/parse_args.c:844 +msgid "invalidate timestamp file" +msgstr "پروندهٔ مهر زمانی را باطل می‌کند" + +#: src/parse_args.c:847 +msgid "list user's privileges or check a specific command; use twice for longer format" +msgstr "امتیازات کاربر را فهرست یا دستور مشخصی را بررسی می‌کند؛ برای قالب طولانی‌تر دو مرتبه استفاده‌اش کنید" + +#: src/parse_args.c:850 +msgid "non-interactive mode, no prompts are used" +msgstr "حالت غیرتعاملی، هیچ اعلانی استفاده نمی‌شود" + +#: src/parse_args.c:853 +msgid "preserve group vector instead of setting to target's" +msgstr "" + +#: src/parse_args.c:856 +msgid "use the specified password prompt" +msgstr "از اعلان گذرواژهٔ مشخص‌شده استفاده می‌کند" + +#: src/parse_args.c:858 +msgid "change the root directory before running command" +msgstr "پیش از اجرای دستور شاخهٔ روت را تغییر می‌دهد" + +#: src/parse_args.c:861 +msgid "create SELinux security context with specified role" +msgstr "" + +#: src/parse_args.c:864 +msgid "read password from standard input" +msgstr "گذرواژه را از ورودی استاندارد می‌خواند" + +#: src/parse_args.c:867 +msgid "run shell as the target user; a command may also be specified" +msgstr "پوسته به عنوان کاربر هدف اجرا می‌شود؛ یک دستور نیز می‌تواند مشخص شود" + +#: src/parse_args.c:871 +msgid "create SELinux security context with specified type" +msgstr "" + +#: src/parse_args.c:874 +msgid "terminate command after the specified time limit" +msgstr "دستور پس از زمان مشخص‌شده خاتمه داده می‌شود" + +#: src/parse_args.c:877 +msgid "in list mode, display privileges for user" +msgstr "در حالت فهرست، امتیازات کاربر نمایش داده می‌شود" + +#: src/parse_args.c:880 +msgid "run command (or edit file) as specified user name or ID" +msgstr "دستور به عنوان نام کاربر یا شناسهٔ مشخص‌شده اجرا می‌شود (یا پرونده ویرایش می‌شود)" + +#: src/parse_args.c:882 +msgid "display version information and exit" +msgstr "اطّلاعات نگارش را نمایش می‌دهد و خارج می‌شود" + +#: src/parse_args.c:885 +msgid "update user's timestamp without running a command" +msgstr "بدون اجرای دستوری مهر زمانی کاربر را به‌روز رسانی می‌کند" + +#: src/parse_args.c:888 +msgid "stop processing command line arguments" +msgstr "پردازش آرگومان‌های خط فرمان را متوقّف می‌کند" + +#: src/selinux.c:84 +msgid "unable to open audit system" +msgstr "" + +#: src/selinux.c:94 +msgid "unable to send audit message" +msgstr "" + +#: src/selinux.c:128 +#, c-format +msgid "unable to fgetfilecon %s" +msgstr "" + +#: src/selinux.c:133 +#, c-format +msgid "%s changed labels" +msgstr "" + +#: src/selinux.c:141 +#, c-format +msgid "unable to restore context for %s" +msgstr "" + +#: src/selinux.c:189 +#, c-format +msgid "unable to open %s, not relabeling tty" +msgstr "" + +#: src/selinux.c:193 src/selinux.c:238 src/selinux.c:268 +#, c-format +msgid "%s is not a character device, not relabeling tty" +msgstr "" + +#: src/selinux.c:202 +msgid "unable to get current tty context, not relabeling tty" +msgstr "" + +#: src/selinux.c:209 +msgid "unknown security class \"chr_file\", not relabeling tty" +msgstr "" + +#: src/selinux.c:214 +msgid "unable to get new tty context, not relabeling tty" +msgstr "" + +#: src/selinux.c:223 +msgid "unable to set new tty context" +msgstr "" + +#: src/selinux.c:321 +#, c-format +msgid "you must specify a role for type %s" +msgstr "" + +#: src/selinux.c:327 +#, c-format +msgid "unable to get default type for role %s" +msgstr "" + +#: src/selinux.c:339 +msgid "failed to get new context" +msgstr "" + +#: src/selinux.c:348 +#, c-format +msgid "failed to set new role %s" +msgstr "" + +#: src/selinux.c:352 +#, c-format +msgid "failed to set new type %s" +msgstr "" + +#: src/selinux.c:364 +#, c-format +msgid "%s is not a valid context" +msgstr "" + +#: src/selinux.c:396 +msgid "failed to get old context" +msgstr "" + +#: src/selinux.c:402 +msgid "unable to determine enforcing mode." +msgstr "" + +#: src/selinux.c:419 +#, c-format +msgid "unable to set tty context to %s" +msgstr "" + +#: src/selinux.c:440 +#, c-format +msgid "unable to set exec context to %s" +msgstr "" + +#: src/selinux.c:447 +#, c-format +msgid "unable to set key creation context to %s" +msgstr "" + +#: src/sesh.c:72 +msgid "requires at least one argument" +msgstr "حداقل به یک آرگومان نیاز است" + +#: src/sesh.c:104 +#, c-format +msgid "invalid file descriptor number: %s" +msgstr "شمارهٔ توصیف‌گر پرونده نامعتبر: %s" + +#: src/sesh.c:118 +#, c-format +msgid "unable to run %s as a login shell" +msgstr "اجرای %s به عنوان یک پوستهٔ ورود، ممکن نیست" + +#: src/sesh.c:200 src/sesh.c:300 src/sudo_edit.c:204 +#, c-format +msgid "%s: editing symbolic links is not permitted" +msgstr "%s: ویرایش پیوندهای نمادین مجاز نیست" + +#: src/sesh.c:203 src/sesh.c:303 src/sudo_edit.c:207 +#, c-format +msgid "%s: editing files in a writable directory is not permitted" +msgstr "%s: ویرایش پرونده‌ها در یک شاخهٔ قابل نوشتن مجاز نیست" + +#: src/sesh.c:287 src/sesh.c:308 src/sesh.c:317 src/sesh.c:325 +#: src/sudo_edit.c:331 +#, c-format +msgid "contents of edit session left in %s" +msgstr "" + +#: src/sesh.c:416 src/sudo_edit.c:94 +msgid "unable to get group list" +msgstr "ناتوان در دریافت فهرست گروه" + +#: src/signal.c:79 +#, c-format +msgid "unable to save handler for signal %d" +msgstr "" + +#: src/solaris.c:72 +msgid "resource control limit has been reached" +msgstr "" + +#: src/solaris.c:75 +#, c-format +msgid "user \"%s\" is not a member of project \"%s\"" +msgstr "کاربر «%s» عضوی از پروژهٔ «%s» نیست" + +#: src/solaris.c:79 +msgid "the invoking task is final" +msgstr "" + +#: src/solaris.c:82 +#, c-format +msgid "could not join project \"%s\"" +msgstr "" + +#: src/solaris.c:89 +#, c-format +msgid "no resource pool accepting default bindings exists for project \"%s\"" +msgstr "" + +#: src/solaris.c:93 +#, c-format +msgid "specified resource pool does not exist for project \"%s\"" +msgstr "" + +#: src/solaris.c:97 +#, c-format +msgid "could not bind to default resource pool for project \"%s\"" +msgstr "" + +#: src/solaris.c:104 +#, c-format +msgid "setproject failed for project \"%s\"" +msgstr "" + +#: src/solaris.c:106 +#, c-format +msgid "warning, resource control assignment failed for project \"%s\"" +msgstr "" + +#: src/sudo.c:213 +#, c-format +msgid "Sudo version %s\n" +msgstr "نگارش Sudo %s\n" + +#: src/sudo.c:215 +#, c-format +msgid "Configure options: %s\n" +msgstr "گزینه‌های پیکربندی: %s\n" + +#: src/sudo.c:223 +msgid "fatal error, unable to load plugins" +msgstr "خطای مرگبار، بار کردن افزایه‌ها ممکن نیست" + +#: src/sudo.c:269 +msgid "plugin did not return a command to execute" +msgstr "افزایه دستوری برای اجرا برنگرداند" + +#: src/sudo.c:302 +#, c-format +msgid "unexpected sudo mode 0x%x" +msgstr "" + +#: src/sudo.c:550 +#, c-format +msgid "you do not exist in the %s database" +msgstr "شما در پایگاه دادهٔ %s وجود ندارید" + +#: src/sudo.c:607 +msgid "unable to determine tty" +msgstr "" + +#: src/sudo.c:922 +#, c-format +msgid "%s must be owned by uid %d and have the setuid bit set" +msgstr "مالک %s باید شناسهٔ کاربری %d باشد و بیت setuid نیز تنظیم شده باشد" + +#: src/sudo.c:925 +#, c-format +msgid "effective uid is not %d, is %s on a file system with the 'nosuid' option set or an NFS file system without root privileges?" +msgstr "" + +#: src/sudo.c:931 +#, c-format +msgid "effective uid is not %d, is sudo installed setuid root?" +msgstr "" + +#: src/sudo.c:947 src/tgetpass.c:333 +msgid "unable to set supplementary group IDs" +msgstr "" + +#: src/sudo.c:954 +#, c-format +msgid "unable to set effective gid to runas gid %u" +msgstr "" + +#: src/sudo.c:960 +#, c-format +msgid "unable to set gid to runas gid %u" +msgstr "" + +#: src/sudo.c:1003 +#, c-format +msgid "unexpected child termination condition: %d" +msgstr "" + +#: src/sudo.c:1110 +msgid "unable to initialize policy plugin" +msgstr "" + +#: src/sudo.c:1172 +#, c-format +msgid "policy plugin %s is missing the \"check_policy\" method" +msgstr "" + +#: src/sudo.c:1218 +#, c-format +msgid "policy plugin %s does not support listing privileges" +msgstr "" + +#: src/sudo.c:1262 +#, c-format +msgid "policy plugin %s does not support the -v option" +msgstr "" + +#: src/sudo.c:1300 +#, c-format +msgid "policy plugin %s does not support the -k/-K options" +msgstr "" + +#: src/sudo.c:1428 +#, c-format +msgid "error initializing I/O plugin %s" +msgstr "" + +#: src/sudo.c:1431 +msgid "error initializing I/O plugin" +msgstr "" + +#: src/sudo.c:1580 +#, c-format +msgid "error initializing audit plugin %s" +msgstr "" + +#: src/sudo.c:1659 +#, c-format +msgid "%s: unable to log error event%s%s" +msgstr "" + +#: src/sudo.c:1695 +#, c-format +msgid "%s: unable to log accept event%s%s" +msgstr "" + +#: src/sudo.c:1700 src/sudo.c:1738 +msgid "audit plugin error" +msgstr "" + +#: src/sudo.c:1733 +#, c-format +msgid "%s: unable to log reject event%s%s" +msgstr "" + +#: src/sudo.c:1793 +#, c-format +msgid "error initializing approval plugin %s" +msgstr "" + +#: src/sudo.c:1863 +msgid "command rejected by approver" +msgstr "" + +#: src/sudo.c:1873 +msgid "approval plugin error" +msgstr "" + +#: src/sudo_edit.c:113 +msgid "no writable temporary directory found" +msgstr "هیچ شاخهٔ موقّتی قابل نوشتنی یافت نشد" + +#: src/sudo_edit.c:291 +#, c-format +msgid "%s left unmodified" +msgstr "%s بدون تغییر باقی‌ماند" + +#: src/sudo_edit.c:304 src/sudo_edit.c:571 +#, c-format +msgid "%s unchanged" +msgstr "%s تغییر نکرد" + +#: src/sudo_edit.c:481 +msgid "sesh: internal error: odd number of paths" +msgstr "" + +#: src/sudo_edit.c:483 +msgid "sesh: unable to create temporary files" +msgstr "" + +#: src/sudo_edit.c:485 src/sudo_edit.c:609 +msgid "sesh: killed by a signal" +msgstr "" + +#: src/sudo_edit.c:487 src/sudo_edit.c:612 +#, c-format +msgid "sesh: unknown error %d" +msgstr "" + +#: src/sudo_edit.c:602 +msgid "unable to copy temporary files back to their original location" +msgstr "ناتوان در رونویسی پرونده‌های موقّتی به مکان اصلی‌شان" + +#: src/sudo_edit.c:606 +msgid "unable to copy some of the temporary files back to their original location" +msgstr "ناتوان در رونویسی بعضی از پرونده‌های موقّتی به مکان اصلی‌شان" + +#: src/sudo_edit.c:649 +#, c-format +msgid "unable to change uid to root (%u)" +msgstr "ناتوان در تنظیم uid به روت (%u)" + +#: src/sudo_edit.c:670 +msgid "plugin error: missing file list for sudoedit" +msgstr "" + +#: src/sudo_edit.c:722 src/sudo_edit.c:732 +msgid "unable to read the clock" +msgstr "ناتوان در خواندن ساعت" + +#: src/tgetpass.c:95 +msgid "timed out reading password" +msgstr "زمان خواندن گذرواژه تمام شده است" + +#: src/tgetpass.c:98 +msgid "no password was provided" +msgstr "هیچ گذرواژه‌ای ارائه نشده است" + +#: src/tgetpass.c:101 +msgid "unable to read password" +msgstr "ناتوان در خواندن گذرواژه" + +#: src/tgetpass.c:141 +msgid "a terminal is required to read the password; either use the -S option to read from standard input or configure an askpass helper" +msgstr "" + +#: src/tgetpass.c:152 +msgid "no askpass program specified, try setting SUDO_ASKPASS" +msgstr "" + +#: src/tgetpass.c:328 +#, c-format +msgid "unable to set gid to %u" +msgstr "ناتوان در تنظیم gid به %u" + +#: src/tgetpass.c:338 +#, c-format +msgid "unable to set uid to %u" +msgstr "ناتوان در تنظیم uid به %u" + +#: src/tgetpass.c:343 +#, c-format +msgid "unable to run %s" +msgstr "ناتوان در اجرای %s" + +#: src/utmp.c:288 +msgid "unable to save stdin" +msgstr "" + +#: src/utmp.c:290 +msgid "unable to dup2 stdin" +msgstr "" + +#: src/utmp.c:293 +msgid "unable to restore stdin" +msgstr "" Binary files /tmp/tmpi0rdlgnl/ugezXHF7Xt/sudo-1.9.5p2/po/fi.mo and /tmp/tmpi0rdlgnl/jboyaHmwzR/sudo-1.9.9/po/fi.mo differ diff -Nru sudo-1.9.5p2/po/fi.po sudo-1.9.9/po/fi.po --- sudo-1.9.5p2/po/fi.po 2020-12-17 01:33:44.000000000 +0000 +++ sudo-1.9.9/po/fi.po 2022-01-27 21:24:22.000000000 +0000 @@ -2,23 +2,23 @@ # This file is put in the public domain. # This file is distributed under the same license as the sudo package. # Jorma Karvonen , 2011-2017. -# Lauri Nurmi , 2019. +# Lauri Nurmi , 2019-2021. # msgid "" msgstr "" -"Project-Id-Version: sudo 1.9.3b1\n" +"Project-Id-Version: sudo 1.9.9b1\n" "Report-Msgid-Bugs-To: https://bugzilla.sudo.ws\n" -"POT-Creation-Date: 2020-09-12 08:28-0600\n" -"PO-Revision-Date: 2020-09-14 23:01+0300\n" +"POT-Creation-Date: 2021-12-08 10:19-0700\n" +"PO-Revision-Date: 2021-12-16 18:49+0200\n" "Last-Translator: Lauri Nurmi \n" "Language-Team: Finnish \n" "Language: fi\n" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=UTF-8\n" "Content-Transfer-Encoding: 8bit\n" -"X-Bugs: Report translation errors to the Language-Team address.\n" "Plural-Forms: nplurals=2; plural=n != 1;\n" -"X-Generator: Poedit 2.4.1\n" +"X-Bugs: Report translation errors to the Language-Team address.\n" +"X-Generator: Poedit 3.0.1\n" #: lib/util/aix.c:89 lib/util/aix.c:169 msgid "unable to open userdb" @@ -34,87 +34,94 @@ msgstr "rekisterin palautus epäonnistui" #: lib/util/aix.c:272 lib/util/gidlist.c:66 lib/util/gidlist.c:76 -#: lib/util/json.c:54 lib/util/json.c:180 lib/util/sudo_conf.c:186 -#: lib/util/sudo_conf.c:272 lib/util/sudo_conf.c:349 lib/util/sudo_conf.c:575 -#: src/conversation.c:80 src/exec_common.c:106 src/exec_common.c:122 -#: src/exec_common.c:131 src/exec_monitor.c:206 src/exec_monitor.c:455 -#: src/exec_monitor.c:461 src/exec_monitor.c:469 src/exec_monitor.c:477 -#: src/exec_monitor.c:484 src/exec_monitor.c:491 src/exec_monitor.c:498 -#: src/exec_monitor.c:505 src/exec_monitor.c:512 src/exec_monitor.c:519 -#: src/exec_monitor.c:526 src/exec_nopty.c:212 src/exec_nopty.c:221 -#: src/exec_nopty.c:228 src/exec_nopty.c:235 src/exec_nopty.c:242 -#: src/exec_nopty.c:249 src/exec_nopty.c:256 src/exec_nopty.c:263 -#: src/exec_nopty.c:270 src/exec_nopty.c:277 src/exec_nopty.c:284 -#: src/exec_nopty.c:291 src/exec_nopty.c:299 src/exec_nopty.c:473 -#: src/exec_pty.c:827 src/exec_pty.c:836 src/exec_pty.c:893 -#: src/exec_pty.c:1046 src/exec_pty.c:1218 src/exec_pty.c:1227 -#: src/exec_pty.c:1234 src/exec_pty.c:1241 src/exec_pty.c:1248 -#: src/exec_pty.c:1255 src/exec_pty.c:1262 src/exec_pty.c:1269 -#: src/exec_pty.c:1276 src/exec_pty.c:1283 src/exec_pty.c:1290 -#: src/exec_pty.c:1298 src/exec_pty.c:1740 src/load_plugins.c:52 -#: src/load_plugins.c:65 src/load_plugins.c:163 src/load_plugins.c:188 -#: src/load_plugins.c:223 src/load_plugins.c:463 src/load_plugins.c:469 -#: src/parse_args.c:181 src/parse_args.c:202 src/parse_args.c:275 -#: src/parse_args.c:616 src/parse_args.c:638 src/parse_args.c:663 -#: src/preserve_fds.c:46 src/preserve_fds.c:131 src/selinux.c:90 -#: src/selinux.c:360 src/selinux.c:489 src/selinux.c:498 src/sesh.c:115 -#: src/sudo.c:632 src/sudo.c:701 src/sudo.c:711 src/sudo.c:732 src/sudo.c:751 -#: src/sudo.c:760 src/sudo.c:769 src/sudo.c:786 src/sudo.c:828 src/sudo.c:838 -#: src/sudo.c:867 src/sudo.c:1053 src/sudo.c:1075 src/sudo.c:1373 -#: src/sudo.c:1546 src/sudo.c:1740 src/sudo.c:2084 src/sudo_edit.c:263 -#: src/sudo_edit.c:770 src/sudo_edit.c:854 src/sudo_edit.c:976 -#: src/sudo_edit.c:996 +#: lib/util/json.c:54 lib/util/json.c:183 lib/util/sudo_conf.c:218 +#: lib/util/sudo_conf.c:304 lib/util/sudo_conf.c:381 lib/util/sudo_conf.c:665 +#: src/conversation.c:80 src/exec_monitor.c:206 src/exec_monitor.c:456 +#: src/exec_monitor.c:462 src/exec_monitor.c:470 src/exec_monitor.c:478 +#: src/exec_monitor.c:485 src/exec_monitor.c:492 src/exec_monitor.c:499 +#: src/exec_monitor.c:506 src/exec_monitor.c:513 src/exec_monitor.c:520 +#: src/exec_monitor.c:527 src/exec_nopty.c:219 src/exec_nopty.c:228 +#: src/exec_nopty.c:235 src/exec_nopty.c:242 src/exec_nopty.c:249 +#: src/exec_nopty.c:256 src/exec_nopty.c:263 src/exec_nopty.c:270 +#: src/exec_nopty.c:277 src/exec_nopty.c:284 src/exec_nopty.c:291 +#: src/exec_nopty.c:298 src/exec_nopty.c:306 src/exec_nopty.c:503 +#: src/exec_preload.c:143 src/exec_preload.c:204 src/exec_pty.c:840 +#: src/exec_pty.c:849 src/exec_pty.c:906 src/exec_pty.c:1059 +#: src/exec_pty.c:1231 src/exec_pty.c:1240 src/exec_pty.c:1247 +#: src/exec_pty.c:1254 src/exec_pty.c:1261 src/exec_pty.c:1268 +#: src/exec_pty.c:1275 src/exec_pty.c:1282 src/exec_pty.c:1289 +#: src/exec_pty.c:1296 src/exec_pty.c:1303 src/exec_pty.c:1311 +#: src/exec_pty.c:1774 src/load_plugins.c:156 src/load_plugins.c:181 +#: src/load_plugins.c:217 src/load_plugins.c:449 src/load_plugins.c:455 +#: src/parse_args.c:190 src/parse_args.c:211 src/parse_args.c:285 +#: src/parse_args.c:630 src/parse_args.c:652 src/parse_args.c:677 +#: src/preserve_fds.c:46 src/preserve_fds.c:131 src/selinux.c:89 +#: src/selinux.c:369 src/selinux.c:489 src/selinux.c:498 src/sesh.c:113 +#: src/sesh.c:146 src/sesh.c:152 src/sesh.c:159 src/sesh.c:165 src/sesh.c:410 +#: src/sudo.c:636 src/sudo.c:706 src/sudo.c:716 src/sudo.c:741 src/sudo.c:764 +#: src/sudo.c:773 src/sudo.c:782 src/sudo.c:799 src/sudo.c:849 src/sudo.c:859 +#: src/sudo.c:888 src/sudo.c:1087 src/sudo.c:1108 src/sudo.c:1401 +#: src/sudo.c:1570 src/sudo.c:1797 src/sudo.c:2131 src/sudo_edit.c:89 +#: src/sudo_edit.c:149 src/sudo_edit.c:429 src/sudo_edit.c:438 +#: src/sudo_edit.c:539 src/sudo_edit.c:546 src/sudo_edit.c:677 +#: src/sudo_edit.c:697 src/sudo_intercept_common.c:113 +#: src/sudo_intercept_common.c:317 #, c-format msgid "%s: %s" msgstr "%s: %s" #: lib/util/aix.c:272 lib/util/gidlist.c:66 lib/util/json.c:55 -#: lib/util/json.c:181 lib/util/sudo_conf.c:187 lib/util/sudo_conf.c:272 -#: lib/util/sudo_conf.c:349 lib/util/sudo_conf.c:575 src/conversation.c:81 -#: src/exec_common.c:106 src/exec_common.c:123 src/exec_common.c:132 -#: src/exec_monitor.c:455 src/exec_monitor.c:461 src/exec_monitor.c:469 -#: src/exec_monitor.c:477 src/exec_monitor.c:484 src/exec_monitor.c:491 -#: src/exec_monitor.c:498 src/exec_monitor.c:505 src/exec_monitor.c:512 -#: src/exec_monitor.c:519 src/exec_monitor.c:526 src/exec_nopty.c:212 -#: src/exec_nopty.c:221 src/exec_nopty.c:228 src/exec_nopty.c:235 -#: src/exec_nopty.c:242 src/exec_nopty.c:249 src/exec_nopty.c:256 -#: src/exec_nopty.c:263 src/exec_nopty.c:270 src/exec_nopty.c:277 -#: src/exec_nopty.c:284 src/exec_nopty.c:291 src/exec_nopty.c:299 -#: src/exec_pty.c:827 src/exec_pty.c:836 src/exec_pty.c:893 -#: src/exec_pty.c:1218 src/exec_pty.c:1227 src/exec_pty.c:1234 -#: src/exec_pty.c:1241 src/exec_pty.c:1248 src/exec_pty.c:1255 -#: src/exec_pty.c:1262 src/exec_pty.c:1269 src/exec_pty.c:1276 -#: src/exec_pty.c:1283 src/exec_pty.c:1290 src/exec_pty.c:1298 -#: src/exec_pty.c:1740 src/load_plugins.c:163 src/load_plugins.c:188 -#: src/load_plugins.c:223 src/load_plugins.c:463 src/load_plugins.c:469 -#: src/parse_args.c:181 src/parse_args.c:203 src/parse_args.c:275 -#: src/parse_args.c:616 src/parse_args.c:638 src/parse_args.c:663 -#: src/preserve_fds.c:46 src/preserve_fds.c:131 src/selinux.c:90 -#: src/selinux.c:360 src/selinux.c:489 src/selinux.c:498 src/sesh.c:115 -#: src/sudo.c:235 src/sudo.c:632 src/sudo.c:867 src/sudo.c:1053 -#: src/sudo.c:1075 src/sudo.c:1373 src/sudo.c:1546 src/sudo.c:1740 -#: src/sudo.c:2084 src/sudo_edit.c:263 src/sudo_edit.c:770 src/sudo_edit.c:854 -#: src/sudo_edit.c:976 src/sudo_edit.c:996 +#: lib/util/json.c:184 lib/util/sudo_conf.c:219 lib/util/sudo_conf.c:304 +#: lib/util/sudo_conf.c:381 lib/util/sudo_conf.c:665 src/conversation.c:81 +#: src/exec_intercept.c:100 src/exec_intercept.c:330 src/exec_intercept.c:354 +#: src/exec_intercept.c:377 src/exec_intercept.c:385 src/exec_intercept.c:410 +#: src/exec_intercept.c:416 src/exec_intercept.c:425 src/exec_intercept.c:431 +#: src/exec_intercept.c:565 src/exec_intercept.c:706 src/exec_monitor.c:456 +#: src/exec_monitor.c:462 src/exec_monitor.c:470 src/exec_monitor.c:478 +#: src/exec_monitor.c:485 src/exec_monitor.c:492 src/exec_monitor.c:499 +#: src/exec_monitor.c:506 src/exec_monitor.c:513 src/exec_monitor.c:520 +#: src/exec_monitor.c:527 src/exec_nopty.c:219 src/exec_nopty.c:228 +#: src/exec_nopty.c:235 src/exec_nopty.c:242 src/exec_nopty.c:249 +#: src/exec_nopty.c:256 src/exec_nopty.c:263 src/exec_nopty.c:270 +#: src/exec_nopty.c:277 src/exec_nopty.c:284 src/exec_nopty.c:291 +#: src/exec_nopty.c:298 src/exec_nopty.c:306 src/exec_preload.c:143 +#: src/exec_preload.c:204 src/exec_pty.c:840 src/exec_pty.c:849 +#: src/exec_pty.c:906 src/exec_pty.c:1231 src/exec_pty.c:1240 +#: src/exec_pty.c:1247 src/exec_pty.c:1254 src/exec_pty.c:1261 +#: src/exec_pty.c:1268 src/exec_pty.c:1275 src/exec_pty.c:1282 +#: src/exec_pty.c:1289 src/exec_pty.c:1296 src/exec_pty.c:1303 +#: src/exec_pty.c:1311 src/exec_pty.c:1774 src/load_plugins.c:156 +#: src/load_plugins.c:181 src/load_plugins.c:217 src/load_plugins.c:449 +#: src/load_plugins.c:455 src/parse_args.c:190 src/parse_args.c:212 +#: src/parse_args.c:285 src/parse_args.c:630 src/parse_args.c:652 +#: src/parse_args.c:677 src/preserve_fds.c:46 src/preserve_fds.c:131 +#: src/selinux.c:89 src/selinux.c:369 src/selinux.c:489 src/selinux.c:498 +#: src/sesh.c:113 src/sesh.c:411 src/sudo.c:227 src/sudo.c:636 src/sudo.c:888 +#: src/sudo.c:1087 src/sudo.c:1108 src/sudo.c:1401 src/sudo.c:1570 +#: src/sudo.c:1797 src/sudo.c:2131 src/sudo_edit.c:89 src/sudo_edit.c:149 +#: src/sudo_edit.c:429 src/sudo_edit.c:438 src/sudo_edit.c:539 +#: src/sudo_edit.c:546 src/sudo_edit.c:677 src/sudo_edit.c:697 +#: src/sudo_intercept_common.c:113 src/sudo_intercept_common.c:317 msgid "unable to allocate memory" msgstr "muistin varaaminen epäonnistui" -#: lib/util/mkdir_parents.c:69 lib/util/sudo_conf.c:614 src/selinux.c:234 -#: src/selinux.c:264 src/sudo.c:369 +#: lib/util/mkdir_parents.c:68 lib/util/sudo_conf.c:704 src/selinux.c:235 +#: src/selinux.c:265 src/sudo.c:368 src/sudo_edit.c:494 src/sudo_edit.c:559 #, c-format msgid "unable to open %s" msgstr "%s: avaaminen epäonnistui" -#: lib/util/mkdir_parents.c:84 +#: lib/util/mkdir_parents.c:83 #, c-format msgid "unable to mkdir %s" msgstr "käskyn mkdir %s suorittaminen epäonnistui" -#: lib/util/mkdir_parents.c:93 lib/util/sudo_conf.c:591 +#: lib/util/mkdir_parents.c:92 lib/util/sudo_conf.c:681 src/copy_file.c:150 #, c-format msgid "unable to stat %s" msgstr "stat-kutsu epäonnistui tiedostolle %s" -#: lib/util/mkdir_parents.c:98 +#: lib/util/mkdir_parents.c:97 #, c-format msgid "%s exists but is not a directory (0%o)" msgstr "%s on olemassa, mutta ei ole hakemisto (0%o)" @@ -124,7 +131,7 @@ msgstr "Tuntematon signaali" #: lib/util/strtoid.c:87 lib/util/strtomode.c:52 lib/util/strtonum.c:148 -#: lib/util/strtonum.c:187 +#: lib/util/strtonum.c:187 src/sesh.c:146 src/sesh.c:159 msgid "invalid value" msgstr "virheellinen arvo" @@ -136,112 +143,175 @@ msgid "value too small" msgstr "arvo on liian pieni" -#: lib/util/sudo_conf.c:205 +#: lib/util/sudo_conf.c:237 #, c-format msgid "invalid Path value \"%s\" in %s, line %u" msgstr "virheellinen Path-arvo ”%s” tiedostossa %s, rivillä %u" -#: lib/util/sudo_conf.c:371 lib/util/sudo_conf.c:387 lib/util/sudo_conf.c:440 +#: lib/util/sudo_conf.c:403 lib/util/sudo_conf.c:419 lib/util/sudo_conf.c:472 #, c-format msgid "invalid value for %s \"%s\" in %s, line %u" msgstr "virheellinen %s-arvo ”%s” tiedostossa %s, rivillä %u" -#: lib/util/sudo_conf.c:408 +#: lib/util/sudo_conf.c:440 #, c-format msgid "unsupported group source \"%s\" in %s, line %u" msgstr "tukematon ryhmälähde ”%s” tiedostossa %s, rivillä %u" -#: lib/util/sudo_conf.c:424 +#: lib/util/sudo_conf.c:456 #, c-format msgid "invalid max groups \"%s\" in %s, line %u" msgstr "virheellinen ryhmien enimmäismäärä ”%s” tiedostossa %s, rivillä %u" -#: lib/util/sudo_conf.c:594 +#: lib/util/sudo_conf.c:684 #, c-format msgid "%s is not a regular file" msgstr "%s ei ole tavallinen tiedosto" # ensimmäinen parametri on path -#: lib/util/sudo_conf.c:597 +#: lib/util/sudo_conf.c:687 src/copy_file.c:163 #, c-format msgid "%s is owned by uid %u, should be %u" msgstr "polun %s omistaa uid %u, tulisi olla %u" -#: lib/util/sudo_conf.c:601 +#: lib/util/sudo_conf.c:691 #, c-format msgid "%s is world writable" msgstr "%s on yleiskirjoitettava" -#: lib/util/sudo_conf.c:604 +#: lib/util/sudo_conf.c:694 #, c-format msgid "%s is group writable" msgstr "%s on ryhmäkirjoitettava" -#: src/copy_file.c:91 +#: src/copy_file.c:93 #, c-format msgid "%s: truncate %s to zero bytes? (y/n) [n] " msgstr "%s: katkaistaanko %s nollaan tavuun? (y/n) [n] " -#: src/copy_file.c:95 +#: src/copy_file.c:97 #, c-format msgid "not overwriting %s" msgstr "jätetään ylikirjoittamatta %s" -#: src/copy_file.c:117 +#: src/copy_file.c:119 #, c-format msgid "unable to read from %s" msgstr "tiedostosta %s lukeminen epäonnistui" -#: src/copy_file.c:134 src/sudo_edit.c:695 +#: src/copy_file.c:136 src/sudo_edit.c:320 #, c-format msgid "unable to write to %s" msgstr "tiedostoon %s kirjoittaminen epäonnistui" -#: src/exec.c:128 +#: src/copy_file.c:154 src/sesh.c:218 src/sudo_edit.c:197 +#, c-format +msgid "%s: not a regular file" +msgstr "%s: ei ole tavallinen tiedosto" + +#: src/copy_file.c:158 +#, c-format +msgid "%s: bad file mode: 0%o" +msgstr "%s: virheellinen tiedostotila: 0%o" + +#: src/edit_open.c:331 +msgid "unable to restore current working directory" +msgstr "nykyisen työhakemiston palauttaminen epäonnistui" + +#: src/exec.c:130 #, c-format msgid "unknown login class %s" msgstr "tuntematon kirjautumisluokka %s" -#: src/exec.c:140 +#: src/exec.c:142 msgid "unable to set user context" msgstr "käyttäjäkontekstin asettaminen epäonnistui" -#: src/exec.c:156 +#: src/exec.c:158 msgid "unable to set process priority" msgstr "prosessiprioriteetin asettaminen epäonnistui" -#: src/exec.c:170 +#: src/exec.c:175 #, c-format msgid "unable to change root to %s" msgstr "root-käyttäjän vaihtaminen käyttäjäksi %s epäonnistui" -#: src/exec.c:183 src/exec.c:189 src/exec.c:196 +#: src/exec.c:188 src/exec.c:194 src/exec.c:201 #, c-format msgid "unable to change to runas uid (%u, %u)" msgstr "vaihtaminen runas-uid:ksi (%u, %u) epäonnistui" -#: src/exec.c:214 +#: src/exec.c:219 #, c-format msgid "unable to change directory to %s" msgstr "vaihtaminen hakemistoksi %s epäonnistui" -#: src/exec.c:218 +#: src/exec.c:223 #, c-format msgid "starting from %s" msgstr "aloitetaan hakemistosta %s" -#: src/exec.c:300 src/exec_monitor.c:564 src/exec_monitor.c:566 -#: src/exec_nopty.c:531 src/exec_pty.c:568 src/exec_pty.c:1386 -#: src/exec_pty.c:1388 src/signal.c:139 src/signal.c:153 +#: src/exec.c:305 src/exec_monitor.c:565 src/exec_monitor.c:567 +#: src/exec_nopty.c:561 src/exec_pty.c:581 src/exec_pty.c:1411 +#: src/exec_pty.c:1413 src/signal.c:144 src/signal.c:151 src/signal.c:165 #, c-format msgid "unable to set handler for signal %d" msgstr "käsittelijän asettaminen signaalille %d epäonnistui" # Solaris privileges, remove PRIV_PROC_EXEC post-execve. -#: src/exec_common.c:165 +#: src/exec_common.c:56 msgid "unable to remove PRIV_PROC_EXEC from PRIV_LIMIT" msgstr "PRIV_PROC_EXEC-määreen poistaminen PRIV_LIMITiltä epäonnistui" +#: src/exec_intercept.c:112 src/exec_intercept.c:116 src/exec_intercept.c:667 +#: src/exec_intercept.c:671 src/exec_intercept.c:857 src/exec_intercept.c:861 +#: src/exec_intercept.c:872 src/exec_intercept.c:876 src/exec_monitor.c:464 +#: src/exec_monitor.c:472 src/exec_monitor.c:480 src/exec_monitor.c:487 +#: src/exec_monitor.c:494 src/exec_monitor.c:501 src/exec_monitor.c:508 +#: src/exec_monitor.c:515 src/exec_monitor.c:522 src/exec_monitor.c:529 +#: src/exec_nopty.c:221 src/exec_nopty.c:230 src/exec_nopty.c:237 +#: src/exec_nopty.c:244 src/exec_nopty.c:251 src/exec_nopty.c:258 +#: src/exec_nopty.c:265 src/exec_nopty.c:272 src/exec_nopty.c:279 +#: src/exec_nopty.c:286 src/exec_nopty.c:293 src/exec_nopty.c:300 +#: src/exec_nopty.c:308 src/exec_pty.c:706 src/exec_pty.c:711 +#: src/exec_pty.c:808 src/exec_pty.c:815 src/exec_pty.c:912 +#: src/exec_pty.c:1233 src/exec_pty.c:1242 src/exec_pty.c:1249 +#: src/exec_pty.c:1256 src/exec_pty.c:1263 src/exec_pty.c:1270 +#: src/exec_pty.c:1277 src/exec_pty.c:1284 src/exec_pty.c:1291 +#: src/exec_pty.c:1298 src/exec_pty.c:1305 src/exec_pty.c:1727 +#: src/exec_pty.c:1737 src/exec_pty.c:1782 src/exec_pty.c:1789 +#: src/exec_pty.c:1816 +msgid "unable to add event to queue" +msgstr "tapahtuman lisääminen jonoon epäonnistui" + +#: src/exec_intercept.c:314 +msgid "invalid PolicyCheckRequest" +msgstr "virheellinen PolicyCheckRequest" + +#: src/exec_intercept.c:362 src/sudo.c:1213 src/sudo.c:1258 src/sudo.c:1302 +msgid "command rejected by policy" +msgstr "käytäntö hylkäsi komennon" + +#: src/exec_intercept.c:455 src/sudo.c:1218 src/sudo.c:1263 src/sudo.c:1307 +#: src/sudo.c:1381 +msgid "policy plugin error" +msgstr "käytäntölisäosan virhe" + +#: src/exec_intercept.c:561 +#, c-format +msgid "client request too large: %zu" +msgstr "asiakaspyyntö on liian suuri: %zu" + +#: src/exec_intercept.c:659 +#, c-format +msgid "unexpected type_case value %d in %s from %s" +msgstr "odottamaton type_case-arvo %d (%s) kirjastosta %s" + +#: src/exec_intercept.c:694 +#, c-format +msgid "server message too large: %zu" +msgstr "palvelinsanoma on liian suuri: %zu" + #: src/exec_monitor.c:360 msgid "error reading from socketpair" msgstr "virhe luettaessa sokettiparista" @@ -251,206 +321,183 @@ msgid "unexpected reply type on backchannel: %d" msgstr "odottamaton vastaustyyppi paluukanavalla: %d" -#: src/exec_monitor.c:463 src/exec_monitor.c:471 src/exec_monitor.c:479 -#: src/exec_monitor.c:486 src/exec_monitor.c:493 src/exec_monitor.c:500 -#: src/exec_monitor.c:507 src/exec_monitor.c:514 src/exec_monitor.c:521 -#: src/exec_monitor.c:528 src/exec_nopty.c:214 src/exec_nopty.c:223 -#: src/exec_nopty.c:230 src/exec_nopty.c:237 src/exec_nopty.c:244 -#: src/exec_nopty.c:251 src/exec_nopty.c:258 src/exec_nopty.c:265 -#: src/exec_nopty.c:272 src/exec_nopty.c:279 src/exec_nopty.c:286 -#: src/exec_nopty.c:293 src/exec_nopty.c:301 src/exec_pty.c:693 -#: src/exec_pty.c:698 src/exec_pty.c:795 src/exec_pty.c:802 src/exec_pty.c:899 -#: src/exec_pty.c:1220 src/exec_pty.c:1229 src/exec_pty.c:1236 -#: src/exec_pty.c:1243 src/exec_pty.c:1250 src/exec_pty.c:1257 -#: src/exec_pty.c:1264 src/exec_pty.c:1271 src/exec_pty.c:1278 -#: src/exec_pty.c:1285 src/exec_pty.c:1292 src/exec_pty.c:1693 -#: src/exec_pty.c:1703 src/exec_pty.c:1748 src/exec_pty.c:1755 -#: src/exec_pty.c:1782 -msgid "unable to add event to queue" -msgstr "tapahtuman lisääminen jonoon epäonnistui" - # Istunnolla voi olla ohjaava tty. Istunnon yksi prosessiryhmä voi olla edustaprosessiryhmä ja toimia siten ohjaavana tty:nä, joka vastaanottaa tty-syötteen ja -signaalit. -#: src/exec_monitor.c:582 +#: src/exec_monitor.c:583 msgid "unable to set controlling tty" msgstr "ohjaavan tty:n asettaminen epäonnistui" -#: src/exec_monitor.c:590 src/exec_nopty.c:358 src/exec_pty.c:1465 -#: src/exec_pty.c:1486 src/exec_pty.c:1506 src/tgetpass.c:306 +#: src/exec_monitor.c:591 src/exec_nopty.c:369 src/exec_pty.c:1490 +#: src/exec_pty.c:1511 src/exec_pty.c:1531 src/tgetpass.c:307 msgid "unable to create pipe" msgstr "putken luominen epäonnistui" -#: src/exec_monitor.c:598 +#: src/exec_monitor.c:601 msgid "unable to receive message from parent" msgstr "viestin vastaanotto vanhemmalta epäonnistui" -#: src/exec_monitor.c:612 src/exec_nopty.c:387 src/exec_pty.c:1544 -#: src/sudo_edit.c:735 src/tgetpass.c:310 +#: src/exec_monitor.c:617 src/exec_nopty.c:407 src/exec_pty.c:1569 +#: src/sudo_edit.c:361 src/tgetpass.c:311 msgid "unable to fork" msgstr "fork-kutsu epäonnistui" -#: src/exec_monitor.c:616 src/exec_monitor.c:715 src/exec_nopty.c:441 +#: src/exec_monitor.c:621 src/exec_monitor.c:722 src/exec_nopty.c:471 msgid "unable to restore tty label" msgstr "tty-nimiön palauttaminen epäonnistui" -#: src/exec_monitor.c:632 src/sesh.c:125 src/sudo.c:1131 +#: src/exec_monitor.c:637 src/sesh.c:123 src/sudo.c:1164 #, c-format msgid "unable to execute %s" msgstr "%s: suorittaminen epäonnistui" -#: src/exec_nopty.c:352 src/exec_pty.c:1395 +#: src/exec_nopty.c:363 src/exec_pty.c:1420 msgid "policy plugin failed session initialization" msgstr "käytäntölisäosa epäonnistui istunnon alustamisessa" -#: src/exec_nopty.c:429 src/exec_pty.c:1632 +#: src/exec_nopty.c:377 src/exec_pty.c:1391 src/exec_pty.c:1399 +msgid "unable to create sockets" +msgstr "sokettien luominen epäonnistui" + +#: src/exec_nopty.c:459 src/exec_pty.c:1666 msgid "error in event loop" msgstr "virhe tapahtumasilmukassa" -#: src/exec_nopty.c:539 src/exec_pty.c:606 src/signal.c:101 +#: src/exec_nopty.c:569 src/exec_pty.c:619 src/signal.c:101 #, c-format msgid "unable to restore handler for signal %d" msgstr "käsittelijän palauttaminen signaalille %d epäonnistui" -#: src/exec_pty.c:152 +#: src/exec_pty.c:158 msgid "unable to allocate pty" msgstr "pty:n varaaminen epäonnistui" -#: src/exec_pty.c:216 src/exec_pty.c:255 src/exec_pty.c:294 src/exec_pty.c:344 -#: src/exec_pty.c:394 +#: src/exec_pty.c:222 src/exec_pty.c:262 src/exec_pty.c:302 src/exec_pty.c:353 +#: src/exec_pty.c:404 msgid "I/O plugin error" msgstr "siirräntälisäosan virhe" -#: src/exec_pty.c:219 src/exec_pty.c:258 src/exec_pty.c:297 src/exec_pty.c:347 -#: src/exec_pty.c:397 +#: src/exec_pty.c:226 src/exec_pty.c:266 src/exec_pty.c:306 src/exec_pty.c:357 +#: src/exec_pty.c:408 msgid "command rejected by I/O plugin" msgstr "siirräntälisäosa hylkäsi komennon" -#: src/exec_pty.c:444 +#: src/exec_pty.c:455 msgid "error logging suspend" msgstr "virhe suspend-toiminnon lokiin kirjaamisessa" -#: src/exec_pty.c:477 +#: src/exec_pty.c:489 msgid "error changing window size" msgstr "virhe ikkunan koon muuttamisessa" -#: src/exec_pty.c:1375 -msgid "unable to create sockets" -msgstr "sokettien luominen epäonnistui" - -#: src/exec_pty.c:1587 +#: src/exec_pty.c:1615 msgid "unable to send message to monitor process" msgstr "viestin lähettäminen prosessien valvomiseksi epäonnistui" -#: src/load_plugins.c:50 src/load_plugins.c:63 src/load_plugins.c:85 -#: src/load_plugins.c:115 src/load_plugins.c:129 src/load_plugins.c:135 -#: src/load_plugins.c:287 src/load_plugins.c:297 src/load_plugins.c:307 -#: src/load_plugins.c:354 +#: src/load_plugins.c:108 src/load_plugins.c:122 src/load_plugins.c:128 +#: src/load_plugins.c:277 src/load_plugins.c:287 src/load_plugins.c:297 +#: src/load_plugins.c:344 #, c-format msgid "error in %s, line %d while loading plugin \"%s\"" msgstr "virhe tiedostossa %s, rivillä %d alustettaessa lisäosaa ”%s”" -#: src/load_plugins.c:87 -#, c-format -msgid "%s%s: %s" -msgstr "%s%s: %s" - # ensimmäinen parametri on path -#: src/load_plugins.c:131 +#: src/load_plugins.c:124 #, c-format msgid "%s must be owned by uid %d" msgstr "polun %s omistajan on oltava uid %d" # parametri on path -#: src/load_plugins.c:137 +#: src/load_plugins.c:130 #, c-format msgid "%s must be only be writable by owner" msgstr "polun %s on oltava vain omistajan kirjoitettavissa" -#: src/load_plugins.c:247 src/load_plugins.c:322 +#: src/load_plugins.c:241 src/load_plugins.c:312 #, c-format msgid "ignoring duplicate plugin \"%s\" in %s, line %d" msgstr "ohitetaan lisäosan ”%s” kaksoiskappale tiedostossa %s, rivillä %d" -#: src/load_plugins.c:289 +#: src/load_plugins.c:279 #, c-format msgid "unable to load %s: %s" msgstr "%s: lataaminen epäonnistui: %s" -#: src/load_plugins.c:299 +#: src/load_plugins.c:289 #, c-format msgid "unable to find symbol \"%s\" in %s" msgstr "symbolia ”%s” ei löytynyt kohteesta %s" -#: src/load_plugins.c:309 +#: src/load_plugins.c:299 #, c-format msgid "incompatible plugin major version %d (expected %d) found in %s" msgstr "löydettiin yhteensopimaton lisäosan pääversio %d (odotettiin %d) kohteesta %s" -#: src/load_plugins.c:327 +#: src/load_plugins.c:317 #, c-format msgid "ignoring policy plugin \"%s\" in %s, line %d" msgstr "ohitetaan käytäntölisäosa ”%s” tiedostossa %s, rivillä %d" -#: src/load_plugins.c:330 +#: src/load_plugins.c:320 msgid "only a single policy plugin may be specified" msgstr "vain yksi käytäntölisäosa voidaan määritellä" -#: src/load_plugins.c:356 +#: src/load_plugins.c:346 #, c-format msgid "unknown plugin type %d found in %s" msgstr "tuntematon lisäosatyyppi %d löytyi kohteesta %s" -#: src/load_plugins.c:552 +#: src/load_plugins.c:529 #, c-format msgid "policy plugin %s does not include a check_policy method" msgstr "käytäntölisäosa %s ei sisällä check_policy-metodia" -#: src/net_ifs.c:178 src/net_ifs.c:195 src/net_ifs.c:340 src/sudo.c:479 +#: src/net_ifs.c:210 src/net_ifs.c:376 src/net_ifs.c:437 src/net_ifs.c:624 +#: src/net_ifs.c:855 src/sudo.c:483 src/sudo_edit.c:398 src/sudo_edit.c:406 #, c-format msgid "internal error, %s overflow" msgstr "sisäinen virhe, %s-ylivuoto" -#: src/parse_args.c:223 +#: src/parse_args.c:232 #, c-format msgid "invalid environment variable name: %s" msgstr "virheellinen ympäristömuuttujan nimi: %s" -#: src/parse_args.c:325 +#: src/parse_args.c:335 msgid "the argument to -C must be a number greater than or equal to 3" msgstr "argumentin valitsimelle -C on oltava vähintään 3" -#: src/parse_args.c:552 +#: src/parse_args.c:566 msgid "you may not specify both the -i and -s options" msgstr "valitsimia -i ja -s ei voi käyttää yhdessä" -#: src/parse_args.c:557 +#: src/parse_args.c:571 msgid "you may not specify both the -i and -E options" msgstr "valitsimia -i ja -E ei voi käyttää yhdessä" -#: src/parse_args.c:567 +#: src/parse_args.c:581 msgid "the -E option is not valid in edit mode" msgstr "valitsin -E ei kelpaa muokkaustilassa" -#: src/parse_args.c:570 +#: src/parse_args.c:584 msgid "you may not specify environment variables in edit mode" msgstr "ympäristömuuttujia ei voi määritellä muokkaustilassa" -#: src/parse_args.c:580 +#: src/parse_args.c:594 msgid "the -U option may only be used with the -l option" msgstr "valitsinta -U voi käyttää vain valitsimen -l kanssa" -#: src/parse_args.c:584 +#: src/parse_args.c:598 msgid "the -A and -S options may not be used together" msgstr "valitsimia -A ja -S ei voi käyttää yhdessä" -#: src/parse_args.c:677 +#: src/parse_args.c:691 msgid "sudoedit is not supported on this platform" msgstr "sudoedit ei ole tuettu tällä alustalla" -#: src/parse_args.c:759 +#: src/parse_args.c:774 msgid "Only one of the -e, -h, -i, -K, -l, -s, -v or -V options may be specified" msgstr "Vain yhtä valitsimista -e, -h, -i, -K, -l, -s, -v tai -V voidaan käyttää" -#: src/parse_args.c:773 +#: src/parse_args.c:790 #, c-format msgid "" "%s - edit files as another user\n" @@ -459,7 +506,7 @@ "%s - muokkaa tiedostoja toisena käyttäjänä\n" "\n" -#: src/parse_args.c:775 +#: src/parse_args.c:792 #, c-format msgid "" "%s - execute a command as another user\n" @@ -468,7 +515,7 @@ "%s - suorita komentoja toisena käyttäjänä\n" "\n" -#: src/parse_args.c:780 +#: src/parse_args.c:798 msgid "" "\n" "Options:\n" @@ -476,226 +523,216 @@ "\n" "Valitsimet:\n" -#: src/parse_args.c:782 +#: src/parse_args.c:800 msgid "use a helper program for password prompting" msgstr "käytä apuohjelmaa salasanakyselyyn" -#: src/parse_args.c:785 +#: src/parse_args.c:803 msgid "use specified BSD authentication type" msgstr "käytä määriteltyä BSD-todennustyyppiä" -#: src/parse_args.c:788 +#: src/parse_args.c:807 msgid "run command in the background" msgstr "suorita komento taustalla" -#: src/parse_args.c:790 +#: src/parse_args.c:810 msgid "ring bell when prompting" msgstr "soita kelloa kehotteissa" -#: src/parse_args.c:792 +#: src/parse_args.c:812 msgid "close all file descriptors >= num" msgstr "sulje kaikki tiedostokahvat >= num" -#: src/parse_args.c:795 +#: src/parse_args.c:815 msgid "run command with the specified BSD login class" msgstr "suorita komento määritellyllä BSD-kirjautumisluokalla" -#: src/parse_args.c:798 +#: src/parse_args.c:818 msgid "change the working directory before running command" msgstr "muuta työhakemisto ennen komennon suorittamista" -#: src/parse_args.c:800 +#: src/parse_args.c:821 msgid "preserve user environment when running command" msgstr "säilytä käyttäjäympäristö komentoa suoritettaessa" -#: src/parse_args.c:802 +#: src/parse_args.c:823 msgid "preserve specific environment variables" msgstr "säilytä tietyt ympäristömuuttujat" -#: src/parse_args.c:804 +#: src/parse_args.c:825 msgid "edit files instead of running a command" msgstr "muokkaa tiedostoja komennon suorittamisen sijasta" # tämä viittaa runas_group-määritelyyn -#: src/parse_args.c:806 +#: src/parse_args.c:828 msgid "run command as the specified group name or ID" msgstr "suorita komento määriteltynä ryhmänimenä tai -ID:nä" -#: src/parse_args.c:808 +#: src/parse_args.c:831 msgid "set HOME variable to target user's home dir" msgstr "aseta HOME-muuttuja osoittamaan kohdekäyttäjän kotihakemistoon" -#: src/parse_args.c:810 +#: src/parse_args.c:834 msgid "display help message and exit" msgstr "näytä opasteviesti ja poistu" -#: src/parse_args.c:812 +#: src/parse_args.c:836 msgid "run command on host (if supported by plugin)" msgstr "suorita komento etäkoneella (jos lisäosa tukee)" -#: src/parse_args.c:814 +#: src/parse_args.c:839 msgid "run login shell as the target user; a command may also be specified" msgstr "suorita kirjautumiskuori kohdekäyttäjänä; voidaan myös antaa komento" -#: src/parse_args.c:816 +#: src/parse_args.c:841 msgid "remove timestamp file completely" msgstr "poista aikaleimatiedosto kokonaan" -#: src/parse_args.c:818 +#: src/parse_args.c:844 msgid "invalidate timestamp file" msgstr "mitätöi aikaleimatiedosto" -#: src/parse_args.c:820 +#: src/parse_args.c:847 msgid "list user's privileges or check a specific command; use twice for longer format" msgstr "luettele käyttäjän käyttöoikeudet tai tarkasta tietty komento; kahdesti käyttämällä pidempi muoto" -#: src/parse_args.c:822 +#: src/parse_args.c:850 msgid "non-interactive mode, no prompts are used" msgstr "ei-vuorovaikutteinen tila, ei kehotteita" -#: src/parse_args.c:824 +#: src/parse_args.c:853 msgid "preserve group vector instead of setting to target's" msgstr "säilytä ryhmävektori kohteen vektorin asettamisen sijasta" -#: src/parse_args.c:826 +#: src/parse_args.c:856 msgid "use the specified password prompt" msgstr "käytä annettua salasanakehotetta" -#: src/parse_args.c:828 +#: src/parse_args.c:858 msgid "change the root directory before running command" msgstr "muuta juurihakemisto ennen komennon suorittamista" -#: src/parse_args.c:831 +#: src/parse_args.c:861 msgid "create SELinux security context with specified role" msgstr "luo SELinux-turvakonteksti määritellyllä roolilla" -#: src/parse_args.c:834 +#: src/parse_args.c:864 msgid "read password from standard input" msgstr "lue salasana vakiosyötteestä" -#: src/parse_args.c:836 +#: src/parse_args.c:867 msgid "run shell as the target user; a command may also be specified" msgstr "suorita kuori kohdekäyttäjänä; voidaan myös antaa komento" -#: src/parse_args.c:839 +#: src/parse_args.c:871 msgid "create SELinux security context with specified type" msgstr "luo SELinux-turvakonteksti määritellyllä roolilla" -#: src/parse_args.c:842 +#: src/parse_args.c:874 msgid "terminate command after the specified time limit" msgstr "päätä komento määrätyn aikarajan jälkeen" -#: src/parse_args.c:844 +#: src/parse_args.c:877 msgid "in list mode, display privileges for user" msgstr "näytä luettelotilassa käyttäjän oikeudet" -#: src/parse_args.c:846 +#: src/parse_args.c:880 msgid "run command (or edit file) as specified user name or ID" msgstr "suorita komento (tai muokkaa tiedostoa) määriteltynä käyttäjänimenä tai -ID:nä" -#: src/parse_args.c:848 +#: src/parse_args.c:882 msgid "display version information and exit" msgstr "näytä versiotiedot ja poistu" -#: src/parse_args.c:850 +#: src/parse_args.c:885 msgid "update user's timestamp without running a command" msgstr "päivitä käyttäjän aikaleima suorittamatta komentoa" -#: src/parse_args.c:852 +#: src/parse_args.c:888 msgid "stop processing command line arguments" msgstr "lopeta komentoriviargumenttien käsittely" -#: src/selinux.c:84 +#: src/selinux.c:83 msgid "unable to open audit system" msgstr "audit-järjestelmän avaaminen epäonnistui" -#: src/selinux.c:94 +#: src/selinux.c:93 msgid "unable to send audit message" msgstr "audit-viestin lähettäminen epäonnistui" -#: src/selinux.c:128 +#: src/selinux.c:129 #, c-format msgid "unable to fgetfilecon %s" msgstr "fgetfilecon %s -kutsu epäonnistui" -#: src/selinux.c:133 +#: src/selinux.c:134 #, c-format msgid "%s changed labels" msgstr "%s muutti nimiöitä" -#: src/selinux.c:141 +#: src/selinux.c:142 #, c-format msgid "unable to restore context for %s" msgstr "kontekstin palauttaminen kohteelle %s epäonnistui" -#: src/selinux.c:189 +#: src/selinux.c:190 #, c-format msgid "unable to open %s, not relabeling tty" msgstr "%s: avaaminen epäonnistui, ei uudelleennimiöidä tty:tä" -#: src/selinux.c:193 src/selinux.c:238 src/selinux.c:268 +#: src/selinux.c:194 src/selinux.c:239 src/selinux.c:269 #, c-format msgid "%s is not a character device, not relabeling tty" msgstr "%s ei ole merkkilaite, ei uudelleennimiöidä tty:tä" -#: src/selinux.c:202 +#: src/selinux.c:203 msgid "unable to get current tty context, not relabeling tty" msgstr "nykyisen tty-kontekstin noutaminen epäonnistui, ei uudelleennimiöidä tty:tä" -#: src/selinux.c:209 +#: src/selinux.c:210 msgid "unknown security class \"chr_file\", not relabeling tty" msgstr "tuntematon turvaluokka ”chr_file”, ei uudelleennimiöidä tty:tä" -#: src/selinux.c:214 +#: src/selinux.c:215 msgid "unable to get new tty context, not relabeling tty" msgstr "uuden tty-kontekstin noutaminen epäonnistui, ei uudelleennimiöidä tty:tä" -#: src/selinux.c:223 +#: src/selinux.c:224 msgid "unable to set new tty context" msgstr "uuden tty-kontekstin asettaminen epäonnistui" -#: src/selinux.c:321 -#, c-format -msgid "you must specify a role for type %s" -msgstr "%s-tyypille on määriteltävä rooli" - #: src/selinux.c:327 +msgid "failed to get new context" +msgstr "uuden kontekstin noutaminen epäonnistui" + +#: src/selinux.c:345 #, c-format msgid "unable to get default type for role %s" msgstr "oletustyypin hakeminen %s-roolille epäonnistui" -#: src/selinux.c:339 -msgid "failed to get new context" -msgstr "uuden kontekstin noutaminen epäonnistui" - -#: src/selinux.c:348 +#: src/selinux.c:357 #, c-format msgid "failed to set new role %s" msgstr "uuden roolin %s asettaminen epäonnistui" -#: src/selinux.c:352 +#: src/selinux.c:361 #, c-format msgid "failed to set new type %s" msgstr "uuden tyypin %s asettaminen epäonnistui" -#: src/selinux.c:364 +#: src/selinux.c:373 #, c-format msgid "%s is not a valid context" msgstr "%s ei ole kelvollinen konteksti" -#: src/selinux.c:396 +#: src/selinux.c:402 msgid "failed to get old context" msgstr "vanhan kontekstin noutaminen epäonnistui" -#: src/selinux.c:402 +#: src/selinux.c:408 msgid "unable to determine enforcing mode." msgstr "pakotustilan päättely epäonnistui." -#: src/selinux.c:419 -#, c-format -msgid "unable to set tty context to %s" -msgstr "tty-kontekstin asetus arvoon %s epäonnistui" - #: src/selinux.c:440 #, c-format msgid "unable to set exec context to %s" @@ -706,20 +743,40 @@ msgid "unable to set key creation context to %s" msgstr "avaimenluontikontekstin asetus arvoon %s epäonnistui" -#: src/sesh.c:77 +#: src/sesh.c:72 msgid "requires at least one argument" msgstr "vaatii vähintään yhden argumentin" -#: src/sesh.c:106 +#: src/sesh.c:104 #, c-format msgid "invalid file descriptor number: %s" msgstr "virheellinen tiedostokahvanumero: %s" -#: src/sesh.c:120 +#: src/sesh.c:118 #, c-format msgid "unable to run %s as a login shell" msgstr "yritys ajaa %s kirjautumiskuorena epäonnistui" +#: src/sesh.c:200 src/sesh.c:300 src/sudo_edit.c:204 +#, c-format +msgid "%s: editing symbolic links is not permitted" +msgstr "%s: symbolisten linkkien muokkaus ei ole sallittua" + +#: src/sesh.c:203 src/sesh.c:303 src/sudo_edit.c:207 +#, c-format +msgid "%s: editing files in a writable directory is not permitted" +msgstr "%s: tiedostojen muokkaus kirjoitettavassa hakemistossa ei ole sallittua" + +#: src/sesh.c:287 src/sesh.c:308 src/sesh.c:317 src/sesh.c:325 +#: src/sudo_edit.c:331 +#, c-format +msgid "contents of edit session left in %s" +msgstr "muokkausistunnon sisältö jätetty kohteeseen %s" + +#: src/sesh.c:416 src/sudo_edit.c:94 +msgid "unable to get group list" +msgstr "ryhmälistan noutaminen epäonnistui" + #: src/signal.c:79 #, c-format msgid "unable to save handler for signal %d" @@ -768,206 +825,201 @@ msgid "warning, resource control assignment failed for project \"%s\"" msgstr "varoitus, ”%s”-hankkeen resurssivalvontaosoitus epäonnistui" -#: src/sudo.c:220 +#: src/sudo.c:213 #, c-format msgid "Sudo version %s\n" msgstr "Sudo-versio %s\n" -#: src/sudo.c:222 +#: src/sudo.c:215 #, c-format msgid "Configure options: %s\n" msgstr "Asetusvalitsimet: %s\n" -#: src/sudo.c:231 +#: src/sudo.c:223 msgid "fatal error, unable to load plugins" msgstr "vakava virhe, lisäosien lataaminen epäonnistui" -#: src/sudo.c:277 +#: src/sudo.c:269 msgid "plugin did not return a command to execute" msgstr "lisäosa ei palauttanut suoritettavaa komentoa" -#: src/sudo.c:312 +#: src/sudo.c:302 #, c-format msgid "unexpected sudo mode 0x%x" msgstr "odottamaton sudo-tila 0x%x" -#: src/sudo.c:546 +#: src/sudo.c:550 #, c-format msgid "you do not exist in the %s database" msgstr "sinua ei ole olemassa %s-tietokannassa" -#: src/sudo.c:603 +#: src/sudo.c:607 msgid "unable to determine tty" msgstr "tty:n päätteleminen epäonnistui" # ensimmäinen parametri on path -#: src/sudo.c:913 +#: src/sudo.c:948 #, c-format msgid "%s must be owned by uid %d and have the setuid bit set" msgstr "polun %s omistajan on oltava uid %d ja setuid-bitin on oltava asetettu" -#: src/sudo.c:916 +#: src/sudo.c:951 #, c-format msgid "effective uid is not %d, is %s on a file system with the 'nosuid' option set or an NFS file system without root privileges?" msgstr "vallitseva käyttäjä-id ei ole %d, sijaitseeko %s ”nosuid”-valintaa käyttävällä tiedostojärjestelmällä, vai onko tämä NFS-tiedostojärjestelmä ilman root-käyttöoikeuksia?" -#: src/sudo.c:922 +#: src/sudo.c:957 #, c-format msgid "effective uid is not %d, is sudo installed setuid root?" msgstr "vallitseva käyttäjä-id ei ole %d, onko sudo asennettu setuid root -käyttöoikeuksilla?" -#: src/sudo.c:938 +#: src/sudo.c:973 src/tgetpass.c:333 msgid "unable to set supplementary group IDs" msgstr "täydentävien ryhmä-ID:iden asettaminen epäonnistui" # tämän ymmärrän niin, että käyttöjärjestelmäydin luo tiedoston ja antaa tälle tavallaan tilapäisen effective gid-tunnisteen, joka vaihdetaan suorittamisen yhteydessä prosessin omistajan suoritettavaksi ryhmätunnisteeksi. -#: src/sudo.c:945 +#: src/sudo.c:980 #, c-format msgid "unable to set effective gid to runas gid %u" msgstr "vallitsevan ryhmä-ID:n asettaminen runas-ryhmä-ID:ksi %u epäonnistui" -#: src/sudo.c:951 +#: src/sudo.c:986 #, c-format msgid "unable to set gid to runas gid %u" msgstr "ryhmä-ID:n asettaminen runas-ryhmä-ID:ksi %u epäonnistui" -#: src/sudo.c:994 +#: src/sudo.c:1029 #, c-format msgid "unexpected child termination condition: %d" msgstr "lapsiprosessin odottamaton päättymisehto: %d" -#: src/sudo.c:1103 +#: src/sudo.c:1136 msgid "unable to initialize policy plugin" msgstr "käytäntölisäosan alustaminen epäonnistui" -#: src/sudo.c:1166 +#: src/sudo.c:1198 #, c-format msgid "policy plugin %s is missing the \"check_policy\" method" msgstr "käytäntölisäosalta %s puuttuu ”check_policy”-metodi" -#: src/sudo.c:1181 src/sudo.c:1234 src/sudo.c:1278 -msgid "command rejected by policy" -msgstr "käytäntö hylkäsi komennon" - -#: src/sudo.c:1186 src/sudo.c:1239 src/sudo.c:1283 -msgid "policy plugin error" -msgstr "käytäntölisäosan virhe" - -#: src/sudo.c:1220 +#: src/sudo.c:1244 #, c-format msgid "policy plugin %s does not support listing privileges" msgstr "käytäntölisäosa %s ei tue käyttöoikeuksien luettelua" -#: src/sudo.c:1264 +#: src/sudo.c:1288 #, c-format msgid "policy plugin %s does not support the -v option" msgstr "käytäntölisäosa %s ei tue valitsinta -v" -#: src/sudo.c:1302 +#: src/sudo.c:1326 #, c-format msgid "policy plugin %s does not support the -k/-K options" msgstr "käytäntölisäosa %s ei tue valitsimia -k/-K" -#: src/sudo.c:1431 +#: src/sudo.c:1455 #, c-format msgid "error initializing I/O plugin %s" msgstr "virhe alustettaessa siirräntälisäosaa %s" -#: src/sudo.c:1585 +#: src/sudo.c:1458 +msgid "error initializing I/O plugin" +msgstr "virhe alustettaessa siirräntälisäosaa" + +#: src/sudo.c:1607 #, c-format msgid "error initializing audit plugin %s" msgstr "audit-lisäosan %s alustaminen epäonnistui" -#: src/sudo.c:1763 +#: src/sudo.c:1686 +#, c-format +msgid "%s: unable to log error event%s%s" +msgstr "%s: virhetapahtuman kirjaaminen lokiin epäonnistui%s%s" + +#: src/sudo.c:1722 +#, c-format +msgid "%s: unable to log accept event%s%s" +msgstr "%s: hyväksyntätapahtuman kirjaaminen lokiin epäonnistui%s%s" + +#: src/sudo.c:1727 src/sudo.c:1765 +msgid "audit plugin error" +msgstr "audit-lisäosan virhe" + +#: src/sudo.c:1760 +#, c-format +msgid "%s: unable to log reject event%s%s" +msgstr "%s: hylkäystapahtuman kirjaaminen lokiin epäonnistui%s%s" + +#: src/sudo.c:1820 #, c-format msgid "error initializing approval plugin %s" msgstr "hyväksyntälisäosan %s alustaminen epäonnistui" -#: src/sudo.c:1839 +#: src/sudo.c:1890 msgid "command rejected by approver" msgstr "hyväksyjä hylkäsi komennon" -#: src/sudo.c:1848 +#: src/sudo.c:1900 msgid "approval plugin error" msgstr "hyväksyntälisäosan virhe" # parametrina on CWD- eli Change Working Directory- komennolla palautettava hakemisto -#: src/sudo_edit.c:226 +#: src/sudo_edit.c:113 msgid "no writable temporary directory found" msgstr "kirjoitettavaa väliaikaishakemistoa ei löytynyt" -#: src/sudo_edit.c:351 -msgid "unable to restore current working directory" -msgstr "nykyisen työhakemiston palauttaminen epäonnistui" - -#: src/sudo_edit.c:566 src/sudo_edit.c:666 -#, c-format -msgid "%s: not a regular file" -msgstr "%s: ei ole tavallinen tiedosto" - -#: src/sudo_edit.c:573 -#, c-format -msgid "%s: editing symbolic links is not permitted" -msgstr "%s: symbolisten linkkien muokkaus ei ole sallittua" - -#: src/sudo_edit.c:576 -#, c-format -msgid "%s: editing files in a writable directory is not permitted" -msgstr "%s: tiedostojen muokkaus kirjoitettavassa hakemistossa ei ole sallittua" - -#: src/sudo_edit.c:667 +#: src/sudo_edit.c:291 #, c-format msgid "%s left unmodified" msgstr "%s jätetty muuttamattomaksi" -#: src/sudo_edit.c:680 src/sudo_edit.c:871 +#: src/sudo_edit.c:304 src/sudo_edit.c:571 #, c-format msgid "%s unchanged" msgstr "%s muuttamaton" -#: src/sudo_edit.c:706 src/sudo_edit.c:909 -#, c-format -msgid "contents of edit session left in %s" -msgstr "muokkausistunnon sisältö jätetty kohteeseen %s" - -#: src/sudo_edit.c:814 +#: src/sudo_edit.c:481 msgid "sesh: internal error: odd number of paths" msgstr "sesh: sisäinen virhe: polkujen pariton määrä" -#: src/sudo_edit.c:816 +#: src/sudo_edit.c:483 msgid "sesh: unable to create temporary files" msgstr "sesh: väliaikaistiedostojen luominen epäonnistui" -#: src/sudo_edit.c:818 src/sudo_edit.c:902 +#: src/sudo_edit.c:485 src/sudo_edit.c:609 msgid "sesh: killed by a signal" msgstr "sesh: signaali tappoi" -#: src/sudo_edit.c:820 src/sudo_edit.c:905 +#: src/sudo_edit.c:487 src/sudo_edit.c:612 #, c-format msgid "sesh: unknown error %d" msgstr "sesh: tuntematon virhe %d" -#: src/sudo_edit.c:895 +#: src/sudo_edit.c:602 msgid "unable to copy temporary files back to their original location" msgstr "väliaikaistiedostojen kopioiminen takaisin niiden alkuperäiseen sijaintiin epäonnistui" -#: src/sudo_edit.c:899 +#: src/sudo_edit.c:606 msgid "unable to copy some of the temporary files back to their original location" msgstr "joidenkin väliaikaistiedostojen kopioiminen takaisin niiden alkuperäiseen sijaintiin epäonnistui" -#: src/sudo_edit.c:943 +#: src/sudo_edit.c:649 #, c-format msgid "unable to change uid to root (%u)" msgstr "käyttäjä-ID:n vaihtaminen rootiksi (%u) epäonnistui" -#: src/sudo_edit.c:960 +#: src/sudo_edit.c:670 msgid "plugin error: missing file list for sudoedit" msgstr "lisäosavirhe: puuttuu sudoedit-tiedostoluettelo" -#: src/sudo_edit.c:1011 src/sudo_edit.c:1024 +#: src/sudo_edit.c:713 src/sudo_edit.c:727 msgid "unable to read the clock" msgstr "kellon lukeminen epäonnistui" +#: src/sudo_intercept_common.c:341 +msgid "intercept port not set" +msgstr "sieppausporttia ei ole asetettu" + #: src/tgetpass.c:95 msgid "timed out reading password" msgstr "aikakatkaisu salasanaa luettaessa" @@ -988,33 +1040,51 @@ msgid "no askpass program specified, try setting SUDO_ASKPASS" msgstr "salasanakyselin on määrittelemättä, yritä asettaa SUDO_ASKPASS" -#: src/tgetpass.c:327 +#: src/tgetpass.c:328 #, c-format msgid "unable to set gid to %u" msgstr "ryhmä-ID:n asettaminen arvoon %u epäonnistui" -#: src/tgetpass.c:331 +#: src/tgetpass.c:338 #, c-format msgid "unable to set uid to %u" msgstr "käyttäjä-ID:n asettaminen arvoon %u epäonnistui" -#: src/tgetpass.c:336 +#: src/tgetpass.c:343 #, c-format msgid "unable to run %s" msgstr "salasanakyselimen %s suorittaminen epäonnistui" -#: src/utmp.c:287 +#: src/utmp.c:288 msgid "unable to save stdin" msgstr "vakiosyötteeseen tallentaminen epäonnistui" -#: src/utmp.c:289 +#: src/utmp.c:290 msgid "unable to dup2 stdin" msgstr "dup2-kutsu vakiosyötteelle epäonnistui" -#: src/utmp.c:292 +#: src/utmp.c:293 msgid "unable to restore stdin" msgstr "vakiosyötteen palauttaminen epäonnistui" +#~ msgid "unable to dup intercept fd" +#~ msgstr "dup-kutsu siepatulle kahvalle epäonnistui" + +#~ msgid "%s: missing message header" +#~ msgstr "%s: puuttuva sanoman otsikko" + +#~ msgid "%s: expected message type %d, got %d" +#~ msgstr "%s: odotettu sanomatyyppi %d, saatiin %d" + +#~ msgid "you must specify a role for type %s" +#~ msgstr "%s-tyypille on määriteltävä rooli" + +#~ msgid "unable to set tty context to %s" +#~ msgstr "tty-kontekstin asetus arvoon %s epäonnistui" + +#~ msgid "%s%s: %s" +#~ msgstr "%s%s: %s" + #~ msgid "%s: short write" #~ msgstr "%s: vaillinainen kirjoitus" @@ -1024,9 +1094,6 @@ #~ msgid "ignoring duplicate policy plugin \"%s\" in %s, line %d" #~ msgstr "ohitetaan käytäntölisäosan ”%s” kaksoiskappale tiedostossa %s, rivillä %d" -#~ msgid "unable to get group vector" -#~ msgstr "ei kyetä hakemaan ryhmävektoria" - #~ msgid "unknown uid %u: who are you?" #~ msgstr "tuntematon uid-käyttäjätunniste %u: kuka olet?" Binary files /tmp/tmpi0rdlgnl/ugezXHF7Xt/sudo-1.9.5p2/po/fr.mo and /tmp/tmpi0rdlgnl/jboyaHmwzR/sudo-1.9.9/po/fr.mo differ diff -Nru sudo-1.9.5p2/po/fr.po sudo-1.9.9/po/fr.po --- sudo-1.9.5p2/po/fr.po 2020-12-17 01:33:44.000000000 +0000 +++ sudo-1.9.9/po/fr.po 2022-01-27 21:24:22.000000000 +0000 @@ -1,15 +1,15 @@ # Messages français pour sudo. -# Copyright (C) 2020 Free Software Foundation, Inc. +# Copyright (C) 2021 Free Software Foundation, Inc. # This file is put in the public domain. # Todd C. Miller , 2011-2013 -# Frédéric Marchal , 2020 +# Frédéric Marchal , 2021 # msgid "" msgstr "" -"Project-Id-Version: sudo 1.9.3b1\n" +"Project-Id-Version: sudo 1.9.9b1\n" "Report-Msgid-Bugs-To: https://bugzilla.sudo.ws\n" -"POT-Creation-Date: 2020-09-12 08:28-0600\n" -"PO-Revision-Date: 2020-09-20 13:35+0200\n" +"POT-Creation-Date: 2021-12-08 10:19-0700\n" +"PO-Revision-Date: 2021-12-11 08:55+0100\n" "Last-Translator: Frédéric Marchal \n" "Language-Team: French \n" "Language: fr\n" @@ -33,87 +33,94 @@ msgstr "impossible de rétablir le registre" #: lib/util/aix.c:272 lib/util/gidlist.c:66 lib/util/gidlist.c:76 -#: lib/util/json.c:54 lib/util/json.c:180 lib/util/sudo_conf.c:186 -#: lib/util/sudo_conf.c:272 lib/util/sudo_conf.c:349 lib/util/sudo_conf.c:575 -#: src/conversation.c:80 src/exec_common.c:106 src/exec_common.c:122 -#: src/exec_common.c:131 src/exec_monitor.c:206 src/exec_monitor.c:455 -#: src/exec_monitor.c:461 src/exec_monitor.c:469 src/exec_monitor.c:477 -#: src/exec_monitor.c:484 src/exec_monitor.c:491 src/exec_monitor.c:498 -#: src/exec_monitor.c:505 src/exec_monitor.c:512 src/exec_monitor.c:519 -#: src/exec_monitor.c:526 src/exec_nopty.c:212 src/exec_nopty.c:221 -#: src/exec_nopty.c:228 src/exec_nopty.c:235 src/exec_nopty.c:242 -#: src/exec_nopty.c:249 src/exec_nopty.c:256 src/exec_nopty.c:263 -#: src/exec_nopty.c:270 src/exec_nopty.c:277 src/exec_nopty.c:284 -#: src/exec_nopty.c:291 src/exec_nopty.c:299 src/exec_nopty.c:473 -#: src/exec_pty.c:827 src/exec_pty.c:836 src/exec_pty.c:893 -#: src/exec_pty.c:1046 src/exec_pty.c:1218 src/exec_pty.c:1227 -#: src/exec_pty.c:1234 src/exec_pty.c:1241 src/exec_pty.c:1248 -#: src/exec_pty.c:1255 src/exec_pty.c:1262 src/exec_pty.c:1269 -#: src/exec_pty.c:1276 src/exec_pty.c:1283 src/exec_pty.c:1290 -#: src/exec_pty.c:1298 src/exec_pty.c:1740 src/load_plugins.c:52 -#: src/load_plugins.c:65 src/load_plugins.c:163 src/load_plugins.c:188 -#: src/load_plugins.c:223 src/load_plugins.c:463 src/load_plugins.c:469 -#: src/parse_args.c:181 src/parse_args.c:202 src/parse_args.c:275 -#: src/parse_args.c:616 src/parse_args.c:638 src/parse_args.c:663 -#: src/preserve_fds.c:46 src/preserve_fds.c:131 src/selinux.c:90 -#: src/selinux.c:360 src/selinux.c:489 src/selinux.c:498 src/sesh.c:115 -#: src/sudo.c:632 src/sudo.c:701 src/sudo.c:711 src/sudo.c:732 src/sudo.c:751 -#: src/sudo.c:760 src/sudo.c:769 src/sudo.c:786 src/sudo.c:828 src/sudo.c:838 -#: src/sudo.c:867 src/sudo.c:1053 src/sudo.c:1075 src/sudo.c:1373 -#: src/sudo.c:1546 src/sudo.c:1740 src/sudo.c:2084 src/sudo_edit.c:263 -#: src/sudo_edit.c:770 src/sudo_edit.c:854 src/sudo_edit.c:976 -#: src/sudo_edit.c:996 +#: lib/util/json.c:54 lib/util/json.c:183 lib/util/sudo_conf.c:218 +#: lib/util/sudo_conf.c:304 lib/util/sudo_conf.c:381 lib/util/sudo_conf.c:665 +#: src/conversation.c:80 src/exec_monitor.c:206 src/exec_monitor.c:456 +#: src/exec_monitor.c:462 src/exec_monitor.c:470 src/exec_monitor.c:478 +#: src/exec_monitor.c:485 src/exec_monitor.c:492 src/exec_monitor.c:499 +#: src/exec_monitor.c:506 src/exec_monitor.c:513 src/exec_monitor.c:520 +#: src/exec_monitor.c:527 src/exec_nopty.c:219 src/exec_nopty.c:228 +#: src/exec_nopty.c:235 src/exec_nopty.c:242 src/exec_nopty.c:249 +#: src/exec_nopty.c:256 src/exec_nopty.c:263 src/exec_nopty.c:270 +#: src/exec_nopty.c:277 src/exec_nopty.c:284 src/exec_nopty.c:291 +#: src/exec_nopty.c:298 src/exec_nopty.c:306 src/exec_nopty.c:503 +#: src/exec_preload.c:143 src/exec_preload.c:204 src/exec_pty.c:840 +#: src/exec_pty.c:849 src/exec_pty.c:906 src/exec_pty.c:1059 +#: src/exec_pty.c:1231 src/exec_pty.c:1240 src/exec_pty.c:1247 +#: src/exec_pty.c:1254 src/exec_pty.c:1261 src/exec_pty.c:1268 +#: src/exec_pty.c:1275 src/exec_pty.c:1282 src/exec_pty.c:1289 +#: src/exec_pty.c:1296 src/exec_pty.c:1303 src/exec_pty.c:1311 +#: src/exec_pty.c:1774 src/load_plugins.c:156 src/load_plugins.c:181 +#: src/load_plugins.c:217 src/load_plugins.c:449 src/load_plugins.c:455 +#: src/parse_args.c:190 src/parse_args.c:211 src/parse_args.c:285 +#: src/parse_args.c:630 src/parse_args.c:652 src/parse_args.c:677 +#: src/preserve_fds.c:46 src/preserve_fds.c:131 src/selinux.c:89 +#: src/selinux.c:369 src/selinux.c:489 src/selinux.c:498 src/sesh.c:113 +#: src/sesh.c:146 src/sesh.c:152 src/sesh.c:159 src/sesh.c:165 src/sesh.c:410 +#: src/sudo.c:636 src/sudo.c:706 src/sudo.c:716 src/sudo.c:741 src/sudo.c:764 +#: src/sudo.c:773 src/sudo.c:782 src/sudo.c:799 src/sudo.c:849 src/sudo.c:859 +#: src/sudo.c:888 src/sudo.c:1087 src/sudo.c:1108 src/sudo.c:1401 +#: src/sudo.c:1570 src/sudo.c:1797 src/sudo.c:2131 src/sudo_edit.c:89 +#: src/sudo_edit.c:149 src/sudo_edit.c:429 src/sudo_edit.c:438 +#: src/sudo_edit.c:539 src/sudo_edit.c:546 src/sudo_edit.c:677 +#: src/sudo_edit.c:697 src/sudo_intercept_common.c:113 +#: src/sudo_intercept_common.c:317 #, c-format msgid "%s: %s" msgstr "%s: %s" #: lib/util/aix.c:272 lib/util/gidlist.c:66 lib/util/json.c:55 -#: lib/util/json.c:181 lib/util/sudo_conf.c:187 lib/util/sudo_conf.c:272 -#: lib/util/sudo_conf.c:349 lib/util/sudo_conf.c:575 src/conversation.c:81 -#: src/exec_common.c:106 src/exec_common.c:123 src/exec_common.c:132 -#: src/exec_monitor.c:455 src/exec_monitor.c:461 src/exec_monitor.c:469 -#: src/exec_monitor.c:477 src/exec_monitor.c:484 src/exec_monitor.c:491 -#: src/exec_monitor.c:498 src/exec_monitor.c:505 src/exec_monitor.c:512 -#: src/exec_monitor.c:519 src/exec_monitor.c:526 src/exec_nopty.c:212 -#: src/exec_nopty.c:221 src/exec_nopty.c:228 src/exec_nopty.c:235 -#: src/exec_nopty.c:242 src/exec_nopty.c:249 src/exec_nopty.c:256 -#: src/exec_nopty.c:263 src/exec_nopty.c:270 src/exec_nopty.c:277 -#: src/exec_nopty.c:284 src/exec_nopty.c:291 src/exec_nopty.c:299 -#: src/exec_pty.c:827 src/exec_pty.c:836 src/exec_pty.c:893 -#: src/exec_pty.c:1218 src/exec_pty.c:1227 src/exec_pty.c:1234 -#: src/exec_pty.c:1241 src/exec_pty.c:1248 src/exec_pty.c:1255 -#: src/exec_pty.c:1262 src/exec_pty.c:1269 src/exec_pty.c:1276 -#: src/exec_pty.c:1283 src/exec_pty.c:1290 src/exec_pty.c:1298 -#: src/exec_pty.c:1740 src/load_plugins.c:163 src/load_plugins.c:188 -#: src/load_plugins.c:223 src/load_plugins.c:463 src/load_plugins.c:469 -#: src/parse_args.c:181 src/parse_args.c:203 src/parse_args.c:275 -#: src/parse_args.c:616 src/parse_args.c:638 src/parse_args.c:663 -#: src/preserve_fds.c:46 src/preserve_fds.c:131 src/selinux.c:90 -#: src/selinux.c:360 src/selinux.c:489 src/selinux.c:498 src/sesh.c:115 -#: src/sudo.c:235 src/sudo.c:632 src/sudo.c:867 src/sudo.c:1053 -#: src/sudo.c:1075 src/sudo.c:1373 src/sudo.c:1546 src/sudo.c:1740 -#: src/sudo.c:2084 src/sudo_edit.c:263 src/sudo_edit.c:770 src/sudo_edit.c:854 -#: src/sudo_edit.c:976 src/sudo_edit.c:996 +#: lib/util/json.c:184 lib/util/sudo_conf.c:219 lib/util/sudo_conf.c:304 +#: lib/util/sudo_conf.c:381 lib/util/sudo_conf.c:665 src/conversation.c:81 +#: src/exec_intercept.c:100 src/exec_intercept.c:330 src/exec_intercept.c:354 +#: src/exec_intercept.c:377 src/exec_intercept.c:385 src/exec_intercept.c:410 +#: src/exec_intercept.c:416 src/exec_intercept.c:425 src/exec_intercept.c:431 +#: src/exec_intercept.c:565 src/exec_intercept.c:706 src/exec_monitor.c:456 +#: src/exec_monitor.c:462 src/exec_monitor.c:470 src/exec_monitor.c:478 +#: src/exec_monitor.c:485 src/exec_monitor.c:492 src/exec_monitor.c:499 +#: src/exec_monitor.c:506 src/exec_monitor.c:513 src/exec_monitor.c:520 +#: src/exec_monitor.c:527 src/exec_nopty.c:219 src/exec_nopty.c:228 +#: src/exec_nopty.c:235 src/exec_nopty.c:242 src/exec_nopty.c:249 +#: src/exec_nopty.c:256 src/exec_nopty.c:263 src/exec_nopty.c:270 +#: src/exec_nopty.c:277 src/exec_nopty.c:284 src/exec_nopty.c:291 +#: src/exec_nopty.c:298 src/exec_nopty.c:306 src/exec_preload.c:143 +#: src/exec_preload.c:204 src/exec_pty.c:840 src/exec_pty.c:849 +#: src/exec_pty.c:906 src/exec_pty.c:1231 src/exec_pty.c:1240 +#: src/exec_pty.c:1247 src/exec_pty.c:1254 src/exec_pty.c:1261 +#: src/exec_pty.c:1268 src/exec_pty.c:1275 src/exec_pty.c:1282 +#: src/exec_pty.c:1289 src/exec_pty.c:1296 src/exec_pty.c:1303 +#: src/exec_pty.c:1311 src/exec_pty.c:1774 src/load_plugins.c:156 +#: src/load_plugins.c:181 src/load_plugins.c:217 src/load_plugins.c:449 +#: src/load_plugins.c:455 src/parse_args.c:190 src/parse_args.c:212 +#: src/parse_args.c:285 src/parse_args.c:630 src/parse_args.c:652 +#: src/parse_args.c:677 src/preserve_fds.c:46 src/preserve_fds.c:131 +#: src/selinux.c:89 src/selinux.c:369 src/selinux.c:489 src/selinux.c:498 +#: src/sesh.c:113 src/sesh.c:411 src/sudo.c:227 src/sudo.c:636 src/sudo.c:888 +#: src/sudo.c:1087 src/sudo.c:1108 src/sudo.c:1401 src/sudo.c:1570 +#: src/sudo.c:1797 src/sudo.c:2131 src/sudo_edit.c:89 src/sudo_edit.c:149 +#: src/sudo_edit.c:429 src/sudo_edit.c:438 src/sudo_edit.c:539 +#: src/sudo_edit.c:546 src/sudo_edit.c:677 src/sudo_edit.c:697 +#: src/sudo_intercept_common.c:113 src/sudo_intercept_common.c:317 msgid "unable to allocate memory" msgstr "impossible d'allouer la mémoire" -#: lib/util/mkdir_parents.c:69 lib/util/sudo_conf.c:614 src/selinux.c:234 -#: src/selinux.c:264 src/sudo.c:369 +#: lib/util/mkdir_parents.c:68 lib/util/sudo_conf.c:704 src/selinux.c:235 +#: src/selinux.c:265 src/sudo.c:368 src/sudo_edit.c:494 src/sudo_edit.c:559 #, c-format msgid "unable to open %s" msgstr "impossible d'ouvrir %s" -#: lib/util/mkdir_parents.c:84 +#: lib/util/mkdir_parents.c:83 #, c-format msgid "unable to mkdir %s" msgstr "impossible d'exécuter mkdir %s" -#: lib/util/mkdir_parents.c:93 lib/util/sudo_conf.c:591 +#: lib/util/mkdir_parents.c:92 lib/util/sudo_conf.c:681 src/copy_file.c:150 #, c-format msgid "unable to stat %s" msgstr "impossible d'évaluer par stat() %s" -#: lib/util/mkdir_parents.c:98 +#: lib/util/mkdir_parents.c:97 #, c-format msgid "%s exists but is not a directory (0%o)" msgstr "%s existe mais il n'est pas un répertoire (0%o)" @@ -123,7 +130,7 @@ msgstr "Signal inconnu" #: lib/util/strtoid.c:87 lib/util/strtomode.c:52 lib/util/strtonum.c:148 -#: lib/util/strtonum.c:187 +#: lib/util/strtonum.c:187 src/sesh.c:146 src/sesh.c:159 msgid "invalid value" msgstr "valeur incorrecte" @@ -135,110 +142,173 @@ msgid "value too small" msgstr "valeur trop petite" -#: lib/util/sudo_conf.c:205 +#: lib/util/sudo_conf.c:237 #, c-format msgid "invalid Path value \"%s\" in %s, line %u" msgstr "valeur de chemin « %s » incorrecte dans %s, ligne %u" -#: lib/util/sudo_conf.c:371 lib/util/sudo_conf.c:387 lib/util/sudo_conf.c:440 +#: lib/util/sudo_conf.c:403 lib/util/sudo_conf.c:419 lib/util/sudo_conf.c:472 #, c-format msgid "invalid value for %s \"%s\" in %s, line %u" msgstr "valeur « %2$s » incorrecte pour %1$s dans %3$s, ligne %4$u" -#: lib/util/sudo_conf.c:408 +#: lib/util/sudo_conf.c:440 #, c-format msgid "unsupported group source \"%s\" in %s, line %u" msgstr "source de groupe « %s » non supportée dans %s, ligne %u" -#: lib/util/sudo_conf.c:424 +#: lib/util/sudo_conf.c:456 #, c-format msgid "invalid max groups \"%s\" in %s, line %u" msgstr "groupes max « %s » incorrects dans %s, ligne %u" -#: lib/util/sudo_conf.c:594 +#: lib/util/sudo_conf.c:684 #, c-format msgid "%s is not a regular file" msgstr "%s n'est pas un fichier régulier" -#: lib/util/sudo_conf.c:597 +#: lib/util/sudo_conf.c:687 src/copy_file.c:163 #, c-format msgid "%s is owned by uid %u, should be %u" msgstr "%s est la propriété du uid %u alors que ça devrait être %u" -#: lib/util/sudo_conf.c:601 +#: lib/util/sudo_conf.c:691 #, c-format msgid "%s is world writable" msgstr "%s peut être écrit par tout le monde" -#: lib/util/sudo_conf.c:604 +#: lib/util/sudo_conf.c:694 #, c-format msgid "%s is group writable" msgstr "%s peut être écrit par le groupe" -#: src/copy_file.c:91 +#: src/copy_file.c:93 #, c-format msgid "%s: truncate %s to zero bytes? (y/n) [n] " msgstr "%s: tronquer %s à zéro octets ? (y/n) [n] " -#: src/copy_file.c:95 +#: src/copy_file.c:97 #, c-format msgid "not overwriting %s" msgstr "n'écrase pas %s" -#: src/copy_file.c:117 +#: src/copy_file.c:119 #, c-format msgid "unable to read from %s" msgstr "impossible de lire depuis %s" -#: src/copy_file.c:134 src/sudo_edit.c:695 +#: src/copy_file.c:136 src/sudo_edit.c:320 #, c-format msgid "unable to write to %s" msgstr "impossible d'écrire dans %s" -#: src/exec.c:128 +#: src/copy_file.c:154 src/sesh.c:218 src/sudo_edit.c:197 +#, c-format +msgid "%s: not a regular file" +msgstr "%s: pas un fichier régulier" + +#: src/copy_file.c:158 +#, c-format +msgid "%s: bad file mode: 0%o" +msgstr "%s: mauvais mode de fichier : 0%o" + +#: src/edit_open.c:331 +msgid "unable to restore current working directory" +msgstr "impossible de rétablir le répertoire de travail actuel" + +#: src/exec.c:130 #, c-format msgid "unknown login class %s" msgstr "classe de login %s inconnue" -#: src/exec.c:140 +#: src/exec.c:142 msgid "unable to set user context" msgstr "impossible de changer le contexte utilisateur" -#: src/exec.c:156 +#: src/exec.c:158 msgid "unable to set process priority" msgstr "impossible de changer la priorité du processus" -#: src/exec.c:170 +#: src/exec.c:175 #, c-format msgid "unable to change root to %s" msgstr "impossible de changer root en %s" -#: src/exec.c:183 src/exec.c:189 src/exec.c:196 +#: src/exec.c:188 src/exec.c:194 src/exec.c:201 #, c-format msgid "unable to change to runas uid (%u, %u)" msgstr "impossible de changer vers runas uid (%u, %u)" -#: src/exec.c:214 +#: src/exec.c:219 #, c-format msgid "unable to change directory to %s" msgstr "impossible de changer le répertoire vers %s" -#: src/exec.c:218 +#: src/exec.c:223 #, c-format msgid "starting from %s" msgstr "au départ de %s" -#: src/exec.c:300 src/exec_monitor.c:564 src/exec_monitor.c:566 -#: src/exec_nopty.c:531 src/exec_pty.c:568 src/exec_pty.c:1386 -#: src/exec_pty.c:1388 src/signal.c:139 src/signal.c:153 +#: src/exec.c:305 src/exec_monitor.c:565 src/exec_monitor.c:567 +#: src/exec_nopty.c:561 src/exec_pty.c:581 src/exec_pty.c:1411 +#: src/exec_pty.c:1413 src/signal.c:144 src/signal.c:151 src/signal.c:165 #, c-format msgid "unable to set handler for signal %d" msgstr "impossible de spécifier le gestionnaire pour le signal %d" -#: src/exec_common.c:165 +#: src/exec_common.c:56 msgid "unable to remove PRIV_PROC_EXEC from PRIV_LIMIT" msgstr "impossible de supprimer PRIV_PROC_EXEC de PRIV_LIMIT" +#: src/exec_intercept.c:112 src/exec_intercept.c:116 src/exec_intercept.c:667 +#: src/exec_intercept.c:671 src/exec_intercept.c:857 src/exec_intercept.c:861 +#: src/exec_intercept.c:872 src/exec_intercept.c:876 src/exec_monitor.c:464 +#: src/exec_monitor.c:472 src/exec_monitor.c:480 src/exec_monitor.c:487 +#: src/exec_monitor.c:494 src/exec_monitor.c:501 src/exec_monitor.c:508 +#: src/exec_monitor.c:515 src/exec_monitor.c:522 src/exec_monitor.c:529 +#: src/exec_nopty.c:221 src/exec_nopty.c:230 src/exec_nopty.c:237 +#: src/exec_nopty.c:244 src/exec_nopty.c:251 src/exec_nopty.c:258 +#: src/exec_nopty.c:265 src/exec_nopty.c:272 src/exec_nopty.c:279 +#: src/exec_nopty.c:286 src/exec_nopty.c:293 src/exec_nopty.c:300 +#: src/exec_nopty.c:308 src/exec_pty.c:706 src/exec_pty.c:711 +#: src/exec_pty.c:808 src/exec_pty.c:815 src/exec_pty.c:912 +#: src/exec_pty.c:1233 src/exec_pty.c:1242 src/exec_pty.c:1249 +#: src/exec_pty.c:1256 src/exec_pty.c:1263 src/exec_pty.c:1270 +#: src/exec_pty.c:1277 src/exec_pty.c:1284 src/exec_pty.c:1291 +#: src/exec_pty.c:1298 src/exec_pty.c:1305 src/exec_pty.c:1727 +#: src/exec_pty.c:1737 src/exec_pty.c:1782 src/exec_pty.c:1789 +#: src/exec_pty.c:1816 +msgid "unable to add event to queue" +msgstr "impossible d'ajouter l'événement à la queue" + +#: src/exec_intercept.c:314 +msgid "invalid PolicyCheckRequest" +msgstr "PolicyCheckRequest invalide" + +#: src/exec_intercept.c:362 src/sudo.c:1213 src/sudo.c:1258 src/sudo.c:1302 +msgid "command rejected by policy" +msgstr "commande rejetée par la politique" + +#: src/exec_intercept.c:455 src/sudo.c:1218 src/sudo.c:1263 src/sudo.c:1307 +#: src/sudo.c:1381 +msgid "policy plugin error" +msgstr "erreur du greffon de politique" + +#: src/exec_intercept.c:561 +#, c-format +msgid "client request too large: %zu" +msgstr "demande client trop grand : %zu" + +#: src/exec_intercept.c:659 +#, c-format +msgid "unexpected type_case value %d in %s from %s" +msgstr "valeur %d inattendue pour type_case dans %s de %s" + +#: src/exec_intercept.c:694 +#, c-format +msgid "server message too large: %zu" +msgstr "message serveur trop grand : %zu" + #: src/exec_monitor.c:360 msgid "error reading from socketpair" msgstr "erreur de lecture sur la paire de sockets" @@ -248,203 +318,180 @@ msgid "unexpected reply type on backchannel: %d" msgstr "réponse inattendue sur le backchannel : %d" -#: src/exec_monitor.c:463 src/exec_monitor.c:471 src/exec_monitor.c:479 -#: src/exec_monitor.c:486 src/exec_monitor.c:493 src/exec_monitor.c:500 -#: src/exec_monitor.c:507 src/exec_monitor.c:514 src/exec_monitor.c:521 -#: src/exec_monitor.c:528 src/exec_nopty.c:214 src/exec_nopty.c:223 -#: src/exec_nopty.c:230 src/exec_nopty.c:237 src/exec_nopty.c:244 -#: src/exec_nopty.c:251 src/exec_nopty.c:258 src/exec_nopty.c:265 -#: src/exec_nopty.c:272 src/exec_nopty.c:279 src/exec_nopty.c:286 -#: src/exec_nopty.c:293 src/exec_nopty.c:301 src/exec_pty.c:693 -#: src/exec_pty.c:698 src/exec_pty.c:795 src/exec_pty.c:802 src/exec_pty.c:899 -#: src/exec_pty.c:1220 src/exec_pty.c:1229 src/exec_pty.c:1236 -#: src/exec_pty.c:1243 src/exec_pty.c:1250 src/exec_pty.c:1257 -#: src/exec_pty.c:1264 src/exec_pty.c:1271 src/exec_pty.c:1278 -#: src/exec_pty.c:1285 src/exec_pty.c:1292 src/exec_pty.c:1693 -#: src/exec_pty.c:1703 src/exec_pty.c:1748 src/exec_pty.c:1755 -#: src/exec_pty.c:1782 -msgid "unable to add event to queue" -msgstr "impossible d'ajouter l'événement à la queue" - -#: src/exec_monitor.c:582 +#: src/exec_monitor.c:583 msgid "unable to set controlling tty" msgstr "impossible de choisir le tty de contrôle" -#: src/exec_monitor.c:590 src/exec_nopty.c:358 src/exec_pty.c:1465 -#: src/exec_pty.c:1486 src/exec_pty.c:1506 src/tgetpass.c:306 +#: src/exec_monitor.c:591 src/exec_nopty.c:369 src/exec_pty.c:1490 +#: src/exec_pty.c:1511 src/exec_pty.c:1531 src/tgetpass.c:307 msgid "unable to create pipe" msgstr "impossible de créer le tube" -#: src/exec_monitor.c:598 +#: src/exec_monitor.c:601 msgid "unable to receive message from parent" msgstr "impossible de recevoir un message du parent" -#: src/exec_monitor.c:612 src/exec_nopty.c:387 src/exec_pty.c:1544 -#: src/sudo_edit.c:735 src/tgetpass.c:310 +#: src/exec_monitor.c:617 src/exec_nopty.c:407 src/exec_pty.c:1569 +#: src/sudo_edit.c:361 src/tgetpass.c:311 msgid "unable to fork" msgstr "erreur de fork" -#: src/exec_monitor.c:616 src/exec_monitor.c:715 src/exec_nopty.c:441 +#: src/exec_monitor.c:621 src/exec_monitor.c:722 src/exec_nopty.c:471 msgid "unable to restore tty label" msgstr "impossible de rétablir l'étiquette du tty" -#: src/exec_monitor.c:632 src/sesh.c:125 src/sudo.c:1131 +#: src/exec_monitor.c:637 src/sesh.c:123 src/sudo.c:1164 #, c-format msgid "unable to execute %s" msgstr "impossible d'exécuter %s" -#: src/exec_nopty.c:352 src/exec_pty.c:1395 +#: src/exec_nopty.c:363 src/exec_pty.c:1420 msgid "policy plugin failed session initialization" msgstr "le greffon de règles a échoué lors de l'initialisation de la session" -#: src/exec_nopty.c:429 src/exec_pty.c:1632 +#: src/exec_nopty.c:377 src/exec_pty.c:1391 src/exec_pty.c:1399 +msgid "unable to create sockets" +msgstr "impossible de créer des sockets" + +#: src/exec_nopty.c:459 src/exec_pty.c:1666 msgid "error in event loop" msgstr "erreur dans la boucle des événements" -#: src/exec_nopty.c:539 src/exec_pty.c:606 src/signal.c:101 +#: src/exec_nopty.c:569 src/exec_pty.c:619 src/signal.c:101 #, c-format msgid "unable to restore handler for signal %d" msgstr "impossible de rétablir le gestionnaire pour le signal %d" -#: src/exec_pty.c:152 +#: src/exec_pty.c:158 msgid "unable to allocate pty" msgstr "impossible d'allouer le pty" -#: src/exec_pty.c:216 src/exec_pty.c:255 src/exec_pty.c:294 src/exec_pty.c:344 -#: src/exec_pty.c:394 +#: src/exec_pty.c:222 src/exec_pty.c:262 src/exec_pty.c:302 src/exec_pty.c:353 +#: src/exec_pty.c:404 msgid "I/O plugin error" msgstr "erreur du greffon d'E/S" -#: src/exec_pty.c:219 src/exec_pty.c:258 src/exec_pty.c:297 src/exec_pty.c:347 -#: src/exec_pty.c:397 +#: src/exec_pty.c:226 src/exec_pty.c:266 src/exec_pty.c:306 src/exec_pty.c:357 +#: src/exec_pty.c:408 msgid "command rejected by I/O plugin" msgstr "commande rejetée par le greffon d'E/S" -#: src/exec_pty.c:444 +#: src/exec_pty.c:455 msgid "error logging suspend" msgstr "l'enregistrement des erreurs est suspendu" -#: src/exec_pty.c:477 +#: src/exec_pty.c:489 msgid "error changing window size" msgstr "erreur lors du changement de la taille de la fenêtre" -#: src/exec_pty.c:1375 -msgid "unable to create sockets" -msgstr "impossible de créer des sockets" - -#: src/exec_pty.c:1587 +#: src/exec_pty.c:1615 msgid "unable to send message to monitor process" msgstr "impossible d'envoyer le message au processus de monitoring" -#: src/load_plugins.c:50 src/load_plugins.c:63 src/load_plugins.c:85 -#: src/load_plugins.c:115 src/load_plugins.c:129 src/load_plugins.c:135 -#: src/load_plugins.c:287 src/load_plugins.c:297 src/load_plugins.c:307 -#: src/load_plugins.c:354 +#: src/load_plugins.c:108 src/load_plugins.c:122 src/load_plugins.c:128 +#: src/load_plugins.c:277 src/load_plugins.c:287 src/load_plugins.c:297 +#: src/load_plugins.c:344 #, c-format msgid "error in %s, line %d while loading plugin \"%s\"" msgstr "erreur dans %s, ligne %d lors du chargement du greffon « %s »" -#: src/load_plugins.c:87 -#, c-format -msgid "%s%s: %s" -msgstr "%s%s: %s" - -#: src/load_plugins.c:131 +#: src/load_plugins.c:124 #, c-format msgid "%s must be owned by uid %d" msgstr "%s doit être la propriété du uid %d" -#: src/load_plugins.c:137 +#: src/load_plugins.c:130 #, c-format msgid "%s must be only be writable by owner" msgstr "seul le propriétaire doit pouvoir écrire dans %s" -#: src/load_plugins.c:247 src/load_plugins.c:322 +#: src/load_plugins.c:241 src/load_plugins.c:312 #, c-format msgid "ignoring duplicate plugin \"%s\" in %s, line %d" msgstr "ignore le greffon en double « %s » dans %s, ligne %d" -#: src/load_plugins.c:289 +#: src/load_plugins.c:279 #, c-format msgid "unable to load %s: %s" msgstr "impossible de charger %s : %s" -#: src/load_plugins.c:299 +#: src/load_plugins.c:289 #, c-format msgid "unable to find symbol \"%s\" in %s" msgstr "impossible de trouver le symbole « %s » dans %s" -#: src/load_plugins.c:309 +#: src/load_plugins.c:299 #, c-format msgid "incompatible plugin major version %d (expected %d) found in %s" msgstr "greffon à la version majeure %d incompatible (%d attendu) trouvé dans %s" -#: src/load_plugins.c:327 +#: src/load_plugins.c:317 #, c-format msgid "ignoring policy plugin \"%s\" in %s, line %d" msgstr "ignore le greffon de règles « %s » dans %s, ligne %d" -#: src/load_plugins.c:330 +#: src/load_plugins.c:320 msgid "only a single policy plugin may be specified" msgstr "un seul greffon de règles peut être spécifié" -#: src/load_plugins.c:356 +#: src/load_plugins.c:346 #, c-format msgid "unknown plugin type %d found in %s" msgstr "type de greffon %d inconnu dans %s" -#: src/load_plugins.c:552 +#: src/load_plugins.c:529 #, c-format msgid "policy plugin %s does not include a check_policy method" msgstr "le greffon de règles %s ne contient pas de méthode check_policy" -#: src/net_ifs.c:178 src/net_ifs.c:195 src/net_ifs.c:340 src/sudo.c:479 +#: src/net_ifs.c:210 src/net_ifs.c:376 src/net_ifs.c:437 src/net_ifs.c:624 +#: src/net_ifs.c:855 src/sudo.c:483 src/sudo_edit.c:398 src/sudo_edit.c:406 #, c-format msgid "internal error, %s overflow" msgstr "erreur interne, débordement %s" -#: src/parse_args.c:223 +#: src/parse_args.c:232 #, c-format msgid "invalid environment variable name: %s" msgstr "nom de variable d'environnement invalide: %s" -#: src/parse_args.c:325 +#: src/parse_args.c:335 msgid "the argument to -C must be a number greater than or equal to 3" msgstr "l'argument à -C doit être un nombre plus grand ou égal à 3" -#: src/parse_args.c:552 +#: src/parse_args.c:566 msgid "you may not specify both the -i and -s options" msgstr "vous ne pouvez pas spécifier les options -i et -s en même temps" -#: src/parse_args.c:557 +#: src/parse_args.c:571 msgid "you may not specify both the -i and -E options" msgstr "vous ne pouvez pas spécifier les options -i et -E en même temps" -#: src/parse_args.c:567 +#: src/parse_args.c:581 msgid "the -E option is not valid in edit mode" msgstr "l'option -E n'est pas valable en mode édition" -#: src/parse_args.c:570 +#: src/parse_args.c:584 msgid "you may not specify environment variables in edit mode" msgstr "vous ne pouvez pas spécifier de variable d'environnement en mode édition" -#: src/parse_args.c:580 +#: src/parse_args.c:594 msgid "the -U option may only be used with the -l option" msgstr "l'option -U ne peut être utilisée qu'avec l'option -l" -#: src/parse_args.c:584 +#: src/parse_args.c:598 msgid "the -A and -S options may not be used together" msgstr "les options -A et -S ne peuvent pas être utilisées ensemble" -#: src/parse_args.c:677 +#: src/parse_args.c:691 msgid "sudoedit is not supported on this platform" msgstr "sudoedit n'est pas pris en charge sur cette plate-forme" -#: src/parse_args.c:759 +#: src/parse_args.c:774 msgid "Only one of the -e, -h, -i, -K, -l, -s, -v or -V options may be specified" msgstr "Seule une des options -e, -h, -i, -K, -l, -s, -v ou -V peut être spécifiée" -#: src/parse_args.c:773 +#: src/parse_args.c:790 #, c-format msgid "" "%s - edit files as another user\n" @@ -453,7 +500,7 @@ "%s – édite les fichiers en tant qu'un autre utilisateur\n" "\n" -#: src/parse_args.c:775 +#: src/parse_args.c:792 #, c-format msgid "" "%s - execute a command as another user\n" @@ -462,7 +509,7 @@ "%s – exécute une commande en tant qu'un autre utilisateur\n" "\n" -#: src/parse_args.c:780 +#: src/parse_args.c:798 msgid "" "\n" "Options:\n" @@ -470,225 +517,215 @@ "\n" "Options:\n" -#: src/parse_args.c:782 +#: src/parse_args.c:800 msgid "use a helper program for password prompting" msgstr "utiliser un programme adjoint pour demander le mot de passe" -#: src/parse_args.c:785 +#: src/parse_args.c:803 msgid "use specified BSD authentication type" msgstr "utiliser le type d'authentification BSD spécifié" -#: src/parse_args.c:788 +#: src/parse_args.c:807 msgid "run command in the background" msgstr "exécuter la commande en arrière-plan" -#: src/parse_args.c:790 +#: src/parse_args.c:810 msgid "ring bell when prompting" msgstr "émettre un signal sonore lors d'une demande" -#: src/parse_args.c:792 +#: src/parse_args.c:812 msgid "close all file descriptors >= num" msgstr "fermer tous les descripteurs de fichiers >= n°" -#: src/parse_args.c:795 +#: src/parse_args.c:815 msgid "run command with the specified BSD login class" msgstr "exécuter la commande avec la classe de login BSD" -#: src/parse_args.c:798 +#: src/parse_args.c:818 msgid "change the working directory before running command" msgstr "changer le répertoire de travail avant d'exécuter la commande" -#: src/parse_args.c:800 +#: src/parse_args.c:821 msgid "preserve user environment when running command" msgstr "préserver l'environnement de l'utilisateur en exécutant la commande" -#: src/parse_args.c:802 +#: src/parse_args.c:823 msgid "preserve specific environment variables" msgstr "préserver les variables d'environnement spécifiques" -#: src/parse_args.c:804 +#: src/parse_args.c:825 msgid "edit files instead of running a command" msgstr "éditer les fichiers au lieu d'exécuter une commande" -#: src/parse_args.c:806 +#: src/parse_args.c:828 msgid "run command as the specified group name or ID" msgstr "exécuter la commande en tant que le nom ou ID de groupe spécifié" -#: src/parse_args.c:808 +#: src/parse_args.c:831 msgid "set HOME variable to target user's home dir" msgstr "assigner à la variable HOME le répertoire personnel de l'utilisateur cible" -#: src/parse_args.c:810 +#: src/parse_args.c:834 msgid "display help message and exit" msgstr "afficher le message d'aide et terminer" -#: src/parse_args.c:812 +#: src/parse_args.c:836 msgid "run command on host (if supported by plugin)" msgstr "exécuter la commande sur l'hôte (si supporté par le greffon)" -#: src/parse_args.c:814 +#: src/parse_args.c:839 msgid "run login shell as the target user; a command may also be specified" msgstr "exécuter le shell de login comme l'utilisateur cible. Une commande peut aussi être spécifiée" -#: src/parse_args.c:816 +#: src/parse_args.c:841 msgid "remove timestamp file completely" msgstr "supprime complètement le fichier d'horodatage" -#: src/parse_args.c:818 +#: src/parse_args.c:844 msgid "invalidate timestamp file" msgstr "invalide le fichier d'horodatage" -#: src/parse_args.c:820 +#: src/parse_args.c:847 msgid "list user's privileges or check a specific command; use twice for longer format" msgstr "afficher les privilèges de l'utilisateur ou vérifie une commande spécifique. Utilisez deux fois pour une forme plus longue" -#: src/parse_args.c:822 +#: src/parse_args.c:850 msgid "non-interactive mode, no prompts are used" msgstr "mode non interactif, aucune invite utilisée" -#: src/parse_args.c:824 +#: src/parse_args.c:853 msgid "preserve group vector instead of setting to target's" msgstr "préserve le vecteur des groupes au lieu de le changer en celui de la cible" -#: src/parse_args.c:826 +#: src/parse_args.c:856 msgid "use the specified password prompt" msgstr "utiliser l'invite de mot de passe spécifié" -#: src/parse_args.c:828 +#: src/parse_args.c:858 msgid "change the root directory before running command" msgstr "changer le répertoire racine avant d'exécuter la commande" -#: src/parse_args.c:831 +#: src/parse_args.c:861 msgid "create SELinux security context with specified role" msgstr "créer le contexte de sécurité SELinux avec le rôle spécifié" -#: src/parse_args.c:834 +#: src/parse_args.c:864 msgid "read password from standard input" msgstr "lire le mot de passe depuis l'entrée standard" -#: src/parse_args.c:836 +#: src/parse_args.c:867 msgid "run shell as the target user; a command may also be specified" msgstr "exécuter le shell en tant que l'utilisateur cible. Une commande peut aussi être spécifiée" -#: src/parse_args.c:839 +#: src/parse_args.c:871 msgid "create SELinux security context with specified type" msgstr "créer le contexte de sécurité SELinux avec le type spécifié" -#: src/parse_args.c:842 +#: src/parse_args.c:874 msgid "terminate command after the specified time limit" msgstr "terminer la commande après la limite de temps spécifiée" -#: src/parse_args.c:844 +#: src/parse_args.c:877 msgid "in list mode, display privileges for user" msgstr "en mode liste, afficher les privilèges de l'utilisateur" -#: src/parse_args.c:846 +#: src/parse_args.c:880 msgid "run command (or edit file) as specified user name or ID" msgstr "exécuter la commande (ou éditer le fichier) sous le nom d'utilisateur ou le ID spécifié" -#: src/parse_args.c:848 +#: src/parse_args.c:882 msgid "display version information and exit" msgstr "afficher les informations de version et terminer" -#: src/parse_args.c:850 +#: src/parse_args.c:885 msgid "update user's timestamp without running a command" msgstr "mettre à jour l'horodatage de l'utilisateur sans exécuter de commande" -#: src/parse_args.c:852 +#: src/parse_args.c:888 msgid "stop processing command line arguments" msgstr "arrêter de traiter les arguments en ligne de commande" -#: src/selinux.c:84 +#: src/selinux.c:83 msgid "unable to open audit system" msgstr "impossible d'ouvrir le système d'audit" -#: src/selinux.c:94 +#: src/selinux.c:93 msgid "unable to send audit message" msgstr "impossible d'envoyer le message d'audit" -#: src/selinux.c:128 +#: src/selinux.c:129 #, c-format msgid "unable to fgetfilecon %s" msgstr "impossible d'exécuter fgetfilecon %s" -#: src/selinux.c:133 +#: src/selinux.c:134 #, c-format msgid "%s changed labels" msgstr "%s à changé des étiquettes" -#: src/selinux.c:141 +#: src/selinux.c:142 #, c-format msgid "unable to restore context for %s" msgstr "impossible de rétablir le contexte de %s" -#: src/selinux.c:189 +#: src/selinux.c:190 #, c-format msgid "unable to open %s, not relabeling tty" msgstr "impossible d'ouvrir %s, le tty n'est pas ré-étiqueté" -#: src/selinux.c:193 src/selinux.c:238 src/selinux.c:268 +#: src/selinux.c:194 src/selinux.c:239 src/selinux.c:269 #, c-format msgid "%s is not a character device, not relabeling tty" msgstr "%s n'est pas un périphérique caractères, le tty n'est pas ré-étiqueté" -#: src/selinux.c:202 +#: src/selinux.c:203 msgid "unable to get current tty context, not relabeling tty" msgstr "impossible d'obtenir le contexte actuel du tty, le tty n'est pas ré-étiqueté" -#: src/selinux.c:209 +#: src/selinux.c:210 msgid "unknown security class \"chr_file\", not relabeling tty" msgstr "classe de sécurité « chr_file » inconnue, le tty n'est pas ré-étiqueté" -#: src/selinux.c:214 +#: src/selinux.c:215 msgid "unable to get new tty context, not relabeling tty" msgstr "impossible d'obtenir le nouveau contexte du tty, le tty n'est pas ré-étiqueté" -#: src/selinux.c:223 +#: src/selinux.c:224 msgid "unable to set new tty context" msgstr "impossible de changer le nouveau contexte du tty" -#: src/selinux.c:321 -#, c-format -msgid "you must specify a role for type %s" -msgstr "vous devez spécifier un rôle pour le type %s" - #: src/selinux.c:327 +msgid "failed to get new context" +msgstr "échec de l'obtention du nouveau contexte" + +#: src/selinux.c:345 #, c-format msgid "unable to get default type for role %s" msgstr "impossible d'obtenir le type par défaut pour le rôle %s" -#: src/selinux.c:339 -msgid "failed to get new context" -msgstr "échec de l'obtention du nouveau contexte" - -#: src/selinux.c:348 +#: src/selinux.c:357 #, c-format msgid "failed to set new role %s" msgstr "échec lors du changement du nouveau rôle %s" -#: src/selinux.c:352 +#: src/selinux.c:361 #, c-format msgid "failed to set new type %s" msgstr "échec lors du changement du nouveau type %s" -#: src/selinux.c:364 +#: src/selinux.c:373 #, c-format msgid "%s is not a valid context" msgstr "%s n'est pas un contexte valide" -#: src/selinux.c:396 +#: src/selinux.c:402 msgid "failed to get old context" msgstr "échec de l'obtention de l'ancien contexte" -#: src/selinux.c:402 +#: src/selinux.c:408 msgid "unable to determine enforcing mode." msgstr "impossible de déterminer le mode de contrainte" -#: src/selinux.c:419 -#, c-format -msgid "unable to set tty context to %s" -msgstr "impossible de changer le contexte du tty en %s" - #: src/selinux.c:440 #, c-format msgid "unable to set exec context to %s" @@ -699,20 +736,40 @@ msgid "unable to set key creation context to %s" msgstr "impossible de changer le contexte de création de clé en %s" -#: src/sesh.c:77 +#: src/sesh.c:72 msgid "requires at least one argument" msgstr "exige au moins un argument" -#: src/sesh.c:106 +#: src/sesh.c:104 #, c-format msgid "invalid file descriptor number: %s" msgstr "numéro de descripteur de fichier invalide: %s" -#: src/sesh.c:120 +#: src/sesh.c:118 #, c-format msgid "unable to run %s as a login shell" msgstr "impossible d'exécuter %s comme un shell de login" +#: src/sesh.c:200 src/sesh.c:300 src/sudo_edit.c:204 +#, c-format +msgid "%s: editing symbolic links is not permitted" +msgstr "%s: l'édition de liens symboliques n'est pas permise" + +#: src/sesh.c:203 src/sesh.c:303 src/sudo_edit.c:207 +#, c-format +msgid "%s: editing files in a writable directory is not permitted" +msgstr "%s: l'édition de fichiers dans un répertoire accessible en écriture n'est pas permis" + +#: src/sesh.c:287 src/sesh.c:308 src/sesh.c:317 src/sesh.c:325 +#: src/sudo_edit.c:331 +#, c-format +msgid "contents of edit session left in %s" +msgstr "contenu de la session d'édition laissé dans %s" + +#: src/sesh.c:416 src/sudo_edit.c:94 +msgid "unable to get group list" +msgstr "impossible d'obtenir la liste des groupes" + #: src/signal.c:79 #, c-format msgid "unable to save handler for signal %d" @@ -761,203 +818,198 @@ msgid "warning, resource control assignment failed for project \"%s\"" msgstr "attention, l'assignement du contrôle de ressources a échoue pour le projet « %s »" -#: src/sudo.c:220 +#: src/sudo.c:213 #, c-format msgid "Sudo version %s\n" msgstr "Sudo version %s\n" -#: src/sudo.c:222 +#: src/sudo.c:215 #, c-format msgid "Configure options: %s\n" msgstr "Options de configuration : %s\n" -#: src/sudo.c:231 +#: src/sudo.c:223 msgid "fatal error, unable to load plugins" msgstr "erreur fatale, impossible de charger les greffons" -#: src/sudo.c:277 +#: src/sudo.c:269 msgid "plugin did not return a command to execute" msgstr "le greffon n'a pas retourné une commande à exécuter" -#: src/sudo.c:312 +#: src/sudo.c:302 #, c-format msgid "unexpected sudo mode 0x%x" msgstr "mode sudo 0x%x inattendu" -#: src/sudo.c:546 +#: src/sudo.c:550 #, c-format msgid "you do not exist in the %s database" msgstr "vous n'existez pas dans la base de données %s" -#: src/sudo.c:603 +#: src/sudo.c:607 msgid "unable to determine tty" msgstr "impossible de déterminer le tty" -#: src/sudo.c:913 +#: src/sudo.c:948 #, c-format msgid "%s must be owned by uid %d and have the setuid bit set" msgstr "%s doit être la propriété du uid %d et avoir le bit setuid mis" -#: src/sudo.c:916 +#: src/sudo.c:951 #, c-format msgid "effective uid is not %d, is %s on a file system with the 'nosuid' option set or an NFS file system without root privileges?" msgstr "le uid effectif n'est pas %d. Est-ce que %s est sur un système de fichiers avec l'option « nosuid » ou un système de fichiers NFS sans privilèges root ?" -#: src/sudo.c:922 +#: src/sudo.c:957 #, c-format msgid "effective uid is not %d, is sudo installed setuid root?" msgstr "le uid effectif n'est pas %d. Est-ce que sudo est installé setuid root ?" -#: src/sudo.c:938 +#: src/sudo.c:973 src/tgetpass.c:333 msgid "unable to set supplementary group IDs" msgstr "impossible d'attribuer les ID de groupe supplémentaires" -#: src/sudo.c:945 +#: src/sudo.c:980 #, c-format msgid "unable to set effective gid to runas gid %u" msgstr "impossible de changer le gid effectif à runas gid %u" -#: src/sudo.c:951 +#: src/sudo.c:986 #, c-format msgid "unable to set gid to runas gid %u" msgstr "impossible de changer le gid à runas gid %u" -#: src/sudo.c:994 +#: src/sudo.c:1029 #, c-format msgid "unexpected child termination condition: %d" msgstr "condition de fin de l'enfant inconnue: %d" -#: src/sudo.c:1103 +#: src/sudo.c:1136 msgid "unable to initialize policy plugin" msgstr "impossible d'initialiser le greffon de règles" -#: src/sudo.c:1166 +#: src/sudo.c:1198 #, c-format msgid "policy plugin %s is missing the \"check_policy\" method" msgstr "le greffon de règles %s n'a pas de méthode « check_policy »" -#: src/sudo.c:1181 src/sudo.c:1234 src/sudo.c:1278 -msgid "command rejected by policy" -msgstr "commande rejetée par la politique" - -#: src/sudo.c:1186 src/sudo.c:1239 src/sudo.c:1283 -msgid "policy plugin error" -msgstr "erreur du greffon de politique" - -#: src/sudo.c:1220 +#: src/sudo.c:1244 #, c-format msgid "policy plugin %s does not support listing privileges" msgstr "le greffon de règles %s ne supporte pas les privilèges de listage" -#: src/sudo.c:1264 +#: src/sudo.c:1288 #, c-format msgid "policy plugin %s does not support the -v option" msgstr "le greffon de règles %s ne supporte pas l'option -v" -#: src/sudo.c:1302 +#: src/sudo.c:1326 #, c-format msgid "policy plugin %s does not support the -k/-K options" msgstr "le greffon de règles %s ne supporte pas les options -k/-K" -#: src/sudo.c:1431 +#: src/sudo.c:1455 #, c-format msgid "error initializing I/O plugin %s" msgstr "erreur à l'initialisation du greffon E/S %s" -#: src/sudo.c:1585 +#: src/sudo.c:1458 +msgid "error initializing I/O plugin" +msgstr "erreur à l'initialisation du greffon E/S" + +#: src/sudo.c:1607 #, c-format msgid "error initializing audit plugin %s" msgstr "erreur à l'initialisation du greffon d'audit %s" -#: src/sudo.c:1763 +#: src/sudo.c:1686 +#, c-format +msgid "%s: unable to log error event%s%s" +msgstr "%s: impossible d'enregistrer dans le journal l'événement d'erreur%s%s" + +#: src/sudo.c:1722 +#, c-format +msgid "%s: unable to log accept event%s%s" +msgstr "%s: impossible d'enregistrer dans le journal l'événement d'acceptation%s%s" + +#: src/sudo.c:1727 src/sudo.c:1765 +msgid "audit plugin error" +msgstr "erreur du greffon d'audit" + +#: src/sudo.c:1760 +#, c-format +msgid "%s: unable to log reject event%s%s" +msgstr "%s: impossible d'enregistrer dans le journal l'événement de rejet%s%s" + +#: src/sudo.c:1820 #, c-format msgid "error initializing approval plugin %s" msgstr "erreur à l'initialisation du greffon d'approbation %s" -#: src/sudo.c:1839 +#: src/sudo.c:1890 msgid "command rejected by approver" msgstr "commande rejetée par l'approbateur" -#: src/sudo.c:1848 +#: src/sudo.c:1900 msgid "approval plugin error" msgstr "erreur du greffon d'approbation" -#: src/sudo_edit.c:226 +#: src/sudo_edit.c:113 msgid "no writable temporary directory found" msgstr "aucun répertoire temporaire est disponible en écriture" -#: src/sudo_edit.c:351 -msgid "unable to restore current working directory" -msgstr "impossible de rétablir le répertoire de travail actuel" - -#: src/sudo_edit.c:566 src/sudo_edit.c:666 -#, c-format -msgid "%s: not a regular file" -msgstr "%s: pas un fichier régulier" - -#: src/sudo_edit.c:573 -#, c-format -msgid "%s: editing symbolic links is not permitted" -msgstr "%s: l'édition de liens symboliques n'est pas permise" - -#: src/sudo_edit.c:576 -#, c-format -msgid "%s: editing files in a writable directory is not permitted" -msgstr "%s: l'édition de fichiers dans un répertoire accessible en écriture n'est pas permis" - -#: src/sudo_edit.c:667 +#: src/sudo_edit.c:291 #, c-format msgid "%s left unmodified" msgstr "%s laissé tel quel" -#: src/sudo_edit.c:680 src/sudo_edit.c:871 +#: src/sudo_edit.c:304 src/sudo_edit.c:571 #, c-format msgid "%s unchanged" msgstr "%s non modifié" -#: src/sudo_edit.c:706 src/sudo_edit.c:909 -#, c-format -msgid "contents of edit session left in %s" -msgstr "contenu de la session d'édition laissé dans %s" - -#: src/sudo_edit.c:814 +#: src/sudo_edit.c:481 msgid "sesh: internal error: odd number of paths" msgstr "sesh: erreur interne: nombre impaire de chemins" -#: src/sudo_edit.c:816 +#: src/sudo_edit.c:483 msgid "sesh: unable to create temporary files" msgstr "sesh: impossible de créer des fichiers temporaires" -#: src/sudo_edit.c:818 src/sudo_edit.c:902 +#: src/sudo_edit.c:485 src/sudo_edit.c:609 msgid "sesh: killed by a signal" msgstr "sesh: tué par un signal" -#: src/sudo_edit.c:820 src/sudo_edit.c:905 +#: src/sudo_edit.c:487 src/sudo_edit.c:612 #, c-format msgid "sesh: unknown error %d" msgstr "sesh: erreur %d inconnue" -#: src/sudo_edit.c:895 +#: src/sudo_edit.c:602 msgid "unable to copy temporary files back to their original location" msgstr "impossible de copier les fichiers temporaires à leurs emplacements d'origine" -#: src/sudo_edit.c:899 +#: src/sudo_edit.c:606 msgid "unable to copy some of the temporary files back to their original location" msgstr "impossible de copier quelques fichiers temporaires à leurs emplacements d'origine" -#: src/sudo_edit.c:943 +#: src/sudo_edit.c:649 #, c-format msgid "unable to change uid to root (%u)" msgstr "impossible de changer le uid en root (%u)" -#: src/sudo_edit.c:960 +#: src/sudo_edit.c:670 msgid "plugin error: missing file list for sudoedit" msgstr "erreur de greffon : liste de fichiers manquantes pour sudoedit" -#: src/sudo_edit.c:1011 src/sudo_edit.c:1024 +#: src/sudo_edit.c:713 src/sudo_edit.c:727 msgid "unable to read the clock" msgstr "impossible de lire l'horloge" +#: src/sudo_intercept_common.c:341 +msgid "intercept port not set" +msgstr "port d'interception non défini" + #: src/tgetpass.c:95 msgid "timed out reading password" msgstr "délai d'attente dépassé durant la lecture du mot de passe" @@ -978,33 +1030,51 @@ msgid "no askpass program specified, try setting SUDO_ASKPASS" msgstr "pas de programme askpass spécifié, essayez avec SUDO_ASKPASS" -#: src/tgetpass.c:327 +#: src/tgetpass.c:328 #, c-format msgid "unable to set gid to %u" msgstr "impossible de changer le gid en %u" -#: src/tgetpass.c:331 +#: src/tgetpass.c:338 #, c-format msgid "unable to set uid to %u" msgstr "impossible de changer le uid en %u" -#: src/tgetpass.c:336 +#: src/tgetpass.c:343 #, c-format msgid "unable to run %s" msgstr "impossible d'exécuter %s" -#: src/utmp.c:287 +#: src/utmp.c:288 msgid "unable to save stdin" msgstr "impossible de sauvegarder stdin" -#: src/utmp.c:289 +#: src/utmp.c:290 msgid "unable to dup2 stdin" msgstr "impossible d'exécuter dup2 sur stdin" -#: src/utmp.c:292 +#: src/utmp.c:293 msgid "unable to restore stdin" msgstr "impossible de rétablir stdin" +#~ msgid "unable to dup intercept fd" +#~ msgstr "impossible de dupliquer le fd intercepté" + +#~ msgid "%s: missing message header" +#~ msgstr "%s: en-tête de message manquant" + +#~ msgid "%s: expected message type %d, got %d" +#~ msgstr "%s: type de message %d attendu, %d obtenu" + +#~ msgid "you must specify a role for type %s" +#~ msgstr "vous devez spécifier un rôle pour le type %s" + +#~ msgid "unable to set tty context to %s" +#~ msgstr "impossible de changer le contexte du tty en %s" + +#~ msgid "%s%s: %s" +#~ msgstr "%s%s: %s" + #~ msgid "%s: short write" #~ msgstr "%s: écriture trop courte" @@ -1017,9 +1087,6 @@ #~ msgid "no tty present and no askpass program specified" #~ msgstr "pas de tty présent et pas de programme askpass spécifié" -#~ msgid "unable to get group vector" -#~ msgstr "impossible d'obtenir le vecteur de groupes" - #~ msgid "unknown uid %u: who are you?" #~ msgstr "uid %u inconnu : qui êtes-vous ?" Binary files /tmp/tmpi0rdlgnl/ugezXHF7Xt/sudo-1.9.5p2/po/hr.mo and /tmp/tmpi0rdlgnl/jboyaHmwzR/sudo-1.9.9/po/hr.mo differ diff -Nru sudo-1.9.5p2/po/hr.po sudo-1.9.9/po/hr.po --- sudo-1.9.5p2/po/hr.po 2020-12-17 01:33:44.000000000 +0000 +++ sudo-1.9.9/po/hr.po 2022-01-27 21:24:22.000000000 +0000 @@ -1,31 +1,29 @@ # Translation of sudo to Croatian. # This file is put in the public domain. # Tomislav Krznar , 2012, 2013. -# Božidar Putanec , 2016, 2017, 2018, 2019, 2020. +# Božidar Putanec , 2016, 2017, 2018, 2019, 2020, 2021. msgid "" msgstr "" -"Project-Id-Version: sudo-1.9.3b1\n" +"Project-Id-Version: sudo-1.9.9b1\n" "Report-Msgid-Bugs-To: https://bugzilla.sudo.ws\n" -"POT-Creation-Date: 2020-09-12 08:28-0600\n" -"PO-Revision-Date: 2020-11-26 17:25-0800\n" +"POT-Creation-Date: 2021-12-08 10:19-0700\n" +"PO-Revision-Date: 2021-12-10 15:12-0800\n" "Last-Translator: Božidar Putanec \n" "Language-Team: Croatian \n" "Language: hr\n" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=UTF-8\n" "Content-Transfer-Encoding: 8bit\n" -"X-Bugs: Report translation errors to the Language-Team address.\n" "Plural-Forms: nplurals=3; plural=(n%10==1 && n%100!=11 ? 0 : n%10>=2 && n%10<=4 && (n%100<10 || n%100>=20) ? 1 : 2);\n" -"X-Generator: Poedit 2.4.2\n" +"X-Bugs: Report translation errors to the Language-Team address.\n" +"X-Generator: Poedit 3.0.1\n" "X-Poedit-Basepath: sources/sudo-1.8.26b1\n" "X-Poedit-SourceCharset: UTF-8\n" "X-Poedit-SearchPath-0: .\n" #: lib/util/aix.c:89 lib/util/aix.c:169 msgid "unable to open userdb" -msgstr "" -"nije moguće otvoriti userdb (korisničku baza podataka)\n" -"1234567890123456789012345678901234567890123456789012345678901234567890123456789" +msgstr "nije moguće otvoriti userdb (korisničku baza podataka)" #: lib/util/aix.c:224 #, c-format @@ -37,87 +35,94 @@ msgstr "nije moguće obnoviti registar" #: lib/util/aix.c:272 lib/util/gidlist.c:66 lib/util/gidlist.c:76 -#: lib/util/json.c:54 lib/util/json.c:180 lib/util/sudo_conf.c:186 -#: lib/util/sudo_conf.c:272 lib/util/sudo_conf.c:349 lib/util/sudo_conf.c:575 -#: src/conversation.c:80 src/exec_common.c:106 src/exec_common.c:122 -#: src/exec_common.c:131 src/exec_monitor.c:206 src/exec_monitor.c:455 -#: src/exec_monitor.c:461 src/exec_monitor.c:469 src/exec_monitor.c:477 -#: src/exec_monitor.c:484 src/exec_monitor.c:491 src/exec_monitor.c:498 -#: src/exec_monitor.c:505 src/exec_monitor.c:512 src/exec_monitor.c:519 -#: src/exec_monitor.c:526 src/exec_nopty.c:212 src/exec_nopty.c:221 -#: src/exec_nopty.c:228 src/exec_nopty.c:235 src/exec_nopty.c:242 -#: src/exec_nopty.c:249 src/exec_nopty.c:256 src/exec_nopty.c:263 -#: src/exec_nopty.c:270 src/exec_nopty.c:277 src/exec_nopty.c:284 -#: src/exec_nopty.c:291 src/exec_nopty.c:299 src/exec_nopty.c:473 -#: src/exec_pty.c:827 src/exec_pty.c:836 src/exec_pty.c:893 -#: src/exec_pty.c:1046 src/exec_pty.c:1218 src/exec_pty.c:1227 -#: src/exec_pty.c:1234 src/exec_pty.c:1241 src/exec_pty.c:1248 -#: src/exec_pty.c:1255 src/exec_pty.c:1262 src/exec_pty.c:1269 -#: src/exec_pty.c:1276 src/exec_pty.c:1283 src/exec_pty.c:1290 -#: src/exec_pty.c:1298 src/exec_pty.c:1740 src/load_plugins.c:52 -#: src/load_plugins.c:65 src/load_plugins.c:163 src/load_plugins.c:188 -#: src/load_plugins.c:223 src/load_plugins.c:463 src/load_plugins.c:469 -#: src/parse_args.c:181 src/parse_args.c:202 src/parse_args.c:275 -#: src/parse_args.c:616 src/parse_args.c:638 src/parse_args.c:663 -#: src/preserve_fds.c:46 src/preserve_fds.c:131 src/selinux.c:90 -#: src/selinux.c:360 src/selinux.c:489 src/selinux.c:498 src/sesh.c:115 -#: src/sudo.c:632 src/sudo.c:701 src/sudo.c:711 src/sudo.c:732 src/sudo.c:751 -#: src/sudo.c:760 src/sudo.c:769 src/sudo.c:786 src/sudo.c:828 src/sudo.c:838 -#: src/sudo.c:867 src/sudo.c:1053 src/sudo.c:1075 src/sudo.c:1373 -#: src/sudo.c:1546 src/sudo.c:1740 src/sudo.c:2084 src/sudo_edit.c:263 -#: src/sudo_edit.c:770 src/sudo_edit.c:854 src/sudo_edit.c:976 -#: src/sudo_edit.c:996 +#: lib/util/json.c:54 lib/util/json.c:183 lib/util/sudo_conf.c:218 +#: lib/util/sudo_conf.c:304 lib/util/sudo_conf.c:381 lib/util/sudo_conf.c:665 +#: src/conversation.c:80 src/exec_monitor.c:206 src/exec_monitor.c:456 +#: src/exec_monitor.c:462 src/exec_monitor.c:470 src/exec_monitor.c:478 +#: src/exec_monitor.c:485 src/exec_monitor.c:492 src/exec_monitor.c:499 +#: src/exec_monitor.c:506 src/exec_monitor.c:513 src/exec_monitor.c:520 +#: src/exec_monitor.c:527 src/exec_nopty.c:219 src/exec_nopty.c:228 +#: src/exec_nopty.c:235 src/exec_nopty.c:242 src/exec_nopty.c:249 +#: src/exec_nopty.c:256 src/exec_nopty.c:263 src/exec_nopty.c:270 +#: src/exec_nopty.c:277 src/exec_nopty.c:284 src/exec_nopty.c:291 +#: src/exec_nopty.c:298 src/exec_nopty.c:306 src/exec_nopty.c:503 +#: src/exec_preload.c:143 src/exec_preload.c:204 src/exec_pty.c:840 +#: src/exec_pty.c:849 src/exec_pty.c:906 src/exec_pty.c:1059 +#: src/exec_pty.c:1231 src/exec_pty.c:1240 src/exec_pty.c:1247 +#: src/exec_pty.c:1254 src/exec_pty.c:1261 src/exec_pty.c:1268 +#: src/exec_pty.c:1275 src/exec_pty.c:1282 src/exec_pty.c:1289 +#: src/exec_pty.c:1296 src/exec_pty.c:1303 src/exec_pty.c:1311 +#: src/exec_pty.c:1774 src/load_plugins.c:156 src/load_plugins.c:181 +#: src/load_plugins.c:217 src/load_plugins.c:449 src/load_plugins.c:455 +#: src/parse_args.c:190 src/parse_args.c:211 src/parse_args.c:285 +#: src/parse_args.c:630 src/parse_args.c:652 src/parse_args.c:677 +#: src/preserve_fds.c:46 src/preserve_fds.c:131 src/selinux.c:89 +#: src/selinux.c:369 src/selinux.c:489 src/selinux.c:498 src/sesh.c:113 +#: src/sesh.c:146 src/sesh.c:152 src/sesh.c:159 src/sesh.c:165 src/sesh.c:410 +#: src/sudo.c:636 src/sudo.c:706 src/sudo.c:716 src/sudo.c:741 src/sudo.c:764 +#: src/sudo.c:773 src/sudo.c:782 src/sudo.c:799 src/sudo.c:849 src/sudo.c:859 +#: src/sudo.c:888 src/sudo.c:1087 src/sudo.c:1108 src/sudo.c:1401 +#: src/sudo.c:1570 src/sudo.c:1797 src/sudo.c:2131 src/sudo_edit.c:89 +#: src/sudo_edit.c:149 src/sudo_edit.c:429 src/sudo_edit.c:438 +#: src/sudo_edit.c:539 src/sudo_edit.c:546 src/sudo_edit.c:677 +#: src/sudo_edit.c:697 src/sudo_intercept_common.c:113 +#: src/sudo_intercept_common.c:317 #, c-format msgid "%s: %s" msgstr "%s: %s" #: lib/util/aix.c:272 lib/util/gidlist.c:66 lib/util/json.c:55 -#: lib/util/json.c:181 lib/util/sudo_conf.c:187 lib/util/sudo_conf.c:272 -#: lib/util/sudo_conf.c:349 lib/util/sudo_conf.c:575 src/conversation.c:81 -#: src/exec_common.c:106 src/exec_common.c:123 src/exec_common.c:132 -#: src/exec_monitor.c:455 src/exec_monitor.c:461 src/exec_monitor.c:469 -#: src/exec_monitor.c:477 src/exec_monitor.c:484 src/exec_monitor.c:491 -#: src/exec_monitor.c:498 src/exec_monitor.c:505 src/exec_monitor.c:512 -#: src/exec_monitor.c:519 src/exec_monitor.c:526 src/exec_nopty.c:212 -#: src/exec_nopty.c:221 src/exec_nopty.c:228 src/exec_nopty.c:235 -#: src/exec_nopty.c:242 src/exec_nopty.c:249 src/exec_nopty.c:256 -#: src/exec_nopty.c:263 src/exec_nopty.c:270 src/exec_nopty.c:277 -#: src/exec_nopty.c:284 src/exec_nopty.c:291 src/exec_nopty.c:299 -#: src/exec_pty.c:827 src/exec_pty.c:836 src/exec_pty.c:893 -#: src/exec_pty.c:1218 src/exec_pty.c:1227 src/exec_pty.c:1234 -#: src/exec_pty.c:1241 src/exec_pty.c:1248 src/exec_pty.c:1255 -#: src/exec_pty.c:1262 src/exec_pty.c:1269 src/exec_pty.c:1276 -#: src/exec_pty.c:1283 src/exec_pty.c:1290 src/exec_pty.c:1298 -#: src/exec_pty.c:1740 src/load_plugins.c:163 src/load_plugins.c:188 -#: src/load_plugins.c:223 src/load_plugins.c:463 src/load_plugins.c:469 -#: src/parse_args.c:181 src/parse_args.c:203 src/parse_args.c:275 -#: src/parse_args.c:616 src/parse_args.c:638 src/parse_args.c:663 -#: src/preserve_fds.c:46 src/preserve_fds.c:131 src/selinux.c:90 -#: src/selinux.c:360 src/selinux.c:489 src/selinux.c:498 src/sesh.c:115 -#: src/sudo.c:235 src/sudo.c:632 src/sudo.c:867 src/sudo.c:1053 -#: src/sudo.c:1075 src/sudo.c:1373 src/sudo.c:1546 src/sudo.c:1740 -#: src/sudo.c:2084 src/sudo_edit.c:263 src/sudo_edit.c:770 src/sudo_edit.c:854 -#: src/sudo_edit.c:976 src/sudo_edit.c:996 +#: lib/util/json.c:184 lib/util/sudo_conf.c:219 lib/util/sudo_conf.c:304 +#: lib/util/sudo_conf.c:381 lib/util/sudo_conf.c:665 src/conversation.c:81 +#: src/exec_intercept.c:100 src/exec_intercept.c:330 src/exec_intercept.c:354 +#: src/exec_intercept.c:377 src/exec_intercept.c:385 src/exec_intercept.c:410 +#: src/exec_intercept.c:416 src/exec_intercept.c:425 src/exec_intercept.c:431 +#: src/exec_intercept.c:565 src/exec_intercept.c:706 src/exec_monitor.c:456 +#: src/exec_monitor.c:462 src/exec_monitor.c:470 src/exec_monitor.c:478 +#: src/exec_monitor.c:485 src/exec_monitor.c:492 src/exec_monitor.c:499 +#: src/exec_monitor.c:506 src/exec_monitor.c:513 src/exec_monitor.c:520 +#: src/exec_monitor.c:527 src/exec_nopty.c:219 src/exec_nopty.c:228 +#: src/exec_nopty.c:235 src/exec_nopty.c:242 src/exec_nopty.c:249 +#: src/exec_nopty.c:256 src/exec_nopty.c:263 src/exec_nopty.c:270 +#: src/exec_nopty.c:277 src/exec_nopty.c:284 src/exec_nopty.c:291 +#: src/exec_nopty.c:298 src/exec_nopty.c:306 src/exec_preload.c:143 +#: src/exec_preload.c:204 src/exec_pty.c:840 src/exec_pty.c:849 +#: src/exec_pty.c:906 src/exec_pty.c:1231 src/exec_pty.c:1240 +#: src/exec_pty.c:1247 src/exec_pty.c:1254 src/exec_pty.c:1261 +#: src/exec_pty.c:1268 src/exec_pty.c:1275 src/exec_pty.c:1282 +#: src/exec_pty.c:1289 src/exec_pty.c:1296 src/exec_pty.c:1303 +#: src/exec_pty.c:1311 src/exec_pty.c:1774 src/load_plugins.c:156 +#: src/load_plugins.c:181 src/load_plugins.c:217 src/load_plugins.c:449 +#: src/load_plugins.c:455 src/parse_args.c:190 src/parse_args.c:212 +#: src/parse_args.c:285 src/parse_args.c:630 src/parse_args.c:652 +#: src/parse_args.c:677 src/preserve_fds.c:46 src/preserve_fds.c:131 +#: src/selinux.c:89 src/selinux.c:369 src/selinux.c:489 src/selinux.c:498 +#: src/sesh.c:113 src/sesh.c:411 src/sudo.c:227 src/sudo.c:636 src/sudo.c:888 +#: src/sudo.c:1087 src/sudo.c:1108 src/sudo.c:1401 src/sudo.c:1570 +#: src/sudo.c:1797 src/sudo.c:2131 src/sudo_edit.c:89 src/sudo_edit.c:149 +#: src/sudo_edit.c:429 src/sudo_edit.c:438 src/sudo_edit.c:539 +#: src/sudo_edit.c:546 src/sudo_edit.c:677 src/sudo_edit.c:697 +#: src/sudo_intercept_common.c:113 src/sudo_intercept_common.c:317 msgid "unable to allocate memory" msgstr "nije moguće dodijeliti memoriju" -#: lib/util/mkdir_parents.c:69 lib/util/sudo_conf.c:614 src/selinux.c:234 -#: src/selinux.c:264 src/sudo.c:369 +#: lib/util/mkdir_parents.c:68 lib/util/sudo_conf.c:704 src/selinux.c:235 +#: src/selinux.c:265 src/sudo.c:368 src/sudo_edit.c:494 src/sudo_edit.c:559 #, c-format msgid "unable to open %s" msgstr "nije moguće otvoriti %s" -#: lib/util/mkdir_parents.c:84 +#: lib/util/mkdir_parents.c:83 #, c-format msgid "unable to mkdir %s" msgstr "nije moguće izvršiti mkdir %s" -#: lib/util/mkdir_parents.c:93 lib/util/sudo_conf.c:591 +#: lib/util/mkdir_parents.c:92 lib/util/sudo_conf.c:681 src/copy_file.c:150 #, c-format msgid "unable to stat %s" msgstr "nije moguće dobiti status od %s" -#: lib/util/mkdir_parents.c:98 +#: lib/util/mkdir_parents.c:97 #, c-format msgid "%s exists but is not a directory (0%o)" msgstr "%s postoji ali nije direktorij (0%o)" @@ -127,7 +132,7 @@ msgstr "Nepoznati signal" #: lib/util/strtoid.c:87 lib/util/strtomode.c:52 lib/util/strtonum.c:148 -#: lib/util/strtonum.c:187 +#: lib/util/strtonum.c:187 src/sesh.c:146 src/sesh.c:159 msgid "invalid value" msgstr "nevaljana vrijednost" @@ -139,111 +144,174 @@ msgid "value too small" msgstr "veličina je premala" -#: lib/util/sudo_conf.c:205 +#: lib/util/sudo_conf.c:237 #, c-format msgid "invalid Path value \"%s\" in %s, line %u" msgstr "nevaljana Path vrijednost „%s“ u %s, redak %u" -#: lib/util/sudo_conf.c:371 lib/util/sudo_conf.c:387 lib/util/sudo_conf.c:440 +#: lib/util/sudo_conf.c:403 lib/util/sudo_conf.c:419 lib/util/sudo_conf.c:472 #, c-format msgid "invalid value for %s \"%s\" in %s, line %u" msgstr "nevaljana vrijednost za %s „%s“ u %s, redak %u" -#: lib/util/sudo_conf.c:408 +#: lib/util/sudo_conf.c:440 #, c-format msgid "unsupported group source \"%s\" in %s, line %u" msgstr "nepodržani izvor grupe „%s“ u %s, redak %u" -#: lib/util/sudo_conf.c:424 +#: lib/util/sudo_conf.c:456 #, c-format msgid "invalid max groups \"%s\" in %s, line %u" msgstr "nevaljani maksimalni broj grupa „%s“ u %s, redak %u" -#: lib/util/sudo_conf.c:594 +#: lib/util/sudo_conf.c:684 #, c-format msgid "%s is not a regular file" msgstr "%s nije obična datoteka" -#: lib/util/sudo_conf.c:597 +#: lib/util/sudo_conf.c:687 src/copy_file.c:163 #, c-format msgid "%s is owned by uid %u, should be %u" msgstr "vlasnik %s je UID %u, a treba biti %u" -#: lib/util/sudo_conf.c:601 +#: lib/util/sudo_conf.c:691 #, c-format msgid "%s is world writable" msgstr "%s može svatko mijenjati/pisati" -#: lib/util/sudo_conf.c:604 +#: lib/util/sudo_conf.c:694 #, c-format msgid "%s is group writable" msgstr "%s može svaki član grupe mijenjati/pisati" -#: src/copy_file.c:91 +#: src/copy_file.c:93 #, c-format msgid "%s: truncate %s to zero bytes? (y/n) [n] " msgstr "%s: skratiti %s na nula bajtova? (y/n) [n] " -#: src/copy_file.c:95 +#: src/copy_file.c:97 #, c-format msgid "not overwriting %s" msgstr "ne piše preko %s" -#: src/copy_file.c:117 +#: src/copy_file.c:119 #, c-format msgid "unable to read from %s" msgstr "nije moguće pročitati %s" -#: src/copy_file.c:134 src/sudo_edit.c:695 +#: src/copy_file.c:136 src/sudo_edit.c:320 #, c-format msgid "unable to write to %s" msgstr "nije moguće pisati u %s" -#: src/exec.c:128 +#: src/copy_file.c:154 src/sesh.c:218 src/sudo_edit.c:197 +#, c-format +msgid "%s: not a regular file" +msgstr "%s: nije obična datoteka" + +#: src/copy_file.c:158 +#, c-format +msgid "%s: bad file mode: 0%o" +msgstr "%s: loš datotečni način: 0%o" + +#: src/edit_open.c:331 +msgid "unable to restore current working directory" +msgstr "nije moguće obnoviti trenutni radni direktorij" + +#: src/exec.c:130 #, c-format msgid "unknown login class %s" msgstr "nepoznata prijavnička klasa %s" -#: src/exec.c:140 +#: src/exec.c:142 msgid "unable to set user context" msgstr "nije moguće uspostaviti korisnički kontekst" -#: src/exec.c:156 +#: src/exec.c:158 msgid "unable to set process priority" msgstr "nije moguće uspostaviti prioritet procesa" -#: src/exec.c:170 +#: src/exec.c:175 #, c-format msgid "unable to change root to %s" msgstr "nije moguće promijeniti root na %s" -#: src/exec.c:183 src/exec.c:189 src/exec.c:196 +#: src/exec.c:188 src/exec.c:194 src/exec.c:201 #, c-format msgid "unable to change to runas uid (%u, %u)" msgstr "nije moguće promijeniti na runas UID (%u, %u)" -#: src/exec.c:214 +#: src/exec.c:219 #, c-format msgid "unable to change directory to %s" msgstr "nije moguće promijeniti direktorij na %s" -#: src/exec.c:218 +#: src/exec.c:223 #, c-format msgid "starting from %s" msgstr "počevši od %s" # Handler, an asynchronous callback (computer programming) subroutine in computing -#: src/exec.c:300 src/exec_monitor.c:564 src/exec_monitor.c:566 -#: src/exec_nopty.c:531 src/exec_pty.c:568 src/exec_pty.c:1386 -#: src/exec_pty.c:1388 src/signal.c:139 src/signal.c:153 +#: src/exec.c:305 src/exec_monitor.c:565 src/exec_monitor.c:567 +#: src/exec_nopty.c:561 src/exec_pty.c:581 src/exec_pty.c:1411 +#: src/exec_pty.c:1413 src/signal.c:144 src/signal.c:151 src/signal.c:165 #, c-format msgid "unable to set handler for signal %d" msgstr "nije moguće postaviti rukovatelja za signal %d" -#: src/exec_common.c:165 +#: src/exec_common.c:56 msgid "unable to remove PRIV_PROC_EXEC from PRIV_LIMIT" msgstr "nije moguće ukloniti PRIV_PROC_EXEC iz PRIV_LIMIT" +#: src/exec_intercept.c:112 src/exec_intercept.c:116 src/exec_intercept.c:667 +#: src/exec_intercept.c:671 src/exec_intercept.c:857 src/exec_intercept.c:861 +#: src/exec_intercept.c:872 src/exec_intercept.c:876 src/exec_monitor.c:464 +#: src/exec_monitor.c:472 src/exec_monitor.c:480 src/exec_monitor.c:487 +#: src/exec_monitor.c:494 src/exec_monitor.c:501 src/exec_monitor.c:508 +#: src/exec_monitor.c:515 src/exec_monitor.c:522 src/exec_monitor.c:529 +#: src/exec_nopty.c:221 src/exec_nopty.c:230 src/exec_nopty.c:237 +#: src/exec_nopty.c:244 src/exec_nopty.c:251 src/exec_nopty.c:258 +#: src/exec_nopty.c:265 src/exec_nopty.c:272 src/exec_nopty.c:279 +#: src/exec_nopty.c:286 src/exec_nopty.c:293 src/exec_nopty.c:300 +#: src/exec_nopty.c:308 src/exec_pty.c:706 src/exec_pty.c:711 +#: src/exec_pty.c:808 src/exec_pty.c:815 src/exec_pty.c:912 +#: src/exec_pty.c:1233 src/exec_pty.c:1242 src/exec_pty.c:1249 +#: src/exec_pty.c:1256 src/exec_pty.c:1263 src/exec_pty.c:1270 +#: src/exec_pty.c:1277 src/exec_pty.c:1284 src/exec_pty.c:1291 +#: src/exec_pty.c:1298 src/exec_pty.c:1305 src/exec_pty.c:1727 +#: src/exec_pty.c:1737 src/exec_pty.c:1782 src/exec_pty.c:1789 +#: src/exec_pty.c:1816 +msgid "unable to add event to queue" +msgstr "nije moguće dodati događaj u red čekanja" + +#: src/exec_intercept.c:314 +msgid "invalid PolicyCheckRequest" +msgstr "nevaljani PolicyCheckRequest" + +#: src/exec_intercept.c:362 src/sudo.c:1213 src/sudo.c:1258 src/sudo.c:1302 +msgid "command rejected by policy" +msgstr "pravilnik (policy) je odbio izvršiti naredbu" + +#: src/exec_intercept.c:455 src/sudo.c:1218 src/sudo.c:1263 src/sudo.c:1307 +#: src/sudo.c:1381 +msgid "policy plugin error" +msgstr "greška plugina s pravilima (policy plugin)" + +#: src/exec_intercept.c:561 +#, c-format +msgid "client request too large: %zu" +msgstr "zahtjev klijenta je prevelik: %zu" + +#: src/exec_intercept.c:659 +#, c-format +msgid "unexpected type_case value %d in %s from %s" +msgstr "neočekivana vrijednost type_case %d in %s od %s" + +#: src/exec_intercept.c:694 +#, c-format +msgid "server message too large: %zu" +msgstr "poruka servera je prevelika: %zu" + #: src/exec_monitor.c:360 msgid "error reading from socketpair" msgstr "greška pri čitanju iz para utičnica" @@ -253,204 +321,181 @@ msgid "unexpected reply type on backchannel: %d" msgstr "neočekivana vrsta odgovora na povratnom kanalu: %d" -#: src/exec_monitor.c:463 src/exec_monitor.c:471 src/exec_monitor.c:479 -#: src/exec_monitor.c:486 src/exec_monitor.c:493 src/exec_monitor.c:500 -#: src/exec_monitor.c:507 src/exec_monitor.c:514 src/exec_monitor.c:521 -#: src/exec_monitor.c:528 src/exec_nopty.c:214 src/exec_nopty.c:223 -#: src/exec_nopty.c:230 src/exec_nopty.c:237 src/exec_nopty.c:244 -#: src/exec_nopty.c:251 src/exec_nopty.c:258 src/exec_nopty.c:265 -#: src/exec_nopty.c:272 src/exec_nopty.c:279 src/exec_nopty.c:286 -#: src/exec_nopty.c:293 src/exec_nopty.c:301 src/exec_pty.c:693 -#: src/exec_pty.c:698 src/exec_pty.c:795 src/exec_pty.c:802 src/exec_pty.c:899 -#: src/exec_pty.c:1220 src/exec_pty.c:1229 src/exec_pty.c:1236 -#: src/exec_pty.c:1243 src/exec_pty.c:1250 src/exec_pty.c:1257 -#: src/exec_pty.c:1264 src/exec_pty.c:1271 src/exec_pty.c:1278 -#: src/exec_pty.c:1285 src/exec_pty.c:1292 src/exec_pty.c:1693 -#: src/exec_pty.c:1703 src/exec_pty.c:1748 src/exec_pty.c:1755 -#: src/exec_pty.c:1782 -msgid "unable to add event to queue" -msgstr "nije moguće dodati događaj u red čekanja" - -#: src/exec_monitor.c:582 +#: src/exec_monitor.c:583 msgid "unable to set controlling tty" msgstr "nije moguće uspostaviti upravljački TTY" -#: src/exec_monitor.c:590 src/exec_nopty.c:358 src/exec_pty.c:1465 -#: src/exec_pty.c:1486 src/exec_pty.c:1506 src/tgetpass.c:306 +#: src/exec_monitor.c:591 src/exec_nopty.c:369 src/exec_pty.c:1490 +#: src/exec_pty.c:1511 src/exec_pty.c:1531 src/tgetpass.c:307 msgid "unable to create pipe" msgstr "nije moguće napraviti cijev" -#: src/exec_monitor.c:598 +#: src/exec_monitor.c:601 msgid "unable to receive message from parent" msgstr "nije moguće primiti poruku od pretka (roditelja)" -#: src/exec_monitor.c:612 src/exec_nopty.c:387 src/exec_pty.c:1544 -#: src/sudo_edit.c:735 src/tgetpass.c:310 +#: src/exec_monitor.c:617 src/exec_nopty.c:407 src/exec_pty.c:1569 +#: src/sudo_edit.c:361 src/tgetpass.c:311 msgid "unable to fork" msgstr "nije moguće kreirati potomka (dijete)" -#: src/exec_monitor.c:616 src/exec_monitor.c:715 src/exec_nopty.c:441 +#: src/exec_monitor.c:621 src/exec_monitor.c:722 src/exec_nopty.c:471 msgid "unable to restore tty label" msgstr "nije moguće obnoviti TTY etiketu" -#: src/exec_monitor.c:632 src/sesh.c:125 src/sudo.c:1131 +#: src/exec_monitor.c:637 src/sesh.c:123 src/sudo.c:1164 #, c-format msgid "unable to execute %s" msgstr "nije moguće izvršiti %s" # initialization > inicirati > dati/davati inicijativu, pobudu; pokrenuti/pokretati, započeti/započinjati -#: src/exec_nopty.c:352 src/exec_pty.c:1395 +#: src/exec_nopty.c:363 src/exec_pty.c:1420 msgid "policy plugin failed session initialization" msgstr "plugin s pravilima nije uspio pokrenuti inicijalizaciju sesije" -#: src/exec_nopty.c:429 src/exec_pty.c:1632 +#: src/exec_nopty.c:377 src/exec_pty.c:1391 src/exec_pty.c:1399 +msgid "unable to create sockets" +msgstr "nije moguće napraviti utičnice" + +#: src/exec_nopty.c:459 src/exec_pty.c:1666 msgid "error in event loop" msgstr "greška u petlji događaja" -#: src/exec_nopty.c:539 src/exec_pty.c:606 src/signal.c:101 +#: src/exec_nopty.c:569 src/exec_pty.c:619 src/signal.c:101 #, c-format msgid "unable to restore handler for signal %d" msgstr "nije moguće obnoviti rukovatelja za signal %d" -#: src/exec_pty.c:152 +#: src/exec_pty.c:158 msgid "unable to allocate pty" msgstr "nije moguće dodijeliti PTY" -#: src/exec_pty.c:216 src/exec_pty.c:255 src/exec_pty.c:294 src/exec_pty.c:344 -#: src/exec_pty.c:394 +#: src/exec_pty.c:222 src/exec_pty.c:262 src/exec_pty.c:302 src/exec_pty.c:353 +#: src/exec_pty.c:404 msgid "I/O plugin error" msgstr "greška I/O plugina (plugin za U/I)" -#: src/exec_pty.c:219 src/exec_pty.c:258 src/exec_pty.c:297 src/exec_pty.c:347 -#: src/exec_pty.c:397 +#: src/exec_pty.c:226 src/exec_pty.c:266 src/exec_pty.c:306 src/exec_pty.c:357 +#: src/exec_pty.c:408 msgid "command rejected by I/O plugin" msgstr "U/I plugin je odbio izvršiti naredbu" -#: src/exec_pty.c:444 +#: src/exec_pty.c:455 msgid "error logging suspend" msgstr "obustava evidentiranja greški" -#: src/exec_pty.c:477 +#: src/exec_pty.c:489 msgid "error changing window size" msgstr "pogreška pri mijenjanju veličine prozora" -#: src/exec_pty.c:1375 -msgid "unable to create sockets" -msgstr "nije moguće napraviti utičnice" - -#: src/exec_pty.c:1587 +#: src/exec_pty.c:1615 msgid "unable to send message to monitor process" msgstr "nije moguće poslati poruku za praćenje procesa" -#: src/load_plugins.c:50 src/load_plugins.c:63 src/load_plugins.c:85 -#: src/load_plugins.c:115 src/load_plugins.c:129 src/load_plugins.c:135 -#: src/load_plugins.c:287 src/load_plugins.c:297 src/load_plugins.c:307 -#: src/load_plugins.c:354 +#: src/load_plugins.c:108 src/load_plugins.c:122 src/load_plugins.c:128 +#: src/load_plugins.c:277 src/load_plugins.c:287 src/load_plugins.c:297 +#: src/load_plugins.c:344 #, c-format msgid "error in %s, line %d while loading plugin \"%s\"" msgstr "greška u %s, redak %d pri učitavanju plugina „%s“" -#: src/load_plugins.c:87 -#, c-format -msgid "%s%s: %s" -msgstr "%s%s: %s" - -#: src/load_plugins.c:131 +#: src/load_plugins.c:124 #, c-format msgid "%s must be owned by uid %d" msgstr "vlasnik %s mora biti UID %d" -#: src/load_plugins.c:137 +#: src/load_plugins.c:130 #, c-format msgid "%s must be only be writable by owner" msgstr "%s za pisanje mora biti dostupan samo vlasniku" -#: src/load_plugins.c:247 src/load_plugins.c:322 +#: src/load_plugins.c:241 src/load_plugins.c:312 #, c-format msgid "ignoring duplicate plugin \"%s\" in %s, line %d" msgstr "ignorira se duplikat plugina „%s“ u %s, redak %d" -#: src/load_plugins.c:289 +#: src/load_plugins.c:279 #, c-format msgid "unable to load %s: %s" msgstr "nije moguće učitati %s: %s" -#: src/load_plugins.c:299 +#: src/load_plugins.c:289 #, c-format msgid "unable to find symbol \"%s\" in %s" msgstr "nije moguće pronaći simbol „%s“ u %s" -#: src/load_plugins.c:309 +#: src/load_plugins.c:299 #, c-format msgid "incompatible plugin major version %d (expected %d) found in %s" msgstr "nekompatibilni plugin inačica %d (očekivana %d) pronađen u %s" -#: src/load_plugins.c:327 +#: src/load_plugins.c:317 #, c-format msgid "ignoring policy plugin \"%s\" in %s, line %d" msgstr "ignorira se plugin s pravilima „%s“ u %s, redak %d" -#: src/load_plugins.c:330 +#: src/load_plugins.c:320 msgid "only a single policy plugin may be specified" msgstr "smije se navesti samo jedan plugin s pravilima" -#: src/load_plugins.c:356 +#: src/load_plugins.c:346 #, c-format msgid "unknown plugin type %d found in %s" msgstr "nepoznata vrsta %d plugina pronađena u %s" -#: src/load_plugins.c:552 +#: src/load_plugins.c:529 #, c-format msgid "policy plugin %s does not include a check_policy method" msgstr "plugin s pravilima %s ne sadrži metodu check_policy" -#: src/net_ifs.c:178 src/net_ifs.c:195 src/net_ifs.c:340 src/sudo.c:479 +#: src/net_ifs.c:210 src/net_ifs.c:376 src/net_ifs.c:437 src/net_ifs.c:624 +#: src/net_ifs.c:855 src/sudo.c:483 src/sudo_edit.c:398 src/sudo_edit.c:406 #, c-format msgid "internal error, %s overflow" msgstr "**interna greška**, %s prelijevanje" -#: src/parse_args.c:223 +#: src/parse_args.c:232 #, c-format msgid "invalid environment variable name: %s" msgstr "nevaljano ime varijable okoline: %s" -#: src/parse_args.c:325 +#: src/parse_args.c:335 msgid "the argument to -C must be a number greater than or equal to 3" msgstr "argument za -C mora biti broj veći ili jednak 3" -#: src/parse_args.c:552 +#: src/parse_args.c:566 msgid "you may not specify both the -i and -s options" msgstr "ne smijete navesti istovremeno opcije -i i -s" -#: src/parse_args.c:557 +#: src/parse_args.c:571 msgid "you may not specify both the -i and -E options" msgstr "ne smijete navesti istovremeno opcije -i i -E" -#: src/parse_args.c:567 +#: src/parse_args.c:581 msgid "the -E option is not valid in edit mode" msgstr "opcija -E nije valjana kad se redigira (in edit mode)" -#: src/parse_args.c:570 +#: src/parse_args.c:584 msgid "you may not specify environment variables in edit mode" msgstr "ne smijete specificirati varijable okoline kad se redigira (in edit mode)" -#: src/parse_args.c:580 +#: src/parse_args.c:594 msgid "the -U option may only be used with the -l option" msgstr "opciju -U smijete koristiti samo uz -l opciju" -#: src/parse_args.c:584 +#: src/parse_args.c:598 msgid "the -A and -S options may not be used together" msgstr "opcije -A i -S ne smiju se koristiti zajedno" -#: src/parse_args.c:677 +#: src/parse_args.c:691 msgid "sudoedit is not supported on this platform" msgstr "sudoedit nije podržan na ovoj platformi" -#: src/parse_args.c:759 +#: src/parse_args.c:774 msgid "Only one of the -e, -h, -i, -K, -l, -s, -v or -V options may be specified" msgstr "Smije se navesti samo jedna od opcija -e, -h, -i, -K, -l, -s, -v i -V" -#: src/parse_args.c:773 +#: src/parse_args.c:790 #, c-format msgid "" "%s - edit files as another user\n" @@ -459,7 +504,7 @@ "%s - redigira datoteku kao neki drugi korisnik\n" "\n" -#: src/parse_args.c:775 +#: src/parse_args.c:792 #, c-format msgid "" "%s - execute a command as another user\n" @@ -468,7 +513,7 @@ "%s - izvrši naredbu kao neki drugi korisnik\n" "\n" -#: src/parse_args.c:780 +#: src/parse_args.c:798 msgid "" "\n" "Options:\n" @@ -476,225 +521,215 @@ "\n" "Opcije:\n" -#: src/parse_args.c:782 +#: src/parse_args.c:800 msgid "use a helper program for password prompting" msgstr "zahtjev za lozinku koristi pomoćni program" -#: src/parse_args.c:785 +#: src/parse_args.c:803 msgid "use specified BSD authentication type" msgstr "rabi navedenu BSD autentifikaciju" -#: src/parse_args.c:788 +#: src/parse_args.c:807 msgid "run command in the background" msgstr "pokrene naredbu u pozadini" -#: src/parse_args.c:790 +#: src/parse_args.c:810 msgid "ring bell when prompting" msgstr "pozvoni kad treba ulaz ili kad nešto pita" -#: src/parse_args.c:792 +#: src/parse_args.c:812 msgid "close all file descriptors >= num" msgstr "zatvara sve deskriptore datoteka >= num" -#: src/parse_args.c:795 +#: src/parse_args.c:815 msgid "run command with the specified BSD login class" msgstr "pokrene naredbu s navedenom BSD klasom prijave" -#: src/parse_args.c:798 +#: src/parse_args.c:818 msgid "change the working directory before running command" msgstr "promijenite radni direktorij prije pokretanja naredbe" -#: src/parse_args.c:800 +#: src/parse_args.c:821 msgid "preserve user environment when running command" msgstr "sačuva okolinu korisnika pri izvršenju naredbe" -#: src/parse_args.c:802 +#: src/parse_args.c:823 msgid "preserve specific environment variables" msgstr "sačuva specifične varijable okoline" -#: src/parse_args.c:804 +#: src/parse_args.c:825 msgid "edit files instead of running a command" msgstr "redigira datoteke umjesto pokretanja naredbe" -#: src/parse_args.c:806 +#: src/parse_args.c:828 msgid "run command as the specified group name or ID" msgstr "izvrši naredbu kao navedeno group ime ili ID" -#: src/parse_args.c:808 +#: src/parse_args.c:831 msgid "set HOME variable to target user's home dir" msgstr "var HOME postavi na osobni direktorij korisnika" -#: src/parse_args.c:810 +#: src/parse_args.c:834 msgid "display help message and exit" msgstr "pokaže ovu pomoć i iziđe" -#: src/parse_args.c:812 +#: src/parse_args.c:836 msgid "run command on host (if supported by plugin)" msgstr "pokrene naredbu na host računalu (ako to plugin podržava)" -#: src/parse_args.c:814 +#: src/parse_args.c:839 msgid "run login shell as the target user; a command may also be specified" msgstr "pokrene prijavnu ljusku kao ciljani korisnik; može se navesti i naredba" -#: src/parse_args.c:816 +#: src/parse_args.c:841 msgid "remove timestamp file completely" msgstr "sasvim ukloni datoteku s vremenskim oznakama" -#: src/parse_args.c:818 +#: src/parse_args.c:844 msgid "invalidate timestamp file" msgstr "poništi datoteku s vremenskim oznakama" -#: src/parse_args.c:820 +#: src/parse_args.c:847 msgid "list user's privileges or check a specific command; use twice for longer format" msgstr "privilegije korisnika ili test specifične naredbe; rabite -ll za duži popis" -#: src/parse_args.c:822 +#: src/parse_args.c:850 msgid "non-interactive mode, no prompts are used" msgstr "ne-interaktivni mȏd; bez prompta" -#: src/parse_args.c:824 +#: src/parse_args.c:853 msgid "preserve group vector instead of setting to target's" msgstr "sačuva grupni vektor umjesto postavljanja na ciljanu grupu" -#: src/parse_args.c:826 +#: src/parse_args.c:856 msgid "use the specified password prompt" msgstr "koristi navedeni prompt za unos lozinke" -#: src/parse_args.c:828 +#: src/parse_args.c:858 msgid "change the root directory before running command" msgstr "promijenite root direktorij prije pokretanja naredbe" -#: src/parse_args.c:831 +#: src/parse_args.c:861 msgid "create SELinux security context with specified role" msgstr "stvori SELinux sigurnosni kontekst s navedenom role ulogom" -#: src/parse_args.c:834 +#: src/parse_args.c:864 msgid "read password from standard input" msgstr "čita lozinku iz standardnog ulaza" -#: src/parse_args.c:836 +#: src/parse_args.c:867 msgid "run shell as the target user; a command may also be specified" msgstr "pokrene ljusku kao ciljani korisnik; može se navesti i naredba" -#: src/parse_args.c:839 +#: src/parse_args.c:871 msgid "create SELinux security context with specified type" msgstr "stvori SELinux sigurnosni kontekst s navedenom type ulogom" -#: src/parse_args.c:842 +#: src/parse_args.c:874 msgid "terminate command after the specified time limit" msgstr "naredba završi nakon navedenoga vremenskog ograničenja" -#: src/parse_args.c:844 +#: src/parse_args.c:877 msgid "in list mode, display privileges for user" msgstr "izlista popis privilegija user korisnika" -#: src/parse_args.c:846 +#: src/parse_args.c:880 msgid "run command (or edit file) as specified user name or ID" msgstr "pokreni naredbu (ili redigira datoteku) kao navedeni user korisnik" -#: src/parse_args.c:848 +#: src/parse_args.c:882 msgid "display version information and exit" msgstr "informira o inačici ovog programa i iziđe" -#: src/parse_args.c:850 +#: src/parse_args.c:885 msgid "update user's timestamp without running a command" msgstr "obnovi vremensku oznaku korisnika bez pokretanja naredbe" -#: src/parse_args.c:852 +#: src/parse_args.c:888 msgid "stop processing command line arguments" msgstr "prestane s obradom argumenata na naredbenom retku" -#: src/selinux.c:84 +#: src/selinux.c:83 msgid "unable to open audit system" msgstr "nije moguće otvoriti revizijski sustav" -#: src/selinux.c:94 +#: src/selinux.c:93 msgid "unable to send audit message" msgstr "nije moguće poslati revizijsku poruku" -#: src/selinux.c:128 +#: src/selinux.c:129 #, c-format msgid "unable to fgetfilecon %s" msgstr "neuspješna fgetfilecon() %s" -#: src/selinux.c:133 +#: src/selinux.c:134 #, c-format msgid "%s changed labels" msgstr "%s je promijenio etikete" -#: src/selinux.c:141 +#: src/selinux.c:142 #, c-format msgid "unable to restore context for %s" msgstr "nije moguće obnoviti kontekst za %s" -#: src/selinux.c:189 +#: src/selinux.c:190 #, c-format msgid "unable to open %s, not relabeling tty" msgstr "nije moguće otvoriti %s, oznaka TTY se ne mijenja" -#: src/selinux.c:193 src/selinux.c:238 src/selinux.c:268 +#: src/selinux.c:194 src/selinux.c:239 src/selinux.c:269 #, c-format msgid "%s is not a character device, not relabeling tty" msgstr "%s nije znakovni uređaj (c-device), oznaka TTY se me mijenja" -#: src/selinux.c:202 +#: src/selinux.c:203 msgid "unable to get current tty context, not relabeling tty" msgstr "nije moguće dobiti trenutni TTY kontekst, oznaka TTY se me mijenja" -#: src/selinux.c:209 +#: src/selinux.c:210 msgid "unknown security class \"chr_file\", not relabeling tty" msgstr "nepoznata sigurnosna klasa „chr_file“, oznaka TTY se me mijenja" -#: src/selinux.c:214 +#: src/selinux.c:215 msgid "unable to get new tty context, not relabeling tty" msgstr "nije moguće dobiti novi TTY kontekst, oznaka TTY se me mijenja" -#: src/selinux.c:223 +#: src/selinux.c:224 msgid "unable to set new tty context" msgstr "nije moguće uspostaviti novi TTY kontekst" -#: src/selinux.c:321 -#, c-format -msgid "you must specify a role for type %s" -msgstr "morate navesti ulogu za vrstu %s" - #: src/selinux.c:327 +msgid "failed to get new context" +msgstr "nije uspjelo dobiti novi kontekst" + +#: src/selinux.c:345 #, c-format msgid "unable to get default type for role %s" msgstr "nije moguće dobiti zadanu vrstu za ulogu %s" -#: src/selinux.c:339 -msgid "failed to get new context" -msgstr "nije uspjelo dobiti novi kontekst" - -#: src/selinux.c:348 +#: src/selinux.c:357 #, c-format msgid "failed to set new role %s" msgstr "nije uspjelo postaviti novu ulogu %s" -#: src/selinux.c:352 +#: src/selinux.c:361 #, c-format msgid "failed to set new type %s" msgstr "nije uspjelo postaviti novu vrstu %s" -#: src/selinux.c:364 +#: src/selinux.c:373 #, c-format msgid "%s is not a valid context" msgstr "%s nije valjani kontekst" -#: src/selinux.c:396 +#: src/selinux.c:402 msgid "failed to get old context" msgstr "nije uspjelo dobiti stari kontekst" -#: src/selinux.c:402 +#: src/selinux.c:408 msgid "unable to determine enforcing mode." msgstr "nije moguće odrediti način provedbe." -#: src/selinux.c:419 -#, c-format -msgid "unable to set tty context to %s" -msgstr "nije moguće postaviti TTY kontekst za %s" - #: src/selinux.c:440 #, c-format msgid "unable to set exec context to %s" @@ -705,20 +740,42 @@ msgid "unable to set key creation context to %s" msgstr "nije moguće postaviti kontekst stvaranja ključa na %s" -#: src/sesh.c:77 +#: src/sesh.c:72 msgid "requires at least one argument" msgstr "zahtijeva barem jedan argument" -#: src/sesh.c:106 +#: src/sesh.c:104 #, c-format msgid "invalid file descriptor number: %s" msgstr "nevaljani broj deskriptora datoteke: %s" -#: src/sesh.c:120 +#: src/sesh.c:118 #, c-format msgid "unable to run %s as a login shell" msgstr "nije moguće pokrenuti %s kao prijavnu ljusku" +#: src/sesh.c:200 src/sesh.c:300 src/sudo_edit.c:204 +#, c-format +msgid "%s: editing symbolic links is not permitted" +msgstr "%s: simboličke veze nije dopušteno redigirati" + +# writable> zapisiv, upisiv, u kojem je dopušteno pisati +# http://hjp.znanje.hr/ > upisiv > koji se može upisati, koji ispunjava uvjete upisa +#: src/sesh.c:203 src/sesh.c:303 src/sudo_edit.c:207 +#, c-format +msgid "%s: editing files in a writable directory is not permitted" +msgstr "%s: datoteke nije dopušteno redigirati u direktoriju koji dopušta pisanje" + +#: src/sesh.c:287 src/sesh.c:308 src/sesh.c:317 src/sesh.c:325 +#: src/sudo_edit.c:331 +#, c-format +msgid "contents of edit session left in %s" +msgstr "sadržaj sesije redigiranja je ostavljen u %s" + +#: src/sesh.c:416 src/sudo_edit.c:94 +msgid "unable to get group list" +msgstr "nije moguće dobiti popis grupa" + #: src/signal.c:79 #, c-format msgid "unable to save handler for signal %d" @@ -767,205 +824,198 @@ msgid "warning, resource control assignment failed for project \"%s\"" msgstr "upozorenje: nije uspjelo dodijeliti upravljanje resursima projekta „%s“" -#: src/sudo.c:220 +#: src/sudo.c:213 #, c-format msgid "Sudo version %s\n" msgstr "Sudo inačica %s\n" -#: src/sudo.c:222 +#: src/sudo.c:215 #, c-format msgid "Configure options: %s\n" msgstr "Konfiguracijske opcije: %s\n" -#: src/sudo.c:231 +#: src/sudo.c:223 msgid "fatal error, unable to load plugins" msgstr "kobna greška, nije moguće učitati plugine" -#: src/sudo.c:277 +#: src/sudo.c:269 msgid "plugin did not return a command to execute" msgstr "plugin nije uzvratio naredbu za izvršiti" -#: src/sudo.c:312 +#: src/sudo.c:302 #, c-format msgid "unexpected sudo mode 0x%x" msgstr "neočekivani sudo mȏd 0x%x" -#: src/sudo.c:546 +#: src/sudo.c:550 #, c-format msgid "you do not exist in the %s database" msgstr "vas nema u %s bazi podataka" -#: src/sudo.c:603 +#: src/sudo.c:607 msgid "unable to determine tty" msgstr "nije moguće odrediti TTY" -#: src/sudo.c:913 +#: src/sudo.c:948 #, c-format msgid "%s must be owned by uid %d and have the setuid bit set" msgstr "vlasnik %s mora biti UID %d i mora imati postavljeni setuid bit" -#: src/sudo.c:916 +#: src/sudo.c:951 #, c-format msgid "effective uid is not %d, is %s on a file system with the 'nosuid' option set or an NFS file system without root privileges?" msgstr "efektivni UID nije %d; je li %s na datotečnom sustavu s postavljenom opcijom „nosuid“ ili NFS datotečnom sustavu bez root privilegija?" -#: src/sudo.c:922 +#: src/sudo.c:957 #, c-format msgid "effective uid is not %d, is sudo installed setuid root?" msgstr "efektivni UID nije %d; je li sudo instaliran sa setuid root?" -#: src/sudo.c:938 +#: src/sudo.c:973 src/tgetpass.c:333 msgid "unable to set supplementary group IDs" msgstr "nije moguće postaviti ID dodatnih grupa" -#: src/sudo.c:945 +#: src/sudo.c:980 #, c-format msgid "unable to set effective gid to runas gid %u" msgstr "nije moguće postaviti efektivni GID na runas GID %u" -#: src/sudo.c:951 +#: src/sudo.c:986 #, c-format msgid "unable to set gid to runas gid %u" msgstr "nije moguće postaviti GID na runas GID %u" -#: src/sudo.c:994 +#: src/sudo.c:1029 #, c-format msgid "unexpected child termination condition: %d" msgstr "neočekivano stanje završetka potomka (dijete-procesa) : %d" -#: src/sudo.c:1103 +#: src/sudo.c:1136 msgid "unable to initialize policy plugin" msgstr "nije moguće inicijalizirati plugin s pravilima" -#: src/sudo.c:1166 +#: src/sudo.c:1198 #, c-format msgid "policy plugin %s is missing the \"check_policy\" method" msgstr "pluginu s pravilima %s nedostaje metoda „check_policy“" -#: src/sudo.c:1181 src/sudo.c:1234 src/sudo.c:1278 -msgid "command rejected by policy" -msgstr "pravilnik (policy) je odbio izvršiti naredbu" - -#: src/sudo.c:1186 src/sudo.c:1239 src/sudo.c:1283 -msgid "policy plugin error" -msgstr "greška plugina s pravilima (policy plugin)" - -#: src/sudo.c:1220 +#: src/sudo.c:1244 #, c-format msgid "policy plugin %s does not support listing privileges" msgstr "plugin s pravilima %s ne podržava ispis ovlasti" -#: src/sudo.c:1264 +#: src/sudo.c:1288 #, c-format msgid "policy plugin %s does not support the -v option" msgstr "plugin s pravilima %s ne podržava opciju -v" -#: src/sudo.c:1302 +#: src/sudo.c:1326 #, c-format msgid "policy plugin %s does not support the -k/-K options" msgstr "plugin s pravilima %s ne podržava -k/-K opcije" -#: src/sudo.c:1431 +#: src/sudo.c:1455 #, c-format msgid "error initializing I/O plugin %s" msgstr "greška pri inicijalizaciji U/I plugina %s" -#: src/sudo.c:1585 +#: src/sudo.c:1458 +msgid "error initializing I/O plugin" +msgstr "greška pri inicijalizaciji U/I plugina" + +#: src/sudo.c:1607 #, c-format msgid "error initializing audit plugin %s" msgstr "greška pri inicijalizaciji plugina za reviziju %s" -#: src/sudo.c:1763 +#: src/sudo.c:1686 +#, c-format +msgid "%s: unable to log error event%s%s" +msgstr "%s: nije uspjelo zabilježiti pogrešku događaja%s%s" + +#: src/sudo.c:1722 +#, c-format +msgid "%s: unable to log accept event%s%s" +msgstr "%s: nije uspjelo zabilježiti događaj prihvaćanja%s%s" + +#: src/sudo.c:1727 src/sudo.c:1765 +msgid "audit plugin error" +msgstr "pogreška u pluginu za reviziju" + +#: src/sudo.c:1760 +#, c-format +msgid "%s: unable to log reject event%s%s" +msgstr "%s: nije uspjelo zabilježiti događaj odbijanja%s%s" + +#: src/sudo.c:1820 #, c-format msgid "error initializing approval plugin %s" msgstr "greška pri inicijalizaciji plugina za odobrenje %s" -#: src/sudo.c:1839 +#: src/sudo.c:1890 msgid "command rejected by approver" msgstr "odobravatelj je odbio izvršiti naredbu" -#: src/sudo.c:1848 +#: src/sudo.c:1900 msgid "approval plugin error" msgstr "greška plugina za odobravanje" -#: src/sudo_edit.c:226 +#: src/sudo_edit.c:113 msgid "no writable temporary directory found" msgstr "nije pronađen privremeni direktorij u koji je moguće pisati" -#: src/sudo_edit.c:351 -msgid "unable to restore current working directory" -msgstr "nije moguće obnoviti trenutni radni direktorij" - -#: src/sudo_edit.c:566 src/sudo_edit.c:666 -#, c-format -msgid "%s: not a regular file" -msgstr "%s: nije obična datoteka" - -#: src/sudo_edit.c:573 -#, c-format -msgid "%s: editing symbolic links is not permitted" -msgstr "%s: simboličke veze nije dopušteno redigirati" - -# writable> zapisiv, upisiv, u kojem je dopušteno pisati -# http://hjp.znanje.hr/ > upisiv > koji se može upisati, koji ispunjava uvjete upisa -#: src/sudo_edit.c:576 -#, c-format -msgid "%s: editing files in a writable directory is not permitted" -msgstr "%s: datoteke nije dopušteno redigirati u direktoriju koji dopušta pisanje" - -#: src/sudo_edit.c:667 +#: src/sudo_edit.c:291 #, c-format msgid "%s left unmodified" msgstr "%s nije izmijenjeno" -#: src/sudo_edit.c:680 src/sudo_edit.c:871 +#: src/sudo_edit.c:304 src/sudo_edit.c:571 #, c-format msgid "%s unchanged" msgstr "%s nije promijenjeno" -#: src/sudo_edit.c:706 src/sudo_edit.c:909 -#, c-format -msgid "contents of edit session left in %s" -msgstr "sadržaj sesije redigiranja je ostavljen u %s" - -#: src/sudo_edit.c:814 +#: src/sudo_edit.c:481 msgid "sesh: internal error: odd number of paths" msgstr "sesh: interna greška: neparni broj staza" -#: src/sudo_edit.c:816 +#: src/sudo_edit.c:483 msgid "sesh: unable to create temporary files" msgstr "sesh: nije moguće čitati privremenu datoteku" -#: src/sudo_edit.c:818 src/sudo_edit.c:902 +#: src/sudo_edit.c:485 src/sudo_edit.c:609 msgid "sesh: killed by a signal" msgstr "sesh: ubijen signalom" -#: src/sudo_edit.c:820 src/sudo_edit.c:905 +#: src/sudo_edit.c:487 src/sudo_edit.c:612 #, c-format msgid "sesh: unknown error %d" msgstr "sesh: nepoznata greška: %d" -#: src/sudo_edit.c:895 +#: src/sudo_edit.c:602 msgid "unable to copy temporary files back to their original location" msgstr "nije moguće kopirati privremene datoteke u njihovu originalnu lokaciju" -#: src/sudo_edit.c:899 +#: src/sudo_edit.c:606 msgid "unable to copy some of the temporary files back to their original location" msgstr "nije moguće kopirati neke od privremenih datoteka u njihovu originalnu lokaciju" -#: src/sudo_edit.c:943 +#: src/sudo_edit.c:649 #, c-format msgid "unable to change uid to root (%u)" msgstr "nije moguće promijeniti UID na root (%u)" -#: src/sudo_edit.c:960 +#: src/sudo_edit.c:670 msgid "plugin error: missing file list for sudoedit" msgstr "greška plugina: nedostaje popis datoteka za sudoedit" -#: src/sudo_edit.c:1011 src/sudo_edit.c:1024 +#: src/sudo_edit.c:713 src/sudo_edit.c:727 msgid "unable to read the clock" msgstr "nije moguće pročitati vrijeme (clock)" +#: src/sudo_intercept_common.c:341 +msgid "intercept port not set" +msgstr "port za presretanje nije postavljen" + #: src/tgetpass.c:95 msgid "timed out reading password" msgstr "vrijeme za čitanje lozinke je isteklo" @@ -986,33 +1036,51 @@ msgid "no askpass program specified, try setting SUDO_ASKPASS" msgstr "nije specificiran askpass program, pokušajte postaviti SUDO_ASKPASS" -#: src/tgetpass.c:327 +#: src/tgetpass.c:328 #, c-format msgid "unable to set gid to %u" msgstr "nije moguće postaviti GID na %u" -#: src/tgetpass.c:331 +#: src/tgetpass.c:338 #, c-format msgid "unable to set uid to %u" msgstr "nije moguće postaviti UID na %u" -#: src/tgetpass.c:336 +#: src/tgetpass.c:343 #, c-format msgid "unable to run %s" msgstr "nije moguće pokrenuti %s" -#: src/utmp.c:287 +#: src/utmp.c:288 msgid "unable to save stdin" msgstr "nije moguće sačuvati stdin" -#: src/utmp.c:289 +#: src/utmp.c:290 msgid "unable to dup2 stdin" msgstr "dup2 nije moguće primijeniti na stdin" -#: src/utmp.c:292 +#: src/utmp.c:293 msgid "unable to restore stdin" msgstr "nije moguće obnoviti stdin" +#~ msgid "unable to dup intercept fd" +#~ msgstr "nije uspjelo duplicirati deskriptor presrele datoteke" + +#~ msgid "%s: missing message header" +#~ msgstr "%s: poruci nedostaje zaglavlje" + +#~ msgid "%s: expected message type %d, got %d" +#~ msgstr "%s: očekivana je poruka vrste %d, a dobivena je %d" + +#~ msgid "you must specify a role for type %s" +#~ msgstr "morate navesti ulogu za vrstu %s" + +#~ msgid "unable to set tty context to %s" +#~ msgstr "nije moguće postaviti TTY kontekst za %s" + +#~ msgid "%s%s: %s" +#~ msgstr "%s%s: %s" + #~ msgid "%s: short write" #~ msgstr "%s: nepotpuni zapis" @@ -1025,9 +1093,6 @@ #~ msgid "no tty present and no askpass program specified" #~ msgstr "nema TTY i nije specificiran askpass program" -#~ msgid "unable to get group vector" -#~ msgstr "nije moguće dobiti grupni vektor" - #~ msgid "unknown uid %u: who are you?" #~ msgstr "nepoznat UID %u: tko ste vi?" Binary files /tmp/tmpi0rdlgnl/ugezXHF7Xt/sudo-1.9.5p2/po/it.mo and /tmp/tmpi0rdlgnl/jboyaHmwzR/sudo-1.9.9/po/it.mo differ diff -Nru sudo-1.9.5p2/po/it.po sudo-1.9.9/po/it.po --- sudo-1.9.5p2/po/it.po 2020-12-17 01:33:44.000000000 +0000 +++ sudo-1.9.9/po/it.po 2022-01-27 21:24:06.000000000 +0000 @@ -1,13 +1,13 @@ # Italian translations for sudo package # This file is put in the public domain. -# Milo Casagrande , 2011, 2012, 2013, 2014, 2015, 2016, 2017, 2018, 2019, 2020. +# Milo Casagrande , 2011, 2012, 2013, 2014, 2015, 2016, 2017, 2018, 2019, 2020, 2021. # msgid "" msgstr "" -"Project-Id-Version: sudo-1.9.3b1\n" +"Project-Id-Version: sudo-1.9.6b1\n" "Report-Msgid-Bugs-To: https://bugzilla.sudo.ws\n" -"POT-Creation-Date: 2020-09-12 08:28-0600\n" -"PO-Revision-Date: 2020-09-28 09:03+0200\n" +"POT-Creation-Date: 2021-01-09 12:59-0700\n" +"PO-Revision-Date: 2021-03-15 17:58+0100\n" "Last-Translator: Milo Casagrande \n" "Language-Team: Italian \n" "Language: it\n" @@ -16,7 +16,7 @@ "Content-Transfer-Encoding: 8bit\n" "X-Bugs: Report translation errors to the Language-Team address.\n" "Plural-Forms: nplurals=2; plural=(n!=1);\n" -"X-Generator: Poedit 2.4.1\n" +"X-Generator: Poedit 2.4.2\n" #: lib/util/aix.c:89 lib/util/aix.c:169 msgid "unable to open userdb" @@ -32,8 +32,8 @@ msgstr "impossibile ripristinare il registro" #: lib/util/aix.c:272 lib/util/gidlist.c:66 lib/util/gidlist.c:76 -#: lib/util/json.c:54 lib/util/json.c:180 lib/util/sudo_conf.c:186 -#: lib/util/sudo_conf.c:272 lib/util/sudo_conf.c:349 lib/util/sudo_conf.c:575 +#: lib/util/json.c:54 lib/util/json.c:183 lib/util/sudo_conf.c:198 +#: lib/util/sudo_conf.c:284 lib/util/sudo_conf.c:361 lib/util/sudo_conf.c:647 #: src/conversation.c:80 src/exec_common.c:106 src/exec_common.c:122 #: src/exec_common.c:131 src/exec_monitor.c:206 src/exec_monitor.c:455 #: src/exec_monitor.c:461 src/exec_monitor.c:469 src/exec_monitor.c:477 @@ -44,31 +44,33 @@ #: src/exec_nopty.c:249 src/exec_nopty.c:256 src/exec_nopty.c:263 #: src/exec_nopty.c:270 src/exec_nopty.c:277 src/exec_nopty.c:284 #: src/exec_nopty.c:291 src/exec_nopty.c:299 src/exec_nopty.c:473 -#: src/exec_pty.c:827 src/exec_pty.c:836 src/exec_pty.c:893 -#: src/exec_pty.c:1046 src/exec_pty.c:1218 src/exec_pty.c:1227 -#: src/exec_pty.c:1234 src/exec_pty.c:1241 src/exec_pty.c:1248 -#: src/exec_pty.c:1255 src/exec_pty.c:1262 src/exec_pty.c:1269 -#: src/exec_pty.c:1276 src/exec_pty.c:1283 src/exec_pty.c:1290 -#: src/exec_pty.c:1298 src/exec_pty.c:1740 src/load_plugins.c:52 +#: src/exec_pty.c:834 src/exec_pty.c:843 src/exec_pty.c:900 +#: src/exec_pty.c:1053 src/exec_pty.c:1225 src/exec_pty.c:1234 +#: src/exec_pty.c:1241 src/exec_pty.c:1248 src/exec_pty.c:1255 +#: src/exec_pty.c:1262 src/exec_pty.c:1269 src/exec_pty.c:1276 +#: src/exec_pty.c:1283 src/exec_pty.c:1290 src/exec_pty.c:1297 +#: src/exec_pty.c:1305 src/exec_pty.c:1747 src/load_plugins.c:52 #: src/load_plugins.c:65 src/load_plugins.c:163 src/load_plugins.c:188 -#: src/load_plugins.c:223 src/load_plugins.c:463 src/load_plugins.c:469 +#: src/load_plugins.c:223 src/load_plugins.c:455 src/load_plugins.c:461 #: src/parse_args.c:181 src/parse_args.c:202 src/parse_args.c:275 #: src/parse_args.c:616 src/parse_args.c:638 src/parse_args.c:663 #: src/preserve_fds.c:46 src/preserve_fds.c:131 src/selinux.c:90 -#: src/selinux.c:360 src/selinux.c:489 src/selinux.c:498 src/sesh.c:115 -#: src/sudo.c:632 src/sudo.c:701 src/sudo.c:711 src/sudo.c:732 src/sudo.c:751 -#: src/sudo.c:760 src/sudo.c:769 src/sudo.c:786 src/sudo.c:828 src/sudo.c:838 -#: src/sudo.c:867 src/sudo.c:1053 src/sudo.c:1075 src/sudo.c:1373 -#: src/sudo.c:1546 src/sudo.c:1740 src/sudo.c:2084 src/sudo_edit.c:263 -#: src/sudo_edit.c:770 src/sudo_edit.c:854 src/sudo_edit.c:976 -#: src/sudo_edit.c:996 +#: src/selinux.c:360 src/selinux.c:489 src/selinux.c:498 src/sesh.c:110 +#: src/sesh.c:143 src/sesh.c:149 src/sesh.c:156 src/sesh.c:162 src/sesh.c:407 +#: src/sudo.c:632 src/sudo.c:702 src/sudo.c:712 src/sudo.c:733 src/sudo.c:752 +#: src/sudo.c:761 src/sudo.c:770 src/sudo.c:787 src/sudo.c:829 src/sudo.c:839 +#: src/sudo.c:868 src/sudo.c:1054 src/sudo.c:1076 src/sudo.c:1378 +#: src/sudo.c:1551 src/sudo.c:1776 src/sudo.c:2120 src/sudo_edit.c:89 +#: src/sudo_edit.c:151 src/sudo_edit.c:431 src/sudo_edit.c:440 +#: src/sudo_edit.c:539 src/sudo_edit.c:546 src/sudo_edit.c:682 +#: src/sudo_edit.c:702 #, c-format msgid "%s: %s" msgstr "%s: %s" #: lib/util/aix.c:272 lib/util/gidlist.c:66 lib/util/json.c:55 -#: lib/util/json.c:181 lib/util/sudo_conf.c:187 lib/util/sudo_conf.c:272 -#: lib/util/sudo_conf.c:349 lib/util/sudo_conf.c:575 src/conversation.c:81 +#: lib/util/json.c:184 lib/util/sudo_conf.c:199 lib/util/sudo_conf.c:284 +#: lib/util/sudo_conf.c:361 lib/util/sudo_conf.c:647 src/conversation.c:81 #: src/exec_common.c:106 src/exec_common.c:123 src/exec_common.c:132 #: src/exec_monitor.c:455 src/exec_monitor.c:461 src/exec_monitor.c:469 #: src/exec_monitor.c:477 src/exec_monitor.c:484 src/exec_monitor.c:491 @@ -78,26 +80,27 @@ #: src/exec_nopty.c:242 src/exec_nopty.c:249 src/exec_nopty.c:256 #: src/exec_nopty.c:263 src/exec_nopty.c:270 src/exec_nopty.c:277 #: src/exec_nopty.c:284 src/exec_nopty.c:291 src/exec_nopty.c:299 -#: src/exec_pty.c:827 src/exec_pty.c:836 src/exec_pty.c:893 -#: src/exec_pty.c:1218 src/exec_pty.c:1227 src/exec_pty.c:1234 -#: src/exec_pty.c:1241 src/exec_pty.c:1248 src/exec_pty.c:1255 -#: src/exec_pty.c:1262 src/exec_pty.c:1269 src/exec_pty.c:1276 -#: src/exec_pty.c:1283 src/exec_pty.c:1290 src/exec_pty.c:1298 -#: src/exec_pty.c:1740 src/load_plugins.c:163 src/load_plugins.c:188 -#: src/load_plugins.c:223 src/load_plugins.c:463 src/load_plugins.c:469 +#: src/exec_pty.c:834 src/exec_pty.c:843 src/exec_pty.c:900 +#: src/exec_pty.c:1225 src/exec_pty.c:1234 src/exec_pty.c:1241 +#: src/exec_pty.c:1248 src/exec_pty.c:1255 src/exec_pty.c:1262 +#: src/exec_pty.c:1269 src/exec_pty.c:1276 src/exec_pty.c:1283 +#: src/exec_pty.c:1290 src/exec_pty.c:1297 src/exec_pty.c:1305 +#: src/exec_pty.c:1747 src/load_plugins.c:163 src/load_plugins.c:188 +#: src/load_plugins.c:223 src/load_plugins.c:455 src/load_plugins.c:461 #: src/parse_args.c:181 src/parse_args.c:203 src/parse_args.c:275 #: src/parse_args.c:616 src/parse_args.c:638 src/parse_args.c:663 #: src/preserve_fds.c:46 src/preserve_fds.c:131 src/selinux.c:90 -#: src/selinux.c:360 src/selinux.c:489 src/selinux.c:498 src/sesh.c:115 -#: src/sudo.c:235 src/sudo.c:632 src/sudo.c:867 src/sudo.c:1053 -#: src/sudo.c:1075 src/sudo.c:1373 src/sudo.c:1546 src/sudo.c:1740 -#: src/sudo.c:2084 src/sudo_edit.c:263 src/sudo_edit.c:770 src/sudo_edit.c:854 -#: src/sudo_edit.c:976 src/sudo_edit.c:996 +#: src/selinux.c:360 src/selinux.c:489 src/selinux.c:498 src/sesh.c:110 +#: src/sesh.c:408 src/sudo.c:236 src/sudo.c:632 src/sudo.c:868 src/sudo.c:1054 +#: src/sudo.c:1076 src/sudo.c:1378 src/sudo.c:1551 src/sudo.c:1776 +#: src/sudo.c:2120 src/sudo_edit.c:89 src/sudo_edit.c:151 src/sudo_edit.c:431 +#: src/sudo_edit.c:440 src/sudo_edit.c:539 src/sudo_edit.c:546 +#: src/sudo_edit.c:682 src/sudo_edit.c:702 msgid "unable to allocate memory" msgstr "impossibile allocare memoria" -#: lib/util/mkdir_parents.c:69 lib/util/sudo_conf.c:614 src/selinux.c:234 -#: src/selinux.c:264 src/sudo.c:369 +#: lib/util/mkdir_parents.c:69 lib/util/sudo_conf.c:686 src/selinux.c:234 +#: src/selinux.c:264 src/sudo.c:367 src/sudo_edit.c:496 src/sudo_edit.c:559 #, c-format msgid "unable to open %s" msgstr "impossibile aprire %s" @@ -107,7 +110,7 @@ msgid "unable to mkdir %s" msgstr "impossibile creare la directory %s" -#: lib/util/mkdir_parents.c:93 lib/util/sudo_conf.c:591 +#: lib/util/mkdir_parents.c:93 lib/util/sudo_conf.c:663 src/copy_file.c:150 #, c-format msgid "unable to stat %s" msgstr "impossibile eseguire stat su %s" @@ -122,7 +125,7 @@ msgstr "Segnale sconosciuto" #: lib/util/strtoid.c:87 lib/util/strtomode.c:52 lib/util/strtonum.c:148 -#: lib/util/strtonum.c:187 +#: lib/util/strtonum.c:187 src/sesh.c:143 src/sesh.c:156 msgid "invalid value" msgstr "valore non valido" @@ -134,66 +137,80 @@ msgid "value too small" msgstr "valore troppo piccolo" -#: lib/util/sudo_conf.c:205 +#: lib/util/sudo_conf.c:217 #, c-format msgid "invalid Path value \"%s\" in %s, line %u" msgstr "valore percorso \"%s\" non valido in %s, riga %u" -#: lib/util/sudo_conf.c:371 lib/util/sudo_conf.c:387 lib/util/sudo_conf.c:440 +#: lib/util/sudo_conf.c:383 lib/util/sudo_conf.c:399 lib/util/sudo_conf.c:452 #, c-format msgid "invalid value for %s \"%s\" in %s, line %u" msgstr "valore %s \"%s\" non valido in %s, riga %u" -#: lib/util/sudo_conf.c:408 +#: lib/util/sudo_conf.c:420 #, c-format msgid "unsupported group source \"%s\" in %s, line %u" msgstr "gruppo sorgente \"%s\" non supportato in %s, riga %u" -#: lib/util/sudo_conf.c:424 +#: lib/util/sudo_conf.c:436 #, c-format msgid "invalid max groups \"%s\" in %s, line %u" msgstr "gruppi massimi \"%s\" non validi in %s, riga %u" -#: lib/util/sudo_conf.c:594 +#: lib/util/sudo_conf.c:666 #, c-format msgid "%s is not a regular file" msgstr "%s non è un file regolare" -#: lib/util/sudo_conf.c:597 +#: lib/util/sudo_conf.c:669 src/copy_file.c:162 #, c-format msgid "%s is owned by uid %u, should be %u" msgstr "%s è di proprietà dello uid %u, dovrebbe essere di %u" -#: lib/util/sudo_conf.c:601 +#: lib/util/sudo_conf.c:673 #, c-format msgid "%s is world writable" msgstr "%s è scrivibile da tutti" -#: lib/util/sudo_conf.c:604 +#: lib/util/sudo_conf.c:676 #, c-format msgid "%s is group writable" msgstr "%s è scrivibile dal gruppo" -#: src/copy_file.c:91 +#: src/copy_file.c:93 #, c-format msgid "%s: truncate %s to zero bytes? (y/n) [n] " msgstr "%s: troncare %s a zero byte? (s/n) [n]" -#: src/copy_file.c:95 +#: src/copy_file.c:97 #, c-format msgid "not overwriting %s" msgstr "%s non viene sovrascritto" -#: src/copy_file.c:117 +#: src/copy_file.c:119 #, c-format msgid "unable to read from %s" msgstr "impossibile leggere da %s" -#: src/copy_file.c:134 src/sudo_edit.c:695 +#: src/copy_file.c:136 src/sudo_edit.c:322 #, c-format msgid "unable to write to %s" msgstr "impossibile scrivere su %s" +#: src/copy_file.c:154 src/sesh.c:215 src/sudo_edit.c:199 +#, c-format +msgid "%s: not a regular file" +msgstr "%s: non è un file regolare" + +#: src/copy_file.c:158 +#, c-format +msgid "%s: bad file mode: 0%o" +msgstr "%s: modalità file errata: 0%o" + +#: src/edit_open.c:265 +msgid "unable to restore current working directory" +msgstr "impossibile ripristinare la directory di lavoro attuale" + #: src/exec.c:128 #, c-format msgid "unknown login class %s" @@ -228,8 +245,8 @@ msgstr "inizio da %s" #: src/exec.c:300 src/exec_monitor.c:564 src/exec_monitor.c:566 -#: src/exec_nopty.c:531 src/exec_pty.c:568 src/exec_pty.c:1386 -#: src/exec_pty.c:1388 src/signal.c:139 src/signal.c:153 +#: src/exec_nopty.c:531 src/exec_pty.c:575 src/exec_pty.c:1393 +#: src/exec_pty.c:1395 src/signal.c:139 src/signal.c:153 #, c-format msgid "unable to set handler for signal %d" msgstr "impossibile impostare il gestore per il segnale %d" @@ -254,14 +271,14 @@ #: src/exec_nopty.c:230 src/exec_nopty.c:237 src/exec_nopty.c:244 #: src/exec_nopty.c:251 src/exec_nopty.c:258 src/exec_nopty.c:265 #: src/exec_nopty.c:272 src/exec_nopty.c:279 src/exec_nopty.c:286 -#: src/exec_nopty.c:293 src/exec_nopty.c:301 src/exec_pty.c:693 -#: src/exec_pty.c:698 src/exec_pty.c:795 src/exec_pty.c:802 src/exec_pty.c:899 -#: src/exec_pty.c:1220 src/exec_pty.c:1229 src/exec_pty.c:1236 -#: src/exec_pty.c:1243 src/exec_pty.c:1250 src/exec_pty.c:1257 -#: src/exec_pty.c:1264 src/exec_pty.c:1271 src/exec_pty.c:1278 -#: src/exec_pty.c:1285 src/exec_pty.c:1292 src/exec_pty.c:1693 -#: src/exec_pty.c:1703 src/exec_pty.c:1748 src/exec_pty.c:1755 -#: src/exec_pty.c:1782 +#: src/exec_nopty.c:293 src/exec_nopty.c:301 src/exec_pty.c:700 +#: src/exec_pty.c:705 src/exec_pty.c:802 src/exec_pty.c:809 src/exec_pty.c:906 +#: src/exec_pty.c:1227 src/exec_pty.c:1236 src/exec_pty.c:1243 +#: src/exec_pty.c:1250 src/exec_pty.c:1257 src/exec_pty.c:1264 +#: src/exec_pty.c:1271 src/exec_pty.c:1278 src/exec_pty.c:1285 +#: src/exec_pty.c:1292 src/exec_pty.c:1299 src/exec_pty.c:1700 +#: src/exec_pty.c:1710 src/exec_pty.c:1755 src/exec_pty.c:1762 +#: src/exec_pty.c:1789 msgid "unable to add event to queue" msgstr "impossibile aggiungere l'evento alla coda" @@ -269,8 +286,8 @@ msgid "unable to set controlling tty" msgstr "impossibile impostare il tty di controllo" -#: src/exec_monitor.c:590 src/exec_nopty.c:358 src/exec_pty.c:1465 -#: src/exec_pty.c:1486 src/exec_pty.c:1506 src/tgetpass.c:306 +#: src/exec_monitor.c:590 src/exec_nopty.c:358 src/exec_pty.c:1472 +#: src/exec_pty.c:1493 src/exec_pty.c:1513 src/tgetpass.c:306 msgid "unable to create pipe" msgstr "impossibile creare una pipe" @@ -278,8 +295,8 @@ msgid "unable to receive message from parent" msgstr "impossibile ricevere il messaggio dal genitore" -#: src/exec_monitor.c:612 src/exec_nopty.c:387 src/exec_pty.c:1544 -#: src/sudo_edit.c:735 src/tgetpass.c:310 +#: src/exec_monitor.c:612 src/exec_nopty.c:387 src/exec_pty.c:1551 +#: src/sudo_edit.c:363 src/tgetpass.c:310 msgid "unable to fork" msgstr "impossibile eseguire fork" @@ -287,20 +304,20 @@ msgid "unable to restore tty label" msgstr "impossibile ripristinare l'etichetta tty" -#: src/exec_monitor.c:632 src/sesh.c:125 src/sudo.c:1131 +#: src/exec_monitor.c:632 src/sesh.c:120 src/sudo.c:1132 #, c-format msgid "unable to execute %s" msgstr "impossibile eseguire %s" -#: src/exec_nopty.c:352 src/exec_pty.c:1395 +#: src/exec_nopty.c:352 src/exec_pty.c:1402 msgid "policy plugin failed session initialization" msgstr "inizializzazione della sessione non riuscita da parte del plugin della politica" -#: src/exec_nopty.c:429 src/exec_pty.c:1632 +#: src/exec_nopty.c:429 src/exec_pty.c:1639 msgid "error in event loop" msgstr "errore nel ciclo dell'evento" -#: src/exec_nopty.c:539 src/exec_pty.c:606 src/signal.c:101 +#: src/exec_nopty.c:539 src/exec_pty.c:613 src/signal.c:101 #, c-format msgid "unable to restore handler for signal %d" msgstr "impossibile ripristinare il gestore per il segnale %d" @@ -309,36 +326,36 @@ msgid "unable to allocate pty" msgstr "impossibile allocare pty" -#: src/exec_pty.c:216 src/exec_pty.c:255 src/exec_pty.c:294 src/exec_pty.c:344 -#: src/exec_pty.c:394 +#: src/exec_pty.c:216 src/exec_pty.c:256 src/exec_pty.c:296 src/exec_pty.c:347 +#: src/exec_pty.c:398 msgid "I/O plugin error" msgstr "errore del plugin I/O" -#: src/exec_pty.c:219 src/exec_pty.c:258 src/exec_pty.c:297 src/exec_pty.c:347 -#: src/exec_pty.c:397 +#: src/exec_pty.c:220 src/exec_pty.c:260 src/exec_pty.c:300 src/exec_pty.c:351 +#: src/exec_pty.c:402 msgid "command rejected by I/O plugin" msgstr "comando rifiutato dal plugin I/O" -#: src/exec_pty.c:444 +#: src/exec_pty.c:449 msgid "error logging suspend" msgstr "sospensione della registrazione degli errori" -#: src/exec_pty.c:477 +#: src/exec_pty.c:483 msgid "error changing window size" msgstr "errore nel modificare le dimensioni della finestra" -#: src/exec_pty.c:1375 +#: src/exec_pty.c:1382 msgid "unable to create sockets" msgstr "impossibile creare socket" -#: src/exec_pty.c:1587 +#: src/exec_pty.c:1594 msgid "unable to send message to monitor process" msgstr "impossibile inviare il messaggio per controllare il processo" #: src/load_plugins.c:50 src/load_plugins.c:63 src/load_plugins.c:85 #: src/load_plugins.c:115 src/load_plugins.c:129 src/load_plugins.c:135 -#: src/load_plugins.c:287 src/load_plugins.c:297 src/load_plugins.c:307 -#: src/load_plugins.c:354 +#: src/load_plugins.c:283 src/load_plugins.c:293 src/load_plugins.c:303 +#: src/load_plugins.c:350 #, c-format msgid "error in %s, line %d while loading plugin \"%s\"" msgstr "errore in %s, riga %d, durante il caricamento del plugin \"%s\"" @@ -358,46 +375,47 @@ msgid "%s must be only be writable by owner" msgstr "%s deve essere scrivibile solo dal proprietario" -#: src/load_plugins.c:247 src/load_plugins.c:322 +#: src/load_plugins.c:247 src/load_plugins.c:318 #, c-format msgid "ignoring duplicate plugin \"%s\" in %s, line %d" msgstr "viene ignorato il plugin duplicato \"%s\" in %s, riga %d" -#: src/load_plugins.c:289 +#: src/load_plugins.c:285 #, c-format msgid "unable to load %s: %s" msgstr "impossibile caricare %s: %s" -#: src/load_plugins.c:299 +#: src/load_plugins.c:295 #, c-format msgid "unable to find symbol \"%s\" in %s" msgstr "impossibile trovare il simbolo \"%s\" in %s" -#: src/load_plugins.c:309 +#: src/load_plugins.c:305 #, c-format msgid "incompatible plugin major version %d (expected %d) found in %s" msgstr "numero principale di versione del plugin %d non compatibile (atteso %d) trovato in %s" -#: src/load_plugins.c:327 +#: src/load_plugins.c:323 #, c-format msgid "ignoring policy plugin \"%s\" in %s, line %d" msgstr "viene ignorato il plugin di politica \"%s\" in %s, riga %d" -#: src/load_plugins.c:330 +#: src/load_plugins.c:326 msgid "only a single policy plugin may be specified" msgstr "solo un plugin di politica può essere specificato" -#: src/load_plugins.c:356 +#: src/load_plugins.c:352 #, c-format msgid "unknown plugin type %d found in %s" msgstr "tipo di plugin %d sconosciuto trovato in %s" -#: src/load_plugins.c:552 +#: src/load_plugins.c:535 #, c-format msgid "policy plugin %s does not include a check_policy method" msgstr "il plugin di politica %s non include un metodo check_policy" -#: src/net_ifs.c:178 src/net_ifs.c:195 src/net_ifs.c:340 src/sudo.c:479 +#: src/net_ifs.c:179 src/net_ifs.c:197 src/net_ifs.c:343 src/sudo.c:479 +#: src/sudo_edit.c:400 src/sudo_edit.c:408 #, c-format msgid "internal error, %s overflow" msgstr "errore interno, overflow di %s" @@ -698,20 +716,40 @@ msgid "unable to set key creation context to %s" msgstr "impossibile impostare il contesto di creazione della chiave a %s" -#: src/sesh.c:77 +#: src/sesh.c:72 msgid "requires at least one argument" msgstr "richiede almeno un argomento" -#: src/sesh.c:106 +#: src/sesh.c:101 #, c-format msgid "invalid file descriptor number: %s" msgstr "numero descrittore file non valido: %s" -#: src/sesh.c:120 +#: src/sesh.c:115 #, c-format msgid "unable to run %s as a login shell" msgstr "impossibile eseguire %s come shell di login" +#: src/sesh.c:197 src/sesh.c:297 src/sudo_edit.c:206 +#, c-format +msgid "%s: editing symbolic links is not permitted" +msgstr "%s: la modifica di collegamenti simbolici non è consentita" + +#: src/sesh.c:200 src/sesh.c:300 src/sudo_edit.c:209 +#, c-format +msgid "%s: editing files in a writable directory is not permitted" +msgstr "%s: la modifica di file in una directory con accesso in scrittura non è consentita" + +#: src/sesh.c:284 src/sesh.c:305 src/sesh.c:314 src/sesh.c:322 +#: src/sudo_edit.c:333 +#, c-format +msgid "contents of edit session left in %s" +msgstr "contenuto della sessione di modifica lasciato in %s" + +#: src/sesh.c:412 src/sudo_edit.c:93 +msgid "unable to get group list" +msgstr "Impossibile ottenere l'elenco dei gruppi" + #: src/signal.c:79 #, c-format msgid "unable to save handler for signal %d" @@ -760,25 +798,25 @@ msgid "warning, resource control assignment failed for project \"%s\"" msgstr "attenzione, assegnazione della risorsa di controllo per il progetto \"%s\" non riuscita" -#: src/sudo.c:220 +#: src/sudo.c:222 #, c-format msgid "Sudo version %s\n" msgstr "Versione di sudo: %s\n" -#: src/sudo.c:222 +#: src/sudo.c:224 #, c-format msgid "Configure options: %s\n" msgstr "Opzioni di configurazione: %s\n" -#: src/sudo.c:231 +#: src/sudo.c:232 msgid "fatal error, unable to load plugins" msgstr "errore irreversibile, impossibile caricare i plugin" -#: src/sudo.c:277 +#: src/sudo.c:278 msgid "plugin did not return a command to execute" msgstr "il plug-in non ha restituito un comando da eseguire" -#: src/sudo.c:312 +#: src/sudo.c:310 #, c-format msgid "unexpected sudo mode 0x%x" msgstr "modalità 0x%x di sudo non attesa" @@ -792,168 +830,163 @@ msgid "unable to determine tty" msgstr "impossibile impostare il tty" -#: src/sudo.c:913 +#: src/sudo.c:914 #, c-format msgid "%s must be owned by uid %d and have the setuid bit set" msgstr "%s deve essere di proprietà dello uid %d e avere il bit setuid impostato" -#: src/sudo.c:916 +#: src/sudo.c:917 #, c-format msgid "effective uid is not %d, is %s on a file system with the 'nosuid' option set or an NFS file system without root privileges?" msgstr "lo uid effettivo non è %d. %s si trova su un file system con l'opzione \"nosuid\" impostata o su un file system NFS senza privilegi di root?" -#: src/sudo.c:922 +#: src/sudo.c:923 #, c-format msgid "effective uid is not %d, is sudo installed setuid root?" msgstr "lo uid effettivo non è %d. Il programma sudo è installato con setuid root?" -#: src/sudo.c:938 +#: src/sudo.c:939 msgid "unable to set supplementary group IDs" msgstr "impossibile impostare ID di gruppo supplementari" -#: src/sudo.c:945 +#: src/sudo.c:946 #, c-format msgid "unable to set effective gid to runas gid %u" msgstr "impossibile impostare il gid effettivo per eseguire come %u" -#: src/sudo.c:951 +#: src/sudo.c:952 #, c-format msgid "unable to set gid to runas gid %u" msgstr "impossibile impostare il gid per eseguire come gid %u" -#: src/sudo.c:994 +#: src/sudo.c:995 #, c-format msgid "unexpected child termination condition: %d" msgstr "condizione di uscita del figlio inattesa: %d" -#: src/sudo.c:1103 +#: src/sudo.c:1104 msgid "unable to initialize policy plugin" msgstr "impossibile inizializzare il plugin delle politiche" -#: src/sudo.c:1166 +#: src/sudo.c:1167 #, c-format msgid "policy plugin %s is missing the \"check_policy\" method" msgstr "il plugin di politica %s non include il metodo \"check_policy\"" -#: src/sudo.c:1181 src/sudo.c:1234 src/sudo.c:1278 +#: src/sudo.c:1182 src/sudo.c:1235 src/sudo.c:1279 msgid "command rejected by policy" msgstr "comando rifiutato dalla politica" -#: src/sudo.c:1186 src/sudo.c:1239 src/sudo.c:1283 +#: src/sudo.c:1187 src/sudo.c:1240 src/sudo.c:1284 src/sudo.c:1358 msgid "policy plugin error" msgstr "errore plugin di politica" -#: src/sudo.c:1220 +#: src/sudo.c:1221 #, c-format msgid "policy plugin %s does not support listing privileges" msgstr "il plugin di politica %s non supporta l'elencazione dei privilegi" -#: src/sudo.c:1264 +#: src/sudo.c:1265 #, c-format msgid "policy plugin %s does not support the -v option" msgstr "il plugin di politica %s non supporta l'opzione -v" -#: src/sudo.c:1302 +#: src/sudo.c:1303 #, c-format msgid "policy plugin %s does not support the -k/-K options" msgstr "il plugin di politica %s non supporta le opzioni -k/-K" -#: src/sudo.c:1431 +#: src/sudo.c:1436 #, c-format msgid "error initializing I/O plugin %s" msgstr "errore nell'inizializzare il plugin di I/O %s" -#: src/sudo.c:1585 +#: src/sudo.c:1590 #, c-format msgid "error initializing audit plugin %s" msgstr "errore nell'inizializzare il plugin di audit %s" -#: src/sudo.c:1763 +#: src/sudo.c:1668 +#, c-format +msgid "%s: unable to log error event%s%s" +msgstr "%s: impossibile registrare l'evento error%s%s" + +#: src/sudo.c:1703 +#, c-format +msgid "%s: unable to log accept event%s%s" +msgstr "%s: impossibile registrare l'evento accept%s%s" + +#: src/sudo.c:1708 src/sudo.c:1746 +msgid "audit plugin error" +msgstr "errore plugin di controllo" + +#: src/sudo.c:1741 +#, c-format +msgid "%s: unable to log reject event%s%s" +msgstr "%s: impossibile registrare l'evento reject%s%s" + +#: src/sudo.c:1799 #, c-format msgid "error initializing approval plugin %s" msgstr "errore nell'inizializzare il plugin di approvazione %s" -#: src/sudo.c:1839 +#: src/sudo.c:1875 msgid "command rejected by approver" msgstr "comando rifiutato dall'approvatore" -#: src/sudo.c:1848 +#: src/sudo.c:1884 msgid "approval plugin error" msgstr "errore plugin di approvazione" -#: src/sudo_edit.c:226 +#: src/sudo_edit.c:112 msgid "no writable temporary directory found" msgstr "nessuna directory temporanea scrivibile trovata" -#: src/sudo_edit.c:351 -msgid "unable to restore current working directory" -msgstr "impossibile ripristinare la directory di lavoro attuale" - -#: src/sudo_edit.c:566 src/sudo_edit.c:666 -#, c-format -msgid "%s: not a regular file" -msgstr "%s: non è un file regolare" - -#: src/sudo_edit.c:573 -#, c-format -msgid "%s: editing symbolic links is not permitted" -msgstr "%s: la modifica di collegamenti simbolici non è consentita" - -#: src/sudo_edit.c:576 -#, c-format -msgid "%s: editing files in a writable directory is not permitted" -msgstr "%s: la modifica di file in una directory con accesso in scrittura non è consentita" - -#: src/sudo_edit.c:667 +#: src/sudo_edit.c:293 #, c-format msgid "%s left unmodified" msgstr "%s lasciato non modificato" -#: src/sudo_edit.c:680 src/sudo_edit.c:871 +#: src/sudo_edit.c:306 src/sudo_edit.c:571 #, c-format msgid "%s unchanged" msgstr "%s non modificato" -#: src/sudo_edit.c:706 src/sudo_edit.c:909 -#, c-format -msgid "contents of edit session left in %s" -msgstr "contenuto della sessione di modifica lasciato in %s" - -#: src/sudo_edit.c:814 +#: src/sudo_edit.c:483 msgid "sesh: internal error: odd number of paths" msgstr "sesh: errore interno: strano numero numero di percorsi" -#: src/sudo_edit.c:816 +#: src/sudo_edit.c:485 msgid "sesh: unable to create temporary files" msgstr "sesh: impossibile creare file temporanei" -#: src/sudo_edit.c:818 src/sudo_edit.c:902 +#: src/sudo_edit.c:487 src/sudo_edit.c:605 msgid "sesh: killed by a signal" msgstr "sesh: ucciso da un segnale" -#: src/sudo_edit.c:820 src/sudo_edit.c:905 +#: src/sudo_edit.c:489 src/sudo_edit.c:608 #, c-format msgid "sesh: unknown error %d" msgstr "sesh: errore %d sconosciuto" -#: src/sudo_edit.c:895 +#: src/sudo_edit.c:598 msgid "unable to copy temporary files back to their original location" msgstr "impossibile copiare i file temporanei nella loro posizione originale" -#: src/sudo_edit.c:899 +#: src/sudo_edit.c:602 msgid "unable to copy some of the temporary files back to their original location" msgstr "impossibile copiare alcuni dei file temporanei nella loro posizione originale" -#: src/sudo_edit.c:943 +#: src/sudo_edit.c:645 #, c-format msgid "unable to change uid to root (%u)" msgstr "impossibile modificare lo uid a root (%u)" -#: src/sudo_edit.c:960 +#: src/sudo_edit.c:666 msgid "plugin error: missing file list for sudoedit" msgstr "errore di plugin: elenco file mancante per sudoedit" -#: src/sudo_edit.c:1011 src/sudo_edit.c:1024 +#: src/sudo_edit.c:717 src/sudo_edit.c:725 msgid "unable to read the clock" msgstr "impossibile leggere l'orologio" Binary files /tmp/tmpi0rdlgnl/ugezXHF7Xt/sudo-1.9.5p2/po/ja.mo and /tmp/tmpi0rdlgnl/jboyaHmwzR/sudo-1.9.9/po/ja.mo differ diff -Nru sudo-1.9.5p2/po/ja.po sudo-1.9.9/po/ja.po --- sudo-1.9.5p2/po/ja.po 2020-12-17 01:33:44.000000000 +0000 +++ sudo-1.9.9/po/ja.po 2022-01-27 21:24:22.000000000 +0000 @@ -1,14 +1,14 @@ # Japanese messages for sudo # This file is put in the public domain. # Yasuaki Taniguchi , 2011. -# Takeshi Hamasaki , 2012, 2015, 2016, 2017, 2018, 2019, 2020. +# Takeshi Hamasaki , 2012, 2015, 2016, 2017, 2018, 2019, 2020, 2021. # msgid "" msgstr "" -"Project-Id-Version: sudo 1.9.3b1\n" +"Project-Id-Version: sudo 1.9.9b1\n" "Report-Msgid-Bugs-To: https://bugzilla.sudo.ws\n" -"POT-Creation-Date: 2020-09-12 08:28-0600\n" -"PO-Revision-Date: 2020-09-14 21:10+0900\n" +"POT-Creation-Date: 2021-12-08 10:19-0700\n" +"PO-Revision-Date: 2021-12-10 21:52+0900\n" "Last-Translator: Takeshi Hamasaki \n" "Language-Team: Japanese \n" "Language: ja\n" @@ -17,8 +17,8 @@ "Content-Transfer-Encoding: 8bit\n" "X-Bugs: Report translation errors to the Language-Team address.\n" "Plural-Forms: nplurals=1; plural=0;\n" -"X-Generator: Poedit 2.2.1\n" -"X-Poedit-Basepath: sudo-1.9.3b1\n" +"X-Generator: Poedit 2.4.2\n" +"X-Poedit-Basepath: sudo-1.9.8b2\n" "X-Poedit-SearchPath-0: .\n" #: lib/util/aix.c:89 lib/util/aix.c:169 @@ -35,87 +35,94 @@ msgstr "レジストリーを復元できません" #: lib/util/aix.c:272 lib/util/gidlist.c:66 lib/util/gidlist.c:76 -#: lib/util/json.c:54 lib/util/json.c:180 lib/util/sudo_conf.c:186 -#: lib/util/sudo_conf.c:272 lib/util/sudo_conf.c:349 lib/util/sudo_conf.c:575 -#: src/conversation.c:80 src/exec_common.c:106 src/exec_common.c:122 -#: src/exec_common.c:131 src/exec_monitor.c:206 src/exec_monitor.c:455 -#: src/exec_monitor.c:461 src/exec_monitor.c:469 src/exec_monitor.c:477 -#: src/exec_monitor.c:484 src/exec_monitor.c:491 src/exec_monitor.c:498 -#: src/exec_monitor.c:505 src/exec_monitor.c:512 src/exec_monitor.c:519 -#: src/exec_monitor.c:526 src/exec_nopty.c:212 src/exec_nopty.c:221 -#: src/exec_nopty.c:228 src/exec_nopty.c:235 src/exec_nopty.c:242 -#: src/exec_nopty.c:249 src/exec_nopty.c:256 src/exec_nopty.c:263 -#: src/exec_nopty.c:270 src/exec_nopty.c:277 src/exec_nopty.c:284 -#: src/exec_nopty.c:291 src/exec_nopty.c:299 src/exec_nopty.c:473 -#: src/exec_pty.c:827 src/exec_pty.c:836 src/exec_pty.c:893 -#: src/exec_pty.c:1046 src/exec_pty.c:1218 src/exec_pty.c:1227 -#: src/exec_pty.c:1234 src/exec_pty.c:1241 src/exec_pty.c:1248 -#: src/exec_pty.c:1255 src/exec_pty.c:1262 src/exec_pty.c:1269 -#: src/exec_pty.c:1276 src/exec_pty.c:1283 src/exec_pty.c:1290 -#: src/exec_pty.c:1298 src/exec_pty.c:1740 src/load_plugins.c:52 -#: src/load_plugins.c:65 src/load_plugins.c:163 src/load_plugins.c:188 -#: src/load_plugins.c:223 src/load_plugins.c:463 src/load_plugins.c:469 -#: src/parse_args.c:181 src/parse_args.c:202 src/parse_args.c:275 -#: src/parse_args.c:616 src/parse_args.c:638 src/parse_args.c:663 -#: src/preserve_fds.c:46 src/preserve_fds.c:131 src/selinux.c:90 -#: src/selinux.c:360 src/selinux.c:489 src/selinux.c:498 src/sesh.c:115 -#: src/sudo.c:632 src/sudo.c:701 src/sudo.c:711 src/sudo.c:732 src/sudo.c:751 -#: src/sudo.c:760 src/sudo.c:769 src/sudo.c:786 src/sudo.c:828 src/sudo.c:838 -#: src/sudo.c:867 src/sudo.c:1053 src/sudo.c:1075 src/sudo.c:1373 -#: src/sudo.c:1546 src/sudo.c:1740 src/sudo.c:2084 src/sudo_edit.c:263 -#: src/sudo_edit.c:770 src/sudo_edit.c:854 src/sudo_edit.c:976 -#: src/sudo_edit.c:996 +#: lib/util/json.c:54 lib/util/json.c:183 lib/util/sudo_conf.c:218 +#: lib/util/sudo_conf.c:304 lib/util/sudo_conf.c:381 lib/util/sudo_conf.c:665 +#: src/conversation.c:80 src/exec_monitor.c:206 src/exec_monitor.c:456 +#: src/exec_monitor.c:462 src/exec_monitor.c:470 src/exec_monitor.c:478 +#: src/exec_monitor.c:485 src/exec_monitor.c:492 src/exec_monitor.c:499 +#: src/exec_monitor.c:506 src/exec_monitor.c:513 src/exec_monitor.c:520 +#: src/exec_monitor.c:527 src/exec_nopty.c:219 src/exec_nopty.c:228 +#: src/exec_nopty.c:235 src/exec_nopty.c:242 src/exec_nopty.c:249 +#: src/exec_nopty.c:256 src/exec_nopty.c:263 src/exec_nopty.c:270 +#: src/exec_nopty.c:277 src/exec_nopty.c:284 src/exec_nopty.c:291 +#: src/exec_nopty.c:298 src/exec_nopty.c:306 src/exec_nopty.c:503 +#: src/exec_preload.c:143 src/exec_preload.c:204 src/exec_pty.c:840 +#: src/exec_pty.c:849 src/exec_pty.c:906 src/exec_pty.c:1059 +#: src/exec_pty.c:1231 src/exec_pty.c:1240 src/exec_pty.c:1247 +#: src/exec_pty.c:1254 src/exec_pty.c:1261 src/exec_pty.c:1268 +#: src/exec_pty.c:1275 src/exec_pty.c:1282 src/exec_pty.c:1289 +#: src/exec_pty.c:1296 src/exec_pty.c:1303 src/exec_pty.c:1311 +#: src/exec_pty.c:1774 src/load_plugins.c:156 src/load_plugins.c:181 +#: src/load_plugins.c:217 src/load_plugins.c:449 src/load_plugins.c:455 +#: src/parse_args.c:190 src/parse_args.c:211 src/parse_args.c:285 +#: src/parse_args.c:630 src/parse_args.c:652 src/parse_args.c:677 +#: src/preserve_fds.c:46 src/preserve_fds.c:131 src/selinux.c:89 +#: src/selinux.c:369 src/selinux.c:489 src/selinux.c:498 src/sesh.c:113 +#: src/sesh.c:146 src/sesh.c:152 src/sesh.c:159 src/sesh.c:165 src/sesh.c:410 +#: src/sudo.c:636 src/sudo.c:706 src/sudo.c:716 src/sudo.c:741 src/sudo.c:764 +#: src/sudo.c:773 src/sudo.c:782 src/sudo.c:799 src/sudo.c:849 src/sudo.c:859 +#: src/sudo.c:888 src/sudo.c:1087 src/sudo.c:1108 src/sudo.c:1401 +#: src/sudo.c:1570 src/sudo.c:1797 src/sudo.c:2131 src/sudo_edit.c:89 +#: src/sudo_edit.c:149 src/sudo_edit.c:429 src/sudo_edit.c:438 +#: src/sudo_edit.c:539 src/sudo_edit.c:546 src/sudo_edit.c:677 +#: src/sudo_edit.c:697 src/sudo_intercept_common.c:113 +#: src/sudo_intercept_common.c:317 #, c-format msgid "%s: %s" msgstr "%s: %s" #: lib/util/aix.c:272 lib/util/gidlist.c:66 lib/util/json.c:55 -#: lib/util/json.c:181 lib/util/sudo_conf.c:187 lib/util/sudo_conf.c:272 -#: lib/util/sudo_conf.c:349 lib/util/sudo_conf.c:575 src/conversation.c:81 -#: src/exec_common.c:106 src/exec_common.c:123 src/exec_common.c:132 -#: src/exec_monitor.c:455 src/exec_monitor.c:461 src/exec_monitor.c:469 -#: src/exec_monitor.c:477 src/exec_monitor.c:484 src/exec_monitor.c:491 -#: src/exec_monitor.c:498 src/exec_monitor.c:505 src/exec_monitor.c:512 -#: src/exec_monitor.c:519 src/exec_monitor.c:526 src/exec_nopty.c:212 -#: src/exec_nopty.c:221 src/exec_nopty.c:228 src/exec_nopty.c:235 -#: src/exec_nopty.c:242 src/exec_nopty.c:249 src/exec_nopty.c:256 -#: src/exec_nopty.c:263 src/exec_nopty.c:270 src/exec_nopty.c:277 -#: src/exec_nopty.c:284 src/exec_nopty.c:291 src/exec_nopty.c:299 -#: src/exec_pty.c:827 src/exec_pty.c:836 src/exec_pty.c:893 -#: src/exec_pty.c:1218 src/exec_pty.c:1227 src/exec_pty.c:1234 -#: src/exec_pty.c:1241 src/exec_pty.c:1248 src/exec_pty.c:1255 -#: src/exec_pty.c:1262 src/exec_pty.c:1269 src/exec_pty.c:1276 -#: src/exec_pty.c:1283 src/exec_pty.c:1290 src/exec_pty.c:1298 -#: src/exec_pty.c:1740 src/load_plugins.c:163 src/load_plugins.c:188 -#: src/load_plugins.c:223 src/load_plugins.c:463 src/load_plugins.c:469 -#: src/parse_args.c:181 src/parse_args.c:203 src/parse_args.c:275 -#: src/parse_args.c:616 src/parse_args.c:638 src/parse_args.c:663 -#: src/preserve_fds.c:46 src/preserve_fds.c:131 src/selinux.c:90 -#: src/selinux.c:360 src/selinux.c:489 src/selinux.c:498 src/sesh.c:115 -#: src/sudo.c:235 src/sudo.c:632 src/sudo.c:867 src/sudo.c:1053 -#: src/sudo.c:1075 src/sudo.c:1373 src/sudo.c:1546 src/sudo.c:1740 -#: src/sudo.c:2084 src/sudo_edit.c:263 src/sudo_edit.c:770 src/sudo_edit.c:854 -#: src/sudo_edit.c:976 src/sudo_edit.c:996 +#: lib/util/json.c:184 lib/util/sudo_conf.c:219 lib/util/sudo_conf.c:304 +#: lib/util/sudo_conf.c:381 lib/util/sudo_conf.c:665 src/conversation.c:81 +#: src/exec_intercept.c:100 src/exec_intercept.c:330 src/exec_intercept.c:354 +#: src/exec_intercept.c:377 src/exec_intercept.c:385 src/exec_intercept.c:410 +#: src/exec_intercept.c:416 src/exec_intercept.c:425 src/exec_intercept.c:431 +#: src/exec_intercept.c:565 src/exec_intercept.c:706 src/exec_monitor.c:456 +#: src/exec_monitor.c:462 src/exec_monitor.c:470 src/exec_monitor.c:478 +#: src/exec_monitor.c:485 src/exec_monitor.c:492 src/exec_monitor.c:499 +#: src/exec_monitor.c:506 src/exec_monitor.c:513 src/exec_monitor.c:520 +#: src/exec_monitor.c:527 src/exec_nopty.c:219 src/exec_nopty.c:228 +#: src/exec_nopty.c:235 src/exec_nopty.c:242 src/exec_nopty.c:249 +#: src/exec_nopty.c:256 src/exec_nopty.c:263 src/exec_nopty.c:270 +#: src/exec_nopty.c:277 src/exec_nopty.c:284 src/exec_nopty.c:291 +#: src/exec_nopty.c:298 src/exec_nopty.c:306 src/exec_preload.c:143 +#: src/exec_preload.c:204 src/exec_pty.c:840 src/exec_pty.c:849 +#: src/exec_pty.c:906 src/exec_pty.c:1231 src/exec_pty.c:1240 +#: src/exec_pty.c:1247 src/exec_pty.c:1254 src/exec_pty.c:1261 +#: src/exec_pty.c:1268 src/exec_pty.c:1275 src/exec_pty.c:1282 +#: src/exec_pty.c:1289 src/exec_pty.c:1296 src/exec_pty.c:1303 +#: src/exec_pty.c:1311 src/exec_pty.c:1774 src/load_plugins.c:156 +#: src/load_plugins.c:181 src/load_plugins.c:217 src/load_plugins.c:449 +#: src/load_plugins.c:455 src/parse_args.c:190 src/parse_args.c:212 +#: src/parse_args.c:285 src/parse_args.c:630 src/parse_args.c:652 +#: src/parse_args.c:677 src/preserve_fds.c:46 src/preserve_fds.c:131 +#: src/selinux.c:89 src/selinux.c:369 src/selinux.c:489 src/selinux.c:498 +#: src/sesh.c:113 src/sesh.c:411 src/sudo.c:227 src/sudo.c:636 src/sudo.c:888 +#: src/sudo.c:1087 src/sudo.c:1108 src/sudo.c:1401 src/sudo.c:1570 +#: src/sudo.c:1797 src/sudo.c:2131 src/sudo_edit.c:89 src/sudo_edit.c:149 +#: src/sudo_edit.c:429 src/sudo_edit.c:438 src/sudo_edit.c:539 +#: src/sudo_edit.c:546 src/sudo_edit.c:677 src/sudo_edit.c:697 +#: src/sudo_intercept_common.c:113 src/sudo_intercept_common.c:317 msgid "unable to allocate memory" msgstr "メモリ割り当てを行えませんでした" -#: lib/util/mkdir_parents.c:69 lib/util/sudo_conf.c:614 src/selinux.c:234 -#: src/selinux.c:264 src/sudo.c:369 +#: lib/util/mkdir_parents.c:68 lib/util/sudo_conf.c:704 src/selinux.c:235 +#: src/selinux.c:265 src/sudo.c:368 src/sudo_edit.c:494 src/sudo_edit.c:559 #, c-format msgid "unable to open %s" msgstr "%s を開けません" -#: lib/util/mkdir_parents.c:84 +#: lib/util/mkdir_parents.c:83 #, c-format msgid "unable to mkdir %s" msgstr "%s を mkdir できません" -#: lib/util/mkdir_parents.c:93 lib/util/sudo_conf.c:591 +#: lib/util/mkdir_parents.c:92 lib/util/sudo_conf.c:681 src/copy_file.c:150 #, c-format msgid "unable to stat %s" msgstr "%s の状態取得 (stat) ができません" -#: lib/util/mkdir_parents.c:98 +#: lib/util/mkdir_parents.c:97 #, c-format msgid "%s exists but is not a directory (0%o)" msgstr "%s は存在しますが、ディレクトリではありません (0%o)" @@ -125,7 +132,7 @@ msgstr "不明なシグナルです" #: lib/util/strtoid.c:87 lib/util/strtomode.c:52 lib/util/strtonum.c:148 -#: lib/util/strtonum.c:187 +#: lib/util/strtonum.c:187 src/sesh.c:146 src/sesh.c:159 msgid "invalid value" msgstr "無効な値" @@ -137,110 +144,173 @@ msgid "value too small" msgstr "値が小さ過ぎます" -#: lib/util/sudo_conf.c:205 +#: lib/util/sudo_conf.c:237 #, c-format msgid "invalid Path value \"%s\" in %s, line %u" msgstr "無効な Path の値 \"%s\" が %s の %u 行目 にあります" -#: lib/util/sudo_conf.c:371 lib/util/sudo_conf.c:387 lib/util/sudo_conf.c:440 +#: lib/util/sudo_conf.c:403 lib/util/sudo_conf.c:419 lib/util/sudo_conf.c:472 #, c-format msgid "invalid value for %s \"%s\" in %s, line %u" msgstr "無効な %s の値 \"%s\" が %s の %u 行目 にあります" -#: lib/util/sudo_conf.c:408 +#: lib/util/sudo_conf.c:440 #, c-format msgid "unsupported group source \"%s\" in %s, line %u" msgstr "サポートしていないグループソース \"%s\" が %s の %u 行目で指定されています" -#: lib/util/sudo_conf.c:424 +#: lib/util/sudo_conf.c:456 #, c-format msgid "invalid max groups \"%s\" in %s, line %u" msgstr "無効な最大グループの値 \"%s\" が %s の %u 行目 にあります" -#: lib/util/sudo_conf.c:594 +#: lib/util/sudo_conf.c:684 #, c-format msgid "%s is not a regular file" msgstr "%s は通常ファイルではありません" -#: lib/util/sudo_conf.c:597 +#: lib/util/sudo_conf.c:687 src/copy_file.c:163 #, c-format msgid "%s is owned by uid %u, should be %u" msgstr "%s はユーザーID %u によって所有されています。これは %u であるべきです" -#: lib/util/sudo_conf.c:601 +#: lib/util/sudo_conf.c:691 #, c-format msgid "%s is world writable" msgstr "%s は誰でも書き込み可能です" -#: lib/util/sudo_conf.c:604 +#: lib/util/sudo_conf.c:694 #, c-format msgid "%s is group writable" msgstr "%s はグループのメンバーによる書き込みが可能です" -#: src/copy_file.c:91 +#: src/copy_file.c:93 #, c-format msgid "%s: truncate %s to zero bytes? (y/n) [n] " msgstr "%s: %s をゼロバイトに切り詰めますか? (y/n) [n] " -#: src/copy_file.c:95 +#: src/copy_file.c:97 #, c-format msgid "not overwriting %s" msgstr "%s を上書きしません" -#: src/copy_file.c:117 +#: src/copy_file.c:119 #, c-format msgid "unable to read from %s" msgstr "%s から読み込むことができません" -#: src/copy_file.c:134 src/sudo_edit.c:695 +#: src/copy_file.c:136 src/sudo_edit.c:320 #, c-format msgid "unable to write to %s" msgstr "%s へ書き込むことができません" -#: src/exec.c:128 +#: src/copy_file.c:154 src/sesh.c:218 src/sudo_edit.c:197 +#, c-format +msgid "%s: not a regular file" +msgstr "%s: 通常ファイルではありません" + +#: src/copy_file.c:158 +#, c-format +msgid "%s: bad file mode: 0%o" +msgstr "%s: ファイルのモードが異常です: 0%o" + +#: src/edit_open.c:331 +msgid "unable to restore current working directory" +msgstr "カレントディレクトリを復元できません" + +#: src/exec.c:130 #, c-format msgid "unknown login class %s" msgstr "不明なログインクラス %s です" -#: src/exec.c:140 +#: src/exec.c:142 msgid "unable to set user context" msgstr "ユーザーコンテキストを設定できません" -#: src/exec.c:156 +#: src/exec.c:158 msgid "unable to set process priority" msgstr "プロセス優先度を設定できません" -#: src/exec.c:170 +#: src/exec.c:175 #, c-format msgid "unable to change root to %s" msgstr "root を %s へ変更できません" -#: src/exec.c:183 src/exec.c:189 src/exec.c:196 +#: src/exec.c:188 src/exec.c:194 src/exec.c:201 #, c-format msgid "unable to change to runas uid (%u, %u)" msgstr "実行時のユーザーID (uid) (%u, %u) へ変更できません" -#: src/exec.c:214 +#: src/exec.c:219 #, c-format msgid "unable to change directory to %s" msgstr "ディレクトリーを %s に変更できません" -#: src/exec.c:218 +#: src/exec.c:223 #, c-format msgid "starting from %s" msgstr "%s から始めます" -#: src/exec.c:300 src/exec_monitor.c:564 src/exec_monitor.c:566 -#: src/exec_nopty.c:531 src/exec_pty.c:568 src/exec_pty.c:1386 -#: src/exec_pty.c:1388 src/signal.c:139 src/signal.c:153 +#: src/exec.c:305 src/exec_monitor.c:565 src/exec_monitor.c:567 +#: src/exec_nopty.c:561 src/exec_pty.c:581 src/exec_pty.c:1411 +#: src/exec_pty.c:1413 src/signal.c:144 src/signal.c:151 src/signal.c:165 #, c-format msgid "unable to set handler for signal %d" msgstr "シグナル %d のハンドラを設定できません" -#: src/exec_common.c:165 +#: src/exec_common.c:56 msgid "unable to remove PRIV_PROC_EXEC from PRIV_LIMIT" msgstr "PRIV_LIMIT から PRIV_PROC_EXEC を取り除くことができません" +#: src/exec_intercept.c:112 src/exec_intercept.c:116 src/exec_intercept.c:667 +#: src/exec_intercept.c:671 src/exec_intercept.c:857 src/exec_intercept.c:861 +#: src/exec_intercept.c:872 src/exec_intercept.c:876 src/exec_monitor.c:464 +#: src/exec_monitor.c:472 src/exec_monitor.c:480 src/exec_monitor.c:487 +#: src/exec_monitor.c:494 src/exec_monitor.c:501 src/exec_monitor.c:508 +#: src/exec_monitor.c:515 src/exec_monitor.c:522 src/exec_monitor.c:529 +#: src/exec_nopty.c:221 src/exec_nopty.c:230 src/exec_nopty.c:237 +#: src/exec_nopty.c:244 src/exec_nopty.c:251 src/exec_nopty.c:258 +#: src/exec_nopty.c:265 src/exec_nopty.c:272 src/exec_nopty.c:279 +#: src/exec_nopty.c:286 src/exec_nopty.c:293 src/exec_nopty.c:300 +#: src/exec_nopty.c:308 src/exec_pty.c:706 src/exec_pty.c:711 +#: src/exec_pty.c:808 src/exec_pty.c:815 src/exec_pty.c:912 +#: src/exec_pty.c:1233 src/exec_pty.c:1242 src/exec_pty.c:1249 +#: src/exec_pty.c:1256 src/exec_pty.c:1263 src/exec_pty.c:1270 +#: src/exec_pty.c:1277 src/exec_pty.c:1284 src/exec_pty.c:1291 +#: src/exec_pty.c:1298 src/exec_pty.c:1305 src/exec_pty.c:1727 +#: src/exec_pty.c:1737 src/exec_pty.c:1782 src/exec_pty.c:1789 +#: src/exec_pty.c:1816 +msgid "unable to add event to queue" +msgstr "キューにイベントを追加できません" + +#: src/exec_intercept.c:314 +msgid "invalid PolicyCheckRequest" +msgstr "無効な PolicyCheckRequest" + +#: src/exec_intercept.c:362 src/sudo.c:1213 src/sudo.c:1258 src/sudo.c:1302 +msgid "command rejected by policy" +msgstr "ポリシーによりコマンドが拒否されました" + +#: src/exec_intercept.c:455 src/sudo.c:1218 src/sudo.c:1263 src/sudo.c:1307 +#: src/sudo.c:1381 +msgid "policy plugin error" +msgstr "ポリシープラグインエラー" + +#: src/exec_intercept.c:561 +#, c-format +msgid "client request too large: %zu" +msgstr "クライアントリクエストが大き過ぎます: %zu" + +#: src/exec_intercept.c:659 +#, c-format +msgid "unexpected type_case value %d in %s from %s" +msgstr "予期しない type_case の値 %d が %s の中にあります、 %s から出てきたものです。" + +#: src/exec_intercept.c:694 +#, c-format +msgid "server message too large: %zu" +msgstr "サーバーメッセージが大き過ぎます: %zu" + #: src/exec_monitor.c:360 msgid "error reading from socketpair" msgstr "ソケットペアからの読み込み中にエラーが発生しました" @@ -250,203 +320,180 @@ msgid "unexpected reply type on backchannel: %d" msgstr "バックチャンネルに関する予期しないリプレイタイプです: %d" -#: src/exec_monitor.c:463 src/exec_monitor.c:471 src/exec_monitor.c:479 -#: src/exec_monitor.c:486 src/exec_monitor.c:493 src/exec_monitor.c:500 -#: src/exec_monitor.c:507 src/exec_monitor.c:514 src/exec_monitor.c:521 -#: src/exec_monitor.c:528 src/exec_nopty.c:214 src/exec_nopty.c:223 -#: src/exec_nopty.c:230 src/exec_nopty.c:237 src/exec_nopty.c:244 -#: src/exec_nopty.c:251 src/exec_nopty.c:258 src/exec_nopty.c:265 -#: src/exec_nopty.c:272 src/exec_nopty.c:279 src/exec_nopty.c:286 -#: src/exec_nopty.c:293 src/exec_nopty.c:301 src/exec_pty.c:693 -#: src/exec_pty.c:698 src/exec_pty.c:795 src/exec_pty.c:802 src/exec_pty.c:899 -#: src/exec_pty.c:1220 src/exec_pty.c:1229 src/exec_pty.c:1236 -#: src/exec_pty.c:1243 src/exec_pty.c:1250 src/exec_pty.c:1257 -#: src/exec_pty.c:1264 src/exec_pty.c:1271 src/exec_pty.c:1278 -#: src/exec_pty.c:1285 src/exec_pty.c:1292 src/exec_pty.c:1693 -#: src/exec_pty.c:1703 src/exec_pty.c:1748 src/exec_pty.c:1755 -#: src/exec_pty.c:1782 -msgid "unable to add event to queue" -msgstr "キューにイベントを追加できません" - -#: src/exec_monitor.c:582 +#: src/exec_monitor.c:583 msgid "unable to set controlling tty" msgstr "tty の制御設定ができません" -#: src/exec_monitor.c:590 src/exec_nopty.c:358 src/exec_pty.c:1465 -#: src/exec_pty.c:1486 src/exec_pty.c:1506 src/tgetpass.c:306 +#: src/exec_monitor.c:591 src/exec_nopty.c:369 src/exec_pty.c:1490 +#: src/exec_pty.c:1511 src/exec_pty.c:1531 src/tgetpass.c:307 msgid "unable to create pipe" msgstr "パイプを作成できません" -#: src/exec_monitor.c:598 +#: src/exec_monitor.c:601 msgid "unable to receive message from parent" msgstr "親からのメッセージを受け取ることができません" -#: src/exec_monitor.c:612 src/exec_nopty.c:387 src/exec_pty.c:1544 -#: src/sudo_edit.c:735 src/tgetpass.c:310 +#: src/exec_monitor.c:617 src/exec_nopty.c:407 src/exec_pty.c:1569 +#: src/sudo_edit.c:361 src/tgetpass.c:311 msgid "unable to fork" msgstr "fork できません" -#: src/exec_monitor.c:616 src/exec_monitor.c:715 src/exec_nopty.c:441 +#: src/exec_monitor.c:621 src/exec_monitor.c:722 src/exec_nopty.c:471 msgid "unable to restore tty label" msgstr "tty ラベルを復旧できません" -#: src/exec_monitor.c:632 src/sesh.c:125 src/sudo.c:1131 +#: src/exec_monitor.c:637 src/sesh.c:123 src/sudo.c:1164 #, c-format msgid "unable to execute %s" msgstr "%s を実行できません" -#: src/exec_nopty.c:352 src/exec_pty.c:1395 +#: src/exec_nopty.c:363 src/exec_pty.c:1420 msgid "policy plugin failed session initialization" msgstr "ポリシープラグインがセッションの初期化に失敗しました" -#: src/exec_nopty.c:429 src/exec_pty.c:1632 +#: src/exec_nopty.c:377 src/exec_pty.c:1391 src/exec_pty.c:1399 +msgid "unable to create sockets" +msgstr "ソケットを作成できません" + +#: src/exec_nopty.c:459 src/exec_pty.c:1666 msgid "error in event loop" msgstr "イベントループでエラーが発生しました" -#: src/exec_nopty.c:539 src/exec_pty.c:606 src/signal.c:101 +#: src/exec_nopty.c:569 src/exec_pty.c:619 src/signal.c:101 #, c-format msgid "unable to restore handler for signal %d" msgstr "シグナル %d のハンドラを復元できません" -#: src/exec_pty.c:152 +#: src/exec_pty.c:158 msgid "unable to allocate pty" msgstr "pty を割り当てられません" -#: src/exec_pty.c:216 src/exec_pty.c:255 src/exec_pty.c:294 src/exec_pty.c:344 -#: src/exec_pty.c:394 +#: src/exec_pty.c:222 src/exec_pty.c:262 src/exec_pty.c:302 src/exec_pty.c:353 +#: src/exec_pty.c:404 msgid "I/O plugin error" msgstr "I/O プラグインエラー" -#: src/exec_pty.c:219 src/exec_pty.c:258 src/exec_pty.c:297 src/exec_pty.c:347 -#: src/exec_pty.c:397 +#: src/exec_pty.c:226 src/exec_pty.c:266 src/exec_pty.c:306 src/exec_pty.c:357 +#: src/exec_pty.c:408 msgid "command rejected by I/O plugin" msgstr "I/O プラグインによりコマンドが拒否されました" -#: src/exec_pty.c:444 +#: src/exec_pty.c:455 msgid "error logging suspend" msgstr "エラーの記録が一時中断しています" -#: src/exec_pty.c:477 +#: src/exec_pty.c:489 msgid "error changing window size" msgstr "ウィンドウサイズの変更でエラー" -#: src/exec_pty.c:1375 -msgid "unable to create sockets" -msgstr "ソケットを作成できません" - -#: src/exec_pty.c:1587 +#: src/exec_pty.c:1615 msgid "unable to send message to monitor process" msgstr "監視プロセスへメッセージを送ることができません" -#: src/load_plugins.c:50 src/load_plugins.c:63 src/load_plugins.c:85 -#: src/load_plugins.c:115 src/load_plugins.c:129 src/load_plugins.c:135 -#: src/load_plugins.c:287 src/load_plugins.c:297 src/load_plugins.c:307 -#: src/load_plugins.c:354 +#: src/load_plugins.c:108 src/load_plugins.c:122 src/load_plugins.c:128 +#: src/load_plugins.c:277 src/load_plugins.c:287 src/load_plugins.c:297 +#: src/load_plugins.c:344 #, c-format msgid "error in %s, line %d while loading plugin \"%s\"" msgstr "%s, %d 行目 プラグイン \"%s\" をロード中にエラーが発生しました" -#: src/load_plugins.c:87 -#, c-format -msgid "%s%s: %s" -msgstr "%s%s: %s" - -#: src/load_plugins.c:131 +#: src/load_plugins.c:124 #, c-format msgid "%s must be owned by uid %d" msgstr "%s の所有者は uid %d でなければいけません" -#: src/load_plugins.c:137 +#: src/load_plugins.c:130 #, c-format msgid "%s must be only be writable by owner" msgstr "%s は所有者のみ書き込み可能で無ければいけません" -#: src/load_plugins.c:247 src/load_plugins.c:322 +#: src/load_plugins.c:241 src/load_plugins.c:312 #, c-format msgid "ignoring duplicate plugin \"%s\" in %s, line %d" msgstr "重複しているプラグイン \"%s\" を無視します。%s の %d 行目" -#: src/load_plugins.c:289 +#: src/load_plugins.c:279 #, c-format msgid "unable to load %s: %s" msgstr "%s をロードできません: %s" -#: src/load_plugins.c:299 +#: src/load_plugins.c:289 #, c-format msgid "unable to find symbol \"%s\" in %s" msgstr "シンボル \"%s\" が %s に見つかりません" -#: src/load_plugins.c:309 +#: src/load_plugins.c:299 #, c-format msgid "incompatible plugin major version %d (expected %d) found in %s" msgstr "互換性の無いポリシーメジャーバージョン %d (予期されるのは %d)が %s で見つかりました" -#: src/load_plugins.c:327 +#: src/load_plugins.c:317 #, c-format msgid "ignoring policy plugin \"%s\" in %s, line %d" msgstr "ポリシープラグイン \"%s\" を無視します。%s の %d 行目" -#: src/load_plugins.c:330 +#: src/load_plugins.c:320 msgid "only a single policy plugin may be specified" msgstr "1つのポリシープラグインのみ指定できます" -#: src/load_plugins.c:356 +#: src/load_plugins.c:346 #, c-format msgid "unknown plugin type %d found in %s" msgstr "不明なプラグインタイプ %d が %s で見つかりました" -#: src/load_plugins.c:552 +#: src/load_plugins.c:529 #, c-format msgid "policy plugin %s does not include a check_policy method" msgstr "ポリシープラグイン %s には check_policy メソッドが含まれていません" -#: src/net_ifs.c:178 src/net_ifs.c:195 src/net_ifs.c:340 src/sudo.c:479 +#: src/net_ifs.c:210 src/net_ifs.c:376 src/net_ifs.c:437 src/net_ifs.c:624 +#: src/net_ifs.c:855 src/sudo.c:483 src/sudo_edit.c:398 src/sudo_edit.c:406 #, c-format msgid "internal error, %s overflow" msgstr "内部エラー、 %s がオーバーフローしました" -#: src/parse_args.c:223 +#: src/parse_args.c:232 #, c-format msgid "invalid environment variable name: %s" msgstr "無効な環境変数名です: %s" -#: src/parse_args.c:325 +#: src/parse_args.c:335 msgid "the argument to -C must be a number greater than or equal to 3" msgstr "-C の引数は 3 以上の数値でなければいけません" -#: src/parse_args.c:552 +#: src/parse_args.c:566 msgid "you may not specify both the -i and -s options" msgstr "-i と -s オプションを同時に指定することはできません" -#: src/parse_args.c:557 +#: src/parse_args.c:571 msgid "you may not specify both the -i and -E options" msgstr "-i と -E オプションを同時に指定することはできません" -#: src/parse_args.c:567 +#: src/parse_args.c:581 msgid "the -E option is not valid in edit mode" msgstr "-E オプションは編集モードでは無効です" -#: src/parse_args.c:570 +#: src/parse_args.c:584 msgid "you may not specify environment variables in edit mode" msgstr "編集モードでは環境変数を指定できません" -#: src/parse_args.c:580 +#: src/parse_args.c:594 msgid "the -U option may only be used with the -l option" msgstr "-U オプションを使うには -l オプションも必要です" -#: src/parse_args.c:584 +#: src/parse_args.c:598 msgid "the -A and -S options may not be used together" msgstr "-A と -S オプションは同時に指定できません" -#: src/parse_args.c:677 +#: src/parse_args.c:691 msgid "sudoedit is not supported on this platform" msgstr "sudoedit はこのプラットフォームではサポートされていません" -#: src/parse_args.c:759 +#: src/parse_args.c:774 msgid "Only one of the -e, -h, -i, -K, -l, -s, -v or -V options may be specified" msgstr "-e, -h, -i, -K, -l, -s, -v または -V のうち一つのみ指定できます" -#: src/parse_args.c:773 +#: src/parse_args.c:790 #, c-format msgid "" "%s - edit files as another user\n" @@ -455,7 +502,7 @@ "%s - 別のユーザーとしてファイルを編集します\n" "\n" -#: src/parse_args.c:775 +#: src/parse_args.c:792 #, c-format msgid "" "%s - execute a command as another user\n" @@ -464,7 +511,7 @@ "%s - 別のユーザーとしてコマンドを実行します\n" "\n" -#: src/parse_args.c:780 +#: src/parse_args.c:798 msgid "" "\n" "Options:\n" @@ -472,225 +519,215 @@ "\n" "オプション:\n" -#: src/parse_args.c:782 +#: src/parse_args.c:800 msgid "use a helper program for password prompting" msgstr "パスワード要求のために補助プログラムを使用する" -#: src/parse_args.c:785 +#: src/parse_args.c:803 msgid "use specified BSD authentication type" msgstr "指定した BSD 認証タイプを使用する" -#: src/parse_args.c:788 +#: src/parse_args.c:807 msgid "run command in the background" msgstr "コマンドをバックグラウンドで実行する" -#: src/parse_args.c:790 +#: src/parse_args.c:810 msgid "ring bell when prompting" msgstr "プロンプトと同時にベルを鳴らす" -#: src/parse_args.c:792 +#: src/parse_args.c:812 msgid "close all file descriptors >= num" msgstr "num 以上のすべてのファイル記述子を閉じる" -#: src/parse_args.c:795 +#: src/parse_args.c:815 msgid "run command with the specified BSD login class" msgstr "指定した BSD ログインクラスでコマンドを実行する" -#: src/parse_args.c:798 +#: src/parse_args.c:818 msgid "change the working directory before running command" msgstr "コマンド実行前に作業ディレクトリを変更する" -#: src/parse_args.c:800 +#: src/parse_args.c:821 msgid "preserve user environment when running command" msgstr "コマンドを実行する時にユーザーの環境変数を維持する" -#: src/parse_args.c:802 +#: src/parse_args.c:823 msgid "preserve specific environment variables" msgstr "指定の環境変数を維持する" -#: src/parse_args.c:804 +#: src/parse_args.c:825 msgid "edit files instead of running a command" msgstr "コマンドを実行するのではなくファイルを編集する" -#: src/parse_args.c:806 +#: src/parse_args.c:828 msgid "run command as the specified group name or ID" msgstr "指定したグループ名またはグループIDでコマンドを実行する" -#: src/parse_args.c:808 +#: src/parse_args.c:831 msgid "set HOME variable to target user's home dir" msgstr "HOME 変数を変更先となるユーザーのホームディレクトリに設定する" -#: src/parse_args.c:810 +#: src/parse_args.c:834 msgid "display help message and exit" msgstr "このヘルプを表示して終了する" -#: src/parse_args.c:812 +#: src/parse_args.c:836 msgid "run command on host (if supported by plugin)" msgstr "host でコマンドを実行する(プラグインがサポートしている場合)" -#: src/parse_args.c:814 +#: src/parse_args.c:839 msgid "run login shell as the target user; a command may also be specified" msgstr "変更先のユーザーとしてログインシェルを実行する; コマンドを指定することもできます" -#: src/parse_args.c:816 +#: src/parse_args.c:841 msgid "remove timestamp file completely" msgstr "タイムスタンプファイルを完全に削除する" -#: src/parse_args.c:818 +#: src/parse_args.c:844 msgid "invalidate timestamp file" msgstr "無効なタイムスタンプファイルです" -#: src/parse_args.c:820 +#: src/parse_args.c:847 msgid "list user's privileges or check a specific command; use twice for longer format" msgstr "ユーザーの権限を一覧表示するまたは指定したコマンドについて確認する ;長い表示にするには2回指定すること" -#: src/parse_args.c:822 +#: src/parse_args.c:850 msgid "non-interactive mode, no prompts are used" msgstr "非対話モードで実行し、ユーザーに入力を求めない" -#: src/parse_args.c:824 +#: src/parse_args.c:853 msgid "preserve group vector instead of setting to target's" msgstr "グループベクトルを保護する (変更先のユーザーのものに設定しない)" -#: src/parse_args.c:826 +#: src/parse_args.c:856 msgid "use the specified password prompt" msgstr "指定したパスワードプロンプトを使用する" -#: src/parse_args.c:828 +#: src/parse_args.c:858 msgid "change the root directory before running command" msgstr "コマンド実行前にルートディレクトリを変更する" -#: src/parse_args.c:831 +#: src/parse_args.c:861 msgid "create SELinux security context with specified role" msgstr "指定した役割で SELinux セキュリティーコンテキストを作成する" -#: src/parse_args.c:834 +#: src/parse_args.c:864 msgid "read password from standard input" msgstr "標準入力からパスワードを読み込む" -#: src/parse_args.c:836 +#: src/parse_args.c:867 msgid "run shell as the target user; a command may also be specified" msgstr "変更先のユーザーとしてシェルを実行する; コマンドを指定することもできます" -#: src/parse_args.c:839 +#: src/parse_args.c:871 msgid "create SELinux security context with specified type" msgstr "指定したタイプで SELinux セキュリティーコンテキストを作成する" -#: src/parse_args.c:842 +#: src/parse_args.c:874 msgid "terminate command after the specified time limit" msgstr "指定した制限時間でコマンドの実行を中止する" -#: src/parse_args.c:844 +#: src/parse_args.c:877 msgid "in list mode, display privileges for user" msgstr "リストモードで、ユーザーの権限を表示する" -#: src/parse_args.c:846 +#: src/parse_args.c:880 msgid "run command (or edit file) as specified user name or ID" msgstr "指定したユーザー名またはユーザーIDでコマンドを実行する (またはファイルを編集する)" -#: src/parse_args.c:848 +#: src/parse_args.c:882 msgid "display version information and exit" msgstr "バージョン情報を表示して終了する" -#: src/parse_args.c:850 +#: src/parse_args.c:885 msgid "update user's timestamp without running a command" msgstr "コマンドを実行せずにユーザーのタイムスタンプを更新する" -#: src/parse_args.c:852 +#: src/parse_args.c:888 msgid "stop processing command line arguments" msgstr "コマンドライン引数の処理を終了する" -#: src/selinux.c:84 +#: src/selinux.c:83 msgid "unable to open audit system" msgstr "監査システムを開くことができません" -#: src/selinux.c:94 +#: src/selinux.c:93 msgid "unable to send audit message" msgstr "監査メッセージを送ることができません" -#: src/selinux.c:128 +#: src/selinux.c:129 #, c-format msgid "unable to fgetfilecon %s" msgstr "fgetfilecon %s を行うことができません" -#: src/selinux.c:133 +#: src/selinux.c:134 #, c-format msgid "%s changed labels" msgstr "%s はラベルを変更しました" -#: src/selinux.c:141 +#: src/selinux.c:142 #, c-format msgid "unable to restore context for %s" msgstr "%s 用のコンテキストを復元することができません" -#: src/selinux.c:189 +#: src/selinux.c:190 #, c-format msgid "unable to open %s, not relabeling tty" msgstr "%s を開くことができません。tty の再ラベル付けを行いません" -#: src/selinux.c:193 src/selinux.c:238 src/selinux.c:268 +#: src/selinux.c:194 src/selinux.c:239 src/selinux.c:269 #, c-format msgid "%s is not a character device, not relabeling tty" msgstr "%s はキャラクターデバイスではありません、tty の再ラベル付けを行いません" -#: src/selinux.c:202 +#: src/selinux.c:203 msgid "unable to get current tty context, not relabeling tty" msgstr "現在の tty コンテキストを取得できません。tty の再ラベル付けを行いません" -#: src/selinux.c:209 +#: src/selinux.c:210 msgid "unknown security class \"chr_file\", not relabeling tty" msgstr "\"chr_file\" は未知のセキュリティクラスです。tty の再ラベル付けを行いません" -#: src/selinux.c:214 +#: src/selinux.c:215 msgid "unable to get new tty context, not relabeling tty" msgstr "新しい tty コンテキストを取得できません。tty の再ラベル付けを行いません" -#: src/selinux.c:223 +#: src/selinux.c:224 msgid "unable to set new tty context" msgstr "新しい tty コンテキストを設定できません" -#: src/selinux.c:321 -#, c-format -msgid "you must specify a role for type %s" -msgstr "タイプ %s 用の役割を指定しなければいけません" - #: src/selinux.c:327 +msgid "failed to get new context" +msgstr "新しいコンテキストの取得に失敗しました" + +#: src/selinux.c:345 #, c-format msgid "unable to get default type for role %s" msgstr "役割 %s 用のデフォルトのタイプを取得できません" -#: src/selinux.c:339 -msgid "failed to get new context" -msgstr "新しいコンテキストの取得に失敗しました" - -#: src/selinux.c:348 +#: src/selinux.c:357 #, c-format msgid "failed to set new role %s" msgstr "新しい役割 %s の設定に失敗しました" -#: src/selinux.c:352 +#: src/selinux.c:361 #, c-format msgid "failed to set new type %s" msgstr "新しいタイプ %s の設定に失敗しました" -#: src/selinux.c:364 +#: src/selinux.c:373 #, c-format msgid "%s is not a valid context" msgstr "%s は有効なコンテキストではありません" -#: src/selinux.c:396 +#: src/selinux.c:402 msgid "failed to get old context" msgstr "古いコンテキストの取得に失敗しました" -#: src/selinux.c:402 +#: src/selinux.c:408 msgid "unable to determine enforcing mode." msgstr "強制モードを決定することができません。" -#: src/selinux.c:419 -#, c-format -msgid "unable to set tty context to %s" -msgstr "新しい tty コンテキストを %s に設定できません" - #: src/selinux.c:440 #, c-format msgid "unable to set exec context to %s" @@ -701,20 +738,40 @@ msgid "unable to set key creation context to %s" msgstr "キー作成コンテキストを %s へ設定できません" -#: src/sesh.c:77 +#: src/sesh.c:72 msgid "requires at least one argument" msgstr "最低でも一つ以上おの引数が必要です" -#: src/sesh.c:106 +#: src/sesh.c:104 #, c-format msgid "invalid file descriptor number: %s" msgstr "無効なファイル記述子の番号: %s" -#: src/sesh.c:120 +#: src/sesh.c:118 #, c-format msgid "unable to run %s as a login shell" msgstr "%s をログインシェルとして実行できません" +#: src/sesh.c:200 src/sesh.c:300 src/sudo_edit.c:204 +#, c-format +msgid "%s: editing symbolic links is not permitted" +msgstr "%s: シンボリックリンクの編集は許可されていません" + +#: src/sesh.c:203 src/sesh.c:303 src/sudo_edit.c:207 +#, c-format +msgid "%s: editing files in a writable directory is not permitted" +msgstr "%s: 書き込み可能なディレクトリ内のファイルの編集は許可されていません" + +#: src/sesh.c:287 src/sesh.c:308 src/sesh.c:317 src/sesh.c:325 +#: src/sudo_edit.c:331 +#, c-format +msgid "contents of edit session left in %s" +msgstr "編集セッションの内容が %s 内に残っています" + +#: src/sesh.c:416 src/sudo_edit.c:94 +msgid "unable to get group list" +msgstr "グループリストを取得できません" + #: src/signal.c:79 #, c-format msgid "unable to save handler for signal %d" @@ -763,203 +820,198 @@ msgid "warning, resource control assignment failed for project \"%s\"" msgstr "警告、プロジェクト \"%s\" への資源制御割り当てに失敗しました" -#: src/sudo.c:220 +#: src/sudo.c:213 #, c-format msgid "Sudo version %s\n" msgstr "Sudo バージョン %s\n" -#: src/sudo.c:222 +#: src/sudo.c:215 #, c-format msgid "Configure options: %s\n" msgstr "configure オプション: %s\n" -#: src/sudo.c:231 +#: src/sudo.c:223 msgid "fatal error, unable to load plugins" msgstr "致命的エラー、プラグインをロードできません" -#: src/sudo.c:277 +#: src/sudo.c:269 msgid "plugin did not return a command to execute" msgstr "プラグインが実行するべきコマンドを返しませんでした" -#: src/sudo.c:312 +#: src/sudo.c:302 #, c-format msgid "unexpected sudo mode 0x%x" msgstr "予期しない sudo のモード 0x%x です" -#: src/sudo.c:546 +#: src/sudo.c:550 #, c-format msgid "you do not exist in the %s database" msgstr "あなたは %s データベースに存在しません" -#: src/sudo.c:603 +#: src/sudo.c:607 msgid "unable to determine tty" msgstr "tty を特定できません" -#: src/sudo.c:913 +#: src/sudo.c:948 #, c-format msgid "%s must be owned by uid %d and have the setuid bit set" msgstr "%s は所有者が uid %d である必要があり、かつ setuid が設定されている必要があります" -#: src/sudo.c:916 +#: src/sudo.c:951 #, c-format msgid "effective uid is not %d, is %s on a file system with the 'nosuid' option set or an NFS file system without root privileges?" msgstr "実効 uid が %d ではありません、%s は 'nosuid' が設定されたファイルシステムにあるか、root 権限のないNFSファイルシステムにあるのでは?" -#: src/sudo.c:922 +#: src/sudo.c:957 #, c-format msgid "effective uid is not %d, is sudo installed setuid root?" msgstr "実効 uid が %d ではありません、sudo は setuid root を設定してインストールされていますか?" -#: src/sudo.c:938 +#: src/sudo.c:973 src/tgetpass.c:333 msgid "unable to set supplementary group IDs" msgstr "追加のグループIDを設定できません" -#: src/sudo.c:945 +#: src/sudo.c:980 #, c-format msgid "unable to set effective gid to runas gid %u" msgstr "実行時のグループID (gid) %u を実効グループIDに設定できません" -#: src/sudo.c:951 +#: src/sudo.c:986 #, c-format msgid "unable to set gid to runas gid %u" msgstr "実行時のグループID (gid) %u をグループIDに設定できません" -#: src/sudo.c:994 +#: src/sudo.c:1029 #, c-format msgid "unexpected child termination condition: %d" msgstr "予期しない子プロセスの終了コードです: %d" -#: src/sudo.c:1103 +#: src/sudo.c:1136 msgid "unable to initialize policy plugin" msgstr "ポリシープラグインを初期化できません" -#: src/sudo.c:1166 +#: src/sudo.c:1198 #, c-format msgid "policy plugin %s is missing the \"check_policy\" method" msgstr "ポリシープラグイン %s には check_policy メソッドが含まれていません" -#: src/sudo.c:1181 src/sudo.c:1234 src/sudo.c:1278 -msgid "command rejected by policy" -msgstr "ポリシーによりコマンドが拒否されました" - -#: src/sudo.c:1186 src/sudo.c:1239 src/sudo.c:1283 -msgid "policy plugin error" -msgstr "ポリシープラグインエラー" - -#: src/sudo.c:1220 +#: src/sudo.c:1244 #, c-format msgid "policy plugin %s does not support listing privileges" msgstr "ポリシープラグイン %s は権限の一覧表示をサポートしていません" -#: src/sudo.c:1264 +#: src/sudo.c:1288 #, c-format msgid "policy plugin %s does not support the -v option" msgstr "ポリシープラグイン %s は -v オプションをサポートしません" -#: src/sudo.c:1302 +#: src/sudo.c:1326 #, c-format msgid "policy plugin %s does not support the -k/-K options" msgstr "ポリシープラグイン %s は -k/-K オプションをサポートしません" -#: src/sudo.c:1431 +#: src/sudo.c:1455 #, c-format msgid "error initializing I/O plugin %s" msgstr "I/O プラグイン %s を初期化中にエラーが発生しました" -#: src/sudo.c:1585 +#: src/sudo.c:1458 +msgid "error initializing I/O plugin" +msgstr "I/O プラグインを初期化中にエラーが発生しました" + +#: src/sudo.c:1607 #, c-format msgid "error initializing audit plugin %s" msgstr "認証プラグイン %s を初期化中にエラーが発生しました" -#: src/sudo.c:1763 +#: src/sudo.c:1686 +#, c-format +msgid "%s: unable to log error event%s%s" +msgstr "%s: ログにエラーイベントを書き込むことができません%s%s" + +#: src/sudo.c:1722 +#, c-format +msgid "%s: unable to log accept event%s%s" +msgstr "%s: ログに accept イベントを書き込むことができません%s%s" + +#: src/sudo.c:1727 src/sudo.c:1765 +msgid "audit plugin error" +msgstr "認証プラグインエラー" + +#: src/sudo.c:1760 +#, c-format +msgid "%s: unable to log reject event%s%s" +msgstr "%s: ログに reject イベントを書き込むことができません%s%s" + +#: src/sudo.c:1820 #, c-format msgid "error initializing approval plugin %s" msgstr "承認プラグイン %s を初期化中にエラーが発生しました" -#: src/sudo.c:1839 +#: src/sudo.c:1890 msgid "command rejected by approver" msgstr "承認者によりコマンドが拒否されました" -#: src/sudo.c:1848 +#: src/sudo.c:1900 msgid "approval plugin error" msgstr "承認プラグイン エラー" -#: src/sudo_edit.c:226 +#: src/sudo_edit.c:113 msgid "no writable temporary directory found" msgstr "書き込み可能な一時ディレクトリが見つかりません" -#: src/sudo_edit.c:351 -msgid "unable to restore current working directory" -msgstr "カレントディレクトリを復元できません" - -#: src/sudo_edit.c:566 src/sudo_edit.c:666 -#, c-format -msgid "%s: not a regular file" -msgstr "%s: 通常ファイルではありません" - -#: src/sudo_edit.c:573 -#, c-format -msgid "%s: editing symbolic links is not permitted" -msgstr "%s: シンボリックリンクの編集は許可されていません" - -#: src/sudo_edit.c:576 -#, c-format -msgid "%s: editing files in a writable directory is not permitted" -msgstr "%s: 書き込み可能なディレクトリ内のファイルの編集は許可されていません" - -#: src/sudo_edit.c:667 +#: src/sudo_edit.c:291 #, c-format msgid "%s left unmodified" msgstr "%s を修正しないままにします" -#: src/sudo_edit.c:680 src/sudo_edit.c:871 +#: src/sudo_edit.c:304 src/sudo_edit.c:571 #, c-format msgid "%s unchanged" msgstr "%s を変更しません" -#: src/sudo_edit.c:706 src/sudo_edit.c:909 -#, c-format -msgid "contents of edit session left in %s" -msgstr "編集セッションの内容が %s 内に残っています" - -#: src/sudo_edit.c:814 +#: src/sudo_edit.c:481 msgid "sesh: internal error: odd number of paths" msgstr "sesh: 内部エラー: パスの数がおかしいです" -#: src/sudo_edit.c:816 +#: src/sudo_edit.c:483 msgid "sesh: unable to create temporary files" msgstr "sesh: 一時ファイルを作成することができません" -#: src/sudo_edit.c:818 src/sudo_edit.c:902 +#: src/sudo_edit.c:485 src/sudo_edit.c:609 msgid "sesh: killed by a signal" msgstr "sesh: シグナルにより kill されました" -#: src/sudo_edit.c:820 src/sudo_edit.c:905 +#: src/sudo_edit.c:487 src/sudo_edit.c:612 #, c-format msgid "sesh: unknown error %d" msgstr "sesh: 不明なエラー %d" -#: src/sudo_edit.c:895 +#: src/sudo_edit.c:602 msgid "unable to copy temporary files back to their original location" msgstr "一時ファイルを元の場所に戻すことができません" -#: src/sudo_edit.c:899 +#: src/sudo_edit.c:606 msgid "unable to copy some of the temporary files back to their original location" msgstr "一時ファイルのいくつかを元の場所に戻すことができません" -#: src/sudo_edit.c:943 +#: src/sudo_edit.c:649 #, c-format msgid "unable to change uid to root (%u)" msgstr "ユーザーID (uid) を root (%u) に変更できません" -#: src/sudo_edit.c:960 +#: src/sudo_edit.c:670 msgid "plugin error: missing file list for sudoedit" msgstr "プラグインエラー: sudoedit 用のファイル一覧がありません" -#: src/sudo_edit.c:1011 src/sudo_edit.c:1024 +#: src/sudo_edit.c:713 src/sudo_edit.c:727 msgid "unable to read the clock" msgstr "時刻を読み込むことができません" +#: src/sudo_intercept_common.c:341 +msgid "intercept port not set" +msgstr "傍受ポートが設定されていません" + #: src/tgetpass.c:95 msgid "timed out reading password" msgstr "パスワードの読み込みがタイムしました" @@ -980,33 +1032,51 @@ msgid "no askpass program specified, try setting SUDO_ASKPASS" msgstr "パスワードを尋ねる (askpass) プログラムが指定されていません。 SUDO_ASKPASS を設定し、やり直してください" -#: src/tgetpass.c:327 +#: src/tgetpass.c:328 #, c-format msgid "unable to set gid to %u" msgstr "グループIDを %u に設定できません" -#: src/tgetpass.c:331 +#: src/tgetpass.c:338 #, c-format msgid "unable to set uid to %u" msgstr "ユーザーIDを %u に設定できません" -#: src/tgetpass.c:336 +#: src/tgetpass.c:343 #, c-format msgid "unable to run %s" msgstr "%s を実行できません" -#: src/utmp.c:287 +#: src/utmp.c:288 msgid "unable to save stdin" msgstr "標準入力を保存できません" -#: src/utmp.c:289 +#: src/utmp.c:290 msgid "unable to dup2 stdin" msgstr "標準入力へ dup2 を実行できません" -#: src/utmp.c:292 +#: src/utmp.c:293 msgid "unable to restore stdin" msgstr "標準入力を復元できません" +#~ msgid "unable to dup intercept fd" +#~ msgstr "傍受fdの dup を実行できません" + +#~ msgid "%s: missing message header" +#~ msgstr "%s: メッセージヘッダーがありません" + +#~ msgid "%s: expected message type %d, got %d" +#~ msgstr "%s: 予期した メッセージタイプは %d, 実際は %d" + +#~ msgid "you must specify a role for type %s" +#~ msgstr "タイプ %s 用の役割を指定しなければいけません" + +#~ msgid "unable to set tty context to %s" +#~ msgstr "新しい tty コンテキストを %s に設定できません" + +#~ msgid "%s%s: %s" +#~ msgstr "%s%s: %s" + #~ msgid "%s: short write" #~ msgstr "%s: 短い書き込みです" @@ -1019,9 +1089,6 @@ #~ msgid "no tty present and no askpass program specified" #~ msgstr "端末 (tty) が存在せず、パスワードを尋ねる (askpass) プログラムが指定されていません" -#~ msgid "unable to get group vector" -#~ msgstr "グループベクトルを取得できません" - #~ msgid "unknown uid %u: who are you?" #~ msgstr "不明なユーザーID %u です: 誰ですか?" Binary files /tmp/tmpi0rdlgnl/ugezXHF7Xt/sudo-1.9.5p2/po/ko.mo and /tmp/tmpi0rdlgnl/jboyaHmwzR/sudo-1.9.9/po/ko.mo differ diff -Nru sudo-1.9.5p2/po/ko.po sudo-1.9.9/po/ko.po --- sudo-1.9.5p2/po/ko.po 2021-01-09 20:12:16.000000000 +0000 +++ sudo-1.9.9/po/ko.po 2022-01-27 21:24:22.000000000 +0000 @@ -1,14 +1,14 @@ # Korean translation for sudo # This file is distributed under the same license as the sudo package. # Todd C. Miller , 2011-2015 -# Seong-ho Cho , 2016-2020. +# Seong-ho Cho , 2016-2021. # msgid "" msgstr "" -"Project-Id-Version: sudo 1.9.3b1\n" +"Project-Id-Version: sudo 1.9.9b1\n" "Report-Msgid-Bugs-To: https://bugzilla.sudo.ws\n" -"POT-Creation-Date: 2020-09-12 08:28-0600\n" -"PO-Revision-Date: 2020-12-11 01:07+0900\n" +"POT-Creation-Date: 2021-12-08 10:19-0700\n" +"PO-Revision-Date: 2021-12-14 13:06+0900\n" "Last-Translator: Seong-ho Cho \n" "Language-Team: Korean \n" "Language: ko\n" @@ -33,87 +33,94 @@ msgstr "레지스트리를 복원할 수 없습니다" #: lib/util/aix.c:272 lib/util/gidlist.c:66 lib/util/gidlist.c:76 -#: lib/util/json.c:54 lib/util/json.c:180 lib/util/sudo_conf.c:186 -#: lib/util/sudo_conf.c:272 lib/util/sudo_conf.c:349 lib/util/sudo_conf.c:575 -#: src/conversation.c:80 src/exec_common.c:106 src/exec_common.c:122 -#: src/exec_common.c:131 src/exec_monitor.c:206 src/exec_monitor.c:455 -#: src/exec_monitor.c:461 src/exec_monitor.c:469 src/exec_monitor.c:477 -#: src/exec_monitor.c:484 src/exec_monitor.c:491 src/exec_monitor.c:498 -#: src/exec_monitor.c:505 src/exec_monitor.c:512 src/exec_monitor.c:519 -#: src/exec_monitor.c:526 src/exec_nopty.c:212 src/exec_nopty.c:221 -#: src/exec_nopty.c:228 src/exec_nopty.c:235 src/exec_nopty.c:242 -#: src/exec_nopty.c:249 src/exec_nopty.c:256 src/exec_nopty.c:263 -#: src/exec_nopty.c:270 src/exec_nopty.c:277 src/exec_nopty.c:284 -#: src/exec_nopty.c:291 src/exec_nopty.c:299 src/exec_nopty.c:473 -#: src/exec_pty.c:827 src/exec_pty.c:836 src/exec_pty.c:893 -#: src/exec_pty.c:1046 src/exec_pty.c:1218 src/exec_pty.c:1227 -#: src/exec_pty.c:1234 src/exec_pty.c:1241 src/exec_pty.c:1248 -#: src/exec_pty.c:1255 src/exec_pty.c:1262 src/exec_pty.c:1269 -#: src/exec_pty.c:1276 src/exec_pty.c:1283 src/exec_pty.c:1290 -#: src/exec_pty.c:1298 src/exec_pty.c:1740 src/load_plugins.c:52 -#: src/load_plugins.c:65 src/load_plugins.c:163 src/load_plugins.c:188 -#: src/load_plugins.c:223 src/load_plugins.c:463 src/load_plugins.c:469 -#: src/parse_args.c:181 src/parse_args.c:202 src/parse_args.c:275 -#: src/parse_args.c:616 src/parse_args.c:638 src/parse_args.c:663 -#: src/preserve_fds.c:46 src/preserve_fds.c:131 src/selinux.c:90 -#: src/selinux.c:360 src/selinux.c:489 src/selinux.c:498 src/sesh.c:115 -#: src/sudo.c:632 src/sudo.c:701 src/sudo.c:711 src/sudo.c:732 src/sudo.c:751 -#: src/sudo.c:760 src/sudo.c:769 src/sudo.c:786 src/sudo.c:828 src/sudo.c:838 -#: src/sudo.c:867 src/sudo.c:1053 src/sudo.c:1075 src/sudo.c:1373 -#: src/sudo.c:1546 src/sudo.c:1740 src/sudo.c:2084 src/sudo_edit.c:263 -#: src/sudo_edit.c:770 src/sudo_edit.c:854 src/sudo_edit.c:976 -#: src/sudo_edit.c:996 +#: lib/util/json.c:54 lib/util/json.c:183 lib/util/sudo_conf.c:218 +#: lib/util/sudo_conf.c:304 lib/util/sudo_conf.c:381 lib/util/sudo_conf.c:665 +#: src/conversation.c:80 src/exec_monitor.c:206 src/exec_monitor.c:456 +#: src/exec_monitor.c:462 src/exec_monitor.c:470 src/exec_monitor.c:478 +#: src/exec_monitor.c:485 src/exec_monitor.c:492 src/exec_monitor.c:499 +#: src/exec_monitor.c:506 src/exec_monitor.c:513 src/exec_monitor.c:520 +#: src/exec_monitor.c:527 src/exec_nopty.c:219 src/exec_nopty.c:228 +#: src/exec_nopty.c:235 src/exec_nopty.c:242 src/exec_nopty.c:249 +#: src/exec_nopty.c:256 src/exec_nopty.c:263 src/exec_nopty.c:270 +#: src/exec_nopty.c:277 src/exec_nopty.c:284 src/exec_nopty.c:291 +#: src/exec_nopty.c:298 src/exec_nopty.c:306 src/exec_nopty.c:503 +#: src/exec_preload.c:143 src/exec_preload.c:204 src/exec_pty.c:840 +#: src/exec_pty.c:849 src/exec_pty.c:906 src/exec_pty.c:1059 +#: src/exec_pty.c:1231 src/exec_pty.c:1240 src/exec_pty.c:1247 +#: src/exec_pty.c:1254 src/exec_pty.c:1261 src/exec_pty.c:1268 +#: src/exec_pty.c:1275 src/exec_pty.c:1282 src/exec_pty.c:1289 +#: src/exec_pty.c:1296 src/exec_pty.c:1303 src/exec_pty.c:1311 +#: src/exec_pty.c:1774 src/load_plugins.c:156 src/load_plugins.c:181 +#: src/load_plugins.c:217 src/load_plugins.c:449 src/load_plugins.c:455 +#: src/parse_args.c:190 src/parse_args.c:211 src/parse_args.c:285 +#: src/parse_args.c:630 src/parse_args.c:652 src/parse_args.c:677 +#: src/preserve_fds.c:46 src/preserve_fds.c:131 src/selinux.c:89 +#: src/selinux.c:369 src/selinux.c:489 src/selinux.c:498 src/sesh.c:113 +#: src/sesh.c:146 src/sesh.c:152 src/sesh.c:159 src/sesh.c:165 src/sesh.c:410 +#: src/sudo.c:636 src/sudo.c:706 src/sudo.c:716 src/sudo.c:741 src/sudo.c:764 +#: src/sudo.c:773 src/sudo.c:782 src/sudo.c:799 src/sudo.c:849 src/sudo.c:859 +#: src/sudo.c:888 src/sudo.c:1087 src/sudo.c:1108 src/sudo.c:1401 +#: src/sudo.c:1570 src/sudo.c:1797 src/sudo.c:2131 src/sudo_edit.c:89 +#: src/sudo_edit.c:149 src/sudo_edit.c:429 src/sudo_edit.c:438 +#: src/sudo_edit.c:539 src/sudo_edit.c:546 src/sudo_edit.c:677 +#: src/sudo_edit.c:697 src/sudo_intercept_common.c:113 +#: src/sudo_intercept_common.c:317 #, c-format msgid "%s: %s" msgstr "%s: %s" #: lib/util/aix.c:272 lib/util/gidlist.c:66 lib/util/json.c:55 -#: lib/util/json.c:181 lib/util/sudo_conf.c:187 lib/util/sudo_conf.c:272 -#: lib/util/sudo_conf.c:349 lib/util/sudo_conf.c:575 src/conversation.c:81 -#: src/exec_common.c:106 src/exec_common.c:123 src/exec_common.c:132 -#: src/exec_monitor.c:455 src/exec_monitor.c:461 src/exec_monitor.c:469 -#: src/exec_monitor.c:477 src/exec_monitor.c:484 src/exec_monitor.c:491 -#: src/exec_monitor.c:498 src/exec_monitor.c:505 src/exec_monitor.c:512 -#: src/exec_monitor.c:519 src/exec_monitor.c:526 src/exec_nopty.c:212 -#: src/exec_nopty.c:221 src/exec_nopty.c:228 src/exec_nopty.c:235 -#: src/exec_nopty.c:242 src/exec_nopty.c:249 src/exec_nopty.c:256 -#: src/exec_nopty.c:263 src/exec_nopty.c:270 src/exec_nopty.c:277 -#: src/exec_nopty.c:284 src/exec_nopty.c:291 src/exec_nopty.c:299 -#: src/exec_pty.c:827 src/exec_pty.c:836 src/exec_pty.c:893 -#: src/exec_pty.c:1218 src/exec_pty.c:1227 src/exec_pty.c:1234 -#: src/exec_pty.c:1241 src/exec_pty.c:1248 src/exec_pty.c:1255 -#: src/exec_pty.c:1262 src/exec_pty.c:1269 src/exec_pty.c:1276 -#: src/exec_pty.c:1283 src/exec_pty.c:1290 src/exec_pty.c:1298 -#: src/exec_pty.c:1740 src/load_plugins.c:163 src/load_plugins.c:188 -#: src/load_plugins.c:223 src/load_plugins.c:463 src/load_plugins.c:469 -#: src/parse_args.c:181 src/parse_args.c:203 src/parse_args.c:275 -#: src/parse_args.c:616 src/parse_args.c:638 src/parse_args.c:663 -#: src/preserve_fds.c:46 src/preserve_fds.c:131 src/selinux.c:90 -#: src/selinux.c:360 src/selinux.c:489 src/selinux.c:498 src/sesh.c:115 -#: src/sudo.c:235 src/sudo.c:632 src/sudo.c:867 src/sudo.c:1053 -#: src/sudo.c:1075 src/sudo.c:1373 src/sudo.c:1546 src/sudo.c:1740 -#: src/sudo.c:2084 src/sudo_edit.c:263 src/sudo_edit.c:770 src/sudo_edit.c:854 -#: src/sudo_edit.c:976 src/sudo_edit.c:996 +#: lib/util/json.c:184 lib/util/sudo_conf.c:219 lib/util/sudo_conf.c:304 +#: lib/util/sudo_conf.c:381 lib/util/sudo_conf.c:665 src/conversation.c:81 +#: src/exec_intercept.c:100 src/exec_intercept.c:330 src/exec_intercept.c:354 +#: src/exec_intercept.c:377 src/exec_intercept.c:385 src/exec_intercept.c:410 +#: src/exec_intercept.c:416 src/exec_intercept.c:425 src/exec_intercept.c:431 +#: src/exec_intercept.c:565 src/exec_intercept.c:706 src/exec_monitor.c:456 +#: src/exec_monitor.c:462 src/exec_monitor.c:470 src/exec_monitor.c:478 +#: src/exec_monitor.c:485 src/exec_monitor.c:492 src/exec_monitor.c:499 +#: src/exec_monitor.c:506 src/exec_monitor.c:513 src/exec_monitor.c:520 +#: src/exec_monitor.c:527 src/exec_nopty.c:219 src/exec_nopty.c:228 +#: src/exec_nopty.c:235 src/exec_nopty.c:242 src/exec_nopty.c:249 +#: src/exec_nopty.c:256 src/exec_nopty.c:263 src/exec_nopty.c:270 +#: src/exec_nopty.c:277 src/exec_nopty.c:284 src/exec_nopty.c:291 +#: src/exec_nopty.c:298 src/exec_nopty.c:306 src/exec_preload.c:143 +#: src/exec_preload.c:204 src/exec_pty.c:840 src/exec_pty.c:849 +#: src/exec_pty.c:906 src/exec_pty.c:1231 src/exec_pty.c:1240 +#: src/exec_pty.c:1247 src/exec_pty.c:1254 src/exec_pty.c:1261 +#: src/exec_pty.c:1268 src/exec_pty.c:1275 src/exec_pty.c:1282 +#: src/exec_pty.c:1289 src/exec_pty.c:1296 src/exec_pty.c:1303 +#: src/exec_pty.c:1311 src/exec_pty.c:1774 src/load_plugins.c:156 +#: src/load_plugins.c:181 src/load_plugins.c:217 src/load_plugins.c:449 +#: src/load_plugins.c:455 src/parse_args.c:190 src/parse_args.c:212 +#: src/parse_args.c:285 src/parse_args.c:630 src/parse_args.c:652 +#: src/parse_args.c:677 src/preserve_fds.c:46 src/preserve_fds.c:131 +#: src/selinux.c:89 src/selinux.c:369 src/selinux.c:489 src/selinux.c:498 +#: src/sesh.c:113 src/sesh.c:411 src/sudo.c:227 src/sudo.c:636 src/sudo.c:888 +#: src/sudo.c:1087 src/sudo.c:1108 src/sudo.c:1401 src/sudo.c:1570 +#: src/sudo.c:1797 src/sudo.c:2131 src/sudo_edit.c:89 src/sudo_edit.c:149 +#: src/sudo_edit.c:429 src/sudo_edit.c:438 src/sudo_edit.c:539 +#: src/sudo_edit.c:546 src/sudo_edit.c:677 src/sudo_edit.c:697 +#: src/sudo_intercept_common.c:113 src/sudo_intercept_common.c:317 msgid "unable to allocate memory" msgstr "메모리를 할당할 수 없습니다" -#: lib/util/mkdir_parents.c:69 lib/util/sudo_conf.c:614 src/selinux.c:234 -#: src/selinux.c:264 src/sudo.c:369 +#: lib/util/mkdir_parents.c:68 lib/util/sudo_conf.c:704 src/selinux.c:235 +#: src/selinux.c:265 src/sudo.c:368 src/sudo_edit.c:494 src/sudo_edit.c:559 #, c-format msgid "unable to open %s" msgstr "%s을(를) 열 수 없습니다" -#: lib/util/mkdir_parents.c:84 +#: lib/util/mkdir_parents.c:83 #, c-format msgid "unable to mkdir %s" msgstr "%s 디렉터리를 새로 만들 수 없습니다" -#: lib/util/mkdir_parents.c:93 lib/util/sudo_conf.c:591 +#: lib/util/mkdir_parents.c:92 lib/util/sudo_conf.c:681 src/copy_file.c:150 #, c-format msgid "unable to stat %s" msgstr "%s의 상태를 가져올 수 없습니다" -#: lib/util/mkdir_parents.c:98 +#: lib/util/mkdir_parents.c:97 #, c-format msgid "%s exists but is not a directory (0%o)" msgstr "%s(이)가 있지만 디렉터리는 아닙니다 (0%o)" @@ -123,9 +130,9 @@ msgstr "알 수 없는 시그널" #: lib/util/strtoid.c:87 lib/util/strtomode.c:52 lib/util/strtonum.c:148 -#: lib/util/strtonum.c:187 +#: lib/util/strtonum.c:187 src/sesh.c:146 src/sesh.c:159 msgid "invalid value" -msgstr "잘못된 값" +msgstr "부적절한 값" #: lib/util/strtomode.c:58 lib/util/strtonum.c:160 msgid "value too large" @@ -135,110 +142,173 @@ msgid "value too small" msgstr "값이 너무 작습니다" -#: lib/util/sudo_conf.c:205 +#: lib/util/sudo_conf.c:237 #, c-format msgid "invalid Path value \"%s\" in %s, line %u" -msgstr "%2$s의 %3$u번째 줄에 잘못된 경로 값 \"%1$s\"" +msgstr "%2$s의 %3$u번째 줄에 부적절한 경로 값 \"%1$s\"" -#: lib/util/sudo_conf.c:371 lib/util/sudo_conf.c:387 lib/util/sudo_conf.c:440 +#: lib/util/sudo_conf.c:403 lib/util/sudo_conf.c:419 lib/util/sudo_conf.c:472 #, c-format msgid "invalid value for %s \"%s\" in %s, line %u" -msgstr "%3$s의 %4$u번째 줄에 %1$s의 잘못된 값 \"%2$s\"" +msgstr "%3$s의 %4$u번째 줄에 %1$s의 부적절한 값 \"%2$s\"" -#: lib/util/sudo_conf.c:408 +#: lib/util/sudo_conf.c:440 #, c-format msgid "unsupported group source \"%s\" in %s, line %u" msgstr "%2$s의 %3$u번째 줄에 지원하지 않는 그룹 원본 \"%1$s\"" -#: lib/util/sudo_conf.c:424 +#: lib/util/sudo_conf.c:456 #, c-format msgid "invalid max groups \"%s\" in %s, line %u" -msgstr "%2$s의 %3$u번째 줄에 잘못된 최대 그룹 값 \"%1$s\"" +msgstr "%2$s의 %3$u번째 줄에 부적절한 최대 그룹 값 \"%1$s\"" -#: lib/util/sudo_conf.c:594 +#: lib/util/sudo_conf.c:684 #, c-format msgid "%s is not a regular file" msgstr "%s은(는) 일반 파일이 아닙니다" -#: lib/util/sudo_conf.c:597 +#: lib/util/sudo_conf.c:687 src/copy_file.c:163 #, c-format msgid "%s is owned by uid %u, should be %u" msgstr "%s은(는) %u uid에서 소유하고 있지만 %u uid가 소유해야 합니다" -#: lib/util/sudo_conf.c:601 +#: lib/util/sudo_conf.c:691 #, c-format msgid "%s is world writable" msgstr "%s에 모두가 기록할 수 있습니다" -#: lib/util/sudo_conf.c:604 +#: lib/util/sudo_conf.c:694 #, c-format msgid "%s is group writable" msgstr "%s에 그룹 구성원이 기록할 수 있습니다" -#: src/copy_file.c:91 +#: src/copy_file.c:93 #, c-format msgid "%s: truncate %s to zero bytes? (y/n) [n] " msgstr "%s: %s 문자열을 0 바이트로 자릅니까? (y/n) [n] " -#: src/copy_file.c:95 +#: src/copy_file.c:97 #, c-format msgid "not overwriting %s" msgstr "%s 덮어쓰지 않음" -#: src/copy_file.c:117 +#: src/copy_file.c:119 #, c-format msgid "unable to read from %s" msgstr "%s을(를) 읽을 수 없습니다" -#: src/copy_file.c:134 src/sudo_edit.c:695 +#: src/copy_file.c:136 src/sudo_edit.c:320 #, c-format msgid "unable to write to %s" msgstr "%s에 기록할 수 없습니다" -#: src/exec.c:128 +#: src/copy_file.c:154 src/sesh.c:218 src/sudo_edit.c:197 +#, c-format +msgid "%s: not a regular file" +msgstr "%s: 일반 파일 아님" + +#: src/copy_file.c:158 +#, c-format +msgid "%s: bad file mode: 0%o" +msgstr "%s: 잘못된 파일 모드: 0%o" + +#: src/edit_open.c:331 +msgid "unable to restore current working directory" +msgstr "현재 작업 디렉터리를 복원할 수 없습니다" + +#: src/exec.c:130 #, c-format msgid "unknown login class %s" msgstr "알 수 없는 로그인 클래스 %s" -#: src/exec.c:140 +#: src/exec.c:142 msgid "unable to set user context" msgstr "사용자 컨텍스트를 설정할 수 없습니다" -#: src/exec.c:156 +#: src/exec.c:158 msgid "unable to set process priority" msgstr "프로세스 우선순위를 설정할 수 없습니다" -#: src/exec.c:170 +#: src/exec.c:175 #, c-format msgid "unable to change root to %s" msgstr "루트를 %s(으)로 바꿀 수 없습니다" -#: src/exec.c:183 src/exec.c:189 src/exec.c:196 +#: src/exec.c:188 src/exec.c:194 src/exec.c:201 #, c-format msgid "unable to change to runas uid (%u, %u)" msgstr "실행 uid로 바꿀 수 없습니다 (%u, %u)" -#: src/exec.c:214 +#: src/exec.c:219 #, c-format msgid "unable to change directory to %s" msgstr "%s 디렉터리로 바꿀 수 없습니다" -#: src/exec.c:218 +#: src/exec.c:223 #, c-format msgid "starting from %s" msgstr "%s에서 시작 중" -#: src/exec.c:300 src/exec_monitor.c:564 src/exec_monitor.c:566 -#: src/exec_nopty.c:531 src/exec_pty.c:568 src/exec_pty.c:1386 -#: src/exec_pty.c:1388 src/signal.c:139 src/signal.c:153 +#: src/exec.c:305 src/exec_monitor.c:565 src/exec_monitor.c:567 +#: src/exec_nopty.c:561 src/exec_pty.c:581 src/exec_pty.c:1411 +#: src/exec_pty.c:1413 src/signal.c:144 src/signal.c:151 src/signal.c:165 #, c-format msgid "unable to set handler for signal %d" msgstr "%d 시그널의 핸들러를 설정할 수 없습니다" -#: src/exec_common.c:165 +#: src/exec_common.c:56 msgid "unable to remove PRIV_PROC_EXEC from PRIV_LIMIT" msgstr "PRIV_LIMIT에서 PRIV_PROC_EXEC를 제거할 수 없습니다" +#: src/exec_intercept.c:112 src/exec_intercept.c:116 src/exec_intercept.c:667 +#: src/exec_intercept.c:671 src/exec_intercept.c:857 src/exec_intercept.c:861 +#: src/exec_intercept.c:872 src/exec_intercept.c:876 src/exec_monitor.c:464 +#: src/exec_monitor.c:472 src/exec_monitor.c:480 src/exec_monitor.c:487 +#: src/exec_monitor.c:494 src/exec_monitor.c:501 src/exec_monitor.c:508 +#: src/exec_monitor.c:515 src/exec_monitor.c:522 src/exec_monitor.c:529 +#: src/exec_nopty.c:221 src/exec_nopty.c:230 src/exec_nopty.c:237 +#: src/exec_nopty.c:244 src/exec_nopty.c:251 src/exec_nopty.c:258 +#: src/exec_nopty.c:265 src/exec_nopty.c:272 src/exec_nopty.c:279 +#: src/exec_nopty.c:286 src/exec_nopty.c:293 src/exec_nopty.c:300 +#: src/exec_nopty.c:308 src/exec_pty.c:706 src/exec_pty.c:711 +#: src/exec_pty.c:808 src/exec_pty.c:815 src/exec_pty.c:912 +#: src/exec_pty.c:1233 src/exec_pty.c:1242 src/exec_pty.c:1249 +#: src/exec_pty.c:1256 src/exec_pty.c:1263 src/exec_pty.c:1270 +#: src/exec_pty.c:1277 src/exec_pty.c:1284 src/exec_pty.c:1291 +#: src/exec_pty.c:1298 src/exec_pty.c:1305 src/exec_pty.c:1727 +#: src/exec_pty.c:1737 src/exec_pty.c:1782 src/exec_pty.c:1789 +#: src/exec_pty.c:1816 +msgid "unable to add event to queue" +msgstr "큐에 이벤트를 추가할 수 없습니다" + +#: src/exec_intercept.c:314 +msgid "invalid PolicyCheckRequest" +msgstr "부적절한 PolicyCheckRequest" + +#: src/exec_intercept.c:362 src/sudo.c:1213 src/sudo.c:1258 src/sudo.c:1302 +msgid "command rejected by policy" +msgstr "정책을 통해 명령을 거부 했습니다" + +#: src/exec_intercept.c:455 src/sudo.c:1218 src/sudo.c:1263 src/sudo.c:1307 +#: src/sudo.c:1381 +msgid "policy plugin error" +msgstr "정책 플러그인 오류" + +#: src/exec_intercept.c:561 +#, c-format +msgid "client request too large: %zu" +msgstr "클라이언트 요청이 너무 깁니다: %zu" + +#: src/exec_intercept.c:659 +#, c-format +msgid "unexpected type_case value %d in %s from %s" +msgstr "%3$s의 %2$s에서 예기치 못한 type_case 값 %1$d번" + +#: src/exec_intercept.c:694 +#, c-format +msgid "server message too large: %zu" +msgstr "서버 메시지 길이가 너무 깁니다: %zu" + #: src/exec_monitor.c:360 msgid "error reading from socketpair" msgstr "소켓쌍 읽기 오류" @@ -248,204 +318,181 @@ msgid "unexpected reply type on backchannel: %d" msgstr "백 채널에 잘못된 응답 형식: %d" -#: src/exec_monitor.c:463 src/exec_monitor.c:471 src/exec_monitor.c:479 -#: src/exec_monitor.c:486 src/exec_monitor.c:493 src/exec_monitor.c:500 -#: src/exec_monitor.c:507 src/exec_monitor.c:514 src/exec_monitor.c:521 -#: src/exec_monitor.c:528 src/exec_nopty.c:214 src/exec_nopty.c:223 -#: src/exec_nopty.c:230 src/exec_nopty.c:237 src/exec_nopty.c:244 -#: src/exec_nopty.c:251 src/exec_nopty.c:258 src/exec_nopty.c:265 -#: src/exec_nopty.c:272 src/exec_nopty.c:279 src/exec_nopty.c:286 -#: src/exec_nopty.c:293 src/exec_nopty.c:301 src/exec_pty.c:693 -#: src/exec_pty.c:698 src/exec_pty.c:795 src/exec_pty.c:802 src/exec_pty.c:899 -#: src/exec_pty.c:1220 src/exec_pty.c:1229 src/exec_pty.c:1236 -#: src/exec_pty.c:1243 src/exec_pty.c:1250 src/exec_pty.c:1257 -#: src/exec_pty.c:1264 src/exec_pty.c:1271 src/exec_pty.c:1278 -#: src/exec_pty.c:1285 src/exec_pty.c:1292 src/exec_pty.c:1693 -#: src/exec_pty.c:1703 src/exec_pty.c:1748 src/exec_pty.c:1755 -#: src/exec_pty.c:1782 -msgid "unable to add event to queue" -msgstr "큐에 이벤트를 추가할 수 없습니다" - -#: src/exec_monitor.c:582 +#: src/exec_monitor.c:583 msgid "unable to set controlling tty" msgstr "처리 tty를 설정할 수 없습니다" -#: src/exec_monitor.c:590 src/exec_nopty.c:358 src/exec_pty.c:1465 -#: src/exec_pty.c:1486 src/exec_pty.c:1506 src/tgetpass.c:306 +#: src/exec_monitor.c:591 src/exec_nopty.c:369 src/exec_pty.c:1490 +#: src/exec_pty.c:1511 src/exec_pty.c:1531 src/tgetpass.c:307 msgid "unable to create pipe" msgstr "파이프를 만들 수 없습니다" # parent가 정확히 무슨 의미인지 알 수 없음 -#: src/exec_monitor.c:598 +#: src/exec_monitor.c:601 msgid "unable to receive message from parent" msgstr "상위로부터 메시지를 받을 수 없습니다" -#: src/exec_monitor.c:612 src/exec_nopty.c:387 src/exec_pty.c:1544 -#: src/sudo_edit.c:735 src/tgetpass.c:310 +#: src/exec_monitor.c:617 src/exec_nopty.c:407 src/exec_pty.c:1569 +#: src/sudo_edit.c:361 src/tgetpass.c:311 msgid "unable to fork" msgstr "포킹할 수 없습니다" -#: src/exec_monitor.c:616 src/exec_monitor.c:715 src/exec_nopty.c:441 +#: src/exec_monitor.c:621 src/exec_monitor.c:722 src/exec_nopty.c:471 msgid "unable to restore tty label" msgstr "tty 레이블을 복원할 수 없습니다" -#: src/exec_monitor.c:632 src/sesh.c:125 src/sudo.c:1131 +#: src/exec_monitor.c:637 src/sesh.c:123 src/sudo.c:1164 #, c-format msgid "unable to execute %s" msgstr "%s을(를) 실행할 수 없습니다" -#: src/exec_nopty.c:352 src/exec_pty.c:1395 +#: src/exec_nopty.c:363 src/exec_pty.c:1420 msgid "policy plugin failed session initialization" msgstr "정책 플러그인에서 세션 초기화에 실패했습니다" -#: src/exec_nopty.c:429 src/exec_pty.c:1632 +#: src/exec_nopty.c:377 src/exec_pty.c:1391 src/exec_pty.c:1399 +msgid "unable to create sockets" +msgstr "소켓을 만들 수 없습니다" + +#: src/exec_nopty.c:459 src/exec_pty.c:1666 msgid "error in event loop" msgstr "이벤트 루프에 오류" -#: src/exec_nopty.c:539 src/exec_pty.c:606 src/signal.c:101 +#: src/exec_nopty.c:569 src/exec_pty.c:619 src/signal.c:101 #, c-format msgid "unable to restore handler for signal %d" msgstr "%d 시그널의 핸들러를 복원할 수 없습니다" -#: src/exec_pty.c:152 +#: src/exec_pty.c:158 msgid "unable to allocate pty" msgstr "pty를 할당할 수 없습니다" -#: src/exec_pty.c:216 src/exec_pty.c:255 src/exec_pty.c:294 src/exec_pty.c:344 -#: src/exec_pty.c:394 +#: src/exec_pty.c:222 src/exec_pty.c:262 src/exec_pty.c:302 src/exec_pty.c:353 +#: src/exec_pty.c:404 msgid "I/O plugin error" msgstr "입출력 플러그인 오류" -#: src/exec_pty.c:219 src/exec_pty.c:258 src/exec_pty.c:297 src/exec_pty.c:347 -#: src/exec_pty.c:397 +#: src/exec_pty.c:226 src/exec_pty.c:266 src/exec_pty.c:306 src/exec_pty.c:357 +#: src/exec_pty.c:408 msgid "command rejected by I/O plugin" msgstr "입출력 플러그인에서 명령을 거부했습니다" -#: src/exec_pty.c:444 +#: src/exec_pty.c:455 msgid "error logging suspend" msgstr "오류 로깅 대기" -#: src/exec_pty.c:477 +#: src/exec_pty.c:489 msgid "error changing window size" msgstr "윈도우 크기 변경 오류" -#: src/exec_pty.c:1375 -msgid "unable to create sockets" -msgstr "소켓을 만들 수 없습니다" - -#: src/exec_pty.c:1587 +#: src/exec_pty.c:1615 msgid "unable to send message to monitor process" msgstr "감사 프로세스에 메시지를 보낼 수 없습니다" -#: src/load_plugins.c:50 src/load_plugins.c:63 src/load_plugins.c:85 -#: src/load_plugins.c:115 src/load_plugins.c:129 src/load_plugins.c:135 -#: src/load_plugins.c:287 src/load_plugins.c:297 src/load_plugins.c:307 -#: src/load_plugins.c:354 +#: src/load_plugins.c:108 src/load_plugins.c:122 src/load_plugins.c:128 +#: src/load_plugins.c:277 src/load_plugins.c:287 src/load_plugins.c:297 +#: src/load_plugins.c:344 #, c-format msgid "error in %s, line %d while loading plugin \"%s\"" msgstr "%s의 %d번째 줄에서 \"%s\" 플러그인을 불러오는 중 오류" -#: src/load_plugins.c:87 -#, c-format -msgid "%s%s: %s" -msgstr "%s%s: %s" - -#: src/load_plugins.c:131 +#: src/load_plugins.c:124 #, c-format msgid "%s must be owned by uid %d" msgstr "%s은(는) uid %d에서 소유해야 합니다" -#: src/load_plugins.c:137 +#: src/load_plugins.c:130 #, c-format msgid "%s must be only be writable by owner" msgstr "%s은(는) 소유자만 기록할 수 있어야 합니다" -#: src/load_plugins.c:247 src/load_plugins.c:322 +#: src/load_plugins.c:241 src/load_plugins.c:312 #, c-format msgid "ignoring duplicate plugin \"%s\" in %s, line %d" msgstr "%2$s의 %3$d번째 줄에서 \"%1$s\" 중복 플러그인 무시" -#: src/load_plugins.c:289 +#: src/load_plugins.c:279 #, c-format msgid "unable to load %s: %s" msgstr "%s을(를) 불러올 수 없습니다: %s" -#: src/load_plugins.c:299 +#: src/load_plugins.c:289 #, c-format msgid "unable to find symbol \"%s\" in %s" msgstr "%2$s에서 \"%1$s\" 심볼을 찾을 수 없습니다" -#: src/load_plugins.c:309 +#: src/load_plugins.c:299 #, c-format msgid "incompatible plugin major version %d (expected %d) found in %s" msgstr "%3$s에 주 버전이(%2$d을(를) 기대했지만) %1$d인 비호환 플러그인이 있습니다" -#: src/load_plugins.c:327 +#: src/load_plugins.c:317 #, c-format msgid "ignoring policy plugin \"%s\" in %s, line %d" msgstr "%2$s의 %3$d번째 줄에서 \"%1$s\" 정책 플러그인 무시" -#: src/load_plugins.c:330 +#: src/load_plugins.c:320 msgid "only a single policy plugin may be specified" msgstr "단일 정책 플러그인을 지정하십시오" -#: src/load_plugins.c:356 +#: src/load_plugins.c:346 #, c-format msgid "unknown plugin type %d found in %s" msgstr "%2$s에 알 수 없는 정책 유형 %1$d이(가) 있습니다" -#: src/load_plugins.c:552 +#: src/load_plugins.c:529 #, c-format msgid "policy plugin %s does not include a check_policy method" msgstr "%s 정책 플러그인에 check_policy 메서드가 없습니다" -#: src/net_ifs.c:178 src/net_ifs.c:195 src/net_ifs.c:340 src/sudo.c:479 +#: src/net_ifs.c:210 src/net_ifs.c:376 src/net_ifs.c:437 src/net_ifs.c:624 +#: src/net_ifs.c:855 src/sudo.c:483 src/sudo_edit.c:398 src/sudo_edit.c:406 #, c-format msgid "internal error, %s overflow" msgstr "내부 오류, %s 오버플로우" -#: src/parse_args.c:223 +#: src/parse_args.c:232 #, c-format msgid "invalid environment variable name: %s" -msgstr "잘못된 환경 변수 이름: %s" +msgstr "부적절한 환경 변수 이름: %s" -#: src/parse_args.c:325 +#: src/parse_args.c:335 msgid "the argument to -C must be a number greater than or equal to 3" msgstr "-C의 인자 값은 3보다 크거나 같아야 합니다" -#: src/parse_args.c:552 +#: src/parse_args.c:566 msgid "you may not specify both the -i and -s options" -msgstr "-i 와 -s 옵션을 함께 지정할 수 없습니다" +msgstr "-i 옵션과 -s 옵션을 함께 지정할 수 없습니다" -#: src/parse_args.c:557 +#: src/parse_args.c:571 msgid "you may not specify both the -i and -E options" -msgstr "-i 와 -E 옵션을 함께 지정할 수 없습니다" +msgstr "-i 옵션과 -E 옵션을 함께 지정할 수 없습니다" -#: src/parse_args.c:567 +#: src/parse_args.c:581 msgid "the -E option is not valid in edit mode" msgstr "-E 옵션은 편집 모드에서 유효하지 않습니다" -#: src/parse_args.c:570 +#: src/parse_args.c:584 msgid "you may not specify environment variables in edit mode" msgstr "편집 모드에서 환경 변수를 지정할 수 없습니다" -#: src/parse_args.c:580 +#: src/parse_args.c:594 msgid "the -U option may only be used with the -l option" -msgstr "-U 옵션은 -l 옵션만 함께 사용할 수 있습니다" +msgstr "-U 옵션에는 -l 옵션만 함께 쓸 수 있습니다" -#: src/parse_args.c:584 +#: src/parse_args.c:598 msgid "the -A and -S options may not be used together" -msgstr "-A 와 -S 옵션을 함께 사용할 수 없습니다" +msgstr "-A 옵션과 -S 옵션을 함께 쓸 수 없습니다" -#: src/parse_args.c:677 +#: src/parse_args.c:691 msgid "sudoedit is not supported on this platform" msgstr "이 플랫폼에서 sudoedit를 지원하지 않습니다" -#: src/parse_args.c:759 +#: src/parse_args.c:774 msgid "Only one of the -e, -h, -i, -K, -l, -s, -v or -V options may be specified" msgstr "-e, -h, -i, -K, -l, -s, -v, -V 옵션 중 하나를 지정해야 합니다" -#: src/parse_args.c:773 +#: src/parse_args.c:790 #, c-format msgid "" "%s - edit files as another user\n" @@ -454,7 +501,7 @@ "%s - 다른 사용자 권한으로 파일을 편집합니다\n" "\n" -#: src/parse_args.c:775 +#: src/parse_args.c:792 #, c-format msgid "" "%s - execute a command as another user\n" @@ -463,7 +510,7 @@ "%s - 다른 사용자 권한으로 명령을 실행합니다\n" "\n" -#: src/parse_args.c:780 +#: src/parse_args.c:798 msgid "" "\n" "Options:\n" @@ -471,225 +518,215 @@ "\n" "옵션:\n" -#: src/parse_args.c:782 +#: src/parse_args.c:800 msgid "use a helper program for password prompting" msgstr "암호 질문에 보조 프로그램 활용" -#: src/parse_args.c:785 +#: src/parse_args.c:803 msgid "use specified BSD authentication type" msgstr "지정 BSD 인증 형식 활용" -#: src/parse_args.c:788 +#: src/parse_args.c:807 msgid "run command in the background" msgstr "백그라운드에서 명령 실행" -#: src/parse_args.c:790 +#: src/parse_args.c:810 msgid "ring bell when prompting" msgstr "프롬프트를 띄울 때 알림 소리를 냅니다" -#: src/parse_args.c:792 +#: src/parse_args.c:812 msgid "close all file descriptors >= num" msgstr "num 보다 크거나 같은 모든 파일 서술자를 닫습니다" -#: src/parse_args.c:795 +#: src/parse_args.c:815 msgid "run command with the specified BSD login class" msgstr "지정 BSD 로그인 클래스로 명령을 실행합니다" -#: src/parse_args.c:798 +#: src/parse_args.c:818 msgid "change the working directory before running command" msgstr "명령 실행 전 작업 디렉터리를 바꿉니다" -#: src/parse_args.c:800 +#: src/parse_args.c:821 msgid "preserve user environment when running command" msgstr "명령을 실행할 때 사용자 환경을 유지합니다" -#: src/parse_args.c:802 +#: src/parse_args.c:823 msgid "preserve specific environment variables" msgstr "지정 환경 변수 값을 유지합니다" -#: src/parse_args.c:804 +#: src/parse_args.c:825 msgid "edit files instead of running a command" msgstr "명령을 실행하는 대신 파일을 편집합니다" -#: src/parse_args.c:806 +#: src/parse_args.c:828 msgid "run command as the specified group name or ID" msgstr "지정 그룹 이름 또는 ID로 명령을 실행합니다" -#: src/parse_args.c:808 +#: src/parse_args.c:831 msgid "set HOME variable to target user's home dir" msgstr "대상 사용자의 내 폴더에 HOME 변수를 지정합니다" -#: src/parse_args.c:810 +#: src/parse_args.c:834 msgid "display help message and exit" msgstr "도움말을 보여주고 빠져나갑니다" -#: src/parse_args.c:812 +#: src/parse_args.c:836 msgid "run command on host (if supported by plugin)" msgstr "(플러그인에서 지원한다면)호스트에서 명령을 실행합니다" -#: src/parse_args.c:814 +#: src/parse_args.c:839 msgid "run login shell as the target user; a command may also be specified" msgstr "대상 사용자 자격으로 셸에 로그인하며 명령을 지정할 수 있습니다" -#: src/parse_args.c:816 +#: src/parse_args.c:841 msgid "remove timestamp file completely" msgstr "타임스탬프 파일을 완전히 제거합니다" -#: src/parse_args.c:818 +#: src/parse_args.c:844 msgid "invalidate timestamp file" msgstr "타임스탬프 파일을 초기화합니다" -#: src/parse_args.c:820 +#: src/parse_args.c:847 msgid "list user's privileges or check a specific command; use twice for longer format" msgstr "사용자 권한을 보여주거나 지정 명령을 확인합니다. 긴 형식으로 보려면 옵션을 두 번 사용하십시오" -#: src/parse_args.c:822 +#: src/parse_args.c:850 msgid "non-interactive mode, no prompts are used" msgstr "비대화형 모드. 프롬프트를 사용하지 않습니다" -#: src/parse_args.c:824 +#: src/parse_args.c:853 msgid "preserve group vector instead of setting to target's" msgstr "대상을 설정하는 대신 그룹 벡터를 유지합니다" -#: src/parse_args.c:826 +#: src/parse_args.c:856 msgid "use the specified password prompt" msgstr "지정 암호 프롬프트를 활용합니다" -#: src/parse_args.c:828 +#: src/parse_args.c:858 msgid "change the root directory before running command" msgstr "명령 실행 전 루트 디렉터리를 바꿉니다" -#: src/parse_args.c:831 +#: src/parse_args.c:861 msgid "create SELinux security context with specified role" msgstr "지정 역할을 지닌 SELinux 보안 컨텍스트를 만듭니다" -#: src/parse_args.c:834 +#: src/parse_args.c:864 msgid "read password from standard input" msgstr "표준 입력으로 암호를 입력 받습니다" -#: src/parse_args.c:836 +#: src/parse_args.c:867 msgid "run shell as the target user; a command may also be specified" msgstr "셸을 대상 사용자 명의로 실행하며 명령을 지정할 수 있습니다" -#: src/parse_args.c:839 +#: src/parse_args.c:871 msgid "create SELinux security context with specified type" msgstr "지정 유형의 SELinux 보안 컨텍스트를 만듭니다" -#: src/parse_args.c:842 +#: src/parse_args.c:874 msgid "terminate command after the specified time limit" msgstr "지정 제한 시간 이후로 명령 실행을 멈춥니다" -#: src/parse_args.c:844 +#: src/parse_args.c:877 msgid "in list mode, display privileges for user" msgstr "목록 모드에서 사용자 권한을 보여줍니다" -#: src/parse_args.c:846 +#: src/parse_args.c:880 msgid "run command (or edit file) as specified user name or ID" msgstr "지정한 사용자 이름 또는 ID로 명령을 실행(또는 파일 편집)" -#: src/parse_args.c:848 +#: src/parse_args.c:882 msgid "display version information and exit" msgstr "버전 정보를 보여주고 나갑니다" -#: src/parse_args.c:850 +#: src/parse_args.c:885 msgid "update user's timestamp without running a command" msgstr "명령을 실행하지 않고 사용자 타임스탬프를 업데이트합니다" -#: src/parse_args.c:852 +#: src/parse_args.c:888 msgid "stop processing command line arguments" msgstr "명령행 인자 처리를 멈춥니다" -#: src/selinux.c:84 +#: src/selinux.c:83 msgid "unable to open audit system" msgstr "감사 시스템을 열 수 없습니다" -#: src/selinux.c:94 +#: src/selinux.c:93 msgid "unable to send audit message" msgstr "감사 메시지를 보낼 수 없습니다" -#: src/selinux.c:128 +#: src/selinux.c:129 #, c-format msgid "unable to fgetfilecon %s" msgstr "%s에 fgetfilecon을 실행할 수 없습니다" -#: src/selinux.c:133 +#: src/selinux.c:134 #, c-format msgid "%s changed labels" msgstr "%s에서 레이블을 바꾸었습니다" -#: src/selinux.c:141 +#: src/selinux.c:142 #, c-format msgid "unable to restore context for %s" msgstr "%s의 컨텍스트를 복원할 수 없습니다" -#: src/selinux.c:189 +#: src/selinux.c:190 #, c-format msgid "unable to open %s, not relabeling tty" msgstr "%s을(를) 열 수 없어 tty의 레이블을 다시 지정하지 않습니다" -#: src/selinux.c:193 src/selinux.c:238 src/selinux.c:268 +#: src/selinux.c:194 src/selinux.c:239 src/selinux.c:269 #, c-format msgid "%s is not a character device, not relabeling tty" msgstr "%s은(는) 문자 장치가 아니어서 tty에 레이블링을 다시 하지 않습니다" -#: src/selinux.c:202 +#: src/selinux.c:203 msgid "unable to get current tty context, not relabeling tty" msgstr "현재 tty 컨텍스트를 가져올 수 없어 tty의 레이블을 다시 지정하지 않습니다" -#: src/selinux.c:209 +#: src/selinux.c:210 msgid "unknown security class \"chr_file\", not relabeling tty" msgstr "\"chr_file\"의 보안 등급을 알 수 없어, tty의 레이블을 다시 지정하지 않습니다" -#: src/selinux.c:214 +#: src/selinux.c:215 msgid "unable to get new tty context, not relabeling tty" msgstr "새 tty 컨텍스트를 가져올 수 없습니다" -#: src/selinux.c:223 +#: src/selinux.c:224 msgid "unable to set new tty context" msgstr "새 tty 컨텍스트를 설정할 수 없습니다" -#: src/selinux.c:321 -#, c-format -msgid "you must specify a role for type %s" -msgstr "%s 유형의 역할을 지정해야 합니다" - #: src/selinux.c:327 +msgid "failed to get new context" +msgstr "새 컨텍스트 가져오기에 실패했습니다" + +#: src/selinux.c:345 #, c-format msgid "unable to get default type for role %s" msgstr "%s 역할의 기본 유형을 가져올 수 없습니다" -#: src/selinux.c:339 -msgid "failed to get new context" -msgstr "새 컨텍스트 가져오기에 실패했습니다" - -#: src/selinux.c:348 +#: src/selinux.c:357 #, c-format msgid "failed to set new role %s" msgstr "새 %s 역할 설정에 실패했습니다" -#: src/selinux.c:352 +#: src/selinux.c:361 #, c-format msgid "failed to set new type %s" msgstr "새 %s 유형 설정에 실패했습니다" -#: src/selinux.c:364 +#: src/selinux.c:373 #, c-format msgid "%s is not a valid context" msgstr "올바르지 않은 %s 컨텍스트 입니다" -#: src/selinux.c:396 +#: src/selinux.c:402 msgid "failed to get old context" msgstr "오래된 컨텍스트 가져오기에 실패했습니다" -#: src/selinux.c:402 +#: src/selinux.c:408 msgid "unable to determine enforcing mode." msgstr "강제 모드로 지정할 수 없습니다." -#: src/selinux.c:419 -#, c-format -msgid "unable to set tty context to %s" -msgstr "tty 컨텍스트를 %s(으)로 설정할 수 없습니다" - #: src/selinux.c:440 #, c-format msgid "unable to set exec context to %s" @@ -700,20 +737,40 @@ msgid "unable to set key creation context to %s" msgstr "키 생성 컨텍스트를 %s(으)로 설정할 수 없습니다" -#: src/sesh.c:77 +#: src/sesh.c:72 msgid "requires at least one argument" msgstr "최소한 하나의 인자가 필요합니다" -#: src/sesh.c:106 +#: src/sesh.c:104 #, c-format msgid "invalid file descriptor number: %s" -msgstr "잘못된 파일 서술자 번호: %s" +msgstr "부적절한 파일 서술자 번호: %s" -#: src/sesh.c:120 +#: src/sesh.c:118 #, c-format msgid "unable to run %s as a login shell" msgstr "%s(을)를 로그인 쉘로 실행할 수 없습니다" +#: src/sesh.c:200 src/sesh.c:300 src/sudo_edit.c:204 +#, c-format +msgid "%s: editing symbolic links is not permitted" +msgstr "%s: 심볼릭 링크 편집을 허용하지 않습니다" + +#: src/sesh.c:203 src/sesh.c:303 src/sudo_edit.c:207 +#, c-format +msgid "%s: editing files in a writable directory is not permitted" +msgstr "%s: 기록 가능한 디렉터리에서 파일 편집을 허용하지 않습니다" + +#: src/sesh.c:287 src/sesh.c:308 src/sesh.c:317 src/sesh.c:325 +#: src/sudo_edit.c:331 +#, c-format +msgid "contents of edit session left in %s" +msgstr "%s에 편집 세션 내용 남음" + +#: src/sesh.c:416 src/sudo_edit.c:94 +msgid "unable to get group list" +msgstr "그룹 목록을 가져올 수 없습니다" + #: src/signal.c:79 #, c-format msgid "unable to save handler for signal %d" @@ -762,203 +819,198 @@ msgid "warning, resource control assignment failed for project \"%s\"" msgstr "경고! \"%s\" 프로젝트에 자원 처리 할당에 실패했습니다" -#: src/sudo.c:220 +#: src/sudo.c:213 #, c-format msgid "Sudo version %s\n" msgstr "sudo 버전 %s\n" -#: src/sudo.c:222 +#: src/sudo.c:215 #, c-format msgid "Configure options: %s\n" msgstr "설정 옵션: %s\n" -#: src/sudo.c:231 +#: src/sudo.c:223 msgid "fatal error, unable to load plugins" msgstr "치명적인 오류. 플러그인을 불러올 수 없습니다" -#: src/sudo.c:277 +#: src/sudo.c:269 msgid "plugin did not return a command to execute" msgstr "플러그인에서 실행할 명령을 반환하지 않았습니다" -#: src/sudo.c:312 +#: src/sudo.c:302 #, c-format msgid "unexpected sudo mode 0x%x" msgstr "예상치 못한 sudo 모드 0x%x" -#: src/sudo.c:546 +#: src/sudo.c:550 #, c-format msgid "you do not exist in the %s database" msgstr "%s 데이터베이스에 없는 사용자입니다" -#: src/sudo.c:603 +#: src/sudo.c:607 msgid "unable to determine tty" msgstr "tty를 지정할 수 없습니다" -#: src/sudo.c:913 +#: src/sudo.c:948 #, c-format msgid "%s must be owned by uid %d and have the setuid bit set" msgstr "%s은(는) %d uid를 소유해야 하며 setuid 비트를 설정해야 합니다" -#: src/sudo.c:916 +#: src/sudo.c:951 #, c-format msgid "effective uid is not %d, is %s on a file system with the 'nosuid' option set or an NFS file system without root privileges?" msgstr "%d은(는) 유효한 uid가 아닙니다. %s은(는) 'nosuid' 옵션을 설정한 파일 시스템이거나 루트 권한이 없는 NFS 파일 시스템입니까?" -#: src/sudo.c:922 +#: src/sudo.c:957 #, c-format msgid "effective uid is not %d, is sudo installed setuid root?" msgstr "%d은(는) 유효한 uid가 아닙니다. sudo에 setuid root를 설치했습니까?" -#: src/sudo.c:938 +#: src/sudo.c:973 src/tgetpass.c:333 msgid "unable to set supplementary group IDs" msgstr "추가 그룹 ID를 설정할 수 없습니다" -#: src/sudo.c:945 +#: src/sudo.c:980 #, c-format msgid "unable to set effective gid to runas gid %u" msgstr "유효한 gid를 %u 실행 gid로 설정할 수 없습니다" -#: src/sudo.c:951 +#: src/sudo.c:986 #, c-format msgid "unable to set gid to runas gid %u" msgstr "gid를 실행 gid %u(으)로 설정할 수 없습니다" -#: src/sudo.c:994 +#: src/sudo.c:1029 #, c-format msgid "unexpected child termination condition: %d" msgstr "예상치 못한 하위 프로세스 중단 상태: %d" -#: src/sudo.c:1103 +#: src/sudo.c:1136 msgid "unable to initialize policy plugin" msgstr "정책 플러그인을 초기화할 수 없습니다" -#: src/sudo.c:1166 +#: src/sudo.c:1198 #, c-format msgid "policy plugin %s is missing the \"check_policy\" method" msgstr "%s 정책 플러그인에 \"check_policy\" 메서드가 빠졌습니다" -#: src/sudo.c:1181 src/sudo.c:1234 src/sudo.c:1278 -msgid "command rejected by policy" -msgstr "정책을 통해 명령을 거부 했습니다" - -#: src/sudo.c:1186 src/sudo.c:1239 src/sudo.c:1283 -msgid "policy plugin error" -msgstr "정책 플러그인 오류" - -#: src/sudo.c:1220 +#: src/sudo.c:1244 #, c-format msgid "policy plugin %s does not support listing privileges" msgstr "%s 정책 플러그인에서 권한 조회를 지원하지 않습니다" -#: src/sudo.c:1264 +#: src/sudo.c:1288 #, c-format msgid "policy plugin %s does not support the -v option" msgstr "%s 정책 플러그인에서 -v 옵션을 지원하지 않습니다" -#: src/sudo.c:1302 +#: src/sudo.c:1326 #, c-format msgid "policy plugin %s does not support the -k/-K options" msgstr "%s 정책 플러그인에서 -k/-K 옵션을 지원하지 않습니다" -#: src/sudo.c:1431 +#: src/sudo.c:1455 #, c-format msgid "error initializing I/O plugin %s" msgstr "%s 입출력 플러그인 초기화 오류" -#: src/sudo.c:1585 +#: src/sudo.c:1458 +msgid "error initializing I/O plugin" +msgstr "입출력 플러그인 초기화 오류" + +#: src/sudo.c:1607 #, c-format msgid "error initializing audit plugin %s" msgstr "%s 감사 플러그인 초기화 오류" -#: src/sudo.c:1763 +#: src/sudo.c:1686 +#, c-format +msgid "%s: unable to log error event%s%s" +msgstr "%s: %s%s 오류 이벤트를 기록할 수 없습니다" + +#: src/sudo.c:1722 +#, c-format +msgid "%s: unable to log accept event%s%s" +msgstr "%s: %s%s 허용 이벤트를 기록할 수 없습니다" + +#: src/sudo.c:1727 src/sudo.c:1765 +msgid "audit plugin error" +msgstr "감사 플러그인 오류" + +#: src/sudo.c:1760 +#, c-format +msgid "%s: unable to log reject event%s%s" +msgstr "%s: %s%s 거부 이벤트를 기록할 수 없습니다" + +#: src/sudo.c:1820 #, c-format msgid "error initializing approval plugin %s" msgstr "%s 승인 플러그인 초기화 오류" -#: src/sudo.c:1839 +#: src/sudo.c:1890 msgid "command rejected by approver" msgstr "승인자가 명령을 거부했습니다" -#: src/sudo.c:1848 +#: src/sudo.c:1900 msgid "approval plugin error" msgstr "승인 플러그인 오류" -#: src/sudo_edit.c:226 +#: src/sudo_edit.c:113 msgid "no writable temporary directory found" msgstr "기록 가능한 임시 디렉터리를 찾을 수 없습니다" -#: src/sudo_edit.c:351 -msgid "unable to restore current working directory" -msgstr "현재 작업 디렉터리를 복원할 수 없습니다" - -#: src/sudo_edit.c:566 src/sudo_edit.c:666 -#, c-format -msgid "%s: not a regular file" -msgstr "%s: 일반 파일 아님" - -#: src/sudo_edit.c:573 -#, c-format -msgid "%s: editing symbolic links is not permitted" -msgstr "%s: 심볼릭 링크 편집을 허용하지 않습니다" - -#: src/sudo_edit.c:576 -#, c-format -msgid "%s: editing files in a writable directory is not permitted" -msgstr "%s: 기록 가능한 디렉터리에서 파일 편집을 허용하지 않습니다" - -#: src/sudo_edit.c:667 +#: src/sudo_edit.c:291 #, c-format msgid "%s left unmodified" msgstr "%s 수정하지 않은 상태로 남음" -#: src/sudo_edit.c:680 src/sudo_edit.c:871 +#: src/sudo_edit.c:304 src/sudo_edit.c:571 #, c-format msgid "%s unchanged" msgstr "%s 바꾸지 않음" -#: src/sudo_edit.c:706 src/sudo_edit.c:909 -#, c-format -msgid "contents of edit session left in %s" -msgstr "%s에 편집 세션 내용 남음" - -#: src/sudo_edit.c:814 +#: src/sudo_edit.c:481 msgid "sesh: internal error: odd number of paths" msgstr "sesh: 내부 오류: 경로에 잘못된 파일" -#: src/sudo_edit.c:816 +#: src/sudo_edit.c:483 msgid "sesh: unable to create temporary files" msgstr "sesh: 임시 파일을 만들 수 없습니다" -#: src/sudo_edit.c:818 src/sudo_edit.c:902 +#: src/sudo_edit.c:485 src/sudo_edit.c:609 msgid "sesh: killed by a signal" msgstr "sesh: 시그널을 받아 죽음" -#: src/sudo_edit.c:820 src/sudo_edit.c:905 +#: src/sudo_edit.c:487 src/sudo_edit.c:612 #, c-format msgid "sesh: unknown error %d" msgstr "sesh: 잘못된 오류 %d" -#: src/sudo_edit.c:895 +#: src/sudo_edit.c:602 msgid "unable to copy temporary files back to their original location" msgstr "원위치에 임시 파일을 복사할 수 없습니다" -#: src/sudo_edit.c:899 +#: src/sudo_edit.c:606 msgid "unable to copy some of the temporary files back to their original location" msgstr "원 위치에 임시 파일 일부를 복사할 수 없습니다" -#: src/sudo_edit.c:943 +#: src/sudo_edit.c:649 #, c-format msgid "unable to change uid to root (%u)" msgstr "uid를 루트로 바꿀 수 없습니다(%u)" -#: src/sudo_edit.c:960 +#: src/sudo_edit.c:670 msgid "plugin error: missing file list for sudoedit" msgstr "플러그인 오류: sudoedit에 파일 목록이 빠짐" -#: src/sudo_edit.c:1011 src/sudo_edit.c:1024 +#: src/sudo_edit.c:713 src/sudo_edit.c:727 msgid "unable to read the clock" msgstr "클록을 읽을 수 없습니다" +#: src/sudo_intercept_common.c:341 +msgid "intercept port not set" +msgstr "차단 포트를 설정하지 않았습니다" + #: src/tgetpass.c:95 msgid "timed out reading password" msgstr "암호 읽기 시간 초과" @@ -979,33 +1031,51 @@ msgid "no askpass program specified, try setting SUDO_ASKPASS" msgstr "askpass 프로그램을 지정하지 않았습니다. SUDO_ASKPASS를 설정해보십시오" -#: src/tgetpass.c:327 +#: src/tgetpass.c:328 #, c-format msgid "unable to set gid to %u" msgstr "gid를 %u(으)로 설정할 수 없습니다" -#: src/tgetpass.c:331 +#: src/tgetpass.c:338 #, c-format msgid "unable to set uid to %u" msgstr "uid를 %u(으)로 설정할 수 없습니다" -#: src/tgetpass.c:336 +#: src/tgetpass.c:343 #, c-format msgid "unable to run %s" msgstr "%s을(를) 실행할 수 없습니다" -#: src/utmp.c:287 +#: src/utmp.c:288 msgid "unable to save stdin" msgstr "표준 입력을 저장할 수 없습니다" -#: src/utmp.c:289 +#: src/utmp.c:290 msgid "unable to dup2 stdin" msgstr "표준 입력을 dup2 처리할 수 없습니다" -#: src/utmp.c:292 +#: src/utmp.c:293 msgid "unable to restore stdin" msgstr "표준 입력을 복원할 수 없습니다" +#~ msgid "unable to dup intercept fd" +#~ msgstr "가로채기 파일 서술자를 복제할 수 없습니다" + +#~ msgid "%s: missing message header" +#~ msgstr "%s: 메시지 헤더가 빠졌습니다" + +#~ msgid "%s: expected message type %d, got %d" +#~ msgstr "%s: 메시지 형식 %d번을 기대했으나, %d번이 나타났습니다" + +#~ msgid "you must specify a role for type %s" +#~ msgstr "%s 유형의 역할을 지정해야 합니다" + +#~ msgid "unable to set tty context to %s" +#~ msgstr "tty 컨텍스트를 %s(으)로 설정할 수 없습니다" + +#~ msgid "%s%s: %s" +#~ msgstr "%s%s: %s" + #~ msgid "ignoring duplicate policy plugin \"%s\" in %s, line %d" #~ msgstr "%2$s의 %3$d번째 줄에서 \"%1$s\" 중복 정책 플러그인 무시" @@ -1021,8 +1091,5 @@ #~ msgid "error reading from signal pipe" #~ msgstr "시그널 파이프 읽기 오류" -#~ msgid "unable to get group vector" -#~ msgstr "그룹 벡터를 가져올 수 없습니다" - #~ msgid "unknown uid %u: who are you?" #~ msgstr "알 수 없는 %u: 누구일까요?" Binary files /tmp/tmpi0rdlgnl/ugezXHF7Xt/sudo-1.9.5p2/po/pl.mo and /tmp/tmpi0rdlgnl/jboyaHmwzR/sudo-1.9.9/po/pl.mo differ diff -Nru sudo-1.9.5p2/po/pl.po sudo-1.9.9/po/pl.po --- sudo-1.9.5p2/po/pl.po 2020-12-17 01:33:44.000000000 +0000 +++ sudo-1.9.9/po/pl.po 2022-01-27 21:24:22.000000000 +0000 @@ -1,13 +1,13 @@ # Polish translation for sudo. # This file is put in the public domain. -# Jakub Bogusz , 2011-2020. +# Jakub Bogusz , 2011-2021. # msgid "" msgstr "" -"Project-Id-Version: sudo 1.9.3b1\n" +"Project-Id-Version: sudo 1.9.9b1\n" "Report-Msgid-Bugs-To: https://bugzilla.sudo.ws\n" -"POT-Creation-Date: 2020-09-12 08:28-0600\n" -"PO-Revision-Date: 2020-09-14 18:58+0200\n" +"POT-Creation-Date: 2021-12-08 10:19-0700\n" +"PO-Revision-Date: 2021-12-11 19:15+0100\n" "Last-Translator: Jakub Bogusz \n" "Language-Team: Polish \n" "Language: pl\n" @@ -30,87 +30,94 @@ msgstr "nie udało się odtworzyć rejestru" #: lib/util/aix.c:272 lib/util/gidlist.c:66 lib/util/gidlist.c:76 -#: lib/util/json.c:54 lib/util/json.c:180 lib/util/sudo_conf.c:186 -#: lib/util/sudo_conf.c:272 lib/util/sudo_conf.c:349 lib/util/sudo_conf.c:575 -#: src/conversation.c:80 src/exec_common.c:106 src/exec_common.c:122 -#: src/exec_common.c:131 src/exec_monitor.c:206 src/exec_monitor.c:455 -#: src/exec_monitor.c:461 src/exec_monitor.c:469 src/exec_monitor.c:477 -#: src/exec_monitor.c:484 src/exec_monitor.c:491 src/exec_monitor.c:498 -#: src/exec_monitor.c:505 src/exec_monitor.c:512 src/exec_monitor.c:519 -#: src/exec_monitor.c:526 src/exec_nopty.c:212 src/exec_nopty.c:221 -#: src/exec_nopty.c:228 src/exec_nopty.c:235 src/exec_nopty.c:242 -#: src/exec_nopty.c:249 src/exec_nopty.c:256 src/exec_nopty.c:263 -#: src/exec_nopty.c:270 src/exec_nopty.c:277 src/exec_nopty.c:284 -#: src/exec_nopty.c:291 src/exec_nopty.c:299 src/exec_nopty.c:473 -#: src/exec_pty.c:827 src/exec_pty.c:836 src/exec_pty.c:893 -#: src/exec_pty.c:1046 src/exec_pty.c:1218 src/exec_pty.c:1227 -#: src/exec_pty.c:1234 src/exec_pty.c:1241 src/exec_pty.c:1248 -#: src/exec_pty.c:1255 src/exec_pty.c:1262 src/exec_pty.c:1269 -#: src/exec_pty.c:1276 src/exec_pty.c:1283 src/exec_pty.c:1290 -#: src/exec_pty.c:1298 src/exec_pty.c:1740 src/load_plugins.c:52 -#: src/load_plugins.c:65 src/load_plugins.c:163 src/load_plugins.c:188 -#: src/load_plugins.c:223 src/load_plugins.c:463 src/load_plugins.c:469 -#: src/parse_args.c:181 src/parse_args.c:202 src/parse_args.c:275 -#: src/parse_args.c:616 src/parse_args.c:638 src/parse_args.c:663 -#: src/preserve_fds.c:46 src/preserve_fds.c:131 src/selinux.c:90 -#: src/selinux.c:360 src/selinux.c:489 src/selinux.c:498 src/sesh.c:115 -#: src/sudo.c:632 src/sudo.c:701 src/sudo.c:711 src/sudo.c:732 src/sudo.c:751 -#: src/sudo.c:760 src/sudo.c:769 src/sudo.c:786 src/sudo.c:828 src/sudo.c:838 -#: src/sudo.c:867 src/sudo.c:1053 src/sudo.c:1075 src/sudo.c:1373 -#: src/sudo.c:1546 src/sudo.c:1740 src/sudo.c:2084 src/sudo_edit.c:263 -#: src/sudo_edit.c:770 src/sudo_edit.c:854 src/sudo_edit.c:976 -#: src/sudo_edit.c:996 +#: lib/util/json.c:54 lib/util/json.c:183 lib/util/sudo_conf.c:218 +#: lib/util/sudo_conf.c:304 lib/util/sudo_conf.c:381 lib/util/sudo_conf.c:665 +#: src/conversation.c:80 src/exec_monitor.c:206 src/exec_monitor.c:456 +#: src/exec_monitor.c:462 src/exec_monitor.c:470 src/exec_monitor.c:478 +#: src/exec_monitor.c:485 src/exec_monitor.c:492 src/exec_monitor.c:499 +#: src/exec_monitor.c:506 src/exec_monitor.c:513 src/exec_monitor.c:520 +#: src/exec_monitor.c:527 src/exec_nopty.c:219 src/exec_nopty.c:228 +#: src/exec_nopty.c:235 src/exec_nopty.c:242 src/exec_nopty.c:249 +#: src/exec_nopty.c:256 src/exec_nopty.c:263 src/exec_nopty.c:270 +#: src/exec_nopty.c:277 src/exec_nopty.c:284 src/exec_nopty.c:291 +#: src/exec_nopty.c:298 src/exec_nopty.c:306 src/exec_nopty.c:503 +#: src/exec_preload.c:143 src/exec_preload.c:204 src/exec_pty.c:840 +#: src/exec_pty.c:849 src/exec_pty.c:906 src/exec_pty.c:1059 +#: src/exec_pty.c:1231 src/exec_pty.c:1240 src/exec_pty.c:1247 +#: src/exec_pty.c:1254 src/exec_pty.c:1261 src/exec_pty.c:1268 +#: src/exec_pty.c:1275 src/exec_pty.c:1282 src/exec_pty.c:1289 +#: src/exec_pty.c:1296 src/exec_pty.c:1303 src/exec_pty.c:1311 +#: src/exec_pty.c:1774 src/load_plugins.c:156 src/load_plugins.c:181 +#: src/load_plugins.c:217 src/load_plugins.c:449 src/load_plugins.c:455 +#: src/parse_args.c:190 src/parse_args.c:211 src/parse_args.c:285 +#: src/parse_args.c:630 src/parse_args.c:652 src/parse_args.c:677 +#: src/preserve_fds.c:46 src/preserve_fds.c:131 src/selinux.c:89 +#: src/selinux.c:369 src/selinux.c:489 src/selinux.c:498 src/sesh.c:113 +#: src/sesh.c:146 src/sesh.c:152 src/sesh.c:159 src/sesh.c:165 src/sesh.c:410 +#: src/sudo.c:636 src/sudo.c:706 src/sudo.c:716 src/sudo.c:741 src/sudo.c:764 +#: src/sudo.c:773 src/sudo.c:782 src/sudo.c:799 src/sudo.c:849 src/sudo.c:859 +#: src/sudo.c:888 src/sudo.c:1087 src/sudo.c:1108 src/sudo.c:1401 +#: src/sudo.c:1570 src/sudo.c:1797 src/sudo.c:2131 src/sudo_edit.c:89 +#: src/sudo_edit.c:149 src/sudo_edit.c:429 src/sudo_edit.c:438 +#: src/sudo_edit.c:539 src/sudo_edit.c:546 src/sudo_edit.c:677 +#: src/sudo_edit.c:697 src/sudo_intercept_common.c:113 +#: src/sudo_intercept_common.c:317 #, c-format msgid "%s: %s" msgstr "%s: %s" #: lib/util/aix.c:272 lib/util/gidlist.c:66 lib/util/json.c:55 -#: lib/util/json.c:181 lib/util/sudo_conf.c:187 lib/util/sudo_conf.c:272 -#: lib/util/sudo_conf.c:349 lib/util/sudo_conf.c:575 src/conversation.c:81 -#: src/exec_common.c:106 src/exec_common.c:123 src/exec_common.c:132 -#: src/exec_monitor.c:455 src/exec_monitor.c:461 src/exec_monitor.c:469 -#: src/exec_monitor.c:477 src/exec_monitor.c:484 src/exec_monitor.c:491 -#: src/exec_monitor.c:498 src/exec_monitor.c:505 src/exec_monitor.c:512 -#: src/exec_monitor.c:519 src/exec_monitor.c:526 src/exec_nopty.c:212 -#: src/exec_nopty.c:221 src/exec_nopty.c:228 src/exec_nopty.c:235 -#: src/exec_nopty.c:242 src/exec_nopty.c:249 src/exec_nopty.c:256 -#: src/exec_nopty.c:263 src/exec_nopty.c:270 src/exec_nopty.c:277 -#: src/exec_nopty.c:284 src/exec_nopty.c:291 src/exec_nopty.c:299 -#: src/exec_pty.c:827 src/exec_pty.c:836 src/exec_pty.c:893 -#: src/exec_pty.c:1218 src/exec_pty.c:1227 src/exec_pty.c:1234 -#: src/exec_pty.c:1241 src/exec_pty.c:1248 src/exec_pty.c:1255 -#: src/exec_pty.c:1262 src/exec_pty.c:1269 src/exec_pty.c:1276 -#: src/exec_pty.c:1283 src/exec_pty.c:1290 src/exec_pty.c:1298 -#: src/exec_pty.c:1740 src/load_plugins.c:163 src/load_plugins.c:188 -#: src/load_plugins.c:223 src/load_plugins.c:463 src/load_plugins.c:469 -#: src/parse_args.c:181 src/parse_args.c:203 src/parse_args.c:275 -#: src/parse_args.c:616 src/parse_args.c:638 src/parse_args.c:663 -#: src/preserve_fds.c:46 src/preserve_fds.c:131 src/selinux.c:90 -#: src/selinux.c:360 src/selinux.c:489 src/selinux.c:498 src/sesh.c:115 -#: src/sudo.c:235 src/sudo.c:632 src/sudo.c:867 src/sudo.c:1053 -#: src/sudo.c:1075 src/sudo.c:1373 src/sudo.c:1546 src/sudo.c:1740 -#: src/sudo.c:2084 src/sudo_edit.c:263 src/sudo_edit.c:770 src/sudo_edit.c:854 -#: src/sudo_edit.c:976 src/sudo_edit.c:996 +#: lib/util/json.c:184 lib/util/sudo_conf.c:219 lib/util/sudo_conf.c:304 +#: lib/util/sudo_conf.c:381 lib/util/sudo_conf.c:665 src/conversation.c:81 +#: src/exec_intercept.c:100 src/exec_intercept.c:330 src/exec_intercept.c:354 +#: src/exec_intercept.c:377 src/exec_intercept.c:385 src/exec_intercept.c:410 +#: src/exec_intercept.c:416 src/exec_intercept.c:425 src/exec_intercept.c:431 +#: src/exec_intercept.c:565 src/exec_intercept.c:706 src/exec_monitor.c:456 +#: src/exec_monitor.c:462 src/exec_monitor.c:470 src/exec_monitor.c:478 +#: src/exec_monitor.c:485 src/exec_monitor.c:492 src/exec_monitor.c:499 +#: src/exec_monitor.c:506 src/exec_monitor.c:513 src/exec_monitor.c:520 +#: src/exec_monitor.c:527 src/exec_nopty.c:219 src/exec_nopty.c:228 +#: src/exec_nopty.c:235 src/exec_nopty.c:242 src/exec_nopty.c:249 +#: src/exec_nopty.c:256 src/exec_nopty.c:263 src/exec_nopty.c:270 +#: src/exec_nopty.c:277 src/exec_nopty.c:284 src/exec_nopty.c:291 +#: src/exec_nopty.c:298 src/exec_nopty.c:306 src/exec_preload.c:143 +#: src/exec_preload.c:204 src/exec_pty.c:840 src/exec_pty.c:849 +#: src/exec_pty.c:906 src/exec_pty.c:1231 src/exec_pty.c:1240 +#: src/exec_pty.c:1247 src/exec_pty.c:1254 src/exec_pty.c:1261 +#: src/exec_pty.c:1268 src/exec_pty.c:1275 src/exec_pty.c:1282 +#: src/exec_pty.c:1289 src/exec_pty.c:1296 src/exec_pty.c:1303 +#: src/exec_pty.c:1311 src/exec_pty.c:1774 src/load_plugins.c:156 +#: src/load_plugins.c:181 src/load_plugins.c:217 src/load_plugins.c:449 +#: src/load_plugins.c:455 src/parse_args.c:190 src/parse_args.c:212 +#: src/parse_args.c:285 src/parse_args.c:630 src/parse_args.c:652 +#: src/parse_args.c:677 src/preserve_fds.c:46 src/preserve_fds.c:131 +#: src/selinux.c:89 src/selinux.c:369 src/selinux.c:489 src/selinux.c:498 +#: src/sesh.c:113 src/sesh.c:411 src/sudo.c:227 src/sudo.c:636 src/sudo.c:888 +#: src/sudo.c:1087 src/sudo.c:1108 src/sudo.c:1401 src/sudo.c:1570 +#: src/sudo.c:1797 src/sudo.c:2131 src/sudo_edit.c:89 src/sudo_edit.c:149 +#: src/sudo_edit.c:429 src/sudo_edit.c:438 src/sudo_edit.c:539 +#: src/sudo_edit.c:546 src/sudo_edit.c:677 src/sudo_edit.c:697 +#: src/sudo_intercept_common.c:113 src/sudo_intercept_common.c:317 msgid "unable to allocate memory" msgstr "nie udało się przydzielić pamięci" -#: lib/util/mkdir_parents.c:69 lib/util/sudo_conf.c:614 src/selinux.c:234 -#: src/selinux.c:264 src/sudo.c:369 +#: lib/util/mkdir_parents.c:68 lib/util/sudo_conf.c:704 src/selinux.c:235 +#: src/selinux.c:265 src/sudo.c:368 src/sudo_edit.c:494 src/sudo_edit.c:559 #, c-format msgid "unable to open %s" msgstr "nie udało się otworzyć %s" -#: lib/util/mkdir_parents.c:84 +#: lib/util/mkdir_parents.c:83 #, c-format msgid "unable to mkdir %s" msgstr "nie udało się utworzyć katalogu %s" -#: lib/util/mkdir_parents.c:93 lib/util/sudo_conf.c:591 +#: lib/util/mkdir_parents.c:92 lib/util/sudo_conf.c:681 src/copy_file.c:150 #, c-format msgid "unable to stat %s" msgstr "nie udało się wykonać stat na %s" -#: lib/util/mkdir_parents.c:98 +#: lib/util/mkdir_parents.c:97 #, c-format msgid "%s exists but is not a directory (0%o)" msgstr "%s istnieje, ale nie jest katalogiem (0%o)" @@ -120,7 +127,7 @@ msgstr "Nieznany sygnał" #: lib/util/strtoid.c:87 lib/util/strtomode.c:52 lib/util/strtonum.c:148 -#: lib/util/strtonum.c:187 +#: lib/util/strtonum.c:187 src/sesh.c:146 src/sesh.c:159 msgid "invalid value" msgstr "błędna wartość" @@ -132,110 +139,173 @@ msgid "value too small" msgstr "wartość zbyt mała" -#: lib/util/sudo_conf.c:205 +#: lib/util/sudo_conf.c:237 #, c-format msgid "invalid Path value \"%s\" in %s, line %u" msgstr "błędna wartość Path \"%s\" w %s, w linii %u" -#: lib/util/sudo_conf.c:371 lib/util/sudo_conf.c:387 lib/util/sudo_conf.c:440 +#: lib/util/sudo_conf.c:403 lib/util/sudo_conf.c:419 lib/util/sudo_conf.c:472 #, c-format msgid "invalid value for %s \"%s\" in %s, line %u" msgstr "błędna wartość opcji %s \"%s\" w %s, w linii %u" -#: lib/util/sudo_conf.c:408 +#: lib/util/sudo_conf.c:440 #, c-format msgid "unsupported group source \"%s\" in %s, line %u" msgstr "nieobsługiwane źródło grup \"%s\" w %s, w linii %u" -#: lib/util/sudo_conf.c:424 +#: lib/util/sudo_conf.c:456 #, c-format msgid "invalid max groups \"%s\" in %s, line %u" msgstr "błędna maksymalna liczba grup \"%s\" w %s, w linii %u" -#: lib/util/sudo_conf.c:594 +#: lib/util/sudo_conf.c:684 #, c-format msgid "%s is not a regular file" msgstr "%s nie jest zwykłym plikiem" -#: lib/util/sudo_conf.c:597 +#: lib/util/sudo_conf.c:687 src/copy_file.c:163 #, c-format msgid "%s is owned by uid %u, should be %u" msgstr "właścicielem %s jest uid %u, powinien być %u" -#: lib/util/sudo_conf.c:601 +#: lib/util/sudo_conf.c:691 #, c-format msgid "%s is world writable" msgstr "%s jest zapisywalny dla świata" -#: lib/util/sudo_conf.c:604 +#: lib/util/sudo_conf.c:694 #, c-format msgid "%s is group writable" msgstr "%s jest zapisywalny dla grupy" -#: src/copy_file.c:91 +#: src/copy_file.c:93 #, c-format msgid "%s: truncate %s to zero bytes? (y/n) [n] " msgstr "%s: uciąć %s to zera bajtów? (y/n) [n] " -#: src/copy_file.c:95 +#: src/copy_file.c:97 #, c-format msgid "not overwriting %s" msgstr "bez nadpisywania %s" -#: src/copy_file.c:117 +#: src/copy_file.c:119 #, c-format msgid "unable to read from %s" msgstr "nie można czytać z %s" -#: src/copy_file.c:134 src/sudo_edit.c:695 +#: src/copy_file.c:136 src/sudo_edit.c:320 #, c-format msgid "unable to write to %s" msgstr "nie można pisać do %s" -#: src/exec.c:128 +#: src/copy_file.c:154 src/sesh.c:218 src/sudo_edit.c:197 +#, c-format +msgid "%s: not a regular file" +msgstr "%s: nie jest zwykłym plikiem" + +#: src/copy_file.c:158 +#, c-format +msgid "%s: bad file mode: 0%o" +msgstr "%s: błędny tryb pliku: 0%o" + +#: src/edit_open.c:331 +msgid "unable to restore current working directory" +msgstr "nie udało się odtworzyć bieżącego kartalogu roboczego" + +#: src/exec.c:130 #, c-format msgid "unknown login class %s" msgstr "nieznana klasa logowania %s" -#: src/exec.c:140 +#: src/exec.c:142 msgid "unable to set user context" msgstr "nie udało się ustawić kontekstu użytkownika" -#: src/exec.c:156 +#: src/exec.c:158 msgid "unable to set process priority" msgstr "nie udało się ustawić priorytetu procesu" -#: src/exec.c:170 +#: src/exec.c:175 #, c-format msgid "unable to change root to %s" msgstr "nie udało się zmienić katalogu głównego na %s" -#: src/exec.c:183 src/exec.c:189 src/exec.c:196 +#: src/exec.c:188 src/exec.c:194 src/exec.c:201 #, c-format msgid "unable to change to runas uid (%u, %u)" msgstr "nie udało się zmienić uid-ów, aby działać jako (%u, %u)" -#: src/exec.c:214 +#: src/exec.c:219 #, c-format msgid "unable to change directory to %s" msgstr "nie udało się zmienić katalogu na %s" -#: src/exec.c:218 +#: src/exec.c:223 #, c-format msgid "starting from %s" msgstr "zaczynając od %s" -#: src/exec.c:300 src/exec_monitor.c:564 src/exec_monitor.c:566 -#: src/exec_nopty.c:531 src/exec_pty.c:568 src/exec_pty.c:1386 -#: src/exec_pty.c:1388 src/signal.c:139 src/signal.c:153 +#: src/exec.c:305 src/exec_monitor.c:565 src/exec_monitor.c:567 +#: src/exec_nopty.c:561 src/exec_pty.c:581 src/exec_pty.c:1411 +#: src/exec_pty.c:1413 src/signal.c:144 src/signal.c:151 src/signal.c:165 #, c-format msgid "unable to set handler for signal %d" msgstr "nie udało się ustawić procedury obsługi dla sygnału %d" -#: src/exec_common.c:165 +#: src/exec_common.c:56 msgid "unable to remove PRIV_PROC_EXEC from PRIV_LIMIT" msgstr "nie udało się usunąć PRIV_PROC_EXEC z PRIV_LIMIT" +#: src/exec_intercept.c:112 src/exec_intercept.c:116 src/exec_intercept.c:667 +#: src/exec_intercept.c:671 src/exec_intercept.c:857 src/exec_intercept.c:861 +#: src/exec_intercept.c:872 src/exec_intercept.c:876 src/exec_monitor.c:464 +#: src/exec_monitor.c:472 src/exec_monitor.c:480 src/exec_monitor.c:487 +#: src/exec_monitor.c:494 src/exec_monitor.c:501 src/exec_monitor.c:508 +#: src/exec_monitor.c:515 src/exec_monitor.c:522 src/exec_monitor.c:529 +#: src/exec_nopty.c:221 src/exec_nopty.c:230 src/exec_nopty.c:237 +#: src/exec_nopty.c:244 src/exec_nopty.c:251 src/exec_nopty.c:258 +#: src/exec_nopty.c:265 src/exec_nopty.c:272 src/exec_nopty.c:279 +#: src/exec_nopty.c:286 src/exec_nopty.c:293 src/exec_nopty.c:300 +#: src/exec_nopty.c:308 src/exec_pty.c:706 src/exec_pty.c:711 +#: src/exec_pty.c:808 src/exec_pty.c:815 src/exec_pty.c:912 +#: src/exec_pty.c:1233 src/exec_pty.c:1242 src/exec_pty.c:1249 +#: src/exec_pty.c:1256 src/exec_pty.c:1263 src/exec_pty.c:1270 +#: src/exec_pty.c:1277 src/exec_pty.c:1284 src/exec_pty.c:1291 +#: src/exec_pty.c:1298 src/exec_pty.c:1305 src/exec_pty.c:1727 +#: src/exec_pty.c:1737 src/exec_pty.c:1782 src/exec_pty.c:1789 +#: src/exec_pty.c:1816 +msgid "unable to add event to queue" +msgstr "nie udało się dodać zdarzenia do kolejki" + +#: src/exec_intercept.c:314 +msgid "invalid PolicyCheckRequest" +msgstr "błędne żądanie PolicyCheckRequest" + +#: src/exec_intercept.c:362 src/sudo.c:1213 src/sudo.c:1258 src/sudo.c:1302 +msgid "command rejected by policy" +msgstr "polecenie odrzucone przez politykę" + +#: src/exec_intercept.c:455 src/sudo.c:1218 src/sudo.c:1263 src/sudo.c:1307 +#: src/sudo.c:1381 +msgid "policy plugin error" +msgstr "błąd wtyczki polityki" + +#: src/exec_intercept.c:561 +#, c-format +msgid "client request too large: %zu" +msgstr "żądanie klienta zbyt duże: %zu" + +#: src/exec_intercept.c:659 +#, c-format +msgid "unexpected type_case value %d in %s from %s" +msgstr "nieoczekiwana wartość type_case %d w %s od %s" + +#: src/exec_intercept.c:694 +#, c-format +msgid "server message too large: %zu" +msgstr "komunikat serwera zbyt duży: %zu" + #: src/exec_monitor.c:360 msgid "error reading from socketpair" msgstr "błąd odczytu z pary gniazd" @@ -245,203 +315,180 @@ msgid "unexpected reply type on backchannel: %d" msgstr "nieoczekiwany typ odpowiedzi z kanału zwrotnego: %d" -#: src/exec_monitor.c:463 src/exec_monitor.c:471 src/exec_monitor.c:479 -#: src/exec_monitor.c:486 src/exec_monitor.c:493 src/exec_monitor.c:500 -#: src/exec_monitor.c:507 src/exec_monitor.c:514 src/exec_monitor.c:521 -#: src/exec_monitor.c:528 src/exec_nopty.c:214 src/exec_nopty.c:223 -#: src/exec_nopty.c:230 src/exec_nopty.c:237 src/exec_nopty.c:244 -#: src/exec_nopty.c:251 src/exec_nopty.c:258 src/exec_nopty.c:265 -#: src/exec_nopty.c:272 src/exec_nopty.c:279 src/exec_nopty.c:286 -#: src/exec_nopty.c:293 src/exec_nopty.c:301 src/exec_pty.c:693 -#: src/exec_pty.c:698 src/exec_pty.c:795 src/exec_pty.c:802 src/exec_pty.c:899 -#: src/exec_pty.c:1220 src/exec_pty.c:1229 src/exec_pty.c:1236 -#: src/exec_pty.c:1243 src/exec_pty.c:1250 src/exec_pty.c:1257 -#: src/exec_pty.c:1264 src/exec_pty.c:1271 src/exec_pty.c:1278 -#: src/exec_pty.c:1285 src/exec_pty.c:1292 src/exec_pty.c:1693 -#: src/exec_pty.c:1703 src/exec_pty.c:1748 src/exec_pty.c:1755 -#: src/exec_pty.c:1782 -msgid "unable to add event to queue" -msgstr "nie udało się dodać zdarzenia do kolejki" - -#: src/exec_monitor.c:582 +#: src/exec_monitor.c:583 msgid "unable to set controlling tty" msgstr "nie udało się ustawić sterującego tty" -#: src/exec_monitor.c:590 src/exec_nopty.c:358 src/exec_pty.c:1465 -#: src/exec_pty.c:1486 src/exec_pty.c:1506 src/tgetpass.c:306 +#: src/exec_monitor.c:591 src/exec_nopty.c:369 src/exec_pty.c:1490 +#: src/exec_pty.c:1511 src/exec_pty.c:1531 src/tgetpass.c:307 msgid "unable to create pipe" msgstr "nie udało się utworzyć potoku" -#: src/exec_monitor.c:598 +#: src/exec_monitor.c:601 msgid "unable to receive message from parent" msgstr "nie udało się odebrać komunikatu od rodzica" -#: src/exec_monitor.c:612 src/exec_nopty.c:387 src/exec_pty.c:1544 -#: src/sudo_edit.c:735 src/tgetpass.c:310 +#: src/exec_monitor.c:617 src/exec_nopty.c:407 src/exec_pty.c:1569 +#: src/sudo_edit.c:361 src/tgetpass.c:311 msgid "unable to fork" msgstr "nie udało się wykonać fork" -#: src/exec_monitor.c:616 src/exec_monitor.c:715 src/exec_nopty.c:441 +#: src/exec_monitor.c:621 src/exec_monitor.c:722 src/exec_nopty.c:471 msgid "unable to restore tty label" msgstr "nie udało się przywrócić etykiety tty" -#: src/exec_monitor.c:632 src/sesh.c:125 src/sudo.c:1131 +#: src/exec_monitor.c:637 src/sesh.c:123 src/sudo.c:1164 #, c-format msgid "unable to execute %s" msgstr "nie udało się wykonać %s" -#: src/exec_nopty.c:352 src/exec_pty.c:1395 +#: src/exec_nopty.c:363 src/exec_pty.c:1420 msgid "policy plugin failed session initialization" msgstr "nie udało się zainicjować sesji przez wtyczkę polityki" -#: src/exec_nopty.c:429 src/exec_pty.c:1632 +#: src/exec_nopty.c:377 src/exec_pty.c:1391 src/exec_pty.c:1399 +msgid "unable to create sockets" +msgstr "nie udało się utworzyć gniazd" + +#: src/exec_nopty.c:459 src/exec_pty.c:1666 msgid "error in event loop" msgstr "błąd w pętli zdarzeń" -#: src/exec_nopty.c:539 src/exec_pty.c:606 src/signal.c:101 +#: src/exec_nopty.c:569 src/exec_pty.c:619 src/signal.c:101 #, c-format msgid "unable to restore handler for signal %d" msgstr "nie udało się przywrócić procedury obsługi dla sygnału %d" -#: src/exec_pty.c:152 +#: src/exec_pty.c:158 msgid "unable to allocate pty" msgstr "nie udało się przydzielić pty" -#: src/exec_pty.c:216 src/exec_pty.c:255 src/exec_pty.c:294 src/exec_pty.c:344 -#: src/exec_pty.c:394 +#: src/exec_pty.c:222 src/exec_pty.c:262 src/exec_pty.c:302 src/exec_pty.c:353 +#: src/exec_pty.c:404 msgid "I/O plugin error" msgstr "błąd wtyczki we/wy" -#: src/exec_pty.c:219 src/exec_pty.c:258 src/exec_pty.c:297 src/exec_pty.c:347 -#: src/exec_pty.c:397 +#: src/exec_pty.c:226 src/exec_pty.c:266 src/exec_pty.c:306 src/exec_pty.c:357 +#: src/exec_pty.c:408 msgid "command rejected by I/O plugin" msgstr "polecenie odrzucone przez wtyczkę we/wy" -#: src/exec_pty.c:444 +#: src/exec_pty.c:455 msgid "error logging suspend" msgstr "błąd logowania odroczenia" -#: src/exec_pty.c:477 +#: src/exec_pty.c:489 msgid "error changing window size" msgstr "błąd zmiany rozmiaru okna" -#: src/exec_pty.c:1375 -msgid "unable to create sockets" -msgstr "nie udało się utworzyć gniazd" - -#: src/exec_pty.c:1587 +#: src/exec_pty.c:1615 msgid "unable to send message to monitor process" msgstr "nie udało się wysłać komunikatu do procesu monitorującego" -#: src/load_plugins.c:50 src/load_plugins.c:63 src/load_plugins.c:85 -#: src/load_plugins.c:115 src/load_plugins.c:129 src/load_plugins.c:135 -#: src/load_plugins.c:287 src/load_plugins.c:297 src/load_plugins.c:307 -#: src/load_plugins.c:354 +#: src/load_plugins.c:108 src/load_plugins.c:122 src/load_plugins.c:128 +#: src/load_plugins.c:277 src/load_plugins.c:287 src/load_plugins.c:297 +#: src/load_plugins.c:344 #, c-format msgid "error in %s, line %d while loading plugin \"%s\"" msgstr "błąd w %s, w linii %d podczas wczytywania wtyczki \"%s\"" -#: src/load_plugins.c:87 -#, c-format -msgid "%s%s: %s" -msgstr "%s%s: %s" - -#: src/load_plugins.c:131 +#: src/load_plugins.c:124 #, c-format msgid "%s must be owned by uid %d" msgstr "właścicielem %s musi być uid %d" -#: src/load_plugins.c:137 +#: src/load_plugins.c:130 #, c-format msgid "%s must be only be writable by owner" msgstr "prawo zapisu do %s może mieć tylko właściciel" -#: src/load_plugins.c:247 src/load_plugins.c:322 +#: src/load_plugins.c:241 src/load_plugins.c:312 #, c-format msgid "ignoring duplicate plugin \"%s\" in %s, line %d" msgstr "zignotowano powtórzoną wtyczkę \"%s\" w %s, w linii %d" -#: src/load_plugins.c:289 +#: src/load_plugins.c:279 #, c-format msgid "unable to load %s: %s" msgstr "nie udało się załadować %s: %s" -#: src/load_plugins.c:299 +#: src/load_plugins.c:289 #, c-format msgid "unable to find symbol \"%s\" in %s" msgstr "nie udało się odnaleźć symbolu \"%s\" w %s" -#: src/load_plugins.c:309 +#: src/load_plugins.c:299 #, c-format msgid "incompatible plugin major version %d (expected %d) found in %s" msgstr "niezgodna główna wersja polityki %d (zamiast oczekiwanej %d) napotkana w %s" -#: src/load_plugins.c:327 +#: src/load_plugins.c:317 #, c-format msgid "ignoring policy plugin \"%s\" in %s, line %d" msgstr "zignorowano wtyczkę polityki \"%s\" w %s, w linii %d" -#: src/load_plugins.c:330 +#: src/load_plugins.c:320 msgid "only a single policy plugin may be specified" msgstr "może być podana tylko jedna wtyczka polityki" -#: src/load_plugins.c:356 +#: src/load_plugins.c:346 #, c-format msgid "unknown plugin type %d found in %s" msgstr "nieznany typ wtyczki %d napotkany w %s" -#: src/load_plugins.c:552 +#: src/load_plugins.c:529 #, c-format msgid "policy plugin %s does not include a check_policy method" msgstr "wtyczka polityki %s nie zawiera metody check_policy" -#: src/net_ifs.c:178 src/net_ifs.c:195 src/net_ifs.c:340 src/sudo.c:479 +#: src/net_ifs.c:210 src/net_ifs.c:376 src/net_ifs.c:437 src/net_ifs.c:624 +#: src/net_ifs.c:855 src/sudo.c:483 src/sudo_edit.c:398 src/sudo_edit.c:406 #, c-format msgid "internal error, %s overflow" msgstr "błąd wewnętrzny, przepełnienie %s" -#: src/parse_args.c:223 +#: src/parse_args.c:232 #, c-format msgid "invalid environment variable name: %s" msgstr "błędna nazwa zmiennej środowiskowej: %s" -#: src/parse_args.c:325 +#: src/parse_args.c:335 msgid "the argument to -C must be a number greater than or equal to 3" msgstr "argument opcji -C musi być większy lub równy 3" -#: src/parse_args.c:552 +#: src/parse_args.c:566 msgid "you may not specify both the -i and -s options" msgstr "nie można podać jednocześnie opcji -i oraz -s" -#: src/parse_args.c:557 +#: src/parse_args.c:571 msgid "you may not specify both the -i and -E options" msgstr "nie można podać jednocześnie opcji -i oraz -E" -#: src/parse_args.c:567 +#: src/parse_args.c:581 msgid "the -E option is not valid in edit mode" msgstr "opcja -E nie jest poprawna w trybie edycji" -#: src/parse_args.c:570 +#: src/parse_args.c:584 msgid "you may not specify environment variables in edit mode" msgstr "w trybie edycji nie można przekazywać zmiennych środowiskowych" -#: src/parse_args.c:580 +#: src/parse_args.c:594 msgid "the -U option may only be used with the -l option" msgstr "opcji -U można używać tylko wraz z opcją -l" -#: src/parse_args.c:584 +#: src/parse_args.c:598 msgid "the -A and -S options may not be used together" msgstr "opcji -A oraz -S nie można używać jednocześnie" -#: src/parse_args.c:677 +#: src/parse_args.c:691 msgid "sudoedit is not supported on this platform" msgstr "sudoedit nie jest obsługiwane na tej platformie" -#: src/parse_args.c:759 +#: src/parse_args.c:774 msgid "Only one of the -e, -h, -i, -K, -l, -s, -v or -V options may be specified" msgstr "Można podać tylko jedną z opcji -e, -h, -i, -K, -l, -s, -v lub -V" -#: src/parse_args.c:773 +#: src/parse_args.c:790 #, c-format msgid "" "%s - edit files as another user\n" @@ -450,7 +497,7 @@ "%s - modyfikowanie plików jako inny użytkownik\n" "\n" -#: src/parse_args.c:775 +#: src/parse_args.c:792 #, c-format msgid "" "%s - execute a command as another user\n" @@ -459,7 +506,7 @@ "%s - wykonywanie poleceń jako inny użytkownik\n" "\n" -#: src/parse_args.c:780 +#: src/parse_args.c:798 msgid "" "\n" "Options:\n" @@ -467,225 +514,215 @@ "\n" "Opcje:\n" -#: src/parse_args.c:782 +#: src/parse_args.c:800 msgid "use a helper program for password prompting" msgstr "użycie programu pomocniczego do pytań o hasło" -#: src/parse_args.c:785 +#: src/parse_args.c:803 msgid "use specified BSD authentication type" msgstr "użycie podanego rodzaju uwierzytelnienia BSD" -#: src/parse_args.c:788 +#: src/parse_args.c:807 msgid "run command in the background" msgstr "uruchomienie polecenia w tle" -#: src/parse_args.c:790 +#: src/parse_args.c:810 msgid "ring bell when prompting" msgstr "dzwonek przy zapytaniu" -#: src/parse_args.c:792 +#: src/parse_args.c:812 msgid "close all file descriptors >= num" msgstr "zamknięcie wszystkich deskryptorów >= fd" -#: src/parse_args.c:795 +#: src/parse_args.c:815 msgid "run command with the specified BSD login class" msgstr "uruchomienie polecenia z podaną klasą logowania BSD" -#: src/parse_args.c:798 +#: src/parse_args.c:818 msgid "change the working directory before running command" msgstr "zmiana katalogu roboczego przed uruchomieniem polecenia" -#: src/parse_args.c:800 +#: src/parse_args.c:821 msgid "preserve user environment when running command" msgstr "zachowanie środowiska użytkownika przy uruchamianiu polecenia" -#: src/parse_args.c:802 +#: src/parse_args.c:823 msgid "preserve specific environment variables" msgstr "zachowanie określonych zmiennych środowiskowych" -#: src/parse_args.c:804 +#: src/parse_args.c:825 msgid "edit files instead of running a command" msgstr "modyfikowanie plików zamiast uruchomienia polecenia" -#: src/parse_args.c:806 +#: src/parse_args.c:828 msgid "run command as the specified group name or ID" msgstr "wywołanie polecenia jako określona grupa lub ID" -#: src/parse_args.c:808 +#: src/parse_args.c:831 msgid "set HOME variable to target user's home dir" msgstr "ustawienie zmiennej HOME na katalog domowy użytkownika docelowego" -#: src/parse_args.c:810 +#: src/parse_args.c:834 msgid "display help message and exit" msgstr "wyświetlenie opisu i zakończenie" -#: src/parse_args.c:812 +#: src/parse_args.c:836 msgid "run command on host (if supported by plugin)" msgstr "uruchomienie polecenia na hoście (jeśli obsługiwane przez wtyczkę)" -#: src/parse_args.c:814 +#: src/parse_args.c:839 msgid "run login shell as the target user; a command may also be specified" msgstr "uruchomienie powłoki logowania jako użytkownik docelowy; można także podać polecenie" -#: src/parse_args.c:816 +#: src/parse_args.c:841 msgid "remove timestamp file completely" msgstr "całkowite usunięcie pliku znacznika czasu" -#: src/parse_args.c:818 +#: src/parse_args.c:844 msgid "invalidate timestamp file" msgstr "unieważnienie pliku znacznika czasu" -#: src/parse_args.c:820 +#: src/parse_args.c:847 msgid "list user's privileges or check a specific command; use twice for longer format" msgstr "wypisanie uprawnień użytkownika lub sprawdzenie określonego polecenia; dwukrotne użycie to dłuższy format" -#: src/parse_args.c:822 +#: src/parse_args.c:850 msgid "non-interactive mode, no prompts are used" msgstr "tryb nieinteraktywny, bez pytań" -#: src/parse_args.c:824 +#: src/parse_args.c:853 msgid "preserve group vector instead of setting to target's" msgstr "zachowanie wektora grup zamiast ustawiania docelowych" -#: src/parse_args.c:826 +#: src/parse_args.c:856 msgid "use the specified password prompt" msgstr "użycie podanego pytania o hasło" -#: src/parse_args.c:828 +#: src/parse_args.c:858 msgid "change the root directory before running command" msgstr "zmiana katalogu głównego przed uruchomieniem polecenia" -#: src/parse_args.c:831 +#: src/parse_args.c:861 msgid "create SELinux security context with specified role" msgstr "utworzenie kontekstu bezpieczeństwa SELinuksa z podaną rolą" -#: src/parse_args.c:834 +#: src/parse_args.c:864 msgid "read password from standard input" msgstr "odczyt hasła ze standardowego wejścia" -#: src/parse_args.c:836 +#: src/parse_args.c:867 msgid "run shell as the target user; a command may also be specified" msgstr "uruchomienie powłoki jako użytkownik docelowy; można także podać polecenie" -#: src/parse_args.c:839 +#: src/parse_args.c:871 msgid "create SELinux security context with specified type" msgstr "utworzenie kontekstu bezpieczeństwa SELinuksa z podanym typem" -#: src/parse_args.c:842 +#: src/parse_args.c:874 msgid "terminate command after the specified time limit" msgstr "zakończenie polecenia po zadanym limicie czasu" -#: src/parse_args.c:844 +#: src/parse_args.c:877 msgid "in list mode, display privileges for user" msgstr "w trybie listy - wyświetlenie uprawnień użytkownika" -#: src/parse_args.c:846 +#: src/parse_args.c:880 msgid "run command (or edit file) as specified user name or ID" msgstr "uruchomienie polecenia (lub modyfikowanie pliku) jako podany użytkownik lub ID" -#: src/parse_args.c:848 +#: src/parse_args.c:882 msgid "display version information and exit" msgstr "wyświetlenie informacji o wersji i zakończenie" -#: src/parse_args.c:850 +#: src/parse_args.c:885 msgid "update user's timestamp without running a command" msgstr "uaktualnienie znacznika czasu użytkownika bez uruchamiania polecenia" -#: src/parse_args.c:852 +#: src/parse_args.c:888 msgid "stop processing command line arguments" msgstr "zakończenie przetwarzania argumentów linii poleceń" -#: src/selinux.c:84 +#: src/selinux.c:83 msgid "unable to open audit system" msgstr "nie udało się otworzyć systemu audytu" -#: src/selinux.c:94 +#: src/selinux.c:93 msgid "unable to send audit message" msgstr "nie udało się wysłać komunikatu audytowego" -#: src/selinux.c:128 +#: src/selinux.c:129 #, c-format msgid "unable to fgetfilecon %s" msgstr "nie udało się wykonać fgetfilecon %s" -#: src/selinux.c:133 +#: src/selinux.c:134 #, c-format msgid "%s changed labels" msgstr "zmienionych etykiet: %s" -#: src/selinux.c:141 +#: src/selinux.c:142 #, c-format msgid "unable to restore context for %s" msgstr "nie udało się przywrócić kontekstu %s" -#: src/selinux.c:189 +#: src/selinux.c:190 #, c-format msgid "unable to open %s, not relabeling tty" msgstr "nie udało się otworzyć %s, bez zmiany etykiety tty" -#: src/selinux.c:193 src/selinux.c:238 src/selinux.c:268 +#: src/selinux.c:194 src/selinux.c:239 src/selinux.c:269 #, c-format msgid "%s is not a character device, not relabeling tty" msgstr "%s nie jest urządzeniem znakowym, bez ponownego etykietowania tty" -#: src/selinux.c:202 +#: src/selinux.c:203 msgid "unable to get current tty context, not relabeling tty" msgstr "nie udało się uzyskać bieżącego kontekstu tty, bez zmiany etykiety tty" -#: src/selinux.c:209 +#: src/selinux.c:210 msgid "unknown security class \"chr_file\", not relabeling tty" msgstr "nieznana klasa bezpieczeństwa \"chr_file\", bez ponownego etykietowania tty" -#: src/selinux.c:214 +#: src/selinux.c:215 msgid "unable to get new tty context, not relabeling tty" msgstr "nie udało się uzyskać nowego kontekstu tty, bez zmiany etykiety tty" -#: src/selinux.c:223 +#: src/selinux.c:224 msgid "unable to set new tty context" msgstr "nie udało się ustawić nowego kontekstu tty" -#: src/selinux.c:321 -#, c-format -msgid "you must specify a role for type %s" -msgstr "trzeba podać rolę dla typu %s" - #: src/selinux.c:327 +msgid "failed to get new context" +msgstr "nie udało się uzyskać nowego kontekstu" + +#: src/selinux.c:345 #, c-format msgid "unable to get default type for role %s" msgstr "nie udało się uzyskać domyślnego typu dla roli %s" -#: src/selinux.c:339 -msgid "failed to get new context" -msgstr "nie udało się uzyskać nowego kontekstu" - -#: src/selinux.c:348 +#: src/selinux.c:357 #, c-format msgid "failed to set new role %s" msgstr "nie udało się ustawić nowej roli %s" -#: src/selinux.c:352 +#: src/selinux.c:361 #, c-format msgid "failed to set new type %s" msgstr "nie udało się ustawić nowego typu %s" -#: src/selinux.c:364 +#: src/selinux.c:373 #, c-format msgid "%s is not a valid context" msgstr "%s nie jest poprawnym kontekstem" -#: src/selinux.c:396 +#: src/selinux.c:402 msgid "failed to get old context" msgstr "nie udało się uzyskać starego kontekstu" -#: src/selinux.c:402 +#: src/selinux.c:408 msgid "unable to determine enforcing mode." msgstr "nie udało się określić trybu wymuszenia." -#: src/selinux.c:419 -#, c-format -msgid "unable to set tty context to %s" -msgstr "nie udało się ustawić kontekstu tty na %s" - #: src/selinux.c:440 #, c-format msgid "unable to set exec context to %s" @@ -696,20 +733,40 @@ msgid "unable to set key creation context to %s" msgstr "nie udało się ustawić kontekstu tworzenia klucza na %s" -#: src/sesh.c:77 +#: src/sesh.c:72 msgid "requires at least one argument" msgstr "wymagany jest przynajmniej jeden argument" -#: src/sesh.c:106 +#: src/sesh.c:104 #, c-format msgid "invalid file descriptor number: %s" msgstr "błędny numer deskryptora pliku: %s" -#: src/sesh.c:120 +#: src/sesh.c:118 #, c-format msgid "unable to run %s as a login shell" msgstr "nie udało się uruchomić %s jako powłoki logowania" +#: src/sesh.c:200 src/sesh.c:300 src/sudo_edit.c:204 +#, c-format +msgid "%s: editing symbolic links is not permitted" +msgstr "%s: edycja dowiązań symbolicznych nie jest dozwolona" + +#: src/sesh.c:203 src/sesh.c:303 src/sudo_edit.c:207 +#, c-format +msgid "%s: editing files in a writable directory is not permitted" +msgstr "%s: edycja plików w katalogu zapisywalnym nie jest dozwolona" + +#: src/sesh.c:287 src/sesh.c:308 src/sesh.c:317 src/sesh.c:325 +#: src/sudo_edit.c:331 +#, c-format +msgid "contents of edit session left in %s" +msgstr "zawartość sesji edycji pozostawiono w %s" + +#: src/sesh.c:416 src/sudo_edit.c:94 +msgid "unable to get group list" +msgstr "nie udało się uzyskać listy grup" + #: src/signal.c:79 #, c-format msgid "unable to save handler for signal %d" @@ -758,203 +815,198 @@ msgid "warning, resource control assignment failed for project \"%s\"" msgstr "uwaga: przypisanie kontroli zasobów dla projektu \"%s\" nie powiodło się" -#: src/sudo.c:220 +#: src/sudo.c:213 #, c-format msgid "Sudo version %s\n" msgstr "Sudo wersja %s\n" -#: src/sudo.c:222 +#: src/sudo.c:215 #, c-format msgid "Configure options: %s\n" msgstr "Opcje konfiguracji: %s\n" -#: src/sudo.c:231 +#: src/sudo.c:223 msgid "fatal error, unable to load plugins" msgstr "błąd krytyczny, nie udało się załadować wtyczek" -#: src/sudo.c:277 +#: src/sudo.c:269 msgid "plugin did not return a command to execute" msgstr "wtyczka nie zwróciła polecenia do wykonania" -#: src/sudo.c:312 +#: src/sudo.c:302 #, c-format msgid "unexpected sudo mode 0x%x" msgstr "nieoczekiwany tryb sudo 0x%x" -#: src/sudo.c:546 +#: src/sudo.c:550 #, c-format msgid "you do not exist in the %s database" msgstr "nie istniejesz w bazie danych %s" -#: src/sudo.c:603 +#: src/sudo.c:607 msgid "unable to determine tty" msgstr "nie udało się określić tty" -#: src/sudo.c:913 +#: src/sudo.c:948 #, c-format msgid "%s must be owned by uid %d and have the setuid bit set" msgstr "%s musi mieć uid %d jako właściciela oraz ustawiony bit setuid" -#: src/sudo.c:916 +#: src/sudo.c:951 #, c-format msgid "effective uid is not %d, is %s on a file system with the 'nosuid' option set or an NFS file system without root privileges?" msgstr "efektywny uid nie wynosi %d, czy %s jest na systemie plików z opcją 'nosuid' albo systemie plików NFS bez uprawnień roota?" -#: src/sudo.c:922 +#: src/sudo.c:957 #, c-format msgid "effective uid is not %d, is sudo installed setuid root?" msgstr "efektywny uid nie wynosi %d, czy sudo jest zainstalowane z setuid root?" -#: src/sudo.c:938 +#: src/sudo.c:973 src/tgetpass.c:333 msgid "unable to set supplementary group IDs" msgstr "nie udało się ustawić ID dodatkowych grup" -#: src/sudo.c:945 +#: src/sudo.c:980 #, c-format msgid "unable to set effective gid to runas gid %u" msgstr "nie udało się ustawić efektywnego gid-a w celu działania jako gid %u" -#: src/sudo.c:951 +#: src/sudo.c:986 #, c-format msgid "unable to set gid to runas gid %u" msgstr "nie udało się ustawić gid-a w celu działania jako gid %u" -#: src/sudo.c:994 +#: src/sudo.c:1029 #, c-format msgid "unexpected child termination condition: %d" msgstr "nieoczekiwane zakończenie procesu potomnego: %d" -#: src/sudo.c:1103 +#: src/sudo.c:1136 msgid "unable to initialize policy plugin" msgstr "nie udało się zainicjować wtyczki polityki" -#: src/sudo.c:1166 +#: src/sudo.c:1198 #, c-format msgid "policy plugin %s is missing the \"check_policy\" method" msgstr "wtyczka polityki %s nie zawiera metody \"check_policy\"" -#: src/sudo.c:1181 src/sudo.c:1234 src/sudo.c:1278 -msgid "command rejected by policy" -msgstr "polecenie odrzucone przez politykę" - -#: src/sudo.c:1186 src/sudo.c:1239 src/sudo.c:1283 -msgid "policy plugin error" -msgstr "błąd wtyczki polityki" - -#: src/sudo.c:1220 +#: src/sudo.c:1244 #, c-format msgid "policy plugin %s does not support listing privileges" msgstr "wtyczka polityki %s nie obsługuje wypisywania uprawnień" -#: src/sudo.c:1264 +#: src/sudo.c:1288 #, c-format msgid "policy plugin %s does not support the -v option" msgstr "wtyczka polityki %s nie obsługuje opcji -v" -#: src/sudo.c:1302 +#: src/sudo.c:1326 #, c-format msgid "policy plugin %s does not support the -k/-K options" msgstr "wtyczka polityki %s nie obsługuje opcji -k/-K" -#: src/sudo.c:1431 +#: src/sudo.c:1455 #, c-format msgid "error initializing I/O plugin %s" msgstr "błąd inicjalizacji wtyczki we/wy %s" -#: src/sudo.c:1585 +#: src/sudo.c:1458 +msgid "error initializing I/O plugin" +msgstr "błąd inicjowania wtyczki we/wy" + +#: src/sudo.c:1607 #, c-format msgid "error initializing audit plugin %s" msgstr "błąd inicjowania wtyczki audytu %s" -#: src/sudo.c:1763 +#: src/sudo.c:1686 +#, c-format +msgid "%s: unable to log error event%s%s" +msgstr "%s: nie udało się zalogować zdarzenia błędu%s%s" + +#: src/sudo.c:1722 +#, c-format +msgid "%s: unable to log accept event%s%s" +msgstr "%s: nie udało się zalogować zdarzenia akceptacji%s%s" + +#: src/sudo.c:1727 src/sudo.c:1765 +msgid "audit plugin error" +msgstr "błąd wtyczki audytu" + +#: src/sudo.c:1760 +#, c-format +msgid "%s: unable to log reject event%s%s" +msgstr "%s: nie udało się zalogować zdarzenia odrzucenia%s%s" + +#: src/sudo.c:1820 #, c-format msgid "error initializing approval plugin %s" msgstr "błąd inicjowania wtyczki zgody %s" -#: src/sudo.c:1839 +#: src/sudo.c:1890 msgid "command rejected by approver" msgstr "polecenie odrzucone przez wtyczkę zgody" -#: src/sudo.c:1848 +#: src/sudo.c:1900 msgid "approval plugin error" msgstr "błąd wtyczki zgody" -#: src/sudo_edit.c:226 +#: src/sudo_edit.c:113 msgid "no writable temporary directory found" msgstr "nie znaleziono katalogu tymczasowego z prawem zapisu" -#: src/sudo_edit.c:351 -msgid "unable to restore current working directory" -msgstr "nie udało się odtworzyć bieżącego kartalogu roboczego" - -#: src/sudo_edit.c:566 src/sudo_edit.c:666 -#, c-format -msgid "%s: not a regular file" -msgstr "%s: nie jest zwykłym plikiem" - -#: src/sudo_edit.c:573 -#, c-format -msgid "%s: editing symbolic links is not permitted" -msgstr "%s: edycja dowiązań symbolicznych nie jest dozwolona" - -#: src/sudo_edit.c:576 -#, c-format -msgid "%s: editing files in a writable directory is not permitted" -msgstr "%s: edycja plików w katalogu zapisywalnym nie jest dozwolona" - -#: src/sudo_edit.c:667 +#: src/sudo_edit.c:291 #, c-format msgid "%s left unmodified" msgstr "pozostawiono bez zmian: %s" -#: src/sudo_edit.c:680 src/sudo_edit.c:871 +#: src/sudo_edit.c:304 src/sudo_edit.c:571 #, c-format msgid "%s unchanged" msgstr "nie zmieniono: %s" -#: src/sudo_edit.c:706 src/sudo_edit.c:909 -#, c-format -msgid "contents of edit session left in %s" -msgstr "zawartość sesji edycji pozostawiono w %s" - -#: src/sudo_edit.c:814 +#: src/sudo_edit.c:481 msgid "sesh: internal error: odd number of paths" msgstr "sesh: błąd wewnętrzny: nieparzysta liczba ścieżek" -#: src/sudo_edit.c:816 +#: src/sudo_edit.c:483 msgid "sesh: unable to create temporary files" msgstr "sesh: nie udało się utworzyć plików tymczasowych" -#: src/sudo_edit.c:818 src/sudo_edit.c:902 +#: src/sudo_edit.c:485 src/sudo_edit.c:609 msgid "sesh: killed by a signal" msgstr "sesh: zabito sygnałem" -#: src/sudo_edit.c:820 src/sudo_edit.c:905 +#: src/sudo_edit.c:487 src/sudo_edit.c:612 #, c-format msgid "sesh: unknown error %d" msgstr "sesh: nieznany błąd %d" -#: src/sudo_edit.c:895 +#: src/sudo_edit.c:602 msgid "unable to copy temporary files back to their original location" msgstr "nie udało się skopiować plików tymczasowych z powrotem w ich oryginalne miejsce" -#: src/sudo_edit.c:899 +#: src/sudo_edit.c:606 msgid "unable to copy some of the temporary files back to their original location" msgstr "nie udało się skopiować części plików tymczasowych z powrotem w ich oryginalne miejsce" -#: src/sudo_edit.c:943 +#: src/sudo_edit.c:649 #, c-format msgid "unable to change uid to root (%u)" msgstr "nie udało się zmienić uid-a na roota (%u)" -#: src/sudo_edit.c:960 +#: src/sudo_edit.c:670 msgid "plugin error: missing file list for sudoedit" msgstr "błąd wtyczki: brak listy plików dla sudoedit" -#: src/sudo_edit.c:1011 src/sudo_edit.c:1024 +#: src/sudo_edit.c:713 src/sudo_edit.c:727 msgid "unable to read the clock" msgstr "nie udało się odczytać zegara" +#: src/sudo_intercept_common.c:341 +msgid "intercept port not set" +msgstr "port przechwycenia nie ustawiony" + #: src/tgetpass.c:95 msgid "timed out reading password" msgstr "przekroczony limit czasu przy czytaniu hasła" @@ -975,29 +1027,29 @@ msgid "no askpass program specified, try setting SUDO_ASKPASS" msgstr "nie podano programu pytającego o hasło, proszę spróbować ustawić SUDO_ASKPASS" -#: src/tgetpass.c:327 +#: src/tgetpass.c:328 #, c-format msgid "unable to set gid to %u" msgstr "nie udało się ustawić gid-a na %u" -#: src/tgetpass.c:331 +#: src/tgetpass.c:338 #, c-format msgid "unable to set uid to %u" msgstr "nie udało się ustawić uid-a na %u" -#: src/tgetpass.c:336 +#: src/tgetpass.c:343 #, c-format msgid "unable to run %s" msgstr "nie udało się uruchomić %s" -#: src/utmp.c:287 +#: src/utmp.c:288 msgid "unable to save stdin" msgstr "nie udało się zapisać standardowego wejścia" -#: src/utmp.c:289 +#: src/utmp.c:290 msgid "unable to dup2 stdin" msgstr "nie udało się wykonać dup2 na standardowym wejściu" -#: src/utmp.c:292 +#: src/utmp.c:293 msgid "unable to restore stdin" msgstr "nie udało się przywrócić standardowego wejścia" Binary files /tmp/tmpi0rdlgnl/ugezXHF7Xt/sudo-1.9.5p2/po/pt.mo and /tmp/tmpi0rdlgnl/jboyaHmwzR/sudo-1.9.9/po/pt.mo differ diff -Nru sudo-1.9.5p2/po/pt.po sudo-1.9.9/po/pt.po --- sudo-1.9.5p2/po/pt.po 2020-12-17 01:33:44.000000000 +0000 +++ sudo-1.9.9/po/pt.po 2022-01-27 21:24:06.000000000 +0000 @@ -1,14 +1,14 @@ # Portuguese (Portugal) translations for the sudo package # This file is distributed under the same license as the sudo package. # Todd C. Miller , 2011-2016 -# Pedro Albuquerque , 2018, 2019, 2020. +# Pedro Albuquerque , 2018, 2019, 2020, 2021. # msgid "" msgstr "" -"Project-Id-Version: sudo-1.9.3b1\n" +"Project-Id-Version: sudo-1.9.8b2\n" "Report-Msgid-Bugs-To: https://bugzilla.sudo.ws\n" -"POT-Creation-Date: 2020-09-12 08:28-0600\n" -"PO-Revision-Date: 2020-09-15 06:40+0100\n" +"POT-Creation-Date: 2021-08-16 10:46-0600\n" +"PO-Revision-Date: 2021-08-22 06:55+0100\n" "Last-Translator: Pedro Albuquerque \n" "Language-Team: Portuguese \n" "Language: pt\n" @@ -16,7 +16,7 @@ "Content-Type: text/plain; charset=UTF-8\n" "Content-Transfer-Encoding: 8bit\n" "Plural-Forms: nplurals=2; plural=(n != 1);\n" -"X-Generator: Geany / PoHelper 1.36\n" +"X-Generator: Poedit 2.3\n" "X-Bugs: Report translation errors to the Language-Team address.\n" #: lib/util/aix.c:89 lib/util/aix.c:169 @@ -33,72 +33,78 @@ msgstr "impossível restaurar o registo" #: lib/util/aix.c:272 lib/util/gidlist.c:66 lib/util/gidlist.c:76 -#: lib/util/json.c:54 lib/util/json.c:180 lib/util/sudo_conf.c:186 -#: lib/util/sudo_conf.c:272 lib/util/sudo_conf.c:349 lib/util/sudo_conf.c:575 -#: src/conversation.c:80 src/exec_common.c:106 src/exec_common.c:122 -#: src/exec_common.c:131 src/exec_monitor.c:206 src/exec_monitor.c:455 -#: src/exec_monitor.c:461 src/exec_monitor.c:469 src/exec_monitor.c:477 -#: src/exec_monitor.c:484 src/exec_monitor.c:491 src/exec_monitor.c:498 -#: src/exec_monitor.c:505 src/exec_monitor.c:512 src/exec_monitor.c:519 -#: src/exec_monitor.c:526 src/exec_nopty.c:212 src/exec_nopty.c:221 -#: src/exec_nopty.c:228 src/exec_nopty.c:235 src/exec_nopty.c:242 -#: src/exec_nopty.c:249 src/exec_nopty.c:256 src/exec_nopty.c:263 -#: src/exec_nopty.c:270 src/exec_nopty.c:277 src/exec_nopty.c:284 -#: src/exec_nopty.c:291 src/exec_nopty.c:299 src/exec_nopty.c:473 -#: src/exec_pty.c:827 src/exec_pty.c:836 src/exec_pty.c:893 -#: src/exec_pty.c:1046 src/exec_pty.c:1218 src/exec_pty.c:1227 -#: src/exec_pty.c:1234 src/exec_pty.c:1241 src/exec_pty.c:1248 -#: src/exec_pty.c:1255 src/exec_pty.c:1262 src/exec_pty.c:1269 -#: src/exec_pty.c:1276 src/exec_pty.c:1283 src/exec_pty.c:1290 -#: src/exec_pty.c:1298 src/exec_pty.c:1740 src/load_plugins.c:52 -#: src/load_plugins.c:65 src/load_plugins.c:163 src/load_plugins.c:188 -#: src/load_plugins.c:223 src/load_plugins.c:463 src/load_plugins.c:469 -#: src/parse_args.c:181 src/parse_args.c:202 src/parse_args.c:275 -#: src/parse_args.c:616 src/parse_args.c:638 src/parse_args.c:663 -#: src/preserve_fds.c:46 src/preserve_fds.c:131 src/selinux.c:90 -#: src/selinux.c:360 src/selinux.c:489 src/selinux.c:498 src/sesh.c:115 -#: src/sudo.c:632 src/sudo.c:701 src/sudo.c:711 src/sudo.c:732 src/sudo.c:751 -#: src/sudo.c:760 src/sudo.c:769 src/sudo.c:786 src/sudo.c:828 src/sudo.c:838 -#: src/sudo.c:867 src/sudo.c:1053 src/sudo.c:1075 src/sudo.c:1373 -#: src/sudo.c:1546 src/sudo.c:1740 src/sudo.c:2084 src/sudo_edit.c:263 -#: src/sudo_edit.c:770 src/sudo_edit.c:854 src/sudo_edit.c:976 -#: src/sudo_edit.c:996 +#: lib/util/json.c:54 lib/util/json.c:183 lib/util/sudo_conf.c:211 +#: lib/util/sudo_conf.c:297 lib/util/sudo_conf.c:374 lib/util/sudo_conf.c:658 +#: src/conversation.c:80 src/exec_monitor.c:206 src/exec_monitor.c:456 +#: src/exec_monitor.c:462 src/exec_monitor.c:470 src/exec_monitor.c:478 +#: src/exec_monitor.c:485 src/exec_monitor.c:492 src/exec_monitor.c:499 +#: src/exec_monitor.c:506 src/exec_monitor.c:513 src/exec_monitor.c:520 +#: src/exec_monitor.c:527 src/exec_nopty.c:225 src/exec_nopty.c:235 +#: src/exec_nopty.c:245 src/exec_nopty.c:252 src/exec_nopty.c:259 +#: src/exec_nopty.c:266 src/exec_nopty.c:273 src/exec_nopty.c:280 +#: src/exec_nopty.c:287 src/exec_nopty.c:294 src/exec_nopty.c:301 +#: src/exec_nopty.c:308 src/exec_nopty.c:315 src/exec_nopty.c:323 +#: src/exec_nopty.c:511 src/exec_preload.c:143 src/exec_preload.c:203 +#: src/exec_pty.c:844 src/exec_pty.c:853 src/exec_pty.c:910 +#: src/exec_pty.c:1063 src/exec_pty.c:1237 src/exec_pty.c:1247 +#: src/exec_pty.c:1257 src/exec_pty.c:1264 src/exec_pty.c:1271 +#: src/exec_pty.c:1278 src/exec_pty.c:1285 src/exec_pty.c:1292 +#: src/exec_pty.c:1299 src/exec_pty.c:1306 src/exec_pty.c:1313 +#: src/exec_pty.c:1320 src/exec_pty.c:1328 src/exec_pty.c:1782 +#: src/load_plugins.c:156 src/load_plugins.c:181 src/load_plugins.c:217 +#: src/load_plugins.c:449 src/load_plugins.c:455 src/parse_args.c:190 +#: src/parse_args.c:211 src/parse_args.c:285 src/parse_args.c:630 +#: src/parse_args.c:652 src/parse_args.c:677 src/preserve_fds.c:46 +#: src/preserve_fds.c:131 src/selinux.c:90 src/selinux.c:360 src/selinux.c:489 +#: src/selinux.c:498 src/sesh.c:113 src/sesh.c:146 src/sesh.c:152 +#: src/sesh.c:159 src/sesh.c:165 src/sesh.c:410 src/sudo.c:636 src/sudo.c:706 +#: src/sudo.c:716 src/sudo.c:741 src/sudo.c:760 src/sudo.c:769 src/sudo.c:778 +#: src/sudo.c:795 src/sudo.c:837 src/sudo.c:847 src/sudo.c:876 src/sudo.c:1061 +#: src/sudo.c:1082 src/sudo.c:1374 src/sudo.c:1543 src/sudo.c:1770 +#: src/sudo.c:2104 src/sudo_edit.c:89 src/sudo_edit.c:149 src/sudo_edit.c:429 +#: src/sudo_edit.c:438 src/sudo_edit.c:539 src/sudo_edit.c:546 +#: src/sudo_edit.c:686 src/sudo_edit.c:706 src/sudo_intercept_common.c:160 #, c-format msgid "%s: %s" msgstr "%s: %s" #: lib/util/aix.c:272 lib/util/gidlist.c:66 lib/util/json.c:55 -#: lib/util/json.c:181 lib/util/sudo_conf.c:187 lib/util/sudo_conf.c:272 -#: lib/util/sudo_conf.c:349 lib/util/sudo_conf.c:575 src/conversation.c:81 -#: src/exec_common.c:106 src/exec_common.c:123 src/exec_common.c:132 -#: src/exec_monitor.c:455 src/exec_monitor.c:461 src/exec_monitor.c:469 -#: src/exec_monitor.c:477 src/exec_monitor.c:484 src/exec_monitor.c:491 -#: src/exec_monitor.c:498 src/exec_monitor.c:505 src/exec_monitor.c:512 -#: src/exec_monitor.c:519 src/exec_monitor.c:526 src/exec_nopty.c:212 -#: src/exec_nopty.c:221 src/exec_nopty.c:228 src/exec_nopty.c:235 -#: src/exec_nopty.c:242 src/exec_nopty.c:249 src/exec_nopty.c:256 -#: src/exec_nopty.c:263 src/exec_nopty.c:270 src/exec_nopty.c:277 -#: src/exec_nopty.c:284 src/exec_nopty.c:291 src/exec_nopty.c:299 -#: src/exec_pty.c:827 src/exec_pty.c:836 src/exec_pty.c:893 -#: src/exec_pty.c:1218 src/exec_pty.c:1227 src/exec_pty.c:1234 -#: src/exec_pty.c:1241 src/exec_pty.c:1248 src/exec_pty.c:1255 -#: src/exec_pty.c:1262 src/exec_pty.c:1269 src/exec_pty.c:1276 -#: src/exec_pty.c:1283 src/exec_pty.c:1290 src/exec_pty.c:1298 -#: src/exec_pty.c:1740 src/load_plugins.c:163 src/load_plugins.c:188 -#: src/load_plugins.c:223 src/load_plugins.c:463 src/load_plugins.c:469 -#: src/parse_args.c:181 src/parse_args.c:203 src/parse_args.c:275 -#: src/parse_args.c:616 src/parse_args.c:638 src/parse_args.c:663 -#: src/preserve_fds.c:46 src/preserve_fds.c:131 src/selinux.c:90 -#: src/selinux.c:360 src/selinux.c:489 src/selinux.c:498 src/sesh.c:115 -#: src/sudo.c:235 src/sudo.c:632 src/sudo.c:867 src/sudo.c:1053 -#: src/sudo.c:1075 src/sudo.c:1373 src/sudo.c:1546 src/sudo.c:1740 -#: src/sudo.c:2084 src/sudo_edit.c:263 src/sudo_edit.c:770 src/sudo_edit.c:854 -#: src/sudo_edit.c:976 src/sudo_edit.c:996 +#: lib/util/json.c:184 lib/util/sudo_conf.c:212 lib/util/sudo_conf.c:297 +#: lib/util/sudo_conf.c:374 lib/util/sudo_conf.c:658 src/conversation.c:81 +#: src/exec_intercept.c:154 src/exec_intercept.c:181 src/exec_intercept.c:204 +#: src/exec_intercept.c:225 src/exec_intercept.c:231 src/exec_intercept.c:240 +#: src/exec_intercept.c:246 src/exec_intercept.c:312 src/exec_intercept.c:407 +#: src/exec_intercept.c:627 src/exec_monitor.c:456 src/exec_monitor.c:462 +#: src/exec_monitor.c:470 src/exec_monitor.c:478 src/exec_monitor.c:485 +#: src/exec_monitor.c:492 src/exec_monitor.c:499 src/exec_monitor.c:506 +#: src/exec_monitor.c:513 src/exec_monitor.c:520 src/exec_monitor.c:527 +#: src/exec_nopty.c:225 src/exec_nopty.c:235 src/exec_nopty.c:245 +#: src/exec_nopty.c:252 src/exec_nopty.c:259 src/exec_nopty.c:266 +#: src/exec_nopty.c:273 src/exec_nopty.c:280 src/exec_nopty.c:287 +#: src/exec_nopty.c:294 src/exec_nopty.c:301 src/exec_nopty.c:308 +#: src/exec_nopty.c:315 src/exec_nopty.c:323 src/exec_preload.c:143 +#: src/exec_preload.c:203 src/exec_pty.c:844 src/exec_pty.c:853 +#: src/exec_pty.c:910 src/exec_pty.c:1237 src/exec_pty.c:1247 +#: src/exec_pty.c:1257 src/exec_pty.c:1264 src/exec_pty.c:1271 +#: src/exec_pty.c:1278 src/exec_pty.c:1285 src/exec_pty.c:1292 +#: src/exec_pty.c:1299 src/exec_pty.c:1306 src/exec_pty.c:1313 +#: src/exec_pty.c:1320 src/exec_pty.c:1328 src/exec_pty.c:1782 +#: src/load_plugins.c:156 src/load_plugins.c:181 src/load_plugins.c:217 +#: src/load_plugins.c:449 src/load_plugins.c:455 src/parse_args.c:190 +#: src/parse_args.c:212 src/parse_args.c:285 src/parse_args.c:630 +#: src/parse_args.c:652 src/parse_args.c:677 src/preserve_fds.c:46 +#: src/preserve_fds.c:131 src/selinux.c:90 src/selinux.c:360 src/selinux.c:489 +#: src/selinux.c:498 src/sesh.c:113 src/sesh.c:411 src/sudo.c:227 +#: src/sudo.c:636 src/sudo.c:876 src/sudo.c:1061 src/sudo.c:1082 +#: src/sudo.c:1374 src/sudo.c:1543 src/sudo.c:1770 src/sudo.c:2104 +#: src/sudo_edit.c:89 src/sudo_edit.c:149 src/sudo_edit.c:429 +#: src/sudo_edit.c:438 src/sudo_edit.c:539 src/sudo_edit.c:546 +#: src/sudo_edit.c:686 src/sudo_edit.c:706 src/sudo_intercept_common.c:160 msgid "unable to allocate memory" msgstr "impossível alocar memória" -#: lib/util/mkdir_parents.c:69 lib/util/sudo_conf.c:614 src/selinux.c:234 -#: src/selinux.c:264 src/sudo.c:369 +#: lib/util/mkdir_parents.c:69 lib/util/sudo_conf.c:697 src/selinux.c:234 +#: src/selinux.c:264 src/sudo.c:368 src/sudo_edit.c:494 src/sudo_edit.c:559 #, c-format msgid "unable to open %s" msgstr "impossível abrir %s" @@ -108,7 +114,7 @@ msgid "unable to mkdir %s" msgstr "impossível executar mkdir %s" -#: lib/util/mkdir_parents.c:93 lib/util/sudo_conf.c:591 +#: lib/util/mkdir_parents.c:93 lib/util/sudo_conf.c:674 src/copy_file.c:150 #, c-format msgid "unable to stat %s" msgstr "impossível obter informações de %s" @@ -123,7 +129,7 @@ msgstr "Sinal desconhecido" #: lib/util/strtoid.c:87 lib/util/strtomode.c:52 lib/util/strtonum.c:148 -#: lib/util/strtonum.c:187 +#: lib/util/strtonum.c:187 src/sesh.c:146 src/sesh.c:159 msgid "invalid value" msgstr "valor inválido" @@ -135,110 +141,186 @@ msgid "value too small" msgstr "valor muito pequeno" -#: lib/util/sudo_conf.c:205 +#: lib/util/sudo_conf.c:230 #, c-format msgid "invalid Path value \"%s\" in %s, line %u" msgstr "valor de caminho inválido \"%s\" em %s, linha %u" -#: lib/util/sudo_conf.c:371 lib/util/sudo_conf.c:387 lib/util/sudo_conf.c:440 +#: lib/util/sudo_conf.c:396 lib/util/sudo_conf.c:412 lib/util/sudo_conf.c:465 #, c-format msgid "invalid value for %s \"%s\" in %s, line %u" msgstr "valor inválido %s \"%s\" em %s, linha %u" -#: lib/util/sudo_conf.c:408 +#: lib/util/sudo_conf.c:433 #, c-format msgid "unsupported group source \"%s\" in %s, line %u" msgstr "fonte de grupo não suportada \"%s\" em %s, linna %u" -#: lib/util/sudo_conf.c:424 +#: lib/util/sudo_conf.c:449 #, c-format msgid "invalid max groups \"%s\" in %s, line %u" msgstr "máximo de grupos inválido \"%s\" em %s, linha %u" -#: lib/util/sudo_conf.c:594 +#: lib/util/sudo_conf.c:677 #, c-format msgid "%s is not a regular file" msgstr "%s não é um ficheiro normal" -#: lib/util/sudo_conf.c:597 +#: lib/util/sudo_conf.c:680 src/copy_file.c:163 #, c-format msgid "%s is owned by uid %u, should be %u" msgstr "%s é propriedade de uid %u, deveria ser %u" -#: lib/util/sudo_conf.c:601 +#: lib/util/sudo_conf.c:684 #, c-format msgid "%s is world writable" msgstr "%s é escrito universalmente" -#: lib/util/sudo_conf.c:604 +#: lib/util/sudo_conf.c:687 #, c-format msgid "%s is group writable" msgstr "%s é escrito pelo grupo" -#: src/copy_file.c:91 +#: src/copy_file.c:93 #, c-format msgid "%s: truncate %s to zero bytes? (y/n) [n] " msgstr "%s: truncar %s para zero bytes? (y/n) [n] " -#: src/copy_file.c:95 +#: src/copy_file.c:97 #, c-format msgid "not overwriting %s" msgstr "não sobrescrever %s" -#: src/copy_file.c:117 +#: src/copy_file.c:119 #, c-format msgid "unable to read from %s" msgstr "impossível ler de %s" -#: src/copy_file.c:134 src/sudo_edit.c:695 +#: src/copy_file.c:136 src/sudo_edit.c:320 #, c-format msgid "unable to write to %s" msgstr "impossível escrever em %s" -#: src/exec.c:128 +#: src/copy_file.c:154 src/sesh.c:218 src/sudo_edit.c:197 +#, c-format +msgid "%s: not a regular file" +msgstr "%s não é um ficheiro normal" + +#: src/copy_file.c:158 +#, c-format +msgid "%s: bad file mode: 0%o" +msgstr "%s: modo de ficheiro errado: 0%o" + +#: src/edit_open.c:265 +msgid "unable to restore current working directory" +msgstr "impossível restaurar pasta de trabalho actual" + +#: src/exec.c:130 #, c-format msgid "unknown login class %s" msgstr "classe de sessão %s desconhecida" -#: src/exec.c:140 +#: src/exec.c:142 msgid "unable to set user context" msgstr "impossível definir contexto de utilizador" -#: src/exec.c:156 +#: src/exec.c:158 msgid "unable to set process priority" msgstr "impossível processar prioridade" -#: src/exec.c:170 +#: src/exec.c:172 #, c-format msgid "unable to change root to %s" msgstr "impossível alterar root para %s" -#: src/exec.c:183 src/exec.c:189 src/exec.c:196 +#: src/exec.c:185 src/exec.c:191 src/exec.c:198 #, c-format msgid "unable to change to runas uid (%u, %u)" msgstr "impossível alterar para runas uid (%u, %u)" -#: src/exec.c:214 +#: src/exec.c:216 #, c-format msgid "unable to change directory to %s" msgstr "impossível alterar pasta para %s" -#: src/exec.c:218 +#: src/exec.c:220 #, c-format msgid "starting from %s" msgstr "começando em %s" -#: src/exec.c:300 src/exec_monitor.c:564 src/exec_monitor.c:566 -#: src/exec_nopty.c:531 src/exec_pty.c:568 src/exec_pty.c:1386 -#: src/exec_pty.c:1388 src/signal.c:139 src/signal.c:153 +#: src/exec.c:302 src/exec_monitor.c:565 src/exec_monitor.c:567 +#: src/exec_nopty.c:569 src/exec_pty.c:585 src/exec_pty.c:1425 +#: src/exec_pty.c:1427 src/signal.c:144 src/signal.c:151 src/signal.c:165 #, c-format msgid "unable to set handler for signal %d" msgstr "impossível definir gestor para sinal %d" -#: src/exec_common.c:165 +#: src/exec_common.c:56 msgid "unable to remove PRIV_PROC_EXEC from PRIV_LIMIT" msgstr "impossível remover PRIV_PROC_EXEC de PRIV_LIMIT" +#: src/exec_common.c:85 +msgid "unable to dup intercept fd" +msgstr "impossível dup interceptar fd" + +#: src/exec_intercept.c:138 +msgid "invalid PolicyCheckRequest" +msgstr "PolicyCheckRequest inválido" + +#: src/exec_intercept.c:191 src/sudo.c:1187 src/sudo.c:1232 src/sudo.c:1276 +msgid "command rejected by policy" +msgstr "cpmando rejeitado pela política" + +#: src/exec_intercept.c:272 src/sudo.c:1192 src/sudo.c:1237 src/sudo.c:1281 +#: src/sudo.c:1355 +msgid "policy plugin error" +msgstr "erro da extensão de política" + +#: src/exec_intercept.c:304 +#, c-format +msgid "client message too large: %zu" +msgstr "mensagem do cliente muito grande: %zu" + +#: src/exec_intercept.c:340 +#, c-format +msgid "unexpected type_case value %d in %s from %s" +msgstr "valor type_case %d inesperado em %s de %s" + +#: src/exec_intercept.c:367 src/exec_intercept.c:371 src/exec_intercept.c:634 +#: src/exec_intercept.c:638 src/exec_monitor.c:464 src/exec_monitor.c:472 +#: src/exec_monitor.c:480 src/exec_monitor.c:487 src/exec_monitor.c:494 +#: src/exec_monitor.c:501 src/exec_monitor.c:508 src/exec_monitor.c:515 +#: src/exec_monitor.c:522 src/exec_monitor.c:529 src/exec_nopty.c:227 +#: src/exec_nopty.c:237 src/exec_nopty.c:247 src/exec_nopty.c:254 +#: src/exec_nopty.c:261 src/exec_nopty.c:268 src/exec_nopty.c:275 +#: src/exec_nopty.c:282 src/exec_nopty.c:289 src/exec_nopty.c:296 +#: src/exec_nopty.c:303 src/exec_nopty.c:310 src/exec_nopty.c:317 +#: src/exec_nopty.c:325 src/exec_pty.c:710 src/exec_pty.c:715 +#: src/exec_pty.c:812 src/exec_pty.c:819 src/exec_pty.c:916 +#: src/exec_pty.c:1239 src/exec_pty.c:1249 src/exec_pty.c:1259 +#: src/exec_pty.c:1266 src/exec_pty.c:1273 src/exec_pty.c:1280 +#: src/exec_pty.c:1287 src/exec_pty.c:1294 src/exec_pty.c:1301 +#: src/exec_pty.c:1308 src/exec_pty.c:1315 src/exec_pty.c:1322 +#: src/exec_pty.c:1735 src/exec_pty.c:1745 src/exec_pty.c:1790 +#: src/exec_pty.c:1797 src/exec_pty.c:1824 +msgid "unable to add event to queue" +msgstr "impossível adicionar evento à fila" + +#: src/exec_intercept.c:395 +#, c-format +msgid "server message too large: %zu" +msgstr "mensagem do servidor muito grande: %zu" + +#: src/exec_intercept.c:608 src/exec_intercept.c:620 +#, c-format +msgid "%s: missing message header" +msgstr "%s: cabeçalho da mensagem em falta" + +#: src/exec_intercept.c:613 +#, c-format +msgid "%s: expected message type %d, got %d" +msgstr "%s: esperado tipo de mensagem %d, obtido %d" + #: src/exec_monitor.c:360 msgid "error reading from socketpair" msgstr "erro ao ler de socketpair" @@ -248,203 +330,180 @@ msgid "unexpected reply type on backchannel: %d" msgstr "tipo de resposta inesperada no canal secundário: %d" -#: src/exec_monitor.c:463 src/exec_monitor.c:471 src/exec_monitor.c:479 -#: src/exec_monitor.c:486 src/exec_monitor.c:493 src/exec_monitor.c:500 -#: src/exec_monitor.c:507 src/exec_monitor.c:514 src/exec_monitor.c:521 -#: src/exec_monitor.c:528 src/exec_nopty.c:214 src/exec_nopty.c:223 -#: src/exec_nopty.c:230 src/exec_nopty.c:237 src/exec_nopty.c:244 -#: src/exec_nopty.c:251 src/exec_nopty.c:258 src/exec_nopty.c:265 -#: src/exec_nopty.c:272 src/exec_nopty.c:279 src/exec_nopty.c:286 -#: src/exec_nopty.c:293 src/exec_nopty.c:301 src/exec_pty.c:693 -#: src/exec_pty.c:698 src/exec_pty.c:795 src/exec_pty.c:802 src/exec_pty.c:899 -#: src/exec_pty.c:1220 src/exec_pty.c:1229 src/exec_pty.c:1236 -#: src/exec_pty.c:1243 src/exec_pty.c:1250 src/exec_pty.c:1257 -#: src/exec_pty.c:1264 src/exec_pty.c:1271 src/exec_pty.c:1278 -#: src/exec_pty.c:1285 src/exec_pty.c:1292 src/exec_pty.c:1693 -#: src/exec_pty.c:1703 src/exec_pty.c:1748 src/exec_pty.c:1755 -#: src/exec_pty.c:1782 -msgid "unable to add event to queue" -msgstr "impossível adicionar evento à fila" - -#: src/exec_monitor.c:582 +#: src/exec_monitor.c:583 msgid "unable to set controlling tty" msgstr "impossível definir tty de controlo" -#: src/exec_monitor.c:590 src/exec_nopty.c:358 src/exec_pty.c:1465 -#: src/exec_pty.c:1486 src/exec_pty.c:1506 src/tgetpass.c:306 +#: src/exec_monitor.c:591 src/exec_nopty.c:383 src/exec_pty.c:1504 +#: src/exec_pty.c:1525 src/exec_pty.c:1545 src/tgetpass.c:307 msgid "unable to create pipe" msgstr "impossível criar túnel" -#: src/exec_monitor.c:598 +#: src/exec_monitor.c:601 msgid "unable to receive message from parent" msgstr "impossível receber mensagem de pai" -#: src/exec_monitor.c:612 src/exec_nopty.c:387 src/exec_pty.c:1544 -#: src/sudo_edit.c:735 src/tgetpass.c:310 +#: src/exec_monitor.c:617 src/exec_nopty.c:421 src/exec_pty.c:1583 +#: src/sudo_edit.c:361 src/tgetpass.c:311 msgid "unable to fork" msgstr "impossível bifurcar" -#: src/exec_monitor.c:616 src/exec_monitor.c:715 src/exec_nopty.c:441 +#: src/exec_monitor.c:621 src/exec_monitor.c:722 src/exec_nopty.c:479 msgid "unable to restore tty label" msgstr "impossível restaurar rótulo tty" -#: src/exec_monitor.c:632 src/sesh.c:125 src/sudo.c:1131 +#: src/exec_monitor.c:637 src/sesh.c:123 src/sudo.c:1138 #, c-format msgid "unable to execute %s" msgstr "impossível executar %s" -#: src/exec_nopty.c:352 src/exec_pty.c:1395 +#: src/exec_nopty.c:377 src/exec_pty.c:1434 msgid "policy plugin failed session initialization" msgstr "a extensão de política falhou a inicialização de sessão" -#: src/exec_nopty.c:429 src/exec_pty.c:1632 +#: src/exec_nopty.c:391 src/exec_pty.c:1405 src/exec_pty.c:1413 +msgid "unable to create sockets" +msgstr "impossível criar sockets" + +#: src/exec_nopty.c:467 src/exec_pty.c:1674 msgid "error in event loop" msgstr "erro em ciclo de evento" -#: src/exec_nopty.c:539 src/exec_pty.c:606 src/signal.c:101 +#: src/exec_nopty.c:577 src/exec_pty.c:623 src/signal.c:101 #, c-format msgid "unable to restore handler for signal %d" msgstr "impossível restaurar gestor para o sinal %d" -#: src/exec_pty.c:152 +#: src/exec_pty.c:162 msgid "unable to allocate pty" msgstr "impossível alocar pty" -#: src/exec_pty.c:216 src/exec_pty.c:255 src/exec_pty.c:294 src/exec_pty.c:344 -#: src/exec_pty.c:394 +#: src/exec_pty.c:226 src/exec_pty.c:266 src/exec_pty.c:306 src/exec_pty.c:357 +#: src/exec_pty.c:408 msgid "I/O plugin error" msgstr "Erro da extensão E/S" -#: src/exec_pty.c:219 src/exec_pty.c:258 src/exec_pty.c:297 src/exec_pty.c:347 -#: src/exec_pty.c:397 +#: src/exec_pty.c:230 src/exec_pty.c:270 src/exec_pty.c:310 src/exec_pty.c:361 +#: src/exec_pty.c:412 msgid "command rejected by I/O plugin" msgstr "comando rejeitado pela extensão E/S" -#: src/exec_pty.c:444 +#: src/exec_pty.c:459 msgid "error logging suspend" msgstr "erro ao registar suspensão" -#: src/exec_pty.c:477 +#: src/exec_pty.c:493 msgid "error changing window size" msgstr "erro ao alterar o tamanho da janela" -#: src/exec_pty.c:1375 -msgid "unable to create sockets" -msgstr "impossível criar sockets" - -#: src/exec_pty.c:1587 +#: src/exec_pty.c:1629 msgid "unable to send message to monitor process" msgstr "impossível enviar mensagem para monitorizar processo" -#: src/load_plugins.c:50 src/load_plugins.c:63 src/load_plugins.c:85 -#: src/load_plugins.c:115 src/load_plugins.c:129 src/load_plugins.c:135 -#: src/load_plugins.c:287 src/load_plugins.c:297 src/load_plugins.c:307 -#: src/load_plugins.c:354 +#: src/load_plugins.c:108 src/load_plugins.c:122 src/load_plugins.c:128 +#: src/load_plugins.c:277 src/load_plugins.c:287 src/load_plugins.c:297 +#: src/load_plugins.c:344 #, c-format msgid "error in %s, line %d while loading plugin \"%s\"" msgstr "erro em %s, linha %d ao carregar a extensão \"%s\"" -#: src/load_plugins.c:87 -#, c-format -msgid "%s%s: %s" -msgstr "%s%s: %s" - -#: src/load_plugins.c:131 +#: src/load_plugins.c:124 #, c-format msgid "%s must be owned by uid %d" msgstr "%s tem de ser propriedade de uid %d" -#: src/load_plugins.c:137 +#: src/load_plugins.c:130 #, c-format msgid "%s must be only be writable by owner" msgstr "%s só pode ter permissão de escrita para o dono" -#: src/load_plugins.c:247 src/load_plugins.c:322 +#: src/load_plugins.c:241 src/load_plugins.c:312 #, c-format msgid "ignoring duplicate plugin \"%s\" in %s, line %d" msgstr "a ignorar extensão duplicada \"%s\" em %s, linha %d" -#: src/load_plugins.c:289 +#: src/load_plugins.c:279 #, c-format msgid "unable to load %s: %s" msgstr "impossível carregar %s: %s" -#: src/load_plugins.c:299 +#: src/load_plugins.c:289 #, c-format msgid "unable to find symbol \"%s\" in %s" msgstr "impossível encontrar símbolo \"%s\" em %s" -#: src/load_plugins.c:309 +#: src/load_plugins.c:299 #, c-format msgid "incompatible plugin major version %d (expected %d) found in %s" msgstr "versão principal de extensão %d incompatível (esperada %d) encontrada em %s" -#: src/load_plugins.c:327 +#: src/load_plugins.c:317 #, c-format msgid "ignoring policy plugin \"%s\" in %s, line %d" msgstr "a ignorar extensão de política \"%s\" em %s, linha %d" -#: src/load_plugins.c:330 +#: src/load_plugins.c:320 msgid "only a single policy plugin may be specified" msgstr "só pode especificar um tipo de extensão de política" -#: src/load_plugins.c:356 +#: src/load_plugins.c:346 #, c-format msgid "unknown plugin type %d found in %s" msgstr "tipo de extensão %d desconhecida encontrada em %s" -#: src/load_plugins.c:552 +#: src/load_plugins.c:529 #, c-format msgid "policy plugin %s does not include a check_policy method" msgstr "extensão de política %s não inclui um método check_policy" -#: src/net_ifs.c:178 src/net_ifs.c:195 src/net_ifs.c:340 src/sudo.c:479 +#: src/net_ifs.c:210 src/net_ifs.c:376 src/net_ifs.c:437 src/net_ifs.c:624 +#: src/net_ifs.c:855 src/sudo.c:483 src/sudo_edit.c:398 src/sudo_edit.c:406 #, c-format msgid "internal error, %s overflow" msgstr "erro interno, transporte %s" -#: src/parse_args.c:223 +#: src/parse_args.c:232 #, c-format msgid "invalid environment variable name: %s" msgstr "nome de variável de ambiente inválido: %s" -#: src/parse_args.c:325 +#: src/parse_args.c:335 msgid "the argument to -C must be a number greater than or equal to 3" msgstr "o argumento para -C tem de ser um número maior ou igual a 3" -#: src/parse_args.c:552 +#: src/parse_args.c:566 msgid "you may not specify both the -i and -s options" msgstr "não pode especificar ambas as opções \"-i\" e \"-s\"" -#: src/parse_args.c:557 +#: src/parse_args.c:571 msgid "you may not specify both the -i and -E options" msgstr "não pode especificar ambas as opções \"-i\" e \"-E\"" -#: src/parse_args.c:567 +#: src/parse_args.c:581 msgid "the -E option is not valid in edit mode" msgstr "a opção \"-E\" não é válida em modo de edição" -#: src/parse_args.c:570 +#: src/parse_args.c:584 msgid "you may not specify environment variables in edit mode" msgstr "não pode especificar variáveis de ambiente em modo de edição" -#: src/parse_args.c:580 +#: src/parse_args.c:594 msgid "the -U option may only be used with the -l option" msgstr "a opção \"-U\" só pode ser usada com a opção \"-l\"" -#: src/parse_args.c:584 +#: src/parse_args.c:598 msgid "the -A and -S options may not be used together" msgstr "não pode especificar ambas as opções \"-A\" e \"-S\"" -#: src/parse_args.c:677 +#: src/parse_args.c:691 msgid "sudoedit is not supported on this platform" msgstr "sudoedit não é suportado nesta plataforma" -#: src/parse_args.c:759 +#: src/parse_args.c:774 msgid "Only one of the -e, -h, -i, -K, -l, -s, -v or -V options may be specified" msgstr "Só uma das opções -e, -h, -i, -K, -l, -s, -v ou -V pode ser especificada" -#: src/parse_args.c:773 +#: src/parse_args.c:790 #, c-format msgid "" "%s - edit files as another user\n" @@ -453,7 +512,7 @@ "%s - edita ficheiros como outro utilizador\n" "\n" -#: src/parse_args.c:775 +#: src/parse_args.c:792 #, c-format msgid "" "%s - execute a command as another user\n" @@ -462,7 +521,7 @@ "%s - executa um comando como outro utilizador\n" "\n" -#: src/parse_args.c:780 +#: src/parse_args.c:798 msgid "" "\n" "Options:\n" @@ -470,131 +529,131 @@ "\n" "Opções:\n" -#: src/parse_args.c:782 +#: src/parse_args.c:800 msgid "use a helper program for password prompting" msgstr "usa um programa de ajuda para pedir a senha" -#: src/parse_args.c:785 +#: src/parse_args.c:803 msgid "use specified BSD authentication type" msgstr "usa um tipo de autenticação BSD especificado" -#: src/parse_args.c:788 +#: src/parse_args.c:807 msgid "run command in the background" msgstr "executa o comando em 2º plano" -#: src/parse_args.c:790 +#: src/parse_args.c:810 msgid "ring bell when prompting" msgstr "tocar campainha ao pedir" -#: src/parse_args.c:792 +#: src/parse_args.c:812 msgid "close all file descriptors >= num" msgstr "fecha todos os descritores de ficheiros >= num" -#: src/parse_args.c:795 +#: src/parse_args.c:815 msgid "run command with the specified BSD login class" msgstr "executa o comando com a classe de sessão BSD especificada" -#: src/parse_args.c:798 +#: src/parse_args.c:818 msgid "change the working directory before running command" msgstr "alterar a pasta de trabalho antes de executar o comando" -#: src/parse_args.c:800 +#: src/parse_args.c:821 msgid "preserve user environment when running command" msgstr "preserva o ambiente de utilizador ao executar o comando" -#: src/parse_args.c:802 +#: src/parse_args.c:823 msgid "preserve specific environment variables" msgstr "preserva variáveis de ambiente específicas" -#: src/parse_args.c:804 +#: src/parse_args.c:825 msgid "edit files instead of running a command" msgstr "edita ficheiros em vez de executar um comando" -#: src/parse_args.c:806 +#: src/parse_args.c:828 msgid "run command as the specified group name or ID" msgstr "executa o comando como nome de grupo ou ID especificados" -#: src/parse_args.c:808 +#: src/parse_args.c:831 msgid "set HOME variable to target user's home dir" msgstr "define a variável HOME para a pasta home do utilizador alvo" -#: src/parse_args.c:810 +#: src/parse_args.c:834 msgid "display help message and exit" msgstr "mostra a ajuda e sai" -#: src/parse_args.c:812 +#: src/parse_args.c:836 msgid "run command on host (if supported by plugin)" msgstr "executa o comando no anfitrião (se suportado pela extensão)" -#: src/parse_args.c:814 +#: src/parse_args.c:839 msgid "run login shell as the target user; a command may also be specified" msgstr "executa a shell de sessão como utilizador alvo; também pode especificar um comando" -#: src/parse_args.c:816 +#: src/parse_args.c:841 msgid "remove timestamp file completely" msgstr "remove completamente o ficheiro de datação" -#: src/parse_args.c:818 +#: src/parse_args.c:844 msgid "invalidate timestamp file" msgstr "invalida o ficheiro de datação" -#: src/parse_args.c:820 +#: src/parse_args.c:847 msgid "list user's privileges or check a specific command; use twice for longer format" msgstr "lista privilégios do utilizador ou verifica um comando específico; use duas vezes para formato mais longo" -#: src/parse_args.c:822 +#: src/parse_args.c:850 msgid "non-interactive mode, no prompts are used" msgstr "modo não-interactivo, não usa prompts" -#: src/parse_args.c:824 +#: src/parse_args.c:853 msgid "preserve group vector instead of setting to target's" msgstr "preserva vector de grupo em vez de o definir para o do alvo" -#: src/parse_args.c:826 +#: src/parse_args.c:856 msgid "use the specified password prompt" msgstr "usa o pedido de senha especificado" -#: src/parse_args.c:828 +#: src/parse_args.c:858 msgid "change the root directory before running command" msgstr "alterar a pasta raiz antes de executar o comando" -#: src/parse_args.c:831 +#: src/parse_args.c:861 msgid "create SELinux security context with specified role" msgstr "cria contexto de segurnaça SELinux com o papel especificado" -#: src/parse_args.c:834 +#: src/parse_args.c:864 msgid "read password from standard input" msgstr "lê a senha da entrada padrão" -#: src/parse_args.c:836 +#: src/parse_args.c:867 msgid "run shell as the target user; a command may also be specified" msgstr "executa a shell como utilizador alvo; também pode especificar um comando" -#: src/parse_args.c:839 +#: src/parse_args.c:871 msgid "create SELinux security context with specified type" msgstr "cria contexto de segurnaça SELinux com o tipo especificado" -#: src/parse_args.c:842 +#: src/parse_args.c:874 msgid "terminate command after the specified time limit" msgstr "termina o comando após o tempo limite especificado" -#: src/parse_args.c:844 +#: src/parse_args.c:877 msgid "in list mode, display privileges for user" msgstr "em modo Lista, mostra os privilégios do utilizador" -#: src/parse_args.c:846 +#: src/parse_args.c:880 msgid "run command (or edit file) as specified user name or ID" msgstr "executa o comando (ou edita o ficheiro) como nome ou ID de utilizador especificados" -#: src/parse_args.c:848 +#: src/parse_args.c:882 msgid "display version information and exit" msgstr "mostra informação da versão e sai" -#: src/parse_args.c:850 +#: src/parse_args.c:885 msgid "update user's timestamp without running a command" msgstr "actualiza datação do utilizador sem executar um comando" -#: src/parse_args.c:852 +#: src/parse_args.c:888 msgid "stop processing command line arguments" msgstr "pára o processamento de argumentos da linha de comandos" @@ -699,20 +758,40 @@ msgid "unable to set key creation context to %s" msgstr "impossível definir contexto de criação de chave para %s" -#: src/sesh.c:77 +#: src/sesh.c:72 msgid "requires at least one argument" msgstr "requer pelo menos um argumento" -#: src/sesh.c:106 +#: src/sesh.c:104 #, c-format msgid "invalid file descriptor number: %s" msgstr "número de descritor de ficheiro inválido: %s" -#: src/sesh.c:120 +#: src/sesh.c:118 #, c-format msgid "unable to run %s as a login shell" msgstr "impossível executar %s como shell de sessão" +#: src/sesh.c:200 src/sesh.c:300 src/sudo_edit.c:204 +#, c-format +msgid "%s: editing symbolic links is not permitted" +msgstr "%s: não é permitido editar ligações simbólicas" + +#: src/sesh.c:203 src/sesh.c:303 src/sudo_edit.c:207 +#, c-format +msgid "%s: editing files in a writable directory is not permitted" +msgstr "%s: não é permitido editar ficheiros numa pasta onde se pode escrever" + +#: src/sesh.c:287 src/sesh.c:308 src/sesh.c:317 src/sesh.c:325 +#: src/sudo_edit.c:331 +#, c-format +msgid "contents of edit session left in %s" +msgstr "conteúdo da sessão de edição deixados em %s" + +#: src/sesh.c:416 src/sudo_edit.c:94 +msgid "unable to get group list" +msgstr "impossível obter lista de grupo" + #: src/signal.c:79 #, c-format msgid "unable to save handler for signal %d" @@ -761,200 +840,191 @@ msgid "warning, resource control assignment failed for project \"%s\"" msgstr "aviso: falha na atribuição de controlo de recursos para o projecto \"%s\"" -#: src/sudo.c:220 +#: src/sudo.c:213 #, c-format msgid "Sudo version %s\n" msgstr "Sudo versão %s\n" -#: src/sudo.c:222 +#: src/sudo.c:215 #, c-format msgid "Configure options: %s\n" msgstr "Opções de configuração: %s\n" -#: src/sudo.c:231 +#: src/sudo.c:223 msgid "fatal error, unable to load plugins" msgstr "erro fatal, impossível carregar extensões" -#: src/sudo.c:277 +#: src/sudo.c:269 msgid "plugin did not return a command to execute" msgstr "a extensão não devolveu um comando a executar" -#: src/sudo.c:312 +#: src/sudo.c:302 #, c-format msgid "unexpected sudo mode 0x%x" msgstr "modo sudo 0x%x inesperado" -#: src/sudo.c:546 +#: src/sudo.c:550 #, c-format msgid "you do not exist in the %s database" msgstr "utilizador não existente na base de dados %s" -#: src/sudo.c:603 +#: src/sudo.c:607 msgid "unable to determine tty" msgstr "impossível determinar tty" -#: src/sudo.c:913 +#: src/sudo.c:922 #, c-format msgid "%s must be owned by uid %d and have the setuid bit set" msgstr "%s tem ser propriedade de uid %d e ter o bit setuid definido" -#: src/sudo.c:916 +#: src/sudo.c:925 #, c-format msgid "effective uid is not %d, is %s on a file system with the 'nosuid' option set or an NFS file system without root privileges?" msgstr "a uid efectiva não é %d, é %s num sistema de ficheiros com a opção 'nosuid' definida ou um sistema de ficheiros NFS sem privilégios root?" -#: src/sudo.c:922 +#: src/sudo.c:931 #, c-format msgid "effective uid is not %d, is sudo installed setuid root?" msgstr "a uid efectiva não é %d, tem sudo instalado com setuid root?" -#: src/sudo.c:938 +#: src/sudo.c:947 src/tgetpass.c:333 msgid "unable to set supplementary group IDs" msgstr "impossível definir IDs de grupo suplementares" -#: src/sudo.c:945 +#: src/sudo.c:954 #, c-format msgid "unable to set effective gid to runas gid %u" msgstr "impossível definir gid efectiva para gid runas %u" -#: src/sudo.c:951 +#: src/sudo.c:960 #, c-format msgid "unable to set gid to runas gid %u" msgstr "impossível definir gid para gid runas %u" -#: src/sudo.c:994 +#: src/sudo.c:1003 #, c-format msgid "unexpected child termination condition: %d" msgstr "condição de terminação de filho inesperada: %d" -#: src/sudo.c:1103 +#: src/sudo.c:1110 msgid "unable to initialize policy plugin" msgstr "impossível inicializar a extensão de política" -#: src/sudo.c:1166 +#: src/sudo.c:1172 #, c-format msgid "policy plugin %s is missing the \"check_policy\" method" msgstr "a extensão de política %s tem o método \"check_policy\" em falta" -#: src/sudo.c:1181 src/sudo.c:1234 src/sudo.c:1278 -msgid "command rejected by policy" -msgstr "cpmando rejeitado pela política" - -#: src/sudo.c:1186 src/sudo.c:1239 src/sudo.c:1283 -msgid "policy plugin error" -msgstr "erro da extensão de política" - -#: src/sudo.c:1220 +#: src/sudo.c:1218 #, c-format msgid "policy plugin %s does not support listing privileges" msgstr "a extensão de política %s não suporta privilégios de listagem" -#: src/sudo.c:1264 +#: src/sudo.c:1262 #, c-format msgid "policy plugin %s does not support the -v option" msgstr "a extensão de política %s não suporta a opção -v" -#: src/sudo.c:1302 +#: src/sudo.c:1300 #, c-format msgid "policy plugin %s does not support the -k/-K options" msgstr "a extensão de política %s não suporta as opções -k/-K" -#: src/sudo.c:1431 +#: src/sudo.c:1428 #, c-format msgid "error initializing I/O plugin %s" msgstr "erro ao inicializar a extensão E/S %s" -#: src/sudo.c:1585 +#: src/sudo.c:1431 +msgid "error initializing I/O plugin" +msgstr "erro ao inicializar a extensão E/S" + +#: src/sudo.c:1580 #, c-format msgid "error initializing audit plugin %s" msgstr "erro ao inicializar a extensão de auditoria %s" -#: src/sudo.c:1763 +#: src/sudo.c:1659 +#, c-format +msgid "%s: unable to log error event%s%s" +msgstr "%s: impossível registar evento%s%s de erro" + +#: src/sudo.c:1695 +#, c-format +msgid "%s: unable to log accept event%s%s" +msgstr "%s: impossível registar evento%s%s de aceitação" + +#: src/sudo.c:1700 src/sudo.c:1738 +msgid "audit plugin error" +msgstr "erro da extensão de auditoria" + +#: src/sudo.c:1733 +#, c-format +msgid "%s: unable to log reject event%s%s" +msgstr "%s: impossível registar evento%s%s de rejeição" + +#: src/sudo.c:1793 #, c-format msgid "error initializing approval plugin %s" msgstr "erro ao inicializar a extensão de aprovação %s" -#: src/sudo.c:1839 +#: src/sudo.c:1863 msgid "command rejected by approver" msgstr "comando rejeitado pelo aprovador" -#: src/sudo.c:1848 +#: src/sudo.c:1873 msgid "approval plugin error" msgstr "erro da extensão de aprovação" -#: src/sudo_edit.c:226 +#: src/sudo_edit.c:113 msgid "no writable temporary directory found" msgstr "sem pasta temporária onde possa escrever" -#: src/sudo_edit.c:351 -msgid "unable to restore current working directory" -msgstr "impossível restaurar pasta de trabalho actual" - -#: src/sudo_edit.c:566 src/sudo_edit.c:666 -#, c-format -msgid "%s: not a regular file" -msgstr "%s não é um ficheiro normal" - -#: src/sudo_edit.c:573 -#, c-format -msgid "%s: editing symbolic links is not permitted" -msgstr "%s: não é permitido editar ligações simbólicas" - -#: src/sudo_edit.c:576 -#, c-format -msgid "%s: editing files in a writable directory is not permitted" -msgstr "%s: não é permitido editar ficheiros numa pasta onde se pode escrever" - -#: src/sudo_edit.c:667 +#: src/sudo_edit.c:291 #, c-format msgid "%s left unmodified" msgstr "%s deixado sem alterações" -#: src/sudo_edit.c:680 src/sudo_edit.c:871 +#: src/sudo_edit.c:304 src/sudo_edit.c:571 #, c-format msgid "%s unchanged" msgstr "%s não alterado" -#: src/sudo_edit.c:706 src/sudo_edit.c:909 -#, c-format -msgid "contents of edit session left in %s" -msgstr "conteúdo da sessão de edição deixados em %s" - -#: src/sudo_edit.c:814 +#: src/sudo_edit.c:481 msgid "sesh: internal error: odd number of paths" msgstr "sesh: erro interno: número de caminhos ímpar" -#: src/sudo_edit.c:816 +#: src/sudo_edit.c:483 msgid "sesh: unable to create temporary files" msgstr "sesh: impossível criar ficheiros temporários" -#: src/sudo_edit.c:818 src/sudo_edit.c:902 +#: src/sudo_edit.c:485 src/sudo_edit.c:609 msgid "sesh: killed by a signal" msgstr "sesh: morto por um sinal" -#: src/sudo_edit.c:820 src/sudo_edit.c:905 +#: src/sudo_edit.c:487 src/sudo_edit.c:612 #, c-format msgid "sesh: unknown error %d" msgstr "sesh: erro %d desconhecido" -#: src/sudo_edit.c:895 +#: src/sudo_edit.c:602 msgid "unable to copy temporary files back to their original location" msgstr "impossível copiar ficheiros temporários de volta à localização original" -#: src/sudo_edit.c:899 +#: src/sudo_edit.c:606 msgid "unable to copy some of the temporary files back to their original location" msgstr "impossível copiar alguns ficheiros temporários de volta à localização original" -#: src/sudo_edit.c:943 +#: src/sudo_edit.c:649 #, c-format msgid "unable to change uid to root (%u)" msgstr "impossível alterar uid para root (%u)" -#: src/sudo_edit.c:960 +#: src/sudo_edit.c:670 msgid "plugin error: missing file list for sudoedit" msgstr "erro de extensão: lista de ficheiros para sudoedit em falta" -#: src/sudo_edit.c:1011 src/sudo_edit.c:1024 +#: src/sudo_edit.c:722 src/sudo_edit.c:732 msgid "unable to read the clock" msgstr "impossível ler o relógio" @@ -978,33 +1048,36 @@ msgid "no askpass program specified, try setting SUDO_ASKPASS" msgstr "sem programa askpass especificado, tente definir SUDO_ASKPASS" -#: src/tgetpass.c:327 +#: src/tgetpass.c:328 #, c-format msgid "unable to set gid to %u" msgstr "impossível definir gid para %u" -#: src/tgetpass.c:331 +#: src/tgetpass.c:338 #, c-format msgid "unable to set uid to %u" msgstr "impossível definir uid para %u" -#: src/tgetpass.c:336 +#: src/tgetpass.c:343 #, c-format msgid "unable to run %s" msgstr "impossível executar %s" -#: src/utmp.c:287 +#: src/utmp.c:288 msgid "unable to save stdin" msgstr "impossível gravar stdin" -#: src/utmp.c:289 +#: src/utmp.c:290 msgid "unable to dup2 stdin" msgstr "impossível dup2 stdin" -#: src/utmp.c:292 +#: src/utmp.c:293 msgid "unable to restore stdin" msgstr "impossível restaurar stdin" +#~ msgid "%s%s: %s" +#~ msgstr "%s%s: %s" + #~ msgid "%s: short write" #~ msgstr "%s: escrita curta" @@ -1017,8 +1090,5 @@ #~ msgid "no tty present and no askpass program specified" #~ msgstr "sem tty presente e sem programa askpass especificado" -#~ msgid "unable to get group vector" -#~ msgstr "impossível obter vector de grupo" - #~ msgid "unknown uid %u: who are you?" #~ msgstr "uid %u desconhecida: quem é?" Binary files /tmp/tmpi0rdlgnl/ugezXHF7Xt/sudo-1.9.5p2/po/pt_BR.mo and /tmp/tmpi0rdlgnl/jboyaHmwzR/sudo-1.9.9/po/pt_BR.mo differ diff -Nru sudo-1.9.5p2/po/pt_BR.po sudo-1.9.9/po/pt_BR.po --- sudo-1.9.5p2/po/pt_BR.po 2020-12-17 01:33:44.000000000 +0000 +++ sudo-1.9.9/po/pt_BR.po 2022-01-27 21:24:06.000000000 +0000 @@ -1,15 +1,15 @@ # Brazilian Portuguese translation for sudo package. # Traduções em português brasileiro para o pacote sudo. -# Copyright (C) 2020 Free Software Foundation, Inc. +# Copyright (C) 2021 Free Software Foundation, Inc. # This file is distributed under the same license as the sudo package. -# Rafael Fontenelle , 2013-2020. +# Rafael Fontenelle , 2013-2021. # msgid "" msgstr "" -"Project-Id-Version: sudo 1.9.3b1\n" +"Project-Id-Version: sudo 1.9.8b2\n" "Report-Msgid-Bugs-To: https://bugzilla.sudo.ws\n" -"POT-Creation-Date: 2020-09-12 08:28-0600\n" -"PO-Revision-Date: 2020-09-14 06:42-0300\n" +"POT-Creation-Date: 2021-08-16 10:46-0600\n" +"PO-Revision-Date: 2021-08-22 09:59-0300\n" "Last-Translator: Rafael Fontenelle \n" "Language-Team: Brazilian Portuguese \n" "Language: pt_BR\n" @@ -17,7 +17,7 @@ "Content-Type: text/plain; charset=UTF-8\n" "Content-Transfer-Encoding: 8bit\n" "Plural-Forms: nplurals=2; plural=(n > 1)\n" -"X-Generator: Gtranslator 3.38.0\n" +"X-Generator: Gtranslator 40.0\n" "X-Bugs: Report translation errors to the Language-Team address.\n" #: lib/util/aix.c:89 lib/util/aix.c:169 @@ -34,72 +34,78 @@ msgstr "não foi possível restaurar registro" #: lib/util/aix.c:272 lib/util/gidlist.c:66 lib/util/gidlist.c:76 -#: lib/util/json.c:54 lib/util/json.c:180 lib/util/sudo_conf.c:186 -#: lib/util/sudo_conf.c:272 lib/util/sudo_conf.c:349 lib/util/sudo_conf.c:575 -#: src/conversation.c:80 src/exec_common.c:106 src/exec_common.c:122 -#: src/exec_common.c:131 src/exec_monitor.c:206 src/exec_monitor.c:455 -#: src/exec_monitor.c:461 src/exec_monitor.c:469 src/exec_monitor.c:477 -#: src/exec_monitor.c:484 src/exec_monitor.c:491 src/exec_monitor.c:498 -#: src/exec_monitor.c:505 src/exec_monitor.c:512 src/exec_monitor.c:519 -#: src/exec_monitor.c:526 src/exec_nopty.c:212 src/exec_nopty.c:221 -#: src/exec_nopty.c:228 src/exec_nopty.c:235 src/exec_nopty.c:242 -#: src/exec_nopty.c:249 src/exec_nopty.c:256 src/exec_nopty.c:263 -#: src/exec_nopty.c:270 src/exec_nopty.c:277 src/exec_nopty.c:284 -#: src/exec_nopty.c:291 src/exec_nopty.c:299 src/exec_nopty.c:473 -#: src/exec_pty.c:827 src/exec_pty.c:836 src/exec_pty.c:893 -#: src/exec_pty.c:1046 src/exec_pty.c:1218 src/exec_pty.c:1227 -#: src/exec_pty.c:1234 src/exec_pty.c:1241 src/exec_pty.c:1248 -#: src/exec_pty.c:1255 src/exec_pty.c:1262 src/exec_pty.c:1269 -#: src/exec_pty.c:1276 src/exec_pty.c:1283 src/exec_pty.c:1290 -#: src/exec_pty.c:1298 src/exec_pty.c:1740 src/load_plugins.c:52 -#: src/load_plugins.c:65 src/load_plugins.c:163 src/load_plugins.c:188 -#: src/load_plugins.c:223 src/load_plugins.c:463 src/load_plugins.c:469 -#: src/parse_args.c:181 src/parse_args.c:202 src/parse_args.c:275 -#: src/parse_args.c:616 src/parse_args.c:638 src/parse_args.c:663 -#: src/preserve_fds.c:46 src/preserve_fds.c:131 src/selinux.c:90 -#: src/selinux.c:360 src/selinux.c:489 src/selinux.c:498 src/sesh.c:115 -#: src/sudo.c:632 src/sudo.c:701 src/sudo.c:711 src/sudo.c:732 src/sudo.c:751 -#: src/sudo.c:760 src/sudo.c:769 src/sudo.c:786 src/sudo.c:828 src/sudo.c:838 -#: src/sudo.c:867 src/sudo.c:1053 src/sudo.c:1075 src/sudo.c:1373 -#: src/sudo.c:1546 src/sudo.c:1740 src/sudo.c:2084 src/sudo_edit.c:263 -#: src/sudo_edit.c:770 src/sudo_edit.c:854 src/sudo_edit.c:976 -#: src/sudo_edit.c:996 +#: lib/util/json.c:54 lib/util/json.c:183 lib/util/sudo_conf.c:211 +#: lib/util/sudo_conf.c:297 lib/util/sudo_conf.c:374 lib/util/sudo_conf.c:658 +#: src/conversation.c:80 src/exec_monitor.c:206 src/exec_monitor.c:456 +#: src/exec_monitor.c:462 src/exec_monitor.c:470 src/exec_monitor.c:478 +#: src/exec_monitor.c:485 src/exec_monitor.c:492 src/exec_monitor.c:499 +#: src/exec_monitor.c:506 src/exec_monitor.c:513 src/exec_monitor.c:520 +#: src/exec_monitor.c:527 src/exec_nopty.c:225 src/exec_nopty.c:235 +#: src/exec_nopty.c:245 src/exec_nopty.c:252 src/exec_nopty.c:259 +#: src/exec_nopty.c:266 src/exec_nopty.c:273 src/exec_nopty.c:280 +#: src/exec_nopty.c:287 src/exec_nopty.c:294 src/exec_nopty.c:301 +#: src/exec_nopty.c:308 src/exec_nopty.c:315 src/exec_nopty.c:323 +#: src/exec_nopty.c:511 src/exec_preload.c:143 src/exec_preload.c:203 +#: src/exec_pty.c:844 src/exec_pty.c:853 src/exec_pty.c:910 +#: src/exec_pty.c:1063 src/exec_pty.c:1237 src/exec_pty.c:1247 +#: src/exec_pty.c:1257 src/exec_pty.c:1264 src/exec_pty.c:1271 +#: src/exec_pty.c:1278 src/exec_pty.c:1285 src/exec_pty.c:1292 +#: src/exec_pty.c:1299 src/exec_pty.c:1306 src/exec_pty.c:1313 +#: src/exec_pty.c:1320 src/exec_pty.c:1328 src/exec_pty.c:1782 +#: src/load_plugins.c:156 src/load_plugins.c:181 src/load_plugins.c:217 +#: src/load_plugins.c:449 src/load_plugins.c:455 src/parse_args.c:190 +#: src/parse_args.c:211 src/parse_args.c:285 src/parse_args.c:630 +#: src/parse_args.c:652 src/parse_args.c:677 src/preserve_fds.c:46 +#: src/preserve_fds.c:131 src/selinux.c:90 src/selinux.c:360 src/selinux.c:489 +#: src/selinux.c:498 src/sesh.c:113 src/sesh.c:146 src/sesh.c:152 +#: src/sesh.c:159 src/sesh.c:165 src/sesh.c:410 src/sudo.c:636 src/sudo.c:706 +#: src/sudo.c:716 src/sudo.c:741 src/sudo.c:760 src/sudo.c:769 src/sudo.c:778 +#: src/sudo.c:795 src/sudo.c:837 src/sudo.c:847 src/sudo.c:876 src/sudo.c:1061 +#: src/sudo.c:1082 src/sudo.c:1374 src/sudo.c:1543 src/sudo.c:1770 +#: src/sudo.c:2104 src/sudo_edit.c:89 src/sudo_edit.c:149 src/sudo_edit.c:429 +#: src/sudo_edit.c:438 src/sudo_edit.c:539 src/sudo_edit.c:546 +#: src/sudo_edit.c:686 src/sudo_edit.c:706 src/sudo_intercept_common.c:160 #, c-format msgid "%s: %s" msgstr "%s: %s" #: lib/util/aix.c:272 lib/util/gidlist.c:66 lib/util/json.c:55 -#: lib/util/json.c:181 lib/util/sudo_conf.c:187 lib/util/sudo_conf.c:272 -#: lib/util/sudo_conf.c:349 lib/util/sudo_conf.c:575 src/conversation.c:81 -#: src/exec_common.c:106 src/exec_common.c:123 src/exec_common.c:132 -#: src/exec_monitor.c:455 src/exec_monitor.c:461 src/exec_monitor.c:469 -#: src/exec_monitor.c:477 src/exec_monitor.c:484 src/exec_monitor.c:491 -#: src/exec_monitor.c:498 src/exec_monitor.c:505 src/exec_monitor.c:512 -#: src/exec_monitor.c:519 src/exec_monitor.c:526 src/exec_nopty.c:212 -#: src/exec_nopty.c:221 src/exec_nopty.c:228 src/exec_nopty.c:235 -#: src/exec_nopty.c:242 src/exec_nopty.c:249 src/exec_nopty.c:256 -#: src/exec_nopty.c:263 src/exec_nopty.c:270 src/exec_nopty.c:277 -#: src/exec_nopty.c:284 src/exec_nopty.c:291 src/exec_nopty.c:299 -#: src/exec_pty.c:827 src/exec_pty.c:836 src/exec_pty.c:893 -#: src/exec_pty.c:1218 src/exec_pty.c:1227 src/exec_pty.c:1234 -#: src/exec_pty.c:1241 src/exec_pty.c:1248 src/exec_pty.c:1255 -#: src/exec_pty.c:1262 src/exec_pty.c:1269 src/exec_pty.c:1276 -#: src/exec_pty.c:1283 src/exec_pty.c:1290 src/exec_pty.c:1298 -#: src/exec_pty.c:1740 src/load_plugins.c:163 src/load_plugins.c:188 -#: src/load_plugins.c:223 src/load_plugins.c:463 src/load_plugins.c:469 -#: src/parse_args.c:181 src/parse_args.c:203 src/parse_args.c:275 -#: src/parse_args.c:616 src/parse_args.c:638 src/parse_args.c:663 -#: src/preserve_fds.c:46 src/preserve_fds.c:131 src/selinux.c:90 -#: src/selinux.c:360 src/selinux.c:489 src/selinux.c:498 src/sesh.c:115 -#: src/sudo.c:235 src/sudo.c:632 src/sudo.c:867 src/sudo.c:1053 -#: src/sudo.c:1075 src/sudo.c:1373 src/sudo.c:1546 src/sudo.c:1740 -#: src/sudo.c:2084 src/sudo_edit.c:263 src/sudo_edit.c:770 src/sudo_edit.c:854 -#: src/sudo_edit.c:976 src/sudo_edit.c:996 +#: lib/util/json.c:184 lib/util/sudo_conf.c:212 lib/util/sudo_conf.c:297 +#: lib/util/sudo_conf.c:374 lib/util/sudo_conf.c:658 src/conversation.c:81 +#: src/exec_intercept.c:154 src/exec_intercept.c:181 src/exec_intercept.c:204 +#: src/exec_intercept.c:225 src/exec_intercept.c:231 src/exec_intercept.c:240 +#: src/exec_intercept.c:246 src/exec_intercept.c:312 src/exec_intercept.c:407 +#: src/exec_intercept.c:627 src/exec_monitor.c:456 src/exec_monitor.c:462 +#: src/exec_monitor.c:470 src/exec_monitor.c:478 src/exec_monitor.c:485 +#: src/exec_monitor.c:492 src/exec_monitor.c:499 src/exec_monitor.c:506 +#: src/exec_monitor.c:513 src/exec_monitor.c:520 src/exec_monitor.c:527 +#: src/exec_nopty.c:225 src/exec_nopty.c:235 src/exec_nopty.c:245 +#: src/exec_nopty.c:252 src/exec_nopty.c:259 src/exec_nopty.c:266 +#: src/exec_nopty.c:273 src/exec_nopty.c:280 src/exec_nopty.c:287 +#: src/exec_nopty.c:294 src/exec_nopty.c:301 src/exec_nopty.c:308 +#: src/exec_nopty.c:315 src/exec_nopty.c:323 src/exec_preload.c:143 +#: src/exec_preload.c:203 src/exec_pty.c:844 src/exec_pty.c:853 +#: src/exec_pty.c:910 src/exec_pty.c:1237 src/exec_pty.c:1247 +#: src/exec_pty.c:1257 src/exec_pty.c:1264 src/exec_pty.c:1271 +#: src/exec_pty.c:1278 src/exec_pty.c:1285 src/exec_pty.c:1292 +#: src/exec_pty.c:1299 src/exec_pty.c:1306 src/exec_pty.c:1313 +#: src/exec_pty.c:1320 src/exec_pty.c:1328 src/exec_pty.c:1782 +#: src/load_plugins.c:156 src/load_plugins.c:181 src/load_plugins.c:217 +#: src/load_plugins.c:449 src/load_plugins.c:455 src/parse_args.c:190 +#: src/parse_args.c:212 src/parse_args.c:285 src/parse_args.c:630 +#: src/parse_args.c:652 src/parse_args.c:677 src/preserve_fds.c:46 +#: src/preserve_fds.c:131 src/selinux.c:90 src/selinux.c:360 src/selinux.c:489 +#: src/selinux.c:498 src/sesh.c:113 src/sesh.c:411 src/sudo.c:227 +#: src/sudo.c:636 src/sudo.c:876 src/sudo.c:1061 src/sudo.c:1082 +#: src/sudo.c:1374 src/sudo.c:1543 src/sudo.c:1770 src/sudo.c:2104 +#: src/sudo_edit.c:89 src/sudo_edit.c:149 src/sudo_edit.c:429 +#: src/sudo_edit.c:438 src/sudo_edit.c:539 src/sudo_edit.c:546 +#: src/sudo_edit.c:686 src/sudo_edit.c:706 src/sudo_intercept_common.c:160 msgid "unable to allocate memory" msgstr "não foi possível alocar memória" -#: lib/util/mkdir_parents.c:69 lib/util/sudo_conf.c:614 src/selinux.c:234 -#: src/selinux.c:264 src/sudo.c:369 +#: lib/util/mkdir_parents.c:69 lib/util/sudo_conf.c:697 src/selinux.c:234 +#: src/selinux.c:264 src/sudo.c:368 src/sudo_edit.c:494 src/sudo_edit.c:559 #, c-format msgid "unable to open %s" msgstr "não foi possível abrir %s" @@ -109,7 +115,7 @@ msgid "unable to mkdir %s" msgstr "não foi possível criar diretório %s" -#: lib/util/mkdir_parents.c:93 lib/util/sudo_conf.c:591 +#: lib/util/mkdir_parents.c:93 lib/util/sudo_conf.c:674 src/copy_file.c:150 #, c-format msgid "unable to stat %s" msgstr "não foi possível obter o estado de %s" @@ -124,7 +130,7 @@ msgstr "Sinal desconhecido" #: lib/util/strtoid.c:87 lib/util/strtomode.c:52 lib/util/strtonum.c:148 -#: lib/util/strtonum.c:187 +#: lib/util/strtonum.c:187 src/sesh.c:146 src/sesh.c:159 msgid "invalid value" msgstr "valor inválido" @@ -136,110 +142,186 @@ msgid "value too small" msgstr "valor pequeno demais" -#: lib/util/sudo_conf.c:205 +#: lib/util/sudo_conf.c:230 #, c-format msgid "invalid Path value \"%s\" in %s, line %u" msgstr "Path inválido com valor \"%s\" em %s, linha %u" -#: lib/util/sudo_conf.c:371 lib/util/sudo_conf.c:387 lib/util/sudo_conf.c:440 +#: lib/util/sudo_conf.c:396 lib/util/sudo_conf.c:412 lib/util/sudo_conf.c:465 #, c-format msgid "invalid value for %s \"%s\" in %s, line %u" msgstr "Valor inválido para %s \"%s\" em %s, linha %u" -#: lib/util/sudo_conf.c:408 +#: lib/util/sudo_conf.c:433 #, c-format msgid "unsupported group source \"%s\" in %s, line %u" msgstr "fonte de grupo sem suporte \"%s\" em %s, linha %u" -#: lib/util/sudo_conf.c:424 +#: lib/util/sudo_conf.c:449 #, c-format msgid "invalid max groups \"%s\" in %s, line %u" msgstr "máximo de grupos inválido \"%s\" em %s, linha %u" -#: lib/util/sudo_conf.c:594 +#: lib/util/sudo_conf.c:677 #, c-format msgid "%s is not a regular file" msgstr "%s não é um arquivo comum" -#: lib/util/sudo_conf.c:597 +#: lib/util/sudo_conf.c:680 src/copy_file.c:163 #, c-format msgid "%s is owned by uid %u, should be %u" msgstr "%s tem como dono o uid %u, deveria ser %u" -#: lib/util/sudo_conf.c:601 +#: lib/util/sudo_conf.c:684 #, c-format msgid "%s is world writable" msgstr "%s é gravável globalmente" -#: lib/util/sudo_conf.c:604 +#: lib/util/sudo_conf.c:687 #, c-format msgid "%s is group writable" msgstr "%s é gravável pelo grupo" -#: src/copy_file.c:91 +#: src/copy_file.c:93 #, c-format msgid "%s: truncate %s to zero bytes? (y/n) [n] " msgstr "%s: truncar %s para zero bytes? (y/n) [n] " -#: src/copy_file.c:95 +#: src/copy_file.c:97 #, c-format msgid "not overwriting %s" msgstr "não vou sobrescrever %s" -#: src/copy_file.c:117 +#: src/copy_file.c:119 #, c-format msgid "unable to read from %s" msgstr "não foi possível ler de %s" -#: src/copy_file.c:134 src/sudo_edit.c:695 +#: src/copy_file.c:136 src/sudo_edit.c:320 #, c-format msgid "unable to write to %s" msgstr "não foi possível gravar em %s" -#: src/exec.c:128 +#: src/copy_file.c:154 src/sesh.c:218 src/sudo_edit.c:197 +#, c-format +msgid "%s: not a regular file" +msgstr "%s: não é um arquivo comum" + +#: src/copy_file.c:158 +#, c-format +msgid "%s: bad file mode: 0%o" +msgstr "%s: mode inválido de arquivo: 0%o" + +#: src/edit_open.c:265 +msgid "unable to restore current working directory" +msgstr "não foi possível restaurar o diretório de trabalho atual" + +#: src/exec.c:130 #, c-format msgid "unknown login class %s" msgstr "classe de login desconhecida %s" -#: src/exec.c:140 +#: src/exec.c:142 msgid "unable to set user context" msgstr "não foi possível definir contexto de usuário" -#: src/exec.c:156 +#: src/exec.c:158 msgid "unable to set process priority" msgstr "não foi possível definir prioridade do processo" -#: src/exec.c:170 +#: src/exec.c:172 #, c-format msgid "unable to change root to %s" msgstr "não foi possível alterar a raiz para %s" -#: src/exec.c:183 src/exec.c:189 src/exec.c:196 +#: src/exec.c:185 src/exec.c:191 src/exec.c:198 #, c-format msgid "unable to change to runas uid (%u, %u)" msgstr "não foi possível alterar para uid de \"runas\" (%u, %u)" -#: src/exec.c:214 +#: src/exec.c:216 #, c-format msgid "unable to change directory to %s" msgstr "não foi possível alterar diretório para %s" -#: src/exec.c:218 +#: src/exec.c:220 #, c-format msgid "starting from %s" msgstr "iniciando a partir de %s" -#: src/exec.c:300 src/exec_monitor.c:564 src/exec_monitor.c:566 -#: src/exec_nopty.c:531 src/exec_pty.c:568 src/exec_pty.c:1386 -#: src/exec_pty.c:1388 src/signal.c:139 src/signal.c:153 +#: src/exec.c:302 src/exec_monitor.c:565 src/exec_monitor.c:567 +#: src/exec_nopty.c:569 src/exec_pty.c:585 src/exec_pty.c:1425 +#: src/exec_pty.c:1427 src/signal.c:144 src/signal.c:151 src/signal.c:165 #, c-format msgid "unable to set handler for signal %d" msgstr "não foi possível definir manipulador para sinal %d" -#: src/exec_common.c:165 +#: src/exec_common.c:56 msgid "unable to remove PRIV_PROC_EXEC from PRIV_LIMIT" msgstr "não foi possível remover PRIV_PROC_EXEC de PRIV_LIMIT" +#: src/exec_common.c:85 +msgid "unable to dup intercept fd" +msgstr "não foi possível realizar dup de interceptação de fd" + +#: src/exec_intercept.c:138 +msgid "invalid PolicyCheckRequest" +msgstr "PolicyCheckRequest inválida" + +#: src/exec_intercept.c:191 src/sudo.c:1187 src/sudo.c:1232 src/sudo.c:1276 +msgid "command rejected by policy" +msgstr "comando rejeitado pela política" + +#: src/exec_intercept.c:272 src/sudo.c:1192 src/sudo.c:1237 src/sudo.c:1281 +#: src/sudo.c:1355 +msgid "policy plugin error" +msgstr "erro de plug-in de política" + +#: src/exec_intercept.c:304 +#, c-format +msgid "client message too large: %zu" +msgstr "mensagem do cliente grande demais: %zu" + +#: src/exec_intercept.c:340 +#, c-format +msgid "unexpected type_case value %d in %s from %s" +msgstr "type_case com valor inesperado %d em %s de %s" + +#: src/exec_intercept.c:367 src/exec_intercept.c:371 src/exec_intercept.c:634 +#: src/exec_intercept.c:638 src/exec_monitor.c:464 src/exec_monitor.c:472 +#: src/exec_monitor.c:480 src/exec_monitor.c:487 src/exec_monitor.c:494 +#: src/exec_monitor.c:501 src/exec_monitor.c:508 src/exec_monitor.c:515 +#: src/exec_monitor.c:522 src/exec_monitor.c:529 src/exec_nopty.c:227 +#: src/exec_nopty.c:237 src/exec_nopty.c:247 src/exec_nopty.c:254 +#: src/exec_nopty.c:261 src/exec_nopty.c:268 src/exec_nopty.c:275 +#: src/exec_nopty.c:282 src/exec_nopty.c:289 src/exec_nopty.c:296 +#: src/exec_nopty.c:303 src/exec_nopty.c:310 src/exec_nopty.c:317 +#: src/exec_nopty.c:325 src/exec_pty.c:710 src/exec_pty.c:715 +#: src/exec_pty.c:812 src/exec_pty.c:819 src/exec_pty.c:916 +#: src/exec_pty.c:1239 src/exec_pty.c:1249 src/exec_pty.c:1259 +#: src/exec_pty.c:1266 src/exec_pty.c:1273 src/exec_pty.c:1280 +#: src/exec_pty.c:1287 src/exec_pty.c:1294 src/exec_pty.c:1301 +#: src/exec_pty.c:1308 src/exec_pty.c:1315 src/exec_pty.c:1322 +#: src/exec_pty.c:1735 src/exec_pty.c:1745 src/exec_pty.c:1790 +#: src/exec_pty.c:1797 src/exec_pty.c:1824 +msgid "unable to add event to queue" +msgstr "não foi possível adicionar um evento à fila" + +#: src/exec_intercept.c:395 +#, c-format +msgid "server message too large: %zu" +msgstr "mensagem do servidor grande demais: %zu" + +#: src/exec_intercept.c:608 src/exec_intercept.c:620 +#, c-format +msgid "%s: missing message header" +msgstr "%s: faltando o cabeçalho de mensagens" + +#: src/exec_intercept.c:613 +#, c-format +msgid "%s: expected message type %d, got %d" +msgstr "%s: esperava mensagem do tipo %d, obteve %d" + #: src/exec_monitor.c:360 msgid "error reading from socketpair" msgstr "erro ao ler do par de soquetes" @@ -249,203 +331,180 @@ msgid "unexpected reply type on backchannel: %d" msgstr "tipo de resposta inesperada no canal de retorno: %d" -#: src/exec_monitor.c:463 src/exec_monitor.c:471 src/exec_monitor.c:479 -#: src/exec_monitor.c:486 src/exec_monitor.c:493 src/exec_monitor.c:500 -#: src/exec_monitor.c:507 src/exec_monitor.c:514 src/exec_monitor.c:521 -#: src/exec_monitor.c:528 src/exec_nopty.c:214 src/exec_nopty.c:223 -#: src/exec_nopty.c:230 src/exec_nopty.c:237 src/exec_nopty.c:244 -#: src/exec_nopty.c:251 src/exec_nopty.c:258 src/exec_nopty.c:265 -#: src/exec_nopty.c:272 src/exec_nopty.c:279 src/exec_nopty.c:286 -#: src/exec_nopty.c:293 src/exec_nopty.c:301 src/exec_pty.c:693 -#: src/exec_pty.c:698 src/exec_pty.c:795 src/exec_pty.c:802 src/exec_pty.c:899 -#: src/exec_pty.c:1220 src/exec_pty.c:1229 src/exec_pty.c:1236 -#: src/exec_pty.c:1243 src/exec_pty.c:1250 src/exec_pty.c:1257 -#: src/exec_pty.c:1264 src/exec_pty.c:1271 src/exec_pty.c:1278 -#: src/exec_pty.c:1285 src/exec_pty.c:1292 src/exec_pty.c:1693 -#: src/exec_pty.c:1703 src/exec_pty.c:1748 src/exec_pty.c:1755 -#: src/exec_pty.c:1782 -msgid "unable to add event to queue" -msgstr "não foi possível adicionar um evento à fila" - -#: src/exec_monitor.c:582 +#: src/exec_monitor.c:583 msgid "unable to set controlling tty" msgstr "não foi possível definir tty de controle" -#: src/exec_monitor.c:590 src/exec_nopty.c:358 src/exec_pty.c:1465 -#: src/exec_pty.c:1486 src/exec_pty.c:1506 src/tgetpass.c:306 +#: src/exec_monitor.c:591 src/exec_nopty.c:383 src/exec_pty.c:1504 +#: src/exec_pty.c:1525 src/exec_pty.c:1545 src/tgetpass.c:307 msgid "unable to create pipe" msgstr "não foi possível criar um encadeamento (pipe)" -#: src/exec_monitor.c:598 +#: src/exec_monitor.c:601 msgid "unable to receive message from parent" msgstr "não foi possível receber mensagem de pai" -#: src/exec_monitor.c:612 src/exec_nopty.c:387 src/exec_pty.c:1544 -#: src/sudo_edit.c:735 src/tgetpass.c:310 +#: src/exec_monitor.c:617 src/exec_nopty.c:421 src/exec_pty.c:1583 +#: src/sudo_edit.c:361 src/tgetpass.c:311 msgid "unable to fork" msgstr "não foi possível fazer fork" -#: src/exec_monitor.c:616 src/exec_monitor.c:715 src/exec_nopty.c:441 +#: src/exec_monitor.c:621 src/exec_monitor.c:722 src/exec_nopty.c:479 msgid "unable to restore tty label" msgstr "não foi possível restaurar rótulo de tty" -#: src/exec_monitor.c:632 src/sesh.c:125 src/sudo.c:1131 +#: src/exec_monitor.c:637 src/sesh.c:123 src/sudo.c:1138 #, c-format msgid "unable to execute %s" msgstr "não foi possível executar %s" -#: src/exec_nopty.c:352 src/exec_pty.c:1395 +#: src/exec_nopty.c:377 src/exec_pty.c:1434 msgid "policy plugin failed session initialization" msgstr "plug-in de política falhou ao inicializar da sessão" -#: src/exec_nopty.c:429 src/exec_pty.c:1632 +#: src/exec_nopty.c:391 src/exec_pty.c:1405 src/exec_pty.c:1413 +msgid "unable to create sockets" +msgstr "não foi possível criar soquetes" + +#: src/exec_nopty.c:467 src/exec_pty.c:1674 msgid "error in event loop" msgstr "erro em loop de evento" -#: src/exec_nopty.c:539 src/exec_pty.c:606 src/signal.c:101 +#: src/exec_nopty.c:577 src/exec_pty.c:623 src/signal.c:101 #, c-format msgid "unable to restore handler for signal %d" msgstr "não foi possível restaurar manipulador para sinal %d" -#: src/exec_pty.c:152 +#: src/exec_pty.c:162 msgid "unable to allocate pty" msgstr "não foi possível alocar pty" -#: src/exec_pty.c:216 src/exec_pty.c:255 src/exec_pty.c:294 src/exec_pty.c:344 -#: src/exec_pty.c:394 +#: src/exec_pty.c:226 src/exec_pty.c:266 src/exec_pty.c:306 src/exec_pty.c:357 +#: src/exec_pty.c:408 msgid "I/O plugin error" msgstr "erro no plug-in de E/S" -#: src/exec_pty.c:219 src/exec_pty.c:258 src/exec_pty.c:297 src/exec_pty.c:347 -#: src/exec_pty.c:397 +#: src/exec_pty.c:230 src/exec_pty.c:270 src/exec_pty.c:310 src/exec_pty.c:361 +#: src/exec_pty.c:412 msgid "command rejected by I/O plugin" msgstr "comando rejeitado pelo plug-in de E/S" -#: src/exec_pty.c:444 +#: src/exec_pty.c:459 msgid "error logging suspend" msgstr "erro a registrar a suspensão" -#: src/exec_pty.c:477 +#: src/exec_pty.c:493 msgid "error changing window size" msgstr "erro ao alterar o tamanho da janela" -#: src/exec_pty.c:1375 -msgid "unable to create sockets" -msgstr "não foi possível criar soquetes" - -#: src/exec_pty.c:1587 +#: src/exec_pty.c:1629 msgid "unable to send message to monitor process" msgstr "não foi possível enviar mensagem para monitorar processo" -#: src/load_plugins.c:50 src/load_plugins.c:63 src/load_plugins.c:85 -#: src/load_plugins.c:115 src/load_plugins.c:129 src/load_plugins.c:135 -#: src/load_plugins.c:287 src/load_plugins.c:297 src/load_plugins.c:307 -#: src/load_plugins.c:354 +#: src/load_plugins.c:108 src/load_plugins.c:122 src/load_plugins.c:128 +#: src/load_plugins.c:277 src/load_plugins.c:287 src/load_plugins.c:297 +#: src/load_plugins.c:344 #, c-format msgid "error in %s, line %d while loading plugin \"%s\"" msgstr "erro em %s, linha %d ao carregar plug-in \"%s\"" -#: src/load_plugins.c:87 -#, c-format -msgid "%s%s: %s" -msgstr "%s%s: %s" - -#: src/load_plugins.c:131 +#: src/load_plugins.c:124 #, c-format msgid "%s must be owned by uid %d" msgstr "%s deve ter como dono o uid %d" -#: src/load_plugins.c:137 +#: src/load_plugins.c:130 #, c-format msgid "%s must be only be writable by owner" msgstr "%s deve ser gravável apenas pelo dono" -#: src/load_plugins.c:247 src/load_plugins.c:322 +#: src/load_plugins.c:241 src/load_plugins.c:312 #, c-format msgid "ignoring duplicate plugin \"%s\" in %s, line %d" msgstr "ignorando plug-in \"%s\" duplicado em %s, linha %d" -#: src/load_plugins.c:289 +#: src/load_plugins.c:279 #, c-format msgid "unable to load %s: %s" msgstr "não foi possível carregar %s: %s" -#: src/load_plugins.c:299 +#: src/load_plugins.c:289 #, c-format msgid "unable to find symbol \"%s\" in %s" msgstr "não foi possível localizar símbolo \"%s\" em %s" -#: src/load_plugins.c:309 +#: src/load_plugins.c:299 #, c-format msgid "incompatible plugin major version %d (expected %d) found in %s" msgstr "versão maior %d do plug-in incompatível (esperava %d) localizada em %s" -#: src/load_plugins.c:327 +#: src/load_plugins.c:317 #, c-format msgid "ignoring policy plugin \"%s\" in %s, line %d" msgstr "ignorando plug-in de política \"%s\" em %s, linha %d" -#: src/load_plugins.c:330 +#: src/load_plugins.c:320 msgid "only a single policy plugin may be specified" msgstr "apenas um plug-in de política pode ser especificado" -#: src/load_plugins.c:356 +#: src/load_plugins.c:346 #, c-format msgid "unknown plugin type %d found in %s" msgstr "tipo de plug-in %d desconhecido localizado em %s" -#: src/load_plugins.c:552 +#: src/load_plugins.c:529 #, c-format msgid "policy plugin %s does not include a check_policy method" msgstr "plug-in de política %s não inclui um método de check_policy" -#: src/net_ifs.c:178 src/net_ifs.c:195 src/net_ifs.c:340 src/sudo.c:479 +#: src/net_ifs.c:210 src/net_ifs.c:376 src/net_ifs.c:437 src/net_ifs.c:624 +#: src/net_ifs.c:855 src/sudo.c:483 src/sudo_edit.c:398 src/sudo_edit.c:406 #, c-format msgid "internal error, %s overflow" msgstr "erro interno, estouro de pilha de %s" -#: src/parse_args.c:223 +#: src/parse_args.c:232 #, c-format msgid "invalid environment variable name: %s" msgstr "nome de variável de ambiente inválida: %s" -#: src/parse_args.c:325 +#: src/parse_args.c:335 msgid "the argument to -C must be a number greater than or equal to 3" msgstr "o argumento do -C deve ser um número maior ou igual a 3" -#: src/parse_args.c:552 +#: src/parse_args.c:566 msgid "you may not specify both the -i and -s options" msgstr "você não pode especificar as opções -i e -s ao mesmo tempo" -#: src/parse_args.c:557 +#: src/parse_args.c:571 msgid "you may not specify both the -i and -E options" msgstr "você não pode especificar as opções -i e -E ao mesmo tempo" -#: src/parse_args.c:567 +#: src/parse_args.c:581 msgid "the -E option is not valid in edit mode" msgstr "a opção -E não é válida no modo de edição" -#: src/parse_args.c:570 +#: src/parse_args.c:584 msgid "you may not specify environment variables in edit mode" msgstr "você não pode especificar variáveis de ambiente no modo de edição" -#: src/parse_args.c:580 +#: src/parse_args.c:594 msgid "the -U option may only be used with the -l option" msgstr "a opção -U pode ser usada apenas com a opção -l" -#: src/parse_args.c:584 +#: src/parse_args.c:598 msgid "the -A and -S options may not be used together" msgstr "as opções -A e -S não podem ser usadas ao mesmo tempo" -#: src/parse_args.c:677 +#: src/parse_args.c:691 msgid "sudoedit is not supported on this platform" msgstr "não há suporte a sudoedit nesta plataforma" -#: src/parse_args.c:759 +#: src/parse_args.c:774 msgid "Only one of the -e, -h, -i, -K, -l, -s, -v or -V options may be specified" msgstr "Apenas uma das opções -e, -h, -i, -K, -l, -s, -v ou -V pode ser especificada" -#: src/parse_args.c:773 +#: src/parse_args.c:790 #, c-format msgid "" "%s - edit files as another user\n" @@ -454,7 +513,7 @@ "%s - edita arquivos como outro usuário\n" "\n" -#: src/parse_args.c:775 +#: src/parse_args.c:792 #, c-format msgid "" "%s - execute a command as another user\n" @@ -464,7 +523,7 @@ "\n" # Deixei minúsculo para seguir o padrão das demais linhas do "sudo -h" -#: src/parse_args.c:780 +#: src/parse_args.c:798 msgid "" "\n" "Options:\n" @@ -472,131 +531,131 @@ "\n" "opções:\n" -#: src/parse_args.c:782 +#: src/parse_args.c:800 msgid "use a helper program for password prompting" msgstr "usa um programa auxiliar para pedir senha" -#: src/parse_args.c:785 +#: src/parse_args.c:803 msgid "use specified BSD authentication type" msgstr "usa o tipo de autenticação BSD especificado" -#: src/parse_args.c:788 +#: src/parse_args.c:807 msgid "run command in the background" msgstr "executa um comando em plano de fundo" -#: src/parse_args.c:790 +#: src/parse_args.c:810 msgid "ring bell when prompting" msgstr "toca campainha ao solicitar senha" -#: src/parse_args.c:792 +#: src/parse_args.c:812 msgid "close all file descriptors >= num" msgstr "fecha todos os descritores, de arquivos, >= num" -#: src/parse_args.c:795 +#: src/parse_args.c:815 msgid "run command with the specified BSD login class" msgstr "executa um comando com uma classe de login BSD especificada" -#: src/parse_args.c:798 +#: src/parse_args.c:818 msgid "change the working directory before running command" msgstr "altera o diretório de trabalho antes de executar o comando" -#: src/parse_args.c:800 +#: src/parse_args.c:821 msgid "preserve user environment when running command" msgstr "preserva um ambiente de usuário ao executar um comando" -#: src/parse_args.c:802 +#: src/parse_args.c:823 msgid "preserve specific environment variables" msgstr "preserva variáveis de ambiente específicas" -#: src/parse_args.c:804 +#: src/parse_args.c:825 msgid "edit files instead of running a command" msgstr "edita arquivos em vez de executar um comando" -#: src/parse_args.c:806 +#: src/parse_args.c:828 msgid "run command as the specified group name or ID" msgstr "executa um comando como o ID ou nome de grupo especificado" -#: src/parse_args.c:808 +#: src/parse_args.c:831 msgid "set HOME variable to target user's home dir" msgstr "define a variável HOME para a pasta pessoal do usuário alvo" -#: src/parse_args.c:810 +#: src/parse_args.c:834 msgid "display help message and exit" msgstr "exibe uma mensagem de ajuda e sai" -#: src/parse_args.c:812 +#: src/parse_args.c:836 msgid "run command on host (if supported by plugin)" msgstr "executa o comando na máquina (se houver suporte pelo plug-in)" -#: src/parse_args.c:814 +#: src/parse_args.c:839 msgid "run login shell as the target user; a command may also be specified" msgstr "executa um shell de login como usuário alvo; um comando também pode ser especificado" -#: src/parse_args.c:816 +#: src/parse_args.c:841 msgid "remove timestamp file completely" msgstr "remove arquivo de marca de tempo completamente" -#: src/parse_args.c:818 +#: src/parse_args.c:844 msgid "invalidate timestamp file" msgstr "invalida arquivo de marca de tempo" -#: src/parse_args.c:820 +#: src/parse_args.c:847 msgid "list user's privileges or check a specific command; use twice for longer format" msgstr "lista os privilégios do usuário ou verifica um comando específico; use duas vezes para um formato maior" -#: src/parse_args.c:822 +#: src/parse_args.c:850 msgid "non-interactive mode, no prompts are used" msgstr "modo não interativo, não pergunta para o usuário" -#: src/parse_args.c:824 +#: src/parse_args.c:853 msgid "preserve group vector instead of setting to target's" msgstr "preserva vetor de grupos ao invés de definir para o do alvo" -#: src/parse_args.c:826 +#: src/parse_args.c:856 msgid "use the specified password prompt" msgstr "usa a senha especificada" -#: src/parse_args.c:828 +#: src/parse_args.c:858 msgid "change the root directory before running command" msgstr "altera o diretório raiz antes de executar o comando" -#: src/parse_args.c:831 +#: src/parse_args.c:861 msgid "create SELinux security context with specified role" msgstr "cria um contexto de segurança SELinux com o papel especificado" -#: src/parse_args.c:834 +#: src/parse_args.c:864 msgid "read password from standard input" msgstr "lê a senha da entrada padrão" -#: src/parse_args.c:836 +#: src/parse_args.c:867 msgid "run shell as the target user; a command may also be specified" msgstr "executa o shell como o usuário alvo; um comando também pode ser especificado" -#: src/parse_args.c:839 +#: src/parse_args.c:871 msgid "create SELinux security context with specified type" msgstr "cria um contexto de segurança SELinux com o tipo especificado" -#: src/parse_args.c:842 +#: src/parse_args.c:874 msgid "terminate command after the specified time limit" msgstr "termina o comando após o tempo limite especificado" -#: src/parse_args.c:844 +#: src/parse_args.c:877 msgid "in list mode, display privileges for user" msgstr "no modo lista, exibe os privilégios por usuário" -#: src/parse_args.c:846 +#: src/parse_args.c:880 msgid "run command (or edit file) as specified user name or ID" msgstr "executa um comando (ou edita um arquivo) como o nome ou ID do usuário especificado" -#: src/parse_args.c:848 +#: src/parse_args.c:882 msgid "display version information and exit" msgstr "exibe as informações de versão e sai" -#: src/parse_args.c:850 +#: src/parse_args.c:885 msgid "update user's timestamp without running a command" msgstr "atualiza a marca de tempo do usuário sem executar um comando" -#: src/parse_args.c:852 +#: src/parse_args.c:888 msgid "stop processing command line arguments" msgstr "interrompe processamento de argumentos de linha de comando" @@ -701,20 +760,40 @@ msgid "unable to set key creation context to %s" msgstr "não foi possível definir contexto de criação de chave para %s" -#: src/sesh.c:77 +#: src/sesh.c:72 msgid "requires at least one argument" msgstr "requer ao menos um argumento" -#: src/sesh.c:106 +#: src/sesh.c:104 #, c-format msgid "invalid file descriptor number: %s" msgstr "número de descritor de arquivos inválido: %s" -#: src/sesh.c:120 +#: src/sesh.c:118 #, c-format msgid "unable to run %s as a login shell" msgstr "não foi possível executar %s como shell de login" +#: src/sesh.c:200 src/sesh.c:300 src/sudo_edit.c:204 +#, c-format +msgid "%s: editing symbolic links is not permitted" +msgstr "%s: edição de links simbólicos não é permitida" + +#: src/sesh.c:203 src/sesh.c:303 src/sudo_edit.c:207 +#, c-format +msgid "%s: editing files in a writable directory is not permitted" +msgstr "%s: edição de arquivos em um diretório gravável não é permitida" + +#: src/sesh.c:287 src/sesh.c:308 src/sesh.c:317 src/sesh.c:325 +#: src/sudo_edit.c:331 +#, c-format +msgid "contents of edit session left in %s" +msgstr "conteúdo da sessão de edição deixado em %s" + +#: src/sesh.c:416 src/sudo_edit.c:94 +msgid "unable to get group list" +msgstr "não foi possível obter lista de grupos" + #: src/signal.c:79 #, c-format msgid "unable to save handler for signal %d" @@ -763,200 +842,191 @@ msgid "warning, resource control assignment failed for project \"%s\"" msgstr "aviso, atribuição de controle de recursos falhou para o projeto \"%s\"" -#: src/sudo.c:220 +#: src/sudo.c:213 #, c-format msgid "Sudo version %s\n" msgstr "Sudo versão %s\n" -#: src/sudo.c:222 +#: src/sudo.c:215 #, c-format msgid "Configure options: %s\n" msgstr "Opções de configuração: %s\n" -#: src/sudo.c:231 +#: src/sudo.c:223 msgid "fatal error, unable to load plugins" msgstr "erro fatal, não foi possível carregar os plug-ins" -#: src/sudo.c:277 +#: src/sudo.c:269 msgid "plugin did not return a command to execute" msgstr "o plug-in não retornou um comando para ser executado" -#: src/sudo.c:312 +#: src/sudo.c:302 #, c-format msgid "unexpected sudo mode 0x%x" msgstr "modo de sudo inesperado 0x%x" -#: src/sudo.c:546 +#: src/sudo.c:550 #, c-format msgid "you do not exist in the %s database" msgstr "você não existe no banco de dados %s" -#: src/sudo.c:603 +#: src/sudo.c:607 msgid "unable to determine tty" msgstr "não foi possível determinar o tty" -#: src/sudo.c:913 +#: src/sudo.c:922 #, c-format msgid "%s must be owned by uid %d and have the setuid bit set" msgstr "%s deve ter como dono o uid %d e tem definido o bit setuid" -#: src/sudo.c:916 +#: src/sudo.c:925 #, c-format msgid "effective uid is not %d, is %s on a file system with the 'nosuid' option set or an NFS file system without root privileges?" msgstr "uid efetivo não é %d, é %s em um sistema de arquivos com a opção \"nosuid\" defina ou um sistema de arquivos NFS sem privilégios de root?" -#: src/sudo.c:922 +#: src/sudo.c:931 #, c-format msgid "effective uid is not %d, is sudo installed setuid root?" msgstr "uid efetivo não é %d, sudo está instalado em uma raiz com setuid?" -#: src/sudo.c:938 +#: src/sudo.c:947 src/tgetpass.c:333 msgid "unable to set supplementary group IDs" msgstr "não foi possível definir IDs de grupo suplementares" -#: src/sudo.c:945 +#: src/sudo.c:954 #, c-format msgid "unable to set effective gid to runas gid %u" msgstr "não foi possível definir gid efetivo para executar como gid %u" -#: src/sudo.c:951 +#: src/sudo.c:960 #, c-format msgid "unable to set gid to runas gid %u" msgstr "não foi possível definir gid para executar como gid %u" -#: src/sudo.c:994 +#: src/sudo.c:1003 #, c-format msgid "unexpected child termination condition: %d" msgstr "condição inesperada de término de filho: %d" -#: src/sudo.c:1103 +#: src/sudo.c:1110 msgid "unable to initialize policy plugin" msgstr "não foi possível inicializar plug-in de política" -#: src/sudo.c:1166 +#: src/sudo.c:1172 #, c-format msgid "policy plugin %s is missing the \"check_policy\" method" msgstr "plug-in de política %s é sem o método \"check_policy\"" -#: src/sudo.c:1181 src/sudo.c:1234 src/sudo.c:1278 -msgid "command rejected by policy" -msgstr "comando rejeitado pela política" - -#: src/sudo.c:1186 src/sudo.c:1239 src/sudo.c:1283 -msgid "policy plugin error" -msgstr "erro de plug-in de política" - -#: src/sudo.c:1220 +#: src/sudo.c:1218 #, c-format msgid "policy plugin %s does not support listing privileges" msgstr "plug-in de política %s não tem suporte a listagem de privilégios" -#: src/sudo.c:1264 +#: src/sudo.c:1262 #, c-format msgid "policy plugin %s does not support the -v option" msgstr "plug-in de política %s não tem suporte à opção -v" -#: src/sudo.c:1302 +#: src/sudo.c:1300 #, c-format msgid "policy plugin %s does not support the -k/-K options" msgstr "plug-in de política %s não tem suporte às opções -k/-K" -#: src/sudo.c:1431 +#: src/sudo.c:1428 #, c-format msgid "error initializing I/O plugin %s" msgstr "erro ao inicializar o plug-in de E/S %s" -#: src/sudo.c:1585 +#: src/sudo.c:1431 +msgid "error initializing I/O plugin" +msgstr "erro ao inicializar o plug-in de E/S" + +#: src/sudo.c:1580 #, c-format msgid "error initializing audit plugin %s" msgstr "erro ao inicializar o plug-in de auditoria %s" -#: src/sudo.c:1763 +#: src/sudo.c:1659 +#, c-format +msgid "%s: unable to log error event%s%s" +msgstr "%s: não foi possível registrar evento de erro%s%s" + +#: src/sudo.c:1695 +#, c-format +msgid "%s: unable to log accept event%s%s" +msgstr "%s: não foi possível registrar evento de aceite%s%s" + +#: src/sudo.c:1700 src/sudo.c:1738 +msgid "audit plugin error" +msgstr "erro no plug-in de auditoria" + +#: src/sudo.c:1733 +#, c-format +msgid "%s: unable to log reject event%s%s" +msgstr "%s: não foi possível registrar evento de rejeição%s%s" + +#: src/sudo.c:1793 #, c-format msgid "error initializing approval plugin %s" msgstr "erro ao inicializar o plug-in de aprovação %s" -#: src/sudo.c:1839 +#: src/sudo.c:1863 msgid "command rejected by approver" msgstr "comando rejeitado pelo aprovador" -#: src/sudo.c:1848 +#: src/sudo.c:1873 msgid "approval plugin error" msgstr "erro no plug-in de aprovação" -#: src/sudo_edit.c:226 +#: src/sudo_edit.c:113 msgid "no writable temporary directory found" msgstr "nenhum diretório temporário gravável encontrado" -#: src/sudo_edit.c:351 -msgid "unable to restore current working directory" -msgstr "não foi possível restaurar o diretório de trabalho atual" - -#: src/sudo_edit.c:566 src/sudo_edit.c:666 -#, c-format -msgid "%s: not a regular file" -msgstr "%s: não é um arquivo comum" - -#: src/sudo_edit.c:573 -#, c-format -msgid "%s: editing symbolic links is not permitted" -msgstr "%s: edição de links simbólicos não é permitida" - -#: src/sudo_edit.c:576 -#, c-format -msgid "%s: editing files in a writable directory is not permitted" -msgstr "%s: edição de arquivos em um diretório gravável não é permitida" - -#: src/sudo_edit.c:667 +#: src/sudo_edit.c:291 #, c-format msgid "%s left unmodified" msgstr "%s não foi modificado" -#: src/sudo_edit.c:680 src/sudo_edit.c:871 +#: src/sudo_edit.c:304 src/sudo_edit.c:571 #, c-format msgid "%s unchanged" msgstr "%s sem alteração" -#: src/sudo_edit.c:706 src/sudo_edit.c:909 -#, c-format -msgid "contents of edit session left in %s" -msgstr "conteúdo da sessão de edição deixado em %s" - -#: src/sudo_edit.c:814 +#: src/sudo_edit.c:481 msgid "sesh: internal error: odd number of paths" msgstr "sesh: erro interno: número ímpar de caminhos" -#: src/sudo_edit.c:816 +#: src/sudo_edit.c:483 msgid "sesh: unable to create temporary files" msgstr "sesh: não foi possível criar arquivos temporários" -#: src/sudo_edit.c:818 src/sudo_edit.c:902 +#: src/sudo_edit.c:485 src/sudo_edit.c:609 msgid "sesh: killed by a signal" msgstr "sesh: morto por um sinal" -#: src/sudo_edit.c:820 src/sudo_edit.c:905 +#: src/sudo_edit.c:487 src/sudo_edit.c:612 #, c-format msgid "sesh: unknown error %d" msgstr "sesh: erro desconhecido: %d" -#: src/sudo_edit.c:895 +#: src/sudo_edit.c:602 msgid "unable to copy temporary files back to their original location" msgstr "não foi possível copiar arquivos temporários de volta para sua localização original" -#: src/sudo_edit.c:899 +#: src/sudo_edit.c:606 msgid "unable to copy some of the temporary files back to their original location" msgstr "não foi possível copiar alguns dos arquivos temporários de volta para sua localização original" -#: src/sudo_edit.c:943 +#: src/sudo_edit.c:649 #, c-format msgid "unable to change uid to root (%u)" msgstr "não foi possível alterar uid de root (%u)" -#: src/sudo_edit.c:960 +#: src/sudo_edit.c:670 msgid "plugin error: missing file list for sudoedit" msgstr "erro no plug-in: faltando lista de arquivo para sudoedit" -#: src/sudo_edit.c:1011 src/sudo_edit.c:1024 +#: src/sudo_edit.c:722 src/sudo_edit.c:732 msgid "unable to read the clock" msgstr "não foi possível ler o relógio" @@ -980,33 +1050,36 @@ msgid "no askpass program specified, try setting SUDO_ASKPASS" msgstr "nenhum programa de askpass especificado, tente definir SUDO_ASKPASS" -#: src/tgetpass.c:327 +#: src/tgetpass.c:328 #, c-format msgid "unable to set gid to %u" msgstr "não foi possível definir gid para %u" -#: src/tgetpass.c:331 +#: src/tgetpass.c:338 #, c-format msgid "unable to set uid to %u" msgstr "não foi possível definir uid para %u" -#: src/tgetpass.c:336 +#: src/tgetpass.c:343 #, c-format msgid "unable to run %s" msgstr "não foi possível executar %s" -#: src/utmp.c:287 +#: src/utmp.c:288 msgid "unable to save stdin" msgstr "não foi possível salvar a entrada padrão" -#: src/utmp.c:289 +#: src/utmp.c:290 msgid "unable to dup2 stdin" msgstr "não foi possível realizar dup2 da entrada padrão" -#: src/utmp.c:292 +#: src/utmp.c:293 msgid "unable to restore stdin" msgstr "não foi possível restaurar a entrada padrão" +#~ msgid "%s%s: %s" +#~ msgstr "%s%s: %s" + #~ msgid "%s: short write" #~ msgstr "%s: escrita curta" @@ -1019,9 +1092,6 @@ #~ msgid "no tty present and no askpass program specified" #~ msgstr "nenhum tty presente e nenhum programa de askpass especificado" -#~ msgid "unable to get group vector" -#~ msgstr "não foi possível obter vetor de grupos" - #~ msgid "unknown uid %u: who are you?" #~ msgstr "uid desconhecido %u: quem é você?" Binary files /tmp/tmpi0rdlgnl/ugezXHF7Xt/sudo-1.9.5p2/po/ro.mo and /tmp/tmpi0rdlgnl/jboyaHmwzR/sudo-1.9.9/po/ro.mo differ diff -Nru sudo-1.9.5p2/po/ro.po sudo-1.9.9/po/ro.po --- sudo-1.9.5p2/po/ro.po 2020-12-17 01:33:44.000000000 +0000 +++ sudo-1.9.9/po/ro.po 2022-01-27 21:24:22.000000000 +0000 @@ -1,15 +1,16 @@ # Portable object template file for sudo # This file is put in the public domain. -# Todd C. Miller , 2011-2018 -# Florentina Mușat , 2020. # +# Todd C. Miller , 2011-2018. +# Florentina Mușat , 2020. +# Remus-Gabriel Chelu , 2021, 2022. msgid "" msgstr "" -"Project-Id-Version: sudo 1.9.2rc1\n" +"Project-Id-Version: sudo 1.9.9b1\n" "Report-Msgid-Bugs-To: https://bugzilla.sudo.ws\n" -"POT-Creation-Date: 2020-06-24 05:35-0600\n" -"PO-Revision-Date: 2020-07-16 17:54+0200\n" -"Last-Translator: Florentina Mușat \n" +"POT-Creation-Date: 2021-12-08 10:19-0700\n" +"PO-Revision-Date: 2022-01-06 23:54+0100\n" +"Last-Translator: Remus-Gabriel Chelu \n" "Language-Team: Romanian \n" "Language: ro\n" "MIME-Version: 1.0\n" @@ -33,87 +34,94 @@ msgstr "nu se poate restaura registrul" #: lib/util/aix.c:272 lib/util/gidlist.c:66 lib/util/gidlist.c:76 -#: lib/util/json.c:54 lib/util/json.c:180 lib/util/sudo_conf.c:186 -#: lib/util/sudo_conf.c:272 lib/util/sudo_conf.c:349 lib/util/sudo_conf.c:575 -#: src/conversation.c:80 src/exec_common.c:106 src/exec_common.c:122 -#: src/exec_common.c:131 src/exec_monitor.c:206 src/exec_monitor.c:455 -#: src/exec_monitor.c:461 src/exec_monitor.c:469 src/exec_monitor.c:477 -#: src/exec_monitor.c:484 src/exec_monitor.c:491 src/exec_monitor.c:498 -#: src/exec_monitor.c:505 src/exec_monitor.c:512 src/exec_monitor.c:519 -#: src/exec_monitor.c:526 src/exec_nopty.c:212 src/exec_nopty.c:221 -#: src/exec_nopty.c:228 src/exec_nopty.c:235 src/exec_nopty.c:242 -#: src/exec_nopty.c:249 src/exec_nopty.c:256 src/exec_nopty.c:263 -#: src/exec_nopty.c:270 src/exec_nopty.c:277 src/exec_nopty.c:284 -#: src/exec_nopty.c:291 src/exec_nopty.c:299 src/exec_nopty.c:473 -#: src/exec_pty.c:827 src/exec_pty.c:836 src/exec_pty.c:893 -#: src/exec_pty.c:1046 src/exec_pty.c:1218 src/exec_pty.c:1227 -#: src/exec_pty.c:1234 src/exec_pty.c:1241 src/exec_pty.c:1248 -#: src/exec_pty.c:1255 src/exec_pty.c:1262 src/exec_pty.c:1269 -#: src/exec_pty.c:1276 src/exec_pty.c:1283 src/exec_pty.c:1290 -#: src/exec_pty.c:1298 src/exec_pty.c:1740 src/load_plugins.c:52 -#: src/load_plugins.c:65 src/load_plugins.c:163 src/load_plugins.c:188 -#: src/load_plugins.c:223 src/load_plugins.c:462 src/load_plugins.c:468 -#: src/parse_args.c:176 src/parse_args.c:197 src/parse_args.c:270 -#: src/parse_args.c:593 src/parse_args.c:615 src/parse_args.c:640 -#: src/preserve_fds.c:46 src/preserve_fds.c:131 src/selinux.c:90 -#: src/selinux.c:360 src/selinux.c:485 src/selinux.c:494 src/sesh.c:116 -#: src/sudo.c:624 src/sudo.c:693 src/sudo.c:703 src/sudo.c:724 src/sudo.c:743 -#: src/sudo.c:752 src/sudo.c:761 src/sudo.c:778 src/sudo.c:820 src/sudo.c:830 -#: src/sudo.c:859 src/sudo.c:1045 src/sudo.c:1067 src/sudo.c:1365 -#: src/sudo.c:1538 src/sudo.c:1732 src/sudo.c:2076 src/sudo_edit.c:263 -#: src/sudo_edit.c:770 src/sudo_edit.c:854 src/sudo_edit.c:974 -#: src/sudo_edit.c:994 +#: lib/util/json.c:54 lib/util/json.c:183 lib/util/sudo_conf.c:218 +#: lib/util/sudo_conf.c:304 lib/util/sudo_conf.c:381 lib/util/sudo_conf.c:665 +#: src/conversation.c:80 src/exec_monitor.c:206 src/exec_monitor.c:456 +#: src/exec_monitor.c:462 src/exec_monitor.c:470 src/exec_monitor.c:478 +#: src/exec_monitor.c:485 src/exec_monitor.c:492 src/exec_monitor.c:499 +#: src/exec_monitor.c:506 src/exec_monitor.c:513 src/exec_monitor.c:520 +#: src/exec_monitor.c:527 src/exec_nopty.c:219 src/exec_nopty.c:228 +#: src/exec_nopty.c:235 src/exec_nopty.c:242 src/exec_nopty.c:249 +#: src/exec_nopty.c:256 src/exec_nopty.c:263 src/exec_nopty.c:270 +#: src/exec_nopty.c:277 src/exec_nopty.c:284 src/exec_nopty.c:291 +#: src/exec_nopty.c:298 src/exec_nopty.c:306 src/exec_nopty.c:503 +#: src/exec_preload.c:143 src/exec_preload.c:204 src/exec_pty.c:840 +#: src/exec_pty.c:849 src/exec_pty.c:906 src/exec_pty.c:1059 +#: src/exec_pty.c:1231 src/exec_pty.c:1240 src/exec_pty.c:1247 +#: src/exec_pty.c:1254 src/exec_pty.c:1261 src/exec_pty.c:1268 +#: src/exec_pty.c:1275 src/exec_pty.c:1282 src/exec_pty.c:1289 +#: src/exec_pty.c:1296 src/exec_pty.c:1303 src/exec_pty.c:1311 +#: src/exec_pty.c:1774 src/load_plugins.c:156 src/load_plugins.c:181 +#: src/load_plugins.c:217 src/load_plugins.c:449 src/load_plugins.c:455 +#: src/parse_args.c:190 src/parse_args.c:211 src/parse_args.c:285 +#: src/parse_args.c:630 src/parse_args.c:652 src/parse_args.c:677 +#: src/preserve_fds.c:46 src/preserve_fds.c:131 src/selinux.c:89 +#: src/selinux.c:369 src/selinux.c:489 src/selinux.c:498 src/sesh.c:113 +#: src/sesh.c:146 src/sesh.c:152 src/sesh.c:159 src/sesh.c:165 src/sesh.c:410 +#: src/sudo.c:636 src/sudo.c:706 src/sudo.c:716 src/sudo.c:741 src/sudo.c:764 +#: src/sudo.c:773 src/sudo.c:782 src/sudo.c:799 src/sudo.c:849 src/sudo.c:859 +#: src/sudo.c:888 src/sudo.c:1087 src/sudo.c:1108 src/sudo.c:1401 +#: src/sudo.c:1570 src/sudo.c:1797 src/sudo.c:2131 src/sudo_edit.c:89 +#: src/sudo_edit.c:149 src/sudo_edit.c:429 src/sudo_edit.c:438 +#: src/sudo_edit.c:539 src/sudo_edit.c:546 src/sudo_edit.c:677 +#: src/sudo_edit.c:697 src/sudo_intercept_common.c:113 +#: src/sudo_intercept_common.c:317 #, c-format msgid "%s: %s" msgstr "%s: %s" #: lib/util/aix.c:272 lib/util/gidlist.c:66 lib/util/json.c:55 -#: lib/util/json.c:181 lib/util/sudo_conf.c:187 lib/util/sudo_conf.c:272 -#: lib/util/sudo_conf.c:349 lib/util/sudo_conf.c:575 src/conversation.c:81 -#: src/exec_common.c:106 src/exec_common.c:123 src/exec_common.c:132 -#: src/exec_monitor.c:455 src/exec_monitor.c:461 src/exec_monitor.c:469 -#: src/exec_monitor.c:477 src/exec_monitor.c:484 src/exec_monitor.c:491 -#: src/exec_monitor.c:498 src/exec_monitor.c:505 src/exec_monitor.c:512 -#: src/exec_monitor.c:519 src/exec_monitor.c:526 src/exec_nopty.c:212 -#: src/exec_nopty.c:221 src/exec_nopty.c:228 src/exec_nopty.c:235 -#: src/exec_nopty.c:242 src/exec_nopty.c:249 src/exec_nopty.c:256 -#: src/exec_nopty.c:263 src/exec_nopty.c:270 src/exec_nopty.c:277 -#: src/exec_nopty.c:284 src/exec_nopty.c:291 src/exec_nopty.c:299 -#: src/exec_pty.c:827 src/exec_pty.c:836 src/exec_pty.c:893 -#: src/exec_pty.c:1218 src/exec_pty.c:1227 src/exec_pty.c:1234 -#: src/exec_pty.c:1241 src/exec_pty.c:1248 src/exec_pty.c:1255 -#: src/exec_pty.c:1262 src/exec_pty.c:1269 src/exec_pty.c:1276 -#: src/exec_pty.c:1283 src/exec_pty.c:1290 src/exec_pty.c:1298 -#: src/exec_pty.c:1740 src/load_plugins.c:163 src/load_plugins.c:188 -#: src/load_plugins.c:223 src/load_plugins.c:462 src/load_plugins.c:468 -#: src/parse_args.c:176 src/parse_args.c:198 src/parse_args.c:270 -#: src/parse_args.c:593 src/parse_args.c:615 src/parse_args.c:640 -#: src/preserve_fds.c:46 src/preserve_fds.c:131 src/selinux.c:90 -#: src/selinux.c:360 src/selinux.c:485 src/selinux.c:494 src/sesh.c:116 -#: src/sudo.c:234 src/sudo.c:624 src/sudo.c:859 src/sudo.c:1045 -#: src/sudo.c:1067 src/sudo.c:1365 src/sudo.c:1538 src/sudo.c:1732 -#: src/sudo.c:2076 src/sudo_edit.c:263 src/sudo_edit.c:770 src/sudo_edit.c:854 -#: src/sudo_edit.c:974 src/sudo_edit.c:994 +#: lib/util/json.c:184 lib/util/sudo_conf.c:219 lib/util/sudo_conf.c:304 +#: lib/util/sudo_conf.c:381 lib/util/sudo_conf.c:665 src/conversation.c:81 +#: src/exec_intercept.c:100 src/exec_intercept.c:330 src/exec_intercept.c:354 +#: src/exec_intercept.c:377 src/exec_intercept.c:385 src/exec_intercept.c:410 +#: src/exec_intercept.c:416 src/exec_intercept.c:425 src/exec_intercept.c:431 +#: src/exec_intercept.c:565 src/exec_intercept.c:706 src/exec_monitor.c:456 +#: src/exec_monitor.c:462 src/exec_monitor.c:470 src/exec_monitor.c:478 +#: src/exec_monitor.c:485 src/exec_monitor.c:492 src/exec_monitor.c:499 +#: src/exec_monitor.c:506 src/exec_monitor.c:513 src/exec_monitor.c:520 +#: src/exec_monitor.c:527 src/exec_nopty.c:219 src/exec_nopty.c:228 +#: src/exec_nopty.c:235 src/exec_nopty.c:242 src/exec_nopty.c:249 +#: src/exec_nopty.c:256 src/exec_nopty.c:263 src/exec_nopty.c:270 +#: src/exec_nopty.c:277 src/exec_nopty.c:284 src/exec_nopty.c:291 +#: src/exec_nopty.c:298 src/exec_nopty.c:306 src/exec_preload.c:143 +#: src/exec_preload.c:204 src/exec_pty.c:840 src/exec_pty.c:849 +#: src/exec_pty.c:906 src/exec_pty.c:1231 src/exec_pty.c:1240 +#: src/exec_pty.c:1247 src/exec_pty.c:1254 src/exec_pty.c:1261 +#: src/exec_pty.c:1268 src/exec_pty.c:1275 src/exec_pty.c:1282 +#: src/exec_pty.c:1289 src/exec_pty.c:1296 src/exec_pty.c:1303 +#: src/exec_pty.c:1311 src/exec_pty.c:1774 src/load_plugins.c:156 +#: src/load_plugins.c:181 src/load_plugins.c:217 src/load_plugins.c:449 +#: src/load_plugins.c:455 src/parse_args.c:190 src/parse_args.c:212 +#: src/parse_args.c:285 src/parse_args.c:630 src/parse_args.c:652 +#: src/parse_args.c:677 src/preserve_fds.c:46 src/preserve_fds.c:131 +#: src/selinux.c:89 src/selinux.c:369 src/selinux.c:489 src/selinux.c:498 +#: src/sesh.c:113 src/sesh.c:411 src/sudo.c:227 src/sudo.c:636 src/sudo.c:888 +#: src/sudo.c:1087 src/sudo.c:1108 src/sudo.c:1401 src/sudo.c:1570 +#: src/sudo.c:1797 src/sudo.c:2131 src/sudo_edit.c:89 src/sudo_edit.c:149 +#: src/sudo_edit.c:429 src/sudo_edit.c:438 src/sudo_edit.c:539 +#: src/sudo_edit.c:546 src/sudo_edit.c:677 src/sudo_edit.c:697 +#: src/sudo_intercept_common.c:113 src/sudo_intercept_common.c:317 msgid "unable to allocate memory" msgstr "nu se poate aloca memoria" -#: lib/util/mkdir_parents.c:69 lib/util/sudo_conf.c:614 src/selinux.c:234 -#: src/selinux.c:264 src/sudo.c:367 +#: lib/util/mkdir_parents.c:68 lib/util/sudo_conf.c:704 src/selinux.c:235 +#: src/selinux.c:265 src/sudo.c:368 src/sudo_edit.c:494 src/sudo_edit.c:559 #, c-format msgid "unable to open %s" msgstr "nu se poate deschide %s" -#: lib/util/mkdir_parents.c:84 +#: lib/util/mkdir_parents.c:83 #, c-format msgid "unable to mkdir %s" msgstr "nu se poate mkdir %s" -#: lib/util/mkdir_parents.c:93 lib/util/sudo_conf.c:591 +#: lib/util/mkdir_parents.c:92 lib/util/sudo_conf.c:681 src/copy_file.c:150 #, c-format msgid "unable to stat %s" msgstr "nu se poate stat %s" -#: lib/util/mkdir_parents.c:98 +#: lib/util/mkdir_parents.c:97 #, c-format msgid "%s exists but is not a directory (0%o)" msgstr "%s există dar nu este un director (0%o)" @@ -123,7 +131,7 @@ msgstr "Semnal necunoscut" #: lib/util/strtoid.c:87 lib/util/strtomode.c:52 lib/util/strtonum.c:148 -#: lib/util/strtonum.c:187 +#: lib/util/strtonum.c:187 src/sesh.c:146 src/sesh.c:159 msgid "invalid value" msgstr "valoare nevalidă" @@ -135,306 +143,429 @@ msgid "value too small" msgstr "valoare prea mică" -#: lib/util/sudo_conf.c:205 +#: lib/util/sudo_conf.c:237 #, c-format msgid "invalid Path value \"%s\" in %s, line %u" -msgstr "valoare de cale nevalidă „%s” în %s, linia %u" +msgstr "valoare de cale(path) nevalidă „%s” în %s, linia %u" -#: lib/util/sudo_conf.c:371 lib/util/sudo_conf.c:387 lib/util/sudo_conf.c:440 +#: lib/util/sudo_conf.c:403 lib/util/sudo_conf.c:419 lib/util/sudo_conf.c:472 #, c-format msgid "invalid value for %s \"%s\" in %s, line %u" msgstr "valoare nevalidă pentru %s „%s” în %s, linia %u" -#: lib/util/sudo_conf.c:408 +#: lib/util/sudo_conf.c:440 #, c-format msgid "unsupported group source \"%s\" in %s, line %u" msgstr "sursă de grup nesuportată „%s” în %s, linia %u" -#: lib/util/sudo_conf.c:424 +#: lib/util/sudo_conf.c:456 #, c-format msgid "invalid max groups \"%s\" in %s, line %u" msgstr "grupuri maxime nevalide „%s” în %s, linia %u" -#: lib/util/sudo_conf.c:594 +#: lib/util/sudo_conf.c:684 #, c-format msgid "%s is not a regular file" msgstr "%s nu este un fișier regulat" -#: lib/util/sudo_conf.c:597 +#: lib/util/sudo_conf.c:687 src/copy_file.c:163 #, c-format msgid "%s is owned by uid %u, should be %u" msgstr "%s este deținut de uid-ul %u, ar trebui să fie %u" -#: lib/util/sudo_conf.c:601 +# Corectare: +# de la „inscriptibilă”, +# la „inscriptibil” +# - 1. pentru a fi =n consonanță cu celelalte mesaje +# - 2. referința este pentru fișier, și nu pentru conținutul său +#: lib/util/sudo_conf.c:691 #, c-format msgid "%s is world writable" -msgstr "%s este inscriptibilă global" +msgstr "%s este inscriptibil global" -#: lib/util/sudo_conf.c:604 +# Modificare: +# de la: „este inscriptibil pe grup” +# la:„este inscriptibil de către grup” +#: lib/util/sudo_conf.c:694 #, c-format msgid "%s is group writable" -msgstr "%s este inscriptibil pe grup" +msgstr "%s este inscriptibil de către grup" + +# Notă: +# de întrebat băieții de la sudo, dacă se poate traduce (y/n) precum (d/n) sau nu... +# și bineînțeles..., ca programul să răspundă cu +# normalitate la schimbarea făcută +#: src/copy_file.c:93 +#, c-format +msgid "%s: truncate %s to zero bytes? (y/n) [n] " +msgstr "%s: se trunchiază %s la zero octeți? (y/n) [n] " -#: src/copy_file.c:118 +#: src/copy_file.c:97 +#, c-format +msgid "not overwriting %s" +msgstr "nu se suprascrie %s" + +# Corectare: +# de la „scrie” la „citi” +#: src/copy_file.c:119 #, c-format msgid "unable to read from %s" -msgstr "nu se poate scrie de la %s" +msgstr "nu se poate citi de la %s" -#: src/copy_file.c:122 src/sudo_edit.c:695 +#: src/copy_file.c:136 src/sudo_edit.c:320 #, c-format msgid "unable to write to %s" msgstr "nu se poate scrie la %s" -#: src/exec.c:128 +#: src/copy_file.c:154 src/sesh.c:218 src/sudo_edit.c:197 +#, c-format +msgid "%s: not a regular file" +msgstr "%s: nu este un fișier regulat" + +#: src/copy_file.c:158 +#, c-format +msgid "%s: bad file mode: 0%o" +msgstr "%s: mod de fișier defectuos: 0%o" + +#: src/edit_open.c:331 +msgid "unable to restore current working directory" +msgstr "nu se poate restaura directorul de lucru curent" + +#: src/exec.c:130 #, c-format msgid "unknown login class %s" msgstr "clasă de autentificare necunoscută %s" -#: src/exec.c:140 +#: src/exec.c:142 msgid "unable to set user context" msgstr "nu se poate stabili contextul utilizatorului" -#: src/exec.c:156 +#: src/exec.c:158 msgid "unable to set process priority" msgstr "nu se poate stabili prioritatea procesului" -#: src/exec.c:170 +# Modificat, de la: +# „nu se poate schimba de root la”, la: +# „nu se poate schimba directorul rădăcină la” +#: src/exec.c:175 #, c-format msgid "unable to change root to %s" -msgstr "nu se poate schimba root-ul la %s" +msgstr "nu se poate schimba directorul rădăcină la %s" -#: src/exec.c:183 src/exec.c:189 src/exec.c:196 +#: src/exec.c:188 src/exec.c:194 src/exec.c:201 #, c-format msgid "unable to change to runas uid (%u, %u)" -msgstr "nu se poate schimba la uid-ul runas (%u, %u)" +msgstr "nu se poate schimba la uid-ul run_as (%u, %u)" -#: src/exec.c:214 +#: src/exec.c:219 #, c-format msgid "unable to change directory to %s" msgstr "nu se poate schimba directorul la %s" -#: src/exec.c:218 +#: src/exec.c:223 #, c-format msgid "starting from %s" msgstr "începând de la %s" -#: src/exec.c:300 src/exec_monitor.c:564 src/exec_monitor.c:566 -#: src/exec_nopty.c:531 src/exec_pty.c:568 src/exec_pty.c:1386 -#: src/exec_pty.c:1388 src/signal.c:139 src/signal.c:153 +# Modificare: +# de la: „nu se poate stabili mânerul pentru semnalul” +# la: „nu se poate stabili manipulantul pentru semnalul” +#: src/exec.c:305 src/exec_monitor.c:565 src/exec_monitor.c:567 +#: src/exec_nopty.c:561 src/exec_pty.c:581 src/exec_pty.c:1411 +#: src/exec_pty.c:1413 src/signal.c:144 src/signal.c:151 src/signal.c:165 #, c-format msgid "unable to set handler for signal %d" -msgstr "nu se poate stabili mânerul pentru semnalul %d" +msgstr "nu se poate stabili manipulantul pentru semnalul %d" -#: src/exec_common.c:165 +#: src/exec_common.c:56 msgid "unable to remove PRIV_PROC_EXEC from PRIV_LIMIT" msgstr "nu se poate elimina PRIV_PROC_EXEC de la PRIV_LIMIT" +#: src/exec_intercept.c:112 src/exec_intercept.c:116 src/exec_intercept.c:667 +#: src/exec_intercept.c:671 src/exec_intercept.c:857 src/exec_intercept.c:861 +#: src/exec_intercept.c:872 src/exec_intercept.c:876 src/exec_monitor.c:464 +#: src/exec_monitor.c:472 src/exec_monitor.c:480 src/exec_monitor.c:487 +#: src/exec_monitor.c:494 src/exec_monitor.c:501 src/exec_monitor.c:508 +#: src/exec_monitor.c:515 src/exec_monitor.c:522 src/exec_monitor.c:529 +#: src/exec_nopty.c:221 src/exec_nopty.c:230 src/exec_nopty.c:237 +#: src/exec_nopty.c:244 src/exec_nopty.c:251 src/exec_nopty.c:258 +#: src/exec_nopty.c:265 src/exec_nopty.c:272 src/exec_nopty.c:279 +#: src/exec_nopty.c:286 src/exec_nopty.c:293 src/exec_nopty.c:300 +#: src/exec_nopty.c:308 src/exec_pty.c:706 src/exec_pty.c:711 +#: src/exec_pty.c:808 src/exec_pty.c:815 src/exec_pty.c:912 +#: src/exec_pty.c:1233 src/exec_pty.c:1242 src/exec_pty.c:1249 +#: src/exec_pty.c:1256 src/exec_pty.c:1263 src/exec_pty.c:1270 +#: src/exec_pty.c:1277 src/exec_pty.c:1284 src/exec_pty.c:1291 +#: src/exec_pty.c:1298 src/exec_pty.c:1305 src/exec_pty.c:1727 +#: src/exec_pty.c:1737 src/exec_pty.c:1782 src/exec_pty.c:1789 +#: src/exec_pty.c:1816 +msgid "unable to add event to queue" +msgstr "nu se poate adăuga evenimentul la coadă" + +#: src/exec_intercept.c:314 +msgid "invalid PolicyCheckRequest" +msgstr "PolicyCheckRequest nevalid" + +#: src/exec_intercept.c:362 src/sudo.c:1213 src/sudo.c:1258 src/sudo.c:1302 +msgid "command rejected by policy" +msgstr "comandă respinsă de politică" + +#: src/exec_intercept.c:455 src/sudo.c:1218 src/sudo.c:1263 src/sudo.c:1307 +#: src/sudo.c:1381 +msgid "policy plugin error" +msgstr "eroare de modul de politică" + +# Notă: +# am tradus mesajul ca: +# „cererea clientului este prea mare” +# e posibil ca traducerea corectă să fie: +# „cererea către client este prea mare” +# Reacțiile/opiniile utilizatorilor ar fi utile... +# Eu, unul n-am posibilitatea de-a verifica în practică, toate mesajele... +# Acesta pare să fie un mesaj pentru LDAP..., iar +# eu nu utilizez LDAP +#: src/exec_intercept.c:561 +#, c-format +msgid "client request too large: %zu" +msgstr "cererea clientului este prea mare: %zu" + +# Am tradus: +# „type_case cu o valoare neașteptată %d în %s de la %s” +# poate suna/era mai bine: +# „valoare (a) type_case neașteptată %d, în %s de la %s” +#: src/exec_intercept.c:659 +#, c-format +msgid "unexpected type_case value %d in %s from %s" +msgstr "type_case cu o valoare neașteptată %d în %s de la %s" + +#: src/exec_intercept.c:694 +#, c-format +msgid "server message too large: %zu" +msgstr "mesaj de la server prea mare: %zu" + #: src/exec_monitor.c:360 msgid "error reading from socketpair" msgstr "eroare la citirea de la socketpair" +# Notă: +# backchannel se poate traduce ca: +# canal adiacent +# canal de răspuns +# canal secundar +# canal posterior +# canal din spate #: src/exec_monitor.c:377 #, c-format msgid "unexpected reply type on backchannel: %d" msgstr "tip de răspuns neașteptat pe backchannel: %d" -#: src/exec_monitor.c:463 src/exec_monitor.c:471 src/exec_monitor.c:479 -#: src/exec_monitor.c:486 src/exec_monitor.c:493 src/exec_monitor.c:500 -#: src/exec_monitor.c:507 src/exec_monitor.c:514 src/exec_monitor.c:521 -#: src/exec_monitor.c:528 src/exec_nopty.c:214 src/exec_nopty.c:223 -#: src/exec_nopty.c:230 src/exec_nopty.c:237 src/exec_nopty.c:244 -#: src/exec_nopty.c:251 src/exec_nopty.c:258 src/exec_nopty.c:265 -#: src/exec_nopty.c:272 src/exec_nopty.c:279 src/exec_nopty.c:286 -#: src/exec_nopty.c:293 src/exec_nopty.c:301 src/exec_pty.c:693 -#: src/exec_pty.c:698 src/exec_pty.c:795 src/exec_pty.c:802 src/exec_pty.c:899 -#: src/exec_pty.c:1220 src/exec_pty.c:1229 src/exec_pty.c:1236 -#: src/exec_pty.c:1243 src/exec_pty.c:1250 src/exec_pty.c:1257 -#: src/exec_pty.c:1264 src/exec_pty.c:1271 src/exec_pty.c:1278 -#: src/exec_pty.c:1285 src/exec_pty.c:1292 src/exec_pty.c:1693 -#: src/exec_pty.c:1703 src/exec_pty.c:1748 src/exec_pty.c:1755 -#: src/exec_pty.c:1782 -msgid "unable to add event to queue" -msgstr "nu se poate adăuga evenimentul la coadă" - -#: src/exec_monitor.c:582 +#: src/exec_monitor.c:583 msgid "unable to set controlling tty" msgstr "nu se poate stabili tty de control" -#: src/exec_monitor.c:590 src/exec_nopty.c:358 src/exec_pty.c:1465 -#: src/exec_pty.c:1486 src/exec_pty.c:1506 src/tgetpass.c:304 +# Schimbat de la: 1linia de asamblare” +# la: „tubul conector” +#: src/exec_monitor.c:591 src/exec_nopty.c:369 src/exec_pty.c:1490 +#: src/exec_pty.c:1511 src/exec_pty.c:1531 src/tgetpass.c:307 msgid "unable to create pipe" -msgstr "nu se poate crea linia de asamblare" +msgstr "nu se poate crea „tubul conector”(pipe)" -#: src/exec_monitor.c:598 +# Modificat de la: „de la superior” +# la: „de la procesul părinte” +#: src/exec_monitor.c:601 msgid "unable to receive message from parent" -msgstr "nu se poate primi mesajul de la superior" +msgstr "nu se poate primi mesajul de la procesul părinte" -#: src/exec_monitor.c:612 src/exec_nopty.c:387 src/exec_pty.c:1544 -#: src/sudo_edit.c:735 src/tgetpass.c:308 +# Modificat de la: +# „nu se poate da fork” +# la: „nu se poate bifurca” +#: src/exec_monitor.c:617 src/exec_nopty.c:407 src/exec_pty.c:1569 +#: src/sudo_edit.c:361 src/tgetpass.c:311 msgid "unable to fork" -msgstr "nu se poate da fork" +msgstr "nu se poate bifurca" -#: src/exec_monitor.c:616 src/exec_monitor.c:715 src/exec_nopty.c:441 +#: src/exec_monitor.c:621 src/exec_monitor.c:722 src/exec_nopty.c:471 msgid "unable to restore tty label" msgstr "nu se poate restaura eticheta tty" -#: src/exec_monitor.c:632 src/sesh.c:126 src/sudo.c:1123 +#: src/exec_monitor.c:637 src/sesh.c:123 src/sudo.c:1164 #, c-format msgid "unable to execute %s" msgstr "nu se poate executa %s" -#: src/exec_nopty.c:352 src/exec_pty.c:1395 +#: src/exec_nopty.c:363 src/exec_pty.c:1420 msgid "policy plugin failed session initialization" msgstr "modulul de politică a eșuat la inițializarea sesiunii" -#: src/exec_nopty.c:429 src/exec_pty.c:1632 +#: src/exec_nopty.c:377 src/exec_pty.c:1391 src/exec_pty.c:1399 +msgid "unable to create sockets" +msgstr "nu se pot crea socluri" + +#: src/exec_nopty.c:459 src/exec_pty.c:1666 msgid "error in event loop" msgstr "eroare în bucla de eveniment" -#: src/exec_nopty.c:539 src/exec_pty.c:606 src/signal.c:101 +# Modificare: +# de la: „nu se poate stabili mânerul pentru semnalul” +# la: „nu se poate stabili manipulantul pentru semnalul” +#: src/exec_nopty.c:569 src/exec_pty.c:619 src/signal.c:101 #, c-format msgid "unable to restore handler for signal %d" -msgstr "nu se poate restaura mânerul pentru semnalul %d" +msgstr "nu se poate restaura manipulantul pentru semnalul %d" -#: src/exec_pty.c:152 +#: src/exec_pty.c:158 msgid "unable to allocate pty" msgstr "nu se poate aloca pty" -#: src/exec_pty.c:216 src/exec_pty.c:255 src/exec_pty.c:294 src/exec_pty.c:344 -#: src/exec_pty.c:394 +# Modificare de la: +# „Eroare de plugin I/O” +# la: „Eroare a modulului In/Ieș(I/O)” +# Pentru coerență cu restul traducerii, și nu numai... +#: src/exec_pty.c:222 src/exec_pty.c:262 src/exec_pty.c:302 src/exec_pty.c:353 +#: src/exec_pty.c:404 msgid "I/O plugin error" -msgstr "Eroare de plugin I/O" +msgstr "Eroare a modulului In/Ieș(I/O)" -#: src/exec_pty.c:219 src/exec_pty.c:258 src/exec_pty.c:297 src/exec_pty.c:347 -#: src/exec_pty.c:397 +#: src/exec_pty.c:226 src/exec_pty.c:266 src/exec_pty.c:306 src/exec_pty.c:357 +#: src/exec_pty.c:408 msgid "command rejected by I/O plugin" -msgstr "comandă respinsă de modulul I/O" +msgstr "comandă respinsă de modulul In/Ieș/(I/O)" -#: src/exec_pty.c:444 +#: src/exec_pty.c:455 msgid "error logging suspend" msgstr "eroare la suspendarea jurnalizării" -#: src/exec_pty.c:477 +#: src/exec_pty.c:489 msgid "error changing window size" msgstr "eroare la schimbarea dimensiunii ferestrei" -#: src/exec_pty.c:1375 -msgid "unable to create sockets" -msgstr "nu se pot crea socluri" - -#: src/exec_pty.c:1587 +#: src/exec_pty.c:1615 msgid "unable to send message to monitor process" msgstr "nu se poate trimite mesajul la procesul de monitorizare" -#: src/load_plugins.c:50 src/load_plugins.c:63 src/load_plugins.c:85 -#: src/load_plugins.c:115 src/load_plugins.c:129 src/load_plugins.c:135 -#: src/load_plugins.c:287 src/load_plugins.c:297 src/load_plugins.c:307 -#: src/load_plugins.c:353 +#: src/load_plugins.c:108 src/load_plugins.c:122 src/load_plugins.c:128 +#: src/load_plugins.c:277 src/load_plugins.c:287 src/load_plugins.c:297 +#: src/load_plugins.c:344 #, c-format msgid "error in %s, line %d while loading plugin \"%s\"" msgstr "eroare în %s, linia %d în timpul încărcării modulului „%s”" -#: src/load_plugins.c:87 -#, c-format -msgid "%s%s: %s" -msgstr "%s%s: %s" - -#: src/load_plugins.c:131 +#: src/load_plugins.c:124 #, c-format msgid "%s must be owned by uid %d" msgstr "%s trebuie să fie deținut de uid-ul %d" -#: src/load_plugins.c:137 +# Modificat de la: „deținător” +# la: „proprietar” +# Explicația: +# proprietarul poate, și deobicei este deasemeni deținător (de ceva) +# în schimb, deținătorul decît deține ceva, deobicei este vremelnic(sau pe un timp determinat) +# Exp: +# arendașul, deține un teren(deobicei agricol, deci e un deținător de teren) drept pentru care se poate folosi de acel teren pe timpul și în condițiile financiare stabilite de proprietarul acelui teren(care este singurul care are drepturi depline asupra acelui teren. +#: src/load_plugins.c:130 #, c-format msgid "%s must be only be writable by owner" -msgstr "%s trebuie să fie inscriptibil doar de deținător" +msgstr "%s trebuie să fie inscriptibil doar de proprietar" -#: src/load_plugins.c:247 src/load_plugins.c:322 +#: src/load_plugins.c:241 src/load_plugins.c:312 #, c-format msgid "ignoring duplicate plugin \"%s\" in %s, line %d" msgstr "se ignoră modulul duplicat „%s” în %s, linia %d" -#: src/load_plugins.c:289 +#: src/load_plugins.c:279 #, c-format msgid "unable to load %s: %s" msgstr "nu se poate încărca %s: %s" -#: src/load_plugins.c:299 +#: src/load_plugins.c:289 #, c-format msgid "unable to find symbol \"%s\" in %s" msgstr "nu se poate găsi simbolul „%s” în %s" -#: src/load_plugins.c:309 +# Corectat: +# de la: „versiune majoră a modulului incompatibilă %d (s-a așteptat %d) găsită în %s” +# la: „versiune majoră a modulului incompatibilă %d (se aștepta %d) găsită în %s" +# Observație: +# e posibil ca poziția corectă a primei variabile, „%d”; +# să fie: +# „versiune majoră a modulului %d incompatibilă” +#: src/load_plugins.c:299 #, c-format msgid "incompatible plugin major version %d (expected %d) found in %s" -msgstr "versiune majoră a modulului incompatibilă %d (s-a așteptat %d) găsită în %s" +msgstr "versiune majoră a modulului incompatibilă %d (se aștepta %d) găsită în %s" -#: src/load_plugins.c:327 +#: src/load_plugins.c:317 #, c-format msgid "ignoring policy plugin \"%s\" in %s, line %d" msgstr "se ignoră modulul de politică „%s” în %s, linia %d" -#: src/load_plugins.c:329 +#: src/load_plugins.c:320 msgid "only a single policy plugin may be specified" msgstr "doar un singur modul de politică poate fi specificat" -#: src/load_plugins.c:355 +#: src/load_plugins.c:346 #, c-format msgid "unknown plugin type %d found in %s" msgstr "tip de modul necunoscut %d găsit în %s" -#: src/load_plugins.c:541 +#: src/load_plugins.c:529 #, c-format msgid "policy plugin %s does not include a check_policy method" msgstr "modulul de politică %s nu include o metodă check_policy" -#: src/net_ifs.c:178 src/net_ifs.c:195 src/net_ifs.c:340 src/sudo.c:477 +#: src/net_ifs.c:210 src/net_ifs.c:376 src/net_ifs.c:437 src/net_ifs.c:624 +#: src/net_ifs.c:855 src/sudo.c:483 src/sudo_edit.c:398 src/sudo_edit.c:406 #, c-format msgid "internal error, %s overflow" msgstr "eroare internă, supraplin %s" -#: src/parse_args.c:218 +#: src/parse_args.c:232 #, c-format msgid "invalid environment variable name: %s" msgstr "nume de variabilă de mediu nevalid: %s" -#: src/parse_args.c:319 +# Modificat de la: „mai mare decît sau egal cu 3” +# la: „mai mare sau egal cu 3” +#: src/parse_args.c:335 msgid "the argument to -C must be a number greater than or equal to 3" -msgstr "argumentul la -C trebuie să fie un număr mai mare decât sau egal cu 3" +msgstr "argumentul la -C trebuie să fie un număr mai mare sau egal cu 3" -#: src/parse_args.c:532 +# Modificat de la: „trebuie să specificați amândouă opțiunile -i și -s” +# la: „nu puteți specifica ambele opțiuni, -i și -s” +# ATENȚIE, și la traducerea următoare, mesajul de tradus este aproape identic acestuia, traducerea nu chiar... +#: src/parse_args.c:566 msgid "you may not specify both the -i and -s options" -msgstr "trebuie să specificați amândouă opțiunile -i și -s" +msgstr "nu puteți specifica ambele opțiuni, -i și -s" -#: src/parse_args.c:536 +#: src/parse_args.c:571 msgid "you may not specify both the -i and -E options" msgstr "nu puteți specifica amândouă opțiunile -i și -E" -#: src/parse_args.c:546 +#: src/parse_args.c:581 msgid "the -E option is not valid in edit mode" msgstr "opțiunea -E nu este validă în modul editare" -#: src/parse_args.c:548 +#: src/parse_args.c:584 msgid "you may not specify environment variables in edit mode" msgstr "nu puteți specifica variabile de mediu în modul editare" -#: src/parse_args.c:557 +#: src/parse_args.c:594 msgid "the -U option may only be used with the -l option" msgstr "opțiunea -U poate fi utilizată doar cu opțiunea -l" -#: src/parse_args.c:561 +#: src/parse_args.c:598 msgid "the -A and -S options may not be used together" msgstr "opțiunile -A și -S nu pot fi utilizate împreună" -#: src/parse_args.c:654 +#: src/parse_args.c:691 msgid "sudoedit is not supported on this platform" msgstr "sudoedit nu este suportat pe această platformă" -#: src/parse_args.c:735 +#: src/parse_args.c:774 msgid "Only one of the -e, -h, -i, -K, -l, -s, -v or -V options may be specified" msgstr "Doar una dintre opțiunile -e, -h, -i, -K, -l, -s, -v sau -V poate fi specificată" -#: src/parse_args.c:749 +#: src/parse_args.c:790 #, c-format msgid "" "%s - edit files as another user\n" @@ -443,7 +574,7 @@ "%s - editează fișiere ca alt utilizator\n" "\n" -#: src/parse_args.c:751 +#: src/parse_args.c:792 #, c-format msgid "" "%s - execute a command as another user\n" @@ -452,8 +583,7 @@ "%s - execută o comandă ca alt utilizator\n" "\n" -#: src/parse_args.c:756 -#, c-format +#: src/parse_args.c:798 msgid "" "\n" "Options:\n" @@ -461,217 +591,228 @@ "\n" "Opțiuni:\n" -#: src/parse_args.c:758 +# Întrebare: cum sună mai bine? +# - „utilizează un program de ajutor pentru solicitarea parolei” +# sau: +# - „utilizează un program auxiliar pentru solicitarea parolei” +# Recenzie, Daniel Șegărceanu: a doua variantă, sună mai bine. +# Am aplicat-o, în fond era și impresia mea, dar nu vroiam să modific prea mult fișierul... +#: src/parse_args.c:800 msgid "use a helper program for password prompting" -msgstr "utilizează un program de ajutor pentru solicitarea parolei" +msgstr "utilizează un program auxiliar pentru solicitarea parolei" -#: src/parse_args.c:761 +#: src/parse_args.c:803 msgid "use specified BSD authentication type" msgstr "utilizează un tip de autentificare BSD specificat" -#: src/parse_args.c:764 +#: src/parse_args.c:807 msgid "run command in the background" msgstr "rulează comanda în fundal" -#: src/parse_args.c:766 +#: src/parse_args.c:810 msgid "ring bell when prompting" msgstr "sună din clopoțel atunci când se solicită" -#: src/parse_args.c:768 +#: src/parse_args.c:812 msgid "close all file descriptors >= num" msgstr "închide toți descriptorii de fișier >= num" -#: src/parse_args.c:771 +#: src/parse_args.c:815 msgid "run command with the specified BSD login class" msgstr "rulează comanda cu clasa de autentificare BSD specificată" -#: src/parse_args.c:774 +#: src/parse_args.c:818 +msgid "change the working directory before running command" +msgstr "schimbă directorul de lucru înainte de-a executa comanda" + +#: src/parse_args.c:821 msgid "preserve user environment when running command" msgstr "păstrează mediul utilizatorului atunci când se rulează comanda" -#: src/parse_args.c:776 +#: src/parse_args.c:823 msgid "preserve specific environment variables" msgstr "păstrează variabile de mediu specifice" -#: src/parse_args.c:778 +#: src/parse_args.c:825 msgid "edit files instead of running a command" msgstr "editează fișiere în locul rulării unei comenzi" -#: src/parse_args.c:780 +# Modificat de la: „rulează comanda ca numele sau ID-ul de grup specificat" +# la: +# „rulează comanda ca grupul cu numele sau ID-ul specificat” +#: src/parse_args.c:828 msgid "run command as the specified group name or ID" -msgstr "rulează comanda ca numele sau ID-ul de grup specificat" +msgstr "rulează comanda ca grupul cu numele sau ID-ul specificat" -#: src/parse_args.c:782 +#: src/parse_args.c:831 msgid "set HOME variable to target user's home dir" msgstr "stabilește variabila HOME să țintească spre directorul personal al utilizatorului" -#: src/parse_args.c:784 +#: src/parse_args.c:834 msgid "display help message and exit" -msgstr "afișează mesajul de ajutor și ieși" +msgstr "afișează mesajul de ajutor și iese" -#: src/parse_args.c:786 +#: src/parse_args.c:836 msgid "run command on host (if supported by plugin)" msgstr "rulează comanda pe gazdă (dacă este suportat de modul)" -#: src/parse_args.c:788 +#: src/parse_args.c:839 msgid "run login shell as the target user; a command may also be specified" msgstr "rulează shell-ul de autentificare ca utilizatorul țintă; o comandă poate fi, de asemenea, specificată" -#: src/parse_args.c:790 +#: src/parse_args.c:841 msgid "remove timestamp file completely" msgstr "elimină complet fișierul de datare" -#: src/parse_args.c:792 +#: src/parse_args.c:844 msgid "invalidate timestamp file" msgstr "invalidează fișierul de datare" -#: src/parse_args.c:794 +#: src/parse_args.c:847 msgid "list user's privileges or check a specific command; use twice for longer format" msgstr "listează privilegiile utilizatorului sau verifică o comandă specifică; utilizează de două ori pentru formatul mai lung" -#: src/parse_args.c:796 +#: src/parse_args.c:850 msgid "non-interactive mode, no prompts are used" msgstr "mod neinteractiv, nu sunt utilizate solicitări" -#: src/parse_args.c:798 +#: src/parse_args.c:853 msgid "preserve group vector instead of setting to target's" msgstr "păstrează vectorul grupului în loc să configurați pe cel al țintei" -#: src/parse_args.c:800 +#: src/parse_args.c:856 msgid "use the specified password prompt" msgstr "utilizează solicitarea de parolă specificată" -#: src/parse_args.c:803 +#: src/parse_args.c:858 +msgid "change the root directory before running command" +msgstr "schimbă la directorul rădăcină, înainte de a rula comanda" + +#: src/parse_args.c:861 msgid "create SELinux security context with specified role" msgstr "creează contextul de securitate SELinux cu rolul specificat" -#: src/parse_args.c:806 +#: src/parse_args.c:864 msgid "read password from standard input" msgstr "citește parola de la intrarea standard" -#: src/parse_args.c:808 +#: src/parse_args.c:867 msgid "run shell as the target user; a command may also be specified" msgstr "rulează shell-ul ca utilizatorul țintă; o comandă poate fi, de asemenea, specificată" -#: src/parse_args.c:811 +#: src/parse_args.c:871 msgid "create SELinux security context with specified type" msgstr "creează contextul de securitate SELinux cu tipul specificat" -#: src/parse_args.c:814 +#: src/parse_args.c:874 msgid "terminate command after the specified time limit" msgstr "termină comanda după limita de timp specificată" -#: src/parse_args.c:816 +#: src/parse_args.c:877 msgid "in list mode, display privileges for user" msgstr "în modul listă, afișează privilegiile pentru utilizator" -#: src/parse_args.c:818 +# Modificat de la: +# „rulează comanda (sau fișierul de editare) ca nume specificat sau ID de utilizator” +# la: +# „rulează comanda (sau editează fișierul) ca utilizator cu numele sau ID-ul specificat” +#: src/parse_args.c:880 msgid "run command (or edit file) as specified user name or ID" -msgstr "rulează comanda (sau fișierul de editare) ca nume de utilizator sau ID specificat" +msgstr "rulează comanda (sau editează fișierul) ca utilizator cu numele sau ID-ul specificat" -#: src/parse_args.c:820 +#: src/parse_args.c:882 msgid "display version information and exit" -msgstr "afișează informațiile de versiune și ieși" +msgstr "afișează informațiile de versiune și iese" -#: src/parse_args.c:822 +#: src/parse_args.c:885 msgid "update user's timestamp without running a command" msgstr "actualizează datarea utilizatorului fără să se ruleze o comandă" -#: src/parse_args.c:824 +#: src/parse_args.c:888 msgid "stop processing command line arguments" -msgstr "oprește procesarea argumentelor în linie de comandă" +msgstr "oprește procesarea argumentelor în linia de comandă" -#: src/selinux.c:84 +#: src/selinux.c:83 msgid "unable to open audit system" -msgstr "nu se poate deschide sistemul audit" +msgstr "nu se poate deschide sistemul auditare" -#: src/selinux.c:94 +#: src/selinux.c:93 msgid "unable to send audit message" -msgstr "nu se poate trimite mesajul audit" +msgstr "nu se poate trimite mesajul de auditare" -#: src/selinux.c:128 +#: src/selinux.c:129 #, c-format msgid "unable to fgetfilecon %s" msgstr "nu se poate fgetfilecon %s" -#: src/selinux.c:133 +#: src/selinux.c:134 #, c-format msgid "%s changed labels" msgstr "etichete modificate %s" -#: src/selinux.c:141 +#: src/selinux.c:142 #, c-format msgid "unable to restore context for %s" msgstr "nu se poate restaura contextul pentru %s" -#: src/selinux.c:189 +#: src/selinux.c:190 #, c-format msgid "unable to open %s, not relabeling tty" msgstr "nu se poate deschide %s, nu se etichetează din nou tty" -#: src/selinux.c:193 src/selinux.c:238 src/selinux.c:268 +#: src/selinux.c:194 src/selinux.c:239 src/selinux.c:269 #, c-format msgid "%s is not a character device, not relabeling tty" msgstr "%s nu este un dispozitiv de caracter, nu se etichetează din nou tty" -#: src/selinux.c:202 +#: src/selinux.c:203 msgid "unable to get current tty context, not relabeling tty" msgstr "nu se poate obține contextul tty curent, nu se etichetează din nou tty" -#: src/selinux.c:209 +#: src/selinux.c:210 msgid "unknown security class \"chr_file\", not relabeling tty" msgstr "clasă de securitate necunoscută „chr_file”, nu se etichetează din nou tty" -#: src/selinux.c:214 +#: src/selinux.c:215 msgid "unable to get new tty context, not relabeling tty" msgstr "nu se poate obține contextul tty nou, nu se etichetează din nou tty" -#: src/selinux.c:223 +#: src/selinux.c:224 msgid "unable to set new tty context" msgstr "nu se poate stabili contextul tty nou" -#: src/selinux.c:321 -#, c-format -msgid "you must specify a role for type %s" -msgstr "trebuie să specificați un rol pentru tipul %s" - #: src/selinux.c:327 +msgid "failed to get new context" +msgstr "nu s-a putut obține contextul nou" + +#: src/selinux.c:345 #, c-format msgid "unable to get default type for role %s" msgstr "nu se poate obține tipul implicit pentru rolul %s" -#: src/selinux.c:339 -msgid "failed to get new context" -msgstr "nu s-a putu obține contextul nou" - -#: src/selinux.c:348 +#: src/selinux.c:357 #, c-format msgid "failed to set new role %s" msgstr "nu s-a putut stabili rolul nou %s" -#: src/selinux.c:352 +#: src/selinux.c:361 #, c-format msgid "failed to set new type %s" msgstr "nu s-a putut stabili tipul nou %s" -#: src/selinux.c:364 +#: src/selinux.c:373 #, c-format msgid "%s is not a valid context" msgstr "%s nu este un context valid" -#: src/selinux.c:396 +#: src/selinux.c:402 msgid "failed to get old context" msgstr "nu s-a putut obține contextul vechi" -#: src/selinux.c:402 +#: src/selinux.c:408 msgid "unable to determine enforcing mode." msgstr "nu se poate determina modul de impunere." -#: src/selinux.c:419 -#, c-format -msgid "unable to set tty context to %s" -msgstr "nu se poate stabili contextul tty la %s" - #: src/selinux.c:440 #, c-format msgid "unable to set exec context to %s" @@ -682,24 +823,47 @@ msgid "unable to set key creation context to %s" msgstr "nu se poate stabili contextul de creare a cheii la %s" -#: src/sesh.c:78 +#: src/sesh.c:72 msgid "requires at least one argument" msgstr "necesită cel puțin un argument" -#: src/sesh.c:107 +#: src/sesh.c:104 #, c-format msgid "invalid file descriptor number: %s" msgstr "număr de descriptor de fișier nevalid: %s" -#: src/sesh.c:121 +#: src/sesh.c:118 #, c-format msgid "unable to run %s as a login shell" msgstr "nu se poate rula %s ca shell de autentificare" +#: src/sesh.c:200 src/sesh.c:300 src/sudo_edit.c:204 +#, c-format +msgid "%s: editing symbolic links is not permitted" +msgstr "%s: editarea legăturilor simbolice nu este permisă" + +#: src/sesh.c:203 src/sesh.c:303 src/sudo_edit.c:207 +#, c-format +msgid "%s: editing files in a writable directory is not permitted" +msgstr "%s: editarea fișierelor într-un director inscriptibil nu este permisă" + +#: src/sesh.c:287 src/sesh.c:308 src/sesh.c:317 src/sesh.c:325 +#: src/sudo_edit.c:331 +#, c-format +msgid "contents of edit session left in %s" +msgstr "conținutul sesiunii de editare rămase în %s" + +#: src/sesh.c:416 src/sudo_edit.c:94 +msgid "unable to get group list" +msgstr "nu se poate obține lista de grup %s" + +# Modificare: +# de la: „nu se poate stabili mânerul pentru semnalul” +# la: „nu se poate stabili manipulantul pentru semnalul” #: src/signal.c:79 #, c-format msgid "unable to save handler for signal %d" -msgstr "nu se poate salva mânerul pentru semnalul %d" +msgstr "nu se poate salva manipulantul pentru semnalul %d" #: src/solaris.c:72 msgid "resource control limit has been reached" @@ -710,6 +874,10 @@ msgid "user \"%s\" is not a member of project \"%s\"" msgstr "utilizatorul „%s” nu este un membru al proiectului „%s”" +# sarcina de invocare este finală +# sau: +# sarcina de invocare este definitivă +# NOTĂ. mesajul este pentru un sistem „Solaris”, așa că în curând e posibil să dispară din «repertoar» #: src/solaris.c:79 msgid "the invoking task is final" msgstr "sarcina de invocare este finală" @@ -742,205 +910,202 @@ #: src/solaris.c:106 #, c-format msgid "warning, resource control assignment failed for project \"%s\"" -msgstr "avertisment, alocarea controlului de resurse a eșuat pentru proiectul „%s”" +msgstr "avertizare, alocarea controlului de resurse a eșuat pentru proiectul „%s”" -#: src/sudo.c:219 +#: src/sudo.c:213 #, c-format msgid "Sudo version %s\n" msgstr "Versiune sudo %s\n" -#: src/sudo.c:221 +#: src/sudo.c:215 #, c-format msgid "Configure options: %s\n" msgstr "Configurează opțiunile: %s\n" -#: src/sudo.c:230 +#: src/sudo.c:223 msgid "fatal error, unable to load plugins" msgstr "eroare fatală, nu se pot încărca modulele" -#: src/sudo.c:275 +#: src/sudo.c:269 msgid "plugin did not return a command to execute" msgstr "modulul nu a întors o comandă de executat" -#: src/sudo.c:310 +#: src/sudo.c:302 #, c-format msgid "unexpected sudo mode 0x%x" msgstr "mod sudo neașteptat 0x%x" -#: src/sudo.c:543 +#: src/sudo.c:550 #, c-format msgid "you do not exist in the %s database" msgstr "nu existați în baza de date %s" -#: src/sudo.c:600 +#: src/sudo.c:607 msgid "unable to determine tty" msgstr "nu se poate determina tty" -#: src/sudo.c:905 +#: src/sudo.c:948 #, c-format msgid "%s must be owned by uid %d and have the setuid bit set" msgstr "%s trebuie să fie deținut de uid-ul %d și să aibă bitul setuid stabilit" -#: src/sudo.c:908 +# Notă: eficient -> efectiv +#: src/sudo.c:951 #, c-format msgid "effective uid is not %d, is %s on a file system with the 'nosuid' option set or an NFS file system without root privileges?" -msgstr "uid-ul eficient nu este %d, este %s pe un sistem de fișiere cu opțiunea „nosuid” stabilită sau un sistem de fișiere NFS fără privilegii de root?" +msgstr "uid-ul efectiv nu este %d, este %s pe un sistem de fișiere cu opțiunea „nosuid” stabilită sau un sistem de fișiere NFS fără privilegii de root?" -#: src/sudo.c:914 +#: src/sudo.c:957 #, c-format msgid "effective uid is not %d, is sudo installed setuid root?" -msgstr "uid-ul eficient nu este %d, este sudo instalat root setuid?" +msgstr "uid-ul efectiv nu este %d, este sudo instalat root setuid?" -#: src/sudo.c:930 +#: src/sudo.c:973 src/tgetpass.c:333 msgid "unable to set supplementary group IDs" msgstr "nu se pot stabili ID-urile de grup suplimentare" -#: src/sudo.c:937 +# Notă: eficiente -> efective +#: src/sudo.c:980 #, c-format msgid "unable to set effective gid to runas gid %u" -msgstr "nu se pot stabili gid-uri eficiente către gid-uri runas %u" +msgstr "nu se pot stabili gid-uri efective către gid-uri run_as %u" -#: src/sudo.c:943 +#: src/sudo.c:986 #, c-format msgid "unable to set gid to runas gid %u" -msgstr "nu se poate stabili gid-ul către gid-ul runas %u" +msgstr "nu se poate stabili gid-ul către gid-ul run_as %u" -#: src/sudo.c:986 +#: src/sudo.c:1029 #, c-format msgid "unexpected child termination condition: %d" -msgstr "condiție de terminare a inferiorului neașteptată: %d" +msgstr "condiție de terminare a procesului copil neașteptată: %d" -#: src/sudo.c:1095 +#: src/sudo.c:1136 msgid "unable to initialize policy plugin" msgstr "nu se poate inițializa modulul de politică" -#: src/sudo.c:1158 +#: src/sudo.c:1198 #, c-format msgid "policy plugin %s is missing the \"check_policy\" method" msgstr "modulului de politică %s îi lipsește metoda „check_policy”" -#: src/sudo.c:1173 src/sudo.c:1226 src/sudo.c:1270 -msgid "command rejected by policy" -msgstr "comandă respinsă de politică" - -#: src/sudo.c:1178 src/sudo.c:1231 src/sudo.c:1275 -msgid "policy plugin error" -msgstr "eroare de modul de politică" - -#: src/sudo.c:1212 +#: src/sudo.c:1244 #, c-format msgid "policy plugin %s does not support listing privileges" msgstr "modulul de politică %s nu suportă listarea privilegiilor" -#: src/sudo.c:1256 +#: src/sudo.c:1288 #, c-format msgid "policy plugin %s does not support the -v option" msgstr "modulul de politică %s nu suportă opțiunea -v" -#: src/sudo.c:1294 +#: src/sudo.c:1326 #, c-format msgid "policy plugin %s does not support the -k/-K options" msgstr "modulul de politică %s nu suportă opțiunile -k/-K" -#: src/sudo.c:1423 +#: src/sudo.c:1455 #, c-format msgid "error initializing I/O plugin %s" -msgstr "eroare la inițializarea modulului I/O %s" +msgstr "eroare la inițializarea modulului In/Ieș(I/O) %s" + +#: src/sudo.c:1458 +msgid "error initializing I/O plugin" +msgstr "eroare la inițializarea modulului In/Ieș(I/O)" -#: src/sudo.c:1577 +#: src/sudo.c:1607 #, c-format msgid "error initializing audit plugin %s" -msgstr "eroare la inițializarea modulului audit %s" +msgstr "eroare la inițializarea modulului auditare %s" -#: src/sudo.c:1755 +#: src/sudo.c:1686 +#, c-format +msgid "%s: unable to log error event%s%s" +msgstr "%s: nu se poate înregistra evenimentul de eroare%s%s" + +#: src/sudo.c:1722 +#, c-format +msgid "%s: unable to log accept event%s%s" +msgstr "%s: nu se poate înregistra evenimentul de acceptare%s%s" + +#: src/sudo.c:1727 src/sudo.c:1765 +msgid "audit plugin error" +msgstr "eroare a modulului de auditare" + +#: src/sudo.c:1760 +#, c-format +msgid "%s: unable to log reject event%s%s" +msgstr "%s: nu se poate înregistra evenimentul de respingere%s%s" + +#: src/sudo.c:1820 #, c-format msgid "error initializing approval plugin %s" msgstr "eroare la inițializarea modulului de aprobare %s" -#: src/sudo.c:1831 +#: src/sudo.c:1890 msgid "command rejected by approver" msgstr "comandă respinsă de aprobator" -#: src/sudo.c:1840 +#: src/sudo.c:1900 msgid "approval plugin error" msgstr "eroare la modulul de aprobare" -#: src/sudo_edit.c:226 +#: src/sudo_edit.c:113 msgid "no writable temporary directory found" msgstr "nu s-a găsit niciun director temporar inscriptibil" -#: src/sudo_edit.c:351 -msgid "unable to restore current working directory" -msgstr "nu se poate restaura directorul de lucru curent" - -#: src/sudo_edit.c:566 src/sudo_edit.c:666 -#, c-format -msgid "%s: not a regular file" -msgstr "%s: nu este un fișier regulat" - -#: src/sudo_edit.c:573 -#, c-format -msgid "%s: editing symbolic links is not permitted" -msgstr "%s: editarea legăturilor simbolice nu este permisă" - -#: src/sudo_edit.c:576 -#, c-format -msgid "%s: editing files in a writable directory is not permitted" -msgstr "%s: editarea fișierelor într-un director inscriptibil nu este permisă" - -#: src/sudo_edit.c:667 +#: src/sudo_edit.c:291 #, c-format msgid "%s left unmodified" msgstr "%s lăsat nemodificat" -#: src/sudo_edit.c:680 src/sudo_edit.c:871 +#: src/sudo_edit.c:304 src/sudo_edit.c:571 #, c-format msgid "%s unchanged" msgstr "%s neschimbat" -#: src/sudo_edit.c:706 src/sudo_edit.c:907 -#, c-format -msgid "contents of edit session left in %s" -msgstr "conținutul sesiunii de editare rămase în %s" - -#: src/sudo_edit.c:814 +#: src/sudo_edit.c:481 msgid "sesh: internal error: odd number of paths" -msgstr "sesh: eroare internă: număr impar de căi" +msgstr "sesh: eroare internă: număr impar de căi(paths)" -#: src/sudo_edit.c:816 +#: src/sudo_edit.c:483 msgid "sesh: unable to create temporary files" msgstr "sesh: nu se pot crea fișierele temporare" -#: src/sudo_edit.c:818 src/sudo_edit.c:900 +#: src/sudo_edit.c:485 src/sudo_edit.c:609 msgid "sesh: killed by a signal" msgstr "sesh: omorât de un semnal" -#: src/sudo_edit.c:820 src/sudo_edit.c:903 +#: src/sudo_edit.c:487 src/sudo_edit.c:612 #, c-format msgid "sesh: unknown error %d" msgstr "sesh: eroare necunoscută %d" -#: src/sudo_edit.c:894 +#: src/sudo_edit.c:602 msgid "unable to copy temporary files back to their original location" msgstr "nu se pot copia fișierele temporare înapoi la locația lor originală" -#: src/sudo_edit.c:897 +#: src/sudo_edit.c:606 msgid "unable to copy some of the temporary files back to their original location" msgstr "nu se pot copia o parte din fișierele temporare înapoi la locația lor originală" -#: src/sudo_edit.c:941 +#: src/sudo_edit.c:649 #, c-format msgid "unable to change uid to root (%u)" msgstr "nu se poate schimba uid-ul la root (%u)" -#: src/sudo_edit.c:958 +#: src/sudo_edit.c:670 msgid "plugin error: missing file list for sudoedit" msgstr "eroare de modul: lipsește lista de fișiere pentru sudoedit" -#: src/sudo_edit.c:1009 src/sudo_edit.c:1022 +#: src/sudo_edit.c:713 src/sudo_edit.c:727 msgid "unable to read the clock" msgstr "nu se poate citi ceasul" +#: src/sudo_intercept_common.c:341 +msgid "intercept port not set" +msgstr "portul de interceptare nu este definit" + #: src/tgetpass.c:95 msgid "timed out reading password" msgstr "limită de timp atinsă pentru citirea parolei" @@ -953,41 +1118,50 @@ msgid "unable to read password" msgstr "nu se poate citi parola" -#: src/tgetpass.c:140 +#: src/tgetpass.c:141 msgid "a terminal is required to read the password; either use the -S option to read from standard input or configure an askpass helper" msgstr "un terminal este necesar pentru a citit parola; ori utilizați opțiunea -S pentru a citi de la intrarea standard ori configurați un ajutor askpass" -#: src/tgetpass.c:150 +#: src/tgetpass.c:152 msgid "no askpass program specified, try setting SUDO_ASKPASS" msgstr "nu s-a specificat niciun program askpass, încercați să stabiliți SUDO_ASKPASS" -#: src/tgetpass.c:325 +#: src/tgetpass.c:328 #, c-format msgid "unable to set gid to %u" msgstr "nu se poate stabili gid-ul la %u" -#: src/tgetpass.c:329 +#: src/tgetpass.c:338 #, c-format msgid "unable to set uid to %u" msgstr "nu se poate stabili uid-ul la %u" -#: src/tgetpass.c:334 +#: src/tgetpass.c:343 #, c-format msgid "unable to run %s" msgstr "nu se poate rula %s" -#: src/utmp.c:287 +#: src/utmp.c:288 msgid "unable to save stdin" msgstr "nu se poate salva stdin" -#: src/utmp.c:289 +#: src/utmp.c:290 msgid "unable to dup2 stdin" msgstr "nu se poate dup2 stdin" -#: src/utmp.c:292 +#: src/utmp.c:293 msgid "unable to restore stdin" msgstr "nu se poate restaura stdin" +#~ msgid "%s%s: %s" +#~ msgstr "%s%s: %s" + +#~ msgid "you must specify a role for type %s" +#~ msgstr "trebuie să specificați un rol pentru tipul %s" + +#~ msgid "unable to set tty context to %s" +#~ msgstr "nu se poate stabili contextul tty la %s" + #~ msgid "%s: short write" #~ msgstr "%s: scris scurt" Binary files /tmp/tmpi0rdlgnl/ugezXHF7Xt/sudo-1.9.5p2/po/sr.mo and /tmp/tmpi0rdlgnl/jboyaHmwzR/sudo-1.9.9/po/sr.mo differ diff -Nru sudo-1.9.5p2/po/sr.po sudo-1.9.9/po/sr.po --- sudo-1.9.5p2/po/sr.po 2021-01-09 20:12:16.000000000 +0000 +++ sudo-1.9.9/po/sr.po 2022-01-27 21:24:22.000000000 +0000 @@ -1,12 +1,12 @@ # Serbian translations for sudo package. # This file is put in the public domain. -# Мирослав Николић , 2011—2020. +# Мирослав Николић , 2011–2021. msgid "" msgstr "" -"Project-Id-Version: sudo-1.9.3b1\n" +"Project-Id-Version: sudo-1.9.9b1\n" "Report-Msgid-Bugs-To: https://bugzilla.sudo.ws\n" -"POT-Creation-Date: 2020-09-12 08:28-0600\n" -"PO-Revision-Date: 2020-12-11 07:41+0200\n" +"POT-Creation-Date: 2021-12-08 10:19-0700\n" +"PO-Revision-Date: 2021-12-11 20:01+0200\n" "Last-Translator: Мирослав Николић \n" "Language-Team: Serbian <(nothing)>\n" "Language: sr\n" @@ -30,87 +30,94 @@ msgstr "не могу да повратим регистар" #: lib/util/aix.c:272 lib/util/gidlist.c:66 lib/util/gidlist.c:76 -#: lib/util/json.c:54 lib/util/json.c:180 lib/util/sudo_conf.c:186 -#: lib/util/sudo_conf.c:272 lib/util/sudo_conf.c:349 lib/util/sudo_conf.c:575 -#: src/conversation.c:80 src/exec_common.c:106 src/exec_common.c:122 -#: src/exec_common.c:131 src/exec_monitor.c:206 src/exec_monitor.c:455 -#: src/exec_monitor.c:461 src/exec_monitor.c:469 src/exec_monitor.c:477 -#: src/exec_monitor.c:484 src/exec_monitor.c:491 src/exec_monitor.c:498 -#: src/exec_monitor.c:505 src/exec_monitor.c:512 src/exec_monitor.c:519 -#: src/exec_monitor.c:526 src/exec_nopty.c:212 src/exec_nopty.c:221 -#: src/exec_nopty.c:228 src/exec_nopty.c:235 src/exec_nopty.c:242 -#: src/exec_nopty.c:249 src/exec_nopty.c:256 src/exec_nopty.c:263 -#: src/exec_nopty.c:270 src/exec_nopty.c:277 src/exec_nopty.c:284 -#: src/exec_nopty.c:291 src/exec_nopty.c:299 src/exec_nopty.c:473 -#: src/exec_pty.c:827 src/exec_pty.c:836 src/exec_pty.c:893 -#: src/exec_pty.c:1046 src/exec_pty.c:1218 src/exec_pty.c:1227 -#: src/exec_pty.c:1234 src/exec_pty.c:1241 src/exec_pty.c:1248 -#: src/exec_pty.c:1255 src/exec_pty.c:1262 src/exec_pty.c:1269 -#: src/exec_pty.c:1276 src/exec_pty.c:1283 src/exec_pty.c:1290 -#: src/exec_pty.c:1298 src/exec_pty.c:1740 src/load_plugins.c:52 -#: src/load_plugins.c:65 src/load_plugins.c:163 src/load_plugins.c:188 -#: src/load_plugins.c:223 src/load_plugins.c:463 src/load_plugins.c:469 -#: src/parse_args.c:181 src/parse_args.c:202 src/parse_args.c:275 -#: src/parse_args.c:616 src/parse_args.c:638 src/parse_args.c:663 -#: src/preserve_fds.c:46 src/preserve_fds.c:131 src/selinux.c:90 -#: src/selinux.c:360 src/selinux.c:489 src/selinux.c:498 src/sesh.c:115 -#: src/sudo.c:632 src/sudo.c:701 src/sudo.c:711 src/sudo.c:732 src/sudo.c:751 -#: src/sudo.c:760 src/sudo.c:769 src/sudo.c:786 src/sudo.c:828 src/sudo.c:838 -#: src/sudo.c:867 src/sudo.c:1053 src/sudo.c:1075 src/sudo.c:1373 -#: src/sudo.c:1546 src/sudo.c:1740 src/sudo.c:2084 src/sudo_edit.c:263 -#: src/sudo_edit.c:770 src/sudo_edit.c:854 src/sudo_edit.c:976 -#: src/sudo_edit.c:996 +#: lib/util/json.c:54 lib/util/json.c:183 lib/util/sudo_conf.c:218 +#: lib/util/sudo_conf.c:304 lib/util/sudo_conf.c:381 lib/util/sudo_conf.c:665 +#: src/conversation.c:80 src/exec_monitor.c:206 src/exec_monitor.c:456 +#: src/exec_monitor.c:462 src/exec_monitor.c:470 src/exec_monitor.c:478 +#: src/exec_monitor.c:485 src/exec_monitor.c:492 src/exec_monitor.c:499 +#: src/exec_monitor.c:506 src/exec_monitor.c:513 src/exec_monitor.c:520 +#: src/exec_monitor.c:527 src/exec_nopty.c:219 src/exec_nopty.c:228 +#: src/exec_nopty.c:235 src/exec_nopty.c:242 src/exec_nopty.c:249 +#: src/exec_nopty.c:256 src/exec_nopty.c:263 src/exec_nopty.c:270 +#: src/exec_nopty.c:277 src/exec_nopty.c:284 src/exec_nopty.c:291 +#: src/exec_nopty.c:298 src/exec_nopty.c:306 src/exec_nopty.c:503 +#: src/exec_preload.c:143 src/exec_preload.c:204 src/exec_pty.c:840 +#: src/exec_pty.c:849 src/exec_pty.c:906 src/exec_pty.c:1059 +#: src/exec_pty.c:1231 src/exec_pty.c:1240 src/exec_pty.c:1247 +#: src/exec_pty.c:1254 src/exec_pty.c:1261 src/exec_pty.c:1268 +#: src/exec_pty.c:1275 src/exec_pty.c:1282 src/exec_pty.c:1289 +#: src/exec_pty.c:1296 src/exec_pty.c:1303 src/exec_pty.c:1311 +#: src/exec_pty.c:1774 src/load_plugins.c:156 src/load_plugins.c:181 +#: src/load_plugins.c:217 src/load_plugins.c:449 src/load_plugins.c:455 +#: src/parse_args.c:190 src/parse_args.c:211 src/parse_args.c:285 +#: src/parse_args.c:630 src/parse_args.c:652 src/parse_args.c:677 +#: src/preserve_fds.c:46 src/preserve_fds.c:131 src/selinux.c:89 +#: src/selinux.c:369 src/selinux.c:489 src/selinux.c:498 src/sesh.c:113 +#: src/sesh.c:146 src/sesh.c:152 src/sesh.c:159 src/sesh.c:165 src/sesh.c:410 +#: src/sudo.c:636 src/sudo.c:706 src/sudo.c:716 src/sudo.c:741 src/sudo.c:764 +#: src/sudo.c:773 src/sudo.c:782 src/sudo.c:799 src/sudo.c:849 src/sudo.c:859 +#: src/sudo.c:888 src/sudo.c:1087 src/sudo.c:1108 src/sudo.c:1401 +#: src/sudo.c:1570 src/sudo.c:1797 src/sudo.c:2131 src/sudo_edit.c:89 +#: src/sudo_edit.c:149 src/sudo_edit.c:429 src/sudo_edit.c:438 +#: src/sudo_edit.c:539 src/sudo_edit.c:546 src/sudo_edit.c:677 +#: src/sudo_edit.c:697 src/sudo_intercept_common.c:113 +#: src/sudo_intercept_common.c:317 #, c-format msgid "%s: %s" msgstr "%s: %s" #: lib/util/aix.c:272 lib/util/gidlist.c:66 lib/util/json.c:55 -#: lib/util/json.c:181 lib/util/sudo_conf.c:187 lib/util/sudo_conf.c:272 -#: lib/util/sudo_conf.c:349 lib/util/sudo_conf.c:575 src/conversation.c:81 -#: src/exec_common.c:106 src/exec_common.c:123 src/exec_common.c:132 -#: src/exec_monitor.c:455 src/exec_monitor.c:461 src/exec_monitor.c:469 -#: src/exec_monitor.c:477 src/exec_monitor.c:484 src/exec_monitor.c:491 -#: src/exec_monitor.c:498 src/exec_monitor.c:505 src/exec_monitor.c:512 -#: src/exec_monitor.c:519 src/exec_monitor.c:526 src/exec_nopty.c:212 -#: src/exec_nopty.c:221 src/exec_nopty.c:228 src/exec_nopty.c:235 -#: src/exec_nopty.c:242 src/exec_nopty.c:249 src/exec_nopty.c:256 -#: src/exec_nopty.c:263 src/exec_nopty.c:270 src/exec_nopty.c:277 -#: src/exec_nopty.c:284 src/exec_nopty.c:291 src/exec_nopty.c:299 -#: src/exec_pty.c:827 src/exec_pty.c:836 src/exec_pty.c:893 -#: src/exec_pty.c:1218 src/exec_pty.c:1227 src/exec_pty.c:1234 -#: src/exec_pty.c:1241 src/exec_pty.c:1248 src/exec_pty.c:1255 -#: src/exec_pty.c:1262 src/exec_pty.c:1269 src/exec_pty.c:1276 -#: src/exec_pty.c:1283 src/exec_pty.c:1290 src/exec_pty.c:1298 -#: src/exec_pty.c:1740 src/load_plugins.c:163 src/load_plugins.c:188 -#: src/load_plugins.c:223 src/load_plugins.c:463 src/load_plugins.c:469 -#: src/parse_args.c:181 src/parse_args.c:203 src/parse_args.c:275 -#: src/parse_args.c:616 src/parse_args.c:638 src/parse_args.c:663 -#: src/preserve_fds.c:46 src/preserve_fds.c:131 src/selinux.c:90 -#: src/selinux.c:360 src/selinux.c:489 src/selinux.c:498 src/sesh.c:115 -#: src/sudo.c:235 src/sudo.c:632 src/sudo.c:867 src/sudo.c:1053 -#: src/sudo.c:1075 src/sudo.c:1373 src/sudo.c:1546 src/sudo.c:1740 -#: src/sudo.c:2084 src/sudo_edit.c:263 src/sudo_edit.c:770 src/sudo_edit.c:854 -#: src/sudo_edit.c:976 src/sudo_edit.c:996 +#: lib/util/json.c:184 lib/util/sudo_conf.c:219 lib/util/sudo_conf.c:304 +#: lib/util/sudo_conf.c:381 lib/util/sudo_conf.c:665 src/conversation.c:81 +#: src/exec_intercept.c:100 src/exec_intercept.c:330 src/exec_intercept.c:354 +#: src/exec_intercept.c:377 src/exec_intercept.c:385 src/exec_intercept.c:410 +#: src/exec_intercept.c:416 src/exec_intercept.c:425 src/exec_intercept.c:431 +#: src/exec_intercept.c:565 src/exec_intercept.c:706 src/exec_monitor.c:456 +#: src/exec_monitor.c:462 src/exec_monitor.c:470 src/exec_monitor.c:478 +#: src/exec_monitor.c:485 src/exec_monitor.c:492 src/exec_monitor.c:499 +#: src/exec_monitor.c:506 src/exec_monitor.c:513 src/exec_monitor.c:520 +#: src/exec_monitor.c:527 src/exec_nopty.c:219 src/exec_nopty.c:228 +#: src/exec_nopty.c:235 src/exec_nopty.c:242 src/exec_nopty.c:249 +#: src/exec_nopty.c:256 src/exec_nopty.c:263 src/exec_nopty.c:270 +#: src/exec_nopty.c:277 src/exec_nopty.c:284 src/exec_nopty.c:291 +#: src/exec_nopty.c:298 src/exec_nopty.c:306 src/exec_preload.c:143 +#: src/exec_preload.c:204 src/exec_pty.c:840 src/exec_pty.c:849 +#: src/exec_pty.c:906 src/exec_pty.c:1231 src/exec_pty.c:1240 +#: src/exec_pty.c:1247 src/exec_pty.c:1254 src/exec_pty.c:1261 +#: src/exec_pty.c:1268 src/exec_pty.c:1275 src/exec_pty.c:1282 +#: src/exec_pty.c:1289 src/exec_pty.c:1296 src/exec_pty.c:1303 +#: src/exec_pty.c:1311 src/exec_pty.c:1774 src/load_plugins.c:156 +#: src/load_plugins.c:181 src/load_plugins.c:217 src/load_plugins.c:449 +#: src/load_plugins.c:455 src/parse_args.c:190 src/parse_args.c:212 +#: src/parse_args.c:285 src/parse_args.c:630 src/parse_args.c:652 +#: src/parse_args.c:677 src/preserve_fds.c:46 src/preserve_fds.c:131 +#: src/selinux.c:89 src/selinux.c:369 src/selinux.c:489 src/selinux.c:498 +#: src/sesh.c:113 src/sesh.c:411 src/sudo.c:227 src/sudo.c:636 src/sudo.c:888 +#: src/sudo.c:1087 src/sudo.c:1108 src/sudo.c:1401 src/sudo.c:1570 +#: src/sudo.c:1797 src/sudo.c:2131 src/sudo_edit.c:89 src/sudo_edit.c:149 +#: src/sudo_edit.c:429 src/sudo_edit.c:438 src/sudo_edit.c:539 +#: src/sudo_edit.c:546 src/sudo_edit.c:677 src/sudo_edit.c:697 +#: src/sudo_intercept_common.c:113 src/sudo_intercept_common.c:317 msgid "unable to allocate memory" msgstr "не могу да доделим меморију" -#: lib/util/mkdir_parents.c:69 lib/util/sudo_conf.c:614 src/selinux.c:234 -#: src/selinux.c:264 src/sudo.c:369 +#: lib/util/mkdir_parents.c:68 lib/util/sudo_conf.c:704 src/selinux.c:235 +#: src/selinux.c:265 src/sudo.c:368 src/sudo_edit.c:494 src/sudo_edit.c:559 #, c-format msgid "unable to open %s" msgstr "не могу да отворим %s" -#: lib/util/mkdir_parents.c:84 +#: lib/util/mkdir_parents.c:83 #, c-format msgid "unable to mkdir %s" msgstr "не могу да направим директоријум „%s“" -#: lib/util/mkdir_parents.c:93 lib/util/sudo_conf.c:591 +#: lib/util/mkdir_parents.c:92 lib/util/sudo_conf.c:681 src/copy_file.c:150 #, c-format msgid "unable to stat %s" msgstr "не могу да добијем податке о „%s“" -#: lib/util/mkdir_parents.c:98 +#: lib/util/mkdir_parents.c:97 #, c-format msgid "%s exists but is not a directory (0%o)" msgstr "„%s“ постоји али није директоријум (0%o)" @@ -120,7 +127,7 @@ msgstr "Непознати сигнал" #: lib/util/strtoid.c:87 lib/util/strtomode.c:52 lib/util/strtonum.c:148 -#: lib/util/strtonum.c:187 +#: lib/util/strtonum.c:187 src/sesh.c:146 src/sesh.c:159 msgid "invalid value" msgstr "неисправна вредност" @@ -132,110 +139,173 @@ msgid "value too small" msgstr "вредност је премала" -#: lib/util/sudo_conf.c:205 +#: lib/util/sudo_conf.c:237 #, c-format msgid "invalid Path value \"%s\" in %s, line %u" msgstr "неисправна вредност путање „%s“ у „%s“, %u. ред" -#: lib/util/sudo_conf.c:371 lib/util/sudo_conf.c:387 lib/util/sudo_conf.c:440 +#: lib/util/sudo_conf.c:403 lib/util/sudo_conf.c:419 lib/util/sudo_conf.c:472 #, c-format msgid "invalid value for %s \"%s\" in %s, line %u" msgstr "неисправна вредност за %s „%s“ у „%s“, %u. ред" -#: lib/util/sudo_conf.c:408 +#: lib/util/sudo_conf.c:440 #, c-format msgid "unsupported group source \"%s\" in %s, line %u" msgstr "неподржани извор групе „%s“ у „%s“, %u. ред" -#: lib/util/sudo_conf.c:424 +#: lib/util/sudo_conf.c:456 #, c-format msgid "invalid max groups \"%s\" in %s, line %u" msgstr "неисправне највеће групе „%s“ у „%s“, %u. ред" -#: lib/util/sudo_conf.c:594 +#: lib/util/sudo_conf.c:684 #, c-format msgid "%s is not a regular file" msgstr "„%s“ није обична датотека" -#: lib/util/sudo_conf.c:597 +#: lib/util/sudo_conf.c:687 src/copy_file.c:163 #, c-format msgid "%s is owned by uid %u, should be %u" msgstr "%s је у власништву уиб-а %u, а треба бити %u" -#: lib/util/sudo_conf.c:601 +#: lib/util/sudo_conf.c:691 #, c-format msgid "%s is world writable" msgstr "%s је светски уписив" -#: lib/util/sudo_conf.c:604 +#: lib/util/sudo_conf.c:694 #, c-format msgid "%s is group writable" msgstr "%s је групно уписив" -#: src/copy_file.c:91 +#: src/copy_file.c:93 #, c-format msgid "%s: truncate %s to zero bytes? (y/n) [n] " msgstr "%s: да скратим „%s“ на нула бајта? (y/n) [n] " -#: src/copy_file.c:95 +#: src/copy_file.c:97 #, c-format msgid "not overwriting %s" msgstr "не преписујем „%s“" -#: src/copy_file.c:117 +#: src/copy_file.c:119 #, c-format msgid "unable to read from %s" msgstr "не могу да читам из „%s“" -#: src/copy_file.c:134 src/sudo_edit.c:695 +#: src/copy_file.c:136 src/sudo_edit.c:320 #, c-format msgid "unable to write to %s" msgstr "не могу да упишем у %s" -#: src/exec.c:128 +#: src/copy_file.c:154 src/sesh.c:218 src/sudo_edit.c:197 +#, c-format +msgid "%s: not a regular file" +msgstr "%s: није обична датотека" + +#: src/copy_file.c:158 +#, c-format +msgid "%s: bad file mode: 0%o" +msgstr "%s: лош режим датотеке: 0%o" + +#: src/edit_open.c:331 +msgid "unable to restore current working directory" +msgstr "не могу да повратим текући радни директоријум" + +#: src/exec.c:130 #, c-format msgid "unknown login class %s" msgstr "непозната класа пријаве %s" -#: src/exec.c:140 +#: src/exec.c:142 msgid "unable to set user context" msgstr "не могу да подесим кориснички контекст" -#: src/exec.c:156 +#: src/exec.c:158 msgid "unable to set process priority" msgstr "не могу да подесим приоритет процеса" -#: src/exec.c:170 +#: src/exec.c:175 #, c-format msgid "unable to change root to %s" msgstr "не могу да променим администратора на %s" -#: src/exec.c:183 src/exec.c:189 src/exec.c:196 +#: src/exec.c:188 src/exec.c:194 src/exec.c:201 #, c-format msgid "unable to change to runas uid (%u, %u)" msgstr "не могу да се пребацим у покрени_као уид (%u, %u)" -#: src/exec.c:214 +#: src/exec.c:219 #, c-format msgid "unable to change directory to %s" msgstr "не могу да променим директоријум у %s" -#: src/exec.c:218 +#: src/exec.c:223 #, c-format msgid "starting from %s" msgstr "почевши од „%s“" -#: src/exec.c:300 src/exec_monitor.c:564 src/exec_monitor.c:566 -#: src/exec_nopty.c:531 src/exec_pty.c:568 src/exec_pty.c:1386 -#: src/exec_pty.c:1388 src/signal.c:139 src/signal.c:153 +#: src/exec.c:305 src/exec_monitor.c:565 src/exec_monitor.c:567 +#: src/exec_nopty.c:561 src/exec_pty.c:581 src/exec_pty.c:1411 +#: src/exec_pty.c:1413 src/signal.c:144 src/signal.c:151 src/signal.c:165 #, c-format msgid "unable to set handler for signal %d" msgstr "не могу да подесим руковаоца за сигнал „%d“" -#: src/exec_common.c:165 +#: src/exec_common.c:56 msgid "unable to remove PRIV_PROC_EXEC from PRIV_LIMIT" msgstr "не могу да уклоним PRIV_PROC_EXEC из PRIV_LIMIT" +#: src/exec_intercept.c:112 src/exec_intercept.c:116 src/exec_intercept.c:667 +#: src/exec_intercept.c:671 src/exec_intercept.c:857 src/exec_intercept.c:861 +#: src/exec_intercept.c:872 src/exec_intercept.c:876 src/exec_monitor.c:464 +#: src/exec_monitor.c:472 src/exec_monitor.c:480 src/exec_monitor.c:487 +#: src/exec_monitor.c:494 src/exec_monitor.c:501 src/exec_monitor.c:508 +#: src/exec_monitor.c:515 src/exec_monitor.c:522 src/exec_monitor.c:529 +#: src/exec_nopty.c:221 src/exec_nopty.c:230 src/exec_nopty.c:237 +#: src/exec_nopty.c:244 src/exec_nopty.c:251 src/exec_nopty.c:258 +#: src/exec_nopty.c:265 src/exec_nopty.c:272 src/exec_nopty.c:279 +#: src/exec_nopty.c:286 src/exec_nopty.c:293 src/exec_nopty.c:300 +#: src/exec_nopty.c:308 src/exec_pty.c:706 src/exec_pty.c:711 +#: src/exec_pty.c:808 src/exec_pty.c:815 src/exec_pty.c:912 +#: src/exec_pty.c:1233 src/exec_pty.c:1242 src/exec_pty.c:1249 +#: src/exec_pty.c:1256 src/exec_pty.c:1263 src/exec_pty.c:1270 +#: src/exec_pty.c:1277 src/exec_pty.c:1284 src/exec_pty.c:1291 +#: src/exec_pty.c:1298 src/exec_pty.c:1305 src/exec_pty.c:1727 +#: src/exec_pty.c:1737 src/exec_pty.c:1782 src/exec_pty.c:1789 +#: src/exec_pty.c:1816 +msgid "unable to add event to queue" +msgstr "не могу да додам догађај у ред" + +#: src/exec_intercept.c:314 +msgid "invalid PolicyCheckRequest" +msgstr "неисправан захтев провере политике" + +#: src/exec_intercept.c:362 src/sudo.c:1213 src/sudo.c:1258 src/sudo.c:1302 +msgid "command rejected by policy" +msgstr "наредба је одбачена политиком" + +#: src/exec_intercept.c:455 src/sudo.c:1218 src/sudo.c:1263 src/sudo.c:1307 +#: src/sudo.c:1381 +msgid "policy plugin error" +msgstr "грешка прикључка политике" + +#: src/exec_intercept.c:561 +#, c-format +msgid "client request too large: %zu" +msgstr "захтев клијента је превелик: %zu" + +#: src/exec_intercept.c:659 +#, c-format +msgid "unexpected type_case value %d in %s from %s" +msgstr "неочекивана вредност врсте_слова %d у „%s“ из „%s“" + +#: src/exec_intercept.c:694 +#, c-format +msgid "server message too large: %zu" +msgstr "порука сервера је превелика: %zu" + #: src/exec_monitor.c:360 msgid "error reading from socketpair" msgstr "грешка у читању из пара прикључка" @@ -245,203 +315,180 @@ msgid "unexpected reply type on backchannel: %d" msgstr "неочекивана врста одговора на повратном каналу: %d" -#: src/exec_monitor.c:463 src/exec_monitor.c:471 src/exec_monitor.c:479 -#: src/exec_monitor.c:486 src/exec_monitor.c:493 src/exec_monitor.c:500 -#: src/exec_monitor.c:507 src/exec_monitor.c:514 src/exec_monitor.c:521 -#: src/exec_monitor.c:528 src/exec_nopty.c:214 src/exec_nopty.c:223 -#: src/exec_nopty.c:230 src/exec_nopty.c:237 src/exec_nopty.c:244 -#: src/exec_nopty.c:251 src/exec_nopty.c:258 src/exec_nopty.c:265 -#: src/exec_nopty.c:272 src/exec_nopty.c:279 src/exec_nopty.c:286 -#: src/exec_nopty.c:293 src/exec_nopty.c:301 src/exec_pty.c:693 -#: src/exec_pty.c:698 src/exec_pty.c:795 src/exec_pty.c:802 src/exec_pty.c:899 -#: src/exec_pty.c:1220 src/exec_pty.c:1229 src/exec_pty.c:1236 -#: src/exec_pty.c:1243 src/exec_pty.c:1250 src/exec_pty.c:1257 -#: src/exec_pty.c:1264 src/exec_pty.c:1271 src/exec_pty.c:1278 -#: src/exec_pty.c:1285 src/exec_pty.c:1292 src/exec_pty.c:1693 -#: src/exec_pty.c:1703 src/exec_pty.c:1748 src/exec_pty.c:1755 -#: src/exec_pty.c:1782 -msgid "unable to add event to queue" -msgstr "не могу да додам догађај у ред" - -#: src/exec_monitor.c:582 +#: src/exec_monitor.c:583 msgid "unable to set controlling tty" msgstr "не могу да подесим контролисање tty" -#: src/exec_monitor.c:590 src/exec_nopty.c:358 src/exec_pty.c:1465 -#: src/exec_pty.c:1486 src/exec_pty.c:1506 src/tgetpass.c:306 +#: src/exec_monitor.c:591 src/exec_nopty.c:369 src/exec_pty.c:1490 +#: src/exec_pty.c:1511 src/exec_pty.c:1531 src/tgetpass.c:307 msgid "unable to create pipe" msgstr "не могу да направим спојку" -#: src/exec_monitor.c:598 +#: src/exec_monitor.c:601 msgid "unable to receive message from parent" msgstr "не могу да примим поруку од родитеља" -#: src/exec_monitor.c:612 src/exec_nopty.c:387 src/exec_pty.c:1544 -#: src/sudo_edit.c:735 src/tgetpass.c:310 +#: src/exec_monitor.c:617 src/exec_nopty.c:407 src/exec_pty.c:1569 +#: src/sudo_edit.c:361 src/tgetpass.c:311 msgid "unable to fork" msgstr "не могу да поделим" -#: src/exec_monitor.c:616 src/exec_monitor.c:715 src/exec_nopty.c:441 +#: src/exec_monitor.c:621 src/exec_monitor.c:722 src/exec_nopty.c:471 msgid "unable to restore tty label" msgstr "не могу да повратим tty натпис" -#: src/exec_monitor.c:632 src/sesh.c:125 src/sudo.c:1131 +#: src/exec_monitor.c:637 src/sesh.c:123 src/sudo.c:1164 #, c-format msgid "unable to execute %s" msgstr "не могу да извршим %s" -#: src/exec_nopty.c:352 src/exec_pty.c:1395 +#: src/exec_nopty.c:363 src/exec_pty.c:1420 msgid "policy plugin failed session initialization" msgstr "није успело покретање сесије прикључка политике" -#: src/exec_nopty.c:429 src/exec_pty.c:1632 +#: src/exec_nopty.c:377 src/exec_pty.c:1391 src/exec_pty.c:1399 +msgid "unable to create sockets" +msgstr "не могу да направим утичнице" + +#: src/exec_nopty.c:459 src/exec_pty.c:1666 msgid "error in event loop" msgstr "грешка у петљи догађаја" -#: src/exec_nopty.c:539 src/exec_pty.c:606 src/signal.c:101 +#: src/exec_nopty.c:569 src/exec_pty.c:619 src/signal.c:101 #, c-format msgid "unable to restore handler for signal %d" msgstr "не могу да повратим руковаоца за сигнал „%d“" -#: src/exec_pty.c:152 +#: src/exec_pty.c:158 msgid "unable to allocate pty" msgstr "не могу да доделим pty" -#: src/exec_pty.c:216 src/exec_pty.c:255 src/exec_pty.c:294 src/exec_pty.c:344 -#: src/exec_pty.c:394 +#: src/exec_pty.c:222 src/exec_pty.c:262 src/exec_pty.c:302 src/exec_pty.c:353 +#: src/exec_pty.c:404 msgid "I/O plugin error" msgstr "грешка У/И прикључка" -#: src/exec_pty.c:219 src/exec_pty.c:258 src/exec_pty.c:297 src/exec_pty.c:347 -#: src/exec_pty.c:397 +#: src/exec_pty.c:226 src/exec_pty.c:266 src/exec_pty.c:306 src/exec_pty.c:357 +#: src/exec_pty.c:408 msgid "command rejected by I/O plugin" msgstr "наредбу је одбацио У/И прикључак" -#: src/exec_pty.c:444 +#: src/exec_pty.c:455 msgid "error logging suspend" msgstr "грешка обуставе писања дневника" -#: src/exec_pty.c:477 +#: src/exec_pty.c:489 msgid "error changing window size" msgstr "грешка промене величине прозора" -#: src/exec_pty.c:1375 -msgid "unable to create sockets" -msgstr "не могу да направим утичнице" - -#: src/exec_pty.c:1587 +#: src/exec_pty.c:1615 msgid "unable to send message to monitor process" msgstr "не могу да пошаљем поруку процесу праћења" -#: src/load_plugins.c:50 src/load_plugins.c:63 src/load_plugins.c:85 -#: src/load_plugins.c:115 src/load_plugins.c:129 src/load_plugins.c:135 -#: src/load_plugins.c:287 src/load_plugins.c:297 src/load_plugins.c:307 -#: src/load_plugins.c:354 +#: src/load_plugins.c:108 src/load_plugins.c:122 src/load_plugins.c:128 +#: src/load_plugins.c:277 src/load_plugins.c:287 src/load_plugins.c:297 +#: src/load_plugins.c:344 #, c-format msgid "error in %s, line %d while loading plugin \"%s\"" msgstr "грешка у „%s“, %d. ред приликом учитавања прикључка „%s“" -#: src/load_plugins.c:87 -#, c-format -msgid "%s%s: %s" -msgstr "%s%s: %s" - -#: src/load_plugins.c:131 +#: src/load_plugins.c:124 #, c-format msgid "%s must be owned by uid %d" msgstr "%s мора бити у власништву уида %d" -#: src/load_plugins.c:137 +#: src/load_plugins.c:130 #, c-format msgid "%s must be only be writable by owner" msgstr "%s мора бити уписив само од стране власника" -#: src/load_plugins.c:247 src/load_plugins.c:322 +#: src/load_plugins.c:241 src/load_plugins.c:312 #, c-format msgid "ignoring duplicate plugin \"%s\" in %s, line %d" msgstr "занемарујем удвостручени „%s“ прикључак у %s, %d. ред" -#: src/load_plugins.c:289 +#: src/load_plugins.c:279 #, c-format msgid "unable to load %s: %s" msgstr "не могу да учитам %s: %s" -#: src/load_plugins.c:299 +#: src/load_plugins.c:289 #, c-format msgid "unable to find symbol \"%s\" in %s" msgstr "не могу да пронађем симбол „%s“ у %s" -#: src/load_plugins.c:309 +#: src/load_plugins.c:299 #, c-format msgid "incompatible plugin major version %d (expected %d) found in %s" msgstr "пронађено је несагласно главно издање прикључка %d (очекивано је %d) у „%s“" -#: src/load_plugins.c:327 +#: src/load_plugins.c:317 #, c-format msgid "ignoring policy plugin \"%s\" in %s, line %d" msgstr "занемарујем прикључак сигурности „%s“ у %s, %d. ред" -#: src/load_plugins.c:330 +#: src/load_plugins.c:320 msgid "only a single policy plugin may be specified" msgstr "може бити наведен само један прикључак сигурности" -#: src/load_plugins.c:356 +#: src/load_plugins.c:346 #, c-format msgid "unknown plugin type %d found in %s" msgstr "нађох непознату врсту прикључка %d у „%s“" -#: src/load_plugins.c:552 +#: src/load_plugins.c:529 #, c-format msgid "policy plugin %s does not include a check_policy method" msgstr "прикључак сигурности %s не садржи метод провере_сигурности" -#: src/net_ifs.c:178 src/net_ifs.c:195 src/net_ifs.c:340 src/sudo.c:479 +#: src/net_ifs.c:210 src/net_ifs.c:376 src/net_ifs.c:437 src/net_ifs.c:624 +#: src/net_ifs.c:855 src/sudo.c:483 src/sudo_edit.c:398 src/sudo_edit.c:406 #, c-format msgid "internal error, %s overflow" msgstr "унутрашња грешка, прекорачење функције „%s“" -#: src/parse_args.c:223 +#: src/parse_args.c:232 #, c-format msgid "invalid environment variable name: %s" msgstr "неисправан назив променљиве окружења: %s" -#: src/parse_args.c:325 +#: src/parse_args.c:335 msgid "the argument to -C must be a number greater than or equal to 3" msgstr "аргумент уз -C мора бити број већи или једнак 3" -#: src/parse_args.c:552 +#: src/parse_args.c:566 msgid "you may not specify both the -i and -s options" msgstr "не можете да наведете обе опције „-i“ и „-s“" -#: src/parse_args.c:557 +#: src/parse_args.c:571 msgid "you may not specify both the -i and -E options" msgstr "не можете да наведете обе опције „-i“ и „-E“" -#: src/parse_args.c:567 +#: src/parse_args.c:581 msgid "the -E option is not valid in edit mode" msgstr "опција „-E“ није исправна у режиму уређивања" -#: src/parse_args.c:570 +#: src/parse_args.c:584 msgid "you may not specify environment variables in edit mode" msgstr "не можете да одредите променљиве окружења у режиму уређивања" -#: src/parse_args.c:580 +#: src/parse_args.c:594 msgid "the -U option may only be used with the -l option" msgstr "опција „-U“ може бити коришћена само са опцијом „-l“" -#: src/parse_args.c:584 +#: src/parse_args.c:598 msgid "the -A and -S options may not be used together" msgstr "опције „-A“ и „-S“ не могу бити коришћене заједно" -#: src/parse_args.c:677 +#: src/parse_args.c:691 msgid "sudoedit is not supported on this platform" msgstr "„sudoedit“ није подржано на овој платформи" -#: src/parse_args.c:759 +#: src/parse_args.c:774 msgid "Only one of the -e, -h, -i, -K, -l, -s, -v or -V options may be specified" msgstr "Само једна од опција -e, -h, -i, -K, -l, -s, -v или -V може бити наведена" -#: src/parse_args.c:773 +#: src/parse_args.c:790 #, c-format msgid "" "%s - edit files as another user\n" @@ -450,7 +497,7 @@ "%s — уредите датотеке као други корисник\n" "\n" -#: src/parse_args.c:775 +#: src/parse_args.c:792 #, c-format msgid "" "%s - execute a command as another user\n" @@ -459,7 +506,7 @@ "%s — извршите наредбу као други корисник\n" "\n" -#: src/parse_args.c:780 +#: src/parse_args.c:798 msgid "" "\n" "Options:\n" @@ -467,225 +514,215 @@ "\n" "Опције:\n" -#: src/parse_args.c:782 +#: src/parse_args.c:800 msgid "use a helper program for password prompting" msgstr "користи програм испомоћи за упит лозинке" -#: src/parse_args.c:785 +#: src/parse_args.c:803 msgid "use specified BSD authentication type" msgstr "користи наведену врсту БСД потврде идентитета" -#: src/parse_args.c:788 +#: src/parse_args.c:807 msgid "run command in the background" msgstr "покреће наредбу у позадини" -#: src/parse_args.c:790 +#: src/parse_args.c:810 msgid "ring bell when prompting" msgstr "звони приликом постављања упита" -#: src/parse_args.c:792 +#: src/parse_args.c:812 msgid "close all file descriptors >= num" msgstr "затвара све описнике датотеке >= fd" -#: src/parse_args.c:795 +#: src/parse_args.c:815 msgid "run command with the specified BSD login class" msgstr "покреће наредбу са наведеним разредом БСД пријаве" -#: src/parse_args.c:798 +#: src/parse_args.c:818 msgid "change the working directory before running command" msgstr "мења радни директоријум пре покретања наредбе" -#: src/parse_args.c:800 +#: src/parse_args.c:821 msgid "preserve user environment when running command" msgstr "чува корисничко окружење приликом покретања наредбе" -#: src/parse_args.c:802 +#: src/parse_args.c:823 msgid "preserve specific environment variables" msgstr "чува нарочите променљиве окружења" -#: src/parse_args.c:804 +#: src/parse_args.c:825 msgid "edit files instead of running a command" msgstr "уређује датотеке уместо да изврши наредбу" -#: src/parse_args.c:806 +#: src/parse_args.c:828 msgid "run command as the specified group name or ID" msgstr "извршава наредбу као наведени назив групе или ИБ" -#: src/parse_args.c:808 +#: src/parse_args.c:831 msgid "set HOME variable to target user's home dir" msgstr "подешава променљиву ЛИЧНО у циљну корисничку личну фасциклу" -#: src/parse_args.c:810 +#: src/parse_args.c:834 msgid "display help message and exit" msgstr "приказује поруку помоћи и излази" -#: src/parse_args.c:812 +#: src/parse_args.c:836 msgid "run command on host (if supported by plugin)" msgstr "покреће наредбу на домаћину (ако је подржано прикључком)" -#: src/parse_args.c:814 +#: src/parse_args.c:839 msgid "run login shell as the target user; a command may also be specified" msgstr "покреће љуску пријаве као крајњи корисник; наредба може такође бити наведена" -#: src/parse_args.c:816 +#: src/parse_args.c:841 msgid "remove timestamp file completely" msgstr "потпуно уклања датотеку записа датума и времена" -#: src/parse_args.c:818 +#: src/parse_args.c:844 msgid "invalidate timestamp file" msgstr "чини неисправном датотеку датума и времена" -#: src/parse_args.c:820 +#: src/parse_args.c:847 msgid "list user's privileges or check a specific command; use twice for longer format" msgstr "исписује привилегије корисника или проверава посебну наредбу; користи се двапута за дуже записе" -#: src/parse_args.c:822 +#: src/parse_args.c:850 msgid "non-interactive mode, no prompts are used" msgstr "немеђудејствени режим, не користи упите" -#: src/parse_args.c:824 +#: src/parse_args.c:853 msgid "preserve group vector instead of setting to target's" msgstr "чува вектор групе уместо да подеси на циљеве" -#: src/parse_args.c:826 +#: src/parse_args.c:856 msgid "use the specified password prompt" msgstr "користи упит наведене лозинке" -#: src/parse_args.c:828 +#: src/parse_args.c:858 msgid "change the root directory before running command" msgstr "мења корени директоријум пре покретања наредбе" -#: src/parse_args.c:831 +#: src/parse_args.c:861 msgid "create SELinux security context with specified role" msgstr "ствара СЕЛинукс сигурносни контекст са наведеном улогом" -#: src/parse_args.c:834 +#: src/parse_args.c:864 msgid "read password from standard input" msgstr "чита лозинку са стандардног улаза" -#: src/parse_args.c:836 +#: src/parse_args.c:867 msgid "run shell as the target user; a command may also be specified" msgstr "покреће љуску као крајњи корисник; наредба такође може бити наведена" -#: src/parse_args.c:839 +#: src/parse_args.c:871 msgid "create SELinux security context with specified type" msgstr "ствара СЕЛинукс сигурносни контекст са наведеном улогом" -#: src/parse_args.c:842 +#: src/parse_args.c:874 msgid "terminate command after the specified time limit" msgstr "окончава наредбу након наведеног временског ограничења" -#: src/parse_args.c:844 +#: src/parse_args.c:877 msgid "in list mode, display privileges for user" msgstr "у режиму списка, приказује привилегије за корисника" -#: src/parse_args.c:846 +#: src/parse_args.c:880 msgid "run command (or edit file) as specified user name or ID" msgstr "покреће наредбу (или уређује датотеку) као наведени корисник" -#: src/parse_args.c:848 +#: src/parse_args.c:882 msgid "display version information and exit" msgstr "приказује податке о издању и излази" -#: src/parse_args.c:850 +#: src/parse_args.c:885 msgid "update user's timestamp without running a command" msgstr "освежава кориснички запис датума и времена без покретања наредбе" -#: src/parse_args.c:852 +#: src/parse_args.c:888 msgid "stop processing command line arguments" msgstr "зауставља обрађивање аргумената линије наредби" -#: src/selinux.c:84 +#: src/selinux.c:83 msgid "unable to open audit system" msgstr "не могу да отворим аудит систем" -#: src/selinux.c:94 +#: src/selinux.c:93 msgid "unable to send audit message" msgstr "не могу да пошаљем аудит поруку" -#: src/selinux.c:128 +#: src/selinux.c:129 #, c-format msgid "unable to fgetfilecon %s" msgstr "не могу да добавим контекст отворене датотеке %s" -#: src/selinux.c:133 +#: src/selinux.c:134 #, c-format msgid "%s changed labels" msgstr "%s измењена натписа" -#: src/selinux.c:141 +#: src/selinux.c:142 #, c-format msgid "unable to restore context for %s" msgstr "не могу да повратим контекст за %s" -#: src/selinux.c:189 +#: src/selinux.c:190 #, c-format msgid "unable to open %s, not relabeling tty" msgstr "не могу да отворим %s, није тту за поновно натписивање" -#: src/selinux.c:193 src/selinux.c:238 src/selinux.c:268 +#: src/selinux.c:194 src/selinux.c:239 src/selinux.c:269 #, c-format msgid "%s is not a character device, not relabeling tty" msgstr "„%s“ није знаковни уређај, није конзола за поновно натписивање" -#: src/selinux.c:202 +#: src/selinux.c:203 msgid "unable to get current tty context, not relabeling tty" msgstr "не могу да добавим текући тту контекст, није тту за поновно натписивање" -#: src/selinux.c:209 +#: src/selinux.c:210 msgid "unknown security class \"chr_file\", not relabeling tty" msgstr "непознат разред безбедности „chr_file“, није тту за поновно натписивање" -#: src/selinux.c:214 +#: src/selinux.c:215 msgid "unable to get new tty context, not relabeling tty" msgstr "не могу да добавим нови тту контекст, није тту за поновно натписивање" -#: src/selinux.c:223 +#: src/selinux.c:224 msgid "unable to set new tty context" msgstr "не могу да подесим нови тту контекст" -#: src/selinux.c:321 -#, c-format -msgid "you must specify a role for type %s" -msgstr "морате да наведете улогу за врсту %s" - #: src/selinux.c:327 +msgid "failed to get new context" +msgstr "нисам успео да добавим нови контекст" + +#: src/selinux.c:345 #, c-format msgid "unable to get default type for role %s" msgstr "не могу да добавим основну врсту за улогу %s" -#: src/selinux.c:339 -msgid "failed to get new context" -msgstr "нисам успео да добавим нови контекст" - -#: src/selinux.c:348 +#: src/selinux.c:357 #, c-format msgid "failed to set new role %s" msgstr "нисам успео да подесим нову улогу %s" -#: src/selinux.c:352 +#: src/selinux.c:361 #, c-format msgid "failed to set new type %s" msgstr "нисам успео да подесим нову врсту %s" -#: src/selinux.c:364 +#: src/selinux.c:373 #, c-format msgid "%s is not a valid context" msgstr "%s није исправан контекст" -#: src/selinux.c:396 +#: src/selinux.c:402 msgid "failed to get old context" msgstr "нисам успео да добавим стари контекст" -#: src/selinux.c:402 +#: src/selinux.c:408 msgid "unable to determine enforcing mode." msgstr "не могу да одредим режим присиљавања." -#: src/selinux.c:419 -#, c-format -msgid "unable to set tty context to %s" -msgstr "не могу да подесим тту контекст на %s" - #: src/selinux.c:440 #, c-format msgid "unable to set exec context to %s" @@ -696,20 +733,40 @@ msgid "unable to set key creation context to %s" msgstr "не могу да подесим контекст стварања кључа за %s" -#: src/sesh.c:77 +#: src/sesh.c:72 msgid "requires at least one argument" msgstr "захтева барем један аргумент" -#: src/sesh.c:106 +#: src/sesh.c:104 #, c-format msgid "invalid file descriptor number: %s" msgstr "неисправан број описника датотеке: %s" -#: src/sesh.c:120 +#: src/sesh.c:118 #, c-format msgid "unable to run %s as a login shell" msgstr "не могу да покренем „%s“ као шкољку пријављивања" +#: src/sesh.c:200 src/sesh.c:300 src/sudo_edit.c:204 +#, c-format +msgid "%s: editing symbolic links is not permitted" +msgstr "%s: уређивање симболичких веза није допуштено" + +#: src/sesh.c:203 src/sesh.c:303 src/sudo_edit.c:207 +#, c-format +msgid "%s: editing files in a writable directory is not permitted" +msgstr "%s: уређивање датотека у уписивом директоријуму није допуштено" + +#: src/sesh.c:287 src/sesh.c:308 src/sesh.c:317 src/sesh.c:325 +#: src/sudo_edit.c:331 +#, c-format +msgid "contents of edit session left in %s" +msgstr "садржај сесије уређивања је остао у %s" + +#: src/sesh.c:416 src/sudo_edit.c:94 +msgid "unable to get group list" +msgstr "не могу да добавим списак групе" + #: src/signal.c:79 #, c-format msgid "unable to save handler for signal %d" @@ -758,203 +815,198 @@ msgid "warning, resource control assignment failed for project \"%s\"" msgstr "упозорење, није успело додељивање контроле ресурса за пројекат „%s“" -#: src/sudo.c:220 +#: src/sudo.c:213 #, c-format msgid "Sudo version %s\n" msgstr "Судо издање %s\n" -#: src/sudo.c:222 +#: src/sudo.c:215 #, c-format msgid "Configure options: %s\n" msgstr "Опције подешавања: %s\n" -#: src/sudo.c:231 +#: src/sudo.c:223 msgid "fatal error, unable to load plugins" msgstr "кобна грешка, не могу да учитам прикључке" -#: src/sudo.c:277 +#: src/sudo.c:269 msgid "plugin did not return a command to execute" msgstr "прикључак није вратио наредбу за извршавање" -#: src/sudo.c:312 +#: src/sudo.c:302 #, c-format msgid "unexpected sudo mode 0x%x" msgstr "неочекивани судо режим 0x%x" -#: src/sudo.c:546 +#: src/sudo.c:550 #, c-format msgid "you do not exist in the %s database" msgstr "не постојите у „%s“ бази података" -#: src/sudo.c:603 +#: src/sudo.c:607 msgid "unable to determine tty" msgstr "не могу да одредим конзолу" -#: src/sudo.c:913 +#: src/sudo.c:948 #, c-format msgid "%s must be owned by uid %d and have the setuid bit set" msgstr "%s мора бити власништвo уида %d и треба да има подешен бит „setuid“" -#: src/sudo.c:916 +#: src/sudo.c:951 #, c-format msgid "effective uid is not %d, is %s on a file system with the 'nosuid' option set or an NFS file system without root privileges?" msgstr "стварни уид није %d, већ %s на систему датотека са подешеном опцијом „nosuid“ или је НФС систем датотека без администраторских привилегија?" -#: src/sudo.c:922 +#: src/sudo.c:957 #, c-format msgid "effective uid is not %d, is sudo installed setuid root?" msgstr "стварни уид није %d, већ сетуид администратор инсталиран судоом?" -#: src/sudo.c:938 +#: src/sudo.c:973 src/tgetpass.c:333 msgid "unable to set supplementary group IDs" msgstr "не могу да подесим додатне ИБ-ове групе" -#: src/sudo.c:945 +#: src/sudo.c:980 #, c-format msgid "unable to set effective gid to runas gid %u" msgstr "не могу да подесим ефективан гид да се покрене_као гид %u" -#: src/sudo.c:951 +#: src/sudo.c:986 #, c-format msgid "unable to set gid to runas gid %u" msgstr "не могу да подесим гид да се покрене као гид %u" -#: src/sudo.c:994 +#: src/sudo.c:1029 #, c-format msgid "unexpected child termination condition: %d" msgstr "неочекивани услов завршетка потпроцеса: %d" -#: src/sudo.c:1103 +#: src/sudo.c:1136 msgid "unable to initialize policy plugin" msgstr "не могу да започнем прикључак сигурности" -#: src/sudo.c:1166 +#: src/sudo.c:1198 #, c-format msgid "policy plugin %s is missing the \"check_policy\" method" msgstr "прикључак сигурности %s не садржи метод „check_policy“" -#: src/sudo.c:1181 src/sudo.c:1234 src/sudo.c:1278 -msgid "command rejected by policy" -msgstr "наредба је одбачена политиком" - -#: src/sudo.c:1186 src/sudo.c:1239 src/sudo.c:1283 -msgid "policy plugin error" -msgstr "грешка прикључка политике" - -#: src/sudo.c:1220 +#: src/sudo.c:1244 #, c-format msgid "policy plugin %s does not support listing privileges" msgstr "прикључак сигурности %s не подржава привилегије исписивања" -#: src/sudo.c:1264 +#: src/sudo.c:1288 #, c-format msgid "policy plugin %s does not support the -v option" msgstr "прикључак сигурности %s не подржава опцију -v" -#: src/sudo.c:1302 +#: src/sudo.c:1326 #, c-format msgid "policy plugin %s does not support the -k/-K options" msgstr "прикључак сигурности %s не подржава опције -k/-K" -#: src/sudo.c:1431 +#: src/sudo.c:1455 #, c-format msgid "error initializing I/O plugin %s" msgstr "грешка приликом покретања У/И прикључка %s" -#: src/sudo.c:1585 +#: src/sudo.c:1458 +msgid "error initializing I/O plugin" +msgstr "грешка приликом покретања У/И прикључка" + +#: src/sudo.c:1607 #, c-format msgid "error initializing audit plugin %s" msgstr "грешка покретања аудит прикључка „%s“" -#: src/sudo.c:1763 +#: src/sudo.c:1686 +#, c-format +msgid "%s: unable to log error event%s%s" +msgstr "%s: не могу да забележим догађај грешке%s%s" + +#: src/sudo.c:1722 +#, c-format +msgid "%s: unable to log accept event%s%s" +msgstr "%s: не могу да забележим догађај прихватања%s%s" + +#: src/sudo.c:1727 src/sudo.c:1765 +msgid "audit plugin error" +msgstr "грешка аудит прикључка" + +#: src/sudo.c:1760 +#, c-format +msgid "%s: unable to log reject event%s%s" +msgstr "%s: не могу да забележим догађај одбијања%s%s" + +#: src/sudo.c:1820 #, c-format msgid "error initializing approval plugin %s" msgstr "грешка покретања прикључка одобравања „%s“" -#: src/sudo.c:1839 +#: src/sudo.c:1890 msgid "command rejected by approver" msgstr "наредбу је одбацио одобравач" -#: src/sudo.c:1848 +#: src/sudo.c:1900 msgid "approval plugin error" msgstr "грешка прикључка одобравања" -#: src/sudo_edit.c:226 +#: src/sudo_edit.c:113 msgid "no writable temporary directory found" msgstr "нисам нашао уписиви привремени директоријум" -#: src/sudo_edit.c:351 -msgid "unable to restore current working directory" -msgstr "не могу да повратим текући радни директоријум" - -#: src/sudo_edit.c:566 src/sudo_edit.c:666 -#, c-format -msgid "%s: not a regular file" -msgstr "%s: није обична датотека" - -#: src/sudo_edit.c:573 -#, c-format -msgid "%s: editing symbolic links is not permitted" -msgstr "%s: уређивање симболичких веза није допуштено" - -#: src/sudo_edit.c:576 -#, c-format -msgid "%s: editing files in a writable directory is not permitted" -msgstr "%s: уређивање датотека у уписивом директоријуму није допуштено" - -#: src/sudo_edit.c:667 +#: src/sudo_edit.c:291 #, c-format msgid "%s left unmodified" msgstr "%s је остао неизмењен" -#: src/sudo_edit.c:680 src/sudo_edit.c:871 +#: src/sudo_edit.c:304 src/sudo_edit.c:571 #, c-format msgid "%s unchanged" msgstr "%s је непромењен" -#: src/sudo_edit.c:706 src/sudo_edit.c:909 -#, c-format -msgid "contents of edit session left in %s" -msgstr "садржај сесије уређивања је остао у %s" - -#: src/sudo_edit.c:814 +#: src/sudo_edit.c:481 msgid "sesh: internal error: odd number of paths" msgstr "sesh: унутрашња грешка: непарн број путања" -#: src/sudo_edit.c:816 +#: src/sudo_edit.c:483 msgid "sesh: unable to create temporary files" msgstr "sesh: не могу да направим привремене датотеке" -#: src/sudo_edit.c:818 src/sudo_edit.c:902 +#: src/sudo_edit.c:485 src/sudo_edit.c:609 msgid "sesh: killed by a signal" msgstr "sesh: убијено сигналом" -#: src/sudo_edit.c:820 src/sudo_edit.c:905 +#: src/sudo_edit.c:487 src/sudo_edit.c:612 #, c-format msgid "sesh: unknown error %d" msgstr "sesh: непозната грешка „%d“" -#: src/sudo_edit.c:895 +#: src/sudo_edit.c:602 msgid "unable to copy temporary files back to their original location" msgstr "не могу да умножим привремене датотеке назад на њихова првобитна места" -#: src/sudo_edit.c:899 +#: src/sudo_edit.c:606 msgid "unable to copy some of the temporary files back to their original location" msgstr "не могу да умножим неке од привремених датотека назад на њихова првобитна места" -#: src/sudo_edit.c:943 +#: src/sudo_edit.c:649 #, c-format msgid "unable to change uid to root (%u)" msgstr "не могу да променим уид у администратора (%u)" -#: src/sudo_edit.c:960 +#: src/sudo_edit.c:670 msgid "plugin error: missing file list for sudoedit" msgstr "грешка прикључка: недостаје датотеа списка за уређивање судоа" -#: src/sudo_edit.c:1011 src/sudo_edit.c:1024 +#: src/sudo_edit.c:713 src/sudo_edit.c:727 msgid "unable to read the clock" msgstr "не могу да прочитам сат" +#: src/sudo_intercept_common.c:341 +msgid "intercept port not set" +msgstr "прикључник пресретања није постављен" + #: src/tgetpass.c:95 msgid "timed out reading password" msgstr "истече време при читању лозинке" @@ -975,33 +1027,51 @@ msgid "no askpass program specified, try setting SUDO_ASKPASS" msgstr "није наведен програм за пропуштање, покушајте да подесите SUDO_ASKPASS" -#: src/tgetpass.c:327 +#: src/tgetpass.c:328 #, c-format msgid "unable to set gid to %u" msgstr "не могу да подесим гид у %u" -#: src/tgetpass.c:331 +#: src/tgetpass.c:338 #, c-format msgid "unable to set uid to %u" msgstr "не могу да подесим уид у %u" -#: src/tgetpass.c:336 +#: src/tgetpass.c:343 #, c-format msgid "unable to run %s" msgstr "не могу да покренем %s" -#: src/utmp.c:287 +#: src/utmp.c:288 msgid "unable to save stdin" msgstr "не могу да сачувам стандардни улаз" -#: src/utmp.c:289 +#: src/utmp.c:290 msgid "unable to dup2 stdin" msgstr "не могу да дуп2 стандардни улаз" -#: src/utmp.c:292 +#: src/utmp.c:293 msgid "unable to restore stdin" msgstr "не могу да повратим стандардни улаз" +#~ msgid "unable to dup intercept fd" +#~ msgstr "не могу да дуп пресретнем описника датотека" + +#~ msgid "%s: missing message header" +#~ msgstr "%s: недостаје заглавље поруке" + +#~ msgid "%s: expected message type %d, got %d" +#~ msgstr "%s: очекивах врсту поруке %d, добих %d" + +#~ msgid "you must specify a role for type %s" +#~ msgstr "морате да наведете улогу за врсту %s" + +#~ msgid "unable to set tty context to %s" +#~ msgstr "не могу да подесим тту контекст на %s" + +#~ msgid "%s%s: %s" +#~ msgstr "%s%s: %s" + #~ msgid "%s: short write" #~ msgstr "%s: кратак упис" @@ -1011,9 +1081,6 @@ #~ msgid "ignoring duplicate policy plugin \"%s\" in %s, line %d" #~ msgstr "занемарујем удвостручен прикључак сигурности „%s“ у %s, %d. ред" -#~ msgid "unable to get group vector" -#~ msgstr "не могу да добавим вектор групе" - #~ msgid "unknown uid %u: who are you?" #~ msgstr "непознати уид %u: ко сте ви?" diff -Nru sudo-1.9.5p2/po/sudo.pot sudo-1.9.9/po/sudo.pot --- sudo-1.9.5p2/po/sudo.pot 2021-01-09 20:12:16.000000000 +0000 +++ sudo-1.9.9/po/sudo.pot 2022-01-27 21:24:22.000000000 +0000 @@ -5,9 +5,9 @@ #, fuzzy msgid "" msgstr "" -"Project-Id-Version: sudo 1.9.5\n" +"Project-Id-Version: sudo 1.9.9\n" "Report-Msgid-Bugs-To: https://bugzilla.sudo.ws\n" -"POT-Creation-Date: 2021-01-09 12:59-0700\n" +"POT-Creation-Date: 2022-01-18 16:50-0700\n" "PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n" "Last-Translator: FULL NAME \n" "Language-Team: LANGUAGE \n" @@ -30,91 +30,102 @@ msgstr "" #: lib/util/aix.c:272 lib/util/gidlist.c:66 lib/util/gidlist.c:76 -#: lib/util/json.c:54 lib/util/json.c:183 lib/util/sudo_conf.c:198 -#: lib/util/sudo_conf.c:284 lib/util/sudo_conf.c:361 lib/util/sudo_conf.c:647 -#: src/conversation.c:80 src/exec_common.c:106 src/exec_common.c:122 -#: src/exec_common.c:131 src/exec_monitor.c:206 src/exec_monitor.c:455 -#: src/exec_monitor.c:461 src/exec_monitor.c:469 src/exec_monitor.c:477 -#: src/exec_monitor.c:484 src/exec_monitor.c:491 src/exec_monitor.c:498 -#: src/exec_monitor.c:505 src/exec_monitor.c:512 src/exec_monitor.c:519 -#: src/exec_monitor.c:526 src/exec_nopty.c:212 src/exec_nopty.c:221 -#: src/exec_nopty.c:228 src/exec_nopty.c:235 src/exec_nopty.c:242 -#: src/exec_nopty.c:249 src/exec_nopty.c:256 src/exec_nopty.c:263 -#: src/exec_nopty.c:270 src/exec_nopty.c:277 src/exec_nopty.c:284 -#: src/exec_nopty.c:291 src/exec_nopty.c:299 src/exec_nopty.c:473 -#: src/exec_pty.c:834 src/exec_pty.c:843 src/exec_pty.c:900 src/exec_pty.c:1053 -#: src/exec_pty.c:1225 src/exec_pty.c:1234 src/exec_pty.c:1241 -#: src/exec_pty.c:1248 src/exec_pty.c:1255 src/exec_pty.c:1262 -#: src/exec_pty.c:1269 src/exec_pty.c:1276 src/exec_pty.c:1283 -#: src/exec_pty.c:1290 src/exec_pty.c:1297 src/exec_pty.c:1305 -#: src/exec_pty.c:1747 src/load_plugins.c:52 src/load_plugins.c:65 -#: src/load_plugins.c:163 src/load_plugins.c:188 src/load_plugins.c:223 -#: src/load_plugins.c:455 src/load_plugins.c:461 src/parse_args.c:181 -#: src/parse_args.c:202 src/parse_args.c:275 src/parse_args.c:616 -#: src/parse_args.c:638 src/parse_args.c:663 src/preserve_fds.c:46 -#: src/preserve_fds.c:131 src/selinux.c:90 src/selinux.c:360 src/selinux.c:489 -#: src/selinux.c:498 src/sesh.c:110 src/sesh.c:143 src/sesh.c:149 -#: src/sesh.c:156 src/sesh.c:162 src/sesh.c:407 src/sudo.c:632 src/sudo.c:702 -#: src/sudo.c:712 src/sudo.c:733 src/sudo.c:752 src/sudo.c:761 src/sudo.c:770 -#: src/sudo.c:787 src/sudo.c:829 src/sudo.c:839 src/sudo.c:868 src/sudo.c:1054 -#: src/sudo.c:1076 src/sudo.c:1378 src/sudo.c:1551 src/sudo.c:1776 -#: src/sudo.c:2120 src/sudo_edit.c:89 src/sudo_edit.c:151 src/sudo_edit.c:431 -#: src/sudo_edit.c:440 src/sudo_edit.c:539 src/sudo_edit.c:546 -#: src/sudo_edit.c:682 src/sudo_edit.c:702 +#: lib/util/json.c:54 lib/util/json.c:183 lib/util/sudo_conf.c:218 +#: lib/util/sudo_conf.c:304 lib/util/sudo_conf.c:381 lib/util/sudo_conf.c:665 +#: src/conversation.c:80 src/exec_monitor.c:206 src/exec_monitor.c:456 +#: src/exec_monitor.c:462 src/exec_monitor.c:470 src/exec_monitor.c:478 +#: src/exec_monitor.c:485 src/exec_monitor.c:492 src/exec_monitor.c:499 +#: src/exec_monitor.c:506 src/exec_monitor.c:513 src/exec_monitor.c:520 +#: src/exec_monitor.c:527 src/exec_nopty.c:219 src/exec_nopty.c:228 +#: src/exec_nopty.c:235 src/exec_nopty.c:242 src/exec_nopty.c:249 +#: src/exec_nopty.c:256 src/exec_nopty.c:263 src/exec_nopty.c:270 +#: src/exec_nopty.c:277 src/exec_nopty.c:284 src/exec_nopty.c:291 +#: src/exec_nopty.c:298 src/exec_nopty.c:306 src/exec_nopty.c:503 +#: src/exec_preload.c:143 src/exec_preload.c:204 src/exec_pty.c:840 +#: src/exec_pty.c:849 src/exec_pty.c:906 src/exec_pty.c:1059 +#: src/exec_pty.c:1231 src/exec_pty.c:1240 src/exec_pty.c:1247 +#: src/exec_pty.c:1254 src/exec_pty.c:1261 src/exec_pty.c:1268 +#: src/exec_pty.c:1275 src/exec_pty.c:1282 src/exec_pty.c:1289 +#: src/exec_pty.c:1296 src/exec_pty.c:1303 src/exec_pty.c:1311 +#: src/exec_pty.c:1774 src/load_plugins.c:156 src/load_plugins.c:181 +#: src/load_plugins.c:217 src/load_plugins.c:449 src/load_plugins.c:455 +#: src/parse_args.c:192 src/parse_args.c:213 src/parse_args.c:287 +#: src/parse_args.c:632 src/parse_args.c:654 src/parse_args.c:679 +#: src/preserve_fds.c:46 src/preserve_fds.c:131 src/selinux.c:89 +#: src/selinux.c:362 src/selinux.c:474 src/selinux.c:483 src/sesh.c:113 +#: src/sesh.c:146 src/sesh.c:152 src/sesh.c:159 src/sesh.c:165 src/sesh.c:410 +#: src/sudo.c:639 src/sudo.c:709 src/sudo.c:719 src/sudo.c:744 src/sudo.c:767 +#: src/sudo.c:776 src/sudo.c:785 src/sudo.c:802 src/sudo.c:844 src/sudo.c:854 +#: src/sudo.c:883 src/sudo.c:1083 src/sudo.c:1104 src/sudo.c:1397 +#: src/sudo.c:1566 src/sudo.c:1793 src/sudo.c:2127 src/sudo_edit.c:89 +#: src/sudo_edit.c:149 src/sudo_edit.c:429 src/sudo_edit.c:438 +#: src/sudo_edit.c:539 src/sudo_edit.c:546 src/sudo_edit.c:677 +#: src/sudo_edit.c:697 src/sudo_intercept_common.c:113 +#: src/sudo_intercept_common.c:317 #, c-format msgid "%s: %s" msgstr "" #: lib/util/aix.c:272 lib/util/gidlist.c:66 lib/util/json.c:55 -#: lib/util/json.c:184 lib/util/sudo_conf.c:199 lib/util/sudo_conf.c:284 -#: lib/util/sudo_conf.c:361 lib/util/sudo_conf.c:647 src/conversation.c:81 -#: src/exec_common.c:106 src/exec_common.c:123 src/exec_common.c:132 -#: src/exec_monitor.c:455 src/exec_monitor.c:461 src/exec_monitor.c:469 -#: src/exec_monitor.c:477 src/exec_monitor.c:484 src/exec_monitor.c:491 -#: src/exec_monitor.c:498 src/exec_monitor.c:505 src/exec_monitor.c:512 -#: src/exec_monitor.c:519 src/exec_monitor.c:526 src/exec_nopty.c:212 -#: src/exec_nopty.c:221 src/exec_nopty.c:228 src/exec_nopty.c:235 -#: src/exec_nopty.c:242 src/exec_nopty.c:249 src/exec_nopty.c:256 -#: src/exec_nopty.c:263 src/exec_nopty.c:270 src/exec_nopty.c:277 -#: src/exec_nopty.c:284 src/exec_nopty.c:291 src/exec_nopty.c:299 -#: src/exec_pty.c:834 src/exec_pty.c:843 src/exec_pty.c:900 src/exec_pty.c:1225 -#: src/exec_pty.c:1234 src/exec_pty.c:1241 src/exec_pty.c:1248 -#: src/exec_pty.c:1255 src/exec_pty.c:1262 src/exec_pty.c:1269 -#: src/exec_pty.c:1276 src/exec_pty.c:1283 src/exec_pty.c:1290 -#: src/exec_pty.c:1297 src/exec_pty.c:1305 src/exec_pty.c:1747 -#: src/load_plugins.c:163 src/load_plugins.c:188 src/load_plugins.c:223 -#: src/load_plugins.c:455 src/load_plugins.c:461 src/parse_args.c:181 -#: src/parse_args.c:203 src/parse_args.c:275 src/parse_args.c:616 -#: src/parse_args.c:638 src/parse_args.c:663 src/preserve_fds.c:46 -#: src/preserve_fds.c:131 src/selinux.c:90 src/selinux.c:360 src/selinux.c:489 -#: src/selinux.c:498 src/sesh.c:110 src/sesh.c:408 src/sudo.c:236 -#: src/sudo.c:632 src/sudo.c:868 src/sudo.c:1054 src/sudo.c:1076 -#: src/sudo.c:1378 src/sudo.c:1551 src/sudo.c:1776 src/sudo.c:2120 -#: src/sudo_edit.c:89 src/sudo_edit.c:151 src/sudo_edit.c:431 -#: src/sudo_edit.c:440 src/sudo_edit.c:539 src/sudo_edit.c:546 -#: src/sudo_edit.c:682 src/sudo_edit.c:702 +#: lib/util/json.c:184 lib/util/sudo_conf.c:219 lib/util/sudo_conf.c:304 +#: lib/util/sudo_conf.c:381 lib/util/sudo_conf.c:665 src/conversation.c:81 +#: src/exec_intercept.c:100 src/exec_intercept.c:330 src/exec_intercept.c:354 +#: src/exec_intercept.c:377 src/exec_intercept.c:385 src/exec_intercept.c:410 +#: src/exec_intercept.c:416 src/exec_intercept.c:425 src/exec_intercept.c:431 +#: src/exec_intercept.c:565 src/exec_intercept.c:706 src/exec_monitor.c:456 +#: src/exec_monitor.c:462 src/exec_monitor.c:470 src/exec_monitor.c:478 +#: src/exec_monitor.c:485 src/exec_monitor.c:492 src/exec_monitor.c:499 +#: src/exec_monitor.c:506 src/exec_monitor.c:513 src/exec_monitor.c:520 +#: src/exec_monitor.c:527 src/exec_nopty.c:219 src/exec_nopty.c:228 +#: src/exec_nopty.c:235 src/exec_nopty.c:242 src/exec_nopty.c:249 +#: src/exec_nopty.c:256 src/exec_nopty.c:263 src/exec_nopty.c:270 +#: src/exec_nopty.c:277 src/exec_nopty.c:284 src/exec_nopty.c:291 +#: src/exec_nopty.c:298 src/exec_nopty.c:306 src/exec_preload.c:143 +#: src/exec_preload.c:204 src/exec_pty.c:840 src/exec_pty.c:849 +#: src/exec_pty.c:906 src/exec_pty.c:1231 src/exec_pty.c:1240 +#: src/exec_pty.c:1247 src/exec_pty.c:1254 src/exec_pty.c:1261 +#: src/exec_pty.c:1268 src/exec_pty.c:1275 src/exec_pty.c:1282 +#: src/exec_pty.c:1289 src/exec_pty.c:1296 src/exec_pty.c:1303 +#: src/exec_pty.c:1311 src/exec_pty.c:1774 src/load_plugins.c:156 +#: src/load_plugins.c:181 src/load_plugins.c:217 src/load_plugins.c:449 +#: src/load_plugins.c:455 src/parse_args.c:192 src/parse_args.c:214 +#: src/parse_args.c:287 src/parse_args.c:632 src/parse_args.c:654 +#: src/parse_args.c:679 src/preserve_fds.c:46 src/preserve_fds.c:131 +#: src/selinux.c:89 src/selinux.c:362 src/selinux.c:474 src/selinux.c:483 +#: src/sesh.c:113 src/sesh.c:411 src/sudo.c:230 src/sudo.c:639 src/sudo.c:883 +#: src/sudo.c:1083 src/sudo.c:1104 src/sudo.c:1397 src/sudo.c:1566 +#: src/sudo.c:1793 src/sudo.c:2127 src/sudo_edit.c:89 src/sudo_edit.c:149 +#: src/sudo_edit.c:429 src/sudo_edit.c:438 src/sudo_edit.c:539 +#: src/sudo_edit.c:546 src/sudo_edit.c:677 src/sudo_edit.c:697 +#: src/sudo_intercept_common.c:113 src/sudo_intercept_common.c:317 msgid "unable to allocate memory" msgstr "" -#: lib/util/mkdir_parents.c:69 lib/util/sudo_conf.c:686 src/selinux.c:234 -#: src/selinux.c:264 src/sudo.c:367 src/sudo_edit.c:496 src/sudo_edit.c:559 +#: lib/util/mkdir_parents.c:63 #, c-format -msgid "unable to open %s" +msgid "unable to stat %.*s" msgstr "" -#: lib/util/mkdir_parents.c:84 +#: lib/util/mkdir_parents.c:69 #, c-format -msgid "unable to mkdir %s" +msgid "%.*s exists but is not a directory (0%o)" msgstr "" -#: lib/util/mkdir_parents.c:93 lib/util/sudo_conf.c:663 src/copy_file.c:150 +#: lib/util/mkdir_parents.c:102 lib/util/sudo_conf.c:704 src/selinux.c:235 +#: src/selinux.c:265 src/sudo.c:371 src/sudo_edit.c:494 src/sudo_edit.c:559 #, c-format -msgid "unable to stat %s" +msgid "unable to open %s" +msgstr "" + +#: lib/util/mkdir_parents.c:119 lib/util/mkdir_parents.c:127 +#: lib/util/mkdir_parents.c:136 +#, c-format +msgid "unable to open %.*s" msgstr "" -#: lib/util/mkdir_parents.c:98 +#: lib/util/mkdir_parents.c:157 #, c-format -msgid "%s exists but is not a directory (0%o)" +msgid "unable to mkdir %.*s" msgstr "" #: lib/util/strsignal.c:50 @@ -122,7 +133,7 @@ msgstr "" #: lib/util/strtoid.c:87 lib/util/strtomode.c:52 lib/util/strtonum.c:148 -#: lib/util/strtonum.c:187 src/sesh.c:143 src/sesh.c:156 +#: lib/util/strtonum.c:187 src/sesh.c:146 src/sesh.c:159 msgid "invalid value" msgstr "" @@ -134,42 +145,47 @@ msgid "value too small" msgstr "" -#: lib/util/sudo_conf.c:217 +#: lib/util/sudo_conf.c:237 #, c-format msgid "invalid Path value \"%s\" in %s, line %u" msgstr "" -#: lib/util/sudo_conf.c:383 lib/util/sudo_conf.c:399 lib/util/sudo_conf.c:452 +#: lib/util/sudo_conf.c:403 lib/util/sudo_conf.c:419 lib/util/sudo_conf.c:472 #, c-format msgid "invalid value for %s \"%s\" in %s, line %u" msgstr "" -#: lib/util/sudo_conf.c:420 +#: lib/util/sudo_conf.c:440 #, c-format msgid "unsupported group source \"%s\" in %s, line %u" msgstr "" -#: lib/util/sudo_conf.c:436 +#: lib/util/sudo_conf.c:456 #, c-format msgid "invalid max groups \"%s\" in %s, line %u" msgstr "" -#: lib/util/sudo_conf.c:666 +#: lib/util/sudo_conf.c:681 src/copy_file.c:150 +#, c-format +msgid "unable to stat %s" +msgstr "" + +#: lib/util/sudo_conf.c:684 #, c-format msgid "%s is not a regular file" msgstr "" -#: lib/util/sudo_conf.c:669 src/copy_file.c:162 +#: lib/util/sudo_conf.c:687 src/copy_file.c:163 #, c-format msgid "%s is owned by uid %u, should be %u" msgstr "" -#: lib/util/sudo_conf.c:673 +#: lib/util/sudo_conf.c:691 #, c-format msgid "%s is world writable" msgstr "" -#: lib/util/sudo_conf.c:676 +#: lib/util/sudo_conf.c:694 #, c-format msgid "%s is group writable" msgstr "" @@ -189,12 +205,12 @@ msgid "unable to read from %s" msgstr "" -#: src/copy_file.c:136 src/sudo_edit.c:322 +#: src/copy_file.c:136 src/sudo_edit.c:320 #, c-format msgid "unable to write to %s" msgstr "" -#: src/copy_file.c:154 src/sesh.c:215 src/sudo_edit.c:199 +#: src/copy_file.c:154 src/sesh.c:218 src/sudo_edit.c:197 #, c-format msgid "%s: not a regular file" msgstr "" @@ -204,54 +220,102 @@ msgid "%s: bad file mode: 0%o" msgstr "" -#: src/edit_open.c:265 +#: src/edit_open.c:331 msgid "unable to restore current working directory" msgstr "" -#: src/exec.c:128 +#: src/exec.c:130 #, c-format msgid "unknown login class %s" msgstr "" -#: src/exec.c:140 +#: src/exec.c:142 msgid "unable to set user context" msgstr "" -#: src/exec.c:156 +#: src/exec.c:158 msgid "unable to set process priority" msgstr "" -#: src/exec.c:170 +#: src/exec.c:175 #, c-format msgid "unable to change root to %s" msgstr "" -#: src/exec.c:183 src/exec.c:189 src/exec.c:196 +#: src/exec.c:188 src/exec.c:194 src/exec.c:201 #, c-format msgid "unable to change to runas uid (%u, %u)" msgstr "" -#: src/exec.c:214 +#: src/exec.c:219 #, c-format msgid "unable to change directory to %s" msgstr "" -#: src/exec.c:218 +#: src/exec.c:223 #, c-format msgid "starting from %s" msgstr "" -#: src/exec.c:300 src/exec_monitor.c:564 src/exec_monitor.c:566 -#: src/exec_nopty.c:531 src/exec_pty.c:575 src/exec_pty.c:1393 -#: src/exec_pty.c:1395 src/signal.c:139 src/signal.c:153 +#: src/exec.c:305 src/exec_monitor.c:565 src/exec_monitor.c:567 +#: src/exec_nopty.c:561 src/exec_pty.c:581 src/exec_pty.c:1411 +#: src/exec_pty.c:1413 src/signal.c:144 src/signal.c:151 src/signal.c:165 #, c-format msgid "unable to set handler for signal %d" msgstr "" -#: src/exec_common.c:165 +#: src/exec_common.c:56 msgid "unable to remove PRIV_PROC_EXEC from PRIV_LIMIT" msgstr "" +#: src/exec_intercept.c:112 src/exec_intercept.c:116 src/exec_intercept.c:667 +#: src/exec_intercept.c:671 src/exec_intercept.c:857 src/exec_intercept.c:861 +#: src/exec_intercept.c:872 src/exec_intercept.c:876 src/exec_monitor.c:464 +#: src/exec_monitor.c:472 src/exec_monitor.c:480 src/exec_monitor.c:487 +#: src/exec_monitor.c:494 src/exec_monitor.c:501 src/exec_monitor.c:508 +#: src/exec_monitor.c:515 src/exec_monitor.c:522 src/exec_monitor.c:529 +#: src/exec_nopty.c:221 src/exec_nopty.c:230 src/exec_nopty.c:237 +#: src/exec_nopty.c:244 src/exec_nopty.c:251 src/exec_nopty.c:258 +#: src/exec_nopty.c:265 src/exec_nopty.c:272 src/exec_nopty.c:279 +#: src/exec_nopty.c:286 src/exec_nopty.c:293 src/exec_nopty.c:300 +#: src/exec_nopty.c:308 src/exec_pty.c:706 src/exec_pty.c:711 +#: src/exec_pty.c:808 src/exec_pty.c:815 src/exec_pty.c:912 src/exec_pty.c:1233 +#: src/exec_pty.c:1242 src/exec_pty.c:1249 src/exec_pty.c:1256 +#: src/exec_pty.c:1263 src/exec_pty.c:1270 src/exec_pty.c:1277 +#: src/exec_pty.c:1284 src/exec_pty.c:1291 src/exec_pty.c:1298 +#: src/exec_pty.c:1305 src/exec_pty.c:1727 src/exec_pty.c:1737 +#: src/exec_pty.c:1782 src/exec_pty.c:1789 src/exec_pty.c:1816 +msgid "unable to add event to queue" +msgstr "" + +#: src/exec_intercept.c:314 +msgid "invalid PolicyCheckRequest" +msgstr "" + +#: src/exec_intercept.c:362 src/sudo.c:1209 src/sudo.c:1254 src/sudo.c:1298 +msgid "command rejected by policy" +msgstr "" + +#: src/exec_intercept.c:455 src/sudo.c:1214 src/sudo.c:1259 src/sudo.c:1303 +#: src/sudo.c:1377 +msgid "policy plugin error" +msgstr "" + +#: src/exec_intercept.c:561 +#, c-format +msgid "client request too large: %zu" +msgstr "" + +#: src/exec_intercept.c:659 +#, c-format +msgid "unexpected type_case value %d in %s from %s" +msgstr "" + +#: src/exec_intercept.c:694 +#, c-format +msgid "server message too large: %zu" +msgstr "" + #: src/exec_monitor.c:360 msgid "error reading from socketpair" msgstr "" @@ -261,451 +325,422 @@ msgid "unexpected reply type on backchannel: %d" msgstr "" -#: src/exec_monitor.c:463 src/exec_monitor.c:471 src/exec_monitor.c:479 -#: src/exec_monitor.c:486 src/exec_monitor.c:493 src/exec_monitor.c:500 -#: src/exec_monitor.c:507 src/exec_monitor.c:514 src/exec_monitor.c:521 -#: src/exec_monitor.c:528 src/exec_nopty.c:214 src/exec_nopty.c:223 -#: src/exec_nopty.c:230 src/exec_nopty.c:237 src/exec_nopty.c:244 -#: src/exec_nopty.c:251 src/exec_nopty.c:258 src/exec_nopty.c:265 -#: src/exec_nopty.c:272 src/exec_nopty.c:279 src/exec_nopty.c:286 -#: src/exec_nopty.c:293 src/exec_nopty.c:301 src/exec_pty.c:700 -#: src/exec_pty.c:705 src/exec_pty.c:802 src/exec_pty.c:809 src/exec_pty.c:906 -#: src/exec_pty.c:1227 src/exec_pty.c:1236 src/exec_pty.c:1243 -#: src/exec_pty.c:1250 src/exec_pty.c:1257 src/exec_pty.c:1264 -#: src/exec_pty.c:1271 src/exec_pty.c:1278 src/exec_pty.c:1285 -#: src/exec_pty.c:1292 src/exec_pty.c:1299 src/exec_pty.c:1700 -#: src/exec_pty.c:1710 src/exec_pty.c:1755 src/exec_pty.c:1762 -#: src/exec_pty.c:1789 -msgid "unable to add event to queue" -msgstr "" - -#: src/exec_monitor.c:582 +#: src/exec_monitor.c:583 msgid "unable to set controlling tty" msgstr "" -#: src/exec_monitor.c:590 src/exec_nopty.c:358 src/exec_pty.c:1472 -#: src/exec_pty.c:1493 src/exec_pty.c:1513 src/tgetpass.c:306 +#: src/exec_monitor.c:591 src/exec_nopty.c:369 src/exec_pty.c:1490 +#: src/exec_pty.c:1511 src/exec_pty.c:1531 src/tgetpass.c:307 msgid "unable to create pipe" msgstr "" -#: src/exec_monitor.c:598 +#: src/exec_monitor.c:601 msgid "unable to receive message from parent" msgstr "" -#: src/exec_monitor.c:612 src/exec_nopty.c:387 src/exec_pty.c:1551 -#: src/sudo_edit.c:363 src/tgetpass.c:310 +#: src/exec_monitor.c:617 src/exec_nopty.c:407 src/exec_pty.c:1569 +#: src/sudo_edit.c:361 src/tgetpass.c:311 msgid "unable to fork" msgstr "" -#: src/exec_monitor.c:616 src/exec_monitor.c:715 src/exec_nopty.c:441 +#: src/exec_monitor.c:621 src/exec_monitor.c:722 src/exec_nopty.c:471 msgid "unable to restore tty label" msgstr "" -#: src/exec_monitor.c:632 src/sesh.c:120 src/sudo.c:1132 +#: src/exec_monitor.c:637 src/sesh.c:123 src/sudo.c:1160 #, c-format msgid "unable to execute %s" msgstr "" -#: src/exec_nopty.c:352 src/exec_pty.c:1402 +#: src/exec_nopty.c:363 src/exec_pty.c:1420 msgid "policy plugin failed session initialization" msgstr "" -#: src/exec_nopty.c:429 src/exec_pty.c:1639 +#: src/exec_nopty.c:377 src/exec_pty.c:1391 src/exec_pty.c:1399 +msgid "unable to create sockets" +msgstr "" + +#: src/exec_nopty.c:459 src/exec_pty.c:1666 msgid "error in event loop" msgstr "" -#: src/exec_nopty.c:539 src/exec_pty.c:613 src/signal.c:101 +#: src/exec_nopty.c:569 src/exec_pty.c:619 src/signal.c:101 #, c-format msgid "unable to restore handler for signal %d" msgstr "" -#: src/exec_pty.c:152 +#: src/exec_pty.c:158 msgid "unable to allocate pty" msgstr "" -#: src/exec_pty.c:216 src/exec_pty.c:256 src/exec_pty.c:296 src/exec_pty.c:347 -#: src/exec_pty.c:398 +#: src/exec_pty.c:222 src/exec_pty.c:262 src/exec_pty.c:302 src/exec_pty.c:353 +#: src/exec_pty.c:404 msgid "I/O plugin error" msgstr "" -#: src/exec_pty.c:220 src/exec_pty.c:260 src/exec_pty.c:300 src/exec_pty.c:351 -#: src/exec_pty.c:402 +#: src/exec_pty.c:226 src/exec_pty.c:266 src/exec_pty.c:306 src/exec_pty.c:357 +#: src/exec_pty.c:408 msgid "command rejected by I/O plugin" msgstr "" -#: src/exec_pty.c:449 +#: src/exec_pty.c:455 msgid "error logging suspend" msgstr "" -#: src/exec_pty.c:483 +#: src/exec_pty.c:489 msgid "error changing window size" msgstr "" -#: src/exec_pty.c:1382 -msgid "unable to create sockets" -msgstr "" - -#: src/exec_pty.c:1594 +#: src/exec_pty.c:1615 msgid "unable to send message to monitor process" msgstr "" -#: src/load_plugins.c:50 src/load_plugins.c:63 src/load_plugins.c:85 -#: src/load_plugins.c:115 src/load_plugins.c:129 src/load_plugins.c:135 -#: src/load_plugins.c:283 src/load_plugins.c:293 src/load_plugins.c:303 -#: src/load_plugins.c:350 +#: src/load_plugins.c:108 src/load_plugins.c:122 src/load_plugins.c:128 +#: src/load_plugins.c:277 src/load_plugins.c:287 src/load_plugins.c:297 +#: src/load_plugins.c:344 #, c-format msgid "error in %s, line %d while loading plugin \"%s\"" msgstr "" -#: src/load_plugins.c:87 -#, c-format -msgid "%s%s: %s" -msgstr "" - -#: src/load_plugins.c:131 +#: src/load_plugins.c:124 #, c-format msgid "%s must be owned by uid %d" msgstr "" -#: src/load_plugins.c:137 +#: src/load_plugins.c:130 #, c-format msgid "%s must be only be writable by owner" msgstr "" -#: src/load_plugins.c:247 src/load_plugins.c:318 +#: src/load_plugins.c:241 src/load_plugins.c:312 #, c-format msgid "ignoring duplicate plugin \"%s\" in %s, line %d" msgstr "" -#: src/load_plugins.c:285 +#: src/load_plugins.c:279 #, c-format msgid "unable to load %s: %s" msgstr "" -#: src/load_plugins.c:295 +#: src/load_plugins.c:289 #, c-format msgid "unable to find symbol \"%s\" in %s" msgstr "" -#: src/load_plugins.c:305 +#: src/load_plugins.c:299 #, c-format msgid "incompatible plugin major version %d (expected %d) found in %s" msgstr "" -#: src/load_plugins.c:323 +#: src/load_plugins.c:317 #, c-format msgid "ignoring policy plugin \"%s\" in %s, line %d" msgstr "" -#: src/load_plugins.c:326 +#: src/load_plugins.c:320 msgid "only a single policy plugin may be specified" msgstr "" -#: src/load_plugins.c:352 +#: src/load_plugins.c:346 #, c-format msgid "unknown plugin type %d found in %s" msgstr "" -#: src/load_plugins.c:535 +#: src/load_plugins.c:529 #, c-format msgid "policy plugin %s does not include a check_policy method" msgstr "" -#: src/net_ifs.c:179 src/net_ifs.c:197 src/net_ifs.c:343 src/sudo.c:479 -#: src/sudo_edit.c:400 src/sudo_edit.c:408 +#: src/net_ifs.c:210 src/net_ifs.c:376 src/net_ifs.c:437 src/net_ifs.c:624 +#: src/net_ifs.c:855 src/sudo.c:486 src/sudo_edit.c:398 src/sudo_edit.c:406 #, c-format msgid "internal error, %s overflow" msgstr "" -#: src/parse_args.c:223 +#: src/parse_args.c:234 #, c-format msgid "invalid environment variable name: %s" msgstr "" -#: src/parse_args.c:325 +#: src/parse_args.c:337 msgid "the argument to -C must be a number greater than or equal to 3" msgstr "" -#: src/parse_args.c:552 +#: src/parse_args.c:568 msgid "you may not specify both the -i and -s options" msgstr "" -#: src/parse_args.c:557 +#: src/parse_args.c:573 msgid "you may not specify both the -i and -E options" msgstr "" -#: src/parse_args.c:567 +#: src/parse_args.c:583 msgid "the -E option is not valid in edit mode" msgstr "" -#: src/parse_args.c:570 +#: src/parse_args.c:586 msgid "you may not specify environment variables in edit mode" msgstr "" -#: src/parse_args.c:580 +#: src/parse_args.c:596 msgid "the -U option may only be used with the -l option" msgstr "" -#: src/parse_args.c:584 +#: src/parse_args.c:600 msgid "the -A and -S options may not be used together" msgstr "" -#: src/parse_args.c:677 +#: src/parse_args.c:693 msgid "sudoedit is not supported on this platform" msgstr "" -#: src/parse_args.c:759 +#: src/parse_args.c:776 msgid "" "Only one of the -e, -h, -i, -K, -l, -s, -v or -V options may be specified" msgstr "" -#: src/parse_args.c:773 +#: src/parse_args.c:792 #, c-format msgid "" "%s - edit files as another user\n" "\n" msgstr "" -#: src/parse_args.c:775 +#: src/parse_args.c:794 #, c-format msgid "" "%s - execute a command as another user\n" "\n" msgstr "" -#: src/parse_args.c:780 +#: src/parse_args.c:800 msgid "" "\n" "Options:\n" msgstr "" -#: src/parse_args.c:782 +#: src/parse_args.c:802 msgid "use a helper program for password prompting" msgstr "" -#: src/parse_args.c:785 +#: src/parse_args.c:805 msgid "use specified BSD authentication type" msgstr "" -#: src/parse_args.c:788 +#: src/parse_args.c:809 msgid "run command in the background" msgstr "" -#: src/parse_args.c:790 +#: src/parse_args.c:812 msgid "ring bell when prompting" msgstr "" -#: src/parse_args.c:792 +#: src/parse_args.c:814 msgid "close all file descriptors >= num" msgstr "" -#: src/parse_args.c:795 +#: src/parse_args.c:817 msgid "run command with the specified BSD login class" msgstr "" -#: src/parse_args.c:798 +#: src/parse_args.c:820 msgid "change the working directory before running command" msgstr "" -#: src/parse_args.c:800 +#: src/parse_args.c:823 msgid "preserve user environment when running command" msgstr "" -#: src/parse_args.c:802 +#: src/parse_args.c:825 msgid "preserve specific environment variables" msgstr "" -#: src/parse_args.c:804 +#: src/parse_args.c:827 msgid "edit files instead of running a command" msgstr "" -#: src/parse_args.c:806 +#: src/parse_args.c:830 msgid "run command as the specified group name or ID" msgstr "" -#: src/parse_args.c:808 +#: src/parse_args.c:833 msgid "set HOME variable to target user's home dir" msgstr "" -#: src/parse_args.c:810 +#: src/parse_args.c:836 msgid "display help message and exit" msgstr "" -#: src/parse_args.c:812 +#: src/parse_args.c:838 msgid "run command on host (if supported by plugin)" msgstr "" -#: src/parse_args.c:814 +#: src/parse_args.c:841 msgid "run login shell as the target user; a command may also be specified" msgstr "" -#: src/parse_args.c:816 +#: src/parse_args.c:843 msgid "remove timestamp file completely" msgstr "" -#: src/parse_args.c:818 +#: src/parse_args.c:846 msgid "invalidate timestamp file" msgstr "" -#: src/parse_args.c:820 +#: src/parse_args.c:849 msgid "" "list user's privileges or check a specific command; use twice for longer " "format" msgstr "" -#: src/parse_args.c:822 +#: src/parse_args.c:852 msgid "non-interactive mode, no prompts are used" msgstr "" -#: src/parse_args.c:824 +#: src/parse_args.c:855 msgid "preserve group vector instead of setting to target's" msgstr "" -#: src/parse_args.c:826 +#: src/parse_args.c:858 msgid "use the specified password prompt" msgstr "" -#: src/parse_args.c:828 +#: src/parse_args.c:860 msgid "change the root directory before running command" msgstr "" -#: src/parse_args.c:831 +#: src/parse_args.c:863 msgid "create SELinux security context with specified role" msgstr "" -#: src/parse_args.c:834 +#: src/parse_args.c:866 msgid "read password from standard input" msgstr "" -#: src/parse_args.c:836 +#: src/parse_args.c:869 msgid "run shell as the target user; a command may also be specified" msgstr "" -#: src/parse_args.c:839 +#: src/parse_args.c:873 msgid "create SELinux security context with specified type" msgstr "" -#: src/parse_args.c:842 +#: src/parse_args.c:876 msgid "terminate command after the specified time limit" msgstr "" -#: src/parse_args.c:844 +#: src/parse_args.c:879 msgid "in list mode, display privileges for user" msgstr "" -#: src/parse_args.c:846 +#: src/parse_args.c:882 msgid "run command (or edit file) as specified user name or ID" msgstr "" -#: src/parse_args.c:848 +#: src/parse_args.c:884 msgid "display version information and exit" msgstr "" -#: src/parse_args.c:850 +#: src/parse_args.c:887 msgid "update user's timestamp without running a command" msgstr "" -#: src/parse_args.c:852 +#: src/parse_args.c:890 msgid "stop processing command line arguments" msgstr "" -#: src/selinux.c:84 +#: src/selinux.c:83 msgid "unable to open audit system" msgstr "" -#: src/selinux.c:94 +#: src/selinux.c:93 msgid "unable to send audit message" msgstr "" -#: src/selinux.c:128 +#: src/selinux.c:129 #, c-format msgid "unable to fgetfilecon %s" msgstr "" -#: src/selinux.c:133 +#: src/selinux.c:134 #, c-format msgid "%s changed labels" msgstr "" -#: src/selinux.c:141 +#: src/selinux.c:142 #, c-format msgid "unable to restore context for %s" msgstr "" -#: src/selinux.c:189 +#: src/selinux.c:190 #, c-format msgid "unable to open %s, not relabeling tty" msgstr "" -#: src/selinux.c:193 src/selinux.c:238 src/selinux.c:268 +#: src/selinux.c:194 src/selinux.c:239 src/selinux.c:269 #, c-format msgid "%s is not a character device, not relabeling tty" msgstr "" -#: src/selinux.c:202 +#: src/selinux.c:203 msgid "unable to get current tty context, not relabeling tty" msgstr "" -#: src/selinux.c:209 +#: src/selinux.c:210 msgid "unknown security class \"chr_file\", not relabeling tty" msgstr "" -#: src/selinux.c:214 +#: src/selinux.c:215 msgid "unable to get new tty context, not relabeling tty" msgstr "" -#: src/selinux.c:223 +#: src/selinux.c:224 msgid "unable to set new tty context" msgstr "" -#: src/selinux.c:321 +#: src/selinux.c:323 #, c-format msgid "you must specify a role for type %s" msgstr "" -#: src/selinux.c:327 +#: src/selinux.c:329 #, c-format msgid "unable to get default type for role %s" msgstr "" -#: src/selinux.c:339 +#: src/selinux.c:341 msgid "failed to get new context" msgstr "" -#: src/selinux.c:348 +#: src/selinux.c:350 #, c-format msgid "failed to set new role %s" msgstr "" -#: src/selinux.c:352 +#: src/selinux.c:354 #, c-format msgid "failed to set new type %s" msgstr "" -#: src/selinux.c:364 +#: src/selinux.c:366 #, c-format msgid "%s is not a valid context" msgstr "" -#: src/selinux.c:396 +#: src/selinux.c:394 msgid "failed to get old context" msgstr "" -#: src/selinux.c:402 +#: src/selinux.c:400 msgid "unable to determine enforcing mode." msgstr "" -#: src/selinux.c:419 -#, c-format -msgid "unable to set tty context to %s" -msgstr "" - -#: src/selinux.c:440 +#: src/selinux.c:425 #, c-format msgid "unable to set exec context to %s" msgstr "" -#: src/selinux.c:447 +#: src/selinux.c:432 #, c-format msgid "unable to set key creation context to %s" msgstr "" @@ -714,33 +749,33 @@ msgid "requires at least one argument" msgstr "" -#: src/sesh.c:101 +#: src/sesh.c:104 #, c-format msgid "invalid file descriptor number: %s" msgstr "" -#: src/sesh.c:115 +#: src/sesh.c:118 #, c-format msgid "unable to run %s as a login shell" msgstr "" -#: src/sesh.c:197 src/sesh.c:297 src/sudo_edit.c:206 +#: src/sesh.c:200 src/sesh.c:300 src/sudo_edit.c:204 #, c-format msgid "%s: editing symbolic links is not permitted" msgstr "" -#: src/sesh.c:200 src/sesh.c:300 src/sudo_edit.c:209 +#: src/sesh.c:203 src/sesh.c:303 src/sudo_edit.c:207 #, c-format msgid "%s: editing files in a writable directory is not permitted" msgstr "" -#: src/sesh.c:284 src/sesh.c:305 src/sesh.c:314 src/sesh.c:322 -#: src/sudo_edit.c:333 +#: src/sesh.c:287 src/sesh.c:308 src/sesh.c:317 src/sesh.c:325 +#: src/sudo_edit.c:331 #, c-format msgid "contents of edit session left in %s" msgstr "" -#: src/sesh.c:412 src/sudo_edit.c:93 +#: src/sesh.c:416 src/sudo_edit.c:94 msgid "unable to get group list" msgstr "" @@ -792,201 +827,213 @@ msgid "warning, resource control assignment failed for project \"%s\"" msgstr "" -#: src/sudo.c:222 +#: src/sudo.c:216 #, c-format msgid "Sudo version %s\n" msgstr "" -#: src/sudo.c:224 +#: src/sudo.c:218 #, c-format msgid "Configure options: %s\n" msgstr "" -#: src/sudo.c:232 +#: src/sudo.c:226 msgid "fatal error, unable to load plugins" msgstr "" -#: src/sudo.c:278 +#: src/sudo.c:272 msgid "plugin did not return a command to execute" msgstr "" -#: src/sudo.c:310 +#: src/sudo.c:305 #, c-format msgid "unexpected sudo mode 0x%x" msgstr "" -#: src/sudo.c:546 +#: src/sudo.c:553 #, c-format msgid "you do not exist in the %s database" msgstr "" -#: src/sudo.c:603 +#: src/sudo.c:610 msgid "unable to determine tty" msgstr "" -#: src/sudo.c:914 +#: src/sudo.c:908 +msgid "" +"The \"no new privileges\" flag is set, which prevents sudo from running as " +"root." +msgstr "" + +#: src/sudo.c:910 +msgid "" +"If sudo is running in a container, you may need to adjust the container " +"configuration to disable the flag." +msgstr "" + +#: src/sudo.c:944 #, c-format msgid "%s must be owned by uid %d and have the setuid bit set" msgstr "" -#: src/sudo.c:917 +#: src/sudo.c:947 #, c-format msgid "" "effective uid is not %d, is %s on a file system with the 'nosuid' option set " "or an NFS file system without root privileges?" msgstr "" -#: src/sudo.c:923 +#: src/sudo.c:953 #, c-format msgid "effective uid is not %d, is sudo installed setuid root?" msgstr "" -#: src/sudo.c:939 +#: src/sudo.c:969 src/tgetpass.c:333 msgid "unable to set supplementary group IDs" msgstr "" -#: src/sudo.c:946 +#: src/sudo.c:976 #, c-format msgid "unable to set effective gid to runas gid %u" msgstr "" -#: src/sudo.c:952 +#: src/sudo.c:982 #, c-format msgid "unable to set gid to runas gid %u" msgstr "" -#: src/sudo.c:995 +#: src/sudo.c:1025 #, c-format msgid "unexpected child termination condition: %d" msgstr "" -#: src/sudo.c:1104 +#: src/sudo.c:1132 msgid "unable to initialize policy plugin" msgstr "" -#: src/sudo.c:1167 +#: src/sudo.c:1194 #, c-format msgid "policy plugin %s is missing the \"check_policy\" method" msgstr "" -#: src/sudo.c:1182 src/sudo.c:1235 src/sudo.c:1279 -msgid "command rejected by policy" -msgstr "" - -#: src/sudo.c:1187 src/sudo.c:1240 src/sudo.c:1284 src/sudo.c:1358 -msgid "policy plugin error" -msgstr "" - -#: src/sudo.c:1221 +#: src/sudo.c:1240 #, c-format msgid "policy plugin %s does not support listing privileges" msgstr "" -#: src/sudo.c:1265 +#: src/sudo.c:1284 #, c-format msgid "policy plugin %s does not support the -v option" msgstr "" -#: src/sudo.c:1303 +#: src/sudo.c:1322 #, c-format msgid "policy plugin %s does not support the -k/-K options" msgstr "" -#: src/sudo.c:1436 +#: src/sudo.c:1451 #, c-format msgid "error initializing I/O plugin %s" msgstr "" -#: src/sudo.c:1590 +#: src/sudo.c:1454 +msgid "error initializing I/O plugin" +msgstr "" + +#: src/sudo.c:1603 #, c-format msgid "error initializing audit plugin %s" msgstr "" -#: src/sudo.c:1668 +#: src/sudo.c:1682 #, c-format msgid "%s: unable to log error event%s%s" msgstr "" -#: src/sudo.c:1703 +#: src/sudo.c:1718 #, c-format msgid "%s: unable to log accept event%s%s" msgstr "" -#: src/sudo.c:1708 src/sudo.c:1746 +#: src/sudo.c:1723 src/sudo.c:1761 msgid "audit plugin error" msgstr "" -#: src/sudo.c:1741 +#: src/sudo.c:1756 #, c-format msgid "%s: unable to log reject event%s%s" msgstr "" -#: src/sudo.c:1799 +#: src/sudo.c:1816 #, c-format msgid "error initializing approval plugin %s" msgstr "" -#: src/sudo.c:1875 +#: src/sudo.c:1886 msgid "command rejected by approver" msgstr "" -#: src/sudo.c:1884 +#: src/sudo.c:1896 msgid "approval plugin error" msgstr "" -#: src/sudo_edit.c:112 +#: src/sudo_edit.c:113 msgid "no writable temporary directory found" msgstr "" -#: src/sudo_edit.c:293 +#: src/sudo_edit.c:291 #, c-format msgid "%s left unmodified" msgstr "" -#: src/sudo_edit.c:306 src/sudo_edit.c:571 +#: src/sudo_edit.c:304 src/sudo_edit.c:571 #, c-format msgid "%s unchanged" msgstr "" -#: src/sudo_edit.c:483 +#: src/sudo_edit.c:481 msgid "sesh: internal error: odd number of paths" msgstr "" -#: src/sudo_edit.c:485 +#: src/sudo_edit.c:483 msgid "sesh: unable to create temporary files" msgstr "" -#: src/sudo_edit.c:487 src/sudo_edit.c:605 +#: src/sudo_edit.c:485 src/sudo_edit.c:609 msgid "sesh: killed by a signal" msgstr "" -#: src/sudo_edit.c:489 src/sudo_edit.c:608 +#: src/sudo_edit.c:487 src/sudo_edit.c:612 #, c-format msgid "sesh: unknown error %d" msgstr "" -#: src/sudo_edit.c:598 +#: src/sudo_edit.c:602 msgid "unable to copy temporary files back to their original location" msgstr "" -#: src/sudo_edit.c:602 +#: src/sudo_edit.c:606 msgid "" "unable to copy some of the temporary files back to their original location" msgstr "" -#: src/sudo_edit.c:645 +#: src/sudo_edit.c:649 #, c-format msgid "unable to change uid to root (%u)" msgstr "" -#: src/sudo_edit.c:666 +#: src/sudo_edit.c:670 msgid "plugin error: missing file list for sudoedit" msgstr "" -#: src/sudo_edit.c:717 src/sudo_edit.c:725 +#: src/sudo_edit.c:713 src/sudo_edit.c:727 msgid "unable to read the clock" msgstr "" +#: src/sudo_intercept_common.c:341 +msgid "intercept port not set" +msgstr "" + #: src/tgetpass.c:95 msgid "timed out reading password" msgstr "" @@ -1009,29 +1056,29 @@ msgid "no askpass program specified, try setting SUDO_ASKPASS" msgstr "" -#: src/tgetpass.c:327 +#: src/tgetpass.c:328 #, c-format msgid "unable to set gid to %u" msgstr "" -#: src/tgetpass.c:331 +#: src/tgetpass.c:338 #, c-format msgid "unable to set uid to %u" msgstr "" -#: src/tgetpass.c:336 +#: src/tgetpass.c:343 #, c-format msgid "unable to run %s" msgstr "" -#: src/utmp.c:287 +#: src/utmp.c:288 msgid "unable to save stdin" msgstr "" -#: src/utmp.c:289 +#: src/utmp.c:290 msgid "unable to dup2 stdin" msgstr "" -#: src/utmp.c:292 +#: src/utmp.c:293 msgid "unable to restore stdin" msgstr "" Binary files /tmp/tmpi0rdlgnl/ugezXHF7Xt/sudo-1.9.5p2/po/tr.mo and /tmp/tmpi0rdlgnl/jboyaHmwzR/sudo-1.9.9/po/tr.mo differ diff -Nru sudo-1.9.5p2/po/tr.po sudo-1.9.9/po/tr.po --- sudo-1.9.5p2/po/tr.po 2020-12-17 01:33:44.000000000 +0000 +++ sudo-1.9.9/po/tr.po 2022-01-27 21:24:22.000000000 +0000 @@ -1,13 +1,13 @@ # This file is put in the public domain. # This file is distributed under the same license as the sudo package. # Volkan Gezer , 2013, 2015. -# Mehmet Kececi , 2016, 2017, 2018, 2019, 2020. +# Mehmet Kececi , 2016, 2017, 2018, 2019, 2020, 2021. msgid "" msgstr "" -"Project-Id-Version: sudo 1.9.3b1\n" +"Project-Id-Version: sudo 1.9.9b1\n" "Report-Msgid-Bugs-To: https://bugzilla.sudo.ws\n" -"POT-Creation-Date: 2020-09-12 08:28-0600\n" -"PO-Revision-Date: 2020-09-14 14:10+0300\n" +"POT-Creation-Date: 2021-12-08 10:19-0700\n" +"PO-Revision-Date: 2021-12-17 11:59+0300\n" "Last-Translator: Mehmet Kececi \n" "Language-Team: Turkish \n" "Language: tr\n" @@ -15,7 +15,7 @@ "Content-Type: text/plain; charset=UTF-8\n" "Content-Transfer-Encoding: 8bit\n" "Plural-Forms: nplurals=1; plural=0;\n" -"X-Generator: Poedit 2.4.1\n" +"X-Generator: Poedit 3.0.1\n" "X-Bugs: Report translation errors to the Language-Team address.\n" #: lib/util/aix.c:89 lib/util/aix.c:169 @@ -32,87 +32,94 @@ msgstr "kayıt geri yüklenemiyor" #: lib/util/aix.c:272 lib/util/gidlist.c:66 lib/util/gidlist.c:76 -#: lib/util/json.c:54 lib/util/json.c:180 lib/util/sudo_conf.c:186 -#: lib/util/sudo_conf.c:272 lib/util/sudo_conf.c:349 lib/util/sudo_conf.c:575 -#: src/conversation.c:80 src/exec_common.c:106 src/exec_common.c:122 -#: src/exec_common.c:131 src/exec_monitor.c:206 src/exec_monitor.c:455 -#: src/exec_monitor.c:461 src/exec_monitor.c:469 src/exec_monitor.c:477 -#: src/exec_monitor.c:484 src/exec_monitor.c:491 src/exec_monitor.c:498 -#: src/exec_monitor.c:505 src/exec_monitor.c:512 src/exec_monitor.c:519 -#: src/exec_monitor.c:526 src/exec_nopty.c:212 src/exec_nopty.c:221 -#: src/exec_nopty.c:228 src/exec_nopty.c:235 src/exec_nopty.c:242 -#: src/exec_nopty.c:249 src/exec_nopty.c:256 src/exec_nopty.c:263 -#: src/exec_nopty.c:270 src/exec_nopty.c:277 src/exec_nopty.c:284 -#: src/exec_nopty.c:291 src/exec_nopty.c:299 src/exec_nopty.c:473 -#: src/exec_pty.c:827 src/exec_pty.c:836 src/exec_pty.c:893 -#: src/exec_pty.c:1046 src/exec_pty.c:1218 src/exec_pty.c:1227 -#: src/exec_pty.c:1234 src/exec_pty.c:1241 src/exec_pty.c:1248 -#: src/exec_pty.c:1255 src/exec_pty.c:1262 src/exec_pty.c:1269 -#: src/exec_pty.c:1276 src/exec_pty.c:1283 src/exec_pty.c:1290 -#: src/exec_pty.c:1298 src/exec_pty.c:1740 src/load_plugins.c:52 -#: src/load_plugins.c:65 src/load_plugins.c:163 src/load_plugins.c:188 -#: src/load_plugins.c:223 src/load_plugins.c:463 src/load_plugins.c:469 -#: src/parse_args.c:181 src/parse_args.c:202 src/parse_args.c:275 -#: src/parse_args.c:616 src/parse_args.c:638 src/parse_args.c:663 -#: src/preserve_fds.c:46 src/preserve_fds.c:131 src/selinux.c:90 -#: src/selinux.c:360 src/selinux.c:489 src/selinux.c:498 src/sesh.c:115 -#: src/sudo.c:632 src/sudo.c:701 src/sudo.c:711 src/sudo.c:732 src/sudo.c:751 -#: src/sudo.c:760 src/sudo.c:769 src/sudo.c:786 src/sudo.c:828 src/sudo.c:838 -#: src/sudo.c:867 src/sudo.c:1053 src/sudo.c:1075 src/sudo.c:1373 -#: src/sudo.c:1546 src/sudo.c:1740 src/sudo.c:2084 src/sudo_edit.c:263 -#: src/sudo_edit.c:770 src/sudo_edit.c:854 src/sudo_edit.c:976 -#: src/sudo_edit.c:996 +#: lib/util/json.c:54 lib/util/json.c:183 lib/util/sudo_conf.c:218 +#: lib/util/sudo_conf.c:304 lib/util/sudo_conf.c:381 lib/util/sudo_conf.c:665 +#: src/conversation.c:80 src/exec_monitor.c:206 src/exec_monitor.c:456 +#: src/exec_monitor.c:462 src/exec_monitor.c:470 src/exec_monitor.c:478 +#: src/exec_monitor.c:485 src/exec_monitor.c:492 src/exec_monitor.c:499 +#: src/exec_monitor.c:506 src/exec_monitor.c:513 src/exec_monitor.c:520 +#: src/exec_monitor.c:527 src/exec_nopty.c:219 src/exec_nopty.c:228 +#: src/exec_nopty.c:235 src/exec_nopty.c:242 src/exec_nopty.c:249 +#: src/exec_nopty.c:256 src/exec_nopty.c:263 src/exec_nopty.c:270 +#: src/exec_nopty.c:277 src/exec_nopty.c:284 src/exec_nopty.c:291 +#: src/exec_nopty.c:298 src/exec_nopty.c:306 src/exec_nopty.c:503 +#: src/exec_preload.c:143 src/exec_preload.c:204 src/exec_pty.c:840 +#: src/exec_pty.c:849 src/exec_pty.c:906 src/exec_pty.c:1059 +#: src/exec_pty.c:1231 src/exec_pty.c:1240 src/exec_pty.c:1247 +#: src/exec_pty.c:1254 src/exec_pty.c:1261 src/exec_pty.c:1268 +#: src/exec_pty.c:1275 src/exec_pty.c:1282 src/exec_pty.c:1289 +#: src/exec_pty.c:1296 src/exec_pty.c:1303 src/exec_pty.c:1311 +#: src/exec_pty.c:1774 src/load_plugins.c:156 src/load_plugins.c:181 +#: src/load_plugins.c:217 src/load_plugins.c:449 src/load_plugins.c:455 +#: src/parse_args.c:190 src/parse_args.c:211 src/parse_args.c:285 +#: src/parse_args.c:630 src/parse_args.c:652 src/parse_args.c:677 +#: src/preserve_fds.c:46 src/preserve_fds.c:131 src/selinux.c:89 +#: src/selinux.c:369 src/selinux.c:489 src/selinux.c:498 src/sesh.c:113 +#: src/sesh.c:146 src/sesh.c:152 src/sesh.c:159 src/sesh.c:165 src/sesh.c:410 +#: src/sudo.c:636 src/sudo.c:706 src/sudo.c:716 src/sudo.c:741 src/sudo.c:764 +#: src/sudo.c:773 src/sudo.c:782 src/sudo.c:799 src/sudo.c:849 src/sudo.c:859 +#: src/sudo.c:888 src/sudo.c:1087 src/sudo.c:1108 src/sudo.c:1401 +#: src/sudo.c:1570 src/sudo.c:1797 src/sudo.c:2131 src/sudo_edit.c:89 +#: src/sudo_edit.c:149 src/sudo_edit.c:429 src/sudo_edit.c:438 +#: src/sudo_edit.c:539 src/sudo_edit.c:546 src/sudo_edit.c:677 +#: src/sudo_edit.c:697 src/sudo_intercept_common.c:113 +#: src/sudo_intercept_common.c:317 #, c-format msgid "%s: %s" msgstr "%s: %s" #: lib/util/aix.c:272 lib/util/gidlist.c:66 lib/util/json.c:55 -#: lib/util/json.c:181 lib/util/sudo_conf.c:187 lib/util/sudo_conf.c:272 -#: lib/util/sudo_conf.c:349 lib/util/sudo_conf.c:575 src/conversation.c:81 -#: src/exec_common.c:106 src/exec_common.c:123 src/exec_common.c:132 -#: src/exec_monitor.c:455 src/exec_monitor.c:461 src/exec_monitor.c:469 -#: src/exec_monitor.c:477 src/exec_monitor.c:484 src/exec_monitor.c:491 -#: src/exec_monitor.c:498 src/exec_monitor.c:505 src/exec_monitor.c:512 -#: src/exec_monitor.c:519 src/exec_monitor.c:526 src/exec_nopty.c:212 -#: src/exec_nopty.c:221 src/exec_nopty.c:228 src/exec_nopty.c:235 -#: src/exec_nopty.c:242 src/exec_nopty.c:249 src/exec_nopty.c:256 -#: src/exec_nopty.c:263 src/exec_nopty.c:270 src/exec_nopty.c:277 -#: src/exec_nopty.c:284 src/exec_nopty.c:291 src/exec_nopty.c:299 -#: src/exec_pty.c:827 src/exec_pty.c:836 src/exec_pty.c:893 -#: src/exec_pty.c:1218 src/exec_pty.c:1227 src/exec_pty.c:1234 -#: src/exec_pty.c:1241 src/exec_pty.c:1248 src/exec_pty.c:1255 -#: src/exec_pty.c:1262 src/exec_pty.c:1269 src/exec_pty.c:1276 -#: src/exec_pty.c:1283 src/exec_pty.c:1290 src/exec_pty.c:1298 -#: src/exec_pty.c:1740 src/load_plugins.c:163 src/load_plugins.c:188 -#: src/load_plugins.c:223 src/load_plugins.c:463 src/load_plugins.c:469 -#: src/parse_args.c:181 src/parse_args.c:203 src/parse_args.c:275 -#: src/parse_args.c:616 src/parse_args.c:638 src/parse_args.c:663 -#: src/preserve_fds.c:46 src/preserve_fds.c:131 src/selinux.c:90 -#: src/selinux.c:360 src/selinux.c:489 src/selinux.c:498 src/sesh.c:115 -#: src/sudo.c:235 src/sudo.c:632 src/sudo.c:867 src/sudo.c:1053 -#: src/sudo.c:1075 src/sudo.c:1373 src/sudo.c:1546 src/sudo.c:1740 -#: src/sudo.c:2084 src/sudo_edit.c:263 src/sudo_edit.c:770 src/sudo_edit.c:854 -#: src/sudo_edit.c:976 src/sudo_edit.c:996 +#: lib/util/json.c:184 lib/util/sudo_conf.c:219 lib/util/sudo_conf.c:304 +#: lib/util/sudo_conf.c:381 lib/util/sudo_conf.c:665 src/conversation.c:81 +#: src/exec_intercept.c:100 src/exec_intercept.c:330 src/exec_intercept.c:354 +#: src/exec_intercept.c:377 src/exec_intercept.c:385 src/exec_intercept.c:410 +#: src/exec_intercept.c:416 src/exec_intercept.c:425 src/exec_intercept.c:431 +#: src/exec_intercept.c:565 src/exec_intercept.c:706 src/exec_monitor.c:456 +#: src/exec_monitor.c:462 src/exec_monitor.c:470 src/exec_monitor.c:478 +#: src/exec_monitor.c:485 src/exec_monitor.c:492 src/exec_monitor.c:499 +#: src/exec_monitor.c:506 src/exec_monitor.c:513 src/exec_monitor.c:520 +#: src/exec_monitor.c:527 src/exec_nopty.c:219 src/exec_nopty.c:228 +#: src/exec_nopty.c:235 src/exec_nopty.c:242 src/exec_nopty.c:249 +#: src/exec_nopty.c:256 src/exec_nopty.c:263 src/exec_nopty.c:270 +#: src/exec_nopty.c:277 src/exec_nopty.c:284 src/exec_nopty.c:291 +#: src/exec_nopty.c:298 src/exec_nopty.c:306 src/exec_preload.c:143 +#: src/exec_preload.c:204 src/exec_pty.c:840 src/exec_pty.c:849 +#: src/exec_pty.c:906 src/exec_pty.c:1231 src/exec_pty.c:1240 +#: src/exec_pty.c:1247 src/exec_pty.c:1254 src/exec_pty.c:1261 +#: src/exec_pty.c:1268 src/exec_pty.c:1275 src/exec_pty.c:1282 +#: src/exec_pty.c:1289 src/exec_pty.c:1296 src/exec_pty.c:1303 +#: src/exec_pty.c:1311 src/exec_pty.c:1774 src/load_plugins.c:156 +#: src/load_plugins.c:181 src/load_plugins.c:217 src/load_plugins.c:449 +#: src/load_plugins.c:455 src/parse_args.c:190 src/parse_args.c:212 +#: src/parse_args.c:285 src/parse_args.c:630 src/parse_args.c:652 +#: src/parse_args.c:677 src/preserve_fds.c:46 src/preserve_fds.c:131 +#: src/selinux.c:89 src/selinux.c:369 src/selinux.c:489 src/selinux.c:498 +#: src/sesh.c:113 src/sesh.c:411 src/sudo.c:227 src/sudo.c:636 src/sudo.c:888 +#: src/sudo.c:1087 src/sudo.c:1108 src/sudo.c:1401 src/sudo.c:1570 +#: src/sudo.c:1797 src/sudo.c:2131 src/sudo_edit.c:89 src/sudo_edit.c:149 +#: src/sudo_edit.c:429 src/sudo_edit.c:438 src/sudo_edit.c:539 +#: src/sudo_edit.c:546 src/sudo_edit.c:677 src/sudo_edit.c:697 +#: src/sudo_intercept_common.c:113 src/sudo_intercept_common.c:317 msgid "unable to allocate memory" msgstr "bellek ayırma başarısız" -#: lib/util/mkdir_parents.c:69 lib/util/sudo_conf.c:614 src/selinux.c:234 -#: src/selinux.c:264 src/sudo.c:369 +#: lib/util/mkdir_parents.c:68 lib/util/sudo_conf.c:704 src/selinux.c:235 +#: src/selinux.c:265 src/sudo.c:368 src/sudo_edit.c:494 src/sudo_edit.c:559 #, c-format msgid "unable to open %s" msgstr "%s açılamıyor" -#: lib/util/mkdir_parents.c:84 +#: lib/util/mkdir_parents.c:83 #, c-format msgid "unable to mkdir %s" msgstr "mkdir %s için olanaksız" -#: lib/util/mkdir_parents.c:93 lib/util/sudo_conf.c:591 +#: lib/util/mkdir_parents.c:92 lib/util/sudo_conf.c:681 src/copy_file.c:150 #, c-format msgid "unable to stat %s" msgstr "%s durumlanamıyor" -#: lib/util/mkdir_parents.c:98 +#: lib/util/mkdir_parents.c:97 #, c-format msgid "%s exists but is not a directory (0%o)" msgstr "%s var ancak bir dizin değil (0%o)" @@ -122,7 +129,7 @@ msgstr "Bilinmeyen sinyal" #: lib/util/strtoid.c:87 lib/util/strtomode.c:52 lib/util/strtonum.c:148 -#: lib/util/strtonum.c:187 +#: lib/util/strtonum.c:187 src/sesh.c:146 src/sesh.c:159 msgid "invalid value" msgstr "geçersiz değer" @@ -134,110 +141,173 @@ msgid "value too small" msgstr "değer çok küçük" -#: lib/util/sudo_conf.c:205 +#: lib/util/sudo_conf.c:237 #, c-format msgid "invalid Path value \"%s\" in %s, line %u" msgstr "geçersiz Yol değeri %s içinde \"%s\", satır %u" -#: lib/util/sudo_conf.c:371 lib/util/sudo_conf.c:387 lib/util/sudo_conf.c:440 +#: lib/util/sudo_conf.c:403 lib/util/sudo_conf.c:419 lib/util/sudo_conf.c:472 #, c-format msgid "invalid value for %s \"%s\" in %s, line %u" msgstr "%s \"%s\" için geçersiz değer, %s içinde, satır %u" -#: lib/util/sudo_conf.c:408 +#: lib/util/sudo_conf.c:440 #, c-format msgid "unsupported group source \"%s\" in %s, line %u" msgstr "\"%s\" desteklenmeyen grup kaynağı, %s içinde, satır %u" -#: lib/util/sudo_conf.c:424 +#: lib/util/sudo_conf.c:456 #, c-format msgid "invalid max groups \"%s\" in %s, line %u" msgstr "`\"%s\" geçersiz azami grubu, %s içinde, satır %u" -#: lib/util/sudo_conf.c:594 +#: lib/util/sudo_conf.c:684 #, c-format msgid "%s is not a regular file" msgstr "%s düzenli bir dosya değil" -#: lib/util/sudo_conf.c:597 +#: lib/util/sudo_conf.c:687 src/copy_file.c:163 #, c-format msgid "%s is owned by uid %u, should be %u" msgstr "%s, %u kullanıcı kimliği tarafından sahiplenmiş, %u olmalı" -#: lib/util/sudo_conf.c:601 +#: lib/util/sudo_conf.c:691 #, c-format msgid "%s is world writable" msgstr "%s genel yazılabilir" -#: lib/util/sudo_conf.c:604 +#: lib/util/sudo_conf.c:694 #, c-format msgid "%s is group writable" msgstr "%s grup yazılabilir" -#: src/copy_file.c:91 +#: src/copy_file.c:93 #, c-format msgid "%s: truncate %s to zero bytes? (y/n) [n] " msgstr "%s: %s sıfır bayta indirilsin mi? (e/h) [h] " -#: src/copy_file.c:95 +#: src/copy_file.c:97 #, c-format msgid "not overwriting %s" msgstr "%s üzerine yazılmıyor" -#: src/copy_file.c:117 +#: src/copy_file.c:119 #, c-format msgid "unable to read from %s" msgstr "%s öğesinden okunamıyor" -#: src/copy_file.c:134 src/sudo_edit.c:695 +#: src/copy_file.c:136 src/sudo_edit.c:320 #, c-format msgid "unable to write to %s" msgstr "%s dosyasına yazılamıyor" -#: src/exec.c:128 +#: src/copy_file.c:154 src/sesh.c:218 src/sudo_edit.c:197 +#, c-format +msgid "%s: not a regular file" +msgstr "%s: düzenli bir dosya değil" + +#: src/copy_file.c:158 +#, c-format +msgid "%s: bad file mode: 0%o" +msgstr "%s: bozuk dosya modu: 0%o" + +#: src/edit_open.c:331 +msgid "unable to restore current working directory" +msgstr "geçerli çalışma klasörü geri yüklenemiyor" + +#: src/exec.c:130 #, c-format msgid "unknown login class %s" msgstr "bilinmeyen %s oturum sınıfı" -#: src/exec.c:140 +#: src/exec.c:142 msgid "unable to set user context" msgstr "kullanıcı bağlamı ayarlama başarısız" -#: src/exec.c:156 +#: src/exec.c:158 msgid "unable to set process priority" msgstr "süreç önceliği ayarlanamıyor" -#: src/exec.c:170 +#: src/exec.c:175 #, c-format msgid "unable to change root to %s" msgstr "kök %s olarak değiştirilemiyor" -#: src/exec.c:183 src/exec.c:189 src/exec.c:196 +#: src/exec.c:188 src/exec.c:194 src/exec.c:201 #, c-format msgid "unable to change to runas uid (%u, %u)" msgstr "runas uid (%u, %u) olarak değiştirilemiyor" -#: src/exec.c:214 +#: src/exec.c:219 #, c-format msgid "unable to change directory to %s" msgstr "%s dizinine değiştirilemiyor" -#: src/exec.c:218 +#: src/exec.c:223 #, c-format msgid "starting from %s" msgstr "%s'den başlayarak" -#: src/exec.c:300 src/exec_monitor.c:564 src/exec_monitor.c:566 -#: src/exec_nopty.c:531 src/exec_pty.c:568 src/exec_pty.c:1386 -#: src/exec_pty.c:1388 src/signal.c:139 src/signal.c:153 +#: src/exec.c:305 src/exec_monitor.c:565 src/exec_monitor.c:567 +#: src/exec_nopty.c:561 src/exec_pty.c:581 src/exec_pty.c:1411 +#: src/exec_pty.c:1413 src/signal.c:144 src/signal.c:151 src/signal.c:165 #, c-format msgid "unable to set handler for signal %d" msgstr "sinyal %d için işleyici ayarlanamıyor" -#: src/exec_common.c:165 +#: src/exec_common.c:56 msgid "unable to remove PRIV_PROC_EXEC from PRIV_LIMIT" msgstr "kaynak PRIV_LIMIT'dan PRIV_PROC_EXEC kaldırılamıyor" +#: src/exec_intercept.c:112 src/exec_intercept.c:116 src/exec_intercept.c:667 +#: src/exec_intercept.c:671 src/exec_intercept.c:857 src/exec_intercept.c:861 +#: src/exec_intercept.c:872 src/exec_intercept.c:876 src/exec_monitor.c:464 +#: src/exec_monitor.c:472 src/exec_monitor.c:480 src/exec_monitor.c:487 +#: src/exec_monitor.c:494 src/exec_monitor.c:501 src/exec_monitor.c:508 +#: src/exec_monitor.c:515 src/exec_monitor.c:522 src/exec_monitor.c:529 +#: src/exec_nopty.c:221 src/exec_nopty.c:230 src/exec_nopty.c:237 +#: src/exec_nopty.c:244 src/exec_nopty.c:251 src/exec_nopty.c:258 +#: src/exec_nopty.c:265 src/exec_nopty.c:272 src/exec_nopty.c:279 +#: src/exec_nopty.c:286 src/exec_nopty.c:293 src/exec_nopty.c:300 +#: src/exec_nopty.c:308 src/exec_pty.c:706 src/exec_pty.c:711 +#: src/exec_pty.c:808 src/exec_pty.c:815 src/exec_pty.c:912 +#: src/exec_pty.c:1233 src/exec_pty.c:1242 src/exec_pty.c:1249 +#: src/exec_pty.c:1256 src/exec_pty.c:1263 src/exec_pty.c:1270 +#: src/exec_pty.c:1277 src/exec_pty.c:1284 src/exec_pty.c:1291 +#: src/exec_pty.c:1298 src/exec_pty.c:1305 src/exec_pty.c:1727 +#: src/exec_pty.c:1737 src/exec_pty.c:1782 src/exec_pty.c:1789 +#: src/exec_pty.c:1816 +msgid "unable to add event to queue" +msgstr "olay kuyruğa eklenemedi" + +#: src/exec_intercept.c:314 +msgid "invalid PolicyCheckRequest" +msgstr "geçersiz PolicyCheckRequest" + +#: src/exec_intercept.c:362 src/sudo.c:1213 src/sudo.c:1258 src/sudo.c:1302 +msgid "command rejected by policy" +msgstr "komut politika tarafından reddedildi" + +#: src/exec_intercept.c:455 src/sudo.c:1218 src/sudo.c:1263 src/sudo.c:1307 +#: src/sudo.c:1381 +msgid "policy plugin error" +msgstr "politika eklentisi hatası" + +#: src/exec_intercept.c:561 +#, c-format +msgid "client request too large: %zu" +msgstr "iistemci isteği çok büyük: %zu" + +#: src/exec_intercept.c:659 +#, c-format +msgid "unexpected type_case value %d in %s from %s" +msgstr "type_case değeri %d %s içinde %s öğesinden beklenmeyen" + +#: src/exec_intercept.c:694 +#, c-format +msgid "server message too large: %zu" +msgstr "sunucu iletisi çok büyük: %zu" + #: src/exec_monitor.c:360 msgid "error reading from socketpair" msgstr "sockerpair'den okuma hatası" @@ -247,203 +317,180 @@ msgid "unexpected reply type on backchannel: %d" msgstr "backchannel'da beklenmeyen yanıt türü: %d" -#: src/exec_monitor.c:463 src/exec_monitor.c:471 src/exec_monitor.c:479 -#: src/exec_monitor.c:486 src/exec_monitor.c:493 src/exec_monitor.c:500 -#: src/exec_monitor.c:507 src/exec_monitor.c:514 src/exec_monitor.c:521 -#: src/exec_monitor.c:528 src/exec_nopty.c:214 src/exec_nopty.c:223 -#: src/exec_nopty.c:230 src/exec_nopty.c:237 src/exec_nopty.c:244 -#: src/exec_nopty.c:251 src/exec_nopty.c:258 src/exec_nopty.c:265 -#: src/exec_nopty.c:272 src/exec_nopty.c:279 src/exec_nopty.c:286 -#: src/exec_nopty.c:293 src/exec_nopty.c:301 src/exec_pty.c:693 -#: src/exec_pty.c:698 src/exec_pty.c:795 src/exec_pty.c:802 src/exec_pty.c:899 -#: src/exec_pty.c:1220 src/exec_pty.c:1229 src/exec_pty.c:1236 -#: src/exec_pty.c:1243 src/exec_pty.c:1250 src/exec_pty.c:1257 -#: src/exec_pty.c:1264 src/exec_pty.c:1271 src/exec_pty.c:1278 -#: src/exec_pty.c:1285 src/exec_pty.c:1292 src/exec_pty.c:1693 -#: src/exec_pty.c:1703 src/exec_pty.c:1748 src/exec_pty.c:1755 -#: src/exec_pty.c:1782 -msgid "unable to add event to queue" -msgstr "olay kuyruğa eklenemedi" - -#: src/exec_monitor.c:582 +#: src/exec_monitor.c:583 msgid "unable to set controlling tty" msgstr "tty denetleme ayarlaması başarısız" -#: src/exec_monitor.c:590 src/exec_nopty.c:358 src/exec_pty.c:1465 -#: src/exec_pty.c:1486 src/exec_pty.c:1506 src/tgetpass.c:306 +#: src/exec_monitor.c:591 src/exec_nopty.c:369 src/exec_pty.c:1490 +#: src/exec_pty.c:1511 src/exec_pty.c:1531 src/tgetpass.c:307 msgid "unable to create pipe" msgstr "iletişim tüneli oluşturulamıyor" -#: src/exec_monitor.c:598 +#: src/exec_monitor.c:601 msgid "unable to receive message from parent" msgstr "ebeveynden mesaj alamıyor" -#: src/exec_monitor.c:612 src/exec_nopty.c:387 src/exec_pty.c:1544 -#: src/sudo_edit.c:735 src/tgetpass.c:310 +#: src/exec_monitor.c:617 src/exec_nopty.c:407 src/exec_pty.c:1569 +#: src/sudo_edit.c:361 src/tgetpass.c:311 msgid "unable to fork" msgstr "çatallanamıyor" -#: src/exec_monitor.c:616 src/exec_monitor.c:715 src/exec_nopty.c:441 +#: src/exec_monitor.c:621 src/exec_monitor.c:722 src/exec_nopty.c:471 msgid "unable to restore tty label" msgstr "tty etiketi geri yüklenemiyor" -#: src/exec_monitor.c:632 src/sesh.c:125 src/sudo.c:1131 +#: src/exec_monitor.c:637 src/sesh.c:123 src/sudo.c:1164 #, c-format msgid "unable to execute %s" msgstr "%s çalıştırılamıyor" -#: src/exec_nopty.c:352 src/exec_pty.c:1395 +#: src/exec_nopty.c:363 src/exec_pty.c:1420 msgid "policy plugin failed session initialization" msgstr "oturum başlatma için ilke eklentisi başarısız" -#: src/exec_nopty.c:429 src/exec_pty.c:1632 +#: src/exec_nopty.c:377 src/exec_pty.c:1391 src/exec_pty.c:1399 +msgid "unable to create sockets" +msgstr "soket oluşturulamıyor" + +#: src/exec_nopty.c:459 src/exec_pty.c:1666 msgid "error in event loop" msgstr "olay döngüsünde hata" -#: src/exec_nopty.c:539 src/exec_pty.c:606 src/signal.c:101 +#: src/exec_nopty.c:569 src/exec_pty.c:619 src/signal.c:101 #, c-format msgid "unable to restore handler for signal %d" msgstr "sinyal %d için işleyici geri yüklenemiyor" -#: src/exec_pty.c:152 +#: src/exec_pty.c:158 msgid "unable to allocate pty" msgstr "pty ayırma başarısız" -#: src/exec_pty.c:216 src/exec_pty.c:255 src/exec_pty.c:294 src/exec_pty.c:344 -#: src/exec_pty.c:394 +#: src/exec_pty.c:222 src/exec_pty.c:262 src/exec_pty.c:302 src/exec_pty.c:353 +#: src/exec_pty.c:404 msgid "I/O plugin error" msgstr "G/Ç eklenti hatası" -#: src/exec_pty.c:219 src/exec_pty.c:258 src/exec_pty.c:297 src/exec_pty.c:347 -#: src/exec_pty.c:397 +#: src/exec_pty.c:226 src/exec_pty.c:266 src/exec_pty.c:306 src/exec_pty.c:357 +#: src/exec_pty.c:408 msgid "command rejected by I/O plugin" msgstr "komut G/Ç eklentisi tarafından reddedildi" -#: src/exec_pty.c:444 +#: src/exec_pty.c:455 msgid "error logging suspend" msgstr "günlüğü askıya alma hatası" -#: src/exec_pty.c:477 +#: src/exec_pty.c:489 msgid "error changing window size" msgstr "pencere boyutunu değiştirme hatası" -#: src/exec_pty.c:1375 -msgid "unable to create sockets" -msgstr "soket oluşturulamıyor" - -#: src/exec_pty.c:1587 +#: src/exec_pty.c:1615 msgid "unable to send message to monitor process" msgstr "süreci izlemek için mesaj gönderilemiyor" -#: src/load_plugins.c:50 src/load_plugins.c:63 src/load_plugins.c:85 -#: src/load_plugins.c:115 src/load_plugins.c:129 src/load_plugins.c:135 -#: src/load_plugins.c:287 src/load_plugins.c:297 src/load_plugins.c:307 -#: src/load_plugins.c:354 +#: src/load_plugins.c:108 src/load_plugins.c:122 src/load_plugins.c:128 +#: src/load_plugins.c:277 src/load_plugins.c:287 src/load_plugins.c:297 +#: src/load_plugins.c:344 #, c-format msgid "error in %s, line %d while loading plugin \"%s\"" msgstr "\"%s\" eklentisi yüklenirken satır %d, %s içerisinde hata" -#: src/load_plugins.c:87 -#, c-format -msgid "%s%s: %s" -msgstr "%s%s: %s" - -#: src/load_plugins.c:131 +#: src/load_plugins.c:124 #, c-format msgid "%s must be owned by uid %d" msgstr "%s, %d kullanıcı kimliği tarafından sahiplenmeli" -#: src/load_plugins.c:137 +#: src/load_plugins.c:130 #, c-format msgid "%s must be only be writable by owner" msgstr "%s sadece sahibi tarafından yazılabilir olmalı" -#: src/load_plugins.c:247 src/load_plugins.c:322 +#: src/load_plugins.c:241 src/load_plugins.c:312 #, c-format msgid "ignoring duplicate plugin \"%s\" in %s, line %d" msgstr "%s içinde \"%s\" yinelenen eklentisini yok sayılıyor, %d satırı" -#: src/load_plugins.c:289 +#: src/load_plugins.c:279 #, c-format msgid "unable to load %s: %s" msgstr "%s yüklenemedi: %s" -#: src/load_plugins.c:299 +#: src/load_plugins.c:289 #, c-format msgid "unable to find symbol \"%s\" in %s" msgstr "%s içerisinde \"%s\" sembolü bulunamıyor" -#: src/load_plugins.c:309 +#: src/load_plugins.c:299 #, c-format msgid "incompatible plugin major version %d (expected %d) found in %s" msgstr "uyumsuz temel ilke sürümü %d bulundu (beklenen %d) %s içerisinde" -#: src/load_plugins.c:327 +#: src/load_plugins.c:317 #, c-format msgid "ignoring policy plugin \"%s\" in %s, line %d" msgstr "\"%s\" ilke eklentisi ihmal ediliyor, %s içinde, satır %d" -#: src/load_plugins.c:330 +#: src/load_plugins.c:320 msgid "only a single policy plugin may be specified" msgstr "sadece tek ilke eklentisi belirtilebilir" -#: src/load_plugins.c:356 +#: src/load_plugins.c:346 #, c-format msgid "unknown plugin type %d found in %s" msgstr "bilinmeyen eklenti türü %d %s içinde bulundu" -#: src/load_plugins.c:552 +#: src/load_plugins.c:529 #, c-format msgid "policy plugin %s does not include a check_policy method" msgstr "%s ilke eklentisi, bir check_policy yöntemi içermiyor" -#: src/net_ifs.c:178 src/net_ifs.c:195 src/net_ifs.c:340 src/sudo.c:479 +#: src/net_ifs.c:210 src/net_ifs.c:376 src/net_ifs.c:437 src/net_ifs.c:624 +#: src/net_ifs.c:855 src/sudo.c:483 src/sudo_edit.c:398 src/sudo_edit.c:406 #, c-format msgid "internal error, %s overflow" msgstr "dahili hata, %s taşması" -#: src/parse_args.c:223 +#: src/parse_args.c:232 #, c-format msgid "invalid environment variable name: %s" msgstr "geçersiz çevre değişken adı: %s" -#: src/parse_args.c:325 +#: src/parse_args.c:335 msgid "the argument to -C must be a number greater than or equal to 3" msgstr "-C argümanı 3 veya daha büyük bir sayı olmalıdır" -#: src/parse_args.c:552 +#: src/parse_args.c:566 msgid "you may not specify both the -i and -s options" msgstr "-i ve -s seçeneklerini aynı anda belirtemezsiniz" -#: src/parse_args.c:557 +#: src/parse_args.c:571 msgid "you may not specify both the -i and -E options" msgstr "-i ve -E seçeneklerini aynı anda belirtemezsiniz" -#: src/parse_args.c:567 +#: src/parse_args.c:581 msgid "the -E option is not valid in edit mode" msgstr "düzenleme kipinde -E seçeneği geçerli değil" -#: src/parse_args.c:570 +#: src/parse_args.c:584 msgid "you may not specify environment variables in edit mode" msgstr "düzenleme kipinde ortam değişkenlerini belirtemezsiniz" -#: src/parse_args.c:580 +#: src/parse_args.c:594 msgid "the -U option may only be used with the -l option" msgstr "-U seçeneği sadece -l seçeneği ile kullanılabilir" -#: src/parse_args.c:584 +#: src/parse_args.c:598 msgid "the -A and -S options may not be used together" msgstr "-A ve -S seçenekleri birlikte kullanılamaz" -#: src/parse_args.c:677 +#: src/parse_args.c:691 msgid "sudoedit is not supported on this platform" msgstr "sudoedit bu platformda desteklenmiyor" -#: src/parse_args.c:759 +#: src/parse_args.c:774 msgid "Only one of the -e, -h, -i, -K, -l, -s, -v or -V options may be specified" msgstr "-e, -h, -i, -K, -l, -s, -v veya -V seçeneklerinden sadece biri belirtilebilir" -#: src/parse_args.c:773 +#: src/parse_args.c:790 #, c-format msgid "" "%s - edit files as another user\n" @@ -452,7 +499,7 @@ "%s - dosyaları farklı kullanıcı olarak düzenle\n" "\n" -#: src/parse_args.c:775 +#: src/parse_args.c:792 #, c-format msgid "" "%s - execute a command as another user\n" @@ -461,7 +508,7 @@ "%s - bir komutu farklı kullanıcı olarak çalıştır\n" "\n" -#: src/parse_args.c:780 +#: src/parse_args.c:798 msgid "" "\n" "Options:\n" @@ -469,225 +516,215 @@ "\n" "Seçenekler:\n" -#: src/parse_args.c:782 +#: src/parse_args.c:800 msgid "use a helper program for password prompting" msgstr "parola sorgulaması için bir yardımcı program kullan" -#: src/parse_args.c:785 +#: src/parse_args.c:803 msgid "use specified BSD authentication type" msgstr "belirtilen BSD kimlik doğrulama türünü kullan" -#: src/parse_args.c:788 +#: src/parse_args.c:807 msgid "run command in the background" msgstr "arkaalanda komutu çalıştır" -#: src/parse_args.c:790 +#: src/parse_args.c:810 msgid "ring bell when prompting" msgstr "istendiğinde zili çal" -#: src/parse_args.c:792 +#: src/parse_args.c:812 msgid "close all file descriptors >= num" msgstr ">= sayı olan tüm dosya tanımlayıcılarını kapat" -#: src/parse_args.c:795 +#: src/parse_args.c:815 msgid "run command with the specified BSD login class" msgstr "komutu belirtilen BSD oturum sınıfı ile çalıştır" -#: src/parse_args.c:798 +#: src/parse_args.c:818 msgid "change the working directory before running command" msgstr "komutu çalıştırmadan önce çalışma dizinini değiştirin" -#: src/parse_args.c:800 +#: src/parse_args.c:821 msgid "preserve user environment when running command" msgstr "komut çalıştırılırken kullanıcı ortamını koru" -#: src/parse_args.c:802 +#: src/parse_args.c:823 msgid "preserve specific environment variables" msgstr "özel çevre değişkenlerini koru" -#: src/parse_args.c:804 +#: src/parse_args.c:825 msgid "edit files instead of running a command" msgstr "komut çalıştırmak yerine dosyaları düzenleyiniz" -#: src/parse_args.c:806 +#: src/parse_args.c:828 msgid "run command as the specified group name or ID" msgstr "grup adı veya ID olarak tanımlanan komutu çalıştır" -#: src/parse_args.c:808 +#: src/parse_args.c:831 msgid "set HOME variable to target user's home dir" msgstr "kullanıcının HOME değişkenini ana dizinini hedefleyecek şekilde ayarlama" -#: src/parse_args.c:810 +#: src/parse_args.c:834 msgid "display help message and exit" msgstr "yardım mesajını görüntüle ve çık" -#: src/parse_args.c:812 +#: src/parse_args.c:836 msgid "run command on host (if supported by plugin)" msgstr "komutunuzu hostta çalıştırın (eğer plugin tarafından destekleniyorsa)" -#: src/parse_args.c:814 +#: src/parse_args.c:839 msgid "run login shell as the target user; a command may also be specified" msgstr "oturum kabuğunu hedef kullanıcı olarak çalıştır; bir komut da belirtilebilir" -#: src/parse_args.c:816 +#: src/parse_args.c:841 msgid "remove timestamp file completely" msgstr "zaman damgası dosyasını kalıcı olarak kaldır" -#: src/parse_args.c:818 +#: src/parse_args.c:844 msgid "invalidate timestamp file" msgstr "zaman damgası dosyasının geçerliliğini kaldır" -#: src/parse_args.c:820 +#: src/parse_args.c:847 msgid "list user's privileges or check a specific command; use twice for longer format" msgstr "kullanıcı yetkilerini listele veya özel bir komut denetle; daha uzun biçim için iki kez kullanın" -#: src/parse_args.c:822 +#: src/parse_args.c:850 msgid "non-interactive mode, no prompts are used" msgstr "etkileşimsiz kip, sorgu yapılmaz" -#: src/parse_args.c:824 +#: src/parse_args.c:853 msgid "preserve group vector instead of setting to target's" msgstr "hedefe atamak yerine grup vektörünü koru" -#: src/parse_args.c:826 +#: src/parse_args.c:856 msgid "use the specified password prompt" msgstr "belirtilen parola sorgusunu kullan" -#: src/parse_args.c:828 +#: src/parse_args.c:858 msgid "change the root directory before running command" msgstr "komutu çalıştırmadan önce kök dizini değiştirin" -#: src/parse_args.c:831 +#: src/parse_args.c:861 msgid "create SELinux security context with specified role" msgstr "belirtilen rolle SELinux güvenlik bağlamı oluşturma" -#: src/parse_args.c:834 +#: src/parse_args.c:864 msgid "read password from standard input" msgstr "standart girdiden şifreyi okuyun" -#: src/parse_args.c:836 +#: src/parse_args.c:867 msgid "run shell as the target user; a command may also be specified" msgstr "kabuğu hedef kullanıcı olarak çalıştır; bir komut da belirtilebilir" -#: src/parse_args.c:839 +#: src/parse_args.c:871 msgid "create SELinux security context with specified type" msgstr "belirtilen türde SELinux güvenlik bağlamı oluşturma" -#: src/parse_args.c:842 +#: src/parse_args.c:874 msgid "terminate command after the specified time limit" msgstr "belirtilen süre sonunda komutu sonlandır" -#: src/parse_args.c:844 +#: src/parse_args.c:877 msgid "in list mode, display privileges for user" msgstr "liste modunda, kullanıcıların ayrıcalıklarını görüntüle" -#: src/parse_args.c:846 +#: src/parse_args.c:880 msgid "run command (or edit file) as specified user name or ID" msgstr "belirtilen kullanıcı adı veya ID ile komutu çalıştırın (veya dosyayı düzenleyin)" -#: src/parse_args.c:848 +#: src/parse_args.c:882 msgid "display version information and exit" msgstr "sürüm bilgisini göster ve çık" -#: src/parse_args.c:850 +#: src/parse_args.c:885 msgid "update user's timestamp without running a command" msgstr "kullanıcı zaman damgasını bir komut çalıştırmadan güncelle" -#: src/parse_args.c:852 +#: src/parse_args.c:888 msgid "stop processing command line arguments" msgstr "komut satırı argümanlarını işlemeyi durdur" -#: src/selinux.c:84 +#: src/selinux.c:83 msgid "unable to open audit system" msgstr "denetim sistemi açılamıyor" -#: src/selinux.c:94 +#: src/selinux.c:93 msgid "unable to send audit message" msgstr "denetim iletisi gönderilemiyor" -#: src/selinux.c:128 +#: src/selinux.c:129 #, c-format msgid "unable to fgetfilecon %s" msgstr "fgetfilecon %s yapılamıyor" -#: src/selinux.c:133 +#: src/selinux.c:134 #, c-format msgid "%s changed labels" msgstr "%s değişmiş etiket" -#: src/selinux.c:141 +#: src/selinux.c:142 #, c-format msgid "unable to restore context for %s" msgstr "%s için bağlam geri yüklenemiyor" -#: src/selinux.c:189 +#: src/selinux.c:190 #, c-format msgid "unable to open %s, not relabeling tty" msgstr "%s açılamadı, tty yeniden etiketlenemiyor" -#: src/selinux.c:193 src/selinux.c:238 src/selinux.c:268 +#: src/selinux.c:194 src/selinux.c:239 src/selinux.c:269 #, c-format msgid "%s is not a character device, not relabeling tty" msgstr "%s bir karakter aygıtı değildir, tty yeniden etiketlenemiyor" -#: src/selinux.c:202 +#: src/selinux.c:203 msgid "unable to get current tty context, not relabeling tty" msgstr "geçerli tty bağlamı alınamadı, tty yeniden etiketlenemiyor" -#: src/selinux.c:209 +#: src/selinux.c:210 msgid "unknown security class \"chr_file\", not relabeling tty" msgstr "bilinmeyen güvenlik sınıfı \"chr_file\", tty yeniden etiketlenemiyor" -#: src/selinux.c:214 +#: src/selinux.c:215 msgid "unable to get new tty context, not relabeling tty" msgstr "yeni tty bağlamı alınamadı, tty yeniden etiketlenemiyor" -#: src/selinux.c:223 +#: src/selinux.c:224 msgid "unable to set new tty context" msgstr "yeni tty bağlamı alınamıyor" -#: src/selinux.c:321 -#, c-format -msgid "you must specify a role for type %s" -msgstr "%s türü için bir görev belirtmelisiniz" - #: src/selinux.c:327 +msgid "failed to get new context" +msgstr "yeni bağlam alınamadı" + +#: src/selinux.c:345 #, c-format msgid "unable to get default type for role %s" msgstr "%s görevi için öntanımlı tür alınamıyor" -#: src/selinux.c:339 -msgid "failed to get new context" -msgstr "yeni bağlam alınamadı" - -#: src/selinux.c:348 +#: src/selinux.c:357 #, c-format msgid "failed to set new role %s" msgstr "%s yeni görevi atanamadı" -#: src/selinux.c:352 +#: src/selinux.c:361 #, c-format msgid "failed to set new type %s" msgstr "yeni tür %s atanamadı" -#: src/selinux.c:364 +#: src/selinux.c:373 #, c-format msgid "%s is not a valid context" msgstr "%s geçerli bir bağlam değil" -#: src/selinux.c:396 +#: src/selinux.c:402 msgid "failed to get old context" msgstr "eski bağlam alınamadı" -#: src/selinux.c:402 +#: src/selinux.c:408 msgid "unable to determine enforcing mode." msgstr "zorlama kipini belirleme başarısız." -#: src/selinux.c:419 -#, c-format -msgid "unable to set tty context to %s" -msgstr "tty bağlamı %s olarak ayarlanamadı" - #: src/selinux.c:440 #, c-format msgid "unable to set exec context to %s" @@ -698,20 +735,40 @@ msgid "unable to set key creation context to %s" msgstr "%s için anahtar oluşturma bağlamı ayarlanamıyor" -#: src/sesh.c:77 +#: src/sesh.c:72 msgid "requires at least one argument" msgstr "en az bir argüman gerektirir" -#: src/sesh.c:106 +#: src/sesh.c:104 #, c-format msgid "invalid file descriptor number: %s" msgstr "geçersiz dosya tanımlayıcı sayısı: %s" -#: src/sesh.c:120 +#: src/sesh.c:118 #, c-format msgid "unable to run %s as a login shell" msgstr "bir oturum açma kabuğu gibi %s çalıştırılamıyor" +#: src/sesh.c:200 src/sesh.c:300 src/sudo_edit.c:204 +#, c-format +msgid "%s: editing symbolic links is not permitted" +msgstr "%s: sembolik bağlantı düzenlemesine izin verilmemiştir" + +#: src/sesh.c:203 src/sesh.c:303 src/sudo_edit.c:207 +#, c-format +msgid "%s: editing files in a writable directory is not permitted" +msgstr "%s: yazılabilir klasördeki düzenleme dosyalarına izin verilmemiştir" + +#: src/sesh.c:287 src/sesh.c:308 src/sesh.c:317 src/sesh.c:325 +#: src/sudo_edit.c:331 +#, c-format +msgid "contents of edit session left in %s" +msgstr "düzenleme oturumu içerikleri %s içinde bırakıldı" + +#: src/sesh.c:416 src/sudo_edit.c:94 +msgid "unable to get group list" +msgstr "grup listesi alınamıyor" + #: src/signal.c:79 #, c-format msgid "unable to save handler for signal %d" @@ -760,203 +817,198 @@ msgid "warning, resource control assignment failed for project \"%s\"" msgstr "uyarı, \"%s\" projesi için kaynak denetim ataması başarısız" -#: src/sudo.c:220 +#: src/sudo.c:213 #, c-format msgid "Sudo version %s\n" msgstr "Sudo sürüm %s\n" -#: src/sudo.c:222 +#: src/sudo.c:215 #, c-format msgid "Configure options: %s\n" msgstr "Yapılandırma seçenekleri: %s\n" -#: src/sudo.c:231 +#: src/sudo.c:223 msgid "fatal error, unable to load plugins" msgstr "ölümcül hata, eklentiler yüklenemiyor" -#: src/sudo.c:277 +#: src/sudo.c:269 msgid "plugin did not return a command to execute" msgstr "eklenti çalıştırmak için bir komut döndürmedi" -#: src/sudo.c:312 +#: src/sudo.c:302 #, c-format msgid "unexpected sudo mode 0x%x" msgstr "beklenmeyen 0x%x sudo kipi" -#: src/sudo.c:546 +#: src/sudo.c:550 #, c-format msgid "you do not exist in the %s database" msgstr "sen %s veritabanında yoksun" -#: src/sudo.c:603 +#: src/sudo.c:607 msgid "unable to determine tty" msgstr "tty belirlenemiyor" -#: src/sudo.c:913 +#: src/sudo.c:948 #, c-format msgid "%s must be owned by uid %d and have the setuid bit set" msgstr "%s, %d kullanıcı kimliği tarafından sahiplenmeli ve setuid biti ayarlanmış olmalı" -#: src/sudo.c:916 +#: src/sudo.c:951 #, c-format msgid "effective uid is not %d, is %s on a file system with the 'nosuid' option set or an NFS file system without root privileges?" msgstr "etkin kullanıcı kimliği %d değil, %s 'nosuid' seçeneği ayarlanmış bir dosya sisteminde veya yetkisiz haklara sahip bir NFS dosya sisteminde mi?" -#: src/sudo.c:922 +#: src/sudo.c:957 #, c-format msgid "effective uid is not %d, is sudo installed setuid root?" msgstr "etkin kullanıcı kimliği %d değil, sudo setuid root ile mi yüklendi?" -#: src/sudo.c:938 +#: src/sudo.c:973 src/tgetpass.c:333 msgid "unable to set supplementary group IDs" msgstr "ek grup kimlikleri ayarlanamıyor" -#: src/sudo.c:945 +#: src/sudo.c:980 #, c-format msgid "unable to set effective gid to runas gid %u" msgstr "etkin grup kimliği, runas gid %u olarak ayarlanamıyor" -#: src/sudo.c:951 +#: src/sudo.c:986 #, c-format msgid "unable to set gid to runas gid %u" msgstr "grup kimliği, runas gid %u olarak ayarlanamıyor" -#: src/sudo.c:994 +#: src/sudo.c:1029 #, c-format msgid "unexpected child termination condition: %d" msgstr "beklenmeyen alt sonlandırma şartı: %d" -#: src/sudo.c:1103 +#: src/sudo.c:1136 msgid "unable to initialize policy plugin" msgstr "ilke eklentisi başlatılamıyor" -#: src/sudo.c:1166 +#: src/sudo.c:1198 #, c-format msgid "policy plugin %s is missing the \"check_policy\" method" msgstr "%s ilke eklentisi, bir \"check_policy\" yöntemi içermiyor" -#: src/sudo.c:1181 src/sudo.c:1234 src/sudo.c:1278 -msgid "command rejected by policy" -msgstr "komut politika tarafından reddedildi" - -#: src/sudo.c:1186 src/sudo.c:1239 src/sudo.c:1283 -msgid "policy plugin error" -msgstr "politika eklentisi hatası" - -#: src/sudo.c:1220 +#: src/sudo.c:1244 #, c-format msgid "policy plugin %s does not support listing privileges" msgstr "%s ilke eklentisi listeleme yetkilerini desteklemiyor" -#: src/sudo.c:1264 +#: src/sudo.c:1288 #, c-format msgid "policy plugin %s does not support the -v option" msgstr "%s ilke eklentisi -v seçeneğini desteklemiyor" -#: src/sudo.c:1302 +#: src/sudo.c:1326 #, c-format msgid "policy plugin %s does not support the -k/-K options" msgstr "%s ilke eklentisi -k/-K seçeneklerini desteklemiyor" -#: src/sudo.c:1431 +#: src/sudo.c:1455 #, c-format msgid "error initializing I/O plugin %s" msgstr "başlatma hatası G/Ç eklentisi %s" -#: src/sudo.c:1585 +#: src/sudo.c:1458 +msgid "error initializing I/O plugin" +msgstr "eklenti I/O başlatırken hata oluştu" + +#: src/sudo.c:1607 #, c-format msgid "error initializing audit plugin %s" msgstr "başlatma hatası I/O eklentisi %s" -#: src/sudo.c:1763 +#: src/sudo.c:1686 +#, c-format +msgid "%s: unable to log error event%s%s" +msgstr "%s: hata etkinlik kaydı yüklenemiyor%s%s" + +#: src/sudo.c:1722 +#, c-format +msgid "%s: unable to log accept event%s%s" +msgstr "%s: kabul etkinlik kaydı yüklenemiyor%s%s" + +#: src/sudo.c:1727 src/sudo.c:1765 +msgid "audit plugin error" +msgstr "denetim eklentisi hatası" + +#: src/sudo.c:1760 +#, c-format +msgid "%s: unable to log reject event%s%s" +msgstr "%s: reddetme etkinlik kaydı yüklenemiyor%s%s" + +#: src/sudo.c:1820 #, c-format msgid "error initializing approval plugin %s" msgstr "onay eklentisini %s başlatma hatası" -#: src/sudo.c:1839 +#: src/sudo.c:1890 msgid "command rejected by approver" msgstr "onaylayan tarafından komut reddedildi" -#: src/sudo.c:1848 +#: src/sudo.c:1900 msgid "approval plugin error" msgstr "onay eklentisi hatası" -#: src/sudo_edit.c:226 +#: src/sudo_edit.c:113 msgid "no writable temporary directory found" msgstr "yazılabilir geçici dizin bulunamadı" -#: src/sudo_edit.c:351 -msgid "unable to restore current working directory" -msgstr "geçerli çalışma klasörü geri yüklenemiyor" - -#: src/sudo_edit.c:566 src/sudo_edit.c:666 -#, c-format -msgid "%s: not a regular file" -msgstr "%s: düzenli bir dosya değil" - -#: src/sudo_edit.c:573 -#, c-format -msgid "%s: editing symbolic links is not permitted" -msgstr "%s: sembolik bağlantı düzenlemesine izin verilmemiştir" - -#: src/sudo_edit.c:576 -#, c-format -msgid "%s: editing files in a writable directory is not permitted" -msgstr "%s: yazılabilir klasördeki düzenleme dosyalarına izin verilmemiştir" - -#: src/sudo_edit.c:667 +#: src/sudo_edit.c:291 #, c-format msgid "%s left unmodified" msgstr "%s düzenlenmemiş olarak bırakıldı" -#: src/sudo_edit.c:680 src/sudo_edit.c:871 +#: src/sudo_edit.c:304 src/sudo_edit.c:571 #, c-format msgid "%s unchanged" msgstr "%s değiştirilmemiş" -#: src/sudo_edit.c:706 src/sudo_edit.c:909 -#, c-format -msgid "contents of edit session left in %s" -msgstr "düzenleme oturumu içerikleri %s içinde bırakıldı" - -#: src/sudo_edit.c:814 +#: src/sudo_edit.c:481 msgid "sesh: internal error: odd number of paths" msgstr "sesh: iç hata: yolların tek sayısı" -#: src/sudo_edit.c:816 +#: src/sudo_edit.c:483 msgid "sesh: unable to create temporary files" msgstr "sesh: geçici dosyalar oluşturulamıyor" -#: src/sudo_edit.c:818 src/sudo_edit.c:902 +#: src/sudo_edit.c:485 src/sudo_edit.c:609 msgid "sesh: killed by a signal" msgstr "sesh: bir sinyal tarafından ortadan kaldırıldı" -#: src/sudo_edit.c:820 src/sudo_edit.c:905 +#: src/sudo_edit.c:487 src/sudo_edit.c:612 #, c-format msgid "sesh: unknown error %d" msgstr "sesh: bilinmeyen hata %d" -#: src/sudo_edit.c:895 +#: src/sudo_edit.c:602 msgid "unable to copy temporary files back to their original location" msgstr "geçici dosyalar onların özgün konumlarına kopyalanamıyor" -#: src/sudo_edit.c:899 +#: src/sudo_edit.c:606 msgid "unable to copy some of the temporary files back to their original location" msgstr "bazı geçici dosyalar onların özgün konumlarına kopyalanamıyor" -#: src/sudo_edit.c:943 +#: src/sudo_edit.c:649 #, c-format msgid "unable to change uid to root (%u)" msgstr "kullanıcı kimliği yetkili (%u) olarak değiştirilemiyor" -#: src/sudo_edit.c:960 +#: src/sudo_edit.c:670 msgid "plugin error: missing file list for sudoedit" msgstr "eklenti hatası: sudoedit için eksik dosya listesi" -#: src/sudo_edit.c:1011 src/sudo_edit.c:1024 +#: src/sudo_edit.c:713 src/sudo_edit.c:727 msgid "unable to read the clock" msgstr "saat okunamıyor" +#: src/sudo_intercept_common.c:341 +msgid "intercept port not set" +msgstr "kesme bağlantı portu ayarlı değil" + #: src/tgetpass.c:95 msgid "timed out reading password" msgstr "şifre okuma zaman aşımına uğradı" @@ -977,33 +1029,51 @@ msgid "no askpass program specified, try setting SUDO_ASKPASS" msgstr "askpass programı belirtilmemiş, SUDO_ASKPASS ayarlamayı deneyin" -#: src/tgetpass.c:327 +#: src/tgetpass.c:328 #, c-format msgid "unable to set gid to %u" msgstr "grup kimliği %u olarak ayarlanamıyor" -#: src/tgetpass.c:331 +#: src/tgetpass.c:338 #, c-format msgid "unable to set uid to %u" msgstr "kullanıcı kimliği %u olarak ayarlanamıyor" -#: src/tgetpass.c:336 +#: src/tgetpass.c:343 #, c-format msgid "unable to run %s" msgstr "%s çalıştırılamıyor" -#: src/utmp.c:287 +#: src/utmp.c:288 msgid "unable to save stdin" msgstr "stdin kaydedilemiyor" -#: src/utmp.c:289 +#: src/utmp.c:290 msgid "unable to dup2 stdin" msgstr "dup2 stdin yapılamıyor" -#: src/utmp.c:292 +#: src/utmp.c:293 msgid "unable to restore stdin" msgstr "stdin geri yüklenemiyor" +#~ msgid "unable to dup intercept fd" +#~ msgstr "dup fd'yi engelleyemiyor" + +#~ msgid "%s: missing message header" +#~ msgstr "%s: ileti üstbilgisi eksik" + +#~ msgid "%s: expected message type %d, got %d" +#~ msgstr "%s: %d beklenen ileti türü, %d alındı" + +#~ msgid "you must specify a role for type %s" +#~ msgstr "%s türü için bir görev belirtmelisiniz" + +#~ msgid "unable to set tty context to %s" +#~ msgstr "tty bağlamı %s olarak ayarlanamadı" + +#~ msgid "%s%s: %s" +#~ msgstr "%s%s: %s" + #~ msgid "%s: short write" #~ msgstr "%s: kısa yazım" @@ -1016,9 +1086,6 @@ #~ msgid "no tty present and no askpass program specified" #~ msgstr "tty bulunmuyor ve askpass programı belirtilmemiş" -#~ msgid "unable to get group vector" -#~ msgstr "grup vektörü alınamıyor" - #~ msgid "unknown uid %u: who are you?" #~ msgstr "bilinmeyen kullanıcı kimliği %u: kimsiniz?" Binary files /tmp/tmpi0rdlgnl/ugezXHF7Xt/sudo-1.9.5p2/po/uk.mo and /tmp/tmpi0rdlgnl/jboyaHmwzR/sudo-1.9.9/po/uk.mo differ diff -Nru sudo-1.9.5p2/po/uk.po sudo-1.9.9/po/uk.po --- sudo-1.9.5p2/po/uk.po 2020-12-17 01:33:44.000000000 +0000 +++ sudo-1.9.9/po/uk.po 2022-01-27 21:24:22.000000000 +0000 @@ -1,13 +1,13 @@ # Ukrainian translation for sudo. # This file is put in the public domain. # -# Yuri Chornoivan , 2011, 2012, 2013, 2014, 2015, 2016, 2017, 2018, 2019, 2020. +# Yuri Chornoivan , 2011, 2012, 2013, 2014, 2015, 2016, 2017, 2018, 2019, 2020, 2021. msgid "" msgstr "" -"Project-Id-Version: sudo 1.9.3b1\n" +"Project-Id-Version: sudo 1.9.9b1\n" "Report-Msgid-Bugs-To: https://bugzilla.sudo.ws\n" -"POT-Creation-Date: 2020-09-12 08:28-0600\n" -"PO-Revision-Date: 2020-09-14 11:44+0300\n" +"POT-Creation-Date: 2021-12-08 10:19-0700\n" +"PO-Revision-Date: 2021-12-10 17:16+0200\n" "Last-Translator: Yuri Chornoivan \n" "Language-Team: Ukrainian \n" "Language: uk\n" @@ -15,7 +15,7 @@ "Content-Type: text/plain; charset=UTF-8\n" "Content-Transfer-Encoding: 8bit\n" "X-Bugs: Report translation errors to the Language-Team address.\n" -"X-Generator: Lokalize 20.03.70\n" +"X-Generator: Lokalize 20.12.0\n" "Plural-Forms: nplurals=1; plural=0;\n" #: lib/util/aix.c:89 lib/util/aix.c:169 @@ -32,87 +32,94 @@ msgstr "не вдалося відновити регістр" #: lib/util/aix.c:272 lib/util/gidlist.c:66 lib/util/gidlist.c:76 -#: lib/util/json.c:54 lib/util/json.c:180 lib/util/sudo_conf.c:186 -#: lib/util/sudo_conf.c:272 lib/util/sudo_conf.c:349 lib/util/sudo_conf.c:575 -#: src/conversation.c:80 src/exec_common.c:106 src/exec_common.c:122 -#: src/exec_common.c:131 src/exec_monitor.c:206 src/exec_monitor.c:455 -#: src/exec_monitor.c:461 src/exec_monitor.c:469 src/exec_monitor.c:477 -#: src/exec_monitor.c:484 src/exec_monitor.c:491 src/exec_monitor.c:498 -#: src/exec_monitor.c:505 src/exec_monitor.c:512 src/exec_monitor.c:519 -#: src/exec_monitor.c:526 src/exec_nopty.c:212 src/exec_nopty.c:221 -#: src/exec_nopty.c:228 src/exec_nopty.c:235 src/exec_nopty.c:242 -#: src/exec_nopty.c:249 src/exec_nopty.c:256 src/exec_nopty.c:263 -#: src/exec_nopty.c:270 src/exec_nopty.c:277 src/exec_nopty.c:284 -#: src/exec_nopty.c:291 src/exec_nopty.c:299 src/exec_nopty.c:473 -#: src/exec_pty.c:827 src/exec_pty.c:836 src/exec_pty.c:893 -#: src/exec_pty.c:1046 src/exec_pty.c:1218 src/exec_pty.c:1227 -#: src/exec_pty.c:1234 src/exec_pty.c:1241 src/exec_pty.c:1248 -#: src/exec_pty.c:1255 src/exec_pty.c:1262 src/exec_pty.c:1269 -#: src/exec_pty.c:1276 src/exec_pty.c:1283 src/exec_pty.c:1290 -#: src/exec_pty.c:1298 src/exec_pty.c:1740 src/load_plugins.c:52 -#: src/load_plugins.c:65 src/load_plugins.c:163 src/load_plugins.c:188 -#: src/load_plugins.c:223 src/load_plugins.c:463 src/load_plugins.c:469 -#: src/parse_args.c:181 src/parse_args.c:202 src/parse_args.c:275 -#: src/parse_args.c:616 src/parse_args.c:638 src/parse_args.c:663 -#: src/preserve_fds.c:46 src/preserve_fds.c:131 src/selinux.c:90 -#: src/selinux.c:360 src/selinux.c:489 src/selinux.c:498 src/sesh.c:115 -#: src/sudo.c:632 src/sudo.c:701 src/sudo.c:711 src/sudo.c:732 src/sudo.c:751 -#: src/sudo.c:760 src/sudo.c:769 src/sudo.c:786 src/sudo.c:828 src/sudo.c:838 -#: src/sudo.c:867 src/sudo.c:1053 src/sudo.c:1075 src/sudo.c:1373 -#: src/sudo.c:1546 src/sudo.c:1740 src/sudo.c:2084 src/sudo_edit.c:263 -#: src/sudo_edit.c:770 src/sudo_edit.c:854 src/sudo_edit.c:976 -#: src/sudo_edit.c:996 +#: lib/util/json.c:54 lib/util/json.c:183 lib/util/sudo_conf.c:218 +#: lib/util/sudo_conf.c:304 lib/util/sudo_conf.c:381 lib/util/sudo_conf.c:665 +#: src/conversation.c:80 src/exec_monitor.c:206 src/exec_monitor.c:456 +#: src/exec_monitor.c:462 src/exec_monitor.c:470 src/exec_monitor.c:478 +#: src/exec_monitor.c:485 src/exec_monitor.c:492 src/exec_monitor.c:499 +#: src/exec_monitor.c:506 src/exec_monitor.c:513 src/exec_monitor.c:520 +#: src/exec_monitor.c:527 src/exec_nopty.c:219 src/exec_nopty.c:228 +#: src/exec_nopty.c:235 src/exec_nopty.c:242 src/exec_nopty.c:249 +#: src/exec_nopty.c:256 src/exec_nopty.c:263 src/exec_nopty.c:270 +#: src/exec_nopty.c:277 src/exec_nopty.c:284 src/exec_nopty.c:291 +#: src/exec_nopty.c:298 src/exec_nopty.c:306 src/exec_nopty.c:503 +#: src/exec_preload.c:143 src/exec_preload.c:204 src/exec_pty.c:840 +#: src/exec_pty.c:849 src/exec_pty.c:906 src/exec_pty.c:1059 +#: src/exec_pty.c:1231 src/exec_pty.c:1240 src/exec_pty.c:1247 +#: src/exec_pty.c:1254 src/exec_pty.c:1261 src/exec_pty.c:1268 +#: src/exec_pty.c:1275 src/exec_pty.c:1282 src/exec_pty.c:1289 +#: src/exec_pty.c:1296 src/exec_pty.c:1303 src/exec_pty.c:1311 +#: src/exec_pty.c:1774 src/load_plugins.c:156 src/load_plugins.c:181 +#: src/load_plugins.c:217 src/load_plugins.c:449 src/load_plugins.c:455 +#: src/parse_args.c:190 src/parse_args.c:211 src/parse_args.c:285 +#: src/parse_args.c:630 src/parse_args.c:652 src/parse_args.c:677 +#: src/preserve_fds.c:46 src/preserve_fds.c:131 src/selinux.c:89 +#: src/selinux.c:369 src/selinux.c:489 src/selinux.c:498 src/sesh.c:113 +#: src/sesh.c:146 src/sesh.c:152 src/sesh.c:159 src/sesh.c:165 src/sesh.c:410 +#: src/sudo.c:636 src/sudo.c:706 src/sudo.c:716 src/sudo.c:741 src/sudo.c:764 +#: src/sudo.c:773 src/sudo.c:782 src/sudo.c:799 src/sudo.c:849 src/sudo.c:859 +#: src/sudo.c:888 src/sudo.c:1087 src/sudo.c:1108 src/sudo.c:1401 +#: src/sudo.c:1570 src/sudo.c:1797 src/sudo.c:2131 src/sudo_edit.c:89 +#: src/sudo_edit.c:149 src/sudo_edit.c:429 src/sudo_edit.c:438 +#: src/sudo_edit.c:539 src/sudo_edit.c:546 src/sudo_edit.c:677 +#: src/sudo_edit.c:697 src/sudo_intercept_common.c:113 +#: src/sudo_intercept_common.c:317 #, c-format msgid "%s: %s" msgstr "%s: %s" #: lib/util/aix.c:272 lib/util/gidlist.c:66 lib/util/json.c:55 -#: lib/util/json.c:181 lib/util/sudo_conf.c:187 lib/util/sudo_conf.c:272 -#: lib/util/sudo_conf.c:349 lib/util/sudo_conf.c:575 src/conversation.c:81 -#: src/exec_common.c:106 src/exec_common.c:123 src/exec_common.c:132 -#: src/exec_monitor.c:455 src/exec_monitor.c:461 src/exec_monitor.c:469 -#: src/exec_monitor.c:477 src/exec_monitor.c:484 src/exec_monitor.c:491 -#: src/exec_monitor.c:498 src/exec_monitor.c:505 src/exec_monitor.c:512 -#: src/exec_monitor.c:519 src/exec_monitor.c:526 src/exec_nopty.c:212 -#: src/exec_nopty.c:221 src/exec_nopty.c:228 src/exec_nopty.c:235 -#: src/exec_nopty.c:242 src/exec_nopty.c:249 src/exec_nopty.c:256 -#: src/exec_nopty.c:263 src/exec_nopty.c:270 src/exec_nopty.c:277 -#: src/exec_nopty.c:284 src/exec_nopty.c:291 src/exec_nopty.c:299 -#: src/exec_pty.c:827 src/exec_pty.c:836 src/exec_pty.c:893 -#: src/exec_pty.c:1218 src/exec_pty.c:1227 src/exec_pty.c:1234 -#: src/exec_pty.c:1241 src/exec_pty.c:1248 src/exec_pty.c:1255 -#: src/exec_pty.c:1262 src/exec_pty.c:1269 src/exec_pty.c:1276 -#: src/exec_pty.c:1283 src/exec_pty.c:1290 src/exec_pty.c:1298 -#: src/exec_pty.c:1740 src/load_plugins.c:163 src/load_plugins.c:188 -#: src/load_plugins.c:223 src/load_plugins.c:463 src/load_plugins.c:469 -#: src/parse_args.c:181 src/parse_args.c:203 src/parse_args.c:275 -#: src/parse_args.c:616 src/parse_args.c:638 src/parse_args.c:663 -#: src/preserve_fds.c:46 src/preserve_fds.c:131 src/selinux.c:90 -#: src/selinux.c:360 src/selinux.c:489 src/selinux.c:498 src/sesh.c:115 -#: src/sudo.c:235 src/sudo.c:632 src/sudo.c:867 src/sudo.c:1053 -#: src/sudo.c:1075 src/sudo.c:1373 src/sudo.c:1546 src/sudo.c:1740 -#: src/sudo.c:2084 src/sudo_edit.c:263 src/sudo_edit.c:770 src/sudo_edit.c:854 -#: src/sudo_edit.c:976 src/sudo_edit.c:996 +#: lib/util/json.c:184 lib/util/sudo_conf.c:219 lib/util/sudo_conf.c:304 +#: lib/util/sudo_conf.c:381 lib/util/sudo_conf.c:665 src/conversation.c:81 +#: src/exec_intercept.c:100 src/exec_intercept.c:330 src/exec_intercept.c:354 +#: src/exec_intercept.c:377 src/exec_intercept.c:385 src/exec_intercept.c:410 +#: src/exec_intercept.c:416 src/exec_intercept.c:425 src/exec_intercept.c:431 +#: src/exec_intercept.c:565 src/exec_intercept.c:706 src/exec_monitor.c:456 +#: src/exec_monitor.c:462 src/exec_monitor.c:470 src/exec_monitor.c:478 +#: src/exec_monitor.c:485 src/exec_monitor.c:492 src/exec_monitor.c:499 +#: src/exec_monitor.c:506 src/exec_monitor.c:513 src/exec_monitor.c:520 +#: src/exec_monitor.c:527 src/exec_nopty.c:219 src/exec_nopty.c:228 +#: src/exec_nopty.c:235 src/exec_nopty.c:242 src/exec_nopty.c:249 +#: src/exec_nopty.c:256 src/exec_nopty.c:263 src/exec_nopty.c:270 +#: src/exec_nopty.c:277 src/exec_nopty.c:284 src/exec_nopty.c:291 +#: src/exec_nopty.c:298 src/exec_nopty.c:306 src/exec_preload.c:143 +#: src/exec_preload.c:204 src/exec_pty.c:840 src/exec_pty.c:849 +#: src/exec_pty.c:906 src/exec_pty.c:1231 src/exec_pty.c:1240 +#: src/exec_pty.c:1247 src/exec_pty.c:1254 src/exec_pty.c:1261 +#: src/exec_pty.c:1268 src/exec_pty.c:1275 src/exec_pty.c:1282 +#: src/exec_pty.c:1289 src/exec_pty.c:1296 src/exec_pty.c:1303 +#: src/exec_pty.c:1311 src/exec_pty.c:1774 src/load_plugins.c:156 +#: src/load_plugins.c:181 src/load_plugins.c:217 src/load_plugins.c:449 +#: src/load_plugins.c:455 src/parse_args.c:190 src/parse_args.c:212 +#: src/parse_args.c:285 src/parse_args.c:630 src/parse_args.c:652 +#: src/parse_args.c:677 src/preserve_fds.c:46 src/preserve_fds.c:131 +#: src/selinux.c:89 src/selinux.c:369 src/selinux.c:489 src/selinux.c:498 +#: src/sesh.c:113 src/sesh.c:411 src/sudo.c:227 src/sudo.c:636 src/sudo.c:888 +#: src/sudo.c:1087 src/sudo.c:1108 src/sudo.c:1401 src/sudo.c:1570 +#: src/sudo.c:1797 src/sudo.c:2131 src/sudo_edit.c:89 src/sudo_edit.c:149 +#: src/sudo_edit.c:429 src/sudo_edit.c:438 src/sudo_edit.c:539 +#: src/sudo_edit.c:546 src/sudo_edit.c:677 src/sudo_edit.c:697 +#: src/sudo_intercept_common.c:113 src/sudo_intercept_common.c:317 msgid "unable to allocate memory" msgstr "не вдалося отримати потрібний об’єм пам’яті" -#: lib/util/mkdir_parents.c:69 lib/util/sudo_conf.c:614 src/selinux.c:234 -#: src/selinux.c:264 src/sudo.c:369 +#: lib/util/mkdir_parents.c:68 lib/util/sudo_conf.c:704 src/selinux.c:235 +#: src/selinux.c:265 src/sudo.c:368 src/sudo_edit.c:494 src/sudo_edit.c:559 #, c-format msgid "unable to open %s" msgstr "не вдалося відкрити %s" -#: lib/util/mkdir_parents.c:84 +#: lib/util/mkdir_parents.c:83 #, c-format msgid "unable to mkdir %s" msgstr "не вдалося створити каталог %s" -#: lib/util/mkdir_parents.c:93 lib/util/sudo_conf.c:591 +#: lib/util/mkdir_parents.c:92 lib/util/sudo_conf.c:681 src/copy_file.c:150 #, c-format msgid "unable to stat %s" msgstr "не вдалося виконати stat для %s" -#: lib/util/mkdir_parents.c:98 +#: lib/util/mkdir_parents.c:97 #, c-format msgid "%s exists but is not a directory (0%o)" msgstr "%s існує, але не є каталогом (0%o)" @@ -122,7 +129,7 @@ msgstr "Невідомий сигнал" #: lib/util/strtoid.c:87 lib/util/strtomode.c:52 lib/util/strtonum.c:148 -#: lib/util/strtonum.c:187 +#: lib/util/strtonum.c:187 src/sesh.c:146 src/sesh.c:159 msgid "invalid value" msgstr "некоректне значення" @@ -134,110 +141,173 @@ msgid "value too small" msgstr "надто мале значення" -#: lib/util/sudo_conf.c:205 +#: lib/util/sudo_conf.c:237 #, c-format msgid "invalid Path value \"%s\" in %s, line %u" msgstr "некоректне значення Path, «%s», у %s, рядок %u" -#: lib/util/sudo_conf.c:371 lib/util/sudo_conf.c:387 lib/util/sudo_conf.c:440 +#: lib/util/sudo_conf.c:403 lib/util/sudo_conf.c:419 lib/util/sudo_conf.c:472 #, c-format msgid "invalid value for %s \"%s\" in %s, line %u" msgstr "некоректне значення %s, «%s», у %s, рядок %u" -#: lib/util/sudo_conf.c:408 +#: lib/util/sudo_conf.c:440 #, c-format msgid "unsupported group source \"%s\" in %s, line %u" msgstr "непідтримуване джерело групи, «%s», у %s, рядок %u" -#: lib/util/sudo_conf.c:424 +#: lib/util/sudo_conf.c:456 #, c-format msgid "invalid max groups \"%s\" in %s, line %u" msgstr "некоректна максимальна кількість груп, «%s», у %s, рядок %u" -#: lib/util/sudo_conf.c:594 +#: lib/util/sudo_conf.c:684 #, c-format msgid "%s is not a regular file" msgstr "%s не є звичайним файлом" -#: lib/util/sudo_conf.c:597 +#: lib/util/sudo_conf.c:687 src/copy_file.c:163 #, c-format msgid "%s is owned by uid %u, should be %u" msgstr "%s належить uid %u, має належати %u" -#: lib/util/sudo_conf.c:601 +#: lib/util/sudo_conf.c:691 #, c-format msgid "%s is world writable" msgstr "Запис до «%s» можливий для довільного користувача" -#: lib/util/sudo_conf.c:604 +#: lib/util/sudo_conf.c:694 #, c-format msgid "%s is group writable" msgstr "Запис до «%s» може здійснювати будь-який користувач з групи" -#: src/copy_file.c:91 +#: src/copy_file.c:93 #, c-format msgid "%s: truncate %s to zero bytes? (y/n) [n] " msgstr "%s: обрізати %s до нуля байтів? (y/n) [n] " -#: src/copy_file.c:95 +#: src/copy_file.c:97 #, c-format msgid "not overwriting %s" msgstr "не перезаписуємо %s" -#: src/copy_file.c:117 +#: src/copy_file.c:119 #, c-format msgid "unable to read from %s" msgstr "не вдалося виконати читання з %s" -#: src/copy_file.c:134 src/sudo_edit.c:695 +#: src/copy_file.c:136 src/sudo_edit.c:320 #, c-format msgid "unable to write to %s" msgstr "не вдалося виконати запис до %s" -#: src/exec.c:128 +#: src/copy_file.c:154 src/sesh.c:218 src/sudo_edit.c:197 +#, c-format +msgid "%s: not a regular file" +msgstr "%s: не є звичайним файлом" + +#: src/copy_file.c:158 +#, c-format +msgid "%s: bad file mode: 0%o" +msgstr "%s: помилковий режим доступу до файла: 0%o" + +#: src/edit_open.c:331 +msgid "unable to restore current working directory" +msgstr "не вдалося відновити поточний робочий каталог" + +#: src/exec.c:130 #, c-format msgid "unknown login class %s" msgstr "невідомий клас входу %s" -#: src/exec.c:140 +#: src/exec.c:142 msgid "unable to set user context" msgstr "не вдалося встановити контекст користувача" -#: src/exec.c:156 +#: src/exec.c:158 msgid "unable to set process priority" msgstr "не вдалося встановити пріоритет процесу" -#: src/exec.c:170 +#: src/exec.c:175 #, c-format msgid "unable to change root to %s" msgstr "не вдалося змінити root на %s" -#: src/exec.c:183 src/exec.c:189 src/exec.c:196 +#: src/exec.c:188 src/exec.c:194 src/exec.c:201 #, c-format msgid "unable to change to runas uid (%u, %u)" msgstr "не вдалося змінити uid користувача, від імені якого відбувається виконання (%u, %u)" -#: src/exec.c:214 +#: src/exec.c:219 #, c-format msgid "unable to change directory to %s" msgstr "не вдалося змінити каталог на %s" -#: src/exec.c:218 +#: src/exec.c:223 #, c-format msgid "starting from %s" msgstr "починаючи з %s" -#: src/exec.c:300 src/exec_monitor.c:564 src/exec_monitor.c:566 -#: src/exec_nopty.c:531 src/exec_pty.c:568 src/exec_pty.c:1386 -#: src/exec_pty.c:1388 src/signal.c:139 src/signal.c:153 +#: src/exec.c:305 src/exec_monitor.c:565 src/exec_monitor.c:567 +#: src/exec_nopty.c:561 src/exec_pty.c:581 src/exec_pty.c:1411 +#: src/exec_pty.c:1413 src/signal.c:144 src/signal.c:151 src/signal.c:165 #, c-format msgid "unable to set handler for signal %d" msgstr "не вдалося встановити обробник для сигналу %d" -#: src/exec_common.c:165 +#: src/exec_common.c:56 msgid "unable to remove PRIV_PROC_EXEC from PRIV_LIMIT" msgstr "не вдалося вилучити PRIV_PROC_EXEC з PRIV_LIMIT" +#: src/exec_intercept.c:112 src/exec_intercept.c:116 src/exec_intercept.c:667 +#: src/exec_intercept.c:671 src/exec_intercept.c:857 src/exec_intercept.c:861 +#: src/exec_intercept.c:872 src/exec_intercept.c:876 src/exec_monitor.c:464 +#: src/exec_monitor.c:472 src/exec_monitor.c:480 src/exec_monitor.c:487 +#: src/exec_monitor.c:494 src/exec_monitor.c:501 src/exec_monitor.c:508 +#: src/exec_monitor.c:515 src/exec_monitor.c:522 src/exec_monitor.c:529 +#: src/exec_nopty.c:221 src/exec_nopty.c:230 src/exec_nopty.c:237 +#: src/exec_nopty.c:244 src/exec_nopty.c:251 src/exec_nopty.c:258 +#: src/exec_nopty.c:265 src/exec_nopty.c:272 src/exec_nopty.c:279 +#: src/exec_nopty.c:286 src/exec_nopty.c:293 src/exec_nopty.c:300 +#: src/exec_nopty.c:308 src/exec_pty.c:706 src/exec_pty.c:711 +#: src/exec_pty.c:808 src/exec_pty.c:815 src/exec_pty.c:912 +#: src/exec_pty.c:1233 src/exec_pty.c:1242 src/exec_pty.c:1249 +#: src/exec_pty.c:1256 src/exec_pty.c:1263 src/exec_pty.c:1270 +#: src/exec_pty.c:1277 src/exec_pty.c:1284 src/exec_pty.c:1291 +#: src/exec_pty.c:1298 src/exec_pty.c:1305 src/exec_pty.c:1727 +#: src/exec_pty.c:1737 src/exec_pty.c:1782 src/exec_pty.c:1789 +#: src/exec_pty.c:1816 +msgid "unable to add event to queue" +msgstr "не вдалося додати подію до черги обробки" + +#: src/exec_intercept.c:314 +msgid "invalid PolicyCheckRequest" +msgstr "некоректне значення PolicyCheckRequest" + +#: src/exec_intercept.c:362 src/sudo.c:1213 src/sudo.c:1258 src/sudo.c:1302 +msgid "command rejected by policy" +msgstr "у виконанні команди відмовлено згідно правил" + +#: src/exec_intercept.c:455 src/sudo.c:1218 src/sudo.c:1263 src/sudo.c:1307 +#: src/sudo.c:1381 +msgid "policy plugin error" +msgstr "помилка у додатку правил" + +#: src/exec_intercept.c:561 +#, c-format +msgid "client request too large: %zu" +msgstr "надто великий запит клієнта: %zu" + +#: src/exec_intercept.c:659 +#, c-format +msgid "unexpected type_case value %d in %s from %s" +msgstr "неочікуване значення type_case %d у %s від %s" + +#: src/exec_intercept.c:694 +#, c-format +msgid "server message too large: %zu" +msgstr "надто велике повідомлення сервера: %zu" + #: src/exec_monitor.c:360 msgid "error reading from socketpair" msgstr "помилка під час спроби читання з пари сокетів" @@ -247,203 +317,180 @@ msgid "unexpected reply type on backchannel: %d" msgstr "неочікуваний тип відповіді на зворотному каналі: %d" -#: src/exec_monitor.c:463 src/exec_monitor.c:471 src/exec_monitor.c:479 -#: src/exec_monitor.c:486 src/exec_monitor.c:493 src/exec_monitor.c:500 -#: src/exec_monitor.c:507 src/exec_monitor.c:514 src/exec_monitor.c:521 -#: src/exec_monitor.c:528 src/exec_nopty.c:214 src/exec_nopty.c:223 -#: src/exec_nopty.c:230 src/exec_nopty.c:237 src/exec_nopty.c:244 -#: src/exec_nopty.c:251 src/exec_nopty.c:258 src/exec_nopty.c:265 -#: src/exec_nopty.c:272 src/exec_nopty.c:279 src/exec_nopty.c:286 -#: src/exec_nopty.c:293 src/exec_nopty.c:301 src/exec_pty.c:693 -#: src/exec_pty.c:698 src/exec_pty.c:795 src/exec_pty.c:802 src/exec_pty.c:899 -#: src/exec_pty.c:1220 src/exec_pty.c:1229 src/exec_pty.c:1236 -#: src/exec_pty.c:1243 src/exec_pty.c:1250 src/exec_pty.c:1257 -#: src/exec_pty.c:1264 src/exec_pty.c:1271 src/exec_pty.c:1278 -#: src/exec_pty.c:1285 src/exec_pty.c:1292 src/exec_pty.c:1693 -#: src/exec_pty.c:1703 src/exec_pty.c:1748 src/exec_pty.c:1755 -#: src/exec_pty.c:1782 -msgid "unable to add event to queue" -msgstr "не вдалося додати подію до черги обробки" - -#: src/exec_monitor.c:582 +#: src/exec_monitor.c:583 msgid "unable to set controlling tty" msgstr "не вдалося встановити tty для керування" -#: src/exec_monitor.c:590 src/exec_nopty.c:358 src/exec_pty.c:1465 -#: src/exec_pty.c:1486 src/exec_pty.c:1506 src/tgetpass.c:306 +#: src/exec_monitor.c:591 src/exec_nopty.c:369 src/exec_pty.c:1490 +#: src/exec_pty.c:1511 src/exec_pty.c:1531 src/tgetpass.c:307 msgid "unable to create pipe" msgstr "не вдалося створити канал" -#: src/exec_monitor.c:598 +#: src/exec_monitor.c:601 msgid "unable to receive message from parent" msgstr "не вдалося отримати повідомлення від батьківського процесу" -#: src/exec_monitor.c:612 src/exec_nopty.c:387 src/exec_pty.c:1544 -#: src/sudo_edit.c:735 src/tgetpass.c:310 +#: src/exec_monitor.c:617 src/exec_nopty.c:407 src/exec_pty.c:1569 +#: src/sudo_edit.c:361 src/tgetpass.c:311 msgid "unable to fork" msgstr "не вдалося створити відгалуження" -#: src/exec_monitor.c:616 src/exec_monitor.c:715 src/exec_nopty.c:441 +#: src/exec_monitor.c:621 src/exec_monitor.c:722 src/exec_nopty.c:471 msgid "unable to restore tty label" msgstr "не вдалося відновити позначку tty" -#: src/exec_monitor.c:632 src/sesh.c:125 src/sudo.c:1131 +#: src/exec_monitor.c:637 src/sesh.c:123 src/sudo.c:1164 #, c-format msgid "unable to execute %s" msgstr "не вдалося виконати %s" -#: src/exec_nopty.c:352 src/exec_pty.c:1395 +#: src/exec_nopty.c:363 src/exec_pty.c:1420 msgid "policy plugin failed session initialization" msgstr "не вдалося виконати ініціалізацію сеансу через додаток правил" -#: src/exec_nopty.c:429 src/exec_pty.c:1632 +#: src/exec_nopty.c:377 src/exec_pty.c:1391 src/exec_pty.c:1399 +msgid "unable to create sockets" +msgstr "не вдалося створити сокети" + +#: src/exec_nopty.c:459 src/exec_pty.c:1666 msgid "error in event loop" msgstr "помилка у циклі обробки подій" -#: src/exec_nopty.c:539 src/exec_pty.c:606 src/signal.c:101 +#: src/exec_nopty.c:569 src/exec_pty.c:619 src/signal.c:101 #, c-format msgid "unable to restore handler for signal %d" msgstr "не вдалося відновити обробник для сигналу %d" -#: src/exec_pty.c:152 +#: src/exec_pty.c:158 msgid "unable to allocate pty" msgstr "не вдалося розмістити pty" -#: src/exec_pty.c:216 src/exec_pty.c:255 src/exec_pty.c:294 src/exec_pty.c:344 -#: src/exec_pty.c:394 +#: src/exec_pty.c:222 src/exec_pty.c:262 src/exec_pty.c:302 src/exec_pty.c:353 +#: src/exec_pty.c:404 msgid "I/O plugin error" msgstr "Помилка у додатку введення-виведення" -#: src/exec_pty.c:219 src/exec_pty.c:258 src/exec_pty.c:297 src/exec_pty.c:347 -#: src/exec_pty.c:397 +#: src/exec_pty.c:226 src/exec_pty.c:266 src/exec_pty.c:306 src/exec_pty.c:357 +#: src/exec_pty.c:408 msgid "command rejected by I/O plugin" msgstr "відмова у виконання команди від додатка введення-виведення" -#: src/exec_pty.c:444 +#: src/exec_pty.c:455 msgid "error logging suspend" msgstr "помилка під час призупинення ведення журналу" -#: src/exec_pty.c:477 +#: src/exec_pty.c:489 msgid "error changing window size" msgstr "помилка під час зміни розмірів вікна" -#: src/exec_pty.c:1375 -msgid "unable to create sockets" -msgstr "не вдалося створити сокети" - -#: src/exec_pty.c:1587 +#: src/exec_pty.c:1615 msgid "unable to send message to monitor process" msgstr "не вдалося надіслати повідомлення до процесу аудиту" -#: src/load_plugins.c:50 src/load_plugins.c:63 src/load_plugins.c:85 -#: src/load_plugins.c:115 src/load_plugins.c:129 src/load_plugins.c:135 -#: src/load_plugins.c:287 src/load_plugins.c:297 src/load_plugins.c:307 -#: src/load_plugins.c:354 +#: src/load_plugins.c:108 src/load_plugins.c:122 src/load_plugins.c:128 +#: src/load_plugins.c:277 src/load_plugins.c:287 src/load_plugins.c:297 +#: src/load_plugins.c:344 #, c-format msgid "error in %s, line %d while loading plugin \"%s\"" msgstr "помилка у %s, рядок %d під час спроби завантаження додатка «%s»" -#: src/load_plugins.c:87 -#, c-format -msgid "%s%s: %s" -msgstr "%s%s: %s" - -#: src/load_plugins.c:131 +#: src/load_plugins.c:124 #, c-format msgid "%s must be owned by uid %d" msgstr "%s має належати користувачеві з uid %d" -#: src/load_plugins.c:137 +#: src/load_plugins.c:130 #, c-format msgid "%s must be only be writable by owner" msgstr "%s має бути доступним до запису лише для власника" -#: src/load_plugins.c:247 src/load_plugins.c:322 +#: src/load_plugins.c:241 src/load_plugins.c:312 #, c-format msgid "ignoring duplicate plugin \"%s\" in %s, line %d" msgstr "ігноруємо повторний запис додатка, «%s», у %s, рядок %d" -#: src/load_plugins.c:289 +#: src/load_plugins.c:279 #, c-format msgid "unable to load %s: %s" msgstr "не вдалося завантажити %s: %s" -#: src/load_plugins.c:299 +#: src/load_plugins.c:289 #, c-format msgid "unable to find symbol \"%s\" in %s" msgstr "не вдалося знайти символ «%s» у %s" -#: src/load_plugins.c:309 +#: src/load_plugins.c:299 #, c-format msgid "incompatible plugin major version %d (expected %d) found in %s" msgstr "несумісна основна версія додатка, %d, (мало бути %d) у %s" -#: src/load_plugins.c:327 +#: src/load_plugins.c:317 #, c-format msgid "ignoring policy plugin \"%s\" in %s, line %d" msgstr "ігноруємо додаток правил, «%s», у %s, рядок %d" -#: src/load_plugins.c:330 +#: src/load_plugins.c:320 msgid "only a single policy plugin may be specified" msgstr "можна визначати лише один додаток обробки правил" -#: src/load_plugins.c:356 +#: src/load_plugins.c:346 #, c-format msgid "unknown plugin type %d found in %s" msgstr "у %2$s виявлено невідомий тип додатка, %1$d" -#: src/load_plugins.c:552 +#: src/load_plugins.c:529 #, c-format msgid "policy plugin %s does not include a check_policy method" msgstr "до додатка правил %s не включено метод check_policy" -#: src/net_ifs.c:178 src/net_ifs.c:195 src/net_ifs.c:340 src/sudo.c:479 +#: src/net_ifs.c:210 src/net_ifs.c:376 src/net_ifs.c:437 src/net_ifs.c:624 +#: src/net_ifs.c:855 src/sudo.c:483 src/sudo_edit.c:398 src/sudo_edit.c:406 #, c-format msgid "internal error, %s overflow" msgstr "внутрішня помилка, переповнення %s" -#: src/parse_args.c:223 +#: src/parse_args.c:232 #, c-format msgid "invalid environment variable name: %s" msgstr "некоректна назва змінної середовища: %s" -#: src/parse_args.c:325 +#: src/parse_args.c:335 msgid "the argument to -C must be a number greater than or equal to 3" msgstr "аргументом параметра -C mмає бути число не менше за 3" -#: src/parse_args.c:552 +#: src/parse_args.c:566 msgid "you may not specify both the -i and -s options" msgstr "не можна одночасно вказувати параметри -i і -s" -#: src/parse_args.c:557 +#: src/parse_args.c:571 msgid "you may not specify both the -i and -E options" msgstr "не можна одночасно вказувати параметри -i і -E" -#: src/parse_args.c:567 +#: src/parse_args.c:581 msgid "the -E option is not valid in edit mode" msgstr "не можна використовувати -E у режимі редагування" -#: src/parse_args.c:570 +#: src/parse_args.c:584 msgid "you may not specify environment variables in edit mode" msgstr "не можна вказувати змінні середовища у режимі редагування" -#: src/parse_args.c:580 +#: src/parse_args.c:594 msgid "the -U option may only be used with the -l option" msgstr "параметр -U можна використовувати лише разом з параметром -l" -#: src/parse_args.c:584 +#: src/parse_args.c:598 msgid "the -A and -S options may not be used together" msgstr "параметри -A і -S не можна використовувати одночасно" -#: src/parse_args.c:677 +#: src/parse_args.c:691 msgid "sudoedit is not supported on this platform" msgstr "підтримки sudoedit для цієї платформи не передбачено" -#: src/parse_args.c:759 +#: src/parse_args.c:774 msgid "Only one of the -e, -h, -i, -K, -l, -s, -v or -V options may be specified" msgstr "Можна використовувати лише такі параметри: -e, -h, -i, -K, -l, -s, -v та -V" -#: src/parse_args.c:773 +#: src/parse_args.c:790 #, c-format msgid "" "%s - edit files as another user\n" @@ -452,7 +499,7 @@ "%s — редагувати файли від імені іншого користувача\n" "\n" -#: src/parse_args.c:775 +#: src/parse_args.c:792 #, c-format msgid "" "%s - execute a command as another user\n" @@ -461,7 +508,7 @@ "%s — виконати команду від імені іншого користувача\n" "\n" -#: src/parse_args.c:780 +#: src/parse_args.c:798 msgid "" "\n" "Options:\n" @@ -469,225 +516,215 @@ "\n" "Параметри:\n" -#: src/parse_args.c:782 +#: src/parse_args.c:800 msgid "use a helper program for password prompting" msgstr "використовувати допоміжну програму для запитів щодо пароля" -#: src/parse_args.c:785 +#: src/parse_args.c:803 msgid "use specified BSD authentication type" msgstr "використовувати вказаний тип розпізнавання BSD" -#: src/parse_args.c:788 +#: src/parse_args.c:807 msgid "run command in the background" msgstr "виконати команду у фоновому режимі" -#: src/parse_args.c:790 +#: src/parse_args.c:810 msgid "ring bell when prompting" msgstr "звук дзвінка під час запиту" -#: src/parse_args.c:792 +#: src/parse_args.c:812 msgid "close all file descriptors >= num" msgstr "закрити всі дескриптори файлів >= num" -#: src/parse_args.c:795 +#: src/parse_args.c:815 msgid "run command with the specified BSD login class" msgstr "виконати команду з вказаним класом доступу BSD" -#: src/parse_args.c:798 +#: src/parse_args.c:818 msgid "change the working directory before running command" msgstr "змінити робочий каталог перед виконанням команди" -#: src/parse_args.c:800 +#: src/parse_args.c:821 msgid "preserve user environment when running command" msgstr "зберегти середовище користувача на час виконання команди" -#: src/parse_args.c:802 +#: src/parse_args.c:823 msgid "preserve specific environment variables" msgstr "зберегти вказані змінні середовища" -#: src/parse_args.c:804 +#: src/parse_args.c:825 msgid "edit files instead of running a command" msgstr "редагувати файли замість виконання команди" -#: src/parse_args.c:806 +#: src/parse_args.c:828 msgid "run command as the specified group name or ID" msgstr "виконати команду від імені групи користувачів, вказаної за назвою або ідентифікатором" -#: src/parse_args.c:808 +#: src/parse_args.c:831 msgid "set HOME variable to target user's home dir" msgstr "встановити для змінної HOME значення домашнього каталогу вказаного користувача." -#: src/parse_args.c:810 +#: src/parse_args.c:834 msgid "display help message and exit" msgstr "показати довідкове повідомлення і завершити роботу" -#: src/parse_args.c:812 +#: src/parse_args.c:836 msgid "run command on host (if supported by plugin)" msgstr "виконати команду на комп’ютері (якщо підтримується додатком)" -#: src/parse_args.c:814 +#: src/parse_args.c:839 msgid "run login shell as the target user; a command may also be specified" msgstr "запустити оболонку для входу до системи від імені вказаного користувача; слід вказати команду запуску" -#: src/parse_args.c:816 +#: src/parse_args.c:841 msgid "remove timestamp file completely" msgstr "повністю вилучити файл часової позначки" -#: src/parse_args.c:818 +#: src/parse_args.c:844 msgid "invalidate timestamp file" msgstr "позбавити чинності файл часової позначки" -#: src/parse_args.c:820 +#: src/parse_args.c:847 msgid "list user's privileges or check a specific command; use twice for longer format" msgstr "показати список прав доступу користувача або перевірити певну команду; подвоєння параметра призводить до виведення додаткових даних" -#: src/parse_args.c:822 +#: src/parse_args.c:850 msgid "non-interactive mode, no prompts are used" msgstr "неінтерактивний режим, не просити користувача відповідати на питання" -#: src/parse_args.c:824 +#: src/parse_args.c:853 msgid "preserve group vector instead of setting to target's" msgstr "зберегти вектор групи, не встановлювати вектор вказаного користувача" -#: src/parse_args.c:826 +#: src/parse_args.c:856 msgid "use the specified password prompt" msgstr "використовувати вказаний інструмент отримання паролів" -#: src/parse_args.c:828 +#: src/parse_args.c:858 msgid "change the root directory before running command" msgstr "змінити кореневий каталог перед виконанням команди" -#: src/parse_args.c:831 +#: src/parse_args.c:861 msgid "create SELinux security context with specified role" msgstr "створити контекст захисту SELinux з вказаною роллю" -#: src/parse_args.c:834 +#: src/parse_args.c:864 msgid "read password from standard input" msgstr "прочитати пароль зі стандартного джерела вхідних даних" -#: src/parse_args.c:836 +#: src/parse_args.c:867 msgid "run shell as the target user; a command may also be specified" msgstr "виконати командну оболонку від імені вказаного користувача; слід також вказати команду" -#: src/parse_args.c:839 +#: src/parse_args.c:871 msgid "create SELinux security context with specified type" msgstr "створити контекст захисту SELinux вказаного типу" -#: src/parse_args.c:842 +#: src/parse_args.c:874 msgid "terminate command after the specified time limit" msgstr "перервати виконання команди щойно буде перевищено вказане обмеження за часом" -#: src/parse_args.c:844 +#: src/parse_args.c:877 msgid "in list mode, display privileges for user" msgstr "у режимі списку, показати права доступу користувача" -#: src/parse_args.c:846 +#: src/parse_args.c:880 msgid "run command (or edit file) as specified user name or ID" msgstr "виконати команду (або редагувати файл) від імені користувача, вказаного за іменем або ідентифікатором" -#: src/parse_args.c:848 +#: src/parse_args.c:882 msgid "display version information and exit" msgstr "показати дані щодо версії і завершити роботу" -#: src/parse_args.c:850 +#: src/parse_args.c:885 msgid "update user's timestamp without running a command" msgstr "оновити штамп часу користувача без виконання команди" -#: src/parse_args.c:852 +#: src/parse_args.c:888 msgid "stop processing command line arguments" msgstr "зупинити обробку аргументів командного рядка" -#: src/selinux.c:84 +#: src/selinux.c:83 msgid "unable to open audit system" msgstr "не вдалося відкрити систему аудиту" -#: src/selinux.c:94 +#: src/selinux.c:93 msgid "unable to send audit message" msgstr "не вдалося надіслати повідомлення аудиту" -#: src/selinux.c:128 +#: src/selinux.c:129 #, c-format msgid "unable to fgetfilecon %s" msgstr "не вдалося виконати fgetfilecon %s" -#: src/selinux.c:133 +#: src/selinux.c:134 #, c-format msgid "%s changed labels" msgstr "%s змінено позначки" -#: src/selinux.c:141 +#: src/selinux.c:142 #, c-format msgid "unable to restore context for %s" msgstr "не вдалося відновити контекст %s" -#: src/selinux.c:189 +#: src/selinux.c:190 #, c-format msgid "unable to open %s, not relabeling tty" msgstr "не вдалося відкрити %s, не змінюємо позначки tty" -#: src/selinux.c:193 src/selinux.c:238 src/selinux.c:268 +#: src/selinux.c:194 src/selinux.c:239 src/selinux.c:269 #, c-format msgid "%s is not a character device, not relabeling tty" msgstr "%s не є символьним пристроєм, не змінюємо мітки tty" -#: src/selinux.c:202 +#: src/selinux.c:203 msgid "unable to get current tty context, not relabeling tty" msgstr "не вдалося отримати поточний контекст tty, не змінюємо позначки tty" -#: src/selinux.c:209 +#: src/selinux.c:210 msgid "unknown security class \"chr_file\", not relabeling tty" msgstr "невідомий клас захисту «chr_file», не змінюємо позначки tty" -#: src/selinux.c:214 +#: src/selinux.c:215 msgid "unable to get new tty context, not relabeling tty" msgstr "не вдалося отримати новий контекст tty, не змінюємо позначки tty" -#: src/selinux.c:223 +#: src/selinux.c:224 msgid "unable to set new tty context" msgstr "не вдалося встановити новий контекст tty" -#: src/selinux.c:321 -#, c-format -msgid "you must specify a role for type %s" -msgstr "вам слід вказати роль для типу %s" - #: src/selinux.c:327 +msgid "failed to get new context" +msgstr "не вдалося отримати новий контекст" + +#: src/selinux.c:345 #, c-format msgid "unable to get default type for role %s" msgstr "не вдалося отримати типовий тип для ролі %s" -#: src/selinux.c:339 -msgid "failed to get new context" -msgstr "не вдалося отримати новий контекст" - -#: src/selinux.c:348 +#: src/selinux.c:357 #, c-format msgid "failed to set new role %s" msgstr "не вдалося встановити нову роль %s" -#: src/selinux.c:352 +#: src/selinux.c:361 #, c-format msgid "failed to set new type %s" msgstr "не вдалося встановити новий тип %s" -#: src/selinux.c:364 +#: src/selinux.c:373 #, c-format msgid "%s is not a valid context" msgstr "%s не є коректним контекстом" -#: src/selinux.c:396 +#: src/selinux.c:402 msgid "failed to get old context" msgstr "не вдалося отримати старий контекст" -#: src/selinux.c:402 +#: src/selinux.c:408 msgid "unable to determine enforcing mode." msgstr "не вдалося визначити режим примушення." -#: src/selinux.c:419 -#, c-format -msgid "unable to set tty context to %s" -msgstr "не вдалося встановити контекст tty у значення %s" - #: src/selinux.c:440 #, c-format msgid "unable to set exec context to %s" @@ -698,20 +735,40 @@ msgid "unable to set key creation context to %s" msgstr "не вдалося встановити контекст ключа створення у значення %s" -#: src/sesh.c:77 +#: src/sesh.c:72 msgid "requires at least one argument" msgstr "потребує принаймні одного аргументу" -#: src/sesh.c:106 +#: src/sesh.c:104 #, c-format msgid "invalid file descriptor number: %s" msgstr "некоректний номер дескриптора файла: %s" -#: src/sesh.c:120 +#: src/sesh.c:118 #, c-format msgid "unable to run %s as a login shell" msgstr "%s не можна працювати як оболонка для входу" +#: src/sesh.c:200 src/sesh.c:300 src/sudo_edit.c:204 +#, c-format +msgid "%s: editing symbolic links is not permitted" +msgstr "%s: не можна редагувати символічні посилання" + +#: src/sesh.c:203 src/sesh.c:303 src/sudo_edit.c:207 +#, c-format +msgid "%s: editing files in a writable directory is not permitted" +msgstr "%s: не можна редагувати файли у непридатному до запису каталозі" + +#: src/sesh.c:287 src/sesh.c:308 src/sesh.c:317 src/sesh.c:325 +#: src/sudo_edit.c:331 +#, c-format +msgid "contents of edit session left in %s" +msgstr "дані сеансу редагування залишилися у %s" + +#: src/sesh.c:416 src/sudo_edit.c:94 +msgid "unable to get group list" +msgstr "не вдалося отримати список груп" + #: src/signal.c:79 #, c-format msgid "unable to save handler for signal %d" @@ -760,203 +817,198 @@ msgid "warning, resource control assignment failed for project \"%s\"" msgstr "попередження, помилка призначення керування ресурсами проекту «%s»" -#: src/sudo.c:220 +#: src/sudo.c:213 #, c-format msgid "Sudo version %s\n" msgstr "Версія sudo %s\n" -#: src/sudo.c:222 +#: src/sudo.c:215 #, c-format msgid "Configure options: %s\n" msgstr "Параметри налаштування: %s\n" -#: src/sudo.c:231 +#: src/sudo.c:223 msgid "fatal error, unable to load plugins" msgstr "критична помилка, не вдалося завантажити додатки" -#: src/sudo.c:277 +#: src/sudo.c:269 msgid "plugin did not return a command to execute" msgstr "додатком не повернуто команди, яку слід виконати" -#: src/sudo.c:312 +#: src/sudo.c:302 #, c-format msgid "unexpected sudo mode 0x%x" msgstr "неочікуваний режим sudo 0x%x" -#: src/sudo.c:546 +#: src/sudo.c:550 #, c-format msgid "you do not exist in the %s database" msgstr "вас немає у базі даних %s" -#: src/sudo.c:603 +#: src/sudo.c:607 msgid "unable to determine tty" msgstr "не вдалося визначити tty" -#: src/sudo.c:913 +#: src/sudo.c:948 #, c-format msgid "%s must be owned by uid %d and have the setuid bit set" msgstr "%s має належати користувачеві з uid %d, крім того, має бути встановлено біт setuid" -#: src/sudo.c:916 +#: src/sudo.c:951 #, c-format msgid "effective uid is not %d, is %s on a file system with the 'nosuid' option set or an NFS file system without root privileges?" msgstr "поточним uid не є %d. Можливо %s зберігається у файловій системі зі встановленим параметром «nosuid» або у файловій системі NFS без прав доступу root?" -#: src/sudo.c:922 +#: src/sudo.c:957 #, c-format msgid "effective uid is not %d, is sudo installed setuid root?" msgstr "поточним uid не є %d, sudo встановлено з ідентифікатором користувача root?" -#: src/sudo.c:938 +#: src/sudo.c:973 src/tgetpass.c:333 msgid "unable to set supplementary group IDs" msgstr "не вдалося встановити ідентифікатори додаткових груп" -#: src/sudo.c:945 +#: src/sudo.c:980 #, c-format msgid "unable to set effective gid to runas gid %u" msgstr "не вдалося встановити ефективний ідентифікатор групи для ідентифікатора групи запуску %u" -#: src/sudo.c:951 +#: src/sudo.c:986 #, c-format msgid "unable to set gid to runas gid %u" msgstr "не вдалося встановити ідентифікатор групи для ідентифікатора групи запуску %u" -#: src/sudo.c:994 +#: src/sudo.c:1029 #, c-format msgid "unexpected child termination condition: %d" msgstr "неочікувана умова переривання дочірнього процесу: %d" -#: src/sudo.c:1103 +#: src/sudo.c:1136 msgid "unable to initialize policy plugin" msgstr "не вдалося ініціалізувати додаток правил" -#: src/sudo.c:1166 +#: src/sudo.c:1198 #, c-format msgid "policy plugin %s is missing the \"check_policy\" method" msgstr "до додатка правил %s не включено метод check_policy" -#: src/sudo.c:1181 src/sudo.c:1234 src/sudo.c:1278 -msgid "command rejected by policy" -msgstr "у виконанні команди відмовлено згідно правил" - -#: src/sudo.c:1186 src/sudo.c:1239 src/sudo.c:1283 -msgid "policy plugin error" -msgstr "помилка у додатку правил" - -#: src/sudo.c:1220 +#: src/sudo.c:1244 #, c-format msgid "policy plugin %s does not support listing privileges" msgstr "у додатку правил %s не передбачено підтримки побудови списку прав доступу" -#: src/sudo.c:1264 +#: src/sudo.c:1288 #, c-format msgid "policy plugin %s does not support the -v option" msgstr "у додатку правил %s не передбачено підтримки параметра -v" -#: src/sudo.c:1302 +#: src/sudo.c:1326 #, c-format msgid "policy plugin %s does not support the -k/-K options" msgstr "у додатку правил %s не передбачено підтримки параметрів -k/-K" -#: src/sudo.c:1431 +#: src/sudo.c:1455 #, c-format msgid "error initializing I/O plugin %s" msgstr "помилка під час спроби ініціалізації додатка введення/виведення даних %s" -#: src/sudo.c:1585 +#: src/sudo.c:1458 +msgid "error initializing I/O plugin" +msgstr "помилка під час спроби ініціалізації додатка введення/виведення даних" + +#: src/sudo.c:1607 #, c-format msgid "error initializing audit plugin %s" msgstr "помилка під час спроби ініціалізації додатка аудиту %s" -#: src/sudo.c:1763 +#: src/sudo.c:1686 +#, c-format +msgid "%s: unable to log error event%s%s" +msgstr "%s: не вдалося записати до журналу подію помилки%s%s" + +#: src/sudo.c:1722 +#, c-format +msgid "%s: unable to log accept event%s%s" +msgstr "%s: не вдалося записати до журналу подію прийняття%s%s" + +#: src/sudo.c:1727 src/sudo.c:1765 +msgid "audit plugin error" +msgstr "помилка у додатку аудиту" + +#: src/sudo.c:1760 +#, c-format +msgid "%s: unable to log reject event%s%s" +msgstr "%s: не вдалося записати до журналу подію відмови%s%s" + +#: src/sudo.c:1820 #, c-format msgid "error initializing approval plugin %s" msgstr "помилка під час спроби ініціалізації додатка підтвердження %s" -#: src/sudo.c:1839 +#: src/sudo.c:1890 msgid "command rejected by approver" msgstr "у виконанні команди відмовлено засобом підтвердження" -#: src/sudo.c:1848 +#: src/sudo.c:1900 msgid "approval plugin error" msgstr "помилка у додатку підтвердження" -#: src/sudo_edit.c:226 +#: src/sudo_edit.c:113 msgid "no writable temporary directory found" msgstr "не знайдено придатного до запису тимчасового каталогу" -#: src/sudo_edit.c:351 -msgid "unable to restore current working directory" -msgstr "не вдалося відновити поточний робочий каталог" - -#: src/sudo_edit.c:566 src/sudo_edit.c:666 -#, c-format -msgid "%s: not a regular file" -msgstr "%s: не є звичайним файлом" - -#: src/sudo_edit.c:573 -#, c-format -msgid "%s: editing symbolic links is not permitted" -msgstr "%s: не можна редагувати символічні посилання" - -#: src/sudo_edit.c:576 -#, c-format -msgid "%s: editing files in a writable directory is not permitted" -msgstr "%s: не можна редагувати файли у непридатному до запису каталозі" - -#: src/sudo_edit.c:667 +#: src/sudo_edit.c:291 #, c-format msgid "%s left unmodified" msgstr "%s залишено без змін" -#: src/sudo_edit.c:680 src/sudo_edit.c:871 +#: src/sudo_edit.c:304 src/sudo_edit.c:571 #, c-format msgid "%s unchanged" msgstr "%s не змінено" -#: src/sudo_edit.c:706 src/sudo_edit.c:909 -#, c-format -msgid "contents of edit session left in %s" -msgstr "дані сеансу редагування залишилися у %s" - -#: src/sudo_edit.c:814 +#: src/sudo_edit.c:481 msgid "sesh: internal error: odd number of paths" msgstr "sesh: внутрішня помилка: непарна кількість шляхів" -#: src/sudo_edit.c:816 +#: src/sudo_edit.c:483 msgid "sesh: unable to create temporary files" msgstr "sesh: не вдалося створити тимчасові файли" -#: src/sudo_edit.c:818 src/sudo_edit.c:902 +#: src/sudo_edit.c:485 src/sudo_edit.c:609 msgid "sesh: killed by a signal" msgstr "sesh: завершено надсиланням сигналу" -#: src/sudo_edit.c:820 src/sudo_edit.c:905 +#: src/sudo_edit.c:487 src/sudo_edit.c:612 #, c-format msgid "sesh: unknown error %d" msgstr "sesh: невідома помилка %d" -#: src/sudo_edit.c:895 +#: src/sudo_edit.c:602 msgid "unable to copy temporary files back to their original location" msgstr "не вдалося скопіювати тимчасові файли назад до початкового місця зберігання" -#: src/sudo_edit.c:899 +#: src/sudo_edit.c:606 msgid "unable to copy some of the temporary files back to their original location" msgstr "не вдалося скопіювати деякі з тимчасових файлів назад до початкового місця зберігання" -#: src/sudo_edit.c:943 +#: src/sudo_edit.c:649 #, c-format msgid "unable to change uid to root (%u)" msgstr "не вдалося змінити значення uid на значення root (%u)" -#: src/sudo_edit.c:960 +#: src/sudo_edit.c:670 msgid "plugin error: missing file list for sudoedit" msgstr "помилка додатка: не вистачає списку файлів для sudoedit" -#: src/sudo_edit.c:1011 src/sudo_edit.c:1024 +#: src/sudo_edit.c:713 src/sudo_edit.c:727 msgid "unable to read the clock" msgstr "не вдалося прочитати час на годиннику" +#: src/sudo_intercept_common.c:341 +msgid "intercept port not set" +msgstr "порт перехоплення не встановлено" + #: src/tgetpass.c:95 msgid "timed out reading password" msgstr "перевищено граничний час очікування на пароль" @@ -977,33 +1029,51 @@ msgid "no askpass program specified, try setting SUDO_ASKPASS" msgstr "не вказано програми askpass, спробуйте встановити значення змінної SUDO_ASKPASS" -#: src/tgetpass.c:327 +#: src/tgetpass.c:328 #, c-format msgid "unable to set gid to %u" msgstr "не вдалося встановити gid у значення %u" -#: src/tgetpass.c:331 +#: src/tgetpass.c:338 #, c-format msgid "unable to set uid to %u" msgstr "не вдалося встановити uid у значення %u" -#: src/tgetpass.c:336 +#: src/tgetpass.c:343 #, c-format msgid "unable to run %s" msgstr "не вдалося виконати %s" -#: src/utmp.c:287 +#: src/utmp.c:288 msgid "unable to save stdin" msgstr "не вдалося зберегти stdin" -#: src/utmp.c:289 +#: src/utmp.c:290 msgid "unable to dup2 stdin" msgstr "не вдалося виконати dup2 для stdin" -#: src/utmp.c:292 +#: src/utmp.c:293 msgid "unable to restore stdin" msgstr "не вдалося відновити stdin" +#~ msgid "unable to dup intercept fd" +#~ msgstr "не вдалося здублювати перехоплений дескриптор файла" + +#~ msgid "%s: missing message header" +#~ msgstr "%s: не вистачає заголовка повідомлення" + +#~ msgid "%s: expected message type %d, got %d" +#~ msgstr "%s: очікуваний тип повідомлення — %d, маємо — %d" + +#~ msgid "you must specify a role for type %s" +#~ msgstr "вам слід вказати роль для типу %s" + +#~ msgid "unable to set tty context to %s" +#~ msgstr "не вдалося встановити контекст tty у значення %s" + +#~ msgid "%s%s: %s" +#~ msgstr "%s%s: %s" + #~ msgid "%s: short write" #~ msgstr "%s: короткий запис" Binary files /tmp/tmpi0rdlgnl/ugezXHF7Xt/sudo-1.9.5p2/po/zh_CN.mo and /tmp/tmpi0rdlgnl/jboyaHmwzR/sudo-1.9.9/po/zh_CN.mo differ diff -Nru sudo-1.9.5p2/po/zh_CN.po sudo-1.9.9/po/zh_CN.po --- sudo-1.9.5p2/po/zh_CN.po 2020-12-17 01:33:44.000000000 +0000 +++ sudo-1.9.9/po/zh_CN.po 2022-01-27 21:24:22.000000000 +0000 @@ -2,14 +2,14 @@ # sudo 的简体中文翻译。 # This file is put in the public domain. # Wylmer Wang , 2011, 2012, 2013, 2014, 2015, 2016, 2018. -# Boyuan Yang <073plan@gmail.com>, 2019, 2020. +# Boyuan Yang <073plan@gmail.com>, 2019, 2020, 2021. # msgid "" msgstr "" -"Project-Id-Version: sudo-1.9.3b1\n" +"Project-Id-Version: sudo-1.9.9b1\n" "Report-Msgid-Bugs-To: https://bugzilla.sudo.ws\n" -"POT-Creation-Date: 2020-09-12 08:28-0600\n" -"PO-Revision-Date: 2020-09-16 19:50-0400\n" +"POT-Creation-Date: 2021-12-08 10:19-0700\n" +"PO-Revision-Date: 2021-12-10 13:50-0500\n" "Last-Translator: Boyuan Yang <073plan@gmail.com>\n" "Language-Team: Chinese (simplified) \n" "Language: zh_CN\n" @@ -17,7 +17,7 @@ "Content-Type: text/plain; charset=utf-8\n" "Content-Transfer-Encoding: 8bit\n" "X-Bugs: Report translation errors to the Language-Team address.\n" -"X-Generator: Poedit 2.4.1\n" +"X-Generator: Poedit 3.0\n" #: lib/util/aix.c:89 lib/util/aix.c:169 msgid "unable to open userdb" @@ -33,87 +33,94 @@ msgstr "无法恢复注册表" #: lib/util/aix.c:272 lib/util/gidlist.c:66 lib/util/gidlist.c:76 -#: lib/util/json.c:54 lib/util/json.c:180 lib/util/sudo_conf.c:186 -#: lib/util/sudo_conf.c:272 lib/util/sudo_conf.c:349 lib/util/sudo_conf.c:575 -#: src/conversation.c:80 src/exec_common.c:106 src/exec_common.c:122 -#: src/exec_common.c:131 src/exec_monitor.c:206 src/exec_monitor.c:455 -#: src/exec_monitor.c:461 src/exec_monitor.c:469 src/exec_monitor.c:477 -#: src/exec_monitor.c:484 src/exec_monitor.c:491 src/exec_monitor.c:498 -#: src/exec_monitor.c:505 src/exec_monitor.c:512 src/exec_monitor.c:519 -#: src/exec_monitor.c:526 src/exec_nopty.c:212 src/exec_nopty.c:221 -#: src/exec_nopty.c:228 src/exec_nopty.c:235 src/exec_nopty.c:242 -#: src/exec_nopty.c:249 src/exec_nopty.c:256 src/exec_nopty.c:263 -#: src/exec_nopty.c:270 src/exec_nopty.c:277 src/exec_nopty.c:284 -#: src/exec_nopty.c:291 src/exec_nopty.c:299 src/exec_nopty.c:473 -#: src/exec_pty.c:827 src/exec_pty.c:836 src/exec_pty.c:893 -#: src/exec_pty.c:1046 src/exec_pty.c:1218 src/exec_pty.c:1227 -#: src/exec_pty.c:1234 src/exec_pty.c:1241 src/exec_pty.c:1248 -#: src/exec_pty.c:1255 src/exec_pty.c:1262 src/exec_pty.c:1269 -#: src/exec_pty.c:1276 src/exec_pty.c:1283 src/exec_pty.c:1290 -#: src/exec_pty.c:1298 src/exec_pty.c:1740 src/load_plugins.c:52 -#: src/load_plugins.c:65 src/load_plugins.c:163 src/load_plugins.c:188 -#: src/load_plugins.c:223 src/load_plugins.c:463 src/load_plugins.c:469 -#: src/parse_args.c:181 src/parse_args.c:202 src/parse_args.c:275 -#: src/parse_args.c:616 src/parse_args.c:638 src/parse_args.c:663 -#: src/preserve_fds.c:46 src/preserve_fds.c:131 src/selinux.c:90 -#: src/selinux.c:360 src/selinux.c:489 src/selinux.c:498 src/sesh.c:115 -#: src/sudo.c:632 src/sudo.c:701 src/sudo.c:711 src/sudo.c:732 src/sudo.c:751 -#: src/sudo.c:760 src/sudo.c:769 src/sudo.c:786 src/sudo.c:828 src/sudo.c:838 -#: src/sudo.c:867 src/sudo.c:1053 src/sudo.c:1075 src/sudo.c:1373 -#: src/sudo.c:1546 src/sudo.c:1740 src/sudo.c:2084 src/sudo_edit.c:263 -#: src/sudo_edit.c:770 src/sudo_edit.c:854 src/sudo_edit.c:976 -#: src/sudo_edit.c:996 +#: lib/util/json.c:54 lib/util/json.c:183 lib/util/sudo_conf.c:218 +#: lib/util/sudo_conf.c:304 lib/util/sudo_conf.c:381 lib/util/sudo_conf.c:665 +#: src/conversation.c:80 src/exec_monitor.c:206 src/exec_monitor.c:456 +#: src/exec_monitor.c:462 src/exec_monitor.c:470 src/exec_monitor.c:478 +#: src/exec_monitor.c:485 src/exec_monitor.c:492 src/exec_monitor.c:499 +#: src/exec_monitor.c:506 src/exec_monitor.c:513 src/exec_monitor.c:520 +#: src/exec_monitor.c:527 src/exec_nopty.c:219 src/exec_nopty.c:228 +#: src/exec_nopty.c:235 src/exec_nopty.c:242 src/exec_nopty.c:249 +#: src/exec_nopty.c:256 src/exec_nopty.c:263 src/exec_nopty.c:270 +#: src/exec_nopty.c:277 src/exec_nopty.c:284 src/exec_nopty.c:291 +#: src/exec_nopty.c:298 src/exec_nopty.c:306 src/exec_nopty.c:503 +#: src/exec_preload.c:143 src/exec_preload.c:204 src/exec_pty.c:840 +#: src/exec_pty.c:849 src/exec_pty.c:906 src/exec_pty.c:1059 +#: src/exec_pty.c:1231 src/exec_pty.c:1240 src/exec_pty.c:1247 +#: src/exec_pty.c:1254 src/exec_pty.c:1261 src/exec_pty.c:1268 +#: src/exec_pty.c:1275 src/exec_pty.c:1282 src/exec_pty.c:1289 +#: src/exec_pty.c:1296 src/exec_pty.c:1303 src/exec_pty.c:1311 +#: src/exec_pty.c:1774 src/load_plugins.c:156 src/load_plugins.c:181 +#: src/load_plugins.c:217 src/load_plugins.c:449 src/load_plugins.c:455 +#: src/parse_args.c:190 src/parse_args.c:211 src/parse_args.c:285 +#: src/parse_args.c:630 src/parse_args.c:652 src/parse_args.c:677 +#: src/preserve_fds.c:46 src/preserve_fds.c:131 src/selinux.c:89 +#: src/selinux.c:369 src/selinux.c:489 src/selinux.c:498 src/sesh.c:113 +#: src/sesh.c:146 src/sesh.c:152 src/sesh.c:159 src/sesh.c:165 src/sesh.c:410 +#: src/sudo.c:636 src/sudo.c:706 src/sudo.c:716 src/sudo.c:741 src/sudo.c:764 +#: src/sudo.c:773 src/sudo.c:782 src/sudo.c:799 src/sudo.c:849 src/sudo.c:859 +#: src/sudo.c:888 src/sudo.c:1087 src/sudo.c:1108 src/sudo.c:1401 +#: src/sudo.c:1570 src/sudo.c:1797 src/sudo.c:2131 src/sudo_edit.c:89 +#: src/sudo_edit.c:149 src/sudo_edit.c:429 src/sudo_edit.c:438 +#: src/sudo_edit.c:539 src/sudo_edit.c:546 src/sudo_edit.c:677 +#: src/sudo_edit.c:697 src/sudo_intercept_common.c:113 +#: src/sudo_intercept_common.c:317 #, c-format msgid "%s: %s" msgstr "%s:%s" #: lib/util/aix.c:272 lib/util/gidlist.c:66 lib/util/json.c:55 -#: lib/util/json.c:181 lib/util/sudo_conf.c:187 lib/util/sudo_conf.c:272 -#: lib/util/sudo_conf.c:349 lib/util/sudo_conf.c:575 src/conversation.c:81 -#: src/exec_common.c:106 src/exec_common.c:123 src/exec_common.c:132 -#: src/exec_monitor.c:455 src/exec_monitor.c:461 src/exec_monitor.c:469 -#: src/exec_monitor.c:477 src/exec_monitor.c:484 src/exec_monitor.c:491 -#: src/exec_monitor.c:498 src/exec_monitor.c:505 src/exec_monitor.c:512 -#: src/exec_monitor.c:519 src/exec_monitor.c:526 src/exec_nopty.c:212 -#: src/exec_nopty.c:221 src/exec_nopty.c:228 src/exec_nopty.c:235 -#: src/exec_nopty.c:242 src/exec_nopty.c:249 src/exec_nopty.c:256 -#: src/exec_nopty.c:263 src/exec_nopty.c:270 src/exec_nopty.c:277 -#: src/exec_nopty.c:284 src/exec_nopty.c:291 src/exec_nopty.c:299 -#: src/exec_pty.c:827 src/exec_pty.c:836 src/exec_pty.c:893 -#: src/exec_pty.c:1218 src/exec_pty.c:1227 src/exec_pty.c:1234 -#: src/exec_pty.c:1241 src/exec_pty.c:1248 src/exec_pty.c:1255 -#: src/exec_pty.c:1262 src/exec_pty.c:1269 src/exec_pty.c:1276 -#: src/exec_pty.c:1283 src/exec_pty.c:1290 src/exec_pty.c:1298 -#: src/exec_pty.c:1740 src/load_plugins.c:163 src/load_plugins.c:188 -#: src/load_plugins.c:223 src/load_plugins.c:463 src/load_plugins.c:469 -#: src/parse_args.c:181 src/parse_args.c:203 src/parse_args.c:275 -#: src/parse_args.c:616 src/parse_args.c:638 src/parse_args.c:663 -#: src/preserve_fds.c:46 src/preserve_fds.c:131 src/selinux.c:90 -#: src/selinux.c:360 src/selinux.c:489 src/selinux.c:498 src/sesh.c:115 -#: src/sudo.c:235 src/sudo.c:632 src/sudo.c:867 src/sudo.c:1053 -#: src/sudo.c:1075 src/sudo.c:1373 src/sudo.c:1546 src/sudo.c:1740 -#: src/sudo.c:2084 src/sudo_edit.c:263 src/sudo_edit.c:770 src/sudo_edit.c:854 -#: src/sudo_edit.c:976 src/sudo_edit.c:996 +#: lib/util/json.c:184 lib/util/sudo_conf.c:219 lib/util/sudo_conf.c:304 +#: lib/util/sudo_conf.c:381 lib/util/sudo_conf.c:665 src/conversation.c:81 +#: src/exec_intercept.c:100 src/exec_intercept.c:330 src/exec_intercept.c:354 +#: src/exec_intercept.c:377 src/exec_intercept.c:385 src/exec_intercept.c:410 +#: src/exec_intercept.c:416 src/exec_intercept.c:425 src/exec_intercept.c:431 +#: src/exec_intercept.c:565 src/exec_intercept.c:706 src/exec_monitor.c:456 +#: src/exec_monitor.c:462 src/exec_monitor.c:470 src/exec_monitor.c:478 +#: src/exec_monitor.c:485 src/exec_monitor.c:492 src/exec_monitor.c:499 +#: src/exec_monitor.c:506 src/exec_monitor.c:513 src/exec_monitor.c:520 +#: src/exec_monitor.c:527 src/exec_nopty.c:219 src/exec_nopty.c:228 +#: src/exec_nopty.c:235 src/exec_nopty.c:242 src/exec_nopty.c:249 +#: src/exec_nopty.c:256 src/exec_nopty.c:263 src/exec_nopty.c:270 +#: src/exec_nopty.c:277 src/exec_nopty.c:284 src/exec_nopty.c:291 +#: src/exec_nopty.c:298 src/exec_nopty.c:306 src/exec_preload.c:143 +#: src/exec_preload.c:204 src/exec_pty.c:840 src/exec_pty.c:849 +#: src/exec_pty.c:906 src/exec_pty.c:1231 src/exec_pty.c:1240 +#: src/exec_pty.c:1247 src/exec_pty.c:1254 src/exec_pty.c:1261 +#: src/exec_pty.c:1268 src/exec_pty.c:1275 src/exec_pty.c:1282 +#: src/exec_pty.c:1289 src/exec_pty.c:1296 src/exec_pty.c:1303 +#: src/exec_pty.c:1311 src/exec_pty.c:1774 src/load_plugins.c:156 +#: src/load_plugins.c:181 src/load_plugins.c:217 src/load_plugins.c:449 +#: src/load_plugins.c:455 src/parse_args.c:190 src/parse_args.c:212 +#: src/parse_args.c:285 src/parse_args.c:630 src/parse_args.c:652 +#: src/parse_args.c:677 src/preserve_fds.c:46 src/preserve_fds.c:131 +#: src/selinux.c:89 src/selinux.c:369 src/selinux.c:489 src/selinux.c:498 +#: src/sesh.c:113 src/sesh.c:411 src/sudo.c:227 src/sudo.c:636 src/sudo.c:888 +#: src/sudo.c:1087 src/sudo.c:1108 src/sudo.c:1401 src/sudo.c:1570 +#: src/sudo.c:1797 src/sudo.c:2131 src/sudo_edit.c:89 src/sudo_edit.c:149 +#: src/sudo_edit.c:429 src/sudo_edit.c:438 src/sudo_edit.c:539 +#: src/sudo_edit.c:546 src/sudo_edit.c:677 src/sudo_edit.c:697 +#: src/sudo_intercept_common.c:113 src/sudo_intercept_common.c:317 msgid "unable to allocate memory" msgstr "无法分配内存" -#: lib/util/mkdir_parents.c:69 lib/util/sudo_conf.c:614 src/selinux.c:234 -#: src/selinux.c:264 src/sudo.c:369 +#: lib/util/mkdir_parents.c:68 lib/util/sudo_conf.c:704 src/selinux.c:235 +#: src/selinux.c:265 src/sudo.c:368 src/sudo_edit.c:494 src/sudo_edit.c:559 #, c-format msgid "unable to open %s" msgstr "无法打开 %s" -#: lib/util/mkdir_parents.c:84 +#: lib/util/mkdir_parents.c:83 #, c-format msgid "unable to mkdir %s" msgstr "无法创建目录 %s" -#: lib/util/mkdir_parents.c:93 lib/util/sudo_conf.c:591 +#: lib/util/mkdir_parents.c:92 lib/util/sudo_conf.c:681 src/copy_file.c:150 #, c-format msgid "unable to stat %s" msgstr "无法 stat %s" -#: lib/util/mkdir_parents.c:98 +#: lib/util/mkdir_parents.c:97 #, c-format msgid "%s exists but is not a directory (0%o)" msgstr "%s 存在但不是目录(0%o)" @@ -123,7 +130,7 @@ msgstr "未知信号" #: lib/util/strtoid.c:87 lib/util/strtomode.c:52 lib/util/strtonum.c:148 -#: lib/util/strtonum.c:187 +#: lib/util/strtonum.c:187 src/sesh.c:146 src/sesh.c:159 msgid "invalid value" msgstr "值无效" @@ -135,110 +142,173 @@ msgid "value too small" msgstr "值过小" -#: lib/util/sudo_conf.c:205 +#: lib/util/sudo_conf.c:237 #, c-format msgid "invalid Path value \"%s\" in %s, line %u" msgstr "%2$s 第 %3$u 行的路径值“%1$s”无效" -#: lib/util/sudo_conf.c:371 lib/util/sudo_conf.c:387 lib/util/sudo_conf.c:440 +#: lib/util/sudo_conf.c:403 lib/util/sudo_conf.c:419 lib/util/sudo_conf.c:472 #, c-format msgid "invalid value for %s \"%s\" in %s, line %u" msgstr "%3$s 第 %4$u 行的 %1$s 的值“%2$s”无效" -#: lib/util/sudo_conf.c:408 +#: lib/util/sudo_conf.c:440 #, c-format msgid "unsupported group source \"%s\" in %s, line %u" msgstr "不支持 %2$s 第 %3$u 行的组来源“%1$s”" -#: lib/util/sudo_conf.c:424 +#: lib/util/sudo_conf.c:456 #, c-format msgid "invalid max groups \"%s\" in %s, line %u" msgstr "%2$s 第 %3$u 行的最大组数“%1$s”无效" -#: lib/util/sudo_conf.c:594 +#: lib/util/sudo_conf.c:684 #, c-format msgid "%s is not a regular file" msgstr "%s 不是常规文件" -#: lib/util/sudo_conf.c:597 +#: lib/util/sudo_conf.c:687 src/copy_file.c:163 #, c-format msgid "%s is owned by uid %u, should be %u" msgstr "%s 属于用户 ID %u,应为 %u" -#: lib/util/sudo_conf.c:601 +#: lib/util/sudo_conf.c:691 #, c-format msgid "%s is world writable" msgstr "%s 可被任何人写" -#: lib/util/sudo_conf.c:604 +#: lib/util/sudo_conf.c:694 #, c-format msgid "%s is group writable" msgstr "%s 可被用户组写" -#: src/copy_file.c:91 +#: src/copy_file.c:93 #, c-format msgid "%s: truncate %s to zero bytes? (y/n) [n] " msgstr "%s:截断 %s 至零字节? (y/n) [n] " -#: src/copy_file.c:95 +#: src/copy_file.c:97 #, c-format msgid "not overwriting %s" msgstr "不覆盖 %s" -#: src/copy_file.c:117 +#: src/copy_file.c:119 #, c-format msgid "unable to read from %s" msgstr "无法读取 %s" -#: src/copy_file.c:134 src/sudo_edit.c:695 +#: src/copy_file.c:136 src/sudo_edit.c:320 #, c-format msgid "unable to write to %s" msgstr "无法写入 %s" -#: src/exec.c:128 +#: src/copy_file.c:154 src/sesh.c:218 src/sudo_edit.c:197 +#, c-format +msgid "%s: not a regular file" +msgstr "%s:不是常规文件" + +#: src/copy_file.c:158 +#, c-format +msgid "%s: bad file mode: 0%o" +msgstr "%s:不正确的文件模式:0%o" + +#: src/edit_open.c:331 +msgid "unable to restore current working directory" +msgstr "无法恢复当前工作目录" + +#: src/exec.c:130 #, c-format msgid "unknown login class %s" msgstr "未知的登录类别 %s" -#: src/exec.c:140 +#: src/exec.c:142 msgid "unable to set user context" msgstr "无法设置用户环境" -#: src/exec.c:156 +#: src/exec.c:158 msgid "unable to set process priority" msgstr "无法设置进程优先级" -#: src/exec.c:170 +#: src/exec.c:175 #, c-format msgid "unable to change root to %s" msgstr "无法从 root 切换到 %s" -#: src/exec.c:183 src/exec.c:189 src/exec.c:196 +#: src/exec.c:188 src/exec.c:194 src/exec.c:201 #, c-format msgid "unable to change to runas uid (%u, %u)" msgstr "无法切换到以用户 ID(%u,%u)运行" -#: src/exec.c:214 +#: src/exec.c:219 #, c-format msgid "unable to change directory to %s" msgstr "无法将目录切换到 %s" -#: src/exec.c:218 +#: src/exec.c:223 #, c-format msgid "starting from %s" msgstr "起始于 %s" -#: src/exec.c:300 src/exec_monitor.c:564 src/exec_monitor.c:566 -#: src/exec_nopty.c:531 src/exec_pty.c:568 src/exec_pty.c:1386 -#: src/exec_pty.c:1388 src/signal.c:139 src/signal.c:153 +#: src/exec.c:305 src/exec_monitor.c:565 src/exec_monitor.c:567 +#: src/exec_nopty.c:561 src/exec_pty.c:581 src/exec_pty.c:1411 +#: src/exec_pty.c:1413 src/signal.c:144 src/signal.c:151 src/signal.c:165 #, c-format msgid "unable to set handler for signal %d" msgstr "无法设置 %d 信号的处理程序" -#: src/exec_common.c:165 +#: src/exec_common.c:56 msgid "unable to remove PRIV_PROC_EXEC from PRIV_LIMIT" msgstr "无法从 PRIV_LIMIT 中移除 PRIV_PROC_EXEC" +#: src/exec_intercept.c:112 src/exec_intercept.c:116 src/exec_intercept.c:667 +#: src/exec_intercept.c:671 src/exec_intercept.c:857 src/exec_intercept.c:861 +#: src/exec_intercept.c:872 src/exec_intercept.c:876 src/exec_monitor.c:464 +#: src/exec_monitor.c:472 src/exec_monitor.c:480 src/exec_monitor.c:487 +#: src/exec_monitor.c:494 src/exec_monitor.c:501 src/exec_monitor.c:508 +#: src/exec_monitor.c:515 src/exec_monitor.c:522 src/exec_monitor.c:529 +#: src/exec_nopty.c:221 src/exec_nopty.c:230 src/exec_nopty.c:237 +#: src/exec_nopty.c:244 src/exec_nopty.c:251 src/exec_nopty.c:258 +#: src/exec_nopty.c:265 src/exec_nopty.c:272 src/exec_nopty.c:279 +#: src/exec_nopty.c:286 src/exec_nopty.c:293 src/exec_nopty.c:300 +#: src/exec_nopty.c:308 src/exec_pty.c:706 src/exec_pty.c:711 +#: src/exec_pty.c:808 src/exec_pty.c:815 src/exec_pty.c:912 +#: src/exec_pty.c:1233 src/exec_pty.c:1242 src/exec_pty.c:1249 +#: src/exec_pty.c:1256 src/exec_pty.c:1263 src/exec_pty.c:1270 +#: src/exec_pty.c:1277 src/exec_pty.c:1284 src/exec_pty.c:1291 +#: src/exec_pty.c:1298 src/exec_pty.c:1305 src/exec_pty.c:1727 +#: src/exec_pty.c:1737 src/exec_pty.c:1782 src/exec_pty.c:1789 +#: src/exec_pty.c:1816 +msgid "unable to add event to queue" +msgstr "无法将事件添加到队列" + +#: src/exec_intercept.c:314 +msgid "invalid PolicyCheckRequest" +msgstr "无效的 PolicyCheckRequest" + +#: src/exec_intercept.c:362 src/sudo.c:1213 src/sudo.c:1258 src/sudo.c:1302 +msgid "command rejected by policy" +msgstr "命令被策略拒绝" + +#: src/exec_intercept.c:455 src/sudo.c:1218 src/sudo.c:1263 src/sudo.c:1307 +#: src/sudo.c:1381 +msgid "policy plugin error" +msgstr "策略插件错误" + +#: src/exec_intercept.c:561 +#, c-format +msgid "client request too large: %zu" +msgstr "客户端请求过大:%zu" + +#: src/exec_intercept.c:659 +#, c-format +msgid "unexpected type_case value %d in %s from %s" +msgstr "未预期的 type_case 值 %d,位于 %s,来自 %s" + +#: src/exec_intercept.c:694 +#, c-format +msgid "server message too large: %zu" +msgstr "服务器消息过大:%zu" + #: src/exec_monitor.c:360 msgid "error reading from socketpair" msgstr "从套接字对读取出错" @@ -248,203 +318,180 @@ msgid "unexpected reply type on backchannel: %d" msgstr "联络通道的回应类型异常:%d" -#: src/exec_monitor.c:463 src/exec_monitor.c:471 src/exec_monitor.c:479 -#: src/exec_monitor.c:486 src/exec_monitor.c:493 src/exec_monitor.c:500 -#: src/exec_monitor.c:507 src/exec_monitor.c:514 src/exec_monitor.c:521 -#: src/exec_monitor.c:528 src/exec_nopty.c:214 src/exec_nopty.c:223 -#: src/exec_nopty.c:230 src/exec_nopty.c:237 src/exec_nopty.c:244 -#: src/exec_nopty.c:251 src/exec_nopty.c:258 src/exec_nopty.c:265 -#: src/exec_nopty.c:272 src/exec_nopty.c:279 src/exec_nopty.c:286 -#: src/exec_nopty.c:293 src/exec_nopty.c:301 src/exec_pty.c:693 -#: src/exec_pty.c:698 src/exec_pty.c:795 src/exec_pty.c:802 src/exec_pty.c:899 -#: src/exec_pty.c:1220 src/exec_pty.c:1229 src/exec_pty.c:1236 -#: src/exec_pty.c:1243 src/exec_pty.c:1250 src/exec_pty.c:1257 -#: src/exec_pty.c:1264 src/exec_pty.c:1271 src/exec_pty.c:1278 -#: src/exec_pty.c:1285 src/exec_pty.c:1292 src/exec_pty.c:1693 -#: src/exec_pty.c:1703 src/exec_pty.c:1748 src/exec_pty.c:1755 -#: src/exec_pty.c:1782 -msgid "unable to add event to queue" -msgstr "无法将事件添加到队列" - -#: src/exec_monitor.c:582 +#: src/exec_monitor.c:583 msgid "unable to set controlling tty" msgstr "无法设置控制终端" -#: src/exec_monitor.c:590 src/exec_nopty.c:358 src/exec_pty.c:1465 -#: src/exec_pty.c:1486 src/exec_pty.c:1506 src/tgetpass.c:306 +#: src/exec_monitor.c:591 src/exec_nopty.c:369 src/exec_pty.c:1490 +#: src/exec_pty.c:1511 src/exec_pty.c:1531 src/tgetpass.c:307 msgid "unable to create pipe" msgstr "无法创建管道" -#: src/exec_monitor.c:598 +#: src/exec_monitor.c:601 msgid "unable to receive message from parent" msgstr "无法从父(进程)接收消息" -#: src/exec_monitor.c:612 src/exec_nopty.c:387 src/exec_pty.c:1544 -#: src/sudo_edit.c:735 src/tgetpass.c:310 +#: src/exec_monitor.c:617 src/exec_nopty.c:407 src/exec_pty.c:1569 +#: src/sudo_edit.c:361 src/tgetpass.c:311 msgid "unable to fork" msgstr "无法执行 fork" -#: src/exec_monitor.c:616 src/exec_monitor.c:715 src/exec_nopty.c:441 +#: src/exec_monitor.c:621 src/exec_monitor.c:722 src/exec_nopty.c:471 msgid "unable to restore tty label" msgstr "无法恢复终端标签" -#: src/exec_monitor.c:632 src/sesh.c:125 src/sudo.c:1131 +#: src/exec_monitor.c:637 src/sesh.c:123 src/sudo.c:1164 #, c-format msgid "unable to execute %s" msgstr "无法执行 %s" -#: src/exec_nopty.c:352 src/exec_pty.c:1395 +#: src/exec_nopty.c:363 src/exec_pty.c:1420 msgid "policy plugin failed session initialization" msgstr "策略插件会话初始化失败" -#: src/exec_nopty.c:429 src/exec_pty.c:1632 +#: src/exec_nopty.c:377 src/exec_pty.c:1391 src/exec_pty.c:1399 +msgid "unable to create sockets" +msgstr "无法创建套接字" + +#: src/exec_nopty.c:459 src/exec_pty.c:1666 msgid "error in event loop" msgstr "事件循环中有错误" -#: src/exec_nopty.c:539 src/exec_pty.c:606 src/signal.c:101 +#: src/exec_nopty.c:569 src/exec_pty.c:619 src/signal.c:101 #, c-format msgid "unable to restore handler for signal %d" msgstr "无法恢复 %d 信号的处理程序" -#: src/exec_pty.c:152 +#: src/exec_pty.c:158 msgid "unable to allocate pty" msgstr "无法分配伪终端" -#: src/exec_pty.c:216 src/exec_pty.c:255 src/exec_pty.c:294 src/exec_pty.c:344 -#: src/exec_pty.c:394 +#: src/exec_pty.c:222 src/exec_pty.c:262 src/exec_pty.c:302 src/exec_pty.c:353 +#: src/exec_pty.c:404 msgid "I/O plugin error" msgstr "I/O 插件错误" -#: src/exec_pty.c:219 src/exec_pty.c:258 src/exec_pty.c:297 src/exec_pty.c:347 -#: src/exec_pty.c:397 +#: src/exec_pty.c:226 src/exec_pty.c:266 src/exec_pty.c:306 src/exec_pty.c:357 +#: src/exec_pty.c:408 msgid "command rejected by I/O plugin" msgstr "命令被 I/O 插件拒绝" -#: src/exec_pty.c:444 +#: src/exec_pty.c:455 msgid "error logging suspend" msgstr "记录挂起事件时出错" -#: src/exec_pty.c:477 +#: src/exec_pty.c:489 msgid "error changing window size" msgstr "变更窗口大小出错" -#: src/exec_pty.c:1375 -msgid "unable to create sockets" -msgstr "无法创建套接字" - -#: src/exec_pty.c:1587 +#: src/exec_pty.c:1615 msgid "unable to send message to monitor process" msgstr "无法向监视进程发送消息" -#: src/load_plugins.c:50 src/load_plugins.c:63 src/load_plugins.c:85 -#: src/load_plugins.c:115 src/load_plugins.c:129 src/load_plugins.c:135 -#: src/load_plugins.c:287 src/load_plugins.c:297 src/load_plugins.c:307 -#: src/load_plugins.c:354 +#: src/load_plugins.c:108 src/load_plugins.c:122 src/load_plugins.c:128 +#: src/load_plugins.c:277 src/load_plugins.c:287 src/load_plugins.c:297 +#: src/load_plugins.c:344 #, c-format msgid "error in %s, line %d while loading plugin \"%s\"" msgstr "在加载插件“%3$s”时在 %1$s 第 %2$d 行出错" -#: src/load_plugins.c:87 -#, c-format -msgid "%s%s: %s" -msgstr "%s%s:%s" - -#: src/load_plugins.c:131 +#: src/load_plugins.c:124 #, c-format msgid "%s must be owned by uid %d" msgstr "%s 必须属于用户 ID %d(的用户)" -#: src/load_plugins.c:137 +#: src/load_plugins.c:130 #, c-format msgid "%s must be only be writable by owner" msgstr "%s 必须只对其所有者可写" -#: src/load_plugins.c:247 src/load_plugins.c:322 +#: src/load_plugins.c:241 src/load_plugins.c:312 #, c-format msgid "ignoring duplicate plugin \"%s\" in %s, line %d" msgstr "忽略位于 %2$s 第 %3$d 行的重复插件“%1$s”" -#: src/load_plugins.c:289 +#: src/load_plugins.c:279 #, c-format msgid "unable to load %s: %s" msgstr "无法加载 %s:%s" -#: src/load_plugins.c:299 +#: src/load_plugins.c:289 #, c-format msgid "unable to find symbol \"%s\" in %s" msgstr "在 %2$s 中找不到符号“%1$s”" -#: src/load_plugins.c:309 +#: src/load_plugins.c:299 #, c-format msgid "incompatible plugin major version %d (expected %d) found in %s" msgstr "%3$s 中发现不兼容的插件主版本号 %1$d(应为 %2$d)" -#: src/load_plugins.c:327 +#: src/load_plugins.c:317 #, c-format msgid "ignoring policy plugin \"%s\" in %s, line %d" msgstr "忽略位于 %2$s 第 %3$d 行的策略插件“%1$s”" -#: src/load_plugins.c:330 +#: src/load_plugins.c:320 msgid "only a single policy plugin may be specified" msgstr "只能指定一个策略插件" -#: src/load_plugins.c:356 +#: src/load_plugins.c:346 #, c-format msgid "unknown plugin type %d found in %s" msgstr "未知的插件类型 %d,在 %s" -#: src/load_plugins.c:552 +#: src/load_plugins.c:529 #, c-format msgid "policy plugin %s does not include a check_policy method" msgstr "策略插件 %s 不包含 check_policy 方法" -#: src/net_ifs.c:178 src/net_ifs.c:195 src/net_ifs.c:340 src/sudo.c:479 +#: src/net_ifs.c:210 src/net_ifs.c:376 src/net_ifs.c:437 src/net_ifs.c:624 +#: src/net_ifs.c:855 src/sudo.c:483 src/sudo_edit.c:398 src/sudo_edit.c:406 #, c-format msgid "internal error, %s overflow" msgstr "内部错误,%s 溢出" -#: src/parse_args.c:223 +#: src/parse_args.c:232 #, c-format msgid "invalid environment variable name: %s" msgstr "无效的环境变量名:%s" -#: src/parse_args.c:325 +#: src/parse_args.c:335 msgid "the argument to -C must be a number greater than or equal to 3" msgstr "-C 选项的参数必须是一个大于等于 3 的数字" -#: src/parse_args.c:552 +#: src/parse_args.c:566 msgid "you may not specify both the -i and -s options" msgstr "您不能同时指定 -i 和 -s 选项" -#: src/parse_args.c:557 +#: src/parse_args.c:571 msgid "you may not specify both the -i and -E options" msgstr "您不能同时指定 -i 和 -E 选项" -#: src/parse_args.c:567 +#: src/parse_args.c:581 msgid "the -E option is not valid in edit mode" msgstr "-E 选项在编辑模式中无效" -#: src/parse_args.c:570 +#: src/parse_args.c:584 msgid "you may not specify environment variables in edit mode" msgstr "在编辑模式中您不能指定环境变量" -#: src/parse_args.c:580 +#: src/parse_args.c:594 msgid "the -U option may only be used with the -l option" msgstr "-U 选项只能与 -l 选项一起使用" -#: src/parse_args.c:584 +#: src/parse_args.c:598 msgid "the -A and -S options may not be used together" msgstr "-A 和 -S 选项不可同时使用" -#: src/parse_args.c:677 +#: src/parse_args.c:691 msgid "sudoedit is not supported on this platform" msgstr "此平台不支持 sudoedit" -#: src/parse_args.c:759 +#: src/parse_args.c:774 msgid "Only one of the -e, -h, -i, -K, -l, -s, -v or -V options may be specified" msgstr "只能指定 -e、-h、-i、-K、-l、-s、-v 或 -V 选项中的一个" -#: src/parse_args.c:773 +#: src/parse_args.c:790 #, c-format msgid "" "%s - edit files as another user\n" @@ -453,7 +500,7 @@ "%s - 以其他用户身份编辑文件\n" "\n" -#: src/parse_args.c:775 +#: src/parse_args.c:792 #, c-format msgid "" "%s - execute a command as another user\n" @@ -462,7 +509,7 @@ "%s - 以其他用户身份执行一条命令\n" "\n" -#: src/parse_args.c:780 +#: src/parse_args.c:798 msgid "" "\n" "Options:\n" @@ -470,225 +517,215 @@ "\n" "选项:\n" -#: src/parse_args.c:782 +#: src/parse_args.c:800 msgid "use a helper program for password prompting" msgstr "使用助手程序进行密码提示" -#: src/parse_args.c:785 +#: src/parse_args.c:803 msgid "use specified BSD authentication type" msgstr "使用指定的 BSD 认证类型" -#: src/parse_args.c:788 +#: src/parse_args.c:807 msgid "run command in the background" msgstr "在后台运行命令" -#: src/parse_args.c:790 +#: src/parse_args.c:810 msgid "ring bell when prompting" msgstr "提示时响铃" -#: src/parse_args.c:792 +#: src/parse_args.c:812 msgid "close all file descriptors >= num" msgstr "关闭所有 >= num 的文件描述符" -#: src/parse_args.c:795 +#: src/parse_args.c:815 msgid "run command with the specified BSD login class" msgstr "以指定的 BSD 登录类别运行命令" -#: src/parse_args.c:798 +#: src/parse_args.c:818 msgid "change the working directory before running command" msgstr "运行命令前改变工作目录" -#: src/parse_args.c:800 +#: src/parse_args.c:821 msgid "preserve user environment when running command" msgstr "在执行命令时保留用户环境" -#: src/parse_args.c:802 +#: src/parse_args.c:823 msgid "preserve specific environment variables" msgstr "保留特定的环境变量" -#: src/parse_args.c:804 +#: src/parse_args.c:825 msgid "edit files instead of running a command" msgstr "编辑文件而非执行命令" -#: src/parse_args.c:806 +#: src/parse_args.c:828 msgid "run command as the specified group name or ID" msgstr "以指定的用户组或 ID 执行命令" -#: src/parse_args.c:808 +#: src/parse_args.c:831 msgid "set HOME variable to target user's home dir" msgstr "将 HOME 变量设为目标用户的主目录" -#: src/parse_args.c:810 +#: src/parse_args.c:834 msgid "display help message and exit" msgstr "显示帮助消息并退出" -#: src/parse_args.c:812 +#: src/parse_args.c:836 msgid "run command on host (if supported by plugin)" msgstr "在主机上运行命令(如果插件支持)" -#: src/parse_args.c:814 +#: src/parse_args.c:839 msgid "run login shell as the target user; a command may also be specified" msgstr "以目标用户身份运行一个登录 shell;可同时指定一条命令" -#: src/parse_args.c:816 +#: src/parse_args.c:841 msgid "remove timestamp file completely" msgstr "完全移除时间戳文件" -#: src/parse_args.c:818 +#: src/parse_args.c:844 msgid "invalidate timestamp file" msgstr "无效的时间戳文件" -#: src/parse_args.c:820 +#: src/parse_args.c:847 msgid "list user's privileges or check a specific command; use twice for longer format" msgstr "列出用户权限或检查某个特定命令;对于长格式,使用两次" -#: src/parse_args.c:822 +#: src/parse_args.c:850 msgid "non-interactive mode, no prompts are used" msgstr "非交互模式,不提示" -#: src/parse_args.c:824 +#: src/parse_args.c:853 msgid "preserve group vector instead of setting to target's" msgstr "保留组向量,而非设置为目标的组向量" -#: src/parse_args.c:826 +#: src/parse_args.c:856 msgid "use the specified password prompt" msgstr "使用指定的密码提示" -#: src/parse_args.c:828 +#: src/parse_args.c:858 msgid "change the root directory before running command" msgstr "运行命令前改变根目录" -#: src/parse_args.c:831 +#: src/parse_args.c:861 msgid "create SELinux security context with specified role" msgstr "以指定的角色创建 SELinux 安全环境" -#: src/parse_args.c:834 +#: src/parse_args.c:864 msgid "read password from standard input" msgstr "从标准输入读取密码" -#: src/parse_args.c:836 +#: src/parse_args.c:867 msgid "run shell as the target user; a command may also be specified" msgstr "以目标用户运行 shell;可同时指定一条命令" -#: src/parse_args.c:839 +#: src/parse_args.c:871 msgid "create SELinux security context with specified type" msgstr "以指定的类型创建 SELinux 安全环境" -#: src/parse_args.c:842 +#: src/parse_args.c:874 msgid "terminate command after the specified time limit" msgstr "在达到指定时间限制后终止命令" -#: src/parse_args.c:844 +#: src/parse_args.c:877 msgid "in list mode, display privileges for user" msgstr "在列表模式中显示用户的权限" -#: src/parse_args.c:846 +#: src/parse_args.c:880 msgid "run command (or edit file) as specified user name or ID" msgstr "以指定用户或 ID 运行命令(或编辑文件)" -#: src/parse_args.c:848 +#: src/parse_args.c:882 msgid "display version information and exit" msgstr "显示版本信息并退出" -#: src/parse_args.c:850 +#: src/parse_args.c:885 msgid "update user's timestamp without running a command" msgstr "更新用户的时间戳而不执行命令" -#: src/parse_args.c:852 +#: src/parse_args.c:888 msgid "stop processing command line arguments" msgstr "停止处理命令行参数" -#: src/selinux.c:84 +#: src/selinux.c:83 msgid "unable to open audit system" msgstr "无法打开审查系统" -#: src/selinux.c:94 +#: src/selinux.c:93 msgid "unable to send audit message" msgstr "无法发送审查消息" -#: src/selinux.c:128 +#: src/selinux.c:129 #, c-format msgid "unable to fgetfilecon %s" msgstr "无法 fgetfilecon %s" -#: src/selinux.c:133 +#: src/selinux.c:134 #, c-format msgid "%s changed labels" msgstr "%s 修改了标签" -#: src/selinux.c:141 +#: src/selinux.c:142 #, c-format msgid "unable to restore context for %s" msgstr "无法恢复 %s 的环境" -#: src/selinux.c:189 +#: src/selinux.c:190 #, c-format msgid "unable to open %s, not relabeling tty" msgstr "无法打开 %s,将不重新标记终端" -#: src/selinux.c:193 src/selinux.c:238 src/selinux.c:268 +#: src/selinux.c:194 src/selinux.c:239 src/selinux.c:269 #, c-format msgid "%s is not a character device, not relabeling tty" msgstr "%s 不是字符型设备,将不重新标记终端" -#: src/selinux.c:202 +#: src/selinux.c:203 msgid "unable to get current tty context, not relabeling tty" msgstr "无法获取当前终端的环境,将不重新标记终端" -#: src/selinux.c:209 +#: src/selinux.c:210 msgid "unknown security class \"chr_file\", not relabeling tty" msgstr "未知的安全类“chr_file”,将不重新标记终端" -#: src/selinux.c:214 +#: src/selinux.c:215 msgid "unable to get new tty context, not relabeling tty" msgstr "无法获取新终端的环境,将不重新标记终端" -#: src/selinux.c:223 +#: src/selinux.c:224 msgid "unable to set new tty context" msgstr "无法设置新终端的环境" -#: src/selinux.c:321 -#, c-format -msgid "you must specify a role for type %s" -msgstr "您必须为 %s 类型指定一个角色" - #: src/selinux.c:327 +msgid "failed to get new context" +msgstr "获取新环境失败" + +#: src/selinux.c:345 #, c-format msgid "unable to get default type for role %s" msgstr "无法获取 %s 角色的默认类型" -#: src/selinux.c:339 -msgid "failed to get new context" -msgstr "获取新环境失败" - -#: src/selinux.c:348 +#: src/selinux.c:357 #, c-format msgid "failed to set new role %s" msgstr "设置新角色 %s 失败" -#: src/selinux.c:352 +#: src/selinux.c:361 #, c-format msgid "failed to set new type %s" msgstr "设置新类型 %s 失败" -#: src/selinux.c:364 +#: src/selinux.c:373 #, c-format msgid "%s is not a valid context" msgstr "%s 不是有效的环境" -#: src/selinux.c:396 +#: src/selinux.c:402 msgid "failed to get old context" msgstr "获取旧环境失败" -#: src/selinux.c:402 +#: src/selinux.c:408 msgid "unable to determine enforcing mode." msgstr "无法确定强制模式。" -#: src/selinux.c:419 -#, c-format -msgid "unable to set tty context to %s" -msgstr "无法将终端环境设置为 %s" - #: src/selinux.c:440 #, c-format msgid "unable to set exec context to %s" @@ -699,20 +736,40 @@ msgid "unable to set key creation context to %s" msgstr "无法向 %s 设置键创建环境" -#: src/sesh.c:77 +#: src/sesh.c:72 msgid "requires at least one argument" msgstr "要求至少有一个参数" -#: src/sesh.c:106 +#: src/sesh.c:104 #, c-format msgid "invalid file descriptor number: %s" msgstr "无效的文件描述符数字:%s" -#: src/sesh.c:120 +#: src/sesh.c:118 #, c-format msgid "unable to run %s as a login shell" msgstr "无法以登录 shell 执行 %s" +#: src/sesh.c:200 src/sesh.c:300 src/sudo_edit.c:204 +#, c-format +msgid "%s: editing symbolic links is not permitted" +msgstr "%s:不允许编辑符号链接" + +#: src/sesh.c:203 src/sesh.c:303 src/sudo_edit.c:207 +#, c-format +msgid "%s: editing files in a writable directory is not permitted" +msgstr "%s:不允许编辑可写目录中的文件" + +#: src/sesh.c:287 src/sesh.c:308 src/sesh.c:317 src/sesh.c:325 +#: src/sudo_edit.c:331 +#, c-format +msgid "contents of edit session left in %s" +msgstr "编辑会话的内容留在了 %s 中" + +#: src/sesh.c:416 src/sudo_edit.c:94 +msgid "unable to get group list" +msgstr "无法获取组列表" + #: src/signal.c:79 #, c-format msgid "unable to save handler for signal %d" @@ -761,203 +818,198 @@ msgid "warning, resource control assignment failed for project \"%s\"" msgstr "警告,对项目“%s”的资源控制分配失败" -#: src/sudo.c:220 +#: src/sudo.c:213 #, c-format msgid "Sudo version %s\n" msgstr "Sudo 版本 %s\n" -#: src/sudo.c:222 +#: src/sudo.c:215 #, c-format msgid "Configure options: %s\n" msgstr "当前选项:%s\n" -#: src/sudo.c:231 +#: src/sudo.c:223 msgid "fatal error, unable to load plugins" msgstr "致命错误,无法加载插件" -#: src/sudo.c:277 +#: src/sudo.c:269 msgid "plugin did not return a command to execute" msgstr "插件未返回能执行的命令" -#: src/sudo.c:312 +#: src/sudo.c:302 #, c-format msgid "unexpected sudo mode 0x%x" msgstr "异常的 sudo 模式 0x%x" -#: src/sudo.c:546 +#: src/sudo.c:550 #, c-format msgid "you do not exist in the %s database" msgstr "%s 数据库中没有您" -#: src/sudo.c:603 +#: src/sudo.c:607 msgid "unable to determine tty" msgstr "无法确定终端" -#: src/sudo.c:913 +#: src/sudo.c:948 #, c-format msgid "%s must be owned by uid %d and have the setuid bit set" msgstr "%s 必须属于用户 ID %d(的用户)并且设置 setuid 位" -#: src/sudo.c:916 +#: src/sudo.c:951 #, c-format msgid "effective uid is not %d, is %s on a file system with the 'nosuid' option set or an NFS file system without root privileges?" msgstr "有效用户 ID 不是 %d,%s 位于一个设置了“nosuid”选项的文件系统或没有 root 权限的 NFS 文件系统中吗?" -#: src/sudo.c:922 +#: src/sudo.c:957 #, c-format msgid "effective uid is not %d, is sudo installed setuid root?" msgstr "有效用户 ID 不是 %d,sudo 属于 root 并设置了 setuid 位吗?" -#: src/sudo.c:938 +#: src/sudo.c:973 src/tgetpass.c:333 msgid "unable to set supplementary group IDs" msgstr "无法设置补充组 ID" -#: src/sudo.c:945 +#: src/sudo.c:980 #, c-format msgid "unable to set effective gid to runas gid %u" msgstr "无法设置有效组 ID 来以组 ID %u 运行" -#: src/sudo.c:951 +#: src/sudo.c:986 #, c-format msgid "unable to set gid to runas gid %u" msgstr "无法设置组 ID 来以组 ID %u 运行" -#: src/sudo.c:994 +#: src/sudo.c:1029 #, c-format msgid "unexpected child termination condition: %d" msgstr "异常的子进程终止条件:%d" -#: src/sudo.c:1103 +#: src/sudo.c:1136 msgid "unable to initialize policy plugin" msgstr "无法初始化策略插件" -#: src/sudo.c:1166 +#: src/sudo.c:1198 #, c-format msgid "policy plugin %s is missing the \"check_policy\" method" msgstr "check_policy 方法中缺少策略插件 %s" -#: src/sudo.c:1181 src/sudo.c:1234 src/sudo.c:1278 -msgid "command rejected by policy" -msgstr "命令被策略拒绝" - -#: src/sudo.c:1186 src/sudo.c:1239 src/sudo.c:1283 -msgid "policy plugin error" -msgstr "策略插件错误" - -#: src/sudo.c:1220 +#: src/sudo.c:1244 #, c-format msgid "policy plugin %s does not support listing privileges" msgstr "策略插件 %s 不支持列出权限" -#: src/sudo.c:1264 +#: src/sudo.c:1288 #, c-format msgid "policy plugin %s does not support the -v option" msgstr "策略插件 %s不支持 -v 选项" -#: src/sudo.c:1302 +#: src/sudo.c:1326 #, c-format msgid "policy plugin %s does not support the -k/-K options" msgstr "策略插件 %s 不支持 -k/-K 选项" -#: src/sudo.c:1431 +#: src/sudo.c:1455 #, c-format msgid "error initializing I/O plugin %s" msgstr "初始化 I/O 插件 %s 出错" -#: src/sudo.c:1585 +#: src/sudo.c:1458 +msgid "error initializing I/O plugin" +msgstr "初始化 I/O 插件出错" + +#: src/sudo.c:1607 #, c-format msgid "error initializing audit plugin %s" msgstr "初始化审计插件 %s 出错" -#: src/sudo.c:1763 +#: src/sudo.c:1686 +#, c-format +msgid "%s: unable to log error event%s%s" +msgstr "%s:无法记录错误事件%s%s" + +#: src/sudo.c:1722 +#, c-format +msgid "%s: unable to log accept event%s%s" +msgstr "%s:无法记录接受事件%s%s" + +#: src/sudo.c:1727 src/sudo.c:1765 +msgid "audit plugin error" +msgstr "审计插件错误" + +#: src/sudo.c:1760 +#, c-format +msgid "%s: unable to log reject event%s%s" +msgstr "%s:无法记录拒绝事件%s%s" + +#: src/sudo.c:1820 #, c-format msgid "error initializing approval plugin %s" msgstr "初始化批准插件 %s 出错" -#: src/sudo.c:1839 +#: src/sudo.c:1890 msgid "command rejected by approver" msgstr "命令被批准者拒绝" -#: src/sudo.c:1848 +#: src/sudo.c:1900 msgid "approval plugin error" msgstr "批准插件出错" -#: src/sudo_edit.c:226 +#: src/sudo_edit.c:113 msgid "no writable temporary directory found" msgstr "未找到可写的临时目录" -#: src/sudo_edit.c:351 -msgid "unable to restore current working directory" -msgstr "无法恢复当前工作目录" - -#: src/sudo_edit.c:566 src/sudo_edit.c:666 -#, c-format -msgid "%s: not a regular file" -msgstr "%s:不是常规文件" - -#: src/sudo_edit.c:573 -#, c-format -msgid "%s: editing symbolic links is not permitted" -msgstr "%s:不允许编辑符号链接" - -#: src/sudo_edit.c:576 -#, c-format -msgid "%s: editing files in a writable directory is not permitted" -msgstr "%s:不允许编辑可写目录中的文件" - -#: src/sudo_edit.c:667 +#: src/sudo_edit.c:291 #, c-format msgid "%s left unmodified" msgstr "%s 并未修改" -#: src/sudo_edit.c:680 src/sudo_edit.c:871 +#: src/sudo_edit.c:304 src/sudo_edit.c:571 #, c-format msgid "%s unchanged" -msgstr "%s 已更改" +msgstr "%s 未更改" -#: src/sudo_edit.c:706 src/sudo_edit.c:909 -#, c-format -msgid "contents of edit session left in %s" -msgstr "编辑会话的内容留在了 %s 中" - -#: src/sudo_edit.c:814 +#: src/sudo_edit.c:481 msgid "sesh: internal error: odd number of paths" msgstr "sesh:内部错误:路径数量异常" -#: src/sudo_edit.c:816 +#: src/sudo_edit.c:483 msgid "sesh: unable to create temporary files" msgstr "sesh:无法创建临时文件" -#: src/sudo_edit.c:818 src/sudo_edit.c:902 +#: src/sudo_edit.c:485 src/sudo_edit.c:609 msgid "sesh: killed by a signal" msgstr "sesh:被信号杀死" -#: src/sudo_edit.c:820 src/sudo_edit.c:905 +#: src/sudo_edit.c:487 src/sudo_edit.c:612 #, c-format msgid "sesh: unknown error %d" msgstr "sesh:未知错误 %d" -#: src/sudo_edit.c:895 +#: src/sudo_edit.c:602 msgid "unable to copy temporary files back to their original location" msgstr "无法将临时文件复制回其原位置" -#: src/sudo_edit.c:899 +#: src/sudo_edit.c:606 msgid "unable to copy some of the temporary files back to their original location" msgstr "无法将某些临时文件复制回其原位置" -#: src/sudo_edit.c:943 +#: src/sudo_edit.c:649 #, c-format msgid "unable to change uid to root (%u)" msgstr "无法将用户 ID 切换到 root(%u)" -#: src/sudo_edit.c:960 +#: src/sudo_edit.c:670 msgid "plugin error: missing file list for sudoedit" msgstr "插件错误:缺少 sudoedit 的文件列表" -#: src/sudo_edit.c:1011 src/sudo_edit.c:1024 +#: src/sudo_edit.c:713 src/sudo_edit.c:727 msgid "unable to read the clock" msgstr "无法读取时钟" +#: src/sudo_intercept_common.c:341 +msgid "intercept port not set" +msgstr "未设置侦听端口" + #: src/tgetpass.c:95 msgid "timed out reading password" msgstr "读密码超时" @@ -978,33 +1030,48 @@ msgid "no askpass program specified, try setting SUDO_ASKPASS" msgstr "没有指定 askpass 程序,尝试设置 SUDO_ASKPASS" -#: src/tgetpass.c:327 +#: src/tgetpass.c:328 #, c-format msgid "unable to set gid to %u" msgstr "无法将组 ID 设为 %u" -#: src/tgetpass.c:331 +#: src/tgetpass.c:338 #, c-format msgid "unable to set uid to %u" msgstr "无法将用户 ID 设为 %u" -#: src/tgetpass.c:336 +#: src/tgetpass.c:343 #, c-format msgid "unable to run %s" msgstr "无法执行 %s" -#: src/utmp.c:287 +#: src/utmp.c:288 msgid "unable to save stdin" msgstr "无法保存 stdin" -#: src/utmp.c:289 +#: src/utmp.c:290 msgid "unable to dup2 stdin" msgstr "无法 dup2 stdin" -#: src/utmp.c:292 +#: src/utmp.c:293 msgid "unable to restore stdin" msgstr "无法恢复 stdin" +#~ msgid "%s: missing message header" +#~ msgstr "%s:缺失消息头" + +#~ msgid "%s: expected message type %d, got %d" +#~ msgstr "%s:期望的消息类型是 %d,但得到了 %d" + +#~ msgid "you must specify a role for type %s" +#~ msgstr "您必须为 %s 类型指定一个角色" + +#~ msgid "unable to set tty context to %s" +#~ msgstr "无法将终端环境设置为 %s" + +#~ msgid "%s%s: %s" +#~ msgstr "%s%s:%s" + #~ msgid "ignoring duplicate policy plugin \"%s\" in %s, line %d" #~ msgstr "忽略位于 %2$s 第 %3$d 行的重复策略插件“%1$s”" @@ -1017,9 +1084,6 @@ #~ msgid "no tty present and no askpass program specified" #~ msgstr "没有终端存在,且未指定 askpass 程序" -#~ msgid "unable to get group vector" -#~ msgstr "无法获取组向量" - #~ msgid "unknown uid %u: who are you?" #~ msgstr "未知的用户 ID %u:您是?" Binary files /tmp/tmpi0rdlgnl/ugezXHF7Xt/sudo-1.9.5p2/po/zh_TW.mo and /tmp/tmpi0rdlgnl/jboyaHmwzR/sudo-1.9.9/po/zh_TW.mo differ diff -Nru sudo-1.9.5p2/po/zh_TW.po sudo-1.9.9/po/zh_TW.po --- sudo-1.9.5p2/po/zh_TW.po 2020-12-17 01:33:44.000000000 +0000 +++ sudo-1.9.9/po/zh_TW.po 2022-01-27 21:24:22.000000000 +0000 @@ -2,13 +2,13 @@ # This file is put in the public domain. # # 林博仁 (Buo-ren, Lin) , 2018. -# Yi-Jyun Pan , 2019, 2020. +# Yi-Jyun Pan , 2019, 2020, 2021. msgid "" msgstr "" -"Project-Id-Version: sudo 1.9.3b1\n" +"Project-Id-Version: sudo 1.9.9b1\n" "Report-Msgid-Bugs-To: https://bugzilla.sudo.ws\n" -"POT-Creation-Date: 2020-09-12 08:28-0600\n" -"PO-Revision-Date: 2020-09-16 01:02+0800\n" +"POT-Creation-Date: 2021-12-08 10:19-0700\n" +"PO-Revision-Date: 2021-12-10 18:53+0800\n" "Last-Translator: Yi-Jyun Pan \n" "Language-Team: Chinese (traditional) \n" "Language: zh_TW\n" @@ -17,7 +17,7 @@ "Content-Transfer-Encoding: 8bit\n" "X-Bugs: Report translation errors to the Language-Team address.\n" "Plural-Forms: nplurals=1; plural=0;\n" -"X-Generator: Poedit 2.4\n" +"X-Generator: Poedit 3.0\n" #: lib/util/aix.c:89 lib/util/aix.c:169 msgid "unable to open userdb" @@ -33,87 +33,94 @@ msgstr "無法還原登錄表" #: lib/util/aix.c:272 lib/util/gidlist.c:66 lib/util/gidlist.c:76 -#: lib/util/json.c:54 lib/util/json.c:180 lib/util/sudo_conf.c:186 -#: lib/util/sudo_conf.c:272 lib/util/sudo_conf.c:349 lib/util/sudo_conf.c:575 -#: src/conversation.c:80 src/exec_common.c:106 src/exec_common.c:122 -#: src/exec_common.c:131 src/exec_monitor.c:206 src/exec_monitor.c:455 -#: src/exec_monitor.c:461 src/exec_monitor.c:469 src/exec_monitor.c:477 -#: src/exec_monitor.c:484 src/exec_monitor.c:491 src/exec_monitor.c:498 -#: src/exec_monitor.c:505 src/exec_monitor.c:512 src/exec_monitor.c:519 -#: src/exec_monitor.c:526 src/exec_nopty.c:212 src/exec_nopty.c:221 -#: src/exec_nopty.c:228 src/exec_nopty.c:235 src/exec_nopty.c:242 -#: src/exec_nopty.c:249 src/exec_nopty.c:256 src/exec_nopty.c:263 -#: src/exec_nopty.c:270 src/exec_nopty.c:277 src/exec_nopty.c:284 -#: src/exec_nopty.c:291 src/exec_nopty.c:299 src/exec_nopty.c:473 -#: src/exec_pty.c:827 src/exec_pty.c:836 src/exec_pty.c:893 -#: src/exec_pty.c:1046 src/exec_pty.c:1218 src/exec_pty.c:1227 -#: src/exec_pty.c:1234 src/exec_pty.c:1241 src/exec_pty.c:1248 -#: src/exec_pty.c:1255 src/exec_pty.c:1262 src/exec_pty.c:1269 -#: src/exec_pty.c:1276 src/exec_pty.c:1283 src/exec_pty.c:1290 -#: src/exec_pty.c:1298 src/exec_pty.c:1740 src/load_plugins.c:52 -#: src/load_plugins.c:65 src/load_plugins.c:163 src/load_plugins.c:188 -#: src/load_plugins.c:223 src/load_plugins.c:463 src/load_plugins.c:469 -#: src/parse_args.c:181 src/parse_args.c:202 src/parse_args.c:275 -#: src/parse_args.c:616 src/parse_args.c:638 src/parse_args.c:663 -#: src/preserve_fds.c:46 src/preserve_fds.c:131 src/selinux.c:90 -#: src/selinux.c:360 src/selinux.c:489 src/selinux.c:498 src/sesh.c:115 -#: src/sudo.c:632 src/sudo.c:701 src/sudo.c:711 src/sudo.c:732 src/sudo.c:751 -#: src/sudo.c:760 src/sudo.c:769 src/sudo.c:786 src/sudo.c:828 src/sudo.c:838 -#: src/sudo.c:867 src/sudo.c:1053 src/sudo.c:1075 src/sudo.c:1373 -#: src/sudo.c:1546 src/sudo.c:1740 src/sudo.c:2084 src/sudo_edit.c:263 -#: src/sudo_edit.c:770 src/sudo_edit.c:854 src/sudo_edit.c:976 -#: src/sudo_edit.c:996 +#: lib/util/json.c:54 lib/util/json.c:183 lib/util/sudo_conf.c:218 +#: lib/util/sudo_conf.c:304 lib/util/sudo_conf.c:381 lib/util/sudo_conf.c:665 +#: src/conversation.c:80 src/exec_monitor.c:206 src/exec_monitor.c:456 +#: src/exec_monitor.c:462 src/exec_monitor.c:470 src/exec_monitor.c:478 +#: src/exec_monitor.c:485 src/exec_monitor.c:492 src/exec_monitor.c:499 +#: src/exec_monitor.c:506 src/exec_monitor.c:513 src/exec_monitor.c:520 +#: src/exec_monitor.c:527 src/exec_nopty.c:219 src/exec_nopty.c:228 +#: src/exec_nopty.c:235 src/exec_nopty.c:242 src/exec_nopty.c:249 +#: src/exec_nopty.c:256 src/exec_nopty.c:263 src/exec_nopty.c:270 +#: src/exec_nopty.c:277 src/exec_nopty.c:284 src/exec_nopty.c:291 +#: src/exec_nopty.c:298 src/exec_nopty.c:306 src/exec_nopty.c:503 +#: src/exec_preload.c:143 src/exec_preload.c:204 src/exec_pty.c:840 +#: src/exec_pty.c:849 src/exec_pty.c:906 src/exec_pty.c:1059 +#: src/exec_pty.c:1231 src/exec_pty.c:1240 src/exec_pty.c:1247 +#: src/exec_pty.c:1254 src/exec_pty.c:1261 src/exec_pty.c:1268 +#: src/exec_pty.c:1275 src/exec_pty.c:1282 src/exec_pty.c:1289 +#: src/exec_pty.c:1296 src/exec_pty.c:1303 src/exec_pty.c:1311 +#: src/exec_pty.c:1774 src/load_plugins.c:156 src/load_plugins.c:181 +#: src/load_plugins.c:217 src/load_plugins.c:449 src/load_plugins.c:455 +#: src/parse_args.c:190 src/parse_args.c:211 src/parse_args.c:285 +#: src/parse_args.c:630 src/parse_args.c:652 src/parse_args.c:677 +#: src/preserve_fds.c:46 src/preserve_fds.c:131 src/selinux.c:89 +#: src/selinux.c:369 src/selinux.c:489 src/selinux.c:498 src/sesh.c:113 +#: src/sesh.c:146 src/sesh.c:152 src/sesh.c:159 src/sesh.c:165 src/sesh.c:410 +#: src/sudo.c:636 src/sudo.c:706 src/sudo.c:716 src/sudo.c:741 src/sudo.c:764 +#: src/sudo.c:773 src/sudo.c:782 src/sudo.c:799 src/sudo.c:849 src/sudo.c:859 +#: src/sudo.c:888 src/sudo.c:1087 src/sudo.c:1108 src/sudo.c:1401 +#: src/sudo.c:1570 src/sudo.c:1797 src/sudo.c:2131 src/sudo_edit.c:89 +#: src/sudo_edit.c:149 src/sudo_edit.c:429 src/sudo_edit.c:438 +#: src/sudo_edit.c:539 src/sudo_edit.c:546 src/sudo_edit.c:677 +#: src/sudo_edit.c:697 src/sudo_intercept_common.c:113 +#: src/sudo_intercept_common.c:317 #, c-format msgid "%s: %s" msgstr "%s:%s" #: lib/util/aix.c:272 lib/util/gidlist.c:66 lib/util/json.c:55 -#: lib/util/json.c:181 lib/util/sudo_conf.c:187 lib/util/sudo_conf.c:272 -#: lib/util/sudo_conf.c:349 lib/util/sudo_conf.c:575 src/conversation.c:81 -#: src/exec_common.c:106 src/exec_common.c:123 src/exec_common.c:132 -#: src/exec_monitor.c:455 src/exec_monitor.c:461 src/exec_monitor.c:469 -#: src/exec_monitor.c:477 src/exec_monitor.c:484 src/exec_monitor.c:491 -#: src/exec_monitor.c:498 src/exec_monitor.c:505 src/exec_monitor.c:512 -#: src/exec_monitor.c:519 src/exec_monitor.c:526 src/exec_nopty.c:212 -#: src/exec_nopty.c:221 src/exec_nopty.c:228 src/exec_nopty.c:235 -#: src/exec_nopty.c:242 src/exec_nopty.c:249 src/exec_nopty.c:256 -#: src/exec_nopty.c:263 src/exec_nopty.c:270 src/exec_nopty.c:277 -#: src/exec_nopty.c:284 src/exec_nopty.c:291 src/exec_nopty.c:299 -#: src/exec_pty.c:827 src/exec_pty.c:836 src/exec_pty.c:893 -#: src/exec_pty.c:1218 src/exec_pty.c:1227 src/exec_pty.c:1234 -#: src/exec_pty.c:1241 src/exec_pty.c:1248 src/exec_pty.c:1255 -#: src/exec_pty.c:1262 src/exec_pty.c:1269 src/exec_pty.c:1276 -#: src/exec_pty.c:1283 src/exec_pty.c:1290 src/exec_pty.c:1298 -#: src/exec_pty.c:1740 src/load_plugins.c:163 src/load_plugins.c:188 -#: src/load_plugins.c:223 src/load_plugins.c:463 src/load_plugins.c:469 -#: src/parse_args.c:181 src/parse_args.c:203 src/parse_args.c:275 -#: src/parse_args.c:616 src/parse_args.c:638 src/parse_args.c:663 -#: src/preserve_fds.c:46 src/preserve_fds.c:131 src/selinux.c:90 -#: src/selinux.c:360 src/selinux.c:489 src/selinux.c:498 src/sesh.c:115 -#: src/sudo.c:235 src/sudo.c:632 src/sudo.c:867 src/sudo.c:1053 -#: src/sudo.c:1075 src/sudo.c:1373 src/sudo.c:1546 src/sudo.c:1740 -#: src/sudo.c:2084 src/sudo_edit.c:263 src/sudo_edit.c:770 src/sudo_edit.c:854 -#: src/sudo_edit.c:976 src/sudo_edit.c:996 +#: lib/util/json.c:184 lib/util/sudo_conf.c:219 lib/util/sudo_conf.c:304 +#: lib/util/sudo_conf.c:381 lib/util/sudo_conf.c:665 src/conversation.c:81 +#: src/exec_intercept.c:100 src/exec_intercept.c:330 src/exec_intercept.c:354 +#: src/exec_intercept.c:377 src/exec_intercept.c:385 src/exec_intercept.c:410 +#: src/exec_intercept.c:416 src/exec_intercept.c:425 src/exec_intercept.c:431 +#: src/exec_intercept.c:565 src/exec_intercept.c:706 src/exec_monitor.c:456 +#: src/exec_monitor.c:462 src/exec_monitor.c:470 src/exec_monitor.c:478 +#: src/exec_monitor.c:485 src/exec_monitor.c:492 src/exec_monitor.c:499 +#: src/exec_monitor.c:506 src/exec_monitor.c:513 src/exec_monitor.c:520 +#: src/exec_monitor.c:527 src/exec_nopty.c:219 src/exec_nopty.c:228 +#: src/exec_nopty.c:235 src/exec_nopty.c:242 src/exec_nopty.c:249 +#: src/exec_nopty.c:256 src/exec_nopty.c:263 src/exec_nopty.c:270 +#: src/exec_nopty.c:277 src/exec_nopty.c:284 src/exec_nopty.c:291 +#: src/exec_nopty.c:298 src/exec_nopty.c:306 src/exec_preload.c:143 +#: src/exec_preload.c:204 src/exec_pty.c:840 src/exec_pty.c:849 +#: src/exec_pty.c:906 src/exec_pty.c:1231 src/exec_pty.c:1240 +#: src/exec_pty.c:1247 src/exec_pty.c:1254 src/exec_pty.c:1261 +#: src/exec_pty.c:1268 src/exec_pty.c:1275 src/exec_pty.c:1282 +#: src/exec_pty.c:1289 src/exec_pty.c:1296 src/exec_pty.c:1303 +#: src/exec_pty.c:1311 src/exec_pty.c:1774 src/load_plugins.c:156 +#: src/load_plugins.c:181 src/load_plugins.c:217 src/load_plugins.c:449 +#: src/load_plugins.c:455 src/parse_args.c:190 src/parse_args.c:212 +#: src/parse_args.c:285 src/parse_args.c:630 src/parse_args.c:652 +#: src/parse_args.c:677 src/preserve_fds.c:46 src/preserve_fds.c:131 +#: src/selinux.c:89 src/selinux.c:369 src/selinux.c:489 src/selinux.c:498 +#: src/sesh.c:113 src/sesh.c:411 src/sudo.c:227 src/sudo.c:636 src/sudo.c:888 +#: src/sudo.c:1087 src/sudo.c:1108 src/sudo.c:1401 src/sudo.c:1570 +#: src/sudo.c:1797 src/sudo.c:2131 src/sudo_edit.c:89 src/sudo_edit.c:149 +#: src/sudo_edit.c:429 src/sudo_edit.c:438 src/sudo_edit.c:539 +#: src/sudo_edit.c:546 src/sudo_edit.c:677 src/sudo_edit.c:697 +#: src/sudo_intercept_common.c:113 src/sudo_intercept_common.c:317 msgid "unable to allocate memory" msgstr "無法分配記憶體" -#: lib/util/mkdir_parents.c:69 lib/util/sudo_conf.c:614 src/selinux.c:234 -#: src/selinux.c:264 src/sudo.c:369 +#: lib/util/mkdir_parents.c:68 lib/util/sudo_conf.c:704 src/selinux.c:235 +#: src/selinux.c:265 src/sudo.c:368 src/sudo_edit.c:494 src/sudo_edit.c:559 #, c-format msgid "unable to open %s" msgstr "無法開啟 %s" -#: lib/util/mkdir_parents.c:84 +#: lib/util/mkdir_parents.c:83 #, c-format msgid "unable to mkdir %s" msgstr "無法建立 %s 目錄" -#: lib/util/mkdir_parents.c:93 lib/util/sudo_conf.c:591 +#: lib/util/mkdir_parents.c:92 lib/util/sudo_conf.c:681 src/copy_file.c:150 #, c-format msgid "unable to stat %s" msgstr "無法取得 %s 檔案的資訊" -#: lib/util/mkdir_parents.c:98 +#: lib/util/mkdir_parents.c:97 #, c-format msgid "%s exists but is not a directory (0%o)" msgstr "%s 存在,但不是目錄 (0%o)" @@ -123,7 +130,7 @@ msgstr "訊號未知" #: lib/util/strtoid.c:87 lib/util/strtomode.c:52 lib/util/strtonum.c:148 -#: lib/util/strtonum.c:187 +#: lib/util/strtonum.c:187 src/sesh.c:146 src/sesh.c:159 msgid "invalid value" msgstr "數值無效" @@ -135,110 +142,173 @@ msgid "value too small" msgstr "數值過小" -#: lib/util/sudo_conf.c:205 +#: lib/util/sudo_conf.c:237 #, c-format msgid "invalid Path value \"%s\" in %s, line %u" msgstr "於 %2$s 第 %3$u 行發現無效的 Path 值「%1$s」" -#: lib/util/sudo_conf.c:371 lib/util/sudo_conf.c:387 lib/util/sudo_conf.c:440 +#: lib/util/sudo_conf.c:403 lib/util/sudo_conf.c:419 lib/util/sudo_conf.c:472 #, c-format msgid "invalid value for %s \"%s\" in %s, line %u" msgstr "於 %3$s 中第 %4$u 行發現用於 %1$s 的「%2$s」無效數值" -#: lib/util/sudo_conf.c:408 +#: lib/util/sudo_conf.c:440 #, c-format msgid "unsupported group source \"%s\" in %s, line %u" msgstr "於「%2$s」第 %3$u 行發現不支援的「%1$s」群組來源" -#: lib/util/sudo_conf.c:424 +#: lib/util/sudo_conf.c:456 #, c-format msgid "invalid max groups \"%s\" in %s, line %u" msgstr "於 %2$s 第 %3$u 行發現無效的「%1$s」最大群組" -#: lib/util/sudo_conf.c:594 +#: lib/util/sudo_conf.c:684 #, c-format msgid "%s is not a regular file" msgstr "%s 非一般檔案" -#: lib/util/sudo_conf.c:597 +#: lib/util/sudo_conf.c:687 src/copy_file.c:163 #, c-format msgid "%s is owned by uid %u, should be %u" msgstr "%s 不應由使用者 ID 為 %u 的使用者所擁有,應為 %u" -#: lib/util/sudo_conf.c:601 +#: lib/util/sudo_conf.c:691 #, c-format msgid "%s is world writable" msgstr "%s 允許所有使用者寫入" -#: lib/util/sudo_conf.c:604 +#: lib/util/sudo_conf.c:694 #, c-format msgid "%s is group writable" msgstr "%s 允許群組寫入" -#: src/copy_file.c:91 +#: src/copy_file.c:93 #, c-format msgid "%s: truncate %s to zero bytes? (y/n) [n] " msgstr "%s:將 %s 截斷至 0 位元組?(y/n) [n] " -#: src/copy_file.c:95 +#: src/copy_file.c:97 #, c-format msgid "not overwriting %s" msgstr "不覆寫 %s" -#: src/copy_file.c:117 +#: src/copy_file.c:119 #, c-format msgid "unable to read from %s" msgstr "無法從 %s 讀取" -#: src/copy_file.c:134 src/sudo_edit.c:695 +#: src/copy_file.c:136 src/sudo_edit.c:320 #, c-format msgid "unable to write to %s" msgstr "無法寫入「%s」" -#: src/exec.c:128 +#: src/copy_file.c:154 src/sesh.c:218 src/sudo_edit.c:197 +#, c-format +msgid "%s: not a regular file" +msgstr "%s:非一般檔案" + +#: src/copy_file.c:158 +#, c-format +msgid "%s: bad file mode: 0%o" +msgstr "%s:檔案模式無效:0%o" + +#: src/edit_open.c:331 +msgid "unable to restore current working directory" +msgstr "無法還原目前的工作目錄" + +#: src/exec.c:130 #, c-format msgid "unknown login class %s" msgstr "未知的 %s 登入類別" -#: src/exec.c:140 +#: src/exec.c:142 msgid "unable to set user context" msgstr "無法設定使用者上下文" -#: src/exec.c:156 +#: src/exec.c:158 msgid "unable to set process priority" msgstr "無法設定行程優先層級" -#: src/exec.c:170 +#: src/exec.c:175 #, c-format msgid "unable to change root to %s" msgstr "無法切換根目錄至 %s" -#: src/exec.c:183 src/exec.c:189 src/exec.c:196 +#: src/exec.c:188 src/exec.c:194 src/exec.c:201 #, c-format msgid "unable to change to runas uid (%u, %u)" msgstr "無法變更至 runas 使用者 ID (%u, %u)" -#: src/exec.c:214 +#: src/exec.c:219 #, c-format msgid "unable to change directory to %s" msgstr "無法變更目錄至 %s" -#: src/exec.c:218 +#: src/exec.c:223 #, c-format msgid "starting from %s" msgstr "從 %s 啟動" -#: src/exec.c:300 src/exec_monitor.c:564 src/exec_monitor.c:566 -#: src/exec_nopty.c:531 src/exec_pty.c:568 src/exec_pty.c:1386 -#: src/exec_pty.c:1388 src/signal.c:139 src/signal.c:153 +#: src/exec.c:305 src/exec_monitor.c:565 src/exec_monitor.c:567 +#: src/exec_nopty.c:561 src/exec_pty.c:581 src/exec_pty.c:1411 +#: src/exec_pty.c:1413 src/signal.c:144 src/signal.c:151 src/signal.c:165 #, c-format msgid "unable to set handler for signal %d" msgstr "無法設定用於處理 %d 訊號的程式" -#: src/exec_common.c:165 +#: src/exec_common.c:56 msgid "unable to remove PRIV_PROC_EXEC from PRIV_LIMIT" msgstr "無法自 PRIV_LIMIT 移除 PRIV_PROC_EXEC" +#: src/exec_intercept.c:112 src/exec_intercept.c:116 src/exec_intercept.c:667 +#: src/exec_intercept.c:671 src/exec_intercept.c:857 src/exec_intercept.c:861 +#: src/exec_intercept.c:872 src/exec_intercept.c:876 src/exec_monitor.c:464 +#: src/exec_monitor.c:472 src/exec_monitor.c:480 src/exec_monitor.c:487 +#: src/exec_monitor.c:494 src/exec_monitor.c:501 src/exec_monitor.c:508 +#: src/exec_monitor.c:515 src/exec_monitor.c:522 src/exec_monitor.c:529 +#: src/exec_nopty.c:221 src/exec_nopty.c:230 src/exec_nopty.c:237 +#: src/exec_nopty.c:244 src/exec_nopty.c:251 src/exec_nopty.c:258 +#: src/exec_nopty.c:265 src/exec_nopty.c:272 src/exec_nopty.c:279 +#: src/exec_nopty.c:286 src/exec_nopty.c:293 src/exec_nopty.c:300 +#: src/exec_nopty.c:308 src/exec_pty.c:706 src/exec_pty.c:711 +#: src/exec_pty.c:808 src/exec_pty.c:815 src/exec_pty.c:912 +#: src/exec_pty.c:1233 src/exec_pty.c:1242 src/exec_pty.c:1249 +#: src/exec_pty.c:1256 src/exec_pty.c:1263 src/exec_pty.c:1270 +#: src/exec_pty.c:1277 src/exec_pty.c:1284 src/exec_pty.c:1291 +#: src/exec_pty.c:1298 src/exec_pty.c:1305 src/exec_pty.c:1727 +#: src/exec_pty.c:1737 src/exec_pty.c:1782 src/exec_pty.c:1789 +#: src/exec_pty.c:1816 +msgid "unable to add event to queue" +msgstr "無法新增事件至佇列中" + +#: src/exec_intercept.c:314 +msgid "invalid PolicyCheckRequest" +msgstr "無效的 PolicyCheckRequest" + +#: src/exec_intercept.c:362 src/sudo.c:1213 src/sudo.c:1258 src/sudo.c:1302 +msgid "command rejected by policy" +msgstr "命令被策略拒絕" + +#: src/exec_intercept.c:455 src/sudo.c:1218 src/sudo.c:1263 src/sudo.c:1307 +#: src/sudo.c:1381 +msgid "policy plugin error" +msgstr "策略外掛程式發生錯誤" + +#: src/exec_intercept.c:561 +#, c-format +msgid "client request too large: %zu" +msgstr "用戶端請求過長:%zu" + +#: src/exec_intercept.c:659 +#, c-format +msgid "unexpected type_case value %d in %s from %s" +msgstr "從 %3$s 收到的 %2$s 中有個非預期的 type_case 數值 %1$d" + +#: src/exec_intercept.c:694 +#, c-format +msgid "server message too large: %zu" +msgstr "伺服器訊息過長:%zu" + #: src/exec_monitor.c:360 msgid "error reading from socketpair" msgstr "自 socketpair 讀取資料時發生錯誤" @@ -248,203 +318,180 @@ msgid "unexpected reply type on backchannel: %d" msgstr "未預期的 backchannel 回應類型:%d" -#: src/exec_monitor.c:463 src/exec_monitor.c:471 src/exec_monitor.c:479 -#: src/exec_monitor.c:486 src/exec_monitor.c:493 src/exec_monitor.c:500 -#: src/exec_monitor.c:507 src/exec_monitor.c:514 src/exec_monitor.c:521 -#: src/exec_monitor.c:528 src/exec_nopty.c:214 src/exec_nopty.c:223 -#: src/exec_nopty.c:230 src/exec_nopty.c:237 src/exec_nopty.c:244 -#: src/exec_nopty.c:251 src/exec_nopty.c:258 src/exec_nopty.c:265 -#: src/exec_nopty.c:272 src/exec_nopty.c:279 src/exec_nopty.c:286 -#: src/exec_nopty.c:293 src/exec_nopty.c:301 src/exec_pty.c:693 -#: src/exec_pty.c:698 src/exec_pty.c:795 src/exec_pty.c:802 src/exec_pty.c:899 -#: src/exec_pty.c:1220 src/exec_pty.c:1229 src/exec_pty.c:1236 -#: src/exec_pty.c:1243 src/exec_pty.c:1250 src/exec_pty.c:1257 -#: src/exec_pty.c:1264 src/exec_pty.c:1271 src/exec_pty.c:1278 -#: src/exec_pty.c:1285 src/exec_pty.c:1292 src/exec_pty.c:1693 -#: src/exec_pty.c:1703 src/exec_pty.c:1748 src/exec_pty.c:1755 -#: src/exec_pty.c:1782 -msgid "unable to add event to queue" -msgstr "無法新增事件至佇列中" - -#: src/exec_monitor.c:582 +#: src/exec_monitor.c:583 msgid "unable to set controlling tty" msgstr "無法設定控制終端" -#: src/exec_monitor.c:590 src/exec_nopty.c:358 src/exec_pty.c:1465 -#: src/exec_pty.c:1486 src/exec_pty.c:1506 src/tgetpass.c:306 +#: src/exec_monitor.c:591 src/exec_nopty.c:369 src/exec_pty.c:1490 +#: src/exec_pty.c:1511 src/exec_pty.c:1531 src/tgetpass.c:307 msgid "unable to create pipe" msgstr "無法建立管線" -#: src/exec_monitor.c:598 +#: src/exec_monitor.c:601 msgid "unable to receive message from parent" msgstr "無法自上層接收訊息" -#: src/exec_monitor.c:612 src/exec_nopty.c:387 src/exec_pty.c:1544 -#: src/sudo_edit.c:735 src/tgetpass.c:310 +#: src/exec_monitor.c:617 src/exec_nopty.c:407 src/exec_pty.c:1569 +#: src/sudo_edit.c:361 src/tgetpass.c:311 msgid "unable to fork" msgstr "無法複製 (fork) 出新行程" -#: src/exec_monitor.c:616 src/exec_monitor.c:715 src/exec_nopty.c:441 +#: src/exec_monitor.c:621 src/exec_monitor.c:722 src/exec_nopty.c:471 msgid "unable to restore tty label" msgstr "無法還原終端標籤 (tty label)" -#: src/exec_monitor.c:632 src/sesh.c:125 src/sudo.c:1131 +#: src/exec_monitor.c:637 src/sesh.c:123 src/sudo.c:1164 #, c-format msgid "unable to execute %s" msgstr "無法執行 %s" -#: src/exec_nopty.c:352 src/exec_pty.c:1395 +#: src/exec_nopty.c:363 src/exec_pty.c:1420 msgid "policy plugin failed session initialization" msgstr "政策外掛程式初始化工作階段失敗" -#: src/exec_nopty.c:429 src/exec_pty.c:1632 +#: src/exec_nopty.c:377 src/exec_pty.c:1391 src/exec_pty.c:1399 +msgid "unable to create sockets" +msgstr "無法建立 socket 檔案" + +#: src/exec_nopty.c:459 src/exec_pty.c:1666 msgid "error in event loop" msgstr "在事件處理迴圈中發生錯誤" -#: src/exec_nopty.c:539 src/exec_pty.c:606 src/signal.c:101 +#: src/exec_nopty.c:569 src/exec_pty.c:619 src/signal.c:101 #, c-format msgid "unable to restore handler for signal %d" msgstr "無法還原用於處理 %d 訊號的程序" -#: src/exec_pty.c:152 +#: src/exec_pty.c:158 msgid "unable to allocate pty" msgstr "無法分配虛擬終端機" -#: src/exec_pty.c:216 src/exec_pty.c:255 src/exec_pty.c:294 src/exec_pty.c:344 -#: src/exec_pty.c:394 +#: src/exec_pty.c:222 src/exec_pty.c:262 src/exec_pty.c:302 src/exec_pty.c:353 +#: src/exec_pty.c:404 msgid "I/O plugin error" msgstr "I/O 外掛程式錯誤" -#: src/exec_pty.c:219 src/exec_pty.c:258 src/exec_pty.c:297 src/exec_pty.c:347 -#: src/exec_pty.c:397 +#: src/exec_pty.c:226 src/exec_pty.c:266 src/exec_pty.c:306 src/exec_pty.c:357 +#: src/exec_pty.c:408 msgid "command rejected by I/O plugin" msgstr "命令被 I/O 外掛程式拒絕" -#: src/exec_pty.c:444 +#: src/exec_pty.c:455 msgid "error logging suspend" msgstr "記錄暫停時發生錯誤" -#: src/exec_pty.c:477 +#: src/exec_pty.c:489 msgid "error changing window size" msgstr "變更視窗大小時發生錯誤" -#: src/exec_pty.c:1375 -msgid "unable to create sockets" -msgstr "無法建立 socket 檔案" - -#: src/exec_pty.c:1587 +#: src/exec_pty.c:1615 msgid "unable to send message to monitor process" msgstr "無法傳送訊息至監控程序" -#: src/load_plugins.c:50 src/load_plugins.c:63 src/load_plugins.c:85 -#: src/load_plugins.c:115 src/load_plugins.c:129 src/load_plugins.c:135 -#: src/load_plugins.c:287 src/load_plugins.c:297 src/load_plugins.c:307 -#: src/load_plugins.c:354 +#: src/load_plugins.c:108 src/load_plugins.c:122 src/load_plugins.c:128 +#: src/load_plugins.c:277 src/load_plugins.c:287 src/load_plugins.c:297 +#: src/load_plugins.c:344 #, c-format msgid "error in %s, line %d while loading plugin \"%s\"" msgstr "載入「%3$s」外掛程式時,發現 %1$s 中的第 %2$d 行有錯誤" -#: src/load_plugins.c:87 -#, c-format -msgid "%s%s: %s" -msgstr "%s%s: %s" - -#: src/load_plugins.c:131 +#: src/load_plugins.c:124 #, c-format msgid "%s must be owned by uid %d" msgstr "%s 必須由使用者 ID 為 %d 的使用者所擁有" -#: src/load_plugins.c:137 +#: src/load_plugins.c:130 #, c-format msgid "%s must be only be writable by owner" msgstr "%s 必須只能被其所有者可寫" -#: src/load_plugins.c:247 src/load_plugins.c:322 +#: src/load_plugins.c:241 src/load_plugins.c:312 #, c-format msgid "ignoring duplicate plugin \"%s\" in %s, line %d" msgstr "忽略第 %3$d 行 %2$s 中的重複外掛程式「%1$s」" -#: src/load_plugins.c:289 +#: src/load_plugins.c:279 #, c-format msgid "unable to load %s: %s" msgstr "無法載入 %s:%s" -#: src/load_plugins.c:299 +#: src/load_plugins.c:289 #, c-format msgid "unable to find symbol \"%s\" in %s" msgstr "無法在 %s 中找到「%s」符號" -#: src/load_plugins.c:309 +#: src/load_plugins.c:299 #, c-format msgid "incompatible plugin major version %d (expected %d) found in %s" msgstr "在 %3$s 中發現不相容的外掛程式主版本號 %1$d(預期應為 %2$d)" -#: src/load_plugins.c:327 +#: src/load_plugins.c:317 #, c-format msgid "ignoring policy plugin \"%s\" in %s, line %d" msgstr "無視 %2$s 中第 %3$d 行的「%1$s」sudo 政策外掛程式" -#: src/load_plugins.c:330 +#: src/load_plugins.c:320 msgid "only a single policy plugin may be specified" msgstr "只能指定一個 Sudo 政策外掛程式" -#: src/load_plugins.c:356 +#: src/load_plugins.c:346 #, c-format msgid "unknown plugin type %d found in %s" msgstr "在 %2$s 發現未知的外掛程式類型 %1$d" -#: src/load_plugins.c:552 +#: src/load_plugins.c:529 #, c-format msgid "policy plugin %s does not include a check_policy method" msgstr "%s 政策外掛程式未包含 check_policy 方法" -#: src/net_ifs.c:178 src/net_ifs.c:195 src/net_ifs.c:340 src/sudo.c:479 +#: src/net_ifs.c:210 src/net_ifs.c:376 src/net_ifs.c:437 src/net_ifs.c:624 +#: src/net_ifs.c:855 src/sudo.c:483 src/sudo_edit.c:398 src/sudo_edit.c:406 #, c-format msgid "internal error, %s overflow" msgstr "內部錯誤,%s 溢位" -#: src/parse_args.c:223 +#: src/parse_args.c:232 #, c-format msgid "invalid environment variable name: %s" msgstr "無效的環境變數名稱:%s" -#: src/parse_args.c:325 +#: src/parse_args.c:335 msgid "the argument to -C must be a number greater than or equal to 3" msgstr "傳入 -C 的參數數字應該要等於或大於 3" -#: src/parse_args.c:552 +#: src/parse_args.c:566 msgid "you may not specify both the -i and -s options" msgstr "不能同時指定 -i 跟 -s 指令列選項" -#: src/parse_args.c:557 +#: src/parse_args.c:571 msgid "you may not specify both the -i and -E options" msgstr "不能同時指定 -i 跟 -E 指令列選項" -#: src/parse_args.c:567 +#: src/parse_args.c:581 msgid "the -E option is not valid in edit mode" msgstr "-E 指令列選項在編輯模式中無效" -#: src/parse_args.c:570 +#: src/parse_args.c:584 msgid "you may not specify environment variables in edit mode" msgstr "不能在編輯模式中指定環境變數" -#: src/parse_args.c:580 +#: src/parse_args.c:594 msgid "the -U option may only be used with the -l option" msgstr "-U 指令列選項只能跟 -l 選項一起使用" -#: src/parse_args.c:584 +#: src/parse_args.c:598 msgid "the -A and -S options may not be used together" msgstr "不能同時使用 -A 跟 -S 指令列選項" -#: src/parse_args.c:677 +#: src/parse_args.c:691 msgid "sudoedit is not supported on this platform" msgstr "此平台不支援 sudoedit" -#: src/parse_args.c:759 +#: src/parse_args.c:774 msgid "Only one of the -e, -h, -i, -K, -l, -s, -v or -V options may be specified" msgstr "只能指定以下指令列選項之一:-e、-h、-i、-K、-l、-s、-v、-V" -#: src/parse_args.c:773 +#: src/parse_args.c:790 #, c-format msgid "" "%s - edit files as another user\n" @@ -453,7 +500,7 @@ "%s - 以另一個使用者的身份編輯檔案\n" "\n" -#: src/parse_args.c:775 +#: src/parse_args.c:792 #, c-format msgid "" "%s - execute a command as another user\n" @@ -462,7 +509,7 @@ "%s - 以另一個使用者的身份執行指令\n" "\n" -#: src/parse_args.c:780 +#: src/parse_args.c:798 msgid "" "\n" "Options:\n" @@ -470,225 +517,215 @@ "\n" "指令列選項:\n" -#: src/parse_args.c:782 +#: src/parse_args.c:800 msgid "use a helper program for password prompting" msgstr "使用助手程式詢問密碼" -#: src/parse_args.c:785 +#: src/parse_args.c:803 msgid "use specified BSD authentication type" msgstr "使用指定的 BSD 身份驗證類型" -#: src/parse_args.c:788 +#: src/parse_args.c:807 msgid "run command in the background" msgstr "在背景中執行指令" -#: src/parse_args.c:790 +#: src/parse_args.c:810 msgid "ring bell when prompting" msgstr "提示時響鈴" -#: src/parse_args.c:792 +#: src/parse_args.c:812 msgid "close all file descriptors >= num" msgstr "關閉所有 >= num 的檔案描述元" -#: src/parse_args.c:795 +#: src/parse_args.c:815 msgid "run command with the specified BSD login class" msgstr "以指定的 BSD 登入類型執行指令" -#: src/parse_args.c:798 +#: src/parse_args.c:818 msgid "change the working directory before running command" msgstr "執行命令前,先變更工作目錄" -#: src/parse_args.c:800 +#: src/parse_args.c:821 msgid "preserve user environment when running command" msgstr "在執行指令時保留使用者的環境" -#: src/parse_args.c:802 +#: src/parse_args.c:823 msgid "preserve specific environment variables" msgstr "保留指定的環境變數" -#: src/parse_args.c:804 +#: src/parse_args.c:825 msgid "edit files instead of running a command" msgstr "編輯檔案而非執行指令" -#: src/parse_args.c:806 +#: src/parse_args.c:828 msgid "run command as the specified group name or ID" msgstr "以指定的群組名稱或 ID 執行指令" -#: src/parse_args.c:808 +#: src/parse_args.c:831 msgid "set HOME variable to target user's home dir" msgstr "設定 HOME 環境變數為目標使用者的家目錄" -#: src/parse_args.c:810 +#: src/parse_args.c:834 msgid "display help message and exit" msgstr "顯示說明訊息並退出" -#: src/parse_args.c:812 +#: src/parse_args.c:836 msgid "run command on host (if supported by plugin)" msgstr "在指定的主機上執行指令(若外掛程式支援)" -#: src/parse_args.c:814 +#: src/parse_args.c:839 msgid "run login shell as the target user; a command may also be specified" msgstr "以目標使用者的身份執行登入 shell;亦可同時指定一個指令" -#: src/parse_args.c:816 +#: src/parse_args.c:841 msgid "remove timestamp file completely" msgstr "完全地移除時間戳記檔案" -#: src/parse_args.c:818 +#: src/parse_args.c:844 msgid "invalidate timestamp file" msgstr "使時間戳檔案無效化" -#: src/parse_args.c:820 +#: src/parse_args.c:847 msgid "list user's privileges or check a specific command; use twice for longer format" msgstr "列出使用者的權限或是檢查特定的指令;指定兩次以用更長的格式輸出" -#: src/parse_args.c:822 +#: src/parse_args.c:850 msgid "non-interactive mode, no prompts are used" msgstr "非互動式模式,不使用任何提示文字" -#: src/parse_args.c:824 +#: src/parse_args.c:853 msgid "preserve group vector instead of setting to target's" msgstr "保留目前的群組集合而非設定為目標的群組集合" -#: src/parse_args.c:826 +#: src/parse_args.c:856 msgid "use the specified password prompt" msgstr "使用指定的密碼提示文字" -#: src/parse_args.c:828 +#: src/parse_args.c:858 msgid "change the root directory before running command" msgstr "執行命令前,先變更根目錄" -#: src/parse_args.c:831 +#: src/parse_args.c:861 msgid "create SELinux security context with specified role" msgstr "使用指定的角色建立 SELinux 安全上下文" -#: src/parse_args.c:834 +#: src/parse_args.c:864 msgid "read password from standard input" msgstr "自標準輸入讀取密碼" -#: src/parse_args.c:836 +#: src/parse_args.c:867 msgid "run shell as the target user; a command may also be specified" msgstr "以目標使用者的身份執行 shell;一個指令亦可同時被指定" -#: src/parse_args.c:839 +#: src/parse_args.c:871 msgid "create SELinux security context with specified type" msgstr "使用指定的類型建立 SELinux 安全上下文" -#: src/parse_args.c:842 +#: src/parse_args.c:874 msgid "terminate command after the specified time limit" msgstr "在指定的時間限制過後中止指令" -#: src/parse_args.c:844 +#: src/parse_args.c:877 msgid "in list mode, display privileges for user" msgstr "在清單模式中顯示使用者的權限" -#: src/parse_args.c:846 +#: src/parse_args.c:880 msgid "run command (or edit file) as specified user name or ID" msgstr "以指定的使用者名稱或 ID 來執行指令(或編輯檔案)" -#: src/parse_args.c:848 +#: src/parse_args.c:882 msgid "display version information and exit" msgstr "顯示版本資訊並離開" -#: src/parse_args.c:850 +#: src/parse_args.c:885 msgid "update user's timestamp without running a command" msgstr "更新使用者時間戳記而不執行指令" -#: src/parse_args.c:852 +#: src/parse_args.c:888 msgid "stop processing command line arguments" msgstr "停止處理指令列引數" -#: src/selinux.c:84 +#: src/selinux.c:83 msgid "unable to open audit system" msgstr "無法開啟稽核系統" -#: src/selinux.c:94 +#: src/selinux.c:93 msgid "unable to send audit message" msgstr "無法傳送稽核訊息" -#: src/selinux.c:128 +#: src/selinux.c:129 #, c-format msgid "unable to fgetfilecon %s" msgstr "無法對 %s 進行 fgetfilecon" -#: src/selinux.c:133 +#: src/selinux.c:134 #, c-format msgid "%s changed labels" msgstr "%s 個變更的標籤" -#: src/selinux.c:141 +#: src/selinux.c:142 #, c-format msgid "unable to restore context for %s" msgstr "無法還原「%s」的 SELinux 上下文" -#: src/selinux.c:189 +#: src/selinux.c:190 #, c-format msgid "unable to open %s, not relabeling tty" msgstr "無法開啟 %s,將不重加終端機的標籤" -#: src/selinux.c:193 src/selinux.c:238 src/selinux.c:268 +#: src/selinux.c:194 src/selinux.c:239 src/selinux.c:269 #, c-format msgid "%s is not a character device, not relabeling tty" msgstr "%s 不是一個字元裝置,將不重加終端機的標籤" -#: src/selinux.c:202 +#: src/selinux.c:203 msgid "unable to get current tty context, not relabeling tty" msgstr "無法取得目前的終端機內文,將不重加終端機的標籤" -#: src/selinux.c:209 +#: src/selinux.c:210 msgid "unknown security class \"chr_file\", not relabeling tty" msgstr "未知的安全類別「chr_file」,將不重加終端機的標籤" -#: src/selinux.c:214 +#: src/selinux.c:215 msgid "unable to get new tty context, not relabeling tty" msgstr "無法取得新的終端機上下文,將不重加終端機的標籤" -#: src/selinux.c:223 +#: src/selinux.c:224 msgid "unable to set new tty context" msgstr "無法設定新的終端機上下文" -#: src/selinux.c:321 -#, c-format -msgid "you must specify a role for type %s" -msgstr "你必須對 %s 類別指定一個角色" - #: src/selinux.c:327 +msgid "failed to get new context" +msgstr "無法取得新上下文" + +#: src/selinux.c:345 #, c-format msgid "unable to get default type for role %s" msgstr "無法取得 %s 角色的預設分類" -#: src/selinux.c:339 -msgid "failed to get new context" -msgstr "無法取得新上下文" - -#: src/selinux.c:348 +#: src/selinux.c:357 #, c-format msgid "failed to set new role %s" msgstr "無法設定新的角色 %s" -#: src/selinux.c:352 +#: src/selinux.c:361 #, c-format msgid "failed to set new type %s" msgstr "無法設定新的類別 %s" -#: src/selinux.c:364 +#: src/selinux.c:373 #, c-format msgid "%s is not a valid context" msgstr "%s 不是有效的 SELinux 上下文" -#: src/selinux.c:396 +#: src/selinux.c:402 msgid "failed to get old context" msgstr "無法取得舊上下文" -#: src/selinux.c:402 +#: src/selinux.c:408 msgid "unable to determine enforcing mode." msgstr "無法判斷 SELinux 行使模式。" -#: src/selinux.c:419 -#, c-format -msgid "unable to set tty context to %s" -msgstr "無法設定 tty 上下文為 %s" - #: src/selinux.c:440 #, c-format msgid "unable to set exec context to %s" @@ -699,20 +736,40 @@ msgid "unable to set key creation context to %s" msgstr "無法設定金鑰建立上下文為 %s" -#: src/sesh.c:77 +#: src/sesh.c:72 msgid "requires at least one argument" msgstr "至少需要至少一個指令列引數" -#: src/sesh.c:106 +#: src/sesh.c:104 #, c-format msgid "invalid file descriptor number: %s" msgstr "無效的檔案描述元:%s" -#: src/sesh.c:120 +#: src/sesh.c:118 #, c-format msgid "unable to run %s as a login shell" msgstr "無法以登入 shell 執行 %s" +#: src/sesh.c:200 src/sesh.c:300 src/sudo_edit.c:204 +#, c-format +msgid "%s: editing symbolic links is not permitted" +msgstr "%s:不允許編輯符號連結" + +#: src/sesh.c:203 src/sesh.c:303 src/sudo_edit.c:207 +#, c-format +msgid "%s: editing files in a writable directory is not permitted" +msgstr "%s:不允許在可寫目錄編輯檔案" + +#: src/sesh.c:287 src/sesh.c:308 src/sesh.c:317 src/sesh.c:325 +#: src/sudo_edit.c:331 +#, c-format +msgid "contents of edit session left in %s" +msgstr "編輯階段的內容被留在 %s" + +#: src/sesh.c:416 src/sudo_edit.c:94 +msgid "unable to get group list" +msgstr "無法取得群組清單" + #: src/signal.c:79 #, c-format msgid "unable to save handler for signal %d" @@ -761,203 +818,198 @@ msgid "warning, resource control assignment failed for project \"%s\"" msgstr "警告:對專案「%s」執行資源控制指派失敗" -#: src/sudo.c:220 +#: src/sudo.c:213 #, c-format msgid "Sudo version %s\n" msgstr "Sudo 版本 %s\n" -#: src/sudo.c:222 +#: src/sudo.c:215 #, c-format msgid "Configure options: %s\n" msgstr "設定選項:%s\n" -#: src/sudo.c:231 +#: src/sudo.c:223 msgid "fatal error, unable to load plugins" msgstr "致命錯誤:無法載入外掛程式" -#: src/sudo.c:277 +#: src/sudo.c:269 msgid "plugin did not return a command to execute" msgstr "外掛程式沒有回傳要執行的指令" -#: src/sudo.c:312 +#: src/sudo.c:302 #, c-format msgid "unexpected sudo mode 0x%x" msgstr "未預期的 0x%x sudo 模式" -#: src/sudo.c:546 +#: src/sudo.c:550 #, c-format msgid "you do not exist in the %s database" msgstr "您不在 %s 資料庫中" -#: src/sudo.c:603 +#: src/sudo.c:607 msgid "unable to determine tty" msgstr "無法判斷終端機" -#: src/sudo.c:913 +#: src/sudo.c:948 #, c-format msgid "%s must be owned by uid %d and have the setuid bit set" msgstr "%s 必須由使用者 ID 為 %d 的使用者所擁有,且必須設定 setuid 位元" -#: src/sudo.c:916 +#: src/sudo.c:951 #, c-format msgid "effective uid is not %d, is %s on a file system with the 'nosuid' option set or an NFS file system without root privileges?" msgstr "有效的使用者 ID 不是 %d,請問「%s」是存在於設定「nosuid」掛載選項的檔案系統中,還是存在於沒有 root 權限的 NFS 檔案系統?" -#: src/sudo.c:922 +#: src/sudo.c:957 #, c-format msgid "effective uid is not %d, is sudo installed setuid root?" msgstr "有效的使用者 ID 不是 %d,sudo 是否已經安裝 setuid root?" -#: src/sudo.c:938 +#: src/sudo.c:973 src/tgetpass.c:333 msgid "unable to set supplementary group IDs" msgstr "無法設定增補群組 ID" -#: src/sudo.c:945 +#: src/sudo.c:980 #, c-format msgid "unable to set effective gid to runas gid %u" msgstr "無法將有效群組 ID 設定為 runas 群組 ID %u" -#: src/sudo.c:951 +#: src/sudo.c:986 #, c-format msgid "unable to set gid to runas gid %u" msgstr "無法將群組 ID 設定為 runas 群組 ID %u" -#: src/sudo.c:994 +#: src/sudo.c:1029 #, c-format msgid "unexpected child termination condition: %d" msgstr "未預期之子行程中止狀況:%d" -#: src/sudo.c:1103 +#: src/sudo.c:1136 msgid "unable to initialize policy plugin" msgstr "無法初始化 Sudo 政策外掛程式" -#: src/sudo.c:1166 +#: src/sudo.c:1198 #, c-format msgid "policy plugin %s is missing the \"check_policy\" method" msgstr "%s 政策外掛程式缺少 \"check_policy\" 方法" -#: src/sudo.c:1181 src/sudo.c:1234 src/sudo.c:1278 -msgid "command rejected by policy" -msgstr "命令被策略拒絕" - -#: src/sudo.c:1186 src/sudo.c:1239 src/sudo.c:1283 -msgid "policy plugin error" -msgstr "策略外掛程式發生錯誤" - -#: src/sudo.c:1220 +#: src/sudo.c:1244 #, c-format msgid "policy plugin %s does not support listing privileges" msgstr "%s 政策外掛程式不支援權限" -#: src/sudo.c:1264 +#: src/sudo.c:1288 #, c-format msgid "policy plugin %s does not support the -v option" msgstr "%s 政策外掛程式不支援 -v 指令列選項" -#: src/sudo.c:1302 +#: src/sudo.c:1326 #, c-format msgid "policy plugin %s does not support the -k/-K options" msgstr "%s 政策外掛程式不支援 -k/-K 指令列選項" -#: src/sudo.c:1431 +#: src/sudo.c:1455 #, c-format msgid "error initializing I/O plugin %s" msgstr "初始化「%s」I/O 外掛程式時發生錯誤" -#: src/sudo.c:1585 +#: src/sudo.c:1458 +msgid "error initializing I/O plugin" +msgstr "初始化 I/O 外掛程式時發生錯誤" + +#: src/sudo.c:1607 #, c-format msgid "error initializing audit plugin %s" msgstr "初始化稽核外掛程式 %s 時發生錯誤" -#: src/sudo.c:1763 +#: src/sudo.c:1686 +#, c-format +msgid "%s: unable to log error event%s%s" +msgstr "%s:無法記錄錯誤事件%s%s" + +#: src/sudo.c:1722 +#, c-format +msgid "%s: unable to log accept event%s%s" +msgstr "%s:無法記錄接受事件%s%s" + +#: src/sudo.c:1727 src/sudo.c:1765 +msgid "audit plugin error" +msgstr "稽核外掛程式發生錯誤" + +#: src/sudo.c:1760 +#, c-format +msgid "%s: unable to log reject event%s%s" +msgstr "%s:無法記錄拒絕事件%s%s" + +#: src/sudo.c:1820 #, c-format msgid "error initializing approval plugin %s" msgstr "初始化核准外掛程式 %s 時發生錯誤" -#: src/sudo.c:1839 +#: src/sudo.c:1890 msgid "command rejected by approver" msgstr "命令被核准人拒絕" -#: src/sudo.c:1848 +#: src/sudo.c:1900 msgid "approval plugin error" msgstr "核准外掛程式發生錯誤" -#: src/sudo_edit.c:226 +#: src/sudo_edit.c:113 msgid "no writable temporary directory found" msgstr "沒有找到可寫入的暫存目錄" -#: src/sudo_edit.c:351 -msgid "unable to restore current working directory" -msgstr "無法還原目前的工作目錄" - -#: src/sudo_edit.c:566 src/sudo_edit.c:666 -#, c-format -msgid "%s: not a regular file" -msgstr "%s:非一般檔案" - -#: src/sudo_edit.c:573 -#, c-format -msgid "%s: editing symbolic links is not permitted" -msgstr "%s:不允許編輯符號連結" - -#: src/sudo_edit.c:576 -#, c-format -msgid "%s: editing files in a writable directory is not permitted" -msgstr "%s:不允許在可寫目錄編輯檔案" - -#: src/sudo_edit.c:667 +#: src/sudo_edit.c:291 #, c-format msgid "%s left unmodified" msgstr "%s 保持未變更狀態" -#: src/sudo_edit.c:680 src/sudo_edit.c:871 +#: src/sudo_edit.c:304 src/sudo_edit.c:571 #, c-format msgid "%s unchanged" msgstr "%s 未變更" -#: src/sudo_edit.c:706 src/sudo_edit.c:909 -#, c-format -msgid "contents of edit session left in %s" -msgstr "編輯階段的內容被留在 %s" - -#: src/sudo_edit.c:814 +#: src/sudo_edit.c:481 msgid "sesh: internal error: odd number of paths" msgstr "sesh:內部錯誤:只有奇數個路徑" -#: src/sudo_edit.c:816 +#: src/sudo_edit.c:483 msgid "sesh: unable to create temporary files" msgstr "sesh:無法建立暫存檔案" -#: src/sudo_edit.c:818 src/sudo_edit.c:902 +#: src/sudo_edit.c:485 src/sudo_edit.c:609 msgid "sesh: killed by a signal" msgstr "sesh:被信號中止" -#: src/sudo_edit.c:820 src/sudo_edit.c:905 +#: src/sudo_edit.c:487 src/sudo_edit.c:612 #, c-format msgid "sesh: unknown error %d" msgstr "sesh:未知錯誤代碼 %d" -#: src/sudo_edit.c:895 +#: src/sudo_edit.c:602 msgid "unable to copy temporary files back to their original location" msgstr "無法將暫存檔複製回暫存檔的原始位置" -#: src/sudo_edit.c:899 +#: src/sudo_edit.c:606 msgid "unable to copy some of the temporary files back to their original location" msgstr "無法將部份的暫存檔複製回其原始位置" -#: src/sudo_edit.c:943 +#: src/sudo_edit.c:649 #, c-format msgid "unable to change uid to root (%u)" msgstr "無法將使用者 ID 變更為 root (%u)" -#: src/sudo_edit.c:960 +#: src/sudo_edit.c:670 msgid "plugin error: missing file list for sudoedit" msgstr "外掛程式錯誤:缺少可用於 sudoedit 的檔案清單" -#: src/sudo_edit.c:1011 src/sudo_edit.c:1024 +#: src/sudo_edit.c:713 src/sudo_edit.c:727 msgid "unable to read the clock" msgstr "無法讀取時間" +#: src/sudo_intercept_common.c:341 +msgid "intercept port not set" +msgstr "未設定攔截用連線埠" + #: src/tgetpass.c:95 msgid "timed out reading password" msgstr "讀取密碼逾時" @@ -978,33 +1030,51 @@ msgid "no askpass program specified, try setting SUDO_ASKPASS" msgstr "沒有指定 askpass 程式,將嘗試設定 SUDO_ASKPASS 環境變數" -#: src/tgetpass.c:327 +#: src/tgetpass.c:328 #, c-format msgid "unable to set gid to %u" msgstr "無法將群組 ID 設定為 %u" -#: src/tgetpass.c:331 +#: src/tgetpass.c:338 #, c-format msgid "unable to set uid to %u" msgstr "無法將使用者 ID 設定為 %u" -#: src/tgetpass.c:336 +#: src/tgetpass.c:343 #, c-format msgid "unable to run %s" msgstr "無法執行 %s" -#: src/utmp.c:287 +#: src/utmp.c:288 msgid "unable to save stdin" msgstr "無法儲存標準輸入" -#: src/utmp.c:289 +#: src/utmp.c:290 msgid "unable to dup2 stdin" msgstr "無法對標準輸入執行 dup2 操作" -#: src/utmp.c:292 +#: src/utmp.c:293 msgid "unable to restore stdin" msgstr "無法復原標準輸入" +#~ msgid "unable to dup intercept fd" +#~ msgstr "無法 dup intercept fd" + +#~ msgid "%s: missing message header" +#~ msgstr "%s:缺少訊息標頭" + +#~ msgid "%s: expected message type %d, got %d" +#~ msgstr "%s:期望的訊息類型是 %d 卻收到 %d" + +#~ msgid "you must specify a role for type %s" +#~ msgstr "你必須對 %s 類別指定一個角色" + +#~ msgid "unable to set tty context to %s" +#~ msgstr "無法設定 tty 上下文為 %s" + +#~ msgid "%s%s: %s" +#~ msgstr "%s%s: %s" + #~ msgid "%s: short write" #~ msgstr "%s:過短寫入" @@ -1017,8 +1087,5 @@ #~ msgid "no tty present and no askpass program specified" #~ msgstr "未提供終端機且沒有指定 askpass 程式" -#~ msgid "unable to get group vector" -#~ msgstr "無法取得 group vector" - #~ msgid "unknown uid %u: who are you?" #~ msgstr "未知的 %u 使用者識別碼:你是哪位啊?" diff -Nru sudo-1.9.5p2/scripts/config.guess sudo-1.9.9/scripts/config.guess --- sudo-1.9.5p2/scripts/config.guess 1970-01-01 00:00:00.000000000 +0000 +++ sudo-1.9.9/scripts/config.guess 2022-01-27 21:24:06.000000000 +0000 @@ -0,0 +1,1700 @@ +#! /bin/sh +# Attempt to guess a canonical system name. +# Copyright 1992-2021 Free Software Foundation, Inc. + +timestamp='2021-01-25' + +# This file is free software; you can redistribute it and/or modify it +# under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, but +# WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +# General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, see . +# +# As a special exception to the GNU General Public License, if you +# distribute this file as part of a program that contains a +# configuration script generated by Autoconf, you may include it under +# the same distribution terms that you use for the rest of that +# program. This Exception is an additional permission under section 7 +# of the GNU General Public License, version 3 ("GPLv3"). +# +# Originally written by Per Bothner; maintained since 2000 by Ben Elliston. +# +# You can get the latest version of this script from: +# https://git.savannah.gnu.org/cgit/config.git/plain/config.guess +# +# Please send patches to . + + +me=$(echo "$0" | sed -e 's,.*/,,') + +usage="\ +Usage: $0 [OPTION] + +Output the configuration name of the system \`$me' is run on. + +Options: + -h, --help print this help, then exit + -t, --time-stamp print date of last modification, then exit + -v, --version print version number, then exit + +Report bugs and patches to ." + +version="\ +GNU config.guess ($timestamp) + +Originally written by Per Bothner. +Copyright 1992-2021 Free Software Foundation, Inc. + +This is free software; see the source for copying conditions. There is NO +warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE." + +help=" +Try \`$me --help' for more information." + +# Parse command line +while test $# -gt 0 ; do + case $1 in + --time-stamp | --time* | -t ) + echo "$timestamp" ; exit ;; + --version | -v ) + echo "$version" ; exit ;; + --help | --h* | -h ) + echo "$usage"; exit ;; + -- ) # Stop option processing + shift; break ;; + - ) # Use stdin as input. + break ;; + -* ) + echo "$me: invalid option $1$help" >&2 + exit 1 ;; + * ) + break ;; + esac +done + +if test $# != 0; then + echo "$me: too many arguments$help" >&2 + exit 1 +fi + +# CC_FOR_BUILD -- compiler used by this script. Note that the use of a +# compiler to aid in system detection is discouraged as it requires +# temporary files to be created and, as you can see below, it is a +# headache to deal with in a portable fashion. + +# Historically, `CC_FOR_BUILD' used to be named `HOST_CC'. We still +# use `HOST_CC' if defined, but it is deprecated. + +# Portable tmp directory creation inspired by the Autoconf team. + +tmp= +# shellcheck disable=SC2172 +trap 'test -z "$tmp" || rm -fr "$tmp"' 0 1 2 13 15 + +set_cc_for_build() { + # prevent multiple calls if $tmp is already set + test "$tmp" && return 0 + : "${TMPDIR=/tmp}" + # shellcheck disable=SC2039 + { tmp=$( (umask 077 && mktemp -d "$TMPDIR/cgXXXXXX") 2>/dev/null) && test -n "$tmp" && test -d "$tmp" ; } || + { test -n "$RANDOM" && tmp=$TMPDIR/cg$$-$RANDOM && (umask 077 && mkdir "$tmp" 2>/dev/null) ; } || + { tmp=$TMPDIR/cg-$$ && (umask 077 && mkdir "$tmp" 2>/dev/null) && echo "Warning: creating insecure temp directory" >&2 ; } || + { echo "$me: cannot create a temporary directory in $TMPDIR" >&2 ; exit 1 ; } + dummy=$tmp/dummy + case ${CC_FOR_BUILD-},${HOST_CC-},${CC-} in + ,,) echo "int x;" > "$dummy.c" + for driver in cc gcc c89 c99 ; do + if ($driver -c -o "$dummy.o" "$dummy.c") >/dev/null 2>&1 ; then + CC_FOR_BUILD="$driver" + break + fi + done + if test x"$CC_FOR_BUILD" = x ; then + CC_FOR_BUILD=no_compiler_found + fi + ;; + ,,*) CC_FOR_BUILD=$CC ;; + ,*,*) CC_FOR_BUILD=$HOST_CC ;; + esac +} + +# This is needed to find uname on a Pyramid OSx when run in the BSD universe. +# (ghazi@noc.rutgers.edu 1994-08-24) +if test -f /.attbin/uname ; then + PATH=$PATH:/.attbin ; export PATH +fi + +UNAME_MACHINE=$( (uname -m) 2>/dev/null) || UNAME_MACHINE=unknown +UNAME_RELEASE=$( (uname -r) 2>/dev/null) || UNAME_RELEASE=unknown +UNAME_SYSTEM=$( (uname -s) 2>/dev/null) || UNAME_SYSTEM=unknown +UNAME_VERSION=$( (uname -v) 2>/dev/null) || UNAME_VERSION=unknown + +case "$UNAME_SYSTEM" in +Linux|GNU|GNU/*) + LIBC=unknown + + set_cc_for_build + cat <<-EOF > "$dummy.c" + #include + #if defined(__UCLIBC__) + LIBC=uclibc + #elif defined(__dietlibc__) + LIBC=dietlibc + #elif defined(__GLIBC__) + LIBC=gnu + #else + #include + /* First heuristic to detect musl libc. */ + #ifdef __DEFINED_va_list + LIBC=musl + #endif + #endif + EOF + eval "$($CC_FOR_BUILD -E "$dummy.c" 2>/dev/null | grep '^LIBC' | sed 's, ,,g')" + + # Second heuristic to detect musl libc. + if [ "$LIBC" = unknown ] && + command -v ldd >/dev/null && + ldd --version 2>&1 | grep -q ^musl; then + LIBC=musl + fi + + # If the system lacks a compiler, then just pick glibc. + # We could probably try harder. + if [ "$LIBC" = unknown ]; then + LIBC=gnu + fi + ;; +esac + +# Note: order is significant - the case branches are not exclusive. + +case "$UNAME_MACHINE:$UNAME_SYSTEM:$UNAME_RELEASE:$UNAME_VERSION" in + *:NetBSD:*:*) + # NetBSD (nbsd) targets should (where applicable) match one or + # more of the tuples: *-*-netbsdelf*, *-*-netbsdaout*, + # *-*-netbsdecoff* and *-*-netbsd*. For targets that recently + # switched to ELF, *-*-netbsd* would select the old + # object file format. This provides both forward + # compatibility and a consistent mechanism for selecting the + # object file format. + # + # Note: NetBSD doesn't particularly care about the vendor + # portion of the name. We always set it to "unknown". + UNAME_MACHINE_ARCH=$( (uname -p 2>/dev/null || \ + /sbin/sysctl -n hw.machine_arch 2>/dev/null || \ + /usr/sbin/sysctl -n hw.machine_arch 2>/dev/null || \ + echo unknown)) + case "$UNAME_MACHINE_ARCH" in + aarch64eb) machine=aarch64_be-unknown ;; + armeb) machine=armeb-unknown ;; + arm*) machine=arm-unknown ;; + sh3el) machine=shl-unknown ;; + sh3eb) machine=sh-unknown ;; + sh5el) machine=sh5le-unknown ;; + earmv*) + arch=$(echo "$UNAME_MACHINE_ARCH" | sed -e 's,^e\(armv[0-9]\).*$,\1,') + endian=$(echo "$UNAME_MACHINE_ARCH" | sed -ne 's,^.*\(eb\)$,\1,p') + machine="${arch}${endian}"-unknown + ;; + *) machine="$UNAME_MACHINE_ARCH"-unknown ;; + esac + # The Operating System including object format, if it has switched + # to ELF recently (or will in the future) and ABI. + case "$UNAME_MACHINE_ARCH" in + earm*) + os=netbsdelf + ;; + arm*|i386|m68k|ns32k|sh3*|sparc|vax) + set_cc_for_build + if echo __ELF__ | $CC_FOR_BUILD -E - 2>/dev/null \ + | grep -q __ELF__ + then + # Once all utilities can be ECOFF (netbsdecoff) or a.out (netbsdaout). + # Return netbsd for either. FIX? + os=netbsd + else + os=netbsdelf + fi + ;; + *) + os=netbsd + ;; + esac + # Determine ABI tags. + case "$UNAME_MACHINE_ARCH" in + earm*) + expr='s/^earmv[0-9]/-eabi/;s/eb$//' + abi=$(echo "$UNAME_MACHINE_ARCH" | sed -e "$expr") + ;; + esac + # The OS release + # Debian GNU/NetBSD machines have a different userland, and + # thus, need a distinct triplet. However, they do not need + # kernel version information, so it can be replaced with a + # suitable tag, in the style of linux-gnu. + case "$UNAME_VERSION" in + Debian*) + release='-gnu' + ;; + *) + release=$(echo "$UNAME_RELEASE" | sed -e 's/[-_].*//' | cut -d. -f1,2) + ;; + esac + # Since CPU_TYPE-MANUFACTURER-KERNEL-OPERATING_SYSTEM: + # contains redundant information, the shorter form: + # CPU_TYPE-MANUFACTURER-OPERATING_SYSTEM is used. + echo "$machine-${os}${release}${abi-}" + exit ;; + *:Bitrig:*:*) + UNAME_MACHINE_ARCH=$(arch | sed 's/Bitrig.//') + echo "$UNAME_MACHINE_ARCH"-unknown-bitrig"$UNAME_RELEASE" + exit ;; + *:OpenBSD:*:*) + UNAME_MACHINE_ARCH=$(arch | sed 's/OpenBSD.//') + echo "$UNAME_MACHINE_ARCH"-unknown-openbsd"$UNAME_RELEASE" + exit ;; + *:LibertyBSD:*:*) + UNAME_MACHINE_ARCH=$(arch | sed 's/^.*BSD\.//') + echo "$UNAME_MACHINE_ARCH"-unknown-libertybsd"$UNAME_RELEASE" + exit ;; + *:MidnightBSD:*:*) + echo "$UNAME_MACHINE"-unknown-midnightbsd"$UNAME_RELEASE" + exit ;; + *:ekkoBSD:*:*) + echo "$UNAME_MACHINE"-unknown-ekkobsd"$UNAME_RELEASE" + exit ;; + *:SolidBSD:*:*) + echo "$UNAME_MACHINE"-unknown-solidbsd"$UNAME_RELEASE" + exit ;; + *:OS108:*:*) + echo "$UNAME_MACHINE"-unknown-os108_"$UNAME_RELEASE" + exit ;; + macppc:MirBSD:*:*) + echo powerpc-unknown-mirbsd"$UNAME_RELEASE" + exit ;; + *:MirBSD:*:*) + echo "$UNAME_MACHINE"-unknown-mirbsd"$UNAME_RELEASE" + exit ;; + *:Sortix:*:*) + echo "$UNAME_MACHINE"-unknown-sortix + exit ;; + *:Twizzler:*:*) + echo "$UNAME_MACHINE"-unknown-twizzler + exit ;; + *:Redox:*:*) + echo "$UNAME_MACHINE"-unknown-redox + exit ;; + mips:OSF1:*.*) + echo mips-dec-osf1 + exit ;; + alpha:OSF1:*:*) + case $UNAME_RELEASE in + *4.0) + UNAME_RELEASE=$(/usr/sbin/sizer -v | awk '{print $3}') + ;; + *5.*) + UNAME_RELEASE=$(/usr/sbin/sizer -v | awk '{print $4}') + ;; + esac + # According to Compaq, /usr/sbin/psrinfo has been available on + # OSF/1 and Tru64 systems produced since 1995. I hope that + # covers most systems running today. This code pipes the CPU + # types through head -n 1, so we only detect the type of CPU 0. + ALPHA_CPU_TYPE=$(/usr/sbin/psrinfo -v | sed -n -e 's/^ The alpha \(.*\) processor.*$/\1/p' | head -n 1) + case "$ALPHA_CPU_TYPE" in + "EV4 (21064)") + UNAME_MACHINE=alpha ;; + "EV4.5 (21064)") + UNAME_MACHINE=alpha ;; + "LCA4 (21066/21068)") + UNAME_MACHINE=alpha ;; + "EV5 (21164)") + UNAME_MACHINE=alphaev5 ;; + "EV5.6 (21164A)") + UNAME_MACHINE=alphaev56 ;; + "EV5.6 (21164PC)") + UNAME_MACHINE=alphapca56 ;; + "EV5.7 (21164PC)") + UNAME_MACHINE=alphapca57 ;; + "EV6 (21264)") + UNAME_MACHINE=alphaev6 ;; + "EV6.7 (21264A)") + UNAME_MACHINE=alphaev67 ;; + "EV6.8CB (21264C)") + UNAME_MACHINE=alphaev68 ;; + "EV6.8AL (21264B)") + UNAME_MACHINE=alphaev68 ;; + "EV6.8CX (21264D)") + UNAME_MACHINE=alphaev68 ;; + "EV6.9A (21264/EV69A)") + UNAME_MACHINE=alphaev69 ;; + "EV7 (21364)") + UNAME_MACHINE=alphaev7 ;; + "EV7.9 (21364A)") + UNAME_MACHINE=alphaev79 ;; + esac + # A Pn.n version is a patched version. + # A Vn.n version is a released version. + # A Tn.n version is a released field test version. + # A Xn.n version is an unreleased experimental baselevel. + # 1.2 uses "1.2" for uname -r. + echo "$UNAME_MACHINE"-dec-osf"$(echo "$UNAME_RELEASE" | sed -e 's/^[PVTX]//' | tr ABCDEFGHIJKLMNOPQRSTUVWXYZ abcdefghijklmnopqrstuvwxyz)" + # Reset EXIT trap before exiting to avoid spurious non-zero exit code. + exitcode=$? + trap '' 0 + exit $exitcode ;; + Amiga*:UNIX_System_V:4.0:*) + echo m68k-unknown-sysv4 + exit ;; + *:[Aa]miga[Oo][Ss]:*:*) + echo "$UNAME_MACHINE"-unknown-amigaos + exit ;; + *:[Mm]orph[Oo][Ss]:*:*) + echo "$UNAME_MACHINE"-unknown-morphos + exit ;; + *:OS/390:*:*) + echo i370-ibm-openedition + exit ;; + *:z/VM:*:*) + echo s390-ibm-zvmoe + exit ;; + *:OS400:*:*) + echo powerpc-ibm-os400 + exit ;; + arm:RISC*:1.[012]*:*|arm:riscix:1.[012]*:*) + echo arm-acorn-riscix"$UNAME_RELEASE" + exit ;; + arm*:riscos:*:*|arm*:RISCOS:*:*) + echo arm-unknown-riscos + exit ;; + SR2?01:HI-UX/MPP:*:* | SR8000:HI-UX/MPP:*:*) + echo hppa1.1-hitachi-hiuxmpp + exit ;; + Pyramid*:OSx*:*:* | MIS*:OSx*:*:* | MIS*:SMP_DC-OSx*:*:*) + # akee@wpdis03.wpafb.af.mil (Earle F. Ake) contributed MIS and NILE. + if test "$( (/bin/universe) 2>/dev/null)" = att ; then + echo pyramid-pyramid-sysv3 + else + echo pyramid-pyramid-bsd + fi + exit ;; + NILE*:*:*:dcosx) + echo pyramid-pyramid-svr4 + exit ;; + DRS?6000:unix:4.0:6*) + echo sparc-icl-nx6 + exit ;; + DRS?6000:UNIX_SV:4.2*:7* | DRS?6000:isis:4.2*:7*) + case $(/usr/bin/uname -p) in + sparc) echo sparc-icl-nx7; exit ;; + esac ;; + s390x:SunOS:*:*) + echo "$UNAME_MACHINE"-ibm-solaris2"$(echo "$UNAME_RELEASE" | sed -e 's/[^.]*//')" + exit ;; + sun4H:SunOS:5.*:*) + echo sparc-hal-solaris2"$(echo "$UNAME_RELEASE"|sed -e 's/[^.]*//')" + exit ;; + sun4*:SunOS:5.*:* | tadpole*:SunOS:5.*:*) + echo sparc-sun-solaris2"$(echo "$UNAME_RELEASE" | sed -e 's/[^.]*//')" + exit ;; + i86pc:AuroraUX:5.*:* | i86xen:AuroraUX:5.*:*) + echo i386-pc-auroraux"$UNAME_RELEASE" + exit ;; + i86pc:SunOS:5.*:* | i86xen:SunOS:5.*:*) + set_cc_for_build + SUN_ARCH=i386 + # If there is a compiler, see if it is configured for 64-bit objects. + # Note that the Sun cc does not turn __LP64__ into 1 like gcc does. + # This test works for both compilers. + if test "$CC_FOR_BUILD" != no_compiler_found; then + if (echo '#ifdef __amd64'; echo IS_64BIT_ARCH; echo '#endif') | \ + (CCOPTS="" $CC_FOR_BUILD -E - 2>/dev/null) | \ + grep IS_64BIT_ARCH >/dev/null + then + SUN_ARCH=x86_64 + fi + fi + echo "$SUN_ARCH"-pc-solaris2"$(echo "$UNAME_RELEASE"|sed -e 's/[^.]*//')" + exit ;; + sun4*:SunOS:6*:*) + # According to config.sub, this is the proper way to canonicalize + # SunOS6. Hard to guess exactly what SunOS6 will be like, but + # it's likely to be more like Solaris than SunOS4. + echo sparc-sun-solaris3"$(echo "$UNAME_RELEASE"|sed -e 's/[^.]*//')" + exit ;; + sun4*:SunOS:*:*) + case "$(/usr/bin/arch -k)" in + Series*|S4*) + UNAME_RELEASE=$(uname -v) + ;; + esac + # Japanese Language versions have a version number like `4.1.3-JL'. + echo sparc-sun-sunos"$(echo "$UNAME_RELEASE"|sed -e 's/-/_/')" + exit ;; + sun3*:SunOS:*:*) + echo m68k-sun-sunos"$UNAME_RELEASE" + exit ;; + sun*:*:4.2BSD:*) + UNAME_RELEASE=$( (sed 1q /etc/motd | awk '{print substr($5,1,3)}') 2>/dev/null) + test "x$UNAME_RELEASE" = x && UNAME_RELEASE=3 + case "$(/bin/arch)" in + sun3) + echo m68k-sun-sunos"$UNAME_RELEASE" + ;; + sun4) + echo sparc-sun-sunos"$UNAME_RELEASE" + ;; + esac + exit ;; + aushp:SunOS:*:*) + echo sparc-auspex-sunos"$UNAME_RELEASE" + exit ;; + # The situation for MiNT is a little confusing. The machine name + # can be virtually everything (everything which is not + # "atarist" or "atariste" at least should have a processor + # > m68000). The system name ranges from "MiNT" over "FreeMiNT" + # to the lowercase version "mint" (or "freemint"). Finally + # the system name "TOS" denotes a system which is actually not + # MiNT. But MiNT is downward compatible to TOS, so this should + # be no problem. + atarist[e]:*MiNT:*:* | atarist[e]:*mint:*:* | atarist[e]:*TOS:*:*) + echo m68k-atari-mint"$UNAME_RELEASE" + exit ;; + atari*:*MiNT:*:* | atari*:*mint:*:* | atarist[e]:*TOS:*:*) + echo m68k-atari-mint"$UNAME_RELEASE" + exit ;; + *falcon*:*MiNT:*:* | *falcon*:*mint:*:* | *falcon*:*TOS:*:*) + echo m68k-atari-mint"$UNAME_RELEASE" + exit ;; + milan*:*MiNT:*:* | milan*:*mint:*:* | *milan*:*TOS:*:*) + echo m68k-milan-mint"$UNAME_RELEASE" + exit ;; + hades*:*MiNT:*:* | hades*:*mint:*:* | *hades*:*TOS:*:*) + echo m68k-hades-mint"$UNAME_RELEASE" + exit ;; + *:*MiNT:*:* | *:*mint:*:* | *:*TOS:*:*) + echo m68k-unknown-mint"$UNAME_RELEASE" + exit ;; + m68k:machten:*:*) + echo m68k-apple-machten"$UNAME_RELEASE" + exit ;; + powerpc:machten:*:*) + echo powerpc-apple-machten"$UNAME_RELEASE" + exit ;; + RISC*:Mach:*:*) + echo mips-dec-mach_bsd4.3 + exit ;; + RISC*:ULTRIX:*:*) + echo mips-dec-ultrix"$UNAME_RELEASE" + exit ;; + VAX*:ULTRIX*:*:*) + echo vax-dec-ultrix"$UNAME_RELEASE" + exit ;; + 2020:CLIX:*:* | 2430:CLIX:*:*) + echo clipper-intergraph-clix"$UNAME_RELEASE" + exit ;; + mips:*:*:UMIPS | mips:*:*:RISCos) + set_cc_for_build + sed 's/^ //' << EOF > "$dummy.c" +#ifdef __cplusplus +#include /* for printf() prototype */ + int main (int argc, char *argv[]) { +#else + int main (argc, argv) int argc; char *argv[]; { +#endif + #if defined (host_mips) && defined (MIPSEB) + #if defined (SYSTYPE_SYSV) + printf ("mips-mips-riscos%ssysv\\n", argv[1]); exit (0); + #endif + #if defined (SYSTYPE_SVR4) + printf ("mips-mips-riscos%ssvr4\\n", argv[1]); exit (0); + #endif + #if defined (SYSTYPE_BSD43) || defined(SYSTYPE_BSD) + printf ("mips-mips-riscos%sbsd\\n", argv[1]); exit (0); + #endif + #endif + exit (-1); + } +EOF + $CC_FOR_BUILD -o "$dummy" "$dummy.c" && + dummyarg=$(echo "$UNAME_RELEASE" | sed -n 's/\([0-9]*\).*/\1/p') && + SYSTEM_NAME=$("$dummy" "$dummyarg") && + { echo "$SYSTEM_NAME"; exit; } + echo mips-mips-riscos"$UNAME_RELEASE" + exit ;; + Motorola:PowerMAX_OS:*:*) + echo powerpc-motorola-powermax + exit ;; + Motorola:*:4.3:PL8-*) + echo powerpc-harris-powermax + exit ;; + Night_Hawk:*:*:PowerMAX_OS | Synergy:PowerMAX_OS:*:*) + echo powerpc-harris-powermax + exit ;; + Night_Hawk:Power_UNIX:*:*) + echo powerpc-harris-powerunix + exit ;; + m88k:CX/UX:7*:*) + echo m88k-harris-cxux7 + exit ;; + m88k:*:4*:R4*) + echo m88k-motorola-sysv4 + exit ;; + m88k:*:3*:R3*) + echo m88k-motorola-sysv3 + exit ;; + AViiON:dgux:*:*) + # DG/UX returns AViiON for all architectures + UNAME_PROCESSOR=$(/usr/bin/uname -p) + if test "$UNAME_PROCESSOR" = mc88100 || test "$UNAME_PROCESSOR" = mc88110 + then + if test "$TARGET_BINARY_INTERFACE"x = m88kdguxelfx || \ + test "$TARGET_BINARY_INTERFACE"x = x + then + echo m88k-dg-dgux"$UNAME_RELEASE" + else + echo m88k-dg-dguxbcs"$UNAME_RELEASE" + fi + else + echo i586-dg-dgux"$UNAME_RELEASE" + fi + exit ;; + M88*:DolphinOS:*:*) # DolphinOS (SVR3) + echo m88k-dolphin-sysv3 + exit ;; + M88*:*:R3*:*) + # Delta 88k system running SVR3 + echo m88k-motorola-sysv3 + exit ;; + XD88*:*:*:*) # Tektronix XD88 system running UTekV (SVR3) + echo m88k-tektronix-sysv3 + exit ;; + Tek43[0-9][0-9]:UTek:*:*) # Tektronix 4300 system running UTek (BSD) + echo m68k-tektronix-bsd + exit ;; + *:IRIX*:*:*) + echo mips-sgi-irix"$(echo "$UNAME_RELEASE"|sed -e 's/-/_/g')" + exit ;; + ????????:AIX?:[12].1:2) # AIX 2.2.1 or AIX 2.1.1 is RT/PC AIX. + echo romp-ibm-aix # uname -m gives an 8 hex-code CPU id + exit ;; # Note that: echo "'$(uname -s)'" gives 'AIX ' + i*86:AIX:*:*) + echo i386-ibm-aix + exit ;; + ia64:AIX:*:*) + if test -x /usr/bin/oslevel ; then + IBM_REV=$(/usr/bin/oslevel) + else + IBM_REV="$UNAME_VERSION.$UNAME_RELEASE" + fi + echo "$UNAME_MACHINE"-ibm-aix"$IBM_REV" + exit ;; + *:AIX:2:3) + if grep bos325 /usr/include/stdio.h >/dev/null 2>&1; then + set_cc_for_build + sed 's/^ //' << EOF > "$dummy.c" + #include + + main() + { + if (!__power_pc()) + exit(1); + puts("powerpc-ibm-aix3.2.5"); + exit(0); + } +EOF + if $CC_FOR_BUILD -o "$dummy" "$dummy.c" && SYSTEM_NAME=$("$dummy") + then + echo "$SYSTEM_NAME" + else + echo rs6000-ibm-aix3.2.5 + fi + elif grep bos324 /usr/include/stdio.h >/dev/null 2>&1; then + echo rs6000-ibm-aix3.2.4 + else + echo rs6000-ibm-aix3.2 + fi + exit ;; + *:AIX:*:[4567]) + IBM_CPU_ID=$(/usr/sbin/lsdev -C -c processor -S available | sed 1q | awk '{ print $1 }') + if /usr/sbin/lsattr -El "$IBM_CPU_ID" | grep ' POWER' >/dev/null 2>&1; then + IBM_ARCH=rs6000 + else + IBM_ARCH=powerpc + fi + if test -x /usr/bin/lslpp ; then + IBM_REV=$(/usr/bin/lslpp -Lqc bos.rte.libc | + awk -F: '{ print $3 }' | sed s/[0-9]*$/0/) + else + IBM_REV="$UNAME_VERSION.$UNAME_RELEASE" + fi + echo "$IBM_ARCH"-ibm-aix"$IBM_REV" + exit ;; + *:AIX:*:*) + echo rs6000-ibm-aix + exit ;; + ibmrt:4.4BSD:*|romp-ibm:4.4BSD:*) + echo romp-ibm-bsd4.4 + exit ;; + ibmrt:*BSD:*|romp-ibm:BSD:*) # covers RT/PC BSD and + echo romp-ibm-bsd"$UNAME_RELEASE" # 4.3 with uname added to + exit ;; # report: romp-ibm BSD 4.3 + *:BOSX:*:*) + echo rs6000-bull-bosx + exit ;; + DPX/2?00:B.O.S.:*:*) + echo m68k-bull-sysv3 + exit ;; + 9000/[34]??:4.3bsd:1.*:*) + echo m68k-hp-bsd + exit ;; + hp300:4.4BSD:*:* | 9000/[34]??:4.3bsd:2.*:*) + echo m68k-hp-bsd4.4 + exit ;; + 9000/[34678]??:HP-UX:*:*) + HPUX_REV=$(echo "$UNAME_RELEASE"|sed -e 's/[^.]*.[0B]*//') + case "$UNAME_MACHINE" in + 9000/31?) HP_ARCH=m68000 ;; + 9000/[34]??) HP_ARCH=m68k ;; + 9000/[678][0-9][0-9]) + if test -x /usr/bin/getconf; then + sc_cpu_version=$(/usr/bin/getconf SC_CPU_VERSION 2>/dev/null) + sc_kernel_bits=$(/usr/bin/getconf SC_KERNEL_BITS 2>/dev/null) + case "$sc_cpu_version" in + 523) HP_ARCH=hppa1.0 ;; # CPU_PA_RISC1_0 + 528) HP_ARCH=hppa1.1 ;; # CPU_PA_RISC1_1 + 532) # CPU_PA_RISC2_0 + case "$sc_kernel_bits" in + 32) HP_ARCH=hppa2.0n ;; + 64) HP_ARCH=hppa2.0w ;; + '') HP_ARCH=hppa2.0 ;; # HP-UX 10.20 + esac ;; + esac + fi + if test "$HP_ARCH" = ""; then + set_cc_for_build + sed 's/^ //' << EOF > "$dummy.c" + + #define _HPUX_SOURCE + #include + #include + + int main () + { + #if defined(_SC_KERNEL_BITS) + long bits = sysconf(_SC_KERNEL_BITS); + #endif + long cpu = sysconf (_SC_CPU_VERSION); + + switch (cpu) + { + case CPU_PA_RISC1_0: puts ("hppa1.0"); break; + case CPU_PA_RISC1_1: puts ("hppa1.1"); break; + case CPU_PA_RISC2_0: + #if defined(_SC_KERNEL_BITS) + switch (bits) + { + case 64: puts ("hppa2.0w"); break; + case 32: puts ("hppa2.0n"); break; + default: puts ("hppa2.0"); break; + } break; + #else /* !defined(_SC_KERNEL_BITS) */ + puts ("hppa2.0"); break; + #endif + default: puts ("hppa1.0"); break; + } + exit (0); + } +EOF + (CCOPTS="" $CC_FOR_BUILD -o "$dummy" "$dummy.c" 2>/dev/null) && HP_ARCH=$("$dummy") + test -z "$HP_ARCH" && HP_ARCH=hppa + fi ;; + esac + if test "$HP_ARCH" = hppa2.0w + then + set_cc_for_build + + # hppa2.0w-hp-hpux* has a 64-bit kernel and a compiler generating + # 32-bit code. hppa64-hp-hpux* has the same kernel and a compiler + # generating 64-bit code. GNU and HP use different nomenclature: + # + # $ CC_FOR_BUILD=cc ./config.guess + # => hppa2.0w-hp-hpux11.23 + # $ CC_FOR_BUILD="cc +DA2.0w" ./config.guess + # => hppa64-hp-hpux11.23 + + if echo __LP64__ | (CCOPTS="" $CC_FOR_BUILD -E - 2>/dev/null) | + grep -q __LP64__ + then + HP_ARCH=hppa2.0w + else + HP_ARCH=hppa64 + fi + fi + echo "$HP_ARCH"-hp-hpux"$HPUX_REV" + exit ;; + ia64:HP-UX:*:*) + HPUX_REV=$(echo "$UNAME_RELEASE"|sed -e 's/[^.]*.[0B]*//') + echo ia64-hp-hpux"$HPUX_REV" + exit ;; + 3050*:HI-UX:*:*) + set_cc_for_build + sed 's/^ //' << EOF > "$dummy.c" + #include + int + main () + { + long cpu = sysconf (_SC_CPU_VERSION); + /* The order matters, because CPU_IS_HP_MC68K erroneously returns + true for CPU_PA_RISC1_0. CPU_IS_PA_RISC returns correct + results, however. */ + if (CPU_IS_PA_RISC (cpu)) + { + switch (cpu) + { + case CPU_PA_RISC1_0: puts ("hppa1.0-hitachi-hiuxwe2"); break; + case CPU_PA_RISC1_1: puts ("hppa1.1-hitachi-hiuxwe2"); break; + case CPU_PA_RISC2_0: puts ("hppa2.0-hitachi-hiuxwe2"); break; + default: puts ("hppa-hitachi-hiuxwe2"); break; + } + } + else if (CPU_IS_HP_MC68K (cpu)) + puts ("m68k-hitachi-hiuxwe2"); + else puts ("unknown-hitachi-hiuxwe2"); + exit (0); + } +EOF + $CC_FOR_BUILD -o "$dummy" "$dummy.c" && SYSTEM_NAME=$("$dummy") && + { echo "$SYSTEM_NAME"; exit; } + echo unknown-hitachi-hiuxwe2 + exit ;; + 9000/7??:4.3bsd:*:* | 9000/8?[79]:4.3bsd:*:*) + echo hppa1.1-hp-bsd + exit ;; + 9000/8??:4.3bsd:*:*) + echo hppa1.0-hp-bsd + exit ;; + *9??*:MPE/iX:*:* | *3000*:MPE/iX:*:*) + echo hppa1.0-hp-mpeix + exit ;; + hp7??:OSF1:*:* | hp8?[79]:OSF1:*:*) + echo hppa1.1-hp-osf + exit ;; + hp8??:OSF1:*:*) + echo hppa1.0-hp-osf + exit ;; + i*86:OSF1:*:*) + if test -x /usr/sbin/sysversion ; then + echo "$UNAME_MACHINE"-unknown-osf1mk + else + echo "$UNAME_MACHINE"-unknown-osf1 + fi + exit ;; + parisc*:Lites*:*:*) + echo hppa1.1-hp-lites + exit ;; + C1*:ConvexOS:*:* | convex:ConvexOS:C1*:*) + echo c1-convex-bsd + exit ;; + C2*:ConvexOS:*:* | convex:ConvexOS:C2*:*) + if getsysinfo -f scalar_acc + then echo c32-convex-bsd + else echo c2-convex-bsd + fi + exit ;; + C34*:ConvexOS:*:* | convex:ConvexOS:C34*:*) + echo c34-convex-bsd + exit ;; + C38*:ConvexOS:*:* | convex:ConvexOS:C38*:*) + echo c38-convex-bsd + exit ;; + C4*:ConvexOS:*:* | convex:ConvexOS:C4*:*) + echo c4-convex-bsd + exit ;; + CRAY*Y-MP:*:*:*) + echo ymp-cray-unicos"$UNAME_RELEASE" | sed -e 's/\.[^.]*$/.X/' + exit ;; + CRAY*[A-Z]90:*:*:*) + echo "$UNAME_MACHINE"-cray-unicos"$UNAME_RELEASE" \ + | sed -e 's/CRAY.*\([A-Z]90\)/\1/' \ + -e y/ABCDEFGHIJKLMNOPQRSTUVWXYZ/abcdefghijklmnopqrstuvwxyz/ \ + -e 's/\.[^.]*$/.X/' + exit ;; + CRAY*TS:*:*:*) + echo t90-cray-unicos"$UNAME_RELEASE" | sed -e 's/\.[^.]*$/.X/' + exit ;; + CRAY*T3E:*:*:*) + echo alphaev5-cray-unicosmk"$UNAME_RELEASE" | sed -e 's/\.[^.]*$/.X/' + exit ;; + CRAY*SV1:*:*:*) + echo sv1-cray-unicos"$UNAME_RELEASE" | sed -e 's/\.[^.]*$/.X/' + exit ;; + *:UNICOS/mp:*:*) + echo craynv-cray-unicosmp"$UNAME_RELEASE" | sed -e 's/\.[^.]*$/.X/' + exit ;; + F30[01]:UNIX_System_V:*:* | F700:UNIX_System_V:*:*) + FUJITSU_PROC=$(uname -m | tr ABCDEFGHIJKLMNOPQRSTUVWXYZ abcdefghijklmnopqrstuvwxyz) + FUJITSU_SYS=$(uname -p | tr ABCDEFGHIJKLMNOPQRSTUVWXYZ abcdefghijklmnopqrstuvwxyz | sed -e 's/\///') + FUJITSU_REL=$(echo "$UNAME_RELEASE" | sed -e 's/ /_/') + echo "${FUJITSU_PROC}-fujitsu-${FUJITSU_SYS}${FUJITSU_REL}" + exit ;; + 5000:UNIX_System_V:4.*:*) + FUJITSU_SYS=$(uname -p | tr ABCDEFGHIJKLMNOPQRSTUVWXYZ abcdefghijklmnopqrstuvwxyz | sed -e 's/\///') + FUJITSU_REL=$(echo "$UNAME_RELEASE" | tr ABCDEFGHIJKLMNOPQRSTUVWXYZ abcdefghijklmnopqrstuvwxyz | sed -e 's/ /_/') + echo "sparc-fujitsu-${FUJITSU_SYS}${FUJITSU_REL}" + exit ;; + i*86:BSD/386:*:* | i*86:BSD/OS:*:* | *:Ascend\ Embedded/OS:*:*) + echo "$UNAME_MACHINE"-pc-bsdi"$UNAME_RELEASE" + exit ;; + sparc*:BSD/OS:*:*) + echo sparc-unknown-bsdi"$UNAME_RELEASE" + exit ;; + *:BSD/OS:*:*) + echo "$UNAME_MACHINE"-unknown-bsdi"$UNAME_RELEASE" + exit ;; + arm:FreeBSD:*:*) + UNAME_PROCESSOR=$(uname -p) + set_cc_for_build + if echo __ARM_PCS_VFP | $CC_FOR_BUILD -E - 2>/dev/null \ + | grep -q __ARM_PCS_VFP + then + echo "${UNAME_PROCESSOR}"-unknown-freebsd"$(echo ${UNAME_RELEASE}|sed -e 's/[-(].*//')"-gnueabi + else + echo "${UNAME_PROCESSOR}"-unknown-freebsd"$(echo ${UNAME_RELEASE}|sed -e 's/[-(].*//')"-gnueabihf + fi + exit ;; + *:FreeBSD:*:*) + UNAME_PROCESSOR=$(/usr/bin/uname -p) + case "$UNAME_PROCESSOR" in + amd64) + UNAME_PROCESSOR=x86_64 ;; + i386) + UNAME_PROCESSOR=i586 ;; + esac + echo "$UNAME_PROCESSOR"-unknown-freebsd"$(echo "$UNAME_RELEASE"|sed -e 's/[-(].*//')" + exit ;; + i*:CYGWIN*:*) + echo "$UNAME_MACHINE"-pc-cygwin + exit ;; + *:MINGW64*:*) + echo "$UNAME_MACHINE"-pc-mingw64 + exit ;; + *:MINGW*:*) + echo "$UNAME_MACHINE"-pc-mingw32 + exit ;; + *:MSYS*:*) + echo "$UNAME_MACHINE"-pc-msys + exit ;; + i*:PW*:*) + echo "$UNAME_MACHINE"-pc-pw32 + exit ;; + *:Interix*:*) + case "$UNAME_MACHINE" in + x86) + echo i586-pc-interix"$UNAME_RELEASE" + exit ;; + authenticamd | genuineintel | EM64T) + echo x86_64-unknown-interix"$UNAME_RELEASE" + exit ;; + IA64) + echo ia64-unknown-interix"$UNAME_RELEASE" + exit ;; + esac ;; + i*:UWIN*:*) + echo "$UNAME_MACHINE"-pc-uwin + exit ;; + amd64:CYGWIN*:*:* | x86_64:CYGWIN*:*:*) + echo x86_64-pc-cygwin + exit ;; + prep*:SunOS:5.*:*) + echo powerpcle-unknown-solaris2"$(echo "$UNAME_RELEASE"|sed -e 's/[^.]*//')" + exit ;; + *:GNU:*:*) + # the GNU system + echo "$(echo "$UNAME_MACHINE"|sed -e 's,[-/].*$,,')-unknown-$LIBC$(echo "$UNAME_RELEASE"|sed -e 's,/.*$,,')" + exit ;; + *:GNU/*:*:*) + # other systems with GNU libc and userland + echo "$UNAME_MACHINE-unknown-$(echo "$UNAME_SYSTEM" | sed 's,^[^/]*/,,' | tr "[:upper:]" "[:lower:]")$(echo "$UNAME_RELEASE"|sed -e 's/[-(].*//')-$LIBC" + exit ;; + *:Minix:*:*) + echo "$UNAME_MACHINE"-unknown-minix + exit ;; + aarch64:Linux:*:*) + echo "$UNAME_MACHINE"-unknown-linux-"$LIBC" + exit ;; + aarch64_be:Linux:*:*) + UNAME_MACHINE=aarch64_be + echo "$UNAME_MACHINE"-unknown-linux-"$LIBC" + exit ;; + alpha:Linux:*:*) + case $(sed -n '/^cpu model/s/^.*: \(.*\)/\1/p' /proc/cpuinfo 2>/dev/null) in + EV5) UNAME_MACHINE=alphaev5 ;; + EV56) UNAME_MACHINE=alphaev56 ;; + PCA56) UNAME_MACHINE=alphapca56 ;; + PCA57) UNAME_MACHINE=alphapca56 ;; + EV6) UNAME_MACHINE=alphaev6 ;; + EV67) UNAME_MACHINE=alphaev67 ;; + EV68*) UNAME_MACHINE=alphaev68 ;; + esac + objdump --private-headers /bin/sh | grep -q ld.so.1 + if test "$?" = 0 ; then LIBC=gnulibc1 ; fi + echo "$UNAME_MACHINE"-unknown-linux-"$LIBC" + exit ;; + arc:Linux:*:* | arceb:Linux:*:*) + echo "$UNAME_MACHINE"-unknown-linux-"$LIBC" + exit ;; + arm*:Linux:*:*) + set_cc_for_build + if echo __ARM_EABI__ | $CC_FOR_BUILD -E - 2>/dev/null \ + | grep -q __ARM_EABI__ + then + echo "$UNAME_MACHINE"-unknown-linux-"$LIBC" + else + if echo __ARM_PCS_VFP | $CC_FOR_BUILD -E - 2>/dev/null \ + | grep -q __ARM_PCS_VFP + then + echo "$UNAME_MACHINE"-unknown-linux-"$LIBC"eabi + else + echo "$UNAME_MACHINE"-unknown-linux-"$LIBC"eabihf + fi + fi + exit ;; + avr32*:Linux:*:*) + echo "$UNAME_MACHINE"-unknown-linux-"$LIBC" + exit ;; + cris:Linux:*:*) + echo "$UNAME_MACHINE"-axis-linux-"$LIBC" + exit ;; + crisv32:Linux:*:*) + echo "$UNAME_MACHINE"-axis-linux-"$LIBC" + exit ;; + e2k:Linux:*:*) + echo "$UNAME_MACHINE"-unknown-linux-"$LIBC" + exit ;; + frv:Linux:*:*) + echo "$UNAME_MACHINE"-unknown-linux-"$LIBC" + exit ;; + hexagon:Linux:*:*) + echo "$UNAME_MACHINE"-unknown-linux-"$LIBC" + exit ;; + i*86:Linux:*:*) + echo "$UNAME_MACHINE"-pc-linux-"$LIBC" + exit ;; + ia64:Linux:*:*) + echo "$UNAME_MACHINE"-unknown-linux-"$LIBC" + exit ;; + k1om:Linux:*:*) + echo "$UNAME_MACHINE"-unknown-linux-"$LIBC" + exit ;; + loongarch32:Linux:*:* | loongarch64:Linux:*:* | loongarchx32:Linux:*:*) + echo "$UNAME_MACHINE"-unknown-linux-"$LIBC" + exit ;; + m32r*:Linux:*:*) + echo "$UNAME_MACHINE"-unknown-linux-"$LIBC" + exit ;; + m68*:Linux:*:*) + echo "$UNAME_MACHINE"-unknown-linux-"$LIBC" + exit ;; + mips:Linux:*:* | mips64:Linux:*:*) + set_cc_for_build + IS_GLIBC=0 + test x"${LIBC}" = xgnu && IS_GLIBC=1 + sed 's/^ //' << EOF > "$dummy.c" + #undef CPU + #undef mips + #undef mipsel + #undef mips64 + #undef mips64el + #if ${IS_GLIBC} && defined(_ABI64) + LIBCABI=gnuabi64 + #else + #if ${IS_GLIBC} && defined(_ABIN32) + LIBCABI=gnuabin32 + #else + LIBCABI=${LIBC} + #endif + #endif + + #if ${IS_GLIBC} && defined(__mips64) && defined(__mips_isa_rev) && __mips_isa_rev>=6 + CPU=mipsisa64r6 + #else + #if ${IS_GLIBC} && !defined(__mips64) && defined(__mips_isa_rev) && __mips_isa_rev>=6 + CPU=mipsisa32r6 + #else + #if defined(__mips64) + CPU=mips64 + #else + CPU=mips + #endif + #endif + #endif + + #if defined(__MIPSEL__) || defined(__MIPSEL) || defined(_MIPSEL) || defined(MIPSEL) + MIPS_ENDIAN=el + #else + #if defined(__MIPSEB__) || defined(__MIPSEB) || defined(_MIPSEB) || defined(MIPSEB) + MIPS_ENDIAN= + #else + MIPS_ENDIAN= + #endif + #endif +EOF + eval "$($CC_FOR_BUILD -E "$dummy.c" 2>/dev/null | grep '^CPU\|^MIPS_ENDIAN\|^LIBCABI')" + test "x$CPU" != x && { echo "$CPU${MIPS_ENDIAN}-unknown-linux-$LIBCABI"; exit; } + ;; + mips64el:Linux:*:*) + echo "$UNAME_MACHINE"-unknown-linux-"$LIBC" + exit ;; + openrisc*:Linux:*:*) + echo or1k-unknown-linux-"$LIBC" + exit ;; + or32:Linux:*:* | or1k*:Linux:*:*) + echo "$UNAME_MACHINE"-unknown-linux-"$LIBC" + exit ;; + padre:Linux:*:*) + echo sparc-unknown-linux-"$LIBC" + exit ;; + parisc64:Linux:*:* | hppa64:Linux:*:*) + echo hppa64-unknown-linux-"$LIBC" + exit ;; + parisc:Linux:*:* | hppa:Linux:*:*) + # Look for CPU level + case $(grep '^cpu[^a-z]*:' /proc/cpuinfo 2>/dev/null | cut -d' ' -f2) in + PA7*) echo hppa1.1-unknown-linux-"$LIBC" ;; + PA8*) echo hppa2.0-unknown-linux-"$LIBC" ;; + *) echo hppa-unknown-linux-"$LIBC" ;; + esac + exit ;; + ppc64:Linux:*:*) + echo powerpc64-unknown-linux-"$LIBC" + exit ;; + ppc:Linux:*:*) + echo powerpc-unknown-linux-"$LIBC" + exit ;; + ppc64le:Linux:*:*) + echo powerpc64le-unknown-linux-"$LIBC" + exit ;; + ppcle:Linux:*:*) + echo powerpcle-unknown-linux-"$LIBC" + exit ;; + riscv32:Linux:*:* | riscv32be:Linux:*:* | riscv64:Linux:*:* | riscv64be:Linux:*:*) + echo "$UNAME_MACHINE"-unknown-linux-"$LIBC" + exit ;; + s390:Linux:*:* | s390x:Linux:*:*) + echo "$UNAME_MACHINE"-ibm-linux-"$LIBC" + exit ;; + sh64*:Linux:*:*) + echo "$UNAME_MACHINE"-unknown-linux-"$LIBC" + exit ;; + sh*:Linux:*:*) + echo "$UNAME_MACHINE"-unknown-linux-"$LIBC" + exit ;; + sparc:Linux:*:* | sparc64:Linux:*:*) + echo "$UNAME_MACHINE"-unknown-linux-"$LIBC" + exit ;; + tile*:Linux:*:*) + echo "$UNAME_MACHINE"-unknown-linux-"$LIBC" + exit ;; + vax:Linux:*:*) + echo "$UNAME_MACHINE"-dec-linux-"$LIBC" + exit ;; + x86_64:Linux:*:*) + set_cc_for_build + LIBCABI=$LIBC + if test "$CC_FOR_BUILD" != no_compiler_found; then + if (echo '#ifdef __ILP32__'; echo IS_X32; echo '#endif') | \ + (CCOPTS="" $CC_FOR_BUILD -E - 2>/dev/null) | \ + grep IS_X32 >/dev/null + then + LIBCABI="$LIBC"x32 + fi + fi + echo "$UNAME_MACHINE"-pc-linux-"$LIBCABI" + exit ;; + xtensa*:Linux:*:*) + echo "$UNAME_MACHINE"-unknown-linux-"$LIBC" + exit ;; + i*86:DYNIX/ptx:4*:*) + # ptx 4.0 does uname -s correctly, with DYNIX/ptx in there. + # earlier versions are messed up and put the nodename in both + # sysname and nodename. + echo i386-sequent-sysv4 + exit ;; + i*86:UNIX_SV:4.2MP:2.*) + # Unixware is an offshoot of SVR4, but it has its own version + # number series starting with 2... + # I am not positive that other SVR4 systems won't match this, + # I just have to hope. -- rms. + # Use sysv4.2uw... so that sysv4* matches it. + echo "$UNAME_MACHINE"-pc-sysv4.2uw"$UNAME_VERSION" + exit ;; + i*86:OS/2:*:*) + # If we were able to find `uname', then EMX Unix compatibility + # is probably installed. + echo "$UNAME_MACHINE"-pc-os2-emx + exit ;; + i*86:XTS-300:*:STOP) + echo "$UNAME_MACHINE"-unknown-stop + exit ;; + i*86:atheos:*:*) + echo "$UNAME_MACHINE"-unknown-atheos + exit ;; + i*86:syllable:*:*) + echo "$UNAME_MACHINE"-pc-syllable + exit ;; + i*86:LynxOS:2.*:* | i*86:LynxOS:3.[01]*:* | i*86:LynxOS:4.[02]*:*) + echo i386-unknown-lynxos"$UNAME_RELEASE" + exit ;; + i*86:*DOS:*:*) + echo "$UNAME_MACHINE"-pc-msdosdjgpp + exit ;; + i*86:*:4.*:*) + UNAME_REL=$(echo "$UNAME_RELEASE" | sed 's/\/MP$//') + if grep Novell /usr/include/link.h >/dev/null 2>/dev/null; then + echo "$UNAME_MACHINE"-univel-sysv"$UNAME_REL" + else + echo "$UNAME_MACHINE"-pc-sysv"$UNAME_REL" + fi + exit ;; + i*86:*:5:[678]*) + # UnixWare 7.x, OpenUNIX and OpenServer 6. + case $(/bin/uname -X | grep "^Machine") in + *486*) UNAME_MACHINE=i486 ;; + *Pentium) UNAME_MACHINE=i586 ;; + *Pent*|*Celeron) UNAME_MACHINE=i686 ;; + esac + echo "$UNAME_MACHINE-unknown-sysv${UNAME_RELEASE}${UNAME_SYSTEM}${UNAME_VERSION}" + exit ;; + i*86:*:3.2:*) + if test -f /usr/options/cb.name; then + UNAME_REL=$(sed -n 's/.*Version //p' /dev/null >/dev/null ; then + UNAME_REL=$( (/bin/uname -X|grep Release|sed -e 's/.*= //')) + (/bin/uname -X|grep i80486 >/dev/null) && UNAME_MACHINE=i486 + (/bin/uname -X|grep '^Machine.*Pentium' >/dev/null) \ + && UNAME_MACHINE=i586 + (/bin/uname -X|grep '^Machine.*Pent *II' >/dev/null) \ + && UNAME_MACHINE=i686 + (/bin/uname -X|grep '^Machine.*Pentium Pro' >/dev/null) \ + && UNAME_MACHINE=i686 + echo "$UNAME_MACHINE"-pc-sco"$UNAME_REL" + else + echo "$UNAME_MACHINE"-pc-sysv32 + fi + exit ;; + pc:*:*:*) + # Left here for compatibility: + # uname -m prints for DJGPP always 'pc', but it prints nothing about + # the processor, so we play safe by assuming i586. + # Note: whatever this is, it MUST be the same as what config.sub + # prints for the "djgpp" host, or else GDB configure will decide that + # this is a cross-build. + echo i586-pc-msdosdjgpp + exit ;; + Intel:Mach:3*:*) + echo i386-pc-mach3 + exit ;; + paragon:*:*:*) + echo i860-intel-osf1 + exit ;; + i860:*:4.*:*) # i860-SVR4 + if grep Stardent /usr/include/sys/uadmin.h >/dev/null 2>&1 ; then + echo i860-stardent-sysv"$UNAME_RELEASE" # Stardent Vistra i860-SVR4 + else # Add other i860-SVR4 vendors below as they are discovered. + echo i860-unknown-sysv"$UNAME_RELEASE" # Unknown i860-SVR4 + fi + exit ;; + mini*:CTIX:SYS*5:*) + # "miniframe" + echo m68010-convergent-sysv + exit ;; + mc68k:UNIX:SYSTEM5:3.51m) + echo m68k-convergent-sysv + exit ;; + M680?0:D-NIX:5.3:*) + echo m68k-diab-dnix + exit ;; + M68*:*:R3V[5678]*:*) + test -r /sysV68 && { echo 'm68k-motorola-sysv'; exit; } ;; + 3[345]??:*:4.0:3.0 | 3[34]??A:*:4.0:3.0 | 3[34]??,*:*:4.0:3.0 | 3[34]??/*:*:4.0:3.0 | 4400:*:4.0:3.0 | 4850:*:4.0:3.0 | SKA40:*:4.0:3.0 | SDS2:*:4.0:3.0 | SHG2:*:4.0:3.0 | S7501*:*:4.0:3.0) + OS_REL='' + test -r /etc/.relid \ + && OS_REL=.$(sed -n 's/[^ ]* [^ ]* \([0-9][0-9]\).*/\1/p' < /etc/.relid) + /bin/uname -p 2>/dev/null | grep 86 >/dev/null \ + && { echo i486-ncr-sysv4.3"$OS_REL"; exit; } + /bin/uname -p 2>/dev/null | /bin/grep entium >/dev/null \ + && { echo i586-ncr-sysv4.3"$OS_REL"; exit; } ;; + 3[34]??:*:4.0:* | 3[34]??,*:*:4.0:*) + /bin/uname -p 2>/dev/null | grep 86 >/dev/null \ + && { echo i486-ncr-sysv4; exit; } ;; + NCR*:*:4.2:* | MPRAS*:*:4.2:*) + OS_REL='.3' + test -r /etc/.relid \ + && OS_REL=.$(sed -n 's/[^ ]* [^ ]* \([0-9][0-9]\).*/\1/p' < /etc/.relid) + /bin/uname -p 2>/dev/null | grep 86 >/dev/null \ + && { echo i486-ncr-sysv4.3"$OS_REL"; exit; } + /bin/uname -p 2>/dev/null | /bin/grep entium >/dev/null \ + && { echo i586-ncr-sysv4.3"$OS_REL"; exit; } + /bin/uname -p 2>/dev/null | /bin/grep pteron >/dev/null \ + && { echo i586-ncr-sysv4.3"$OS_REL"; exit; } ;; + m68*:LynxOS:2.*:* | m68*:LynxOS:3.0*:*) + echo m68k-unknown-lynxos"$UNAME_RELEASE" + exit ;; + mc68030:UNIX_System_V:4.*:*) + echo m68k-atari-sysv4 + exit ;; + TSUNAMI:LynxOS:2.*:*) + echo sparc-unknown-lynxos"$UNAME_RELEASE" + exit ;; + rs6000:LynxOS:2.*:*) + echo rs6000-unknown-lynxos"$UNAME_RELEASE" + exit ;; + PowerPC:LynxOS:2.*:* | PowerPC:LynxOS:3.[01]*:* | PowerPC:LynxOS:4.[02]*:*) + echo powerpc-unknown-lynxos"$UNAME_RELEASE" + exit ;; + SM[BE]S:UNIX_SV:*:*) + echo mips-dde-sysv"$UNAME_RELEASE" + exit ;; + RM*:ReliantUNIX-*:*:*) + echo mips-sni-sysv4 + exit ;; + RM*:SINIX-*:*:*) + echo mips-sni-sysv4 + exit ;; + *:SINIX-*:*:*) + if uname -p 2>/dev/null >/dev/null ; then + UNAME_MACHINE=$( (uname -p) 2>/dev/null) + echo "$UNAME_MACHINE"-sni-sysv4 + else + echo ns32k-sni-sysv + fi + exit ;; + PENTIUM:*:4.0*:*) # Unisys `ClearPath HMP IX 4000' SVR4/MP effort + # says + echo i586-unisys-sysv4 + exit ;; + *:UNIX_System_V:4*:FTX*) + # From Gerald Hewes . + # How about differentiating between stratus architectures? -djm + echo hppa1.1-stratus-sysv4 + exit ;; + *:*:*:FTX*) + # From seanf@swdc.stratus.com. + echo i860-stratus-sysv4 + exit ;; + i*86:VOS:*:*) + # From Paul.Green@stratus.com. + echo "$UNAME_MACHINE"-stratus-vos + exit ;; + *:VOS:*:*) + # From Paul.Green@stratus.com. + echo hppa1.1-stratus-vos + exit ;; + mc68*:A/UX:*:*) + echo m68k-apple-aux"$UNAME_RELEASE" + exit ;; + news*:NEWS-OS:6*:*) + echo mips-sony-newsos6 + exit ;; + R[34]000:*System_V*:*:* | R4000:UNIX_SYSV:*:* | R*000:UNIX_SV:*:*) + if test -d /usr/nec; then + echo mips-nec-sysv"$UNAME_RELEASE" + else + echo mips-unknown-sysv"$UNAME_RELEASE" + fi + exit ;; + BeBox:BeOS:*:*) # BeOS running on hardware made by Be, PPC only. + echo powerpc-be-beos + exit ;; + BeMac:BeOS:*:*) # BeOS running on Mac or Mac clone, PPC only. + echo powerpc-apple-beos + exit ;; + BePC:BeOS:*:*) # BeOS running on Intel PC compatible. + echo i586-pc-beos + exit ;; + BePC:Haiku:*:*) # Haiku running on Intel PC compatible. + echo i586-pc-haiku + exit ;; + x86_64:Haiku:*:*) + echo x86_64-unknown-haiku + exit ;; + SX-4:SUPER-UX:*:*) + echo sx4-nec-superux"$UNAME_RELEASE" + exit ;; + SX-5:SUPER-UX:*:*) + echo sx5-nec-superux"$UNAME_RELEASE" + exit ;; + SX-6:SUPER-UX:*:*) + echo sx6-nec-superux"$UNAME_RELEASE" + exit ;; + SX-7:SUPER-UX:*:*) + echo sx7-nec-superux"$UNAME_RELEASE" + exit ;; + SX-8:SUPER-UX:*:*) + echo sx8-nec-superux"$UNAME_RELEASE" + exit ;; + SX-8R:SUPER-UX:*:*) + echo sx8r-nec-superux"$UNAME_RELEASE" + exit ;; + SX-ACE:SUPER-UX:*:*) + echo sxace-nec-superux"$UNAME_RELEASE" + exit ;; + Power*:Rhapsody:*:*) + echo powerpc-apple-rhapsody"$UNAME_RELEASE" + exit ;; + *:Rhapsody:*:*) + echo "$UNAME_MACHINE"-apple-rhapsody"$UNAME_RELEASE" + exit ;; + arm64:Darwin:*:*) + echo aarch64-apple-darwin"$UNAME_RELEASE" + exit ;; + *:Darwin:*:*) + UNAME_PROCESSOR=$(uname -p) + case $UNAME_PROCESSOR in + unknown) UNAME_PROCESSOR=powerpc ;; + esac + if command -v xcode-select > /dev/null 2> /dev/null && \ + ! xcode-select --print-path > /dev/null 2> /dev/null ; then + # Avoid executing cc if there is no toolchain installed as + # cc will be a stub that puts up a graphical alert + # prompting the user to install developer tools. + CC_FOR_BUILD=no_compiler_found + else + set_cc_for_build + fi + if test "$CC_FOR_BUILD" != no_compiler_found; then + if (echo '#ifdef __LP64__'; echo IS_64BIT_ARCH; echo '#endif') | \ + (CCOPTS="" $CC_FOR_BUILD -E - 2>/dev/null) | \ + grep IS_64BIT_ARCH >/dev/null + then + case $UNAME_PROCESSOR in + i386) UNAME_PROCESSOR=x86_64 ;; + powerpc) UNAME_PROCESSOR=powerpc64 ;; + esac + fi + # On 10.4-10.6 one might compile for PowerPC via gcc -arch ppc + if (echo '#ifdef __POWERPC__'; echo IS_PPC; echo '#endif') | \ + (CCOPTS="" $CC_FOR_BUILD -E - 2>/dev/null) | \ + grep IS_PPC >/dev/null + then + UNAME_PROCESSOR=powerpc + fi + elif test "$UNAME_PROCESSOR" = i386 ; then + # uname -m returns i386 or x86_64 + UNAME_PROCESSOR=$UNAME_MACHINE + fi + echo "$UNAME_PROCESSOR"-apple-darwin"$UNAME_RELEASE" + exit ;; + *:procnto*:*:* | *:QNX:[0123456789]*:*) + UNAME_PROCESSOR=$(uname -p) + if test "$UNAME_PROCESSOR" = x86; then + UNAME_PROCESSOR=i386 + UNAME_MACHINE=pc + fi + echo "$UNAME_PROCESSOR"-"$UNAME_MACHINE"-nto-qnx"$UNAME_RELEASE" + exit ;; + *:QNX:*:4*) + echo i386-pc-qnx + exit ;; + NEO-*:NONSTOP_KERNEL:*:*) + echo neo-tandem-nsk"$UNAME_RELEASE" + exit ;; + NSE-*:NONSTOP_KERNEL:*:*) + echo nse-tandem-nsk"$UNAME_RELEASE" + exit ;; + NSR-*:NONSTOP_KERNEL:*:*) + echo nsr-tandem-nsk"$UNAME_RELEASE" + exit ;; + NSV-*:NONSTOP_KERNEL:*:*) + echo nsv-tandem-nsk"$UNAME_RELEASE" + exit ;; + NSX-*:NONSTOP_KERNEL:*:*) + echo nsx-tandem-nsk"$UNAME_RELEASE" + exit ;; + *:NonStop-UX:*:*) + echo mips-compaq-nonstopux + exit ;; + BS2000:POSIX*:*:*) + echo bs2000-siemens-sysv + exit ;; + DS/*:UNIX_System_V:*:*) + echo "$UNAME_MACHINE"-"$UNAME_SYSTEM"-"$UNAME_RELEASE" + exit ;; + *:Plan9:*:*) + # "uname -m" is not consistent, so use $cputype instead. 386 + # is converted to i386 for consistency with other x86 + # operating systems. + # shellcheck disable=SC2154 + if test "$cputype" = 386; then + UNAME_MACHINE=i386 + else + UNAME_MACHINE="$cputype" + fi + echo "$UNAME_MACHINE"-unknown-plan9 + exit ;; + *:TOPS-10:*:*) + echo pdp10-unknown-tops10 + exit ;; + *:TENEX:*:*) + echo pdp10-unknown-tenex + exit ;; + KS10:TOPS-20:*:* | KL10:TOPS-20:*:* | TYPE4:TOPS-20:*:*) + echo pdp10-dec-tops20 + exit ;; + XKL-1:TOPS-20:*:* | TYPE5:TOPS-20:*:*) + echo pdp10-xkl-tops20 + exit ;; + *:TOPS-20:*:*) + echo pdp10-unknown-tops20 + exit ;; + *:ITS:*:*) + echo pdp10-unknown-its + exit ;; + SEI:*:*:SEIUX) + echo mips-sei-seiux"$UNAME_RELEASE" + exit ;; + *:DragonFly:*:*) + echo "$UNAME_MACHINE"-unknown-dragonfly"$(echo "$UNAME_RELEASE"|sed -e 's/[-(].*//')" + exit ;; + *:*VMS:*:*) + UNAME_MACHINE=$( (uname -p) 2>/dev/null) + case "$UNAME_MACHINE" in + A*) echo alpha-dec-vms ; exit ;; + I*) echo ia64-dec-vms ; exit ;; + V*) echo vax-dec-vms ; exit ;; + esac ;; + *:XENIX:*:SysV) + echo i386-pc-xenix + exit ;; + i*86:skyos:*:*) + echo "$UNAME_MACHINE"-pc-skyos"$(echo "$UNAME_RELEASE" | sed -e 's/ .*$//')" + exit ;; + i*86:rdos:*:*) + echo "$UNAME_MACHINE"-pc-rdos + exit ;; + *:AROS:*:*) + echo "$UNAME_MACHINE"-unknown-aros + exit ;; + x86_64:VMkernel:*:*) + echo "$UNAME_MACHINE"-unknown-esx + exit ;; + amd64:Isilon\ OneFS:*:*) + echo x86_64-unknown-onefs + exit ;; + *:Unleashed:*:*) + echo "$UNAME_MACHINE"-unknown-unleashed"$UNAME_RELEASE" + exit ;; +esac + +# No uname command or uname output not recognized. +set_cc_for_build +cat > "$dummy.c" < +#include +#endif +#if defined(ultrix) || defined(_ultrix) || defined(__ultrix) || defined(__ultrix__) +#if defined (vax) || defined (__vax) || defined (__vax__) || defined(mips) || defined(__mips) || defined(__mips__) || defined(MIPS) || defined(__MIPS__) +#include +#if defined(_SIZE_T_) || defined(SIGLOST) +#include +#endif +#endif +#endif +main () +{ +#if defined (sony) +#if defined (MIPSEB) + /* BFD wants "bsd" instead of "newsos". Perhaps BFD should be changed, + I don't know.... */ + printf ("mips-sony-bsd\n"); exit (0); +#else +#include + printf ("m68k-sony-newsos%s\n", +#ifdef NEWSOS4 + "4" +#else + "" +#endif + ); exit (0); +#endif +#endif + +#if defined (NeXT) +#if !defined (__ARCHITECTURE__) +#define __ARCHITECTURE__ "m68k" +#endif + int version; + version=$( (hostinfo | sed -n 's/.*NeXT Mach \([0-9]*\).*/\1/p') 2>/dev/null); + if (version < 4) + printf ("%s-next-nextstep%d\n", __ARCHITECTURE__, version); + else + printf ("%s-next-openstep%d\n", __ARCHITECTURE__, version); + exit (0); +#endif + +#if defined (MULTIMAX) || defined (n16) +#if defined (UMAXV) + printf ("ns32k-encore-sysv\n"); exit (0); +#else +#if defined (CMU) + printf ("ns32k-encore-mach\n"); exit (0); +#else + printf ("ns32k-encore-bsd\n"); exit (0); +#endif +#endif +#endif + +#if defined (__386BSD__) + printf ("i386-pc-bsd\n"); exit (0); +#endif + +#if defined (sequent) +#if defined (i386) + printf ("i386-sequent-dynix\n"); exit (0); +#endif +#if defined (ns32000) + printf ("ns32k-sequent-dynix\n"); exit (0); +#endif +#endif + +#if defined (_SEQUENT_) + struct utsname un; + + uname(&un); + if (strncmp(un.version, "V2", 2) == 0) { + printf ("i386-sequent-ptx2\n"); exit (0); + } + if (strncmp(un.version, "V1", 2) == 0) { /* XXX is V1 correct? */ + printf ("i386-sequent-ptx1\n"); exit (0); + } + printf ("i386-sequent-ptx\n"); exit (0); +#endif + +#if defined (vax) +#if !defined (ultrix) +#include +#if defined (BSD) +#if BSD == 43 + printf ("vax-dec-bsd4.3\n"); exit (0); +#else +#if BSD == 199006 + printf ("vax-dec-bsd4.3reno\n"); exit (0); +#else + printf ("vax-dec-bsd\n"); exit (0); +#endif +#endif +#else + printf ("vax-dec-bsd\n"); exit (0); +#endif +#else +#if defined(_SIZE_T_) || defined(SIGLOST) + struct utsname un; + uname (&un); + printf ("vax-dec-ultrix%s\n", un.release); exit (0); +#else + printf ("vax-dec-ultrix\n"); exit (0); +#endif +#endif +#endif +#if defined(ultrix) || defined(_ultrix) || defined(__ultrix) || defined(__ultrix__) +#if defined(mips) || defined(__mips) || defined(__mips__) || defined(MIPS) || defined(__MIPS__) +#if defined(_SIZE_T_) || defined(SIGLOST) + struct utsname *un; + uname (&un); + printf ("mips-dec-ultrix%s\n", un.release); exit (0); +#else + printf ("mips-dec-ultrix\n"); exit (0); +#endif +#endif +#endif + +#if defined (alliant) && defined (i860) + printf ("i860-alliant-bsd\n"); exit (0); +#endif + + exit (1); +} +EOF + +$CC_FOR_BUILD -o "$dummy" "$dummy.c" 2>/dev/null && SYSTEM_NAME=$($dummy) && + { echo "$SYSTEM_NAME"; exit; } + +# Apollos put the system type in the environment. +test -d /usr/apollo && { echo "$ISP-apollo-$SYSTYPE"; exit; } + +echo "$0: unable to guess system type" >&2 + +case "$UNAME_MACHINE:$UNAME_SYSTEM" in + mips:Linux | mips64:Linux) + # If we got here on MIPS GNU/Linux, output extra information. + cat >&2 <&2 <&2 </dev/null || echo unknown) +uname -r = $( (uname -r) 2>/dev/null || echo unknown) +uname -s = $( (uname -s) 2>/dev/null || echo unknown) +uname -v = $( (uname -v) 2>/dev/null || echo unknown) + +/usr/bin/uname -p = $( (/usr/bin/uname -p) 2>/dev/null) +/bin/uname -X = $( (/bin/uname -X) 2>/dev/null) + +hostinfo = $( (hostinfo) 2>/dev/null) +/bin/universe = $( (/bin/universe) 2>/dev/null) +/usr/bin/arch -k = $( (/usr/bin/arch -k) 2>/dev/null) +/bin/arch = $( (/bin/arch) 2>/dev/null) +/usr/bin/oslevel = $( (/usr/bin/oslevel) 2>/dev/null) +/usr/convex/getsysinfo = $( (/usr/convex/getsysinfo) 2>/dev/null) + +UNAME_MACHINE = "$UNAME_MACHINE" +UNAME_RELEASE = "$UNAME_RELEASE" +UNAME_SYSTEM = "$UNAME_SYSTEM" +UNAME_VERSION = "$UNAME_VERSION" +EOF +fi + +exit 1 + +# Local variables: +# eval: (add-hook 'before-save-hook 'time-stamp) +# time-stamp-start: "timestamp='" +# time-stamp-format: "%:y-%02m-%02d" +# time-stamp-end: "'" +# End: diff -Nru sudo-1.9.5p2/scripts/config.sub sudo-1.9.9/scripts/config.sub --- sudo-1.9.5p2/scripts/config.sub 1970-01-01 00:00:00.000000000 +0000 +++ sudo-1.9.9/scripts/config.sub 2022-01-27 21:24:06.000000000 +0000 @@ -0,0 +1,1860 @@ +#! /bin/sh +# Configuration validation subroutine script. +# Copyright 1992-2021 Free Software Foundation, Inc. + +timestamp='2021-01-08' + +# This file is free software; you can redistribute it and/or modify it +# under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, but +# WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +# General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, see . +# +# As a special exception to the GNU General Public License, if you +# distribute this file as part of a program that contains a +# configuration script generated by Autoconf, you may include it under +# the same distribution terms that you use for the rest of that +# program. This Exception is an additional permission under section 7 +# of the GNU General Public License, version 3 ("GPLv3"). + + +# Please send patches to . +# +# Configuration subroutine to validate and canonicalize a configuration type. +# Supply the specified configuration type as an argument. +# If it is invalid, we print an error message on stderr and exit with code 1. +# Otherwise, we print the canonical config type on stdout and succeed. + +# You can get the latest version of this script from: +# https://git.savannah.gnu.org/cgit/config.git/plain/config.sub + +# This file is supposed to be the same for all GNU packages +# and recognize all the CPU types, system types and aliases +# that are meaningful with *any* GNU software. +# Each package is responsible for reporting which valid configurations +# it does not support. The user should be able to distinguish +# a failure to support a valid configuration from a meaningless +# configuration. + +# The goal of this file is to map all the various variations of a given +# machine specification into a single specification in the form: +# CPU_TYPE-MANUFACTURER-OPERATING_SYSTEM +# or in some cases, the newer four-part form: +# CPU_TYPE-MANUFACTURER-KERNEL-OPERATING_SYSTEM +# It is wrong to echo any other type of specification. + +me=$(echo "$0" | sed -e 's,.*/,,') + +usage="\ +Usage: $0 [OPTION] CPU-MFR-OPSYS or ALIAS + +Canonicalize a configuration name. + +Options: + -h, --help print this help, then exit + -t, --time-stamp print date of last modification, then exit + -v, --version print version number, then exit + +Report bugs and patches to ." + +version="\ +GNU config.sub ($timestamp) + +Copyright 1992-2021 Free Software Foundation, Inc. + +This is free software; see the source for copying conditions. There is NO +warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE." + +help=" +Try \`$me --help' for more information." + +# Parse command line +while test $# -gt 0 ; do + case $1 in + --time-stamp | --time* | -t ) + echo "$timestamp" ; exit ;; + --version | -v ) + echo "$version" ; exit ;; + --help | --h* | -h ) + echo "$usage"; exit ;; + -- ) # Stop option processing + shift; break ;; + - ) # Use stdin as input. + break ;; + -* ) + echo "$me: invalid option $1$help" >&2 + exit 1 ;; + + *local*) + # First pass through any local machine types. + echo "$1" + exit ;; + + * ) + break ;; + esac +done + +case $# in + 0) echo "$me: missing argument$help" >&2 + exit 1;; + 1) ;; + *) echo "$me: too many arguments$help" >&2 + exit 1;; +esac + +# Split fields of configuration type +# shellcheck disable=SC2162 +IFS="-" read field1 field2 field3 field4 <&2 + exit 1 + ;; + *-*-*-*) + basic_machine=$field1-$field2 + basic_os=$field3-$field4 + ;; + *-*-*) + # Ambiguous whether COMPANY is present, or skipped and KERNEL-OS is two + # parts + maybe_os=$field2-$field3 + case $maybe_os in + nto-qnx* | linux-* | uclinux-uclibc* \ + | uclinux-gnu* | kfreebsd*-gnu* | knetbsd*-gnu* | netbsd*-gnu* \ + | netbsd*-eabi* | kopensolaris*-gnu* | cloudabi*-eabi* \ + | storm-chaos* | os2-emx* | rtmk-nova*) + basic_machine=$field1 + basic_os=$maybe_os + ;; + android-linux) + basic_machine=$field1-unknown + basic_os=linux-android + ;; + *) + basic_machine=$field1-$field2 + basic_os=$field3 + ;; + esac + ;; + *-*) + # A lone config we happen to match not fitting any pattern + case $field1-$field2 in + decstation-3100) + basic_machine=mips-dec + basic_os= + ;; + *-*) + # Second component is usually, but not always the OS + case $field2 in + # Prevent following clause from handling this valid os + sun*os*) + basic_machine=$field1 + basic_os=$field2 + ;; + # Manufacturers + dec* | mips* | sequent* | encore* | pc533* | sgi* | sony* \ + | att* | 7300* | 3300* | delta* | motorola* | sun[234]* \ + | unicom* | ibm* | next | hp | isi* | apollo | altos* \ + | convergent* | ncr* | news | 32* | 3600* | 3100* \ + | hitachi* | c[123]* | convex* | sun | crds | omron* | dg \ + | ultra | tti* | harris | dolphin | highlevel | gould \ + | cbm | ns | masscomp | apple | axis | knuth | cray \ + | microblaze* | sim | cisco \ + | oki | wec | wrs | winbond) + basic_machine=$field1-$field2 + basic_os= + ;; + *) + basic_machine=$field1 + basic_os=$field2 + ;; + esac + ;; + esac + ;; + *) + # Convert single-component short-hands not valid as part of + # multi-component configurations. + case $field1 in + 386bsd) + basic_machine=i386-pc + basic_os=bsd + ;; + a29khif) + basic_machine=a29k-amd + basic_os=udi + ;; + adobe68k) + basic_machine=m68010-adobe + basic_os=scout + ;; + alliant) + basic_machine=fx80-alliant + basic_os= + ;; + altos | altos3068) + basic_machine=m68k-altos + basic_os= + ;; + am29k) + basic_machine=a29k-none + basic_os=bsd + ;; + amdahl) + basic_machine=580-amdahl + basic_os=sysv + ;; + amiga) + basic_machine=m68k-unknown + basic_os= + ;; + amigaos | amigados) + basic_machine=m68k-unknown + basic_os=amigaos + ;; + amigaunix | amix) + basic_machine=m68k-unknown + basic_os=sysv4 + ;; + apollo68) + basic_machine=m68k-apollo + basic_os=sysv + ;; + apollo68bsd) + basic_machine=m68k-apollo + basic_os=bsd + ;; + aros) + basic_machine=i386-pc + basic_os=aros + ;; + aux) + basic_machine=m68k-apple + basic_os=aux + ;; + balance) + basic_machine=ns32k-sequent + basic_os=dynix + ;; + blackfin) + basic_machine=bfin-unknown + basic_os=linux + ;; + cegcc) + basic_machine=arm-unknown + basic_os=cegcc + ;; + convex-c1) + basic_machine=c1-convex + basic_os=bsd + ;; + convex-c2) + basic_machine=c2-convex + basic_os=bsd + ;; + convex-c32) + basic_machine=c32-convex + basic_os=bsd + ;; + convex-c34) + basic_machine=c34-convex + basic_os=bsd + ;; + convex-c38) + basic_machine=c38-convex + basic_os=bsd + ;; + cray) + basic_machine=j90-cray + basic_os=unicos + ;; + crds | unos) + basic_machine=m68k-crds + basic_os= + ;; + da30) + basic_machine=m68k-da30 + basic_os= + ;; + decstation | pmax | pmin | dec3100 | decstatn) + basic_machine=mips-dec + basic_os= + ;; + delta88) + basic_machine=m88k-motorola + basic_os=sysv3 + ;; + dicos) + basic_machine=i686-pc + basic_os=dicos + ;; + djgpp) + basic_machine=i586-pc + basic_os=msdosdjgpp + ;; + ebmon29k) + basic_machine=a29k-amd + basic_os=ebmon + ;; + es1800 | OSE68k | ose68k | ose | OSE) + basic_machine=m68k-ericsson + basic_os=ose + ;; + gmicro) + basic_machine=tron-gmicro + basic_os=sysv + ;; + go32) + basic_machine=i386-pc + basic_os=go32 + ;; + h8300hms) + basic_machine=h8300-hitachi + basic_os=hms + ;; + h8300xray) + basic_machine=h8300-hitachi + basic_os=xray + ;; + h8500hms) + basic_machine=h8500-hitachi + basic_os=hms + ;; + harris) + basic_machine=m88k-harris + basic_os=sysv3 + ;; + hp300 | hp300hpux) + basic_machine=m68k-hp + basic_os=hpux + ;; + hp300bsd) + basic_machine=m68k-hp + basic_os=bsd + ;; + hppaosf) + basic_machine=hppa1.1-hp + basic_os=osf + ;; + hppro) + basic_machine=hppa1.1-hp + basic_os=proelf + ;; + i386mach) + basic_machine=i386-mach + basic_os=mach + ;; + isi68 | isi) + basic_machine=m68k-isi + basic_os=sysv + ;; + m68knommu) + basic_machine=m68k-unknown + basic_os=linux + ;; + magnum | m3230) + basic_machine=mips-mips + basic_os=sysv + ;; + merlin) + basic_machine=ns32k-utek + basic_os=sysv + ;; + mingw64) + basic_machine=x86_64-pc + basic_os=mingw64 + ;; + mingw32) + basic_machine=i686-pc + basic_os=mingw32 + ;; + mingw32ce) + basic_machine=arm-unknown + basic_os=mingw32ce + ;; + monitor) + basic_machine=m68k-rom68k + basic_os=coff + ;; + morphos) + basic_machine=powerpc-unknown + basic_os=morphos + ;; + moxiebox) + basic_machine=moxie-unknown + basic_os=moxiebox + ;; + msdos) + basic_machine=i386-pc + basic_os=msdos + ;; + msys) + basic_machine=i686-pc + basic_os=msys + ;; + mvs) + basic_machine=i370-ibm + basic_os=mvs + ;; + nacl) + basic_machine=le32-unknown + basic_os=nacl + ;; + ncr3000) + basic_machine=i486-ncr + basic_os=sysv4 + ;; + netbsd386) + basic_machine=i386-pc + basic_os=netbsd + ;; + netwinder) + basic_machine=armv4l-rebel + basic_os=linux + ;; + news | news700 | news800 | news900) + basic_machine=m68k-sony + basic_os=newsos + ;; + news1000) + basic_machine=m68030-sony + basic_os=newsos + ;; + necv70) + basic_machine=v70-nec + basic_os=sysv + ;; + nh3000) + basic_machine=m68k-harris + basic_os=cxux + ;; + nh[45]000) + basic_machine=m88k-harris + basic_os=cxux + ;; + nindy960) + basic_machine=i960-intel + basic_os=nindy + ;; + mon960) + basic_machine=i960-intel + basic_os=mon960 + ;; + nonstopux) + basic_machine=mips-compaq + basic_os=nonstopux + ;; + os400) + basic_machine=powerpc-ibm + basic_os=os400 + ;; + OSE68000 | ose68000) + basic_machine=m68000-ericsson + basic_os=ose + ;; + os68k) + basic_machine=m68k-none + basic_os=os68k + ;; + paragon) + basic_machine=i860-intel + basic_os=osf + ;; + parisc) + basic_machine=hppa-unknown + basic_os=linux + ;; + psp) + basic_machine=mipsallegrexel-sony + basic_os=psp + ;; + pw32) + basic_machine=i586-unknown + basic_os=pw32 + ;; + rdos | rdos64) + basic_machine=x86_64-pc + basic_os=rdos + ;; + rdos32) + basic_machine=i386-pc + basic_os=rdos + ;; + rom68k) + basic_machine=m68k-rom68k + basic_os=coff + ;; + sa29200) + basic_machine=a29k-amd + basic_os=udi + ;; + sei) + basic_machine=mips-sei + basic_os=seiux + ;; + sequent) + basic_machine=i386-sequent + basic_os= + ;; + sps7) + basic_machine=m68k-bull + basic_os=sysv2 + ;; + st2000) + basic_machine=m68k-tandem + basic_os= + ;; + stratus) + basic_machine=i860-stratus + basic_os=sysv4 + ;; + sun2) + basic_machine=m68000-sun + basic_os= + ;; + sun2os3) + basic_machine=m68000-sun + basic_os=sunos3 + ;; + sun2os4) + basic_machine=m68000-sun + basic_os=sunos4 + ;; + sun3) + basic_machine=m68k-sun + basic_os= + ;; + sun3os3) + basic_machine=m68k-sun + basic_os=sunos3 + ;; + sun3os4) + basic_machine=m68k-sun + basic_os=sunos4 + ;; + sun4) + basic_machine=sparc-sun + basic_os= + ;; + sun4os3) + basic_machine=sparc-sun + basic_os=sunos3 + ;; + sun4os4) + basic_machine=sparc-sun + basic_os=sunos4 + ;; + sun4sol2) + basic_machine=sparc-sun + basic_os=solaris2 + ;; + sun386 | sun386i | roadrunner) + basic_machine=i386-sun + basic_os= + ;; + sv1) + basic_machine=sv1-cray + basic_os=unicos + ;; + symmetry) + basic_machine=i386-sequent + basic_os=dynix + ;; + t3e) + basic_machine=alphaev5-cray + basic_os=unicos + ;; + t90) + basic_machine=t90-cray + basic_os=unicos + ;; + toad1) + basic_machine=pdp10-xkl + basic_os=tops20 + ;; + tpf) + basic_machine=s390x-ibm + basic_os=tpf + ;; + udi29k) + basic_machine=a29k-amd + basic_os=udi + ;; + ultra3) + basic_machine=a29k-nyu + basic_os=sym1 + ;; + v810 | necv810) + basic_machine=v810-nec + basic_os=none + ;; + vaxv) + basic_machine=vax-dec + basic_os=sysv + ;; + vms) + basic_machine=vax-dec + basic_os=vms + ;; + vsta) + basic_machine=i386-pc + basic_os=vsta + ;; + vxworks960) + basic_machine=i960-wrs + basic_os=vxworks + ;; + vxworks68) + basic_machine=m68k-wrs + basic_os=vxworks + ;; + vxworks29k) + basic_machine=a29k-wrs + basic_os=vxworks + ;; + xbox) + basic_machine=i686-pc + basic_os=mingw32 + ;; + ymp) + basic_machine=ymp-cray + basic_os=unicos + ;; + *) + basic_machine=$1 + basic_os= + ;; + esac + ;; +esac + +# Decode 1-component or ad-hoc basic machines +case $basic_machine in + # Here we handle the default manufacturer of certain CPU types. It is in + # some cases the only manufacturer, in others, it is the most popular. + w89k) + cpu=hppa1.1 + vendor=winbond + ;; + op50n) + cpu=hppa1.1 + vendor=oki + ;; + op60c) + cpu=hppa1.1 + vendor=oki + ;; + ibm*) + cpu=i370 + vendor=ibm + ;; + orion105) + cpu=clipper + vendor=highlevel + ;; + mac | mpw | mac-mpw) + cpu=m68k + vendor=apple + ;; + pmac | pmac-mpw) + cpu=powerpc + vendor=apple + ;; + + # Recognize the various machine names and aliases which stand + # for a CPU type and a company and sometimes even an OS. + 3b1 | 7300 | 7300-att | att-7300 | pc7300 | safari | unixpc) + cpu=m68000 + vendor=att + ;; + 3b*) + cpu=we32k + vendor=att + ;; + bluegene*) + cpu=powerpc + vendor=ibm + basic_os=cnk + ;; + decsystem10* | dec10*) + cpu=pdp10 + vendor=dec + basic_os=tops10 + ;; + decsystem20* | dec20*) + cpu=pdp10 + vendor=dec + basic_os=tops20 + ;; + delta | 3300 | motorola-3300 | motorola-delta \ + | 3300-motorola | delta-motorola) + cpu=m68k + vendor=motorola + ;; + dpx2*) + cpu=m68k + vendor=bull + basic_os=sysv3 + ;; + encore | umax | mmax) + cpu=ns32k + vendor=encore + ;; + elxsi) + cpu=elxsi + vendor=elxsi + basic_os=${basic_os:-bsd} + ;; + fx2800) + cpu=i860 + vendor=alliant + ;; + genix) + cpu=ns32k + vendor=ns + ;; + h3050r* | hiux*) + cpu=hppa1.1 + vendor=hitachi + basic_os=hiuxwe2 + ;; + hp3k9[0-9][0-9] | hp9[0-9][0-9]) + cpu=hppa1.0 + vendor=hp + ;; + hp9k2[0-9][0-9] | hp9k31[0-9]) + cpu=m68000 + vendor=hp + ;; + hp9k3[2-9][0-9]) + cpu=m68k + vendor=hp + ;; + hp9k6[0-9][0-9] | hp6[0-9][0-9]) + cpu=hppa1.0 + vendor=hp + ;; + hp9k7[0-79][0-9] | hp7[0-79][0-9]) + cpu=hppa1.1 + vendor=hp + ;; + hp9k78[0-9] | hp78[0-9]) + # FIXME: really hppa2.0-hp + cpu=hppa1.1 + vendor=hp + ;; + hp9k8[67]1 | hp8[67]1 | hp9k80[24] | hp80[24] | hp9k8[78]9 | hp8[78]9 | hp9k893 | hp893) + # FIXME: really hppa2.0-hp + cpu=hppa1.1 + vendor=hp + ;; + hp9k8[0-9][13679] | hp8[0-9][13679]) + cpu=hppa1.1 + vendor=hp + ;; + hp9k8[0-9][0-9] | hp8[0-9][0-9]) + cpu=hppa1.0 + vendor=hp + ;; + i*86v32) + cpu=$(echo "$1" | sed -e 's/86.*/86/') + vendor=pc + basic_os=sysv32 + ;; + i*86v4*) + cpu=$(echo "$1" | sed -e 's/86.*/86/') + vendor=pc + basic_os=sysv4 + ;; + i*86v) + cpu=$(echo "$1" | sed -e 's/86.*/86/') + vendor=pc + basic_os=sysv + ;; + i*86sol2) + cpu=$(echo "$1" | sed -e 's/86.*/86/') + vendor=pc + basic_os=solaris2 + ;; + j90 | j90-cray) + cpu=j90 + vendor=cray + basic_os=${basic_os:-unicos} + ;; + iris | iris4d) + cpu=mips + vendor=sgi + case $basic_os in + irix*) + ;; + *) + basic_os=irix4 + ;; + esac + ;; + miniframe) + cpu=m68000 + vendor=convergent + ;; + *mint | mint[0-9]* | *MiNT | *MiNT[0-9]*) + cpu=m68k + vendor=atari + basic_os=mint + ;; + news-3600 | risc-news) + cpu=mips + vendor=sony + basic_os=newsos + ;; + next | m*-next) + cpu=m68k + vendor=next + case $basic_os in + openstep*) + ;; + nextstep*) + ;; + ns2*) + basic_os=nextstep2 + ;; + *) + basic_os=nextstep3 + ;; + esac + ;; + np1) + cpu=np1 + vendor=gould + ;; + op50n-* | op60c-*) + cpu=hppa1.1 + vendor=oki + basic_os=proelf + ;; + pa-hitachi) + cpu=hppa1.1 + vendor=hitachi + basic_os=hiuxwe2 + ;; + pbd) + cpu=sparc + vendor=tti + ;; + pbb) + cpu=m68k + vendor=tti + ;; + pc532) + cpu=ns32k + vendor=pc532 + ;; + pn) + cpu=pn + vendor=gould + ;; + power) + cpu=power + vendor=ibm + ;; + ps2) + cpu=i386 + vendor=ibm + ;; + rm[46]00) + cpu=mips + vendor=siemens + ;; + rtpc | rtpc-*) + cpu=romp + vendor=ibm + ;; + sde) + cpu=mipsisa32 + vendor=sde + basic_os=${basic_os:-elf} + ;; + simso-wrs) + cpu=sparclite + vendor=wrs + basic_os=vxworks + ;; + tower | tower-32) + cpu=m68k + vendor=ncr + ;; + vpp*|vx|vx-*) + cpu=f301 + vendor=fujitsu + ;; + w65) + cpu=w65 + vendor=wdc + ;; + w89k-*) + cpu=hppa1.1 + vendor=winbond + basic_os=proelf + ;; + none) + cpu=none + vendor=none + ;; + leon|leon[3-9]) + cpu=sparc + vendor=$basic_machine + ;; + leon-*|leon[3-9]-*) + cpu=sparc + vendor=$(echo "$basic_machine" | sed 's/-.*//') + ;; + + *-*) + # shellcheck disable=SC2162 + IFS="-" read cpu vendor <&2 + exit 1 + ;; + esac + ;; +esac + +# Here we canonicalize certain aliases for manufacturers. +case $vendor in + digital*) + vendor=dec + ;; + commodore*) + vendor=cbm + ;; + *) + ;; +esac + +# Decode manufacturer-specific aliases for certain operating systems. + +if test x$basic_os != x +then + +# First recognize some ad-hoc caes, or perhaps split kernel-os, or else just +# set os. +case $basic_os in + gnu/linux*) + kernel=linux + os=$(echo $basic_os | sed -e 's|gnu/linux|gnu|') + ;; + os2-emx) + kernel=os2 + os=$(echo $basic_os | sed -e 's|os2-emx|emx|') + ;; + nto-qnx*) + kernel=nto + os=$(echo $basic_os | sed -e 's|nto-qnx|qnx|') + ;; + *-*) + # shellcheck disable=SC2162 + IFS="-" read kernel os <&2 + exit 1 + ;; +esac + +# As a final step for OS-related things, validate the OS-kernel combination +# (given a valid OS), if there is a kernel. +case $kernel-$os in + linux-gnu* | linux-dietlibc* | linux-android* | linux-newlib* | linux-musl* | linux-uclibc* ) + ;; + uclinux-uclibc* ) + ;; + -dietlibc* | -newlib* | -musl* | -uclibc* ) + # These are just libc implementations, not actual OSes, and thus + # require a kernel. + echo "Invalid configuration \`$1': libc \`$os' needs explicit kernel." 1>&2 + exit 1 + ;; + kfreebsd*-gnu* | kopensolaris*-gnu*) + ;; + vxworks-simlinux | vxworks-simwindows | vxworks-spe) + ;; + nto-qnx*) + ;; + os2-emx) + ;; + *-eabi* | *-gnueabi*) + ;; + -*) + # Blank kernel with real OS is always fine. + ;; + *-*) + echo "Invalid configuration \`$1': Kernel \`$kernel' not known to work with OS \`$os'." 1>&2 + exit 1 + ;; +esac + +# Here we handle the case where we know the os, and the CPU type, but not the +# manufacturer. We pick the logical manufacturer. +case $vendor in + unknown) + case $cpu-$os in + *-riscix*) + vendor=acorn + ;; + *-sunos*) + vendor=sun + ;; + *-cnk* | *-aix*) + vendor=ibm + ;; + *-beos*) + vendor=be + ;; + *-hpux*) + vendor=hp + ;; + *-mpeix*) + vendor=hp + ;; + *-hiux*) + vendor=hitachi + ;; + *-unos*) + vendor=crds + ;; + *-dgux*) + vendor=dg + ;; + *-luna*) + vendor=omron + ;; + *-genix*) + vendor=ns + ;; + *-clix*) + vendor=intergraph + ;; + *-mvs* | *-opened*) + vendor=ibm + ;; + *-os400*) + vendor=ibm + ;; + s390-* | s390x-*) + vendor=ibm + ;; + *-ptx*) + vendor=sequent + ;; + *-tpf*) + vendor=ibm + ;; + *-vxsim* | *-vxworks* | *-windiss*) + vendor=wrs + ;; + *-aux*) + vendor=apple + ;; + *-hms*) + vendor=hitachi + ;; + *-mpw* | *-macos*) + vendor=apple + ;; + *-*mint | *-mint[0-9]* | *-*MiNT | *-MiNT[0-9]*) + vendor=atari + ;; + *-vos*) + vendor=stratus + ;; + esac + ;; +esac + +echo "$cpu-$vendor-${kernel:+$kernel-}$os" +exit + +# Local variables: +# eval: (add-hook 'before-save-hook 'time-stamp) +# time-stamp-start: "timestamp='" +# time-stamp-format: "%:y-%02m-%02d" +# time-stamp-end: "'" +# End: diff -Nru sudo-1.9.5p2/scripts/install-sh sudo-1.9.9/scripts/install-sh --- sudo-1.9.5p2/scripts/install-sh 1970-01-01 00:00:00.000000000 +0000 +++ sudo-1.9.9/scripts/install-sh 2022-01-27 21:24:07.000000000 +0000 @@ -0,0 +1,239 @@ +#! /bin/sh + +## (From INN-1.4, written by Rich Salz) +## $Revision$ +## A script to install files and directories. + +PROGNAME=`basename $0` + +## Paths to programs. CHOWN, STRIP and WHOAMI are checked below. +CHOWN=chown +CHGRP=chgrp +CHMOD=chmod +CP=cp +LN=ln +MKDIR=mkdir +MV=mv +RM=rm +STRIP=strip +WHOAMI="echo root" + +## Some systems don't support -x, so we have to use -f. +for d in /sbin /etc /usr/sbin /usr/etc; do + if [ -f $d/chown ]; then + CHOWN=${d}/chown + break + fi +done + +for d in /usr/bin /bin /usr/ucb /usr/bsd; do + if [ -f $d/whoami ]; then + WHOAMI=${d}/whoami + break + elif [ -f $d/id ]; then + WHOAMI=${d}/id | sed -n 's/^[^(]*(\([^)]*\)).*/\1/p' + fi +done + +for d in /usr/ccs/bin /usr/bin /bin; do + if [ -f $d/strip ]; then + STRIP=${d}/strip + break + fi +done + +## Defaults. +CHOWNIT=false +CHGROUPIT=false +CHMODIT=false +STRIPIT=false +BACKIT=false +TOUCHIT=true +DIRMODE=false + +# INSTALL_BACKUP is like -b but for use with libtool +if test X"${INSTALL_BACKUP}" != X""; then + BACKIT=true + BACKUP="${INSTALL_BACKUP}" +fi + +case `${WHOAMI}` in +root) + ROOT=true + ;; +*) + ROOT=false + ;; +esac + +## Process JCL. +MORETODO=true +while ${MORETODO} ; do + case X"$1" in + X-b) + BACKIT=true + BACKUP="$2" + shift + ;; + X-b*) + BACKIT=true + BACKUP="`echo \"$1\" | sed 's/^..//'`" + ;; + X-c) + # backward compatibility + ;; + X-d) + DIRMODE=true + ;; + X-g) + GROUP="$2" + CHGROUPIT=true + shift + ;; + X-g*) + GROUP="`echo \"$1\" | sed 's/^..//'`" + CHGROUPIT=true + ;; + X-G) + GROUP="$2" + shift + ${ROOT} && CHGROUPIT=true + ;; + X-G*) + if ${ROOT} ; then + GROUP="`echo \"$1\" | sed 's/^..//'`" + CHGROUPIT=true + fi + ;; + X-m) + MODE="$2" + CHMODIT=true + shift + ;; + X-m*) + MODE="`echo \"$1\" | sed 's/^..//'`" + CHMODIT=true + ;; + X-M) + MODE="$2" + ${ROOT} && CHMODIT=true + shift + ;; + X-M*) + MODE="`echo \"$1\" | sed 's/^..//'`" + ${ROOT} && CHMODIT=true + ;; + X-n) + TOUCHIT=false + ;; + X-o) + OWNER="$2" + CHOWNIT=true + shift + ;; + X-o*) + OWNER="`echo \"$1\" | sed 's/^..//'`" + CHOWNIT=true + ;; + X-O) + OWNER="$2" + shift + ${ROOT} && CHOWNIT=true + ;; + X-O*) + if ${ROOT} ; then + OWNER="`echo \"$1\" | sed 's/^..//'`" + CHOWNIT=true + fi + ;; + X-s) + STRIPIT=true + ;; + X--) + shift + MORETODO=false + ;; + X-*) + echo "${PROGNAME}: Unknown flag $1" 1>&2 + exit 1 + ;; + *) + MORETODO=false + ;; + esac + ${MORETODO} && shift +done + +## Making a directory? +if ${DIRMODE} ; then + while test $# != 0; do + DEST="$1" + if [ ! -d "${DEST}" ] ; then + ${MKDIR} "${DEST}" || exit 1 + fi + if ${CHOWNIT} ; then + ${CHOWN} "${OWNER}" "${DEST}" || exit 1 + fi + if ${CHGROUPIT} ; then + ${CHGRP} "${GROUP}" "${DEST}" || exit 1 + fi + if ${CHMODIT} ; then + ${CHMOD} "${MODE}" "${DEST}" || exit 1 + fi + shift; + done + exit 0 +fi + +## Process arguments. +if [ $# -ne 2 ] ; then + echo "Usage: ${PROGNAME} [flags] source destination" + exit 1 +fi + +## Get the destination and a temp file in the destination directory. +if [ -d "$2" ] ; then + DEST="$2/`basename $1`" + TEMP="$2/$$.tmp" +else + DEST="$2" + TEMP="`expr "$2" : '\(.*\)/.*'`/$$.tmp" +fi + +## If not given the same name, we must try to copy. +if [ X"$1" != X"$2" ] ; then + if cmp -s "$1" "${DEST}" ; then + ## Files are same; touch or not. + ${TOUCHIT} && touch "${DEST}" + else + ## If destination exists and we wish to backup, link to backup. + if [ -f "${DEST}" ] ; then + if ${BACKIT} ; then + ${RM} -f "${DEST}${BACKUP}" + ${LN} "${DEST}" "${DEST}${BACKUP}" + fi + fi + ## Copy source to the right dir, then move to right spot. + ## Done in two parts so we can hope for atomicity. + ## We need to rm DEST due to bugs in "mv -f" on some systems. + ${RM} -f "${TEMP}" || exit 1 + ${CP} "$1" "${TEMP}" || exit 1 + ${RM} -f "${DEST}" || exit 1 + ${MV} -f "${TEMP}" "${DEST}" || exit 1 + fi +fi + +## Strip and set the owner/mode. +if ${STRIPIT} ; then + ${STRIP} "${DEST}" || exit 1 +fi +if ${CHOWNIT} ; then + ${CHOWN} "${OWNER}" "${DEST}" || exit 1 +fi +if ${CHGROUPIT} ; then + ${CHGRP} "${GROUP}" "${DEST}" || exit 1 +fi +if ${CHMODIT} ; then + ${CHMOD} "${MODE}" "${DEST}" || exit 1 +fi +exit 0 diff -Nru sudo-1.9.5p2/scripts/ltmain.sh sudo-1.9.9/scripts/ltmain.sh --- sudo-1.9.5p2/scripts/ltmain.sh 1970-01-01 00:00:00.000000000 +0000 +++ sudo-1.9.9/scripts/ltmain.sh 2022-01-27 21:24:06.000000000 +0000 @@ -0,0 +1,11164 @@ +#! /bin/sh +## DO NOT EDIT - This file generated from ./build-aux/ltmain.in +## by inline-source v2014-01-03.01 + +# libtool (GNU libtool) 2.4.6 +# Provide generalized library-building support services. +# Written by Gordon Matzigkeit , 1996 + +# Copyright (C) 1996-2015 Free Software Foundation, Inc. +# This is free software; see the source for copying conditions. There is NO +# warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. + +# GNU Libtool is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 2 of the License, or +# (at your option) any later version. +# +# As a special exception to the GNU General Public License, +# if you distribute this file as part of a program or library that +# is built using GNU Libtool, you may include this file under the +# same distribution terms that you use for the rest of that program. +# +# GNU Libtool is distributed in the hope that it will be useful, but +# WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +# General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . + + +PROGRAM=libtool +PACKAGE=libtool +VERSION=2.4.6 +package_revision=2.4.6 + + +## ------ ## +## Usage. ## +## ------ ## + +# Run './libtool --help' for help with using this script from the +# command line. + + +## ------------------------------- ## +## User overridable command paths. ## +## ------------------------------- ## + +# After configure completes, it has a better idea of some of the +# shell tools we need than the defaults used by the functions shared +# with bootstrap, so set those here where they can still be over- +# ridden by the user, but otherwise take precedence. + +: ${AUTOCONF="autoconf"} +: ${AUTOMAKE="automake"} + + +## -------------------------- ## +## Source external libraries. ## +## -------------------------- ## + +# Much of our low-level functionality needs to be sourced from external +# libraries, which are installed to $pkgauxdir. + +# Set a version string for this script. +scriptversion=2015-01-20.17; # UTC + +# General shell script boiler plate, and helper functions. +# Written by Gary V. Vaughan, 2004 + +# Copyright (C) 2004-2015 Free Software Foundation, Inc. +# This is free software; see the source for copying conditions. There is NO +# warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. + +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 3 of the License, or +# (at your option) any later version. + +# As a special exception to the GNU General Public License, if you distribute +# this file as part of a program or library that is built using GNU Libtool, +# you may include this file under the same distribution terms that you use +# for the rest of that program. + +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNES FOR A PARTICULAR PURPOSE. See the GNU +# General Public License for more details. + +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . + +# Please report bugs or propose patches to gary@gnu.org. + + +## ------ ## +## Usage. ## +## ------ ## + +# Evaluate this file near the top of your script to gain access to +# the functions and variables defined here: +# +# . `echo "$0" | ${SED-sed} 's|[^/]*$||'`/build-aux/funclib.sh +# +# If you need to override any of the default environment variable +# settings, do that before evaluating this file. + + +## -------------------- ## +## Shell normalisation. ## +## -------------------- ## + +# Some shells need a little help to be as Bourne compatible as possible. +# Before doing anything else, make sure all that help has been provided! + +DUALCASE=1; export DUALCASE # for MKS sh +if test -n "${ZSH_VERSION+set}" && (emulate sh) >/dev/null 2>&1; then : + emulate sh + NULLCMD=: + # Pre-4.2 versions of Zsh do word splitting on ${1+"$@"}, which + # is contrary to our usage. Disable this feature. + alias -g '${1+"$@"}'='"$@"' + setopt NO_GLOB_SUBST +else + case `(set -o) 2>/dev/null` in *posix*) set -o posix ;; esac +fi + +# NLS nuisances: We save the old values in case they are required later. +_G_user_locale= +_G_safe_locale= +for _G_var in LANG LANGUAGE LC_ALL LC_CTYPE LC_COLLATE LC_MESSAGES +do + eval "if test set = \"\${$_G_var+set}\"; then + save_$_G_var=\$$_G_var + $_G_var=C + export $_G_var + _G_user_locale=\"$_G_var=\\\$save_\$_G_var; \$_G_user_locale\" + _G_safe_locale=\"$_G_var=C; \$_G_safe_locale\" + fi" +done + +# CDPATH. +(unset CDPATH) >/dev/null 2>&1 && unset CDPATH + +# Make sure IFS has a sensible default +sp=' ' +nl=' +' +IFS="$sp $nl" + +# There are apparently some retarded systems that use ';' as a PATH separator! +if test "${PATH_SEPARATOR+set}" != set; then + PATH_SEPARATOR=: + (PATH='/bin;/bin'; FPATH=$PATH; sh -c :) >/dev/null 2>&1 && { + (PATH='/bin:/bin'; FPATH=$PATH; sh -c :) >/dev/null 2>&1 || + PATH_SEPARATOR=';' + } +fi + + + +## ------------------------- ## +## Locate command utilities. ## +## ------------------------- ## + + +# func_executable_p FILE +# ---------------------- +# Check that FILE is an executable regular file. +func_executable_p () +{ + test -f "$1" && test -x "$1" +} + + +# func_path_progs PROGS_LIST CHECK_FUNC [PATH] +# -------------------------------------------- +# Search for either a program that responds to --version with output +# containing "GNU", or else returned by CHECK_FUNC otherwise, by +# trying all the directories in PATH with each of the elements of +# PROGS_LIST. +# +# CHECK_FUNC should accept the path to a candidate program, and +# set $func_check_prog_result if it truncates its output less than +# $_G_path_prog_max characters. +func_path_progs () +{ + _G_progs_list=$1 + _G_check_func=$2 + _G_PATH=${3-"$PATH"} + + _G_path_prog_max=0 + _G_path_prog_found=false + _G_save_IFS=$IFS; IFS=${PATH_SEPARATOR-:} + for _G_dir in $_G_PATH; do + IFS=$_G_save_IFS + test -z "$_G_dir" && _G_dir=. + for _G_prog_name in $_G_progs_list; do + for _exeext in '' .EXE; do + _G_path_prog=$_G_dir/$_G_prog_name$_exeext + func_executable_p "$_G_path_prog" || continue + case `"$_G_path_prog" --version 2>&1` in + *GNU*) func_path_progs_result=$_G_path_prog _G_path_prog_found=: ;; + *) $_G_check_func $_G_path_prog + func_path_progs_result=$func_check_prog_result + ;; + esac + $_G_path_prog_found && break 3 + done + done + done + IFS=$_G_save_IFS + test -z "$func_path_progs_result" && { + echo "no acceptable sed could be found in \$PATH" >&2 + exit 1 + } +} + + +# We want to be able to use the functions in this file before configure +# has figured out where the best binaries are kept, which means we have +# to search for them ourselves - except when the results are already set +# where we skip the searches. + +# Unless the user overrides by setting SED, search the path for either GNU +# sed, or the sed that truncates its output the least. +test -z "$SED" && { + _G_sed_script=s/aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa/bbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbb/ + for _G_i in 1 2 3 4 5 6 7; do + _G_sed_script=$_G_sed_script$nl$_G_sed_script + done + echo "$_G_sed_script" 2>/dev/null | sed 99q >conftest.sed + _G_sed_script= + + func_check_prog_sed () + { + _G_path_prog=$1 + + _G_count=0 + printf 0123456789 >conftest.in + while : + do + cat conftest.in conftest.in >conftest.tmp + mv conftest.tmp conftest.in + cp conftest.in conftest.nl + echo '' >> conftest.nl + "$_G_path_prog" -f conftest.sed conftest.out 2>/dev/null || break + diff conftest.out conftest.nl >/dev/null 2>&1 || break + _G_count=`expr $_G_count + 1` + if test "$_G_count" -gt "$_G_path_prog_max"; then + # Best one so far, save it but keep looking for a better one + func_check_prog_result=$_G_path_prog + _G_path_prog_max=$_G_count + fi + # 10*(2^10) chars as input seems more than enough + test 10 -lt "$_G_count" && break + done + rm -f conftest.in conftest.tmp conftest.nl conftest.out + } + + func_path_progs "sed gsed" func_check_prog_sed $PATH:/usr/xpg4/bin + rm -f conftest.sed + SED=$func_path_progs_result +} + + +# Unless the user overrides by setting GREP, search the path for either GNU +# grep, or the grep that truncates its output the least. +test -z "$GREP" && { + func_check_prog_grep () + { + _G_path_prog=$1 + + _G_count=0 + _G_path_prog_max=0 + printf 0123456789 >conftest.in + while : + do + cat conftest.in conftest.in >conftest.tmp + mv conftest.tmp conftest.in + cp conftest.in conftest.nl + echo 'GREP' >> conftest.nl + "$_G_path_prog" -e 'GREP$' -e '-(cannot match)-' conftest.out 2>/dev/null || break + diff conftest.out conftest.nl >/dev/null 2>&1 || break + _G_count=`expr $_G_count + 1` + if test "$_G_count" -gt "$_G_path_prog_max"; then + # Best one so far, save it but keep looking for a better one + func_check_prog_result=$_G_path_prog + _G_path_prog_max=$_G_count + fi + # 10*(2^10) chars as input seems more than enough + test 10 -lt "$_G_count" && break + done + rm -f conftest.in conftest.tmp conftest.nl conftest.out + } + + func_path_progs "grep ggrep" func_check_prog_grep $PATH:/usr/xpg4/bin + GREP=$func_path_progs_result +} + + +## ------------------------------- ## +## User overridable command paths. ## +## ------------------------------- ## + +# All uppercase variable names are used for environment variables. These +# variables can be overridden by the user before calling a script that +# uses them if a suitable command of that name is not already available +# in the command search PATH. + +: ${CP="cp -f"} +: ${ECHO="printf %s\n"} +: ${EGREP="$GREP -E"} +: ${FGREP="$GREP -F"} +: ${LN_S="ln -s"} +: ${MAKE="make"} +: ${MKDIR="mkdir"} +: ${MV="mv -f"} +: ${RM="rm -f"} +: ${SHELL="${CONFIG_SHELL-/bin/sh}"} + + +## -------------------- ## +## Useful sed snippets. ## +## -------------------- ## + +sed_dirname='s|/[^/]*$||' +sed_basename='s|^.*/||' + +# Sed substitution that helps us do robust quoting. It backslashifies +# metacharacters that are still active within double-quoted strings. +sed_quote_subst='s|\([`"$\\]\)|\\\1|g' + +# Same as above, but do not quote variable references. +sed_double_quote_subst='s/\(["`\\]\)/\\\1/g' + +# Sed substitution that turns a string into a regex matching for the +# string literally. +sed_make_literal_regex='s|[].[^$\\*\/]|\\&|g' + +# Sed substitution that converts a w32 file name or path +# that contains forward slashes, into one that contains +# (escaped) backslashes. A very naive implementation. +sed_naive_backslashify='s|\\\\*|\\|g;s|/|\\|g;s|\\|\\\\|g' + +# Re-'\' parameter expansions in output of sed_double_quote_subst that +# were '\'-ed in input to the same. If an odd number of '\' preceded a +# '$' in input to sed_double_quote_subst, that '$' was protected from +# expansion. Since each input '\' is now two '\'s, look for any number +# of runs of four '\'s followed by two '\'s and then a '$'. '\' that '$'. +_G_bs='\\' +_G_bs2='\\\\' +_G_bs4='\\\\\\\\' +_G_dollar='\$' +sed_double_backslash="\ + s/$_G_bs4/&\\ +/g + s/^$_G_bs2$_G_dollar/$_G_bs&/ + s/\\([^$_G_bs]\\)$_G_bs2$_G_dollar/\\1$_G_bs2$_G_bs$_G_dollar/g + s/\n//g" + + +## ----------------- ## +## Global variables. ## +## ----------------- ## + +# Except for the global variables explicitly listed below, the following +# functions in the '^func_' namespace, and the '^require_' namespace +# variables initialised in the 'Resource management' section, sourcing +# this file will not pollute your global namespace with anything +# else. There's no portable way to scope variables in Bourne shell +# though, so actually running these functions will sometimes place +# results into a variable named after the function, and often use +# temporary variables in the '^_G_' namespace. If you are careful to +# avoid using those namespaces casually in your sourcing script, things +# should continue to work as you expect. And, of course, you can freely +# overwrite any of the functions or variables defined here before +# calling anything to customize them. + +EXIT_SUCCESS=0 +EXIT_FAILURE=1 +EXIT_MISMATCH=63 # $? = 63 is used to indicate version mismatch to missing. +EXIT_SKIP=77 # $? = 77 is used to indicate a skipped test to automake. + +# Allow overriding, eg assuming that you follow the convention of +# putting '$debug_cmd' at the start of all your functions, you can get +# bash to show function call trace with: +# +# debug_cmd='eval echo "${FUNCNAME[0]} $*" >&2' bash your-script-name +debug_cmd=${debug_cmd-":"} +exit_cmd=: + +# By convention, finish your script with: +# +# exit $exit_status +# +# so that you can set exit_status to non-zero if you want to indicate +# something went wrong during execution without actually bailing out at +# the point of failure. +exit_status=$EXIT_SUCCESS + +# Work around backward compatibility issue on IRIX 6.5. On IRIX 6.4+, sh +# is ksh but when the shell is invoked as "sh" and the current value of +# the _XPG environment variable is not equal to 1 (one), the special +# positional parameter $0, within a function call, is the name of the +# function. +progpath=$0 + +# The name of this program. +progname=`$ECHO "$progpath" |$SED "$sed_basename"` + +# Make sure we have an absolute progpath for reexecution: +case $progpath in + [\\/]*|[A-Za-z]:\\*) ;; + *[\\/]*) + progdir=`$ECHO "$progpath" |$SED "$sed_dirname"` + progdir=`cd "$progdir" && pwd` + progpath=$progdir/$progname + ;; + *) + _G_IFS=$IFS + IFS=${PATH_SEPARATOR-:} + for progdir in $PATH; do + IFS=$_G_IFS + test -x "$progdir/$progname" && break + done + IFS=$_G_IFS + test -n "$progdir" || progdir=`pwd` + progpath=$progdir/$progname + ;; +esac + + +## ----------------- ## +## Standard options. ## +## ----------------- ## + +# The following options affect the operation of the functions defined +# below, and should be set appropriately depending on run-time para- +# meters passed on the command line. + +opt_dry_run=false +opt_quiet=false +opt_verbose=false + +# Categories 'all' and 'none' are always available. Append any others +# you will pass as the first argument to func_warning from your own +# code. +warning_categories= + +# By default, display warnings according to 'opt_warning_types'. Set +# 'warning_func' to ':' to elide all warnings, or func_fatal_error to +# treat the next displayed warning as a fatal error. +warning_func=func_warn_and_continue + +# Set to 'all' to display all warnings, 'none' to suppress all +# warnings, or a space delimited list of some subset of +# 'warning_categories' to display only the listed warnings. +opt_warning_types=all + + +## -------------------- ## +## Resource management. ## +## -------------------- ## + +# This section contains definitions for functions that each ensure a +# particular resource (a file, or a non-empty configuration variable for +# example) is available, and if appropriate to extract default values +# from pertinent package files. Call them using their associated +# 'require_*' variable to ensure that they are executed, at most, once. +# +# It's entirely deliberate that calling these functions can set +# variables that don't obey the namespace limitations obeyed by the rest +# of this file, in order that that they be as useful as possible to +# callers. + + +# require_term_colors +# ------------------- +# Allow display of bold text on terminals that support it. +require_term_colors=func_require_term_colors +func_require_term_colors () +{ + $debug_cmd + + test -t 1 && { + # COLORTERM and USE_ANSI_COLORS environment variables take + # precedence, because most terminfo databases neglect to describe + # whether color sequences are supported. + test -n "${COLORTERM+set}" && : ${USE_ANSI_COLORS="1"} + + if test 1 = "$USE_ANSI_COLORS"; then + # Standard ANSI escape sequences + tc_reset='' + tc_bold=''; tc_standout='' + tc_red=''; tc_green='' + tc_blue=''; tc_cyan='' + else + # Otherwise trust the terminfo database after all. + test -n "`tput sgr0 2>/dev/null`" && { + tc_reset=`tput sgr0` + test -n "`tput bold 2>/dev/null`" && tc_bold=`tput bold` + tc_standout=$tc_bold + test -n "`tput smso 2>/dev/null`" && tc_standout=`tput smso` + test -n "`tput setaf 1 2>/dev/null`" && tc_red=`tput setaf 1` + test -n "`tput setaf 2 2>/dev/null`" && tc_green=`tput setaf 2` + test -n "`tput setaf 4 2>/dev/null`" && tc_blue=`tput setaf 4` + test -n "`tput setaf 5 2>/dev/null`" && tc_cyan=`tput setaf 5` + } + fi + } + + require_term_colors=: +} + + +## ----------------- ## +## Function library. ## +## ----------------- ## + +# This section contains a variety of useful functions to call in your +# scripts. Take note of the portable wrappers for features provided by +# some modern shells, which will fall back to slower equivalents on +# less featureful shells. + + +# func_append VAR VALUE +# --------------------- +# Append VALUE onto the existing contents of VAR. + + # We should try to minimise forks, especially on Windows where they are + # unreasonably slow, so skip the feature probes when bash or zsh are + # being used: + if test set = "${BASH_VERSION+set}${ZSH_VERSION+set}"; then + : ${_G_HAVE_ARITH_OP="yes"} + : ${_G_HAVE_XSI_OPS="yes"} + # The += operator was introduced in bash 3.1 + case $BASH_VERSION in + [12].* | 3.0 | 3.0*) ;; + *) + : ${_G_HAVE_PLUSEQ_OP="yes"} + ;; + esac + fi + + # _G_HAVE_PLUSEQ_OP + # Can be empty, in which case the shell is probed, "yes" if += is + # useable or anything else if it does not work. + test -z "$_G_HAVE_PLUSEQ_OP" \ + && (eval 'x=a; x+=" b"; test "a b" = "$x"') 2>/dev/null \ + && _G_HAVE_PLUSEQ_OP=yes + +if test yes = "$_G_HAVE_PLUSEQ_OP" +then + # This is an XSI compatible shell, allowing a faster implementation... + eval 'func_append () + { + $debug_cmd + + eval "$1+=\$2" + }' +else + # ...otherwise fall back to using expr, which is often a shell builtin. + func_append () + { + $debug_cmd + + eval "$1=\$$1\$2" + } +fi + + +# func_append_quoted VAR VALUE +# ---------------------------- +# Quote VALUE and append to the end of shell variable VAR, separated +# by a space. +if test yes = "$_G_HAVE_PLUSEQ_OP"; then + eval 'func_append_quoted () + { + $debug_cmd + + func_quote_for_eval "$2" + eval "$1+=\\ \$func_quote_for_eval_result" + }' +else + func_append_quoted () + { + $debug_cmd + + func_quote_for_eval "$2" + eval "$1=\$$1\\ \$func_quote_for_eval_result" + } +fi + + +# func_append_uniq VAR VALUE +# -------------------------- +# Append unique VALUE onto the existing contents of VAR, assuming +# entries are delimited by the first character of VALUE. For example: +# +# func_append_uniq options " --another-option option-argument" +# +# will only append to $options if " --another-option option-argument " +# is not already present somewhere in $options already (note spaces at +# each end implied by leading space in second argument). +func_append_uniq () +{ + $debug_cmd + + eval _G_current_value='`$ECHO $'$1'`' + _G_delim=`expr "$2" : '\(.\)'` + + case $_G_delim$_G_current_value$_G_delim in + *"$2$_G_delim"*) ;; + *) func_append "$@" ;; + esac +} + + +# func_arith TERM... +# ------------------ +# Set func_arith_result to the result of evaluating TERMs. + test -z "$_G_HAVE_ARITH_OP" \ + && (eval 'test 2 = $(( 1 + 1 ))') 2>/dev/null \ + && _G_HAVE_ARITH_OP=yes + +if test yes = "$_G_HAVE_ARITH_OP"; then + eval 'func_arith () + { + $debug_cmd + + func_arith_result=$(( $* )) + }' +else + func_arith () + { + $debug_cmd + + func_arith_result=`expr "$@"` + } +fi + + +# func_basename FILE +# ------------------ +# Set func_basename_result to FILE with everything up to and including +# the last / stripped. +if test yes = "$_G_HAVE_XSI_OPS"; then + # If this shell supports suffix pattern removal, then use it to avoid + # forking. Hide the definitions single quotes in case the shell chokes + # on unsupported syntax... + _b='func_basename_result=${1##*/}' + _d='case $1 in + */*) func_dirname_result=${1%/*}$2 ;; + * ) func_dirname_result=$3 ;; + esac' + +else + # ...otherwise fall back to using sed. + _b='func_basename_result=`$ECHO "$1" |$SED "$sed_basename"`' + _d='func_dirname_result=`$ECHO "$1" |$SED "$sed_dirname"` + if test "X$func_dirname_result" = "X$1"; then + func_dirname_result=$3 + else + func_append func_dirname_result "$2" + fi' +fi + +eval 'func_basename () +{ + $debug_cmd + + '"$_b"' +}' + + +# func_dirname FILE APPEND NONDIR_REPLACEMENT +# ------------------------------------------- +# Compute the dirname of FILE. If nonempty, add APPEND to the result, +# otherwise set result to NONDIR_REPLACEMENT. +eval 'func_dirname () +{ + $debug_cmd + + '"$_d"' +}' + + +# func_dirname_and_basename FILE APPEND NONDIR_REPLACEMENT +# -------------------------------------------------------- +# Perform func_basename and func_dirname in a single function +# call: +# dirname: Compute the dirname of FILE. If nonempty, +# add APPEND to the result, otherwise set result +# to NONDIR_REPLACEMENT. +# value returned in "$func_dirname_result" +# basename: Compute filename of FILE. +# value retuned in "$func_basename_result" +# For efficiency, we do not delegate to the functions above but instead +# duplicate the functionality here. +eval 'func_dirname_and_basename () +{ + $debug_cmd + + '"$_b"' + '"$_d"' +}' + + +# func_echo ARG... +# ---------------- +# Echo program name prefixed message. +func_echo () +{ + $debug_cmd + + _G_message=$* + + func_echo_IFS=$IFS + IFS=$nl + for _G_line in $_G_message; do + IFS=$func_echo_IFS + $ECHO "$progname: $_G_line" + done + IFS=$func_echo_IFS +} + + +# func_echo_all ARG... +# -------------------- +# Invoke $ECHO with all args, space-separated. +func_echo_all () +{ + $ECHO "$*" +} + + +# func_echo_infix_1 INFIX ARG... +# ------------------------------ +# Echo program name, followed by INFIX on the first line, with any +# additional lines not showing INFIX. +func_echo_infix_1 () +{ + $debug_cmd + + $require_term_colors + + _G_infix=$1; shift + _G_indent=$_G_infix + _G_prefix="$progname: $_G_infix: " + _G_message=$* + + # Strip color escape sequences before counting printable length + for _G_tc in "$tc_reset" "$tc_bold" "$tc_standout" "$tc_red" "$tc_green" "$tc_blue" "$tc_cyan" + do + test -n "$_G_tc" && { + _G_esc_tc=`$ECHO "$_G_tc" | $SED "$sed_make_literal_regex"` + _G_indent=`$ECHO "$_G_indent" | $SED "s|$_G_esc_tc||g"` + } + done + _G_indent="$progname: "`echo "$_G_indent" | $SED 's|.| |g'`" " ## exclude from sc_prohibit_nested_quotes + + func_echo_infix_1_IFS=$IFS + IFS=$nl + for _G_line in $_G_message; do + IFS=$func_echo_infix_1_IFS + $ECHO "$_G_prefix$tc_bold$_G_line$tc_reset" >&2 + _G_prefix=$_G_indent + done + IFS=$func_echo_infix_1_IFS +} + + +# func_error ARG... +# ----------------- +# Echo program name prefixed message to standard error. +func_error () +{ + $debug_cmd + + $require_term_colors + + func_echo_infix_1 " $tc_standout${tc_red}error$tc_reset" "$*" >&2 +} + + +# func_fatal_error ARG... +# ----------------------- +# Echo program name prefixed message to standard error, and exit. +func_fatal_error () +{ + $debug_cmd + + func_error "$*" + exit $EXIT_FAILURE +} + + +# func_grep EXPRESSION FILENAME +# ----------------------------- +# Check whether EXPRESSION matches any line of FILENAME, without output. +func_grep () +{ + $debug_cmd + + $GREP "$1" "$2" >/dev/null 2>&1 +} + + +# func_len STRING +# --------------- +# Set func_len_result to the length of STRING. STRING may not +# start with a hyphen. + test -z "$_G_HAVE_XSI_OPS" \ + && (eval 'x=a/b/c; + test 5aa/bb/cc = "${#x}${x%%/*}${x%/*}${x#*/}${x##*/}"') 2>/dev/null \ + && _G_HAVE_XSI_OPS=yes + +if test yes = "$_G_HAVE_XSI_OPS"; then + eval 'func_len () + { + $debug_cmd + + func_len_result=${#1} + }' +else + func_len () + { + $debug_cmd + + func_len_result=`expr "$1" : ".*" 2>/dev/null || echo $max_cmd_len` + } +fi + + +# func_mkdir_p DIRECTORY-PATH +# --------------------------- +# Make sure the entire path to DIRECTORY-PATH is available. +func_mkdir_p () +{ + $debug_cmd + + _G_directory_path=$1 + _G_dir_list= + + if test -n "$_G_directory_path" && test : != "$opt_dry_run"; then + + # Protect directory names starting with '-' + case $_G_directory_path in + -*) _G_directory_path=./$_G_directory_path ;; + esac + + # While some portion of DIR does not yet exist... + while test ! -d "$_G_directory_path"; do + # ...make a list in topmost first order. Use a colon delimited + # list incase some portion of path contains whitespace. + _G_dir_list=$_G_directory_path:$_G_dir_list + + # If the last portion added has no slash in it, the list is done + case $_G_directory_path in */*) ;; *) break ;; esac + + # ...otherwise throw away the child directory and loop + _G_directory_path=`$ECHO "$_G_directory_path" | $SED -e "$sed_dirname"` + done + _G_dir_list=`$ECHO "$_G_dir_list" | $SED 's|:*$||'` + + func_mkdir_p_IFS=$IFS; IFS=: + for _G_dir in $_G_dir_list; do + IFS=$func_mkdir_p_IFS + # mkdir can fail with a 'File exist' error if two processes + # try to create one of the directories concurrently. Don't + # stop in that case! + $MKDIR "$_G_dir" 2>/dev/null || : + done + IFS=$func_mkdir_p_IFS + + # Bail out if we (or some other process) failed to create a directory. + test -d "$_G_directory_path" || \ + func_fatal_error "Failed to create '$1'" + fi +} + + +# func_mktempdir [BASENAME] +# ------------------------- +# Make a temporary directory that won't clash with other running +# libtool processes, and avoids race conditions if possible. If +# given, BASENAME is the basename for that directory. +func_mktempdir () +{ + $debug_cmd + + _G_template=${TMPDIR-/tmp}/${1-$progname} + + if test : = "$opt_dry_run"; then + # Return a directory name, but don't create it in dry-run mode + _G_tmpdir=$_G_template-$$ + else + + # If mktemp works, use that first and foremost + _G_tmpdir=`mktemp -d "$_G_template-XXXXXXXX" 2>/dev/null` + + if test ! -d "$_G_tmpdir"; then + # Failing that, at least try and use $RANDOM to avoid a race + _G_tmpdir=$_G_template-${RANDOM-0}$$ + + func_mktempdir_umask=`umask` + umask 0077 + $MKDIR "$_G_tmpdir" + umask $func_mktempdir_umask + fi + + # If we're not in dry-run mode, bomb out on failure + test -d "$_G_tmpdir" || \ + func_fatal_error "cannot create temporary directory '$_G_tmpdir'" + fi + + $ECHO "$_G_tmpdir" +} + + +# func_normal_abspath PATH +# ------------------------ +# Remove doubled-up and trailing slashes, "." path components, +# and cancel out any ".." path components in PATH after making +# it an absolute path. +func_normal_abspath () +{ + $debug_cmd + + # These SED scripts presuppose an absolute path with a trailing slash. + _G_pathcar='s|^/\([^/]*\).*$|\1|' + _G_pathcdr='s|^/[^/]*||' + _G_removedotparts=':dotsl + s|/\./|/|g + t dotsl + s|/\.$|/|' + _G_collapseslashes='s|/\{1,\}|/|g' + _G_finalslash='s|/*$|/|' + + # Start from root dir and reassemble the path. + func_normal_abspath_result= + func_normal_abspath_tpath=$1 + func_normal_abspath_altnamespace= + case $func_normal_abspath_tpath in + "") + # Empty path, that just means $cwd. + func_stripname '' '/' "`pwd`" + func_normal_abspath_result=$func_stripname_result + return + ;; + # The next three entries are used to spot a run of precisely + # two leading slashes without using negated character classes; + # we take advantage of case's first-match behaviour. + ///*) + # Unusual form of absolute path, do nothing. + ;; + //*) + # Not necessarily an ordinary path; POSIX reserves leading '//' + # and for example Cygwin uses it to access remote file shares + # over CIFS/SMB, so we conserve a leading double slash if found. + func_normal_abspath_altnamespace=/ + ;; + /*) + # Absolute path, do nothing. + ;; + *) + # Relative path, prepend $cwd. + func_normal_abspath_tpath=`pwd`/$func_normal_abspath_tpath + ;; + esac + + # Cancel out all the simple stuff to save iterations. We also want + # the path to end with a slash for ease of parsing, so make sure + # there is one (and only one) here. + func_normal_abspath_tpath=`$ECHO "$func_normal_abspath_tpath" | $SED \ + -e "$_G_removedotparts" -e "$_G_collapseslashes" -e "$_G_finalslash"` + while :; do + # Processed it all yet? + if test / = "$func_normal_abspath_tpath"; then + # If we ascended to the root using ".." the result may be empty now. + if test -z "$func_normal_abspath_result"; then + func_normal_abspath_result=/ + fi + break + fi + func_normal_abspath_tcomponent=`$ECHO "$func_normal_abspath_tpath" | $SED \ + -e "$_G_pathcar"` + func_normal_abspath_tpath=`$ECHO "$func_normal_abspath_tpath" | $SED \ + -e "$_G_pathcdr"` + # Figure out what to do with it + case $func_normal_abspath_tcomponent in + "") + # Trailing empty path component, ignore it. + ;; + ..) + # Parent dir; strip last assembled component from result. + func_dirname "$func_normal_abspath_result" + func_normal_abspath_result=$func_dirname_result + ;; + *) + # Actual path component, append it. + func_append func_normal_abspath_result "/$func_normal_abspath_tcomponent" + ;; + esac + done + # Restore leading double-slash if one was found on entry. + func_normal_abspath_result=$func_normal_abspath_altnamespace$func_normal_abspath_result +} + + +# func_notquiet ARG... +# -------------------- +# Echo program name prefixed message only when not in quiet mode. +func_notquiet () +{ + $debug_cmd + + $opt_quiet || func_echo ${1+"$@"} + + # A bug in bash halts the script if the last line of a function + # fails when set -e is in force, so we need another command to + # work around that: + : +} + + +# func_relative_path SRCDIR DSTDIR +# -------------------------------- +# Set func_relative_path_result to the relative path from SRCDIR to DSTDIR. +func_relative_path () +{ + $debug_cmd + + func_relative_path_result= + func_normal_abspath "$1" + func_relative_path_tlibdir=$func_normal_abspath_result + func_normal_abspath "$2" + func_relative_path_tbindir=$func_normal_abspath_result + + # Ascend the tree starting from libdir + while :; do + # check if we have found a prefix of bindir + case $func_relative_path_tbindir in + $func_relative_path_tlibdir) + # found an exact match + func_relative_path_tcancelled= + break + ;; + $func_relative_path_tlibdir*) + # found a matching prefix + func_stripname "$func_relative_path_tlibdir" '' "$func_relative_path_tbindir" + func_relative_path_tcancelled=$func_stripname_result + if test -z "$func_relative_path_result"; then + func_relative_path_result=. + fi + break + ;; + *) + func_dirname $func_relative_path_tlibdir + func_relative_path_tlibdir=$func_dirname_result + if test -z "$func_relative_path_tlibdir"; then + # Have to descend all the way to the root! + func_relative_path_result=../$func_relative_path_result + func_relative_path_tcancelled=$func_relative_path_tbindir + break + fi + func_relative_path_result=../$func_relative_path_result + ;; + esac + done + + # Now calculate path; take care to avoid doubling-up slashes. + func_stripname '' '/' "$func_relative_path_result" + func_relative_path_result=$func_stripname_result + func_stripname '/' '/' "$func_relative_path_tcancelled" + if test -n "$func_stripname_result"; then + func_append func_relative_path_result "/$func_stripname_result" + fi + + # Normalisation. If bindir is libdir, return '.' else relative path. + if test -n "$func_relative_path_result"; then + func_stripname './' '' "$func_relative_path_result" + func_relative_path_result=$func_stripname_result + fi + + test -n "$func_relative_path_result" || func_relative_path_result=. + + : +} + + +# func_quote_for_eval ARG... +# -------------------------- +# Aesthetically quote ARGs to be evaled later. +# This function returns two values: +# i) func_quote_for_eval_result +# double-quoted, suitable for a subsequent eval +# ii) func_quote_for_eval_unquoted_result +# has all characters that are still active within double +# quotes backslashified. +func_quote_for_eval () +{ + $debug_cmd + + func_quote_for_eval_unquoted_result= + func_quote_for_eval_result= + while test 0 -lt $#; do + case $1 in + *[\\\`\"\$]*) + _G_unquoted_arg=`printf '%s\n' "$1" |$SED "$sed_quote_subst"` ;; + *) + _G_unquoted_arg=$1 ;; + esac + if test -n "$func_quote_for_eval_unquoted_result"; then + func_append func_quote_for_eval_unquoted_result " $_G_unquoted_arg" + else + func_append func_quote_for_eval_unquoted_result "$_G_unquoted_arg" + fi + + case $_G_unquoted_arg in + # Double-quote args containing shell metacharacters to delay + # word splitting, command substitution and variable expansion + # for a subsequent eval. + # Many Bourne shells cannot handle close brackets correctly + # in scan sets, so we specify it separately. + *[\[\~\#\^\&\*\(\)\{\}\|\;\<\>\?\'\ \ ]*|*]*|"") + _G_quoted_arg=\"$_G_unquoted_arg\" + ;; + *) + _G_quoted_arg=$_G_unquoted_arg + ;; + esac + + if test -n "$func_quote_for_eval_result"; then + func_append func_quote_for_eval_result " $_G_quoted_arg" + else + func_append func_quote_for_eval_result "$_G_quoted_arg" + fi + shift + done +} + + +# func_quote_for_expand ARG +# ------------------------- +# Aesthetically quote ARG to be evaled later; same as above, +# but do not quote variable references. +func_quote_for_expand () +{ + $debug_cmd + + case $1 in + *[\\\`\"]*) + _G_arg=`$ECHO "$1" | $SED \ + -e "$sed_double_quote_subst" -e "$sed_double_backslash"` ;; + *) + _G_arg=$1 ;; + esac + + case $_G_arg in + # Double-quote args containing shell metacharacters to delay + # word splitting and command substitution for a subsequent eval. + # Many Bourne shells cannot handle close brackets correctly + # in scan sets, so we specify it separately. + *[\[\~\#\^\&\*\(\)\{\}\|\;\<\>\?\'\ \ ]*|*]*|"") + _G_arg=\"$_G_arg\" + ;; + esac + + func_quote_for_expand_result=$_G_arg +} + + +# func_stripname PREFIX SUFFIX NAME +# --------------------------------- +# strip PREFIX and SUFFIX from NAME, and store in func_stripname_result. +# PREFIX and SUFFIX must not contain globbing or regex special +# characters, hashes, percent signs, but SUFFIX may contain a leading +# dot (in which case that matches only a dot). +if test yes = "$_G_HAVE_XSI_OPS"; then + eval 'func_stripname () + { + $debug_cmd + + # pdksh 5.2.14 does not do ${X%$Y} correctly if both X and Y are + # positional parameters, so assign one to ordinary variable first. + func_stripname_result=$3 + func_stripname_result=${func_stripname_result#"$1"} + func_stripname_result=${func_stripname_result%"$2"} + }' +else + func_stripname () + { + $debug_cmd + + case $2 in + .*) func_stripname_result=`$ECHO "$3" | $SED -e "s%^$1%%" -e "s%\\\\$2\$%%"`;; + *) func_stripname_result=`$ECHO "$3" | $SED -e "s%^$1%%" -e "s%$2\$%%"`;; + esac + } +fi + + +# func_show_eval CMD [FAIL_EXP] +# ----------------------------- +# Unless opt_quiet is true, then output CMD. Then, if opt_dryrun is +# not true, evaluate CMD. If the evaluation of CMD fails, and FAIL_EXP +# is given, then evaluate it. +func_show_eval () +{ + $debug_cmd + + _G_cmd=$1 + _G_fail_exp=${2-':'} + + func_quote_for_expand "$_G_cmd" + eval "func_notquiet $func_quote_for_expand_result" + + $opt_dry_run || { + eval "$_G_cmd" + _G_status=$? + if test 0 -ne "$_G_status"; then + eval "(exit $_G_status); $_G_fail_exp" + fi + } +} + + +# func_show_eval_locale CMD [FAIL_EXP] +# ------------------------------------ +# Unless opt_quiet is true, then output CMD. Then, if opt_dryrun is +# not true, evaluate CMD. If the evaluation of CMD fails, and FAIL_EXP +# is given, then evaluate it. Use the saved locale for evaluation. +func_show_eval_locale () +{ + $debug_cmd + + _G_cmd=$1 + _G_fail_exp=${2-':'} + + $opt_quiet || { + func_quote_for_expand "$_G_cmd" + eval "func_echo $func_quote_for_expand_result" + } + + $opt_dry_run || { + eval "$_G_user_locale + $_G_cmd" + _G_status=$? + eval "$_G_safe_locale" + if test 0 -ne "$_G_status"; then + eval "(exit $_G_status); $_G_fail_exp" + fi + } +} + + +# func_tr_sh +# ---------- +# Turn $1 into a string suitable for a shell variable name. +# Result is stored in $func_tr_sh_result. All characters +# not in the set a-zA-Z0-9_ are replaced with '_'. Further, +# if $1 begins with a digit, a '_' is prepended as well. +func_tr_sh () +{ + $debug_cmd + + case $1 in + [0-9]* | *[!a-zA-Z0-9_]*) + func_tr_sh_result=`$ECHO "$1" | $SED -e 's/^\([0-9]\)/_\1/' -e 's/[^a-zA-Z0-9_]/_/g'` + ;; + * ) + func_tr_sh_result=$1 + ;; + esac +} + + +# func_verbose ARG... +# ------------------- +# Echo program name prefixed message in verbose mode only. +func_verbose () +{ + $debug_cmd + + $opt_verbose && func_echo "$*" + + : +} + + +# func_warn_and_continue ARG... +# ----------------------------- +# Echo program name prefixed warning message to standard error. +func_warn_and_continue () +{ + $debug_cmd + + $require_term_colors + + func_echo_infix_1 "${tc_red}warning$tc_reset" "$*" >&2 +} + + +# func_warning CATEGORY ARG... +# ---------------------------- +# Echo program name prefixed warning message to standard error. Warning +# messages can be filtered according to CATEGORY, where this function +# elides messages where CATEGORY is not listed in the global variable +# 'opt_warning_types'. +func_warning () +{ + $debug_cmd + + # CATEGORY must be in the warning_categories list! + case " $warning_categories " in + *" $1 "*) ;; + *) func_internal_error "invalid warning category '$1'" ;; + esac + + _G_category=$1 + shift + + case " $opt_warning_types " in + *" $_G_category "*) $warning_func ${1+"$@"} ;; + esac +} + + +# func_sort_ver VER1 VER2 +# ----------------------- +# 'sort -V' is not generally available. +# Note this deviates from the version comparison in automake +# in that it treats 1.5 < 1.5.0, and treats 1.4.4a < 1.4-p3a +# but this should suffice as we won't be specifying old +# version formats or redundant trailing .0 in bootstrap.conf. +# If we did want full compatibility then we should probably +# use m4_version_compare from autoconf. +func_sort_ver () +{ + $debug_cmd + + printf '%s\n%s\n' "$1" "$2" \ + | sort -t. -k 1,1n -k 2,2n -k 3,3n -k 4,4n -k 5,5n -k 6,6n -k 7,7n -k 8,8n -k 9,9n +} + +# func_lt_ver PREV CURR +# --------------------- +# Return true if PREV and CURR are in the correct order according to +# func_sort_ver, otherwise false. Use it like this: +# +# func_lt_ver "$prev_ver" "$proposed_ver" || func_fatal_error "..." +func_lt_ver () +{ + $debug_cmd + + test "x$1" = x`func_sort_ver "$1" "$2" | $SED 1q` +} + + +# Local variables: +# mode: shell-script +# sh-indentation: 2 +# eval: (add-hook 'before-save-hook 'time-stamp) +# time-stamp-pattern: "10/scriptversion=%:y-%02m-%02d.%02H; # UTC" +# time-stamp-time-zone: "UTC" +# End: +#! /bin/sh + +# Set a version string for this script. +scriptversion=2014-01-07.03; # UTC + +# A portable, pluggable option parser for Bourne shell. +# Written by Gary V. Vaughan, 2010 + +# Copyright (C) 2010-2015 Free Software Foundation, Inc. +# This is free software; see the source for copying conditions. There is NO +# warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. + +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. + +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. + +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . + +# Please report bugs or propose patches to gary@gnu.org. + + +## ------ ## +## Usage. ## +## ------ ## + +# This file is a library for parsing options in your shell scripts along +# with assorted other useful supporting features that you can make use +# of too. +# +# For the simplest scripts you might need only: +# +# #!/bin/sh +# . relative/path/to/funclib.sh +# . relative/path/to/options-parser +# scriptversion=1.0 +# func_options ${1+"$@"} +# eval set dummy "$func_options_result"; shift +# ...rest of your script... +# +# In order for the '--version' option to work, you will need to have a +# suitably formatted comment like the one at the top of this file +# starting with '# Written by ' and ending with '# warranty; '. +# +# For '-h' and '--help' to work, you will also need a one line +# description of your script's purpose in a comment directly above the +# '# Written by ' line, like the one at the top of this file. +# +# The default options also support '--debug', which will turn on shell +# execution tracing (see the comment above debug_cmd below for another +# use), and '--verbose' and the func_verbose function to allow your script +# to display verbose messages only when your user has specified +# '--verbose'. +# +# After sourcing this file, you can plug processing for additional +# options by amending the variables from the 'Configuration' section +# below, and following the instructions in the 'Option parsing' +# section further down. + +## -------------- ## +## Configuration. ## +## -------------- ## + +# You should override these variables in your script after sourcing this +# file so that they reflect the customisations you have added to the +# option parser. + +# The usage line for option parsing errors and the start of '-h' and +# '--help' output messages. You can embed shell variables for delayed +# expansion at the time the message is displayed, but you will need to +# quote other shell meta-characters carefully to prevent them being +# expanded when the contents are evaled. +usage='$progpath [OPTION]...' + +# Short help message in response to '-h' and '--help'. Add to this or +# override it after sourcing this library to reflect the full set of +# options your script accepts. +usage_message="\ + --debug enable verbose shell tracing + -W, --warnings=CATEGORY + report the warnings falling in CATEGORY [all] + -v, --verbose verbosely report processing + --version print version information and exit + -h, --help print short or long help message and exit +" + +# Additional text appended to 'usage_message' in response to '--help'. +long_help_message=" +Warning categories include: + 'all' show all warnings + 'none' turn off all the warnings + 'error' warnings are treated as fatal errors" + +# Help message printed before fatal option parsing errors. +fatal_help="Try '\$progname --help' for more information." + + + +## ------------------------- ## +## Hook function management. ## +## ------------------------- ## + +# This section contains functions for adding, removing, and running hooks +# to the main code. A hook is just a named list of of function, that can +# be run in order later on. + +# func_hookable FUNC_NAME +# ----------------------- +# Declare that FUNC_NAME will run hooks added with +# 'func_add_hook FUNC_NAME ...'. +func_hookable () +{ + $debug_cmd + + func_append hookable_fns " $1" +} + + +# func_add_hook FUNC_NAME HOOK_FUNC +# --------------------------------- +# Request that FUNC_NAME call HOOK_FUNC before it returns. FUNC_NAME must +# first have been declared "hookable" by a call to 'func_hookable'. +func_add_hook () +{ + $debug_cmd + + case " $hookable_fns " in + *" $1 "*) ;; + *) func_fatal_error "'$1' does not accept hook functions." ;; + esac + + eval func_append ${1}_hooks '" $2"' +} + + +# func_remove_hook FUNC_NAME HOOK_FUNC +# ------------------------------------ +# Remove HOOK_FUNC from the list of functions called by FUNC_NAME. +func_remove_hook () +{ + $debug_cmd + + eval ${1}_hooks='`$ECHO "\$'$1'_hooks" |$SED "s| '$2'||"`' +} + + +# func_run_hooks FUNC_NAME [ARG]... +# --------------------------------- +# Run all hook functions registered to FUNC_NAME. +# It is assumed that the list of hook functions contains nothing more +# than a whitespace-delimited list of legal shell function names, and +# no effort is wasted trying to catch shell meta-characters or preserve +# whitespace. +func_run_hooks () +{ + $debug_cmd + + case " $hookable_fns " in + *" $1 "*) ;; + *) func_fatal_error "'$1' does not support hook funcions.n" ;; + esac + + eval _G_hook_fns=\$$1_hooks; shift + + for _G_hook in $_G_hook_fns; do + eval $_G_hook '"$@"' + + # store returned options list back into positional + # parameters for next 'cmd' execution. + eval _G_hook_result=\$${_G_hook}_result + eval set dummy "$_G_hook_result"; shift + done + + func_quote_for_eval ${1+"$@"} + func_run_hooks_result=$func_quote_for_eval_result +} + + + +## --------------- ## +## Option parsing. ## +## --------------- ## + +# In order to add your own option parsing hooks, you must accept the +# full positional parameter list in your hook function, remove any +# options that you action, and then pass back the remaining unprocessed +# options in '_result', escaped suitably for +# 'eval'. Like this: +# +# my_options_prep () +# { +# $debug_cmd +# +# # Extend the existing usage message. +# usage_message=$usage_message' +# -s, --silent don'\''t print informational messages +# ' +# +# func_quote_for_eval ${1+"$@"} +# my_options_prep_result=$func_quote_for_eval_result +# } +# func_add_hook func_options_prep my_options_prep +# +# +# my_silent_option () +# { +# $debug_cmd +# +# # Note that for efficiency, we parse as many options as we can +# # recognise in a loop before passing the remainder back to the +# # caller on the first unrecognised argument we encounter. +# while test $# -gt 0; do +# opt=$1; shift +# case $opt in +# --silent|-s) opt_silent=: ;; +# # Separate non-argument short options: +# -s*) func_split_short_opt "$_G_opt" +# set dummy "$func_split_short_opt_name" \ +# "-$func_split_short_opt_arg" ${1+"$@"} +# shift +# ;; +# *) set dummy "$_G_opt" "$*"; shift; break ;; +# esac +# done +# +# func_quote_for_eval ${1+"$@"} +# my_silent_option_result=$func_quote_for_eval_result +# } +# func_add_hook func_parse_options my_silent_option +# +# +# my_option_validation () +# { +# $debug_cmd +# +# $opt_silent && $opt_verbose && func_fatal_help "\ +# '--silent' and '--verbose' options are mutually exclusive." +# +# func_quote_for_eval ${1+"$@"} +# my_option_validation_result=$func_quote_for_eval_result +# } +# func_add_hook func_validate_options my_option_validation +# +# You'll alse need to manually amend $usage_message to reflect the extra +# options you parse. It's preferable to append if you can, so that +# multiple option parsing hooks can be added safely. + + +# func_options [ARG]... +# --------------------- +# All the functions called inside func_options are hookable. See the +# individual implementations for details. +func_hookable func_options +func_options () +{ + $debug_cmd + + func_options_prep ${1+"$@"} + eval func_parse_options \ + ${func_options_prep_result+"$func_options_prep_result"} + eval func_validate_options \ + ${func_parse_options_result+"$func_parse_options_result"} + + eval func_run_hooks func_options \ + ${func_validate_options_result+"$func_validate_options_result"} + + # save modified positional parameters for caller + func_options_result=$func_run_hooks_result +} + + +# func_options_prep [ARG]... +# -------------------------- +# All initialisations required before starting the option parse loop. +# Note that when calling hook functions, we pass through the list of +# positional parameters. If a hook function modifies that list, and +# needs to propogate that back to rest of this script, then the complete +# modified list must be put in 'func_run_hooks_result' before +# returning. +func_hookable func_options_prep +func_options_prep () +{ + $debug_cmd + + # Option defaults: + opt_verbose=false + opt_warning_types= + + func_run_hooks func_options_prep ${1+"$@"} + + # save modified positional parameters for caller + func_options_prep_result=$func_run_hooks_result +} + + +# func_parse_options [ARG]... +# --------------------------- +# The main option parsing loop. +func_hookable func_parse_options +func_parse_options () +{ + $debug_cmd + + func_parse_options_result= + + # this just eases exit handling + while test $# -gt 0; do + # Defer to hook functions for initial option parsing, so they + # get priority in the event of reusing an option name. + func_run_hooks func_parse_options ${1+"$@"} + + # Adjust func_parse_options positional parameters to match + eval set dummy "$func_run_hooks_result"; shift + + # Break out of the loop if we already parsed every option. + test $# -gt 0 || break + + _G_opt=$1 + shift + case $_G_opt in + --debug|-x) debug_cmd='set -x' + func_echo "enabling shell trace mode" + $debug_cmd + ;; + + --no-warnings|--no-warning|--no-warn) + set dummy --warnings none ${1+"$@"} + shift + ;; + + --warnings|--warning|-W) + test $# = 0 && func_missing_arg $_G_opt && break + case " $warning_categories $1" in + *" $1 "*) + # trailing space prevents matching last $1 above + func_append_uniq opt_warning_types " $1" + ;; + *all) + opt_warning_types=$warning_categories + ;; + *none) + opt_warning_types=none + warning_func=: + ;; + *error) + opt_warning_types=$warning_categories + warning_func=func_fatal_error + ;; + *) + func_fatal_error \ + "unsupported warning category: '$1'" + ;; + esac + shift + ;; + + --verbose|-v) opt_verbose=: ;; + --version) func_version ;; + -\?|-h) func_usage ;; + --help) func_help ;; + + # Separate optargs to long options (plugins may need this): + --*=*) func_split_equals "$_G_opt" + set dummy "$func_split_equals_lhs" \ + "$func_split_equals_rhs" ${1+"$@"} + shift + ;; + + # Separate optargs to short options: + -W*) + func_split_short_opt "$_G_opt" + set dummy "$func_split_short_opt_name" \ + "$func_split_short_opt_arg" ${1+"$@"} + shift + ;; + + # Separate non-argument short options: + -\?*|-h*|-v*|-x*) + func_split_short_opt "$_G_opt" + set dummy "$func_split_short_opt_name" \ + "-$func_split_short_opt_arg" ${1+"$@"} + shift + ;; + + --) break ;; + -*) func_fatal_help "unrecognised option: '$_G_opt'" ;; + *) set dummy "$_G_opt" ${1+"$@"}; shift; break ;; + esac + done + + # save modified positional parameters for caller + func_quote_for_eval ${1+"$@"} + func_parse_options_result=$func_quote_for_eval_result +} + + +# func_validate_options [ARG]... +# ------------------------------ +# Perform any sanity checks on option settings and/or unconsumed +# arguments. +func_hookable func_validate_options +func_validate_options () +{ + $debug_cmd + + # Display all warnings if -W was not given. + test -n "$opt_warning_types" || opt_warning_types=" $warning_categories" + + func_run_hooks func_validate_options ${1+"$@"} + + # Bail if the options were screwed! + $exit_cmd $EXIT_FAILURE + + # save modified positional parameters for caller + func_validate_options_result=$func_run_hooks_result +} + + + +## ----------------- ## +## Helper functions. ## +## ----------------- ## + +# This section contains the helper functions used by the rest of the +# hookable option parser framework in ascii-betical order. + + +# func_fatal_help ARG... +# ---------------------- +# Echo program name prefixed message to standard error, followed by +# a help hint, and exit. +func_fatal_help () +{ + $debug_cmd + + eval \$ECHO \""Usage: $usage"\" + eval \$ECHO \""$fatal_help"\" + func_error ${1+"$@"} + exit $EXIT_FAILURE +} + + +# func_help +# --------- +# Echo long help message to standard output and exit. +func_help () +{ + $debug_cmd + + func_usage_message + $ECHO "$long_help_message" + exit 0 +} + + +# func_missing_arg ARGNAME +# ------------------------ +# Echo program name prefixed message to standard error and set global +# exit_cmd. +func_missing_arg () +{ + $debug_cmd + + func_error "Missing argument for '$1'." + exit_cmd=exit +} + + +# func_split_equals STRING +# ------------------------ +# Set func_split_equals_lhs and func_split_equals_rhs shell variables after +# splitting STRING at the '=' sign. +test -z "$_G_HAVE_XSI_OPS" \ + && (eval 'x=a/b/c; + test 5aa/bb/cc = "${#x}${x%%/*}${x%/*}${x#*/}${x##*/}"') 2>/dev/null \ + && _G_HAVE_XSI_OPS=yes + +if test yes = "$_G_HAVE_XSI_OPS" +then + # This is an XSI compatible shell, allowing a faster implementation... + eval 'func_split_equals () + { + $debug_cmd + + func_split_equals_lhs=${1%%=*} + func_split_equals_rhs=${1#*=} + test "x$func_split_equals_lhs" = "x$1" \ + && func_split_equals_rhs= + }' +else + # ...otherwise fall back to using expr, which is often a shell builtin. + func_split_equals () + { + $debug_cmd + + func_split_equals_lhs=`expr "x$1" : 'x\([^=]*\)'` + func_split_equals_rhs= + test "x$func_split_equals_lhs" = "x$1" \ + || func_split_equals_rhs=`expr "x$1" : 'x[^=]*=\(.*\)$'` + } +fi #func_split_equals + + +# func_split_short_opt SHORTOPT +# ----------------------------- +# Set func_split_short_opt_name and func_split_short_opt_arg shell +# variables after splitting SHORTOPT after the 2nd character. +if test yes = "$_G_HAVE_XSI_OPS" +then + # This is an XSI compatible shell, allowing a faster implementation... + eval 'func_split_short_opt () + { + $debug_cmd + + func_split_short_opt_arg=${1#??} + func_split_short_opt_name=${1%"$func_split_short_opt_arg"} + }' +else + # ...otherwise fall back to using expr, which is often a shell builtin. + func_split_short_opt () + { + $debug_cmd + + func_split_short_opt_name=`expr "x$1" : 'x-\(.\)'` + func_split_short_opt_arg=`expr "x$1" : 'x-.\(.*\)$'` + } +fi #func_split_short_opt + + +# func_usage +# ---------- +# Echo short help message to standard output and exit. +func_usage () +{ + $debug_cmd + + func_usage_message + $ECHO "Run '$progname --help |${PAGER-more}' for full usage" + exit 0 +} + + +# func_usage_message +# ------------------ +# Echo short help message to standard output. +func_usage_message () +{ + $debug_cmd + + eval \$ECHO \""Usage: $usage"\" + echo + $SED -n 's|^# || + /^Written by/{ + x;p;x + } + h + /^Written by/q' < "$progpath" + echo + eval \$ECHO \""$usage_message"\" +} + + +# func_version +# ------------ +# Echo version message to standard output and exit. +func_version () +{ + $debug_cmd + + printf '%s\n' "$progname $scriptversion" + $SED -n ' + /(C)/!b go + :more + /\./!{ + N + s|\n# | | + b more + } + :go + /^# Written by /,/# warranty; / { + s|^# || + s|^# *$|| + s|\((C)\)[ 0-9,-]*[ ,-]\([1-9][0-9]* \)|\1 \2| + p + } + /^# Written by / { + s|^# || + p + } + /^warranty; /q' < "$progpath" + + exit $? +} + + +# Local variables: +# mode: shell-script +# sh-indentation: 2 +# eval: (add-hook 'before-save-hook 'time-stamp) +# time-stamp-pattern: "10/scriptversion=%:y-%02m-%02d.%02H; # UTC" +# time-stamp-time-zone: "UTC" +# End: + +# Set a version string. +scriptversion='(GNU libtool) 2.4.6' + + +# func_echo ARG... +# ---------------- +# Libtool also displays the current mode in messages, so override +# funclib.sh func_echo with this custom definition. +func_echo () +{ + $debug_cmd + + _G_message=$* + + func_echo_IFS=$IFS + IFS=$nl + for _G_line in $_G_message; do + IFS=$func_echo_IFS + $ECHO "$progname${opt_mode+: $opt_mode}: $_G_line" + done + IFS=$func_echo_IFS +} + + +# func_warning ARG... +# ------------------- +# Libtool warnings are not categorized, so override funclib.sh +# func_warning with this simpler definition. +func_warning () +{ + $debug_cmd + + $warning_func ${1+"$@"} +} + + +## ---------------- ## +## Options parsing. ## +## ---------------- ## + +# Hook in the functions to make sure our own options are parsed during +# the option parsing loop. + +usage='$progpath [OPTION]... [MODE-ARG]...' + +# Short help message in response to '-h'. +usage_message="Options: + --config show all configuration variables + --debug enable verbose shell tracing + -n, --dry-run display commands without modifying any files + --features display basic configuration information and exit + --mode=MODE use operation mode MODE + --no-warnings equivalent to '-Wnone' + --preserve-dup-deps don't remove duplicate dependency libraries + --quiet, --silent don't print informational messages + --tag=TAG use configuration variables from tag TAG + -v, --verbose print more informational messages than default + --version print version information + -W, --warnings=CATEGORY report the warnings falling in CATEGORY [all] + -h, --help, --help-all print short, long, or detailed help message +" + +# Additional text appended to 'usage_message' in response to '--help'. +func_help () +{ + $debug_cmd + + func_usage_message + $ECHO "$long_help_message + +MODE must be one of the following: + + clean remove files from the build directory + compile compile a source file into a libtool object + execute automatically set library path, then run a program + finish complete the installation of libtool libraries + install install libraries or executables + link create a library or an executable + uninstall remove libraries from an installed directory + +MODE-ARGS vary depending on the MODE. When passed as first option, +'--mode=MODE' may be abbreviated as 'MODE' or a unique abbreviation of that. +Try '$progname --help --mode=MODE' for a more detailed description of MODE. + +When reporting a bug, please describe a test case to reproduce it and +include the following information: + + host-triplet: $host + shell: $SHELL + compiler: $LTCC + compiler flags: $LTCFLAGS + linker: $LD (gnu? $with_gnu_ld) + version: $progname (GNU libtool) 2.4.6 + automake: `($AUTOMAKE --version) 2>/dev/null |$SED 1q` + autoconf: `($AUTOCONF --version) 2>/dev/null |$SED 1q` + +Report bugs to . +GNU libtool home page: . +General help using GNU software: ." + exit 0 +} + + +# func_lo2o OBJECT-NAME +# --------------------- +# Transform OBJECT-NAME from a '.lo' suffix to the platform specific +# object suffix. + +lo2o=s/\\.lo\$/.$objext/ +o2lo=s/\\.$objext\$/.lo/ + +if test yes = "$_G_HAVE_XSI_OPS"; then + eval 'func_lo2o () + { + case $1 in + *.lo) func_lo2o_result=${1%.lo}.$objext ;; + * ) func_lo2o_result=$1 ;; + esac + }' + + # func_xform LIBOBJ-OR-SOURCE + # --------------------------- + # Transform LIBOBJ-OR-SOURCE from a '.o' or '.c' (or otherwise) + # suffix to a '.lo' libtool-object suffix. + eval 'func_xform () + { + func_xform_result=${1%.*}.lo + }' +else + # ...otherwise fall back to using sed. + func_lo2o () + { + func_lo2o_result=`$ECHO "$1" | $SED "$lo2o"` + } + + func_xform () + { + func_xform_result=`$ECHO "$1" | $SED 's|\.[^.]*$|.lo|'` + } +fi + + +# func_fatal_configuration ARG... +# ------------------------------- +# Echo program name prefixed message to standard error, followed by +# a configuration failure hint, and exit. +func_fatal_configuration () +{ + func__fatal_error ${1+"$@"} \ + "See the $PACKAGE documentation for more information." \ + "Fatal configuration error." +} + + +# func_config +# ----------- +# Display the configuration for all the tags in this script. +func_config () +{ + re_begincf='^# ### BEGIN LIBTOOL' + re_endcf='^# ### END LIBTOOL' + + # Default configuration. + $SED "1,/$re_begincf CONFIG/d;/$re_endcf CONFIG/,\$d" < "$progpath" + + # Now print the configurations for the tags. + for tagname in $taglist; do + $SED -n "/$re_begincf TAG CONFIG: $tagname\$/,/$re_endcf TAG CONFIG: $tagname\$/p" < "$progpath" + done + + exit $? +} + + +# func_features +# ------------- +# Display the features supported by this script. +func_features () +{ + echo "host: $host" + if test yes = "$build_libtool_libs"; then + echo "enable shared libraries" + else + echo "disable shared libraries" + fi + if test yes = "$build_old_libs"; then + echo "enable static libraries" + else + echo "disable static libraries" + fi + + exit $? +} + + +# func_enable_tag TAGNAME +# ----------------------- +# Verify that TAGNAME is valid, and either flag an error and exit, or +# enable the TAGNAME tag. We also add TAGNAME to the global $taglist +# variable here. +func_enable_tag () +{ + # Global variable: + tagname=$1 + + re_begincf="^# ### BEGIN LIBTOOL TAG CONFIG: $tagname\$" + re_endcf="^# ### END LIBTOOL TAG CONFIG: $tagname\$" + sed_extractcf=/$re_begincf/,/$re_endcf/p + + # Validate tagname. + case $tagname in + *[!-_A-Za-z0-9,/]*) + func_fatal_error "invalid tag name: $tagname" + ;; + esac + + # Don't test for the "default" C tag, as we know it's + # there but not specially marked. + case $tagname in + CC) ;; + *) + if $GREP "$re_begincf" "$progpath" >/dev/null 2>&1; then + taglist="$taglist $tagname" + + # Evaluate the configuration. Be careful to quote the path + # and the sed script, to avoid splitting on whitespace, but + # also don't use non-portable quotes within backquotes within + # quotes we have to do it in 2 steps: + extractedcf=`$SED -n -e "$sed_extractcf" < "$progpath"` + eval "$extractedcf" + else + func_error "ignoring unknown tag $tagname" + fi + ;; + esac +} + + +# func_check_version_match +# ------------------------ +# Ensure that we are using m4 macros, and libtool script from the same +# release of libtool. +func_check_version_match () +{ + if test "$package_revision" != "$macro_revision"; then + if test "$VERSION" != "$macro_version"; then + if test -z "$macro_version"; then + cat >&2 <<_LT_EOF +$progname: Version mismatch error. This is $PACKAGE $VERSION, but the +$progname: definition of this LT_INIT comes from an older release. +$progname: You should recreate aclocal.m4 with macros from $PACKAGE $VERSION +$progname: and run autoconf again. +_LT_EOF + else + cat >&2 <<_LT_EOF +$progname: Version mismatch error. This is $PACKAGE $VERSION, but the +$progname: definition of this LT_INIT comes from $PACKAGE $macro_version. +$progname: You should recreate aclocal.m4 with macros from $PACKAGE $VERSION +$progname: and run autoconf again. +_LT_EOF + fi + else + cat >&2 <<_LT_EOF +$progname: Version mismatch error. This is $PACKAGE $VERSION, revision $package_revision, +$progname: but the definition of this LT_INIT comes from revision $macro_revision. +$progname: You should recreate aclocal.m4 with macros from revision $package_revision +$progname: of $PACKAGE $VERSION and run autoconf again. +_LT_EOF + fi + + exit $EXIT_MISMATCH + fi +} + + +# libtool_options_prep [ARG]... +# ----------------------------- +# Preparation for options parsed by libtool. +libtool_options_prep () +{ + $debug_mode + + # Option defaults: + opt_config=false + opt_dlopen= + opt_dry_run=false + opt_help=false + opt_mode= + opt_preserve_dup_deps=false + opt_quiet=false + + nonopt= + preserve_args= + + # Shorthand for --mode=foo, only valid as the first argument + case $1 in + clean|clea|cle|cl) + shift; set dummy --mode clean ${1+"$@"}; shift + ;; + compile|compil|compi|comp|com|co|c) + shift; set dummy --mode compile ${1+"$@"}; shift + ;; + execute|execut|execu|exec|exe|ex|e) + shift; set dummy --mode execute ${1+"$@"}; shift + ;; + finish|finis|fini|fin|fi|f) + shift; set dummy --mode finish ${1+"$@"}; shift + ;; + install|instal|insta|inst|ins|in|i) + shift; set dummy --mode install ${1+"$@"}; shift + ;; + link|lin|li|l) + shift; set dummy --mode link ${1+"$@"}; shift + ;; + uninstall|uninstal|uninsta|uninst|unins|unin|uni|un|u) + shift; set dummy --mode uninstall ${1+"$@"}; shift + ;; + esac + + # Pass back the list of options. + func_quote_for_eval ${1+"$@"} + libtool_options_prep_result=$func_quote_for_eval_result +} +func_add_hook func_options_prep libtool_options_prep + + +# libtool_parse_options [ARG]... +# --------------------------------- +# Provide handling for libtool specific options. +libtool_parse_options () +{ + $debug_cmd + + # Perform our own loop to consume as many options as possible in + # each iteration. + while test $# -gt 0; do + _G_opt=$1 + shift + case $_G_opt in + --dry-run|--dryrun|-n) + opt_dry_run=: + ;; + + --config) func_config ;; + + --dlopen|-dlopen) + opt_dlopen="${opt_dlopen+$opt_dlopen +}$1" + shift + ;; + + --preserve-dup-deps) + opt_preserve_dup_deps=: ;; + + --features) func_features ;; + + --finish) set dummy --mode finish ${1+"$@"}; shift ;; + + --help) opt_help=: ;; + + --help-all) opt_help=': help-all' ;; + + --mode) test $# = 0 && func_missing_arg $_G_opt && break + opt_mode=$1 + case $1 in + # Valid mode arguments: + clean|compile|execute|finish|install|link|relink|uninstall) ;; + + # Catch anything else as an error + *) func_error "invalid argument for $_G_opt" + exit_cmd=exit + break + ;; + esac + shift + ;; + + --no-silent|--no-quiet) + opt_quiet=false + func_append preserve_args " $_G_opt" + ;; + + --no-warnings|--no-warning|--no-warn) + opt_warning=false + func_append preserve_args " $_G_opt" + ;; + + --no-verbose) + opt_verbose=false + func_append preserve_args " $_G_opt" + ;; + + --silent|--quiet) + opt_quiet=: + opt_verbose=false + func_append preserve_args " $_G_opt" + ;; + + --tag) test $# = 0 && func_missing_arg $_G_opt && break + opt_tag=$1 + func_append preserve_args " $_G_opt $1" + func_enable_tag "$1" + shift + ;; + + --verbose|-v) opt_quiet=false + opt_verbose=: + func_append preserve_args " $_G_opt" + ;; + + # An option not handled by this hook function: + *) set dummy "$_G_opt" ${1+"$@"}; shift; break ;; + esac + done + + + # save modified positional parameters for caller + func_quote_for_eval ${1+"$@"} + libtool_parse_options_result=$func_quote_for_eval_result +} +func_add_hook func_parse_options libtool_parse_options + + + +# libtool_validate_options [ARG]... +# --------------------------------- +# Perform any sanity checks on option settings and/or unconsumed +# arguments. +libtool_validate_options () +{ + # save first non-option argument + if test 0 -lt $#; then + nonopt=$1 + shift + fi + + # preserve --debug + test : = "$debug_cmd" || func_append preserve_args " --debug" + + case $host in + # Solaris2 added to fix http://debbugs.gnu.org/cgi/bugreport.cgi?bug=16452 + # see also: http://gcc.gnu.org/bugzilla/show_bug.cgi?id=59788 + *cygwin* | *mingw* | *pw32* | *cegcc* | *solaris2* | *os2*) + # don't eliminate duplications in $postdeps and $predeps + opt_duplicate_compiler_generated_deps=: + ;; + *) + opt_duplicate_compiler_generated_deps=$opt_preserve_dup_deps + ;; + esac + + $opt_help || { + # Sanity checks first: + func_check_version_match + + test yes != "$build_libtool_libs" \ + && test yes != "$build_old_libs" \ + && func_fatal_configuration "not configured to build any kind of library" + + # Darwin sucks + eval std_shrext=\"$shrext_cmds\" + + # Only execute mode is allowed to have -dlopen flags. + if test -n "$opt_dlopen" && test execute != "$opt_mode"; then + func_error "unrecognized option '-dlopen'" + $ECHO "$help" 1>&2 + exit $EXIT_FAILURE + fi + + # Change the help message to a mode-specific one. + generic_help=$help + help="Try '$progname --help --mode=$opt_mode' for more information." + } + + # Pass back the unparsed argument list + func_quote_for_eval ${1+"$@"} + libtool_validate_options_result=$func_quote_for_eval_result +} +func_add_hook func_validate_options libtool_validate_options + + +# Process options as early as possible so that --help and --version +# can return quickly. +func_options ${1+"$@"} +eval set dummy "$func_options_result"; shift + + + +## ----------- ## +## Main. ## +## ----------- ## + +magic='%%%MAGIC variable%%%' +magic_exe='%%%MAGIC EXE variable%%%' + +# Global variables. +extracted_archives= +extracted_serial=0 + +# If this variable is set in any of the actions, the command in it +# will be execed at the end. This prevents here-documents from being +# left over by shells. +exec_cmd= + + +# A function that is used when there is no print builtin or printf. +func_fallback_echo () +{ + eval 'cat <<_LTECHO_EOF +$1 +_LTECHO_EOF' +} + +# func_generated_by_libtool +# True iff stdin has been generated by Libtool. This function is only +# a basic sanity check; it will hardly flush out determined imposters. +func_generated_by_libtool_p () +{ + $GREP "^# Generated by .*$PACKAGE" > /dev/null 2>&1 +} + +# func_lalib_p file +# True iff FILE is a libtool '.la' library or '.lo' object file. +# This function is only a basic sanity check; it will hardly flush out +# determined imposters. +func_lalib_p () +{ + test -f "$1" && + $SED -e 4q "$1" 2>/dev/null | func_generated_by_libtool_p +} + +# func_lalib_unsafe_p file +# True iff FILE is a libtool '.la' library or '.lo' object file. +# This function implements the same check as func_lalib_p without +# resorting to external programs. To this end, it redirects stdin and +# closes it afterwards, without saving the original file descriptor. +# As a safety measure, use it only where a negative result would be +# fatal anyway. Works if 'file' does not exist. +func_lalib_unsafe_p () +{ + lalib_p=no + if test -f "$1" && test -r "$1" && exec 5<&0 <"$1"; then + for lalib_p_l in 1 2 3 4 + do + read lalib_p_line + case $lalib_p_line in + \#\ Generated\ by\ *$PACKAGE* ) lalib_p=yes; break;; + esac + done + exec 0<&5 5<&- + fi + test yes = "$lalib_p" +} + +# func_ltwrapper_script_p file +# True iff FILE is a libtool wrapper script +# This function is only a basic sanity check; it will hardly flush out +# determined imposters. +func_ltwrapper_script_p () +{ + test -f "$1" && + $lt_truncate_bin < "$1" 2>/dev/null | func_generated_by_libtool_p +} + +# func_ltwrapper_executable_p file +# True iff FILE is a libtool wrapper executable +# This function is only a basic sanity check; it will hardly flush out +# determined imposters. +func_ltwrapper_executable_p () +{ + func_ltwrapper_exec_suffix= + case $1 in + *.exe) ;; + *) func_ltwrapper_exec_suffix=.exe ;; + esac + $GREP "$magic_exe" "$1$func_ltwrapper_exec_suffix" >/dev/null 2>&1 +} + +# func_ltwrapper_scriptname file +# Assumes file is an ltwrapper_executable +# uses $file to determine the appropriate filename for a +# temporary ltwrapper_script. +func_ltwrapper_scriptname () +{ + func_dirname_and_basename "$1" "" "." + func_stripname '' '.exe' "$func_basename_result" + func_ltwrapper_scriptname_result=$func_dirname_result/$objdir/${func_stripname_result}_ltshwrapper +} + +# func_ltwrapper_p file +# True iff FILE is a libtool wrapper script or wrapper executable +# This function is only a basic sanity check; it will hardly flush out +# determined imposters. +func_ltwrapper_p () +{ + func_ltwrapper_script_p "$1" || func_ltwrapper_executable_p "$1" +} + + +# func_execute_cmds commands fail_cmd +# Execute tilde-delimited COMMANDS. +# If FAIL_CMD is given, eval that upon failure. +# FAIL_CMD may read-access the current command in variable CMD! +func_execute_cmds () +{ + $debug_cmd + + save_ifs=$IFS; IFS='~' + for cmd in $1; do + IFS=$sp$nl + eval cmd=\"$cmd\" + IFS=$save_ifs + func_show_eval "$cmd" "${2-:}" + done + IFS=$save_ifs +} + + +# func_source file +# Source FILE, adding directory component if necessary. +# Note that it is not necessary on cygwin/mingw to append a dot to +# FILE even if both FILE and FILE.exe exist: automatic-append-.exe +# behavior happens only for exec(3), not for open(2)! Also, sourcing +# 'FILE.' does not work on cygwin managed mounts. +func_source () +{ + $debug_cmd + + case $1 in + */* | *\\*) . "$1" ;; + *) . "./$1" ;; + esac +} + + +# func_resolve_sysroot PATH +# Replace a leading = in PATH with a sysroot. Store the result into +# func_resolve_sysroot_result +func_resolve_sysroot () +{ + func_resolve_sysroot_result=$1 + case $func_resolve_sysroot_result in + =*) + func_stripname '=' '' "$func_resolve_sysroot_result" + func_resolve_sysroot_result=$lt_sysroot$func_stripname_result + ;; + esac +} + +# func_replace_sysroot PATH +# If PATH begins with the sysroot, replace it with = and +# store the result into func_replace_sysroot_result. +func_replace_sysroot () +{ + case $lt_sysroot:$1 in + ?*:"$lt_sysroot"*) + func_stripname "$lt_sysroot" '' "$1" + func_replace_sysroot_result='='$func_stripname_result + ;; + *) + # Including no sysroot. + func_replace_sysroot_result=$1 + ;; + esac +} + +# func_infer_tag arg +# Infer tagged configuration to use if any are available and +# if one wasn't chosen via the "--tag" command line option. +# Only attempt this if the compiler in the base compile +# command doesn't match the default compiler. +# arg is usually of the form 'gcc ...' +func_infer_tag () +{ + $debug_cmd + + if test -n "$available_tags" && test -z "$tagname"; then + CC_quoted= + for arg in $CC; do + func_append_quoted CC_quoted "$arg" + done + CC_expanded=`func_echo_all $CC` + CC_quoted_expanded=`func_echo_all $CC_quoted` + case $@ in + # Blanks in the command may have been stripped by the calling shell, + # but not from the CC environment variable when configure was run. + " $CC "* | "$CC "* | " $CC_expanded "* | "$CC_expanded "* | \ + " $CC_quoted"* | "$CC_quoted "* | " $CC_quoted_expanded "* | "$CC_quoted_expanded "*) ;; + # Blanks at the start of $base_compile will cause this to fail + # if we don't check for them as well. + *) + for z in $available_tags; do + if $GREP "^# ### BEGIN LIBTOOL TAG CONFIG: $z$" < "$progpath" > /dev/null; then + # Evaluate the configuration. + eval "`$SED -n -e '/^# ### BEGIN LIBTOOL TAG CONFIG: '$z'$/,/^# ### END LIBTOOL TAG CONFIG: '$z'$/p' < $progpath`" + CC_quoted= + for arg in $CC; do + # Double-quote args containing other shell metacharacters. + func_append_quoted CC_quoted "$arg" + done + CC_expanded=`func_echo_all $CC` + CC_quoted_expanded=`func_echo_all $CC_quoted` + case "$@ " in + " $CC "* | "$CC "* | " $CC_expanded "* | "$CC_expanded "* | \ + " $CC_quoted"* | "$CC_quoted "* | " $CC_quoted_expanded "* | "$CC_quoted_expanded "*) + # The compiler in the base compile command matches + # the one in the tagged configuration. + # Assume this is the tagged configuration we want. + tagname=$z + break + ;; + esac + fi + done + # If $tagname still isn't set, then no tagged configuration + # was found and let the user know that the "--tag" command + # line option must be used. + if test -z "$tagname"; then + func_echo "unable to infer tagged configuration" + func_fatal_error "specify a tag with '--tag'" +# else +# func_verbose "using $tagname tagged configuration" + fi + ;; + esac + fi +} + + + +# func_write_libtool_object output_name pic_name nonpic_name +# Create a libtool object file (analogous to a ".la" file), +# but don't create it if we're doing a dry run. +func_write_libtool_object () +{ + write_libobj=$1 + if test yes = "$build_libtool_libs"; then + write_lobj=\'$2\' + else + write_lobj=none + fi + + if test yes = "$build_old_libs"; then + write_oldobj=\'$3\' + else + write_oldobj=none + fi + + $opt_dry_run || { + cat >${write_libobj}T </dev/null` + if test "$?" -eq 0 && test -n "$func_convert_core_file_wine_to_w32_tmp"; then + func_convert_core_file_wine_to_w32_result=`$ECHO "$func_convert_core_file_wine_to_w32_tmp" | + $SED -e "$sed_naive_backslashify"` + else + func_convert_core_file_wine_to_w32_result= + fi + fi +} +# end: func_convert_core_file_wine_to_w32 + + +# func_convert_core_path_wine_to_w32 ARG +# Helper function used by path conversion functions when $build is *nix, and +# $host is mingw, cygwin, or some other w32 environment. Relies on a correctly +# configured wine environment available, with the winepath program in $build's +# $PATH. Assumes ARG has no leading or trailing path separator characters. +# +# ARG is path to be converted from $build format to win32. +# Result is available in $func_convert_core_path_wine_to_w32_result. +# Unconvertible file (directory) names in ARG are skipped; if no directory names +# are convertible, then the result may be empty. +func_convert_core_path_wine_to_w32 () +{ + $debug_cmd + + # unfortunately, winepath doesn't convert paths, only file names + func_convert_core_path_wine_to_w32_result= + if test -n "$1"; then + oldIFS=$IFS + IFS=: + for func_convert_core_path_wine_to_w32_f in $1; do + IFS=$oldIFS + func_convert_core_file_wine_to_w32 "$func_convert_core_path_wine_to_w32_f" + if test -n "$func_convert_core_file_wine_to_w32_result"; then + if test -z "$func_convert_core_path_wine_to_w32_result"; then + func_convert_core_path_wine_to_w32_result=$func_convert_core_file_wine_to_w32_result + else + func_append func_convert_core_path_wine_to_w32_result ";$func_convert_core_file_wine_to_w32_result" + fi + fi + done + IFS=$oldIFS + fi +} +# end: func_convert_core_path_wine_to_w32 + + +# func_cygpath ARGS... +# Wrapper around calling the cygpath program via LT_CYGPATH. This is used when +# when (1) $build is *nix and Cygwin is hosted via a wine environment; or (2) +# $build is MSYS and $host is Cygwin, or (3) $build is Cygwin. In case (1) or +# (2), returns the Cygwin file name or path in func_cygpath_result (input +# file name or path is assumed to be in w32 format, as previously converted +# from $build's *nix or MSYS format). In case (3), returns the w32 file name +# or path in func_cygpath_result (input file name or path is assumed to be in +# Cygwin format). Returns an empty string on error. +# +# ARGS are passed to cygpath, with the last one being the file name or path to +# be converted. +# +# Specify the absolute *nix (or w32) name to cygpath in the LT_CYGPATH +# environment variable; do not put it in $PATH. +func_cygpath () +{ + $debug_cmd + + if test -n "$LT_CYGPATH" && test -f "$LT_CYGPATH"; then + func_cygpath_result=`$LT_CYGPATH "$@" 2>/dev/null` + if test "$?" -ne 0; then + # on failure, ensure result is empty + func_cygpath_result= + fi + else + func_cygpath_result= + func_error "LT_CYGPATH is empty or specifies non-existent file: '$LT_CYGPATH'" + fi +} +#end: func_cygpath + + +# func_convert_core_msys_to_w32 ARG +# Convert file name or path ARG from MSYS format to w32 format. Return +# result in func_convert_core_msys_to_w32_result. +func_convert_core_msys_to_w32 () +{ + $debug_cmd + + # awkward: cmd appends spaces to result + func_convert_core_msys_to_w32_result=`( cmd //c echo "$1" ) 2>/dev/null | + $SED -e 's/[ ]*$//' -e "$sed_naive_backslashify"` +} +#end: func_convert_core_msys_to_w32 + + +# func_convert_file_check ARG1 ARG2 +# Verify that ARG1 (a file name in $build format) was converted to $host +# format in ARG2. Otherwise, emit an error message, but continue (resetting +# func_to_host_file_result to ARG1). +func_convert_file_check () +{ + $debug_cmd + + if test -z "$2" && test -n "$1"; then + func_error "Could not determine host file name corresponding to" + func_error " '$1'" + func_error "Continuing, but uninstalled executables may not work." + # Fallback: + func_to_host_file_result=$1 + fi +} +# end func_convert_file_check + + +# func_convert_path_check FROM_PATHSEP TO_PATHSEP FROM_PATH TO_PATH +# Verify that FROM_PATH (a path in $build format) was converted to $host +# format in TO_PATH. Otherwise, emit an error message, but continue, resetting +# func_to_host_file_result to a simplistic fallback value (see below). +func_convert_path_check () +{ + $debug_cmd + + if test -z "$4" && test -n "$3"; then + func_error "Could not determine the host path corresponding to" + func_error " '$3'" + func_error "Continuing, but uninstalled executables may not work." + # Fallback. This is a deliberately simplistic "conversion" and + # should not be "improved". See libtool.info. + if test "x$1" != "x$2"; then + lt_replace_pathsep_chars="s|$1|$2|g" + func_to_host_path_result=`echo "$3" | + $SED -e "$lt_replace_pathsep_chars"` + else + func_to_host_path_result=$3 + fi + fi +} +# end func_convert_path_check + + +# func_convert_path_front_back_pathsep FRONTPAT BACKPAT REPL ORIG +# Modifies func_to_host_path_result by prepending REPL if ORIG matches FRONTPAT +# and appending REPL if ORIG matches BACKPAT. +func_convert_path_front_back_pathsep () +{ + $debug_cmd + + case $4 in + $1 ) func_to_host_path_result=$3$func_to_host_path_result + ;; + esac + case $4 in + $2 ) func_append func_to_host_path_result "$3" + ;; + esac +} +# end func_convert_path_front_back_pathsep + + +################################################## +# $build to $host FILE NAME CONVERSION FUNCTIONS # +################################################## +# invoked via '$to_host_file_cmd ARG' +# +# In each case, ARG is the path to be converted from $build to $host format. +# Result will be available in $func_to_host_file_result. + + +# func_to_host_file ARG +# Converts the file name ARG from $build format to $host format. Return result +# in func_to_host_file_result. +func_to_host_file () +{ + $debug_cmd + + $to_host_file_cmd "$1" +} +# end func_to_host_file + + +# func_to_tool_file ARG LAZY +# converts the file name ARG from $build format to toolchain format. Return +# result in func_to_tool_file_result. If the conversion in use is listed +# in (the comma separated) LAZY, no conversion takes place. +func_to_tool_file () +{ + $debug_cmd + + case ,$2, in + *,"$to_tool_file_cmd",*) + func_to_tool_file_result=$1 + ;; + *) + $to_tool_file_cmd "$1" + func_to_tool_file_result=$func_to_host_file_result + ;; + esac +} +# end func_to_tool_file + + +# func_convert_file_noop ARG +# Copy ARG to func_to_host_file_result. +func_convert_file_noop () +{ + func_to_host_file_result=$1 +} +# end func_convert_file_noop + + +# func_convert_file_msys_to_w32 ARG +# Convert file name ARG from (mingw) MSYS to (mingw) w32 format; automatic +# conversion to w32 is not available inside the cwrapper. Returns result in +# func_to_host_file_result. +func_convert_file_msys_to_w32 () +{ + $debug_cmd + + func_to_host_file_result=$1 + if test -n "$1"; then + func_convert_core_msys_to_w32 "$1" + func_to_host_file_result=$func_convert_core_msys_to_w32_result + fi + func_convert_file_check "$1" "$func_to_host_file_result" +} +# end func_convert_file_msys_to_w32 + + +# func_convert_file_cygwin_to_w32 ARG +# Convert file name ARG from Cygwin to w32 format. Returns result in +# func_to_host_file_result. +func_convert_file_cygwin_to_w32 () +{ + $debug_cmd + + func_to_host_file_result=$1 + if test -n "$1"; then + # because $build is cygwin, we call "the" cygpath in $PATH; no need to use + # LT_CYGPATH in this case. + func_to_host_file_result=`cygpath -m "$1"` + fi + func_convert_file_check "$1" "$func_to_host_file_result" +} +# end func_convert_file_cygwin_to_w32 + + +# func_convert_file_nix_to_w32 ARG +# Convert file name ARG from *nix to w32 format. Requires a wine environment +# and a working winepath. Returns result in func_to_host_file_result. +func_convert_file_nix_to_w32 () +{ + $debug_cmd + + func_to_host_file_result=$1 + if test -n "$1"; then + func_convert_core_file_wine_to_w32 "$1" + func_to_host_file_result=$func_convert_core_file_wine_to_w32_result + fi + func_convert_file_check "$1" "$func_to_host_file_result" +} +# end func_convert_file_nix_to_w32 + + +# func_convert_file_msys_to_cygwin ARG +# Convert file name ARG from MSYS to Cygwin format. Requires LT_CYGPATH set. +# Returns result in func_to_host_file_result. +func_convert_file_msys_to_cygwin () +{ + $debug_cmd + + func_to_host_file_result=$1 + if test -n "$1"; then + func_convert_core_msys_to_w32 "$1" + func_cygpath -u "$func_convert_core_msys_to_w32_result" + func_to_host_file_result=$func_cygpath_result + fi + func_convert_file_check "$1" "$func_to_host_file_result" +} +# end func_convert_file_msys_to_cygwin + + +# func_convert_file_nix_to_cygwin ARG +# Convert file name ARG from *nix to Cygwin format. Requires Cygwin installed +# in a wine environment, working winepath, and LT_CYGPATH set. Returns result +# in func_to_host_file_result. +func_convert_file_nix_to_cygwin () +{ + $debug_cmd + + func_to_host_file_result=$1 + if test -n "$1"; then + # convert from *nix to w32, then use cygpath to convert from w32 to cygwin. + func_convert_core_file_wine_to_w32 "$1" + func_cygpath -u "$func_convert_core_file_wine_to_w32_result" + func_to_host_file_result=$func_cygpath_result + fi + func_convert_file_check "$1" "$func_to_host_file_result" +} +# end func_convert_file_nix_to_cygwin + + +############################################# +# $build to $host PATH CONVERSION FUNCTIONS # +############################################# +# invoked via '$to_host_path_cmd ARG' +# +# In each case, ARG is the path to be converted from $build to $host format. +# The result will be available in $func_to_host_path_result. +# +# Path separators are also converted from $build format to $host format. If +# ARG begins or ends with a path separator character, it is preserved (but +# converted to $host format) on output. +# +# All path conversion functions are named using the following convention: +# file name conversion function : func_convert_file_X_to_Y () +# path conversion function : func_convert_path_X_to_Y () +# where, for any given $build/$host combination the 'X_to_Y' value is the +# same. If conversion functions are added for new $build/$host combinations, +# the two new functions must follow this pattern, or func_init_to_host_path_cmd +# will break. + + +# func_init_to_host_path_cmd +# Ensures that function "pointer" variable $to_host_path_cmd is set to the +# appropriate value, based on the value of $to_host_file_cmd. +to_host_path_cmd= +func_init_to_host_path_cmd () +{ + $debug_cmd + + if test -z "$to_host_path_cmd"; then + func_stripname 'func_convert_file_' '' "$to_host_file_cmd" + to_host_path_cmd=func_convert_path_$func_stripname_result + fi +} + + +# func_to_host_path ARG +# Converts the path ARG from $build format to $host format. Return result +# in func_to_host_path_result. +func_to_host_path () +{ + $debug_cmd + + func_init_to_host_path_cmd + $to_host_path_cmd "$1" +} +# end func_to_host_path + + +# func_convert_path_noop ARG +# Copy ARG to func_to_host_path_result. +func_convert_path_noop () +{ + func_to_host_path_result=$1 +} +# end func_convert_path_noop + + +# func_convert_path_msys_to_w32 ARG +# Convert path ARG from (mingw) MSYS to (mingw) w32 format; automatic +# conversion to w32 is not available inside the cwrapper. Returns result in +# func_to_host_path_result. +func_convert_path_msys_to_w32 () +{ + $debug_cmd + + func_to_host_path_result=$1 + if test -n "$1"; then + # Remove leading and trailing path separator characters from ARG. MSYS + # behavior is inconsistent here; cygpath turns them into '.;' and ';.'; + # and winepath ignores them completely. + func_stripname : : "$1" + func_to_host_path_tmp1=$func_stripname_result + func_convert_core_msys_to_w32 "$func_to_host_path_tmp1" + func_to_host_path_result=$func_convert_core_msys_to_w32_result + func_convert_path_check : ";" \ + "$func_to_host_path_tmp1" "$func_to_host_path_result" + func_convert_path_front_back_pathsep ":*" "*:" ";" "$1" + fi +} +# end func_convert_path_msys_to_w32 + + +# func_convert_path_cygwin_to_w32 ARG +# Convert path ARG from Cygwin to w32 format. Returns result in +# func_to_host_file_result. +func_convert_path_cygwin_to_w32 () +{ + $debug_cmd + + func_to_host_path_result=$1 + if test -n "$1"; then + # See func_convert_path_msys_to_w32: + func_stripname : : "$1" + func_to_host_path_tmp1=$func_stripname_result + func_to_host_path_result=`cygpath -m -p "$func_to_host_path_tmp1"` + func_convert_path_check : ";" \ + "$func_to_host_path_tmp1" "$func_to_host_path_result" + func_convert_path_front_back_pathsep ":*" "*:" ";" "$1" + fi +} +# end func_convert_path_cygwin_to_w32 + + +# func_convert_path_nix_to_w32 ARG +# Convert path ARG from *nix to w32 format. Requires a wine environment and +# a working winepath. Returns result in func_to_host_file_result. +func_convert_path_nix_to_w32 () +{ + $debug_cmd + + func_to_host_path_result=$1 + if test -n "$1"; then + # See func_convert_path_msys_to_w32: + func_stripname : : "$1" + func_to_host_path_tmp1=$func_stripname_result + func_convert_core_path_wine_to_w32 "$func_to_host_path_tmp1" + func_to_host_path_result=$func_convert_core_path_wine_to_w32_result + func_convert_path_check : ";" \ + "$func_to_host_path_tmp1" "$func_to_host_path_result" + func_convert_path_front_back_pathsep ":*" "*:" ";" "$1" + fi +} +# end func_convert_path_nix_to_w32 + + +# func_convert_path_msys_to_cygwin ARG +# Convert path ARG from MSYS to Cygwin format. Requires LT_CYGPATH set. +# Returns result in func_to_host_file_result. +func_convert_path_msys_to_cygwin () +{ + $debug_cmd + + func_to_host_path_result=$1 + if test -n "$1"; then + # See func_convert_path_msys_to_w32: + func_stripname : : "$1" + func_to_host_path_tmp1=$func_stripname_result + func_convert_core_msys_to_w32 "$func_to_host_path_tmp1" + func_cygpath -u -p "$func_convert_core_msys_to_w32_result" + func_to_host_path_result=$func_cygpath_result + func_convert_path_check : : \ + "$func_to_host_path_tmp1" "$func_to_host_path_result" + func_convert_path_front_back_pathsep ":*" "*:" : "$1" + fi +} +# end func_convert_path_msys_to_cygwin + + +# func_convert_path_nix_to_cygwin ARG +# Convert path ARG from *nix to Cygwin format. Requires Cygwin installed in a +# a wine environment, working winepath, and LT_CYGPATH set. Returns result in +# func_to_host_file_result. +func_convert_path_nix_to_cygwin () +{ + $debug_cmd + + func_to_host_path_result=$1 + if test -n "$1"; then + # Remove leading and trailing path separator characters from + # ARG. msys behavior is inconsistent here, cygpath turns them + # into '.;' and ';.', and winepath ignores them completely. + func_stripname : : "$1" + func_to_host_path_tmp1=$func_stripname_result + func_convert_core_path_wine_to_w32 "$func_to_host_path_tmp1" + func_cygpath -u -p "$func_convert_core_path_wine_to_w32_result" + func_to_host_path_result=$func_cygpath_result + func_convert_path_check : : \ + "$func_to_host_path_tmp1" "$func_to_host_path_result" + func_convert_path_front_back_pathsep ":*" "*:" : "$1" + fi +} +# end func_convert_path_nix_to_cygwin + + +# func_dll_def_p FILE +# True iff FILE is a Windows DLL '.def' file. +# Keep in sync with _LT_DLL_DEF_P in libtool.m4 +func_dll_def_p () +{ + $debug_cmd + + func_dll_def_p_tmp=`$SED -n \ + -e 's/^[ ]*//' \ + -e '/^\(;.*\)*$/d' \ + -e 's/^\(EXPORTS\|LIBRARY\)\([ ].*\)*$/DEF/p' \ + -e q \ + "$1"` + test DEF = "$func_dll_def_p_tmp" +} + + +# func_mode_compile arg... +func_mode_compile () +{ + $debug_cmd + + # Get the compilation command and the source file. + base_compile= + srcfile=$nonopt # always keep a non-empty value in "srcfile" + suppress_opt=yes + suppress_output= + arg_mode=normal + libobj= + later= + pie_flag= + + for arg + do + case $arg_mode in + arg ) + # do not "continue". Instead, add this to base_compile + lastarg=$arg + arg_mode=normal + ;; + + target ) + libobj=$arg + arg_mode=normal + continue + ;; + + normal ) + # Accept any command-line options. + case $arg in + -o) + test -n "$libobj" && \ + func_fatal_error "you cannot specify '-o' more than once" + arg_mode=target + continue + ;; + + -pie | -fpie | -fPIE) + func_append pie_flag " $arg" + continue + ;; + + -shared | -static | -prefer-pic | -prefer-non-pic) + func_append later " $arg" + continue + ;; + + -no-suppress) + suppress_opt=no + continue + ;; + + -Xcompiler) + arg_mode=arg # the next one goes into the "base_compile" arg list + continue # The current "srcfile" will either be retained or + ;; # replaced later. I would guess that would be a bug. + + -Wc,*) + func_stripname '-Wc,' '' "$arg" + args=$func_stripname_result + lastarg= + save_ifs=$IFS; IFS=, + for arg in $args; do + IFS=$save_ifs + func_append_quoted lastarg "$arg" + done + IFS=$save_ifs + func_stripname ' ' '' "$lastarg" + lastarg=$func_stripname_result + + # Add the arguments to base_compile. + func_append base_compile " $lastarg" + continue + ;; + + *) + # Accept the current argument as the source file. + # The previous "srcfile" becomes the current argument. + # + lastarg=$srcfile + srcfile=$arg + ;; + esac # case $arg + ;; + esac # case $arg_mode + + # Aesthetically quote the previous argument. + func_append_quoted base_compile "$lastarg" + done # for arg + + case $arg_mode in + arg) + func_fatal_error "you must specify an argument for -Xcompile" + ;; + target) + func_fatal_error "you must specify a target with '-o'" + ;; + *) + # Get the name of the library object. + test -z "$libobj" && { + func_basename "$srcfile" + libobj=$func_basename_result + } + ;; + esac + + # Recognize several different file suffixes. + # If the user specifies -o file.o, it is replaced with file.lo + case $libobj in + *.[cCFSifmso] | \ + *.ada | *.adb | *.ads | *.asm | \ + *.c++ | *.cc | *.ii | *.class | *.cpp | *.cxx | \ + *.[fF][09]? | *.for | *.java | *.go | *.obj | *.sx | *.cu | *.cup) + func_xform "$libobj" + libobj=$func_xform_result + ;; + esac + + case $libobj in + *.lo) func_lo2o "$libobj"; obj=$func_lo2o_result ;; + *) + func_fatal_error "cannot determine name of library object from '$libobj'" + ;; + esac + + func_infer_tag $base_compile + + for arg in $later; do + case $arg in + -shared) + test yes = "$build_libtool_libs" \ + || func_fatal_configuration "cannot build a shared library" + build_old_libs=no + continue + ;; + + -static) + build_libtool_libs=no + build_old_libs=yes + continue + ;; + + -prefer-pic) + pic_mode=yes + continue + ;; + + -prefer-non-pic) + pic_mode=no + continue + ;; + esac + done + + func_quote_for_eval "$libobj" + test "X$libobj" != "X$func_quote_for_eval_result" \ + && $ECHO "X$libobj" | $GREP '[]~#^*{};<>?"'"'"' &()|`$[]' \ + && func_warning "libobj name '$libobj' may not contain shell special characters." + func_dirname_and_basename "$obj" "/" "" + objname=$func_basename_result + xdir=$func_dirname_result + lobj=$xdir$objdir/$objname + + test -z "$base_compile" && \ + func_fatal_help "you must specify a compilation command" + + # Delete any leftover library objects. + if test yes = "$build_old_libs"; then + removelist="$obj $lobj $libobj ${libobj}T" + else + removelist="$lobj $libobj ${libobj}T" + fi + + # On Cygwin there's no "real" PIC flag so we must build both object types + case $host_os in + cygwin* | mingw* | pw32* | os2* | cegcc*) + pic_mode=default + ;; + esac + if test no = "$pic_mode" && test pass_all != "$deplibs_check_method"; then + # non-PIC code in shared libraries is not supported + pic_mode=default + fi + + # Calculate the filename of the output object if compiler does + # not support -o with -c + if test no = "$compiler_c_o"; then + output_obj=`$ECHO "$srcfile" | $SED 's%^.*/%%; s%\.[^.]*$%%'`.$objext + lockfile=$output_obj.lock + else + output_obj= + need_locks=no + lockfile= + fi + + # Lock this critical section if it is needed + # We use this script file to make the link, it avoids creating a new file + if test yes = "$need_locks"; then + until $opt_dry_run || ln "$progpath" "$lockfile" 2>/dev/null; do + func_echo "Waiting for $lockfile to be removed" + sleep 2 + done + elif test warn = "$need_locks"; then + if test -f "$lockfile"; then + $ECHO "\ +*** ERROR, $lockfile exists and contains: +`cat $lockfile 2>/dev/null` + +This indicates that another process is trying to use the same +temporary object file, and libtool could not work around it because +your compiler does not support '-c' and '-o' together. If you +repeat this compilation, it may succeed, by chance, but you had better +avoid parallel builds (make -j) in this platform, or get a better +compiler." + + $opt_dry_run || $RM $removelist + exit $EXIT_FAILURE + fi + func_append removelist " $output_obj" + $ECHO "$srcfile" > "$lockfile" + fi + + $opt_dry_run || $RM $removelist + func_append removelist " $lockfile" + trap '$opt_dry_run || $RM $removelist; exit $EXIT_FAILURE' 1 2 15 + + func_to_tool_file "$srcfile" func_convert_file_msys_to_w32 + srcfile=$func_to_tool_file_result + func_quote_for_eval "$srcfile" + qsrcfile=$func_quote_for_eval_result + + # Only build a PIC object if we are building libtool libraries. + if test yes = "$build_libtool_libs"; then + # Without this assignment, base_compile gets emptied. + fbsd_hideous_sh_bug=$base_compile + + if test no != "$pic_mode"; then + command="$base_compile $qsrcfile $pic_flag" + else + # Don't build PIC code + command="$base_compile $qsrcfile" + fi + + func_mkdir_p "$xdir$objdir" + + if test -z "$output_obj"; then + # Place PIC objects in $objdir + func_append command " -o $lobj" + fi + + func_show_eval_locale "$command" \ + 'test -n "$output_obj" && $RM $removelist; exit $EXIT_FAILURE' + + if test warn = "$need_locks" && + test "X`cat $lockfile 2>/dev/null`" != "X$srcfile"; then + $ECHO "\ +*** ERROR, $lockfile contains: +`cat $lockfile 2>/dev/null` + +but it should contain: +$srcfile + +This indicates that another process is trying to use the same +temporary object file, and libtool could not work around it because +your compiler does not support '-c' and '-o' together. If you +repeat this compilation, it may succeed, by chance, but you had better +avoid parallel builds (make -j) in this platform, or get a better +compiler." + + $opt_dry_run || $RM $removelist + exit $EXIT_FAILURE + fi + + # Just move the object if needed, then go on to compile the next one + if test -n "$output_obj" && test "X$output_obj" != "X$lobj"; then + func_show_eval '$MV "$output_obj" "$lobj"' \ + 'error=$?; $opt_dry_run || $RM $removelist; exit $error' + fi + + # Allow error messages only from the first compilation. + if test yes = "$suppress_opt"; then + suppress_output=' >/dev/null 2>&1' + fi + fi + + # Only build a position-dependent object if we build old libraries. + if test yes = "$build_old_libs"; then + if test yes != "$pic_mode"; then + # Don't build PIC code + command="$base_compile $qsrcfile$pie_flag" + else + command="$base_compile $qsrcfile $pic_flag" + fi + if test yes = "$compiler_c_o"; then + func_append command " -o $obj" + fi + + # Suppress compiler output if we already did a PIC compilation. + func_append command "$suppress_output" + func_show_eval_locale "$command" \ + '$opt_dry_run || $RM $removelist; exit $EXIT_FAILURE' + + if test warn = "$need_locks" && + test "X`cat $lockfile 2>/dev/null`" != "X$srcfile"; then + $ECHO "\ +*** ERROR, $lockfile contains: +`cat $lockfile 2>/dev/null` + +but it should contain: +$srcfile + +This indicates that another process is trying to use the same +temporary object file, and libtool could not work around it because +your compiler does not support '-c' and '-o' together. If you +repeat this compilation, it may succeed, by chance, but you had better +avoid parallel builds (make -j) in this platform, or get a better +compiler." + + $opt_dry_run || $RM $removelist + exit $EXIT_FAILURE + fi + + # Just move the object if needed + if test -n "$output_obj" && test "X$output_obj" != "X$obj"; then + func_show_eval '$MV "$output_obj" "$obj"' \ + 'error=$?; $opt_dry_run || $RM $removelist; exit $error' + fi + fi + + $opt_dry_run || { + func_write_libtool_object "$libobj" "$objdir/$objname" "$objname" + + # Unlock the critical section if it was locked + if test no != "$need_locks"; then + removelist=$lockfile + $RM "$lockfile" + fi + } + + exit $EXIT_SUCCESS +} + +$opt_help || { + test compile = "$opt_mode" && func_mode_compile ${1+"$@"} +} + +func_mode_help () +{ + # We need to display help for each of the modes. + case $opt_mode in + "") + # Generic help is extracted from the usage comments + # at the start of this file. + func_help + ;; + + clean) + $ECHO \ +"Usage: $progname [OPTION]... --mode=clean RM [RM-OPTION]... FILE... + +Remove files from the build directory. + +RM is the name of the program to use to delete files associated with each FILE +(typically '/bin/rm'). RM-OPTIONS are options (such as '-f') to be passed +to RM. + +If FILE is a libtool library, object or program, all the files associated +with it are deleted. Otherwise, only FILE itself is deleted using RM." + ;; + + compile) + $ECHO \ +"Usage: $progname [OPTION]... --mode=compile COMPILE-COMMAND... SOURCEFILE + +Compile a source file into a libtool library object. + +This mode accepts the following additional options: + + -o OUTPUT-FILE set the output file name to OUTPUT-FILE + -no-suppress do not suppress compiler output for multiple passes + -prefer-pic try to build PIC objects only + -prefer-non-pic try to build non-PIC objects only + -shared do not build a '.o' file suitable for static linking + -static only build a '.o' file suitable for static linking + -Wc,FLAG pass FLAG directly to the compiler + +COMPILE-COMMAND is a command to be used in creating a 'standard' object file +from the given SOURCEFILE. + +The output file name is determined by removing the directory component from +SOURCEFILE, then substituting the C source code suffix '.c' with the +library object suffix, '.lo'." + ;; + + execute) + $ECHO \ +"Usage: $progname [OPTION]... --mode=execute COMMAND [ARGS]... + +Automatically set library path, then run a program. + +This mode accepts the following additional options: + + -dlopen FILE add the directory containing FILE to the library path + +This mode sets the library path environment variable according to '-dlopen' +flags. + +If any of the ARGS are libtool executable wrappers, then they are translated +into their corresponding uninstalled binary, and any of their required library +directories are added to the library path. + +Then, COMMAND is executed, with ARGS as arguments." + ;; + + finish) + $ECHO \ +"Usage: $progname [OPTION]... --mode=finish [LIBDIR]... + +Complete the installation of libtool libraries. + +Each LIBDIR is a directory that contains libtool libraries. + +The commands that this mode executes may require superuser privileges. Use +the '--dry-run' option if you just want to see what would be executed." + ;; + + install) + $ECHO \ +"Usage: $progname [OPTION]... --mode=install INSTALL-COMMAND... + +Install executables or libraries. + +INSTALL-COMMAND is the installation command. The first component should be +either the 'install' or 'cp' program. + +The following components of INSTALL-COMMAND are treated specially: + + -inst-prefix-dir PREFIX-DIR Use PREFIX-DIR as a staging area for installation + +The rest of the components are interpreted as arguments to that command (only +BSD-compatible install options are recognized)." + ;; + + link) + $ECHO \ +"Usage: $progname [OPTION]... --mode=link LINK-COMMAND... + +Link object files or libraries together to form another library, or to +create an executable program. + +LINK-COMMAND is a command using the C compiler that you would use to create +a program from several object files. + +The following components of LINK-COMMAND are treated specially: + + -all-static do not do any dynamic linking at all + -avoid-version do not add a version suffix if possible + -bindir BINDIR specify path to binaries directory (for systems where + libraries must be found in the PATH setting at runtime) + -dlopen FILE '-dlpreopen' FILE if it cannot be dlopened at runtime + -dlpreopen FILE link in FILE and add its symbols to lt_preloaded_symbols + -export-dynamic allow symbols from OUTPUT-FILE to be resolved with dlsym(3) + -export-symbols SYMFILE + try to export only the symbols listed in SYMFILE + -export-symbols-regex REGEX + try to export only the symbols matching REGEX + -LLIBDIR search LIBDIR for required installed libraries + -lNAME OUTPUT-FILE requires the installed library libNAME + -module build a library that can dlopened + -no-fast-install disable the fast-install mode + -no-install link a not-installable executable + -no-undefined declare that a library does not refer to external symbols + -o OUTPUT-FILE create OUTPUT-FILE from the specified objects + -objectlist FILE use a list of object files found in FILE to specify objects + -os2dllname NAME force a short DLL name on OS/2 (no effect on other OSes) + -precious-files-regex REGEX + don't remove output files matching REGEX + -release RELEASE specify package release information + -rpath LIBDIR the created library will eventually be installed in LIBDIR + -R[ ]LIBDIR add LIBDIR to the runtime path of programs and libraries + -shared only do dynamic linking of libtool libraries + -shrext SUFFIX override the standard shared library file extension + -static do not do any dynamic linking of uninstalled libtool libraries + -static-libtool-libs + do not do any dynamic linking of libtool libraries + -version-info CURRENT[:REVISION[:AGE]] + specify library version info [each variable defaults to 0] + -weak LIBNAME declare that the target provides the LIBNAME interface + -Wc,FLAG + -Xcompiler FLAG pass linker-specific FLAG directly to the compiler + -Wl,FLAG + -Xlinker FLAG pass linker-specific FLAG directly to the linker + -XCClinker FLAG pass link-specific FLAG to the compiler driver (CC) + +All other options (arguments beginning with '-') are ignored. + +Every other argument is treated as a filename. Files ending in '.la' are +treated as uninstalled libtool libraries, other files are standard or library +object files. + +If the OUTPUT-FILE ends in '.la', then a libtool library is created, +only library objects ('.lo' files) may be specified, and '-rpath' is +required, except when creating a convenience library. + +If OUTPUT-FILE ends in '.a' or '.lib', then a standard library is created +using 'ar' and 'ranlib', or on Windows using 'lib'. + +If OUTPUT-FILE ends in '.lo' or '.$objext', then a reloadable object file +is created, otherwise an executable program is created." + ;; + + uninstall) + $ECHO \ +"Usage: $progname [OPTION]... --mode=uninstall RM [RM-OPTION]... FILE... + +Remove libraries from an installation directory. + +RM is the name of the program to use to delete files associated with each FILE +(typically '/bin/rm'). RM-OPTIONS are options (such as '-f') to be passed +to RM. + +If FILE is a libtool library, all the files associated with it are deleted. +Otherwise, only FILE itself is deleted using RM." + ;; + + *) + func_fatal_help "invalid operation mode '$opt_mode'" + ;; + esac + + echo + $ECHO "Try '$progname --help' for more information about other modes." +} + +# Now that we've collected a possible --mode arg, show help if necessary +if $opt_help; then + if test : = "$opt_help"; then + func_mode_help + else + { + func_help noexit + for opt_mode in compile link execute install finish uninstall clean; do + func_mode_help + done + } | $SED -n '1p; 2,$s/^Usage:/ or: /p' + { + func_help noexit + for opt_mode in compile link execute install finish uninstall clean; do + echo + func_mode_help + done + } | + $SED '1d + /^When reporting/,/^Report/{ + H + d + } + $x + /information about other modes/d + /more detailed .*MODE/d + s/^Usage:.*--mode=\([^ ]*\) .*/Description of \1 mode:/' + fi + exit $? +fi + + +# func_mode_execute arg... +func_mode_execute () +{ + $debug_cmd + + # The first argument is the command name. + cmd=$nonopt + test -z "$cmd" && \ + func_fatal_help "you must specify a COMMAND" + + # Handle -dlopen flags immediately. + for file in $opt_dlopen; do + test -f "$file" \ + || func_fatal_help "'$file' is not a file" + + dir= + case $file in + *.la) + func_resolve_sysroot "$file" + file=$func_resolve_sysroot_result + + # Check to see that this really is a libtool archive. + func_lalib_unsafe_p "$file" \ + || func_fatal_help "'$lib' is not a valid libtool archive" + + # Read the libtool library. + dlname= + library_names= + func_source "$file" + + # Skip this library if it cannot be dlopened. + if test -z "$dlname"; then + # Warn if it was a shared library. + test -n "$library_names" && \ + func_warning "'$file' was not linked with '-export-dynamic'" + continue + fi + + func_dirname "$file" "" "." + dir=$func_dirname_result + + if test -f "$dir/$objdir/$dlname"; then + func_append dir "/$objdir" + else + if test ! -f "$dir/$dlname"; then + func_fatal_error "cannot find '$dlname' in '$dir' or '$dir/$objdir'" + fi + fi + ;; + + *.lo) + # Just add the directory containing the .lo file. + func_dirname "$file" "" "." + dir=$func_dirname_result + ;; + + *) + func_warning "'-dlopen' is ignored for non-libtool libraries and objects" + continue + ;; + esac + + # Get the absolute pathname. + absdir=`cd "$dir" && pwd` + test -n "$absdir" && dir=$absdir + + # Now add the directory to shlibpath_var. + if eval "test -z \"\$$shlibpath_var\""; then + eval "$shlibpath_var=\"\$dir\"" + else + eval "$shlibpath_var=\"\$dir:\$$shlibpath_var\"" + fi + done + + # This variable tells wrapper scripts just to set shlibpath_var + # rather than running their programs. + libtool_execute_magic=$magic + + # Check if any of the arguments is a wrapper script. + args= + for file + do + case $file in + -* | *.la | *.lo ) ;; + *) + # Do a test to see if this is really a libtool program. + if func_ltwrapper_script_p "$file"; then + func_source "$file" + # Transform arg to wrapped name. + file=$progdir/$program + elif func_ltwrapper_executable_p "$file"; then + func_ltwrapper_scriptname "$file" + func_source "$func_ltwrapper_scriptname_result" + # Transform arg to wrapped name. + file=$progdir/$program + fi + ;; + esac + # Quote arguments (to preserve shell metacharacters). + func_append_quoted args "$file" + done + + if $opt_dry_run; then + # Display what would be done. + if test -n "$shlibpath_var"; then + eval "\$ECHO \"\$shlibpath_var=\$$shlibpath_var\"" + echo "export $shlibpath_var" + fi + $ECHO "$cmd$args" + exit $EXIT_SUCCESS + else + if test -n "$shlibpath_var"; then + # Export the shlibpath_var. + eval "export $shlibpath_var" + fi + + # Restore saved environment variables + for lt_var in LANG LANGUAGE LC_ALL LC_CTYPE LC_COLLATE LC_MESSAGES + do + eval "if test \"\${save_$lt_var+set}\" = set; then + $lt_var=\$save_$lt_var; export $lt_var + else + $lt_unset $lt_var + fi" + done + + # Now prepare to actually exec the command. + exec_cmd=\$cmd$args + fi +} + +test execute = "$opt_mode" && func_mode_execute ${1+"$@"} + + +# func_mode_finish arg... +func_mode_finish () +{ + $debug_cmd + + libs= + libdirs= + admincmds= + + for opt in "$nonopt" ${1+"$@"} + do + if test -d "$opt"; then + func_append libdirs " $opt" + + elif test -f "$opt"; then + if func_lalib_unsafe_p "$opt"; then + func_append libs " $opt" + else + func_warning "'$opt' is not a valid libtool archive" + fi + + else + func_fatal_error "invalid argument '$opt'" + fi + done + + if test -n "$libs"; then + if test -n "$lt_sysroot"; then + sysroot_regex=`$ECHO "$lt_sysroot" | $SED "$sed_make_literal_regex"` + sysroot_cmd="s/\([ ']\)$sysroot_regex/\1/g;" + else + sysroot_cmd= + fi + + # Remove sysroot references + if $opt_dry_run; then + for lib in $libs; do + echo "removing references to $lt_sysroot and '=' prefixes from $lib" + done + else + tmpdir=`func_mktempdir` + for lib in $libs; do + $SED -e "$sysroot_cmd s/\([ ']-[LR]\)=/\1/g; s/\([ ']\)=/\1/g" $lib \ + > $tmpdir/tmp-la + mv -f $tmpdir/tmp-la $lib + done + ${RM}r "$tmpdir" + fi + fi + + if test -n "$finish_cmds$finish_eval" && test -n "$libdirs"; then + for libdir in $libdirs; do + if test -n "$finish_cmds"; then + # Do each command in the finish commands. + func_execute_cmds "$finish_cmds" 'admincmds="$admincmds +'"$cmd"'"' + fi + if test -n "$finish_eval"; then + # Do the single finish_eval. + eval cmds=\"$finish_eval\" + $opt_dry_run || eval "$cmds" || func_append admincmds " + $cmds" + fi + done + fi + + # Exit here if they wanted silent mode. + $opt_quiet && exit $EXIT_SUCCESS + + if test -n "$finish_cmds$finish_eval" && test -n "$libdirs"; then + echo "----------------------------------------------------------------------" + echo "Libraries have been installed in:" + for libdir in $libdirs; do + $ECHO " $libdir" + done + echo + echo "If you ever happen to want to link against installed libraries" + echo "in a given directory, LIBDIR, you must either use libtool, and" + echo "specify the full pathname of the library, or use the '-LLIBDIR'" + echo "flag during linking and do at least one of the following:" + if test -n "$shlibpath_var"; then + echo " - add LIBDIR to the '$shlibpath_var' environment variable" + echo " during execution" + fi + if test -n "$runpath_var"; then + echo " - add LIBDIR to the '$runpath_var' environment variable" + echo " during linking" + fi + if test -n "$hardcode_libdir_flag_spec"; then + libdir=LIBDIR + eval flag=\"$hardcode_libdir_flag_spec\" + + $ECHO " - use the '$flag' linker flag" + fi + if test -n "$admincmds"; then + $ECHO " - have your system administrator run these commands:$admincmds" + fi + if test -f /etc/ld.so.conf; then + echo " - have your system administrator add LIBDIR to '/etc/ld.so.conf'" + fi + echo + + echo "See any operating system documentation about shared libraries for" + case $host in + solaris2.[6789]|solaris2.1[0-9]) + echo "more information, such as the ld(1), crle(1) and ld.so(8) manual" + echo "pages." + ;; + *) + echo "more information, such as the ld(1) and ld.so(8) manual pages." + ;; + esac + echo "----------------------------------------------------------------------" + fi + exit $EXIT_SUCCESS +} + +test finish = "$opt_mode" && func_mode_finish ${1+"$@"} + + +# func_mode_install arg... +func_mode_install () +{ + $debug_cmd + + # There may be an optional sh(1) argument at the beginning of + # install_prog (especially on Windows NT). + if test "$SHELL" = "$nonopt" || test /bin/sh = "$nonopt" || + # Allow the use of GNU shtool's install command. + case $nonopt in *shtool*) :;; *) false;; esac + then + # Aesthetically quote it. + func_quote_for_eval "$nonopt" + install_prog="$func_quote_for_eval_result " + arg=$1 + shift + else + install_prog= + arg=$nonopt + fi + + # The real first argument should be the name of the installation program. + # Aesthetically quote it. + func_quote_for_eval "$arg" + func_append install_prog "$func_quote_for_eval_result" + install_shared_prog=$install_prog + case " $install_prog " in + *[\\\ /]cp\ *) install_cp=: ;; + *) install_cp=false ;; + esac + + # We need to accept at least all the BSD install flags. + dest= + files= + opts= + prev= + install_type= + isdir=false + stripme= + no_mode=: + for arg + do + arg2= + if test -n "$dest"; then + func_append files " $dest" + dest=$arg + continue + fi + + case $arg in + -d) isdir=: ;; + -f) + if $install_cp; then :; else + prev=$arg + fi + ;; + -g | -m | -o) + prev=$arg + ;; + -s) + stripme=" -s" + continue + ;; + -*) + ;; + *) + # If the previous option needed an argument, then skip it. + if test -n "$prev"; then + if test X-m = "X$prev" && test -n "$install_override_mode"; then + arg2=$install_override_mode + no_mode=false + fi + prev= + else + dest=$arg + continue + fi + ;; + esac + + # Aesthetically quote the argument. + func_quote_for_eval "$arg" + func_append install_prog " $func_quote_for_eval_result" + if test -n "$arg2"; then + func_quote_for_eval "$arg2" + fi + func_append install_shared_prog " $func_quote_for_eval_result" + done + + test -z "$install_prog" && \ + func_fatal_help "you must specify an install program" + + test -n "$prev" && \ + func_fatal_help "the '$prev' option requires an argument" + + if test -n "$install_override_mode" && $no_mode; then + if $install_cp; then :; else + func_quote_for_eval "$install_override_mode" + func_append install_shared_prog " -m $func_quote_for_eval_result" + fi + fi + + if test -z "$files"; then + if test -z "$dest"; then + func_fatal_help "no file or destination specified" + else + func_fatal_help "you must specify a destination" + fi + fi + + # Strip any trailing slash from the destination. + func_stripname '' '/' "$dest" + dest=$func_stripname_result + + # Check to see that the destination is a directory. + test -d "$dest" && isdir=: + if $isdir; then + destdir=$dest + destname= + else + func_dirname_and_basename "$dest" "" "." + destdir=$func_dirname_result + destname=$func_basename_result + + # Not a directory, so check to see that there is only one file specified. + set dummy $files; shift + test "$#" -gt 1 && \ + func_fatal_help "'$dest' is not a directory" + fi + case $destdir in + [\\/]* | [A-Za-z]:[\\/]*) ;; + *) + for file in $files; do + case $file in + *.lo) ;; + *) + func_fatal_help "'$destdir' must be an absolute directory name" + ;; + esac + done + ;; + esac + + # This variable tells wrapper scripts just to set variables rather + # than running their programs. + libtool_install_magic=$magic + + staticlibs= + future_libdirs= + current_libdirs= + for file in $files; do + + # Do each installation. + case $file in + *.$libext) + # Do the static libraries later. + func_append staticlibs " $file" + ;; + + *.la) + func_resolve_sysroot "$file" + file=$func_resolve_sysroot_result + + # Check to see that this really is a libtool archive. + func_lalib_unsafe_p "$file" \ + || func_fatal_help "'$file' is not a valid libtool archive" + + library_names= + old_library= + relink_command= + func_source "$file" + + # Add the libdir to current_libdirs if it is the destination. + if test "X$destdir" = "X$libdir"; then + case "$current_libdirs " in + *" $libdir "*) ;; + *) func_append current_libdirs " $libdir" ;; + esac + else + # Note the libdir as a future libdir. + case "$future_libdirs " in + *" $libdir "*) ;; + *) func_append future_libdirs " $libdir" ;; + esac + fi + + func_dirname "$file" "/" "" + dir=$func_dirname_result + func_append dir "$objdir" + + if test -n "$relink_command"; then + # Determine the prefix the user has applied to our future dir. + inst_prefix_dir=`$ECHO "$destdir" | $SED -e "s%$libdir\$%%"` + + # Don't allow the user to place us outside of our expected + # location b/c this prevents finding dependent libraries that + # are installed to the same prefix. + # At present, this check doesn't affect windows .dll's that + # are installed into $libdir/../bin (currently, that works fine) + # but it's something to keep an eye on. + test "$inst_prefix_dir" = "$destdir" && \ + func_fatal_error "error: cannot install '$file' to a directory not ending in $libdir" + + if test -n "$inst_prefix_dir"; then + # Stick the inst_prefix_dir data into the link command. + relink_command=`$ECHO "$relink_command" | $SED "s%@inst_prefix_dir@%-inst-prefix-dir $inst_prefix_dir%"` + else + relink_command=`$ECHO "$relink_command" | $SED "s%@inst_prefix_dir@%%"` + fi + + func_warning "relinking '$file'" + func_show_eval "$relink_command" \ + 'func_fatal_error "error: relink '\''$file'\'' with the above command before installing it"' + fi + + # See the names of the shared library. + set dummy $library_names; shift + if test -n "$1"; then + realname=$1 + shift + + srcname=$realname + test -n "$relink_command" && srcname=${realname}T + + # Install the shared library and build the symlinks. + func_show_eval "$install_shared_prog $dir/$srcname $destdir/$realname" \ + 'exit $?' + tstripme=$stripme + case $host_os in + cygwin* | mingw* | pw32* | cegcc*) + case $realname in + *.dll.a) + tstripme= + ;; + esac + ;; + os2*) + case $realname in + *_dll.a) + tstripme= + ;; + esac + ;; + esac + if test -n "$tstripme" && test -n "$striplib"; then + func_show_eval "$striplib $destdir/$realname" 'exit $?' + fi + + if test "$#" -gt 0; then + # Delete the old symlinks, and create new ones. + # Try 'ln -sf' first, because the 'ln' binary might depend on + # the symlink we replace! Solaris /bin/ln does not understand -f, + # so we also need to try rm && ln -s. + for linkname + do + test "$linkname" != "$realname" \ + && func_show_eval "(cd $destdir && { $LN_S -f $realname $linkname || { $RM $linkname && $LN_S $realname $linkname; }; })" + done + fi + + # Do each command in the postinstall commands. + lib=$destdir/$realname + func_execute_cmds "$postinstall_cmds" 'exit $?' + fi + + # Install the pseudo-library for information purposes. + func_basename "$file" + name=$func_basename_result + instname=$dir/${name}i + func_show_eval "$install_prog $instname $destdir/$name" 'exit $?' + + # Maybe install the static library, too. + test -n "$old_library" && func_append staticlibs " $dir/$old_library" + ;; + + *.lo) + # Install (i.e. copy) a libtool object. + + # Figure out destination file name, if it wasn't already specified. + if test -n "$destname"; then + destfile=$destdir/$destname + else + func_basename "$file" + destfile=$func_basename_result + destfile=$destdir/$destfile + fi + + # Deduce the name of the destination old-style object file. + case $destfile in + *.lo) + func_lo2o "$destfile" + staticdest=$func_lo2o_result + ;; + *.$objext) + staticdest=$destfile + destfile= + ;; + *) + func_fatal_help "cannot copy a libtool object to '$destfile'" + ;; + esac + + # Install the libtool object if requested. + test -n "$destfile" && \ + func_show_eval "$install_prog $file $destfile" 'exit $?' + + # Install the old object if enabled. + if test yes = "$build_old_libs"; then + # Deduce the name of the old-style object file. + func_lo2o "$file" + staticobj=$func_lo2o_result + func_show_eval "$install_prog \$staticobj \$staticdest" 'exit $?' + fi + exit $EXIT_SUCCESS + ;; + + *) + # Figure out destination file name, if it wasn't already specified. + if test -n "$destname"; then + destfile=$destdir/$destname + else + func_basename "$file" + destfile=$func_basename_result + destfile=$destdir/$destfile + fi + + # If the file is missing, and there is a .exe on the end, strip it + # because it is most likely a libtool script we actually want to + # install + stripped_ext= + case $file in + *.exe) + if test ! -f "$file"; then + func_stripname '' '.exe' "$file" + file=$func_stripname_result + stripped_ext=.exe + fi + ;; + esac + + # Do a test to see if this is really a libtool program. + case $host in + *cygwin* | *mingw*) + if func_ltwrapper_executable_p "$file"; then + func_ltwrapper_scriptname "$file" + wrapper=$func_ltwrapper_scriptname_result + else + func_stripname '' '.exe' "$file" + wrapper=$func_stripname_result + fi + ;; + *) + wrapper=$file + ;; + esac + if func_ltwrapper_script_p "$wrapper"; then + notinst_deplibs= + relink_command= + + func_source "$wrapper" + + # Check the variables that should have been set. + test -z "$generated_by_libtool_version" && \ + func_fatal_error "invalid libtool wrapper script '$wrapper'" + + finalize=: + for lib in $notinst_deplibs; do + # Check to see that each library is installed. + libdir= + if test -f "$lib"; then + func_source "$lib" + fi + libfile=$libdir/`$ECHO "$lib" | $SED 's%^.*/%%g'` + if test -n "$libdir" && test ! -f "$libfile"; then + func_warning "'$lib' has not been installed in '$libdir'" + finalize=false + fi + done + + relink_command= + func_source "$wrapper" + + outputname= + if test no = "$fast_install" && test -n "$relink_command"; then + $opt_dry_run || { + if $finalize; then + tmpdir=`func_mktempdir` + func_basename "$file$stripped_ext" + file=$func_basename_result + outputname=$tmpdir/$file + # Replace the output file specification. + relink_command=`$ECHO "$relink_command" | $SED 's%@OUTPUT@%'"$outputname"'%g'` + + $opt_quiet || { + func_quote_for_expand "$relink_command" + eval "func_echo $func_quote_for_expand_result" + } + if eval "$relink_command"; then : + else + func_error "error: relink '$file' with the above command before installing it" + $opt_dry_run || ${RM}r "$tmpdir" + continue + fi + file=$outputname + else + func_warning "cannot relink '$file'" + fi + } + else + # Install the binary that we compiled earlier. + file=`$ECHO "$file$stripped_ext" | $SED "s%\([^/]*\)$%$objdir/\1%"` + fi + fi + + # remove .exe since cygwin /usr/bin/install will append another + # one anyway + case $install_prog,$host in + */usr/bin/install*,*cygwin*) + case $file:$destfile in + *.exe:*.exe) + # this is ok + ;; + *.exe:*) + destfile=$destfile.exe + ;; + *:*.exe) + func_stripname '' '.exe' "$destfile" + destfile=$func_stripname_result + ;; + esac + ;; + esac + func_show_eval "$install_prog\$stripme \$file \$destfile" 'exit $?' + $opt_dry_run || if test -n "$outputname"; then + ${RM}r "$tmpdir" + fi + ;; + esac + done + + for file in $staticlibs; do + func_basename "$file" + name=$func_basename_result + + # Set up the ranlib parameters. + oldlib=$destdir/$name + func_to_tool_file "$oldlib" func_convert_file_msys_to_w32 + tool_oldlib=$func_to_tool_file_result + + func_show_eval "$install_prog \$file \$oldlib" 'exit $?' + + if test -n "$stripme" && test -n "$old_striplib"; then + func_show_eval "$old_striplib $tool_oldlib" 'exit $?' + fi + + # Do each command in the postinstall commands. + func_execute_cmds "$old_postinstall_cmds" 'exit $?' + done + + test -n "$future_libdirs" && \ + func_warning "remember to run '$progname --finish$future_libdirs'" + + if test -n "$current_libdirs"; then + # Maybe just do a dry run. + $opt_dry_run && current_libdirs=" -n$current_libdirs" + exec_cmd='$SHELL "$progpath" $preserve_args --finish$current_libdirs' + else + exit $EXIT_SUCCESS + fi +} + +test install = "$opt_mode" && func_mode_install ${1+"$@"} + + +# func_generate_dlsyms outputname originator pic_p +# Extract symbols from dlprefiles and create ${outputname}S.o with +# a dlpreopen symbol table. +func_generate_dlsyms () +{ + $debug_cmd + + my_outputname=$1 + my_originator=$2 + my_pic_p=${3-false} + my_prefix=`$ECHO "$my_originator" | $SED 's%[^a-zA-Z0-9]%_%g'` + my_dlsyms= + + if test -n "$dlfiles$dlprefiles" || test no != "$dlself"; then + if test -n "$NM" && test -n "$global_symbol_pipe"; then + my_dlsyms=${my_outputname}S.c + else + func_error "not configured to extract global symbols from dlpreopened files" + fi + fi + + if test -n "$my_dlsyms"; then + case $my_dlsyms in + "") ;; + *.c) + # Discover the nlist of each of the dlfiles. + nlist=$output_objdir/$my_outputname.nm + + func_show_eval "$RM $nlist ${nlist}S ${nlist}T" + + # Parse the name list into a source file. + func_verbose "creating $output_objdir/$my_dlsyms" + + $opt_dry_run || $ECHO > "$output_objdir/$my_dlsyms" "\ +/* $my_dlsyms - symbol resolution table for '$my_outputname' dlsym emulation. */ +/* Generated by $PROGRAM (GNU $PACKAGE) $VERSION */ + +#ifdef __cplusplus +extern \"C\" { +#endif + +#if defined __GNUC__ && (((__GNUC__ == 4) && (__GNUC_MINOR__ >= 4)) || (__GNUC__ > 4)) +#pragma GCC diagnostic ignored \"-Wstrict-prototypes\" +#endif + +/* Keep this code in sync between libtool.m4, ltmain, lt_system.h, and tests. */ +#if defined _WIN32 || defined __CYGWIN__ || defined _WIN32_WCE +/* DATA imports from DLLs on WIN32 can't be const, because runtime + relocations are performed -- see ld's documentation on pseudo-relocs. */ +# define LT_DLSYM_CONST +#elif defined __osf__ +/* This system does not cope well with relocations in const data. */ +# define LT_DLSYM_CONST +#else +# define LT_DLSYM_CONST const +#endif + +#define STREQ(s1, s2) (strcmp ((s1), (s2)) == 0) + +/* External symbol declarations for the compiler. */\ +" + + if test yes = "$dlself"; then + func_verbose "generating symbol list for '$output'" + + $opt_dry_run || echo ': @PROGRAM@ ' > "$nlist" + + # Add our own program objects to the symbol list. + progfiles=`$ECHO "$objs$old_deplibs" | $SP2NL | $SED "$lo2o" | $NL2SP` + for progfile in $progfiles; do + func_to_tool_file "$progfile" func_convert_file_msys_to_w32 + func_verbose "extracting global C symbols from '$func_to_tool_file_result'" + $opt_dry_run || eval "$NM $func_to_tool_file_result | $global_symbol_pipe >> '$nlist'" + done + + if test -n "$exclude_expsyms"; then + $opt_dry_run || { + eval '$EGREP -v " ($exclude_expsyms)$" "$nlist" > "$nlist"T' + eval '$MV "$nlist"T "$nlist"' + } + fi + + if test -n "$export_symbols_regex"; then + $opt_dry_run || { + eval '$EGREP -e "$export_symbols_regex" "$nlist" > "$nlist"T' + eval '$MV "$nlist"T "$nlist"' + } + fi + + # Prepare the list of exported symbols + if test -z "$export_symbols"; then + export_symbols=$output_objdir/$outputname.exp + $opt_dry_run || { + $RM $export_symbols + eval "$SED -n -e '/^: @PROGRAM@ $/d' -e 's/^.* \(.*\)$/\1/p' "'< "$nlist" > "$export_symbols"' + case $host in + *cygwin* | *mingw* | *cegcc* ) + eval "echo EXPORTS "'> "$output_objdir/$outputname.def"' + eval 'cat "$export_symbols" >> "$output_objdir/$outputname.def"' + ;; + esac + } + else + $opt_dry_run || { + eval "$SED -e 's/\([].[*^$]\)/\\\\\1/g' -e 's/^/ /' -e 's/$/$/'"' < "$export_symbols" > "$output_objdir/$outputname.exp"' + eval '$GREP -f "$output_objdir/$outputname.exp" < "$nlist" > "$nlist"T' + eval '$MV "$nlist"T "$nlist"' + case $host in + *cygwin* | *mingw* | *cegcc* ) + eval "echo EXPORTS "'> "$output_objdir/$outputname.def"' + eval 'cat "$nlist" >> "$output_objdir/$outputname.def"' + ;; + esac + } + fi + fi + + for dlprefile in $dlprefiles; do + func_verbose "extracting global C symbols from '$dlprefile'" + func_basename "$dlprefile" + name=$func_basename_result + case $host in + *cygwin* | *mingw* | *cegcc* ) + # if an import library, we need to obtain dlname + if func_win32_import_lib_p "$dlprefile"; then + func_tr_sh "$dlprefile" + eval "curr_lafile=\$libfile_$func_tr_sh_result" + dlprefile_dlbasename= + if test -n "$curr_lafile" && func_lalib_p "$curr_lafile"; then + # Use subshell, to avoid clobbering current variable values + dlprefile_dlname=`source "$curr_lafile" && echo "$dlname"` + if test -n "$dlprefile_dlname"; then + func_basename "$dlprefile_dlname" + dlprefile_dlbasename=$func_basename_result + else + # no lafile. user explicitly requested -dlpreopen . + $sharedlib_from_linklib_cmd "$dlprefile" + dlprefile_dlbasename=$sharedlib_from_linklib_result + fi + fi + $opt_dry_run || { + if test -n "$dlprefile_dlbasename"; then + eval '$ECHO ": $dlprefile_dlbasename" >> "$nlist"' + else + func_warning "Could not compute DLL name from $name" + eval '$ECHO ": $name " >> "$nlist"' + fi + func_to_tool_file "$dlprefile" func_convert_file_msys_to_w32 + eval "$NM \"$func_to_tool_file_result\" 2>/dev/null | $global_symbol_pipe | + $SED -e '/I __imp/d' -e 's/I __nm_/D /;s/_nm__//' >> '$nlist'" + } + else # not an import lib + $opt_dry_run || { + eval '$ECHO ": $name " >> "$nlist"' + func_to_tool_file "$dlprefile" func_convert_file_msys_to_w32 + eval "$NM \"$func_to_tool_file_result\" 2>/dev/null | $global_symbol_pipe >> '$nlist'" + } + fi + ;; + *) + $opt_dry_run || { + eval '$ECHO ": $name " >> "$nlist"' + func_to_tool_file "$dlprefile" func_convert_file_msys_to_w32 + eval "$NM \"$func_to_tool_file_result\" 2>/dev/null | $global_symbol_pipe >> '$nlist'" + } + ;; + esac + done + + $opt_dry_run || { + # Make sure we have at least an empty file. + test -f "$nlist" || : > "$nlist" + + if test -n "$exclude_expsyms"; then + $EGREP -v " ($exclude_expsyms)$" "$nlist" > "$nlist"T + $MV "$nlist"T "$nlist" + fi + + # Try sorting and uniquifying the output. + if $GREP -v "^: " < "$nlist" | + if sort -k 3 /dev/null 2>&1; then + sort -k 3 + else + sort +2 + fi | + uniq > "$nlist"S; then + : + else + $GREP -v "^: " < "$nlist" > "$nlist"S + fi + + if test -f "$nlist"S; then + eval "$global_symbol_to_cdecl"' < "$nlist"S >> "$output_objdir/$my_dlsyms"' + else + echo '/* NONE */' >> "$output_objdir/$my_dlsyms" + fi + + func_show_eval '$RM "${nlist}I"' + if test -n "$global_symbol_to_import"; then + eval "$global_symbol_to_import"' < "$nlist"S > "$nlist"I' + fi + + echo >> "$output_objdir/$my_dlsyms" "\ + +/* The mapping between symbol names and symbols. */ +typedef struct { + const char *name; + void *address; +} lt_dlsymlist; +extern LT_DLSYM_CONST lt_dlsymlist +lt_${my_prefix}_LTX_preloaded_symbols[];\ +" + + if test -s "$nlist"I; then + echo >> "$output_objdir/$my_dlsyms" "\ +static void lt_syminit(void) +{ + LT_DLSYM_CONST lt_dlsymlist *symbol = lt_${my_prefix}_LTX_preloaded_symbols; + for (; symbol->name; ++symbol) + {" + $SED 's/.*/ if (STREQ (symbol->name, \"&\")) symbol->address = (void *) \&&;/' < "$nlist"I >> "$output_objdir/$my_dlsyms" + echo >> "$output_objdir/$my_dlsyms" "\ + } +}" + fi + echo >> "$output_objdir/$my_dlsyms" "\ +LT_DLSYM_CONST lt_dlsymlist +lt_${my_prefix}_LTX_preloaded_symbols[] = +{ {\"$my_originator\", (void *) 0}," + + if test -s "$nlist"I; then + echo >> "$output_objdir/$my_dlsyms" "\ + {\"@INIT@\", (void *) <_syminit}," + fi + + case $need_lib_prefix in + no) + eval "$global_symbol_to_c_name_address" < "$nlist" >> "$output_objdir/$my_dlsyms" + ;; + *) + eval "$global_symbol_to_c_name_address_lib_prefix" < "$nlist" >> "$output_objdir/$my_dlsyms" + ;; + esac + echo >> "$output_objdir/$my_dlsyms" "\ + {0, (void *) 0} +}; + +/* This works around a problem in FreeBSD linker */ +#ifdef FREEBSD_WORKAROUND +static const void *lt_preloaded_setup() { + return lt_${my_prefix}_LTX_preloaded_symbols; +} +#endif + +#ifdef __cplusplus +} +#endif\ +" + } # !$opt_dry_run + + pic_flag_for_symtable= + case "$compile_command " in + *" -static "*) ;; + *) + case $host in + # compiling the symbol table file with pic_flag works around + # a FreeBSD bug that causes programs to crash when -lm is + # linked before any other PIC object. But we must not use + # pic_flag when linking with -static. The problem exists in + # FreeBSD 2.2.6 and is fixed in FreeBSD 3.1. + *-*-freebsd2.*|*-*-freebsd3.0*|*-*-freebsdelf3.0*) + pic_flag_for_symtable=" $pic_flag -DFREEBSD_WORKAROUND" ;; + *-*-hpux*) + pic_flag_for_symtable=" $pic_flag" ;; + *) + $my_pic_p && pic_flag_for_symtable=" $pic_flag" + ;; + esac + ;; + esac + symtab_cflags= + for arg in $LTCFLAGS; do + case $arg in + -pie | -fpie | -fPIE) ;; + *) func_append symtab_cflags " $arg" ;; + esac + done + + # Now compile the dynamic symbol file. + func_show_eval '(cd $output_objdir && $LTCC$symtab_cflags -c$no_builtin_flag$pic_flag_for_symtable "$my_dlsyms")' 'exit $?' + + # Clean up the generated files. + func_show_eval '$RM "$output_objdir/$my_dlsyms" "$nlist" "${nlist}S" "${nlist}T" "${nlist}I"' + + # Transform the symbol file into the correct name. + symfileobj=$output_objdir/${my_outputname}S.$objext + case $host in + *cygwin* | *mingw* | *cegcc* ) + if test -f "$output_objdir/$my_outputname.def"; then + compile_command=`$ECHO "$compile_command" | $SED "s%@SYMFILE@%$output_objdir/$my_outputname.def $symfileobj%"` + finalize_command=`$ECHO "$finalize_command" | $SED "s%@SYMFILE@%$output_objdir/$my_outputname.def $symfileobj%"` + else + compile_command=`$ECHO "$compile_command" | $SED "s%@SYMFILE@%$symfileobj%"` + finalize_command=`$ECHO "$finalize_command" | $SED "s%@SYMFILE@%$symfileobj%"` + fi + ;; + *) + compile_command=`$ECHO "$compile_command" | $SED "s%@SYMFILE@%$symfileobj%"` + finalize_command=`$ECHO "$finalize_command" | $SED "s%@SYMFILE@%$symfileobj%"` + ;; + esac + ;; + *) + func_fatal_error "unknown suffix for '$my_dlsyms'" + ;; + esac + else + # We keep going just in case the user didn't refer to + # lt_preloaded_symbols. The linker will fail if global_symbol_pipe + # really was required. + + # Nullify the symbol file. + compile_command=`$ECHO "$compile_command" | $SED "s% @SYMFILE@%%"` + finalize_command=`$ECHO "$finalize_command" | $SED "s% @SYMFILE@%%"` + fi +} + +# func_cygming_gnu_implib_p ARG +# This predicate returns with zero status (TRUE) if +# ARG is a GNU/binutils-style import library. Returns +# with nonzero status (FALSE) otherwise. +func_cygming_gnu_implib_p () +{ + $debug_cmd + + func_to_tool_file "$1" func_convert_file_msys_to_w32 + func_cygming_gnu_implib_tmp=`$NM "$func_to_tool_file_result" | eval "$global_symbol_pipe" | $EGREP ' (_head_[A-Za-z0-9_]+_[ad]l*|[A-Za-z0-9_]+_[ad]l*_iname)$'` + test -n "$func_cygming_gnu_implib_tmp" +} + +# func_cygming_ms_implib_p ARG +# This predicate returns with zero status (TRUE) if +# ARG is an MS-style import library. Returns +# with nonzero status (FALSE) otherwise. +func_cygming_ms_implib_p () +{ + $debug_cmd + + func_to_tool_file "$1" func_convert_file_msys_to_w32 + func_cygming_ms_implib_tmp=`$NM "$func_to_tool_file_result" | eval "$global_symbol_pipe" | $GREP '_NULL_IMPORT_DESCRIPTOR'` + test -n "$func_cygming_ms_implib_tmp" +} + +# func_win32_libid arg +# return the library type of file 'arg' +# +# Need a lot of goo to handle *both* DLLs and import libs +# Has to be a shell function in order to 'eat' the argument +# that is supplied when $file_magic_command is called. +# Despite the name, also deal with 64 bit binaries. +func_win32_libid () +{ + $debug_cmd + + win32_libid_type=unknown + win32_fileres=`file -L $1 2>/dev/null` + case $win32_fileres in + *ar\ archive\ import\ library*) # definitely import + win32_libid_type="x86 archive import" + ;; + *ar\ archive*) # could be an import, or static + # Keep the egrep pattern in sync with the one in _LT_CHECK_MAGIC_METHOD. + if eval $OBJDUMP -f $1 | $SED -e '10q' 2>/dev/null | + $EGREP 'file format (pei*-i386(.*architecture: i386)?|pe-arm-wince|pe-x86-64)' >/dev/null; then + case $nm_interface in + "MS dumpbin") + if func_cygming_ms_implib_p "$1" || + func_cygming_gnu_implib_p "$1" + then + win32_nmres=import + else + win32_nmres= + fi + ;; + *) + func_to_tool_file "$1" func_convert_file_msys_to_w32 + win32_nmres=`eval $NM -f posix -A \"$func_to_tool_file_result\" | + $SED -n -e ' + 1,100{ + / I /{ + s|.*|import| + p + q + } + }'` + ;; + esac + case $win32_nmres in + import*) win32_libid_type="x86 archive import";; + *) win32_libid_type="x86 archive static";; + esac + fi + ;; + *DLL*) + win32_libid_type="x86 DLL" + ;; + *executable*) # but shell scripts are "executable" too... + case $win32_fileres in + *MS\ Windows\ PE\ Intel*) + win32_libid_type="x86 DLL" + ;; + esac + ;; + esac + $ECHO "$win32_libid_type" +} + +# func_cygming_dll_for_implib ARG +# +# Platform-specific function to extract the +# name of the DLL associated with the specified +# import library ARG. +# Invoked by eval'ing the libtool variable +# $sharedlib_from_linklib_cmd +# Result is available in the variable +# $sharedlib_from_linklib_result +func_cygming_dll_for_implib () +{ + $debug_cmd + + sharedlib_from_linklib_result=`$DLLTOOL --identify-strict --identify "$1"` +} + +# func_cygming_dll_for_implib_fallback_core SECTION_NAME LIBNAMEs +# +# The is the core of a fallback implementation of a +# platform-specific function to extract the name of the +# DLL associated with the specified import library LIBNAME. +# +# SECTION_NAME is either .idata$6 or .idata$7, depending +# on the platform and compiler that created the implib. +# +# Echos the name of the DLL associated with the +# specified import library. +func_cygming_dll_for_implib_fallback_core () +{ + $debug_cmd + + match_literal=`$ECHO "$1" | $SED "$sed_make_literal_regex"` + $OBJDUMP -s --section "$1" "$2" 2>/dev/null | + $SED '/^Contents of section '"$match_literal"':/{ + # Place marker at beginning of archive member dllname section + s/.*/====MARK====/ + p + d + } + # These lines can sometimes be longer than 43 characters, but + # are always uninteresting + /:[ ]*file format pe[i]\{,1\}-/d + /^In archive [^:]*:/d + # Ensure marker is printed + /^====MARK====/p + # Remove all lines with less than 43 characters + /^.\{43\}/!d + # From remaining lines, remove first 43 characters + s/^.\{43\}//' | + $SED -n ' + # Join marker and all lines until next marker into a single line + /^====MARK====/ b para + H + $ b para + b + :para + x + s/\n//g + # Remove the marker + s/^====MARK====// + # Remove trailing dots and whitespace + s/[\. \t]*$// + # Print + /./p' | + # we now have a list, one entry per line, of the stringified + # contents of the appropriate section of all members of the + # archive that possess that section. Heuristic: eliminate + # all those that have a first or second character that is + # a '.' (that is, objdump's representation of an unprintable + # character.) This should work for all archives with less than + # 0x302f exports -- but will fail for DLLs whose name actually + # begins with a literal '.' or a single character followed by + # a '.'. + # + # Of those that remain, print the first one. + $SED -e '/^\./d;/^.\./d;q' +} + +# func_cygming_dll_for_implib_fallback ARG +# Platform-specific function to extract the +# name of the DLL associated with the specified +# import library ARG. +# +# This fallback implementation is for use when $DLLTOOL +# does not support the --identify-strict option. +# Invoked by eval'ing the libtool variable +# $sharedlib_from_linklib_cmd +# Result is available in the variable +# $sharedlib_from_linklib_result +func_cygming_dll_for_implib_fallback () +{ + $debug_cmd + + if func_cygming_gnu_implib_p "$1"; then + # binutils import library + sharedlib_from_linklib_result=`func_cygming_dll_for_implib_fallback_core '.idata$7' "$1"` + elif func_cygming_ms_implib_p "$1"; then + # ms-generated import library + sharedlib_from_linklib_result=`func_cygming_dll_for_implib_fallback_core '.idata$6' "$1"` + else + # unknown + sharedlib_from_linklib_result= + fi +} + + +# func_extract_an_archive dir oldlib +func_extract_an_archive () +{ + $debug_cmd + + f_ex_an_ar_dir=$1; shift + f_ex_an_ar_oldlib=$1 + if test yes = "$lock_old_archive_extraction"; then + lockfile=$f_ex_an_ar_oldlib.lock + until $opt_dry_run || ln "$progpath" "$lockfile" 2>/dev/null; do + func_echo "Waiting for $lockfile to be removed" + sleep 2 + done + fi + func_show_eval "(cd \$f_ex_an_ar_dir && $AR x \"\$f_ex_an_ar_oldlib\")" \ + 'stat=$?; rm -f "$lockfile"; exit $stat' + if test yes = "$lock_old_archive_extraction"; then + $opt_dry_run || rm -f "$lockfile" + fi + if ($AR t "$f_ex_an_ar_oldlib" | sort | sort -uc >/dev/null 2>&1); then + : + else + func_fatal_error "object name conflicts in archive: $f_ex_an_ar_dir/$f_ex_an_ar_oldlib" + fi +} + + +# func_extract_archives gentop oldlib ... +func_extract_archives () +{ + $debug_cmd + + my_gentop=$1; shift + my_oldlibs=${1+"$@"} + my_oldobjs= + my_xlib= + my_xabs= + my_xdir= + + for my_xlib in $my_oldlibs; do + # Extract the objects. + case $my_xlib in + [\\/]* | [A-Za-z]:[\\/]*) my_xabs=$my_xlib ;; + *) my_xabs=`pwd`"/$my_xlib" ;; + esac + func_basename "$my_xlib" + my_xlib=$func_basename_result + my_xlib_u=$my_xlib + while :; do + case " $extracted_archives " in + *" $my_xlib_u "*) + func_arith $extracted_serial + 1 + extracted_serial=$func_arith_result + my_xlib_u=lt$extracted_serial-$my_xlib ;; + *) break ;; + esac + done + extracted_archives="$extracted_archives $my_xlib_u" + my_xdir=$my_gentop/$my_xlib_u + + func_mkdir_p "$my_xdir" + + case $host in + *-darwin*) + func_verbose "Extracting $my_xabs" + # Do not bother doing anything if just a dry run + $opt_dry_run || { + darwin_orig_dir=`pwd` + cd $my_xdir || exit $? + darwin_archive=$my_xabs + darwin_curdir=`pwd` + func_basename "$darwin_archive" + darwin_base_archive=$func_basename_result + darwin_arches=`$LIPO -info "$darwin_archive" 2>/dev/null | $GREP Architectures 2>/dev/null || true` + if test -n "$darwin_arches"; then + darwin_arches=`$ECHO "$darwin_arches" | $SED -e 's/.*are://'` + darwin_arch= + func_verbose "$darwin_base_archive has multiple architectures $darwin_arches" + for darwin_arch in $darwin_arches; do + func_mkdir_p "unfat-$$/$darwin_base_archive-$darwin_arch" + $LIPO -thin $darwin_arch -output "unfat-$$/$darwin_base_archive-$darwin_arch/$darwin_base_archive" "$darwin_archive" + cd "unfat-$$/$darwin_base_archive-$darwin_arch" + func_extract_an_archive "`pwd`" "$darwin_base_archive" + cd "$darwin_curdir" + $RM "unfat-$$/$darwin_base_archive-$darwin_arch/$darwin_base_archive" + done # $darwin_arches + ## Okay now we've a bunch of thin objects, gotta fatten them up :) + darwin_filelist=`find unfat-$$ -type f -name \*.o -print -o -name \*.lo -print | $SED -e "$sed_basename" | sort -u` + darwin_file= + darwin_files= + for darwin_file in $darwin_filelist; do + darwin_files=`find unfat-$$ -name $darwin_file -print | sort | $NL2SP` + $LIPO -create -output "$darwin_file" $darwin_files + done # $darwin_filelist + $RM -rf unfat-$$ + cd "$darwin_orig_dir" + else + cd $darwin_orig_dir + func_extract_an_archive "$my_xdir" "$my_xabs" + fi # $darwin_arches + } # !$opt_dry_run + ;; + *) + func_extract_an_archive "$my_xdir" "$my_xabs" + ;; + esac + my_oldobjs="$my_oldobjs "`find $my_xdir -name \*.$objext -print -o -name \*.lo -print | sort | $NL2SP` + done + + func_extract_archives_result=$my_oldobjs +} + + +# func_emit_wrapper [arg=no] +# +# Emit a libtool wrapper script on stdout. +# Don't directly open a file because we may want to +# incorporate the script contents within a cygwin/mingw +# wrapper executable. Must ONLY be called from within +# func_mode_link because it depends on a number of variables +# set therein. +# +# ARG is the value that the WRAPPER_SCRIPT_BELONGS_IN_OBJDIR +# variable will take. If 'yes', then the emitted script +# will assume that the directory where it is stored is +# the $objdir directory. This is a cygwin/mingw-specific +# behavior. +func_emit_wrapper () +{ + func_emit_wrapper_arg1=${1-no} + + $ECHO "\ +#! $SHELL + +# $output - temporary wrapper script for $objdir/$outputname +# Generated by $PROGRAM (GNU $PACKAGE) $VERSION +# +# The $output program cannot be directly executed until all the libtool +# libraries that it depends on are installed. +# +# This wrapper script should never be moved out of the build directory. +# If it is, it will not operate correctly. + +# Sed substitution that helps us do robust quoting. It backslashifies +# metacharacters that are still active within double-quoted strings. +sed_quote_subst='$sed_quote_subst' + +# Be Bourne compatible +if test -n \"\${ZSH_VERSION+set}\" && (emulate sh) >/dev/null 2>&1; then + emulate sh + NULLCMD=: + # Zsh 3.x and 4.x performs word splitting on \${1+\"\$@\"}, which + # is contrary to our usage. Disable this feature. + alias -g '\${1+\"\$@\"}'='\"\$@\"' + setopt NO_GLOB_SUBST +else + case \`(set -o) 2>/dev/null\` in *posix*) set -o posix;; esac +fi +BIN_SH=xpg4; export BIN_SH # for Tru64 +DUALCASE=1; export DUALCASE # for MKS sh + +# The HP-UX ksh and POSIX shell print the target directory to stdout +# if CDPATH is set. +(unset CDPATH) >/dev/null 2>&1 && unset CDPATH + +relink_command=\"$relink_command\" + +# This environment variable determines our operation mode. +if test \"\$libtool_install_magic\" = \"$magic\"; then + # install mode needs the following variables: + generated_by_libtool_version='$macro_version' + notinst_deplibs='$notinst_deplibs' +else + # When we are sourced in execute mode, \$file and \$ECHO are already set. + if test \"\$libtool_execute_magic\" != \"$magic\"; then + file=\"\$0\"" + + qECHO=`$ECHO "$ECHO" | $SED "$sed_quote_subst"` + $ECHO "\ + +# A function that is used when there is no print builtin or printf. +func_fallback_echo () +{ + eval 'cat <<_LTECHO_EOF +\$1 +_LTECHO_EOF' +} + ECHO=\"$qECHO\" + fi + +# Very basic option parsing. These options are (a) specific to +# the libtool wrapper, (b) are identical between the wrapper +# /script/ and the wrapper /executable/ that is used only on +# windows platforms, and (c) all begin with the string "--lt-" +# (application programs are unlikely to have options that match +# this pattern). +# +# There are only two supported options: --lt-debug and +# --lt-dump-script. There is, deliberately, no --lt-help. +# +# The first argument to this parsing function should be the +# script's $0 value, followed by "$@". +lt_option_debug= +func_parse_lt_options () +{ + lt_script_arg0=\$0 + shift + for lt_opt + do + case \"\$lt_opt\" in + --lt-debug) lt_option_debug=1 ;; + --lt-dump-script) + lt_dump_D=\`\$ECHO \"X\$lt_script_arg0\" | $SED -e 's/^X//' -e 's%/[^/]*$%%'\` + test \"X\$lt_dump_D\" = \"X\$lt_script_arg0\" && lt_dump_D=. + lt_dump_F=\`\$ECHO \"X\$lt_script_arg0\" | $SED -e 's/^X//' -e 's%^.*/%%'\` + cat \"\$lt_dump_D/\$lt_dump_F\" + exit 0 + ;; + --lt-*) + \$ECHO \"Unrecognized --lt- option: '\$lt_opt'\" 1>&2 + exit 1 + ;; + esac + done + + # Print the debug banner immediately: + if test -n \"\$lt_option_debug\"; then + echo \"$outputname:$output:\$LINENO: libtool wrapper (GNU $PACKAGE) $VERSION\" 1>&2 + fi +} + +# Used when --lt-debug. Prints its arguments to stdout +# (redirection is the responsibility of the caller) +func_lt_dump_args () +{ + lt_dump_args_N=1; + for lt_arg + do + \$ECHO \"$outputname:$output:\$LINENO: newargv[\$lt_dump_args_N]: \$lt_arg\" + lt_dump_args_N=\`expr \$lt_dump_args_N + 1\` + done +} + +# Core function for launching the target application +func_exec_program_core () +{ +" + case $host in + # Backslashes separate directories on plain windows + *-*-mingw | *-*-os2* | *-cegcc*) + $ECHO "\ + if test -n \"\$lt_option_debug\"; then + \$ECHO \"$outputname:$output:\$LINENO: newargv[0]: \$progdir\\\\\$program\" 1>&2 + func_lt_dump_args \${1+\"\$@\"} 1>&2 + fi + exec \"\$progdir\\\\\$program\" \${1+\"\$@\"} +" + ;; + + *) + $ECHO "\ + if test -n \"\$lt_option_debug\"; then + \$ECHO \"$outputname:$output:\$LINENO: newargv[0]: \$progdir/\$program\" 1>&2 + func_lt_dump_args \${1+\"\$@\"} 1>&2 + fi + exec \"\$progdir/\$program\" \${1+\"\$@\"} +" + ;; + esac + $ECHO "\ + \$ECHO \"\$0: cannot exec \$program \$*\" 1>&2 + exit 1 +} + +# A function to encapsulate launching the target application +# Strips options in the --lt-* namespace from \$@ and +# launches target application with the remaining arguments. +func_exec_program () +{ + case \" \$* \" in + *\\ --lt-*) + for lt_wr_arg + do + case \$lt_wr_arg in + --lt-*) ;; + *) set x \"\$@\" \"\$lt_wr_arg\"; shift;; + esac + shift + done ;; + esac + func_exec_program_core \${1+\"\$@\"} +} + + # Parse options + func_parse_lt_options \"\$0\" \${1+\"\$@\"} + + # Find the directory that this script lives in. + thisdir=\`\$ECHO \"\$file\" | $SED 's%/[^/]*$%%'\` + test \"x\$thisdir\" = \"x\$file\" && thisdir=. + + # Follow symbolic links until we get to the real thisdir. + file=\`ls -ld \"\$file\" | $SED -n 's/.*-> //p'\` + while test -n \"\$file\"; do + destdir=\`\$ECHO \"\$file\" | $SED 's%/[^/]*\$%%'\` + + # If there was a directory component, then change thisdir. + if test \"x\$destdir\" != \"x\$file\"; then + case \"\$destdir\" in + [\\\\/]* | [A-Za-z]:[\\\\/]*) thisdir=\"\$destdir\" ;; + *) thisdir=\"\$thisdir/\$destdir\" ;; + esac + fi + + file=\`\$ECHO \"\$file\" | $SED 's%^.*/%%'\` + file=\`ls -ld \"\$thisdir/\$file\" | $SED -n 's/.*-> //p'\` + done + + # Usually 'no', except on cygwin/mingw when embedded into + # the cwrapper. + WRAPPER_SCRIPT_BELONGS_IN_OBJDIR=$func_emit_wrapper_arg1 + if test \"\$WRAPPER_SCRIPT_BELONGS_IN_OBJDIR\" = \"yes\"; then + # special case for '.' + if test \"\$thisdir\" = \".\"; then + thisdir=\`pwd\` + fi + # remove .libs from thisdir + case \"\$thisdir\" in + *[\\\\/]$objdir ) thisdir=\`\$ECHO \"\$thisdir\" | $SED 's%[\\\\/][^\\\\/]*$%%'\` ;; + $objdir ) thisdir=. ;; + esac + fi + + # Try to get the absolute directory name. + absdir=\`cd \"\$thisdir\" && pwd\` + test -n \"\$absdir\" && thisdir=\"\$absdir\" +" + + if test yes = "$fast_install"; then + $ECHO "\ + program=lt-'$outputname'$exeext + progdir=\"\$thisdir/$objdir\" + + if test ! -f \"\$progdir/\$program\" || + { file=\`ls -1dt \"\$progdir/\$program\" \"\$progdir/../\$program\" 2>/dev/null | $SED 1q\`; \\ + test \"X\$file\" != \"X\$progdir/\$program\"; }; then + + file=\"\$\$-\$program\" + + if test ! -d \"\$progdir\"; then + $MKDIR \"\$progdir\" + else + $RM \"\$progdir/\$file\" + fi" + + $ECHO "\ + + # relink executable if necessary + if test -n \"\$relink_command\"; then + if relink_command_output=\`eval \$relink_command 2>&1\`; then : + else + \$ECHO \"\$relink_command_output\" >&2 + $RM \"\$progdir/\$file\" + exit 1 + fi + fi + + $MV \"\$progdir/\$file\" \"\$progdir/\$program\" 2>/dev/null || + { $RM \"\$progdir/\$program\"; + $MV \"\$progdir/\$file\" \"\$progdir/\$program\"; } + $RM \"\$progdir/\$file\" + fi" + else + $ECHO "\ + program='$outputname' + progdir=\"\$thisdir/$objdir\" +" + fi + + $ECHO "\ + + if test -f \"\$progdir/\$program\"; then" + + # fixup the dll searchpath if we need to. + # + # Fix the DLL searchpath if we need to. Do this before prepending + # to shlibpath, because on Windows, both are PATH and uninstalled + # libraries must come first. + if test -n "$dllsearchpath"; then + $ECHO "\ + # Add the dll search path components to the executable PATH + PATH=$dllsearchpath:\$PATH +" + fi + + # Export our shlibpath_var if we have one. + if test yes = "$shlibpath_overrides_runpath" && test -n "$shlibpath_var" && test -n "$temp_rpath"; then + $ECHO "\ + # Add our own library path to $shlibpath_var + $shlibpath_var=\"$temp_rpath\$$shlibpath_var\" + + # Some systems cannot cope with colon-terminated $shlibpath_var + # The second colon is a workaround for a bug in BeOS R4 sed + $shlibpath_var=\`\$ECHO \"\$$shlibpath_var\" | $SED 's/::*\$//'\` + + export $shlibpath_var +" + fi + + $ECHO "\ + if test \"\$libtool_execute_magic\" != \"$magic\"; then + # Run the actual program with our arguments. + func_exec_program \${1+\"\$@\"} + fi + else + # The program doesn't exist. + \$ECHO \"\$0: error: '\$progdir/\$program' does not exist\" 1>&2 + \$ECHO \"This script is just a wrapper for \$program.\" 1>&2 + \$ECHO \"See the $PACKAGE documentation for more information.\" 1>&2 + exit 1 + fi +fi\ +" +} + + +# func_emit_cwrapperexe_src +# emit the source code for a wrapper executable on stdout +# Must ONLY be called from within func_mode_link because +# it depends on a number of variable set therein. +func_emit_cwrapperexe_src () +{ + cat < +#include +#ifdef _MSC_VER +# include +# include +# include +#else +# include +# include +# ifdef __CYGWIN__ +# include +# endif +#endif +#include +#include +#include +#include +#include +#include +#include +#include + +#define STREQ(s1, s2) (strcmp ((s1), (s2)) == 0) + +/* declarations of non-ANSI functions */ +#if defined __MINGW32__ +# ifdef __STRICT_ANSI__ +int _putenv (const char *); +# endif +#elif defined __CYGWIN__ +# ifdef __STRICT_ANSI__ +char *realpath (const char *, char *); +int putenv (char *); +int setenv (const char *, const char *, int); +# endif +/* #elif defined other_platform || defined ... */ +#endif + +/* portability defines, excluding path handling macros */ +#if defined _MSC_VER +# define setmode _setmode +# define stat _stat +# define chmod _chmod +# define getcwd _getcwd +# define putenv _putenv +# define S_IXUSR _S_IEXEC +#elif defined __MINGW32__ +# define setmode _setmode +# define stat _stat +# define chmod _chmod +# define getcwd _getcwd +# define putenv _putenv +#elif defined __CYGWIN__ +# define HAVE_SETENV +# define FOPEN_WB "wb" +/* #elif defined other platforms ... */ +#endif + +#if defined PATH_MAX +# define LT_PATHMAX PATH_MAX +#elif defined MAXPATHLEN +# define LT_PATHMAX MAXPATHLEN +#else +# define LT_PATHMAX 1024 +#endif + +#ifndef S_IXOTH +# define S_IXOTH 0 +#endif +#ifndef S_IXGRP +# define S_IXGRP 0 +#endif + +/* path handling portability macros */ +#ifndef DIR_SEPARATOR +# define DIR_SEPARATOR '/' +# define PATH_SEPARATOR ':' +#endif + +#if defined _WIN32 || defined __MSDOS__ || defined __DJGPP__ || \ + defined __OS2__ +# define HAVE_DOS_BASED_FILE_SYSTEM +# define FOPEN_WB "wb" +# ifndef DIR_SEPARATOR_2 +# define DIR_SEPARATOR_2 '\\' +# endif +# ifndef PATH_SEPARATOR_2 +# define PATH_SEPARATOR_2 ';' +# endif +#endif + +#ifndef DIR_SEPARATOR_2 +# define IS_DIR_SEPARATOR(ch) ((ch) == DIR_SEPARATOR) +#else /* DIR_SEPARATOR_2 */ +# define IS_DIR_SEPARATOR(ch) \ + (((ch) == DIR_SEPARATOR) || ((ch) == DIR_SEPARATOR_2)) +#endif /* DIR_SEPARATOR_2 */ + +#ifndef PATH_SEPARATOR_2 +# define IS_PATH_SEPARATOR(ch) ((ch) == PATH_SEPARATOR) +#else /* PATH_SEPARATOR_2 */ +# define IS_PATH_SEPARATOR(ch) ((ch) == PATH_SEPARATOR_2) +#endif /* PATH_SEPARATOR_2 */ + +#ifndef FOPEN_WB +# define FOPEN_WB "w" +#endif +#ifndef _O_BINARY +# define _O_BINARY 0 +#endif + +#define XMALLOC(type, num) ((type *) xmalloc ((num) * sizeof(type))) +#define XFREE(stale) do { \ + if (stale) { free (stale); stale = 0; } \ +} while (0) + +#if defined LT_DEBUGWRAPPER +static int lt_debug = 1; +#else +static int lt_debug = 0; +#endif + +const char *program_name = "libtool-wrapper"; /* in case xstrdup fails */ + +void *xmalloc (size_t num); +char *xstrdup (const char *string); +const char *base_name (const char *name); +char *find_executable (const char *wrapper); +char *chase_symlinks (const char *pathspec); +int make_executable (const char *path); +int check_executable (const char *path); +char *strendzap (char *str, const char *pat); +void lt_debugprintf (const char *file, int line, const char *fmt, ...); +void lt_fatal (const char *file, int line, const char *message, ...); +static const char *nonnull (const char *s); +static const char *nonempty (const char *s); +void lt_setenv (const char *name, const char *value); +char *lt_extend_str (const char *orig_value, const char *add, int to_end); +void lt_update_exe_path (const char *name, const char *value); +void lt_update_lib_path (const char *name, const char *value); +char **prepare_spawn (char **argv); +void lt_dump_script (FILE *f); +EOF + + cat <= 0) + && (st.st_mode & (S_IXUSR | S_IXGRP | S_IXOTH))) + return 1; + else + return 0; +} + +int +make_executable (const char *path) +{ + int rval = 0; + struct stat st; + + lt_debugprintf (__FILE__, __LINE__, "(make_executable): %s\n", + nonempty (path)); + if ((!path) || (!*path)) + return 0; + + if (stat (path, &st) >= 0) + { + rval = chmod (path, st.st_mode | S_IXOTH | S_IXGRP | S_IXUSR); + } + return rval; +} + +/* Searches for the full path of the wrapper. Returns + newly allocated full path name if found, NULL otherwise + Does not chase symlinks, even on platforms that support them. +*/ +char * +find_executable (const char *wrapper) +{ + int has_slash = 0; + const char *p; + const char *p_next; + /* static buffer for getcwd */ + char tmp[LT_PATHMAX + 1]; + size_t tmp_len; + char *concat_name; + + lt_debugprintf (__FILE__, __LINE__, "(find_executable): %s\n", + nonempty (wrapper)); + + if ((wrapper == NULL) || (*wrapper == '\0')) + return NULL; + + /* Absolute path? */ +#if defined HAVE_DOS_BASED_FILE_SYSTEM + if (isalpha ((unsigned char) wrapper[0]) && wrapper[1] == ':') + { + concat_name = xstrdup (wrapper); + if (check_executable (concat_name)) + return concat_name; + XFREE (concat_name); + } + else + { +#endif + if (IS_DIR_SEPARATOR (wrapper[0])) + { + concat_name = xstrdup (wrapper); + if (check_executable (concat_name)) + return concat_name; + XFREE (concat_name); + } +#if defined HAVE_DOS_BASED_FILE_SYSTEM + } +#endif + + for (p = wrapper; *p; p++) + if (*p == '/') + { + has_slash = 1; + break; + } + if (!has_slash) + { + /* no slashes; search PATH */ + const char *path = getenv ("PATH"); + if (path != NULL) + { + for (p = path; *p; p = p_next) + { + const char *q; + size_t p_len; + for (q = p; *q; q++) + if (IS_PATH_SEPARATOR (*q)) + break; + p_len = (size_t) (q - p); + p_next = (*q == '\0' ? q : q + 1); + if (p_len == 0) + { + /* empty path: current directory */ + if (getcwd (tmp, LT_PATHMAX) == NULL) + lt_fatal (__FILE__, __LINE__, "getcwd failed: %s", + nonnull (strerror (errno))); + tmp_len = strlen (tmp); + concat_name = + XMALLOC (char, tmp_len + 1 + strlen (wrapper) + 1); + memcpy (concat_name, tmp, tmp_len); + concat_name[tmp_len] = '/'; + strcpy (concat_name + tmp_len + 1, wrapper); + } + else + { + concat_name = + XMALLOC (char, p_len + 1 + strlen (wrapper) + 1); + memcpy (concat_name, p, p_len); + concat_name[p_len] = '/'; + strcpy (concat_name + p_len + 1, wrapper); + } + if (check_executable (concat_name)) + return concat_name; + XFREE (concat_name); + } + } + /* not found in PATH; assume curdir */ + } + /* Relative path | not found in path: prepend cwd */ + if (getcwd (tmp, LT_PATHMAX) == NULL) + lt_fatal (__FILE__, __LINE__, "getcwd failed: %s", + nonnull (strerror (errno))); + tmp_len = strlen (tmp); + concat_name = XMALLOC (char, tmp_len + 1 + strlen (wrapper) + 1); + memcpy (concat_name, tmp, tmp_len); + concat_name[tmp_len] = '/'; + strcpy (concat_name + tmp_len + 1, wrapper); + + if (check_executable (concat_name)) + return concat_name; + XFREE (concat_name); + return NULL; +} + +char * +chase_symlinks (const char *pathspec) +{ +#ifndef S_ISLNK + return xstrdup (pathspec); +#else + char buf[LT_PATHMAX]; + struct stat s; + char *tmp_pathspec = xstrdup (pathspec); + char *p; + int has_symlinks = 0; + while (strlen (tmp_pathspec) && !has_symlinks) + { + lt_debugprintf (__FILE__, __LINE__, + "checking path component for symlinks: %s\n", + tmp_pathspec); + if (lstat (tmp_pathspec, &s) == 0) + { + if (S_ISLNK (s.st_mode) != 0) + { + has_symlinks = 1; + break; + } + + /* search backwards for last DIR_SEPARATOR */ + p = tmp_pathspec + strlen (tmp_pathspec) - 1; + while ((p > tmp_pathspec) && (!IS_DIR_SEPARATOR (*p))) + p--; + if ((p == tmp_pathspec) && (!IS_DIR_SEPARATOR (*p))) + { + /* no more DIR_SEPARATORS left */ + break; + } + *p = '\0'; + } + else + { + lt_fatal (__FILE__, __LINE__, + "error accessing file \"%s\": %s", + tmp_pathspec, nonnull (strerror (errno))); + } + } + XFREE (tmp_pathspec); + + if (!has_symlinks) + { + return xstrdup (pathspec); + } + + tmp_pathspec = realpath (pathspec, buf); + if (tmp_pathspec == 0) + { + lt_fatal (__FILE__, __LINE__, + "could not follow symlinks for %s", pathspec); + } + return xstrdup (tmp_pathspec); +#endif +} + +char * +strendzap (char *str, const char *pat) +{ + size_t len, patlen; + + assert (str != NULL); + assert (pat != NULL); + + len = strlen (str); + patlen = strlen (pat); + + if (patlen <= len) + { + str += len - patlen; + if (STREQ (str, pat)) + *str = '\0'; + } + return str; +} + +void +lt_debugprintf (const char *file, int line, const char *fmt, ...) +{ + va_list args; + if (lt_debug) + { + (void) fprintf (stderr, "%s:%s:%d: ", program_name, file, line); + va_start (args, fmt); + (void) vfprintf (stderr, fmt, args); + va_end (args); + } +} + +static void +lt_error_core (int exit_status, const char *file, + int line, const char *mode, + const char *message, va_list ap) +{ + fprintf (stderr, "%s:%s:%d: %s: ", program_name, file, line, mode); + vfprintf (stderr, message, ap); + fprintf (stderr, ".\n"); + + if (exit_status >= 0) + exit (exit_status); +} + +void +lt_fatal (const char *file, int line, const char *message, ...) +{ + va_list ap; + va_start (ap, message); + lt_error_core (EXIT_FAILURE, file, line, "FATAL", message, ap); + va_end (ap); +} + +static const char * +nonnull (const char *s) +{ + return s ? s : "(null)"; +} + +static const char * +nonempty (const char *s) +{ + return (s && !*s) ? "(empty)" : nonnull (s); +} + +void +lt_setenv (const char *name, const char *value) +{ + lt_debugprintf (__FILE__, __LINE__, + "(lt_setenv) setting '%s' to '%s'\n", + nonnull (name), nonnull (value)); + { +#ifdef HAVE_SETENV + /* always make a copy, for consistency with !HAVE_SETENV */ + char *str = xstrdup (value); + setenv (name, str, 1); +#else + size_t len = strlen (name) + 1 + strlen (value) + 1; + char *str = XMALLOC (char, len); + sprintf (str, "%s=%s", name, value); + if (putenv (str) != EXIT_SUCCESS) + { + XFREE (str); + } +#endif + } +} + +char * +lt_extend_str (const char *orig_value, const char *add, int to_end) +{ + char *new_value; + if (orig_value && *orig_value) + { + size_t orig_value_len = strlen (orig_value); + size_t add_len = strlen (add); + new_value = XMALLOC (char, add_len + orig_value_len + 1); + if (to_end) + { + strcpy (new_value, orig_value); + strcpy (new_value + orig_value_len, add); + } + else + { + strcpy (new_value, add); + strcpy (new_value + add_len, orig_value); + } + } + else + { + new_value = xstrdup (add); + } + return new_value; +} + +void +lt_update_exe_path (const char *name, const char *value) +{ + lt_debugprintf (__FILE__, __LINE__, + "(lt_update_exe_path) modifying '%s' by prepending '%s'\n", + nonnull (name), nonnull (value)); + + if (name && *name && value && *value) + { + char *new_value = lt_extend_str (getenv (name), value, 0); + /* some systems can't cope with a ':'-terminated path #' */ + size_t len = strlen (new_value); + while ((len > 0) && IS_PATH_SEPARATOR (new_value[len-1])) + { + new_value[--len] = '\0'; + } + lt_setenv (name, new_value); + XFREE (new_value); + } +} + +void +lt_update_lib_path (const char *name, const char *value) +{ + lt_debugprintf (__FILE__, __LINE__, + "(lt_update_lib_path) modifying '%s' by prepending '%s'\n", + nonnull (name), nonnull (value)); + + if (name && *name && value && *value) + { + char *new_value = lt_extend_str (getenv (name), value, 0); + lt_setenv (name, new_value); + XFREE (new_value); + } +} + +EOF + case $host_os in + mingw*) + cat <<"EOF" + +/* Prepares an argument vector before calling spawn(). + Note that spawn() does not by itself call the command interpreter + (getenv ("COMSPEC") != NULL ? getenv ("COMSPEC") : + ({ OSVERSIONINFO v; v.dwOSVersionInfoSize = sizeof(OSVERSIONINFO); + GetVersionEx(&v); + v.dwPlatformId == VER_PLATFORM_WIN32_NT; + }) ? "cmd.exe" : "command.com"). + Instead it simply concatenates the arguments, separated by ' ', and calls + CreateProcess(). We must quote the arguments since Win32 CreateProcess() + interprets characters like ' ', '\t', '\\', '"' (but not '<' and '>') in a + special way: + - Space and tab are interpreted as delimiters. They are not treated as + delimiters if they are surrounded by double quotes: "...". + - Unescaped double quotes are removed from the input. Their only effect is + that within double quotes, space and tab are treated like normal + characters. + - Backslashes not followed by double quotes are not special. + - But 2*n+1 backslashes followed by a double quote become + n backslashes followed by a double quote (n >= 0): + \" -> " + \\\" -> \" + \\\\\" -> \\" + */ +#define SHELL_SPECIAL_CHARS "\"\\ \001\002\003\004\005\006\007\010\011\012\013\014\015\016\017\020\021\022\023\024\025\026\027\030\031\032\033\034\035\036\037" +#define SHELL_SPACE_CHARS " \001\002\003\004\005\006\007\010\011\012\013\014\015\016\017\020\021\022\023\024\025\026\027\030\031\032\033\034\035\036\037" +char ** +prepare_spawn (char **argv) +{ + size_t argc; + char **new_argv; + size_t i; + + /* Count number of arguments. */ + for (argc = 0; argv[argc] != NULL; argc++) + ; + + /* Allocate new argument vector. */ + new_argv = XMALLOC (char *, argc + 1); + + /* Put quoted arguments into the new argument vector. */ + for (i = 0; i < argc; i++) + { + const char *string = argv[i]; + + if (string[0] == '\0') + new_argv[i] = xstrdup ("\"\""); + else if (strpbrk (string, SHELL_SPECIAL_CHARS) != NULL) + { + int quote_around = (strpbrk (string, SHELL_SPACE_CHARS) != NULL); + size_t length; + unsigned int backslashes; + const char *s; + char *quoted_string; + char *p; + + length = 0; + backslashes = 0; + if (quote_around) + length++; + for (s = string; *s != '\0'; s++) + { + char c = *s; + if (c == '"') + length += backslashes + 1; + length++; + if (c == '\\') + backslashes++; + else + backslashes = 0; + } + if (quote_around) + length += backslashes + 1; + + quoted_string = XMALLOC (char, length + 1); + + p = quoted_string; + backslashes = 0; + if (quote_around) + *p++ = '"'; + for (s = string; *s != '\0'; s++) + { + char c = *s; + if (c == '"') + { + unsigned int j; + for (j = backslashes + 1; j > 0; j--) + *p++ = '\\'; + } + *p++ = c; + if (c == '\\') + backslashes++; + else + backslashes = 0; + } + if (quote_around) + { + unsigned int j; + for (j = backslashes; j > 0; j--) + *p++ = '\\'; + *p++ = '"'; + } + *p = '\0'; + + new_argv[i] = quoted_string; + } + else + new_argv[i] = (char *) string; + } + new_argv[argc] = NULL; + + return new_argv; +} +EOF + ;; + esac + + cat <<"EOF" +void lt_dump_script (FILE* f) +{ +EOF + func_emit_wrapper yes | + $SED -n -e ' +s/^\(.\{79\}\)\(..*\)/\1\ +\2/ +h +s/\([\\"]\)/\\\1/g +s/$/\\n/ +s/\([^\n]*\).*/ fputs ("\1", f);/p +g +D' + cat <<"EOF" +} +EOF +} +# end: func_emit_cwrapperexe_src + +# func_win32_import_lib_p ARG +# True if ARG is an import lib, as indicated by $file_magic_cmd +func_win32_import_lib_p () +{ + $debug_cmd + + case `eval $file_magic_cmd \"\$1\" 2>/dev/null | $SED -e 10q` in + *import*) : ;; + *) false ;; + esac +} + +# func_suncc_cstd_abi +# !!ONLY CALL THIS FOR SUN CC AFTER $compile_command IS FULLY EXPANDED!! +# Several compiler flags select an ABI that is incompatible with the +# Cstd library. Avoid specifying it if any are in CXXFLAGS. +func_suncc_cstd_abi () +{ + $debug_cmd + + case " $compile_command " in + *" -compat=g "*|*\ -std=c++[0-9][0-9]\ *|*" -library=stdcxx4 "*|*" -library=stlport4 "*) + suncc_use_cstd_abi=no + ;; + *) + suncc_use_cstd_abi=yes + ;; + esac +} + +# func_mode_link arg... +func_mode_link () +{ + $debug_cmd + + case $host in + *-*-cygwin* | *-*-mingw* | *-*-pw32* | *-*-os2* | *-cegcc*) + # It is impossible to link a dll without this setting, and + # we shouldn't force the makefile maintainer to figure out + # what system we are compiling for in order to pass an extra + # flag for every libtool invocation. + # allow_undefined=no + + # FIXME: Unfortunately, there are problems with the above when trying + # to make a dll that has undefined symbols, in which case not + # even a static library is built. For now, we need to specify + # -no-undefined on the libtool link line when we can be certain + # that all symbols are satisfied, otherwise we get a static library. + allow_undefined=yes + ;; + *) + allow_undefined=yes + ;; + esac + libtool_args=$nonopt + base_compile="$nonopt $@" + compile_command=$nonopt + finalize_command=$nonopt + + compile_rpath= + finalize_rpath= + compile_shlibpath= + finalize_shlibpath= + convenience= + old_convenience= + deplibs= + old_deplibs= + compiler_flags= + linker_flags= + dllsearchpath= + lib_search_path=`pwd` + inst_prefix_dir= + new_inherited_linker_flags= + fix_hardcoded_libdir_flag= + fix_hardcoded_libdir_flag_ld= + + avoid_version=no + bindir= + dlfiles= + dlprefiles= + dlself=no + export_dynamic=no + export_symbols= + export_symbols_regex= + generated= + libobjs= + ltlibs= + module=no + no_install=no + objs= + os2dllname= + non_pic_objects= + precious_files_regex= + prefer_static_libs=no + preload=false + prev= + prevarg= + release= + rpath= + xrpath= + perm_rpath= + temp_rpath= + thread_safe=no + vinfo= + vinfo_number=no + weak_libs= + single_module=$wl-single_module + func_infer_tag $base_compile + + # We need to know -static, to get the right output filenames. + for arg + do + case $arg in + -shared) + test yes != "$build_libtool_libs" \ + && func_fatal_configuration "cannot build a shared library" + build_old_libs=no + break + ;; + -all-static | -static | -static-libtool-libs) + case $arg in + -all-static) + if test yes = "$build_libtool_libs" && test -z "$link_static_flag"; then + func_warning "complete static linking is impossible in this configuration" + fi + if test -n "$link_static_flag"; then + dlopen_self=$dlopen_self_static + fi + prefer_static_libs=yes + ;; + -static) + if test -z "$pic_flag" && test -n "$link_static_flag"; then + dlopen_self=$dlopen_self_static + fi + prefer_static_libs=built + ;; + -static-libtool-libs) + if test -z "$pic_flag" && test -n "$link_static_flag"; then + dlopen_self=$dlopen_self_static + fi + prefer_static_libs=yes + ;; + esac + build_libtool_libs=no + build_old_libs=yes + break + ;; + esac + done + + # See if our shared archives depend on static archives. + test -n "$old_archive_from_new_cmds" && build_old_libs=yes + + # Go through the arguments, transforming them on the way. + while test "$#" -gt 0; do + arg=$1 + shift + func_quote_for_eval "$arg" + qarg=$func_quote_for_eval_unquoted_result + func_append libtool_args " $func_quote_for_eval_result" + + # If the previous option needs an argument, assign it. + if test -n "$prev"; then + case $prev in + output) + func_append compile_command " @OUTPUT@" + func_append finalize_command " @OUTPUT@" + ;; + esac + + case $prev in + bindir) + bindir=$arg + prev= + continue + ;; + dlfiles|dlprefiles) + $preload || { + # Add the symbol object into the linking commands. + func_append compile_command " @SYMFILE@" + func_append finalize_command " @SYMFILE@" + preload=: + } + case $arg in + *.la | *.lo) ;; # We handle these cases below. + force) + if test no = "$dlself"; then + dlself=needless + export_dynamic=yes + fi + prev= + continue + ;; + self) + if test dlprefiles = "$prev"; then + dlself=yes + elif test dlfiles = "$prev" && test yes != "$dlopen_self"; then + dlself=yes + else + dlself=needless + export_dynamic=yes + fi + prev= + continue + ;; + *) + if test dlfiles = "$prev"; then + func_append dlfiles " $arg" + else + func_append dlprefiles " $arg" + fi + prev= + continue + ;; + esac + ;; + expsyms) + export_symbols=$arg + test -f "$arg" \ + || func_fatal_error "symbol file '$arg' does not exist" + prev= + continue + ;; + expsyms_regex) + export_symbols_regex=$arg + prev= + continue + ;; + framework) + case $host in + *-*-darwin*) + case "$deplibs " in + *" $qarg.ltframework "*) ;; + *) func_append deplibs " $qarg.ltframework" # this is fixed later + ;; + esac + ;; + esac + prev= + continue + ;; + inst_prefix) + inst_prefix_dir=$arg + prev= + continue + ;; + mllvm) + # Clang does not use LLVM to link, so we can simply discard any + # '-mllvm $arg' options when doing the link step. + prev= + continue + ;; + objectlist) + if test -f "$arg"; then + save_arg=$arg + moreargs= + for fil in `cat "$save_arg"` + do +# func_append moreargs " $fil" + arg=$fil + # A libtool-controlled object. + + # Check to see that this really is a libtool object. + if func_lalib_unsafe_p "$arg"; then + pic_object= + non_pic_object= + + # Read the .lo file + func_source "$arg" + + if test -z "$pic_object" || + test -z "$non_pic_object" || + test none = "$pic_object" && + test none = "$non_pic_object"; then + func_fatal_error "cannot find name of object for '$arg'" + fi + + # Extract subdirectory from the argument. + func_dirname "$arg" "/" "" + xdir=$func_dirname_result + + if test none != "$pic_object"; then + # Prepend the subdirectory the object is found in. + pic_object=$xdir$pic_object + + if test dlfiles = "$prev"; then + if test yes = "$build_libtool_libs" && test yes = "$dlopen_support"; then + func_append dlfiles " $pic_object" + prev= + continue + else + # If libtool objects are unsupported, then we need to preload. + prev=dlprefiles + fi + fi + + # CHECK ME: I think I busted this. -Ossama + if test dlprefiles = "$prev"; then + # Preload the old-style object. + func_append dlprefiles " $pic_object" + prev= + fi + + # A PIC object. + func_append libobjs " $pic_object" + arg=$pic_object + fi + + # Non-PIC object. + if test none != "$non_pic_object"; then + # Prepend the subdirectory the object is found in. + non_pic_object=$xdir$non_pic_object + + # A standard non-PIC object + func_append non_pic_objects " $non_pic_object" + if test -z "$pic_object" || test none = "$pic_object"; then + arg=$non_pic_object + fi + else + # If the PIC object exists, use it instead. + # $xdir was prepended to $pic_object above. + non_pic_object=$pic_object + func_append non_pic_objects " $non_pic_object" + fi + else + # Only an error if not doing a dry-run. + if $opt_dry_run; then + # Extract subdirectory from the argument. + func_dirname "$arg" "/" "" + xdir=$func_dirname_result + + func_lo2o "$arg" + pic_object=$xdir$objdir/$func_lo2o_result + non_pic_object=$xdir$func_lo2o_result + func_append libobjs " $pic_object" + func_append non_pic_objects " $non_pic_object" + else + func_fatal_error "'$arg' is not a valid libtool object" + fi + fi + done + else + func_fatal_error "link input file '$arg' does not exist" + fi + arg=$save_arg + prev= + continue + ;; + os2dllname) + os2dllname=$arg + prev= + continue + ;; + precious_regex) + precious_files_regex=$arg + prev= + continue + ;; + release) + release=-$arg + prev= + continue + ;; + rpath | xrpath) + # We need an absolute path. + case $arg in + [\\/]* | [A-Za-z]:[\\/]*) ;; + *) + func_fatal_error "only absolute run-paths are allowed" + ;; + esac + if test rpath = "$prev"; then + case "$rpath " in + *" $arg "*) ;; + *) func_append rpath " $arg" ;; + esac + else + case "$xrpath " in + *" $arg "*) ;; + *) func_append xrpath " $arg" ;; + esac + fi + prev= + continue + ;; + shrext) + shrext_cmds=$arg + prev= + continue + ;; + weak) + func_append weak_libs " $arg" + prev= + continue + ;; + xcclinker) + func_append linker_flags " $qarg" + func_append compiler_flags " $qarg" + prev= + func_append compile_command " $qarg" + func_append finalize_command " $qarg" + continue + ;; + xcompiler) + func_append compiler_flags " $qarg" + prev= + func_append compile_command " $qarg" + func_append finalize_command " $qarg" + continue + ;; + xlinker) + func_append linker_flags " $qarg" + func_append compiler_flags " $wl$qarg" + prev= + func_append compile_command " $wl$qarg" + func_append finalize_command " $wl$qarg" + continue + ;; + *) + eval "$prev=\"\$arg\"" + prev= + continue + ;; + esac + fi # test -n "$prev" + + prevarg=$arg + + case $arg in + -all-static) + if test -n "$link_static_flag"; then + # See comment for -static flag below, for more details. + func_append compile_command " $link_static_flag" + func_append finalize_command " $link_static_flag" + fi + continue + ;; + + -allow-undefined) + # FIXME: remove this flag sometime in the future. + func_fatal_error "'-allow-undefined' must not be used because it is the default" + ;; + + -avoid-version) + avoid_version=yes + continue + ;; + + -bindir) + prev=bindir + continue + ;; + + -dlopen) + prev=dlfiles + continue + ;; + + -dlpreopen) + prev=dlprefiles + continue + ;; + + -export-dynamic) + export_dynamic=yes + continue + ;; + + -export-symbols | -export-symbols-regex) + if test -n "$export_symbols" || test -n "$export_symbols_regex"; then + func_fatal_error "more than one -exported-symbols argument is not allowed" + fi + if test X-export-symbols = "X$arg"; then + prev=expsyms + else + prev=expsyms_regex + fi + continue + ;; + + -framework) + prev=framework + continue + ;; + + -inst-prefix-dir) + prev=inst_prefix + continue + ;; + + # The native IRIX linker understands -LANG:*, -LIST:* and -LNO:* + # so, if we see these flags be careful not to treat them like -L + -L[A-Z][A-Z]*:*) + case $with_gcc/$host in + no/*-*-irix* | /*-*-irix*) + func_append compile_command " $arg" + func_append finalize_command " $arg" + ;; + esac + continue + ;; + + -L*) + func_stripname "-L" '' "$arg" + if test -z "$func_stripname_result"; then + if test "$#" -gt 0; then + func_fatal_error "require no space between '-L' and '$1'" + else + func_fatal_error "need path for '-L' option" + fi + fi + func_resolve_sysroot "$func_stripname_result" + dir=$func_resolve_sysroot_result + # We need an absolute path. + case $dir in + [\\/]* | [A-Za-z]:[\\/]*) ;; + *) + absdir=`cd "$dir" && pwd` + test -z "$absdir" && \ + func_fatal_error "cannot determine absolute directory name of '$dir'" + dir=$absdir + ;; + esac + case "$deplibs " in + *" -L$dir "* | *" $arg "*) + # Will only happen for absolute or sysroot arguments + ;; + *) + # Preserve sysroot, but never include relative directories + case $dir in + [\\/]* | [A-Za-z]:[\\/]* | =*) func_append deplibs " $arg" ;; + *) func_append deplibs " -L$dir" ;; + esac + func_append lib_search_path " $dir" + ;; + esac + case $host in + *-*-cygwin* | *-*-mingw* | *-*-pw32* | *-*-os2* | *-cegcc*) + testbindir=`$ECHO "$dir" | $SED 's*/lib$*/bin*'` + case :$dllsearchpath: in + *":$dir:"*) ;; + ::) dllsearchpath=$dir;; + *) func_append dllsearchpath ":$dir";; + esac + case :$dllsearchpath: in + *":$testbindir:"*) ;; + ::) dllsearchpath=$testbindir;; + *) func_append dllsearchpath ":$testbindir";; + esac + ;; + esac + continue + ;; + + -l*) + if test X-lc = "X$arg" || test X-lm = "X$arg"; then + case $host in + *-*-cygwin* | *-*-mingw* | *-*-pw32* | *-*-beos* | *-cegcc* | *-*-haiku*) + # These systems don't actually have a C or math library (as such) + continue + ;; + *-*-os2*) + # These systems don't actually have a C library (as such) + test X-lc = "X$arg" && continue + ;; + *-*-openbsd* | *-*-freebsd* | *-*-dragonfly* | *-*-bitrig*) + # Do not include libc due to us having libc/libc_r. + test X-lc = "X$arg" && continue + ;; + *-*-rhapsody* | *-*-darwin1.[012]) + # Rhapsody C and math libraries are in the System framework + func_append deplibs " System.ltframework" + continue + ;; + *-*-sco3.2v5* | *-*-sco5v6*) + # Causes problems with __ctype + test X-lc = "X$arg" && continue + ;; + *-*-sysv4.2uw2* | *-*-sysv5* | *-*-unixware* | *-*-OpenUNIX*) + # Compiler inserts libc in the correct place for threads to work + test X-lc = "X$arg" && continue + ;; + esac + elif test X-lc_r = "X$arg"; then + case $host in + *-*-openbsd* | *-*-freebsd* | *-*-dragonfly* | *-*-bitrig*) + # Do not include libc_r directly, use -pthread flag. + continue + ;; + esac + fi + func_append deplibs " $arg" + continue + ;; + + -mllvm) + prev=mllvm + continue + ;; + + -module) + module=yes + continue + ;; + + # Tru64 UNIX uses -model [arg] to determine the layout of C++ + # classes, name mangling, and exception handling. + # Darwin uses the -arch flag to determine output architecture. + -model|-arch|-isysroot|--sysroot) + func_append compiler_flags " $arg" + func_append compile_command " $arg" + func_append finalize_command " $arg" + prev=xcompiler + continue + ;; + + -mt|-mthreads|-kthread|-Kthread|-pthread|-pthreads|--thread-safe \ + |-threads|-fopenmp|-openmp|-mp|-xopenmp|-omp|-qsmp=*) + func_append compiler_flags " $arg" + func_append compile_command " $arg" + func_append finalize_command " $arg" + case "$new_inherited_linker_flags " in + *" $arg "*) ;; + * ) func_append new_inherited_linker_flags " $arg" ;; + esac + continue + ;; + + -multi_module) + single_module=$wl-multi_module + continue + ;; + + -no-fast-install) + fast_install=no + continue + ;; + + -no-install) + case $host in + *-*-cygwin* | *-*-mingw* | *-*-pw32* | *-*-os2* | *-*-darwin* | *-cegcc*) + # The PATH hackery in wrapper scripts is required on Windows + # and Darwin in order for the loader to find any dlls it needs. + func_warning "'-no-install' is ignored for $host" + func_warning "assuming '-no-fast-install' instead" + fast_install=no + ;; + *) no_install=yes ;; + esac + continue + ;; + + -no-undefined) + allow_undefined=no + continue + ;; + + -objectlist) + prev=objectlist + continue + ;; + + -os2dllname) + prev=os2dllname + continue + ;; + + -o) prev=output ;; + + -precious-files-regex) + prev=precious_regex + continue + ;; + + -release) + prev=release + continue + ;; + + -rpath) + prev=rpath + continue + ;; + + -R) + prev=xrpath + continue + ;; + + -R*) + func_stripname '-R' '' "$arg" + dir=$func_stripname_result + # We need an absolute path. + case $dir in + [\\/]* | [A-Za-z]:[\\/]*) ;; + =*) + func_stripname '=' '' "$dir" + dir=$lt_sysroot$func_stripname_result + ;; + *) + func_fatal_error "only absolute run-paths are allowed" + ;; + esac + case "$xrpath " in + *" $dir "*) ;; + *) func_append xrpath " $dir" ;; + esac + continue + ;; + + -shared) + # The effects of -shared are defined in a previous loop. + continue + ;; + + -shrext) + prev=shrext + continue + ;; + + -static | -static-libtool-libs) + # The effects of -static are defined in a previous loop. + # We used to do the same as -all-static on platforms that + # didn't have a PIC flag, but the assumption that the effects + # would be equivalent was wrong. It would break on at least + # Digital Unix and AIX. + continue + ;; + + -thread-safe) + thread_safe=yes + continue + ;; + + -version-info) + prev=vinfo + continue + ;; + + -version-number) + prev=vinfo + vinfo_number=yes + continue + ;; + + -weak) + prev=weak + continue + ;; + + -Wc,*) + func_stripname '-Wc,' '' "$arg" + args=$func_stripname_result + arg= + save_ifs=$IFS; IFS=, + for flag in $args; do + IFS=$save_ifs + func_quote_for_eval "$flag" + func_append arg " $func_quote_for_eval_result" + func_append compiler_flags " $func_quote_for_eval_result" + done + IFS=$save_ifs + func_stripname ' ' '' "$arg" + arg=$func_stripname_result + ;; + + -Wl,*) + func_stripname '-Wl,' '' "$arg" + args=$func_stripname_result + arg= + save_ifs=$IFS; IFS=, + for flag in $args; do + IFS=$save_ifs + func_quote_for_eval "$flag" + func_append arg " $wl$func_quote_for_eval_result" + func_append compiler_flags " $wl$func_quote_for_eval_result" + func_append linker_flags " $func_quote_for_eval_result" + done + IFS=$save_ifs + func_stripname ' ' '' "$arg" + arg=$func_stripname_result + ;; + + -Xcompiler) + prev=xcompiler + continue + ;; + + -Xlinker) + prev=xlinker + continue + ;; + + -XCClinker) + prev=xcclinker + continue + ;; + + # -msg_* for osf cc + -msg_*) + func_quote_for_eval "$arg" + arg=$func_quote_for_eval_result + ;; + + # Flags to be passed through unchanged, with rationale: + # -64, -mips[0-9] enable 64-bit mode for the SGI compiler + # -r[0-9][0-9]* specify processor for the SGI compiler + # -xarch=*, -xtarget=* enable 64-bit mode for the Sun compiler + # +DA*, +DD* enable 64-bit mode for the HP compiler + # -q* compiler args for the IBM compiler + # -m*, -t[45]*, -txscale* architecture-specific flags for GCC + # -F/path path to uninstalled frameworks, gcc on darwin + # -p, -pg, --coverage, -fprofile-* profiling flags for GCC + # -fstack-protector* stack protector flags for GCC + # @file GCC response files + # -tp=* Portland pgcc target processor selection + # --sysroot=* for sysroot support + # -O*, -g*, -flto*, -fwhopr*, -fuse-linker-plugin GCC link-time optimization + # -stdlib=* select c++ std lib with clang + -64|-mips[0-9]|-r[0-9][0-9]*|-xarch=*|-xtarget=*|+DA*|+DD*|-q*|-m*| \ + -t[45]*|-txscale*|-p|-pg|--coverage|-fprofile-*|-F*|@*|-tp=*|--sysroot=*| \ + -O*|-g*|-flto*|-fwhopr*|-fuse-linker-plugin|-fstack-protector*|-stdlib=*) + func_quote_for_eval "$arg" + arg=$func_quote_for_eval_result + func_append compile_command " $arg" + func_append finalize_command " $arg" + func_append compiler_flags " $arg" + continue + ;; + + -Z*) + if test os2 = "`expr $host : '.*\(os2\)'`"; then + # OS/2 uses -Zxxx to specify OS/2-specific options + compiler_flags="$compiler_flags $arg" + func_append compile_command " $arg" + func_append finalize_command " $arg" + case $arg in + -Zlinker | -Zstack) + prev=xcompiler + ;; + esac + continue + else + # Otherwise treat like 'Some other compiler flag' below + func_quote_for_eval "$arg" + arg=$func_quote_for_eval_result + fi + ;; + + # Some other compiler flag. + -* | +*) + func_quote_for_eval "$arg" + arg=$func_quote_for_eval_result + ;; + + *.$objext) + # A standard object. + func_append objs " $arg" + ;; + + *.lo) + # A libtool-controlled object. + + # Check to see that this really is a libtool object. + if func_lalib_unsafe_p "$arg"; then + pic_object= + non_pic_object= + + # Read the .lo file + func_source "$arg" + + if test -z "$pic_object" || + test -z "$non_pic_object" || + test none = "$pic_object" && + test none = "$non_pic_object"; then + func_fatal_error "cannot find name of object for '$arg'" + fi + + # Extract subdirectory from the argument. + func_dirname "$arg" "/" "" + xdir=$func_dirname_result + + test none = "$pic_object" || { + # Prepend the subdirectory the object is found in. + pic_object=$xdir$pic_object + + if test dlfiles = "$prev"; then + if test yes = "$build_libtool_libs" && test yes = "$dlopen_support"; then + func_append dlfiles " $pic_object" + prev= + continue + else + # If libtool objects are unsupported, then we need to preload. + prev=dlprefiles + fi + fi + + # CHECK ME: I think I busted this. -Ossama + if test dlprefiles = "$prev"; then + # Preload the old-style object. + func_append dlprefiles " $pic_object" + prev= + fi + + # A PIC object. + func_append libobjs " $pic_object" + arg=$pic_object + } + + # Non-PIC object. + if test none != "$non_pic_object"; then + # Prepend the subdirectory the object is found in. + non_pic_object=$xdir$non_pic_object + + # A standard non-PIC object + func_append non_pic_objects " $non_pic_object" + if test -z "$pic_object" || test none = "$pic_object"; then + arg=$non_pic_object + fi + else + # If the PIC object exists, use it instead. + # $xdir was prepended to $pic_object above. + non_pic_object=$pic_object + func_append non_pic_objects " $non_pic_object" + fi + else + # Only an error if not doing a dry-run. + if $opt_dry_run; then + # Extract subdirectory from the argument. + func_dirname "$arg" "/" "" + xdir=$func_dirname_result + + func_lo2o "$arg" + pic_object=$xdir$objdir/$func_lo2o_result + non_pic_object=$xdir$func_lo2o_result + func_append libobjs " $pic_object" + func_append non_pic_objects " $non_pic_object" + else + func_fatal_error "'$arg' is not a valid libtool object" + fi + fi + ;; + + *.$libext) + # An archive. + func_append deplibs " $arg" + func_append old_deplibs " $arg" + continue + ;; + + *.la) + # A libtool-controlled library. + + func_resolve_sysroot "$arg" + if test dlfiles = "$prev"; then + # This library was specified with -dlopen. + func_append dlfiles " $func_resolve_sysroot_result" + prev= + elif test dlprefiles = "$prev"; then + # The library was specified with -dlpreopen. + func_append dlprefiles " $func_resolve_sysroot_result" + prev= + else + func_append deplibs " $func_resolve_sysroot_result" + fi + continue + ;; + + # Some other compiler argument. + *) + # Unknown arguments in both finalize_command and compile_command need + # to be aesthetically quoted because they are evaled later. + func_quote_for_eval "$arg" + arg=$func_quote_for_eval_result + ;; + esac # arg + + # Now actually substitute the argument into the commands. + if test -n "$arg"; then + func_append compile_command " $arg" + func_append finalize_command " $arg" + fi + done # argument parsing loop + + test -n "$prev" && \ + func_fatal_help "the '$prevarg' option requires an argument" + + if test yes = "$export_dynamic" && test -n "$export_dynamic_flag_spec"; then + eval arg=\"$export_dynamic_flag_spec\" + func_append compile_command " $arg" + func_append finalize_command " $arg" + fi + + oldlibs= + # calculate the name of the file, without its directory + func_basename "$output" + outputname=$func_basename_result + libobjs_save=$libobjs + + if test -n "$shlibpath_var"; then + # get the directories listed in $shlibpath_var + eval shlib_search_path=\`\$ECHO \"\$$shlibpath_var\" \| \$SED \'s/:/ /g\'\` + else + shlib_search_path= + fi + eval sys_lib_search_path=\"$sys_lib_search_path_spec\" + eval sys_lib_dlsearch_path=\"$sys_lib_dlsearch_path_spec\" + + # Definition is injected by LT_CONFIG during libtool generation. + func_munge_path_list sys_lib_dlsearch_path "$LT_SYS_LIBRARY_PATH" + + func_dirname "$output" "/" "" + output_objdir=$func_dirname_result$objdir + func_to_tool_file "$output_objdir/" + tool_output_objdir=$func_to_tool_file_result + # Create the object directory. + func_mkdir_p "$output_objdir" + + # Determine the type of output + case $output in + "") + func_fatal_help "you must specify an output file" + ;; + *.$libext) linkmode=oldlib ;; + *.lo | *.$objext) linkmode=obj ;; + *.la) linkmode=lib ;; + *) linkmode=prog ;; # Anything else should be a program. + esac + + specialdeplibs= + + libs= + # Find all interdependent deplibs by searching for libraries + # that are linked more than once (e.g. -la -lb -la) + for deplib in $deplibs; do + if $opt_preserve_dup_deps; then + case "$libs " in + *" $deplib "*) func_append specialdeplibs " $deplib" ;; + esac + fi + func_append libs " $deplib" + done + + if test lib = "$linkmode"; then + libs="$predeps $libs $compiler_lib_search_path $postdeps" + + # Compute libraries that are listed more than once in $predeps + # $postdeps and mark them as special (i.e., whose duplicates are + # not to be eliminated). + pre_post_deps= + if $opt_duplicate_compiler_generated_deps; then + for pre_post_dep in $predeps $postdeps; do + case "$pre_post_deps " in + *" $pre_post_dep "*) func_append specialdeplibs " $pre_post_deps" ;; + esac + func_append pre_post_deps " $pre_post_dep" + done + fi + pre_post_deps= + fi + + deplibs= + newdependency_libs= + newlib_search_path= + need_relink=no # whether we're linking any uninstalled libtool libraries + notinst_deplibs= # not-installed libtool libraries + notinst_path= # paths that contain not-installed libtool libraries + + case $linkmode in + lib) + passes="conv dlpreopen link" + for file in $dlfiles $dlprefiles; do + case $file in + *.la) ;; + *) + func_fatal_help "libraries can '-dlopen' only libtool libraries: $file" + ;; + esac + done + ;; + prog) + compile_deplibs= + finalize_deplibs= + alldeplibs=false + newdlfiles= + newdlprefiles= + passes="conv scan dlopen dlpreopen link" + ;; + *) passes="conv" + ;; + esac + + for pass in $passes; do + # The preopen pass in lib mode reverses $deplibs; put it back here + # so that -L comes before libs that need it for instance... + if test lib,link = "$linkmode,$pass"; then + ## FIXME: Find the place where the list is rebuilt in the wrong + ## order, and fix it there properly + tmp_deplibs= + for deplib in $deplibs; do + tmp_deplibs="$deplib $tmp_deplibs" + done + deplibs=$tmp_deplibs + fi + + if test lib,link = "$linkmode,$pass" || + test prog,scan = "$linkmode,$pass"; then + libs=$deplibs + deplibs= + fi + if test prog = "$linkmode"; then + case $pass in + dlopen) libs=$dlfiles ;; + dlpreopen) libs=$dlprefiles ;; + link) libs="$deplibs %DEPLIBS% $dependency_libs" ;; + esac + fi + if test lib,dlpreopen = "$linkmode,$pass"; then + # Collect and forward deplibs of preopened libtool libs + for lib in $dlprefiles; do + # Ignore non-libtool-libs + dependency_libs= + func_resolve_sysroot "$lib" + case $lib in + *.la) func_source "$func_resolve_sysroot_result" ;; + esac + + # Collect preopened libtool deplibs, except any this library + # has declared as weak libs + for deplib in $dependency_libs; do + func_basename "$deplib" + deplib_base=$func_basename_result + case " $weak_libs " in + *" $deplib_base "*) ;; + *) func_append deplibs " $deplib" ;; + esac + done + done + libs=$dlprefiles + fi + if test dlopen = "$pass"; then + # Collect dlpreopened libraries + save_deplibs=$deplibs + deplibs= + fi + + for deplib in $libs; do + lib= + found=false + case $deplib in + -mt|-mthreads|-kthread|-Kthread|-pthread|-pthreads|--thread-safe \ + |-threads|-fopenmp|-openmp|-mp|-xopenmp|-omp|-qsmp=*) + if test prog,link = "$linkmode,$pass"; then + compile_deplibs="$deplib $compile_deplibs" + finalize_deplibs="$deplib $finalize_deplibs" + else + func_append compiler_flags " $deplib" + if test lib = "$linkmode"; then + case "$new_inherited_linker_flags " in + *" $deplib "*) ;; + * ) func_append new_inherited_linker_flags " $deplib" ;; + esac + fi + fi + continue + ;; + -l*) + if test lib != "$linkmode" && test prog != "$linkmode"; then + func_warning "'-l' is ignored for archives/objects" + continue + fi + func_stripname '-l' '' "$deplib" + name=$func_stripname_result + if test lib = "$linkmode"; then + searchdirs="$newlib_search_path $lib_search_path $compiler_lib_search_dirs $sys_lib_search_path $shlib_search_path" + else + searchdirs="$newlib_search_path $lib_search_path $sys_lib_search_path $shlib_search_path" + fi + for searchdir in $searchdirs; do + for search_ext in .la $std_shrext .so .a; do + # Search the libtool library + lib=$searchdir/lib$name$search_ext + if test -f "$lib"; then + if test .la = "$search_ext"; then + found=: + else + found=false + fi + break 2 + fi + done + done + if $found; then + # deplib is a libtool library + # If $allow_libtool_libs_with_static_runtimes && $deplib is a stdlib, + # We need to do some special things here, and not later. + if test yes = "$allow_libtool_libs_with_static_runtimes"; then + case " $predeps $postdeps " in + *" $deplib "*) + if func_lalib_p "$lib"; then + library_names= + old_library= + func_source "$lib" + for l in $old_library $library_names; do + ll=$l + done + if test "X$ll" = "X$old_library"; then # only static version available + found=false + func_dirname "$lib" "" "." + ladir=$func_dirname_result + lib=$ladir/$old_library + if test prog,link = "$linkmode,$pass"; then + compile_deplibs="$deplib $compile_deplibs" + finalize_deplibs="$deplib $finalize_deplibs" + else + deplibs="$deplib $deplibs" + test lib = "$linkmode" && newdependency_libs="$deplib $newdependency_libs" + fi + continue + fi + fi + ;; + *) ;; + esac + fi + else + # deplib doesn't seem to be a libtool library + if test prog,link = "$linkmode,$pass"; then + compile_deplibs="$deplib $compile_deplibs" + finalize_deplibs="$deplib $finalize_deplibs" + else + deplibs="$deplib $deplibs" + test lib = "$linkmode" && newdependency_libs="$deplib $newdependency_libs" + fi + continue + fi + ;; # -l + *.ltframework) + if test prog,link = "$linkmode,$pass"; then + compile_deplibs="$deplib $compile_deplibs" + finalize_deplibs="$deplib $finalize_deplibs" + else + deplibs="$deplib $deplibs" + if test lib = "$linkmode"; then + case "$new_inherited_linker_flags " in + *" $deplib "*) ;; + * ) func_append new_inherited_linker_flags " $deplib" ;; + esac + fi + fi + continue + ;; + -L*) + case $linkmode in + lib) + deplibs="$deplib $deplibs" + test conv = "$pass" && continue + newdependency_libs="$deplib $newdependency_libs" + func_stripname '-L' '' "$deplib" + func_resolve_sysroot "$func_stripname_result" + func_append newlib_search_path " $func_resolve_sysroot_result" + ;; + prog) + if test conv = "$pass"; then + deplibs="$deplib $deplibs" + continue + fi + if test scan = "$pass"; then + deplibs="$deplib $deplibs" + else + compile_deplibs="$deplib $compile_deplibs" + finalize_deplibs="$deplib $finalize_deplibs" + fi + func_stripname '-L' '' "$deplib" + func_resolve_sysroot "$func_stripname_result" + func_append newlib_search_path " $func_resolve_sysroot_result" + ;; + *) + func_warning "'-L' is ignored for archives/objects" + ;; + esac # linkmode + continue + ;; # -L + -R*) + if test link = "$pass"; then + func_stripname '-R' '' "$deplib" + func_resolve_sysroot "$func_stripname_result" + dir=$func_resolve_sysroot_result + # Make sure the xrpath contains only unique directories. + case "$xrpath " in + *" $dir "*) ;; + *) func_append xrpath " $dir" ;; + esac + fi + deplibs="$deplib $deplibs" + continue + ;; + *.la) + func_resolve_sysroot "$deplib" + lib=$func_resolve_sysroot_result + ;; + *.$libext) + if test conv = "$pass"; then + deplibs="$deplib $deplibs" + continue + fi + case $linkmode in + lib) + # Linking convenience modules into shared libraries is allowed, + # but linking other static libraries is non-portable. + case " $dlpreconveniencelibs " in + *" $deplib "*) ;; + *) + valid_a_lib=false + case $deplibs_check_method in + match_pattern*) + set dummy $deplibs_check_method; shift + match_pattern_regex=`expr "$deplibs_check_method" : "$1 \(.*\)"` + if eval "\$ECHO \"$deplib\"" 2>/dev/null | $SED 10q \ + | $EGREP "$match_pattern_regex" > /dev/null; then + valid_a_lib=: + fi + ;; + pass_all) + valid_a_lib=: + ;; + esac + if $valid_a_lib; then + echo + $ECHO "*** Warning: Linking the shared library $output against the" + $ECHO "*** static library $deplib is not portable!" + deplibs="$deplib $deplibs" + else + echo + $ECHO "*** Warning: Trying to link with static lib archive $deplib." + echo "*** I have the capability to make that library automatically link in when" + echo "*** you link to this library. But I can only do this if you have a" + echo "*** shared version of the library, which you do not appear to have" + echo "*** because the file extensions .$libext of this argument makes me believe" + echo "*** that it is just a static archive that I should not use here." + fi + ;; + esac + continue + ;; + prog) + if test link != "$pass"; then + deplibs="$deplib $deplibs" + else + compile_deplibs="$deplib $compile_deplibs" + finalize_deplibs="$deplib $finalize_deplibs" + fi + continue + ;; + esac # linkmode + ;; # *.$libext + *.lo | *.$objext) + if test conv = "$pass"; then + deplibs="$deplib $deplibs" + elif test prog = "$linkmode"; then + if test dlpreopen = "$pass" || test yes != "$dlopen_support" || test no = "$build_libtool_libs"; then + # If there is no dlopen support or we're linking statically, + # we need to preload. + func_append newdlprefiles " $deplib" + compile_deplibs="$deplib $compile_deplibs" + finalize_deplibs="$deplib $finalize_deplibs" + else + func_append newdlfiles " $deplib" + fi + fi + continue + ;; + %DEPLIBS%) + alldeplibs=: + continue + ;; + esac # case $deplib + + $found || test -f "$lib" \ + || func_fatal_error "cannot find the library '$lib' or unhandled argument '$deplib'" + + # Check to see that this really is a libtool archive. + func_lalib_unsafe_p "$lib" \ + || func_fatal_error "'$lib' is not a valid libtool archive" + + func_dirname "$lib" "" "." + ladir=$func_dirname_result + + dlname= + dlopen= + dlpreopen= + libdir= + library_names= + old_library= + inherited_linker_flags= + # If the library was installed with an old release of libtool, + # it will not redefine variables installed, or shouldnotlink + installed=yes + shouldnotlink=no + avoidtemprpath= + + + # Read the .la file + func_source "$lib" + + # Convert "-framework foo" to "foo.ltframework" + if test -n "$inherited_linker_flags"; then + tmp_inherited_linker_flags=`$ECHO "$inherited_linker_flags" | $SED 's/-framework \([^ $]*\)/\1.ltframework/g'` + for tmp_inherited_linker_flag in $tmp_inherited_linker_flags; do + case " $new_inherited_linker_flags " in + *" $tmp_inherited_linker_flag "*) ;; + *) func_append new_inherited_linker_flags " $tmp_inherited_linker_flag";; + esac + done + fi + dependency_libs=`$ECHO " $dependency_libs" | $SED 's% \([^ $]*\).ltframework% -framework \1%g'` + if test lib,link = "$linkmode,$pass" || + test prog,scan = "$linkmode,$pass" || + { test prog != "$linkmode" && test lib != "$linkmode"; }; then + test -n "$dlopen" && func_append dlfiles " $dlopen" + test -n "$dlpreopen" && func_append dlprefiles " $dlpreopen" + fi + + if test conv = "$pass"; then + # Only check for convenience libraries + deplibs="$lib $deplibs" + if test -z "$libdir"; then + if test -z "$old_library"; then + func_fatal_error "cannot find name of link library for '$lib'" + fi + # It is a libtool convenience library, so add in its objects. + func_append convenience " $ladir/$objdir/$old_library" + func_append old_convenience " $ladir/$objdir/$old_library" + elif test prog != "$linkmode" && test lib != "$linkmode"; then + func_fatal_error "'$lib' is not a convenience library" + fi + tmp_libs= + for deplib in $dependency_libs; do + deplibs="$deplib $deplibs" + if $opt_preserve_dup_deps; then + case "$tmp_libs " in + *" $deplib "*) func_append specialdeplibs " $deplib" ;; + esac + fi + func_append tmp_libs " $deplib" + done + continue + fi # $pass = conv + + + # Get the name of the library we link against. + linklib= + if test -n "$old_library" && + { test yes = "$prefer_static_libs" || + test built,no = "$prefer_static_libs,$installed"; }; then + linklib=$old_library + else + for l in $old_library $library_names; do + linklib=$l + done + fi + if test -z "$linklib"; then + func_fatal_error "cannot find name of link library for '$lib'" + fi + + # This library was specified with -dlopen. + if test dlopen = "$pass"; then + test -z "$libdir" \ + && func_fatal_error "cannot -dlopen a convenience library: '$lib'" + if test -z "$dlname" || + test yes != "$dlopen_support" || + test no = "$build_libtool_libs" + then + # If there is no dlname, no dlopen support or we're linking + # statically, we need to preload. We also need to preload any + # dependent libraries so libltdl's deplib preloader doesn't + # bomb out in the load deplibs phase. + func_append dlprefiles " $lib $dependency_libs" + else + func_append newdlfiles " $lib" + fi + continue + fi # $pass = dlopen + + # We need an absolute path. + case $ladir in + [\\/]* | [A-Za-z]:[\\/]*) abs_ladir=$ladir ;; + *) + abs_ladir=`cd "$ladir" && pwd` + if test -z "$abs_ladir"; then + func_warning "cannot determine absolute directory name of '$ladir'" + func_warning "passing it literally to the linker, although it might fail" + abs_ladir=$ladir + fi + ;; + esac + func_basename "$lib" + laname=$func_basename_result + + # Find the relevant object directory and library name. + if test yes = "$installed"; then + if test ! -f "$lt_sysroot$libdir/$linklib" && test -f "$abs_ladir/$linklib"; then + func_warning "library '$lib' was moved." + dir=$ladir + absdir=$abs_ladir + libdir=$abs_ladir + else + dir=$lt_sysroot$libdir + absdir=$lt_sysroot$libdir + fi + test yes = "$hardcode_automatic" && avoidtemprpath=yes + else + if test ! -f "$ladir/$objdir/$linklib" && test -f "$abs_ladir/$linklib"; then + dir=$ladir + absdir=$abs_ladir + # Remove this search path later + func_append notinst_path " $abs_ladir" + else + dir=$ladir/$objdir + absdir=$abs_ladir/$objdir + # Remove this search path later + func_append notinst_path " $abs_ladir" + fi + fi # $installed = yes + func_stripname 'lib' '.la' "$laname" + name=$func_stripname_result + + # This library was specified with -dlpreopen. + if test dlpreopen = "$pass"; then + if test -z "$libdir" && test prog = "$linkmode"; then + func_fatal_error "only libraries may -dlpreopen a convenience library: '$lib'" + fi + case $host in + # special handling for platforms with PE-DLLs. + *cygwin* | *mingw* | *cegcc* ) + # Linker will automatically link against shared library if both + # static and shared are present. Therefore, ensure we extract + # symbols from the import library if a shared library is present + # (otherwise, the dlopen module name will be incorrect). We do + # this by putting the import library name into $newdlprefiles. + # We recover the dlopen module name by 'saving' the la file + # name in a special purpose variable, and (later) extracting the + # dlname from the la file. + if test -n "$dlname"; then + func_tr_sh "$dir/$linklib" + eval "libfile_$func_tr_sh_result=\$abs_ladir/\$laname" + func_append newdlprefiles " $dir/$linklib" + else + func_append newdlprefiles " $dir/$old_library" + # Keep a list of preopened convenience libraries to check + # that they are being used correctly in the link pass. + test -z "$libdir" && \ + func_append dlpreconveniencelibs " $dir/$old_library" + fi + ;; + * ) + # Prefer using a static library (so that no silly _DYNAMIC symbols + # are required to link). + if test -n "$old_library"; then + func_append newdlprefiles " $dir/$old_library" + # Keep a list of preopened convenience libraries to check + # that they are being used correctly in the link pass. + test -z "$libdir" && \ + func_append dlpreconveniencelibs " $dir/$old_library" + # Otherwise, use the dlname, so that lt_dlopen finds it. + elif test -n "$dlname"; then + func_append newdlprefiles " $dir/$dlname" + else + func_append newdlprefiles " $dir/$linklib" + fi + ;; + esac + fi # $pass = dlpreopen + + if test -z "$libdir"; then + # Link the convenience library + if test lib = "$linkmode"; then + deplibs="$dir/$old_library $deplibs" + elif test prog,link = "$linkmode,$pass"; then + compile_deplibs="$dir/$old_library $compile_deplibs" + finalize_deplibs="$dir/$old_library $finalize_deplibs" + else + deplibs="$lib $deplibs" # used for prog,scan pass + fi + continue + fi + + + if test prog = "$linkmode" && test link != "$pass"; then + func_append newlib_search_path " $ladir" + deplibs="$lib $deplibs" + + linkalldeplibs=false + if test no != "$link_all_deplibs" || test -z "$library_names" || + test no = "$build_libtool_libs"; then + linkalldeplibs=: + fi + + tmp_libs= + for deplib in $dependency_libs; do + case $deplib in + -L*) func_stripname '-L' '' "$deplib" + func_resolve_sysroot "$func_stripname_result" + func_append newlib_search_path " $func_resolve_sysroot_result" + ;; + esac + # Need to link against all dependency_libs? + if $linkalldeplibs; then + deplibs="$deplib $deplibs" + else + # Need to hardcode shared library paths + # or/and link against static libraries + newdependency_libs="$deplib $newdependency_libs" + fi + if $opt_preserve_dup_deps; then + case "$tmp_libs " in + *" $deplib "*) func_append specialdeplibs " $deplib" ;; + esac + fi + func_append tmp_libs " $deplib" + done # for deplib + continue + fi # $linkmode = prog... + + if test prog,link = "$linkmode,$pass"; then + if test -n "$library_names" && + { { test no = "$prefer_static_libs" || + test built,yes = "$prefer_static_libs,$installed"; } || + test -z "$old_library"; }; then + # We need to hardcode the library path + if test -n "$shlibpath_var" && test -z "$avoidtemprpath"; then + # Make sure the rpath contains only unique directories. + case $temp_rpath: in + *"$absdir:"*) ;; + *) func_append temp_rpath "$absdir:" ;; + esac + fi + + # Hardcode the library path. + # Skip directories that are in the system default run-time + # search path. + case " $sys_lib_dlsearch_path " in + *" $absdir "*) ;; + *) + case "$compile_rpath " in + *" $absdir "*) ;; + *) func_append compile_rpath " $absdir" ;; + esac + ;; + esac + case " $sys_lib_dlsearch_path " in + *" $libdir "*) ;; + *) + case "$finalize_rpath " in + *" $libdir "*) ;; + *) func_append finalize_rpath " $libdir" ;; + esac + ;; + esac + fi # $linkmode,$pass = prog,link... + + if $alldeplibs && + { test pass_all = "$deplibs_check_method" || + { test yes = "$build_libtool_libs" && + test -n "$library_names"; }; }; then + # We only need to search for static libraries + continue + fi + fi + + link_static=no # Whether the deplib will be linked statically + use_static_libs=$prefer_static_libs + if test built = "$use_static_libs" && test yes = "$installed"; then + use_static_libs=no + fi + if test -n "$library_names" && + { test no = "$use_static_libs" || test -z "$old_library"; }; then + case $host in + *cygwin* | *mingw* | *cegcc* | *os2*) + # No point in relinking DLLs because paths are not encoded + func_append notinst_deplibs " $lib" + need_relink=no + ;; + *) + if test no = "$installed"; then + func_append notinst_deplibs " $lib" + need_relink=yes + fi + ;; + esac + # This is a shared library + + # Warn about portability, can't link against -module's on some + # systems (darwin). Don't bleat about dlopened modules though! + dlopenmodule= + for dlpremoduletest in $dlprefiles; do + if test "X$dlpremoduletest" = "X$lib"; then + dlopenmodule=$dlpremoduletest + break + fi + done + if test -z "$dlopenmodule" && test yes = "$shouldnotlink" && test link = "$pass"; then + echo + if test prog = "$linkmode"; then + $ECHO "*** Warning: Linking the executable $output against the loadable module" + else + $ECHO "*** Warning: Linking the shared library $output against the loadable module" + fi + $ECHO "*** $linklib is not portable!" + fi + if test lib = "$linkmode" && + test yes = "$hardcode_into_libs"; then + # Hardcode the library path. + # Skip directories that are in the system default run-time + # search path. + case " $sys_lib_dlsearch_path " in + *" $absdir "*) ;; + *) + case "$compile_rpath " in + *" $absdir "*) ;; + *) func_append compile_rpath " $absdir" ;; + esac + ;; + esac + case " $sys_lib_dlsearch_path " in + *" $libdir "*) ;; + *) + case "$finalize_rpath " in + *" $libdir "*) ;; + *) func_append finalize_rpath " $libdir" ;; + esac + ;; + esac + fi + + if test -n "$old_archive_from_expsyms_cmds"; then + # figure out the soname + set dummy $library_names + shift + realname=$1 + shift + libname=`eval "\\$ECHO \"$libname_spec\""` + # use dlname if we got it. it's perfectly good, no? + if test -n "$dlname"; then + soname=$dlname + elif test -n "$soname_spec"; then + # bleh windows + case $host in + *cygwin* | mingw* | *cegcc* | *os2*) + func_arith $current - $age + major=$func_arith_result + versuffix=-$major + ;; + esac + eval soname=\"$soname_spec\" + else + soname=$realname + fi + + # Make a new name for the extract_expsyms_cmds to use + soroot=$soname + func_basename "$soroot" + soname=$func_basename_result + func_stripname 'lib' '.dll' "$soname" + newlib=libimp-$func_stripname_result.a + + # If the library has no export list, then create one now + if test -f "$output_objdir/$soname-def"; then : + else + func_verbose "extracting exported symbol list from '$soname'" + func_execute_cmds "$extract_expsyms_cmds" 'exit $?' + fi + + # Create $newlib + if test -f "$output_objdir/$newlib"; then :; else + func_verbose "generating import library for '$soname'" + func_execute_cmds "$old_archive_from_expsyms_cmds" 'exit $?' + fi + # make sure the library variables are pointing to the new library + dir=$output_objdir + linklib=$newlib + fi # test -n "$old_archive_from_expsyms_cmds" + + if test prog = "$linkmode" || test relink != "$opt_mode"; then + add_shlibpath= + add_dir= + add= + lib_linked=yes + case $hardcode_action in + immediate | unsupported) + if test no = "$hardcode_direct"; then + add=$dir/$linklib + case $host in + *-*-sco3.2v5.0.[024]*) add_dir=-L$dir ;; + *-*-sysv4*uw2*) add_dir=-L$dir ;; + *-*-sysv5OpenUNIX* | *-*-sysv5UnixWare7.[01].[10]* | \ + *-*-unixware7*) add_dir=-L$dir ;; + *-*-darwin* ) + # if the lib is a (non-dlopened) module then we cannot + # link against it, someone is ignoring the earlier warnings + if /usr/bin/file -L $add 2> /dev/null | + $GREP ": [^:]* bundle" >/dev/null; then + if test "X$dlopenmodule" != "X$lib"; then + $ECHO "*** Warning: lib $linklib is a module, not a shared library" + if test -z "$old_library"; then + echo + echo "*** And there doesn't seem to be a static archive available" + echo "*** The link will probably fail, sorry" + else + add=$dir/$old_library + fi + elif test -n "$old_library"; then + add=$dir/$old_library + fi + fi + esac + elif test no = "$hardcode_minus_L"; then + case $host in + *-*-sunos*) add_shlibpath=$dir ;; + esac + add_dir=-L$dir + add=-l$name + elif test no = "$hardcode_shlibpath_var"; then + add_shlibpath=$dir + add=-l$name + elif test -n "$fix_hardcoded_libdir_flag_spec"; then + add_dir="-L${absdir}" + add="-l$name" + if test "${linkmode}" = prog && test "X${absdir}" != "X${libdir}"; then + linkdir=$absdir + eval "fix_hardcoded_libdir_flag=\"\${fix_hardcoded_libdir_flag} ${fix_hardcoded_libdir_flag_spec}\"" + # fix_hardcoded_libdir_flag_ld not needed, programs are linked with $CC + $lt_unset linkdir + fi + else + lib_linked=no + fi + ;; + relink) + if test yes = "$hardcode_direct" && + test no = "$hardcode_direct_absolute"; then + add=$dir/$linklib + elif test yes = "$hardcode_minus_L"; then + add_dir=-L$absdir + # Try looking first in the location we're being installed to. + if test -n "$inst_prefix_dir"; then + case $libdir in + [\\/]*) + func_append add_dir " -L$inst_prefix_dir$libdir" + ;; + esac + fi + add=-l$name + elif test yes = "$hardcode_shlibpath_var"; then + add_shlibpath=$dir + add=-l$name + else + lib_linked=no + fi + ;; + *) lib_linked=no ;; + esac + + if test yes != "$lib_linked"; then + func_fatal_configuration "unsupported hardcode properties" + fi + + if test -n "$add_shlibpath"; then + case :$compile_shlibpath: in + *":$add_shlibpath:"*) ;; + *) func_append compile_shlibpath "$add_shlibpath:" ;; + esac + fi + if test prog = "$linkmode"; then + test -n "$add_dir" && compile_deplibs="$add_dir $compile_deplibs" + test -n "$add" && compile_deplibs="$add $compile_deplibs" + else + test -n "$add_dir" && deplibs="$add_dir $deplibs" + test -n "$add" && deplibs="$add $deplibs" + if test yes != "$hardcode_direct" && + test yes != "$hardcode_minus_L" && + test yes = "$hardcode_shlibpath_var"; then + case :$finalize_shlibpath: in + *":$libdir:"*) ;; + *) func_append finalize_shlibpath "$libdir:" ;; + esac + fi + fi + fi + + if test prog = "$linkmode" || test relink = "$opt_mode"; then + add_shlibpath= + add_dir= + add= + # Finalize command for both is simple: just hardcode it. + if test yes = "$hardcode_direct" && + test no = "$hardcode_direct_absolute"; then + add=$libdir/$linklib + elif test yes = "$hardcode_minus_L"; then + add_dir=-L$libdir + add=-l$name + if test -n "$inst_prefix_dir" && + test -f "$inst_prefix_dir$libdir/$linklib" && + test -n "${fix_hardcoded_libdir_flag_spec}"; then + linkdir="$inst_prefix_dir$libdir" + add_dir="-L$linkdir" + eval "fix_hardcoded_libdir_flag=\"\${fix_hardcoded_libdir_flag} ${fix_hardcoded_libdir_flag_spec}\"" + eval "fix_hardcoded_libdir_flag_ld=\"\${fix_hardcoded_libdir_flag_ld} ${fix_hardcoded_libdir_flag_spec_ld}\"" + $lt_unset linkdir + fi + elif test yes = "$hardcode_shlibpath_var"; then + case :$finalize_shlibpath: in + *":$libdir:"*) ;; + *) func_append finalize_shlibpath "$libdir:" ;; + esac + add=-l$name + elif test yes = "$hardcode_automatic"; then + if test -n "$inst_prefix_dir" && + test -f "$inst_prefix_dir$libdir/$linklib"; then + add=$inst_prefix_dir$libdir/$linklib + else + add=$libdir/$linklib + fi + else + # We cannot seem to hardcode it, guess we'll fake it. + add_dir=-L$libdir + # Try looking first in the location we're being installed to. + if test -n "$inst_prefix_dir"; then + case $libdir in + [\\/]*) + func_append add_dir " -L$inst_prefix_dir$libdir" + ;; + esac + fi + add=-l$name + fi + + if test prog = "$linkmode"; then + test -n "$add_dir" && finalize_deplibs="$add_dir $finalize_deplibs" + test -n "$add" && finalize_deplibs="$add $finalize_deplibs" + else + test -n "$add_dir" && deplibs="$add_dir $deplibs" + test -n "$add" && deplibs="$add $deplibs" + fi + fi + elif test prog = "$linkmode"; then + # Here we assume that one of hardcode_direct or hardcode_minus_L + # is not unsupported. This is valid on all known static and + # shared platforms. + if test unsupported != "$hardcode_direct"; then + test -n "$old_library" && linklib=$old_library + compile_deplibs="$dir/$linklib $compile_deplibs" + finalize_deplibs="$dir/$linklib $finalize_deplibs" + else + compile_deplibs="-l$name -L$dir $compile_deplibs" + finalize_deplibs="-l$name -L$dir $finalize_deplibs" + fi + elif test yes = "$build_libtool_libs"; then + # Not a shared library + if test pass_all != "$deplibs_check_method"; then + # We're trying link a shared library against a static one + # but the system doesn't support it. + + # Just print a warning and add the library to dependency_libs so + # that the program can be linked against the static library. + echo + $ECHO "*** Warning: This system cannot link to static lib archive $lib." + echo "*** I have the capability to make that library automatically link in when" + echo "*** you link to this library. But I can only do this if you have a" + echo "*** shared version of the library, which you do not appear to have." + if test yes = "$module"; then + echo "*** But as you try to build a module library, libtool will still create " + echo "*** a static module, that should work as long as the dlopening application" + echo "*** is linked with the -dlopen flag to resolve symbols at runtime." + if test -z "$global_symbol_pipe"; then + echo + echo "*** However, this would only work if libtool was able to extract symbol" + echo "*** lists from a program, using 'nm' or equivalent, but libtool could" + echo "*** not find such a program. So, this module is probably useless." + echo "*** 'nm' from GNU binutils and a full rebuild may help." + fi + if test no = "$build_old_libs"; then + build_libtool_libs=module + build_old_libs=yes + else + build_libtool_libs=no + fi + fi + else + deplibs="$dir/$old_library $deplibs" + link_static=yes + fi + fi # link shared/static library? + + if test lib = "$linkmode"; then + if test -n "$dependency_libs" && + { test yes != "$hardcode_into_libs" || + test yes = "$build_old_libs" || + test yes = "$link_static"; }; then + # Extract -R from dependency_libs + temp_deplibs= + for libdir in $dependency_libs; do + case $libdir in + -R*) func_stripname '-R' '' "$libdir" + temp_xrpath=$func_stripname_result + case " $xrpath " in + *" $temp_xrpath "*) ;; + *) func_append xrpath " $temp_xrpath";; + esac;; + *) func_append temp_deplibs " $libdir";; + esac + done + dependency_libs=$temp_deplibs + fi + + func_append newlib_search_path " $absdir" + # Link against this library + test no = "$link_static" && newdependency_libs="$abs_ladir/$laname $newdependency_libs" + # ... and its dependency_libs + tmp_libs= + for deplib in $dependency_libs; do + newdependency_libs="$deplib $newdependency_libs" + case $deplib in + -L*) func_stripname '-L' '' "$deplib" + func_resolve_sysroot "$func_stripname_result";; + *) func_resolve_sysroot "$deplib" ;; + esac + if $opt_preserve_dup_deps; then + case "$tmp_libs " in + *" $func_resolve_sysroot_result "*) + func_append specialdeplibs " $func_resolve_sysroot_result" ;; + esac + fi + func_append tmp_libs " $func_resolve_sysroot_result" + done + + if test no != "$link_all_deplibs"; then + # Add the search paths of all dependency libraries + for deplib in $dependency_libs; do + path= + case $deplib in + -L*) path=$deplib ;; + *.la) + func_resolve_sysroot "$deplib" + deplib=$func_resolve_sysroot_result + func_dirname "$deplib" "" "." + dir=$func_dirname_result + # We need an absolute path. + case $dir in + [\\/]* | [A-Za-z]:[\\/]*) absdir=$dir ;; + *) + absdir=`cd "$dir" && pwd` + if test -z "$absdir"; then + func_warning "cannot determine absolute directory name of '$dir'" + absdir=$dir + fi + ;; + esac + if $GREP "^installed=no" $deplib > /dev/null; then + case $host in + *-*-darwin*) + depdepl= + eval deplibrary_names=`$SED -n -e 's/^library_names=\(.*\)$/\1/p' $deplib` + if test -n "$deplibrary_names"; then + for tmp in $deplibrary_names; do + depdepl=$tmp + done + if test -f "$absdir/$objdir/$depdepl"; then + depdepl=$absdir/$objdir/$depdepl + darwin_install_name=`$OTOOL -L $depdepl | awk '{if (NR == 2) {print $1;exit}}'` + if test -z "$darwin_install_name"; then + darwin_install_name=`$OTOOL64 -L $depdepl | awk '{if (NR == 2) {print $1;exit}}'` + fi + func_append compiler_flags " $wl-dylib_file $wl$darwin_install_name:$depdepl" + func_append linker_flags " -dylib_file $darwin_install_name:$depdepl" + path= + fi + fi + ;; + *) + path=-L$absdir/$objdir + ;; + esac + else + eval libdir=`$SED -n -e 's/^libdir=\(.*\)$/\1/p' $deplib` + test -z "$libdir" && \ + func_fatal_error "'$deplib' is not a valid libtool archive" + test "$absdir" != "$libdir" && \ + func_warning "'$deplib' seems to be moved" + + path=-L$absdir + fi + ;; + esac + case " $deplibs " in + *" $path "*) ;; + *) deplibs="$path $deplibs" ;; + esac + done + fi # link_all_deplibs != no + fi # linkmode = lib + done # for deplib in $libs + if test link = "$pass"; then + if test prog = "$linkmode"; then + compile_deplibs="$new_inherited_linker_flags $compile_deplibs" + finalize_deplibs="$new_inherited_linker_flags $finalize_deplibs" + else + compiler_flags="$compiler_flags "`$ECHO " $new_inherited_linker_flags" | $SED 's% \([^ $]*\).ltframework% -framework \1%g'` + fi + fi + dependency_libs=$newdependency_libs + if test dlpreopen = "$pass"; then + # Link the dlpreopened libraries before other libraries + for deplib in $save_deplibs; do + deplibs="$deplib $deplibs" + done + fi + if test dlopen != "$pass"; then + test conv = "$pass" || { + # Make sure lib_search_path contains only unique directories. + lib_search_path= + for dir in $newlib_search_path; do + case "$lib_search_path " in + *" $dir "*) ;; + *) func_append lib_search_path " $dir" ;; + esac + done + newlib_search_path= + } + + if test prog,link = "$linkmode,$pass"; then + vars="compile_deplibs finalize_deplibs" + else + vars=deplibs + fi + for var in $vars dependency_libs; do + # Add libraries to $var in reverse order + eval tmp_libs=\"\$$var\" + new_libs= + for deplib in $tmp_libs; do + # FIXME: Pedantically, this is the right thing to do, so + # that some nasty dependency loop isn't accidentally + # broken: + #new_libs="$deplib $new_libs" + # Pragmatically, this seems to cause very few problems in + # practice: + case $deplib in + -L*) new_libs="$deplib $new_libs" ;; + -R*) ;; + *) + # And here is the reason: when a library appears more + # than once as an explicit dependence of a library, or + # is implicitly linked in more than once by the + # compiler, it is considered special, and multiple + # occurrences thereof are not removed. Compare this + # with having the same library being listed as a + # dependency of multiple other libraries: in this case, + # we know (pedantically, we assume) the library does not + # need to be listed more than once, so we keep only the + # last copy. This is not always right, but it is rare + # enough that we require users that really mean to play + # such unportable linking tricks to link the library + # using -Wl,-lname, so that libtool does not consider it + # for duplicate removal. + case " $specialdeplibs " in + *" $deplib "*) new_libs="$deplib $new_libs" ;; + *) + case " $new_libs " in + *" $deplib "*) ;; + *) new_libs="$deplib $new_libs" ;; + esac + ;; + esac + ;; + esac + done + tmp_libs= + for deplib in $new_libs; do + case $deplib in + -L*) + case " $tmp_libs " in + *" $deplib "*) ;; + *) func_append tmp_libs " $deplib" ;; + esac + ;; + *) func_append tmp_libs " $deplib" ;; + esac + done + eval $var=\"$tmp_libs\" + done # for var + fi + + # Add Sun CC postdeps if required: + test CXX = "$tagname" && { + case $host_os in + linux*) + case `$CC -V 2>&1 | sed 5q` in + *Sun\ C*) # Sun C++ 5.9 + func_suncc_cstd_abi + + if test no != "$suncc_use_cstd_abi"; then + func_append postdeps ' -library=Cstd -library=Crun' + fi + ;; + esac + ;; + + solaris*) + func_cc_basename "$CC" + case $func_cc_basename_result in + CC* | sunCC*) + func_suncc_cstd_abi + + if test no != "$suncc_use_cstd_abi"; then + func_append postdeps ' -library=Cstd -library=Crun' + fi + ;; + esac + ;; + esac + } + + # Last step: remove runtime libs from dependency_libs + # (they stay in deplibs) + tmp_libs= + for i in $dependency_libs; do + case " $predeps $postdeps $compiler_lib_search_path " in + *" $i "*) + i= + ;; + esac + if test -n "$i"; then + func_append tmp_libs " $i" + fi + done + dependency_libs=$tmp_libs + done # for pass + if test prog = "$linkmode"; then + dlfiles=$newdlfiles + fi + if test prog = "$linkmode" || test lib = "$linkmode"; then + dlprefiles=$newdlprefiles + fi + + case $linkmode in + oldlib) + if test -n "$dlfiles$dlprefiles" || test no != "$dlself"; then + func_warning "'-dlopen' is ignored for archives" + fi + + case " $deplibs" in + *\ -l* | *\ -L*) + func_warning "'-l' and '-L' are ignored for archives" ;; + esac + + test -n "$rpath" && \ + func_warning "'-rpath' is ignored for archives" + + test -n "$xrpath" && \ + func_warning "'-R' is ignored for archives" + + test -n "$vinfo" && \ + func_warning "'-version-info/-version-number' is ignored for archives" + + test -n "$release" && \ + func_warning "'-release' is ignored for archives" + + test -n "$export_symbols$export_symbols_regex" && \ + func_warning "'-export-symbols' is ignored for archives" + + # Now set the variables for building old libraries. + build_libtool_libs=no + oldlibs=$output + func_append objs "$old_deplibs" + ;; + + lib) + # Make sure we only generate libraries of the form 'libNAME.la'. + case $outputname in + lib*) + func_stripname 'lib' '.la' "$outputname" + name=$func_stripname_result + eval shared_ext=\"$shrext_cmds\" + eval libname=\"$libname_spec\" + ;; + *) + if test no != "$need_lib_prefix"; then + # Add the "lib" prefix for modules if required + func_stripname '' '.la' "$outputname" + name=$func_stripname_result + eval shared_ext=\"$shrext_cmds\" + eval libname=\"$libname_spec\" + else + func_stripname '' '.la' "$outputname" + libname=$func_stripname_result + fi + ;; + esac + + if test -n "$objs"; then + if test pass_all != "$deplibs_check_method"; then + func_fatal_error "cannot build libtool library '$output' from non-libtool objects on this host:$objs" + else + echo + $ECHO "*** Warning: Linking the shared library $output against the non-libtool" + $ECHO "*** objects $objs is not portable!" + func_append libobjs " $objs" + fi + fi + + test no = "$dlself" \ + || func_warning "'-dlopen self' is ignored for libtool libraries" + + set dummy $rpath + shift + test 1 -lt "$#" \ + && func_warning "ignoring multiple '-rpath's for a libtool library" + + install_libdir=$1 + + oldlibs= + if test -z "$rpath"; then + if test yes = "$build_libtool_libs"; then + # Building a libtool convenience library. + # Some compilers have problems with a '.al' extension so + # convenience libraries should have the same extension an + # archive normally would. + oldlibs="$output_objdir/$libname.$libext $oldlibs" + build_libtool_libs=convenience + build_old_libs=yes + fi + + test -n "$vinfo" && \ + func_warning "'-version-info/-version-number' is ignored for convenience libraries" + + test -n "$release" && \ + func_warning "'-release' is ignored for convenience libraries" + else + + # Parse the version information argument. + save_ifs=$IFS; IFS=: + set dummy $vinfo 0 0 0 + shift + IFS=$save_ifs + + test -n "$7" && \ + func_fatal_help "too many parameters to '-version-info'" + + # convert absolute version numbers to libtool ages + # this retains compatibility with .la files and attempts + # to make the code below a bit more comprehensible + + case $vinfo_number in + yes) + number_major=$1 + number_minor=$2 + number_revision=$3 + # + # There are really only two kinds -- those that + # use the current revision as the major version + # and those that subtract age and use age as + # a minor version. But, then there is irix + # that has an extra 1 added just for fun + # + case $version_type in + # correct linux to gnu/linux during the next big refactor + darwin|freebsd-elf|linux|osf|windows|none) + func_arith $number_major + $number_minor + current=$func_arith_result + age=$number_minor + revision=$number_revision + ;; + freebsd-aout|qnx|sco|sunos) + current=$number_major + revision=$number_minor + age=0 + ;; + irix|nonstopux) + func_arith $number_major + $number_minor + current=$func_arith_result + age=$number_minor + revision=$number_minor + lt_irix_increment=no + ;; + esac + ;; + no) + current=$1 + revision=$2 + age=$3 + ;; + esac + + # Check that each of the things are valid numbers. + case $current in + 0|[1-9]|[1-9][0-9]|[1-9][0-9][0-9]|[1-9][0-9][0-9][0-9]|[1-9][0-9][0-9][0-9][0-9]) ;; + *) + func_error "CURRENT '$current' must be a nonnegative integer" + func_fatal_error "'$vinfo' is not valid version information" + ;; + esac + + case $revision in + 0|[1-9]|[1-9][0-9]|[1-9][0-9][0-9]|[1-9][0-9][0-9][0-9]|[1-9][0-9][0-9][0-9][0-9]) ;; + *) + func_error "REVISION '$revision' must be a nonnegative integer" + func_fatal_error "'$vinfo' is not valid version information" + ;; + esac + + case $age in + 0|[1-9]|[1-9][0-9]|[1-9][0-9][0-9]|[1-9][0-9][0-9][0-9]|[1-9][0-9][0-9][0-9][0-9]) ;; + *) + func_error "AGE '$age' must be a nonnegative integer" + func_fatal_error "'$vinfo' is not valid version information" + ;; + esac + + if test "$age" -gt "$current"; then + func_error "AGE '$age' is greater than the current interface number '$current'" + func_fatal_error "'$vinfo' is not valid version information" + fi + + # Calculate the version variables. + major= + versuffix= + verstring= + case $version_type in + none) ;; + + darwin) + # Like Linux, but with the current version available in + # verstring for coding it into the library header + func_arith $current - $age + major=.$func_arith_result + versuffix=$major.$age.$revision + # Darwin ld doesn't like 0 for these options... + func_arith $current + 1 + minor_current=$func_arith_result + xlcverstring="$wl-compatibility_version $wl$minor_current $wl-current_version $wl$minor_current.$revision" + verstring="-compatibility_version $minor_current -current_version $minor_current.$revision" + # On Darwin other compilers + case $CC in + nagfor*) + verstring="$wl-compatibility_version $wl$minor_current $wl-current_version $wl$minor_current.$revision" + ;; + *) + verstring="-compatibility_version $minor_current -current_version $minor_current.$revision" + ;; + esac + ;; + + freebsd-aout) + major=.$current + versuffix=.$current.$revision + ;; + + freebsd-elf) + func_arith $current - $age + major=.$func_arith_result + versuffix=$major.$age.$revision + ;; + + irix | nonstopux) + if test no = "$lt_irix_increment"; then + func_arith $current - $age + else + func_arith $current - $age + 1 + fi + major=$func_arith_result + + case $version_type in + nonstopux) verstring_prefix=nonstopux ;; + *) verstring_prefix=sgi ;; + esac + verstring=$verstring_prefix$major.$revision + + # Add in all the interfaces that we are compatible with. + loop=$revision + while test 0 -ne "$loop"; do + func_arith $revision - $loop + iface=$func_arith_result + func_arith $loop - 1 + loop=$func_arith_result + verstring=$verstring_prefix$major.$iface:$verstring + done + + # Before this point, $major must not contain '.'. + major=.$major + versuffix=$major.$revision + ;; + + linux) # correct to gnu/linux during the next big refactor + func_arith $current - $age + major=.$func_arith_result + versuffix=$major.$age.$revision + ;; + + osf) + func_arith $current - $age + major=.$func_arith_result + versuffix=.$current.$age.$revision + verstring=$current.$age.$revision + + # Add in all the interfaces that we are compatible with. + loop=$age + while test 0 -ne "$loop"; do + func_arith $current - $loop + iface=$func_arith_result + func_arith $loop - 1 + loop=$func_arith_result + verstring=$verstring:$iface.0 + done + + # Make executables depend on our current version. + func_append verstring ":$current.0" + ;; + + qnx) + major=.$current + versuffix=.$current + ;; + + sco) + major=.$current + versuffix=.$current + ;; + + sunos) + major=.$current + versuffix=.$current.$revision + ;; + + windows) + # Use '-' rather than '.', since we only want one + # extension on DOS 8.3 file systems. + func_arith $current - $age + major=$func_arith_result + versuffix=-$major + ;; + + *) + func_fatal_configuration "unknown library version type '$version_type'" + ;; + esac + + # Clear the version info if we defaulted, and they specified a release. + if test -z "$vinfo" && test -n "$release"; then + major= + case $version_type in + darwin) + # we can't check for "0.0" in archive_cmds due to quoting + # problems, so we reset it completely + verstring= + ;; + *) + verstring=0.0 + ;; + esac + if test no = "$need_version"; then + versuffix= + else + versuffix=.0.0 + fi + fi + + # Remove version info from name if versioning should be avoided + if test yes,no = "$avoid_version,$need_version"; then + major= + versuffix= + verstring= + fi + + # Check to see if the archive will have undefined symbols. + if test yes = "$allow_undefined"; then + if test unsupported = "$allow_undefined_flag"; then + if test yes = "$build_old_libs"; then + func_warning "undefined symbols not allowed in $host shared libraries; building static only" + build_libtool_libs=no + else + func_fatal_error "can't build $host shared library unless -no-undefined is specified" + fi + fi + else + # Don't allow undefined symbols. + allow_undefined_flag=$no_undefined_flag + fi + + fi + + func_generate_dlsyms "$libname" "$libname" : + func_append libobjs " $symfileobj" + test " " = "$libobjs" && libobjs= + + if test relink != "$opt_mode"; then + # Remove our outputs, but don't remove object files since they + # may have been created when compiling PIC objects. + removelist= + tempremovelist=`$ECHO "$output_objdir/*"` + for p in $tempremovelist; do + case $p in + *.$objext | *.gcno) + ;; + $output_objdir/$outputname | $output_objdir/$libname.* | $output_objdir/$libname$release.*) + if test -n "$precious_files_regex"; then + if $ECHO "$p" | $EGREP -e "$precious_files_regex" >/dev/null 2>&1 + then + continue + fi + fi + func_append removelist " $p" + ;; + *) ;; + esac + done + test -n "$removelist" && \ + func_show_eval "${RM}r \$removelist" + fi + + # Now set the variables for building old libraries. + if test yes = "$build_old_libs" && test convenience != "$build_libtool_libs"; then + func_append oldlibs " $output_objdir/$libname.$libext" + + # Transform .lo files to .o files. + oldobjs="$objs "`$ECHO "$libobjs" | $SP2NL | $SED "/\.$libext$/d; $lo2o" | $NL2SP` + fi + + # Eliminate all temporary directories. + #for path in $notinst_path; do + # lib_search_path=`$ECHO "$lib_search_path " | $SED "s% $path % %g"` + # deplibs=`$ECHO "$deplibs " | $SED "s% -L$path % %g"` + # dependency_libs=`$ECHO "$dependency_libs " | $SED "s% -L$path % %g"` + #done + + if test -n "$xrpath"; then + # If the user specified any rpath flags, then add them. + temp_xrpath= + for libdir in $xrpath; do + func_replace_sysroot "$libdir" + func_append temp_xrpath " -R$func_replace_sysroot_result" + case "$finalize_rpath " in + *" $libdir "*) ;; + *) func_append finalize_rpath " $libdir" ;; + esac + done + if test yes != "$hardcode_into_libs" || test yes = "$build_old_libs"; then + dependency_libs="$temp_xrpath $dependency_libs" + fi + fi + + # Make sure dlfiles contains only unique files that won't be dlpreopened + old_dlfiles=$dlfiles + dlfiles= + for lib in $old_dlfiles; do + case " $dlprefiles $dlfiles " in + *" $lib "*) ;; + *) func_append dlfiles " $lib" ;; + esac + done + + # Make sure dlprefiles contains only unique files + old_dlprefiles=$dlprefiles + dlprefiles= + for lib in $old_dlprefiles; do + case "$dlprefiles " in + *" $lib "*) ;; + *) func_append dlprefiles " $lib" ;; + esac + done + + if test yes = "$build_libtool_libs"; then + if test -n "$rpath"; then + case $host in + *-*-cygwin* | *-*-mingw* | *-*-pw32* | *-*-os2* | *-*-beos* | *-cegcc* | *-*-haiku*) + # these systems don't actually have a c library (as such)! + ;; + *-*-rhapsody* | *-*-darwin1.[012]) + # Rhapsody C library is in the System framework + func_append deplibs " System.ltframework" + ;; + *-*-netbsd*) + # Don't link with libc until the a.out ld.so is fixed. + ;; + *-*-openbsd* | *-*-freebsd* | *-*-dragonfly*) + # Do not include libc due to us having libc/libc_r. + ;; + *-*-sco3.2v5* | *-*-sco5v6*) + # Causes problems with __ctype + ;; + *-*-sysv4.2uw2* | *-*-sysv5* | *-*-unixware* | *-*-OpenUNIX*) + # Compiler inserts libc in the correct place for threads to work + ;; + *) + # Add libc to deplibs on all other systems if necessary. + if test yes = "$build_libtool_need_lc"; then + func_append deplibs " -lc" + fi + ;; + esac + fi + + # Transform deplibs into only deplibs that can be linked in shared. + name_save=$name + libname_save=$libname + release_save=$release + versuffix_save=$versuffix + major_save=$major + # I'm not sure if I'm treating the release correctly. I think + # release should show up in the -l (ie -lgmp5) so we don't want to + # add it in twice. Is that correct? + release= + versuffix= + major= + newdeplibs= + droppeddeps=no + case $deplibs_check_method in + pass_all) + # Don't check for shared/static. Everything works. + # This might be a little naive. We might want to check + # whether the library exists or not. But this is on + # osf3 & osf4 and I'm not really sure... Just + # implementing what was already the behavior. + newdeplibs=$deplibs + ;; + test_compile) + # This code stresses the "libraries are programs" paradigm to its + # limits. Maybe even breaks it. We compile a program, linking it + # against the deplibs as a proxy for the library. Then we can check + # whether they linked in statically or dynamically with ldd. + $opt_dry_run || $RM conftest.c + cat > conftest.c </dev/null` + $nocaseglob + else + potential_libs=`ls $i/$libnameglob[.-]* 2>/dev/null` + fi + for potent_lib in $potential_libs; do + # Follow soft links. + if ls -lLd "$potent_lib" 2>/dev/null | + $GREP " -> " >/dev/null; then + continue + fi + # The statement above tries to avoid entering an + # endless loop below, in case of cyclic links. + # We might still enter an endless loop, since a link + # loop can be closed while we follow links, + # but so what? + potlib=$potent_lib + while test -h "$potlib" 2>/dev/null; do + potliblink=`ls -ld $potlib | $SED 's/.* -> //'` + case $potliblink in + [\\/]* | [A-Za-z]:[\\/]*) potlib=$potliblink;; + *) potlib=`$ECHO "$potlib" | $SED 's|[^/]*$||'`"$potliblink";; + esac + done + if eval $file_magic_cmd \"\$potlib\" 2>/dev/null | + $SED -e 10q | + $EGREP "$file_magic_regex" > /dev/null; then + func_append newdeplibs " $a_deplib" + a_deplib= + break 2 + fi + done + done + fi + if test -n "$a_deplib"; then + droppeddeps=yes + echo + $ECHO "*** Warning: linker path does not have real file for library $a_deplib." + echo "*** I have the capability to make that library automatically link in when" + echo "*** you link to this library. But I can only do this if you have a" + echo "*** shared version of the library, which you do not appear to have" + echo "*** because I did check the linker path looking for a file starting" + if test -z "$potlib"; then + $ECHO "*** with $libname but no candidates were found. (...for file magic test)" + else + $ECHO "*** with $libname and none of the candidates passed a file format test" + $ECHO "*** using a file magic. Last file checked: $potlib" + fi + fi + ;; + *) + # Add a -L argument. + func_append newdeplibs " $a_deplib" + ;; + esac + done # Gone through all deplibs. + ;; + match_pattern*) + set dummy $deplibs_check_method; shift + match_pattern_regex=`expr "$deplibs_check_method" : "$1 \(.*\)"` + for a_deplib in $deplibs; do + case $a_deplib in + -l*) + func_stripname -l '' "$a_deplib" + name=$func_stripname_result + if test yes = "$allow_libtool_libs_with_static_runtimes"; then + case " $predeps $postdeps " in + *" $a_deplib "*) + func_append newdeplibs " $a_deplib" + a_deplib= + ;; + esac + fi + if test -n "$a_deplib"; then + libname=`eval "\\$ECHO \"$libname_spec\""` + for i in $lib_search_path $sys_lib_search_path $shlib_search_path; do + potential_libs=`ls $i/$libname[.-]* 2>/dev/null` + for potent_lib in $potential_libs; do + potlib=$potent_lib # see symlink-check above in file_magic test + if eval "\$ECHO \"$potent_lib\"" 2>/dev/null | $SED 10q | \ + $EGREP "$match_pattern_regex" > /dev/null; then + func_append newdeplibs " $a_deplib" + a_deplib= + break 2 + fi + done + done + fi + if test -n "$a_deplib"; then + droppeddeps=yes + echo + $ECHO "*** Warning: linker path does not have real file for library $a_deplib." + echo "*** I have the capability to make that library automatically link in when" + echo "*** you link to this library. But I can only do this if you have a" + echo "*** shared version of the library, which you do not appear to have" + echo "*** because I did check the linker path looking for a file starting" + if test -z "$potlib"; then + $ECHO "*** with $libname but no candidates were found. (...for regex pattern test)" + else + $ECHO "*** with $libname and none of the candidates passed a file format test" + $ECHO "*** using a regex pattern. Last file checked: $potlib" + fi + fi + ;; + *) + # Add a -L argument. + func_append newdeplibs " $a_deplib" + ;; + esac + done # Gone through all deplibs. + ;; + none | unknown | *) + newdeplibs= + tmp_deplibs=`$ECHO " $deplibs" | $SED 's/ -lc$//; s/ -[LR][^ ]*//g'` + if test yes = "$allow_libtool_libs_with_static_runtimes"; then + for i in $predeps $postdeps; do + # can't use Xsed below, because $i might contain '/' + tmp_deplibs=`$ECHO " $tmp_deplibs" | $SED "s|$i||"` + done + fi + case $tmp_deplibs in + *[!\ \ ]*) + echo + if test none = "$deplibs_check_method"; then + echo "*** Warning: inter-library dependencies are not supported in this platform." + else + echo "*** Warning: inter-library dependencies are not known to be supported." + fi + echo "*** All declared inter-library dependencies are being dropped." + droppeddeps=yes + ;; + esac + ;; + esac + versuffix=$versuffix_save + major=$major_save + release=$release_save + libname=$libname_save + name=$name_save + + case $host in + *-*-rhapsody* | *-*-darwin1.[012]) + # On Rhapsody replace the C library with the System framework + newdeplibs=`$ECHO " $newdeplibs" | $SED 's/ -lc / System.ltframework /'` + ;; + esac + + if test yes = "$droppeddeps"; then + if test yes = "$module"; then + echo + echo "*** Warning: libtool could not satisfy all declared inter-library" + $ECHO "*** dependencies of module $libname. Therefore, libtool will create" + echo "*** a static module, that should work as long as the dlopening" + echo "*** application is linked with the -dlopen flag." + if test -z "$global_symbol_pipe"; then + echo + echo "*** However, this would only work if libtool was able to extract symbol" + echo "*** lists from a program, using 'nm' or equivalent, but libtool could" + echo "*** not find such a program. So, this module is probably useless." + echo "*** 'nm' from GNU binutils and a full rebuild may help." + fi + if test no = "$build_old_libs"; then + oldlibs=$output_objdir/$libname.$libext + build_libtool_libs=module + build_old_libs=yes + else + build_libtool_libs=no + fi + else + echo "*** The inter-library dependencies that have been dropped here will be" + echo "*** automatically added whenever a program is linked with this library" + echo "*** or is declared to -dlopen it." + + if test no = "$allow_undefined"; then + echo + echo "*** Since this library must not contain undefined symbols," + echo "*** because either the platform does not support them or" + echo "*** it was explicitly requested with -no-undefined," + echo "*** libtool will only create a static version of it." + if test no = "$build_old_libs"; then + oldlibs=$output_objdir/$libname.$libext + build_libtool_libs=module + build_old_libs=yes + else + build_libtool_libs=no + fi + fi + fi + fi + # Done checking deplibs! + deplibs=$newdeplibs + fi + # Time to change all our "foo.ltframework" stuff back to "-framework foo" + case $host in + *-*-darwin*) + newdeplibs=`$ECHO " $newdeplibs" | $SED 's% \([^ $]*\).ltframework% -framework \1%g'` + new_inherited_linker_flags=`$ECHO " $new_inherited_linker_flags" | $SED 's% \([^ $]*\).ltframework% -framework \1%g'` + deplibs=`$ECHO " $deplibs" | $SED 's% \([^ $]*\).ltframework% -framework \1%g'` + ;; + esac + + # move library search paths that coincide with paths to not yet + # installed libraries to the beginning of the library search list + new_libs= + for path in $notinst_path; do + case " $new_libs " in + *" -L$path/$objdir "*) ;; + *) + case " $deplibs " in + *" -L$path/$objdir "*) + func_append new_libs " -L$path/$objdir" ;; + esac + ;; + esac + done + for deplib in $deplibs; do + case $deplib in + -L*) + case " $new_libs " in + *" $deplib "*) ;; + *) func_append new_libs " $deplib" ;; + esac + ;; + *) func_append new_libs " $deplib" ;; + esac + done + deplibs=$new_libs + + # All the library-specific variables (install_libdir is set above). + library_names= + old_library= + dlname= + + # Test again, we may have decided not to build it any more + if test yes = "$build_libtool_libs"; then + # Remove $wl instances when linking with ld. + # FIXME: should test the right _cmds variable. + case $archive_cmds in + *\$LD\ *) wl= ;; + esac + if test yes = "$hardcode_into_libs"; then + # Hardcode the library paths + hardcode_libdirs= + dep_rpath= + rpath=$finalize_rpath + test relink = "$opt_mode" || rpath=$compile_rpath$rpath + for libdir in $rpath; do + if test -n "$hardcode_libdir_flag_spec"; then + if test -n "$hardcode_libdir_separator"; then + func_replace_sysroot "$libdir" + libdir=$func_replace_sysroot_result + if test -z "$hardcode_libdirs"; then + hardcode_libdirs=$libdir + else + # Just accumulate the unique libdirs. + case $hardcode_libdir_separator$hardcode_libdirs$hardcode_libdir_separator in + *"$hardcode_libdir_separator$libdir$hardcode_libdir_separator"*) + ;; + *) + func_append hardcode_libdirs "$hardcode_libdir_separator$libdir" + ;; + esac + fi + else + eval flag=\"$hardcode_libdir_flag_spec\" + func_append dep_rpath " $flag" + fi + elif test -n "$runpath_var"; then + case "$perm_rpath " in + *" $libdir "*) ;; + *) func_append perm_rpath " $libdir" ;; + esac + fi + done + # Substitute the hardcoded libdirs into the rpath. + if test -n "$hardcode_libdir_separator" && + test -n "$hardcode_libdirs"; then + libdir=$hardcode_libdirs + eval "dep_rpath=\"$hardcode_libdir_flag_spec\"" + fi + if test -n "$runpath_var" && test -n "$perm_rpath"; then + # We should set the runpath_var. + rpath= + for dir in $perm_rpath; do + func_append rpath "$dir:" + done + eval "$runpath_var='$rpath\$$runpath_var'; export $runpath_var" + fi + test -n "$dep_rpath" && deplibs="$dep_rpath $deplibs" + fi + + shlibpath=$finalize_shlibpath + test relink = "$opt_mode" || shlibpath=$compile_shlibpath$shlibpath + if test -n "$shlibpath"; then + eval "$shlibpath_var='$shlibpath\$$shlibpath_var'; export $shlibpath_var" + fi + + # Get the real and link names of the library. + eval shared_ext=\"$shrext_cmds\" + eval library_names=\"$library_names_spec\" + set dummy $library_names + shift + realname=$1 + shift + + if test -n "$soname_spec"; then + eval soname=\"$soname_spec\" + else + soname=$realname + fi + if test -z "$dlname"; then + dlname=$soname + fi + + lib=$output_objdir/$realname + linknames= + for link + do + func_append linknames " $link" + done + + # Use standard objects if they are pic + test -z "$pic_flag" && libobjs=`$ECHO "$libobjs" | $SP2NL | $SED "$lo2o" | $NL2SP` + test "X$libobjs" = "X " && libobjs= + + delfiles= + if test -n "$export_symbols" && test -n "$include_expsyms"; then + $opt_dry_run || cp "$export_symbols" "$output_objdir/$libname.uexp" + export_symbols=$output_objdir/$libname.uexp + func_append delfiles " $export_symbols" + fi + + orig_export_symbols= + case $host_os in + cygwin* | mingw* | cegcc*) + if test -n "$export_symbols" && test -z "$export_symbols_regex"; then + # exporting using user supplied symfile + func_dll_def_p "$export_symbols" || { + # and it's NOT already a .def file. Must figure out + # which of the given symbols are data symbols and tag + # them as such. So, trigger use of export_symbols_cmds. + # export_symbols gets reassigned inside the "prepare + # the list of exported symbols" if statement, so the + # include_expsyms logic still works. + orig_export_symbols=$export_symbols + export_symbols= + always_export_symbols=yes + } + fi + ;; + esac + + # Prepare the list of exported symbols + if test -z "$export_symbols"; then + if test yes = "$always_export_symbols" || test -n "$export_symbols_regex"; then + func_verbose "generating symbol list for '$libname.la'" + export_symbols=$output_objdir/$libname.exp + $opt_dry_run || $RM $export_symbols + cmds=$export_symbols_cmds + save_ifs=$IFS; IFS='~' + for cmd1 in $cmds; do + IFS=$save_ifs + # Take the normal branch if the nm_file_list_spec branch + # doesn't work or if tool conversion is not needed. + case $nm_file_list_spec~$to_tool_file_cmd in + *~func_convert_file_noop | *~func_convert_file_msys_to_w32 | ~*) + try_normal_branch=yes + eval cmd=\"$cmd1\" + func_len " $cmd" + len=$func_len_result + ;; + *) + try_normal_branch=no + ;; + esac + if test yes = "$try_normal_branch" \ + && { test "$len" -lt "$max_cmd_len" \ + || test "$max_cmd_len" -le -1; } + then + func_show_eval "$cmd" 'exit $?' + skipped_export=false + elif test -n "$nm_file_list_spec"; then + func_basename "$output" + output_la=$func_basename_result + save_libobjs=$libobjs + save_output=$output + output=$output_objdir/$output_la.nm + func_to_tool_file "$output" + libobjs=$nm_file_list_spec$func_to_tool_file_result + func_append delfiles " $output" + func_verbose "creating $NM input file list: $output" + for obj in $save_libobjs; do + func_to_tool_file "$obj" + $ECHO "$func_to_tool_file_result" + done > "$output" + eval cmd=\"$cmd1\" + func_show_eval "$cmd" 'exit $?' + output=$save_output + libobjs=$save_libobjs + skipped_export=false + else + # The command line is too long to execute in one step. + func_verbose "using reloadable object file for export list..." + skipped_export=: + # Break out early, otherwise skipped_export may be + # set to false by a later but shorter cmd. + break + fi + done + IFS=$save_ifs + if test -n "$export_symbols_regex" && test : != "$skipped_export"; then + func_show_eval '$EGREP -e "$export_symbols_regex" "$export_symbols" > "${export_symbols}T"' + func_show_eval '$MV "${export_symbols}T" "$export_symbols"' + fi + fi + fi + + if test -n "$export_symbols" && test -n "$include_expsyms"; then + tmp_export_symbols=$export_symbols + test -n "$orig_export_symbols" && tmp_export_symbols=$orig_export_symbols + $opt_dry_run || eval '$ECHO "$include_expsyms" | $SP2NL >> "$tmp_export_symbols"' + fi + + if test : != "$skipped_export" && test -n "$orig_export_symbols"; then + # The given exports_symbols file has to be filtered, so filter it. + func_verbose "filter symbol list for '$libname.la' to tag DATA exports" + # FIXME: $output_objdir/$libname.filter potentially contains lots of + # 's' commands, which not all seds can handle. GNU sed should be fine + # though. Also, the filter scales superlinearly with the number of + # global variables. join(1) would be nice here, but unfortunately + # isn't a blessed tool. + $opt_dry_run || $SED -e '/[ ,]DATA/!d;s,\(.*\)\([ \,].*\),s|^\1$|\1\2|,' < $export_symbols > $output_objdir/$libname.filter + func_append delfiles " $export_symbols $output_objdir/$libname.filter" + export_symbols=$output_objdir/$libname.def + $opt_dry_run || $SED -f $output_objdir/$libname.filter < $orig_export_symbols > $export_symbols + fi + + tmp_deplibs= + for test_deplib in $deplibs; do + case " $convenience " in + *" $test_deplib "*) ;; + *) + func_append tmp_deplibs " $test_deplib" + ;; + esac + done + deplibs=$tmp_deplibs + + if test -n "$convenience"; then + if test -n "$whole_archive_flag_spec" && + test yes = "$compiler_needs_object" && + test -z "$libobjs"; then + # extract the archives, so we have objects to list. + # TODO: could optimize this to just extract one archive. + whole_archive_flag_spec= + fi + if test -n "$whole_archive_flag_spec"; then + save_libobjs=$libobjs + eval libobjs=\"\$libobjs $whole_archive_flag_spec\" + test "X$libobjs" = "X " && libobjs= + else + gentop=$output_objdir/${outputname}x + func_append generated " $gentop" + + func_extract_archives $gentop $convenience + func_append libobjs " $func_extract_archives_result" + test "X$libobjs" = "X " && libobjs= + fi + fi + + if test yes = "$thread_safe" && test -n "$thread_safe_flag_spec"; then + eval flag=\"$thread_safe_flag_spec\" + func_append linker_flags " $flag" + fi + + # Make a backup of the uninstalled library when relinking + if test relink = "$opt_mode"; then + $opt_dry_run || eval '(cd $output_objdir && $RM ${realname}U && $MV $realname ${realname}U)' || exit $? + fi + + # Do each of the archive commands. + if test yes = "$module" && test -n "$module_cmds"; then + if test -n "$export_symbols" && test -n "$module_expsym_cmds"; then + eval test_cmds=\"$module_expsym_cmds\" + cmds=$module_expsym_cmds + else + eval test_cmds=\"$module_cmds\" + cmds=$module_cmds + fi + else + if test -n "$export_symbols" && test -n "$archive_expsym_cmds"; then + eval test_cmds=\"$archive_expsym_cmds\" + cmds=$archive_expsym_cmds + else + eval test_cmds=\"$archive_cmds\" + cmds=$archive_cmds + fi + fi + + if test : != "$skipped_export" && + func_len " $test_cmds" && + len=$func_len_result && + test "$len" -lt "$max_cmd_len" || test "$max_cmd_len" -le -1; then + : + else + # The command line is too long to link in one step, link piecewise + # or, if using GNU ld and skipped_export is not :, use a linker + # script. + + # Save the value of $output and $libobjs because we want to + # use them later. If we have whole_archive_flag_spec, we + # want to use save_libobjs as it was before + # whole_archive_flag_spec was expanded, because we can't + # assume the linker understands whole_archive_flag_spec. + # This may have to be revisited, in case too many + # convenience libraries get linked in and end up exceeding + # the spec. + if test -z "$convenience" || test -z "$whole_archive_flag_spec"; then + save_libobjs=$libobjs + fi + save_output=$output + func_basename "$output" + output_la=$func_basename_result + + # Clear the reloadable object creation command queue and + # initialize k to one. + test_cmds= + concat_cmds= + objlist= + last_robj= + k=1 + + if test -n "$save_libobjs" && test : != "$skipped_export" && test yes = "$with_gnu_ld"; then + output=$output_objdir/$output_la.lnkscript + func_verbose "creating GNU ld script: $output" + echo 'INPUT (' > $output + for obj in $save_libobjs + do + func_to_tool_file "$obj" + $ECHO "$func_to_tool_file_result" >> $output + done + echo ')' >> $output + func_append delfiles " $output" + func_to_tool_file "$output" + output=$func_to_tool_file_result + elif test -n "$save_libobjs" && test : != "$skipped_export" && test -n "$file_list_spec"; then + output=$output_objdir/$output_la.lnk + func_verbose "creating linker input file list: $output" + : > $output + set x $save_libobjs + shift + firstobj= + if test yes = "$compiler_needs_object"; then + firstobj="$1 " + shift + fi + for obj + do + func_to_tool_file "$obj" + $ECHO "$func_to_tool_file_result" >> $output + done + func_append delfiles " $output" + func_to_tool_file "$output" + output=$firstobj\"$file_list_spec$func_to_tool_file_result\" + else + if test -n "$save_libobjs"; then + func_verbose "creating reloadable object files..." + output=$output_objdir/$output_la-$k.$objext + eval test_cmds=\"$reload_cmds\" + func_len " $test_cmds" + len0=$func_len_result + len=$len0 + + # Loop over the list of objects to be linked. + for obj in $save_libobjs + do + func_len " $obj" + func_arith $len + $func_len_result + len=$func_arith_result + if test -z "$objlist" || + test "$len" -lt "$max_cmd_len"; then + func_append objlist " $obj" + else + # The command $test_cmds is almost too long, add a + # command to the queue. + if test 1 -eq "$k"; then + # The first file doesn't have a previous command to add. + reload_objs=$objlist + eval concat_cmds=\"$reload_cmds\" + else + # All subsequent reloadable object files will link in + # the last one created. + reload_objs="$objlist $last_robj" + eval concat_cmds=\"\$concat_cmds~$reload_cmds~\$RM $last_robj\" + fi + last_robj=$output_objdir/$output_la-$k.$objext + func_arith $k + 1 + k=$func_arith_result + output=$output_objdir/$output_la-$k.$objext + objlist=" $obj" + func_len " $last_robj" + func_arith $len0 + $func_len_result + len=$func_arith_result + fi + done + # Handle the remaining objects by creating one last + # reloadable object file. All subsequent reloadable object + # files will link in the last one created. + test -z "$concat_cmds" || concat_cmds=$concat_cmds~ + reload_objs="$objlist $last_robj" + eval concat_cmds=\"\$concat_cmds$reload_cmds\" + if test -n "$last_robj"; then + eval concat_cmds=\"\$concat_cmds~\$RM $last_robj\" + fi + func_append delfiles " $output" + + else + output= + fi + + ${skipped_export-false} && { + func_verbose "generating symbol list for '$libname.la'" + export_symbols=$output_objdir/$libname.exp + $opt_dry_run || $RM $export_symbols + libobjs=$output + # Append the command to create the export file. + test -z "$concat_cmds" || concat_cmds=$concat_cmds~ + eval concat_cmds=\"\$concat_cmds$export_symbols_cmds\" + if test -n "$last_robj"; then + eval concat_cmds=\"\$concat_cmds~\$RM $last_robj\" + fi + } + + test -n "$save_libobjs" && + func_verbose "creating a temporary reloadable object file: $output" + + # Loop through the commands generated above and execute them. + save_ifs=$IFS; IFS='~' + for cmd in $concat_cmds; do + IFS=$save_ifs + $opt_quiet || { + func_quote_for_expand "$cmd" + eval "func_echo $func_quote_for_expand_result" + } + $opt_dry_run || eval "$cmd" || { + lt_exit=$? + + # Restore the uninstalled library and exit + if test relink = "$opt_mode"; then + ( cd "$output_objdir" && \ + $RM "${realname}T" && \ + $MV "${realname}U" "$realname" ) + fi + + exit $lt_exit + } + done + IFS=$save_ifs + + if test -n "$export_symbols_regex" && ${skipped_export-false}; then + func_show_eval '$EGREP -e "$export_symbols_regex" "$export_symbols" > "${export_symbols}T"' + func_show_eval '$MV "${export_symbols}T" "$export_symbols"' + fi + fi + + ${skipped_export-false} && { + if test -n "$export_symbols" && test -n "$include_expsyms"; then + tmp_export_symbols=$export_symbols + test -n "$orig_export_symbols" && tmp_export_symbols=$orig_export_symbols + $opt_dry_run || eval '$ECHO "$include_expsyms" | $SP2NL >> "$tmp_export_symbols"' + fi + + if test -n "$orig_export_symbols"; then + # The given exports_symbols file has to be filtered, so filter it. + func_verbose "filter symbol list for '$libname.la' to tag DATA exports" + # FIXME: $output_objdir/$libname.filter potentially contains lots of + # 's' commands, which not all seds can handle. GNU sed should be fine + # though. Also, the filter scales superlinearly with the number of + # global variables. join(1) would be nice here, but unfortunately + # isn't a blessed tool. + $opt_dry_run || $SED -e '/[ ,]DATA/!d;s,\(.*\)\([ \,].*\),s|^\1$|\1\2|,' < $export_symbols > $output_objdir/$libname.filter + func_append delfiles " $export_symbols $output_objdir/$libname.filter" + export_symbols=$output_objdir/$libname.def + $opt_dry_run || $SED -f $output_objdir/$libname.filter < $orig_export_symbols > $export_symbols + fi + } + + libobjs=$output + # Restore the value of output. + output=$save_output + + if test -n "$convenience" && test -n "$whole_archive_flag_spec"; then + eval libobjs=\"\$libobjs $whole_archive_flag_spec\" + test "X$libobjs" = "X " && libobjs= + fi + # Expand the library linking commands again to reset the + # value of $libobjs for piecewise linking. + + # Do each of the archive commands. + if test yes = "$module" && test -n "$module_cmds"; then + if test -n "$export_symbols" && test -n "$module_expsym_cmds"; then + cmds=$module_expsym_cmds + else + cmds=$module_cmds + fi + else + if test -n "$export_symbols" && test -n "$archive_expsym_cmds"; then + cmds=$archive_expsym_cmds + else + cmds=$archive_cmds + fi + fi + fi + + if test -n "$delfiles"; then + # Append the command to remove temporary files to $cmds. + eval cmds=\"\$cmds~\$RM $delfiles\" + fi + + # Add any objects from preloaded convenience libraries + if test -n "$dlprefiles"; then + gentop=$output_objdir/${outputname}x + func_append generated " $gentop" + + func_extract_archives $gentop $dlprefiles + func_append libobjs " $func_extract_archives_result" + test "X$libobjs" = "X " && libobjs= + fi + + save_ifs=$IFS; IFS='~' + for cmd in $cmds; do + IFS=$sp$nl + eval cmd=\"$cmd\" + IFS=$save_ifs + $opt_quiet || { + func_quote_for_expand "$cmd" + eval "func_echo $func_quote_for_expand_result" + } + $opt_dry_run || eval "$cmd" || { + lt_exit=$? + + # Restore the uninstalled library and exit + if test relink = "$opt_mode"; then + ( cd "$output_objdir" && \ + $RM "${realname}T" && \ + $MV "${realname}U" "$realname" ) + fi + + exit $lt_exit + } + done + IFS=$save_ifs + + # Restore the uninstalled library and exit + if test relink = "$opt_mode"; then + $opt_dry_run || eval '(cd $output_objdir && $RM ${realname}T && $MV $realname ${realname}T && $MV ${realname}U $realname)' || exit $? + + if test -n "$convenience"; then + if test -z "$whole_archive_flag_spec"; then + func_show_eval '${RM}r "$gentop"' + fi + fi + + exit $EXIT_SUCCESS + fi + + # Create links to the real library. + for linkname in $linknames; do + if test "$realname" != "$linkname"; then + func_show_eval '(cd "$output_objdir" && $RM "$linkname" && $LN_S "$realname" "$linkname")' 'exit $?' + fi + done + + # If -module or -export-dynamic was specified, set the dlname. + if test yes = "$module" || test yes = "$export_dynamic"; then + # On all known operating systems, these are identical. + dlname=$soname + fi + fi + ;; + + obj) + if test -n "$dlfiles$dlprefiles" || test no != "$dlself"; then + func_warning "'-dlopen' is ignored for objects" + fi + + case " $deplibs" in + *\ -l* | *\ -L*) + func_warning "'-l' and '-L' are ignored for objects" ;; + esac + + test -n "$rpath" && \ + func_warning "'-rpath' is ignored for objects" + + test -n "$xrpath" && \ + func_warning "'-R' is ignored for objects" + + test -n "$vinfo" && \ + func_warning "'-version-info' is ignored for objects" + + test -n "$release" && \ + func_warning "'-release' is ignored for objects" + + case $output in + *.lo) + test -n "$objs$old_deplibs" && \ + func_fatal_error "cannot build library object '$output' from non-libtool objects" + + libobj=$output + func_lo2o "$libobj" + obj=$func_lo2o_result + ;; + *) + libobj= + obj=$output + ;; + esac + + # Delete the old objects. + $opt_dry_run || $RM $obj $libobj + + # Objects from convenience libraries. This assumes + # single-version convenience libraries. Whenever we create + # different ones for PIC/non-PIC, this we'll have to duplicate + # the extraction. + reload_conv_objs= + gentop= + # if reload_cmds runs $LD directly, get rid of -Wl from + # whole_archive_flag_spec and hope we can get by with turning comma + # into space. + case $reload_cmds in + *\$LD[\ \$]*) wl= ;; + esac + if test -n "$convenience"; then + if test -n "$whole_archive_flag_spec"; then + eval tmp_whole_archive_flags=\"$whole_archive_flag_spec\" + test -n "$wl" || tmp_whole_archive_flags=`$ECHO "$tmp_whole_archive_flags" | $SED 's|,| |g'` + reload_conv_objs=$reload_objs\ $tmp_whole_archive_flags + else + gentop=$output_objdir/${obj}x + func_append generated " $gentop" + + func_extract_archives $gentop $convenience + reload_conv_objs="$reload_objs $func_extract_archives_result" + fi + fi + + # If we're not building shared, we need to use non_pic_objs + test yes = "$build_libtool_libs" || libobjs=$non_pic_objects + + # Create the old-style object. + reload_objs=$objs$old_deplibs' '`$ECHO "$libobjs" | $SP2NL | $SED "/\.$libext$/d; /\.lib$/d; $lo2o" | $NL2SP`' '$reload_conv_objs + + output=$obj + func_execute_cmds "$reload_cmds" 'exit $?' + + # Exit if we aren't doing a library object file. + if test -z "$libobj"; then + if test -n "$gentop"; then + func_show_eval '${RM}r "$gentop"' + fi + + exit $EXIT_SUCCESS + fi + + test yes = "$build_libtool_libs" || { + if test -n "$gentop"; then + func_show_eval '${RM}r "$gentop"' + fi + + # Create an invalid libtool object if no PIC, so that we don't + # accidentally link it into a program. + # $show "echo timestamp > $libobj" + # $opt_dry_run || eval "echo timestamp > $libobj" || exit $? + exit $EXIT_SUCCESS + } + + if test -n "$pic_flag" || test default != "$pic_mode"; then + # Only do commands if we really have different PIC objects. + reload_objs="$libobjs $reload_conv_objs" + output=$libobj + func_execute_cmds "$reload_cmds" 'exit $?' + fi + + if test -n "$gentop"; then + func_show_eval '${RM}r "$gentop"' + fi + + exit $EXIT_SUCCESS + ;; + + prog) + case $host in + *cygwin*) func_stripname '' '.exe' "$output" + output=$func_stripname_result.exe;; + esac + test -n "$vinfo" && \ + func_warning "'-version-info' is ignored for programs" + + test -n "$release" && \ + func_warning "'-release' is ignored for programs" + + $preload \ + && test unknown,unknown,unknown = "$dlopen_support,$dlopen_self,$dlopen_self_static" \ + && func_warning "'LT_INIT([dlopen])' not used. Assuming no dlopen support." + + case $host in + *-*-rhapsody* | *-*-darwin1.[012]) + # On Rhapsody replace the C library is the System framework + compile_deplibs=`$ECHO " $compile_deplibs" | $SED 's/ -lc / System.ltframework /'` + finalize_deplibs=`$ECHO " $finalize_deplibs" | $SED 's/ -lc / System.ltframework /'` + ;; + esac + + case $host in + *-*-darwin*) + # Don't allow lazy linking, it breaks C++ global constructors + # But is supposedly fixed on 10.4 or later (yay!). + if test CXX = "$tagname"; then + case ${MACOSX_DEPLOYMENT_TARGET-10.0} in + 10.[0123]) + func_append compile_command " $wl-bind_at_load" + func_append finalize_command " $wl-bind_at_load" + ;; + esac + fi + # Time to change all our "foo.ltframework" stuff back to "-framework foo" + compile_deplibs=`$ECHO " $compile_deplibs" | $SED 's% \([^ $]*\).ltframework% -framework \1%g'` + finalize_deplibs=`$ECHO " $finalize_deplibs" | $SED 's% \([^ $]*\).ltframework% -framework \1%g'` + ;; + esac + + + # move library search paths that coincide with paths to not yet + # installed libraries to the beginning of the library search list + new_libs= + for path in $notinst_path; do + case " $new_libs " in + *" -L$path/$objdir "*) ;; + *) + case " $compile_deplibs " in + *" -L$path/$objdir "*) + func_append new_libs " -L$path/$objdir" ;; + esac + ;; + esac + done + for deplib in $compile_deplibs; do + case $deplib in + -L*) + case " $new_libs " in + *" $deplib "*) ;; + *) func_append new_libs " $deplib" ;; + esac + ;; + *) func_append new_libs " $deplib" ;; + esac + done + compile_deplibs=$new_libs + + + func_append compile_command " $compile_deplibs" + func_append finalize_command " $finalize_deplibs" + + if test -n "$rpath$xrpath"; then + # If the user specified any rpath flags, then add them. + for libdir in $rpath $xrpath; do + # This is the magic to use -rpath. + case "$finalize_rpath " in + *" $libdir "*) ;; + *) func_append finalize_rpath " $libdir" ;; + esac + done + fi + + # Now hardcode the library paths + rpath= + hardcode_libdirs= + for libdir in $compile_rpath $finalize_rpath; do + if test -n "$hardcode_libdir_flag_spec"; then + if test -n "$hardcode_libdir_separator"; then + if test -z "$hardcode_libdirs"; then + hardcode_libdirs=$libdir + else + # Just accumulate the unique libdirs. + case $hardcode_libdir_separator$hardcode_libdirs$hardcode_libdir_separator in + *"$hardcode_libdir_separator$libdir$hardcode_libdir_separator"*) + ;; + *) + func_append hardcode_libdirs "$hardcode_libdir_separator$libdir" + ;; + esac + fi + else + eval flag=\"$hardcode_libdir_flag_spec\" + func_append rpath " $flag" + fi + elif test -n "$runpath_var"; then + case "$perm_rpath " in + *" $libdir "*) ;; + *) func_append perm_rpath " $libdir" ;; + esac + fi + case $host in + *-*-cygwin* | *-*-mingw* | *-*-pw32* | *-*-os2* | *-cegcc*) + testbindir=`$ECHO "$libdir" | $SED -e 's*/lib$*/bin*'` + case :$dllsearchpath: in + *":$libdir:"*) ;; + ::) dllsearchpath=$libdir;; + *) func_append dllsearchpath ":$libdir";; + esac + case :$dllsearchpath: in + *":$testbindir:"*) ;; + ::) dllsearchpath=$testbindir;; + *) func_append dllsearchpath ":$testbindir";; + esac + ;; + esac + done + # Substitute the hardcoded libdirs into the rpath. + if test -n "$hardcode_libdir_separator" && + test -n "$hardcode_libdirs"; then + libdir=$hardcode_libdirs + eval rpath=\" $hardcode_libdir_flag_spec\" + fi + compile_rpath=$rpath + + rpath= + hardcode_libdirs= + for libdir in $finalize_rpath; do + if test -n "$hardcode_libdir_flag_spec"; then + if test -n "$hardcode_libdir_separator"; then + if test -z "$hardcode_libdirs"; then + hardcode_libdirs=$libdir + else + # Just accumulate the unique libdirs. + case $hardcode_libdir_separator$hardcode_libdirs$hardcode_libdir_separator in + *"$hardcode_libdir_separator$libdir$hardcode_libdir_separator"*) + ;; + *) + func_append hardcode_libdirs "$hardcode_libdir_separator$libdir" + ;; + esac + fi + else + eval flag=\"$hardcode_libdir_flag_spec\" + func_append rpath " $flag" + fi + elif test -n "$runpath_var"; then + case "$finalize_perm_rpath " in + *" $libdir "*) ;; + *) func_append finalize_perm_rpath " $libdir" ;; + esac + fi + done + # Substitute the hardcoded libdirs into the rpath. + if test -n "$hardcode_libdir_separator" && + test -n "$hardcode_libdirs"; then + libdir=$hardcode_libdirs + eval rpath=\" $hardcode_libdir_flag_spec\" + fi + finalize_rpath=$rpath + + if test -n "$libobjs" && test yes = "$build_old_libs"; then + # Transform all the library objects into standard objects. + compile_command=`$ECHO "$compile_command" | $SP2NL | $SED "$lo2o" | $NL2SP` + finalize_command=`$ECHO "$finalize_command" | $SP2NL | $SED "$lo2o" | $NL2SP` + fi + + func_generate_dlsyms "$outputname" "@PROGRAM@" false + + # template prelinking step + if test -n "$prelink_cmds"; then + func_execute_cmds "$prelink_cmds" 'exit $?' + fi + + wrappers_required=: + case $host in + *cegcc* | *mingw32ce*) + # Disable wrappers for cegcc and mingw32ce hosts, we are cross compiling anyway. + wrappers_required=false + ;; + *cygwin* | *mingw* ) + test yes = "$build_libtool_libs" || wrappers_required=false + ;; + *) + if test no = "$need_relink" || test yes != "$build_libtool_libs"; then + wrappers_required=false + fi + ;; + esac + $wrappers_required || { + # Replace the output file specification. + compile_command=`$ECHO "$compile_command" | $SED 's%@OUTPUT@%'"$output"'%g'` + link_command=$compile_command$compile_rpath + + # We have no uninstalled library dependencies, so finalize right now. + exit_status=0 + func_show_eval "$link_command" 'exit_status=$?' + + if test -n "$postlink_cmds"; then + func_to_tool_file "$output" + postlink_cmds=`func_echo_all "$postlink_cmds" | $SED -e 's%@OUTPUT@%'"$output"'%g' -e 's%@TOOL_OUTPUT@%'"$func_to_tool_file_result"'%g'` + func_execute_cmds "$postlink_cmds" 'exit $?' + fi + + # Delete the generated files. + if test -f "$output_objdir/${outputname}S.$objext"; then + func_show_eval '$RM "$output_objdir/${outputname}S.$objext"' + fi + + exit $exit_status + } + + if test -n "$compile_shlibpath$finalize_shlibpath"; then + compile_command="$shlibpath_var=\"$compile_shlibpath$finalize_shlibpath\$$shlibpath_var\" $compile_command" + fi + if test -n "$finalize_shlibpath"; then + finalize_command="$shlibpath_var=\"$finalize_shlibpath\$$shlibpath_var\" $finalize_command" + fi + + compile_var= + finalize_var= + if test -n "$runpath_var"; then + if test -n "$perm_rpath"; then + # We should set the runpath_var. + rpath= + for dir in $perm_rpath; do + func_append rpath "$dir:" + done + compile_var="$runpath_var=\"$rpath\$$runpath_var\" " + fi + if test -n "$finalize_perm_rpath"; then + # We should set the runpath_var. + rpath= + for dir in $finalize_perm_rpath; do + func_append rpath "$dir:" + done + finalize_var="$runpath_var=\"$rpath\$$runpath_var\" " + fi + fi + + if test yes = "$no_install"; then + # We don't need to create a wrapper script. + link_command=$compile_var$compile_command$compile_rpath + # Replace the output file specification. + link_command=`$ECHO "$link_command" | $SED 's%@OUTPUT@%'"$output"'%g'` + # Delete the old output file. + $opt_dry_run || $RM $output + # Link the executable and exit + func_show_eval "$link_command" 'exit $?' + + if test -n "$postlink_cmds"; then + func_to_tool_file "$output" + postlink_cmds=`func_echo_all "$postlink_cmds" | $SED -e 's%@OUTPUT@%'"$output"'%g' -e 's%@TOOL_OUTPUT@%'"$func_to_tool_file_result"'%g'` + func_execute_cmds "$postlink_cmds" 'exit $?' + fi + + exit $EXIT_SUCCESS + fi + + case $hardcode_action,$fast_install in + relink,*) + # Fast installation is not supported + link_command=$compile_var$compile_command$compile_rpath + relink_command=$finalize_var$finalize_command$finalize_rpath + + func_warning "this platform does not like uninstalled shared libraries" + func_warning "'$output' will be relinked during installation" + ;; + *,yes) + link_command=$finalize_var$compile_command$finalize_rpath + relink_command=`$ECHO "$compile_var$compile_command$compile_rpath" | $SED 's%@OUTPUT@%\$progdir/\$file%g'` + ;; + *,no) + link_command=$compile_var$compile_command$compile_rpath + relink_command=$finalize_var$finalize_command$finalize_rpath + ;; + *,needless) + link_command=$finalize_var$compile_command$finalize_rpath + relink_command= + ;; + esac + + # Replace the output file specification. + link_command=`$ECHO "$link_command" | $SED 's%@OUTPUT@%'"$output_objdir/$outputname"'%g'` + + # Delete the old output files. + $opt_dry_run || $RM $output $output_objdir/$outputname $output_objdir/lt-$outputname + + func_show_eval "$link_command" 'exit $?' + + if test -n "$postlink_cmds"; then + func_to_tool_file "$output_objdir/$outputname" + postlink_cmds=`func_echo_all "$postlink_cmds" | $SED -e 's%@OUTPUT@%'"$output_objdir/$outputname"'%g' -e 's%@TOOL_OUTPUT@%'"$func_to_tool_file_result"'%g'` + func_execute_cmds "$postlink_cmds" 'exit $?' + fi + + # Now create the wrapper script. + func_verbose "creating $output" + + # Quote the relink command for shipping. + if test -n "$relink_command"; then + # Preserve any variables that may affect compiler behavior + for var in $variables_saved_for_relink; do + if eval test -z \"\${$var+set}\"; then + relink_command="{ test -z \"\${$var+set}\" || $lt_unset $var || { $var=; export $var; }; }; $relink_command" + elif eval var_value=\$$var; test -z "$var_value"; then + relink_command="$var=; export $var; $relink_command" + else + func_quote_for_eval "$var_value" + relink_command="$var=$func_quote_for_eval_result; export $var; $relink_command" + fi + done + relink_command="(cd `pwd`; $relink_command)" + relink_command=`$ECHO "$relink_command" | $SED "$sed_quote_subst"` + fi + + # Only actually do things if not in dry run mode. + $opt_dry_run || { + # win32 will think the script is a binary if it has + # a .exe suffix, so we strip it off here. + case $output in + *.exe) func_stripname '' '.exe' "$output" + output=$func_stripname_result ;; + esac + # test for cygwin because mv fails w/o .exe extensions + case $host in + *cygwin*) + exeext=.exe + func_stripname '' '.exe' "$outputname" + outputname=$func_stripname_result ;; + *) exeext= ;; + esac + case $host in + *cygwin* | *mingw* ) + func_dirname_and_basename "$output" "" "." + output_name=$func_basename_result + output_path=$func_dirname_result + cwrappersource=$output_path/$objdir/lt-$output_name.c + cwrapper=$output_path/$output_name.exe + $RM $cwrappersource $cwrapper + trap "$RM $cwrappersource $cwrapper; exit $EXIT_FAILURE" 1 2 15 + + func_emit_cwrapperexe_src > $cwrappersource + + # The wrapper executable is built using the $host compiler, + # because it contains $host paths and files. If cross- + # compiling, it, like the target executable, must be + # executed on the $host or under an emulation environment. + $opt_dry_run || { + $LTCC $LTCFLAGS -o $cwrapper $cwrappersource + $STRIP $cwrapper + } + + # Now, create the wrapper script for func_source use: + func_ltwrapper_scriptname $cwrapper + $RM $func_ltwrapper_scriptname_result + trap "$RM $func_ltwrapper_scriptname_result; exit $EXIT_FAILURE" 1 2 15 + $opt_dry_run || { + # note: this script will not be executed, so do not chmod. + if test "x$build" = "x$host"; then + $cwrapper --lt-dump-script > $func_ltwrapper_scriptname_result + else + func_emit_wrapper no > $func_ltwrapper_scriptname_result + fi + } + ;; + * ) + $RM $output + trap "$RM $output; exit $EXIT_FAILURE" 1 2 15 + + func_emit_wrapper no > $output + chmod +x $output + ;; + esac + } + exit $EXIT_SUCCESS + ;; + esac + + # See if we need to build an old-fashioned archive. + for oldlib in $oldlibs; do + + case $build_libtool_libs in + convenience) + oldobjs="$libobjs_save $symfileobj" + addlibs=$convenience + build_libtool_libs=no + ;; + module) + oldobjs=$libobjs_save + addlibs=$old_convenience + build_libtool_libs=no + ;; + *) + oldobjs="$old_deplibs $non_pic_objects" + $preload && test -f "$symfileobj" \ + && func_append oldobjs " $symfileobj" + addlibs=$old_convenience + ;; + esac + + if test -n "$addlibs"; then + gentop=$output_objdir/${outputname}x + func_append generated " $gentop" + + func_extract_archives $gentop $addlibs + func_append oldobjs " $func_extract_archives_result" + fi + + # Do each command in the archive commands. + if test -n "$old_archive_from_new_cmds" && test yes = "$build_libtool_libs"; then + cmds=$old_archive_from_new_cmds + else + + # Add any objects from preloaded convenience libraries + if test -n "$dlprefiles"; then + gentop=$output_objdir/${outputname}x + func_append generated " $gentop" + + func_extract_archives $gentop $dlprefiles + func_append oldobjs " $func_extract_archives_result" + fi + + # POSIX demands no paths to be encoded in archives. We have + # to avoid creating archives with duplicate basenames if we + # might have to extract them afterwards, e.g., when creating a + # static archive out of a convenience library, or when linking + # the entirety of a libtool archive into another (currently + # not supported by libtool). + if (for obj in $oldobjs + do + func_basename "$obj" + $ECHO "$func_basename_result" + done | sort | sort -uc >/dev/null 2>&1); then + : + else + echo "copying selected object files to avoid basename conflicts..." + gentop=$output_objdir/${outputname}x + func_append generated " $gentop" + func_mkdir_p "$gentop" + save_oldobjs=$oldobjs + oldobjs= + counter=1 + for obj in $save_oldobjs + do + func_basename "$obj" + objbase=$func_basename_result + case " $oldobjs " in + " ") oldobjs=$obj ;; + *[\ /]"$objbase "*) + while :; do + # Make sure we don't pick an alternate name that also + # overlaps. + newobj=lt$counter-$objbase + func_arith $counter + 1 + counter=$func_arith_result + case " $oldobjs " in + *[\ /]"$newobj "*) ;; + *) if test ! -f "$gentop/$newobj"; then break; fi ;; + esac + done + func_show_eval "ln $obj $gentop/$newobj || cp $obj $gentop/$newobj" + func_append oldobjs " $gentop/$newobj" + ;; + *) func_append oldobjs " $obj" ;; + esac + done + fi + func_to_tool_file "$oldlib" func_convert_file_msys_to_w32 + tool_oldlib=$func_to_tool_file_result + eval cmds=\"$old_archive_cmds\" + + func_len " $cmds" + len=$func_len_result + if test "$len" -lt "$max_cmd_len" || test "$max_cmd_len" -le -1; then + cmds=$old_archive_cmds + elif test -n "$archiver_list_spec"; then + func_verbose "using command file archive linking..." + for obj in $oldobjs + do + func_to_tool_file "$obj" + $ECHO "$func_to_tool_file_result" + done > $output_objdir/$libname.libcmd + func_to_tool_file "$output_objdir/$libname.libcmd" + oldobjs=" $archiver_list_spec$func_to_tool_file_result" + cmds=$old_archive_cmds + else + # the command line is too long to link in one step, link in parts + func_verbose "using piecewise archive linking..." + save_RANLIB=$RANLIB + RANLIB=: + objlist= + concat_cmds= + save_oldobjs=$oldobjs + oldobjs= + # Is there a better way of finding the last object in the list? + for obj in $save_oldobjs + do + last_oldobj=$obj + done + eval test_cmds=\"$old_archive_cmds\" + func_len " $test_cmds" + len0=$func_len_result + len=$len0 + for obj in $save_oldobjs + do + func_len " $obj" + func_arith $len + $func_len_result + len=$func_arith_result + func_append objlist " $obj" + if test "$len" -lt "$max_cmd_len"; then + : + else + # the above command should be used before it gets too long + oldobjs=$objlist + if test "$obj" = "$last_oldobj"; then + RANLIB=$save_RANLIB + fi + test -z "$concat_cmds" || concat_cmds=$concat_cmds~ + eval concat_cmds=\"\$concat_cmds$old_archive_cmds\" + objlist= + len=$len0 + fi + done + RANLIB=$save_RANLIB + oldobjs=$objlist + if test -z "$oldobjs"; then + eval cmds=\"\$concat_cmds\" + else + eval cmds=\"\$concat_cmds~\$old_archive_cmds\" + fi + fi + fi + func_execute_cmds "$cmds" 'exit $?' + done + + test -n "$generated" && \ + func_show_eval "${RM}r$generated" + + # Now create the libtool archive. + case $output in + *.la) + old_library= + test yes = "$build_old_libs" && old_library=$libname.$libext + func_verbose "creating $output" + + # Preserve any variables that may affect compiler behavior + for var in $variables_saved_for_relink; do + if eval test -z \"\${$var+set}\"; then + relink_command="{ test -z \"\${$var+set}\" || $lt_unset $var || { $var=; export $var; }; }; $relink_command" + elif eval var_value=\$$var; test -z "$var_value"; then + relink_command="$var=; export $var; $relink_command" + else + func_quote_for_eval "$var_value" + relink_command="$var=$func_quote_for_eval_result; export $var; $relink_command" + fi + done + # Quote the link command for shipping. + relink_command="(cd `pwd`; $SHELL \"$progpath\" $preserve_args --mode=relink $libtool_args @inst_prefix_dir@)" + relink_command=`$ECHO "$relink_command" | $SED "$sed_quote_subst"` + if test yes = "$hardcode_automatic"; then + relink_command= + fi + + # Only create the output if not a dry run. + $opt_dry_run || { + for installed in no yes; do + if test yes = "$installed"; then + if test -z "$install_libdir"; then + break + fi + output=$output_objdir/${outputname}i + # Replace all uninstalled libtool libraries with the installed ones + newdependency_libs= + for deplib in $dependency_libs; do + case $deplib in + *.la) + func_basename "$deplib" + name=$func_basename_result + func_resolve_sysroot "$deplib" + eval libdir=`$SED -n -e 's/^libdir=\(.*\)$/\1/p' $func_resolve_sysroot_result` + test -z "$libdir" && \ + func_fatal_error "'$deplib' is not a valid libtool archive" + func_append newdependency_libs " ${lt_sysroot:+=}$libdir/$name" + ;; + -L*) + func_stripname -L '' "$deplib" + func_replace_sysroot "$func_stripname_result" + func_append newdependency_libs " -L$func_replace_sysroot_result" + ;; + -R*) + func_stripname -R '' "$deplib" + func_replace_sysroot "$func_stripname_result" + func_append newdependency_libs " -R$func_replace_sysroot_result" + ;; + *) func_append newdependency_libs " $deplib" ;; + esac + done + dependency_libs=$newdependency_libs + newdlfiles= + + for lib in $dlfiles; do + case $lib in + *.la) + func_basename "$lib" + name=$func_basename_result + eval libdir=`$SED -n -e 's/^libdir=\(.*\)$/\1/p' $lib` + test -z "$libdir" && \ + func_fatal_error "'$lib' is not a valid libtool archive" + func_append newdlfiles " ${lt_sysroot:+=}$libdir/$name" + ;; + *) func_append newdlfiles " $lib" ;; + esac + done + dlfiles=$newdlfiles + newdlprefiles= + for lib in $dlprefiles; do + case $lib in + *.la) + # Only pass preopened files to the pseudo-archive (for + # eventual linking with the app. that links it) if we + # didn't already link the preopened objects directly into + # the library: + func_basename "$lib" + name=$func_basename_result + eval libdir=`$SED -n -e 's/^libdir=\(.*\)$/\1/p' $lib` + test -z "$libdir" && \ + func_fatal_error "'$lib' is not a valid libtool archive" + func_append newdlprefiles " ${lt_sysroot:+=}$libdir/$name" + ;; + esac + done + dlprefiles=$newdlprefiles + else + newdlfiles= + for lib in $dlfiles; do + case $lib in + [\\/]* | [A-Za-z]:[\\/]*) abs=$lib ;; + *) abs=`pwd`"/$lib" ;; + esac + func_append newdlfiles " $abs" + done + dlfiles=$newdlfiles + newdlprefiles= + for lib in $dlprefiles; do + case $lib in + [\\/]* | [A-Za-z]:[\\/]*) abs=$lib ;; + *) abs=`pwd`"/$lib" ;; + esac + func_append newdlprefiles " $abs" + done + dlprefiles=$newdlprefiles + fi + $RM $output + # place dlname in correct position for cygwin + # In fact, it would be nice if we could use this code for all target + # systems that can't hard-code library paths into their executables + # and that have no shared library path variable independent of PATH, + # but it turns out we can't easily determine that from inspecting + # libtool variables, so we have to hard-code the OSs to which it + # applies here; at the moment, that means platforms that use the PE + # object format with DLL files. See the long comment at the top of + # tests/bindir.at for full details. + tdlname=$dlname + case $host,$output,$installed,$module,$dlname in + *cygwin*,*lai,yes,no,*.dll | *mingw*,*lai,yes,no,*.dll | *cegcc*,*lai,yes,no,*.dll) + # If a -bindir argument was supplied, place the dll there. + if test -n "$bindir"; then + func_relative_path "$install_libdir" "$bindir" + tdlname=$func_relative_path_result/$dlname + else + # Otherwise fall back on heuristic. + tdlname=../bin/$dlname + fi + ;; + esac + $ECHO > $output "\ +# $outputname - a libtool library file +# Generated by $PROGRAM (GNU $PACKAGE) $VERSION +# +# Please DO NOT delete this file! +# It is necessary for linking the library. + +# The name that we can dlopen(3). +dlname='$tdlname' + +# Names of this library. +library_names='$library_names' + +# The name of the static archive. +old_library='$old_library' + +# Linker flags that cannot go in dependency_libs. +inherited_linker_flags='$new_inherited_linker_flags' + +# Libraries that this one depends upon. +dependency_libs='$dependency_libs' + +# Names of additional weak libraries provided by this library +weak_library_names='$weak_libs' + +# Version information for $libname. +current=$current +age=$age +revision=$revision + +# Is this an already installed library? +installed=$installed + +# Should we warn about portability when linking against -modules? +shouldnotlink=$module + +# Files to dlopen/dlpreopen +dlopen='$dlfiles' +dlpreopen='$dlprefiles' + +# Directory that this library needs to be installed in: +libdir='$install_libdir'" + if test no,yes = "$installed,$need_relink"; then + $ECHO >> $output "\ +relink_command=\"$relink_command\"" + fi + done + } + + # Do a symbolic link so that the libtool archive can be found in + # LD_LIBRARY_PATH before the program is installed. + func_show_eval '( cd "$output_objdir" && $RM "$outputname" && $LN_S "../$outputname" "$outputname" )' 'exit $?' + ;; + esac + exit $EXIT_SUCCESS +} + +if test link = "$opt_mode" || test relink = "$opt_mode"; then + func_mode_link ${1+"$@"} +fi + + +# func_mode_uninstall arg... +func_mode_uninstall () +{ + $debug_cmd + + RM=$nonopt + files= + rmforce=false + exit_status=0 + + # This variable tells wrapper scripts just to set variables rather + # than running their programs. + libtool_install_magic=$magic + + for arg + do + case $arg in + -f) func_append RM " $arg"; rmforce=: ;; + -*) func_append RM " $arg" ;; + *) func_append files " $arg" ;; + esac + done + + test -z "$RM" && \ + func_fatal_help "you must specify an RM program" + + rmdirs= + + for file in $files; do + func_dirname "$file" "" "." + dir=$func_dirname_result + if test . = "$dir"; then + odir=$objdir + else + odir=$dir/$objdir + fi + func_basename "$file" + name=$func_basename_result + test uninstall = "$opt_mode" && odir=$dir + + # Remember odir for removal later, being careful to avoid duplicates + if test clean = "$opt_mode"; then + case " $rmdirs " in + *" $odir "*) ;; + *) func_append rmdirs " $odir" ;; + esac + fi + + # Don't error if the file doesn't exist and rm -f was used. + if { test -L "$file"; } >/dev/null 2>&1 || + { test -h "$file"; } >/dev/null 2>&1 || + test -f "$file"; then + : + elif test -d "$file"; then + exit_status=1 + continue + elif $rmforce; then + continue + fi + + rmfiles=$file + + case $name in + *.la) + # Possibly a libtool archive, so verify it. + if func_lalib_p "$file"; then + func_source $dir/$name + + # Delete the libtool libraries and symlinks. + for n in $library_names; do + func_append rmfiles " $odir/$n" + done + test -n "$old_library" && func_append rmfiles " $odir/$old_library" + + case $opt_mode in + clean) + case " $library_names " in + *" $dlname "*) ;; + *) test -n "$dlname" && func_append rmfiles " $odir/$dlname" ;; + esac + test -n "$libdir" && func_append rmfiles " $odir/$name $odir/${name}i" + ;; + uninstall) + if test -n "$library_names"; then + # Do each command in the postuninstall commands. + func_execute_cmds "$postuninstall_cmds" '$rmforce || exit_status=1' + fi + + if test -n "$old_library"; then + # Do each command in the old_postuninstall commands. + func_execute_cmds "$old_postuninstall_cmds" '$rmforce || exit_status=1' + fi + # FIXME: should reinstall the best remaining shared library. + ;; + esac + fi + ;; + + *.lo) + # Possibly a libtool object, so verify it. + if func_lalib_p "$file"; then + + # Read the .lo file + func_source $dir/$name + + # Add PIC object to the list of files to remove. + if test -n "$pic_object" && test none != "$pic_object"; then + func_append rmfiles " $dir/$pic_object" + fi + + # Add non-PIC object to the list of files to remove. + if test -n "$non_pic_object" && test none != "$non_pic_object"; then + func_append rmfiles " $dir/$non_pic_object" + fi + fi + ;; + + *) + if test clean = "$opt_mode"; then + noexename=$name + case $file in + *.exe) + func_stripname '' '.exe' "$file" + file=$func_stripname_result + func_stripname '' '.exe' "$name" + noexename=$func_stripname_result + # $file with .exe has already been added to rmfiles, + # add $file without .exe + func_append rmfiles " $file" + ;; + esac + # Do a test to see if this is a libtool program. + if func_ltwrapper_p "$file"; then + if func_ltwrapper_executable_p "$file"; then + func_ltwrapper_scriptname "$file" + relink_command= + func_source $func_ltwrapper_scriptname_result + func_append rmfiles " $func_ltwrapper_scriptname_result" + else + relink_command= + func_source $dir/$noexename + fi + + # note $name still contains .exe if it was in $file originally + # as does the version of $file that was added into $rmfiles + func_append rmfiles " $odir/$name $odir/${name}S.$objext" + if test yes = "$fast_install" && test -n "$relink_command"; then + func_append rmfiles " $odir/lt-$name" + fi + if test "X$noexename" != "X$name"; then + func_append rmfiles " $odir/lt-$noexename.c" + fi + fi + fi + ;; + esac + func_show_eval "$RM $rmfiles" 'exit_status=1' + done + + # Try to remove the $objdir's in the directories where we deleted files + for dir in $rmdirs; do + if test -d "$dir"; then + func_show_eval "rmdir $dir >/dev/null 2>&1" + fi + done + + exit $exit_status +} + +if test uninstall = "$opt_mode" || test clean = "$opt_mode"; then + func_mode_uninstall ${1+"$@"} +fi + +test -z "$opt_mode" && { + help=$generic_help + func_fatal_help "you must specify a MODE" +} + +test -z "$exec_cmd" && \ + func_fatal_help "invalid operation mode '$opt_mode'" + +if test -n "$exec_cmd"; then + eval exec "$exec_cmd" + exit $EXIT_FAILURE +fi + +exit $exit_status + + +# The TAGs below are defined such that we never get into a situation +# where we disable both kinds of libraries. Given conflicting +# choices, we go for a static library, that is the most portable, +# since we can't tell whether shared libraries were disabled because +# the user asked for that or because the platform doesn't support +# them. This is particularly important on AIX, because we don't +# support having both static and shared libraries enabled at the same +# time on that platform, so we default to a shared-only configuration. +# If a disable-shared tag is given, we'll fallback to a static-only +# configuration. But we'll never go from static-only to shared-only. + +# ### BEGIN LIBTOOL TAG CONFIG: disable-shared +build_libtool_libs=no +build_old_libs=yes +# ### END LIBTOOL TAG CONFIG: disable-shared + +# ### BEGIN LIBTOOL TAG CONFIG: disable-static +build_old_libs=`case $build_libtool_libs in yes) echo no;; *) echo yes;; esac` +# ### END LIBTOOL TAG CONFIG: disable-static + +# Local Variables: +# mode:shell-script +# sh-indentation:2 +# End: diff -Nru sudo-1.9.5p2/scripts/mkdep.pl sudo-1.9.9/scripts/mkdep.pl --- sudo-1.9.5p2/scripts/mkdep.pl 2021-01-09 20:12:16.000000000 +0000 +++ sudo-1.9.9/scripts/mkdep.pl 2022-01-27 21:24:22.000000000 +0000 @@ -2,7 +2,7 @@ # # SPDX-License-Identifier: ISC # -# Copyright (c) 2011-2020 Todd C. Miller +# Copyright (c) 2011-2021 Todd C. Miller # # Permission to use, copy, modify, and distribute this software for any # purpose with or without fee is hereby granted, provided that the above @@ -68,8 +68,12 @@ if ($off != 0) { $ret .= ' ' x $indent; $pos = rindex($deps, ' ', $off + 80 - $indent - 2); + if ($pos <= $off) { + # No space found within 78 columns, check beyond + $pos = index($deps, ' ', $off + 80 - $indent - 2); + } } else { - $pos = rindex($deps, ' ', $off + 78); + $pos = rindex($deps, ' ', 78); } $ret .= substr($deps, $off, $pos - $off) . " \\\n"; $off = $pos + 1; @@ -111,12 +115,12 @@ # Expand some configure bits $makefile =~ s:\@DEV\@::g; $makefile =~ s:\@COMMON_OBJS\@:aix.lo event_poll.lo event_select.lo:; - $makefile =~ s:\@SUDO_OBJS\@:openbsd.o preload.o selinux.o sesh.o solaris.o:; + $makefile =~ s:\@SUDO_OBJS\@:intercept.pb-c.o openbsd.o preload.o selinux.o sesh.o solaris.o:; $makefile =~ s:\@SUDOERS_OBJS\@:bsm_audit.lo linux_audit.lo ldap.lo ldap_util.lo ldap_conf.lo solaris_audit.lo sssd.lo:; # XXX - fill in AUTH_OBJS from contents of the auth dir instead $makefile =~ s:\@AUTH_OBJS\@:afs.lo aix_auth.lo bsdauth.lo dce.lo fwtk.lo getspwuid.lo kerb5.lo pam.lo passwd.lo rfc1938.lo secureware.lo securid5.lo sia.lo:; $makefile =~ s:\@DIGEST\@:digest.lo digest_openssl.lo digest_gcrypt.lo:; - $makefile =~ s:\@LTLIBOBJS\@:arc4random.lo arc4random_uniform.lo cfmakeraw.lo closefrom.lo dup3.lo explicit_bzero.lo fchmodat.lo freezero.lo fstatat.lo fnmatch.lo getaddrinfo.lo getcwd.lo getentropy.lo getgrouplist.lo getdelim.lo getopt_long.lo getusershell.lo glob.lo inet_ntop_lo inet_pton.lo isblank.lo memrchr.lo mksiglist.lo mksigname.lo mktemp.lo nanosleep.lo openat.lo pipe2.lo pread.lo pwrite.lo pw_dup.lo reallocarray.lo sha2.lo sig2str.lo siglist.lo signame.lo snprintf.lo str2sig.lo strlcat.lo strlcpy.lo strndup.lo strnlen.lo strsignal.lo unlinkat.lo utimens.lo vsyslog.lo:; + $makefile =~ s:\@LTLIBOBJS\@:arc4random.lo arc4random_buf.lo arc4random_uniform.lo cfmakeraw.lo closefrom.lo dup3.lo explicit_bzero.lo fchmodat.lo freezero.lo fstatat.lo fnmatch.lo getaddrinfo.lo getcwd.lo getentropy.lo getgrouplist.lo getdelim.lo getopt_long.lo getusershell.lo glob.lo gmtime_r.lo inet_ntop_lo inet_pton.lo isblank.lo localtime_r.lo memrchr.lo mkdirat.lo mksiglist.lo mksigname.lo mktemp.lo nanosleep.lo openat.lo pipe2.lo pread.lo pwrite.lo pw_dup.lo reallocarray.lo sha2.lo sig2str.lo siglist.lo signame.lo snprintf.lo str2sig.lo strlcat.lo strlcpy.lo strndup.lo strnlen.lo strsignal.lo timegm.lo unlinkat.lo utimens.lo:; # Parse OBJS lines my %objs; @@ -164,17 +168,29 @@ $old_deps{$1} = $2; } + # Check whether static objs are disabled for .lo files + my $disable_static; + if ($makefile =~ /LTFLAGS\s*=\s*(.+)$/m) { + my $ltflags = $1; + $_ = $implicit{"lo"}; + if (defined($_)) { + s/\$[\(\{]LTFLAGS[\)\}]/$ltflags/; + $disable_static = /--tag=disable-static/; + } + } + # Sort files so we do .lo files first foreach my $obj (sort keys %objs) { next unless $obj =~ /(\S+)\.(l?o)$/; - if ($2 eq "o" && exists($objs{"$1.lo"})) { + if (!$disable_static && $2 eq "o" && exists($objs{"$1.lo"})) { # We have both .lo and .o files, only the .lo should be used warn "$file: $obj should be $1.lo\n"; } else { # Use old dependencies when mapping objects to their source. # If no old dependency, use the MANIFEST file to find the source. - my $src = $1 . '.c'; + my $base = $1; my $ext = $2; + my $src = $base . '.c'; if (exists $old_deps{$obj}) { $src = $old_deps{$obj}; } elsif (exists $manifest{$src}) { @@ -196,20 +212,22 @@ $new_makefile .= $deps; $new_makefile .= "\t$imp\n"; - # PVS Studio files (.i and .plog) - $imp = $implicit{"i"}; - if (exists $implicit{"i"} && exists $implicit{"plog"}) { + # PVS Studio files (.i and .plog) but only do them once. + if ($ext ne "o" || !exists($objs{"$base.lo"})) { $imp = $implicit{"i"}; - $deps =~ s/\.l?o/.i/; - $new_makefile .= $deps; - $new_makefile .= "\t$imp\n"; - - $imp = $implicit{"plog"}; - $imp =~ s/ifile=\$<; *//; - $imp =~ s/\$\$\{ifile\%i\}c/$src/; - $obj =~ /(.*)\.[a-z]+$/; - $new_makefile .= "${1}.plog: ${1}.i\n"; - $new_makefile .= "\t$imp\n"; + if (exists $implicit{"i"} && exists $implicit{"plog"}) { + $imp = $implicit{"i"}; + $deps =~ s/\.l?o/.i/; + $new_makefile .= $deps; + $new_makefile .= "\t$imp\n"; + + $imp = $implicit{"plog"}; + $imp =~ s/ifile=\$<; *//; + $imp =~ s/\$\$\{ifile\%i\}c/$src/; + $obj =~ /(.*)\.[a-z]+$/; + $new_makefile .= "${1}.plog: ${1}.i\n"; + $new_makefile .= "\t$imp\n"; + } } } } diff -Nru sudo-1.9.5p2/scripts/mkpkg sudo-1.9.9/scripts/mkpkg --- sudo-1.9.5p2/scripts/mkpkg 2020-12-17 01:33:44.000000000 +0000 +++ sudo-1.9.9/scripts/mkpkg 2022-01-27 21:24:22.000000000 +0000 @@ -125,6 +125,9 @@ ;; esac if [ $NJOBS -gt 1 ]; then + if [ $NJOBS -gt 16 ]; then + NJOBS=16 + fi make_opts="-j$NJOBS" fi fi @@ -132,10 +135,10 @@ # Choose compiler options by osversion if not cross-compiling. if [ "$crossbuild" = "false" ]; then case "$osversion" in - macos*) - # Use clang on macOS if present - if [ -z "$CC" -a -x /usr/bin/clang ]; then - CC=/usr/bin/clang; export CC + FreeBSD*|macos*) + # Use the system compiler on FreeBSD and macOS + if [ -z "$CC" -a -x /usr/bin/cc ]; then + CC=/usr/bin/cc; export CC fi ;; esac @@ -174,7 +177,7 @@ # Encrypted remote I/O log support. with_openssl=true fi - if [ $osmajor -ge 7 ]; then + if [ $osmajor -ge 6 ]; then # Python plugins with_python=true fi @@ -188,6 +191,7 @@ with_pam_login=true with_sssd=true with_openssl=true + with_python=true ;; esac @@ -220,7 +224,6 @@ --with-editor=/bin/vi --with-env-editor --with-ignore-dot - --with-tty-tickets --with-ldap --with-passprompt=[sudo] password for %p: --with-sendmail=/usr/sbin/sendmail @@ -253,7 +256,6 @@ --with-logfac=auth --with-all-insults --with-ignore-dot - --with-tty-tickets --enable-shell-sets-home --with-sudoers-mode=0440 --with-pam @@ -345,7 +347,7 @@ ;; esac if test "${osversion}" != "`$scriptdir/pp --probe`"; then - sdkvers=`echo "${osversion}" | sed 's/^macos\([0-9][0-9]\)\([0-9]*\)-.*$/\1.\2/'` + sdkvers=`echo "${osversion}" | sed -e 's/^macos\([0-9][0-9]\)\([0-9]*\)-.*$/\1.\2/' -e 's/\.$//'` # SDKs may be under Xcode.app or CommandLineTools (for non-Xcode) if [ -d "/Applications/Xcode.app/Contents/Developer/Platforms/MacOSX.platform/Developer/SDKs" ]; then SDK_DIR="/Applications/Xcode.app/Contents/Developer/Platforms/MacOSX.platform/Developer/SDKs" @@ -368,7 +370,7 @@ # Note, must indent with tabs, not spaces due to IFS trickery configure_opts="--with-pam --with-bsm-audit - --without-tty-tickets + --with-password-timeout=0 --enable-zlib=system --with-ldap --with-insults=disabled @@ -401,6 +403,25 @@ $configure_opts" PPVARS="${PPVARS}${PPVARS+$space}aix_freeware=true" ;; + FreeBSD*) + # Encrypted remote I/O log support. + with_openssl=true + + # Python plugins + with_python=true + + configure_opts=" + --sysconfdir=/usr/local/etc + --with-ignore-dot + --with-tty-tickets + --with-env-editor + --with-logincap + --with-long-otp-prompt + --with-rundir=/var/run/sudo + --enable-zlib=system + --disable-nls + $configure_opts" + ;; *) # For Solaris, add project support and use let configure choose zlib. # For all others, use the builtin zlib and disable NLS support. @@ -410,8 +431,8 @@ if [ $osrelease -ge 11 ]; then # Build 64-bit binaries on Solaris 11 and above. - CFLAGS="-O2 -g -m64"; export CFLAGS - LDFLAGS="-m64"; export LDFLAGS + CFLAGS="${CFLAGS:--O2 -g} -m64"; export CFLAGS + LDFLAGS="-m64${LDFLAGS:+ }${LDFLAGS}"; export LDFLAGS # Solaris audit is not supported by Illumos if test X"`uname -o 2>/dev/null`" = X"illumos"; then configure_opts="${configure_opts}${configure_opts+$tab}--with-bsm-audit" @@ -489,6 +510,10 @@ if [ -r Makefile ]; then ${MAKE} $make_opts distclean fi -${configure} "$@" || exit 1 -${MAKE} $make_opts && ${MAKE} $make_opts PPFLAGS="$PPFLAGS" PPVARS="$PPVARS" package +${configure} "$@" || exit $? +${MAKE} $make_opts || exit $? +${MAKE} $make_opts PPFLAGS="$PPFLAGS" PPVARS="$PPVARS" package +exitval=$? test $debug -eq 0 && rm -rf destdir + +exit $exitval diff -Nru sudo-1.9.5p2/scripts/pp sudo-1.9.9/scripts/pp --- sudo-1.9.5p2/scripts/pp 2020-12-17 01:33:44.000000000 +0000 +++ sudo-1.9.9/scripts/pp 2022-01-27 21:24:22.000000000 +0000 @@ -1,6 +1,6 @@ #!/bin/sh -# Copyright 2020 One Identity LLC. ALL RIGHTS RESERVED -pp_revision="20200814" +# Copyright 2021 One Identity LLC. ALL RIGHTS RESERVED +pp_revision="20211119" # Copyright 2018 One Identity LLC. ALL RIGHTS RESERVED. # # Redistribution and use in source and binary forms, with or without @@ -1618,13 +1618,11 @@ pp_aix_select () { case "$1" in - -user) op="";; - -root) op="!";; + -user) op="!";; + -root) op="";; *) pp_die "pp_aix_select: bad argument";; esac - #pp_debug awk '$5 '$op' /^\/(usr|opt)(\/|$)/ { print; }' - #awk '$5 '$op' /^\/(usr|opt)(\/|$)/ { print; }' - awk $op'($6 ~ /^\/usr\// || $6 ~ /^\/opt\//) { print; }' + awk $op'($6 ~ /^\/(dev|etc|sbin|var)\//) { print }' } pp_aix_copy_root () { @@ -2857,7 +2855,11 @@ } pp_solaris_detect_arch () { - pp_solaris_arch=`/usr/bin/optisa amd64 sparcv9 i386 sparc` + if [ -x /usr/bin/isainfo ]; then + pp_solaris_arch=`/usr/bin/isainfo -n` + else + pp_solaris_arch=`/usr/bin/optisa amd64 sparcv9 i386 sparc` + fi [ -z "$pp_solaris_arch" ] && pp_error "can't determine processor architecture" case "$pp_solaris_arch" in @@ -4201,13 +4203,15 @@ case "$t" in f) # Files pp_deb_fakeroot install -D -o $o -g $g -m ${m} $pp_destdir/$p $data/$p; - if [ x"$f" = x"v" ] - then + case "$f" in + *v*) # File marked as "volatile". Assume this means it's a conffile - # TODO: check this as admins like modified conffiles to be left - # behind + # TODO: check this as admins like modified conffiles to be left + # behind echo "$p" >> $pp_wrkdir/%conffiles.$cmp - fi;; + ;; + esac + ;; d) # Directories pp_deb_fakeroot install -m ${m} -o $o -g $g -d $data/$p;; @@ -4220,7 +4224,7 @@ # the debian policy of relative links when in the same top-level # directory (cd $data; ln -sf $st $rel_p);; - *) pp_error "Unsupported data file type: $t";; + *) pp_error "Unsupported data file type: $t";; esac done @@ -6685,7 +6689,7 @@ /etc root:admin 0755 /var root:admin 0755 - + Info.plist = { CFBundleGetInfoString: "1.2.3, One Identity LLC.", CFBundleIdentifier: "com.quest.rc.openssh", @@ -6720,7 +6724,7 @@ # Startup scripts 'launchd' is a kind of combined inetd and rc/init.d system. - + Create a /Library/LaunchDaemons/$daemonname.plist file Examples found in /System/Library/LaunchDaemons/ See manual page launchd.plist(5) for details: @@ -6772,6 +6776,8 @@ pp_macos_bundle_version= pp_macos_bundle_info_string= pp_macos_pkg_type=bundle + pp_macos_pkg_background= + pp_macos_pkg_background_dark= pp_macos_pkg_license= pp_macos_pkg_readme= pp_macos_pkg_welcome= @@ -7353,7 +7359,7 @@ # Write Distribution file cat <<-. >$pkgdir/Distribution - + $name $version @@ -7370,6 +7376,14 @@ cp -R "${pp_macos_pkg_license}" $Resources echo " " >>$pkgdir/Distribution fi + if test -n "$pp_macos_pkg_background"; then + cp -R "${pp_macos_pkg_background}" $Resources + echo " " >>$pkgdir/Distribution + fi + if test -n "$pp_macos_pkg_background_dark"; then + cp -R "${pp_macos_pkg_background_dark}" $Resources + echo " " >>$pkgdir/Distribution + fi cat <<-. >>$pkgdir/Distribution @@ -7378,7 +7392,7 @@ #$pkgfile - + . # write scripts archive @@ -8167,23 +8181,33 @@ cat $pp_wrkdir/%files.${cmp} | while read t m o g f p st; do test x"$o" = x"-" && o="${pp_bsd_defattr_uid:-root}" test x"$g" = x"-" && g="${pp_bsd_defattr_gid:-wheel}" + if test x"$m" = x"-"; then + case "$t" in + d) m=755;; + f) m=644;; + esac + fi path=$p case "$t" in f) # Files - # For now just skip the file if it is volatile, we will need to remove it in the pre uninstall script - if [ x"$f" != x"v" ]; then - # If the directory doesn't exist where we are going to copy this file, then create it first - if [ ! -d `dirname "$datadir$path"` ]; then - pp_debug "creating directory `dirname "$datadir$path"`" - mkdir -p `dirname "$datadir$path"` - fi - - pp_debug "install -D $datadir -o $o -g $g -h sha256 -m ${m} -v $pp_destdir$p $datadir$path"; - pp_bsd_fakeroot install -D $datadir -o $o -g $g -h sha256 -m ${m} -v $pp_destdir$p $datadir$path; - echo " \"$path\": \"-\", \"$path\": {uname: $o, gname: $g, perm: ${m}}" >> $outfilelist; - else - pp_warn "file $f was marked as volatile, skipping" - fi; + case "$f" in + *v*) + # For now just skip the file if it is volatile, we + # will need to remove it in the pre uninstall script + pp_warn "file $path was marked as volatile, skipping" + ;; + *) + # If the directory doesn't exist where we are going to copy this file, then create it first + if [ ! -d `dirname "$datadir$path"` ]; then + pp_debug "creating directory `dirname "$datadir$path"`" + mkdir -p `dirname "$datadir$path"` + fi + + pp_debug "install -D $datadir -o $o -g $g -h sha256 -m ${m} -v $pp_destdir$p $datadir$path" + pp_bsd_fakeroot install -D $datadir -o $o -g $g -h sha256 -m ${m} -v $pp_destdir$p $datadir$path + echo " \"$path\": \"-\", \"$path\": {uname: $o, gname: $g, perm: ${m}}" >> $outfilelist + ;; + esac ;; d) # Directories pp_debug "install -D $datadir -o $o -g $g -m ${m} -d -v $datadir$path"; diff -Nru sudo-1.9.5p2/src/Makefile.in sudo-1.9.9/src/Makefile.in --- sudo-1.9.5p2/src/Makefile.in 2021-01-09 20:12:16.000000000 +0000 +++ sudo-1.9.9/src/Makefile.in 2022-01-27 21:24:22.000000000 +0000 @@ -1,7 +1,7 @@ # # SPDX-License-Identifier: ISC # -# Copyright (c) 2010-2021 +# Copyright (c) 2010-2021 Todd C. Miller # # Permission to use, copy, modify, and distribute this software for any # purpose with or without fee is hereby granted, provided that the above @@ -36,14 +36,16 @@ CC = @CC@ LIBTOOL = @LIBTOOL@ SED = @SED@ +AWK = @AWK@ # Our install program supports extra flags... -INSTALL = $(SHELL) $(top_srcdir)/install-sh -c +INSTALL = $(SHELL) $(scriptdir)/install-sh -c INSTALL_OWNER = -o $(install_uid) -g $(install_gid) INSTALL_BACKUP = @INSTALL_BACKUP@ # Libraries -LT_LIBS = $(top_builddir)/lib/util/libsudo_util.la +LT_LIBS = $(top_builddir)/lib/util/libsudo_util.la \ + $(top_builddir)/lib/protobuf-c/libprotobuf-c.la LIBS = @LIBS@ @SUDO_LIBS@ @GETGROUPS_LIB@ @NET_LIBS@ $(LT_LIBS) # C preprocessor defines @@ -59,11 +61,16 @@ # Flags to pass to the link stage LDFLAGS = @LDFLAGS@ SUDO_LDFLAGS = $(LDFLAGS) @SUDO_LDFLAGS@ -LT_LDFLAGS = @LT_LDFLAGS@ +INTERCEPT_LDFLAGS = @LT_LDFLAGS@ @LT_LDEXPORTS@ +NOEXEC_LDFLAGS = @LT_LDFLAGS@ # Flags to pass to libtool LTFLAGS = --tag=disable-static +# Flag to build sudo_module.so and sudo_noexec.so as modules instead of +# shared libs (except on macOS) +PRELOAD_MODULE = @PRELOAD_MODULE@ + # Address sanitizer flags ASAN_CFLAGS = @ASAN_CFLAGS@ ASAN_LDFLAGS = @ASAN_LDFLAGS@ @@ -97,6 +104,8 @@ datarootdir = @datarootdir@ localedir = @localedir@ localstatedir = @localstatedir@ +interceptfile = @INTERCEPTFILE@ +interceptdir = @INTERCEPTDIR@ noexecfile = @NOEXECFILE@ noexecdir = @NOEXECDIR@ tmpfiles_d = @TMPFILES_D@ @@ -105,37 +114,49 @@ install_uid = 0 install_gid = 0 -# File mode to use for shared libraries +# File extension, mode and map file to use for shared libraries/objects +shlib_enable = @SHLIB_ENABLE@ shlib_mode = @SHLIB_MODE@ +shlib_exp = ./intercept.exp +shlib_map = intercept.map +shlib_opt = intercept.opt # Optional init script and rc.d link INIT_DIR=@INIT_DIR@ INIT_SCRIPT=@INIT_SCRIPT@ RC_LINK=@RC_LINK@ -TEST_PROGS = check_ttyname @CHECK_NOEXEC@ +TEST_PROGS = check_net_ifs check_noexec check_ttyname TEST_LIBS = @LIBS@ $(LT_LIBS) TEST_LDFLAGS = @LDFLAGS@ +# Set to non-empty for development mode +DEVEL = @DEVEL@ + #### End of system configuration section. #### SHELL = @SHELL@ PROGS = @PROGS@ -OBJS = conversation.o copy_file.o edit_open.o env_hooks.o exec.o \ - exec_common.o exec_monitor.o exec_nopty.o exec_pty.o get_pty.o hooks.o \ - limits.o load_plugins.o net_ifs.o parse_args.o preserve_fds.o \ - signal.o sudo.o sudo_edit.o tcsetpgrp_nobg.o tgetpass.o \ +OBJS = conversation.o copy_file.o edit_open.o env_hooks.o exec.o exec_common.o \ + exec_intercept.o exec_monitor.o exec_nopty.o exec_preload.o exec_pty.o \ + get_pty.o hooks.o limits.o load_plugins.o net_ifs.o parse_args.o \ + preserve_fds.o signal.o sudo.o sudo_edit.o tcsetpgrp_nobg.o tgetpass.o \ ttyname.o utmp.o @SUDO_OBJS@ IOBJS = $(OBJS:.o=.i) sesh.i POBJS = $(IOBJS:.i=.plog) -SESH_OBJS = copy_file.o edit_open.o exec_common.o sesh.o +SESH_OBJS = copy_file.o edit_open.o exec_common.o exec_preload.o sesh.o + +INTERCEPT_OBJS = exec_preload.lo sudo_intercept.lo sudo_intercept_common.lo \ + intercept.pb-c.lo -CHECK_NOEXEC_OBJS = check_noexec.o exec_common.o +CHECK_NET_IFS_OBJS = check_net_ifs.o net_ifs.o + +CHECK_NOEXEC_OBJS = check_noexec.o exec_common.o exec_preload.o CHECK_TTYNAME_OBJS = check_ttyname.o ttyname.o @@ -143,6 +164,8 @@ VERSION = @PACKAGE_VERSION@ +GENERATED = intercept.pb-c.h intercept.pb-c.c + all: $(PROGS) depend: @@ -170,22 +193,41 @@ .i.plog: ifile=$<; rm -f $@; pvs-studio --cfg $(PVS_CFG) --sourcetree-root $(top_srcdir) --skip-cl-exe yes --source-file $${ifile%i}c --i-file $< --output-file $@ +$(devdir)/intercept.pb-c.c: $(srcdir)/intercept.proto + @if [ -n "$(DEVEL)" ]; then \ + cmd='protoc-c --c_out=$(devdir) --proto_path=$(srcdir) $(srcdir)/intercept.proto'; \ + echo "$$cmd"; eval $$cmd; \ + cmd='$(scriptdir)/unanon $(devdir)/intercept.pb-c.h $(devdir)/intercept.pb-c.c'; \ + echo "$$cmd"; eval $$cmd; \ + if [ "$(devdir)" == "$(srcdir)" ]; then \ + cmd='mv -f $(devdir)/intercept.pb-c.h $(incdir)/intercept.pb-c.h'; \ + else \ + cmd='mv -f $(devdir)/intercept.pb-c.h $(top_builddir)/intercept.pb-c.h'; \ + fi; \ + echo "$$cmd"; eval $$cmd; \ + fi + sudo: $(OBJS) $(LT_LIBS) @STATIC_SUDOERS@ $(LIBTOOL) $(LTFLAGS) --mode=link $(CC) -o $@ $(OBJS) $(SUDO_LDFLAGS) $(ASAN_LDFLAGS) $(PIE_LDFLAGS) $(SSP_LDFLAGS) $(LIBS) @STATIC_SUDOERS@ -# We can't use -module here since you cannot preload a module on Darwin -libsudo_noexec.la: sudo_noexec.lo - $(LIBTOOL) $(LTFLAGS) --mode=link $(CC) $(LDFLAGS) $(LT_LDFLAGS) $(SSP_LDFLAGS) @LIBDL@ -o $@ sudo_noexec.lo -avoid-version -rpath $(noexecdir) -shrext .so - -# Some hackery is required to install this as sudo_noexec, not libsudo_noexec -sudo_noexec.la: libsudo_noexec.la - sed 's/libsudo_noexec/sudo_noexec/g' libsudo_noexec.la > sudo_noexec.la - if test -f .libs/libsudo_noexec.lai; then sed 's/libsudo_noexec/sudo_noexec/g' .libs/libsudo_noexec.lai > .libs/sudo_noexec.lai; fi - cp -p .libs/libsudo_noexec.so .libs/sudo_noexec.so +$(shlib_map): $(shlib_exp) + @$(AWK) 'BEGIN { print "{\n\tglobal:" } { print "\t\t"$$0";" } END { print "\tlocal:\n\t\t*;\n};" }' $(shlib_exp) > $@ + +$(shlib_opt): $(shlib_exp) + @$(SED) 's/^/+e /' $(shlib_exp) > $@ + +sudo_intercept.la: $(INTERCEPT_OBJS) @LT_LDDEP@ + $(LIBTOOL) $(LTFLAGS) --mode=link $(CC) $(LDFLAGS) $(INTERCEPT_LDFLAGS) $(ASAN_LDFLAGS) $(SSP_LDFLAGS) $(LT_LIBS) @LIBDL@ -o $@ $(INTERCEPT_OBJS) $(PRELOAD_MODULE) -avoid-version -rpath $(interceptdir) -shrext .so + +sudo_noexec.la: sudo_noexec.lo + $(LIBTOOL) $(LTFLAGS) --mode=link $(CC) $(LDFLAGS) $(NOEXEC_LDFLAGS) $(SSP_LDFLAGS) @LIBDL@ -o $@ sudo_noexec.lo $(PRELOAD_MODULE) -avoid-version -rpath $(noexecdir) -shrext .so sesh: $(SESH_OBJS) $(LT_LIBS) $(LIBTOOL) $(LTFLAGS) --mode=link $(CC) -o $@ $(SESH_OBJS) $(LDFLAGS) $(ASAN_LDFLAGS) $(PIE_LDFLAGS) $(SSP_LDFLAGS) $(LIBS) +check_net_ifs: $(CHECK_NET_IFS_OBJS) $(top_builddir)/lib/util/libsudo_util.la + $(LIBTOOL) $(LTFLAGS) --mode=link $(CC) -o $@ $(CHECK_NET_IFS_OBJS) $(TEST_LDFLAGS) $(ASAN_LDFLAGS) $(PIE_LDFLAGS) $(SSP_LDFLAGS) $(TEST_LIBS) + check_noexec: $(CHECK_NOEXEC_OBJS) $(top_builddir)/lib/util/libsudo_util.la sudo_noexec.la $(LIBTOOL) $(LTFLAGS) --mode=link $(CC) -o $@ $(CHECK_NOEXEC_OBJS) $(TEST_LDFLAGS) $(ASAN_LDFLAGS) $(PIE_LDFLAGS) $(SSP_LDFLAGS) $(TEST_LIBS) @@ -194,12 +236,13 @@ pre-install: -install: install-binaries install-rc @INSTALL_NOEXEC@ +install: install-binaries install-rc @INSTALL_INTERCEPT@ @INSTALL_NOEXEC@ install-dirs: # We only create the rc.d dir when installing to the actual system dir $(SHELL) $(scriptdir)/mkinstalldirs $(DESTDIR)$(bindir) \ - $(DESTDIR)$(libexecdir)/sudo $(DESTDIR)$(noexecdir) + $(DESTDIR)$(libexecdir)/sudo $(DESTDIR)$(noexecdir) \ + $(DESTDIR)$(interceptdir) if test -n "$(INIT_SCRIPT)"; then \ $(SHELL) $(scriptdir)/mkinstalldirs $(DESTDIR)$(INIT_DIR); \ if test -z "$(DESTDIR)"; then \ @@ -234,13 +277,24 @@ install-includes: +install-intercept: install-dirs sudo_intercept.la + if [ X"$(shlib_enable)" = X"yes" ]; then \ + INSTALL_BACKUP='$(INSTALL_BACKUP)' $(LIBTOOL) $(LTFLAGS) --mode=install $(INSTALL) $(INSTALL_OWNER) -m $(shlib_mode) sudo_intercept.la $(DESTDIR)$(interceptdir); \ + fi + install-noexec: install-dirs sudo_noexec.la - INSTALL_BACKUP='$(INSTALL_BACKUP)' $(LIBTOOL) $(LTFLAGS) --mode=install $(INSTALL) $(INSTALL_OWNER) -m $(shlib_mode) sudo_noexec.la $(DESTDIR)$(noexecdir) + if [ X"$(shlib_enable)" = X"yes" ]; then \ + INSTALL_BACKUP='$(INSTALL_BACKUP)' $(LIBTOOL) $(LTFLAGS) --mode=install $(INSTALL) $(INSTALL_OWNER) -m $(shlib_mode) sudo_noexec.la $(DESTDIR)$(noexecdir); \ + fi install-plugin: +install-fuzzer: + uninstall: - -$(LIBTOOL) $(LTFLAGS) --mode=uninstall rm -f $(DESTDIR)$(noexecdir)/sudo_noexec.la + -$(LIBTOOL) $(LTFLAGS) --mode=uninstall \ + rm -f $(DESTDIR)$(interceptdir)/sudo_intercept.la \ + $(DESTDIR)$(noexecdir)/sudo_noexec.la -rm -f $(DESTDIR)$(bindir)/sudo \ $(DESTDIR)$(bindir)/sudoedit \ $(DESTDIR)$(libexecdir)/sudo/sesh \ @@ -248,6 +302,7 @@ -test -z "$(INSTALL_BACKUP)" || \ rm -f $(DESTDIR)$(bindir)/sudo$(INSTALL_BACKUP) \ $(DESTDIR)$(libexecdir)/sudo/sesh$(INSTALL_BACKUP) \ + $(DESTDIR)$(interceptdir)/sudo_intercept.so$(INSTALL_BACKUP) \ $(DESTDIR)$(noexecdir)/sudo_noexec.so$(INSTALL_BACKUP) -test -z "$(INIT_SCRIPT)" || \ rm -f $(DESTDIR)$(RC_LINK) $(DESTDIR)$(INIT_DIR)/sudo @@ -263,14 +318,25 @@ pvs-studio: $(POBJS) plog-converter $(PVS_LOG_OPTS) $(POBJS) -check: $(TEST_PROGS) +fuzz: + +check-fuzzer: + +check: $(TEST_PROGS) check-fuzzer @if test X"$(cross_compiling)" != X"yes"; then \ + if locale -a 2>&1 | grep '^C.UTF-8$$' >/dev/null 2>&1; then \ + LC_ALL=C.UTF-8; export LC_ALL; \ + else \ + LC_ALL=C; export LC_ALL; \ + fi; \ + unset LANG || LANG=; \ MALLOC_OPTIONS=S; export MALLOC_OPTIONS; \ MALLOC_CONF="abort:true,junk:true"; export MALLOC_CONF; \ - ./check_ttyname; \ - if test X"@CHECK_NOEXEC@" != X""; then \ + ./check_net_ifs; \ + if [ -f .libs/$(noexecfile) ]; then \ ./check_noexec .libs/$(noexecfile); \ fi; \ + ./check_ttyname; \ fi clean: @@ -281,7 +347,11 @@ mostlyclean: clean distclean: clean - -rm -rf Makefile .libs sudo_usage.h + -rm -rf Makefile .libs $(shlib_map) $(shlib_opt) sudo_usage.h + @if [ -n "$(DEVEL)" -a "$(devdir)" != "$(srcdir)" ]; then \ + cmd='rm -rf $(GENERATED)'; \ + echo "$$cmd"; eval $$cmd; \ + fi clobber: distclean @@ -290,12 +360,26 @@ cleandir: realclean +.PHONY: clean mostlyclean distclean cleandir clobber realclean + # *Not* auto-generated to avoid building with ASAN sudo_noexec.lo: $(srcdir)/sudo_noexec.c $(incdir)/sudo_compat.h \ - $(top_builddir)/config.h $(top_builddir)/pathnames.h + $(top_builddir)/config.h $(top_builddir)/pathnames.h $(LIBTOOL) $(LTFLAGS) --mode=compile $(CC) -c $(CPPFLAGS) $(CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(srcdir)/sudo_noexec.c # Autogenerated dependencies, do not modify +check_net_ifs.o: $(srcdir)/regress/net_ifs/check_net_ifs.c \ + $(incdir)/compat/stdbool.h $(incdir)/sudo_compat.h \ + $(incdir)/sudo_fatal.h $(incdir)/sudo_plugin.h \ + $(incdir)/sudo_util.h $(top_builddir)/config.h + $(CC) -c $(CPPFLAGS) $(CFLAGS) $(ASAN_CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(srcdir)/regress/net_ifs/check_net_ifs.c +check_net_ifs.i: $(srcdir)/regress/net_ifs/check_net_ifs.c \ + $(incdir)/compat/stdbool.h $(incdir)/sudo_compat.h \ + $(incdir)/sudo_fatal.h $(incdir)/sudo_plugin.h \ + $(incdir)/sudo_util.h $(top_builddir)/config.h + $(CC) -E -o $@ $(CPPFLAGS) $< +check_net_ifs.plog: check_net_ifs.i + rm -f $@; pvs-studio --cfg $(PVS_CFG) --sourcetree-root $(top_srcdir) --skip-cl-exe yes --source-file $(srcdir)/regress/net_ifs/check_net_ifs.c --i-file $< --output-file $@ check_noexec.o: $(srcdir)/regress/noexec/check_noexec.c \ $(incdir)/compat/stdbool.h $(incdir)/sudo_compat.h \ $(incdir)/sudo_fatal.h $(incdir)/sudo_plugin.h \ @@ -432,6 +516,28 @@ $(CC) -E -o $@ $(CPPFLAGS) $< exec_common.plog: exec_common.i rm -f $@; pvs-studio --cfg $(PVS_CFG) --sourcetree-root $(top_srcdir) --skip-cl-exe yes --source-file $(srcdir)/exec_common.c --i-file $< --output-file $@ +exec_intercept.o: $(srcdir)/exec_intercept.c $(incdir)/compat/stdbool.h \ + $(incdir)/intercept.pb-c.h $(incdir)/protobuf-c/protobuf-c.h \ + $(incdir)/sudo_compat.h $(incdir)/sudo_conf.h \ + $(incdir)/sudo_debug.h $(incdir)/sudo_event.h \ + $(incdir)/sudo_fatal.h $(incdir)/sudo_gettext.h \ + $(incdir)/sudo_plugin.h $(incdir)/sudo_queue.h \ + $(incdir)/sudo_rand.h $(incdir)/sudo_util.h $(srcdir)/sudo.h \ + $(srcdir)/sudo_exec.h $(srcdir)/sudo_plugin_int.h \ + $(top_builddir)/config.h $(top_builddir)/pathnames.h + $(CC) -c $(CPPFLAGS) $(CFLAGS) $(ASAN_CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(srcdir)/exec_intercept.c +exec_intercept.i: $(srcdir)/exec_intercept.c $(incdir)/compat/stdbool.h \ + $(incdir)/intercept.pb-c.h $(incdir)/protobuf-c/protobuf-c.h \ + $(incdir)/sudo_compat.h $(incdir)/sudo_conf.h \ + $(incdir)/sudo_debug.h $(incdir)/sudo_event.h \ + $(incdir)/sudo_fatal.h $(incdir)/sudo_gettext.h \ + $(incdir)/sudo_plugin.h $(incdir)/sudo_queue.h \ + $(incdir)/sudo_rand.h $(incdir)/sudo_util.h $(srcdir)/sudo.h \ + $(srcdir)/sudo_exec.h $(srcdir)/sudo_plugin_int.h \ + $(top_builddir)/config.h $(top_builddir)/pathnames.h + $(CC) -E -o $@ $(CPPFLAGS) $< +exec_intercept.plog: exec_intercept.i + rm -f $@; pvs-studio --cfg $(PVS_CFG) --sourcetree-root $(top_srcdir) --skip-cl-exe yes --source-file $(srcdir)/exec_intercept.c --i-file $< --output-file $@ exec_monitor.o: $(srcdir)/exec_monitor.c $(incdir)/compat/stdbool.h \ $(incdir)/sudo_compat.h $(incdir)/sudo_conf.h \ $(incdir)/sudo_debug.h $(incdir)/sudo_event.h \ @@ -472,6 +578,32 @@ $(CC) -E -o $@ $(CPPFLAGS) $< exec_nopty.plog: exec_nopty.i rm -f $@; pvs-studio --cfg $(PVS_CFG) --sourcetree-root $(top_srcdir) --skip-cl-exe yes --source-file $(srcdir)/exec_nopty.c --i-file $< --output-file $@ +exec_preload.lo: $(srcdir)/exec_preload.c $(incdir)/compat/stdbool.h \ + $(incdir)/sudo_compat.h $(incdir)/sudo_conf.h \ + $(incdir)/sudo_debug.h $(incdir)/sudo_event.h \ + $(incdir)/sudo_fatal.h $(incdir)/sudo_gettext.h \ + $(incdir)/sudo_plugin.h $(incdir)/sudo_queue.h \ + $(incdir)/sudo_util.h $(srcdir)/sudo.h $(srcdir)/sudo_exec.h \ + $(top_builddir)/config.h $(top_builddir)/pathnames.h + $(LIBTOOL) $(LTFLAGS) --mode=compile $(CC) -c $(CPPFLAGS) $(CFLAGS) $(ASAN_CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(srcdir)/exec_preload.c +exec_preload.i: $(srcdir)/exec_preload.c $(incdir)/compat/stdbool.h \ + $(incdir)/sudo_compat.h $(incdir)/sudo_conf.h \ + $(incdir)/sudo_debug.h $(incdir)/sudo_event.h \ + $(incdir)/sudo_fatal.h $(incdir)/sudo_gettext.h \ + $(incdir)/sudo_plugin.h $(incdir)/sudo_queue.h \ + $(incdir)/sudo_util.h $(srcdir)/sudo.h $(srcdir)/sudo_exec.h \ + $(top_builddir)/config.h $(top_builddir)/pathnames.h + $(CC) -E -o $@ $(CPPFLAGS) $< +exec_preload.plog: exec_preload.i + rm -f $@; pvs-studio --cfg $(PVS_CFG) --sourcetree-root $(top_srcdir) --skip-cl-exe yes --source-file $(srcdir)/exec_preload.c --i-file $< --output-file $@ +exec_preload.o: $(srcdir)/exec_preload.c $(incdir)/compat/stdbool.h \ + $(incdir)/sudo_compat.h $(incdir)/sudo_conf.h \ + $(incdir)/sudo_debug.h $(incdir)/sudo_event.h \ + $(incdir)/sudo_fatal.h $(incdir)/sudo_gettext.h \ + $(incdir)/sudo_plugin.h $(incdir)/sudo_queue.h \ + $(incdir)/sudo_util.h $(srcdir)/sudo.h $(srcdir)/sudo_exec.h \ + $(top_builddir)/config.h $(top_builddir)/pathnames.h + $(CC) -c $(CPPFLAGS) $(CFLAGS) $(ASAN_CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(srcdir)/exec_preload.c exec_pty.o: $(srcdir)/exec_pty.c $(incdir)/compat/stdbool.h \ $(incdir)/sudo_compat.h $(incdir)/sudo_conf.h \ $(incdir)/sudo_debug.h $(incdir)/sudo_event.h \ @@ -526,6 +658,17 @@ $(CC) -E -o $@ $(CPPFLAGS) $< hooks.plog: hooks.i rm -f $@; pvs-studio --cfg $(PVS_CFG) --sourcetree-root $(top_srcdir) --skip-cl-exe yes --source-file $(srcdir)/hooks.c --i-file $< --output-file $@ +intercept.pb-c.lo: $(srcdir)/intercept.pb-c.c $(incdir)/intercept.pb-c.h \ + $(incdir)/protobuf-c/protobuf-c.h + $(LIBTOOL) $(LTFLAGS) --mode=compile $(CC) -c $(CPPFLAGS) $(CFLAGS) $(ASAN_CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(srcdir)/intercept.pb-c.c +intercept.pb-c.i: $(srcdir)/intercept.pb-c.c $(incdir)/intercept.pb-c.h \ + $(incdir)/protobuf-c/protobuf-c.h + $(CC) -E -o $@ $(CPPFLAGS) $< +intercept.pb-c.plog: intercept.pb-c.i + rm -f $@; pvs-studio --cfg $(PVS_CFG) --sourcetree-root $(top_srcdir) --skip-cl-exe yes --source-file $(srcdir)/intercept.pb-c.c --i-file $< --output-file $@ +intercept.pb-c.o: $(srcdir)/intercept.pb-c.c $(incdir)/intercept.pb-c.h \ + $(incdir)/protobuf-c/protobuf-c.h + $(CC) -c $(CPPFLAGS) $(CFLAGS) $(ASAN_CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(srcdir)/intercept.pb-c.c limits.o: $(srcdir)/limits.c $(incdir)/compat/stdbool.h \ $(incdir)/sudo_compat.h $(incdir)/sudo_conf.h $(incdir)/sudo_debug.h \ $(incdir)/sudo_event.h $(incdir)/sudo_fatal.h \ @@ -746,6 +889,40 @@ $(CC) -E -o $@ $(CPPFLAGS) $< sudo_edit.plog: sudo_edit.i rm -f $@; pvs-studio --cfg $(PVS_CFG) --sourcetree-root $(top_srcdir) --skip-cl-exe yes --source-file $(srcdir)/sudo_edit.c --i-file $< --output-file $@ +sudo_intercept.lo: $(srcdir)/sudo_intercept.c $(incdir)/compat/stdbool.h \ + $(incdir)/sudo_compat.h $(incdir)/sudo_debug.h \ + $(incdir)/sudo_queue.h $(incdir)/sudo_util.h \ + $(top_builddir)/config.h $(top_builddir)/pathnames.h + $(LIBTOOL) $(LTFLAGS) --mode=compile $(CC) -c $(CPPFLAGS) $(CFLAGS) $(ASAN_CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(srcdir)/sudo_intercept.c +sudo_intercept.i: $(srcdir)/sudo_intercept.c $(incdir)/compat/stdbool.h \ + $(incdir)/sudo_compat.h $(incdir)/sudo_debug.h \ + $(incdir)/sudo_queue.h $(incdir)/sudo_util.h \ + $(top_builddir)/config.h $(top_builddir)/pathnames.h + $(CC) -E -o $@ $(CPPFLAGS) $< +sudo_intercept.plog: sudo_intercept.i + rm -f $@; pvs-studio --cfg $(PVS_CFG) --sourcetree-root $(top_srcdir) --skip-cl-exe yes --source-file $(srcdir)/sudo_intercept.c --i-file $< --output-file $@ +sudo_intercept_common.lo: $(srcdir)/sudo_intercept_common.c \ + $(incdir)/compat/stdbool.h \ + $(incdir)/intercept.pb-c.h \ + $(incdir)/protobuf-c/protobuf-c.h \ + $(incdir)/sudo_compat.h $(incdir)/sudo_conf.h \ + $(incdir)/sudo_debug.h $(incdir)/sudo_fatal.h \ + $(incdir)/sudo_gettext.h $(incdir)/sudo_plugin.h \ + $(incdir)/sudo_queue.h $(incdir)/sudo_util.h \ + $(srcdir)/sudo_exec.h $(top_builddir)/config.h + $(LIBTOOL) $(LTFLAGS) --mode=compile $(CC) -c $(CPPFLAGS) $(CFLAGS) $(ASAN_CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(srcdir)/sudo_intercept_common.c +sudo_intercept_common.i: $(srcdir)/sudo_intercept_common.c \ + $(incdir)/compat/stdbool.h \ + $(incdir)/intercept.pb-c.h \ + $(incdir)/protobuf-c/protobuf-c.h \ + $(incdir)/sudo_compat.h $(incdir)/sudo_conf.h \ + $(incdir)/sudo_debug.h $(incdir)/sudo_fatal.h \ + $(incdir)/sudo_gettext.h $(incdir)/sudo_plugin.h \ + $(incdir)/sudo_queue.h $(incdir)/sudo_util.h \ + $(srcdir)/sudo_exec.h $(top_builddir)/config.h + $(CC) -E -o $@ $(CPPFLAGS) $< +sudo_intercept_common.plog: sudo_intercept_common.i + rm -f $@; pvs-studio --cfg $(PVS_CFG) --sourcetree-root $(top_srcdir) --skip-cl-exe yes --source-file $(srcdir)/sudo_intercept_common.c --i-file $< --output-file $@ tcsetpgrp_nobg.o: $(srcdir)/tcsetpgrp_nobg.c $(incdir)/compat/stdbool.h \ $(incdir)/sudo_compat.h $(incdir)/sudo_conf.h \ $(incdir)/sudo_debug.h $(incdir)/sudo_event.h \ diff -Nru sudo-1.9.5p2/src/copy_file.c sudo-1.9.9/src/copy_file.c --- sudo-1.9.5p2/src/copy_file.c 2021-01-12 01:48:04.000000000 +0000 +++ sudo-1.9.9/src/copy_file.c 2022-01-27 21:24:06.000000000 +0000 @@ -35,7 +35,7 @@ * Extend the given fd to the specified size in bytes. * We do this to allocate disk space up-front before overwriting * the original file with the temporary. Otherwise, we could - * we run out of disk space after truncating the original file. + * run out of disk space after truncating the original file. */ static int sudo_extend_file(int fd, const char *name, off_t new_size) diff -Nru sudo-1.9.5p2/src/edit_open.c sudo-1.9.9/src/edit_open.c --- sudo-1.9.5p2/src/edit_open.c 2021-01-12 01:48:04.000000000 +0000 +++ sudo-1.9.9/src/edit_open.c 2022-01-27 21:24:22.000000000 +0000 @@ -39,10 +39,12 @@ #if defined(HAVE_SETRESUID) || defined(HAVE_SETREUID) || defined(HAVE_SETEUID) -void -switch_user(uid_t euid, gid_t egid, int ngroups, GETGROUPS_T *groups) +static int +switch_user_int(uid_t euid, gid_t egid, int ngroups, GETGROUPS_T *groups, + bool nonfatal) { int serrno = errno; + int ret = -1; debug_decl(switch_user, SUDO_DEBUG_EDIT); sudo_debug_printf(SUDO_DEBUG_INFO|SUDO_DEBUG_LINENO, @@ -51,27 +53,104 @@ /* When restoring root, change euid first; otherwise change it last. */ if (euid == ROOT_UID) { - if (seteuid(ROOT_UID) != 0) + if (seteuid(ROOT_UID) != 0) { + if (nonfatal) + goto done; sudo_fatal("seteuid(ROOT_UID)"); + } } - if (setegid(egid) != 0) + if (setegid(egid) != 0) { + if (nonfatal) + goto done; sudo_fatal("setegid(%d)", (int)egid); + } if (ngroups != -1) { - if (sudo_setgroups(ngroups, groups) != 0) + if (sudo_setgroups(ngroups, groups) != 0) { + if (nonfatal) + goto done; sudo_fatal("setgroups"); + } } if (euid != ROOT_UID) { - if (seteuid(euid) != 0) + if (seteuid(euid) != 0) { + if (nonfatal) + goto done; sudo_fatal("seteuid(%u)", (unsigned int)euid); + } } + ret = 0; + +done: errno = serrno; + debug_return_int(ret); +} + +#if defined(HAVE_FACCESSAT) && defined(AT_EACCESS) +static int +switch_user_nonfatal(uid_t euid, gid_t egid, int ngroups, GETGROUPS_T *groups) +{ + return switch_user_int(euid, egid, ngroups, groups, true); +} +#endif - debug_return; +void +switch_user(uid_t euid, gid_t egid, int ngroups, GETGROUPS_T *groups) +{ + (void)switch_user_int(euid, egid, ngroups, groups, false); +} + +static bool +group_matches(gid_t target, struct sudo_cred *cred) +{ + int i; + debug_decl(group_matches, SUDO_DEBUG_EDIT); + + if (target == cred->gid) { + sudo_debug_printf(SUDO_DEBUG_INFO|SUDO_DEBUG_LINENO, + "user gid %u matches directory gid %u", (unsigned int)cred->gid, + (unsigned int)target); + debug_return_bool(true); + } + for (i = 0; i < cred->ngroups; i++) { + if (target == cred->groups[i]) { + sudo_debug_printf(SUDO_DEBUG_INFO|SUDO_DEBUG_LINENO, + "user gid %u matches directory gid %u", + (unsigned int)cred->groups[i], (unsigned int)target); + debug_return_bool(true); + } + } + debug_return_bool(false); +} + +static bool +is_writable(struct sudo_cred *user_cred, struct stat *sb) +{ + debug_decl(is_writable, SUDO_DEBUG_EDIT); + + /* Other writable? */ + if (ISSET(sb->st_mode, S_IWOTH)) { + sudo_debug_printf(SUDO_DEBUG_INFO|SUDO_DEBUG_LINENO, + "directory is writable by other"); + debug_return_int(true); + } + + /* Group writable? */ + if (ISSET(sb->st_mode, S_IWGRP)) { + if (group_matches(sb->st_gid, user_cred)) { + sudo_debug_printf(SUDO_DEBUG_INFO|SUDO_DEBUG_LINENO, + "directory is writable by one of the user's groups"); + debug_return_int(true); + } + } + + errno = EACCES; + debug_return_int(false); } #if defined(HAVE_FACCESSAT) && defined(AT_EACCESS) /* - * Returns true if the open directory fd is owned or writable by the user. + * Checks whether the open directory dfd is owned or writable by the user. + * Returns true if writable, false if not, or -1 on error. */ int dir_is_writable(int dfd, struct sudo_cred *user_cred, struct sudo_cred *cur_cred) @@ -93,11 +172,20 @@ /* Change uid/gid/groups to invoking user, usually needs root perms. */ if (cur_cred->euid != ROOT_UID) { - if (seteuid(ROOT_UID) != 0) - sudo_fatal("seteuid(ROOT_UID)"); + if (seteuid(ROOT_UID) != 0) { + sudo_debug_printf( + SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO|SUDO_DEBUG_ERRNO, + "seteuid(ROOT_UID)"); + goto fallback; + } + } + if (switch_user_nonfatal(user_cred->uid, user_cred->gid, user_cred->ngroups, + user_cred->groups) == -1) { + sudo_debug_printf( + SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO|SUDO_DEBUG_ERRNO, + "unable to switch to user_cred"); + goto fallback; } - switch_user(user_cred->uid, user_cred->gid, user_cred->ngroups, - user_cred->groups); /* Access checks are done using the euid/egid and group vector. */ rc = faccessat(dfd, ".", W_OK, AT_EACCESS); @@ -112,36 +200,19 @@ if (rc == 0) debug_return_int(true); - if (errno == EACCES || errno == EROFS) + if (errno == EACCES || errno == EPERM || errno == EROFS) debug_return_int(false); debug_return_int(-1); -} -#else -static bool -group_matches(gid_t target, struct sudo_cred *cred) -{ - int i; - debug_decl(group_matches, SUDO_DEBUG_EDIT); - if (target == cred->gid) { - sudo_debug_printf(SUDO_DEBUG_INFO|SUDO_DEBUG_LINENO, - "user gid %u matches directory gid %u", (unsigned int)cred->gid, - (unsigned int)target); - debug_return_bool(true); - } - for (i = 0; i < cred->ngroups; i++) { - if (target == cred->groups[i]) { - sudo_debug_printf(SUDO_DEBUG_INFO|SUDO_DEBUG_LINENO, - "user gid %u matches directory gid %u", - (unsigned int)cred->groups[i], (unsigned int)target); - debug_return_bool(true); - } - } - debug_return_bool(false); +fallback: + debug_return_int(is_writable(user_cred, &sb)); } +#endif /* HAVE_FACCESSAT && AT_EACCESS */ +#if !defined(HAVE_FACCESSAT) || !defined(AT_EACCESS) /* - * Returns true if the open directory fd is owned or writable by the user. + * Checks whether the open directory dfd is owned or writable by the user. + * Returns true if writable, false if not, or -1 on error. */ int dir_is_writable(int dfd, struct sudo_cred *user_cred, struct sudo_cred *cur_cred) @@ -160,24 +231,7 @@ debug_return_int(true); } - /* Other writable? */ - if (ISSET(sb.st_mode, S_IWOTH)) { - sudo_debug_printf(SUDO_DEBUG_INFO|SUDO_DEBUG_LINENO, - "directory is writable by other"); - debug_return_int(true); - } - - /* Group writable? */ - if (ISSET(sb.st_mode, S_IWGRP)) { - if (group_matches(sb.st_gid, user_cred)) { - sudo_debug_printf(SUDO_DEBUG_INFO|SUDO_DEBUG_LINENO, - "directory is writable by one of the user's groups"); - debug_return_int(true); - } - } - - errno = EACCES; - debug_return_int(false); + debug_return_int(is_writable(user_cred, &sb)); } #endif /* HAVE_FACCESSAT && AT_EACCESS */ @@ -185,9 +239,21 @@ static int sudo_edit_openat_nofollow(int dfd, char *path, int oflags, mode_t mode) { + int fd; debug_decl(sudo_edit_openat_nofollow, SUDO_DEBUG_EDIT); - debug_return_int(openat(dfd, path, oflags|O_NOFOLLOW, mode)); + fd = openat(dfd, path, oflags|O_NOFOLLOW, mode); + if (fd == -1) { + /* Handle non-standard O_NOFOLLOW errno values. */ + if (errno == EMLINK) + errno = ELOOP; /* FreeBSD */ +#ifdef EFTYPE + else if (errno == EFTYPE) + errno = ELOOP; /* NetBSD */ +#endif + } + + debug_return_int(fd); } #else /* @@ -275,7 +341,7 @@ struct sudo_cred *user_cred, struct sudo_cred *cur_cred) { const int dflags = DIR_OPEN_FLAGS; - int dfd, fd, is_writable; + int dfd, fd, writable; debug_decl(sudo_edit_open_nonwritable, SUDO_DEBUG_EDIT); if (path[0] == '/') { @@ -297,8 +363,8 @@ * Look up one component at a time, avoiding symbolic links in * writable directories. */ - is_writable = dir_is_writable(dfd, user_cred, cur_cred); - if (is_writable == -1) { + writable = dir_is_writable(dfd, user_cred, cur_cred); + if (writable == -1) { close(dfd); debug_return_int(-1); } @@ -308,7 +374,7 @@ if (slash == NULL) break; *slash = '\0'; - if (is_writable) + if (writable) subdfd = sudo_edit_openat_nofollow(dfd, path, dflags, 0); else subdfd = openat(dfd, path, dflags, 0); @@ -320,7 +386,7 @@ dfd = subdfd; } - if (is_writable) { + if (writable) { close(dfd); errno = EISDIR; debug_return_int(-1); @@ -352,6 +418,15 @@ } else { fd = open(path, oflags|O_NONBLOCK, mode); } + if (fd == -1 && ISSET(oflags, O_NOFOLLOW)) { + /* Handle non-standard O_NOFOLLOW errno values. */ + if (errno == EMLINK) + errno = ELOOP; /* FreeBSD */ +#ifdef EFTYPE + else if (errno == EFTYPE) + errno = ELOOP; /* NetBSD */ +#endif + } if (fd != -1 && !ISSET(oflags, O_NONBLOCK)) (void) fcntl(fd, F_SETFL, fcntl(fd, F_GETFL, 0) & ~O_NONBLOCK); debug_return_int(fd); diff -Nru sudo-1.9.5p2/src/exec.c sudo-1.9.9/src/exec.c --- sudo-1.9.5p2/src/exec.c 2021-01-09 20:12:16.000000000 +0000 +++ sudo-1.9.9/src/exec.c 2022-01-27 21:24:22.000000000 +0000 @@ -49,7 +49,7 @@ #include "sudo_plugin_int.h" static void -close_fds(struct command_details *details, int errfd) +close_fds(struct command_details *details, int errfd, int intercept_fd) { int fd, maxfd; unsigned char *debug_fds; @@ -66,6 +66,8 @@ } if (errfd != -1) add_preserved_fd(&details->preserved_fds, errfd); + if (intercept_fd != -1) + add_preserved_fd(&details->preserved_fds, intercept_fd); /* Close all fds except those explicitly preserved. */ closefrom_except(details->closefrom, &details->preserved_fds); @@ -79,7 +81,7 @@ * Returns true on success and false on failure. */ static bool -exec_setup(struct command_details *details, int errfd) +exec_setup(struct command_details *details, int intercept_fd, int errfd) { bool ret = false; debug_decl(exec_setup, SUDO_DEBUG_EXEC); @@ -162,8 +164,11 @@ if (ISSET(details->flags, CD_OVERRIDE_UMASK)) (void) umask(details->umask); + /* Apply resource limits specified by the policy, if any. */ + set_policy_rlimits(); + /* Close fds before chroot (need /dev) or uid change (prlimit on Linux). */ - close_fds(details, errfd); + close_fds(details, errfd, intercept_fd); if (details->chroot) { if (chroot(details->chroot) != 0 || chdir("/") != 0) { @@ -233,12 +238,12 @@ * If the exec fails, cstat is filled in with the value of errno. */ void -exec_cmnd(struct command_details *details, int errfd) +exec_cmnd(struct command_details *details, int intercept_fd, int errfd) { debug_decl(exec_cmnd, SUDO_DEBUG_EXEC); restore_signals(); - if (exec_setup(details, errfd) == true) { + if (exec_setup(details, intercept_fd, errfd) == true) { /* headed for execve() */ #ifdef HAVE_SELINUX if (ISSET(details->flags, CD_RBAC_ENABLED)) { @@ -248,7 +253,7 @@ #endif { sudo_execve(details->execfd, details->command, details->argv, - details->envp, ISSET(details->flags, CD_NOEXEC)); + details->envp, intercept_fd, details->flags); } } sudo_debug_printf(SUDO_DEBUG_ERROR, "unable to exec %s: %s", @@ -309,7 +314,7 @@ debug_return_bool(false); } -#if SUDO_API_VERSION != SUDO_API_MKVERSION(1, 17) +#if SUDO_API_VERSION != SUDO_API_MKVERSION(1, 18) # error "Update sudo_needs_pty() after changing the plugin API" #endif static bool @@ -317,7 +322,7 @@ { struct plugin_container *plugin; - if (ISSET(details->flags, CD_USE_PTY)) + if (ISSET(details->flags, CD_USE_PTY|CD_INTERCEPT|CD_LOG_SUBCMDS)) return true; TAILQ_FOREACH(plugin, &io_plugins, entries) { @@ -409,7 +414,7 @@ */ if (direct_exec_allowed(details)) { if (!sudo_terminated(cstat)) { - exec_cmnd(details, -1); + exec_cmnd(details, -1, -1); cstat->type = CMD_ERRNO; cstat->val = errno; } diff -Nru sudo-1.9.5p2/src/exec_common.c sudo-1.9.9/src/exec_common.c --- sudo-1.9.5p2/src/exec_common.c 2021-01-09 20:12:16.000000000 +0000 +++ sudo-1.9.9/src/exec_common.c 2022-01-27 21:24:06.000000000 +0000 @@ -1,7 +1,7 @@ /* * SPDX-License-Identifier: ISC * - * Copyright (c) 2009-2016 Todd C. Miller + * Copyright (c) 2009-2021 Todd C. Miller * * Permission to use, copy, modify, and distribute this software for any * purpose with or without fee is hereby granted, provided that the above @@ -23,6 +23,7 @@ #include +#include #include #include #include @@ -35,116 +36,6 @@ #include "sudo.h" #include "sudo_exec.h" -#ifdef RTLD_PRELOAD_VAR -/* - * Add a DSO file to LD_PRELOAD or the system equivalent. - */ -static char ** -preload_dso(char *envp[], const char *dso_file) -{ - char *preload = NULL; - int env_len; - int preload_idx = -1; - bool present = false; -# ifdef RTLD_PRELOAD_ENABLE_VAR - bool enabled = false; -# else - const bool enabled = true; -# endif - debug_decl(preload_dso, SUDO_DEBUG_UTIL); - - /* - * Preload a DSO file. For a list of LD_PRELOAD-alikes, see - * http://www.fortran-2000.com/ArnaudRecipes/sharedlib.html - * XXX - need to support 32-bit and 64-bit variants - */ - - /* Count entries in envp, looking for LD_PRELOAD as we go. */ - for (env_len = 0; envp[env_len] != NULL; env_len++) { - if (preload_idx == -1 && strncmp(envp[env_len], RTLD_PRELOAD_VAR "=", - sizeof(RTLD_PRELOAD_VAR)) == 0) { - const char *cp = envp[env_len] + sizeof(RTLD_PRELOAD_VAR); - const char *end = cp + strlen(cp); - const char *ep; - const size_t dso_len = strlen(dso_file); - - /* Check to see if dso_file is already present. */ - for (cp = sudo_strsplit(cp, end, RTLD_PRELOAD_DELIM, &ep); - cp != NULL; cp = sudo_strsplit(NULL, end, RTLD_PRELOAD_DELIM, - &ep)) { - if ((size_t)(ep - cp) == dso_len) { - if (memcmp(cp, dso_file, dso_len) == 0) { - /* already present */ - present = true; - break; - } - } - } - - /* Save index of existing LD_PRELOAD variable. */ - preload_idx = env_len; - continue; - } -# ifdef RTLD_PRELOAD_ENABLE_VAR - if (strncmp(envp[env_len], RTLD_PRELOAD_ENABLE_VAR "=", sizeof(RTLD_PRELOAD_ENABLE_VAR)) == 0) { - enabled = true; - continue; - } -# endif - } - - /* - * Make a new copy of envp as needed. - * It would be nice to realloc the old envp[] but we don't know - * whether it was dynamically allocated. [TODO: plugin API] - */ - if (preload_idx == -1 || !enabled) { - const int env_size = env_len + 1 + (preload_idx == -1) + enabled; // -V547 - - char **nenvp = reallocarray(NULL, env_size, sizeof(*envp)); - if (nenvp == NULL) - sudo_fatalx(U_("%s: %s"), __func__, U_("unable to allocate memory")); - memcpy(nenvp, envp, env_len * sizeof(*envp)); - nenvp[env_len] = NULL; - envp = nenvp; - } - - /* Prepend our LD_PRELOAD to existing value or add new entry at the end. */ - if (!present) { - if (preload_idx == -1) { -# ifdef RTLD_PRELOAD_DEFAULT - asprintf(&preload, "%s=%s%s%s", RTLD_PRELOAD_VAR, dso_file, - RTLD_PRELOAD_DELIM, RTLD_PRELOAD_DEFAULT); -# else - preload = sudo_new_key_val(RTLD_PRELOAD_VAR, dso_file); -# endif - if (preload == NULL) { - sudo_fatalx(U_("%s: %s"), __func__, - U_("unable to allocate memory")); - } - envp[env_len++] = preload; - envp[env_len] = NULL; - } else { - int len = asprintf(&preload, "%s=%s%s%s", RTLD_PRELOAD_VAR, - dso_file, RTLD_PRELOAD_DELIM, envp[preload_idx]); - if (len == -1) { - sudo_fatalx(U_("%s: %s"), __func__, - U_("unable to allocate memory")); - } - envp[preload_idx] = preload; - } - } -# ifdef RTLD_PRELOAD_ENABLE_VAR - if (!enabled) { - envp[env_len++] = RTLD_PRELOAD_ENABLE_VAR "="; - envp[env_len] = NULL; - } -# endif - - debug_return_ptr(envp); -} -#endif /* RTLD_PRELOAD_VAR */ - /* * Disable execution of child processes in the command we are about * to run. On systems with privilege sets, we can remove the exec @@ -167,8 +58,33 @@ #ifdef RTLD_PRELOAD_VAR if (dso != NULL) - envp = preload_dso(envp, dso); + envp = sudo_preload_dso(envp, dso, -1); +#endif /* RTLD_PRELOAD_VAR */ + + debug_return_ptr(envp); +} + +/* + * Trap execution of child processes in the command we are about to run. + * Uses LD_PRELOAD and the like to perform a policy check on child commands. + */ +static char ** +enable_intercept(char *envp[], const char *dso, int intercept_fd) +{ + debug_decl(enable_intercept, SUDO_DEBUG_UTIL); + + if (dso != NULL) { +#ifdef RTLD_PRELOAD_VAR + if (intercept_fd == -1) + sudo_fatalx("%s: no intercept fd", __func__); + + envp = sudo_preload_dso(envp, dso, intercept_fd); +#else + /* Intercept not supported, envp unchanged. */ + if (intercept_fd != -1) + close(intercept_fd); #endif /* RTLD_PRELOAD_VAR */ + } debug_return_ptr(envp); } @@ -178,15 +94,18 @@ * ala execvp(3) if we get ENOEXEC. */ int -sudo_execve(int fd, const char *path, char *const argv[], char *envp[], bool noexec) +sudo_execve(int fd, const char *path, char *const argv[], char *envp[], + int intercept_fd, int flags) { debug_decl(sudo_execve, SUDO_DEBUG_UTIL); sudo_debug_execve(SUDO_DEBUG_INFO, path, argv, envp); - /* Modify the environment as needed to disable further execve(). */ - if (noexec) + /* Modify the environment as needed to trap execve(). */ + if (ISSET(flags, CD_NOEXEC)) envp = disable_execute(envp, sudo_conf_noexec_path()); + else if (ISSET(flags, CD_INTERCEPT|CD_LOG_SUBCMDS)) + envp = enable_intercept(envp, sudo_conf_intercept_path(), intercept_fd); #ifdef HAVE_FEXECVE if (fd != -1) diff -Nru sudo-1.9.5p2/src/exec_intercept.c sudo-1.9.9/src/exec_intercept.c --- sudo-1.9.5p2/src/exec_intercept.c 1970-01-01 00:00:00.000000000 +0000 +++ sudo-1.9.9/src/exec_intercept.c 2022-01-27 21:24:22.000000000 +0000 @@ -0,0 +1,981 @@ +/* + * SPDX-License-Identifier: ISC + * + * Copyright (c) 2021 Todd C. Miller + * + * Permission to use, copy, modify, and distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR + * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN + * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF + * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + */ + +/* + * This is an open source non-commercial project. Dear PVS-Studio, please check it. + * PVS-Studio Static Code Analyzer for C, C++ and C#: http://www.viva64.com + */ + +#include + +#include +#include + +#if defined(HAVE_STDINT_H) +# include +#elif defined(HAVE_INTTYPES_H) +# include +#endif +#include +#include +#include +#include +#include +#include + +#include "sudo.h" +#include "sudo_exec.h" +#include "sudo_plugin.h" +#include "sudo_plugin_int.h" +#include "sudo_rand.h" +#include "intercept.pb-c.h" + +#ifdef _PATH_SUDO_INTERCEPT + +/* TCSASOFT is a BSD extension that ignores control flags and speed. */ +# ifndef TCSASOFT +# define TCSASOFT 0 +# endif + +enum intercept_state { + RECV_HELLO_INITIAL, + RECV_HELLO, + RECV_SECRET, + RECV_POLICY_CHECK, + RECV_CONNECTION, + POLICY_ACCEPT, + POLICY_REJECT, + POLICY_ERROR +}; + +/* Closure for intercept_cb() */ +struct intercept_closure { + union sudo_token_un token; + struct command_details *details; + struct sudo_event ev; + const char *errstr; + char *command; /* dynamically allocated */ + char **run_argv; /* owned by plugin */ + char **run_envp; /* dynamically allocated */ + uint8_t *buf; /* dynamically allocated */ + uint32_t len; + uint32_t off; + int listen_sock; + enum intercept_state state; +}; + +static union sudo_token_un intercept_token; +static in_port_t intercept_listen_port; +static struct intercept_closure *accept_closure; +static void intercept_accept_cb(int fd, int what, void *v); +static void intercept_cb(int fd, int what, void *v); + +bool +intercept_setup(int fd, struct sudo_event_base *evbase, + struct command_details *details) +{ + struct intercept_closure *closure; + debug_decl(intercept_setup, SUDO_DEBUG_EXEC); + + sudo_debug_printf(SUDO_DEBUG_INFO|SUDO_DEBUG_LINENO, + "intercept fd %d\n", fd); + + closure = calloc(1, sizeof(*closure)); + if (closure == NULL) { + sudo_warnx("%s", U_("unable to allocate memory")); + goto bad; + } + + /* If we've already seen an InterceptHello, expect a policy check first. */ + closure->state = sudo_token_isset(intercept_token) ? + RECV_SECRET : RECV_HELLO_INITIAL; + closure->details = details; + closure->listen_sock = -1; + + if (sudo_ev_set(&closure->ev, fd, SUDO_EV_READ|SUDO_EV_PERSIST, intercept_cb, closure) == -1) { + /* This cannot (currently) fail. */ + sudo_warn("%s", U_("unable to add event to queue")); + goto bad; + } + if (sudo_ev_add(evbase, &closure->ev, NULL, false) == -1) { + sudo_warn("%s", U_("unable to add event to queue")); + goto bad; + } + + debug_return_bool(true); + +bad: + free(closure); + debug_return_bool(false); +} + +/* + * Close intercept socket and free closure when we are done with + * the connection. + */ +static void +intercept_connection_close(struct intercept_closure *closure) +{ + const int fd = sudo_ev_get_fd(&closure->ev); + size_t n; + debug_decl(intercept_connection_close, SUDO_DEBUG_EXEC); + + sudo_ev_del(NULL, &closure->ev); + close(fd); + if (closure->listen_sock != -1) + close(closure->listen_sock); + + free(closure->buf); + free(closure->command); + if (closure->run_argv != NULL) { + for (n = 0; closure->run_argv[n] != NULL; n++) + free(closure->run_argv[n]); + free(closure->run_argv); + } + if (closure->run_envp != NULL) { + for (n = 0; closure->run_envp[n] != NULL; n++) + free(closure->run_envp[n]); + free(closure->run_envp); + } + free(closure); + + debug_return; +} + +void +intercept_cleanup(void) +{ + debug_decl(intercept_cleanup, SUDO_DEBUG_EXEC); + + if (accept_closure != NULL) { + intercept_connection_close(accept_closure); + accept_closure = NULL; + } + + debug_return; +} + +/* + * Prepare to listen on localhost using an ephemeral port. + * Sets intercept_token and intercept_listen_port as side effects. + */ +static bool +prepare_listener(struct intercept_closure *closure) +{ + struct sockaddr_in sin; + socklen_t sin_len = sizeof(sin); + int sock; + debug_decl(prepare_listener, SUDO_DEBUG_EXEC); + + /* Generate a random token. */ + do { + arc4random_buf(&intercept_token, sizeof(intercept_token)); + } while (!sudo_token_isset(intercept_token)); + + /* Create localhost listener socket (currently AF_INET only). */ + sock = socket(AF_INET, SOCK_STREAM, 0); + if (sock == -1) { + sudo_warn("socket"); + goto bad; + } + memset(&sin, 0, sizeof(sin)); + sin.sin_family = AF_INET; + sin.sin_addr.s_addr = htonl(INADDR_LOOPBACK); + sin.sin_port = 0; + if (bind(sock, (struct sockaddr *)&sin, sizeof(sin)) == -1) { + sudo_warn("bind"); + goto bad; + } + if (getsockname(sock, (struct sockaddr *)&sin, &sin_len) == -1) { + sudo_warn("getsockname"); + goto bad; + } + if (listen(sock, SOMAXCONN) == -1) { + sudo_warn("listen"); + goto bad; + } + + closure->listen_sock = sock; + intercept_listen_port = ntohs(sin.sin_port); + sudo_debug_printf(SUDO_DEBUG_INFO|SUDO_DEBUG_LINENO, + "%s: listening on port %hu", __func__, intercept_listen_port); + + debug_return_bool(true); + +bad: + if (sock != -1) + close(sock); + debug_return_bool(false); +} + +/* + * Allocate a new command_info[] and update command and runcwd in it. + * Fills in cmnd_out with a copy of the command if not NULL. + * Returns the new command_info[] which the caller must free. + */ +static char ** +update_command_info(char * const *old_command_info, const char *cmnd, + const char *runcwd, char **cmnd_out) +{ + char **command_info; + char * const *oci; + size_t n; + debug_decl(update_command_info, SUDO_DEBUG_EXEC); + + /* Rebuild command_info[] with new command and add a runcwd. */ + for (n = 0; old_command_info[n] != NULL; n++) + continue; + command_info = reallocarray(NULL, n + 2, sizeof(char *)); + if (command_info == NULL) { + goto bad; + } + for (oci = old_command_info, n = 0; *oci != NULL; oci++) { + const char *cp = *oci; + switch (*cp) { + case 'c': + if (strncmp(cp, "command=", sizeof("command=") - 1) == 0) { + if (cmnd != NULL) { + command_info[n] = sudo_new_key_val("command", cmnd); + if (command_info[n] == NULL) { + goto bad; + } + n++; + continue; + } else if (cmnd_out != NULL) { + *cmnd_out = strdup(cp + sizeof("command=") - 1); + if (*cmnd_out == NULL) { + goto bad; + } + } + } + break; + case 'r': + if (strncmp(cp, "runcwd=", sizeof("runcwd=") - 1) == 0) { + /* Filled in at the end. */ + continue; + } + break; + } + command_info[n] = strdup(cp); + if (command_info[n] == NULL) { + goto bad; + } + n++; + } + /* Append actual runcwd. */ + command_info[n] = sudo_new_key_val("runcwd", runcwd); + if (command_info[n] == NULL) { + goto bad; + } + n++; + + command_info[n] = NULL; + + debug_return_ptr(command_info); +bad: + if (command_info != NULL) { + for (n = 0; command_info[n] != NULL; n++) { + free(command_info[n]); + } + free(command_info); + } + debug_return_ptr(NULL); +} + +static bool +intercept_check_policy(PolicyCheckRequest *req, + struct intercept_closure *closure) +{ + char **command_info = NULL; + char **command_info_copy = NULL; + char **user_env_out = NULL; + char **argv = NULL, **run_argv = NULL; + bool ret = false; + int result; + size_t n; + debug_decl(intercept_check_policy, SUDO_DEBUG_EXEC); + + if (req->command == NULL || req->n_argv == 0 || req->n_envp == 0) { + closure->errstr = N_("invalid PolicyCheckRequest"); + goto done; + } + + if (sudo_debug_needed(SUDO_DEBUG_INFO)) { + sudo_debug_printf(SUDO_DEBUG_INFO|SUDO_DEBUG_LINENO, + "req_command: %s", req->command); + for (n = 0; n < req->n_argv; n++) { + sudo_debug_printf(SUDO_DEBUG_INFO|SUDO_DEBUG_LINENO, + "req_argv[%zu]: %s", n, req->argv[n]); + } + } + + /* Rebuild argv from PolicyCheckReq so it is NULL-terminated. */ + argv = reallocarray(NULL, req->n_argv + 1, sizeof(char *)); + if (argv == NULL) { + closure->errstr = N_("unable to allocate memory"); + goto done; + } + argv[0] = req->command; + for (n = 1; n < req->n_argv; n++) { + argv[n] = req->argv[n]; + } + argv[n] = NULL; + + if (ISSET(closure->details->flags, CD_INTERCEPT)) { + /* We don't currently have a good way to validate the environment. */ + sudo_debug_set_active_instance(policy_plugin.debug_instance); + result = policy_plugin.u.policy->check_policy(n, argv, NULL, + &command_info, &run_argv, &user_env_out, &closure->errstr); + sudo_debug_set_active_instance(sudo_debug_instance); + sudo_debug_printf(SUDO_DEBUG_INFO|SUDO_DEBUG_LINENO, + "check_policy returns %d", result); + + switch (result) { + case 1: + /* Rebuild command_info[] with runcwd and extract command. */ + command_info_copy = update_command_info(command_info, NULL, + req->cwd ? req->cwd : "unknown", &closure->command); + if (command_info_copy == NULL) { + closure->errstr = N_("unable to allocate memory"); + goto done; + } + command_info = command_info_copy; + closure->state = POLICY_ACCEPT; + break; + case 0: + if (closure->errstr == NULL) + closure->errstr = N_("command rejected by policy"); + audit_reject(policy_plugin.name, SUDO_POLICY_PLUGIN, + closure->errstr, command_info); + closure->state = POLICY_REJECT; + ret = true; + goto done; + default: + goto done; + } + } else { + /* No actual policy check, just logging child processes. */ + sudo_debug_printf(SUDO_DEBUG_INFO|SUDO_DEBUG_LINENO, + "not checking policy, audit only"); + closure->command = strdup(req->command); + if (closure->command == NULL) { + closure->errstr = N_("unable to allocate memory"); + goto done; + } + + /* Rebuild command_info[] with new command and runcwd. */ + command_info = update_command_info(closure->details->info, + req->command, req->cwd ? req->cwd : "unknown", NULL); + if (command_info == NULL) { + closure->errstr = N_("unable to allocate memory"); + goto done; + } + closure->state = POLICY_ACCEPT; + run_argv = argv; + } + + if (sudo_debug_needed(SUDO_DEBUG_INFO)) { + sudo_debug_printf(SUDO_DEBUG_INFO|SUDO_DEBUG_LINENO, + "run_command: %s", closure->command); + for (n = 0; command_info[n] != NULL; n++) { + sudo_debug_printf(SUDO_DEBUG_INFO|SUDO_DEBUG_LINENO, + "command_info[%zu]: %s", n, command_info[n]); + } + for (n = 0; run_argv[n] != NULL; n++) { + sudo_debug_printf(SUDO_DEBUG_INFO|SUDO_DEBUG_LINENO, + "run_argv[%zu]: %s", n, run_argv[n]); + } + } + + /* run_argv strings may be part of PolicyCheckReq, make a copy. */ + for (n = 0; run_argv[n] != NULL; n++) + continue; + closure->run_argv = reallocarray(NULL, n + 1, sizeof(char *)); + if (closure->run_argv == NULL) { + closure->errstr = N_("unable to allocate memory"); + goto done; + } + for (n = 0; run_argv[n] != NULL; n++) { + closure->run_argv[n] = strdup(run_argv[n]); + if (closure->run_argv[n] == NULL) { + closure->errstr = N_("unable to allocate memory"); + goto done; + } + } + closure->run_argv[n] = NULL; + + /* envp strings are part of PolicyCheckReq, make a copy. */ + closure->run_envp = reallocarray(NULL, req->n_envp + 1, sizeof(char *)); + if (closure->run_envp == NULL) { + closure->errstr = N_("unable to allocate memory"); + goto done; + } + for (n = 0; n < req->n_envp; n++) { + closure->run_envp[n] = strdup(req->envp[n]); + if (closure->run_envp[n] == NULL) { + closure->errstr = N_("unable to allocate memory"); + goto done; + } + } + closure->run_envp[n] = NULL; + + if (ISSET(closure->details->flags, CD_INTERCEPT)) { + audit_accept(policy_plugin.name, SUDO_POLICY_PLUGIN, command_info, + closure->run_argv, closure->run_envp); + + /* Call approval plugins and audit the result. */ + if (!approval_check(command_info, closure->run_argv, closure->run_envp)) + debug_return_int(0); + } + + /* Audit the event again for the sudo front-end. */ + audit_accept("sudo", SUDO_FRONT_END, command_info, closure->run_argv, + closure->run_envp); + + ret = true; + +done: + if (!ret) { + if (closure->errstr == NULL) + closure->errstr = N_("policy plugin error"); + audit_error(policy_plugin.name, SUDO_POLICY_PLUGIN, closure->errstr, + command_info ? command_info : closure->details->info); + closure->state = POLICY_ERROR; + } + if (command_info_copy != NULL) { + for (n = 0; command_info_copy[n] != NULL; n++) { + free(command_info_copy[n]); + } + free(command_info_copy); + } + free(argv); + + debug_return_bool(ret); +} + +/* + * Read token from sudo_intercept.so and verify w/ intercept_token. + * Returns true on success, false on mismatch and -1 on error. + */ +static int +intercept_verify_token(int fd, struct intercept_closure *closure) +{ + ssize_t nread; + debug_decl(intercept_read_token, SUDO_DEBUG_EXEC); + + nread = recv(fd, closure->token.u8 + closure->off, + sizeof(closure->token) - closure->off, 0); + switch (nread) { + case 0: + sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO, + "EOF reading token"); + debug_return_int(false); + case -1: + debug_return_int(-1); + default: + if (nread + closure->off == sizeof(closure->token)) + break; + /* partial read, update offset and try again */ + closure->off += nread; + errno = EAGAIN; + debug_return_int(-1); + } + + closure->off = 0; + if (memcmp(&closure->token, &intercept_token, sizeof(closure->token)) != 0) { + sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO, + "token mismatch: got 0x%8x%8x%8x%8x, expected 0x%8x%8x%8x%8x", + closure->token.u32[3], closure->token.u32[2], + closure->token.u32[1], closure->token.u32[0], + intercept_token.u32[3], intercept_token.u32[2], + intercept_token.u32[1], intercept_token.u32[0]); + debug_return_int(false); + } + debug_return_int(true); +} + +/* + * Read a message from sudo_intercept.so and act on it. + */ +static bool +intercept_read(int fd, struct intercept_closure *closure) +{ + struct sudo_event_base *evbase = sudo_ev_get_base(&closure->ev); + InterceptRequest *req = NULL; + pid_t saved_pgrp = -1; + struct termios oterm; + ssize_t nread; + bool ret = false; + int ttyfd = -1; + debug_decl(intercept_read, SUDO_DEBUG_EXEC); + + if (closure->state == RECV_SECRET) { + switch (intercept_verify_token(fd, closure)) { + case true: + closure->state = RECV_POLICY_CHECK; + break; + case false: + goto done; + default: + if (errno == EINTR || errno == EAGAIN) + debug_return_bool(true); + sudo_warn("recv"); + goto done; + } + } + + if (closure->len == 0) { + uint32_t req_len; + + /* Read message size (uint32_t in host byte order). */ + nread = recv(fd, &req_len, sizeof(req_len), 0); + if (nread != sizeof(req_len)) { + if (nread == -1) { + if (errno == EINTR || errno == EAGAIN) + debug_return_bool(true); + sudo_warn("recv"); + } + goto done; + } + + if (req_len == 0) { + /* zero-length message is possible */ + goto unpack; + } + if (req_len > MESSAGE_SIZE_MAX) { + sudo_warnx(U_("client request too large: %zu"), (size_t)req_len); + goto done; + } + if ((closure->buf = malloc(req_len)) == NULL) { + sudo_warnx("%s", U_("unable to allocate memory")); + goto done; + } + closure->len = req_len; + sudo_debug_printf(SUDO_DEBUG_INFO, "%s: expecting %u bytes from client", + __func__, closure->len); + } + + nread = recv(fd, closure->buf + closure->off, closure->len - closure->off, + 0); + switch (nread) { + case 0: + /* EOF, other side must have exited. */ + goto done; + case -1: + if (errno == EINTR || errno == EAGAIN) + debug_return_bool(true); + sudo_warn("recv"); + goto done; + default: + closure->off += nread; + break; + } + sudo_debug_printf(SUDO_DEBUG_INFO, "%s: received %zd bytes from client", + __func__, nread); + + if (closure->off != closure->len) { + /* Partial read. */ + debug_return_bool(true); + } + +unpack: + req = intercept_request__unpack(NULL, closure->len, closure->buf); + if (req == NULL) { + sudo_warnx("unable to unpack %s size %zu", "InterceptRequest", + (size_t)closure->len); + goto done; + } + + sudo_debug_printf(SUDO_DEBUG_INFO, + "%s: finished receiving %u bytes from client", __func__, closure->len); + sudo_ev_del(evbase, &closure->ev); + free(closure->buf); + closure->buf = NULL; + closure->len = 0; + closure->off = 0; + + switch (req->type_case) { + case INTERCEPT_REQUEST__TYPE_POLICY_CHECK_REQ: + if (closure->state != RECV_POLICY_CHECK) { + /* Only a single policy check request is allowed. */ + sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO, + "state mismatch, expected RECV_POLICY_CHECK (%d), got %d", + RECV_POLICY_CHECK, closure->state); + goto done; + } + + /* Take back control of the tty, if necessary, for the policy check. */ + ttyfd = open(_PATH_TTY, O_RDWR); + if (ttyfd != -1) { + saved_pgrp = tcgetpgrp(ttyfd); + if (saved_pgrp == -1 || tcsetpgrp(ttyfd, getpgid(0)) == -1 || + tcgetattr(ttyfd, &oterm) == -1) { + close(ttyfd); + ttyfd = -1; + } + } + + ret = intercept_check_policy(req->u.policy_check_req, closure); + + /* We must restore tty before any error handling. */ + if (ttyfd != -1) { + (void)tcsetattr(ttyfd, TCSASOFT|TCSAFLUSH, &oterm); + (void)tcsetpgrp(ttyfd, saved_pgrp); + } + if (!ret) + goto done; + break; + case INTERCEPT_REQUEST__TYPE_HELLO: + switch (closure->state) { + case RECV_HELLO_INITIAL: + if (!prepare_listener(closure)) + goto done; + break; + case RECV_HELLO: + break; + default: + /* Only accept hello on a socket with an accepted command. */ + sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO, + "got InterceptHello without an accepted command"); + goto done; + } + break; + default: + sudo_warnx(U_("unexpected type_case value %d in %s from %s"), + req->type_case, "InterceptRequest", "sudo_intercept.so"); + goto done; + } + + /* Switch event to write mode for the reply. */ + if (sudo_ev_set(&closure->ev, fd, SUDO_EV_WRITE|SUDO_EV_PERSIST, intercept_cb, closure) == -1) { + /* This cannot (currently) fail. */ + sudo_warn("%s", U_("unable to add event to queue")); + goto done; + } + if (sudo_ev_add(evbase, &closure->ev, NULL, false) == -1) { + sudo_warn("%s", U_("unable to add event to queue")); + goto done; + } + + ret = true; + +done: + if (ttyfd != -1) + close(ttyfd); + intercept_request__free_unpacked(req, NULL); + debug_return_bool(ret); +} + +static bool +fmt_intercept_response(InterceptResponse *resp, + struct intercept_closure *closure) +{ + uint32_t resp_len; + bool ret = false; + debug_decl(fmt_intercept_response, SUDO_DEBUG_EXEC); + + closure->len = intercept_response__get_packed_size(resp); + if (closure->len > MESSAGE_SIZE_MAX) { + sudo_warnx(U_("server message too large: %zu"), (size_t)closure->len); + goto done; + } + + /* Wire message size is used for length encoding, precedes message. */ + resp_len = closure->len; + closure->len += sizeof(resp_len); + + sudo_debug_printf(SUDO_DEBUG_INFO|SUDO_DEBUG_LINENO, + "size + InterceptResponse %zu bytes", (size_t)closure->len); + + if ((closure->buf = malloc(closure->len)) == NULL) { + sudo_warnx("%s", U_("unable to allocate memory")); + goto done; + } + memcpy(closure->buf, &resp_len, sizeof(resp_len)); + intercept_response__pack(resp, closure->buf + sizeof(resp_len)); + + ret = true; + +done: + debug_return_bool(ret); +} + +static bool +fmt_hello_response(struct intercept_closure *closure) +{ + HelloResponse hello_resp = HELLO_RESPONSE__INIT; + InterceptResponse resp = INTERCEPT_RESPONSE__INIT; + debug_decl(fmt_hello_response, SUDO_DEBUG_EXEC); + + hello_resp.portno = intercept_listen_port; + hello_resp.token_lo = intercept_token.u64[0]; + hello_resp.token_hi = intercept_token.u64[1]; + + resp.u.hello_resp = &hello_resp; + resp.type_case = INTERCEPT_RESPONSE__TYPE_HELLO_RESP; + + debug_return_bool(fmt_intercept_response(&resp, closure)); +} + +static bool +fmt_accept_message(struct intercept_closure *closure) +{ + PolicyAcceptMessage msg = POLICY_ACCEPT_MESSAGE__INIT; + InterceptResponse resp = INTERCEPT_RESPONSE__INIT; + size_t n; + debug_decl(fmt_accept_message, SUDO_DEBUG_EXEC); + + msg.run_command = closure->command; + msg.run_argv = closure->run_argv; + for (n = 0; closure->run_argv[n] != NULL; n++) + continue; + msg.n_run_argv = n; + msg.run_envp = closure->run_envp; + for (n = 0; closure->run_envp[n] != NULL; n++) + continue; + msg.n_run_envp = n; + + resp.u.accept_msg = &msg; + resp.type_case = INTERCEPT_RESPONSE__TYPE_ACCEPT_MSG; + + debug_return_bool(fmt_intercept_response(&resp, closure)); +} + +static bool +fmt_reject_message(struct intercept_closure *closure) +{ + PolicyRejectMessage msg = POLICY_REJECT_MESSAGE__INIT; + InterceptResponse resp = INTERCEPT_RESPONSE__INIT; + debug_decl(fmt_reject_message, SUDO_DEBUG_EXEC); + + msg.reject_message = (char *)closure->errstr; + + resp.u.reject_msg = &msg; + resp.type_case = INTERCEPT_RESPONSE__TYPE_REJECT_MSG; + + debug_return_bool(fmt_intercept_response(&resp, closure)); +} + +static bool +fmt_error_message(struct intercept_closure *closure) +{ + PolicyErrorMessage msg = POLICY_ERROR_MESSAGE__INIT; + InterceptResponse resp = INTERCEPT_RESPONSE__INIT; + debug_decl(fmt_error_message, SUDO_DEBUG_EXEC); + + msg.error_message = (char *)closure->errstr; + + resp.u.error_msg = &msg; + resp.type_case = INTERCEPT_RESPONSE__TYPE_ERROR_MSG; + + debug_return_bool(fmt_intercept_response(&resp, closure)); +} + +/* + * Write a response to sudo_intercept.so. + */ +static bool +intercept_write(int fd, struct intercept_closure *closure) +{ + struct sudo_event_base *evbase = sudo_ev_get_base(&closure->ev); + ssize_t nwritten; + bool ret = false; + debug_decl(intercept_write, SUDO_DEBUG_EXEC); + + sudo_debug_printf(SUDO_DEBUG_INFO|SUDO_DEBUG_LINENO, "state %d", + closure->state); + + if (closure->len == 0) { + /* Format new message. */ + switch (closure->state) { + case RECV_HELLO_INITIAL: + case RECV_HELLO: + if (!fmt_hello_response(closure)) + goto done; + break; + case POLICY_ACCEPT: + if (!fmt_accept_message(closure)) + goto done; + break; + case POLICY_REJECT: + if (!fmt_reject_message(closure)) + goto done; + break; + default: + if (!fmt_error_message(closure)) + goto done; + break; + } + } + + sudo_debug_printf(SUDO_DEBUG_INFO, "%s: sending %u bytes to client", + __func__, closure->len - closure->off); + nwritten = send(fd, closure->buf + closure->off, + closure->len - closure->off, 0); + if (nwritten == -1) { + if (errno == EINTR || errno == EAGAIN) + debug_return_bool(true); + sudo_warn("send"); + goto done; + } + closure->off += nwritten; + + if (closure->off != closure->len) { + /* Partial write. */ + debug_return_bool(true); + } + + sudo_debug_printf(SUDO_DEBUG_INFO, "%s: sent %u bytes to client", + __func__, closure->len); + sudo_ev_del(evbase, &closure->ev); + free(closure->buf); + closure->buf = NULL; + closure->len = 0; + closure->off = 0; + + switch (closure->state) { + case RECV_HELLO_INITIAL: + /* Re-use event for the listener. */ + close(fd); + if (sudo_ev_set(&closure->ev, closure->listen_sock, SUDO_EV_READ|SUDO_EV_PERSIST, intercept_accept_cb, closure) == -1) { + /* This cannot (currently) fail. */ + sudo_warn("%s", U_("unable to add event to queue")); + goto done; + } + if (sudo_ev_add(evbase, &closure->ev, NULL, false) == -1) { + sudo_warn("%s", U_("unable to add event to queue")); + goto done; + } + closure->listen_sock = -1; + closure->state = RECV_CONNECTION; + accept_closure = closure; + break; + case POLICY_ACCEPT: + /* Re-use event to read InterceptHello from sudo_intercept.so ctor. */ + if (sudo_ev_set(&closure->ev, fd, SUDO_EV_READ|SUDO_EV_PERSIST, intercept_cb, closure) == -1) { + /* This cannot (currently) fail. */ + sudo_warn("%s", U_("unable to add event to queue")); + goto done; + } + if (sudo_ev_add(evbase, &closure->ev, NULL, false) == -1) { + sudo_warn("%s", U_("unable to add event to queue")); + goto done; + } + closure->state = RECV_HELLO; + break; + default: + /* Done with this connection. */ + intercept_connection_close(closure); + } + + ret = true; + +done: + debug_return_bool(ret); +} + +static void +intercept_cb(int fd, int what, void *v) +{ + struct intercept_closure *closure = v; + bool success = false; + debug_decl(intercept_cb, SUDO_DEBUG_EXEC); + + switch (what) { + case SUDO_EV_READ: + success = intercept_read(fd, closure); + break; + case SUDO_EV_WRITE: + success = intercept_write(fd, closure); + break; + default: + sudo_warnx("%s: unexpected event type %d", __func__, what); + break; + } + + if (!success) + intercept_connection_close(closure); + + debug_return; +} + +/* + * Accept a new connection from the client and fill in a client closure. + * Registers a new event for the connection. + */ +static void +intercept_accept_cb(int fd, int what, void *v) +{ + struct intercept_closure *closure = v; + struct sudo_event_base *evbase = sudo_ev_get_base(&closure->ev); + struct sockaddr_in sin; + socklen_t sin_len = sizeof(sin); + int client_sock, flags; + debug_decl(intercept_accept_cb, SUDO_DEBUG_EXEC); + + if (closure->state != RECV_CONNECTION) { + sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO, + "state mismatch, expected RECV_CONNECTION (%d), got %d", + RECV_CONNECTION, closure->state); + intercept_connection_close(closure); + accept_closure = NULL; + debug_return; + } + + client_sock = accept(fd, (struct sockaddr *)&sin, &sin_len); + if (client_sock == -1) { + sudo_warn("accept"); + goto bad; + } + flags = fcntl(client_sock, F_GETFL, 0); + if (flags != -1) + (void)fcntl(client_sock, F_SETFL, flags | O_NONBLOCK); + + if (!intercept_setup(client_sock, evbase, closure->details)) { + goto bad; + } + + debug_return; + +bad: + if (client_sock != -1) + close(client_sock); + debug_return; +} +#else /* _PATH_SUDO_INTERCEPT */ +bool +intercept_setup(int fd, struct sudo_event_base *evbase, + struct command_details *details) +{ + debug_decl(intercept_setup, SUDO_DEBUG_EXEC); + + /* Intercept support not compiled in. */ + + debug_return_bool(false); +} + +void +intercept_cleanup(void) +{ + debug_decl(intercept_cleanup, SUDO_DEBUG_EXEC); + + /* Intercept support not compiled in. */ + + debug_return; +} +#endif /* _PATH_SUDO_INTERCEPT */ diff -Nru sudo-1.9.5p2/src/exec_monitor.c sudo-1.9.9/src/exec_monitor.c --- sudo-1.9.5p2/src/exec_monitor.c 2020-12-17 01:33:44.000000000 +0000 +++ sudo-1.9.9/src/exec_monitor.c 2022-01-27 21:24:22.000000000 +0000 @@ -1,7 +1,7 @@ /* * SPDX-License-Identifier: ISC * - * Copyright (c) 2009-2020 Todd C. Miller + * Copyright (c) 2009-2021 Todd C. Miller * * Permission to use, copy, modify, and distribute this software for any * purpose with or without fee is hereby granted, provided that the above @@ -386,7 +386,8 @@ * Returns only if execve() fails. */ static void -exec_cmnd_pty(struct command_details *details, bool foreground, int errfd) +exec_cmnd_pty(struct command_details *details, bool foreground, + int intercept_fd, int errfd) { volatile pid_t self = getpid(); debug_decl(exec_cmnd_pty, SUDO_DEBUG_EXEC); @@ -429,7 +430,7 @@ /* Execute command; only returns on error. */ sudo_debug_printf(SUDO_DEBUG_INFO, "executing %s in the %s", details->command, foreground ? "foreground" : "background"); - exec_cmnd(details, errfd); + exec_cmnd(details, intercept_fd, errfd); debug_return; } @@ -543,7 +544,7 @@ */ int exec_monitor(struct command_details *details, sigset_t *oset, - bool foreground, int backchannel) + bool foreground, int backchannel, int intercept_fd) { struct monitor_closure mc = { 0 }; struct command_status cstat; @@ -586,23 +587,27 @@ /* * We use a pipe to get errno if execve(2) fails in the child. */ - if (pipe2(errpipe, O_CLOEXEC) != 0) - sudo_fatal("%s", U_("unable to create pipe")); + if (pipe2(errpipe, O_CLOEXEC) != 0) { + sudo_warn("%s", U_("unable to create pipe")); + goto bad; + } /* * Before forking, wait for the main sudo process to tell us to go. * Avoids race conditions when the command exits quickly. */ while (recv(backchannel, &cstat, sizeof(cstat), MSG_WAITALL) == -1) { - if (errno != EINTR && errno != EAGAIN) - sudo_fatal("%s", U_("unable to receive message from parent")); + if (errno != EINTR && errno != EAGAIN) { + sudo_warn("%s", U_("unable to receive message from parent")); + goto bad; + } } #ifdef HAVE_SELINUX if (ISSET(details->flags, CD_RBAC_ENABLED)) { - if (selinux_setup(details->selinux_role, details->selinux_type, - details->tty, io_fds[SFD_FOLLOWER], true) == -1) + if (selinux_relabel_tty(details->tty, io_fds[SFD_FOLLOWER]) == -1) goto bad; + selinux_audit_role_change(); } #endif @@ -627,12 +632,14 @@ restore_signals(); /* setup tty and exec command */ - exec_cmnd_pty(details, foreground, errpipe[1]); + exec_cmnd_pty(details, foreground, intercept_fd, errpipe[1]); if (write(errpipe[1], &errno, sizeof(int)) == -1) sudo_warn(U_("unable to execute %s"), details->command); _exit(EXIT_FAILURE); } close(errpipe[1]); + if (intercept_fd != -1) + close(intercept_fd); /* No longer need execfd. */ if (details->execfd != -1) { diff -Nru sudo-1.9.5p2/src/exec_nopty.c sudo-1.9.9/src/exec_nopty.c --- sudo-1.9.5p2/src/exec_nopty.c 2020-12-17 01:33:44.000000000 +0000 +++ sudo-1.9.9/src/exec_nopty.c 2022-01-27 21:24:22.000000000 +0000 @@ -24,6 +24,13 @@ #include #include +#include + +#if defined(HAVE_STDINT_H) +# include +#elif defined(HAVE_INTTYPES_H) +# include +#endif #include #include #include @@ -38,9 +45,6 @@ #include "sudo_plugin_int.h" struct exec_closure_nopty { - pid_t cmnd_pid; - pid_t ppgrp; - struct command_status *cstat; struct command_details *details; struct sudo_event_base *evbase; struct sudo_event *errpipe_event; @@ -56,6 +60,9 @@ struct sudo_event *sigchld_event; struct sudo_event *sigcont_event; struct sudo_event *siginfo_event; + struct command_status *cstat; + pid_t cmnd_pid; + pid_t ppgrp; }; static void handle_sigchld_nopty(struct exec_closure_nopty *ec); @@ -315,6 +322,9 @@ { debug_decl(free_exec_closure_nopty, SUDO_DEBUG_EXEC); + /* Free any remaining intercept resources. */ + intercept_cleanup(); + sudo_ev_base_free(ec->evbase); sudo_ev_free(ec->errpipe_event); sudo_ev_free(ec->sigint_event); @@ -340,6 +350,7 @@ exec_nopty(struct command_details *details, struct command_status *cstat) { struct exec_closure_nopty ec = { 0 }; + int intercept_sv[2] = { -1, -1 }; sigset_t set, oset; int errpipe[2]; debug_decl(exec_nopty, SUDO_DEBUG_EXEC); @@ -358,6 +369,15 @@ sudo_fatal("%s", U_("unable to create pipe")); /* + * Allocate a socketpair for communicating with sudo_intercept.so. + * This must be inherited across exec, hence no FD_CLOEXEC. + */ + if (ISSET(details->flags, CD_INTERCEPT|CD_LOG_SUBCMDS)) { + if (socketpair(PF_UNIX, SOCK_STREAM, 0, intercept_sv) == -1) + sudo_fatal("%s", U_("unable to create sockets")); + } + + /* * Block signals until we have our handlers setup in the parent so * we don't miss SIGCHLD if the command exits immediately. */ @@ -372,12 +392,12 @@ #ifdef HAVE_SELINUX if (ISSET(details->flags, CD_RBAC_ENABLED)) { - if (selinux_setup(details->selinux_role, details->selinux_type, - details->tty, -1, true) == -1) { + if (selinux_relabel_tty(details->tty, -1) == -1) { cstat->type = CMD_ERRNO; cstat->val = errno; debug_return; } + selinux_audit_role_change(); } #endif @@ -390,7 +410,9 @@ /* child */ sigprocmask(SIG_SETMASK, &oset, NULL); close(errpipe[0]); - exec_cmnd(details, errpipe[1]); + if (intercept_sv[0] != -1) + close(intercept_sv[0]); + exec_cmnd(details, intercept_sv[1], errpipe[1]); while (write(errpipe[1], &errno, sizeof(int)) == -1) { if (errno != EINTR) break; @@ -401,6 +423,8 @@ sudo_debug_printf(SUDO_DEBUG_INFO, "executed %s, pid %d", details->command, (int)ec.cmnd_pid); close(errpipe[1]); + if (intercept_sv[1] != -1) + close(intercept_sv[1]); /* No longer need execfd. */ if (details->execfd != -1) { @@ -418,6 +442,12 @@ */ fill_exec_closure_nopty(&ec, cstat, details, errpipe[0]); + /* Create event and closure for intercept mode. */ + if (intercept_sv[0] != -1) { + if (!intercept_setup(intercept_sv[0], ec.evbase, details)) + exit(EXIT_FAILURE); + } + /* Restore signal mask now that signal handlers are setup. */ sigprocmask(SIG_SETMASK, &oset, NULL); diff -Nru sudo-1.9.5p2/src/exec_preload.c sudo-1.9.9/src/exec_preload.c --- sudo-1.9.5p2/src/exec_preload.c 1970-01-01 00:00:00.000000000 +0000 +++ sudo-1.9.9/src/exec_preload.c 2022-01-27 21:24:06.000000000 +0000 @@ -0,0 +1,212 @@ +/* + * SPDX-License-Identifier: ISC + * + * Copyright (c) 2009-2021 Todd C. Miller + * + * Permission to use, copy, modify, and distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR + * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN + * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF + * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + */ + +/* + * This is an open source non-commercial project. Dear PVS-Studio, please check it. + * PVS-Studio Static Code Analyzer for C, C++ and C#: http://www.viva64.com + */ + +#include + +#include +#include +#include +#include +#include + +#include "sudo.h" +#include "sudo_exec.h" + +#ifdef RTLD_PRELOAD_VAR +/* + * Add a DSO file to LD_PRELOAD or the system equivalent. + */ +char ** +sudo_preload_dso(char *envp[], const char *dso_file, int intercept_fd) +{ + char *preload = NULL; + char **nenvp = NULL; + int env_len, len; + int preload_idx = -1; + int intercept_idx = -1; + bool fd_present = false; + bool dso_present = false; +# ifdef RTLD_PRELOAD_ENABLE_VAR + bool dso_enabled = false; +# else + const bool dso_enabled = true; +# endif +# ifdef _PATH_ASAN_LIB + char *dso_buf = NULL; +# endif + debug_decl(sudo_preload_dso, SUDO_DEBUG_UTIL); + +# ifdef _PATH_ASAN_LIB + /* + * The address sanitizer DSO needs to be first in the list. + */ + len = asprintf(&dso_buf, "%s%c%s", _PATH_ASAN_LIB, RTLD_PRELOAD_DELIM, + dso_file); + if (len == -1) + goto oom; + dso_file = dso_buf; +# endif + + /* + * Preload a DSO file. For a list of LD_PRELOAD-alikes, see + * http://www.fortran-2000.com/ArnaudRecipes/sharedlib.html + * XXX - need to support 32-bit and 64-bit variants + */ + + /* Count entries in envp, looking for LD_PRELOAD as we go. */ + for (env_len = 0; envp[env_len] != NULL; env_len++) { + if (strncmp(envp[env_len], RTLD_PRELOAD_VAR "=", sizeof(RTLD_PRELOAD_VAR)) == 0) { + if (preload_idx == -1) { + const char *cp = envp[env_len] + sizeof(RTLD_PRELOAD_VAR); + const size_t dso_len = strlen(dso_file); + + /* + * Check to see if dso_file is already first in the list. + * We don't bother checking for it later in the list. + */ + if (strncmp(cp, dso_file, dso_len) == 0) { + if (cp[dso_len] == '\0' || cp[dso_len] == RTLD_PRELOAD_DELIM) + dso_present = true; + } + + /* Save index of existing LD_PRELOAD variable. */ + preload_idx = env_len; + } else { + /* Remove duplicate LD_PRELOAD. */ + int i; + for (i = env_len; envp[i] != NULL; i++) { + envp[i] = envp[i + 1]; + } + } + continue; + } + if (intercept_fd != -1 && strncmp(envp[env_len], "SUDO_INTERCEPT_FD=", + sizeof("SUDO_INTERCEPT_FD=") - 1) == 0) { + if (intercept_idx == -1) { + const char *cp = envp[env_len] + sizeof("SUDO_INTERCEPT_FD=") - 1; + const char *errstr; + int fd; + + fd = sudo_strtonum(cp, 0, INT_MAX, &errstr); + if (fd == intercept_fd && errstr == NULL) + fd_present = true; + + /* Save index of existing SUDO_INTERCEPT_FD variable. */ + intercept_idx = env_len; + } else { + /* Remove duplicate SUDO_INTERCEPT_FD. */ + int i; + for (i = env_len; envp[i] != NULL; i++) { + envp[i] = envp[i + 1]; + } + } + continue; + } +# ifdef RTLD_PRELOAD_ENABLE_VAR + if (strncmp(envp[env_len], RTLD_PRELOAD_ENABLE_VAR "=", sizeof(RTLD_PRELOAD_ENABLE_VAR)) == 0) { + dso_enabled = true; + continue; + } +# endif + } + + /* + * Make a new copy of envp as needed. + * It would be nice to realloc the old envp[] but we don't know + * whether it was dynamically allocated. [TODO: plugin API] + */ + if (preload_idx == -1 || !dso_enabled || intercept_idx == -1) { + const int env_size = env_len + 1 + (preload_idx == -1) + dso_enabled + (intercept_idx == -1); // -V547 + + nenvp = reallocarray(NULL, env_size, sizeof(*nenvp)); + if (nenvp == NULL) { + sudo_warnx(U_("%s: %s"), __func__, U_("unable to allocate memory")); + debug_return_ptr(NULL); + } + memcpy(nenvp, envp, env_len * sizeof(*envp)); + nenvp[env_len] = NULL; + envp = nenvp; + } + + /* Prepend our LD_PRELOAD to existing value or add new entry at the end. */ + if (!dso_present) { + if (preload_idx == -1) { +# ifdef RTLD_PRELOAD_DEFAULT + len = asprintf(&preload, "%s=%s%c%s", RTLD_PRELOAD_VAR, dso_file, + RTLD_PRELOAD_DELIM, RTLD_PRELOAD_DEFAULT); + if (len == -1) { + goto oom; + } +# else + preload = sudo_new_key_val(RTLD_PRELOAD_VAR, dso_file); + if (preload == NULL) { + goto oom; + } +# endif + envp[env_len++] = preload; + envp[env_len] = NULL; + } else { + const char *old_val = envp[preload_idx] + sizeof(RTLD_PRELOAD_VAR); + len = asprintf(&preload, "%s=%s%c%s", RTLD_PRELOAD_VAR, + dso_file, RTLD_PRELOAD_DELIM, old_val); + if (len == -1) { + goto oom; + } + envp[preload_idx] = preload; + } + } +# ifdef RTLD_PRELOAD_ENABLE_VAR + if (!dso_enabled) { + envp[env_len++] = RTLD_PRELOAD_ENABLE_VAR "="; + envp[env_len] = NULL; + } +# endif + if (!fd_present && intercept_fd != -1) { + char *fdstr; + + len = asprintf(&fdstr, "SUDO_INTERCEPT_FD=%d", intercept_fd); + if (len == -1) { + goto oom; + } + if (intercept_idx != -1) { + envp[intercept_idx] = fdstr; + } else { + envp[env_len++] = fdstr; + envp[env_len] = NULL; + } + } +# ifdef _PATH_ASAN_LIB + free(dso_buf); +# endif + + debug_return_ptr(envp); +oom: + sudo_warnx(U_("%s: %s"), __func__, U_("unable to allocate memory")); +# ifdef _PATH_ASAN_LIB + free(dso_buf); +# endif + free(preload); + free(nenvp); + debug_return_ptr(NULL); +} +#endif /* RTLD_PRELOAD_VAR */ diff -Nru sudo-1.9.5p2/src/exec_pty.c sudo-1.9.9/src/exec_pty.c --- sudo-1.9.5p2/src/exec_pty.c 2021-01-09 20:12:16.000000000 +0000 +++ sudo-1.9.9/src/exec_pty.c 2022-01-27 21:24:22.000000000 +0000 @@ -28,6 +28,12 @@ #include #include #include + +#if defined(HAVE_STDINT_H) +# include +#elif defined(HAVE_INTTYPES_H) +# include +#endif #include #include #include @@ -56,12 +62,6 @@ TAILQ_HEAD(monitor_message_list, monitor_message); struct exec_closure_pty { - pid_t monitor_pid; - pid_t cmnd_pid; - pid_t ppgrp; - short rows; - short cols; - struct command_status *cstat; struct command_details *details; struct sudo_event_base *evbase; struct sudo_event *backchannel_event; @@ -76,7 +76,13 @@ struct sudo_event *sigusr2_event; struct sudo_event *sigchld_event; struct sudo_event *sigwinch_event; + struct command_status *cstat; struct monitor_message_list monitor_messages; + pid_t monitor_pid; + pid_t cmnd_pid; + pid_t ppgrp; + short rows; + short cols; }; /* @@ -1002,8 +1008,8 @@ /* Command exited or was killed, either way we are done. */ sudo_debug_printf(SUDO_DEBUG_INFO, "command exited or was killed"); sudo_ev_loopexit(ec->evbase); + *ec->cstat = cstat; } - *ec->cstat = cstat; break; case CMD_ERRNO: /* Monitor was unable to execute command or broken pipe. */ @@ -1319,6 +1325,9 @@ struct monitor_message *msg; debug_decl(free_exec_closure_pty, SUDO_DEBUG_EXEC); + /* Free any remaining intercept resources. */ + intercept_cleanup(); + sudo_ev_base_free(ec->evbase); sudo_ev_free(ec->backchannel_event); sudo_ev_free(ec->fwdchannel_event); @@ -1352,6 +1361,7 @@ { int io_pipe[3][2] = { { -1, -1 }, { -1, -1 }, { -1, -1 } }; bool interpose[3] = { false, false, false }; + int sv[2], intercept_sv[2] = { -1, -1 }; struct exec_closure_pty ec = { 0 }; struct plugin_container *plugin; int evloop_retries = -1; @@ -1359,7 +1369,6 @@ struct sigaction sa; struct stat sb; pid_t ppgrp; - int sv[2]; debug_decl(exec_pty, SUDO_DEBUG_EXEC); /* @@ -1382,6 +1391,15 @@ sudo_fatal("%s", U_("unable to create sockets")); /* + * Allocate a socketpair for communicating with sudo_intercept.so. + * This must be inherited across exec, hence no FD_CLOEXEC. + */ + if (ISSET(details->flags, CD_INTERCEPT|CD_LOG_SUBCMDS)) { + if (socketpair(PF_UNIX, SOCK_STREAM, 0, intercept_sv) == -1) + sudo_fatal("%s", U_("unable to create sockets")); + } + + /* * We don't want to receive SIGTTIN/SIGTTOU. * XXX - this affects tcsetattr() and tcsetpgrp() too. */ @@ -1553,6 +1571,8 @@ case 0: /* child */ close(sv[0]); + if (intercept_sv[0] != -1) + close(intercept_sv[0]); /* Close the other end of the stdin/stdout/stderr pipes and exec. */ if (io_pipe[STDIN_FILENO][1] != -1) close(io_pipe[STDIN_FILENO][1]); @@ -1566,7 +1586,8 @@ * In this case, we rely on the command receiving SIGTTOU or SIGTTIN * when it needs access to the controlling tty. */ - exec_monitor(details, &oset, foreground && !pipeline, sv[1]); + exec_monitor(details, &oset, foreground && !pipeline, sv[1], + intercept_sv[1]); cstat->type = CMD_ERRNO; cstat->val = errno; if (send(sv[1], cstat, sizeof(*cstat), 0) == -1) { @@ -1619,6 +1640,12 @@ */ fill_exec_closure_pty(&ec, cstat, details, ppgrp, sv[0]); + /* Create event and closure for intercept mode. */ + if (intercept_sv[0] != -1) { + if (!intercept_setup(intercept_sv[0], ec.evbase, details)) + exit(EXIT_FAILURE); + } + /* Restore signal mask now that signal handlers are setup. */ sigprocmask(SIG_SETMASK, &oset, NULL); diff -Nru sudo-1.9.5p2/src/get_pty.c sudo-1.9.9/src/get_pty.c --- sudo-1.9.5p2/src/get_pty.c 2020-12-17 01:33:44.000000000 +0000 +++ sudo-1.9.9/src/get_pty.c 2022-01-27 21:24:07.000000000 +0000 @@ -55,7 +55,7 @@ get_pty(int *leader, int *follower, char *name, size_t namesz, uid_t ttyuid) { struct group *gr; - gid_t ttygid = -1; + gid_t ttygid = (gid_t)-1; bool ret = false; debug_decl(get_pty, SUDO_DEBUG_PTY); diff -Nru sudo-1.9.5p2/src/intercept.exp.in sudo-1.9.9/src/intercept.exp.in --- sudo-1.9.5p2/src/intercept.exp.in 1970-01-01 00:00:00.000000000 +0000 +++ sudo-1.9.9/src/intercept.exp.in 2022-01-27 21:24:06.000000000 +0000 @@ -0,0 +1,6 @@ +@INTERCEPT_EXP@execl +execle +execlp +execv +execve +execvp diff -Nru sudo-1.9.5p2/src/intercept.pb-c.c sudo-1.9.9/src/intercept.pb-c.c --- sudo-1.9.5p2/src/intercept.pb-c.c 1970-01-01 00:00:00.000000000 +0000 +++ sudo-1.9.9/src/intercept.pb-c.c 2022-01-27 21:24:06.000000000 +0000 @@ -0,0 +1,829 @@ +/* Generated by the protocol buffer compiler. DO NOT EDIT! */ +/* Generated from: intercept.proto */ + +/* Do not generate deprecated warnings for self */ +#ifndef PROTOBUF_C__NO_DEPRECATED +#define PROTOBUF_C__NO_DEPRECATED +#endif + +#include "intercept.pb-c.h" +void intercept_request__init + (InterceptRequest *message) +{ + static const InterceptRequest init_value = INTERCEPT_REQUEST__INIT; + *message = init_value; +} +size_t intercept_request__get_packed_size + (const InterceptRequest *message) +{ + assert(message->base.descriptor == &intercept_request__descriptor); + return protobuf_c_message_get_packed_size ((const ProtobufCMessage*)(message)); +} +size_t intercept_request__pack + (const InterceptRequest *message, + uint8_t *out) +{ + assert(message->base.descriptor == &intercept_request__descriptor); + return protobuf_c_message_pack ((const ProtobufCMessage*)message, out); +} +size_t intercept_request__pack_to_buffer + (const InterceptRequest *message, + ProtobufCBuffer *buffer) +{ + assert(message->base.descriptor == &intercept_request__descriptor); + return protobuf_c_message_pack_to_buffer ((const ProtobufCMessage*)message, buffer); +} +InterceptRequest * + intercept_request__unpack + (ProtobufCAllocator *allocator, + size_t len, + const uint8_t *data) +{ + return (InterceptRequest *) + protobuf_c_message_unpack (&intercept_request__descriptor, + allocator, len, data); +} +void intercept_request__free_unpacked + (InterceptRequest *message, + ProtobufCAllocator *allocator) +{ + if(!message) + return; + assert(message->base.descriptor == &intercept_request__descriptor); + protobuf_c_message_free_unpacked ((ProtobufCMessage*)message, allocator); +} +void intercept_hello__init + (InterceptHello *message) +{ + static const InterceptHello init_value = INTERCEPT_HELLO__INIT; + *message = init_value; +} +size_t intercept_hello__get_packed_size + (const InterceptHello *message) +{ + assert(message->base.descriptor == &intercept_hello__descriptor); + return protobuf_c_message_get_packed_size ((const ProtobufCMessage*)(message)); +} +size_t intercept_hello__pack + (const InterceptHello *message, + uint8_t *out) +{ + assert(message->base.descriptor == &intercept_hello__descriptor); + return protobuf_c_message_pack ((const ProtobufCMessage*)message, out); +} +size_t intercept_hello__pack_to_buffer + (const InterceptHello *message, + ProtobufCBuffer *buffer) +{ + assert(message->base.descriptor == &intercept_hello__descriptor); + return protobuf_c_message_pack_to_buffer ((const ProtobufCMessage*)message, buffer); +} +InterceptHello * + intercept_hello__unpack + (ProtobufCAllocator *allocator, + size_t len, + const uint8_t *data) +{ + return (InterceptHello *) + protobuf_c_message_unpack (&intercept_hello__descriptor, + allocator, len, data); +} +void intercept_hello__free_unpacked + (InterceptHello *message, + ProtobufCAllocator *allocator) +{ + if(!message) + return; + assert(message->base.descriptor == &intercept_hello__descriptor); + protobuf_c_message_free_unpacked ((ProtobufCMessage*)message, allocator); +} +void hello_response__init + (HelloResponse *message) +{ + static const HelloResponse init_value = HELLO_RESPONSE__INIT; + *message = init_value; +} +size_t hello_response__get_packed_size + (const HelloResponse *message) +{ + assert(message->base.descriptor == &hello_response__descriptor); + return protobuf_c_message_get_packed_size ((const ProtobufCMessage*)(message)); +} +size_t hello_response__pack + (const HelloResponse *message, + uint8_t *out) +{ + assert(message->base.descriptor == &hello_response__descriptor); + return protobuf_c_message_pack ((const ProtobufCMessage*)message, out); +} +size_t hello_response__pack_to_buffer + (const HelloResponse *message, + ProtobufCBuffer *buffer) +{ + assert(message->base.descriptor == &hello_response__descriptor); + return protobuf_c_message_pack_to_buffer ((const ProtobufCMessage*)message, buffer); +} +HelloResponse * + hello_response__unpack + (ProtobufCAllocator *allocator, + size_t len, + const uint8_t *data) +{ + return (HelloResponse *) + protobuf_c_message_unpack (&hello_response__descriptor, + allocator, len, data); +} +void hello_response__free_unpacked + (HelloResponse *message, + ProtobufCAllocator *allocator) +{ + if(!message) + return; + assert(message->base.descriptor == &hello_response__descriptor); + protobuf_c_message_free_unpacked ((ProtobufCMessage*)message, allocator); +} +void policy_check_request__init + (PolicyCheckRequest *message) +{ + static const PolicyCheckRequest init_value = POLICY_CHECK_REQUEST__INIT; + *message = init_value; +} +size_t policy_check_request__get_packed_size + (const PolicyCheckRequest *message) +{ + assert(message->base.descriptor == &policy_check_request__descriptor); + return protobuf_c_message_get_packed_size ((const ProtobufCMessage*)(message)); +} +size_t policy_check_request__pack + (const PolicyCheckRequest *message, + uint8_t *out) +{ + assert(message->base.descriptor == &policy_check_request__descriptor); + return protobuf_c_message_pack ((const ProtobufCMessage*)message, out); +} +size_t policy_check_request__pack_to_buffer + (const PolicyCheckRequest *message, + ProtobufCBuffer *buffer) +{ + assert(message->base.descriptor == &policy_check_request__descriptor); + return protobuf_c_message_pack_to_buffer ((const ProtobufCMessage*)message, buffer); +} +PolicyCheckRequest * + policy_check_request__unpack + (ProtobufCAllocator *allocator, + size_t len, + const uint8_t *data) +{ + return (PolicyCheckRequest *) + protobuf_c_message_unpack (&policy_check_request__descriptor, + allocator, len, data); +} +void policy_check_request__free_unpacked + (PolicyCheckRequest *message, + ProtobufCAllocator *allocator) +{ + if(!message) + return; + assert(message->base.descriptor == &policy_check_request__descriptor); + protobuf_c_message_free_unpacked ((ProtobufCMessage*)message, allocator); +} +void policy_accept_message__init + (PolicyAcceptMessage *message) +{ + static const PolicyAcceptMessage init_value = POLICY_ACCEPT_MESSAGE__INIT; + *message = init_value; +} +size_t policy_accept_message__get_packed_size + (const PolicyAcceptMessage *message) +{ + assert(message->base.descriptor == &policy_accept_message__descriptor); + return protobuf_c_message_get_packed_size ((const ProtobufCMessage*)(message)); +} +size_t policy_accept_message__pack + (const PolicyAcceptMessage *message, + uint8_t *out) +{ + assert(message->base.descriptor == &policy_accept_message__descriptor); + return protobuf_c_message_pack ((const ProtobufCMessage*)message, out); +} +size_t policy_accept_message__pack_to_buffer + (const PolicyAcceptMessage *message, + ProtobufCBuffer *buffer) +{ + assert(message->base.descriptor == &policy_accept_message__descriptor); + return protobuf_c_message_pack_to_buffer ((const ProtobufCMessage*)message, buffer); +} +PolicyAcceptMessage * + policy_accept_message__unpack + (ProtobufCAllocator *allocator, + size_t len, + const uint8_t *data) +{ + return (PolicyAcceptMessage *) + protobuf_c_message_unpack (&policy_accept_message__descriptor, + allocator, len, data); +} +void policy_accept_message__free_unpacked + (PolicyAcceptMessage *message, + ProtobufCAllocator *allocator) +{ + if(!message) + return; + assert(message->base.descriptor == &policy_accept_message__descriptor); + protobuf_c_message_free_unpacked ((ProtobufCMessage*)message, allocator); +} +void policy_reject_message__init + (PolicyRejectMessage *message) +{ + static const PolicyRejectMessage init_value = POLICY_REJECT_MESSAGE__INIT; + *message = init_value; +} +size_t policy_reject_message__get_packed_size + (const PolicyRejectMessage *message) +{ + assert(message->base.descriptor == &policy_reject_message__descriptor); + return protobuf_c_message_get_packed_size ((const ProtobufCMessage*)(message)); +} +size_t policy_reject_message__pack + (const PolicyRejectMessage *message, + uint8_t *out) +{ + assert(message->base.descriptor == &policy_reject_message__descriptor); + return protobuf_c_message_pack ((const ProtobufCMessage*)message, out); +} +size_t policy_reject_message__pack_to_buffer + (const PolicyRejectMessage *message, + ProtobufCBuffer *buffer) +{ + assert(message->base.descriptor == &policy_reject_message__descriptor); + return protobuf_c_message_pack_to_buffer ((const ProtobufCMessage*)message, buffer); +} +PolicyRejectMessage * + policy_reject_message__unpack + (ProtobufCAllocator *allocator, + size_t len, + const uint8_t *data) +{ + return (PolicyRejectMessage *) + protobuf_c_message_unpack (&policy_reject_message__descriptor, + allocator, len, data); +} +void policy_reject_message__free_unpacked + (PolicyRejectMessage *message, + ProtobufCAllocator *allocator) +{ + if(!message) + return; + assert(message->base.descriptor == &policy_reject_message__descriptor); + protobuf_c_message_free_unpacked ((ProtobufCMessage*)message, allocator); +} +void policy_error_message__init + (PolicyErrorMessage *message) +{ + static const PolicyErrorMessage init_value = POLICY_ERROR_MESSAGE__INIT; + *message = init_value; +} +size_t policy_error_message__get_packed_size + (const PolicyErrorMessage *message) +{ + assert(message->base.descriptor == &policy_error_message__descriptor); + return protobuf_c_message_get_packed_size ((const ProtobufCMessage*)(message)); +} +size_t policy_error_message__pack + (const PolicyErrorMessage *message, + uint8_t *out) +{ + assert(message->base.descriptor == &policy_error_message__descriptor); + return protobuf_c_message_pack ((const ProtobufCMessage*)message, out); +} +size_t policy_error_message__pack_to_buffer + (const PolicyErrorMessage *message, + ProtobufCBuffer *buffer) +{ + assert(message->base.descriptor == &policy_error_message__descriptor); + return protobuf_c_message_pack_to_buffer ((const ProtobufCMessage*)message, buffer); +} +PolicyErrorMessage * + policy_error_message__unpack + (ProtobufCAllocator *allocator, + size_t len, + const uint8_t *data) +{ + return (PolicyErrorMessage *) + protobuf_c_message_unpack (&policy_error_message__descriptor, + allocator, len, data); +} +void policy_error_message__free_unpacked + (PolicyErrorMessage *message, + ProtobufCAllocator *allocator) +{ + if(!message) + return; + assert(message->base.descriptor == &policy_error_message__descriptor); + protobuf_c_message_free_unpacked ((ProtobufCMessage*)message, allocator); +} +void intercept_response__init + (InterceptResponse *message) +{ + static const InterceptResponse init_value = INTERCEPT_RESPONSE__INIT; + *message = init_value; +} +size_t intercept_response__get_packed_size + (const InterceptResponse *message) +{ + assert(message->base.descriptor == &intercept_response__descriptor); + return protobuf_c_message_get_packed_size ((const ProtobufCMessage*)(message)); +} +size_t intercept_response__pack + (const InterceptResponse *message, + uint8_t *out) +{ + assert(message->base.descriptor == &intercept_response__descriptor); + return protobuf_c_message_pack ((const ProtobufCMessage*)message, out); +} +size_t intercept_response__pack_to_buffer + (const InterceptResponse *message, + ProtobufCBuffer *buffer) +{ + assert(message->base.descriptor == &intercept_response__descriptor); + return protobuf_c_message_pack_to_buffer ((const ProtobufCMessage*)message, buffer); +} +InterceptResponse * + intercept_response__unpack + (ProtobufCAllocator *allocator, + size_t len, + const uint8_t *data) +{ + return (InterceptResponse *) + protobuf_c_message_unpack (&intercept_response__descriptor, + allocator, len, data); +} +void intercept_response__free_unpacked + (InterceptResponse *message, + ProtobufCAllocator *allocator) +{ + if(!message) + return; + assert(message->base.descriptor == &intercept_response__descriptor); + protobuf_c_message_free_unpacked ((ProtobufCMessage*)message, allocator); +} +static const ProtobufCFieldDescriptor intercept_request__field_descriptors[2] = +{ + { + "policy_check_req", + 1, + PROTOBUF_C_LABEL_NONE, + PROTOBUF_C_TYPE_MESSAGE, + offsetof(InterceptRequest, type_case), + offsetof(InterceptRequest, u.policy_check_req), + &policy_check_request__descriptor, + NULL, + 0 | PROTOBUF_C_FIELD_FLAG_ONEOF, /* flags */ + 0,NULL,NULL /* reserved1,reserved2, etc */ + }, + { + "hello", + 2, + PROTOBUF_C_LABEL_NONE, + PROTOBUF_C_TYPE_MESSAGE, + offsetof(InterceptRequest, type_case), + offsetof(InterceptRequest, u.hello), + &intercept_hello__descriptor, + NULL, + 0 | PROTOBUF_C_FIELD_FLAG_ONEOF, /* flags */ + 0,NULL,NULL /* reserved1,reserved2, etc */ + }, +}; +static const unsigned intercept_request__field_indices_by_name[] = { + 1, /* field[1] = hello */ + 0, /* field[0] = policy_check_req */ +}; +static const ProtobufCIntRange intercept_request__number_ranges[1 + 1] = +{ + { 1, 0 }, + { 0, 2 } +}; +const ProtobufCMessageDescriptor intercept_request__descriptor = +{ + PROTOBUF_C__MESSAGE_DESCRIPTOR_MAGIC, + "InterceptRequest", + "InterceptRequest", + "InterceptRequest", + "", + sizeof(InterceptRequest), + 2, + intercept_request__field_descriptors, + intercept_request__field_indices_by_name, + 1, intercept_request__number_ranges, + (ProtobufCMessageInit) intercept_request__init, + NULL,NULL,NULL /* reserved[123] */ +}; +static const ProtobufCFieldDescriptor intercept_hello__field_descriptors[1] = +{ + { + "pid", + 1, + PROTOBUF_C_LABEL_NONE, + PROTOBUF_C_TYPE_INT32, + 0, /* quantifier_offset */ + offsetof(InterceptHello, pid), + NULL, + NULL, + 0, /* flags */ + 0,NULL,NULL /* reserved1,reserved2, etc */ + }, +}; +static const unsigned intercept_hello__field_indices_by_name[] = { + 0, /* field[0] = pid */ +}; +static const ProtobufCIntRange intercept_hello__number_ranges[1 + 1] = +{ + { 1, 0 }, + { 0, 1 } +}; +const ProtobufCMessageDescriptor intercept_hello__descriptor = +{ + PROTOBUF_C__MESSAGE_DESCRIPTOR_MAGIC, + "InterceptHello", + "InterceptHello", + "InterceptHello", + "", + sizeof(InterceptHello), + 1, + intercept_hello__field_descriptors, + intercept_hello__field_indices_by_name, + 1, intercept_hello__number_ranges, + (ProtobufCMessageInit) intercept_hello__init, + NULL,NULL,NULL /* reserved[123] */ +}; +static const ProtobufCFieldDescriptor hello_response__field_descriptors[3] = +{ + { + "token_lo", + 1, + PROTOBUF_C_LABEL_NONE, + PROTOBUF_C_TYPE_FIXED64, + 0, /* quantifier_offset */ + offsetof(HelloResponse, token_lo), + NULL, + NULL, + 0, /* flags */ + 0,NULL,NULL /* reserved1,reserved2, etc */ + }, + { + "token_hi", + 2, + PROTOBUF_C_LABEL_NONE, + PROTOBUF_C_TYPE_FIXED64, + 0, /* quantifier_offset */ + offsetof(HelloResponse, token_hi), + NULL, + NULL, + 0, /* flags */ + 0,NULL,NULL /* reserved1,reserved2, etc */ + }, + { + "portno", + 3, + PROTOBUF_C_LABEL_NONE, + PROTOBUF_C_TYPE_INT32, + 0, /* quantifier_offset */ + offsetof(HelloResponse, portno), + NULL, + NULL, + 0, /* flags */ + 0,NULL,NULL /* reserved1,reserved2, etc */ + }, +}; +static const unsigned hello_response__field_indices_by_name[] = { + 2, /* field[2] = portno */ + 1, /* field[1] = token_hi */ + 0, /* field[0] = token_lo */ +}; +static const ProtobufCIntRange hello_response__number_ranges[1 + 1] = +{ + { 1, 0 }, + { 0, 3 } +}; +const ProtobufCMessageDescriptor hello_response__descriptor = +{ + PROTOBUF_C__MESSAGE_DESCRIPTOR_MAGIC, + "HelloResponse", + "HelloResponse", + "HelloResponse", + "", + sizeof(HelloResponse), + 3, + hello_response__field_descriptors, + hello_response__field_indices_by_name, + 1, hello_response__number_ranges, + (ProtobufCMessageInit) hello_response__init, + NULL,NULL,NULL /* reserved[123] */ +}; +static const ProtobufCFieldDescriptor policy_check_request__field_descriptors[5] = +{ + { + "command", + 1, + PROTOBUF_C_LABEL_NONE, + PROTOBUF_C_TYPE_STRING, + 0, /* quantifier_offset */ + offsetof(PolicyCheckRequest, command), + NULL, + &protobuf_c_empty_string, + 0, /* flags */ + 0,NULL,NULL /* reserved1,reserved2, etc */ + }, + { + "cwd", + 2, + PROTOBUF_C_LABEL_NONE, + PROTOBUF_C_TYPE_STRING, + 0, /* quantifier_offset */ + offsetof(PolicyCheckRequest, cwd), + NULL, + &protobuf_c_empty_string, + 0, /* flags */ + 0,NULL,NULL /* reserved1,reserved2, etc */ + }, + { + "argv", + 3, + PROTOBUF_C_LABEL_REPEATED, + PROTOBUF_C_TYPE_STRING, + offsetof(PolicyCheckRequest, n_argv), + offsetof(PolicyCheckRequest, argv), + NULL, + &protobuf_c_empty_string, + 0, /* flags */ + 0,NULL,NULL /* reserved1,reserved2, etc */ + }, + { + "envp", + 4, + PROTOBUF_C_LABEL_REPEATED, + PROTOBUF_C_TYPE_STRING, + offsetof(PolicyCheckRequest, n_envp), + offsetof(PolicyCheckRequest, envp), + NULL, + &protobuf_c_empty_string, + 0, /* flags */ + 0,NULL,NULL /* reserved1,reserved2, etc */ + }, + { + "intercept_fd", + 5, + PROTOBUF_C_LABEL_NONE, + PROTOBUF_C_TYPE_INT32, + 0, /* quantifier_offset */ + offsetof(PolicyCheckRequest, intercept_fd), + NULL, + NULL, + 0, /* flags */ + 0,NULL,NULL /* reserved1,reserved2, etc */ + }, +}; +static const unsigned policy_check_request__field_indices_by_name[] = { + 2, /* field[2] = argv */ + 0, /* field[0] = command */ + 1, /* field[1] = cwd */ + 3, /* field[3] = envp */ + 4, /* field[4] = intercept_fd */ +}; +static const ProtobufCIntRange policy_check_request__number_ranges[1 + 1] = +{ + { 1, 0 }, + { 0, 5 } +}; +const ProtobufCMessageDescriptor policy_check_request__descriptor = +{ + PROTOBUF_C__MESSAGE_DESCRIPTOR_MAGIC, + "PolicyCheckRequest", + "PolicyCheckRequest", + "PolicyCheckRequest", + "", + sizeof(PolicyCheckRequest), + 5, + policy_check_request__field_descriptors, + policy_check_request__field_indices_by_name, + 1, policy_check_request__number_ranges, + (ProtobufCMessageInit) policy_check_request__init, + NULL,NULL,NULL /* reserved[123] */ +}; +static const ProtobufCFieldDescriptor policy_accept_message__field_descriptors[3] = +{ + { + "run_command", + 1, + PROTOBUF_C_LABEL_NONE, + PROTOBUF_C_TYPE_STRING, + 0, /* quantifier_offset */ + offsetof(PolicyAcceptMessage, run_command), + NULL, + &protobuf_c_empty_string, + 0, /* flags */ + 0,NULL,NULL /* reserved1,reserved2, etc */ + }, + { + "run_argv", + 2, + PROTOBUF_C_LABEL_REPEATED, + PROTOBUF_C_TYPE_STRING, + offsetof(PolicyAcceptMessage, n_run_argv), + offsetof(PolicyAcceptMessage, run_argv), + NULL, + &protobuf_c_empty_string, + 0, /* flags */ + 0,NULL,NULL /* reserved1,reserved2, etc */ + }, + { + "run_envp", + 3, + PROTOBUF_C_LABEL_REPEATED, + PROTOBUF_C_TYPE_STRING, + offsetof(PolicyAcceptMessage, n_run_envp), + offsetof(PolicyAcceptMessage, run_envp), + NULL, + &protobuf_c_empty_string, + 0, /* flags */ + 0,NULL,NULL /* reserved1,reserved2, etc */ + }, +}; +static const unsigned policy_accept_message__field_indices_by_name[] = { + 1, /* field[1] = run_argv */ + 0, /* field[0] = run_command */ + 2, /* field[2] = run_envp */ +}; +static const ProtobufCIntRange policy_accept_message__number_ranges[1 + 1] = +{ + { 1, 0 }, + { 0, 3 } +}; +const ProtobufCMessageDescriptor policy_accept_message__descriptor = +{ + PROTOBUF_C__MESSAGE_DESCRIPTOR_MAGIC, + "PolicyAcceptMessage", + "PolicyAcceptMessage", + "PolicyAcceptMessage", + "", + sizeof(PolicyAcceptMessage), + 3, + policy_accept_message__field_descriptors, + policy_accept_message__field_indices_by_name, + 1, policy_accept_message__number_ranges, + (ProtobufCMessageInit) policy_accept_message__init, + NULL,NULL,NULL /* reserved[123] */ +}; +static const ProtobufCFieldDescriptor policy_reject_message__field_descriptors[1] = +{ + { + "reject_message", + 1, + PROTOBUF_C_LABEL_NONE, + PROTOBUF_C_TYPE_STRING, + 0, /* quantifier_offset */ + offsetof(PolicyRejectMessage, reject_message), + NULL, + &protobuf_c_empty_string, + 0, /* flags */ + 0,NULL,NULL /* reserved1,reserved2, etc */ + }, +}; +static const unsigned policy_reject_message__field_indices_by_name[] = { + 0, /* field[0] = reject_message */ +}; +static const ProtobufCIntRange policy_reject_message__number_ranges[1 + 1] = +{ + { 1, 0 }, + { 0, 1 } +}; +const ProtobufCMessageDescriptor policy_reject_message__descriptor = +{ + PROTOBUF_C__MESSAGE_DESCRIPTOR_MAGIC, + "PolicyRejectMessage", + "PolicyRejectMessage", + "PolicyRejectMessage", + "", + sizeof(PolicyRejectMessage), + 1, + policy_reject_message__field_descriptors, + policy_reject_message__field_indices_by_name, + 1, policy_reject_message__number_ranges, + (ProtobufCMessageInit) policy_reject_message__init, + NULL,NULL,NULL /* reserved[123] */ +}; +static const ProtobufCFieldDescriptor policy_error_message__field_descriptors[1] = +{ + { + "error_message", + 1, + PROTOBUF_C_LABEL_NONE, + PROTOBUF_C_TYPE_STRING, + 0, /* quantifier_offset */ + offsetof(PolicyErrorMessage, error_message), + NULL, + &protobuf_c_empty_string, + 0, /* flags */ + 0,NULL,NULL /* reserved1,reserved2, etc */ + }, +}; +static const unsigned policy_error_message__field_indices_by_name[] = { + 0, /* field[0] = error_message */ +}; +static const ProtobufCIntRange policy_error_message__number_ranges[1 + 1] = +{ + { 1, 0 }, + { 0, 1 } +}; +const ProtobufCMessageDescriptor policy_error_message__descriptor = +{ + PROTOBUF_C__MESSAGE_DESCRIPTOR_MAGIC, + "PolicyErrorMessage", + "PolicyErrorMessage", + "PolicyErrorMessage", + "", + sizeof(PolicyErrorMessage), + 1, + policy_error_message__field_descriptors, + policy_error_message__field_indices_by_name, + 1, policy_error_message__number_ranges, + (ProtobufCMessageInit) policy_error_message__init, + NULL,NULL,NULL /* reserved[123] */ +}; +static const ProtobufCFieldDescriptor intercept_response__field_descriptors[4] = +{ + { + "hello_resp", + 1, + PROTOBUF_C_LABEL_NONE, + PROTOBUF_C_TYPE_MESSAGE, + offsetof(InterceptResponse, type_case), + offsetof(InterceptResponse, u.hello_resp), + &hello_response__descriptor, + NULL, + 0 | PROTOBUF_C_FIELD_FLAG_ONEOF, /* flags */ + 0,NULL,NULL /* reserved1,reserved2, etc */ + }, + { + "accept_msg", + 2, + PROTOBUF_C_LABEL_NONE, + PROTOBUF_C_TYPE_MESSAGE, + offsetof(InterceptResponse, type_case), + offsetof(InterceptResponse, u.accept_msg), + &policy_accept_message__descriptor, + NULL, + 0 | PROTOBUF_C_FIELD_FLAG_ONEOF, /* flags */ + 0,NULL,NULL /* reserved1,reserved2, etc */ + }, + { + "reject_msg", + 3, + PROTOBUF_C_LABEL_NONE, + PROTOBUF_C_TYPE_MESSAGE, + offsetof(InterceptResponse, type_case), + offsetof(InterceptResponse, u.reject_msg), + &policy_reject_message__descriptor, + NULL, + 0 | PROTOBUF_C_FIELD_FLAG_ONEOF, /* flags */ + 0,NULL,NULL /* reserved1,reserved2, etc */ + }, + { + "error_msg", + 4, + PROTOBUF_C_LABEL_NONE, + PROTOBUF_C_TYPE_MESSAGE, + offsetof(InterceptResponse, type_case), + offsetof(InterceptResponse, u.error_msg), + &policy_error_message__descriptor, + NULL, + 0 | PROTOBUF_C_FIELD_FLAG_ONEOF, /* flags */ + 0,NULL,NULL /* reserved1,reserved2, etc */ + }, +}; +static const unsigned intercept_response__field_indices_by_name[] = { + 1, /* field[1] = accept_msg */ + 3, /* field[3] = error_msg */ + 0, /* field[0] = hello_resp */ + 2, /* field[2] = reject_msg */ +}; +static const ProtobufCIntRange intercept_response__number_ranges[1 + 1] = +{ + { 1, 0 }, + { 0, 4 } +}; +const ProtobufCMessageDescriptor intercept_response__descriptor = +{ + PROTOBUF_C__MESSAGE_DESCRIPTOR_MAGIC, + "InterceptResponse", + "InterceptResponse", + "InterceptResponse", + "", + sizeof(InterceptResponse), + 4, + intercept_response__field_descriptors, + intercept_response__field_indices_by_name, + 1, intercept_response__number_ranges, + (ProtobufCMessageInit) intercept_response__init, + NULL,NULL,NULL /* reserved[123] */ +}; diff -Nru sudo-1.9.5p2/src/intercept.proto sudo-1.9.9/src/intercept.proto --- sudo-1.9.5p2/src/intercept.proto 1970-01-01 00:00:00.000000000 +0000 +++ sudo-1.9.9/src/intercept.proto 2022-01-27 21:24:07.000000000 +0000 @@ -0,0 +1,69 @@ +syntax = "proto3"; + +/* + * Intercept message from sudo_intercept.so. Messages on the + * wire are prefixed with a 32-bit size in network byte order. + */ +message InterceptRequest { + oneof type { + PolicyCheckRequest policy_check_req = 1; + InterceptHello hello = 2; + } +} + +/* + * Hello message from sudo_intercept.so to main sudo process. + * Sudo sends back the token and localhost port number. + */ +message InterceptHello { + int32 pid = 1; +} + +/* + * Sudo response to an InterceptHello from sudo_intercept.so. + * The client uses the port number and token to connect back to sudo. + */ +message HelloResponse { + fixed64 token_lo = 1; + fixed64 token_hi = 2; + int32 portno = 3; +} + +/* + * Policy check request from sudo_intercept.so. + * Note that the plugin API only currently supports passing + * the new environment in to the open() function. + */ +message PolicyCheckRequest { + string command = 1; + string cwd = 2; + repeated string argv = 3; + repeated string envp = 4; + int32 intercept_fd = 5; +} + +message PolicyAcceptMessage { + string run_command = 1; + repeated string run_argv = 2; + repeated string run_envp = 3; +} + +message PolicyRejectMessage { + string reject_message = 1; +} + +message PolicyErrorMessage { + string error_message = 1; +} + +/* + * Response sent back to sudo_intercept.so. + */ +message InterceptResponse { + oneof type { + HelloResponse hello_resp = 1; + PolicyAcceptMessage accept_msg = 2; + PolicyRejectMessage reject_msg = 3; + PolicyErrorMessage error_msg = 4; + } +} diff -Nru sudo-1.9.5p2/src/limits.c sudo-1.9.9/src/limits.c --- sudo-1.9.5p2/src/limits.c 2020-12-17 01:33:44.000000000 +0000 +++ sudo-1.9.9/src/limits.c 2022-01-27 21:24:22.000000000 +0000 @@ -1,7 +1,7 @@ /* * SPDX-License-Identifier: ISC * - * Copyright (c) 1999-2020 Todd C. Miller + * Copyright (c) 1999-2021 Todd C. Miller * * Permission to use, copy, modify, and distribute this software for any * purpose with or without fee is hereby granted, provided that the above @@ -30,11 +30,16 @@ #ifdef __linux__ # include #endif +#include #include #include #include "sudo.h" +/* + * Avoid using RLIM_INFINITY for the nofile soft limit to prevent + * closefrom_fallback() from closing too many file descriptors. + */ #if defined(OPEN_MAX) && OPEN_MAX > 256 # define SUDO_OPEN_MAX OPEN_MAX #else @@ -66,7 +71,6 @@ * the stack hard limit to be infinite. * Linux containers have a problem with an infinite stack soft limit. */ -static struct rlimit nofile_fallback = { SUDO_OPEN_MAX, RLIM_INFINITY }; static struct rlimit stack_fallback = { SUDO_STACK_MIN, 65532 * 1024 }; static struct saved_limit { @@ -74,31 +78,127 @@ int resource; /* RLIMIT_FOO definition */ bool override; /* override limit while sudo executes? */ bool saved; /* true if we were able to get the value */ + bool policy; /* true if policy specified an rlimit */ + bool preserve; /* true if policy says to preserve user limit */ + rlim_t minlimit; /* only modify limit if less than this value */ struct rlimit *fallback; /* fallback if we fail to set to newlimit */ struct rlimit newlimit; /* new limit to use if override is true */ struct rlimit oldlimit; /* original limit, valid if saved is true */ + struct rlimit policylimit; /* limit from policy, valid if policy is true */ } saved_limits[] = { #ifdef RLIMIT_AS - { "rlimit_as", RLIMIT_AS, true, false, NULL, { RLIM_INFINITY, RLIM_INFINITY } }, + { + "rlimit_as", + RLIMIT_AS, + true, /* override */ + false, /* saved */ + false, /* policy */ + false, /* preserve */ + 1 * 1024 * 1024 * 1024, /* minlimit */ + NULL, /* fallback */ + { RLIM_INFINITY, RLIM_INFINITY } /* newlimit */ + }, #endif - { "rlimit_core", RLIMIT_CORE, false }, - { "rlimit_cpu", RLIMIT_CPU, true, false, NULL, { RLIM_INFINITY, RLIM_INFINITY } }, - { "rlimit_data", RLIMIT_DATA, true, false, NULL, { RLIM_INFINITY, RLIM_INFINITY } }, - { "rlimit_fsize", RLIMIT_FSIZE, true, false, NULL, { RLIM_INFINITY, RLIM_INFINITY } }, + { + "rlimit_core", + RLIMIT_CORE, + false /* override */ + }, + { + "rlimit_cpu", + RLIMIT_CPU, + true, /* override */ + false, /* saved */ + false, /* policy */ + false, /* preserve */ + RLIM_INFINITY, /* minlimit */ + NULL, + { RLIM_INFINITY, RLIM_INFINITY } + }, + { + "rlimit_data", + RLIMIT_DATA, + true, /* override */ + false, /* saved */ + false, /* policy */ + false, /* preserve */ + 1 * 1024 * 1024 * 1024, /* minlimit */ + NULL, + { RLIM_INFINITY, RLIM_INFINITY } + }, + { + "rlimit_fsize", + RLIMIT_FSIZE, + true, /* override */ + false, /* saved */ + false, /* policy */ + false, /* preserve */ + RLIM_INFINITY, /* minlimit */ + NULL, + { RLIM_INFINITY, RLIM_INFINITY } + }, #ifdef RLIMIT_LOCKS - { "rlimit_locks", RLIMIT_LOCKS, false }, + { + "rlimit_locks", + RLIMIT_LOCKS, + false /* override */ + }, #endif #ifdef RLIMIT_MEMLOCK - { "rlimit_memlock", RLIMIT_MEMLOCK, false }, + { + "rlimit_memlock", + RLIMIT_MEMLOCK, + false /* override */ + }, #endif - { "rlimit_nofile", RLIMIT_NOFILE, true, false, &nofile_fallback, { RLIM_INFINITY, RLIM_INFINITY } }, + { + "rlimit_nofile", + RLIMIT_NOFILE, + true, /* override */ + false, /* saved */ + false, /* policy */ + false, /* preserve */ + SUDO_OPEN_MAX, /* minlimit */ + NULL, + { SUDO_OPEN_MAX, RLIM_INFINITY } + }, #ifdef RLIMIT_NPROC - { "rlimit_nproc", RLIMIT_NPROC, true, false, NULL, { RLIM_INFINITY, RLIM_INFINITY } }, + { + "rlimit_nproc", + RLIMIT_NPROC, + true, /* override */ + false, /* saved */ + false, /* policy */ + false, /* preserve */ + RLIM_INFINITY, /* minlimit */ + NULL, + { RLIM_INFINITY, RLIM_INFINITY } + }, #endif #ifdef RLIMIT_RSS - { "rlimit_rss", RLIMIT_RSS, true, false, NULL, { RLIM_INFINITY, RLIM_INFINITY } }, + { + "rlimit_rss", + RLIMIT_RSS, + true, /* override */ + false, /* saved */ + false, /* policy */ + false, /* preserve */ + RLIM_INFINITY, /* minlimit */ + NULL, + { RLIM_INFINITY, RLIM_INFINITY } + }, #endif - { "rlimit_stack", RLIMIT_STACK, true, false, &stack_fallback, { SUDO_STACK_MIN, RLIM_INFINITY } } + { + "rlimit_stack", + RLIMIT_STACK, + true, /* override */ + false, /* saved */ + false, /* policy */ + false, /* preserve */ + SUDO_STACK_MIN, /* minlimit */ + &stack_fallback, + { SUDO_STACK_MIN, RLIM_INFINITY } + } }; static struct rlimit corelimit; @@ -133,7 +233,7 @@ } if (prctl(PR_SET_DUMPABLE, 0, 0, 0, 0) == -1) { sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_ERRNO, - "prctl(PR_SET_DUMPABLE, %d, 0, 0, 0)", dumpflag); + "prctl(PR_SET_DUMPABLE, 0, 0, 0, 0)"); } #endif /* __linux__ */ coredump_disabled = true; @@ -228,7 +328,7 @@ unlimit_sudo(void) { unsigned int idx; - int rc; + int pass, rc; debug_decl(unlimit_sudo, SUDO_DEBUG_UTIL); /* Set resource limits to unlimited and stash the old values. */ @@ -237,53 +337,59 @@ if (getrlimit(lim->resource, &lim->oldlimit) == -1) continue; sudo_debug_printf(SUDO_DEBUG_INFO, - "getrlimit(lim->name) -> [%lld, %lld]", + "getrlimit(%s) -> [%lld, %lld]", lim->name, (long long)lim->oldlimit.rlim_cur, (long long)lim->oldlimit.rlim_max); - lim->saved = true; + + /* Only override the existing limit if it is smaller than minlimit. */ + if (lim->minlimit != RLIM_INFINITY) { + if (lim->oldlimit.rlim_cur >= lim->minlimit) + lim->override = false; + } if (!lim->override) continue; - if (lim->newlimit.rlim_cur != RLIM_INFINITY) { - /* Don't reduce the soft resource limit. */ - if (lim->oldlimit.rlim_cur == RLIM_INFINITY || - lim->oldlimit.rlim_cur > lim->newlimit.rlim_cur) - lim->newlimit.rlim_cur = lim->oldlimit.rlim_cur; - } - if (lim->newlimit.rlim_max != RLIM_INFINITY) { - /* Don't reduce the hard resource limit. */ - if (lim->oldlimit.rlim_max == RLIM_INFINITY || - lim->oldlimit.rlim_max > lim->newlimit.rlim_max) - lim->newlimit.rlim_max = lim->oldlimit.rlim_max; - } - if ((rc = setrlimit(lim->resource, &lim->newlimit)) == -1) { - sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_ERRNO, - "setrlimit(%s, [%lld, %lld])", lim->name, - (long long)lim->newlimit.rlim_cur, - (long long)lim->newlimit.rlim_max); - if (lim->fallback != NULL) { - if ((rc = setrlimit(lim->resource, lim->fallback)) == -1) { - sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_ERRNO, - "setrlimit(%s, [%lld, %lld])", lim->name, - (long long)lim->fallback->rlim_cur, - (long long)lim->fallback->rlim_max); - } + for (pass = 0; pass < 2; pass++) { + if (lim->newlimit.rlim_cur != RLIM_INFINITY) { + /* Don't reduce the soft resource limit. */ + if (lim->oldlimit.rlim_cur == RLIM_INFINITY || + lim->oldlimit.rlim_cur > lim->newlimit.rlim_cur) + lim->newlimit.rlim_cur = lim->oldlimit.rlim_cur; + } + if (lim->newlimit.rlim_max != RLIM_INFINITY) { + /* Don't reduce the hard resource limit. */ + if (lim->oldlimit.rlim_max == RLIM_INFINITY || + lim->oldlimit.rlim_max > lim->newlimit.rlim_max) + lim->newlimit.rlim_max = lim->oldlimit.rlim_max; } - if (rc == -1) { - /* Try setting new rlim_cur to old rlim_max. */ - lim->newlimit.rlim_cur = lim->oldlimit.rlim_max; - lim->newlimit.rlim_max = lim->oldlimit.rlim_max; - if ((rc = setrlimit(lim->resource, &lim->newlimit)) == -1) { - sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_ERRNO, - "setrlimit(%s, [%lld, %lld])", lim->name, - (long long)lim->newlimit.rlim_cur, - (long long)lim->newlimit.rlim_max); + if ((rc = setrlimit(lim->resource, &lim->newlimit)) == -1) { + sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_ERRNO, + "setrlimit(%s, [%lld, %lld])", lim->name, + (long long)lim->newlimit.rlim_cur, + (long long)lim->newlimit.rlim_max); + if (pass == 0 && lim->fallback != NULL) { + /* Try again using fallback values. */ + lim->newlimit.rlim_cur = lim->fallback->rlim_cur; + lim->newlimit.rlim_max = lim->fallback->rlim_max; + continue; } } - if (rc == -1) - sudo_warn("setrlimit(%s)", lim->name); + break; } + if (rc == -1) { + /* Try setting new rlim_cur to old rlim_max. */ + lim->newlimit.rlim_cur = lim->oldlimit.rlim_max; + lim->newlimit.rlim_max = lim->oldlimit.rlim_max; + if ((rc = setrlimit(lim->resource, &lim->newlimit)) == -1) { + sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_ERRNO, + "setrlimit(%s, [%lld, %lld])", lim->name, + (long long)lim->newlimit.rlim_cur, + (long long)lim->newlimit.rlim_max); + } + } + if (rc == -1) + sudo_warn("setrlimit(%s)", lim->name); } debug_return; @@ -342,12 +448,223 @@ debug_return; } +static bool +store_rlimit(const char *str, rlim_t *val, bool soft) +{ + const size_t inflen = sizeof("infinity") - 1; + debug_decl(store_rlimit, SUDO_DEBUG_UTIL); + + if (isdigit((unsigned char)*str)) { + unsigned long long ullval = 0; + char *ep; + + errno = 0; +#ifdef HAVE_STRTOULL + ullval = strtoull(str, &ep, 10); + if (str == ep || (errno == ERANGE && ullval == ULLONG_MAX)) + debug_return_bool(false); +#else + ullval = strtoul(str, &ep, 10); + if (str == ep || (errno == ERANGE && ullval == ULONG_MAX)) + debug_return_bool(false); +#endif + if (*ep == '\0' || (soft && *ep == ',')) { + *val = ullval; + debug_return_bool(true); + } + goto done; + } + if (strncmp(str, "infinity", inflen) == 0) { + if (str[inflen] == '\0' || (soft && str[inflen] == ',')) { + *val = RLIM_INFINITY; + debug_return_bool(true); + } + } +done: + debug_return_bool(false); +} + +static bool +set_policy_rlimit(int resource, const char *val) +{ + unsigned int idx; + debug_decl(set_policy_rlimit, SUDO_DEBUG_UTIL); + + for (idx = 0; idx < nitems(saved_limits); idx++) { + struct saved_limit *lim = &saved_limits[idx]; + const char *hard, *soft = val; + + if (lim->resource != resource) + continue; + + if (strcmp(val, "default") == 0) { + /* Use system-assigned limit set by begin_session(). */ + lim->policy = false; + lim->preserve = false; + debug_return_bool(true); + } + if (strcmp(val, "user") == 0) { + /* Preserve invoking user's limit. */ + lim->policy = false; + lim->preserve = true; + debug_return_bool(true); + } + + /* + * Expect limit in the form "soft,hard" or "limit" (both soft+hard). + */ + hard = strchr(val, ','); + if (hard != NULL) + hard++; + else + hard = soft; + + if (store_rlimit(soft, &lim->policylimit.rlim_cur, true) && + store_rlimit(hard, &lim->policylimit.rlim_max, false)) { + lim->policy = true; + lim->preserve = false; + debug_return_bool(true); + } + sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO, + "%s: invalid rlimit: %s", lim->name, val); + debug_return_bool(false); + } + sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO, + "invalid resource limit: %d", resource); + debug_return_bool(false); +} + +bool +parse_policy_rlimit(const char *str) +{ + bool ret = false; + debug_decl(parse_policy_rlimit, SUDO_DEBUG_UTIL); + +#ifdef RLIMIT_AS + if (strncmp(str, "as=", sizeof("as=") - 1) == 0) { + str += sizeof("as=") - 1; + ret = set_policy_rlimit(RLIMIT_AS, str); + } else +#endif +#ifdef RLIMIT_CORE + if (strncmp(str, "core=", sizeof("core=") - 1) == 0) { + str += sizeof("core=") - 1; + ret = set_policy_rlimit(RLIMIT_CORE, str); + } else +#endif +#ifdef RLIMIT_CPU + if (strncmp(str, "cpu=", sizeof("cpu=") - 1) == 0) { + str += sizeof("cpu=") - 1; + ret = set_policy_rlimit(RLIMIT_CPU, str); + } else +#endif +#ifdef RLIMIT_DATA + if (strncmp(str, "data=", sizeof("data=") - 1) == 0) { + str += sizeof("data=") - 1; + ret = set_policy_rlimit(RLIMIT_DATA, str); + } else +#endif +#ifdef RLIMIT_FSIZE + if (strncmp(str, "fsize=", sizeof("fsize=") - 1) == 0) { + str += sizeof("fsize=") - 1; + ret = set_policy_rlimit(RLIMIT_FSIZE, str); + } else +#endif +#ifdef RLIMIT_LOCKS + if (strncmp(str, "locks=", sizeof("locks=") - 1) == 0) { + str += sizeof("locks=") - 1; + ret = set_policy_rlimit(RLIMIT_LOCKS, str); + } else +#endif +#ifdef RLIMIT_MEMLOCK + if (strncmp(str, "memlock=", sizeof("memlock=") - 1) == 0) { + str += sizeof("memlock=") - 1; + ret = set_policy_rlimit(RLIMIT_MEMLOCK, str); + } else +#endif +#ifdef RLIMIT_NOFILE + if (strncmp(str, "nofile=", sizeof("nofile=") - 1) == 0) { + str += sizeof("nofile=") - 1; + ret = set_policy_rlimit(RLIMIT_NOFILE, str); + } else +#endif +#ifdef RLIMIT_NPROC + if (strncmp(str, "nproc=", sizeof("nproc=") - 1) == 0) { + str += sizeof("nproc=") - 1; + ret = set_policy_rlimit(RLIMIT_NPROC, str); + } else +#endif +#ifdef RLIMIT_RSS + if (strncmp(str, "rss=", sizeof("rss=") - 1) == 0) { + str += sizeof("rss=") - 1; + ret = set_policy_rlimit(RLIMIT_RSS, str); + } else +#endif +#ifdef RLIMIT_STACK + if (strncmp(str, "stack=", sizeof("stack=") - 1) == 0) { + str += sizeof("stack=") - 1; + ret = set_policy_rlimit(RLIMIT_STACK, str); + } +#endif + debug_return_bool(ret); +} + +/* + * Set resource limits as specified by the security policy (if any). + * This should be run as part of the session setup but after PAM, + * login.conf, etc. + */ +void +set_policy_rlimits(void) +{ + unsigned int idx; + debug_decl(set_policy_rlimits, SUDO_DEBUG_UTIL); + + for (idx = 0; idx < nitems(saved_limits); idx++) { + struct saved_limit *lim = &saved_limits[idx]; + struct rlimit *rl; + int rc; + + if (!lim->policy && (!lim->preserve || !lim->saved)) + continue; + + rl = lim->preserve ? &lim->oldlimit : &lim->policylimit; + if ((rc = setrlimit(lim->resource, rl)) == 0) { + sudo_debug_printf(SUDO_DEBUG_INFO|SUDO_DEBUG_LINENO, + "setrlimit(%s, [%lld, %lld])", lim->name, + (long long)rl->rlim_cur, (long long)rl->rlim_max); + continue; + } + + sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO|SUDO_DEBUG_ERRNO, + "setrlimit(%s, [%lld, %lld])", lim->name, + (long long)rl->rlim_cur, (long long)rl->rlim_max); + + if (rl->rlim_cur > lim->oldlimit.rlim_max || rl->rlim_max > lim->oldlimit.rlim_max) { + /* Try setting policy rlim_cur to old rlim_max. */ + if (rl->rlim_cur > lim->oldlimit.rlim_max) + rl->rlim_cur = lim->oldlimit.rlim_max; + if (rl->rlim_max > lim->oldlimit.rlim_max) + rl->rlim_max = lim->oldlimit.rlim_max; + if ((rc = setrlimit(lim->resource, rl)) == -1) { + sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_ERRNO, + "setrlimit(%s, [%lld, %lld])", lim->name, + (long long)rl->rlim_cur, (long long)rl->rlim_max); + } + } + if (rc == -1) + sudo_warn("setrlimit(%s)", lim->name); + } + + debug_return; +} + int -serialize_limits(char **info, size_t info_max) +serialize_rlimits(char **info, size_t info_max) { char *str; unsigned int idx, nstored = 0; - debug_decl(serialize_limits, SUDO_DEBUG_UTIL); + debug_decl(serialize_rlimits, SUDO_DEBUG_UTIL); for (idx = 0; idx < nitems(saved_limits); idx++) { const struct saved_limit *lim = &saved_limits[idx]; diff -Nru sudo-1.9.5p2/src/load_plugins.c sudo-1.9.9/src/load_plugins.c --- sudo-1.9.5p2/src/load_plugins.c 2020-12-17 01:33:44.000000000 +0000 +++ sudo-1.9.9/src/load_plugins.c 2022-01-27 21:24:06.000000000 +0000 @@ -47,9 +47,7 @@ if (info->path[0] == '/') { if (strlcpy(fullpath, info->path, pathsize) >= pathsize) { - sudo_warnx(U_("error in %s, line %d while loading plugin \"%s\""), - _PATH_SUDO_CONF, info->lineno, info->symbol_name); - sudo_warnx(U_("%s: %s"), info->path, strerror(ENAMETOOLONG)); + errno = ENAMETOOLONG; goto done; } status = stat(fullpath, sb); @@ -60,9 +58,7 @@ /* Check static symbols. */ if (strcmp(info->path, SUDOERS_PLUGIN) == 0) { if (strlcpy(fullpath, info->path, pathsize) >= pathsize) { - sudo_warnx(U_("error in %s, line %d while loading plugin \"%s\""), - _PATH_SUDO_CONF, info->lineno, info->symbol_name); - sudo_warnx(U_("%s: %s"), info->path, strerror(ENAMETOOLONG)); + errno = ENAMETOOLONG; goto done; } /* Plugin is static, fake up struct stat. */ @@ -82,10 +78,7 @@ len = snprintf(fullpath, pathsize, "%s%s", sudo_conf_plugin_dir_path(), info->path); if (len < 0 || (size_t)len >= pathsize) { - sudo_warnx(U_("error in %s, line %d while loading plugin \"%s\""), - _PATH_SUDO_CONF, info->lineno, info->symbol_name); - sudo_warnx(U_("%s%s: %s"), sudo_conf_plugin_dir_path(), info->path, - strerror(ENAMETOOLONG)); + errno = ENAMETOOLONG; goto done; } /* Try parent dir for compatibility with old plugindir default. */ @@ -201,7 +194,7 @@ plugin_exists(struct plugin_container_list *plugins, const char *symbol_name) { struct plugin_container *container; - debug_decl(find_plugin, SUDO_DEBUG_PLUGIN); + debug_decl(plugin_exists, SUDO_DEBUG_PLUGIN); TAILQ_FOREACH(container, plugins, entries) { if (strcmp(container->name, symbol_name) == 0) @@ -215,8 +208,9 @@ struct generic_plugin * sudo_plugin_try_to_clone(void *so_handle, const char *symbol_name) { - debug_decl(sudo_plugin_clone, SUDO_DEBUG_PLUGIN); + debug_decl(sudo_plugin_try_to_clone, SUDO_DEBUG_PLUGIN); struct generic_plugin * plugin = NULL; + plugin_clone_func *clone_func; char *clone_func_name = NULL; if (asprintf(&clone_func_name, "%s_clone", symbol_name) < 0) { @@ -224,7 +218,7 @@ goto cleanup; } - plugin_clone_func *clone_func = (plugin_clone_func *)sudo_dso_findsym(so_handle, clone_func_name); + clone_func = sudo_dso_findsym(so_handle, clone_func_name); if (clone_func) { plugin = (*clone_func)(); } diff -Nru sudo-1.9.5p2/src/net_ifs.c sudo-1.9.9/src/net_ifs.c --- sudo-1.9.5p2/src/net_ifs.c 2021-01-09 20:12:16.000000000 +0000 +++ sudo-1.9.9/src/net_ifs.c 2022-01-27 21:24:06.000000000 +0000 @@ -1,7 +1,7 @@ /* * SPDX-License-Identifier: ISC * - * Copyright (c) 1996, 1998-2005, 2007-2015, 2018 + * Copyright (c) 1996, 1998-2005, 2007-2015, 2018-2021 * Todd C. Miller * * Permission to use, copy, modify, and distribute this software for any @@ -49,26 +49,9 @@ #include #include #include -#ifdef HAVE_STDBOOL_H -# include -#else -# include "compat/stdbool.h" -#endif /* HAVE_STDBOOL_H */ #include #include #include -#ifdef _ISC -# include -# include -# include -# define STRSET(cmd, param, len) {strioctl.ic_cmd=(cmd);\ - strioctl.ic_dp=(param);\ - strioctl.ic_timout=0;\ - strioctl.ic_len=(len);} -#endif /* _ISC */ -#ifdef _MIPS -# include -#endif /* _MIPS */ #include #include #ifdef NEED_RESOLV_H @@ -95,30 +78,43 @@ # define IFF_LOOPBACK 0 #endif -#ifndef INET_ADDRSTRLEN -# define INET_ADDRSTRLEN 16 -#endif #ifndef INET6_ADDRSTRLEN # define INET6_ADDRSTRLEN 46 #endif -#ifdef HAVE_GETIFADDRS +#ifndef INADDR_NONE +# define INADDR_NONE 0xffffffffU +#endif + +#if defined(STUB_LOAD_INTERFACES) || \ + !(defined(HAVE_GETIFADDRS) || defined(SIOCGIFCONF) || defined(SIOCGLIFCONF)) + +/* + * Stub function for those without SIOCGIFCONF or getifaddrs() + */ +int +get_net_ifs(char **addrinfo_out) +{ + debug_decl(get_net_ifs, SUDO_DEBUG_NETIF); + debug_return_int(0); +} + +#elif defined(HAVE_GETIFADDRS) /* * Fill in the interfaces string with the machine's ip addresses and netmasks * and return the number of interfaces found. Returns -1 on error. */ int -get_net_ifs(char **addrinfo) +get_net_ifs(char **addrinfo_out) { struct ifaddrs *ifa, *ifaddrs; struct sockaddr_in *sin; -#ifdef HAVE_STRUCT_IN6_ADDR +# ifdef HAVE_STRUCT_IN6_ADDR struct sockaddr_in6 *sin6; +# endif char addrstr[INET6_ADDRSTRLEN], maskstr[INET6_ADDRSTRLEN]; -#else - char addrstr[INET_ADDRSTRLEN], maskstr[INET_ADDRSTRLEN]; -#endif + char *addrinfo = NULL; int len, num_interfaces = 0; size_t ailen; char *cp; @@ -131,7 +127,7 @@ debug_return_int(-1); /* Allocate space for the interfaces info string. */ - for (ifa = ifaddrs; ifa != NULL; ifa = ifa -> ifa_next) { + for (ifa = ifaddrs; ifa != NULL; ifa = ifa->ifa_next) { /* Skip interfaces marked "down" and "loopback". */ if (ifa->ifa_addr == NULL || ifa->ifa_netmask == NULL || !ISSET(ifa->ifa_flags, IFF_UP) || ISSET(ifa->ifa_flags, IFF_LOOPBACK)) @@ -139,9 +135,9 @@ switch (ifa->ifa_addr->sa_family) { case AF_INET: -#ifdef HAVE_STRUCT_IN6_ADDR +# ifdef HAVE_STRUCT_IN6_ADDR case AF_INET6: -#endif +# endif num_interfaces++; break; } @@ -152,142 +148,619 @@ if ((cp = malloc(ailen)) == NULL) { sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO, "unable to allocate memory"); - num_interfaces = -1; - goto done; + goto bad; } - *addrinfo = cp; + addrinfo = cp; - /* Store the IP addr/netmask pairs. */ - for (ifa = ifaddrs; ifa != NULL; ifa = ifa -> ifa_next) { + for (ifa = ifaddrs; ifa != NULL; ifa = ifa->ifa_next) { /* Skip interfaces marked "down" and "loopback". */ if (ifa->ifa_addr == NULL || ifa->ifa_netmask == NULL || !ISSET(ifa->ifa_flags, IFF_UP) || ISSET(ifa->ifa_flags, IFF_LOOPBACK)) continue; switch (ifa->ifa_addr->sa_family) { - case AF_INET: - sin = (struct sockaddr_in *)ifa->ifa_addr; - if (inet_ntop(AF_INET, &sin->sin_addr, addrstr, sizeof(addrstr)) == NULL) - continue; - sin = (struct sockaddr_in *)ifa->ifa_netmask; - if (inet_ntop(AF_INET, &sin->sin_addr, maskstr, sizeof(maskstr)) == NULL) - continue; - - len = snprintf(cp, ailen, "%s%s/%s", - cp == *addrinfo ? "" : " ", addrstr, maskstr); - if (len < 0 || (size_t)len >= ailen) { - sudo_warnx(U_("internal error, %s overflow"), __func__); - goto done; - } - cp += len; - ailen -= len; - break; -#ifdef HAVE_STRUCT_IN6_ADDR - case AF_INET6: - sin6 = (struct sockaddr_in6 *)ifa->ifa_addr; - if (inet_ntop(AF_INET6, &sin6->sin6_addr, addrstr, sizeof(addrstr)) == NULL) - continue; - sin6 = (struct sockaddr_in6 *)ifa->ifa_netmask; - if (inet_ntop(AF_INET6, &sin6->sin6_addr, maskstr, sizeof(maskstr)) == NULL) - continue; - - len = snprintf(cp, ailen, "%s%s/%s", - cp == *addrinfo ? "" : " ", addrstr, maskstr); - if (len < 0 || (size_t)len >= ailen) { - sudo_warnx(U_("internal error, %s overflow"), __func__); - goto done; - } - cp += len; - ailen -= len; - break; -#endif /* HAVE_STRUCT_IN6_ADDR */ + case AF_INET: + sin = (struct sockaddr_in *)ifa->ifa_addr; + if (sin->sin_addr.s_addr == INADDR_ANY || sin->sin_addr.s_addr == INADDR_NONE) { + sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO, + "ignoring unspecified AF_INET addr for %s", ifa->ifa_name); + continue; + } + if (inet_ntop(AF_INET, &sin->sin_addr, addrstr, sizeof(addrstr)) == NULL) { + sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO, + "ignoring bad AF_INET addr for %s", ifa->ifa_name); + continue; + } + sin = (struct sockaddr_in *)ifa->ifa_netmask; + if (inet_ntop(AF_INET, &sin->sin_addr, maskstr, sizeof(maskstr)) == NULL) { + sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO, + "ignoring bad AF_INET mask for %s", ifa->ifa_name); + continue; + } + break; +# ifdef HAVE_STRUCT_IN6_ADDR + case AF_INET6: + sin6 = (struct sockaddr_in6 *)ifa->ifa_addr; + if (IN6_IS_ADDR_UNSPECIFIED(&sin6->sin6_addr)) { + sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO, + "ignoring unspecified AF_INET6 addr for %s", ifa->ifa_name); + continue; + } + if (inet_ntop(AF_INET6, &sin6->sin6_addr, addrstr, sizeof(addrstr)) == NULL) { + sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO, + "ignoring bad AF_INET6 addr for %s", ifa->ifa_name); + continue; + } + sin6 = (struct sockaddr_in6 *)ifa->ifa_netmask; + if (inet_ntop(AF_INET6, &sin6->sin6_addr, maskstr, sizeof(maskstr)) == NULL) { + sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO, + "ignoring bad AF_INET6 mask for %s", ifa->ifa_name); + continue; + } + break; +# endif /* HAVE_STRUCT_IN6_ADDR */ + default: + continue; + } + + /* Store the IP addr/netmask pairs. */ + len = snprintf(cp, ailen, "%s%s/%s", + cp == addrinfo ? "" : " ", addrstr, maskstr); + if (len < 0 || (size_t)len >= ailen) { + sudo_warnx(U_("internal error, %s overflow"), __func__); + goto bad; } + cp += len; + ailen -= len; } + *addrinfo_out = addrinfo; + goto done; +bad: + free(addrinfo); + num_interfaces = -1; done: -#ifdef HAVE_FREEIFADDRS +# ifdef HAVE_FREEIFADDRS freeifaddrs(ifaddrs); -#else +# else free(ifaddrs); -#endif +# endif debug_return_int(num_interfaces); } -#elif defined(SIOCGIFCONF) && !defined(STUB_LOAD_INTERFACES) +#elif defined(SIOCGLIFCONF) + +# if defined(__hpux) /* * Fill in the interfaces string with the machine's ip addresses and netmasks * and return the number of interfaces found. Returns -1 on error. + * HP-UX has incompatible SIOCGLIFNUM and SIOCGLIFCONF ioctls. */ int -get_net_ifs(char **addrinfo) +get_net_ifs(char **addrinfo_out) { - char ifr_tmpbuf[sizeof(struct ifreq)]; - struct ifreq *ifr, *ifr_tmp = (struct ifreq *)ifr_tmpbuf; - struct ifconf *ifconf; + struct if_laddrconf laddrconf; + struct ifconf ifconf; + char addrstr[INET6_ADDRSTRLEN], maskstr[INET6_ADDRSTRLEN]; + char *addrinfo = NULL; + int i, n, sock4, sock6 = -1; + int num_interfaces = 0; + size_t ailen; + char *cp; + debug_decl(get_net_ifs, SUDO_DEBUG_NETIF); + + if (!sudo_conf_probe_interfaces()) + debug_return_int(0); + + memset(&ifconf, 0, sizeof(ifconf)); + memset(&laddrconf, 0, sizeof(laddrconf)); + + /* Allocate and fill in the IPv4 interface list. */ + sock4 = socket(AF_INET, SOCK_DGRAM, 0); + if (sock4 != -1 && ioctl(sock4, SIOCGIFNUM, &n) != -1) { + sudo_debug_printf(SUDO_DEBUG_INFO|SUDO_DEBUG_LINENO, + "SIOCGIFNUM reports %d interfaces", n); + n += 4; /* in case new interfaces come up */ + + ifconf.ifc_len = n * sizeof(struct ifreq); + ifconf.ifc_buf = malloc(ifconf.ifc_len); + if (ifconf.ifc_buf == NULL) { + sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO, + "unable to allocate memory"); + goto bad; + } + + if (ioctl(sock4, SIOCGIFCONF, &ifconf) < 0) { + sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO|SUDO_DEBUG_ERRNO, + "unable to get interface list (SIOCGIFCONF)"); + goto bad; + } + } + + /* Allocate and fill in the IPv6 interface list. */ + sock6 = socket(AF_INET6, SOCK_DGRAM, 0); + if (sock6 != -1 && ioctl(sock6, SIOCGLIFNUM, &n) != -1) { + sudo_debug_printf(SUDO_DEBUG_INFO|SUDO_DEBUG_LINENO, + "SIOCGLIFNUM reports %d interfaces", n); + n += 4; /* in case new interfaces come up */ + + laddrconf.iflc_len = n * sizeof(struct if_laddrreq); + laddrconf.iflc_buf = malloc(laddrconf.iflc_len); + if (laddrconf.iflc_buf == NULL) { + sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO, + "unable to allocate memory"); + goto bad; + } + + if (ioctl(sock4, SIOCGLIFCONF, &laddrconf) < 0) { + sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO|SUDO_DEBUG_ERRNO, + "unable to get interface list (SIOCGLIFCONF)"); + goto bad; + } + } + + /* Allocate space for the maximum number of interfaces that could exist. */ + n = ifconf.ifc_len / sizeof(struct ifconf) + + laddrconf.iflc_len / sizeof(struct if_laddrreq); + if (n == 0) + goto done; + ailen = n * 2 * INET6_ADDRSTRLEN; + if ((cp = malloc(ailen)) == NULL) { + sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO, + "unable to allocate memory"); + goto bad; + } + addrinfo = cp; + + /* + * For each interface, store the ip address and netmask. + * Keep a copy of the address family, else it will be overwritten. + */ + for (i = 0; i < ifconf.ifc_len; ) { + struct ifreq *ifr = (struct ifreq *)&ifconf.ifc_buf[i]; + struct sockaddr_in *sin; + + /* Set i to the subscript of the next interface (no sa_len). */ + i += sizeof(struct ifreq); + + /* IPv4 only. */ + if (ifr->ifr_addr.sa_family != AF_INET) { + sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO, + "unexpected address family %d for %s", + ifr->ifr_addr.sa_family, ifr->ifr_name); + continue; + } + + /* Store the address. */ + sin = (struct sockaddr_in *)&ifr->ifr_addr; + if (sin->sin_addr.s_addr == INADDR_ANY || sin->sin_addr.s_addr == INADDR_NONE) { + sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO, + "ignoring unspecified AF_INET addr for %s", ifr->ifr_name); + continue; + } + if (inet_ntop(AF_INET, &sin->sin_addr, addrstr, sizeof(addrstr)) == NULL) { + sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO, + "ignoring bad AF_INET addr for %s", ifr->ifr_name); + continue; + } + + /* Skip interfaces marked "down" and "loopback". */ + if (ioctl(sock4, SIOCGIFFLAGS, ifr) < 0) { + sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO|SUDO_DEBUG_ERRNO, + "SIOCGLIFFLAGS for %s", ifr->ifr_name); + continue; + } + if (!ISSET(ifr->ifr_flags, IFF_UP) || + ISSET(ifr->ifr_flags, IFF_LOOPBACK)) + continue; + + /* Fetch and store the netmask. */ + if (ioctl(sock4, SIOCGIFNETMASK, ifr) < 0) { + sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO|SUDO_DEBUG_ERRNO, + "SIOCGLIFNETMASK for %s", ifr->ifr_name); + continue; + } + + /* Convert the mask to string form. */ + sin = (struct sockaddr_in *)&ifr->ifr_addr; + if (inet_ntop(AF_INET, &sin->sin_addr, maskstr, sizeof(maskstr)) == NULL) { + sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO, + "ignoring bad AF_INET mask for %s", ifr->ifr_name); + continue; + } + + n = snprintf(cp, ailen, "%s%s/%s", + cp == addrinfo ? "" : " ", addrstr, maskstr); + if (n < 0 || (size_t)n >= ailen) { + sudo_warnx(U_("internal error, %s overflow"), __func__); + goto bad; + } + cp += n; + ailen -= n; + + num_interfaces++; + } + for (i = 0; i < laddrconf.iflc_len; ) { + struct if_laddrreq *lreq = (struct if_laddrreq *)&laddrconf.iflc_buf[i]; + struct sockaddr_in6 *sin6; + + /* Set i to the subscript of the next interface (no sa_len). */ + i += sizeof(struct if_laddrreq); + + /* IPv6 only. */ + if (lreq->iflr_addr.sa_family != AF_INET6) { + sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO, + "unexpected address family %d for %s", + lreq->iflr_addr.sa_family, lreq->iflr_name); + continue; + } + + sin6 = (struct sockaddr_in6 *)&lreq->iflr_addr; + if (IN6_IS_ADDR_UNSPECIFIED(&sin6->sin6_addr)) { + sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO, + "ignoring unspecified AF_INET6 addr for %s", lreq->iflr_name); + continue; + } + if (inet_ntop(AF_INET6, &sin6->sin6_addr, addrstr, sizeof(addrstr)) == NULL) { + sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO, + "ignoring bad AF_INET6 addr for %s", lreq->iflr_name); + continue; + } + + /* Skip interfaces marked "down" and "loopback". */ + if (ioctl(sock6, SIOCGLIFFLAGS, lreq) < 0) { + sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO|SUDO_DEBUG_ERRNO, + "SIOCGLIFFLAGS for %s", lreq->iflr_name); + continue; + } + if (!ISSET(lreq->iflr_flags, IFF_UP) || + ISSET(lreq->iflr_flags, IFF_LOOPBACK)) + continue; + + /* Fetch and store the netmask. */ + if (ioctl(sock6, SIOCGLIFNETMASK, lreq) < 0) { + sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO|SUDO_DEBUG_ERRNO, + "SIOCGLIFNETMASK for %s", lreq->iflr_name); + continue; + } + sin6 = (struct sockaddr_in6 *)&lreq->iflr_addr; + if (inet_ntop(AF_INET6, &sin6->sin6_addr, maskstr, sizeof(maskstr)) == NULL) { + sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO, + "ignoring bad AF_INET6 mask for %s", lreq->iflr_name); + continue; + } + + n = snprintf(cp, ailen, "%s%s/%s", + cp == addrinfo ? "" : " ", addrstr, maskstr); + if (n < 0 || (size_t)n >= ailen) { + sudo_warnx(U_("internal error, %s overflow"), __func__); + goto bad; + } + cp += n; + ailen -= n; + + num_interfaces++; + } + *addrinfo_out = addrinfo; + goto done; + +bad: + free(addrinfo); + num_interfaces = -1; +done: + free(ifconf.ifc_buf); + free(laddrconf.iflc_buf); + if (sock4 != -1) + close(sock4); + if (sock6 != -1) + close(sock6); + + debug_return_int(num_interfaces); +} + +# else + +/* + * Fill in the interfaces string with the machine's ip addresses and netmasks + * and return the number of interfaces found. Returns -1 on error. + * SIOCGLIFCONF version (IPv6 compatible). + */ +int +get_net_ifs(char **addrinfo_out) +{ + struct lifconf lifconf; + struct lifnum lifn; struct sockaddr_in *sin; - int i, len, n, sock, num_interfaces = 0; - size_t ailen, buflen = sizeof(struct ifconf) + BUFSIZ; - char *cp, *previfname = "", *ifconf_buf = NULL; - char addrstr[INET_ADDRSTRLEN], maskstr[INET_ADDRSTRLEN]; -#ifdef _ISC - struct strioctl strioctl; -#endif /* _ISC */ + struct sockaddr_in6 *sin6; + char addrstr[INET6_ADDRSTRLEN], maskstr[INET6_ADDRSTRLEN]; + char *addrinfo = NULL; + int i, n, sock, sock4, sock6 = -1; + int num_interfaces = 0; + size_t ailen; + char *cp; debug_decl(get_net_ifs, SUDO_DEBUG_NETIF); if (!sudo_conf_probe_interfaces()) debug_return_int(0); - sock = socket(AF_INET, SOCK_DGRAM, 0); - if (sock < 0) + /* We need both INET4 and INET6 sockets to get flags and netmask. */ + sock4 = socket(AF_INET, SOCK_DGRAM, 0); + sock6 = socket(AF_INET6, SOCK_DGRAM, 0); + if (sock4 == -1 && sock6 == -1) debug_return_int(-1); + /* Use INET6 socket with SIOCGLIFCONF if possible (may not matter). */ + sock = sock6 != -1 ? sock6 : sock4; + + /* Get number of interfaces if possible. */ + memset(&lifn, 0, sizeof(lifn)); + if (ioctl(sock, SIOCGLIFNUM, &lifn) != -1) { + sudo_debug_printf(SUDO_DEBUG_INFO|SUDO_DEBUG_LINENO, + "SIOCGLIFNUM reports %d interfaces", lifn.lifn_count); + lifn.lifn_count += 4; /* in case new interfaces come up */ + } else { + lifn.lifn_count = 512; + } + + /* Allocate and fill in the interface buffer. */ + memset(&lifconf, 0, sizeof(lifconf)); + lifconf.lifc_len = lifn.lifn_count * sizeof(struct lifreq); + lifconf.lifc_buf = malloc(lifconf.lifc_len); + if (lifconf.lifc_buf == NULL) { + sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO, + "unable to allocate memory"); + goto bad; + } + if (ioctl(sock, SIOCGLIFCONF, &lifconf) < 0) { + sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO|SUDO_DEBUG_ERRNO, + "unable to get interface list (SIOCGLIFCONF)"); + goto bad; + } + + /* Allocate space for the maximum number of interfaces that could exist. */ + n = lifconf.lifc_len / sizeof(struct lifreq); + if (n == 0) + goto done; + ailen = n * 2 * INET6_ADDRSTRLEN; + if ((cp = malloc(ailen)) == NULL) { + sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO, + "unable to allocate memory"); + goto bad; + } + addrinfo = cp; + /* - * Get interface configuration or return. + * For each interface, store the ip address and netmask. + * Keep a copy of the address family, else it will be overwritten. */ - for (;;) { - if ((ifconf_buf = malloc(buflen)) == NULL) { + for (i = 0; i < lifconf.lifc_len; ) { + struct lifreq *lifr = (struct lifreq *)&lifconf.lifc_buf[i]; + const int family = lifr->lifr_addr.ss_family; + + /* Set i to the subscript of the next interface (no sa_len). */ + i += sizeof(struct lifreq); + + /* Store the address. */ + switch (family) { + case AF_INET: + sin = (struct sockaddr_in *)&lifr->lifr_addr; + if (sin->sin_addr.s_addr == INADDR_ANY || sin->sin_addr.s_addr == INADDR_NONE) { + sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO, + "ignoring unspecified AF_INET addr for %s", lifr->lifr_name); + continue; + } + if (inet_ntop(AF_INET, &sin->sin_addr, addrstr, sizeof(addrstr)) == NULL) { + sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO, + "ignoring bad AF_INET addr for %s", lifr->lifr_name); + continue; + } + sock = sock4; + break; + case AF_INET6: + sin6 = (struct sockaddr_in6 *)&lifr->lifr_addr; + if (IN6_IS_ADDR_UNSPECIFIED(&sin6->sin6_addr)) { + sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO, + "ignoring unspecified AF_INET6 addr for %s", lifr->lifr_name); + continue; + } + if (inet_ntop(AF_INET6, &sin6->sin6_addr, addrstr, sizeof(addrstr)) == NULL) { + sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO, + "ignoring bad AF_INET6 addr for %s", lifr->lifr_name); + continue; + } + sock = sock6; + break; + default: + sudo_debug_printf(SUDO_DEBUG_INFO|SUDO_DEBUG_LINENO, + "ignoring address with family %d for %s", + family, lifr->lifr_name); + continue; + } + + /* Skip interfaces marked "down" and "loopback". */ + if (ioctl(sock, SIOCGLIFFLAGS, lifr) < 0) { + sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO|SUDO_DEBUG_ERRNO, + "SIOCGLIFFLAGS for %s", lifr->lifr_name); + continue; + } + if (!ISSET(lifr->lifr_flags, IFF_UP) || + ISSET(lifr->lifr_flags, IFF_LOOPBACK)) + continue; + + /* Fetch and store the netmask. */ + if (ioctl(sock, SIOCGLIFNETMASK, lifr) < 0) { + sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO|SUDO_DEBUG_ERRNO, + "SIOCGLIFNETMASK for %s", lifr->lifr_name); + continue; + } + switch (family) { + case AF_INET: + sin = (struct sockaddr_in *)&lifr->lifr_addr; + if (inet_ntop(AF_INET, &sin->sin_addr, maskstr, sizeof(maskstr)) == NULL) { + sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO, + "ignoring bad AF_INET mask for %s", lifr->lifr_name); + continue; + } + break; + case AF_INET6: + sin6 = (struct sockaddr_in6 *)&lifr->lifr_addr; + if (inet_ntop(AF_INET6, &sin6->sin6_addr, maskstr, sizeof(maskstr)) == NULL) { + sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO, + "ignoring bad AF_INET6 mask for %s", lifr->lifr_name); + continue; + } + break; + default: + sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO, + "unexpected address family %d for %s", + family, lifr->lifr_name); + continue; + } + + n = snprintf(cp, ailen, "%s%s/%s", + cp == addrinfo ? "" : " ", addrstr, maskstr); + if (n < 0 || (size_t)n >= ailen) { + sudo_warnx(U_("internal error, %s overflow"), __func__); + goto bad; + } + cp += n; + ailen -= n; + + num_interfaces++; + } + *addrinfo_out = addrinfo; + goto done; + +bad: + free(addrinfo); + num_interfaces = -1; +done: + free(lifconf.lifc_buf); + if (sock4 != -1) + close(sock4); + if (sock6 != -1) + close(sock6); + + debug_return_int(num_interfaces); +} +# endif /* !__hpux */ + +#elif defined(SIOCGIFCONF) + +/* + * Fill in the interfaces string with the machine's ip addresses and netmasks + * and return the number of interfaces found. Returns -1 on error. + * SIOCGIFCONF version. + */ +int +get_net_ifs(char **addrinfo_out) +{ + struct ifconf ifconf; + struct ifreq *ifr; + struct sockaddr_in *sin; +# ifdef HAVE_STRUCT_IN6_ADDR + struct sockaddr_in6 *sin6; +# endif + char addrstr[INET6_ADDRSTRLEN], maskstr[INET6_ADDRSTRLEN]; + char *addrinfo = NULL; + int i, n, sock, sock4, sock6 = -1; + int num_interfaces = 0; + size_t ailen, buflen; + char *cp, *ifconf_buf = NULL; + debug_decl(get_net_ifs, SUDO_DEBUG_NETIF); + + if (!sudo_conf_probe_interfaces()) + debug_return_int(0); + + sock4 = socket(AF_INET, SOCK_DGRAM, 0); +# ifdef HAVE_STRUCT_IN6_ADDR + sock6 = socket(AF_INET6, SOCK_DGRAM, 0); +# endif + if (sock4 == -1 && sock6 == -1) + debug_return_int(-1); + + /* Use INET6 socket with SIOCGIFCONF if possible (may not matter). */ + sock = sock6 != -1 ? sock6 : sock4; + + /* + * Get the size of the interface buffer (if possible). + * We over-allocate a bit in case interfaces come up afterward. + */ +# if defined(SIOCGSIZIFCONF) + /* AIX */ + if (ioctl(sock, SIOCGSIZIFCONF, &i) != -1) { + buflen = i + (sizeof(struct ifreq) * 4); + } else +# elif defined(SIOCGIFANUM) + /* SCO OpenServer 5 */ + if (ioctl(sock, SIOCGIFANUM, &i) != -1) { + buflen = (i + 4) * sizeof(struct ifreq); + } else +# elif defined(SIOCGIFNUM) + /* HP-UX, Solaris, others? */ + if (ioctl(sock, SIOCGIFNUM, &i) != -1) { + buflen = (i + 4) * sizeof(struct ifreq); + } else +# endif + { + buflen = 256 * sizeof(struct ifreq); + } + + /* Get interface configuration. */ + memset(&ifconf, 0, sizeof(ifconf)); + for (i = 0; i < 4; i++) { + ifconf.ifc_len = buflen; + ifconf.ifc_buf = malloc(buflen); + if (ifconf.ifc_buf == NULL) { sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO, "unable to allocate memory"); - num_interfaces = -1; - goto done; + goto bad; } - ifconf = (struct ifconf *) ifconf_buf; - ifconf->ifc_len = buflen - sizeof(struct ifconf); - ifconf->ifc_buf = (caddr_t) (ifconf_buf + sizeof(struct ifconf)); - -#ifdef _ISC - STRSET(SIOCGIFCONF, (caddr_t) ifconf, buflen); - if (ioctl(sock, I_STR, (caddr_t) &strioctl) < 0) -#else + /* Note that some kernels return EINVAL if the buffer is too small */ - if (ioctl(sock, SIOCGIFCONF, (caddr_t) ifconf) < 0 && errno != EINVAL) -#endif /* _ISC */ - goto done; + if (ioctl(sock, SIOCGIFCONF, &ifconf) < 0 && errno != EINVAL) + goto bad; /* Break out of loop if we have a big enough buffer. */ - if (ifconf->ifc_len + sizeof(struct ifreq) < buflen) + if (ifconf.ifc_len + sizeof(struct ifreq) < buflen) break; - buflen += BUFSIZ; - free(ifconf_buf); + buflen *= 2; + free(ifconf.ifc_buf); } - /* Allocate space for the maximum number of interfaces that could exist. */ - if ((n = ifconf->ifc_len / sizeof(struct ifreq)) == 0) + /* + * Allocate space for the maximum number of interfaces that could exist. + * We walk the list for systems with sa_len in struct sockaddr. + */ + for (i = 0, n = 0; i < ifconf.ifc_len; n++) { + /* Set i to the subscript of the next interface. */ + i += sizeof(struct ifreq); +#ifdef HAVE_STRUCT_SOCKADDR_SA_LEN + ifr = (struct ifreq *)&ifconf.ifc_buf[i]; + if (ifr->ifr_addr.sa_len > sizeof(ifr->ifr_addr)) + i += ifr->ifr_addr.sa_len - sizeof(struct sockaddr); +#endif /* HAVE_STRUCT_SOCKADDR_SA_LEN */ + } + if (n == 0) goto done; ailen = n * 2 * INET6_ADDRSTRLEN; if ((cp = malloc(ailen)) == NULL) { sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO, "unable to allocate memory"); - num_interfaces = -1; - goto done; + goto bad; } - *addrinfo = cp; + addrinfo = cp; - /* For each interface, store the ip address and netmask. */ - for (i = 0; i < ifconf->ifc_len; ) { - /* Get a pointer to the current interface. */ - ifr = (struct ifreq *) &ifconf->ifc_buf[i]; + /* + * For each interface, store the ip address and netmask. + * Keep a copy of the address family, else it will be overwritten. + */ + for (i = 0; i < ifconf.ifc_len; ) { + int family; + + ifr = (struct ifreq *)&ifconf.ifc_buf[i]; + family = ifr->ifr_addr.sa_family; /* Set i to the subscript of the next interface. */ i += sizeof(struct ifreq); @@ -296,78 +769,111 @@ i += ifr->ifr_addr.sa_len - sizeof(struct sockaddr); #endif /* HAVE_STRUCT_SOCKADDR_SA_LEN */ - /* Skip duplicates and interfaces with NULL addresses. */ - sin = (struct sockaddr_in *) &ifr->ifr_addr; - if (sin->sin_addr.s_addr == 0 || - strncmp(previfname, ifr->ifr_name, sizeof(ifr->ifr_name) - 1) == 0) - continue; - - if (ifr->ifr_addr.sa_family != AF_INET) + /* Store the address. */ + switch (family) { + case AF_INET: + sin = (struct sockaddr_in *)&ifr->ifr_addr; + if (sin->sin_addr.s_addr == INADDR_ANY || sin->sin_addr.s_addr == INADDR_NONE) { + sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO, + "ignoring unspecified AF_INET addr for %s", ifr->ifr_name); + continue; + } + if (inet_ntop(AF_INET, &sin->sin_addr, addrstr, sizeof(addrstr)) == NULL) { + sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO, + "ignoring bad AF_INET addr for %s", ifr->ifr_name); + continue; + } + sock = sock4; + break; +# ifdef HAVE_STRUCT_IN6_ADDR + case AF_INET6: + sin6 = (struct sockaddr_in6 *)&ifr->ifr_addr; + if (IN6_IS_ADDR_UNSPECIFIED(&sin6->sin6_addr)) { + sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO, + "ignoring unspecified AF_INET6 addr for %s", ifr->ifr_name); + continue; + } + if (inet_ntop(AF_INET6, &sin6->sin6_addr, addrstr, sizeof(addrstr)) == NULL) { + sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO, + "ignoring bad AF_INET6 addr for %s", ifr->ifr_name); continue; + } + sock = sock6; + break; +# endif /* HAVE_STRUCT_IN6_ADDR */ + default: + sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO, + "unexpected address family %d for %s", + family, ifr->ifr_name); + continue; + } -#ifdef SIOCGIFFLAGS - memset(ifr_tmp, 0, sizeof(*ifr_tmp)); - memcpy(ifr_tmp->ifr_name, ifr->ifr_name, sizeof(ifr_tmp->ifr_name)); - if (ioctl(sock, SIOCGIFFLAGS, (caddr_t) ifr_tmp) < 0) -#endif - memcpy(ifr_tmp, ifr, sizeof(*ifr_tmp)); - /* Skip interfaces marked "down" and "loopback". */ - if (!ISSET(ifr_tmp->ifr_flags, IFF_UP) || - ISSET(ifr_tmp->ifr_flags, IFF_LOOPBACK)) + if (ioctl(sock, SIOCGIFFLAGS, ifr) < 0) { + sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO|SUDO_DEBUG_ERRNO, + "SIOCGLIFFLAGS for %s", ifr->ifr_name); + continue; + } + if (!ISSET(ifr->ifr_flags, IFF_UP) || + ISSET(ifr->ifr_flags, IFF_LOOPBACK)) continue; - /* Get the netmask. */ - memset(ifr_tmp, 0, sizeof(*ifr_tmp)); - memcpy(ifr_tmp->ifr_name, ifr->ifr_name, sizeof(ifr_tmp->ifr_name)); - sin = (struct sockaddr_in *) &ifr_tmp->ifr_addr; -#ifdef _ISC - STRSET(SIOCGIFNETMASK, (caddr_t) ifr_tmp, sizeof(*ifr_tmp)); - if (ioctl(sock, I_STR, (caddr_t) &strioctl) < 0) -#else - if (ioctl(sock, SIOCGIFNETMASK, (caddr_t) ifr_tmp) < 0) -#endif /* _ISC */ - sin->sin_addr.s_addr = htonl(IN_CLASSC_NET); - - /* Convert the addr and mask to string form. */ - sin = (struct sockaddr_in *) &ifr->ifr_addr; - if (inet_ntop(AF_INET, &sin->sin_addr, addrstr, sizeof(addrstr)) == NULL) + /* Fetch and store the netmask. */ + if (ioctl(sock, SIOCGIFNETMASK, ifr) < 0) { + sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO|SUDO_DEBUG_ERRNO, + "SIOCGLIFNETMASK for %s", ifr->ifr_name); continue; - sin = (struct sockaddr_in *) &ifr_tmp->ifr_addr; - if (inet_ntop(AF_INET, &sin->sin_addr, maskstr, sizeof(maskstr)) == NULL) + } + + /* Convert the mask to string form. */ + switch (family) { + case AF_INET: + sin = (struct sockaddr_in *)&ifr->ifr_addr; + if (inet_ntop(AF_INET, &sin->sin_addr, maskstr, sizeof(maskstr)) == NULL) { + sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO, + "ignoring bad AF_INET mask for %s", ifr->ifr_name); + continue; + } + break; +# ifdef HAVE_STRUCT_IN6_ADDR + case AF_INET6: + sin6 = (struct sockaddr_in6 *)&ifr->ifr_addr; + if (inet_ntop(AF_INET6, &sin6->sin6_addr, maskstr, sizeof(maskstr)) == NULL) { + sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO, + "ignoring bad AF_INET6 mask for %s", ifr->ifr_name); + continue; + } + break; +# endif /* HAVE_STRUCT_IN6_ADDR */ + default: continue; + } - len = snprintf(cp, ailen, "%s%s/%s", - cp == *addrinfo ? "" : " ", addrstr, maskstr); - if (len < 0 || (size_t)len >= ailen) { + n = snprintf(cp, ailen, "%s%s/%s", + cp == addrinfo ? "" : " ", addrstr, maskstr); + if (n < 0 || (size_t)n >= ailen) { sudo_warnx(U_("internal error, %s overflow"), __func__); - goto done; + goto bad; } - cp += len; - ailen -= len; + cp += n; + ailen -= n; - /* Stash the name of the interface we saved. */ - previfname = ifr->ifr_name; num_interfaces++; } + *addrinfo_out = addrinfo; + goto done; +bad: + free(addrinfo); + num_interfaces = -1; done: free(ifconf_buf); - (void) close(sock); + if (sock4 != -1) + close(sock4); + if (sock6 != -1) + close(sock6); debug_return_int(num_interfaces); } -#else /* !SIOCGIFCONF || STUB_LOAD_INTERFACES */ - -/* - * Stub function for those without SIOCGIFCONF or getifaddrs() - */ -int -get_net_ifs(char **addrinfo) -{ - debug_decl(get_net_ifs, SUDO_DEBUG_NETIF); - debug_return_int(0); -} - -#endif /* SIOCGIFCONF && !STUB_LOAD_INTERFACES */ +#endif /* SIOCGIFCONF */ diff -Nru sudo-1.9.5p2/src/parse_args.c sudo-1.9.9/src/parse_args.c --- sudo-1.9.5p2/src/parse_args.c 2021-01-23 15:45:11.000000000 +0000 +++ sudo-1.9.9/src/parse_args.c 2022-01-27 21:24:22.000000000 +0000 @@ -1,7 +1,7 @@ /* * SPDX-License-Identifier: ISC * - * Copyright (c) 1993-1996, 1998-2020 Todd C. Miller + * Copyright (c) 1993-1996, 1998-2021 Todd C. Miller * * Permission to use, copy, modify, and distribute this software for any * purpose with or without fee is hereby granted, provided that the above @@ -104,7 +104,9 @@ { "cmnd_chroot" }, #define ARG_CWD 24 { "cmnd_cwd" }, -#define NUM_SETTINGS 25 +#define ARG_ASKPASS 25 + { "askpass" }, +#define NUM_SETTINGS 26 { NULL } }; @@ -129,41 +131,47 @@ * Available command line options, both short and long. * Note that we must disable arg permutation to support setting environment * variables and to better support the optional arg of the -h flag. + * There is a more limited set of options for sudoedit (the sudo-specific + * long options are listed first). */ -static const char short_opts[] = "+Aa:BbC:c:D:Eeg:Hh::iKklnPp:R:r:SsT:t:U:u:Vv"; -static struct option long_opts[] = { +static const char sudo_short_opts[] = "+Aa:BbC:c:D:Eeg:Hh::iKklnPp:R:r:SsT:t:U:u:Vv"; +static const char edit_short_opts[] = "+Aa:BC:c:D:g:h::knp:R:r:ST:t:u:V"; +static struct option sudo_long_opts[] = { + /* sudo-specific long options */ + { "background", no_argument, NULL, 'b' }, + { "preserve-env", optional_argument, NULL, 'E' }, + { "edit", no_argument, NULL, 'e' }, + { "set-home", no_argument, NULL, 'H' }, + { "login", no_argument, NULL, 'i' }, + { "remove-timestamp", no_argument, NULL, 'K' }, + { "list", no_argument, NULL, 'l' }, + { "preserve-groups", no_argument, NULL, 'P' }, + { "shell", no_argument, NULL, 's' }, + { "other-user", required_argument, NULL, 'U' }, + { "validate", no_argument, NULL, 'v' }, + /* common long options */ { "askpass", no_argument, NULL, 'A' }, { "auth-type", required_argument, NULL, 'a' }, - { "background", no_argument, NULL, 'b' }, { "bell", no_argument, NULL, 'B' }, { "close-from", required_argument, NULL, 'C' }, { "login-class", required_argument, NULL, 'c' }, { "chdir", required_argument, NULL, 'D' }, - { "preserve-env", optional_argument, NULL, 'E' }, - { "edit", no_argument, NULL, 'e' }, { "group", required_argument, NULL, 'g' }, - { "set-home", no_argument, NULL, 'H' }, { "help", no_argument, NULL, 'h' }, { "host", required_argument, NULL, OPT_HOSTNAME }, - { "login", no_argument, NULL, 'i' }, - { "remove-timestamp", no_argument, NULL, 'K' }, { "reset-timestamp", no_argument, NULL, 'k' }, - { "list", no_argument, NULL, 'l' }, { "non-interactive", no_argument, NULL, 'n' }, - { "preserve-groups", no_argument, NULL, 'P' }, { "prompt", required_argument, NULL, 'p' }, { "chroot", required_argument, NULL, 'R' }, { "role", required_argument, NULL, 'r' }, { "stdin", no_argument, NULL, 'S' }, - { "shell", no_argument, NULL, 's' }, - { "type", required_argument, NULL, 't' }, { "command-timeout",required_argument, NULL, 'T' }, - { "other-user", required_argument, NULL, 'U' }, + { "type", required_argument, NULL, 't' }, { "user", required_argument, NULL, 'u' }, { "version", no_argument, NULL, 'V' }, - { "validate", no_argument, NULL, 'v' }, { NULL, no_argument, NULL, '\0' }, }; +static struct option *edit_long_opts = &sudo_long_opts[11]; /* * Insert a key=value pair into the specified environment. @@ -241,31 +249,31 @@ parse_args(int argc, char **argv, int *old_optind, int *nargc, char ***nargv, struct sudo_settings **settingsp, char ***env_addp) { + const char *progname, *short_opts = sudo_short_opts; + struct option *long_opts = sudo_long_opts; struct environment extra_env; int mode = 0; /* what mode is sudo to be run in? */ int flags = 0; /* mode flags */ int valid_flags = DEFAULT_VALID_FLAGS; int ch, i; char *cp; - const char *progname; - int proglen; debug_decl(parse_args, SUDO_DEBUG_ARGS); /* Is someone trying something funny? */ if (argc <= 0) usage(); - /* Pass progname to plugin so it can call initprogname() */ + /* The plugin API includes the program name (either sudo or sudoedit). */ progname = getprogname(); sudo_settings[ARG_PROGNAME].value = progname; /* First, check to see if we were invoked as "sudoedit". */ - proglen = strlen(progname); - if (proglen > 4 && strcmp(progname + proglen - 4, "edit") == 0) { - progname = "sudoedit"; + if (strcmp(progname, "sudoedit") == 0) { mode = MODE_EDIT; sudo_settings[ARG_SUDOEDIT].value = "true"; valid_flags = EDIT_VALID_FLAGS; + short_opts = edit_short_opts; + long_opts = edit_long_opts; } /* Load local IP addresses and masks. */ @@ -295,7 +303,6 @@ /* Space for environment variables is lazy allocated. */ memset(&extra_env, 0, sizeof(extra_env)); - /* XXX - should fill in settings at the end to avoid dupes */ for (;;) { /* * Some trickiness is required to allow environment variables @@ -305,6 +312,7 @@ switch (ch) { case 'A': SET(tgetpass_flags, TGP_ASKPASS); + sudo_settings[ARG_ASKPASS].value = "true"; break; #ifdef HAVE_BSD_AUTH_H case 'a': @@ -514,8 +522,10 @@ valid_flags = VALIDATE_VALID_FLAGS; break; case 'V': - if (mode && mode != MODE_VERSION) - usage_excl(); + if (mode && mode != MODE_VERSION) { + if (strcmp(progname, "sudoedit") != 0) + usage_excl(); + } mode = MODE_VERSION; valid_flags = 0; break; @@ -718,8 +728,9 @@ * Use usage vectors appropriate to the progname. */ if (strcmp(getprogname(), "sudoedit") == 0) { - uvec[0] = &SUDO_USAGE5[3]; - uvec[1] = NULL; + uvec[0] = SUDO_USAGE0; + uvec[1] = &SUDO_USAGE5[3]; /* skip the leading "-e " */ + uvec[2] = NULL; } else { uvec[0] = SUDO_USAGE1; uvec[1] = SUDO_USAGE2; @@ -772,13 +783,16 @@ struct sudo_lbuf lbuf; const int indent = 32; const char *pname = getprogname(); + bool sudoedit = false; debug_decl(help, SUDO_DEBUG_ARGS); sudo_lbuf_init(&lbuf, usage_out, indent, NULL, user_details.ts_cols); - if (strcmp(pname, "sudoedit") == 0) + if (strcmp(pname, "sudoedit") == 0) { + sudoedit = true; sudo_lbuf_append(&lbuf, _("%s - edit files as another user\n\n"), pname); - else + } else { sudo_lbuf_append(&lbuf, _("%s - execute a command as another user\n\n"), pname); + } sudo_lbuf_print(&lbuf); display_usage(usage_out); @@ -790,8 +804,10 @@ sudo_lbuf_append(&lbuf, " -a, --auth-type=type %s\n", _("use specified BSD authentication type")); #endif - sudo_lbuf_append(&lbuf, " -b, --background %s\n", - _("run command in the background")); + if (!sudoedit) { + sudo_lbuf_append(&lbuf, " -b, --background %s\n", + _("run command in the background")); + } sudo_lbuf_append(&lbuf, " -B, --bell %s\n", _("ring bell when prompting")); sudo_lbuf_append(&lbuf, " -C, --close-from=num %s\n", @@ -802,32 +818,42 @@ #endif sudo_lbuf_append(&lbuf, " -D, --chdir=directory %s\n", _("change the working directory before running command")); - sudo_lbuf_append(&lbuf, " -E, --preserve-env %s\n", - _("preserve user environment when running command")); - sudo_lbuf_append(&lbuf, " --preserve-env=list %s\n", - _("preserve specific environment variables")); - sudo_lbuf_append(&lbuf, " -e, --edit %s\n", - _("edit files instead of running a command")); + if (!sudoedit) { + sudo_lbuf_append(&lbuf, " -E, --preserve-env %s\n", + _("preserve user environment when running command")); + sudo_lbuf_append(&lbuf, " --preserve-env=list %s\n", + _("preserve specific environment variables")); + sudo_lbuf_append(&lbuf, " -e, --edit %s\n", + _("edit files instead of running a command")); + } sudo_lbuf_append(&lbuf, " -g, --group=group %s\n", _("run command as the specified group name or ID")); - sudo_lbuf_append(&lbuf, " -H, --set-home %s\n", - _("set HOME variable to target user's home dir")); + if (!sudoedit) { + sudo_lbuf_append(&lbuf, " -H, --set-home %s\n", + _("set HOME variable to target user's home dir")); + } sudo_lbuf_append(&lbuf, " -h, --help %s\n", _("display help message and exit")); sudo_lbuf_append(&lbuf, " -h, --host=host %s\n", _("run command on host (if supported by plugin)")); - sudo_lbuf_append(&lbuf, " -i, --login %s\n", - _("run login shell as the target user; a command may also be specified")); - sudo_lbuf_append(&lbuf, " -K, --remove-timestamp %s\n", - _("remove timestamp file completely")); + if (!sudoedit) { + sudo_lbuf_append(&lbuf, " -i, --login %s\n", + _("run login shell as the target user; a command may also be specified")); + sudo_lbuf_append(&lbuf, " -K, --remove-timestamp %s\n", + _("remove timestamp file completely")); + } sudo_lbuf_append(&lbuf, " -k, --reset-timestamp %s\n", _("invalidate timestamp file")); - sudo_lbuf_append(&lbuf, " -l, --list %s\n", - _("list user's privileges or check a specific command; use twice for longer format")); + if (!sudoedit) { + sudo_lbuf_append(&lbuf, " -l, --list %s\n", + _("list user's privileges or check a specific command; use twice for longer format")); + } sudo_lbuf_append(&lbuf, " -n, --non-interactive %s\n", _("non-interactive mode, no prompts are used")); - sudo_lbuf_append(&lbuf, " -P, --preserve-groups %s\n", - _("preserve group vector instead of setting to target's")); + if (!sudoedit) { + sudo_lbuf_append(&lbuf, " -P, --preserve-groups %s\n", + _("preserve group vector instead of setting to target's")); + } sudo_lbuf_append(&lbuf, " -p, --prompt=prompt %s\n", _("use the specified password prompt")); sudo_lbuf_append(&lbuf, " -R, --chroot=directory %s\n", @@ -838,22 +864,28 @@ #endif sudo_lbuf_append(&lbuf, " -S, --stdin %s\n", _("read password from standard input")); - sudo_lbuf_append(&lbuf, " -s, --shell %s\n", - _("run shell as the target user; a command may also be specified")); + if (!sudoedit) { + sudo_lbuf_append(&lbuf, " -s, --shell %s\n", + _("run shell as the target user; a command may also be specified")); + } #ifdef HAVE_SELINUX sudo_lbuf_append(&lbuf, " -t, --type=type %s\n", _("create SELinux security context with specified type")); #endif sudo_lbuf_append(&lbuf, " -T, --command-timeout=timeout %s\n", _("terminate command after the specified time limit")); - sudo_lbuf_append(&lbuf, " -U, --other-user=user %s\n", - _("in list mode, display privileges for user")); + if (!sudoedit) { + sudo_lbuf_append(&lbuf, " -U, --other-user=user %s\n", + _("in list mode, display privileges for user")); + } sudo_lbuf_append(&lbuf, " -u, --user=user %s\n", _("run command (or edit file) as specified user name or ID")); sudo_lbuf_append(&lbuf, " -V, --version %s\n", _("display version information and exit")); - sudo_lbuf_append(&lbuf, " -v, --validate %s\n", - _("update user's timestamp without running a command")); + if (!sudoedit) { + sudo_lbuf_append(&lbuf, " -v, --validate %s\n", + _("update user's timestamp without running a command")); + } sudo_lbuf_append(&lbuf, " -- %s\n", _("stop processing command line arguments")); sudo_lbuf_print(&lbuf); diff -Nru sudo-1.9.5p2/src/regress/net_ifs/check_net_ifs.c sudo-1.9.9/src/regress/net_ifs/check_net_ifs.c --- sudo-1.9.5p2/src/regress/net_ifs/check_net_ifs.c 1970-01-01 00:00:00.000000000 +0000 +++ sudo-1.9.9/src/regress/net_ifs/check_net_ifs.c 2022-01-27 21:24:07.000000000 +0000 @@ -0,0 +1,66 @@ +/* + * SPDX-License-Identifier: ISC + * + * Copyright (c) 2021 Todd C. Miller + * + * Permission to use, copy, modify, and distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR + * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN + * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF + * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + */ + +#include + +#include +#include +#include +#include +#include +#include +#include +#include + +#include "sudo_compat.h" +#include "sudo_fatal.h" +#include "sudo_util.h" + +sudo_dso_public int main(int argc, char *argv[]); + +extern int get_net_ifs(char **addrinfo); + +int +main(int argc, char *argv[]) +{ + char *interfaces = NULL; + int ninterfaces; + int ret = 0; + + initprogname(argc > 0 ? argv[0] : "check_net_ifs"); + + ninterfaces = get_net_ifs(&interfaces); + switch (ninterfaces) { + case -1: + sudo_warn_nodebug("unable to get network interfaces"); + ret = 1; + break; + case 0: + /* no interfaces or STUB_LOAD_INTERFACES defined. */ + sudo_warnx_nodebug("OK: (0 interfaces)"); + break; + default: + sudo_warnx_nodebug("OK: (%d interface%s, %s)", ninterfaces, + ninterfaces > 1 ? "s" : "", interfaces); + break; + } + + free(interfaces); + + return ret; +} diff -Nru sudo-1.9.5p2/src/selinux.c sudo-1.9.9/src/selinux.c --- sudo-1.9.5p2/src/selinux.c 2020-12-17 01:33:44.000000000 +0000 +++ sudo-1.9.9/src/selinux.c 2022-01-27 21:24:22.000000000 +0000 @@ -58,23 +58,22 @@ #include "sudo_exec.h" static struct selinux_state { - security_context_t old_context; - security_context_t new_context; - security_context_t tty_con_raw; - security_context_t new_tty_con_raw; + char * old_context; + char * new_context; + char * tty_con_raw; + char * new_tty_con_raw; const char *ttyn; int ttyfd; int enforcing; } se_state; -#ifdef HAVE_LINUX_AUDIT -static int -audit_role_change(const security_context_t old_context, - const security_context_t new_context, const char *ttyn, int result) +int +selinux_audit_role_change(void) { +#ifdef HAVE_LINUX_AUDIT int au_fd, rc = -1; char *message; - debug_decl(audit_role_change, SUDO_DEBUG_SELINUX); + debug_decl(selinux_audit_role_change, SUDO_DEBUG_SELINUX); au_fd = audit_open(); if (au_fd == -1) { @@ -85,11 +84,11 @@ } else { /* audit role change using the same format as newrole(1) */ rc = asprintf(&message, "newrole: old-context=%s new-context=%s", - old_context, new_context); + se_state.old_context, se_state.new_context ? se_state.new_context : "?"); if (rc == -1) sudo_fatalx(U_("%s: %s"), __func__, U_("unable to allocate memory")); rc = audit_log_user_message(au_fd, AUDIT_USER_ROLE_CHANGE, - message, NULL, NULL, ttyn, result); + message, NULL, NULL, se_state.ttyn, se_state.new_context ? 1 : 0); if (rc <= 0) sudo_warn("%s", U_("unable to send audit message")); free(message); @@ -97,8 +96,10 @@ } debug_return_int(rc); +#else + return 0; +#endif /* HAVE_LINUX_AUDIT */ } -#endif /* * This function attempts to revert the relabeling done to the tty. @@ -111,7 +112,7 @@ selinux_restore_tty(void) { int ret = -1; - security_context_t chk_tty_con_raw = NULL; + char * chk_tty_con_raw = NULL; debug_decl(selinux_restore_tty, SUDO_DEBUG_SELINUX); if (se_state.ttyfd == -1 || se_state.new_tty_con_raw == NULL) { @@ -163,11 +164,11 @@ * This function will not fail if it can not relabel the tty when selinux is * in permissive mode. */ -static int -relabel_tty(const char *ttyn, int ptyfd) +int +selinux_relabel_tty(const char *ttyn, int ptyfd) { - security_context_t tty_con = NULL; - security_context_t new_tty_con = NULL; + char * tty_con = NULL; + char * new_tty_con = NULL; struct stat sb; int fd; debug_decl(relabel_tty, SUDO_DEBUG_SELINUX); @@ -305,91 +306,88 @@ } /* - * Returns a new security context based on the old context and the + * Determine the new security context based on the old context and the * specified role and type. + * Returns 0 on success, and -1 on failure. */ -security_context_t -get_exec_context(security_context_t old_context, const char *role, const char *type) +static int +get_exec_context(const char *role, const char *type) { - security_context_t new_context = NULL; + char *new_context = NULL; context_t context = NULL; char *typebuf = NULL; + int ret = -1; debug_decl(get_exec_context, SUDO_DEBUG_SELINUX); - - /* We must have a role, the type is optional (we can use the default). */ + if (role == NULL) { sudo_warnx(U_("you must specify a role for type %s"), type); errno = EINVAL; - goto bad; + goto done; } if (type == NULL) { if (get_default_type(role, &typebuf)) { sudo_warnx(U_("unable to get default type for role %s"), role); errno = EINVAL; - goto bad; + goto done; } type = typebuf; } - - /* - * Expand old_context into a context_t so that we can extract and modify - * its components easily. + + /* + * Expand old_context into a context_t so that we can extract and modify + * its components easily. */ - if ((context = context_new(old_context)) == NULL) { + if ((context = context_new(se_state.old_context)) == NULL) { sudo_warn("%s", U_("failed to get new context")); - goto bad; + goto done; } - + /* * Replace the role and type in "context" with the role and * type we will be running the command as. */ if (context_role_set(context, role)) { sudo_warn(U_("failed to set new role %s"), role); - goto bad; + goto done; } if (context_type_set(context, type)) { sudo_warn(U_("failed to set new type %s"), type); - goto bad; + goto done; } - + /* * Convert "context" back into a string and verify it. */ if ((new_context = strdup(context_str(context))) == NULL) { sudo_warnx(U_("%s: %s"), __func__, U_("unable to allocate memory")); - goto bad; + goto done; } if (security_check_context(new_context) == -1) { sudo_warnx(U_("%s is not a valid context"), new_context); errno = EINVAL; - goto bad; + goto done; } - context_free(context); - debug_return_str(new_context); + se_state.new_context = new_context; + new_context = NULL; + ret = 0; -bad: +done: free(typebuf); context_free(context); freecon(new_context); - debug_return_str(NULL); + debug_return_int(ret); } -/* - * Determine the exec and tty contexts in preparation for fork/exec. - * Must run as root, before forking the child process. - * Sets the tty context but not the exec context (which happens later). - * If ptyfd is not -1, it indicates we are running - * in a pty and do not need to reset std{in,out,err}. +/* + * Determine the exec and tty contexts the command will run in. * Returns 0 on success and -1 on failure. */ int -selinux_setup(const char *role, const char *type, const char *ttyn, - int ptyfd, bool label_tty) +selinux_getexeccon(const char *role, const char *type) { int ret = -1; - debug_decl(selinux_setup, SUDO_DEBUG_SELINUX); + debug_decl(selinux_getexeccon, SUDO_DEBUG_SELINUX); /* Store the caller's SID in old_context. */ if (getprevcon(&se_state.old_context)) { @@ -405,36 +403,23 @@ sudo_debug_printf(SUDO_DEBUG_INFO, "%s: old context %s", __func__, se_state.old_context); - se_state.new_context = get_exec_context(se_state.old_context, role, type); - if (se_state.new_context == NULL) { -#ifdef HAVE_LINUX_AUDIT - audit_role_change(se_state.old_context, "?", se_state.ttyn, 0); -#endif + ret = get_exec_context(role, type); + if (ret == -1) { + /* Audit role change failure (success is logged later). */ + selinux_audit_role_change(); goto done; } sudo_debug_printf(SUDO_DEBUG_INFO, "%s: new context %s", __func__, se_state.new_context); - - if (label_tty && relabel_tty(ttyn, ptyfd) == -1) { - sudo_warn(U_("unable to set tty context to %s"), se_state.new_context); - goto done; - } - -#ifdef HAVE_LINUX_AUDIT - audit_role_change(se_state.old_context, se_state.new_context, - se_state.ttyn, 1); -#endif - - ret = 0; done: debug_return_int(ret); } int -selinux_setcon(void) +selinux_setexeccon(void) { - debug_decl(selinux_setcon, SUDO_DEBUG_SELINUX); + debug_decl(selinux_setexeccon, SUDO_DEBUG_SELINUX); if (setexeccon(se_state.new_context)) { sudo_warn(U_("unable to set exec context to %s"), se_state.new_context); @@ -470,7 +455,7 @@ } /* Set SELinux exec and keycreate contexts. */ - if (selinux_setcon() == -1) + if (selinux_setexeccon() == -1) debug_return; /* @@ -502,7 +487,7 @@ memcpy(&nargv[nargc], &argv[1], argc * sizeof(char *)); /* copies NULL */ /* sesh will handle noexec for us. */ - sudo_execve(-1, sesh, nargv, envp, false); + sudo_execve(-1, sesh, nargv, envp, -1, 0); serrno = errno; free(nargv); errno = serrno; diff -Nru sudo-1.9.5p2/src/sesh.c sudo-1.9.9/src/sesh.c --- sudo-1.9.5p2/src/sesh.c 2021-01-09 20:12:16.000000000 +0000 +++ sudo-1.9.9/src/sesh.c 2022-01-27 21:24:07.000000000 +0000 @@ -75,21 +75,24 @@ if (sudo_conf_read(NULL, SUDO_CONF_DEBUG) == -1) exit(EXIT_FAILURE); sudo_debug_register(getprogname(), NULL, NULL, - sudo_conf_debug_files(getprogname())); + sudo_conf_debug_files(getprogname()), -1); if (strcmp(argv[1], "-e") == 0) { ret = sesh_sudoedit(argc, argv); } else { - bool login_shell, noexec = false; + bool login_shell; char *cp, *cmnd; + int flags = 0; int fd = -1; /* If the first char of argv[0] is '-', we are running a login shell. */ login_shell = argv[0][0] == '-'; /* If argv[0] ends in -noexec, pass the flag to sudo_execve() */ - if ((cp = strrchr(argv[0], '-')) != NULL && cp != argv[0]) - noexec = strcmp(cp, "-noexec") == 0; + if ((cp = strrchr(argv[0], '-')) != NULL && cp != argv[0]) { + if (strcmp(cp, "-noexec") == 0) + SET(flags, CD_NOEXEC); + } /* If argv[1] is --execfd=%d, extract the fd to exec with. */ if (strncmp(argv[1], "--execfd=", 9) == 0) { @@ -116,7 +119,7 @@ *cp = '-'; argv[0] = cp; } - sudo_execve(fd, cmnd, argv, envp, noexec); + sudo_execve(fd, cmnd, argv, envp, -1, flags); sudo_warn(U_("unable to execute %s"), cmnd); ret = SESH_ERR_FAILURE; } @@ -345,14 +348,14 @@ edit_flags = CD_SUDOEDIT_FOLLOW; /* Check for -h flag (don't follow links). */ - if (argv[2] != NULL && strcmp(argv[2], "-h") == 0) { + if (argc > 2 && strcmp(argv[2], "-h") == 0) { argv++; argc--; CLR(edit_flags, CD_SUDOEDIT_FOLLOW); // -V753 } /* Check for -w flag (disallow directories writable by the user). */ - if (argv[2] != NULL && strcmp(argv[2], "-w") == 0) { + if (argc > 2 && strcmp(argv[2], "-w") == 0) { SET(edit_flags, CD_SUDOEDIT_CHECKDIR); /* Parse uid:gid:gid1,gid2,... */ @@ -408,8 +411,10 @@ U_("unable to allocate memory")); debug_return_int(SESH_ERR_FAILURE); } - if (getgroups(run_cred.ngroups, run_cred.groups) < 0) { + run_cred.ngroups = getgroups(run_cred.ngroups, run_cred.groups); + if (run_cred.ngroups < 0) { sudo_warn("%s", U_("unable to get group list")); + free(run_cred.groups); debug_return_int(SESH_ERR_FAILURE); } } else { diff -Nru sudo-1.9.5p2/src/signal.c sudo-1.9.9/src/signal.c --- sudo-1.9.5p2/src/signal.c 2020-12-17 01:33:44.000000000 +0000 +++ sudo-1.9.9/src/signal.c 2022-01-27 21:24:06.000000000 +0000 @@ -133,6 +133,18 @@ case SIGTTOU: /* Don't install these until exec time. */ break; + case SIGCHLD: + /* Sudo needs to be able to catch SIGCHLD. */ + if (ss->sa.sa_handler == SIG_IGN) { + sudo_debug_printf(SUDO_DEBUG_INFO, + "will restore signal %d on exec", SIGCHLD); + ss->restore = true; + } + if (sigaction(SIGCHLD, &sa, NULL) != 0) { + sudo_warn(U_("unable to set handler for signal %d"), + SIGCHLD); + } + break; default: if (ss->sa.sa_handler != SIG_IGN) { if (sigaction(ss->signo, &sa, NULL) != 0) { diff -Nru sudo-1.9.5p2/src/sudo.c sudo-1.9.9/src/sudo.c --- sudo-1.9.5p2/src/sudo.c 2021-01-09 20:12:16.000000000 +0000 +++ sudo-1.9.9/src/sudo.c 2022-01-27 21:24:22.000000000 +0000 @@ -32,6 +32,9 @@ #include #include #include +#ifdef __linux__ +# include +#endif #include #include #include @@ -104,57 +107,46 @@ static void gc_init(void); /* Policy plugin convenience functions. */ -static void policy_open(struct sudo_settings *settings, - char * const user_info[], char * const user_env[]); +static void policy_open(void); static void policy_close(int exit_status, int error); static int policy_show_version(int verbose); -static void policy_check(int argc, char * const argv[], char *env_add[], - char **command_info[], char **argv_out[], char **user_env_out[]); +static bool policy_check(int argc, char * const argv[], char *env_add[], + char **command_info[], char **run_argv[], char **run_envp[]); static void policy_list(int argc, char * const argv[], - int verbose, const char *user, char * const envp[]); -static void policy_validate(char * const argv[], char * const envp[]); + int verbose, const char *user); +static void policy_validate(char * const argv[]); static void policy_invalidate(int unlinkit); /* I/O log plugin convenience functions. */ -static void iolog_open(struct sudo_settings *settings, char * const user_info[], - char * const command_details[], int argc, char * const argv[], - char * const user_env[]); +static bool iolog_open(char * const command_info[], int run_argc, + char * const run_argv[], char * const run_envp[]); static void iolog_close(int exit_status, int error); -static void iolog_show_version(int verbose, struct sudo_settings *settings, - char * const user_info[], int argc, char * const argv[], - char * const user_env[]); +static void iolog_show_version(int verbose, int argc, char * const argv[], + char * const envp[]); static void unlink_plugin(struct plugin_container_list *plugin_list, struct plugin_container *plugin); static void free_plugin_container(struct plugin_container *plugin, bool ioplugin); -/* Audit plugin convenience functions. */ -static void audit_open(struct sudo_settings *settings, char * const user_info[], - int submit_optind, char * const submit_argv[], char * const submit_envp[]); +/* Audit plugin convenience functions (some are public). */ +static void audit_open(void); static void audit_close(int exit_status, int error); static void audit_show_version(int verbose); -static void audit_accept(const char *plugin_name, - unsigned int plugin_type, char * const command_info[], - char * const run_argv[], char * const run_envp[]); -/* Approval plugin convenience functions. */ -static void approval_check(struct sudo_settings *settings, - char * const user_info[], int submit_optind, char * const submit_argv[], - char * const submit_envp[], char * const command_info[], - char * const run_argv[], char * const run_envp[]); -static void approval_show_version(int verbose, struct sudo_settings *settings, - char * const user_info[], int submit_optind, char * const submit_argv[], - char * const submit_envp[]); +/* Approval plugin convenience functions (some are public). */ +static void approval_show_version(int verbose); sudo_dso_public int main(int argc, char *argv[], char *envp[]); +static struct sudo_settings *sudo_settings; +static char * const *user_info, * const *submit_argv, * const *submit_envp; +static int submit_optind; + int main(int argc, char *argv[], char *envp[]) { int nargc, status = 0; - char **nargv, **env_add, **user_info; - char **command_info = NULL, **argv_out = NULL, **user_env_out = NULL; + char **nargv, **env_add; + char **command_info = NULL, **argv_out = NULL, **run_envp = NULL; const char * const allowed_prognames[] = { "sudo", "sudoedit", NULL }; - struct sudo_settings *settings; - int submit_optind; sigset_t mask; debug_decl_vars(main, SUDO_DEBUG_MAIN); @@ -186,7 +178,7 @@ if (sudo_conf_read(NULL, SUDO_CONF_DEBUG) == -1) exit(EXIT_FAILURE); sudo_debug_instance = sudo_debug_register(getprogname(), - NULL, NULL, sudo_conf_debug_files(getprogname())); + NULL, NULL, sudo_conf_debug_files(getprogname()), -1); if (sudo_debug_instance == SUDO_DEBUG_INSTANCE_ERROR) exit(EXIT_FAILURE); @@ -212,9 +204,11 @@ if (sudo_conf_disable_coredump()) disable_coredump(); - /* Parse command line arguments. */ + /* Parse command line arguments, preserving the original argv/envp. */ + submit_argv = argv; + submit_envp = envp; sudo_mode = parse_args(argc, argv, &submit_optind, &nargc, &nargv, - &settings, &env_add); + &sudo_settings, &env_add); sudo_debug_printf(SUDO_DEBUG_DEBUG, "sudo_mode %d", sudo_mode); /* Print sudo version early, in case of plugin init failure. */ @@ -237,21 +231,20 @@ /* Open policy and audit plugins. */ /* XXX - audit policy_open errors */ - audit_open(settings, user_info, submit_optind, argv, envp); - policy_open(settings, user_info, envp); + audit_open(); + policy_open(); switch (sudo_mode & MODE_MASK) { case MODE_VERSION: policy_show_version(!user_details.cred.uid); - iolog_show_version(!user_details.cred.uid, settings, user_info, - nargc, nargv, envp); - approval_show_version(!user_details.cred.uid, settings, user_info, - submit_optind, argv, envp); + iolog_show_version(!user_details.cred.uid, nargc, nargv, + submit_envp); + approval_show_version(!user_details.cred.uid); audit_show_version(!user_details.cred.uid); break; case MODE_VALIDATE: case MODE_VALIDATE|MODE_INVALIDATE: - policy_validate(nargv, envp); + policy_validate(nargv); break; case MODE_KILL: case MODE_INVALIDATE: @@ -262,12 +255,13 @@ case MODE_LIST: case MODE_LIST|MODE_INVALIDATE: policy_list(nargc, nargv, ISSET(sudo_mode, MODE_LONG_LIST), - list_user, envp); + list_user); break; case MODE_EDIT: case MODE_RUN: - policy_check(nargc, nargv, env_add, &command_info, &argv_out, - &user_env_out); + if (!policy_check(nargc, nargv, env_add, &command_info, &argv_out, + &run_envp)) + goto access_denied; /* Reset nargv/nargc based on argv_out. */ /* XXX - leaks old nargv in shell mode */ @@ -278,22 +272,23 @@ U_("plugin did not return a command to execute")); /* Approval plugins run after policy plugin accepts the command. */ - approval_check(settings, user_info, submit_optind, argv, envp, - command_info, nargv, user_env_out); + if (!approval_check(command_info, nargv, run_envp)) + goto access_denied; /* Open I/O plugin once policy and approval plugins succeed. */ - iolog_open(settings, user_info, command_info, nargc, nargv, - user_env_out); + if (!iolog_open(command_info, nargc, nargv, run_envp)) + goto access_denied; /* Audit the accept event on behalf of the sudo front-end. */ - audit_accept("sudo", SUDO_FRONT_END, command_info, - nargv, user_env_out); + if (!audit_accept("sudo", SUDO_FRONT_END, command_info, + nargv, run_envp)) + goto access_denied; /* Setup command details and run command/edit. */ command_info_to_details(command_info, &command_details); command_details.tty = user_details.tty; command_details.argv = argv_out; - command_details.envp = user_env_out; + command_details.envp = run_envp; command_details.evbase = sudo_event_base; if (ISSET(sudo_mode, MODE_LOGIN_SHELL)) SET(command_details.flags, CD_LOGIN_SHELL); @@ -326,12 +321,21 @@ sa.sa_handler = SIG_DFL; sigaction(WTERMSIG(status), &sa, NULL); sudo_debug_exit_int(__func__, __FILE__, __LINE__, sudo_debug_subsys, - WTERMSIG(status) | 128); + WTERMSIG(status) | 128); kill(getpid(), WTERMSIG(status)); } sudo_debug_exit_int(__func__, __FILE__, __LINE__, sudo_debug_subsys, WEXITSTATUS(status)); exit(WEXITSTATUS(status)); + +access_denied: + /* Policy/approval failure, close policy and audit plugins before exit. */ + if (policy_plugin.u.policy->version >= SUDO_API_MKVERSION(1, 15)) + policy_close(0, EACCES); + audit_close(SUDO_PLUGIN_NO_STATUS, 0); + sudo_debug_exit_int(__func__, __FILE__, __LINE__, sudo_debug_subsys, + EXIT_FAILURE); + exit(EXIT_FAILURE); } int @@ -396,9 +400,11 @@ if (cred->ngroups > 0) { cred->groups = reallocarray(NULL, cred->ngroups, sizeof(GETGROUPS_T)); if (cred->groups != NULL) { - /* No error on insufficient space if user specified max_groups. */ - (void)sudo_getgrouplist2(user, cred->gid, - &cred->groups, &cred->ngroups); + /* Clamp to max_groups if insufficient space for all groups. */ + if (sudo_getgrouplist2(user, cred->gid, &cred->groups, + &cred->ngroups) == -1) { + cred->ngroups = sudo_conf_max_groups(); + } ret = 0; } } else { @@ -441,7 +447,8 @@ cred->groups = reallocarray(NULL, cred->ngroups, sizeof(GETGROUPS_T)); if (cred->groups == NULL) goto done; - if (getgroups(cred->ngroups, cred->groups) < 0) { + cred->ngroups = getgroups(cred->ngroups, cred->groups); + if (cred->ngroups < 0) { sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_ERRNO, "%s: unable to get %d groups via getgroups()", __func__, cred->ngroups); @@ -490,8 +497,8 @@ static char ** get_user_info(struct user_details *ud) { - char *cp, **user_info, path[PATH_MAX]; - size_t user_info_max = 32 + RLIM_NLIMITS; + char *cp, **info, path[PATH_MAX]; + size_t info_max = 32 + RLIM_NLIMITS; unsigned int i = 0; mode_t mask; struct passwd *pw; @@ -514,8 +521,8 @@ memset(ud, 0, sizeof(*ud)); /* XXX - bound check number of entries */ - user_info = reallocarray(NULL, user_info_max, sizeof(char *)); - if (user_info == NULL) + info = reallocarray(NULL, info_max, sizeof(char *)); + if (info == NULL) goto oom; ud->pid = getpid(); @@ -545,10 +552,10 @@ if (pw == NULL) sudo_fatalx(U_("you do not exist in the %s database"), "passwd"); - user_info[i] = sudo_new_key_val("user", pw->pw_name); - if (user_info[i] == NULL) + info[i] = sudo_new_key_val("user", pw->pw_name); + if (info[i] == NULL) goto oom; - ud->username = user_info[i] + sizeof("user=") - 1; + ud->username = info[i] + sizeof("user=") - 1; /* Stash user's shell for use with the -s flag; don't pass to plugin. */ if ((ud->shell = getenv("SHELL")) == NULL || ud->shell[0] == '\0') { @@ -557,46 +564,46 @@ if ((ud->shell = strdup(ud->shell)) == NULL) goto oom; - if (asprintf(&user_info[++i], "pid=%d", (int)ud->pid) == -1) + if (asprintf(&info[++i], "pid=%d", (int)ud->pid) == -1) goto oom; - if (asprintf(&user_info[++i], "ppid=%d", (int)ud->ppid) == -1) + if (asprintf(&info[++i], "ppid=%d", (int)ud->ppid) == -1) goto oom; - if (asprintf(&user_info[++i], "pgid=%d", (int)ud->pgid) == -1) + if (asprintf(&info[++i], "pgid=%d", (int)ud->pgid) == -1) goto oom; - if (asprintf(&user_info[++i], "tcpgid=%d", (int)ud->tcpgid) == -1) + if (asprintf(&info[++i], "tcpgid=%d", (int)ud->tcpgid) == -1) goto oom; - if (asprintf(&user_info[++i], "sid=%d", (int)ud->sid) == -1) + if (asprintf(&info[++i], "sid=%d", (int)ud->sid) == -1) goto oom; - if (asprintf(&user_info[++i], "uid=%u", (unsigned int)ud->cred.uid) == -1) + if (asprintf(&info[++i], "uid=%u", (unsigned int)ud->cred.uid) == -1) goto oom; - if (asprintf(&user_info[++i], "euid=%u", (unsigned int)ud->cred.euid) == -1) + if (asprintf(&info[++i], "euid=%u", (unsigned int)ud->cred.euid) == -1) goto oom; - if (asprintf(&user_info[++i], "gid=%u", (unsigned int)ud->cred.gid) == -1) + if (asprintf(&info[++i], "gid=%u", (unsigned int)ud->cred.gid) == -1) goto oom; - if (asprintf(&user_info[++i], "egid=%u", (unsigned int)ud->cred.egid) == -1) + if (asprintf(&info[++i], "egid=%u", (unsigned int)ud->cred.egid) == -1) goto oom; if ((cp = get_user_groups(ud->username, &ud->cred)) == NULL) goto oom; - user_info[++i] = cp; + info[++i] = cp; mask = umask(0); umask(mask); - if (asprintf(&user_info[++i], "umask=0%o", (unsigned int)mask) == -1) + if (asprintf(&info[++i], "umask=0%o", (unsigned int)mask) == -1) goto oom; if (getcwd(path, sizeof(path)) != NULL) { - user_info[++i] = sudo_new_key_val("cwd", path); - if (user_info[i] == NULL) + info[++i] = sudo_new_key_val("cwd", path); + if (info[i] == NULL) goto oom; - ud->cwd = user_info[i] + sizeof("cwd=") - 1; + ud->cwd = info[i] + sizeof("cwd=") - 1; } if (get_process_ttyname(path, sizeof(path)) != NULL) { - user_info[++i] = sudo_new_key_val("tty", path); - if (user_info[i] == NULL) + info[++i] = sudo_new_key_val("tty", path); + if (info[i] == NULL) goto oom; - ud->tty = user_info[i] + sizeof("tty=") - 1; + ud->tty = info[i] + sizeof("tty=") - 1; } else { /* tty may not always be present */ if (errno != ENOENT) @@ -604,36 +611,36 @@ } cp = sudo_gethostname(); - user_info[++i] = sudo_new_key_val("host", cp ? cp : "localhost"); + info[++i] = sudo_new_key_val("host", cp ? cp : "localhost"); free(cp); - if (user_info[i] == NULL) + if (info[i] == NULL) goto oom; - ud->host = user_info[i] + sizeof("host=") - 1; + ud->host = info[i] + sizeof("host=") - 1; sudo_get_ttysize(&ud->ts_rows, &ud->ts_cols); - if (asprintf(&user_info[++i], "lines=%d", ud->ts_rows) == -1) + if (asprintf(&info[++i], "lines=%d", ud->ts_rows) == -1) goto oom; - if (asprintf(&user_info[++i], "cols=%d", ud->ts_cols) == -1) + if (asprintf(&info[++i], "cols=%d", ud->ts_cols) == -1) goto oom; - n = serialize_limits(&user_info[i + 1], user_info_max - (i + 1)); + n = serialize_rlimits(&info[i + 1], info_max - (i + 1)); if (n == -1) goto oom; i += n; - user_info[++i] = NULL; + info[++i] = NULL; /* Add to list of vectors to be garbage collected at exit. */ - if (!gc_add(GC_VECTOR, user_info)) + if (!gc_add(GC_VECTOR, info)) goto bad; - debug_return_ptr(user_info); + debug_return_ptr(info); oom: sudo_warnx(U_("%s: %s"), __func__, U_("unable to allocate memory")); bad: while (i--) - free(user_info[i]); - free(user_info); + free(info[i]); + free(info); debug_return_ptr(NULL); } @@ -721,8 +728,12 @@ break; } break; + case 'i': + SET_FLAG("intercept=", CD_INTERCEPT) + break; case 'l': SET_STRING("login_class=", login_class) + SET_FLAG("log_subcmds=", CD_LOG_SUBCMDS) break; case 'n': if (strncmp("nice=", info[i], sizeof("nice=") - 1) == 0) { @@ -745,6 +756,10 @@ } break; case 'r': + if (strncmp("rlimit_", info[i], sizeof("rlimit_") - 1) == 0) { + parse_policy_rlimit(info[i] + sizeof("rlimit_") - 1); + break; + } if (strncmp("runas_egid=", info[i], sizeof("runas_egid=") - 1) == 0) { cp = info[i] + sizeof("runas_egid=") - 1; id = sudo_strtoid(cp, &errstr); @@ -868,8 +883,12 @@ sudo_fatalx(U_("%s: %s"), __func__, U_("unable to allocate memory")); #ifdef HAVE_SELINUX - if (details->selinux_role != NULL && is_selinux_enabled() > 0) + if (details->selinux_role != NULL && is_selinux_enabled() > 0) { SET(details->flags, CD_RBAC_ENABLED); + i = selinux_getexeccon(details->selinux_role, details->selinux_type); + if (i != 0) + exit(EXIT_FAILURE); + } #endif debug_return; } @@ -883,6 +902,17 @@ debug_decl(sudo_check_suid, SUDO_DEBUG_PCOMM); if (geteuid() != ROOT_UID) { +#if defined(__linux__) && defined(PR_GET_NO_NEW_PRIVS) + /* The no_new_privs flag disables set-user-ID at execve(2) time. */ + if (prctl(PR_GET_NO_NEW_PRIVS, 0, 0, 0, 0) == 1) { + sudo_warnx("%s", U_("The \"no new privileges\" flag is set, which " + "prevents sudo from running as root.")); + sudo_warnx("%s", U_("If sudo is running in a container, you may need" + " to adjust the container configuration to disable the flag.")); + exit(EXIT_FAILURE); + } +#endif /* __linux__ && PR_GET_NO_NEW_PRIVS */ + /* Search for sudo binary in PATH if not fully qualified. */ qualified = strchr(sudo, '/') != NULL; if (!qualified) { @@ -1003,8 +1033,7 @@ * to consume. Returns a NULL-terminated plugin-style array of pairs. */ static char ** -format_plugin_settings(struct plugin_container *plugin, - struct sudo_settings *sudo_settings) +format_plugin_settings(struct plugin_container *plugin) { size_t plugin_settings_size; struct sudo_debug_file *debug_file; @@ -1062,8 +1091,7 @@ } static void -policy_open(struct sudo_settings *settings, char * const user_info[], - char * const user_env[]) +policy_open(void) { char **plugin_settings; const char *errstr = NULL; @@ -1071,7 +1099,7 @@ debug_decl(policy_open, SUDO_DEBUG_PCOMM); /* Convert struct sudo_settings to plugin_settings[] */ - plugin_settings = format_plugin_settings(&policy_plugin, settings); + plugin_settings = format_plugin_settings(&policy_plugin); if (plugin_settings == NULL) sudo_fatalx(U_("%s: %s"), __func__, U_("unable to allocate memory")); @@ -1084,11 +1112,11 @@ case SUDO_API_MKVERSION(1, 1): ok = policy_plugin.u.policy_1_0->open(policy_plugin.u.io_1_0->version, sudo_conversation_1_7, sudo_conversation_printf, plugin_settings, - user_info, user_env); + user_info, submit_envp); break; default: ok = policy_plugin.u.policy->open(SUDO_API_VERSION, sudo_conversation, - sudo_conversation_printf, plugin_settings, user_info, user_env, + sudo_conversation_printf, plugin_settings, user_info, submit_envp, policy_plugin.options, &errstr); } @@ -1154,10 +1182,9 @@ debug_return_int(ret); } -static void -policy_check(int argc, char * const argv[], - char *env_add[], char **command_info[], char **argv_out[], - char **user_env_out[]) +static bool +policy_check(int argc, char * const argv[], char *env_add[], + char **command_info[], char **run_argv[], char **run_envp[]) { const char *errstr = NULL; int ok; @@ -1169,7 +1196,7 @@ } sudo_debug_set_active_instance(policy_plugin.debug_instance); ok = policy_plugin.u.policy->check_policy(argc, argv, env_add, - command_info, argv_out, user_env_out, &errstr); + command_info, run_argv, run_envp, &errstr); sudo_debug_set_active_instance(sudo_debug_instance); sudo_debug_printf(SUDO_DEBUG_INFO, "policy plugin returns %d (%s)", ok, errstr ? errstr : ""); @@ -1191,22 +1218,14 @@ usage(); break; } - - /* Policy must be closed after auditing to avoid use after free. */ - if (policy_plugin.u.policy->version >= SUDO_API_MKVERSION(1, 15)) - policy_close(0, 0); - audit_close(SUDO_PLUGIN_NO_STATUS, 0); - exit(EXIT_FAILURE); /* policy plugin printed error message */ + debug_return_bool(false); } - audit_accept(policy_plugin.name, SUDO_POLICY_PLUGIN, *command_info, - *argv_out, *user_env_out); - - debug_return; + debug_return_bool(audit_accept(policy_plugin.name, SUDO_POLICY_PLUGIN, + *command_info, *run_argv, *run_envp)); } static void -policy_list(int argc, char * const argv[], int verbose, - const char *user, char * const envp[]) +policy_list(int argc, char * const argv[], int verbose, const char *user) { const char *errstr = NULL; /* TODO: add list_user */ @@ -1228,7 +1247,7 @@ switch (ok) { case 1: audit_accept(policy_plugin.name, SUDO_POLICY_PLUGIN, - command_info, argv, envp); + command_info, argv, submit_envp); break; case 0: audit_reject(policy_plugin.name, SUDO_POLICY_PLUGIN, @@ -1251,7 +1270,7 @@ } static void -policy_validate(char * const argv[], char * const envp[]) +policy_validate(char * const argv[]) { const char *errstr = NULL; char * const command_info[] = { @@ -1272,7 +1291,7 @@ switch (ok) { case 1: audit_accept(policy_plugin.name, SUDO_POLICY_PLUGIN, command_info, - argv, envp); + argv, submit_envp); break; case 0: audit_reject(policy_plugin.name, SUDO_POLICY_PLUGIN, @@ -1359,21 +1378,21 @@ details->info); } } + done: debug_return_int(ret); } static int -iolog_open_int(struct plugin_container *plugin, struct sudo_settings *settings, - char * const user_info[], char * const command_info[], - int argc, char * const argv[], char * const user_env[], const char **errstr) +iolog_open_int(struct plugin_container *plugin, char * const command_info[], + int argc, char * const argv[], char * const run_envp[], const char **errstr) { char **plugin_settings; int ret; debug_decl(iolog_open_int, SUDO_DEBUG_PCOMM); /* Convert struct sudo_settings to plugin_settings[] */ - plugin_settings = format_plugin_settings(plugin, settings); + plugin_settings = format_plugin_settings(plugin); if (plugin_settings == NULL) { sudo_warnx(U_("%s: %s"), __func__, U_("unable to allocate memory")); debug_return_int(-1); @@ -1387,17 +1406,17 @@ case SUDO_API_MKVERSION(1, 0): ret = plugin->u.io_1_0->open(plugin->u.io_1_0->version, sudo_conversation_1_7, sudo_conversation_printf, plugin_settings, - user_info, argc, argv, user_env); + user_info, argc, argv, run_envp); break; case SUDO_API_MKVERSION(1, 1): ret = plugin->u.io_1_1->open(plugin->u.io_1_1->version, sudo_conversation_1_7, sudo_conversation_printf, plugin_settings, - user_info, command_info, argc, argv, user_env); + user_info, command_info, argc, argv, run_envp); break; default: ret = plugin->u.io->open(SUDO_API_VERSION, sudo_conversation, sudo_conversation_printf, plugin_settings, user_info, command_info, - argc, argv, user_env, plugin->options, errstr); + argc, argv, run_envp, plugin->options, errstr); } /* Stash plugin debug instance ID if set in open() function. */ @@ -1407,38 +1426,38 @@ debug_return_int(ret); } -static void -iolog_open(struct sudo_settings *settings, char * const user_info[], - char * const command_info[], int argc, char * const argv[], - char * const user_env[]) +static bool +iolog_open(char * const command_info[], int argc, char * const argv[], + char * const run_envp[]) { struct plugin_container *plugin, *next; const char *errstr = NULL; debug_decl(iolog_open, SUDO_DEBUG_PCOMM); - /* XXX - iolog_open should audit errors */ TAILQ_FOREACH_SAFE(plugin, &io_plugins, entries, next) { - int ok = iolog_open_int(plugin, settings, user_info, - command_info, argc, argv, user_env, &errstr); + int ok = iolog_open_int(plugin, command_info, argc, argv, run_envp, + &errstr); switch (ok) { case 1: break; case 0: /* I/O plugin asked to be disabled, remove and free. */ - /* XXX - audit */ unlink_plugin(&io_plugins, plugin); break; case -2: usage(); break; default: - /* XXX - audit error */ - sudo_fatalx(U_("error initializing I/O plugin %s"), + sudo_warnx(U_("error initializing I/O plugin %s"), plugin->name); + audit_error(plugin->name, SUDO_IO_PLUGIN, + errstr ? errstr : _("error initializing I/O plugin"), + command_info); + debug_return_bool(false); } } - debug_return; + debug_return_bool(true); } static void @@ -1468,17 +1487,15 @@ } static void -iolog_show_version(int verbose, struct sudo_settings *settings, - char * const user_info[], int argc, char * const argv[], - char * const user_env[]) +iolog_show_version(int verbose, int argc, char * const argv[], + char * const envp[]) { const char *errstr = NULL; struct plugin_container *plugin; debug_decl(iolog_show_version, SUDO_DEBUG_PCOMM); TAILQ_FOREACH(plugin, &io_plugins, entries) { - int ok = iolog_open_int(plugin, settings, user_info, NULL, - argc, argv, user_env, &errstr); + int ok = iolog_open_int(plugin, NULL, argc, argv, envp, &errstr); if (ok != -1) { sudo_debug_set_active_instance(plugin->debug_instance); if (plugin->u.io->show_version != NULL) { @@ -1537,16 +1554,14 @@ } static int -audit_open_int(struct plugin_container *plugin, struct sudo_settings *settings, - char * const user_info[], int submit_optind, char * const submit_argv[], - char * const submit_envp[], const char **errstr) +audit_open_int(struct plugin_container *plugin, const char **errstr) { char **plugin_settings; int ret; debug_decl(audit_open_int, SUDO_DEBUG_PCOMM); /* Convert struct sudo_settings to plugin_settings[] */ - plugin_settings = format_plugin_settings(plugin, settings); + plugin_settings = format_plugin_settings(plugin); if (plugin_settings == NULL) { sudo_warnx(U_("%s: %s"), __func__, U_("unable to allocate memory")); debug_return_int(-1); @@ -1565,16 +1580,14 @@ } static void -audit_open(struct sudo_settings *settings, char * const user_info[], - int submit_optind, char * const submit_argv[], char * const submit_envp[]) +audit_open(void) { struct plugin_container *plugin, *next; const char *errstr = NULL; debug_decl(audit_open, SUDO_DEBUG_PCOMM); TAILQ_FOREACH_SAFE(plugin, &audit_plugins, entries, next) { - int ok = audit_open_int(plugin, settings, user_info, - submit_optind, submit_argv, submit_envp, &errstr); + int ok = audit_open_int(plugin, &errstr); switch (ok) { case 1: break; @@ -1636,12 +1649,13 @@ * Error from plugin or front-end. * The error will not be sent to plugin source, if specified. */ -static void +static bool audit_error2(struct plugin_container *source, const char *plugin_name, unsigned int plugin_type, const char *audit_msg, char * const command_info[]) { struct plugin_container *plugin; const char *errstr = NULL; + bool ret = true; int ok; debug_decl(audit_error2, SUDO_DEBUG_PCOMM); @@ -1667,10 +1681,11 @@ plugin->name, ok); sudo_warnx(U_("%s: unable to log error event%s%s"), plugin->name, errstr ? ": " : "", errstr ? errstr : ""); + ret = false; } } - debug_return; + debug_return_bool(ret); } /* @@ -1678,7 +1693,7 @@ * See command_info[] for additional info. * XXX - actual environment may be updated by policy_init_session(). */ -static void +bool audit_accept(const char *plugin_name, unsigned int plugin_type, char * const command_info[], char * const run_argv[], char * const run_envp[]) @@ -1703,26 +1718,26 @@ sudo_warnx(U_("%s: unable to log accept event%s%s"), plugin->name, errstr ? ": " : "", errstr ? errstr : ""); - /* Notify other audit plugins and exit. */ + /* Notify other audit plugins and return. */ audit_error2(plugin, plugin->name, SUDO_AUDIT_PLUGIN, errstr ? errstr : _("audit plugin error"), command_info); - audit_close(SUDO_PLUGIN_NO_STATUS, 0); - exit(EXIT_FAILURE); + debug_return_bool(false); } } - debug_return; + debug_return_bool(true); } /* * Command rejected by policy or I/O plugin. */ -void +bool audit_reject(const char *plugin_name, unsigned int plugin_type, const char *audit_msg, char * const command_info[]) { struct plugin_container *plugin; const char *errstr = NULL; + bool ret = true; int ok; debug_decl(audit_reject, SUDO_DEBUG_PCOMM); @@ -1744,26 +1759,28 @@ /* Notify other audit plugins. */ audit_error2(plugin, plugin->name, SUDO_AUDIT_PLUGIN, errstr ? errstr : _("audit plugin error"), command_info); + + ret = false; + break; } } - debug_return; + debug_return_bool(ret); } /* * Error from plugin or front-end. */ -void +bool audit_error(const char *plugin_name, unsigned int plugin_type, const char *audit_msg, char * const command_info[]) { - audit_error2(NULL, plugin_name, plugin_type, audit_msg, command_info); + return audit_error2(NULL, plugin_name, plugin_type, audit_msg, + command_info); } static int -approval_open_int(struct plugin_container *plugin, - struct sudo_settings *settings, char * const user_info[], - int submit_optind, char * const submit_argv[], char * const submit_envp[]) +approval_open_int(struct plugin_container *plugin) { char **plugin_settings; const char *errstr = NULL; @@ -1771,7 +1788,7 @@ debug_decl(approval_open_int, SUDO_DEBUG_PCOMM); /* Convert struct sudo_settings to plugin_settings[] */ - plugin_settings = format_plugin_settings(plugin, settings); + plugin_settings = format_plugin_settings(plugin); if (plugin_settings == NULL) sudo_fatalx(U_("%s: %s"), __func__, U_("unable to allocate memory")); @@ -1804,9 +1821,7 @@ } static void -approval_show_version(int verbose, struct sudo_settings *settings, - char * const user_info[], int submit_optind, char * const submit_argv[], - char * const submit_envp[]) +approval_show_version(int verbose) { struct plugin_container *plugin, *next; int ok; @@ -1819,8 +1834,7 @@ if (plugin->u.approval->show_version == NULL) continue; - ok = approval_open_int(plugin, settings, user_info, submit_optind, - submit_argv, submit_envp); + ok = approval_open_int(plugin); if (ok == 1) { /* Return value of show_version currently ignored. */ sudo_debug_set_active_instance(plugin->debug_instance); @@ -1839,10 +1853,8 @@ * This is a "one-shot" plugin that has no open/close and is only * called if the policy plugin accepts the command first. */ -static void -approval_check(struct sudo_settings *settings, char * const user_info[], - int submit_optind, char * const submit_argv[], char * const submit_envp[], - char * const command_info[], char * const run_argv[], +bool +approval_check(char * const command_info[], char * const run_argv[], char * const run_envp[]) { struct plugin_container *plugin, *next; @@ -1851,14 +1863,13 @@ debug_decl(approval_check, SUDO_DEBUG_PCOMM); /* - * Approval plugin us only open for the life of the check() call. + * Approval plugin is only open for the life of the check() call. */ TAILQ_FOREACH_SAFE(plugin, &approval_plugins, entries, next) { if (plugin->u.approval->check == NULL) continue; - ok = approval_open_int(plugin, settings, user_info, submit_optind, - submit_argv, submit_envp); + ok = approval_open_int(plugin); if (ok != 1) continue; @@ -1876,8 +1887,9 @@ command_info); break; case 1: - audit_accept(plugin->name, SUDO_APPROVAL_PLUGIN, command_info, - run_argv, run_envp); + if (!audit_accept(plugin->name, SUDO_APPROVAL_PLUGIN, command_info, + run_argv, run_envp)) + ok = -1; break; case -1: audit_error(plugin->name, SUDO_APPROVAL_PLUGIN, @@ -1896,16 +1908,11 @@ sudo_debug_set_active_instance(sudo_debug_instance); } - /* On error, close policy and audit plugins then exit. */ - if (ok != 1) { - if (policy_plugin.u.policy->version >= SUDO_API_MKVERSION(1, 15)) - policy_close(0, EPERM); - audit_close(SUDO_PLUGIN_NO_STATUS, 0); - exit(EXIT_FAILURE); /* approval plugin printed error message */ - } + if (ok != 1) + debug_return_bool(false); } - debug_return; + debug_return_bool(true); } static void diff -Nru sudo-1.9.5p2/src/sudo.h sudo-1.9.9/src/sudo.h --- sudo-1.9.5p2/src/sudo.h 2021-01-09 20:12:16.000000000 +0000 +++ sudo-1.9.9/src/sudo.h 2022-01-27 21:24:22.000000000 +0000 @@ -123,21 +123,23 @@ #define CD_SET_GID 0x000004 #define CD_SET_EGID 0x000008 #define CD_PRESERVE_GROUPS 0x000010 -#define CD_NOEXEC 0x000020 -#define CD_SET_PRIORITY 0x000040 -#define CD_SET_UMASK 0x000080 -#define CD_SET_TIMEOUT 0x000100 -#define CD_SUDOEDIT 0x000200 -#define CD_BACKGROUND 0x000400 -#define CD_RBAC_ENABLED 0x000800 -#define CD_USE_PTY 0x001000 -#define CD_SET_UTMP 0x002000 -#define CD_EXEC_BG 0x004000 -#define CD_SUDOEDIT_FOLLOW 0x008000 -#define CD_SUDOEDIT_CHECKDIR 0x010000 -#define CD_SET_GROUPS 0x020000 -#define CD_LOGIN_SHELL 0x040000 -#define CD_OVERRIDE_UMASK 0x080000 +#define CD_INTERCEPT 0x000020 +#define CD_NOEXEC 0x000040 +#define CD_SET_PRIORITY 0x000080 +#define CD_SET_UMASK 0x000100 +#define CD_SET_TIMEOUT 0x000200 +#define CD_SUDOEDIT 0x000400 +#define CD_BACKGROUND 0x000800 +#define CD_RBAC_ENABLED 0x001000 +#define CD_USE_PTY 0x002000 +#define CD_SET_UTMP 0x004000 +#define CD_EXEC_BG 0x008000 +#define CD_SUDOEDIT_FOLLOW 0x010000 +#define CD_SUDOEDIT_CHECKDIR 0x020000 +#define CD_SET_GROUPS 0x040000 +#define CD_LOGIN_SHELL 0x080000 +#define CD_OVERRIDE_UMASK 0x100000 +#define CD_LOG_SUBCMDS 0x200000 struct preserved_fd { TAILQ_ENTRY(preserved_fd) entries; @@ -221,10 +223,15 @@ bool gc_add(enum sudo_gc_types type, void *v); bool set_user_groups(struct command_details *details); struct sudo_plugin_event *sudo_plugin_event_alloc(void); -void audit_reject(const char *plugin_name, unsigned int plugin_type, +bool audit_accept(const char *plugin_name, unsigned int plugin_type, + char * const command_info[], char * const run_argv[], + char * const run_envp[]); +bool audit_reject(const char *plugin_name, unsigned int plugin_type, const char *audit_msg, char * const command_info[]); -void audit_error(const char *plugin_name, unsigned int plugin_type, +bool audit_error(const char *plugin_name, unsigned int plugin_type, const char *audit_msg, char * const command_info[]); +bool approval_check(char * const command_info[], char * const run_argv[], + char * const run_envp[]); extern const char *list_user; extern struct user_details user_details; extern int sudo_debug_instance; @@ -239,10 +246,11 @@ int os_init_openbsd(int argc, char *argv[], char *envp[]); /* selinux.c */ +int selinux_audit_role_change(void); +int selinux_getexeccon(const char *role, const char *type); +int selinux_relabel_tty(const char *ttyn, int ttyfd); int selinux_restore_tty(void); -int selinux_setup(const char *role, const char *type, const char *ttyn, - int ttyfd, bool label_tty); -int selinux_setcon(void); +int selinux_setexeccon(void); void selinux_execve(int fd, const char *path, char *const argv[], char *envp[], bool noexec); @@ -292,8 +300,10 @@ void disable_coredump(); void restore_limits(void); void restore_nproc(void); +void set_policy_rlimits(void); void unlimit_nproc(void); void unlimit_sudo(void); -int serialize_limits(char **info, size_t info_max); +int serialize_rlimits(char **info, size_t info_max); +bool parse_policy_rlimit(const char *str); #endif /* SUDO_SUDO_H */ diff -Nru sudo-1.9.5p2/src/sudo_edit.c sudo-1.9.9/src/sudo_edit.c --- sudo-1.9.5p2/src/sudo_edit.c 2021-01-12 01:48:04.000000000 +0000 +++ sudo-1.9.9/src/sudo_edit.c 2022-01-27 21:24:22.000000000 +0000 @@ -89,7 +89,8 @@ sudo_warnx(U_("%s: %s"), __func__, U_("unable to allocate memory")); debug_return_bool(false); } - if (getgroups(saved_cred.ngroups, saved_cred.groups) < 0) { + saved_cred.ngroups = getgroups(saved_cred.ngroups, saved_cred.groups); + if (saved_cred.ngroups < 0) { sudo_warn("%s", U_("unable to get group list")); free(saved_cred.groups); debug_return_bool(false); @@ -132,20 +133,17 @@ static int sudo_edit_mktemp(const char *ofile, char **tfile) { - const char *cp, *suff; + const char *base, *suff; int len, tfd; debug_decl(sudo_edit_mktemp, SUDO_DEBUG_EDIT); - if ((cp = strrchr(ofile, '/')) != NULL) - cp++; - else - cp = ofile; - suff = strrchr(cp, '.'); + base = sudo_basename(ofile); + suff = strrchr(base, '.'); if (suff != NULL) { len = asprintf(tfile, "%s/%.*sXXXXXXXX%s", edit_tmpdir, - (int)(size_t)(suff - cp), cp, suff); + (int)(size_t)(suff - base), base, suff); } else { - len = asprintf(tfile, "%s/%s.XXXXXXXX", edit_tmpdir, cp); + len = asprintf(tfile, "%s/%s.XXXXXXXX", edit_tmpdir, base); } if (len == -1) { sudo_warnx(U_("%s: %s"), __func__, U_("unable to allocate memory")); @@ -364,7 +362,7 @@ break; case 0: /* child runs sesh in new context */ - if (selinux_setcon() == 0) { + if (selinux_setexeccon() == 0) { switch_user(uid, gid, ngroups, groups); execve(sesh, argv, envp); } @@ -532,6 +530,8 @@ if (nfiles < 1) debug_return_int(0); + const int check_dir = ISSET(command_details->flags, CD_SUDOEDIT_CHECKDIR); + /* Construct common args for sesh */ sesh_nargs = 5 + (nfiles * 2) + 1; sesh_args = sesh_ap = reallocarray(NULL, sesh_nargs, sizeof(char *)); @@ -541,7 +541,7 @@ } *sesh_ap++ = "sesh"; *sesh_ap++ = "-e"; - if (ISSET(command_details->flags, CD_SUDOEDIT_CHECKDIR)) { + if (check_dir) { if ((user_str = selinux_fmt_sudo_user()) == NULL) { sudo_warnx(U_("%s: %s"), __func__, U_("unable to allocate memory")); goto done; @@ -584,7 +584,11 @@ if (tfd != -1) close(tfd); - if (sesh_ap - sesh_args > 3) { + /* + * check dir adds two more args to the array + */ + if ((!check_dir && sesh_ap - sesh_args > 3) + || (check_dir && sesh_ap - sesh_args > 5)) { /* Run sesh -e 1 ... */ error = selinux_run_helper(command_details->cred.uid, command_details->cred.gid, command_details->cred.ngroups, command_details->cred.groups, sesh_args, @@ -667,15 +671,6 @@ goto cleanup; } -#ifdef HAVE_SELINUX - /* Compute new SELinux security context. */ - if (ISSET(command_details->flags, CD_RBAC_ENABLED)) { - if (selinux_setup(command_details->selinux_role, - command_details->selinux_type, NULL, -1, false) != 0) - goto cleanup; - } -#endif - /* Copy editor files to temporaries. */ tf = calloc(nfiles, sizeof(*tf)); if (tf == NULL) { @@ -718,6 +713,10 @@ sudo_warn("%s", U_("unable to read the clock")); goto cleanup; } +#ifdef HAVE_SELINUX + if (ISSET(command_details->flags, CD_RBAC_ENABLED)) + selinux_audit_role_change(); +#endif memcpy(&saved_command_details, command_details, sizeof(struct command_details)); command_details->cred = user_details.cred; command_details->cred.euid = user_details.cred.uid; diff -Nru sudo-1.9.5p2/src/sudo_exec.h sudo-1.9.9/src/sudo_exec.h --- sudo-1.9.5p2/src/sudo_exec.h 2021-01-09 20:12:16.000000000 +0000 +++ sudo-1.9.9/src/sudo_exec.h 2022-01-27 21:24:22.000000000 +0000 @@ -79,21 +79,38 @@ #define SESH_ERR_NO_FILES 32 /* copy error, no files copied */ #define SESH_ERR_SOME_FILES 33 /* copy error, some files copied */ +#define INTERCEPT_FD_MIN 64 /* minimum fd so shell won't close it */ +#define MESSAGE_SIZE_MAX 2097152 /* 2Mib max intercept message size */ + +union sudo_token_un { + unsigned char u8[16]; + unsigned int u32[4]; + unsigned long long u64[2]; +}; + +#define sudo_token_isset(_t) ((_t).u64[0] || (_t).u64[1]) + /* * Symbols shared between exec.c, exec_nopty.c, exec_pty.c and exec_monitor.c */ struct command_details; struct command_status; +struct sudo_event_base; struct stat; /* exec.c */ -void exec_cmnd(struct command_details *details, int errfd); +void exec_cmnd(struct command_details *details, int intercept_fd, int errfd); void terminate_command(pid_t pid, bool use_pgrp); bool sudo_terminated(struct command_status *cstat); /* exec_common.c */ -int sudo_execve(int fd, const char *path, char *const argv[], char *envp[], bool noexec); +int sudo_execve(int fd, const char *path, char *const argv[], char *envp[], int intercept_fd, int flags); char **disable_execute(char *envp[], const char *dso); +char **enable_monitor(char *envp[], const char *dso); + +/* exec_intercept.c */ +bool intercept_setup(int fd, struct sudo_event_base *evbase, struct command_details *details); +void intercept_cleanup(void); /* exec_nopty.c */ void exec_nopty(struct command_details *details, struct command_status *cstat); @@ -105,11 +122,14 @@ extern int io_fds[6]; /* exec_monitor.c */ -int exec_monitor(struct command_details *details, sigset_t *omask, bool foreground, int backchannel); +int exec_monitor(struct command_details *details, sigset_t *omask, bool foreground, int backchannel, int intercept_fd); /* utmp.c */ bool utmp_login(const char *from_line, const char *to_line, int ttyfd, const char *user); bool utmp_logout(const char *line, int status); +/* exec_preload.c */ +char **sudo_preload_dso(char *envp[], const char *dso_file, int intercept_fd); + #endif /* SUDO_EXEC_H */ diff -Nru sudo-1.9.5p2/src/sudo_intercept.c sudo-1.9.9/src/sudo_intercept.c --- sudo-1.9.5p2/src/sudo_intercept.c 1970-01-01 00:00:00.000000000 +0000 +++ sudo-1.9.9/src/sudo_intercept.c 2022-01-27 21:24:07.000000000 +0000 @@ -0,0 +1,396 @@ +/* + * SPDX-License-Identifier: ISC + * + * Copyright (c) 2021 Todd C. Miller + * + * Permission to use, copy, modify, and distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR + * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN + * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF + * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + */ + +/* + * This is an open source non-commercial project. Dear PVS-Studio, please check it. + * PVS-Studio Static Code Analyzer for C, C++ and C#: http://www.viva64.com + */ + +#include + +#include +#include + +#include +#include +#include +#include +#include +#include +#include +#include +#ifdef HAVE_STDBOOL_H +# include +#else +# include "compat/stdbool.h" +#endif /* HAVE_STDBOOL_H */ +#if defined(HAVE_SHL_LOAD) +# include +#elif defined(HAVE_DLOPEN) +# include +#endif + +#include "sudo_compat.h" +#include "sudo_debug.h" +#include "sudo_util.h" +#include "pathnames.h" + +/* execl flavors */ +#define SUDO_EXECL 0x0 +#define SUDO_EXECLE 0x1 +#define SUDO_EXECLP 0x2 + +extern char **environ; +extern bool command_allowed(const char *cmnd, char * const argv[], char * const envp[], char **ncmnd, char ***nargv, char ***nenvp); + +typedef int (*sudo_fn_execve_t)(const char *, char *const *, char *const *); + +/* + * We do PATH resolution here rather than in the policy because we + * want to use the PATH in the current environment. + */ +static bool +resolve_path(const char *cmnd, char *out_cmnd, size_t out_size) +{ + struct stat sb; + int errval = ENOENT; + char path[PATH_MAX]; + char **p, *cp, *endp; + int dirlen, len; + + for (p = environ; (cp = *p) != NULL; p++) { + if (strncmp(cp, "PATH=", sizeof("PATH=") - 1) == 0) { + cp += sizeof("PATH=") - 1; + break; + } + } + if (cp == NULL) { + errno = ENOENT; + return false; + } + + endp = cp + strlen(cp); + while (cp < endp) { + char *colon = strchr(cp, ':'); + dirlen = colon ? (colon - cp) : (endp - cp); + if (dirlen == 0) { + /* empty PATH component is the same as "." */ + len = snprintf(path, sizeof(path), "./%s", cmnd); + } else { + len = snprintf(path, sizeof(path), "%.*s/%s", dirlen, cp, cmnd); + } + cp = colon ? colon + 1 : endp; + if (len >= ssizeof(path)) { + /* skip too long path */ + errval = ENAMETOOLONG; + continue; + } + + if (stat(path, &sb) == 0) { + if (strlcpy(out_cmnd, path, out_size) >= out_size) { + errval = ENAMETOOLONG; + break; + } + return true; + } + switch (errno) { + case EACCES: + errval = EACCES; + break; + case ELOOP: + case ENOTDIR: + case ENOENT: + break; + default: + return false; + } + } + errno = errval; + return false; +} + +static int +exec_wrapper(const char *cmnd, char * const argv[], char * const envp[], + bool is_execvp) +{ + char *ncmnd = NULL, **nargv = NULL, **nenvp = NULL; + char cmnd_buf[PATH_MAX]; + void *fn = NULL; + debug_decl(exec_wrapper, SUDO_DEBUG_EXEC); + + /* Only check PATH for the command for execlp/execvp/execvpe. */ + if (strchr(cmnd, '/') == NULL) { + if (!is_execvp) { + errno = ENOENT; + debug_return_int(-1); + } + if (!resolve_path(cmnd, cmnd_buf, sizeof(cmnd_buf))) { + debug_return_int(-1); + } + cmnd = cmnd_buf; + } + +# if defined(HAVE___INTERPOSE) + fn = execve; +# elif defined(HAVE_DLOPEN) + fn = dlsym(RTLD_NEXT, "execve"); +# elif defined(HAVE_SHL_LOAD) + fn = sudo_shl_get_next("execve", TYPE_PROCEDURE); +# endif + if (fn == NULL) { + errno = EACCES; + debug_return_int(-1); + } + + if (command_allowed(cmnd, argv, envp, &ncmnd, &nargv, &nenvp)) { + /* Execute the command using the "real" execve() function. */ + ((sudo_fn_execve_t)fn)(ncmnd, nargv, nenvp); + + /* Fall back to exec via shell for execvp and friends. */ + if (errno == ENOEXEC && is_execvp) { + int argc; + char **shargv; + + for (argc = 0; argv[argc] != NULL; argc++) + continue; + shargv = reallocarray(NULL, (argc + 2), sizeof(char *)); + if (shargv == NULL) + return -1; + shargv[0] = "sh"; + shargv[1] = ncmnd; + memcpy(shargv + 2, nargv + 1, argc * sizeof(char *)); + ((sudo_fn_execve_t)fn)(_PATH_SUDO_BSHELL, shargv, nenvp); + free(shargv); + } + } else { + errno = EACCES; + } + if (ncmnd != cmnd) + free(ncmnd); + if (nargv != argv) + free(nargv); + if (nenvp != envp) + free(nenvp); + + debug_return_int(-1); +} + +static int +execl_wrapper(int type, const char *name, const char *arg, va_list ap) +{ + char **argv, **envp = environ; + int argc = 1; + va_list ap2; + debug_decl(execl_wrapper, SUDO_DEBUG_EXEC); + + va_copy(ap2, ap); + while (va_arg(ap2, char *) != NULL) + argc++; + va_end(ap2); + argv = reallocarray(NULL, (argc + 1), sizeof(char *)); + if (argv == NULL) + debug_return_int(-1); + + argc = 0; + argv[argc++] = (char *)arg; + while ((argv[argc] = va_arg(ap, char *)) != NULL) + argc++; + if (type == SUDO_EXECLE) + envp = va_arg(ap, char **); + + exec_wrapper(name, argv, envp, type == SUDO_EXECLP); + free(argv); + + debug_return_int(-1); +} + +#ifdef HAVE___INTERPOSE +/* + * Mac OS X 10.4 and above has support for library symbol interposition. + * There is a good explanation of this in the Mac OS X Internals book. + */ +typedef struct interpose_s { + void *new_func; + void *orig_func; +} interpose_t; + +static int +my_execve(const char *cmnd, char * const argv[], char * const envp[]) +{ + return exec_wrapper(cmnd, argv, environ, false); +} + +static int +my_execv(const char *cmnd, char * const argv[]) +{ + return execve(cmnd, argv, environ); +} + +#ifdef HAVE_EXECVPE +static int +my_execvpe(const char *cmnd, char * const argv[], char * const envp[]) +{ + return exec_wrapper(cmnd, argv, envp, true); +} +#endif + +static int +my_execvp(const char *cmnd, char * const argv[]) +{ + return exec_wrapper(cmnd, argv, environ, true); +} + +static int +my_execl(const char *name, const char *arg, ...) +{ + va_list ap; + + va_start(ap, arg); + execl_wrapper(SUDO_EXECL, name, arg, ap); + va_end(ap); + + return -1; +} + +static int +my_execle(const char *name, const char *arg, ...) +{ + va_list ap; + + va_start(ap, arg); + execl_wrapper(SUDO_EXECLE, name, arg, ap); + va_end(ap); + + return -1; +} + +static int +my_execlp(const char *name, const char *arg, ...) +{ + va_list ap; + + va_start(ap, arg); + execl_wrapper(SUDO_EXECLP, name, arg, ap); + va_end(ap); + + return -1; +} + +/* Magic to tell dyld to do symbol interposition. */ +__attribute__((__used__)) static const interpose_t interposers[] +__attribute__((__section__("__DATA,__interpose"))) = { + { (void *)my_execl, (void *)execl }, + { (void *)my_execle, (void *)execle }, + { (void *)my_execlp, (void *)execlp }, + { (void *)my_execv, (void *)execv }, + { (void *)my_execve, (void *)execve }, + { (void *)my_execvp, (void *)execvp }, +#ifdef HAVE_EXECVPE + { (void *)my_execvpe, (void *)execvpe } +#endif +}; + +#else /* HAVE___INTERPOSE */ + +# if defined(HAVE_SHL_LOAD) +static void * +sudo_shl_get_next(const char *symbol, short type) +{ + const char *name, *myname; + struct shl_descriptor *desc; + void *fn = NULL; + int idx = 0; + debug_decl(sudo_shl_get_next, SUDO_DEBUG_EXEC); + + /* Search for symbol but skip this shared object. */ + /* XXX - could be set to a different path in sudo.conf */ + myname = sudo_basename(_PATH_SUDO_INTERCEPT); + while (shl_get(idx++, &desc) == 0) { + name = sudo_basename(desc->filename); + if (strcmp(name, myname) == 0) + continue; + if (shl_findsym(&desc->handle, symbol, type, &fn) == 0) + break; + } + + debug_return_ptr(fn); +} +# endif /* HAVE_SHL_LOAD */ + +sudo_dso_public int +execve(const char *cmnd, char * const argv[], char * const envp[]) +{ + return exec_wrapper(cmnd, argv, environ, false); +} + +sudo_dso_public int +execv(const char *cmnd, char * const argv[]) +{ + return execve(cmnd, argv, environ); +} + +#ifdef HAVE_EXECVPE +sudo_dso_public int +execvpe(const char *cmnd, char * const argv[], char * const envp[]) +{ + return exec_wrapper(cmnd, argv, envp, true); +} +#endif + +sudo_dso_public int +execvp(const char *cmnd, char * const argv[]) +{ + return exec_wrapper(cmnd, argv, environ, true); +} + +sudo_dso_public int +execl(const char *name, const char *arg, ...) +{ + va_list ap; + + va_start(ap, arg); + execl_wrapper(SUDO_EXECL, name, arg, ap); + va_end(ap); + + return -1; +} + +sudo_dso_public int +execle(const char *name, const char *arg, ...) +{ + va_list ap; + + va_start(ap, arg); + execl_wrapper(SUDO_EXECLE, name, arg, ap); + va_end(ap); + + return -1; +} + +sudo_dso_public int +execlp(const char *name, const char *arg, ...) +{ + va_list ap; + + va_start(ap, arg); + execl_wrapper(SUDO_EXECLP, name, arg, ap); + va_end(ap); + + return -1; +} +#endif /* HAVE___INTERPOSE) */ diff -Nru sudo-1.9.5p2/src/sudo_intercept_common.c sudo-1.9.9/src/sudo_intercept_common.c --- sudo-1.9.5p2/src/sudo_intercept_common.c 1970-01-01 00:00:00.000000000 +0000 +++ sudo-1.9.9/src/sudo_intercept_common.c 2022-01-27 21:24:06.000000000 +0000 @@ -0,0 +1,459 @@ +/* + * SPDX-License-Identifier: ISC + * + * Copyright (c) 2021 Todd C. Miller + * + * Permission to use, copy, modify, and distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR + * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN + * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF + * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + */ + +/* + * This is an open source non-commercial project. Dear PVS-Studio, please check it. + * PVS-Studio Static Code Analyzer for C, C++ and C#: http://www.viva64.com + */ + +#include + +#include +#include +#include + +#if defined(HAVE_STDINT_H) +# include +#elif defined(HAVE_INTTYPES_H) +# include +#endif +#include +#include +#include +#include +#include +#include +#include +#include +#include +#ifdef HAVE_STDBOOL_H +# include +#else +# include "compat/stdbool.h" +#endif /* HAVE_STDBOOL_H */ + +#include "sudo_compat.h" +#include "sudo_conf.h" +#include "sudo_debug.h" +#include "sudo_fatal.h" +#include "sudo_exec.h" +#include "sudo_gettext.h" +#include "sudo_util.h" +#include "intercept.pb-c.h" + +extern char **environ; + +static union sudo_token_un intercept_token; +static in_port_t intercept_port; + +/* Send entire request to sudo (blocking). */ +static bool +send_req(int sock, const void *buf, size_t len) +{ + const uint8_t *cp = buf; + ssize_t nwritten; + debug_decl(send_req, SUDO_DEBUG_EXEC); + + do { + nwritten = send(sock, cp, len, 0); + if (nwritten == -1) { + if (errno == EINTR) + continue; + debug_return_bool(false); + } + len -= nwritten; + cp += nwritten; + } while (len > 0); + + debug_return_bool(true); +} + +static bool +send_client_hello(int sock) +{ + InterceptRequest msg = INTERCEPT_REQUEST__INIT; + InterceptHello hello = INTERCEPT_HELLO__INIT; + uint8_t *buf = NULL; + uint32_t msg_len; + size_t len; + bool ret = false; + debug_decl(send_client_hello, SUDO_DEBUG_EXEC); + + /* Setup client hello. */ + hello.pid = getpid(); + msg.type_case = INTERCEPT_REQUEST__TYPE_HELLO;; + msg.u.hello = &hello; + + len = intercept_request__get_packed_size(&msg); + if (len > MESSAGE_SIZE_MAX) { + sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO, + "InterceptRequest too large: %zu", len); + goto done; + } + /* Wire message size is used for length encoding, precedes message. */ + msg_len = len; + len += sizeof(msg_len); + + if ((buf = malloc(len)) == NULL) { + sudo_warnx(U_("%s: %s"), __func__, U_("unable to allocate memory")); + goto done; + } + memcpy(buf, &msg_len, sizeof(msg_len)); + intercept_request__pack(&msg, buf + sizeof(msg_len)); + + ret = send_req(sock, buf, len); + +done: + free(buf); + debug_return_bool(ret); +} + +/* + * Receive InterceptResponse from sudo over fd. + */ +InterceptResponse * +recv_intercept_response(int fd) +{ + InterceptResponse *res = NULL; + ssize_t nread; + uint32_t rem, res_len; + uint8_t *cp, *buf = NULL; + debug_decl(recv_intercept_response, SUDO_DEBUG_EXEC); + + /* Read message size (uint32_t in host byte order). */ + nread = recv(fd, &res_len, sizeof(res_len), 0); + if ((size_t)nread != sizeof(res_len)) { + if (nread == 0) { + sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO, + "unexpected EOF reading response size"); + } else { + sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO|SUDO_DEBUG_ERRNO, + "error reading response size"); + } + goto done; + } + if (res_len > MESSAGE_SIZE_MAX) { + sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO, + "InterceptResponse too large: %u", res_len); + goto done; + } + + /* Read response from sudo (blocking). */ + if ((buf = malloc(res_len)) == NULL) { + goto done; + } + cp = buf; + rem = res_len; + do { + nread = recv(fd, cp, rem, 0); + switch (nread) { + case 0: + sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO, + "unexpected EOF reading response"); + goto done; + case -1: + if (errno == EINTR) + continue; + sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO|SUDO_DEBUG_ERRNO, + "error reading response"); + goto done; + default: + rem -= nread; + cp += nread; + break; + } + } while (rem > 0); + res = intercept_response__unpack(NULL, res_len, buf); + if (res == NULL) { + sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO, + "unable to unpack %s size %u", "InterceptResponse", res_len); + goto done; + } + +done: + free(buf); + debug_return_ptr(res); +} + +/* + * Look up SUDO_INTERCEPT_FD in the environment. + * This function is run when the shared library is loaded. + */ +__attribute__((constructor)) static void +sudo_interposer_init(void) +{ + InterceptResponse *res = NULL; + static bool initialized; + int fd = -1; + char **p; + debug_decl(sudo_interposer_init, SUDO_DEBUG_EXEC); + + if (initialized) + debug_return; + initialized = true; + + /* Read debug section of sudo.conf and init debugging. */ + if (sudo_conf_read(NULL, SUDO_CONF_DEBUG) != -1) { + sudo_debug_register("sudo_intercept.so", NULL, NULL, + sudo_conf_debug_files("sudo_intercept.so"), INTERCEPT_FD_MIN); + } + sudo_debug_enter(__func__, __FILE__, __LINE__, sudo_debug_subsys); + + /* + * Missing SUDO_INTERCEPT_FD will result in execve() failure. + * Note that we cannot use getenv(3) here on Linux at least. + */ + for (p = environ; *p != NULL; p++) { + if (strncmp(*p, "SUDO_INTERCEPT_FD=", sizeof("SUDO_INTERCEPT_FD=") -1) == 0) { + const char *fdstr = *p + sizeof("SUDO_INTERCEPT_FD=") - 1; + const char *errstr; + + sudo_debug_printf(SUDO_DEBUG_INFO|SUDO_DEBUG_LINENO, "%s", *p); + + fd = sudo_strtonum(fdstr, 0, INT_MAX, &errstr); + if (errstr != NULL) { + sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO, + "invalid SUDO_INTERCEPT_FD: %s: %s", fdstr, errstr); + goto done; + } + } + } + if (fd == -1) { + sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO, + "SUDO_INTERCEPT_FD not found in environment"); + goto done; + } + + /* + * Send InterceptHello message to over the fd. + */ + if (!send_client_hello(fd)) + goto done; + + res = recv_intercept_response(fd); + if (res != NULL) { + if (res->type_case == INTERCEPT_RESPONSE__TYPE_HELLO_RESP) { + intercept_token.u64[0] = res->u.hello_resp->token_lo; + intercept_token.u64[1] = res->u.hello_resp->token_hi; + intercept_port = res->u.hello_resp->portno; + } else { + sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO, + "unexpected type_case value %d in %s from %s", + res->type_case, "InterceptResponse", "sudo"); + } + intercept_response__free_unpacked(res, NULL); + } + +done: + if (fd != -1) + close(fd); + + debug_return; +} + +static bool +send_policy_check_req(int sock, const char *cmnd, char * const argv[], + char * const envp[]) +{ + InterceptRequest msg = INTERCEPT_REQUEST__INIT; + PolicyCheckRequest req = POLICY_CHECK_REQUEST__INIT; + char cwdbuf[PATH_MAX]; + uint8_t *buf = NULL; + bool ret = false; + uint32_t msg_len; + size_t len; + debug_decl(fmt_policy_check_req, SUDO_DEBUG_EXEC); + + /* Send token first (out of band) to initiate connection. */ + if (!send_req(sock, &intercept_token, sizeof(intercept_token))) { + sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO, + "unable to send token back to sudo"); + goto done; + } + + /* Setup policy check request. */ + req.intercept_fd = sock; + req.command = (char *)cmnd; + req.argv = (char **)argv; + for (len = 0; argv[len] != NULL; len++) + continue; + req.n_argv = len; + req.envp = (char **)envp; + for (len = 0; envp[len] != NULL; len++) + continue; + req.n_envp = len; + if (getcwd(cwdbuf, sizeof(cwdbuf)) != NULL) { + req.cwd = cwdbuf; + } + msg.type_case = INTERCEPT_REQUEST__TYPE_POLICY_CHECK_REQ; + msg.u.policy_check_req = &req; + + len = intercept_request__get_packed_size(&msg); + if (len > MESSAGE_SIZE_MAX) { + sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO, + "InterceptRequest too large: %zu", len); + goto done; + } + /* Wire message size is used for length encoding, precedes message. */ + msg_len = len; + len += sizeof(msg_len); + + if ((buf = malloc(len)) == NULL) { + sudo_warnx(U_("%s: %s"), __func__, U_("unable to allocate memory")); + goto done; + } + memcpy(buf, &msg_len, sizeof(msg_len)); + intercept_request__pack(&msg, buf + sizeof(msg_len)); + + ret = send_req(sock, buf, len); + +done: + free(buf); + debug_return_bool(ret); +} + +/* + * Connect back to sudo process at localhost:intercept_port + */ +static int +intercept_connect(void) +{ + int sock = -1; + struct sockaddr_in sin; + debug_decl(command_allowed, SUDO_DEBUG_EXEC); + + if (intercept_port == 0) { + sudo_warnx(U_("intercept port not set")); + goto done; + } + + memset(&sin, 0, sizeof(sin)); + sin.sin_family = AF_INET; + sin.sin_addr.s_addr = htonl(INADDR_LOOPBACK); + sin.sin_port = htons(intercept_port); + + sock = socket(AF_INET, SOCK_STREAM, 0); + if (sock == -1) { + sudo_warn("socket"); + goto done; + } + + if (connect(sock, (struct sockaddr *)&sin, sizeof(sin)) == -1) { + sudo_warn("connect"); + close(sock); + sock = -1; + goto done; + } + +done: + debug_return_int(sock); +} + +bool +command_allowed(const char *cmnd, char * const argv[], + char * const envp[], char **ncmndp, char ***nargvp, char ***nenvpp) +{ + char *ncmnd = NULL, **nargv = NULL, **nenvp = NULL; + InterceptResponse *res = NULL; + bool ret = false; + size_t idx, len = 0; + int sock; + debug_decl(command_allowed, SUDO_DEBUG_EXEC); + + if (sudo_debug_needed(SUDO_DEBUG_INFO)) { + sudo_debug_printf(SUDO_DEBUG_INFO|SUDO_DEBUG_LINENO, + "req_command: %s", cmnd); + for (idx = 0; argv[idx] != NULL; idx++) { + sudo_debug_printf(SUDO_DEBUG_INFO|SUDO_DEBUG_LINENO, + "req_argv[%zu]: %s", idx, argv[idx]); + } + } + + sock = intercept_connect(); + if (sock == -1) + goto done; + + if (!send_policy_check_req(sock, cmnd, argv, envp)) + goto done; + + res = recv_intercept_response(sock); + if (res == NULL) + goto done; + + switch (res->type_case) { + case INTERCEPT_RESPONSE__TYPE_ACCEPT_MSG: + if (sudo_debug_needed(SUDO_DEBUG_INFO)) { + sudo_debug_printf(SUDO_DEBUG_INFO|SUDO_DEBUG_LINENO, + "run_command: %s", res->u.accept_msg->run_command); + for (idx = 0; idx < res->u.accept_msg->n_run_argv; idx++) { + sudo_debug_printf(SUDO_DEBUG_INFO|SUDO_DEBUG_LINENO, + "run_argv[%zu]: %s", idx, res->u.accept_msg->run_argv[idx]); + } + } + ncmnd = strdup(res->u.accept_msg->run_command); + if (ncmnd == NULL) + goto oom; + nargv = reallocarray(NULL, res->u.accept_msg->n_run_argv + 1, + sizeof(char *)); + if (nargv == NULL) + goto oom; + for (len = 0; len < res->u.accept_msg->n_run_argv; len++) { + nargv[len] = strdup(res->u.accept_msg->run_argv[len]); + if (nargv[len] == NULL) + goto oom; + } + nargv[len] = NULL; + // XXX - bogus cast + nenvp = sudo_preload_dso((char **)envp, sudo_conf_intercept_path(), + sock); + if (nenvp == NULL) + goto oom; + *ncmndp = ncmnd; + *nargvp = nargv; + *nenvpp = nenvp; + ret = true; + goto done; + case INTERCEPT_RESPONSE__TYPE_REJECT_MSG: + /* Policy module displayed reject message but we are in raw mode. */ + fputc('\r', stderr); + goto done; + case INTERCEPT_RESPONSE__TYPE_ERROR_MSG: + /* Policy module may display error message but we are in raw mode. */ + fputc('\r', stderr); + sudo_warnx("%s", res->u.error_msg->error_message); + goto done; + default: + sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO, + "unexpected type_case value %d in %s from %s", + res->type_case, "InterceptResponse", "sudo"); + goto done; + } + +oom: + free(ncmnd); + while (len > 0) + free(nargv[--len]); + +done: + /* Keep socket open for ctor when we execute the command. */ + if (!ret && sock != -1) + close(sock); + intercept_response__free_unpacked(res, NULL); + + debug_return_bool(ret); +} diff -Nru sudo-1.9.5p2/src/sudo_noexec.c sudo-1.9.9/src/sudo_noexec.c --- sudo-1.9.5p2/src/sudo_noexec.c 2020-12-17 01:33:44.000000000 +0000 +++ sudo-1.9.9/src/sudo_noexec.c 2022-01-27 21:24:06.000000000 +0000 @@ -188,17 +188,10 @@ void *fn = NULL; int idx = 0; - name = strrchr(myname, '/'); - if (name != NULL) - myname = name + 1; - /* Search for wordexp() but skip this shared object. */ + myname = sudo_basename(myname); while (shl_get(idx++, &desc) == 0) { - name = strrchr(desc->filename, '/'); - if (name == NULL) - name = desc->filename; - else - name++; + name = sudo_basename(desc->filename); if (strcmp(name, myname) == 0) continue; if (shl_findsym(&desc->handle, "wordexp", TYPE_PROCEDURE, &fn) == 0) diff -Nru sudo-1.9.5p2/src/sudo_usage.h.in sudo-1.9.9/src/sudo_usage.h.in --- sudo-1.9.5p2/src/sudo_usage.h.in 2020-12-17 01:33:44.000000000 +0000 +++ sudo-1.9.9/src/sudo_usage.h.in 2022-01-27 21:24:07.000000000 +0000 @@ -24,11 +24,12 @@ * Usage strings for sudo. These are here because we * need to be able to substitute values from configure. */ +#define SUDO_USAGE0 " -h | -V" #define SUDO_USAGE1 " -h | -K | -k | -V" -#define SUDO_USAGE2 " -v [-AknS] @BSDAUTH_USAGE@[-g group] [-h host] [-p prompt] [-u user]" -#define SUDO_USAGE3 " -l [-AknS] @BSDAUTH_USAGE@[-g group] [-h host] [-p prompt] [-U user] [-u user] [command]" -#define SUDO_USAGE4 " [-AbEHknPS] @BSDAUTH_USAGE@@SELINUX_USAGE@[-C num] [-D directory] @LOGINCAP_USAGE@[-g group] [-h host] [-p prompt] [-R directory] [-T timeout] [-u user] [VAR=value] [-i|-s] []" -#define SUDO_USAGE5 " -e [-AknS] @BSDAUTH_USAGE@@SELINUX_USAGE@[-C num] @LOGINCAP_USAGE@[-D directory] [-g group] [-h host] [-p prompt] [-R directory] [-T timeout] [-u user] file ..." +#define SUDO_USAGE2 " -v [-ABknS] @BSDAUTH_USAGE@[-g group] [-h host] [-p prompt] [-u user]" +#define SUDO_USAGE3 " -l [-ABknS] @BSDAUTH_USAGE@[-g group] [-h host] [-p prompt] [-U user] [-u user] [command]" +#define SUDO_USAGE4 " [-ABbEHknPS] @BSDAUTH_USAGE@@SELINUX_USAGE@[-C num] [-D directory] @LOGINCAP_USAGE@[-g group] [-h host] [-p prompt] [-R directory] [-T timeout] [-u user] [VAR=value] [-i|-s] []" +#define SUDO_USAGE5 " -e [-ABknS] @BSDAUTH_USAGE@@SELINUX_USAGE@[-C num] @LOGINCAP_USAGE@[-D directory] [-g group] [-h host] [-p prompt] [-R directory] [-T timeout] [-u user] file ..." /* * Configure script arguments used to build sudo. diff -Nru sudo-1.9.5p2/src/tgetpass.c sudo-1.9.9/src/tgetpass.c --- sudo-1.9.5p2/src/tgetpass.c 2021-01-09 20:12:16.000000000 +0000 +++ sudo-1.9.9/src/tgetpass.c 2022-01-27 21:24:06.000000000 +0000 @@ -289,6 +289,7 @@ sudo_askpass(const char *askpass, const char *prompt) { static char buf[SUDO_CONV_REPL_MAX + 1], *pass; + struct sudo_cred *cred = &user_details.cred; struct sigaction sa, savechld; enum tgetpass_errval errval; int pfd[2], status; @@ -323,12 +324,18 @@ restore_limits(); /* But avoid a setuid() failure on Linux due to RLIMIT_NPROC. */ unlimit_nproc(); - if (setgid(user_details.cred.gid)) { - sudo_warn(U_("unable to set gid to %u"), (unsigned int)user_details.cred.gid); + if (setgid(cred->gid)) { + sudo_warn(U_("unable to set gid to %u"), (unsigned int)cred->gid); _exit(255); } - if (setuid(user_details.cred.uid)) { - sudo_warn(U_("unable to set uid to %u"), (unsigned int)user_details.cred.uid); + if (cred->ngroups != -1) { + if (sudo_setgroups(cred->ngroups, cred->groups) == -1) { + sudo_warn("%s", U_("unable to set supplementary group IDs")); + _exit(255); + } + } + if (setuid(cred->uid)) { + sudo_warn(U_("unable to set uid to %u"), (unsigned int)cred->uid); _exit(255); } restore_nproc(); diff -Nru sudo-1.9.5p2/src/ttyname.c sudo-1.9.9/src/ttyname.c --- sudo-1.9.5p2/src/ttyname.c 2021-01-09 20:12:16.000000000 +0000 +++ sudo-1.9.9/src/ttyname.c 2022-01-27 21:24:06.000000000 +0000 @@ -131,8 +131,8 @@ ret = sudo_ttyname_dev(ki_proc->sudo_kp_tdev, name, namelen); if (ret == NULL) { sudo_debug_printf(SUDO_DEBUG_WARN|SUDO_DEBUG_LINENO|SUDO_DEBUG_ERRNO, - "unable to map device number %u to name", - ki_proc->sudo_kp_tdev); + "unable to map device number %lu to name", + (unsigned long)ki_proc->sudo_kp_tdev); } } } else { diff -Nru sudo-1.9.5p2/src/utmp.c sudo-1.9.9/src/utmp.c --- sudo-1.9.5p2/src/utmp.c 2020-12-17 01:33:44.000000000 +0000 +++ sudo-1.9.9/src/utmp.c 2022-01-27 21:24:07.000000000 +0000 @@ -210,6 +210,7 @@ memset(&utbuf, 0, sizeof(utbuf)); strncpy(utbuf.ut_line, from_line, sizeof(utbuf.ut_line)); ut_old = sudo_getutline(&utbuf); + sudo_setutent(); } utmp_fill(to_line, user, ut_old, &utbuf); if (sudo_pututline(&utbuf) != NULL)